2015-02-20 15:55+0100, Paolo Bonzini:
>
>
> On 20/02/2015 15:52, Michael Walle wrote:
> >>>
> >>> - i = 0;
> >>> - while (pfpu_decode_insn(s)) {
> >>> - /* decode at most MICROCODE_WORDS instructions */
> >>> - if (i++ >= MICROCODE_WORDS) {
> >>
> >> Isn't the fix just to say "++i" instead of "i++"?
> >
> > In the first run, s->regs[R_PC] may have any value, therefore the "insn
> > = s->microcode[pc]" from above may access out of bounds.
>
> Then should pfpu_decode_insn access s->microcode[pc & (MICROCODE_WORDS -
> 1)]? That's likely what happens in hardware, and the purpose of the
> error is just to avoid an infinite loop in device code.
http://www.milkymist.org/socdoc/pfpu.pdf is dead, but the source isn't:
https://github.com/m-labs/milkymist/blob/master/cores/pfpu/doc/pfpu.tex
I don't see the PC register mentioned in interface, so hiding it would
probably be a good start.
