The code where we added the TT instruction was accidentally
missing a 'break', which meant that after generating the code
to execute the TT we would fall through to 'goto illegal_op'
and generate code to take an UNDEF insn.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
Doh...

 target/arm/translate.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index 55826b7e5a..572c4d1cb6 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -9926,6 +9926,7 @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
                         tcg_temp_free_i32(addr);
                         tcg_temp_free_i32(op);
                         store_reg(s, rd, ttresp);
+                        break;
                     }
                     goto illegal_op;
                 }
-- 
2.16.1

On 02/06/2018 07:39 AM, Peter Maydell wrote:
> The code where we added the TT instruction was accidentally

"In 5158de241b0 ..."

> missing a 'break', which meant that after generating the code
> to execute the TT we would fall through to 'goto illegal_op'
> and generate code to take an UNDEF insn.>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

> ---
> Doh...
> 
>  target/arm/translate.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/target/arm/translate.c b/target/arm/translate.c
> index 55826b7e5a..572c4d1cb6 100644
> --- a/target/arm/translate.c
> +++ b/target/arm/translate.c
> @@ -9926,6 +9926,7 @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
>                          tcg_temp_free_i32(addr);
>                          tcg_temp_free_i32(op);
>                          store_reg(s, rd, ttresp);
> +                        break;
>                      }
>                      goto illegal_op;
>                  }
>