Something is wrong when translating rdprs in an interrupt handler when CRS is 0x1. I'm hitting "../tcg/tcg.c:3466: tcg_reg_alloc_mov: Assertion `ts->val_type == TEMP_VAL_REG' failed."
When stopped on that assertion I can see that : - ts->val_type = TEMP_VAL_DEAD - op->opc = INDEX_op_mov_i32 - ots->name = "pc" - cpu->ctrl[0] = 0x5f9 (that's STATUS so CRS = 1) - pc = 0xa2d5c so, it looks related to an assignment to PC a little after rdprs. When running with -d in_asm,op_ind,op_opt: ---------------- IN: 0x000a2d5c: ldw r16,4(et) 0x000a2d60: rdprs sp,sp,0 0x000a2d64: ldw r4,8(et) 0x000a2d68: callr r16 OP before indirect lowering: ld_i32 tmp0,env,$0xfffffffffffffff0 brcond_i32 tmp0,$0x0,lt,$L0 dead: 0 ---- 000a2d5c add_i32 tmp0,et,$0x4 dead: 2 qemu_ld_i32 r16,tmp0,leul,0 sync: 0 dead: 1 ---- 000a2d60 call rdprs,$0x2,$1,sp,env,$0x1b sync: 0 dead: 0 2 ---- 000a2d64 add_i32 tmp0,et,$0x8 dead: 1 2 qemu_ld_i32 r4,tmp0,leul,0 sync: 0 dead: 0 1 ---- 000a2d68 and_i32 tmp0,r16,$0x3 dead: 2 brcond_i32 tmp0,$0x0,ne,$L1 dead: 0 1 mov_i32 pc,r16 sync: 0 dead: 0 1 mov_i32 ra,$0xa2d6c sync: 0 dead: 0 1 call lookup_tb_ptr,$0x6,$1,tmp7,env dead: 1 goto_ptr tmp7 dead: 0 set_label $L1 st_i32 r16,env,$0x2038 dead: 0 mov_i32 pc,$0xa2d68 sync: 0 dead: 0 1 call raise_exception,$0xa,$0,env,$0x7 dead: 0 1 set_label $L0 exit_tb $0x7f1878027e43 OP after optimization and liveness analysis: ld_i32 tmp0,env,$0xfffffffffffffff0 pref=0xffff brcond_i32 tmp0,$0x0,lt,$L0 dead: 0 ---- 000a2d5c ld_i32 tmp34,crs,$0x60 pref=0xf038 add_i32 tmp0,tmp34,$0x4 dead: 2 pref=0xff3f qemu_ld_i32 tmp26,tmp0,leul,0 dead: 1 pref=0xf038 st_i32 tmp26,crs,$0x40 ---- 000a2d60 call rdprs,$0x2,$1,tmp37,env,$0x1b dead: 2 pref=none st_i32 tmp37,crs,$0x6c dead: 0 ---- 000a2d64 add_i32 tmp0,tmp34,$0x8 dead: 1 2 pref=0xff3f qemu_ld_i32 tmp14,tmp0,leul,0 dead: 1 pref=0xffff st_i32 tmp14,crs,$0x10 dead: 0 ---- 000a2d68 and_i32 tmp0,tmp26,$0x3 dead: 1 2 pref=0xffff brcond_i32 tmp0,$0x0,ne,$L1 dead: 0 1 mov_i32 pc,tmp26 sync: 0 dead: 0 1 pref=0xffff st_i32 $0xa2d6c,crs,$0x7c dead: 0 1 call lookup_tb_ptr,$0x6,$1,tmp7,env dead: 1 pref=none goto_ptr tmp7 dead: 0 set_label $L1 ld_i32 tmp26,crs,$0x40 dead: 1 pref=0xffff st_i32 tmp26,env,$0x2038 dead: 0 mov_i32 pc,$0xa2d68 sync: 0 dead: 0 1 pref=0xffff call raise_exception,$0xa,$0,env,$0x7 dead: 0 1 set_label $L0 exit_tb $0x7f1878027e43