[Skyeye-developer] ARM9EJ-S Thumb BLX instruction

[Michael.Kang]

On 8/22/07, Smirnov Dmitry <Dmitry.Smirnov at tlmcom.ru> wrote:
> Hi,
>
> I'm new to Skyeye, so sorry if my issue is alreasy known...
>
> I've tried to run binary compiled by ADS1.2 for ARM926EJ-S on skyeye
> 1.2.3.
> Skyeye.conf is configured to use ns9750.
>
> I've got a problem with execution of the following instruction (I've
> used syntax from ADS fromelf utility that allows disassembling the elf:
>
> 0x000001c8:    f002e9ec    ....    BLX
> $Ven$AT$L$$hw_is_hw_revision_6100_rev2_check  ; 0x25a4
>
> Here, the 'f002e9ec' is the binary code of the instruction. It is
> executed in Thumb mode and is handled by ARMul_ThumbDecode() in
> thumbemu.c.
>
> First part of the instruction (f002) is correctly treated as BL
> instruction ('case 30' on line 461) but second part (e9ec) does not
> (condition on line 473 is failed):
> if (((tinstr & 0xF800) >> 11) != 31 )
>
> In fact, this seems to be a correct instruction according the ARM spec I
> have (DDI0100E_ARM_ARM.pdf). This is the BLX (for v5) and it is
> correctly executed by real hardware.
>
> I've tried to change the condition and add the following:
> if (((tinstr & 0xF800) >> 11) != 31
>                                 && ((tinstr & 0xF800) >> 11) != 29 )
>
> This causes skyeye to correctly decode the whole instruction and the
> address to branch to. Unfortunately, this should be accompanied by
> changing to ARM mode.
>
> I'm not sure how to do it correctly. Obviously TFLAG should be reset,
> but where should this to be done? Is it correct to clear the flag in the
> ARMul_ThumbDecode()?

I think it should be done in  WriteR15Branch() [ armemu.c:4663] :

arch/arm/common/armemu.c:4672:          CLEART;

>
> WBR,
> Dmitry
>
> _______________________________________________
> Skyeye-developer mailing list
> Skyeye-developer at lists.gro.clinux.org
> http://lists.gro.clinux.org/cgi-bin/mailman/listinfo/skyeye-developer
>


-- 
www.skyeye.org