On 2/11/19 10:19 AM, Sven Schnelle wrote: > switch (cf >> 1) { > - case 4: case 5: case 6: > - cf &= 1; > + case 0: /* never */ > + cond = cond_make_f(); > + break; > + case 1: /* = all bits are zero */ > + cond = cond_make_0(TCG_COND_EQ, res); > + break; > + case 2: /* < leftmost bit is 1 */ > + cond = cond_make_0(TCG_COND_LT, res); > + break; > + case 3: /* <= leftmost bit is 1 or all bits 0 */ > + cond = cond_make_0(TCG_COND_LE, res); > + break; > + case 7: /* OD rightmost bit is 1 */ > + tmp = tcg_temp_new(); > + tcg_gen_andi_reg(tmp, res, 1); > + cond = cond_make_0(TCG_COND_NE, tmp); > + tcg_temp_free(tmp); > + break; > + default: > break; > }
You can't do nothing for cases 4,5,6. That lets a bad guest crash qemu, since cond will be uninitialized. Also, this patch has to be sorted before the previous, as otherwise you introduce a regression during bisection. I've fixed this up locally. r~