[v2] target/hppa: Fix deposit assert from trans_shrpw_imm

[PATCH v2 2/2] target/hppa: Fix deposit assert from trans_shrpw_imm

Posted by Philippe Mathieu-Daudé 4 years, 1 month ago

From: Richard Henderson <richard.henderson@linaro.org>

Because sa may be 0,

    tcg_gen_deposit_reg(dest, t0, cpu_gr[a->r1], 32 - sa, sa);

may attempt a zero-width deposit at bit 32, which will assert
for TARGET_REGISTER_BITS == 32.

Use the newer extract2 when possible, which itself includes the
rotri special case; otherwise mirror the code from trans_shrpw_sar,
using concat and shri.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/635
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20211213174248.29222-1-richard.henderson@linaro.org>
---
 target/hppa/translate.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/target/hppa/translate.c b/target/hppa/translate.c
index 261e4c75c7c..952027a28e1 100644
--- a/target/hppa/translate.c
+++ b/target/hppa/translate.c
@@ -140,6 +140,7 @@
 #define tcg_gen_deposit_z_reg tcg_gen_deposit_z_i64
 #define tcg_gen_extract_reg  tcg_gen_extract_i64
 #define tcg_gen_sextract_reg tcg_gen_sextract_i64
+#define tcg_gen_extract2_reg tcg_gen_extract2_i64
 #define tcg_const_reg        tcg_const_i64
 #define tcg_const_local_reg  tcg_const_local_i64
 #define tcg_constant_reg     tcg_constant_i64
@@ -234,6 +235,7 @@
 #define tcg_gen_deposit_z_reg tcg_gen_deposit_z_i32
 #define tcg_gen_extract_reg  tcg_gen_extract_i32
 #define tcg_gen_sextract_reg tcg_gen_sextract_i32
+#define tcg_gen_extract2_reg tcg_gen_extract2_i32
 #define tcg_const_reg        tcg_const_i32
 #define tcg_const_local_reg  tcg_const_local_i32
 #define tcg_constant_reg     tcg_constant_i32
@@ -3206,6 +3208,8 @@ static bool trans_shrpw_imm(DisasContext *ctx, arg_shrpw_imm *a)
     t2 = load_gpr(ctx, a->r2);
     if (a->r1 == 0) {
         tcg_gen_extract_reg(dest, t2, sa, 32 - sa);
+    } else if (TARGET_REGISTER_BITS == 32) {
+        tcg_gen_extract2_reg(dest, t2, cpu_gr[a->r1], sa);
     } else if (a->r1 == a->r2) {
         TCGv_i32 t32 = tcg_temp_new_i32();
         tcg_gen_trunc_reg_i32(t32, t2);
@@ -3213,10 +3217,11 @@ static bool trans_shrpw_imm(DisasContext *ctx, arg_shrpw_imm *a)
         tcg_gen_extu_i32_reg(dest, t32);
         tcg_temp_free_i32(t32);
     } else {
-        TCGv_reg t0 = tcg_temp_new();
-        tcg_gen_extract_reg(t0, t2, sa, 32 - sa);
-        tcg_gen_deposit_reg(dest, t0, cpu_gr[a->r1], 32 - sa, sa);
-        tcg_temp_free(t0);
+        TCGv_i64 t64 = tcg_temp_new_i64();
+        tcg_gen_concat_reg_i64(t64, t2, cpu_gr[a->r1]);
+        tcg_gen_shri_i64(t64, t64, sa);
+        tcg_gen_trunc_i64_reg(dest, t64);
+        tcg_temp_free_i64(t64);
     }
     save_gpr(ctx, a->t, dest);
 
-- 
2.33.1

Re: [PATCH v2 2/2] target/hppa: Fix deposit assert from trans_shrpw_imm

Posted by Philippe Mathieu-Daudé 4 years, 1 month ago

On 12/13/21 19:56, Philippe Mathieu-Daudé wrote:
> From: Richard Henderson <richard.henderson@linaro.org>
> 
> Because sa may be 0,
> 
>     tcg_gen_deposit_reg(dest, t0, cpu_gr[a->r1], 32 - sa, sa);
> 
> may attempt a zero-width deposit at bit 32, which will assert
> for TARGET_REGISTER_BITS == 32.
> 
> Use the newer extract2 when possible, which itself includes the
> rotri special case; otherwise mirror the code from trans_shrpw_sar,
> using concat and shri.
> 
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/635
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> Message-Id: <20211213174248.29222-1-richard.henderson@linaro.org>

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

> ---
>  target/hppa/translate.c | 13 +++++++++----
>  1 file changed, 9 insertions(+), 4 deletions(-)
> 
> diff --git a/target/hppa/translate.c b/target/hppa/translate.c
> index 261e4c75c7c..952027a28e1 100644
> --- a/target/hppa/translate.c
> +++ b/target/hppa/translate.c
> @@ -140,6 +140,7 @@
>  #define tcg_gen_deposit_z_reg tcg_gen_deposit_z_i64
>  #define tcg_gen_extract_reg  tcg_gen_extract_i64
>  #define tcg_gen_sextract_reg tcg_gen_sextract_i64
> +#define tcg_gen_extract2_reg tcg_gen_extract2_i64
>  #define tcg_const_reg        tcg_const_i64
>  #define tcg_const_local_reg  tcg_const_local_i64
>  #define tcg_constant_reg     tcg_constant_i64
> @@ -234,6 +235,7 @@
>  #define tcg_gen_deposit_z_reg tcg_gen_deposit_z_i32
>  #define tcg_gen_extract_reg  tcg_gen_extract_i32
>  #define tcg_gen_sextract_reg tcg_gen_sextract_i32
> +#define tcg_gen_extract2_reg tcg_gen_extract2_i32
>  #define tcg_const_reg        tcg_const_i32
>  #define tcg_const_local_reg  tcg_const_local_i32
>  #define tcg_constant_reg     tcg_constant_i32
> @@ -3206,6 +3208,8 @@ static bool trans_shrpw_imm(DisasContext *ctx, arg_shrpw_imm *a)
>      t2 = load_gpr(ctx, a->r2);
>      if (a->r1 == 0) {
>          tcg_gen_extract_reg(dest, t2, sa, 32 - sa);
> +    } else if (TARGET_REGISTER_BITS == 32) {
> +        tcg_gen_extract2_reg(dest, t2, cpu_gr[a->r1], sa);
>      } else if (a->r1 == a->r2) {
>          TCGv_i32 t32 = tcg_temp_new_i32();
>          tcg_gen_trunc_reg_i32(t32, t2);
> @@ -3213,10 +3217,11 @@ static bool trans_shrpw_imm(DisasContext *ctx, arg_shrpw_imm *a)
>          tcg_gen_extu_i32_reg(dest, t32);
>          tcg_temp_free_i32(t32);
>      } else {
> -        TCGv_reg t0 = tcg_temp_new();
> -        tcg_gen_extract_reg(t0, t2, sa, 32 - sa);
> -        tcg_gen_deposit_reg(dest, t0, cpu_gr[a->r1], 32 - sa, sa);
> -        tcg_temp_free(t0);
> +        TCGv_i64 t64 = tcg_temp_new_i64();
> +        tcg_gen_concat_reg_i64(t64, t2, cpu_gr[a->r1]);
> +        tcg_gen_shri_i64(t64, t64, sa);
> +        tcg_gen_trunc_i64_reg(dest, t64);
> +        tcg_temp_free_i64(t64);
>      }
>      save_gpr(ctx, a->t, dest);
>  
>

[PATCH v2 1/2] target/hppa: Minor code movement
[PATCH v2 2/2] target/hppa: Fix deposit assert from trans_shrpw_imm