The complete imm32 is computed by %imm24 26:s1 13:1 11:1 16:10 0:11 !function=t32_branch24
so that H appears at bit 1 in a->imm in trans_BLX_i. Returning false from any trans_* function means that the trans function did not match. In some cases, this means that the next possible matching pattern is tested. But in most cases, such as this one, we return all the way to disas_thumb2_insn, where we do in fact call unallocated_encoding. If you have a test case that fails, please provide it. -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1925512 Title: UNDEFINED case for instruction BLX Status in QEMU: Invalid Bug description: Hi I refer to the instruction BLX imm (T2 encoding) in ARMv7 (Thumb mode). 11110 S imm10H 11 J1 0 J2 imm10L H if H == '1' then UNDEFINED; I1 = NOT(J1 EOR S); I2 = NOT(J2 EOR S); imm32 = SignExtend(S:I1:I2:imm10H:imm10L:'00', 32); targetInstrSet = InstrSet_A32; if InITBlock() && !LastInITBlock() then UNPREDICTABLE; According to the manual, if H equals to 1, this instruction should be an UNDEFINED instruction. However, it seems QEMU does not check this constraint in function trans_BLX_i. Thanks Regards Muhui To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1925512/+subscriptions
