[Qemu-devel] Bug in PPC TCG for rlwimi ?

Tom Musta Tue, 13 May 2014 13:58:42 -0700

I am chasing a bug in ppc64-linux-user when hosted on PPC 64.

I believe I have narrowed the problem to QEMU's emulation of an rlwimi 
instruction
in ld64.so.  The in/out asm and register dump are below.  And so is the ppc 
translation source.


The inbound contents of r4 is 0x24.  The expected value of r4 after "rlwimi 
r4,r4,8,16,23"
is 0x2424 but is zero.  What looks strange to me in the out_asm is the "lwz 
r14,32(r27)"
instruction, which appears to be generated from the 
"tcg_gen_trun_i64_i32(t2,cpu_gpr[rS(ctx->opcode)])"
statement.  If it is going to load only 4 bytes, shouldn't it be at offset 32+4 
?

I have not yet been able to connect the dots between the QEMU source and the 
emitted (TCG)
code.

Here is the main piece of the rlwimi translation code (target-ppc/translate.c):

        target_ulong mask;
        TCGv t1;
        TCGv t0 = tcg_temp_new();
#if defined(TARGET_PPC64)
        TCGv_i32 t2 = tcg_temp_new_i32();
        tcg_gen_trunc_i64_i32(t2, cpu_gpr[rS(ctx->opcode)]);
        tcg_gen_rotli_i32(t2, t2, sh);
        tcg_gen_extu_i32_i64(t0, t2);
        tcg_temp_free_i32(t2);
#else
        tcg_gen_rotli_i32(t0, cpu_gpr[rS(ctx->opcode)], sh);
#endif
#if defined(TARGET_PPC64)
        mb += 32;
        me += 32;
#endif
        mask = MASK(mb, me);
         t1 = tcg_temp_new();
        tcg_gen_andi_tl(t0, t0, mask);
        tcg_gen_andi_tl(t1, cpu_gpr[rA(ctx->opcode)], ~mask);
        tcg_gen_or_tl(cpu_gpr[rA(ctx->opcode)], t0, t1);
        tcg_temp_free(t0);
        tcg_temp_free(t1);


And here is the input/output asm from


IN:
0x00000fffa7fc2ae4:  rlwimi  r4,r4,8,16,23

OUT: [size=136]
0x603638c0:  lwz     r14,-4(r27)
0x603638c4:  cmpwi   cr7,r14,0
0x603638c8:  bne-    cr7,0x60363934
0x603638cc:  lwz     r14,32(r27)  # this looks strange
0x603638d0:  mr      r15,r14
0x603638d4:  rotlwi  r15,r15,8
0x603638d8:  andi.   r15,r15,65280
0x603638dc:  lis     r0,-1
0x603638e0:  ori     r0,r0,255
0x603638e4:  and     r14,r14,r0
0x603638e8:  or      r14,r15,r14
0x603638ec:  std     r14,32(r27)
0x603638f0:  .long 0x0
0x603638f4:  .long 0x0
0x603638f8:  .long 0x0
0x603638fc:  .long 0x0
0x60363900:  .long 0x0
0x60363904:  .long 0x0
0x60363908:  .long 0x0
0x6036390c:  li      r14,4095
0x60363910:  rldicr  r14,r14,32,31
0x60363914:  oris    r14,r14,43004
0x60363918:  ori     r14,r14,10984
0x6036391c:  std     r14,696(r27)
0x60363920:  li      r3,4095
0x60363924:  rldicr  r3,r3,32,31
0x60363928:  oris    r3,r3,43021
0x6036392c:  ori     r3,r3,56368
0x60363930:  b       0x6231d668
0x60363934:  li      r3,4095
0x60363938:  rldicr  r3,r3,32,31
0x6036393c:  oris    r3,r3,43021
0x60363940:  ori     r3,r3,56371
0x60363944:  b       0x6231d668

NIP 00000fffa7fc2ae4   LR 00000fffa7fb5af0 CTR 0000000000000007 XER 
0000000000000000
MSR 8000000002806000 HID0 0000000000000000  HF 0000000002806000 idx 0
TB 00000000 00000000
GPR00 00000000100002d9 0000004000a0e070 00000fffa7fe8ae8 00000000100002d9
GPR04 0000000000000024 0000000000000000 0000000000000000 0000000000000000
GPR08 0000000000000000 0000000010010978 000000007fffffff 0000000000000001
GPR12 0000000034000042 0000000000000000 fffffffffffffffd 0000004000a0e0e0
GPR16 0000004000a0e0e0 00000fffa7fe2a58 0000000000000001 0000004000a0e0e0
GPR20 0000004000a0e0e0 0000000000000001 0000000000000000 0000004000a0e130
GPR24 0000004000a0e128 0000004000a0e138 0000004000a0e120 00000000100002d8
GPR28 00000fffa7fe2a58 0000000000000000 0000000010010938 0000004000a0e0b0
CR 34002042  [ EO G  -  -  E  -  G  E  ]             RES ffffffffffffffff
FPR00 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR04 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR08 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR12 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR24 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR28 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPSCR 0000000000000000
IN:
0x00000fffa7fc2ae8:  li      r11,-1

OUT: [size=108]
0x60363950:  lwz     r14,-4(r27)
0x60363954:  cmpwi   cr7,r14,0
0x60363958:  bne-    cr7,0x603639a8
0x6036395c:  li      r14,-1
0x60363960:  std     r14,88(r27)
0x60363964:  .long 0x0
0x60363968:  .long 0x0
0x6036396c:  .long 0x0
0x60363970:  .long 0x0
0x60363974:  .long 0x0
0x60363978:  .long 0x0
0x6036397c:  .long 0x0
0x60363980:  li      r14,4095
0x60363984:  rldicr  r14,r14,32,31
0x60363988:  oris    r14,r14,43004
0x6036398c:  ori     r14,r14,10988
0x60363990:  std     r14,696(r27)
0x60363994:  li      r3,4095
0x60363998:  rldicr  r3,r3,32,31
0x6036399c:  oris    r3,r3,43021
0x603639a0:  ori     r3,r3,56488
0x603639a4:  b       0x6231d668
0x603639a8:  li      r3,4095
0x603639ac:  rldicr  r3,r3,32,31
0x603639b0:  oris    r3,r3,43021
0x603639b4:  ori     r3,r3,56491
0x603639b8:  b       0x6231d668

NIP 00000fffa7fc2ae8   LR 00000fffa7fb5af0 CTR 0000000000000007 XER 
0000000000000000
MSR 8000000002806000 HID0 0000000000000000  HF 0000000002806000 idx 0
TB 00000000 00000000
GPR00 00000000100002d9 0000004000a0e070 00000fffa7fe8ae8 00000000100002d9
GPR04 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR08 0000000000000000 0000000010010978 000000007fffffff 0000000000000001
GPR12 0000000034000042 0000000000000000 fffffffffffffffd 0000004000a0e0e0
GPR16 0000004000a0e0e0 00000fffa7fe2a58 0000000000000001 0000004000a0e0e0
GPR20 0000004000a0e0e0 0000000000000001 0000000000000000 0000004000a0e130
GPR24 0000004000a0e128 0000004000a0e138 0000004000a0e120 00000000100002d8
GPR28 00000fffa7fe2a58 0000000000000000 0000000010010938 0000004000a0e0b0

[Qemu-devel] Bug in PPC TCG for rlwimi ?

Reply via email to