2015-09-30 0:59 GMT+02:00 Peter Maydell <peter.mayd...@linaro.org>: > On 29 September 2015 at 23:40, Alistair Francis <alistai...@gmail.com> > wrote: > > On Thu, Sep 24, 2015 at 11:58 AM, mar.krzeminski > > <mar.krzemin...@gmail.com> wrote: > >> > >> > >> W dniu 24.09.2015 o 20:38, Peter Crosthwaite pisze: > >> > >>> On Thu, Sep 24, 2015 at 10:14 AM, mar.krzeminski > >>> <mar.krzemin...@gmail.com> wrote: > >>>> Today I stacked on other interesting think - and I do not want to spam > >>>> this > >>>> list - it is hack in cortex-m3 > >>>> from armv7m. > >>>> > >>>> /* Hack to map an additional page of ram at the top of the > address > >>>> space. This stops qemu complaining about executing code > outside > >>>> RAM > >>>> when returning from an exception. */ > >>>> memory_region_init_ram(hack, NULL, "armv7m.hack", 0x1000, > >>>> &error_abort); > > >> Then took me a while to understand why qemu crash while serving M3 > exception > >> because I haven't took this hack :) > > > > It sounds like you figured out why it's there. From memory it is to > > handle an exception, because the guest would just to a really high > > memory area and if there is no memory there QEMU will throw an error. > > Sort of. This is for the exception-return mechanism, which on > M-profile works by having the function-return instructions > special-case attempts to "return" to addresses 0xfffffffx, which > should do exception return semantics. QEMU's implementation > handles this by treating "attempt to execute at 0xfffffff0" > specially in the translator (we generate EXCP_EXCEPTION_EXIT). > For this to work we have to have some fake RAM at that address. > > This isn't actually an architecturally correct way to do it, > because the architecture says that you should only get the > special exception-return behaviour if you use the right > instructions to return to one of the magic addresses. If > you just try to branch into those addresses you should > get some kind of fault instead. > > However, like many things in our M-profile implementation, > it sort of works and nobody has cared enough about M-profile > to try to clean it up. (An efficient implementation of the > right behaviour could be a bit tricky.) > > thanks > -- PMM > I have at 0xfffffff0 real memory now (with aliasing to lower memory address). Does it mean that qemu might try to execute some instructions from there?
Regards, Marcin
