Il 29/10/2012 19:29, Aurelien Jarno ha scritto: > On Mon, Oct 29, 2012 at 06:53:14PM +0100, Paolo Bonzini wrote: >> > Known-good commit: 8473f377393219390ea6f2d8d450a2b054bb823e >> > Known-bad commit: d262cb02861dd33375c08fc798930653b14769e9 >> > >> > i386-softmmu seems to work. I may try to bisect it tomorrow, but I'd be >> > glad if somebody else beats me. It can be reproduced with Wine and >> > "x86_64-softmmu/qemu-system-x86_64.exe -L ../pc-bios"; it hangs at iPXE. > Oops, sorry about that. Is it win32 or win64? I'll try to fix it asap, > but right now I don't have a good network connection enough to either > setup a mingw build environment or to connect to a remote machine with > such an environment.
It's win32, and the first bad commit is 9c43b68 (tcg: rework liveness analysis, 2012-10-09). But it looks like 64-on-32 emulation is more generally broken. I now tried x86_64-linux-user compiled for 32-bit, and it segfaults on startup. Even the previous commit cannot run qemu-x86_64 /bin/ls correctly: $ git whatis HEAD ec7a869 (tcg: sync output arguments on liveness request, 2012-10-09) $ x86_64-linux-user/qemu-x86_64 /bin/ls inux-user $ git whatis HEAD 9c43b68 (tcg: rework liveness analysis, 2012-10-09) $ x86_64-linux-user/qemu-x86_64 /bin/ls qemu: uncaught target signal 11 (Segmentation fault) - core dumped Errore di segmentazione Regarding the win32 failure, it's early enough that the TCG logs give an idea of what is happening. This *might* be a reduced testcase, but the general breakage makes it impossible to check: asm("\n\ h:\n\ .byte 2\n\ f:\n\ push %rax\n\ push %rdx\n\ movb h, %al\n\ cmp $0x12, %al\n\ pop %rdx\n\ pop %rax\n\ ret\n\ g:\n\ xor %eax, %eax\n\ call f\n\ setne %al\n\ ret\n\ "); extern int g(); int main() { printf("%d\n", g()); } Anyhow, here are the logs (good on the left, differences on the right). A write to cc_dst is incorrectly deleted as dead: IN: ( 0x00000000000c83e9: push %ax ( 0x00000000000c83ea: push %dx ( 0x00000000000c83eb: mov $0x9206,%ax ( 0x00000000000c83ee: mov $0x3c4,%dx ( 0x00000000000c83f1: out %ax,(%dx) ( 0x00000000000c83f2: inc %dx ( 0x00000000000c83f3: in (%dx),%al ( 0x00000000000c83f4: cmp $0x12,%al ( 0x00000000000c83f6: pop %dx ( 0x00000000000c83f7: pop %ax ( 0x00000000000c83f8: ret ( ( OP: ( ---- 0xc83e9 ( mov_i32 tmp0,rax_0 ( mov_i32 tmp1,rax_1 ( mov_i32 tmp4,rsp_0 ( mov_i32 tmp5,rsp_1 ( movi_i32 tmp20,$0xfffffffe ( movi_i32 tmp21,$0xffffffff ( add2_i32 tmp4,tmp5,tmp4,tmp5,tmp20,tmp21 ( nop ( movi_i32 tmp5,$0x0 ( ext16u_i32 tmp4,tmp4 ( movi_i32 tmp5,$0x0 ( mov_i32 tmp2,tmp4 ( mov_i32 tmp3,tmp5 ( ld_i32 tmp8,env,$0xe8 ( ld_i32 tmp9,env,$0xec ( add2_i32 tmp4,tmp5,tmp4,tmp5,tmp8,tmp9 ( nop ( movi_i32 tmp5,$0x0 ( qemu_st16 tmp0,tmp4,tmp5,$0x0 ( deposit_i32 rsp_0,rsp_0,tmp2,$0x0,$0x10 ( ( ---- 0xc83ea ( mov_i32 tmp0,rdx_0 ( mov_i32 tmp1,rdx_1 ( mov_i32 tmp4,rsp_0 ( mov_i32 tmp5,rsp_1 ( movi_i32 tmp20,$0xfffffffe ( movi_i32 tmp21,$0xffffffff ( add2_i32 tmp4,tmp5,tmp4,tmp5,tmp20,tmp21 ( nop ( movi_i32 tmp5,$0x0 ( ext16u_i32 tmp4,tmp4 ( movi_i32 tmp5,$0x0 ( mov_i32 tmp2,tmp4 ( mov_i32 tmp3,tmp5 ( ld_i32 tmp8,env,$0xe8 ( ld_i32 tmp9,env,$0xec ( add2_i32 tmp4,tmp5,tmp4,tmp5,tmp8,tmp9 ( nop ( movi_i32 tmp5,$0x0 ( qemu_st16 tmp0,tmp4,tmp5,$0x0 ( deposit_i32 rsp_0,rsp_0,tmp2,$0x0,$0x10 ( ( ---- 0xc83eb ( movi_i32 tmp0,$0x9206 ( movi_i32 tmp1,$0x0 ( deposit_i32 rax_0,rax_0,tmp0,$0x0,$0x10 ( ( ---- 0xc83ee ( movi_i32 tmp0,$0x3c4 ( movi_i32 tmp1,$0x0 ( deposit_i32 rdx_0,rdx_0,tmp0,$0x0,$0x10 ( ( ---- 0xc83f1 ( mov_i32 tmp0,rdx_0 ( mov_i32 tmp1,rdx_1 ( ext16u_i32 tmp0,tmp0 ( movi_i32 tmp1,$0x0 ( mov_i32 tmp2,rax_0 ( mov_i32 tmp3,rax_1 ( mov_i32 tmp12,tmp0 ( mov_i32 tmp13,tmp2 ( movi_i32 tmp22,$outw ( call tmp22,$0x0,$0,tmp12,tmp13 ( ( ---- 0xc83f2 ( mov_i32 tmp0,rdx_0 ( mov_i32 tmp1,rdx_1 ( movi_i32 tmp20,$0x1 ( movi_i32 tmp21,$0x0 ( add2_i32 tmp0,tmp1,tmp0,tmp1,tmp20,tmp21 ( nop ( deposit_i32 rdx_0,rdx_0,tmp0,$0x0,$0x10 ( movi_i32 tmp22,$cc_compute_c ( call tmp22,$0x10,$1,tmp12,env,cc_op ( mov_i32 cc_src_0,tmp12 ( movi_i32 cc_src_1,$0x0 ( mov_i32 cc_dst_0,tmp0 ( mov_i32 cc_dst_1,tmp1 ( ( ---- 0xc83f3 ( mov_i32 tmp0,rdx_0 ( mov_i32 tmp1,rdx_1 ( ext16u_i32 tmp0,tmp0 ( movi_i32 tmp1,$0x0 ( mov_i32 tmp12,tmp0 ( movi_i32 tmp22,$inb ( call tmp22,$0x0,$2,tmp2,tmp3,tmp12 ( deposit_i32 rax_0,rax_0,tmp2,$0x0,$0x8 ( ( ---- 0xc83f4 ( movi_i32 tmp2,$0x12 ( movi_i32 tmp3,$0x0 ( mov_i32 tmp0,rax_0 ( mov_i32 tmp1,rax_1 ( mov_i32 cc_src_0,tmp2 ( mov_i32 cc_src_1,tmp3 ( sub2_i32 cc_dst_0,cc_dst_1,tmp0,tmp1,tmp2 ( nop ( ( ---- 0xc83f6 ( mov_i32 tmp4,rsp_0 ( mov_i32 tmp5,rsp_1 ( ext16u_i32 tmp4,tmp4 ( movi_i32 tmp5,$0x0 ( ld_i32 tmp8,env,$0xe8 ( ld_i32 tmp9,env,$0xec ( add2_i32 tmp4,tmp5,tmp4,tmp5,tmp8,tmp9 ( nop ( movi_i32 tmp5,$0x0 ( qemu_ld16u tmp0,tmp4,tmp5,$0x0 ( movi_i32 tmp1,$0x0 ( movi_i32 tmp20,$0x2 ( movi_i32 tmp21,$0x0 ( add2_i32 tmp8,tmp9,rsp_0,rsp_1,tmp20,tmp2 ( nop ( deposit_i32 rsp_0,rsp_0,tmp8,$0x0,$0x10 ( deposit_i32 rdx_0,rdx_0,tmp0,$0x0,$0x10 ( ( ---- 0xc83f7 ( mov_i32 tmp4,rsp_0 ( mov_i32 tmp5,rsp_1 ( ext16u_i32 tmp4,tmp4 ( movi_i32 tmp5,$0x0 ( ld_i32 tmp8,env,$0xe8 ( ld_i32 tmp9,env,$0xec ( add2_i32 tmp4,tmp5,tmp4,tmp5,tmp8,tmp9 ( nop ( movi_i32 tmp5,$0x0 ( qemu_ld16u tmp0,tmp4,tmp5,$0x0 ( movi_i32 tmp1,$0x0 ( movi_i32 tmp20,$0x2 ( movi_i32 tmp21,$0x0 ( add2_i32 tmp8,tmp9,rsp_0,rsp_1,tmp20,tmp2 ( nop ( deposit_i32 rsp_0,rsp_0,tmp8,$0x0,$0x10 ( deposit_i32 rax_0,rax_0,tmp0,$0x0,$0x10 ( ( ---- 0xc83f8 ( mov_i32 tmp4,rsp_0 ( mov_i32 tmp5,rsp_1 ( ext16u_i32 tmp4,tmp4 ( movi_i32 tmp5,$0x0 ( ld_i32 tmp8,env,$0xe8 ( ld_i32 tmp9,env,$0xec ( add2_i32 tmp4,tmp5,tmp4,tmp5,tmp8,tmp9 ( nop ( movi_i32 tmp5,$0x0 ( qemu_ld16u tmp0,tmp4,tmp5,$0x0 ( movi_i32 tmp1,$0x0 ( movi_i32 tmp20,$0x2 ( movi_i32 tmp21,$0x0 ( add2_i32 tmp8,tmp9,rsp_0,rsp_1,tmp20,tmp2 ( nop ( deposit_i32 rsp_0,rsp_0,tmp8,$0x0,$0x10 ( ext16u_i32 tmp0,tmp0 ( movi_i32 tmp1,$0x0 ( st_i32 tmp0,env,$0x80 ( st_i32 tmp1,env,$0x84 ( movi_i32 cc_op,$0xe ( exit_tb $0x0 ( ( OP after optimization and liveness analysi ( ---- 0xc83e9 ( nopn $0x2,$0x2 ( nopn $0x2,$0x2 ( nopn $0x2,$0x2 ( nopn $0x2,$0x2 ( movi_i32 tmp20,$0xfffffffe ( nopn $0x2,$0x2 ( add_i32 tmp4,rsp_0,tmp20 ( nopn $0x3,$0x3c,$0x3 ( nopn $0x2,$0x2 ( ext16u_i32 tmp4,tmp4 ( nopn $0x2,$0x2 ( mov_i32 tmp2,tmp4 ( nopn $0x2,$0x2 ( ld_i32 tmp8,env,$0xe8 ( nopn $0x3,$0x0,$0x3 ( add_i32 tmp4,tmp4,tmp8 ( nopn $0x3,$0x30,$0x3 ( movi_i32 tmp5,$0x0 ( qemu_st16 rax_0,tmp4,tmp5,$0x0 ( deposit_i32 rsp_0,rsp_0,tmp2,$0x0,$0x10 ( ( ---- 0xc83ea ( nopn $0x2,$0x2 ( nopn $0x2,$0x2 ( nopn $0x2,$0x2 ( nopn $0x2,$0x2 ( movi_i32 tmp20,$0xfffffffe ( nopn $0x2,$0x2 ( add_i32 tmp4,rsp_0,tmp20 ( nopn $0x3,$0x3c,$0x3 ( nopn $0x2,$0x2 ( ext16u_i32 tmp4,tmp4 ( nopn $0x2,$0x2 ( mov_i32 tmp2,tmp4 ( nopn $0x2,$0x2 ( ld_i32 tmp8,env,$0xe8 ( nopn $0x3,$0x0,$0x3 ( add_i32 tmp4,tmp4,tmp8 ( nopn $0x3,$0x30,$0x3 ( movi_i32 tmp5,$0x0 ( qemu_st16 rdx_0,tmp4,tmp5,$0x0 ( deposit_i32 rsp_0,rsp_0,tmp2,$0x0,$0x10 ( ( ---- 0xc83eb ( movi_i32 tmp0,$0x9206 ( nopn $0x2,$0x2 ( deposit_i32 rax_0,rax_0,tmp0,$0x0,$0x10 ( ( ---- 0xc83ee ( movi_i32 tmp0,$0x3c4 ( nopn $0x2,$0x2 ( deposit_i32 rdx_0,rdx_0,tmp0,$0x0,$0x10 ( ( ---- 0xc83f1 ( nopn $0x2,$0x2 ( nopn $0x2,$0x2 ( ext16u_i32 tmp0,rdx_0 ( nopn $0x2,$0x2 ( nopn $0x2,$0x2 ( nopn $0x2,$0x2 ( mov_i32 tmp12,tmp0 ( nopn $0x2,$0x2 ( movi_i32 tmp22,$outw ( call tmp22,$0x0,$0,tmp12,rax_0 ( ( ---- 0xc83f2 ( nopn $0x2,$0x2 ( nopn $0x2,$0x2 ( movi_i32 tmp20,$0x1 ( movi_i32 tmp21,$0x0 ( add2_i32 tmp0,tmp1,rdx_0,rdx_1,tmp20,tmp2 ( nop ( deposit_i32 rdx_0,rdx_0,tmp0,$0x0,$0x10 ( movi_i32 tmp22,$cc_compute_c ( call tmp22,$0x10,$1,tmp12,env,cc_op ( mov_i32 cc_src_0,tmp12 ( movi_i32 cc_src_1,$0x0 ( mov_i32 cc_dst_0,tmp0 ( mov_i32 cc_dst_1,tmp1 ( ( ---- 0xc83f3 ( nopn $0x2,$0x2 ( nopn $0x2,$0x2 ( ext16u_i32 tmp0,rdx_0 ( nopn $0x2,$0x2 ( mov_i32 tmp12,tmp0 ( movi_i32 tmp22,$inb ( call tmp22,$0x0,$2,tmp2,tmp3,tmp12 ( deposit_i32 rax_0,rax_0,tmp2,$0x0,$0x8 ( ( ---- 0xc83f4 ( movi_i32 tmp2,$0x12 | nopn $0x2,$0x2 movi_i32 tmp3,$0x0 | nopn $0x2,$0x2 nopn $0x2,$0x2 ( nopn $0x2,$0x2 ( movi_i32 cc_src_0,$0x12 ( movi_i32 cc_src_1,$0x0 ( sub2_i32 cc_dst_0,cc_dst_1,rax_0,rax_1,tm | nopn $0x6,$0x5,$0x8,$0x9,$0x2a,$0x6 nop ( ( ---- 0xc83f6 ( nopn $0x2,$0x2 ( nopn $0x2,$0x2 ( ext16u_i32 tmp4,rsp_0 ( nopn $0x2,$0x2 ( ld_i32 tmp8,env,$0xe8 ( nopn $0x3,$0x0,$0x3 ( add_i32 tmp4,tmp4,tmp8 ( nopn $0x3,$0x30,$0x3 ( movi_i32 tmp5,$0x0 ( qemu_ld16u tmp0,tmp4,tmp5,$0x0 ( nopn $0x2,$0x2 ( movi_i32 tmp20,$0x2 ( nopn $0x2,$0x2 ( add_i32 tmp8,rsp_0,tmp20 ( nopn $0x3,$0x3c,$0x3 ( deposit_i32 rsp_0,rsp_0,tmp8,$0x0,$0x10 ( deposit_i32 rdx_0,rdx_0,tmp0,$0x0,$0x10 ( ( ---- 0xc83f7 ( nopn $0x2,$0x2 ( nopn $0x2,$0x2 ( ext16u_i32 tmp4,rsp_0 ( nopn $0x2,$0x2 ( ld_i32 tmp8,env,$0xe8 ( nopn $0x3,$0x0,$0x3 ( add_i32 tmp4,tmp4,tmp8 ( nopn $0x3,$0x30,$0x3 ( movi_i32 tmp5,$0x0 ( qemu_ld16u tmp0,tmp4,tmp5,$0x0 ( nopn $0x2,$0x2 ( movi_i32 tmp20,$0x2 ( nopn $0x2,$0x2 ( add_i32 tmp8,rsp_0,tmp20 ( nopn $0x3,$0x3c,$0x3 ( deposit_i32 rsp_0,rsp_0,tmp8,$0x0,$0x10 ( deposit_i32 rax_0,rax_0,tmp0,$0x0,$0x10 ( ( ---- 0xc83f8 ( nopn $0x2,$0x2 ( nopn $0x2,$0x2 ( ext16u_i32 tmp4,rsp_0 ( nopn $0x2,$0x2 ( ld_i32 tmp8,env,$0xe8 ( nopn $0x3,$0x0,$0x3 ( add_i32 tmp4,tmp4,tmp8 ( nopn $0x3,$0x30,$0x3 ( movi_i32 tmp5,$0x0 ( qemu_ld16u tmp0,tmp4,tmp5,$0x0 ( nopn $0x2,$0x2 ( movi_i32 tmp20,$0x2 ( nopn $0x2,$0x2 ( add_i32 tmp8,rsp_0,tmp20 ( nopn $0x3,$0x3c,$0x3 ( deposit_i32 rsp_0,rsp_0,tmp8,$0x0,$0x10 ( ext16u_i32 tmp0,tmp0 ( movi_i32 tmp1,$0x0 ( st_i32 tmp0,env,$0x80 ( st_i32 tmp1,env,$0x84 ( movi_i32 cc_op,$0xe ( exit_tb $0x0 ( end ( ( and then the next basic block jumps in the weeds: IN: ( 0x00000000000c83a0: jne 0xc83d3 ( IN: ( 0x00000000000c83a2: push %ds | 0x00000000000c83d3: ret 0x00000000000c83a3: xor %ax,%ax < 0x00000000000c83a5: mov %ax,%ds < 0x00000000000c83a7: mov $0x83f9,%ax < 0x00000000000c83aa: mov %ax,0x40 < 0x00000000000c83ad: mov $0xc000,%ax < 0x00000000000c83b0: mov %ax,0x42 < 0x00000000000c83b3: pop %ds < etc.