From: Jakub Jermar <jakub@jermar.eu>
To: qemu-devel@nongnu.org
Cc: HelenOS development mailing list <helenos-devel@lists.modry.cz>
Subject: [Qemu-devel] [sparc64] Miscomputed minimum of a group of numbers in sparc64 emulation
Date: Thu, 30 Jun 2011 23:12:07 +0200 [thread overview]
Message-ID: <4E0CE6A7.10901@jermar.eu> (raw)
[-- Attachment #1: Type: text/plain, Size: 813 bytes --]
Hi,
we have been observing a problem with HelenOS running on the latest git
Qemu/sparc64. The gist of the problem is that the following computation
of minimum of 64 and 512 surprisingly gives 512:
bytes = min(len, BPS(bs) - pos % BPS(bs));
bytes = min(bytes, nodep->size - pos);
On input, `len` is 64, `pos` is 0, `BPS(bs)` is 512 and `nodep->size` is
some bigger number. Surprisingly, in a non-single-stepping mode, Qemu
computes `bytes` as 512 instead of 64. When singlestepping via GDB, the
result is correct.
I think this could be a bug in Qemu so I am attaching the relevant
portion of qemu.log with some comments and pointers in it.
I would appreciate if someone who understands the sparc64 code
translation could have a look at this. More debugging data may be
provided upon request.
Thanks,
Jakub
[-- Attachment #2: qemu.log --]
[-- Type: text/x-log, Size: 11032 bytes --]
IN:
0x00000000000067a4: ldub [ %o0 + 0xb ], %g1
0x00000000000067a8: sub %i1, %i2, %i1
0x00000000000067ac: ldub [ %o0 + 0xc ], %g2
0x00000000000067b0: sethi %hi(0x1dc00), %o0
0x00000000000067b4: sllx %g1, 8, %g1
0x00000000000067b8: ldx [ %fp + 0x7ef ], %g3
0x00000000000067bc: or %o0, 0x258, %o0
0x00000000000067c0: or %g2, %g1, %g1
0x00000000000067c4: sll %g1, 0x10, %g1
0x00000000000067c8: cmp %i1, %g3
0x00000000000067cc: srl %g1, 8, %g4
0x00000000000067d0: mov %g3, %o3
0x00000000000067d4: srl %g1, 0x18, %g1
0x00000000000067d8: or %g4, %g1, %g4
0x00000000000067dc: sllx %g4, 0x30, %g2
0x00000000000067e0: srlx %g2, 0x30, %g2
0x00000000000067e4: udivx %i2, %g2, %g1
0x00000000000067e8: mulx %g1, %g2, %g1
0x00000000000067ec: movgu %xcc, %g3, %i1
0x00000000000067f0: sll %g4, 0x10, %g4
0x00000000000067f4: sub %i2, %g1, %g1
0x00000000000067f8: srl %g4, 0x10, %o1
0x00000000000067fc: sub %g2, %g1, %g1
0x0000000000006800: sra %o1, 0, %o1
0x0000000000006804: cmp %i1, %g1
0x0000000000006808: movgu %xcc, %g1, %i1 <= with 0 in %xcc the move is executed and overwrites 64 in %i1 by 512 from %g1
0x000000000000680c: call 0x13f00 <= when I put breakpoint here, %xcc is 0 insted of 0b1001 in non-single-stepping mode
0x0000000000006810: mov %i1, %o4
OP after liveness analysis:
movi_i64 tmp8,$compute_psr
call tmp8,$0x0,$0
ld_i64 tmp6,regwptr,$0x0
movi_i64 tmp8,$0xb
add_i64 loc5,tmp6,tmp8
qemu_ld8u loc4,loc5,$0x0
mov_i64 g1,loc4
ld_i64 tmp7,regwptr,$0x88
ld_i64 tmp6,regwptr,$0x90
sub_i64 loc3,tmp7,tmp6
st_i64 loc3,regwptr,$0x88
ld_i64 tmp6,regwptr,$0x0
movi_i64 tmp8,$0xc
add_i64 loc5,tmp6,tmp8
qemu_ld8u loc4,loc5,$0x0
mov_i64 g2,loc4
movi_i64 tmp8,$0x1dc00
st_i64 tmp8,regwptr,$0x0
movi_i64 tmp8,$0x8
shl_i64 loc3,g1,tmp8
mov_i64 g1,loc3
ld_i64 tmp7,regwptr,$0xb0
movi_i64 tmp8,$0x7ef
add_i64 loc5,tmp7,tmp8
qemu_ld64 loc4,loc5,$0x0
mov_i64 g3,loc4
ld_i64 tmp6,regwptr,$0x0
movi_i64 tmp8,$0x258
or_i64 loc3,tmp6,tmp8
st_i64 loc3,regwptr,$0x0
mov_i64 tmp6,g1
or_i64 loc3,g2,tmp6
mov_i64 g1,loc3
movi_i64 tmp8,$0x10
shl_i64 loc3,g1,tmp8
mov_i64 g1,loc3
ld_i64 tmp7,regwptr,$0x88
mov_i64 cc_src,tmp7
mov_i64 cc_src2,g3
sub_i64 cc_dst,cc_src,cc_src2
nopn $0x2,$0x2
movi_i32 cc_op,$0x7
movi_i64 tmp8,$0xffffffff
and_i64 loc3,g1,tmp8
movi_i64 tmp8,$0x8
shr_i64 loc3,loc3,tmp8
mov_i64 g4,loc3
mov_i64 loc3,g3
st_i64 loc3,regwptr,$0x18
movi_i64 tmp8,$0xffffffff
and_i64 loc3,g1,tmp8
movi_i64 tmp8,$0x18
shr_i64 loc3,loc3,tmp8
mov_i64 g1,loc3
mov_i64 tmp6,g1
or_i64 loc3,g4,tmp6
mov_i64 g4,loc3
movi_i64 tmp8,$0x30
shl_i64 loc3,g4,tmp8
mov_i64 g2,loc3
movi_i64 tmp8,$0x30
shr_i64 loc3,g2,tmp8
mov_i64 g2,loc3
ld_i64 tmp6,regwptr,$0x90
mov_i64 cc_src,tmp6
mov_i64 cc_src2,g2
movi_i64 tmp8,$0x0
brcond_i64 cc_src2,tmp8,ne,$0x0
movi_i32 tmp9,$0x28
movi_i64 tmp8,$raise_exception
call tmp8,$0x0,$0,tmp9
set_label $0x0
movi_i64 tmp8,$0x0
divu2_i64 loc3,tmp8,cc_src,tmp8,cc_src2
mov_i64 g1,loc3
mul_i64 loc3,g1,g2
mov_i64 g1,loc3
nopn $0x3,$0x1,$0x3
movi_i64 tmp10,$compute_psr
call tmp10,$0x0,$0
ext32u_i64 tmp0,xcc
movi_i64 tmp10,$0x16
shr_i64 tmp0,tmp0,tmp10
movi_i64 tmp10,$0x1
and_i64 tmp0,tmp0,tmp10
ext32u_i64 tmp8,xcc
movi_i64 tmp10,$0x14
shr_i64 tmp8,tmp8,tmp10
movi_i64 tmp10,$0x1
and_i64 tmp8,tmp8,tmp10
or_i64 tmp8,tmp8,tmp0
movi_i64 tmp10,$0x1
xor_i64 tmp8,tmp8,tmp10
movi_i64 tmp10,$0x0
brcond_i64 tmp8,tmp10,eq,$0x1
mov_i64 tmp0,g3
st_i64 tmp0,regwptr,$0x88
set_label $0x1
movi_i64 tmp8,$0x10
shl_i64 loc3,g4,tmp8
mov_i64 g4,loc3
ld_i64 tmp6,regwptr,$0x90
sub_i64 loc3,tmp6,g1
mov_i64 g1,loc3
movi_i64 tmp8,$0xffffffff
and_i64 loc3,g4,tmp8
movi_i64 tmp8,$0x10
shr_i64 loc3,loc3,tmp8
st_i64 loc3,regwptr,$0x8
sub_i64 loc3,g2,g1
mov_i64 g1,loc3
ld_i64 tmp7,regwptr,$0x8
movi_i64 tmp8,$0xffffffff
and_i64 loc3,tmp7,tmp8
ext32s_i64 loc3,loc3
st_i64 loc3,regwptr,$0x8
ld_i64 tmp6,regwptr,$0x88
mov_i64 cc_src,tmp6
mov_i64 cc_src2,g1
sub_i64 cc_dst,cc_src,cc_src2
mov_i64 loc3,cc_dst
movi_i32 cc_op,$0x7
nopn $0x3,$0x1,$0x3
movi_i64 tmp10,$compute_psr
call tmp10,$0x0,$0
ext32u_i64 tmp0,xcc
movi_i64 tmp10,$0x16
shr_i64 tmp0,tmp0,tmp10
movi_i64 tmp10,$0x1
and_i64 tmp0,tmp0,tmp10
ext32u_i64 tmp8,xcc
movi_i64 tmp10,$0x14
shr_i64 tmp8,tmp8,tmp10
movi_i64 tmp10,$0x1
and_i64 tmp8,tmp8,tmp10
or_i64 tmp8,tmp8,tmp0
movi_i64 tmp10,$0x1
xor_i64 tmp8,tmp8,tmp10
movi_i64 tmp10,$0x0
brcond_i64 tmp8,tmp10,eq,$0x2
mov_i64 tmp0,g1
st_i64 tmp0,regwptr,$0x88
set_label $0x2
movi_i64 tmp8,$0x680c
st_i64 tmp8,regwptr,$0x38
ld_i64 loc3,regwptr,$0x88
st_i64 loc3,regwptr,$0x20
movi_i64 pc,$0x13f00
movi_i64 npc,$0x13f04
exit_tb $0x0
end
OUT: [size=797]
0x409551a0: callq 0x526810
0x409551a5: mov 0x40(%r14),%rbp
0x409551a9: mov 0x0(%rbp),%rbx
0x409551ad: add $0xb,%rbx
0x409551b1: mov %rbx,%rsi
0x409551b4: mov %rbx,%rdi
0x409551b7: shr $0x8,%rsi
0x409551bb: and $0xffffffffffffe000,%rdi
0x409551c2: and $0x1fe0,%esi
0x409551c8: lea 0x1238(%r14,%rsi,1),%rsi
0x409551d0: cmp (%rsi),%rdi
0x409551d3: mov %rbx,%rdi
0x409551d6: jne 0x409551e1
0x409551d8: add 0x18(%rsi),%rdi
0x409551dc: movzbl (%rdi),%ebp
0x409551df: jmp 0x409551eb
0x409551e1: xor %esi,%esi
0x409551e3: callq 0x52c290
0x409551e8: movzbl %al,%ebp
0x409551eb: mov 0x40(%r14),%rbx
0x409551ef: mov 0x88(%rbx),%r12
0x409551f6: mov 0x90(%rbx),%r13
0x409551fd: sub %r13,%r12
0x40955200: mov %r12,0x88(%rbx)
0x40955207: mov (%rbx),%r12
0x4095520a: add $0xc,%r12
0x4095520e: mov %rbp,0x8(%r14)
0x40955212: mov %r12,%rsi
0x40955215: mov %r12,%rdi
0x40955218: shr $0x8,%rsi
0x4095521c: and $0xffffffffffffe000,%rdi
0x40955223: and $0x1fe0,%esi
0x40955229: lea 0x1238(%r14,%rsi,1),%rsi
0x40955231: cmp (%rsi),%rdi
0x40955234: mov %r12,%rdi
0x40955237: jne 0x40955242
0x40955239: add 0x18(%rsi),%rdi
0x4095523d: movzbl (%rdi),%ebp
0x40955240: jmp 0x4095524c
0x40955242: xor %esi,%esi
0x40955244: callq 0x52c290
0x40955249: movzbl %al,%ebp
0x4095524c: mov $0x1dc00,%ebx
0x40955251: mov 0x40(%r14),%r12
0x40955255: mov %rbx,(%r12)
0x40955259: mov 0x8(%r14),%rbx
0x4095525d: shl $0x8,%rbx
0x40955261: mov 0xb0(%r12),%r13
0x40955269: add $0x7ef,%r13
0x40955270: mov %rbx,0x8(%r14)
0x40955274: mov %rbp,0x10(%r14)
0x40955278: mov %r13,%rsi
0x4095527b: mov %r13,%rdi
0x4095527e: shr $0x8,%rsi
0x40955282: and $0xffffffffffffe007,%rdi
0x40955289: and $0x1fe0,%esi
0x4095528f: lea 0x1238(%r14,%rsi,1),%rsi
0x40955297: cmp (%rsi),%rdi
0x4095529a: mov %r13,%rdi
0x4095529d: jne 0x409552ab
0x4095529f: add 0x18(%rsi),%rdi
0x409552a3: mov (%rdi),%rbp
0x409552a6: bswap %rbp
0x409552a9: jmp 0x409552b5
0x409552ab: xor %esi,%esi
0x409552ad: callq 0x52a900
0x409552b2: mov %rax,%rbp
0x409552b5: mov %rbp,%rbx
0x409552b8: mov 0x40(%r14),%r12
0x409552bc: mov (%r12),%r15
0x409552c0: or $0x258,%r15
0x409552c7: mov %r15,(%r12)
0x409552cb: mov 0x8(%r14),%r15
0x409552cf: mov 0x10(%r14),%r10
0x409552d3: or %r15,%r10
0x409552d6: shl $0x10,%r10
0x409552da: mov 0x88(%r12),%r15
0x409552e2: mov %rbx,%r11
0x409552e5: sub %r11,%r15
0x409552e8: mov %r10,%r11
0x409552eb: mov %r11d,%r11d
0x409552ee: shr $0x8,%r11
0x409552f2: mov %rbx,%r9
0x409552f5: mov %r9,0x18(%r12)
0x409552fa: mov %r10d,%r10d
0x409552fd: shr $0x18,%r10
0x40955301: mov %r10,%r9
0x40955304: or %r9,%r11
0x40955307: mov %r11,%r9
0x4095530a: shl $0x30,%r9
0x4095530e: shr $0x30,%r9
0x40955312: mov %r9,%r8
0x40955315: mov 0x90(%r12),%rcx
0x4095531d: mov %r8,%rdx
0x40955320: mov %r9,0x18248(%r14)
0x40955327: mov %rbp,0x18250(%r14)
0x4095532e: mov %r13,0x18258(%r14)
0x40955335: mov %rcx,0x60(%r14)
0x40955339: mov %rdx,0x68(%r14)
0x4095533d: mov %r15,0x70(%r14)
0x40955341: mov $0x7,%ebp
0x40955346: mov %ebp,0x78(%r14)
0x4095534a: mov %r10,0x8(%r14)
0x4095534e: mov %r8,0x10(%r14)
0x40955352: mov %rbx,0x18(%r14)
0x40955356: mov %r11,0x20(%r14)
0x4095535a: test %rdx,%rdx
0x4095535d: jne 0x4095536d
0x40955363: mov $0x28,%edi
0x40955368: callq 0x523f50
0x4095536d: mov 0x60(%r14),%rax
0x40955371: xor %edx,%edx
0x40955373: mov 0x68(%r14),%rbp
0x40955377: div %rbp
0x4095537a: mov 0x10(%r14),%rbx
0x4095537e: imul %rbx,%rax
0x40955382: mov %rax,%r12
0x40955385: mov %rax,0x18248(%r14)
0x4095538c: mov %r12,0x8(%r14)
0x40955390: callq 0x526810
0x40955395: mov 0x19230(%r14),%ebp
0x4095539c: mov %ebp,%ebx
0x4095539e: shr $0x16,%rbx
0x409553a2: and $0x1,%ebx
0x409553a5: mov %ebp,%r12d
0x409553a8: shr $0x14,%r12
0x409553ac: and $0x1,%r12d
0x409553b0: or %rbx,%r12
0x409553b3: xor $0x1,%r12
0x409553b7: test %r12,%r12
0x409553ba: je 0x409553cf
0x409553c0: mov 0x18(%r14),%rbp
0x409553c4: mov 0x40(%r14),%rbx
0x409553c8: mov %rbp,0x88(%rbx)
0x409553cf: mov 0x20(%r14),%rbp
0x409553d3: shl $0x10,%rbp
0x409553d7: mov 0x40(%r14),%rbx
0x409553db: mov 0x90(%rbx),%r12
0x409553e2: mov 0x8(%r14),%r13
0x409553e6: sub %r13,%r12
0x409553e9: mov %rbp,%r13
0x409553ec: mov %r13d,%r13d
0x409553ef: shr $0x10,%r13
0x409553f3: mov %r13,0x8(%rbx)
0x409553f7: mov 0x10(%r14),%r13
0x409553fb: mov %r13,%r15
0x409553fe: sub %r12,%r15
0x40955401: mov 0x8(%rbx),%r12
0x40955405: mov %r12d,%r12d
0x40955408: movslq %r12d,%r12
0x4095540b: mov %r12,0x8(%rbx)
0x4095540f: mov 0x88(%rbx),%r12
0x40955416: mov %r15,%r10
0x40955419: mov %r12,%r11
0x4095541c: sub %r10,%r11
0x4095541f: mov %r11,%r9
0x40955422: mov %r9,0x18248(%r14)
0x40955429: mov %r10,0x68(%r14)
0x4095542d: mov %r11,0x70(%r14)
0x40955431: mov %r12,0x60(%r14)
0x40955435: mov $0x7,%ebx
0x4095543a: mov %ebx,0x78(%r14)
0x4095543e: mov %r15,0x8(%r14)
0x40955442: mov %rbp,0x20(%r14)
0x40955446: callq 0x526810
0x4095544b: mov 0x19230(%r14),%ebp
0x40955452: mov %ebp,%ebx
0x40955454: shr $0x16,%rbx
0x40955458: and $0x1,%ebx
0x4095545b: mov %ebp,%r12d
0x4095545e: shr $0x14,%r12
0x40955462: and $0x1,%r12d
0x40955466: or %rbx,%r12
0x40955469: xor $0x1,%r12
0x4095546d: test %r12,%r12
0x40955470: je 0x40955485
0x40955476: mov 0x8(%r14),%rbp
0x4095547a: mov 0x40(%r14),%rbx
0x4095547e: mov %rbp,0x88(%rbx)
0x40955485: mov $0x680c,%ebp
0x4095548a: mov 0x40(%r14),%rbx
0x4095548e: mov %rbp,0x38(%rbx)
0x40955492: mov 0x88(%rbx),%rbp
0x40955499: mov %rbp,0x20(%rbx)
0x4095549d: mov %rbp,0x18248(%r14)
0x409554a4: mov $0x13f00,%ebp
0x409554a9: mov %rbp,0x48(%r14)
0x409554ad: mov $0x13f04,%ebp
0x409554b2: mov %rbp,0x50(%r14)
0x409554b6: xor %eax,%eax
0x409554b8: jmpq 0x108e4ee
next reply other threads:[~2011-06-30 21:12 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-30 21:12 Jakub Jermar [this message]
2011-07-01 9:15 ` [Qemu-devel] [HelenOS-devel] [sparc64] Miscomputed minimum of a group of numbers in sparc64 emulation Artyom Tarasenko
2011-07-01 9:36 ` Jakub Jermar
2011-07-01 10:41 ` Artyom Tarasenko
2011-07-01 12:57 ` Jakub Jermar
2011-07-01 14:11 ` Jakub Jermar
2011-07-01 14:24 ` Laurent Desnogues
2011-07-01 14:28 ` Jakub Jermar
2011-07-01 15:08 ` Artyom Tarasenko
2011-07-01 14:15 ` Laurent Desnogues
2011-07-01 14:21 ` Jakub Jermar
2011-07-01 15:03 ` Artyom Tarasenko
2011-07-01 15:20 ` Laurent Desnogues
2011-07-01 15:53 ` Artyom Tarasenko
2011-07-01 16:14 ` Artyom Tarasenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E0CE6A7.10901@jermar.eu \
--to=jakub@jermar.eu \
--cc=helenos-devel@lists.modry.cz \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).