Patchwork MIPS/system: MTC0 single-stepping PC update fix

login
register
mail settings
Submitter Maciej W. Rozycki
Date June 8, 2012, 1:05 a.m.
Message ID <alpine.DEB.1.10.1206072316150.23962@tp.orcam.me.uk>
Download mbox | patch
Permalink /patch/163709/
State New
Headers show

Comments

Maciej W. Rozycki - June 8, 2012, 1:05 a.m.
Some MTC0 (and possibly other) instructions switch to the BS_STOP state
to terminate the current translation block, so that the state transition
of the simulated CPU resulting from the CP0 operation takes effect with
the following instruction.  This happens for "mtc0 <reg>,c0_config" for
example.

 While single-stepping this has a side-effect of not advancing the PC past
the instruction just executed; subsequent single-step traps will stop at
the same instruction repeatedly.  This is obviously incorrect and (with my
limited understanding of QEMU internals) is fixed easily as below, making
the old PC be kept only for the BS_EXCP (exception condition) state.

 Example:

(gdb) stepi
0x80004d24 in _start ()
5: x/i $pc
=> 0x80004d24 <_start+364>:     mfc0    t1,c0_config
(gdb)
0x80004d28 in _start ()
5: x/i $pc
=> 0x80004d28 <_start+368>:     li      at,-8
(gdb)
0x80004d2c in _start ()
5: x/i $pc
=> 0x80004d2c <_start+372>:     and     t1,t1,at
(gdb)
0x80004d30 in _start ()
5: x/i $pc
=> 0x80004d30 <_start+376>:     ori     t1,t1,0x3
(gdb)
0x80004d34 in _start ()
5: x/i $pc
=> 0x80004d34 <_start+380>:     mtc0    t1,c0_config
(gdb)
0x80004d34 in _start ()
5: x/i $pc
=> 0x80004d34 <_start+380>:     mtc0    t1,c0_config
(gdb)
0x80004d34 in _start ()
5: x/i $pc
=> 0x80004d34 <_start+380>:     mtc0    t1,c0_config
(gdb)
0x80004d34 in _start ()
5: x/i $pc
=> 0x80004d34 <_start+380>:     mtc0    t1,c0_config
(gdb)

-- oops!

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
---

 Please apply,

  Maciej

qemu-mips-mtc0-step.diff
Richard Henderson - June 12, 2012, 2:32 p.m.
On 2012-06-07 18:05, Maciej W. Rozycki wrote:
>      if (env->singlestep_enabled && ctx.bstate != BS_BRANCH) {
> -        save_cpu_state(&ctx, ctx.bstate == BS_NONE);
> +        save_cpu_state(&ctx, ctx.bstate != BS_EXCP);
>          gen_helper_0i(raise_exception, EXCP_DEBUG);

Reviewed-by: Richard Henderson <rth@twiddle.net>


r~

Patch

Index: qemu-git-trunk/target-mips/translate.c
===================================================================
--- qemu-git-trunk.orig/target-mips/translate.c	2012-06-04 04:16:57.755560324 +0100
+++ qemu-git-trunk/target-mips/translate.c	2012-06-04 05:01:42.435594656 +0100
@@ -12494,7 +12494,7 @@  gen_intermediate_code_internal (CPUMIPSS
     if (tb->cflags & CF_LAST_IO)
         gen_io_end();
     if (env->singlestep_enabled && ctx.bstate != BS_BRANCH) {
-        save_cpu_state(&ctx, ctx.bstate == BS_NONE);
+        save_cpu_state(&ctx, ctx.bstate != BS_EXCP);
         gen_helper_0i(raise_exception, EXCP_DEBUG);
     } else {
         switch (ctx.bstate) {