* [Qemu-devel] testing r4764 svn from 2008-06-20 18:25:56 +0200 on FreeBSD
@ 2008-06-20 23:02 Juergen Lock
2008-07-02 20:04 ` [Qemu-devel] found one tcg `bug' (was: testing r4764 svn from 2008-06-20 18:25:56 +0200 on FreeBSD) Juergen Lock
0 siblings, 1 reply; 4+ messages in thread
From: Juergen Lock @ 2008-06-20 23:02 UTC (permalink / raw)
To: qemu-devel
I've been playing with qemu svn again recently, preparing experimental
FreeBSD ports (see
http://docs.freebsd.org/cgi/mid.cgi?20080620211216.GA75382
for the details), and want to note a few things:
- The snapshot script for
http://qemu-forum.ipi.fi/qemu-snapshots/
apparently still checks out from cvs, which means qemu svn surely gets
less testing than it could. :) Anyway I had to make my own tarball for
the port to get (using svn export), available at:
http://people.fruitsalad.org/nox/qemu/qemu-snapshot-2008-06-20_19.tar.bz2
- kqemu-1.4.0pre1 seems to also work on FreeBSD (I only had to add
KQEMU_SET_PHYS_MEM handling to the existing patches from the FreeBSD
kqemu-kmod port; if you've been following the FreeBSD side of things you
know that it finally no longer crashes/hangs the host on amd64 SMP there...
The patches can be seen here:
http://www.freebsd.org/cgi/cvsweb.cgi/ports/emulators/kqemu-kmod/files/
)
- I also needed to patch exec.c:code_gen_alloc() for amd64:
Index: qemu/exec.c
@@ -405,6 +405,28 @@
exit(1);
}
}
+#elif defined(__FreeBSD__)
+ {
+ int flags;
+ void *addr = NULL;
+ flags = MAP_PRIVATE | MAP_ANONYMOUS;
+#if defined(__x86_64__)
+ /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
+ * 0x40000000 is free */
+ flags |= MAP_FIXED;
+ addr = (void *)0x40000000;
+ /* Cannot map more than that */
+ if (code_gen_buffer_size > (800 * 1024 * 1024))
+ code_gen_buffer_size = (800 * 1024 * 1024);
+#endif
+ code_gen_buffer = mmap(addr, code_gen_buffer_size,
+ PROT_WRITE | PROT_READ | PROT_EXEC,
+ flags, -1, 0);
+ if (code_gen_buffer == MAP_FAILED) {
+ fprintf(stderr, "Could not allocate dynamic translator buffer\n");
+ exit(1);
+ }
+ }
#else
code_gen_buffer = qemu_malloc(code_gen_buffer_size);
if (!code_gen_buffer) {
- I'm not sure if this patch would be useful to avoid a dos:
Index: qemu/hw/fdc.c
@@ -1322,7 +1322,8 @@
fd_sector(cur_drv));
return 0;
}
- if (bdrv_read(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1) < 0) {
+ if (cur_drv->bs == NULL ||
+ bdrv_read(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1) < 0) {
FLOPPY_DPRINTF("error getting sector %d\n",
fd_sector(cur_drv));
/* Sure, image size is too small... */
@@ -1776,7 +1777,8 @@
if (pos == FD_SECTOR_LEN - 1 ||
fdctrl->data_pos == fdctrl->data_len) {
cur_drv = get_cur_drv(fdctrl);
- if (bdrv_write(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1) < 0) {
+ if (cur_drv->bs == NULL ||
+ bdrv_write(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1) < 0) {
FLOPPY_ERROR("writing sector %d\n", fd_sector(cur_drv));
return;
}
- I found a tcg regression for x86_64 targets on i386 hosts that caused
qemu-system-x86_64 to segfault like this:
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
warning: core file may not match specified executable file.
Core was generated by `qemu-system-x86_64'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libm.so.4...done.
Loaded symbols for /lib/libm.so.4
Reading symbols from /lib/libz.so.3...done.
Loaded symbols for /lib/libz.so.3
Reading symbols from /usr/local/lib/libgnutls.so.26...done.
Loaded symbols for /usr/local/lib/libgnutls.so.26
Reading symbols from /lib/libutil.so.5...done.
Loaded symbols for /lib/libutil.so.5
Reading symbols from /usr/local/lib/libSDL-1.2.so.11...done.
Loaded symbols for /usr/local/lib/libSDL-1.2.so.11
Reading symbols from /lib/libncurses.so.6...done.
Loaded symbols for /lib/libncurses.so.6
Reading symbols from /lib/libpthread.so.2...done.
Loaded symbols for /lib/libpthread.so.2
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /usr/local/lib/libgcrypt.so.15...done.
Loaded symbols for /usr/local/lib/libgcrypt.so.15
Reading symbols from /usr/local/lib/libgpg-error.so.0...done.
Loaded symbols for /usr/local/lib/libgpg-error.so.0
Reading symbols from /usr/local/lib/libintl.so.8...done.
Loaded symbols for /usr/local/lib/libintl.so.8
Reading symbols from /usr/local/lib/libiconv.so.3...done.
Loaded symbols for /usr/local/lib/libiconv.so.3
Reading symbols from /usr/local/lib/libX11.so.6...done.
Loaded symbols for /usr/local/lib/libX11.so.6
Reading symbols from /usr/local/lib/libXext.so.6...done.
Loaded symbols for /usr/local/lib/libXext.so.6
Reading symbols from /usr/local/lib/libXrandr.so.2...done.
Loaded symbols for /usr/local/lib/libXrandr.so.2
Reading symbols from /usr/local/lib/libXrender.so.1...done.
Loaded symbols for /usr/local/lib/libXrender.so.1
Reading symbols from /usr/local/lib/libvga.so.1...done.
Loaded symbols for /usr/local/lib/libvga.so.1
Reading symbols from /usr/lib/libvgl.so.4...done.
Loaded symbols for /usr/lib/libvgl.so.4
Reading symbols from /usr/local/lib/libaa.so.1...done.
Loaded symbols for /usr/local/lib/libaa.so.1
Reading symbols from /usr/lib/libusbhid.so.2...done.
Loaded symbols for /usr/lib/libusbhid.so.2
Reading symbols from /usr/local/lib/libXau.so.6...done.
Loaded symbols for /usr/local/lib/libXau.so.6
Reading symbols from /usr/local/lib/libXdmcp.so.6...done.
Loaded symbols for /usr/local/lib/libXdmcp.so.6
Reading symbols from /usr/lib/librpcsvc.so.3...done.
Loaded symbols for /usr/lib/librpcsvc.so.3
Reading symbols from /usr/local/lib/libXcursor.so.1...done.
Loaded symbols for /usr/local/lib/libXcursor.so.1
Reading symbols from /usr/local/lib/libXfixes.so.3...done.
Loaded symbols for /usr/local/lib/libXfixes.so.3
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0 tcg_malloc_internal (s=0x83c32e0, size=1024)
at /usr/ports/emulators/qemu-devel/work/qemu-snapshot-2008-06-20_19/tcg/tcg.c:172
172 if (!p->next) {
[New LWP 100159]
(gdb) bt
#0 tcg_malloc_internal (s=0x83c32e0, size=1024)
at /usr/ports/emulators/qemu-devel/work/qemu-snapshot-2008-06-20_19/tcg/tcg.c:172
#1 0x0814d8c6 in tcg_liveness_analysis (s=0x83c32e0) at tcg.h:286
#2 0x08150ac1 in dyngen_code (s=0x83c32e0, gen_code_buf=0x290d60a0 "")
at /usr/ports/emulators/qemu-devel/work/qemu-snapshot-2008-06-20_19/tcg/tcg.c:1860
#3 0x080d521c in cpu_x86_gen_code (env=0x1276e000, tb=0x11217398,
gen_code_size_ptr=0xbfbfd6fc)
at /usr/ports/emulators/qemu-devel/work/qemu-snapshot-2008-06-20_19/translate-all.c:121
#4 0x080d5b90 in cpu_x86_exec (env1=0x1)
at /usr/ports/emulators/qemu-devel/work/qemu-snapshot-2008-06-20_19/cpu-exec.c:141
#5 0x08056056 in main (argc=0, argv=0x0)
at /usr/ports/emulators/qemu-devel/work/qemu-snapshot-2008-06-20_19/vl.c:7233
(gdb) p *p
Cannot access memory at address 0x1b001b
(gdb) p/x *s
$1 = {pool_cur = 0x1b001e, pool_end = 0xc000b, pool_first = 0xc001a,
pool_current = 0x1b001b, labels = 0x60006, nb_labels = 0x7000c,
temps = 0xc000c, nb_globals = 0x140014, nb_temps = 0x26, first_free_temp = {
0x20, 0x2f, 0xffffffff, 0x27}, code_buf = 0x290d5990, tb_next = 0x0,
tb_next_offset = 0x112173d4, tb_jmp_offset = 0x112173d8,
op_dead_iargs = 0x1286e010, reg_to_temp = {0xffffffff, 0xffffffff,
0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff},
reserved_regs = 0x30, current_frame_offset = 0x9460, frame_start = 0x9460,
frame_end = 0x9660, frame_reg = 0x5, code_ptr = 0x290d60a0, static_temps = {{
base_type = 0x0, type = 0x0, val_type = 0x1, reg = 0x5, val = 0x0,
mem_reg = 0x0, mem_offset = 0x0, fixed_reg = 0x1, mem_coherent = 0x0,
mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x0,
next_free_temp = 0x0, name = 0x81938e3}, {base_type = 0x0, type = 0x0,
val_type = 0x2, reg = 0x0, val = 0x1, mem_reg = 0x5, mem_offset = 0xa0,
fixed_reg = 0x0, mem_coherent = 0x1, mem_allocated = 0x1,
temp_local = 0x0, temp_allocated = 0x0, next_free_temp = 0x0,
name = 0x8192e90}, {base_type = 0x1, type = 0x0, val_type = 0x2,
reg = 0x7, val = 0x58, mem_reg = 0x5, mem_offset = 0x90,
fixed_reg = 0x0, mem_coherent = 0x0, mem_allocated = 0x1,
temp_local = 0x0, temp_allocated = 0x0, next_free_temp = 0x0,
name = 0x126f8860}, {base_type = 0x1, type = 0x0, val_type = 0x2,
reg = 0x1, val = 0x0, mem_reg = 0x5, mem_offset = 0x94, fixed_reg = 0x0,
mem_coherent = 0x0, mem_allocated = 0x1, temp_local = 0x0,
---Type <return> to continue, or q <return> to quit---
temp_allocated = 0x0, next_free_temp = 0x0, name = 0x126f8870}, {
base_type = 0x1, type = 0x0, val_type = 0x2, reg = 0x6, val = 0x1,
mem_reg = 0x5, mem_offset = 0x98, fixed_reg = 0x0, mem_coherent = 0x0,
mem_allocated = 0x1, temp_local = 0x0, temp_allocated = 0x0,
next_free_temp = 0x0, name = 0x126f8880}, {base_type = 0x1, type = 0x0,
val_type = 0x2, reg = 0x7, val = 0x0, mem_reg = 0x5, mem_offset = 0x9c,
fixed_reg = 0x0, mem_coherent = 0x0, mem_allocated = 0x1,
temp_local = 0x0, temp_allocated = 0x0, next_free_temp = 0x0,
name = 0x126f8890}, {base_type = 0x1, type = 0x0, val_type = 0x2,
reg = 0x0, val = 0x0, mem_reg = 0x5, mem_offset = 0x370,
fixed_reg = 0x0, mem_coherent = 0x0, mem_allocated = 0x1,
temp_local = 0x0, temp_allocated = 0x0, next_free_temp = 0x0,
name = 0x126f88a0}, {base_type = 0x1, type = 0x0, val_type = 0x2,
reg = 0x0, val = 0x0, mem_reg = 0x5, mem_offset = 0x374,
fixed_reg = 0x0, mem_coherent = 0x0, mem_allocated = 0x1,
temp_local = 0x0, temp_allocated = 0x0, next_free_temp = 0x0,
name = 0x126f88b0}, {base_type = 0x1, type = 0x0, val_type = 0x0,
reg = 0x0, val = 0x804925af, mem_reg = 0x5, mem_offset = 0x9460,
fixed_reg = 0x0, mem_coherent = 0x0, mem_allocated = 0x0,
temp_local = 0x0, temp_allocated = 0x1, next_free_temp = 0x0,
name = 0x0}, {base_type = 0x0, type = 0x0, val_type = 0x0, reg = 0x7,
val = 0xffffffff, mem_reg = 0x5, mem_offset = 0x946c, fixed_reg = 0x0,
mem_coherent = 0x0, mem_allocated = 0x0, temp_local = 0x0,
---Type <return> to continue, or q <return> to quit---
temp_allocated = 0x1, next_free_temp = 0x0, name = 0x0}, {
base_type = 0x1, type = 0x0, val_type = 0x0, reg = 0x0, val = 0x12,
mem_reg = 0x5, mem_offset = 0x9460, fixed_reg = 0x0, mem_coherent = 0x0,
mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
next_free_temp = 0x0, name = 0x0}, {base_type = 0x0, type = 0x0,
val_type = 0x0, reg = 0x1, val = 0x0, mem_reg = 0x5,
mem_offset = 0x9464, fixed_reg = 0x0, mem_coherent = 0x0,
mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
next_free_temp = 0x0, name = 0x0}, {base_type = 0x1, type = 0x0,
val_type = 0x0, reg = 0x3, val = 0x0, mem_reg = 0x5,
mem_offset = 0x9460, fixed_reg = 0x0, mem_coherent = 0x0,
mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
next_free_temp = 0x0, name = 0x0}, {base_type = 0x0, type = 0x0,
val_type = 0x0, reg = 0x0, val = 0x0, mem_reg = 0x5,
mem_offset = 0x948c, fixed_reg = 0x0, mem_coherent = 0x0,
mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
next_free_temp = 0x0, name = 0x0}, {base_type = 0x1, type = 0x0,
val_type = 0x0, reg = 0x0, val = 0x4, mem_reg = 0x5,
mem_offset = 0x946c, fixed_reg = 0x0, mem_coherent = 0x0,
mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
next_free_temp = 0x0, name = 0x0}, {base_type = 0x0, type = 0x0,
val_type = 0x0, reg = 0x2, val = 0x0, mem_reg = 0x5,
mem_offset = 0x9470, fixed_reg = 0x0, mem_coherent = 0x0,
---Type <return> to continue, or q <return> to quit---
mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
next_free_temp = 0x0, name = 0x0}, {base_type = 0x1, type = 0x0,
val_type = 0x0, reg = 0x0, val = 0x80492897, mem_reg = 0x5,
mem_offset = 0x9470, fixed_reg = 0x0, mem_coherent = 0x0,
mem_allocated = 0x1, temp_local = 0x0, temp_allocated = 0x1,
next_free_temp = 0x0, name = 0x0}, {base_type = 0x0, type = 0x0,
val_type = 0x0, reg = 0x0, val = 0xffffffff, mem_reg = 0x5,
mem_offset = 0x9478, fixed_reg = 0x0, mem_coherent = 0x0,
mem_allocated = 0x1, temp_local = 0x0, temp_allocated = 0x1,
next_free_temp = 0x0, name = 0x0}, {base_type = 0x1, type = 0x0,
val_type = 0x0, reg = 0x0, val = 0x0, mem_reg = 0x0, mem_offset = 0x0,
fixed_reg = 0x0, mem_coherent = 0x0, mem_allocated = 0x0,
temp_local = 0x0, temp_allocated = 0x1, next_free_temp = 0x0,
name = 0x0}, {base_type = 0x0, type = 0x0, val_type = 0x0, reg = 0x0,
val = 0x0, mem_reg = 0x0, mem_offset = 0x0, fixed_reg = 0x0,
mem_coherent = 0x0, mem_allocated = 0x0, temp_local = 0x0,
temp_allocated = 0x1, next_free_temp = 0x0, name = 0x0}, {
base_type = 0x0, type = 0x0, val_type = 0x0, reg = 0x0, val = 0x1,
mem_reg = 0x0, mem_offset = 0x0, fixed_reg = 0x0, mem_coherent = 0x0,
mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
next_free_temp = 0x0, name = 0x0}, {base_type = 0x0, type = 0x0,
val_type = 0x0, reg = 0x1, val = 0x0, mem_reg = 0x0, mem_offset = 0x0,
fixed_reg = 0x0, mem_coherent = 0x0, mem_allocated = 0x0,
---Type <return> to continue, or q <return> to quit---
temp_local = 0x0, temp_allocated = 0x1, next_free_temp = 0x0,
name = 0x0}, {base_type = 0x1, type = 0x0, val_type = 0x0, reg = 0x1,
val = 0x0, mem_reg = 0x5, mem_offset = 0x947c, fixed_reg = 0x0,
mem_coherent = 0x1, mem_allocated = 0x1, temp_local = 0x0,
temp_allocated = 0x1, next_free_temp = 0x0, name = 0x0}, {
base_type = 0x0, type = 0x0, val_type = 0x0, reg = 0x1, val = 0x0,
mem_reg = 0x5, mem_offset = 0x9480, fixed_reg = 0x0, mem_coherent = 0x1,
mem_allocated = 0x1, temp_local = 0x0, temp_allocated = 0x1,
next_free_temp = 0x0, name = 0x0}, {base_type = 0x1, type = 0x0,
val_type = 0x0, reg = 0x3, val = 0x0, mem_reg = 0x5,
mem_offset = 0x9468, fixed_reg = 0x0, mem_coherent = 0x0,
mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
next_free_temp = 0x0, name = 0x0}, {base_type = 0x0, type = 0x0,
val_type = 0x0, reg = 0x7, val = 0x0, mem_reg = 0x5,
mem_offset = 0x9460, fixed_reg = 0x0, mem_coherent = 0x0,
mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
next_free_temp = 0x0, name = 0x0}, {base_type = 0x1, type = 0x0,
val_type = 0x0, reg = 0x0, val = 0x0, mem_reg = 0x0, mem_offset = 0x0,
fixed_reg = 0x0, mem_coherent = 0x0, mem_allocated = 0x0,
temp_local = 0x0, temp_allocated = 0x1, next_free_temp = 0x0,
name = 0x0}, {base_type = 0x0, type = 0x0, val_type = 0x0, reg = 0x0,
val = 0x0, mem_reg = 0x0, mem_offset = 0x0, fixed_reg = 0x0,
mem_coherent = 0x0, mem_allocated = 0x0, temp_local = 0x0,
---Type <return> to continue, or q <return> to quit---
temp_allocated = 0x1, next_free_temp = 0x0, name = 0x0}, {
base_type = 0x0, type = 0x0, val_type = 0x0, reg = 0x0, val = 0x0,
mem_reg = 0x0, mem_offset = 0x0, fixed_reg = 0x0, mem_coherent = 0x0,
mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
next_free_temp = 0x0, name = 0x0}, {base_type = 0x0, type = 0x0,
val_type = 0x0, reg = 0x0, val = 0x0, mem_reg = 0x0, mem_offset = 0x0,
fixed_reg = 0x0, mem_coherent = 0x0, mem_allocated = 0x0,
temp_local = 0x0, temp_allocated = 0x1, next_free_temp = 0x0,
name = 0x0}, {base_type = 0x1, type = 0x0, val_type = 0x0, reg = 0x7,
val = 0x1, mem_reg = 0x5, mem_offset = 0x9460, fixed_reg = 0x0,
mem_coherent = 0x0, mem_allocated = 0x0, temp_local = 0x0,
temp_allocated = 0x1, next_free_temp = 0xffffffff, name = 0x0}, {
base_type = 0x0, type = 0x0, val_type = 0x2, reg = 0x3, val = 0x0,
mem_reg = 0x5, mem_offset = 0x9460, fixed_reg = 0x0, mem_coherent = 0x0,
mem_allocated = 0x1, temp_local = 0x0, temp_allocated = 0x1,
next_free_temp = 0xffffffff, name = 0x0}, {base_type = 0x0, type = 0x0,
val_type = 0x2, reg = 0x0, val = 0x0, mem_reg = 0x5,
mem_offset = 0x9464, fixed_reg = 0x0, mem_coherent = 0x1,
mem_allocated = 0x1, temp_local = 0x0, temp_allocated = 0x0,
next_free_temp = 0x2b, name = 0x0}, {base_type = 0x1, type = 0x0,
val_type = 0x2, reg = 0x2, val = 0x12, mem_reg = 0x5,
mem_offset = 0x9468, fixed_reg = 0x0, mem_coherent = 0x1,
mem_allocated = 0x1, temp_local = 0x1, temp_allocated = 0x0,
---Type <return> to continue, or q <return> to quit---
next_free_temp = 0xffffffff, name = 0x0}, {base_type = 0x0, type = 0x0,
val_type = 0x2, reg = 0x1, val = 0x0, mem_reg = 0x5,
mem_offset = 0x946c, fixed_reg = 0x0, mem_coherent = 0x1,
mem_allocated = 0x1, temp_local = 0x1, temp_allocated = 0x1,
next_free_temp = 0x24, name = 0x0}, {base_type = 0x1, type = 0x0,
val_type = 0x2, reg = 0x2, val = 0x17, mem_reg = 0x5,
mem_offset = 0x9474, fixed_reg = 0x0, mem_coherent = 0x1,
mem_allocated = 0x1, temp_local = 0x1, temp_allocated = 0x0,
next_free_temp = 0x21, name = 0x0}, {base_type = 0x0, type = 0x0,
val_type = 0x2, reg = 0x6, val = 0x0, mem_reg = 0x5,
mem_offset = 0x9484, fixed_reg = 0x0, mem_coherent = 0x1,
mem_allocated = 0x1, temp_local = 0x1, temp_allocated = 0x1,
next_free_temp = 0x26, name = 0x0}, {base_type = 0x1, type = 0x0,
val_type = 0x2, reg = 0x3, val = 0x0, mem_reg = 0x5,
mem_offset = 0x9488, fixed_reg = 0x0, mem_coherent = 0x0,
mem_allocated = 0x1, temp_local = 0x1, temp_allocated = 0x0,
next_free_temp = 0x23, name = 0x0}, {base_type = 0x0, type = 0x0,
val_type = 0x2, reg = 0x0, val = 0x0, mem_reg = 0x5,
mem_offset = 0x948c, fixed_reg = 0x0, mem_coherent = 0x1,
mem_allocated = 0x1, temp_local = 0x1, temp_allocated = 0x1,
next_free_temp = 0xffffffff, name = 0x0}, {base_type = 0x1, type = 0x0,
val_type = 0x0, reg = 0x1, val = 0x20, mem_reg = 0x5,
mem_offset = 0x948c, fixed_reg = 0x0, mem_coherent = 0x0,
---Type <return> to continue, or q <return> to quit---
mem_allocated = 0x0, temp_local = 0x1, temp_allocated = 0x0,
next_free_temp = 0x25, name = 0x0}, {base_type = 0x0, type = 0x0,
val_type = 0x0, reg = 0x3, val = 0x0, mem_reg = 0x5,
mem_offset = 0x948c, fixed_reg = 0x0, mem_coherent = 0x0,
mem_allocated = 0x0, temp_local = 0x1, temp_allocated = 0x1,
next_free_temp = 0x2b, name = 0x0}, {base_type = 0x1, type = 0x0,
val_type = 0x0, reg = 0x1, val = 0x20, mem_reg = 0x5,
mem_offset = 0x9468, fixed_reg = 0x0, mem_coherent = 0x0,
mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
next_free_temp = 0xffffffff, name = 0x0}, {base_type = 0x0, type = 0x0,
val_type = 0x0, reg = 0x3, val = 0x0, mem_reg = 0x5,
mem_offset = 0x9480, fixed_reg = 0x0, mem_coherent = 0x0,
mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
next_free_temp = 0x0, name = 0x0}, {base_type = 0x0, type = 0x0,
val_type = 0x0, reg = 0x0, val = 0x800, mem_reg = 0x0, mem_offset = 0x0,
fixed_reg = 0x0, mem_coherent = 0x0, mem_allocated = 0x0,
temp_local = 0x0, temp_allocated = 0x0, next_free_temp = 0x2c,
name = 0x0}, {base_type = 0x0, type = 0x0, val_type = 0x0, reg = 0x3,
val = 0x1f, mem_reg = 0x0, mem_offset = 0x0, fixed_reg = 0x0,
mem_coherent = 0x0, mem_allocated = 0x0, temp_local = 0x0,
temp_allocated = 0x0, next_free_temp = 0xffffffff, name = 0x0}, {
base_type = 0x1, type = 0x0, val_type = 0x0, reg = 0x1, val = 0x20,
mem_reg = 0x0, mem_offset = 0x0, fixed_reg = 0x0, mem_coherent = 0x0,
---Type <return> to continue, or q <return> to quit---
mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
next_free_temp = 0xffffffff, name = 0x0}, {base_type = 0x0, type = 0x0,
val_type = 0x0, reg = 0x3, val = 0x0, mem_reg = 0x0, mem_offset = 0x0,
fixed_reg = 0x0, mem_coherent = 0x0, mem_allocated = 0x0,
temp_local = 0x0, temp_allocated = 0x1, next_free_temp = 0x0,
name = 0x0}, {base_type = 0x1, type = 0x0, val_type = 0x0, reg = 0x0,
val = 0x0, mem_reg = 0x0, mem_offset = 0x0, fixed_reg = 0x0,
mem_coherent = 0x0, mem_allocated = 0x0, temp_local = 0x0,
temp_allocated = 0x0, next_free_temp = 0xffffffff, name = 0x0}, {
base_type = 0x0, type = 0x0, val_type = 0x0, reg = 0x0, val = 0x0,
mem_reg = 0x0, mem_offset = 0x0, fixed_reg = 0x0, mem_coherent = 0x0,
mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
next_free_temp = 0x0, name = 0x0}, {base_type = 0x0, type = 0x0,
val_type = 0x0, reg = 0x0, val = 0x0, mem_reg = 0x0, mem_offset = 0x0,
fixed_reg = 0x0, mem_coherent = 0x0, mem_allocated = 0x0,
temp_local = 0x0, temp_allocated = 0x0, next_free_temp = 0x0,
name = 0x0} <repeats 463 times>}, helpers = 0x126fa000,
nb_helpers = 0x1b4, allocated_helpers = 0x200, helpers_sorted = 0x0}
(gdb) q
(Memory corruption, right?) I've put the end of a in_asm,out_asm log up at
http://people.freebsd.org/~nox/qemu/tcgbug-i386host.log.txt
(its long.) That function is MD5Transform() in:
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/kern/md5c.c?annotate=1.27
in the FreeBSD 7.0 amd64 kernel on
ftp://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-amd64/7.0/7.0-RELEASE-amd64-livefs.iso
(the bootonly most likely will fail in the same way:
ftp://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-amd64/7.0/7.0-RELEASE-amd64-bootonly.iso
, you can go to
http://mirrorlist.freebsd.org/
to find a mirror near you, search for ISOs.)
Okay I guess thats for now, and thanx to everyone involved!
Juergen
^ permalink raw reply [flat|nested] 4+ messages in thread* [Qemu-devel] found one tcg `bug' (was: testing r4764 svn from 2008-06-20 18:25:56 +0200 on FreeBSD)
2008-06-20 23:02 [Qemu-devel] testing r4764 svn from 2008-06-20 18:25:56 +0200 on FreeBSD Juergen Lock
@ 2008-07-02 20:04 ` Juergen Lock
2008-07-02 20:49 ` Thiemo Seufer
0 siblings, 1 reply; 4+ messages in thread
From: Juergen Lock @ 2008-07-02 20:04 UTC (permalink / raw)
To: Juergen Lock; +Cc: qemu-devel
On Sat, Jun 21, 2008 at 01:02:15AM +0200, Juergen Lock wrote:
> I've been playing with qemu svn again recently, preparing experimental
> FreeBSD ports (see
> http://docs.freebsd.org/cgi/mid.cgi?20080620211216.GA75382
> for the details), and want to note a few things:
>
> [...]
> - I found a tcg regression for x86_64 targets on i386 hosts that caused
> qemu-system-x86_64 to segfault like this:
>
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for details.
> This GDB was configured as "i386-marcel-freebsd"...
>
> warning: core file may not match specified executable file.
> Core was generated by `qemu-system-x86_64'.
> Program terminated with signal 11, Segmentation fault.
> Reading symbols from /lib/libm.so.4...done.
> Loaded symbols for /lib/libm.so.4
> Reading symbols from /lib/libz.so.3...done.
> Loaded symbols for /lib/libz.so.3
> Reading symbols from /usr/local/lib/libgnutls.so.26...done.
> Loaded symbols for /usr/local/lib/libgnutls.so.26
> Reading symbols from /lib/libutil.so.5...done.
> Loaded symbols for /lib/libutil.so.5
> Reading symbols from /usr/local/lib/libSDL-1.2.so.11...done.
> Loaded symbols for /usr/local/lib/libSDL-1.2.so.11
> Reading symbols from /lib/libncurses.so.6...done.
> Loaded symbols for /lib/libncurses.so.6
> Reading symbols from /lib/libpthread.so.2...done.
> Loaded symbols for /lib/libpthread.so.2
> Reading symbols from /lib/libc.so.6...done.
> Loaded symbols for /lib/libc.so.6
> Reading symbols from /usr/local/lib/libgcrypt.so.15...done.
> Loaded symbols for /usr/local/lib/libgcrypt.so.15
> Reading symbols from /usr/local/lib/libgpg-error.so.0...done.
> Loaded symbols for /usr/local/lib/libgpg-error.so.0
> Reading symbols from /usr/local/lib/libintl.so.8...done.
> Loaded symbols for /usr/local/lib/libintl.so.8
> Reading symbols from /usr/local/lib/libiconv.so.3...done.
> Loaded symbols for /usr/local/lib/libiconv.so.3
> Reading symbols from /usr/local/lib/libX11.so.6...done.
> Loaded symbols for /usr/local/lib/libX11.so.6
> Reading symbols from /usr/local/lib/libXext.so.6...done.
> Loaded symbols for /usr/local/lib/libXext.so.6
> Reading symbols from /usr/local/lib/libXrandr.so.2...done.
> Loaded symbols for /usr/local/lib/libXrandr.so.2
> Reading symbols from /usr/local/lib/libXrender.so.1...done.
> Loaded symbols for /usr/local/lib/libXrender.so.1
> Reading symbols from /usr/local/lib/libvga.so.1...done.
> Loaded symbols for /usr/local/lib/libvga.so.1
> Reading symbols from /usr/lib/libvgl.so.4...done.
> Loaded symbols for /usr/lib/libvgl.so.4
> Reading symbols from /usr/local/lib/libaa.so.1...done.
> Loaded symbols for /usr/local/lib/libaa.so.1
> Reading symbols from /usr/lib/libusbhid.so.2...done.
> Loaded symbols for /usr/lib/libusbhid.so.2
> Reading symbols from /usr/local/lib/libXau.so.6...done.
> Loaded symbols for /usr/local/lib/libXau.so.6
> Reading symbols from /usr/local/lib/libXdmcp.so.6...done.
> Loaded symbols for /usr/local/lib/libXdmcp.so.6
> Reading symbols from /usr/lib/librpcsvc.so.3...done.
> Loaded symbols for /usr/lib/librpcsvc.so.3
> Reading symbols from /usr/local/lib/libXcursor.so.1...done.
> Loaded symbols for /usr/local/lib/libXcursor.so.1
> Reading symbols from /usr/local/lib/libXfixes.so.3...done.
> Loaded symbols for /usr/local/lib/libXfixes.so.3
> Reading symbols from /libexec/ld-elf.so.1...done.
> Loaded symbols for /libexec/ld-elf.so.1
> #0 tcg_malloc_internal (s=0x83c32e0, size=1024)
> at /usr/ports/emulators/qemu-devel/work/qemu-snapshot-2008-06-20_19/tcg/tcg.c:172
> 172 if (!p->next) {
> [New LWP 100159]
> (gdb) bt
> #0 tcg_malloc_internal (s=0x83c32e0, size=1024)
> at /usr/ports/emulators/qemu-devel/work/qemu-snapshot-2008-06-20_19/tcg/tcg.c:172
> #1 0x0814d8c6 in tcg_liveness_analysis (s=0x83c32e0) at tcg.h:286
> #2 0x08150ac1 in dyngen_code (s=0x83c32e0, gen_code_buf=0x290d60a0 "")
> at /usr/ports/emulators/qemu-devel/work/qemu-snapshot-2008-06-20_19/tcg/tcg.c:1860
> #3 0x080d521c in cpu_x86_gen_code (env=0x1276e000, tb=0x11217398,
> gen_code_size_ptr=0xbfbfd6fc)
> at /usr/ports/emulators/qemu-devel/work/qemu-snapshot-2008-06-20_19/translate-all.c:121
> #4 0x080d5b90 in cpu_x86_exec (env1=0x1)
> at /usr/ports/emulators/qemu-devel/work/qemu-snapshot-2008-06-20_19/cpu-exec.c:141
> #5 0x08056056 in main (argc=0, argv=0x0)
> at /usr/ports/emulators/qemu-devel/work/qemu-snapshot-2008-06-20_19/vl.c:7233
> (gdb) p *p
> Cannot access memory at address 0x1b001b
> (gdb) p/x *s
> $1 = {pool_cur = 0x1b001e, pool_end = 0xc000b, pool_first = 0xc001a,
> pool_current = 0x1b001b, labels = 0x60006, nb_labels = 0x7000c,
> temps = 0xc000c, nb_globals = 0x140014, nb_temps = 0x26, first_free_temp = {
> 0x20, 0x2f, 0xffffffff, 0x27}, code_buf = 0x290d5990, tb_next = 0x0,
> tb_next_offset = 0x112173d4, tb_jmp_offset = 0x112173d8,
> op_dead_iargs = 0x1286e010, reg_to_temp = {0xffffffff, 0xffffffff,
> 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff},
> reserved_regs = 0x30, current_frame_offset = 0x9460, frame_start = 0x9460,
> frame_end = 0x9660, frame_reg = 0x5, code_ptr = 0x290d60a0, static_temps = {{
> base_type = 0x0, type = 0x0, val_type = 0x1, reg = 0x5, val = 0x0,
> mem_reg = 0x0, mem_offset = 0x0, fixed_reg = 0x1, mem_coherent = 0x0,
> mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x0,
> next_free_temp = 0x0, name = 0x81938e3}, {base_type = 0x0, type = 0x0,
> val_type = 0x2, reg = 0x0, val = 0x1, mem_reg = 0x5, mem_offset = 0xa0,
> fixed_reg = 0x0, mem_coherent = 0x1, mem_allocated = 0x1,
> temp_local = 0x0, temp_allocated = 0x0, next_free_temp = 0x0,
> name = 0x8192e90}, {base_type = 0x1, type = 0x0, val_type = 0x2,
> reg = 0x7, val = 0x58, mem_reg = 0x5, mem_offset = 0x90,
> fixed_reg = 0x0, mem_coherent = 0x0, mem_allocated = 0x1,
> temp_local = 0x0, temp_allocated = 0x0, next_free_temp = 0x0,
> name = 0x126f8860}, {base_type = 0x1, type = 0x0, val_type = 0x2,
> reg = 0x1, val = 0x0, mem_reg = 0x5, mem_offset = 0x94, fixed_reg = 0x0,
> mem_coherent = 0x0, mem_allocated = 0x1, temp_local = 0x0,
> ---Type <return> to continue, or q <return> to quit---
> temp_allocated = 0x0, next_free_temp = 0x0, name = 0x126f8870}, {
> base_type = 0x1, type = 0x0, val_type = 0x2, reg = 0x6, val = 0x1,
> mem_reg = 0x5, mem_offset = 0x98, fixed_reg = 0x0, mem_coherent = 0x0,
> mem_allocated = 0x1, temp_local = 0x0, temp_allocated = 0x0,
> next_free_temp = 0x0, name = 0x126f8880}, {base_type = 0x1, type = 0x0,
> val_type = 0x2, reg = 0x7, val = 0x0, mem_reg = 0x5, mem_offset = 0x9c,
> fixed_reg = 0x0, mem_coherent = 0x0, mem_allocated = 0x1,
> temp_local = 0x0, temp_allocated = 0x0, next_free_temp = 0x0,
> name = 0x126f8890}, {base_type = 0x1, type = 0x0, val_type = 0x2,
> reg = 0x0, val = 0x0, mem_reg = 0x5, mem_offset = 0x370,
> fixed_reg = 0x0, mem_coherent = 0x0, mem_allocated = 0x1,
> temp_local = 0x0, temp_allocated = 0x0, next_free_temp = 0x0,
> name = 0x126f88a0}, {base_type = 0x1, type = 0x0, val_type = 0x2,
> reg = 0x0, val = 0x0, mem_reg = 0x5, mem_offset = 0x374,
> fixed_reg = 0x0, mem_coherent = 0x0, mem_allocated = 0x1,
> temp_local = 0x0, temp_allocated = 0x0, next_free_temp = 0x0,
> name = 0x126f88b0}, {base_type = 0x1, type = 0x0, val_type = 0x0,
> reg = 0x0, val = 0x804925af, mem_reg = 0x5, mem_offset = 0x9460,
> fixed_reg = 0x0, mem_coherent = 0x0, mem_allocated = 0x0,
> temp_local = 0x0, temp_allocated = 0x1, next_free_temp = 0x0,
> name = 0x0}, {base_type = 0x0, type = 0x0, val_type = 0x0, reg = 0x7,
> val = 0xffffffff, mem_reg = 0x5, mem_offset = 0x946c, fixed_reg = 0x0,
> mem_coherent = 0x0, mem_allocated = 0x0, temp_local = 0x0,
> ---Type <return> to continue, or q <return> to quit---
> temp_allocated = 0x1, next_free_temp = 0x0, name = 0x0}, {
> base_type = 0x1, type = 0x0, val_type = 0x0, reg = 0x0, val = 0x12,
> mem_reg = 0x5, mem_offset = 0x9460, fixed_reg = 0x0, mem_coherent = 0x0,
> mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
> next_free_temp = 0x0, name = 0x0}, {base_type = 0x0, type = 0x0,
> val_type = 0x0, reg = 0x1, val = 0x0, mem_reg = 0x5,
> mem_offset = 0x9464, fixed_reg = 0x0, mem_coherent = 0x0,
> mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
> next_free_temp = 0x0, name = 0x0}, {base_type = 0x1, type = 0x0,
> val_type = 0x0, reg = 0x3, val = 0x0, mem_reg = 0x5,
> mem_offset = 0x9460, fixed_reg = 0x0, mem_coherent = 0x0,
> mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
> next_free_temp = 0x0, name = 0x0}, {base_type = 0x0, type = 0x0,
> val_type = 0x0, reg = 0x0, val = 0x0, mem_reg = 0x5,
> mem_offset = 0x948c, fixed_reg = 0x0, mem_coherent = 0x0,
> mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
> next_free_temp = 0x0, name = 0x0}, {base_type = 0x1, type = 0x0,
> val_type = 0x0, reg = 0x0, val = 0x4, mem_reg = 0x5,
> mem_offset = 0x946c, fixed_reg = 0x0, mem_coherent = 0x0,
> mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
> next_free_temp = 0x0, name = 0x0}, {base_type = 0x0, type = 0x0,
> val_type = 0x0, reg = 0x2, val = 0x0, mem_reg = 0x5,
> mem_offset = 0x9470, fixed_reg = 0x0, mem_coherent = 0x0,
> ---Type <return> to continue, or q <return> to quit---
> mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
> next_free_temp = 0x0, name = 0x0}, {base_type = 0x1, type = 0x0,
> val_type = 0x0, reg = 0x0, val = 0x80492897, mem_reg = 0x5,
> mem_offset = 0x9470, fixed_reg = 0x0, mem_coherent = 0x0,
> mem_allocated = 0x1, temp_local = 0x0, temp_allocated = 0x1,
> next_free_temp = 0x0, name = 0x0}, {base_type = 0x0, type = 0x0,
> val_type = 0x0, reg = 0x0, val = 0xffffffff, mem_reg = 0x5,
> mem_offset = 0x9478, fixed_reg = 0x0, mem_coherent = 0x0,
> mem_allocated = 0x1, temp_local = 0x0, temp_allocated = 0x1,
> next_free_temp = 0x0, name = 0x0}, {base_type = 0x1, type = 0x0,
> val_type = 0x0, reg = 0x0, val = 0x0, mem_reg = 0x0, mem_offset = 0x0,
> fixed_reg = 0x0, mem_coherent = 0x0, mem_allocated = 0x0,
> temp_local = 0x0, temp_allocated = 0x1, next_free_temp = 0x0,
> name = 0x0}, {base_type = 0x0, type = 0x0, val_type = 0x0, reg = 0x0,
> val = 0x0, mem_reg = 0x0, mem_offset = 0x0, fixed_reg = 0x0,
> mem_coherent = 0x0, mem_allocated = 0x0, temp_local = 0x0,
> temp_allocated = 0x1, next_free_temp = 0x0, name = 0x0}, {
> base_type = 0x0, type = 0x0, val_type = 0x0, reg = 0x0, val = 0x1,
> mem_reg = 0x0, mem_offset = 0x0, fixed_reg = 0x0, mem_coherent = 0x0,
> mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
> next_free_temp = 0x0, name = 0x0}, {base_type = 0x0, type = 0x0,
> val_type = 0x0, reg = 0x1, val = 0x0, mem_reg = 0x0, mem_offset = 0x0,
> fixed_reg = 0x0, mem_coherent = 0x0, mem_allocated = 0x0,
> ---Type <return> to continue, or q <return> to quit---
> temp_local = 0x0, temp_allocated = 0x1, next_free_temp = 0x0,
> name = 0x0}, {base_type = 0x1, type = 0x0, val_type = 0x0, reg = 0x1,
> val = 0x0, mem_reg = 0x5, mem_offset = 0x947c, fixed_reg = 0x0,
> mem_coherent = 0x1, mem_allocated = 0x1, temp_local = 0x0,
> temp_allocated = 0x1, next_free_temp = 0x0, name = 0x0}, {
> base_type = 0x0, type = 0x0, val_type = 0x0, reg = 0x1, val = 0x0,
> mem_reg = 0x5, mem_offset = 0x9480, fixed_reg = 0x0, mem_coherent = 0x1,
> mem_allocated = 0x1, temp_local = 0x0, temp_allocated = 0x1,
> next_free_temp = 0x0, name = 0x0}, {base_type = 0x1, type = 0x0,
> val_type = 0x0, reg = 0x3, val = 0x0, mem_reg = 0x5,
> mem_offset = 0x9468, fixed_reg = 0x0, mem_coherent = 0x0,
> mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
> next_free_temp = 0x0, name = 0x0}, {base_type = 0x0, type = 0x0,
> val_type = 0x0, reg = 0x7, val = 0x0, mem_reg = 0x5,
> mem_offset = 0x9460, fixed_reg = 0x0, mem_coherent = 0x0,
> mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
> next_free_temp = 0x0, name = 0x0}, {base_type = 0x1, type = 0x0,
> val_type = 0x0, reg = 0x0, val = 0x0, mem_reg = 0x0, mem_offset = 0x0,
> fixed_reg = 0x0, mem_coherent = 0x0, mem_allocated = 0x0,
> temp_local = 0x0, temp_allocated = 0x1, next_free_temp = 0x0,
> name = 0x0}, {base_type = 0x0, type = 0x0, val_type = 0x0, reg = 0x0,
> val = 0x0, mem_reg = 0x0, mem_offset = 0x0, fixed_reg = 0x0,
> mem_coherent = 0x0, mem_allocated = 0x0, temp_local = 0x0,
> ---Type <return> to continue, or q <return> to quit---
> temp_allocated = 0x1, next_free_temp = 0x0, name = 0x0}, {
> base_type = 0x0, type = 0x0, val_type = 0x0, reg = 0x0, val = 0x0,
> mem_reg = 0x0, mem_offset = 0x0, fixed_reg = 0x0, mem_coherent = 0x0,
> mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
> next_free_temp = 0x0, name = 0x0}, {base_type = 0x0, type = 0x0,
> val_type = 0x0, reg = 0x0, val = 0x0, mem_reg = 0x0, mem_offset = 0x0,
> fixed_reg = 0x0, mem_coherent = 0x0, mem_allocated = 0x0,
> temp_local = 0x0, temp_allocated = 0x1, next_free_temp = 0x0,
> name = 0x0}, {base_type = 0x1, type = 0x0, val_type = 0x0, reg = 0x7,
> val = 0x1, mem_reg = 0x5, mem_offset = 0x9460, fixed_reg = 0x0,
> mem_coherent = 0x0, mem_allocated = 0x0, temp_local = 0x0,
> temp_allocated = 0x1, next_free_temp = 0xffffffff, name = 0x0}, {
> base_type = 0x0, type = 0x0, val_type = 0x2, reg = 0x3, val = 0x0,
> mem_reg = 0x5, mem_offset = 0x9460, fixed_reg = 0x0, mem_coherent = 0x0,
> mem_allocated = 0x1, temp_local = 0x0, temp_allocated = 0x1,
> next_free_temp = 0xffffffff, name = 0x0}, {base_type = 0x0, type = 0x0,
> val_type = 0x2, reg = 0x0, val = 0x0, mem_reg = 0x5,
> mem_offset = 0x9464, fixed_reg = 0x0, mem_coherent = 0x1,
> mem_allocated = 0x1, temp_local = 0x0, temp_allocated = 0x0,
> next_free_temp = 0x2b, name = 0x0}, {base_type = 0x1, type = 0x0,
> val_type = 0x2, reg = 0x2, val = 0x12, mem_reg = 0x5,
> mem_offset = 0x9468, fixed_reg = 0x0, mem_coherent = 0x1,
> mem_allocated = 0x1, temp_local = 0x1, temp_allocated = 0x0,
> ---Type <return> to continue, or q <return> to quit---
> next_free_temp = 0xffffffff, name = 0x0}, {base_type = 0x0, type = 0x0,
> val_type = 0x2, reg = 0x1, val = 0x0, mem_reg = 0x5,
> mem_offset = 0x946c, fixed_reg = 0x0, mem_coherent = 0x1,
> mem_allocated = 0x1, temp_local = 0x1, temp_allocated = 0x1,
> next_free_temp = 0x24, name = 0x0}, {base_type = 0x1, type = 0x0,
> val_type = 0x2, reg = 0x2, val = 0x17, mem_reg = 0x5,
> mem_offset = 0x9474, fixed_reg = 0x0, mem_coherent = 0x1,
> mem_allocated = 0x1, temp_local = 0x1, temp_allocated = 0x0,
> next_free_temp = 0x21, name = 0x0}, {base_type = 0x0, type = 0x0,
> val_type = 0x2, reg = 0x6, val = 0x0, mem_reg = 0x5,
> mem_offset = 0x9484, fixed_reg = 0x0, mem_coherent = 0x1,
> mem_allocated = 0x1, temp_local = 0x1, temp_allocated = 0x1,
> next_free_temp = 0x26, name = 0x0}, {base_type = 0x1, type = 0x0,
> val_type = 0x2, reg = 0x3, val = 0x0, mem_reg = 0x5,
> mem_offset = 0x9488, fixed_reg = 0x0, mem_coherent = 0x0,
> mem_allocated = 0x1, temp_local = 0x1, temp_allocated = 0x0,
> next_free_temp = 0x23, name = 0x0}, {base_type = 0x0, type = 0x0,
> val_type = 0x2, reg = 0x0, val = 0x0, mem_reg = 0x5,
> mem_offset = 0x948c, fixed_reg = 0x0, mem_coherent = 0x1,
> mem_allocated = 0x1, temp_local = 0x1, temp_allocated = 0x1,
> next_free_temp = 0xffffffff, name = 0x0}, {base_type = 0x1, type = 0x0,
> val_type = 0x0, reg = 0x1, val = 0x20, mem_reg = 0x5,
> mem_offset = 0x948c, fixed_reg = 0x0, mem_coherent = 0x0,
> ---Type <return> to continue, or q <return> to quit---
> mem_allocated = 0x0, temp_local = 0x1, temp_allocated = 0x0,
> next_free_temp = 0x25, name = 0x0}, {base_type = 0x0, type = 0x0,
> val_type = 0x0, reg = 0x3, val = 0x0, mem_reg = 0x5,
> mem_offset = 0x948c, fixed_reg = 0x0, mem_coherent = 0x0,
> mem_allocated = 0x0, temp_local = 0x1, temp_allocated = 0x1,
> next_free_temp = 0x2b, name = 0x0}, {base_type = 0x1, type = 0x0,
> val_type = 0x0, reg = 0x1, val = 0x20, mem_reg = 0x5,
> mem_offset = 0x9468, fixed_reg = 0x0, mem_coherent = 0x0,
> mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
> next_free_temp = 0xffffffff, name = 0x0}, {base_type = 0x0, type = 0x0,
> val_type = 0x0, reg = 0x3, val = 0x0, mem_reg = 0x5,
> mem_offset = 0x9480, fixed_reg = 0x0, mem_coherent = 0x0,
> mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
> next_free_temp = 0x0, name = 0x0}, {base_type = 0x0, type = 0x0,
> val_type = 0x0, reg = 0x0, val = 0x800, mem_reg = 0x0, mem_offset = 0x0,
> fixed_reg = 0x0, mem_coherent = 0x0, mem_allocated = 0x0,
> temp_local = 0x0, temp_allocated = 0x0, next_free_temp = 0x2c,
> name = 0x0}, {base_type = 0x0, type = 0x0, val_type = 0x0, reg = 0x3,
> val = 0x1f, mem_reg = 0x0, mem_offset = 0x0, fixed_reg = 0x0,
> mem_coherent = 0x0, mem_allocated = 0x0, temp_local = 0x0,
> temp_allocated = 0x0, next_free_temp = 0xffffffff, name = 0x0}, {
> base_type = 0x1, type = 0x0, val_type = 0x0, reg = 0x1, val = 0x20,
> mem_reg = 0x0, mem_offset = 0x0, fixed_reg = 0x0, mem_coherent = 0x0,
> ---Type <return> to continue, or q <return> to quit---
> mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
> next_free_temp = 0xffffffff, name = 0x0}, {base_type = 0x0, type = 0x0,
> val_type = 0x0, reg = 0x3, val = 0x0, mem_reg = 0x0, mem_offset = 0x0,
> fixed_reg = 0x0, mem_coherent = 0x0, mem_allocated = 0x0,
> temp_local = 0x0, temp_allocated = 0x1, next_free_temp = 0x0,
> name = 0x0}, {base_type = 0x1, type = 0x0, val_type = 0x0, reg = 0x0,
> val = 0x0, mem_reg = 0x0, mem_offset = 0x0, fixed_reg = 0x0,
> mem_coherent = 0x0, mem_allocated = 0x0, temp_local = 0x0,
> temp_allocated = 0x0, next_free_temp = 0xffffffff, name = 0x0}, {
> base_type = 0x0, type = 0x0, val_type = 0x0, reg = 0x0, val = 0x0,
> mem_reg = 0x0, mem_offset = 0x0, fixed_reg = 0x0, mem_coherent = 0x0,
> mem_allocated = 0x0, temp_local = 0x0, temp_allocated = 0x1,
> next_free_temp = 0x0, name = 0x0}, {base_type = 0x0, type = 0x0,
> val_type = 0x0, reg = 0x0, val = 0x0, mem_reg = 0x0, mem_offset = 0x0,
> fixed_reg = 0x0, mem_coherent = 0x0, mem_allocated = 0x0,
> temp_local = 0x0, temp_allocated = 0x0, next_free_temp = 0x0,
> name = 0x0} <repeats 463 times>}, helpers = 0x126fa000,
> nb_helpers = 0x1b4, allocated_helpers = 0x200, helpers_sorted = 0x0}
> (gdb) q
>
> (Memory corruption, right?) I've put the end of a in_asm,out_asm log up at
> http://people.freebsd.org/~nox/qemu/tcgbug-i386host.log.txt
> (its long.) That function is MD5Transform() in:
> http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/kern/md5c.c?annotate=1.27
> in the FreeBSD 7.0 amd64 kernel on
> ftp://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-amd64/7.0/7.0-RELEASE-amd64-livefs.iso
> (the bootonly most likely will fail in the same way:
> ftp://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-amd64/7.0/7.0-RELEASE-amd64-bootonly.iso
> , you can go to
> http://mirrorlist.freebsd.org/
> to find a mirror near you, search for ISOs.)
Well, I finally got around looking at this again, and found the cause
wasn't exactly a bug, just a too low constant:
Index: qemu/exec-all.h
@@ -30,7 +30,7 @@
struct TranslationBlock;
/* XXX: make safe guess about sizes */
-#define MAX_OP_PER_INSTR 64
+#define MAX_OP_PER_INSTR 128
/* A Call op needs up to 6 + 2N parameters (N = number of arguments). */
#define MAX_OPC_PARAM 10
#define OPC_BUF_SIZE 512
With this I can at least boot into fixit and run find /dist (I didn't
test an actual install.)
Juergen
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [Qemu-devel] found one tcg `bug' (was: testing r4764 svn from 2008-06-20 18:25:56 +0200 on FreeBSD)
2008-07-02 20:04 ` [Qemu-devel] found one tcg `bug' (was: testing r4764 svn from 2008-06-20 18:25:56 +0200 on FreeBSD) Juergen Lock
@ 2008-07-02 20:49 ` Thiemo Seufer
2008-07-02 21:19 ` Juergen Lock
0 siblings, 1 reply; 4+ messages in thread
From: Thiemo Seufer @ 2008-07-02 20:49 UTC (permalink / raw)
To: qemu-devel; +Cc: Juergen Lock
Juergen Lock wrote:
[snip]
> > (Memory corruption, right?) I've put the end of a in_asm,out_asm log up at
> > http://people.freebsd.org/~nox/qemu/tcgbug-i386host.log.txt
> > (its long.) That function is MD5Transform() in:
> > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/kern/md5c.c?annotate=1.27
> > in the FreeBSD 7.0 amd64 kernel on
> > ftp://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-amd64/7.0/7.0-RELEASE-amd64-livefs.iso
> > (the bootonly most likely will fail in the same way:
> > ftp://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-amd64/7.0/7.0-RELEASE-amd64-bootonly.iso
> > , you can go to
> > http://mirrorlist.freebsd.org/
> > to find a mirror near you, search for ISOs.)
>
> Well, I finally got around looking at this again, and found the cause
> wasn't exactly a bug, just a too low constant:
>
> Index: qemu/exec-all.h
> @@ -30,7 +30,7 @@
> struct TranslationBlock;
>
> /* XXX: make safe guess about sizes */
> -#define MAX_OP_PER_INSTR 64
> +#define MAX_OP_PER_INSTR 128
> /* A Call op needs up to 6 + 2N parameters (N = number of arguments). */
> #define MAX_OPC_PARAM 10
> #define OPC_BUF_SIZE 512
>
> With this I can at least boot into fixit and run find /dist (I didn't
> test an actual install.)
Were you able to isolate the offending instruction? With more than 64
ops it should probably use a helper function.
Thiemo
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] found one tcg `bug' (was: testing r4764 svn from 2008-06-20 18:25:56 +0200 on FreeBSD)
2008-07-02 20:49 ` Thiemo Seufer
@ 2008-07-02 21:19 ` Juergen Lock
0 siblings, 0 replies; 4+ messages in thread
From: Juergen Lock @ 2008-07-02 21:19 UTC (permalink / raw)
To: ths; +Cc: qemu-devel
In article <20080702204948.GF7007@networkno.de> you write:
>Juergen Lock wrote:
>[snip]
>> > (Memory corruption, right?) I've put the end of a in_asm,out_asm log up at
>> > http://people.freebsd.org/~nox/qemu/tcgbug-i386host.log.txt
>> > (its long.) That function is MD5Transform() in:
>> > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/kern/md5c.c?annotate=1.27
>> > in the FreeBSD 7.0 amd64 kernel on
>> >
>ftp://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-amd64/7.0/7.0-RELEASE-amd64-livefs.iso
>> > (the bootonly most likely will fail in the same way:
>> >
>ftp://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-amd64/7.0/7.0-RELEASE-amd64-bootonly.iso
>> > , you can go to
>> > http://mirrorlist.freebsd.org/
>> > to find a mirror near you, search for ISOs.)
>>
>> Well, I finally got around looking at this again, and found the cause
>> wasn't exactly a bug, just a too low constant:
>>
>> Index: qemu/exec-all.h
>> @@ -30,7 +30,7 @@
>> struct TranslationBlock;
>>
>> /* XXX: make safe guess about sizes */
>> -#define MAX_OP_PER_INSTR 64
>> +#define MAX_OP_PER_INSTR 128
>> /* A Call op needs up to 6 + 2N parameters (N = number of arguments). */
>> #define MAX_OPC_PARAM 10
>> #define OPC_BUF_SIZE 512
>>
>> With this I can at least boot into fixit and run find /dist (I didn't
>> test an actual install.)
>
>Were you able to isolate the offending instruction? With more than 64
>ops it should probably use a helper function.
Well, I have the backtrace of the overwrite watchpoint hit:
tcg_gen_shifti_i64 (ret=33, arg1=33, c=31, right=34, arith=0) at tcg-op.h:69
69 *gen_opparam_ptr++ = GET_TCGV(arg1);
(gdb) l
64 }
65
66 static inline void tcg_gen_op3(int opc, TCGv arg1, TCGv arg2, TCGv arg3)
67 {
68 *gen_opc_ptr++ = opc;
69 *gen_opparam_ptr++ = GET_TCGV(arg1);
70 *gen_opparam_ptr++ = GET_TCGV(arg2);
71 *gen_opparam_ptr++ = GET_TCGV(arg3);
72 }
73
(gdb) p gen_opc_ptr
$15 = (uint16_t *) 0x83c32e0
(gdb) bt
#0 tcg_gen_shifti_i64 (ret=33, arg1=33, c=31, right=34, arith=0)
at tcg-op.h:69
#1 0x080dbc03 in gen_rot_rm_T1 (s=0xbfbfd570, ot=2, op1=12, is_right=1)
at tcg-op.h:751
#2 0x080f924b in disas_insn (s=0xbfbfd570, pc_start=18446744071566862578)
at /usr/ports/emulators/qemu-devel/work/qemu-snapshot-2008-06-20_19/target-i386/translate.c:4911
#3 0x08149ada in gen_intermediate_code (env=0x12771000, tb=0x11217a00)
at /usr/ports/emulators/qemu-devel/work/qemu-snapshot-2008-06-20_19/target-i386/translate.c:7205
#4 0x080d51cb in cpu_x86_gen_code (env=0x12771000, tb=0x11217a00,
gen_code_size_ptr=0xbfbfd6ec)
at /usr/ports/emulators/qemu-devel/work/qemu-snapshot-2008-06-20_19/translate-all.c:96
#5 0x080d5b90 in cpu_x86_exec (env1=0x83be268)
at /usr/ports/emulators/qemu-devel/work/qemu-snapshot-2008-06-20_19/cpu-exec.c:141
#6 0x08056056 in main (argc=0, argv=0x0)
at /usr/ports/emulators/qemu-devel/work/qemu-snapshot-2008-06-20_19/vl.c:7233
Seeing what's at pc_start=18446744071566862578:
0xffffffff804928f2 <MD5Transform+898>: ror $0x17,%r12d
(which is also the insn the mentioned in_asm log ends with.)
But, can't there be more cases like this for amd64 targets on i386 hosts?
Since it has to do most ops in pieces...
Thanx,
Juergen
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2008-07-02 21:21 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-06-20 23:02 [Qemu-devel] testing r4764 svn from 2008-06-20 18:25:56 +0200 on FreeBSD Juergen Lock
2008-07-02 20:04 ` [Qemu-devel] found one tcg `bug' (was: testing r4764 svn from 2008-06-20 18:25:56 +0200 on FreeBSD) Juergen Lock
2008-07-02 20:49 ` Thiemo Seufer
2008-07-02 21:19 ` Juergen Lock
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.