[Qemu-devel] target-s390x: assertion failure in op

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [Qemu-devel] target-s390x: assertion failure in op_risbg
@ 2017-11-07 11:41 Peter Maydell
  2017-11-07 12:00 ` Thomas Huth
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Peter Maydell @ 2017-11-07 11:41 UTC (permalink / raw)
  To: QEMU Developers; +Cc: Richard Henderson, Alexander Graf

This is from https://bugs.launchpad.net/qemu/+bug/1701798, but
that's quite a large thing, so here's the s390 specific part.

On an ubuntu xenial install:

$ apt install g++-5-s390x-linux-gnu
$ cat hello.c
#include <stdio.h>
int main(void) {
    printf("hello world\n");
    return 0;
}
$ s390x-linux-gnu-gcc-5 -O hello.c -o hello.s390x
$ QEMU_LD_PREFIX=/usr/s390x-linux-gnu/ gdb --args
~/linaro/qemu-from-laptop/qemu/build/all-linux-static/s390x-linux-user/qemu-s390x
./hello.s390x
[...]
(gdb) r
[...]
Thread 1 "qemu-s390x" received signal SIGABRT, Aborted.
0x0000000060215018 in raise ()
(gdb) bt
#0  0x0000000060215018 in raise ()
#1  0x000000006021573a in abort ()
#2  0x0000000060079a96 in op_risbg (s=0x7fffffffda10, o=0x7fffffffd950)
    at /home/petmay01/linaro/qemu-from-laptop/qemu/target/s390x/translate.c:3450
#3  0x0000000060082c8b in translate_one (env=0x627f0350, s=0x7fffffffda10)
    at /home/petmay01/linaro/qemu-from-laptop/qemu/target/s390x/translate.c:5824
#4  0x0000000060082f3f in gen_intermediate_code (cs=0x627e80b0,
    tb=0x60794d40 <static_code_gen_buffer+56064>)
    at /home/petmay01/linaro/qemu-from-laptop/qemu/target/s390x/translate.c:5925
#5  0x00000000600369aa in tb_gen_code (cpu=0x627e80b0, pc=274886359240,
    cs_base=0, flags=3, cflags=0)

This is because in op_risbg() we abort() if s->fields->op2 is not
one of 0x55, 0x5d, 0x51. In this case it is 0x59. I don't know enough
s390 to know what this might be, but we shouldn't really abort()
inside QEMU for unimplemented guest insns.

(if you let execution continue, or don't run in a debugger then
linux-user does its usual thing of obfuscating failures inside QEMU
and then runs into a different assert due to trying to take the tb
lock inside cpu_restore_state().)

thanks
-- PMM

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Qemu-devel] target-s390x: assertion failure in op_risbg
  2017-11-07 11:41 [Qemu-devel] target-s390x: assertion failure in op_risbg Peter Maydell
@ 2017-11-07 12:00 ` Thomas Huth
  2017-11-07 12:14   ` Richard Henderson
  2017-11-07 12:14 ` Richard Henderson
  2017-11-07 12:59 ` Richard Henderson
  2 siblings, 1 reply; 5+ messages in thread
From: Thomas Huth @ 2017-11-07 12:00 UTC (permalink / raw)
  To: Peter Maydell, QEMU Developers
  Cc: Alexander Graf, Richard Henderson, qemu-s390x

On 07.11.2017 12:41, Peter Maydell wrote:
> This is from https://bugs.launchpad.net/qemu/+bug/1701798, but
> that's quite a large thing, so here's the s390 specific part.
> 
> On an ubuntu xenial install:
> 
> $ apt install g++-5-s390x-linux-gnu
> $ cat hello.c
> #include <stdio.h>
> int main(void) {
>     printf("hello world\n");
>     return 0;
> }
> $ s390x-linux-gnu-gcc-5 -O hello.c -o hello.s390x
> $ QEMU_LD_PREFIX=/usr/s390x-linux-gnu/ gdb --args
> ~/linaro/qemu-from-laptop/qemu/build/all-linux-static/s390x-linux-user/qemu-s390x
> ./hello.s390x
> [...]
> (gdb) r
> [...]
> Thread 1 "qemu-s390x" received signal SIGABRT, Aborted.
> 0x0000000060215018 in raise ()
> (gdb) bt
> #0  0x0000000060215018 in raise ()
> #1  0x000000006021573a in abort ()
> #2  0x0000000060079a96 in op_risbg (s=0x7fffffffda10, o=0x7fffffffd950)
>     at /home/petmay01/linaro/qemu-from-laptop/qemu/target/s390x/translate.c:3450
> #3  0x0000000060082c8b in translate_one (env=0x627f0350, s=0x7fffffffda10)
>     at /home/petmay01/linaro/qemu-from-laptop/qemu/target/s390x/translate.c:5824
> #4  0x0000000060082f3f in gen_intermediate_code (cs=0x627e80b0,
>     tb=0x60794d40 <static_code_gen_buffer+56064>)
>     at /home/petmay01/linaro/qemu-from-laptop/qemu/target/s390x/translate.c:5925
> #5  0x00000000600369aa in tb_gen_code (cpu=0x627e80b0, pc=274886359240,
>     cs_base=0, flags=3, cflags=0)
> 
> This is because in op_risbg() we abort() if s->fields->op2 is not
> one of 0x55, 0x5d, 0x51. In this case it is 0x59. I don't know enough
> s390 to know what this might be, but we shouldn't really abort()
> inside QEMU for unimplemented guest insns.

If I've got the spec right, the 0x59 here means that it is a "new"
instruction called RISBGN which we do not support in QEMU yet. Instead
of calling abort(), the correct behavior for unsupported instructions
here is to generate a "operation" exception. Or even better: Implement
the instruction. If I've got the spec right, it's doing the same as
RISBG (with subcode 0x55), but just does not set the condition code at
the end, so this should be quite easy to implement?

 Thomas

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Qemu-devel] target-s390x: assertion failure in op_risbg
  2017-11-07 11:41 [Qemu-devel] target-s390x: assertion failure in op_risbg Peter Maydell
  2017-11-07 12:00 ` Thomas Huth
@ 2017-11-07 12:14 ` Richard Henderson
  2017-11-07 12:59 ` Richard Henderson
  2 siblings, 0 replies; 5+ messages in thread
From: Richard Henderson @ 2017-11-07 12:14 UTC (permalink / raw)
  To: Peter Maydell, QEMU Developers; +Cc: Alexander Graf

On 11/07/2017 12:41 PM, Peter Maydell wrote:
> This is from https://bugs.launchpad.net/qemu/+bug/1701798, but
> that's quite a large thing, so here's the s390 specific part.
> 
> On an ubuntu xenial install:
> 
> $ apt install g++-5-s390x-linux-gnu
> $ cat hello.c
> #include <stdio.h>
> int main(void) {
>     printf("hello world\n");
>     return 0;
> }
> $ s390x-linux-gnu-gcc-5 -O hello.c -o hello.s390x
> $ QEMU_LD_PREFIX=/usr/s390x-linux-gnu/ gdb --args
> ~/linaro/qemu-from-laptop/qemu/build/all-linux-static/s390x-linux-user/qemu-s390x
> ./hello.s390x
> [...]
> (gdb) r
> [...]
> Thread 1 "qemu-s390x" received signal SIGABRT, Aborted.
> 0x0000000060215018 in raise ()
> (gdb) bt
> #0  0x0000000060215018 in raise ()
> #1  0x000000006021573a in abort ()
> #2  0x0000000060079a96 in op_risbg (s=0x7fffffffda10, o=0x7fffffffd950)
>     at /home/petmay01/linaro/qemu-from-laptop/qemu/target/s390x/translate.c:3450
> #3  0x0000000060082c8b in translate_one (env=0x627f0350, s=0x7fffffffda10)
>     at /home/petmay01/linaro/qemu-from-laptop/qemu/target/s390x/translate.c:5824
> #4  0x0000000060082f3f in gen_intermediate_code (cs=0x627e80b0,
>     tb=0x60794d40 <static_code_gen_buffer+56064>)
>     at /home/petmay01/linaro/qemu-from-laptop/qemu/target/s390x/translate.c:5925
> #5  0x00000000600369aa in tb_gen_code (cpu=0x627e80b0, pc=274886359240,
>     cs_base=0, flags=3, cflags=0)
> 
> This is because in op_risbg() we abort() if s->fields->op2 is not
> one of 0x55, 0x5d, 0x51. In this case it is 0x59. I don't know enough
> s390 to know what this might be, but we shouldn't really abort()
> inside QEMU for unimplemented guest insns.

Like aarch64, we abort not for completely unknown/unimplemented guest insns,
but when we're in a state that we didn't expect.  Truely unknown insns are
filtered earlier.

That we got here suggests there's an entry in insn-data.def, but I failed to
fill in all of the blanks.  Which for this case is fairly brown-bag-worthy.


r~

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Qemu-devel] target-s390x: assertion failure in op_risbg
  2017-11-07 12:00 ` Thomas Huth
@ 2017-11-07 12:14   ` Richard Henderson
  0 siblings, 0 replies; 5+ messages in thread
From: Richard Henderson @ 2017-11-07 12:14 UTC (permalink / raw)
  To: Thomas Huth, Peter Maydell, QEMU Developers; +Cc: Alexander Graf, qemu-s390x

On 11/07/2017 01:00 PM, Thomas Huth wrote:
> If I've got the spec right, it's doing the same as
> RISBG (with subcode 0x55), but just does not set the condition code at
> the end, so this should be quite easy to implement?

That's right.


r~

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Qemu-devel] target-s390x: assertion failure in op_risbg
  2017-11-07 11:41 [Qemu-devel] target-s390x: assertion failure in op_risbg Peter Maydell
  2017-11-07 12:00 ` Thomas Huth
  2017-11-07 12:14 ` Richard Henderson
@ 2017-11-07 12:59 ` Richard Henderson
  2 siblings, 0 replies; 5+ messages in thread
From: Richard Henderson @ 2017-11-07 12:59 UTC (permalink / raw)
  To: Peter Maydell, QEMU Developers; +Cc: Alexander Graf

On 11/07/2017 12:41 PM, Peter Maydell wrote:
> This is from https://bugs.launchpad.net/qemu/+bug/1701798, but
> that's quite a large thing, so here's the s390 specific part.
> 
> On an ubuntu xenial install:
> 
> $ apt install g++-5-s390x-linux-gnu
> $ cat hello.c
> #include <stdio.h>
> int main(void) {
>     printf("hello world\n");
>     return 0;
> }
> $ s390x-linux-gnu-gcc-5 -O hello.c -o hello.s390x
> $ QEMU_LD_PREFIX=/usr/s390x-linux-gnu/ gdb --args
> ~/linaro/qemu-from-laptop/qemu/build/all-linux-static/s390x-linux-user/qemu-s390x
> ./hello.s390x
> [...]
> (gdb) r
> [...]
> Thread 1 "qemu-s390x" received signal SIGABRT, Aborted.
> 0x0000000060215018 in raise ()
> (gdb) bt
> #0  0x0000000060215018 in raise ()
> #1  0x000000006021573a in abort ()
> #2  0x0000000060079a96 in op_risbg (s=0x7fffffffda10, o=0x7fffffffd950)
>     at /home/petmay01/linaro/qemu-from-laptop/qemu/target/s390x/translate.c:3450
> #3  0x0000000060082c8b in translate_one (env=0x627f0350, s=0x7fffffffda10)
>     at /home/petmay01/linaro/qemu-from-laptop/qemu/target/s390x/translate.c:5824
> #4  0x0000000060082f3f in gen_intermediate_code (cs=0x627e80b0,
>     tb=0x60794d40 <static_code_gen_buffer+56064>)
>     at /home/petmay01/linaro/qemu-from-laptop/qemu/target/s390x/translate.c:5925
> #5  0x00000000600369aa in tb_gen_code (cpu=0x627e80b0, pc=274886359240,
>     cs_base=0, flags=3, cflags=0)
> 
> This is because in op_risbg() we abort() if s->fields->op2 is not
> one of 0x55, 0x5d, 0x51. In this case it is 0x59. I don't know enough
> s390 to know what this might be, but we shouldn't really abort()
> inside QEMU for unimplemented guest insns.

Patch sent.  Since you have a testcase created, can you smoke test it?
I decline to download the necessaries while riding on this bus.  ;-)


r~

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2017-11-07 14:55 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-11-07 11:41 [Qemu-devel] target-s390x: assertion failure in op_risbg Peter Maydell
2017-11-07 12:00 ` Thomas Huth
2017-11-07 12:14   ` Richard Henderson
2017-11-07 12:14 ` Richard Henderson
2017-11-07 12:59 ` Richard Henderson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).