Subject: port-mips/9016: MIPS FPU emulator points wrong epc on exception case
To: None <>
From: None <>
List: netbsd-bugs
Date: 12/17/1999 10:18:40
>Number:         9016
>Category:       port-mips
>Synopsis:       MIPS FPU emulator points wrong epc on exception case
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-mips-maintainer (NetBSD/mips Portmasters)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Dec 17 10:18:00 1999
>Originator:     Shuichiro URATA
>Release:        current 12/11/1999

1. When FPU emulator(mips/fp.S or mips/fpemu.c) detects some error
   and cause signal, epc points next instruction. If emulated
   instruction was in branch delay slot, epc points branch destination.
2. In same case, cause and badva on trap frame is not updated.
3. load instruction emulator uses fu{word,sword,byte} and doesn't
   check fetch error.
4. If SOFTFLOAT is not set, mips/fpemu.c isn't needed to compile.

These case can be occurs on other MIPS based ports.

This sample should be cause following results.

1. cause segmentation fault
2. epc register points bc1f instruction
3. MIPS_CR_BR_DELAY bit is set on cause register

		".set noreorder;"
		"c.f.d $f0,$f0;"
		"bc1f 1f;"
		"lw $0,0($0);"

Please refer this patch.