From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=54541 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1PwLzs-0006mc-NH
	for qemu-devel@nongnu.org; Sun, 06 Mar 2011 17:00:21 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pm215@archaic.org.uk>) id 1PwLmy-0001sx-Eo
	for qemu-devel@nongnu.org; Sun, 06 Mar 2011 16:46:57 -0500
Received: from mnementh.archaic.org.uk ([81.2.115.146]:47643)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pm215@archaic.org.uk>) id 1PwLmy-0001sj-7w
	for qemu-devel@nongnu.org; Sun, 06 Mar 2011 16:46:56 -0500
From: Peter Maydell <peter.maydell@linaro.org>
Date: Sun,  6 Mar 2011 21:39:52 +0000
Message-Id: <1299447595-13344-1-git-send-email-peter.maydell@linaro.org>
Subject: [Qemu-devel] [PATCH v2 0/3] tcg: Support debugging leakage of
	temporaries
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: patches@linaro.org

This patchset removes the ad-hoc debug code in target-arm for
identifying cases where we leaked TCG temporary variables, in
favour of an implementation in tcg itself.

Generally any temporaries created by a target while it is
translating an instruction should be freed by the end of that
instruction; otherwise carefully crafted guest code could cause
TCG to run out of temporaries and assert.

Putting the leak-debugging code into TCG proper (a) makes more
sense as this isn't at all arm-specific (b) makes it more
comprehensive, as it now covers temporaries created in all ways,
not just via the new_tmp()/dead_tmp() wrapper functions
(c) avoids annoying false positives where eg a TCG temp created
with tcg_const_i32() was passed to dead_tmp().

The tracking only happens if qemu was configured with
--enable-debug-tcg. It should be easy to add to other targets if
desired; it's just a matter of calling tcg_clear_temp_count()
and tcg_check_temp_count() in the appropriate places.

Changes since v1:
 use "do { } while (0)" for the non-debug version of the
 tcg_clear_temp_count() macro to avoid creating empty statements

Peter Maydell (3):
  tcg: Add support for debugging leakage of temporaries
  target-arm: Remove ad-hoc leak checking code
  target-arm: Use TCG temporary leak debugging facilities

 target-arm/translate.c |  705 +++++++++++++++++++++++------------------------
 tcg/tcg.c              |   32 +++
 tcg/tcg.h              |   17 ++
 3 files changed, 394 insertions(+), 360 deletions(-)