TCG AARCH64 Segmentation fault when helper function is called

Host environment

Operating system: Windows 11
Architecture: ARM64
QEMU flavor: qemu-system-aarch64
QEMU version: 6.2.90
QEMU command line:
```
./qemu-system-aarch64 -M virt 
```

Description of problem

Segmentation fault in the TCG thread. The issue occurs in the generated code when branching to (helper)lookup_tb_ptr (see op longs). It seems that the generated instruction don't load the upper32 of the address of lookup_tb_ptr in the register before branching to it. According to LLDB, the program tries to access 0x1cffe060 while the right address 0x7ff71cffe060 (see debugger logs).

Additional information

The issue seems to be located at https://gitlab.com/qemu-project/qemu/-/blob/master/tcg/aarch64/tcg-target.c.inc#L1091 t2 = t1 & ~(0xffffUL << s1);. The fix would be t2 = t1 & ~(0xffffULL << s1);

lldb.log qemu_segmentation.log

Edited Mar 29, 2022 by Jerome Haxhiaj

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information