[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 063/115] target/i386: fix fbstp handling of out-of-range values
From: |
Paolo Bonzini |
Subject: |
[PULL 063/115] target/i386: fix fbstp handling of out-of-range values |
Date: |
Thu, 11 Jun 2020 15:43:57 -0400 |
From: Joseph Myers <joseph@codesourcery.com>
The fbstp implementation fails to check for out-of-range and invalid
values, instead just taking the result of conversion to int64_t and
storing its sign and low 18 decimal digits. Fix this by checking for
an out-of-range result (invalid conversions always result in INT64_MAX
or INT64_MIN from the softfloat code, which are large enough to be
considered as out-of-range by this code) and storing the packed BCD
indefinite encoding in that case.
Signed-off-by: Joseph Myers <joseph@codesourcery.com>
Message-Id: <alpine.DEB.2.21.2005132351110.11687@digraph.polyomino.org.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/fpu_helper.c | 10 +++
tests/tcg/i386/test-i386-fbstp.c | 115 +++++++++++++++++++++++++++++++
2 files changed, 125 insertions(+)
diff --git a/target/i386/fpu_helper.c b/target/i386/fpu_helper.c
index f0a57099ca..41f6f391ca 100644
--- a/target/i386/fpu_helper.c
+++ b/target/i386/fpu_helper.c
@@ -732,6 +732,16 @@ void helper_fbst_ST0(CPUX86State *env, target_ulong ptr)
val = floatx80_to_int64(ST0, &env->fp_status);
mem_ref = ptr;
+ if (val >= 1000000000000000000LL || val <= -1000000000000000000LL) {
+ float_raise(float_flag_invalid, &env->fp_status);
+ while (mem_ref < ptr + 7) {
+ cpu_stb_data_ra(env, mem_ref++, 0, GETPC());
+ }
+ cpu_stb_data_ra(env, mem_ref++, 0xc0, GETPC());
+ cpu_stb_data_ra(env, mem_ref++, 0xff, GETPC());
+ cpu_stb_data_ra(env, mem_ref++, 0xff, GETPC());
+ return;
+ }
mem_end = mem_ref + 9;
if (SIGND(temp)) {
cpu_stb_data_ra(env, mem_end, 0x80, GETPC());
diff --git a/tests/tcg/i386/test-i386-fbstp.c b/tests/tcg/i386/test-i386-fbstp.c
index d368949188..73bf56b9dc 100644
--- a/tests/tcg/i386/test-i386-fbstp.c
+++ b/tests/tcg/i386/test-i386-fbstp.c
@@ -1,8 +1,19 @@
/* Test fbstp instruction. */
+#include <stdint.h>
#include <stdio.h>
#include <string.h>
+union u {
+ struct { uint64_t sig; uint16_t sign_exp; } s;
+ long double ld;
+};
+
+volatile union u ld_invalid_1 = { .s = { 1, 1234 } };
+volatile union u ld_invalid_2 = { .s = { 0, 1234 } };
+volatile union u ld_invalid_3 = { .s = { 0, 0x7fff } };
+volatile union u ld_invalid_4 = { .s = { (UINT64_C(1) << 63) - 1, 0x7fff } };
+
int main(void)
{
int ret = 0;
@@ -21,5 +32,109 @@ int main(void)
printf("FAIL: fbstp -0.1\n");
ret = 1;
}
+ memset(out, 0x1f, sizeof out);
+ __asm__ volatile ("fbstp %0" : "=m" (out) : "t" (-987654321987654321.0L) :
+ "st");
+ out[9] &= 0x80;
+ if (memcmp(out, "\x21\x43\x65\x87\x19\x32\x54\x76\x98\x80",
+ sizeof out) != 0) {
+ printf("FAIL: fbstp -987654321987654321\n");
+ ret = 1;
+ }
+ memset(out, 0x12, sizeof out);
+ __asm__ volatile ("fbstp %0" : "=m" (out) : "t" (999999999999999999.5L) :
+ "st");
+ if (memcmp(out, "\0\0\0\0\0\0\0\xc0\xff\xff", sizeof out) != 0) {
+ printf("FAIL: fbstp 999999999999999999.5\n");
+ ret = 1;
+ }
+ memset(out, 0x12, sizeof out);
+ __asm__ volatile ("fbstp %0" : "=m" (out) : "t" (1000000000000000000.0L) :
+ "st");
+ if (memcmp(out, "\0\0\0\0\0\0\0\xc0\xff\xff", sizeof out) != 0) {
+ printf("FAIL: fbstp 1000000000000000000\n");
+ ret = 1;
+ }
+ memset(out, 0x12, sizeof out);
+ __asm__ volatile ("fbstp %0" : "=m" (out) : "t" (1e30L) : "st");
+ if (memcmp(out, "\0\0\0\0\0\0\0\xc0\xff\xff", sizeof out) != 0) {
+ printf("FAIL: fbstp 1e30\n");
+ ret = 1;
+ }
+ memset(out, 0x12, sizeof out);
+ __asm__ volatile ("fbstp %0" : "=m" (out) : "t" (-999999999999999999.5L) :
+ "st");
+ if (memcmp(out, "\0\0\0\0\0\0\0\xc0\xff\xff", sizeof out) != 0) {
+ printf("FAIL: fbstp -999999999999999999.5\n");
+ ret = 1;
+ }
+ memset(out, 0x12, sizeof out);
+ __asm__ volatile ("fbstp %0" : "=m" (out) : "t" (-1000000000000000000.0L) :
+ "st");
+ if (memcmp(out, "\0\0\0\0\0\0\0\xc0\xff\xff", sizeof out) != 0) {
+ printf("FAIL: fbstp -1000000000000000000\n");
+ ret = 1;
+ }
+ memset(out, 0x12, sizeof out);
+ __asm__ volatile ("fbstp %0" : "=m" (out) : "t" (-1e30L) : "st");
+ if (memcmp(out, "\0\0\0\0\0\0\0\xc0\xff\xff", sizeof out) != 0) {
+ printf("FAIL: fbstp -1e30\n");
+ ret = 1;
+ }
+ memset(out, 0x12, sizeof out);
+ __asm__ volatile ("fbstp %0" : "=m" (out) : "t" (__builtin_infl()) : "st");
+ if (memcmp(out, "\0\0\0\0\0\0\0\xc0\xff\xff", sizeof out) != 0) {
+ printf("FAIL: fbstp inf\n");
+ ret = 1;
+ }
+ memset(out, 0x12, sizeof out);
+ __asm__ volatile ("fbstp %0" : "=m" (out) : "t" (-__builtin_infl()) :
+ "st");
+ if (memcmp(out, "\0\0\0\0\0\0\0\xc0\xff\xff", sizeof out) != 0) {
+ printf("FAIL: fbstp -inf\n");
+ ret = 1;
+ }
+ memset(out, 0x12, sizeof out);
+ __asm__ volatile ("fbstp %0" : "=m" (out) : "t" (__builtin_nanl("")) :
+ "st");
+ if (memcmp(out, "\0\0\0\0\0\0\0\xc0\xff\xff", sizeof out) != 0) {
+ printf("FAIL: fbstp nan\n");
+ ret = 1;
+ }
+ memset(out, 0x12, sizeof out);
+ __asm__ volatile ("fbstp %0" : "=m" (out) : "t" (-__builtin_nanl("")) :
+ "st");
+ if (memcmp(out, "\0\0\0\0\0\0\0\xc0\xff\xff", sizeof out) != 0) {
+ printf("FAIL: fbstp -nan\n");
+ ret = 1;
+ }
+ memset(out, 0x12, sizeof out);
+ __asm__ volatile ("fbstp %0" : "=m" (out) : "t" (ld_invalid_1.ld) :
+ "st");
+ if (memcmp(out, "\0\0\0\0\0\0\0\xc0\xff\xff", sizeof out) != 0) {
+ printf("FAIL: fbstp invalid 1\n");
+ ret = 1;
+ }
+ memset(out, 0x12, sizeof out);
+ __asm__ volatile ("fbstp %0" : "=m" (out) : "t" (ld_invalid_2.ld) :
+ "st");
+ if (memcmp(out, "\0\0\0\0\0\0\0\xc0\xff\xff", sizeof out) != 0) {
+ printf("FAIL: fbstp invalid 2\n");
+ ret = 1;
+ }
+ memset(out, 0x12, sizeof out);
+ __asm__ volatile ("fbstp %0" : "=m" (out) : "t" (ld_invalid_3.ld) :
+ "st");
+ if (memcmp(out, "\0\0\0\0\0\0\0\xc0\xff\xff", sizeof out) != 0) {
+ printf("FAIL: fbstp invalid 3\n");
+ ret = 1;
+ }
+ memset(out, 0x12, sizeof out);
+ __asm__ volatile ("fbstp %0" : "=m" (out) : "t" (ld_invalid_4.ld) :
+ "st");
+ if (memcmp(out, "\0\0\0\0\0\0\0\xc0\xff\xff", sizeof out) != 0) {
+ printf("FAIL: fbstp invalid 4\n");
+ ret = 1;
+ }
return ret;
}
--
2.26.2
- [PULL 042/115] qom/object: simplify type_initialize_interface(), (continued)
- [PULL 042/115] qom/object: simplify type_initialize_interface(), Paolo Bonzini, 2020/06/11
- [PULL 046/115] hax: Dynamic allocate vcpu state structure, Paolo Bonzini, 2020/06/11
- [PULL 053/115] target/i386: fix fscale handling of invalid exponent encodings, Paolo Bonzini, 2020/06/11
- [PULL 052/115] target/i386: fix fscale handling of signaling NaN, Paolo Bonzini, 2020/06/11
- [PULL 043/115] qom/object: pass (Object *) to object_initialize_with_type(), Paolo Bonzini, 2020/06/11
- [PULL 034/115] hw/i386/vmport: Add support for CMD_GET_VCPU_INFO, Paolo Bonzini, 2020/06/11
- [PULL 049/115] megasas: avoid NULL pointer dereference, Paolo Bonzini, 2020/06/11
- [PULL 061/115] target/i386: fix fxam handling of invalid encodings, Paolo Bonzini, 2020/06/11
- [PULL 062/115] target/i386: fix fbstp handling of negative zero, Paolo Bonzini, 2020/06/11
- [PULL 065/115] hw/i386/vmport: Allow QTest use without crashing, Paolo Bonzini, 2020/06/11
- [PULL 063/115] target/i386: fix fbstp handling of out-of-range values,
Paolo Bonzini <=
- [PULL 054/115] target/i386: fix fscale handling of infinite exponents, Paolo Bonzini, 2020/06/11
- [PULL 044/115] qom/container: remove .instance_size initializer from container_info, Paolo Bonzini, 2020/06/11
- [PULL 037/115] hw/i386/vmport: Add support for CMD_GETHZ, Paolo Bonzini, 2020/06/11
- [PULL 045/115] cpus: Fix botched configure_icount() error API violation fix, Paolo Bonzini, 2020/06/11
- [PULL 041/115] qom/object: factor out the initialization of hash table of properties, Paolo Bonzini, 2020/06/11
- [PULL 055/115] target/i386: fix fscale handling of rounding precision, Paolo Bonzini, 2020/06/11
- [PULL 059/115] hw/elf_ops: Do not ignore write failures when loading ELF, Paolo Bonzini, 2020/06/11
- [PULL 025/115] hw/i386/vmport: Add reference to VMware open-vm-tools, Paolo Bonzini, 2020/06/11
- [PULL 017/115] hyperv: expose API to determine if synic is enabled, Paolo Bonzini, 2020/06/11
- [PULL 014/115] qom/object: Move Object typedef to 'qemu/typedefs.h', Paolo Bonzini, 2020/06/11