From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Lbg6J-0002n6-MO for qemu-devel@nongnu.org; Mon, 23 Feb 2009 14:04:23 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Lbg6I-0002mh-72 for qemu-devel@nongnu.org; Mon, 23 Feb 2009 14:04:23 -0500 Received: from [199.232.76.173] (port=60114 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Lbg6I-0002md-4H for qemu-devel@nongnu.org; Mon, 23 Feb 2009 14:04:22 -0500 Received: from smtp.mail.umich.edu ([141.211.14.81]:45126 helo=hackers.mr.itd.umich.edu) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1Lbg6H-0006zN-Hd for qemu-devel@nongnu.org; Mon, 23 Feb 2009 14:04:21 -0500 Message-ID: <49A2F331.3060506@gmail.com> Date: Mon, 23 Feb 2009 14:04:17 -0500 From: Andrea Pellegrini MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Qemu-devel] Not predictable "qemu: uncaught target signal 11" Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Hi all, I am instrumenting qemu to extract memory traces. Thanks to Vince Weaver I was able to modify the helper and produce traces for all memory accesses. However, often I receive the message "qemu: uncaught target signal 11 (Segmentation fault) - exiting". As you can see, only in the last run of the program I was able to complete the run of a simple "hello world" example. The exception is raised at the beginning of the execution and does not seem to raise in a particular point in the execution of the benchmark. The benchmark was compile with gcc-3.4 in my host amd64 Debian machine. Funny thing, using my instrumentation of qemu I am able to start the installation of Windows XP in it with no problem. apellegr@vinaccia:~/projects/qemu-0.9.1/x86_64-linux-user$ time ./qemu-x86_64 ../tests/hello_andrea.amd64 > /tmp/traces qemu: uncaught target signal 11 (Segmentation fault) - exiting real 0m0.083s user 0m0.072s sys 0m0.008s apellegr@vinaccia:~/projects/qemu-0.9.1/x86_64-linux-user$ time ./qemu-x86_64 ../tests/hello_andrea.amd64 > /tmp/traces qemu: uncaught target signal 11 (Segmentation fault) - exiting real 0m0.010s user 0m0.004s sys 0m0.004s apellegr@vinaccia:~/projects/qemu-0.9.1/x86_64-linux-user$ time ./qemu-x86_64 ../tests/hello_andrea.amd64 > /tmp/traces qemu: uncaught target signal 11 (Segmentation fault) - exiting real 0m0.069s user 0m0.060s sys 0m0.008s apellegr@vinaccia:~/projects/qemu-0.9.1/x86_64-linux-user$ time ./qemu-x86_64 ../tests/hello_andrea.amd64 > /tmp/traces qemu: uncaught target signal 11 (Segmentation fault) - exiting real 0m0.094s user 0m0.076s sys 0m0.016s apellegr@vinaccia:~/projects/qemu-0.9.1/x86_64-linux-user$ time ./qemu-x86_64 ../tests/hello_andrea.amd64 > /tmp/traces Segmentation fault real 0m0.092s user 0m0.060s sys 0m0.012s apellegr@vinaccia:~/projects/qemu-0.9.1/x86_64-linux-user$ time ./qemu-x86_64 ../tests/hello_andrea.amd64 > /tmp/traces real 0m0.073s user 0m0.068s sys 0m0.004s The Segmentation Fault is raised at line 884 (line number might be slightly different) in the exec.c file: /* add the tb in the target page and protect it if necessary */ static inline void tb_alloc_page(TranslationBlock *tb, unsigned int n, target_ulong page_addr) { PageDesc *p; TranslationBlock *last_first_tb; tb->page_addr[n] = page_addr; p = page_find_alloc(page_addr >> TARGET_PAGE_BITS); tb->page_next[n] = p->first_tb; // <-------------------------------------------------- THIS LINE last_first_tb = p->first_tb; p->first_tb = (TranslationBlock *)((long)tb | n); invalidate_page_bitmap(p); ... } I did change the function gen_intermediate_code_internal in translate.c to allow only one instruction in each translated basic block, to do so I added at the end of the for(;;) loop: // Andrea, break every instruction gen_jmp_im(pc_ptr - dc->cs_base); gen_eob(dc); break; // Andrea, end tb Anybody can help tracking down the causes of this SegFault? Thanks! ~Andrea