[Qemu-devel] [Bug 944645] Re: ARM: CORTEX M, ICI/IT bits in XPSR were not cleared then entering exception

Thu, 18 Oct 2012 15:56:11 -0700 

** Changed in: qemu
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/944645

Title:
  ARM: CORTEX M, ICI/IT bits in XPSR were not cleared then entering
  exception

Status in QEMU:
  Fix Released

Bug description:
  I have this error.

  qemu: fatal: Trying to execute code outside RAM or ROM at 0x10000000

  R00=e000ed04 R01=3f5e392e R02=000000ff R03=0000007e
  R04=20007038 R05=20003e30 R06=00000000 R07=00000003
  R08=00000000 R09=00012874 R10=10101010 R11=11111111
  R12=00000000 R13=200031d0 R14=fffffffd R15=10000000
  PSR=40000153 -Z-- A svc32

  I tried to figure out this situation. I have found that this happens
  then interrupt happens during execution of __eabi_fmul instruction
  somewhere in the middle of this block

  IN: 
  0x004212d4:  22ff       movs  r2, #255
  0x004212d6:  ea12 5cd0  ands.w        ip, r2, r0, lsr #23
  0x004212da:  bf1d       ittte ne
  0x004212dc:  ea12 53d1  andsne.w      r3, r2, r1, lsr #23
  0x004212e0:  4594       cmpne ip, r2
  0x004212e2:  4293       cmpne r3, r2
  0x004212e4:  e02b       beq.n 0x42133e

  purticulary then tcg where tring split this to 2 parts like this:

  IN: 
  0x004212d4:  22ff       movs  r2, #255
  0x004212d6:  ea12 5cd0  ands.w        ip, r2, r0, lsr #23
  0x004212da:  bf1d       ittte ne
  0x004212dc:  ea12 53d1  andsne.w      r3, r2, r1, lsr #23
  0x004212e0:  4594       cmpne ip, r2

  IN: 
  0x004212e2:  4293       cmpne r3, r2
  0x004212e4:  e02b       beq.n 0x42133e

  and the next interrupt handler prologue seem uses conditional
  instructions:

  IN: 
  0x00409170:  b580       push  {r7, lr}
  0x00409172:  485d       ldrne r0, [pc, #372]  (0x4092e8)
  0x00409174:  6800       ldrne r0, [r0, #0]
  0x00409176:  0700       lsleq r0, r0, #28
  0x00409178:  d530       bpl.n 0x4091dc

  
  If we will look in v7m reference manual
   in ExceptionTaken() stated:
         EPSR.IT<7:0> = 0x0; // IT/ICI bits cleared

  after I added 1 code line it looks it does not happen anymore.

         v7m_push(env, xpsr);
  +    xpsr_write(env, 0, CPSR_IT);

  I did some interrupt logs with and without modification:
  without:
  before enter at pc=424534 sp=2000642c osp=200031c8 type=28 xpsr=41000028
  before enter at pc=424534 sp=2000642c osp=200031c8 type=e xpsr=4100000e
  before enter at pc=4212e0 sp=20003e18 osp=200031c8 type=2f xpsr=4500182f  
<<--- it bits where not cleared
  on fault at pc=4091dc sp=200031d0 osp=20003df8 type=2f xpsr=4100002f
  qemu: fatal: Trying to execute code outside RAM or ROM at 0x10000000


  with:
  before enter at pc=424534 sp=2000642c osp=200031c8 type=e xpsr=4100000e
  before enter at pc=4212e0 sp=20003e18 osp=200031c8 type=2f xpsr=4500182f   
<<--- fault situation passed 
  before enter at pc=424534 sp=20003d80 osp=200031c8 type=e xpsr=4100000e

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/944645/+subscriptions

Reply via email to