** Changed in: qemu
Status: New => Fix Committed
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/581335
Title:
ARM Thumb IT block incorrect execution after interrupt
Status in QEMU:
Fix Committed
Bug description:
Currently if interrupt occurs inside of IT block (after Thumb "it*"
instructions which make several next instructions conditional) all
remaining instructions of the block are executed unconditionally after
returning from the interrupt handling routine. This happens because
when translation block (TB) is generated 'it' instruction is processed
only by filling 'condexec_bits' field of the variable 'env' containing
current processor state. After interrupt occurs inside of the IT
block and its handling is done execution returns to the IT block.
Obviously no TB is found starting at the new PC address so a new one
is generated starting from the instruction which was about to be
executed when interrupt occured. IT instruction is left behind and
'condexec_bits' is not filled so all remaining instructions of the IT
block are executed unconditionally.
Here is a small application which should show incorrect behavior. It
contains a store inside of the IT block which raises a data abort to
load a new page and assignment. Store and assignment are mutually
exclusive. But if interrupt is generated whle executing store
instruction assignment is executed too. This may be seen by examining
the program's return value. When fault occurs it is 1. When it
doesn't 0 is returned (real hardware tested).
