[PATCH 00/14] target/s390x: Miscellaneous TCG fixes, part 2

[PATCH 00/14] target/s390x: Miscellaneous TCG fixes, part 2

[Ilya Leoshkevich]

Hi,

Here is another set of fixes for issues found by randomized testing.

Most of them have to do with simple insufficient error handling or
corner cases, but 3/14 and 6/14 took a while to figure out, and
hopefully I got the fixes right. 13/14 is a test for an issue that
Richard has already fixed, but I thought it would be helpful to have it
anyway.

Best regards,
Ilya

Ilya Leoshkevich (14):
  target/s390x: Make CKSM raise an exception if R2 is odd
  target/s390x: Fix CLM with M3=0
  target/s390x: Fix CONVERT TO LOGICAL/FIXED with out-of-range inputs
  target/s390x: Fix ICM with M3=0
  target/s390x: Make MC raise specification exception when class >= 16
  tcg/{i386,s390x}: Add earlyclobber to the op_add2's first output
  target/s390x: Fix assertion failure in VFMIN/VFMAX with reserved type
  tests/tcg/s390x: Test CKSM
  tests/tcg/s390x: Test CLGEBR and CGEBRA
  tests/tcg/s390x: Test CLM
  tests/tcg/s390x: Test ICM
  tests/tcg/s390x: Test MC
  tests/tcg/s390x: Test STPQ
  tests/tcg/s390x: Test VCKSM

 target/s390x/tcg/excp_helper.c          |  2 +-
 target/s390x/tcg/fpu_helper.c           |  3 +-
 target/s390x/tcg/mem_helper.c           |  5 +++
 target/s390x/tcg/translate.c            | 21 ++++++++--
 target/s390x/tcg/vec_fpu_helper.c       | 24 +++++++----
 tcg/i386/tcg-target-con-set.h           |  2 +-
 tcg/i386/tcg-target.c.inc               |  2 +-
 tcg/s390x/tcg-target-con-set.h          |  5 +--
 tcg/s390x/tcg-target.c.inc              |  4 +-
 tcg/tcg.c                               |  8 +++-
 tests/tcg/s390x/Makefile.softmmu-target |  5 +++
 tests/tcg/s390x/Makefile.target         |  6 +++
 tests/tcg/s390x/cgebra.c                | 32 ++++++++++++++
 tests/tcg/s390x/cksm.S                  | 29 +++++++++++++
 tests/tcg/s390x/clgebr.c                | 32 ++++++++++++++
 tests/tcg/s390x/clm.S                   | 29 +++++++++++++
 tests/tcg/s390x/icm.S                   | 32 ++++++++++++++
 tests/tcg/s390x/mc.S                    | 56 +++++++++++++++++++++++++
 tests/tcg/s390x/stpq.S                  | 20 +++++++++
 tests/tcg/s390x/vcksm.c                 | 31 ++++++++++++++
 tests/tcg/s390x/vx.h                    |  2 +
 21 files changed, 327 insertions(+), 23 deletions(-)
 create mode 100644 tests/tcg/s390x/cgebra.c
 create mode 100644 tests/tcg/s390x/cksm.S
 create mode 100644 tests/tcg/s390x/clgebr.c
 create mode 100644 tests/tcg/s390x/clm.S
 create mode 100644 tests/tcg/s390x/icm.S
 create mode 100644 tests/tcg/s390x/mc.S
 create mode 100644 tests/tcg/s390x/stpq.S
 create mode 100644 tests/tcg/s390x/vcksm.c

-- 
2.41.0

[PATCH 01/14] target/s390x: Make CKSM raise an exception if R2 is odd

[Ilya Leoshkevich]

R2 designates an even-odd register pair; the instruction should raise
a specification exception when R2 is not even.

Cc: qemu-stable@nongnu.org
Fixes: e023e832d0ac ("s390x: translate engine for s390x CPU")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
 target/s390x/tcg/translate.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
index 6661b27efa4..2f61e879878 100644
--- a/target/s390x/tcg/translate.c
+++ b/target/s390x/tcg/translate.c
@@ -1991,11 +1991,18 @@ static DisasJumpType op_cxlgb(DisasContext *s, DisasOps *o)
 static DisasJumpType op_cksm(DisasContext *s, DisasOps *o)
 {
     int r2 = get_field(s, r2);
-    TCGv_i128 pair = tcg_temp_new_i128();
-    TCGv_i64 len = tcg_temp_new_i64();
+    TCGv_i128 pair;
+    TCGv_i64 len;
+
+    if (r2 & 1) {
+        gen_program_exception(s, PGM_SPECIFICATION);
+        return DISAS_NORETURN;
+    }
 
+    pair = tcg_temp_new_i128();
     gen_helper_cksm(pair, cpu_env, o->in1, o->in2, regs[r2 + 1]);
     set_cc_static(s);
+    len = tcg_temp_new_i64();
     tcg_gen_extr_i128_i64(o->out, len, pair);
 
     tcg_gen_add_i64(regs[r2], regs[r2], len);
-- 
2.41.0

[PATCH 02/14] target/s390x: Fix CLM with M3=0

[Ilya Leoshkevich]

When the mask is zero, access exceptions should still be recognized for
1 byte at the second-operand address. CC should be set to 0.

Cc: qemu-stable@nongnu.org
Fixes: defb0e3157af ("s390x: Implement opcode helpers")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
 target/s390x/tcg/mem_helper.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c
index f417fb1183c..d6dc8b32620 100644
--- a/target/s390x/tcg/mem_helper.c
+++ b/target/s390x/tcg/mem_helper.c
@@ -667,6 +667,11 @@ uint32_t HELPER(clm)(CPUS390XState *env, uint32_t r1, uint32_t mask,
     HELPER_LOG("%s: r1 0x%x mask 0x%x addr 0x%" PRIx64 "\n", __func__, r1,
                mask, addr);
 
+    if (!mask) {
+        /* Recognize access exceptions for the first byte */
+        cpu_ldub_data_ra(env, addr, ra);
+    }
+
     while (mask) {
         if (mask & 8) {
             uint8_t d = cpu_ldub_data_ra(env, addr, ra);
-- 
2.41.0

[PATCH 03/14] target/s390x: Fix CONVERT TO LOGICAL/FIXED with out-of-range inputs

[Ilya Leoshkevich]

CONVERT TO LOGICAL/FIXED deviate from IEEE 754 in that they raise an
inexact exception on out-of-range inputs. float_flag_invalid_cvti
aligns nicely with that behavior, so convert it to
S390_IEEE_MASK_INEXACT.

Cc: qemu-stable@nongnu.org
Fixes: defb0e3157af ("s390x: Implement opcode helpers")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
 target/s390x/tcg/fpu_helper.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target/s390x/tcg/fpu_helper.c b/target/s390x/tcg/fpu_helper.c
index 4b7fa58af3e..3d941ed2d28 100644
--- a/target/s390x/tcg/fpu_helper.c
+++ b/target/s390x/tcg/fpu_helper.c
@@ -52,7 +52,8 @@ uint8_t s390_softfloat_exc_to_ieee(unsigned int exc)
     s390_exc |= (exc & float_flag_divbyzero) ? S390_IEEE_MASK_DIVBYZERO : 0;
     s390_exc |= (exc & float_flag_overflow) ? S390_IEEE_MASK_OVERFLOW : 0;
     s390_exc |= (exc & float_flag_underflow) ? S390_IEEE_MASK_UNDERFLOW : 0;
-    s390_exc |= (exc & float_flag_inexact) ? S390_IEEE_MASK_INEXACT : 0;
+    s390_exc |= (exc & (float_flag_inexact | float_flag_invalid_cvti)) ?
+                S390_IEEE_MASK_INEXACT : 0;
 
     return s390_exc;
 }
-- 
2.41.0

[PATCH 04/14] target/s390x: Fix ICM with M3=0

[Ilya Leoshkevich]

When the mask is zero, access exceptions should still be recognized for
1 byte at the second-operand address. CC should be set to 0.

Cc: qemu-stable@nongnu.org
Fixes: e023e832d0ac ("s390x: translate engine for s390x CPU")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
 target/s390x/tcg/translate.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
index 2f61e879878..2d7cc8963b4 100644
--- a/target/s390x/tcg/translate.c
+++ b/target/s390x/tcg/translate.c
@@ -2516,6 +2516,12 @@ static DisasJumpType op_icm(DisasContext *s, DisasOps *o)
         len = 8;
         goto one_insert;
 
+    case 0:
+        /* Recognize access exceptions for the first byte.  */
+        tcg_gen_qemu_ld_i64(tmp, o->in2, get_mem_index(s), MO_UB);
+        gen_op_movi_cc(s, 0);
+        return DISAS_NEXT;
+
     one_insert:
         pos = base + ctz32(m3) * 8;
         tcg_gen_deposit_i64(o->out, o->out, tmp, pos, len);
-- 
2.41.0

[PATCH 05/14] target/s390x: Make MC raise specification exception when class >= 16

[Ilya Leoshkevich]

MC requires bit positions 8-11 (upper 4 bits of class) to be zeros,
otherwise it must raise a specification exception.

Cc: qemu-stable@nongnu.org
Fixes: 20d143e2cab8 ("s390x/tcg: Implement MONITOR CALL")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
 target/s390x/tcg/excp_helper.c | 2 +-
 target/s390x/tcg/translate.c   | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/target/s390x/tcg/excp_helper.c b/target/s390x/tcg/excp_helper.c
index 228aa9f2373..3da337f7c72 100644
--- a/target/s390x/tcg/excp_helper.c
+++ b/target/s390x/tcg/excp_helper.c
@@ -639,7 +639,7 @@ void monitor_event(CPUS390XState *env,
 void HELPER(monitor_call)(CPUS390XState *env, uint64_t monitor_code,
                           uint32_t monitor_class)
 {
-    g_assert(monitor_class <= 0xff);
+    g_assert(monitor_class <= 0xf);
 
     if (env->cregs[8] & (0x8000 >> monitor_class)) {
         monitor_event(env, monitor_code, monitor_class, GETPC());
diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
index 2d7cc8963b4..4b32c2333c2 100644
--- a/target/s390x/tcg/translate.c
+++ b/target/s390x/tcg/translate.c
@@ -3184,9 +3184,9 @@ static DisasJumpType op_lcbb(DisasContext *s, DisasOps *o)
 
 static DisasJumpType op_mc(DisasContext *s, DisasOps *o)
 {
-    const uint16_t monitor_class = get_field(s, i2);
+    const uint8_t monitor_class = get_field(s, i2);
 
-    if (monitor_class & 0xff00) {
+    if (monitor_class & 0xf0) {
         gen_program_exception(s, PGM_SPECIFICATION);
         return DISAS_NORETURN;
     }
-- 
2.41.0

[PATCH 06/14] tcg/{i386, s390x}: Add earlyclobber to the op_add2's first output

[Ilya Leoshkevich]

i386 and s390x implementations of op_add2 require an earlyclobber,
which is currently missing. This breaks VCKSM in s390x guests. E.g., on
x86_64 the following op:

    add2_i32 tmp2,tmp3,tmp2,tmp3,tmp3,tmp2   dead: 0 2 3 4 5  pref=none,0xffff

is translated to:

    addl     %ebx, %r12d
    adcl     %r12d, %ebx

Introduce a new C_N1_O1_I4 constraint, and make sure that earlyclobber
of aliased outputs is honored.

Cc: qemu-stable@nongnu.org
Fixes: 82790a870992 ("tcg: Add markup for output requires new register")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
 tcg/i386/tcg-target-con-set.h  | 2 +-
 tcg/i386/tcg-target.c.inc      | 2 +-
 tcg/s390x/tcg-target-con-set.h | 5 ++---
 tcg/s390x/tcg-target.c.inc     | 4 ++--
 tcg/tcg.c                      | 8 +++++++-
 5 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/tcg/i386/tcg-target-con-set.h b/tcg/i386/tcg-target-con-set.h
index 91ceb0e1da2..cb4b25263e9 100644
--- a/tcg/i386/tcg-target-con-set.h
+++ b/tcg/i386/tcg-target-con-set.h
@@ -53,4 +53,4 @@ C_O2_I1(r, r, L)
 C_O2_I2(a, d, a, r)
 C_O2_I2(r, r, L, L)
 C_O2_I3(a, d, 0, 1, r)
-C_O2_I4(r, r, 0, 1, re, re)
+C_N1_O1_I4(r, r, 0, 1, re, re)
diff --git a/tcg/i386/tcg-target.c.inc b/tcg/i386/tcg-target.c.inc
index ab997b5fb39..77482da0709 100644
--- a/tcg/i386/tcg-target.c.inc
+++ b/tcg/i386/tcg-target.c.inc
@@ -3335,7 +3335,7 @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
     case INDEX_op_add2_i64:
     case INDEX_op_sub2_i32:
     case INDEX_op_sub2_i64:
-        return C_O2_I4(r, r, 0, 1, re, re);
+        return C_N1_O1_I4(r, r, 0, 1, re, re);
 
     case INDEX_op_ctz_i32:
     case INDEX_op_ctz_i64:
diff --git a/tcg/s390x/tcg-target-con-set.h b/tcg/s390x/tcg-target-con-set.h
index cbad91b2b56..ce779e8b44a 100644
--- a/tcg/s390x/tcg-target-con-set.h
+++ b/tcg/s390x/tcg-target-con-set.h
@@ -41,6 +41,5 @@ C_O2_I1(o, m, r)
 C_O2_I2(o, m, 0, r)
 C_O2_I2(o, m, r, r)
 C_O2_I3(o, m, 0, 1, r)
-C_O2_I4(r, r, 0, 1, rA, r)
-C_O2_I4(r, r, 0, 1, ri, r)
-C_O2_I4(r, r, 0, 1, r, r)
+C_N1_O1_I4(r, r, 0, 1, ri, r)
+C_N1_O1_I4(r, r, 0, 1, rA, r)
diff --git a/tcg/s390x/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
index a878acd8ca6..a94f7908d64 100644
--- a/tcg/s390x/tcg-target.c.inc
+++ b/tcg/s390x/tcg-target.c.inc
@@ -3229,11 +3229,11 @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
 
     case INDEX_op_add2_i32:
     case INDEX_op_sub2_i32:
-        return C_O2_I4(r, r, 0, 1, ri, r);
+        return C_N1_O1_I4(r, r, 0, 1, ri, r);
 
     case INDEX_op_add2_i64:
     case INDEX_op_sub2_i64:
-        return C_O2_I4(r, r, 0, 1, rA, r);
+        return C_N1_O1_I4(r, r, 0, 1, rA, r);
 
     case INDEX_op_st_vec:
         return C_O0_I2(v, r);
diff --git a/tcg/tcg.c b/tcg/tcg.c
index 652e8ea6b93..ddfe9a96cb7 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -648,6 +648,7 @@ static void tcg_out_movext3(TCGContext *s, const TCGMovExtend *i1,
 #define C_O2_I2(O1, O2, I1, I2)         C_PFX4(c_o2_i2_, O1, O2, I1, I2),
 #define C_O2_I3(O1, O2, I1, I2, I3)     C_PFX5(c_o2_i3_, O1, O2, I1, I2, I3),
 #define C_O2_I4(O1, O2, I1, I2, I3, I4) C_PFX6(c_o2_i4_, O1, O2, I1, I2, I3, I4),
+#define C_N1_O1_I4(O1, O2, I1, I2, I3, I4) C_PFX6(c_n1_o1_i4_, O1, O2, I1, I2, I3, I4),
 
 typedef enum {
 #include "tcg-target-con-set.h"
@@ -668,6 +669,7 @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode);
 #undef C_O2_I2
 #undef C_O2_I3
 #undef C_O2_I4
+#undef C_N1_O1_I4
 
 /* Put all of the constraint sets into an array, indexed by the enum. */
 
@@ -687,6 +689,7 @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode);
 #define C_O2_I2(O1, O2, I1, I2)         { .args_ct_str = { #O1, #O2, #I1, #I2 } },
 #define C_O2_I3(O1, O2, I1, I2, I3)     { .args_ct_str = { #O1, #O2, #I1, #I2, #I3 } },
 #define C_O2_I4(O1, O2, I1, I2, I3, I4) { .args_ct_str = { #O1, #O2, #I1, #I2, #I3, #I4 } },
+#define C_N1_O1_I4(O1, O2, I1, I2, I3, I4) { .args_ct_str = { "&" #O1, #O2, #I1, #I2, #I3, #I4 } },
 
 static const TCGTargetOpDef constraint_sets[] = {
 #include "tcg-target-con-set.h"
@@ -706,6 +709,7 @@ static const TCGTargetOpDef constraint_sets[] = {
 #undef C_O2_I2
 #undef C_O2_I3
 #undef C_O2_I4
+#undef C_N1_O1_I4
 
 /* Expand the enumerator to be returned from tcg_target_op_def(). */
 
@@ -725,6 +729,7 @@ static const TCGTargetOpDef constraint_sets[] = {
 #define C_O2_I2(O1, O2, I1, I2)         C_PFX4(c_o2_i2_, O1, O2, I1, I2)
 #define C_O2_I3(O1, O2, I1, I2, I3)     C_PFX5(c_o2_i3_, O1, O2, I1, I2, I3)
 #define C_O2_I4(O1, O2, I1, I2, I3, I4) C_PFX6(c_o2_i4_, O1, O2, I1, I2, I3, I4)
+#define C_N1_O1_I4(O1, O2, I1, I2, I3, I4) C_PFX6(c_n1_o1_i4_, O1, O2, I1, I2, I3, I4)
 
 #include "tcg-target.c.inc"
 
@@ -4703,7 +4708,8 @@ static void tcg_reg_alloc_op(TCGContext *s, const TCGOp *op)
                  * dead after the instruction, we must allocate a new
                  * register and move it.
                  */
-                if (temp_readonly(ts) || !IS_DEAD_ARG(i)) {
+                if (temp_readonly(ts) || !IS_DEAD_ARG(i)
+                    || def->args_ct[arg_ct->alias_index].newreg) {
                     allocate_new_reg = true;
                 } else if (ts->val_type == TEMP_VAL_REG) {
                     /*
-- 
2.41.0

[PATCH 07/14] target/s390x: Fix assertion failure in VFMIN/VFMAX with reserved type

[Ilya Leoshkevich]

Passing reserved type to VFMIN/VFMAX causes an assertion failure in
vfmin_res() and vfmax_res(). These instructions should raise a
specification exception in this case.

Cc: qemu-stable@nongnu.org
Fixes: da4807527f3b ("s390x/tcg: Implement VECTOR FP (MAXIMUM|MINIMUM)")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
 target/s390x/tcg/vec_fpu_helper.c | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/target/s390x/tcg/vec_fpu_helper.c b/target/s390x/tcg/vec_fpu_helper.c
index 75cf605b9f4..f1671679879 100644
--- a/target/s390x/tcg/vec_fpu_helper.c
+++ b/target/s390x/tcg/vec_fpu_helper.c
@@ -915,7 +915,7 @@ static void vfminmax32(S390Vector *v1, const S390Vector *v2,
         float32 b = s390_vec_read_float32(v3, i);
         float32 result;
 
-        if (type != S390_MINMAX_TYPE_IEEE) {
+        if (type > S390_MINMAX_TYPE_IEEE && type <= S390_MINMAX_TYPE_F) {
             S390MinMaxRes res;
 
             if (is_abs) {
@@ -944,12 +944,14 @@ static void vfminmax32(S390Vector *v1, const S390Vector *v2,
             default:
                 g_assert_not_reached();
             }
-        } else if (!is_abs) {
+        } else if (type == S390_MINMAX_TYPE_IEEE && !is_abs) {
             result = is_min ? float32_minnum(a, b, &env->fpu_status) :
                               float32_maxnum(a, b, &env->fpu_status);
-        } else {
+        } else if (type == S390_MINMAX_TYPE_IEEE) {
             result = is_min ? float32_minnummag(a, b, &env->fpu_status) :
                               float32_maxnummag(a, b, &env->fpu_status);
+        } else {
+            tcg_s390_program_interrupt(env, PGM_SPECIFICATION, retaddr);
         }
 
         s390_vec_write_float32(&tmp, i, result);
@@ -977,7 +979,7 @@ static void vfminmax64(S390Vector *v1, const S390Vector *v2,
         float64 b = s390_vec_read_float64(v3, i);
         float64 result;
 
-        if (type != S390_MINMAX_TYPE_IEEE) {
+        if (type > S390_MINMAX_TYPE_IEEE && type <= S390_MINMAX_TYPE_F) {
             S390MinMaxRes res;
 
             if (is_abs) {
@@ -1006,12 +1008,14 @@ static void vfminmax64(S390Vector *v1, const S390Vector *v2,
             default:
                 g_assert_not_reached();
             }
-        } else if (!is_abs) {
+        } else if (type == S390_MINMAX_TYPE_IEEE && !is_abs) {
             result = is_min ? float64_minnum(a, b, &env->fpu_status) :
                               float64_maxnum(a, b, &env->fpu_status);
-        } else {
+        } else if (type == S390_MINMAX_TYPE_IEEE) {
             result = is_min ? float64_minnummag(a, b, &env->fpu_status) :
                               float64_maxnummag(a, b, &env->fpu_status);
+        } else {
+            tcg_s390_program_interrupt(env, PGM_SPECIFICATION, retaddr);
         }
 
         s390_vec_write_float64(&tmp, i, result);
@@ -1035,7 +1039,7 @@ static void vfminmax128(S390Vector *v1, const S390Vector *v2,
     uint8_t vxc, vec_exc = 0;
     float128 result;
 
-    if (type != S390_MINMAX_TYPE_IEEE) {
+    if (type > S390_MINMAX_TYPE_IEEE && type <= S390_MINMAX_TYPE_F) {
         S390MinMaxRes res;
 
         if (is_abs) {
@@ -1064,12 +1068,14 @@ static void vfminmax128(S390Vector *v1, const S390Vector *v2,
         default:
             g_assert_not_reached();
         }
-    } else if (!is_abs) {
+    } else if (type == S390_MINMAX_TYPE_IEEE && !is_abs) {
         result = is_min ? float128_minnum(a, b, &env->fpu_status) :
                           float128_maxnum(a, b, &env->fpu_status);
-    } else {
+    } else if (type == S390_MINMAX_TYPE_IEEE) {
         result = is_min ? float128_minnummag(a, b, &env->fpu_status) :
                           float128_maxnummag(a, b, &env->fpu_status);
+    } else {
+        tcg_s390_program_interrupt(env, PGM_SPECIFICATION, retaddr);
     }
 
     vxc = check_ieee_exc(env, 0, false, &vec_exc);
-- 
2.41.0

[PATCH 08/14] tests/tcg/s390x: Test CKSM

[Ilya Leoshkevich]

Add a small test to prevent regressions.

Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
 tests/tcg/s390x/Makefile.softmmu-target |  1 +
 tests/tcg/s390x/cksm.S                  | 29 +++++++++++++++++++++++++
 2 files changed, 30 insertions(+)
 create mode 100644 tests/tcg/s390x/cksm.S

diff --git a/tests/tcg/s390x/Makefile.softmmu-target b/tests/tcg/s390x/Makefile.softmmu-target
index 242c7b0f83c..e813e318db9 100644
--- a/tests/tcg/s390x/Makefile.softmmu-target
+++ b/tests/tcg/s390x/Makefile.softmmu-target
@@ -16,6 +16,7 @@ LDFLAGS=-nostdlib -static
 
 ASM_TESTS =                                                                    \
     bal                                                                        \
+    cksm                                                                       \
     exrl-ssm-early                                                             \
     sam                                                                        \
     lpsw                                                                       \
diff --git a/tests/tcg/s390x/cksm.S b/tests/tcg/s390x/cksm.S
new file mode 100644
index 00000000000..a45f3ef6bfd
--- /dev/null
+++ b/tests/tcg/s390x/cksm.S
@@ -0,0 +1,29 @@
+    .org 0x8e
+program_interruption_code:
+    .org 0x1d0                         /* program new PSW */
+    .quad 0,pgm
+    .org 0x200                         /* lowcore padding */
+    .globl _start
+_start:
+    lmg %r0,%r1,cksm_args
+    cksm %r2,%r0
+    c %r2,cksm_exp
+    jne failure
+    cksm %r2,%r15
+failure:
+    lpswe failure_psw
+pgm:
+    chhsi program_interruption_code,6  /* specification exception? */
+    jne failure
+    lpswe success_psw
+cksm_args:
+    .quad cksm_buf, 16
+cksm_buf:
+    .quad 0xaaaabbbbcccc0000, 0x12345678
+cksm_exp:
+    .long 0x89ab1234
+    .align 8
+success_psw:
+    .quad 0x2000000000000,0xfff        /* see is_special_wait_psw() */
+failure_psw:
+    .quad 0x2000000000000,0            /* disabled wait */
-- 
2.41.0

[PATCH 09/14] tests/tcg/s390x: Test CLGEBR and CGEBRA

[Ilya Leoshkevich]

Add a small test to prevent regressions.

Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
 tests/tcg/s390x/Makefile.target |  5 +++++
 tests/tcg/s390x/cgebra.c        | 32 ++++++++++++++++++++++++++++++++
 tests/tcg/s390x/clgebr.c        | 32 ++++++++++++++++++++++++++++++++
 3 files changed, 69 insertions(+)
 create mode 100644 tests/tcg/s390x/cgebra.c
 create mode 100644 tests/tcg/s390x/clgebr.c

diff --git a/tests/tcg/s390x/Makefile.target b/tests/tcg/s390x/Makefile.target
index 19fbbc6e531..71bf39b78d3 100644
--- a/tests/tcg/s390x/Makefile.target
+++ b/tests/tcg/s390x/Makefile.target
@@ -39,12 +39,17 @@ TESTS+=mxdb
 TESTS+=epsw
 TESTS+=larl
 TESTS+=mdeb
+TESTS+=cgebra
+TESTS+=clgebr
 
 cdsg: CFLAGS+=-pthread
 cdsg: LDFLAGS+=-pthread
 
 rxsbg: CFLAGS+=-O2
 
+cgebra: LDFLAGS+=-lm
+clgebr: LDFLAGS+=-lm
+
 include $(S390X_SRC)/pgm-specification.mak
 $(PGM_SPECIFICATION_TESTS): pgm-specification-user.o
 $(PGM_SPECIFICATION_TESTS): LDFLAGS+=pgm-specification-user.o
diff --git a/tests/tcg/s390x/cgebra.c b/tests/tcg/s390x/cgebra.c
new file mode 100644
index 00000000000..f91e10d2d3c
--- /dev/null
+++ b/tests/tcg/s390x/cgebra.c
@@ -0,0 +1,32 @@
+/*
+ * Test the CGEBRA instruction.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#include <assert.h>
+#include <fenv.h>
+#include <stdlib.h>
+
+int main(void)
+{
+    float r2 = 1E+300;
+    long long r1;
+    int cc;
+
+    feclearexcept(FE_ALL_EXCEPT);
+    asm("cgebra %[r1],%[m3],%[r2],%[m4]\n"
+        "ipm %[cc]\n"
+        : [r1] "=r" (r1)
+        , [cc] "=r" (cc)
+        : [m3] "i" (5) /* round toward 0 */
+        , [r2] "f" (r2)
+        , [m4] "i" (8) /* bit 0 is set, but must be ignored; XxC is not set */
+        : "cc");
+    cc >>= 28;
+
+    assert(r1 == 0x7fffffffffffffffLL);
+    assert(cc == 3);
+    assert(fetestexcept(FE_ALL_EXCEPT) == (FE_INVALID | FE_INEXACT));
+
+    return EXIT_SUCCESS;
+}
diff --git a/tests/tcg/s390x/clgebr.c b/tests/tcg/s390x/clgebr.c
new file mode 100644
index 00000000000..d491899b56e
--- /dev/null
+++ b/tests/tcg/s390x/clgebr.c
@@ -0,0 +1,32 @@
+/*
+ * Test the CLGEBR instruction.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#include <assert.h>
+#include <fenv.h>
+#include <stdlib.h>
+
+int main(void)
+{
+    float r2 = -1;
+    long long r1;
+    int cc;
+
+    feclearexcept(FE_ALL_EXCEPT);
+    asm("clgebr %[r1],%[m3],%[r2],%[m4]\n"
+        "ipm %[cc]\n"
+        : [r1] "=r" (r1)
+        , [cc] "=r" (cc)
+        : [m3] "i" (5) /* round toward 0 */
+        , [r2] "f" (r2)
+        , [m4] "i" (8) /* bit 0 is set, but must be ignored; XxC is not set */
+        : "cc");
+    cc >>= 28;
+
+    assert(r1 == 0);
+    assert(cc == 3);
+    assert(fetestexcept(FE_ALL_EXCEPT) == (FE_INVALID | FE_INEXACT));
+
+    return EXIT_SUCCESS;
+}
-- 
2.41.0

[PATCH 10/14] tests/tcg/s390x: Test CLM

[Ilya Leoshkevich]

Add a small test to prevent regressions.

Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
 tests/tcg/s390x/Makefile.softmmu-target |  1 +
 tests/tcg/s390x/clm.S                   | 29 +++++++++++++++++++++++++
 2 files changed, 30 insertions(+)
 create mode 100644 tests/tcg/s390x/clm.S

diff --git a/tests/tcg/s390x/Makefile.softmmu-target b/tests/tcg/s390x/Makefile.softmmu-target
index e813e318db9..062d8e368aa 100644
--- a/tests/tcg/s390x/Makefile.softmmu-target
+++ b/tests/tcg/s390x/Makefile.softmmu-target
@@ -17,6 +17,7 @@ LDFLAGS=-nostdlib -static
 ASM_TESTS =                                                                    \
     bal                                                                        \
     cksm                                                                       \
+    clm                                                                        \
     exrl-ssm-early                                                             \
     sam                                                                        \
     lpsw                                                                       \
diff --git a/tests/tcg/s390x/clm.S b/tests/tcg/s390x/clm.S
new file mode 100644
index 00000000000..17156a81f2a
--- /dev/null
+++ b/tests/tcg/s390x/clm.S
@@ -0,0 +1,29 @@
+    .org 0x8e
+program_interruption_code:
+    .org 0x1d0                         /* program new PSW */
+    .quad 0,pgm
+    .org 0x200                         /* lowcore padding */
+    .globl _start
+_start:
+    lgrl %r0,op1
+    clm %r0,6,op2
+    jle failure
+    lgrl %r1,bad_addr
+    clm %r0,0,0(%r1)
+failure:
+    lpswe failure_psw
+pgm:
+    chhsi program_interruption_code,5  /* addressing exception? */
+    jne failure
+    lpswe success_psw
+    .align 8
+op1:
+    .quad 0x1234567887654321
+op2:
+    .quad 0x3456789abcdef012
+bad_addr:
+    .quad 0xffffffff00000000
+success_psw:
+    .quad 0x2000000000000,0xfff        /* see is_special_wait_psw() */
+failure_psw:
+    .quad 0x2000000000000,0            /* disabled wait */
-- 
2.41.0

[PATCH 11/14] tests/tcg/s390x: Test ICM

[Ilya Leoshkevich]

Add a small test to prevent regressions.

Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
 tests/tcg/s390x/Makefile.softmmu-target |  1 +
 tests/tcg/s390x/icm.S                   | 32 +++++++++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 tests/tcg/s390x/icm.S

diff --git a/tests/tcg/s390x/Makefile.softmmu-target b/tests/tcg/s390x/Makefile.softmmu-target
index 062d8e368aa..58684d7da71 100644
--- a/tests/tcg/s390x/Makefile.softmmu-target
+++ b/tests/tcg/s390x/Makefile.softmmu-target
@@ -19,6 +19,7 @@ ASM_TESTS =                                                                    \
     cksm                                                                       \
     clm                                                                        \
     exrl-ssm-early                                                             \
+    icm                                                                        \
     sam                                                                        \
     lpsw                                                                       \
     lpswe-early                                                                \
diff --git a/tests/tcg/s390x/icm.S b/tests/tcg/s390x/icm.S
new file mode 100644
index 00000000000..d24d1f52fb8
--- /dev/null
+++ b/tests/tcg/s390x/icm.S
@@ -0,0 +1,32 @@
+    .org 0x8e
+program_interruption_code:
+    .org 0x1d0                         /* program new PSW */
+    .quad 0,pgm
+    .org 0x200                         /* lowcore padding */
+    .globl _start
+_start:
+    lgrl %r0,op1
+    icm %r0,10,op2
+    cg %r0,exp
+    jne failure
+    lgrl %r1,bad_addr
+    icm %r0,0,0(%r1)
+failure:
+    lpswe failure_psw
+pgm:
+    chhsi program_interruption_code,5  /* addressing exception? */
+    jne failure
+    lpswe success_psw
+    .align 8
+op1:
+    .quad 0x1234567887654321
+op2:
+    .quad 0x0011223344556677
+exp:
+    .quad 0x1234567800651121
+bad_addr:
+    .quad 0xffffffff00000000
+success_psw:
+    .quad 0x2000000000000,0xfff        /* see is_special_wait_psw() */
+failure_psw:
+    .quad 0x2000000000000,0            /* disabled wait */
-- 
2.41.0

[PATCH 12/14] tests/tcg/s390x: Test MC

[Ilya Leoshkevich]

Add a small test to prevent regressions.

Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
 tests/tcg/s390x/Makefile.softmmu-target |  1 +
 tests/tcg/s390x/mc.S                    | 56 +++++++++++++++++++++++++
 2 files changed, 57 insertions(+)
 create mode 100644 tests/tcg/s390x/mc.S

diff --git a/tests/tcg/s390x/Makefile.softmmu-target b/tests/tcg/s390x/Makefile.softmmu-target
index 58684d7da71..145e0bfde16 100644
--- a/tests/tcg/s390x/Makefile.softmmu-target
+++ b/tests/tcg/s390x/Makefile.softmmu-target
@@ -24,6 +24,7 @@ ASM_TESTS =                                                                    \
     lpsw                                                                       \
     lpswe-early                                                                \
     lra                                                                        \
+    mc                                                                         \
     ssm-early                                                                  \
     stosm-early                                                                \
     unaligned-lowcore
diff --git a/tests/tcg/s390x/mc.S b/tests/tcg/s390x/mc.S
new file mode 100644
index 00000000000..e7466bb4b57
--- /dev/null
+++ b/tests/tcg/s390x/mc.S
@@ -0,0 +1,56 @@
+    .org 0x8d
+ilc:
+    .org 0x8e
+program_interruption_code:
+    .org 0x94
+monitor_class:
+    .org 0xb0
+monitor_code:
+    .org 0x150
+program_old_psw:
+    .org 0x1d0                              /* program new PSW */
+    .quad 0x180000000,pgm                   /* 64-bit mode */
+    .org 0x200                              /* lowcore padding */
+    .globl _start
+_start:
+    stctg %c8,%c8,c8                        /* enable only monitor class 1 */
+    mvhhi c8+6,0x4000
+    lctlg %c8,%c8,c8
+mc_nop:
+    mc 123,0
+mc_monitor_event:
+    mc 321,1
+    j failure
+mc_specification:
+    mc 333,16
+    j failure
+pgm:
+    lgrl %r0,program_old_psw+8              /* ilc adjustment */
+    llgc %r1,ilc
+    sgr %r0,%r1
+    larl %r1,mc_monitor_event               /* dispatch based on old PSW */
+    cgrje %r0,%r1,pgm_monitor_event
+    larl %r1,mc_specification
+    cgrje %r0,%r1,pgm_specification
+    j failure
+pgm_monitor_event:
+    chhsi program_interruption_code,0x40    /* monitor event? */
+    jne failure
+    chhsi monitor_class,1                   /* class from mc_monitor_event? */
+    jne failure
+    cghsi monitor_code,321                  /* code from mc_monitor_event? */
+    jne failure
+    j mc_specification                      /* next test */
+pgm_specification:
+    chhsi program_interruption_code,6       /* specification exception? */
+    jne failure
+    lpswe success_psw
+failure:
+    lpswe failure_psw
+    .align 8
+c8:
+    .quad 0
+success_psw:
+    .quad 0x2000000000000,0xfff             /* see is_special_wait_psw() */
+failure_psw:
+    .quad 0x2000000000000,0                 /* disabled wait */
-- 
2.41.0

[PATCH 13/14] tests/tcg/s390x: Test STPQ

[Ilya Leoshkevich]

Add a small test to prevent regressions.

Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
 tests/tcg/s390x/Makefile.softmmu-target |  1 +
 tests/tcg/s390x/stpq.S                  | 20 ++++++++++++++++++++
 2 files changed, 21 insertions(+)
 create mode 100644 tests/tcg/s390x/stpq.S

diff --git a/tests/tcg/s390x/Makefile.softmmu-target b/tests/tcg/s390x/Makefile.softmmu-target
index 145e0bfde16..76345b6e643 100644
--- a/tests/tcg/s390x/Makefile.softmmu-target
+++ b/tests/tcg/s390x/Makefile.softmmu-target
@@ -27,6 +27,7 @@ ASM_TESTS =                                                                    \
     mc                                                                         \
     ssm-early                                                                  \
     stosm-early                                                                \
+    stpq                                                                       \
     unaligned-lowcore
 
 include $(S390X_SRC)/pgm-specification.mak
diff --git a/tests/tcg/s390x/stpq.S b/tests/tcg/s390x/stpq.S
new file mode 100644
index 00000000000..687a52eafa7
--- /dev/null
+++ b/tests/tcg/s390x/stpq.S
@@ -0,0 +1,20 @@
+    .org 0x200                         /* lowcore padding */
+    .globl _start
+_start:
+    lgrl %r0,value
+    lgrl %r1,value+8
+    stpq %r0,stored_value
+    clc stored_value(16),value
+    jne failure
+    lpswe success_psw
+failure:
+    lpswe failure_psw
+    .align 16
+value:
+    .quad 0x1234567887654321, 0x8765432112345678
+stored_value:
+    .quad 0, 0
+success_psw:
+    .quad 0x2000000000000,0xfff        /* see is_special_wait_psw() */
+failure_psw:
+    .quad 0x2000000000000,0            /* disabled wait */
-- 
2.41.0

[PATCH 14/14] tests/tcg/s390x: Test VCKSM

[Ilya Leoshkevich]

Add a small test to prevent regressions.

Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
 tests/tcg/s390x/Makefile.target |  1 +
 tests/tcg/s390x/vcksm.c         | 31 +++++++++++++++++++++++++++++++
 tests/tcg/s390x/vx.h            |  2 ++
 3 files changed, 34 insertions(+)
 create mode 100644 tests/tcg/s390x/vcksm.c

diff --git a/tests/tcg/s390x/Makefile.target b/tests/tcg/s390x/Makefile.target
index 71bf39b78d3..1fc98099070 100644
--- a/tests/tcg/s390x/Makefile.target
+++ b/tests/tcg/s390x/Makefile.target
@@ -58,6 +58,7 @@ TESTS += $(PGM_SPECIFICATION_TESTS)
 Z13_TESTS=vistr
 Z13_TESTS+=lcbb
 Z13_TESTS+=locfhr
+Z13_TESTS+=vcksm
 $(Z13_TESTS): CFLAGS+=-march=z13 -O2
 TESTS+=$(Z13_TESTS)
 
diff --git a/tests/tcg/s390x/vcksm.c b/tests/tcg/s390x/vcksm.c
new file mode 100644
index 00000000000..452daaae6ce
--- /dev/null
+++ b/tests/tcg/s390x/vcksm.c
@@ -0,0 +1,31 @@
+/*
+ * Test the VCKSM instruction.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#include <assert.h>
+#include <stdlib.h>
+#include <string.h>
+#include "vx.h"
+
+int main(void)
+{
+    S390Vector v1;
+    S390Vector v2 = {
+        .d[0] = 0xb2261c8140edce49ULL,
+        .d[1] = 0x387bf5a433af39d1ULL,
+    };
+    S390Vector v3 = {
+        .d[0] = 0x73b03d2c7f9e654eULL,
+        .d[1] = 0x23d74e51fb479877ULL,
+    };
+    S390Vector exp = {.d[0] = 0xdedd7f8eULL, .d[1] = 0ULL};
+
+    asm volatile("vcksm %[v1],%[v2],%[v3]"
+                 : [v1] "=v" (v1.v)
+                 : [v2] "v" (v2.v)
+                 , [v3] "v" (v3.v));
+    assert(memcmp(&v1, &exp, sizeof(v1)) == 0);
+
+    return EXIT_SUCCESS;
+}
diff --git a/tests/tcg/s390x/vx.h b/tests/tcg/s390x/vx.h
index 02e7fd518a8..00701dbe35f 100644
--- a/tests/tcg/s390x/vx.h
+++ b/tests/tcg/s390x/vx.h
@@ -1,6 +1,8 @@
 #ifndef QEMU_TESTS_S390X_VX_H
 #define QEMU_TESTS_S390X_VX_H
 
+#include <stdint.h>
+
 typedef union S390Vector {
     uint64_t d[2];  /* doubleword */
     uint32_t w[4];  /* word */
-- 
2.41.0

Re: [PATCH 01/14] target/s390x: Make CKSM raise an exception if R2 is odd

[David Hildenbrand]

On 18.07.23 23:21, Ilya Leoshkevich wrote:
> R2 designates an even-odd register pair; the instruction should raise
> a specification exception when R2 is not even.
> 
> Cc: qemu-stable@nongnu.org
> Fixes: e023e832d0ac ("s390x: translate engine for s390x CPU")
> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
> ---
>   target/s390x/tcg/translate.c | 11 +++++++++--
>   1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
> index 6661b27efa4..2f61e879878 100644
> --- a/target/s390x/tcg/translate.c
> +++ b/target/s390x/tcg/translate.c
> @@ -1991,11 +1991,18 @@ static DisasJumpType op_cxlgb(DisasContext *s, DisasOps *o)
>   static DisasJumpType op_cksm(DisasContext *s, DisasOps *o)
>   {
>       int r2 = get_field(s, r2);
> -    TCGv_i128 pair = tcg_temp_new_i128();
> -    TCGv_i64 len = tcg_temp_new_i64();
> +    TCGv_i128 pair;
> +    TCGv_i64 len;
> +
> +    if (r2 & 1) {
> +        gen_program_exception(s, PGM_SPECIFICATION);
> +        return DISAS_NORETURN;
> +    }
>   
> +    pair = tcg_temp_new_i128();
>       gen_helper_cksm(pair, cpu_env, o->in1, o->in2, regs[r2 + 1]);
>       set_cc_static(s);
> +    len = tcg_temp_new_i64();
>       tcg_gen_extr_i128_i64(o->out, len, pair);
>   
>       tcg_gen_add_i64(regs[r2], regs[r2], len);

Reviewed-by: David Hildenbrand <david@redhat.com>

-- 
Cheers,

David / dhildenb

Re: [PATCH 02/14] target/s390x: Fix CLM with M3=0

[David Hildenbrand]

On 18.07.23 23:21, Ilya Leoshkevich wrote:
> When the mask is zero, access exceptions should still be recognized for
> 1 byte at the second-operand address. CC should be set to 0.
> 
> Cc: qemu-stable@nongnu.org
> Fixes: defb0e3157af ("s390x: Implement opcode helpers")
> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
> ---
>   target/s390x/tcg/mem_helper.c | 5 +++++
>   1 file changed, 5 insertions(+)
> 
> diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c
> index f417fb1183c..d6dc8b32620 100644
> --- a/target/s390x/tcg/mem_helper.c
> +++ b/target/s390x/tcg/mem_helper.c
> @@ -667,6 +667,11 @@ uint32_t HELPER(clm)(CPUS390XState *env, uint32_t r1, uint32_t mask,
>       HELPER_LOG("%s: r1 0x%x mask 0x%x addr 0x%" PRIx64 "\n", __func__, r1,
>                  mask, addr);
>   
> +    if (!mask) {
> +        /* Recognize access exceptions for the first byte */
> +        cpu_ldub_data_ra(env, addr, ra);
> +    }
> +
>       while (mask) {
>           if (mask & 8) {
>               uint8_t d = cpu_ldub_data_ra(env, addr, ra);

Reviewed-by: David Hildenbrand <david@redhat.com>

-- 
Cheers,

David / dhildenb

Re: [PATCH 03/14] target/s390x: Fix CONVERT TO LOGICAL/FIXED with out-of-range inputs

[David Hildenbrand]

On 18.07.23 23:21, Ilya Leoshkevich wrote:
> CONVERT TO LOGICAL/FIXED deviate from IEEE 754 in that they raise an
> inexact exception on out-of-range inputs. float_flag_invalid_cvti
> aligns nicely with that behavior, so convert it to
> S390_IEEE_MASK_INEXACT.
> 
> Cc: qemu-stable@nongnu.org
> Fixes: defb0e3157af ("s390x: Implement opcode helpers")
> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
> ---
>   target/s390x/tcg/fpu_helper.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/target/s390x/tcg/fpu_helper.c b/target/s390x/tcg/fpu_helper.c
> index 4b7fa58af3e..3d941ed2d28 100644
> --- a/target/s390x/tcg/fpu_helper.c
> +++ b/target/s390x/tcg/fpu_helper.c
> @@ -52,7 +52,8 @@ uint8_t s390_softfloat_exc_to_ieee(unsigned int exc)
>       s390_exc |= (exc & float_flag_divbyzero) ? S390_IEEE_MASK_DIVBYZERO : 0;
>       s390_exc |= (exc & float_flag_overflow) ? S390_IEEE_MASK_OVERFLOW : 0;
>       s390_exc |= (exc & float_flag_underflow) ? S390_IEEE_MASK_UNDERFLOW : 0;
> -    s390_exc |= (exc & float_flag_inexact) ? S390_IEEE_MASK_INEXACT : 0;
> +    s390_exc |= (exc & (float_flag_inexact | float_flag_invalid_cvti)) ?
> +                S390_IEEE_MASK_INEXACT : 0;
>   
>       return s390_exc;
>   }

Reviewed-by: David Hildenbrand <david@redhat.com>

-- 
Cheers,

David / dhildenb

Re: [PATCH 04/14] target/s390x: Fix ICM with M3=0

[David Hildenbrand]

On 18.07.23 23:21, Ilya Leoshkevich wrote:
> When the mask is zero, access exceptions should still be recognized for
> 1 byte at the second-operand address. CC should be set to 0.
> 
> Cc: qemu-stable@nongnu.org
> Fixes: e023e832d0ac ("s390x: translate engine for s390x CPU")
> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
> ---
>   target/s390x/tcg/translate.c | 6 ++++++
>   1 file changed, 6 insertions(+)
> 
> diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
> index 2f61e879878..2d7cc8963b4 100644
> --- a/target/s390x/tcg/translate.c
> +++ b/target/s390x/tcg/translate.c
> @@ -2516,6 +2516,12 @@ static DisasJumpType op_icm(DisasContext *s, DisasOps *o)
>           len = 8;
>           goto one_insert;
>   
> +    case 0:
> +        /* Recognize access exceptions for the first byte.  */
> +        tcg_gen_qemu_ld_i64(tmp, o->in2, get_mem_index(s), MO_UB);
> +        gen_op_movi_cc(s, 0);
> +        return DISAS_NEXT;
> +
>       one_insert:
>           pos = base + ctz32(m3) * 8;
>           tcg_gen_deposit_i64(o->out, o->out, tmp, pos, len);

That label in there is really nasty.

I would just have but the "case 0" right at the top (or right in front 
of the "default") and left all of that nasty stuff involving that label 
alone.

Reviewed-by: David Hildenbrand <david@redhat.com>

-- 
Cheers,

David / dhildenb

Re: [PATCH 07/14] target/s390x: Fix assertion failure in VFMIN/VFMAX with reserved type

[David Hildenbrand]

On 18.07.23 23:21, Ilya Leoshkevich wrote:
> Passing reserved type to VFMIN/VFMAX causes an assertion failure in
> vfmin_res() and vfmax_res(). These instructions should raise a
> specification exception in this case.
> 
> Cc: qemu-stable@nongnu.org
> Fixes: da4807527f3b ("s390x/tcg: Implement VECTOR FP (MAXIMUM|MINIMUM)")
> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
> ---
>   target/s390x/tcg/vec_fpu_helper.c | 24 +++++++++++++++---------
>   1 file changed, 15 insertions(+), 9 deletions(-)
> 
> diff --git a/target/s390x/tcg/vec_fpu_helper.c b/target/s390x/tcg/vec_fpu_helper.c
> index 75cf605b9f4..f1671679879 100644
> --- a/target/s390x/tcg/vec_fpu_helper.c
> +++ b/target/s390x/tcg/vec_fpu_helper.c
> @@ -915,7 +915,7 @@ static void vfminmax32(S390Vector *v1, const S390Vector *v2,
>           float32 b = s390_vec_read_float32(v3, i);
>           float32 result;
>   

Why not check for invalid types once first and leave the rest of that function alone?

diff --git a/target/s390x/tcg/vec_fpu_helper.c b/target/s390x/tcg/vec_fpu_helper.c
index 75cf605b9f..e0b2a78632 100644
--- a/target/s390x/tcg/vec_fpu_helper.c
+++ b/target/s390x/tcg/vec_fpu_helper.c
@@ -910,6 +910,11 @@ static void vfminmax32(S390Vector *v1, const S390Vector *v2,
      S390Vector tmp = {};
      int i;
  
+    if (type > S390_MINMAX_TYPE_F) {
+        tcg_s390_program_interrupt(env, PGM_SPECIFICATION, retaddr);
+    }
+
      for (i = 0; i < 4; i++) {
          float32 a = s390_vec_read_float32(v2, i);
          float32 b = s390_vec_read_float32(v3, i);

-- 
Cheers,

David / dhildenb

Re: [PATCH 05/14] target/s390x: Make MC raise specification exception when class >= 16

[David Hildenbrand]

On 18.07.23 23:21, Ilya Leoshkevich wrote:
> MC requires bit positions 8-11 (upper 4 bits of class) to be zeros,
> otherwise it must raise a specification exception.
> 
> Cc: qemu-stable@nongnu.org
> Fixes: 20d143e2cab8 ("s390x/tcg: Implement MONITOR CALL")
> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
> ---
>   target/s390x/tcg/excp_helper.c | 2 +-
>   target/s390x/tcg/translate.c   | 4 ++--
>   2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/target/s390x/tcg/excp_helper.c b/target/s390x/tcg/excp_helper.c
> index 228aa9f2373..3da337f7c72 100644
> --- a/target/s390x/tcg/excp_helper.c
> +++ b/target/s390x/tcg/excp_helper.c
> @@ -639,7 +639,7 @@ void monitor_event(CPUS390XState *env,
>   void HELPER(monitor_call)(CPUS390XState *env, uint64_t monitor_code,
>                             uint32_t monitor_class)
>   {
> -    g_assert(monitor_class <= 0xff);
> +    g_assert(monitor_class <= 0xf);
>   
>       if (env->cregs[8] & (0x8000 >> monitor_class)) {
>           monitor_event(env, monitor_code, monitor_class, GETPC());
> diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
> index 2d7cc8963b4..4b32c2333c2 100644
> --- a/target/s390x/tcg/translate.c
> +++ b/target/s390x/tcg/translate.c
> @@ -3184,9 +3184,9 @@ static DisasJumpType op_lcbb(DisasContext *s, DisasOps *o)
>   
>   static DisasJumpType op_mc(DisasContext *s, DisasOps *o)
>   {
> -    const uint16_t monitor_class = get_field(s, i2);
> +    const uint8_t monitor_class = get_field(s, i2);
>   
> -    if (monitor_class & 0xff00) {
> +    if (monitor_class & 0xf0) {
>           gen_program_exception(s, PGM_SPECIFICATION);
>           return DISAS_NORETURN;
>       }

Reviewed-by: David Hildenbrand <david@redhat.com>

-- 
Cheers,

David / dhildenb

Re: [PATCH 07/14] target/s390x: Fix assertion failure in VFMIN/VFMAX with reserved type

[Ilya Leoshkevich]

On Wed, 2023-07-19 at 10:40 +0200, David Hildenbrand wrote:
> On 18.07.23 23:21, Ilya Leoshkevich wrote:
> > Passing reserved type to VFMIN/VFMAX causes an assertion failure in
> > vfmin_res() and vfmax_res(). These instructions should raise a
> > specification exception in this case.
> > 
> > Cc: qemu-stable@nongnu.org
> > Fixes: da4807527f3b ("s390x/tcg: Implement VECTOR FP
> > (MAXIMUM|MINIMUM)")
> > Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
> > ---
> >   target/s390x/tcg/vec_fpu_helper.c | 24 +++++++++++++++---------
> >   1 file changed, 15 insertions(+), 9 deletions(-)
> > 
> > diff --git a/target/s390x/tcg/vec_fpu_helper.c
> > b/target/s390x/tcg/vec_fpu_helper.c
> > index 75cf605b9f4..f1671679879 100644
> > --- a/target/s390x/tcg/vec_fpu_helper.c
> > +++ b/target/s390x/tcg/vec_fpu_helper.c
> > @@ -915,7 +915,7 @@ static void vfminmax32(S390Vector *v1, const
> > S390Vector *v2,
> >           float32 b = s390_vec_read_float32(v3, i);
> >           float32 result;
> >   
> 
> Why not check for invalid types once first and leave the rest of that
> function alone?
> 
> diff --git a/target/s390x/tcg/vec_fpu_helper.c
> b/target/s390x/tcg/vec_fpu_helper.c
> index 75cf605b9f..e0b2a78632 100644
> --- a/target/s390x/tcg/vec_fpu_helper.c
> +++ b/target/s390x/tcg/vec_fpu_helper.c
> @@ -910,6 +910,11 @@ static void vfminmax32(S390Vector *v1, const
> S390Vector *v2,
>       S390Vector tmp = {};
>       int i;
>   
> +    if (type > S390_MINMAX_TYPE_F) {
> +        tcg_s390_program_interrupt(env, PGM_SPECIFICATION, retaddr);
> +    }
> +
>       for (i = 0; i < 4; i++) {
>           float32 a = s390_vec_read_float32(v2, i);
>           float32 b = s390_vec_read_float32(v3, i);
> 

I have taken another look, and turns out there already is:

static DisasJumpType op_vfmax(DisasContext *s, DisasOps *o)
{
    ...

    if (m6 == 5 || m6 == 6 || m6 == 7 || m6 > 13) {
        gen_program_exception(s, PGM_SPECIFICATION);
        return DISAS_NORETURN;
    }

What the fuzzer has found was the m6 == 13 case, so only a small
adjustment is needed.

Re: [PATCH 07/14] target/s390x: Fix assertion failure in VFMIN/VFMAX with reserved type

[David Hildenbrand]

On 19.07.23 11:34, Ilya Leoshkevich wrote:
> On Wed, 2023-07-19 at 10:40 +0200, David Hildenbrand wrote:
>> On 18.07.23 23:21, Ilya Leoshkevich wrote:
>>> Passing reserved type to VFMIN/VFMAX causes an assertion failure in
>>> vfmin_res() and vfmax_res(). These instructions should raise a
>>> specification exception in this case.
>>>
>>> Cc: qemu-stable@nongnu.org
>>> Fixes: da4807527f3b ("s390x/tcg: Implement VECTOR FP
>>> (MAXIMUM|MINIMUM)")
>>> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
>>> ---
>>>    target/s390x/tcg/vec_fpu_helper.c | 24 +++++++++++++++---------
>>>    1 file changed, 15 insertions(+), 9 deletions(-)
>>>
>>> diff --git a/target/s390x/tcg/vec_fpu_helper.c
>>> b/target/s390x/tcg/vec_fpu_helper.c
>>> index 75cf605b9f4..f1671679879 100644
>>> --- a/target/s390x/tcg/vec_fpu_helper.c
>>> +++ b/target/s390x/tcg/vec_fpu_helper.c
>>> @@ -915,7 +915,7 @@ static void vfminmax32(S390Vector *v1, const
>>> S390Vector *v2,
>>>            float32 b = s390_vec_read_float32(v3, i);
>>>            float32 result;
>>>    
>>
>> Why not check for invalid types once first and leave the rest of that
>> function alone?
>>
>> diff --git a/target/s390x/tcg/vec_fpu_helper.c
>> b/target/s390x/tcg/vec_fpu_helper.c
>> index 75cf605b9f..e0b2a78632 100644
>> --- a/target/s390x/tcg/vec_fpu_helper.c
>> +++ b/target/s390x/tcg/vec_fpu_helper.c
>> @@ -910,6 +910,11 @@ static void vfminmax32(S390Vector *v1, const
>> S390Vector *v2,
>>        S390Vector tmp = {};
>>        int i;
>>    
>> +    if (type > S390_MINMAX_TYPE_F) {
>> +        tcg_s390_program_interrupt(env, PGM_SPECIFICATION, retaddr);
>> +    }
>> +
>>        for (i = 0; i < 4; i++) {
>>            float32 a = s390_vec_read_float32(v2, i);
>>            float32 b = s390_vec_read_float32(v3, i);
>>
> 
> I have taken another look, and turns out there already is:
> 
> static DisasJumpType op_vfmax(DisasContext *s, DisasOps *o)
> {
>      ...
> 
>      if (m6 == 5 || m6 == 6 || m6 == 7 || m6 > 13) {
>          gen_program_exception(s, PGM_SPECIFICATION);
>          return DISAS_NORETURN;
>      }
> 
> What the fuzzer has found was the m6 == 13 case, so only a small
> adjustment is needed.
> 

Oh, good!

-- 
Cheers,

David / dhildenb