mirror of
https://github.com/yuzu-emu/unicorn.git
synced 2025-04-21 11:33:14 +00:00
44bf8985e5
On M profile, return from exceptions happen when code in Handler mode executes one of the following function call return instructions: * POP or LDM which loads the PC * LDR to PC * BX register and the new PC value is 0xFFxxxxxx. QEMU tries to implement this by not treating the instruction specially but then catching the attempt to execute from the magic address value. This is not ideal, because: * there are guest visible differences from the architecturally specified behaviour (for instance jumping to 0xFFxxxxxx via a different instruction should not cause an exception return but it will in the QEMU implementation) * we have to account for it in various places (like refusing to take an interrupt if the PC is at a magic value, and making sure that the MPU doesn't deny execution at the magic value addresses) Drop these hacks, and instead implement exception return the way the architecture specifies -- by having the relevant instructions check for the magic value and raise the 'do an exception return' QEMU internal exception immediately. The effect on the generated code is minor: bx lr, old code (and new code for Thread mode): TCG: mov_i32 tmp5,r14 movi_i32 tmp6,$0xfffffffffffffffe and_i32 pc,tmp5,tmp6 movi_i32 tmp6,$0x1 and_i32 tmp5,tmp5,tmp6 st_i32 tmp5,env,$0x218 exit_tb $0x0 set_label $L0 exit_tb $0x7f2aabd61993 x86_64 generated code: 0x7f2aabe87019: mov %ebx,%ebp 0x7f2aabe8701b: and $0xfffffffffffffffe,%ebp 0x7f2aabe8701e: mov %ebp,0x3c(%r14) 0x7f2aabe87022: and $0x1,%ebx 0x7f2aabe87025: mov %ebx,0x218(%r14) 0x7f2aabe8702c: xor %eax,%eax 0x7f2aabe8702e: jmpq 0x7f2aabe7c016 bx lr, new code when in Handler mode: TCG: mov_i32 tmp5,r14 movi_i32 tmp6,$0xfffffffffffffffe and_i32 pc,tmp5,tmp6 movi_i32 tmp6,$0x1 and_i32 tmp5,tmp5,tmp6 st_i32 tmp5,env,$0x218 movi_i32 tmp5,$0xffffffffff000000 brcond_i32 pc,tmp5,geu,$L1 exit_tb $0x0 set_label $L1 movi_i32 tmp5,$0x8 call exception_internal,$0x0,$0,env,tmp5 x86_64 generated code: 0x7fe8fa1264e3: mov %ebp,%ebx 0x7fe8fa1264e5: and $0xfffffffffffffffe,%ebx 0x7fe8fa1264e8: mov %ebx,0x3c(%r14) 0x7fe8fa1264ec: and $0x1,%ebp 0x7fe8fa1264ef: mov %ebp,0x218(%r14) 0x7fe8fa1264f6: cmp $0xff000000,%ebx 0x7fe8fa1264fc: jae 0x7fe8fa126509 0x7fe8fa126502: xor %eax,%eax 0x7fe8fa126504: jmpq 0x7fe8fa122016 0x7fe8fa126509: mov %r14,%rdi 0x7fe8fa12650c: mov $0x8,%esi 0x7fe8fa126511: mov $0x56095dbeccf5,%r10 0x7fe8fa12651b: callq *%r10 which is a difference of one cmp/branch-not-taken. This will be lost in the noise of having to exit generated code and look up the next TB anyway. Backports commit 3bb8a96f5348913ee130169504f3642f501b113e from qemu |
||
|---|---|---|
| .. | ||
| crypto | ||
| default-configs | ||
| docs | ||
| fpu | ||
| hw | ||
| include | ||
| qapi | ||
| qobject | ||
| qom | ||
| scripts | ||
| target | ||
| tcg | ||
| util | ||
| aarch64.h | ||
| aarch64eb.h | ||
| accel.c | ||
| arm.h | ||
| armeb.h | ||
| atomic_template.h | ||
| CODING_STYLE | ||
| configure | ||
| COPYING | ||
| COPYING.LIB | ||
| cpu-exec-common.c | ||
| cpu-exec.c | ||
| cpus.c | ||
| cputlb.c | ||
| exec.c | ||
| gen_all_header.sh | ||
| glib_compat.c | ||
| HACKING | ||
| header_gen.py | ||
| ioport.c | ||
| LICENSE | ||
| m68k.h | ||
| Makefile | ||
| Makefile.objs | ||
| Makefile.target | ||
| memory.c | ||
| memory_ldst.inc.c | ||
| memory_mapping.c | ||
| mips.h | ||
| mips64.h | ||
| mips64el.h | ||
| mipsel.h | ||
| powerpc.h | ||
| qapi-schema.json | ||
| qemu-timer.c | ||
| rules.mak | ||
| softmmu_template.h | ||
| sparc.h | ||
| sparc64.h | ||
| tcg-runtime.c | ||
| translate-all.c | ||
| translate-all.h | ||
| translate-common.c | ||
| unicorn_common.h | ||
| VERSION | ||
| vl.c | ||
| vl.h | ||
| x86_64.h | ||