From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:48762) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZMKnX-0005fH-Aa for qemu-devel@nongnu.org; Mon, 03 Aug 2015 14:49:20 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZMKnU-0002mu-JM for qemu-devel@nongnu.org; Mon, 03 Aug 2015 14:49:19 -0400 Received: from mail-pd0-x236.google.com ([2607:f8b0:400e:c02::236]:35962) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZMKnU-0002mk-CB for qemu-devel@nongnu.org; Mon, 03 Aug 2015 14:49:16 -0400 Received: by pdco4 with SMTP id o4so11695679pdc.3 for ; Mon, 03 Aug 2015 11:49:15 -0700 (PDT) Sender: Richard Henderson From: Richard Henderson Date: Mon, 3 Aug 2015 11:49:10 -0700 Message-Id: <1438627752-19903-2-git-send-email-rth@twiddle.net> In-Reply-To: <1438627752-19903-1-git-send-email-rth@twiddle.net> References: <1438627752-19903-1-git-send-email-rth@twiddle.net> Subject: [Qemu-devel] [PATCH 1/3] target-mips: Copy restrictions from ext/ins to dext/dins List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: leon.alrae@imgtec.com, aurelien@aurel32.net The checks in dins is required to avoid triggering an assertion in tcg_gen_deposit_tl. The check in dext is just for completeness. Fold the other D cases in via fallthru. In this case the errant dins appears to be data, not code, as translation failed to stop after a break insn. Signed-off-by: Richard Henderson --- target-mips/translate.c | 44 ++++++++++++++++++++++++-------------------- 1 file changed, 24 insertions(+), 20 deletions(-) diff --git a/target-mips/translate.c b/target-mips/translate.c index d1de35a..2a91565 100644 --- a/target-mips/translate.c +++ b/target-mips/translate.c @@ -4750,48 +4750,52 @@ static void gen_bitops (DisasContext *ctx, uint32_t opc, int rt, gen_load_gpr(t1, rs); switch (opc) { case OPC_EXT: - if (lsb + msb > 31) + if (lsb + msb > 31) { goto fail; + } tcg_gen_shri_tl(t0, t1, lsb); if (msb != 31) { - tcg_gen_andi_tl(t0, t0, (1 << (msb + 1)) - 1); + tcg_gen_andi_tl(t0, t0, (1U << (msb + 1)) - 1); } else { tcg_gen_ext32s_tl(t0, t0); } break; #if defined(TARGET_MIPS64) - case OPC_DEXTM: - tcg_gen_shri_tl(t0, t1, lsb); - if (msb != 31) { - tcg_gen_andi_tl(t0, t0, (1ULL << (msb + 1 + 32)) - 1); - } - break; case OPC_DEXTU: - tcg_gen_shri_tl(t0, t1, lsb + 32); - tcg_gen_andi_tl(t0, t0, (1ULL << (msb + 1)) - 1); - break; + lsb += 32; + /* FALLTHRU */ + case OPC_DEXTM: + msb += 32; + /* FALLTHRU */ case OPC_DEXT: + if (lsb + msb > 63) { + goto fail; + } tcg_gen_shri_tl(t0, t1, lsb); - tcg_gen_andi_tl(t0, t0, (1ULL << (msb + 1)) - 1); + if (msb != 63) { + tcg_gen_andi_tl(t0, t0, (1ULL << (msb + 1)) - 1); + } break; #endif case OPC_INS: - if (lsb > msb) + if (lsb > msb) { goto fail; + } gen_load_gpr(t0, rt); tcg_gen_deposit_tl(t0, t0, t1, lsb, msb - lsb + 1); tcg_gen_ext32s_tl(t0, t0); break; #if defined(TARGET_MIPS64) - case OPC_DINSM: - gen_load_gpr(t0, rt); - tcg_gen_deposit_tl(t0, t0, t1, lsb, msb + 32 - lsb + 1); - break; case OPC_DINSU: - gen_load_gpr(t0, rt); - tcg_gen_deposit_tl(t0, t0, t1, lsb + 32, msb - lsb + 1); - break; + lsb += 32; + /* FALLTHRU */ + case OPC_DINSM: + msb += 32; + /* FALLTHRU */ case OPC_DINS: + if (lsb > msb) { + goto fail; + } gen_load_gpr(t0, rt); tcg_gen_deposit_tl(t0, t0, t1, lsb, msb - lsb + 1); break; -- 2.4.3