From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1GrzVN-0006dC-25
	for qemu-devel@nongnu.org; Wed, 06 Dec 2006 11:20:21 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1GrzVL-0006c2-OZ
	for Qemu-devel@nongnu.org; Wed, 06 Dec 2006 11:20:20 -0500
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1GrzVL-0006bz-HL
	for Qemu-devel@nongnu.org; Wed, 06 Dec 2006 11:20:19 -0500
Received: from [128.2.129.23] (helo=bache.ece.cmu.edu)
	by monty-python.gnu.org with esmtp (Exim 4.52) id 1GrzVL-0005mT-Ad
	for Qemu-devel@nongnu.org; Wed, 06 Dec 2006 11:20:19 -0500
Received: from [128.2.134.191] (KIPPER.ECE.CMU.EDU [128.2.134.191])
	by bache.ece.cmu.edu (Postfix) with ESMTP id DD8A7AD
	for <Qemu-devel@nongnu.org>; Wed,  6 Dec 2006 11:20:17 -0500 (EST)
Message-ID: <4576EDC0.8030300@ece.cmu.edu>
Date: Wed, 06 Dec 2006 11:20:16 -0500
From: Heng Yin <hyin@ece.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] a strange segmentation fault
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Qemu-devel@nongnu.org

Hi QEMU developers,

I'm running into a strange problem when I add some my own stuff in QEMU.
If I add a function call in the following position, QEMU will crash 
immediately after execution.

In target-i386/op.c:
void OPPROTO op_jnz_T0_label(void)
{
     helper_test(T0); //my own function
     if (T0)
         GOTO_LABEL_PARAM(1);
     FORCE_RET();
}

I define this function in target-i386/helper.c:

int helper_test(int t0)
{
     return 100+t0;
}

I try it on the two versions: 0.8.2 and 0.8.0. The problem appears no 
matter what kqemu option (-kernel-kqemu -no-kqmeu, or none) is used and 
what guest os (linux or winxp) is to launch.

I got the following message from gdb:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1212991808 (LWP 28612)]
0x00000001 in ?? ()
(gdb) bt
#0  0x00000001 in ?? ()
#1  0x080bac6c in cpu_x86_exec (env1=0x40)
     at /home/hyin/qemu-0.8.2/cpu-exec.c:772
#2  0x08050a62 in main_loop () at /home/hyin/qemu-0.8.2/vl.c:5069
#3  0x08051fe2 in main (argc=3324, argv=0x8)
     at /home/hyin/qemu-0.8.2/vl.c:6221
(gdb)

Interestingly, if I change the function helper_test to take no 
arguments, the fault will be gone.

Can anybody give any hints of what may cause this fault and how to solve it?

Thanks,
Heng