On Fri, Jul 17, 2020 at 09:26:50PM -0000, Helge Deller wrote: > Test still crashes the VM and chroot with up-to-date debian chroot, > including updated gcc-9.3.0-14. > > -- > You received this bug notification because you are a member of qemu- > devel-ml, which is subscribed to QEMU. > https://bugs.launchpad.net/bugs/1880287 > > Title: > gcc crashes in hppa emulation > > Status in QEMU: > New > > Bug description: > There seems to be a translation bug in the qemu-hppa (qemu v5.0.0) > emulation: > A stripped down testcase (taken from Linux kernel build) is attached. > > In there is "a.sh", a shell script which calls gcc-9 (fails with both > debian gcc-9.3.0-11 or gcc-9.3.0-12). and "a.iii", the preprocessed > source. > > When starting a.sh, in the emulation gcc crashes with segfault. > On real hardware gcc succeeds to compile the source. > > In a hppa-user chroot running "apt update && apt install gcc-9" should > be sufficient to get the needed reproducer environment. > > To manage notifications about this bug go to: > https://bugs.launchpad.net/qemu/+bug/1880287/+subscriptions >
I reproduced this here and it looks like we're running out of TCG temps: hread 3 "qemu-system-hpp" received signal SIGABRT, Aborted. [Switching to Thread 0x7fcb5ffff700 (LWP 3208)] __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007fcb680a455b in __GI_abort () at abort.c:79 #2 0x00007fcb680a442f in __assert_fail_base (fmt=0x7fcb6820ab48 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55cc6120e68c "n < 512", file=0x55cc6120c569 "/home/svens/qemu/tcg/tcg.c", line=1156, function=<optimized out>) at assert.c:92 #3 0x00007fcb680b3092 in __GI___assert_fail (assertion=0x55cc6120e68c "n < 512", file=0x55cc6120c569 "/home/svens/qemu/tcg/tcg.c", line=1156, function=0x55cc6120f768 <__PRETTY_FUNCTION__.37440> "tcg_temp_alloc") at assert.c:101 #4 0x000055cc60cd57ae in tcg_temp_alloc (s=0x7fcad0000b60) at /home/svens/qemu/tcg/tcg.c:1156 #5 0x000055cc60cd5bd6 in tcg_temp_new_internal (type=TCG_TYPE_I32, temp_local=false) at /home/svens/qemu/tcg/tcg.c:1273 #6 0x000055cc60dda222 in tcg_temp_new_i32 () at /home/svens/qemu/include/tcg/tcg.h:899 #7 0x000055cc60de760c in do_sub (ctx=0x7fcb5fffe2e0, rt=2, in1=0x430, in2=0x9e0, is_tsv=false, is_b=false, is_tc=false, cf=0) at /home/svens/qemu/target/hppa/translate.c:1247 #8 0x000055cc60de7a04 in do_sub_reg (ctx=0x7fcb5fffe2e0, a=0x7fcb5fffe1d0, is_tsv=false, is_b=false, is_tc=false) at /home/svens/qemu/target/hppa/translate.c:1313 #9 0x000055cc60deaca9 in trans_sub (ctx=0x7fcb5fffe2e0, a=0x7fcb5fffe1d0) at /home/svens/qemu/target/hppa/translate.c:2647 #10 0x000055cc60de18aa in decode (ctx=0x7fcb5fffe2e0, insn=193070082) at target/hppa/decode.inc.c:1699 #11 0x000055cc60def6db in hppa_tr_translate_insn (dcbase=0x7fcb5fffe2e0, cs=0x55cc62065bf0) at /home/svens/qemu/target/hppa/translate.c:4255 #12 0x000055cc60d47d6f in translator_loop (ops=0x55cc614789c0 <hppa_tr_ops>, db=0x7fcb5fffe2e0, cpu=0x55cc62065bf0, tb=0x7fcb2f02e180 <code_gen_buffer+386064723>, max_insns=512) at /home/svens/qemu/accel/tcg/translator.c:102 #13 0x000055cc60defb9d in gen_intermediate_code (cs=0x55cc62065bf0, tb=0x7fcb2f02e180 <code_gen_buffer+386064723>, max_insns=512) at /home/svens/qemu/target/hppa/translate.c:4389 #14 0x000055cc60d45eeb in tb_gen_code (cpu=0x55cc62065bf0, pc=3161101733888, cs_base=3161095929860, flags=262915, cflags=-16777216) at /home/svens/qemu/accel/tcg/translate-all.c:1738 #15 0x000055cc60d42452 in tb_find (cpu=0x55cc62065bf0, last_tb=0x0, tb_exit=0, cf_mask=0) at /home/svens/qemu/accel/tcg/cpu-exec.c:407 #16 0x000055cc60d42d30 in cpu_exec (cpu=0x55cc62065bf0) at /home/svens/qemu/accel/tcg/cpu-exec.c:731 #17 0x000055cc60dbe7d1 in tcg_cpu_exec (cpu=0x55cc62065bf0) at /home/svens/qemu/softmmu/cpus.c:1356 #18 0x000055cc60dbeade in qemu_tcg_rr_cpu_thread_fn (arg=0x55cc62065bf0) at /home/svens/qemu/softmmu/cpus.c:1458 #19 0x000055cc611c98f0 in qemu_thread_start (args=0x55cc6207f6b0) at util/qemu-thread-posix.c:521 #20 0x00007fcb6824cf27 in start_thread (arg=<optimized out>) at pthread_create.c:479 #21 0x00007fcb6817c31f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 (gdb) TCG_MAX_INSN is 512, and TCG_MAX_TEMPS also. Given the complexity of emulating the parisc conditions and nullifications, i guess a 1:1 ratio is just not sufficient. Increasing TCG_MAX_TEMPS to 1024 solves the issue. I haven't checked how big the TB is, and how much temps it allocates then. Regards Sven