[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] 64-on-32 TCG broken [was Re: x86_64-softmmu broken on Windo
From: |
Paolo Bonzini |
Subject: |
[Qemu-devel] 64-on-32 TCG broken [was Re: x86_64-softmmu broken on Windows (TCG?)] |
Date: |
Tue, 30 Oct 2012 09:15:55 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121016 Thunderbird/16.0.1 |
Il 29/10/2012 19:29, Aurelien Jarno ha scritto:
> On Mon, Oct 29, 2012 at 06:53:14PM +0100, Paolo Bonzini wrote:
>> > Known-good commit: 8473f377393219390ea6f2d8d450a2b054bb823e
>> > Known-bad commit: d262cb02861dd33375c08fc798930653b14769e9
>> >
>> > i386-softmmu seems to work. I may try to bisect it tomorrow, but I'd be
>> > glad if somebody else beats me. It can be reproduced with Wine and
>> > "x86_64-softmmu/qemu-system-x86_64.exe -L ../pc-bios"; it hangs at iPXE.
> Oops, sorry about that. Is it win32 or win64? I'll try to fix it asap,
> but right now I don't have a good network connection enough to either
> setup a mingw build environment or to connect to a remote machine with
> such an environment.
It's win32, and the first bad commit is 9c43b68 (tcg: rework liveness
analysis, 2012-10-09). But it looks like 64-on-32 emulation is more
generally broken. I now tried x86_64-linux-user compiled for 32-bit,
and it segfaults on startup. Even the previous commit cannot run
qemu-x86_64 /bin/ls correctly:
$ git whatis HEAD
ec7a869 (tcg: sync output arguments on liveness request, 2012-10-09)
$ x86_64-linux-user/qemu-x86_64 /bin/ls
inux-user
$ git whatis HEAD
9c43b68 (tcg: rework liveness analysis, 2012-10-09)
$ x86_64-linux-user/qemu-x86_64 /bin/ls
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Errore di segmentazione
Regarding the win32 failure, it's early enough that the TCG logs give
an idea of what is happening. This *might* be a reduced testcase,
but the general breakage makes it impossible to check:
asm("\n\
h:\n\
.byte 2\n\
f:\n\
push %rax\n\
push %rdx\n\
movb h, %al\n\
cmp $0x12, %al\n\
pop %rdx\n\
pop %rax\n\
ret\n\
g:\n\
xor %eax, %eax\n\
call f\n\
setne %al\n\
ret\n\
");
extern int g();
int main()
{
printf("%d\n", g());
}
Anyhow, here are the logs (good on the left, differences on the
right). A write to cc_dst is incorrectly deleted as dead:
IN: (
0x00000000000c83e9: push %ax (
0x00000000000c83ea: push %dx (
0x00000000000c83eb: mov $0x9206,%ax (
0x00000000000c83ee: mov $0x3c4,%dx (
0x00000000000c83f1: out %ax,(%dx) (
0x00000000000c83f2: inc %dx (
0x00000000000c83f3: in (%dx),%al (
0x00000000000c83f4: cmp $0x12,%al (
0x00000000000c83f6: pop %dx (
0x00000000000c83f7: pop %ax (
0x00000000000c83f8: ret (
(
OP: (
---- 0xc83e9 (
mov_i32 tmp0,rax_0 (
mov_i32 tmp1,rax_1 (
mov_i32 tmp4,rsp_0 (
mov_i32 tmp5,rsp_1 (
movi_i32 tmp20,$0xfffffffe (
movi_i32 tmp21,$0xffffffff (
add2_i32 tmp4,tmp5,tmp4,tmp5,tmp20,tmp21 (
nop (
movi_i32 tmp5,$0x0 (
ext16u_i32 tmp4,tmp4 (
movi_i32 tmp5,$0x0 (
mov_i32 tmp2,tmp4 (
mov_i32 tmp3,tmp5 (
ld_i32 tmp8,env,$0xe8 (
ld_i32 tmp9,env,$0xec (
add2_i32 tmp4,tmp5,tmp4,tmp5,tmp8,tmp9 (
nop (
movi_i32 tmp5,$0x0 (
qemu_st16 tmp0,tmp4,tmp5,$0x0 (
deposit_i32 rsp_0,rsp_0,tmp2,$0x0,$0x10 (
(
---- 0xc83ea (
mov_i32 tmp0,rdx_0 (
mov_i32 tmp1,rdx_1 (
mov_i32 tmp4,rsp_0 (
mov_i32 tmp5,rsp_1 (
movi_i32 tmp20,$0xfffffffe (
movi_i32 tmp21,$0xffffffff (
add2_i32 tmp4,tmp5,tmp4,tmp5,tmp20,tmp21 (
nop (
movi_i32 tmp5,$0x0 (
ext16u_i32 tmp4,tmp4 (
movi_i32 tmp5,$0x0 (
mov_i32 tmp2,tmp4 (
mov_i32 tmp3,tmp5 (
ld_i32 tmp8,env,$0xe8 (
ld_i32 tmp9,env,$0xec (
add2_i32 tmp4,tmp5,tmp4,tmp5,tmp8,tmp9 (
nop (
movi_i32 tmp5,$0x0 (
qemu_st16 tmp0,tmp4,tmp5,$0x0 (
deposit_i32 rsp_0,rsp_0,tmp2,$0x0,$0x10 (
(
---- 0xc83eb (
movi_i32 tmp0,$0x9206 (
movi_i32 tmp1,$0x0 (
deposit_i32 rax_0,rax_0,tmp0,$0x0,$0x10 (
(
---- 0xc83ee (
movi_i32 tmp0,$0x3c4 (
movi_i32 tmp1,$0x0 (
deposit_i32 rdx_0,rdx_0,tmp0,$0x0,$0x10 (
(
---- 0xc83f1 (
mov_i32 tmp0,rdx_0 (
mov_i32 tmp1,rdx_1 (
ext16u_i32 tmp0,tmp0 (
movi_i32 tmp1,$0x0 (
mov_i32 tmp2,rax_0 (
mov_i32 tmp3,rax_1 (
mov_i32 tmp12,tmp0 (
mov_i32 tmp13,tmp2 (
movi_i32 tmp22,$outw (
call tmp22,$0x0,$0,tmp12,tmp13 (
(
---- 0xc83f2 (
mov_i32 tmp0,rdx_0 (
mov_i32 tmp1,rdx_1 (
movi_i32 tmp20,$0x1 (
movi_i32 tmp21,$0x0 (
add2_i32 tmp0,tmp1,tmp0,tmp1,tmp20,tmp21 (
nop (
deposit_i32 rdx_0,rdx_0,tmp0,$0x0,$0x10 (
movi_i32 tmp22,$cc_compute_c (
call tmp22,$0x10,$1,tmp12,env,cc_op (
mov_i32 cc_src_0,tmp12 (
movi_i32 cc_src_1,$0x0 (
mov_i32 cc_dst_0,tmp0 (
mov_i32 cc_dst_1,tmp1 (
(
---- 0xc83f3 (
mov_i32 tmp0,rdx_0 (
mov_i32 tmp1,rdx_1 (
ext16u_i32 tmp0,tmp0 (
movi_i32 tmp1,$0x0 (
mov_i32 tmp12,tmp0 (
movi_i32 tmp22,$inb (
call tmp22,$0x0,$2,tmp2,tmp3,tmp12 (
deposit_i32 rax_0,rax_0,tmp2,$0x0,$0x8 (
(
---- 0xc83f4 (
movi_i32 tmp2,$0x12 (
movi_i32 tmp3,$0x0 (
mov_i32 tmp0,rax_0 (
mov_i32 tmp1,rax_1 (
mov_i32 cc_src_0,tmp2 (
mov_i32 cc_src_1,tmp3 (
sub2_i32 cc_dst_0,cc_dst_1,tmp0,tmp1,tmp2 (
nop (
(
---- 0xc83f6 (
mov_i32 tmp4,rsp_0 (
mov_i32 tmp5,rsp_1 (
ext16u_i32 tmp4,tmp4 (
movi_i32 tmp5,$0x0 (
ld_i32 tmp8,env,$0xe8 (
ld_i32 tmp9,env,$0xec (
add2_i32 tmp4,tmp5,tmp4,tmp5,tmp8,tmp9 (
nop (
movi_i32 tmp5,$0x0 (
qemu_ld16u tmp0,tmp4,tmp5,$0x0 (
movi_i32 tmp1,$0x0 (
movi_i32 tmp20,$0x2 (
movi_i32 tmp21,$0x0 (
add2_i32 tmp8,tmp9,rsp_0,rsp_1,tmp20,tmp2 (
nop (
deposit_i32 rsp_0,rsp_0,tmp8,$0x0,$0x10 (
deposit_i32 rdx_0,rdx_0,tmp0,$0x0,$0x10 (
(
---- 0xc83f7 (
mov_i32 tmp4,rsp_0 (
mov_i32 tmp5,rsp_1 (
ext16u_i32 tmp4,tmp4 (
movi_i32 tmp5,$0x0 (
ld_i32 tmp8,env,$0xe8 (
ld_i32 tmp9,env,$0xec (
add2_i32 tmp4,tmp5,tmp4,tmp5,tmp8,tmp9 (
nop (
movi_i32 tmp5,$0x0 (
qemu_ld16u tmp0,tmp4,tmp5,$0x0 (
movi_i32 tmp1,$0x0 (
movi_i32 tmp20,$0x2 (
movi_i32 tmp21,$0x0 (
add2_i32 tmp8,tmp9,rsp_0,rsp_1,tmp20,tmp2 (
nop (
deposit_i32 rsp_0,rsp_0,tmp8,$0x0,$0x10 (
deposit_i32 rax_0,rax_0,tmp0,$0x0,$0x10 (
(
---- 0xc83f8 (
mov_i32 tmp4,rsp_0 (
mov_i32 tmp5,rsp_1 (
ext16u_i32 tmp4,tmp4 (
movi_i32 tmp5,$0x0 (
ld_i32 tmp8,env,$0xe8 (
ld_i32 tmp9,env,$0xec (
add2_i32 tmp4,tmp5,tmp4,tmp5,tmp8,tmp9 (
nop (
movi_i32 tmp5,$0x0 (
qemu_ld16u tmp0,tmp4,tmp5,$0x0 (
movi_i32 tmp1,$0x0 (
movi_i32 tmp20,$0x2 (
movi_i32 tmp21,$0x0 (
add2_i32 tmp8,tmp9,rsp_0,rsp_1,tmp20,tmp2 (
nop (
deposit_i32 rsp_0,rsp_0,tmp8,$0x0,$0x10 (
ext16u_i32 tmp0,tmp0 (
movi_i32 tmp1,$0x0 (
st_i32 tmp0,env,$0x80 (
st_i32 tmp1,env,$0x84 (
movi_i32 cc_op,$0xe (
exit_tb $0x0 (
(
OP after optimization and liveness analysi (
---- 0xc83e9 (
nopn $0x2,$0x2 (
nopn $0x2,$0x2 (
nopn $0x2,$0x2 (
nopn $0x2,$0x2 (
movi_i32 tmp20,$0xfffffffe (
nopn $0x2,$0x2 (
add_i32 tmp4,rsp_0,tmp20 (
nopn $0x3,$0x3c,$0x3 (
nopn $0x2,$0x2 (
ext16u_i32 tmp4,tmp4 (
nopn $0x2,$0x2 (
mov_i32 tmp2,tmp4 (
nopn $0x2,$0x2 (
ld_i32 tmp8,env,$0xe8 (
nopn $0x3,$0x0,$0x3 (
add_i32 tmp4,tmp4,tmp8 (
nopn $0x3,$0x30,$0x3 (
movi_i32 tmp5,$0x0 (
qemu_st16 rax_0,tmp4,tmp5,$0x0 (
deposit_i32 rsp_0,rsp_0,tmp2,$0x0,$0x10 (
(
---- 0xc83ea (
nopn $0x2,$0x2 (
nopn $0x2,$0x2 (
nopn $0x2,$0x2 (
nopn $0x2,$0x2 (
movi_i32 tmp20,$0xfffffffe (
nopn $0x2,$0x2 (
add_i32 tmp4,rsp_0,tmp20 (
nopn $0x3,$0x3c,$0x3 (
nopn $0x2,$0x2 (
ext16u_i32 tmp4,tmp4 (
nopn $0x2,$0x2 (
mov_i32 tmp2,tmp4 (
nopn $0x2,$0x2 (
ld_i32 tmp8,env,$0xe8 (
nopn $0x3,$0x0,$0x3 (
add_i32 tmp4,tmp4,tmp8 (
nopn $0x3,$0x30,$0x3 (
movi_i32 tmp5,$0x0 (
qemu_st16 rdx_0,tmp4,tmp5,$0x0 (
deposit_i32 rsp_0,rsp_0,tmp2,$0x0,$0x10 (
(
---- 0xc83eb (
movi_i32 tmp0,$0x9206 (
nopn $0x2,$0x2 (
deposit_i32 rax_0,rax_0,tmp0,$0x0,$0x10 (
(
---- 0xc83ee (
movi_i32 tmp0,$0x3c4 (
nopn $0x2,$0x2 (
deposit_i32 rdx_0,rdx_0,tmp0,$0x0,$0x10 (
(
---- 0xc83f1 (
nopn $0x2,$0x2 (
nopn $0x2,$0x2 (
ext16u_i32 tmp0,rdx_0 (
nopn $0x2,$0x2 (
nopn $0x2,$0x2 (
nopn $0x2,$0x2 (
mov_i32 tmp12,tmp0 (
nopn $0x2,$0x2 (
movi_i32 tmp22,$outw (
call tmp22,$0x0,$0,tmp12,rax_0 (
(
---- 0xc83f2 (
nopn $0x2,$0x2 (
nopn $0x2,$0x2 (
movi_i32 tmp20,$0x1 (
movi_i32 tmp21,$0x0 (
add2_i32 tmp0,tmp1,rdx_0,rdx_1,tmp20,tmp2 (
nop (
deposit_i32 rdx_0,rdx_0,tmp0,$0x0,$0x10 (
movi_i32 tmp22,$cc_compute_c (
call tmp22,$0x10,$1,tmp12,env,cc_op (
mov_i32 cc_src_0,tmp12 (
movi_i32 cc_src_1,$0x0 (
mov_i32 cc_dst_0,tmp0 (
mov_i32 cc_dst_1,tmp1 (
(
---- 0xc83f3 (
nopn $0x2,$0x2 (
nopn $0x2,$0x2 (
ext16u_i32 tmp0,rdx_0 (
nopn $0x2,$0x2 (
mov_i32 tmp12,tmp0 (
movi_i32 tmp22,$inb (
call tmp22,$0x0,$2,tmp2,tmp3,tmp12 (
deposit_i32 rax_0,rax_0,tmp2,$0x0,$0x8 (
(
---- 0xc83f4 (
movi_i32 tmp2,$0x12 | nopn $0x2,$0x2
movi_i32 tmp3,$0x0 | nopn $0x2,$0x2
nopn $0x2,$0x2 (
nopn $0x2,$0x2 (
movi_i32 cc_src_0,$0x12 (
movi_i32 cc_src_1,$0x0 (
sub2_i32 cc_dst_0,cc_dst_1,rax_0,rax_1,tm | nopn
$0x6,$0x5,$0x8,$0x9,$0x2a,$0x6
nop (
(
---- 0xc83f6 (
nopn $0x2,$0x2 (
nopn $0x2,$0x2 (
ext16u_i32 tmp4,rsp_0 (
nopn $0x2,$0x2 (
ld_i32 tmp8,env,$0xe8 (
nopn $0x3,$0x0,$0x3 (
add_i32 tmp4,tmp4,tmp8 (
nopn $0x3,$0x30,$0x3 (
movi_i32 tmp5,$0x0 (
qemu_ld16u tmp0,tmp4,tmp5,$0x0 (
nopn $0x2,$0x2 (
movi_i32 tmp20,$0x2 (
nopn $0x2,$0x2 (
add_i32 tmp8,rsp_0,tmp20 (
nopn $0x3,$0x3c,$0x3 (
deposit_i32 rsp_0,rsp_0,tmp8,$0x0,$0x10 (
deposit_i32 rdx_0,rdx_0,tmp0,$0x0,$0x10 (
(
---- 0xc83f7 (
nopn $0x2,$0x2 (
nopn $0x2,$0x2 (
ext16u_i32 tmp4,rsp_0 (
nopn $0x2,$0x2 (
ld_i32 tmp8,env,$0xe8 (
nopn $0x3,$0x0,$0x3 (
add_i32 tmp4,tmp4,tmp8 (
nopn $0x3,$0x30,$0x3 (
movi_i32 tmp5,$0x0 (
qemu_ld16u tmp0,tmp4,tmp5,$0x0 (
nopn $0x2,$0x2 (
movi_i32 tmp20,$0x2 (
nopn $0x2,$0x2 (
add_i32 tmp8,rsp_0,tmp20 (
nopn $0x3,$0x3c,$0x3 (
deposit_i32 rsp_0,rsp_0,tmp8,$0x0,$0x10 (
deposit_i32 rax_0,rax_0,tmp0,$0x0,$0x10 (
(
---- 0xc83f8 (
nopn $0x2,$0x2 (
nopn $0x2,$0x2 (
ext16u_i32 tmp4,rsp_0 (
nopn $0x2,$0x2 (
ld_i32 tmp8,env,$0xe8 (
nopn $0x3,$0x0,$0x3 (
add_i32 tmp4,tmp4,tmp8 (
nopn $0x3,$0x30,$0x3 (
movi_i32 tmp5,$0x0 (
qemu_ld16u tmp0,tmp4,tmp5,$0x0 (
nopn $0x2,$0x2 (
movi_i32 tmp20,$0x2 (
nopn $0x2,$0x2 (
add_i32 tmp8,rsp_0,tmp20 (
nopn $0x3,$0x3c,$0x3 (
deposit_i32 rsp_0,rsp_0,tmp8,$0x0,$0x10 (
ext16u_i32 tmp0,tmp0 (
movi_i32 tmp1,$0x0 (
st_i32 tmp0,env,$0x80 (
st_i32 tmp1,env,$0x84 (
movi_i32 cc_op,$0xe (
exit_tb $0x0 (
end (
(
and then the next basic block jumps in the weeds:
IN: (
0x00000000000c83a0: jne 0xc83d3 (
IN: (
0x00000000000c83a2: push %ds | 0x00000000000c83d3: ret
0x00000000000c83a3: xor %ax,%ax <
0x00000000000c83a5: mov %ax,%ds <
0x00000000000c83a7: mov $0x83f9,%ax <
0x00000000000c83aa: mov %ax,0x40 <
0x00000000000c83ad: mov $0xc000,%ax <
0x00000000000c83b0: mov %ax,0x42 <
0x00000000000c83b3: pop %ds <
etc.
- [Qemu-devel] x86_64-softmmu broken on Windows (TCG?), Paolo Bonzini, 2012/10/29
- Re: [Qemu-devel] x86_64-softmmu broken on Windows (TCG?), Aurelien Jarno, 2012/10/29
- [Qemu-devel] 64-on-32 TCG broken [was Re: x86_64-softmmu broken on Windows (TCG?)],
Paolo Bonzini <=
- Re: [Qemu-devel] 64-on-32 TCG broken, Stefan Weil, 2012/10/30
- Re: [Qemu-devel] 64-on-32 TCG broken, Aurelien Jarno, 2012/10/30
- Re: [Qemu-devel] 64-on-32 TCG broken, Aurelien Jarno, 2012/10/30
- Re: [Qemu-devel] 64-on-32 TCG broken, Aurelien Jarno, 2012/10/31
- Re: [Qemu-devel] 64-on-32 TCG broken, Paolo Bonzini, 2012/10/31
- Re: [Qemu-devel] 64-on-32 TCG broken, Peter Maydell, 2012/10/31
- Re: [Qemu-devel] 64-on-32 TCG broken, Paolo Bonzini, 2012/10/31
- Re: [Qemu-devel] 64-on-32 TCG broken, Aurelien Jarno, 2012/10/31
- Re: [Qemu-devel] 64-on-32 TCG broken, Stefan Weil, 2012/10/31
- Re: [Qemu-devel] 64-on-32 TCG broken, Aurelien Jarno, 2012/10/31