[Qemu-devel] [Bug 617528] [NEW] Incorrect translation of unary PPC/SPE instructions (efdneg etc.)

[Qemu-devel] [Bug 617528] [NEW] Incorrect translation of unary PPC/SPE instructions (efdneg etc.)

[Mike Pall]

Public bug reported:

The translation for the following PPC/SPE (e500) instructions is wrong
in QEMU git 6cbf4c8c:

    evfsabs, evfsnabs, evfsneg
    efdabs, efdnabs, efdneg
    efsabs, efsnabs, efsneg

As you can see from the provided patch, these ought to write their
result to the destination register (rD) and not modify the source
register (rA) in-place.

It's rather hard to generate a test-case for this with GCC, since it
likes to put the input and output of a unary operation into the same
registers (that's probably also the reason why this went unnoticed).
There is however a broken code path in the EGLIBC function for sin()
when compiled for e500v2. It returns nonsense results for e.g. -1.0.
Trivial test code follows:

    #include <stdio.h>
    #include <stdlib.h>
    #include <math.h>

    int main(int argc, char **argv)
    {
      double x = strtod(argv[1], NULL);
      printf("%.14g\n", sin(x));
      return 0;
    }

Result before the patch (WRONG):

$ qemu-ppc -cpu e500v2 sintest -1.0
-1

Result after the patch (OK):

$ qemu-ppc -cpu e500v2 sintest -1.0
-0.84147071838379

A self-contained test-case using inline assembler can be provided upon
request.

** Affects: qemu
     Importance: Undecided
         Status: New

-- 
Incorrect translation of unary PPC/SPE instructions (efdneg etc.)
https://bugs.launchpad.net/bugs/617528
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.

Status in QEMU: New

Bug description:
The translation for the following PPC/SPE (e500) instructions is wrong in QEMU git 6cbf4c8c:

    evfsabs, evfsnabs, evfsneg
    efdabs, efdnabs, efdneg
    efsabs, efsnabs, efsneg

As you can see from the provided patch, these ought to write their result to the destination register (rD) and not modify the source register (rA) in-place.

It's rather hard to generate a test-case for this with GCC, since it likes to put the input and output of a unary operation into the same registers (that's probably also the reason why this went unnoticed). There is however a broken code path in the EGLIBC function for sin() when compiled for e500v2. It returns nonsense results for e.g. -1.0. Trivial test code follows:

    #include <stdio.h>
    #include <stdlib.h>
    #include <math.h>

    int main(int argc, char **argv)
    {
      double x = strtod(argv[1], NULL);
      printf("%.14g\n", sin(x));
      return 0;
    }

Result before the patch (WRONG):

$ qemu-ppc -cpu e500v2 sintest -1.0
-1

Result after the patch (OK):

$ qemu-ppc -cpu e500v2 sintest -1.0
-0.84147071838379

A self-contained test-case using inline assembler can be provided upon request.

[Qemu-devel] [Bug 617528] Re: Incorrect translation of unary PPC/SPE instructions (efdneg etc.)

[Mike Pall]

** Patch added: "Fix for unary SPE ops vs. 6cbf4c8c"
   https://bugs.launchpad.net/bugs/617528/+attachment/1488575/+files/qemu.diff

-- 
Incorrect translation of unary PPC/SPE instructions (efdneg etc.)
https://bugs.launchpad.net/bugs/617528
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.

Status in QEMU: New

Bug description:
The translation for the following PPC/SPE (e500) instructions is wrong in QEMU git 6cbf4c8c:

    evfsabs, evfsnabs, evfsneg
    efdabs, efdnabs, efdneg
    efsabs, efsnabs, efsneg

As you can see from the provided patch, these ought to write their result to the destination register (rD) and not modify the source register (rA) in-place.

It's rather hard to generate a test-case for this with GCC, since it likes to put the input and output of a unary operation into the same registers (that's probably also the reason why this went unnoticed). There is however a broken code path in the EGLIBC function for sin() when compiled for e500v2. It returns nonsense results for e.g. -1.0. Trivial test code follows:

    #include <stdio.h>
    #include <stdlib.h>
    #include <math.h>

    int main(int argc, char **argv)
    {
      double x = strtod(argv[1], NULL);
      printf("%.14g\n", sin(x));
      return 0;
    }

Result before the patch (WRONG):

$ qemu-ppc -cpu e500v2 sintest -1.0
-1

Result after the patch (OK):

$ qemu-ppc -cpu e500v2 sintest -1.0
-0.84147071838379

A self-contained test-case using inline assembler can be provided upon request.

[Qemu-devel] [Bug 617528] Re: Incorrect translation of unary PPC/SPE instructions (efdneg etc.)

[Mike Pall]

Oops, just noticed that the double-precision ops ought to copy the
unmodified lower part of the GPR, too. Updated patch attached.

Obviously this changes the sin(-1.0) result after the patch, too:

$ qemu-ppc -cpu e500v2 sintest -1.0
-0.8414709848079


** Patch added: "Updated fix for unary SPE ops vs. 6cbf4c8c"
   https://bugs.launchpad.net/qemu/+bug/617528/+attachment/1488587/+files/qemu2.diff

-- 
Incorrect translation of unary PPC/SPE instructions (efdneg etc.)
https://bugs.launchpad.net/bugs/617528
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.

Status in QEMU: New

Bug description:
The translation for the following PPC/SPE (e500) instructions is wrong in QEMU git 6cbf4c8c:

    evfsabs, evfsnabs, evfsneg
    efdabs, efdnabs, efdneg
    efsabs, efsnabs, efsneg

As you can see from the provided patch, these ought to write their result to the destination register (rD) and not modify the source register (rA) in-place.

It's rather hard to generate a test-case for this with GCC, since it likes to put the input and output of a unary operation into the same registers (that's probably also the reason why this went unnoticed). There is however a broken code path in the EGLIBC function for sin() when compiled for e500v2. It returns nonsense results for e.g. -1.0. Trivial test code follows:

    #include <stdio.h>
    #include <stdlib.h>
    #include <math.h>

    int main(int argc, char **argv)
    {
      double x = strtod(argv[1], NULL);
      printf("%.14g\n", sin(x));
      return 0;
    }

Result before the patch (WRONG):

$ qemu-ppc -cpu e500v2 sintest -1.0
-1

Result after the patch (OK):

$ qemu-ppc -cpu e500v2 sintest -1.0
-0.84147071838379

A self-contained test-case using inline assembler can be provided upon request.

[Qemu-devel] [Bug 617528] Re: Incorrect translation of unary PPC/SPE instructions (efdneg etc.)

[Nathan Froyd]

Your patch needs a Signed-off-by and preferably a From: as well.

** Tags added: powerpc

-- 
Incorrect translation of unary PPC/SPE instructions (efdneg etc.)
https://bugs.launchpad.net/bugs/617528
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.

Status in QEMU: New

Bug description:
The translation for the following PPC/SPE (e500) instructions is wrong in QEMU git 6cbf4c8c:

    evfsabs, evfsnabs, evfsneg
    efdabs, efdnabs, efdneg
    efsabs, efsnabs, efsneg

As you can see from the provided patch, these ought to write their result to the destination register (rD) and not modify the source register (rA) in-place.

It's rather hard to generate a test-case for this with GCC, since it likes to put the input and output of a unary operation into the same registers (that's probably also the reason why this went unnoticed). There is however a broken code path in the EGLIBC function for sin() when compiled for e500v2. It returns nonsense results for e.g. -1.0. Trivial test code follows:

    #include <stdio.h>
    #include <stdlib.h>
    #include <math.h>

    int main(int argc, char **argv)
    {
      double x = strtod(argv[1], NULL);
      printf("%.14g\n", sin(x));
      return 0;
    }

Result before the patch (WRONG):

$ qemu-ppc -cpu e500v2 sintest -1.0
-1

Result after the patch (OK):

$ qemu-ppc -cpu e500v2 sintest -1.0
-0.84147071838379

A self-contained test-case using inline assembler can be provided upon request.

[Qemu-devel] [Bug 617528] Re: Incorrect translation of unary PPC/SPE instructions (efdneg etc.)

[Mike Pall]

** Patch added: "Fix translation of unary PPC/SPE instructions (efdneg etc.)."
   https://bugs.launchpad.net/qemu/+bug/617528/+attachment/1500100/+files/qemu3.diff

** Patch removed: "Fix for unary SPE ops vs. 6cbf4c8c"
   https://bugs.launchpad.net/qemu/+bug/617528/+attachment/1488575/+files/qemu.diff

** Patch removed: "Updated fix for unary SPE ops vs. 6cbf4c8c"
   https://bugs.launchpad.net/qemu/+bug/617528/+attachment/1488587/+files/qemu2.diff

-- 
Incorrect translation of unary PPC/SPE instructions (efdneg etc.)
https://bugs.launchpad.net/bugs/617528
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.

Status in QEMU: New

Bug description:
The translation for the following PPC/SPE (e500) instructions is wrong in QEMU git 6cbf4c8c:

    evfsabs, evfsnabs, evfsneg
    efdabs, efdnabs, efdneg
    efsabs, efsnabs, efsneg

As you can see from the provided patch, these ought to write their result to the destination register (rD) and not modify the source register (rA) in-place.

It's rather hard to generate a test-case for this with GCC, since it likes to put the input and output of a unary operation into the same registers (that's probably also the reason why this went unnoticed). There is however a broken code path in the EGLIBC function for sin() when compiled for e500v2. It returns nonsense results for e.g. -1.0. Trivial test code follows:

    #include <stdio.h>
    #include <stdlib.h>
    #include <math.h>

    int main(int argc, char **argv)
    {
      double x = strtod(argv[1], NULL);
      printf("%.14g\n", sin(x));
      return 0;
    }

Result before the patch (WRONG):

$ qemu-ppc -cpu e500v2 sintest -1.0
-1

Result after the patch (OK):

$ qemu-ppc -cpu e500v2 sintest -1.0
-0.84147071838379

A self-contained test-case using inline assembler can be provided upon request.

[Qemu-devel] [Bug 617528] Re: Incorrect translation of unary PPC/SPE instructions (efdneg etc.)

[Aurelien Jarno]

** Changed in: qemu
       Status: New => Fix Committed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/617528

Title:
  Incorrect translation of unary PPC/SPE instructions (efdneg etc.)

Status in QEMU:
  Fix Committed

Bug description:
  The translation for the following PPC/SPE (e500) instructions is wrong in QEMU git 6cbf4c8c:

    evfsabs, evfsnabs, evfsneg
    efdabs, efdnabs, efdneg
    efsabs, efsnabs, efsneg

As you can see from the provided patch, these ought to write their result to the destination register (rD) and not modify the source register (rA) in-place.

It's rather hard to generate a test-case for this with GCC, since it likes to put the input and output of a unary operation into the same registers (that's probably also the reason why this went unnoticed). There is however a broken code path in the EGLIBC function for sin() when compiled for e500v2. It returns nonsense results for e.g. -1.0. Trivial test code follows:

    #include <stdio.h>
    #include <stdlib.h>
    #include <math.h>

    int main(int argc, char **argv)
    {
      double x = strtod(argv[1], NULL);
      printf("%.14g\n", sin(x));
      return 0;
    }

Result before the patch (WRONG):

$ qemu-ppc -cpu e500v2 sintest -1.0
-1

Result after the patch (OK):

$ qemu-ppc -cpu e500v2 sintest -1.0
-0.84147071838379

A self-contained test-case using inline assembler can be provided upon request.

[Qemu-devel] [Bug 617528] Re: Incorrect translation of unary PPC/SPE instructions (efdneg etc.)

[Aurelien Jarno]

** Changed in: qemu
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/617528

Title:
  Incorrect translation of unary PPC/SPE instructions (efdneg etc.)

Status in QEMU:
  Fix Released

Bug description:
  The translation for the following PPC/SPE (e500) instructions is wrong
  in QEMU git 6cbf4c8c:

      evfsabs, evfsnabs, evfsneg
      efdabs, efdnabs, efdneg
      efsabs, efsnabs, efsneg

  As you can see from the provided patch, these ought to write their
  result to the destination register (rD) and not modify the source
  register (rA) in-place.

  It's rather hard to generate a test-case for this with GCC, since it
  likes to put the input and output of a unary operation into the same
  registers (that's probably also the reason why this went unnoticed).
  There is however a broken code path in the EGLIBC function for sin()
  when compiled for e500v2. It returns nonsense results for e.g. -1.0.
  Trivial test code follows:

      #include <stdio.h>
      #include <stdlib.h>
      #include <math.h>

      int main(int argc, char **argv)
      {
        double x = strtod(argv[1], NULL);
        printf("%.14g\n", sin(x));
        return 0;
      }

  Result before the patch (WRONG):

  $ qemu-ppc -cpu e500v2 sintest -1.0
  -1

  Result after the patch (OK):

  $ qemu-ppc -cpu e500v2 sintest -1.0
  -0.84147071838379

  A self-contained test-case using inline assembler can be provided upon
  request.