Re: [Qemu-devel] [PATCH v2 3/4] tcg: Mask shift counts to avoid undefined behavior

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Richard Henderson <rth@twiddle.net>
To: qemu-devel@nongnu.org
Cc: peter.maydell@linaro.org, Stefan Weil <sw@weilnetz.de>
Subject: Re: [Qemu-devel] [PATCH v2 3/4] tcg: Mask shift counts to avoid undefined behavior
Date: Tue, 18 Mar 2014 15:24:11 -0700	[thread overview]
Message-ID: <5328C78B.7020202@twiddle.net> (raw)
In-Reply-To: <1395178235-29056-4-git-send-email-rth@twiddle.net>

Gah.  Description should have been "tci" and cc'd the maintainer.


r~

On 03/18/2014 02:30 PM, Richard Henderson wrote:
> TCG now requires unspecified behavior rather than a potential crash,
> bring the C shift within the letter of the law.
> 
> Signed-off-by: Richard Henderson <rth@twiddle.net>
> ---
>  tci.c | 20 ++++++++++----------
>  1 file changed, 10 insertions(+), 10 deletions(-)
> 
> diff --git a/tci.c b/tci.c
> index 0202ed9..6523ab8 100644
> --- a/tci.c
> +++ b/tci.c
> @@ -669,32 +669,32 @@ uintptr_t tcg_qemu_tb_exec(CPUArchState *env, uint8_t *tb_ptr)
>              t0 = *tb_ptr++;
>              t1 = tci_read_ri32(&tb_ptr);
>              t2 = tci_read_ri32(&tb_ptr);
> -            tci_write_reg32(t0, t1 << t2);
> +            tci_write_reg32(t0, t1 << (t2 & 31));
>              break;
>          case INDEX_op_shr_i32:
>              t0 = *tb_ptr++;
>              t1 = tci_read_ri32(&tb_ptr);
>              t2 = tci_read_ri32(&tb_ptr);
> -            tci_write_reg32(t0, t1 >> t2);
> +            tci_write_reg32(t0, t1 >> (t2 & 31));
>              break;
>          case INDEX_op_sar_i32:
>              t0 = *tb_ptr++;
>              t1 = tci_read_ri32(&tb_ptr);
>              t2 = tci_read_ri32(&tb_ptr);
> -            tci_write_reg32(t0, ((int32_t)t1 >> t2));
> +            tci_write_reg32(t0, ((int32_t)t1 >> (t2 & 31)));
>              break;
>  #if TCG_TARGET_HAS_rot_i32
>          case INDEX_op_rotl_i32:
>              t0 = *tb_ptr++;
>              t1 = tci_read_ri32(&tb_ptr);
>              t2 = tci_read_ri32(&tb_ptr);
> -            tci_write_reg32(t0, rol32(t1, t2));
> +            tci_write_reg32(t0, rol32(t1, t2 & 31));
>              break;
>          case INDEX_op_rotr_i32:
>              t0 = *tb_ptr++;
>              t1 = tci_read_ri32(&tb_ptr);
>              t2 = tci_read_ri32(&tb_ptr);
> -            tci_write_reg32(t0, ror32(t1, t2));
> +            tci_write_reg32(t0, ror32(t1, t2 & 31));
>              break;
>  #endif
>  #if TCG_TARGET_HAS_deposit_i32
> @@ -936,32 +936,32 @@ uintptr_t tcg_qemu_tb_exec(CPUArchState *env, uint8_t *tb_ptr)
>              t0 = *tb_ptr++;
>              t1 = tci_read_ri64(&tb_ptr);
>              t2 = tci_read_ri64(&tb_ptr);
> -            tci_write_reg64(t0, t1 << t2);
> +            tci_write_reg64(t0, t1 << (t2 & 63));
>              break;
>          case INDEX_op_shr_i64:
>              t0 = *tb_ptr++;
>              t1 = tci_read_ri64(&tb_ptr);
>              t2 = tci_read_ri64(&tb_ptr);
> -            tci_write_reg64(t0, t1 >> t2);
> +            tci_write_reg64(t0, t1 >> (t2 & 63));
>              break;
>          case INDEX_op_sar_i64:
>              t0 = *tb_ptr++;
>              t1 = tci_read_ri64(&tb_ptr);
>              t2 = tci_read_ri64(&tb_ptr);
> -            tci_write_reg64(t0, ((int64_t)t1 >> t2));
> +            tci_write_reg64(t0, ((int64_t)t1 >> (t2 & 63)));
>              break;
>  #if TCG_TARGET_HAS_rot_i64
>          case INDEX_op_rotl_i64:
>              t0 = *tb_ptr++;
>              t1 = tci_read_ri64(&tb_ptr);
>              t2 = tci_read_ri64(&tb_ptr);
> -            tci_write_reg64(t0, rol64(t1, t2));
> +            tci_write_reg64(t0, rol64(t1, t2 & 63));
>              break;
>          case INDEX_op_rotr_i64:
>              t0 = *tb_ptr++;
>              t1 = tci_read_ri64(&tb_ptr);
>              t2 = tci_read_ri64(&tb_ptr);
> -            tci_write_reg64(t0, ror64(t1, t2));
> +            tci_write_reg64(t0, ror64(t1, t2 & 63));
>              break;
>  #endif
>  #if TCG_TARGET_HAS_deposit_i64
>

next prev parent reply	other threads:[~2014-03-18 22:24 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-03-18 21:30 [Qemu-devel] [PATCH v2 0/4] tcg: out of range shift behavior Richard Henderson
2014-03-18 21:30 ` [Qemu-devel] [PATCH v2 1/4] tcg: Use "unspecified behavior" for shifts Richard Henderson
2014-03-18 21:30 ` [Qemu-devel] [PATCH v2 2/4] tcg: Mask shift quantities while folding Richard Henderson
2014-03-18 22:11   ` Peter Maydell
2014-03-18 21:30 ` [Qemu-devel] [PATCH v2 3/4] tcg: Mask shift counts to avoid undefined behavior Richard Henderson
2014-03-18 22:24   ` Richard Henderson [this message]
2014-03-19  6:21   ` Stefan Weil
2014-03-19 10:11     ` Peter Maydell
2014-03-19 15:25     ` Richard Henderson
2014-03-19 15:59       ` Peter Maydell
2014-03-18 21:30 ` [Qemu-devel] [PATCH v2 4/4] tcg: Fix out of range shift in deposit optimizations Richard Henderson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5328C78B.7020202@twiddle.net \
    --to=rth@twiddle.net \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=sw@weilnetz.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.