diff options
Diffstat (limited to 'gitlab/issues/target_m68k/host_missing/accel_TCG')
5 files changed, 557 insertions, 0 deletions
diff --git a/gitlab/issues/target_m68k/host_missing/accel_TCG/1206.toml b/gitlab/issues/target_m68k/host_missing/accel_TCG/1206.toml new file mode 100644 index 00000000..9790618e --- /dev/null +++ b/gitlab/issues/target_m68k/host_missing/accel_TCG/1206.toml @@ -0,0 +1,108 @@ +id = 1206 +title = "68k: movew %sp@+,%sr does not restore USP if switching from Supervisor to User mode" +state = "closed" +created_at = "2022-09-13T13:23:07.584Z" +closed_at = "2022-09-21T19:43:28.644Z" +labels = ["Closed::Fixed", "accel: TCG", "kind::Bug", "target: m68k"] +url = "https://gitlab.com/qemu-project/qemu/-/issues/1206" +host-os = "Linux" +host-arch = "x86_64" +qemu-version = "git master" +guest-os = "N/A" +guest-arch = "68k" +description = """Debugging issues with MacOS under qemu-system-m68k shows that the `movew %sp@+,%sr` instruction does not restore USP if switching from Supervisor to User mode. I've created a reproducer at https://gitlab.com/mcayland/qemu/-/commits/68k-move-to-sr-bug ([diff from git master](https://gitlab.com/mcayland/qemu/-/commit/fbcd078946c0e582bf8f1ac9a5a3a31cda2e6c38.diff)) which uses the following code snippet: + +``` +0x40800000 in MYROM () +warning: shared library handler failed to enable breakpoint +(gdb) disas $pc $pc+0x20 +Dump of assembler code from 0x40800000 to 0x40800020: +0x40800000 <MYROM+0>: lea 0x6000,%a0 +0x40800006 <MYROM+6>: movel %a0,%usp +0x40800008 <MYROM+8>: movew %sr,%d0 +0x4080000a <MYROM+10>: andiw #8191,%d0 +0x4080000e <MYROM+14>: movew %d0,%sp@- +0x40800010 <MYROM+16>: movew %sp@+,%sr +0x40800012 <MYROM+18>: bras 0x40800012 <MYROM+18> +``` + +Initially the ISP is set to 0x1000 in supervisor mode: the code above loads 0x6000 into %usp, moves the SR register into d0, clears the supervisor bit, and pushes the new SR value onto the stack. Finally the `movew %sp@+,%sr` instruction is executed which switches from supervisor mode to user mode but the resulting %sp is still the ISP value and not the USP: + +``` +0x40800000 in MYROM () +warning: shared library handler failed to enable breakpoint +(gdb) stepi +0x40800006 in MYROM () +(gdb) +0x40800008 in MYROM () +(gdb) +0x4080000a in MYROM () +(gdb) +0x4080000e in MYROM () +(gdb) +0x40800010 in MYROM () +(gdb) +0x40800010 in MYROM () +(gdb) i r $ps $sp +ps 0x2700 9984 +sp 0xffe 0xffe +(gdb) stepi +0x40800012 in MYROM () +(gdb) i r $ps $sp +ps 0x700 1792 +sp 0x1000 0x1000 <-- should be 0x6000 +``` + +Analysis with gdb shows that the `set_sr` helper is calling `m68k_switch_sp()` correctly but the resulting value is not seen in the guest: + +``` +Thread 3 "qemu-system-m68" hit Breakpoint 1, m68k_switch_sp (env=0x62d000030ae0) at ../target/m68k/helper.c:462 +462 env->sp[env->current_sp] = env->aregs[7]; +(gdb) p/x env->aregs[7] +$1 = 0xffe +(gdb) n +463 if (m68k_feature(env, M68K_FEATURE_M68000)) { +(gdb) +464 if (env->sr & SR_S) { +(gdb) +472 new_sp = M68K_USP; +(gdb) +478 env->aregs[7] = env->sp[new_sp]; +(gdb) +479 env->current_sp = new_sp; +(gdb) +480 } +(gdb) p/x env->aregs[7] +$2 = 0x6000 +``` + +The bug seems to be caused by the post-increment operator clobbering the stack pointer with the ISP after the instruction has been translated: + +``` +IN: +0x40800010: movew %sp@+,%sr + +OP: + ld_i32 tmp0,env,$0xfffffffffffffff0 + brcond_i32 tmp0,$0x0,lt,$L0 + + ---- 40800010 00000000 + mov_i32 tmp0,$0x1 + st_i32 tmp0,env,$0xfffffffffffffc18 + qemu_ld_i32 tmp0,A7,leuw,0 + bswap16_i32 tmp0,tmp0,iz,oz + add_i32 tmp3,A7,$0x2 + call set_sr,$0x0,$0,env,tmp0 + mov_i32 CC_OP,$0x1 + mov_i32 PC,$0x40800012 + mov_i32 A7,tmp3 + exit_tb $0x0 + set_label $L0 + exit_tb $0x7fe118f30043 +``` + +Here tmp3 which is generated from the ISP is written back to A7 **after** `set_sr` has switched the stack pointer. This appears to be part of the `delay_set_areg` mechanism which was introduced in 8a1e52b69d ("target-m68k: Delay autoinc writeback"). + +From what I can see it isn't possible to easily change the order of the `set_sr` helper and applying the post-increment since the post-increment is handled automatically after the instruction is translated as part of `do_writebacks()`.""" +reproduce = "n/a" +additional = "n/a" diff --git a/gitlab/issues/target_m68k/host_missing/accel_TCG/2078.toml b/gitlab/issues/target_m68k/host_missing/accel_TCG/2078.toml new file mode 100644 index 00000000..601c77e1 --- /dev/null +++ b/gitlab/issues/target_m68k/host_missing/accel_TCG/2078.toml @@ -0,0 +1,42 @@ +id = 2078 +title = "Qemu crashes with SIGFPE on certain trapping arithmetic operations on m68k target" +state = "opened" +created_at = "2024-01-07T17:26:27.825Z" +closed_at = "n/a" +labels = ["accel: TCG", "target: m68k"] +url = "https://gitlab.com/qemu-project/qemu/-/issues/2078" +host-os = "NetBSD" +host-arch = "x86-64" +qemu-version = "QEMU emulator version 8.1.3" +guest-os = "NetBSD" +guest-arch = "m68k" +description = """I recently ported NetBSD to the Qemu m68k "virt" platform, and this was discovered when running NetBSD's automated tests. Certain arithmetic operation that will trap in the guest will crash Qemu. First case encountered is below.""" +reproduce = """1. Compile and run the following program in the m68k guest: + +``` +virt68k:thorpej 3$ cat crash-qemu.c +#include <limits.h> +#include <stdlib.h> + +int divisor = -1; + +int +main(int argc, char *argv[]) +{ + +\tif (argc > 1) +\t\tdivisor = atoi(argv[1]); + +\treturn INT_MIN / divisor; +} +virt68k:thorpej 4$ +``` + +Another minimal case would be: + +``` +move.l #-2147483648,%d0 +move.l #-1,%d1 +divsl.l %d1,%d1:%d0 +```""" +additional = """""" diff --git a/gitlab/issues/target_m68k/host_missing/accel_TCG/2249.toml b/gitlab/issues/target_m68k/host_missing/accel_TCG/2249.toml new file mode 100644 index 00000000..e7257629 --- /dev/null +++ b/gitlab/issues/target_m68k/host_missing/accel_TCG/2249.toml @@ -0,0 +1,41 @@ +id = 2249 +title = "[qemu-system-m68k] [q800] Ishar 1 makes Qemu crash" +state = "opened" +created_at = "2024-03-28T14:06:02.239Z" +closed_at = "n/a" +labels = ["accel: TCG", "kind::Bug", "target: m68k"] +url = "https://gitlab.com/qemu-project/qemu/-/issues/2249" +host-os = "Lubuntu 22.04" +host-arch = "x86_64" +qemu-version = "QEMU emulator version 8.2.50" +guest-os = "Macintosh System 7.1" +guest-arch = "Motorola 68000" +description = """qemu-system-m68k crashes when running the classic RPG game "Ishar", this is what can be seen on the TTY console on the host system: + +``` +qemu: fatal: DOUBLE MMU FAULT + +D0 = 000000af A0 = 000b91d2 F0 = 7fff ffffffffffffffff ( nan) +D1 = 00000074 A1 = 50f02000 F1 = 7fff ffffffffffffffff ( nan) +D2 = 00000000 A2 = 00067274 F2 = 7fff ffffffffffffffff ( nan) +D3 = f7f6f600 A3 = 40809be0 F3 = 7fff ffffffffffffffff ( nan) +D4 = f8ff2a2a A4 = 00000000 F4 = 7fff ffffffffffffffff ( nan) +D5 = 54aa0027 A5 = 007ef2b8 F5 = 7fff ffffffffffffffff ( nan) +D6 = 0000000a A6 = 000001e3 F6 = 7fff ffffffffffffffff ( nan) +D7 = ffffffe6 A7 = 0000000a F7 = 7fff ffffffffffffffff ( nan) +PC = 00067288 SR = 2218 T:0 I:2 SI XN--- +FPSR = 00000000 ---- + FPCR = 0000 X RN + A7(MSP) = 00000000 A7(USP) = 00000000 ->A7(ISP) = 0000000a +VBR = 0x00000000 +SFC = 0 DFC 5 +SSW 00000445 TCR 0000c000 URP 00000000 SRP 01ff6c00 +DTTR0/1: 00000000/00000000 ITTR0/1: 00000000/00000000 +MMUSR 00000000, fault at fffffffe +./mac: line 5: 806788 Aborted (core dumped) qemu-system-m68k -M q800 -m 32 -bios q800.rom -display sdl -audio driver=alsa -device scsi-hd,scsi-id=0,drive=hd0 -drive file=system71.img,media=disk,format=raw,if=none,id=hd0 -display sdl +```""" +reproduce = """1. Download Ishar 1 Color version (available in https://www.grenier-du-mac.net/fiches/Jeux/ishar1.htm, on the lower part of the page). +2. Copy it to the emulated system and decompress the .sit archive with Stuffit Expander 5.5 +3. Run the game by clicking on it's icon and clicking on "Commandes->Jouer" or pressing Command+J +4. Watch it making qemu-system-m68k crash'n burn!""" +additional = """The same game works fine on current MAME Mac II/Ci emulation, etc.""" diff --git a/gitlab/issues/target_m68k/host_missing/accel_TCG/2290.toml b/gitlab/issues/target_m68k/host_missing/accel_TCG/2290.toml new file mode 100644 index 00000000..3e0c124c --- /dev/null +++ b/gitlab/issues/target_m68k/host_missing/accel_TCG/2290.toml @@ -0,0 +1,151 @@ +id = 2290 +title = "Wrong multiplication result of 'long double' on m68k" +state = "closed" +created_at = "2024-04-18T11:31:12.121Z" +closed_at = "2024-04-18T22:26:41.012Z" +labels = ["Softfloat", "Stable::to backport", "accel: TCG", "kind::Bug", "target: m68k"] +url = "https://gitlab.com/qemu-project/qemu/-/issues/2290" +host-os = "Ubuntu 22.04" +host-arch = "x86_64" +qemu-version = "8.1.2" +guest-os = "Debian 12" +guest-arch = "m68k" +description = """In both x86 and m68k, 'long double' is an 80-bit format consisting of + - 1 bit sign, 15 bits exponent, + - 1 explicit 1 bit, 63 fraction bits. + +According to <https://en.wikipedia.org/wiki/Extended_precision> and +<https://www.nxp.com/docs/en/reference-manual/M68000PRM.pdf> table 1-6 (page 1-23), with two differences: + - In m68k, there are 16 zero bits as filler after the sign/exponent + word, so that the total size is 96 bits. + - In x86, the minimum exponent of normalized numbers is 1; + in m68k, the minimum exponent of normalized numbers is 0. + +The latter difference is reflected in the values of LDBL_MIN_EXP and +LDBL_MIN in gcc: + +In x86: +``` +$ echo '#include <float.h>' | gcc -E -dM - | grep __LDBL_MIN_EXP_ +#define LDBL_MIN_EXP __LDBL_MIN_EXP__ +#define __LDBL_MIN_EXP__ (-16381) +$ echo '#include <float.h>' | gcc -E -dM - | grep __LDBL_MIN__ +#define __LDBL_MIN__ 3.36210314311209350626267781732175260e-4932L +#define LDBL_MIN __LDBL_MIN__ +``` +In m68k (I use Debian 12/Linux): +``` +$ echo '#include <float.h>' | gcc -E -dM - | grep __LDBL_MIN_EXP_ +#define LDBL_MIN_EXP __LDBL_MIN_EXP__ +#define __LDBL_MIN_EXP__ (-16382) +$ echo '#include <float.h>' | gcc -E -dM - | grep __LDBL_MIN__ +#define __LDBL_MIN__ 1.68105157155604675313e-4932L +#define LDBL_MIN __LDBL_MIN__ +```""" +reproduce = """Take this program, foo.c: +``` +/* Show extended-precision https://en.wikipedia.org/wiki/Extended_precision + multiplication bug in QEMU. */ + +#include <stdio.h> + +static void +show (const long double *p) +{ +#ifdef __m68k__ + printf("<S,E: 0x%08X M: 0x%08X%08X>", + ((const unsigned int *) p)[0], + ((const unsigned int *) p)[1], + ((const unsigned int *) p)[2]); +#else /* x86 */ + printf("<S,E: 0x%04X M: 0x%08X%08X>", + ((const unsigned short *) p)[4], + ((const unsigned int *) p)[1], + ((const unsigned int *) p)[0]); +#endif + printf (" = %La = %Lg", *p, *p); +} + +static void +show_mult (long double a, long double b) +{ + printf ("Factors: "); + show (&a); + printf ("\\n and: "); + show (&b); + long double c = a * b; + printf ("\\nProduct: "); + show (&c); + printf ("\\n\\n"); +} + +/* Return 2^n. */ +static long double +pow2l (int n) +{ + int k = n; + volatile long double x = 1; + volatile long double y = 2; + /* Invariant: 2^n == x * y^k. */ + if (k < 0) + { + y = 0.5L; + k = - k; + } + while (k > 0) + { + if (k != 2 * (k / 2)) + { + x = x * y; + k = k - 1; + } + if (k == 0) + break; + y = y * y; + k = k / 2; + } + /* Now k == 0, hence x == 2^n. */ + return x; +} + +int main () +{ + show_mult (pow2l (-16382), 0.5L); + show_mult (pow2l (-16381), 0.25L); + return 0; +} +``` +Its output on x86: +``` +$ ./a.out +Factors: <S,E: 0x0001 M: 0x8000000000000000> = 0x8p-16385 = 3.3621e-4932 + and: <S,E: 0x3FFE M: 0x8000000000000000> = 0x8p-4 = 0.5 +Product: <S,E: 0x0000 M: 0x4000000000000000> = 0x4p-16385 = 1.68105e-4932 + +Factors: <S,E: 0x0002 M: 0x8000000000000000> = 0x8p-16384 = 6.72421e-4932 + and: <S,E: 0x3FFD M: 0x8000000000000000> = 0x8p-5 = 0.25 +Product: <S,E: 0x0000 M: 0x4000000000000000> = 0x4p-16385 = 1.68105e-4932 +``` +Its output on m68k: +``` +$ ./a.out +Factors: <S,E: 0x00010000 M: 0x8000000000000000> = 0x8p-16385 = 3.3621e-4932 + and: <S,E: 0x3FFE0000 M: 0x8000000000000000> = 0x8p-4 = 0.5 +Product: <S,E: 0x00000000 M: 0x4000000000000000> = 0x4p-16386 = 8.40526e-4933 + +Factors: <S,E: 0x00020000 M: 0x8000000000000000> = 0x8p-16384 = 6.72421e-4932 + and: <S,E: 0x3FFD0000 M: 0x8000000000000000> = 0x8p-5 = 0.25 +Product: <S,E: 0x00000000 M: 0x4000000000000000> = 0x4p-16386 = 8.40526e-4933 +``` +The product, computed by QEMU, is incorrect. It is only half as large as the +correct value. The expected output should be: +``` +Factors: <S,E: 0x00010000 M: 0x8000000000000000> = 0x8p-16385 = 3.3621e-4932 + and: <S,E: 0x3FFE0000 M: 0x8000000000000000> = 0x8p-4 = 0.5 +Product: <S,E: 0x00000000 M: 0x8000000000000000> = 0x8p-16386 = 1.68105e-4932 + +Factors: <S,E: 0x00020000 M: 0x8000000000000000> = 0x8p-16384 = 6.72421e-4932 + and: <S,E: 0x3FFD0000 M: 0x8000000000000000> = 0x8p-5 = 0.25 +Product: <S,E: 0x00000000 M: 0x8000000000000000> = 0x8p-16386 = 1.68105e-4932 +```""" +additional = """In QEMU's source code, I would guess that this multiplication is performed by the `floatx80_mul` function.""" diff --git a/gitlab/issues/target_m68k/host_missing/accel_TCG/754.toml b/gitlab/issues/target_m68k/host_missing/accel_TCG/754.toml new file mode 100644 index 00000000..a89c0f39 --- /dev/null +++ b/gitlab/issues/target_m68k/host_missing/accel_TCG/754.toml @@ -0,0 +1,215 @@ +id = 754 +title = "qem_m68k : trapcs instruction causes the non-execution of the following 2 instructions" +state = "closed" +created_at = "2021-11-30T08:11:39.401Z" +closed_at = "2022-06-02T14:59:58.361Z" +labels = ["Closed::Fixed", "accel: TCG", "kind::Bug", "target: m68k"] +url = "https://gitlab.com/qemu-project/qemu/-/issues/754" +host-os = "Debian" +host-arch = "(x86, ARM, s390x, etc.)" +qemu-version = "(e.g. `qemu-system-x86_64 --version`)" +guest-os = "Debian" +guest-arch = "(x86, ARM, s390x, etc.)" +description = """In try to run following code : +``` +8004615a:\t204f \tmoveal %sp,%a0 +8004615c:\tb1c7 \tcmpal %d7,%a0 +8004615e:\t55fc \ttrapcs +80046160:\t4e56 0000 \tlinkw %fp,#0 +80046164:\t2f14 \tmovel %a4@,%sp@- +80046166:\t288e \tmovel %fp,%a4@ +80046168:\tc74d \texg %a3,%a5 +8004616a:\t48e7 3030 \tmoveml %d2-%d3/%a2-%a3,%sp@- +8004616e:\t7001 \tmoveq #1,%d0 +80046170:\t3b40 816c \tmovew %d0,%a5@(-32404) +80046174:\t7218 \tmoveq #24,%d1 +80046176:\t3b41 816a \tmovew %d1,%a5@(-32406) +8004617a:\t242d 8004 \tmovel %a5@(-32764),%d2 +8004617e:\t2b42 815c \tmovel %d2,%a5@(-32420) +80046182:\t206d 8008 \tmoveal %a5@(-32760),%a0 +80046186:\t2268 8010 \tmoveal %a0@(-32752),%a1 +8004618a:\t2b49 8158 \tmovel %a1,%a5@(-32424) +8004618e:\t42ad 8154 \tclrl %a5@(-32428) +80046192:\t246d 8154 \tmoveal %a5@(-32428),%a2 +80046196:\t2b4a 8160 \tmovel %a2,%a5@(-32416) +8004619a:\t2b4a 8164 \tmovel %a2,%a5@(-32412) +8004619e:\t422d 8168 \tclrb %a5@(-32408) +800461a2:\t7604 \tmoveq #4,%d3 +800461a4:\t2b43 8150 \tmovel %d3,%a5@(-32432) +800461a8:\t2668 8010 \tmoveal %a0@(-32752),%a3 +800461ac:\t2b4b 814c \tmovel %a3,%a5@(-32436) +800461b0:\t2268 8010 \tmoveal %a0@(-32752),%a1 +800461b4:\t266d 8008 \tmoveal %a5@(-32760),%a3 +800461b8:\t206b 8008 \tmoveal %a3@(-32760),%a0 +800461bc:\t4e90 \tjsr %a0@ +800461be:\t2b48 8148 \tmovel %a0,%a5@(-32440) +800461c2:\t4cdf 0c0c \tmoveml %sp@+,%d2-%d3/%a2-%a3 +800461c6:\tc74d \texg %a3,%a5 +800461c8:\t289f \tmovel %sp@+,%a4@ +800461ca:\t4e5e \tunlk %fp +800461cc:\t4e75 \trts +``` +When I run qemu-m68k -cpu m68020 -d in_asm,cpu, I have : +``` +---------------- +IN: +0x8004615a: moveal %sp,%a0 +0x8004615c: cmpal %d7,%a0 +0x8004615e: trapcs +0x80046160: linkw %fp,#0 +0x80046164: movel %a4@,%sp@- +0x80046166: movel %fp,%a4@ +0x80046168: exg %a3,%a5 +0x8004616a: moveml %d2-%d3/%a2-%a3,%sp@- +0x8004616e: moveq #1,%d0 +0x80046170: movew %d0,%a5@(-32404) +0x80046174: moveq #24,%d1 +0x80046176: movew %d1,%a5@(-32406) +0x8004617a: movel %a5@(-32764),%d2 +0x8004617e: movel %d2,%a5@(-32420) +0x80046182: moveal %a5@(-32760),%a0 +0x80046186: moveal %a0@(-32752),%a1 +0x8004618a: movel %a1,%a5@(-32424) +0x8004618e: clrl %a5@(-32428) +0x80046192: moveal %a5@(-32428),%a2 +0x80046196: movel %a2,%a5@(-32416) +0x8004619a: movel %a2,%a5@(-32412) +0x8004619e: clrb %a5@(-32408) +0x800461a2: moveq #4,%d3 +0x800461a4: movel %d3,%a5@(-32432) +0x800461a8: moveal %a0@(-32752),%a3 +0x800461ac: movel %a3,%a5@(-32436) +0x800461b0: moveal %a0@(-32752),%a1 +0x800461b4: moveal %a5@(-32760),%a3 +0x800461b8: moveal %a3@(-32760),%a0 +0x800461bc: jsr %a0@ + +Trace 0: 0x7f83a807e780 [00000000/8004615a/00000000/00000000] +D0 = 00000012 A0 = 8004615a F0 = 7fff ffffffffffffffff ( nan) +D1 = 00000001 A1 = 800466d6 F1 = 7fff ffffffffffffffff ( nan) +D2 = 00000000 A2 = 00000000 F2 = 7fff ffffffffffffffff ( nan) +D3 = 00000000 A3 = 8000c3b0 F3 = 7fff ffffffffffffffff ( nan) +D4 = 00000000 A4 = 8004604c F4 = 7fff ffffffffffffffff ( nan) +D5 = 00000000 A5 = 3ffd7000 F5 = 7fff ffffffffffffffff ( nan) +D6 = 00000004 A6 = 80046038 F6 = 7fff ffffffffffffffff ( nan) +D7 = 80042050 A7 = 80045ff4 F7 = 7fff ffffffffffffffff ( nan) +PC SR = 0004 T:0 I:0 UI --Z-- +FPSR = 00000000 ---- + FPCR = 0000 X RN +\t\t\t\t\t\t\t\t + +---------------- +IN: +0x80046358: lea %a1@(0,%d0:l),%a0 +0x8004635c: rts + +Trace 0: 0x7f83a807eac0 [00000000/80046358/00000000/00000000] +D0 = 00000001 A0 = 80046358 F0 = 7fff ffffffffffffffff ( nan) +D1 = 00000018 A1 = 00000000 F1 = 7fff ffffffffffffffff ( nan) +D2 = ffffffff A2 = 00000000 F2 = 7fff ffffffffffffffff ( nan) +D3 = 00000004 A3 = 8000c040 F3 = 7fff ffffffffffffffff ( nan) +D4 = 00000000 A4 = 8004604c F4 = 7fff ffffffffffffffff ( nan) +D5 = 00000000 A5 = 8000c3b0 F5 = 7fff ffffffffffffffff ( nan) +D6 = 00000004 A6 = 80046038 F6 = 7fff ffffffffffffffff ( nan) +D7 = 80042050 A7 = 80045fe0 F7 = 7fff ffffffffffffffff ( nan) +PC = 80046358 SR = 0004 T:0 I:0 UI --Z-- +FPSR = 00000000 ---- + FPCR = 0000 X RN +---------------- +``` +Stack pointer is 80045fe0, it should be 80045FD8. + +When I run with options -cpu m68020 -d in_asm,cpu,op -singlestep, I have : +``` +---------------- +IN: +0x8004615e: trapcs +0x80046160: linkw %fp,#0 +Disassembler disagrees with translator over instruction decoding +Please report this to qemu-devel@nongnu.org + +OP: + ld_i32 tmp0,env,$0xfffffffffffffff8 + brcond_i32 tmp0,$0x0,lt,$L0 + + ---- 8004615e 00000000 + mov_i32 tmp0,$0x0 + call flush_flags,$0x0,$0,env,CC_OP + setcond_i32 tmp2,CC_C,tmp0,ne + neg_i32 tmp2,tmp2 + mov_i32 tmp0,$0x56 + mov_i32 PC,$0x80046162 + exit_tb $0x0 + set_label $L0 + exit_tb $0x7fba001a75c3 + +D0 = 00000012 A0 = 80045ff4 F0 = 7fff ffffffffffffffff ( nan) +D1 = 00000001 A1 = 800466d6 F1 = 7fff ffffffffffffffff ( nan) +D2 = 00000000 A2 = 00000000 F2 = 7fff ffffffffffffffff ( nan) +D3 = 00000000 A3 = 8000c3b0 F3 = 7fff ffffffffffffffff ( nan) +D4 = 00000000 A4 = 8004604c F4 = 7fff ffffffffffffffff ( nan) +D5 = 00000000 A5 = 3ffd5000 F5 = 7fff ffffffffffffffff ( nan) +D6 = 00000004 A6 = 80046038 F6 = 7fff ffffffffffffffff ( nan) +D7 = 80042050 A7 = 80045ff4 F7 = 7fff ffffffffffffffff ( nan) +PC = 8004615e SR = 0000 T:0 I:0 UI ----- +FPSR = 00000000 ---- + FPCR = 0000 X RN +---------------- +IN: +0x80046162: orib #20,%d0 + +OP: + ld_i32 tmp0,env,$0xfffffffffffffff8 + brcond_i32 tmp0,$0x0,lt,$L0 + + ---- 80046162 00000000 + mov_i32 tmp0,$0x14 + ext8s_i32 tmp3,D0 + or_i32 tmp4,tmp3,tmp0 + and_i32 D0,D0,$0xffffff00 + ext8u_i32 tmp6,tmp4 + or_i32 D0,D0,tmp6 + ext8s_i32 CC_N,tmp4 + discard CC_C + discard CC_Z + discard CC_V + mov_i32 CC_OP,$0xb + mov_i32 PC,$0x80046166 + exit_tb $0x0 + set_label $L0 + exit_tb $0x7fba001a7683 + +D0 = 00000012 A0 = 80045ff4 F0 = 7fff ffffffffffffffff ( nan) +D1 = 00000001 A1 = 800466d6 F1 = 7fff ffffffffffffffff ( nan) +D2 = 00000000 A2 = 00000000 F2 = 7fff ffffffffffffffff ( nan) +D3 = 00000000 A3 = 8000c3b0 F3 = 7fff ffffffffffffffff ( nan) +D4 = 00000000 A4 = 8004604c F4 = 7fff ffffffffffffffff ( nan) +D5 = 00000000 A5 = 3ffd5000 F5 = 7fff ffffffffffffffff ( nan) +D6 = 00000004 A6 = 80046038 F6 = 7fff ffffffffffffffff ( nan) +D7 = 80042050 A7 = 80045ff4 F7 = 7fff ffffffffffffffff ( nan) +PC = 80046162 SR = 0000 T:0 I:0 UI ----- +FPSR = 00000000 ---- + FPCR = 0000 X RN +---------------- +IN: +0x80046166: movel %fp,%a4@ + +OP: + ld_i32 tmp0,env,$0xfffffffffffffff8 + brcond_i32 tmp0,$0x0,lt,$L0 + +... +``` +I can see that instructions +``` +0x80046160: linkw %fp,#0 +0x80046164: movel %a4@,%sp@- +``` +are not executed +and an extra instruction +``` +0x80046162: orib #20,%d0 +``` +is executed""" +reproduce = """Run chroot qemu-m68k qemu-m68k-static -cpu m68020 -d in_asm,cpu -D log1.txt ./test""" +additional = """""" |