Hello,
I have been testing TCG plugin patch on latest Qemu build but noticed that it
fails with assert on some of the applications.
ERROR:../accel/tcg/cpu-exec.c:983:cpu_exec_loop:
assertion failed: (cpu->plugin_mem_cbs == ((void *)0))
It happens when TCG plugin sets memory callback in some of translation blocks.
The callback can be empty, it just needs to be there. Debugging it further I
see inject_mem_enable_helper() and inject_mem_disable_helper() functions that
are intended to set and reset cpu->plugin_mem_cbs to appropriate value.
The problem is that inject_mem_disable_helper() part gets removed inside of
reachable_code_pass() function. As the result we see this assert (the pointer
is not set to NULL at the end of translation block as it expects). Here is OP
listing just before reachable_code_pass() call:
ext32u_i64 rcx,tmp3
add_i64 rip,rip,$0xa
goto_tb $0x0
exit_tb $0x7fff64013300
mov_i64 tmp11,$0x0 ; this is a part
st_i64 $0x0,env,$0xfffffffffffff540 ; of inject_mem_disable_helper()
set_label $L0
exit_tb $0x7fff64013303
reachable_code_pass() removes everything after exit_tb until it reaches
set_label op as ‘dead’ code, which seems to be correct.
The question is how it is expected to work? Should inject_mem_disable_helper()
insert its zeroing OPs after “set_label $L0” or before “goto_tb $0x0” operation
to avoid dead code block?
