mbox series

[v5,00/43] Add LoongArch softmmu support

Message ID 20220524081804.3608101-1-yangxiaojuan@loongson.cn (mailing list archive)
Headers show
Series Add LoongArch softmmu support | expand

Message

Xiaojuan Yang May 24, 2022, 8:17 a.m. UTC
Hi All,

As this series only supports running binary files in ELF format, and
does not depend on BIOS and kernel file. so this series are changed from RFC to patch vX. 


The manual:
  - https://github.com/loongson/LoongArch-Documentation/releases/tag/2022.03.17

Old series:
  - https://patchew.org/QEMU/20220328125749.2918087-1-yangxiaojuan@loongson.cn/
  - https://patchew.org/QEMU/20220106094200.1801206-1-gaosong@loongson.cn/

Need review patches:
  - 0034-hw-intc-Add-LoongArch-extioi-interrupt-controller-EI.patch
  - 0038-hw-loongarch-Add-LoongArch-ls7a-rtc-device-support.patch

This patch need ACPI maintainers review:
  - 0040-hw-loongarch-Add-LoongArch-ls7a-acpi-device-support.patch
    

Thanks.
Xiaojuan

-----
v5:
  - Fixed loongarch extioi device emulation.
  - Fixed loongarch rtc device emulation.
  - Fixed 'make docker-test-build' error.

v4:
  - Use 'la464' cpu type.
  - Fixed loongarch extioi device emulation.
  - Fixed loongarch rtc device emulation.
  - Fixed loongarch load elf function.

v3:
  - Add Check csr_names.
  - Drop CSR_CPUID, use cpu->cpu_index.
  - Fixed loongarch extioi device emulation. ipmap and coremap register
    change to 32bits.
  - Check_iocsr() function moved to loongarch_ipi_writel().
  - Pch_pic/msi use qdev_init_gpio_out() to init irq, and use
    qdev_connect_gpio_out() to connect irq.
  - Load elf function moved to hw/loongarch/loongson.c

v2:
  - Improvents to CSR/IOCSR instructions translation.
  - Fixed extioi device emulation. It is represented by only one memory
    region.
  - Fixed IPI device emulation. The registers are represented with
    uint64_t.
  - Use do_cpu_reset() and cpu_set_pc() to specify the load address.

V4: https://patchew.org/QEMU/20220517113023.3051143-1-yangxiaojuan@loongson.cn/
v3: https://patchew.org/QEMU/20220429100729.1572481-1-yangxiaojuan@loongson.cn/
v2: https://patchew.org/QEMU/20220425091027.2877892-1-yangxiaojuan@loongson.cn/
v1: https://patchew.org/QEMU/20220415094058.3584233-1-yangxiaojuan@loongson.cn/

Song Gao (21):
  target/loongarch: Add README
  target/loongarch: Add core definition
  target/loongarch: Add main translation routines
  target/loongarch: Add fixed point arithmetic instruction translation
  target/loongarch: Add fixed point shift instruction translation
  target/loongarch: Add fixed point bit instruction translation
  target/loongarch: Add fixed point load/store instruction translation
  target/loongarch: Add fixed point atomic instruction translation
  target/loongarch: Add fixed point extra instruction translation
  target/loongarch: Add floating point arithmetic instruction
    translation
  target/loongarch: Add floating point comparison instruction
    translation
  target/loongarch: Add floating point conversion instruction
    translation
  target/loongarch: Add floating point move instruction translation
  target/loongarch: Add floating point load/store instruction
    translation
  target/loongarch: Add branch instruction translation
  target/loongarch: Add disassembler
  target/loongarch: Add target build suport
  hw/intc: Add LoongArch ls7a interrupt controller support(PCH-PIC)
  hw/intc: Add LoongArch ls7a msi interrupt controller support(PCH-MSI)
  hw/loongarch: Add LoongArch ls7a acpi device support
  target/loongarch: 'make check-tcg' support

Xiaojuan Yang (22):
  target/loongarch: Add system emulation introduction
  target/loongarch: Add CSRs definition
  target/loongarch: Add basic vmstate description of CPU.
  target/loongarch: Implement qmp_query_cpu_definitions()
  target/loongarch: Add MMU support for LoongArch CPU.
  target/loongarch: Add LoongArch interrupt and exception handle
  target/loongarch: Add constant timer support
  target/loongarch: Add LoongArch CSR instruction
  target/loongarch: Add LoongArch IOCSR instruction
  target/loongarch: Add TLB instruction support
  target/loongarch: Add other core instructions support
  target/loongarch: Add timer related instructions support.
  hw/loongarch: Add support loongson3 virt machine type.
  hw/loongarch: Add LoongArch ipi interrupt support(IPI)
  hw/intc: Add LoongArch extioi interrupt controller(EIOINTC)
  hw/loongarch: Add irq hierarchy for the system
  Enable common virtio pci support for LoongArch
  hw/loongarch: Add some devices support for 3A5000.
  hw/loongarch: Add LoongArch ls7a rtc device support
  hw/loongarch: Add LoongArch load elf function.
  target/loongarch: Add gdb support.
  tests/tcg/loongarch64: Add hello/memory test in loongarch64 system

 MAINTAINERS                                   |  26 +
 .../devices/loongarch64-softmmu/default.mak   |   3 +
 configs/targets/loongarch64-softmmu.mak       |   4 +
 docs/system/loongarch/loongson3.rst           |  41 +
 gdb-xml/loongarch-base64.xml                  |  44 +
 gdb-xml/loongarch-fpu64.xml                   |  57 ++
 hw/Kconfig                                    |   1 +
 hw/acpi/Kconfig                               |   4 +
 hw/acpi/ls7a.c                                | 374 ++++++++
 hw/acpi/meson.build                           |   1 +
 hw/intc/Kconfig                               |  15 +
 hw/intc/loongarch_extioi.c                    | 298 ++++++
 hw/intc/loongarch_ipi.c                       | 237 +++++
 hw/intc/loongarch_pch_msi.c                   |  73 ++
 hw/intc/loongarch_pch_pic.c                   | 431 +++++++++
 hw/intc/meson.build                           |   4 +
 hw/intc/trace-events                          |  22 +
 hw/loongarch/Kconfig                          |  18 +
 hw/loongarch/loongson3.c                      | 349 +++++++
 hw/loongarch/meson.build                      |   4 +
 hw/meson.build                                |   1 +
 hw/rtc/Kconfig                                |   3 +
 hw/rtc/ls7a_rtc.c                             | 528 +++++++++++
 hw/rtc/meson.build                            |   1 +
 include/disas/dis-asm.h                       |   2 +
 include/exec/poison.h                         |   2 +
 include/hw/acpi/ls7a.h                        |  53 ++
 include/hw/intc/loongarch_extioi.h            |  62 ++
 include/hw/intc/loongarch_ipi.h               |  52 ++
 include/hw/intc/loongarch_pch_msi.h           |  20 +
 include/hw/intc/loongarch_pch_pic.h           |  69 ++
 include/hw/loongarch/virt.h                   |  33 +
 include/hw/pci-host/ls7a.h                    |  48 +
 include/sysemu/arch_init.h                    |   1 +
 meson.build                                   |   1 +
 qapi/machine-target.json                      |   6 +-
 qapi/machine.json                             |   2 +-
 softmmu/qdev-monitor.c                        |   3 +-
 target/Kconfig                                |   1 +
 target/loongarch/Kconfig                      |   2 +
 target/loongarch/README                       |  64 ++
 target/loongarch/constant_timer.c             |  64 ++
 target/loongarch/cpu-csr.h                    | 208 +++++
 target/loongarch/cpu-param.h                  |  18 +
 target/loongarch/cpu.c                        | 699 ++++++++++++++
 target/loongarch/cpu.h                        | 391 ++++++++
 target/loongarch/csr_helper.c                 |  87 ++
 target/loongarch/disas.c                      | 757 +++++++++++++++
 target/loongarch/fpu_helper.c                 | 862 ++++++++++++++++++
 target/loongarch/gdbstub.c                    |  81 ++
 target/loongarch/helper.h                     | 130 +++
 target/loongarch/insn_trans/trans_arith.c.inc | 304 ++++++
 .../loongarch/insn_trans/trans_atomic.c.inc   | 113 +++
 target/loongarch/insn_trans/trans_bit.c.inc   | 212 +++++
 .../loongarch/insn_trans/trans_branch.c.inc   |  83 ++
 target/loongarch/insn_trans/trans_extra.c.inc | 101 ++
 .../loongarch/insn_trans/trans_farith.c.inc   | 105 +++
 target/loongarch/insn_trans/trans_fcmp.c.inc  |  56 ++
 target/loongarch/insn_trans/trans_fcnv.c.inc  |  33 +
 .../loongarch/insn_trans/trans_fmemory.c.inc  | 153 ++++
 target/loongarch/insn_trans/trans_fmov.c.inc  | 157 ++++
 .../loongarch/insn_trans/trans_memory.c.inc   | 229 +++++
 .../insn_trans/trans_privileged.c.inc         | 466 ++++++++++
 target/loongarch/insn_trans/trans_shift.c.inc | 106 +++
 target/loongarch/insns.decode                 | 486 ++++++++++
 target/loongarch/internals.h                  |  56 ++
 target/loongarch/iocsr_helper.c               |  67 ++
 target/loongarch/machine.c                    | 102 +++
 target/loongarch/meson.build                  |  30 +
 target/loongarch/op_helper.c                  | 132 +++
 target/loongarch/tlb_helper.c                 | 763 ++++++++++++++++
 target/loongarch/translate.c                  | 280 ++++++
 target/loongarch/translate.h                  |  45 +
 target/meson.build                            |   1 +
 tests/tcg/configure.sh                        |   1 +
 tests/tcg/loongarch64/Makefile.softmmu-target |  33 +
 tests/tcg/loongarch64/system/boot.S           |  56 ++
 tests/tcg/loongarch64/system/kernel.ld        |  30 +
 tests/tcg/loongarch64/system/regdef.h         |  86 ++
 79 files changed, 10539 insertions(+), 4 deletions(-)
 create mode 100644 configs/devices/loongarch64-softmmu/default.mak
 create mode 100644 configs/targets/loongarch64-softmmu.mak
 create mode 100644 docs/system/loongarch/loongson3.rst
 create mode 100644 gdb-xml/loongarch-base64.xml
 create mode 100644 gdb-xml/loongarch-fpu64.xml
 create mode 100644 hw/acpi/ls7a.c
 create mode 100644 hw/intc/loongarch_extioi.c
 create mode 100644 hw/intc/loongarch_ipi.c
 create mode 100644 hw/intc/loongarch_pch_msi.c
 create mode 100644 hw/intc/loongarch_pch_pic.c
 create mode 100644 hw/loongarch/Kconfig
 create mode 100644 hw/loongarch/loongson3.c
 create mode 100644 hw/loongarch/meson.build
 create mode 100644 hw/rtc/ls7a_rtc.c
 create mode 100644 include/hw/acpi/ls7a.h
 create mode 100644 include/hw/intc/loongarch_extioi.h
 create mode 100644 include/hw/intc/loongarch_ipi.h
 create mode 100644 include/hw/intc/loongarch_pch_msi.h
 create mode 100644 include/hw/intc/loongarch_pch_pic.h
 create mode 100644 include/hw/loongarch/virt.h
 create mode 100644 include/hw/pci-host/ls7a.h
 create mode 100644 target/loongarch/Kconfig
 create mode 100644 target/loongarch/README
 create mode 100644 target/loongarch/constant_timer.c
 create mode 100644 target/loongarch/cpu-csr.h
 create mode 100644 target/loongarch/cpu-param.h
 create mode 100644 target/loongarch/cpu.c
 create mode 100644 target/loongarch/cpu.h
 create mode 100644 target/loongarch/csr_helper.c
 create mode 100644 target/loongarch/disas.c
 create mode 100644 target/loongarch/fpu_helper.c
 create mode 100644 target/loongarch/gdbstub.c
 create mode 100644 target/loongarch/helper.h
 create mode 100644 target/loongarch/insn_trans/trans_arith.c.inc
 create mode 100644 target/loongarch/insn_trans/trans_atomic.c.inc
 create mode 100644 target/loongarch/insn_trans/trans_bit.c.inc
 create mode 100644 target/loongarch/insn_trans/trans_branch.c.inc
 create mode 100644 target/loongarch/insn_trans/trans_extra.c.inc
 create mode 100644 target/loongarch/insn_trans/trans_farith.c.inc
 create mode 100644 target/loongarch/insn_trans/trans_fcmp.c.inc
 create mode 100644 target/loongarch/insn_trans/trans_fcnv.c.inc
 create mode 100644 target/loongarch/insn_trans/trans_fmemory.c.inc
 create mode 100644 target/loongarch/insn_trans/trans_fmov.c.inc
 create mode 100644 target/loongarch/insn_trans/trans_memory.c.inc
 create mode 100644 target/loongarch/insn_trans/trans_privileged.c.inc
 create mode 100644 target/loongarch/insn_trans/trans_shift.c.inc
 create mode 100644 target/loongarch/insns.decode
 create mode 100644 target/loongarch/internals.h
 create mode 100644 target/loongarch/iocsr_helper.c
 create mode 100644 target/loongarch/machine.c
 create mode 100644 target/loongarch/meson.build
 create mode 100644 target/loongarch/op_helper.c
 create mode 100644 target/loongarch/tlb_helper.c
 create mode 100644 target/loongarch/translate.c
 create mode 100644 target/loongarch/translate.h
 create mode 100644 tests/tcg/loongarch64/Makefile.softmmu-target
 create mode 100644 tests/tcg/loongarch64/system/boot.S
 create mode 100644 tests/tcg/loongarch64/system/kernel.ld
 create mode 100644 tests/tcg/loongarch64/system/regdef.h

Comments

Richard Henderson May 24, 2022, 10:32 p.m. UTC | #1
On 5/24/22 01:17, Xiaojuan Yang wrote:
> Hi All,
> 
> As this series only supports running binary files in ELF format, and
> does not depend on BIOS and kernel file. so this series are changed from RFC to patch vX.
> 
> 
> The manual:
>    - https://github.com/loongson/LoongArch-Documentation/releases/tag/2022.03.17
> 
> Old series:
>    - https://patchew.org/QEMU/20220328125749.2918087-1-yangxiaojuan@loongson.cn/
>    - https://patchew.org/QEMU/20220106094200.1801206-1-gaosong@loongson.cn/
> 
> Need review patches:
>    - 0034-hw-intc-Add-LoongArch-extioi-interrupt-controller-EI.patch
>    - 0038-hw-loongarch-Add-LoongArch-ls7a-rtc-device-support.patch
> 
> This patch need ACPI maintainers review:
>    - 0040-hw-loongarch-Add-LoongArch-ls7a-acpi-device-support.patch
>      
> 
> Thanks.
> Xiaojuan
> 
> -----
> v5:
>    - Fixed loongarch extioi device emulation.
>    - Fixed loongarch rtc device emulation.
>    - Fixed 'make docker-test-build' error.

I had been tempted to accept the patch set as is, and let subsequent development happen on 
mainline, but this patch set does not compile, with obvious syntax errors.

When the syntax errors are fixed, it does not pass "make check".

How can you have tested this?


r~
Richard Henderson May 24, 2022, 10:41 p.m. UTC | #2
On 5/24/22 15:32, Richard Henderson wrote:
> When the syntax errors are fixed, it does not pass "make check".

When I configure with --enable-debug --enable-sanitizers I get

$ QTEST_QEMU_BINARY='./qemu-system-loongarch64' ./tests/qtest/device-introspect-test -v
...
# Testing device 'loongarch_ipi'

=================================================================

==911066==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x613000093550 at pc 
0x7f97cb425c23 bp 0x7ffe6583f4f0 sp 0x7ffe6583ec98

WRITE of size 8 at 0x613000093550 thread T0

     #0 0x7f97cb425c22 in __interceptor_memset 
../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:799

     #1 0x562b21b23916 in qdev_init_gpio_out_named ../qemu/hw/core/gpio.c:85

     #2 0x562b21b23b89 in qdev_init_gpio_out ../qemu/hw/core/gpio.c:101

     #3 0x562b22562d77 in loongarch_ipi_init ../qemu/hw/intc/loongarch_ipi.c:187

     #4 0x562b22992ef0 in object_init_with_type ../qemu/qom/object.c:377

     #5 0x562b2299445f in object_initialize_with_type ../qemu/qom/object.c:519

     #6 0x562b22995b54 in object_new_with_type ../qemu/qom/object.c:734

     #7 0x562b22995c6d in object_new ../qemu/qom/object.c:749

     #8 0x562b22ddc1d3 in qmp_device_list_properties ../qemu/qom/qom-qmp-cmds.c:146

     #9 0x562b22f4ad2c in qmp_marshal_device_list_properties qapi/qapi-commands-qdev.c:66

     #10 0x562b22fa7ab6 in do_qmp_dispatch_bh ../qemu/qapi/qmp-dispatch.c:128

     #11 0x562b230354b1 in aio_bh_call ../qemu/util/async.c:142

     #12 0x562b23035c09 in aio_bh_poll ../qemu/util/async.c:170

     #13 0x562b22fd6531 in aio_dispatch ../qemu/util/aio-posix.c:421

     #14 0x562b2303714c in aio_ctx_dispatch ../qemu/util/async.c:312

     #15 0x7f97caafdd1a in g_main_dispatch ../../../glib/gmain.c:3417

     #16 0x7f97caafdd1a in g_main_context_dispatch ../../../glib/gmain.c:4135

     #17 0x562b23089479 in glib_pollfds_poll ../qemu/util/main-loop.c:297

     #18 0x562b23089663 in os_host_main_loop_wait ../qemu/util/main-loop.c:320

     #19 0x562b23089968 in main_loop_wait ../qemu/util/main-loop.c:596

     #20 0x562b2223edf5 in qemu_main_loop ../qemu/softmmu/runstate.c:726

     #21 0x562b21965c69 in qemu_main ../qemu/softmmu/main.c:36

     #22 0x562b21965c9e in main ../qemu/softmmu/main.c:45

     #23 0x7f97c9354d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

     #24 0x7f97c9354e3f in __libc_start_main_impl ../csu/libc-start.c:392

     #25 0x562b21965b74 in _start 
(/home/rth/chroot-home/bld-x/qemu-system-loongarch64+0x21b0b74)



0x613000093550 is located 48 bytes to the left of 376-byte region 
[0x613000093580,0x6130000936f8)

allocated by thread T0 here:

     #0 0x7f97cb4a0a37 in __interceptor_calloc 
../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154

     #1 0x7f97cab06c40 in g_malloc0 ../../../glib/gmem.c:155

     #2 0x562b2298fef0 in type_register_internal ../qemu/qom/object.c:143

     #3 0x562b2298ffcd in type_register ../qemu/qom/object.c:152

     #4 0x562b2199c281 in qemu_console_early_init ../qemu/ui/console.c:2719

     #5 0x562b2224d16e in qemu_create_early_backends ../qemu/softmmu/vl.c:1975

     #6 0x562b222565ef in qemu_init ../qemu/softmmu/vl.c:3674

     #7 0x562b21965c64 in qemu_main ../qemu/softmmu/main.c:35

     #8 0x562b21965c9e in main ../qemu/softmmu/main.c:45

     #9 0x7f97c9354d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58



SUMMARY: AddressSanitizer: heap-buffer-overflow 
../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:799 in 
__interceptor_memset

Shadow bytes around the buggy address:

   0x0c268000a650: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

   0x0c268000a660: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa

   0x0c268000a670: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00

   0x0c268000a680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

   0x0c268000a690: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

=>0x0c268000a6a0: 00 00 00 00 fa fa fa fa fa fa[fa]fa fa fa fa fa

   0x0c268000a6b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

   0x0c268000a6c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

   0x0c268000a6d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa

   0x0c268000a6e0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00

   0x0c268000a6f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Shadow byte legend (one shadow byte represents 8 application bytes):

   Addressable:           00

   Partially addressable: 01 02 03 04 05 06 07

   Heap left redzone:       fa

   Freed heap region:       fd

   Stack left redzone:      f1

   Stack mid redzone:       f2

   Stack right redzone:     f3

   Stack after return:      f5

   Stack use after scope:   f8

   Global redzone:          f9

   Global init order:       f6

   Poisoned by user:        f7

   Container overflow:      fc

   Array cookie:            ac

   Intra object redzone:    bb

   ASan internal:           fe

   Left alloca redzone:     ca

   Right alloca redzone:    cb

   Shadow gap:              cc

==911066==ABORTING



r~
Xiaojuan Yang May 25, 2022, 12:27 a.m. UTC | #3
Hi, Richard

在 2022/5/25 6:32, Richard Henderson 写道:
> On 5/24/22 01:17, Xiaojuan Yang wrote:
>> Hi All,
>>
>> As this series only supports running binary files in ELF format, and
>> does not depend on BIOS and kernel file. so this series are changed 
>> from RFC to patch vX.
>>
>>
>> The manual:
>>    - 
>> https://github.com/loongson/LoongArch-Documentation/releases/tag/2022.03.17
>>
>> Old series:
>>    - 
>> https://patchew.org/QEMU/20220328125749.2918087-1-yangxiaojuan@loongson.cn/
>>    - 
>> https://patchew.org/QEMU/20220106094200.1801206-1-gaosong@loongson.cn/
>>
>> Need review patches:
>>    - 0034-hw-intc-Add-LoongArch-extioi-interrupt-controller-EI.patch
>>    - 0038-hw-loongarch-Add-LoongArch-ls7a-rtc-device-support.patch
>>
>> This patch need ACPI maintainers review:
>>    - 0040-hw-loongarch-Add-LoongArch-ls7a-acpi-device-support.patch
>>
>> Thanks.
>> Xiaojuan
>>
>> -----
>> v5:
>>    - Fixed loongarch extioi device emulation.
>>    - Fixed loongarch rtc device emulation.
>>    - Fixed 'make docker-test-build' error.
>
> I had been tempted to accept the patch set as is, and let subsequent 
> development happen on mainline, but this patch set does not compile, 
> with obvious syntax errors.
>
> When the syntax errors are fixed, it does not pass "make check".
>
> How can you have tested this?
>
It `s my mistake.  I just tested   `IMAGES='fedora-i386-cross'  make 
docker-test-build `,  I will correct it in v6.

Thanks.
Xiaojuan
Xiaojuan Yang May 25, 2022, 12:44 a.m. UTC | #4
在 2022/5/25 6:41, Richard Henderson 写道:
> On 5/24/22 15:32, Richard Henderson wrote:
>> When the syntax errors are fixed, it does not pass "make check".
>
> When I configure with --enable-debug --enable-sanitizers I get
>
I got the same error.

The 'make check '  result:

Summary of Failures:

  95/117 qemu:qtest+qtest-loongarch64 / 
qtest-loongarch64/device-introspect-test ERROR           1.20s killed by 
signal 6 SIGABRT
Ok:                 114
Expected Fail:      0
Fail:               1
Unexpected Pass:    0
Skipped:            2
Timeout:            0


We will fix this error as soon as possible.  And  what necessary tests 
do we need to do?
'mak check-tcg' ,  'make check' and 'make docker-test-build',  these are 
we know so far.

I also see the wiki  [1],   should  we need tests all of them? Could you 
give us some advice?
[1] : https://wiki.qemu.org/Testing#Tests_included_in_the_QEMU_source

Thanks.
Xiaojuan


> $ QTEST_QEMU_BINARY='./qemu-system-loongarch64' 
> ./tests/qtest/device-introspect-test -v
> ...
> # Testing device 'loongarch_ipi'
>
> =================================================================
>
> ==911066==ERROR: AddressSanitizer: heap-buffer-overflow on address 
> 0x613000093550 at pc 0x7f97cb425c23 bp 0x7ffe6583f4f0 sp 0x7ffe6583ec98
>
> WRITE of size 8 at 0x613000093550 thread T0
>
>     #0 0x7f97cb425c22 in __interceptor_memset 
> ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:799
>
>     #1 0x562b21b23916 in qdev_init_gpio_out_named 
> ../qemu/hw/core/gpio.c:85
>
>     #2 0x562b21b23b89 in qdev_init_gpio_out ../qemu/hw/core/gpio.c:101
>
>     #3 0x562b22562d77 in loongarch_ipi_init 
> ../qemu/hw/intc/loongarch_ipi.c:187
>
>     #4 0x562b22992ef0 in object_init_with_type ../qemu/qom/object.c:377
>
>     #5 0x562b2299445f in object_initialize_with_type 
> ../qemu/qom/object.c:519
>
>     #6 0x562b22995b54 in object_new_with_type ../qemu/qom/object.c:734
>
>     #7 0x562b22995c6d in object_new ../qemu/qom/object.c:749
>
>     #8 0x562b22ddc1d3 in qmp_device_list_properties 
> ../qemu/qom/qom-qmp-cmds.c:146
>
>     #9 0x562b22f4ad2c in qmp_marshal_device_list_properties 
> qapi/qapi-commands-qdev.c:66
>
>     #10 0x562b22fa7ab6 in do_qmp_dispatch_bh 
> ../qemu/qapi/qmp-dispatch.c:128
>
>     #11 0x562b230354b1 in aio_bh_call ../qemu/util/async.c:142
>
>     #12 0x562b23035c09 in aio_bh_poll ../qemu/util/async.c:170
>
>     #13 0x562b22fd6531 in aio_dispatch ../qemu/util/aio-posix.c:421
>
>     #14 0x562b2303714c in aio_ctx_dispatch ../qemu/util/async.c:312
>
>     #15 0x7f97caafdd1a in g_main_dispatch ../../../glib/gmain.c:3417
>
>     #16 0x7f97caafdd1a in g_main_context_dispatch 
> ../../../glib/gmain.c:4135
>
>     #17 0x562b23089479 in glib_pollfds_poll ../qemu/util/main-loop.c:297
>
>     #18 0x562b23089663 in os_host_main_loop_wait 
> ../qemu/util/main-loop.c:320
>
>     #19 0x562b23089968 in main_loop_wait ../qemu/util/main-loop.c:596
>
>     #20 0x562b2223edf5 in qemu_main_loop ../qemu/softmmu/runstate.c:726
>
>     #21 0x562b21965c69 in qemu_main ../qemu/softmmu/main.c:36
>
>     #22 0x562b21965c9e in main ../qemu/softmmu/main.c:45
>
>     #23 0x7f97c9354d8f in __libc_start_call_main 
> ../sysdeps/nptl/libc_start_call_main.h:58
>
>     #24 0x7f97c9354e3f in __libc_start_main_impl ../csu/libc-start.c:392
>
>     #25 0x562b21965b74 in _start 
> (/home/rth/chroot-home/bld-x/qemu-system-loongarch64+0x21b0b74)
>
>
>
> 0x613000093550 is located 48 bytes to the left of 376-byte region 
> [0x613000093580,0x6130000936f8)
>
> allocated by thread T0 here:
>
>     #0 0x7f97cb4a0a37 in __interceptor_calloc 
> ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
>
>     #1 0x7f97cab06c40 in g_malloc0 ../../../glib/gmem.c:155
>
>     #2 0x562b2298fef0 in type_register_internal ../qemu/qom/object.c:143
>
>     #3 0x562b2298ffcd in type_register ../qemu/qom/object.c:152
>
>     #4 0x562b2199c281 in qemu_console_early_init 
> ../qemu/ui/console.c:2719
>
>     #5 0x562b2224d16e in qemu_create_early_backends 
> ../qemu/softmmu/vl.c:1975
>
>     #6 0x562b222565ef in qemu_init ../qemu/softmmu/vl.c:3674
>
>     #7 0x562b21965c64 in qemu_main ../qemu/softmmu/main.c:35
>
>     #8 0x562b21965c9e in main ../qemu/softmmu/main.c:45
>
>     #9 0x7f97c9354d8f in __libc_start_call_main 
> ../sysdeps/nptl/libc_start_call_main.h:58
>
>
>
> SUMMARY: AddressSanitizer: heap-buffer-overflow 
> ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:799 
> in __interceptor_memset
>
> Shadow bytes around the buggy address:
>
>   0x0c268000a650: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>
>   0x0c268000a660: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
>
>   0x0c268000a670: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
>
>   0x0c268000a680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>
>   0x0c268000a690: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>
> =>0x0c268000a6a0: 00 00 00 00 fa fa fa fa fa fa[fa]fa fa fa fa fa
>
>   0x0c268000a6b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>
>   0x0c268000a6c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>
>   0x0c268000a6d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
>
>   0x0c268000a6e0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
>
>   0x0c268000a6f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>
> Shadow byte legend (one shadow byte represents 8 application bytes):
>
>   Addressable:           00
>
>   Partially addressable: 01 02 03 04 05 06 07
>
>   Heap left redzone:       fa
>
>   Freed heap region:       fd
>
>   Stack left redzone:      f1
>
>   Stack mid redzone:       f2
>
>   Stack right redzone:     f3
>
>   Stack after return:      f5
>
>   Stack use after scope:   f8
>
>   Global redzone:          f9
>
>   Global init order:       f6
>
>   Poisoned by user:        f7
>
>   Container overflow:      fc
>
>   Array cookie:            ac
>
>   Intra object redzone:    bb
>
>   ASan internal:           fe
>
>   Left alloca redzone:     ca
>
>   Right alloca redzone:    cb
>
>   Shadow gap:              cc
>
> ==911066==ABORTING
>
>
>
Richard Henderson May 25, 2022, 3:31 a.m. UTC | #5
On 5/24/22 17:44, yangxiaojuan wrote:
> 
> 在 2022/5/25 6:41, Richard Henderson 写道:
>> On 5/24/22 15:32, Richard Henderson wrote:
>>> When the syntax errors are fixed, it does not pass "make check".
>>
>> When I configure with --enable-debug --enable-sanitizers I get
>>
> I got the same error.
> 
> The 'make check '  result:
> 
> Summary of Failures:
> 
>   95/117 qemu:qtest+qtest-loongarch64 / qtest-loongarch64/device-introspect-test 
> ERROR           1.20s killed by signal 6 SIGABRT
> Ok:                 114
> Expected Fail:      0
> Fail:               1
> Unexpected Pass:    0
> Skipped:            2
> Timeout:            0
> 
> 
> We will fix this error as soon as possible.  And  what necessary tests do we need to do?
> 'mak check-tcg' ,  'make check' and 'make docker-test-build',  these are we know so far.
> 
> I also see the wiki  [1],   should  we need tests all of them? Could you give us some advice?
> [1] : https://wiki.qemu.org/Testing#Tests_included_in_the_QEMU_source

That's pretty good.  Eventually it would be good to add some tests to tests/avocado, to 
test linux kernel boot.  That can wait for a bit, as it also requires hosting a kernel 
image somewhere.

In this instance I used --enable-sanitizers because without, I was getting SIGFPE for a 
rather unlikely divide-by-zero, and I suspected memory corruption.


r~