[PATCH] tcg/ppc/tcg-target.c.inc: Fix tcg_out_rlw

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] tcg/ppc/tcg-target.c.inc: Fix tcg_out_rlw_rc
@ 2024-10-22 12:14 Dani Szebenyi
  0 siblings, 0 replies; 3+ messages in thread
From: Dani Szebenyi @ 2024-10-22 12:14 UTC (permalink / raw)
  To: qemu-ppc@nongnu.org, qemu-devel@nongnu.org,
	richard.henderson@linaro.org
  Cc: Dani Szebenyi, Ilya Leoshkevich

[-- Attachment #1: Type: text/plain, Size: 1461 bytes --]

The TCG IR sequence:
mov_i32 tmp97,$0xc4240000                dead: 1  pref=0xffffffff
mov_i32 tmp98,$0x0                       pref=0xffffffff
rotr_i32 tmp97,tmp97,tmp98               dead: 1 2  pref=0xffffffff

was translated to `slwi r15, r14, 0` instead of `slwi   r14, r14, 0` due to SH field overflow.

SH field is 5 bits, and tcg_out_rlw is called in some situations with `32-n`, when `n` is 0 it results in an overflow to RA field.

This commit prevents overflow of that field and adds debug assertions for the other fields

Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>
Signed-off-by: Dani Szebenyi <DaniSzebenyi@ibm.com>
---
tcg/ppc/tcg-target.c.inc | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tcg/ppc/tcg-target.c.inc b/tcg/ppc/tcg-target.c.inc
index 3f413ce3c1..3a6b9df68d 100644
--- a/tcg/ppc/tcg-target.c.inc
+++ b/tcg/ppc/tcg-target.c.inc
@@ -911,7 +911,9 @@ static void tcg_out_rld(TCGContext *s, int op, TCGReg ra, TCGReg rs,
static void tcg_out_rlw_rc(TCGContext *s, int op, TCGReg ra, TCGReg rs,
                           int sh, int mb, int me, bool rc)
{
-    tcg_out32(s, op | RA(ra) | RS(rs) | SH(sh) | MB(mb) | ME(me) | rc);
+    tcg_debug_assert((mb & 0x1f) == mb);
+    tcg_debug_assert((me & 0x1f) == me);
+    tcg_out32(s, op | RA(ra) | RS(rs) | SH(sh & 0x1f) | MB(mb) | ME(me) | rc);
}
static void tcg_out_rlw(TCGContext *s, int op, TCGReg ra, TCGReg rs,
--
2.47.0




[-- Attachment #2: Type: text/html, Size: 8804 bytes --]

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [PATCH] tcg/ppc/tcg-target.c.inc: Fix tcg_out_rlw_rc
@ 2024-10-22 13:34 Dani Szebenyi
  2024-10-22 18:19 ` Richard Henderson
  0 siblings, 1 reply; 3+ messages in thread
From: Dani Szebenyi @ 2024-10-22 13:34 UTC (permalink / raw)
  To: qemu-ppc, qemu-devel, richard.henderson; +Cc: Dani Szebenyi, Ilya Leoshkevich

The previous message I sent was corrupted, sending again.

The TCG IR sequence:
mov_i32 tmp97,$0xc4240000                dead: 1  pref=0xffffffff
mov_i32 tmp98,$0x0                       pref=0xffffffff
rotr_i32 tmp97,tmp97,tmp98               dead: 1 2  pref=0xffffffff

was translated to `slwi	r15, r14, 0` instead of `slwi	r14, r14, 0` due to SH field overflow.

SH field is 5 bits, and tcg_out_rlw is called in some situations with `32-n`, when `n` is 0 it results in an overflow to RA field.

This commit prevents overflow of that field and adds debug assertions for the other fields

Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>
Signed-off-by: Dani Szebenyi <szedani@linux.ibm.com>
---
 tcg/ppc/tcg-target.c.inc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tcg/ppc/tcg-target.c.inc b/tcg/ppc/tcg-target.c.inc
index 223f079524..9a11c26fd3 100644
--- a/tcg/ppc/tcg-target.c.inc
+++ b/tcg/ppc/tcg-target.c.inc
@@ -911,7 +911,9 @@ static void tcg_out_rld(TCGContext *s, int op, TCGReg ra, TCGReg rs,
 static void tcg_out_rlw_rc(TCGContext *s, int op, TCGReg ra, TCGReg rs,
                            int sh, int mb, int me, bool rc)
 {
-    tcg_out32(s, op | RA(ra) | RS(rs) | SH(sh) | MB(mb) | ME(me) | rc);
+    tcg_debug_assert((mb & 0x1f) == mb);
+    tcg_debug_assert((me & 0x1f) == me);
+    tcg_out32(s, op | RA(ra) | RS(rs) | SH(sh & 0x1f) | MB(mb) | ME(me) | rc);
 }
 
 static void tcg_out_rlw(TCGContext *s, int op, TCGReg ra, TCGReg rs,
-- 
2.47.0



^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] tcg/ppc/tcg-target.c.inc: Fix tcg_out_rlw_rc
  2024-10-22 13:34 [PATCH] tcg/ppc/tcg-target.c.inc: Fix tcg_out_rlw_rc Dani Szebenyi
@ 2024-10-22 18:19 ` Richard Henderson
  0 siblings, 0 replies; 3+ messages in thread
From: Richard Henderson @ 2024-10-22 18:19 UTC (permalink / raw)
  To: Dani Szebenyi, qemu-ppc, qemu-devel; +Cc: Ilya Leoshkevich

On 10/22/24 06:34, Dani Szebenyi wrote:
> The previous message I sent was corrupted, sending again.
> 
> The TCG IR sequence:
> mov_i32 tmp97,$0xc4240000                dead: 1  pref=0xffffffff
> mov_i32 tmp98,$0x0                       pref=0xffffffff
> rotr_i32 tmp97,tmp97,tmp98               dead: 1 2  pref=0xffffffff
> 
> was translated to `slwi	r15, r14, 0` instead of `slwi	r14, r14, 0` due to SH field overflow.
> 
> SH field is 5 bits, and tcg_out_rlw is called in some situations with `32-n`, when `n` is 0 it results in an overflow to RA field.
> 
> This commit prevents overflow of that field and adds debug assertions for the other fields
> 
> Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>
> Signed-off-by: Dani Szebenyi <szedani@linux.ibm.com>

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

and queued.


r~


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2024-10-22 18:20 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-10-22 13:34 [PATCH] tcg/ppc/tcg-target.c.inc: Fix tcg_out_rlw_rc Dani Szebenyi
2024-10-22 18:19 ` Richard Henderson
  -- strict thread matches above, loose matches on Subject: below --
2024-10-22 12:14 Dani Szebenyi

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).