[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 0/2] target/sh4: add missing tcg_temp_free()
From: |
Alex Bennée |
Subject: |
Re: [Qemu-devel] [PATCH 0/2] target/sh4: add missing tcg_temp_free() |
Date: |
Tue, 05 Dec 2017 20:35:04 +0000 |
User-agent: |
mu4e 1.0-alpha2; emacs 26.0.90 |
Philippe Mathieu-Daudé <address@hidden> writes:
> Hi,
>
> After reading Alex commenting on IRC "java --version failing on sh4" I
> remember
> this series staged for 2.12.
>
> This might help for:
>
> address@hidden:/etc/apt# java --version
> qemu-sh4: /home/alex/lsrc/qemu/qemu.git/tcg/tcg.h:703: temp_idx: Assertion
> `n >= 0 && n < tcg_ctx->nb_temps' failed.
> qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Sadly it's decode_gusa which trips for me:
#0 0x00007ffff6941428 in __GI_raise (address@hidden) at
../sysdeps/unix/sysv/linux/raise.c:54
#1 0x00007ffff694302a in __GI_abort () at abort.c:89
#2 0x00007ffff6939bd7 in __assert_fail_base (fmt=<optimised out>,
address@hidden "n >= 0 && n < tcg_ctx->nb_temps", address@hidden
"/home/alex/lsrc/qemu/qemu.git/tcg/tcg.h", address@hidden, address@hidden
<__PRETTY_FUNCTION__.23740> "temp_idx") at assert.c:92
#3 0x00007ffff6939c82 in __GI___assert_fail (assertion=0x555555678fc8 "n >=
0 && n < tcg_ctx->nb_temps", file=0x555555678fa0
"/home/alex/lsrc/qemu/qemu.git/tcg/tcg.h", line=703, function=0x55555567aa38
<__PRETTY_FUNCTION__.23740> "temp_idx") at assert.c:101
#4 0x0000555555585e03 in temp_idx (ts=0x555555902f20 <tcg_init_ctx>) at
/home/alex/lsrc/qemu/qemu.git/tcg/tcg.h:703
#5 0x0000555555585e5b in tcgv_i32_temp (v=0x0) at
/home/alex/lsrc/qemu/qemu.git/tcg/tcg.h:724
#6 0x000055555558bc2f in tcg_temp_free_i32 (arg=0x0) at
/home/alex/lsrc/qemu/qemu.git/tcg/tcg.c:1053
#7 0x00005555555ff077 in decode_gusa (ctx=0x7ffff7f67c00,
env=0x5555579adf60, pmax_insns=0x7ffff7f67bec) at
/home/alex/lsrc/qemu/qemu.git/target/sh4/translate.c:2193
#8 0x00005555555ff303 in gen_intermediate_code (cs=0x5555579a5cc0,
tb=0x55555593c6c0 <static_code_gen_buffer+78976>) at
/home/alex/lsrc/qemu/qemu.git/target/sh4/translate.c:2268
#9 0x00005555555bc656 in tb_gen_code (cpu=0x5555579a5cc0, pc=2134168040,
cs_base=2134168044, flags=528320, cflags=524288) at
/home/alex/lsrc/qemu/qemu.git/accel/tcg/translate-all.c:1292
#10 0x00005555555b9ff9 in tb_find (cpu=0x5555579a5cc0, last_tb=0x0,
tb_exit=0, cf_mask=524288) at
/home/alex/lsrc/qemu/qemu.git/accel/tcg/cpu-exec.c:402
#11 0x00005555555ba77d in cpu_exec (cpu=0x5555579a5cc0) at
/home/alex/lsrc/qemu/qemu.git/accel/tcg/cpu-exec.c:735
#12 0x00005555555c0ed2 in cpu_loop (env=0x5555579adf60) at
/home/alex/lsrc/qemu/qemu.git/linux-user/main.c:2684
#13 0x00005555555d001c in clone_func (arg=0x7fffffffc990) at
/home/alex/lsrc/qemu/qemu.git/linux-user/syscall.c:6264
#14 0x00007ffff6cdd6ba in start_thread (arg=0x7ffff7f68700) at
pthread_create.c:333
#15 0x00007ffff6a133dd in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:109
#7 0x00005555555ff077 in decode_gusa (ctx=0x7ffff7f67c00,
env=0x5555579adf60, pmax_insns=0x7ffff7f67bec) at
/home/alex/lsrc/qemu/qemu.git/target/sh4/translate.c:2193
2193 tcg_temp_free_i32(op_arg);
The line:
/* If op_src is not a valid register, then op_arg was a constant. */
if (op_src < 0) {
tcg_temp_free_i32(op_arg);
}
Looks pretty sketchy to me, why not check is op_arg is allocated
directly? Constants still need to be freed over a block. I think TCG
still keeps them around if it re-uses them.
>
> Regards,
>
> Philippe.
>
> Philippe Mathieu-Daudé (2):
> target/sh4: add missing tcg_temp_free() in gen_conditional_jump()
> target/sh4: add missing tcg_temp_free() in _decode_opc()
>
> target/sh4/translate.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
--
Alex Bennée