From: Jakub Jermar <jakub@jermar.eu>
To: qemu-devel@nongnu.org
Cc: HelenOS development mailing list <helenos-devel@lists.modry.cz>
Subject: [Qemu-devel] [sparc64] Miscomputed minimum of a group of numbers in sparc64 emulation
Date: Thu, 30 Jun 2011 23:12:07 +0200 [thread overview]
Message-ID: <4E0CE6A7.10901@jermar.eu> (raw)
[-- Attachment #1: Type: text/plain, Size: 813 bytes --]
Hi,
we have been observing a problem with HelenOS running on the latest git
Qemu/sparc64. The gist of the problem is that the following computation
of minimum of 64 and 512 surprisingly gives 512:
bytes = min(len, BPS(bs) - pos % BPS(bs));
bytes = min(bytes, nodep->size - pos);
On input, `len` is 64, `pos` is 0, `BPS(bs)` is 512 and `nodep->size` is
some bigger number. Surprisingly, in a non-single-stepping mode, Qemu
computes `bytes` as 512 instead of 64. When singlestepping via GDB, the
result is correct.
I think this could be a bug in Qemu so I am attaching the relevant
portion of qemu.log with some comments and pointers in it.
I would appreciate if someone who understands the sparc64 code
translation could have a look at this. More debugging data may be
provided upon request.
Thanks,
Jakub
[-- Attachment #2: qemu.log --]
[-- Type: text/x-log, Size: 11032 bytes --]
IN:
0x00000000000067a4: ldub [ %o0 + 0xb ], %g1
0x00000000000067a8: sub %i1, %i2, %i1
0x00000000000067ac: ldub [ %o0 + 0xc ], %g2
0x00000000000067b0: sethi %hi(0x1dc00), %o0
0x00000000000067b4: sllx %g1, 8, %g1
0x00000000000067b8: ldx [ %fp + 0x7ef ], %g3
0x00000000000067bc: or %o0, 0x258, %o0
0x00000000000067c0: or %g2, %g1, %g1
0x00000000000067c4: sll %g1, 0x10, %g1
0x00000000000067c8: cmp %i1, %g3
0x00000000000067cc: srl %g1, 8, %g4
0x00000000000067d0: mov %g3, %o3
0x00000000000067d4: srl %g1, 0x18, %g1
0x00000000000067d8: or %g4, %g1, %g4
0x00000000000067dc: sllx %g4, 0x30, %g2
0x00000000000067e0: srlx %g2, 0x30, %g2
0x00000000000067e4: udivx %i2, %g2, %g1
0x00000000000067e8: mulx %g1, %g2, %g1
0x00000000000067ec: movgu %xcc, %g3, %i1
0x00000000000067f0: sll %g4, 0x10, %g4
0x00000000000067f4: sub %i2, %g1, %g1
0x00000000000067f8: srl %g4, 0x10, %o1
0x00000000000067fc: sub %g2, %g1, %g1
0x0000000000006800: sra %o1, 0, %o1
0x0000000000006804: cmp %i1, %g1
0x0000000000006808: movgu %xcc, %g1, %i1 <= with 0 in %xcc the move is executed and overwrites 64 in %i1 by 512 from %g1
0x000000000000680c: call 0x13f00 <= when I put breakpoint here, %xcc is 0 insted of 0b1001 in non-single-stepping mode
0x0000000000006810: mov %i1, %o4
OP after liveness analysis:
movi_i64 tmp8,$compute_psr
call tmp8,$0x0,$0
ld_i64 tmp6,regwptr,$0x0
movi_i64 tmp8,$0xb
add_i64 loc5,tmp6,tmp8
qemu_ld8u loc4,loc5,$0x0
mov_i64 g1,loc4
ld_i64 tmp7,regwptr,$0x88
ld_i64 tmp6,regwptr,$0x90
sub_i64 loc3,tmp7,tmp6
st_i64 loc3,regwptr,$0x88
ld_i64 tmp6,regwptr,$0x0
movi_i64 tmp8,$0xc
add_i64 loc5,tmp6,tmp8
qemu_ld8u loc4,loc5,$0x0
mov_i64 g2,loc4
movi_i64 tmp8,$0x1dc00
st_i64 tmp8,regwptr,$0x0
movi_i64 tmp8,$0x8
shl_i64 loc3,g1,tmp8
mov_i64 g1,loc3
ld_i64 tmp7,regwptr,$0xb0
movi_i64 tmp8,$0x7ef
add_i64 loc5,tmp7,tmp8
qemu_ld64 loc4,loc5,$0x0
mov_i64 g3,loc4
ld_i64 tmp6,regwptr,$0x0
movi_i64 tmp8,$0x258
or_i64 loc3,tmp6,tmp8
st_i64 loc3,regwptr,$0x0
mov_i64 tmp6,g1
or_i64 loc3,g2,tmp6
mov_i64 g1,loc3
movi_i64 tmp8,$0x10
shl_i64 loc3,g1,tmp8
mov_i64 g1,loc3
ld_i64 tmp7,regwptr,$0x88
mov_i64 cc_src,tmp7
mov_i64 cc_src2,g3
sub_i64 cc_dst,cc_src,cc_src2
nopn $0x2,$0x2
movi_i32 cc_op,$0x7
movi_i64 tmp8,$0xffffffff
and_i64 loc3,g1,tmp8
movi_i64 tmp8,$0x8
shr_i64 loc3,loc3,tmp8
mov_i64 g4,loc3
mov_i64 loc3,g3
st_i64 loc3,regwptr,$0x18
movi_i64 tmp8,$0xffffffff
and_i64 loc3,g1,tmp8
movi_i64 tmp8,$0x18
shr_i64 loc3,loc3,tmp8
mov_i64 g1,loc3
mov_i64 tmp6,g1
or_i64 loc3,g4,tmp6
mov_i64 g4,loc3
movi_i64 tmp8,$0x30
shl_i64 loc3,g4,tmp8
mov_i64 g2,loc3
movi_i64 tmp8,$0x30
shr_i64 loc3,g2,tmp8
mov_i64 g2,loc3
ld_i64 tmp6,regwptr,$0x90
mov_i64 cc_src,tmp6
mov_i64 cc_src2,g2
movi_i64 tmp8,$0x0
brcond_i64 cc_src2,tmp8,ne,$0x0
movi_i32 tmp9,$0x28
movi_i64 tmp8,$raise_exception
call tmp8,$0x0,$0,tmp9
set_label $0x0
movi_i64 tmp8,$0x0
divu2_i64 loc3,tmp8,cc_src,tmp8,cc_src2
mov_i64 g1,loc3
mul_i64 loc3,g1,g2
mov_i64 g1,loc3
nopn $0x3,$0x1,$0x3
movi_i64 tmp10,$compute_psr
call tmp10,$0x0,$0
ext32u_i64 tmp0,xcc
movi_i64 tmp10,$0x16
shr_i64 tmp0,tmp0,tmp10
movi_i64 tmp10,$0x1
and_i64 tmp0,tmp0,tmp10
ext32u_i64 tmp8,xcc
movi_i64 tmp10,$0x14
shr_i64 tmp8,tmp8,tmp10
movi_i64 tmp10,$0x1
and_i64 tmp8,tmp8,tmp10
or_i64 tmp8,tmp8,tmp0
movi_i64 tmp10,$0x1
xor_i64 tmp8,tmp8,tmp10
movi_i64 tmp10,$0x0
brcond_i64 tmp8,tmp10,eq,$0x1
mov_i64 tmp0,g3
st_i64 tmp0,regwptr,$0x88
set_label $0x1
movi_i64 tmp8,$0x10
shl_i64 loc3,g4,tmp8
mov_i64 g4,loc3
ld_i64 tmp6,regwptr,$0x90
sub_i64 loc3,tmp6,g1
mov_i64 g1,loc3
movi_i64 tmp8,$0xffffffff
and_i64 loc3,g4,tmp8
movi_i64 tmp8,$0x10
shr_i64 loc3,loc3,tmp8
st_i64 loc3,regwptr,$0x8
sub_i64 loc3,g2,g1
mov_i64 g1,loc3
ld_i64 tmp7,regwptr,$0x8
movi_i64 tmp8,$0xffffffff
and_i64 loc3,tmp7,tmp8
ext32s_i64 loc3,loc3
st_i64 loc3,regwptr,$0x8
ld_i64 tmp6,regwptr,$0x88
mov_i64 cc_src,tmp6
mov_i64 cc_src2,g1
sub_i64 cc_dst,cc_src,cc_src2
mov_i64 loc3,cc_dst
movi_i32 cc_op,$0x7
nopn $0x3,$0x1,$0x3
movi_i64 tmp10,$compute_psr
call tmp10,$0x0,$0
ext32u_i64 tmp0,xcc
movi_i64 tmp10,$0x16
shr_i64 tmp0,tmp0,tmp10
movi_i64 tmp10,$0x1
and_i64 tmp0,tmp0,tmp10
ext32u_i64 tmp8,xcc
movi_i64 tmp10,$0x14
shr_i64 tmp8,tmp8,tmp10
movi_i64 tmp10,$0x1
and_i64 tmp8,tmp8,tmp10
or_i64 tmp8,tmp8,tmp0
movi_i64 tmp10,$0x1
xor_i64 tmp8,tmp8,tmp10
movi_i64 tmp10,$0x0
brcond_i64 tmp8,tmp10,eq,$0x2
mov_i64 tmp0,g1
st_i64 tmp0,regwptr,$0x88
set_label $0x2
movi_i64 tmp8,$0x680c
st_i64 tmp8,regwptr,$0x38
ld_i64 loc3,regwptr,$0x88
st_i64 loc3,regwptr,$0x20
movi_i64 pc,$0x13f00
movi_i64 npc,$0x13f04
exit_tb $0x0
end
OUT: [size=797]
0x409551a0: callq 0x526810
0x409551a5: mov 0x40(%r14),%rbp
0x409551a9: mov 0x0(%rbp),%rbx
0x409551ad: add $0xb,%rbx
0x409551b1: mov %rbx,%rsi
0x409551b4: mov %rbx,%rdi
0x409551b7: shr $0x8,%rsi
0x409551bb: and $0xffffffffffffe000,%rdi
0x409551c2: and $0x1fe0,%esi
0x409551c8: lea 0x1238(%r14,%rsi,1),%rsi
0x409551d0: cmp (%rsi),%rdi
0x409551d3: mov %rbx,%rdi
0x409551d6: jne 0x409551e1
0x409551d8: add 0x18(%rsi),%rdi
0x409551dc: movzbl (%rdi),%ebp
0x409551df: jmp 0x409551eb
0x409551e1: xor %esi,%esi
0x409551e3: callq 0x52c290
0x409551e8: movzbl %al,%ebp
0x409551eb: mov 0x40(%r14),%rbx
0x409551ef: mov 0x88(%rbx),%r12
0x409551f6: mov 0x90(%rbx),%r13
0x409551fd: sub %r13,%r12
0x40955200: mov %r12,0x88(%rbx)
0x40955207: mov (%rbx),%r12
0x4095520a: add $0xc,%r12
0x4095520e: mov %rbp,0x8(%r14)
0x40955212: mov %r12,%rsi
0x40955215: mov %r12,%rdi
0x40955218: shr $0x8,%rsi
0x4095521c: and $0xffffffffffffe000,%rdi
0x40955223: and $0x1fe0,%esi
0x40955229: lea 0x1238(%r14,%rsi,1),%rsi
0x40955231: cmp (%rsi),%rdi
0x40955234: mov %r12,%rdi
0x40955237: jne 0x40955242
0x40955239: add 0x18(%rsi),%rdi
0x4095523d: movzbl (%rdi),%ebp
0x40955240: jmp 0x4095524c
0x40955242: xor %esi,%esi
0x40955244: callq 0x52c290
0x40955249: movzbl %al,%ebp
0x4095524c: mov $0x1dc00,%ebx
0x40955251: mov 0x40(%r14),%r12
0x40955255: mov %rbx,(%r12)
0x40955259: mov 0x8(%r14),%rbx
0x4095525d: shl $0x8,%rbx
0x40955261: mov 0xb0(%r12),%r13
0x40955269: add $0x7ef,%r13
0x40955270: mov %rbx,0x8(%r14)
0x40955274: mov %rbp,0x10(%r14)
0x40955278: mov %r13,%rsi
0x4095527b: mov %r13,%rdi
0x4095527e: shr $0x8,%rsi
0x40955282: and $0xffffffffffffe007,%rdi
0x40955289: and $0x1fe0,%esi
0x4095528f: lea 0x1238(%r14,%rsi,1),%rsi
0x40955297: cmp (%rsi),%rdi
0x4095529a: mov %r13,%rdi
0x4095529d: jne 0x409552ab
0x4095529f: add 0x18(%rsi),%rdi
0x409552a3: mov (%rdi),%rbp
0x409552a6: bswap %rbp
0x409552a9: jmp 0x409552b5
0x409552ab: xor %esi,%esi
0x409552ad: callq 0x52a900
0x409552b2: mov %rax,%rbp
0x409552b5: mov %rbp,%rbx
0x409552b8: mov 0x40(%r14),%r12
0x409552bc: mov (%r12),%r15
0x409552c0: or $0x258,%r15
0x409552c7: mov %r15,(%r12)
0x409552cb: mov 0x8(%r14),%r15
0x409552cf: mov 0x10(%r14),%r10
0x409552d3: or %r15,%r10
0x409552d6: shl $0x10,%r10
0x409552da: mov 0x88(%r12),%r15
0x409552e2: mov %rbx,%r11
0x409552e5: sub %r11,%r15
0x409552e8: mov %r10,%r11
0x409552eb: mov %r11d,%r11d
0x409552ee: shr $0x8,%r11
0x409552f2: mov %rbx,%r9
0x409552f5: mov %r9,0x18(%r12)
0x409552fa: mov %r10d,%r10d
0x409552fd: shr $0x18,%r10
0x40955301: mov %r10,%r9
0x40955304: or %r9,%r11
0x40955307: mov %r11,%r9
0x4095530a: shl $0x30,%r9
0x4095530e: shr $0x30,%r9
0x40955312: mov %r9,%r8
0x40955315: mov 0x90(%r12),%rcx
0x4095531d: mov %r8,%rdx
0x40955320: mov %r9,0x18248(%r14)
0x40955327: mov %rbp,0x18250(%r14)
0x4095532e: mov %r13,0x18258(%r14)
0x40955335: mov %rcx,0x60(%r14)
0x40955339: mov %rdx,0x68(%r14)
0x4095533d: mov %r15,0x70(%r14)
0x40955341: mov $0x7,%ebp
0x40955346: mov %ebp,0x78(%r14)
0x4095534a: mov %r10,0x8(%r14)
0x4095534e: mov %r8,0x10(%r14)
0x40955352: mov %rbx,0x18(%r14)
0x40955356: mov %r11,0x20(%r14)
0x4095535a: test %rdx,%rdx
0x4095535d: jne 0x4095536d
0x40955363: mov $0x28,%edi
0x40955368: callq 0x523f50
0x4095536d: mov 0x60(%r14),%rax
0x40955371: xor %edx,%edx
0x40955373: mov 0x68(%r14),%rbp
0x40955377: div %rbp
0x4095537a: mov 0x10(%r14),%rbx
0x4095537e: imul %rbx,%rax
0x40955382: mov %rax,%r12
0x40955385: mov %rax,0x18248(%r14)
0x4095538c: mov %r12,0x8(%r14)
0x40955390: callq 0x526810
0x40955395: mov 0x19230(%r14),%ebp
0x4095539c: mov %ebp,%ebx
0x4095539e: shr $0x16,%rbx
0x409553a2: and $0x1,%ebx
0x409553a5: mov %ebp,%r12d
0x409553a8: shr $0x14,%r12
0x409553ac: and $0x1,%r12d
0x409553b0: or %rbx,%r12
0x409553b3: xor $0x1,%r12
0x409553b7: test %r12,%r12
0x409553ba: je 0x409553cf
0x409553c0: mov 0x18(%r14),%rbp
0x409553c4: mov 0x40(%r14),%rbx
0x409553c8: mov %rbp,0x88(%rbx)
0x409553cf: mov 0x20(%r14),%rbp
0x409553d3: shl $0x10,%rbp
0x409553d7: mov 0x40(%r14),%rbx
0x409553db: mov 0x90(%rbx),%r12
0x409553e2: mov 0x8(%r14),%r13
0x409553e6: sub %r13,%r12
0x409553e9: mov %rbp,%r13
0x409553ec: mov %r13d,%r13d
0x409553ef: shr $0x10,%r13
0x409553f3: mov %r13,0x8(%rbx)
0x409553f7: mov 0x10(%r14),%r13
0x409553fb: mov %r13,%r15
0x409553fe: sub %r12,%r15
0x40955401: mov 0x8(%rbx),%r12
0x40955405: mov %r12d,%r12d
0x40955408: movslq %r12d,%r12
0x4095540b: mov %r12,0x8(%rbx)
0x4095540f: mov 0x88(%rbx),%r12
0x40955416: mov %r15,%r10
0x40955419: mov %r12,%r11
0x4095541c: sub %r10,%r11
0x4095541f: mov %r11,%r9
0x40955422: mov %r9,0x18248(%r14)
0x40955429: mov %r10,0x68(%r14)
0x4095542d: mov %r11,0x70(%r14)
0x40955431: mov %r12,0x60(%r14)
0x40955435: mov $0x7,%ebx
0x4095543a: mov %ebx,0x78(%r14)
0x4095543e: mov %r15,0x8(%r14)
0x40955442: mov %rbp,0x20(%r14)
0x40955446: callq 0x526810
0x4095544b: mov 0x19230(%r14),%ebp
0x40955452: mov %ebp,%ebx
0x40955454: shr $0x16,%rbx
0x40955458: and $0x1,%ebx
0x4095545b: mov %ebp,%r12d
0x4095545e: shr $0x14,%r12
0x40955462: and $0x1,%r12d
0x40955466: or %rbx,%r12
0x40955469: xor $0x1,%r12
0x4095546d: test %r12,%r12
0x40955470: je 0x40955485
0x40955476: mov 0x8(%r14),%rbp
0x4095547a: mov 0x40(%r14),%rbx
0x4095547e: mov %rbp,0x88(%rbx)
0x40955485: mov $0x680c,%ebp
0x4095548a: mov 0x40(%r14),%rbx
0x4095548e: mov %rbp,0x38(%rbx)
0x40955492: mov 0x88(%rbx),%rbp
0x40955499: mov %rbp,0x20(%rbx)
0x4095549d: mov %rbp,0x18248(%r14)
0x409554a4: mov $0x13f00,%ebp
0x409554a9: mov %rbp,0x48(%r14)
0x409554ad: mov $0x13f04,%ebp
0x409554b2: mov %rbp,0x50(%r14)
0x409554b6: xor %eax,%eax
0x409554b8: jmpq 0x108e4ee
next reply other threads:[~2011-06-30 21:12 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-30 21:12 Jakub Jermar [this message]
2011-07-01 9:15 ` [Qemu-devel] [HelenOS-devel] [sparc64] Miscomputed minimum of a group of numbers in sparc64 emulation Artyom Tarasenko
2011-07-01 9:36 ` Jakub Jermar
2011-07-01 10:41 ` Artyom Tarasenko
2011-07-01 12:57 ` Jakub Jermar
2011-07-01 14:11 ` Jakub Jermar
2011-07-01 14:24 ` Laurent Desnogues
2011-07-01 14:28 ` Jakub Jermar
2011-07-01 15:08 ` Artyom Tarasenko
2011-07-01 14:15 ` Laurent Desnogues
2011-07-01 14:21 ` Jakub Jermar
2011-07-01 15:03 ` Artyom Tarasenko
2011-07-01 15:20 ` Laurent Desnogues
2011-07-01 15:53 ` Artyom Tarasenko
2011-07-01 16:14 ` Artyom Tarasenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E0CE6A7.10901@jermar.eu \
--to=jakub@jermar.eu \
--cc=helenos-devel@lists.modry.cz \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.