[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 20/46] tcg/tci: Move stack bounds check to compile-time
|
From: |
Richard Henderson |
|
Subject: |
[PULL 20/46] tcg/tci: Move stack bounds check to compile-time |
|
Date: |
Fri, 5 Feb 2021 12:56:24 -1000 |
The existing check was incomplete:
(1) Only applied to two of the 7 stores, and not to the loads at all.
(2) Only checked the upper, but not the lower bound of the stack.
Doing this at compile time means that we don't need to do it
at runtime as well.
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
tcg/tci.c | 2 --
tcg/tci/tcg-target.c.inc | 13 +++++++++++++
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/tcg/tci.c b/tcg/tci.c
index fe935e71a3..ee2cd7dfa2 100644
--- a/tcg/tci.c
+++ b/tcg/tci.c
@@ -628,7 +628,6 @@ uintptr_t QEMU_DISABLE_CFI tcg_qemu_tb_exec(CPUArchState
*env,
t0 = tci_read_r32(regs, &tb_ptr);
t1 = tci_read_r(regs, &tb_ptr);
t2 = tci_read_s32(&tb_ptr);
- tci_assert(t1 != sp_value || (int32_t)t2 < 0);
*(uint32_t *)(t1 + t2) = t0;
break;
@@ -884,7 +883,6 @@ uintptr_t QEMU_DISABLE_CFI tcg_qemu_tb_exec(CPUArchState
*env,
t0 = tci_read_r64(regs, &tb_ptr);
t1 = tci_read_r(regs, &tb_ptr);
t2 = tci_read_s32(&tb_ptr);
- tci_assert(t1 != sp_value || (int32_t)t2 < 0);
*(uint64_t *)(t1 + t2) = t0;
break;
diff --git a/tcg/tci/tcg-target.c.inc b/tcg/tci/tcg-target.c.inc
index f0f6b13112..82efb9af60 100644
--- a/tcg/tci/tcg-target.c.inc
+++ b/tcg/tci/tcg-target.c.inc
@@ -375,10 +375,20 @@ static void tci_out_label(TCGContext *s, TCGLabel *label)
}
}
+static void stack_bounds_check(TCGReg base, target_long offset)
+{
+ if (base == TCG_REG_CALL_STACK) {
+ tcg_debug_assert(offset < 0);
+ tcg_debug_assert(offset >= -(CPU_TEMP_BUF_NLONGS * sizeof(long)));
+ }
+}
+
static void tcg_out_ld(TCGContext *s, TCGType type, TCGReg ret, TCGReg arg1,
intptr_t arg2)
{
uint8_t *old_code_ptr = s->code_ptr;
+
+ stack_bounds_check(arg1, arg2);
if (type == TCG_TYPE_I32) {
tcg_out_op_t(s, INDEX_op_ld_i32);
tcg_out_r(s, ret);
@@ -514,6 +524,7 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc, const
TCGArg *args,
case INDEX_op_st16_i64:
case INDEX_op_st32_i64:
case INDEX_op_st_i64:
+ stack_bounds_check(args[1], args[2]);
tcg_out_r(s, args[0]);
tcg_out_r(s, args[1]);
tcg_debug_assert(args[2] == (int32_t)args[2]);
@@ -716,6 +727,8 @@ static void tcg_out_st(TCGContext *s, TCGType type, TCGReg
arg, TCGReg arg1,
intptr_t arg2)
{
uint8_t *old_code_ptr = s->code_ptr;
+
+ stack_bounds_check(arg1, arg2);
if (type == TCG_TYPE_I32) {
tcg_out_op_t(s, INDEX_op_st_i32);
tcg_out_r(s, arg);
--
2.25.1
- [PULL 11/46] tcg/tci: Inline tci_write_reg32 into all callers, (continued)
- [PULL 11/46] tcg/tci: Inline tci_write_reg32 into all callers, Richard Henderson, 2021/02/05
- [PULL 12/46] tcg/tci: Inline tci_write_reg64 into 64-bit callers, Richard Henderson, 2021/02/05
- [PULL 13/46] tcg/tci: Merge INDEX_op_ld8u_{i32,i64}, Richard Henderson, 2021/02/05
- [PULL 14/46] tcg/tci: Merge INDEX_op_ld8s_{i32,i64}, Richard Henderson, 2021/02/05
- [PULL 15/46] tcg/tci: Merge INDEX_op_ld16u_{i32,i64}, Richard Henderson, 2021/02/05
- [PULL 16/46] tcg/tci: Merge INDEX_op_ld16s_{i32,i64}, Richard Henderson, 2021/02/05
- [PULL 17/46] tcg/tci: Merge INDEX_op_{ld_i32,ld32u_i64}, Richard Henderson, 2021/02/05
- [PULL 18/46] tcg/tci: Merge INDEX_op_st8_{i32,i64}, Richard Henderson, 2021/02/05
- [PULL 19/46] tcg/tci: Merge INDEX_op_st16_{i32,i64}, Richard Henderson, 2021/02/05
- [PULL 21/46] tcg/tci: Merge INDEX_op_{st_i32,st32_i64}, Richard Henderson, 2021/02/05
- [PULL 20/46] tcg/tci: Move stack bounds check to compile-time,
Richard Henderson <=
- [PULL 22/46] tcg/tci: Use g_assert_not_reached, Richard Henderson, 2021/02/05
- [PULL 23/46] tcg/tci: Remove dead code for TCG_TARGET_HAS_div2_*, Richard Henderson, 2021/02/05
- [PULL 26/46] tcg/tci: Restrict TCG_TARGET_NB_REGS to 16, Richard Henderson, 2021/02/05
- [PULL 28/46] tcg/tci: Remove TCG_CONST, Richard Henderson, 2021/02/05
- [PULL 25/46] tcg/tci: Remove TODO as unused, Richard Henderson, 2021/02/05
- [PULL 32/46] cpu: Move synchronize_from_tb() to tcg_ops, Richard Henderson, 2021/02/05
- [PULL 29/46] cpu: Introduce TCGCpuOperations struct, Richard Henderson, 2021/02/05
- [PULL 27/46] tcg/tci: Fix TCG_REG_R4 misusage, Richard Henderson, 2021/02/05
- [PULL 24/46] tcg/tci: Implement 64-bit division, Richard Henderson, 2021/02/05
- [PULL 30/46] target/riscv: remove CONFIG_TCG, as it is always TCG, Richard Henderson, 2021/02/05