* [PATCH 0/2] target/s390x: Fix EXECUTE of relative branches
@ 2023-04-26 23:58 Ilya Leoshkevich
2023-04-26 23:58 ` [PATCH 1/2] " Ilya Leoshkevich
2023-04-26 23:58 ` [PATCH 2/2] tests/tcg/s390x: Test " Ilya Leoshkevich
0 siblings, 2 replies; 5+ messages in thread
From: Ilya Leoshkevich @ 2023-04-26 23:58 UTC (permalink / raw)
To: Richard Henderson, David Hildenbrand, Thomas Huth
Cc: qemu-devel, qemu-s390x, Ilya Leoshkevich
Hi,
This series fixes EXECUTing relative branches: currently the offset is
incorrectly applied to EXECUTE and not the branch itself. This is
similar to what I previously fixed for load/store instructions.
Unfortunately here it's not feaisble to use the ri2 field, since it
would break the direct branch optimization. Instead, introduce the
disas_jdest() macro and pass its output to help_branch().
Patch 1 is the fix, patch 2 is the test.
Best regards,
Ilya
Ilya Leoshkevich (2):
target/s390x: Fix EXECUTE of relative branches
tests/tcg/s390x: Test EXECUTE of relative branches
target/s390x/tcg/translate.c | 81 +++++++++++-----
tests/tcg/s390x/Makefile.target | 1 +
tests/tcg/s390x/ex-branch.c | 158 ++++++++++++++++++++++++++++++++
3 files changed, 217 insertions(+), 23 deletions(-)
create mode 100644 tests/tcg/s390x/ex-branch.c
--
2.40.0
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 1/2] target/s390x: Fix EXECUTE of relative branches
2023-04-26 23:58 [PATCH 0/2] target/s390x: Fix EXECUTE of relative branches Ilya Leoshkevich
@ 2023-04-26 23:58 ` Ilya Leoshkevich
2023-04-27 12:38 ` Richard Henderson
2023-04-26 23:58 ` [PATCH 2/2] tests/tcg/s390x: Test " Ilya Leoshkevich
1 sibling, 1 reply; 5+ messages in thread
From: Ilya Leoshkevich @ 2023-04-26 23:58 UTC (permalink / raw)
To: Richard Henderson, David Hildenbrand, Thomas Huth
Cc: qemu-devel, qemu-s390x, Ilya Leoshkevich, Nina Schoetterl-Glausch
Fix a problem similar to the one fixed by commit 703d03a4aaf3
("target/s390x: Fix EXECUTE of relative long instructions"), but now
for relative branches.
Reported-by: Nina Schoetterl-Glausch <nsg@linux.ibm.com>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
target/s390x/tcg/translate.c | 81 ++++++++++++++++++++++++++----------
1 file changed, 58 insertions(+), 23 deletions(-)
diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
index 46b874e94da..2a681428af1 100644
--- a/target/s390x/tcg/translate.c
+++ b/target/s390x/tcg/translate.c
@@ -1534,18 +1534,51 @@ static DisasJumpType op_bal(DisasContext *s, DisasOps *o)
}
}
+/*
+ * Disassemble the target of a branch. The results are returned in a form
+ * suitable for passing into help_branch():
+ *
+ * - bool IS_IMM reflects whether the target is fixed or computed. Non-EXECUTEd
+ * branches, whose DisasContext *S contains the relative immediate field RI,
+ * are considered fixed. All the other branches are considered computed.
+ * - int IMM is the value of RI.
+ * - TCGv_i64 CDEST is the address of the computed target.
+ */
+#define disas_jdest(s, ri, is_imm, imm, cdest) do { \
+ if (have_field(s, ri)) { \
+ if (unlikely(s->ex_value)) { \
+ cdest = tcg_temp_new_i64(); \
+ tcg_gen_ld_i64(cdest, cpu_env, offsetof(CPUS390XState, ex_target));\
+ tcg_gen_addi_i64(cdest, cdest, (int64_t)get_field(s, ri) * 2); \
+ is_imm = false; \
+ } else { \
+ is_imm = true; \
+ } \
+ } else { \
+ is_imm = false; \
+ } \
+ imm = is_imm ? get_field(s, ri) : 0; \
+} while (false)
+
static DisasJumpType op_basi(DisasContext *s, DisasOps *o)
{
+ DisasCompare c;
+ bool is_imm;
+ int imm;
+
pc_to_link_info(o->out, s, s->pc_tmp);
- return help_goto_direct(s, s->base.pc_next + (int64_t)get_field(s, i2) * 2);
+
+ disas_jdest(s, i2, is_imm, imm, o->in2);
+ disas_jcc(s, &c, 0xf);
+ return help_branch(s, &c, is_imm, imm, o->in2);
}
static DisasJumpType op_bc(DisasContext *s, DisasOps *o)
{
int m1 = get_field(s, m1);
- bool is_imm = have_field(s, i2);
- int imm = is_imm ? get_field(s, i2) : 0;
DisasCompare c;
+ bool is_imm;
+ int imm;
/* BCR with R2 = 0 causes no branching */
if (have_field(s, r2) && get_field(s, r2) == 0) {
@@ -1562,6 +1595,7 @@ static DisasJumpType op_bc(DisasContext *s, DisasOps *o)
return DISAS_NEXT;
}
+ disas_jdest(s, i2, is_imm, imm, o->in2);
disas_jcc(s, &c, m1);
return help_branch(s, &c, is_imm, imm, o->in2);
}
@@ -1569,10 +1603,10 @@ static DisasJumpType op_bc(DisasContext *s, DisasOps *o)
static DisasJumpType op_bct32(DisasContext *s, DisasOps *o)
{
int r1 = get_field(s, r1);
- bool is_imm = have_field(s, i2);
- int imm = is_imm ? get_field(s, i2) : 0;
DisasCompare c;
+ bool is_imm;
TCGv_i64 t;
+ int imm;
c.cond = TCG_COND_NE;
c.is_64 = false;
@@ -1584,6 +1618,7 @@ static DisasJumpType op_bct32(DisasContext *s, DisasOps *o)
c.u.s32.b = tcg_constant_i32(0);
tcg_gen_extrl_i64_i32(c.u.s32.a, t);
+ disas_jdest(s, i2, is_imm, imm, o->in2);
return help_branch(s, &c, is_imm, imm, o->in2);
}
@@ -1611,9 +1646,9 @@ static DisasJumpType op_bcth(DisasContext *s, DisasOps *o)
static DisasJumpType op_bct64(DisasContext *s, DisasOps *o)
{
int r1 = get_field(s, r1);
- bool is_imm = have_field(s, i2);
- int imm = is_imm ? get_field(s, i2) : 0;
DisasCompare c;
+ bool is_imm;
+ int imm;
c.cond = TCG_COND_NE;
c.is_64 = true;
@@ -1622,6 +1657,7 @@ static DisasJumpType op_bct64(DisasContext *s, DisasOps *o)
c.u.s64.a = regs[r1];
c.u.s64.b = tcg_constant_i64(0);
+ disas_jdest(s, i2, is_imm, imm, o->in2);
return help_branch(s, &c, is_imm, imm, o->in2);
}
@@ -1629,10 +1665,10 @@ static DisasJumpType op_bx32(DisasContext *s, DisasOps *o)
{
int r1 = get_field(s, r1);
int r3 = get_field(s, r3);
- bool is_imm = have_field(s, i2);
- int imm = is_imm ? get_field(s, i2) : 0;
DisasCompare c;
+ bool is_imm;
TCGv_i64 t;
+ int imm;
c.cond = (s->insn->data ? TCG_COND_LE : TCG_COND_GT);
c.is_64 = false;
@@ -1645,6 +1681,7 @@ static DisasJumpType op_bx32(DisasContext *s, DisasOps *o)
tcg_gen_extrl_i64_i32(c.u.s32.b, regs[r3 | 1]);
store_reg32_i64(r1, t);
+ disas_jdest(s, i2, is_imm, imm, o->in2);
return help_branch(s, &c, is_imm, imm, o->in2);
}
@@ -1652,9 +1689,9 @@ static DisasJumpType op_bx64(DisasContext *s, DisasOps *o)
{
int r1 = get_field(s, r1);
int r3 = get_field(s, r3);
- bool is_imm = have_field(s, i2);
- int imm = is_imm ? get_field(s, i2) : 0;
DisasCompare c;
+ bool is_imm;
+ int imm;
c.cond = (s->insn->data ? TCG_COND_LE : TCG_COND_GT);
c.is_64 = true;
@@ -1668,6 +1705,7 @@ static DisasJumpType op_bx64(DisasContext *s, DisasOps *o)
tcg_gen_add_i64(regs[r1], regs[r1], regs[r3]);
c.u.s64.a = regs[r1];
+ disas_jdest(s, i2, is_imm, imm, o->in2);
return help_branch(s, &c, is_imm, imm, o->in2);
}
@@ -1685,10 +1723,9 @@ static DisasJumpType op_cj(DisasContext *s, DisasOps *o)
c.u.s64.a = o->in1;
c.u.s64.b = o->in2;
- is_imm = have_field(s, i4);
- if (is_imm) {
- imm = get_field(s, i4);
- } else {
+ o->out = NULL;
+ disas_jdest(s, i4, is_imm, imm, o->out);
+ if (!is_imm && !o->out) {
imm = 0;
o->out = get_address(s, 0, get_field(s, b4),
get_field(s, d4));
@@ -5774,15 +5811,13 @@ static void in2_a2(DisasContext *s, DisasOps *o)
static TCGv gen_ri2(DisasContext *s)
{
- int64_t delta = (int64_t)get_field(s, i2) * 2;
- TCGv ri2;
+ TCGv ri2 = NULL;
+ bool is_imm;
+ int imm;
- if (unlikely(s->ex_value)) {
- ri2 = tcg_temp_new_i64();
- tcg_gen_ld_i64(ri2, cpu_env, offsetof(CPUS390XState, ex_target));
- tcg_gen_addi_i64(ri2, ri2, delta);
- } else {
- ri2 = tcg_constant_i64(s->base.pc_next + delta);
+ disas_jdest(s, i2, is_imm, imm, ri2);
+ if (is_imm) {
+ ri2 = tcg_constant_i64(s->base.pc_next + imm * 2);
}
return ri2;
--
2.40.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/2] tests/tcg/s390x: Test EXECUTE of relative branches
2023-04-26 23:58 [PATCH 0/2] target/s390x: Fix EXECUTE of relative branches Ilya Leoshkevich
2023-04-26 23:58 ` [PATCH 1/2] " Ilya Leoshkevich
@ 2023-04-26 23:58 ` Ilya Leoshkevich
2023-04-27 12:40 ` Richard Henderson
1 sibling, 1 reply; 5+ messages in thread
From: Ilya Leoshkevich @ 2023-04-26 23:58 UTC (permalink / raw)
To: Richard Henderson, David Hildenbrand, Thomas Huth
Cc: qemu-devel, qemu-s390x, Ilya Leoshkevich
Add a small test to prevent regressions.
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
tests/tcg/s390x/Makefile.target | 1 +
tests/tcg/s390x/ex-branch.c | 158 ++++++++++++++++++++++++++++++++
2 files changed, 159 insertions(+)
create mode 100644 tests/tcg/s390x/ex-branch.c
diff --git a/tests/tcg/s390x/Makefile.target b/tests/tcg/s390x/Makefile.target
index 0031868b136..23dc8b6a63f 100644
--- a/tests/tcg/s390x/Makefile.target
+++ b/tests/tcg/s390x/Makefile.target
@@ -34,6 +34,7 @@ TESTS+=cdsg
TESTS+=chrl
TESTS+=rxsbg
TESTS+=ex-relative-long
+TESTS+=ex-branch
cdsg: CFLAGS+=-pthread
cdsg: LDFLAGS+=-pthread
diff --git a/tests/tcg/s390x/ex-branch.c b/tests/tcg/s390x/ex-branch.c
new file mode 100644
index 00000000000..c6067191528
--- /dev/null
+++ b/tests/tcg/s390x/ex-branch.c
@@ -0,0 +1,158 @@
+/* Check EXECUTE with relative branch instructions as targets. */
+#include <assert.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+struct test {
+ const char *name;
+ void (*func)(long *link, long *magic);
+ long exp_link;
+};
+
+/* Branch instructions and their expected effects. */
+#define LINK_64(test) ((long)test ## _exp_link)
+#define LINK_NONE(test) -1L
+#define FOR_EACH_INSN(F) \
+ F(bras, "%[link]", LINK_64) \
+ F(brasl, "%[link]", LINK_64) \
+ F(brc, "0x8", LINK_NONE) \
+ F(brcl, "0x8", LINK_NONE) \
+ F(brct, "%%r0", LINK_NONE) \
+ F(brctg, "%%r0", LINK_NONE) \
+ F(brxh, "%%r2,%%r0", LINK_NONE) \
+ F(brxhg, "%%r2,%%r0", LINK_NONE) \
+ F(brxle, "%%r0,%%r1", LINK_NONE) \
+ F(brxlg, "%%r0,%%r1", LINK_NONE) \
+ F(crj, "%%r0,%%r0,8", LINK_NONE) \
+ F(cgrj, "%%r0,%%r0,8", LINK_NONE) \
+ F(cij, "%%r0,0,8", LINK_NONE) \
+ F(cgij, "%%r0,0,8", LINK_NONE) \
+ F(clrj, "%%r0,%%r0,8", LINK_NONE) \
+ F(clgrj, "%%r0,%%r0,8", LINK_NONE) \
+ F(clij, "%%r0,0,8", LINK_NONE) \
+ F(clgij, "%%r0,0,8", LINK_NONE)
+
+#define INIT_TEST \
+ "xgr %%r0,%%r0\n" /* %r0 = 0; %cc = 0 */ \
+ "lghi %%r1,1\n" /* %r1 = 1 */ \
+ "lghi %%r2,2\n" /* %r2 = 2 */
+
+#define CLOBBERS_TEST "cc", "0", "1", "2"
+
+#define DEFINE_TEST(insn, args, exp_link) \
+ extern char insn ## _exp_link[]; \
+ static void test_ ## insn(long *link, long *magic) \
+ { \
+ asm(INIT_TEST \
+ #insn " " args ",0f\n" \
+ ".globl " #insn "_exp_link\n" \
+ #insn "_exp_link:\n" \
+ ".org . + 90\n" \
+ "0: lgfi %[magic],0x12345678\n" \
+ : [link] "+r" (*link) \
+ , [magic] "+r" (*magic) \
+ : : CLOBBERS_TEST); \
+ } \
+ extern char ex_ ## insn ## _exp_link[]; \
+ static void test_ex_ ## insn(long *link, long *magic) \
+ { \
+ unsigned long target; \
+ \
+ asm(INIT_TEST \
+ "larl %[target],0f\n" \
+ "ex %%r0,0(%[target])\n" \
+ ".globl ex_" #insn "_exp_link\n" \
+ "ex_" #insn "_exp_link:\n" \
+ ".org . + 60\n" \
+ "0: " #insn " " args ",1f\n" \
+ ".org . + 120\n" \
+ "1: lgfi %[magic],0x12345678\n" \
+ : [target] "=r" (target) \
+ , [link] "+r" (*link) \
+ , [magic] "+r" (*magic) \
+ : : CLOBBERS_TEST); \
+ } \
+ extern char exrl_ ## insn ## _exp_link[]; \
+ static void test_exrl_ ## insn(long *link, long *magic) \
+ { \
+ asm(INIT_TEST \
+ "exrl %%r0,0f\n" \
+ ".globl exrl_" #insn "_exp_link\n" \
+ "exrl_" #insn "_exp_link:\n" \
+ ".org . + 60\n" \
+ "0: " #insn " " args ",1f\n" \
+ ".org . + 120\n" \
+ "1: lgfi %[magic],0x12345678\n" \
+ : [link] "+r" (*link) \
+ , [magic] "+r" (*magic) \
+ : : CLOBBERS_TEST); \
+ }
+
+/* Test functions. */
+FOR_EACH_INSN(DEFINE_TEST)
+
+/* Test definitions. */
+#define REGISTER_TEST(insn, args, _exp_link) \
+ { \
+ .name = #insn, \
+ .func = test_ ## insn, \
+ .exp_link = (_exp_link(insn)), \
+ }, \
+ { \
+ .name = "ex " #insn, \
+ .func = test_ex_ ## insn, \
+ .exp_link = (_exp_link(ex_ ## insn)), \
+ }, \
+ { \
+ .name = "exrl " #insn, \
+ .func = test_exrl_ ## insn, \
+ .exp_link = (_exp_link(exrl_ ## insn)), \
+ },
+
+static const struct test tests[] = {
+ FOR_EACH_INSN(REGISTER_TEST)
+};
+
+int main(int argc, char **argv)
+{
+ const struct test *test;
+ int ret = EXIT_SUCCESS;
+ bool verbose = false;
+ long link, magic;
+ size_t i;
+
+ for (i = 1; i < argc; i++) {
+ if (strcmp(argv[i], "-v") == 0) {
+ verbose = true;
+ }
+ }
+
+ for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) {
+ test = &tests[i];
+ if (verbose) {
+ fprintf(stderr, "[ RUN ] %s\n", test->name);
+ }
+ link = -1;
+ magic = -1;
+ test->func(&link, &magic);
+#define ASSERT_EQ(expected, actual) do { \
+ if (expected != actual) { \
+ fprintf(stderr, "%s: " #expected " (0x%lx) != " #actual " (0x%lx)\n", \
+ test->name, expected, actual); \
+ ret = EXIT_FAILURE; \
+ } \
+} while (0)
+ ASSERT_EQ(test->exp_link, link);
+ ASSERT_EQ(0x12345678L, magic);
+#undef ASSERT_EQ
+ }
+
+ if (verbose) {
+ fprintf(stderr, ret == EXIT_SUCCESS ? "[ PASSED ]\n" :
+ "[ FAILED ]\n");
+ }
+
+ return ret;
+}
--
2.40.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/2] target/s390x: Fix EXECUTE of relative branches
2023-04-26 23:58 ` [PATCH 1/2] " Ilya Leoshkevich
@ 2023-04-27 12:38 ` Richard Henderson
0 siblings, 0 replies; 5+ messages in thread
From: Richard Henderson @ 2023-04-27 12:38 UTC (permalink / raw)
To: Ilya Leoshkevich, David Hildenbrand, Thomas Huth
Cc: qemu-devel, qemu-s390x, Nina Schoetterl-Glausch
On 4/27/23 00:58, Ilya Leoshkevich wrote:
> Fix a problem similar to the one fixed by commit 703d03a4aaf3
> ("target/s390x: Fix EXECUTE of relative long instructions"), but now
> for relative branches.
>
> Reported-by: Nina Schoetterl-Glausch <nsg@linux.ibm.com>
> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
> ---
> target/s390x/tcg/translate.c | 81 ++++++++++++++++++++++++++----------
> 1 file changed, 58 insertions(+), 23 deletions(-)
>
> diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
> index 46b874e94da..2a681428af1 100644
> --- a/target/s390x/tcg/translate.c
> +++ b/target/s390x/tcg/translate.c
> @@ -1534,18 +1534,51 @@ static DisasJumpType op_bal(DisasContext *s, DisasOps *o)
> }
> }
>
> +/*
> + * Disassemble the target of a branch. The results are returned in a form
> + * suitable for passing into help_branch():
> + *
> + * - bool IS_IMM reflects whether the target is fixed or computed. Non-EXECUTEd
> + * branches, whose DisasContext *S contains the relative immediate field RI,
> + * are considered fixed. All the other branches are considered computed.
> + * - int IMM is the value of RI.
> + * - TCGv_i64 CDEST is the address of the computed target.
> + */
> +#define disas_jdest(s, ri, is_imm, imm, cdest) do { \
> + if (have_field(s, ri)) { \
> + if (unlikely(s->ex_value)) { \
> + cdest = tcg_temp_new_i64(); \
> + tcg_gen_ld_i64(cdest, cpu_env, offsetof(CPUS390XState, ex_target));\
> + tcg_gen_addi_i64(cdest, cdest, (int64_t)get_field(s, ri) * 2); \
> + is_imm = false; \
> + } else { \
> + is_imm = true; \
> + } \
> + } else { \
> + is_imm = false; \
> + } \
> + imm = is_imm ? get_field(s, ri) : 0; \
> +} while (false)
I'm not especially fond of the macro, but given the variable field, I don't know how else
to structure it.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 2/2] tests/tcg/s390x: Test EXECUTE of relative branches
2023-04-26 23:58 ` [PATCH 2/2] tests/tcg/s390x: Test " Ilya Leoshkevich
@ 2023-04-27 12:40 ` Richard Henderson
0 siblings, 0 replies; 5+ messages in thread
From: Richard Henderson @ 2023-04-27 12:40 UTC (permalink / raw)
To: Ilya Leoshkevich, David Hildenbrand, Thomas Huth; +Cc: qemu-devel, qemu-s390x
On 4/27/23 00:58, Ilya Leoshkevich wrote:
> Add a small test to prevent regressions.
>
> Signed-off-by: Ilya Leoshkevich<iii@linux.ibm.com>
> ---
> tests/tcg/s390x/Makefile.target | 1 +
> tests/tcg/s390x/ex-branch.c | 158 ++++++++++++++++++++++++++++++++
> 2 files changed, 159 insertions(+)
> create mode 100644 tests/tcg/s390x/ex-branch.c
I'll admit I got lost in the macro expansion.
Acked-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-04-27 12:42 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-04-26 23:58 [PATCH 0/2] target/s390x: Fix EXECUTE of relative branches Ilya Leoshkevich
2023-04-26 23:58 ` [PATCH 1/2] " Ilya Leoshkevich
2023-04-27 12:38 ` Richard Henderson
2023-04-26 23:58 ` [PATCH 2/2] tests/tcg/s390x: Test " Ilya Leoshkevich
2023-04-27 12:40 ` Richard Henderson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).