From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1N1fan-0008Hl-N7 for qemu-devel@nongnu.org; Sat, 24 Oct 2009 08:19:33 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1N1fad-0008Bh-4R for qemu-devel@nongnu.org; Sat, 24 Oct 2009 08:19:28 -0400 Received: from [199.232.76.173] (port=58454 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1N1fac-0008BR-Qt for qemu-devel@nongnu.org; Sat, 24 Oct 2009 08:19:22 -0400 Received: from smtp.nokia.com ([192.100.122.230]:58022 helo=mgw-mx03.nokia.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1N1fab-0004Hg-Rf for qemu-devel@nongnu.org; Sat, 24 Oct 2009 08:19:22 -0400 Received: from esebh105.NOE.Nokia.com (esebh105.ntc.nokia.com [172.21.138.211]) by mgw-mx03.nokia.com (Switch-3.3.3/Switch-3.3.3) with ESMTP id n9OCJH3E011602 for ; Sat, 24 Oct 2009 15:19:19 +0300 Received: from localhost.localdomain (essapo-nirac252105.europe.nokia.com [10.162.252.105]) by mgw-sa02.ext.nokia.com (Switch-3.3.3/Switch-3.3.3) with ESMTP id n9OCJ8qC022164 for ; Sat, 24 Oct 2009 15:19:16 +0300 From: juha.riihimaki@nokia.com Date: Sat, 24 Oct 2009 15:19:05 +0300 Message-Id: <1256386749-85299-7-git-send-email-juha.riihimaki@nokia.com> In-Reply-To: <1256386749-85299-1-git-send-email-juha.riihimaki@nokia.com> References: <1256386749-85299-1-git-send-email-juha.riihimaki@nokia.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: [Qemu-devel] [PATCH v2 06/10] target-arm: fix neon vsri, vshl and vsli ops List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org From: Juha Riihim=C3=A4ki Shift by immediate value is incorrectly overwritten by a temporary variable in the processing of NEON vsri, vshl and vsli instructions. This patch has been revised to also include a fix for the special case where the code would previously try to shift an integer value over 31 bits left/right. Signed-off-by: Juha Riihim=C3=A4ki --- target-arm/translate.c | 32 ++++++++++++++++++-------------- 1 files changed, 18 insertions(+), 14 deletions(-) diff --git a/target-arm/translate.c b/target-arm/translate.c index d1e2ed2..9e924d4 100644 --- a/target-arm/translate.c +++ b/target-arm/translate.c @@ -4098,7 +4098,7 @@ static int disas_neon_data_insn(CPUState * env, Dis= asContext *s, uint32_t insn) int pairwise; int u; int n; - uint32_t imm; + uint32_t imm, mask; TCGv tmp, tmp2, tmp3, tmp4, tmp5; TCGv_i64 tmp64; =20 @@ -4626,31 +4626,35 @@ static int disas_neon_data_insn(CPUState * env, D= isasContext *s, uint32_t insn) switch (size) { case 0: if (op =3D=3D 4) - imm =3D 0xff >> -shift; + mask =3D 0xff >> -shift; else - imm =3D (uint8_t)(0xff << shift); - imm |=3D imm << 8; - imm |=3D imm << 16; + mask =3D (uint8_t)(0xff << shift); + mask |=3D mask << 8; + mask |=3D mask << 16; break; case 1: if (op =3D=3D 4) - imm =3D 0xffff >> -shift; + mask =3D 0xffff >> -shift; else - imm =3D (uint16_t)(0xffff << shift); - imm |=3D imm << 16; + mask =3D (uint16_t)(0xffff << shift)= ; + mask |=3D mask << 16; break; case 2: - if (op =3D=3D 4) - imm =3D 0xffffffffu >> -shift; - else - imm =3D 0xffffffffu << shift; + if (shift < -31 || shift > 31) { + mask =3D 0; + } else { + if (op =3D=3D 4) + mask =3D 0xffffffffu >> -shift; + else + mask =3D 0xffffffffu << shift; + } break; default: abort(); } tmp2 =3D neon_load_reg(rd, pass); - tcg_gen_andi_i32(tmp, tmp, imm); - tcg_gen_andi_i32(tmp2, tmp2, ~imm); + tcg_gen_andi_i32(tmp, tmp, mask); + tcg_gen_andi_i32(tmp2, tmp2, ~mask); tcg_gen_or_i32(tmp, tmp, tmp2); dead_tmp(tmp2); } --=20 1.6.5