Gentle ping! :)
There is apparently also a ticket for this work (that I did not see before I
sent the patches): https://linaro.atlassian.net/browse/QEMU-444
On 2026-05-18 18:13, Torbjörn SVENSSON wrote:
Testing an arm-none-eabi GCC toolchain using QEMU gives unpredictable
test results for some test cases. In the GCC testsuite function
check_effective_target_arm_pacbti_hw, the testsuite tries to identify
if the target supports PACBTI instructions. The test consists of:
__attribute__ ((naked)) int
main (void)
{
asm ("pac r12, lr, sp");
asm ("mov r0, #0");
asm ("autg r12, lr, sp");
asm ("bx lr");
}
Running the above code in QEMU will cause LR to get corrupted.
The reson for the corruption is that AUTG overlaps with the SMMLA
instruction, and SMMLA will write the result to Rn, that for
`AUTG R12, LR, SP` happens to match `LR`.
The above statement is not entirely true.
SMMLA is writing the result to Rd and that happens to match PC, not Rn and LR.
Sorry for the confusion this might have caused.
Kind regards,
Torbjörn
The solution to the above problem is to define the following new
Cortex-M instructions in QEMU:
* AUT
* AUTG
* BXAUT
* PAC
* PACBTI
* PACG
This patch series only implements the pointer authentication code part
of PACBTI. The branch target identification part is not implemented.
Signed-off-by: Torbjörn SVENSSON <[email protected]>
---
Torbjörn SVENSSON (3):
target/arm/tcg: define cortex-m85 cpu
target/arm/tcg: add PAC related instructions
target/arm: implement v8.1-m PAC support
target/arm/cpu-features.h | 6 ++
target/arm/internals.h | 2 +
target/arm/tcg/cpu-v7m.c | 40 +++++++++++++
target/arm/tcg/m_helper.c | 17 ++++++
target/arm/tcg/t32.decode | 21 ++++++-
target/arm/tcg/translate.c | 138 +++++++++++++++++++++++++++++++++++++++++++++
6 files changed, 221 insertions(+), 3 deletions(-)
---
base-commit: ac6721b88df944ade0048822b2b74210f543d656
change-id: 20260518-pr-pacbti-366d7acbe1be
Best regards,
