[Qemu-devel] MAX_OP_PER_INSTR should be larger

[Qemu-devel] MAX_OP_PER_INSTR should be larger

[TeLeMan]

MAX_OP_PER_INSTR is 64 now,but the x64 instruction "ROR" will be translated
into more than 64 ops.
It will cause gen_opc_buf overflowed and tcg_ctx overwritten.

qemu.log:

IN: 
0x00000000004463d3:  and    %ecx,%ebx
0x00000000004463d5:  add    %edi,%esi
0x00000000004463d7:  mov    %esi,-0x14(%ebp)
0x00000000004463da:  mov    %ecx,%esi
0x00000000004463dc:  ror    $0x19,%esi
0x00000000004463df:  mov    %ecx,%edi
0x00000000004463e1:  ror    $0xb,%edi
0x00000000004463e4:  xor    %edi,%esi
0x00000000004463e6:  mov    %ecx,%edi
0x00000000004463e8:  ror    $0x6,%edi
0x00000000004463eb:  xor    %edi,%esi
0x00000000004463ed:  mov    %ecx,%edi
0x00000000004463ef:  not    %edi
0x00000000004463f1:  and    -0x28(%ebp),%edi
0x00000000004463f4:  xor    %ebx,%edi
0x00000000004463f6:  add    %edi,%esi
0x00000000004463f8:  add    0x501280(,%eax,4),%esi
0x00000000004463ff:  mov    -0x14(%ebp),%edi
0x0000000000446402:  add    -0x70(%ebp,%eax,4),%esi

OP:
 ---- 0x4463d3
 ld_i32 tmp2,env,$0x8
 ld_i32 tmp3,env,$0xc
 ld_i32 tmp0,env,$0x18
 ld_i32 tmp1,env,$0x1c
 and_i32 tmp0,tmp0,tmp2
 and_i32 tmp1,tmp1,tmp3
 st_i32 tmp0,env,$0x18
 movi_i32 tmp8,$0x0
 movi_i32 tmp9,$0x0
 st_i32 tmp8,env,$0x1c
 discard cc_src_0
 discard cc_src_1
 mov_i32 cc_dst_0,tmp0
 mov_i32 cc_dst_1,tmp1

 ---- 0x4463d5
 ld_i32 tmp2,env,$0x38
 ld_i32 tmp3,env,$0x3c
 ld_i32 tmp0,env,$0x30
 ld_i32 tmp1,env,$0x34
 add2_i32 tmp0,tmp1,tmp0,tmp1,tmp2,tmp3
 st_i32 tmp0,env,$0x30
 movi_i32 tmp8,$0x0
 movi_i32 tmp9,$0x0
 st_i32 tmp8,env,$0x34
 mov_i32 cc_src_0,tmp2
 mov_i32 cc_src_1,tmp3
 mov_i32 cc_dst_0,tmp0
 mov_i32 cc_dst_1,tmp1

 ---- 0x4463d7
 ld_i32 tmp4,env,$0x28
 movi_i32 tmp5,$0x0
 movi_i32 tmp22,$0xffffffec
 movi_i32 tmp23,$0xffffffff
 add2_i32 tmp4,tmp5,tmp4,tmp5,tmp22,tmp23
 movi_i32 tmp5,$0x0
 ld_i32 tmp0,env,$0x30
 ld_i32 tmp1,env,$0x34
 qemu_st32 tmp0,tmp4,tmp5,$0x0

 ---- 0x4463da
 ld_i32 tmp0,env,$0x8
 ld_i32 tmp1,env,$0xc
 st_i32 tmp0,env,$0x30
 movi_i32 tmp8,$0x0
 movi_i32 tmp9,$0x0
 st_i32 tmp8,env,$0x34

 ---- 0x4463dc
 movi_i32 tmp2,$0x19
 movi_i32 tmp3,$0x0
 ld_i32 loc24,env,$0x30
 ld_i32 loc25,env,$0x34
 mov_i32 loc26,tmp2
 mov_i32 loc27,tmp3
 movi_i32 tmp32,$0x1f
 and_i32 loc26,loc26,tmp32
 movi_i32 loc27,$0x0
 movi_i32 tmp22,$0x0
 movi_i32 tmp23,$0x0
 brcond2_i32 loc26,loc27,tmp22,tmp23,eq,$0x0
 mov_i32 tmp8,loc26
 mov_i32 tmp9,loc27
 movi_i32 loc25,$0x0
 mov_i32 loc28,loc24
 mov_i32 loc29,loc25
 movi_i32 tmp32,$0x54d17c
 call tmp32,$0x0,$2,tmp14,tmp15,loc24,loc25,tmp8,tmp9
 movi_i32 tmp22,$0x20
 movi_i32 tmp23,$0x0
 sub2_i32 tmp8,tmp9,tmp22,tmp23,tmp8,tmp9
 movi_i32 tmp32,$0x54d160
 call tmp32,$0x0,$2,loc24,loc25,loc24,loc25,tmp8,tmp9
 or_i32 loc24,loc24,tmp14
 or_i32 loc25,loc25,tmp15
 set_label $0x0
 st_i32 loc24,env,$0x30
 movi_i32 tmp8,$0x0
 movi_i32 tmp9,$0x0
 st_i32 tmp8,env,$0x34
 movi_i32 cc_op,$0x8
 movi_i32 tmp33,$0x0
 movi_i32 tmp34,$0x0
 brcond2_i32 loc26,loc27,tmp33,tmp34,eq,$0x1
 movi_i32 tmp32,$cc_compute_all
 call tmp32,$0x10,$1,tmp12,cc_op
 mov_i32 cc_src_0,tmp12
 movi_i32 cc_src_1,$0x0
 movi_i32 tmp32,$0xfffff7fe
 and_i32 cc_src_0,cc_src_0,tmp32
 xor_i32 tmp8,loc28,loc24
 xor_i32 tmp9,loc29,loc25
 movi_i32 tmp36,$0xc
 shl_i32 tmp32,tmp9,tmp36
 movi_i32 tmp36,$0x14
 shr_i32 tmp35,tmp9,tmp36
 movi_i32 tmp36,$0x14
 shr_i32 tmp8,tmp8,tmp36
 or_i32 tmp8,tmp8,tmp32
 mov_i32 tmp9,tmp35
 movi_i32 tmp35,$0x800
 and_i32 tmp8,tmp8,tmp35
 movi_i32 tmp9,$0x0
 or_i32 cc_src_0,cc_src_0,tmp8
 or_i32 cc_src_1,cc_src_1,tmp9
 movi_i32 tmp36,$0x1
 shl_i32 tmp35,loc25,tmp36
 movi_i32 tmp36,$0x1f
 shr_i32 tmp32,loc25,tmp36
 movi_i32 tmp36,$0x1f
 shr_i32 loc24,loc24,tmp36
 or_i32 loc24,loc24,tmp35
 mov_i32 loc25,tmp32
 movi_i32 tmp32,$0x1
 and_i32 loc24,loc24,tmp32
 movi_i32 loc25,$0x0
 or_i32 cc_src_0,cc_src_0,loc24
 or_i32 cc_src_1,cc_src_1,loc25
 discard cc_dst_0
 discard cc_dst_1
 movi_i32 cc_op,$0x1
 set_label $0x1

 ---- 0x4463df
 ld_i32 tmp0,env,$0x8
 ld_i32 tmp1,env,$0xc
 st_i32 tmp0,env,$0x38
 movi_i32 tmp8,$0x0
 movi_i32 tmp9,$0x0
 st_i32 tmp8,env,$0x3c

 ---- 0x4463e1
 movi_i32 tmp2,$0xb
 movi_i32 tmp3,$0x0
 ld_i32 loc30,env,$0x38
 ld_i32 loc31,env,$0x3c
 mov_i32 loc28,tmp2
 mov_i32 loc29,tmp3
 movi_i32 tmp32,$0x1f
 and_i32 loc28,loc28,tmp32
 movi_i32 loc29,$0x0
 movi_i32 tmp33,$0x0
 movi_i32 tmp34,$0x0
 brcond2_i32 loc28,loc29,tmp33,tmp34,eq,$0x2
 mov_i32 tmp8,loc28
 mov_i32 tmp9,loc29
 movi_i32 loc31,$0x0
 mov_i32 loc26,loc30
 mov_i32 loc27,loc31
 movi_i32 tmp32,$0x54d17c
 call tmp32,$0x0,$2,tmp14,tmp15,loc30,loc31,tmp8,tmp9
 movi_i32 tmp33,$0x20
 movi_i32 tmp34,$0x0
 sub2_i32 tmp8,tmp9,tmp33,tmp34,tmp8,tmp9
 movi_i32 tmp32,$0x54d160
 call tmp32,$0x0,$2,loc30,loc31,loc30,loc31,tmp8,tmp9
 or_i32 loc30,loc30,tmp14
 or_i32 loc31,loc31,tmp15
 set_label $0x2
 st_i32 loc30,env,$0x38
 movi_i32 tmp8,$0x0
 movi_i32 tmp9,$0x0
 st_i32 tmp8,env,$0x3c
 movi_i32 tmp37,$0x0
 movi_i32 tmp38,$0x0
 brcond2_i32 loc28,loc29,tmp37,tmp38,eq,$0x3
 movi_i32 tmp32,$cc_compute_all
 call tmp32,$0x10,$1,tmp12,cc_op
 mov_i32 cc_src_0,tmp12
 movi_i32 cc_src_1,$0x0
 movi_i32 tmp32,$0xfffff7fe
 and_i32 cc_src_0,cc_src_0,tmp32
 xor_i32 tmp8,loc26,loc30
 xor_i32 tmp9,loc27,loc31
 movi_i32 tmp36,$0xc
 shl_i32 tmp32,tmp9,tmp36
 movi_i32 tmp36,$0x14
 shr_i32 tmp35,tmp9,tmp36
 movi_i32 tmp36,$0x14
 shr_i32 tmp8,tmp8,tmp36
 or_i32 tmp8,tmp8,tmp32
 mov_i32 tmp9,tmp35
 movi_i32 tmp35,$0x800
 and_i32 tmp8,tmp8,tmp35
 movi_i32 tmp9,$0x0
 or_i32 cc_src_0,cc_src_0,tmp8
 or_i32 cc_src_1,cc_src_1,tmp9
 movi_i32 tmp36,$0x1
 shl_i32 tmp35,loc31,tmp36
 movi_i32 tmp36,$0x1f
 shr_i32 tmp32,loc31,tmp36
 movi_i32 tmp36,$0x1f
 shr_i32 loc30,loc30,tmp36
 or_i32 loc30,loc30,tmp35
 mov_i32 loc31,tmp32
 movi_i32 tmp32,$0x1
 and_i32 loc30,loc30,tmp32
 movi_i32 loc31,$0x0
 or_i32 cc_src_0,cc_src_0,loc30
 or_i32 cc_src_1,cc_src_1,loc31
 discard cc_dst_0
 discard cc_dst_1
 movi_i32 cc_op,$0x1
 set_label $0x3
-- 
View this message in context: http://www.nabble.com/MAX_OP_PER_INSTR-should-be-larger-tp22573338p22573338.html
Sent from the QEMU - Dev mailing list archive at Nabble.com.