Fix incorrect x86 instruction encoding

vacantron · vacantron · commit fa90a72fd37e · 2025-02-05T23:33:58.000+08:00
The 32-bit immediate value that relates to PC should be interpreted as
the unsigned number and be zero-extended to the length of the width of
host register. Others which relate to the memory address or negative
immediate value should be sign-extended to "__SIZEOF_POINTER__".

To keep consistence, the load/store instruction to/from the x0 register
should be explicitly set to zero value.
diff --git a/src/jit.c b/src/jit.c
@@ -773,7 +773,7 @@ static inline void emit_alu64_imm32(struct jit_state *state,
 static inline void emit_cmp_imm32(struct jit_state *state, int dst, int32_t imm)
 {
 #if defined(__x86_64__)
-    emit_alu64_imm32(state, 0x81, 7, dst, imm);
+    emit_alu32_imm32(state, 0x81, 7, dst, imm);
 #elif defined(__aarch64__)
     emit_load_imm(state, R10, imm);
     emit_addsub_register(state, false, AS_SUBS, RZ, dst, R10);
@@ -823,6 +823,10 @@ static inline void emit_jcc_offset(struct jit_state *state, int code)
 #endif
 }
 
+static inline void emit_load_imm(struct jit_state *state,
+                                 int dst,
+                                 uint32_t imm);
+
 /* Load [src + offset] into dst.
  *
  * If the offset is non-zero, it restores the vm register to the host register
@@ -835,6 +839,18 @@ static inline void emit_load(struct jit_state *state,
                              int dst,
                              int32_t offset)
 {
+    for (int i = 0; i < n_host_regs; i++) {
+        if (register_map[i].reg_idx != dst)
+            continue;
+        if (register_map[i].vm_reg_idx != 0)
+            continue;
+
+        /* if dst is x0, load 0x0 into host register */
+        emit_load_imm(state, dst, 0x0);
+        set_dirty(dst, true);
+        return;
+    }
+
 #if defined(__x86_64__)
     if (src & 8 || dst & 8)
         emit_basic_rex(state, 0, dst, src);
@@ -875,6 +891,18 @@ static inline void emit_load_sext(struct jit_state *state,
                                   int dst,
                                   int32_t offset)
 {
+    for (int i = 0; i < n_host_regs; i++) {
+        if (register_map[i].reg_idx != dst)
+            continue;
+        if (register_map[i].vm_reg_idx != 0)
+            continue;
+
+        /* if dst is x0, load 0x0 into host register */
+        emit_load_imm(state, dst, 0x0);
+        set_dirty(dst, true);
+        return;
+    }
+
 #if defined(__x86_64__)
     if (size == S8 || size == S16) {
         if (src & 8 || dst & 8)
@@ -908,8 +936,28 @@ static inline void emit_load_sext(struct jit_state *state,
     set_dirty(dst, !offset);
 }
 
+/* Load 32-bit immediate into register (zero-extend) */
+static inline void emit_load_imm(struct jit_state *state, int dst, uint32_t imm)
+{
+#if defined(__x86_64__)
+    if (dst & 8)
+        emit_basic_rex(state, 0, 0, dst);
+    emit1(state, 0xb8 | (dst & 7));
+    emit4(state, imm);
+
+    set_dirty(dst, true);
+#elif defined(__aarch64__)
+    if ((int32_t) imm == imm)
+        emit_movewide_imm(state, false, dst, imm);
+    else
+        emit_movewide_imm(state, true, dst, imm);
+#endif
+}
+
 /* Load sign-extended immediate into register */
-static inline void emit_load_imm(struct jit_state *state, int dst, int64_t imm)
+static inline void emit_load_imm_sext(struct jit_state *state,
+                                      int dst,
+                                      int64_t imm)
 {
 #if defined(__x86_64__)
     if ((int32_t) imm == imm)
@@ -942,6 +990,38 @@ static inline void emit_store(struct jit_state *state,
                               int dst,
                               int32_t offset)
 {
+    for (int i = 0; i < n_host_regs; i++) {
+        if (register_map[i].reg_idx != src)
+            continue;
+        if (register_map[i].vm_reg_idx != 0)
+            continue;
+
+        /* if src is x0, write 0x0 into destination */
+        if (size == S16)
+            emit1(state, 0x66); /* 16-bit override */
+        if (dst & 8)
+            emit_rex(state, 0, 0, 0, !!(dst & 8));
+        emit1(state, size == S8 ? 0xc6 : 0xc7);
+        emit1(state, 0x80 | (dst & 0x7));
+        emit4(state, offset);
+        switch (size) {
+        case S8:
+            emit1(state, 0x0);
+            break;
+        case S16:
+            emit1(state, 0x0);
+            emit1(state, 0x0);
+            break;
+        case S32:
+            emit4(state, 0x0);
+            break;
+        default:
+            assert(NULL);
+            __UNREACHABLE;
+        }
+        set_dirty(src, false);
+        return;
+    }
 #if defined(__x86_64__)
     if (size == S16)
         emit1(state, 0x66); /* 16-bit override */
@@ -990,7 +1070,7 @@ static inline void unmap_vm_reg(int);
 static inline void emit_call(struct jit_state *state, intptr_t target)
 {
 #if defined(__x86_64__)
-    emit_load_imm(state, RAX, target);
+    emit_load_imm_sext(state, RAX, target);
     /* callq *%rax */
     emit1(state, 0xff);
     /* ModR/M byte: b11010000b = xd0, rax is register 0 */
@@ -1129,7 +1209,7 @@ static void muldivmod(struct jit_state *state,
 
     if (div || mod) {
         if (sign) {
-            emit_load_imm(state, RDX, -1);
+            emit_load_imm_sext(state, RDX, -1);
             /* compare divisor with -1 for overflow checking */
             emit_cmp32(state, RDX, RCX);
             /* Save the result of the comparision */
@@ -1165,7 +1245,7 @@ static void muldivmod(struct jit_state *state,
 
         if (div) {
             /* Set the dividend to zero if the divisor was zero. */
-            emit_load_imm(state, RCX, -1);
+            emit_load_imm_sext(state, RCX, -1);
 
             /* Store 0 in RAX if the divisor was zero. */
             /* Use conditional move to avoid a branch. */
@@ -1795,7 +1875,8 @@ static void do_fuse3(struct jit_state *state, riscv_t *rv, rv_insn_t *ir)
     opcode_fuse_t *fuse = ir->fuse;
     for (int i = 0; i < ir->imm2; i++) {
         vm_reg[0] = ra_load(state, fuse[i].rs1);
-        emit_load_imm(state, temp_reg, (intptr_t) (m->mem_base + fuse[i].imm));
+        emit_load_imm_sext(state, temp_reg,
+                           (intptr_t) (m->mem_base + fuse[i].imm));
         emit_alu64(state, 0x01, vm_reg[0], temp_reg);
         vm_reg[1] = ra_load(state, fuse[i].rs2);
         emit_store(state, S32, vm_reg[1], temp_reg, 0);
@@ -1808,7 +1889,8 @@ static void do_fuse4(struct jit_state *state, riscv_t *rv, rv_insn_t *ir)
     opcode_fuse_t *fuse = ir->fuse;
     for (int i = 0; i < ir->imm2; i++) {
         vm_reg[0] = ra_load(state, fuse[i].rs1);
-        emit_load_imm(state, temp_reg, (intptr_t) (m->mem_base + fuse[i].imm));
+        emit_load_imm_sext(state, temp_reg,
+                           (intptr_t) (m->mem_base + fuse[i].imm));
         emit_alu64(state, 0x01, vm_reg[0], temp_reg);
         vm_reg[1] = map_vm_reg(state, fuse[i].rd);
         emit_load(state, S32, temp_reg, vm_reg[1], 0);
diff --git a/src/rv32_template.c b/src/rv32_template.c
@@ -68,7 +68,8 @@
  * |                 src, dst, imm; | store the result into dst.             |
  * | alu[32|64], op, src, dst;      | Do ALU operation on src and dst and    |
  * |                                | store the result into dst.             |
- * | ldimm, dst, imm;               | Load immediate into dst.               |
+ * | ldimm, dst, imm32;             | Load immediate into dst. (zero-extend) |
+ * | ldimms, dst, imm;              | Load immediate into dst.               |
  * | lds, size, src, dst,           | Load data of a specified size from     |
  * |          offset;               | memory and sign-extend it into the dst,|
  * |                                | using the memory address calculated as |
@@ -601,7 +602,7 @@ RVOP(
     GEN({
         mem;
         rald, VR0, rs1;
-        ldimm, TMP, mem;
+        ldimms, TMP, mem;
         alu64, 0x01, VR0, TMP;
         map, VR1, rd;
         lds, S8, TMP, VR1, 0;
@@ -618,7 +619,7 @@ RVOP(
     GEN({
         mem;
         rald, VR0, rs1;
-        ldimm, TMP, mem;
+        ldimms, TMP, mem;
         alu64, 0x01, VR0, TMP;
         map, VR1, rd;
         lds, S16, TMP, VR1, 0;
@@ -635,7 +636,7 @@ RVOP(
     GEN({
         mem;
         rald, VR0, rs1;
-        ldimm, TMP, mem;
+        ldimms, TMP, mem;
         alu64, 0x01, VR0, TMP;
         map, VR1, rd;
         ld, S32, TMP, VR1, 0;
@@ -651,7 +652,7 @@ RVOP(
     GEN({
         mem;
         rald, VR0, rs1;
-        ldimm, TMP, mem;
+        ldimms, TMP, mem;
         alu64, 0x01, VR0, TMP;
         map, VR1, rd;
         ld, S8, TMP, VR1, 0;
@@ -668,7 +669,7 @@ RVOP(
     GEN({
         mem;
         rald, VR0, rs1;
-        ldimm, TMP, mem;
+        ldimms, TMP, mem;
         alu64, 0x01, VR0, TMP;
         map, VR1, rd;
         ld, S16, TMP, VR1, 0;
@@ -690,7 +691,7 @@ RVOP(
     GEN({
         mem;
         rald, VR0, rs1;
-        ldimm, TMP, mem;
+        ldimms, TMP, mem;
         alu64, 0x01, VR0, TMP;
         rald, VR1, rs2;
         st, S8, VR1, TMP, 0;
@@ -707,7 +708,7 @@ RVOP(
     GEN({
         mem;
         rald, VR0, rs1;
-        ldimm, TMP, mem;
+        ldimms, TMP, mem;
         alu64, 0x01, VR0, TMP;
         rald, VR1, rs2;
         st, S16, VR1, TMP, 0;
@@ -724,7 +725,7 @@ RVOP(
     GEN({
         mem;
         rald, VR0, rs1;
-        ldimm, TMP, mem;
+        ldimms, TMP, mem;
         alu64, 0x01, VR0, TMP;
         rald, VR1, rs2;
         st, S32, VR1, TMP, 0;
@@ -2034,7 +2035,7 @@ RVOP(
     GEN({
         mem;
         rald, VR0, rs1;
-        ldimm, TMP, mem;
+        ldimms, TMP, mem;
         alu64, 0x01, VR0, TMP;
         map, VR1, rd;
         ld, S32, TMP, VR1, 0;
@@ -2055,7 +2056,7 @@ RVOP(
     GEN({
         mem;
         rald, VR0, rs1;
-        ldimm, TMP, mem;
+        ldimms, TMP, mem;
         alu64, 0x01, VR0, TMP;
         rald, VR1, rs2;
         st, S32, VR1, TMP, 0;
@@ -2443,7 +2444,7 @@ RVOP(
     GEN({
         mem;
         rald, VR0, rv_reg_sp;
-        ldimm, TMP, mem;
+        ldimms, TMP, mem;
         alu64, 0x01, VR0, TMP;
         map, VR1, rd;
         ld, S32, TMP, VR1, 0;
@@ -2552,7 +2553,7 @@ RVOP(
     GEN({
         mem;
         rald, VR0, rv_reg_sp;
-        ldimm, TMP, mem;
+        ldimms, TMP, mem;
         alu64, 0x01, VR0, TMP;
         rald, VR1, rs2;
         st, S32, VR1, TMP, 0;
diff --git a/tools/gen-jit-template.py b/tools/gen-jit-template.py
@@ -218,14 +218,21 @@ def parse_argv(EXT_LIST, SKIP_LIST):
                 asm = "emit_alu32(state, {}, {}, {});".format(
                     items[1], items[2], items[3])
             elif items[0] == "ldimm":
+                if len(items) == 4:
+                    asm = "emit_load_imm(state, {}, {} + {});".format(
+                        items[1], items[2], items[3])
+                else:
+                    asm = "emit_load_imm(state, {}, {});".format(
+                        items[1], items[2])
+            elif items[0] == "ldimms":
                 if items[2] == "mem":
-                    asm = "emit_load_imm(state, {}, (intptr_t) (m->mem_base + ir->imm));".format(
+                    asm = "emit_load_imm_sext(state, {}, (intptr_t) (m->mem_base + ir->imm));".format(
                         items[1])
                 elif len(items) == 4:
-                    asm = "emit_load_imm(state, {}, {} + {});".format(
+                    asm = "emit_load_imm_sext(state, {}, {} + {});".format(
                         items[1], items[2], items[3])
                 else:
-                    asm = "emit_load_imm(state, {}, {});".format(
+                    asm = "emit_load_imm_sext(state, {}, {});".format(
                         items[1], items[2])
             elif items[0] == "lds":
                 if (items[3] == "X"):
