[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gdb-bugs
Subject:    GDB 7.3 rs6000-tdep.c skip_prologue lr_reg computed/used incorrectly
From:       Doug Graham <douglasgraham () sympatico ! ca>
Date:       2011-08-14 17:14:02
Message-ID: BLU0-SMTP79ACC6D897912A968B18F5C6270 () phx ! gbl
[Download RAW message or body]

In skip_prologue() in rs6000-tdep.c, lr_reg is extracted from an mflr 
instruction as follows:

    lr_reg = (op & 0x03e00000) >> 21;

This makes lr a register number between 0 and 31.

When it is later tested when looking for a stw etc. instruction:

   if ((op & 0xffff0000) == (lr_reg | 0x90010000))
      ...

it should be left shifted by 21here, because the rS field  in the stw 
instruction appears 21 bits to the left in the instruction.  
Alternatively, it should not be shifted at all when it is extracted from 
the mflr.  In fact, the latter is how this code was written up until GDB 
6.8 and maybe later.

Obviously, the above comparison could never be true (unless lr_reg is 
zero)  because it is comparing a number with the lower 16 bits masked 
off with a number which has the register number in the lower 16 bits.

--Doug



[Attachment #3 (text/html)]

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
  </head>
  <body text="#000000" bgcolor="#ffffff">
    <font face="Helvetica, Arial, sans-serif">In skip_prologue() in
      rs6000-tdep.c, lr_reg is extracted from an mflr instruction as
      follows:<br>
      <br>
      &nbsp;&nbsp; lr_reg = (op &amp; 0x03e00000) &gt;&gt; 21;<br>
      <br>
      This makes lr a register number between 0 and 31.<br>
      <br>
      When it is later tested when looking for a stw etc. instruction:<br>
      <br>
      &nbsp; if ((op &amp; 0xffff0000) == (lr_reg | 0x90010000))<br>
      &nbsp;&nbsp;&nbsp;&nbsp; ...<br>
      <br>
      it should be left shifted by 21here, because the rS field&nbsp; in the
      stw instruction appears 21 bits to the left in the instruction.&nbsp;
      Alternatively, it should not be shifted at all when it is
      extracted from the mflr.&nbsp; In fact, the latter is how this code was
      written up until GDB 6.8 and maybe later.<br>
      <br>
      Obviously, the above comparison could never be true (unless lr_reg
      is zero)&nbsp; because it is comparing a number with the lower 16 bits
      masked off with a number which has the register number in the
      lower 16 bits.<br>
      <br>
      --Doug<br>
      <br>
      <br>
    </font>
  </body>
</html>


[prev in list] [next in list] [prev in thread] [next in thread]