diff options
| author | Ilya Leoshkevich <iii@linux.ibm.com> | 2023-03-16 18:22:04 +0100 |
|---|---|---|
| committer | Thomas Huth <thuth@redhat.com> | 2023-03-20 09:32:50 +0100 |
| commit | 9701596d821d95d4e9193d1342feab06ae597cd7 (patch) | |
| tree | a2969a398b6f9f179a9947c3fea6552d4bb80228 | |
| parent | a1465c8b5b622c82c4c01107c2610abf7d27cbee (diff) | |
| download | qemu-9701596d821d95d4e9193d1342feab06ae597cd7.zip qemu-9701596d821d95d4e9193d1342feab06ae597cd7.tar.gz qemu-9701596d821d95d4e9193d1342feab06ae597cd7.tar.bz2 | |
target/s390x: Fix R[NOX]SBG with T=1
RXSBG usage in the "filetests" test from the wasmtime testsuite makes
tcg_reg_alloc_op() attempt to temp_load() a TEMP_VAL_DEAD temporary,
causing an assertion failure:
0x01000a70: ec14 b040 3057 rxsbg %r1, %r4, 0xb0, 0x40, 0x30
OP after optimization and liveness analysis:
---- 0000000001000a70 0000000000000004 0000000000000006
rotl_i64 tmp2,r4,$0x30 dead: 1 2 pref=0xffff
and_i64 tmp2,tmp2,$0x800000000000ffff dead: 1 pref=0xffff
[xor_i64 tmp3,tmp3,tmp2 dead: 1 2 pref=0xffff]
and_i64 cc_dst,tmp3,$0x800000000000ffff sync: 0 dead: 0 1 2 pref=0xffff
mov_i64 psw_addr,$0x1000a76 sync: 0 dead: 0 1 pref=0xffff
mov_i32 cc_op,$0x6 sync: 0 dead: 0 1 pref=0xffff
call lookup_tb_ptr,$0x6,$1,tmp8,env dead: 1 pref=none
goto_ptr tmp8 dead: 0
set_label $L0
exit_tb $0x7fffe809d183
../tcg/tcg.c:3865: tcg fatal error
The reason is that tmp3 does not have an initial value, which confuses
the register allocator. This also affects the correctness of the
results.
Fix by assigning R1 to it.
Exposed by commit e2e641fa3d5 ("tcg: Change default temp lifetime to
TEMP_TB").
Fixes: d6c6372e186e ("target-s390: Implement R[NOX]SBG")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-Id: <20230316172205.281369-2-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
| -rw-r--r-- | target/s390x/tcg/translate.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c index 7832cf0..6758d9f 100644 --- a/target/s390x/tcg/translate.c +++ b/target/s390x/tcg/translate.c @@ -3697,11 +3697,15 @@ static DisasJumpType op_rosbg(DisasContext *s, DisasOps *o) int i3 = get_field(s, i3); int i4 = get_field(s, i4); int i5 = get_field(s, i5); + TCGv_i64 orig_out; uint64_t mask; /* If this is a test-only form, arrange to discard the result. */ if (i3 & 0x80) { + tcg_debug_assert(o->out != NULL); + orig_out = o->out; o->out = tcg_temp_new_i64(); + tcg_gen_mov_i64(o->out, orig_out); } i3 &= 63; |