Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

arm instruction bxeq lr hangs #118

Closed
lunixbochs opened this issue Sep 7, 2015 · 10 comments
Closed

arm instruction bxeq lr hangs #118

lunixbochs opened this issue Sep 7, 2015 · 10 comments
Labels
bug

Comments

@lunixbochs
Copy link
Contributor

No description provided.

@lunixbochs lunixbochs changed the title arm instruction bxeq lr broken arm instruction bxeq lr hangs Sep 7, 2015
@lunixbochs
Copy link
Contributor Author

I don't have many tests for this (because my ARM test binaries all die very early right now) but it looks like conditional branching is completely broken on ARM

aquynh added a commit that referenced this issue Sep 8, 2015
@aquynh
Merge pull request #125 from lunixbochs/test-118
38817ee 
add test for #118
@aquynh
Copy link
Member

aquynh commented Sep 11, 2015

this bug is quite strange.
can you confirm this works well in Qemu? any quick way to test it?

@lunixbochs
Copy link
Contributor Author

Yeah, I pulled this opcode from a hang in one of my ARM ELF test binaries under Usercorn. I ran the same binary in qemu-user and it worked fine. Some of my other ARM test binaries exhibited an identical hang with different conditional branch instructions, but they all work in qemu-user.

@aquynh
Copy link
Member

aquynh commented Sep 12, 2015

can you put this binary somewhere, with instructions on how to reproduce with qemu-user ?

@lunixbochs
Copy link
Contributor Author

All of my ARM tests have an unclear license right now. Pick any ARM binary from a Linux distro and it should have a conditional branch in it.

@aquynh aquynh added the bug label Sep 14, 2015
@danghvu
Copy link
Contributor

danghvu commented Sep 16, 2015

Disable tcg optimization makes it work. Still unsure this is unicorn bug or qemu bug.

Potentially affect many other instructions when we have callback and the instructions are removed. I think it's the safest to just remove optimization, but wonder if there is a middle-ground to fix this.

diff --git a/qemu/tcg/tcg.c b/qemu/tcg/tcg.c
index 4246504..bac13e0 100644
--- a/qemu/tcg/tcg.c
+++ b/qemu/tcg/tcg.c
@@ -23,7 +23,7 @@
  */

 /* define it to use liveness analysis (better code) */
-#define USE_LIVENESS_ANALYSIS
+// #define USE_LIVENESS_ANALYSIS
 #define USE_TCG_OPTIMIZATIONS

 #include "config.h"

@lunixbochs
Copy link
Contributor Author

It doesn't hang in normal qemu-user, though.

@danghvu
Copy link
Contributor

danghvu commented Sep 17, 2015

Update:
This is the JIT, the one in *** [...] *** is removed by liveness analysis because apparently "pc" reg is treated as "dead" ?

movi_i32 tmp5,$0x4
movi_i64 tmp6,$0x1020c8fc0
movi_i64 tmp7,$0x7fbe4e803600
movi_i64 tmp8,$0x1000
movi_i64 tmp9,$0x1
call uc_tracecode,$0x0,$0,tmp5,tmp6,tmp7,tmp8,tmp9

ld_i32 tmp10,env,$0xfffffffffffffff4
movi_i32 tmp11,$0x0
brcond_i32 tmp10,tmp11,ne,$0x0

movi_i32 tmp10,$0x0
brcond_i32 ZF,tmp10,ne,$0x1
***mov_i32 tmp10,r14***
***movi_i32 tmp11,$0xfffffffffffffffe***
***and_i32 pc,tmp10,tmp11***

movi_i32 tmp11,$0x1
and_i32 tmp10,tmp10,tmp11
st_i32 tmp10,env,$0x218

exit_tb $0x0

set_label $0x1
goto_tb $0x1
movi_i32 pc,$0x1004
exit_tb $0x117018001


set_label $0x0
exit_tb $0x117018003

danghvu added a commit that referenced this issue Sep 22, 2015
@danghvu
Fix issue #118
0c67f41
@danghvu
Copy link
Contributor

danghvu commented Sep 22, 2015

This should be fixed now, please confirm

@lunixbochs
Copy link
Contributor Author

Looks good, now I can actually get to far enough to need #147 :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lunixbochs @danghvu @aquynh