J2_jumptnew and J2_jumptnewpt passed the raw predicate value to gen_cond_jump(), checking if the full 8-bit value was non-zero. Refer to PRM Section 6.1.2 "predicate-consuming instructions examine only the least-significant bit".
This inconsistency caused if (p0.new) jumps and if (p0.new) loads within the same packet to disagree when the predicate had values other than the ones generated by predicate-generating instructions (e.g. 0x80 or 0xAA where bit 0 is clear but the value is non-zero): the jump would be taken while the loads were skipped. Fix by routing both macros through fGEN_TCG_cond_jumpt(fLSBNEW(PuN)), matching the pattern used by every other predicated jump. Discovered-by: Alexey Karyakin <[email protected]> Reviewed-by: Taylor Simpson <[email protected]> Signed-off-by: Brian Cain <[email protected]> --- target/hexagon/gen_tcg.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/target/hexagon/gen_tcg.h b/target/hexagon/gen_tcg.h index 7b96dab9185..45ccd518883 100644 --- a/target/hexagon/gen_tcg.h +++ b/target/hexagon/gen_tcg.h @@ -951,9 +951,9 @@ #define fGEN_TCG_J2_jumpfpt(SHORTCODE) \ fGEN_TCG_cond_jumpf(fLSBOLD(PuV)) #define fGEN_TCG_J2_jumptnew(SHORTCODE) \ - gen_cond_jump(ctx, TCG_COND_EQ, PuN, riV) + fGEN_TCG_cond_jumpt(fLSBNEW(PuN)) #define fGEN_TCG_J2_jumptnewpt(SHORTCODE) \ - gen_cond_jump(ctx, TCG_COND_EQ, PuN, riV) + fGEN_TCG_cond_jumpt(fLSBNEW(PuN)) #define fGEN_TCG_J2_jumpfnewpt(SHORTCODE) \ fGEN_TCG_cond_jumpf(fLSBNEW(PuN)) #define fGEN_TCG_J2_jumpfnew(SHORTCODE) \ -- 2.34.1
