[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug 1925512] Re: UNDEFINED case for instruction BLX
From: |
JIANG Muhui |
Subject: |
[Bug 1925512] Re: UNDEFINED case for instruction BLX |
Date: |
Fri, 23 Apr 2021 06:52:25 -0000 |
Hi
Thanks for your reply. I don't think return false is the right behavior
here. H is related to decoding rather than encoding phase. The value of
symbol *H* should not be used to check whether the (encoding) pattern is
matched or not. In other words, whatever value H is, if the bytecode
meet the pattern of BLX in Thumb T2 encoding, it should be a BLX
instruction.
During the decoding phase, QEMU should check whether H equals to 1. If
so, a SIGILL signal should be raised. Please see a concrete case below:
Below is the sample code, and 0xf279cf25 has the encoding pattern of
instruction BLX. H is 1 here.
int main()
{
__asm__(".inst.w 0xf279cf25");
printf("no signal\n");
}
I cross compiled it in thumb mode and generate the binary named test_BLX, which
is attached. I set a breakpoint at 0x102f0. The value in 0x102f0 is 0xf279cf25,
which should be an UNDEFINED instruction and a SIGILL signal should be raised
when executing this instruction.
Breakpoint 1, 0x000102f0 in ?? ()
gef> x/4i $pc
=> 0x102f0: ; <UNDEFINED> instruction: 0xf279cf25
0x102f4: ldr r3, [pc, #12] ; (0x10304)
0x102f6: movs r0, r3
0x102f8: bl 0x5fe28
When I use si to execute the instruction at 0x102f0, it will jump to
0x102f6. No signal is raised. Finally, the program will be exit without
any raised signal.
gef> si
0x000102f6 in ?? ()
I don't think this should be the right behavior. The same binary is
tested on a physical ARM device and SIGILL is triggered. Return false
seems not work here. Many Thanks
Regards
Muhui
** Attachment added: "test_BLX"
https://bugs.launchpad.net/qemu/+bug/1925512/+attachment/5491252/+files/test_BLX
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1925512
Title:
UNDEFINED case for instruction BLX
Status in QEMU:
Invalid
Bug description:
Hi
I refer to the instruction BLX imm (T2 encoding) in ARMv7 (Thumb
mode).
11110 S imm10H 11 J1 0 J2 imm10L H
if H == '1' then UNDEFINED;
I1 = NOT(J1 EOR S); I2 = NOT(J2 EOR S); imm32 =
SignExtend(S:I1:I2:imm10H:imm10L:'00', 32);
targetInstrSet = InstrSet_A32;
if InITBlock() && !LastInITBlock() then UNPREDICTABLE;
According to the manual, if H equals to 1, this instruction should be
an UNDEFINED instruction. However, it seems QEMU does not check this
constraint in function trans_BLX_i. Thanks
Regards
Muhui
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1925512/+subscriptions
- [Bug 1925512] [NEW] UNDEFINED case for instruction BLX, JIANG Muhui, 2021/04/22
- [Bug 1925512] Re: UNDEFINED case for instruction BLX, Philippe Mathieu-Daudé, 2021/04/22
- [Bug 1925512] Re: UNDEFINED case for instruction BLX, Richard Henderson, 2021/04/22
- [Bug 1925512] Re: UNDEFINED case for instruction BLX, JIANG Muhui, 2021/04/22
- [Bug 1925512] Re: UNDEFINED case for instruction BLX, Richard Henderson, 2021/04/22
- [Bug 1925512] Re: UNDEFINED case for instruction BLX,
JIANG Muhui <=
- [Bug 1925512] Re: UNDEFINED case for instruction BLX, Richard Henderson, 2021/04/23
- [Bug 1925512] Re: UNDEFINED case for instruction BLX, Richard Henderson, 2021/04/23