On Tue, 4 Aug 2020 at 21:38, Richard Henderson
<richard.hender...@linaro.org> wrote:
>
> On 8/3/20 9:54 AM, Peter Maydell wrote:
> > + case 14:
> > + switch (mode) {
> > + case ARM_CPU_MODE_USR:
> > + case ARM_CPU_MODE_SYS:
> > + return 14;
> > + case ARM_CPU_MODE_HYP:
> > + return 16;
>
> Hyp uses LR_usr...
>
> > + case ARM_CPU_MODE_IRQ:
> > + return 18;
> > + case ARM_CPU_MODE_SVC:
> > + return 20;
> > + case ARM_CPU_MODE_ABT:
> > + return 22;
> > + case ARM_CPU_MODE_UND:
> > + return 24;
>
> ... making all of these off-by-2.
Yeah, this is the bug fixed in v2.
> > + case ARM_CPU_MODE_FIQ:
> > + return 30;
> > + default:
> > + g_assert_not_reached();
> > + }
> > + case 15:
> > + return 31;
>
> I don't see that R15 is mapped at all. Is this really reachable?
It is -- you can get Rt=0b1111 for MRC to APSR_nzcv (as well
as for various UNPREDICTABLE MCR etc cases that will get trapped
here that we have to do something sensible for). Rt=0b1111
is mapped to 0b11111 in the pseudocode (see
AArch64.AArch32SystemAccessTrapSyndrome()); it's just not
documented in the text (yet) that this is the required behaviour.
thanks
-- PMM
