TCG asserts on some of translation blocks with plugin memory callback

[Mikhail Tyutin]

Hello,

I have been testing TCG plugin patch on latest Qemu build but noticed that it
fails with assert on some of the applications.

   ERROR:../accel/tcg/cpu-exec.c:983:cpu_exec_loop:
       assertion failed: (cpu->plugin_mem_cbs == ((void *)0))

It happens when TCG plugin sets memory callback in some of translation blocks.
The callback can be empty, it just needs to be there. Debugging it further I
see inject_mem_enable_helper() and inject_mem_disable_helper() functions that
are intended to set and reset cpu->plugin_mem_cbs to appropriate value.

The problem is that inject_mem_disable_helper() part gets removed inside of
reachable_code_pass() function. As the result we see this assert (the pointer
is not set to NULL at the end of translation block as it expects). Here is OP
listing just before reachable_code_pass() call:

  ext32u_i64 rcx,tmp3
  add_i64 rip,rip,$0xa
  goto_tb $0x0
  exit_tb $0x7fff64013300
  mov_i64 tmp11,$0x0                    ; this is a part
  st_i64 $0x0,env,$0xfffffffffffff540   ; of inject_mem_disable_helper()
  set_label $L0
  exit_tb $0x7fff64013303


reachable_code_pass() removes everything after exit_tb until it reaches
set_label op as ‘dead’ code, which seems to be correct.

The question is how it is expected to work? Should inject_mem_disable_helper()
insert its zeroing OPs after “set_label $L0” or before “goto_tb $0x0” operation
to avoid dead code block?