From: "Alex Bennée" <alex.bennee@linaro.org>
To: Julian Ganz <neither@nut.email>
Cc: qemu-devel@nongnu.org,
Pierrick Bouvier <pierrick.bouvier@linaro.org>,
Alexandre Iooss <erdnaxe@crans.org>,
Mahmoud Mandour <ma.mandourr@gmail.com>
Subject: Re: [PATCH v6 23/25] tests: add plugin asserting correctness of discon event's to_pc
Date: Sun, 21 Sep 2025 17:46:05 +0100 [thread overview]
Message-ID: <87segf69f6.fsf@draig.linaro.org> (raw)
In-Reply-To: <073cad7dd8ae509ff64a2835fd146833b60c1f60.1757018626.git.neither@nut.email> (Julian Ganz's message of "Thu, 4 Sep 2025 22:48:58 +0200")
Julian Ganz <neither@nut.email> writes:
> We recently introduced plugin API for the registration of callbacks for
> discontinuity events, specifically for interrupts, exceptions and host
> call events. The callback receives various bits of information,
> including the VCPU index and PCs.
>
> This change introduces a test plugin asserting the correctness of that
> behaviour in cases where this is possible with reasonable effort.
>
> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
> Signed-off-by: Julian Ganz <neither@nut.email>
> ---
> tests/tcg/plugins/discons.c | 210 ++++++++++++++++++++++++++++++++++
> tests/tcg/plugins/meson.build | 2 +-
> 2 files changed, 211 insertions(+), 1 deletion(-)
> create mode 100644 tests/tcg/plugins/discons.c
>
> diff --git a/tests/tcg/plugins/discons.c b/tests/tcg/plugins/discons.c
> new file mode 100644
> index 0000000000..f185e3948b
> --- /dev/null
> +++ b/tests/tcg/plugins/discons.c
> @@ -0,0 +1,210 @@
> +/*
> + * SPDX-License-Identifier: GPL-2.0-or-later
> + * Copyright (C) 2025, Julian Ganz <neither@nut.email>
> + *
> + * This plugin exercises the discontinuity plugin API and asserts some
> + * of its behaviour regarding reported program counters.
> + */
> +#include <stdio.h>
> +
> +#include <qemu-plugin.h>
> +
> +QEMU_PLUGIN_EXPORT int qemu_plugin_version = QEMU_PLUGIN_VERSION;
> +
> +struct cpu_state {
> + uint64_t last_pc;
> + uint64_t from_pc;
> + uint64_t next_pc;
> + uint64_t has_from;
> + bool has_next;
> + enum qemu_plugin_discon_type next_type;
> +};
> +
> +struct insn_data {
> + uint64_t addr;
> + uint64_t next_pc;
> + bool next_valid;
> +};
> +
> +static struct qemu_plugin_scoreboard *states;
> +
> +static qemu_plugin_u64 last_pc;
> +static qemu_plugin_u64 from_pc;
> +static qemu_plugin_u64 has_from;
> +
> +static bool abort_on_mismatch;
> +static bool trace_all_insns;
> +
> +static bool addr_eq(uint64_t a, uint64_t b)
> +{
> + if (a == b) {
> + return true;
> + }
> +
> + uint64_t a_hw;
> + uint64_t b_hw;
> + if (!qemu_plugin_translate_vaddr(a, &a_hw) ||
> + !qemu_plugin_translate_vaddr(b, &b_hw))
> + {
> + return false;
> + }
> +
> + return a_hw == b_hw;
> +}
> +
> +static void report_mismatch(const char *pc_name, unsigned int vcpu_index,
> + enum qemu_plugin_discon_type type, uint64_t last,
> + uint64_t expected, uint64_t encountered)
> +{
> + GString *report;
This could be:
g_autoptr(GString) buf = g_string_new(NULL);
> + const char *discon_type_name = "unknown";
> +
> + if (addr_eq(expected, encountered)) {
> + return;
> + }
> +
> + switch (type) {
> + case QEMU_PLUGIN_DISCON_INTERRUPT:
> + discon_type_name = "interrupt";
> + break;
> + case QEMU_PLUGIN_DISCON_EXCEPTION:
> + discon_type_name = "exception";
> + break;
> + case QEMU_PLUGIN_DISCON_HOSTCALL:
> + discon_type_name = "hostcall";
> + break;
> + default:
> + break;
> + }
> +
> + report = g_string_new(NULL);
> + g_string_append_printf(report,
> + "Discon %s PC mismatch on VCPU %d\nExpected: %"
> + PRIx64"\nEncountered: %"PRIx64"\nExecuted Last: %"
> + PRIx64"\nEvent type: %s\n",
> + pc_name, vcpu_index, expected, encountered, last,
> + discon_type_name);
> + qemu_plugin_outs(report->str);
I think we might want to flush here because
> + if (abort_on_mismatch) {
> + g_abort();
> + }
This is firing on:
🕙17:35:50 alex@draig:tests/tcg/i386-linux-user on review/tcg-discon-v6 [$!?]
➜ make run-plugin-catch-syscalls-with-libdiscons.so V=1
timeout -s KILL --foreground 120 env QEMU=/home/alex/lsrc/qemu.git/builds/sanitisers/qemu-i386 /home/alex/lsrc/qemu.git/builds/sanitisers/qemu-i386 -plugin ../plugins/libdiscons.so -d plugin -D catch-syscalls-with-libdiscons.so.pout catch-syscalls > run-plugin-catch-syscalls-with-libdiscons.so.out
Aborted
make: *** [Makefile:226: run-plugin-catch-syscalls-with-libdiscons.so] Error 134
🕙17:35:52 alex@draig:tests/tcg/i386-linux-user on review/tcg-discon-v6 [$!?] [🔴 USAGE]
✗
although it never gets to the point of reporting what failed:
Thread 1 "qemu-i386" hit Breakpoint 1, __GI_abort () at ./stdlib/abort.c:72
warning: 72 ./stdlib/abort.c: No such file or directory
(gdb) bt
#0 __GI_abort () at ./stdlib/abort.c:72
#1 0x00007ffff630874d in report_mismatch (pc_name=0x7ffff630a220 "target", vcpu_index=0, type=QEMU_PLUGIN_DISCON_EXCEPTION, last=134574955, expected=134574953,
encountered=134574955) at ../../tests/tcg/plugins/discons.c:89
#2 0x00007ffff6308c0d in insn_exec (vcpu_index=0, userdata=0x0) at ../../tests/tcg/plugins/discons.c:132
#3 0x00007fffea431114 in code_gen_buffer ()
#4 0x000055555577b0a6 in cpu_tb_exec (cpu=0x529000005200, itb=0x7fffea431000 <code_gen_buffer+200659>, tb_exit=0x7ffff49c9530) at ../../accel/tcg/cpu-exec.c:438
#5 0x000055555577c92f in cpu_loop_exec_tb (cpu=0x529000005200, tb=0x7fffea431000 <code_gen_buffer+200659>, pc=134574955, last_tb=0x7ffff49c9540, tb_exit=0x7ffff49c9530)
at ../../accel/tcg/cpu-exec.c:871
#6 0x000055555577d151 in cpu_exec_loop (cpu=0x529000005200, sc=0x7ffff483a740) at ../../accel/tcg/cpu-exec.c:981
#7 0x000055555577d2fe in cpu_exec_setjmp (cpu=0x529000005200, sc=0x7ffff483a740) at ../../accel/tcg/cpu-exec.c:998
#8 0x000055555577d4c8 in cpu_exec (cpu=0x529000005200) at ../../accel/tcg/cpu-exec.c:1024
#9 0x00005555557bfc83 in cpu_loop (env=0x529000007dd0) at ../../linux-user/i386/cpu_loop.c:215
#10 0x00005555558ee3e1 in main (argc=4, argv=0x7fffffffe688, envp=0x7fffffffe6b0) at ../../linux-user/main.c:1038
(gdb) f 1
#1 0x00007ffff630874d in report_mismatch (pc_name=0x7ffff630a220 "target", vcpu_index=0, type=QEMU_PLUGIN_DISCON_EXCEPTION, last=134574955, expected=134574953,
encountered=134574955) at ../../tests/tcg/plugins/discons.c:89
89 g_abort();
(gdb) p report
$1 = (GString *) 0x50300002bf00
(gdb) p report->Str
There is no member named Str.
(gdb) p report->str
$2 = (gchar *) 0x51100001fbc0 "Discon target PC mismatch on VCPU 0\nExpected: 8057369\nEncountered: 805736b\nExecuted Last: 805736b\nEvent type: exception\n"
(gdb)
I think this is where it is going wrong:
IN: _dl_early_allocate
0x0805736b: 89 c2 movl %eax, %edx
0x0805736d: 8d 1c 28 leal (%eax, %ebp), %ebx
0x08057370: 89 c8 movl %ecx, %eax
0x08057372: cd 80 int $0x80
> + g_string_free(report, true);
so we could drop this... or..
> +}
> +
> +static void vcpu_discon(qemu_plugin_id_t id, unsigned int vcpu_index,
> + enum qemu_plugin_discon_type type, uint64_t from_pc,
> + uint64_t to_pc)
> +{
> + struct cpu_state *state = qemu_plugin_scoreboard_find(states, vcpu_index);
> +
> + if (type == QEMU_PLUGIN_DISCON_EXCEPTION &&
> + addr_eq(state->last_pc, from_pc))
> + {
> + /*
> + * For some types of exceptions, insn_exec will be called for the
> + * instruction that caused the exception. This is valid behaviour and
> + * does not need to be reported.
> + */
> + } else if (state->has_next) {
> + /*
> + * We may encounter discontinuity chains without any instructions
> + * being executed in between.
> + */
> + report_mismatch("source", vcpu_index, type, state->last_pc,
> + state->next_pc, from_pc);
> + } else if (state->has_from) {
> + report_mismatch("source", vcpu_index, type, state->last_pc,
> + state->from_pc, from_pc);
> + }
> +
> + state->has_from = false;
> +
> + state->next_pc = to_pc;
> + state->next_type = type;
> + state->has_next = true;
> +}
> +
> +static void insn_exec(unsigned int vcpu_index, void *userdata)
> +{
> + struct cpu_state *state = qemu_plugin_scoreboard_find(states, vcpu_index);
> +
> + if (state->has_next) {
> + report_mismatch("target", vcpu_index, state->next_type, state->last_pc,
> + state->next_pc, state->last_pc);
> + state->has_next = false;
> + }
> +
> + if (trace_all_insns) {
> + g_autoptr(GString) report = g_string_new(NULL);
> + g_string_append_printf(report, "Exec insn at %"PRIx64" on VCPU %d\n",
> + state->last_pc, vcpu_index);
> + qemu_plugin_outs(report->str);
> + }
> +}
> +
> +static void vcpu_tb_trans(qemu_plugin_id_t id, struct qemu_plugin_tb *tb)
> +{
> + size_t n_insns = qemu_plugin_tb_n_insns(tb);
> + for (size_t i = 0; i < n_insns; i++) {
> + struct qemu_plugin_insn *insn = qemu_plugin_tb_get_insn(tb, i);
> + uint64_t pc = qemu_plugin_insn_vaddr(insn);
> + uint64_t next_pc = pc + qemu_plugin_insn_size(insn);
> + uint64_t has_next = (i + 1) < n_insns;
> +
> + qemu_plugin_register_vcpu_insn_exec_inline_per_vcpu(insn,
> + QEMU_PLUGIN_INLINE_STORE_U64,
> + last_pc, pc);
> + qemu_plugin_register_vcpu_insn_exec_inline_per_vcpu(insn,
> + QEMU_PLUGIN_INLINE_STORE_U64,
> + from_pc, next_pc);
> + qemu_plugin_register_vcpu_insn_exec_inline_per_vcpu(insn,
> + QEMU_PLUGIN_INLINE_STORE_U64,
> + has_from, has_next);
> + qemu_plugin_register_vcpu_insn_exec_cb(insn, insn_exec,
> + QEMU_PLUGIN_CB_NO_REGS, NULL);
> + }
> +}
> +
> +QEMU_PLUGIN_EXPORT int qemu_plugin_install(qemu_plugin_id_t id,
> + const qemu_info_t *info,
> + int argc, char **argv)
> +{
> + /* Set defaults */
> + abort_on_mismatch = true;
> + trace_all_insns = false;
> +
> + for (int i = 0; i < argc; i++) {
> + char *opt = argv[i];
> + g_auto(GStrv) tokens = g_strsplit(opt, "=", 2);
> + if (g_strcmp0(tokens[0], "abort") == 0) {
> + if (!qemu_plugin_bool_parse(tokens[0], tokens[1],
> + &abort_on_mismatch)) {
> + fprintf(stderr, "boolean argument parsing failed: %s\n", opt);
> + return -1;
> + }
> + } else if (g_strcmp0(tokens[0], "trace-all") == 0) {
> + if (!qemu_plugin_bool_parse(tokens[0], tokens[1],
> + &trace_all_insns)) {
> + fprintf(stderr, "boolean argument parsing failed: %s\n", opt);
> + return -1;
> + }
> + } else {
> + fprintf(stderr, "option parsing failed: %s\n", opt);
> + return -1;
> + }
> + }
> +
> + states = qemu_plugin_scoreboard_new(sizeof(struct cpu_state));
> + last_pc = qemu_plugin_scoreboard_u64_in_struct(states, struct cpu_state,
> + last_pc);
> + from_pc = qemu_plugin_scoreboard_u64_in_struct(states, struct cpu_state,
> + from_pc);
> + has_from = qemu_plugin_scoreboard_u64_in_struct(states, struct cpu_state,
> + has_from);
> +
> + qemu_plugin_register_vcpu_discon_cb(id, QEMU_PLUGIN_DISCON_ALL,
> + vcpu_discon);
> + qemu_plugin_register_vcpu_tb_trans_cb(id, vcpu_tb_trans);
> +
> + return 0;
> +}
> diff --git a/tests/tcg/plugins/meson.build b/tests/tcg/plugins/meson.build
> index 61a007d9e7..561584159e 100644
> --- a/tests/tcg/plugins/meson.build
> +++ b/tests/tcg/plugins/meson.build
> @@ -1,6 +1,6 @@
> t = []
> if get_option('plugins')
> - foreach i : ['bb', 'empty', 'inline', 'insn', 'mem', 'reset', 'syscall', 'patch']
> + foreach i : ['bb', 'discons', 'empty', 'inline', 'insn', 'mem', 'reset', 'syscall', 'patch']
> if host_os == 'windows'
> t += shared_module(i, files(i + '.c') + '../../../contrib/plugins/win32_linker.c',
> include_directories: '../../../include/qemu',
--
Alex Bennée
Virtualisation Tech Lead @ Linaro
next prev parent reply other threads:[~2025-09-21 16:47 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-04 20:46 [PATCH v6 00/25] tcg-plugins: add hooks for discontinuities Julian Ganz
2025-09-04 20:46 ` [PATCH v6 01/25] plugins: add types for callbacks related to certain discontinuities Julian Ganz
2025-09-04 20:46 ` [PATCH v6 02/25] plugins: add API for registering discontinuity callbacks Julian Ganz
2025-09-04 20:46 ` [PATCH v6 03/25] plugins: add hooks for new discontinuity related callbacks Julian Ganz
2025-09-22 11:34 ` Philippe Mathieu-Daudé
2025-09-22 20:57 ` Julian Ganz
2025-09-04 20:46 ` [PATCH v6 04/25] contrib/plugins: add plugin showcasing new dicontinuity related API Julian Ganz
2025-09-04 20:46 ` [PATCH v6 05/25] target/alpha: call plugin trap callbacks Julian Ganz
2025-09-04 20:46 ` [PATCH v6 06/25] target/arm: " Julian Ganz
2025-09-04 20:46 ` [PATCH v6 07/25] target/avr: " Julian Ganz
2025-09-04 20:46 ` [PATCH v6 08/25] target/hppa: " Julian Ganz
2025-09-22 11:38 ` Philippe Mathieu-Daudé
2025-09-22 21:09 ` Julian Ganz
2025-09-04 20:46 ` [PATCH v6 09/25] target/i386: " Julian Ganz
2025-09-04 20:46 ` [PATCH v6 10/25] target/loongarch: " Julian Ganz
2025-09-04 20:46 ` [PATCH v6 11/25] target/m68k: " Julian Ganz
2025-09-04 20:46 ` [PATCH v6 12/25] target/microblaze: " Julian Ganz
2025-09-04 20:46 ` [PATCH v6 13/25] target/mips: " Julian Ganz
2025-09-22 11:45 ` Philippe Mathieu-Daudé
2025-09-04 20:46 ` [PATCH v6 14/25] target/openrisc: " Julian Ganz
2025-09-04 20:46 ` [PATCH v6 15/25] target/ppc: " Julian Ganz
2025-09-04 20:46 ` [PATCH v6 16/25] target/riscv: " Julian Ganz
2025-09-04 20:46 ` [PATCH v6 17/25] target/rx: " Julian Ganz
2025-09-07 14:20 ` yoshinori.sato
2025-09-04 20:46 ` [PATCH v6 18/25] target/s390x: " Julian Ganz
2025-09-04 20:46 ` [PATCH v6 19/25] target/sh4: " Julian Ganz
2025-09-07 14:20 ` yoshinori.sato
2025-09-04 20:46 ` [PATCH v6 20/25] target/sparc: " Julian Ganz
2025-09-04 20:48 ` Julian Ganz
2025-09-04 20:48 ` [PATCH v6 21/25] target/tricore: " Julian Ganz
2025-09-04 20:48 ` [PATCH v6 22/25] target/xtensa: " Julian Ganz
2025-09-22 11:47 ` Philippe Mathieu-Daudé
2025-09-22 21:12 ` Julian Ganz
2025-09-04 20:48 ` [PATCH v6 23/25] tests: add plugin asserting correctness of discon event's to_pc Julian Ganz
2025-09-21 16:46 ` Alex Bennée [this message]
2025-09-22 10:11 ` Julian Ganz
2025-09-22 10:15 ` Daniel P. Berrangé
2025-09-23 20:29 ` Julian Ganz
2025-09-24 15:31 ` Julian Ganz
2025-09-25 10:41 ` Alex Bennée
2025-09-25 12:42 ` Julian Ganz
2025-09-04 20:48 ` [PATCH v6 24/25] tests: add test for double-traps on rv64 Julian Ganz
2025-09-04 20:49 ` [PATCH v6 25/25] tests: add test with interrupted memory accesses " Julian Ganz
2025-09-05 11:38 ` [PATCH v6 00/25] tcg-plugins: add hooks for discontinuities BALATON Zoltan
2025-09-05 12:20 ` Alex Bennée
2025-09-05 13:43 ` Julian Ganz
2025-09-05 19:25 ` BALATON Zoltan
2025-09-05 23:28 ` Julian Ganz
2025-09-07 20:21 ` BALATON Zoltan
2025-09-08 20:51 ` Julian Ganz
2025-09-09 19:48 ` Julian Ganz
2025-09-10 10:06 ` BALATON Zoltan
2025-09-10 11:41 ` Julian Ganz
2025-09-10 12:09 ` Alex Bennée
2025-09-10 15:04 ` BALATON Zoltan
2025-09-22 11:31 ` Philippe Mathieu-Daudé
2025-09-22 20:54 ` Julian Ganz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87segf69f6.fsf@draig.linaro.org \
--to=alex.bennee@linaro.org \
--cc=erdnaxe@crans.org \
--cc=ma.mandourr@gmail.com \
--cc=neither@nut.email \
--cc=pierrick.bouvier@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.