summary refs log tree commit diff stats
path: root/gitlab/issues/target_m68k/host_missing/accel_missing/2483.toml
diff options
context:
space:
mode:
Diffstat (limited to 'gitlab/issues/target_m68k/host_missing/accel_missing/2483.toml')
-rw-r--r--gitlab/issues/target_m68k/host_missing/accel_missing/2483.toml32
1 files changed, 32 insertions, 0 deletions
diff --git a/gitlab/issues/target_m68k/host_missing/accel_missing/2483.toml b/gitlab/issues/target_m68k/host_missing/accel_missing/2483.toml
new file mode 100644
index 000000000..28264af96
--- /dev/null
+++ b/gitlab/issues/target_m68k/host_missing/accel_missing/2483.toml
@@ -0,0 +1,32 @@
+id = 2483
+title = "m68k: jsr (sp) doesn't work as expected"
+state = "closed"
+created_at = "2024-08-06T11:15:57.592Z"
+closed_at = "2024-10-09T19:11:08.750Z"
+labels = ["Closed::Fixed", "target: m68k"]
+url = "https://gitlab.com/qemu-project/qemu/-/issues/2483"
+host-os = "n/a"
+host-arch = "n/a"
+qemu-version = "n/a"
+guest-os = "n/a"
+guest-arch = "n/a"
+description = """Consider the following code (disassembly from ghidra). This copies the current `SP` to `A1` then copies 0x68 bytes from the address pointed at by `A0` to the address pointed at by `A1` with increment. This should end up with a copy of some bytes and `SP` pointing at the first.
+
+```
+        ff8241e6 22 4f           movea.l    SP,A1
+        ff8241e8 70 68           moveq      #0x68,D0
+                             LAB_ff8241ea                                    XREF[1]:     ff8241ee(j)  
+        ff8241ea 12 d8           move.b     (A0)+,(A1)+
+        ff8241ec 53 80           subq.l     #0x1,D0
+        ff8241ee 66 fa           bne.b      LAB_ff8241ea
+        ff8241f0 4e 97           jsr        (SP)
+```
+
+`SP` is `0x3bfc` at the `jsr` so we'd expect to jump to `0x3bfc` and put the address to return to at `0x3bf8` so the `jsr` can return I think?
+What currently happens in QEMU is the return address is put at `0xb3f8` and `PC` also becomes `0x3bf8` and the return address starts being executed as code and things go off the rails.
+
+Forgive the screenshot but this is what it looks like with GDB connected. Dumping the memory where the `PC` is shows that the return address is actually there and we can see there is garbage before the instructions it should be executing.
+
+![image](/uploads/d5fd6f455e5a433735d8fae2be3d53ee/image.png){width=289 height=759}"""
+reproduce = "n/a"
+additional = "n/a"