From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50985) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fhLwp-00018f-UW for qemu-devel@nongnu.org; Sun, 22 Jul 2018 17:31:24 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fhLwp-00017s-5a for qemu-devel@nongnu.org; Sun, 22 Jul 2018 17:31:23 -0400 Received: from mail-pl0-x244.google.com ([2607:f8b0:400e:c01::244]:42596) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fhLwo-00017U-Ou for qemu-devel@nongnu.org; Sun, 22 Jul 2018 17:31:23 -0400 Received: by mail-pl0-x244.google.com with SMTP id z7-v6so5577543plo.9 for ; Sun, 22 Jul 2018 14:31:22 -0700 (PDT) References: From: Richard Henderson Message-ID: Date: Sun, 22 Jul 2018 14:31:18 -0700 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] ARM64 STR Instruction Crash Regression in TCG List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Jason A. Donenfeld" , qemu-arm , QEMU Developers On 07/22/2018 01:47 PM, Jason A. Donenfeld wrote: > Hello, > > Gcc 7.3 compiles bash's array_flush's dual assignment using: > > STP X20, X20, [X20,#0x10] > > But gcc 8.1 compiles it as: > > STR Q0, [X20,#0x10] > > Real processors seem okay, and qemu 2.11 seems okay. But qemu 2.12 > results in a segfaulting process. I'm pretty sure this is a TCG bug. > > In the attached tarball, please find kernel and run.sh. Calling > ./run.sh will start the kernel with the bad bash executable that tries > to execute `config=({1..100000})` and crashes. Also included in there > is the actual crashing bash binary, in case you'd like to disassemble > a little bit. Interesting. The test passes on master with --enable-debug, but fails when qemu is compiled with optimization... I'll dig a bit deeper. r~