Strage behavior after branching

[michaelko]

/Edit the hole post

I tried to do some "bare metal" programming with this emulator. This seems to be great since the source code is clean and being able to read the emulator seems to be a good idear.

// vexpress.js:651
// >> 2 because int is 4 bytes and the given addresses are individual bytes.
const int    DR    = 0x00  >> 2;
const int    FR    = 0x18  >> 2;
const int    IBRD  = 0x24  >> 2;
const int    FBRD  = 0x28  >> 2;
const int    LCR_H = 0x2c  >> 2;
const int    CR    = 0x30  >> 2;
const int    IFLS  = 0x34  >> 2;
const int    IMSC  = 0x38  >> 2;
const int    MIS   = 0x40  >> 2;
const int    ICR   = 0x44  >> 2;
unsigned int *uart;

void
putc(char c)
{
    // wait for UART to become ready to transmit
    // vexpress.js:707
    while (!(uart[FR] & (1 << 7)));

    uart[DR]= c;   

    while (!(uart[FR] & (1 << 7)));
}

void
puts(char *s) {    
    while(*s)
        putc(*(s++));    
}

int
main()
{
    //char s[] = { 'H', 'a', 'l', 'l', 'o' , 0};
    //char t[10];
    char *t;
    t = (char *) 0x10000;

    // vexpress.js:1455
    uart = (unsigned int *)0x10009000;

    // This does work
    putc('H');
    putc('a');
    putc('l');
    putc('l');
    putc('o');
    putc(' ');
    putc('W');
    putc('e');
    putc('l');
    putc('t');
    putc('\n');
    putc('\r');

    // This does not
    puts("asdfasdf");
    /*
    neither does this.
    t[0] = 'H';
    t[1] = 'a';
    t[2] = 'l';
    t[3] = 'l';
    t[4] = 'o';
    t[5] = 0;

    puts(t);
    //putss(s);
    int i=0;
    int j,x=0;
    for(i=97;i<123;i++){
        putc((char)i);
        for(j=0;j<5;j++);
            x += j;
    }
    */
    //putc(s[1]);
    //putc(s[2]);
    //puts("Hallo Welt\n\r");
    while(1);
}

I compiled it, the result is

http://paste.ubuntu.com/5598293/

And this disassembled

Add +0x8000 to all address in the first colum.

.data:0x00000000    e59fc0f4    ldr ip, [pc, #244] ; 0x000000fc
.data:0x00000004    eb00001c    bl 0x0000007c                              JUMP to MAIN
.data:0x00000008    e51c6ff8    ldr r6, [ip, #-4088] ; 0xff8               Function putc
.data:0x0000000C    e51c4ff4    ldr r4, [ip, #-4084] ; 0xff4
.data:0x00000010    e51c3fd8    ldr r3, [ip, #-4056] ; 0xfd8
.data:0x00000014    e1a05c00    lsl r5, r0, #24
.data:0x00000018    e1a05c45    asr r5, r5, #24
.data:0x0000001C    e7931104    ldr r1, [r3, r4, lsl #2]
.data:0x00000020    e2111080    ands r1, r1, #128 ; 0x80
.data:0x00000024    0afffffc    beq 0x0000001c
.data:0x00000028    e1a02c05    lsl r2, r5, #24
.data:0x0000002C    e1a02c42    asr r2, r2, #24
.data:0x00000030    e7832106    str r2, [r3, r6, lsl #2]
.data:0x00000034    e7931104    ldr r1, [r3, r4, lsl #2]
.data:0x00000038    e2111080    ands r1, r1, #128 ; 0x80
.data:0x0000003C    0afffffc    beq 0x00000034
.data:0x00000040    e28ef000    add pc, lr, #0
.data:0x00000044    e52de008    str lr, [sp, #-8]!                         Function puts
.data:0x00000048    e1a02000    mov r2, r0
.data:0x0000004C    e1d210d0    ldrsb r1, [r2]
.data:0x00000050    e3510000    cmp r1, #0
.data:0x00000054    0a000007    beq 0x00000078
.data:0x00000058    e2821001    add r1, r2, #1
.data:0x0000005C    e58d100c    str r1, [sp, #12]
.data:0x00000060    e1d200d0    ldrsb r0, [r2]
.data:0x00000064    ebffffe7    bl 0x00000008
.data:0x00000068    e59d200c    ldr r2, [sp, #12]
.data:0x0000006C    e1d210d0    ldrsb r1, [r2]
.data:0x00000070    e3510000    cmp r1, #0
.data:0x00000074    1afffff7    bne 0x00000058
.data:0x00000078    e49df008    ldr pc, [sp], #8
.data:0x0000007C    e52de00c    str lr, [sp, #-12]!                                Main
.data:0x00000080    e59f2078    ldr r2, [pc, #120] ; 0x00000100
.data:0x00000084    e3a01801    mov r1, #65536 ; 0x10000
.data:0x00000088    e50c2fd8    str r2, [ip, #-4056] ; 0xfd8
.data:0x0000008C    e3a00048    mov r0, #72 ; 0x48
.data:0x00000090    ebffffdc    bl 0x00000008                                  calling putc for individuall constants works...
.data:0x00000094    e3a00061    mov r0, #97 ; 0x61
.data:0x00000098    ebffffda    bl 0x00000008
.data:0x0000009C    e3a0006c    mov r0, #108 ; 0x6c
.data:0x000000A0    ebffffd8    bl 0x00000008
.data:0x000000A4    e3a0006c    mov r0, #108 ; 0x6c
.data:0x000000A8    ebffffd6    bl 0x00000008
.data:0x000000AC    e3a0006f    mov r0, #111 ; 0x6f
.data:0x000000B0    ebffffd4    bl 0x00000008
.data:0x000000B4    e3a00020    mov r0, #32
.data:0x000000B8    ebffffd2    bl 0x00000008
.data:0x000000BC    e3a00057    mov r0, #87 ; 0x57
.data:0x000000C0    ebffffd0    bl 0x00000008
.data:0x000000C4    e3a00065    mov r0, #101 ; 0x65
.data:0x000000C8    ebffffce    bl 0x00000008
.data:0x000000CC    e3a0006c    mov r0, #108 ; 0x6c
.data:0x000000D0    ebffffcc    bl 0x00000008
.data:0x000000D4    e3a00074    mov r0, #116 ; 0x74
.data:0x000000D8    ebffffca    bl 0x00000008
.data:0x000000DC    e3a0000a    mov r0, #10
.data:0x000000E0    ebffffc8    bl 0x00000008
.data:0x000000E4    e3a0000d    mov r0, #13
.data:0x000000E8    ebffffc6    bl 0x00000008
.data:0x000000EC    e59f0010    ldr r0, [pc, #16] ; 0x00000104       --------    load the address for the String
.data:0x000000F0    ebffffd3    bl 0x00000044                               |
.data:0x000000F4    eafffffe    b 0x000000f4                                |
.data:0x000000F8    eafffffe    b 0x000000f8                                |
.data:0x000000FC    00009104    andeq r9, r0, r4, lsl #2                    |
.data:0x00000100    10009000    andne r9, r0, r0                            |
.data:0x00000104    00008134    andeq r8, r0, r4, lsr r1           <---------    Address for the String is 8134
.data:0x00000108    0000000c    andeq r0, r0, ip
.data:0x0000010C    00000000    andeq r0, r0, r0
.data:0x00000110    00000006    andeq r0, r0, r6
.data:0x00000114    00000011    andeq r0, r0, r1, lsl r0
.data:0x00000118    00000010    andeq r0, r0, r0, lsl r0
.data:0x0000011C    0000000a    andeq r0, r0, sl
.data:0x00000120    00000009    andeq r0, r0, r9
.data:0x00000124    0000000d    andeq r0, r0, sp
.data:0x00000128    0000000e    andeq r0, r0, lr
.data:0x0000012C    00000000    andeq r0, r0, r0
.data:0x00000130    0000000b    andeq r0, r0, fp
.data:0x00000134    66647361    strbtvs r7, [r4], -r1, ror #6                 This is the String "asdfasdf", not actually instructions
.data:0x00000138    66647361    strbtvs r7, [r4], -r1, ror #6
.data:0x0000013C    00000000    andeq r0, r0, r0                                String is 0 terminated here
.data:0x00000140    00000000    andeq r0, r0, r0
.data:0x00000144    00000000    andeq r0, r0, r0
.data:0x00000148    08810000    stmeq r1, {} ; <UNPREDICTABLE>  Lots of other stuff..... not everything included...
.data:0x0000014C    657465d4    ldrbvs r6, [r4, #-1492]! ; 0x5d4
.data:0x00000150    00007478    andeq r7, r0, r8, ror r4
.data:0x00000154    c4049100    strgt r9, [r4], #-256 ; 0x100

This does not work as expected.. Puts is called, the address is in r0, it is copied to r2, the address from r2 is derfferenced (it is 0x60 = 'a') and putc is called. putc does work, the loop is still running. and 8074 there is a jump.

At this point (tick 240) stuff breaks:

CPU:
mode=SVC
halted=false
     [ 0]=00000061 [ 1]=(undefined) [ 2]=(undefined) [ 3]=10009000 [ 4]=00000006 [ 5]=00000061 [ 6]=00000000 [ 7]=00000000 
     [ 8]=00000000 [ 9]=00000000 [10]=00000000 [11]=00000000 [12]=00009104 [13]=00000-14 [14]=00008068 [15]=00008058 
USR: [ 0]=00000000 [ 1]=00000000 [ 2]=00000000 [ 3]=00000000 [ 4]=00000000 [ 5]=00000000 [ 6]=00000000 [ 7]=00000000 
     [ 8]=00000000 [ 9]=00000000 [10]=00000000 [11]=00000000 [12]=00000000 [13]=00000000 [14]=00000000 [15]=00000000 
SVC:                                                                       [13]=00000000 [14]=00000000

The register r2 is expected to contain the variable s, but it is empty. I feel this is a bug in the emulator since this is not hand written assembly, but the output of a c compiler. On the other hand i don't get why not simply a mov r15 #0x58 is used.

[michaelko]

It seems i missidentified a error, so i edited my hole post.