I've recently seen this with valgrind while running the HMP tester:

==22373== Conditional jump or move depends on uninitialised value(s)
==22373==    at 0x4A41FD: arm_disas_set_info (cpu.c:504)
==22373==    by 0x3867A7: monitor_disas (disas.c:390)
==22373==    by 0x38E80E: memory_dump (monitor.c:1339)
==22373==    by 0x38FA43: handle_hmp_command (monitor.c:3123)
==22373==    by 0x38FB9E: qmp_human_monitor_command (monitor.c:613)
==22373==    by 0x4E3124: qmp_marshal_human_monitor_command (qmp-marshal.c:1736)
==22373==    by 0x769678: do_qmp_dispatch (qmp-dispatch.c:104)
==22373==    by 0x769678: qmp_dispatch (qmp-dispatch.c:131)
==22373==    by 0x38B734: handle_qmp_command (monitor.c:3853)
==22373==    by 0x76ED07: json_message_process_token (json-streamer.c:105)
==22373==    by 0x78D40A: json_lexer_feed_char (json-lexer.c:323)
==22373==    by 0x78D4CD: json_lexer_feed (json-lexer.c:373)
==22373==    by 0x38A08D: monitor_qmp_read (monitor.c:3895)

And indeed, in monitor_disas, the read_memory_inner_func variable was
not initialized, but arm_disas_set_info() expects this to be NULL
or a valid pointer. Let's properly set this to NULL in the
INIT_DISASSEMBLE_INFO to fix it in all functions that use the
disassemble_info struct.

Fixes: f7478a92 ("Fix Thumb-1 BE32 execution")
Signed-off-by: NThomas Huth <thuth@redhat.com>
Message-Id: <1506524313-20037-1-git-send-email-thuth@redhat.com>

We threatened to remove ia64 as host in v2.9.0.  Its time has now come.

There are still some usages of defined(__ia64__) throughout the source
code that would be triggered if one were to enable TCI on an ia64 host.
Leave those alone for now.
Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>

Thumb-1 code has some issues in BE32 mode (as currently implemented). In
short, since bytes are swapped within words at load time for BE32
executables, this also swaps pairs of adjacent Thumb-1 instructions.

This patch un-swaps those pairs of instructions again, both for execution,
and for disassembly. (The previous version of the patch always read four
bytes in arm_read_memory_func and then extracted the proper two bytes,
in a probably misguided attempt to match the behaviour of actual hardware
as described by e.g. the ARM9TDMI TRM, section 3.3 "Endian effects for
instruction fetches". It's less complicated to just read the correct
two bytes though.)
Signed-off-by: NJulian Brown <julian@codesourcery.com>
Message-id: ca20462a044848000370318a8bd41dd0a4ed273f.1484929304.git.julian@codesourcery.com
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

This reverts commit d41f3c3c.
Signed-off-by: NRichard Henderson <rth@twiddle.net>

The HPPA backend has been removed by the following commit:

    802b5081
    tcg-hppa: Remove tcg backend

But some small pieces of the HPPA backend still survived until
today. Since we also do not have support for a HPPA target in
QEMU, we can nowadays safely remove the remaining HPPA parts
(like the disassembler code, or the detection of HPPA in the
configure script).
Signed-off-by: NThomas Huth <thuth@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Message-id: 1454089805-5470-16-git-send-email-peter.maydell@linaro.org

Move the target_disas() alpha specifics to the CPUClass::disas_set_info()
hook and delete the #ifdef specific code in disas.c.

This also makes monitor_disas() consistent with target_disas(), as
monitor_disas() was missing a set of the BFD (This was an omission from
commit b9bec751).
Signed-off-by: NPeter Crosthwaite <crosthwaite.peter@gmail.com>
Acked-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Move the target_disas() mips specifics to the CPUClass::disas_set_info()
hook and delete the #ifdef specific code in disas.c.

Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NPeter Crosthwaite <crosthwaite.peter@gmail.com>
Acked-by: NLeon Alrae <leon.alrae@imgtec.com>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Move the target_disas() sh4 specifics to the CPUClass::disas_set_info()
hook and delete the #ifdef specific code in disas.c.
Signed-off-by: NPeter Crosthwaite <crosthwaite.peter@gmail.com>
Acked-by: NAurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Move the target_disas() lm32 specifics to the CPUClass::disas_set_info()
hook and delete the #ifdef specific code in disas.c.
Signed-off-by: NPeter Crosthwaite <crosthwaite.peter@gmail.com>
Acked-by: NMichael Walle <michael@walle.cc>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Move the target_disas() sparc specifics to the QOM disas_set_info hook
and delete the #ifdef specific code in disas.c.

Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: NPeter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Move the target_disas() m68k specifics to the CPUClass::disas_set_info()
hook and delete the #ifdef specific code in disas.c.
Signed-off-by: NPeter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: NLaurent Vivier <laurent@vivier.eu>
Reviewed-by: NGreg Ungerer <gerg@uclinux.org>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Move the target_disas() moxie specifics to the CPUClass::disas_set_info()
hook and delete the #ifdef specific code in disas.c.

Cc: Anthony Green <green@moxielogic.com>
Signed-off-by: NPeter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Move the target_disas() s390 specifics to the CPUClass::disas_set_info()
hook and delete the #ifdef specific code in disas.c.

Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: NPeter Crosthwaite <crosthwaite.peter@gmail.com>
Acked-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

monitor_fprintf and mon_get_cpu will be used in the target-specific monitor,
so it is advisable to make it external.
Signed-off-by: NPavel Butsykin <pbutsykin@virtuozzo.com>
Signed-off-by: NDenis V. Lunev <den@openvz.org>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Andreas Färber <afaerber@suse.de>
Message-Id: <1442927901-1084-6-git-send-email-den@openvz.org>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

It does not work in multi-arch as it requires the CPU specific
TARGET_VIRT_ADDR_SPACE_BITS global define. Just use the generic
version that does no masking. Targets should be responsible for
passing in a sane virtual address.
Signed-off-by: NPeter Crosthwaite <crosthwaite.peter@gmail.com>
Message-Id: <1436129432-16617-1-git-send-email-crosthwaite.peter@gmail.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Move the target_disas() cris specifics to the QOM disas_set_info() hook
and delete the cris specific code in disas.c.

This also now adds support for monitor_disas() to cris.

E.g.
(qemu) xp 0x40004000
0000000040004000: 0x1e6f25f0

And before this patch:
(qemu) xp/i 0x40004000
0x40004000: Asm output not supported on this arch

After:
(qemu) xp/i 0x40004000
0x40004000:  di
(qemu) xp/i 0x40004002
0x40004002:  move.d 0xb003c004,$r1

Note: second example is 6-byte misaligned instruction!
Reviewed-by: NEdgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: NPeter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Move the target_disas() MB specifics to the QOM disas_set_info hook
and delete the MB specific code in disas.c.

This also now adds support for monitor_disas() to Microblaze.

E.g.
(qemu) xp 0x90000000
0000000090000000: 0x94208001

And before this patch:
(qemu) xp/i 0x90000000
0x90000000: Asm output not supported on this arch

After:
(qemu) xp/i 0x90000000
0x90000000:  mfs    r1, rmsr
Reviewed-by: NEdgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: NPeter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Move the target_disas() ARM specifics to the QOM disas_set_info hook
and delete the ARM specific code in disas.c.

This has the extra advantage of the more fully featured target_disas()
implementation now applying to monitor_disas().

Currently, target_disas() has multi-endian, thumb and AArch64
support whereas the existing monitor_disas() support only has vanilla
AA32 support.

E.G. Running an AA64 linux kernel the following -d in_asm disas happens
(taget_disas()):

IN:
0x0000000040000000:  580000c0      ldr x0, pc+24 (addr 0x40000018)
0x0000000040000004:  aa1f03e1      mov x1, xzr

However before this patch, disasing the same from the monitor:

(qemu) xp/i 0x40000000
0x0000000040000000:  580000c0      stmdapl  r0, {r6, r7}

After this patch:
(qemu) xp/i 0x40000000
0x0000000040000000:  580000c0      ldr x0, pc+24 (addr 0x40000018)
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NPeter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Add a QOM function hook for target-specific disassembly setup. This
allows removal of the #ifdeffery currently implementing target specific
disas setup from disas.c.
Reviewed-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NPeter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Add the print_insn pointer to the disassemble info structure. This is
to prepare for QOMification support, where a QOM CPU hook function will
be responsible for setting the print_insn() function. Add this function
to the existing struct to consolidate such that only the one struct
needs to be passed to the new QOM API.
Reviewed-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NPeter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

disas does not need to access the CPU env for any reason. Change the
APIs to accept CPU pointers instead. Small change pattern needs to be
applied to all target translate.c. This brings us closer to making
disas.o a common-obj and less architecture specific in general.

Cc: Richard Henderson <rth@twiddle.net>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Cc: Michael Walle <michael@walle.cc>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Cc: Jia Liu <proljc@gmail.com>
Cc: Alexander Graf <agraf@suse.de>
Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
Cc: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: NRichard Henderson <rth@twiddle.net>
Reviewed-by: NEduardo Habkost <ehabkost@redhat.com>
Signed-off-by: NPeter Crosthwaite <crosthwaite.peter@gmail.com>
Acked-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>

The monitor support for disassembling instructions does not honor the MSR[LE]
bit for PowerPC processors.

This change enhances the monitor_disas() routine by supporting a flag bit
for Little Endian mode.  Bit 16 is used since that bit was used in the
analagous guest disassembly routine target_disas().

Also, to be consistent with target_disas(), the disassembler bfd_mach field
can be passed in the flags argument.
Reported-by: NAnton Blanchard <anton@samba.org>
Signed-off-by: NTom Musta <tommusta@gmail.com>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NAlexander Graf <agraf@suse.de>

Inspect only bit 16 for the Little Endian test.  Correct comment preceding
the target_disas() function.  Correct grammar in comment for flags processing.
Signed-off-by: NTom Musta <tommusta@gmail.com>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NAlexander Graf <agraf@suse.de>

Use libvixl to implement disassembly output in debug
logs for A64, for use with both AArch64 hosts and targets.
Signed-off-by: NClaudio Fontana <claudio.fontana@linaro.org>
[PMM:
 * added support for target disassembly
 * switched to custom QEMUDisassembler so the output format
   matches what QEMU expects
 * make sure we correctly fall back to "just print hex"
   if we didn't build the AArch64 disassembler because of
   lack of a C++ compiler
 * rename from 'aarch64' to 'arm-a64' because this is a
   disassembler for the A64 instruction set
 * merge aarch64.c and aarch64-cxx.cc into one C++ file
 * simplify the aarch64.c<->aarch64-cxx.cc interface]
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

The OBJD-[HT] tags will be used by a script to run the hex blob
through objdump --disassemble.
Signed-off-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

Propagate X86CPU in kvmvapic for simplicity.
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Reviewed-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NAlexander Graf <agraf@suse.de>

Reviewed-by: NAurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Signed-off-by: NAnthony Green <green@moxielogic.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Pass around CPUArchState instead of using global cpu_single_env.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>
Acked-by: NRichard Henderson <rth@twiddle.net>
Acked-by: NAurelien Jarno <aurelien@aurel32.net>
Acked-by: NGuan Xuetao <gxt@mprc.pku.edu.cn>

Current code doesn't actually work in 32-bit mode at all.  Since
no one really noticed, drop the complication of v7 and v8 cpus.
Eliminate the --sparc_cpu configure option and standardize macro
testing on TCG_TARGET_REG_BITS / HOST_LONG_BITS
Signed-off-by: NRichard Henderson <rth@twiddle.net>

In our disassembly code, the bfd_vma type is always 64 bits,
even if the target's virtual address width is only 32 bits. This
means that when we print out addresses we need to truncate them
to 32 bits, to avoid odd output which has incorrectly sign-extended
a value to 64 bits, for instance this ARM example:
    0x80479a60:  e59f4088     ldr  r4, [pc, #136]  ; 0xffffffff80479a4f

(It would also be possible to truncate before passing the address
to info->print_address_func(), but truncating in the final print
function is the same approach that binutils takes to this problem.)
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NAndreas Färber <afaerber@suse.de>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

These were identified using: http://github.com/lyda/misspell-check
and run like this to create a bourne shell script using GNU sed's
-i option:

git ls-files|grep -vF .bin | misspellings -f - |grep -v '^ERROR:' |perl \
-pe 's/^(.*?)\[(\d+)\]: (\w+) -> "(.*?)"$/sed -i '\''${2}s!$3!$4!'\'' $1/'

Manually eliding the FP, "rela->real" and resolving "addres" to
address (not "adders") we get this:

  sed -i '450s!thru!through!' Changelog
  sed -i '260s!neccessary!necessary!' coroutine-sigaltstack.c
  sed -i '54s!miniscule!minuscule!' disas.c
  sed -i '1094s!thru!through!' hw/usb/hcd-ehci.c
  sed -i '1095s!thru!through!' hw/usb/hcd-ehci.c
  sed -i '21s!unecessary!unnecessary!' qapi-schema-guest.json
  sed -i '307s!explictly!explicitly!' qemu-ga.c
  sed -i '490s!preceeding!preceding!' qga/commands-posix.c
  sed -i '792s!addres!address!' qga/commands-posix.c
  sed -i '6s!beeing!being!' tests/tcg/test-mmap.c

Also, manually fix "arithmentic", spotted by Peter Maydell:

  sed -i 's!arithmentic!arithmetic!' coroutine-sigaltstack.c
Signed-off-by: NJim Meyering <meyering@redhat.com>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>

This is needed for w64. It changes nothing for other hosts.
Signed-off-by: NStefan Weil <sw@weilnetz.de>

Add support for ARM BE8 userspace binaries.
i.e. big-endian data and little-endian code.
In principle LE8 mode is also possible, but AFAIK has never actually
been implemented/used.

System emulation doesn't have any useable big-endian board models,
but should in principle work once you fix that.
Dynamic endianness switching requires messing with data accesses,
preferably with TCG cooperation, and is orthogonal to BE8 support.
Signed-off-by: NPaul Brook <paul@codesourcery.com>
[PMM: various changes, mostly as per my suggestions in code review:
 * rebase
 * use EF_ defines rather than hardcoded constants
 * make bswap_code a bool for future VMSTATE macro compatibility
 * update comment in cpu.h about TB flags bit field usage
 * factor out load-code-and-swap into arm_ld*_code functions and
   get_user_code* macros
 * fix stray trailing space at end of line
 * added braces in disas.c to satisfy checkpatch
]
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

Because binutils disassembler is based on libopcode, this is a rewrite from
scratch.
Signed-off-by: NMichael Walle <michael@walle.cc>

Scripted conversion:
  for file in *.[hc] hw/*.[hc] hw/kvm/*.[hc] linux-user/*.[hc] linux-user/m68k/*.[hc] bsd-user/*.[hc] darwin-user/*.[hc] tcg/*/*.[hc] target-*/cpu.h; do
    sed -i "s/CPUState/CPUArchState/g" $file
  done

All occurrences of CPUArchState are expected to be replaced by QOM CPUState,
once all targets are QOM'ified and common fields have been extracted.
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NAnthony Liguori <aliguori@us.ibm.com>