summary refs log tree commit diff stats
path: root/results/classifier/deepseek-2/output/manual-review/2208
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/deepseek-2/output/manual-review/2208')
-rw-r--r--results/classifier/deepseek-2/output/manual-review/220889
1 files changed, 89 insertions, 0 deletions
diff --git a/results/classifier/deepseek-2/output/manual-review/2208 b/results/classifier/deepseek-2/output/manual-review/2208
new file mode 100644
index 000000000..e04a11636
--- /dev/null
+++ b/results/classifier/deepseek-2/output/manual-review/2208
@@ -0,0 +1,89 @@
+
+PC is not updated for each instruction in TCG plugins
+Description of problem:
+I have checkout the `master` branch (the latest available commit on my machine is *7d4e29ef80*) to test the new functions that allow plugins to read registers. See https://gitlab.com/qemu-project/qemu/-/issues/1706 that has been closed last Friday.
+
+I am using a simple hello-world binary for ARM for my tests:
+
+```bash
+% ./qemu-aarch64 hello-world.out
+Hello World!
+```
+
+I run this binary with the *execlog* plugin enabled, and with the `-one-insn-per-tb` option:
+
+```bash
+% ./qemu-aarch64 -d plugin -plugin ./contrib/plugins/libexeclog.so,reg=pc -one-insn-per-tb hello-world.out
+```
+
+Here is the end of the execution:
+
+```raw
+0, 0x40e470, 0x54000040, "b.eq #0x40e478", pc -> 0x00000000000040e474
+0, 0x40e474, 0xd65f03c0, "ret ", pc -> 0x00000000000040d38c
+0, 0x40d38c, 0xf945fab5, "ldr x21, [x21, #0xbf0]", load, 0x00490bf0, pc -> 0x00000000000040d390
+0, 0x40d390, 0xf9404fe0, "ldr x0, [sp, #0x98]", load, 0x7f635a9e7f28, pc -> 0x00000000000040d394
+0, 0x40d394, 0xf94002a1, "ldr x1, [x21]", load, 0x0048f9e8, pc -> 0x00000000000040d398
+0, 0x40d398, 0xeb010000, "subs x0, x0, x1", pc -> 0x00000000000040d39c
+0, 0x40d39c, 0xd2800001, "movz x1, #0", pc -> 0x00000000000040d3a0
+0, 0x40d3a0, 0x540006e1, "b.ne #0x40d47c", pc -> 0x00000000000040d3a4
+0, 0x40d3a4, 0x2a1903e0, "mov w0, w25", pc -> 0x00000000000040d3a8
+0, 0x40d3a8, 0xa94153f3, "ldp x19, x20, [sp, #0x10]", load, 0x7f635a9e7ea0, pc -> 0x00000000000040d3ac
+0, 0x40d3ac, 0xa9425bf5, "ldp x21, x22, [sp, #0x20]", load, 0x7f635a9e7eb0, pc -> 0x00000000000040d3b0
+0, 0x40d3b0, 0xa94363f7, "ldp x23, x24, [sp, #0x30]", load, 0x7f635a9e7ec0, pc -> 0x00000000000040d3b4
+0, 0x40d3b4, 0xa9446bf9, "ldp x25, x26, [sp, #0x40]", load, 0x7f635a9e7ed0, pc -> 0x00000000000040d3b8
+0, 0x40d3b8, 0xa8ca7bfd, "ldp x29, x30, [sp], #0xa0", load, 0x7f635a9e7e90, pc -> 0x00000000000040d3bc
+0, 0x40d3bc, 0xd65f03c0, "ret ", pc -> 0x000000000000405d80
+0, 0x405d80, 0xeb13029f, "cmp x20, x19", pc -> 0x000000000000405d84
+0, 0x405d84, 0x91000694, "add x20, x20, #1", pc -> 0x000000000000405d88
+0, 0x405d88, 0x54ffff81, "b.ne #0x405d78", pc -> 0x000000000000405d8c
+0, 0x405d8c, 0x2a1703e0, "mov w0, w23", pc -> 0x000000000000405d90
+0, 0x405d90, 0x94004c20, "bl #0x418e10", pc -> 0x000000000000418e10
+0, 0x418e10, 0x93407c02, "sxtw x2, w0", pc -> 0x000000000000418e14
+0, 0x418e14, 0x900003c4, "adrp x4, #0x490000", pc -> 0x000000000000418e18
+0, 0x418e18, 0xf946f084, "ldr x4, [x4, #0xde0]", load, 0x00490de0, pc -> 0x000000000000418e1c
+0, 0x418e1c, 0xd53bd043, "mrs x3, tpidr_el0", pc -> 0x000000000000418e20
+0, 0x418e20, 0xaa0203e0, "mov x0, x2", pc -> 0x000000000000418e24
+0, 0x418e24, 0xd2800bc8, "movz x8, #0x5e", pc -> 0x000000000000418e28
+0, 0x418e28, 0xd4000001, "svc #0"
+```
+
+Now, here is the same part of the execution but without the `-one-insn-per-tb` option:
+
+```raw
+0, 0x40e470, 0x54000040, "b.eq #0x40e478"
+0, 0x40e474, 0xd65f03c0, "ret ", pc -> 0x00000000000040d38c
+0, 0x40d38c, 0xf945fab5, "ldr x21, [x21, #0xbf0]", load, 0x00490bf0
+0, 0x40d390, 0xf9404fe0, "ldr x0, [sp, #0x98]", load, 0x7f4d42108f28
+0, 0x40d394, 0xf94002a1, "ldr x1, [x21]", load, 0x0048f9e8
+0, 0x40d398, 0xeb010000, "subs x0, x0, x1"
+0, 0x40d39c, 0xd2800001, "movz x1, #0"
+0, 0x40d3a0, 0x540006e1, "b.ne #0x40d47c", pc -> 0x00000000000040d3a4
+0, 0x40d3a4, 0x2a1903e0, "mov w0, w25"
+0, 0x40d3a8, 0xa94153f3, "ldp x19, x20, [sp, #0x10]", load, 0x7f4d42108ea0
+0, 0x40d3ac, 0xa9425bf5, "ldp x21, x22, [sp, #0x20]", load, 0x7f4d42108eb0
+0, 0x40d3b0, 0xa94363f7, "ldp x23, x24, [sp, #0x30]", load, 0x7f4d42108ec0
+0, 0x40d3b4, 0xa9446bf9, "ldp x25, x26, [sp, #0x40]", load, 0x7f4d42108ed0
+0, 0x40d3b8, 0xa8ca7bfd, "ldp x29, x30, [sp], #0xa0", load, 0x7f4d42108e90
+0, 0x40d3bc, 0xd65f03c0, "ret ", pc -> 0x000000000000405d80
+0, 0x405d80, 0xeb13029f, "cmp x20, x19"
+0, 0x405d84, 0x91000694, "add x20, x20, #1"
+0, 0x405d88, 0x54ffff81, "b.ne #0x405d78", pc -> 0x000000000000405d8c
+0, 0x405d8c, 0x2a1703e0, "mov w0, w23"
+0, 0x405d90, 0x94004c20, "bl #0x418e10", pc -> 0x000000000000418e10
+0, 0x418e10, 0x93407c02, "sxtw x2, w0"
+0, 0x418e14, 0x900003c4, "adrp x4, #0x490000"
+0, 0x418e18, 0xf946f084, "ldr x4, [x4, #0xde0]", load, 0x00490de0
+0, 0x418e1c, 0xd53bd043, "mrs x3, tpidr_el0"
+0, 0x418e20, 0xaa0203e0, "mov x0, x2"
+0, 0x418e24, 0xd2800bc8, "movz x8, #0x5e"
+0, 0x418e28, 0xd4000001, "svc #0"
+```
+
+The [documentation](https://www.qemu.org/docs/master/devel/tcg-plugins.html) says:
+
+> This plugin can also dump registers when they change value. Specify the name of the registers with multiple reg options.
+
+The `pc` register changes for each instruction. I would expect the plugin to produce the same output with or without the `-one-insn-per-tb` option.
+Additional information:
+The code that prints "pc -> 0x......" is in `insn_check_regs()` in `contrib/plugins/execlog.c`. It uses the new `qemu_plugin_read_register()` function and compares the new value to the previous value. The code seems OK. It means that the implementation of `qemu_plugin_read_register()` gets the same value several times in a row, instead of a new value each time.