Richard, thank you for solving this so fast! I certainly can confirm attached executables work fine for me on patched version.
I'll also re-run full gcc regtest a bit later, but it runs for a rather long time, not sure this result will be important next week. Hopefully, patchset will be included into 4 release. -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1824853 Title: 4.0.0-rc3 crashes with tcg/tcg.c:3952: tcg_gen_code: Assertion `s->gen_insn_end_off[num_insns] == off' failed Status in QEMU: In Progress Bug description: I tried to bootstrap and regtested gcc trunk (gcc svn rev 270278, datestamp 20190411) inside my arm64-gentoo installation under qemu- system-aarch64. Qemu version was 4.0.0-rc3 and -cpu cortex-a57. Qemu configured with only --target-list=aarch64-softmmu,aarch64-linux-user and compiled using gcc "version 5.5.0 20171010 (Ubuntu 5.5.0-12ubuntu1~16.04)". Executable created from gcc/testsuite/gcc.target/aarch64/advsimd- intrinsics/vldX.c compiled with -O2 crashed the whole qemu-system. To investigate a bit I also manually run ~/gcc/inst/trunk/bin/gcc ~/gcc/src/trunk/gcc/testsuite/gcc.target/aarch64/advsimd-intrinsics/vldX.c with different options like: -O0 -lm -o d0.exe -O1 -lm -o d1.exe -O2 -lm -o d2.exe -O0 -static -lm -o s0.exe -O1 -static -lm -o s1.exe -O2 -static -lm -o s2.exe So, now I have 6 different arm64 executables created with different optimization levels. O0 and O1 versions run ok. Three sN.exe static executables I've also tried in qemu user mode (with same -cpu), no issue in user mode. And inside qemu-system I can see that running "d2.exe" (attached) gives: tcg/tcg.c:3952: tcg_gen_code: Assertion `s->gen_insn_end_off[num_insns] == off' failed. And running "s2.exe" gives: tcg/tcg.c:320: set_jmp_reset_offset: Assertion `s->tb_jmp_reset_offset[which] == off' failed. It seems like this test is an counter-example for logic that "tcg_ctx->nb_ops < 4000" implies tcg will fit into 16-bit signed size (see tcg_op_buf_full comments). Richard's changes in abebf92597186 and 9f754620651d were not enough, translation block must be smaller, or we have to find some proper way to bail out when buffer overflows. I don't know why this situation is not caught by code_gen_highwater logic in tcg.c I've also tried this "bail out" patch diff --git a/tcg/tcg.c b/tcg/tcg.c --- a/tcg/tcg.c +++ b/tcg/tcg.c @@ -3949,7 +3949,8 @@ int tcg_gen_code(TCGContext *s, TranslationBlock *tb) size_t off = tcg_current_code_size(s); s->gen_insn_end_off[num_insns] = off; /* Assert that we do not overflow our stored offset. */ - assert(s->gen_insn_end_off[num_insns] == off); + if (s->gen_insn_end_off[num_insns] != off) + return -1; } num_insns++; for (i = 0; i < TARGET_INSN_START_WORDS; ++i) { But then running "d2.exe" just hangs the whole qemu-system. It seems that when tcg_gen_code return -1 (like in highwater logic mentioned before), we just re-call it again and again. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1824853/+subscriptions
