SS linux x86_64 no jit: crash on boot

[rakslice]

I was reminded because of some testing on emaculation master -- but that wasn't the first time I had seen it -- that linux x86_64 has a curious crash on boot but only when JIT is off.

i686 jit true -> boots to desktop ok i686 jit false -> boots to desktop ok x86_64 jit true -> boots to desktop ok x86_64 jit false -> segfault on the boot screen before the first extension icon appears, no PPC stack trace

[rakslice]

O0 isn't affected.

Check what other forks this currently applies to, and make test where applicable.

[rakslice]

Testing with the kanjitalk_755 version in Debian 9

Linux debcdehax 4.9.0-14-amd64 #1 SMP Debian 4.9.240-2 (2020-10-30) x86_64 GNU/Linux

Build with:

$ gcc --version
gcc (Debian 6.3.0-18+deb9u1) 6.3.0 20170516
Copyright (C) 2016 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

The backtrace is:

Thread 1 "SheepShaver" received signal SIGSEGV, Segmentation fault.
powerpc_cpu::execute_loadstore<op_template_nop<unsigned int>, input_gpr_except<bit_field<11, 15>, 0>, gpr_operand<bit_field<16, 20> >, false, 4, false, false> (this=0x79bfbfc0, opcode=<optimized out>) at ../kpx_cpu/src/cpu/ppc/ppc-execute.cpp:576
576                     memory_helper<SZ, RX>::store(ea, operand_RS::get(this, opcode));
(gdb) bt
#0  powerpc_cpu::execute_loadstore<op_template_nop<unsigned int>, input_gpr_except<bit_field<11, 15>, 0>, gpr_operand<bit_field<16, 20> >, false, 4, false, false> (this=0x79bfbfc0, opcode=<optimized out>) at ../kpx_cpu/src/cpu/ppc/ppc-execute.cpp:576
#1  0x00000000780b6518 in nv_mem_fun1_t<void, powerpc_cpu, unsigned int>::operator() (x=<optimized out>, p=0x79bfbfc0, this=0x1038f960)
    at ../kpx_cpu/include/nvmemfun.hpp:108
#2  powerpc_cpu::execute (this=0x79bfbfc0, entry=entry@entry=1085341696) at ../kpx_cpu/src/cpu/ppc/ppc-cpu.cpp:697
#3  0x00000000780cd69e in emul_ppc (entry=entry@entry=1085341696) at ../kpx_cpu/sheepshaver_glue.cpp:938
#4  0x0000000078065707 in jump_to_rom (entry=1085341696) at main_unix.cpp:1271
#5  emul_func (arg=0x0) at main_unix.cpp:1291
#6  main (argc=<optimized out>, argv=<optimized out>) at main_unix.cpp:1112

[rakslice]

(gdb) list
571             const uint32 ea = a + b;
572
573             if (LD)
574                     operand_RD::set(this, opcode, OP::apply(memory_helper<SZ, RX>::load(ea)));
575             else
576                     memory_helper<SZ, RX>::store(ea, operand_RS::get(this, opcode));
577
578             if (UP)
579                     RA::set(this, opcode, ea);
580  

Execution is at

(gdb) p dump_registers()
 r0 00000000   r1 05ff8a88   r2 00000000   r3 0018988e
 r4 bf8ec086   r5 00006704   r6 00004e75   r7 0000005c
 r8 bf8ec086   r9 00000000  r10 00189886  r11 0000005a
r12 00000001  r13 00000000  r14 00000000  r15 00000001
r16 4089dec0  r17 00189886  r18 000c23f4  r19 000435a0
r20 05ff8aee  r21 000c23c6  r22 06000400  r23 00000000
r24 0018989e  r25 00000020  r26 fffffffe  r27 00000008
r28 00000000  r29 40c90a00  r30 40c60000  r31 68fff000
 f0 0.00000   f1 0.00000   f2 0.00000   f3 0.00000
 f4 0.00000   f5 0.00000   f6 0.00000   f7 0.00000
 f8 0.00000   f9 0.00000  f10 0.00000  f11 0.00000
f12 0.00000  f13 0.00000  f14 0.00000  f15 0.00000
f16 0.00000  f17 0.00000  f18 0.00000  f19 0.00000
f20 0.00000  f21 0.00000  f22 0.00000  f23 0.00000
f24 0.00000  f25 0.00000  f26 0.00000  f27 0.00000
f28 0.00000  f29 0.00000  f30 0.00000  f31 0.00000
 lr 40c90a00  ctr 00000000   cr 90100307  xer 80000000
 pc 40c61430 fpscr 00000000
$1 = void
(gdb) p dump_disassembly(0x40c61430, 8,8)
  0x40c61410:  lhau    r27,2(r24)
  0x40c61414:  stw     r4,0(r16)
  0x40c61418:  addi    r16,r16,4
  0x40c6141c:  bgelr+  cr2
  0x40c61420:  b       0x40c6d0a4
  0x40c61424:  lhau    r27,2(r24)
  0x40c61428:  addco.  r4,r4,r0
  0x40c6142c:  lhau    r6,2(r24)
 >0x40c61430:  stwx    r4,r16,r27
  0x40c61434:  rlwimi  r29,r6,3,13,28
  0x40c61438:  mtlr    r29
  0x40c6143c:  lhau    r27,2(r24)
  0x40c61440:  bgelr+  cr2
  0x40c61444:  b       0x40c6d0a4
  0x40c61448:  lhau    r27,2(r24)
  0x40c6144c:  addco.  r4,r4,r0
  0x40c61450:  extsb   r7,r27
$2 = void

[rakslice]

(gdb) disas /r $pc,+30
Dump of assembler code from 0x780c3688 to 0x780c36a6:
=> 0x00000000780c3688 <powerpc_cpu::execute_loadstore<op_template_nop<unsigned int>, input_gpr_except<bit_field<11, 15>, 0>, gpr_operand<bit_field<1                                
6, 20> >, false, 4, false, false>(unsigned int)+40>:    67 89 10        mov    %edx,(%eax)
   0x00000000780c368b <powerpc_cpu::execute_loadstore<op_template_nop<unsigned int>, input_gpr_except<bit_field<11, 15>, 0>, gpr_operand<bit_field<1                                
6, 20> >, false, 4, false, false>(unsigned int)+43>:    83 87 ac 03 00 00 04    addl   $0x4,0x3ac(%rdi)
   0x00000000780c3692 <powerpc_cpu::execute_loadstore<op_template_nop<unsigned int>, input_gpr_except<bit_field<11, 15>, 0>, gpr_operand<bit_field<1                                
6, 20> >, false, 4, false, false>(unsigned int)+50>:    c3      retq
   0x00000000780c3693:  90      nop

...

I've seen this one before; ix86_skip_instruction() can't deal with 0x67 x86_64 32-bit address mode prefix.

[rakslice]

This prefix is what distinguishes e.g.

mov %edx,(%eax)

from

mov %edx,(%rax)

[rakslice]

See also https://wiki.osdev.org/X86-64_Instruction_Encoding#Legacy_Prefixes

[rakslice]

This was fixed in https://github.com/rakslice/macemu/tree/x64_32_instruction_skip, and a PR for it was merged at kanjitalk755