[gem5-users] Possible Bug with X86 Decoder

Mon, 04 Dec 2017 17:51:11 -0800 

Hi everyone,

Recently I've been dealing with an unmapped address bug that I’ve traced
back to an issue with the X86 decoder.  Specifically, the issue I’m having
is that one of the three micro-ops for this loop instruction:



1964176    : loop   0xffffffffffffffee



is having its PC truncated from 64 bits to 32 bits.  The PC of the original
loop instruction is 0x7ffff27ae050, and I see that the rdip and subi (the
first two micro-ops) do not affect this.  However, the wripi truncates the
resultant PC to 32 bits, which causes the unmapped address failure.  With
the X86 flag on, I see that the pick() function picks size 4 (i.e.,
dataSize == 4) for this micro-op, when it should be choosing size 8 (if I
force the pick() function to always choose the 64-bit return value, then
the application makes progress beyond the failure point).  I have included
more details of the trace I’ve been looking at below for reference.



However, so far I haven’t been able to find any useful information about
why the dataSize field is being set to 4 for this micro-op/instruction.
Gabe, I was wondering if you could provide any pointers about where the
right place(s) to look at for this?



Sincerely,
Matt Sinclair



---



(I used the following flags:
ExecAll,Decode,X86,Fetch,IntRegs,MiscRegs,CCRegs)



60042127104: system.cpu0.[tid:0]: Setting int reg 16 (16) to
0.

60042127104: system.cpu0: Decode: Decoded rdip
instruction:

{


    leg = 0,


    rex =
0,

    vex/xop =
0,

    op = {


        type = one
byte,

        op =
0xe2,

        },


    modRM =
0,

    sib =
0,

    immediate =
0xffffffffffffffee,

    displacement =
0

    dispSize =
0,

    mode =
0,

    submode =
0}



60042127104: global: The data size is
4

60042127104: system.cpu0.[tid:0]: Setting int reg 17 (17) to
*0x7ffff27ae052*.             *// Matt: rdip sets resultant PC correctly in
t1d*

60042127104: system.cpu0 A0 T0 :
@_ZN12_GLOBAL__N_1L16ARMAttributeTagsE+140737131964176    : loop
0xffffffffffffffee

60042127104: system.cpu0 A0 T0 :
@_ZN12_GLOBAL__N_1L16ARMAttributeTagsE+140737131964176.0  :   LOOP_I :
rdip   t1d, %ctrl154,  : IntAlu :  D=*0x00007ffff27ae052  *
flags=(IsInteger|IsMicroop|IsDelayedCommit|IsFirstMicroop)

60042127104: system.cpu0.[tid:0]: Setting int reg 16 (16) to
0.

60042127104: system.cpu0: Decode: Decoded subi
instruction:

{


    leg = 0,


    rex =
0,

    vex/xop =
0,

    op = {


        type = one
byte,

        op =
0xe2,

        },


    modRM =
0,

    sib =
0,

    immediate =
0xffffffffffffffee,

    displacement =
0

    dispSize =
0,

    mode =
0,

    submode = 0}




60042127104: system.cpu0.[tid:0]: Reading int reg 1 (1) as
0x22.

60042127104: global: Picking with size
8

60042127104: global: flagMask =
0x20

60042127104: system.cpu0.[tid:0]: Setting int reg 1 (1) to
0x21.

60042127104: system.cpu0.[tid:0]: Setting CC reg 4 (4) to
0.

60042127104: system.cpu0 A0 T0 :
@_ZN12_GLOBAL__N_1L16ARMAttributeTagsE+140737131964176.1  :   LOOP_I :
subi   rcx, rcx, 0x1 : IntAlu :  D=0x0000000000000000
flags=(IsInteger|IsCC|IsMicroop|IsDelayedCommit)

60042127104: system.cpu0.[tid:0]: Setting int reg 16 (16) to
0.

60042127104: system.cpu0: Decode: Decoded wripi
instruction:

{


    leg =
0,

    rex =
0,

    vex/xop =
0,

    op =
{

        type = one
byte,

        op =
0xe2,

        },


    modRM =
0,

    sib =
0,

    immediate =
0xffffffffffffffee,

    displacement =
0

    dispSize =
0,

    mode = 0,


    submode =
0}



*60042127104: system.cpu0.[tid:0]: Reading int reg 17 (17) as
0x7ffff27ae052.       // Matt: PC (in t1d) still correct at this point*

60042127104: system.cpu0.[tid:0]: Reading CC reg 0 (0) as
0x44.

60042127104: system.cpu0.[tid:0]: Reading CC reg 1 (1) as
0.

60042127104: system.cpu0.[tid:0]: Reading CC reg 2 (2) as 0.


60042127104: system.cpu0.[tid:0]: Reading CC reg 3 (3) as
0.

60042127104: system.cpu0.[tid:0]: Reading CC reg 4 (4) as
0.

*60042127104: global: Picking with size
4                                                             // Matt: this
should be size 8*

60042127104: system.cpu0 A0 T0 :
@_ZN12_GLOBAL__N_1L16ARMAttributeTagsE+140737131964176.2  :   LOOP_I :
wripi   , t1d, 0xee : IntAlu :
flags=(IsInteger|IsCC|IsControl|IsCondControl|IsMicroop|IsLastMicroop)

60042127104: system.cpu0: Fetch: PC:*0xf27ae040
// Matt: resultant PC is truncated*

Fault description: #PF(0x15) at
0xf27ae040

PC: 0xf27ae040, Instr:   LOOP_I : wripi   , t1d,
0xee

panic: Tried to execute unmapped address 0xf27ae040.

_______________________________________________
gem5-users mailing list
[email protected]
http://m5sim.org/cgi-bin/mailman/listinfo/gem5-users

Reply via email to