* Question about TCG liveness_pass_1
@ 2023-03-17 2:57 LIU Zhiwei
2023-03-17 14:02 ` Richard Henderson
0 siblings, 1 reply; 3+ messages in thread
From: LIU Zhiwei @ 2023-03-17 2:57 UTC (permalink / raw)
To: Richard Henderson, qemu-devel@nongnu.org Developers
Hi Richard,
When I read the tcg code, I find a corner case which may be a bug in
liveness_pass_1.
I see all TEMP_TBs or global temps are set to TS_DEAD | TS_MEM when
enter liveness_pass_1. Think about the sequence.
1)Write_global_temp_0 // 0->TS_DEAD, but not recorded in arg_life
2)INDEX_op_qemu_st //trigger an exception here.
3)Ref_global_temp_0 // TS_DEAD->0
4)Write_global_temp_0 // TS_DEAD | TS_MEM -> TS_DEAD
As 1) will not write to memory, its register will be reused by the 3).
I think it may miss a write to global_temp_0 when enter an exception.
Best Regards,
Zhiwei
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Question about TCG liveness_pass_1
2023-03-17 2:57 Question about TCG liveness_pass_1 LIU Zhiwei
@ 2023-03-17 14:02 ` Richard Henderson
2023-03-18 10:10 ` LIU Zhiwei
0 siblings, 1 reply; 3+ messages in thread
From: Richard Henderson @ 2023-03-17 14:02 UTC (permalink / raw)
To: LIU Zhiwei, qemu-devel@nongnu.org Developers
On 3/16/23 19:57, LIU Zhiwei wrote:
> Hi Richard,
>
> When I read the tcg code, I find a corner case which may be a bug in liveness_pass_1.
>
> I see all TEMP_TBs or global temps are set to TS_DEAD | TS_MEM when enter liveness_pass_1.
> Think about the sequence.
>
>
> 1)Write_global_temp_0 // 0->TS_DEAD, but not recorded in arg_life
Here TS_MEM->TS_DEAD, so *is* recorded in arg_life.
> 2)INDEX_op_qemu_st //trigger an exception here.
Here TCG_OPF_SIDE_EFFECTS is set, so call la_global_sync, so 0->TS_MEM.
>
> 3)Ref_global_temp_0 // TS_DEAD->0
>
> 4)Write_global_temp_0 // TS_DEAD | TS_MEM -> TS_DEAD
>
> As 1) will not write to memory, its register will be reused by the 3). I think it may miss
> a write to global_temp_0 when enter an exception.
Was there a specific test case that you find is miscompiled?
r~
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Question about TCG liveness_pass_1
2023-03-17 14:02 ` Richard Henderson
@ 2023-03-18 10:10 ` LIU Zhiwei
0 siblings, 0 replies; 3+ messages in thread
From: LIU Zhiwei @ 2023-03-18 10:10 UTC (permalink / raw)
To: Richard Henderson, qemu-devel@nongnu.org Developers
On 2023/3/17 22:02, Richard Henderson wrote:
> On 3/16/23 19:57, LIU Zhiwei wrote:
>> Hi Richard,
>>
>> When I read the tcg code, I find a corner case which may be a bug in
>> liveness_pass_1.
>>
>> I see all TEMP_TBs or global temps are set to TS_DEAD | TS_MEM when
>> enter liveness_pass_1. Think about the sequence.
>>
>>
>> 1)Write_global_temp_0 // 0->TS_DEAD, but not recorded in arg_life
>
> Here TS_MEM->TS_DEAD, so *is* recorded in arg_life.
>
>> 2)INDEX_op_qemu_st //trigger an exception here.
>
> Here TCG_OPF_SIDE_EFFECTS is set, so call la_global_sync, so 0->TS_MEM.
Oops! I missed this. Thanks.
>
>>
>> 3)Ref_global_temp_0 // TS_DEAD->0
>>
>> 4)Write_global_temp_0 // TS_DEAD | TS_MEM -> TS_DEAD
>>
>> As 1) will not write to memory, its register will be reused by the
>> 3). I think it may miss a write to global_temp_0 when enter an
>> exception.
>
> Was there a specific test case that you find is miscompiled?
No.
Best Regards,
Zhiwei
>
>
> r~
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-03-18 10:11 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-03-17 2:57 Question about TCG liveness_pass_1 LIU Zhiwei
2023-03-17 14:02 ` Richard Henderson
2023-03-18 10:10 ` LIU Zhiwei
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).