[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [Bug 1182344] Re: ARM: invalid code execution after subs in
From: |
Sebastian Huber |
Subject: |
[Qemu-devel] [Bug 1182344] Re: ARM: invalid code execution after subs instruction |
Date: |
Tue, 21 May 2013 09:07:27 -0000 |
** Attachment added: "ELF file of the application."
https://bugs.launchpad.net/qemu/+bug/1182344/+attachment/3682743/+files/app.exe
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1182344
Title:
ARM: invalid code execution after subs instruction
Status in QEMU:
New
Bug description:
I use Qemu (Git 1239b472bb0dba8060f1af29d40dafbc1b2860d4) to test a
SMP application on ARM. I use the following command line:
qemu-system-arm -S -s -net none -nographic -M realview-pbx-a9 -kernel
app.exe -m 256M -no-reboot -smp 2 -icount 8
The application crashes because Qemu executes the B.N instruction
wrong after a SUBS (return from interrupt):
0x00010428 <thread_dispatch_done+12>: vldmia r1!, {d16-d31}
0x0001042c <thread_dispatch_done+16>: ldr r0, [r1]
0x00010430 <thread_dispatch_done+20>: add sp, sp, #200 ; 0xc8
0x00010434 <thread_dispatch_done+24>: vmsr fpscr, r0
0x00010438 <thread_dispatch_done+28>: ldmfd sp!, {lr}
0x0001043c <thread_dispatch_done+32>: mov r0, sp
0x00010440 <thread_dispatch_done+36>: add sp, sp, #28
0x00010444 <thread_dispatch_done+40>: mrs r1, CPSR
0x00010448 <thread_dispatch_done+44>: bic r1, r1, #1
0x0001044c <thread_dispatch_done+48>: msr CPSR_fc, r1
0x00010450 <thread_dispatch_done+52>: push {r4, r5}
0x00010454 <thread_dispatch_done+56>: ldm r0, {r0, r1, r2, r3,
r4, r5, r12}
0x00010458 <thread_dispatch_done+60>: mov lr, r4
0x0001045c <thread_dispatch_done+64>: msr SPSR_fc, r5
0x00010460 <thread_dispatch_done+68>: pop {r4, r5}
0x00010464 <thread_dispatch_done+72>: subs pc, lr, #4
0x00000690 <_Thread_Idle_body+8>: b.n 0x690 <_Thread_Idle_body+8>
0x00000692: nop
0x00000694 <__getreent+0>: push {r7, lr}
0x00000696 <__getreent+2>: add r7, sp, #0
0x00000698 <__getreent+4>: bl 0x1cf0 <bsp_smp_processor_id>
0x00001cf0 <bsp_smp_processor_id+0>: push {r7, lr}
This instruction trace was generated with the attached patch.
The
0x00000690 <_Thread_Idle_body+8>: b.n 0x690
<_Thread_Idle_body+8>
should jump to itself. Instead the next instruction is executed:
0x00000692: nop
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1182344/+subscriptions