Skip to content

ARM cortex-m55 LOB instructions make QEMU crash

Hi, While trying to upgrade to QEMU-6-1.50 to benefit from cortex-m55/MVE support in GCC validation, I came across a QEMU crash.

GCC's testsuite tries to detect whether lob instructions are supported by the target HW (the HW is QEMU in my case).

The testcase is as follows:

int
main (void)
{ int i = 0;
  asm  ("movw r3, #10\n\t" /* movs? */
        "dls lr, r3" : : : "r3", "lr");
 loop:
  i++;
  asm goto ("le lr, %l0" : : : "lr" : loop);
  return i != 10;
}

Which gets compiled into:

00008188 <main>:
    8188:       b580            push    {r7, lr}
    818a:       b082            sub     sp, #8
    818c:       af00            add     r7, sp, #0
    818e:       2300            movs    r3, #0
    8190:       607b            str     r3, [r7, #4]
    8192:       f240 030a       movw    r3, #10
    8196:       f043 e001       dls     lr, r3
    819a:       687b            ldr     r3, [r7, #4]
    819c:       3301            adds    r3, #1
    819e:       607b            str     r3, [r7, #4]
    81a0:       f00f c805       le      lr, 819a <main+0x12>
    81a4:       687b            ldr     r3, [r7, #4]
    81a6:       2b0a            cmp     r3, #10
    81a8:       bf14            ite     ne
    81aa:       2301            movne   r3, #1
    81ac:       2300            moveq   r3, #0
    81ae:       b2db            uxtb    r3, r3
    81b0:       4618            mov     r0, r3
    81b2:       3708            adds    r7, #8
    81b4:       46bd            mov     sp, r7
    81b6:       bd80            pop     {r7, pc}

Upon execution with qemu-arm, I get a core dump; adding -d in_asm,cpu -singlestep shows:

IN: main
0x00008192:  f240 030a  movw     r3, #0xa

R00=00000001 R01=40800468 R02=00000000 R03=00000000
R04=00000001 R05=40800468 R06=00000000 R07=40800458
R08=00000000 R09=00000000 R10=00019b64 R11=00000000
R12=00000004 R13=40800458 R14=00008163 R15=00008192
XPSR=61000000 -ZC- T NS priv-thread
----------------
IN: main
0x00008196:  f043       .byte    0x43, 0xf0
0x00008198:  e001       b        #0x819e

R00=00000001 R01=40800468 R02=00000000 R03=0000000a
R04=00000001 R05=40800468 R06=00000000 R07=40800458
R08=00000000 R09=00000000 R10=00019b64 R11=00000000
R12=00000004 R13=40800458 R14=00008163 R15=00008196
XPSR=61000000 -ZC- T NS priv-thread
----------------
IN: main
0x0000819a:  687b       ldr      r3, [r7, #4]

R00=00000001 R01=40800468 R02=00000000 R03=0000000a
R04=00000001 R05=40800468 R06=00000000 R07=40800458
R08=00000000 R09=00000000 R10=00019b64 R11=00000000
R12=00000004 R13=40800458 R14=0000000a R15=0000819a
XPSR=61000000 -ZC- T NS priv-thread
----------------
IN: main
0x0000819c:  3301       adds     r3, #1

R00=00000001 R01=40800468 R02=00000000 R03=00000000
R04=00000001 R05=40800468 R06=00000000 R07=40800458
R08=00000000 R09=00000000 R10=00019b64 R11=00000000
R12=00000004 R13=40800458 R14=0000000a R15=0000819c
XPSR=61000000 -ZC- T NS priv-thread
----------------
IN: main
0x0000819e:  607b       str      r3, [r7, #4]

R00=00000001 R01=40800468 R02=00000000 R03=00000001
R04=00000001 R05=40800468 R06=00000000 R07=40800458
R08=00000000 R09=00000000 R10=00019b64 R11=00000000
R12=00000004 R13=40800458 R14=0000000a R15=0000819e
XPSR=01000000 ---- T NS priv-thread
----------------
IN: main
0x000081a0:  f00f       .byte    0x0f, 0xf0
0x000081a2:  c805       ldm      r0, {r0, r2}

R00=00000001 R01=40800468 R02=00000000 R03=00000001
R04=00000001 R05=40800468 R06=00000000 R07=40800458
R08=00000000 R09=00000000 R10=00019b64 R11=00000000
R12=00000004 R13=40800458 R14=0000000a R15=000081a0
XPSR=01000000 ---- T NS priv-thread
Illegal instruction (core dumped)

I execute this command: qemu-arm -cpu cortex-m55 -d in_asm,cpu -singlestep arm_v8_1_lob_hw_available8369.exe

arm_v8_1_lob_hw_available8369.exe

Edited by Christophe Lyon
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information