From: Max Filippov <jcmvbkbc@gmail.com>
To: Laurent Desnogues <laurent.desnogues@gmail.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] Actual TB code doesn't look like what was intended (TCG issue)?
Date: Fri, 24 Jun 2011 12:35:35 +0400 [thread overview]
Message-ID: <201106241235.35336.jcmvbkbc@gmail.com> (raw)
In-Reply-To: <BANLkTikCR5342Yd2fCJGDWS8Jny+L+qjfg@mail.gmail.com>
> > Hello guys.
> >
> > I'm running qemu on x86_64 host.
> > It's clean build from git sources dated 2011.05.19, commit 1fddfba129f5435c80eda14e8bc23fdb888c7187
> > I have the following output from "log trace,op,out_asm":
> >
> > Trace 0x4000a310 [d0026c92]
> > OP:
> > ---- 0xd00000c0
> > movi_i32 tmp1,$0xfffffff4
> > add_i32 tmp0,ar9,tmp1
> > qemu_ld32 ar1,tmp0,$0x0
> >
> > ---- 0xd00000c3
> > movi_i32 tmp1,$0xfffffff0
> > add_i32 tmp0,ar9,tmp1
> > qemu_ld32 ar0,tmp0,$0x0
> >
> > [...snip...]
> [...]
> > 0x4000a360: xor %esi,%esi
> > 0x4000a362: callq 0x52edc2
> [...]
> > (gdb) x/25i 0x4000a330
> [...]
> > 0x4000a360: mov $0x1,%esi
> > 0x4000a365: callq 0x52edc2 <__ldl_mmu>
> > 0x4000a36a: mov %eax,%ebp
> > 0x4000a36c: sub $0x44,%al
> > => 0x4000a36e: lea -0x10(%rbx),%esp
> > 0x4000a371: mov %ebp,0xc(%r14)
> > 0x4000a375: mov %r12d,%esi
> > 0x4000a378: mov %r12d,%edi
> >
> > Please note how the current instruction in gdb differ from what was said in OUT. This lea corrupts stack pointer and the next callq generates segfault.
> > Could please anyone familiar with TCG take a look at this, or suggest where I should look myself?
>
> As Peter hinted, you're not looking at the code you think :-)
> Note how your original TCG code does loads:
>
> qemu_ld32 ar1,tmp0,$0x0
>
> That $0x0 will end up in %RSI. It's the mem index used to
> distinguish from user and privileged level accesses. In your
> examples of host code, in one case it is 0 and in the other
> it is 1, so you're definitely not really looking at the same
> block in the same running conditions.
Yes, I've noticed it (however, after I sent this mail).
But (1) quoted OUT is the last OUT for this host address range in the log and (2) in gdb I set "b tlb_fill if retaddr == 0x4000a369" and made some steps.
You mean that I should look at previous OUTs for this address range?
Thanks.
-- Max
next prev parent reply other threads:[~2011-06-24 8:35 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-24 2:44 [Qemu-devel] Actual TB code doesn't look like what was intended (TCG issue)? Max Filippov
2011-06-24 7:46 ` Peter Maydell
2011-06-24 8:34 ` Max Filippov
2011-06-24 9:42 ` Peter Maydell
2011-06-24 10:08 ` Max Filippov
2011-06-24 10:32 ` Peter Maydell
2011-06-24 17:06 ` Max Filippov
2011-06-24 8:14 ` Laurent Desnogues
2011-06-24 8:35 ` Max Filippov [this message]
2011-06-24 9:38 ` Laurent Desnogues
2011-06-24 9:48 ` Max Filippov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201106241235.35336.jcmvbkbc@gmail.com \
--to=jcmvbkbc@gmail.com \
--cc=laurent.desnogues@gmail.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.