[Qemu-devel] Bad icount read when running qemu-system-ppc64 and mfspr atbu guest instruction

[Darrell Leinwand]

Hi,

When I enable icount using an e5500 core I get an exit with “Bad icount read” 
when the guest software executes a load atbu command.

It looks like in qemu/accel/tcg/cpu_exec.c:166 sets can_do_io false when using 
icount.
    cpu->can_do_io = !use_icount;
    ret = tcg_qemu_tb_exec(env, tb_ptr);
    cpu->can_do_io = 1;

Since can_do_io is set to false there and the cpu_get_icount_raw() function 
checks that flag qemu/cpus.c:260:
        if (!cpu->can_do_io) {
            fprintf(stderr, "Bad icount read\n");
            exit(1);
        }

The load_atbu function will always fail. I commented out the !use_icount and 
set it to a 1 in cpu_exec.c and it continues and seems to run normally, but I 
am not sure what side effects while running icount that could have since it may 
allow actual IO to occur while translation is happening.

I included the stack trace below:

#0  cpu_get_icount_raw () at qemu/cpus.c:261
#1  0x00005555557fdc4f in cpu_get_icount_locked () at qemu/cpus.c:277
#2  0x00005555557fdc8c in cpu_get_icount () at qemu/cpus.c:288
#3  0x0000555555d47a1b in qemu_clock_get_ns (type=QEMU_CLOCK_VIRTUAL) at 
qemu/util/qemu-timer.c:608
#4  0x00005555558a7b61 in cpu_ppc_load_atbu (env=0x555556ccfff0) at 
qemu/hw/ppc/ppc.c:574
#5  0x00005555559eec2a in helper_load_atbu (env=0x555556ccfff0) at 
qemu/target/ppc/timebase_helper.c:45
#6  0x00007fffea0bb92b in code_gen_buffer ()
#7  0x000055555583c1e5 in cpu_tb_exec (cpu=0x555556cc7d40, itb=0x7fffea0bb840 
<code_gen_buffer+14338070>) at qemu/accel/tcg/cpu-exec.c:167
#8  0x000055555583cfc4 in cpu_loop_exec_tb (cpu=0x555556cc7d40, 
tb=0x7fffea0bb840 <code_gen_buffer+14338070>, last_tb=0x7fffe34d8978, 
tb_exit=0x7fffe34d8970) at qemu/accel/tcg/cpu-exec.c:627
#9  0x000055555583d2d3 in cpu_exec (cpu=0x555556cc7d40) at 
qemu/accel/tcg/cpu-exec.c:736
#10 0x00005555557ff6c2 in tcg_cpu_exec (cpu=0x555556cc7d40) at qemu/cpus.c:1270
#11 0x00005555557ff8f1 in qemu_tcg_rr_cpu_thread_fn (arg=0x555556cc7d40) at 
qemu/cpus.c:1366
#12 0x00007ffff4fab6ba in start_thread (arg=0x7fffe34d9700) at 
pthread_create.c:333
#13 0x00007ffff4ce141d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thanks,
Darrell


________________________________

CONFIDENTIALITY NOTICE: The information contained in this e-mail and any 
accompanying documents may contain information that is confidential, 
proprietary to Performance Software, or otherwise protected from disclosure. If 
you are not the intended recipient of this message, or if this message has been 
addressed to you in error, please immediately alert the sender by reply e-mail 
and then delete this message, including any attachments. Any dissemination, 
distribution or other use of the contents of this message by anyone other than 
the intended recipient is strictly prohibited.