Re: [Qemu-devel] another TCG branch weirdness

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] another TCG branch weirdness

From:	Blue Swirl
Subject:	Re: [Qemu-devel] another TCG branch weirdness
Date:	Fri, 5 Aug 2011 20:32:22 +0000

On Fri, Aug 5, 2011 at 4:36 PM, Artyom Tarasenko <address@hidden> wrote:
> Host x86_64, guest sparc64. Found a case where a branch instruction
> (brz,pn   %o0) unexpectedly jumps to an unexpected address. I.e.
> branch shouldn't be taken at all, but even if it were it should have
> been to 0x13e26e4 and not to 0x5.
>
> Was about to write that the generated OP for brz,pn usually looks
> different, when realized that in fact it was even generated for this
> very address just before, but with another branch in the delay slot.
> The bug looks familiar, Blue, isn't it? :)

Sorry, does not ring a bell.

> IN:
> 0x00000000013e26c0:  brz,pn   %o0, 0x13e26e4
> 0x00000000013e26c4:  brlez,pn   %o1, 0x13e26e4
>
> OP:
>  ---- 0x13e26c0
>  ld_i64 tmp6,regwptr,$0x0
>  movi_i64 cond,$0x0
>  movi_i64 tmp8,$0x0
>  brcond_i64 tmp6,tmp8,ne,$0x0
>  movi_i64 cond,$0x1
>  set_label $0x0
>
> ^^^ Ok, that's how brz,pn  usually looks like
>
>  ---- 0x13e26c4
>  ld_i64 tmp7,regwptr,$0x8
>  movi_i64 tmp8,$0x0
>  brcond_i64 cond,tmp8,eq,$0x1
>  movi_i64 npc,$0x13e26e4
>  br $0x2
>  set_label $0x1
>  movi_i64 npc,$0x13e26c8
>  set_label $0x2
>  movi_i64 cond,$0x0
>  movi_i64 tmp8,$0x0
>  brcond_i64 tmp7,tmp8,gt,$0x3
>  movi_i64 cond,$0x1
>  set_label $0x3
>  movi_i64 tmp0,$0x0
>  brcond_i64 cond,tmp0,eq,$0x4
>  movi_i64 npc,$0x13e26e4
>  br $0x5
>  set_label $0x4
>  movi_i64 npc,$0x5
>  set_label $0x5
>  exit_tb $0x0
> --------------
> IN:
> 0x00000000013e26c0:  brz,pn   %o0, 0x13e26e4
>
> OP:
>  ---- 0x13e26c0
>  ld_i64 tmp6,regwptr,$0x0
>  movi_i64 cond,$0x0
>  movi_i64 tmp8,$0x0
>  brcond_i64 tmp6,tmp8,ne,$0x0
>  movi_i64 cond,$0x1
>  set_label $0x0
>  movi_i64 pc,$0x5
>
> ^^^ What's that?

Probably DYNAMIC_PC + 4. I guess we are hitting this ancient comment
in target-sparc/translate.c:1372:
/* XXX: potentially incorrect if dynamic npc */

>  movi_i64 tmp0,$0x0
>  brcond_i64 cond,tmp0,eq,$0x1
>  movi_i64 npc,$0x13e26e4
>  br $0x2
>  set_label $0x1
>  movi_i64 npc,$0x9
>  set_label $0x2
>  exit_tb $0x0
>
>
>  33062: Instruction Access MMU Miss (v=0064) pc=0000000000000005
> npc=0000000000000009 SP=000000000c3d2d81
> ...
> Current Register Window:
> %o0-3: 0000000002483d00 0000000000000018 0000000000000028 00000000000232bd
>            ^^^^^^ not zero
>
>
> --
> Regards,
> Artyom Tarasenko
>
> solaris/sparc under qemu blog: http://tyom.blogspot.com/
>

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] another TCG branch weirdness, Artyom Tarasenko, 2011/08/05
- Re: [Qemu-devel] another TCG branch weirdness, Blue Swirl <=
  - Re: [Qemu-devel] another TCG branch weirdness, Artyom Tarasenko, 2011/08/05
    - Re: [Qemu-devel] another TCG branch weirdness, Blue Swirl, 2011/08/06
    - Re: [Qemu-devel] another TCG branch weirdness, Artyom Tarasenko, 2011/08/06

Prev by Date: Re: [Qemu-devel] Safely reopening image files by stashing fds
Next by Date: Re: [Qemu-devel] [PATCH] monitor: HMP: fix consecutive integer expression parsing
Previous by thread: [Qemu-devel] another TCG branch weirdness
Next by thread: Re: [Qemu-devel] another TCG branch weirdness
Index(es):
- Date
- Thread