[Qemu-devel] env fields as TCG variables

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [Qemu-devel] env fields as TCG variables
@ 2008-09-16 18:37 Blue Swirl
  2008-09-16 19:11 ` Edgar E. Iglesias
  0 siblings, 1 reply; 5+ messages in thread
From: Blue Swirl @ 2008-09-16 18:37 UTC (permalink / raw)
  To: qemu-devel

I wonder if the following bug scenario is possible.

Some of the env fields are accessible as TCG variables, like cpu_fsr
for Sparc floating point status register (%fsr), stored in the env
structure field env->fsr. When cpu_fsr is used in the generated code,
a host CPU register is allocated for this task. But env->fsr can be
modified directly in op_helper.c code. Isn't it then possible that the
register (which stores cpu_fsr) and the structure field in memory
(env->fsr) get out of sync?

If this is true, no code outside the generated code should ever modify
or even read env fields that are also available as TCG variables. Or
do I miss something?

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Qemu-devel] env fields as TCG variables
  2008-09-16 18:37 [Qemu-devel] env fields as TCG variables Blue Swirl
@ 2008-09-16 19:11 ` Edgar E. Iglesias
  2008-09-16 19:31   ` Blue Swirl
  0 siblings, 1 reply; 5+ messages in thread
From: Edgar E. Iglesias @ 2008-09-16 19:11 UTC (permalink / raw)
  To: Blue Swirl; +Cc: qemu-devel

On Tue, Sep 16, 2008 at 09:37:41PM +0300, Blue Swirl wrote:
> I wonder if the following bug scenario is possible.
> 
> Some of the env fields are accessible as TCG variables, like cpu_fsr
> for Sparc floating point status register (%fsr), stored in the env
> structure field env->fsr. When cpu_fsr is used in the generated code,
> a host CPU register is allocated for this task. But env->fsr can be
> modified directly in op_helper.c code. Isn't it then possible that the
> register (which stores cpu_fsr) and the structure field in memory
> (env->fsr) get out of sync?
> 
> If this is true, no code outside the generated code should ever modify
> or even read env fields that are also available as TCG variables. Or
> do I miss something?

Hello,

IIRC:
TCG writebacks before calling helpers. There used to be a bug with
qemu_ld/qemu_st like the one you described but it was fixed a long
time ago. I ran into that one with CRIS and avoided it for a while
by calling a dummy helper before load/stores.

Best regards

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Qemu-devel] env fields as TCG variables
  2008-09-16 19:11 ` Edgar E. Iglesias
@ 2008-09-16 19:31   ` Blue Swirl
  2008-09-16 19:41     ` Edgar E. Iglesias
  0 siblings, 1 reply; 5+ messages in thread
From: Blue Swirl @ 2008-09-16 19:31 UTC (permalink / raw)
  To: Edgar E. Iglesias; +Cc: qemu-devel

On 9/16/08, Edgar E. Iglesias <edgar.iglesias@axis.com> wrote:
> On Tue, Sep 16, 2008 at 09:37:41PM +0300, Blue Swirl wrote:
>  > I wonder if the following bug scenario is possible.
>  >
>  > Some of the env fields are accessible as TCG variables, like cpu_fsr
>  > for Sparc floating point status register (%fsr), stored in the env
>  > structure field env->fsr. When cpu_fsr is used in the generated code,
>  > a host CPU register is allocated for this task. But env->fsr can be
>  > modified directly in op_helper.c code. Isn't it then possible that the
>  > register (which stores cpu_fsr) and the structure field in memory
>  > (env->fsr) get out of sync?
>  >
>  > If this is true, no code outside the generated code should ever modify
>  > or even read env fields that are also available as TCG variables. Or
>  > do I miss something?
>
>
> Hello,
>
>  IIRC:
>  TCG writebacks before calling helpers. There used to be a bug with
>  qemu_ld/qemu_st like the one you described but it was fixed a long
>  time ago. I ran into that one with CRIS and avoided it for a while
>  by calling a dummy helper before load/stores.

OK, this solves the main part of the problem. But what about code
outside helpers, for example interrupt handling?

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Qemu-devel] env fields as TCG variables
  2008-09-16 19:31   ` Blue Swirl
@ 2008-09-16 19:41     ` Edgar E. Iglesias
  2008-09-16 20:07       ` Edgar E. Iglesias
  0 siblings, 1 reply; 5+ messages in thread
From: Edgar E. Iglesias @ 2008-09-16 19:41 UTC (permalink / raw)
  To: Blue Swirl; +Cc: Edgar E. Iglesias, qemu-devel

On Tue, Sep 16, 2008 at 10:31:01PM +0300, Blue Swirl wrote:
> On 9/16/08, Edgar E. Iglesias <edgar.iglesias@axis.com> wrote:
> > On Tue, Sep 16, 2008 at 09:37:41PM +0300, Blue Swirl wrote:
> >  > I wonder if the following bug scenario is possible.
> >  >
> >  > Some of the env fields are accessible as TCG variables, like cpu_fsr
> >  > for Sparc floating point status register (%fsr), stored in the env
> >  > structure field env->fsr. When cpu_fsr is used in the generated code,
> >  > a host CPU register is allocated for this task. But env->fsr can be
> >  > modified directly in op_helper.c code. Isn't it then possible that the
> >  > register (which stores cpu_fsr) and the structure field in memory
> >  > (env->fsr) get out of sync?
> >  >
> >  > If this is true, no code outside the generated code should ever modify
> >  > or even read env fields that are also available as TCG variables. Or
> >  > do I miss something?
> >
> >
> > Hello,
> >
> >  IIRC:
> >  TCG writebacks before calling helpers. There used to be a bug with
> >  qemu_ld/qemu_st like the one you described but it was fixed a long
> >  time ago. I ran into that one with CRIS and avoided it for a while
> >  by calling a dummy helper before load/stores.
> 
> OK, this solves the main part of the problem. But what about code
> outside helpers, for example interrupt handling?

Hi Again, Im not sure but if I understand correctly:
Interrupts are only taken between TB's and TCG writebacks globals at the end of TBs.
MMU faults work by writebacking globals before loads/stores.

Best regards

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Qemu-devel] env fields as TCG variables
  2008-09-16 19:41     ` Edgar E. Iglesias
@ 2008-09-16 20:07       ` Edgar E. Iglesias
  0 siblings, 0 replies; 5+ messages in thread
From: Edgar E. Iglesias @ 2008-09-16 20:07 UTC (permalink / raw)
  To: qemu-devel; +Cc: Blue Swirl, Edgar E. Iglesias

On Tue, Sep 16, 2008 at 09:41:56PM +0200, Edgar E. Iglesias wrote:
> On Tue, Sep 16, 2008 at 10:31:01PM +0300, Blue Swirl wrote:
> > On 9/16/08, Edgar E. Iglesias <edgar.iglesias@axis.com> wrote:
> > > On Tue, Sep 16, 2008 at 09:37:41PM +0300, Blue Swirl wrote:
> > >  > I wonder if the following bug scenario is possible.
> > >  >
> > >  > Some of the env fields are accessible as TCG variables, like cpu_fsr
> > >  > for Sparc floating point status register (%fsr), stored in the env
> > >  > structure field env->fsr. When cpu_fsr is used in the generated code,
> > >  > a host CPU register is allocated for this task. But env->fsr can be
> > >  > modified directly in op_helper.c code. Isn't it then possible that the
> > >  > register (which stores cpu_fsr) and the structure field in memory
> > >  > (env->fsr) get out of sync?
> > >  >
> > >  > If this is true, no code outside the generated code should ever modify
> > >  > or even read env fields that are also available as TCG variables. Or
> > >  > do I miss something?
> > >
> > >
> > > Hello,
> > >
> > >  IIRC:
> > >  TCG writebacks before calling helpers. There used to be a bug with
> > >  qemu_ld/qemu_st like the one you described but it was fixed a long
> > >  time ago. I ran into that one with CRIS and avoided it for a while
> > >  by calling a dummy helper before load/stores.
> > 
> > OK, this solves the main part of the problem. But what about code
> > outside helpers, for example interrupt handling?
> 
> Hi Again, Im not sure but if I understand correctly:
> Interrupts are only taken between TB's and TCG writebacks globals at the end of TBs.
> MMU faults work by writebacking globals before loads/stores.

Sorry that was only for D faults. I faults are only taken between TB's AFAICT, so those are OK.
Unless you do like CRIS and fetch across page boundaries within the same TB, but that's my bug :)

Best regards

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2008-09-16 20:07 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-09-16 18:37 [Qemu-devel] env fields as TCG variables Blue Swirl
2008-09-16 19:11 ` Edgar E. Iglesias
2008-09-16 19:31   ` Blue Swirl
2008-09-16 19:41     ` Edgar E. Iglesias
2008-09-16 20:07       ` Edgar E. Iglesias

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).