From 8964f3516cab9ed0183407136aa9f0dae87c49e3 Mon Sep 17 00:00:00 2001 From: tangbinzy Date: Wed, 23 Nov 2022 15:38:38 -0800 Subject: [PATCH 1/4] target/hppa: Fix deposit assert from trans_shrpw_imm MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit mainline inclusion commit 05bfd4db08608bc4c22de729780c1f74612fbc0e category: bugfix ---------------------------------------------- Because sa may be 0, tcg_gen_deposit_reg(dest, t0, cpu_gr[a->r1], 32 - sa, sa); may attempt a zero-width deposit at bit 32, which will assert for TARGET_REGISTER_BITS == 32. Use the newer extract2 when possible, which itself includes the rotri special case; otherwise mirror the code from trans_shrpw_sar, using concat and shri. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/635 Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Richard Henderson Signed-off-by: tangbinzy --- target/hppa/translate.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/target/hppa/translate.c b/target/hppa/translate.c index 3b9744deb4..952027a28e 100644 --- a/target/hppa/translate.c +++ b/target/hppa/translate.c @@ -140,6 +140,7 @@ #define tcg_gen_deposit_z_reg tcg_gen_deposit_z_i64 #define tcg_gen_extract_reg tcg_gen_extract_i64 #define tcg_gen_sextract_reg tcg_gen_sextract_i64 +#define tcg_gen_extract2_reg tcg_gen_extract2_i64 #define tcg_const_reg tcg_const_i64 #define tcg_const_local_reg tcg_const_local_i64 #define tcg_constant_reg tcg_constant_i64 @@ -234,6 +235,7 @@ #define tcg_gen_deposit_z_reg tcg_gen_deposit_z_i32 #define tcg_gen_extract_reg tcg_gen_extract_i32 #define tcg_gen_sextract_reg tcg_gen_sextract_i32 +#define tcg_gen_extract2_reg tcg_gen_extract2_i32 #define tcg_const_reg tcg_const_i32 #define tcg_const_local_reg tcg_const_local_i32 #define tcg_constant_reg tcg_constant_i32 @@ -3204,19 +3206,22 @@ static bool trans_shrpw_imm(DisasContext *ctx, arg_shrpw_imm *a) dest = dest_gpr(ctx, a->t); t2 = load_gpr(ctx, a->r2); - if (a->r1 == a->r2) { + if (a->r1 == 0) { + tcg_gen_extract_reg(dest, t2, sa, 32 - sa); + } else if (TARGET_REGISTER_BITS == 32) { + tcg_gen_extract2_reg(dest, t2, cpu_gr[a->r1], sa); + } else if (a->r1 == a->r2) { TCGv_i32 t32 = tcg_temp_new_i32(); tcg_gen_trunc_reg_i32(t32, t2); tcg_gen_rotri_i32(t32, t32, sa); tcg_gen_extu_i32_reg(dest, t32); tcg_temp_free_i32(t32); - } else if (a->r1 == 0) { - tcg_gen_extract_reg(dest, t2, sa, 32 - sa); } else { - TCGv_reg t0 = tcg_temp_new(); - tcg_gen_extract_reg(t0, t2, sa, 32 - sa); - tcg_gen_deposit_reg(dest, t0, cpu_gr[a->r1], 32 - sa, sa); - tcg_temp_free(t0); + TCGv_i64 t64 = tcg_temp_new_i64(); + tcg_gen_concat_reg_i64(t64, t2, cpu_gr[a->r1]); + tcg_gen_shri_i64(t64, t64, sa); + tcg_gen_trunc_i64_reg(dest, t64); + tcg_temp_free_i64(t64); } save_gpr(ctx, a->t, dest); -- Gitee From 8eef73d0714c8bb5a4fc5a8b6ae007752d0061b2 Mon Sep 17 00:00:00 2001 From: tangbinzy Date: Wed, 23 Nov 2022 15:35:25 -0800 Subject: [PATCH 2/4] tcg/optimize: Fix folding of vector ops MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit mainline inclusion commit c578ff18584666499c3141b2d770b9e36b5e9d7e category: bugfix ------------------------------------------------------------ Bitwise operations are easy to fold, because the operation is identical regardless of element size. But add and sub need extra element size info that is not currently propagated. Fixes: 2f9f08ba43d Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/799 Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Richard Henderson Signed-off-by: tangbinzy --- tcg/optimize.c | 49 ++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 38 insertions(+), 11 deletions(-) diff --git a/tcg/optimize.c b/tcg/optimize.c index 2397f2cf93..e573000951 100644 --- a/tcg/optimize.c +++ b/tcg/optimize.c @@ -308,13 +308,13 @@ static uint64_t do_constant_folding_2(TCGOpcode op, uint64_t x, uint64_t y) CASE_OP_32_64(mul): return x * y; - CASE_OP_32_64(and): + CASE_OP_32_64_VEC(and): return x & y; - CASE_OP_32_64(or): + CASE_OP_32_64_VEC(or): return x | y; - CASE_OP_32_64(xor): + CASE_OP_32_64_VEC(xor): return x ^ y; case INDEX_op_shl_i32: @@ -347,16 +347,16 @@ static uint64_t do_constant_folding_2(TCGOpcode op, uint64_t x, uint64_t y) case INDEX_op_rotl_i64: return rol64(x, y & 63); - CASE_OP_32_64(not): + CASE_OP_32_64_VEC(not): return ~x; CASE_OP_32_64(neg): return -x; - CASE_OP_32_64(andc): + CASE_OP_32_64_VEC(andc): return x & ~y; - CASE_OP_32_64(orc): + CASE_OP_32_64_VEC(orc): return x | ~y; CASE_OP_32_64(eqv): @@ -751,6 +751,12 @@ static bool fold_const2(OptContext *ctx, TCGOp *op) return false; } +static bool fold_commutative(OptContext *ctx, TCGOp *op) +{ + swap_commutative(op->args[0], &op->args[1], &op->args[2]); + return false; +} + static bool fold_const2_commutative(OptContext *ctx, TCGOp *op) { swap_commutative(op->args[0], &op->args[1], &op->args[2]); @@ -905,6 +911,16 @@ static bool fold_add(OptContext *ctx, TCGOp *op) return false; } +/* We cannot as yet do_constant_folding with vectors. */ +static bool fold_add_vec(OptContext *ctx, TCGOp *op) +{ + if (fold_commutative(ctx, op) || + fold_xi_to_x(ctx, op, 0)) { + return true; + } + return false; +} + static bool fold_addsub2(OptContext *ctx, TCGOp *op, bool add) { if (arg_is_const(op->args[2]) && arg_is_const(op->args[3]) && @@ -1938,10 +1954,10 @@ static bool fold_sub_to_neg(OptContext *ctx, TCGOp *op) return false; } -static bool fold_sub(OptContext *ctx, TCGOp *op) +/* We cannot as yet do_constant_folding with vectors. */ +static bool fold_sub_vec(OptContext *ctx, TCGOp *op) { - if (fold_const2(ctx, op) || - fold_xx_to_i(ctx, op, 0) || + if (fold_xx_to_i(ctx, op, 0) || fold_xi_to_x(ctx, op, 0) || fold_sub_to_neg(ctx, op)) { return true; @@ -1949,6 +1965,11 @@ static bool fold_sub(OptContext *ctx, TCGOp *op) return false; } +static bool fold_sub(OptContext *ctx, TCGOp *op) +{ + return fold_const2(ctx, op) || fold_sub_vec(ctx, op); +} + static bool fold_sub2(OptContext *ctx, TCGOp *op) { return fold_addsub2(ctx, op, false); @@ -2052,9 +2073,12 @@ void tcg_optimize(TCGContext *s) * Sorted alphabetically by opcode as much as possible. */ switch (opc) { - CASE_OP_32_64_VEC(add): + CASE_OP_32_64(add): done = fold_add(&ctx, op); break; + case INDEX_op_add_vec: + done = fold_add_vec(&ctx, op); + break; CASE_OP_32_64(add2): done = fold_add2(&ctx, op); break; @@ -2193,9 +2217,12 @@ void tcg_optimize(TCGContext *s) CASE_OP_32_64(sextract): done = fold_sextract(&ctx, op); break; - CASE_OP_32_64_VEC(sub): + CASE_OP_32_64(sub): done = fold_sub(&ctx, op); break; + case INDEX_op_sub_vec: + done = fold_sub_vec(&ctx, op); + break; CASE_OP_32_64(sub2): done = fold_sub2(&ctx, op); break; -- Gitee From 1ac38ad4f16bf8fe4cabf1e41036f36ad08cf14f Mon Sep 17 00:00:00 2001 From: tangbinzy Date: Wed, 23 Nov 2022 15:07:57 +0000 Subject: [PATCH 3/4] target/arm: Add missing FEAT_TLBIOS instructions mainline inclusion commit b7469ef92a8034b32031ba22b84fb14046f9770e category: bugfix ------------------------------------------------------------ Some of the instructions added by the FEAT_TLBIOS extension were forgotten when the extension was originally added to QEMU. Fixes: 7113d618505b ("target/arm: Add support for FEAT_TLBIOS") Signed-off-by: Idan Horowitz Reviewed-by: Richard Henderson Message-id: 20211231103928.1455657-1-idan.horowitz@gmail.com Signed-off-by: Peter Maydell Signed-off-by: tangbinzy --- target/arm/helper.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/target/arm/helper.c b/target/arm/helper.c index 80737a8d7b..1854c65863 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6998,18 +6998,42 @@ static const ARMCPRegInfo tlbios_reginfo[] = { .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 1, .opc2 = 0, .access = PL1_W, .type = ARM_CP_NO_RAW, .writefn = tlbi_aa64_vmalle1is_write }, + { .name = "TLBI_VAE1OS", .state = ARM_CP_STATE_AA64, + .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 1, .opc2 = 1, + .access = PL1_W, .type = ARM_CP_NO_RAW, + .writefn = tlbi_aa64_vae1is_write }, { .name = "TLBI_ASIDE1OS", .state = ARM_CP_STATE_AA64, .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 1, .opc2 = 2, .access = PL1_W, .type = ARM_CP_NO_RAW, .writefn = tlbi_aa64_vmalle1is_write }, + { .name = "TLBI_VAAE1OS", .state = ARM_CP_STATE_AA64, + .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 1, .opc2 = 3, + .access = PL1_W, .type = ARM_CP_NO_RAW, + .writefn = tlbi_aa64_vae1is_write }, + { .name = "TLBI_VALE1OS", .state = ARM_CP_STATE_AA64, + .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 1, .opc2 = 5, + .access = PL1_W, .type = ARM_CP_NO_RAW, + .writefn = tlbi_aa64_vae1is_write }, + { .name = "TLBI_VAALE1OS", .state = ARM_CP_STATE_AA64, + .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 1, .opc2 = 7, + .access = PL1_W, .type = ARM_CP_NO_RAW, + .writefn = tlbi_aa64_vae1is_write }, { .name = "TLBI_ALLE2OS", .state = ARM_CP_STATE_AA64, .opc0 = 1, .opc1 = 4, .crn = 8, .crm = 1, .opc2 = 0, .access = PL2_W, .type = ARM_CP_NO_RAW, .writefn = tlbi_aa64_alle2is_write }, + { .name = "TLBI_VAE2OS", .state = ARM_CP_STATE_AA64, + .opc0 = 1, .opc1 = 4, .crn = 8, .crm = 1, .opc2 = 1, + .access = PL2_W, .type = ARM_CP_NO_RAW, + .writefn = tlbi_aa64_vae2is_write }, { .name = "TLBI_ALLE1OS", .state = ARM_CP_STATE_AA64, .opc0 = 1, .opc1 = 4, .crn = 8, .crm = 1, .opc2 = 4, .access = PL2_W, .type = ARM_CP_NO_RAW, .writefn = tlbi_aa64_alle1is_write }, + { .name = "TLBI_VALE2OS", .state = ARM_CP_STATE_AA64, + .opc0 = 1, .opc1 = 4, .crn = 8, .crm = 1, .opc2 = 5, + .access = PL2_W, .type = ARM_CP_NO_RAW, + .writefn = tlbi_aa64_vae2is_write }, { .name = "TLBI_VMALLS12E1OS", .state = ARM_CP_STATE_AA64, .opc0 = 1, .opc1 = 4, .crn = 8, .crm = 1, .opc2 = 6, .access = PL2_W, .type = ARM_CP_NO_RAW, @@ -7030,6 +7054,14 @@ static const ARMCPRegInfo tlbios_reginfo[] = { .opc0 = 1, .opc1 = 6, .crn = 8, .crm = 1, .opc2 = 0, .access = PL3_W, .type = ARM_CP_NO_RAW, .writefn = tlbi_aa64_alle3is_write }, + { .name = "TLBI_VAE3OS", .state = ARM_CP_STATE_AA64, + .opc0 = 1, .opc1 = 6, .crn = 8, .crm = 1, .opc2 = 1, + .access = PL3_W, .type = ARM_CP_NO_RAW, + .writefn = tlbi_aa64_vae3is_write }, + { .name = "TLBI_VALE3OS", .state = ARM_CP_STATE_AA64, + .opc0 = 1, .opc1 = 6, .crn = 8, .crm = 1, .opc2 = 5, + .access = PL3_W, .type = ARM_CP_NO_RAW, + .writefn = tlbi_aa64_vae3is_write }, REGINFO_SENTINEL }; -- Gitee From 5489264cd9583855d45fd0c21f18387b649f6e44 Mon Sep 17 00:00:00 2001 From: tangbinzy Date: Wed, 23 Nov 2022 15:26:59 +0300 Subject: [PATCH 4/4] target/riscv/pmp: fix no pmp illegal intrs mainline inclusion commit 0fbb5d2d3c9ded9fbd3f6f993974cc5e88e28912 category: bugfix ----------------------------------------------- As per the privilege specification, any access from S/U mode should fail if no pmp region is configured and pmp is present, othwerwise access should succeed. Fixes: d102f19a208 (target/riscv/pmp: Raise exception if no PMP entry is configured) Signed-off-by: Nikita Shubin Reviewed-by: Alistair Francis Message-id: 20211214092659.15709-1-nikita.shubin@maquefel.me Signed-off-by: Alistair Francis Signed-off-by: tangbinzy --- target/riscv/op_helper.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c index ee7c24efe7..58d992e98a 100644 --- a/target/riscv/op_helper.c +++ b/target/riscv/op_helper.c @@ -146,7 +146,8 @@ target_ulong helper_mret(CPURISCVState *env, target_ulong cpu_pc_deb) uint64_t mstatus = env->mstatus; target_ulong prev_priv = get_field(mstatus, MSTATUS_MPP); - if (!pmp_get_num_rules(env) && (prev_priv != PRV_M)) { + if (riscv_feature(env, RISCV_FEATURE_PMP) && + !pmp_get_num_rules(env) && (prev_priv != PRV_M)) { riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST, GETPC()); } -- Gitee