search

vivier / qemu-m68k

Other
40 stars 6 forks source link

trapcs instruction causes the non-execution of the following 2 instructions #49

Closed FLizot closed 2 years ago

FLizot commented 2 years ago

In try to run following code :

8004615a:   204f            moveal %sp,%a0
8004615c:   b1c7            cmpal %d7,%a0
8004615e:   55fc            trapcs
80046160:   4e56 0000       linkw %fp,#0
80046164:   2f14            movel %a4@,%sp@-
80046166:   288e            movel %fp,%a4@
80046168:   c74d            exg %a3,%a5
8004616a:   48e7 3030       moveml %d2-%d3/%a2-%a3,%sp@-
8004616e:   7001            moveq #1,%d0
80046170:   3b40 816c       movew %d0,%a5@(-32404)
80046174:   7218            moveq #24,%d1
80046176:   3b41 816a       movew %d1,%a5@(-32406)
8004617a:   242d 8004       movel %a5@(-32764),%d2
8004617e:   2b42 815c       movel %d2,%a5@(-32420)
80046182:   206d 8008       moveal %a5@(-32760),%a0
80046186:   2268 8010       moveal %a0@(-32752),%a1
8004618a:   2b49 8158       movel %a1,%a5@(-32424)
8004618e:   42ad 8154       clrl %a5@(-32428)
80046192:   246d 8154       moveal %a5@(-32428),%a2
80046196:   2b4a 8160       movel %a2,%a5@(-32416)
8004619a:   2b4a 8164       movel %a2,%a5@(-32412)
8004619e:   422d 8168       clrb %a5@(-32408)
800461a2:   7604            moveq #4,%d3
800461a4:   2b43 8150       movel %d3,%a5@(-32432)
800461a8:   2668 8010       moveal %a0@(-32752),%a3
800461ac:   2b4b 814c       movel %a3,%a5@(-32436)
800461b0:   2268 8010       moveal %a0@(-32752),%a1
800461b4:   266d 8008       moveal %a5@(-32760),%a3
800461b8:   206b 8008       moveal %a3@(-32760),%a0
800461bc:   4e90            jsr %a0@
800461be:   2b48 8148       movel %a0,%a5@(-32440)
800461c2:   4cdf 0c0c       moveml %sp@+,%d2-%d3/%a2-%a3
800461c6:   c74d            exg %a3,%a5
800461c8:   289f            movel %sp@+,%a4@
800461ca:   4e5e            unlk %fp
800461cc:   4e75            rts

When I run qemu-m68k -cpu m68020 -d in_asm,cpu, I have : 

----------------
IN: 
0x8004615a:  moveal %sp,%a0
0x8004615c:  cmpal %d7,%a0
0x8004615e:  trapcs
0x80046160:  linkw %fp,#0
0x80046164:  movel %a4@,%sp@-
0x80046166:  movel %fp,%a4@
0x80046168:  exg %a3,%a5
0x8004616a:  moveml %d2-%d3/%a2-%a3,%sp@-
0x8004616e:  moveq #1,%d0
0x80046170:  movew %d0,%a5@(-32404)
0x80046174:  moveq #24,%d1
0x80046176:  movew %d1,%a5@(-32406)
0x8004617a:  movel %a5@(-32764),%d2
0x8004617e:  movel %d2,%a5@(-32420)
0x80046182:  moveal %a5@(-32760),%a0
0x80046186:  moveal %a0@(-32752),%a1
0x8004618a:  movel %a1,%a5@(-32424)
0x8004618e:  clrl %a5@(-32428)
0x80046192:  moveal %a5@(-32428),%a2
0x80046196:  movel %a2,%a5@(-32416)
0x8004619a:  movel %a2,%a5@(-32412)
0x8004619e:  clrb %a5@(-32408)
0x800461a2:  moveq #4,%d3
0x800461a4:  movel %d3,%a5@(-32432)
0x800461a8:  moveal %a0@(-32752),%a3
0x800461ac:  movel %a3,%a5@(-32436)
0x800461b0:  moveal %a0@(-32752),%a1
0x800461b4:  moveal %a5@(-32760),%a3
0x800461b8:  moveal %a3@(-32760),%a0
0x800461bc:  jsr %a0@

Trace 0: 0x7f83a807e780 [00000000/8004615a/00000000/00000000] 
D0 = 00000012   A0 = 8004615a   F0 = 7fff ffffffffffffffff  (         nan)
D1 = 00000001   A1 = 800466d6   F1 = 7fff ffffffffffffffff  (         nan)
D2 = 00000000   A2 = 00000000   F2 = 7fff ffffffffffffffff  (         nan)
D3 = 00000000   A3 = 8000c3b0   F3 = 7fff ffffffffffffffff  (         nan)
D4 = 00000000   A4 = 8004604c   F4 = 7fff ffffffffffffffff  (         nan)
D5 = 00000000   A5 = 3ffd7000   F5 = 7fff ffffffffffffffff  (         nan)
D6 = 00000004   A6 = 80046038   F6 = 7fff ffffffffffffffff  (         nan)
D7 = 80042050   A7 = 80045ff4   F7 = 7fff ffffffffffffffff  (         nan)
PC    SR = 0004 T:0 I:0 UI --Z--
FPSR = 00000000 ---- 
                                FPCR =     0000 X RN 

----------------
IN: 
0x80046358:  lea %a1@(0,%d0:l),%a0
0x8004635c:  rts

Trace 0: 0x7f83a807eac0 [00000000/80046358/00000000/00000000] 
D0 = 00000001   A0 = 80046358   F0 = 7fff ffffffffffffffff  (         nan)
D1 = 00000018   A1 = 00000000   F1 = 7fff ffffffffffffffff  (         nan)
D2 = ffffffff   A2 = 00000000   F2 = 7fff ffffffffffffffff  (         nan)
D3 = 00000004   A3 = 8000c040   F3 = 7fff ffffffffffffffff  (         nan)
D4 = 00000000   A4 = 8004604c   F4 = 7fff ffffffffffffffff  (         nan)
D5 = 00000000   A5 = 8000c3b0   F5 = 7fff ffffffffffffffff  (         nan)
D6 = 00000004   A6 = 80046038   F6 = 7fff ffffffffffffffff  (         nan)
D7 = 80042050   A7 = 80045fe0   F7 = 7fff ffffffffffffffff  (         nan)
PC = 80046358   SR = 0004 T:0 I:0 UI --Z--
FPSR = 00000000 ---- 
                                FPCR =     0000 X RN 
----------------

Stack pointer is 80045fe0, it should be 80045FD8.

When I run with options -cpu m68020 -d in_asm,cpu,op -singlestep, I have :

----------------
IN:
0x8004615e:  trapcs
0x80046160:  linkw %fp,#0
Disassembler disagrees with translator over instruction decoding
Please report this to qemu-devel@nongnu.org

OP:
 ld_i32 tmp0,env,$0xfffffffffffffff8
 brcond_i32 tmp0,$0x0,lt,$L0

 ---- 8004615e 00000000
 mov_i32 tmp0,$0x0
 call flush_flags,$0x0,$0,env,CC_OP
 setcond_i32 tmp2,CC_C,tmp0,ne
 neg_i32 tmp2,tmp2
 mov_i32 tmp0,$0x56
 mov_i32 PC,$0x80046162
 exit_tb $0x0
 set_label $L0
 exit_tb $0x7fba001a75c3

D0 = 00000012   A0 = 80045ff4   F0 = 7fff ffffffffffffffff  (         nan)
D1 = 00000001   A1 = 800466d6   F1 = 7fff ffffffffffffffff  (         nan)
D2 = 00000000   A2 = 00000000   F2 = 7fff ffffffffffffffff  (         nan)
D3 = 00000000   A3 = 8000c3b0   F3 = 7fff ffffffffffffffff  (         nan)
D4 = 00000000   A4 = 8004604c   F4 = 7fff ffffffffffffffff  (         nan)
D5 = 00000000   A5 = 3ffd5000   F5 = 7fff ffffffffffffffff  (         nan)
D6 = 00000004   A6 = 80046038   F6 = 7fff ffffffffffffffff  (         nan)
D7 = 80042050   A7 = 80045ff4   F7 = 7fff ffffffffffffffff  (         nan)
PC = 8004615e   SR = 0000 T:0 I:0 UI -----
FPSR = 00000000 ----
                                FPCR =     0000 X RN
----------------
IN:
0x80046162:  orib #20,%d0

OP:
 ld_i32 tmp0,env,$0xfffffffffffffff8
 brcond_i32 tmp0,$0x0,lt,$L0

 ---- 80046162 00000000
 mov_i32 tmp0,$0x14
 ext8s_i32 tmp3,D0
 or_i32 tmp4,tmp3,tmp0
 and_i32 D0,D0,$0xffffff00
 ext8u_i32 tmp6,tmp4
 or_i32 D0,D0,tmp6
 ext8s_i32 CC_N,tmp4
 discard CC_C
 discard CC_Z
 discard CC_V
 mov_i32 CC_OP,$0xb
 mov_i32 PC,$0x80046166
 exit_tb $0x0
 set_label $L0
 exit_tb $0x7fba001a7683

D0 = 00000012   A0 = 80045ff4   F0 = 7fff ffffffffffffffff  (         nan)
D1 = 00000001   A1 = 800466d6   F1 = 7fff ffffffffffffffff  (         nan)
D2 = 00000000   A2 = 00000000   F2 = 7fff ffffffffffffffff  (         nan)
D3 = 00000000   A3 = 8000c3b0   F3 = 7fff ffffffffffffffff  (         nan)
D4 = 00000000   A4 = 8004604c   F4 = 7fff ffffffffffffffff  (         nan)
D5 = 00000000   A5 = 3ffd5000   F5 = 7fff ffffffffffffffff  (         nan)
D6 = 00000004   A6 = 80046038   F6 = 7fff ffffffffffffffff  (         nan)
D7 = 80042050   A7 = 80045ff4   F7 = 7fff ffffffffffffffff  (         nan)
PC = 80046162   SR = 0000 T:0 I:0 UI -----
FPSR = 00000000 ----
                                FPCR =     0000 X RN
----------------
IN:
0x80046166:  movel %fp,%a4@

OP:
 ld_i32 tmp0,env,$0xfffffffffffffff8
 brcond_i32 tmp0,$0x0,lt,$L0

...

I can see that instructions 

0x80046160:  linkw %fp,#0
0x80046164:  movel %a4@,%sp@-

are not executed and an extra instruction

0x80046162:  orib #20,%d0

is executed

vivier commented 2 years ago

It seems trapcs is not implemented by QEMU.

qemu-m68k is now merged in main QEMU, please report (cut&paste) your bug report to:

https://gitlab.com/qemu-project/qemu/-/issues

See

https://www.qemu.org/contribute/report-a-bug/

Thanks

vivier commented 2 years ago

https://gitlab.com/qemu-project/qemu/-/issues/754