[Qemu-devel] qemu aborts with temp_save: Assertion `s->temps[temp].val_type == 2 || s->temps[temp].fixed_reg' failed

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Max Filippov <jcmvbkbc@gmail.com>
To: Peter Maydell <peter.maydell@linaro.org>,
	Richard Henderson <rth@twiddle.net>,
	qemu-devel <qemu-devel@nongnu.org>
Subject: [Qemu-devel] qemu aborts with temp_save: Assertion `s->temps[temp].val_type == 2 || s->temps[temp].fixed_reg' failed
Date: Thu, 11 Jul 2013 06:35:48 +0400	[thread overview]
Message-ID: <51DE1A04.1080602@gmail.com> (raw)

Hi Peter,

I suddenly found qemu built with debug enabled aborting with an assertion on one of xtensa tests:

qemu-system-xtensa -M sim -cpu dc232b -nographic -semihosting  -kernel ./test_sr.tst
QEMU 1.4.50 monitor - type 'help' for more information
(qemu) QEMU 1.4.50 monitor - type 'help' for more information
(qemu) qemu-system-xtensa: tcg/tcg.c:1673: temp_save: Assertion `s->temps[temp].val_type == 2 || s->temps[temp].fixed_reg' failed.

This happens in the mainline as well, bisection points to the following commit:

commit 378df4b23753a11be650af7664ca76bc75cb9f01
Author: Peter Maydell <peter.maydell@linaro.org>
Date:   Fri Feb 22 18:10:03 2013 +0000

    Handle CPU interrupts by inline checking of a flag


I have the following traces when it happens, any idea of what could go wrong?

OP:
 ld_i32 loc0,env,$0xffffffffffffffc8
 movi_i32 tmp1,$0x0
 brcond_i32 loc0,tmp1,ne,$0x0
 ---- 0xd0000fde

 ---- 0xd0000fe0
 movi_i32 tmp1,$0xd0000fe0
 movi_i32 tmp2,$0x1
 movi_i32 tmp3,$0x2
 movi_i64 tmp4,$advance_ccount
 call tmp4,$0x0,$0,env,tmp3
 movi_i64 tmp4,$window_check
 call tmp4,$0x0,$0,env,tmp1,tmp2
 movi_i32 ar4,$0x0

 ---- 0xd0000fe2
 movi_i32 tmp1,$0xd00003f0
 qemu_ld32 ar2,tmp1,$0x0

 ---- 0xd0000fe5
 movi_i32 tmp1,$0xd0000470
 qemu_ld32 ar3,tmp1,$0x0

 ---- 0xd0000fe8
 mov_i32 tmp1,ar2
 qemu_st32 ar3,tmp1,$0x0

 ---- 0xd0000fea
 movi_i32 tmp1,$0xd0000fea
 movi_i32 tmp2,$0x0
 movi_i32 tmp3,$0x4
 movi_i64 tmp4,$advance_ccount
 call tmp4,$0x0,$0,env,tmp3
 movi_i64 tmp4,$exception_cause
 call tmp4,$0x0,$0,env,tmp1,tmp2
 mov_i32 env,ar4
 set_label $0x0
 exit_tb $0x7fffed6373b3

qemu-system-xtensa: tcg/tcg.c:1673: temp_save: Assertion `s->temps[temp].val_type == 2 || s->temps[temp].fixed_reg' failed.

Program received signal SIGABRT, Aborted.
[Switching to Thread 0x7fffed633700 (LWP 29011)]
0x00007ffff545bc55 in raise () from /lib64/libc.so.6
...
(gdb) bt
#0  temp_save (s=0x55555624a2a0 <tcg_ctx>, temp=6, allocated_regs=16400) at tcg/tcg.c:1673
#1  0x0000555555730fd6 in save_globals (s=0x55555624a2a0 <tcg_ctx>, allocated_regs=16400) at tcg/tcg.c:1688
#2  0x00005555557311b9 in tcg_reg_alloc_bb_end (s=0x55555624a2a0 <tcg_ctx>, allocated_regs=16400) at tcg/tcg.c:1731
#3  0x0000555555732e5d in tcg_gen_code_common (s=0x55555624a2a0 <tcg_ctx>, gen_code_buf=0x7fffef240150 <code_gen_buffer+49488> "A\213nȉ\254$\200",
search_pc=-1) at tcg/tcg.c:2300
#4  0x0000555555733029 in tcg_gen_code (s=0x55555624a2a0 <tcg_ctx>, gen_code_buf=0x7fffef240150 <code_gen_buffer+49488> "A\213nȉ\254$\200") at
tcg/tcg.c:2356
#5  0x0000555555733d3d in cpu_xtensa_gen_code (env=0x5555562b43c0, tb=0x7fffed6373b0, gen_code_size_ptr=0x7fffed632a70) at translate-all.c:175
#6  0x00005555557351cf in tb_gen_code (env=0x5555562b43c0, pc=3489664990, cs_base=0, flags=0, cflags=0) at translate-all.c:958
#7  0x00005555556c8216 in tb_find_slow (env=0x5555562b43c0, pc=3489664990, cs_base=0, flags=0) at cpu-exec.c:141
#8  0x00005555556c839d in tb_find_fast (env=0x5555562b43c0) at cpu-exec.c:168
#9  0x00005555556c8722 in cpu_xtensa_exec (env=0x5555562b43c0) at cpu-exec.c:583
#10 0x00005555556cb719 in tcg_cpu_exec (env=0x5555562b43c0) at cpus.c:1117
#11 0x00005555556cb850 in tcg_exec_all () at cpus.c:1150
#12 0x00005555556cab40 in qemu_tcg_cpu_thread_fn (arg=0x5555562b42b0) at cpus.c:843
#13 0x00007ffff64d0d15 in start_thread () from /lib64/libpthread.so.0
#14 0x00007ffff551853d in clone () from /lib64/libc.so.6
(gdb) f 4
#4  0x0000555555730f85 in temp_save (s=0x55555624a2a0 <tcg_ctx>, temp=6, allocated_regs=16400) at tcg/tcg.c:1673
1673        assert(s->temps[temp].val_type == TEMP_VAL_MEM || s->temps[temp].fixed_reg);
(gdb) p s->temps[temp]
$2 = {
  base_type = TCG_TYPE_I32,
  type = TCG_TYPE_I32,
  val_type = 1,
  reg = 5,
  val = 0,
  mem_reg = 14,
  mem_offset = 24,
  fixed_reg = 0,
  mem_coherent = 1,
  mem_allocated = 1,
  temp_local = 0,
  temp_allocated = 0,
  next_free_temp = 0,
  name = 0x5555557826e0 "ar4"
}

-- 
Thanks.
-- Max

next             reply	other threads:[~2013-07-11  2:36 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-07-11  2:35 Max Filippov [this message]
2013-07-11  4:01 ` [Qemu-devel] qemu aborts with temp_save: Assertion `s->temps[temp].val_type == 2 || s->temps[temp].fixed_reg' failed Max Filippov
2013-07-28 23:01   ` Aurelien Jarno
2013-07-28 23:14     ` Max Filippov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=51DE1A04.1080602@gmail.com \
    --to=jcmvbkbc@gmail.com \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=rth@twiddle.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).