[Qemu-devel] Support for NetLogic XLP Processors

[Qemu-devel] Support for NetLogic XLP Processors

[Duarte Silva]

[-- Attachment #1: Type: text/plain, Size: 440 bytes --]

Hi guys,

I have been struggling to get some binaries compiled for NetLogic XLP 
processor to run under QEMU. I have tried a bunch of things (most going back 
and forth) and always get the following error message:

qemu: uncaught target signal 4 (Illegal instruction) - core dumped
Illegal instruction

I tried to debug it using GDB but to no avail. Does anybody have ideas? I'm 
running QEMU 2.2.1.

Thanks for any help, cheers,
Duarte




[-- Attachment #2: cpuinfo.txt --]
[-- Type: text/plain, Size: 1204 bytes --]

system type		: Netlogic XLP SoC
processor		: 0
physical id		: 0
cpu model		: XLP208 Rev B0 (Secure Boot)    FPU  @500 MHz
BogoMIPS		: 402.73
wait instruction	: yes
microsecond timers	: yes
tlb_entries		: 544
extra interrupt vector	: yes
hardware watchpoint	: yes, count: 1, address/irw mask: [0x0fff]
ASEs implemented	:
shadow register sets	: 1
core			: 0
VCED exceptions		: not available
VCEI exceptions		: not available

processor		: 1
physical id		: 1
cpu model		: XLP208 Rev B0 (Secure Boot)    FPU  @500 MHz
BogoMIPS		: 402.61
wait instruction	: yes
microsecond timers	: yes
tlb_entries		: 544
extra interrupt vector	: yes
hardware watchpoint	: yes, count: 1, address/irw mask: [0x0fff]
ASEs implemented	:
shadow register sets	: 1
core			: 0
VCED exceptions		: not available
VCEI exceptions		: not available

processor		: 2
physical id		: 2
cpu model		: XLP208 Rev B0 (Secure Boot)    FPU  @500 MHz
BogoMIPS		: 405.42
wait instruction	: yes
microsecond timers	: yes
tlb_entries		: 544
extra interrupt vector	: yes
hardware watchpoint	: yes, count: 1, address/irw mask: [0x0fff]
ASEs implemented	:
shadow register sets	: 1
core			: 0
VCED exceptions		: not available
VCEI exceptions		: not available

[-- Attachment #3: binary-info.txt --]
[-- Type: text/plain, Size: 1001 bytes --]

ELF Header:
  Magic:   7f 45 4c 46 01 02 01 00 00 00 00 00 00 00 00 00 
  Class:                             ELF32
  Data:                              2's complement, big endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              EXEC (Executable file)
  Machine:                           MIPS R3000
  Version:                           0x1
  Entry point address:               0x404860
  Start of program headers:          52 (bytes into file)
  Start of section headers:          425808 (bytes into file)
  Flags:                             0x808e1105, noreorder, cpic, 32bitmode, unknown CPU, o32, mips64r2
  Size of this header:               52 (bytes)
  Size of program headers:           32 (bytes)
  Number of program headers:         9
  Size of section headers:           40 (bytes)
  Number of section headers:         33
  Section header string table index: 32

Re: [Qemu-devel] Support for NetLogic XLP Processors

[Duarte Silva]

Hi guys,

could anybody help out? Is there a guide on how to implement new CPU's in QEMU 
(or that at least helps in that task) or on how to debug this kind of stuff?

Cheers,
Duarte

On Sunday 22 March 2015 11:13:37 Duarte Silva wrote:
> Hi guys,
> 
> I have been struggling to get some binaries compiled for NetLogic XLP
> processor to run under QEMU. I have tried a bunch of things (most going back
> and forth) and always get the following error message:
> 
> qemu: uncaught target signal 4 (Illegal instruction) - core dumped
> Illegal instruction
> 
> I tried to debug it using GDB but to no avail. Does anybody have ideas? I'm
> running QEMU 2.2.1.
> 
> Thanks for any help, cheers,
> Duarte

Re: [Qemu-devel] Support for NetLogic XLP Processors

[James Hogan]

[-- Attachment #1: Type: text/plain, Size: 985 bytes --]

Hi Duarte,

On 22/03/15 11:13, Duarte Silva wrote:
> Hi guys,
> 
> I have been struggling to get some binaries compiled for NetLogic XLP 
> processor to run under QEMU. I have tried a bunch of things (most going back 
> and forth) and always get the following error message:
> 
> qemu: uncaught target signal 4 (Illegal instruction) - core dumped
> Illegal instruction
> 
> I tried to debug it using GDB but to no avail. Does anybody have ideas? I'm 
> running QEMU 2.2.1.

It sounds like the program had an instruction that QEMU doesn't
recognise, or doesn't think should be allowed on the current CPU which
you've set with -cpu. You might be able to find out what that
instruction is by putting this on your qemu command line:

 -singlestep -d in_asm

that will cause it to only translate one instruction at a time, and to
dump each one as it is translated. The last one printed will very likely
to be the one that is causing the problem.

Cheers
James


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: [Qemu-devel] Support for NetLogic XLP Processors

[Duarte Silva]

On Wednesday 25 March 2015 13:13:14 James Hogan wrote:
> Hi Duarte,
> 
> On 22/03/15 11:13, Duarte Silva wrote:
> > Hi guys,
> > 
> > I have been struggling to get some binaries compiled for NetLogic XLP
> > processor to run under QEMU. I have tried a bunch of things (most going
> > back and forth) and always get the following error message:
> > 
> > qemu: uncaught target signal 4 (Illegal instruction) - core dumped
> > Illegal instruction
> > 
> > I tried to debug it using GDB but to no avail. Does anybody have ideas?
> > I'm
> > running QEMU 2.2.1.
> 
> It sounds like the program had an instruction that QEMU doesn't
> recognise, or doesn't think should be allowed on the current CPU which
> you've set with -cpu. You might be able to find out what that
> instruction is by putting this on your qemu command line:
> 
>  -singlestep -d in_asm
Hi James,

thanks for the help :) I have tried with all the CPU's available. None of them 
worked, so I just leave it as undefined. It seems the offending instruction is 
"udi4".

(...)
IN: 
0x765d1fa4:  udi4       a0,v0,zero,0x0

OUT: [size=84]
0x606026b0:  mov    -0x4(%r14),%ebp
0x606026b4:  test   %ebp,%ebp
0x606026b6:  jne    0x606026f5
0x606026bc:  mov    $0x765d1fa4,%ebp
0x606026c1:  mov    %ebp,0x80(%r14)
0x606026c8:  mov    %r14,%rdi
0x606026cb:  mov    $0x14,%esi
0x606026d0:  callq  0x600acaa0
0x606026d5:  jmpq   0x606026da
0x606026da:  mov    $0x765d1fa8,%ebp
0x606026df:  mov    %ebp,0x80(%r14)
0x606026e6:  mov    $0x7fe1de9d3bc0,%rax
0x606026f0:  jmpq   0x62561d26
0x606026f5:  mov    $0x7fe1de9d3bc3,%rax
0x606026ff:  jmpq   0x62561d26

do_raise_exception_err: 20 0
qemu: uncaught target signal 4 (Illegal instruction) - core dumped
Illegal instruction

I have found on QEMU code the following definitions for udi4 (on file 
disas/mips.c):

{"udi4", "s,t,d,+1", 0x70000014, 0xfc00003f, WR_d|RD_s|RD_t, 0, I33 },
{"udi4", "s,t,+2",    0x70000014, 0xfc00003f, WR_d|RD_s|RD_t, 0, I33 },
{"udi4", "s,+3",      0x70000014, 0xfc00003f, WR_d|RD_s|RD_t, 0, I33 },
{"udi4", "+4",         0x70000014, 0xfc00003f, WR_d|RD_s|RD_t, 0, I33 },

Does any of these match the above instruction? It seems so no?

Cheers,
Duarte

> 
> that will cause it to only translate one instruction at a time, and to
> dump each one as it is translated. The last one printed will very likely
> to be the one that is causing the problem.
> 
> Cheers
> James

Re: [Qemu-devel] Support for NetLogic XLP Processors

[Leon Alrae]

Hi Duarte,

On 25/03/2015 14:20, Duarte Silva wrote:
> On Wednesday 25 March 2015 13:13:14 James Hogan wrote:
>> Hi Duarte,
>>
>> On 22/03/15 11:13, Duarte Silva wrote:
>>> Hi guys,
>>>
>>> I have been struggling to get some binaries compiled for NetLogic XLP
>>> processor to run under QEMU. I have tried a bunch of things (most going
>>> back and forth) and always get the following error message:
>>>
>>> qemu: uncaught target signal 4 (Illegal instruction) - core dumped
>>> Illegal instruction
>>>
>>> I tried to debug it using GDB but to no avail. Does anybody have ideas?
>>> I'm
>>> running QEMU 2.2.1.
>>
>> It sounds like the program had an instruction that QEMU doesn't
>> recognise, or doesn't think should be allowed on the current CPU which
>> you've set with -cpu. You might be able to find out what that
>> instruction is by putting this on your qemu command line:
>>
>>  -singlestep -d in_asm
> Hi James,
> 
> thanks for the help :) I have tried with all the CPU's available. None of them 
> worked, so I just leave it as undefined. It seems the offending instruction is 
> "udi4".
> 
> (...)
> IN: 
> 0x765d1fa4:  udi4       a0,v0,zero,0x0

According to this line you are trying to use MIPS32 CPU whereas I
presume you would like MIPS64R2? Please try 5KEf CPU for example which
is available in qemu-mips64 and qemu-mips64el QEMU binaries for big and
little endian respectively.

Leon

Re: [Qemu-devel] Support for NetLogic XLP Processors

[Leon Alrae]

On 25/03/2015 14:44, Leon Alrae wrote:
> Hi Duarte,
> 
> On 25/03/2015 14:20, Duarte Silva wrote:
>> On Wednesday 25 March 2015 13:13:14 James Hogan wrote:
>>> Hi Duarte,
>>>
>>> On 22/03/15 11:13, Duarte Silva wrote:
>>>> Hi guys,
>>>>
>>>> I have been struggling to get some binaries compiled for NetLogic XLP
>>>> processor to run under QEMU. I have tried a bunch of things (most going
>>>> back and forth) and always get the following error message:
>>>>
>>>> qemu: uncaught target signal 4 (Illegal instruction) - core dumped
>>>> Illegal instruction
>>>>
>>>> I tried to debug it using GDB but to no avail. Does anybody have ideas?
>>>> I'm
>>>> running QEMU 2.2.1.
>>>
>>> It sounds like the program had an instruction that QEMU doesn't
>>> recognise, or doesn't think should be allowed on the current CPU which
>>> you've set with -cpu. You might be able to find out what that
>>> instruction is by putting this on your qemu command line:
>>>
>>>  -singlestep -d in_asm
>> Hi James,
>>
>> thanks for the help :) I have tried with all the CPU's available. None of them 
>> worked, so I just leave it as undefined. It seems the offending instruction is 
>> "udi4".
>>
>> (...)
>> IN: 
>> 0x765d1fa4:  udi4       a0,v0,zero,0x0
> 
> According to this line you are trying to use MIPS32 CPU whereas I
> presume you would like MIPS64R2? Please try 5KEf CPU for example which
> is available in qemu-mips64 and qemu-mips64el QEMU binaries for big and
> little endian respectively.

I just noticed the QEMU version you are using and it doesn't contain
5KEf and 5KEc CPUs. Please try MIPS64R2-generic.

Leon

Re: [Qemu-devel] Support for NetLogic XLP Processors

[Duarte Silva]

On Wednesday 25 March 2015 14:54:41 Leon Alrae wrote:
> On 25/03/2015 14:44, Leon Alrae wrote:
> > Hi Duarte,
> > 
> > On 25/03/2015 14:20, Duarte Silva wrote:
> >> On Wednesday 25 March 2015 13:13:14 James Hogan wrote:
> >>> Hi Duarte,
> >>> 
> >>> On 22/03/15 11:13, Duarte Silva wrote:
> >>>> Hi guys,
> >>>> 
> >>>> I have been struggling to get some binaries compiled for NetLogic XLP
> >>>> processor to run under QEMU. I have tried a bunch of things (most going
> >>>> back and forth) and always get the following error message:
> >>>> 
> >>>> qemu: uncaught target signal 4 (Illegal instruction) - core dumped
> >>>> Illegal instruction
> >>>> 
> >>>> I tried to debug it using GDB but to no avail. Does anybody have ideas?
> >>>> I'm
> >>>> running QEMU 2.2.1.
> >>> 
> >>> It sounds like the program had an instruction that QEMU doesn't
> >>> recognise, or doesn't think should be allowed on the current CPU which
> >>> you've set with -cpu. You might be able to find out what that
> >>> 
> >>> instruction is by putting this on your qemu command line:
> >>>  -singlestep -d in_asm
> >> 
> >> Hi James,
> >> 
> >> thanks for the help :) I have tried with all the CPU's available. None of
> >> them worked, so I just leave it as undefined. It seems the offending
> >> instruction is "udi4".
> >> 
> >> (...)
> >> IN:
> >> 0x765d1fa4:  udi4       a0,v0,zero,0x0
> > 
> > According to this line you are trying to use MIPS32 CPU whereas I
> > presume you would like MIPS64R2? Please try 5KEf CPU for example which
> > is available in qemu-mips64 and qemu-mips64el QEMU binaries for big and
> > little endian respectively.
> 
> I just noticed the QEMU version you are using and it doesn't contain
> 5KEf and 5KEc CPUs. Please try MIPS64R2-generic.
> 
> Leon

Hi Leon,

have a look at the "binary-info.txt" file in the first e-Mail. It does use the 
ELF magic for 32 bits ELF, not the 64 bits, that's why I get the following:

# chroot rootfs/ /usr/local/bin/qemu-mips64 -cpu MIPS64R2-generic /bin/sh
/bin/sh: Invalid ELF image for this architecture

Is there a way to force the execution of the binary even if the flag doesn't 
match?

Also, if you have a look at the flags you get: noreorder, cpic, 32bitmode, 
unknown CPU, o32, mips64r2. So, is it 64 bits or 32 bits ELF file?

Cheers,
Duarte

Re: [Qemu-devel] Support for NetLogic XLP Processors

[Leon Alrae]

On 25/03/2015 15:38, Duarte Silva wrote:
> On Wednesday 25 March 2015 14:54:41 Leon Alrae wrote:
>> On 25/03/2015 14:44, Leon Alrae wrote:
>>> Hi Duarte,
>>>
>>> On 25/03/2015 14:20, Duarte Silva wrote:
>>>> On Wednesday 25 March 2015 13:13:14 James Hogan wrote:
>>>>> Hi Duarte,
>>>>>
>>>>> On 22/03/15 11:13, Duarte Silva wrote:
>>>>>> Hi guys,
>>>>>>
>>>>>> I have been struggling to get some binaries compiled for NetLogic XLP
>>>>>> processor to run under QEMU. I have tried a bunch of things (most going
>>>>>> back and forth) and always get the following error message:
>>>>>>
>>>>>> qemu: uncaught target signal 4 (Illegal instruction) - core dumped
>>>>>> Illegal instruction
>>>>>>
>>>>>> I tried to debug it using GDB but to no avail. Does anybody have ideas?
>>>>>> I'm
>>>>>> running QEMU 2.2.1.
>>>>>
>>>>> It sounds like the program had an instruction that QEMU doesn't
>>>>> recognise, or doesn't think should be allowed on the current CPU which
>>>>> you've set with -cpu. You might be able to find out what that
>>>>>
>>>>> instruction is by putting this on your qemu command line:
>>>>>  -singlestep -d in_asm
>>>>
>>>> Hi James,
>>>>
>>>> thanks for the help :) I have tried with all the CPU's available. None of
>>>> them worked, so I just leave it as undefined. It seems the offending
>>>> instruction is "udi4".
>>>>
>>>> (...)
>>>> IN:
>>>> 0x765d1fa4:  udi4       a0,v0,zero,0x0
>>>
>>> According to this line you are trying to use MIPS32 CPU whereas I
>>> presume you would like MIPS64R2? Please try 5KEf CPU for example which
>>> is available in qemu-mips64 and qemu-mips64el QEMU binaries for big and
>>> little endian respectively.
>>
>> I just noticed the QEMU version you are using and it doesn't contain
>> 5KEf and 5KEc CPUs. Please try MIPS64R2-generic.
>>
>> Leon
> 
> Hi Leon,
> 
> have a look at the "binary-info.txt" file in the first e-Mail. It does use the 
> ELF magic for 32 bits ELF, not the 64 bits, that's why I get the following:
> 
> # chroot rootfs/ /usr/local/bin/qemu-mips64 -cpu MIPS64R2-generic /bin/sh
> /bin/sh: Invalid ELF image for this architecture
> 
> Is there a way to force the execution of the binary even if the flag doesn't 
> match?
> 
> Also, if you have a look at the flags you get: noreorder, cpic, 32bitmode, 
> unknown CPU, o32, mips64r2. So, is it 64 bits or 32 bits ELF file?

I see, this mips64r2 binary has o32 ABI. It indeed would work in
qemu-mips provided there are no mips64r2-specific instructions. I think
I jumped a bit too quickly to the conclusion.

QEMU's mips/disas doesn't help much in this case as it just indicates
User Defined Instruction. Presumably this instruction is specific to
this processor and is missing in QEMU. Are you able to get disassembly
of your program and look up what is under 0x765d1fa4 address which
caused the illegal instruction?

Leon

Re: [Qemu-devel] Support for NetLogic XLP Processors

[Duarte Silva]

On Wednesday 25 March 2015 17:33:59 Leon Alrae wrote:
> On 25/03/2015 15:38, Duarte Silva wrote:
> > On Wednesday 25 March 2015 14:54:41 Leon Alrae wrote:
> >> On 25/03/2015 14:44, Leon Alrae wrote:
> >>> Hi Duarte,
> >>> 
> >>> On 25/03/2015 14:20, Duarte Silva wrote:
> >>>> On Wednesday 25 March 2015 13:13:14 James Hogan wrote:
> >>>>> Hi Duarte,
> >>>>> 
> >>>>> On 22/03/15 11:13, Duarte Silva wrote:
> >>>>>> Hi guys,
> >>>>>> 
> >>>>>> I have been struggling to get some binaries compiled for NetLogic XLP
> >>>>>> processor to run under QEMU. I have tried a bunch of things (most
> >>>>>> going
> >>>>>> back and forth) and always get the following error message:
> >>>>>> 
> >>>>>> qemu: uncaught target signal 4 (Illegal instruction) - core dumped
> >>>>>> Illegal instruction
> >>>>>> 
> >>>>>> I tried to debug it using GDB but to no avail. Does anybody have
> >>>>>> ideas?
> >>>>>> I'm
> >>>>>> running QEMU 2.2.1.
> >>>>> 
> >>>>> It sounds like the program had an instruction that QEMU doesn't
> >>>>> recognise, or doesn't think should be allowed on the current CPU which
> >>>>> you've set with -cpu. You might be able to find out what that
> >>>>> 
> >>>>> instruction is by putting this on your qemu command line:
> >>>>>  -singlestep -d in_asm
> >>>> 
> >>>> Hi James,
> >>>> 
> >>>> thanks for the help :) I have tried with all the CPU's available. None
> >>>> of
> >>>> them worked, so I just leave it as undefined. It seems the offending
> >>>> instruction is "udi4".
> >>>> 
> >>>> (...)
> >>>> IN:
> >>>> 0x765d1fa4:  udi4       a0,v0,zero,0x0
> >>> 
> >>> According to this line you are trying to use MIPS32 CPU whereas I
> >>> presume you would like MIPS64R2? Please try 5KEf CPU for example which
> >>> is available in qemu-mips64 and qemu-mips64el QEMU binaries for big and
> >>> little endian respectively.
> >> 
> >> I just noticed the QEMU version you are using and it doesn't contain
> >> 5KEf and 5KEc CPUs. Please try MIPS64R2-generic.
> >> 
> >> Leon
> > 
> > Hi Leon,
> > 
> > have a look at the "binary-info.txt" file in the first e-Mail. It does use
> > the ELF magic for 32 bits ELF, not the 64 bits, that's why I get the
> > following:
> > 
> > # chroot rootfs/ /usr/local/bin/qemu-mips64 -cpu MIPS64R2-generic /bin/sh
> > /bin/sh: Invalid ELF image for this architecture
> > 
> > Is there a way to force the execution of the binary even if the flag
> > doesn't match?
> > 
> > Also, if you have a look at the flags you get: noreorder, cpic, 32bitmode,
> > unknown CPU, o32, mips64r2. So, is it 64 bits or 32 bits ELF file?
> 
> I see, this mips64r2 binary has o32 ABI. It indeed would work in
> qemu-mips provided there are no mips64r2-specific instructions. I think
> I jumped a bit too quickly to the conclusion.
> 
> QEMU's mips/disas doesn't help much in this case as it just indicates
> User Defined Instruction. Presumably this instruction is specific to
> this processor and is missing in QEMU. Are you able to get disassembly
> of your program and look up what is under 0x765d1fa4 address which
> caused the illegal instruction?

Hi Leon,

using IDA with a remote debug session to QEMU  I got the following disassembly 
(kept surrounding instructions to give some context). To IDA, this custom 
instruction is also unknown.

MEMORY:765D1F90 sw      $v1, 4($v0)
MEMORY:765D1F94 addu    $a0, $a1
MEMORY:765D1F98 sw      $a0, 0($v0)
MEMORY:765D1F9C
MEMORY:765D1F9C loc_765D1F9C:
MEMORY:765D1F9C addiu   $a0, $s1, 0x51B0
MEMORY:765D1FA0 move    $v0, $zero
MEMORY:765D1FA0  # -----------------------
MEMORY:765D1FA4 .byte 0x70  # p
MEMORY:765D1FA5 .byte 0x82  # é
MEMORY:765D1FA6 .byte    0
MEMORY:765D1FA7 .byte 0x14
MEMORY:765D1FA8  # -----------------------
MEMORY:765D1FA8 slti    $v0, 2
MEMORY:765D1FAC beqz    $v0, loc_765D204C
MEMORY:765D1FB0 nop
MEMORY:765D1FB4 lw      $ra, 0x24($sp)
MEMORY:765D1FB8
MEMORY:765D1FB8 loc_765D1FB8:
MEMORY:765D1FB8 move    $v0, $s0
MEMORY:765D1FBC lw      $s1, 0x20($sp)
MEMORY:765D1FC0 lw      $s0, 0x1C($sp)

Thanks for everything,
Duarte  

> 
> Leon

Re: [Qemu-devel] Support for NetLogic XLP Processors

[Leon Alrae]

Hi Duarte,

On 25/03/2015 23:54, Duarte Silva wrote:
> On Wednesday 25 March 2015 17:33:59 Leon Alrae wrote:
>> On 25/03/2015 15:38, Duarte Silva wrote:
>>> On Wednesday 25 March 2015 14:54:41 Leon Alrae wrote:
>>>> On 25/03/2015 14:44, Leon Alrae wrote:
>>>>> Hi Duarte,
>>>>>
>>>>> On 25/03/2015 14:20, Duarte Silva wrote:
>>>>>> On Wednesday 25 March 2015 13:13:14 James Hogan wrote:
>>>>>>> Hi Duarte,
>>>>>>>
>>>>>>> On 22/03/15 11:13, Duarte Silva wrote:
>>>>>>>> Hi guys,
>>>>>>>>
>>>>>>>> I have been struggling to get some binaries compiled for NetLogic XLP
>>>>>>>> processor to run under QEMU. I have tried a bunch of things (most
>>>>>>>> going
>>>>>>>> back and forth) and always get the following error message:
>>>>>>>>
>>>>>>>> qemu: uncaught target signal 4 (Illegal instruction) - core dumped
>>>>>>>> Illegal instruction
>>>>>>>>
>>>>>>>> I tried to debug it using GDB but to no avail. Does anybody have
>>>>>>>> ideas?
>>>>>>>> I'm
>>>>>>>> running QEMU 2.2.1.
>>>>>>>
>>>>>>> It sounds like the program had an instruction that QEMU doesn't
>>>>>>> recognise, or doesn't think should be allowed on the current CPU which
>>>>>>> you've set with -cpu. You might be able to find out what that
>>>>>>>
>>>>>>> instruction is by putting this on your qemu command line:
>>>>>>>  -singlestep -d in_asm
>>>>>>
>>>>>> Hi James,
>>>>>>
>>>>>> thanks for the help :) I have tried with all the CPU's available. None
>>>>>> of
>>>>>> them worked, so I just leave it as undefined. It seems the offending
>>>>>> instruction is "udi4".
>>>>>>
>>>>>> (...)
>>>>>> IN:
>>>>>> 0x765d1fa4:  udi4       a0,v0,zero,0x0
>>>>>
>>>>> According to this line you are trying to use MIPS32 CPU whereas I
>>>>> presume you would like MIPS64R2? Please try 5KEf CPU for example which
>>>>> is available in qemu-mips64 and qemu-mips64el QEMU binaries for big and
>>>>> little endian respectively.
>>>>
>>>> I just noticed the QEMU version you are using and it doesn't contain
>>>> 5KEf and 5KEc CPUs. Please try MIPS64R2-generic.
>>>>
>>>> Leon
>>>
>>> Hi Leon,
>>>
>>> have a look at the "binary-info.txt" file in the first e-Mail. It does use
>>> the ELF magic for 32 bits ELF, not the 64 bits, that's why I get the
>>> following:
>>>
>>> # chroot rootfs/ /usr/local/bin/qemu-mips64 -cpu MIPS64R2-generic /bin/sh
>>> /bin/sh: Invalid ELF image for this architecture
>>>
>>> Is there a way to force the execution of the binary even if the flag
>>> doesn't match?
>>>
>>> Also, if you have a look at the flags you get: noreorder, cpic, 32bitmode,
>>> unknown CPU, o32, mips64r2. So, is it 64 bits or 32 bits ELF file?
>>
>> I see, this mips64r2 binary has o32 ABI. It indeed would work in
>> qemu-mips provided there are no mips64r2-specific instructions. I think
>> I jumped a bit too quickly to the conclusion.
>>
>> QEMU's mips/disas doesn't help much in this case as it just indicates
>> User Defined Instruction. Presumably this instruction is specific to
>> this processor and is missing in QEMU. Are you able to get disassembly
>> of your program and look up what is under 0x765d1fa4 address which
>> caused the illegal instruction?
> 
> Hi Leon,
> 
> using IDA with a remote debug session to QEMU  I got the following disassembly 
> (kept surrounding instructions to give some context). To IDA, this custom 
> instruction is also unknown.
> 
> MEMORY:765D1F90 sw      $v1, 4($v0)
> MEMORY:765D1F94 addu    $a0, $a1
> MEMORY:765D1F98 sw      $a0, 0($v0)
> MEMORY:765D1F9C
> MEMORY:765D1F9C loc_765D1F9C:
> MEMORY:765D1F9C addiu   $a0, $s1, 0x51B0
> MEMORY:765D1FA0 move    $v0, $zero
> MEMORY:765D1FA0  # -----------------------
> MEMORY:765D1FA4 .byte 0x70  # p
> MEMORY:765D1FA5 .byte 0x82  # é
> MEMORY:765D1FA6 .byte    0
> MEMORY:765D1FA7 .byte 0x14
> MEMORY:765D1FA8  # -----------------------
> MEMORY:765D1FA8 slti    $v0, 2
> MEMORY:765D1FAC beqz    $v0, loc_765D204C
> MEMORY:765D1FB0 nop
> MEMORY:765D1FB4 lw      $ra, 0x24($sp)
> MEMORY:765D1FB8
> MEMORY:765D1FB8 loc_765D1FB8:
> MEMORY:765D1FB8 move    $v0, $s0
> MEMORY:765D1FBC lw      $s1, 0x20($sp)
> MEMORY:765D1FC0 lw      $s0, 0x1C($sp)

According to binutils this is SWAPW which belongs to XLR:
{"swapw",          "t,b",          0x70000014, 0xfc00ffff,
MOD_1|RD_2|LM|SM,       0,              XLR,            0,      0 },

I'm afraid you won't be able to run binaries built for NetLogic XLP
until someone implements these instructions in QEMU.

Regards,
Leon

Re: [Qemu-devel] Support for NetLogic XLP Processors

[James Hogan]

[-- Attachment #1: Type: text/plain, Size: 5137 bytes --]

On 26/03/15 09:29, Leon Alrae wrote:
> Hi Duarte,
> 
> On 25/03/2015 23:54, Duarte Silva wrote:
>> On Wednesday 25 March 2015 17:33:59 Leon Alrae wrote:
>>> On 25/03/2015 15:38, Duarte Silva wrote:
>>>> On Wednesday 25 March 2015 14:54:41 Leon Alrae wrote:
>>>>> On 25/03/2015 14:44, Leon Alrae wrote:
>>>>>> Hi Duarte,
>>>>>>
>>>>>> On 25/03/2015 14:20, Duarte Silva wrote:
>>>>>>> On Wednesday 25 March 2015 13:13:14 James Hogan wrote:
>>>>>>>> Hi Duarte,
>>>>>>>>
>>>>>>>> On 22/03/15 11:13, Duarte Silva wrote:
>>>>>>>>> Hi guys,
>>>>>>>>>
>>>>>>>>> I have been struggling to get some binaries compiled for NetLogic XLP
>>>>>>>>> processor to run under QEMU. I have tried a bunch of things (most
>>>>>>>>> going
>>>>>>>>> back and forth) and always get the following error message:
>>>>>>>>>
>>>>>>>>> qemu: uncaught target signal 4 (Illegal instruction) - core dumped
>>>>>>>>> Illegal instruction
>>>>>>>>>
>>>>>>>>> I tried to debug it using GDB but to no avail. Does anybody have
>>>>>>>>> ideas?
>>>>>>>>> I'm
>>>>>>>>> running QEMU 2.2.1.
>>>>>>>>
>>>>>>>> It sounds like the program had an instruction that QEMU doesn't
>>>>>>>> recognise, or doesn't think should be allowed on the current CPU which
>>>>>>>> you've set with -cpu. You might be able to find out what that
>>>>>>>>
>>>>>>>> instruction is by putting this on your qemu command line:
>>>>>>>>  -singlestep -d in_asm
>>>>>>>
>>>>>>> Hi James,
>>>>>>>
>>>>>>> thanks for the help :) I have tried with all the CPU's available. None
>>>>>>> of
>>>>>>> them worked, so I just leave it as undefined. It seems the offending
>>>>>>> instruction is "udi4".
>>>>>>>
>>>>>>> (...)
>>>>>>> IN:
>>>>>>> 0x765d1fa4:  udi4       a0,v0,zero,0x0
>>>>>>
>>>>>> According to this line you are trying to use MIPS32 CPU whereas I
>>>>>> presume you would like MIPS64R2? Please try 5KEf CPU for example which
>>>>>> is available in qemu-mips64 and qemu-mips64el QEMU binaries for big and
>>>>>> little endian respectively.
>>>>>
>>>>> I just noticed the QEMU version you are using and it doesn't contain
>>>>> 5KEf and 5KEc CPUs. Please try MIPS64R2-generic.
>>>>>
>>>>> Leon
>>>>
>>>> Hi Leon,
>>>>
>>>> have a look at the "binary-info.txt" file in the first e-Mail. It does use
>>>> the ELF magic for 32 bits ELF, not the 64 bits, that's why I get the
>>>> following:
>>>>
>>>> # chroot rootfs/ /usr/local/bin/qemu-mips64 -cpu MIPS64R2-generic /bin/sh
>>>> /bin/sh: Invalid ELF image for this architecture
>>>>
>>>> Is there a way to force the execution of the binary even if the flag
>>>> doesn't match?
>>>>
>>>> Also, if you have a look at the flags you get: noreorder, cpic, 32bitmode,
>>>> unknown CPU, o32, mips64r2. So, is it 64 bits or 32 bits ELF file?
>>>
>>> I see, this mips64r2 binary has o32 ABI. It indeed would work in
>>> qemu-mips provided there are no mips64r2-specific instructions. I think
>>> I jumped a bit too quickly to the conclusion.
>>>
>>> QEMU's mips/disas doesn't help much in this case as it just indicates
>>> User Defined Instruction. Presumably this instruction is specific to
>>> this processor and is missing in QEMU. Are you able to get disassembly
>>> of your program and look up what is under 0x765d1fa4 address which
>>> caused the illegal instruction?
>>
>> Hi Leon,
>>
>> using IDA with a remote debug session to QEMU  I got the following disassembly 
>> (kept surrounding instructions to give some context). To IDA, this custom 
>> instruction is also unknown.
>>
>> MEMORY:765D1F90 sw      $v1, 4($v0)
>> MEMORY:765D1F94 addu    $a0, $a1
>> MEMORY:765D1F98 sw      $a0, 0($v0)
>> MEMORY:765D1F9C
>> MEMORY:765D1F9C loc_765D1F9C:
>> MEMORY:765D1F9C addiu   $a0, $s1, 0x51B0
>> MEMORY:765D1FA0 move    $v0, $zero
>> MEMORY:765D1FA0  # -----------------------
>> MEMORY:765D1FA4 .byte 0x70  # p
>> MEMORY:765D1FA5 .byte 0x82  # é
>> MEMORY:765D1FA6 .byte    0
>> MEMORY:765D1FA7 .byte 0x14
>> MEMORY:765D1FA8  # -----------------------
>> MEMORY:765D1FA8 slti    $v0, 2
>> MEMORY:765D1FAC beqz    $v0, loc_765D204C
>> MEMORY:765D1FB0 nop
>> MEMORY:765D1FB4 lw      $ra, 0x24($sp)
>> MEMORY:765D1FB8
>> MEMORY:765D1FB8 loc_765D1FB8:
>> MEMORY:765D1FB8 move    $v0, $s0
>> MEMORY:765D1FBC lw      $s1, 0x20($sp)
>> MEMORY:765D1FC0 lw      $s0, 0x1C($sp)
> 
> According to binutils this is SWAPW which belongs to XLR:
> {"swapw",          "t,b",          0x70000014, 0xfc00ffff,
> MOD_1|RD_2|LM|SM,       0,              XLR,            0,      0 },
> 
> I'm afraid you won't be able to run binaries built for NetLogic XLP
> until someone implements these instructions in QEMU.

Thanks Leon, you just beat me to it with that :-)

For reference, you can disassemble xlp specific code with objdump using
"-m mips:xlp":

$ cat test.S
.text
.word 0x70820014
$ mips-linux-gnu-gcc -o test.o -c test.S
$ mips-linux-gnu-objdump -d test.o -m mips:xlp

test.o:     file format elf32-tradbigmips


Disassembly of section .text:

00000000 <.text>:
   0:   70820014        swapw   v0,a0
        ...

Cheers
James


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: [Qemu-devel] Support for NetLogic XLP Processors

[Duarte Silva]

On Thursday 26 March 2015 09:34:14 James Hogan wrote:
> On 26/03/15 09:29, Leon Alrae wrote:
> > Hi Duarte,
> > 
> > On 25/03/2015 23:54, Duarte Silva wrote:
> >> On Wednesday 25 March 2015 17:33:59 Leon Alrae wrote:
> >>> On 25/03/2015 15:38, Duarte Silva wrote:
> >>>> On Wednesday 25 March 2015 14:54:41 Leon Alrae wrote:
> >>>>> On 25/03/2015 14:44, Leon Alrae wrote:
> >>>>>> Hi Duarte,
> >>>>>> 
> >>>>>> On 25/03/2015 14:20, Duarte Silva wrote:
> >>>>>>> On Wednesday 25 March 2015 13:13:14 James Hogan wrote:
> >>>>>>>> Hi Duarte,
> >>>>>>>> 
> >>>>>>>> On 22/03/15 11:13, Duarte Silva wrote:
> >>>>>>>>> Hi guys,
> >>>>>>>>> 
> >>>>>>>>> I have been struggling to get some binaries compiled for NetLogic
> >>>>>>>>> XLP
> >>>>>>>>> processor to run under QEMU. I have tried a bunch of things (most
> >>>>>>>>> going
> >>>>>>>>> back and forth) and always get the following error message:
> >>>>>>>>> 
> >>>>>>>>> qemu: uncaught target signal 4 (Illegal instruction) - core dumped
> >>>>>>>>> Illegal instruction
> >>>>>>>>> 
> >>>>>>>>> I tried to debug it using GDB but to no avail. Does anybody have
> >>>>>>>>> ideas?
> >>>>>>>>> I'm
> >>>>>>>>> running QEMU 2.2.1.
> >>>>>>>> 
> >>>>>>>> It sounds like the program had an instruction that QEMU doesn't
> >>>>>>>> recognise, or doesn't think should be allowed on the current CPU
> >>>>>>>> which
> >>>>>>>> you've set with -cpu. You might be able to find out what that
> >>>>>>>> 
> >>>>>>>> instruction is by putting this on your qemu command line:
> >>>>>>>>  -singlestep -d in_asm
> >>>>>>> 
> >>>>>>> Hi James,
> >>>>>>> 
> >>>>>>> thanks for the help :) I have tried with all the CPU's available.
> >>>>>>> None
> >>>>>>> of
> >>>>>>> them worked, so I just leave it as undefined. It seems the offending
> >>>>>>> instruction is "udi4".
> >>>>>>> 
> >>>>>>> (...)
> >>>>>>> IN:
> >>>>>>> 0x765d1fa4:  udi4       a0,v0,zero,0x0
> >>>>>> 
> >>>>>> According to this line you are trying to use MIPS32 CPU whereas I
> >>>>>> presume you would like MIPS64R2? Please try 5KEf CPU for example
> >>>>>> which
> >>>>>> is available in qemu-mips64 and qemu-mips64el QEMU binaries for big
> >>>>>> and
> >>>>>> little endian respectively.
> >>>>> 
> >>>>> I just noticed the QEMU version you are using and it doesn't contain
> >>>>> 5KEf and 5KEc CPUs. Please try MIPS64R2-generic.
> >>>>> 
> >>>>> Leon
> >>>> 
> >>>> Hi Leon,
> >>>> 
> >>>> have a look at the "binary-info.txt" file in the first e-Mail. It does
> >>>> use
> >>>> the ELF magic for 32 bits ELF, not the 64 bits, that's why I get the
> >>>> following:
> >>>> 
> >>>> # chroot rootfs/ /usr/local/bin/qemu-mips64 -cpu MIPS64R2-generic
> >>>> /bin/sh
> >>>> /bin/sh: Invalid ELF image for this architecture
> >>>> 
> >>>> Is there a way to force the execution of the binary even if the flag
> >>>> doesn't match?
> >>>> 
> >>>> Also, if you have a look at the flags you get: noreorder, cpic,
> >>>> 32bitmode,
> >>>> unknown CPU, o32, mips64r2. So, is it 64 bits or 32 bits ELF file?
> >>> 
> >>> I see, this mips64r2 binary has o32 ABI. It indeed would work in
> >>> qemu-mips provided there are no mips64r2-specific instructions. I think
> >>> I jumped a bit too quickly to the conclusion.
> >>> 
> >>> QEMU's mips/disas doesn't help much in this case as it just indicates
> >>> User Defined Instruction. Presumably this instruction is specific to
> >>> this processor and is missing in QEMU. Are you able to get disassembly
> >>> of your program and look up what is under 0x765d1fa4 address which
> >>> caused the illegal instruction?
> >> 
> >> Hi Leon,
> >> 
> >> using IDA with a remote debug session to QEMU  I got the following
> >> disassembly (kept surrounding instructions to give some context). To
> >> IDA, this custom instruction is also unknown.
> >> 
> >> MEMORY:765D1F90 sw      $v1, 4($v0)
> >> MEMORY:765D1F94 addu    $a0, $a1
> >> MEMORY:765D1F98 sw      $a0, 0($v0)
> >> MEMORY:765D1F9C
> >> MEMORY:765D1F9C loc_765D1F9C:
> >> MEMORY:765D1F9C addiu   $a0, $s1, 0x51B0
> >> MEMORY:765D1FA0 move    $v0, $zero
> >> MEMORY:765D1FA0  # -----------------------
> >> MEMORY:765D1FA4 .byte 0x70  # p
> >> MEMORY:765D1FA5 .byte 0x82  # é
> >> MEMORY:765D1FA6 .byte    0
> >> MEMORY:765D1FA7 .byte 0x14
> >> MEMORY:765D1FA8  # -----------------------
> >> MEMORY:765D1FA8 slti    $v0, 2
> >> MEMORY:765D1FAC beqz    $v0, loc_765D204C
> >> MEMORY:765D1FB0 nop
> >> MEMORY:765D1FB4 lw      $ra, 0x24($sp)
> >> MEMORY:765D1FB8
> >> MEMORY:765D1FB8 loc_765D1FB8:
> >> MEMORY:765D1FB8 move    $v0, $s0
> >> MEMORY:765D1FBC lw      $s1, 0x20($sp)
> >> MEMORY:765D1FC0 lw      $s0, 0x1C($sp)
> > 
> > According to binutils this is SWAPW which belongs to XLR:
> > {"swapw",          "t,b",          0x70000014, 0xfc00ffff,
> > MOD_1|RD_2|LM|SM,       0,              XLR,            0,      0 },
> > 
> > I'm afraid you won't be able to run binaries built for NetLogic XLP
> > until someone implements these instructions in QEMU.
> 
> Thanks Leon, you just beat me to it with that :-)
> 
> For reference, you can disassemble xlp specific code with objdump using
> "-m mips:xlp":
> 
> $ cat test.S
> .text
> .word 0x70820014
> $ mips-linux-gnu-gcc -o test.o -c test.S
> $ mips-linux-gnu-objdump -d test.o -m mips:xlp
> 
> test.o:     file format elf32-tradbigmips
> 
> 
> Disassembly of section .text:
> 
> 00000000 <.text>:
>    0:   70820014        swapw   v0,a0
>         ...
> 
> Cheers
> James

Hi guys,

you rock! Thanks for all the information. I will have a look a QEMU and its 
documentation to try and understand how to implement this missing instructions 
(I have found others).

Once again, thanks for your time, cheers,
Duarte