search

vivier / qemu-m68k

Other
40 stars 6 forks source link

m68k: fix use of unitialised temp reg in ASL #7

Closed trofi closed 8 years ago

trofi commented 8 years ago

Minimal reproducer:

m68k.S

_start: asll #1,%d0 br _start

Gets translated into: $ m68k-unknown-linux-gnu-gcc -nostdlib -nostartfiles m68k.S -o foo $ qemu-m68k -d in_asm,op -L foo

 # asll #1,%d0 muops:
 ---- 80000054 ffffffff
 movi_i32 tmp0,$0x0
 movi_i32 tmp1,$0x1f
 shr_i32 CC_C,D0,tmp1
 movi_i32 tmp1,$0x1
 shl_i32 CC_N,D0,tmp1
 mov_i32 CC_V,tmp0
 movi_i32 tmp1,$0x1f
 movi_i32 tmp3,$0x1e
 shr_i32 CC_V,D0,tmp3
 sar_i32 tmp2,D0,tmp2 # tmp2 is used uninitialised
 ...

And crashes QEMU: qemu-m68k/tcg/tcg.c:1774: tcg fatal error

The line 'sar_i32 tmp2,D0,tmp2' introduces 'tmp2' and tries to use it without initialisation. It triggers tcg accertion of LOAD from DEAD value.

Relevant C code in target-m68k/translate.c:

 TCGv t1 = tcg_const_i32(bits - 1);
 TCGv t0 = tcg_temp_new();

 tcg_gen_shri_i32(QREG_CC_V, reg, bits - 1 - count);
 tcg_gen_sar_i32(t0, reg, t0);

tcg_gen_sar_i32 should have called shift by 'bits - 1' but didn't.

Bug: https://github.com/vivier/qemu-m68k/issues/6 Signed-off-by: Sergei Trofimovich siarheit@google.com

trofi commented 8 years ago

Closing pull request as 03d386a5625cc069a48ab831128aed642f303a27 fixes uninit register use.

Thanks!