id = 799
title = "TCG Optimizer crashes on AArch64 SVE2 instruction"
state = "closed"
created_at = "2022-01-03T10:35:06.082Z"
closed_at = "2022-01-05T02:53:01.437Z"
labels = ["Closed::Fixed", "Stable::to backport", "accel: TCG", "kind::Bug", "target: arm"]
url = "https://gitlab.com/qemu-project/qemu/-/issues/799"
host-os = "Fedora 35"
host-arch = "x86_64"
qemu-version = "QEMU emulator version 6.2.0 (v6.2.0) + QEMU latest master"
guest-os = "None"
guest-arch = "ARM aarch64"
description = """QEMU crashes due to an assertion in the TCG optimizer when optimizing an SVE2 instruction:
```
Unrecognized operation 145 in do_constant_folding.
../tcg/optimize.c:458: tcg fatal error
```"""
reproduce = """1. Compile the following minimized reproducer: (a pre-compiled image is provided for convenience - [reproducer.img](/uploads/0bddbfac55306a297fee59dd2f6923cf/reproducer.img))
```asm
.org 0x0
entry:
    mrs     x1, cptr_el3
    orr     x9, x1, #0x100
    msr     cptr_el3,   x9

    msr     cptr_el2,   xzr

    mov     x1, #0x3
    mrs     x9, cpacr_el1
    bfi     x9, x1, #16, #2
    bfi     x9, x1, #20, #2
    msr     cpacr_el1,  x9

    mov     x9, 512
    mov     x0, x9
    asr     x0, x0, 7
    sub     x9, x0, #1
    msr     zcr_el1, x9

    mov     x9, 512
    mov     x0, x9
    asr     x0, x0, 7
    sub     x9, x0, #1
    msr     zcr_el2, x9

    mov     x9, 512
    mov     x0, x9
    asr     x0, x0, 7
    sub     x9, x0, #1
    msr     zcr_el3, x9

    uqxtnt  z11.s, z22.d
```
2. Execute it using the command line given above."""
additional = """I tested latest master as well, and the problem persists."""