>Number:         19462
>Category:       port-mips
>Synopsis:       MIPS FPU emulator points wrong epc on exception case
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-mips-maintainer (NetBSD/mips Portmasters)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Dec 19 11:39:00 PST 2002
>Closed-Date:
>Last-Modified:  
>Originator:     Shuichiro URATA
>Release:        current 12/11/1999
>Organization:
>Environment:
NetBSD/hpcmips


>Description:
1. When FPU emulator(mips/fp.S or mips/fpemu.c) detects some error
   and cause signal, epc points next instruction. If emulated
   instruction was in branch delay slot, epc points branch destination.
2. In same case, cause and badva on trap frame is not updated.
3. load instruction emulator uses fu{word,sword,byte} and doesn't
   check fetch error.
4. If SOFTFLOAT is not set, mips/fpemu.c isn't needed to compile.

These case can be occurs on other MIPS based ports.

>How-To-Repeat:
This sample should be cause following results.

1. cause segmentation fault
2. epc register points bc1f instruction
3. MIPS_CR_BR_DELAY bit is set on cause register

main()
{
	.asm(
		".set noreorder;"
		"c.f.d $f0,$f0;"
		"bc1f 1f;"
		"lw $0,0($0);"
		"1:"
	);
}

>Fix:
Please refer this patch.

<http://www.a-r.org/~ur/softfloat1211.diff.gz>

>Release-Note:
>Audit-Trail:
>Unformatted:
 Any one has the below patch:
 <http://www.a-r.org/~ur/softfloat1211.diff.gz>
 or any other information regarding this FPU emulator bug? Thanks a lot :)
  
 Regards,
 haofeng
 
 ----------------------------------------------------------------------------
 -----------------------------------------
 Subject: port-mips/9016: MIPS FPU emulator points wrong epc on exception
 case
 To: None <gnats-bugs@gnats.netbsd.org>
 From: None <ur@a-r.org>
 List: netbsd-bugs
 Date: 12/17/1999 10:18:40