tcg: Sanity check goto_tb input

Checking that we don't try for idx != [01] is trivial.  Checking
that we don't issue more than one of any index requires a tad
more data and some ifdefs protecting that new variable.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Cc: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

3 files changed, 14 insertions, 2 deletions

diff --git a/tcg/tcg-op.h b/tcg/tcg-op.h
index ecb1ac3e2e..9bfed48830 100644
--- a/tcg/tcg-op.h
+++ b/tcg/tcg-op.h
@@ -2275,8 +2275,15 @@ static inline void tcg_gen_exit_tb(tcg_target_long val)
     tcg_gen_op1i(INDEX_op_exit_tb, val);
 }
 
-static inline void tcg_gen_goto_tb(int idx)
-{
+static inline void tcg_gen_goto_tb(unsigned idx)
+{
+    /* We only support two chained exits.  */
+    tcg_debug_assert(idx <= 1);
+#ifdef CONFIG_DEBUG_TCG
+    /* Verify that we havn't seen this numbered exit before.  */
+    tcg_debug_assert((tcg_ctx.goto_tb_issue_mask & (1 << idx)) == 0);
+    tcg_ctx.goto_tb_issue_mask |= 1 << idx;
+#endif
     tcg_gen_op1i(INDEX_op_goto_tb, idx);
 }
 
diff --git a/tcg/tcg.c b/tcg/tcg.c
index b3c265013d..c069e44a0e 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -298,6 +298,10 @@ void tcg_func_start(TCGContext *s)
     s->nb_labels = 0;
     s->current_frame_offset = s->frame_start;
 
+#ifdef CONFIG_DEBUG_TCG
+    s->goto_tb_issue_mask = 0;
+#endif
+
     gen_opc_ptr = gen_opc_buf;
     gen_opparam_ptr = gen_opparam_buf;
 }
diff --git a/tcg/tcg.h b/tcg/tcg.h
index 4501c1520f..af7464a650 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -390,6 +390,7 @@ struct TCGContext {
 
 #ifdef CONFIG_DEBUG_TCG
     int temps_in_use;
+    int goto_tb_issue_mask;
 #endif
 };