1 files changed, 48 insertions, 0 deletions

diff --git a/results/classifier/accel-gemma3:12b/tcg/2238 b/results/classifier/accel-gemma3:12b/tcg/2238
new file mode 100644
index 000000000..74454581c
--- /dev/null
+++ b/results/classifier/accel-gemma3:12b/tcg/2238
@@ -0,0 +1,48 @@
+
+The `rw` parameter of `qemu_plugin_register_vcpu_mem_cb()` is not properly honored
+Description of problem:
+The `rw` parameter of `qemu_plugin_register_vcpu_mem_cb()` is not properly honored.
+Steps to reproduce:
+1. Register a callback with `qemu_plugin_register_vcpu_mem_cb()`
+2. In the callback, print the return of `qemu_plugin_mem_is_store()` (either `true` or `false`)
+3. Change the value of `rw` parameter of `qemu_plugin_register_vcpu_mem_cb()` and look whether the callback prints `true` and/or `false` to determine if this is inline with `rw`.
+
+In the callback, we don't we get what we asked for.
+
+| Requested with rw   | Observed in the callback   |
+|---------------------|----------------------------|
+| QEMU_PLUGIN_MEM_R   | Only writes                |
+| QEMU_PLUGIN_MEM_W   | Both reads and writes      |
+| QEMU_PLUGIN_MEM_RW  | Both reads and writes      |
+Additional information:
+In `plugin-gen.c`, line 497, there is the following function:
+
+```cpp
+static bool op_rw(const TCGOp *op, const struct qemu_plugin_dyn_cb *cb)
+{
+    int w;
+
+    w = op->args[2];
+    return !!(cb->rw & (w + 1));
+}
+```
+
+The issue described above seems to be caused by the `+ 1`. I removed it and got the expected results.
+
+This function is used in the same file, line 526, like this:
+
+```cpp
+        if (!ok(begin_op, cb)) {
+            continue;
+        }
+```
+
+This isn't consistent with `core.c`, line 509, where the same flag is checked like this:
+
+```cpp
+        if (!(rw & cb->rw)) {
+                break;
+        }
+```
+
+Inconsistent because of the `+1` and also because of `break`/`continue`.