From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1JqoRY-0002cl-9z
	for qemu-devel@nongnu.org; Tue, 29 Apr 2008 07:56:20 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1JqoRW-0002cY-PO
	for qemu-devel@nongnu.org; Tue, 29 Apr 2008 07:56:19 -0400
Received: from [199.232.76.173] (port=50188 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1JqoRW-0002cU-Lu
	for qemu-devel@nongnu.org; Tue, 29 Apr 2008 07:56:18 -0400
Received: from os.inf.tu-dresden.de ([141.76.48.99])
	by monty-python.gnu.org with esmtps
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60)
	(envelope-from <adam@os.inf.tu-dresden.de>) id 1JqoRW-0003sw-Cu
	for qemu-devel@nongnu.org; Tue, 29 Apr 2008 07:56:18 -0400
Received: from [2002:8d4c:3001:48::100] (helo=silo.inf.tu-dresden.de)
	by os.inf.tu-dresden.de with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69)
	id 1JqoRS-0003xn-VO
	for qemu-devel@nongnu.org; Tue, 29 Apr 2008 13:56:15 +0200
Received: from adam by silo.inf.tu-dresden.de with local (Exim 4.63)
	(envelope-from <adam@silo.inf.tu-dresden.de>) id 1JqoRS-00018H-2k
	for qemu-devel@nongnu.org; Tue, 29 Apr 2008 13:56:14 +0200
Date: Tue, 29 Apr 2008 13:56:14 +0200
From: Adam Lackorzynski <adam@os.inf.tu-dresden.de>
Message-ID: <20080429115614.GA15524@os.inf.tu-dresden.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Subject: [Qemu-devel] Crash due to invalid env->current_tb
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Hi,

I've been experiencing crashes of latest svn Qemu, host ia32 and target
arm, host gcc is 'gcc version 3.4.6 (Debian 3.4.6-7)'.
The segfault happens because of an invalid env->current_tb which seems
to be caused by generated code. The following code in cpu_exec

   tc_ptr = tb->tc_ptr;
   env->current_tb = tb;
   gen_func = (void *)tc_ptr;
   T0 = gen_func();
   env->current_tb = NULL;

is being compiled to the following

   mov    0x14(%ecx),%eax
   mov    %ecx,0x56c(%ebp)
   xor    %edi,%edi
   call   *%eax
   mov    %edi,0x56c(%ebp)

After the call edi isn't 0 anymore and gets the bogus value. As edi is
callee saved the code itself seems ok.
When I add a barrier before "env->current_tb = NULL" the xor is placed
after the call and everything works fine. So might the problem be that
generated code isn't preserving edi/registers?



Adam
-- 
Adam                 adam@os.inf.tu-dresden.de
  Lackorzynski         http://os.inf.tu-dresden.de/~adam/