Message ID | 20241022133535.69351-2-szedani@linux.ibm.com (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | tcg/ppc/tcg-target.c.inc: Fix tcg_out_rlw_rc | expand |
On 10/22/24 06:34, Dani Szebenyi wrote: > The previous message I sent was corrupted, sending again. > > The TCG IR sequence: > mov_i32 tmp97,$0xc4240000 dead: 1 pref=0xffffffff > mov_i32 tmp98,$0x0 pref=0xffffffff > rotr_i32 tmp97,tmp97,tmp98 dead: 1 2 pref=0xffffffff > > was translated to `slwi r15, r14, 0` instead of `slwi r14, r14, 0` due to SH field overflow. > > SH field is 5 bits, and tcg_out_rlw is called in some situations with `32-n`, when `n` is 0 it results in an overflow to RA field. > > This commit prevents overflow of that field and adds debug assertions for the other fields > > Acked-by: Ilya Leoshkevich <iii@linux.ibm.com> > Signed-off-by: Dani Szebenyi <szedani@linux.ibm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> and queued. r~
diff --git a/tcg/ppc/tcg-target.c.inc b/tcg/ppc/tcg-target.c.inc index 223f079524..9a11c26fd3 100644 --- a/tcg/ppc/tcg-target.c.inc +++ b/tcg/ppc/tcg-target.c.inc @@ -911,7 +911,9 @@ static void tcg_out_rld(TCGContext *s, int op, TCGReg ra, TCGReg rs, static void tcg_out_rlw_rc(TCGContext *s, int op, TCGReg ra, TCGReg rs, int sh, int mb, int me, bool rc) { - tcg_out32(s, op | RA(ra) | RS(rs) | SH(sh) | MB(mb) | ME(me) | rc); + tcg_debug_assert((mb & 0x1f) == mb); + tcg_debug_assert((me & 0x1f) == me); + tcg_out32(s, op | RA(ra) | RS(rs) | SH(sh & 0x1f) | MB(mb) | ME(me) | rc); } static void tcg_out_rlw(TCGContext *s, int op, TCGReg ra, TCGReg rs,