From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34165) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Yb4V6-0005Ws-Vv for qemu-devel@nongnu.org; Thu, 26 Mar 2015 05:54:58 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Yb4Uz-0002We-H6 for qemu-devel@nongnu.org; Thu, 26 Mar 2015 05:54:56 -0400 Received: from mail-wi0-x229.google.com ([2a00:1450:400c:c05::229]:35904) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Yb4Uz-0002Uc-2k for qemu-devel@nongnu.org; Thu, 26 Mar 2015 05:54:49 -0400 Received: by wibg7 with SMTP id g7so141733832wib.1 for ; Thu, 26 Mar 2015 02:54:48 -0700 (PDT) From: Duarte Silva Date: Thu, 26 Mar 2015 09:54:45 +0000 Message-ID: <49222627.j7fkoNAA5r@lczc1207b1zdcs> In-Reply-To: <5513D296.8060709@imgtec.com> References: <8111192.6dZICC2BlA@lczc1207b1zdcs> <5513D17A.20807@imgtec.com> <5513D296.8060709@imgtec.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Subject: Re: [Qemu-devel] Support for NetLogic XLP Processors List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: James Hogan , Leon Alrae Cc: qemu-devel@nongnu.org On Thursday 26 March 2015 09:34:14 James Hogan wrote: > On 26/03/15 09:29, Leon Alrae wrote: > > Hi Duarte, > >=20 > > On 25/03/2015 23:54, Duarte Silva wrote: > >> On Wednesday 25 March 2015 17:33:59 Leon Alrae wrote: > >>> On 25/03/2015 15:38, Duarte Silva wrote: > >>>> On Wednesday 25 March 2015 14:54:41 Leon Alrae wrote: > >>>>> On 25/03/2015 14:44, Leon Alrae wrote: > >>>>>> Hi Duarte, > >>>>>>=20 > >>>>>> On 25/03/2015 14:20, Duarte Silva wrote: > >>>>>>> On Wednesday 25 March 2015 13:13:14 James Hogan wrote: > >>>>>>>> Hi Duarte, > >>>>>>>>=20 > >>>>>>>> On 22/03/15 11:13, Duarte Silva wrote: > >>>>>>>>> Hi guys, > >>>>>>>>>=20 > >>>>>>>>> I have been struggling to get some binaries compiled for Ne= tLogic > >>>>>>>>> XLP > >>>>>>>>> processor to run under QEMU. I have tried a bunch of things= (most > >>>>>>>>> going > >>>>>>>>> back and forth) and always get the following error message:= > >>>>>>>>>=20 > >>>>>>>>> qemu: uncaught target signal 4 (Illegal instruction) - core= dumped > >>>>>>>>> Illegal instruction > >>>>>>>>>=20 > >>>>>>>>> I tried to debug it using GDB but to no avail. Does anybody= have > >>>>>>>>> ideas? > >>>>>>>>> I'm > >>>>>>>>> running QEMU 2.2.1. > >>>>>>>>=20 > >>>>>>>> It sounds like the program had an instruction that QEMU does= n't > >>>>>>>> recognise, or doesn't think should be allowed on the current= CPU > >>>>>>>> which > >>>>>>>> you've set with -cpu. You might be able to find out what tha= t > >>>>>>>>=20 > >>>>>>>> instruction is by putting this on your qemu command line: > >>>>>>>> -singlestep -d in_asm > >>>>>>>=20 > >>>>>>> Hi James, > >>>>>>>=20 > >>>>>>> thanks for the help :) I have tried with all the CPU's availa= ble. > >>>>>>> None > >>>>>>> of > >>>>>>> them worked, so I just leave it as undefined. It seems the of= fending > >>>>>>> instruction is "udi4". > >>>>>>>=20 > >>>>>>> (...) > >>>>>>> IN: > >>>>>>> 0x765d1fa4: udi4 a0,v0,zero,0x0 > >>>>>>=20 > >>>>>> According to this line you are trying to use MIPS32 CPU wherea= s I > >>>>>> presume you would like MIPS64R2? Please try 5KEf CPU for examp= le > >>>>>> which > >>>>>> is available in qemu-mips64 and qemu-mips64el QEMU binaries fo= r big > >>>>>> and > >>>>>> little endian respectively. > >>>>>=20 > >>>>> I just noticed the QEMU version you are using and it doesn't co= ntain > >>>>> 5KEf and 5KEc CPUs. Please try MIPS64R2-generic. > >>>>>=20 > >>>>> Leon > >>>>=20 > >>>> Hi Leon, > >>>>=20 > >>>> have a look at the "binary-info.txt" file in the first e-Mail. I= t does > >>>> use > >>>> the ELF magic for 32 bits ELF, not the 64 bits, that's why I get= the > >>>> following: > >>>>=20 > >>>> # chroot rootfs/ /usr/local/bin/qemu-mips64 -cpu MIPS64R2-generi= c > >>>> /bin/sh > >>>> /bin/sh: Invalid ELF image for this architecture > >>>>=20 > >>>> Is there a way to force the execution of the binary even if the = flag > >>>> doesn't match? > >>>>=20 > >>>> Also, if you have a look at the flags you get: noreorder, cpic, > >>>> 32bitmode, > >>>> unknown CPU, o32, mips64r2. So, is it 64 bits or 32 bits ELF fil= e? > >>>=20 > >>> I see, this mips64r2 binary has o32 ABI. It indeed would work in > >>> qemu-mips provided there are no mips64r2-specific instructions. I= think > >>> I jumped a bit too quickly to the conclusion. > >>>=20 > >>> QEMU's mips/disas doesn't help much in this case as it just indic= ates > >>> User Defined Instruction. Presumably this instruction is specific= to > >>> this processor and is missing in QEMU. Are you able to get disass= embly > >>> of your program and look up what is under 0x765d1fa4 address whic= h > >>> caused the illegal instruction? > >>=20 > >> Hi Leon, > >>=20 > >> using IDA with a remote debug session to QEMU I got the following= > >> disassembly (kept surrounding instructions to give some context). = To > >> IDA, this custom instruction is also unknown. > >>=20 > >> MEMORY:765D1F90 sw $v1, 4($v0) > >> MEMORY:765D1F94 addu $a0, $a1 > >> MEMORY:765D1F98 sw $a0, 0($v0) > >> MEMORY:765D1F9C > >> MEMORY:765D1F9C loc_765D1F9C: > >> MEMORY:765D1F9C addiu $a0, $s1, 0x51B0 > >> MEMORY:765D1FA0 move $v0, $zero > >> MEMORY:765D1FA0 # ----------------------- > >> MEMORY:765D1FA4 .byte 0x70 # p > >> MEMORY:765D1FA5 .byte 0x82 # =C3=A9 > >> MEMORY:765D1FA6 .byte 0 > >> MEMORY:765D1FA7 .byte 0x14 > >> MEMORY:765D1FA8 # ----------------------- > >> MEMORY:765D1FA8 slti $v0, 2 > >> MEMORY:765D1FAC beqz $v0, loc_765D204C > >> MEMORY:765D1FB0 nop > >> MEMORY:765D1FB4 lw $ra, 0x24($sp) > >> MEMORY:765D1FB8 > >> MEMORY:765D1FB8 loc_765D1FB8: > >> MEMORY:765D1FB8 move $v0, $s0 > >> MEMORY:765D1FBC lw $s1, 0x20($sp) > >> MEMORY:765D1FC0 lw $s0, 0x1C($sp) > >=20 > > According to binutils this is SWAPW which belongs to XLR: > > {"swapw", "t,b", 0x70000014, 0xfc00ffff, > > MOD_1|RD_2|LM|SM, 0, XLR, 0, 0 }= , > >=20 > > I'm afraid you won't be able to run binaries built for NetLogic XLP= > > until someone implements these instructions in QEMU. >=20 > Thanks Leon, you just beat me to it with that :-) >=20 > For reference, you can disassemble xlp specific code with objdump usi= ng > "-m mips:xlp": >=20 > $ cat test.S > .text > .word 0x70820014 > $ mips-linux-gnu-gcc -o test.o -c test.S > $ mips-linux-gnu-objdump -d test.o -m mips:xlp >=20 > test.o: file format elf32-tradbigmips >=20 >=20 > Disassembly of section .text: >=20 > 00000000 <.text>: > 0: 70820014 swapw v0,a0 > ... >=20 > Cheers > James Hi guys, you rock! Thanks for all the information. I will have a look a QEMU and= its=20 documentation to try and understand how to implement this missing instr= uctions=20 (I have found others). Once again, thanks for your time, cheers, Duarte