The attached patch implements the Arm bkpt instruction. In full system emulation it causes a prefect abort (as defined by the architecture). For usermode emulation we capture it the same as SWI.
Paul
Index: linux-user/main.c =================================================================== RCS file: /sources/qemu/qemu/linux-user/main.c,v retrieving revision 1.76 diff -u -p -r1.76 main.c --- linux-user/main.c 5 Dec 2005 21:04:24 -0000 1.76 +++ linux-user/main.c 2 Feb 2006 20:41:06 -0000 @@ -358,14 +358,27 @@ void cpu_loop(CPUARMState *env) } break; case EXCP_SWI: + case EXCP_BKPT: { /* system call */ - if (env->thumb) { - insn = lduw((void *)(env->regs[15] - 2)); - n = insn & 0xff; + if (trapnr == EXCP_BKPT) { + if (env->thumb) { + insn = lduw((void *)(env->regs[15])); + n = insn & 0xff; + env->regs[15] += 2; + } else { + insn = ldl((void *)(env->regs[15])); + n = (insn & 0xf) | ((insn >> 4) & 0xff0); + env->regs[15] += 4; + } } else { - insn = ldl((void *)(env->regs[15] - 4)); - n = insn & 0xffffff; + if (env->thumb) { + insn = lduw((void *)(env->regs[15] - 2)); + n = insn & 0xff; + } else { + insn = ldl((void *)(env->regs[15] - 4)); + n = insn & 0xffffff; + } } if (n == ARM_NR_cacheflush) { Index: target-arm/cpu.h =================================================================== RCS file: /sources/qemu/qemu/target-arm/cpu.h,v retrieving revision 1.13 diff -u -p -r1.13 cpu.h --- target-arm/cpu.h 26 Nov 2005 10:46:39 -0000 1.13 +++ target-arm/cpu.h 2 Feb 2006 20:41:06 -0000 @@ -34,6 +34,7 @@ #define EXCP_DATA_ABORT 4 #define EXCP_IRQ 5 #define EXCP_FIQ 6 +#define EXCP_BKPT 7 /* We currently assume float and double are IEEE single and double precision respectively. Index: target-arm/helper.c =================================================================== RCS file: /sources/qemu/qemu/target-arm/helper.c,v retrieving revision 1.2 diff -u -p -r1.2 helper.c --- target-arm/helper.c 18 Dec 2005 16:54:08 -0000 1.2 +++ target-arm/helper.c 2 Feb 2006 20:41:06 -0000 @@ -127,6 +127,7 @@ void do_interrupt(CPUARMState *env) offset = 0; break; case EXCP_PREFETCH_ABORT: + case EXCP_BKPT: new_mode = ARM_CPU_MODE_ABT; addr = 0x0c; mask = CPSR_A | CPSR_I; Index: target-arm/op.c =================================================================== RCS file: /sources/qemu/qemu/target-arm/op.c,v retrieving revision 1.17 diff -u -p -r1.17 op.c --- target-arm/op.c 26 Nov 2005 10:46:39 -0000 1.17 +++ target-arm/op.c 2 Feb 2006 20:41:06 -0000 @@ -885,6 +885,12 @@ void OPPROTO op_wfi(void) cpu_loop_exit(); } +void OPPROTO op_bkpt(void) +{ + env->exception_index = EXCP_BKPT; + cpu_loop_exit(); +} + /* VFP support. We follow the convention used for VFP instrunctions: Single precition routines have a "s" suffix, double precision a "d" suffix. */ Index: target-arm/translate.c =================================================================== RCS file: /sources/qemu/qemu/target-arm/translate.c,v retrieving revision 1.35 diff -u -p -r1.35 translate.c --- target-arm/translate.c 18 Dec 2005 16:55:25 -0000 1.35 +++ target-arm/translate.c 2 Feb 2006 20:41:07 -0000 @@ -1217,6 +1217,12 @@ static void disas_arm_insn(CPUState * en gen_op_addl_T0_T1_saturate(); gen_movl_reg_T0(s, rd); break; + case 7: /* bkpt */ + gen_op_movl_T0_im((long)s->pc - 4); + gen_op_movl_reg_TN[0][15](); + gen_op_bkpt(); + s->is_jmp = DISAS_JUMP; + break; case 0x8: /* signed multiply */ case 0xa: case 0xc: @@ -2183,6 +2197,13 @@ static void disas_thumb_insn(DisasContex gen_bx(s); break; + case 0xe: /* bkpt */ + gen_op_movl_T0_im((long)s->pc - 2); + gen_op_movl_reg_TN[0][15](); + gen_op_bkpt(); + s->is_jmp = DISAS_JUMP; + break; + default: goto undef; }
_______________________________________________ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel