* [Qemu-devel] [Bug 904308] [NEW] x86: BT/BTS/BTR/BTC: ZF flag is unaffected
@ 2011-12-14 15:47 Daniil Troshkov
2011-12-14 15:47 ` [Qemu-devel] [Bug 904308] " Daniil Troshkov
` (5 more replies)
0 siblings, 6 replies; 12+ messages in thread
From: Daniil Troshkov @ 2011-12-14 15:47 UTC (permalink / raw)
To: qemu-devel
Public bug reported:
Hello!
Bug was found in qemu.git.
See target-i386/translate.c:
case 0x1ba: /* bt/bts/btr/btc Gv, im */
ot = dflag + OT_WORD;
modrm = ldub_code(s->pc++);
op = (modrm >> 3) & 7;
mod = (modrm >> 6) & 3;
rm = (modrm & 7) | REX_B(s);
if (mod != 3) {
s->rip_offset = 1;
gen_lea_modrm(s, modrm, ®_addr, &offset_addr);
gen_op_ld_T0_A0(ot + s->mem_index);
} else {
gen_op_mov_TN_reg(ot, 0, rm);
}
/* load shift */
val = ldub_code(s->pc++);
gen_op_movl_T1_im(val);
if (op < 4)
goto illegal_op;
op -= 4;
goto bt_op;
case 0x1a3: /* bt Gv, Ev */
op = 0;
goto do_btx;
case 0x1ab: /* bts */
op = 1;
goto do_btx;
case 0x1b3: /* btr */
op = 2;
goto do_btx;
case 0x1bb: /* btc */
op = 3;
do_btx:
ot = dflag + OT_WORD;
modrm = ldub_code(s->pc++);
reg = ((modrm >> 3) & 7) | rex_r;
mod = (modrm >> 6) & 3;
rm = (modrm & 7) | REX_B(s);
gen_op_mov_TN_reg(OT_LONG, 1, reg);
if (mod != 3) {
gen_lea_modrm(s, modrm, ®_addr, &offset_addr);
/* specific case: we need to add a displacement */
gen_exts(ot, cpu_T[1]);
tcg_gen_sari_tl(cpu_tmp0, cpu_T[1], 3 + ot);
tcg_gen_shli_tl(cpu_tmp0, cpu_tmp0, ot);
tcg_gen_add_tl(cpu_A0, cpu_A0, cpu_tmp0);
gen_op_ld_T0_A0(ot + s->mem_index);
} else {
gen_op_mov_TN_reg(ot, 0, rm);
}
bt_op:
tcg_gen_andi_tl(cpu_T[1], cpu_T[1], (1 << (3 + ot)) - 1);
switch(op) {
case 0:
tcg_gen_shr_tl(cpu_cc_src, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_cc_dst, 0); <<<<<<<<<<<<<<<<<<<<<< always set zf
break;
case 1:
tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_tmp0, 1);
tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
tcg_gen_or_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
break;
case 2:
tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_tmp0, 1);
tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
tcg_gen_not_tl(cpu_tmp0, cpu_tmp0);
tcg_gen_and_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
break;
default:
case 3:
tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_tmp0, 1);
tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
tcg_gen_xor_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
break;
}
s->cc_op = CC_OP_SARB + ot;
if (op != 0) {
if (mod != 3)
gen_op_st_T0_A0(ot + s->mem_index);
else
gen_op_mov_reg_T0(ot, rm);
tcg_gen_mov_tl(cpu_cc_src, cpu_tmp4);
tcg_gen_movi_tl(cpu_cc_dst, 0); <<<<<<<<<<<<<<<<<<<<<< always set zf
}
break;
always set zf...
There is fixed patch.
** Affects: qemu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/904308
Title:
x86: BT/BTS/BTR/BTC: ZF flag is unaffected
Status in QEMU:
New
Bug description:
Hello!
Bug was found in qemu.git.
See target-i386/translate.c:
case 0x1ba: /* bt/bts/btr/btc Gv, im */
ot = dflag + OT_WORD;
modrm = ldub_code(s->pc++);
op = (modrm >> 3) & 7;
mod = (modrm >> 6) & 3;
rm = (modrm & 7) | REX_B(s);
if (mod != 3) {
s->rip_offset = 1;
gen_lea_modrm(s, modrm, ®_addr, &offset_addr);
gen_op_ld_T0_A0(ot + s->mem_index);
} else {
gen_op_mov_TN_reg(ot, 0, rm);
}
/* load shift */
val = ldub_code(s->pc++);
gen_op_movl_T1_im(val);
if (op < 4)
goto illegal_op;
op -= 4;
goto bt_op;
case 0x1a3: /* bt Gv, Ev */
op = 0;
goto do_btx;
case 0x1ab: /* bts */
op = 1;
goto do_btx;
case 0x1b3: /* btr */
op = 2;
goto do_btx;
case 0x1bb: /* btc */
op = 3;
do_btx:
ot = dflag + OT_WORD;
modrm = ldub_code(s->pc++);
reg = ((modrm >> 3) & 7) | rex_r;
mod = (modrm >> 6) & 3;
rm = (modrm & 7) | REX_B(s);
gen_op_mov_TN_reg(OT_LONG, 1, reg);
if (mod != 3) {
gen_lea_modrm(s, modrm, ®_addr, &offset_addr);
/* specific case: we need to add a displacement */
gen_exts(ot, cpu_T[1]);
tcg_gen_sari_tl(cpu_tmp0, cpu_T[1], 3 + ot);
tcg_gen_shli_tl(cpu_tmp0, cpu_tmp0, ot);
tcg_gen_add_tl(cpu_A0, cpu_A0, cpu_tmp0);
gen_op_ld_T0_A0(ot + s->mem_index);
} else {
gen_op_mov_TN_reg(ot, 0, rm);
}
bt_op:
tcg_gen_andi_tl(cpu_T[1], cpu_T[1], (1 << (3 + ot)) - 1);
switch(op) {
case 0:
tcg_gen_shr_tl(cpu_cc_src, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_cc_dst, 0); <<<<<<<<<<<<<<<<<<<<<< always set zf
break;
case 1:
tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_tmp0, 1);
tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
tcg_gen_or_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
break;
case 2:
tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_tmp0, 1);
tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
tcg_gen_not_tl(cpu_tmp0, cpu_tmp0);
tcg_gen_and_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
break;
default:
case 3:
tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_tmp0, 1);
tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
tcg_gen_xor_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
break;
}
s->cc_op = CC_OP_SARB + ot;
if (op != 0) {
if (mod != 3)
gen_op_st_T0_A0(ot + s->mem_index);
else
gen_op_mov_reg_T0(ot, rm);
tcg_gen_mov_tl(cpu_cc_src, cpu_tmp4);
tcg_gen_movi_tl(cpu_cc_dst, 0); <<<<<<<<<<<<<<<<<<<<<< always set zf
}
break;
always set zf...
There is fixed patch.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/904308/+subscriptions
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Qemu-devel] [Bug 904308] Re: x86: BT/BTS/BTR/BTC: ZF flag is unaffected
2011-12-14 15:47 [Qemu-devel] [Bug 904308] [NEW] x86: BT/BTS/BTR/BTC: ZF flag is unaffected Daniil Troshkov
@ 2011-12-14 15:47 ` Daniil Troshkov
2011-12-14 15:58 ` Peter Maydell
` (4 subsequent siblings)
5 siblings, 0 replies; 12+ messages in thread
From: Daniil Troshkov @ 2011-12-14 15:47 UTC (permalink / raw)
To: qemu-devel
** Patch added: "patch"
https://bugs.launchpad.net/bugs/904308/+attachment/2633025/+files/patch2
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/904308
Title:
x86: BT/BTS/BTR/BTC: ZF flag is unaffected
Status in QEMU:
New
Bug description:
Hello!
Bug was found in qemu.git.
See target-i386/translate.c:
case 0x1ba: /* bt/bts/btr/btc Gv, im */
ot = dflag + OT_WORD;
modrm = ldub_code(s->pc++);
op = (modrm >> 3) & 7;
mod = (modrm >> 6) & 3;
rm = (modrm & 7) | REX_B(s);
if (mod != 3) {
s->rip_offset = 1;
gen_lea_modrm(s, modrm, ®_addr, &offset_addr);
gen_op_ld_T0_A0(ot + s->mem_index);
} else {
gen_op_mov_TN_reg(ot, 0, rm);
}
/* load shift */
val = ldub_code(s->pc++);
gen_op_movl_T1_im(val);
if (op < 4)
goto illegal_op;
op -= 4;
goto bt_op;
case 0x1a3: /* bt Gv, Ev */
op = 0;
goto do_btx;
case 0x1ab: /* bts */
op = 1;
goto do_btx;
case 0x1b3: /* btr */
op = 2;
goto do_btx;
case 0x1bb: /* btc */
op = 3;
do_btx:
ot = dflag + OT_WORD;
modrm = ldub_code(s->pc++);
reg = ((modrm >> 3) & 7) | rex_r;
mod = (modrm >> 6) & 3;
rm = (modrm & 7) | REX_B(s);
gen_op_mov_TN_reg(OT_LONG, 1, reg);
if (mod != 3) {
gen_lea_modrm(s, modrm, ®_addr, &offset_addr);
/* specific case: we need to add a displacement */
gen_exts(ot, cpu_T[1]);
tcg_gen_sari_tl(cpu_tmp0, cpu_T[1], 3 + ot);
tcg_gen_shli_tl(cpu_tmp0, cpu_tmp0, ot);
tcg_gen_add_tl(cpu_A0, cpu_A0, cpu_tmp0);
gen_op_ld_T0_A0(ot + s->mem_index);
} else {
gen_op_mov_TN_reg(ot, 0, rm);
}
bt_op:
tcg_gen_andi_tl(cpu_T[1], cpu_T[1], (1 << (3 + ot)) - 1);
switch(op) {
case 0:
tcg_gen_shr_tl(cpu_cc_src, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_cc_dst, 0); <<<<<<<<<<<<<<<<<<<<<< always set zf
break;
case 1:
tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_tmp0, 1);
tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
tcg_gen_or_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
break;
case 2:
tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_tmp0, 1);
tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
tcg_gen_not_tl(cpu_tmp0, cpu_tmp0);
tcg_gen_and_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
break;
default:
case 3:
tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_tmp0, 1);
tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
tcg_gen_xor_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
break;
}
s->cc_op = CC_OP_SARB + ot;
if (op != 0) {
if (mod != 3)
gen_op_st_T0_A0(ot + s->mem_index);
else
gen_op_mov_reg_T0(ot, rm);
tcg_gen_mov_tl(cpu_cc_src, cpu_tmp4);
tcg_gen_movi_tl(cpu_cc_dst, 0); <<<<<<<<<<<<<<<<<<<<<< always set zf
}
break;
always set zf...
There is fixed patch.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/904308/+subscriptions
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Qemu-devel] [Bug 904308] Re: x86: BT/BTS/BTR/BTC: ZF flag is unaffected
2011-12-14 15:47 [Qemu-devel] [Bug 904308] [NEW] x86: BT/BTS/BTR/BTC: ZF flag is unaffected Daniil Troshkov
2011-12-14 15:47 ` [Qemu-devel] [Bug 904308] " Daniil Troshkov
@ 2011-12-14 15:58 ` Peter Maydell
2011-12-14 16:08 ` [Qemu-devel] [Bug 904308] [NEW] " malc
` (3 subsequent siblings)
5 siblings, 0 replies; 12+ messages in thread
From: Peter Maydell @ 2011-12-14 15:58 UTC (permalink / raw)
To: qemu-devel
It would be helpful if you could submit patches in line with the guidance documented on the wiki:
http://wiki.qemu.org/Contribute/SubmitAPatch
In particular, patches should be sent to the mailing list in the right
format, and we cannot apply any patch without a signed-off-by line.
Thanks.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/904308
Title:
x86: BT/BTS/BTR/BTC: ZF flag is unaffected
Status in QEMU:
New
Bug description:
Hello!
Bug was found in qemu.git.
See target-i386/translate.c:
case 0x1ba: /* bt/bts/btr/btc Gv, im */
ot = dflag + OT_WORD;
modrm = ldub_code(s->pc++);
op = (modrm >> 3) & 7;
mod = (modrm >> 6) & 3;
rm = (modrm & 7) | REX_B(s);
if (mod != 3) {
s->rip_offset = 1;
gen_lea_modrm(s, modrm, ®_addr, &offset_addr);
gen_op_ld_T0_A0(ot + s->mem_index);
} else {
gen_op_mov_TN_reg(ot, 0, rm);
}
/* load shift */
val = ldub_code(s->pc++);
gen_op_movl_T1_im(val);
if (op < 4)
goto illegal_op;
op -= 4;
goto bt_op;
case 0x1a3: /* bt Gv, Ev */
op = 0;
goto do_btx;
case 0x1ab: /* bts */
op = 1;
goto do_btx;
case 0x1b3: /* btr */
op = 2;
goto do_btx;
case 0x1bb: /* btc */
op = 3;
do_btx:
ot = dflag + OT_WORD;
modrm = ldub_code(s->pc++);
reg = ((modrm >> 3) & 7) | rex_r;
mod = (modrm >> 6) & 3;
rm = (modrm & 7) | REX_B(s);
gen_op_mov_TN_reg(OT_LONG, 1, reg);
if (mod != 3) {
gen_lea_modrm(s, modrm, ®_addr, &offset_addr);
/* specific case: we need to add a displacement */
gen_exts(ot, cpu_T[1]);
tcg_gen_sari_tl(cpu_tmp0, cpu_T[1], 3 + ot);
tcg_gen_shli_tl(cpu_tmp0, cpu_tmp0, ot);
tcg_gen_add_tl(cpu_A0, cpu_A0, cpu_tmp0);
gen_op_ld_T0_A0(ot + s->mem_index);
} else {
gen_op_mov_TN_reg(ot, 0, rm);
}
bt_op:
tcg_gen_andi_tl(cpu_T[1], cpu_T[1], (1 << (3 + ot)) - 1);
switch(op) {
case 0:
tcg_gen_shr_tl(cpu_cc_src, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_cc_dst, 0); <<<<<<<<<<<<<<<<<<<<<< always set zf
break;
case 1:
tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_tmp0, 1);
tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
tcg_gen_or_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
break;
case 2:
tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_tmp0, 1);
tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
tcg_gen_not_tl(cpu_tmp0, cpu_tmp0);
tcg_gen_and_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
break;
default:
case 3:
tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_tmp0, 1);
tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
tcg_gen_xor_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
break;
}
s->cc_op = CC_OP_SARB + ot;
if (op != 0) {
if (mod != 3)
gen_op_st_T0_A0(ot + s->mem_index);
else
gen_op_mov_reg_T0(ot, rm);
tcg_gen_mov_tl(cpu_cc_src, cpu_tmp4);
tcg_gen_movi_tl(cpu_cc_dst, 0); <<<<<<<<<<<<<<<<<<<<<< always set zf
}
break;
always set zf...
There is fixed patch.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/904308/+subscriptions
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Qemu-devel] [Bug 904308] [NEW] x86: BT/BTS/BTR/BTC: ZF flag is unaffected
2011-12-14 15:47 [Qemu-devel] [Bug 904308] [NEW] x86: BT/BTS/BTR/BTC: ZF flag is unaffected Daniil Troshkov
2011-12-14 15:47 ` [Qemu-devel] [Bug 904308] " Daniil Troshkov
2011-12-14 15:58 ` Peter Maydell
@ 2011-12-14 16:08 ` malc
2011-12-14 16:18 ` Avi Kivity
2011-12-14 16:45 ` [Qemu-devel] [Bug 904308] " Daniil Troshkov
` (2 subsequent siblings)
5 siblings, 1 reply; 12+ messages in thread
From: malc @ 2011-12-14 16:08 UTC (permalink / raw)
To: Daniil Troshkov; +Cc: qemu-devel
On Wed, 14 Dec 2011, Daniil Troshkov wrote:
> Public bug reported:
>
> Hello!
>
> Bug was found in qemu.git.
> See target-i386/translate.c:
>
[..snip..]
Intel's documentation doesn't cover this, AMD's says that ZF is undefined, so,
question is: why do you think QEMU is wrong here?
--
mailto:av1474@comtv.ru
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Qemu-devel] [Bug 904308] [NEW] x86: BT/BTS/BTR/BTC: ZF flag is unaffected
2011-12-14 16:08 ` [Qemu-devel] [Bug 904308] [NEW] " malc
@ 2011-12-14 16:18 ` Avi Kivity
2011-12-14 16:22 ` malc
0 siblings, 1 reply; 12+ messages in thread
From: Avi Kivity @ 2011-12-14 16:18 UTC (permalink / raw)
To: malc; +Cc: Daniil Troshkov, qemu-devel
On 12/14/2011 06:08 PM, malc wrote:
> On Wed, 14 Dec 2011, Daniil Troshkov wrote:
>
> > Public bug reported:
> >
> > Hello!
> >
> > Bug was found in qemu.git.
> > See target-i386/translate.c:
> >
>
> [..snip..]
>
> Intel's documentation doesn't cover this, AMD's says that ZF is undefined, so,
> question is: why do you think QEMU is wrong here?
The Intel documentation states that ZF is unaffected.
--
error compiling committee.c: too many arguments to function
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Qemu-devel] [Bug 904308] [NEW] x86: BT/BTS/BTR/BTC: ZF flag is unaffected
2011-12-14 16:18 ` Avi Kivity
@ 2011-12-14 16:22 ` malc
2011-12-14 16:28 ` Avi Kivity
0 siblings, 1 reply; 12+ messages in thread
From: malc @ 2011-12-14 16:22 UTC (permalink / raw)
To: Avi Kivity; +Cc: Daniil Troshkov, qemu-devel
On Wed, 14 Dec 2011, Avi Kivity wrote:
> On 12/14/2011 06:08 PM, malc wrote:
> > On Wed, 14 Dec 2011, Daniil Troshkov wrote:
> >
> > > Public bug reported:
> > >
> > > Hello!
> > >
> > > Bug was found in qemu.git.
> > > See target-i386/translate.c:
> > >
> >
> > [..snip..]
> >
> > Intel's documentation doesn't cover this, AMD's says that ZF is undefined, so,
> > question is: why do you think QEMU is wrong here?
>
> The Intel documentation states that ZF is unaffected.
>
Right, i was blind, anyways, AMD disagrees.
--
mailto:av1474@comtv.ru
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Qemu-devel] [Bug 904308] [NEW] x86: BT/BTS/BTR/BTC: ZF flag is unaffected
2011-12-14 16:22 ` malc
@ 2011-12-14 16:28 ` Avi Kivity
2011-12-14 16:33 ` malc
0 siblings, 1 reply; 12+ messages in thread
From: Avi Kivity @ 2011-12-14 16:28 UTC (permalink / raw)
To: malc; +Cc: Daniil Troshkov, qemu-devel
On 12/14/2011 06:22 PM, malc wrote:
> On Wed, 14 Dec 2011, Avi Kivity wrote:
>
> > On 12/14/2011 06:08 PM, malc wrote:
> > > On Wed, 14 Dec 2011, Daniil Troshkov wrote:
> > >
> > > > Public bug reported:
> > > >
> > > > Hello!
> > > >
> > > > Bug was found in qemu.git.
> > > > See target-i386/translate.c:
> > > >
> > >
> > > [..snip..]
> > >
> > > Intel's documentation doesn't cover this, AMD's says that ZF is undefined, so,
> > > question is: why do you think QEMU is wrong here?
> >
> > The Intel documentation states that ZF is unaffected.
> >
>
> Right, i was blind, anyways, AMD disagrees.
>
Best to be conservative here.
--
error compiling committee.c: too many arguments to function
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Qemu-devel] [Bug 904308] [NEW] x86: BT/BTS/BTR/BTC: ZF flag is unaffected
2011-12-14 16:28 ` Avi Kivity
@ 2011-12-14 16:33 ` malc
2011-12-14 17:42 ` Avi Kivity
0 siblings, 1 reply; 12+ messages in thread
From: malc @ 2011-12-14 16:33 UTC (permalink / raw)
To: Avi Kivity; +Cc: Daniil Troshkov, qemu-devel
On Wed, 14 Dec 2011, Avi Kivity wrote:
> On 12/14/2011 06:22 PM, malc wrote:
> > On Wed, 14 Dec 2011, Avi Kivity wrote:
> >
> > > On 12/14/2011 06:08 PM, malc wrote:
> > > > On Wed, 14 Dec 2011, Daniil Troshkov wrote:
> > > >
> > > > > Public bug reported:
> > > > >
> > > > > Hello!
> > > > >
> > > > > Bug was found in qemu.git.
> > > > > See target-i386/translate.c:
> > > > >
> > > >
> > > > [..snip..]
> > > >
> > > > Intel's documentation doesn't cover this, AMD's says that ZF is undefined, so,
> > > > question is: why do you think QEMU is wrong here?
> > >
> > > The Intel documentation states that ZF is unaffected.
> > >
> >
> > Right, i was blind, anyways, AMD disagrees.
> >
>
> Best to be conservative here.
>
Point being, any code that relies on it being in any particular state is
broken (potentially, on AMD chips)
--
mailto:av1474@comtv.ru
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Qemu-devel] [Bug 904308] Re: x86: BT/BTS/BTR/BTC: ZF flag is unaffected
2011-12-14 15:47 [Qemu-devel] [Bug 904308] [NEW] x86: BT/BTS/BTR/BTC: ZF flag is unaffected Daniil Troshkov
` (2 preceding siblings ...)
2011-12-14 16:08 ` [Qemu-devel] [Bug 904308] [NEW] " malc
@ 2011-12-14 16:45 ` Daniil Troshkov
2017-06-10 6:33 ` Thomas Huth
2017-08-10 4:17 ` Launchpad Bug Tracker
5 siblings, 0 replies; 12+ messages in thread
From: Daniil Troshkov @ 2011-12-14 16:45 UTC (permalink / raw)
To: qemu-devel
>Best to be conservative here.
What is it means?
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/904308
Title:
x86: BT/BTS/BTR/BTC: ZF flag is unaffected
Status in QEMU:
New
Bug description:
Hello!
Bug was found in qemu.git.
See target-i386/translate.c:
case 0x1ba: /* bt/bts/btr/btc Gv, im */
ot = dflag + OT_WORD;
modrm = ldub_code(s->pc++);
op = (modrm >> 3) & 7;
mod = (modrm >> 6) & 3;
rm = (modrm & 7) | REX_B(s);
if (mod != 3) {
s->rip_offset = 1;
gen_lea_modrm(s, modrm, ®_addr, &offset_addr);
gen_op_ld_T0_A0(ot + s->mem_index);
} else {
gen_op_mov_TN_reg(ot, 0, rm);
}
/* load shift */
val = ldub_code(s->pc++);
gen_op_movl_T1_im(val);
if (op < 4)
goto illegal_op;
op -= 4;
goto bt_op;
case 0x1a3: /* bt Gv, Ev */
op = 0;
goto do_btx;
case 0x1ab: /* bts */
op = 1;
goto do_btx;
case 0x1b3: /* btr */
op = 2;
goto do_btx;
case 0x1bb: /* btc */
op = 3;
do_btx:
ot = dflag + OT_WORD;
modrm = ldub_code(s->pc++);
reg = ((modrm >> 3) & 7) | rex_r;
mod = (modrm >> 6) & 3;
rm = (modrm & 7) | REX_B(s);
gen_op_mov_TN_reg(OT_LONG, 1, reg);
if (mod != 3) {
gen_lea_modrm(s, modrm, ®_addr, &offset_addr);
/* specific case: we need to add a displacement */
gen_exts(ot, cpu_T[1]);
tcg_gen_sari_tl(cpu_tmp0, cpu_T[1], 3 + ot);
tcg_gen_shli_tl(cpu_tmp0, cpu_tmp0, ot);
tcg_gen_add_tl(cpu_A0, cpu_A0, cpu_tmp0);
gen_op_ld_T0_A0(ot + s->mem_index);
} else {
gen_op_mov_TN_reg(ot, 0, rm);
}
bt_op:
tcg_gen_andi_tl(cpu_T[1], cpu_T[1], (1 << (3 + ot)) - 1);
switch(op) {
case 0:
tcg_gen_shr_tl(cpu_cc_src, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_cc_dst, 0); <<<<<<<<<<<<<<<<<<<<<< always set zf
break;
case 1:
tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_tmp0, 1);
tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
tcg_gen_or_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
break;
case 2:
tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_tmp0, 1);
tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
tcg_gen_not_tl(cpu_tmp0, cpu_tmp0);
tcg_gen_and_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
break;
default:
case 3:
tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_tmp0, 1);
tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
tcg_gen_xor_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
break;
}
s->cc_op = CC_OP_SARB + ot;
if (op != 0) {
if (mod != 3)
gen_op_st_T0_A0(ot + s->mem_index);
else
gen_op_mov_reg_T0(ot, rm);
tcg_gen_mov_tl(cpu_cc_src, cpu_tmp4);
tcg_gen_movi_tl(cpu_cc_dst, 0); <<<<<<<<<<<<<<<<<<<<<< always set zf
}
break;
always set zf...
There is fixed patch.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/904308/+subscriptions
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Qemu-devel] [Bug 904308] [NEW] x86: BT/BTS/BTR/BTC: ZF flag is unaffected
2011-12-14 16:33 ` malc
@ 2011-12-14 17:42 ` Avi Kivity
0 siblings, 0 replies; 12+ messages in thread
From: Avi Kivity @ 2011-12-14 17:42 UTC (permalink / raw)
To: malc; +Cc: Daniil Troshkov, qemu-devel
On 12/14/2011 06:33 PM, malc wrote:
> >
> > Best to be conservative here.
> >
>
> Point being, any code that relies on it being in any particular state is
> broken (potentially, on AMD chips)
Yes of course, but not all software is written to be portable. Probably
the only thing that will break here is a vendor test suite, but even so,
if we can comply to the spec, we should.
--
error compiling committee.c: too many arguments to function
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Qemu-devel] [Bug 904308] Re: x86: BT/BTS/BTR/BTC: ZF flag is unaffected
2011-12-14 15:47 [Qemu-devel] [Bug 904308] [NEW] x86: BT/BTS/BTR/BTC: ZF flag is unaffected Daniil Troshkov
` (3 preceding siblings ...)
2011-12-14 16:45 ` [Qemu-devel] [Bug 904308] " Daniil Troshkov
@ 2017-06-10 6:33 ` Thomas Huth
2017-08-10 4:17 ` Launchpad Bug Tracker
5 siblings, 0 replies; 12+ messages in thread
From: Thomas Huth @ 2017-06-10 6:33 UTC (permalink / raw)
To: qemu-devel
Looking at the previous comments ... is there anything left to do here?
Or can we close this bug nowadays?
** Changed in: qemu
Status: New => Incomplete
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/904308
Title:
x86: BT/BTS/BTR/BTC: ZF flag is unaffected
Status in QEMU:
Incomplete
Bug description:
Hello!
Bug was found in qemu.git.
See target-i386/translate.c:
case 0x1ba: /* bt/bts/btr/btc Gv, im */
ot = dflag + OT_WORD;
modrm = ldub_code(s->pc++);
op = (modrm >> 3) & 7;
mod = (modrm >> 6) & 3;
rm = (modrm & 7) | REX_B(s);
if (mod != 3) {
s->rip_offset = 1;
gen_lea_modrm(s, modrm, ®_addr, &offset_addr);
gen_op_ld_T0_A0(ot + s->mem_index);
} else {
gen_op_mov_TN_reg(ot, 0, rm);
}
/* load shift */
val = ldub_code(s->pc++);
gen_op_movl_T1_im(val);
if (op < 4)
goto illegal_op;
op -= 4;
goto bt_op;
case 0x1a3: /* bt Gv, Ev */
op = 0;
goto do_btx;
case 0x1ab: /* bts */
op = 1;
goto do_btx;
case 0x1b3: /* btr */
op = 2;
goto do_btx;
case 0x1bb: /* btc */
op = 3;
do_btx:
ot = dflag + OT_WORD;
modrm = ldub_code(s->pc++);
reg = ((modrm >> 3) & 7) | rex_r;
mod = (modrm >> 6) & 3;
rm = (modrm & 7) | REX_B(s);
gen_op_mov_TN_reg(OT_LONG, 1, reg);
if (mod != 3) {
gen_lea_modrm(s, modrm, ®_addr, &offset_addr);
/* specific case: we need to add a displacement */
gen_exts(ot, cpu_T[1]);
tcg_gen_sari_tl(cpu_tmp0, cpu_T[1], 3 + ot);
tcg_gen_shli_tl(cpu_tmp0, cpu_tmp0, ot);
tcg_gen_add_tl(cpu_A0, cpu_A0, cpu_tmp0);
gen_op_ld_T0_A0(ot + s->mem_index);
} else {
gen_op_mov_TN_reg(ot, 0, rm);
}
bt_op:
tcg_gen_andi_tl(cpu_T[1], cpu_T[1], (1 << (3 + ot)) - 1);
switch(op) {
case 0:
tcg_gen_shr_tl(cpu_cc_src, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_cc_dst, 0); <<<<<<<<<<<<<<<<<<<<<< always set zf
break;
case 1:
tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_tmp0, 1);
tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
tcg_gen_or_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
break;
case 2:
tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_tmp0, 1);
tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
tcg_gen_not_tl(cpu_tmp0, cpu_tmp0);
tcg_gen_and_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
break;
default:
case 3:
tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_tmp0, 1);
tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
tcg_gen_xor_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
break;
}
s->cc_op = CC_OP_SARB + ot;
if (op != 0) {
if (mod != 3)
gen_op_st_T0_A0(ot + s->mem_index);
else
gen_op_mov_reg_T0(ot, rm);
tcg_gen_mov_tl(cpu_cc_src, cpu_tmp4);
tcg_gen_movi_tl(cpu_cc_dst, 0); <<<<<<<<<<<<<<<<<<<<<< always set zf
}
break;
always set zf...
There is fixed patch.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/904308/+subscriptions
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Qemu-devel] [Bug 904308] Re: x86: BT/BTS/BTR/BTC: ZF flag is unaffected
2011-12-14 15:47 [Qemu-devel] [Bug 904308] [NEW] x86: BT/BTS/BTR/BTC: ZF flag is unaffected Daniil Troshkov
` (4 preceding siblings ...)
2017-06-10 6:33 ` Thomas Huth
@ 2017-08-10 4:17 ` Launchpad Bug Tracker
5 siblings, 0 replies; 12+ messages in thread
From: Launchpad Bug Tracker @ 2017-08-10 4:17 UTC (permalink / raw)
To: qemu-devel
[Expired for QEMU because there has been no activity for 60 days.]
** Changed in: qemu
Status: Incomplete => Expired
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/904308
Title:
x86: BT/BTS/BTR/BTC: ZF flag is unaffected
Status in QEMU:
Expired
Bug description:
Hello!
Bug was found in qemu.git.
See target-i386/translate.c:
case 0x1ba: /* bt/bts/btr/btc Gv, im */
ot = dflag + OT_WORD;
modrm = ldub_code(s->pc++);
op = (modrm >> 3) & 7;
mod = (modrm >> 6) & 3;
rm = (modrm & 7) | REX_B(s);
if (mod != 3) {
s->rip_offset = 1;
gen_lea_modrm(s, modrm, ®_addr, &offset_addr);
gen_op_ld_T0_A0(ot + s->mem_index);
} else {
gen_op_mov_TN_reg(ot, 0, rm);
}
/* load shift */
val = ldub_code(s->pc++);
gen_op_movl_T1_im(val);
if (op < 4)
goto illegal_op;
op -= 4;
goto bt_op;
case 0x1a3: /* bt Gv, Ev */
op = 0;
goto do_btx;
case 0x1ab: /* bts */
op = 1;
goto do_btx;
case 0x1b3: /* btr */
op = 2;
goto do_btx;
case 0x1bb: /* btc */
op = 3;
do_btx:
ot = dflag + OT_WORD;
modrm = ldub_code(s->pc++);
reg = ((modrm >> 3) & 7) | rex_r;
mod = (modrm >> 6) & 3;
rm = (modrm & 7) | REX_B(s);
gen_op_mov_TN_reg(OT_LONG, 1, reg);
if (mod != 3) {
gen_lea_modrm(s, modrm, ®_addr, &offset_addr);
/* specific case: we need to add a displacement */
gen_exts(ot, cpu_T[1]);
tcg_gen_sari_tl(cpu_tmp0, cpu_T[1], 3 + ot);
tcg_gen_shli_tl(cpu_tmp0, cpu_tmp0, ot);
tcg_gen_add_tl(cpu_A0, cpu_A0, cpu_tmp0);
gen_op_ld_T0_A0(ot + s->mem_index);
} else {
gen_op_mov_TN_reg(ot, 0, rm);
}
bt_op:
tcg_gen_andi_tl(cpu_T[1], cpu_T[1], (1 << (3 + ot)) - 1);
switch(op) {
case 0:
tcg_gen_shr_tl(cpu_cc_src, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_cc_dst, 0); <<<<<<<<<<<<<<<<<<<<<< always set zf
break;
case 1:
tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_tmp0, 1);
tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
tcg_gen_or_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
break;
case 2:
tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_tmp0, 1);
tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
tcg_gen_not_tl(cpu_tmp0, cpu_tmp0);
tcg_gen_and_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
break;
default:
case 3:
tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
tcg_gen_movi_tl(cpu_tmp0, 1);
tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
tcg_gen_xor_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
break;
}
s->cc_op = CC_OP_SARB + ot;
if (op != 0) {
if (mod != 3)
gen_op_st_T0_A0(ot + s->mem_index);
else
gen_op_mov_reg_T0(ot, rm);
tcg_gen_mov_tl(cpu_cc_src, cpu_tmp4);
tcg_gen_movi_tl(cpu_cc_dst, 0); <<<<<<<<<<<<<<<<<<<<<< always set zf
}
break;
always set zf...
There is fixed patch.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/904308/+subscriptions
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2017-08-10 4:30 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-12-14 15:47 [Qemu-devel] [Bug 904308] [NEW] x86: BT/BTS/BTR/BTC: ZF flag is unaffected Daniil Troshkov
2011-12-14 15:47 ` [Qemu-devel] [Bug 904308] " Daniil Troshkov
2011-12-14 15:58 ` Peter Maydell
2011-12-14 16:08 ` [Qemu-devel] [Bug 904308] [NEW] " malc
2011-12-14 16:18 ` Avi Kivity
2011-12-14 16:22 ` malc
2011-12-14 16:28 ` Avi Kivity
2011-12-14 16:33 ` malc
2011-12-14 17:42 ` Avi Kivity
2011-12-14 16:45 ` [Qemu-devel] [Bug 904308] " Daniil Troshkov
2017-06-10 6:33 ` Thomas Huth
2017-08-10 4:17 ` Launchpad Bug Tracker
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.