From: "Alex Bennée" <alex.bennee@linaro.org>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-arm@nongnu.org, qemu-devel@nongnu.org, patches@linaro.org,
Richard Henderson <richard.henderson@linaro.org>
Subject: Re: [PATCH for-3.1] target/arm: Remove can't-happen if() from handle_vec_simd_shli()
Date: Wed, 31 Oct 2018 10:47:41 +0000 [thread overview]
Message-ID: <87o9ba8kaa.fsf@linaro.org> (raw)
In-Reply-To: <20181030162517.21816-1-peter.maydell@linaro.org>
Peter Maydell <peter.maydell@linaro.org> writes:
> In handle_vec_simd_shli() we have a check:
> if (size > 3 && !is_q) {
> unallocated_encoding(s);
> return;
> }
> However this can never be true, because we calculate
> int size = 32 - clz32(immh) - 1;
> where immh is a 4 bit field which we know cannot be all-zeroes.
> So the clz32() return must be in {28,29,30,31} and the resulting
> size is in {0,1,2,3}, and "size > 3" is never true.
>
> This unnecessary code confuses Coverity's analysis:
> in CID 1396476 it thinks we might later index off the
> end of an array because the condition implies that we
> might have a size > 3.
>
> Remove the code, and instead assert that the size is in [0..3],
> since the decode that enforces that is somewhat distant from
> this function.
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
> Alex, if you could run this through the risu testset just as
> a sanity check that would be very helpful.
>
> target/arm/translate-a64.c | 8 +++-----
> 1 file changed, 3 insertions(+), 5 deletions(-)
>
> diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
> index 88195ab9490..fd36425f1ae 100644
> --- a/target/arm/translate-a64.c
> +++ b/target/arm/translate-a64.c
> @@ -9483,12 +9483,10 @@ static void handle_vec_simd_shli(DisasContext *s, bool is_q, bool insert,
> int immhb = immh << 3 | immb;
> int shift = immhb - (8 << size);
>
> - if (extract32(immh, 3, 1) && !is_q) {
> - unallocated_encoding(s);
> - return;
> - }
> + /* Range of size is limited by decode: immh is a non-zero 4 bit field */
> + assert(size >= 0 && size <= 3);
>
> - if (size > 3 && !is_q) {
> + if (extract32(immh, 3, 1) && !is_q) {
> unallocated_encoding(s);
> return;
> }
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
--
Alex Bennée
WARNING: multiple messages have this Message-ID (diff)
From: "Alex Bennée" <alex.bennee@linaro.org>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-arm@nongnu.org, qemu-devel@nongnu.org, patches@linaro.org,
Richard Henderson <richard.henderson@linaro.org>
Subject: Re: [Qemu-devel] [PATCH for-3.1] target/arm: Remove can't-happen if() from handle_vec_simd_shli()
Date: Wed, 31 Oct 2018 10:47:41 +0000 [thread overview]
Message-ID: <87o9ba8kaa.fsf@linaro.org> (raw)
In-Reply-To: <20181030162517.21816-1-peter.maydell@linaro.org>
Peter Maydell <peter.maydell@linaro.org> writes:
> In handle_vec_simd_shli() we have a check:
> if (size > 3 && !is_q) {
> unallocated_encoding(s);
> return;
> }
> However this can never be true, because we calculate
> int size = 32 - clz32(immh) - 1;
> where immh is a 4 bit field which we know cannot be all-zeroes.
> So the clz32() return must be in {28,29,30,31} and the resulting
> size is in {0,1,2,3}, and "size > 3" is never true.
>
> This unnecessary code confuses Coverity's analysis:
> in CID 1396476 it thinks we might later index off the
> end of an array because the condition implies that we
> might have a size > 3.
>
> Remove the code, and instead assert that the size is in [0..3],
> since the decode that enforces that is somewhat distant from
> this function.
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
> Alex, if you could run this through the risu testset just as
> a sanity check that would be very helpful.
>
> target/arm/translate-a64.c | 8 +++-----
> 1 file changed, 3 insertions(+), 5 deletions(-)
>
> diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
> index 88195ab9490..fd36425f1ae 100644
> --- a/target/arm/translate-a64.c
> +++ b/target/arm/translate-a64.c
> @@ -9483,12 +9483,10 @@ static void handle_vec_simd_shli(DisasContext *s, bool is_q, bool insert,
> int immhb = immh << 3 | immb;
> int shift = immhb - (8 << size);
>
> - if (extract32(immh, 3, 1) && !is_q) {
> - unallocated_encoding(s);
> - return;
> - }
> + /* Range of size is limited by decode: immh is a non-zero 4 bit field */
> + assert(size >= 0 && size <= 3);
>
> - if (size > 3 && !is_q) {
> + if (extract32(immh, 3, 1) && !is_q) {
> unallocated_encoding(s);
> return;
> }
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
--
Alex Bennée
next prev parent reply other threads:[~2018-10-31 10:47 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-30 16:25 [PATCH for-3.1] target/arm: Remove can't-happen if() from handle_vec_simd_shli() Peter Maydell
2018-10-30 16:25 ` [Qemu-devel] " Peter Maydell
2018-10-30 17:07 ` Philippe Mathieu-Daudé
2018-10-31 10:47 ` Alex Bennée [this message]
2018-10-31 10:47 ` Alex Bennée
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87o9ba8kaa.fsf@linaro.org \
--to=alex.bennee@linaro.org \
--cc=patches@linaro.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.