-
Matheus Tavares Bernardino authoredThe Hexagon PRM says that "The assembler automatically encodes instructions in the packet in the proper order. In the binary encoding of a packet, the instructions must be ordered from Slot 3 down to Slot 0." Prior to the architecture version v73, the slot constraints from instruction "hintjr" only allowed it to be executed at slot 2. With that in mind, consider the packet: { hintjr(r0) nop nop if (!p0) memd(r1+#0) = r1:0 } To satisfy the ordering rule quoted from the PRM, the assembler would, thus, move one of the nops to the first position, so that it can be assigned to slot 3 and the subsequent hintjr to slot 2. However, since v73, hintjr can be executed at either slot 2 or 3. So there is no need to reorder that packet and the assembler will encode it as is. When QEMU tries to execute it, however, we end up hitting a "misaliged store" exception because both the store and the hintjr will be assigned to store 0, and some functions like `slot_is_predicated()` expect the decode machinery to assign only one instruction per slot. In particular, the mentioned function will traverse the packet until it finds the first instruction at the desired slot which, for slot 0, will be hintjr. Since hintjr is not predicated, the result is that we try to execute the store regardless of the predicate. And because the predicate is false, we had not previously loaded hex_store_addr[0] or hex_store_width[0]. As a result, the store will decide de width based on trash memory, causing it to be misaligned. Update the slot constraints for hintjr so that QEMU can properly handle such encodings. Note: to avoid similar-but-not-identical issues in the future, we should look for multiple instructions at the same slot during decoding time and throw an invalid packet exception. That will be done in the subsequent commit. Signed-off-by:
Matheus Tavares Bernardino <quic_mathbern@quicinc.com>
Reviewed-by: Taylor Simpson <tsimpson@quicinc.com>
Signed-off-by: Taylor Simpson <tsimpson@quicinc.com>
Message-Id: <0fcd8293642c6324119fbbab44741164bcbd04fb.1673616964.git.quic_mathbern@quicinc.com>Matheus Tavares Bernardino authoredThe Hexagon PRM says that "The assembler automatically encodes instructions in the packet in the proper order. In the binary encoding of a packet, the instructions must be ordered from Slot 3 down to Slot 0." Prior to the architecture version v73, the slot constraints from instruction "hintjr" only allowed it to be executed at slot 2. With that in mind, consider the packet: { hintjr(r0) nop nop if (!p0) memd(r1+#0) = r1:0 } To satisfy the ordering rule quoted from the PRM, the assembler would, thus, move one of the nops to the first position, so that it can be assigned to slot 3 and the subsequent hintjr to slot 2. However, since v73, hintjr can be executed at either slot 2 or 3. So there is no need to reorder that packet and the assembler will encode it as is. When QEMU tries to execute it, however, we end up hitting a "misaliged store" exception because both the store and the hintjr will be assigned to store 0, and some functions like `slot_is_predicated()` expect the decode machinery to assign only one instruction per slot. In particular, the mentioned function will traverse the packet until it finds the first instruction at the desired slot which, for slot 0, will be hintjr. Since hintjr is not predicated, the result is that we try to execute the store regardless of the predicate. And because the predicate is false, we had not previously loaded hex_store_addr[0] or hex_store_width[0]. As a result, the store will decide de width based on trash memory, causing it to be misaligned. Update the slot constraints for hintjr so that QEMU can properly handle such encodings. Note: to avoid similar-but-not-identical issues in the future, we should look for multiple instructions at the same slot during decoding time and throw an invalid packet exception. That will be done in the subsequent commit. Signed-off-by:Matheus Tavares Bernardino <quic_mathbern@quicinc.com>
Reviewed-by: Taylor Simpson <tsimpson@quicinc.com>
Signed-off-by: Taylor Simpson <tsimpson@quicinc.com>
Message-Id: <0fcd8293642c6324119fbbab44741164bcbd04fb.1673616964.git.quic_mathbern@quicinc.com>
Loading