Hi Taylor, I ran into an issue when a packet, not executed out of ram (get_page_addr_code_hostp returns -1, see translate-all.c) contains a fault. This packet is an example: { p0 = cmp.eq(r6,#0x6) if (p0.new) jump:t pass memw(##0xf2000000) = r6 }
The above packet should always jump to "pass" since r6 is set to #0x6, but if the store faults, the jump is discarded. This happens because do_raise_exception's call to cpu_loop_exit_restore is not able to find a TB to restore the PC to. When an instruction is not associated with a physical RAM page translate-all will create a "one-shot" TB so when cpu_restore_state looks for the TB by calling tcg_tb_loopup none is found. That keeps the PC from being restored. The change attached restores some of the code from commit 613653e500c0d482784f09aaa71f1297565b6815 / Hexagon (target/hexagon) Remove next_PC from runtime state. There are two attachments, the qemu update also includes an update to translate-all.c that forces this problem to occur. The second is the testcase which is built using vanilla llvm toolchain configured for hexagon. Thanks,
pc-testcase.tar.gz
Description: pc-testcase.tar.gz
0001-Incorrect-PC-update-for-many-miss-packets.patch
Description: 0001-Incorrect-PC-update-for-many-miss-packets.patch