Infinite recursion in tcg_gen_mulu2_i32 for certain 32-bit hosts.
Host environment
- Operating system: N/A (See description)
- OS/kernel version: Linux >5
- Architecture: N/A (See description)
- QEMU flavor: qemu-system-x86_64
- QEMU version: 7.2.0
- QEMU command line:
./qemu-system-x86_64 -L ../pc-bios
Emulated/Virtualized environment
- Operating system: PC BIOS
- OS/kernel version: None
- Architecture: x86-64
Description of problem
tcg_gen_mulu2_i32 infinitely recurses on a 32-bit host (TCG target) that has neither TCG_TARGET_HAS_mulu2_i32 nor TCG_TARGET_HAS_muluh_i32.
I don't actually think there is any host that is 32-bits and has neither mulu2 nor muluh. The only reference I found is this commit, which adds an #error if that situation is hit. But the check, which still exists, checks if those flags are defined, not for their value. I guess, over the years as the code was refactored, the check wasn't updated because, frankly, there aren't any hosts that match that situation (except mine).
One easy fix is to change the check mentioned above to check the actual macro value so that compilation fails. I can create a PR for that.
Steps to reproduce
(Note: I'm linking to the v7.2.0 tag so that these links stay relevant).
-
tcg_gen_mulu2_i32callstcg_gen_mul_i64. -
tcg_gen_mul_i64on 32-bit hosts, due to this check forTCG_TARGET_REG_BITS == 32, is defined here, and callstcg_gen_mulu2_i32. - Rinse and repeat.
- Eventually, as gen_mulu2/mul functions spill while trying to allocate temps, they will overflow the TB buffer. This will restart code generation with smaller and smaller block sizes, until the block size reaches 1 instruction. TCG will then give up and assert.