[Qemu-devel] [Bug] : write back operation in ld /st [aarch64] inst

[Qemu-devel] [Bug] : write back operation in ld /st [aarch64] inst

[Gaurav Sharma]

[-- Attachment #1: Type: text/plain, Size: 552 bytes --]

As per arm specs, if the src and dest register are same, write back
operation is suppressed.
[Specs]
if memop == MemOp_LOAD && wback && n == t && n != 31 then
c = ConstrainUnpredictable();
assert c IN {Constraint_WBSUPPRESS, Constraint_UNKNOWN, Constraint_UNDEF,
Constraint_NOP};
case c of
when Constraint_WBSUPPRESS wback = FALSE; // writeback is suppressed

However, in the code implementation for load / store operation I see that
we do a write back anyhow. [ disas_ldst_reg_imm9]

Can anyone confirm if this is a correct behavior ?

Thanks,
Gaurav

[-- Attachment #2: Type: text/html, Size: 707 bytes --]

Re: [Qemu-devel] [Bug] : write back operation in ld /st [aarch64] inst

[Peter Maydell]

On 27 November 2014 at 12:15, Gaurav Sharma <gauravs.2010@gmail.com> wrote:
> As per arm specs, if the src and dest register are same, write back
> operation is suppressed.
> [Specs]
> if memop == MemOp_LOAD && wback && n == t && n != 31 then
> c = ConstrainUnpredictable();
> assert c IN {Constraint_WBSUPPRESS, Constraint_UNKNOWN, Constraint_UNDEF,
> Constraint_NOP};
> case c of
> when Constraint_WBSUPPRESS wback = FALSE; // writeback is suppressed
>
> However, in the code implementation for load / store operation I see that we
> do a write back anyhow. [ disas_ldst_reg_imm9]

I think you are misreading the ARM ARM here. This case (load with
writeback requested but Rn == Rt) is CONSTRAINED UNPREDICTABLE,
which means that guest code must not rely on this behaviour
(it is UNPREDICTABLE) but the architecture specifies a
limited set of possible things that might happen. (Note that
an implementation is not required to do the *same* thing
every time!) For this case there are four implementation
choices allowed, as you can see from the assertion:
 (1) suppress writeback, ie do not update the writeback register
 (2) write an UNKNOWN value to the writeback register
 (3) UNDEF, ie treat the insn as an unallocated encoding
 (4) NOP, ie ignore the insn completely

QEMU chooses option (2). (As it happens our unknown value will
always be the address.) Really case (1) is a subset of (2),
and in fact if you look in Appendix J in the ARM ARM you'll
see that the only options listed are UNDEF, NOP and UNKNOWN.

The concept of CONSTRAINED UNPREDICTABLE is new in v8 of the
ARM architecture, and so there are probably cases in QEMU where
our UNPREDICTABLE behaviour is not one of the limited set imposed
by the CONSTRAINED UNPREDICTABLE specification, especially where
the UNPREDICTABLE is in old code we've retained from the ARMv7
model. However for this particular example we're within spec.

thanks
-- PMM

Re: [Qemu-devel] [Bug] : write back operation in ld /st [aarch64] inst

[Gaurav Sharma]

[-- Attachment #1: Type: text/plain, Size: 2227 bytes --]

I was taking into consideration the behavior of afm, which it seems
suppresses write back.
However, i do get your point on this.

Regards,
Gaurav

On Thu, Nov 27, 2014 at 6:10 PM, Peter Maydell <peter.maydell@linaro.org>
wrote:

> On 27 November 2014 at 12:15, Gaurav Sharma <gauravs.2010@gmail.com>
> wrote:
> > As per arm specs, if the src and dest register are same, write back
> > operation is suppressed.
> > [Specs]
> > if memop == MemOp_LOAD && wback && n == t && n != 31 then
> > c = ConstrainUnpredictable();
> > assert c IN {Constraint_WBSUPPRESS, Constraint_UNKNOWN, Constraint_UNDEF,
> > Constraint_NOP};
> > case c of
> > when Constraint_WBSUPPRESS wback = FALSE; // writeback is suppressed
> >
> > However, in the code implementation for load / store operation I see
> that we
> > do a write back anyhow. [ disas_ldst_reg_imm9]
>
> I think you are misreading the ARM ARM here. This case (load with
> writeback requested but Rn == Rt) is CONSTRAINED UNPREDICTABLE,
> which means that guest code must not rely on this behaviour
> (it is UNPREDICTABLE) but the architecture specifies a
> limited set of possible things that might happen. (Note that
> an implementation is not required to do the *same* thing
> every time!) For this case there are four implementation
> choices allowed, as you can see from the assertion:
>  (1) suppress writeback, ie do not update the writeback register
>  (2) write an UNKNOWN value to the writeback register
>  (3) UNDEF, ie treat the insn as an unallocated encoding
>  (4) NOP, ie ignore the insn completely
>
> QEMU chooses option (2). (As it happens our unknown value will
> always be the address.) Really case (1) is a subset of (2),
> and in fact if you look in Appendix J in the ARM ARM you'll
> see that the only options listed are UNDEF, NOP and UNKNOWN.
>
> The concept of CONSTRAINED UNPREDICTABLE is new in v8 of the
> ARM architecture, and so there are probably cases in QEMU where
> our UNPREDICTABLE behaviour is not one of the limited set imposed
> by the CONSTRAINED UNPREDICTABLE specification, especially where
> the UNPREDICTABLE is in old code we've retained from the ARMv7
> model. However for this particular example we're within spec.
>
> thanks
> -- PMM
>

[-- Attachment #2: Type: text/html, Size: 2845 bytes --]

Re: [Qemu-devel] [Bug] : write back operation in ld /st [aarch64] inst

[Peter Maydell]

On 27 November 2014 at 12:49, Gaurav Sharma <gauravs.2010@gmail.com> wrote:
> I was taking into consideration the behavior of afm, which it seems
> suppresses write back.

The Fast Models are just one implementation -- like every other
implementation, they have to choose a kind of unpredictable
behaviour in cases like these where there is a choice.
If you want to know the architecturally required behaviour
you must read the ARM ARM, not just look at what the Fast
Models or a particular hardware implementation do.

thanks
-- PMM