Re: [Qemu-devel] MIPS emulation

[Thiemo Seufer]

Luke -Jr wrote:
> On Saturday 28 June 2008, Thiemo Seufer wrote:
> > Luke -Jr wrote:
> > > On Friday 27 June 2008, Luke -Jr wrote:
> > > > Is it possible to just emulate a MIPS CPU without any kind of ELF
> > > > loader/BIOS/boot process, ideally letting me watch/debug the
> > > > instruction flow and registers?
> > >
> > > In particular, I get this log output when I try to boot a flash image:
> > >
> > > cpu_mips_handle_mmu_fault pc bfc00000 ad bfc00000 rw 2 mmu_idx 0 smmu 1
> > > cpu_mips_handle_mmu_fault address=bfc00000 ret 0 physical 1fc00000 prot 3
> > > do_raise_exception_err: 15 0
> > > do_interrupt enter: PC bfc00000 EPC 00000000 instruction bus error
> > > exception do_interrupt: PC bfc00380 EPC bfc00000 cause 6
> > >     S 00400006 C 00000418 A 00000000 D 00000000
> > > do_raise_exception_err: 15 0
> > > do_interrupt enter: PC bfc00380 EPC bfc00000 instruction bus error
> > > exception do_interrupt: PC bfc00380 EPC bfc00000 cause 6
> > >     S 00400006 C 00000418 A 00000000 D 00000000
> >
> > An "instruction bus error" means Qemu wasn't able to fetch an instruction
> > from address 0xbfc00000, which should correspond to the very begin of
> > your flash image. This looks like your Qemu build is broken for some
> > reason. Did you build with gcc4, per chance?
> 
> Just tried and got this same thing with a vanilla checkout of trunk compiled 
> with GCC 3.4.6...

Well, the -pflash option works well enough for me to execute the first
instructions of a YAMON or redboot image. I figure you'll have to chase
this down yourself with the help of gdb. (The IBE is triggered by the
do_unassigned_access call in exec-all.h:get_phys_addr_code.)


Thiemo