[Qemu-devel] icount and unaligned IO accesses

[Qemu-devel] icount and unaligned IO accesses

[Edgar E. Iglesias]

Hi,

While emulating a small MMU-less CRIS system I ran into an -icount
related problem. Without icount the emulation runs fine, with icount
I get stuff like:

qemu: fatal: cpu_io_recompile: could not find TB for pc=0x4be7fd

IIUC, there is a recursion bug in the slow_ldx() calls that ends
up clobbering retaddr. Later if the TB is aborted on the IO
access, the code to map retaddr into guest PC fails to even find
a TB because retaddr wrongly points to slow_ldx().

It seems to me like we simply shouldn't be touching retaddr
in slow_ldx().

The following patch fixes the problem for me. slow_st() was
AFAICS already OK.

Comments?

Cheers

commit a4a31d3039e82b7550933e3d8e1f4c6e9a7f8529
Author: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Date:   Tue Jan 26 13:55:55 2010 +0100

    softmmu: Dont clobber retaddr in slow_ldx().
    
    When splitting up unaligned IO accesses, ld calls slow_ld which was
    clobbering retaddr.
    
    AFAIK the problem only shows up when running emulations with -icount
    that may abort TB execution on IO accesses.
    
    Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

diff --git a/softmmu_template.h b/softmmu_template.h
index abf18d2..9185c32 100644
--- a/softmmu_template.h
+++ b/softmmu_template.h
@@ -161,7 +161,6 @@ static DATA_TYPE glue(glue(slow_ld, SUFFIX), MMUSUFFIX)(target_ulong addr,
             /* IO access */
             if ((addr & (DATA_SIZE - 1)) != 0)
                 goto do_unaligned_access;
-            retaddr = GETPC();
             addend = env->iotlb[mmu_idx][index];
             res = glue(io_read, SUFFIX)(addend, addr, retaddr);
         } else if (((addr & ~TARGET_PAGE_MASK) + DATA_SIZE - 1) >= TARGET_PAGE_SIZE) {