diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-05-21 21:21:26 +0200 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-05-21 21:21:26 +0200 |
| commit | 4b927bc37359dec23f67d3427fc982945f24f404 (patch) | |
| tree | 245449ef9146942dc7fffd0235b48b7e70a00bf2 /gitlab/issues/target_missing/host_missing/accel_TCG/1435.toml | |
| parent | aa8bd79cec7bf6790ddb01d156c2ef2201abbaab (diff) | |
| download | qemu-analysis-4b927bc37359dec23f67d3427fc982945f24f404.tar.gz qemu-analysis-4b927bc37359dec23f67d3427fc982945f24f404.zip | |
add gitlab issues in toml format
Diffstat (limited to 'gitlab/issues/target_missing/host_missing/accel_TCG/1435.toml')
| -rw-r--r-- | gitlab/issues/target_missing/host_missing/accel_TCG/1435.toml | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/gitlab/issues/target_missing/host_missing/accel_TCG/1435.toml b/gitlab/issues/target_missing/host_missing/accel_TCG/1435.toml new file mode 100644 index 000000000..cd0bbbfec --- /dev/null +++ b/gitlab/issues/target_missing/host_missing/accel_TCG/1435.toml @@ -0,0 +1,24 @@ +id = 1435 +title = "Infinite recursion in tcg_gen_mulu2_i32 for certain 32-bit hosts." +state = "closed" +created_at = "2023-01-11T07:49:44.749Z" +closed_at = "2023-02-03T12:42:33.450Z" +labels = ["Closed::Fixed", "accel: TCG"] +url = "https://gitlab.com/qemu-project/qemu/-/issues/1435" +host-os = "N/A (See description)" +host-arch = "N/A (See description)" +qemu-version = "7.2.0" +guest-os = "PC BIOS" +guest-arch = "x86-64" +description = """`tcg_gen_mulu2_i32` infinitely recurses on a 32-bit host (TCG target) that has neither `TCG_TARGET_HAS_mulu2_i32` nor `TCG_TARGET_HAS_muluh_i32`. + +I don't actually think there is any host that is 32-bits and has neither mulu2 nor muluh. The only reference I found is [this](https://gitlab.com/qemu-project/qemu/-/commit/df9ebea53ebc1c98217743f56c30ae3a46031bb9) commit, which adds an `#error` if that situation is hit. But the check, which [still exists](https://gitlab.com/qemu-project/qemu/-/blob/v7.2.0/include/tcg/tcg.h#L174), checks if those flags are *defined*, not for their value. I guess, over the years as the code was refactored, the check wasn't updated because, frankly, there aren't any hosts that match that situation (except mine). + +One easy fix is to change the check mentioned above to check the actual macro value so that compilation fails. I can create a PR for that.""" +reproduce = """(Note: I'm linking to the v7.2.0 tag so that these links stay relevant). + +1. `tcg_gen_mulu2_i32` [calls](https://gitlab.com/qemu-project/qemu/-/blob/v7.2.0/tcg/tcg-op.c#L890) `tcg_gen_mul_i64`. +2. `tcg_gen_mul_i64` on 32-bit hosts, due to [this](https://gitlab.com/qemu-project/qemu/-/blob/v7.2.0/tcg/tcg-op.c#L1097) check for `TCG_TARGET_REG_BITS == 32`, is defined [here](https://gitlab.com/qemu-project/qemu/-/blob/v7.2.0/tcg/tcg-op.c#L1218), and [calls](https://gitlab.com/qemu-project/qemu/-/blob/v7.2.0/tcg/tcg-op.c#L1226) `tcg_gen_mulu2_i32`. +3. Rinse and repeat. +4. Eventually, as gen_mulu2/mul functions spill while trying to allocate temps, they will overflow the TB buffer. This will restart code generation with smaller and smaller block sizes, until the block size reaches 1 instruction. TCG will then give up and [assert](https://gitlab.com/qemu-project/qemu/-/blob/v7.2.0/accel/tcg/translate-all.c#L869).""" +additional = """""" |