QEMU for aarch64 with plugins seems to fail basic consistency checks

qemu-devel

[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

QEMU for aarch64 with plugins seems to fail basic consistency checks

From:	Robert Henry
Subject:	QEMU for aarch64 with plugins seems to fail basic consistency checks
Date:	Fri, 24 Jan 2020 00:45:14 +0000

I wrote a QEMU plugin for aarch64 where the insn and mem callbacks print out the specifics of the guest instructions as they are "executed". I expect this trace stream to be well behaved but it is not. By well-behaved, I expect memory insns print out some memory details, non-memory insns don't print anything, and the pc only changes after a control flow instruction. I don't see that gross correctness about 2% of the time.

I'm using qemu at tag v4.2.0 (or master head; it doesn't matter), running on a x86_64 host.
I build qemu using ./configure --disable-sdl --enable-gtk --enable-plugins --enable-debug --target-list=aarch64-softmmu aarch64-linux-user
I execute qemu from its build area build/aarch64-linux-user/qemu-aarch64, with flags --cpu cortex-a72 and the appropriate args to --plugin ... -d plugin -D .....
I'm emulating a simple C program in linux emulation mode.
The resulting qemu execution is valgrind clean (eg, I run qemu under valgrind) for my little program save for memory leaks I reported a few days ago.

Below is an example of my trace output (the first int printed is the cpu_index, checked to be always 0). Note that the ldr instruction at 0x41a608 sometimes reports a memop, but most of the time it doesn't. Note that 0x41a608 is seen, by trace, running back to back. Note that (bottom of trace) that the movz instruction reports a memop. (The executed code comes from glibc _dl_aux_init, executed before main() is called.)

How should this problem be tackled? I can't figure out how to make each tcg block be exactly 1 guest (aarch64) insn, which is where I'd first start out.

0 0x000000000041a784 0x000000000041a784 0xf1000c3f cmp x1, #3

0 0x000000000041a788 0x000000000041a788 0x54fff401 b.ne #0xfffffffffffffe80

0 0x000000000041a78c 0x000000000041a78c 0x52800033 movz w19, #0x1

0 0x000000000041a790 0x000000000041a790 0xf9400416 ldr x22, [x0, #8] 0 mem {3 0 0 0} 0x0000004000800618

0 0x000000000041a794 0x000000000041a794 0x17ffff9d b #0xfffffffffffffe74

0 0x000000000041a608 0x000000000041a608 0xf8410c01 ldr x1, [x0, #0x10]! 0 mem {3 0 0 0} 0x0000004000800620

0 0x000000000041a60c 0x000000000041a60c 0xb4000221 cbz x1, #0x44

0 0x000000000041a608 0x000000000041a608 0xf8410c01 ldr x1, [x0, #0x10]!

0 0x000000000041a60c 0x000000000041a60c 0xb4000221 cbz x1, #0x44

0 0x000000000041a608 0x000000000041a608 0xf8410c01 ldr x1, [x0, #0x10]!

0 0x000000000041a608 0x000000000041a608 0xf8410c01 ldr x1, [x0, #0x10]!

0 0x000000000041a60c 0x000000000041a60c 0xb4000221 cbz x1, #0x44

0 0x000000000041a608 0x000000000041a608 0xf8410c01 ldr x1, [x0, #0x10]!

0 0x000000000041a608 0x000000000041a608 0xf8410c01 ldr x1, [x0, #0x10]!

0 0x000000000041a60c 0x000000000041a60c 0xb4000221 cbz x1, #0x44

0 0x000000000041a608 0x000000000041a608 0xf8410c01 ldr x1, [x0, #0x10]!

0 0x000000000041a60c 0x000000000041a60c 0xb4000221 cbz x1, #0x44

0 0x000000000041a608 0x000000000041a608 0xf8410c01 ldr x1, [x0, #0x10]!

0 0x000000000041a60c 0x000000000041a60c 0xb4000221 cbz x1, #0x44

0 0x000000000041a608 0x000000000041a608 0xf8410c01 ldr x1, [x0, #0x10]! 0 mem {3 0 0 0} 0x0000004000800630

0 0x000000000041a60c 0x000000000041a60c 0xb4000221 cbz x1, #0x44

0 0x000000000041a608 0x000000000041a608 0xf8410c01 ldr x1, [x0, #0x10]!

0 0x000000000041a60c 0x000000000041a60c 0xb4000221 cbz x1, #0x44

0 0x000000000041a608 0x000000000041a608 0xf8410c01 ldr x1, [x0, #0x10]!

0 0x000000000041a608 0x000000000041a608 0xf8410c01 ldr x1, [x0, #0x10]!

0 0x000000000041a60c 0x000000000041a60c 0xb4000221 cbz x1, #0x44

0 0x000000000041a608 0x000000000041a608 0xf8410c01 ldr x1, [x0, #0x10]!

0 0x000000000041a608 0x000000000041a608 0xf8410c01 ldr x1, [x0, #0x10]!

0 0x000000000041a60c 0x000000000041a60c 0xb4000221 cbz x1, #0x44

0 0x000000000041a7d8 0x000000000041a7d8 0x52800035 movz w21, #0x1

0 0x000000000041a7dc 0x000000000041a7dc 0xf9400418 ldr x24, [x0, #8] 0 mem {3 0 0 0} 0x0000004000800638

0 0x000000000041a7e0 0x000000000041a7e0 0x17ffff8a b #0xfffffffffffffe28

0 0x000000000041a7d8 0x000000000041a7d8 0x52800035 movz w21, #0x1 0 mem {3 0 0 0} 0x0000004000800640

[Prev in Thread]

Current Thread

[Next in Thread]

QEMU for aarch64 with plugins seems to fail basic consistency checks, Robert Henry <=
- Re: QEMU for aarch64 with plugins seems to fail basic consistency checks, Laurent Desnogues, 2020/01/24
- Re: QEMU for aarch64 with plugins seems to fail basic consistency checks, Alex Bennée, 2020/01/24
  - Re: [EXTERNAL] Re: QEMU for aarch64 with plugins seems to fail basic consistency checks, Robert Henry, 2020/01/24
    - Re: [EXTERNAL] Re: QEMU for aarch64 with plugins seems to fail basic consistency checks, Alex Bennée, 2020/01/24
    - Re: [EXTERNAL] Re: QEMU for aarch64 with plugins seems to fail basic consistency checks, Robert Henry, 2020/01/27

Prev by Date: Re: [PATCH rc1 14/24] target/avr: Add section about AVR into QEMU documentation
Next by Date: [PATCH rc2 00/25] target/avr merger
Previous by thread: [PATCH 0/5] target/s390x: Do not leak stack address in translate_one
Next by thread: Re: QEMU for aarch64 with plugins seems to fail basic consistency checks
Index(es):
- Date
- Thread