summary refs log tree commit diff stats
path: root/results/classifier/118/none/1922887
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/118/none/1922887')
-rw-r--r--results/classifier/118/none/192288777
1 files changed, 77 insertions, 0 deletions
diff --git a/results/classifier/118/none/1922887 b/results/classifier/118/none/1922887
new file mode 100644
index 00000000..0c8228a2
--- /dev/null
+++ b/results/classifier/118/none/1922887
@@ -0,0 +1,77 @@
+architecture: 0.669
+device: 0.665
+graphic: 0.601
+performance: 0.559
+ppc: 0.531
+mistranslation: 0.484
+peripherals: 0.482
+semantic: 0.474
+kernel: 0.455
+hypervisor: 0.431
+permissions: 0.413
+arm: 0.398
+network: 0.395
+user-level: 0.395
+files: 0.392
+socket: 0.385
+vnc: 0.381
+boot: 0.374
+x86: 0.338
+register: 0.315
+assembly: 0.309
+PID: 0.302
+KVM: 0.265
+TCG: 0.260
+virtual: 0.257
+VMM: 0.247
+risc-v: 0.246
+debug: 0.242
+i386: 0.215
+
+STR in Thumb 32 decode problem
+
+Hi 
+
+It seems that QEMU does not have a proper check on the STR instruction in Thumb32 mode.
+
+Specifically, the machine code is 0xf84f0ddd, which is 0b1111 1000 0100 1111 0000 1101 1101 1101. 
+This is an STR (immediate, Thumb) instruction with a T4 encoding scheme.
+
+The symbols is 
+
+Rn = 1111
+Rt = 0000
+P = 1
+U = 0
+W = 1
+
+The decode ASL is below:
+
+if P == ‘1’ && U == ‘1’ && W == ‘0’ then SEE STRT;
+if Rn == ‘1101’ && P == ‘1’ && U == ‘0’ && W == ‘1’ && imm8 == ‘00000100’ then SEE PUSH;
+if Rn == ‘1111’ || (P == ‘0’ && W == ‘0’) then UNDEFINED;
+t = UInt(Rt); n = UInt(Rn); imm32 = ZeroExtend(imm8, 32);
+index = (P == ‘1’); add = (U == ‘1’); wback = (W == ‘1’);
+if t == 15 || (wback && n == t) then UNPREDICTABLE;
+
+When Rn == 1111, it should be an undefined instruction, which should raise SEGILL signal. However, it seems that QEMU does not check this constraint, which should be a bug. Many thanks
+
+Regards
+Muhui
+
+NB that for Arm mode the equivalent case is UNPREDICTABLE only in the writeback case (and has defined behaviour for non-writeback), so we need to enforce the UNDEF on rn==15 for Thumb decode only.
+
+
+Patch sent to list: if you could test it against whatever your test case was that would be helpful.
+https://<email address hidden>/
+
+PS: out of interest, why/how were you checking should-UNDEF cases ?
+
+
+We just test the patched version. It looks well. Now QEMU would raise SEGILL signals, which should be the right behavior.
+
+We are not checking should-UNDEF cases in particular. This is a case we observed and checked manually when doing a research project with QEMU. 
+
+Patch has been merged:
+https://gitlab.com/qemu-project/qemu/-/commit/8196fe9d83d6519128b5
+