search

vivier / qemu-m68k

Other
40 stars 6 forks source link

/root/qemu-m68k/tcg/tcg.c:2532: tcg fatal error when running GHC #28

Closed glaubitz closed 6 years ago

glaubitz commented 6 years ago

The recent revision of the m68k-dev has introduced a regression with GHC:

configure: Building in-tree ghc-pwd
/root/qemu-m68k/tcg/tcg.c:2532: tcg fatal error
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
./configure: line 4244:  1687 Segmentation fault      "$WithGhc" $GHC_LDFLAGS -v0 -no-user-$GHC_PACKAGE_DB_FLAG -hidir utils/ghc-pwd/dist-boot -odir utils/ghc-pwd/dist-boot
 -stubdir utils/ghc-pwd/dist-boot --make utils/ghc-pwd/Main.hs -o utils/ghc-pwd/dist-boot/ghc-pwd
configure: error: Building ghc-pwd failed

My last version qemu-m68k-static.20171228 works fine, so this is another regression.

vivier commented 6 years ago

Could you explain how I can reproduce it? Thanks.

glaubitz commented 6 years ago

Set up a Debian m68k chroot and install the ghc package. Make sure you have /proc bind-mounted into the chroot (i.e. mount -o bind /proc /path/to/m68k-chroot/proc/).

Then create a source file Main.hs with the following source code:

module Main where

import System.Directory
import System.Environment
import System.Exit
import System.IO

main :: IO ()
main = do
    args <- getArgs
    case args of
        [] -> do d <- getCurrentDirectory
                 putStr $ map forwardifySlashes d
        _ -> do hPutStrLn stderr ("Bad args: " ++ show args)
                hPutStrLn stderr "Usage: ghc-pwd"
                exitFailure

forwardifySlashes :: Char -> Char
forwardifySlashes '\\' = '/'
forwardifySlashes c = c

Then just try to compile it:

(sid-m68k-sbuild)root@nofan:/# ghc Main.hs 
/root/qemu-m68k/tcg/tcg.c:2532: tcg fatal error
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault
(sid-m68k-sbuild)root@nofan:/#
vivier commented 6 years ago

For me, the problem is also fixed by:

Author: Laurent Vivier laurent@vivier.eu Date: Fri Feb 16 12:19:36 2018 +0100

m68k: Test if we overflow the temp variable array

Since commit 15fa08f845 ("tcg: Dynamically allocate TCGOps")
we have no limit to fill the TCGOps cache and we can fill
the entire TCG variables array and overflow it.

To avoid that, we stop the translation when the array is close to
be full.

Signed-off-by: Laurent Vivier <laurent@vivier.eu>

Could you retry HEAD of m68k-dev?

Thanks

glaubitz commented 6 years ago

Could you retry HEAD of m68k-dev?

Cannot confirm. Still crashes on m68k-dev/HEAD for me:

(sid-m68k-sbuild)root@nofan:/# ghc Main.hs 
/root/qemu-m68k/tcg/tcg.c:2532: tcg fatal error
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault
(sid-m68k-sbuild)root@nofan:/#
glaubitz commented 6 years ago

Downgrading to an earlier build fixes the problem for me:

root@nofan:/local_scratch/sid-m68k-sbuild> cp -av /root/qemu-m68k-static.20171228 usr/bin/qemu-m68k-static 
'/root/qemu-m68k-static.20171228' -> 'usr/bin/qemu-m68k-static'
root@nofan:/local_scratch/sid-m68k-sbuild> cp -av /root/qemu-m68k-static.20171228 /usr/bin/qemu-m68k-static 
'/root/qemu-m68k-static.20171228' -> '/usr/bin/qemu-m68k-static'
root@nofan:/local_scratch/sid-m68k-sbuild> chroot .
bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
(sid-m68k-sbuild)root@nofan:/# ghc Main.hs 
[1 of 1] Compiling Main             ( Main.hs, Main.o )
Linking Main ...
(sid-m68k-sbuild)root@nofan:/#
vivier commented 6 years ago

What is the commit id of your HEAD?

I'm on 4767ad0f98 "m68k: Test if we overflow the temp variable array" and it works.

glaubitz commented 6 years ago

Same:

Commit 4767ad0f983af477a60080342f282b72b4976999
Author: Laurent Vivier <laurent@vivier.eu>
Date:   Fri Feb 16 12:19:36 2018 +0100

    m68k: Test if we overflow the temp variable arrayommit 4767ad0f983af477a60080342f282b72b4976999
Author: Laurent Vivier <laurent@vivier.eu>
Date:   Fri Feb 16 12:19:36 2018 +0100

    m68k: Test if we overflow the temp variable array

I am confused.

vivier commented 6 years ago

What are the parameters of your ./configure? (can be found in config.status file in the build directory)

glaubitz commented 6 years ago 
#!/bin/sh
# Generated by configure.
# Run this file to recreate the current configuration.
# Compiler output produced by configure, useful for debugging
# configure, is in config.log if it exists.
exec './configure' '--target-list=m68k-linux-user' '--static' '--disable-glusterfs' "$@"
glaubitz commented 6 years ago

Hmm, I just tried on a different machine and it seems to work there.

The machine where it crashes runs Debian Stretch and therefore builds with gcc-6. The other machine is on unstable and gcc-7.

vivier commented 6 years ago

According to the error: /root/qemu-m68k/tcg/tcg.c:2532: tcg fatal error the problem is in temp_allocate_frame() and looks like a TCG variable array overflow, and this problem should be fixed by 4767ad0.

glaubitz commented 6 years ago

Yes, but the patch is definitely there because otherwise gcc wouldn't work.

However, it does work on the other machine. Will try later with a fresh chroot.

vivier commented 6 years ago

Perhaps the marging is not big enough.

Try: diff --git a/target/m68k/translate.c b/target/m68k/translate.c index 5ad1d72dc9..baa5a74f56 100644 --- a/target/m68k/translate.c +++ b/target/m68k/translate.c @@ -6076,7 +6076,7 @@ void gen_intermediate_code(CPUState cs, TranslationBlock tb)

         dc->insn_pc = dc->pc;
        disas_m68k_insn(env, dc);
-    } while (!dc->is_jmp && !tcg_op_buf_full() && !tcg_temp_full(32) &&
+    } while (!dc->is_jmp && !tcg_op_buf_full() && !tcg_temp_full(64) &&
              !cs->singlestep_enabled &&
              !singlestep &&
              (pc_offset) < (TARGET_PAGE_SIZE - 32) &&
vivier commented 6 years ago

I have pushed a cleaner solution in m68k-dev: a8a726e111 target/m68k: use tcg_temp_try_free() 1227185206 tcg: introduce tcg_temp_try_free() 78244081eb target/m68k: TCGv returned by gen_load() must be freed

glaubitz commented 6 years ago

Still segfaults on one machine:

root@nofan:/# ghc Main.hs
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault
root@nofan:/#

and still works on the other machine:

(sid-m68k-sbuild)root@z6:/# ghc Main.hs
[1 of 1] Compiling Main             ( Main.hs, Main.o )
Linking Main ...
(sid-m68k-sbuild)root@z6:/#
glaubitz commented 6 years ago

Try:

diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index 5ad1d72dc9..baa5a74f56 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -6076,7 +6076,7 @@ void gen_intermediate_code(CPUState *cs, TranslationBlock *tb)

         dc->insn_pc = dc->pc;
        disas_m68k_insn(env, dc);
-    } while (!dc->is_jmp && !tcg_op_buf_full() && !tcg_temp_full(32) &&
+    } while (!dc->is_jmp && !tcg_op_buf_full() && !tcg_temp_full(64) &&
              !cs->singlestep_enabled &&
              !singlestep &&
              (pc_offset) < (TARGET_PAGE_SIZE - 32) &&

This actually fixes the problem!

FWIW, the machine where it crashes is a very fast Core i7 (Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz) while the machine where it doesn't crash is a Xeon with much lower performance per core (Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz).

vivier commented 6 years ago

Pushed to m68k-dev

fd5fd4660e m68k: Test if we overflow the temp variable array

glaubitz commented 6 years ago

I think we can close this now. qemu from git master works fine for me.

glaubitz commented 6 years ago

Since this issue has been resolved upstream, I am closing it now.