[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] [PATCH 021/156] arm: translate.c: Fix smlald Instruction
From: |
Michael Roth |
Subject: |
[Qemu-stable] [PATCH 021/156] arm: translate.c: Fix smlald Instruction |
Date: |
Tue, 8 Jul 2014 12:16:52 -0500 |
From: Peter Crosthwaite <address@hidden>
The smlald (and probably smlsld) instruction was doing incorrect sign
extensions of the operands amongst 64bit result calculation. The
instruction psuedo-code is:
operand2 = if m_swap then ROR(R[m],16) else R[m];
product1 = SInt(R[n]<15:0>) * SInt(operand2<15:0>);
product2 = SInt(R[n]<31:16>) * SInt(operand2<31:16>);
result = product1 + product2 + SInt(R[dHi]:R[dLo]);
R[dHi] = result<63:32>;
R[dLo] = result<31:0>;
The result calculation should be done in 64 bit arithmetic, and hence
product1 and product2 should be sign extended to 64b before calculation.
The current implementation was adding product1 and product2 together
then sign-extending the intermediate result leading to false negatives.
E.G. if product1 = product2 = 0x4000000, their sum = 0x80000000, which
will be incorrectly interpreted as -ve on sign extension.
We fix by doing the 64b extensions on both product1 and product2 before
any addition/subtraction happens.
We also fix where we were possibly incorrectly setting the Q saturation
flag for SMLSLD, which the ARM ARM specifically says is not set.
Reported-by: Christina Smith <address@hidden>
Signed-off-by: Peter Crosthwaite <address@hidden>
Reviewed-by: Peter Maydell <address@hidden>
Message-id: address@hidden
Cc: address@hidden
Signed-off-by: Peter Maydell <address@hidden>
(cherry picked from commit 33bbd75a7c3321432fe40a8cbacd64619c56138c)
Signed-off-by: Michael Roth <address@hidden>
---
target-arm/translate.c | 34 +++++++++++++++++++++++-----------
1 file changed, 23 insertions(+), 11 deletions(-)
diff --git a/target-arm/translate.c b/target-arm/translate.c
index 5f003e7..e0c3eaa 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -7732,27 +7732,39 @@ static void disas_arm_insn(CPUARMState * env,
DisasContext *s)
if (insn & (1 << 5))
gen_swap_half(tmp2);
gen_smul_dual(tmp, tmp2);
- if (insn & (1 << 6)) {
- /* This subtraction cannot overflow. */
- tcg_gen_sub_i32(tmp, tmp, tmp2);
- } else {
- /* This addition cannot overflow 32 bits;
- * however it may overflow considered as a signed
- * operation, in which case we must set the Q flag.
- */
- gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
- }
- tcg_temp_free_i32(tmp2);
if (insn & (1 << 22)) {
/* smlald, smlsld */
+ TCGv_i64 tmp64_2;
+
tmp64 = tcg_temp_new_i64();
+ tmp64_2 = tcg_temp_new_i64();
tcg_gen_ext_i32_i64(tmp64, tmp);
+ tcg_gen_ext_i32_i64(tmp64_2, tmp2);
tcg_temp_free_i32(tmp);
+ tcg_temp_free_i32(tmp2);
+ if (insn & (1 << 6)) {
+ tcg_gen_sub_i64(tmp64, tmp64, tmp64_2);
+ } else {
+ tcg_gen_add_i64(tmp64, tmp64, tmp64_2);
+ }
+ tcg_temp_free_i64(tmp64_2);
gen_addq(s, tmp64, rd, rn);
gen_storeq_reg(s, rd, rn, tmp64);
tcg_temp_free_i64(tmp64);
} else {
/* smuad, smusd, smlad, smlsd */
+ if (insn & (1 << 6)) {
+ /* This subtraction cannot overflow. */
+ tcg_gen_sub_i32(tmp, tmp, tmp2);
+ } else {
+ /* This addition cannot overflow 32 bits;
+ * however it may overflow considered as a
+ * signed operation, in which case we must set
+ * the Q flag.
+ */
+ gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
+ }
+ tcg_temp_free_i32(tmp2);
if (rd != 15)
{
tmp2 = load_reg(s, rd);
--
1.9.1
- [Qemu-stable] Patch Round-up for stable 1.7.2, freeze on 2014-07-14, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 002/156] scsi-bus: Fix transfer length for VERIFY with BYTCHK=11b, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 001/156] char: restore read callback on a reattached (hotplug) chardev, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 005/156] target-i386: Fix CC_OP_CLR vs PF, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 004/156] s390x/virtio-hcall: Add range check for hypervisor call, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 021/156] arm: translate.c: Fix smlald Instruction,
Michael Roth <=
- [Qemu-stable] [PATCH 020/156] megasas: Implement LD_LIST_QUERY, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 018/156] block-commit: speed is an optional parameter, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 013/156] mirror: fix early wake from sleep due to aio, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 022/156] block: Prevent coroutine stack overflow when recursing in bdrv_open_backing_file., Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 025/156] s390x: empty function stubs in preparation for __KVM_HAVE_GUEST_DEBUG, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 024/156] s390x/helper: Added format control bit to MMU translation, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 003/156] block/iscsi: fix deadlock on scsi check condition, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 023/156] block: Use BDRV_O_NO_BACKING where appropriate, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 029/156] vmxnet3: validate queues configuration coming from guest, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 027/156] acpi: fix tables for no-hpet configuration, Michael Roth, 2014/07/08