All of lore.kernel.org
 help / color / mirror / Atom feed
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Cc: alex.bennee@linaro.org
Subject: [PATCH 01/27] tcg/aarch64: Fix constant subtraction in tcg_out_addsub2
Date: Tue,  2 Mar 2021 09:57:15 -0800	[thread overview]
Message-ID: <20210302175741.1079851-2-richard.henderson@linaro.org> (raw)
In-Reply-To: <20210302175741.1079851-1-richard.henderson@linaro.org>

An hppa guest executing

0x000000000000e05c:  ldil L%10000,r4
0x000000000000e060:  ldo 0(r4),r4
0x000000000000e064:  sub r3,r4,sp

produces

 ---- 000000000000e064 000000000000e068
 sub2_i32 tmp0,tmp4,r3,$0x1,$0x10000,$0x0

after folding and constant propagation.  Then we hit

tcg-target.c.inc:640: tcg_out_insn_3401: Assertion `aimm <= 0xfff' failed.

because aimm is in fact -16, but unsigned.

The ((bl < 0) ^ sub) condition which negates bl is incorrect and will
always lead to this abort.  If the constant is positive, sub will make
it negative; if the constant is negative, sub will keep it negative.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/aarch64/tcg-target.c.inc | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/tcg/aarch64/tcg-target.c.inc b/tcg/aarch64/tcg-target.c.inc
index 1376cdc404..ec0a86d9d8 100644
--- a/tcg/aarch64/tcg-target.c.inc
+++ b/tcg/aarch64/tcg-target.c.inc
@@ -1410,10 +1410,10 @@ static void tcg_out_addsubi(TCGContext *s, int ext, TCGReg rd,
     }
 }
 
-static inline void tcg_out_addsub2(TCGContext *s, TCGType ext, TCGReg rl,
-                                   TCGReg rh, TCGReg al, TCGReg ah,
-                                   tcg_target_long bl, tcg_target_long bh,
-                                   bool const_bl, bool const_bh, bool sub)
+static void tcg_out_addsub2(TCGContext *s, TCGType ext, TCGReg rl,
+                            TCGReg rh, TCGReg al, TCGReg ah,
+                            tcg_target_long bl, tcg_target_long bh,
+                            bool const_bl, bool const_bh, bool sub)
 {
     TCGReg orig_rl = rl;
     AArch64Insn insn;
@@ -1423,11 +1423,13 @@ static inline void tcg_out_addsub2(TCGContext *s, TCGType ext, TCGReg rl,
     }
 
     if (const_bl) {
-        insn = I3401_ADDSI;
-        if ((bl < 0) ^ sub) {
-            insn = I3401_SUBSI;
+        if (bl < 0) {
             bl = -bl;
+            insn = sub ? I3401_ADDSI : I3401_SUBSI;
+        } else {
+            insn = sub ? I3401_SUBSI : I3401_ADDSI;
         }
+
         if (unlikely(al == TCG_REG_XZR)) {
             /* ??? We want to allow al to be zero for the benefit of
                negation via subtraction.  However, that leaves open the
-- 
2.25.1



  reply	other threads:[~2021-03-02 18:02 UTC|newest]

Thread overview: 48+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-02 17:57 [PATCH 00/27] tcg patch queue Richard Henderson
2021-03-02 17:57 ` Richard Henderson [this message]
2021-03-02 17:57 ` [PATCH 02/27] tcg/aarch64: Fix I3617_CMLE0 Richard Henderson
2021-03-05 14:17   ` Peter Maydell
2021-03-02 17:57 ` [PATCH 03/27] tcg/aarch64: Fix generation of "scalar" vector operations Richard Henderson
2021-03-05 14:35   ` Peter Maydell
2021-03-05 15:21     ` Richard Henderson
2021-03-02 17:57 ` [PATCH 04/27] tcg/tci: Use exec/cpu_ldst.h interfaces Richard Henderson
2021-03-05 17:32   ` Philippe Mathieu-Daudé
2021-03-05 17:45   ` Alex Bennée
2021-03-02 17:57 ` [PATCH 05/27] tcg: Split out tcg_raise_tb_overflow Richard Henderson
2021-03-05 17:49   ` Alex Bennée
2021-03-02 17:57 ` [PATCH 06/27] tcg: Manage splitwx in tc_ptr_to_region_tree by hand Richard Henderson
2021-03-05 17:50   ` Alex Bennée
2021-03-02 17:57 ` [PATCH 07/27] tcg/tci: Merge identical cases in generation (arithmetic opcodes) Richard Henderson
2021-03-02 17:57 ` [PATCH 08/27] tcg/tci: Merge identical cases in generation (exchange opcodes) Richard Henderson
2021-03-02 17:57 ` [PATCH 09/27] tcg/tci: Merge identical cases in generation (deposit opcode) Richard Henderson
2021-03-02 17:57 ` [PATCH 10/27] tcg/tci: Merge identical cases in generation (conditional opcodes) Richard Henderson
2021-03-02 17:57 ` [PATCH 11/27] tcg/tci: Merge identical cases in generation (load/store opcodes) Richard Henderson
2021-03-02 17:57 ` [PATCH 12/27] tcg/tci: Remove tci_read_r8 Richard Henderson
2021-03-05 17:50   ` Alex Bennée
2021-03-02 17:57 ` [PATCH 13/27] tcg/tci: Remove tci_read_r8s Richard Henderson
2021-03-05 17:50   ` Alex Bennée
2021-03-02 17:57 ` [PATCH 14/27] tcg/tci: Remove tci_read_r16 Richard Henderson
2021-03-05 17:51   ` Alex Bennée
2021-03-02 17:57 ` [PATCH 15/27] tcg/tci: Remove tci_read_r16s Richard Henderson
2021-03-05 17:51   ` Alex Bennée
2021-03-02 17:57 ` [PATCH 16/27] tcg/tci: Remove tci_read_r32 Richard Henderson
2021-03-05 17:51   ` Alex Bennée
2021-03-02 17:57 ` [PATCH 17/27] tcg/tci: Remove tci_read_r32s Richard Henderson
2021-03-05 17:51   ` Alex Bennée
2021-03-02 17:57 ` [PATCH 18/27] tcg/tci: Reduce use of tci_read_r64 Richard Henderson
2021-03-05 17:53   ` Alex Bennée
2021-03-02 17:57 ` [PATCH 19/27] tcg/tci: Merge basic arithmetic operations Richard Henderson
2021-03-05 17:54   ` Alex Bennée
2021-03-02 17:57 ` [PATCH 20/27] tcg/tci: Merge extension operations Richard Henderson
2021-03-05 17:56   ` Alex Bennée
2021-03-02 17:57 ` [PATCH 21/27] tcg/tci: Merge bswap operations Richard Henderson
2021-03-05 17:57   ` Alex Bennée
2021-03-02 17:57 ` [PATCH 22/27] tcg/tci: Merge mov, not and neg operations Richard Henderson
2021-03-05 17:58   ` Alex Bennée
2021-03-02 17:57 ` [PATCH 23/27] accel/tcg: rename tb_lookup__cpu_state and hoist state extraction Richard Henderson
2021-03-02 17:57 ` [PATCH 24/27] accel/tcg: move CF_CLUSTER calculation to curr_cflags Richard Henderson
2021-03-02 17:57 ` [PATCH 25/27] accel/tcg: drop the use of CF_HASH_MASK and rename params Richard Henderson
2021-03-02 17:57 ` [PATCH 26/27] include/exec: lightly re-arrange TranslationBlock Richard Henderson
2021-03-02 17:57 ` [PATCH 27/27] accel/tcg: Precompute curr_cflags into cpu->tcg_cflags Richard Henderson
2021-03-05 17:12   ` Alex Bennée
2021-03-02 18:33 ` [PATCH 00/27] tcg patch queue no-reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210302175741.1079851-2-richard.henderson@linaro.org \
    --to=richard.henderson@linaro.org \
    --cc=alex.bennee@linaro.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.