[ARM32] Hook for "svc" always returns interrupt number 2 #2153
Description
Hello,
sorry to bother you again. I think this time i found a real bug regarding ARM32 "svc" instruction (supervisor call).
I compiled current master (f8c6db9) on Linux.
Please consider the attached testcase.
Expected output:
start test
svc 0
svc 1
svc 2
svc 3
svc 4
svc 5
svc 6
test done
Real output:
start test
svc 2
svc 2
svc 2
svc 2
svc 2
svc 2
svc 2
test done
I spent a lot of time tracking this down but as i am not familiar with QEMU/Unicorn-internals i don't know the correct way to fix this.
If an svc $n instruction is encountered then https://github.com/unicorn-engine/unicorn/blob/master/qemu/target/arm/op_helper.c#L30 is somehow called with excp set to EXCP_SWI (==2, the wrong value we are always seeing, defined inside https://github.com/unicorn-engine/unicorn/blob/master/qemu/target/arm/cpu.h ). The actual svc call number is inside syndrome with some other informations (i don't understand the details).
At https://github.com/unicorn-engine/unicorn/blob/master/qemu/target/arm/op_helper.c#L49 cs->exception_index is then set to excp (which is 2), but syndrome (which contails the actual call number we are interested in) is not stored inside cs. Maybe there is the (first part of) the problem?
See also the comment at https://github.com/unicorn-engine/unicorn/blob/master/qemu/target/arm/cpu.h#L528 .
I have hacked together a patch, attached here, that works for me; but as i have basically no idea what i am doing i won't open a PR. Somebody else should look at this. No hurry, for me the bug is kinda "resolved".
Thank you.