* [Qemu-devel] [PATCH 0/2] target-arm: Avoid clang sanitizer warnings @ 2013-08-23 16:12 Peter Maydell 2013-08-23 16:12 ` [Qemu-devel] [PATCH 1/2] target-arm: Use sextract32() in branch decode Peter Maydell 2013-08-23 16:12 ` [Qemu-devel] [PATCH 2/2] target-arm: Avoid "1 << 31" undefined behaviour Peter Maydell 0 siblings, 2 replies; 7+ messages in thread From: Peter Maydell @ 2013-08-23 16:12 UTC (permalink / raw) To: qemu-devel; +Cc: patches These patches avoid some clang sanitizer warnings triggered on target-arm code which inadvertently shifts into the sign bit of a signed integer (which is undefined behaviour in C). (For more info on the sanitizer see http://blog.regehr.org/archives/963 ; the basic approach is to install clang 3.3 and then configure QEMU with --cc=clang --extra-cflags='-fsanitize=undefined' ; the resulting QEMU will print warnings at runtime for various kinds of integer undefined behaviour.) Peter Maydell (2): target-arm: Use sextract32() in branch decode target-arm: Avoid "1 << 31" undefined behaviour target-arm/cpu.h | 2 +- target-arm/helper.c | 4 ++-- target-arm/translate.c | 5 +++-- 3 files changed, 6 insertions(+), 5 deletions(-) -- 1.7.9.5 ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Qemu-devel] [PATCH 1/2] target-arm: Use sextract32() in branch decode 2013-08-23 16:12 [Qemu-devel] [PATCH 0/2] target-arm: Avoid clang sanitizer warnings Peter Maydell @ 2013-08-23 16:12 ` Peter Maydell 2013-08-23 18:09 ` Richard Henderson 2013-08-23 16:12 ` [Qemu-devel] [PATCH 2/2] target-arm: Avoid "1 << 31" undefined behaviour Peter Maydell 1 sibling, 1 reply; 7+ messages in thread From: Peter Maydell @ 2013-08-23 16:12 UTC (permalink / raw) To: qemu-devel; +Cc: patches In the decode of ARM B and BL insns, swap the order of the "append 2 implicit zeros to imm24" and the sign extend, and use the new sextract32() utility function to do the latter. This avoids a direct dependency on the undefined C behaviour of shifting into the sign bit of an integer. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target-arm/translate.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/target-arm/translate.c b/target-arm/translate.c index d1e8538..ebf5d4f 100644 --- a/target-arm/translate.c +++ b/target-arm/translate.c @@ -28,6 +28,7 @@ #include "disas/disas.h" #include "tcg-op.h" #include "qemu/log.h" +#include "qemu/bitops.h" #include "helper.h" #define GEN_HELPER 1 @@ -7956,8 +7957,8 @@ static void disas_arm_insn(CPUARMState * env, DisasContext *s) tcg_gen_movi_i32(tmp, val); store_reg(s, 14, tmp); } - offset = (((int32_t)insn << 8) >> 8); - val += (offset << 2) + 4; + offset = sextract32(insn << 2, 0, 26); + val += offset + 4; gen_jmp(s, val); } break; -- 1.7.9.5 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [Qemu-devel] [PATCH 1/2] target-arm: Use sextract32() in branch decode 2013-08-23 16:12 ` [Qemu-devel] [PATCH 1/2] target-arm: Use sextract32() in branch decode Peter Maydell @ 2013-08-23 18:09 ` Richard Henderson 2013-08-24 10:21 ` Peter Maydell 0 siblings, 1 reply; 7+ messages in thread From: Richard Henderson @ 2013-08-23 18:09 UTC (permalink / raw) To: Peter Maydell; +Cc: qemu-devel, patches On 08/23/2013 09:12 AM, Peter Maydell wrote: > - offset = (((int32_t)insn << 8) >> 8); > - val += (offset << 2) + 4; > + offset = sextract32(insn << 2, 0, 26); > + val += offset + 4; I read this incorrectly at first, considering the shift of insn, and I wonder if it's really the best way to write this because of that. What about just changing the one line to sextract(insn, 0, 24)? The second line by itself ought not trigger a warning from clang, because the << 2 never changes the sign bit. If it still does, perhaps just multiply by 4 instead... It's a stupid warning. When was the last ones-compliment machine built? r~ ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Qemu-devel] [PATCH 1/2] target-arm: Use sextract32() in branch decode 2013-08-23 18:09 ` Richard Henderson @ 2013-08-24 10:21 ` Peter Maydell 0 siblings, 0 replies; 7+ messages in thread From: Peter Maydell @ 2013-08-24 10:21 UTC (permalink / raw) To: Richard Henderson; +Cc: QEMU Developers, Patch Tracking On 23 August 2013 19:09, Richard Henderson <rth@twiddle.net> wrote: > On 08/23/2013 09:12 AM, Peter Maydell wrote: >> - offset = (((int32_t)insn << 8) >> 8); >> - val += (offset << 2) + 4; >> + offset = sextract32(insn << 2, 0, 26); >> + val += offset + 4; > > I read this incorrectly at first, considering the shift of insn, and > I wonder if it's really the best way to write this because of that. > > What about just changing the one line to sextract(insn, 0, 24)? > > The second line by itself ought not trigger a warning from clang, > because the << 2 never changes the sign bit. If it still does, > perhaps just multiply by 4 instead... No, left shift of a negative value is undefined: "If E1 has a signed type and nonnegative value, and E1 × 2E2 is representable in the result type, then that is the resulting value; otherwise, the behavior is undefined." Also the ARM ARM pseudocode defines this operation as "first append two zero bits and then sign extend" so I prefer it if we actually implement it that way round. > It's a stupid warning. When was the last ones-compliment machine built? The stupidity is that the C standard hasn't mandated 2s-complement. -- PMM ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Qemu-devel] [PATCH 2/2] target-arm: Avoid "1 << 31" undefined behaviour 2013-08-23 16:12 [Qemu-devel] [PATCH 0/2] target-arm: Avoid clang sanitizer warnings Peter Maydell 2013-08-23 16:12 ` [Qemu-devel] [PATCH 1/2] target-arm: Use sextract32() in branch decode Peter Maydell @ 2013-08-23 16:12 ` Peter Maydell 2013-08-23 18:11 ` Richard Henderson 1 sibling, 1 reply; 7+ messages in thread From: Peter Maydell @ 2013-08-23 16:12 UTC (permalink / raw) To: qemu-devel; +Cc: patches Avoid the undefined behaviour of "1 << 31" by using 1U to make the shift be of an unsigned value rather than shifting into the sign bit of a signed integer. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target-arm/cpu.h | 2 +- target-arm/helper.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/target-arm/cpu.h b/target-arm/cpu.h index f2abdf3..f3bd501 100644 --- a/target-arm/cpu.h +++ b/target-arm/cpu.h @@ -285,7 +285,7 @@ int cpu_arm_handle_mmu_fault (CPUARMState *env, target_ulong address, int rw, #define CPSR_V (1 << 28) #define CPSR_C (1 << 29) #define CPSR_Z (1 << 30) -#define CPSR_N (1 << 31) +#define CPSR_N (1U << 31) #define CPSR_NZCV (CPSR_N | CPSR_Z | CPSR_C | CPSR_V) #define CPSR_IT (CPSR_IT_0_1 | CPSR_IT_2_7) diff --git a/target-arm/helper.c b/target-arm/helper.c index f4e1b06..b13edf1 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -972,7 +972,7 @@ static int par_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) static inline bool extended_addresses_enabled(CPUARMState *env) { return arm_feature(env, ARM_FEATURE_LPAE) - && (env->cp15.c2_control & (1 << 31)); + && (env->cp15.c2_control & (1U << 31)); } static int ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) @@ -1385,7 +1385,7 @@ static int mpidr_read(CPUARMState *env, const ARMCPRegInfo *ri, * so these bits always RAZ. */ if (arm_feature(env, ARM_FEATURE_V7MP)) { - mpidr |= (1 << 31); + mpidr |= (1U << 31); /* Cores which are uniprocessor (non-coherent) * but still implement the MP extensions set * bit 30. (For instance, A9UP.) However we do -- 1.7.9.5 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [Qemu-devel] [PATCH 2/2] target-arm: Avoid "1 << 31" undefined behaviour 2013-08-23 16:12 ` [Qemu-devel] [PATCH 2/2] target-arm: Avoid "1 << 31" undefined behaviour Peter Maydell @ 2013-08-23 18:11 ` Richard Henderson 2013-08-24 10:38 ` Peter Maydell 0 siblings, 1 reply; 7+ messages in thread From: Richard Henderson @ 2013-08-23 18:11 UTC (permalink / raw) To: Peter Maydell; +Cc: qemu-devel, patches On 08/23/2013 09:12 AM, Peter Maydell wrote: > #define CPSR_V (1 << 28) > #define CPSR_C (1 << 29) > #define CPSR_Z (1 << 30) > -#define CPSR_N (1 << 31) > +#define CPSR_N (1U << 31) > #define CPSR_NZCV (CPSR_N | CPSR_Z | CPSR_C | CPSR_V) You'd be better off making all of the CPSR bits unsigned, I think. r~ ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Qemu-devel] [PATCH 2/2] target-arm: Avoid "1 << 31" undefined behaviour 2013-08-23 18:11 ` Richard Henderson @ 2013-08-24 10:38 ` Peter Maydell 0 siblings, 0 replies; 7+ messages in thread From: Peter Maydell @ 2013-08-24 10:38 UTC (permalink / raw) To: Richard Henderson; +Cc: QEMU Developers, Patch Tracking On 23 August 2013 19:11, Richard Henderson <rth@twiddle.net> wrote: > On 08/23/2013 09:12 AM, Peter Maydell wrote: >> #define CPSR_V (1 << 28) >> #define CPSR_C (1 << 29) >> #define CPSR_Z (1 << 30) >> -#define CPSR_N (1 << 31) >> +#define CPSR_N (1U << 31) >> #define CPSR_NZCV (CPSR_N | CPSR_Z | CPSR_C | CPSR_V) > > You'd be better off making all of the CPSR bits unsigned, I think. Agreed; let's be consistent. -- PMM ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2013-08-24 10:38 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2013-08-23 16:12 [Qemu-devel] [PATCH 0/2] target-arm: Avoid clang sanitizer warnings Peter Maydell 2013-08-23 16:12 ` [Qemu-devel] [PATCH 1/2] target-arm: Use sextract32() in branch decode Peter Maydell 2013-08-23 18:09 ` Richard Henderson 2013-08-24 10:21 ` Peter Maydell 2013-08-23 16:12 ` [Qemu-devel] [PATCH 2/2] target-arm: Avoid "1 << 31" undefined behaviour Peter Maydell 2013-08-23 18:11 ` Richard Henderson 2013-08-24 10:38 ` Peter Maydell
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).