[Qemu-devel] linux-user exception handling

[Qemu-devel] linux-user exception handling

[Vince Weaver]

Hello

so I'm tracking down a problem on sparc32plus-linux-user.
SPARC has register windows, and when it tried to save another register 
context, but all available ones are full, it causes a TT_SPILL exception. 
In theory the OS would handle this and move some of the registers to RAM 
somewhere.

In any case, this doesn't seem to be working properly.  I've traced 
through the code, and I find in cpu-exec.c where userspace exceptions are 
handled.

The code involved in listed below.

Am I correct in reading that user-mode exceptions are only implemented for 
x86?  If so that makes me sad, because it means that pretty much any SPARC 
program that has more than 8 nested function calls won't work until a lot 
more code is implemented.

Vince



                } else if (env->user_mode_only) {
                     /* if user mode only, we simulate a fake exception
                        which will be handled outside the cpu execution
                        loop */
#if defined(TARGET_I386)
                     do_interrupt_user(env->exception_index,
                                       env->exception_is_int,
                                       env->error_code,
                                       env->exception_next_eip);
                     /* successfully delivered */
                     env->old_exception = -1;
#endif
                     ret = env->exception_index;
                     break;

Re: [Qemu-devel] linux-user exception handling

[Blue Swirl]

On 8/25/08, Vince Weaver <vince@csl.cornell.edu> wrote:
> Hello
>
>  so I'm tracking down a problem on sparc32plus-linux-user.
>  SPARC has register windows, and when it tried to save another register
> context, but all available ones are full, it causes a TT_SPILL exception. In
> theory the OS would handle this and move some of the registers to RAM
> somewhere.
>
>  In any case, this doesn't seem to be working properly.  I've traced through
> the code, and I find in cpu-exec.c where userspace exceptions are handled.

No, register window handling and other exceptions are handled in
linux-user/main.c.

Re: [Qemu-devel] linux-user exception handling

[Vince Weaver]

[-- Attachment #1: Type: TEXT/PLAIN, Size: 1386 bytes --]

On Mon, 25 Aug 2008, Blue Swirl wrote:
>
> No, register window handling and other exceptions are handled in
> linux-user/main.c.

You are right.  It can be frustrating tracing through the code trying to 
find out what is being called when.

In any case, I think I've found a bug with register-window handling.
When using sparc32plus, the "wim" value isn't being updated on a 
save_window() call.  Thus when later a "ta 3" (flush register windows) 
call happens, the wrong windows get written out to memory.

I've attached some sample code that shows this problem.

The patch below fixes this for me, but it should be looked over carefully 
because the register window code in qemu is deep magic.

This fix allows the spec2k gcc.scilab and fma3d benchmarks to progress 
further.

Vince

--- linux-user/main.c.orig	2008-08-27 12:48:52.000000000 -0400
+++ linux-user/main.c	2008-08-27 12:49:41.000000000 -0400
@@ -793,14 +793,12 @@

  static void save_window(CPUSPARCState *env)
  {
-#ifndef TARGET_SPARC64
      unsigned int new_wim;
      new_wim = ((env->wim >> 1) | (env->wim << (env->nwindows - 1))) &
          ((1LL << env->nwindows) - 1);
      save_window_offset(env, cpu_cwp_dec(env, env->cwp - 2));
      env->wim = new_wim;
-#else
-    save_window_offset(env, cpu_cwp_dec(env, env->cwp - 2));
+#if defined(TARGET_SPARC64)
      env->cansave++;
      env->canrestore--;
  #endif

[-- Attachment #2: Type: TEXT/PLAIN, Size: 3581 bytes --]

!     + Syscalls have number in %g1, options in %o0,%o1,...
!	Result returned in %o0
!	Linux syscall is called by "ta 0x10"

.equ SYSCALL_EXIT,1	
.equ SYSCALL_WRITE,4

.equ STDOUT,1

	.globl _start
_start:
	nop
	
label:
	set	0x41410a00,%l0
	set	out_string,%o1
	st	%l0,[%o1]
	call	write_stdout		! AA
	nop
	
	save	%sp,-96,%sp

	set	0x42420a00,%l0
	set	out_string,%o1
	st	%l0,[%o1]
	call	write_stdout		! BB
	nop

	save	%sp,-96,%sp

	set	0x43430a00,%l0
	set	out_string,%o1
	st	%l0,[%o1]
	call	write_stdout		! CC
	nop
	
	save	%sp,-96,%sp

	set	0x44440a00,%l0
	set	out_string,%o1
	st	%l0,[%o1]
	call	write_stdout		! DD
	nop

	save	%sp,-96,%sp

	set	0x45450a00,%l0
	set	out_string,%o1
	st	%l0,[%o1]
	call	write_stdout		! EE
	nop
	
	save	%sp,-96,%sp

	set	0x46460a00,%l0
	set	out_string,%o1
	st	%l0,[%o1]
	call	write_stdout		! FF
	nop
	
	save	%sp,-96,%sp

	set	0x47470a00,%l0
	set	out_string,%o1
	st	%l0,[%o1]
	call	write_stdout		! GG
	nop
	
	save	%sp,-96,%sp

	set	0x48480a00,%l0
	set	out_string,%o1
	st	%l0,[%o1]
	call	write_stdout		! HH
	nop
	
	save	%sp,-96,%sp

	set	0x49490a00,%l0
	set	out_string,%o1
	st	%l0,[%o1]
	call	write_stdout		! II
	nop
	
	save	%sp,-96,%sp

	set	0x4a4a0a00,%l0
	set	out_string,%o1
	st	%l0,[%o1]
	call	write_stdout		! JJ
	nop

	save	%sp,-96,%sp

	set	0x4b4b0a00,%l0
	set	out_string,%o1
	st	%l0,[%o1]
	call	write_stdout		! KK
	nop

	save	%sp,-96,%sp

	set	0x4c4c0a00,%l0
	set	out_string,%o1
	st	%l0,[%o1]
	call	write_stdout		! LL
	nop

	save	%sp,-96,%sp

	set	0x4d4d0a00,%l0
	set	out_string,%o1
	st	%l0,[%o1]
	call	write_stdout		! MM
	nop	
	
!	flushw sparc9 only

	

	restore

	set	out_string,%o1	
	st	%l0,[%o1]
	call	write_stdout		! LL
	nop

	restore

	set	out_string,%o1	
	st	%l0,[%o1]
	call	write_stdout		! KK
	nop

	restore

	set	out_string,%o1	
	st	%l0,[%o1]
	call	write_stdout		! JJ
	nop

	restore

	set	out_string,%o1	
	st	%l0,[%o1]
	call	write_stdout		! II
	nop
	
	ta 3
	
	restore

	set	out_string,%o1		
	st	%l0,[%o1]
	call	write_stdout
	nop	
	
	restore
	
	set	out_string,%o1	
	st	%l0,[%o1]
	call	write_stdout
	nop	

	restore

	set	out_string,%o1		
	st	%l0,[%o1]	
	call	write_stdout
	nop	
	
	restore

	set	out_string,%o1		
	st	%l0,[%o1]
	call	write_stdout
	nop	
	
	restore

	set	out_string,%o1		
	st	%l0,[%o1]
	call	write_stdout
	nop	

	restore

	set	out_string,%o1		
	st	%l0,[%o1]
	call	write_stdout
	nop	

	restore

	set	out_string,%o1		
	st	%l0,[%o1]
	call	write_stdout
	nop	
	
	restore

	set	out_string,%o1		
	st	%l0,[%o1]
	call	write_stdout
	nop		

	nop
	nop
	nop
	
exit:		
        mov	0,%o0			! exit value
        mov	SYSCALL_EXIT,%g1        ! put the exit syscall number in g1
        ta      0x10			! and exit
	
	#================================
	# WRITE_STDOUT
	#================================
	# %o1 has string

write_stdout:

	set	SYSCALL_WRITE,%g1	! Write syscall in %g1
	set	STDOUT,%o0		! 1 in %o0 (stdout)
	set	0,%o2			! 0 (count) in %o2

str_loop1:
	ldub	[%o1+%o2],%l1		! load byte
	cmp	%l1,%g0			! compare against zero
	bnz	str_loop1		! if not nul, repeat
	# BRANCH DELAY SLOT
	inc	%o2			! increment count

	dec	%o2			! correct count	
	ta	0x10			! run the syscall

	retl
	nop




!===========================================================================
.data
!===========================================================================

data_region:		.int -1,-1
out_string:		.int 0

[-- Attachment #3: Type: APPLICATION/octet-stream, Size: 1563 bytes --]

Re: [Qemu-devel] linux-user exception handling

[Blue Swirl]

On 8/27/08, Vince Weaver <vince@csl.cornell.edu> wrote:
> On Mon, 25 Aug 2008, Blue Swirl wrote:
>
> >
> > No, register window handling and other exceptions are handled in
> > linux-user/main.c.
> >
>
>  You are right.  It can be frustrating tracing through the code trying to
> find out what is being called when.
>
>  In any case, I think I've found a bug with register-window handling.
>  When using sparc32plus, the "wim" value isn't being updated on a
> save_window() call.  Thus when later a "ta 3" (flush register windows) call
> happens, the wrong windows get written out to memory.
>
>  I've attached some sample code that shows this problem.
>
>  The patch below fixes this for me, but it should be looked over carefully
> because the register window code in qemu is deep magic.
>
>  This fix allows the spec2k gcc.scilab and fma3d benchmarks to progress
> further.

How is that possible, because V9 class CPUs do not have "wim"?

Re: [Qemu-devel] linux-user exception handling

[Vince Weaver]

On Wed, 27 Aug 2008, Blue Swirl wrote:
>
> How is that possible, because V9 class CPUs do not have "wim"?

I am running v8plus binaries, which are a horrible mix of v8 and v9 code.

But you are right, "wim" was deleted for v9.  The reason I did the code 
the way I did was because the restore_window() function was updating the 
register (even on sparc64).

So I guess the real fix is to implement proper save_window() and 
restore_window(), and also flush_window().  Then make sure that "ta 3" on 
v9 calls the proper flush_window() code.

As a temporary workaround though the patch I posted seems to work.

Vince

Re: [Qemu-devel] linux-user exception handling

[Blue Swirl]

[-- Attachment #1: Type: text/plain, Size: 835 bytes --]

On 8/27/08, Vince Weaver <vince@csl.cornell.edu> wrote:
> On Wed, 27 Aug 2008, Blue Swirl wrote:
>
> >
> > How is that possible, because V9 class CPUs do not have "wim"?
> >
>
>  I am running v8plus binaries, which are a horrible mix of v8 and v9 code.
>
>  But you are right, "wim" was deleted for v9.  The reason I did the code the
> way I did was because the restore_window() function was updating the
> register (even on sparc64).
>
>  So I guess the real fix is to implement proper save_window() and
> restore_window(), and also flush_window().  Then make sure that "ta 3" on v9
> calls the proper flush_window() code.
>
>  As a temporary workaround though the patch I posted seems to work.

With this patch I get the sequence AA to MM and then back to AA.
Strangely Sparc32 prints AA to MM and then back to BB, never reaches
AA.

[-- Attachment #2: fix_s32p_wim.diff --]
[-- Type: plain/text, Size: 1772 bytes --]

Re: [Qemu-devel] linux-user exception handling

[Vince Weaver]

On Wed, 27 Aug 2008, Blue Swirl wrote:
>
> With this patch I get the sequence AA to MM and then back to AA.
> Strangely Sparc32 prints AA to MM and then back to BB, never reaches
> AA.

Your patch is much better than mine, with it all of the gcc spec2k inputs 
work.  So I'm all for committing it.

One semi-related thing, according to the documentation V9 increments CWP 
on save and decrements it on restore, while V8 does the opposite.  I'm not 
sure if it is worth making the Qemu save/restore code behave that way too.

Vince

Re: [Qemu-devel] linux-user exception handling

[Blue Swirl]

On 8/27/08, Vince Weaver <vince@csl.cornell.edu> wrote:
> On Wed, 27 Aug 2008, Blue Swirl wrote:
>
> >
> > With this patch I get the sequence AA to MM and then back to AA.
> > Strangely Sparc32 prints AA to MM and then back to BB, never reaches
> > AA.
> >
>
>  Your patch is much better than mine, with it all of the gcc spec2k inputs
> work.  So I'm all for committing it.

Okay, I committed it.

The address where the windows are saved may be incorrect, perhaps the
stack bias of -2047 should be added?

>  One semi-related thing, according to the documentation V9 increments CWP on
> save and decrements it on restore, while V8 does the opposite.  I'm not sure
> if it is worth making the Qemu save/restore code behave that way too.

Maybe, I can't remember why I did it like that. It could have had
something to with register layout.