diff mbox series

[PULL,14/26] tests/tcg/arm: add ARMv6-M UNDEFINED 32-bit instruction test

Message ID 20190312170931.25013-15-alex.bennee@linaro.org
State New
Headers show
Series final testing updates for 4.0 | expand

Commit Message

Alex Bennée March 12, 2019, 5:09 p.m. UTC
From: Stefan Hajnoczi <stefanha@redhat.com>


Test that 32-bit instructions declared UNDEFINED in the ARMv6-M
Reference Manual really do raise an exception.  Also test that the 6
32-bit instructions defined in the ARMv6-M Reference Manual do not raise
an exception.

Based-on: <20181029194519.15628-1-stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Message-Id: <20181129185113.30353-1-stefanha@redhat.com>
[AJB: integrated into system tests]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>


-- 
2.20.1

Comments

Peter Maydell June 11, 2019, 12:51 p.m. UTC | #1
On Tue, 12 Mar 2019 at 17:09, Alex Bennée <alex.bennee@linaro.org> wrote:
>

> From: Stefan Hajnoczi <stefanha@redhat.com>

>

> Test that 32-bit instructions declared UNDEFINED in the ARMv6-M

> Reference Manual really do raise an exception.  Also test that the 6

> 32-bit instructions defined in the ARMv6-M Reference Manual do not raise

> an exception.

>

> Based-on: <20181029194519.15628-1-stefanha@redhat.com>

> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

> Message-Id: <20181129185113.30353-1-stefanha@redhat.com>

> [AJB: integrated into system tests]

> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>


So I just tried running this test with a QEMU built with
clang's undefined-behaviour sanitizer, and it reveals a bug
in our elf loader code:

e104462:bionic:qemu$ make -C build/arm-clang/ check-tcg
make: Entering directory
'/home/petmay01/linaro/qemu-from-laptop/qemu/build/arm-clang'
make[1]: Entering directory '/home/petmay01/linaro/qemu-from-laptop/qemu/slirp'
make[1]: Nothing to be done for 'all'.
make[1]: Leaving directory '/home/petmay01/linaro/qemu-from-laptop/qemu/slirp'
  BUILD   debian9
  BUILD   debian-armhf-cross
  BUILD   TCG tests for arm-softmmu
  BUILD   arm guest-tests with arm-linux-gnueabihf-gcc
  RUN     TCG tests for arm-softmmu
  BUILD   arm guest-tests with arm-linux-gnueabihf-gcc
  RUN     tests for arm
  TEST    test-armv6m-undef on arm
/home/petmay01/linaro/qemu-from-laptop/qemu/include/hw/elf_ops.h:175:11:
runtime error: null pointer passed as argument 1, which is declared to
never be null
/usr/include/stdlib.h:828:30: note: nonnull attribute specified here
[...]

I think what's happening here is that the ELF file being
loaded has no function symbols, so in the load_symbols
function nsyms is 0, and g_realloc(syms, nsyms * sizeof(*syms))
returns NULL. We then pass that to qsort(), which is bad
because qsort() mandates a non-NULL pointer.

thanks
-- PMM
diff mbox series

Patch

diff --git a/tests/tcg/arm/Makefile.softmmu-target b/tests/tcg/arm/Makefile.softmmu-target
new file mode 100644
index 0000000000..49d48d8a1c
--- /dev/null
+++ b/tests/tcg/arm/Makefile.softmmu-target
@@ -0,0 +1,29 @@ 
+# -*- Mode: makefile -*-
+#
+# ARM SoftMMU tests - included from tests/tcg/Makefile
+#
+
+ifeq ($(TARGET_ABI_DIR),arm)
+
+ARM_SRC=$(SRC_PATH)/tests/tcg/arm
+
+# Set search path for all sources
+VPATH 		+= $(ARM_SRC)
+
+ARM_TESTS=test-armv6m-undef
+
+TESTS += $(ARM_TESTS)
+
+CFLAGS+=-Wl,--build-id=none -x assembler-with-cpp
+LDFLAGS+=-nostdlib -N -static
+
+%: %.S %.ld
+	$(CC) $(CFLAGS) $(ASFLAGS) $< -o $@ $(LDFLAGS) -T $(ARM_SRC)/$@.ld
+
+# Specific Test Rules
+
+test-armv6m-undef: EXTRA_CFLAGS+=-mcpu=cortex-m0
+
+run-test-armv6m-undef: QEMU_OPTS+=-semihosting -M microbit -kernel
+
+endif
diff --git a/tests/tcg/arm/test-armv6m-undef.S b/tests/tcg/arm/test-armv6m-undef.S
new file mode 100644
index 0000000000..d18ca56b4a
--- /dev/null
+++ b/tests/tcg/arm/test-armv6m-undef.S
@@ -0,0 +1,154 @@ 
+/*
+ * Test ARMv6-M UNDEFINED 32-bit instructions
+ *
+ * Copyright 2018 Red Hat Inc.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2
+ * or later. See the COPYING file in the top-level directory.
+ */
+
+/*
+ * Test that UNDEFINED 32-bit instructions fault as expected.  This is an
+ * interesting test because ARMv6-M shares code with its more fully-featured
+ * siblings and it's necessary to verify that its limited instruction set is
+ * emulated correctly.
+ *
+ * The emulator must be invoked with -semihosting so that the test case can
+ * terminate with exit code 0 on success or 1 on failure.
+ *
+ * Failures can be debugged with -d in_asm,int,exec,cpu and the
+ * gdbstub (-S -s).
+ */
+
+.syntax unified
+.cpu cortex-m0
+.thumb
+
+/*
+ * Memory map
+ */
+#define SRAM_BASE 0x20000000
+#define SRAM_SIZE (16 * 1024)
+
+/*
+ * Semihosting interface on ARM T32
+ * See "Semihosting for AArch32 and AArch64 Version 2.0 Documentation" by ARM
+ */
+#define semihosting_call bkpt 0xab
+#define SYS_EXIT 0x18
+
+vector_table:
+    .word SRAM_BASE + SRAM_SIZE /* 0. SP_main */
+    .word exc_reset_thumb       /* 1. Reset */
+    .word 0                     /* 2. NMI */
+    .word exc_hard_fault_thumb  /* 3. HardFault */
+    .rept 7
+    .word 0                     /* 4-10. Reserved */
+    .endr
+    .word 0                     /* 11. SVCall */
+    .word 0                     /* 12. Reserved */
+    .word 0                     /* 13. Reserved */
+    .word 0                     /* 14. PendSV */
+    .word 0                     /* 15. SysTick */
+    .rept 32
+    .word 0                     /* 16-47. External Interrupts */
+    .endr
+
+exc_reset:
+.equ exc_reset_thumb, exc_reset + 1
+.global exc_reset_thumb
+    /* The following 32-bit UNDEFINED instructions are tested by executing
+     * them.  The HardFault exception handler should execute and return to
+     * the next test case.  If no exception is raised the test fails.
+     */
+
+    /* Table A5-9 32-bit Thumb encoding */
+    .short 0b1110100000000000
+    .short 0b0000000000000000
+    b not_reached
+    .short 0b1110100000000000
+    .short 0b1000000000000000
+    b not_reached
+    .short 0b1111100000000000
+    .short 0b0000000000000000
+    b not_reached
+    .short 0b1111100000000000
+    .short 0b1000000000000000
+    b not_reached
+    .short 0b1111000000000000
+    .short 0b0000000000000000
+    b not_reached
+
+    /* Table A5-10 Branch and miscellaneous control instructions */
+    .short 0b1111011111110000
+    .short 0b1010000000000000
+    b not_reached
+
+    /* The following are valid 32-bit instructions that must not raise a
+     * HardFault.
+     */
+
+    /* B4.2.3 Move to Special Register (moves to IPSR are ignored) */
+    msr ipsr, r0
+    b 1f
+    b not_reached
+1:
+    /* B4.2.2 Move from Special Register */
+    mrs r0, ipsr
+    b 1f
+    b not_reached
+1:
+    /* A6.7.13 Branch with Link (immediate) */
+    bl 1f
+1:
+    b 1f
+    b not_reached
+1:
+    /* A6.7.21 Data Memory Barrier */
+    dmb
+    b 1f
+    b not_reached
+1:
+    /* A6.7.22 Data Synchronization Barrier */
+    dsb
+    b 1f
+    b not_reached
+1:
+    /* A6.7.24 Instruction Memory Barrier */
+    isb
+    b 1f
+    b not_reached
+1:
+
+    /* Success! */
+    movs r0, 1
+    b exit
+
+not_reached: /* Failure :( */
+    movs r0, 0
+    b exit
+
+/* When a HardFault occurs, return to pc+6 (test cases are 3 halfwords long) */
+exc_hard_fault:
+.equ exc_hard_fault_thumb, exc_hard_fault + 1
+.global exc_hard_fault_thumb
+    ldr r0, [sp, 0x18]
+    adds r0, 6
+    str r0, [sp, 0x18]
+    bx lr
+
+/*
+ * exit: Terminate emulator
+ * @r0: 0 - failure, 1 - success
+ */
+exit:
+    movs r1, 0
+    cmp r0, 1
+    bne 1f
+    ldr r1, ADP_Stopped_ApplicationExit
+1:
+    movs r0, SYS_EXIT
+    semihosting_call
+.align 2
+ADP_Stopped_ApplicationExit:
+    .word 0x20026
diff --git a/tests/tcg/arm/test-armv6m-undef.ld b/tests/tcg/arm/test-armv6m-undef.ld
new file mode 100644
index 0000000000..43dbbf17d5
--- /dev/null
+++ b/tests/tcg/arm/test-armv6m-undef.ld
@@ -0,0 +1,21 @@ 
+ENTRY(exc_reset_thumb)
+
+SECTIONS
+{
+    . = 0x0;
+    .text : {
+        *(.text)
+    }
+    .data : {
+        *(.data)
+    }
+    .rodata : {
+        *(.rodata)
+    }
+    .bss : {
+        *(.bss)
+    }
+    /DISCARD/ : {
+        *(.ARM.attributes)
+    }
+}