* [Qemu-devel] [PATCH 0/2] target/arm: Fix FCMLA decoding errors
@ 2019-01-29 14:04 Peter Maydell
2019-01-29 14:04 ` [Qemu-devel] [PATCH 1/2] target/arm/translate-a64: Fix FCMLA decoding error Peter Maydell
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Peter Maydell @ 2019-01-29 14:04 UTC (permalink / raw)
To: qemu-arm, qemu-devel; +Cc: Richard Henderson, Laurent Desnogues
This patchset fixes the two bugs in our decode of
FCMLA (by element) reported by Laurent.
Based-on: 20190125182626.9221-1-peter.maydell@linaro.org
("target/arm: Fix various underdecodings")
thanks
-- PMM
Peter Maydell (2):
target/arm/translate-a64: Fix FCMLA decoding error
target/arm/translate-a64: Fix mishandling of size in FCMLA decode
target/arm/translate-a64.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--
2.20.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Qemu-devel] [PATCH 1/2] target/arm/translate-a64: Fix FCMLA decoding error
2019-01-29 14:04 [Qemu-devel] [PATCH 0/2] target/arm: Fix FCMLA decoding errors Peter Maydell
@ 2019-01-29 14:04 ` Peter Maydell
2019-01-29 14:24 ` Laurent Desnogues
2019-01-29 14:04 ` [Qemu-devel] [PATCH 2/2] target/arm/translate-a64: Fix mishandling of size in FCMLA decode Peter Maydell
2019-01-29 15:11 ` [Qemu-devel] [PATCH 0/2] target/arm: Fix FCMLA decoding errors Richard Henderson
2 siblings, 1 reply; 6+ messages in thread
From: Peter Maydell @ 2019-01-29 14:04 UTC (permalink / raw)
To: qemu-arm, qemu-devel; +Cc: Richard Henderson, Laurent Desnogues
The FCMLA (by element) instruction exists in the
"vector x indexed element" encoding group, but not in
the "scalar x indexed element" group. Correctly UNDEF
the unallocated encodings.
Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/translate-a64.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 30bc2412fc0..a7b999d2b5a 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -12650,7 +12650,7 @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn)
case 0x13: /* FCMLA #90 */
case 0x15: /* FCMLA #180 */
case 0x17: /* FCMLA #270 */
- if (!dc_isar_feature(aa64_fcma, s)) {
+ if (is_scalar || !dc_isar_feature(aa64_fcma, s)) {
unallocated_encoding(s);
return;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Qemu-devel] [PATCH 2/2] target/arm/translate-a64: Fix mishandling of size in FCMLA decode
2019-01-29 14:04 [Qemu-devel] [PATCH 0/2] target/arm: Fix FCMLA decoding errors Peter Maydell
2019-01-29 14:04 ` [Qemu-devel] [PATCH 1/2] target/arm/translate-a64: Fix FCMLA decoding error Peter Maydell
@ 2019-01-29 14:04 ` Peter Maydell
2019-01-29 14:25 ` Laurent Desnogues
2019-01-29 15:11 ` [Qemu-devel] [PATCH 0/2] target/arm: Fix FCMLA decoding errors Richard Henderson
2 siblings, 1 reply; 6+ messages in thread
From: Peter Maydell @ 2019-01-29 14:04 UTC (permalink / raw)
To: qemu-arm, qemu-devel; +Cc: Richard Henderson, Laurent Desnogues
In disas_simd_indexed(), for the case of "complex fp", each indexable
element is a complex pair, so the total size is twice that indicated
in the 'size' field in the encoding. We were trying to do this
"double the size" operation with a left shift by 1, but this is
incorrect because the 'size' field is a MO_8/MO_16/MO_32/MO_64
value, and doubling the size should be done by a simple increment.
This meant we were mishandling FCMLA (by element) of values where
the real and imaginary parts are 32-bit floats, and would incorrectly
UNDEF this encoding. (No other insns take this code path, and for
16-bit floats it happens that 1 << 1 and 1 + 1 are both the same).
Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/translate-a64.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index a7b999d2b5a..06418f0ac3c 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -12680,7 +12680,7 @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn)
case 2: /* complex fp */
/* Each indexable element is a complex pair. */
- size <<= 1;
+ size += 1;
switch (size) {
case MO_32:
if (h && !is_q) {
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [Qemu-devel] [PATCH 1/2] target/arm/translate-a64: Fix FCMLA decoding error
2019-01-29 14:04 ` [Qemu-devel] [PATCH 1/2] target/arm/translate-a64: Fix FCMLA decoding error Peter Maydell
@ 2019-01-29 14:24 ` Laurent Desnogues
0 siblings, 0 replies; 6+ messages in thread
From: Laurent Desnogues @ 2019-01-29 14:24 UTC (permalink / raw)
To: Peter Maydell; +Cc: qemu-arm, qemu-devel@nongnu.org, Richard Henderson
On Tue, Jan 29, 2019 at 3:04 PM Peter Maydell <peter.maydell@linaro.org> wrote:
>
> The FCMLA (by element) instruction exists in the
> "vector x indexed element" encoding group, but not in
> the "scalar x indexed element" group. Correctly UNDEF
> the unallocated encodings.
>
> Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Thanks,
Laurent
> ---
> target/arm/translate-a64.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
> index 30bc2412fc0..a7b999d2b5a 100644
> --- a/target/arm/translate-a64.c
> +++ b/target/arm/translate-a64.c
> @@ -12650,7 +12650,7 @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn)
> case 0x13: /* FCMLA #90 */
> case 0x15: /* FCMLA #180 */
> case 0x17: /* FCMLA #270 */
> - if (!dc_isar_feature(aa64_fcma, s)) {
> + if (is_scalar || !dc_isar_feature(aa64_fcma, s)) {
> unallocated_encoding(s);
> return;
> }
> --
> 2.20.1
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Qemu-devel] [PATCH 2/2] target/arm/translate-a64: Fix mishandling of size in FCMLA decode
2019-01-29 14:04 ` [Qemu-devel] [PATCH 2/2] target/arm/translate-a64: Fix mishandling of size in FCMLA decode Peter Maydell
@ 2019-01-29 14:25 ` Laurent Desnogues
0 siblings, 0 replies; 6+ messages in thread
From: Laurent Desnogues @ 2019-01-29 14:25 UTC (permalink / raw)
To: Peter Maydell; +Cc: qemu-arm, qemu-devel@nongnu.org, Richard Henderson
On Tue, Jan 29, 2019 at 3:04 PM Peter Maydell <peter.maydell@linaro.org> wrote:
>
> In disas_simd_indexed(), for the case of "complex fp", each indexable
> element is a complex pair, so the total size is twice that indicated
> in the 'size' field in the encoding. We were trying to do this
> "double the size" operation with a left shift by 1, but this is
> incorrect because the 'size' field is a MO_8/MO_16/MO_32/MO_64
> value, and doubling the size should be done by a simple increment.
>
> This meant we were mishandling FCMLA (by element) of values where
> the real and imaginary parts are 32-bit floats, and would incorrectly
> UNDEF this encoding. (No other insns take this code path, and for
> 16-bit floats it happens that 1 << 1 and 1 + 1 are both the same).
>
> Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Thanks,
Laurent
> ---
> target/arm/translate-a64.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
> index a7b999d2b5a..06418f0ac3c 100644
> --- a/target/arm/translate-a64.c
> +++ b/target/arm/translate-a64.c
> @@ -12680,7 +12680,7 @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn)
>
> case 2: /* complex fp */
> /* Each indexable element is a complex pair. */
> - size <<= 1;
> + size += 1;
> switch (size) {
> case MO_32:
> if (h && !is_q) {
> --
> 2.20.1
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Qemu-devel] [PATCH 0/2] target/arm: Fix FCMLA decoding errors
2019-01-29 14:04 [Qemu-devel] [PATCH 0/2] target/arm: Fix FCMLA decoding errors Peter Maydell
2019-01-29 14:04 ` [Qemu-devel] [PATCH 1/2] target/arm/translate-a64: Fix FCMLA decoding error Peter Maydell
2019-01-29 14:04 ` [Qemu-devel] [PATCH 2/2] target/arm/translate-a64: Fix mishandling of size in FCMLA decode Peter Maydell
@ 2019-01-29 15:11 ` Richard Henderson
2 siblings, 0 replies; 6+ messages in thread
From: Richard Henderson @ 2019-01-29 15:11 UTC (permalink / raw)
To: Peter Maydell, qemu-arm, qemu-devel; +Cc: Laurent Desnogues
On 1/29/19 6:04 AM, Peter Maydell wrote:
> Peter Maydell (2):
> target/arm/translate-a64: Fix FCMLA decoding error
> target/arm/translate-a64: Fix mishandling of size in FCMLA decode
>
> target/arm/translate-a64.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-01-29 15:11 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-01-29 14:04 [Qemu-devel] [PATCH 0/2] target/arm: Fix FCMLA decoding errors Peter Maydell
2019-01-29 14:04 ` [Qemu-devel] [PATCH 1/2] target/arm/translate-a64: Fix FCMLA decoding error Peter Maydell
2019-01-29 14:24 ` Laurent Desnogues
2019-01-29 14:04 ` [Qemu-devel] [PATCH 2/2] target/arm/translate-a64: Fix mishandling of size in FCMLA decode Peter Maydell
2019-01-29 14:25 ` Laurent Desnogues
2019-01-29 15:11 ` [Qemu-devel] [PATCH 0/2] target/arm: Fix FCMLA decoding errors Richard Henderson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).