arm: 0.912
architecture: 0.823
user-level: 0.747
peripherals: 0.594
ppc: 0.592
mistranslation: 0.554
device: 0.554
graphic: 0.552
network: 0.536
files: 0.520
semantic: 0.510
socket: 0.496
performance: 0.486
permissions: 0.466
kernel: 0.463
debug: 0.441
vnc: 0.432
risc-v: 0.401
register: 0.394
assembly: 0.383
TCG: 0.379
PID: 0.367
boot: 0.316
x86: 0.292
hypervisor: 0.283
VMM: 0.234
virtual: 0.226
KVM: 0.182
i386: 0.181
--------------------
arm: 0.994
user-level: 0.888
debug: 0.686
TCG: 0.159
virtual: 0.120
performance: 0.088
files: 0.087
architecture: 0.056
kernel: 0.020
semantic: 0.016
hypervisor: 0.012
register: 0.008
assembly: 0.008
PID: 0.007
boot: 0.005
device: 0.003
VMM: 0.003
peripherals: 0.002
network: 0.002
permissions: 0.002
graphic: 0.001
mistranslation: 0.001
vnc: 0.001
socket: 0.001
KVM: 0.001
risc-v: 0.000
ppc: 0.000
x86: 0.000
i386: 0.000

arm linux-user: bkpt insn doesn't cause SIGTRAP

QEMU's 32-bit arm linux-user mode doesn't correctly turn guest BKPT insns into SIGTRAP signals. Test case:

===begin bkpt.c===
/* test bkpt insn */

#include <stdlib.h>
#include <stdio.h>

int main(void)
{
    printf("breakpoint\n");
#ifdef __aarch64__
    __asm__ volatile("brk 0x42\n");
#else
    __asm__ volatile("bkpt 0x42\n");
#endif
    printf("done\n");
    return 0;
}
===endit===

Compile with
$ arm-linux-gnueabihf-gcc -g -Wall -o bkpt-aa32 bkpt.c
$ aarch64-linux-gnu-gcc -g -Wall -o bkpt-aa64 bkpt.c

Contrast aarch64 which delivers the SIGTRAP and arm which doesn't:

$ qemu-aarch64 bkpt-aa64
breakpoint
qemu: uncaught target signal 5 (Trace/breakpoint trap) - core dumped
Trace/breakpoint trap (core dumped)
$ qemu-arm bkpt-aa32
breakpoint
done

This is because in linux-user/arm/cpu-loop.c we incorrectly treat EXCP_BKPT similarly to EXCP_SWI, which means that we actually perform a syscall (which one depends on what happens to be in r7...). This code has been like this (more or less) since commit 06c949e62a098f in 2006 which added BKPT in the first place. This is probably because at the time the same code path was used to handle both Linux syscalls and semihosting calls, and (on M profile) BKPT does imply a semihosting call. But these days we've moved handling of semihosting out to an entirely different codepath, so we can fix this bug by simply removing this handling of EXCP_BKPT and instead making it deliver a SIGTRAP like EXCP_DEBUG (as we do already on aarch64).

Should be fixed in current git, will be in 5.2.


https://git.qemu.org/?p=qemu.git;a=commitdiff;h=13a0c21e64bddf1a36