On 2/21/23 18:32, Emilio Cota wrote:
Currently we are wrongly accessing plugin_tb->mem_helper at translation time from plugin_gen_disable_mem_helpers, which is called before generating a TB exit, e.g. with exit_tb.Recall that it is only during TB finalisation, i.e. when we go over the TB post-translation to inject or remove plugin instrumentation, when plugin_tb->mem_helper is set. This means that we never clear plugin_mem_cbs when calling plugin_gen_disable_mem_helpers since mem_helper is always false. Therefore a guest instruction that uses helpers and emits an explicit TB exit results in plugin_mem_cbs being set upon exiting, which is caught by an assertion as reported in the reopening of issue #1381 and replicated below. Fix this by (1) adding an insertion point before exiting a TB ("before_exit"), and (2) deciding whether or not to emit the clearing of plugin_mem_cbs at this newly-added insertion point during TB finalisation.
This is an improvement, but incomplete, because it does not handle the exception exit case, via cpu_loop_exit.
r~
