diff options
Diffstat (limited to 'results/classifier/118/none/1766896')
| -rw-r--r-- | results/classifier/118/none/1766896 | 210 |
1 files changed, 210 insertions, 0 deletions
diff --git a/results/classifier/118/none/1766896 b/results/classifier/118/none/1766896 new file mode 100644 index 000000000..1e89b9397 --- /dev/null +++ b/results/classifier/118/none/1766896 @@ -0,0 +1,210 @@ +TCG: 0.740 +register: 0.733 +graphic: 0.723 +mistranslation: 0.714 +assembly: 0.709 +peripherals: 0.706 +KVM: 0.705 +VMM: 0.678 +vnc: 0.675 +permissions: 0.672 +virtual: 0.663 +debug: 0.662 +ppc: 0.646 +architecture: 0.643 +semantic: 0.635 +arm: 0.634 +device: 0.627 +user-level: 0.609 +PID: 0.592 +performance: 0.568 +risc-v: 0.567 +hypervisor: 0.563 +x86: 0.508 +socket: 0.499 +kernel: 0.473 +boot: 0.448 +files: 0.448 +i386: 0.337 +network: 0.315 + +qemu-system-arm segfault in arm_v7m_mmu_idx_for_secstate + +Attempting to emulate some baremetal ARM cortex-M* firmware with gdb causes a segfault every time. + +qemu invocation: +qemu-system-arm -machine none -cpu cortex-m3 -nographic -monitor null -serial null -s -S -device loader,file=firmware.elf + +qemu seems to startup fine with that command. Segfault happens as soon as I connect from another console with + +arm-none-eabi-gdb firmware.elf +> target remote localhost:1234 +# qemu segfaults, and kills arm-none-eabi-gdb along with it + +Here's a bt from qemu-system-arm : + +********************************* +#0 armv7m_nvic_neg_prio_requested (opaque=0x0, secure=false) + at /home/sac/qemu/src/qemu/hw/intc/armv7m_nvic.c:383 + s = 0x0 +#1 0x006e4806 in arm_v7m_mmu_idx_for_secstate (secstate=<optimized out>, env=0xb620263c) + at /home/sac/qemu/src/qemu/target/arm/cpu.h:2345 + el = <optimized out> + mmu_idx = ARMMMUIdx_MPriv + el = <optimized out> + mmu_idx = <optimized out> +#2 cpu_mmu_index (ifetch=false, env=0xb620263c) at /home/sac/qemu/src/qemu/target/arm/cpu.h:2358 + mmu_idx = <optimized out> + el = <optimized out> + ifetch = <optimized out> + env = 0xb620263c + el = <optimized out> + mmu_idx = <optimized out> + el = <optimized out> + el = <optimized out> + mmu_idx = <optimized out> +#3 arm_cpu_get_phys_page_attrs_debug (cs=0xb61fe480, addr=0, attrs=0xbfffc668) + at /home/sac/qemu/src/qemu/target/arm/helper.c:9858 + cpu = 0xb61fe480 + __func__ = "arm_cpu_get_phys_page_attrs_debug" + env = 0xb620263c + phys_addr = 6402535376434480864 + page_size = 5 + prot = -1239242724 + ret = <optimized out> + fsr = 4294967041 + fi = {s2addr = 0, stage2 = false, s1ptw = false, ea = false} + mmu_idx = <optimized out> +#4 0x005729d1 in cpu_get_phys_page_attrs_debug (attrs=<optimized out>, addr=<optimized out>, + cpu=<optimized out>) at /home/sac/qemu/src/qemu/include/qom/cpu.h:580 + cc = <optimized out> + cc = <optimized out> +#5 cpu_memory_rw_debug (cpu=0xb61fe480, addr=0, buf=0xbfffd6dc "", len=4, is_write=0) + at /home/sac/qemu/src/qemu/exec.c:3524 + asidx = <optimized out> + attrs = {unspecified = 0, secure = 0, user = 0, requester_id = 15525} + l = <optimized out> + phys_addr = <optimized out> + page = 0 + __PRETTY_FUNCTION__ = "cpu_memory_rw_debug" +#6 0x005b4c5e in target_memory_rw_debug (is_write=false, len=4, buf=<optimized out>, addr=0, + cpu=0xb61fe480) at /home/sac/qemu/src/qemu/gdbstub.c:56 + cc = <optimized out> + cc = <optimized out> +#7 gdb_handle_packet (s=s@entry=0xb6229800, line_buf=line_buf@entry=0xb6229810 "m0,4") + at /home/sac/qemu/src/qemu/gdbstub.c:1109 + cpu = <optimized out> + cc = <optimized out> + p = 0xb6229813 "4" + thread = <optimized out> + ch = <optimized out> + reg_size = <optimized out> + type = <optimized out> + res = <optimized out> + buf = "m1\000", '\060' <repeats 109 times>, "ffffffff00000000d3010040\000t modification,\n are permitted in any medium without royalt"... + mem_buf = '\000' <repeats 56 times>, "\377\377\377\377\000\000\000\000\323\001\000@", '\000' <repeats 716 times>... + registers = <optimized out> + addr = 0 + len = 4 + __func__ = "gdb_handle_packet" +#8 0x005b55b3 in gdb_read_byte (ch=100, s=0xb6229800) at /home/sac/qemu/src/qemu/gdbstub.c:1664 + reply = 43 '+' + reply = <optimized out> + repeat = <optimized out> +#9 gdb_chr_receive (opaque=<optimized out>, buf=<optimized out>, size=<optimized out>) + at /home/sac/qemu/src/qemu/gdbstub.c:1868 + i = <optimized out> +#10 0x00980319 in tcp_chr_read (chan=0xb6c86200, cond=G_IO_IN, opaque=0xb63fc6e0) + at chardev/char-socket.c:440 + chr = <optimized out> + __func__ = "tcp_chr_read" + s = 0xb63fc6e0 + buf = "$m0,4#fddInfo#c8read:arm-core.xml:0,ffb#08+;qRelocInsn+;fork-events+;vfork-events+;exec-events+;vContSupported+;QThreadEvents+;no-resumed+#df\363\377\377\000\000\000\000\274\354\377\277", '\000' <repeats 16 times>, "\272\356\377 \274\354\377\277", '\000' <repeats 16 times>, "\373\377\377\377\005\000\000\000"... + len = <optimized out> + size = <optimized out> +#11 0xb7808c44 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 +No symbol table info available. +#12 0x009e14d2 in glib_pollfds_poll () at util/main-loop.c:214 + context = 0xb645f740 + pfds = <optimized out> + context = <optimized out> + pfds = <optimized out> +#13 os_host_main_loop_wait (timeout=<optimized out>) at util/main-loop.c:261 + context = 0xb645f740 + ret = 1 + spin_counter = 0 + context = <optimized out> + ret = <optimized out> + spin_counter = 0 + notified = false +#14 main_loop_wait (nonblocking=0) at util/main-loop.c:515 + ret = <optimized out> + timeout = 1000 + timeout_ns = <optimized out> +#15 0x00561781 in main_loop () at vl.c:1995 +No locals. +#16 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4911 + i = <optimized out> + snapshot = <optimized out> + linux_boot = <optimized out> + initrd_filename = <optimized out> + kernel_filename = <optimized out> + kernel_cmdline = <optimized out> + boot_order = <optimized out> + boot_once = <optimized out> + ds = <optimized out> + cyls = <optimized out> + heads = <optimized out> + secs = <optimized out> + translation = <optimized out> + opts = <optimized out> + machine_opts = <optimized out> + hda_opts = <optimized out> + icount_opts = <optimized out> + accel_opts = <optimized out> + olist = <optimized out> + optind = 14 + optarg = 0xbffffcf6 "loader,file=firmware.elf" + loadvm = <optimized out> + machine_class = <optimized out> + cpu_model = <optimized out> + vga_model = <optimized out> + qtest_chrdev = <optimized out> + qtest_log = <optimized out> + pid_file = <optimized out> + incoming = <optimized out> + userconfig = <optimized out> + nographic = <optimized out> + display_type = <optimized out> + display_remote = <optimized out> + log_mask = <optimized out> + log_file = <optimized out> + trace_file = <optimized out> + maxram_size = <optimized out> + ram_slots = <optimized out> + vmstate_dump_file = <optimized out> + main_loop_err = 0x0 + err = 0x0 + list_data_dirs = <optimized out> + dirs = <optimized out> + bdo_queue = {sqh_first = 0x0, sqh_last = 0xbffff918} + __func__ = "main" + +follow-up to IRC discussions with stsquad and danpb : the problem is "-machine none" which prevents all the data structures from being initialized properly. + +You also did not specify any amount of RAM with the -m parameter and the "none" machine does not have any RAM by default. + +Yes; cortex-m3 will only work on machine types that are expecting it (ie which instantiate the M profile NVIC interrupt controller, which is really an integral part of the CPU). + +We should catch this case and make QEMU exit with a more helpful message. + + +https://patchwork.ozlabs.org/patch/924145/ is a patch which improves our error checking for this case. The command that previously segfaulted should now exit with the error message: +qemu-system-arm: This board cannot be used with Cortex-M CPUs + + +The patch referred to in comment #4 has now been committed, so from QEMU 3.0 this will fail with a useful error message to tell the user their choice of machine and CPU aren't compatible. + + +https://git.qemu.org/?p=qemu.git;a=commitdiff;h=95f875654ae8b433b5 + |