summary refs log tree commit diff stats
path: root/results/classifier/118/none/1799200
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/118/none/1799200')
-rw-r--r--results/classifier/118/none/179920090
1 files changed, 90 insertions, 0 deletions
diff --git a/results/classifier/118/none/1799200 b/results/classifier/118/none/1799200
new file mode 100644
index 00000000..f6e2d995
--- /dev/null
+++ b/results/classifier/118/none/1799200
@@ -0,0 +1,90 @@
+user-level: 0.541
+TCG: 0.541
+mistranslation: 0.512
+KVM: 0.508
+VMM: 0.503
+risc-v: 0.491
+i386: 0.489
+x86: 0.477
+ppc: 0.473
+peripherals: 0.456
+vnc: 0.454
+register: 0.453
+hypervisor: 0.450
+device: 0.435
+debug: 0.432
+graphic: 0.429
+permissions: 0.416
+performance: 0.410
+semantic: 0.404
+arm: 0.398
+socket: 0.395
+virtual: 0.395
+PID: 0.392
+assembly: 0.386
+network: 0.386
+architecture: 0.378
+kernel: 0.377
+files: 0.365
+boot: 0.351
+
+null pointer dereference in tcg_emit_op
+
+I am insert a custom  tcg helper function in i386_tr_insn_start for trace the instructions.
+
+most of time the qemu runed ok ,but when execute some special software  will lead to crash.
+
+
+the below is the insert code:
+=======================================================================================
+
+ 8514 static void i386_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu)
+ 8515 {
+ 8516     DisasContext *dc = container_of(dcbase, DisasContext, base);
+ 8517     TCGv_ptr ptr= tcg_const_ptr((void*)cpu); // inserted hepler code
+ 8518     gen_helper_mad_exec(ptr);// insert helper code
+ 8519     tcg_gen_insn_start(dc->base.pc_next, dc->cc_op);
+ 8520 }
+======================================================================================
+
+below is the callstack 
+
+#0  0x000055555581df5e in tcg_emit_op (opc=opc@entry=INDEX_op_movi_i64) at /root/qemu/tcg/tcg.c:2205
+#1  0x0000555555825911 in tcg_gen_op2 (opc=opc@entry=INDEX_op_movi_i64, a1=140734736923704, a2=a2@entry=792) at /root/qemu/tcg/tcg-op.c:53
+#2  0x000055555581d713 in tcg_const_i64 (opc=INDEX_op_movi_i64, a2=792, a1=0x7378) at /root/qemu/tcg/tcg-op.h:109
+#3  0x000055555581d713 in tcg_const_i64 (arg=792, ret=<optimized out>) at /root/qemu/tcg/tcg-op.h:579
+#4  0x000055555581d713 in tcg_const_i64 (val=val@entry=792) at /root/qemu/tcg/tcg.c:1314
+#5  0x000055555582732d in tcg_gen_addi_i64 (ret=0xd18, arg1=0x378, arg2=arg2@entry=792) at /root/qemu/tcg/tcg-op.c:1200
+#6  0x000055555590ffaf in gen_sse (b=792, a=<optimized out>, r=<optimized out>) at /root/qemu/tcg/tcg-op.h:1258
+#7  0x000055555590ffaf in gen_sse (env=env@entry=0x5555567424d0, s=s@entry=0x7fffea99a610, b=b@entry=366, pc_start=pc_start@entry=4513509698, rex_r=rex_r@entry=0) at /root/qemu/target/i386/translate.c:3150
+#8  0x0000555555911d7f in disas_insn (s=s@entry=0x7fffea99a610, cpu=<optimized out>) at /root/qemu/target/i386/translate.c:8336
+#9  0x00005555559207a0 in i386_tr_translate_insn (dcbase=0x7fffea99a610, cpu=<optimized out>) at /root/qemu/target/i386/translate.c:8543
+#10 0x0000555555892649 in translator_loop (ops=0x55555622dee0 <i386_tr_ops>, db=0x7fffea99a610, cpu=0x55555673a220, tb=<optimized out>) at /root/qemu/accel/tcg/translator.c:110
+#11 0x00005555559209ef in gen_intermediate_code (cpu=cpu@entry=0x55555673a220, tb=tb@entry=0x7fff70682040 <code_gen_buffer+208150547>) at /root/qemu/target/i386/translate.c:8605
+#12 0x0000555555891437 in tb_gen_code (cpu=cpu@entry=0x55555673a220, pc=pc@entry=4513506448, cs_base=cs_base@entry=0, flags=flags@entry=4244147, cflags=cflags@entry=0) at /root/qemu/accel/tcg/translate-all.c:1728
+#13 0x000055555588f97b in cpu_exec (cf_mask=0, tb_exit=0, last_tb=0x0, cpu=0x0) at /root/qemu/accel/tcg/cpu-exec.c:410
+#14 0x000055555588f97b in cpu_exec (cpu=cpu@entry=0x55555673a220) at /root/qemu/accel/tcg/cpu-exec.c:734
+#15 0x000055555584b152 in tcg_cpu_exec (cpu=0x55555673a220) at /root/qemu/cpus.c:1405
+#16 0x000055555584d1b8 in qemu_tcg_rr_cpu_thread_fn (arg=<optimized out>) at /root/qemu/cpus.c:1505
+#17 0x00007ffff2585e25 in start_thread () at /lib64/libpthread.so.0
+#18 0x00007ffff22afbad in clone () at /lib64/libc.so.6
+
+Does this bug occur with a normal build of QEMU or only with your changes to it?
+
+1. You're leaking the "ptr" TCG temp. Fix it, and also test your code with the --enable-debug-tcg configure flag.
+2. Don't insert your helper in .insn_start; you'll have better luck in .translate_insn.
+
+
+Hi Emilio G. Cota (cota),
+ for point 1, I don't know what you mean about leaking the ptr TCG temp
+ for point 2. what I want to do is call callback function when execute  every guest instructions
+ so I think it's not should inset code in .translate_insn. what do you think about it?
+
+
+
+
+
+Hi Emilio G. Cota (cota),
+  thank you,
+  after I free the "ptr",there is no crash occur :) 
+