add 18th iteration of classifier

author: Christian Krinitsin <mail@krinitsin.com> 2025-06-16 16:59:00 +0000
committer: Christian Krinitsin <mail@krinitsin.com> 2025-06-16 16:59:33 +0000
commit: 9aba81d8eb048db908c94a3c40c25a5fde0caee6 (patch)
tree: b765e7fb5e9a3c2143c68b0414e0055adb70e785 /results/classifier/118/TCG
parent: b89a938452613061c0f1f23e710281cf5c83cb29 (diff)
download: emulator-bug-study-9aba81d8eb048db908c94a3c40c25a5fde0caee6.tar.gz
emulator-bug-study-9aba81d8eb048db908c94a3c40c25a5fde0caee6.zip
33 files changed, 2261 insertions, 0 deletions
diff --git a/results/classifier/118/TCG/1224 b/results/classifier/118/TCG/1224
new file mode 100644
index 00000000..6716f7a6
--- /dev/null
+++ b/results/classifier/118/TCG/1224
@@ -0,0 +1,70 @@
+TCG: 0.902
+graphic: 0.810
+device: 0.749
+network: 0.632
+architecture: 0.556
+semantic: 0.518
+performance: 0.505
+risc-v: 0.501
+ppc: 0.456
+socket: 0.456
+register: 0.419
+files: 0.384
+debug: 0.384
+PID: 0.377
+vnc: 0.374
+i386: 0.342
+kernel: 0.242
+permissions: 0.236
+boot: 0.209
+x86: 0.190
+mistranslation: 0.186
+arm: 0.184
+peripherals: 0.171
+VMM: 0.158
+user-level: 0.141
+virtual: 0.123
+hypervisor: 0.076
+assembly: 0.074
+KVM: 0.003
+--------------------
+TCG: 0.879
+debug: 0.450
+hypervisor: 0.167
+user-level: 0.057
+virtual: 0.047
+files: 0.032
+PID: 0.030
+performance: 0.028
+risc-v: 0.020
+semantic: 0.016
+register: 0.015
+arm: 0.012
+x86: 0.009
+ppc: 0.008
+device: 0.007
+assembly: 0.006
+kernel: 0.006
+architecture: 0.004
+peripherals: 0.004
+permissions: 0.003
+network: 0.002
+boot: 0.002
+i386: 0.002
+vnc: 0.002
+VMM: 0.001
+socket: 0.001
+graphic: 0.001
+mistranslation: 0.001
+KVM: 0.000
+
+QEMU crashes with failed assertion when executing compressed instructions with C extension support disabled
+Description of problem:
+When executing compressed instructions with compressed instruction support disabled (c=off), the tcg riscv translations fails an assertion.
+```
+qemu-system-riscv64: qemu/accel/tcg/translate-all.c:1449: tb_gen_code: Assertion `tb->size != 0' failed.
+```
+
+I believe that the issue is caused due to the fact that the compressed instruction without RVC support branch of the `decode_opc` function does not update `ctx->pc_succ_insn`, which causes `ctx->base.pc_next` to not be updated in `riscv_tr_translate_insn`, which then finally triggers the assertion once the tcg generation returns to `tb_gen_code`.
+
+Side note, it also seems like the `gen_exception_illegal` call in the same if case is not needed, since we also call it again at the end of the function.
diff --git a/results/classifier/118/TCG/1303 b/results/classifier/118/TCG/1303
new file mode 100644
index 00000000..43adb4cc
--- /dev/null
+++ b/results/classifier/118/TCG/1303
@@ -0,0 +1,61 @@
+TCG: 0.977
+device: 0.848
+architecture: 0.827
+network: 0.739
+performance: 0.545
+graphic: 0.528
+arm: 0.514
+semantic: 0.431
+debug: 0.422
+hypervisor: 0.384
+kernel: 0.300
+peripherals: 0.296
+mistranslation: 0.295
+assembly: 0.295
+VMM: 0.276
+ppc: 0.248
+files: 0.229
+register: 0.206
+virtual: 0.202
+boot: 0.186
+permissions: 0.177
+KVM: 0.143
+risc-v: 0.142
+i386: 0.126
+x86: 0.124
+vnc: 0.122
+socket: 0.115
+PID: 0.045
+user-level: 0.045
+--------------------
+TCG: 0.954
+x86: 0.883
+kernel: 0.784
+assembly: 0.423
+debug: 0.350
+virtual: 0.039
+performance: 0.033
+semantic: 0.032
+boot: 0.023
+files: 0.022
+KVM: 0.022
+ppc: 0.020
+i386: 0.013
+PID: 0.012
+hypervisor: 0.012
+VMM: 0.008
+architecture: 0.006
+user-level: 0.006
+arm: 0.005
+register: 0.004
+device: 0.003
+graphic: 0.002
+risc-v: 0.002
+network: 0.001
+permissions: 0.001
+vnc: 0.001
+mistranslation: 0.001
+socket: 0.000
+peripherals: 0.000
+
+tcg/cputlb: code path is reachable in load_memop/store_memop()
diff --git a/results/classifier/118/TCG/1497479 b/results/classifier/118/TCG/1497479
new file mode 100644
index 00000000..f153f7a4
--- /dev/null
+++ b/results/classifier/118/TCG/1497479
@@ -0,0 +1,101 @@
+TCG: 0.919
+kernel: 0.779
+graphic: 0.748
+semantic: 0.737
+device: 0.719
+files: 0.697
+mistranslation: 0.692
+architecture: 0.650
+VMM: 0.647
+performance: 0.638
+register: 0.635
+ppc: 0.628
+hypervisor: 0.623
+network: 0.587
+socket: 0.577
+user-level: 0.544
+vnc: 0.542
+virtual: 0.540
+risc-v: 0.531
+permissions: 0.487
+assembly: 0.485
+peripherals: 0.466
+i386: 0.457
+boot: 0.452
+KVM: 0.425
+debug: 0.424
+PID: 0.410
+arm: 0.404
+x86: 0.367
+--------------------
+TCG: 0.924
+hypervisor: 0.332
+virtual: 0.277
+x86: 0.204
+debug: 0.192
+kernel: 0.048
+network: 0.039
+files: 0.028
+PID: 0.013
+ppc: 0.012
+arm: 0.011
+i386: 0.011
+performance: 0.007
+semantic: 0.005
+user-level: 0.004
+risc-v: 0.004
+socket: 0.004
+architecture: 0.004
+VMM: 0.003
+device: 0.003
+register: 0.003
+vnc: 0.003
+assembly: 0.003
+boot: 0.001
+permissions: 0.001
+graphic: 0.001
+KVM: 0.001
+mistranslation: 0.000
+peripherals: 0.000
+
+memory corruption with migrate/savevm in TCG mode
+
+[ISSUE]
+
+QEMU releases 2.3.1 and lower are forgetting to flush TLBs before enabling the global dirty pages log and entering the final stage of saving the VM.
+
+[DESCRIPTION]
+
+The situation is the following:
+1. TLB misses is the only way for page dirtying in the TCG mode.
+2. If TLB is hit by a running VM during the execution of the `ram_save_iterate' by migration thread (e.g. if VM is mostly idling) then some pages are missing in the dirty log.
+3. These pages are then not migrated during `ram_save_complete'.
+4. This makes memory content in a saved VM state differ from the actual VM memory.
+5. If the affected area includes some Kernel data structures such as trees or lists this can cause Kernel to Oops after loading the saved state.
+
+[SOLUTION]
+
+A proposed solution is to flush TLB when `log_global_start' is called.
+Here is the patch: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049/+attachment/4459905/+files/tcg-commit-on-log-global-start.patch
+
+[LINKS]
+
+Ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049
+
+Hi,
+
+is this a duplicate of 1493049?  (Should they be merged?)
+
+Hi,
+
+This one is for QEMU master, 1493049 is for Ubuntu packages.
+
+Generally combining them is still better - but if it helps you to
+keep things straight then no problem, sorry for the noise - thanks.
+
+
+Looking through old bug tickets... can you still reproduce this issue with the latest version of QEMU? Or could we close this ticket nowadays? If you still can reproduce the issue, please send your patch to the qemu-devel mailing list for discussion (we generally do not take patches from the bugtracker). See https://wiki.qemu.org/Contribute/SubmitAPatch for details.
+
+
+[Expired for QEMU because there has been no activity for 60 days.]
+
diff --git a/results/classifier/118/TCG/1517 b/results/classifier/118/TCG/1517
new file mode 100644
index 00000000..097c3bd1
--- /dev/null
+++ b/results/classifier/118/TCG/1517
@@ -0,0 +1,61 @@
+TCG: 0.936
+device: 0.799
+architecture: 0.760
+graphic: 0.578
+arm: 0.551
+mistranslation: 0.544
+kernel: 0.528
+performance: 0.510
+semantic: 0.482
+network: 0.471
+vnc: 0.466
+x86: 0.437
+socket: 0.416
+debug: 0.410
+files: 0.406
+risc-v: 0.377
+i386: 0.367
+ppc: 0.365
+user-level: 0.339
+permissions: 0.313
+register: 0.280
+peripherals: 0.280
+virtual: 0.277
+KVM: 0.275
+hypervisor: 0.237
+PID: 0.230
+boot: 0.223
+VMM: 0.214
+assembly: 0.173
+--------------------
+TCG: 0.988
+x86: 0.775
+register: 0.570
+kernel: 0.419
+PID: 0.391
+architecture: 0.187
+i386: 0.127
+assembly: 0.123
+ppc: 0.050
+files: 0.048
+virtual: 0.043
+socket: 0.039
+hypervisor: 0.039
+debug: 0.034
+risc-v: 0.034
+permissions: 0.031
+semantic: 0.024
+arm: 0.024
+device: 0.011
+VMM: 0.009
+boot: 0.008
+user-level: 0.006
+performance: 0.006
+vnc: 0.003
+KVM: 0.002
+network: 0.002
+peripherals: 0.002
+graphic: 0.002
+mistranslation: 0.001
+
+TCG doesn't support requested feature: CPUID.80000001H:EDX.syscall [bit 11]/TCG doesn't support requested feature: CPUID.80000001H:EDX.lm [bit 29]
diff --git a/results/classifier/118/TCG/1565 b/results/classifier/118/TCG/1565
new file mode 100644
index 00000000..d518c5c2
--- /dev/null
+++ b/results/classifier/118/TCG/1565
@@ -0,0 +1,94 @@
+TCG: 0.930
+KVM: 0.910
+device: 0.793
+graphic: 0.722
+performance: 0.671
+kernel: 0.625
+network: 0.613
+register: 0.613
+PID: 0.600
+vnc: 0.596
+semantic: 0.590
+socket: 0.568
+files: 0.549
+permissions: 0.545
+ppc: 0.545
+risc-v: 0.484
+architecture: 0.473
+hypervisor: 0.464
+boot: 0.423
+debug: 0.413
+VMM: 0.409
+arm: 0.395
+peripherals: 0.346
+i386: 0.248
+x86: 0.235
+virtual: 0.233
+user-level: 0.208
+mistranslation: 0.201
+assembly: 0.174
+--------------------
+TCG: 0.959
+debug: 0.922
+kernel: 0.557
+KVM: 0.385
+files: 0.105
+user-level: 0.083
+hypervisor: 0.039
+performance: 0.022
+register: 0.021
+PID: 0.014
+architecture: 0.012
+assembly: 0.009
+device: 0.007
+semantic: 0.006
+virtual: 0.004
+VMM: 0.004
+network: 0.002
+graphic: 0.002
+boot: 0.002
+peripherals: 0.002
+risc-v: 0.001
+permissions: 0.001
+vnc: 0.001
+socket: 0.001
+mistranslation: 0.001
+arm: 0.000
+ppc: 0.000
+x86: 0.000
+i386: 0.000
+
+s390x TCG migration failure
+Description of problem:
+We're seeing failures running s390x migration kvm-unit-tests tests with TCG.
+
+Some initial findings:
+
+What seems to be happening is that after migration a control block header accessed by the test code is all zeros which causes an unexpected exception.
+
+I did a bisection which points to c8df4a7aef ("migration: Split save_live_pending() into state_pending_*") as the culprit.
+The migration issue persists after applying the fix e264705012 ("migration: I messed state_pending_exact/estimate") on top of c8df4a7aef.
+
+Applying
+
+```
+diff --git a/migration/ram.c b/migration/ram.c
+index 56ff9cd29d..2dc546cf28 100644
+--- a/migration/ram.c
++++ b/migration/ram.c
+@@ -3437,7 +3437,7 @@ static void ram_state_pending_exact(void *opaque, uint64_t max_size,
+ 
+     uint64_t remaining_size = rs->migration_dirty_pages * TARGET_PAGE_SIZE;
+ 
+-    if (!migration_in_postcopy()) {
++    if (!migration_in_postcopy() && remaining_size < max_size) {
+         qemu_mutex_lock_iothread();
+         WITH_RCU_READ_LOCK_GUARD() {
+             migration_bitmap_sync_precopy(rs);
+```
+on top fixes or hides the issue. (The comparison was removed by c8df4a7aef.)
+
+I arrived at this by experimentation, I haven't looked into why this makes a difference.
+Steps to reproduce:
+1. Run ACCEL=tcg ./run_tests.sh migration-skey-sequential with current QEMU master
+2. Repeat until the test fails (doesn't happen every time, but still easy to reproduce)
diff --git a/results/classifier/118/TCG/1698 b/results/classifier/118/TCG/1698
new file mode 100644
index 00000000..1133eb5a
--- /dev/null
+++ b/results/classifier/118/TCG/1698
@@ -0,0 +1,61 @@
+TCG: 0.938
+device: 0.893
+architecture: 0.813
+graphic: 0.750
+performance: 0.675
+network: 0.574
+hypervisor: 0.531
+debug: 0.370
+arm: 0.250
+mistranslation: 0.176
+boot: 0.172
+register: 0.139
+risc-v: 0.106
+vnc: 0.106
+ppc: 0.084
+assembly: 0.082
+semantic: 0.079
+virtual: 0.069
+user-level: 0.052
+permissions: 0.051
+socket: 0.039
+kernel: 0.033
+peripherals: 0.029
+PID: 0.019
+files: 0.019
+i386: 0.017
+VMM: 0.009
+x86: 0.008
+KVM: 0.003
+--------------------
+TCG: 0.959
+virtual: 0.881
+performance: 0.615
+debug: 0.567
+hypervisor: 0.494
+x86: 0.104
+assembly: 0.090
+files: 0.025
+device: 0.022
+kernel: 0.022
+user-level: 0.021
+peripherals: 0.008
+semantic: 0.007
+i386: 0.007
+register: 0.007
+graphic: 0.003
+arm: 0.003
+PID: 0.002
+network: 0.001
+architecture: 0.001
+boot: 0.001
+VMM: 0.001
+ppc: 0.000
+risc-v: 0.000
+mistranslation: 0.000
+socket: 0.000
+vnc: 0.000
+KVM: 0.000
+permissions: 0.000
+
+Global-buffer-overflow in QEMU TirCore TCG
diff --git a/results/classifier/118/TCG/1706 b/results/classifier/118/TCG/1706
new file mode 100644
index 00000000..d5d9449c
--- /dev/null
+++ b/results/classifier/118/TCG/1706
@@ -0,0 +1,69 @@
+TCG: 0.986
+register: 0.933
+mistranslation: 0.906
+device: 0.847
+kernel: 0.844
+peripherals: 0.819
+ppc: 0.766
+network: 0.707
+socket: 0.673
+vnc: 0.671
+arm: 0.667
+architecture: 0.583
+semantic: 0.560
+risc-v: 0.549
+PID: 0.540
+graphic: 0.534
+permissions: 0.523
+i386: 0.472
+boot: 0.431
+debug: 0.428
+files: 0.424
+x86: 0.420
+performance: 0.328
+virtual: 0.304
+hypervisor: 0.279
+KVM: 0.256
+VMM: 0.218
+user-level: 0.180
+assembly: 0.173
+--------------------
+TCG: 0.941
+register: 0.858
+hypervisor: 0.146
+kernel: 0.139
+files: 0.043
+x86: 0.039
+arm: 0.028
+virtual: 0.027
+architecture: 0.007
+i386: 0.007
+assembly: 0.005
+ppc: 0.005
+device: 0.005
+user-level: 0.004
+debug: 0.004
+semantic: 0.003
+KVM: 0.003
+VMM: 0.002
+boot: 0.002
+performance: 0.002
+risc-v: 0.002
+peripherals: 0.002
+permissions: 0.001
+PID: 0.001
+graphic: 0.001
+network: 0.001
+vnc: 0.000
+socket: 0.000
+mistranslation: 0.000
+
+Allow TCG plugins to read registers
+Additional information:
+- `include/qemu/plugin.h`
+- `include/qemu/qemu-plugin.h`
+
+PANDA implemented this already but it is not a very clean solution:
+- https://github.com/panda-re/qemu/commit/b97c5a56edd0ba3b5f6ab16bf531ac1f7abaac04 (mentioned in QPP patch series: https://lore.kernel.org/qemu-devel/20221213213757.4123265-1-fasano@mit.edu/)
+
+I personally think the flag for the TB translation and execution callbacks makes more sense
diff --git a/results/classifier/118/TCG/1887820 b/results/classifier/118/TCG/1887820
new file mode 100644
index 00000000..638151ad
--- /dev/null
+++ b/results/classifier/118/TCG/1887820
@@ -0,0 +1,76 @@
+TCG: 0.993
+device: 0.804
+graphic: 0.694
+network: 0.646
+semantic: 0.598
+performance: 0.596
+socket: 0.587
+vnc: 0.583
+files: 0.581
+mistranslation: 0.573
+architecture: 0.548
+ppc: 0.515
+VMM: 0.511
+virtual: 0.471
+PID: 0.437
+kernel: 0.435
+register: 0.416
+x86: 0.399
+arm: 0.394
+risc-v: 0.390
+hypervisor: 0.381
+permissions: 0.375
+i386: 0.360
+debug: 0.355
+boot: 0.351
+peripherals: 0.340
+KVM: 0.327
+user-level: 0.323
+assembly: 0.137
+--------------------
+TCG: 0.951
+debug: 0.296
+user-level: 0.282
+virtual: 0.071
+hypervisor: 0.064
+files: 0.048
+x86: 0.039
+semantic: 0.027
+kernel: 0.025
+register: 0.022
+arm: 0.020
+ppc: 0.018
+i386: 0.011
+assembly: 0.011
+device: 0.009
+PID: 0.008
+peripherals: 0.005
+architecture: 0.005
+network: 0.005
+performance: 0.004
+boot: 0.003
+risc-v: 0.003
+permissions: 0.002
+socket: 0.002
+graphic: 0.002
+vnc: 0.001
+VMM: 0.001
+KVM: 0.000
+mistranslation: 0.000
+
+TCG test targets missing from 'make check-help'
+
+We can run the TCG tests using:
+
+$ make run-tcg-tests-$TARGET-softmmu
+
+This is not listed in 'make check-help'.
+
+
+This is an automated cleanup. This bug report has been moved to QEMU's
+new bug tracker on gitlab.com and thus gets marked as 'invalid' now.
+Please continue with the discussion here:
+
+ https://gitlab.com/qemu-project/qemu/-/issues/228
+
+
diff --git a/results/classifier/118/TCG/2030 b/results/classifier/118/TCG/2030
new file mode 100644
index 00000000..eb940dfc
--- /dev/null
+++ b/results/classifier/118/TCG/2030
@@ -0,0 +1,77 @@
+TCG: 0.966
+graphic: 0.872
+performance: 0.736
+files: 0.714
+network: 0.650
+device: 0.641
+vnc: 0.538
+ppc: 0.509
+semantic: 0.485
+socket: 0.480
+kernel: 0.469
+risc-v: 0.456
+PID: 0.389
+boot: 0.361
+peripherals: 0.338
+i386: 0.330
+architecture: 0.288
+VMM: 0.288
+arm: 0.262
+x86: 0.235
+KVM: 0.225
+register: 0.224
+debug: 0.203
+permissions: 0.145
+mistranslation: 0.118
+hypervisor: 0.100
+virtual: 0.076
+user-level: 0.060
+assembly: 0.043
+--------------------
+TCG: 0.953
+kernel: 0.593
+files: 0.404
+debug: 0.182
+x86: 0.147
+hypervisor: 0.080
+VMM: 0.050
+KVM: 0.047
+virtual: 0.024
+register: 0.019
+i386: 0.017
+arm: 0.015
+risc-v: 0.013
+PID: 0.011
+ppc: 0.007
+network: 0.007
+device: 0.005
+performance: 0.004
+assembly: 0.004
+semantic: 0.003
+user-level: 0.002
+socket: 0.002
+vnc: 0.002
+peripherals: 0.002
+boot: 0.001
+architecture: 0.001
+graphic: 0.001
+permissions: 0.001
+mistranslation: 0.000
+
+Unreachable code
+Description of problem:
+There is always a false condition in the function `alloc_code_gen_buffer_splitwx_memfd` in the file `tcg/region.c`. If `buf_rw == NULL` we go to the mark __fail__:
+
+https://gitlab.com/qemu-project/qemu/-/blob/master/tcg/region.c?ref_type=heads#L580-L583
+
+But the value of `buf_rx` is __`MAP_FAILED`__:
+
+https://gitlab.com/qemu-project/qemu/-/blob/master/tcg/region.c?ref_type=heads#L577
+
+And this line will never be reached:
+
+https://gitlab.com/qemu-project/qemu/-/blob/master/tcg/region.c?ref_type=heads#L601
+
+Found by Linux Verification Center (portal.linuxtesting.ru) with SVACE.
+
+Author A. Voronin.
diff --git a/results/classifier/118/TCG/2076 b/results/classifier/118/TCG/2076
new file mode 100644
index 00000000..9a851adc
--- /dev/null
+++ b/results/classifier/118/TCG/2076
@@ -0,0 +1,61 @@
+TCG: 0.976
+architecture: 0.912
+mistranslation: 0.849
+performance: 0.753
+device: 0.647
+network: 0.516
+arm: 0.437
+socket: 0.416
+ppc: 0.366
+permissions: 0.361
+graphic: 0.252
+debug: 0.223
+register: 0.220
+risc-v: 0.177
+files: 0.172
+VMM: 0.151
+vnc: 0.144
+boot: 0.140
+semantic: 0.121
+peripherals: 0.116
+virtual: 0.052
+PID: 0.043
+KVM: 0.029
+user-level: 0.028
+kernel: 0.023
+x86: 0.019
+hypervisor: 0.019
+i386: 0.007
+assembly: 0.005
+--------------------
+TCG: 0.933
+debug: 0.842
+files: 0.701
+VMM: 0.063
+virtual: 0.060
+architecture: 0.029
+x86: 0.027
+user-level: 0.025
+KVM: 0.019
+semantic: 0.013
+ppc: 0.012
+arm: 0.012
+kernel: 0.011
+performance: 0.011
+i386: 0.009
+device: 0.009
+register: 0.006
+risc-v: 0.005
+network: 0.004
+assembly: 0.003
+boot: 0.003
+peripherals: 0.002
+graphic: 0.002
+PID: 0.001
+hypervisor: 0.001
+permissions: 0.001
+vnc: 0.001
+socket: 0.001
+mistranslation: 0.001
+
+stringop-overread warning in tests/tcg/multiarch/sha1.c
diff --git a/results/classifier/118/TCG/2079 b/results/classifier/118/TCG/2079
new file mode 100644
index 00000000..bf82aa03
--- /dev/null
+++ b/results/classifier/118/TCG/2079
@@ -0,0 +1,61 @@
+TCG: 0.910
+performance: 0.656
+device: 0.548
+graphic: 0.427
+mistranslation: 0.390
+network: 0.339
+semantic: 0.264
+boot: 0.244
+arm: 0.185
+PID: 0.135
+x86: 0.107
+ppc: 0.099
+risc-v: 0.098
+vnc: 0.093
+virtual: 0.089
+VMM: 0.079
+kernel: 0.060
+peripherals: 0.058
+register: 0.051
+socket: 0.048
+hypervisor: 0.046
+architecture: 0.045
+KVM: 0.044
+user-level: 0.043
+debug: 0.036
+files: 0.026
+assembly: 0.020
+i386: 0.013
+permissions: 0.005
+--------------------
+x86: 0.893
+TCG: 0.888
+assembly: 0.335
+debug: 0.120
+performance: 0.108
+files: 0.055
+kernel: 0.052
+virtual: 0.040
+KVM: 0.031
+VMM: 0.024
+device: 0.018
+register: 0.013
+PID: 0.010
+peripherals: 0.008
+semantic: 0.007
+risc-v: 0.006
+user-level: 0.006
+architecture: 0.004
+network: 0.004
+boot: 0.003
+hypervisor: 0.003
+i386: 0.001
+graphic: 0.001
+socket: 0.001
+mistranslation: 0.001
+arm: 0.001
+vnc: 0.001
+ppc: 0.001
+permissions: 0.000
+
+flaky test: tcg tests, cross-i686-tci runner, "run-memory" test
diff --git a/results/classifier/118/TCG/2131 b/results/classifier/118/TCG/2131
new file mode 100644
index 00000000..4f7f3bea
--- /dev/null
+++ b/results/classifier/118/TCG/2131
@@ -0,0 +1,61 @@
+TCG: 0.951
+performance: 0.630
+device: 0.592
+network: 0.562
+architecture: 0.391
+mistranslation: 0.384
+graphic: 0.382
+semantic: 0.310
+virtual: 0.273
+arm: 0.233
+i386: 0.196
+debug: 0.162
+x86: 0.150
+risc-v: 0.142
+peripherals: 0.127
+register: 0.126
+KVM: 0.116
+user-level: 0.088
+hypervisor: 0.087
+files: 0.082
+ppc: 0.079
+PID: 0.072
+boot: 0.063
+permissions: 0.055
+VMM: 0.046
+socket: 0.033
+assembly: 0.033
+vnc: 0.015
+kernel: 0.008
+--------------------
+TCG: 0.969
+user-level: 0.772
+virtual: 0.237
+debug: 0.150
+network: 0.068
+performance: 0.041
+x86: 0.039
+peripherals: 0.032
+assembly: 0.023
+files: 0.020
+device: 0.018
+boot: 0.008
+i386: 0.008
+VMM: 0.006
+kernel: 0.005
+semantic: 0.005
+ppc: 0.004
+KVM: 0.002
+PID: 0.002
+graphic: 0.002
+permissions: 0.001
+arm: 0.001
+register: 0.001
+risc-v: 0.001
+hypervisor: 0.001
+architecture: 0.001
+socket: 0.000
+vnc: 0.000
+mistranslation: 0.000
+
+tcg mem plugin, udata always zero
diff --git a/results/classifier/118/TCG/2152 b/results/classifier/118/TCG/2152
new file mode 100644
index 00000000..53c4c634
--- /dev/null
+++ b/results/classifier/118/TCG/2152
@@ -0,0 +1,61 @@
+TCG: 0.963
+device: 0.860
+performance: 0.651
+debug: 0.581
+arm: 0.580
+risc-v: 0.479
+kernel: 0.434
+register: 0.405
+network: 0.394
+architecture: 0.364
+boot: 0.357
+x86: 0.331
+i386: 0.329
+PID: 0.290
+ppc: 0.249
+KVM: 0.246
+hypervisor: 0.245
+graphic: 0.238
+virtual: 0.231
+permissions: 0.224
+vnc: 0.195
+socket: 0.181
+files: 0.178
+peripherals: 0.165
+semantic: 0.158
+mistranslation: 0.086
+assembly: 0.063
+VMM: 0.057
+user-level: 0.036
+--------------------
+TCG: 0.986
+debug: 0.715
+user-level: 0.263
+virtual: 0.126
+register: 0.063
+assembly: 0.030
+performance: 0.019
+semantic: 0.017
+kernel: 0.011
+device: 0.005
+files: 0.005
+PID: 0.005
+x86: 0.004
+network: 0.004
+architecture: 0.004
+boot: 0.003
+KVM: 0.003
+VMM: 0.003
+graphic: 0.003
+arm: 0.003
+peripherals: 0.002
+risc-v: 0.001
+i386: 0.001
+ppc: 0.001
+hypervisor: 0.001
+socket: 0.001
+vnc: 0.001
+mistranslation: 0.001
+permissions: 0.000
+
+TCG plugin to keep track what byte is load/store into memory
diff --git a/results/classifier/118/TCG/2229 b/results/classifier/118/TCG/2229
new file mode 100644
index 00000000..8ce04a6e
--- /dev/null
+++ b/results/classifier/118/TCG/2229
@@ -0,0 +1,65 @@
+TCG: 0.991
+register: 0.907
+device: 0.901
+network: 0.879
+PID: 0.777
+socket: 0.773
+performance: 0.745
+graphic: 0.745
+vnc: 0.668
+files: 0.667
+architecture: 0.638
+peripherals: 0.605
+hypervisor: 0.574
+boot: 0.526
+arm: 0.511
+ppc: 0.504
+x86: 0.475
+debug: 0.444
+kernel: 0.442
+i386: 0.432
+VMM: 0.375
+risc-v: 0.361
+permissions: 0.279
+semantic: 0.256
+mistranslation: 0.222
+user-level: 0.122
+virtual: 0.119
+assembly: 0.089
+KVM: 0.086
+--------------------
+TCG: 0.986
+virtual: 0.857
+debug: 0.853
+hypervisor: 0.247
+files: 0.193
+kernel: 0.163
+x86: 0.142
+arm: 0.106
+user-level: 0.069
+performance: 0.065
+register: 0.064
+device: 0.036
+i386: 0.032
+ppc: 0.029
+PID: 0.021
+semantic: 0.019
+KVM: 0.013
+peripherals: 0.013
+assembly: 0.010
+VMM: 0.010
+risc-v: 0.009
+architecture: 0.008
+boot: 0.007
+network: 0.004
+socket: 0.003
+graphic: 0.003
+permissions: 0.003
+vnc: 0.001
+mistranslation: 0.001
+
+tcg/tcg.c:813:tcg_register_thread: assertion failed: (n < tcg_max_ctxs)
+Description of problem:
+When running qemu-system-microblazeel with the xlnx-zynqmp-pmu machine and an additional xlnx-zynqmp-pmu-soc device, TCG crashes via an assertion.
+Steps to reproduce:
+Run: `` ./qemu-system-microblazeel -machine xlnx-zynqmp-pmu -device xlnx-zynqmp-pmu-soc ``
diff --git a/results/classifier/118/TCG/228 b/results/classifier/118/TCG/228
new file mode 100644
index 00000000..f3bc6917
--- /dev/null
+++ b/results/classifier/118/TCG/228
@@ -0,0 +1,61 @@
+TCG: 0.894
+mistranslation: 0.650
+device: 0.564
+performance: 0.284
+semantic: 0.249
+user-level: 0.235
+arm: 0.193
+graphic: 0.162
+permissions: 0.128
+virtual: 0.085
+boot: 0.080
+risc-v: 0.076
+i386: 0.074
+architecture: 0.067
+network: 0.065
+ppc: 0.064
+hypervisor: 0.055
+assembly: 0.053
+x86: 0.052
+kernel: 0.051
+vnc: 0.048
+register: 0.044
+peripherals: 0.033
+PID: 0.032
+socket: 0.030
+files: 0.023
+VMM: 0.023
+debug: 0.021
+KVM: 0.018
+--------------------
+TCG: 0.961
+virtual: 0.362
+performance: 0.095
+user-level: 0.089
+files: 0.057
+debug: 0.053
+semantic: 0.031
+kernel: 0.030
+assembly: 0.025
+peripherals: 0.016
+boot: 0.009
+device: 0.008
+x86: 0.006
+architecture: 0.005
+network: 0.003
+hypervisor: 0.003
+i386: 0.002
+register: 0.002
+arm: 0.002
+ppc: 0.002
+PID: 0.001
+KVM: 0.001
+risc-v: 0.001
+graphic: 0.001
+socket: 0.001
+mistranslation: 0.001
+VMM: 0.001
+permissions: 0.000
+vnc: 0.000
+
+TCG test targets missing from 'make check-help'
diff --git a/results/classifier/118/TCG/2525 b/results/classifier/118/TCG/2525
new file mode 100644
index 00000000..8260fdc8
--- /dev/null
+++ b/results/classifier/118/TCG/2525
@@ -0,0 +1,61 @@
+TCG: 0.964
+user-level: 0.826
+device: 0.733
+network: 0.634
+permissions: 0.579
+arm: 0.468
+architecture: 0.462
+performance: 0.404
+graphic: 0.381
+boot: 0.308
+register: 0.305
+vnc: 0.246
+debug: 0.226
+i386: 0.199
+ppc: 0.198
+files: 0.187
+socket: 0.179
+semantic: 0.178
+VMM: 0.168
+PID: 0.161
+peripherals: 0.154
+risc-v: 0.146
+x86: 0.130
+assembly: 0.124
+hypervisor: 0.109
+mistranslation: 0.076
+virtual: 0.075
+kernel: 0.064
+KVM: 0.040
+--------------------
+TCG: 0.861
+debug: 0.689
+performance: 0.349
+kernel: 0.331
+user-level: 0.265
+x86: 0.206
+KVM: 0.113
+files: 0.095
+virtual: 0.060
+ppc: 0.028
+boot: 0.026
+risc-v: 0.026
+arm: 0.023
+VMM: 0.015
+hypervisor: 0.014
+device: 0.012
+i386: 0.011
+semantic: 0.009
+register: 0.008
+assembly: 0.008
+architecture: 0.006
+PID: 0.005
+peripherals: 0.005
+permissions: 0.004
+network: 0.003
+graphic: 0.003
+vnc: 0.002
+socket: 0.002
+mistranslation: 0.001
+
+bFLT triggers accel/tcg/user-exec.c:505: page_set_flags: Assertion `have_mmap_lock()' failed.
diff --git a/results/classifier/118/TCG/2647 b/results/classifier/118/TCG/2647
new file mode 100644
index 00000000..95aa3844
--- /dev/null
+++ b/results/classifier/118/TCG/2647
@@ -0,0 +1,107 @@
+TCG: 0.994
+user-level: 0.945
+architecture: 0.905
+graphic: 0.799
+peripherals: 0.785
+performance: 0.749
+mistranslation: 0.733
+hypervisor: 0.595
+device: 0.552
+permissions: 0.517
+arm: 0.494
+PID: 0.456
+x86: 0.447
+ppc: 0.438
+VMM: 0.424
+semantic: 0.419
+assembly: 0.408
+register: 0.396
+i386: 0.387
+network: 0.333
+debug: 0.325
+files: 0.317
+virtual: 0.312
+socket: 0.311
+vnc: 0.281
+kernel: 0.275
+boot: 0.243
+KVM: 0.218
+risc-v: 0.137
+--------------------
+TCG: 0.980
+kernel: 0.815
+x86: 0.431
+debug: 0.229
+files: 0.218
+register: 0.197
+virtual: 0.160
+performance: 0.082
+ppc: 0.067
+i386: 0.056
+architecture: 0.037
+KVM: 0.037
+user-level: 0.019
+semantic: 0.017
+hypervisor: 0.016
+VMM: 0.015
+permissions: 0.015
+PID: 0.015
+device: 0.014
+arm: 0.012
+assembly: 0.011
+boot: 0.011
+risc-v: 0.010
+network: 0.008
+peripherals: 0.005
+socket: 0.005
+graphic: 0.005
+vnc: 0.004
+mistranslation: 0.002
+
+A code error in accel/tcg/user-exec.c
+Description of problem:
+accel/tcg/user-exec.c:
+```
+static int probe_access_internal(CPUArchState *env, vaddr addr,
+                                 int fault_size, MMUAccessType access_type,
+                                 bool nonfault, uintptr_t ra)
+{
+    int acc_flag;
+    bool maperr;
+
+    switch (access_type) {
+    case MMU_DATA_STORE:
+        acc_flag = PAGE_WRITE_ORG;
+        break;
+    case MMU_DATA_LOAD:
+        acc_flag = PAGE_READ;
+        break;
+    case MMU_INST_FETCH:
+        acc_flag = PAGE_EXEC;
+        break;
+    default:
+        g_assert_not_reached();
+    }
+
+    if (guest_addr_valid_untagged(addr)) {
+        int page_flags = page_get_flags(addr);
+        if (page_flags & acc_flag) {
+            if ((acc_flag == PAGE_READ || acc_flag == PAGE_WRITE)
+                && cpu_plugin_mem_cbs_enabled(env_cpu(env))) {
+                return TLB_MMIO;
+            }
+            return 0; /* success */
+        }
+        maperr = !(page_flags & PAGE_VALID);
+    } else {
+        maperr = true;
+    }
+
+    if (nonfault) {
+        return TLB_INVALID_MASK;
+    }
+
+    cpu_loop_exit_sigsegv(env_cpu(env), addr, access_type, maperr, ra);
+}
+```
+The conditional judgment "acc_flag == PAGE_WRITE" seems to have an issue, because acc_flag can only be PAGE_WRITE_ORG, PAGE_READ or PAGE_EXEC from the previous code.
diff --git a/results/classifier/118/TCG/2815 b/results/classifier/118/TCG/2815
new file mode 100644
index 00000000..c0649082
--- /dev/null
+++ b/results/classifier/118/TCG/2815
@@ -0,0 +1,61 @@
+TCG: 0.951
+device: 0.865
+network: 0.806
+architecture: 0.795
+performance: 0.765
+files: 0.621
+socket: 0.556
+debug: 0.524
+semantic: 0.518
+register: 0.505
+arm: 0.493
+permissions: 0.465
+peripherals: 0.402
+boot: 0.395
+vnc: 0.391
+graphic: 0.373
+hypervisor: 0.368
+kernel: 0.362
+user-level: 0.290
+risc-v: 0.290
+x86: 0.278
+i386: 0.274
+virtual: 0.255
+ppc: 0.219
+PID: 0.186
+VMM: 0.103
+assembly: 0.102
+mistranslation: 0.098
+KVM: 0.021
+--------------------
+user-level: 0.977
+TCG: 0.828
+debug: 0.127
+boot: 0.118
+x86: 0.072
+performance: 0.043
+virtual: 0.029
+files: 0.027
+semantic: 0.010
+assembly: 0.007
+architecture: 0.005
+hypervisor: 0.003
+register: 0.002
+PID: 0.002
+i386: 0.002
+device: 0.002
+graphic: 0.002
+ppc: 0.001
+arm: 0.001
+risc-v: 0.001
+kernel: 0.001
+peripherals: 0.001
+VMM: 0.001
+permissions: 0.001
+socket: 0.000
+network: 0.000
+mistranslation: 0.000
+KVM: 0.000
+vnc: 0.000
+
+clang 17 and newer -fsanitize=function causes QEMU user-mode to SEGV when calling TCG prologue
diff --git a/results/classifier/118/TCG/330 b/results/classifier/118/TCG/330
new file mode 100644
index 00000000..6571ebd5
--- /dev/null
+++ b/results/classifier/118/TCG/330
@@ -0,0 +1,61 @@
+TCG: 0.883
+architecture: 0.835
+device: 0.783
+network: 0.569
+performance: 0.566
+graphic: 0.456
+mistranslation: 0.442
+peripherals: 0.406
+user-level: 0.393
+semantic: 0.378
+hypervisor: 0.326
+permissions: 0.315
+kernel: 0.299
+virtual: 0.285
+register: 0.261
+socket: 0.257
+arm: 0.252
+i386: 0.216
+files: 0.193
+boot: 0.189
+risc-v: 0.177
+ppc: 0.171
+PID: 0.161
+x86: 0.146
+debug: 0.144
+vnc: 0.129
+assembly: 0.116
+VMM: 0.105
+KVM: 0.060
+--------------------
+TCG: 0.983
+virtual: 0.630
+peripherals: 0.064
+device: 0.057
+files: 0.038
+network: 0.031
+semantic: 0.031
+user-level: 0.018
+kernel: 0.009
+assembly: 0.006
+debug: 0.005
+architecture: 0.004
+boot: 0.003
+permissions: 0.003
+graphic: 0.003
+x86: 0.002
+performance: 0.002
+i386: 0.002
+hypervisor: 0.002
+PID: 0.002
+arm: 0.002
+mistranslation: 0.001
+register: 0.001
+ppc: 0.001
+socket: 0.001
+VMM: 0.000
+vnc: 0.000
+KVM: 0.000
+risc-v: 0.000
+
+TCG does not support x2APIC emulation
diff --git a/results/classifier/118/TCG/372 b/results/classifier/118/TCG/372
new file mode 100644
index 00000000..b495c673
--- /dev/null
+++ b/results/classifier/118/TCG/372
@@ -0,0 +1,61 @@
+TCG: 0.923
+architecture: 0.832
+mistranslation: 0.811
+device: 0.662
+graphic: 0.432
+PID: 0.366
+vnc: 0.359
+i386: 0.336
+performance: 0.320
+x86: 0.302
+register: 0.295
+risc-v: 0.283
+ppc: 0.277
+socket: 0.269
+boot: 0.261
+files: 0.247
+VMM: 0.242
+arm: 0.222
+semantic: 0.209
+debug: 0.207
+KVM: 0.183
+permissions: 0.173
+virtual: 0.137
+kernel: 0.046
+hypervisor: 0.041
+network: 0.014
+peripherals: 0.007
+assembly: 0.005
+user-level: 0.003
+--------------------
+TCG: 0.928
+semantic: 0.130
+virtual: 0.045
+kernel: 0.042
+assembly: 0.037
+device: 0.013
+files: 0.011
+user-level: 0.011
+debug: 0.009
+register: 0.008
+x86: 0.008
+mistranslation: 0.008
+performance: 0.008
+PID: 0.005
+socket: 0.004
+architecture: 0.003
+risc-v: 0.003
+VMM: 0.003
+ppc: 0.003
+boot: 0.002
+i386: 0.002
+graphic: 0.001
+peripherals: 0.001
+arm: 0.001
+KVM: 0.001
+hypervisor: 0.000
+vnc: 0.000
+permissions: 0.000
+network: 0.000
+
+Indentation should be done with spaces, not with TABs, in the TCG / CPU subsystem
diff --git a/results/classifier/118/TCG/393 b/results/classifier/118/TCG/393
new file mode 100644
index 00000000..c5b516f1
--- /dev/null
+++ b/results/classifier/118/TCG/393
@@ -0,0 +1,61 @@
+TCG: 0.918
+virtual: 0.895
+device: 0.804
+performance: 0.731
+risc-v: 0.632
+network: 0.594
+arm: 0.550
+hypervisor: 0.541
+vnc: 0.497
+VMM: 0.490
+semantic: 0.482
+architecture: 0.425
+graphic: 0.424
+boot: 0.393
+KVM: 0.355
+ppc: 0.323
+x86: 0.292
+i386: 0.289
+PID: 0.262
+register: 0.165
+mistranslation: 0.161
+permissions: 0.156
+peripherals: 0.107
+kernel: 0.102
+debug: 0.045
+socket: 0.033
+user-level: 0.020
+files: 0.009
+assembly: 0.007
+--------------------
+virtual: 0.937
+TCG: 0.890
+debug: 0.511
+performance: 0.229
+hypervisor: 0.091
+files: 0.063
+register: 0.057
+VMM: 0.046
+semantic: 0.032
+user-level: 0.020
+assembly: 0.019
+peripherals: 0.015
+permissions: 0.010
+x86: 0.009
+KVM: 0.009
+PID: 0.008
+architecture: 0.004
+device: 0.003
+kernel: 0.003
+boot: 0.003
+risc-v: 0.002
+graphic: 0.001
+i386: 0.001
+ppc: 0.001
+arm: 0.001
+network: 0.000
+socket: 0.000
+vnc: 0.000
+mistranslation: 0.000
+
+tests/vm: Warn when cross-build VM is run with TCG accelerator
diff --git a/results/classifier/118/TCG/427 b/results/classifier/118/TCG/427
new file mode 100644
index 00000000..5a4da85f
--- /dev/null
+++ b/results/classifier/118/TCG/427
@@ -0,0 +1,61 @@
+TCG: 0.996
+mistranslation: 0.924
+device: 0.849
+network: 0.621
+architecture: 0.615
+performance: 0.604
+arm: 0.582
+kernel: 0.347
+boot: 0.337
+hypervisor: 0.331
+x86: 0.327
+socket: 0.323
+graphic: 0.321
+permissions: 0.263
+risc-v: 0.237
+register: 0.237
+semantic: 0.236
+i386: 0.232
+files: 0.223
+debug: 0.202
+assembly: 0.194
+vnc: 0.187
+peripherals: 0.154
+ppc: 0.148
+user-level: 0.141
+virtual: 0.104
+VMM: 0.056
+PID: 0.054
+KVM: 0.003
+--------------------
+TCG: 0.985
+debug: 0.423
+assembly: 0.236
+user-level: 0.171
+virtual: 0.166
+x86: 0.061
+hypervisor: 0.053
+architecture: 0.025
+performance: 0.022
+files: 0.013
+semantic: 0.009
+kernel: 0.007
+i386: 0.006
+register: 0.006
+device: 0.004
+peripherals: 0.004
+arm: 0.003
+graphic: 0.001
+ppc: 0.001
+mistranslation: 0.001
+risc-v: 0.001
+PID: 0.001
+VMM: 0.001
+socket: 0.001
+boot: 0.001
+network: 0.000
+permissions: 0.000
+KVM: 0.000
+vnc: 0.000
+
+TCG: QEMU incorrectly raises exception on SSE4.2 CRC32 instruction
diff --git a/results/classifier/118/TCG/60 b/results/classifier/118/TCG/60
new file mode 100644
index 00000000..264ed9b9
--- /dev/null
+++ b/results/classifier/118/TCG/60
@@ -0,0 +1,61 @@
+TCG: 0.993
+architecture: 0.931
+performance: 0.802
+register: 0.744
+device: 0.602
+network: 0.504
+graphic: 0.481
+arm: 0.380
+assembly: 0.372
+debug: 0.297
+peripherals: 0.143
+socket: 0.141
+semantic: 0.134
+vnc: 0.122
+virtual: 0.098
+boot: 0.090
+VMM: 0.076
+PID: 0.070
+permissions: 0.067
+files: 0.057
+user-level: 0.049
+mistranslation: 0.044
+hypervisor: 0.034
+kernel: 0.022
+risc-v: 0.009
+ppc: 0.008
+x86: 0.005
+i386: 0.002
+KVM: 0.001
+--------------------
+TCG: 0.988
+virtual: 0.916
+hypervisor: 0.877
+arm: 0.574
+debug: 0.280
+assembly: 0.104
+user-level: 0.075
+architecture: 0.054
+register: 0.042
+performance: 0.034
+files: 0.020
+semantic: 0.014
+device: 0.010
+kernel: 0.006
+PID: 0.005
+KVM: 0.004
+graphic: 0.003
+boot: 0.002
+VMM: 0.002
+peripherals: 0.001
+socket: 0.000
+risc-v: 0.000
+permissions: 0.000
+network: 0.000
+mistranslation: 0.000
+vnc: 0.000
+ppc: 0.000
+x86: 0.000
+i386: 0.000
+
+qemu-system-aarch64 (tcg):  cval + voff overflow not handled, causes qemu to hang
diff --git a/results/classifier/118/TCG/658 b/results/classifier/118/TCG/658
new file mode 100644
index 00000000..68c62f8b
--- /dev/null
+++ b/results/classifier/118/TCG/658
@@ -0,0 +1,61 @@
+TCG: 0.952
+mistranslation: 0.852
+device: 0.737
+performance: 0.316
+ppc: 0.227
+architecture: 0.220
+user-level: 0.220
+permissions: 0.199
+graphic: 0.196
+semantic: 0.153
+arm: 0.151
+network: 0.132
+hypervisor: 0.126
+virtual: 0.120
+i386: 0.115
+debug: 0.110
+x86: 0.096
+peripherals: 0.086
+register: 0.068
+risc-v: 0.067
+files: 0.051
+boot: 0.051
+kernel: 0.040
+assembly: 0.038
+socket: 0.025
+vnc: 0.020
+PID: 0.017
+VMM: 0.011
+KVM: 0.009
+--------------------
+TCG: 0.954
+assembly: 0.644
+x86: 0.218
+files: 0.129
+virtual: 0.122
+user-level: 0.067
+semantic: 0.018
+debug: 0.017
+kernel: 0.017
+device: 0.016
+peripherals: 0.016
+i386: 0.010
+register: 0.010
+network: 0.007
+boot: 0.007
+performance: 0.007
+ppc: 0.003
+permissions: 0.003
+graphic: 0.003
+hypervisor: 0.002
+KVM: 0.001
+architecture: 0.001
+PID: 0.001
+socket: 0.001
+mistranslation: 0.001
+arm: 0.001
+VMM: 0.000
+risc-v: 0.000
+vnc: 0.000
+
+Missing documentation for TCG ctpop opcode
diff --git a/results/classifier/118/TCG/67 b/results/classifier/118/TCG/67
new file mode 100644
index 00000000..19afaeb5
--- /dev/null
+++ b/results/classifier/118/TCG/67
@@ -0,0 +1,61 @@
+TCG: 0.896
+device: 0.748
+graphic: 0.621
+mistranslation: 0.548
+performance: 0.503
+virtual: 0.289
+architecture: 0.205
+semantic: 0.144
+boot: 0.093
+user-level: 0.086
+network: 0.081
+debug: 0.067
+arm: 0.045
+permissions: 0.031
+i386: 0.022
+x86: 0.015
+register: 0.014
+assembly: 0.013
+files: 0.012
+ppc: 0.010
+VMM: 0.008
+risc-v: 0.006
+kernel: 0.006
+hypervisor: 0.006
+vnc: 0.005
+peripherals: 0.005
+socket: 0.003
+PID: 0.003
+KVM: 0.002
+--------------------
+TCG: 0.966
+virtual: 0.948
+user-level: 0.142
+files: 0.072
+performance: 0.069
+device: 0.032
+semantic: 0.030
+debug: 0.012
+network: 0.009
+peripherals: 0.007
+x86: 0.006
+register: 0.005
+hypervisor: 0.005
+kernel: 0.005
+boot: 0.004
+i386: 0.003
+assembly: 0.003
+permissions: 0.002
+mistranslation: 0.002
+arm: 0.002
+PID: 0.002
+architecture: 0.001
+graphic: 0.001
+vnc: 0.001
+ppc: 0.001
+VMM: 0.001
+socket: 0.001
+risc-v: 0.001
+KVM: 0.000
+
+incomplete emulation of fstenv under TCG
diff --git a/results/classifier/118/TCG/683 b/results/classifier/118/TCG/683
new file mode 100644
index 00000000..59a870f3
--- /dev/null
+++ b/results/classifier/118/TCG/683
@@ -0,0 +1,61 @@
+TCG: 0.823
+device: 0.774
+performance: 0.482
+graphic: 0.385
+architecture: 0.323
+network: 0.310
+semantic: 0.263
+risc-v: 0.203
+arm: 0.177
+x86: 0.157
+i386: 0.148
+kernel: 0.134
+register: 0.132
+socket: 0.126
+boot: 0.114
+mistranslation: 0.106
+debug: 0.089
+permissions: 0.088
+peripherals: 0.082
+hypervisor: 0.081
+vnc: 0.069
+VMM: 0.067
+KVM: 0.056
+assembly: 0.053
+PID: 0.039
+files: 0.028
+virtual: 0.026
+ppc: 0.018
+user-level: 0.004
+--------------------
+virtual: 0.935
+TCG: 0.914
+user-level: 0.119
+performance: 0.095
+hypervisor: 0.052
+debug: 0.027
+files: 0.018
+device: 0.010
+semantic: 0.006
+x86: 0.005
+peripherals: 0.005
+graphic: 0.004
+assembly: 0.003
+i386: 0.003
+PID: 0.003
+arm: 0.002
+ppc: 0.002
+kernel: 0.001
+architecture: 0.001
+risc-v: 0.001
+network: 0.001
+KVM: 0.001
+boot: 0.001
+VMM: 0.001
+socket: 0.001
+register: 0.001
+mistranslation: 0.000
+vnc: 0.000
+permissions: 0.000
+
+certain programs make QEMU crash with "tcg fatal error"
diff --git a/results/classifier/118/TCG/693 b/results/classifier/118/TCG/693
new file mode 100644
index 00000000..6f1c124b
--- /dev/null
+++ b/results/classifier/118/TCG/693
@@ -0,0 +1,70 @@
+TCG: 0.933
+graphic: 0.891
+performance: 0.851
+virtual: 0.721
+boot: 0.627
+device: 0.626
+hypervisor: 0.573
+architecture: 0.518
+semantic: 0.507
+i386: 0.357
+x86: 0.311
+debug: 0.273
+network: 0.243
+PID: 0.232
+permissions: 0.214
+ppc: 0.212
+mistranslation: 0.182
+vnc: 0.171
+risc-v: 0.165
+kernel: 0.130
+user-level: 0.123
+arm: 0.115
+register: 0.105
+peripherals: 0.104
+socket: 0.101
+VMM: 0.039
+assembly: 0.024
+files: 0.011
+KVM: 0.006
+--------------------
+virtual: 0.987
+TCG: 0.873
+performance: 0.843
+hypervisor: 0.800
+x86: 0.411
+kernel: 0.069
+debug: 0.033
+VMM: 0.016
+device: 0.016
+PID: 0.013
+register: 0.010
+i386: 0.010
+boot: 0.008
+files: 0.008
+ppc: 0.007
+arm: 0.004
+user-level: 0.004
+assembly: 0.003
+socket: 0.003
+KVM: 0.002
+risc-v: 0.001
+network: 0.001
+semantic: 0.001
+architecture: 0.001
+vnc: 0.001
+graphic: 0.001
+permissions: 0.001
+peripherals: 0.001
+mistranslation: 0.000
+
+Qemu increased memory usage with TCG
+Description of problem:
+The issue is that instances that are supposed to use only a small amount of memory (like 256MB) suddenly use a much higher amount of RSS when running the accel=tcg, around 512MB in the above example. This was not happening with qemu-4.2 (on Ubuntu 20.04). This is also not happening when using accel=kvm instead. The issue has been first noticed on Debian 11 (Bullseye) with the versions above, but it is happening in the same way on Centos 8 Stream, Ubuntu 21.10 and a pre-release version of Ubuntu 22.04. It also also seen when testing with qemu-6.1 built from source.
+Steps to reproduce:
+1. Deploy devstack (https://opendev.org/openstack/devstack) with VIRT_TYPE=qemu on a VM
+2. Start an instance with cirros image and a flavor allocating 256MB
+3. Do a ps and see a RSS size of about 512MB being used after the instance has finished booting
+4. Expected result (seen with qemu-4.2 or VIRT_TYPE=kvm): RSS stays < 256MB
+Additional information:
+I can try to find a smaller commandline for manual reproduction if needed. The above sample is generated by OpenStack Nova via libvirt.
diff --git a/results/classifier/118/TCG/737 b/results/classifier/118/TCG/737
new file mode 100644
index 00000000..a9b45f7d
--- /dev/null
+++ b/results/classifier/118/TCG/737
@@ -0,0 +1,63 @@
+TCG: 0.985
+device: 0.908
+architecture: 0.548
+files: 0.446
+socket: 0.406
+ppc: 0.386
+register: 0.347
+boot: 0.330
+semantic: 0.317
+graphic: 0.305
+permissions: 0.282
+assembly: 0.238
+arm: 0.226
+debug: 0.208
+vnc: 0.201
+network: 0.200
+mistranslation: 0.185
+PID: 0.162
+performance: 0.162
+peripherals: 0.116
+hypervisor: 0.104
+virtual: 0.079
+VMM: 0.059
+user-level: 0.052
+risc-v: 0.047
+kernel: 0.024
+KVM: 0.006
+x86: 0.002
+i386: 0.001
+--------------------
+TCG: 0.937
+files: 0.194
+assembly: 0.156
+register: 0.062
+virtual: 0.037
+architecture: 0.035
+kernel: 0.013
+semantic: 0.010
+device: 0.006
+VMM: 0.006
+PID: 0.006
+network: 0.006
+debug: 0.003
+permissions: 0.003
+KVM: 0.002
+boot: 0.002
+graphic: 0.001
+performance: 0.001
+hypervisor: 0.001
+user-level: 0.001
+vnc: 0.001
+peripherals: 0.001
+mistranslation: 0.000
+socket: 0.000
+arm: 0.000
+risc-v: 0.000
+ppc: 0.000
+x86: 0.000
+i386: 0.000
+
+s390x/tcg: Implement Miscellaneous-Instruction-Extensions Facility 3 for the s390x
+Additional information:
+http://publibfp.dhe.ibm.com/epubs/pdf/a227832c.pdf
diff --git a/results/classifier/118/TCG/738 b/results/classifier/118/TCG/738
new file mode 100644
index 00000000..9b9fc696
--- /dev/null
+++ b/results/classifier/118/TCG/738
@@ -0,0 +1,63 @@
+TCG: 0.968
+device: 0.876
+mistranslation: 0.576
+architecture: 0.576
+arm: 0.531
+socket: 0.501
+semantic: 0.480
+files: 0.471
+vnc: 0.409
+graphic: 0.405
+performance: 0.359
+register: 0.331
+ppc: 0.302
+boot: 0.286
+VMM: 0.278
+risc-v: 0.241
+network: 0.215
+permissions: 0.214
+hypervisor: 0.182
+debug: 0.120
+assembly: 0.099
+peripherals: 0.088
+virtual: 0.088
+kernel: 0.068
+PID: 0.054
+user-level: 0.045
+x86: 0.013
+KVM: 0.006
+i386: 0.001
+--------------------
+TCG: 0.916
+files: 0.219
+register: 0.119
+kernel: 0.055
+assembly: 0.038
+virtual: 0.036
+performance: 0.026
+device: 0.021
+peripherals: 0.020
+architecture: 0.015
+VMM: 0.010
+semantic: 0.010
+PID: 0.007
+network: 0.005
+debug: 0.003
+hypervisor: 0.003
+graphic: 0.002
+permissions: 0.002
+boot: 0.002
+KVM: 0.002
+vnc: 0.002
+user-level: 0.001
+risc-v: 0.001
+arm: 0.001
+socket: 0.000
+mistranslation: 0.000
+ppc: 0.000
+x86: 0.000
+i386: 0.000
+
+s390x/tcg: Implement Vector-Enhancements Facility 2 for s390x
+Additional information:
+http://publibfp.dhe.ibm.com/epubs/pdf/a227832c.pdf
diff --git a/results/classifier/118/TCG/799 b/results/classifier/118/TCG/799
new file mode 100644
index 00000000..d34db38b
--- /dev/null
+++ b/results/classifier/118/TCG/799
@@ -0,0 +1,107 @@
+TCG: 0.869
+graphic: 0.858
+assembly: 0.798
+architecture: 0.779
+device: 0.740
+performance: 0.681
+ppc: 0.635
+vnc: 0.609
+PID: 0.598
+register: 0.589
+socket: 0.576
+permissions: 0.566
+network: 0.552
+risc-v: 0.506
+kernel: 0.490
+files: 0.464
+user-level: 0.464
+arm: 0.411
+debug: 0.410
+peripherals: 0.367
+hypervisor: 0.347
+boot: 0.333
+virtual: 0.309
+x86: 0.295
+semantic: 0.288
+VMM: 0.286
+mistranslation: 0.231
+i386: 0.203
+KVM: 0.164
+--------------------
+assembly: 0.978
+TCG: 0.952
+debug: 0.505
+performance: 0.313
+virtual: 0.125
+files: 0.081
+register: 0.074
+semantic: 0.040
+architecture: 0.040
+hypervisor: 0.028
+user-level: 0.024
+kernel: 0.016
+PID: 0.013
+arm: 0.012
+device: 0.010
+network: 0.006
+risc-v: 0.005
+graphic: 0.004
+peripherals: 0.003
+VMM: 0.003
+ppc: 0.002
+boot: 0.002
+socket: 0.001
+KVM: 0.001
+vnc: 0.001
+permissions: 0.001
+x86: 0.001
+mistranslation: 0.001
+i386: 0.000
+
+TCG Optimizer crashes on AArch64 SVE2 instruction
+Description of problem:
+QEMU crashes due to an assertion in the TCG optimizer when optimizing an SVE2 instruction:
+```
+Unrecognized operation 145 in do_constant_folding.
+../tcg/optimize.c:458: tcg fatal error
+```
+Steps to reproduce:
+1. Compile the following minimized reproducer: (a pre-compiled image is provided for convenience - [reproducer.img](/uploads/0bddbfac55306a297fee59dd2f6923cf/reproducer.img))
+```asm
+.org 0x0
+entry:
+    mrs     x1, cptr_el3
+    orr     x9, x1, #0x100
+    msr     cptr_el3,   x9
+
+    msr     cptr_el2,   xzr
+
+    mov     x1, #0x3
+    mrs     x9, cpacr_el1
+    bfi     x9, x1, #16, #2
+    bfi     x9, x1, #20, #2
+    msr     cpacr_el1,  x9
+
+    mov     x9, 512
+    mov     x0, x9
+    asr     x0, x0, 7
+    sub     x9, x0, #1
+    msr     zcr_el1, x9
+
+    mov     x9, 512
+    mov     x0, x9
+    asr     x0, x0, 7
+    sub     x9, x0, #1
+    msr     zcr_el2, x9
+
+    mov     x9, 512
+    mov     x0, x9
+    asr     x0, x0, 7
+    sub     x9, x0, #1
+    msr     zcr_el3, x9
+
+    uqxtnt  z11.s, z22.d
+```
+2. Execute it using the command line given above.
+Additional information:
+I tested latest master as well, and the problem persists.
diff --git a/results/classifier/118/TCG/947 b/results/classifier/118/TCG/947
new file mode 100644
index 00000000..cd6e414a
--- /dev/null
+++ b/results/classifier/118/TCG/947
@@ -0,0 +1,73 @@
+TCG: 0.970
+architecture: 0.938
+register: 0.886
+graphic: 0.863
+debug: 0.840
+semantic: 0.820
+files: 0.798
+device: 0.758
+vnc: 0.678
+network: 0.668
+permissions: 0.643
+ppc: 0.640
+kernel: 0.623
+socket: 0.595
+PID: 0.570
+performance: 0.566
+risc-v: 0.547
+boot: 0.527
+arm: 0.494
+VMM: 0.401
+peripherals: 0.338
+mistranslation: 0.335
+i386: 0.321
+KVM: 0.302
+user-level: 0.280
+virtual: 0.276
+hypervisor: 0.270
+x86: 0.270
+assembly: 0.260
+--------------------
+TCG: 0.968
+debug: 0.910
+assembly: 0.389
+performance: 0.223
+files: 0.188
+kernel: 0.185
+hypervisor: 0.166
+register: 0.043
+PID: 0.030
+architecture: 0.028
+semantic: 0.016
+device: 0.015
+arm: 0.015
+virtual: 0.013
+user-level: 0.006
+network: 0.004
+boot: 0.003
+graphic: 0.003
+VMM: 0.003
+peripherals: 0.003
+KVM: 0.002
+socket: 0.002
+permissions: 0.002
+risc-v: 0.001
+vnc: 0.001
+mistranslation: 0.001
+x86: 0.001
+ppc: 0.000
+i386: 0.000
+
+TCG AARCH64 Segmentation fault when helper function is called
+Description of problem:
+Segmentation fault in the TCG thread.
+The issue occurs in the generated code when branching to (helper)lookup_tb_ptr (see op longs).
+It seems that the generated instruction don't load the upper32 of the address of lookup_tb_ptr in the register before branching to it. According to LLDB, the program tries to access 0x1cffe060 while the right address 0x7ff71cffe060 (see debugger logs).
+Additional information:
+The issue seems to be located at https://gitlab.com/qemu-project/qemu/-/blob/master/tcg/aarch64/tcg-target.c.inc#L1091
+`t2 = t1 & ~(0xffffUL << s1);`. 
+The fix would be `t2 = t1 & ~(0xffffULL << s1);`
+
+
+[lldb.log](/uploads/6a1d57eaecae4a375c6ada7384489876/lldb.log)
+[qemu_segmentation.log](/uploads/e3c2d6d42291ff7d1ff8d37341e3da1d/qemu_segmentation.log)
diff --git a/results/classifier/118/TCG/979 b/results/classifier/118/TCG/979
new file mode 100644
index 00000000..8dc08407
--- /dev/null
+++ b/results/classifier/118/TCG/979
@@ -0,0 +1,67 @@
+TCG: 0.958
+graphic: 0.896
+files: 0.867
+device: 0.800
+user-level: 0.720
+performance: 0.604
+semantic: 0.540
+socket: 0.512
+boot: 0.509
+network: 0.445
+vnc: 0.434
+ppc: 0.398
+risc-v: 0.379
+PID: 0.370
+debug: 0.334
+register: 0.334
+kernel: 0.306
+mistranslation: 0.286
+VMM: 0.266
+arm: 0.254
+architecture: 0.142
+permissions: 0.108
+virtual: 0.096
+x86: 0.080
+KVM: 0.075
+hypervisor: 0.060
+i386: 0.052
+peripherals: 0.049
+assembly: 0.030
+--------------------
+TCG: 0.906
+files: 0.744
+kernel: 0.416
+debug: 0.194
+user-level: 0.144
+VMM: 0.036
+semantic: 0.023
+register: 0.018
+virtual: 0.014
+device: 0.013
+performance: 0.010
+peripherals: 0.010
+assembly: 0.009
+PID: 0.006
+architecture: 0.006
+KVM: 0.005
+hypervisor: 0.004
+graphic: 0.004
+risc-v: 0.003
+network: 0.002
+boot: 0.001
+vnc: 0.001
+socket: 0.001
+permissions: 0.001
+mistranslation: 0.001
+x86: 0.000
+ppc: 0.000
+arm: 0.000
+i386: 0.000
+
+s390x floating point conversion functions broken
+Description of problem:
+While collecting additional reference files for float_convs (and float_convd) I noticed that the s390x handling of some cases is broken. See diff for details:
+
+```
+ diff -y tests/tcg/s390x-linux-user/float_convs.out ../../tests/tcg/s390x/float_convs.ref
+#
diff --git a/results/classifier/118/TCG/99 b/results/classifier/118/TCG/99
new file mode 100644
index 00000000..de9eb56c
--- /dev/null
+++ b/results/classifier/118/TCG/99
@@ -0,0 +1,61 @@
+TCG: 0.877
+device: 0.831
+architecture: 0.680
+arm: 0.546
+graphic: 0.479
+boot: 0.401
+risc-v: 0.395
+performance: 0.351
+PID: 0.346
+vnc: 0.327
+VMM: 0.310
+semantic: 0.294
+virtual: 0.273
+ppc: 0.259
+network: 0.237
+register: 0.234
+x86: 0.227
+mistranslation: 0.222
+i386: 0.212
+peripherals: 0.189
+permissions: 0.186
+files: 0.159
+debug: 0.143
+assembly: 0.142
+KVM: 0.114
+socket: 0.104
+hypervisor: 0.098
+user-level: 0.081
+kernel: 0.063
+--------------------
+user-level: 0.898
+TCG: 0.895
+virtual: 0.829
+kernel: 0.743
+hypervisor: 0.354
+x86: 0.117
+files: 0.060
+assembly: 0.051
+VMM: 0.041
+register: 0.037
+ppc: 0.019
+i386: 0.016
+risc-v: 0.015
+semantic: 0.015
+device: 0.011
+arm: 0.008
+peripherals: 0.006
+KVM: 0.006
+socket: 0.005
+boot: 0.003
+graphic: 0.003
+permissions: 0.003
+debug: 0.002
+network: 0.002
+PID: 0.001
+architecture: 0.001
+vnc: 0.001
+performance: 0.000
+mistranslation: 0.000
+
+Feature Request:  Please add TCG OPAL 2 emulation support to the virtio disk emulation
author	Christian Krinitsin <mail@krinitsin.com>	2025-06-16 16:59:00 +0000
committer	Christian Krinitsin <mail@krinitsin.com>	2025-06-16 16:59:33 +0000
commit	9aba81d8eb048db908c94a3c40c25a5fde0caee6 (patch)
tree	b765e7fb5e9a3c2143c68b0414e0055adb70e785 /results/classifier/118/TCG
parent	b89a938452613061c0f1f23e710281cf5c83cb29 (diff)
download	emulator-bug-study-9aba81d8eb048db908c94a3c40c25a5fde0caee6.tar.gz emulator-bug-study-9aba81d8eb048db908c94a3c40c25a5fde0caee6.zip