From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1DWd2D-000308-AH
	for qemu-devel@nongnu.org; Fri, 13 May 2005 12:29:09 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1DWd2B-0002zq-Fy
	for qemu-devel@nongnu.org; Fri, 13 May 2005 12:29:07 -0400
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1DWcxv-00013q-JK
	for qemu-devel@nongnu.org; Fri, 13 May 2005 12:24:43 -0400
Received: from [65.74.133.9] (helo=mail.codesourcery.com)
	by monty-python.gnu.org with esmtp
	(TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24) (Exim 4.34) id 1DWcl7-0006O7-4T
	for qemu-devel@nongnu.org; Fri, 13 May 2005 12:11:29 -0400
From: Paul Brook <paul@codesourcery.com>
Date: Fri, 13 May 2005 17:04:17 +0100
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200505131704.17413.paul@codesourcery.com>
Subject: [Qemu-devel] [patch] Arm saturating arithmetic bugs.
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: TAKAGO Daisuke <takago1129@hotmail.com>

The patch below fixes a couple of bugs in the arm saturating arithmetic 
instructions. It uses the correct registers, and makes sure the intermediate 
result is saturated properly.

Paul

? target-arm/p
Index: target-arm/op.c
===================================================================
RCS file: /cvsroot/qemu/qemu/target-arm/op.c,v
retrieving revision 1.13
diff -u -p -r1.13 op.c
--- target-arm/op.c	27 Apr 2005 20:25:20 -0000	1.13
+++ target-arm/op.c	13 May 2005 15:53:51 -0000
@@ -805,6 +805,23 @@ void OPPROTO op_subl_T0_T1_saturate(void
   FORCE_RET();
 }
 
+void OPPROTO op_double_T1_saturate(void)
+{
+  int32_t val;
+
+  val = T1;
+  if (val >= 0x40000000) {
+      T1 = 0x7fffffff;
+      env->QF = 1;
+  } else if (val <= (int32_t)0xc0000000) {
+      T1 = 0x80000000;
+      env->QF = 1;
+  } else {
+      T1 = val << 1;
+  }
+  FORCE_RET();
+}
+
 /* thumb shift by immediate */
 void OPPROTO op_shll_T0_im_thumb(void)
 {
Index: target-arm/translate.c
===================================================================
RCS file: /cvsroot/qemu/qemu/target-arm/translate.c,v
retrieving revision 1.24
diff -u -p -r1.24 translate.c
--- target-arm/translate.c	27 Apr 2005 20:25:20 -0000	1.24
+++ target-arm/translate.c	13 May 2005 15:53:51 -0000
@@ -1019,20 +1019,15 @@ static void disas_arm_insn(CPUState * en
         case 0x5: /* saturating add/subtract */
             rd = (insn >> 12) & 0xf;
             rn = (insn >> 16) & 0xf;
-            gen_movl_T0_reg(s, rn);
-            if (op1 & 2) {
-                gen_movl_T1_reg(s, rn);
-                if (op1 & 1) 
-                    gen_op_subl_T0_T1_saturate();
-                else
-                    gen_op_addl_T0_T1_saturate();
-            }
-            gen_movl_T1_reg(s, rm);
+            gen_movl_T0_reg(s, rm);
+            gen_movl_T1_reg(s, rn);
+            if (op1 & 2)
+                gen_op_double_T1_saturate();
             if (op1 & 1)
                 gen_op_subl_T0_T1_saturate();
             else
                 gen_op_addl_T0_T1_saturate();
-            gen_movl_reg_T0(s, rn);
+            gen_movl_reg_T0(s, rd);
             break;
         case 0x8: /* signed multiply */
         case 0xa: