* [Qemu-devel] [PATCH 0/3] target-arm: more UNDEF/UNPREDICTABLE fixes
@ 2011-07-22 10:51 Peter Maydell
2011-07-22 10:51 ` [Qemu-devel] [PATCH 1/3] target-arm: Handle UNDEF and UNPREDICTABLE cases for VLDM, VSTM Peter Maydell
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Peter Maydell @ 2011-07-22 10:51 UTC (permalink / raw)
To: qemu-devel; +Cc: patches
This patchset is a final chunk of fixes to UNDEF and UNPREDICTABLE
cases; this lot were flushed out by doing a brute-force exercising
of the decoder on all possible input instruction values. (There
are some remaining issues I identified with that check, but they are
all of the form "complains about TCG temp leak on a code path where
we're going to UNDEF anyway", so not actually harmful. I'll post
patches for those later on, but I wanted to get the important ones
out first.)
Since they're basically fixes for bugs where guest code can make
qemu fall over or overrun a buffer, I think they're a good candidate
for putting into 0.15...
Peter Maydell (3):
target-arm: Handle UNDEF and UNPREDICTABLE cases for VLDM, VSTM
target-arm: UNDEF on a VCVTT/VCVTB UNPREDICTABLE to avoid TCG assert
target-arm: Don't print debug messages for various UNDEF cases
target-arm/translate.c | 63 ++++++++++++++++++++++++++++++++----------------
1 files changed, 42 insertions(+), 21 deletions(-)
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Qemu-devel] [PATCH 1/3] target-arm: Handle UNDEF and UNPREDICTABLE cases for VLDM, VSTM
2011-07-22 10:51 [Qemu-devel] [PATCH 0/3] target-arm: more UNDEF/UNPREDICTABLE fixes Peter Maydell
@ 2011-07-22 10:51 ` Peter Maydell
2011-07-22 10:51 ` [Qemu-devel] [PATCH 2/3] target-arm: UNDEF on a VCVTT/VCVTB UNPREDICTABLE to avoid TCG assert Peter Maydell
2011-07-22 10:51 ` [Qemu-devel] [PATCH 3/3] target-arm: Don't print debug messages for various UNDEF cases Peter Maydell
2 siblings, 0 replies; 4+ messages in thread
From: Peter Maydell @ 2011-07-22 10:51 UTC (permalink / raw)
To: qemu-devel; +Cc: patches
Handle the UNDEF and UNPREDICTABLE cases for VLDM and VSTM. In
particular, we now generate an undef exception for overlarge imm8
values rather than generating 1000+ TCG ops and hitting an assertion.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target-arm/translate.c | 38 +++++++++++++++++++++++++++++++-------
1 files changed, 31 insertions(+), 7 deletions(-)
diff --git a/target-arm/translate.c b/target-arm/translate.c
index 34d5e6e..7bce343 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -3382,17 +3382,18 @@ static int disas_vfp_insn(CPUState * env, DisasContext *s, uint32_t insn)
VFP_DREG_D(rd, insn);
else
rd = VFP_SREG_D(insn);
- if (s->thumb && rn == 15) {
- addr = tcg_temp_new_i32();
- tcg_gen_movi_i32(addr, s->pc & ~2);
- } else {
- addr = load_reg(s, rn);
- }
if ((insn & 0x01200000) == 0x01000000) {
/* Single load/store */
offset = (insn & 0xff) << 2;
if ((insn & (1 << 23)) == 0)
offset = -offset;
+ if (s->thumb && rn == 15) {
+ /* This is actually UNPREDICTABLE */
+ addr = tcg_temp_new_i32();
+ tcg_gen_movi_i32(addr, s->pc & ~2);
+ } else {
+ addr = load_reg(s, rn);
+ }
tcg_gen_addi_i32(addr, addr, offset);
if (insn & (1 << 20)) {
gen_vfp_ld(s, dp, addr);
@@ -3404,11 +3405,34 @@ static int disas_vfp_insn(CPUState * env, DisasContext *s, uint32_t insn)
tcg_temp_free_i32(addr);
} else {
/* load/store multiple */
+ int w = insn & (1 << 21);
if (dp)
n = (insn >> 1) & 0x7f;
else
n = insn & 0xff;
+ if (w && !(((insn >> 23) ^ (insn >> 24)) & 1)) {
+ /* P == U , W == 1 => UNDEF */
+ return 1;
+ }
+ if (n == 0 || (rd + n) > 32 || (dp && n > 16)) {
+ /* UNPREDICTABLE cases for bad immediates: we choose to
+ * UNDEF to avoid generating huge numbers of TCG ops
+ */
+ return 1;
+ }
+ if (rn == 15 && w) {
+ /* writeback to PC is UNPREDICTABLE, we choose to UNDEF */
+ return 1;
+ }
+
+ if (s->thumb && rn == 15) {
+ /* This is actually UNPREDICTABLE */
+ addr = tcg_temp_new_i32();
+ tcg_gen_movi_i32(addr, s->pc & ~2);
+ } else {
+ addr = load_reg(s, rn);
+ }
if (insn & (1 << 24)) /* pre-decrement */
tcg_gen_addi_i32(addr, addr, -((insn & 0xff) << 2));
@@ -3428,7 +3452,7 @@ static int disas_vfp_insn(CPUState * env, DisasContext *s, uint32_t insn)
}
tcg_gen_addi_i32(addr, addr, offset);
}
- if (insn & (1 << 21)) {
+ if (w) {
/* writeback */
if (insn & (1 << 24))
offset = -offset * n;
--
1.7.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Qemu-devel] [PATCH 2/3] target-arm: UNDEF on a VCVTT/VCVTB UNPREDICTABLE to avoid TCG assert
2011-07-22 10:51 [Qemu-devel] [PATCH 0/3] target-arm: more UNDEF/UNPREDICTABLE fixes Peter Maydell
2011-07-22 10:51 ` [Qemu-devel] [PATCH 1/3] target-arm: Handle UNDEF and UNPREDICTABLE cases for VLDM, VSTM Peter Maydell
@ 2011-07-22 10:51 ` Peter Maydell
2011-07-22 10:51 ` [Qemu-devel] [PATCH 3/3] target-arm: Don't print debug messages for various UNDEF cases Peter Maydell
2 siblings, 0 replies; 4+ messages in thread
From: Peter Maydell @ 2011-07-22 10:51 UTC (permalink / raw)
To: qemu-devel; +Cc: patches
VCVTT/VCVTB with bit 8 set is UNPREDICTABLE; we choose to UNDEF.
This avoids a TCG assert later when the VCVTT/VCVTB code tries to
use a source register that wasn't ever set up.
We pull the check for the presence of the half-precision extension
up in to this common code as well.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target-arm/translate.c | 19 +++++++++++--------
1 files changed, 11 insertions(+), 8 deletions(-)
diff --git a/target-arm/translate.c b/target-arm/translate.c
index 7bce343..a9a70e5 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -3056,6 +3056,17 @@ static int disas_vfp_insn(CPUState * env, DisasContext *s, uint32_t insn)
/* Source and destination the same. */
gen_mov_F0_vreg(dp, rd);
break;
+ case 4:
+ case 5:
+ case 6:
+ case 7:
+ /* VCVTB, VCVTT: only present with the halfprec extension,
+ * UNPREDICTABLE if bit 8 is set (we choose to UNDEF)
+ */
+ if (dp || !arm_feature(env, ARM_FEATURE_VFP_FP16)) {
+ return 1;
+ }
+ /* Otherwise fall through */
default:
/* One source operand. */
gen_mov_F0_vreg(dp, rm);
@@ -3152,24 +3163,18 @@ static int disas_vfp_insn(CPUState * env, DisasContext *s, uint32_t insn)
gen_vfp_sqrt(dp);
break;
case 4: /* vcvtb.f32.f16 */
- if (!arm_feature(env, ARM_FEATURE_VFP_FP16))
- return 1;
tmp = gen_vfp_mrs();
tcg_gen_ext16u_i32(tmp, tmp);
gen_helper_vfp_fcvt_f16_to_f32(cpu_F0s, tmp, cpu_env);
tcg_temp_free_i32(tmp);
break;
case 5: /* vcvtt.f32.f16 */
- if (!arm_feature(env, ARM_FEATURE_VFP_FP16))
- return 1;
tmp = gen_vfp_mrs();
tcg_gen_shri_i32(tmp, tmp, 16);
gen_helper_vfp_fcvt_f16_to_f32(cpu_F0s, tmp, cpu_env);
tcg_temp_free_i32(tmp);
break;
case 6: /* vcvtb.f16.f32 */
- if (!arm_feature(env, ARM_FEATURE_VFP_FP16))
- return 1;
tmp = tcg_temp_new_i32();
gen_helper_vfp_fcvt_f32_to_f16(tmp, cpu_F0s, cpu_env);
gen_mov_F0_vreg(0, rd);
@@ -3180,8 +3185,6 @@ static int disas_vfp_insn(CPUState * env, DisasContext *s, uint32_t insn)
gen_vfp_msr(tmp);
break;
case 7: /* vcvtt.f16.f32 */
- if (!arm_feature(env, ARM_FEATURE_VFP_FP16))
- return 1;
tmp = tcg_temp_new_i32();
gen_helper_vfp_fcvt_f32_to_f16(tmp, cpu_F0s, cpu_env);
tcg_gen_shli_i32(tmp, tmp, 16);
--
1.7.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Qemu-devel] [PATCH 3/3] target-arm: Don't print debug messages for various UNDEF cases
2011-07-22 10:51 [Qemu-devel] [PATCH 0/3] target-arm: more UNDEF/UNPREDICTABLE fixes Peter Maydell
2011-07-22 10:51 ` [Qemu-devel] [PATCH 1/3] target-arm: Handle UNDEF and UNPREDICTABLE cases for VLDM, VSTM Peter Maydell
2011-07-22 10:51 ` [Qemu-devel] [PATCH 2/3] target-arm: UNDEF on a VCVTT/VCVTB UNPREDICTABLE to avoid TCG assert Peter Maydell
@ 2011-07-22 10:51 ` Peter Maydell
2 siblings, 0 replies; 4+ messages in thread
From: Peter Maydell @ 2011-07-22 10:51 UTC (permalink / raw)
To: qemu-devel; +Cc: patches
Remove some stray printfs for cases which don't generally happen
(some VFP UNDEF cases, reads and writes to unknown cp14 registers);
we should simply generate an UNDEF when the instruction is executed.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target-arm/translate.c | 6 ------
1 files changed, 0 insertions(+), 6 deletions(-)
diff --git a/target-arm/translate.c b/target-arm/translate.c
index a9a70e5..6b84cf6 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -3273,12 +3273,10 @@ static int disas_vfp_insn(CPUState * env, DisasContext *s, uint32_t insn)
gen_vfp_toul(dp, 32 - rm, 0);
break;
default: /* undefined */
- printf ("rn:%d\n", rn);
return 1;
}
break;
default: /* undefined */
- printf ("op:%d\n", op);
return 1;
}
@@ -6357,8 +6355,6 @@ static int disas_cp14_read(CPUState * env, DisasContext *s, uint32_t insn)
return 0;
}
}
- fprintf(stderr, "Unknown cp14 read op1:%d crn:%d crm:%d op2:%d\n",
- op1, crn, crm, op2);
return 1;
}
@@ -6390,8 +6386,6 @@ static int disas_cp14_write(CPUState * env, DisasContext *s, uint32_t insn)
return 0;
}
}
- fprintf(stderr, "Unknown cp14 write op1:%d crn:%d crm:%d op2:%d\n",
- op1, crn, crm, op2);
return 1;
}
--
1.7.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2011-07-22 10:51 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-07-22 10:51 [Qemu-devel] [PATCH 0/3] target-arm: more UNDEF/UNPREDICTABLE fixes Peter Maydell
2011-07-22 10:51 ` [Qemu-devel] [PATCH 1/3] target-arm: Handle UNDEF and UNPREDICTABLE cases for VLDM, VSTM Peter Maydell
2011-07-22 10:51 ` [Qemu-devel] [PATCH 2/3] target-arm: UNDEF on a VCVTT/VCVTB UNPREDICTABLE to avoid TCG assert Peter Maydell
2011-07-22 10:51 ` [Qemu-devel] [PATCH 3/3] target-arm: Don't print debug messages for various UNDEF cases Peter Maydell
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).