QEMU

armeb regression since qemu version 2.8

Bug #1725267 reported by Christophe Lyon on 2017-10-20

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	QEMU	Fix Released	Undecided	Unassigned

Bug Description

Hi,

I have noticed a regression when I upgraded from qemu-armeb 2.7 to 2.8, and the problem is still present with version 2.10.1.

I am using qemu for GCC validation, noticed problems with testcases involving atomics, I'm attaching here atomic-exchange-4.exe.

# with 2.7:
$ qemu-armeb -cpu any -R 0 -L $PWD -E LD_LIBRARY_PATH=$PWD/lib $PWD/atomic-exchange-4.exe
$ echo $?
0
# with 2.8, 2.10.1:
$ qemu-armeb -cpu any -R 0 -L $PWD -E LD_LIBRARY_PATH=$PWD/lib $PWD/atomic-exchange-4.exe
qemu: uncaught target signal 6 (Aborted) - core dumped
Aborted (core dumped)
$ echo $?
134

The source code is gcc/testsuite/gcc.dg/atomic-exchange-4.c

Running with -d in_asm shows a difference early in the startup code:
IN: _dl_sysdep_start
[...]
0x40a17790: 908ff103 addls pc, pc, r3, lsl #2

and then the next address is not the same with qemu 2.7 and 2.10.1

I hope you have enough data/information to reproduce and confirm/fix the problem.

Thanks

Revision history for this message

Christophe Lyon (christophe-lyon) wrote on 2017-10-20:

#1

testcase with ld.so and needed *.so Edit (2.9 MiB, application/x-tar)

Revision history for this message

Christophe Lyon (christophe-lyon) wrote on 2017-10-20:

#2

execution trace with qemu-2.7 Edit (439.0 KiB, text/plain)

Revision history for this message

Christophe Lyon (christophe-lyon) wrote on 2017-10-20:

#3

execution trace with qemu-2.10.1 Edit (413.0 KiB, text/plain)

Revision history for this message

Peter Maydell (pmaydell) wrote on 2017-10-20:

#4

Hi Christophe -- RTH posted a patchset yesterday which should fix this:
https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg04809.html

Revision history for this message

Peter Maydell (pmaydell) wrote on 2017-10-20:

#5

Oh, wait, different bug. Sorry for the noise...

Revision history for this message

Peter Maydell (pmaydell) wrote on 2017-10-20:

#6

I rather suspect something is going wrong when the dynamic loader attempts to paw through the ELF auxiliary vector...

Revision history for this message

Peter Maydell (pmaydell) wrote on 2017-10-20:

#7

Ah, that's a false positive. We flipped the order we put entries in the AUXV in commit 7c4ee5bcc82e64, so the code divergence is just because now _dl_sysdep_start is processing the entries in the opposite order to what it used to. (The "addls pc, pc, r3, lsl #2" is jumping into the jump table for the switch on different AUXV entry tags.) The traces converge again at 0x40817830.

Revision history for this message

Peter Maydell (pmaydell) wrote on 2017-10-20:

#8

I think what's actually happening is that we're failing on one of the tests in main(). This would be much easier to diagnose if the test case code printed information about what it was doing and what the failed test case was...

Revision history for this message

Christophe Lyon (christophe-lyon) wrote on 2017-10-20:

#9

Indeed I wish GCC tests printed information rather than just calling abort()...

I'll add some printfs and see what this says.

Revision history for this message

Christophe Lyon (christophe-lyon) wrote on 2017-10-20:

#10

I added printfs after each 'count++' statement, and here is what I got:

qemu-2.7:
ATOMIC_RELAXED OK
ATOMIC_ACQUIRE OK
ATOMIC_RELEASE OK
ATOMIC_ACQ_REL OK
ATOMIC_SEQ_CST OK
ATOMIC_RELAXED OK
ATOMIC_ACQUIRE OK
ATOMIC_RELEASE OK
ATOMIC_ACQ_REL OK
ATOMIC_SEQ_CST OK
ALL TESTS PASSED

qemu-2.10.1:
ATOMIC_RELAXED OK
ATOMIC_ACQUIRE OK
ATOMIC_RELEASE OK
ATOMIC_ACQ_REL OK
ATOMIC_SEQ_CST OK
qemu: uncaught target signal 6 (Aborted) - core dumped

Revision history for this message

Christophe Lyon (christophe-lyon) wrote on 2017-10-20:

#11

instrumented executable Edit (11.0 KiB, application/x-msdos-program)

Revision history for this message

Christophe Lyon (christophe-lyon) wrote on 2017-10-20:

#12

instrumented source testcase Edit (2.1 KiB, text/x-csrc)

Revision history for this message

Peter Maydell (pmaydell) wrote on 2017-10-20: Re: [Qemu-devel] [Bug 1725267] Re: armeb regression since qemu version 2.8

#13

On 20 October 2017 at 16:12, Christophe Lyon
<email address hidden> wrote:
> I'll add some printfs and see what this says.

I had a dig further in the logs and I suspect that we're either
doing the two halves of strexd or the two halves of ldrexd wrong
for linux-user bigendian.

thanks
-- PMM

Revision history for this message

Peter Maydell (pmaydell) wrote on 2017-11-02:

#14

https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg00155.html should fix this bug.

Changed in qemu:
status:	New → Incomplete
status:	Incomplete → In Progress

Revision history for this message

Peter Maydell (pmaydell) wrote on 2017-11-07:

#15

Fix committed and will be in 2.11.0 rc0.

Changed in qemu:
status:	In Progress → Fix Committed

Revision history for this message

Christophe Lyon (christophe-lyon) wrote on 2017-11-07:

#16

Great, thanks!

Revision history for this message

Thomas Huth (th-huth) wrote on 2017-12-15:

#17

https://git.qemu.org/?p=qemu.git;a=commitdiff;h=3448d47b3172015006b7

Changed in qemu:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.