id = 847
title = "rdhpr %htstate unimplemented in translator"
state = "closed"
created_at = "2022-01-29T14:32:17.738Z"
closed_at = "2023-10-27T10:08:00.783Z"
labels = ["Closed::Fixed", "accel: TCG", "kind::Bug", "target: sparc"]
url = "https://gitlab.com/qemu-project/qemu/-/issues/847"
host-os = "Debian 10"
host-arch = "x86_64"
qemu-version = "QEMU emulator version 6.2.50 current git master (7a1043cef9)"
guest-os = "None"
guest-arch = "sun4v"
description = """I accidentally mixed up a copy of T1 and T2 sun4v firmwares and was able to trigger the following TCG assert ``tcg_reg_alloc_mov: Assertion `ts->val_type == TEMP_VAL_REG' failed.`` upon boot.

Having discovered my mistake I was expecting the guest to crash at some point but without triggering an
assert."""
reproduce = """1. Download the attached file bug.tar.gz and extract it

2. Apply the following diff to update the UART address for the T2 firmware

```
diff --git a/hw/sparc64/niagara.c b/hw/sparc64/niagara.c
index ccad2c43a3..7af64bd50f 100644
--- a/hw/sparc64/niagara.c
+++ b/hw/sparc64/niagara.c
@@ -51,7 +51,7 @@ typedef struct NiagaraBoardState {
 
 #define NIAGARA_PARTITION_RAM_BASE 0x80000000ULL
 
-#define NIAGARA_UART_BASE   0x1f10000000ULL
+#define NIAGARA_UART_BASE   0xfff0c2c000ULL
 
 #define NIAGARA_NVRAM_BASE  0x1f11000000ULL
 #define NIAGARA_NVRAM_SIZE  0x2000
```

3. Run `./qemu-system-sparc64 -M niagara -L ./bug/ -m 256 -nographic`"""
additional = """"""