Skip to content

qem_m68k : trapcs instruction causes the non-execution of the following 2 instructions

Host environment

  • Linux 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u2 (2016-01-02) x86_64 GNU/Linux
  • QEMU version: (e.g. qemu-system-x86_64 --version) 
    qemu-m68k version 6.1.0 (Debian 1:6.1+dfsg-6)
Copyright (c) 2003-2021 Fabrice Bellard and the QEMU Project developers
  • QEMU command line: 
    chroot qemu-m68k qemu-m68k-static -cpu m68020 -d in_asm,cpu -D log1.txt ./test

Emulated/Virtualized environment

  • Operating system: Debian
  • OS/kernel version: (For POSIX guests, use uname -a.) 
    Linux kabrousse 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u2 (2016-01-02) m68k GNU/Linux
  • Architecture: (x86, ARM, s390x, etc.) m68k

Description of problem

In try to run following code :

8004615a:	204f           	moveal %sp,%a0
8004615c:	b1c7           	cmpal %d7,%a0
8004615e:	55fc           	trapcs
80046160:	4e56 0000      	linkw %fp,#0
80046164:	2f14           	movel %a4@,%sp@-
80046166:	288e           	movel %fp,%a4@
80046168:	c74d           	exg %a3,%a5
8004616a:	48e7 3030      	moveml %d2-%d3/%a2-%a3,%sp@-
8004616e:	7001           	moveq #1,%d0
80046170:	3b40 816c      	movew %d0,%a5@(-32404)
80046174:	7218           	moveq #24,%d1
80046176:	3b41 816a      	movew %d1,%a5@(-32406)
8004617a:	242d 8004      	movel %a5@(-32764),%d2
8004617e:	2b42 815c      	movel %d2,%a5@(-32420)
80046182:	206d 8008      	moveal %a5@(-32760),%a0
80046186:	2268 8010      	moveal %a0@(-32752),%a1
8004618a:	2b49 8158      	movel %a1,%a5@(-32424)
8004618e:	42ad 8154      	clrl %a5@(-32428)
80046192:	246d 8154      	moveal %a5@(-32428),%a2
80046196:	2b4a 8160      	movel %a2,%a5@(-32416)
8004619a:	2b4a 8164      	movel %a2,%a5@(-32412)
8004619e:	422d 8168      	clrb %a5@(-32408)
800461a2:	7604           	moveq #4,%d3
800461a4:	2b43 8150      	movel %d3,%a5@(-32432)
800461a8:	2668 8010      	moveal %a0@(-32752),%a3
800461ac:	2b4b 814c      	movel %a3,%a5@(-32436)
800461b0:	2268 8010      	moveal %a0@(-32752),%a1
800461b4:	266d 8008      	moveal %a5@(-32760),%a3
800461b8:	206b 8008      	moveal %a3@(-32760),%a0
800461bc:	4e90           	jsr %a0@
800461be:	2b48 8148      	movel %a0,%a5@(-32440)
800461c2:	4cdf 0c0c      	moveml %sp@+,%d2-%d3/%a2-%a3
800461c6:	c74d           	exg %a3,%a5
800461c8:	289f           	movel %sp@+,%a4@
800461ca:	4e5e           	unlk %fp
800461cc:	4e75           	rts

When I run qemu-m68k -cpu m68020 -d in_asm,cpu, I have :

----------------
IN: 
0x8004615a:  moveal %sp,%a0
0x8004615c:  cmpal %d7,%a0
0x8004615e:  trapcs
0x80046160:  linkw %fp,#0
0x80046164:  movel %a4@,%sp@-
0x80046166:  movel %fp,%a4@
0x80046168:  exg %a3,%a5
0x8004616a:  moveml %d2-%d3/%a2-%a3,%sp@-
0x8004616e:  moveq #1,%d0
0x80046170:  movew %d0,%a5@(-32404)
0x80046174:  moveq #24,%d1
0x80046176:  movew %d1,%a5@(-32406)
0x8004617a:  movel %a5@(-32764),%d2
0x8004617e:  movel %d2,%a5@(-32420)
0x80046182:  moveal %a5@(-32760),%a0
0x80046186:  moveal %a0@(-32752),%a1
0x8004618a:  movel %a1,%a5@(-32424)
0x8004618e:  clrl %a5@(-32428)
0x80046192:  moveal %a5@(-32428),%a2
0x80046196:  movel %a2,%a5@(-32416)
0x8004619a:  movel %a2,%a5@(-32412)
0x8004619e:  clrb %a5@(-32408)
0x800461a2:  moveq #4,%d3
0x800461a4:  movel %d3,%a5@(-32432)
0x800461a8:  moveal %a0@(-32752),%a3
0x800461ac:  movel %a3,%a5@(-32436)
0x800461b0:  moveal %a0@(-32752),%a1
0x800461b4:  moveal %a5@(-32760),%a3
0x800461b8:  moveal %a3@(-32760),%a0
0x800461bc:  jsr %a0@

Trace 0: 0x7f83a807e780 [00000000/8004615a/00000000/00000000] 
D0 = 00000012   A0 = 8004615a   F0 = 7fff ffffffffffffffff  (         nan)
D1 = 00000001   A1 = 800466d6   F1 = 7fff ffffffffffffffff  (         nan)
D2 = 00000000   A2 = 00000000   F2 = 7fff ffffffffffffffff  (         nan)
D3 = 00000000   A3 = 8000c3b0   F3 = 7fff ffffffffffffffff  (         nan)
D4 = 00000000   A4 = 8004604c   F4 = 7fff ffffffffffffffff  (         nan)
D5 = 00000000   A5 = 3ffd7000   F5 = 7fff ffffffffffffffff  (         nan)
D6 = 00000004   A6 = 80046038   F6 = 7fff ffffffffffffffff  (         nan)
D7 = 80042050   A7 = 80045ff4   F7 = 7fff ffffffffffffffff  (         nan)
PC    SR = 0004 T:0 I:0 UI --Z--
FPSR = 00000000 ---- 
                                FPCR =     0000 X RN 
								

----------------
IN: 
0x80046358:  lea %a1@(0,%d0:l),%a0
0x8004635c:  rts

Trace 0: 0x7f83a807eac0 [00000000/80046358/00000000/00000000] 
D0 = 00000001   A0 = 80046358   F0 = 7fff ffffffffffffffff  (         nan)
D1 = 00000018   A1 = 00000000   F1 = 7fff ffffffffffffffff  (         nan)
D2 = ffffffff   A2 = 00000000   F2 = 7fff ffffffffffffffff  (         nan)
D3 = 00000004   A3 = 8000c040   F3 = 7fff ffffffffffffffff  (         nan)
D4 = 00000000   A4 = 8004604c   F4 = 7fff ffffffffffffffff  (         nan)
D5 = 00000000   A5 = 8000c3b0   F5 = 7fff ffffffffffffffff  (         nan)
D6 = 00000004   A6 = 80046038   F6 = 7fff ffffffffffffffff  (         nan)
D7 = 80042050   A7 = 80045fe0   F7 = 7fff ffffffffffffffff  (         nan)
PC = 80046358   SR = 0004 T:0 I:0 UI --Z--
FPSR = 00000000 ---- 
                                FPCR =     0000 X RN 
----------------

Stack pointer is 80045fe0, it should be 80045FD8.

When I run with options -cpu m68020 -d in_asm,cpu,op -singlestep, I have :

----------------
IN:
0x8004615e:  trapcs
0x80046160:  linkw %fp,#0
Disassembler disagrees with translator over instruction decoding
Please report this to qemu-devel@nongnu.org

OP:
 ld_i32 tmp0,env,$0xfffffffffffffff8
 brcond_i32 tmp0,$0x0,lt,$L0

 ---- 8004615e 00000000
 mov_i32 tmp0,$0x0
 call flush_flags,$0x0,$0,env,CC_OP
 setcond_i32 tmp2,CC_C,tmp0,ne
 neg_i32 tmp2,tmp2
 mov_i32 tmp0,$0x56
 mov_i32 PC,$0x80046162
 exit_tb $0x0
 set_label $L0
 exit_tb $0x7fba001a75c3

D0 = 00000012   A0 = 80045ff4   F0 = 7fff ffffffffffffffff  (         nan)
D1 = 00000001   A1 = 800466d6   F1 = 7fff ffffffffffffffff  (         nan)
D2 = 00000000   A2 = 00000000   F2 = 7fff ffffffffffffffff  (         nan)
D3 = 00000000   A3 = 8000c3b0   F3 = 7fff ffffffffffffffff  (         nan)
D4 = 00000000   A4 = 8004604c   F4 = 7fff ffffffffffffffff  (         nan)
D5 = 00000000   A5 = 3ffd5000   F5 = 7fff ffffffffffffffff  (         nan)
D6 = 00000004   A6 = 80046038   F6 = 7fff ffffffffffffffff  (         nan)
D7 = 80042050   A7 = 80045ff4   F7 = 7fff ffffffffffffffff  (         nan)
PC = 8004615e   SR = 0000 T:0 I:0 UI -----
FPSR = 00000000 ----
                                FPCR =     0000 X RN
----------------
IN:
0x80046162:  orib #20,%d0

OP:
 ld_i32 tmp0,env,$0xfffffffffffffff8
 brcond_i32 tmp0,$0x0,lt,$L0

 ---- 80046162 00000000
 mov_i32 tmp0,$0x14
 ext8s_i32 tmp3,D0
 or_i32 tmp4,tmp3,tmp0
 and_i32 D0,D0,$0xffffff00
 ext8u_i32 tmp6,tmp4
 or_i32 D0,D0,tmp6
 ext8s_i32 CC_N,tmp4
 discard CC_C
 discard CC_Z
 discard CC_V
 mov_i32 CC_OP,$0xb
 mov_i32 PC,$0x80046166
 exit_tb $0x0
 set_label $L0
 exit_tb $0x7fba001a7683

D0 = 00000012   A0 = 80045ff4   F0 = 7fff ffffffffffffffff  (         nan)
D1 = 00000001   A1 = 800466d6   F1 = 7fff ffffffffffffffff  (         nan)
D2 = 00000000   A2 = 00000000   F2 = 7fff ffffffffffffffff  (         nan)
D3 = 00000000   A3 = 8000c3b0   F3 = 7fff ffffffffffffffff  (         nan)
D4 = 00000000   A4 = 8004604c   F4 = 7fff ffffffffffffffff  (         nan)
D5 = 00000000   A5 = 3ffd5000   F5 = 7fff ffffffffffffffff  (         nan)
D6 = 00000004   A6 = 80046038   F6 = 7fff ffffffffffffffff  (         nan)
D7 = 80042050   A7 = 80045ff4   F7 = 7fff ffffffffffffffff  (         nan)
PC = 80046162   SR = 0000 T:0 I:0 UI -----
FPSR = 00000000 ----
                                FPCR =     0000 X RN
----------------
IN:
0x80046166:  movel %fp,%a4@

OP:
 ld_i32 tmp0,env,$0xfffffffffffffff8
 brcond_i32 tmp0,$0x0,lt,$L0

...

I can see that instructions

0x80046160:  linkw %fp,#0
0x80046164:  movel %a4@,%sp@-

are not executed and an extra instruction

0x80046162:  orib #20,%d0

is executed

Steps to reproduce

Run chroot qemu-m68k qemu-m68k-static -cpu m68020 -d in_asm,cpu -D log1.txt ./test

Additional information

Edited by Frederic LIZOT
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information