1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
|
qem_m68k : trapcs instruction causes the non-execution of the following 2 instructions
Description of problem:
In try to run following code :
```
8004615a: 204f moveal %sp,%a0
8004615c: b1c7 cmpal %d7,%a0
8004615e: 55fc trapcs
80046160: 4e56 0000 linkw %fp,#0
80046164: 2f14 movel %a4@,%sp@-
80046166: 288e movel %fp,%a4@
80046168: c74d exg %a3,%a5
8004616a: 48e7 3030 moveml %d2-%d3/%a2-%a3,%sp@-
8004616e: 7001 moveq #1,%d0
80046170: 3b40 816c movew %d0,%a5@(-32404)
80046174: 7218 moveq #24,%d1
80046176: 3b41 816a movew %d1,%a5@(-32406)
8004617a: 242d 8004 movel %a5@(-32764),%d2
8004617e: 2b42 815c movel %d2,%a5@(-32420)
80046182: 206d 8008 moveal %a5@(-32760),%a0
80046186: 2268 8010 moveal %a0@(-32752),%a1
8004618a: 2b49 8158 movel %a1,%a5@(-32424)
8004618e: 42ad 8154 clrl %a5@(-32428)
80046192: 246d 8154 moveal %a5@(-32428),%a2
80046196: 2b4a 8160 movel %a2,%a5@(-32416)
8004619a: 2b4a 8164 movel %a2,%a5@(-32412)
8004619e: 422d 8168 clrb %a5@(-32408)
800461a2: 7604 moveq #4,%d3
800461a4: 2b43 8150 movel %d3,%a5@(-32432)
800461a8: 2668 8010 moveal %a0@(-32752),%a3
800461ac: 2b4b 814c movel %a3,%a5@(-32436)
800461b0: 2268 8010 moveal %a0@(-32752),%a1
800461b4: 266d 8008 moveal %a5@(-32760),%a3
800461b8: 206b 8008 moveal %a3@(-32760),%a0
800461bc: 4e90 jsr %a0@
800461be: 2b48 8148 movel %a0,%a5@(-32440)
800461c2: 4cdf 0c0c moveml %sp@+,%d2-%d3/%a2-%a3
800461c6: c74d exg %a3,%a5
800461c8: 289f movel %sp@+,%a4@
800461ca: 4e5e unlk %fp
800461cc: 4e75 rts
```
When I run qemu-m68k -cpu m68020 -d in_asm,cpu, I have :
```
----------------
IN:
0x8004615a: moveal %sp,%a0
0x8004615c: cmpal %d7,%a0
0x8004615e: trapcs
0x80046160: linkw %fp,#0
0x80046164: movel %a4@,%sp@-
0x80046166: movel %fp,%a4@
0x80046168: exg %a3,%a5
0x8004616a: moveml %d2-%d3/%a2-%a3,%sp@-
0x8004616e: moveq #1,%d0
0x80046170: movew %d0,%a5@(-32404)
0x80046174: moveq #24,%d1
0x80046176: movew %d1,%a5@(-32406)
0x8004617a: movel %a5@(-32764),%d2
0x8004617e: movel %d2,%a5@(-32420)
0x80046182: moveal %a5@(-32760),%a0
0x80046186: moveal %a0@(-32752),%a1
0x8004618a: movel %a1,%a5@(-32424)
0x8004618e: clrl %a5@(-32428)
0x80046192: moveal %a5@(-32428),%a2
0x80046196: movel %a2,%a5@(-32416)
0x8004619a: movel %a2,%a5@(-32412)
0x8004619e: clrb %a5@(-32408)
0x800461a2: moveq #4,%d3
0x800461a4: movel %d3,%a5@(-32432)
0x800461a8: moveal %a0@(-32752),%a3
0x800461ac: movel %a3,%a5@(-32436)
0x800461b0: moveal %a0@(-32752),%a1
0x800461b4: moveal %a5@(-32760),%a3
0x800461b8: moveal %a3@(-32760),%a0
0x800461bc: jsr %a0@
Trace 0: 0x7f83a807e780 [00000000/8004615a/00000000/00000000]
D0 = 00000012 A0 = 8004615a F0 = 7fff ffffffffffffffff ( nan)
D1 = 00000001 A1 = 800466d6 F1 = 7fff ffffffffffffffff ( nan)
D2 = 00000000 A2 = 00000000 F2 = 7fff ffffffffffffffff ( nan)
D3 = 00000000 A3 = 8000c3b0 F3 = 7fff ffffffffffffffff ( nan)
D4 = 00000000 A4 = 8004604c F4 = 7fff ffffffffffffffff ( nan)
D5 = 00000000 A5 = 3ffd7000 F5 = 7fff ffffffffffffffff ( nan)
D6 = 00000004 A6 = 80046038 F6 = 7fff ffffffffffffffff ( nan)
D7 = 80042050 A7 = 80045ff4 F7 = 7fff ffffffffffffffff ( nan)
PC SR = 0004 T:0 I:0 UI --Z--
FPSR = 00000000 ----
FPCR = 0000 X RN
----------------
IN:
0x80046358: lea %a1@(0,%d0:l),%a0
0x8004635c: rts
Trace 0: 0x7f83a807eac0 [00000000/80046358/00000000/00000000]
D0 = 00000001 A0 = 80046358 F0 = 7fff ffffffffffffffff ( nan)
D1 = 00000018 A1 = 00000000 F1 = 7fff ffffffffffffffff ( nan)
D2 = ffffffff A2 = 00000000 F2 = 7fff ffffffffffffffff ( nan)
D3 = 00000004 A3 = 8000c040 F3 = 7fff ffffffffffffffff ( nan)
D4 = 00000000 A4 = 8004604c F4 = 7fff ffffffffffffffff ( nan)
D5 = 00000000 A5 = 8000c3b0 F5 = 7fff ffffffffffffffff ( nan)
D6 = 00000004 A6 = 80046038 F6 = 7fff ffffffffffffffff ( nan)
D7 = 80042050 A7 = 80045fe0 F7 = 7fff ffffffffffffffff ( nan)
PC = 80046358 SR = 0004 T:0 I:0 UI --Z--
FPSR = 00000000 ----
FPCR = 0000 X RN
----------------
```
Stack pointer is 80045fe0, it should be 80045FD8.
When I run with options -cpu m68020 -d in_asm,cpu,op -singlestep, I have :
```
----------------
IN:
0x8004615e: trapcs
0x80046160: linkw %fp,#0
Disassembler disagrees with translator over instruction decoding
Please report this to qemu-devel@nongnu.org
OP:
ld_i32 tmp0,env,$0xfffffffffffffff8
brcond_i32 tmp0,$0x0,lt,$L0
---- 8004615e 00000000
mov_i32 tmp0,$0x0
call flush_flags,$0x0,$0,env,CC_OP
setcond_i32 tmp2,CC_C,tmp0,ne
neg_i32 tmp2,tmp2
mov_i32 tmp0,$0x56
mov_i32 PC,$0x80046162
exit_tb $0x0
set_label $L0
exit_tb $0x7fba001a75c3
D0 = 00000012 A0 = 80045ff4 F0 = 7fff ffffffffffffffff ( nan)
D1 = 00000001 A1 = 800466d6 F1 = 7fff ffffffffffffffff ( nan)
D2 = 00000000 A2 = 00000000 F2 = 7fff ffffffffffffffff ( nan)
D3 = 00000000 A3 = 8000c3b0 F3 = 7fff ffffffffffffffff ( nan)
D4 = 00000000 A4 = 8004604c F4 = 7fff ffffffffffffffff ( nan)
D5 = 00000000 A5 = 3ffd5000 F5 = 7fff ffffffffffffffff ( nan)
D6 = 00000004 A6 = 80046038 F6 = 7fff ffffffffffffffff ( nan)
D7 = 80042050 A7 = 80045ff4 F7 = 7fff ffffffffffffffff ( nan)
PC = 8004615e SR = 0000 T:0 I:0 UI -----
FPSR = 00000000 ----
FPCR = 0000 X RN
----------------
IN:
0x80046162: orib #20,%d0
OP:
ld_i32 tmp0,env,$0xfffffffffffffff8
brcond_i32 tmp0,$0x0,lt,$L0
---- 80046162 00000000
mov_i32 tmp0,$0x14
ext8s_i32 tmp3,D0
or_i32 tmp4,tmp3,tmp0
and_i32 D0,D0,$0xffffff00
ext8u_i32 tmp6,tmp4
or_i32 D0,D0,tmp6
ext8s_i32 CC_N,tmp4
discard CC_C
discard CC_Z
discard CC_V
mov_i32 CC_OP,$0xb
mov_i32 PC,$0x80046166
exit_tb $0x0
set_label $L0
exit_tb $0x7fba001a7683
D0 = 00000012 A0 = 80045ff4 F0 = 7fff ffffffffffffffff ( nan)
D1 = 00000001 A1 = 800466d6 F1 = 7fff ffffffffffffffff ( nan)
D2 = 00000000 A2 = 00000000 F2 = 7fff ffffffffffffffff ( nan)
D3 = 00000000 A3 = 8000c3b0 F3 = 7fff ffffffffffffffff ( nan)
D4 = 00000000 A4 = 8004604c F4 = 7fff ffffffffffffffff ( nan)
D5 = 00000000 A5 = 3ffd5000 F5 = 7fff ffffffffffffffff ( nan)
D6 = 00000004 A6 = 80046038 F6 = 7fff ffffffffffffffff ( nan)
D7 = 80042050 A7 = 80045ff4 F7 = 7fff ffffffffffffffff ( nan)
PC = 80046162 SR = 0000 T:0 I:0 UI -----
FPSR = 00000000 ----
FPCR = 0000 X RN
----------------
IN:
0x80046166: movel %fp,%a4@
OP:
ld_i32 tmp0,env,$0xfffffffffffffff8
brcond_i32 tmp0,$0x0,lt,$L0
...
```
I can see that instructions
```
0x80046160: linkw %fp,#0
0x80046164: movel %a4@,%sp@-
```
are not executed
and an extra instruction
```
0x80046162: orib #20,%d0
```
is executed
Steps to reproduce:
Run chroot qemu-m68k qemu-m68k-static -cpu m68020 -d in_asm,cpu -D log1.txt ./test
Additional information:
|