From: Max Filippov <jcmvbkbc@gmail.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] Actual TB code doesn't look like what was intended (TCG issue)?
Date: Fri, 24 Jun 2011 12:34:18 +0400 [thread overview]
Message-ID: <201106241234.19282.jcmvbkbc@gmail.com> (raw)
In-Reply-To: <BANLkTikm1Sb3g2+zTjjC=1hfWoKrVz_k=Q@mail.gmail.com>
> > Please note how the current instruction in gdb differ from what
> > was said in OUT. This lea corrupts stack pointer and the next
> > callq generates segfault.
> > Could please anyone familiar with TCG take a look at this, or
> > suggest where I should look myself?
>
> You don't say which target you're compiling code for, or what
> the input assembly was which triggered this.
I thought it doesn't matter. It's target-xtensa that I've been developing, input assembly is the following:
d00000c0 <_WindowUnderflow8>:
d00000c0: 09d910 l32e a1, a9, -12
d00000c3: 09c900 l32e a0, a9, -16
d00000c6: 09d170 l32e a7, a1, -12
d00000c9: 09e920 l32e a2, a9, -8
d00000cc: 09f930 l32e a3, a9, -4
d00000cf: 098740 l32e a4, a7, -32
d00000d2: 099750 l32e a5, a7, -28
d00000d5: 09a760 l32e a6, a7, -24
d00000d8: 09b770 l32e a7, a7, -20
d00000db: 003500 rfwu
> My first guess is that the target's front end might have a bug
> where it wrongly bakes in assumptions about bits of the CPUState.
> QEMU will occasionally retranslate-in-place a TB (if a load in
> the TB causes an exception) so if the frontend generates different
> code the second time around things will go wrong...
>
> You should be able to find out what's stomping on the code
> with the aid of a debugger and some watchpoints.
I just thought that "lea -0x10(%rbx),%esp" may not appear in generated code at all, and in the OUT section (which is for different MMU mode, as I can see now) it is "lea -0x10(%rbx),%r12d".
The instruction itself looks odd: it writes to esp and the sizes of the registers it operates on are different.
Thanks.
-- Max
next prev parent reply other threads:[~2011-06-24 8:34 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-24 2:44 [Qemu-devel] Actual TB code doesn't look like what was intended (TCG issue)? Max Filippov
2011-06-24 7:46 ` Peter Maydell
2011-06-24 8:34 ` Max Filippov [this message]
2011-06-24 9:42 ` Peter Maydell
2011-06-24 10:08 ` Max Filippov
2011-06-24 10:32 ` Peter Maydell
2011-06-24 17:06 ` Max Filippov
2011-06-24 8:14 ` Laurent Desnogues
2011-06-24 8:35 ` Max Filippov
2011-06-24 9:38 ` Laurent Desnogues
2011-06-24 9:48 ` Max Filippov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201106241234.19282.jcmvbkbc@gmail.com \
--to=jcmvbkbc@gmail.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.