From: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-arm@nongnu.org, qemu-devel@nongnu.org, patches@linaro.org
Subject: Re: [Qemu-arm] [PATCH 04/15] target/arm: Tighten up Thumb decode where new v8M insns will be
Date: Wed, 2 Aug 2017 19:47:22 +0200 [thread overview]
Message-ID: <20170802174722.GJ4859@toto> (raw)
In-Reply-To: <1501692241-23310-5-git-send-email-peter.maydell@linaro.org>
On Wed, Aug 02, 2017 at 05:43:50PM +0100, Peter Maydell wrote:
> Tighten up the T32 decoder in the places where new v8M instructions
> will be:
> * TT/TTT/TTA/TTAT are in what was nominally LDREX/STREX r15, ...
> which is UNPREDICTABLE:
> make the UNPREDICTABLE behaviour be to UNDEF
> * BXNS/BLXNS are distinguished from BX/BLX via the low 3 bits,
> which in previous architectural versions are SBZ:
> enforce the SBZ via UNDEF rather than ignoring it, and move
> the "ARCH(5)" UNDEF case up so we don't leak a TCG temporary
> * SG is in the encoding which would be LDRD/STRD with rn = r15;
> this is UNPREDICTABLE and we currently UNDEF:
> move this check further up the code so that we don't leak
> TCG temporaries in the UNDEF case and have a better place
> to put the SG decode.
>
> This means that if a v8M binary is accidentally run on v7M
> or if a test case hits something that we haven't implemented
> yet the behaviour will be obvious (UNDEF) rather than obscure
> (plough on treating it as a different instruction).
>
> In the process, add some comments about the instruction patterns
> at these points in the decode. Our Thumb and ARM decoders are
> very difficult to understand currently, but gradually adding
> comments like this should help to clarify what exactly has
> been decoded when.
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
> ---
> target/arm/translate.c | 48 +++++++++++++++++++++++++++++++++++++++---------
> 1 file changed, 39 insertions(+), 9 deletions(-)
>
> diff --git a/target/arm/translate.c b/target/arm/translate.c
> index d1a5f56..3c14cb0 100644
> --- a/target/arm/translate.c
> +++ b/target/arm/translate.c
> @@ -9735,10 +9735,23 @@ static int disas_thumb2_insn(CPUARMState *env, DisasContext *s, uint16_t insn_hw
> abort();
> case 4:
> if (insn & (1 << 22)) {
> - /* Other load/store, table branch. */
> + /* 0b1110_100x_x1xx_xxxx_xxxx_xxxx_xxxx_xxxx
> + * - load/store doubleword, load/store exclusive, ldacq/strel,
> + * table branch.
> + */
> if (insn & 0x01200000) {
> - /* Load/store doubleword. */
> + /* 0b1110_1000_x11x_xxxx_xxxx_xxxx_xxxx_xxxx
> + * - load/store dual (post-indexed)
> + * 0b1111_1001_x10x_xxxx_xxxx_xxxx_xxxx_xxxx
> + * - load/store dual (literal and immediate)
> + * 0b1111_1001_x11x_xxxx_xxxx_xxxx_xxxx_xxxx
> + * - load/store dual (pre-indexed)
> + */
> if (rn == 15) {
> + if (insn & (1 << 21)) {
> + /* UNPREDICTABLE */
> + goto illegal_op;
> + }
> addr = tcg_temp_new_i32();
> tcg_gen_movi_i32(addr, s->pc & ~3);
> } else {
> @@ -9772,15 +9785,18 @@ static int disas_thumb2_insn(CPUARMState *env, DisasContext *s, uint16_t insn_hw
> }
> if (insn & (1 << 21)) {
> /* Base writeback. */
> - if (rn == 15)
> - goto illegal_op;
> tcg_gen_addi_i32(addr, addr, offset - 4);
> store_reg(s, rn, addr);
> } else {
> tcg_temp_free_i32(addr);
> }
> } else if ((insn & (1 << 23)) == 0) {
> - /* Load/store exclusive word. */
> + /* 0b1110_1000_010x_xxxx_xxxx_xxxx_xxxx_xxxx
> + * - load/store exclusive word
> + */
> + if (rs == 15) {
> + goto illegal_op;
> + }
> addr = tcg_temp_local_new_i32();
> load_reg_var(s, addr, rn);
> tcg_gen_addi_i32(addr, addr, (insn & 0xff) << 2);
> @@ -11137,7 +11153,9 @@ static void disas_thumb_insn(CPUARMState *env, DisasContext *s)
> break;
> }
> if (insn & (1 << 10)) {
> - /* data processing extended or blx */
> + /* 0b0100_01xx_xxxx_xxxx
> + * - data processing extended, branch and exchange
> + */
> rd = (insn & 7) | ((insn >> 4) & 8);
> rm = (insn >> 3) & 0xf;
> op = (insn >> 8) & 3;
> @@ -11160,10 +11178,21 @@ static void disas_thumb_insn(CPUARMState *env, DisasContext *s)
> tmp = load_reg(s, rm);
> store_reg(s, rd, tmp);
> break;
> - case 3:/* branch [and link] exchange thumb register */
> - tmp = load_reg(s, rm);
> - if (insn & (1 << 7)) {
> + case 3:
> + {
> + /* 0b0100_0111_xxxx_xxxx
> + * - branch [and link] exchange thumb register
> + */
> + bool link = insn & (1 << 7);
> +
> + if (insn & 7) {
> + goto undef;
> + }
> + if (link) {
> ARCH(5);
> + }
> + tmp = load_reg(s, rm);
> + if (link) {
> val = (uint32_t)s->pc | 1;
> tmp2 = tcg_temp_new_i32();
> tcg_gen_movi_i32(tmp2, val);
> @@ -11175,6 +11204,7 @@ static void disas_thumb_insn(CPUARMState *env, DisasContext *s)
> }
> break;
> }
> + }
> break;
> }
>
> --
> 2.7.4
>
>
WARNING: multiple messages have this Message-ID (diff)
From: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-arm@nongnu.org, qemu-devel@nongnu.org, patches@linaro.org
Subject: Re: [Qemu-devel] [Qemu-arm] [PATCH 04/15] target/arm: Tighten up Thumb decode where new v8M insns will be
Date: Wed, 2 Aug 2017 19:47:22 +0200 [thread overview]
Message-ID: <20170802174722.GJ4859@toto> (raw)
In-Reply-To: <1501692241-23310-5-git-send-email-peter.maydell@linaro.org>
On Wed, Aug 02, 2017 at 05:43:50PM +0100, Peter Maydell wrote:
> Tighten up the T32 decoder in the places where new v8M instructions
> will be:
> * TT/TTT/TTA/TTAT are in what was nominally LDREX/STREX r15, ...
> which is UNPREDICTABLE:
> make the UNPREDICTABLE behaviour be to UNDEF
> * BXNS/BLXNS are distinguished from BX/BLX via the low 3 bits,
> which in previous architectural versions are SBZ:
> enforce the SBZ via UNDEF rather than ignoring it, and move
> the "ARCH(5)" UNDEF case up so we don't leak a TCG temporary
> * SG is in the encoding which would be LDRD/STRD with rn = r15;
> this is UNPREDICTABLE and we currently UNDEF:
> move this check further up the code so that we don't leak
> TCG temporaries in the UNDEF case and have a better place
> to put the SG decode.
>
> This means that if a v8M binary is accidentally run on v7M
> or if a test case hits something that we haven't implemented
> yet the behaviour will be obvious (UNDEF) rather than obscure
> (plough on treating it as a different instruction).
>
> In the process, add some comments about the instruction patterns
> at these points in the decode. Our Thumb and ARM decoders are
> very difficult to understand currently, but gradually adding
> comments like this should help to clarify what exactly has
> been decoded when.
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
> ---
> target/arm/translate.c | 48 +++++++++++++++++++++++++++++++++++++++---------
> 1 file changed, 39 insertions(+), 9 deletions(-)
>
> diff --git a/target/arm/translate.c b/target/arm/translate.c
> index d1a5f56..3c14cb0 100644
> --- a/target/arm/translate.c
> +++ b/target/arm/translate.c
> @@ -9735,10 +9735,23 @@ static int disas_thumb2_insn(CPUARMState *env, DisasContext *s, uint16_t insn_hw
> abort();
> case 4:
> if (insn & (1 << 22)) {
> - /* Other load/store, table branch. */
> + /* 0b1110_100x_x1xx_xxxx_xxxx_xxxx_xxxx_xxxx
> + * - load/store doubleword, load/store exclusive, ldacq/strel,
> + * table branch.
> + */
> if (insn & 0x01200000) {
> - /* Load/store doubleword. */
> + /* 0b1110_1000_x11x_xxxx_xxxx_xxxx_xxxx_xxxx
> + * - load/store dual (post-indexed)
> + * 0b1111_1001_x10x_xxxx_xxxx_xxxx_xxxx_xxxx
> + * - load/store dual (literal and immediate)
> + * 0b1111_1001_x11x_xxxx_xxxx_xxxx_xxxx_xxxx
> + * - load/store dual (pre-indexed)
> + */
> if (rn == 15) {
> + if (insn & (1 << 21)) {
> + /* UNPREDICTABLE */
> + goto illegal_op;
> + }
> addr = tcg_temp_new_i32();
> tcg_gen_movi_i32(addr, s->pc & ~3);
> } else {
> @@ -9772,15 +9785,18 @@ static int disas_thumb2_insn(CPUARMState *env, DisasContext *s, uint16_t insn_hw
> }
> if (insn & (1 << 21)) {
> /* Base writeback. */
> - if (rn == 15)
> - goto illegal_op;
> tcg_gen_addi_i32(addr, addr, offset - 4);
> store_reg(s, rn, addr);
> } else {
> tcg_temp_free_i32(addr);
> }
> } else if ((insn & (1 << 23)) == 0) {
> - /* Load/store exclusive word. */
> + /* 0b1110_1000_010x_xxxx_xxxx_xxxx_xxxx_xxxx
> + * - load/store exclusive word
> + */
> + if (rs == 15) {
> + goto illegal_op;
> + }
> addr = tcg_temp_local_new_i32();
> load_reg_var(s, addr, rn);
> tcg_gen_addi_i32(addr, addr, (insn & 0xff) << 2);
> @@ -11137,7 +11153,9 @@ static void disas_thumb_insn(CPUARMState *env, DisasContext *s)
> break;
> }
> if (insn & (1 << 10)) {
> - /* data processing extended or blx */
> + /* 0b0100_01xx_xxxx_xxxx
> + * - data processing extended, branch and exchange
> + */
> rd = (insn & 7) | ((insn >> 4) & 8);
> rm = (insn >> 3) & 0xf;
> op = (insn >> 8) & 3;
> @@ -11160,10 +11178,21 @@ static void disas_thumb_insn(CPUARMState *env, DisasContext *s)
> tmp = load_reg(s, rm);
> store_reg(s, rd, tmp);
> break;
> - case 3:/* branch [and link] exchange thumb register */
> - tmp = load_reg(s, rm);
> - if (insn & (1 << 7)) {
> + case 3:
> + {
> + /* 0b0100_0111_xxxx_xxxx
> + * - branch [and link] exchange thumb register
> + */
> + bool link = insn & (1 << 7);
> +
> + if (insn & 7) {
> + goto undef;
> + }
> + if (link) {
> ARCH(5);
> + }
> + tmp = load_reg(s, rm);
> + if (link) {
> val = (uint32_t)s->pc | 1;
> tmp2 = tcg_temp_new_i32();
> tcg_gen_movi_i32(tmp2, val);
> @@ -11175,6 +11204,7 @@ static void disas_thumb_insn(CPUARMState *env, DisasContext *s)
> }
> break;
> }
> + }
> break;
> }
>
> --
> 2.7.4
>
>
next prev parent reply other threads:[~2017-08-02 17:47 UTC|newest]
Thread overview: 100+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-02 16:43 [Qemu-arm] [PATCH 00/15] v7M: cleanups and bugfixes prior to v8M Peter Maydell
2017-08-02 16:43 ` [Qemu-devel] " Peter Maydell
2017-08-02 16:43 ` [Qemu-arm] [PATCH 01/15] target/arm: Use MMUAccessType enum rather than int Peter Maydell
2017-08-02 16:43 ` [Qemu-devel] " Peter Maydell
2017-08-02 17:27 ` [Qemu-arm] " Edgar E. Iglesias
2017-08-02 17:27 ` [Qemu-devel] " Edgar E. Iglesias
2017-08-02 21:52 ` Philippe Mathieu-Daudé
2017-08-02 21:52 ` [Qemu-devel] " Philippe Mathieu-Daudé
2017-08-03 20:13 ` [Qemu-arm] [Qemu-devel] " Richard Henderson
2017-08-03 20:13 ` Richard Henderson
2017-08-02 16:43 ` [Qemu-devel] [PATCH 02/15] target/arm: Don't trap WFI/WFE for M profile Peter Maydell
2017-08-02 17:34 ` [Qemu-arm] " Edgar E. Iglesias
2017-08-02 17:34 ` Edgar E. Iglesias
2017-08-03 20:28 ` [Qemu-arm] " Richard Henderson
2017-08-03 20:28 ` Richard Henderson
2017-08-03 20:40 ` [Qemu-arm] " Edgar E. Iglesias
2017-08-03 20:40 ` [Qemu-devel] [Qemu-arm] " Edgar E. Iglesias
2017-08-03 20:46 ` [Qemu-arm] [Qemu-devel] " Richard Henderson
2017-08-03 20:46 ` [Qemu-devel] [Qemu-arm] " Richard Henderson
2017-08-03 20:44 ` [Qemu-arm] [Qemu-devel] " Peter Maydell
2017-08-03 20:44 ` Peter Maydell
2017-08-02 16:43 ` [Qemu-devel] [PATCH 03/15] target/arm: Consolidate PMSA handling in get_phys_addr() Peter Maydell
2017-08-02 17:40 ` [Qemu-arm] " Edgar E. Iglesias
2017-08-02 17:40 ` Edgar E. Iglesias
2017-08-02 21:50 ` [Qemu-arm] " Philippe Mathieu-Daudé
2017-08-02 21:50 ` Philippe Mathieu-Daudé
2017-08-03 20:33 ` [Qemu-arm] " Richard Henderson
2017-08-03 20:33 ` Richard Henderson
2017-08-02 16:43 ` [Qemu-arm] [PATCH 04/15] target/arm: Tighten up Thumb decode where new v8M insns will be Peter Maydell
2017-08-02 16:43 ` [Qemu-devel] " Peter Maydell
2017-08-02 17:47 ` Edgar E. Iglesias [this message]
2017-08-02 17:47 ` [Qemu-devel] [Qemu-arm] " Edgar E. Iglesias
2017-08-03 21:33 ` [Qemu-arm] [Qemu-devel] " Richard Henderson
2017-08-03 21:33 ` Richard Henderson
2017-08-02 16:43 ` [Qemu-arm] [PATCH 05/15] hw/intc/armv7m_nvic.c: Remove out of date comment Peter Maydell
2017-08-02 16:43 ` [Qemu-devel] " Peter Maydell
2017-08-02 17:48 ` [Qemu-arm] " Edgar E. Iglesias
2017-08-02 17:48 ` [Qemu-devel] " Edgar E. Iglesias
2017-08-03 21:34 ` [Qemu-arm] [Qemu-devel] " Richard Henderson
2017-08-03 21:34 ` Richard Henderson
2017-08-02 16:43 ` [Qemu-arm] [PATCH 06/15] target/arm: Remove incorrect comment about MPU_CTRL Peter Maydell
2017-08-02 16:43 ` [Qemu-devel] " Peter Maydell
2017-08-03 15:24 ` [Qemu-arm] " Edgar E. Iglesias
2017-08-03 15:24 ` [Qemu-devel] " Edgar E. Iglesias
2017-08-03 21:35 ` [Qemu-devel] " Richard Henderson
2017-08-02 16:43 ` [Qemu-devel] [PATCH 07/15] target/arm: Fix outdated comment about exception exit Peter Maydell
2017-08-03 15:25 ` [Qemu-arm] " Edgar E. Iglesias
2017-08-03 15:25 ` Edgar E. Iglesias
2017-08-03 21:36 ` [Qemu-arm] " Richard Henderson
2017-08-03 21:36 ` Richard Henderson
2017-08-02 16:43 ` [Qemu-arm] [PATCH 08/15] target/arm: Define and use XPSR bit masks Peter Maydell
2017-08-02 16:43 ` [Qemu-devel] " Peter Maydell
2017-08-03 15:32 ` [Qemu-arm] " Edgar E. Iglesias
2017-08-03 15:32 ` [Qemu-devel] " Edgar E. Iglesias
2017-08-03 21:51 ` [Qemu-devel] " Richard Henderson
2017-08-02 16:43 ` [Qemu-arm] [PATCH 09/15] target/arm: Don't store M profile PRIMASK and FAULTMASK in daif Peter Maydell
2017-08-02 16:43 ` [Qemu-devel] " Peter Maydell
2017-08-03 15:38 ` [Qemu-arm] " Edgar E. Iglesias
2017-08-03 15:38 ` [Qemu-devel] " Edgar E. Iglesias
2017-08-03 22:05 ` Richard Henderson
2017-08-05 4:47 ` [Qemu-arm] [Qemu-devel] " Edgar E. Iglesias
2017-08-05 4:47 ` [Qemu-devel] [Qemu-arm] " Edgar E. Iglesias
2017-08-03 22:03 ` [Qemu-devel] " Richard Henderson
2017-08-02 16:43 ` [Qemu-devel] [PATCH 10/15] target/arm: Don't use cpsr_write/cpsr_read to transfer M profile XPSR Peter Maydell
2017-08-03 22:13 ` [Qemu-arm] " Richard Henderson
2017-08-03 22:13 ` Richard Henderson
2017-08-03 22:15 ` Richard Henderson
2017-08-04 9:51 ` Peter Maydell
2017-08-02 16:43 ` [Qemu-arm] [PATCH 11/15] target/arm: Make arm_cpu_dump_state() handle the M-profile XPSR Peter Maydell
2017-08-02 16:43 ` [Qemu-devel] " Peter Maydell
2017-08-03 15:48 ` [Qemu-arm] " Edgar E. Iglesias
2017-08-03 15:48 ` [Qemu-devel] " Edgar E. Iglesias
2017-08-03 22:14 ` [Qemu-arm] [Qemu-devel] " Richard Henderson
2017-08-03 22:14 ` Richard Henderson
2017-08-02 16:43 ` [Qemu-arm] [PATCH 12/15] target/arm: Don't calculate lr in arm_v7m_cpu_do_interrupt() until needed Peter Maydell
2017-08-02 16:43 ` [Qemu-devel] " Peter Maydell
2017-08-02 21:46 ` [Qemu-arm] " Philippe Mathieu-Daudé
2017-08-02 21:46 ` [Qemu-devel] " Philippe Mathieu-Daudé
2017-08-03 15:48 ` Edgar E. Iglesias
2017-08-03 15:48 ` [Qemu-devel] " Edgar E. Iglesias
2017-08-03 22:16 ` [Qemu-devel] " Richard Henderson
2017-08-02 16:43 ` [Qemu-arm] [PATCH 13/15] target/arm: Create and use new function arm_v7m_is_handler_mode() Peter Maydell
2017-08-02 16:43 ` [Qemu-devel] " Peter Maydell
2017-08-02 21:48 ` [Qemu-arm] " Philippe Mathieu-Daudé
2017-08-02 21:48 ` [Qemu-devel] " Philippe Mathieu-Daudé
2017-08-03 15:56 ` Edgar E. Iglesias
2017-08-03 15:56 ` [Qemu-devel] " Edgar E. Iglesias
2017-08-03 22:18 ` [Qemu-devel] " Richard Henderson
2017-08-02 16:44 ` [Qemu-arm] [PATCH 14/15] armv7m_nvic.h: Move from include/hw/arm to include/hw/intc Peter Maydell
2017-08-02 16:44 ` [Qemu-devel] " Peter Maydell
2017-08-02 21:49 ` [Qemu-devel] [Qemu-arm] " Philippe Mathieu-Daudé
2017-08-03 15:57 ` Edgar E. Iglesias
2017-08-03 15:57 ` [Qemu-devel] " Edgar E. Iglesias
2017-08-03 22:19 ` [Qemu-devel] " Richard Henderson
2017-08-02 16:44 ` [Qemu-arm] [PATCH 15/15] nvic: Implement "user accesses BusFault" SCS region behaviour Peter Maydell
2017-08-02 16:44 ` [Qemu-devel] " Peter Maydell
2017-08-03 15:59 ` [Qemu-arm] " Edgar E. Iglesias
2017-08-03 15:59 ` [Qemu-devel] " Edgar E. Iglesias
2017-08-03 22:23 ` [Qemu-arm] [Qemu-devel] " Richard Henderson
2017-08-03 22:23 ` Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170802174722.GJ4859@toto \
--to=edgar.iglesias@gmail.com \
--cc=patches@linaro.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.