diff mbox

[v2] ppc / sparc: Add a tester for checking whether OpenBIOS runs successfully

Message ID 1465912676-6089-1-git-send-email-thuth@redhat.com
State New
Headers show

Commit Message

Thomas Huth June 14, 2016, 1:57 p.m. UTC 
Since the mac99 and g3beige PowerPC machines recently broke without
being noticed, it would be good to have a tester for "make check"
that detects such issues immediately. A simple way to test the firmware
of these machines is to use the "-prom-env" parameter of QEMU. This
parameter can be used to put some Forth code into the 'boot-command'
firmware variable which then can signal success to the tester by
writing a magic value to a known memory location. And since some of the
Sparc machines are also using OpenBIOS, they are now tested with this
prom-env-tester, too.

Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
 v2: Removed unnecessary include statements (as suggested by Markus)

 tests/Makefile.include |  5 +++
 tests/prom-env-test.c  | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 95 insertions(+)
 create mode 100644 tests/prom-env-test.c

Comments

David Gibson June 15, 2016, 3:10 a.m. UTC | #1 
On Tue, Jun 14, 2016 at 03:57:56PM +0200, Thomas Huth wrote:
> Since the mac99 and g3beige PowerPC machines recently broke without
> being noticed, it would be good to have a tester for "make check"
> that detects such issues immediately. A simple way to test the firmware
> of these machines is to use the "-prom-env" parameter of QEMU. This
> parameter can be used to put some Forth code into the 'boot-command'
> firmware variable which then can signal success to the tester by
> writing a magic value to a known memory location. And since some of the
> Sparc machines are also using OpenBIOS, they are now tested with this
> prom-env-tester, too.
> 
> Reviewed-by: Markus Armbruster <armbru@redhat.com>
> Signed-off-by: Thomas Huth <thuth@redhat.com>
> ---
>  v2: Removed unnecessary include statements (as suggested by Markus)

Beautiful, I've applied this to ppc-for-2.7, assuming I don't get an
objection to taking this through my tree.

> 
>  tests/Makefile.include |  5 +++
>  tests/prom-env-test.c  | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 95 insertions(+)
>  create mode 100644 tests/prom-env-test.c
> 
> diff --git a/tests/Makefile.include b/tests/Makefile.include
> index 7d63d16..f95a3ca 100644
> --- a/tests/Makefile.include
> +++ b/tests/Makefile.include
> @@ -258,6 +258,10 @@ check-qtest-ppc-y += tests/boot-order-test$(EXESUF)
>  check-qtest-ppc64-y += tests/boot-order-test$(EXESUF)
>  check-qtest-ppc64-y += tests/spapr-phb-test$(EXESUF)
>  gcov-files-ppc64-y += ppc64-softmmu/hw/ppc/spapr_pci.c
> +check-qtest-ppc-y = tests/prom-env-test$(EXESUF)
> +check-qtest-ppc64-y = tests/prom-env-test$(EXESUF)
> +check-qtest-sparc-y = tests/prom-env-test$(EXESUF)
> +check-qtest-sparc64-y = tests/prom-env-test$(EXESUF)
>  check-qtest-microblazeel-y = $(check-qtest-microblaze-y)
>  check-qtest-xtensaeb-y = $(check-qtest-xtensa-y)
>  
> @@ -549,6 +553,7 @@ tests/rtc-test$(EXESUF): tests/rtc-test.o
>  tests/m48t59-test$(EXESUF): tests/m48t59-test.o
>  tests/endianness-test$(EXESUF): tests/endianness-test.o
>  tests/spapr-phb-test$(EXESUF): tests/spapr-phb-test.o $(libqos-obj-y)
> +tests/prom-env-test$(EXESUF): tests/prom-env-test.o $(libqos-obj-y)
>  tests/fdc-test$(EXESUF): tests/fdc-test.o
>  tests/ide-test$(EXESUF): tests/ide-test.o $(libqos-pc-obj-y)
>  tests/ahci-test$(EXESUF): tests/ahci-test.o $(libqos-pc-obj-y)
> diff --git a/tests/prom-env-test.c b/tests/prom-env-test.c
> new file mode 100644
> index 0000000..6df57d2
> --- /dev/null
> +++ b/tests/prom-env-test.c
> @@ -0,0 +1,90 @@
> +/*
> + * Test OpenBIOS-based machines.
> + *
> + * Copyright (c) 2016 Red Hat Inc.
> + *
> + * Author:
> + *    Thomas Huth <thuth@redhat.com>
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2
> + * or later. See the COPYING file in the top-level directory.
> + *
> + * This test is used to check that some OpenBIOS machines can be started
> + * successfully in TCG mode. To do this, we first put some Forth code into
> + * the "boot-command" Open Firmware environment variable. This Forth code
> + * writes a well-known magic value to a known location in memory. Then we
> + * start the guest so that OpenBIOS can boot and finally run the Forth code.
> + * The testing code here then can finally check whether the value has been
> + * successfully written into the guest memory.
> + */
> +
> +#include "qemu/osdep.h"
> +#include "libqtest.h"
> +
> +#define MAGIC   0xcafec0de
> +#define ADDRESS 0x4000
> +
> +static void check_guest_memory(void)
> +{
> +    uint32_t signature;
> +    int i;
> +
> +    /* Poll until code has run and modified memory. Wait at most 30 seconds */
> +    for (i = 0; i < 3000; ++i) {
> +        signature = readl(ADDRESS);
> +        if (signature == MAGIC) {
> +            break;
> +        }
> +        g_usleep(10000);
> +    }
> +
> +    g_assert_cmphex(signature, ==, MAGIC);
> +}
> +
> +static void test_machine(const void *machine)
> +{
> +    char *args;
> +
> +    args = g_strdup_printf("-M %s,accel=tcg -prom-env 'boot-command=%x %x l!'",
> +                           (const char *)machine, MAGIC, ADDRESS);
> +
> +    qtest_start(args);
> +    check_guest_memory();
> +    qtest_quit(global_qtest);
> +
> +    g_free(args);
> +}
> +
> +static void add_tests(const char *machines[])
> +{
> +    int i;
> +    char *name;
> +
> +    for (i = 0; machines[i] != NULL; i++) {
> +        name = g_strdup_printf("prom-env/%s", machines[i]);
> +        qtest_add_data_func(name, machines[i], test_machine);
> +        g_free(name);
> +    }
> +}
> +
> +int main(int argc, char *argv[])
> +{
> +    const char *sparc_machines[] = { "SPARCbook", "Voyager", "SS-20", NULL };
> +    const char *sparc64_machines[] = { "sun4u", "sun4v", NULL };
> +    const char *mac_machines[] = { "mac99", "g3beige", NULL };
> +    const char *arch = qtest_get_arch();
> +
> +    g_test_init(&argc, &argv, NULL);
> +
> +    if (!strcmp(arch, "ppc") || !strcmp(arch, "ppc64")) {
> +        add_tests(mac_machines);
> +    } else if (!strcmp(arch, "sparc")) {
> +        add_tests(sparc_machines);
> +    } else if (!strcmp(arch, "sparc64")) {
> +        add_tests(sparc64_machines);
> +    } else {
> +        g_assert_not_reached();
> +    }
> +
> +    return g_test_run();
> +}
David Gibson June 17, 2016, 6:07 a.m. UTC | #2 
On Wed, Jun 15, 2016 at 01:10:18PM +1000, David Gibson wrote:
> On Tue, Jun 14, 2016 at 03:57:56PM +0200, Thomas Huth wrote:
> > Since the mac99 and g3beige PowerPC machines recently broke without
> > being noticed, it would be good to have a tester for "make check"
> > that detects such issues immediately. A simple way to test the firmware
> > of these machines is to use the "-prom-env" parameter of QEMU. This
> > parameter can be used to put some Forth code into the 'boot-command'
> > firmware variable which then can signal success to the tester by
> > writing a magic value to a known memory location. And since some of the
> > Sparc machines are also using OpenBIOS, they are now tested with this
> > prom-env-tester, too.
> > 
> > Reviewed-by: Markus Armbruster <armbru@redhat.com>
> > Signed-off-by: Thomas Huth <thuth@redhat.com>
> > ---
> >  v2: Removed unnecessary include statements (as suggested by Markus)
> 
> Beautiful, I've applied this to ppc-for-2.7, assuming I don't get an
> objection to taking this through my tree.

Ugh.. turns out this fails on sparc64 target on a 32-bit x86 host.
Specifically it trips the tcg_abort() at the end of tcg_reg_alloc()
(tcg/tcg.c).

I'm reasonably confident this is a pre-existing bug, just triggered by
this test, but in the interests of getting this up and running on the
platforms where it is working, I've disabled the testcase on sparc64
for now.

Mark, if you could debug the sparc64-on-i386 failure at some point,
that would be helpful.
Thomas Huth June 17, 2016, 6:49 a.m. UTC | #3 
On 17.06.2016 08:07, David Gibson wrote:
> On Wed, Jun 15, 2016 at 01:10:18PM +1000, David Gibson wrote:
>> On Tue, Jun 14, 2016 at 03:57:56PM +0200, Thomas Huth wrote:
>>> Since the mac99 and g3beige PowerPC machines recently broke without
>>> being noticed, it would be good to have a tester for "make check"
>>> that detects such issues immediately. A simple way to test the firmware
>>> of these machines is to use the "-prom-env" parameter of QEMU. This
>>> parameter can be used to put some Forth code into the 'boot-command'
>>> firmware variable which then can signal success to the tester by
>>> writing a magic value to a known memory location. And since some of the
>>> Sparc machines are also using OpenBIOS, they are now tested with this
>>> prom-env-tester, too.
>>>
>>> Reviewed-by: Markus Armbruster <armbru@redhat.com>
>>> Signed-off-by: Thomas Huth <thuth@redhat.com>
>>> ---
>>>  v2: Removed unnecessary include statements (as suggested by Markus)
>>
>> Beautiful, I've applied this to ppc-for-2.7, assuming I don't get an
>> objection to taking this through my tree.
> 
> Ugh.. turns out this fails on sparc64 target on a 32-bit x86 host.
> Specifically it trips the tcg_abort() at the end of tcg_reg_alloc()
> (tcg/tcg.c).

Looks like the test is already doing its job well ;-)

> I'm reasonably confident this is a pre-existing bug, just triggered by
> this test, but in the interests of getting this up and running on the
> platforms where it is working, I've disabled the testcase on sparc64
> for now.

Ok, makes sense to disable this for now. I also just compiled the QEMU
sources with -m32, and for me it is also failing when I run QEMU
manually without the test-wrapper - but it's triggering a segfault
here instead:

$ gdb --args sparc64-softmmu/qemu-system-sparc64 -nographic
[...]
(gdb) r
Starting program: qemu-build32/sparc64-softmmu/qemu-system-sparc64 -nographic
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0xf7a82b40 (LWP 4860)]
[New Thread 0xf4beab40 (LWP 4861)]
OpenBIOS for Sparc64
Inconsistency for register %eax:
reg state:
      _frame: %esp
         env: %ebp
     regwptr: %edx
         xcc: 76892(%ebp)
         asi: 76896(%ebp)
        fprs: 77188(%ebp)
     softint: 77380(%ebp)
       cc_op: 116(%ebp)
         psr: 128(%ebp)
       gsr_1: 77220(%ebp)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xf4beab40 (LWP 4861)]
0x5698cd4b in pstrcpy (buf=0xf4be9dcc "gsr_1", buf_size=64, str=0x1 <Address 0x1 out of bounds>)
    at qemu/util/cutils.c:50
50	        c = *str++;
Missing separate debuginfos, use: debuginfo-install glib2-2.42.2-5.el7.i686 glibc-2.17-106.el7_2.6.i686 libgcc-4.8.5-4.el7.i686 libstdc++-4.8.5-4.el7.i686 pixman-0.32.6-3.el7.i686 zlib-1.2.7-15.el7.i686
(gdb) bt
#0  0x5698cd4b in pstrcpy (buf=0xf4be9dcc "gsr_1", buf_size=64, str=0x1 <Address 0x1 out of bounds>)
    at qemu/util/cutils.c:50
#1  0x5660e916 in tcg_get_arg_str_ptr (s=0x56c6bba0 <tcg_ctx>, buf=0xf4be9dcc "gsr_1", buf_size=64, 
    ts=0x56c6be60 <tcg_ctx+704>) at qemu/tcg/tcg.c:939
#2  0x5660ea08 in tcg_get_arg_str_idx (s=0x56c6bba0 <tcg_ctx>, buf=0xf4be9dcc "gsr_1", buf_size=64, idx=10)
    at qemu/tcg/tcg.c:952
#3  0x56610389 in dump_regs (s=0x56c6bba0 <tcg_ctx>) at qemu/tcg/tcg.c:1598
#4  0x56610632 in check_regs (s=0x56c6bba0 <tcg_ctx>) at qemu/tcg/tcg.c:1654
#5  0x56612731 in tcg_gen_code (s=0x56c6bba0 <tcg_ctx>, tb=0xf4bf83b4) at qemu/tcg/tcg.c:2458
#6  0x56605ef0 in tb_gen_code (cpu=0x570ccde0, pc=4291974856, cs_base=4291974860, flags=7, cflags=0)
    at qemu/translate-all.c:1214
#7  0x56607e6e in tb_find_slow (cpu=0x570ccde0, pc=4291974856, cs_base=4291974860, flags=7)
    at qemu/cpu-exec.c:310
#8  0x56607fe8 in tb_find_fast (cpu=0x570ccde0, last_tb=0xf4bea084, tb_exit=1) at qemu/cpu-exec.c:339
#9  0x5660880c in cpu_sparc_exec (cpu=0x570ccde0) at qemu/cpu-exec.c:625
#10 0x5663be6b in tcg_cpu_exec (cpu=0x570ccde0) at qemu/cpus.c:1541
#11 0x5663bf76 in tcg_exec_all () at qemu/cpus.c:1574
#12 0x5663b27b in qemu_tcg_cpu_thread_fn (arg=0x570ccde0) at qemu/cpus.c:1171
#13 0xf7c4ab2c in start_thread () from /lib/libpthread.so.0
#14 0xf7b7d77e in clone () from /lib/libc.so.6

 Thomas
Mark Cave-Ayland June 17, 2016, 11:27 a.m. UTC | #4 
On 17/06/16 07:07, David Gibson wrote:

> On Wed, Jun 15, 2016 at 01:10:18PM +1000, David Gibson wrote:
>> On Tue, Jun 14, 2016 at 03:57:56PM +0200, Thomas Huth wrote:
>>> Since the mac99 and g3beige PowerPC machines recently broke without
>>> being noticed, it would be good to have a tester for "make check"
>>> that detects such issues immediately. A simple way to test the firmware
>>> of these machines is to use the "-prom-env" parameter of QEMU. This
>>> parameter can be used to put some Forth code into the 'boot-command'
>>> firmware variable which then can signal success to the tester by
>>> writing a magic value to a known memory location. And since some of the
>>> Sparc machines are also using OpenBIOS, they are now tested with this
>>> prom-env-tester, too.
>>>
>>> Reviewed-by: Markus Armbruster <armbru@redhat.com>
>>> Signed-off-by: Thomas Huth <thuth@redhat.com>
>>> ---
>>>  v2: Removed unnecessary include statements (as suggested by Markus)
>>
>> Beautiful, I've applied this to ppc-for-2.7, assuming I don't get an
>> objection to taking this through my tree.
> 
> Ugh.. turns out this fails on sparc64 target on a 32-bit x86 host.
> Specifically it trips the tcg_abort() at the end of tcg_reg_alloc()
> (tcg/tcg.c).
> 
> I'm reasonably confident this is a pre-existing bug, just triggered by
> this test, but in the interests of getting this up and running on the
> platforms where it is working, I've disabled the testcase on sparc64
> for now.
> 
> Mark, if you could debug the sparc64-on-i386 failure at some point,
> that would be helpful.

I'm a little tied up until next week, however I was able to reproduce on
a local i386 VM and get a stack trace:


$ gdb --args ./qemu-system-sparc64 -nographic
GNU gdb (Debian 7.10-1.1) 7.10
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./qemu-system-sparc64...done.
(gdb) r
Starting program: /home/build/rel-qemu-git/bin/qemu-system-sparc64
-nographic
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
[New Thread 0xb7989b40 (LWP 27497)]
[New Thread 0xb4af1b40 (LWP 27498)]
OpenBIOS for Sparc64
Configuration device id QEMU version 1 machine id 0
kernel cmdline
CPUs: 1 x SUNW,UltraSPARC-IIi
UUID: 00000000-0000-0000-0000-000000000000
/home/build/src/qemu/tcg/tcg.c:1743: tcg fatal error

Program received signal SIGABRT, Aborted.
[Switching to Thread 0xb4af1b40 (LWP 27498)]
0xb7fdadad in __kernel_vsyscall ()
(gdb) bt
#0  0xb7fdadad in __kernel_vsyscall ()
#1  0xb7a2ee26 in __GI_raise (sig=6) at
../sysdeps/unix/sysv/linux/raise.c:55
#2  0xb7a303f7 in __GI_abort () at abort.c:89
#3  0x08061776 in tcg_reg_alloc (s=0x8637780 <tcg_ctx>,
desired_regs=255, allocated_regs=255, rev=true) at
/home/build/src/qemu/tcg/tcg.c:1743
#4  0x0806181a in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637978
<tcg_ctx+504>, desired_regs=255, allocated_regs=255) at
/home/build/src/qemu/tcg/tcg.c:1762
#5  0x080615e0 in tcg_reg_sync (s=0x8637780 <tcg_ctx>, reg=TCG_REG_EAX,
allocated_regs=255) at /home/build/src/qemu/tcg/tcg.c:1694
#6  0x08061653 in tcg_reg_free (s=0x8637780 <tcg_ctx>, reg=TCG_REG_EAX,
allocated_regs=254) at /home/build/src/qemu/tcg/tcg.c:1709
#7  0x08061740 in tcg_reg_alloc (s=0x8637780 <tcg_ctx>,
desired_regs=255, allocated_regs=254, rev=true) at
/home/build/src/qemu/tcg/tcg.c:1738
#8  0x0806181a in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637978
<tcg_ctx+504>, desired_regs=255, allocated_regs=254) at
/home/build/src/qemu/tcg/tcg.c:1762
#9  0x080615e0 in tcg_reg_sync (s=0x8637780 <tcg_ctx>, reg=TCG_REG_ECX,
allocated_regs=254) at /home/build/src/qemu/tcg/tcg.c:1694
#10 0x08061653 in tcg_reg_free (s=0x8637780 <tcg_ctx>, reg=TCG_REG_ECX,
allocated_regs=252) at /home/build/src/qemu/tcg/tcg.c:1709
#11 0x08061740 in tcg_reg_alloc (s=0x8637780 <tcg_ctx>,
desired_regs=255, allocated_regs=252, rev=true) at
/home/build/src/qemu/tcg/tcg.c:1738
#12 0x0806181a in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637978
<tcg_ctx+504>, desired_regs=255, allocated_regs=252) at
/home/build/src/qemu/tcg/tcg.c:1762
#13 0x08061858 in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637f48
<tcg_ctx+1992>, desired_regs=255, allocated_regs=252) at
/home/build/src/qemu/tcg/tcg.c:1765
#14 0x0806220f in tcg_reg_alloc_op (s=0x8637780 <tcg_ctx>, def=0x859c150
<tcg_op_defs+720>, opc=INDEX_op_sub2_i32, args=0x863be54
<tcg_ctx+18132>, dead_args=60, sync_args=0 '\000') at
/home/build/src/qemu/tcg/tcg.c:2050
#15 0x08063156 in tcg_gen_code (s=0x8637780 <tcg_ctx>, tb=0xb4b14d90) at
/home/build/src/qemu/tcg/tcg.c:2454
#16 0x08058cb4 in tb_gen_code (cpu=0x8a9e370, pc=4291901680,
cs_base=4291901684, flags=7, cflags=0) at
/home/build/src/qemu/translate-all.c:1212
#17 0x0805a8c5 in tb_find_slow (cpu=0x8a9e370, pc=4291901680,
cs_base=4291901684, flags=7) at /home/build/src/qemu/cpu-exec.c:310
#18 0x0805aa1e in tb_find_fast (cpu=0x8a9e370, last_tb=0xb4af1044,
tb_exit=1) at /home/build/src/qemu/cpu-exec.c:339
#19 0x0805b189 in cpu_sparc_exec (cpu=0x8a9e370) at
/home/build/src/qemu/cpu-exec.c:625
#20 0x0808666d in tcg_cpu_exec (cpu=0x8a9e370) at
/home/build/src/qemu/cpus.c:1541
#21 0x0808675b in tcg_exec_all () at /home/build/src/qemu/cpus.c:1574
#22 0x08085c29 in qemu_tcg_cpu_thread_fn (arg=0x8a9e370) at
/home/build/src/qemu/cpus.c:1171
#23 0xb7bc12de in start_thread (arg=0xb4af1b40) at pthread_create.c:334
#24 0xb7aeb23e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:122
(gdb)


I've added Richard as CC since it looks like this is something in the
TCG core.


ATB,

Mark.
Artyom Tarasenko June 17, 2016, 11:36 a.m. UTC | #5 
Hi Mark,

On Fri, Jun 17, 2016 at 1:27 PM, Mark Cave-Ayland
<mark.cave-ayland@ilande.co.uk> wrote:
> On 17/06/16 07:07, David Gibson wrote:
>
>> On Wed, Jun 15, 2016 at 01:10:18PM +1000, David Gibson wrote:
>>> On Tue, Jun 14, 2016 at 03:57:56PM +0200, Thomas Huth wrote:
>>>> Since the mac99 and g3beige PowerPC machines recently broke without
>>>> being noticed, it would be good to have a tester for "make check"
>>>> that detects such issues immediately. A simple way to test the firmware
>>>> of these machines is to use the "-prom-env" parameter of QEMU. This
>>>> parameter can be used to put some Forth code into the 'boot-command'
>>>> firmware variable which then can signal success to the tester by
>>>> writing a magic value to a known memory location. And since some of the
>>>> Sparc machines are also using OpenBIOS, they are now tested with this
>>>> prom-env-tester, too.
>>>>
>>>> Reviewed-by: Markus Armbruster <armbru@redhat.com>
>>>> Signed-off-by: Thomas Huth <thuth@redhat.com>
>>>> ---
>>>>  v2: Removed unnecessary include statements (as suggested by Markus)
>>>
>>> Beautiful, I've applied this to ppc-for-2.7, assuming I don't get an
>>> objection to taking this through my tree.
>>
>> Ugh.. turns out this fails on sparc64 target on a 32-bit x86 host.
>> Specifically it trips the tcg_abort() at the end of tcg_reg_alloc()
>> (tcg/tcg.c).
>>
>> I'm reasonably confident this is a pre-existing bug, just triggered by
>> this test, but in the interests of getting this up and running on the
>> platforms where it is working, I've disabled the testcase on sparc64
>> for now.
>>
>> Mark, if you could debug the sparc64-on-i386 failure at some point,
>> that would be helpful.
>
> I'm a little tied up until next week, however I was able to reproduce on
> a local i386 VM and get a stack trace:
>
>
> $ gdb --args ./qemu-system-sparc64 -nographic
> GNU gdb (Debian 7.10-1.1) 7.10
> Copyright (C) 2015 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later
> <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "i686-linux-gnu".
> Type "show configuration" for configuration details.
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>.
> Find the GDB manual and other documentation resources online at:
> <http://www.gnu.org/software/gdb/documentation/>.
> For help, type "help".
> Type "apropos word" to search for commands related to "word"...
> Reading symbols from ./qemu-system-sparc64...done.
> (gdb) r
> Starting program: /home/build/rel-qemu-git/bin/qemu-system-sparc64
> -nographic
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
> [New Thread 0xb7989b40 (LWP 27497)]
> [New Thread 0xb4af1b40 (LWP 27498)]
> OpenBIOS for Sparc64
> Configuration device id QEMU version 1 machine id 0
> kernel cmdline
> CPUs: 1 x SUNW,UltraSPARC-IIi
> UUID: 00000000-0000-0000-0000-000000000000
> /home/build/src/qemu/tcg/tcg.c:1743: tcg fatal error
>
> Program received signal SIGABRT, Aborted.
> [Switching to Thread 0xb4af1b40 (LWP 27498)]
> 0xb7fdadad in __kernel_vsyscall ()
> (gdb) bt
> #0  0xb7fdadad in __kernel_vsyscall ()
> #1  0xb7a2ee26 in __GI_raise (sig=6) at
> ../sysdeps/unix/sysv/linux/raise.c:55
> #2  0xb7a303f7 in __GI_abort () at abort.c:89
> #3  0x08061776 in tcg_reg_alloc (s=0x8637780 <tcg_ctx>,
> desired_regs=255, allocated_regs=255, rev=true) at
> /home/build/src/qemu/tcg/tcg.c:1743
> #4  0x0806181a in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637978
> <tcg_ctx+504>, desired_regs=255, allocated_regs=255) at
> /home/build/src/qemu/tcg/tcg.c:1762
> #5  0x080615e0 in tcg_reg_sync (s=0x8637780 <tcg_ctx>, reg=TCG_REG_EAX,
> allocated_regs=255) at /home/build/src/qemu/tcg/tcg.c:1694
> #6  0x08061653 in tcg_reg_free (s=0x8637780 <tcg_ctx>, reg=TCG_REG_EAX,
> allocated_regs=254) at /home/build/src/qemu/tcg/tcg.c:1709
> #7  0x08061740 in tcg_reg_alloc (s=0x8637780 <tcg_ctx>,
> desired_regs=255, allocated_regs=254, rev=true) at
> /home/build/src/qemu/tcg/tcg.c:1738
> #8  0x0806181a in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637978
> <tcg_ctx+504>, desired_regs=255, allocated_regs=254) at
> /home/build/src/qemu/tcg/tcg.c:1762
> #9  0x080615e0 in tcg_reg_sync (s=0x8637780 <tcg_ctx>, reg=TCG_REG_ECX,
> allocated_regs=254) at /home/build/src/qemu/tcg/tcg.c:1694
> #10 0x08061653 in tcg_reg_free (s=0x8637780 <tcg_ctx>, reg=TCG_REG_ECX,
> allocated_regs=252) at /home/build/src/qemu/tcg/tcg.c:1709
> #11 0x08061740 in tcg_reg_alloc (s=0x8637780 <tcg_ctx>,
> desired_regs=255, allocated_regs=252, rev=true) at
> /home/build/src/qemu/tcg/tcg.c:1738
> #12 0x0806181a in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637978
> <tcg_ctx+504>, desired_regs=255, allocated_regs=252) at
> /home/build/src/qemu/tcg/tcg.c:1762
> #13 0x08061858 in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637f48
> <tcg_ctx+1992>, desired_regs=255, allocated_regs=252) at
> /home/build/src/qemu/tcg/tcg.c:1765
> #14 0x0806220f in tcg_reg_alloc_op (s=0x8637780 <tcg_ctx>, def=0x859c150
> <tcg_op_defs+720>, opc=INDEX_op_sub2_i32, args=0x863be54
> <tcg_ctx+18132>, dead_args=60, sync_args=0 '\000') at
> /home/build/src/qemu/tcg/tcg.c:2050
> #15 0x08063156 in tcg_gen_code (s=0x8637780 <tcg_ctx>, tb=0xb4b14d90) at
> /home/build/src/qemu/tcg/tcg.c:2454
> #16 0x08058cb4 in tb_gen_code (cpu=0x8a9e370, pc=4291901680,
> cs_base=4291901684, flags=7, cflags=0) at
> /home/build/src/qemu/translate-all.c:1212
> #17 0x0805a8c5 in tb_find_slow (cpu=0x8a9e370, pc=4291901680,
> cs_base=4291901684, flags=7) at /home/build/src/qemu/cpu-exec.c:310
> #18 0x0805aa1e in tb_find_fast (cpu=0x8a9e370, last_tb=0xb4af1044,
> tb_exit=1) at /home/build/src/qemu/cpu-exec.c:339
> #19 0x0805b189 in cpu_sparc_exec (cpu=0x8a9e370) at
> /home/build/src/qemu/cpu-exec.c:625
> #20 0x0808666d in tcg_cpu_exec (cpu=0x8a9e370) at
> /home/build/src/qemu/cpus.c:1541
> #21 0x0808675b in tcg_exec_all () at /home/build/src/qemu/cpus.c:1574
> #22 0x08085c29 in qemu_tcg_cpu_thread_fn (arg=0x8a9e370) at
> /home/build/src/qemu/cpus.c:1171
> #23 0xb7bc12de in start_thread (arg=0xb4af1b40) at pthread_create.c:334
> #24 0xb7aeb23e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:122
> (gdb)
>
>
> I've added Richard as CC since it looks like this is something in the
> TCG core.

While you are at it, can you please check, whether  -singlestep option
chanes anything at all?
It may help to see if the bug has to do with the TCG optimizer.

Artyom
Mark Cave-Ayland June 17, 2016, 12:44 p.m. UTC | #6 
On 17/06/16 12:36, Artyom Tarasenko wrote:

> Hi Mark,
> 
> On Fri, Jun 17, 2016 at 1:27 PM, Mark Cave-Ayland
> <mark.cave-ayland@ilande.co.uk> wrote:
>> On 17/06/16 07:07, David Gibson wrote:
>>
>>> On Wed, Jun 15, 2016 at 01:10:18PM +1000, David Gibson wrote:
>>>> On Tue, Jun 14, 2016 at 03:57:56PM +0200, Thomas Huth wrote:
>>>>> Since the mac99 and g3beige PowerPC machines recently broke without
>>>>> being noticed, it would be good to have a tester for "make check"
>>>>> that detects such issues immediately. A simple way to test the firmware
>>>>> of these machines is to use the "-prom-env" parameter of QEMU. This
>>>>> parameter can be used to put some Forth code into the 'boot-command'
>>>>> firmware variable which then can signal success to the tester by
>>>>> writing a magic value to a known memory location. And since some of the
>>>>> Sparc machines are also using OpenBIOS, they are now tested with this
>>>>> prom-env-tester, too.
>>>>>
>>>>> Reviewed-by: Markus Armbruster <armbru@redhat.com>
>>>>> Signed-off-by: Thomas Huth <thuth@redhat.com>
>>>>> ---
>>>>>  v2: Removed unnecessary include statements (as suggested by Markus)
>>>>
>>>> Beautiful, I've applied this to ppc-for-2.7, assuming I don't get an
>>>> objection to taking this through my tree.
>>>
>>> Ugh.. turns out this fails on sparc64 target on a 32-bit x86 host.
>>> Specifically it trips the tcg_abort() at the end of tcg_reg_alloc()
>>> (tcg/tcg.c).
>>>
>>> I'm reasonably confident this is a pre-existing bug, just triggered by
>>> this test, but in the interests of getting this up and running on the
>>> platforms where it is working, I've disabled the testcase on sparc64
>>> for now.
>>>
>>> Mark, if you could debug the sparc64-on-i386 failure at some point,
>>> that would be helpful.
>>
>> I'm a little tied up until next week, however I was able to reproduce on
>> a local i386 VM and get a stack trace:
>>
>>
>> $ gdb --args ./qemu-system-sparc64 -nographic
>> GNU gdb (Debian 7.10-1.1) 7.10
>> Copyright (C) 2015 Free Software Foundation, Inc.
>> License GPLv3+: GNU GPL version 3 or later
>> <http://gnu.org/licenses/gpl.html>
>> This is free software: you are free to change and redistribute it.
>> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
>> and "show warranty" for details.
>> This GDB was configured as "i686-linux-gnu".
>> Type "show configuration" for configuration details.
>> For bug reporting instructions, please see:
>> <http://www.gnu.org/software/gdb/bugs/>.
>> Find the GDB manual and other documentation resources online at:
>> <http://www.gnu.org/software/gdb/documentation/>.
>> For help, type "help".
>> Type "apropos word" to search for commands related to "word"...
>> Reading symbols from ./qemu-system-sparc64...done.
>> (gdb) r
>> Starting program: /home/build/rel-qemu-git/bin/qemu-system-sparc64
>> -nographic
>> [Thread debugging using libthread_db enabled]
>> Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
>> [New Thread 0xb7989b40 (LWP 27497)]
>> [New Thread 0xb4af1b40 (LWP 27498)]
>> OpenBIOS for Sparc64
>> Configuration device id QEMU version 1 machine id 0
>> kernel cmdline
>> CPUs: 1 x SUNW,UltraSPARC-IIi
>> UUID: 00000000-0000-0000-0000-000000000000
>> /home/build/src/qemu/tcg/tcg.c:1743: tcg fatal error
>>
>> Program received signal SIGABRT, Aborted.
>> [Switching to Thread 0xb4af1b40 (LWP 27498)]
>> 0xb7fdadad in __kernel_vsyscall ()
>> (gdb) bt
>> #0  0xb7fdadad in __kernel_vsyscall ()
>> #1  0xb7a2ee26 in __GI_raise (sig=6) at
>> ../sysdeps/unix/sysv/linux/raise.c:55
>> #2  0xb7a303f7 in __GI_abort () at abort.c:89
>> #3  0x08061776 in tcg_reg_alloc (s=0x8637780 <tcg_ctx>,
>> desired_regs=255, allocated_regs=255, rev=true) at
>> /home/build/src/qemu/tcg/tcg.c:1743
>> #4  0x0806181a in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637978
>> <tcg_ctx+504>, desired_regs=255, allocated_regs=255) at
>> /home/build/src/qemu/tcg/tcg.c:1762
>> #5  0x080615e0 in tcg_reg_sync (s=0x8637780 <tcg_ctx>, reg=TCG_REG_EAX,
>> allocated_regs=255) at /home/build/src/qemu/tcg/tcg.c:1694
>> #6  0x08061653 in tcg_reg_free (s=0x8637780 <tcg_ctx>, reg=TCG_REG_EAX,
>> allocated_regs=254) at /home/build/src/qemu/tcg/tcg.c:1709
>> #7  0x08061740 in tcg_reg_alloc (s=0x8637780 <tcg_ctx>,
>> desired_regs=255, allocated_regs=254, rev=true) at
>> /home/build/src/qemu/tcg/tcg.c:1738
>> #8  0x0806181a in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637978
>> <tcg_ctx+504>, desired_regs=255, allocated_regs=254) at
>> /home/build/src/qemu/tcg/tcg.c:1762
>> #9  0x080615e0 in tcg_reg_sync (s=0x8637780 <tcg_ctx>, reg=TCG_REG_ECX,
>> allocated_regs=254) at /home/build/src/qemu/tcg/tcg.c:1694
>> #10 0x08061653 in tcg_reg_free (s=0x8637780 <tcg_ctx>, reg=TCG_REG_ECX,
>> allocated_regs=252) at /home/build/src/qemu/tcg/tcg.c:1709
>> #11 0x08061740 in tcg_reg_alloc (s=0x8637780 <tcg_ctx>,
>> desired_regs=255, allocated_regs=252, rev=true) at
>> /home/build/src/qemu/tcg/tcg.c:1738
>> #12 0x0806181a in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637978
>> <tcg_ctx+504>, desired_regs=255, allocated_regs=252) at
>> /home/build/src/qemu/tcg/tcg.c:1762
>> #13 0x08061858 in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637f48
>> <tcg_ctx+1992>, desired_regs=255, allocated_regs=252) at
>> /home/build/src/qemu/tcg/tcg.c:1765
>> #14 0x0806220f in tcg_reg_alloc_op (s=0x8637780 <tcg_ctx>, def=0x859c150
>> <tcg_op_defs+720>, opc=INDEX_op_sub2_i32, args=0x863be54
>> <tcg_ctx+18132>, dead_args=60, sync_args=0 '\000') at
>> /home/build/src/qemu/tcg/tcg.c:2050
>> #15 0x08063156 in tcg_gen_code (s=0x8637780 <tcg_ctx>, tb=0xb4b14d90) at
>> /home/build/src/qemu/tcg/tcg.c:2454
>> #16 0x08058cb4 in tb_gen_code (cpu=0x8a9e370, pc=4291901680,
>> cs_base=4291901684, flags=7, cflags=0) at
>> /home/build/src/qemu/translate-all.c:1212
>> #17 0x0805a8c5 in tb_find_slow (cpu=0x8a9e370, pc=4291901680,
>> cs_base=4291901684, flags=7) at /home/build/src/qemu/cpu-exec.c:310
>> #18 0x0805aa1e in tb_find_fast (cpu=0x8a9e370, last_tb=0xb4af1044,
>> tb_exit=1) at /home/build/src/qemu/cpu-exec.c:339
>> #19 0x0805b189 in cpu_sparc_exec (cpu=0x8a9e370) at
>> /home/build/src/qemu/cpu-exec.c:625
>> #20 0x0808666d in tcg_cpu_exec (cpu=0x8a9e370) at
>> /home/build/src/qemu/cpus.c:1541
>> #21 0x0808675b in tcg_exec_all () at /home/build/src/qemu/cpus.c:1574
>> #22 0x08085c29 in qemu_tcg_cpu_thread_fn (arg=0x8a9e370) at
>> /home/build/src/qemu/cpus.c:1171
>> #23 0xb7bc12de in start_thread (arg=0xb4af1b40) at pthread_create.c:334
>> #24 0xb7aeb23e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:122
>> (gdb)
>>
>>
>> I've added Richard as CC since it looks like this is something in the
>> TCG core.
> 
> While you are at it, can you please check, whether  -singlestep option
> chanes anything at all?
> It may help to see if the bug has to do with the TCG optimizer.

Adding -singlestep seems to cause OpenBIOS to hang after displaying the
initial banner here. Is this similar to -icount which is currently not
working under SPARC64?


ATB,

Mark.
Artyom Tarasenko June 17, 2016, 12:57 p.m. UTC | #7 
On Fri, Jun 17, 2016 at 2:44 PM, Mark Cave-Ayland
<mark.cave-ayland@ilande.co.uk> wrote:
> On 17/06/16 12:36, Artyom Tarasenko wrote:
>
>> Hi Mark,
>>
>> On Fri, Jun 17, 2016 at 1:27 PM, Mark Cave-Ayland
>> <mark.cave-ayland@ilande.co.uk> wrote:
>>> On 17/06/16 07:07, David Gibson wrote:
>>>
>>>> On Wed, Jun 15, 2016 at 01:10:18PM +1000, David Gibson wrote:
>>>>> On Tue, Jun 14, 2016 at 03:57:56PM +0200, Thomas Huth wrote:
>>>>>> Since the mac99 and g3beige PowerPC machines recently broke without
>>>>>> being noticed, it would be good to have a tester for "make check"
>>>>>> that detects such issues immediately. A simple way to test the firmware
>>>>>> of these machines is to use the "-prom-env" parameter of QEMU. This
>>>>>> parameter can be used to put some Forth code into the 'boot-command'
>>>>>> firmware variable which then can signal success to the tester by
>>>>>> writing a magic value to a known memory location. And since some of the
>>>>>> Sparc machines are also using OpenBIOS, they are now tested with this
>>>>>> prom-env-tester, too.
>>>>>>
>>>>>> Reviewed-by: Markus Armbruster <armbru@redhat.com>
>>>>>> Signed-off-by: Thomas Huth <thuth@redhat.com>
>>>>>> ---
>>>>>>  v2: Removed unnecessary include statements (as suggested by Markus)
>>>>>
>>>>> Beautiful, I've applied this to ppc-for-2.7, assuming I don't get an
>>>>> objection to taking this through my tree.
>>>>
>>>> Ugh.. turns out this fails on sparc64 target on a 32-bit x86 host.
>>>> Specifically it trips the tcg_abort() at the end of tcg_reg_alloc()
>>>> (tcg/tcg.c).
>>>>
>>>> I'm reasonably confident this is a pre-existing bug, just triggered by
>>>> this test, but in the interests of getting this up and running on the
>>>> platforms where it is working, I've disabled the testcase on sparc64
>>>> for now.
>>>>
>>>> Mark, if you could debug the sparc64-on-i386 failure at some point,
>>>> that would be helpful.
>>>
>>> I'm a little tied up until next week, however I was able to reproduce on
>>> a local i386 VM and get a stack trace:
>>>
>>>
>>> $ gdb --args ./qemu-system-sparc64 -nographic
>>> GNU gdb (Debian 7.10-1.1) 7.10
>>> Copyright (C) 2015 Free Software Foundation, Inc.
>>> License GPLv3+: GNU GPL version 3 or later
>>> <http://gnu.org/licenses/gpl.html>
>>> This is free software: you are free to change and redistribute it.
>>> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
>>> and "show warranty" for details.
>>> This GDB was configured as "i686-linux-gnu".
>>> Type "show configuration" for configuration details.
>>> For bug reporting instructions, please see:
>>> <http://www.gnu.org/software/gdb/bugs/>.
>>> Find the GDB manual and other documentation resources online at:
>>> <http://www.gnu.org/software/gdb/documentation/>.
>>> For help, type "help".
>>> Type "apropos word" to search for commands related to "word"...
>>> Reading symbols from ./qemu-system-sparc64...done.
>>> (gdb) r
>>> Starting program: /home/build/rel-qemu-git/bin/qemu-system-sparc64
>>> -nographic
>>> [Thread debugging using libthread_db enabled]
>>> Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
>>> [New Thread 0xb7989b40 (LWP 27497)]
>>> [New Thread 0xb4af1b40 (LWP 27498)]
>>> OpenBIOS for Sparc64
>>> Configuration device id QEMU version 1 machine id 0
>>> kernel cmdline
>>> CPUs: 1 x SUNW,UltraSPARC-IIi
>>> UUID: 00000000-0000-0000-0000-000000000000
>>> /home/build/src/qemu/tcg/tcg.c:1743: tcg fatal error
>>>
>>> Program received signal SIGABRT, Aborted.
>>> [Switching to Thread 0xb4af1b40 (LWP 27498)]
>>> 0xb7fdadad in __kernel_vsyscall ()
>>> (gdb) bt
>>> #0  0xb7fdadad in __kernel_vsyscall ()
>>> #1  0xb7a2ee26 in __GI_raise (sig=6) at
>>> ../sysdeps/unix/sysv/linux/raise.c:55
>>> #2  0xb7a303f7 in __GI_abort () at abort.c:89
>>> #3  0x08061776 in tcg_reg_alloc (s=0x8637780 <tcg_ctx>,
>>> desired_regs=255, allocated_regs=255, rev=true) at
>>> /home/build/src/qemu/tcg/tcg.c:1743
>>> #4  0x0806181a in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637978
>>> <tcg_ctx+504>, desired_regs=255, allocated_regs=255) at
>>> /home/build/src/qemu/tcg/tcg.c:1762
>>> #5  0x080615e0 in tcg_reg_sync (s=0x8637780 <tcg_ctx>, reg=TCG_REG_EAX,
>>> allocated_regs=255) at /home/build/src/qemu/tcg/tcg.c:1694
>>> #6  0x08061653 in tcg_reg_free (s=0x8637780 <tcg_ctx>, reg=TCG_REG_EAX,
>>> allocated_regs=254) at /home/build/src/qemu/tcg/tcg.c:1709
>>> #7  0x08061740 in tcg_reg_alloc (s=0x8637780 <tcg_ctx>,
>>> desired_regs=255, allocated_regs=254, rev=true) at
>>> /home/build/src/qemu/tcg/tcg.c:1738
>>> #8  0x0806181a in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637978
>>> <tcg_ctx+504>, desired_regs=255, allocated_regs=254) at
>>> /home/build/src/qemu/tcg/tcg.c:1762
>>> #9  0x080615e0 in tcg_reg_sync (s=0x8637780 <tcg_ctx>, reg=TCG_REG_ECX,
>>> allocated_regs=254) at /home/build/src/qemu/tcg/tcg.c:1694
>>> #10 0x08061653 in tcg_reg_free (s=0x8637780 <tcg_ctx>, reg=TCG_REG_ECX,
>>> allocated_regs=252) at /home/build/src/qemu/tcg/tcg.c:1709
>>> #11 0x08061740 in tcg_reg_alloc (s=0x8637780 <tcg_ctx>,
>>> desired_regs=255, allocated_regs=252, rev=true) at
>>> /home/build/src/qemu/tcg/tcg.c:1738
>>> #12 0x0806181a in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637978
>>> <tcg_ctx+504>, desired_regs=255, allocated_regs=252) at
>>> /home/build/src/qemu/tcg/tcg.c:1762
>>> #13 0x08061858 in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637f48
>>> <tcg_ctx+1992>, desired_regs=255, allocated_regs=252) at
>>> /home/build/src/qemu/tcg/tcg.c:1765
>>> #14 0x0806220f in tcg_reg_alloc_op (s=0x8637780 <tcg_ctx>, def=0x859c150
>>> <tcg_op_defs+720>, opc=INDEX_op_sub2_i32, args=0x863be54
>>> <tcg_ctx+18132>, dead_args=60, sync_args=0 '\000') at
>>> /home/build/src/qemu/tcg/tcg.c:2050
>>> #15 0x08063156 in tcg_gen_code (s=0x8637780 <tcg_ctx>, tb=0xb4b14d90) at
>>> /home/build/src/qemu/tcg/tcg.c:2454
>>> #16 0x08058cb4 in tb_gen_code (cpu=0x8a9e370, pc=4291901680,
>>> cs_base=4291901684, flags=7, cflags=0) at
>>> /home/build/src/qemu/translate-all.c:1212
>>> #17 0x0805a8c5 in tb_find_slow (cpu=0x8a9e370, pc=4291901680,
>>> cs_base=4291901684, flags=7) at /home/build/src/qemu/cpu-exec.c:310
>>> #18 0x0805aa1e in tb_find_fast (cpu=0x8a9e370, last_tb=0xb4af1044,
>>> tb_exit=1) at /home/build/src/qemu/cpu-exec.c:339
>>> #19 0x0805b189 in cpu_sparc_exec (cpu=0x8a9e370) at
>>> /home/build/src/qemu/cpu-exec.c:625
>>> #20 0x0808666d in tcg_cpu_exec (cpu=0x8a9e370) at
>>> /home/build/src/qemu/cpus.c:1541
>>> #21 0x0808675b in tcg_exec_all () at /home/build/src/qemu/cpus.c:1574
>>> #22 0x08085c29 in qemu_tcg_cpu_thread_fn (arg=0x8a9e370) at
>>> /home/build/src/qemu/cpus.c:1171
>>> #23 0xb7bc12de in start_thread (arg=0xb4af1b40) at pthread_create.c:334
>>> #24 0xb7aeb23e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:122
>>> (gdb)
>>>
>>>
>>> I've added Richard as CC since it looks like this is something in the
>>> TCG core.
>>
>> While you are at it, can you please check, whether  -singlestep option
>> chanes anything at all?
>> It may help to see if the bug has to do with the TCG optimizer.
>
> Adding -singlestep seems to cause OpenBIOS to hang after displaying the
> initial banner here. Is this similar to -icount which is currently not
> working under SPARC64?

Yes, it is similar, but unlike -icount it is working. It slows down
things quite a bit, but on a x86_64 host I get:

CPUs: 1 x SUNW,UltraSPARC-IIi
UUID: 00000000-0000-0000-0000-000000000000
Welcome to OpenBIOS v1.1 built on Apr 18 2016 08:20
  Type 'help' for detailed information
Trying disk:a...
No valid state has been set by load or init-program
0 >   ok

It takes ~20 seconds to get there though.
Mark Cave-Ayland June 17, 2016, 1:56 p.m. UTC | #8 
On 17/06/16 13:57, Artyom Tarasenko wrote:

> On Fri, Jun 17, 2016 at 2:44 PM, Mark Cave-Ayland
> <mark.cave-ayland@ilande.co.uk> wrote:
>> On 17/06/16 12:36, Artyom Tarasenko wrote:
>>
>>> Hi Mark,
>>>
>>> On Fri, Jun 17, 2016 at 1:27 PM, Mark Cave-Ayland
>>> <mark.cave-ayland@ilande.co.uk> wrote:
>>>> On 17/06/16 07:07, David Gibson wrote:
>>>>
>>>>> On Wed, Jun 15, 2016 at 01:10:18PM +1000, David Gibson wrote:
>>>>>> On Tue, Jun 14, 2016 at 03:57:56PM +0200, Thomas Huth wrote:
>>>>>>> Since the mac99 and g3beige PowerPC machines recently broke without
>>>>>>> being noticed, it would be good to have a tester for "make check"
>>>>>>> that detects such issues immediately. A simple way to test the firmware
>>>>>>> of these machines is to use the "-prom-env" parameter of QEMU. This
>>>>>>> parameter can be used to put some Forth code into the 'boot-command'
>>>>>>> firmware variable which then can signal success to the tester by
>>>>>>> writing a magic value to a known memory location. And since some of the
>>>>>>> Sparc machines are also using OpenBIOS, they are now tested with this
>>>>>>> prom-env-tester, too.
>>>>>>>
>>>>>>> Reviewed-by: Markus Armbruster <armbru@redhat.com>
>>>>>>> Signed-off-by: Thomas Huth <thuth@redhat.com>
>>>>>>> ---
>>>>>>>  v2: Removed unnecessary include statements (as suggested by Markus)
>>>>>>
>>>>>> Beautiful, I've applied this to ppc-for-2.7, assuming I don't get an
>>>>>> objection to taking this through my tree.
>>>>>
>>>>> Ugh.. turns out this fails on sparc64 target on a 32-bit x86 host.
>>>>> Specifically it trips the tcg_abort() at the end of tcg_reg_alloc()
>>>>> (tcg/tcg.c).
>>>>>
>>>>> I'm reasonably confident this is a pre-existing bug, just triggered by
>>>>> this test, but in the interests of getting this up and running on the
>>>>> platforms where it is working, I've disabled the testcase on sparc64
>>>>> for now.
>>>>>
>>>>> Mark, if you could debug the sparc64-on-i386 failure at some point,
>>>>> that would be helpful.
>>>>
>>>> I'm a little tied up until next week, however I was able to reproduce on
>>>> a local i386 VM and get a stack trace:
>>>>
>>>>
>>>> $ gdb --args ./qemu-system-sparc64 -nographic
>>>> GNU gdb (Debian 7.10-1.1) 7.10
>>>> Copyright (C) 2015 Free Software Foundation, Inc.
>>>> License GPLv3+: GNU GPL version 3 or later
>>>> <http://gnu.org/licenses/gpl.html>
>>>> This is free software: you are free to change and redistribute it.
>>>> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
>>>> and "show warranty" for details.
>>>> This GDB was configured as "i686-linux-gnu".
>>>> Type "show configuration" for configuration details.
>>>> For bug reporting instructions, please see:
>>>> <http://www.gnu.org/software/gdb/bugs/>.
>>>> Find the GDB manual and other documentation resources online at:
>>>> <http://www.gnu.org/software/gdb/documentation/>.
>>>> For help, type "help".
>>>> Type "apropos word" to search for commands related to "word"...
>>>> Reading symbols from ./qemu-system-sparc64...done.
>>>> (gdb) r
>>>> Starting program: /home/build/rel-qemu-git/bin/qemu-system-sparc64
>>>> -nographic
>>>> [Thread debugging using libthread_db enabled]
>>>> Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
>>>> [New Thread 0xb7989b40 (LWP 27497)]
>>>> [New Thread 0xb4af1b40 (LWP 27498)]
>>>> OpenBIOS for Sparc64
>>>> Configuration device id QEMU version 1 machine id 0
>>>> kernel cmdline
>>>> CPUs: 1 x SUNW,UltraSPARC-IIi
>>>> UUID: 00000000-0000-0000-0000-000000000000
>>>> /home/build/src/qemu/tcg/tcg.c:1743: tcg fatal error
>>>>
>>>> Program received signal SIGABRT, Aborted.
>>>> [Switching to Thread 0xb4af1b40 (LWP 27498)]
>>>> 0xb7fdadad in __kernel_vsyscall ()
>>>> (gdb) bt
>>>> #0  0xb7fdadad in __kernel_vsyscall ()
>>>> #1  0xb7a2ee26 in __GI_raise (sig=6) at
>>>> ../sysdeps/unix/sysv/linux/raise.c:55
>>>> #2  0xb7a303f7 in __GI_abort () at abort.c:89
>>>> #3  0x08061776 in tcg_reg_alloc (s=0x8637780 <tcg_ctx>,
>>>> desired_regs=255, allocated_regs=255, rev=true) at
>>>> /home/build/src/qemu/tcg/tcg.c:1743
>>>> #4  0x0806181a in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637978
>>>> <tcg_ctx+504>, desired_regs=255, allocated_regs=255) at
>>>> /home/build/src/qemu/tcg/tcg.c:1762
>>>> #5  0x080615e0 in tcg_reg_sync (s=0x8637780 <tcg_ctx>, reg=TCG_REG_EAX,
>>>> allocated_regs=255) at /home/build/src/qemu/tcg/tcg.c:1694
>>>> #6  0x08061653 in tcg_reg_free (s=0x8637780 <tcg_ctx>, reg=TCG_REG_EAX,
>>>> allocated_regs=254) at /home/build/src/qemu/tcg/tcg.c:1709
>>>> #7  0x08061740 in tcg_reg_alloc (s=0x8637780 <tcg_ctx>,
>>>> desired_regs=255, allocated_regs=254, rev=true) at
>>>> /home/build/src/qemu/tcg/tcg.c:1738
>>>> #8  0x0806181a in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637978
>>>> <tcg_ctx+504>, desired_regs=255, allocated_regs=254) at
>>>> /home/build/src/qemu/tcg/tcg.c:1762
>>>> #9  0x080615e0 in tcg_reg_sync (s=0x8637780 <tcg_ctx>, reg=TCG_REG_ECX,
>>>> allocated_regs=254) at /home/build/src/qemu/tcg/tcg.c:1694
>>>> #10 0x08061653 in tcg_reg_free (s=0x8637780 <tcg_ctx>, reg=TCG_REG_ECX,
>>>> allocated_regs=252) at /home/build/src/qemu/tcg/tcg.c:1709
>>>> #11 0x08061740 in tcg_reg_alloc (s=0x8637780 <tcg_ctx>,
>>>> desired_regs=255, allocated_regs=252, rev=true) at
>>>> /home/build/src/qemu/tcg/tcg.c:1738
>>>> #12 0x0806181a in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637978
>>>> <tcg_ctx+504>, desired_regs=255, allocated_regs=252) at
>>>> /home/build/src/qemu/tcg/tcg.c:1762
>>>> #13 0x08061858 in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637f48
>>>> <tcg_ctx+1992>, desired_regs=255, allocated_regs=252) at
>>>> /home/build/src/qemu/tcg/tcg.c:1765
>>>> #14 0x0806220f in tcg_reg_alloc_op (s=0x8637780 <tcg_ctx>, def=0x859c150
>>>> <tcg_op_defs+720>, opc=INDEX_op_sub2_i32, args=0x863be54
>>>> <tcg_ctx+18132>, dead_args=60, sync_args=0 '\000') at
>>>> /home/build/src/qemu/tcg/tcg.c:2050
>>>> #15 0x08063156 in tcg_gen_code (s=0x8637780 <tcg_ctx>, tb=0xb4b14d90) at
>>>> /home/build/src/qemu/tcg/tcg.c:2454
>>>> #16 0x08058cb4 in tb_gen_code (cpu=0x8a9e370, pc=4291901680,
>>>> cs_base=4291901684, flags=7, cflags=0) at
>>>> /home/build/src/qemu/translate-all.c:1212
>>>> #17 0x0805a8c5 in tb_find_slow (cpu=0x8a9e370, pc=4291901680,
>>>> cs_base=4291901684, flags=7) at /home/build/src/qemu/cpu-exec.c:310
>>>> #18 0x0805aa1e in tb_find_fast (cpu=0x8a9e370, last_tb=0xb4af1044,
>>>> tb_exit=1) at /home/build/src/qemu/cpu-exec.c:339
>>>> #19 0x0805b189 in cpu_sparc_exec (cpu=0x8a9e370) at
>>>> /home/build/src/qemu/cpu-exec.c:625
>>>> #20 0x0808666d in tcg_cpu_exec (cpu=0x8a9e370) at
>>>> /home/build/src/qemu/cpus.c:1541
>>>> #21 0x0808675b in tcg_exec_all () at /home/build/src/qemu/cpus.c:1574
>>>> #22 0x08085c29 in qemu_tcg_cpu_thread_fn (arg=0x8a9e370) at
>>>> /home/build/src/qemu/cpus.c:1171
>>>> #23 0xb7bc12de in start_thread (arg=0xb4af1b40) at pthread_create.c:334
>>>> #24 0xb7aeb23e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:122
>>>> (gdb)
>>>>
>>>>
>>>> I've added Richard as CC since it looks like this is something in the
>>>> TCG core.
>>>
>>> While you are at it, can you please check, whether  -singlestep option
>>> chanes anything at all?
>>> It may help to see if the bug has to do with the TCG optimizer.
>>
>> Adding -singlestep seems to cause OpenBIOS to hang after displaying the
>> initial banner here. Is this similar to -icount which is currently not
>> working under SPARC64?
> 
> Yes, it is similar, but unlike -icount it is working. It slows down
> things quite a bit, but on a x86_64 host I get:
> 
> CPUs: 1 x SUNW,UltraSPARC-IIi
> UUID: 00000000-0000-0000-0000-000000000000
> Welcome to OpenBIOS v1.1 built on Apr 18 2016 08:20
>   Type 'help' for detailed information
> Trying disk:a...
> No valid state has been set by load or init-program
> 0 >   ok
> 
> It takes ~20 seconds to get there though.

Ah indeed. It took a while to get there, but I did get a successful boot
to the Forth prompt on i386 booting with "./qemu-system-sparc64
-nographic -singlestep". So does that mean this is an optimizer bug?


ATB,

Mark.
Artyom Tarasenko June 19, 2016, 3:26 p.m. UTC | #9 
On Fri, Jun 17, 2016 at 3:56 PM, Mark Cave-Ayland
<mark.cave-ayland@ilande.co.uk> wrote:
>>>>>>>> Since the mac99 and g3beige PowerPC machines recently broke without
>>>>>>>> being noticed, it would be good to have a tester for "make check"
>>>>>>>> that detects such issues immediately. A simple way to test the firmware
>>>>>>>> of these machines is to use the "-prom-env" parameter of QEMU. This
>>>>>>>> parameter can be used to put some Forth code into the 'boot-command'
>>>>>>>> firmware variable which then can signal success to the tester by
>>>>>>>> writing a magic value to a known memory location. And since some of the
>>>>>>>> Sparc machines are also using OpenBIOS, they are now tested with this
>>>>>>>> prom-env-tester, too.
>>>>>>>>
>>>>>>>> Reviewed-by: Markus Armbruster <armbru@redhat.com>
>>>>>>>> Signed-off-by: Thomas Huth <thuth@redhat.com>
>>>>>>>> ---
>>>>>>>>  v2: Removed unnecessary include statements (as suggested by Markus)
>>>>>>>
>>>>>>> Beautiful, I've applied this to ppc-for-2.7, assuming I don't get an
>>>>>>> objection to taking this through my tree.
>>>>>>
>>>>>> Ugh.. turns out this fails on sparc64 target on a 32-bit x86 host.
>>>>>> Specifically it trips the tcg_abort() at the end of tcg_reg_alloc()
>>>>>> (tcg/tcg.c).
>>>>>>
>>>>>> I'm reasonably confident this is a pre-existing bug, just triggered by
>>>>>> this test, but in the interests of getting this up and running on the
>>>>>> platforms where it is working, I've disabled the testcase on sparc64
>>>>>> for now.
>>>>>>
>>>>>> Mark, if you could debug the sparc64-on-i386 failure at some point,
>>>>>> that would be helpful.
>>>>>
>>>>> I'm a little tied up until next week, however I was able to reproduce on
>>>>> a local i386 VM and get a stack trace:
>>>>>
>>>>>
>>>>> $ gdb --args ./qemu-system-sparc64 -nographic
>>>>> GNU gdb (Debian 7.10-1.1) 7.10
>>>>> Copyright (C) 2015 Free Software Foundation, Inc.
>>>>> License GPLv3+: GNU GPL version 3 or later
>>>>> <http://gnu.org/licenses/gpl.html>
>>>>> This is free software: you are free to change and redistribute it.
>>>>> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
>>>>> and "show warranty" for details.
>>>>> This GDB was configured as "i686-linux-gnu".
>>>>> Type "show configuration" for configuration details.
>>>>> For bug reporting instructions, please see:
>>>>> <http://www.gnu.org/software/gdb/bugs/>.
>>>>> Find the GDB manual and other documentation resources online at:
>>>>> <http://www.gnu.org/software/gdb/documentation/>.
>>>>> For help, type "help".
>>>>> Type "apropos word" to search for commands related to "word"...
>>>>> Reading symbols from ./qemu-system-sparc64...done.
>>>>> (gdb) r
>>>>> Starting program: /home/build/rel-qemu-git/bin/qemu-system-sparc64
>>>>> -nographic
>>>>> [Thread debugging using libthread_db enabled]
>>>>> Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
>>>>> [New Thread 0xb7989b40 (LWP 27497)]
>>>>> [New Thread 0xb4af1b40 (LWP 27498)]
>>>>> OpenBIOS for Sparc64
>>>>> Configuration device id QEMU version 1 machine id 0
>>>>> kernel cmdline
>>>>> CPUs: 1 x SUNW,UltraSPARC-IIi
>>>>> UUID: 00000000-0000-0000-0000-000000000000
>>>>> /home/build/src/qemu/tcg/tcg.c:1743: tcg fatal error
>>>>>
>>>>> Program received signal SIGABRT, Aborted.
>>>>> [Switching to Thread 0xb4af1b40 (LWP 27498)]
>>>>> 0xb7fdadad in __kernel_vsyscall ()
>>>>> (gdb) bt
>>>>> #0  0xb7fdadad in __kernel_vsyscall ()
>>>>> #1  0xb7a2ee26 in __GI_raise (sig=6) at
>>>>> ../sysdeps/unix/sysv/linux/raise.c:55
>>>>> #2  0xb7a303f7 in __GI_abort () at abort.c:89
>>>>> #3  0x08061776 in tcg_reg_alloc (s=0x8637780 <tcg_ctx>,
>>>>> desired_regs=255, allocated_regs=255, rev=true) at
>>>>> /home/build/src/qemu/tcg/tcg.c:1743
>>>>> #4  0x0806181a in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637978
>>>>> <tcg_ctx+504>, desired_regs=255, allocated_regs=255) at
>>>>> /home/build/src/qemu/tcg/tcg.c:1762
>>>>> #5  0x080615e0 in tcg_reg_sync (s=0x8637780 <tcg_ctx>, reg=TCG_REG_EAX,
>>>>> allocated_regs=255) at /home/build/src/qemu/tcg/tcg.c:1694
>>>>> #6  0x08061653 in tcg_reg_free (s=0x8637780 <tcg_ctx>, reg=TCG_REG_EAX,
>>>>> allocated_regs=254) at /home/build/src/qemu/tcg/tcg.c:1709
>>>>> #7  0x08061740 in tcg_reg_alloc (s=0x8637780 <tcg_ctx>,
>>>>> desired_regs=255, allocated_regs=254, rev=true) at
>>>>> /home/build/src/qemu/tcg/tcg.c:1738
>>>>> #8  0x0806181a in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637978
>>>>> <tcg_ctx+504>, desired_regs=255, allocated_regs=254) at
>>>>> /home/build/src/qemu/tcg/tcg.c:1762
>>>>> #9  0x080615e0 in tcg_reg_sync (s=0x8637780 <tcg_ctx>, reg=TCG_REG_ECX,
>>>>> allocated_regs=254) at /home/build/src/qemu/tcg/tcg.c:1694
>>>>> #10 0x08061653 in tcg_reg_free (s=0x8637780 <tcg_ctx>, reg=TCG_REG_ECX,
>>>>> allocated_regs=252) at /home/build/src/qemu/tcg/tcg.c:1709
>>>>> #11 0x08061740 in tcg_reg_alloc (s=0x8637780 <tcg_ctx>,
>>>>> desired_regs=255, allocated_regs=252, rev=true) at
>>>>> /home/build/src/qemu/tcg/tcg.c:1738
>>>>> #12 0x0806181a in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637978
>>>>> <tcg_ctx+504>, desired_regs=255, allocated_regs=252) at
>>>>> /home/build/src/qemu/tcg/tcg.c:1762
>>>>> #13 0x08061858 in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637f48
>>>>> <tcg_ctx+1992>, desired_regs=255, allocated_regs=252) at
>>>>> /home/build/src/qemu/tcg/tcg.c:1765
>>>>> #14 0x0806220f in tcg_reg_alloc_op (s=0x8637780 <tcg_ctx>, def=0x859c150
>>>>> <tcg_op_defs+720>, opc=INDEX_op_sub2_i32, args=0x863be54
>>>>> <tcg_ctx+18132>, dead_args=60, sync_args=0 '\000') at
>>>>> /home/build/src/qemu/tcg/tcg.c:2050
>>>>> #15 0x08063156 in tcg_gen_code (s=0x8637780 <tcg_ctx>, tb=0xb4b14d90) at
>>>>> /home/build/src/qemu/tcg/tcg.c:2454
>>>>> #16 0x08058cb4 in tb_gen_code (cpu=0x8a9e370, pc=4291901680,
>>>>> cs_base=4291901684, flags=7, cflags=0) at
>>>>> /home/build/src/qemu/translate-all.c:1212
>>>>> #17 0x0805a8c5 in tb_find_slow (cpu=0x8a9e370, pc=4291901680,
>>>>> cs_base=4291901684, flags=7) at /home/build/src/qemu/cpu-exec.c:310
>>>>> #18 0x0805aa1e in tb_find_fast (cpu=0x8a9e370, last_tb=0xb4af1044,
>>>>> tb_exit=1) at /home/build/src/qemu/cpu-exec.c:339
>>>>> #19 0x0805b189 in cpu_sparc_exec (cpu=0x8a9e370) at
>>>>> /home/build/src/qemu/cpu-exec.c:625
>>>>> #20 0x0808666d in tcg_cpu_exec (cpu=0x8a9e370) at
>>>>> /home/build/src/qemu/cpus.c:1541
>>>>> #21 0x0808675b in tcg_exec_all () at /home/build/src/qemu/cpus.c:1574
>>>>> #22 0x08085c29 in qemu_tcg_cpu_thread_fn (arg=0x8a9e370) at
>>>>> /home/build/src/qemu/cpus.c:1171
>>>>> #23 0xb7bc12de in start_thread (arg=0xb4af1b40) at pthread_create.c:334
>>>>> #24 0xb7aeb23e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:122
>>>>> (gdb)
>>>>>
>>>>>
>>>>> I've added Richard as CC since it looks like this is something in the
>>>>> TCG core.
>>>>
>>>> While you are at it, can you please check, whether  -singlestep option
>>>> chanes anything at all?
>>>> It may help to see if the bug has to do with the TCG optimizer.
>>>
>>> Adding -singlestep seems to cause OpenBIOS to hang after displaying the
>>> initial banner here. Is this similar to -icount which is currently not
>>> working under SPARC64?
>>
>> Yes, it is similar, but unlike -icount it is working. It slows down
>> things quite a bit, but on a x86_64 host I get:
>>
>> CPUs: 1 x SUNW,UltraSPARC-IIi
>> UUID: 00000000-0000-0000-0000-000000000000
>> Welcome to OpenBIOS v1.1 built on Apr 18 2016 08:20
>>   Type 'help' for detailed information
>> Trying disk:a...
>> No valid state has been set by load or init-program
>> 0 >   ok
>>
>> It takes ~20 seconds to get there though.
>
> Ah indeed. It took a while to get there, but I did get a successful boot
> to the Forth prompt on i386 booting with "./qemu-system-sparc64
> -nographic -singlestep". So does that mean this is an optimizer bug?
>

Either that, or target-sparc uses a TCG temp instead of a local temp
at some place.
The optimizer may assume the temp is not needed, and optimize it away.
Adding to CC Laurent, since he diagnosed a similar bug a couple of years ago.

Artyom
Richard Henderson June 19, 2016, 5:28 p.m. UTC | #10 
On 06/19/2016 08:26 AM, Artyom Tarasenko wrote:
> On Fri, Jun 17, 2016 at 3:56 PM, Mark Cave-Ayland
> <mark.cave-ayland@ilande.co.uk> wrote:
>>>>>>>>> Since the mac99 and g3beige PowerPC machines recently broke without
>>>>>>>>> being noticed, it would be good to have a tester for "make check"
>>>>>>>>> that detects such issues immediately. A simple way to test the firmware
>>>>>>>>> of these machines is to use the "-prom-env" parameter of QEMU. This
>>>>>>>>> parameter can be used to put some Forth code into the 'boot-command'
>>>>>>>>> firmware variable which then can signal success to the tester by
>>>>>>>>> writing a magic value to a known memory location. And since some of the
>>>>>>>>> Sparc machines are also using OpenBIOS, they are now tested with this
>>>>>>>>> prom-env-tester, too.
>>>>>>>>>
>>>>>>>>> Reviewed-by: Markus Armbruster <armbru@redhat.com>
>>>>>>>>> Signed-off-by: Thomas Huth <thuth@redhat.com>
>>>>>>>>> ---
>>>>>>>>>  v2: Removed unnecessary include statements (as suggested by Markus)
>>>>>>>>
>>>>>>>> Beautiful, I've applied this to ppc-for-2.7, assuming I don't get an
>>>>>>>> objection to taking this through my tree.
>>>>>>>
>>>>>>> Ugh.. turns out this fails on sparc64 target on a 32-bit x86 host.
>>>>>>> Specifically it trips the tcg_abort() at the end of tcg_reg_alloc()
>>>>>>> (tcg/tcg.c).
>>>>>>>
>>>>>>> I'm reasonably confident this is a pre-existing bug, just triggered by
>>>>>>> this test, but in the interests of getting this up and running on the
>>>>>>> platforms where it is working, I've disabled the testcase on sparc64
>>>>>>> for now.
>>>>>>>
>>>>>>> Mark, if you could debug the sparc64-on-i386 failure at some point,
>>>>>>> that would be helpful.
>>>>>>
>>>>>> I'm a little tied up until next week, however I was able to reproduce on
>>>>>> a local i386 VM and get a stack trace:
>>>>>>
>>>>>>
>>>>>> $ gdb --args ./qemu-system-sparc64 -nographic
>>>>>> GNU gdb (Debian 7.10-1.1) 7.10
>>>>>> Copyright (C) 2015 Free Software Foundation, Inc.
>>>>>> License GPLv3+: GNU GPL version 3 or later
>>>>>> <http://gnu.org/licenses/gpl.html>
>>>>>> This is free software: you are free to change and redistribute it.
>>>>>> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
>>>>>> and "show warranty" for details.
>>>>>> This GDB was configured as "i686-linux-gnu".
>>>>>> Type "show configuration" for configuration details.
>>>>>> For bug reporting instructions, please see:
>>>>>> <http://www.gnu.org/software/gdb/bugs/>.
>>>>>> Find the GDB manual and other documentation resources online at:
>>>>>> <http://www.gnu.org/software/gdb/documentation/>.
>>>>>> For help, type "help".
>>>>>> Type "apropos word" to search for commands related to "word"...
>>>>>> Reading symbols from ./qemu-system-sparc64...done.
>>>>>> (gdb) r
>>>>>> Starting program: /home/build/rel-qemu-git/bin/qemu-system-sparc64
>>>>>> -nographic
>>>>>> [Thread debugging using libthread_db enabled]
>>>>>> Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
>>>>>> [New Thread 0xb7989b40 (LWP 27497)]
>>>>>> [New Thread 0xb4af1b40 (LWP 27498)]
>>>>>> OpenBIOS for Sparc64
>>>>>> Configuration device id QEMU version 1 machine id 0
>>>>>> kernel cmdline
>>>>>> CPUs: 1 x SUNW,UltraSPARC-IIi
>>>>>> UUID: 00000000-0000-0000-0000-000000000000
>>>>>> /home/build/src/qemu/tcg/tcg.c:1743: tcg fatal error
>>>>>>
>>>>>> Program received signal SIGABRT, Aborted.
>>>>>> [Switching to Thread 0xb4af1b40 (LWP 27498)]
>>>>>> 0xb7fdadad in __kernel_vsyscall ()
>>>>>> (gdb) bt
>>>>>> #0  0xb7fdadad in __kernel_vsyscall ()
>>>>>> #1  0xb7a2ee26 in __GI_raise (sig=6) at
>>>>>> ../sysdeps/unix/sysv/linux/raise.c:55
>>>>>> #2  0xb7a303f7 in __GI_abort () at abort.c:89
>>>>>> #3  0x08061776 in tcg_reg_alloc (s=0x8637780 <tcg_ctx>,
>>>>>> desired_regs=255, allocated_regs=255, rev=true) at
>>>>>> /home/build/src/qemu/tcg/tcg.c:1743
>>>>>> #4  0x0806181a in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637978
>>>>>> <tcg_ctx+504>, desired_regs=255, allocated_regs=255) at
>>>>>> /home/build/src/qemu/tcg/tcg.c:1762
>>>>>> #5  0x080615e0 in tcg_reg_sync (s=0x8637780 <tcg_ctx>, reg=TCG_REG_EAX,
>>>>>> allocated_regs=255) at /home/build/src/qemu/tcg/tcg.c:1694
>>>>>> #6  0x08061653 in tcg_reg_free (s=0x8637780 <tcg_ctx>, reg=TCG_REG_EAX,
>>>>>> allocated_regs=254) at /home/build/src/qemu/tcg/tcg.c:1709
>>>>>> #7  0x08061740 in tcg_reg_alloc (s=0x8637780 <tcg_ctx>,
>>>>>> desired_regs=255, allocated_regs=254, rev=true) at
>>>>>> /home/build/src/qemu/tcg/tcg.c:1738
>>>>>> #8  0x0806181a in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637978
>>>>>> <tcg_ctx+504>, desired_regs=255, allocated_regs=254) at
>>>>>> /home/build/src/qemu/tcg/tcg.c:1762
>>>>>> #9  0x080615e0 in tcg_reg_sync (s=0x8637780 <tcg_ctx>, reg=TCG_REG_ECX,
>>>>>> allocated_regs=254) at /home/build/src/qemu/tcg/tcg.c:1694
>>>>>> #10 0x08061653 in tcg_reg_free (s=0x8637780 <tcg_ctx>, reg=TCG_REG_ECX,
>>>>>> allocated_regs=252) at /home/build/src/qemu/tcg/tcg.c:1709
>>>>>> #11 0x08061740 in tcg_reg_alloc (s=0x8637780 <tcg_ctx>,
>>>>>> desired_regs=255, allocated_regs=252, rev=true) at
>>>>>> /home/build/src/qemu/tcg/tcg.c:1738
>>>>>> #12 0x0806181a in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637978
>>>>>> <tcg_ctx+504>, desired_regs=255, allocated_regs=252) at
>>>>>> /home/build/src/qemu/tcg/tcg.c:1762
>>>>>> #13 0x08061858 in temp_load (s=0x8637780 <tcg_ctx>, ts=0x8637f48
>>>>>> <tcg_ctx+1992>, desired_regs=255, allocated_regs=252) at
>>>>>> /home/build/src/qemu/tcg/tcg.c:1765
>>>>>> #14 0x0806220f in tcg_reg_alloc_op (s=0x8637780 <tcg_ctx>, def=0x859c150
>>>>>> <tcg_op_defs+720>, opc=INDEX_op_sub2_i32, args=0x863be54
>>>>>> <tcg_ctx+18132>, dead_args=60, sync_args=0 '\000') at
>>>>>> /home/build/src/qemu/tcg/tcg.c:2050
>>>>>> #15 0x08063156 in tcg_gen_code (s=0x8637780 <tcg_ctx>, tb=0xb4b14d90) at
>>>>>> /home/build/src/qemu/tcg/tcg.c:2454
>>>>>> #16 0x08058cb4 in tb_gen_code (cpu=0x8a9e370, pc=4291901680,
>>>>>> cs_base=4291901684, flags=7, cflags=0) at
>>>>>> /home/build/src/qemu/translate-all.c:1212
>>>>>> #17 0x0805a8c5 in tb_find_slow (cpu=0x8a9e370, pc=4291901680,
>>>>>> cs_base=4291901684, flags=7) at /home/build/src/qemu/cpu-exec.c:310
>>>>>> #18 0x0805aa1e in tb_find_fast (cpu=0x8a9e370, last_tb=0xb4af1044,
>>>>>> tb_exit=1) at /home/build/src/qemu/cpu-exec.c:339
>>>>>> #19 0x0805b189 in cpu_sparc_exec (cpu=0x8a9e370) at
>>>>>> /home/build/src/qemu/cpu-exec.c:625
>>>>>> #20 0x0808666d in tcg_cpu_exec (cpu=0x8a9e370) at
>>>>>> /home/build/src/qemu/cpus.c:1541
>>>>>> #21 0x0808675b in tcg_exec_all () at /home/build/src/qemu/cpus.c:1574
>>>>>> #22 0x08085c29 in qemu_tcg_cpu_thread_fn (arg=0x8a9e370) at
>>>>>> /home/build/src/qemu/cpus.c:1171
>>>>>> #23 0xb7bc12de in start_thread (arg=0xb4af1b40) at pthread_create.c:334
>>>>>> #24 0xb7aeb23e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:122
>>>>>> (gdb)
>>>>>>
>>>>>>
>>>>>> I've added Richard as CC since it looks like this is something in the
>>>>>> TCG core.
>>>>>
>>>>> While you are at it, can you please check, whether  -singlestep option
>>>>> chanes anything at all?
>>>>> It may help to see if the bug has to do with the TCG optimizer.
>>>>
>>>> Adding -singlestep seems to cause OpenBIOS to hang after displaying the
>>>> initial banner here. Is this similar to -icount which is currently not
>>>> working under SPARC64?
>>>
>>> Yes, it is similar, but unlike -icount it is working. It slows down
>>> things quite a bit, but on a x86_64 host I get:
>>>
>>> CPUs: 1 x SUNW,UltraSPARC-IIi
>>> UUID: 00000000-0000-0000-0000-000000000000
>>> Welcome to OpenBIOS v1.1 built on Apr 18 2016 08:20
>>>   Type 'help' for detailed information
>>> Trying disk:a...
>>> No valid state has been set by load or init-program
>>> 0 >   ok
>>>
>>> It takes ~20 seconds to get there though.
>>
>> Ah indeed. It took a while to get there, but I did get a successful boot
>> to the Forth prompt on i386 booting with "./qemu-system-sparc64
>> -nographic -singlestep". So does that mean this is an optimizer bug?
>>
>
> Either that, or target-sparc uses a TCG temp instead of a local temp
> at some place.
> The optimizer may assume the temp is not needed, and optimize it away.
> Adding to CC Laurent, since he diagnosed a similar bug a couple of years ago.

This problem has a patch posted for it.

   https://patchwork.ozlabs.org/patch/637426/


r~
diff mbox

Patch

diff --git a/tests/Makefile.include b/tests/Makefile.include
index 7d63d16..f95a3ca 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -258,6 +258,10 @@  check-qtest-ppc-y += tests/boot-order-test$(EXESUF)
 check-qtest-ppc64-y += tests/boot-order-test$(EXESUF)
 check-qtest-ppc64-y += tests/spapr-phb-test$(EXESUF)
 gcov-files-ppc64-y += ppc64-softmmu/hw/ppc/spapr_pci.c
+check-qtest-ppc-y = tests/prom-env-test$(EXESUF)
+check-qtest-ppc64-y = tests/prom-env-test$(EXESUF)
+check-qtest-sparc-y = tests/prom-env-test$(EXESUF)
+check-qtest-sparc64-y = tests/prom-env-test$(EXESUF)
 check-qtest-microblazeel-y = $(check-qtest-microblaze-y)
 check-qtest-xtensaeb-y = $(check-qtest-xtensa-y)
 
@@ -549,6 +553,7 @@  tests/rtc-test$(EXESUF): tests/rtc-test.o
 tests/m48t59-test$(EXESUF): tests/m48t59-test.o
 tests/endianness-test$(EXESUF): tests/endianness-test.o
 tests/spapr-phb-test$(EXESUF): tests/spapr-phb-test.o $(libqos-obj-y)
+tests/prom-env-test$(EXESUF): tests/prom-env-test.o $(libqos-obj-y)
 tests/fdc-test$(EXESUF): tests/fdc-test.o
 tests/ide-test$(EXESUF): tests/ide-test.o $(libqos-pc-obj-y)
 tests/ahci-test$(EXESUF): tests/ahci-test.o $(libqos-pc-obj-y)
diff --git a/tests/prom-env-test.c b/tests/prom-env-test.c
new file mode 100644
index 0000000..6df57d2
--- /dev/null
+++ b/tests/prom-env-test.c
@@ -0,0 +1,90 @@ 
+/*
+ * Test OpenBIOS-based machines.
+ *
+ * Copyright (c) 2016 Red Hat Inc.
+ *
+ * Author:
+ *    Thomas Huth <thuth@redhat.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2
+ * or later. See the COPYING file in the top-level directory.
+ *
+ * This test is used to check that some OpenBIOS machines can be started
+ * successfully in TCG mode. To do this, we first put some Forth code into
+ * the "boot-command" Open Firmware environment variable. This Forth code
+ * writes a well-known magic value to a known location in memory. Then we
+ * start the guest so that OpenBIOS can boot and finally run the Forth code.
+ * The testing code here then can finally check whether the value has been
+ * successfully written into the guest memory.
+ */
+
+#include "qemu/osdep.h"
+#include "libqtest.h"
+
+#define MAGIC   0xcafec0de
+#define ADDRESS 0x4000
+
+static void check_guest_memory(void)
+{
+    uint32_t signature;
+    int i;
+
+    /* Poll until code has run and modified memory. Wait at most 30 seconds */
+    for (i = 0; i < 3000; ++i) {
+        signature = readl(ADDRESS);
+        if (signature == MAGIC) {
+            break;
+        }
+        g_usleep(10000);
+    }
+
+    g_assert_cmphex(signature, ==, MAGIC);
+}
+
+static void test_machine(const void *machine)
+{
+    char *args;
+
+    args = g_strdup_printf("-M %s,accel=tcg -prom-env 'boot-command=%x %x l!'",
+                           (const char *)machine, MAGIC, ADDRESS);
+
+    qtest_start(args);
+    check_guest_memory();
+    qtest_quit(global_qtest);
+
+    g_free(args);
+}
+
+static void add_tests(const char *machines[])
+{
+    int i;
+    char *name;
+
+    for (i = 0; machines[i] != NULL; i++) {
+        name = g_strdup_printf("prom-env/%s", machines[i]);
+        qtest_add_data_func(name, machines[i], test_machine);
+        g_free(name);
+    }
+}
+
+int main(int argc, char *argv[])
+{
+    const char *sparc_machines[] = { "SPARCbook", "Voyager", "SS-20", NULL };
+    const char *sparc64_machines[] = { "sun4u", "sun4v", NULL };
+    const char *mac_machines[] = { "mac99", "g3beige", NULL };
+    const char *arch = qtest_get_arch();
+
+    g_test_init(&argc, &argv, NULL);
+
+    if (!strcmp(arch, "ppc") || !strcmp(arch, "ppc64")) {
+        add_tests(mac_machines);
+    } else if (!strcmp(arch, "sparc")) {
+        add_tests(sparc_machines);
+    } else if (!strcmp(arch, "sparc64")) {
+        add_tests(sparc64_machines);
+    } else {
+        g_assert_not_reached();
+    }
+
+    return g_test_run();
+}