Incorrect PC in privilege violation exception stack frame

[howprice]

Hi. Great tool thanks. I think I may have found a bug in the exception processing in version 5.16.01, but it could be a misunderstanding on my behalf. It looks like the PC pushed to the exception stack frame when a privilege violation exception is generated may be incorrect.

From the MC68000 User Manual:

The saved value of the program counter is the address of the first word of the instruction causing the privilege violation.

I have looked at the privilege violation stack frame in WinUAE, and it seems to confirm this.

The attached program tests this in EASy68K: When the processor attempts to execute the instruction at address 00001018 in user mode, a privilege violation is generated and the hander is called. The PC pushed to the stack at memory location $FFC ($1000-4) is 0000101A, the address of the second extension word rather than the expected value of 00001018:

Please could you let me know if I have misunderstood something or if this is a genuine bug?

Thanks

EDIT: This program is buggy, but it demonstrates the point

    ORG    $1000
START:
    ; Initialise SSP
    LEA $1000,A7

    ; Install privalege violation exception handler
    LEA PrivExceptionHandler(PC),A0
    MOVE.L A0,$20
    
    ; Install trace exception handler, but do not enable trace mode.
    LEA TraceExceptionHandler(PC),A0
    MOVE.L A0,$24

    ; Disable supervisor mode (bit 13)
    ANDI #$dfff,SR
    
    ; Attempt to execute a privileged instruction, which should trigger the exception.
    ORI #$ffff,SR  ; *** address 00001018 ****

    MOVEQ #0,D0

    ; Enable trace mode.
    ORI #$8000,SR
        
    ; Trace is enabled so the trace exception should occur after executing this instruction
    ADDQ #1,D0

    ; If the instruction is not executed because the instruction is illegal or privileged,
    ; the trace exception does not occur. - MC68000UM
    ORI #$ffff,SR
    
    ; Again, this instruction should generate a trace exception after execution
    ADDQ #1,D0
.loop:
    ; An exception will be generated after each call to BRA in this loop.
    BRA .loop
    
PrivExceptionHandler:
    ; The address of the instruction that caused the exception is pushed in the exception stack frame.
    ; We want to continue execution at the next instruction, so increment by size of the 
    ; instruction, which in this case is 2 words (4 bytes).
    ; The top of stack is 2 byte SR, followed by 4 byte PC at offset 2.
    ADD.L #4,2(A7)
    RTE
    
TraceExceptionHandler:
    RTE
    
    END    START        ; last line of source

[shalebridge]

I've fixed the exception handling with PC in my fork of EASy68k, along with problems with PC indexing and displacement in the assembler itself. I'll put together a release soon.

I added an Illegal instruction handler in your test code as well, so the exception address is slightly different. I also reenable supervisor mode so trace mode can be activated:

ORG    $1000
START:
    ; Initialise SSP
    LEA $1000,A7

    ; Install privalege violation exception handler
    LEA PrivExceptionHandler(PC),A0
    MOVE.L A0,$20
    
    ; Install trace exception handler, but do not enable trace mode.
    LEA TraceExceptionHandler(PC),A0
    MOVE.L A0,$24
    
    ; Install illegal instruction handler
    LEA IllegalHandler(PC),A0
    MOVE.L A0, $10

    ; Disable supervisor mode (bit 13)
    ANDI #$dfff,SR
    
    ; Attempt to execute a privileged instruction, which should trigger the exception.
    ORI #$ffff,SR  ; *** address 00001020 ****

    MOVEQ #0,D0

    ; Enable trace mode.
    ORI  #$8000,SR
        
    ; Trace is enabled so the trace exception should occur after executing this instruction
    ADDQ #1,D0

    ; If the instruction is not executed because the instruction is illegal or privileged,
    ; the trace exception does not occur. - MC68000UM
    ORI #$ffff,SR
    
    ; Again, this instruction should generate a trace exception after execution
    ADDQ #1,D0
    
    ; This should trigger an Illegal instruction
    ILLEGAL
    NOP
.loop:
    ; An exception will be generated after each call to BRA in this loop.
    BRA .loop
    
PrivExceptionHandler:
    ; The address of the instruction that caused the exception is pushed in the exception stack frame.
    ; We want to continue execution at the next instruction, so increment by size of the 
    ; instruction, which in this case is 2 words (4 bytes).
    ; The top of stack is 2 byte SR, followed by 4 byte PC at offset 2.
    ADD.L #4,2(A7)
    
    ; Reenable supervisor mode (to set Trace bit)
    ORI.W   #$2000,(A7)
    RTE
    
TraceExceptionHandler:
    RTE
    
IllegalHandler:
    ; The address of the instruction that caused the exception is pushed in the exception stack frame.
    ; We want to continue execution at the next instruction, so increment by size of the 
    ; instruction, which in this case is 1 words (2 bytes).
    ADD.L #2,2(A7)
    RTE
    
    END    START        ; last line of source