QEMU

cpu-exec.c:648: cpu_loop_exec_tb: Assertion `use_icount' failed.

Bug #1768246 reported by John Paul Adrian Glaubitz
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
QEMU
Fix Released
Undecided
Unassigned

Bug Description

OpenJDK no longer works on qemu-sh4, it previously did after #1735384 was fixed.

Crash indicates an assertion failure:

(sid-sh4-sbuild)root@nofan:/# java --version
qemu-sh4-static: /root/qemu/accel/tcg/cpu-exec.c:648: cpu_loop_exec_tb: Assertion `use_icount' failed.
qemu: uncaught target signal 6 (Aborted) - core dumped
Aborted
(sid-sh4-sbuild)root@nofan:/#

Haven't bi-sected the issue yet, but will do so later.

Revision history for this message
Alex Bennée (ajbennee) wrote : Re: [Qemu-devel] [Bug 1768246] [NEW] cpu-exec.c:648: cpu_loop_exec_tb: Assertion `use_icount' failed.

John Paul Adrian Glaubitz <email address hidden> writes:

> Public bug reported:
>
> OpenJDK no longer works on qemu-sh4, it previously did after #1735384
> was fixed.
>
> Crash indicates an assertion failure:
>
> (sid-sh4-sbuild)root@nofan:/# java --version
> qemu-sh4-static: /root/qemu/accel/tcg/cpu-exec.c:648: cpu_loop_exec_tb: Assertion `use_icount' failed.
> qemu: uncaught target signal 6 (Aborted) - core dumped
> Aborted
> (sid-sh4-sbuild)root@nofan:/#
>
> Haven't bi-sected the issue yet, but will do so later.

Hmm that's ominous - arguably the assert should be inside the
CONFIG_USER but I'm not sure how you get to the point where icount isn't
< 0 after receiving a TB_EXIT_REQUESTED.

>
> ** Affects: qemu
> Importance: Undecided
> Status: New

--
Alex Bennée

Revision history for this message
John Paul Adrian Glaubitz (glaubitz) wrote :

On 05/01/2018 05:31 PM, Alex Bennée wrote:
>> Haven't bi-sected the issue yet, but will do so later.
>
> Hmm that's ominous - arguably the assert should be inside the
> CONFIG_USER but I'm not sure how you get to the point where icount isn't
> < 0 after receiving a TB_EXIT_REQUESTED.

git bisect yielded this:

4834871bc95b67343248100e2a75ae0d287bc08b is the first bad commit
commit 4834871bc95b67343248100e2a75ae0d287bc08b
Author: Richard Henderson <email address hidden>
Date: Thu Sep 7 11:50:54 2017 -0700

    target/sh4: Convert to DisasJumpType

    Signed-off-by: Richard Henderson <email address hidden>
    Message-Id: <email address hidden>
    [aurel32: fix whitespace]
    Signed-off-by: Aurelien Jarno <email address hidden>

:040000 040000 6e0e67cc5d0eb5ef461510d314c6af43eecc08bb aa3399c893c49e6fafda157181cf10f8fbcd0a72 M target

--
 .''`. John Paul Adrian Glaubitz
: :' : Debian Developer - <email address hidden>
`. `' Freie Universitaet Berlin - <email address hidden>
  `- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913

Revision history for this message
John Paul Adrian Glaubitz (glaubitz) wrote :

This bug also affects GHC on qemu-sh4:

checking version of ghc... ./configure: line 3199: 55879 Segmentation fault "${WithGhc-ghc}" --version > conftestghc 2>&1
8.2.2
qemu-sh4-static: /build/qemu-fWXVPw/qemu-2.12+dfsg/accel/tcg/cpu-exec.c:648: cpu_loop_exec_tb: Assertion `use_icount' failed.
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
qemu-sh4-static: /build/qemu-fWXVPw/qemu-2.12+dfsg/accel/tcg/cpu-exec.c:648: cpu_loop_exec_tb: Assertion `use_icount' failed.
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
qemu-sh4-static: /build/qemu-fWXVPw/qemu-2.12+dfsg/accel/tcg/cpu-exec.c:648: cpu_loop_exec_tb: Assertion `use_icount' failed.
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
qemu-sh4-static: /build/qemu-fWXVPw/qemu-2.12+dfsg/accel/tcg/cpu-exec.c:648: cpu_loop_exec_tb: Assertion `use_icount' failed.
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
qemu-sh4-static: /build/qemu-fWXVPw/qemu-2.12+dfsg/accel/tcg/cpu-exec.c:648: cpu_loop_exec_tb: Assertion `use_icount' failed.
qemu: uncaught target signal 11 (Segmentation fault) - core dumped

Just tested with qemu 5a5c383b1373aeb6c87a0d6060f6c3dc7c53082b.

--
 .''`. John Paul Adrian Glaubitz
: :' : Debian Developer - <email address hidden>
`. `' Freie Universitaet Berlin - <email address hidden>
  `- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913

Revision history for this message
John Paul Adrian Glaubitz (glaubitz) wrote :
Download full text (4.1 KiB)

Still present on git master:

/usr/bin/make -f src/server/CMakeFiles/KF5WaylandServer_autogen.dir/build.make src/server/CMakeFiles/KF5WaylandServer_autogen.dir/build
make[3]: Entering directory '/<<PKGBUILDDIR>>/obj-sh4-linux-gnu'
make[3]: Entering directory '/<<PKGBUILDDIR>>/obj-sh4-linux-gnu'
[ 0%] Automatic MOC for target surfaceExtensionHelper
[ 0%] Generating src/KF5Wayland.qch, src/KF5Wayland.tags
cd /<<PKGBUILDDIR>>/obj-sh4-linux-gnu/autotests/server && /usr/bin/cmake -E cmake_autogen /<<PKGBUILDDIR>>/obj-sh4-linux-gnu/autotests/server/CMakeFiles/surfaceExtensionHelper_autogen.dir/AutogenInfo.cmake Debian
cd /<<PKGBUILDDIR>>/obj-sh4-linux-gnu/src && cmake -E remove_directory "/<<PKGBUILDDIR>>/obj-sh4-linux-gnu/src/KF5Wayland_ECMQchDoxygen"
[ 0%] Automatic MOC for target KF5WaylandClient
[ 0%] Automatic MOC for target kwaylandScanner
cd /<<PKGBUILDDIR>>/obj-sh4-linux-gnu/src/tools && /usr/bin/cmake -E cmake_autogen /<<PKGBUILDDIR>>/obj-sh4-linux-gnu/src/tools/CMakeFiles/kwaylandScanner_autogen.dir/AutogenInfo.cmake Debian
cd /<<PKGBUILDDIR>>/obj-sh4-linux-gnu/src/client && /usr/bin/cmake -E cmake_autogen /<<PKGBUILDDIR>>/obj-sh4-linux-gnu/src/client/CMakeFiles/KF5WaylandClient_autogen.dir/AutogenInfo.cmake Debian
[ 0%] Automatic MOC for target KF5WaylandServer
cd /<<PKGBUILDDIR>>/obj-sh4-linux-gnu/src/server && /usr/bin/cmake -E cmake_autogen /<<PKGBUILDDIR>>/obj-sh4-linux-gnu/src/server/CMakeFiles/KF5WaylandServer_autogen.dir/AutogenInfo.cmake Debian
cd /<<PKGBUILDDIR>>/obj-sh4-linux-gnu/src && cmake -E make_directory "/<<PKGBUILDDIR>>/obj-sh4-linux-gnu/src/KF5Wayland_ECMQchDoxygen"
qemu-sh4-static: /root/qemu/accel/tcg/cpu-exec.c:634: cpu_loop_exec_tb: Assertion `use_icount' failed.
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault
make[3]: *** [autotests/server/CMakeFiles/surfaceExtensionHelper_autogen.dir/build.make:61: autotests/server/CMakeFiles/surfaceExtensionHelper_autogen] Error 139
make[3]: Leaving directory '/<<PKGBUILDDIR>>/obj-sh4-linux-gnu'
make[2]: *** [CMakeFiles/Makefile2:3729: autotests/server/CMakeFiles/surfaceExtensionHelper_autogen.dir/all] Error 2
make[2]: *** Waiting for unfinished jobs....
qemu-sh4-static: /root/qemu/accel/tcg/cpu-exec.c:634: cpu_loop_exec_tb: Assertion `use_icount' failed.
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault
make[3]: *** [src/client/CMakeFiles/KF5WaylandClient_autogen.dir/build.make:61: src/client/CMakeFiles/KF5WaylandClient_autogen] Error 139
make[3]: Leaving directory '/<<PKGBUILDDIR>>/obj-sh4-linux-gnu'
make[2]: *** [CMakeFiles/Makefile2:259: src/client/CMakeFiles/KF5WaylandClient_autogen.dir/all] Error 2
cd /<<PKGBUILDDIR>>/obj-sh4-linux-gnu/src && /usr/bin/doxygen /<<PKGBUILDDIR>>/obj-sh4-linux-gnu/src/KF5Wayland_ECMQchDoxygen.config
qemu-sh4-static: /root/qemu/accel/tcg/cpu-exec.c:634: cpu_loop_exec_tb: Assertion `use_icount' failed.
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault
make[3]: *** [src/tools/CMakeFiles/kwaylandScanner_autogen.dir/build.make:61: src/tools/CMakeFiles/kwaylandScanner_autogen] Error 139
make[3]: Leaving directory '/<<PKGBUILDDIR>>/obj-s...

Read more...

Revision history for this message
Laurent Vivier (laurent-vivier) wrote :

This change seems to fix the problem:

diff --git a/target/sh4/translate.c b/target/sh4/translate.c
index 1b9a201d6d..5010b0d349 100644
--- a/target/sh4/translate.c
+++ b/target/sh4/translate.c
@@ -253,7 +253,6 @@ static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
             tcg_gen_lookup_and_goto_ptr();
         }
     }
- ctx->base.is_jmp = DISAS_NORETURN;
 }

 static void gen_jump(DisasContext * ctx)
@@ -324,7 +323,6 @@ static void gen_delayed_conditional_jump(DisasContext * ctx)
         gen_jump(ctx);

         gen_set_label(l1);
- ctx->base.is_jmp = DISAS_NEXT;
         return;
     }

@@ -1877,6 +1875,7 @@ static void decode_opc(DisasContext * ctx)
         ctx->envflags &= ~GUSA_MASK;

         tcg_gen_movi_i32(cpu_flags, ctx->envflags);
+ ctx->base.is_jmp = DISAS_NORETURN;
         if (old_flags & DELAY_SLOT_CONDITIONAL) {
            gen_delayed_conditional_jump(ctx);
         } else {

Revision history for this message
Thomas Huth (th-huth) wrote :

Fix has been committed here:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=5b38d0264064055255db991

Changed in qemu:
status: New → Fix Committed
Thomas Huth (th-huth)
Changed in qemu:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.