[Bug 1880287] [NEW] gcc crashes in hppa emulation

[Bug 1880287] [NEW] gcc crashes in hppa emulation

[Helge Deller]

Public bug reported:

There seems to be a translation bug in the qemu-hppa (qemu v5.0.0) emulation:
A stripped down testcase (taken from Linux kernel build) is attached.

In there is "a.sh", a shell script which calls gcc-9 (fails with both
debian gcc-9.3.0-11 or gcc-9.3.0-12). and "a.iii", the preprocessed
source.

When starting a.sh, in the emulation gcc crashes with segfault.
On real hardware gcc succeeds to compile the source.

In a hppa-user chroot running "apt update && apt install gcc-9" should
be sufficient to get the needed reproducer environment.

** Affects: qemu
     Importance: Undecided
         Status: New

** Attachment added: "reproducer testcase, including a script to call gcc and the preprocessed source"
   https://bugs.launchpad.net/bugs/1880287/+attachment/5375826/+files/gcc-9.3.0-12-segfault.tgz

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1880287

Title:
  gcc crashes in hppa emulation

Status in QEMU:
  New

Bug description:
  There seems to be a translation bug in the qemu-hppa (qemu v5.0.0) emulation:
  A stripped down testcase (taken from Linux kernel build) is attached.

  In there is "a.sh", a shell script which calls gcc-9 (fails with both
  debian gcc-9.3.0-11 or gcc-9.3.0-12). and "a.iii", the preprocessed
  source.

  When starting a.sh, in the emulation gcc crashes with segfault.
  On real hardware gcc succeeds to compile the source.

  In a hppa-user chroot running "apt update && apt install gcc-9" should
  be sufficient to get the needed reproducer environment.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1880287/+subscriptions

[Bug 1880287] Re: gcc crashes in hppa emulation

[Helge Deller]

Test still crashes the VM and chroot with up-to-date debian chroot,
including updated gcc-9.3.0-14.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1880287

Title:
  gcc crashes in hppa emulation

Status in QEMU:
  New

Bug description:
  There seems to be a translation bug in the qemu-hppa (qemu v5.0.0) emulation:
  A stripped down testcase (taken from Linux kernel build) is attached.

  In there is "a.sh", a shell script which calls gcc-9 (fails with both
  debian gcc-9.3.0-11 or gcc-9.3.0-12). and "a.iii", the preprocessed
  source.

  When starting a.sh, in the emulation gcc crashes with segfault.
  On real hardware gcc succeeds to compile the source.

  In a hppa-user chroot running "apt update && apt install gcc-9" should
  be sufficient to get the needed reproducer environment.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1880287/+subscriptions

[Bug 1880287] Re: gcc crashes in hppa emulation

[Philippe Mathieu-Daudé]

** Tags added: linux-user

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1880287

Title:
  gcc crashes in hppa emulation

Status in QEMU:
  New

Bug description:
  There seems to be a translation bug in the qemu-hppa (qemu v5.0.0) emulation:
  A stripped down testcase (taken from Linux kernel build) is attached.

  In there is "a.sh", a shell script which calls gcc-9 (fails with both
  debian gcc-9.3.0-11 or gcc-9.3.0-12). and "a.iii", the preprocessed
  source.

  When starting a.sh, in the emulation gcc crashes with segfault.
  On real hardware gcc succeeds to compile the source.

  In a hppa-user chroot running "apt update && apt install gcc-9" should
  be sufficient to get the needed reproducer environment.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1880287/+subscriptions

Re: [Bug 1880287] Re: gcc crashes in hppa emulation

[svens]

On Fri, Jul 17, 2020 at 09:26:50PM -0000, Helge Deller wrote:
> Test still crashes the VM and chroot with up-to-date debian chroot,
> including updated gcc-9.3.0-14.
> 
> -- 
> You received this bug notification because you are a member of qemu-
> devel-ml, which is subscribed to QEMU.
> https://bugs.launchpad.net/bugs/1880287
> 
> Title:
>   gcc crashes in hppa emulation
> 
> Status in QEMU:
>   New
> 
> Bug description:
>   There seems to be a translation bug in the qemu-hppa (qemu v5.0.0) emulation:
>   A stripped down testcase (taken from Linux kernel build) is attached.
> 
>   In there is "a.sh", a shell script which calls gcc-9 (fails with both
>   debian gcc-9.3.0-11 or gcc-9.3.0-12). and "a.iii", the preprocessed
>   source.
> 
>   When starting a.sh, in the emulation gcc crashes with segfault.
>   On real hardware gcc succeeds to compile the source.
> 
>   In a hppa-user chroot running "apt update && apt install gcc-9" should
>   be sufficient to get the needed reproducer environment.
> 
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/qemu/+bug/1880287/+subscriptions
> 

I reproduced this here and it looks like we're running out of TCG temps:

hread 3 "qemu-system-hpp" received signal SIGABRT, Aborted.
[Switching to Thread 0x7fcb5ffff700 (LWP 3208)]
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007fcb680a455b in __GI_abort () at abort.c:79
#2  0x00007fcb680a442f in __assert_fail_base
    (fmt=0x7fcb6820ab48 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55cc6120e68c "n < 512", file=0x55cc6120c569 "/home/svens/qemu/tcg/tcg.c", line=1156, function=<optimized out>) at assert.c:92
#3  0x00007fcb680b3092 in __GI___assert_fail
    (assertion=0x55cc6120e68c "n < 512", file=0x55cc6120c569 "/home/svens/qemu/tcg/tcg.c", line=1156, function=0x55cc6120f768 <__PRETTY_FUNCTION__.37440> "tcg_temp_alloc") at assert.c:101
#4  0x000055cc60cd57ae in tcg_temp_alloc (s=0x7fcad0000b60) at /home/svens/qemu/tcg/tcg.c:1156
#5  0x000055cc60cd5bd6 in tcg_temp_new_internal (type=TCG_TYPE_I32, temp_local=false) at /home/svens/qemu/tcg/tcg.c:1273
#6  0x000055cc60dda222 in tcg_temp_new_i32 () at /home/svens/qemu/include/tcg/tcg.h:899
#7  0x000055cc60de760c in do_sub (ctx=0x7fcb5fffe2e0, rt=2, in1=0x430, in2=0x9e0, is_tsv=false, is_b=false, is_tc=false, cf=0) at /home/svens/qemu/target/hppa/translate.c:1247
#8  0x000055cc60de7a04 in do_sub_reg (ctx=0x7fcb5fffe2e0, a=0x7fcb5fffe1d0, is_tsv=false, is_b=false, is_tc=false) at /home/svens/qemu/target/hppa/translate.c:1313
#9  0x000055cc60deaca9 in trans_sub (ctx=0x7fcb5fffe2e0, a=0x7fcb5fffe1d0) at /home/svens/qemu/target/hppa/translate.c:2647
#10 0x000055cc60de18aa in decode (ctx=0x7fcb5fffe2e0, insn=193070082) at target/hppa/decode.inc.c:1699
#11 0x000055cc60def6db in hppa_tr_translate_insn (dcbase=0x7fcb5fffe2e0, cs=0x55cc62065bf0) at /home/svens/qemu/target/hppa/translate.c:4255
#12 0x000055cc60d47d6f in translator_loop (ops=0x55cc614789c0 <hppa_tr_ops>, db=0x7fcb5fffe2e0, cpu=0x55cc62065bf0, tb=0x7fcb2f02e180 <code_gen_buffer+386064723>, max_insns=512)
    at /home/svens/qemu/accel/tcg/translator.c:102
#13 0x000055cc60defb9d in gen_intermediate_code (cs=0x55cc62065bf0, tb=0x7fcb2f02e180 <code_gen_buffer+386064723>, max_insns=512) at /home/svens/qemu/target/hppa/translate.c:4389
#14 0x000055cc60d45eeb in tb_gen_code (cpu=0x55cc62065bf0, pc=3161101733888, cs_base=3161095929860, flags=262915, cflags=-16777216) at /home/svens/qemu/accel/tcg/translate-all.c:1738
#15 0x000055cc60d42452 in tb_find (cpu=0x55cc62065bf0, last_tb=0x0, tb_exit=0, cf_mask=0) at /home/svens/qemu/accel/tcg/cpu-exec.c:407
#16 0x000055cc60d42d30 in cpu_exec (cpu=0x55cc62065bf0) at /home/svens/qemu/accel/tcg/cpu-exec.c:731
#17 0x000055cc60dbe7d1 in tcg_cpu_exec (cpu=0x55cc62065bf0) at /home/svens/qemu/softmmu/cpus.c:1356
#18 0x000055cc60dbeade in qemu_tcg_rr_cpu_thread_fn (arg=0x55cc62065bf0) at /home/svens/qemu/softmmu/cpus.c:1458
#19 0x000055cc611c98f0 in qemu_thread_start (args=0x55cc6207f6b0) at util/qemu-thread-posix.c:521
#20 0x00007fcb6824cf27 in start_thread (arg=<optimized out>) at pthread_create.c:479
#21 0x00007fcb6817c31f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
(gdb)

TCG_MAX_INSN is 512, and TCG_MAX_TEMPS also. Given the complexity of emulating the
parisc conditions and nullifications, i guess a 1:1 ratio is just not sufficient.
Increasing TCG_MAX_TEMPS to 1024 solves the issue. I haven't checked how big
the TB is, and how much temps it allocates then.

Regards
Sven

[Bug 1880287] Re: gcc crashes in hppa emulation

[Helge Deller]

Sven Schnelle (svens@stackframe.org) noticed that increasing
-#define TCG_MAX_TEMPS 512
+#define TCG_MAX_TEMPS 1024
in include/tcg/tcg.h prevents fixes that crash.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1880287

Title:
  gcc crashes in hppa emulation

Status in QEMU:
  New

Bug description:
  There seems to be a translation bug in the qemu-hppa (qemu v5.0.0) emulation:
  A stripped down testcase (taken from Linux kernel build) is attached.

  In there is "a.sh", a shell script which calls gcc-9 (fails with both
  debian gcc-9.3.0-11 or gcc-9.3.0-12). and "a.iii", the preprocessed
  source.

  When starting a.sh, in the emulation gcc crashes with segfault.
  On real hardware gcc succeeds to compile the source.

  In a hppa-user chroot running "apt update && apt install gcc-9" should
  be sufficient to get the needed reproducer environment.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1880287/+subscriptions

[Bug 1880287] Re: gcc crashes in hppa emulation

[Laurent Vivier]

** Tags added: tcg

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1880287

Title:
  gcc crashes in hppa emulation

Status in QEMU:
  New

Bug description:
  There seems to be a translation bug in the qemu-hppa (qemu v5.0.0) emulation:
  A stripped down testcase (taken from Linux kernel build) is attached.

  In there is "a.sh", a shell script which calls gcc-9 (fails with both
  debian gcc-9.3.0-11 or gcc-9.3.0-12). and "a.iii", the preprocessed
  source.

  When starting a.sh, in the emulation gcc crashes with segfault.
  On real hardware gcc succeeds to compile the source.

  In a hppa-user chroot running "apt update && apt install gcc-9" should
  be sufficient to get the needed reproducer environment.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1880287/+subscriptions

[Bug 1880287] Re: gcc crashes in hppa emulation

[Richard Henderson]

Thanks for the debugging.  Failure to free temporaries.

** Changed in: qemu
       Status: New => In Progress

** Changed in: qemu
     Assignee: (unassigned) => Richard Henderson (rth)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1880287

Title:
  gcc crashes in hppa emulation

Status in QEMU:
  In Progress

Bug description:
  There seems to be a translation bug in the qemu-hppa (qemu v5.0.0) emulation:
  A stripped down testcase (taken from Linux kernel build) is attached.

  In there is "a.sh", a shell script which calls gcc-9 (fails with both
  debian gcc-9.3.0-11 or gcc-9.3.0-12). and "a.iii", the preprocessed
  source.

  When starting a.sh, in the emulation gcc crashes with segfault.
  On real hardware gcc succeeds to compile the source.

  In a hppa-user chroot running "apt update && apt install gcc-9" should
  be sufficient to get the needed reproducer environment.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1880287/+subscriptions

[Bug 1880287] Re: gcc crashes in hppa emulation

[Richard Henderson]

** Changed in: qemu
       Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1880287

Title:
  gcc crashes in hppa emulation

Status in QEMU:
  Fix Committed

Bug description:
  There seems to be a translation bug in the qemu-hppa (qemu v5.0.0) emulation:
  A stripped down testcase (taken from Linux kernel build) is attached.

  In there is "a.sh", a shell script which calls gcc-9 (fails with both
  debian gcc-9.3.0-11 or gcc-9.3.0-12). and "a.iii", the preprocessed
  source.

  When starting a.sh, in the emulation gcc crashes with segfault.
  On real hardware gcc succeeds to compile the source.

  In a hppa-user chroot running "apt update && apt install gcc-9" should
  be sufficient to get the needed reproducer environment.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1880287/+subscriptions

[Bug 1880287] Re: gcc crashes in hppa emulation

[Laurent Vivier]

Fixed here:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=79826f99feb7

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1880287

Title:
  gcc crashes in hppa emulation

Status in QEMU:
  Fix Committed

Bug description:
  There seems to be a translation bug in the qemu-hppa (qemu v5.0.0) emulation:
  A stripped down testcase (taken from Linux kernel build) is attached.

  In there is "a.sh", a shell script which calls gcc-9 (fails with both
  debian gcc-9.3.0-11 or gcc-9.3.0-12). and "a.iii", the preprocessed
  source.

  When starting a.sh, in the emulation gcc crashes with segfault.
  On real hardware gcc succeeds to compile the source.

  In a hppa-user chroot running "apt update && apt install gcc-9" should
  be sufficient to get the needed reproducer environment.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1880287/+subscriptions

[Bug 1880287] Re: gcc crashes in hppa emulation

[Thomas Huth]

** Changed in: qemu
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1880287

Title:
  gcc crashes in hppa emulation

Status in QEMU:
  Fix Released

Bug description:
  There seems to be a translation bug in the qemu-hppa (qemu v5.0.0) emulation:
  A stripped down testcase (taken from Linux kernel build) is attached.

  In there is "a.sh", a shell script which calls gcc-9 (fails with both
  debian gcc-9.3.0-11 or gcc-9.3.0-12). and "a.iii", the preprocessed
  source.

  When starting a.sh, in the emulation gcc crashes with segfault.
  On real hardware gcc succeeds to compile the source.

  In a hppa-user chroot running "apt update && apt install gcc-9" should
  be sufficient to get the needed reproducer environment.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1880287/+subscriptions