The function neon_store_reg32() doesn't free the TCG temp that it
is passed, so the caller must do that. We got this right in most
places but forgot to free the TCG temps in trans_VMOV_64_sp().
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/translate-vfp.inc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/target/arm/translate-vfp.inc.c b/target/arm/translate-vfp.inc.c
index 3e8ea80493b..9ae980bef63 100644
--- a/target/arm/translate-vfp.inc.c
+++ b/target/arm/translate-vfp.inc.c
@@ -880,8 +880,10 @@ static bool trans_VMOV_64_sp(DisasContext *s, arg_VMOV_64_sp *a)
/* gpreg to fpreg */
tmp = load_reg(s, a->rt);
neon_store_reg32(tmp, a->vm);
+ tcg_temp_free_i32(tmp);
tmp = load_reg(s, a->rt2);
neon_store_reg32(tmp, a->vm + 1);
+ tcg_temp_free_i32(tmp);
}
return true;
--
2.20.1
On 8/27/19 2:19 PM, Peter Maydell wrote: > The function neon_store_reg32() doesn't free the TCG temp that it > is passed, so the caller must do that. We got this right in most > places but forgot to free the TCG temps in trans_VMOV_64_sp(). > > Cc: qemu-stable@nongnu.org > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > --- > target/arm/translate-vfp.inc.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/target/arm/translate-vfp.inc.c b/target/arm/translate-vfp.inc.c > index 3e8ea80493b..9ae980bef63 100644 > --- a/target/arm/translate-vfp.inc.c > +++ b/target/arm/translate-vfp.inc.c > @@ -880,8 +880,10 @@ static bool trans_VMOV_64_sp(DisasContext *s, arg_VMOV_64_sp *a) > /* gpreg to fpreg */ > tmp = load_reg(s, a->rt); > neon_store_reg32(tmp, a->vm); > + tcg_temp_free_i32(tmp); > tmp = load_reg(s, a->rt2); > neon_store_reg32(tmp, a->vm + 1); > + tcg_temp_free_i32(tmp); > } > > return true; Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
27.08.2019. 14.20, "Peter Maydell" <peter.maydell@linaro.org> је написао/ла: > > The function neon_store_reg32() doesn't free the TCG temp that it > is passed, so the caller must do that. We got this right in most > places but forgot to free the TCG temps in trans_VMOV_64_sp(). > > Cc: qemu-stable@nongnu.org > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > --- Hello, Peter, I am just curious if you found this by manual code inspection, or perhaps using a tool? Yours, Aleksandar > target/arm/translate-vfp.inc.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/target/arm/translate-vfp.inc.c b/target/arm/translate-vfp.inc.c > index 3e8ea80493b..9ae980bef63 100644 > --- a/target/arm/translate-vfp.inc.c > +++ b/target/arm/translate-vfp.inc.c > @@ -880,8 +880,10 @@ static bool trans_VMOV_64_sp(DisasContext *s, arg_VMOV_64_sp *a) > /* gpreg to fpreg */ > tmp = load_reg(s, a->rt); > neon_store_reg32(tmp, a->vm); > + tcg_temp_free_i32(tmp); > tmp = load_reg(s, a->rt2); > neon_store_reg32(tmp, a->vm + 1); > + tcg_temp_free_i32(tmp); > } > > return true; > -- > 2.20.1 > >
Aleksandar Markovic <aleksandar.m.mail@gmail.com> writes: > 27.08.2019. 14.20, "Peter Maydell" <peter.maydell@linaro.org> је написао/ла: >> >> The function neon_store_reg32() doesn't free the TCG temp that it >> is passed, so the caller must do that. We got this right in most >> places but forgot to free the TCG temps in trans_VMOV_64_sp(). >> >> Cc: qemu-stable@nongnu.org >> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> >> --- > > Hello, Peter, > > I am just curious if you found this by manual code inspection, or perhaps > using a tool? I'm guessing that if you run code that exercises this while built with --enable-tcg-debug then TCG's sanity checking complains about unfreed temps. > > Yours, > Aleksandar > >> target/arm/translate-vfp.inc.c | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/target/arm/translate-vfp.inc.c > b/target/arm/translate-vfp.inc.c >> index 3e8ea80493b..9ae980bef63 100644 >> --- a/target/arm/translate-vfp.inc.c >> +++ b/target/arm/translate-vfp.inc.c >> @@ -880,8 +880,10 @@ static bool trans_VMOV_64_sp(DisasContext *s, > arg_VMOV_64_sp *a) >> /* gpreg to fpreg */ >> tmp = load_reg(s, a->rt); >> neon_store_reg32(tmp, a->vm); >> + tcg_temp_free_i32(tmp); >> tmp = load_reg(s, a->rt2); >> neon_store_reg32(tmp, a->vm + 1); >> + tcg_temp_free_i32(tmp); >> } >> >> return true; >> -- >> 2.20.1 >> >> -- Alex Bennée
On Thu, 29 Aug 2019 at 21:22, Alex Bennée <alex.bennee@linaro.org> wrote: > > > Aleksandar Markovic <aleksandar.m.mail@gmail.com> writes: > > I am just curious if you found this by manual code inspection, or perhaps > > using a tool? > > I'm guessing that if you run code that exercises this while built with > --enable-tcg-debug then TCG's sanity checking complains about unfreed > temps. Yes, exactly -- this was producing warnings for a random bit of guest code I happened to be running. (I run most of my testing with an --enable-debug build, which includes the TCG debug). thanks -- PMM
On 8/27/19 5:19 AM, Peter Maydell wrote: > The function neon_store_reg32() doesn't free the TCG temp that it > is passed, so the caller must do that. We got this right in most > places but forgot to free the TCG temps in trans_VMOV_64_sp(). > > Cc: qemu-stable@nongnu.org > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > --- > target/arm/translate-vfp.inc.c | 2 ++ > 1 file changed, 2 insertions(+) Reviewed-by: Richard Henderson <richard.henderson@linaro.org> r~
© 2016 - 2025 Red Hat, Inc.