* [Qemu-devel] [Bug 944645] [NEW] ARM: CORTEX M, ICI/IT bits in XPSR were not cleared then entering exception
@ 2012-03-02 9:20 Oleksiy Bondarenko
2012-03-02 9:39 ` [Qemu-devel] [Bug 944645] " Oleksiy Bondarenko
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Oleksiy Bondarenko @ 2012-03-02 9:20 UTC (permalink / raw)
To: qemu-devel
Public bug reported:
I have this error.
qemu: fatal: Trying to execute code outside RAM or ROM at 0x10000000
R00=e000ed04 R01=3f5e392e R02=000000ff R03=0000007e
R04=20007038 R05=20003e30 R06=00000000 R07=00000003
R08=00000000 R09=00012874 R10=10101010 R11=11111111
R12=00000000 R13=200031d0 R14=fffffffd R15=10000000
PSR=40000153 -Z-- A svc32
I tried to figure out this situation. I have found that this happens
then interrupt happens during execution of __eabi_fmul instruction
somewhere in the middle of this block
IN:
0x004212d4: 22ff movs r2, #255
0x004212d6: ea12 5cd0 ands.w ip, r2, r0, lsr #23
0x004212da: bf1d ittte ne
0x004212dc: ea12 53d1 andsne.w r3, r2, r1, lsr #23
0x004212e0: 4594 cmpne ip, r2
0x004212e2: 4293 cmpne r3, r2
0x004212e4: e02b beq.n 0x42133e
purticulary then tcg where tring split this to 2 parts like this:
IN:
0x004212d4: 22ff movs r2, #255
0x004212d6: ea12 5cd0 ands.w ip, r2, r0, lsr #23
0x004212da: bf1d ittte ne
0x004212dc: ea12 53d1 andsne.w r3, r2, r1, lsr #23
0x004212e0: 4594 cmpne ip, r2
IN:
0x004212e2: 4293 cmpne r3, r2
0x004212e4: e02b beq.n 0x42133e
and the next interrupt handler prologue seem uses conditional
instructions:
IN:
0x00409170: b580 push {r7, lr}
0x00409172: 485d ldrne r0, [pc, #372] (0x4092e8)
0x00409174: 6800 ldrne r0, [r0, #0]
0x00409176: 0700 lsleq r0, r0, #28
0x00409178: d530 bpl.n 0x4091dc
If we will look in v7m reference manual
in ExceptionTaken() stated:
EPSR.IT<7:0> = 0x0; // IT/ICI bits cleared
after I added 1 code line it looks it does not happen anymore.
v7m_push(env, xpsr);
+ xpsr_write(env, 0, CPSR_IT);
I did some interrupt logs with and without modification:
without:
before enter at pc=424534 sp=2000642c osp=200031c8 type=28 xpsr=41000028
before enter at pc=424534 sp=2000642c osp=200031c8 type=e xpsr=4100000e
before enter at pc=4212e0 sp=20003e18 osp=200031c8 type=2f xpsr=4500182f <<--- it bits where not cleared
on fault at pc=4091dc sp=200031d0 osp=20003df8 type=2f xpsr=4100002f
qemu: fatal: Trying to execute code outside RAM or ROM at 0x10000000
with:
before enter at pc=424534 sp=2000642c osp=200031c8 type=e xpsr=4100000e
before enter at pc=4212e0 sp=20003e18 osp=200031c8 type=2f xpsr=4500182f <<--- fault situation passed
before enter at pc=424534 sp=20003d80 osp=200031c8 type=e xpsr=4100000e
** Affects: qemu
Importance: Undecided
Status: New
** Tags: arm cortexm
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/944645
Title:
ARM: CORTEX M, ICI/IT bits in XPSR were not cleared then entering
exception
Status in QEMU:
New
Bug description:
I have this error.
qemu: fatal: Trying to execute code outside RAM or ROM at 0x10000000
R00=e000ed04 R01=3f5e392e R02=000000ff R03=0000007e
R04=20007038 R05=20003e30 R06=00000000 R07=00000003
R08=00000000 R09=00012874 R10=10101010 R11=11111111
R12=00000000 R13=200031d0 R14=fffffffd R15=10000000
PSR=40000153 -Z-- A svc32
I tried to figure out this situation. I have found that this happens
then interrupt happens during execution of __eabi_fmul instruction
somewhere in the middle of this block
IN:
0x004212d4: 22ff movs r2, #255
0x004212d6: ea12 5cd0 ands.w ip, r2, r0, lsr #23
0x004212da: bf1d ittte ne
0x004212dc: ea12 53d1 andsne.w r3, r2, r1, lsr #23
0x004212e0: 4594 cmpne ip, r2
0x004212e2: 4293 cmpne r3, r2
0x004212e4: e02b beq.n 0x42133e
purticulary then tcg where tring split this to 2 parts like this:
IN:
0x004212d4: 22ff movs r2, #255
0x004212d6: ea12 5cd0 ands.w ip, r2, r0, lsr #23
0x004212da: bf1d ittte ne
0x004212dc: ea12 53d1 andsne.w r3, r2, r1, lsr #23
0x004212e0: 4594 cmpne ip, r2
IN:
0x004212e2: 4293 cmpne r3, r2
0x004212e4: e02b beq.n 0x42133e
and the next interrupt handler prologue seem uses conditional
instructions:
IN:
0x00409170: b580 push {r7, lr}
0x00409172: 485d ldrne r0, [pc, #372] (0x4092e8)
0x00409174: 6800 ldrne r0, [r0, #0]
0x00409176: 0700 lsleq r0, r0, #28
0x00409178: d530 bpl.n 0x4091dc
If we will look in v7m reference manual
in ExceptionTaken() stated:
EPSR.IT<7:0> = 0x0; // IT/ICI bits cleared
after I added 1 code line it looks it does not happen anymore.
v7m_push(env, xpsr);
+ xpsr_write(env, 0, CPSR_IT);
I did some interrupt logs with and without modification:
without:
before enter at pc=424534 sp=2000642c osp=200031c8 type=28 xpsr=41000028
before enter at pc=424534 sp=2000642c osp=200031c8 type=e xpsr=4100000e
before enter at pc=4212e0 sp=20003e18 osp=200031c8 type=2f xpsr=4500182f <<--- it bits where not cleared
on fault at pc=4091dc sp=200031d0 osp=20003df8 type=2f xpsr=4100002f
qemu: fatal: Trying to execute code outside RAM or ROM at 0x10000000
with:
before enter at pc=424534 sp=2000642c osp=200031c8 type=e xpsr=4100000e
before enter at pc=4212e0 sp=20003e18 osp=200031c8 type=2f xpsr=4500182f <<--- fault situation passed
before enter at pc=424534 sp=20003d80 osp=200031c8 type=e xpsr=4100000e
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/944645/+subscriptions
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Qemu-devel] [Bug 944645] Re: ARM: CORTEX M, ICI/IT bits in XPSR were not cleared then entering exception
2012-03-02 9:20 [Qemu-devel] [Bug 944645] [NEW] ARM: CORTEX M, ICI/IT bits in XPSR were not cleared then entering exception Oleksiy Bondarenko
@ 2012-03-02 9:39 ` Oleksiy Bondarenko
2012-03-02 9:44 ` Peter Maydell
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Oleksiy Bondarenko @ 2012-03-02 9:39 UTC (permalink / raw)
To: qemu-devel
Changes where made in
static void do_interrupt_v7m(CPUARMState *env)
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/944645
Title:
ARM: CORTEX M, ICI/IT bits in XPSR were not cleared then entering
exception
Status in QEMU:
New
Bug description:
I have this error.
qemu: fatal: Trying to execute code outside RAM or ROM at 0x10000000
R00=e000ed04 R01=3f5e392e R02=000000ff R03=0000007e
R04=20007038 R05=20003e30 R06=00000000 R07=00000003
R08=00000000 R09=00012874 R10=10101010 R11=11111111
R12=00000000 R13=200031d0 R14=fffffffd R15=10000000
PSR=40000153 -Z-- A svc32
I tried to figure out this situation. I have found that this happens
then interrupt happens during execution of __eabi_fmul instruction
somewhere in the middle of this block
IN:
0x004212d4: 22ff movs r2, #255
0x004212d6: ea12 5cd0 ands.w ip, r2, r0, lsr #23
0x004212da: bf1d ittte ne
0x004212dc: ea12 53d1 andsne.w r3, r2, r1, lsr #23
0x004212e0: 4594 cmpne ip, r2
0x004212e2: 4293 cmpne r3, r2
0x004212e4: e02b beq.n 0x42133e
purticulary then tcg where tring split this to 2 parts like this:
IN:
0x004212d4: 22ff movs r2, #255
0x004212d6: ea12 5cd0 ands.w ip, r2, r0, lsr #23
0x004212da: bf1d ittte ne
0x004212dc: ea12 53d1 andsne.w r3, r2, r1, lsr #23
0x004212e0: 4594 cmpne ip, r2
IN:
0x004212e2: 4293 cmpne r3, r2
0x004212e4: e02b beq.n 0x42133e
and the next interrupt handler prologue seem uses conditional
instructions:
IN:
0x00409170: b580 push {r7, lr}
0x00409172: 485d ldrne r0, [pc, #372] (0x4092e8)
0x00409174: 6800 ldrne r0, [r0, #0]
0x00409176: 0700 lsleq r0, r0, #28
0x00409178: d530 bpl.n 0x4091dc
If we will look in v7m reference manual
in ExceptionTaken() stated:
EPSR.IT<7:0> = 0x0; // IT/ICI bits cleared
after I added 1 code line it looks it does not happen anymore.
v7m_push(env, xpsr);
+ xpsr_write(env, 0, CPSR_IT);
I did some interrupt logs with and without modification:
without:
before enter at pc=424534 sp=2000642c osp=200031c8 type=28 xpsr=41000028
before enter at pc=424534 sp=2000642c osp=200031c8 type=e xpsr=4100000e
before enter at pc=4212e0 sp=20003e18 osp=200031c8 type=2f xpsr=4500182f <<--- it bits where not cleared
on fault at pc=4091dc sp=200031d0 osp=20003df8 type=2f xpsr=4100002f
qemu: fatal: Trying to execute code outside RAM or ROM at 0x10000000
with:
before enter at pc=424534 sp=2000642c osp=200031c8 type=e xpsr=4100000e
before enter at pc=4212e0 sp=20003e18 osp=200031c8 type=2f xpsr=4500182f <<--- fault situation passed
before enter at pc=424534 sp=20003d80 osp=200031c8 type=e xpsr=4100000e
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/944645/+subscriptions
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Qemu-devel] [Bug 944645] Re: ARM: CORTEX M, ICI/IT bits in XPSR were not cleared then entering exception
2012-03-02 9:20 [Qemu-devel] [Bug 944645] [NEW] ARM: CORTEX M, ICI/IT bits in XPSR were not cleared then entering exception Oleksiy Bondarenko
2012-03-02 9:39 ` [Qemu-devel] [Bug 944645] " Oleksiy Bondarenko
@ 2012-03-02 9:44 ` Peter Maydell
2012-03-02 11:04 ` Peter Maydell
2012-10-18 22:48 ` Peter Maydell
3 siblings, 0 replies; 5+ messages in thread
From: Peter Maydell @ 2012-03-02 9:44 UTC (permalink / raw)
To: qemu-devel
Yes, this is a bug: the code which tries to clear the IT bits is doing
it via "env->uncached_cpsr &= ~CPSR_IT;" but the IT bits are cached
elsewhere. I'll send out a patch later today.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/944645
Title:
ARM: CORTEX M, ICI/IT bits in XPSR were not cleared then entering
exception
Status in QEMU:
New
Bug description:
I have this error.
qemu: fatal: Trying to execute code outside RAM or ROM at 0x10000000
R00=e000ed04 R01=3f5e392e R02=000000ff R03=0000007e
R04=20007038 R05=20003e30 R06=00000000 R07=00000003
R08=00000000 R09=00012874 R10=10101010 R11=11111111
R12=00000000 R13=200031d0 R14=fffffffd R15=10000000
PSR=40000153 -Z-- A svc32
I tried to figure out this situation. I have found that this happens
then interrupt happens during execution of __eabi_fmul instruction
somewhere in the middle of this block
IN:
0x004212d4: 22ff movs r2, #255
0x004212d6: ea12 5cd0 ands.w ip, r2, r0, lsr #23
0x004212da: bf1d ittte ne
0x004212dc: ea12 53d1 andsne.w r3, r2, r1, lsr #23
0x004212e0: 4594 cmpne ip, r2
0x004212e2: 4293 cmpne r3, r2
0x004212e4: e02b beq.n 0x42133e
purticulary then tcg where tring split this to 2 parts like this:
IN:
0x004212d4: 22ff movs r2, #255
0x004212d6: ea12 5cd0 ands.w ip, r2, r0, lsr #23
0x004212da: bf1d ittte ne
0x004212dc: ea12 53d1 andsne.w r3, r2, r1, lsr #23
0x004212e0: 4594 cmpne ip, r2
IN:
0x004212e2: 4293 cmpne r3, r2
0x004212e4: e02b beq.n 0x42133e
and the next interrupt handler prologue seem uses conditional
instructions:
IN:
0x00409170: b580 push {r7, lr}
0x00409172: 485d ldrne r0, [pc, #372] (0x4092e8)
0x00409174: 6800 ldrne r0, [r0, #0]
0x00409176: 0700 lsleq r0, r0, #28
0x00409178: d530 bpl.n 0x4091dc
If we will look in v7m reference manual
in ExceptionTaken() stated:
EPSR.IT<7:0> = 0x0; // IT/ICI bits cleared
after I added 1 code line it looks it does not happen anymore.
v7m_push(env, xpsr);
+ xpsr_write(env, 0, CPSR_IT);
I did some interrupt logs with and without modification:
without:
before enter at pc=424534 sp=2000642c osp=200031c8 type=28 xpsr=41000028
before enter at pc=424534 sp=2000642c osp=200031c8 type=e xpsr=4100000e
before enter at pc=4212e0 sp=20003e18 osp=200031c8 type=2f xpsr=4500182f <<--- it bits where not cleared
on fault at pc=4091dc sp=200031d0 osp=20003df8 type=2f xpsr=4100002f
qemu: fatal: Trying to execute code outside RAM or ROM at 0x10000000
with:
before enter at pc=424534 sp=2000642c osp=200031c8 type=e xpsr=4100000e
before enter at pc=4212e0 sp=20003e18 osp=200031c8 type=2f xpsr=4500182f <<--- fault situation passed
before enter at pc=424534 sp=20003d80 osp=200031c8 type=e xpsr=4100000e
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/944645/+subscriptions
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Qemu-devel] [Bug 944645] Re: ARM: CORTEX M, ICI/IT bits in XPSR were not cleared then entering exception
2012-03-02 9:20 [Qemu-devel] [Bug 944645] [NEW] ARM: CORTEX M, ICI/IT bits in XPSR were not cleared then entering exception Oleksiy Bondarenko
2012-03-02 9:39 ` [Qemu-devel] [Bug 944645] " Oleksiy Bondarenko
2012-03-02 9:44 ` Peter Maydell
@ 2012-03-02 11:04 ` Peter Maydell
2012-10-18 22:48 ` Peter Maydell
3 siblings, 0 replies; 5+ messages in thread
From: Peter Maydell @ 2012-03-02 11:04 UTC (permalink / raw)
To: qemu-devel
Patch submitted: http://patchwork.ozlabs.org/patch/144218/
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/944645
Title:
ARM: CORTEX M, ICI/IT bits in XPSR were not cleared then entering
exception
Status in QEMU:
New
Bug description:
I have this error.
qemu: fatal: Trying to execute code outside RAM or ROM at 0x10000000
R00=e000ed04 R01=3f5e392e R02=000000ff R03=0000007e
R04=20007038 R05=20003e30 R06=00000000 R07=00000003
R08=00000000 R09=00012874 R10=10101010 R11=11111111
R12=00000000 R13=200031d0 R14=fffffffd R15=10000000
PSR=40000153 -Z-- A svc32
I tried to figure out this situation. I have found that this happens
then interrupt happens during execution of __eabi_fmul instruction
somewhere in the middle of this block
IN:
0x004212d4: 22ff movs r2, #255
0x004212d6: ea12 5cd0 ands.w ip, r2, r0, lsr #23
0x004212da: bf1d ittte ne
0x004212dc: ea12 53d1 andsne.w r3, r2, r1, lsr #23
0x004212e0: 4594 cmpne ip, r2
0x004212e2: 4293 cmpne r3, r2
0x004212e4: e02b beq.n 0x42133e
purticulary then tcg where tring split this to 2 parts like this:
IN:
0x004212d4: 22ff movs r2, #255
0x004212d6: ea12 5cd0 ands.w ip, r2, r0, lsr #23
0x004212da: bf1d ittte ne
0x004212dc: ea12 53d1 andsne.w r3, r2, r1, lsr #23
0x004212e0: 4594 cmpne ip, r2
IN:
0x004212e2: 4293 cmpne r3, r2
0x004212e4: e02b beq.n 0x42133e
and the next interrupt handler prologue seem uses conditional
instructions:
IN:
0x00409170: b580 push {r7, lr}
0x00409172: 485d ldrne r0, [pc, #372] (0x4092e8)
0x00409174: 6800 ldrne r0, [r0, #0]
0x00409176: 0700 lsleq r0, r0, #28
0x00409178: d530 bpl.n 0x4091dc
If we will look in v7m reference manual
in ExceptionTaken() stated:
EPSR.IT<7:0> = 0x0; // IT/ICI bits cleared
after I added 1 code line it looks it does not happen anymore.
v7m_push(env, xpsr);
+ xpsr_write(env, 0, CPSR_IT);
I did some interrupt logs with and without modification:
without:
before enter at pc=424534 sp=2000642c osp=200031c8 type=28 xpsr=41000028
before enter at pc=424534 sp=2000642c osp=200031c8 type=e xpsr=4100000e
before enter at pc=4212e0 sp=20003e18 osp=200031c8 type=2f xpsr=4500182f <<--- it bits where not cleared
on fault at pc=4091dc sp=200031d0 osp=20003df8 type=2f xpsr=4100002f
qemu: fatal: Trying to execute code outside RAM or ROM at 0x10000000
with:
before enter at pc=424534 sp=2000642c osp=200031c8 type=e xpsr=4100000e
before enter at pc=4212e0 sp=20003e18 osp=200031c8 type=2f xpsr=4500182f <<--- fault situation passed
before enter at pc=424534 sp=20003d80 osp=200031c8 type=e xpsr=4100000e
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/944645/+subscriptions
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Qemu-devel] [Bug 944645] Re: ARM: CORTEX M, ICI/IT bits in XPSR were not cleared then entering exception
2012-03-02 9:20 [Qemu-devel] [Bug 944645] [NEW] ARM: CORTEX M, ICI/IT bits in XPSR were not cleared then entering exception Oleksiy Bondarenko
` (2 preceding siblings ...)
2012-03-02 11:04 ` Peter Maydell
@ 2012-10-18 22:48 ` Peter Maydell
3 siblings, 0 replies; 5+ messages in thread
From: Peter Maydell @ 2012-10-18 22:48 UTC (permalink / raw)
To: qemu-devel
** Changed in: qemu
Status: New => Fix Released
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/944645
Title:
ARM: CORTEX M, ICI/IT bits in XPSR were not cleared then entering
exception
Status in QEMU:
Fix Released
Bug description:
I have this error.
qemu: fatal: Trying to execute code outside RAM or ROM at 0x10000000
R00=e000ed04 R01=3f5e392e R02=000000ff R03=0000007e
R04=20007038 R05=20003e30 R06=00000000 R07=00000003
R08=00000000 R09=00012874 R10=10101010 R11=11111111
R12=00000000 R13=200031d0 R14=fffffffd R15=10000000
PSR=40000153 -Z-- A svc32
I tried to figure out this situation. I have found that this happens
then interrupt happens during execution of __eabi_fmul instruction
somewhere in the middle of this block
IN:
0x004212d4: 22ff movs r2, #255
0x004212d6: ea12 5cd0 ands.w ip, r2, r0, lsr #23
0x004212da: bf1d ittte ne
0x004212dc: ea12 53d1 andsne.w r3, r2, r1, lsr #23
0x004212e0: 4594 cmpne ip, r2
0x004212e2: 4293 cmpne r3, r2
0x004212e4: e02b beq.n 0x42133e
purticulary then tcg where tring split this to 2 parts like this:
IN:
0x004212d4: 22ff movs r2, #255
0x004212d6: ea12 5cd0 ands.w ip, r2, r0, lsr #23
0x004212da: bf1d ittte ne
0x004212dc: ea12 53d1 andsne.w r3, r2, r1, lsr #23
0x004212e0: 4594 cmpne ip, r2
IN:
0x004212e2: 4293 cmpne r3, r2
0x004212e4: e02b beq.n 0x42133e
and the next interrupt handler prologue seem uses conditional
instructions:
IN:
0x00409170: b580 push {r7, lr}
0x00409172: 485d ldrne r0, [pc, #372] (0x4092e8)
0x00409174: 6800 ldrne r0, [r0, #0]
0x00409176: 0700 lsleq r0, r0, #28
0x00409178: d530 bpl.n 0x4091dc
If we will look in v7m reference manual
in ExceptionTaken() stated:
EPSR.IT<7:0> = 0x0; // IT/ICI bits cleared
after I added 1 code line it looks it does not happen anymore.
v7m_push(env, xpsr);
+ xpsr_write(env, 0, CPSR_IT);
I did some interrupt logs with and without modification:
without:
before enter at pc=424534 sp=2000642c osp=200031c8 type=28 xpsr=41000028
before enter at pc=424534 sp=2000642c osp=200031c8 type=e xpsr=4100000e
before enter at pc=4212e0 sp=20003e18 osp=200031c8 type=2f xpsr=4500182f <<--- it bits where not cleared
on fault at pc=4091dc sp=200031d0 osp=20003df8 type=2f xpsr=4100002f
qemu: fatal: Trying to execute code outside RAM or ROM at 0x10000000
with:
before enter at pc=424534 sp=2000642c osp=200031c8 type=e xpsr=4100000e
before enter at pc=4212e0 sp=20003e18 osp=200031c8 type=2f xpsr=4500182f <<--- fault situation passed
before enter at pc=424534 sp=20003d80 osp=200031c8 type=e xpsr=4100000e
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/944645/+subscriptions
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2012-10-18 22:55 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-03-02 9:20 [Qemu-devel] [Bug 944645] [NEW] ARM: CORTEX M, ICI/IT bits in XPSR were not cleared then entering exception Oleksiy Bondarenko
2012-03-02 9:39 ` [Qemu-devel] [Bug 944645] " Oleksiy Bondarenko
2012-03-02 9:44 ` Peter Maydell
2012-03-02 11:04 ` Peter Maydell
2012-10-18 22:48 ` Peter Maydell
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.