Recent TCG commit breaks PPC

Recent TCG commit breaks PPC

[BALATON Zoltan]

Hello,

Commit 8fe35e0444be (tcg/optimize: Use tcg_constant_internal with constant 
folding) seems to break PPC emulation for me:

Thread 3 "qemu-system-ppc" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff51e7700 (LWP 22636)]
0x0000555555afd4ee in ts_are_copies (ts2=0x7fff8c008f90, ts1=0x7fff8c001510) at ../tcg/optimize.c:68
68	    return ts_info(ts)->next_copy != ts;
(gdb) bt
#0  0x0000555555afd4ee in ts_are_copies (ts2=0x7fff8c008f90, ts1=0x7fff8c001510) at tcg/optimize.c:68
#1  0x0000555555afd4ee in tcg_opt_gen_mov
     (s=s@entry=0x7fff8c000b60, op=op@entry=0x7fff8c6b2348, dst=140735542203664, src=140735542235024) at tcg/optimize.c:191
#2  0x0000555555afe05a in tcg_opt_gen_movi
     (s=s@entry=0x7fff8c000b60, temps_used=temps_used@entry=0x7ffff51e63c0, op=op@entry=0x7fff8c6b2348, dst=<optimized out>,
     val=<optimized out>) at include/tcg/tcg.h:731
#3  0x0000555555aff79f in tcg_optimize (s=s@entry=0x7fff8c000b60) at tcg/optimize.c:1189
#4  0x0000555555b13c39 in tcg_gen_code (s=0x7fff8c000b60, tb=tb@entry=0x7fffb3181380 <code_gen_buffer+4088659>) at tcg/tcg.c:4490
#5  0x0000555555b1b485 in tb_gen_code
     (cpu=cpu@entry=0x55555651c870, pc=pc@entry=4287582720, cs_base=cs_base@entry=0, flags=flags@entry=24576, cflags=-16777216,
     cflags@entry=0) at accel/tcg/translate-all.c:1952
#6  0x0000555555b7c303 in tb_find (cf_mask=0, tb_exit=0, last_tb=0x0, cpu=0x0) at accel/tcg/cpu-exec.c:454
#7  0x0000555555b7c303 in cpu_exec (cpu=cpu@entry=0x55555651c870) at accel/tcg/cpu-exec.c:810
#8  0x0000555555ab5ea2 in tcg_cpus_exec (cpu=cpu@entry=0x55555651c870) at accel/tcg/tcg-cpus.c:57
#9  0x0000555555ab7a03 in rr_cpu_thread_fn (arg=arg@entry=0x55555651c870) at accel/tcg/tcg-cpus-rr.c:217
#10 0x0000555555cc355a in qemu_thread_start (args=<optimized out>) at util/qemu-thread-posix.c:521
#11 0x00007ffff6cc004c in start_thread () at /lib64/libpthread.so.0
#12 0x00007ffff6bf13af in clone () at /lib64/libc.so.6

This can be reproduced for example with booting AROS as described here:

http://zero.eik.bme.hu/~balaton/qemu/amiga/#aros

The segfault happens during boot.

Regards,
BALATON Zoltan

Re: Recent TCG commit breaks PPC

[Richard Henderson]

On 1/16/21 4:38 AM, BALATON Zoltan wrote:
> Hello,
> 
> Commit 8fe35e0444be (tcg/optimize: Use tcg_constant_internal with constant
> folding) seems to break PPC emulation for me:
> 
> Thread 3 "qemu-system-ppc" received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7ffff51e7700 (LWP 22636)]
> 0x0000555555afd4ee in ts_are_copies (ts2=0x7fff8c008f90, ts1=0x7fff8c001510) at
> ../tcg/optimize.c:68
> 68        return ts_info(ts)->next_copy != ts;

Ok, riscv32 seems to have the same problem.  I'm on it.
I'll note that check-acceptance passes, so this points out a hole in our testing...


r~

> (gdb) bt
> #0  0x0000555555afd4ee in ts_are_copies (ts2=0x7fff8c008f90,
> ts1=0x7fff8c001510) at tcg/optimize.c:68
> #1  0x0000555555afd4ee in tcg_opt_gen_mov
>     (s=s@entry=0x7fff8c000b60, op=op@entry=0x7fff8c6b2348, dst=140735542203664,
> src=140735542235024) at tcg/optimize.c:191
> #2  0x0000555555afe05a in tcg_opt_gen_movi
>     (s=s@entry=0x7fff8c000b60, temps_used=temps_used@entry=0x7ffff51e63c0,
> op=op@entry=0x7fff8c6b2348, dst=<optimized out>,
>     val=<optimized out>) at include/tcg/tcg.h:731
> #3  0x0000555555aff79f in tcg_optimize (s=s@entry=0x7fff8c000b60) at
> tcg/optimize.c:1189
> #4  0x0000555555b13c39 in tcg_gen_code (s=0x7fff8c000b60,
> tb=tb@entry=0x7fffb3181380 <code_gen_buffer+4088659>) at tcg/tcg.c:4490
> #5  0x0000555555b1b485 in tb_gen_code
>     (cpu=cpu@entry=0x55555651c870, pc=pc@entry=4287582720,
> cs_base=cs_base@entry=0, flags=flags@entry=24576, cflags=-16777216,
>     cflags@entry=0) at accel/tcg/translate-all.c:1952
> #6  0x0000555555b7c303 in tb_find (cf_mask=0, tb_exit=0, last_tb=0x0, cpu=0x0)
> at accel/tcg/cpu-exec.c:454
> #7  0x0000555555b7c303 in cpu_exec (cpu=cpu@entry=0x55555651c870) at
> accel/tcg/cpu-exec.c:810
> #8  0x0000555555ab5ea2 in tcg_cpus_exec (cpu=cpu@entry=0x55555651c870) at
> accel/tcg/tcg-cpus.c:57
> #9  0x0000555555ab7a03 in rr_cpu_thread_fn (arg=arg@entry=0x55555651c870) at
> accel/tcg/tcg-cpus-rr.c:217
> #10 0x0000555555cc355a in qemu_thread_start (args=<optimized out>) at
> util/qemu-thread-posix.c:521
> #11 0x00007ffff6cc004c in start_thread () at /lib64/libpthread.so.0
> #12 0x00007ffff6bf13af in clone () at /lib64/libc.so.6
> 
> This can be reproduced for example with booting AROS as described here:
> 
> http://zero.eik.bme.hu/~balaton/qemu/amiga/#aros
> 
> The segfault happens during boot.
> 
> Regards,
> BALATON Zoltan

Re: Recent TCG commit breaks PPC

[Richard Henderson]

On 1/16/21 4:38 AM, BALATON Zoltan wrote:
> 
> Commit 8fe35e0444be (tcg/optimize: Use tcg_constant_internal with constant
> folding) seems to break PPC emulation for me:
> 
> Thread 3 "qemu-system-ppc" received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7ffff51e7700 (LWP 22636)]
> 0x0000555555afd4ee in ts_are_copies (ts2=0x7fff8c008f90, ts1=0x7fff8c001510) at
> ../tcg/optimize.c:68
> 68        return ts_info(ts)->next_copy != ts;

I don't replicate this assertion.

Interestingly, I replicate a different assertion:

qemu-system-ppc: ../qemu/tcg/tcg.c:1210: tcg_temp_alloc: Assertion `n < 512'
failed.
Aborted (core dumped)

What compiler version(s) are you guys using?


r~

Re: Recent TCG commit breaks PPC

[Alistair Francis]

On Sat, Jan 16, 2021 at 9:29 AM Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> On 1/16/21 4:38 AM, BALATON Zoltan wrote:
> >
> > Commit 8fe35e0444be (tcg/optimize: Use tcg_constant_internal with constant
> > folding) seems to break PPC emulation for me:
> >
> > Thread 3 "qemu-system-ppc" received signal SIGSEGV, Segmentation fault.
> > [Switching to Thread 0x7ffff51e7700 (LWP 22636)]
> > 0x0000555555afd4ee in ts_are_copies (ts2=0x7fff8c008f90, ts1=0x7fff8c001510) at
> > ../tcg/optimize.c:68
> > 68        return ts_info(ts)->next_copy != ts;
>
> I don't replicate this assertion.
>
> Interestingly, I replicate a different assertion:
>
> qemu-system-ppc: ../qemu/tcg/tcg.c:1210: tcg_temp_alloc: Assertion `n < 512'
> failed.
> Aborted (core dumped)
>
> What compiler version(s) are you guys using?

I'm using:

gcc (GCC) 10.2.0

Alistair

>
>
> r~
>

Re: Recent TCG commit breaks PPC

[BALATON Zoltan]

[-- Attachment #1: Type: text/plain, Size: 827 bytes --]

On Sat, 16 Jan 2021, Richard Henderson wrote:
> On 1/16/21 4:38 AM, BALATON Zoltan wrote:
>>
>> Commit 8fe35e0444be (tcg/optimize: Use tcg_constant_internal with constant
>> folding) seems to break PPC emulation for me:
>>
>> Thread 3 "qemu-system-ppc" received signal SIGSEGV, Segmentation fault.
>> [Switching to Thread 0x7ffff51e7700 (LWP 22636)]
>> 0x0000555555afd4ee in ts_are_copies (ts2=0x7fff8c008f90, ts1=0x7fff8c001510) at
>> ../tcg/optimize.c:68
>> 68        return ts_info(ts)->next_copy != ts;
>
> I don't replicate this assertion.
>
> Interestingly, I replicate a different assertion:
>
> qemu-system-ppc: ../qemu/tcg/tcg.c:1210: tcg_temp_alloc: Assertion `n < 512'
> failed.
> Aborted (core dumped)
>
> What compiler version(s) are you guys using?

I'm getting this with gcc 8.4.0

Regards,
BALATON Zoltan

Re: Recent TCG commit breaks PPC

[BALATON Zoltan]

[-- Attachment #1: Type: text/plain, Size: 2711 bytes --]

On Sat, 16 Jan 2021, Richard Henderson wrote:
> On 1/16/21 4:38 AM, BALATON Zoltan wrote:
>>
>> Commit 8fe35e0444be (tcg/optimize: Use tcg_constant_internal with constant
>> folding) seems to break PPC emulation for me:
>>
>> Thread 3 "qemu-system-ppc" received signal SIGSEGV, Segmentation fault.
>> [Switching to Thread 0x7ffff51e7700 (LWP 22636)]
>> 0x0000555555afd4ee in ts_are_copies (ts2=0x7fff8c008f90, ts1=0x7fff8c001510) at
>> ../tcg/optimize.c:68
>> 68        return ts_info(ts)->next_copy != ts;
>
> I don't replicate this assertion.
>
> Interestingly, I replicate a different assertion:
>
> qemu-system-ppc: ../qemu/tcg/tcg.c:1210: tcg_temp_alloc: Assertion `n < 512'
> failed.
> Aborted (core dumped)
>
> What compiler version(s) are you guys using?

With --enable-debug (that I don't normally use because it makes PPC 
emulation too slow) I get the same assertion:

qemu-system-ppc: ../tcg/tcg.c:1210: tcg_temp_alloc: Assertion `n < 512' 
failed.

Thread 3 "qemu-system-ppc" received signal SIGABRT, Aborted.

(gdb) bt
#0  0x00007ffff6b29a7a in raise () at /lib64/libc.so.6
#1  0x00007ffff6b12524 in abort () at /lib64/libc.so.6
#2  0x00007ffff6b1240f in _nl_load_domain.cold.0 () at /lib64/libc.so.6
#3  0x00007ffff6b1e9a2 in  () at /lib64/libc.so.6
#4  0x0000555555c5e7a6 in tcg_temp_alloc (s=0x7fff50000b60) at tcg/tcg.c:1210
#5  0x0000555555c5efcb in tcg_constant_internal (type=TCG_TYPE_I32, val=-7401584) at tcg/tcg.c:1436
#6  0x0000555555c7f921 in tcg_opt_gen_movi
     (s=0x7fff50000b60, temps_used=0x7ffff51e94c0, op=0x7fff505d6308, dst=140734535570720, val=18446744073702150032)
     at tcg/optimize.c:247
#7  0x0000555555c81e4b in tcg_optimize (s=0x7fff50000b60) at tcg/optimize.c:1178
#8  0x0000555555c6580a in tcg_gen_code (s=0x7fff50000b60, tb=0x7fffb3181a00) at tcg/tcg.c:4490
#9  0x0000555555c34f9c in tb_gen_code (cpu=0x5555567851e0, pc=4287582720, cs_base=0, flags=24576, cflags=-16777216)
     at accel/tcg/translate-all.c:1952
#10 0x0000555555c79842 in tb_find (cpu=0x5555567851e0, last_tb=0x0, tb_exit=0, cf_mask=0) at accel/tcg/cpu-exec.c:454
#11 0x0000555555c7a109 in cpu_exec (cpu=0x5555567851e0) at accel/tcg/cpu-exec.c:810
#12 0x0000555555c6e906 in tcg_cpus_exec (cpu=0x5555567851e0) at accel/tcg/tcg-cpus.c:57
#13 0x0000555555cbf18e in rr_cpu_thread_fn (arg=0x5555567851e0) at accel/tcg/tcg-cpus-rr.c:217
#14 0x0000555555ea8531 in qemu_thread_start (args=0x5555567c63d0) at util/qemu-thread-posix.c:521
#15 0x00007ffff6cc004c in start_thread () at /lib64/libpthread.so.0
#16 0x00007ffff6bf13af in clone () at /lib64/libc.so.6

Previous one was when configuring without --enable-debug, so maybe it 
depends on compiler flags (-O2 vs. -O0).

Regards,
BALATON Zoltan

Re: Recent TCG commit breaks PPC

[BALATON Zoltan]

[-- Attachment #1: Type: text/plain, Size: 2934 bytes --]

On Sat, 16 Jan 2021, BALATON Zoltan wrote:
> On Sat, 16 Jan 2021, Richard Henderson wrote:
>> On 1/16/21 4:38 AM, BALATON Zoltan wrote:
>>> 
>>> Commit 8fe35e0444be (tcg/optimize: Use tcg_constant_internal with constant
>>> folding) seems to break PPC emulation for me:

See also:

https://bugs.launchpad.net/qemu/+bug/1912065

>>> Thread 3 "qemu-system-ppc" received signal SIGSEGV, Segmentation fault.
>>> [Switching to Thread 0x7ffff51e7700 (LWP 22636)]
>>> 0x0000555555afd4ee in ts_are_copies (ts2=0x7fff8c008f90, 
>>> ts1=0x7fff8c001510) at
>>> ../tcg/optimize.c:68
>>> 68        return ts_info(ts)->next_copy != ts;
>> 
>> I don't replicate this assertion.
>> 
>> Interestingly, I replicate a different assertion:
>> 
>> qemu-system-ppc: ../qemu/tcg/tcg.c:1210: tcg_temp_alloc: Assertion `n < 
>> 512'
>> failed.
>> Aborted (core dumped)
>> 
>> What compiler version(s) are you guys using?
>
> With --enable-debug (that I don't normally use because it makes PPC emulation 
> too slow) I get the same assertion:
>
> qemu-system-ppc: ../tcg/tcg.c:1210: tcg_temp_alloc: Assertion `n < 512' 
> failed.
>
> Thread 3 "qemu-system-ppc" received signal SIGABRT, Aborted.
>
> (gdb) bt
> #0  0x00007ffff6b29a7a in raise () at /lib64/libc.so.6
> #1  0x00007ffff6b12524 in abort () at /lib64/libc.so.6
> #2  0x00007ffff6b1240f in _nl_load_domain.cold.0 () at /lib64/libc.so.6
> #3  0x00007ffff6b1e9a2 in  () at /lib64/libc.so.6
> #4  0x0000555555c5e7a6 in tcg_temp_alloc (s=0x7fff50000b60) at tcg/tcg.c:1210
> #5  0x0000555555c5efcb in tcg_constant_internal (type=TCG_TYPE_I32, 
> val=-7401584) at tcg/tcg.c:1436
> #6  0x0000555555c7f921 in tcg_opt_gen_movi
>    (s=0x7fff50000b60, temps_used=0x7ffff51e94c0, op=0x7fff505d6308, 
> dst=140734535570720, val=18446744073702150032)
>    at tcg/optimize.c:247
> #7  0x0000555555c81e4b in tcg_optimize (s=0x7fff50000b60) at 
> tcg/optimize.c:1178
> #8  0x0000555555c6580a in tcg_gen_code (s=0x7fff50000b60, tb=0x7fffb3181a00) 
> at tcg/tcg.c:4490
> #9  0x0000555555c34f9c in tb_gen_code (cpu=0x5555567851e0, pc=4287582720, 
> cs_base=0, flags=24576, cflags=-16777216)
>    at accel/tcg/translate-all.c:1952
> #10 0x0000555555c79842 in tb_find (cpu=0x5555567851e0, last_tb=0x0, 
> tb_exit=0, cf_mask=0) at accel/tcg/cpu-exec.c:454
> #11 0x0000555555c7a109 in cpu_exec (cpu=0x5555567851e0) at 
> accel/tcg/cpu-exec.c:810
> #12 0x0000555555c6e906 in tcg_cpus_exec (cpu=0x5555567851e0) at 
> accel/tcg/tcg-cpus.c:57
> #13 0x0000555555cbf18e in rr_cpu_thread_fn (arg=0x5555567851e0) at 
> accel/tcg/tcg-cpus-rr.c:217
> #14 0x0000555555ea8531 in qemu_thread_start (args=0x5555567c63d0) at 
> util/qemu-thread-posix.c:521
> #15 0x00007ffff6cc004c in start_thread () at /lib64/libpthread.so.0
> #16 0x00007ffff6bf13af in clone () at /lib64/libc.so.6
>
> Previous one was when configuring without --enable-debug, so maybe it depends 
> on compiler flags (-O2 vs. -O0).
>
> Regards,
> BALATON Zoltan

Re: Recent TCG commit breaks PPC

[Philippe Mathieu-Daudé]

On 1/16/21 8:46 PM, BALATON Zoltan wrote:
> On Sat, 16 Jan 2021, Richard Henderson wrote:
>> On 1/16/21 4:38 AM, BALATON Zoltan wrote:
>>>
>>> Commit 8fe35e0444be (tcg/optimize: Use tcg_constant_internal with
>>> constant
>>> folding) seems to break PPC emulation for me:
>>>
>>> Thread 3 "qemu-system-ppc" received signal SIGSEGV, Segmentation fault.
>>> [Switching to Thread 0x7ffff51e7700 (LWP 22636)]
>>> 0x0000555555afd4ee in ts_are_copies (ts2=0x7fff8c008f90,
>>> ts1=0x7fff8c001510) at
>>> ../tcg/optimize.c:68
>>> 68        return ts_info(ts)->next_copy != ts;
>>
>> I don't replicate this assertion.
>>
>> Interestingly, I replicate a different assertion:
>>
>> qemu-system-ppc: ../qemu/tcg/tcg.c:1210: tcg_temp_alloc: Assertion `n
>> < 512'
>> failed.
>> Aborted (core dumped)
>>
>> What compiler version(s) are you guys using?
> 
> With --enable-debug (that I don't normally use because it makes PPC
> emulation too slow) I get the same assertion:
> 
> qemu-system-ppc: ../tcg/tcg.c:1210: tcg_temp_alloc: Assertion `n < 512'
> failed.
> 
> Thread 3 "qemu-system-ppc" received signal SIGABRT, Aborted.
> 
> (gdb) bt
> #0  0x00007ffff6b29a7a in raise () at /lib64/libc.so.6
> #1  0x00007ffff6b12524 in abort () at /lib64/libc.so.6
> #2  0x00007ffff6b1240f in _nl_load_domain.cold.0 () at /lib64/libc.so.6
> #3  0x00007ffff6b1e9a2 in  () at /lib64/libc.so.6
> #4  0x0000555555c5e7a6 in tcg_temp_alloc (s=0x7fff50000b60) at
> tcg/tcg.c:1210
> #5  0x0000555555c5efcb in tcg_constant_internal (type=TCG_TYPE_I32,
> val=-7401584) at tcg/tcg.c:1436
> #6  0x0000555555c7f921 in tcg_opt_gen_movi
>     (s=0x7fff50000b60, temps_used=0x7ffff51e94c0, op=0x7fff505d6308,
> dst=140734535570720, val=18446744073702150032)
>     at tcg/optimize.c:247
> #7  0x0000555555c81e4b in tcg_optimize (s=0x7fff50000b60) at
> tcg/optimize.c:1178
> #8  0x0000555555c6580a in tcg_gen_code (s=0x7fff50000b60,
> tb=0x7fffb3181a00) at tcg/tcg.c:4490
> #9  0x0000555555c34f9c in tb_gen_code (cpu=0x5555567851e0,
> pc=4287582720, cs_base=0, flags=24576, cflags=-16777216)
>     at accel/tcg/translate-all.c:1952
> #10 0x0000555555c79842 in tb_find (cpu=0x5555567851e0, last_tb=0x0,
> tb_exit=0, cf_mask=0) at accel/tcg/cpu-exec.c:454
> #11 0x0000555555c7a109 in cpu_exec (cpu=0x5555567851e0) at
> accel/tcg/cpu-exec.c:810
> #12 0x0000555555c6e906 in tcg_cpus_exec (cpu=0x5555567851e0) at
> accel/tcg/tcg-cpus.c:57
> #13 0x0000555555cbf18e in rr_cpu_thread_fn (arg=0x5555567851e0) at
> accel/tcg/tcg-cpus-rr.c:217
> #14 0x0000555555ea8531 in qemu_thread_start (args=0x5555567c63d0) at
> util/qemu-thread-posix.c:521
> #15 0x00007ffff6cc004c in start_thread () at /lib64/libpthread.so.0
> #16 0x00007ffff6bf13af in clone () at /lib64/libc.so.6
> 
> Previous one was when configuring without --enable-debug, so maybe it
> depends on compiler flags (-O2 vs. -O0).

--debug enables CONFIG_DEBUG_TCG (the n < 512 assertion).