* [Qemu-devel] "tcg: Clean up direct block chaining safety checks" breaks target-xtensa mmu test
@ 2016-05-15 18:58 Max Filippov
2016-05-15 19:38 ` Sergey Fedorov
0 siblings, 1 reply; 6+ messages in thread
From: Max Filippov @ 2016-05-15 18:58 UTC (permalink / raw)
To: Sergey Fedorov; +Cc: Richard Henderson, Alex Bennée, qemu-devel
Hi Sergey,
I've noticed that the commit 5b053a4a28278 (tcg: Clean up direct block
chaining safety checks) has broken tearget-xtensa test cross_page_tb
from the tests/tcg/xtensa/test_mmu.S. The test runs a TB that spans two
adjacent pages, then unmaps the second page and runs it again. It
expects an instruction fetch exception on the second run, but with the
said commit doesn't get it. Reverting that commit fixes the test.
Any suggestions?
--
Thanks.
-- Max
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Qemu-devel] "tcg: Clean up direct block chaining safety checks" breaks target-xtensa mmu test
2016-05-15 18:58 [Qemu-devel] "tcg: Clean up direct block chaining safety checks" breaks target-xtensa mmu test Max Filippov
@ 2016-05-15 19:38 ` Sergey Fedorov
2016-05-15 19:53 ` Max Filippov
0 siblings, 1 reply; 6+ messages in thread
From: Sergey Fedorov @ 2016-05-15 19:38 UTC (permalink / raw)
To: Max Filippov; +Cc: Richard Henderson, Alex Bennée, qemu-devel
On 15/05/16 21:58, Max Filippov wrote:
> Hi Sergey,
>
> I've noticed that the commit 5b053a4a28278 (tcg: Clean up direct block
> chaining safety checks) has broken tearget-xtensa test cross_page_tb
> from the tests/tcg/xtensa/test_mmu.S. The test runs a TB that spans two
> adjacent pages, then unmaps the second page and runs it again. It
> expects an instruction fetch exception on the second run, but with the
> said commit doesn't get it. Reverting that commit fixes the test.
> Any suggestions?
>
Hi Max,
That's too strange. How do I run the test?
Kind regards,
Sergey
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Qemu-devel] "tcg: Clean up direct block chaining safety checks" breaks target-xtensa mmu test
2016-05-15 19:38 ` Sergey Fedorov
@ 2016-05-15 19:53 ` Max Filippov
2016-05-15 19:56 ` Sergey Fedorov
0 siblings, 1 reply; 6+ messages in thread
From: Max Filippov @ 2016-05-15 19:53 UTC (permalink / raw)
To: Sergey Fedorov; +Cc: Richard Henderson, Alex Bennée, qemu-devel
On Sun, May 15, 2016 at 10:38:46PM +0300, Sergey Fedorov wrote:
> On 15/05/16 21:58, Max Filippov wrote:
> > I've noticed that the commit 5b053a4a28278 (tcg: Clean up direct block
> > chaining safety checks) has broken tearget-xtensa test cross_page_tb
> > from the tests/tcg/xtensa/test_mmu.S. The test runs a TB that spans two
> > adjacent pages, then unmaps the second page and runs it again. It
> > expects an instruction fetch exception on the second run, but with the
> > said commit doesn't get it. Reverting that commit fixes the test.
> > Any suggestions?
>
> That's too strange. How do I run the test?
I've minimized the test case, the source and the binary are available
here:
http://jcmvbkbc.spb.ru/~jcmvbkbc/tmp/201605152245/
You can run it as
qemu-system-xtensa -M sim -cpu dc232b -nographic -semihosting -kernel ./test_mmu.tst
--
Thanks.
-- Max
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Qemu-devel] "tcg: Clean up direct block chaining safety checks" breaks target-xtensa mmu test
2016-05-15 19:53 ` Max Filippov
@ 2016-05-15 19:56 ` Sergey Fedorov
2016-05-15 20:54 ` Sergey Fedorov
0 siblings, 1 reply; 6+ messages in thread
From: Sergey Fedorov @ 2016-05-15 19:56 UTC (permalink / raw)
To: Max Filippov; +Cc: Richard Henderson, Alex Bennée, qemu-devel
On 15/05/16 22:53, Max Filippov wrote:
> On Sun, May 15, 2016 at 10:38:46PM +0300, Sergey Fedorov wrote:
>> On 15/05/16 21:58, Max Filippov wrote:
>>> I've noticed that the commit 5b053a4a28278 (tcg: Clean up direct block
>>> chaining safety checks) has broken tearget-xtensa test cross_page_tb
>>> from the tests/tcg/xtensa/test_mmu.S. The test runs a TB that spans two
>>> adjacent pages, then unmaps the second page and runs it again. It
>>> expects an instruction fetch exception on the second run, but with the
>>> said commit doesn't get it. Reverting that commit fixes the test.
>>> Any suggestions?
>> That's too strange. How do I run the test?
> I've minimized the test case, the source and the binary are available
> here:
> http://jcmvbkbc.spb.ru/~jcmvbkbc/tmp/201605152245/
>
> You can run it as
> qemu-system-xtensa -M sim -cpu dc232b -nographic -semihosting -kernel ./test_mmu.tst
>
Thank you for this. I'll try it tomorrow and figure out what's going wrong.
Kind regards,
Sergey
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Qemu-devel] "tcg: Clean up direct block chaining safety checks" breaks target-xtensa mmu test
2016-05-15 19:56 ` Sergey Fedorov
@ 2016-05-15 20:54 ` Sergey Fedorov
2016-05-16 14:36 ` Sergey Fedorov
0 siblings, 1 reply; 6+ messages in thread
From: Sergey Fedorov @ 2016-05-15 20:54 UTC (permalink / raw)
To: Max Filippov; +Cc: Richard Henderson, Alex Bennée, qemu-devel
On 15/05/16 22:56, Sergey Fedorov wrote:
> On 15/05/16 22:53, Max Filippov wrote:
>> On Sun, May 15, 2016 at 10:38:46PM +0300, Sergey Fedorov wrote:
>>> On 15/05/16 21:58, Max Filippov wrote:
>>>> I've noticed that the commit 5b053a4a28278 (tcg: Clean up direct block
>>>> chaining safety checks) has broken tearget-xtensa test cross_page_tb
>>>> from the tests/tcg/xtensa/test_mmu.S. The test runs a TB that spans two
>>>> adjacent pages, then unmaps the second page and runs it again. It
>>>> expects an instruction fetch exception on the second run, but with the
>>>> said commit doesn't get it. Reverting that commit fixes the test.
>>>> Any suggestions?
>>> That's too strange. How do I run the test?
>> I've minimized the test case, the source and the binary are available
>> here:
>> http://jcmvbkbc.spb.ru/~jcmvbkbc/tmp/201605152245/
>>
>> You can run it as
>> qemu-system-xtensa -M sim -cpu dc232b -nographic -semihosting -kernel ./test_mmu.tst
>>
> Thank you for this. I'll try it tomorrow and figure out what's going wrong.
I couldn't sleep without first trying the test :) Now I really
understand why things went wrong. I mixed up 'next_tb' and 'tb' in this
piece of code:
/* see if we can patch the calling TB. When the TB
spans two pages, we cannot safely do a direct
jump. */
if (next_tb != 0 && tb->page_addr[1] == -1
&& !qemu_loglevel_mask(CPU_LOG_TB_NOCHAIN)) {
tb_add_jump((TranslationBlock *)(next_tb & ~TB_EXIT_MASK),
next_tb & TB_EXIT_MASK, tb);
}
So I removed 'tb->page_addr[1] == -1' check thinking it's for the last
executed TB. But actually, it checks the next TB despite there's also
the variable called 'next_tb'. Indeed, we cannot safely direct jump *to*
the TB spanning pages in system emulation because we don't take care of
direct jumps when address mapping changes. However we can do this in
user emulation because there's only static address translation and TBs
get always invalidated properly.
I'll prepare a patch and fix this tomorrow then.
Nice test and nice catch!
Thanks,
Sergey
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Qemu-devel] "tcg: Clean up direct block chaining safety checks" breaks target-xtensa mmu test
2016-05-15 20:54 ` Sergey Fedorov
@ 2016-05-16 14:36 ` Sergey Fedorov
0 siblings, 0 replies; 6+ messages in thread
From: Sergey Fedorov @ 2016-05-16 14:36 UTC (permalink / raw)
To: Max Filippov; +Cc: Richard Henderson, Alex Bennée, qemu-devel
On 15/05/16 23:54, Sergey Fedorov wrote:
> On 15/05/16 22:56, Sergey Fedorov wrote:
>> On 15/05/16 22:53, Max Filippov wrote:
>>> On Sun, May 15, 2016 at 10:38:46PM +0300, Sergey Fedorov wrote:
>>>> On 15/05/16 21:58, Max Filippov wrote:
>>>>> I've noticed that the commit 5b053a4a28278 (tcg: Clean up direct block
>>>>> chaining safety checks) has broken tearget-xtensa test cross_page_tb
>>>>> from the tests/tcg/xtensa/test_mmu.S. The test runs a TB that spans two
>>>>> adjacent pages, then unmaps the second page and runs it again. It
>>>>> expects an instruction fetch exception on the second run, but with the
>>>>> said commit doesn't get it. Reverting that commit fixes the test.
>>>>> Any suggestions?
>>>> That's too strange. How do I run the test?
>>> I've minimized the test case, the source and the binary are available
>>> here:
>>> http://jcmvbkbc.spb.ru/~jcmvbkbc/tmp/201605152245/
>>>
>>> You can run it as
>>> qemu-system-xtensa -M sim -cpu dc232b -nographic -semihosting -kernel ./test_mmu.tst
>>>
>> Thank you for this. I'll try it tomorrow and figure out what's going wrong.
>
> I couldn't sleep without first trying the test :) Now I really
> understand why things went wrong. I mixed up 'next_tb' and 'tb' in
> this piece of code:
>
> /* see if we can patch the calling TB. When the TB
> spans two pages, we cannot safely do a direct
> jump. */
> if (next_tb != 0 && tb->page_addr[1] == -1
> && !qemu_loglevel_mask(CPU_LOG_TB_NOCHAIN)) {
> tb_add_jump((TranslationBlock *)(next_tb & ~TB_EXIT_MASK),
> next_tb & TB_EXIT_MASK, tb);
> }
>
> So I removed 'tb->page_addr[1] == -1' check thinking it's for the last
> executed TB. But actually, it checks the next TB despite there's also
> the variable called 'next_tb'. Indeed, we cannot safely direct jump
> *to* the TB spanning pages in system emulation because we don't take
> care of direct jumps when address mapping changes. However we can do
> this in user emulation because there's only static address translation
> and TBs get always invalidated properly.
>
> I'll prepare a patch and fix this tomorrow then.
http://lists.nongnu.org/archive/html/qemu-devel/2016-05/msg02506.html
Thanks,
Sergey
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2016-05-16 14:37 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-05-15 18:58 [Qemu-devel] "tcg: Clean up direct block chaining safety checks" breaks target-xtensa mmu test Max Filippov
2016-05-15 19:38 ` Sergey Fedorov
2016-05-15 19:53 ` Max Filippov
2016-05-15 19:56 ` Sergey Fedorov
2016-05-15 20:54 ` Sergey Fedorov
2016-05-16 14:36 ` Sergey Fedorov
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.