From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.24) id 1AmrRF-0006aH-QL for qemu-devel@nongnu.org; Sat, 31 Jan 2004 04:29:17 -0500 Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.24) id 1AmrQj-0006KM-Mw for qemu-devel@nongnu.org; Sat, 31 Jan 2004 04:29:16 -0500 Received: from [130.136.10.114] (helo=pob.cs.unibo.it) by monty-python.gnu.org with esmtp (Exim 4.24) id 1AmrQi-0006Jq-V0 for qemu-devel@nongnu.org; Sat, 31 Jan 2004 04:28:45 -0500 Date: Sat, 31 Jan 2004 10:28:37 +0100 Subject: Re: [Qemu-devel] Knoppix results Message-ID: <20040131092837.GA16651@cs.unibo.it> References: <200401282211.00224.kyle@silverbeach.net> <20040129141247.GA13654@cs.unibo.it> <20040129153217.55cfc212.jrydberg@night.trouble.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040129153217.55cfc212.jrydberg@night.trouble.net> From: renzo@cs.unibo.it (Renzo Davoli) Reply-To: qemu-devel@nongnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Johan Rydberg Cc: qemu-devel@nongnu.org On Thu, Jan 29, 2004 at 03:32:17PM +0100, Johan Rydberg wrote: > How hard would it be to attach the processor to GDB? I suspect you would > make things a lot easier for Fabrice if you showed him at least a backtrace. > Or how about tracking down the bug yourself and send a patch? Okay. Be positive. I have stresses qemu under gdb control until I have reached a freeze. Either gdb affects in some way the timing or it is a matter of being lucky, anyway it seems to me that freezing is less frequent when using gdb. After several attempt I got the freeze and here there is the traceback: 0x100156d4 in tb_reset_jump_recursive2 (tb=0x102899b0, n=0) at /home/renzo/tests/qemu/cvs/qemu/exec.c:867 867 if (n1 == n && tb1 == tb) (gdb) backtrace #0 0x100156d4 in tb_reset_jump_recursive2 (tb=0x102899b0, n=0) at /home/renzo/tests/qemu/cvs/qemu/exec.c:867 #1 0x100130d0 in tb_reset_jump_recursive (tb=0x102899b0) at /home/renzo/tests/qemu/cvs/qemu/exec.c:884 #2 0x1000372c in pic_update_irq () at /home/renzo/tests/qemu/cvs/qemu/vl.c:804 #3 0x10008ffc in ide_sector_write (s=0x10b8f254) at /home/renzo/tests/qemu/cvs/qemu/ide.c:492 #4 0x1000a090 in ide_data_writew (env=0x102899b0, addr=0, val=0) at /home/renzo/tests/qemu/cvs/qemu/ide.c:1306 #5 0x10002f00 in cpu_outw (env=0x102899b0, addr=271096248, val=0) at /home/renzo/tests/qemu/cvs/qemu/vl.c:418 #6 0x106a44ec in code_gen_buffer () #7 0x10015be8 in cpu_x86_exec (env1=0x102899b0) at /home/renzo/tests/qemu/cvs/qemu/cpu-exec.c:390 #8 0x100069d8 in main_loop (opaque=0x102899b0) at /home/renzo/tests/qemu/cvs/qemu/vl.c:3132 #9 0x100077c4 in main (argc=2147480992, argv=0x7ffff580) at /home/renzo/tests/qemu/cvs/qemu/vl.c:3748 As I said it seems stuck into the low level loop: for(;;) { tb1 = *ptb; n1 = (long)tb1 & 3; tb1 = (TranslationBlock *)((long)tb1 & ~3); if (n1 == n && tb1 == tb) break; ptb = &tb1->jmp_next[n1]; } step by step execution from breakpoint is: host_alarm_handler (host_signum=14, info=0x7fffe690, puc=0x7fffe710) at /home/renzo/tests/qemu/cvs/qemu/vl.c:3061 3061 timer_irq_count += pit_get_out_edges(&pit_channels[0]); 3057 { 3061 timer_irq_count += pit_get_out_edges(&pit_channels[0]); 3057 { 3061 timer_irq_count += pit_get_out_edges(&pit_channels[0]); 3057 { 3061 timer_irq_count += pit_get_out_edges(&pit_channels[0]); 3057 { 3061 timer_irq_count += pit_get_out_edges(&pit_channels[0]); pit_get_out_edges (s=0x101fb0b0) at /home/renzo/tests/qemu/cvs/qemu/vl.c:1238 1238 ticks = cpu_get_ticks(); cpu_get_ticks () at /home/renzo/tests/qemu/cvs/qemu/vl.c:1113 1113 return cpu_get_real_ticks() + cpu_ticks_offset; cpu_get_real_ticks () at /home/renzo/tests/qemu/cvs/qemu/vl.c:1079 1079 asm volatile("mftbu %0" : "=r" (tbl)); 1072 asm volatile("mftb %0" : "=r" (tbl)); 1079 asm volatile("mftbu %0" : "=r" (tbl)); 1091 } while (h != h1); 1092 return ((int64_t)h << 32) | l; 1093 } cpu_get_ticks () at /home/renzo/tests/qemu/cvs/qemu/vl.c:1114 1114 } 1113 return cpu_get_real_ticks() + cpu_ticks_offset; 1114 } cpu_get_ticks () at /home/renzo/tests/qemu/cvs/qemu/vl.c:1113 1113 return cpu_get_real_ticks() + cpu_ticks_offset; 1114 } 1113 return cpu_get_real_ticks() + cpu_ticks_offset; 1114 } pit_get_out_edges (s=0x101fb0b0) at /home/renzo/tests/qemu/cvs/qemu/vl.c:1239 1239 d1 = muldiv64(s->count_last_edge_check_time - s->count_load_time, 1238 ticks = cpu_get_ticks(); 1239 d1 = muldiv64(s->count_last_edge_check_time - s->count_load_time, muldiv64 (a=40281440059, b=1193182, c=0) at /home/renzo/tests/qemu/cvs/qemu/vl.c:1165 1165 rh = (uint64_t)u.l.high * (uint64_t)b; 1166 rh += (rl >> 32); 1150 { 1168 res.l.low = (((rh % c) << 32) + (rl & 0xffffffff)) / c; 1167 res.l.high = rh / c; 1150 { 1167 res.l.high = rh / c; 1150 { 1165 rh = (uint64_t)u.l.high * (uint64_t)b; 1150 { 1166 rh += (rl >> 32); 1164 rl = (uint64_t)u.l.low * (uint64_t)b; 1167 res.l.high = rh / c; 1168 res.l.low = (((rh % c) << 32) + (rl & 0xffffffff)) / c; 1167 res.l.high = rh / c; 1168 res.l.low = (((rh % c) << 32) + (rl & 0xffffffff)) / c; 1167 res.l.high = rh / c; 1168 res.l.low = (((rh % c) << 32) + (rl & 0xffffffff)) / c; 1170 } 1168 res.l.low = (((rh % c) << 32) + (rl & 0xffffffff)) / c; 1170 } pit_get_out_edges (s=0x101fb0b0) at /home/renzo/tests/qemu/cvs/qemu/vl.c:1241 1241 d2 = muldiv64(ticks - s->count_load_time, 1239 d1 = muldiv64(s->count_last_edge_check_time - s->count_load_time, 1241 d2 = muldiv64(ticks - s->count_load_time, muldiv64 (a=41505879184, b=1193182, c=0) at /home/renzo/tests/qemu/cvs/qemu/vl.c:1165 1165 rh = (uint64_t)u.l.high * (uint64_t)b; 1166 rh += (rl >> 32); 1150 { 1168 res.l.low = (((rh % c) << 32) + (rl & 0xffffffff)) / c; 1167 res.l.high = rh / c; 1150 { 1167 res.l.high = rh / c; 1150 { 1165 rh = (uint64_t)u.l.high * (uint64_t)b; 1150 { 1166 rh += (rl >> 32); 1164 rl = (uint64_t)u.l.low * (uint64_t)b; 1167 res.l.high = rh / c; 1168 res.l.low = (((rh % c) << 32) + (rl & 0xffffffff)) / c; 1167 res.l.high = rh / c; 1168 res.l.low = (((rh % c) << 32) + (rl & 0xffffffff)) / c; 1167 res.l.high = rh / c; 1168 res.l.low = (((rh % c) << 32) + (rl & 0xffffffff)) / c; 1170 } 1168 res.l.low = (((rh % c) << 32) + (rl & 0xffffffff)) / c; 1170 } 1243 s->count_last_edge_check_time = ticks; 1244 switch(s->mode) { 1241 d2 = muldiv64(ticks - s->count_load_time, 1244 switch(s->mode) { 1256 d1 /= s->count; 1257 d2 /= s->count; 1256 d1 /= s->count; 1257 d2 /= s->count; 1264 ret = d2 - d1; 1275 } host_alarm_handler (host_signum=3668, info=0x1e5b9, puc=0xbab40000) at /home/renzo/tests/qemu/cvs/qemu/vl.c:3062 3062 if (timer_irq_count) { 3061 timer_irq_count += pit_get_out_edges(&pit_channels[0]); 3062 if (timer_irq_count) { 3061 timer_irq_count += pit_get_out_edges(&pit_channels[0]); 3062 if (timer_irq_count) { 3063 if (timer_irq_count > 2) 3064 timer_irq_count = 2; 3065 timer_irq_count--; 3066 timer_irq_pending = 1; 3065 timer_irq_count--; 3066 timer_irq_pending = 1; 3065 timer_irq_count--; 3068 gui_refresh_count += timer_ms; 3069 if (gui_refresh_count >= GUI_REFRESH_INTERVAL) { 3075 DMA_run(); DMA_run () at /home/renzo/tests/qemu/cvs/qemu/dma.c:315 315 if (in_dma) { 310 { 315 if (in_dma) { 310 { 315 if (in_dma) { 320 in_dma = 1; 321 d = dma_controllers; 320 in_dma = 1; 321 d = dma_controllers; 323 for (icont = 0; icont < 2; icont++, d++) { 324 for (ichan = 0; ichan < 4; ichan++) { 329 if ((0 == (d->mask & mask)) && (0 != (d->status & (mask << 4)))) 327 mask = 1 << ichan; 329 if ((0 == (d->mask & mask)) && (0 != (d->status & (mask << 4)))) 324 for (ichan = 0; ichan < 4; ichan++) { 329 if ((0 == (d->mask & mask)) && (0 != (d->status & (mask << 4)))) 327 mask = 1 << ichan; 329 if ((0 == (d->mask & mask)) && (0 != (d->status & (mask << 4)))) 324 for (ichan = 0; ichan < 4; ichan++) { 329 if ((0 == (d->mask & mask)) && (0 != (d->status & (mask << 4)))) 327 mask = 1 << ichan; 329 if ((0 == (d->mask & mask)) && (0 != (d->status & (mask << 4)))) 324 for (ichan = 0; ichan < 4; ichan++) { 329 if ((0 == (d->mask & mask)) && (0 != (d->status & (mask << 4)))) 327 mask = 1 << ichan; 329 if ((0 == (d->mask & mask)) && (0 != (d->status & (mask << 4)))) 324 for (ichan = 0; ichan < 4; ichan++) { 323 for (icont = 0; icont < 2; icont++, d++) { 324 for (ichan = 0; ichan < 4; ichan++) { 329 if ((0 == (d->mask & mask)) && (0 != (d->status & (mask << 4)))) 327 mask = 1 << ichan; 329 if ((0 == (d->mask & mask)) && (0 != (d->status & (mask << 4)))) 324 for (ichan = 0; ichan < 4; ichan++) { 329 if ((0 == (d->mask & mask)) && (0 != (d->status & (mask << 4)))) 327 mask = 1 << ichan; 329 if ((0 == (d->mask & mask)) && (0 != (d->status & (mask << 4)))) 324 for (ichan = 0; ichan < 4; ichan++) { 329 if ((0 == (d->mask & mask)) && (0 != (d->status & (mask << 4)))) 327 mask = 1 << ichan; 329 if ((0 == (d->mask & mask)) && (0 != (d->status & (mask << 4)))) 324 for (ichan = 0; ichan < 4; ichan++) { 329 if ((0 == (d->mask & mask)) && (0 != (d->status & (mask << 4)))) 327 mask = 1 << ichan; 329 if ((0 == (d->mask & mask)) && (0 != (d->status & (mask << 4)))) 324 for (ichan = 0; ichan < 4; ichan++) { 323 for (icont = 0; icont < 2; icont++, d++) { 333 in_dma = 0; 334 } host_alarm_handler (host_signum=1, info=0x0, puc=0xbab40000) at /home/renzo/tests/qemu/cvs/qemu/vl.c:3076 3076 SB16_run(); SB16_run () at /home/renzo/tests/qemu/cvs/qemu/sb16.c:563 563 if (0 == dsp.speaker) 567 } host_alarm_handler (host_signum=1, info=0x0, puc=0xbab40000) at /home/renzo/tests/qemu/cvs/qemu/vl.c:3078 3078 if (gui_refresh_pending || timer_irq_pending) { 3080 cpu_interrupt(global_env, CPU_INTERRUPT_EXIT); cpu_x86_interrupt (env=0x10b8f108, mask=1) at /home/renzo/tests/qemu/cvs/qemu/exec.c:980 980 tb = env->current_tb; 977 env->interrupt_request |= mask; 981 if (tb) { 977 env->interrupt_request |= mask; 981 if (tb) { 982 tb_reset_jump_recursive(tb); tb_reset_jump_recursive (tb=0x102899b0) at /home/renzo/tests/qemu/cvs/qemu/exec.c:884 884 tb_reset_jump_recursive2(tb, 0); tb_reset_jump_recursive2 (tb=0x102899b0, n=0) at /home/renzo/tests/qemu/cvs/qemu/exec.c:848 848 tb1 = tb->jmp_next[n]; 844 { 849 if (tb1 != NULL) { 844 { 849 if (tb1 != NULL) { 880 } tb_reset_jump_recursive (tb=0x102899b0) at /home/renzo/tests/qemu/cvs/qemu/exec.c:885 885 tb_reset_jump_recursive2(tb, 1); tb_reset_jump_recursive2 (tb=0x102899b0, n=1) at /home/renzo/tests/qemu/cvs/qemu/exec.c:848 848 tb1 = tb->jmp_next[n]; 844 { 849 if (tb1 != NULL) { 844 { 849 if (tb1 != NULL) { 880 } host_alarm_handler (host_signum=271096240, info=0x1, puc=0x4) at /home/renzo/tests/qemu/cvs/qemu/vl.c:3082 3082 } I hope this can help... ciao renzo