diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-06-16 16:59:00 +0000 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-06-16 16:59:33 +0000 |
| commit | 9aba81d8eb048db908c94a3c40c25a5fde0caee6 (patch) | |
| tree | b765e7fb5e9a3c2143c68b0414e0055adb70e785 /results/classifier/118/debug/1740 | |
| parent | b89a938452613061c0f1f23e710281cf5c83cb29 (diff) | |
| download | qemu-analysis-9aba81d8eb048db908c94a3c40c25a5fde0caee6.tar.gz qemu-analysis-9aba81d8eb048db908c94a3c40c25a5fde0caee6.zip | |
add 18th iteration of classifier
Diffstat (limited to 'results/classifier/118/debug/1740')
| -rw-r--r-- | results/classifier/118/debug/1740 | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/results/classifier/118/debug/1740 b/results/classifier/118/debug/1740 new file mode 100644 index 000000000..34785b7a3 --- /dev/null +++ b/results/classifier/118/debug/1740 @@ -0,0 +1,103 @@ +debug: 0.894 +permissions: 0.887 +performance: 0.880 +register: 0.877 +graphic: 0.875 +architecture: 0.864 +virtual: 0.859 +device: 0.853 +risc-v: 0.850 +semantic: 0.846 +hypervisor: 0.820 +user-level: 0.820 +socket: 0.816 +network: 0.815 +vnc: 0.812 +KVM: 0.812 +ppc: 0.800 +VMM: 0.790 +arm: 0.789 +TCG: 0.787 +assembly: 0.785 +peripherals: 0.784 +kernel: 0.782 +PID: 0.768 +boot: 0.725 +files: 0.724 +x86: 0.655 +mistranslation: 0.635 +i386: 0.514 + +QEMU Abort in Cortex-M Exception raising +Description of problem: +When an exception should be raised in a ARM Cortex-M board QEMU aborts. + +``` +$ qemu-system-arm --version +QEMU emulator version 8.0.2 + +$ qemu-system-arm -M stm32vldiscovery -device loader,file=/tmp/raw-hardfault.hex -d in_asm,exec,int +[...] +Trace 0: 0x7f2aa8000680 [00800400/00000110/00000110/ff200000] +---------------- +IN: +0x00000140: f64b 6eef movw lr, #0xbeef +0x00000144: f6cd 6ead movt lr, #0xdead +0x00000148: 4770 bx lr + +Linking TBs 0x7f2aa8000680 index 0 -> 0x7f2aa80007c0 +Trace 0: 0x7f2aa80007c0 [00800400/00000140/00000110/ff200000] +qemu-system-arm: ../qemu-8.0.2/target/arm/cpu.h:2396: arm_is_secure_below_el3: Assertion `!arm_feature(env, ARM_FEATURE_M)' failed. +``` + +Expected behavior: +``` +$ qemu-system-arm --version +QEMU emulator version 7.1.0 + +$ qemu-system-arm -M stm32vldiscovery -device loader,file=raw-hardfault.hex -d in_asm,exec,int +[...] +Trace 0: 0x7fb488000680 [00800400/00000110/00000110/ff000000] +---------------- +IN: +0x00000140: f64b 6eef movw lr, #0xbeef +0x00000144: f6cd 6ead movt lr, #0xdead +0x00000148: 4770 bx lr + +Linking TBs 0x7fb488000680 [00000110] index 0 -> 0x7fb488000780 [00000140] +Trace 0: 0x7fb488000780 [00800400/00000140/00000110/ff000000] +Taking exception 3 [Prefetch Abort] on CPU 0 +...at fault address 0xdeadbeee +...with CFSR.IACCVIOL +...BusFault with BFSR.STKERR +...taking pending nonsecure exception 3 +...loading from element 3 of non-secure vector table at 0xc +...loaded new PC 0x0 +``` +Steps to reproduce: +1. Run any Cortex-M firmware that raises an exception. (minimal example attached) +Additional information: +- Minimal Reproducer: +[raw-hardfault.hex](/uploads/113889116675b608e05748280d1db354/raw-hardfault.hex) +- Assert introduced in fcc7404eff24b4c8b322fb27ca5ae7f3113129c3. +- Stacktrace: +``` +#4 0x00007ffff6a483d6 in __assert_fail () from /usr/lib/libc.so.6 +#5 0x00007ffff73afe67 in arm_is_secure_below_el3 (env=0x55555712f9b0) at target/arm/cpu.h:2396 +#6 0x00007ffff73afedd in arm_is_el2_enabled (env=0x55555712f9b0) at target/arm/cpu.h:2448 +#7 0x00007ffff73afcd4 in arm_el_is_aa64 (env=0x55555712f9b0, el=0x1) at target/arm/cpu.h:2509 +#8 0x00007ffff73af68f in compute_fsr_fsc (env=0x55555712f9b0, fi=0x7fffffff7098, target_el=0x1, mmu_idx=0x1, ret_fsc=0x7fffffff6fe0) + at target/arm/tcg/tlb_helper.c:71 +#9 0x00007ffff73af483 in arm_deliver_fault (cpu=0x55555712d250, addr=0xdeadbeee, access_type=MMU_INST_FETCH, mmu_idx=0x1, fi=0x7fffffff7098) + at target/arm/tcg/tlb_helper.c:114 +#10 0x00007ffff73afa4c in arm_cpu_tlb_fill (cs=0x55555712d250, address=0xdeadbeee, size=0x1, access_type=MMU_INST_FETCH, mmu_idx=0x1, probe=0x0, retaddr=0x0) + at target/arm/tcg/tlb_helper.c:242 +#11 0x00007ffff74a3a1e in probe_access_internal (env=0x55555712f9b0, addr=0xdeadbeee, fault_size=0x1, access_type=MMU_INST_FETCH, mmu_idx=0x1, nonfault=0x0, phost=0x7fffffff71c8, + pfull=0x7fffffff71d0, retaddr=0x0) at accel/tcg/cputlb.c:1555 +#12 0x00007ffff74a4085 in get_page_addr_code_hostp (env=0x55555712f9b0, addr=0xdeadbeee, hostp=0x0) at accel/tcg/cputlb.c:1694 +#13 0x00007ffff7490c0f in get_page_addr_code (env=0x55555712f9b0, addr=0xdeadbeee) at include/exec/exec-all.h:748 +#14 0x00007ffff7490b2a in tb_htable_lookup (cpu=0x55555712d250, pc=0xdeadbeee, cs_base=0x800408, flags=0x110, cflags=0xff200200) at accel/tcg/cpu-exec.c:233 +#15 0x00007ffff748f719 in tb_lookup (cpu=0x55555712d250, pc=0xdeadbeee, cs_base=0x800408, flags=0x110, cflags=0xff200200) at accel/tcg/cpu-exec.c:270 +#16 0x00007ffff748f463 in helper_lookup_tb_ptr (env=0x55555712f9b0) at accel/tcg/cpu-exec.c:425 +#17 0x00007fff6800091c in code_gen_buffer () +``` |