[Qemu-devel] qemu aborts with temp_save: Assertion `s->temps[temp].val_type == 2 || s->temps[temp].fixed_reg' failed

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Max Filippov <jcmvbkbc@gmail.com>
To: Peter Maydell <peter.maydell@linaro.org>,
	Richard Henderson <rth@twiddle.net>,
	qemu-devel <qemu-devel@nongnu.org>
Subject: [Qemu-devel] qemu aborts with temp_save: Assertion `s->temps[temp].val_type == 2 || s->temps[temp].fixed_reg' failed
Date: Thu, 11 Jul 2013 06:35:48 +0400	[thread overview]
Message-ID: <51DE1A04.1080602@gmail.com> (raw)

Hi Peter,

I suddenly found qemu built with debug enabled aborting with an assertion on one of xtensa tests:

qemu-system-xtensa -M sim -cpu dc232b -nographic -semihosting  -kernel ./test_sr.tst
QEMU 1.4.50 monitor - type 'help' for more information
(qemu) QEMU 1.4.50 monitor - type 'help' for more information
(qemu) qemu-system-xtensa: tcg/tcg.c:1673: temp_save: Assertion `s->temps[temp].val_type == 2 || s->temps[temp].fixed_reg' failed.

This happens in the mainline as well, bisection points to the following commit:

commit 378df4b23753a11be650af7664ca76bc75cb9f01
Author: Peter Maydell <peter.maydell@linaro.org>
Date:   Fri Feb 22 18:10:03 2013 +0000

    Handle CPU interrupts by inline checking of a flag


I have the following traces when it happens, any idea of what could go wrong?

OP:
 ld_i32 loc0,env,$0xffffffffffffffc8
 movi_i32 tmp1,$0x0
 brcond_i32 loc0,tmp1,ne,$0x0
 ---- 0xd0000fde

 ---- 0xd0000fe0
 movi_i32 tmp1,$0xd0000fe0
 movi_i32 tmp2,$0x1
 movi_i32 tmp3,$0x2
 movi_i64 tmp4,$advance_ccount
 call tmp4,$0x0,$0,env,tmp3
 movi_i64 tmp4,$window_check
 call tmp4,$0x0,$0,env,tmp1,tmp2
 movi_i32 ar4,$0x0

 ---- 0xd0000fe2
 movi_i32 tmp1,$0xd00003f0
 qemu_ld32 ar2,tmp1,$0x0

 ---- 0xd0000fe5
 movi_i32 tmp1,$0xd0000470
 qemu_ld32 ar3,tmp1,$0x0

 ---- 0xd0000fe8
 mov_i32 tmp1,ar2
 qemu_st32 ar3,tmp1,$0x0

 ---- 0xd0000fea
 movi_i32 tmp1,$0xd0000fea
 movi_i32 tmp2,$0x0
 movi_i32 tmp3,$0x4
 movi_i64 tmp4,$advance_ccount
 call tmp4,$0x0,$0,env,tmp3
 movi_i64 tmp4,$exception_cause
 call tmp4,$0x0,$0,env,tmp1,tmp2
 mov_i32 env,ar4
 set_label $0x0
 exit_tb $0x7fffed6373b3

qemu-system-xtensa: tcg/tcg.c:1673: temp_save: Assertion `s->temps[temp].val_type == 2 || s->temps[temp].fixed_reg' failed.

Program received signal SIGABRT, Aborted.
[Switching to Thread 0x7fffed633700 (LWP 29011)]
0x00007ffff545bc55 in raise () from /lib64/libc.so.6
...
(gdb) bt
#0  temp_save (s=0x55555624a2a0 <tcg_ctx>, temp=6, allocated_regs=16400) at tcg/tcg.c:1673
#1  0x0000555555730fd6 in save_globals (s=0x55555624a2a0 <tcg_ctx>, allocated_regs=16400) at tcg/tcg.c:1688
#2  0x00005555557311b9 in tcg_reg_alloc_bb_end (s=0x55555624a2a0 <tcg_ctx>, allocated_regs=16400) at tcg/tcg.c:1731
#3  0x0000555555732e5d in tcg_gen_code_common (s=0x55555624a2a0 <tcg_ctx>, gen_code_buf=0x7fffef240150 <code_gen_buffer+49488> "A\213nȉ\254$\200",
search_pc=-1) at tcg/tcg.c:2300
#4  0x0000555555733029 in tcg_gen_code (s=0x55555624a2a0 <tcg_ctx>, gen_code_buf=0x7fffef240150 <code_gen_buffer+49488> "A\213nȉ\254$\200") at
tcg/tcg.c:2356
#5  0x0000555555733d3d in cpu_xtensa_gen_code (env=0x5555562b43c0, tb=0x7fffed6373b0, gen_code_size_ptr=0x7fffed632a70) at translate-all.c:175
#6  0x00005555557351cf in tb_gen_code (env=0x5555562b43c0, pc=3489664990, cs_base=0, flags=0, cflags=0) at translate-all.c:958
#7  0x00005555556c8216 in tb_find_slow (env=0x5555562b43c0, pc=3489664990, cs_base=0, flags=0) at cpu-exec.c:141
#8  0x00005555556c839d in tb_find_fast (env=0x5555562b43c0) at cpu-exec.c:168
#9  0x00005555556c8722 in cpu_xtensa_exec (env=0x5555562b43c0) at cpu-exec.c:583
#10 0x00005555556cb719 in tcg_cpu_exec (env=0x5555562b43c0) at cpus.c:1117
#11 0x00005555556cb850 in tcg_exec_all () at cpus.c:1150
#12 0x00005555556cab40 in qemu_tcg_cpu_thread_fn (arg=0x5555562b42b0) at cpus.c:843
#13 0x00007ffff64d0d15 in start_thread () from /lib64/libpthread.so.0
#14 0x00007ffff551853d in clone () from /lib64/libc.so.6
(gdb) f 4
#4  0x0000555555730f85 in temp_save (s=0x55555624a2a0 <tcg_ctx>, temp=6, allocated_regs=16400) at tcg/tcg.c:1673
1673        assert(s->temps[temp].val_type == TEMP_VAL_MEM || s->temps[temp].fixed_reg);
(gdb) p s->temps[temp]
$2 = {
  base_type = TCG_TYPE_I32,
  type = TCG_TYPE_I32,
  val_type = 1,
  reg = 5,
  val = 0,
  mem_reg = 14,
  mem_offset = 24,
  fixed_reg = 0,
  mem_coherent = 1,
  mem_allocated = 1,
  temp_local = 0,
  temp_allocated = 0,
  next_free_temp = 0,
  name = 0x5555557826e0 "ar4"
}

-- 
Thanks.
-- Max

next             reply	other threads:[~2013-07-11  2:36 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-07-11  2:35 Max Filippov [this message]
2013-07-11  4:01 ` [Qemu-devel] qemu aborts with temp_save: Assertion `s->temps[temp].val_type == 2 || s->temps[temp].fixed_reg' failed Max Filippov
2013-07-28 23:01   ` Aurelien Jarno
2013-07-28 23:14     ` Max Filippov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=51DE1A04.1080602@gmail.com \
    --to=jcmvbkbc@gmail.com \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=rth@twiddle.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.