Since commit 15fa08f845 ("tcg: Dynamically allocate TCGOps")
we have no limit to fill the TCGOps cache and we can fill
the entire TCG variables array and overflow it.

It seems to happen only with m68k, because m68k translator
doesn't free some TCGv at end of instruction translation
because the variable can be either temporary one or an
allocated one,

I try to fix this by introducing a new TCG function
to try to free a TCGv if it is a temporary one and
do nothing otherwise (patches 1 and 2)

The last patch is here to avoid the error and
stop the translation before the buffer overflows
(but I guess we should not need this with correctly
written translation functions...)

Laurent Vivier (3):
  tcg: introduce tcg_temp_try_free()
  target/m68k: use tcg_temp_try_free()
  m68k: Test if we overflow the temp variable array

 target/m68k/translate.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++-
 tcg/tcg-op.h            |  2 ++
 tcg/tcg.c               | 28 +++++++++++++++------
 tcg/tcg.h               |  9 +++++++
 4 files changed, 98 insertions(+), 8 deletions(-)

-- 
2.14.3

On 03/16/2018 03:19 AM, Laurent Vivier wrote:
> I try to fix this by introducing a new TCG function
> to try to free a TCGv if it is a temporary one and
> do nothing otherwise (patches 1 and 2)

I would prefer not to approach this in this way.

Better is to have translator helpers that allocate temps
that are freed at the end of the insn.

C.f. new_tmp_a64 in target/arm/translate-a64.c.


r~

Le 15/03/2018 à 20:34, Richard Henderson a écrit :
> On 03/16/2018 03:19 AM, Laurent Vivier wrote:
>> I try to fix this by introducing a new TCG function
>> to try to free a TCGv if it is a temporary one and
>> do nothing otherwise (patches 1 and 2)
> 
> I would prefer not to approach this in this way.

OK. This is why it was an RFC.

> Better is to have translator helpers that allocate temps
> that are freed at the end of the insn.
> 
> C.f. new_tmp_a64 in target/arm/translate-a64.c.

I'm going to try that.

Thank you,
Laurent