Dear MARSS developers,
I've recently found a core access a instruction cache with invalid address.
I tracked the cause of that.
The problem seems to be caused by mis-using of check_and_translate() at
line #605 in ooo-pipe.cpp.
According to the implementation, check_and_translate() gets the physical
address for a given virtual address by simply looking QEMU's TLB.
However, QEMU's TLB is not a TLB in architecture. It is a cache for
guest-to-host virtual address mapping. So just looking the QEMU's TLB is
not enough to get the physical address of a given virtual address. Thus,
check_and_translate() usually is followed by try_handle_fault(), which
loads missing TLB entry into QEMU's TLB, and is called again.
However, ThreadContext::fetch() does not call try_handle_fault() to check
the result of check_and_translate().
I updated the fetch function to call try_handle_fault() after
check_and_translate(). Here is the region I updated.
583a584,593
>
> if unlikely (exception) {
> /* Check if the page fault can be handled without causing
exception */
> if(exception == EXCEPTION_PageFaultOnWrite || exception ==
EXCEPTION_PageFaultOnRead) {
> bool handled = ctx.try_handle_fault(fetchrip, false);
> if (handled)
> physaddr = ctx.check_and_translate(fetchrip, 3,
false, false, exception, mmio, pfec, true);
> assert(handled);
> }
> }
Thanks,
Hanhwi
_______________________________________________
http://www.marss86.org
Marss86-Devel mailing list
[email protected]
https://www.cs.binghamton.edu/mailman/listinfo/marss86-devel
