1# Copyright (c) 2021 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14definitions: 15 - name: java 16 template: | 17 .language Java 18 19tests: 20 - file-name: "jnez.obj" 21 isa: 22 title: Conditional compared to null jump 23 description: > 24 Transfer execution to an instruction at offset bytes from the beginning of the current instruction if 25 object reference in accumulator compares with null as specified. Offset is sign extended to the size of 26 instruction address. 27 exceptions: 28 - x_none 29 instructions: 30 - sig: jnez.obj imm:i32 31 acc: in:ref 32 format: [op_imm_8, op_imm_16] 33 commands: 34 35 - file-name: "invalid_offset" 36 isa: 37 verification: 38 - branch_target 39 instructions: 40 - sig: jnez.obj imm:i32 41 acc: in:ref 42 format: [op_imm_8, op_imm_16] 43 runner-options: [compile-failure] 44 description: Check 'jnez.obj' instruction with invalid offset. 45 header-template: [] 46 code-template: | 47 .function i32 main() { 48 jnez.obj %s 49 lbl: 50 check-type: exit-positive 51 cases: 52 - values: [""] 53 - values: ["main"] 54 - values: ["v1"] 55 - values: ["v1, lbl"] 56 - values: ["}"] 57 - values: ["# lbl"] 58 - values: ["Lbl"] 59 - values: ["LBL"] 60 61 62 - file-name: "uninitialized_acc" 63 isa: 64 verification: 65 - acc_obj_or_null 66 runner-options: ['verifier-failure', 'verifier-debug-config'] 67 tags: [verifier] 68 description: Check 'jnez.obj' instruction with uninitialized accumulator. 69 header-template: [] 70 code-template: | 71 .function i32 main() { 72 jnez.obj lbl 73 ldai 1 74 return 75 lbl: 76 check-type: exit-positive 77 78 79 - file-name: "invalid_branch_target" 80 isa: 81 verification: 82 - branch_target 83 runner-options: [compile-failure] 84 description: Check 'jnez.obj' instruction with invalid branch target. 85 header-template: [] 86 code-template: | 87 .record R {} 88 89 .function void R.ctor(R a0) <ctor> { 90 lbl_ctor: 91 return.void 92 } 93 94 .function void R.cctor() <cctor> { 95 lbl_cctor: 96 return.void 97 } 98 99 .function i32 foo() <static> { 100 lda.null 101 jnez.obj %s 102 } 103 104 .function i32 bar() <static> { 105 lbl_bar: 106 ldai 1 107 return 108 } 109 110 .function i32 main() { 111 call.short foo 112 lbl_main: 113 check-type: exit-positive 114 cases: 115 - values: ["main"] 116 - values: ["foo"] 117 - values: ["bar"] 118 - values: ["baz"] 119 - values: ["R"] 120 - values: ["lbl_main"] 121 - values: ["lbl_bar"] 122 - values: ["lbl_ctor"] 123 - values: ["lbl_cctor"] 124 125 126 - file-name: "prohibited_branch_target_p" 127 isa: 128 verification: 129 - branch_target 130 runner-options: ['verifier-failure', 'verifier-debug-config'] 131 tags: [verifier] 132 description: Check 'jnez.obj' instruction with prohibited branch target in PandaAssembly context. 133 header-template: [] 134 code-template: | 135 .record E1 {} 136 .record E2 {} 137 .record R {} 138 139 .function void R.ctor(R a0) <ctor> { 140 return.void 141 } 142 143 .function i32 main() { 144 initobj R.ctor 145 jnez.obj %s 146 147 begin: 148 ldai 0 149 return 150 mid: 151 ldai 1 152 return 153 end: 154 ldai 2 155 return 156 157 catch_E1_begin: 158 ldai 3 159 return 160 catch_E1_mid: 161 ldai 4 162 return 163 catch_E1_end: 164 ldai 5 165 return 166 167 catch_E2_begin: 168 ldai 6 169 return 170 catch_E2_mid: 171 ldai 7 172 return 173 catch_E2_end: 174 175 quit: 176 ldai 8 177 return 178 179 .catch E1, begin, end, catch_E1_begin, catch_E1_end 180 .catch E2, catch_E1_begin, catch_E1_end, catch_E2_begin, catch_E2_end 181 outside: 182 check-type: none 183 cases: 184 - values: ["begin"] 185 runner-options: ['verifier-only', 'verifier-debug-config'] 186 - values: ["mid"] 187 runner-options: ['verifier-only', 'verifier-debug-config'] 188 - values: ["end"] 189 runner-options: ['verifier-only', 'verifier-debug-config'] 190 - values: ["quit"] 191 runner-options: ['verifier-only', 'verifier-debug-config'] 192 - values: ["catch_E1_begin"] 193 - values: ["catch_E1_mid"] 194 - values: ["catch_E1_end"] 195 runner-options: ['verifier-only', 'verifier-debug-config'] 196 - values: ["catch_E2_begin"] 197 - values: ["catch_E2_mid"] 198 - values: ["catch_E2_end"] 199 runner-options: ['verifier-only', 'verifier-debug-config'] 200 - values: ["outside"] 201 202 203 - file-name: "invalid_acc_value" 204 isa: 205 verification: 206 - acc_obj_or_null 207 runner-options: ['verifier-failure', 'verifier-debug-config'] 208 tags: [verifier] 209 description: Check 'jnez.obj' instruction with invalid accumulator value 210 header-template: [] 211 code-template: | 212 .function i32 main() { 213 %s 214 jnez.obj ok 215 ldai 1 216 return 217 ok: 218 check-type: exit-positive 219 cases: 220 - values: 221 - ldai 0 222 - values: 223 - ldai 1 224 - values: 225 - ldai 0x7fffffff 226 - values: 227 - ldai 0xffffffff 228 - values: 229 - ldai 0x80000000 230 - values: 231 - ldai.64 0 232 - values: 233 - ldai.64 1 234 - values: 235 - ldai.64 0x7fffffffffffffff 236 - values: 237 - ldai.64 0xffffffffffffffff 238 - values: 239 - ldai.64 0x8000000000000000 240 - values: 241 - | 242 # 243 fldai.64 0x0000000000000000 # Positive zero (+0.0, hexadecimal representation is `0x0000000000000000`) 244 - values: 245 - | 246 # 247 fldai.64 0x8000000000000000 # Negative zero (-0.0, hexadecimal representation is `0x8000000000000000`) 248 - values: 249 - | 250 # 251 fldai.64 0x0000000000000001 # Minimal positive value (4.9E-324, hexadecimal representation is `0x0000000000000001`) 252 - values: 253 - | 254 # 255 fldai.64 0x8000000000000001 # Maximal negative value (-4.9E-324, hexadecimal representation is `0x8000000000000001`) 256 - values: 257 - | 258 # 259 fldai.64 0x7fefffffffffffff # Maximal positive value (1.7976931348623157e308, hexadecimal representation is `0x7fefffffffffffff`) 260 - values: 261 - | 262 # 263 fldai.64 0xffefffffffffffff # Minimal negative value (-1.7976931348623157e308, hexadecimal representation is `0xffefffffffffffff`) 264 - values: 265 - | 266 # 267 fldai.64 0x7ff0000000000000 # Positive infinity (hexadecimal representation is `0x7ff0000000000000`) 268 - values: 269 - | 270 # 271 fldai.64 0xfff0000000000000 # Negative infinity (hexadecimal representation is `0xfff0000000000000`) 272 - values: 273 - | 274 # 275 fldai.64 0x7ff8000000000000 # NaN 276 277 278 - file-name: "valid_null_value_p" 279 isa: 280 description: > 281 Transfer execution to an instruction at offset bytes from the beginning of the current instruction if 282 object reference in accumulator compares with null as specified. Offset is sign extended to the size of 283 instruction address. 284 description: Check 'jnez.obj' instruction with valid null value in PandaAssembly context. 285 header-template: [] 286 tags: [tsan] 287 code-template: | 288 .function i32 main() { 289 lda.null 290 jnez.obj ng 291 ldai 0 292 return 293 ng: 294 ldai 1 295 check-type: no-check 296 297 298 - file-name: "valid_not_null_values_p" 299 isa: 300 description: > 301 Transfer execution to an instruction at offset bytes from the beginning of the current instruction if 302 object reference in accumulator compares with null as specified. Offset is sign extended to the size of 303 instruction address. 304 description: Check 'jnez.obj' instruction with valid not null values in PandaAssembly context. 305 header-template: [] 306 tags: [tsan] 307 code-template: | 308 .record panda.String <external> 309 .record panda.Class <external> 310 .record panda.Object <external> 311 .record R {} 312 .function void R.ctor(R a0) <ctor> { 313 return.void 314 } 315 .function i32 main() { 316 %s 317 jnez.obj ng 318 ldai 1 319 return 320 ng: 321 check-type: exit-positive 322 cases: 323 - values: 324 - initobj R.ctor 325 - values: 326 - lda.str "test1" 327 - values: 328 - lda.type R 329 - values: 330 - lda.type panda.Object 331 - values: 332 - | 333 # 334 movi v2, 10 335 newarr v2, v2, u32[] 336 lda.obj v2 337 - values: 338 - | 339 # 340 movi v2, 10 341 newarr v2, v2, u64[][] 342 lda.obj v2 343 - values: 344 - | 345 # 346 movi v2, 10 347 newarr v2, v2, R[] 348 lda.obj v2 349 - values: 350 - | 351 # 352 movi v2, 10 353 newarr v2, v2, panda.Class[][] 354 lda.obj v2 355 - values: 356 - | 357 # 358 movi v2, 10 359 newarr v2, v2, panda.String[][][] 360 lda.obj v2 361 362 363 - file-name: "valid_offset_values" 364 isa: 365 description: > 366 Transfer execution to an instruction at offset bytes from the beginning of the current instruction if 367 object reference in accumulator compares with null as specified. Offset is sign extended to the size of 368 instruction address. 369 description: Check 'jnez.obj' instruction with valid offset values. 370 header-template: [] 371 code-template: | 372 .function i32 main() { 373 lda.str "test" 374 %s 375 ldai 1 # 2-byte instruction 376 return # 1-byte instruction 377 quit: 378 check-type: exit-positive 379 cases: 380 - description: Same instruction jump, offset imm8, 0 bytes 381 values: 382 - | 383 # 384 lda.null 385 lbl: 386 jnez.obj lbl 387 ldai 0 388 return 389 - description: Max forward jump for imm8, 2 + 120 + 2 + 3 = 127 bytes 390 values: 391 - | 392 # 393 jnez.obj quit # 2-byte instruction 394 movi.64 v0, 0 ##*12 395 lda.null 396 lda.null 397 tags: [tsan] 398 - description: Max backward jump for imm8, 3 + 120 + 5 = 128 bytes 399 values: 400 - | 401 # 402 jmp lbl2 403 lbl1: 404 jmp quit # 3-byte instruction 405 movi.64 v0, 0 ##*12 406 ldai 1 407 ldai 1 408 return 409 lbl2: 410 jnez.obj lbl1 411 - description: Max forward jump for imm16, 3 + 32760 + 1 + 3 = 32767 bytes 412 values: 413 - | 414 # 415 jnez.obj quit # 3-byte instruction 416 movi.64 v0, 0 ##*3276 417 lda.null 418 - description: Beyond max forward jump for imm16, 3 + 40000 + 3 = 40006 bytes. Converted to jeqz.obj + jmp by compiler. 419 values: 420 - | 421 # 422 jnez.obj quit # 3-byte instruction 423 movi.64 v0, 0 ##*4000 424 - description: Max backward jump for imm16, 5 + 32760 + 3 = 32768 bytes 425 values: 426 - | 427 # 428 jmp lbl2 429 lbl1: 430 jmp quit # 5-byte instruction 431 movi.64 v0, 0 ##*3276 432 ldai 1 433 return 434 lbl2: 435 jnez.obj lbl1 436 - description: Beyond max backward jump for imm16, 5 + 40000 = 40005 bytes. Converted to jeqz.obj + jmp by compiler. 437 values: 438 - | 439 # 440 jmp lbl2 441 lbl1: 442 jmp quit # 5-byte instruction 443 movi.64 v0, 0 ##*4000 444 ldai 1 445 return 446 lbl2: 447 jnez.obj lbl1 448 - description: Chain of forward jumps 449 values: 450 - | 451 # 452 jnez.obj lbl1 453 ldai 2 454 return 455 lbl1: 456 jnez.obj lbl2 457 ldai 3 458 return 459 lbl2: 460 jnez.obj lbl3 461 ldai 4 462 return 463 lbl3: 464 jnez.obj lbl4 465 ldai 5 466 return 467 lbl4: 468 jnez.obj quit 469 tags: [tsan] 470 - description: Chain of backward jumps 471 values: 472 - | 473 # 474 jmp lbl1 475 lbl6: 476 jmp quit 477 lbl5: 478 jnez.obj lbl6 479 ldai 5 480 return 481 lbl4: 482 jnez.obj lbl5 483 ldai 4 484 return 485 lbl3: 486 jnez.obj lbl4 487 ldai 3 488 return 489 lbl2: 490 jnez.obj lbl3 491 ldai 2 492 return 493 lbl1: 494 jnez.obj lbl2 495