Re: [PATCH v2 2/4] target/hexagon: Reject duplex encodings with duplicate dest registers

Sat, 07 Feb 2026 14:05:10 -0800 

On Sat, Feb 7, 2026 at 3:58 PM Taylor Simpson <[email protected]> wrote:
>
>
>
> On Sat, Feb 7, 2026 at 11:06 AM Brian Cain <[email protected]> 
> wrote:
>>
>> A duplex encoding like 0x00000000 decodes as two loads that both write r0.
>>
>> Add a check in decode_insns() after both sub-instructions decode
>> successfully to verify they don't write the same destination register.
>>
>> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2696
>> Signed-off-by: Brian Cain <[email protected]>
>> Reviewed-by: Pierrick Bouvier <[email protected]>
>> ---
>>  target/hexagon/decode.c              | 12 ++++++++++++
>>  tests/tcg/hexagon/invalid-encoding.c | 29 ++++++++++++++++++++++++++++
>>  2 files changed, 41 insertions(+)
>>
>> diff --git a/target/hexagon/decode.c b/target/hexagon/decode.c
>> index 69ba1ec96c..90499fc320 100644
>> --- a/target/hexagon/decode.c
>> +++ b/target/hexagon/decode.c
>> @@ -501,12 +501,24 @@ decode_insns(DisasContext *ctx, Insn *insn, uint32_t 
>> encoding)
>>
>>          /* The slot1 subinsn needs to be in the packet first */
>>          if (decode_slot1_subinsn(ctx, slot1_subinsn)) {
>> +            Insn *slot1_insn = insn;
>>              insn->generate = opcode_genptr[insn->opcode];
>>              insn->iclass = iclass_bits(encoding);
>>              ctx->insn = ++insn;
>>              if (decode_slot0_subinsn(ctx, slot0_subinsn)) {
>>                  insn->generate = opcode_genptr[insn->opcode];
>>                  insn->iclass = iclass_bits(encoding);
>> +                /*
>> +                 * Check that the two sub-instructions don't write the same
>> +                 * destination register (e.g., encoding 0x0 decodes as two
>> +                 * loads both writing R0, which is an invalid packet).
>> +                 */
>> +                if (insn->dest_idx >= 0 && slot1_insn->dest_idx >= 0 &&
>> +                    insn->regno[insn->dest_idx] ==
>> +                        slot1_insn->regno[slot1_insn->dest_idx]) {
>> +                    ctx->insn = --insn;
>> +                    return 0;
>> +                }
>>
> Isn't this a more general problem than what is checked here?  What if two 
> non-duplex instructions write the same register?  What if an instruction 
> writes more than one register (e.g., post-increment load)?

It is, yeah.  I mentioned in the cover letter that I planned to land that later.

But ok -- I can move it here into this series.

> Let the decoding go ahead and finish, then add a check for duplicate writes 
> for the whole packet.  Look at ctx_log_reg_write - called during 
> analyze_packet.
>
> Thanks,
> Taylor
>

Reply via email to