From: Aurelien Jarno <aurelien@aurel32.net>
To: Jia Liu <proljc@gmail.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH v11 05/14] target-mips: Add ASE DSP load instructions
Date: Wed, 17 Oct 2012 01:21:43 +0200 [thread overview]
Message-ID: <20121016232143.GA18454@ohm.aurel32.net> (raw)
In-Reply-To: <1350319158-7263-6-git-send-email-proljc@gmail.com>
On Tue, Oct 16, 2012 at 12:39:09AM +0800, Jia Liu wrote:
> Add MIPS ASE DSP Load instructions.
>
> Signed-off-by: Jia Liu <proljc@gmail.com>
> ---
> target-mips/translate.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 89 insertions(+)
>
> diff --git a/target-mips/translate.c b/target-mips/translate.c
> index f1e5bb0..7f08700 100644
> --- a/target-mips/translate.c
> +++ b/target-mips/translate.c
> @@ -313,6 +313,9 @@ enum {
> OPC_MODU_G_2E = 0x23 | OPC_SPECIAL3,
> OPC_DMOD_G_2E = 0x26 | OPC_SPECIAL3,
> OPC_DMODU_G_2E = 0x27 | OPC_SPECIAL3,
> +
> + /* MIPS DSP Load */
> + OPC_LX_DSP = 0x0A | OPC_SPECIAL3,
> };
>
> /* BSHFL opcodes */
> @@ -340,6 +343,17 @@ enum {
> #endif
> };
>
> +#define MASK_LX(op) (MASK_SPECIAL3(op) | (op & (0x1F << 6)))
> +/* MIPS DSP Load */
> +enum {
> + OPC_LBUX = (0x06 << 6) | OPC_LX_DSP,
> + OPC_LHX = (0x04 << 6) | OPC_LX_DSP,
> + OPC_LWX = (0x00 << 6) | OPC_LX_DSP,
> +#if defined(TARGET_MIPS64)
> + OPC_LDX = (0x08 << 6) | OPC_LX_DSP,
> +#endif
> +};
> +
> /* Coprocessor 0 (rs field) */
> #define MASK_CP0(op) MASK_OP_MAJOR(op) | (op & (0x1F << 21))
>
> @@ -12213,6 +12227,64 @@ static int decode_micromips_opc (CPUMIPSState *env, DisasContext *ctx, int *is_b
>
> #endif
>
> +/* MIPSDSP functions. */
> +static void gen_mipsdsp_ld(CPUMIPSState *env, DisasContext *ctx, uint32_t opc,
> + int rd, int base, int offset)
> +{
> + const char *opn = "ldx";
> + TCGv t0 = tcg_temp_new();
As the function can exit if rd == 0, this will create a temp leak, which
can be used by an attacker to crash QEMU. The tcg_temp_new() part
should be moved after the if
> + if (rd == 0 && env->insn_flags & (ASE_DSP | ASE_DSPR2)) {
> + MIPS_DEBUG("NOP");
> + return;
I still don't get the second part of the if testing the insn_flags. It
should be dropped.
> + } else if (base == 0) {
> + if (offset == 0) {
> + /* Address error. */
> + generate_exception(ctx, EXCP_AdEL);
I don't think this is correct.
> + } else {
> + gen_load_gpr(t0, offset);
Also gen_load_gpr() already handle the case offset == 0
> + }
> + } else if (offset == 0) {
> + gen_load_gpr(t0, base);
> + } else {
> + gen_op_addr_add(ctx, t0, cpu_gpr[base], cpu_gpr[offset]);
> + save_cpu_state(ctx, 0);
> + }
save_cpu_state() should not be conditionnal.
> + check_dsp(ctx);
Please move that higher in the function.
> + switch (opc) {
> + case OPC_LBUX:
> + op_ld_lbu(t0, t0, ctx);
> + gen_store_gpr(t0, rd);
> + opn = "lbux";
> + break;
> + case OPC_LHX:
> + op_ld_lh(t0, t0, ctx);
> + gen_store_gpr(t0, rd);
> + opn = "lhx";
> + break;
> + case OPC_LWX:
> + op_ld_lw(t0, t0, ctx);
> + gen_store_gpr(t0, rd);
> + opn = "lwx";
> + break;
> +#if defined(TARGET_MIPS64)
> + case OPC_LDX:
> + op_ld_ld(t0, t0, ctx);
> + gen_store_gpr(t0, rd);
> + opn = "ldx";
> + break;
> +#endif
> + }
> + (void)opn; /* avoid a compiler warning */
> + MIPS_DEBUG("%s %s, %s(%s)", opn,
> + regnames[rd], regnames[offset], regnames[base]);
> + tcg_temp_free(t0);
> +}
> +
> +
> +/* End MIPSDSP functions. */
> +
> static void decode_opc (CPUMIPSState *env, DisasContext *ctx, int *is_branch)
> {
> int32_t offset;
> @@ -12569,6 +12641,23 @@ static void decode_opc (CPUMIPSState *env, DisasContext *ctx, int *is_branch)
> check_insn(env, ctx, INSN_LOONGSON2E);
> gen_loongson_integer(ctx, op1, rd, rs, rt);
> break;
> + case OPC_LX_DSP:
> + op2 = MASK_LX(ctx->opcode);
> + switch (op2) {
> +#if defined(TARGET_MIPS64)
> + case OPC_LDX:
> +#endif
> + case OPC_LBUX:
> + case OPC_LHX:
> + case OPC_LWX:
> + gen_mipsdsp_ld(env, ctx, op2, rd, rs, rt);
> + break;
> + default: /* Invalid */
> + MIPS_INVAL("MASK LX");
> + generate_exception(ctx, EXCP_RI);
> + break;
> + }
> + break;
> #if defined(TARGET_MIPS64)
> case OPC_DEXTM ... OPC_DEXT:
> case OPC_DINSM ... OPC_DINS:
> --
> 1.7.10.2 (Apple Git-33)
>
>
--
Aurelien Jarno GPG: 1024D/F1BCDB73
aurelien@aurel32.net http://www.aurel32.net
next prev parent reply other threads:[~2012-10-16 23:21 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-15 16:39 [Qemu-devel] [PATCH v11 00/14] QEMU MIPS ASE DSP support Jia Liu
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 01/14] target-mips: Add ASE DSP internal functions Jia Liu
2012-10-16 23:20 ` Aurelien Jarno
2012-10-17 3:39 ` Jia Liu
2012-10-17 15:15 ` Aurelien Jarno
2012-10-18 1:53 ` Jia Liu
2012-10-18 6:05 ` Aurelien Jarno
2012-10-18 11:18 ` Aurelien Jarno
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 02/14] target-mips: Add ASE DSP resources access check Jia Liu
2012-10-16 23:21 ` Aurelien Jarno
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 03/14] target-mips: Use correct acc value to index cpu_HI/cpu_LO rather than using a fix number Jia Liu
2012-10-16 23:21 ` Aurelien Jarno
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 04/14] target-mips: Add ASE DSP branch instructions Jia Liu
2012-10-16 23:21 ` Aurelien Jarno
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 05/14] target-mips: Add ASE DSP load instructions Jia Liu
2012-10-16 23:21 ` Aurelien Jarno [this message]
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 06/14] target-mips: Add ASE DSP arithmetic instructions Jia Liu
2012-10-16 23:23 ` Aurelien Jarno
2012-10-17 4:05 ` Jia Liu
2012-10-17 4:54 ` Jia Liu
2012-10-17 6:05 ` Aurelien Jarno
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 07/14] target-mips: Add ASE DSP GPR based shift instructions Jia Liu
2012-10-16 23:23 ` Aurelien Jarno
2012-10-30 14:47 ` Jia Liu
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 08/14] target-mips: Add ASE DSP multiply instructions Jia Liu
2012-10-16 23:23 ` Aurelien Jarno
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 09/14] target-mips: Add ASE DSP bit/manipulation instructions Jia Liu
2012-10-16 23:23 ` Aurelien Jarno
2012-10-17 3:44 ` Jia Liu
2012-10-17 6:05 ` Aurelien Jarno
2012-10-17 7:16 ` Richard Henderson
2012-10-17 20:07 ` Aurelien Jarno
2012-10-18 0:09 ` Jia Liu
2012-10-17 7:41 ` Jia Liu
2012-10-17 15:15 ` Aurelien Jarno
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 10/14] target-mips: Add ASE DSP compare-pick instructions Jia Liu
2012-10-16 23:23 ` Aurelien Jarno
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 11/14] target-mips: Add ASE DSP accumulator instructions Jia Liu
2012-10-16 23:23 ` Aurelien Jarno
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 12/14] target-mips: Add ASE DSP processors Jia Liu
2012-10-16 23:23 ` Aurelien Jarno
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 13/14] target-mips: Add ASE DSP testcases Jia Liu
2012-10-16 23:23 ` Aurelien Jarno
2012-10-15 16:39 ` [Qemu-devel] [PATCH v11 14/14] target-mips: Change TODO file Jia Liu
2012-10-16 23:23 ` Aurelien Jarno
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121016232143.GA18454@ohm.aurel32.net \
--to=aurelien@aurel32.net \
--cc=proljc@gmail.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).