From: Max Filippov <jcmvbkbc@gmail.com>
To: Laurent Desnogues <laurent.desnogues@gmail.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] Actual TB code doesn't look like what was intended (TCG issue)?
Date: Fri, 24 Jun 2011 12:35:35 +0400 [thread overview]
Message-ID: <201106241235.35336.jcmvbkbc@gmail.com> (raw)
In-Reply-To: <BANLkTikCR5342Yd2fCJGDWS8Jny+L+qjfg@mail.gmail.com>
> > Hello guys.
> >
> > I'm running qemu on x86_64 host.
> > It's clean build from git sources dated 2011.05.19, commit 1fddfba129f5435c80eda14e8bc23fdb888c7187
> > I have the following output from "log trace,op,out_asm":
> >
> > Trace 0x4000a310 [d0026c92]
> > OP:
> > ---- 0xd00000c0
> > movi_i32 tmp1,$0xfffffff4
> > add_i32 tmp0,ar9,tmp1
> > qemu_ld32 ar1,tmp0,$0x0
> >
> > ---- 0xd00000c3
> > movi_i32 tmp1,$0xfffffff0
> > add_i32 tmp0,ar9,tmp1
> > qemu_ld32 ar0,tmp0,$0x0
> >
> > [...snip...]
> [...]
> > 0x4000a360: xor %esi,%esi
> > 0x4000a362: callq 0x52edc2
> [...]
> > (gdb) x/25i 0x4000a330
> [...]
> > 0x4000a360: mov $0x1,%esi
> > 0x4000a365: callq 0x52edc2 <__ldl_mmu>
> > 0x4000a36a: mov %eax,%ebp
> > 0x4000a36c: sub $0x44,%al
> > => 0x4000a36e: lea -0x10(%rbx),%esp
> > 0x4000a371: mov %ebp,0xc(%r14)
> > 0x4000a375: mov %r12d,%esi
> > 0x4000a378: mov %r12d,%edi
> >
> > Please note how the current instruction in gdb differ from what was said in OUT. This lea corrupts stack pointer and the next callq generates segfault.
> > Could please anyone familiar with TCG take a look at this, or suggest where I should look myself?
>
> As Peter hinted, you're not looking at the code you think :-)
> Note how your original TCG code does loads:
>
> qemu_ld32 ar1,tmp0,$0x0
>
> That $0x0 will end up in %RSI. It's the mem index used to
> distinguish from user and privileged level accesses. In your
> examples of host code, in one case it is 0 and in the other
> it is 1, so you're definitely not really looking at the same
> block in the same running conditions.
Yes, I've noticed it (however, after I sent this mail).
But (1) quoted OUT is the last OUT for this host address range in the log and (2) in gdb I set "b tlb_fill if retaddr == 0x4000a369" and made some steps.
You mean that I should look at previous OUTs for this address range?
Thanks.
-- Max
next prev parent reply other threads:[~2011-06-24 8:35 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-24 2:44 [Qemu-devel] Actual TB code doesn't look like what was intended (TCG issue)? Max Filippov
2011-06-24 7:46 ` Peter Maydell
2011-06-24 8:34 ` Max Filippov
2011-06-24 9:42 ` Peter Maydell
2011-06-24 10:08 ` Max Filippov
2011-06-24 10:32 ` Peter Maydell
2011-06-24 17:06 ` Max Filippov
2011-06-24 8:14 ` Laurent Desnogues
2011-06-24 8:35 ` Max Filippov [this message]
2011-06-24 9:38 ` Laurent Desnogues
2011-06-24 9:48 ` Max Filippov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201106241235.35336.jcmvbkbc@gmail.com \
--to=jcmvbkbc@gmail.com \
--cc=laurent.desnogues@gmail.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).