From: "Alex Bennée" <alex.bennee@linaro.org>
To: Matt Borgerson <contact@mborgerson.com>
Cc: qemu-devel@nongnu.org,
"Richard Henderson" <richard.henderson@linaro.org>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Yoshinori Sato" <ysato@users.sourceforge.jp>
Subject: Re: [PATCH v2] plugins: Set final instruction count in plugin_gen_tb_end
Date: Tue, 18 Jul 2023 23:05:16 +0100 [thread overview]
Message-ID: <87cz0o27l9.fsf@linaro.org> (raw)
In-Reply-To: <CADc=-s46VkRZiU--59VdeTcACoir1srxV=eTxPwwwut_tSJESQ@mail.gmail.com>
Matt Borgerson <contact@mborgerson.com> writes:
> Thanks Alex!
>
>
> On Mon, Jul 17, 2023 at 8:34 AM Alex Bennée <alex.bennee@linaro.org> wrote:
>>
>>
>> Alex Bennée <alex.bennee@linaro.org> writes:
>>
>> > Matt Borgerson <contact@mborgerson.com> writes:
>> >
>> >> Translation logic may partially decode an instruction, then abort and
>> >> remove the instruction from the TB. This can happen for example when an
>> >> instruction spans two pages. In this case, plugins may get an incorrect
>> >> result when calling qemu_plugin_tb_n_insns to query for the number of
>> >> instructions in the TB. This patch updates plugin_gen_tb_end to set the
>> >> final instruction count.
>> >
>> > For some reason this fails to apply cleanly:
>> >
>> > git am ./v2_20230714_contact_plugins_set_final_instruction_count_in_plugin_gen_tb_end.mbx
>> > Applying: plugins: Set final instruction count in plugin_gen_tb_end
>> > error: corrupt patch at line 31
>> > Patch failed at 0001 plugins: Set final instruction count in
>> > plugin_gen_tb_end
>>
>> I think some newlines crept in, I was able to fix. Queued to
>> for-8.1/misc-fixes with the assert added.
Hmm so I ran into an issue:
./qemu-sh4 -plugin tests/plugin/libbb.so -d plugin ./tests/tcg/sh4-linux-user/testthread
ERROR:../../accel/tcg/plugin-gen.c:874:plugin_gen_tb_end: assertion failed: (num_insns <= ptb->n)
Bail out! ERROR:../../accel/tcg/plugin-gen.c:874:plugin_gen_tb_end: assertion failed: (num_insns <= ptb->n)
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
bb's: 9202, insns: 42264
fish: Job 1, './qemu-sh4 -plugin tests/plugin…' terminated by signal SIGSEGV (Address boundary error)
Further investigation shows that gUSA sequences can cause the number of
instructions to run ahead, which also makes the setting of the ptb->n =
num_insns unsafe, running ahead of the number of instructions signalled
by plugin_gen_insn_start/plugin_gen_insn_end.
Thread 1 hit Hardware watchpoint 5: *(int *) 0x7ffd410a2904
Old value = 4
New value = 1
0x000055f148c00ea8 in decode_gusa (ctx=0x7ffd410a28f0, env=0x55f14a4106e8) at ../../target/sh4/translate.c:2167
2167 ctx->base.num_insns += max_insns - 1;
(rr) p max_insns
$6 = 4
(rr) p max_insns -1
$7 = 3
(rr) p ctx->base.num_insns
$8 = 1
So I think we have to drop this for now until we can either fix
decode_gusa or find something else.
Richard,
Any ideas?
--
Alex Bennée
Virtualisation Tech Lead @ Linaro
next prev parent reply other threads:[~2023-07-18 22:12 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-14 18:32 [PATCH v2] plugins: Set final instruction count in plugin_gen_tb_end Matt Borgerson
2023-07-17 12:49 ` Alex Bennée
2023-07-17 15:34 ` Alex Bennée
2023-07-17 19:21 ` Matt Borgerson
2023-07-18 22:05 ` Alex Bennée [this message]
2023-08-24 15:59 ` Philippe Mathieu-Daudé
2023-08-30 18:47 ` Alex Bennée
2023-08-30 19:12 ` Matt Borgerson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87cz0o27l9.fsf@linaro.org \
--to=alex.bennee@linaro.org \
--cc=contact@mborgerson.com \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=ysato@users.sourceforge.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.