From: "Alex Bennée" <alex.bennee@linaro.org>
To: "Philippe Mathieu-Daudé" <f4bug@amsat.org>
Cc: Aurelien Jarno <aurelien@aurel32.net>,
qemu-devel@nongnu.org, Richard Henderson <rth@twiddle.net>,
Vladimir Prus <vladimir.prus@gmail.com>,
"Edgar E . Iglesias" <edgar.iglesias@gmail.com>
Subject: Re: [Qemu-devel] [PATCH 0/2] target/sh4: add missing tcg_temp_free()
Date: Tue, 05 Dec 2017 20:35:04 +0000 [thread overview]
Message-ID: <87374osykn.fsf@linaro.org> (raw)
In-Reply-To: <20171205170013.22337-1-f4bug@amsat.org>
Philippe Mathieu-Daudé <f4bug@amsat.org> writes:
> Hi,
>
> After reading Alex commenting on IRC "java --version failing on sh4" I remember
> this series staged for 2.12.
>
> This might help for:
>
> root@6e10336e48ac:/etc/apt# java --version
> qemu-sh4: /home/alex/lsrc/qemu/qemu.git/tcg/tcg.h:703: temp_idx: Assertion `n >= 0 && n < tcg_ctx->nb_temps' failed.
> qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Sadly it's decode_gusa which trips for me:
#0 0x00007ffff6941428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1 0x00007ffff694302a in __GI_abort () at abort.c:89
#2 0x00007ffff6939bd7 in __assert_fail_base (fmt=<optimised out>, assertion=assertion@entry=0x555555678fc8 "n >= 0 && n < tcg_ctx->nb_temps", file=file@entry=0x555555678fa0 "/home/alex/lsrc/qemu/qemu.git/tcg/tcg.h", line=line@entry=703, function=function@entry=0x55555567aa38 <__PRETTY_FUNCTION__.23740> "temp_idx") at assert.c:92
#3 0x00007ffff6939c82 in __GI___assert_fail (assertion=0x555555678fc8 "n >= 0 && n < tcg_ctx->nb_temps", file=0x555555678fa0 "/home/alex/lsrc/qemu/qemu.git/tcg/tcg.h", line=703, function=0x55555567aa38 <__PRETTY_FUNCTION__.23740> "temp_idx") at assert.c:101
#4 0x0000555555585e03 in temp_idx (ts=0x555555902f20 <tcg_init_ctx>) at /home/alex/lsrc/qemu/qemu.git/tcg/tcg.h:703
#5 0x0000555555585e5b in tcgv_i32_temp (v=0x0) at /home/alex/lsrc/qemu/qemu.git/tcg/tcg.h:724
#6 0x000055555558bc2f in tcg_temp_free_i32 (arg=0x0) at /home/alex/lsrc/qemu/qemu.git/tcg/tcg.c:1053
#7 0x00005555555ff077 in decode_gusa (ctx=0x7ffff7f67c00, env=0x5555579adf60, pmax_insns=0x7ffff7f67bec) at /home/alex/lsrc/qemu/qemu.git/target/sh4/translate.c:2193
#8 0x00005555555ff303 in gen_intermediate_code (cs=0x5555579a5cc0, tb=0x55555593c6c0 <static_code_gen_buffer+78976>) at /home/alex/lsrc/qemu/qemu.git/target/sh4/translate.c:2268
#9 0x00005555555bc656 in tb_gen_code (cpu=0x5555579a5cc0, pc=2134168040, cs_base=2134168044, flags=528320, cflags=524288) at /home/alex/lsrc/qemu/qemu.git/accel/tcg/translate-all.c:1292
#10 0x00005555555b9ff9 in tb_find (cpu=0x5555579a5cc0, last_tb=0x0, tb_exit=0, cf_mask=524288) at /home/alex/lsrc/qemu/qemu.git/accel/tcg/cpu-exec.c:402
#11 0x00005555555ba77d in cpu_exec (cpu=0x5555579a5cc0) at /home/alex/lsrc/qemu/qemu.git/accel/tcg/cpu-exec.c:735
#12 0x00005555555c0ed2 in cpu_loop (env=0x5555579adf60) at /home/alex/lsrc/qemu/qemu.git/linux-user/main.c:2684
#13 0x00005555555d001c in clone_func (arg=0x7fffffffc990) at /home/alex/lsrc/qemu/qemu.git/linux-user/syscall.c:6264
#14 0x00007ffff6cdd6ba in start_thread (arg=0x7ffff7f68700) at pthread_create.c:333
#15 0x00007ffff6a133dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
#7 0x00005555555ff077 in decode_gusa (ctx=0x7ffff7f67c00, env=0x5555579adf60, pmax_insns=0x7ffff7f67bec) at /home/alex/lsrc/qemu/qemu.git/target/sh4/translate.c:2193
2193 tcg_temp_free_i32(op_arg);
The line:
/* If op_src is not a valid register, then op_arg was a constant. */
if (op_src < 0) {
tcg_temp_free_i32(op_arg);
}
Looks pretty sketchy to me, why not check is op_arg is allocated
directly? Constants still need to be freed over a block. I think TCG
still keeps them around if it re-uses them.
>
> Regards,
>
> Philippe.
>
> Philippe Mathieu-Daudé (2):
> target/sh4: add missing tcg_temp_free() in gen_conditional_jump()
> target/sh4: add missing tcg_temp_free() in _decode_opc()
>
> target/sh4/translate.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
--
Alex Bennée
prev parent reply other threads:[~2017-12-05 20:35 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-05 17:00 [Qemu-devel] [PATCH 0/2] target/sh4: add missing tcg_temp_free() Philippe Mathieu-Daudé
2017-12-05 17:00 ` [Qemu-devel] [PATCH 1/2] target/sh4: add missing tcg_temp_free() in gen_conditional_jump() Philippe Mathieu-Daudé
2017-12-06 21:59 ` Aurelien Jarno
2017-12-05 17:00 ` [Qemu-devel] [PATCH 2/2] target/sh4: add missing tcg_temp_free() in _decode_opc() Philippe Mathieu-Daudé
2017-12-06 21:59 ` Aurelien Jarno
2017-12-05 20:35 ` Alex Bennée [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87374osykn.fsf@linaro.org \
--to=alex.bennee@linaro.org \
--cc=aurelien@aurel32.net \
--cc=edgar.iglesias@gmail.com \
--cc=f4bug@amsat.org \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
--cc=vladimir.prus@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.