On 20/11/2017 13:50, Peter Maydell wrote: > More generally, this commit seems to assume that QEMU always > does: > * set exception_index to something > * handle that > * clear exception_index to -1 > > but it's not clear to me that it's actually always the case > that it gets cleared back to -1.
After returning from cpu_handle_interrupt, cpu_exec goes to cpu_handle_exception which does if (cpu->exception_index >= EXCP_INTERRUPT) { *ret = cpu->exception_index; if (*ret == EXCP_DEBUG) { cpu_handle_debug_exception(cpu); } cpu->exception_index = -1; return true; } else { CPUClass *cc = CPU_GET_CLASS(cpu); qemu_mutex_lock_iothread(); cc->do_interrupt(cpu); qemu_mutex_unlock_iothread(); cpu->exception_index = -1; } return false; Does ARM have a case where cc->do_interrupt can longjmp back to the beginning of cpu_handle_exception? But I still do not understand why you don't eventually clear exception_index to -1. Maybe there should be an assertion for that before and after cpu_handle_interrupt. Thanks, Paolo