From: Eduardo Habkost <ehabkost@redhat.com>
To: Richard Henderson <rth@twiddle.net>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 49/65] tcg/i386: Rely on undefined/undocumented behaviour of BSF/BSR
Date: Mon, 16 Jan 2017 17:35:17 -0200 [thread overview]
Message-ID: <20170116193517.GC3491@thinpad.lan.raisama.net> (raw)
In-Reply-To: <20170116191939.GA6657@thinpad.lan.raisama.net>
On Mon, Jan 16, 2017 at 05:19:39PM -0200, Eduardo Habkost wrote:
> On Fri, Dec 23, 2016 at 08:00:26PM -0800, Richard Henderson wrote:
> > The ISA manual documents the output is undefined if the input was zero.
> >
> > However, we document in target-i386 that the behavior of real silicon
> > is to preserve the contents of the output register. We also mention
> > that there are real applications that depend on this. That this is
> > baked into silicon is mentioned as a potential cause for some false
> > sharing behaviour wrt lzcnt/tzcnt.
> >
> > Taking advantage of this allows us to save 2 insns in the normal case,
> > and 4 insns for i686 emulating a 64-bit clz.
> >
> > Signed-off-by: Richard Henderson <rth@twiddle.net>
>
> I am unable to boot a Fedora image[1] with TCG using latest master,
> and I have bisected the problem to this patch.
>
> [1] http://download.fedoraproject.org/pub/fedora/linux/releases/25/CloudImages/x86_64/images/Fedora-Cloud-Base-25-1.3.x86_64.qcow2
>
> $ qemu-system-x86_64 -machine accel=tcg -drive file=~/system/vmachines/Fedora-Cloud-Base-25-1.3.x86_64.qcow2,format=qcow2 -nographic
> [ 0.000000] BUG: unable to handle kernel NULL pointer dereference at (null)
[...]
With TCG debug enabled:
$ qemu-system-x86_64 -machine accel=tcg -drive file=~/system/vmachines/Fedora-Cloud-Base-25-1.3.x86_64.qcow2,format=qcow2 -nographic
qemu-system-x86_64: /home/ehabkost/rh/proj/virt/qemu/tcg/i386/tcg-target.inc.c:1153: tcg_out_ctz: Assertion `dest == arg2' failed.
Aborted (core dumped)
(gdb) bt
#0 0x00007f3332c50765 in raise () at /lib64/libc.so.6
#1 0x00007f3332c5236a in abort () at /lib64/libc.so.6
#2 0x00007f3332c48f97 in __assert_fail_base () at /lib64/libc.so.6
#3 0x00007f3332c49042 in () at /lib64/libc.so.6
#4 0x000055dbccbd04e8 in tcg_gen_code (const_a2=false, arg2=3, arg1=TCG_REG_EBP, dest=TCG_REG_R12, rexw=<optimized out>, s=0x55dbcd5792c0 <tcg_ctx>) at /home/ehabkost/rh/proj/virt/qemu/tcg/i386/tcg-target.inc.c:1153
#5 0x000055dbccbd04e8 in tcg_gen_code (const_args=0x7f3327ecd6d0, args=0x7f3327ecd710, opc=<optimized out>, s=0x55dbcd5792c0 <tcg_ctx>) at /home/ehabkost/rh/proj/virt/qemu/tcg/i386/tcg-target.inc.c:2081
#6 0x000055dbccbd04e8 in tcg_gen_code (arg_life=<optimized out>, args=<optimized out>, opc=<optimized out>, def=<optimized out>, s=0x55dbcd5792c0 <tcg_ctx>) at /home/ehabkost/rh/proj/virt/qemu/tcg/tcg.c:2335
#7 0x000055dbccbd04e8 in tcg_gen_code (s=s@entry=0x55dbcd5792c0 <tcg_ctx>, tb=tb@entry=0x7f3328ee3748) at /home/ehabkost/rh/proj/virt/qemu/tcg/tcg.c:2654
#8 0x000055dbccbc6836 in tb_gen_code (cpu=cpu@entry=0x55dbcf482dc0, pc=pc@entry=18446744072199146483, cs_base=cs_base@entry=0, flags=flags@entry=4244144, cflags=<optimized out>, cflags@entry=0)
at /home/ehabkost/rh/proj/virt/qemu/translate-all.c:1339
#9 0x000055dbccbc8b2c in cpu_exec (tb_exit=0, last_tb=<optimized out>, cpu=0x0) at /home/ehabkost/rh/proj/virt/qemu/cpu-exec.c:346
#10 0x000055dbccbc8b2c in cpu_exec (cpu=cpu@entry=0x55dbcf482dc0) at /home/ehabkost/rh/proj/virt/qemu/cpu-exec.c:637
#11 0x000055dbccbed8a1 in qemu_tcg_cpu_thread_fn (cpu=0x55dbcf482dc0) at /home/ehabkost/rh/proj/virt/qemu/cpus.c:1117
#12 0x000055dbccbed8a1 in qemu_tcg_cpu_thread_fn (arg=<optimized out>) at /home/ehabkost/rh/proj/virt/qemu/cpus.c:1197
#13 0x00007f33364ae5ca in start_thread () at /lib64/libpthread.so.0
#14 0x00007f3332d1f0ed in clone () at /lib64/libc.so.6
(gdb) up
#1 0x00007f3332c5236a in abort () from /lib64/libc.so.6
(gdb)
#2 0x00007f3332c48f97 in __assert_fail_base () from /lib64/libc.so.6
(gdb)
#3 0x00007f3332c49042 in __assert_fail () from /lib64/libc.so.6
(gdb)
#4 0x000055dbccbd04e8 in tcg_out_ctz (const_a2=false, arg2=3, arg1=TCG_REG_EBP, dest=TCG_REG_R12, rexw=<optimized out>, s=0x55dbcd5792c0 <tcg_ctx>) at /home/ehabkost/rh/proj/virt/qemu/tcg/i386/tcg-target.inc.c:1153
1153 tcg_debug_assert(dest == arg2);
(gdb)
#5 tcg_out_op (const_args=0x7f3327ecd6d0, args=0x7f3327ecd710, opc=<optimized out>, s=0x55dbcd5792c0 <tcg_ctx>) at /home/ehabkost/rh/proj/virt/qemu/tcg/i386/tcg-target.inc.c:2081
2081 tcg_out_ctz(s, rexw, args[0], args[1], args[2], const_args[2]);
(gdb)
#6 tcg_reg_alloc_op (arg_life=<optimized out>, args=<optimized out>, opc=<optimized out>, def=<optimized out>, s=0x55dbcd5792c0 <tcg_ctx>) at /home/ehabkost/rh/proj/virt/qemu/tcg/tcg.c:2335
2335 tcg_out_op(s, opc, new_args, const_args);
(gdb)
#7 tcg_gen_code (s=s@entry=0x55dbcd5792c0 <tcg_ctx>, tb=tb@entry=0x7f3328ee3748) at /home/ehabkost/rh/proj/virt/qemu/tcg/tcg.c:2654
2654 tcg_reg_alloc_op(s, def, opc, args, arg_life);
(gdb)
#8 0x000055dbccbc6836 in tb_gen_code (cpu=cpu@entry=0x55dbcf482dc0, pc=pc@entry=18446744072199146483, cs_base=cs_base@entry=0, flags=flags@entry=4244144, cflags=<optimized out>, cflags@entry=0)
at /home/ehabkost/rh/proj/virt/qemu/translate-all.c:1339
1339 gen_code_size = tcg_gen_code(&tcg_ctx, tb);
(gdb)
#9 0x000055dbccbc8b2c in tb_find (tb_exit=0, last_tb=<optimized out>, cpu=0x0) at /home/ehabkost/rh/proj/virt/qemu/cpu-exec.c:346
346 tb = tb_gen_code(cpu, pc, cs_base, flags, 0);
(gdb)
#10 cpu_exec (cpu=cpu@entry=0x55dbcf482dc0) at /home/ehabkost/rh/proj/virt/qemu/cpu-exec.c:637
637 tb = tb_find(cpu, last_tb, tb_exit);
--
Eduardo
next prev parent reply other threads:[~2017-01-16 19:35 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-24 3:59 [Qemu-devel] [PATCH v5 00/65] tcg 2.9 patch queue Richard Henderson
2016-12-24 3:59 ` [Qemu-devel] [PATCH 01/65] tcg: Add field extraction primitives Richard Henderson
2016-12-24 3:59 ` [Qemu-devel] [PATCH 02/65] tcg: Minor adjustments to deposit expanders Richard Henderson
2016-12-24 3:59 ` [Qemu-devel] [PATCH 03/65] tcg: Add deposit_z expander Richard Henderson
2016-12-24 3:59 ` [Qemu-devel] [PATCH 04/65] tcg/aarch64: Implement field extraction opcodes Richard Henderson
2016-12-24 3:59 ` [Qemu-devel] [PATCH 05/65] tcg/arm: Move isa detection to tcg-target.h Richard Henderson
2016-12-24 3:59 ` [Qemu-devel] [PATCH 06/65] tcg/arm: Implement field extraction opcodes Richard Henderson
2016-12-24 3:59 ` [Qemu-devel] [PATCH 07/65] tcg/i386: " Richard Henderson
2016-12-24 3:59 ` [Qemu-devel] [PATCH 08/65] tcg/mips: " Richard Henderson
2016-12-24 3:59 ` [Qemu-devel] [PATCH 09/65] tcg/ppc: " Richard Henderson
2016-12-24 3:59 ` [Qemu-devel] [PATCH 10/65] tcg/s390: Expose host facilities to tcg-target.h Richard Henderson
2016-12-24 3:59 ` [Qemu-devel] [PATCH 11/65] tcg/s390: Implement field extraction opcodes Richard Henderson
2016-12-24 3:59 ` [Qemu-devel] [PATCH 12/65] tcg/s390: Support deposit into zero Richard Henderson
2016-12-24 3:59 ` [Qemu-devel] [PATCH 13/65] target-alpha: Use deposit and extract ops Richard Henderson
2016-12-24 3:59 ` [Qemu-devel] [PATCH 14/65] target-arm: Use new " Richard Henderson
2016-12-24 3:59 ` [Qemu-devel] [PATCH 15/65] target-i386: " Richard Henderson
2016-12-24 3:59 ` [Qemu-devel] [PATCH 16/65] target-mips: Use the new extract op Richard Henderson
2016-12-24 3:59 ` [Qemu-devel] [PATCH 17/65] target-ppc: Use the new deposit and extract ops Richard Henderson
2016-12-24 3:59 ` [Qemu-devel] [PATCH 18/65] target-s390x: " Richard Henderson
2016-12-24 3:59 ` [Qemu-devel] [PATCH 19/65] tcg/optimize: Fold movcond 0/1 into setcond Richard Henderson
2016-12-24 3:59 ` [Qemu-devel] [PATCH 20/65] tcg: Add markup for output requires new register Richard Henderson
2016-12-24 3:59 ` [Qemu-devel] [PATCH 21/65] tcg: Transition flat op_defs array to a target callback Richard Henderson
2016-12-24 3:59 ` [Qemu-devel] [PATCH 22/65] tcg: Pass the opcode width to target_parse_constraint Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 23/65] tcg: Allow an operand to be matching or a constant Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 24/65] tcg: Add clz and ctz opcodes Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 25/65] disas/i386.c: Handle tzcnt Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 26/65] disas/ppc: Handle popcnt and cnttz Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 27/65] target-alpha: Use the ctz and clz opcodes Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 28/65] target-cris: Use clz opcode Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 29/65] target-microblaze: " Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 30/65] target-mips: " Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 31/65] target-openrisc: Use clz and ctz opcodes Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 32/65] target-ppc: " Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 33/65] target-s390x: Use clz opcode Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 34/65] target-tilegx: Use clz and ctz opcodes Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 35/65] target-tricore: Use clz opcode Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 36/65] target-unicore32: " Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 37/65] target-xtensa: " Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 38/65] target-arm: " Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 39/65] target-i386: Use clz and ctz opcodes Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 40/65] tcg/ppc: Handle ctz and clz opcodes Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 41/65] tcg/aarch64: " Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 42/65] tcg/arm: " Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 43/65] tcg/mips: Handle clz opcode Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 44/65] tcg/s390: " Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 45/65] tcg/i386: Fuly convert tcg_target_op_def Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 46/65] tcg/i386: Hoist common arguments in tcg_out_op Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 47/65] tcg/i386: Allow bmi2 shiftx to have non-matching operands Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 48/65] tcg/i386: Handle ctz and clz opcodes Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 49/65] tcg/i386: Rely on undefined/undocumented behaviour of BSF/BSR Richard Henderson
2017-01-16 19:19 ` Eduardo Habkost
2017-01-16 19:35 ` Eduardo Habkost [this message]
2016-12-24 4:00 ` [Qemu-devel] [PATCH 50/65] tcg: Add helpers for clrsb Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 51/65] target-arm: Use clrsb helper Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 52/65] target-tricore: " Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 53/65] target-xtensa: " Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 54/65] tcg: Add opcode for ctpop Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 55/65] target-alpha: Use ctpop helper Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 56/65] target-ppc: " Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 57/65] target-s390x: Avoid a loop for popcnt Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 58/65] target-sparc: Use ctpop helper Richard Henderson
2016-12-30 18:25 ` Mark Cave-Ayland
2016-12-24 4:00 ` [Qemu-devel] [PATCH 59/65] target-tilegx: " Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 60/65] target-i386: " Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 61/65] qemu/host-utils.h: Reduce the operation count in the fallback ctpop Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 62/65] tests: New test-bitcnt Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 63/65] tcg: Use ctpop to generate ctz if needed Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 64/65] tcg/ppc: Handle ctpop opcode Richard Henderson
2016-12-24 4:00 ` [Qemu-devel] [PATCH 65/65] tcg/i386: " Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170116193517.GC3491@thinpad.lan.raisama.net \
--to=ehabkost@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).