Re: target/hppa: be,n nullifying first insn at branch target?

2024-03-26 Thread Sven Schnelle 
Richard Henderson  writes:

> On 3/25/24 09:33, Sven Schnelle wrote:
>> diff --git a/target/hppa/translate.c b/target/hppa/translate.c
>> index 7546a5f5a2..56c68a7cbe 100644
>> --- a/target/hppa/translate.c
>> +++ b/target/hppa/translate.c
>> @@ -3847,7 +3849,7 @@ static bool trans_be(DisasContext *ctx, arg_be *a)
>>   copy_iaoq_entry(ctx, cpu_gr[31], ctx->iaoq_n, ctx->iaoq_n_var);
>>   tcg_gen_mov_i64(cpu_sr[0], cpu_iasq_b);
>>   }
>> -if (a->n && use_nullify_skip(ctx)) {
>> +if (0 && a->n && use_nullify_skip(ctx)) {
>>   copy_iaoq_entry(ctx, cpu_iaoq_f, -1, tmp);
>>   tcg_gen_addi_i64(tmp, tmp, 4);
>>   copy_iaoq_entry(ctx, cpu_iaoq_b, -1, tmp);
>> So i think the problem is caused by this optimization. Does this
>> ring a
>> bell? Debugging this is rather hard, alone the logfile above is 6GB in
>> size...
>
> The problem is a missing
>
> nullify_set(ctx, 0)
>
> within this block.
>
> I have patches queued to reorg the IAQ handling, which I hope will fix
> the problem Sven saw with spaces.  It would fix this as a consequence
> of other unification.  But I think it's a bit too big for 9.0.

Thanks Richard. Let me know if you want me to test patches.

Re: target/hppa: be,n nullifying first insn at branch target?

2024-03-26 Thread Richard Henderson 

On 3/25/24 09:33, Sven Schnelle wrote:

diff --git a/target/hppa/translate.c b/target/hppa/translate.c
index 7546a5f5a2..56c68a7cbe 100644
--- a/target/hppa/translate.c
+++ b/target/hppa/translate.c
@@ -3847,7 +3849,7 @@ static bool trans_be(DisasContext *ctx, arg_be *a)
  copy_iaoq_entry(ctx, cpu_gr[31], ctx->iaoq_n, ctx->iaoq_n_var);
  tcg_gen_mov_i64(cpu_sr[0], cpu_iasq_b);
  }
-if (a->n && use_nullify_skip(ctx)) {
+if (0 && a->n && use_nullify_skip(ctx)) {
  copy_iaoq_entry(ctx, cpu_iaoq_f, -1, tmp);
  tcg_gen_addi_i64(tmp, tmp, 4);
  copy_iaoq_entry(ctx, cpu_iaoq_b, -1, tmp);


So i think the problem is caused by this optimization. Does this ring a
bell? Debugging this is rather hard, alone the logfile above is 6GB in
size...


The problem is a missing

nullify_set(ctx, 0)

within this block.

I have patches queued to reorg the IAQ handling, which I hope will fix the problem Sven 
saw with spaces.  It would fix this as a consequence of other unification.  But I think 
it's a bit too big for 9.0.



r~

target/hppa: be,n nullifying first insn at branch target?

2024-03-25 Thread Sven Schnelle 
Hi Richard,

one of the last issue i'm seeing with 64bit HP-UX 11.11 is a crash
of ld64 while building (linking) the kernel. The program is killed
due to a unaligned access. I've wrote a logfile, and it looks like
be,n is nullifying the first instruction at the branch target:

IN: 
0x9d4a416d4fc:  cmpiclr,<> c,r31,r0
0x9d4a416d500:  addi,tr 13,r0,ret1
0x9d4a416d504:  ldi 0,ret1
0x9d4a416d508:  ldi 0,ret0
0x9d4a416d50c:  ldsid (rp),r31
0x9d4a416d510:  mtsp r31,sr0
0x9d4a416d514:  be,n 0(sr0,rp)

Trace 0: 0x7efd7f9d75c0 [9d4a404/09d4a416d4fc/00040306/ff00] 
IA_F 09d4a416d4ff IA_B 09d4a416d503 IIR 4afc3ff9
PSW  00ff0004ff1f CB    -C---RQPDI
GR00  GR01 09d4a400 GR02 00107573 GR03 
003c79b8
GR04 00419f50 GR05 00410a30 GR06 7a0005c8 GR07 
00419f50
GR08 004122f8 GR09 000b GR10 001db1b8 GR11 
001c81f8
GR12 001c81f8 GR13 001c81f8 GR14  GR15 
001dbf18
GR16  GR17 0001 GR18 001d5278 GR19 
001c5000
GR20 00416a40 GR21 006a GR22 0016d4e8 GR23 
004a
GR24 029c GR25  GR26 00419f50 GR27 
001e65f8
GR28 0001 GR29 001db1b8 GR30 7a029510 GR31 
000c
SR00 09d4a400 SR01  SR02  SR03 
SR04 09d4a400 SR05 09d4a400 SR06 01eea400 SR07 01eea400


IN: 
0x9d4a4107570:  ldw 0(r4),r19
0x9d4a4107574:  ldw 58(r19),r22
0x9d4a4107578:  ldo 0(ret1),r7
0x9d4a410757c:  ldo 0(r4),r26
0x9d4a4107580:  b,l 0x9d4a41074d8,r31
0x9d4a4107584:  ldo 0(r31),rp

Trace 0: 0x7efd7f9d77c0 [9d4a404/09d4a4107570/00240306/ff00] 
IA_F 09d4a4107573 IA_B 09d4a4107577 IIR 4afc3ff9
PSW  0024001f CB    --N--C---RQPDI
GR00  GR01 09d4a400 GR02 00107573 GR03 
003c79b8
GR04 00419f50 GR05 00410a30 GR06 7a0005c8 GR07 
00419f50
GR08 004122f8 GR09 000b GR10 001db1b8 GR11 
001c81f8
GR12 001c81f8 GR13 001c81f8 GR14  GR15 
001dbf18
GR16  GR17 0001 GR18 001d5278 GR19 
001c5000
GR20 00416a40 GR21 006a GR22 0016d4e8 GR23 
004a
GR24 029c GR25  GR26 00419f50 GR27 
001e65f8
GR28  GR29 0013 GR30 7a029510 GR31 
09d4a400
SR00 09d4a400 SR01  SR02  SR03 
SR04 09d4a400 SR05 09d4a400 SR06 01eea400 SR07 01eea400

Trace 0: 0x7efd7f9adb80 [9d4a404/09d4a41074d8/00040306/ff00] 
IA_F 09d4a41074db IA_B 09d4a41074df IIR 4afc3ff9
PSW  0004001f CB    -C---RQPDI
GR00  GR01 09d4a400 GR02 0010758b GR03 
003c79b8
GR04 00419f50 GR05 00410a30 GR06 7a0005c8 GR07 
0013
GR08 004122f8 GR09 000b GR10 001db1b8 GR11 
001c81f8
GR12 001c81f8 GR13 001c81f8 GR14  GR15 
001dbf18
GR16  GR17 0001 GR18 001d5278 GR19 
001c5000
GR20 00416a40 GR21 006a GR22 2400 GR23 
004a
GR24 029c GR25  GR26 00419f50 GR27 
001e65f8
GR28  GR29 0013 GR30 7a029510 GR31 
0010758b
SR00 09d4a400 SR01  SR02  SR03 
SR04 09d4a400 SR05 09d4a400 SR06 01eea400 SR07 01eea400

The problem is the 0x1c5000 value in r19, which is the value of an old
instruction. At 0x9d4a416d514 is a be,n and at 09d4a4107570 the
N bit is set. First i thought it might be just a display issue with the
log, but the following change to confirm the issue makes the kernel
linking succeed:


diff --git a/target/hppa/translate.c b/target/hppa/translate.c
index 7546a5f5a2..56c68a7cbe 100644
--- a/target/hppa/translate.c
+++ b/target/hppa/translate.c
@@ -3847,7 +3849,7 @@ static bool trans_be(DisasContext *ctx, arg_be *a)
 copy_iaoq_entry(ctx, cpu_gr[31], ctx->iaoq_n, ctx->iaoq_n_var);
 tcg_gen_mov_i64(cpu_sr[0], cpu_iasq_b);
 }
-if (a->n && use_nullify_skip(ctx)) {
+if (0 && a->n && use_nullify_skip(ctx)) {
 copy_iaoq_entry(ctx, cpu_iaoq_f, -1, tmp);
 tcg_gen_addi_i64(tmp, tmp, 4);
 copy_iaoq_entry(ctx, cpu_iaoq_b, -1, tmp);


So i think the problem is caused by this optimization. Does this ring a
bell? Debugging this is rather hard, alone the logfile above is 6GB in
size...

Thanks,
Sven