diff options
Diffstat (limited to 'results/classifier/118/review/1877794')
| -rw-r--r-- | results/classifier/118/review/1877794 | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/results/classifier/118/review/1877794 b/results/classifier/118/review/1877794 new file mode 100644 index 000000000..72a3d88e3 --- /dev/null +++ b/results/classifier/118/review/1877794 @@ -0,0 +1,78 @@ +user-level: 0.946 +ppc: 0.921 +graphic: 0.877 +x86: 0.856 +performance: 0.855 +device: 0.788 +peripherals: 0.764 +architecture: 0.721 +semantic: 0.687 +debug: 0.670 +kernel: 0.663 +files: 0.639 +permissions: 0.574 +PID: 0.529 +socket: 0.499 +mistranslation: 0.446 +register: 0.441 +boot: 0.440 +arm: 0.431 +TCG: 0.423 +network: 0.413 +VMM: 0.388 +vnc: 0.386 +virtual: 0.375 +risc-v: 0.369 +assembly: 0.281 +hypervisor: 0.268 +KVM: 0.097 +i386: 0.073 +-------------------- +debug: 0.964 +x86: 0.734 +user-level: 0.695 +ppc: 0.379 +virtual: 0.112 +TCG: 0.083 +assembly: 0.042 +semantic: 0.024 +performance: 0.013 +kernel: 0.012 +PID: 0.010 +files: 0.008 +VMM: 0.008 +register: 0.006 +hypervisor: 0.006 +architecture: 0.005 +network: 0.004 +device: 0.002 +KVM: 0.002 +graphic: 0.002 +boot: 0.001 +socket: 0.001 +vnc: 0.001 +mistranslation: 0.001 +peripherals: 0.001 +permissions: 0.000 +risc-v: 0.000 +arm: 0.000 +i386: 0.000 + +Constant Folding on 64-bit Subtraction causes SIGILL on linux-user glxgears ppc64le to x86_64 by way of generating bad shift instruction with c=-1 + +Hello, I've been recently working on my own little branch of QEMU implementing the drm IOCTLs, when I discovered that glxgears seems to crash in GLXSwapBuffers(); with a SIGILL. I investigated this for about 2 weeks, manually trying to trace the call stack, only to find that we seemingly crash in a bad shift instruction. Originally intended to be an shr_i64 generated to an RLDICL, we end up with an all ones(-1) c value, which gets thrown to the macro for generating the MB, and replaces the instruction with mostly ones. This new instruction, FFFFFFE0 is invalid on ppc64le, and crashes in a host SIGILL in codegen_buffer. I tried to see if the output of translate.c had this bad instruction, but all I got were two (shr eax, cl) instructions, and upon creating a test program with shr (eax, cl) in it, nothing happened. Then figuring that there was nothing actually wrong with the instruction in the first place, I turned my eye to the optimizer, and completely disabled constant folding for arithmetic instructions. This seemed to actually resolve the issue, and then I slowly enabled constant folding again on various instructions only to find that enabling not on the shifts, but on subtraction seemed to cause the bug to reappear. I am bewildered and frankly at this point I'm not sure I have a chance in hell of figuring out what causes it, so I'm throwing it here. + +Which version of qemu and glxgears do you use? + +Tested with qemu-4.2 and qemu-5.0 and debian/sid mesa-utils-8.4.0-1+b1 and it works fine. + +I'm on 5.0-rc4 add a few patches implementing a subset of drm/amdgpu support, with mesa-utils 8.4.0-1. Important note I guess: I can't get the crash to trigger under llvmpipe/softrast, I can only get it on RadeonSI. I valgrind'd qemu only to not find anything on the host-side. I'm 99% sure this isn't a memory corruption bug from my patches, anyway, and it's not replicable on upstream qemu because DRM simply isn't functional. (Oh dear, I think I might be on my own until I can get this stuff upstreamed.) + +QEMU has been selected to have a GSoC intern to work on new ioctl(): +https://wiki.qemu.org/Google_Summer_of_Code_2020#Extend_linux-user_syscalls_and_ioctls + +Perhaps he can help you by working on DRM ioctl()? +Perhaps you can send an RFC series to the QEMU mailing list? + +I'm marking this invalid and moving on because it isn't replicable on upstream due to the lack of DRM support and because I'll probably just figure it out myself. (if anyone has somewhere better than tcg/README.md to learn TCG implementation details, I would appreciate it. + |