Hi I still feel QEMU's implementation is not right. Could you please check it again.
According to https://developer.arm.com/documentation/ddi0406/c /Application-Level-Architecture/Instruction-Details/Alphabetical-list- of-instructions/BL--BLX--immediate-?lang=en The encoding T2 for BLX is below: 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 1 1 1 1 0 S | imm10H | 1 1 J1 0 J2 | imm10L |H In the ASL of ARM, we have H == '1' then UNDEFINED; Symbol *H* represents the last bit of this instruction. I am not sure whether a->imm includes the symbol *H*. I double checked the file `t32.decode` and it seems so (It would be great if you can tell me what a->imm indeed represents in BLX). However, UNDEFINED means unallocated encoding in ARM manual. The right behavior might be something like below: if (s->thumb && (a->imm & 2)) { unallocated_encoding(s); return true; } Correct me if I am wrong. I can also provide test case if you need. Many Thanks Regards Muhui -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1925512 Title: UNDEFINED case for instruction BLX Status in QEMU: Invalid Bug description: Hi I refer to the instruction BLX imm (T2 encoding) in ARMv7 (Thumb mode). 11110 S imm10H 11 J1 0 J2 imm10L H if H == '1' then UNDEFINED; I1 = NOT(J1 EOR S); I2 = NOT(J2 EOR S); imm32 = SignExtend(S:I1:I2:imm10H:imm10L:'00', 32); targetInstrSet = InstrSet_A32; if InITBlock() && !LastInITBlock() then UNPREDICTABLE; According to the manual, if H equals to 1, this instruction should be an UNDEFINED instruction. However, it seems QEMU does not check this constraint in function trans_BLX_i. Thanks Regards Muhui To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1925512/+subscriptions
