[PATCH] accel/tcg/cpu-exec: fix precise single-stepping after interrupt

[PATCH] accel/tcg/cpu-exec: fix precise single-stepping after interrupt

[Luc Michel]

In some cases, cpu->exit_request can be false after handling the
interrupt, leading to another TB being executed instead of returning
to the main loop.

Fix this by returning true unconditionally when in single-step mode.

Fixes: ba3c35d9c4026361fd380b269dc6def9510b7166

Signed-off-by: Luc Michel <lmichel@kalray.eu>
---
Coming back on this issue I worked on with Richard in 2020. The issue is
that when debugging the guest with GDB, the first instruction of the IRQ
handler is missed by GDB (it's still executed though).

It happened to me again in TCG RR mode (but not in MTTCG). It seems that
cpu->exit_request can be false in RR mode when returning from
cc->tcg_ops->cpu_exec_interrupt, leading to cpu_handle_interrupt
returning false and the next TB being executed, instead of the EXCP_DEBUG
being handled.
---
 accel/tcg/cpu-exec.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 8b4cd6c59d..74d7f83f34 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -796,13 +796,17 @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
                 /*
                  * After processing the interrupt, ensure an EXCP_DEBUG is
                  * raised when single-stepping so that GDB doesn't miss the
                  * next instruction.
                  */
-                cpu->exception_index =
-                    (cpu->singlestep_enabled ? EXCP_DEBUG : -1);
-                *last_tb = NULL;
+                if (unlikely(cpu->singlestep_enabled)) {
+                    cpu->exception_index = EXCP_DEBUG;
+                    return true;
+                } else {
+                    cpu->exception_index = -1;
+                    *last_tb = NULL;
+                }
             }
             /* The target hook may have updated the 'cpu->interrupt_request';
              * reload the 'interrupt_request' value */
             interrupt_request = cpu->interrupt_request;
         }
-- 
2.17.1

Re: [PATCH] accel/tcg/cpu-exec: fix precise single-stepping after interrupt

[Luc Michel]

On 14:26 Mon 14 Feb     , Luc Michel wrote:
> In some cases, cpu->exit_request can be false after handling the
> interrupt, leading to another TB being executed instead of returning
> to the main loop.
> 
> Fix this by returning true unconditionally when in single-step mode.
> 
> Fixes: ba3c35d9c4026361fd380b269dc6def9510b7166
> 
> Signed-off-by: Luc Michel <lmichel@kalray.eu>

Hi Richard, did you have time to have a look at this patch?
Thanks,
 
Luc

> ---
> Coming back on this issue I worked on with Richard in 2020. The issue is
> that when debugging the guest with GDB, the first instruction of the IRQ
> handler is missed by GDB (it's still executed though).
> 
> It happened to me again in TCG RR mode (but not in MTTCG). It seems that
> cpu->exit_request can be false in RR mode when returning from
> cc->tcg_ops->cpu_exec_interrupt, leading to cpu_handle_interrupt
> returning false and the next TB being executed, instead of the EXCP_DEBUG
> being handled.
> ---
>  accel/tcg/cpu-exec.c | 10 +++++++---
>  1 file changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
> index 8b4cd6c59d..74d7f83f34 100644
> --- a/accel/tcg/cpu-exec.c
> +++ b/accel/tcg/cpu-exec.c
> @@ -796,13 +796,17 @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
>                  /*
>                   * After processing the interrupt, ensure an EXCP_DEBUG is
>                   * raised when single-stepping so that GDB doesn't miss the
>                   * next instruction.
>                   */
> -                cpu->exception_index =
> -                    (cpu->singlestep_enabled ? EXCP_DEBUG : -1);
> -                *last_tb = NULL;
> +                if (unlikely(cpu->singlestep_enabled)) {
> +                    cpu->exception_index = EXCP_DEBUG;
> +                    return true;
> +                } else {
> +                    cpu->exception_index = -1;
> +                    *last_tb = NULL;
> +                }
>              }
>              /* The target hook may have updated the 'cpu->interrupt_request';
>               * reload the 'interrupt_request' value */
>              interrupt_request = cpu->interrupt_request;
>          }
> -- 
> 2.17.1
> 

-- 

Re: [PATCH] accel/tcg/cpu-exec: fix precise single-stepping after interrupt

[Richard Henderson]

On 2/14/22 03:26, Luc Michel wrote:
> In some cases, cpu->exit_request can be false after handling the
> interrupt, leading to another TB being executed instead of returning
> to the main loop.
> 
> Fix this by returning true unconditionally when in single-step mode.
> 
> Fixes: ba3c35d9c4026361fd380b269dc6def9510b7166
> 
> Signed-off-by: Luc Michel <lmichel@kalray.eu>
> ---
> Coming back on this issue I worked on with Richard in 2020. The issue is
> that when debugging the guest with GDB, the first instruction of the IRQ
> handler is missed by GDB (it's still executed though).
> 
> It happened to me again in TCG RR mode (but not in MTTCG). It seems that
> cpu->exit_request can be false in RR mode when returning from
> cc->tcg_ops->cpu_exec_interrupt, leading to cpu_handle_interrupt
> returning false and the next TB being executed, instead of the EXCP_DEBUG
> being handled.
> ---
>   accel/tcg/cpu-exec.c | 10 +++++++---
>   1 file changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
> index 8b4cd6c59d..74d7f83f34 100644
> --- a/accel/tcg/cpu-exec.c
> +++ b/accel/tcg/cpu-exec.c
> @@ -796,13 +796,17 @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
>                   /*
>                    * After processing the interrupt, ensure an EXCP_DEBUG is
>                    * raised when single-stepping so that GDB doesn't miss the
>                    * next instruction.
>                    */
> -                cpu->exception_index =
> -                    (cpu->singlestep_enabled ? EXCP_DEBUG : -1);
> -                *last_tb = NULL;
> +                if (unlikely(cpu->singlestep_enabled)) {
> +                    cpu->exception_index = EXCP_DEBUG;
> +                    return true;

By returning here, you also need to qemu_mutex_unlock_iothread().

> +                } else {

You can remove the else after the return.
Otherwise this looks good; sorry for the delay.


r~

Re: [PATCH] accel/tcg/cpu-exec: fix precise single-stepping after interrupt

[Richard Henderson]

On 2/24/22 14:23, Richard Henderson wrote:
> On 2/14/22 03:26, Luc Michel wrote:
>> In some cases, cpu->exit_request can be false after handling the
>> interrupt, leading to another TB being executed instead of returning
>> to the main loop.
>>
>> Fix this by returning true unconditionally when in single-step mode.
>>
>> Fixes: ba3c35d9c4026361fd380b269dc6def9510b7166
>>
>> Signed-off-by: Luc Michel <lmichel@kalray.eu>
>> ---
>> Coming back on this issue I worked on with Richard in 2020. The issue is
>> that when debugging the guest with GDB, the first instruction of the IRQ
>> handler is missed by GDB (it's still executed though).
>>
>> It happened to me again in TCG RR mode (but not in MTTCG). It seems that
>> cpu->exit_request can be false in RR mode when returning from
>> cc->tcg_ops->cpu_exec_interrupt, leading to cpu_handle_interrupt
>> returning false and the next TB being executed, instead of the EXCP_DEBUG
>> being handled.
>> ---
>>   accel/tcg/cpu-exec.c | 10 +++++++---
>>   1 file changed, 7 insertions(+), 3 deletions(-)
>>
>> diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
>> index 8b4cd6c59d..74d7f83f34 100644
>> --- a/accel/tcg/cpu-exec.c
>> +++ b/accel/tcg/cpu-exec.c
>> @@ -796,13 +796,17 @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
>>                   /*
>>                    * After processing the interrupt, ensure an EXCP_DEBUG is
>>                    * raised when single-stepping so that GDB doesn't miss the
>>                    * next instruction.
>>                    */
>> -                cpu->exception_index =
>> -                    (cpu->singlestep_enabled ? EXCP_DEBUG : -1);
>> -                *last_tb = NULL;
>> +                if (unlikely(cpu->singlestep_enabled)) {
>> +                    cpu->exception_index = EXCP_DEBUG;
>> +                    return true;
> 
> By returning here, you also need to qemu_mutex_unlock_iothread().
> 
>> +                } else {
> 
> You can remove the else after the return.
> Otherwise this looks good; sorry for the delay.

I'll just fix this up when applying, it's minor enough.

r~

[PATCH 0/7] semihosting: proper QEMU exit on semihosted exit syscall

[Luc Michel]

Hi,

This series implements a clean way for semihosted exit syscalls to
terminate QEMU with a given return code.

Until now, exit syscalls implementations consisted in calling exit()
with the wanted return code. The problem with this approach is that
other CPUs are not properly stopped, leading to possible crashes in
MTTCG mode, especially when at_exit callbacks have been registered. This
can be the case e.g., when plugins are in use. Plugins can register
at_exit callbacks. Those will be called on the CPU thread the exit
syscall is comming from, while other CPUs can continue to run and thus
call other plugin callbacks.

The semihosting_exit_request function provides a mean to cleanly
terminate QEMU. It introduces an new exit reason
(SHUTDOWN_CAUSE_GUEST_SEMI_EXIT) used in this case. The CPU is stopped
and returns to the main CPU loop so that no more instruction get
executed (the semihosting_exit_request is declared G_NORETURN).

All targets are converted to use this new function.

Thanks,
Luc

Luc Michel (7):
  softmmu: add qemu_[set|get]_exit_status functions
  semihosting: add the semihosting_exit_request function
  semihosting/arm-compat-semi: use semihosting_exit_request
  target/m68k: use semihosting_exit_request on semihosted exit syscall
  target/mips: use semihosting_exit_request on semihosted exit syscall
  target/nios2: use semihosting_exit_request on semihosted exit syscall
  target/xtensa: use semihosting_exit_request on semihosted exit syscall

 qapi/run-state.json                |  4 +++-
 include/semihosting/semihost.h     |  4 ++++
 include/sysemu/sysemu.h            |  2 ++
 semihosting/arm-compat-semi.c      |  3 +--
 semihosting/config.c               | 17 +++++++++++++++++
 softmmu/main.c                     |  2 +-
 softmmu/runstate.c                 | 11 +++++++++++
 target/m68k/m68k-semi.c            |  4 ++--
 target/mips/tcg/sysemu/mips-semi.c |  2 +-
 target/nios2/nios2-semi.c          |  4 ++--
 target/xtensa/xtensa-semi.c        |  2 +-
 11 files changed, 45 insertions(+), 10 deletions(-)

-- 
2.17.1

[PATCH] accel/tcg/cpu-exec: fix precise single-stepping after interrupt

[Luc Michel]

In some cases, cpu->exit_request can be false after handling the
interrupt, leading to another TB being executed instead of returning
to the main loop.

Fix this by returning true unconditionally when in single-step mode.

Fixes: ba3c35d9c4026361fd380b269dc6def9510b7166

Signed-off-by: Luc Michel <lmichel@kalray.eu>
---
Coming back on this issue I worked on with Richard in 2020. The issue is
that when debugging the guest with GDB, the first instruction of the IRQ
handler is missed by GDB (it's still executed though).

It happened to me again in TCG RR mode (but not in MTTCG). It seems that
cpu->exit_request can be false in RR mode when returning from
cc->tcg_ops->cpu_exec_interrupt, leading to cpu_handle_interrupt
returning false and the next TB being executed, instead of the EXCP_DEBUG
being handled.
---
 accel/tcg/cpu-exec.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 8b4cd6c59d..74d7f83f34 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -796,13 +796,17 @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
                 /*
                  * After processing the interrupt, ensure an EXCP_DEBUG is
                  * raised when single-stepping so that GDB doesn't miss the
                  * next instruction.
                  */
-                cpu->exception_index =
-                    (cpu->singlestep_enabled ? EXCP_DEBUG : -1);
-                *last_tb = NULL;
+                if (unlikely(cpu->singlestep_enabled)) {
+                    cpu->exception_index = EXCP_DEBUG;
+                    return true;
+                } else {
+                    cpu->exception_index = -1;
+                    *last_tb = NULL;
+                }
             }
             /* The target hook may have updated the 'cpu->interrupt_request';
              * reload the 'interrupt_request' value */
             interrupt_request = cpu->interrupt_request;
         }
-- 
2.17.1

Re: [PATCH] accel/tcg/cpu-exec: fix precise single-stepping after interrupt

[Luc Michel]

On 16:24 Mon 20 Jun     , Luc Michel wrote:
> In some cases, cpu->exit_request can be false after handling the
> interrupt, leading to another TB being executed instead of returning
> to the main loop.
> 
> Fix this by returning true unconditionally when in single-step mode.
> 
> Fixes: ba3c35d9c4026361fd380b269dc6def9510b7166
> 

Please ignore this old patch