From: Max Filippov <jcmvbkbc@gmail.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] Actual TB code doesn't look like what was intended (TCG issue)?
Date: Fri, 24 Jun 2011 12:34:18 +0400 [thread overview]
Message-ID: <201106241234.19282.jcmvbkbc@gmail.com> (raw)
In-Reply-To: <BANLkTikm1Sb3g2+zTjjC=1hfWoKrVz_k=Q@mail.gmail.com>
> > Please note how the current instruction in gdb differ from what
> > was said in OUT. This lea corrupts stack pointer and the next
> > callq generates segfault.
> > Could please anyone familiar with TCG take a look at this, or
> > suggest where I should look myself?
>
> You don't say which target you're compiling code for, or what
> the input assembly was which triggered this.
I thought it doesn't matter. It's target-xtensa that I've been developing, input assembly is the following:
d00000c0 <_WindowUnderflow8>:
d00000c0: 09d910 l32e a1, a9, -12
d00000c3: 09c900 l32e a0, a9, -16
d00000c6: 09d170 l32e a7, a1, -12
d00000c9: 09e920 l32e a2, a9, -8
d00000cc: 09f930 l32e a3, a9, -4
d00000cf: 098740 l32e a4, a7, -32
d00000d2: 099750 l32e a5, a7, -28
d00000d5: 09a760 l32e a6, a7, -24
d00000d8: 09b770 l32e a7, a7, -20
d00000db: 003500 rfwu
> My first guess is that the target's front end might have a bug
> where it wrongly bakes in assumptions about bits of the CPUState.
> QEMU will occasionally retranslate-in-place a TB (if a load in
> the TB causes an exception) so if the frontend generates different
> code the second time around things will go wrong...
>
> You should be able to find out what's stomping on the code
> with the aid of a debugger and some watchpoints.
I just thought that "lea -0x10(%rbx),%esp" may not appear in generated code at all, and in the OUT section (which is for different MMU mode, as I can see now) it is "lea -0x10(%rbx),%r12d".
The instruction itself looks odd: it writes to esp and the sizes of the registers it operates on are different.
Thanks.
-- Max
next prev parent reply other threads:[~2011-06-24 8:34 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-24 2:44 [Qemu-devel] Actual TB code doesn't look like what was intended (TCG issue)? Max Filippov
2011-06-24 7:46 ` Peter Maydell
2011-06-24 8:34 ` Max Filippov [this message]
2011-06-24 9:42 ` Peter Maydell
2011-06-24 10:08 ` Max Filippov
2011-06-24 10:32 ` Peter Maydell
2011-06-24 17:06 ` Max Filippov
2011-06-24 8:14 ` Laurent Desnogues
2011-06-24 8:35 ` Max Filippov
2011-06-24 9:38 ` Laurent Desnogues
2011-06-24 9:48 ` Max Filippov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201106241234.19282.jcmvbkbc@gmail.com \
--to=jcmvbkbc@gmail.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).