[PATCH-for-10.0] tcg: Allocate TEMP_VAL_MEM frame in temp

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [PATCH-for-10.0] tcg: Allocate TEMP_VAL_MEM frame in temp_load()
@ 2025-04-01 14:43 Philippe Mathieu-Daudé
  2025-04-01 15:02 ` Richard Henderson
  2025-04-03 23:02 ` Richard Henderson
  0 siblings, 2 replies; 4+ messages in thread
From: Philippe Mathieu-Daudé @ 2025-04-01 14:43 UTC (permalink / raw)
  To: qemu-devel
  Cc: Emilio G . Cota, Stefan Weil, Paolo Bonzini, Richard Henderson,
	Philippe Mathieu-Daudé, Michael Tokarev, Helge Konetzka

Be sure to allocate the temp frame if it wasn't.

Fixes: c896fe29d6c ("TCG code generator")
Reported-by: Michael Tokarev <mjt@tls.msk.ru>
Reported-by: Helge Konetzka <hk@zapateado.de>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2891
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2899
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 tcg/tcg.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tcg/tcg.c b/tcg/tcg.c
index e8950df2ad3..dfd48b82642 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -4671,6 +4671,9 @@ static void temp_load(TCGContext *s, TCGTemp *ts, TCGRegSet desired_regs,
         ts->mem_coherent = 0;
         break;
     case TEMP_VAL_MEM:
+        if (!ts->mem_allocated) {
+            temp_allocate_frame(s, ts);
+        }
         reg = tcg_reg_alloc(s, desired_regs, allocated_regs,
                             preferred_regs, ts->indirect_base);
         tcg_out_ld(s, ts->type, reg, ts->mem_base->reg, ts->mem_offset);
-- 
2.47.1



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH-for-10.0] tcg: Allocate TEMP_VAL_MEM frame in temp_load()
  2025-04-01 14:43 [PATCH-for-10.0] tcg: Allocate TEMP_VAL_MEM frame in temp_load() Philippe Mathieu-Daudé
@ 2025-04-01 15:02 ` Richard Henderson
  2025-04-01 15:12   ` Richard Henderson
  2025-04-03 23:02 ` Richard Henderson
  1 sibling, 1 reply; 4+ messages in thread
From: Richard Henderson @ 2025-04-01 15:02 UTC (permalink / raw)
  To: Philippe Mathieu-Daudé, qemu-devel
  Cc: Emilio G . Cota, Stefan Weil, Paolo Bonzini, Michael Tokarev,
	Helge Konetzka

On 4/1/25 09:43, Philippe Mathieu-Daudé wrote:
> Be sure to allocate the temp frame if it wasn't.
> 
> Fixes: c896fe29d6c ("TCG code generator")
> Reported-by: Michael Tokarev <mjt@tls.msk.ru>
> Reported-by: Helge Konetzka <hk@zapateado.de>
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2891
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2899
> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> ---
>   tcg/tcg.c | 3 +++
>   1 file changed, 3 insertions(+)
> 
> diff --git a/tcg/tcg.c b/tcg/tcg.c
> index e8950df2ad3..dfd48b82642 100644
> --- a/tcg/tcg.c
> +++ b/tcg/tcg.c
> @@ -4671,6 +4671,9 @@ static void temp_load(TCGContext *s, TCGTemp *ts, TCGRegSet desired_regs,
>           ts->mem_coherent = 0;
>           break;
>       case TEMP_VAL_MEM:
> +        if (!ts->mem_allocated) {
> +            temp_allocate_frame(s, ts);
> +        }
>           reg = tcg_reg_alloc(s, desired_regs, allocated_regs,
>                               preferred_regs, ts->indirect_base);
>           tcg_out_ld(s, ts->type, reg, ts->mem_base->reg, ts->mem_offset);

I suspect this is a read from a temporary that is uninitialized.  Ordinarily the stack 
slot would have been allocated by the store.

I guess I should have a look at the testcase...


r~



^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH-for-10.0] tcg: Allocate TEMP_VAL_MEM frame in temp_load()
  2025-04-01 15:02 ` Richard Henderson
@ 2025-04-01 15:12   ` Richard Henderson
  0 siblings, 0 replies; 4+ messages in thread
From: Richard Henderson @ 2025-04-01 15:12 UTC (permalink / raw)
  To: Philippe Mathieu-Daudé, qemu-devel
  Cc: Emilio G . Cota, Stefan Weil, Paolo Bonzini, Michael Tokarev,
	Helge Konetzka

On 4/1/25 10:02, Richard Henderson wrote:
> On 4/1/25 09:43, Philippe Mathieu-Daudé wrote:
>> Be sure to allocate the temp frame if it wasn't.
>>
>> Fixes: c896fe29d6c ("TCG code generator")
>> Reported-by: Michael Tokarev <mjt@tls.msk.ru>
>> Reported-by: Helge Konetzka <hk@zapateado.de>
>> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2891
>> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2899
>> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
>> ---
>>   tcg/tcg.c | 3 +++
>>   1 file changed, 3 insertions(+)
>>
>> diff --git a/tcg/tcg.c b/tcg/tcg.c
>> index e8950df2ad3..dfd48b82642 100644
>> --- a/tcg/tcg.c
>> +++ b/tcg/tcg.c
>> @@ -4671,6 +4671,9 @@ static void temp_load(TCGContext *s, TCGTemp *ts, TCGRegSet 
>> desired_regs,
>>           ts->mem_coherent = 0;
>>           break;
>>       case TEMP_VAL_MEM:
>> +        if (!ts->mem_allocated) {
>> +            temp_allocate_frame(s, ts);
>> +        }
>>           reg = tcg_reg_alloc(s, desired_regs, allocated_regs,
>>                               preferred_regs, ts->indirect_base);
>>           tcg_out_ld(s, ts->type, reg, ts->mem_base->reg, ts->mem_offset);
> 
> I suspect this is a read from a temporary that is uninitialized.  Ordinarily the stack 
> slot would have been allocated by the store.
> 
> I guess I should have a look at the testcase...

Interesting.  This is a case of incomplete dead code elimination: the store was eliminated 
and the load *should* have been eliminated.  In any case, the uninitialized load isn't 
actually reachable, so all we need to do is not crash.

For 10.0,
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

For 10.1, we should probably fix the dead code elimination issue.


r~


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH-for-10.0] tcg: Allocate TEMP_VAL_MEM frame in temp_load()
  2025-04-01 14:43 [PATCH-for-10.0] tcg: Allocate TEMP_VAL_MEM frame in temp_load() Philippe Mathieu-Daudé
  2025-04-01 15:02 ` Richard Henderson
@ 2025-04-03 23:02 ` Richard Henderson
  1 sibling, 0 replies; 4+ messages in thread
From: Richard Henderson @ 2025-04-03 23:02 UTC (permalink / raw)
  To: Philippe Mathieu-Daudé, qemu-devel
  Cc: Emilio G . Cota, Stefan Weil, Paolo Bonzini, Michael Tokarev,
	Helge Konetzka

On 4/1/25 07:43, Philippe Mathieu-Daudé wrote:
> Be sure to allocate the temp frame if it wasn't.
> 
> Fixes: c896fe29d6c ("TCG code generator")
> Reported-by: Michael Tokarev <mjt@tls.msk.ru>
> Reported-by: Helge Konetzka <hk@zapateado.de>
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2891
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2899
> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> ---
>   tcg/tcg.c | 3 +++
>   1 file changed, 3 insertions(+)
> 
> diff --git a/tcg/tcg.c b/tcg/tcg.c
> index e8950df2ad3..dfd48b82642 100644
> --- a/tcg/tcg.c
> +++ b/tcg/tcg.c
> @@ -4671,6 +4671,9 @@ static void temp_load(TCGContext *s, TCGTemp *ts, TCGRegSet desired_regs,
>           ts->mem_coherent = 0;
>           break;
>       case TEMP_VAL_MEM:
> +        if (!ts->mem_allocated) {
> +            temp_allocate_frame(s, ts);
> +        }
>           reg = tcg_reg_alloc(s, desired_regs, allocated_regs,
>                               preferred_regs, ts->indirect_base);
>           tcg_out_ld(s, ts->type, reg, ts->mem_base->reg, ts->mem_offset);

Queued for 10.0.


r~


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2025-04-03 23:03 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-04-01 14:43 [PATCH-for-10.0] tcg: Allocate TEMP_VAL_MEM frame in temp_load() Philippe Mathieu-Daudé
2025-04-01 15:02 ` Richard Henderson
2025-04-01 15:12   ` Richard Henderson
2025-04-03 23:02 ` Richard Henderson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).