1. Patchew
  2. QEMU
  3. View series

[PATCH] tcg/ppc/tcg-target.c.inc: Fix tcg_out_rlw_rc

Dani Szebenyi posted 1 patch 7 hours ago 
tcg/ppc/tcg-target.c.inc | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
[PATCH] tcg/ppc/tcg-target.c.inc: Fix tcg_out_rlw_rc
Posted by Dani Szebenyi 7 hours ago 
The previous message I sent was corrupted, sending again.

The TCG IR sequence:
mov_i32 tmp97,$0xc4240000                dead: 1  pref=0xffffffff
mov_i32 tmp98,$0x0                       pref=0xffffffff
rotr_i32 tmp97,tmp97,tmp98               dead: 1 2  pref=0xffffffff

was translated to `slwi	r15, r14, 0` instead of `slwi	r14, r14, 0` due to SH field overflow.

SH field is 5 bits, and tcg_out_rlw is called in some situations with `32-n`, when `n` is 0 it results in an overflow to RA field.

This commit prevents overflow of that field and adds debug assertions for the other fields

Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>
Signed-off-by: Dani Szebenyi <szedani@linux.ibm.com>
---
 tcg/ppc/tcg-target.c.inc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tcg/ppc/tcg-target.c.inc b/tcg/ppc/tcg-target.c.inc
index 223f079524..9a11c26fd3 100644
--- a/tcg/ppc/tcg-target.c.inc
+++ b/tcg/ppc/tcg-target.c.inc
@@ -911,7 +911,9 @@ static void tcg_out_rld(TCGContext *s, int op, TCGReg ra, TCGReg rs,
 static void tcg_out_rlw_rc(TCGContext *s, int op, TCGReg ra, TCGReg rs,
                            int sh, int mb, int me, bool rc)
 {
-    tcg_out32(s, op | RA(ra) | RS(rs) | SH(sh) | MB(mb) | ME(me) | rc);
+    tcg_debug_assert((mb & 0x1f) == mb);
+    tcg_debug_assert((me & 0x1f) == me);
+    tcg_out32(s, op | RA(ra) | RS(rs) | SH(sh & 0x1f) | MB(mb) | ME(me) | rc);
 }
 
 static void tcg_out_rlw(TCGContext *s, int op, TCGReg ra, TCGReg rs,
-- 
2.47.0
Re: [PATCH] tcg/ppc/tcg-target.c.inc: Fix tcg_out_rlw_rc
Posted by Richard Henderson 2 hours ago 
On 10/22/24 06:34, Dani Szebenyi wrote:
> The previous message I sent was corrupted, sending again.
> 
> The TCG IR sequence:
> mov_i32 tmp97,$0xc4240000                dead: 1  pref=0xffffffff
> mov_i32 tmp98,$0x0                       pref=0xffffffff
> rotr_i32 tmp97,tmp97,tmp98               dead: 1 2  pref=0xffffffff
> 
> was translated to `slwi	r15, r14, 0` instead of `slwi	r14, r14, 0` due to SH field overflow.
> 
> SH field is 5 bits, and tcg_out_rlw is called in some situations with `32-n`, when `n` is 0 it results in an overflow to RA field.
> 
> This commit prevents overflow of that field and adds debug assertions for the other fields
> 
> Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>
> Signed-off-by: Dani Szebenyi <szedani@linux.ibm.com>

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

and queued.


r~

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.