ppc stxsibx and stxsihx instructions write too much data

stxsibx (Store VSX Scalar as Integer Byte Indexed X-form) is implemented
by first reading a whole word, merging in the new byte, and then writing
out the whole word. Causing memcheck to warn when the destination might
have room for less than 8 bytes.

The stxsihx (Store VSX Scalar as Integer Halfword Indexed X-form)
instruction does something similar reading and then writing a full
word instead of a half word.

The code can be simplified (and made more correct) by storing the byte
(or half-word) directly, IRStmt_Store seems fine to store byte or half
word sized data, and so seems the ppc backend.

https://bugs.kde.org/show_bug.cgi?id=430354

diff --git a/NEWS b/NEWS
index 7217273b2881b9f0376efd7ef9120ed06ce5a1d9..45ee61d5adde260e162c6674e4282cb38436b3f1 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -55,6 +55,9 @@ where XXXXXX is the bug number as listed below.
 369029  handle linux syscalls sched_getattr and sched_setattr
 n-i-bz  helgrind: If hg_cli__realloc fails, return NULL.
 
+384729  __libc_freeres inhibits cross-platform valgrind
+408663  Suppression file for musl libc
+404076  s390x: z14 vector instructions not implemented
 415293  Incorrect call-graph tracking due to new _dl_runtime_resolve_xsave*
 422174  unhandled instruction bytes: 0x48 0xE9 (REX prefixed JMP instruction)
 422623  epoll_ctl warns for uninitialized padding on non-amd64 64bit arches
@@ -69,15 +72,13 @@ n-i-bz  helgrind: If hg_cli__realloc fails, return NULL.
 428648  s390_emit_load_mem panics due to 20-bit offset for vector load
 427400  PPC ISA 3.1 support is missing, part 4
 427401  PPC ISA 3.1 support is missing, part 5
-384729  __libc_freeres inhibits cross-platform valgrind
 427870  lmw, lswi and related PowerPC insns aren't allowed on ppc64le 
 427404  PPC ISA 3.1 support is missing, part 6
 429692  unhandled ppc64le-linux syscall: 147 (getsid)
 428909  helgrind: need to intercept duplicate libc definitions for Fedora 33
 429864  s390x: C++ atomic test_and_set yields false-positive memcheck
         diagnostics
-408663  Suppression file for musl libc 
-404076  s390x: z14 vector instructions not implemented
+430354  ppc stxsibx and stxsihx instructions write too much data
 
 Release 3.16.1 (?? June 2020)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

diff --git a/VEX/priv/guest_ppc_toIR.c b/VEX/priv/guest_ppc_toIR.c
index c9c058a7ab5a0407ffa058d546097234a8ddff89..e7b576fa244a328471880f875908498d80e0637d 100644 (file)
--- a/VEX/priv/guest_ppc_toIR.c
+++ b/VEX/priv/guest_ppc_toIR.c
@@ -25671,49 +25671,29 @@ dis_vx_store ( UInt prefix, UInt theInstr )
 
    case 0x38D: // stxsibx
    {
-      IRExpr *stored_word;
-      IRTemp byte_to_store = newTemp( Ity_I64 );
+      IRTemp byte_to_store = newTemp( Ity_I8 );
 
       DIP("stxsibx %u,r%u,r%u\n", (UInt)XS, rA_addr, rB_addr);
 
-      /* Can't store just a byte, need to fetch the word at EA merge data
-       * and store.
-       */
-      stored_word = load( Ity_I64, mkexpr( EA ) );
-      assign( byte_to_store, binop( Iop_And64,
+      assign( byte_to_store, unop( Iop_64to8,
                                     unop( Iop_V128HIto64,
-                                          mkexpr( vS ) ),
-                                    mkU64( 0xFF ) ) );
+                                          mkexpr( vS ) ) ) );
 
-      store( mkexpr( EA ), binop( Iop_Or64,
-                                  binop( Iop_And64,
-                                         stored_word,
-                                         mkU64( 0xFFFFFFFFFFFFFF00 ) ),
-                                  mkexpr( byte_to_store ) ) );
+      store( mkexpr( EA ), mkexpr( byte_to_store ) );
       break;
    }
 
    case 0x3AD: // stxsihx
    {
-      IRExpr *stored_word;
-      IRTemp byte_to_store = newTemp( Ity_I64 );
+      IRTemp hword_to_store = newTemp( Ity_I16 );
 
       DIP("stxsihx %u,r%u,r%u\n", (UInt)XS, rA_addr, rB_addr);
 
-      /* Can't store just a halfword, need to fetch the word at EA merge data
-       * and store.
-       */
-      stored_word = load( Ity_I64, mkexpr( EA ) );
-      assign( byte_to_store, binop( Iop_And64,
+      assign( hword_to_store, unop( Iop_64to16,
                                     unop( Iop_V128HIto64,
-                                          mkexpr( vS ) ),
-                                    mkU64( 0xFFFF ) ) );
+                                          mkexpr( vS ) ) ) );
 
-      store( mkexpr( EA ), binop( Iop_Or64,
-                                  binop( Iop_And64,
-                                         stored_word,
-                                         mkU64( 0xFFFFFFFFFFFF0000 ) ),
-                                  mkexpr( byte_to_store ) ) );
+      store( mkexpr( EA ), mkexpr( hword_to_store ) );
       break;
    }