[Qemu-devel] AArch64: ld/st exclusive pair bug

[Qemu-devel] AArch64: ld/st exclusive pair bug

[Laurent Desnogues]

Hello,

there's a bug in target-arm/translate-a64.c:disas_ldst_excl.  The line:

            TCGv_i64 tcg_rt2 = cpu_reg(s, rt);

is accessing the wrong register.

Thanks,

Laurent

Re: [Qemu-devel] AArch64: ld/st exclusive pair bug

[Peter Maydell]

On 11 October 2014 14:04, Laurent Desnogues <laurent.desnogues@gmail.com> wrote:
> there's a bug in target-arm/translate-a64.c:disas_ldst_excl.  The line:
>
>             TCGv_i64 tcg_rt2 = cpu_reg(s, rt);
>
> is accessing the wrong register.

Yeah, obvious cut-n-paste error, but this doesn't actually
affect the exclusive code path, does it? In fact, looking
at the decode tables I can't find any instructions with
is_excl false and is_pair true (these would be load acquire/
store release pair insns, which would be LDARP/STLRP if they
existed.) I think the actual bug here is that we've missed
an unallocated-encoding case, isn't it?

The pseudocode check is
 if o2:o1:o0 == '100' || o2:o1:o0 == '11x'

which in our terms would be
 if ((!is_excl && !is_pair && !is_lasr)
     || (!is_excl && is_pair))

[plus the pair with wrong size check which we get right.]

Then the code that purports to handle non-exclusive pair
accesses is dead and can be deleted...

-- PMM