From: Aurelien Jarno <aurelien@aurel32.net>
To: Jia Liu <proljc@gmail.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH v11 05/14] target-mips: Add ASE DSP load instructions
Date: Wed, 17 Oct 2012 01:21:43 +0200 [thread overview]
Message-ID: <20121016232143.GA18454@ohm.aurel32.net> (raw)
In-Reply-To: <1350319158-7263-6-git-send-email-proljc@gmail.com>
On Tue, Oct 16, 2012 at 12:39:09AM +0800, Jia Liu wrote:
> Add MIPS ASE DSP Load instructions.
>
> Signed-off-by: Jia Liu <proljc@gmail.com>
> ---
> target-mips/translate.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 89 insertions(+)
>
> diff --git a/target-mips/translate.c b/target-mips/translate.c
> index f1e5bb0..7f08700 100644
> --- a/target-mips/translate.c
> +++ b/target-mips/translate.c
> @@ -313,6 +313,9 @@ enum {
> OPC_MODU_G_2E = 0x23 | OPC_SPECIAL3,
> OPC_DMOD_G_2E = 0x26 | OPC_SPECIAL3,
> OPC_DMODU_G_2E = 0x27 | OPC_SPECIAL3,
> +
> + /* MIPS DSP Load */
> + OPC_LX_DSP = 0x0A | OPC_SPECIAL3,
> };
>
> /* BSHFL opcodes */
> @@ -340,6 +343,17 @@ enum {
> #endif
> };
>
> +#define MASK_LX(op) (MASK_SPECIAL3(op) | (op & (0x1F << 6)))
> +/* MIPS DSP Load */
> +enum {
> + OPC_LBUX = (0x06 << 6) | OPC_LX_DSP,
> + OPC_LHX = (0x04 << 6) | OPC_LX_DSP,
> + OPC_LWX = (0x00 << 6) | OPC_LX_DSP,
> +#if defined(TARGET_MIPS64)
> + OPC_LDX = (0x08 << 6) | OPC_LX_DSP,
> +#endif
> +};
> +
> /* Coprocessor 0 (rs field) */
> #define MASK_CP0(op) MASK_OP_MAJOR(op) | (op & (0x1F << 21))
>
> @@ -12213,6 +12227,64 @@ static int decode_micromips_opc (CPUMIPSState *env, DisasContext *ctx, int *is_b
>
> #endif
>
> +/* MIPSDSP functions. */
> +static void gen_mipsdsp_ld(CPUMIPSState *env, DisasContext *ctx, uint32_t opc,
> + int rd, int base, int offset)
> +{
> + const char *opn = "ldx";
> + TCGv t0 = tcg_temp_new();
As the function can exit if rd == 0, this will create a temp leak, which
can be used by an attacker to crash QEMU. The tcg_temp_new() part
should be moved after the if
> + if (rd == 0 && env->insn_flags & (ASE_DSP | ASE_DSPR2)) {
> + MIPS_DEBUG("NOP");
> + return;
I still don't get the second part of the if testing the insn_flags. It
should be dropped.
> + } else if (base == 0) {
> + if (offset == 0) {
> + /* Address error. */
> + generate_exception(ctx, EXCP_AdEL);
I don't think this is correct.
> + } else {
> + gen_load_gpr(t0, offset);
Also gen_load_gpr() already handle the case offset == 0
> + }
> + } else if (offset == 0) {
> + gen_load_gpr(t0, base);
> + } else {
> + gen_op_addr_add(ctx, t0, cpu_gpr[base], cpu_gpr[offset]);
> + save_cpu_state(ctx, 0);
> + }
save_cpu_state() should not be conditionnal.
> + check_dsp(ctx);
Please move that higher in the function.
> + switch (opc) {
> + case OPC_LBUX:
> + op_ld_lbu(t0, t0, ctx);
> + gen_store_gpr(t0, rd);
> + opn = "lbux";
> + break;
> + case OPC_LHX:
> + op_ld_lh(t0, t0, ctx);
> + gen_store_gpr(t0, rd);
> + opn = "lhx";
> + break;
> + case OPC_LWX:
> + op_ld_lw(t0, t0, ctx);
> + gen_store_gpr(t0, rd);
> + opn = "lwx";
> + break;
> +#if defined(TARGET_MIPS64)
> + case OPC_LDX:
> + op_ld_ld(t0, t0, ctx);
> + gen_store_gpr(t0, rd);
> + opn = "ldx";
> + break;
> +#endif
> + }
> + (void)opn; /* avoid a compiler warning */
> + MIPS_DEBUG("%s %s, %s(%s)", opn,
> + regnames[rd], regnames[offset], regnames[base]);
> + tcg_temp_free(t0);
> +}
> +
> +
> +/* End MIPSDSP functions. */
> +
> static void decode_opc (CPUMIPSState *env, DisasContext *ctx, int *is_branch)
> {
> int32_t offset;
> @@ -12569,6 +12641,23 @@ static void decode_opc (CPUMIPSState *env, DisasContext *ctx, int *is_branch)
> check_insn(env, ctx, INSN_LOONGSON2E);
> gen_loongson_integer(ctx, op1, rd, rs, rt);
> break;
> + case OPC_LX_DSP:
> + op2 = MASK_LX(ctx->opcode);
> + switch (op2) {
> +#if defined(TARGET_MIPS64)
> + case OPC_LDX:
> +#endif
> + case OPC_LBUX:
> + case OPC_LHX:
> + case OPC_LWX:
> + gen_mipsdsp_ld(env, ctx, op2, rd, rs, rt);
> + break;
> + default: /* Invalid */
> + MIPS_INVAL("MASK LX");
> + generate_exception(ctx, EXCP_RI);
> + break;
> + }
> + break;
> #if defined(TARGET_MIPS64)
> case OPC_DEXTM ... OPC_DEXT:
> case OPC_DINSM ... OPC_DINS:
> --
> 1.7.10.2 (Apple Git-33)
>
>
--
Aurelien Jarno GPG: 1024D/F1BCDB73
aurelien@aurel32.net http://www.aurel32.net
next prev parent reply other threads:[~2012-10-16 23:21 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-15 16:39 [Qemu-devel] [PATCH v11 00/14] QEMU MIPS ASE DSP support Jia Liu
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 01/14] target-mips: Add ASE DSP internal functions Jia Liu
2012-10-16 23:20 ` Aurelien Jarno
2012-10-17 3:39 ` Jia Liu
2012-10-17 15:15 ` Aurelien Jarno
2012-10-18 1:53 ` Jia Liu
2012-10-18 6:05 ` Aurelien Jarno
2012-10-18 11:18 ` Aurelien Jarno
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 02/14] target-mips: Add ASE DSP resources access check Jia Liu
2012-10-16 23:21 ` Aurelien Jarno
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 03/14] target-mips: Use correct acc value to index cpu_HI/cpu_LO rather than using a fix number Jia Liu
2012-10-16 23:21 ` Aurelien Jarno
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 04/14] target-mips: Add ASE DSP branch instructions Jia Liu
2012-10-16 23:21 ` Aurelien Jarno
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 05/14] target-mips: Add ASE DSP load instructions Jia Liu
2012-10-16 23:21 ` Aurelien Jarno [this message]
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 06/14] target-mips: Add ASE DSP arithmetic instructions Jia Liu
2012-10-16 23:23 ` Aurelien Jarno
2012-10-17 4:05 ` Jia Liu
2012-10-17 4:54 ` Jia Liu
2012-10-17 6:05 ` Aurelien Jarno
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 07/14] target-mips: Add ASE DSP GPR based shift instructions Jia Liu
2012-10-16 23:23 ` Aurelien Jarno
2012-10-30 14:47 ` Jia Liu
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 08/14] target-mips: Add ASE DSP multiply instructions Jia Liu
2012-10-16 23:23 ` Aurelien Jarno
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 09/14] target-mips: Add ASE DSP bit/manipulation instructions Jia Liu
2012-10-16 23:23 ` Aurelien Jarno
2012-10-17 3:44 ` Jia Liu
2012-10-17 6:05 ` Aurelien Jarno
2012-10-17 7:16 ` Richard Henderson
2012-10-17 20:07 ` Aurelien Jarno
2012-10-18 0:09 ` Jia Liu
2012-10-17 7:41 ` Jia Liu
2012-10-17 15:15 ` Aurelien Jarno
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 10/14] target-mips: Add ASE DSP compare-pick instructions Jia Liu
2012-10-16 23:23 ` Aurelien Jarno
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 11/14] target-mips: Add ASE DSP accumulator instructions Jia Liu
2012-10-16 23:23 ` Aurelien Jarno
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 12/14] target-mips: Add ASE DSP processors Jia Liu
2012-10-16 23:23 ` Aurelien Jarno
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 13/14] target-mips: Add ASE DSP testcases Jia Liu
2012-10-16 23:23 ` Aurelien Jarno
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 14/14] target-mips: Change TODO file Jia Liu
2012-10-16 23:23 ` Aurelien Jarno
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121016232143.GA18454@ohm.aurel32.net \
--to=aurelien@aurel32.net \
--cc=proljc@gmail.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.