1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
|
id = 754
title = "qem_m68k : trapcs instruction causes the non-execution of the following 2 instructions"
state = "closed"
created_at = "2021-11-30T08:11:39.401Z"
closed_at = "2022-06-02T14:59:58.361Z"
labels = ["Closed::Fixed", "accel: TCG", "kind::Bug", "target: m68k"]
url = "https://gitlab.com/qemu-project/qemu/-/issues/754"
host-os = "Debian"
host-arch = "(x86, ARM, s390x, etc.)"
qemu-version = "(e.g. `qemu-system-x86_64 --version`)"
guest-os = "Debian"
guest-arch = "(x86, ARM, s390x, etc.)"
description = """In try to run following code :
```
8004615a:\t204f \tmoveal %sp,%a0
8004615c:\tb1c7 \tcmpal %d7,%a0
8004615e:\t55fc \ttrapcs
80046160:\t4e56 0000 \tlinkw %fp,#0
80046164:\t2f14 \tmovel %a4@,%sp@-
80046166:\t288e \tmovel %fp,%a4@
80046168:\tc74d \texg %a3,%a5
8004616a:\t48e7 3030 \tmoveml %d2-%d3/%a2-%a3,%sp@-
8004616e:\t7001 \tmoveq #1,%d0
80046170:\t3b40 816c \tmovew %d0,%a5@(-32404)
80046174:\t7218 \tmoveq #24,%d1
80046176:\t3b41 816a \tmovew %d1,%a5@(-32406)
8004617a:\t242d 8004 \tmovel %a5@(-32764),%d2
8004617e:\t2b42 815c \tmovel %d2,%a5@(-32420)
80046182:\t206d 8008 \tmoveal %a5@(-32760),%a0
80046186:\t2268 8010 \tmoveal %a0@(-32752),%a1
8004618a:\t2b49 8158 \tmovel %a1,%a5@(-32424)
8004618e:\t42ad 8154 \tclrl %a5@(-32428)
80046192:\t246d 8154 \tmoveal %a5@(-32428),%a2
80046196:\t2b4a 8160 \tmovel %a2,%a5@(-32416)
8004619a:\t2b4a 8164 \tmovel %a2,%a5@(-32412)
8004619e:\t422d 8168 \tclrb %a5@(-32408)
800461a2:\t7604 \tmoveq #4,%d3
800461a4:\t2b43 8150 \tmovel %d3,%a5@(-32432)
800461a8:\t2668 8010 \tmoveal %a0@(-32752),%a3
800461ac:\t2b4b 814c \tmovel %a3,%a5@(-32436)
800461b0:\t2268 8010 \tmoveal %a0@(-32752),%a1
800461b4:\t266d 8008 \tmoveal %a5@(-32760),%a3
800461b8:\t206b 8008 \tmoveal %a3@(-32760),%a0
800461bc:\t4e90 \tjsr %a0@
800461be:\t2b48 8148 \tmovel %a0,%a5@(-32440)
800461c2:\t4cdf 0c0c \tmoveml %sp@+,%d2-%d3/%a2-%a3
800461c6:\tc74d \texg %a3,%a5
800461c8:\t289f \tmovel %sp@+,%a4@
800461ca:\t4e5e \tunlk %fp
800461cc:\t4e75 \trts
```
When I run qemu-m68k -cpu m68020 -d in_asm,cpu, I have :
```
----------------
IN:
0x8004615a: moveal %sp,%a0
0x8004615c: cmpal %d7,%a0
0x8004615e: trapcs
0x80046160: linkw %fp,#0
0x80046164: movel %a4@,%sp@-
0x80046166: movel %fp,%a4@
0x80046168: exg %a3,%a5
0x8004616a: moveml %d2-%d3/%a2-%a3,%sp@-
0x8004616e: moveq #1,%d0
0x80046170: movew %d0,%a5@(-32404)
0x80046174: moveq #24,%d1
0x80046176: movew %d1,%a5@(-32406)
0x8004617a: movel %a5@(-32764),%d2
0x8004617e: movel %d2,%a5@(-32420)
0x80046182: moveal %a5@(-32760),%a0
0x80046186: moveal %a0@(-32752),%a1
0x8004618a: movel %a1,%a5@(-32424)
0x8004618e: clrl %a5@(-32428)
0x80046192: moveal %a5@(-32428),%a2
0x80046196: movel %a2,%a5@(-32416)
0x8004619a: movel %a2,%a5@(-32412)
0x8004619e: clrb %a5@(-32408)
0x800461a2: moveq #4,%d3
0x800461a4: movel %d3,%a5@(-32432)
0x800461a8: moveal %a0@(-32752),%a3
0x800461ac: movel %a3,%a5@(-32436)
0x800461b0: moveal %a0@(-32752),%a1
0x800461b4: moveal %a5@(-32760),%a3
0x800461b8: moveal %a3@(-32760),%a0
0x800461bc: jsr %a0@
Trace 0: 0x7f83a807e780 [00000000/8004615a/00000000/00000000]
D0 = 00000012 A0 = 8004615a F0 = 7fff ffffffffffffffff ( nan)
D1 = 00000001 A1 = 800466d6 F1 = 7fff ffffffffffffffff ( nan)
D2 = 00000000 A2 = 00000000 F2 = 7fff ffffffffffffffff ( nan)
D3 = 00000000 A3 = 8000c3b0 F3 = 7fff ffffffffffffffff ( nan)
D4 = 00000000 A4 = 8004604c F4 = 7fff ffffffffffffffff ( nan)
D5 = 00000000 A5 = 3ffd7000 F5 = 7fff ffffffffffffffff ( nan)
D6 = 00000004 A6 = 80046038 F6 = 7fff ffffffffffffffff ( nan)
D7 = 80042050 A7 = 80045ff4 F7 = 7fff ffffffffffffffff ( nan)
PC SR = 0004 T:0 I:0 UI --Z--
FPSR = 00000000 ----
FPCR = 0000 X RN
\t\t\t\t\t\t\t\t
----------------
IN:
0x80046358: lea %a1@(0,%d0:l),%a0
0x8004635c: rts
Trace 0: 0x7f83a807eac0 [00000000/80046358/00000000/00000000]
D0 = 00000001 A0 = 80046358 F0 = 7fff ffffffffffffffff ( nan)
D1 = 00000018 A1 = 00000000 F1 = 7fff ffffffffffffffff ( nan)
D2 = ffffffff A2 = 00000000 F2 = 7fff ffffffffffffffff ( nan)
D3 = 00000004 A3 = 8000c040 F3 = 7fff ffffffffffffffff ( nan)
D4 = 00000000 A4 = 8004604c F4 = 7fff ffffffffffffffff ( nan)
D5 = 00000000 A5 = 8000c3b0 F5 = 7fff ffffffffffffffff ( nan)
D6 = 00000004 A6 = 80046038 F6 = 7fff ffffffffffffffff ( nan)
D7 = 80042050 A7 = 80045fe0 F7 = 7fff ffffffffffffffff ( nan)
PC = 80046358 SR = 0004 T:0 I:0 UI --Z--
FPSR = 00000000 ----
FPCR = 0000 X RN
----------------
```
Stack pointer is 80045fe0, it should be 80045FD8.
When I run with options -cpu m68020 -d in_asm,cpu,op -singlestep, I have :
```
----------------
IN:
0x8004615e: trapcs
0x80046160: linkw %fp,#0
Disassembler disagrees with translator over instruction decoding
Please report this to qemu-devel@nongnu.org
OP:
ld_i32 tmp0,env,$0xfffffffffffffff8
brcond_i32 tmp0,$0x0,lt,$L0
---- 8004615e 00000000
mov_i32 tmp0,$0x0
call flush_flags,$0x0,$0,env,CC_OP
setcond_i32 tmp2,CC_C,tmp0,ne
neg_i32 tmp2,tmp2
mov_i32 tmp0,$0x56
mov_i32 PC,$0x80046162
exit_tb $0x0
set_label $L0
exit_tb $0x7fba001a75c3
D0 = 00000012 A0 = 80045ff4 F0 = 7fff ffffffffffffffff ( nan)
D1 = 00000001 A1 = 800466d6 F1 = 7fff ffffffffffffffff ( nan)
D2 = 00000000 A2 = 00000000 F2 = 7fff ffffffffffffffff ( nan)
D3 = 00000000 A3 = 8000c3b0 F3 = 7fff ffffffffffffffff ( nan)
D4 = 00000000 A4 = 8004604c F4 = 7fff ffffffffffffffff ( nan)
D5 = 00000000 A5 = 3ffd5000 F5 = 7fff ffffffffffffffff ( nan)
D6 = 00000004 A6 = 80046038 F6 = 7fff ffffffffffffffff ( nan)
D7 = 80042050 A7 = 80045ff4 F7 = 7fff ffffffffffffffff ( nan)
PC = 8004615e SR = 0000 T:0 I:0 UI -----
FPSR = 00000000 ----
FPCR = 0000 X RN
----------------
IN:
0x80046162: orib #20,%d0
OP:
ld_i32 tmp0,env,$0xfffffffffffffff8
brcond_i32 tmp0,$0x0,lt,$L0
---- 80046162 00000000
mov_i32 tmp0,$0x14
ext8s_i32 tmp3,D0
or_i32 tmp4,tmp3,tmp0
and_i32 D0,D0,$0xffffff00
ext8u_i32 tmp6,tmp4
or_i32 D0,D0,tmp6
ext8s_i32 CC_N,tmp4
discard CC_C
discard CC_Z
discard CC_V
mov_i32 CC_OP,$0xb
mov_i32 PC,$0x80046166
exit_tb $0x0
set_label $L0
exit_tb $0x7fba001a7683
D0 = 00000012 A0 = 80045ff4 F0 = 7fff ffffffffffffffff ( nan)
D1 = 00000001 A1 = 800466d6 F1 = 7fff ffffffffffffffff ( nan)
D2 = 00000000 A2 = 00000000 F2 = 7fff ffffffffffffffff ( nan)
D3 = 00000000 A3 = 8000c3b0 F3 = 7fff ffffffffffffffff ( nan)
D4 = 00000000 A4 = 8004604c F4 = 7fff ffffffffffffffff ( nan)
D5 = 00000000 A5 = 3ffd5000 F5 = 7fff ffffffffffffffff ( nan)
D6 = 00000004 A6 = 80046038 F6 = 7fff ffffffffffffffff ( nan)
D7 = 80042050 A7 = 80045ff4 F7 = 7fff ffffffffffffffff ( nan)
PC = 80046162 SR = 0000 T:0 I:0 UI -----
FPSR = 00000000 ----
FPCR = 0000 X RN
----------------
IN:
0x80046166: movel %fp,%a4@
OP:
ld_i32 tmp0,env,$0xfffffffffffffff8
brcond_i32 tmp0,$0x0,lt,$L0
...
```
I can see that instructions
```
0x80046160: linkw %fp,#0
0x80046164: movel %a4@,%sp@-
```
are not executed
and an extra instruction
```
0x80046162: orib #20,%d0
```
is executed"""
reproduce = """Run chroot qemu-m68k qemu-m68k-static -cpu m68020 -d in_asm,cpu -D log1.txt ./test"""
additional = """"""
|