Hi Aurelien, > On 2015-04-03 23:26, Maciej W. Rozycki wrote: > > Restore EPC at the branch whose delay slot is emulated if the delay-slot > > instruction signals. This is so that code in `fpu_emulator_cop1Handler' > > does not see EPC having advanced and mistakenly successfully resume > > userland execution from the location at the branch target in that case. > > Restoring EPC guarantees an immediate exit from the emulation loop and > > if EPC hasn't advanced at all since entering the loop, also issuing the > > signal reported by the delay-slot instruction. > > > > Signed-off-by: Maciej W. Rozycki <macro@xxxxxxxxxxxxxx> > > --- > > Unfortunately this patch broke the case where the delay slot contains a > NOP instruction. In practice this causes a lot of code to now fails with > a SIGILL. For example the following code, extracted from R, reports a > SIGILL address 0x76f29670. > > => 0x76f29670: ldc1 $f2,40(s8) > 0x76f29674: ldc1 $f0,40(s8) > 0x76f29678: add.d $f0,$f2,$f0 > 0x76f2967c: sdc1 $f0,40(s8) > 0x76f29680: ldc1 $f2,40(s8) > 0x76f29684: ldc1 $f0,80(s8) > 0x76f29688: add.d $f0,$f2,$f0 > 0x76f2968c: sdc1 $f0,96(s8) > 0x76f29690: ldc1 $f2,96(s8) > 0x76f29694: ldc1 $f0,40(s8) > 0x76f29698: sub.d $f0,$f2,$f0 > 0x76f2969c: sdc1 $f0,112(s8) > 0x76f296a0: ldc1 $f2,112(s8) > 0x76f296a4: ldc1 $f0,80(s8) > 0x76f296a8: sub.d $f2,$f2,$f0 > 0x76f296ac: ldc1 $f0,144(s8) > 0x76f296b0: c.eq.d $f2,$f0 > 0x76f296b4: bc1t 0x76f29670 > 0x76f296b8: nop Thanks for your report, I'll have a look ASAP. Maciej
