Am 23.11.2012 17:06, schrieb Alexander Graf: > > On 19.10.2012, at 12:17, Julio Guerra wrote: > >> This patch fixes bug 1031698 : >> https://bugs.launchpad.net/qemu/+bug/1031698 >> >> If we look at the (truncated) translation of the conditional branch >> instruction in the test submitted in the bug post, the call to the >> exception helper is missing in the "bne-false" chunk of translated >> code : >> >> IN: >> bne- 0x1800278 >> >> OUT: >> 0xb544236d: jne 0xb5442396 >> >> 0xb5442373: mov %ebp,(%esp) >> 0xb5442376: mov $0x44,%ebx >> 0xb544237b: mov %ebx,0x4(%esp) >> 0xb544237f: mov $0x1800278,%ebx >> 0xb5442384: mov %ebx,0x25c(%ebp) >> 0xb544238a: call 0x827475a >> ^^^^^^^^^^^^^^^^^^ >> # OK : call the exception helper function >> >> 0xb5442396: mov %ebp,(%esp) >> 0xb5442399: mov $0x44,%ebx >> 0xb544239e: mov %ebx,0x4(%esp) >> 0xb54423a2: mov $0x1800270,%ebx >> 0xb54423a7: mov %ebx,0x25c(%ebp) >> # KO : missing "call 0x827475a" >> >> >> Indeed, gen_exception(ctx, excp) called by gen_goto_tb (called by >> gen_bcond) changes ctx->exception's value to excp's : >> >> gen_bcond() >> { >> gen_goto_tb(ctx, 0, ctx->nip + li - 4); >> /* ctx->exception value is POWERPC_EXCP_BRANCH */ >> >> gen_goto_tb(ctx, 1, ctx->nip); >> /* ctx->exception now value is POWERPC_EXCP_TRACE */ >> } >> >> >> Making the following gen_goto_tb()'s test false during the second call : >> >> if ((ctx->singlestep_enabled & >> (CPU_BRANCH_STEP | CPU_SINGLE_STEP)) && >> ctx->exception == POWERPC_EXCP_BRANCH /* false...*/) { >> target_ulong tmp = ctx->nip; >> ctx->nip = dest; >> /* ... and this is the missing call */ >> gen_exception(ctx, POWERPC_EXCP_TRACE); >> ctx->nip = tmp; >> } >> >> So the patch simply adds the missing matching case, fixing our problem. >> >> Signed-off-by: Julio Guerra <[email protected]> > > Thanks, applied to ppc-next :)
Please don't forget to add the missing "target-ppc: ". :) Andreas -- SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
