From: "Alex Bennée" <alex.bennee@linaro.org>
To: "Philippe Mathieu-Daudé" <f4bug@amsat.org>
Cc: Aurelien Jarno <aurelien@aurel32.net>,
qemu-devel@nongnu.org, Richard Henderson <rth@twiddle.net>,
Vladimir Prus <vladimir.prus@gmail.com>,
"Edgar E . Iglesias" <edgar.iglesias@gmail.com>
Subject: Re: [Qemu-devel] [PATCH 0/2] target/sh4: add missing tcg_temp_free()
Date: Tue, 05 Dec 2017 20:35:04 +0000 [thread overview]
Message-ID: <87374osykn.fsf@linaro.org> (raw)
In-Reply-To: <20171205170013.22337-1-f4bug@amsat.org>
Philippe Mathieu-Daudé <f4bug@amsat.org> writes:
> Hi,
>
> After reading Alex commenting on IRC "java --version failing on sh4" I remember
> this series staged for 2.12.
>
> This might help for:
>
> root@6e10336e48ac:/etc/apt# java --version
> qemu-sh4: /home/alex/lsrc/qemu/qemu.git/tcg/tcg.h:703: temp_idx: Assertion `n >= 0 && n < tcg_ctx->nb_temps' failed.
> qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Sadly it's decode_gusa which trips for me:
#0 0x00007ffff6941428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1 0x00007ffff694302a in __GI_abort () at abort.c:89
#2 0x00007ffff6939bd7 in __assert_fail_base (fmt=<optimised out>, assertion=assertion@entry=0x555555678fc8 "n >= 0 && n < tcg_ctx->nb_temps", file=file@entry=0x555555678fa0 "/home/alex/lsrc/qemu/qemu.git/tcg/tcg.h", line=line@entry=703, function=function@entry=0x55555567aa38 <__PRETTY_FUNCTION__.23740> "temp_idx") at assert.c:92
#3 0x00007ffff6939c82 in __GI___assert_fail (assertion=0x555555678fc8 "n >= 0 && n < tcg_ctx->nb_temps", file=0x555555678fa0 "/home/alex/lsrc/qemu/qemu.git/tcg/tcg.h", line=703, function=0x55555567aa38 <__PRETTY_FUNCTION__.23740> "temp_idx") at assert.c:101
#4 0x0000555555585e03 in temp_idx (ts=0x555555902f20 <tcg_init_ctx>) at /home/alex/lsrc/qemu/qemu.git/tcg/tcg.h:703
#5 0x0000555555585e5b in tcgv_i32_temp (v=0x0) at /home/alex/lsrc/qemu/qemu.git/tcg/tcg.h:724
#6 0x000055555558bc2f in tcg_temp_free_i32 (arg=0x0) at /home/alex/lsrc/qemu/qemu.git/tcg/tcg.c:1053
#7 0x00005555555ff077 in decode_gusa (ctx=0x7ffff7f67c00, env=0x5555579adf60, pmax_insns=0x7ffff7f67bec) at /home/alex/lsrc/qemu/qemu.git/target/sh4/translate.c:2193
#8 0x00005555555ff303 in gen_intermediate_code (cs=0x5555579a5cc0, tb=0x55555593c6c0 <static_code_gen_buffer+78976>) at /home/alex/lsrc/qemu/qemu.git/target/sh4/translate.c:2268
#9 0x00005555555bc656 in tb_gen_code (cpu=0x5555579a5cc0, pc=2134168040, cs_base=2134168044, flags=528320, cflags=524288) at /home/alex/lsrc/qemu/qemu.git/accel/tcg/translate-all.c:1292
#10 0x00005555555b9ff9 in tb_find (cpu=0x5555579a5cc0, last_tb=0x0, tb_exit=0, cf_mask=524288) at /home/alex/lsrc/qemu/qemu.git/accel/tcg/cpu-exec.c:402
#11 0x00005555555ba77d in cpu_exec (cpu=0x5555579a5cc0) at /home/alex/lsrc/qemu/qemu.git/accel/tcg/cpu-exec.c:735
#12 0x00005555555c0ed2 in cpu_loop (env=0x5555579adf60) at /home/alex/lsrc/qemu/qemu.git/linux-user/main.c:2684
#13 0x00005555555d001c in clone_func (arg=0x7fffffffc990) at /home/alex/lsrc/qemu/qemu.git/linux-user/syscall.c:6264
#14 0x00007ffff6cdd6ba in start_thread (arg=0x7ffff7f68700) at pthread_create.c:333
#15 0x00007ffff6a133dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
#7 0x00005555555ff077 in decode_gusa (ctx=0x7ffff7f67c00, env=0x5555579adf60, pmax_insns=0x7ffff7f67bec) at /home/alex/lsrc/qemu/qemu.git/target/sh4/translate.c:2193
2193 tcg_temp_free_i32(op_arg);
The line:
/* If op_src is not a valid register, then op_arg was a constant. */
if (op_src < 0) {
tcg_temp_free_i32(op_arg);
}
Looks pretty sketchy to me, why not check is op_arg is allocated
directly? Constants still need to be freed over a block. I think TCG
still keeps them around if it re-uses them.
>
> Regards,
>
> Philippe.
>
> Philippe Mathieu-Daudé (2):
> target/sh4: add missing tcg_temp_free() in gen_conditional_jump()
> target/sh4: add missing tcg_temp_free() in _decode_opc()
>
> target/sh4/translate.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
--
Alex Bennée
prev parent reply other threads:[~2017-12-05 20:35 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-05 17:00 [Qemu-devel] [PATCH 0/2] target/sh4: add missing tcg_temp_free() Philippe Mathieu-Daudé
2017-12-05 17:00 ` [Qemu-devel] [PATCH 1/2] target/sh4: add missing tcg_temp_free() in gen_conditional_jump() Philippe Mathieu-Daudé
2017-12-06 21:59 ` Aurelien Jarno
2017-12-05 17:00 ` [Qemu-devel] [PATCH 2/2] target/sh4: add missing tcg_temp_free() in _decode_opc() Philippe Mathieu-Daudé
2017-12-06 21:59 ` Aurelien Jarno
2017-12-05 20:35 ` Alex Bennée [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87374osykn.fsf@linaro.org \
--to=alex.bennee@linaro.org \
--cc=aurelien@aurel32.net \
--cc=edgar.iglesias@gmail.com \
--cc=f4bug@amsat.org \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
--cc=vladimir.prus@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).