diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-06-16 16:59:00 +0000 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-06-16 16:59:33 +0000 |
| commit | 9aba81d8eb048db908c94a3c40c25a5fde0caee6 (patch) | |
| tree | b765e7fb5e9a3c2143c68b0414e0055adb70e785 /results/classifier/118/none/2655 | |
| parent | b89a938452613061c0f1f23e710281cf5c83cb29 (diff) | |
| download | qemu-analysis-9aba81d8eb048db908c94a3c40c25a5fde0caee6.tar.gz qemu-analysis-9aba81d8eb048db908c94a3c40c25a5fde0caee6.zip | |
add 18th iteration of classifier
Diffstat (limited to 'results/classifier/118/none/2655')
| -rw-r--r-- | results/classifier/118/none/2655 | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/results/classifier/118/none/2655 b/results/classifier/118/none/2655 new file mode 100644 index 000000000..e3b090a18 --- /dev/null +++ b/results/classifier/118/none/2655 @@ -0,0 +1,69 @@ +device: 0.619 +risc-v: 0.605 +performance: 0.563 +graphic: 0.557 +register: 0.528 +PID: 0.500 +ppc: 0.491 +architecture: 0.473 +socket: 0.437 +user-level: 0.425 +kernel: 0.399 +assembly: 0.389 +permissions: 0.372 +hypervisor: 0.351 +files: 0.350 +vnc: 0.343 +peripherals: 0.340 +debug: 0.306 +network: 0.294 +semantic: 0.265 +x86: 0.260 +TCG: 0.249 +virtual: 0.240 +i386: 0.224 +VMM: 0.221 +arm: 0.218 +mistranslation: 0.195 +boot: 0.192 +KVM: 0.124 + +A problem in target/riscv/vector_helper.c: vext_ldff() +Description of problem: +I‘m confused about a behavior in function vext_ldff() in target/riscv/vector_helper.c: +``` +static inline void +vext_ldff(...) +{ +... + for (i = env->vstart; i < env->vl; i++) { +... + if (i == 0) { + probe_pages(env, addr, nf << log2_esz, ra, MMU_DATA_LOAD); + } else { +... + flags = probe_access_flags(env, addr, offset, MMU_DATA_LOAD, + mmu_index, true, &host, 0); +... + if (flags & ~TLB_WATCHPOINT) { + vl = i; + goto ProbeSuccess; + } +... + } + } +ProbeSuccess: +... +} +``` +If the current instruction has a memory callback by plugin, the function probe_access_flags() will return TLB_MMIO when the page is exist. + +In this case, the function will always set vl to 1, goto ProbeSuccess, and only load the first element. Does it meet expectations? + +This problem occurred in both linux-user mode and full-system mode. + +Maybe we can add extra parameter to probe_access_flags(), in order to change the behavior of inner functions. +Steps to reproduce: +1. Make a binary with instruction vle(x)ff.v, what I am using is https://github.com/chipsalliance/riscv-vector-tests. +2. Write a plugin to add memory callbacks. +3. Observe the behavior of the function. |