From patchwork Fri Jun  8 01:05:17 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Maciej W. Rozycki" <macro@codesourcery.com>
X-Patchwork-Id: 163709
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id 0DB46B6FAF
	for <incoming@patchwork.ozlabs.org>;
	Fri,  8 Jun 2012 14:51:29 +1000 (EST)
Received: from localhost ([::1]:48424 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1ScqOC-0000os-I1
	for incoming@patchwork.ozlabs.org; Fri, 08 Jun 2012 00:01:32 -0400
Received: from eggs.gnu.org ([208.118.235.92]:43133)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Maciej_Rozycki@mentor.com>) id 1Scnds-0007cp-J2
	for qemu-devel@nongnu.org; Thu, 07 Jun 2012 21:05:33 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Maciej_Rozycki@mentor.com>) id 1Scndq-0006KQ-Ux
	for qemu-devel@nongnu.org; Thu, 07 Jun 2012 21:05:32 -0400
Received: from relay1.mentorg.com ([192.94.38.131]:46713)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Maciej_Rozycki@mentor.com>) id 1Scndq-0006K6-Oo
	for qemu-devel@nongnu.org; Thu, 07 Jun 2012 21:05:30 -0400
Received: from svr-orw-exc-10.mgc.mentorg.com ([147.34.98.58])
	by relay1.mentorg.com with esmtp
	id 1Scndn-00030h-VB from Maciej_Rozycki@mentor.com ;
	Thu, 07 Jun 2012 18:05:27 -0700
Received: from SVR-IES-FEM-01.mgc.mentorg.com ([137.202.0.104]) by
	SVR-ORW-EXC-10.mgc.mentorg.com with Microsoft
	SMTPSVC(6.0.3790.4675); Thu, 7 Jun 2012 18:04:56 -0700
Received: from [172.30.1.189] (137.202.0.76) by
	SVR-IES-FEM-01.mgc.mentorg.com
	(137.202.0.104) with Microsoft SMTP Server id 14.1.289.1;
	Fri, 8 Jun 2012 02:05:26 +0100
Date: Fri, 8 Jun 2012 02:05:17 +0100
From: "Maciej W. Rozycki" <macro@codesourcery.com>
To: <qemu-devel@nongnu.org>
Message-ID: <alpine.DEB.1.10.1206072316150.23962@tp.orcam.me.uk>
User-Agent: Alpine 1.10 (DEB 962 2008-03-14)
MIME-Version: 1.0
X-OriginalArrivalTime: 08 Jun 2012 01:04:56.0588 (UTC)
	FILETIME=[B835E4C0:01CD4512]
X-detected-operating-system: by eggs.gnu.org: Solaris 10 (beta)
X-Received-From: 192.94.38.131
X-Mailman-Approved-At: Fri, 08 Jun 2012 00:01:00 -0400
Cc: "Maciej W. Rozycki" <macro@codesourcery.com>,
	Aurelien Jarno <aurelien@aurel32.net>
Subject: [Qemu-devel] [PATCH] MIPS/system: MTC0 single-stepping PC update fix
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Some MTC0 (and possibly other) instructions switch to the BS_STOP state
to terminate the current translation block, so that the state transition
of the simulated CPU resulting from the CP0 operation takes effect with
the following instruction.  This happens for "mtc0 <reg>,c0_config" for
example.

 While single-stepping this has a side-effect of not advancing the PC past
the instruction just executed; subsequent single-step traps will stop at
the same instruction repeatedly.  This is obviously incorrect and (with my
limited understanding of QEMU internals) is fixed easily as below, making
the old PC be kept only for the BS_EXCP (exception condition) state.

 Example:

(gdb) stepi
0x80004d24 in _start ()
5: x/i $pc
=> 0x80004d24 <_start+364>:     mfc0    t1,c0_config
(gdb)
0x80004d28 in _start ()
5: x/i $pc
=> 0x80004d28 <_start+368>:     li      at,-8
(gdb)
0x80004d2c in _start ()
5: x/i $pc
=> 0x80004d2c <_start+372>:     and     t1,t1,at
(gdb)
0x80004d30 in _start ()
5: x/i $pc
=> 0x80004d30 <_start+376>:     ori     t1,t1,0x3
(gdb)
0x80004d34 in _start ()
5: x/i $pc
=> 0x80004d34 <_start+380>:     mtc0    t1,c0_config
(gdb)
0x80004d34 in _start ()
5: x/i $pc
=> 0x80004d34 <_start+380>:     mtc0    t1,c0_config
(gdb)
0x80004d34 in _start ()
5: x/i $pc
=> 0x80004d34 <_start+380>:     mtc0    t1,c0_config
(gdb)
0x80004d34 in _start ()
5: x/i $pc
=> 0x80004d34 <_start+380>:     mtc0    t1,c0_config
(gdb)

-- oops!

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
---

 Please apply,

  Maciej

qemu-mips-mtc0-step.diff

Index: qemu-git-trunk/target-mips/translate.c
===================================================================
--- qemu-git-trunk.orig/target-mips/translate.c	2012-06-04 04:16:57.755560324 +0100
+++ qemu-git-trunk/target-mips/translate.c	2012-06-04 05:01:42.435594656 +0100
@@ -12494,7 +12494,7 @@ gen_intermediate_code_internal (CPUMIPSS
     if (tb->cflags & CF_LAST_IO)
         gen_io_end();
     if (env->singlestep_enabled && ctx.bstate != BS_BRANCH) {
-        save_cpu_state(&ctx, ctx.bstate == BS_NONE);
+        save_cpu_state(&ctx, ctx.bstate != BS_EXCP);
         gen_helper_0i(raise_exception, EXCP_DEBUG);
     } else {
         switch (ctx.bstate) {