From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0CE42C433B4 for ; Thu, 22 Apr 2021 21:52:07 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id DA11161406 for ; Thu, 22 Apr 2021 21:52:05 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DA11161406 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=bugs.launchpad.net Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:50802 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lZhEy-0005Gy-Ry for qemu-devel@archiver.kernel.org; Thu, 22 Apr 2021 17:52:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:55724) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lZhDc-0004Vx-OM for qemu-devel@nongnu.org; Thu, 22 Apr 2021 17:50:41 -0400 Received: from indium.canonical.com ([91.189.90.7]:47954) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lZhDW-0007q8-VP for qemu-devel@nongnu.org; Thu, 22 Apr 2021 17:50:40 -0400 Received: from loganberry.canonical.com ([91.189.90.37]) by indium.canonical.com with esmtp (Exim 4.86_2 #2 (Debian)) id 1lZhDU-0003yV-VZ for ; Thu, 22 Apr 2021 21:50:32 +0000 Received: from loganberry.canonical.com (localhost [127.0.0.1]) by loganberry.canonical.com (Postfix) with ESMTP id E1D1D2E8144 for ; Thu, 22 Apr 2021 21:50:32 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Date: Thu, 22 Apr 2021 21:38:21 -0000 From: Richard Henderson <1925512@bugs.launchpad.net> To: qemu-devel@nongnu.org X-Launchpad-Notification-Type: bug X-Launchpad-Bug: product=qemu; status=Invalid; importance=Undecided; assignee=None; X-Launchpad-Bug-Tags: arm tcg X-Launchpad-Bug-Information-Type: Public X-Launchpad-Bug-Private: no X-Launchpad-Bug-Security-Vulnerability: no X-Launchpad-Bug-Commenters: muhui rth X-Launchpad-Bug-Reporter: JIANG Muhui (muhui) X-Launchpad-Bug-Modifier: Richard Henderson (rth) References: <161909962601.31655.7052824363126074861.malonedeb@soybean.canonical.com> Message-Id: <161912750125.31777.15442571029898871430.malone@soybean.canonical.com> Subject: [Bug 1925512] Re: UNDEFINED case for instruction BLX X-Launchpad-Message-Rationale: Subscriber (QEMU) @qemu-devel-ml X-Launchpad-Message-For: qemu-devel-ml Precedence: bulk X-Generated-By: Launchpad (canonical.com); Revision="1552fceb1603b3da6cfa437575d9c9fc4b2e683a"; Instance="production" X-Launchpad-Hash: 54ae5c68beb6defef822d5a720d7dd452f0cbc84 Received-SPF: none client-ip=91.189.90.7; envelope-from=bounces@canonical.com; helo=indium.canonical.com X-Spam_score_int: -65 X-Spam_score: -6.6 X-Spam_bar: ------ X-Spam_report: (-6.6 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Bug 1925512 <1925512@bugs.launchpad.net> Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" The complete imm32 is computed by %imm24 26:s1 13:1 11:1 16:10 0:11 !function=3Dt32_branch24 so that H appears at bit 1 in a->imm in trans_BLX_i. Returning false from any trans_* function means that the trans function did not match. In some cases, this means that the next possible matching pattern is tested. But in most cases, such as this one, we return all the way to disas_thumb2_insn, where we do in fact call unallocated_encoding. If you have a test case that fails, please provide it. -- = You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1925512 Title: UNDEFINED case for instruction BLX Status in QEMU: Invalid Bug description: Hi I refer to the instruction BLX imm (T2 encoding) in ARMv7 (Thumb mode). 11110 S imm10H 11 J1 0 J2 imm10L H = if H =3D=3D '1' then UNDEFINED; I1 =3D NOT(J1 EOR S); I2 =3D NOT(J2 EOR S); imm32 =3D SignExtend(S:I1:I= 2:imm10H:imm10L:'00', 32); targetInstrSet =3D InstrSet_A32; if InITBlock() && !LastInITBlock() then UNPREDICTABLE; According to the manual, if H equals to 1, this instruction should be an UNDEFINED instruction. However, it seems QEMU does not check this constraint in function trans_BLX_i. Thanks Regards Muhui To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1925512/+subscriptions