From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1GrdSB-000117-FY
	for qemu-devel@nongnu.org; Tue, 05 Dec 2006 11:47:35 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1GrdS5-0000u2-DX
	for qemu-devel@nongnu.org; Tue, 05 Dec 2006 11:47:34 -0500
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1GrdS5-0000tz-7a
	for qemu-devel@nongnu.org; Tue, 05 Dec 2006 11:47:29 -0500
Received: from [128.2.129.23] (helo=bache.ece.cmu.edu)
	by monty-python.gnu.org with esmtp (Exim 4.52) id 1GrdS5-0001XT-AZ
	for qemu-devel@nongnu.org; Tue, 05 Dec 2006 11:47:29 -0500
Message-ID: <4575A29E.3000604@ece.cmu.edu>
From: Heng Yin <hyin@ece.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] A strange segmentation fault
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Date: Tue, 05 Dec 2006 16:47:35 -0000
To: qemu-devel@nongnu.org

Hi Qemu developers,

I'm running into a strange problem, when I do some implementation on Qemu.

In target_i386/op.c, if I add a function call in the following function, 
  Qemu will crash immediately after execution.

void OPPROTO op_jnz_T0_label(void)
{
     helper_test(T0); //this is the function I add
     if (T0)
         GOTO_LABEL_PARAM(1);
     FORCE_RET();
}

I define this function in target_i386/helper.c:
int helper_test(int a)
{
     return a*3;
}

However, if my function takes no arguments, qemu works well.
void OPPROTO op_jnz_T0_label(void)
{
     helper_test(); //this is the function I add
     if (T0)
         GOTO_LABEL_PARAM(1);
     FORCE_RET();
}

I define this function in target_i386/helper.c:
int helper_test()
{
     return 100+cpu_single_env;
}

I built qemu on linux, and tested it on 0.8.0 and 0.8.2, and the problem 
appeared on both versions. I also tried to load winxp and linux images 
with three different options for kqemu: -kernel-kqemu -no-kqemu (none), 
and nothing is changed.

Below is the message I got in gdb:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1212746048 (LWP 5587)]
0x00000001 in ?? ()
(gdb) bt
#0  0x00000001 in ?? ()
#1  0x080bac6c in cpu_x86_exec (env1=0x40) at 
/home/hyin/qemu-0.8.2/cpu-exec.c:772
#2  0x08050a62 in main_loop () at /home/hyin/qemu-0.8.2/vl.c:5069
#3  0x08051fe2 in main (argc=3324, argv=0x8) at 
/home/hyin/qemu-0.8.2/vl.c:6221

Can you guys give any idea of what may cause this problem and how to 
solve it?

Thanks,
Heng