summary refs log tree commit diff stats
path: root/gitlab/issues_text/target_arm/host_missing/accel_TCG/2942
blob: 536f0741be2f804408505919ecf0de79ba820be5 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

arm: TCG debug assertion failure when handling an ISB or SB insn inside an IT block
Description of problem:
ARM thumb `IT` instruction triggers TCG debug asserts.

```
$ ./qemu-system-arm --version
QEMU emulator version 10.0.0 (v10.0.0)

$ ./qemu-system-arm -M stm32vldiscovery -nographic -device loader,file=raw-it-bug.hex -d in_asm,exec
[...]
Trace 0: 0x72a584000800 [00800400/0000000000000164/00000110/ff020000]
----------------
IN:
0x00000108:  f000 f80a  bl       #0x120

Trace 0: 0x72a584000940 [00800400/0000000000000108/00000110/ff020000]
qemu-system-arm: ../tcg/tcg-op.c:3343: void tcg_gen_goto_tb(unsigned int): Assertion `(tcg_ctx->goto_tb_issue_mask & (1 << idx)) == 0' failed.
```

Expected behavior:
```
$ qemu-system-arm -M stm32vldiscovery -device loader,file=raw-hardfault.hex -d in_asm,exec,int
[...]
Trace 0: 0x7df6dc000800 [00800400/0000000000000164/00000110/ff020000]
----------------
IN:
0x00000108:  f000 f80a  bl       #0x120

Trace 0: 0x7df6dc000940 [00800400/0000000000000108/00000110/ff020000]
----------------
IN:
0x00000120:  2302       movs     r3, #2
0x00000122:  bf00       nop
0x00000124:  f04f 25e0  mov.w    r5, #-0x1fff2000
0x00000128:  f8d5 1d10  ldr.w    r1, [r5, #0xd10]
0x0000012c:  f041 0014  orr      r0, r1, #0x14
0x00000130:  f8c5 0d10  str.w    r0, [r5, #0xd10]
0x00000134:  f8d5 0200  ldr.w    r0, [r5, #0x200]
0x00000138:  f8d5 6100  ldr.w    r6, [r5, #0x100]
0x0000013c:  4206       tst      r6, r0
0x0000013e:  bf02       ittt     eq
0x00000140:  f3bf 8f4f  dsbeq    sy
0x00000144:  bf20       wfeeq

Linking TBs 0x7df6dc000940 index 0 -> 0x7df6dc000a80
Trace 0: 0x7df6dc000a80 [00800400/0000000000000120/00000110/ff020000]
[...]
Trace 0: 0x7df6dc001fc0 [00800400/0000000000000170/00000110/ff020000]
Taking exception 3 [Prefetch Abort] on CPU 0
...at fault address 0xdeadbeee
...with CFSR.IACCVIOL
...BusFault with BFSR.STKERR
...taking pending nonsecure exception 3
...loading from element 3 of non-secure vector table at 0xc
...loaded new PC 0x111
----------------
IN:
0x00000110:  e7fe       b        #0x110
```
Steps to reproduce:
1. Build QEMU with `CONFIG_DEBUG_TCG` enabled, e.g. with `./configure --enable-debug`.
1. Run Cortex-M firmware with `IT` instruction. (minimal example attached)
Additional information:
- Minimal Reproducer: [raw-it-bug.hex](/uploads/3ae30ab78f49bbc933e48c51f6bf2a2b/raw-it-bug.hex)
- Reproduced on `main`, `v10.0.0` and `v9.1.0`.