Recently, when I was writing a RISCV test, I found that when VL is set to 0, the
instruction should be nop, but when I tested it, I found that QEMU will treat
all elements as tail elements, and in the case of VTA=1, write all elements
to 1.
After troubleshooting, it was found that the vext_vx_rm_1 function was called in
the vext_vx_rm_2, and then the vext_set_elems_1s function was called to process
the tail element, but only VSTART >= vl was checked in the vext_vx_rm_1
function, which caused the tail element to still be processed even if it was
returned in advance.
So I've made the following change:
Put VSTART_CHECK_EARLY_EXIT(env) at the beginning of the vext_vx_rm_2 function,
so that the VSTART register is checked correctly.
Fixes: df4252b2ec ("target/riscv/vector_helpers: do early exit when
vstart >= vl")
Signed-off-by: Chao Liu <lc00631@tecorigin.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
---
target/riscv/vector_helper.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/target/riscv/vector_helper.c b/target/riscv/vector_helper.c
index 217d2f6..67b3baf 100644
--- a/target/riscv/vector_helper.c
+++ b/target/riscv/vector_helper.c
@@ -2175,8 +2175,6 @@ vext_vv_rm_1(void *vd, void *v0, void *vs1, void *vs2,
uint32_t vl, uint32_t vm, int vxrm,
opivv2_rm_fn *fn, uint32_t vma, uint32_t esz)
{
- VSTART_CHECK_EARLY_EXIT(env, vl);
-
for (uint32_t i = env->vstart; i < vl; i++) {
if (!vm && !vext_elem_mask(v0, i)) {
/* set masked-off elements to 1s */
@@ -2200,6 +2198,8 @@ vext_vv_rm_2(void *vd, void *v0, void *vs1, void *vs2,
uint32_t vta = vext_vta(desc);
uint32_t vma = vext_vma(desc);
+ VSTART_CHECK_EARLY_EXIT(env, vl);
+
switch (env->vxrm) {
case 0: /* rnu */
vext_vv_rm_1(vd, v0, vs1, vs2,
@@ -2302,8 +2302,6 @@ vext_vx_rm_1(void *vd, void *v0, target_long s1, void *vs2,
uint32_t vl, uint32_t vm, int vxrm,
opivx2_rm_fn *fn, uint32_t vma, uint32_t esz)
{
- VSTART_CHECK_EARLY_EXIT(env, vl);
-
for (uint32_t i = env->vstart; i < vl; i++) {
if (!vm && !vext_elem_mask(v0, i)) {
/* set masked-off elements to 1s */
@@ -2327,6 +2325,8 @@ vext_vx_rm_2(void *vd, void *v0, target_long s1, void *vs2,
uint32_t vta = vext_vta(desc);
uint32_t vma = vext_vma(desc);
+ VSTART_CHECK_EARLY_EXIT(env, vl);
+
switch (env->vxrm) {
case 0: /* rnu */
vext_vx_rm_1(vd, v0, s1, vs2,
@@ -4662,6 +4662,8 @@ void HELPER(NAME)(void *vd, void *v0, void *vs1, \
uint32_t i; \
TD s1 = *((TD *)vs1 + HD(0)); \
\
+ VSTART_CHECK_EARLY_EXIT(env, vl); \
+ \
for (i = env->vstart; i < vl; i++) { \
TS2 s2 = *((TS2 *)vs2 + HS2(i)); \
if (!vm && !vext_elem_mask(v0, i)) { \
@@ -4750,6 +4752,8 @@ void HELPER(NAME)(void *vd, void *v0, void *vs1, \
uint32_t i; \
TD s1 = *((TD *)vs1 + HD(0)); \
\
+ VSTART_CHECK_EARLY_EXIT(env, vl); \
+ \
for (i = env->vstart; i < vl; i++) { \
TS2 s2 = *((TS2 *)vs2 + HS2(i)); \
if (!vm && !vext_elem_mask(v0, i)) { \
@@ -4914,6 +4918,8 @@ static void vmsetm(void *vd, void *v0, void *vs2, CPURISCVState *env,
int i;
bool first_mask_bit = false;
+ VSTART_CHECK_EARLY_EXIT(env, vl);
+
for (i = env->vstart; i < vl; i++) {
if (!vm && !vext_elem_mask(v0, i)) {
/* set masked-off elements to 1s */
@@ -4986,6 +4992,8 @@ void HELPER(NAME)(void *vd, void *v0, void *vs2, CPURISCVState *env, \
uint32_t sum = 0; \
int i; \
\
+ VSTART_CHECK_EARLY_EXIT(env, vl); \
+ \
for (i = env->vstart; i < vl; i++) { \
if (!vm && !vext_elem_mask(v0, i)) { \
/* set masked-off elements to 1s */ \
@@ -5344,6 +5352,8 @@ void HELPER(NAME)(void *vd, void *v0, void *vs1, void *vs2, \
uint32_t vta = vext_vta(desc); \
uint32_t num = 0, i; \
\
+ VSTART_CHECK_EARLY_EXIT(env, vl); \
+ \
for (i = env->vstart; i < vl; i++) { \
if (!vext_elem_mask(vs1, i)) { \
continue; \
--
2.48.110.03.2025 05:35, Chao Liu wrote:
> Recently, when I was writing a RISCV test, I found that when VL is set to 0, the
> instruction should be nop, but when I tested it, I found that QEMU will treat
> all elements as tail elements, and in the case of VTA=1, write all elements
> to 1.
>
> After troubleshooting, it was found that the vext_vx_rm_1 function was called in
> the vext_vx_rm_2, and then the vext_set_elems_1s function was called to process
> the tail element, but only VSTART >= vl was checked in the vext_vx_rm_1
> function, which caused the tail element to still be processed even if it was
> returned in advance.
>
> So I've made the following change:
>
> Put VSTART_CHECK_EARLY_EXIT(env) at the beginning of the vext_vx_rm_2 function,
> so that the VSTART register is checked correctly.
>
> Fixes: df4252b2ec ("target/riscv/vector_helpers: do early exit when
> vstart >= vl")
> Signed-off-by: Chao Liu <lc00631@tecorigin.com>
> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Is this a qemu-stable material (9.2)?
Thanks,
/mjt
On 3/24/25 1:48 AM, Michael Tokarev wrote:
> 10.03.2025 05:35, Chao Liu wrote:
>> Recently, when I was writing a RISCV test, I found that when VL is set to 0, the
>> instruction should be nop, but when I tested it, I found that QEMU will treat
>> all elements as tail elements, and in the case of VTA=1, write all elements
>> to 1.
>>
>> After troubleshooting, it was found that the vext_vx_rm_1 function was called in
>> the vext_vx_rm_2, and then the vext_set_elems_1s function was called to process
>> the tail element, but only VSTART >= vl was checked in the vext_vx_rm_1
>> function, which caused the tail element to still be processed even if it was
>> returned in advance.
>>
>> So I've made the following change:
>>
>> Put VSTART_CHECK_EARLY_EXIT(env) at the beginning of the vext_vx_rm_2 function,
>> so that the VSTART register is checked correctly.
>>
>> Fixes: df4252b2ec ("target/riscv/vector_helpers: do early exit when
>> vstart >= vl")
>> Signed-off-by: Chao Liu <lc00631@tecorigin.com>
>> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
>
> Is this a qemu-stable material (9.2)?
Yes. Go ahead. Thanks,
Daniel
>
> Thanks,
>
> /mjt
© 2016 - 2025 Red Hat, Inc.