@@ -1,5 +1,5 @@
/*
- * Copyright(c) 2019-2022 Qualcomm Innovation Center, Inc. All Rights Reserved.
+ * Copyright(c) 2019-2023 Qualcomm Innovation Center, Inc. All Rights Reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -797,7 +797,26 @@ static bool decode_parsebits_is_loopend(uint32_t encoding32)
return bits == 0x2;
}
-static void
+static bool has_valid_slot_assignment(Packet *pkt)
+{
+ int used_slots = 0;
+ for (int i = 0; i < pkt->num_insns; i++) {
+ int slot_mask;
+ Insn *insn = &pkt->insn[i];
+ if (decode_opcode_ends_loop(insn->opcode)) {
+ /* We overload slot 0 for endloop. */
+ continue;
+ }
+ slot_mask = 1 << insn->slot;
+ if (used_slots & slot_mask) {
+ return false;
+ }
+ used_slots |= slot_mask;
+ }
+ return true;
+}
+
+static bool
decode_set_slot_number(Packet *pkt)
{
int slot;
@@ -886,6 +905,8 @@ decode_set_slot_number(Packet *pkt)
/* Then push it to slot0 */
pkt->insn[slot1_iidx].slot = 0;
}
+
+ return has_valid_slot_assignment(pkt);
}
/*
@@ -962,7 +983,10 @@ int decode_packet(int max_words, const uint32_t *words, Packet *pkt,
if (!disas_only) {
decode_remove_extenders(pkt);
}
- decode_set_slot_number(pkt);
+ if (!decode_set_slot_number(pkt)) {
+ /* Invalid packet */
+ return 0;
+ }
decode_fill_newvalue_regno(pkt);
if (pkt->pkt_has_hvx) {
@@ -45,6 +45,16 @@ HEX_TESTS += fpstuff
HEX_TESTS += overflow
HEX_TESTS += signal_context
HEX_TESTS += reg_mut
+HEX_TESTS += invalid_slots
+
+run-invalid_slots:
+ $(call run-test, $<, $(QEMU) $< 2> $<.stderr, $<); \
+ if [ $$? -ne 1 ] ; then \
+ return 1; \
+ fi
+ $(call quiet-command, \
+ grep -q "exception 0x15" $<.stderr, \
+ "GREP", "exception 0x15");
HEX_TESTS += test_abs
HEX_TESTS += test_bitcnt
new file mode 100644
@@ -0,0 +1,29 @@
+/*
+ * Copyright(c) 2023 Qualcomm Innovation Center, Inc. All Rights Reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+char mem[8] __attribute__((aligned(8)));
+
+int main()
+{
+ asm volatile(
+ "r0 = #mem\n"
+ /* Invalid packet (2 instructions at slot 0): */
+ ".word 0xa1804100\n" /* { memw(r0) = r1; */
+ ".word 0x28032804\n" /* r3 = #0; r4 = #0 } */
+ : : : "r0", "r3", "r4", "memory");
+ return 0;
+}
Each slot in a packet can be assigned to at most one instruction. Although the assembler generally ought to enforce this rule, we better be safe than sorry and also do some check to properly throw an "invalid packet" exception on wrong slot assignments. This should also make it easier to debug possible future errors caused by missing updates to `find_iclass_slots()` rules in target/hexagon/iclass.c. Signed-off-by: Matheus Tavares Bernardino <quic_mathbern@quicinc.com> --- target/hexagon/decode.c | 30 +++++++++++++++++++++++++++--- tests/tcg/hexagon/Makefile.target | 10 ++++++++++ tests/tcg/hexagon/invalid_slots.c | 29 +++++++++++++++++++++++++++++ 3 files changed, 66 insertions(+), 3 deletions(-) create mode 100644 tests/tcg/hexagon/invalid_slots.c