1# Copyright (c) 2021 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14definitions: 15 - name: java 16 template: | 17 .language Java 18 19tests: 20 - file-name: "jeqz.obj" 21 isa: 22 title: Conditional compared to null jump 23 description: > 24 Transfer execution to an instruction at offset bytes from the beginning of the current instruction if 25 object reference in accumulator compares with null as specified. Offset is sign extended to the size of 26 instruction address. 27 exceptions: 28 - x_none 29 instructions: 30 - sig: jeqz.obj imm:i32 31 acc: in:ref 32 format: [op_imm_8, op_imm_16] 33 commands: 34 35 - file-name: "invalid_offset" 36 isa: 37 verification: 38 - branch_target 39 instructions: 40 - sig: jeqz.obj imm:i32 41 acc: in:ref 42 format: [op_imm_8, op_imm_16] 43 runner-options: [compile-failure] 44 description: Check 'jeqz.obj' instruction with invalid offset. 45 header-template: [] 46 code-template: | 47 .function i32 main() { 48 jeqz.obj %s 49 lbl: 50 check-type: exit-positive 51 cases: 52 - values: [""] 53 - values: ["main"] 54 - values: ["v1"] 55 - values: ["v1, lbl"] 56 - values: ["}"] 57 - values: ["# lbl"] 58 - values: ["Lbl"] 59 - values: ["LBL"] 60 61 62 - file-name: "uninitialized_acc" 63 isa: 64 verification: 65 - acc_obj_or_null 66 runner-options: ['verifier-failure', 'verifier-debug-config'] 67 tags: [verifier] 68 description: Check 'jeqz.obj' instruction with uninitialized accumulator. 69 header-template: [] 70 code-template: | 71 .function i32 main() { 72 jeqz.obj lbl 73 ldai 1 74 return 75 lbl: 76 check-type: exit-positive 77 78 79 - file-name: "invalid_branch_target" 80 isa: 81 verification: 82 - branch_target 83 runner-options: [compile-failure] 84 description: Check 'jeqz.obj' instruction with invalid branch target. 85 header-template: [] 86 code-template: | 87 .record R {} 88 89 .function void R.ctor(R a0) <ctor> { 90 lbl_ctor: 91 return.void 92 } 93 94 .function void R.cctor() <cctor> { 95 lbl_cctor: 96 return.void 97 } 98 99 .function i32 foo() <static> { 100 lda.null 101 jeqz.obj %s 102 } 103 104 .function i32 bar() <static> { 105 lbl_bar: 106 ldai 1 107 return 108 } 109 110 .function i32 main() { 111 call.short foo 112 lbl_main: 113 check-type: exit-positive 114 cases: 115 - values: ["main"] 116 - values: ["foo"] 117 - values: ["bar"] 118 - values: ["baz"] 119 - values: ["R"] 120 - values: ["lbl_main"] 121 - values: ["lbl_bar"] 122 - values: ["lbl_ctor"] 123 - values: ["lbl_cctor"] 124 125 126 - file-name: "prohibited_branch_target_p" 127 isa: 128 verification: 129 - branch_target 130 runner-options: ['verifier-failure', 'verifier-debug-config'] 131 tags: [verifier] 132 description: Check 'jeqz.obj' instruction with prohibited branch target in PandaAssembly context. 133 header-template: [] 134 code-template: | 135 .record E1 {} 136 .record E2 {} 137 .record R {} 138 139 .function void R.ctor(R a0) <ctor> { 140 return.void 141 } 142 143 .function i32 main() { 144 lda.null 145 jeqz.obj %s 146 147 begin: 148 ldai 0 149 return 150 mid: 151 ldai 1 152 return 153 end: 154 ldai 2 155 return 156 157 catch_E1_begin: 158 ldai 3 159 return 160 catch_E1_mid: 161 ldai 4 162 return 163 catch_E1_end: 164 ldai 5 165 return 166 167 catch_E2_begin: 168 ldai 6 169 return 170 catch_E2_mid: 171 ldai 7 172 return 173 catch_E2_end: 174 175 quit: 176 ldai 8 177 return 178 179 .catch E1, begin, end, catch_E1_begin, catch_E1_end 180 .catch E2, catch_E1_begin, catch_E1_end, catch_E2_begin, catch_E2_end 181 outside: 182 check-type: none 183 cases: 184 - values: ["begin"] 185 runner-options: ['verifier-only', 'verifier-debug-config'] 186 - values: ["mid"] 187 runner-options: ['verifier-only', 'verifier-debug-config'] 188 - values: ["end"] 189 runner-options: ['verifier-only', 'verifier-debug-config'] 190 - values: ["quit"] 191 runner-options: ['verifier-only', 'verifier-debug-config'] 192 - values: ["catch_E1_begin"] 193 - values: ["catch_E1_mid"] 194 - values: ["catch_E1_end"] 195 runner-options: ['verifier-only', 'verifier-debug-config'] 196 - values: ["catch_E2_begin"] 197 - values: ["catch_E2_mid"] 198 - values: ["catch_E2_end"] 199 runner-options: ['verifier-only', 'verifier-debug-config'] 200 - values: ["outside"] 201 202 203 - file-name: "invalid_acc_value" 204 isa: 205 verification: 206 - acc_obj_or_null 207 runner-options: ['verifier-failure', 'verifier-debug-config'] 208 tags: [verifier] 209 description: Check 'jeqz.obj' instruction with invalid accumulator value 210 header-template: [] 211 code-template: | 212 .function i32 main() { 213 %s 214 jeqz.obj ok 215 ldai 1 216 return 217 ok: 218 check-type: exit-positive 219 cases: 220 - values: 221 - ldai 0 222 - values: 223 - ldai 1 224 - values: 225 - ldai 0x7fffffff 226 - values: 227 - ldai 0xffffffff 228 - values: 229 - ldai 0x80000000 230 - values: 231 - ldai.64 0 232 - values: 233 - ldai.64 1 234 - values: 235 - ldai.64 0x7fffffffffffffff 236 - values: 237 - ldai.64 0xffffffffffffffff 238 - values: 239 - ldai.64 0x8000000000000000 240 - values: 241 - | 242 # 243 fldai.64 0x0000000000000000 # Positive zero (+0.0, hexadecimal representation is `0x0000000000000000`) 244 - values: 245 - | 246 # 247 fldai.64 0x8000000000000000 # Negative zero (-0.0, hexadecimal representation is `0x8000000000000000`) 248 - values: 249 - | 250 # 251 fldai.64 0x0000000000000001 # Minimal positive value (4.9E-324, hexadecimal representation is `0x0000000000000001`) 252 - values: 253 - | 254 # 255 fldai.64 0x8000000000000001 # Maximal negative value (-4.9E-324, hexadecimal representation is `0x8000000000000001`) 256 - values: 257 - | 258 # 259 fldai.64 0x7fefffffffffffff # Maximal positive value (1.7976931348623157e308, hexadecimal representation is `0x7fefffffffffffff`) 260 - values: 261 - | 262 # 263 fldai.64 0xffefffffffffffff # Minimal negative value (-1.7976931348623157e308, hexadecimal representation is `0xffefffffffffffff`) 264 - values: 265 - | 266 # 267 fldai.64 0x7ff0000000000000 # Positive infinity (hexadecimal representation is `0x7ff0000000000000`) 268 - values: 269 - | 270 # 271 fldai.64 0xfff0000000000000 # Negative infinity (hexadecimal representation is `0xfff0000000000000`) 272 - values: 273 - | 274 # 275 fldai.64 0x7ff8000000000000 # NaN 276 277 278 - file-name: "valid_null_value_p" 279 isa: 280 description: > 281 Transfer execution to an instruction at offset bytes from the beginning of the current instruction if 282 object reference in accumulator compares with null as specified. Offset is sign extended to the size of 283 instruction address. 284 description: Check 'jeqz.obj' instruction with valid null value in PandaAssembly context. 285 header-template: [] 286 tags: [tsan] 287 code-template: | 288 .function i32 main() { 289 lda.null 290 jeqz.obj ok 291 ldai 1 292 return 293 ok: 294 check-type: exit-positive 295 296 297 - file-name: "valid_not_null_values_p" 298 isa: 299 description: > 300 Transfer execution to an instruction at offset bytes from the beginning of the current instruction if 301 object reference in accumulator compares with null as specified. Offset is sign extended to the size of 302 instruction address. 303 description: Check 'jeqz.obj' instruction with valid not null values in PandaAssembly context. 304 header-template: [] 305 tags: [tsan] 306 code-template: | 307 .record panda.String <external> 308 .record panda.Class <external> 309 .record panda.Object <external> 310 .record R {} 311 .function void R.ctor(R a0) <ctor> { 312 return.void 313 } 314 .function i32 main() { 315 %s 316 jeqz.obj eq 317 ldai 0 318 return 319 eq: 320 ldai 1 321 return 322 check-type: none 323 cases: 324 - values: 325 - initobj R.ctor 326 - values: 327 - lda.str "test1" 328 - values: 329 - lda.type R 330 - values: 331 - lda.type panda.Object 332 - values: 333 - | 334 # 335 movi v2, 10 336 newarr v2, v2, u32[] 337 lda.obj v2 338 - values: 339 - | 340 # 341 movi v2, 10 342 newarr v2, v2, u64[][] 343 lda.obj v2 344 - values: 345 - | 346 # 347 movi v2, 10 348 newarr v2, v2, R[] 349 lda.obj v2 350 - values: 351 - | 352 # 353 movi v2, 10 354 newarr v2, v2, panda.Class[][] 355 lda.obj v2 356 - values: 357 - | 358 # 359 movi v2, 10 360 newarr v2, v2, panda.String[][][] 361 lda.obj v2 362 363 364 - file-name: "valid_offset_values" 365 isa: 366 description: > 367 Transfer execution to an instruction at offset bytes from the beginning of the current instruction if 368 object reference in accumulator compares with null as specified. Offset is sign extended to the size of 369 instruction address. 370 description: Check 'jeqz.obj' instruction with valid offset values. 371 header-template: [] 372 code-template: | 373 .function i32 main() { 374 lda.null 375 %s 376 ldai 1 # 2-byte instruction 377 return # 1-byte instruction 378 quit: 379 check-type: exit-positive 380 cases: 381 - description: Same instruction jump, offset imm8, 0 bytes 382 values: 383 - | 384 # 385 lda.str "test" 386 lbl: 387 jeqz.obj lbl 388 ldai 0 389 return 390 - description: Max forward jump for imm8, 2 + 120 + 2 + 3 = 127 bytes 391 values: 392 - | 393 # 394 jeqz.obj quit # 2-byte instruction 395 movi.64 v0, 0 ##*12 396 lda.null 397 lda.null 398 - description: Max backward jump for imm8, 3 + 120 + 5 = 128 bytes 399 values: 400 - | 401 # 402 jmp lbl2 403 lbl1: 404 jmp quit # 3-byte instruction 405 movi.64 v0, 0 ##*12 406 ldai 1 407 ldai 1 408 return 409 lbl2: 410 jeqz.obj lbl1 411 tags: [tsan] 412 - description: Max forward jump for imm16, 3 + 32760 + 1 + 3 = 32767 bytes 413 values: 414 - | 415 # 416 jeqz.obj quit # 3-byte instruction 417 movi.64 v0, 0 ##*3276 418 lda.null 419 - description: Beyond max forward jump for imm16, 3 + 40000 + 3 = 40006 bytes. Converted to jnez.obj + jmp by compiler. 420 values: 421 - | 422 # 423 jeqz.obj quit # 3-byte instruction 424 movi.64 v0, 0 ##*4000 425 tags: [tsan] 426 - description: Max backward jump for imm16, 5 + 32760 + 3 = 32768 bytes 427 values: 428 - | 429 # 430 jmp lbl2 431 lbl1: 432 jmp quit # 5-byte instruction 433 movi.64 v0, 0 ##*3276 434 ldai 1 435 return 436 lbl2: 437 jeqz.obj lbl1 438 - description: Beyond max backward jump for imm16, 5 + 40000 = 40005 bytes. Converted to jnez.obj + jmp by compiler. 439 values: 440 - | 441 # 442 jmp lbl2 443 lbl1: 444 jmp quit # 5-byte instruction 445 movi.64 v0, 0 ##*4000 446 ldai 1 447 return 448 lbl2: 449 jeqz.obj lbl1 450 - description: Chain of forward jumps 451 values: 452 - | 453 # 454 jeqz.obj lbl1 455 ldai 2 456 return 457 lbl1: 458 jeqz.obj lbl2 459 ldai 3 460 return 461 lbl2: 462 jeqz.obj lbl3 463 ldai 4 464 return 465 lbl3: 466 jeqz.obj lbl4 467 ldai 5 468 return 469 lbl4: 470 jeqz.obj quit 471 - description: Chain of backward jumps 472 values: 473 - | 474 # 475 jmp lbl1 476 lbl6: 477 jmp quit 478 lbl5: 479 jeqz.obj lbl6 480 ldai 5 481 return 482 lbl4: 483 jeqz.obj lbl5 484 ldai 4 485 return 486 lbl3: 487 jeqz.obj lbl4 488 ldai 3 489 return 490 lbl2: 491 jeqz.obj lbl3 492 ldai 2 493 return 494 lbl1: 495 jeqz.obj lbl2 496 tags: [tsan] 497