From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1K5RCW-0001Vg-32 for qemu-devel@nongnu.org; Sun, 08 Jun 2008 16:09:16 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1K5RCU-0001VR-Af for qemu-devel@nongnu.org; Sun, 08 Jun 2008 16:09:15 -0400 Received: from [199.232.76.173] (port=39827 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1K5RCU-0001VO-5R for qemu-devel@nongnu.org; Sun, 08 Jun 2008 16:09:14 -0400 Received: from fe01x03-cgp.akado.ru ([77.232.31.164]:57556 helo=akado.ru) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1K5RCT-0006RA-RZ for qemu-devel@nongnu.org; Sun, 08 Jun 2008 16:09:14 -0400 Date: Mon, 9 Jun 2008 00:09:25 +0400 (MSD) From: malc Subject: Re: [Qemu-devel] [4691] PPC TCG Fixes In-Reply-To: <20080608083142.GB11233@networkno.de> Message-ID: References: <20080608083142.GB11233@networkno.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Thiemo Seufer Cc: qemu-devel@nongnu.org On Sun, 8 Jun 2008, Thiemo Seufer wrote: > malc wrote: >> Revision: 4691 >> http://svn.sv.gnu.org/viewvc/?view=rev&root=qemu&revision=4691 >> Author: malc >> Date: 2008-06-07 20:31:33 +0000 (Sat, 07 Jun 2008) >> >> Log Message: >> ----------- >> PPC TCG Fixes >> >> * Fix typo in aliased div2 >> * "Optimize" aliased div2/divu2 >> * Fix two remaining branch retranslation problems >> (Kudos to Andrzej Zaborowski) >> * Rework goto_tb and set_jmp_target1 >> * Use correct size when flushing icache >> * Use correct register selection for ORI >> (Was harmless since in both cases srcreg was equal to dstreg) > > FYI, the mips system emulation still crashes when executing the very > first TB, apparently due to stack corruption. (This commit didn't > change the behaviour.) It's not a stack corruption it's a relocation problem, dyngen relocates one of the calls inside (non tcged) op_mtc0_status as R_PPC_REL24 but the signed displacement does not fit in 26 bits after the code is placed into mmapped code_gen_buffer. Compiling op.o with -mlongcall makes the emulation proceed much further, but then it still crashes: ... Inode-cache hash table entries: 2048 (order: 1, 8192 bytes) Memory: 26964k/32768k available (2102k kernel code, 5804k reserved, 450k data, 132k init, 0k highmem) Break instruction in kernel code[#1]: ... Call Trace: [<802a1788>] kmem_cache_init+0x160/0x434 [<8028f7f0>] start_kernel+0x1b8/0x2c0 Code: 26100001 1611fff4 00000000 <0200000d> 8e42002c 8fa80018 00031880 0102001b 004001f4 Kernel panic - not syncing: Attempted to kill the idle task! Perhaps something like this ought to be added to dyngen.c: diff --git a/dyngen.c b/dyngen.c index c38d123..69f4105 100644 --- a/dyngen.c +++ b/dyngen.c @@ -1963,6 +1963,11 @@ void gen_code(const char *name, host_ulong offset, host_ulong size, break; case R_PPC_REL24: /* warning: must be at 32 MB distancy */ + fprintf(outfile, "{\n" + " long disp = (%s - (long)(gen_code_ptr + %d) + %d);\n" + " if ((disp << 6) >> 6 != disp) abort ();\n" + "}\n", + relname, reloc_offset, addend); fprintf(outfile, " *(uint32_t *)(gen_code_ptr + %d) = (*(uint32_t *)(gen_code_ptr + %d) & ~0x03fffffc) | ((%s - (long)(gen_code_ptr + %d) + %d) & 0x03fffffc);\n", reloc_offset, reloc_offset, relname, reloc_offset, addend); break; -- mailto:av1474@comtv.ru