Host riscv disas is broken

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* Host riscv disas is broken
@ 2024-10-16 18:38 Richard Henderson
  2024-10-17  2:57 ` LIU Zhiwei
  0 siblings, 1 reply; 6+ messages in thread
From: Richard Henderson @ 2024-10-16 18:38 UTC (permalink / raw)
  To: qemu-devel, qemu-riscv@nongnu.org, Alistair Francis, LIU Zhiwei,
	liweiwei, Christoph Muellner

2595:            if (dec->cfg->ext_zcmop) {
2690:                if (dec->cfg->ext_zcmp && ((inst >> 12) & 0b01)) {
2716:                        if (!dec->cfg->ext_zcmt) {
2726:                        if (!dec->cfg->ext_zcmp) {
4028:                if (dec->cfg->ext_zimop) {
5044:            if (dec->cfg->ext_zfinx) {
5051:            if (dec->cfg->ext_zfinx) {
5058:            if (dec->cfg->ext_zfinx) {
5065:            if (dec->cfg->ext_zfinx) {
5371:        if (guard_func(cfg)) {

This structure comes from RISCVCPU, a target structure.
There is no such structure for the host, causing null pointer dereferences.

The zfinx references can be changed to

     dec->cfg && dec->cfg->ext_zfinx

but some of them can simply be removed, e.g. zcmop and zimop, which are otherwise reserved 
encodings.


r~


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Host riscv disas is broken
  2024-10-16 18:38 Host riscv disas is broken Richard Henderson
@ 2024-10-17  2:57 ` LIU Zhiwei
  2024-10-17  3:52   ` Richard Henderson
  0 siblings, 1 reply; 6+ messages in thread
From: LIU Zhiwei @ 2024-10-17  2:57 UTC (permalink / raw)
  To: Richard Henderson, qemu-devel, qemu-riscv@nongnu.org,
	Alistair Francis, liweiwei, Christoph Muellner

Hi Richard,

On 2024/10/17 02:38, Richard Henderson wrote:
> 2595: if (dec->cfg->ext_zcmop) {
> 2690:                if (dec->cfg->ext_zcmp && ((inst >> 12) & 0b01)) {
> 2716:                        if (!dec->cfg->ext_zcmt) {
> 2726:                        if (!dec->cfg->ext_zcmp) {
> 4028:                if (dec->cfg->ext_zimop) {
> 5044:            if (dec->cfg->ext_zfinx) {
> 5051:            if (dec->cfg->ext_zfinx) {
> 5058:            if (dec->cfg->ext_zfinx) {
> 5065:            if (dec->cfg->ext_zfinx) {
> 5371:        if (guard_func(cfg)) {
>
> This structure comes from RISCVCPU, a target structure.
Oops. We missed this.
> There is no such structure for the host, causing null pointer 
> dereferences.
>
> The zfinx references can be changed to
>
>     dec->cfg && dec->cfg->ext_zfinx
>
> but some of them can simply be removed, e.g. zcmop and zimop, which 
> are otherwise reserved encodings.

Should we probe the host feature like what we do in tcg backend support  
and then do the right disassemble according to the probe result?

Thanks,
Zhiwei

>
>
> r~


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Host riscv disas is broken
  2024-10-17  2:57 ` LIU Zhiwei
@ 2024-10-17  3:52   ` Richard Henderson
  2024-10-17  5:38     ` LIU Zhiwei
  0 siblings, 1 reply; 6+ messages in thread
From: Richard Henderson @ 2024-10-17  3:52 UTC (permalink / raw)
  To: LIU Zhiwei, qemu-devel, qemu-riscv@nongnu.org, Alistair Francis,
	liweiwei, Christoph Muellner

On 10/16/24 19:57, LIU Zhiwei wrote:
> Hi Richard,
> 
> On 2024/10/17 02:38, Richard Henderson wrote:
>> 2595: if (dec->cfg->ext_zcmop) {
>> 2690:                if (dec->cfg->ext_zcmp && ((inst >> 12) & 0b01)) {
>> 2716:                        if (!dec->cfg->ext_zcmt) {
>> 2726:                        if (!dec->cfg->ext_zcmp) {
>> 4028:                if (dec->cfg->ext_zimop) {
>> 5044:            if (dec->cfg->ext_zfinx) {
>> 5051:            if (dec->cfg->ext_zfinx) {
>> 5058:            if (dec->cfg->ext_zfinx) {
>> 5065:            if (dec->cfg->ext_zfinx) {
>> 5371:        if (guard_func(cfg)) {
>>
>> This structure comes from RISCVCPU, a target structure.
> Oops. We missed this.
>> There is no such structure for the host, causing null pointer dereferences.
>>
>> The zfinx references can be changed to
>>
>>     dec->cfg && dec->cfg->ext_zfinx
>>
>> but some of them can simply be removed, e.g. zcmop and zimop, which are otherwise 
>> reserved encodings.
> 
> Should we probe the host feature like what we do in tcg backend support and then do the 
> right disassemble according to the probe result?

I don't think there's anything that is currently checked in disas/riscv.c that needs to 
know about the host.  And, as I say above, some of those checks can be eliminated.

Host disassembly needs are limited to what tcg/riscv/ emits.


r~


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Host riscv disas is broken
  2024-10-17  3:52   ` Richard Henderson
@ 2024-10-17  5:38     ` LIU Zhiwei
  2024-12-04  2:45       ` Alistair Francis
  0 siblings, 1 reply; 6+ messages in thread
From: LIU Zhiwei @ 2024-10-17  5:38 UTC (permalink / raw)
  To: Richard Henderson, qemu-devel, qemu-riscv@nongnu.org,
	Alistair Francis, liweiwei, Christoph Muellner


On 2024/10/17 11:52, Richard Henderson wrote:
> On 10/16/24 19:57, LIU Zhiwei wrote:
>> Hi Richard,
>>
>> On 2024/10/17 02:38, Richard Henderson wrote:
>>> 2595: if (dec->cfg->ext_zcmop) {
>>> 2690:                if (dec->cfg->ext_zcmp && ((inst >> 12) & 0b01)) {
>>> 2716:                        if (!dec->cfg->ext_zcmt) {
>>> 2726:                        if (!dec->cfg->ext_zcmp) {
>>> 4028:                if (dec->cfg->ext_zimop) {
>>> 5044:            if (dec->cfg->ext_zfinx) {
>>> 5051:            if (dec->cfg->ext_zfinx) {
>>> 5058:            if (dec->cfg->ext_zfinx) {
>>> 5065:            if (dec->cfg->ext_zfinx) {
>>> 5371:        if (guard_func(cfg)) {
>>>
>>> This structure comes from RISCVCPU, a target structure.
>> Oops. We missed this.
>>> There is no such structure for the host, causing null pointer 
>>> dereferences.
>>>
>>> The zfinx references can be changed to
>>>
>>>     dec->cfg && dec->cfg->ext_zfinx
>>>
>>> but some of them can simply be removed, e.g. zcmop and zimop, which 
>>> are otherwise reserved encodings.
Yes. Maybe it is better to disassemble them as usual even when there are 
disabled or not supported.
>>
>> Should we probe the host feature like what we do in tcg backend 
>> support and then do the right disassemble according to the probe result?
>
> I don't think there's anything that is currently checked in 
> disas/riscv.c that needs to know about the host.  And, as I say above, 
> some of those checks can be eliminated.
>
> Host disassembly needs are limited to what tcg/riscv/ emits.

Agree.

Thanks,
Zhiwei

Thanks,
Zhiwei

>
>
> r~


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Host riscv disas is broken
  2024-10-17  5:38     ` LIU Zhiwei
@ 2024-12-04  2:45       ` Alistair Francis
  2024-12-06  3:39         ` LIU Zhiwei
  0 siblings, 1 reply; 6+ messages in thread
From: Alistair Francis @ 2024-12-04  2:45 UTC (permalink / raw)
  To: LIU Zhiwei
  Cc: Richard Henderson, qemu-devel, qemu-riscv@nongnu.org,
	Alistair Francis, liweiwei, Christoph Muellner

On Thu, Oct 17, 2024 at 2:39 PM LIU Zhiwei <zhiwei_liu@linux.alibaba.com> wrote:
>
>
> On 2024/10/17 11:52, Richard Henderson wrote:
> > On 10/16/24 19:57, LIU Zhiwei wrote:
> >> Hi Richard,
> >>
> >> On 2024/10/17 02:38, Richard Henderson wrote:
> >>> 2595: if (dec->cfg->ext_zcmop) {
> >>> 2690:                if (dec->cfg->ext_zcmp && ((inst >> 12) & 0b01)) {
> >>> 2716:                        if (!dec->cfg->ext_zcmt) {
> >>> 2726:                        if (!dec->cfg->ext_zcmp) {
> >>> 4028:                if (dec->cfg->ext_zimop) {
> >>> 5044:            if (dec->cfg->ext_zfinx) {
> >>> 5051:            if (dec->cfg->ext_zfinx) {
> >>> 5058:            if (dec->cfg->ext_zfinx) {
> >>> 5065:            if (dec->cfg->ext_zfinx) {
> >>> 5371:        if (guard_func(cfg)) {
> >>>
> >>> This structure comes from RISCVCPU, a target structure.
> >> Oops. We missed this.
> >>> There is no such structure for the host, causing null pointer
> >>> dereferences.
> >>>
> >>> The zfinx references can be changed to
> >>>
> >>>     dec->cfg && dec->cfg->ext_zfinx
> >>>
> >>> but some of them can simply be removed, e.g. zcmop and zimop, which
> >>> are otherwise reserved encodings.
> Yes. Maybe it is better to disassemble them as usual even when there are
> disabled or not supported.
> >>
> >> Should we probe the host feature like what we do in tcg backend
> >> support and then do the right disassemble according to the probe result?
> >
> > I don't think there's anything that is currently checked in
> > disas/riscv.c that needs to know about the host.  And, as I say above,
> > some of those checks can be eliminated.
> >
> > Host disassembly needs are limited to what tcg/riscv/ emits.
>
> Agree.

Hey Zhiwei,

Did you follow up on this?

Alistair


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Host riscv disas is broken
  2024-12-04  2:45       ` Alistair Francis
@ 2024-12-06  3:39         ` LIU Zhiwei
  0 siblings, 0 replies; 6+ messages in thread
From: LIU Zhiwei @ 2024-12-06  3:39 UTC (permalink / raw)
  To: Alistair Francis
  Cc: Richard Henderson, qemu-devel, qemu-riscv@nongnu.org,
	Alistair Francis, liweiwei, Christoph Muellner

Hey Alistair,

On 2024/12/4 10:45, Alistair Francis wrote:
> On Thu, Oct 17, 2024 at 2:39 PM LIU Zhiwei <zhiwei_liu@linux.alibaba.com> wrote:
>>
>> On 2024/10/17 11:52, Richard Henderson wrote:
>>> On 10/16/24 19:57, LIU Zhiwei wrote:
>>>> Hi Richard,
>>>>
>>>> On 2024/10/17 02:38, Richard Henderson wrote:
>>>>> 2595: if (dec->cfg->ext_zcmop) {
>>>>> 2690:                if (dec->cfg->ext_zcmp && ((inst >> 12) & 0b01)) {
>>>>> 2716:                        if (!dec->cfg->ext_zcmt) {
>>>>> 2726:                        if (!dec->cfg->ext_zcmp) {
>>>>> 4028:                if (dec->cfg->ext_zimop) {
>>>>> 5044:            if (dec->cfg->ext_zfinx) {
>>>>> 5051:            if (dec->cfg->ext_zfinx) {
>>>>> 5058:            if (dec->cfg->ext_zfinx) {
>>>>> 5065:            if (dec->cfg->ext_zfinx) {
>>>>> 5371:        if (guard_func(cfg)) {
>>>>>
>>>>> This structure comes from RISCVCPU, a target structure.
>>>> Oops. We missed this.
>>>>> There is no such structure for the host, causing null pointer
>>>>> dereferences.
>>>>>
>>>>> The zfinx references can be changed to
>>>>>
>>>>>      dec->cfg && dec->cfg->ext_zfinx
>>>>>
>>>>> but some of them can simply be removed, e.g. zcmop and zimop, which
>>>>> are otherwise reserved encodings.
>> Yes. Maybe it is better to disassemble them as usual even when there are
>> disabled or not supported.
>>>> Should we probe the host feature like what we do in tcg backend
>>>> support and then do the right disassemble according to the probe result?
>>> I don't think there's anything that is currently checked in
>>> disas/riscv.c that needs to know about the host.  And, as I say above,
>>> some of those checks can be eliminated.
>>>
>>> Host disassembly needs are limited to what tcg/riscv/ emits.
>> Agree.
> Hey Zhiwei,
>
> Did you follow up on this?

Yes, I have recently sent a patch to fix this.

https://lists.gnu.org/archive/html/qemu-riscv/2024-12/msg00150.html

Zhiwei

>
> Alistair


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2024-12-06  3:39 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-10-16 18:38 Host riscv disas is broken Richard Henderson
2024-10-17  2:57 ` LIU Zhiwei
2024-10-17  3:52   ` Richard Henderson
2024-10-17  5:38     ` LIU Zhiwei
2024-12-04  2:45       ` Alistair Francis
2024-12-06  3:39         ` LIU Zhiwei

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).