1# Copyright (c) 2021-2022 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14definitions: [] 15tests: 16 - file-name: "jlez" 17 isa: 18 title: Conditional compared to zero jump 19 description: > 20 Transfer execution to an instruction at offset bytes 21 from the beginning of the current instruction 22 if signed 32-bit integer in accumulator compares with 0 as specified. 23 Offset is sign extended to the size of instruction address. 24 exceptions: 25 - x_none 26 commands: 27 28 - file-name: "op" 29 isa: 30 instructions: 31 - sig: jlez imm:i32 32 acc: in:i32 33 format: [op_imm_8, op_imm_16] 34 description: > 35 Check jump occurs or not occurs, depending on `acc < 0` condition 36 for forward, backward, or current cases. 37 code-template: | 38 # 39 %s 40 check-type: exit-positive 41 cases: 42 - values: 43 - | 44 # Check forward jump 45 ldai -1 46 jlez label 47 ldai 255 ##*65536 48 return # should be jumped over 49 label: 50 - values: 51 - | 52 # Check backward jump 53 jmp label2 54 label1: 55 jmp label3 56 ldai 255 ##*65536 57 label2: 58 ldai -1 59 jlez label1 60 ldai 255 61 return # should be jumped over 62 label3: 63 - values: 64 - | 65 # Check jump to itself 66 ldai 1 67 loop: 68 jlez loop 69 bugid: ['3468'] 70 - values: 71 - | 72 # Check jump to itself 73 ldai -1 74 loop: 75 jlez loop 76 runner-options: [compile-only] 77 78 - file-name: "op_bounds_1" 79 isa: 80 instructions: 81 - sig: jlez imm:i32 82 acc: in:i32 83 format: [op_imm_8, op_imm_16] 84 description: > 85 Check jump occurs or not occurs, depending on `acc < 0` condition 86 for forward and backward cases. 87 code-template: | 88 # 89 %s 90 check-type: none 91 cases: 92 - values: 93 - | 94 # Max forward jump for imm8, 2 + 124 + 1 = 127 bytes 95 ldai -1 96 jlez label # 2-byte instruction 97 ldai 1 ##*62 98 return 99 label: 100 ldai 0 101 return 102 - values: 103 - | 104 # Max backward jump for imm8, 1 + 2 + 2*61 + 1 + 2 = 128 bytes 105 jmp label2 106 label: 107 neg 108 ldai 61 109 subi 1 ##*61 110 return 111 label2: 112 ldai -1 113 jlez label 114 ldai 1 115 return 116 - values: 117 - | 118 # Max forward jump for imm16, 3 + 32760 + 4 = 32767 bytes 119 ldai -1 120 jlez label # 3-byte instruction 121 movi.64 v0, 0 ##*3276 122 neg 123 ldai 2 124 return 125 label: 126 ldai 0 127 return 128 - values: 129 - | 130 # Max backward jump for imm16, 1 + 4 + 32760 + 1 + 2 = 32768 bytes 131 jmp label2 132 label: 133 ldai 0 134 return 135 ldai 1 136 movi.64 v0, 0 ##*3276 137 return 138 label2: 139 ldai -1 140 jlez label 141 ldai 1 142 return 143 144 - file-name: "op_bounds_2" 145 isa: 146 instructions: 147 - sig: jlez imm:i32 148 acc: in:i32 149 format: [op_imm_8, op_imm_16] 150 description: > 151 Check jump occurs or not occurs, depending on `acc == 0` condition 152 for forward and backward cases. 153 code-template: | 154 # 155 %s 156 check-type: none 157 cases: 158 - values: 159 - | 160 # Max forward jump for imm8, 2 + 124 + 1 = 127 bytes 161 ldai 0 162 jlez label # 2-byte instruction 163 neg 164 ldai 2 ##*62 165 label: 166 return 167 - values: 168 - | 169 # Max backward jump for imm8, 1 + 2 + 61*2 + 1 + 2 = 128 bytes 170 jmp label2 171 label: 172 neg 173 ldai 61 174 subi 1 ##*61 175 return 176 label2: 177 ldai 0 178 jlez label 179 ldai 1 180 return 181 - values: 182 - | 183 # Max forward jump for imm16, 3 + 32760 + 4 = 32767 bytes 184 ldai 0 185 jlez label # 3-byte instruction 186 movi.64 v0, 0 ##*3276 187 ldai 1 188 ldai 1 189 label: 190 return 191 - values: 192 - | 193 # Max backward jump for imm16, 1 + 4 + 32760 + 1 + 2 = 32768 bytes 194 jmp label2 195 label: 196 return 197 ldai 2 198 ldai 2 199 movi.64 v0, 0 ##*3276 200 return 201 label2: 202 ldai 0 203 jlez label 204 ldai 1 205 return 206 207 - file-name: "vals" 208 isa: 209 instructions: 210 - sig: jlez imm:i32 211 acc: in:i32 212 format: [op_imm_8, op_imm_16] 213 description: > 214 Check jump not occurs if `acc > 0` 215 for different values in acc. 216 code-template: | 217 # 218 ldai *s 219 jlez label_bad 220 ldai %s 221 jlez label_good 222 label_bad: 223 ldai 255 224 return # should be jumped over 225 label_good: 226 check-type: exit-positive 227 template-cases: 228 - values: 229 - "0" 230 exclude: [one] 231 - values: 232 - "-1" 233 exclude: [one] 234 - values: 235 - "0x80000000" 236 exclude: [max] 237 - values: 238 - "0xFFFFFFFF" 239 exclude: [max] 240 cases: 241 - values: 242 - "1" 243 id: one 244 - values: 245 - "0x7FFFFFFF" 246 id: max 247 248 - file-name: "type" 249 isa: 250 instructions: 251 - sig: jlez imm:i32 252 acc: in:i32 253 format: [op_imm_8, op_imm_16] 254 verification: 255 - acc_type 256 description: > 257 Check `jlez` with invalid types in acc. 258 tags: ['verifier'] 259 runner-options: ['verifier-failure', 'verifier-config'] 260 header-template: [] 261 code-template: | 262 # 263 .record A {} 264 .record panda.String <external> 265 .record panda.Object <external> 266 .function i32 main() { 267 %s 268 jlez label 269 ldai 255 270 label: 271 check-type: exit-positive 272 cases: 273 - values: 274 - lda.null 275 - values: 276 - ldai.64 0 277 - values: 278 - fldai 0 279 - values: 280 - fldai.64 0 281 - values: 282 - lda.type A 283 - values: 284 - lda.type A[] 285 - values: 286 - lda.type panda.String 287 - values: 288 - | 289 newobj v0, A 290 lda.obj v0 291 - values: 292 - | 293 newobj v0, panda.Object 294 lda.obj v0 295 - values: 296 - lda.str "0" 297 - values: 298 - | 299 # 300 movi v0, 10 301 newarr v0, v0, i32[] 302 lda.obj v0 303 304 - file-name: "outside_function" 305 isa: 306 instructions: 307 - sig: jlez imm:i32 308 acc: in:i32 309 format: [op_imm_8, op_imm_16] 310 verification: 311 - branch_target 312 description: > 313 Branch target should point to a beginning 314 of an instruction of the same method. 315 runner-options: ['compile-failure'] 316 header-template: [] 317 code-template: | 318 # 319 .function i32 f() { 320 label: 321 ldai 255 322 return 323 } 324 .function i32 main() { 325 ldai 1 326 jlez label 327 check-type: exit-positive 328 329 - file-name: "outside_try_catch_p" 330 isa: 331 instructions: 332 - sig: jlez imm:i32 333 acc: in:i32 334 format: [op_imm_8, op_imm_16] 335 description: Jump outside try/catch block. 336 bugid: ['3425'] 337 header-template: [] 338 code-template: | 339 .record panda.ArithmeticException <external> 340 .function i32 main() { 341 begin: 342 ldai -1 343 jlez outside 344 newobj v0, panda.ArithmeticException 345 throw v0 346 end: 347 ldai 1 348 return 349 catch_ae: 350 ldai 2 351 return 352 .catch panda.ArithmeticException, begin, end, catch_ae 353 ldai 3 354 return 355 outside: 356 check-type: exit-positive 357 358 - file-name: "outside_try_catch_j" 359 isa: 360 instructions: 361 - sig: jlez imm:i32 362 acc: in:i32 363 format: [op_imm_8, op_imm_16] 364 description: Jump outside try/catch block. 365 bugid: ['3425'] 366 header-template: [] 367 runner-options: ['use-pa'] 368 code-template: | 369 .language PandaAssembly 370 .record panda.NullPointerException <external> 371 .function i32 main() { 372 begin: 373 ldai -1 374 jlez outside 375 mov.null v0 376 throw v0 377 end: 378 ldai 1 379 return 380 catch_npe: 381 ldai 2 382 return 383 .catch panda.NullPointerException, begin, end, catch_npe 384 ldai 3 385 return 386 outside: 387 check-type: exit-positive 388 389 - file-name: uninitialized_regs 390 isa: 391 instructions: 392 - sig: jlez imm:i32 393 acc: in:i32 394 format: [op_imm_8, op_imm_16] 395 description: Check `jlez` with uninitialized acc. 396 tags: ['verifier'] 397 runner-options: ['verifier-failure', 'verifier-config'] 398 code-template: | 399 # 400 label: 401 jlez label 402 check-type: exit-positive 403 404 - file-name: "invalid_branch_target" 405 isa: 406 verification: 407 - branch_target 408 runner-options: [compile-failure] 409 description: Check 'jlez' instruction with invalid branch target. 410 header-template: [] 411 code-template: | 412 .record R {} 413 414 .function void R.ctor(R a0) <ctor> { 415 lbl_ctor: 416 return.void 417 } 418 419 .function void R.cctor() <cctor> { 420 lbl_cctor: 421 return.void 422 } 423 424 .function i32 foo(i32 a0, i32 a1) <static> { 425 lda a0 426 jlez %s 427 return 428 } 429 430 .function i32 bar() <static> { 431 lbl_bar: 432 ldai 1 433 return 434 } 435 436 .function i32 main() { 437 movi v0, 0 438 movi v1, 1 439 call.short foo, v0, v1 440 lbl_main: 441 check-type: exit-positive 442 cases: 443 - values: ["main"] 444 - values: ["foo"] 445 - values: ["bar"] 446 - values: ["baz"] 447 - values: ["R"] 448 - values: ["lbl_main"] 449 - values: ["lbl_bar"] 450 - values: ["lbl_ctor"] 451 - values: ["lbl_cctor"] 452 453 454 - file-name: "prohibited_branch_target" 455 isa: 456 verification: 457 - branch_target 458 runner-options: ['verifier-failure', 'verifier-config'] 459 tags: [verifier] 460 description: Check 'jlez' instruction with prohibited branch target. 461 header-template: [] 462 code-template: | 463 .record E1 {} 464 .record E2 {} 465 466 .function i32 main() { 467 ldai 0 468 jlez %s 469 470 begin: 471 ldai 0 472 return 473 mid: 474 ldai 1 475 return 476 end: 477 ldai 2 478 return 479 480 catch_E1_begin: 481 ldai 3 482 return 483 catch_E1_mid: 484 ldai 4 485 return 486 catch_E1_end: 487 ldai 5 488 return 489 490 catch_E2_begin: 491 ldai 6 492 return 493 catch_E2_mid: 494 ldai 7 495 return 496 catch_E2_end: 497 498 quit: 499 ldai 8 500 return 501 502 .catch E1, begin, end, catch_E1_begin, catch_E1_end 503 .catch E2, catch_E1_begin, catch_E1_end, catch_E2_begin, catch_E2_end 504 outside: 505 check-type: none 506 cases: 507 - values: ["begin"] 508 runner-options: ['verifier-only', 'verifier-config'] 509 - values: ["mid"] 510 runner-options: ['verifier-only', 'verifier-config'] 511 - values: ["end"] 512 runner-options: ['verifier-only', 'verifier-config'] 513 - values: ["quit"] 514 runner-options: ['verifier-only', 'verifier-config'] 515 - values: ["catch_E1_begin"] 516 - values: ["catch_E1_mid"] 517 - values: ["catch_E1_end"] 518 runner-options: ['verifier-only', 'verifier-config'] 519 - values: ["catch_E2_begin"] 520 - values: ["catch_E2_mid"] 521 - values: ["catch_E2_end"] 522 runner-options: ['verifier-only', 'verifier-config'] 523 - values: ["outside"] 524