From patchwork Fri Oct 19 10:17:13 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Julio Guerra <guerr@julio.in>
X-Patchwork-Id: 192635
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id 7955D2C008F
	for <incoming@patchwork.ozlabs.org>;
	Fri, 19 Oct 2012 21:17:47 +1100 (EST)
Received: from localhost ([::1]:55898 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1TP9eC-0008Iy-V1
	for incoming@patchwork.ozlabs.org; Fri, 19 Oct 2012 06:17:44 -0400
Received: from eggs.gnu.org ([208.118.235.92]:44201)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <julio.nemesis@gmail.com>) id 1TP9e4-0008Hu-GK
	for qemu-devel@nongnu.org; Fri, 19 Oct 2012 06:17:37 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <julio.nemesis@gmail.com>) id 1TP9e3-0007p5-4C
	for qemu-devel@nongnu.org; Fri, 19 Oct 2012 06:17:36 -0400
Received: from mail-vb0-f45.google.com ([209.85.212.45]:54588)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <julio.nemesis@gmail.com>)
	id 1TP9e2-0007ox-Ue; Fri, 19 Oct 2012 06:17:35 -0400
Received: by mail-vb0-f45.google.com with SMTP id p1so251510vbi.4
	for <multiple recipients>; Fri, 19 Oct 2012 03:17:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:sender:from:date:x-google-sender-auth:message-id
	:subject:to:cc:content-type;
	bh=L7jApaADfTPBn16PCd+fJCk3VrGyd03jbg6KNR8K+/Y=;
	b=Br2xlsoB96QpKXp8piqjuwb/I+o7cIbSpmqFUPnwResyxhvH4EAni8o5GmQu4YjtIq
	r1RQpJ8Zur8+tgYXsA9zJUrpkDtj15LZLSh8jyKZSLC6NsMLfIUUGwtoeiQg9iX3CLj6
	lAcnZCaDQfj2VZb0s9ytoCUBTysy3+gxDDep+TW5/ba5ZgFCPnRDvclyFeqSp4WuU4hv
	0R/UdoGLjkTUtQzzRUuOVjkWJNIHIjB4xrta2UebLn+iOmwX/tiWMZoWrCLtcCaEBFkL
	XqUuHbJzWYj3KdKh+DKJXdMkkGpbzFGgwW7IgS+JUjmtDVbPK5l+wL/rGqHF7Bg4chUs
	tEPg==
Received: by 10.59.5.229 with SMTP id cp5mr909486ved.32.1350641853976;
	Fri, 19 Oct 2012 03:17:33 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.58.169.43 with HTTP; Fri, 19 Oct 2012 03:17:13 -0700 (PDT)
From: Julio Guerra <guerr@julio.in>
Date: Fri, 19 Oct 2012 12:17:13 +0200
X-Google-Sender-Auth: NK47bMNnK6rhZ0w0CwnlN38ZAd0
Message-ID: 
 <CAFAwnGMTjFUMgbB_sWxZz2_3CwhrMkvjGmkGGpyeZ_4u=dtRhQ@mail.gmail.com>
To: qemu-devel@nongnu.org, qemu-ppc@nongnu.org
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 209.85.212.45
Cc: Alexander Graf <agraf@suse.de>
Subject: [Qemu-devel] [PATCH] Fix missing TRACE exception
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

This patch fixes bug 1031698 :
https://bugs.launchpad.net/qemu/+bug/1031698

If we look at the (truncated) translation of the conditional branch
instruction in the test submitted in the bug post, the call to the
exception helper is missing in the "bne-false" chunk of translated
code :

IN:
bne-    0x1800278

OUT:
0xb544236d:  jne    0xb5442396

0xb5442373:  mov    %ebp,(%esp)
0xb5442376:  mov    $0x44,%ebx
0xb544237b:  mov    %ebx,0x4(%esp)
0xb544237f:  mov    $0x1800278,%ebx
0xb5442384:  mov    %ebx,0x25c(%ebp)
0xb544238a:  call   0x827475a
                     ^^^^^^^^^^^^^^^^^^
# OK : call the exception helper function

0xb5442396:  mov    %ebp,(%esp)
0xb5442399:  mov    $0x44,%ebx
0xb544239e:  mov    %ebx,0x4(%esp)
0xb54423a2:  mov    $0x1800270,%ebx
0xb54423a7:  mov    %ebx,0x25c(%ebp)
# KO : missing "call 0x827475a"


Indeed, gen_exception(ctx, excp) called by gen_goto_tb (called by
gen_bcond) changes ctx->exception's value to excp's :

gen_bcond()
{
  gen_goto_tb(ctx, 0, ctx->nip + li - 4);
  /* ctx->exception value is POWERPC_EXCP_BRANCH */

  gen_goto_tb(ctx, 1, ctx->nip);
  /* ctx->exception now value is POWERPC_EXCP_TRACE */
}


Making the following gen_goto_tb()'s test false during the second call :

if ((ctx->singlestep_enabled &
    (CPU_BRANCH_STEP | CPU_SINGLE_STEP)) &&
    ctx->exception == POWERPC_EXCP_BRANCH /* false...*/) {
         target_ulong tmp = ctx->nip;
         ctx->nip = dest;
         /* ... and this is the missing call */
         gen_exception(ctx, POWERPC_EXCP_TRACE);
         ctx->nip = tmp;
}

So the patch simply adds the missing matching case, fixing our problem.

Signed-off-by: Julio Guerra <guerr@julio.in>
---
 target-ppc/translate.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff -up a/target-ppc/translate.c b/target-ppc/translate.c
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -3466,7 +3466,8 @@ static inline void gen_goto_tb(DisasCont
         if (unlikely(ctx->singlestep_enabled)) {
             if ((ctx->singlestep_enabled &
                 (CPU_BRANCH_STEP | CPU_SINGLE_STEP)) &&
-                ctx->exception == POWERPC_EXCP_BRANCH) {
+                (ctx->exception == POWERPC_EXCP_BRANCH ||
+                 ctx->exception == POWERPC_EXCP_TRACE)) {
                 target_ulong tmp = ctx->nip;
                 ctx->nip = dest;
                 gen_exception(ctx, POWERPC_EXCP_TRACE);