Series comparison

-[PULL 0/3] tcg patch queue
+[PULL v3 00/28] tcg patch queue
-The following changes since commit 41192db338588051f21501abc13743e62b0a5605:
+v3: One more try to fix macos issues.
-  Merge remote-tracking branch 'remotes/ehabkost-gl/tags/machine-next-pull-request' into staging (2021-01-01 22:57:15 +0000)
 r~
 The following changes since commit e0209297cddd5e10a07e15fac5cca7aa1a8e0e59:
   Merge tag 'pull-ufs-20250217' of https://gitlab.com/jeuk20.kim/qemu into staging (2025-02-18 10:58:48 +0800)
 are available in the Git repository at:
-  https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20210104
+  https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20250215-3
-for you to fetch changes up to a66424ba17d661007dc13d78c9e3014ccbaf0efb:
+for you to fetch changes up to e726f65867087d86436de05e9f372a86ec1381a6:
-  tcg: Add tcg_gen_bswap_tl alias (2021-01-04 06:32:58 -1000)
+  tcg: Remove TCG_TARGET_HAS_{br,set}cond2 from riscv and loongarch64 (2025-02-18 08:29:03 -0800)
 ----------------------------------------------------------------
-Fix vector clear issue.
+tcg: Remove last traces of TCG_TARGET_NEED_POOL_LABELS
-Fix riscv host shift issue.
+tcg: Cleanups after disallowing 64-on-32
-Add tcg_gen_bswap_tl.
+tcg: Introduce constraint for zero register
 tcg: Remove TCG_TARGET_HAS_{br,set}cond2 from riscv and loongarch64
 tcg/i386: Use tcg_{high,unsigned}_cond in tcg_out_brcond2
 linux-user: Move TARGET_SA_RESTORER out of generic/signal.h
 linux-user: Fix alignment when unmapping excess reservation
 target/sparc: Fix register selection for all F*TOx and FxTO* instructions
 target/sparc: Fix gdbstub incorrectly handling registers f32-f62
 target/sparc: fake UltraSPARC T1 PCR and PIC registers
 ----------------------------------------------------------------
-Richard Henderson (2):
+Andreas Schwab (1):
-      tcg: Use memset for large vector byte replication
+      linux-user: Move TARGET_SA_RESTORER out of generic/signal.h
       tcg: Add tcg_gen_bswap_tl alias
-Zihao Yu (1):
+Artyom Tarasenko (1):
-      tcg/riscv: Fix illegal shift instructions
+      target/sparc: fake UltraSPARC T1 PCR and PIC registers
- accel/tcg/tcg-runtime.h     | 11 +++++++++++
+Fabiano Rosas (1):
- include/exec/helper-proto.h |  4 ++++
+      elfload: Fix alignment when unmapping excess reservation
  include/tcg/tcg-op.h        |  2 ++
  tcg/tcg-op-gvec.c           | 32 ++++++++++++++++++++++++++++++++
  tcg/riscv/tcg-target.c.inc  | 12 ++++++------
 files changed, 55 insertions(+), 6 deletions(-)
+Mikael Szreder (2):
+      target/sparc: Fix register selection for all F*TOx and FxTO* instructions
+      target/sparc: Fix gdbstub incorrectly handling registers f32-f62
+Richard Henderson (23):
+      tcg: Remove last traces of TCG_TARGET_NEED_POOL_LABELS
+      tcg: Remove TCG_OVERSIZED_GUEST
+      tcg: Drop support for two address registers in gen_ldst
+      tcg: Merge INDEX_op_qemu_*_{a32,a64}_*
+      tcg/arm: Drop addrhi from prepare_host_addr
+      tcg/i386: Drop addrhi from prepare_host_addr
+      tcg/mips: Drop addrhi from prepare_host_addr
+      tcg/ppc: Drop addrhi from prepare_host_addr
+      tcg: Replace addr{lo,hi}_reg with addr_reg in TCGLabelQemuLdst
+      plugins: Fix qemu_plugin_read_memory_vaddr parameters
+      accel/tcg: Fix tlb_set_page_with_attrs, tlb_set_page
+      target/loongarch: Use VADDR_PRIx for logging pc_next
+      target/mips: Use VADDR_PRIx for logging pc_next
+      include/exec: Change vaddr to uintptr_t
+      include/exec: Use uintptr_t in CPUTLBEntry
+      tcg: Introduce the 'z' constraint for a hardware zero register
+      tcg/aarch64: Use 'z' constraint
+      tcg/loongarch64: Use 'z' constraint
+      tcg/mips: Use 'z' constraint
+      tcg/riscv: Use 'z' constraint
+      tcg/sparc64: Use 'z' constraint
+      tcg/i386: Use tcg_{high,unsigned}_cond in tcg_out_brcond2
+      tcg: Remove TCG_TARGET_HAS_{br,set}cond2 from riscv and loongarch64
+ include/exec/tlb-common.h                          |  10 +-
+ include/exec/vaddr.h                               |  16 +-
+ include/qemu/atomic.h                              |  18 +-
+ include/tcg/oversized-guest.h                      |  23 ---
+ include/tcg/tcg-opc.h                              |  28 +--
+ include/tcg/tcg.h                                  |   3 +-
+ linux-user/aarch64/target_signal.h                 |   2 +
+ linux-user/arm/target_signal.h                     |   2 +
+ linux-user/generic/signal.h                        |   1 -
+ linux-user/i386/target_signal.h                    |   2 +
+ linux-user/m68k/target_signal.h                    |   1 +
+ linux-user/microblaze/target_signal.h              |   2 +
+ linux-user/ppc/target_signal.h                     |   2 +
+ linux-user/s390x/target_signal.h                   |   2 +
+ linux-user/sh4/target_signal.h                     |   2 +
+ linux-user/x86_64/target_signal.h                  |   2 +
+ linux-user/xtensa/target_signal.h                  |   2 +
+ tcg/aarch64/tcg-target-con-set.h                   |  12 +-
+ tcg/aarch64/tcg-target.h                           |   2 +
+ tcg/loongarch64/tcg-target-con-set.h               |  15 +-
+ tcg/loongarch64/tcg-target-con-str.h               |   1 -
+ tcg/loongarch64/tcg-target-has.h                   |   2 -
+ tcg/loongarch64/tcg-target.h                       |   2 +
+ tcg/mips/tcg-target-con-set.h                      |  26 +--
+ tcg/mips/tcg-target-con-str.h                      |   1 -
+ tcg/mips/tcg-target.h                              |   2 +
+ tcg/riscv/tcg-target-con-set.h                     |  10 +-
+ tcg/riscv/tcg-target-con-str.h                     |   1 -
+ tcg/riscv/tcg-target-has.h                         |   2 -
+ tcg/riscv/tcg-target.h                             |   2 +
+ tcg/sparc64/tcg-target-con-set.h                   |  12 +-
+ tcg/sparc64/tcg-target-con-str.h                   |   1 -
+ tcg/sparc64/tcg-target.h                           |   3 +-
+ tcg/tci/tcg-target.h                               |   1 -
+ accel/tcg/cputlb.c                                 |  32 +---
+ accel/tcg/tcg-all.c                                |   9 +-
+ linux-user/elfload.c                               |   4 +-
+ plugins/api.c                                      |   2 +-
+ target/arm/ptw.c                                   |  34 ----
+ target/loongarch/tcg/translate.c                   |   2 +-
+ target/mips/tcg/octeon_translate.c                 |   4 +-
+ target/riscv/cpu_helper.c                          |  13 +-
+ target/sparc/gdbstub.c                             |  18 +-
+ target/sparc/translate.c                           |  19 +++
+ tcg/optimize.c                                     |  21 +--
+ tcg/tcg-op-ldst.c                                  | 103 +++--------
+ tcg/tcg.c                                          |  97 +++++------
+ tcg/tci.c                                          | 119 +++----------
+ docs/devel/multi-thread-tcg.rst                    |   1 -
+ docs/devel/tcg-ops.rst                             |   4 +-
+ target/loongarch/tcg/insn_trans/trans_atomic.c.inc |   2 +-
+ target/sparc/insns.decode                          |  19 ++-
+ tcg/aarch64/tcg-target.c.inc                       |  86 ++++------
+ tcg/arm/tcg-target.c.inc                           | 114 ++++---------
+ tcg/i386/tcg-target.c.inc                          | 190 +++++----------------
+ tcg/loongarch64/tcg-target.c.inc                   |  72 +++-----
+ tcg/mips/tcg-target.c.inc                          | 169 ++++++------------
+ tcg/ppc/tcg-target.c.inc                           | 164 +++++-------------
+ tcg/riscv/tcg-target.c.inc                         |  56 +++---
+ tcg/s390x/tcg-target.c.inc                         |  40 ++---
+ tcg/sparc64/tcg-target.c.inc                       |  45 ++---
+ tcg/tci/tcg-target.c.inc                           |  60 ++-----
+files changed, 550 insertions(+), 1162 deletions(-)
+ delete mode 100644 include/tcg/oversized-guest.h

-[PULL 1/3] tcg: Use memset for large vector byte replication
+Deleted patch
-In f47db80cc07, we handled odd-sized tail clearing for
-the case of hosts that have vector operations, but did
-not handle the case of hosts that do not have vector ops.
-This was ok until e2e7168a214b, which changed the encoding
-of simd_desc such that the odd sizes are impossible.
-Add memset as a tcg helper, and use that for all out-of-line
-byte stores to vectors.  This includes, but is not limited to,
-the tail clearing operation in question.
-Cc: qemu-stable@nongnu.org
-Buglink: https://bugs.launchpad.net/bugs/1907817
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- accel/tcg/tcg-runtime.h     | 11 +++++++++++
- include/exec/helper-proto.h |  4 ++++
- tcg/tcg-op-gvec.c           | 32 ++++++++++++++++++++++++++++++++
-files changed, 47 insertions(+)
-diff --git a/accel/tcg/tcg-runtime.h b/accel/tcg/tcg-runtime.h
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/tcg-runtime.h
-+++ b/accel/tcg/tcg-runtime.h
-@@ -XXX,XX +XXX,XX @@ DEF_HELPER_FLAGS_1(lookup_tb_ptr, TCG_CALL_NO_WG_SE, ptr, env)
- DEF_HELPER_FLAGS_1(exit_atomic, TCG_CALL_NO_WG, noreturn, env)
-+#ifndef IN_HELPER_PROTO
-+/*
-+ * Pass calls to memset directly to libc, without a thunk in qemu.
-+ * Do not re-declare memset, especially since we fudge the type here;
-+ * we assume sizeof(void *) == sizeof(size_t), which is true for
-+ * all supported hosts.
-+ */
-+#define helper_memset memset
-+DEF_HELPER_FLAGS_3(memset, TCG_CALL_NO_RWG, ptr, ptr, int, ptr)
-+#endif /* IN_HELPER_PROTO */
-+
- #ifdef CONFIG_SOFTMMU
- DEF_HELPER_FLAGS_5(atomic_cmpxchgb, TCG_CALL_NO_WG,
-diff --git a/include/exec/helper-proto.h b/include/exec/helper-proto.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/exec/helper-proto.h
-+++ b/include/exec/helper-proto.h
-@@ -XXX,XX +XXX,XX @@ dh_ctype(ret) HELPER(name) (dh_ctype(t1), dh_ctype(t2), dh_ctype(t3), \
-                             dh_ctype(t4), dh_ctype(t5), dh_ctype(t6), \
-                             dh_ctype(t7));
-+#define IN_HELPER_PROTO
-+
- #include "helper.h"
- #include "trace/generated-helpers.h"
- #include "tcg-runtime.h"
- #include "plugin-helpers.h"
-+#undef IN_HELPER_PROTO
-+
- #undef DEF_HELPER_FLAGS_0
- #undef DEF_HELPER_FLAGS_1
- #undef DEF_HELPER_FLAGS_2
-diff --git a/tcg/tcg-op-gvec.c b/tcg/tcg-op-gvec.c
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/tcg-op-gvec.c
-+++ b/tcg/tcg-op-gvec.c
-@@ -XXX,XX +XXX,XX @@ static void do_dup(unsigned vece, uint32_t dofs, uint32_t oprsz,
-         in_c = dup_const(vece, in_c);
-         if (in_c == 0) {
-             oprsz = maxsz;
-+            vece = MO_8;
-+        } else if (in_c == dup_const(MO_8, in_c)) {
-+            vece = MO_8;
-         }
-     }
-@@ -XXX,XX +XXX,XX @@ static void do_dup(unsigned vece, uint32_t dofs, uint32_t oprsz,
-     /* Otherwise implement out of line.  */
-     t_ptr = tcg_temp_new_ptr();
-     tcg_gen_addi_ptr(t_ptr, cpu_env, dofs);
-+
-+    /*
-+     * This may be expand_clr for the tail of an operation, e.g.
-+     * oprsz == 8 && maxsz == 64.  The size of the clear is misaligned
-+     * wrt simd_desc and will assert.  Simply pass all replicated byte
-+     * stores through to memset.
-+     */
-+    if (oprsz == maxsz && vece == MO_8) {
-+        TCGv_ptr t_size = tcg_const_ptr(oprsz);
-+        TCGv_i32 t_val;
-+
-+        if (in_32) {
-+            t_val = in_32;
-+        } else if (in_64) {
-+            t_val = tcg_temp_new_i32();
-+            tcg_gen_extrl_i64_i32(t_val, in_64);
-+        } else {
-+            t_val = tcg_const_i32(in_c);
-+        }
-+        gen_helper_memset(t_ptr, t_ptr, t_val, t_size);
-+
-+        if (!in_32) {
-+            tcg_temp_free_i32(t_val);
-+        }
-+        tcg_temp_free_ptr(t_size);
-+        tcg_temp_free_ptr(t_ptr);
-+        return;
-+    }
-+
-     t_desc = tcg_const_i32(simd_desc(oprsz, maxsz, 0));
-     if (vece == MO_64) {
---
-.25.1

-[PULL 2/3] tcg/riscv: Fix illegal shift instructions
+Deleted patch
-From: Zihao Yu <yuzihao@ict.ac.cn>
-Out-of-range shifts have undefined results, but must not trap.
-Mask off immediate shift counts to solve this problem.
-This bug can be reproduced by running the following guest instructions:
-  xor %ecx,%ecx
-  sar %cl,%eax
-  cmovne %edi,%eax
-After optimization, the tcg opcodes of the sar are
-  movi_i32 tmp3,$0xffffffffffffffff  pref=all
-  sar_i32 tmp3,eax,tmp3              dead: 2  pref=all
-  mov_i32 cc_dst,eax                 sync: 0  dead: 1 pref=0xffc0300
-  mov_i32 cc_src,tmp3                sync: 0  dead: 0 1  pref=all
-  movi_i32 cc_op,$0x31               sync: 0  dead: 0  pref=all
-The sar_i32 opcode is a shift by -1, which unmasked generates
-x200808d618:  fffa5b9b          illegal
-Signed-off-by: Zihao Yu <yuzihao@ict.ac.cn>
-Message-Id: <20201216081206.9628-1-yuzihao@ict.ac.cn>
-[rth: Reworded the patch description.]
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- tcg/riscv/tcg-target.c.inc | 12 ++++++------
-file changed, 6 insertions(+), 6 deletions(-)
-diff --git a/tcg/riscv/tcg-target.c.inc b/tcg/riscv/tcg-target.c.inc
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/riscv/tcg-target.c.inc
-+++ b/tcg/riscv/tcg-target.c.inc
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
-     case INDEX_op_shl_i32:
-         if (c2) {
--            tcg_out_opc_imm(s, OPC_SLLIW, a0, a1, a2);
-+            tcg_out_opc_imm(s, OPC_SLLIW, a0, a1, a2 & 0x1f);
-         } else {
-             tcg_out_opc_reg(s, OPC_SLLW, a0, a1, a2);
-         }
-         break;
-     case INDEX_op_shl_i64:
-         if (c2) {
--            tcg_out_opc_imm(s, OPC_SLLI, a0, a1, a2);
-+            tcg_out_opc_imm(s, OPC_SLLI, a0, a1, a2 & 0x3f);
-         } else {
-             tcg_out_opc_reg(s, OPC_SLL, a0, a1, a2);
-         }
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
-     case INDEX_op_shr_i32:
-         if (c2) {
--            tcg_out_opc_imm(s, OPC_SRLIW, a0, a1, a2);
-+            tcg_out_opc_imm(s, OPC_SRLIW, a0, a1, a2 & 0x1f);
-         } else {
-             tcg_out_opc_reg(s, OPC_SRLW, a0, a1, a2);
-         }
-         break;
-     case INDEX_op_shr_i64:
-         if (c2) {
--            tcg_out_opc_imm(s, OPC_SRLI, a0, a1, a2);
-+            tcg_out_opc_imm(s, OPC_SRLI, a0, a1, a2 & 0x3f);
-         } else {
-             tcg_out_opc_reg(s, OPC_SRL, a0, a1, a2);
-         }
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
-     case INDEX_op_sar_i32:
-         if (c2) {
--            tcg_out_opc_imm(s, OPC_SRAIW, a0, a1, a2);
-+            tcg_out_opc_imm(s, OPC_SRAIW, a0, a1, a2 & 0x1f);
-         } else {
-             tcg_out_opc_reg(s, OPC_SRAW, a0, a1, a2);
-         }
-         break;
-     case INDEX_op_sar_i64:
-         if (c2) {
--            tcg_out_opc_imm(s, OPC_SRAI, a0, a1, a2);
-+            tcg_out_opc_imm(s, OPC_SRAI, a0, a1, a2 & 0x3f);
-         } else {
-             tcg_out_opc_reg(s, OPC_SRA, a0, a1, a2);
-         }
---
-.25.1

-[PULL 3/3] tcg: Add tcg_gen_bswap_tl alias
+[PULL v3 13/28] target/mips: Use VADDR_PRIx for logging pc_next
-The alias is intended to indicate that the bswap is for the
+DisasContextBase.pc_next has type vaddr; use the correct log format.
 entire target_long.  This should avoid ifdefs on some targets.
-Reviewed-by: Frank Chang <frank.chang@sifive.com>
+Fixes: 85c19af63e7 ("include/exec: Use vaddr in DisasContextBase for virtual addresses")
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- include/tcg/tcg-op.h | 2 ++
+ target/mips/tcg/octeon_translate.c | 4 ++--
-file changed, 2 insertions(+)
+file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/include/tcg/tcg-op.h b/include/tcg/tcg-op.h
+diff --git a/target/mips/tcg/octeon_translate.c b/target/mips/tcg/octeon_translate.c
 index XXXXXXX..XXXXXXX 100644
---- a/include/tcg/tcg-op.h
+--- a/target/mips/tcg/octeon_translate.c
-+++ b/include/tcg/tcg-op.h
++++ b/target/mips/tcg/octeon_translate.c
-@@ -XXX,XX +XXX,XX @@ void tcg_gen_stl_vec(TCGv_vec r, TCGv_ptr base, TCGArg offset, TCGType t);
+@@ -XXX,XX +XXX,XX @@ static bool trans_BBIT(DisasContext *ctx, arg_BBIT *a)
- #define tcg_gen_bswap16_tl tcg_gen_bswap16_i64
+     TCGv p;
- #define tcg_gen_bswap32_tl tcg_gen_bswap32_i64
- #define tcg_gen_bswap64_tl tcg_gen_bswap64_i64
+     if (ctx->hflags & MIPS_HFLAG_BMASK) {
-+#define tcg_gen_bswap_tl tcg_gen_bswap64_i64
+-        LOG_DISAS("Branch in delay / forbidden slot at PC 0x"
- #define tcg_gen_concat_tl_i64 tcg_gen_concat32_i64
+-                  TARGET_FMT_lx "\n", ctx->base.pc_next);
- #define tcg_gen_extr_i64_tl tcg_gen_extr32_i64
++        LOG_DISAS("Branch in delay / forbidden slot at PC 0x%" VADDR_PRIx "\n",
- #define tcg_gen_andc_tl tcg_gen_andc_i64
++                  ctx->base.pc_next);
-@@ -XXX,XX +XXX,XX @@ void tcg_gen_stl_vec(TCGv_vec r, TCGv_ptr base, TCGArg offset, TCGType t);
+         generate_exception_end(ctx, EXCP_RI);
- #define tcg_gen_ext32s_tl tcg_gen_mov_i32
+         return true;
- #define tcg_gen_bswap16_tl tcg_gen_bswap16_i32
+     }
  #define tcg_gen_bswap32_tl tcg_gen_bswap32_i32
 +#define tcg_gen_bswap_tl tcg_gen_bswap32_i32
  #define tcg_gen_concat_tl_i64 tcg_gen_concat_i32_i64
  #define tcg_gen_extr_i64_tl tcg_gen_extr_i64_i32
  #define tcg_gen_andc_tl tcg_gen_andc_i32
 --
-.25.1
+.43.0

The following changes since commit 41192db338588051f21501abc13743e62b0a5605:

Merge remote-tracking branch 'remotes/ehabkost-gl/tags/machine-next-pull-request' into staging (2021-01-01 22:57:15 +0000)

are available in the Git repository at:

https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20210104

for you to fetch changes up to a66424ba17d661007dc13d78c9e3014ccbaf0efb:

tcg: Add tcg_gen_bswap_tl alias (2021-01-04 06:32:58 -1000)

----------------------------------------------------------------
Fix vector clear issue.
Fix riscv host shift issue.
Add tcg_gen_bswap_tl.

----------------------------------------------------------------
Richard Henderson (2):
      tcg: Use memset for large vector byte replication
      tcg: Add tcg_gen_bswap_tl alias

Zihao Yu (1):
      tcg/riscv: Fix illegal shift instructions

accel/tcg/tcg-runtime.h     | 11 +++++++++++
 include/exec/helper-proto.h |  4 ++++
 include/tcg/tcg-op.h        |  2 ++
 tcg/tcg-op-gvec.c           | 32 ++++++++++++++++++++++++++++++++
 tcg/riscv/tcg-target.c.inc  | 12 ++++++------
 5 files changed, 55 insertions(+), 6 deletions(-)

In f47db80cc07, we handled odd-sized tail clearing for
the case of hosts that have vector operations, but did
not handle the case of hosts that do not have vector ops.

This was ok until e2e7168a214b, which changed the encoding
of simd_desc such that the odd sizes are impossible.

Add memset as a tcg helper, and use that for all out-of-line
byte stores to vectors.  This includes, but is not limited to,
the tail clearing operation in question.

Cc: qemu-stable@nongnu.org
Buglink: https://bugs.launchpad.net/bugs/1907817
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/tcg-runtime.h     | 11 +++++++++++
 include/exec/helper-proto.h |  4 ++++
 tcg/tcg-op-gvec.c           | 32 ++++++++++++++++++++++++++++++++
 3 files changed, 47 insertions(+)

diff --git a/accel/tcg/tcg-runtime.h b/accel/tcg/tcg-runtime.h
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/tcg-runtime.h
+++ b/accel/tcg/tcg-runtime.h
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_FLAGS_1(lookup_tb_ptr, TCG_CALL_NO_WG_SE, ptr, env)
 
 DEF_HELPER_FLAGS_1(exit_atomic, TCG_CALL_NO_WG, noreturn, env)
 
+#ifndef IN_HELPER_PROTO
+/*
+ * Pass calls to memset directly to libc, without a thunk in qemu.
+ * Do not re-declare memset, especially since we fudge the type here;
+ * we assume sizeof(void *) == sizeof(size_t), which is true for
+ * all supported hosts.
+ */
+#define helper_memset memset
+DEF_HELPER_FLAGS_3(memset, TCG_CALL_NO_RWG, ptr, ptr, int, ptr)
+#endif /* IN_HELPER_PROTO */
+
 #ifdef CONFIG_SOFTMMU
 
 DEF_HELPER_FLAGS_5(atomic_cmpxchgb, TCG_CALL_NO_WG,
diff --git a/include/exec/helper-proto.h b/include/exec/helper-proto.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/helper-proto.h
+++ b/include/exec/helper-proto.h
@@ -XXX,XX +XXX,XX @@ dh_ctype(ret) HELPER(name) (dh_ctype(t1), dh_ctype(t2), dh_ctype(t3), \
                             dh_ctype(t4), dh_ctype(t5), dh_ctype(t6), \
                             dh_ctype(t7));
 
+#define IN_HELPER_PROTO
+
 #include "helper.h"
 #include "trace/generated-helpers.h"
 #include "tcg-runtime.h"
 #include "plugin-helpers.h"
 
+#undef IN_HELPER_PROTO
+
 #undef DEF_HELPER_FLAGS_0
 #undef DEF_HELPER_FLAGS_1
 #undef DEF_HELPER_FLAGS_2
diff --git a/tcg/tcg-op-gvec.c b/tcg/tcg-op-gvec.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg-op-gvec.c
+++ b/tcg/tcg-op-gvec.c
@@ -XXX,XX +XXX,XX @@ static void do_dup(unsigned vece, uint32_t dofs, uint32_t oprsz,
         in_c = dup_const(vece, in_c);
         if (in_c == 0) {
             oprsz = maxsz;
+            vece = MO_8;
+        } else if (in_c == dup_const(MO_8, in_c)) {
+            vece = MO_8;
         }
     }
 
@@ -XXX,XX +XXX,XX @@ static void do_dup(unsigned vece, uint32_t dofs, uint32_t oprsz,
     /* Otherwise implement out of line.  */
     t_ptr = tcg_temp_new_ptr();
     tcg_gen_addi_ptr(t_ptr, cpu_env, dofs);
+
+    /*
+     * This may be expand_clr for the tail of an operation, e.g.
+     * oprsz == 8 && maxsz == 64.  The size of the clear is misaligned
+     * wrt simd_desc and will assert.  Simply pass all replicated byte
+     * stores through to memset.
+     */
+    if (oprsz == maxsz && vece == MO_8) {
+        TCGv_ptr t_size = tcg_const_ptr(oprsz);
+        TCGv_i32 t_val;
+
+        if (in_32) {
+            t_val = in_32;
+        } else if (in_64) {
+            t_val = tcg_temp_new_i32();
+            tcg_gen_extrl_i64_i32(t_val, in_64);
+        } else {
+            t_val = tcg_const_i32(in_c);
+        }
+        gen_helper_memset(t_ptr, t_ptr, t_val, t_size);
+
+        if (!in_32) {
+            tcg_temp_free_i32(t_val);
+        }
+        tcg_temp_free_ptr(t_size);
+        tcg_temp_free_ptr(t_ptr);
+        return;
+    }
+
     t_desc = tcg_const_i32(simd_desc(oprsz, maxsz, 0));
 
     if (vece == MO_64) {
-- 
2.25.1

From: Zihao Yu <yuzihao@ict.ac.cn>

Out-of-range shifts have undefined results, but must not trap.
Mask off immediate shift counts to solve this problem.

This bug can be reproduced by running the following guest instructions:

xor %ecx,%ecx
  sar %cl,%eax
  cmovne %edi,%eax

After optimization, the tcg opcodes of the sar are

movi_i32 tmp3,$0xffffffffffffffff  pref=all
  sar_i32 tmp3,eax,tmp3              dead: 2  pref=all
  mov_i32 cc_dst,eax                 sync: 0  dead: 1 pref=0xffc0300
  mov_i32 cc_src,tmp3                sync: 0  dead: 0 1  pref=all
  movi_i32 cc_op,$0x31               sync: 0  dead: 0  pref=all

The sar_i32 opcode is a shift by -1, which unmasked generates

0x200808d618:  fffa5b9b          illegal

Signed-off-by: Zihao Yu <yuzihao@ict.ac.cn>
Message-Id: <20201216081206.9628-1-yuzihao@ict.ac.cn>
[rth: Reworded the patch description.]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/riscv/tcg-target.c.inc | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/tcg/riscv/tcg-target.c.inc b/tcg/riscv/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/riscv/tcg-target.c.inc
+++ b/tcg/riscv/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
 
     case INDEX_op_shl_i32:
         if (c2) {
-            tcg_out_opc_imm(s, OPC_SLLIW, a0, a1, a2);
+            tcg_out_opc_imm(s, OPC_SLLIW, a0, a1, a2 & 0x1f);
         } else {
             tcg_out_opc_reg(s, OPC_SLLW, a0, a1, a2);
         }
         break;
     case INDEX_op_shl_i64:
         if (c2) {
-            tcg_out_opc_imm(s, OPC_SLLI, a0, a1, a2);
+            tcg_out_opc_imm(s, OPC_SLLI, a0, a1, a2 & 0x3f);
         } else {
             tcg_out_opc_reg(s, OPC_SLL, a0, a1, a2);
         }
@@ -XXX,XX +XXX,XX @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
 
     case INDEX_op_shr_i32:
         if (c2) {
-            tcg_out_opc_imm(s, OPC_SRLIW, a0, a1, a2);
+            tcg_out_opc_imm(s, OPC_SRLIW, a0, a1, a2 & 0x1f);
         } else {
             tcg_out_opc_reg(s, OPC_SRLW, a0, a1, a2);
         }
         break;
     case INDEX_op_shr_i64:
         if (c2) {
-            tcg_out_opc_imm(s, OPC_SRLI, a0, a1, a2);
+            tcg_out_opc_imm(s, OPC_SRLI, a0, a1, a2 & 0x3f);
         } else {
             tcg_out_opc_reg(s, OPC_SRL, a0, a1, a2);
         }
@@ -XXX,XX +XXX,XX @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
 
     case INDEX_op_sar_i32:
         if (c2) {
-            tcg_out_opc_imm(s, OPC_SRAIW, a0, a1, a2);
+            tcg_out_opc_imm(s, OPC_SRAIW, a0, a1, a2 & 0x1f);
         } else {
             tcg_out_opc_reg(s, OPC_SRAW, a0, a1, a2);
         }
         break;
     case INDEX_op_sar_i64:
         if (c2) {
-            tcg_out_opc_imm(s, OPC_SRAI, a0, a1, a2);
+            tcg_out_opc_imm(s, OPC_SRAI, a0, a1, a2 & 0x3f);
         } else {
             tcg_out_opc_reg(s, OPC_SRA, a0, a1, a2);
         }
-- 
2.25.1

The alias is intended to indicate that the bswap is for the
entire target_long.  This should avoid ifdefs on some targets.

Reviewed-by: Frank Chang <frank.chang@sifive.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/tcg/tcg-op.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/tcg/tcg-op.h b/include/tcg/tcg-op.h
index XXXXXXX..XXXXXXX 100644
--- a/include/tcg/tcg-op.h
+++ b/include/tcg/tcg-op.h
@@ -XXX,XX +XXX,XX @@ void tcg_gen_stl_vec(TCGv_vec r, TCGv_ptr base, TCGArg offset, TCGType t);
 #define tcg_gen_bswap16_tl tcg_gen_bswap16_i64
 #define tcg_gen_bswap32_tl tcg_gen_bswap32_i64
 #define tcg_gen_bswap64_tl tcg_gen_bswap64_i64
+#define tcg_gen_bswap_tl tcg_gen_bswap64_i64
 #define tcg_gen_concat_tl_i64 tcg_gen_concat32_i64
 #define tcg_gen_extr_i64_tl tcg_gen_extr32_i64
 #define tcg_gen_andc_tl tcg_gen_andc_i64
@@ -XXX,XX +XXX,XX @@ void tcg_gen_stl_vec(TCGv_vec r, TCGv_ptr base, TCGArg offset, TCGType t);
 #define tcg_gen_ext32s_tl tcg_gen_mov_i32
 #define tcg_gen_bswap16_tl tcg_gen_bswap16_i32
 #define tcg_gen_bswap32_tl tcg_gen_bswap32_i32
+#define tcg_gen_bswap_tl tcg_gen_bswap32_i32
 #define tcg_gen_concat_tl_i64 tcg_gen_concat_i32_i64
 #define tcg_gen_extr_i64_tl tcg_gen_extr_i64_i32
 #define tcg_gen_andc_tl tcg_gen_andc_i32
-- 
2.25.1

v3: One more try to fix macos issues.

The following changes since commit e0209297cddd5e10a07e15fac5cca7aa1a8e0e59:

Merge tag 'pull-ufs-20250217' of https://gitlab.com/jeuk20.kim/qemu into staging (2025-02-18 10:58:48 +0800)

are available in the Git repository at:

https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20250215-3

for you to fetch changes up to e726f65867087d86436de05e9f372a86ec1381a6:

tcg: Remove TCG_TARGET_HAS_{br,set}cond2 from riscv and loongarch64 (2025-02-18 08:29:03 -0800)

----------------------------------------------------------------
tcg: Remove last traces of TCG_TARGET_NEED_POOL_LABELS
tcg: Cleanups after disallowing 64-on-32
tcg: Introduce constraint for zero register
tcg: Remove TCG_TARGET_HAS_{br,set}cond2 from riscv and loongarch64
tcg/i386: Use tcg_{high,unsigned}_cond in tcg_out_brcond2
linux-user: Move TARGET_SA_RESTORER out of generic/signal.h
linux-user: Fix alignment when unmapping excess reservation
target/sparc: Fix register selection for all F*TOx and FxTO* instructions
target/sparc: Fix gdbstub incorrectly handling registers f32-f62
target/sparc: fake UltraSPARC T1 PCR and PIC registers

----------------------------------------------------------------
Andreas Schwab (1):
      linux-user: Move TARGET_SA_RESTORER out of generic/signal.h

Artyom Tarasenko (1):
      target/sparc: fake UltraSPARC T1 PCR and PIC registers

Fabiano Rosas (1):
      elfload: Fix alignment when unmapping excess reservation

Mikael Szreder (2):
      target/sparc: Fix register selection for all F*TOx and FxTO* instructions
      target/sparc: Fix gdbstub incorrectly handling registers f32-f62

Richard Henderson (23):
      tcg: Remove last traces of TCG_TARGET_NEED_POOL_LABELS
      tcg: Remove TCG_OVERSIZED_GUEST
      tcg: Drop support for two address registers in gen_ldst
      tcg: Merge INDEX_op_qemu_*_{a32,a64}_*
      tcg/arm: Drop addrhi from prepare_host_addr
      tcg/i386: Drop addrhi from prepare_host_addr
      tcg/mips: Drop addrhi from prepare_host_addr
      tcg/ppc: Drop addrhi from prepare_host_addr
      tcg: Replace addr{lo,hi}_reg with addr_reg in TCGLabelQemuLdst
      plugins: Fix qemu_plugin_read_memory_vaddr parameters
      accel/tcg: Fix tlb_set_page_with_attrs, tlb_set_page
      target/loongarch: Use VADDR_PRIx for logging pc_next
      target/mips: Use VADDR_PRIx for logging pc_next
      include/exec: Change vaddr to uintptr_t
      include/exec: Use uintptr_t in CPUTLBEntry
      tcg: Introduce the 'z' constraint for a hardware zero register
      tcg/aarch64: Use 'z' constraint
      tcg/loongarch64: Use 'z' constraint
      tcg/mips: Use 'z' constraint
      tcg/riscv: Use 'z' constraint
      tcg/sparc64: Use 'z' constraint
      tcg/i386: Use tcg_{high,unsigned}_cond in tcg_out_brcond2
      tcg: Remove TCG_TARGET_HAS_{br,set}cond2 from riscv and loongarch64