diff options
Diffstat (limited to 'results/classifier/deepseek-2-tmp/output/assembly')
35 files changed, 813 insertions, 0 deletions
diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1030807 b/results/classifier/deepseek-2-tmp/output/assembly/1030807 new file mode 100644 index 000000000..76cb50ec6 --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1030807 @@ -0,0 +1,35 @@ + +PCI host bridge should ignore 1- and 2-byte I/O accesses + +In PCI there are two IO modes. Deprecated Mode2 that uses single byte IO and Mode1 that uses 4byte IO. +According to the spec a host bridge that supports Mode1 should ignore all IO that is not 4bytes. + +> Anytime a host bridge sees a full DWORD I/O write from the host to +> CONFIG_ADDRESS, the bridge must latch the data into its CONFIG_ADDRESS +> register. On full DWORD I/O reads to CONFIG_ADDRESS, the bridge must return the +> data in CONFIG_ADDRESS. Any other types of accesses to this address (non-DWORD) +> have no effect on CONFIG_ADDRESS and are executed as normal I/O transactions on +> the PCI bus. Therefore, the only I/O Space consumed by this register is a DWORD at the +> given address. I/O devices that share the same address but use BYTE or WORD registers +> are not affected because their transactions will pass through the host bridge unchanged. + +In qemu the host bridge will accept 1-, 2-, and 4-byte reads/writes. That breakes plan9 guests that do not use the bios to access the PCI config space. + +have a look at: +http://code.google.com/p/plan9front/source/browse/sys/src/9/pc/pci.c + +In Lines 960-967 the check for PCI Mode1 is done. This check assumes that the 4-byte write at line 961 succeeds and the single byte write at 962 is ignored. +On qemu line 962 will not be ignored and the test in line 963 will fail. +The plan9 kernel will fall back to Mode2 which does not work. +The result is that the guest will not see any PCI devices. + +I do not really have an image that you guys could quickly check this with, but i could prepare one if need be. +An easy way to reproduce this in linux would be to stick an outb between those two lines from pci_check_type1(void). + +> outl(0x80000000, 0xCF8); ++ outb0x01, 0xcfb); +> if (inl(0xCF8) == 0x80000000 && pci_sanity_check(&pci_direct_conf1)) { + +I did not try this but i guess on real hardware the linux kernel would still work while it would not work anymore on qemu. + +I tried to come up with a patch but did not find a quick solution. I found that in hw/piic_pci.c sysbus_add_io is used which will register read/write functions for 1, 2, and 4 bytes. This is done in ioport.c ioport_register. I guess if i provided a patch you guys might not like it :). So i figured i should report the bug, let me know if you need any additional information. \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1093691 b/results/classifier/deepseek-2-tmp/output/assembly/1093691 new file mode 100644 index 000000000..f684f30ce --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1093691 @@ -0,0 +1,33 @@ + +QEMU build fails on OpenBSD/mips64 + +Building QEMU 1.2.1 on OpenBSD/mips64 fails as follows although I believe QEMU was also broken with 1.1.x as well.. + +cc -I/usr/obj/ports/qemu-1.2.1/qemu-1.2.1/slirp -I. -I/usr/obj/ports/qemu-1.2.1/qemu-1.2.1 -I/usr/obj/ports/qemu-1.2.1/qemu-1.2.1/fpu -I/usr/obj/ports/qemu-1.2.1/qemu-1.2.1/tcg - +I/usr/obj/ports/qemu-1.2.1/qemu-1.2.1/tcg/mips -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmis +sing-prototypes -fno-strict-aliasing -I/usr/local/include -I/usr/X11R6/include -Wno-redundant-decls -DTIME_MAX=INT_MAX -Wendif-labels -Wmissing-include-dirs -Wnested-externs -Wf +ormat-security -Wformat-y2k -Winit-self -Wold-style-definition -I/usr/local/include/libpng -DHAS_AUDIO -DHAS_AUDIO_CHOICE -DTARGET_PHYS_ADDR_BITS=64 -I.. -I/usr/obj/ports/qemu-1 +.2.1/qemu-1.2.1/target-i386 -DNEED_CPU_H -I/usr/obj/ports/qemu-1.2.1/qemu-1.2.1/include -I/usr/local/include/libpng -pthread -I/usr/local/include/glib-2.0 -I/usr/local/lib/gli +b-2.0/include -I/usr/local/include -MMD -MP -MT tcg/tcg.o -MF tcg/tcg.d -O2 -pipe -c -o tcg/tcg.o /usr/obj/ports/qemu-1.2.1/qemu-1.2.1/tcg/tcg.c +In file included from /usr/obj/ports/qemu-1.2.1/qemu-1.2.1/tcg/tcg.c:50: +/usr/obj/ports/qemu-1.2.1/qemu-1.2.1/tcg/tcg-op.h: In function 'tcg_gen_div_i64': +/usr/obj/ports/qemu-1.2.1/qemu-1.2.1/tcg/tcg-op.h:1229: error: 'TCG_TARGET_HAS_div_i64' undeclared (first use in this function) +/usr/obj/ports/qemu-1.2.1/qemu-1.2.1/tcg/tcg-op.h:1229: error: (Each undeclared identifier is reported only once +/usr/obj/ports/qemu-1.2.1/qemu-1.2.1/tcg/tcg-op.h:1229: error: for each function it appears in.) +/usr/obj/ports/qemu-1.2.1/qemu-1.2.1/tcg/tcg-op.h:1231: error: 'TCG_TARGET_HAS_div2_i64' undeclared (first use in this function) +/usr/obj/ports/qemu-1.2.1/qemu-1.2.1/tcg/tcg-op.h: In function 'tcg_gen_rem_i64': +/usr/obj/ports/qemu-1.2.1/qemu-1.2.1/tcg/tcg-op.h:1248: error: 'TCG_TARGET_HAS_div_i64' undeclared (first use in this function) +/usr/obj/ports/qemu-1.2.1/qemu-1.2.1/tcg/tcg-op.h:1250: error: 'TCG_TARGET_HAS_div2_i64' undeclared (first use in this function) +/usr/obj/ports/qemu-1.2.1/qemu-1.2.1/tcg/tcg-op.h: In function 'tcg_gen_divu_i64': +/usr/obj/ports/qemu-1.2.1/qemu-1.2.1/tcg/tcg-op.h:1267: error: 'TCG_TARGET_HAS_div_i64' undeclared (first use in this function) +/usr/obj/ports/qemu-1.2.1/qemu-1.2.1/tcg/tcg-op.h:1269: error: 'TCG_TARGET_HAS_div2_i64' undeclared (first use in this function) +/usr/obj/ports/qemu-1.2.1/qemu-1.2.1/tcg/tcg-op.h: In function 'tcg_gen_remu_i64': +/usr/obj/ports/qemu-1.2.1/qemu-1.2.1/tcg/tcg-op.h:1286: error: 'TCG_TARGET_HAS_div_i64' undeclared (first use in this function) +/usr/obj/ports/qemu-1.2.1/qemu-1.2.1/tcg/tcg-op.h:1288: error: 'TCG_TARGET_HAS_div2_i64' undeclared (first use in this function) +/usr/obj/ports/qemu-1.2.1/qemu-1.2.1/tcg/tcg-op.h: In function 'tcg_gen_ext8s_i64': +/usr/obj/ports/qemu-1.2.1/qemu-1.2.1/tcg/tcg-op.h:1526: error: 'TCG_TARGET_HAS_ext8s_i64' undeclared (first use in this function) +/usr/obj/ports/qemu-1.2.1/qemu-1.2.1/tcg/tcg-op.h: In function 'tcg_gen_ext16s_i64': +/usr/obj/ports/qemu-1.2.1/qemu-1.2.1/tcg/tcg-op.h:1536: error: 'TCG_TARGET_HAS_ext16s_i64' undeclared (first use in this function) +... + +Attached is the full build log. \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1207896 b/results/classifier/deepseek-2-tmp/output/assembly/1207896 new file mode 100644 index 000000000..0b4d16196 --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1207896 @@ -0,0 +1,4 @@ + +binfmt wrapper for argv[0] handling + +Please, add patch https://lists.gnu.org/archive/html/qemu-devel/2011-09/msg03841.html to upstream. 2 years have passed and this patch is not jet applied. Why? 99% GNU/Linux distribution uses qemu with this patch. It is 100% needed. \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1258626 b/results/classifier/deepseek-2-tmp/output/assembly/1258626 new file mode 100644 index 000000000..649f87dd7 --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1258626 @@ -0,0 +1,10 @@ + +Curses Keyboard Broken On OS X + +Whenever I run ``qemu-system-i386 -curses ...'' (with or without a ``-k en-gb'') on OS X 10.9, the keyboard does not work properly. For example, when attempting to switch to the QEMU console with Alt+2, I get: + +``Warning: no scancode found for keysym 226 +Warning: no scancode found for keysym 130 +Warning: no scancode found for keysym 172'' + +I have checked and these scancodes are not mentioned in ``share/qemu/keymaps/''. \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1283519 b/results/classifier/deepseek-2-tmp/output/assembly/1283519 new file mode 100644 index 000000000..328389260 --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1283519 @@ -0,0 +1,11 @@ + +PowerPC altivec rounding instructions vrfi(m|n|z)not correctly mapped + +When using ppc-linux-user/qemu-ppc on a ppc ELF executable, I see that QEMU wrongly recognizes the vrfim, vrfin and vrfiz instructions: + +If the binary contains vrfim QEMU sees vrfiz +If the binary contains vrfin QEMU sees vrfim +If the binary contains vrfiz QEMU sees vrfin +The vrfip instruction is correctly recognized. + +Those instructions normally round a floating-point altivec vector to zero (z), infinity (p), minus infinity (m) or nearest (n). \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1285363 b/results/classifier/deepseek-2-tmp/output/assembly/1285363 new file mode 100644 index 000000000..a3eaad23e --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1285363 @@ -0,0 +1,46 @@ + +qemu-aarch64-static segfaults + +I've found a couple conditions that causes qemu-user-static to core dump fairly reliably - same with upstream git - while a binary built from suse's aarch64-1.6 branch seems to consistently work fine. + +Testing suggests they are resolved by the sigprocmask wrapper patches included in suse's tree. + + 1) dh_fixperms is a script that commonly runs at the end of a package build. + Its basically doing a `find | xargs chmod`. + 2) debootstrap --second-stage + This is used to configure an arm64 chroot that was built using + debootstrap on a non-native host. It is basically invoking a bunch of + shell scripts (postinst, etc). When it blows up, the stack consistently + looks like this: + +Core was generated by `/usr/bin/qemu-aarch64-static /bin/sh -e +/debootstrap/debootstrap --second-stage'. +Program terminated with signal SIGSEGV, Segmentation fault. +#0 0x0000000060058e55 in memcpy (__len=8, __src=0x7fff62ae34e0, +__dest=0x400082c330) at +/usr/include/x86_64-linux-gnu/bits/string3.h:51 +51 return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); +(gdb) bt +#0 0x0000000060058e55 in memcpy (__len=8, __src=0x7fff62ae34e0, +__dest=0x400082c330) at +/usr/include/x86_64-linux-gnu/bits/string3.h:51 +#1 stq_p (v=274886476624, ptr=0x400082c330) at +/mnt/qemu.upstream/include/qemu/bswap.h:280 +#2 stq_le_p (v=274886476624, ptr=0x400082c330) at +/mnt/qemu.upstream/include/qemu/bswap.h:315 +#3 target_setup_sigframe (set=0x7fff62ae3530, env=0x62d9c678, +sf=0x400082b0d0) at /mnt/qemu.upstream/linux-user/signal.c:1167 +#4 target_setup_frame (usig=usig@entry=17, ka=ka@entry=0x604ec1e0 +<sigact_table+512>, info=info@entry=0x0, set=set@entry=0x7fff62ae3530, +env=env@entry=0x62d9c678) + at /mnt/qemu.upstream/linux-user/signal.c:1286 +#5 0x0000000060059f46 in setup_frame (env=0x62d9c678, +set=0x7fff62ae3530, ka=0x604ec1e0 <sigact_table+512>, sig=17) at +/mnt/qemu.upstream/linux-user/signal.c:1322 +#6 process_pending_signals (cpu_env=cpu_env@entry=0x62d9c678) at +/mnt/qemu.upstream/linux-user/signal.c:5747 +#7 0x0000000060056e60 in cpu_loop (env=env@entry=0x62d9c678) at +/mnt/qemu.upstream/linux-user/main.c:1082 +#8 0x0000000060005079 in main (argc=<optimized out>, argv=<optimized +out>, envp=<optimized out>) at +/mnt/qemu.upstream/linux-user/main.c:4374 \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1308381 b/results/classifier/deepseek-2-tmp/output/assembly/1308381 new file mode 100644 index 000000000..54e2a538f --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1308381 @@ -0,0 +1,15 @@ + +illegal instructions for AArch64 ARMv8 + +The test case is in the attachment. To reproduce as following (I tried both GCC and Clang): +$aarch64-linux-gnu-gcc qemu.c -o test +$./test +qemu: uncaught target signal 4 (Illegal instruction) - core dumped +Illegal instruction (core dumped) + +There are 3 intrinsics are tested in the test case: vqmovunh_s16, vqmovuns_s32, vqmovund_s64. They will be compiled into instructions: +SQXTUN Bd, Hn +SQXTUN Hd, Sn +SQXTUN Sd, Dn. + +It seems that these instructions are not supported in QEMU. Is this a bug? \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1422 b/results/classifier/deepseek-2-tmp/output/assembly/1422 new file mode 100644 index 000000000..7275f07bb --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1422 @@ -0,0 +1,16 @@ + +/wrkdirs/usr/ports/emulators/qemu/work-default/qemu-7.2.0/tcg/ppc/tcg-target.c.inc:1882:9: error: couldn't allocate output register for constraint 'Q' +Description of problem: +Qemu 7.2.0 doesn't build on powerpc64le. +Steps to reproduce: +Build qemu. +Additional information: +``` +FAILED: libqemu-aarch64-softmmu.fa.p/tcg_tcg.c.o +cc -m64 -mlittle-endian -Ilibqemu-aarch64-softmmu.fa.p -I. -I.. -Itarget/arm -I../target/arm -Iqapi -Itrace -Iui -Iui/shader -I/usr/local/include/pixman-1 -I/usr/local/include -I/wrkdirs/usr/ports/emulators/qemu/work-default/qemu-7.2.0 -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -fcolor-diagnostics -Wall -Winvalid-pch -std=gnu11 -O2 -g -iquote . -iquote /wrkdirs/usr/ports/emulators/qemu/work-default/qemu-7.2.0 -iquote /wrkdirs/usr/ports/emulators/qemu/work-default/qemu-7.2.0/include -iquote /wrkdirs/usr/ports/emulators/qemu/work-default/qemu-7.2.0/tcg/ppc -pthread -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-initializer-overrides -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-string-plus-int -Wno-typedef-redefinition -Wno-tautological-type-limit-compare -Wno-psabi -Wno-gnu-variable-sized-type-not-at-end -fstack-protector-strong -O2 -pipe -fstack-protector-strong -fno-strict-aliasing '-DPREFIX=\""/usr/local\""' -fPIE -DNEED_CPU_H '-DCONFIG_TARGET="aarch64-softmmu-config-target.h"' '-DCONFIG_DEVICES="aarch64-softmmu-config-devices.h"' -MD -MQ libqemu-aarch64-softmmu.fa.p/tcg_tcg.c.o -MF libqemu-aarch64-softmmu.fa.p/tcg_tcg.c.o.d -o libqemu-aarch64-softmmu.fa.p/tcg_tcg.c.o -c ../tcg/tcg.c +In file included from ../tcg/tcg.c:432: +/wrkdirs/usr/ports/emulators/qemu/work-default/qemu-7.2.0/tcg/ppc/tcg-target.c.inc:1882:9: error: couldn't allocate output register for constraint 'Q' + asm("mr %%r6, %1\n\t" + ^ +1 error generated. +``` diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1435 b/results/classifier/deepseek-2-tmp/output/assembly/1435 new file mode 100644 index 000000000..e6f16b5dc --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1435 @@ -0,0 +1,17 @@ + +Infinite recursion in tcg_gen_mulu2_i32 for certain 32-bit hosts. +Description of problem: +`tcg_gen_mulu2_i32` infinitely recurses on a 32-bit host (TCG target) that has neither `TCG_TARGET_HAS_mulu2_i32` nor `TCG_TARGET_HAS_muluh_i32`. + +I don't actually think there is any host that is 32-bits and has neither mulu2 nor muluh. The only reference I found is [this](https://gitlab.com/qemu-project/qemu/-/commit/df9ebea53ebc1c98217743f56c30ae3a46031bb9) commit, which adds an `#error` if that situation is hit. But the check, which [still exists](https://gitlab.com/qemu-project/qemu/-/blob/v7.2.0/include/tcg/tcg.h#L174), checks if those flags are *defined*, not for their value. I guess, over the years as the code was refactored, the check wasn't updated because, frankly, there aren't any hosts that match that situation (except mine). + +One easy fix is to change the check mentioned above to check the actual macro value so that compilation fails. I can create a PR for that. +Steps to reproduce: +(Note: I'm linking to the v7.2.0 tag so that these links stay relevant). + +1. `tcg_gen_mulu2_i32` [calls](https://gitlab.com/qemu-project/qemu/-/blob/v7.2.0/tcg/tcg-op.c#L890) `tcg_gen_mul_i64`. +2. `tcg_gen_mul_i64` on 32-bit hosts, due to [this](https://gitlab.com/qemu-project/qemu/-/blob/v7.2.0/tcg/tcg-op.c#L1097) check for `TCG_TARGET_REG_BITS == 32`, is defined [here](https://gitlab.com/qemu-project/qemu/-/blob/v7.2.0/tcg/tcg-op.c#L1218), and [calls](https://gitlab.com/qemu-project/qemu/-/blob/v7.2.0/tcg/tcg-op.c#L1226) `tcg_gen_mulu2_i32`. +3. Rinse and repeat. +4. Eventually, as gen_mulu2/mul functions spill while trying to allocate temps, they will overflow the TB buffer. This will restart code generation with smaller and smaller block sizes, until the block size reaches 1 instruction. TCG will then give up and [assert](https://gitlab.com/qemu-project/qemu/-/blob/v7.2.0/accel/tcg/translate-all.c#L869). +Additional information: + diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1527300 b/results/classifier/deepseek-2-tmp/output/assembly/1527300 new file mode 100644 index 000000000..4f7c34a40 --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1527300 @@ -0,0 +1,10 @@ + +linux-user/elfload.c: byteswap function is not working when ELF is big endian + +I run qemu-mipsel for ELF with mips MSB(big endian), it always outputs error message: Invalid ELF image for this architecture. For the ELF I run: + +$file busybox + +ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped + +The section header is not corrupted(MSB, corrputed section header table also outputs same error as above), when I run ELF with LSB, it works perfectly. I debugged with /linux-user/elfload.c, I am sure that the problem comes from byteswap function. But I don't know how to handle it. I really hope this can be fixed ASAP. Really appreciate your help. \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1631625 b/results/classifier/deepseek-2-tmp/output/assembly/1631625 new file mode 100644 index 000000000..9987cd848 --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1631625 @@ -0,0 +1,16 @@ + +target-mips/dsp_helper.c: two possible bad shifts + +target-mips/dsp_helper.c:3480:1: error: V629 Consider inspecting the '0x01 << (size + 1)' expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type. + +Source code is + + temp = temp & ((0x01 << (size + 1)) - 1); + +If size >= 32, then better code might be + + temp = temp & ((0x01UL << (size + 1)) - 1); + +target-mips/dsp_helper.c:3509:1: error: V629 Consider inspecting the '0x01 << (size + 1)' expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type. + +Duplicate \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1693649 b/results/classifier/deepseek-2-tmp/output/assembly/1693649 new file mode 100644 index 000000000..9988e1ecc --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1693649 @@ -0,0 +1,12 @@ + +x86 pause misbehaves with -cpu haswell + +Using qemu-2.9.0 + +When booting NetBSD using '-cpu haswell -smp 4', the system fails to initialize the additional CPUs. It appears as though the "application processor" enters routine x86_pause() but never returns. + +x86_pause() is simply two assembler instructions: 'pause; ret;' + +Replacing the routine with 'nop; nop; ret;' allows the system to proceed, of course without the benefit of the pause instruction on spin-loops! + +Additionally, booting with '-cpu phenom -smp 4' also works, although the system does seem confused about the type of CPU being used. \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1693667 b/results/classifier/deepseek-2-tmp/output/assembly/1693667 new file mode 100644 index 000000000..c1c7eb558 --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1693667 @@ -0,0 +1,29 @@ + +-cpu haswell / broadwell have no MONITOR in features1 + +In qemu 2.9.0 if you run + + qemu-system-x86_64 -cpu Broadwell (or Haswell) + +then the CPU features1 flag include the SSE3 bit, but do NOT include the MONITOR/MWAIT bit. This is so even when the host includes the features. + + +Additionally, running qemu in this manner results in several error messages: + +warning: TCG doesn't support requested feature: CPUID.01H:ECX.fma [bit 12] +warning: TCG doesn't support requested feature: CPUID.01H:ECX.pcid [bit 17] +warning: TCG doesn't support requested feature: CPUID.01H:ECX.x2apic [bit 21] +warning: TCG doesn't support requested feature: CPUID.01H:ECX.tsc-deadline [bit 24] +warning: TCG doesn't support requested feature: CPUID.01H:ECX.avx [bit 28] +warning: TCG doesn't support requested feature: CPUID.01H:ECX.f16c [bit 29] +warning: TCG doesn't support requested feature: CPUID.01H:ECX.rdrand [bit 30] +warning: TCG doesn't support requested feature: CPUID.07H:EBX.hle [bit 4] +warning: TCG doesn't support requested feature: CPUID.07H:EBX.avx2 [bit 5] +warning: TCG doesn't support requested feature: CPUID.07H:EBX.invpcid [bit 10] +warning: TCG doesn't support requested feature: CPUID.07H:EBX.rtm [bit 11] +warning: TCG doesn't support requested feature: CPUID.07H:EBX.rdseed [bit 18] +warning: TCG doesn't support requested feature: CPUID.80000001H:ECX.3dnowprefetch + + +(Among possible other uses, the lack of the MONITOR feature bit causes NetBSD to fall-back on a +check-and-pause loop while an application CPU is waiting to be told to proceed by the boot CPU.) \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1727737 b/results/classifier/deepseek-2-tmp/output/assembly/1727737 new file mode 100644 index 000000000..cccb03cf4 --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1727737 @@ -0,0 +1,26 @@ + +qemu-arm stalls on a GCC sanitizer test since qemu-2.7 + +Hi, + +I have noticed that several GCC/sanitizer tests fail with timeout when executed under QEMU. + +After a bit of investigation, I have noticed that this worked with qemu-2.7, and started failing with qemu-2.8, and still fails with qemu-2.10.1 + +I'm attaching a tarball containing: +alloca_instruments_all_paddings.exe : the testcase, and the needed libs: +lib/librt.so.1 +lib/libdl.so.2 +lib/ld-linux-armhf.so.3 +lib/libasan.so.5 +lib/libc.so.6 +lib/libgcc_s.so.1 +lib/libpthread.so.0 +lib/libm.so.6 + +To reproduce the problem: +$ qemu-arm -cpu any -R 0 -L $PWD $PWD/alloca_instruments_all_paddings.exe +returns in less than a second with qemu-2.7, and never with qemu-2.8 + +Using -d in_asm suggests that the program "almost" completes and qemu seems to stall on: +0x40b6eb44: e08f4004 add r4, pc, r4 \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1728325 b/results/classifier/deepseek-2-tmp/output/assembly/1728325 new file mode 100644 index 000000000..9caa818a5 --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1728325 @@ -0,0 +1,61 @@ + +POWER8: Wrong behaviour with float-to-int punning + +Building a reduced test program with 'gcc -O2 -fno-inline -mcpu=power8' produces wrong results at runtime. I don't think gcc is at fault here. + +--- +#include <stdio.h> + +int getWord(const float x) +{ + return *(int*)&x; +} + +void main() +{ + int foo = getWord(+123.456f); + int bar = getWord(-123.456f); + + printf("%d\n", foo); + printf("%d\n", bar); + return; +} +--- + +This prints: +--- +0 +0 +--- + +Compiling with 'gcc -O2 -fno-inline -mcpu=power7' and you instead get the expected result: +--- +1123477881 +-1024005767 +--- + + +The different between the two programs is: + +--- power7.s ++++ power8.s +@@ -6,9 +6,9 @@ + .globl getWord + .type getWord, @function + getWord: +- stfs 1,-16(1) +- ori 2,2,0 +- lwa 3,-16(1) ++ xscvdpspn 0,1 ++ mfvsrwz 3,0 ++ extsw 3,3 + blr + .long 0 + .byte 0,0,0,0,0,0,0,0 + .size getWord,.-getWord + + +Seems like qemu doesn't handle xscvdpspn/mfvsrwz correctly. + +https://github.com/qemu/qemu/commit/7ee19fb9d682689d36c849576c808cf92e3bae40 +https://github.com/qemu/qemu/commit/f5c0f7f981333da59cc35c3210d05ec1775c97c1 \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1751494 b/results/classifier/deepseek-2-tmp/output/assembly/1751494 new file mode 100644 index 000000000..aaac9ad89 --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1751494 @@ -0,0 +1,17 @@ + +tcg-target.inc.c:3495:no such instruction: `xgetbv' + +While building QEMU on Mac OS 10.6.8 I saw this error message: +tag-target.inc.c:3495:no such instruction: `xgetbv' +In the file tcg/i386/tcg-target.inc.c at line 3495 is where the issue is located. This is the problem code: +asm ("xgetbv" : "=a" (xcrl), "=d" (xcrh) : "c" (0)); + +https://github.com/asmjit/asmjit/issues/78 +According to the above link, another project also experienced this problem on Mac OS X. The fix was to replace the name of the instruction with the encoded form '.byte 0x0F, 0x01, 0xd0'. + +Host info: +Mac OS 10.6.8 +GCC 5.2.0 + +Additional information: +This may be a gcc issue. I have compiled QEMU on Mac OS 10.12 and didn't experience any issues. The compiler used was Apple's clang. \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1759264 b/results/classifier/deepseek-2-tmp/output/assembly/1759264 new file mode 100644 index 000000000..ddf635d2e --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1759264 @@ -0,0 +1,9 @@ + +fpu/softfloat: round_to_int_and_pack refactor broke TriCore ftoi insns + +After the refactor from ab52f973a504f8de0c5df64631ba4caea70a7d9e the bahaviour of int32_to_float32() was altered. + +helper_ftoi() in target/tricore/fpu_helper.c relied on int32_to_float32 to raise the invalid flag if the input was NaN to properly return 0. Likewise if the input is infinity. + +The obvious fix for softfloat would be to raise this flag in round_to_int_and_pack(). However, +I'm not sure if this breaks other targets and I have no easy way to test it. \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1761401 b/results/classifier/deepseek-2-tmp/output/assembly/1761401 new file mode 100644 index 000000000..1fd3a60ab --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1761401 @@ -0,0 +1,11 @@ + +ARM/Neon: vcvt rounding error + +Hello, + +While using QEMU commit 47d3b60858d90ac8a0cc3a72af7f95c96781125a (March 28, 2018), I've noticed failures in one of the GCC ARM/Neon tests. The test passes on hardware, and with QEMU-2.11.0, so it looks like a recent regression. + +The test builds a vector of 4 float32 with "125.9" as value, then converts them to 4 uint32_t. +The expected result is 125, but we get 126 instead. + +Maybe it's just a matter of default rounding mode? \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1824778 b/results/classifier/deepseek-2-tmp/output/assembly/1824778 new file mode 100644 index 000000000..aa50d5d8c --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1824778 @@ -0,0 +1,9 @@ + +PowerPC64: tlbivax does not work for addresses above 4G + +The tlbivax instruction in QEMU does not work for address above 4G. The reason behind this is a simple 32bit trunction of an address. +Changing the argument ea from uint32_t to target_ulong for the function booke206_invalidate_ea_tlb() in target/ppc/mmu_helper.c solves the issue. + +I did not reproduce this using Linux so I have no public example for reproducing it. However it's a pretty straight forward change. + +Issue can be seen in all version of QEMU. \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1834399 b/results/classifier/deepseek-2-tmp/output/assembly/1834399 new file mode 100644 index 000000000..a74be33c8 --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1834399 @@ -0,0 +1,37 @@ + +Branch out of range on mips o32 building QEMU + +I build lib32-qemu which is a multilib variant for mips o32 on project Yocto with qemumips64. It finally runs command and fails: + + +mips-wrsmllib32-linux-gcc -meb -mabi=32 -mhard-float -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security --sysroot=/mnt/docker/LIN1019-1459-ubuntu1604/tmp-glibc/work/mips-wrsmllib32-linux/lib32-qemu/4.0.0-r0/lib32-recipe-sysroot +-I/mnt/docker/LIN1019-1459-ubuntu1604/tmp-glibc/work/mips-wrsmllib32-linux/lib32-qemu/4.0.0-r0/lib32-recipe-sysroot/usr/include/pixman-1 -I/mnt/docker/LIN1019-1459-ubuntu1604/tmp-glibc/work/mips-wrsmllib32-linux/lib32-qemu/4.0.0-r0/qemu-4.0.0/dtc/libfdt -pthread -I/mnt/docker/LIN1019-1459-ubuntu1604/tmp-glibc/work/mips-wrsmllib32-linux/lib32-qemu/4.0.0-r0/lib32-recipe-sysroot/usr/include/glib-2.0 -I/mnt/docker/LIN1019-1459-ubuntu1604/tmp-glibc/work/mips-wrsmllib32-linux/lib32-qemu/4.0.0-r0/lib32-recipe-sysroot/usr/lib/glib-2.0/include +-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Og -g +-I/mnt/docker/LIN1019-1459-ubuntu1604/tmp-glibc/work/mips-wrsmllib32-linux/lib32-qemu/4.0.0-r0/qemu-4.0.0/capstone/include -I/mnt/docker/LIN1019-1459-ubuntu1604/tmp-glibc/work/mips-wrsmllib32-linux/lib32-qemu/4.0.0-r0/qemu-4.0.0/tests +-DCAPSTONE_USE_SYS_DYN_MEM -DCAPSTONE_HAS_ARM -DCAPSTONE_HAS_ARM64 -DCAPSTONE_HAS_POWERPC -DCAPSTONE_HAS_X86 +-c arch/AArch64/AArch64InstPrinter.c -o /mnt/docker/LIN1019-1459-ubuntu1604/tmp-glibc/work/mips-wrsmllib32-linux/lib32-qemu/4.0.0-r0/build/capstone/obj/arch/AArch64/AArch64InstPrinter.o + + + +And error messages: + +{standard input}: Assembler messages: +{standard input}:38045: Error: branch out of range +{standard input}:38269: Error: branch out of range +{standard input}:38493: Error: branch out of range +{standard input}:38717: Error: branch out of range +{standard input}:38941: Error: branch out of range +{standard input}:39165: Error: branch out of range +{standard input}:39389: Error: branch out of range +{standard input}:39613: Error: branch out of range +{standard input}:39728: Error: branch out of range +{standard input}:39990: Error: branch out of range +{standard input}:40252: Error: branch out of range +{standard input}:40514: Error: branch out of range +{standard input}:40776: Error: branch out of range +{standard input}:41038: Error: branch out of range + + +The gcc version is 9.1. I have verified that gcc 8.3 works. And there is no error when remove option '-Og' with gcc 9.1. + +I am not sure whether it is a defect of gcc 9.1 or capstone. Should it be fixed in capstone? Thanks. \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1841592 b/results/classifier/deepseek-2-tmp/output/assembly/1841592 new file mode 100644 index 000000000..c3c8c0bc3 --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1841592 @@ -0,0 +1,10 @@ + +ppc: softfloat float implementation issues + +Per bug #1841491, Richard Henderson (rth) said: +> The float test failure is part of a larger problem for target/powerpc in which all float +> routines are implemented incorrectly. They are all implemented as double operations with +> rounding to float as a second step. Which not only produces incorrect exceptions, as in +> this case, but incorrect > numerical results from the double rounding. +> +> This should probably be split to a separate bug... \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1856706 b/results/classifier/deepseek-2-tmp/output/assembly/1856706 new file mode 100644 index 000000000..6c7dd2c03 --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1856706 @@ -0,0 +1,14 @@ + +target/mips/op_helper.c:971:duplicated branches ? + +qemu-4.2.0/target/mips/op_helper.c:971:8: warning: this condition has identical branches [-Wduplicated-branches] + +Source code is + + if (other_tc == other->current_tc) { + tccause = other->CP0_Cause; + } else { + tccause = other->CP0_Cause; + } + +Possible cut'n'paste error ? \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1859713 b/results/classifier/deepseek-2-tmp/output/assembly/1859713 new file mode 100644 index 000000000..302360357 --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1859713 @@ -0,0 +1,26 @@ + +ARM v8.3a pauth not working + +Host: Ubuntu 19.10 - x86_64 machine +QEMU version: 3a63b24a1bbf166e6f455fe43a6bbd8dea413d92 (master) + +ARMV8.3 pauth is not working well. + +With a test code containing two pauth instructions: + - paciasp that sign LR with A key and sp as context; + - autiasp that verify the signature. + +Test: + - Run the program and corrupt LR just before autiasp (ex 0x3e00000400660 instead of 0x3e000000400664) + +Expected: + - autiasp places an invalid pointer in LR + +Result: + - autiasp successfully auth the pointer and places 0x0400660 in LR. + +Further explanations: + Adding traces in qemu code shows that "pauth_computepac" is not robust enough against truncating. + With 0x31000000400664 as input of pauth_auth, we obtain "0x55b1d65b2c138e14" for PAC, "0x30" for bot_bit and "0x38" for top_bit. + With 0x310040008743ec as input of pauth (with same key), we obtain "0x55b1d65b2c138ef4" for PAC, "0x30" for bot_bit and "0x38" for top_bit. + Values of top_bit and bottom_bit are strictly the same and it should not. \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1862986 b/results/classifier/deepseek-2-tmp/output/assembly/1862986 new file mode 100644 index 000000000..990b9e05a --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1862986 @@ -0,0 +1,65 @@ + +qemu-s390x segfaults + +All tested versions (2.11 and 4.2) qemu-s390x crashes with a segfault when run on an aarch64 odroid Ubuntu. + +Steps to reproduce: + +root@odroid:~/workspace/bitcoin-core# /usr/local/bin/qemu-s390x "/root/workspace/bitcoin-core/build/bitcoin-s390x-linux-gnu/src/test/test_bitcoin_orig" +Segmentation fault (core dumped) +root@odroid:~/workspace/bitcoin-core# /usr/local/bin/qemu-s390x --version +qemu-s390x version 4.2.0 +Copyright (c) 2003-2019 Fabrice Bellard and the QEMU Project developers +root@odroid:~/workspace/bitcoin-core# /usr/bin/qemu-s390x "/root/workspace/bitcoin-core/build/bitcoin-s390x-linux-gnu/src/test/test_bitcoin_orig" +Segmentation fault (core dumped) +root@odroid:~/workspace/bitcoin-core# /usr/bin/qemu-s390x --version +qemu-s390x version 2.11.1(Debian 1:2.11+dfsg-1ubuntu7.22) +Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers + + +qemu-arm does work on the same machine: + +root@odroid:~/workspace/bitcoin-core# /usr/bin/qemu-arm bitcoin-0.19.0.1-armhf/bin/test_bitcoin -t amount_tests +Running 4 test cases... + +*** No errors detected +root@odroid:~/workspace/bitcoin-core# /usr/local/bin/qemu-arm bitcoin-0.19.0.1-armhf/bin/test_bitcoin -t amount_tests +Running 4 test cases... + +*** No errors detected + + +What kind of debug information would be helpful for this issue report? + + +GDB for the self-compiled latest release is not particularly helpful: + +(gdb) run +Starting program: /usr/local/bin/qemu-s390x /root/workspace/bitcoin-core/build/bitcoin-s390x-linux-gnu/src/test/test_bitcoin_orig +[Thread debugging using libthread_db enabled] +Using host libthread_db library "/lib/aarch64-linux-gnu/libthread_db.so.1". +[New Thread 0x7fb7a2a140 (LWP 28264)] + +Thread 1 "qemu-s390x" received signal SIGSEGV, Segmentation fault. +0x000000555596b218 in __bss_start__ () +(gdb) bt +#0 0x000000555596b218 in __bss_start__ () +#1 0x00000055556120a8 in ?? () +#2 0x00000055579904b0 in ?? () +Backtrace stopped: previous frame inner to this frame (corrupt stack?) + +A bit more information is available in the version shipped by Ubuntu: + +(gdb) run +Starting program: /usr/bin/qemu-s390x /root/workspace/bitcoin-core/build/bitcoin-s390x-linux-gnu/src/test/test_bitcoin_orig +[Thread debugging using libthread_db enabled] +Using host libthread_db library "/lib/aarch64-linux-gnu/libthread_db.so.1". +[New Thread 0x7fb7a01180 (LWP 28271)] + +Thread 1 "qemu-s390x" received signal SIGSEGV, Segmentation fault. +0x0000005555738f98 in code_gen_buffer () +(gdb) bt +#0 0x0000005555738f98 in code_gen_buffer () +#1 0x00000055555e96c8 in cpu_exec () +#2 0x00000055555ee430 in cpu_loop () +#3 0x00000055555c3328 in main () \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1881450 b/results/classifier/deepseek-2-tmp/output/assembly/1881450 new file mode 100644 index 000000000..f72c0c21d --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1881450 @@ -0,0 +1,24 @@ + +Emulation of a math function fails for m68k Linux user mode + +Please check the attached math-example.c file. +When running the m68k executable under QEMU, it results in an "Illegal instruction" error. +Other targets don't produce this error. + +Steps to reproduce the bug: + +1. Download the math-example.c attached file. +2. Compile it by running: + m68k-linux-gnu-gcc -O2 -static math-example.c -o math-example-m68k -lm +3. Run the executable with QEMU: + /build/qemu-5.0.0/build-gcc/m68k-linux-user/qemu-m68k math-example-m68k + +The output of execution is: + Profiling function expm1f(): + qemu: uncaught target signal 4 (Illegal instruction) - core dumped + Illegal instruction (core dumped) + +Expected output: + Profiling function expm1f(): + Elapsed time: 47 ms + Control result: 71804.953125 \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1885350 b/results/classifier/deepseek-2-tmp/output/assembly/1885350 new file mode 100644 index 000000000..324817489 --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1885350 @@ -0,0 +1,24 @@ + +RISCV dynamic rounding mode is not behaving correctly + +Hello, + +I’ve gone through the RISC-V code in latest QEMU release (qemu-5.0.0-rc2) and when checking the Floating point encodings I found the rounding mode is only updated if the opcode field “rm” is changed “ctx->frm == rm”. But according to RISC-V Volume I: Unprivileged ISA, there’s a dynamic mode when rm=7 where the rounding mode is set with frm value. + +So for the same rm value (=7) and when changing frm value seeking different rounding modes, and according to the below code, the rounding mode won’t be updated. Please correct me if I got this implementation wrong. + +static void gen_set_rm(DisasContext *ctx, int rm) +{ + TCGv_i32 t0; + if (ctx->frm == rm) { + return; + } + ctx->frm = rm; + t0 = tcg_const_i32(rm); + gen_helper_set_rounding_mode(cpu_env, t0); + tcg_temp_free_i32(t0); +} + + +My testcase: +I set statically the rm field in the instruction to 7 and before this execution I changed the value of frm field in fcsr register. For the 1st time it worked (according to the code above, the rm is updated so the round mode will also be updated). But when changing fcsr register an re-execute the instruction, there's no difference and the rounding mode is the same like the previous frm value. \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1888165 b/results/classifier/deepseek-2-tmp/output/assembly/1888165 new file mode 100644 index 000000000..d8759ff6c --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1888165 @@ -0,0 +1,15 @@ + +loopz/loopnz clearing previous instruction's modified flags on cx -> 0 + +If you run QBasic in qemu, printing a double-type single-digit number will print an extra decimal point (e.g. PRINT CDBL(3) prints "3.") that does not appear when running on a real CPU (or on qemu with -enable-kvm). I tracked this down to the state of the status flags after a loopnz instruction. + +After executing a sequence like this in qemu: + + mov bx,1 + mov cx,1 + dec bx ; sets Z bit in flags +A: loopnz A ; should not modify flags + +Z is incorrectly clear afterwards. loopz does the same thing (but not plain loop). Interestingly, inserting pushf+popf after dec results in Z set, so loopnz/loopz does not always clear Z itself but is rather interfering with the previous instruction's flag setting. + +Version 5.1.0-rc0, x86-64 host. \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1901359 b/results/classifier/deepseek-2-tmp/output/assembly/1901359 new file mode 100644 index 000000000..88507e9e3 --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1901359 @@ -0,0 +1,23 @@ + +ignore bit 0 in pci CONFIG_ADDRESS register write for Type 1 access + +I'v recently stumbled upon a bug in the Plan9 PCI config space access routines for config mode #1. + +The code used to set bit 0 in the CONFIG_ADDRESS register for a Type 1 access. + +This was most likely a misreading of the PCI local bus specification on our side. + +However, in the PCI local bus specification 3.0, it states the following: + +> 3.2.2.3.2 Software Generation of Configuration Transactions +> ... +> For Type 1 translations, the host bridge directly copies the contents of the +> CONFIG_ADDRESS register (excluding bits 31 and 0) onto the PCI AD lines during the +> address phase of a configuration transaction making sure that AD[1::0] is "01". + +note the: "excluding bits 31 and 0" + +What happens in qemu instead is that it uses bit 0 of the CONFIG_ADDRESS +register as part of the register offset (when it probably should ignore it) +when translating from Type 1 to Type 0 address. So once it reaches the device +behind the bridge the register address is off by one. \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1904259 b/results/classifier/deepseek-2-tmp/output/assembly/1904259 new file mode 100644 index 000000000..016a538e2 --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1904259 @@ -0,0 +1,30 @@ + +include/qemu/atomic.h:495:5: error: misaligned atomic operation may incur significant performance penalty (Clang 11; Ubuntu 16 i686) + +Hello. +I haven't found any "official" executables, for emulating RISC-V (32bit; 64bit) so I had to compile those myself. + +I found that auto-generated build scripts, for Ninja, contained some warnings interpreted as errors: + + +oceanfish81@gollvm:~/Desktop/qemu/build$ ninja -j 1 +[2/1977] Compiling C object libqemuutil.a.p/util_qsp.c.o +FAILED: libqemuutil.a.p/util_qsp.c.o +clang-11 -Ilibqemuutil.a.p -I. -I.. -Iqapi -Itrace -Iui -Iui/shader -I/usr/include/glib-2.0 -I/usr/lib/i386-linux-gnu/glib-2.0/include -I/usr/include/gio-unix-2.0/ -Xclang -fcolor-diagnostics -pipe -Wall -Winvalid-pch -Werror -std=gnu99 -O2 -g -m32 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-initializer-overrides -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-string-plus-int -Wno-typedef-redefinition -Wno-tautological-type-limit-compare -Wno-psabi -fstack-protector-strong -isystem /home/oceanfish81/Desktop/qemu/linux-headers -isystem linux-headers -iquote /home/oceanfish81/Desktop/qemu/tcg/i386 -iquote . -iquote /home/oceanfish81/Desktop/qemu -iquote /home/oceanfish81/Desktop/qemu/accel/tcg -iquote /home/oceanfish81/Desktop/qemu/include -iquote /home/oceanfish81/Desktop/qemu/disas/libvixl -pthread -Wno-unused-function -fPIC -MD -MQ libqemuutil.a.p/util_qsp.c.o -MF libqemuutil.a.p/util_qsp.c.o.d -o libqemuutil.a.p/util_qsp.c.o -c ../util/qsp.c +In file included from ../util/qsp.c:62: +In file included from /home/oceanfish81/Desktop/qemu/include/qemu/thread.h:4: +In file included from /home/oceanfish81/Desktop/qemu/include/qemu/processor.h:10: +/home/oceanfish81/Desktop/qemu/include/qemu/atomic.h:495:5: error: misaligned atomic operation may incur significant performance penalty [-Werror,-Watomic-alignment] + qatomic_set__nocheck(ptr, val); + ^ +/home/oceanfish81/Desktop/qemu/include/qemu/atomic.h:138:5: note: expanded from macro 'qatomic_set__nocheck' + __atomic_store_n(ptr, i, __ATOMIC_RELAXED) + ^ +/home/oceanfish81/Desktop/qemu/include/qemu/atomic.h:485:12: error: misaligned atomic operation may incur significant performance penalty [-Werror,-Watomic-alignment] + return qatomic_read__nocheck(ptr); + ^ +/home/oceanfish81/Desktop/qemu/include/qemu/atomic.h:129:5: note: expanded from macro 'qatomic_read__nocheck' + __atomic_load_n(ptr, __ATOMIC_RELAXED) + ^ +2 errors generated. +ninja: build stopped: subcommand failed. \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/1907137 b/results/classifier/deepseek-2-tmp/output/assembly/1907137 new file mode 100644 index 000000000..f9a17107b --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/1907137 @@ -0,0 +1,37 @@ + +LDTR not properly emulated when MTE tag checks enabled at EL0 + +I am trying to boot Android (just the non-GUI parts for now) under QEMU with MTE enabled. This can be done by following the instructions here to build the fvp-eng target with MTE support: + +https://cs.android.com/android/platform/superproject/+/master:device/generic/goldfish/fvpbase/ + +and launching QEMU with the following command: + +qemu-system-aarch64 -kernel $ANDROID_PRODUCT_OUT/kernel -initrd $ANDROID_PRODUCT_OUT/combined-ramdisk.img -machine virt,mte=on -cpu max -drive driver=raw,file=$ANDROID_PRODUCT_OUT/system-qemu.img,if=none,id=system -device virtio-blk-device,drive=system -append "console=ttyAMA0 earlyprintk=ttyAMA0 androidboot.hardware=fvpbase androidboot.boot_devices=a003e00.virtio_mmio loglevel=9 printk.devkmsg=on buildvariant=eng" -m 512 -nographic -no-reboot + +If I do this then QEMU crashes like so: + +** +ERROR:../target/arm/mte_helper.c:558:mte_check_fail: code should not be reached +Bail out! ERROR:../target/arm/mte_helper.c:558:mte_check_fail: code should not be reached + +The error is caused by an MTE tag check fault from an LDTR instruction in __arch_copy_from_user. At this point TCF=0 and TCF0=2. + +I have this patch that gets me past the error but it is unclear whether this is the correct fix since there may be other confusion between TCF and TCF0 elsewhere. + +diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c +index 153bd1e9df..aa5db4eac4 100644 +--- a/target/arm/mte_helper.c ++++ b/target/arm/mte_helper.c +@@ -552,10 +552,8 @@ static void mte_check_fail(CPUARMState *env, uint32_t desc, + case 0: + /* + * Tag check fail does not affect the PE. +- * We eliminate this case by not setting MTE_ACTIVE +- * in tb_flags, so that we never make this runtime call. + */ +- g_assert_not_reached(); ++ break; + + case 2: + /* Tag check fail causes asynchronous flag set. */ \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/235 b/results/classifier/deepseek-2-tmp/output/assembly/235 new file mode 100644 index 000000000..a7e391b98 --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/235 @@ -0,0 +1,2 @@ + +atomic failure linking with --enable-sanitizers on 32-bit Linux hosts diff --git a/results/classifier/deepseek-2-tmp/output/assembly/2899 b/results/classifier/deepseek-2-tmp/output/assembly/2899 new file mode 100644 index 000000000..24733665d --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/2899 @@ -0,0 +1,37 @@ + +Regression 10.0.0rc1: Segmentation fault on executing QEMU advent calendar 2014, day 4 +Description of problem: +On executing QEMU, a segmentation fault occurs +Steps to reproduce: +1. Download https://www.qemu-advent-calendar.org/2014/download/stxmas.tar.xz +2. Execute with QEMU command line +Additional information: +git bisect finishes with: + +``` +456709db50f424d112bc5f07260fdc51555f3a24 is the first bad commit +commit 456709db50f424d112bc5f07260fdc51555f3a24 +Author: Paolo Bonzini <pbonzini@redhat.com> +Date: Sun Dec 15 10:06:10 2024 +0100 + + target/i386: execute multiple REP/REPZ iterations without leaving TB + + Use a TCG loop so that it is not necessary to go through the setup steps + of REP and through the I/O check on every iteration. Interestingly, this + is not a particularly effective optimization on its own, though it avoids + the cost of correct RF emulation that was added in the previous patch. + The main benefit lies in allowing the hoisting of loop invariants outside + the loop, which will happen separately. + + The loop exits when the low 16 bits of CX/ECX/RCX are zero (so generally + speaking the string operation runs in 65536 iteration batches) to give + the main loop an opportunity to pick up interrupts. + + Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> + Reviewed-by: Richard Henderson <richard.henderson@linaro.org> + Link: https://lore.kernel.org/r/20241215090613.89588-12-pbonzini@redhat.com + Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> + + target/i386/tcg/translate.c | 55 ++++++++++++++++++++++++++++++++++++++++----- + 1 file changed, 49 insertions(+), 6 deletions(-) +``` diff --git a/results/classifier/deepseek-2-tmp/output/assembly/739785 b/results/classifier/deepseek-2-tmp/output/assembly/739785 new file mode 100644 index 000000000..e1999c8a2 --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/739785 @@ -0,0 +1,35 @@ + +qemu-i386 user mode can't fork (bash: fork: Invalid argument) + +Good time of day everybody, + +I have been trying to make usermode qemu on ARM with plugapps (archlinux) with archlinux i386 chroot to work. + +1. I installed arch linux in a virtuabox and created a chroot for it with mkarchroot. Transferred it to my pogo plug into /i386/ +2. I comiled qemu-i386 static and put it into /i386/usr/bin/ +./configure --static --disable-blobs --disable-system --target-list=i386-linux-user +make + +3. I also compiled linux kernel 2.6.38 with CONFIG_BINFMT_MISC=y and installed it. +uname -a +Linux Plugbox 2.6.38 #4 PREEMPT Fri Mar 18 22:19:10 CDT 2011 armv5tel Feroceon 88FR131 rev 1 (v5l) Marvell SheevaPlug Reference Board GNU/Linux + +4. Added the following options into /etc/rc.local +/sbin/modprobe binfmt_misc +/bin/mount binfmt_misc -t binfmt_misc /proc/sys/fs/binfmt_misc +echo ':qemu-i386:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfb\xff\xff\xff:/usr/bin/qemu-i386:' >/proc/sys/fs/binfmt_misc/register + +5. Also copied ld-linux.so.3 (actually ld-2.13.so because ld-linux.so.3 is a link to that file) from /lib/ to /i386/lib/ + +6.Now i chroot into /i386 and I get this: +[root@Plugbox i386]# chroot . +[II aI hnve ao n@P /]# pacman -Suy +bash: fork: Invalid argument + +7.I also downloaded linux-user-test-0.3 from qemu website and ran the test: +[root@Plugbox linux-user-test-0.3]# make +./qemu-linux-user.sh +[qemu-i386] +../qemu-0.14.0/i386-linux-user/qemu-i386 -L ./gnemul/qemu-i386 i386/ls -l dummyfile +BUG IN DYNAMIC LINKER ld.so: dl-version.c: 210: _dl_check_map_versions: Assertion `needed != ((void *)0)' failed! +make: *** [test] Error 127 \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/881637 b/results/classifier/deepseek-2-tmp/output/assembly/881637 new file mode 100644 index 000000000..c85651bee --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/881637 @@ -0,0 +1,15 @@ + +QEMU fails to build on OpenBSD/hppa + +Trying to build previous QEMU releases as well as git code fails on OpenBSD/hppa... + +cc -I/home/hack/jasper/qemu/slirp -I. -I/home/hack/jasper/qemu -I/home/hack/jasper/qemu/fpu -I/home/hack/jasper/qemu/tcg -I/home/hack/jasper/qemu/tcg/hppa -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -Wno-redundant-decls -I/usr/local/include -I/usr/X11R6/include -Wendif-labels -Wmissing-include-dirs -Wnested-externs -Wformat-security -Wformat-y2k -Winit-self -Wold-style-definition -I/usr/local/include/libpng -DHAS_AUDIO -DHAS_AUDIO_CHOICE -DTARGET_PHYS_ADDR_BITS=64 -I.. -I/home/hack/jasper/qemu/target-i386 -DNEED_CPU_H -pthread -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/local/include/libpng -pthread -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -MMD -MP -MT translate.o -MF ./translate.d -O2 -g -c -o translate.o /home/hack/jasper/qemu/target-i386/translate.c +/tmp//ccvNbj1U.s: Assembler messages: +/tmp//ccvNbj1U.s:258792: Error: Field out of range [-262144..262143] (-262776). +/tmp//ccvNbj1U.s:261989: Error: Field out of range [-262144..262143] (-267096). +/tmp//ccvNbj1U.s:262006: Error: Field out of range [-262144..262143] (-267136). +/tmp//ccvNbj1U.s:264184: Error: Field out of range [-262144..262143] (-270612). +/tmp//ccvNbj1U.s:271893: Error: Field out of range [-262144..262143] (-281260). +/tmp//ccvNbj1U.s:276623: Error: Field out of range [-262144..262143] (-288784). +/tmp//ccvNbj1U.s:276906: Error: Field out of range [-262144..262143] (-289636). +/tmp//ccvNbj1U.s:277122: Error: Field out of range [-262144..262143] (-290280). \ No newline at end of file diff --git a/results/classifier/deepseek-2-tmp/output/assembly/942659 b/results/classifier/deepseek-2-tmp/output/assembly/942659 new file mode 100644 index 000000000..d299cdeea --- /dev/null +++ b/results/classifier/deepseek-2-tmp/output/assembly/942659 @@ -0,0 +1,32 @@ + +ARM: CORTEX M, PRIMASK does not disable interrupts + +qemu version 0.15.1 +but the same code is in qemu 1.0 + +"CPSID I" does not disable interrupts for CORTEX M3 + + +if (interrupt_request & CPU_INTERRUPT_HARD + && ((IS_M(env) && env->regs[15] < 0xfffffff0) + || !(env->uncached_cpsr & CPSR_I))) { + env->exception_index = EXCP_IRQ; + do_interrupt(env); + next_tb = 0; + } + + +do_interrupt() will be executed even if (env->uncached_cpsr & CPSR_I) == 1 , disable interrupt bit set. + + +then changed to: + +if (interrupt_request & CPU_INTERRUPT_HARD + && !(env->uncached_cpsr & CPSR_I) + && (IS_M(env) ? env->regs[15] < 0xfffffff0: 1) ) { + env->exception_index = EXCP_IRQ; + do_interrupt(env); + next_tb = 0; + } + +works \ No newline at end of file |