[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Actual TB code doesn't look like what was intended (TCG
From: |
Max Filippov |
Subject: |
Re: [Qemu-devel] Actual TB code doesn't look like what was intended (TCG issue)? |
Date: |
Fri, 24 Jun 2011 12:35:35 +0400 |
User-agent: |
KMail/1.13.6 (Linux/2.6.34.8-68.fc13.x86_64; KDE/4.5.5; x86_64; ; ) |
> > Hello guys.
> >
> > I'm running qemu on x86_64 host.
> > It's clean build from git sources dated 2011.05.19, commit
> > 1fddfba129f5435c80eda14e8bc23fdb888c7187
> > I have the following output from "log trace,op,out_asm":
> >
> > Trace 0x4000a310 [d0026c92]
> > OP:
> > ---- 0xd00000c0
> > movi_i32 tmp1,$0xfffffff4
> > add_i32 tmp0,ar9,tmp1
> > qemu_ld32 ar1,tmp0,$0x0
> >
> > ---- 0xd00000c3
> > movi_i32 tmp1,$0xfffffff0
> > add_i32 tmp0,ar9,tmp1
> > qemu_ld32 ar0,tmp0,$0x0
> >
> > [...snip...]
> [...]
> > 0x4000a360: xor %esi,%esi
> > 0x4000a362: callq 0x52edc2
> [...]
> > (gdb) x/25i 0x4000a330
> [...]
> > 0x4000a360: mov $0x1,%esi
> > 0x4000a365: callq 0x52edc2 <__ldl_mmu>
> > 0x4000a36a: mov %eax,%ebp
> > 0x4000a36c: sub $0x44,%al
> > => 0x4000a36e: lea -0x10(%rbx),%esp
> > 0x4000a371: mov %ebp,0xc(%r14)
> > 0x4000a375: mov %r12d,%esi
> > 0x4000a378: mov %r12d,%edi
> >
> > Please note how the current instruction in gdb differ from what was said in
> > OUT. This lea corrupts stack pointer and the next callq generates segfault.
> > Could please anyone familiar with TCG take a look at this, or suggest where
> > I should look myself?
>
> As Peter hinted, you're not looking at the code you think :-)
> Note how your original TCG code does loads:
>
> qemu_ld32 ar1,tmp0,$0x0
>
> That $0x0 will end up in %RSI. It's the mem index used to
> distinguish from user and privileged level accesses. In your
> examples of host code, in one case it is 0 and in the other
> it is 1, so you're definitely not really looking at the same
> block in the same running conditions.
Yes, I've noticed it (however, after I sent this mail).
But (1) quoted OUT is the last OUT for this host address range in the log and
(2) in gdb I set "b tlb_fill if retaddr == 0x4000a369" and made some steps.
You mean that I should look at previous OUTs for this address range?
Thanks.
-- Max
Re: [Qemu-devel] Actual TB code doesn't look like what was intended (TCG issue)?, Laurent Desnogues, 2011/06/24
- Re: [Qemu-devel] Actual TB code doesn't look like what was intended (TCG issue)?,
Max Filippov <=