[Qemu-devel] Re: [BUG] QEMU x86_64 SSE bug in modf() + MMX bug

[Ludovic Drolez]

I've also found the buggy SSE instruction by tracing modf() with gdb.
It's similar to the MMX bug found below: only the 32 bits part of the register 
is stored instead of the whole 64 bits.

The bug is in the movd instruction in 64 bits emulation.
Under gdb, just before the movd I had %rsi=0x3FF0000000000000
and, after movd, %xmm0=0 ! Only the 32bits part seems to be copied when
the source is a 64bits register.

   2edaa:       48 d3 e0                shl    %cl,%rax
   2edad:       48 21 c6                and    %rax,%rsi
   2edb0:       66 48 0f 6e c6          movd   %rsi,%xmm0

So in fact the valgrind mmx bug and the modf() bug have the same cause.

Anyone knows where to fix this bug ?

Cheers,

  Ludovic.

> Hi !
>
> I've run the valgrind tests on Qemu 0.8.2, in particular insn_basic, 
> insn_fpu,  _mmx, _sse, _sse2. No bugs were found in SSE and FPU 
> emulation, but one was found in MMX !:
>
>   ~/tests/none/tests/amd64 # diff insn_mmx.r insn_mmx.stdout.exp
>   1,6c1,2
>   < movd_1 ... not ok
>   <   result0.sd[0] = 1234 (expected 1234)
>   <   result0.sd[1] = 0 (expected 5678)
>   < movd_2 ... not ok
>   <   result0.sd[0] = 1234 (expected 1234)
>   <   result0.sd[1] = 0 (expected 5678)
>   ---
>   > movd_1 ... ok
>   > movd_2 ... ok
>
> Which comes from the following test:
>   #
>   # %mm <-> ireg64
>   #
>   movd mm.sd[1234,5678] r64.sd[1111,2222] => 1.sd[1234,5678]
>   movd r64.sd[1234,5678] mm.sd[1111,2222] => 1.sd[1234,5678]
>
>
> So one MMX bug when using 64 bits regs has been found, but the SSE2 bug is
> still a mystery :-(
>
> Cheers,


--
Ludovic DROLEZ                              Linbox / Free&ALter Soft
www.linbox.com www.linbox.org