#16 Thumb LDMIA execution fault

[Anonymous]

There is a problem with execution of the following instruction in Thumb mode:

LDMIA r7!, {r5-r7}

Hex code for the instuction: 0xcfe0

The problem is that upon instruction execution, r7 is overwritten with the initial value of the r7 incremented by 3 words. This behaviour would be correct if r7 was not included in register list {r5-r7}.

According to ARM spec, in this case, this register should not be modified after it gets the value of the memory addressed by r7 ([r7+8]) before the instruction is executed.

The problems seems to be located in thumbemu.c:357 (skyeye 1.2.3).

Thumb instruction is substituted by ARM 0xE8B00000 (LDMIA) but it should be substituted by 0xE8900000 (i.e. bit 21 should be cleared).

Obviously, this problem exists for any LDMIA instruction that uses Rb in register list.

Dmitry