diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-05-21 21:21:26 +0200 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-05-21 21:21:26 +0200 |
| commit | 4b927bc37359dec23f67d3427fc982945f24f404 (patch) | |
| tree | 245449ef9146942dc7fffd0235b48b7e70a00bf2 /gitlab/issues/target_arm/host_missing/accel_TCG/2601.toml | |
| parent | aa8bd79cec7bf6790ddb01d156c2ef2201abbaab (diff) | |
| download | emulator-bug-study-4b927bc37359dec23f67d3427fc982945f24f404.tar.gz emulator-bug-study-4b927bc37359dec23f67d3427fc982945f24f404.zip | |
add gitlab issues in toml format
Diffstat (limited to 'gitlab/issues/target_arm/host_missing/accel_TCG/2601.toml')
| -rw-r--r-- | gitlab/issues/target_arm/host_missing/accel_TCG/2601.toml | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/gitlab/issues/target_arm/host_missing/accel_TCG/2601.toml b/gitlab/issues/target_arm/host_missing/accel_TCG/2601.toml new file mode 100644 index 00000000..b2a02fdb --- /dev/null +++ b/gitlab/issues/target_arm/host_missing/accel_TCG/2601.toml @@ -0,0 +1,44 @@ +id = 2601 +title = "Executing LD1SB + MTE on Arm64 fails an assert" +state = "closed" +created_at = "2024-10-01T12:51:00.831Z" +closed_at = "2024-11-16T21:18:19.612Z" +labels = ["Closed::Fixed", "accel: TCG", "target: arm"] +url = "https://gitlab.com/qemu-project/qemu/-/issues/2601" +host-os = "CentOS Linux release 8.5.2111" +host-arch = "x86" +qemu-version = "8.1.3" +guest-os = "bare-metal" +guest-arch = "aarch64" +description = """I'm getting +``` +qemu-system-aarch64: ../tcg/tcg-op-gvec.c:91: simd_desc: Assertion `data == sextract32(data, 0, (32 - ((0 + 8) + 2)))' failed. +``` +This is caused by the upper bits of `data` being set to 1, which violates the condition.""" +reproduce = """1. build QEMU with assertions enabled (e.g., `configure --enable-debug-tcg`). +2. have a `LD1SB f{z25.d}, p3/z, [x14, x9]` (binary a5894dd9) instruction in the executed code. +3. enable mte +4. Let QEMU execute the ld1sb instruction.""" +additional = """{width=699 height=141} + +This issue happens because for ld1sb, nregs=0 in `sve.decode`: +``` +# SVE contiguous load (scalar plus scalar) +LD_zprr 1010010 .... ..... 010 ... ..... ..... @rprr_load_dt nreg=0 +``` +As a result, in do_mem_zpa is called with n_reg=0, which becomes mte_n inside do_mem_zpa. +Since mte_n==0, and mte_active, then +```c +desc = FIELD_DP32(desc, MTEDESC, SIZEM1, (mte_n << msz) - 1); +``` +sets (0) - 1 == -1 to the field, which also sets the upper bits of `desc`. +The `desc` with upper bits set to 1 is used to call: +```c +desc = simd_desc(vsz, vsz, zt | desc); +``` +Inside `simd_desc`, the last parameter is named `data` and it fails the assertion: +```c +tcg_debug_assert(data == sextract32(data, 0, SIMD_DATA_BITS)) +``` + +#""" |