From nobody Sun Apr 12 05:51:25 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=reject dis=none)  header.from=oss.qualcomm.com
ARC-Seal: i=1; a=rsa-sha256; t=1770848462; cv=none;
	d=zohomail.com; s=zohoarc;
	b=JkTZvLF1ln+pk+18WY0qw1WC4MoJygrvue7tmlUa0qdJPDCuTNfPXBabLKaNICH/t1615JosdSCBeV4ByacIobvpliCiOhiF2miyBMYRFabiVNp9ycJ3uPySFtjptn7/5rWpYr3NDF8dWs82cXO3kLeaf9/Q0+7aYLVJbI6EQ8I=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1770848462;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=lf9GsssanYZxN0gyGdB7yeLiFXVC+hnpLJqwJLYHF/k=;
	b=Hnqexs4+NPYApNsc6J/hmmtZAxnzGreDQFrts/nF+Ye08lrftOHkID62Jd/wOsyOpWQjwIvRgHQQrdfXdI+Ep5I8LeaLKzC2QmffTwtPL1smkzYUXYLDHi9IwHcK4ulTFwGGMZP7WSActB18bttpJvLlXfS+xadw4DmwTGdLemo=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<brian.cain@oss.qualcomm.com> (p=reject dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1770848462399175.59395812926198;
 Wed, 11 Feb 2026 14:21:02 -0800 (PST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1vqIZI-0005O9-N0; Wed, 11 Feb 2026 17:20:20 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <brian.cain@oss.qualcomm.com>)
 id 1vqIZ6-0005LO-Jj
 for qemu-devel@nongnu.org; Wed, 11 Feb 2026 17:20:09 -0500
Received: from mx0a-0031df01.pphosted.com ([205.220.168.131])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <brian.cain@oss.qualcomm.com>)
 id 1vqIZ2-0004vi-Rj
 for qemu-devel@nongnu.org; Wed, 11 Feb 2026 17:20:07 -0500
Received: from pps.filterd (m0279865.ppops.net [127.0.0.1])
 by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id
 61BIp3Lv2546585
 for <qemu-devel@nongnu.org>; Wed, 11 Feb 2026 22:20:01 GMT
Received: from mail-dy1-f198.google.com (mail-dy1-f198.google.com
 [74.125.82.198])
 by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4c8ydn0huv-1
 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT)
 for <qemu-devel@nongnu.org>; Wed, 11 Feb 2026 22:20:01 +0000 (GMT)
Received: by mail-dy1-f198.google.com with SMTP id
 5a478bee46e88-2ba7e98178fso2526845eec.0
 for <qemu-devel@nongnu.org>; Wed, 11 Feb 2026 14:20:01 -0800 (PST)
Received: from hu-bcain-lv.qualcomm.com (Global_NAT1.qualcomm.com.
 [129.46.96.20]) by smtp.gmail.com with ESMTPSA id
 5a478bee46e88-2ba9dbe123asm2588379eec.13.2026.02.11.14.19.58
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 11 Feb 2026 14:19:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h=
 cc:content-transfer-encoding:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to; s=qcppdkim1; bh=
 lf9GsssanYZxN0gyGdB7yeLiFXVC+hnpLJqwJLYHF/k=; b=kQFx3i7G9A2UEA5Q
 sgJiOZyp74RBVpJQMrdJruKWKyPLIvukKkhwUZXwMVi2TCnFUty/1yH77FCZmIEV
 56p43U6AdnA71AKUH0L52YoZaAHgfixw2DSm7ksof/VAZHbHj70fR3yhHrp9Gb6c
 0wx1bSbqys49wA17lMMS1f3I3S0cCnIZdGb2n5ER0M5mzHGRH9qxVVIoaxBrkq3b
 7Uk43My+x3eFOWUS8p0TEipxzYYaz6XfBdP1YLineA3/m4hB5F9HaUAL9iHHdBv1
 sXQHu/PdzJKnliblVfWOO0YSiiiHWuetdexq+rxJi8vQQOMA5d8m1JG4UA08R7lk
 2xgckw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=oss.qualcomm.com; s=google; t=1770848401; x=1771453201; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=lf9GsssanYZxN0gyGdB7yeLiFXVC+hnpLJqwJLYHF/k=;
 b=MIbwWa+IxjziDOrzWF8O17eAPwpLGlYjHHCzjI1tXUifFbkNyA2rbEh8RHR8WfK25L
 pI0p9BhaHfKfT4S4N0P0/pW+Rc8wT2MeUD43f7uYvwEM65vvRmrhMycevcEA8KzWO47p
 jsHbqBEeQZ5c/C3mJZdnttTGQ4QBikk04l3vAx/i0WnLjR/a9kUHltv6T9CQMNeZQhAC
 OUdlwgVwnRIbVlDxN3XYrWn8XH68yal/j6ivGJXRcZT7KZ4Oziftdf//jao83yWwSKG6
 psFX6eGmSg1vghxUu63dqkNNdMRfeyi7o8iyZr2FakeurhRgxrPLfzFOYcWu6J4RQSk4
 X6iA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1770848401; x=1771453201;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=lf9GsssanYZxN0gyGdB7yeLiFXVC+hnpLJqwJLYHF/k=;
 b=MelZW1DJC8T4jWopmhkenzNk8Er+dLTskJ3WSLHNs0f+UlTRcC8tAThiuzwe3eavsl
 sX7Y+3d3337PPbr1jPIUMQuGeTmOx8e+uPv0L26yxZiQlSEt8U7H385uMJXCShkGZ8jB
 bV30+u8Vi/EUNczrXdPUPeQkB5HW272gyciB0smlpFQCWbjFZSAGQap0l/JadQpVcjeS
 tO1SYsRS8RvTpY3l2iBMhhRebDGvG4iv+35sG6mpdk82QlL4+vE/CFpx5FwaFQFjys6b
 03oOvAmTDB054tAc3Rv8RXc7tMBIlNNKCk22PYg9IfeiruU450nKCh6Zk5LtBJxI+xXc
 SXag==
X-Gm-Message-State: AOJu0Yxgiykb3AEXDMFOZNLQVrNvk62bnDjg8IbwQaYvql3YhBjn9oDN
 wet0fXDvDEYlOpxp3ALV1dKHRtkJdwqQRx/q3BlXb+7xOU+/hu0zhEcT0sNe+qK00/ne6ZnEIFc
 SKsmMOxw78MXt0VMpTjsuAEXcPQLRffuF+TKoXJMwCuv+EV2xwd1/BYPbov8iJk8mRQ==
X-Gm-Gg: AZuq6aJWsEXbkXDC7nBqt3LUyfam8KVggDD4bn7iJdRndJ3yL4cwQuSJF0iRk21VQip
 XMY+zAqVYmKvBr+b/0Mjm5wt+kW7Vm02oE8KUAkgWevP3OixsBXKD2y61V1mLFCCPwkxJPSDGpa
 YQxW26rD1+n9tH458QNP4EjAYh70u+k5FW8Ni5pPu1bsON5VWv1Oyid8FN6alLvA1wdOKm0e9Fc
 YUlW3gaIYsJ2PT6+7zZSsIX2fCPE9wa+Ft7Imnzxu33ATcX316xSGEjY1zRD8QWCoFeLQ7Cae2G
 MNvjnkKq594Owpa9mkGWfOCH5p63XG4RxZc1wkXh0CAf0Rq7s32czk71Gy9xPJVwMeolNlw7mr0
 FBEe51v4RWGqZPACm3KsZ8T4fIQN3jxHl6Vc+/FMV9HwX1W48Xx3b4ymIZlczc6+YbW6JFw==
X-Received: by 2002:a05:7301:2f91:b0:2b8:64ad:ad4c with SMTP id
 5a478bee46e88-2baa809185emr378984eec.31.1770848400379;
 Wed, 11 Feb 2026 14:20:00 -0800 (PST)
X-Received: by 2002:a05:7301:2f91:b0:2b8:64ad:ad4c with SMTP id
 5a478bee46e88-2baa809185emr378957eec.31.1770848399569;
 Wed, 11 Feb 2026 14:19:59 -0800 (PST)
From: Brian Cain <brian.cain@oss.qualcomm.com>
To: qemu-devel@nongnu.org
Cc: brian.cain@oss.qualcomm.com, ltaylorsimpson@gmail.com, alex@alexrp.com,
 Brian Cain <bcain@quicinc.com>,
 Pierrick Bouvier <pierrick.bouvier@linaro.org>
Subject: [PATCH v4 1/4] target/hexagon: Fix invalid duplex decoding
Date: Wed, 11 Feb 2026 14:19:50 -0800
Message-Id: <20260211221953.4099441-2-brian.cain@oss.qualcomm.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20260211221953.4099441-1-brian.cain@oss.qualcomm.com>
References: <20260211221953.4099441-1-brian.cain@oss.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Authority-Analysis: v=2.4 cv=NLHYOk6g c=1 sm=1 tr=0 ts=698d0091 cx=c_pps
 a=wEP8DlPgTf/vqF+yE6f9lg==:117 a=ouPCqIW2jiPt+lZRy3xVPw==:17
 a=IkcTkHD0fZMA:10 a=HzLeVaNsDn8A:10 a=s4-Qcg_JpJYA:10
 a=VkNPw1HP01LnGYTKEx00:22 a=Mpw57Om8IfrbqaoTuvik:22 a=GgsMoib0sEa3-_RKJdDe:22
 a=p0WdMEafAAAA:8 a=COk6AnOGAAAA:8 a=KKAkSRfTAAAA:8 a=pGLkceISAAAA:8
 a=OCWrEZw6VeUBrM89gJgA:9 a=QEXdDO2ut3YA:10 a=bBxd6f-gb0O0v-kibOvt:22
 a=TjNXssC_j7lpFel5tvFf:22 a=cvBusfyB2V15izCimMoJ:22
X-Proofpoint-GUID: GIVzEEdF8omWgmrcWZAA0phETNuHVGW6
X-Proofpoint-ORIG-GUID: GIVzEEdF8omWgmrcWZAA0phETNuHVGW6
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMjExMDE3MSBTYWx0ZWRfXz40/Gi5A18Du
 b8ha10TBtX0UeHCKQuhyen2bySchVYx1fMwjbdW91/mdwv0S59arN2GH0wygyGotTQpH/9HCfSw
 05YKNW30DxthDPIoC8pK2PI4Uov4ScCR6c9CXHdKiYQ2ZhTT1MScdzCYjmnVajgjKKTeuZB9KMW
 rD8Urbo0UhLbS+N8ySPqhkCv0/V0Q7fOLAwwkGIEclLQPQH6baSgJWdeeBYudtxOngU4GPZEqXo
 b8AIWFz45U1AVcw8CopuN1fbQFpGUeTaFx0CrVYqtLOhQx7zhD9hUXTZkhg+oeNGk7pjy95+H9W
 9uaDvaN3pf2yqqxRSrGn1aJDzhviE39SxiUM8hbjl7lxnlkHOoo3VsT0a+nGFIRUhEBfL68TCZ4
 pIzFLxhry7LcV1rtJMtUuSJh3mlEG6YeSkuveNGsyMBQc0GmzlvVjVCAlmuaN0j/qVhv0LpqQgN
 txX4m3BsNEcHofZ2QiA==
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.51,FMLib:17.12.100.49
 definitions=2026-02-11_03,2026-02-11_04,2025-10-01_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 adultscore=0 clxscore=1015 lowpriorityscore=0 priorityscore=1501
 impostorscore=0 phishscore=0 malwarescore=0 spamscore=0 bulkscore=0
 suspectscore=0 classifier=typeunknown authscore=0 authtc= authcc=
 route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2601150000
 definitions=main-2602110171
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=205.220.168.131;
 envelope-from=brian.cain@oss.qualcomm.com; helo=mx0a-0031df01.pphosted.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001,
 RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @qualcomm.com)
X-ZM-MESSAGEID: 1770848465716154100

When decoding a duplex instruction, if the slot0 sub-instruction fails
to decode after slot1 succeeds, QEMU was leaving the packet in a
partially-decoded state. This allowed invalid duplex encodings (where
one sub-instruction doesn't match any valid pattern) to be executed
incorrectly.

Fix by resetting the decoder state when slot0 fails, returning an empty
instruction that triggers an exception.

Add gen_exception_decode_fail() for raising exceptions when decode fails
before ctx->next_PC is initialized. This keeps gen_exception_end_tb()
semantics unchanged (it continues to use ctx->next_PC for the exception
PC after successful decode).

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3291
Signed-off-by: Brian Cain <bcain@quicinc.com>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Taylor Simpson <ltaylorsimpson@gmail.com>
---
 linux-user/hexagon/cpu_loop.c        |  4 ++
 target/hexagon/decode.c              | 13 ++++-
 target/hexagon/translate.c           | 18 ++++++-
 tests/tcg/hexagon/Makefile.target    |  1 +
 tests/tcg/hexagon/invalid-encoding.c | 81 ++++++++++++++++++++++++++++
 5 files changed, 113 insertions(+), 4 deletions(-)
 create mode 100644 tests/tcg/hexagon/invalid-encoding.c

diff --git a/linux-user/hexagon/cpu_loop.c b/linux-user/hexagon/cpu_loop.c
index 1941f4c9c1..c0e1098e3f 100644
--- a/linux-user/hexagon/cpu_loop.c
+++ b/linux-user/hexagon/cpu_loop.c
@@ -64,6 +64,10 @@ void cpu_loop(CPUHexagonState *env)
             force_sig_fault(TARGET_SIGBUS, TARGET_BUS_ADRALN,
                             env->gpr[HEX_REG_R31]);
             break;
+        case HEX_CAUSE_INVALID_PACKET:
+            force_sig_fault(TARGET_SIGILL, TARGET_ILL_ILLOPC,
+                            env->gpr[HEX_REG_PC]);
+            break;
         case EXCP_ATOMIC:
             cpu_exec_step_atomic(cs);
             break;
diff --git a/target/hexagon/decode.c b/target/hexagon/decode.c
index b5ece60450..69ba1ec96c 100644
--- a/target/hexagon/decode.c
+++ b/target/hexagon/decode.c
@@ -509,8 +509,14 @@ decode_insns(DisasContext *ctx, Insn *insn, uint32_t e=
ncoding)
                 insn->iclass =3D iclass_bits(encoding);
                 return 2;
             }
+            /*
+             * Slot0 decode failed after slot1 succeeded. This is an inval=
id
+             * duplex encoding (both sub-instructions must be valid).
+             */
+            ctx->insn =3D --insn;
         }
-        g_assert_not_reached();
+        /* Invalid duplex encoding - return 0 to signal failure */
+        return 0;
     }
 }
=20
@@ -674,7 +680,10 @@ int decode_packet(DisasContext *ctx, int max_words, co=
nst uint32_t *words,
         encoding32 =3D words[words_read];
         end_of_packet =3D is_packet_end(encoding32);
         new_insns =3D decode_insns(ctx, insn, encoding32);
-        g_assert(new_insns > 0);
+        if (new_insns =3D=3D 0) {
+            /* Invalid instruction encoding */
+            return 0;
+        }
         /*
          * If we saw an extender, mark next word extended so immediate
          * decode works
diff --git a/target/hexagon/translate.c b/target/hexagon/translate.c
index e88e19cc1a..7fe8b35351 100644
--- a/target/hexagon/translate.c
+++ b/target/hexagon/translate.c
@@ -195,7 +195,21 @@ static void gen_exception_end_tb(DisasContext *ctx, in=
t excp)
     tcg_gen_movi_tl(hex_gpr[HEX_REG_PC], ctx->next_PC);
     gen_exception_raw(excp);
     ctx->base.is_jmp =3D DISAS_NORETURN;
+}
=20
+/*
+ * Generate exception for decode failures. Unlike gen_exception_end_tb,
+ * this is used when decode fails before ctx->next_PC is initialized.
+ */
+static void gen_exception_decode_fail(DisasContext *ctx, int nwords, int e=
xcp)
+{
+    target_ulong fail_pc =3D ctx->base.pc_next + nwords * sizeof(uint32_t);
+
+    gen_exec_counters(ctx);
+    tcg_gen_movi_tl(hex_gpr[HEX_REG_PC], fail_pc);
+    gen_exception_raw(excp);
+    ctx->base.is_jmp =3D DISAS_NORETURN;
+    ctx->base.pc_next =3D fail_pc;
 }
=20
 static int read_packet_words(CPUHexagonState *env, DisasContext *ctx,
@@ -935,7 +949,7 @@ static void decode_and_translate_packet(CPUHexagonState=
 *env, DisasContext *ctx)
=20
     nwords =3D read_packet_words(env, ctx, words);
     if (!nwords) {
-        gen_exception_end_tb(ctx, HEX_CAUSE_INVALID_PACKET);
+        gen_exception_decode_fail(ctx, 0, HEX_CAUSE_INVALID_PACKET);
         return;
     }
=20
@@ -950,7 +964,7 @@ static void decode_and_translate_packet(CPUHexagonState=
 *env, DisasContext *ctx)
         gen_commit_packet(ctx);
         ctx->base.pc_next +=3D pkt.encod_pkt_size_in_bytes;
     } else {
-        gen_exception_end_tb(ctx, HEX_CAUSE_INVALID_PACKET);
+        gen_exception_decode_fail(ctx, nwords, HEX_CAUSE_INVALID_PACKET);
     }
 }
=20
diff --git a/tests/tcg/hexagon/Makefile.target b/tests/tcg/hexagon/Makefile=
.target
index e5182c01d8..16669e04a8 100644
--- a/tests/tcg/hexagon/Makefile.target
+++ b/tests/tcg/hexagon/Makefile.target
@@ -51,6 +51,7 @@ HEX_TESTS +=3D scatter_gather
 HEX_TESTS +=3D hvx_misc
 HEX_TESTS +=3D hvx_histogram
 HEX_TESTS +=3D invalid-slots
+HEX_TESTS +=3D invalid-encoding
 HEX_TESTS +=3D unaligned_pc
=20
 run-and-check-exception =3D $(call run-test,$2,$3 2>$2.stderr; \
diff --git a/tests/tcg/hexagon/invalid-encoding.c b/tests/tcg/hexagon/inval=
id-encoding.c
new file mode 100644
index 0000000000..010a5eb741
--- /dev/null
+++ b/tests/tcg/hexagon/invalid-encoding.c
@@ -0,0 +1,81 @@
+/*
+ * Test that invalid instruction encodings are properly rejected.
+ *
+ * Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries.
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include <assert.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+static void *resume_pc;
+
+static void handle_sigill(int sig, siginfo_t *info, void *puc)
+{
+    ucontext_t *uc =3D (ucontext_t *)puc;
+
+    if (sig !=3D SIGILL) {
+        _exit(EXIT_FAILURE);
+    }
+
+    uc->uc_mcontext.r0 =3D SIGILL;
+    uc->uc_mcontext.pc =3D (unsigned long)resume_pc;
+}
+
+/*
+ * Each test function:
+ *   - Sets r0 to something other than SIGILL
+ *   - Stores the resume address into resume_pc
+ *   - Executes the invalid encoding
+ *   - The handler sets r0 =3D SIGILL and resumes after the faulting packet
+ *   - Returns the value in r0
+ */
+
+/*
+ * Invalid duplex encoding (issue #3291):
+ * - Word 0: 0x0fff6fff =3D immext(#0xfffbffc0), parse bits =3D 01
+ * - Word 1: 0x600237b0 =3D duplex with:
+ *     - slot0 =3D 0x17b0 (invalid S2 subinstruction encoding)
+ *     - slot1 =3D 0x0002 (valid SA1_addi)
+ *     - duplex iclass =3D 7 (S2 for slot0, A for slot1)
+ *
+ * Since slot0 doesn't decode to any valid S2 subinstruction, this packet
+ * should be rejected and raise SIGILL.
+ */
+static int test_invalid_duplex(void)
+{
+    int sig;
+
+    asm volatile(
+        "r0 =3D #0\n"
+        "r1 =3D ##1f\n"
+        "memw(%1) =3D r1\n"
+        ".word 0x0fff6fff\n"  /* immext(#0xfffbffc0), parse=3D01 */
+        ".word 0x600237b0\n"  /* duplex: slot0=3D0x17b0 (invalid) */
+        "1:\n"
+        "%0 =3D r0\n"
+        : "=3Dr"(sig)
+        : "r"(&resume_pc)
+        : "r0", "r1", "memory");
+
+    return sig;
+}
+
+int main()
+{
+    struct sigaction act;
+
+    memset(&act, 0, sizeof(act));
+    act.sa_sigaction =3D handle_sigill;
+    act.sa_flags =3D SA_SIGINFO;
+    assert(sigaction(SIGILL, &act, NULL) =3D=3D 0);
+
+    assert(test_invalid_duplex() =3D=3D SIGILL);
+
+    puts("PASS");
+    return EXIT_SUCCESS;
+}
--=20
2.34.1
From nobody Sun Apr 12 05:51:25 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=reject dis=none)  header.from=oss.qualcomm.com
ARC-Seal: i=1; a=rsa-sha256; t=1770848472; cv=none;
	d=zohomail.com; s=zohoarc;
	b=KRe0t8Em/4XKMBT2sUkDGb2uB3URA8PYBkA1IcQu9wJefgJeBPk0HvqoOtxGTteWoHM1zxrP/e163bqf3OCeSFcYL5lkzQBXbAkU12GF+S7gDoE5tSuPOBRmolkL0ITGCJquQVD7Xl5HJeZhhIcc7IGjUqUgnFCKV9EChLvVxyk=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1770848472;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=uKOLv5qOepkHTGXOvnBhr1IhMU6Wo2ariQ8B5PpV5Sc=;
	b=lQrqrgunFO3R0GvHR2LH0oikAIlHf920sCpoH1cuEwhdl/D991JIGRDq++SkjCXm1xJZ/Rl9xH48ufzvIpF+B5uZfxmLI4T5fgYZLs2sdEJqSwBbzEiaLM6+TuF52AGxfyOmw+RxabcLc9Sx8WyQmjoiWcYAYVmydPNbH2oAeUM=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<brian.cain@oss.qualcomm.com> (p=reject dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1770848472515815.8795171362805;
 Wed, 11 Feb 2026 14:21:12 -0800 (PST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1vqIZH-0005Np-FG; Wed, 11 Feb 2026 17:20:19 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <brian.cain@oss.qualcomm.com>)
 id 1vqIZ4-0005KE-TD
 for qemu-devel@nongnu.org; Wed, 11 Feb 2026 17:20:08 -0500
Received: from mx0a-0031df01.pphosted.com ([205.220.168.131])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <brian.cain@oss.qualcomm.com>)
 id 1vqIZ2-0004w3-Er
 for qemu-devel@nongnu.org; Wed, 11 Feb 2026 17:20:06 -0500
Received: from pps.filterd (m0279867.ppops.net [127.0.0.1])
 by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id
 61BEV8kX1507117
 for <qemu-devel@nongnu.org>; Wed, 11 Feb 2026 22:20:01 GMT
Received: from mail-dl1-f70.google.com (mail-dl1-f70.google.com
 [74.125.82.70])
 by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4c8ukt1ghb-1
 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT)
 for <qemu-devel@nongnu.org>; Wed, 11 Feb 2026 22:20:01 +0000 (GMT)
Received: by mail-dl1-f70.google.com with SMTP id
 a92af1059eb24-1233b81a92dso1291452c88.0
 for <qemu-devel@nongnu.org>; Wed, 11 Feb 2026 14:20:01 -0800 (PST)
Received: from hu-bcain-lv.qualcomm.com (Global_NAT1.qualcomm.com.
 [129.46.96.20]) by smtp.gmail.com with ESMTPSA id
 5a478bee46e88-2ba9dbe123asm2588379eec.13.2026.02.11.14.19.59
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 11 Feb 2026 14:19:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h=
 cc:content-transfer-encoding:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to; s=qcppdkim1; bh=
 uKOLv5qOepkHTGXOvnBhr1IhMU6Wo2ariQ8B5PpV5Sc=; b=iIk4ZMpCuqHP6Gy0
 NzciPOwLY68f0TgeszJ3hzeAC6jQDyXe0Q54QZqTlDgdFK+Q2iWRxRjVki32GBt+
 4/bVX4upd/ldjsPYkv423EfxlPe1vvtDX4lB1tQYsvIUGimG2GimFTP1XRPqvxjJ
 z75hzHnspzdwCedrrJ+vII5ku6h8cd/rJ0/77a0KvJggJyx7tg1+CyMaM1ML7jBO
 Nh0uRR6bI3C93PCCbgCMCI/hnokZtf5q30/jxbbzlj2xT6ZNE6Ag1SKpYd2RxTi1
 YekWw/3ff8vJhXd1x1dKqZCWkfUUrpFthzC01hbWrcprboc/tUHlGA7M4+ibZIQN
 RIMGOw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=oss.qualcomm.com; s=google; t=1770848401; x=1771453201; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=uKOLv5qOepkHTGXOvnBhr1IhMU6Wo2ariQ8B5PpV5Sc=;
 b=Gnrc4XxPCjdgRI65q/9MZ5LrF1tPdRrNPfWbQwfIJYWMoKh/hbey/L0aIE3qw27WZS
 MPxWfM13Z55IWRFGn8KYOrS4sCx3mce7RM3M44VYLAji9TKUdktDC0HBZloiOkxSa2Uz
 wVe0Du83bsw0xe7F/4AWho0NI2o2/kW1FH1zuw2aT7Mt4ZEMEEVp+Hy042VzQ03nBZBc
 MLcw30nPTKzgmdZ+pnkBcwitU0ivRBK1RYDru9VkYt4GECqGO/cPphI9do1Y4eJmtJyV
 2qibpoZJR/8vtQZpJInjoilP7AxycJqYe0GzO8UgaarXSKL2HKm+gF6kUdARjssYEzdC
 7DjA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1770848401; x=1771453201;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=uKOLv5qOepkHTGXOvnBhr1IhMU6Wo2ariQ8B5PpV5Sc=;
 b=GkESCNM8z57Yk2OnwO3+uQc8umlmLiaZ8NNxkLn719oN+wB0wxNhPQd7NUgcnGlSif
 Ika17ZCPZvtKmf4gCGIdVifBPcNlEOSn5cdE90zX1ZJou1F2egLbriOcWZtRCtcmv6rF
 FSjFwRvjbK4XOWjKUxr5r/h0c/6fv9TeEkiK3kqu1LJQ9hh96qIfkIgNOIo4zR73HJvu
 FwlC90lSI7kb8GthsPBpxGghcFoQp+vFPIFBZQRk/YX9K28q4C94ooz71DUIt7J1Lv8M
 m0FqtULUTr8K26rLLGTTG4nuO7889jR8h2/cm877LAak9BmlH7wjRfVT8D8Ai1b4BtQa
 e/GQ==
X-Gm-Message-State: AOJu0YwLh68/FI00dY0x0Gh8MJvV7x2cEH+QlrNsO75bAhy0b4Go+EEX
 tOTH5jzN1taPoK5XaSTvBHofFOpljQCzZ8TI7pnva6ae7GozlVrWnSvx6OFzi6WFZBLSKv+ZDUY
 sMHqy3x7sLCQdqAzPdrvPyEDBL6NRngrKsprCa18mUI13OELQovenEDUQUBqgN/VOqw==
X-Gm-Gg: AZuq6aIf52vRLEDqeAcRPeuTmRnCNEixxu4sgUQTnVmQDZbfAKcutNBI6Vd6NOxjfQF
 ZTgTY+a2kyqq7sgyQCXGJBfjHDZhU11cnRWHiHS8np3rPVI1TxFXTSMBVyConwMlx+pr/Of8OKu
 AVThAgMmK4x4BYATbgxucLRfWpvwziKSmR9MBHRDvHrKyilgLPIEPxXt98O4zJbtNp7AlShCRrp
 XnbQe58kXZMf1eBFr9NoWnfCVmBsb7t6s/fo7uPKpT7yUxlR+BGJPp3neYyIbR6ynmBqa6VQqax
 n2p8ERdrlU43vN6bA7/ZwCPiRXyY++C7AP/zba++p0dTv5LS9YF98Az893HtDG+8USRJALGmpfN
 dieDwvDwNTezkIrik+yHJzIZs980ICLj71gIegZC7Vn0VHmfHXA8Mfmc4+9wLpnj/h14VLg==
X-Received: by 2002:a05:7022:404:b0:127:fa:7758 with SMTP id
 a92af1059eb24-1272fd73f6dmr290948c88.9.1770848400867;
 Wed, 11 Feb 2026 14:20:00 -0800 (PST)
X-Received: by 2002:a05:7022:404:b0:127:fa:7758 with SMTP id
 a92af1059eb24-1272fd73f6dmr290930c88.9.1770848400327;
 Wed, 11 Feb 2026 14:20:00 -0800 (PST)
From: Brian Cain <brian.cain@oss.qualcomm.com>
To: qemu-devel@nongnu.org
Cc: brian.cain@oss.qualcomm.com, ltaylorsimpson@gmail.com, alex@alexrp.com,
 Pierrick Bouvier <pierrick.bouvier@linaro.org>
Subject: [PATCH v4 2/4] target/hexagon: Return decode failure for invalid
 non-duplex encodings
Date: Wed, 11 Feb 2026 14:19:51 -0800
Message-Id: <20260211221953.4099441-3-brian.cain@oss.qualcomm.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20260211221953.4099441-1-brian.cain@oss.qualcomm.com>
References: <20260211221953.4099441-1-brian.cain@oss.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMjExMDE3MSBTYWx0ZWRfX2NngbnLEjbdo
 q4X1vtfp0FXyEeiGNGn7+p8tt1Ztljx072zpbmcQYo0QpXCPhGbmyssXw+oxT51VHR40pZXSqaV
 E5WN/I0Bmr7xkW0g/z9jDHb4DBq+DBxlw2AfWvpu+Z7D09X2xBaFDu35PhAtNYu1BAAMvKW++QZ
 zE4KT3UrFXOMVWh4TZ2zSoCMZbTNXDX6vicTKaodADhBxbubLijX97CK4kmsbWkqg1UR5YC1Yhy
 MaVTSclgYfTsI2swFP3UgXmUzSeC9Q+CnfmN02DEXt9OmfkWMEQ8XuzxrVROT/qIFMOHyDpQaVZ
 nSFOj6SHyIkRt+zMSNvJtThApksu/nKpAvJUOUxVEki/RKYy0jWfYzWGHtR6DE4glgX+AVuc8nt
 DbYJDq/imLgUaRfRuEoMk5BNptrwecjOXgMBcvPDtPUQ0KKIZfXjsTh3Y0NPhPSWDaRw9p11Uum
 vmtuLuac1+s6lD8eeVg==
X-Proofpoint-ORIG-GUID: cDNbEYDE-4W85JR_jgi5bksjUBPp3eUr
X-Authority-Analysis: v=2.4 cv=INIPywvG c=1 sm=1 tr=0 ts=698d0091 cx=c_pps
 a=SvEPeNj+VMjHSW//kvnxuw==:117 a=ouPCqIW2jiPt+lZRy3xVPw==:17
 a=IkcTkHD0fZMA:10 a=HzLeVaNsDn8A:10 a=s4-Qcg_JpJYA:10
 a=VkNPw1HP01LnGYTKEx00:22 a=Mpw57Om8IfrbqaoTuvik:22 a=GgsMoib0sEa3-_RKJdDe:22
 a=KKAkSRfTAAAA:8 a=pGLkceISAAAA:8 a=EUspDBNiAAAA:8 a=D67r-eMCZ0zeLs--bqkA:9
 a=QEXdDO2ut3YA:10 a=Kq8ClHjjuc5pcCNDwlU0:22 a=cvBusfyB2V15izCimMoJ:22
X-Proofpoint-GUID: cDNbEYDE-4W85JR_jgi5bksjUBPp3eUr
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.51,FMLib:17.12.100.49
 definitions=2026-02-11_03,2026-02-11_04,2025-10-01_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 clxscore=1015 impostorscore=0 adultscore=0 priorityscore=1501 spamscore=0
 suspectscore=0 bulkscore=0 lowpriorityscore=0 phishscore=0 malwarescore=0
 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0
 reason=mlx scancount=1 engine=8.22.0-2601150000 definitions=main-2602110171
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=205.220.168.131;
 envelope-from=brian.cain@oss.qualcomm.com; helo=mx0a-0031df01.pphosted.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001,
 RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @qualcomm.com)
X-ZM-MESSAGEID: 1770848474924158500

When a non-duplex encoding (parse_bits !=3D 0) fails both decode_normal()
and decode_hvx(), the decoder hit an unreachable.  Instead, handle
the decode failure and raise an exception.

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Signed-off-by: Brian Cain <brian.cain@oss.qualcomm.com>
---
 target/hexagon/decode.c              |  3 ++-
 tests/tcg/hexagon/invalid-encoding.c | 25 +++++++++++++++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/target/hexagon/decode.c b/target/hexagon/decode.c
index 69ba1ec96c..33ad60c5b4 100644
--- a/target/hexagon/decode.c
+++ b/target/hexagon/decode.c
@@ -489,7 +489,8 @@ decode_insns(DisasContext *ctx, Insn *insn, uint32_t en=
coding)
             insn->iclass =3D iclass_bits(encoding);
             return 1;
         }
-        g_assert_not_reached();
+        /* Invalid non-duplex encoding */
+        return 0;
     } else {
         uint32_t iclass =3D get_duplex_iclass(encoding);
         unsigned int slot0_subinsn =3D get_slot0_subinsn(encoding);
diff --git a/tests/tcg/hexagon/invalid-encoding.c b/tests/tcg/hexagon/inval=
id-encoding.c
index 010a5eb741..639d7f2495 100644
--- a/tests/tcg/hexagon/invalid-encoding.c
+++ b/tests/tcg/hexagon/invalid-encoding.c
@@ -65,6 +65,30 @@ static int test_invalid_duplex(void)
     return sig;
 }
=20
+/*
+ * Invalid non-duplex encoding:
+ * The encoding 0xffffc000 has parse bits [15:14] =3D 0b11, making it a
+ * non-duplex instruction and packet end.  The remaining bits do not match
+ * any valid normal or HVX instruction encoding, so this should raise SIGI=
LL.
+ */
+static int test_invalid_nonduplex(void)
+{
+    int sig;
+
+    asm volatile(
+        "r0 =3D #0\n"
+        "r1 =3D ##1f\n"
+        "memw(%1) =3D r1\n"
+        ".word 0xffffc000\n"
+        "1:\n"
+        "%0 =3D r0\n"
+        : "=3Dr"(sig)
+        : "r"(&resume_pc)
+        : "r0", "r1", "memory");
+
+    return sig;
+}
+
 int main()
 {
     struct sigaction act;
@@ -75,6 +99,7 @@ int main()
     assert(sigaction(SIGILL, &act, NULL) =3D=3D 0);
=20
     assert(test_invalid_duplex() =3D=3D SIGILL);
+    assert(test_invalid_nonduplex() =3D=3D SIGILL);
=20
     puts("PASS");
     return EXIT_SUCCESS;
--=20
2.34.1
From nobody Sun Apr 12 05:51:25 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=reject dis=none)  header.from=oss.qualcomm.com
ARC-Seal: i=1; a=rsa-sha256; t=1770848458; cv=none;
	d=zohomail.com; s=zohoarc;
	b=RqFLKBnphrmF7d29iKlAu1JuveTrAwsYBbP45rYbi9C/hyzklFfqVwvUM4Swx5NncXw+zP93sFrhwtoh0UrYsgBQay7zJeLk5KHo19LvTxSQvGSRCjqK+t4Z3VSIuEyHmA2MHU+LPYV4aqQuizSdgQH4UZI+6M9myzwZG9YAtxE=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1770848458;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=fnuus0A3VAM9HdlEwrG5U3dQzgzrHcUo5c/GhwFD6VI=;
	b=cC2d5HELExuOfQw/FOjxXQXkSijIGjGWAOHxKhqnrsT93lAi5egR78tFLy8z0JnkydAWVf9dYZmbXuyEJeRxtI9RiyADiktEplIgLfGeKYP06nVcrSDiRZks5K1TeGfqtHfeijzhJaiie73UK/9j3FAAkpOfEOMDiUL286ZRJu8=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<brian.cain@oss.qualcomm.com> (p=reject dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1770848458796593.1259247883113;
 Wed, 11 Feb 2026 14:20:58 -0800 (PST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1vqIZG-0005Mk-9l; Wed, 11 Feb 2026 17:20:18 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <brian.cain@oss.qualcomm.com>)
 id 1vqIZ6-0005LN-Io
 for qemu-devel@nongnu.org; Wed, 11 Feb 2026 17:20:08 -0500
Received: from mx0a-0031df01.pphosted.com ([205.220.168.131])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <brian.cain@oss.qualcomm.com>)
 id 1vqIZ2-00051K-9c
 for qemu-devel@nongnu.org; Wed, 11 Feb 2026 17:20:07 -0500
Received: from pps.filterd (m0279865.ppops.net [127.0.0.1])
 by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id
 61BIp5ic2546650
 for <qemu-devel@nongnu.org>; Wed, 11 Feb 2026 22:20:03 GMT
Received: from mail-dl1-f70.google.com (mail-dl1-f70.google.com
 [74.125.82.70])
 by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4c8ydn0hv5-1
 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT)
 for <qemu-devel@nongnu.org>; Wed, 11 Feb 2026 22:20:02 +0000 (GMT)
Received: by mail-dl1-f70.google.com with SMTP id
 a92af1059eb24-1247bb4db53so3588600c88.1
 for <qemu-devel@nongnu.org>; Wed, 11 Feb 2026 14:20:02 -0800 (PST)
Received: from hu-bcain-lv.qualcomm.com (Global_NAT1.qualcomm.com.
 [129.46.96.20]) by smtp.gmail.com with ESMTPSA id
 5a478bee46e88-2ba9dbe123asm2588379eec.13.2026.02.11.14.20.00
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 11 Feb 2026 14:20:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h=
 cc:content-transfer-encoding:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to; s=qcppdkim1; bh=
 fnuus0A3VAM9HdlEwrG5U3dQzgzrHcUo5c/GhwFD6VI=; b=S/EZlsueSpOz/waY
 z9/z+5ht20op4svbsS5QqouUhGg3BvjZk51Pv+UK57RW6mItGWazPgAjknpcr/ZK
 HJxiNjAFIGEc7VO/HP8fBpB05AqQ4Ds3mXi41lgCdPPnc5/zIySccWmpjp5uOLLK
 iMrlmSv/lpgMs/MJ41ZZGE/jYHqyv/2D2ykYv9b33orgI9cOoGZJjYZwbiIm/RYl
 QknZ+1B+g+/Jb5zZuPcg9wLzr2nJo/2tXnliVlblCnon2Ed7eEVI9Xk5wCfmYFxn
 z4KOOh7TC1cHKRdyZUO1/XWn+irRDwoRw3wrId2V0SkXWErCYjgjDpOsh6CoKlDK
 tSHHuw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=oss.qualcomm.com; s=google; t=1770848402; x=1771453202; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=fnuus0A3VAM9HdlEwrG5U3dQzgzrHcUo5c/GhwFD6VI=;
 b=aNwKV2f9ZFt24NL6ANNfbX2xL1q7oU9OPsOTtlvRgqwgaVSL8ASH8COBEiy6mqi6VU
 CU8Kf+wzU3Dtoi3naEJxZp+q2ig0vUXYvPqF8YGs4aD1DkFE/8z0AnfosZ70RjWhkyRr
 FtHm3zJb35p/bIqlb6/OvCEKV9wyJ902GsS6W/ahapD79KQW8Xp0FfHSUM09Ih1u5cnb
 ci96sV8ablDCN2zVEfbbljXTr4KTsGvnBygscKHFyhZkRLPIOoBTh+9MouHoIMJyb/KC
 7cOFwskvPHJmIVT+ePCvoFR9+34gowu4pNPwczAUUnpZPV94eA8XC8FlTvQnS1H4WLSu
 O9bg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1770848402; x=1771453202;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=fnuus0A3VAM9HdlEwrG5U3dQzgzrHcUo5c/GhwFD6VI=;
 b=YaYNKxkr/liD8+5QCit6X9Dn3zMfZBOe36ZlzqeVP0A+4nS9pVQgkGIxcfQPE7EZOJ
 TONUlI7wlbff9+oj5koKa6eDVBhLRzOdieySNCQ+zrxD67VadY+njNX76bnSJHkGLKvk
 Vdjov8SPyW+52nnyv5gx2c9OFVrUlrMLi8ldktjVrvDYxP8awpUza3mmZQGOgPWGAxQf
 Zap5E8UPw9u0oZS0tRWvj8PnU2OxrEjneII3Sy7jfuRgBhaSRJepWEGoEWLYjH/GEGIb
 zJLRmIVtMCNqTx4meTUvMNPMttBqzK37yHgzCzEytXu1aNofBHfnl30hu1btYJdLalZ9
 eXrA==
X-Gm-Message-State: AOJu0YwYGuTQ2dMEMmsic/L3TkKMVi0mKx14v/yCpDhF1xRVif0AOiHh
 974GHn0Zc4+yKE6ng51TKZ1eZV+SyqsoOFLcKZTPKwsZ5fxeKf+mf8mdvHs7iSvKdPmttmN/quv
 MysDVnH4JsNNLvLd/XFTQGWnUlzYvl9Oyv88hRDULr/HR7Gk2hSvSXLQiWFRfn7Bi8g==
X-Gm-Gg: AZuq6aJT7Zkuks6FyPRgEcHE1v42g/FiQmQCsmPeGjAY9hrTMO6fMVNkgvf+Fa6d/qz
 g3qf5sbTjtHHMDOdkt+SG+ff4evgUfCMFL6XoRH53pLHf3AZP964h+F9d4r6pisT3roQ3bkACUq
 B105T34Nui5bKAGmEXl6/6DT5qPfG3HFL6Eb1it1IN1uooXsEJz1WD6rSrvI0kuS+7TLCTJRtAh
 gk/sO+leWOQdqf/CvRAuZKLnfCJ2pzl/1zHmSkdsd/ccw3U9A/4D2rD0uHT8+lUERQMSCx9N576
 p3LSrMtgGnRMn7xhv9Cou0w9GGN5taefoIq19iXoATst/r1WSTaHR9oCJfR6TeZAvP0gvso1/rZ
 N+btY8xwMkH9py0ZTRuscmxCGo9S2t83olLM3xD6hSpX8RkKH6fL3Byk8eG7CyA8ZRTgpag==
X-Received: by 2002:a05:7022:2399:b0:123:361e:e87c with SMTP id
 a92af1059eb24-1273052046dmr114404c88.11.1770848402043;
 Wed, 11 Feb 2026 14:20:02 -0800 (PST)
X-Received: by 2002:a05:7022:2399:b0:123:361e:e87c with SMTP id
 a92af1059eb24-1273052046dmr114389c88.11.1770848401094;
 Wed, 11 Feb 2026 14:20:01 -0800 (PST)
From: Brian Cain <brian.cain@oss.qualcomm.com>
To: qemu-devel@nongnu.org
Cc: brian.cain@oss.qualcomm.com, ltaylorsimpson@gmail.com, alex@alexrp.com,
 Pierrick Bouvier <pierrick.bouvier@linaro.org>
Subject: [PATCH v4 3/4] tests/tcg/hexagon: Handle SIGILL internally in
 invalid-slots test
Date: Wed, 11 Feb 2026 14:19:52 -0800
Message-Id: <20260211221953.4099441-4-brian.cain@oss.qualcomm.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20260211221953.4099441-1-brian.cain@oss.qualcomm.com>
References: <20260211221953.4099441-1-brian.cain@oss.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Authority-Analysis: v=2.4 cv=NLHYOk6g c=1 sm=1 tr=0 ts=698d0092 cx=c_pps
 a=SvEPeNj+VMjHSW//kvnxuw==:117 a=ouPCqIW2jiPt+lZRy3xVPw==:17
 a=IkcTkHD0fZMA:10 a=HzLeVaNsDn8A:10 a=s4-Qcg_JpJYA:10
 a=VkNPw1HP01LnGYTKEx00:22 a=Mpw57Om8IfrbqaoTuvik:22 a=GgsMoib0sEa3-_RKJdDe:22
 a=mDV3o1hIAAAA:8 a=pGLkceISAAAA:8 a=KKAkSRfTAAAA:8 a=EUspDBNiAAAA:8
 a=F0Jt1ehG-eUF7qKHwFUA:9 a=QEXdDO2ut3YA:10 a=Kq8ClHjjuc5pcCNDwlU0:22
 a=cvBusfyB2V15izCimMoJ:22
X-Proofpoint-GUID: eUdjd3xrhrwBnTAI7vzYC-dAfZtjIMgq
X-Proofpoint-ORIG-GUID: eUdjd3xrhrwBnTAI7vzYC-dAfZtjIMgq
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMjExMDE3MSBTYWx0ZWRfX9ln2Qxw4jXVt
 lmJFQiKlAKyRq9+bRrHDUQSMnTjsrGq5DB2hyRZQhqrfdIWRqFFcpVtzD3s8PUVJ72UycayZfUB
 EwfnXzwhyWOBbpf9ljOBWLM7imh8XjThJag+gy7NdPimgermIOB/iVebDiQ6xwOg2f0yO6PCZrF
 V147SU8YCqV4nm9j9c36pw7JPSBlP9SmUaf/udxx8gUpLdaPGEjV0qF76qSiubmVJZhMu6rtU+e
 kaaKfsm+eBbpG8G5KVRtYwQfGAajuPOtsFfPCrFv6/lGA5MqT8Y+zozoqMrU6PFcPJ8Nxlw6cp5
 s5Dvvn5aHMDwx5p7HoDBylfF6iP9H5PaNpVWTOOcJfzDwywSDA7n7rhufEq41wlumH8tbvGdGha
 xyFoMl+E5Vd/vikgE1rLn3P7FXw8iwGiOotsFImkIV0hr7Z8FSamcgmLvCxfryGnclH1DV0hIyw
 JSKz3og+zNEcoAoOqLQ==
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.51,FMLib:17.12.100.49
 definitions=2026-02-11_03,2026-02-11_04,2025-10-01_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 adultscore=0 clxscore=1015 lowpriorityscore=0 priorityscore=1501
 impostorscore=0 phishscore=0 malwarescore=0 spamscore=0 bulkscore=0
 suspectscore=0 classifier=typeunknown authscore=0 authtc= authcc=
 route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2601150000
 definitions=main-2602110171
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=205.220.168.131;
 envelope-from=brian.cain@oss.qualcomm.com; helo=mx0a-0031df01.pphosted.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001,
 RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @qualcomm.com)
X-ZM-MESSAGEID: 1770848461618154100

Rewrite invalid-slots.c to catch and verify SIGILL using a sigaction
handler that modifies the ucontext, matching the pattern used by
invalid-encoding.c.

Reviewed-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Brian Cain <brian.cain@oss.qualcomm.com>
---
 tests/tcg/hexagon/Makefile.target |  6 ---
 tests/tcg/hexagon/invalid-slots.c | 76 ++++++++++++++++++++++++-------
 2 files changed, 59 insertions(+), 23 deletions(-)

diff --git a/tests/tcg/hexagon/Makefile.target b/tests/tcg/hexagon/Makefile=
.target
index 16669e04a8..d64aeba090 100644
--- a/tests/tcg/hexagon/Makefile.target
+++ b/tests/tcg/hexagon/Makefile.target
@@ -54,12 +54,6 @@ HEX_TESTS +=3D invalid-slots
 HEX_TESTS +=3D invalid-encoding
 HEX_TESTS +=3D unaligned_pc
=20
-run-and-check-exception =3D $(call run-test,$2,$3 2>$2.stderr; \
-	test $$? -eq 1 && grep -q "exception $(strip $1)" $2.stderr)
-
-run-invalid-slots: invalid-slots
-	$(call run-and-check-exception, 0x15, $@, $(QEMU) $(QEMU_OPTS) $<)
-
 HEX_TESTS +=3D test_abs
 HEX_TESTS +=3D test_bitcnt
 HEX_TESTS +=3D test_bitsplit
diff --git a/tests/tcg/hexagon/invalid-slots.c b/tests/tcg/hexagon/invalid-=
slots.c
index 366ce4f42f..607027f314 100644
--- a/tests/tcg/hexagon/invalid-slots.c
+++ b/tests/tcg/hexagon/invalid-slots.c
@@ -1,29 +1,71 @@
 /*
- *  Copyright(c) 2023 Qualcomm Innovation Center, Inc. All Rights Reserved.
+ * Test that invalid slot assignments are properly rejected.
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ * Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries.
+ * SPDX-License-Identifier: GPL-2.0-or-later
  */
=20
+#include <assert.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+static void *resume_pc;
+
+static void handle_sigill(int sig, siginfo_t *info, void *puc)
+{
+    ucontext_t *uc =3D (ucontext_t *)puc;
+
+    if (sig !=3D SIGILL) {
+        _exit(EXIT_FAILURE);
+    }
+
+    uc->uc_mcontext.r0 =3D SIGILL;
+    uc->uc_mcontext.pc =3D (unsigned long)resume_pc;
+}
+
 char mem[8] __attribute__((aligned(8)));
=20
-int main()
+/*
+ * Invalid packet with 2 instructions at slot 0:
+ * - Word 0: 0xa1804100 =3D memw(r0) =3D r1
+ * - Word 1: 0x28032804 =3D { r3 =3D #0; r4 =3D #0 }
+ *
+ * This should raise SIGILL due to the invalid slot assignment.
+ */
+static int test_invalid_slots(void)
 {
+    int sig;
+
     asm volatile(
+        "r0 =3D #0\n"
+        "r1 =3D ##1f\n"
+        "memw(%1) =3D r1\n"
         "r0 =3D #mem\n"
-        /* Invalid packet (2 instructions at slot 0): */
         ".word 0xa1804100\n" /* { memw(r0) =3D r1;      */
         ".word 0x28032804\n" /*   r3 =3D #0; r4 =3D #0 }  */
-        : : : "r0", "r3", "r4", "memory");
-    return 0;
+        "1:\n"
+        "%0 =3D r0\n"
+        : "=3Dr"(sig)
+        : "r"(&resume_pc)
+        : "r0", "r1", "r3", "r4", "memory");
+
+    return sig;
+}
+
+int main()
+{
+    struct sigaction act;
+
+    memset(&act, 0, sizeof(act));
+    act.sa_sigaction =3D handle_sigill;
+    act.sa_flags =3D SA_SIGINFO;
+    assert(sigaction(SIGILL, &act, NULL) =3D=3D 0);
+
+    assert(test_invalid_slots() =3D=3D SIGILL);
+
+    puts("PASS");
+    return EXIT_SUCCESS;
 }
--=20
2.34.1
From nobody Sun Apr 12 05:51:25 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=reject dis=none)  header.from=oss.qualcomm.com
ARC-Seal: i=1; a=rsa-sha256; t=1770848458; cv=none;
	d=zohomail.com; s=zohoarc;
	b=hjnNTa+c7k0726xUlcsNvXQiFqb6LX9PViGWx1sclP2Y+HIdfXIEqDfPxF2GBEqkgRsoiw8VoTRGN+KpQ0q85DLa7fjB4lFImTM5qp6auJo4p/rvyM4NKZq7Ru2hUJUgM85Q9+9FPcj2lMSFYl2PAw+8HiaAdevyad7VK7gL1Ro=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1770848458;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=yw6tKRnOp3N144RB9s7s38SD2PNdjLOlfuEnat2PGzw=;
	b=KOd0ehQaWK57at4uEtXpo3ISwW1w30FTWM2zi4AiWbWREPaz2gfJZ5fuRZFBlC7jZ1Q1eQhNlVPDxSUcYeXtiFF1U9/jM+qqgTuyzQVUviCBl2LLrt2IGODC+gleNMe/uM+oA7bqCK3mi/d+GhV6BnpWqZkVYuZ/VCyA0kIGGF0=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<brian.cain@oss.qualcomm.com> (p=reject dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 177084845879699.70377463553996;
 Wed, 11 Feb 2026 14:20:58 -0800 (PST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1vqIZH-0005O6-UX; Wed, 11 Feb 2026 17:20:19 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <brian.cain@oss.qualcomm.com>)
 id 1vqIZ6-0005LV-NH
 for qemu-devel@nongnu.org; Wed, 11 Feb 2026 17:20:10 -0500
Received: from mx0a-0031df01.pphosted.com ([205.220.168.131])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <brian.cain@oss.qualcomm.com>)
 id 1vqIZ3-000584-Dj
 for qemu-devel@nongnu.org; Wed, 11 Feb 2026 17:20:08 -0500
Received: from pps.filterd (m0279866.ppops.net [127.0.0.1])
 by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id
 61BKsb7b519173
 for <qemu-devel@nongnu.org>; Wed, 11 Feb 2026 22:20:04 GMT
Received: from mail-dl1-f70.google.com (mail-dl1-f70.google.com
 [74.125.82.70])
 by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4c8sup9vp5-1
 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT)
 for <qemu-devel@nongnu.org>; Wed, 11 Feb 2026 22:20:04 +0000 (GMT)
Received: by mail-dl1-f70.google.com with SMTP id
 a92af1059eb24-1270878c3fdso7109358c88.1
 for <qemu-devel@nongnu.org>; Wed, 11 Feb 2026 14:20:04 -0800 (PST)
Received: from hu-bcain-lv.qualcomm.com (Global_NAT1.qualcomm.com.
 [129.46.96.20]) by smtp.gmail.com with ESMTPSA id
 5a478bee46e88-2ba9dbe123asm2588379eec.13.2026.02.11.14.20.01
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 11 Feb 2026 14:20:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h=
 cc:content-transfer-encoding:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to; s=qcppdkim1; bh=
 yw6tKRnOp3N144RB9s7s38SD2PNdjLOlfuEnat2PGzw=; b=Kn4ZjDZyVan+vpIA
 POBxLtJdahAHRo17FDYZJPZxqr+PVcc+geR5klINchzfwB0cfZfKyzEGhG5qLBXC
 3N60WTqKfkndmA4K0h9QzRtGIVInNkPcNrLbUr43hRoBHaaeNsCDEr/NYD3dnyFT
 lURjzgkh9nxwJNvsVR9QwNTRlESsGao023nZMpgVSfE1bb+xaZuUNbM1WE1BERcz
 +CcAoxw3mMj7+YglmBbYnciSKWrOQk+13iXxVH1/e6A+ni0iqMT8Anlxml6Ht5Xq
 s27ebUOHENTy8d/3AUbG2dE2kRXinZqCAqcOMDI5sIVyLimYoItGbuy39JOYwVhq
 8qaMsw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=oss.qualcomm.com; s=google; t=1770848403; x=1771453203; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=yw6tKRnOp3N144RB9s7s38SD2PNdjLOlfuEnat2PGzw=;
 b=Hm7oJ+DxN1a+VtBVR+vnOSqTj/SzJSoAV72CujcgYNAYud4tpRXL5TGQrJ0shCfDOl
 6vhVKSCiNMzw26+XqltKw6HB+Vm7pvBGSPxwKcTQBhV5oc5rOEVEpsFZ3PxuGTM3oPMd
 yMHpYP0YmBwBVUQuqidMSrNA8WouTPhMdL+UFEHzSRsPaqUlZlrRXIl3ctDFMMLyfMER
 bR14rUZ5H5dMmNg9PwhLVzAu0S4HQq5qQYHa4fFGzw1fCSLx7n4w9mI92zD1azKzYx0t
 cKTWAnxfi0YsrbPkImoqh4Uzzbl53TrlbXZgJucz0ZUEVgr9gGDVKa5XaLVCQZPtijjq
 kCog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1770848403; x=1771453203;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=yw6tKRnOp3N144RB9s7s38SD2PNdjLOlfuEnat2PGzw=;
 b=Mh68PXo76wDkY8PNgowf3e8fSd9z5YTm5zwuJnkugpaEpVa/NLPJzpUEgUsDUvCDbZ
 MpMVS3GG5c7rs2BvmDqghmuO2+nYzdrNwhkTpjtOl+N0wSWXDuB46ptCOJfdVp6pEIlu
 xxk2WaqNUQXzPG9JaKhMvO1FzifqjPoU7a6MA8KUL6hXaQSYya+hPKJlLtqC2iU0rcrO
 ZH1dH9657W+XXdp9wwjXyZMjU1o4Bab4EeBNZ2vrBaU7oGkRzeoAuYg8igpbf3fyxoq7
 56fVF7ei40R+CoF7VnhBI3lJqIdW4f0HPAPTSPyU3oCYabIeky101Znk9+LDq9AizExF
 eOnA==
X-Gm-Message-State: AOJu0Yw7wYwmmM+l8lI+sbC9gArhTY6Xp6FRFBiScM/HjyXiuc8DHLA2
 1adofKfywbxtjPzilj1f6tdXqkMJDfYPMw0c+1VfJURSwnMlGQwtVPJiANv2pxsH6Enm+BcAPGG
 8Bxj+J1M+3eMD4EJrtzLmgUPd40Zz/um3CZEeXt70UDR0FkkZt7nMLyCwyGjTLT02bA==
X-Gm-Gg: AZuq6aIV7qIvF5mfjCW8U6ZKIqk3HRIfdVM4yQ8UuKqWGykegNlWF8fPDXFbUMk6ZrP
 KZQWTv5U28qaF3M4XHJi+gKHW5TEt8rq4gm0VAo3hLIP6i0eIUgssDLjTUo6iV1Nr4n+XRXJkjr
 5svZOUf2fpD5h8Jhd3eZyrEwmksg1olh449/07Vu+WVBy1VP7o9NlY9HQvmOztTNuHZ4WlhE4sk
 KAMTfynMrVB3G9Re/FxCQe3bZeZqfNGxppJvghDgqZ1HSfgkEZSjE0KxCBeGgp+S8KJa6n2XKSO
 nyFa92vnRs0sOkEoAREoMhVY0vIuOwLMCgK745nUgDDfDwKrkSXkQgLjyfrNGhqFKGLvPiQdYeY
 DIWfIFduChqHbSJYEEynHabOaU604BPkhYw9RjiIfnpmZ44QoTEPQssQNb0vodEOHyqOvBA==
X-Received: by 2002:a05:7022:238d:b0:11f:2c9e:87f8 with SMTP id
 a92af1059eb24-1272f7a13e8mr325304c88.34.1770848403088;
 Wed, 11 Feb 2026 14:20:03 -0800 (PST)
X-Received: by 2002:a05:7022:238d:b0:11f:2c9e:87f8 with SMTP id
 a92af1059eb24-1272f7a13e8mr325289c88.34.1770848402318;
 Wed, 11 Feb 2026 14:20:02 -0800 (PST)
From: Brian Cain <brian.cain@oss.qualcomm.com>
To: qemu-devel@nongnu.org
Cc: brian.cain@oss.qualcomm.com, ltaylorsimpson@gmail.com, alex@alexrp.com
Subject: [PATCH v4 4/4] target/hexagon: Detect register write conflicts
Date: Wed, 11 Feb 2026 14:19:53 -0800
Message-Id: <20260211221953.4099441-5-brian.cain@oss.qualcomm.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20260211221953.4099441-1-brian.cain@oss.qualcomm.com>
References: <20260211221953.4099441-1-brian.cain@oss.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMjExMDE3MSBTYWx0ZWRfX/v0gy2yjnwDX
 umYtMDkjhS9UyCbFtkQM4ib+Wgbzk0S0ZwM1TPavaHoSEfiHVudwQAJU0gp8PM5h7txfGiyy9ig
 1zEgJi59jY3YuEfHaQoj4Z8HcvuA4lJKtB6iozpcl3FWkbsyh6CgE3rIr+5vc5LcYhPpDBqHsMN
 tkitWZRf06nO2h+ALajKJCHlR+VPNS1tLY3k2Kd0f1vo4p1/VnKff9nmKXEZK6T6MgdyrzbgJkv
 jgXDosJaFdo0X6wSTbSkb8xnbpRZxDVKxUdMta6Z6OPwo/GYyaz9z9wQNF8/sQpZ08S2EHDIocZ
 ELqvhBMrD4cAkmPSbT+7vAL80vgTI5/zE1StmoCaJ3dJqOqq+CK/eKDkmE/UTAPb3DP9vkfJF/a
 tTSx4dd/mtZojd2szlsQORVw14g3u2P+Q1hc6/sD6kn2SxWGdF1czw4eH21Ir4Do+e51g/Q4iBW
 Y0gMH8UkIu6uALiqP7g==
X-Proofpoint-GUID: CTHuzx62QJsretE6Stx2_8Z-VyHf8sv7
X-Authority-Analysis: v=2.4 cv=Uslu9uwB c=1 sm=1 tr=0 ts=698d0094 cx=c_pps
 a=SvEPeNj+VMjHSW//kvnxuw==:117 a=ouPCqIW2jiPt+lZRy3xVPw==:17
 a=IkcTkHD0fZMA:10 a=HzLeVaNsDn8A:10 a=s4-Qcg_JpJYA:10
 a=VkNPw1HP01LnGYTKEx00:22 a=Mpw57Om8IfrbqaoTuvik:22 a=GgsMoib0sEa3-_RKJdDe:22
 a=p0WdMEafAAAA:8 a=EUspDBNiAAAA:8 a=y1hdNQ4epmxxkZQEW8sA:9 a=QEXdDO2ut3YA:10
 a=Kq8ClHjjuc5pcCNDwlU0:22
X-Proofpoint-ORIG-GUID: CTHuzx62QJsretE6Stx2_8Z-VyHf8sv7
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.51,FMLib:17.12.100.49
 definitions=2026-02-11_03,2026-02-11_04,2025-10-01_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 spamscore=0 adultscore=0 malwarescore=0 phishscore=0 impostorscore=0
 bulkscore=0 suspectscore=0 clxscore=1015 priorityscore=1501
 lowpriorityscore=0 classifier=typeunknown authscore=0 authtc= authcc=
 route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2601150000
 definitions=main-2602110171
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=205.220.168.131;
 envelope-from=brian.cain@oss.qualcomm.com; helo=mx0a-0031df01.pphosted.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001,
 RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @qualcomm.com)
X-ZM-MESSAGEID: 1770848461685154100

A conflict exists when any GPR is written by multiple instructions and
at least one write is unconditional.  This catches (1) two unconditional
writes to the same GPR and (2) an unconditional write combined with a
predicated write.

Add HEX_CAUSE_REG_WRITE_CONFLICT and map it to SIGILL.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2696
Signed-off-by: Brian Cain <brian.cain@oss.qualcomm.com>
---
 linux-user/hexagon/cpu_loop.c       |   1 +
 target/hexagon/cpu_bits.h           |   1 +
 target/hexagon/decode.c             |  54 +++++++++
 target/hexagon/gen_trans_funcs.py   |  10 ++
 target/hexagon/insn.h               |   4 +
 target/hexagon/translate.c          |  10 +-
 tests/tcg/hexagon/Makefile.target   |   1 +
 tests/tcg/hexagon/multiple-writes.c | 169 ++++++++++++++++++++++++++++
 8 files changed, 248 insertions(+), 2 deletions(-)
 create mode 100644 tests/tcg/hexagon/multiple-writes.c

diff --git a/linux-user/hexagon/cpu_loop.c b/linux-user/hexagon/cpu_loop.c
index c0e1098e3f..5711055aff 100644
--- a/linux-user/hexagon/cpu_loop.c
+++ b/linux-user/hexagon/cpu_loop.c
@@ -65,6 +65,7 @@ void cpu_loop(CPUHexagonState *env)
                             env->gpr[HEX_REG_R31]);
             break;
         case HEX_CAUSE_INVALID_PACKET:
+        case HEX_CAUSE_REG_WRITE_CONFLICT:
             force_sig_fault(TARGET_SIGILL, TARGET_ILL_ILLOPC,
                             env->gpr[HEX_REG_PC]);
             break;
diff --git a/target/hexagon/cpu_bits.h b/target/hexagon/cpu_bits.h
index ff596e2a94..19beca81c0 100644
--- a/target/hexagon/cpu_bits.h
+++ b/target/hexagon/cpu_bits.h
@@ -34,6 +34,7 @@ enum hex_cause {
     HEX_CAUSE_FETCH_NO_UPAGE =3D  0x012,
     HEX_CAUSE_INVALID_PACKET =3D  0x015,
     HEX_CAUSE_INVALID_OPCODE =3D  0x015,
+    HEX_CAUSE_REG_WRITE_CONFLICT =3D 0x01d,
     HEX_CAUSE_PC_NOT_ALIGNED =3D  0x01e,
     HEX_CAUSE_PRIV_NO_UREAD  =3D  0x024,
     HEX_CAUSE_PRIV_NO_UWRITE =3D  0x025,
diff --git a/target/hexagon/decode.c b/target/hexagon/decode.c
index 33ad60c5b4..00d4a79a95 100644
--- a/target/hexagon/decode.c
+++ b/target/hexagon/decode.c
@@ -655,6 +655,55 @@ decode_set_slot_number(Packet *pkt)
     return has_valid_slot_assignment(pkt);
 }
=20
+/*
+ * Check for GPR write conflicts in the packet.
+ * A conflict exists when a register is written by more than one instructi=
on
+ * and at least one of those writes is unconditional.
+ *
+ * TODO: handle the more general case of any
+ * packet w/multiple-register-write operands.
+ */
+static bool pkt_has_write_conflict(Packet *pkt)
+{
+    DECLARE_BITMAP(all_dest_gprs, 32) =3D { 0 };
+    DECLARE_BITMAP(wreg_mult_gprs, 32) =3D { 0 };
+    DECLARE_BITMAP(uncond_wreg_gprs, 32) =3D { 0 };
+    DECLARE_BITMAP(conflict, 32);
+
+    for (int i =3D 0; i < pkt->num_insns; i++) {
+        Insn *insn =3D &pkt->insn[i];
+        int dest =3D insn->dest_idx;
+
+        if (dest < 0 || !insn->dest_is_gpr) {
+            continue;
+        }
+
+        int rnum =3D insn->regno[dest];
+        bool is_uncond =3D !GET_ATTRIB(insn->opcode, A_CONDEXEC);
+
+        if (test_bit(rnum, all_dest_gprs)) {
+            set_bit(rnum, wreg_mult_gprs);
+        }
+        set_bit(rnum, all_dest_gprs);
+        if (is_uncond) {
+            set_bit(rnum, uncond_wreg_gprs);
+        }
+
+        if (insn->dest_is_pair) {
+            if (test_bit(rnum + 1, all_dest_gprs)) {
+                set_bit(rnum + 1, wreg_mult_gprs);
+            }
+            set_bit(rnum + 1, all_dest_gprs);
+            if (is_uncond) {
+                set_bit(rnum + 1, uncond_wreg_gprs);
+            }
+        }
+    }
+
+    bitmap_and(conflict, wreg_mult_gprs, uncond_wreg_gprs, 32);
+    return !bitmap_empty(conflict, 32);
+}
+
 /*
  * decode_packet
  * Decodes packet with given words
@@ -674,6 +723,10 @@ int decode_packet(DisasContext *ctx, int max_words, co=
nst uint32_t *words,
=20
     /* Initialize */
     memset(pkt, 0, sizeof(*pkt));
+    for (i =3D 0; i < INSTRUCTIONS_MAX; i++) {
+        pkt->insn[i].dest_idx =3D -1;
+        pkt->insn[i].new_read_idx =3D -1;
+    }
     /* Try to build packet */
     while (!end_of_packet && (words_read < max_words)) {
         Insn *insn =3D &pkt->insn[num_insns];
@@ -737,6 +790,7 @@ int decode_packet(DisasContext *ctx, int max_words, con=
st uint32_t *words,
             /* Invalid packet */
             return 0;
         }
+        pkt->pkt_has_write_conflict =3D pkt_has_write_conflict(pkt);
     }
     decode_fill_newvalue_regno(pkt);
=20
diff --git a/target/hexagon/gen_trans_funcs.py b/target/hexagon/gen_trans_f=
uncs.py
index 45da1b7b5d..19c1f9fdea 100755
--- a/target/hexagon/gen_trans_funcs.py
+++ b/target/hexagon/gen_trans_funcs.py
@@ -91,6 +91,8 @@ def gen_trans_funcs(f):
         new_read_idx =3D -1
         dest_idx =3D -1
         dest_idx_reg_id =3D None
+        dest_is_pair =3D "false"
+        dest_is_gpr =3D "false"
         has_pred_dest =3D "false"
         for regno, (reg_type, reg_id, *_) in enumerate(regs):
             reg =3D hex_common.get_register(tag, reg_type, reg_id)
@@ -104,6 +106,12 @@ def gen_trans_funcs(f):
                 if dest_idx_reg_id is None or reg_id < dest_idx_reg_id:
                     dest_idx =3D regno
                     dest_idx_reg_id =3D reg_id
+                    dest_is_pair =3D ("true"
+                                    if isinstance(reg, hex_common.Pair)
+                                    else "false")
+                    dest_is_gpr =3D ("true"
+                                   if reg_type =3D=3D "R"
+                                   else "false")
             if reg_type =3D=3D "P" and reg.is_written() and not reg.is_rea=
d():
                 has_pred_dest =3D "true"
=20
@@ -129,6 +137,8 @@ def gen_trans_funcs(f):
         f.write(code_fmt(f"""\
             insn->new_read_idx =3D {new_read_idx};
             insn->dest_idx =3D {dest_idx};
+            insn->dest_is_pair =3D {dest_is_pair};
+            insn->dest_is_gpr =3D {dest_is_gpr};
             insn->has_pred_dest =3D {has_pred_dest};
         """))
         f.write(textwrap.dedent(f"""\
diff --git a/target/hexagon/insn.h b/target/hexagon/insn.h
index 5d59430da9..835b1c954e 100644
--- a/target/hexagon/insn.h
+++ b/target/hexagon/insn.h
@@ -41,6 +41,8 @@ struct Instruction {
     uint32_t new_value_producer_slot:4;
     int32_t new_read_idx;
     int32_t dest_idx;
+    bool dest_is_pair;
+    bool dest_is_gpr;
     bool has_pred_dest;
=20
     bool part1;              /*
@@ -72,6 +74,8 @@ struct Packet {
     bool pkt_has_hvx;
     Insn *vhist_insn;
=20
+    bool pkt_has_write_conflict;
+
     Insn insn[INSTRUCTIONS_MAX];
 };
=20
diff --git a/target/hexagon/translate.c b/target/hexagon/translate.c
index 7fe8b35351..0234bbf15d 100644
--- a/target/hexagon/translate.c
+++ b/target/hexagon/translate.c
@@ -943,7 +943,7 @@ static void gen_commit_packet(DisasContext *ctx)
 static void decode_and_translate_packet(CPUHexagonState *env, DisasContext=
 *ctx)
 {
     uint32_t words[PACKET_WORDS_MAX];
-    int nwords;
+    int nwords, words_read;
     Packet pkt;
     int i;
=20
@@ -954,8 +954,14 @@ static void decode_and_translate_packet(CPUHexagonStat=
e *env, DisasContext *ctx)
     }
=20
     ctx->pkt =3D &pkt;
-    if (decode_packet(ctx, nwords, words, &pkt, false) > 0) {
+    words_read =3D decode_packet(ctx, nwords, words, &pkt, false);
+    if (words_read > 0) {
         pkt.pc =3D ctx->base.pc_next;
+        if (pkt.pkt_has_write_conflict) {
+            gen_exception_decode_fail(ctx, words_read,
+                                      HEX_CAUSE_REG_WRITE_CONFLICT);
+            return;
+        }
         gen_start_packet(ctx);
         for (i =3D 0; i < pkt.num_insns; i++) {
             ctx->insn =3D &pkt.insn[i];
diff --git a/tests/tcg/hexagon/Makefile.target b/tests/tcg/hexagon/Makefile=
.target
index d64aeba090..f86f02bb31 100644
--- a/tests/tcg/hexagon/Makefile.target
+++ b/tests/tcg/hexagon/Makefile.target
@@ -52,6 +52,7 @@ HEX_TESTS +=3D hvx_misc
 HEX_TESTS +=3D hvx_histogram
 HEX_TESTS +=3D invalid-slots
 HEX_TESTS +=3D invalid-encoding
+HEX_TESTS +=3D multiple-writes
 HEX_TESTS +=3D unaligned_pc
=20
 HEX_TESTS +=3D test_abs
diff --git a/tests/tcg/hexagon/multiple-writes.c b/tests/tcg/hexagon/multip=
le-writes.c
new file mode 100644
index 0000000000..8686317fdc
--- /dev/null
+++ b/tests/tcg/hexagon/multiple-writes.c
@@ -0,0 +1,169 @@
+/*
+ * Test detection of multiple writes to the same register.
+ *
+ * Ported from the system test (tests/tcg/hexagon/system/multiple_writes.c=
).
+ * In linux-user mode, duplicate GPR writes are detected at translate time
+ * and raise SIGILL when at least one conflicting write is unconditional.
+ * Purely predicated duplicate writes (e.g., complementary if/if-not) are
+ * legal and are not flagged statically.
+ *
+ * Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries.
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include <assert.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+static void *resume_pc;
+
+static void handle_sigill(int sig, siginfo_t *info, void *puc)
+{
+    ucontext_t *uc =3D (ucontext_t *)puc;
+
+    if (sig !=3D SIGILL) {
+        _exit(EXIT_FAILURE);
+    }
+
+    uc->uc_mcontext.r0 =3D SIGILL;
+    uc->uc_mcontext.pc =3D (unsigned long)resume_pc;
+}
+
+/*
+ * Unconditional pair write overlapping a single write:
+ *   { r1:0 =3D add(r3:2, r3:2);  r1 =3D add(r0, r1) }
+ * R1 is written by both instructions.  This is invalid and must raise SIG=
ILL.
+ */
+static int test_static_pair_overlap(void)
+{
+    int sig;
+
+    asm volatile(
+        "r0 =3D #0\n"
+        "r1 =3D ##1f\n"
+        "memw(%1) =3D r1\n"
+        ".word 0xd30242e0\n"  /* r1:0 =3D add(r3:2, r3:2), parse=3D01 */
+        ".word 0xf300c101\n"  /* r1 =3D add(r0, r1), parse=3D11 (end) */
+        "1:\n"
+        "%0 =3D r0\n"
+        : "=3Dr"(sig)
+        : "r"(&resume_pc)
+        : "r0", "r1", "memory");
+
+    return sig;
+}
+
+/*
+ * Two predicated writes under complementary predicates:
+ *   { if (p0) r0 =3D r2;  if (!p0) r0 =3D r3 }
+ * This is architecturally valid: only one write executes at runtime.
+ * Must NOT raise SIGILL; the result should reflect the executed branch.
+ */
+static int test_legal_predicated(void)
+{
+    int result;
+
+    asm volatile(
+        "r0 =3D #0\n"
+        "r1 =3D ##1f\n"
+        "memw(%1) =3D r1\n"
+        "r2 =3D #7\n"
+        "r3 =3D #13\n"
+        "p0 =3D cmp.eq(r2, r2)\n"
+        "{\n"
+        "    if (p0) r0 =3D r2\n"
+        "    if (!p0) r0 =3D r3\n"
+        "}\n"
+        "1:\n"
+        "%0 =3D r0\n"
+        : "=3Dr"(result)
+        : "r"(&resume_pc)
+        : "r0", "r1", "r2", "r3", "p0", "memory");
+
+    return result;
+}
+
+/*
+ * Mixed: unconditional + predicated writes to the same register:
+ *   { if (p0) r1 =3D add(r0, #0);  if (!p0) r1 =3D add(r0, #0);
+ *     r1 =3D add(r0, #0) }
+ * The unconditional write always conflicts with the predicated writes.
+ * Must raise SIGILL.
+ */
+static int test_mixed_writes(void)
+{
+    int sig;
+
+    asm volatile(
+        "r0 =3D #0\n"
+        "r1 =3D ##1f\n"
+        "memw(%1) =3D r1\n"
+        "p0 =3D cmp.eq(r0, r0)\n"
+        ".word 0x7e204021\n"  /* if (p0) r1 =3D add(r0, #0), parse=3D01 */
+        ".word 0x7ea04021\n"  /* if (!p0) r1 =3D add(r0, #0), parse=3D01 */
+        ".word 0x7800c021\n"  /* r1 =3D add(r0, #0), parse=3D11 (end) */
+        "1:\n"
+        "%0 =3D r0\n"
+        : "=3Dr"(sig)
+        : "r"(&resume_pc)
+        : "r0", "r1", "p0", "memory");
+
+    return sig;
+}
+
+/*
+ * Zero encoding (issue #2696):
+ * The encoding 0x00000000 decodes as a duplex with parse bits
+ * [15:14] =3D 0b00:
+ *   slot1: SL1_loadri_io R0 =3D memw(R0+#0x0)
+ *   slot0: SL1_loadri_io R0 =3D memw(R0+#0x0)
+ *
+ * Both sub-instructions write R0 unconditionally, which is an invalid
+ * packet.  This tests what happens when we jump to zeroed memory.
+ * Must raise SIGILL.
+ */
+static int test_zero(void)
+{
+    int sig;
+
+    asm volatile(
+        "r0 =3D #0\n"
+        "r1 =3D ##1f\n"
+        "memw(%1) =3D r1\n"
+        ".word 0x00000000\n"
+        "1:\n"
+        "%0 =3D r0\n"
+        : "=3Dr"(sig)
+        : "r"(&resume_pc)
+        : "r0", "r1", "memory");
+
+    return sig;
+}
+
+int main()
+{
+    struct sigaction act;
+
+    memset(&act, 0, sizeof(act));
+    act.sa_sigaction =3D handle_sigill;
+    act.sa_flags =3D SA_SIGINFO;
+    assert(sigaction(SIGILL, &act, NULL) =3D=3D 0);
+
+    /* Legal: complementary predicated writes must not raise SIGILL */
+    assert(test_legal_predicated() =3D=3D 7);
+
+    /* Illegal: unconditional pair + single overlap must raise SIGILL */
+    assert(test_static_pair_overlap() =3D=3D SIGILL);
+
+    /* Illegal: unconditional + predicated writes to same reg must SIGILL =
*/
+    assert(test_mixed_writes() =3D=3D SIGILL);
+
+    /* Illegal: zero encoding =3D duplex with duplicate dest R0 */
+    assert(test_zero() =3D=3D SIGILL);
+
+    puts("PASS");
+    return EXIT_SUCCESS;
+}
--=20
2.34.1