From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1KE9H0-0002Fs-8d
	for qemu-devel@nongnu.org; Wed, 02 Jul 2008 16:49:54 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1KE9Gy-0002D4-LO
	for qemu-devel@nongnu.org; Wed, 02 Jul 2008 16:49:53 -0400
Received: from [199.232.76.173] (port=44234 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1KE9Gy-0002Co-E5
	for qemu-devel@nongnu.org; Wed, 02 Jul 2008 16:49:52 -0400
Received: from relay01.mx.bawue.net ([193.7.176.67]:58001)
	by monty-python.gnu.org with esmtps
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60)
	(envelope-from <ths@networkno.de>) id 1KE9Gy-0008NZ-21
	for qemu-devel@nongnu.org; Wed, 02 Jul 2008 16:49:52 -0400
Date: Wed, 2 Jul 2008 21:49:48 +0100
From: Thiemo Seufer <ths@networkno.de>
Subject: Re: [Qemu-devel] found one tcg `bug' (was: testing r4764 svn from
	2008-06-20 18:25:56 +0200 on FreeBSD)
Message-ID: <20080702204948.GF7007@networkno.de>
References: <20080620230215.GA78963@saturn.kn-bremen.de>
	<20080702200447.GA17144@saturn.kn-bremen.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20080702200447.GA17144@saturn.kn-bremen.de>
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Juergen Lock <nox@jelal.kn-bremen.de>

Juergen Lock wrote:
[snip]
> >  (Memory corruption, right?)  I've put the end of a in_asm,out_asm log up at
> > 	http://people.freebsd.org/~nox/qemu/tcgbug-i386host.log.txt
> > (its long.)  That function is MD5Transform() in:
> > 	http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/kern/md5c.c?annotate=1.27
> > in the FreeBSD 7.0 amd64 kernel on
> > 	ftp://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-amd64/7.0/7.0-RELEASE-amd64-livefs.iso
> > (the bootonly most likely will fail in the same way:
> > 	ftp://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-amd64/7.0/7.0-RELEASE-amd64-bootonly.iso
> > , you can go to
> > 	http://mirrorlist.freebsd.org/
> > to find a mirror near you, search for ISOs.)
> 
> Well, I finally got around looking at this again, and found the cause
> wasn't exactly a bug, just a too low constant:
> 
> Index: qemu/exec-all.h
> @@ -30,7 +30,7 @@
>  struct TranslationBlock;
>  
>  /* XXX: make safe guess about sizes */
> -#define MAX_OP_PER_INSTR 64
> +#define MAX_OP_PER_INSTR 128
>  /* A Call op needs up to 6 + 2N parameters (N = number of arguments).  */
>  #define MAX_OPC_PARAM 10
>  #define OPC_BUF_SIZE 512
> 
>  With this I can at least boot into fixit and run find /dist (I didn't
> test an actual install.)

Were you able to isolate the offending instruction? With more than 64
ops it should probably use a helper function.


Thiemo