qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [Bug 1641637] [NEW] incorrect illegal SSE3 instructions rep


From: Jie
Subject: [Qemu-devel] [Bug 1641637] [NEW] incorrect illegal SSE3 instructions reporting on x86_64
Date: Mon, 14 Nov 2016 15:45:36 -0000

Public bug reported:

Hi all, we found 28 differently encoded illegal SSE3 instructions
reporting on the most recent x86_64 user mode linux qemu (version
2.7.0). We believe these reporting should be incorrect because the same
code can be executed on a real machine. The instructions are the
following:

pabsb %mm0, %mm1
pabsb %xmm0, %xmm1
pabsd %mm0, %mm1
pabsd %xmm0, %xmm1
pabsw %mm0, %mm1
pabsw %xmm0, %xmm1
phaddd %mm0, %mm1
phaddd %xmm0, %xmm1
phaddsw %mm0, %mm1
phaddsw %xmm0, %xmm1
phaddw %mm0, %mm1
phaddw %xmm0, %xmm1
phsubd %mm0, %mm1
phsubd %xmm0, %xmm1
phsubsw %mm0, %mm1
phsubsw %xmm0, %xmm1
phsubw %mm0, %mm1
phsubw %xmm0, %xmm1
pmaddubsw %mm0, %mm1
pmaddubsw %xmm0, %xmm1
pmulhrsw %mm0, %mm1
pmulhrsw %xmm0, %xmm1
psignb %mm0, %mm1
psignb %xmm0, %xmm1
psignd %mm0, %mm1
psignd %xmm0, %xmm1
psignw %mm0, %mm1
psignw %xmm0, %xmm1

The following is the proof of code

/********** Beginning of bug 1.c: pabsb %mm0, %mm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
    asm("pabsb %mm0, %mm1");
    asm("mov %0, %%rdx\n"
        "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 1.c **********/


/********** Beginning of bug 2.c: pabsb %xmm0, %xmm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
    asm("pabsb %xmm0, %xmm1");
    asm("mov %0, %%rdx\n"
        "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 2.c **********/


/********** Beginning of bug 3.c: pabsd %mm0, %mm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
    asm("pabsd %mm0, %mm1");
    asm("mov %0, %%rdx\n"
        "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 3.c **********/


/********** Beginning of bug 4.c: pabsd %xmm0, %xmm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
    asm("pabsd %xmm0, %xmm1");
    asm("mov %0, %%rdx\n"
        "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 4.c **********/


/********** Beginning of bug 5.c: pabsw %mm0, %mm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
    asm("pabsw %mm0, %mm1");
    asm("mov %0, %%rdx\n"
        "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 5.c **********/


/********** Beginning of bug 6.c: pabsw %xmm0, %xmm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
    asm("pabsw %xmm0, %xmm1");
    asm("mov %0, %%rdx\n"
        "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 6.c **********/


/********** Beginning of bug 7.c: phaddd %mm0, %mm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
    asm("phaddd %mm0, %mm1");
    asm("mov %0, %%rdx\n"
        "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 7.c **********/


/********** Beginning of bug 8.c: phaddd %xmm0, %xmm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
    asm("phaddd %xmm0, %xmm1");
    asm("mov %0, %%rdx\n"
        "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 8.c **********/


/********** Beginning of bug 9.c: phaddsw %mm0, %mm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
    asm("phaddsw %mm0, %mm1");
    asm("mov %0, %%rdx\n"
        "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 9.c **********/


/********** Beginning of bug 10.c: phaddsw %xmm0, %xmm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
    asm("phaddsw %xmm0, %xmm1");
    asm("mov %0, %%rdx\n"
        "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 10.c **********/


/********** Beginning of bug 11.c: phaddw %mm0, %mm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
    asm("phaddw %mm0, %mm1");
    asm("mov %0, %%rdx\n"
        "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 11.c **********/


/********** Beginning of bug 12.c: phaddw %xmm0, %xmm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
    asm("phaddw %xmm0, %xmm1");
    asm("mov %0, %%rdx\n"
        "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 12.c **********/


/********** Beginning of bug 13.c: phsubd %mm0, %mm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
    asm("phsubd %mm0, %mm1");
    asm("mov %0, %%rdx\n"
        "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 13.c **********/


/********** Beginning of bug 14.c: phsubd %xmm0, %xmm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
    asm("phsubd %xmm0, %xmm1");
    asm("mov %0, %%rdx\n"
        "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 14.c **********/


/********** Beginning of bug 15.c: phsubsw %mm0, %mm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
    asm("phsubsw %mm0, %mm1");
    asm("mov %0, %%rdx\n"
        "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 15.c **********/


/********** Beginning of bug 16.c: phsubsw %xmm0, %xmm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
    asm("phsubsw %xmm0, %xmm1");
    asm("mov %0, %%rdx\n"
        "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 16.c **********/


/********** Beginning of bug 17.c: phsubw %mm0, %mm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
    asm("phsubw %mm0, %mm1");
    asm("mov %0, %%rdx\n"
        "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 17.c **********/


/********** Beginning of bug 18.c: phsubw %xmm0, %xmm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
    asm("phsubw %xmm0, %xmm1");
    asm("mov %0, %%rdx\n"
        "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 18.c **********/


/********** Beginning of bug 19.c: pmaddubsw %mm0, %mm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char i2[0x10];
unsigned char i3[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm0\n"::"r"((char *)(i2)));;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm1\n"::"r"((char *)(i3)));;
    asm("pmaddubsw %mm0, %mm1");
    asm("mov %0, %%rdx\n"
        "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 19.c **********/


/********** Beginning of bug 20.c: pmaddubsw %xmm0, %xmm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char i2[0x10];
unsigned char i3[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i2)));;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i3)));;
    asm("pmaddubsw %xmm0, %xmm1");
    asm("mov %0, %%rdx\n"
        "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 20.c **********/


/********** Beginning of bug 21.c: pmulhrsw %mm0, %mm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
    asm("pmulhrsw %mm0, %mm1");
    asm("mov %0, %%rdx\n"
        "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 21.c **********/


/********** Beginning of bug 22.c: pmulhrsw %xmm0, %xmm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
    asm("pmulhrsw %xmm0, %xmm1");
    asm("mov %0, %%rdx\n"
        "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 22.c **********/


/********** Beginning of bug 23.c: psignb %mm0, %mm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
    asm("psignb %mm0, %mm1");
    asm("mov %0, %%rdx\n"
        "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 23.c **********/


/********** Beginning of bug 24.c: psignb %xmm0, %xmm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
    asm("psignb %xmm0, %xmm1");
    asm("mov %0, %%rdx\n"
        "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 24.c **********/


/********** Beginning of bug 25.c: psignd %mm0, %mm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
    asm("psignd %mm0, %mm1");
    asm("mov %0, %%rdx\n"
        "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 25.c **********/


/********** Beginning of bug 26.c: psignd %xmm0, %xmm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
    asm("psignd %xmm0, %xmm1");
    asm("mov %0, %%rdx\n"
        "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 26.c **********/


/********** Beginning of bug 27.c: psignw %mm0, %mm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
    asm("psignw %mm0, %mm1");
    asm("mov %0, %%rdx\n"
        "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 27.c **********/


/********** Beginning of bug 28.c: psignw %xmm0, %xmm1 **********/

int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
    int k = 0;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));;
    asm("mov %0, %%rdx\n"
        "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
    asm("psignw %xmm0, %xmm1");
    asm("mov %0, %%rdx\n"
        "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
    for (k = 0; k < 0x10; k++)
        printf("%02x", o[0x10 - 1 - k]);
    printf("\n");
}

/********** End of bug 28.c **********/

For any of the above code, when compiled into x86-64 binary code with
gcc, qemu reports the illegal instructions bug. However, these can be
correctly executed on a real machine. For example,

$ gcc 28.c -o 28
$ qemu-x86_64 ./28
qemu: uncaught target signal 4 (Illegal instruction) - core dumped
Illegal instruction
$ ./28
00000000000000000000000000000000

Some information about the system:

$ qemu-x86_64 --version
qemu-x86_64 version 2.7.0, Copyright (c) 2003-2016 Fabrice Bellard and the QEMU 
Project developers
$ uname -a
Linux cgos-System-Product-Name 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 
03:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
$ gcc --version
gcc (Ubuntu 4.8.4-2ubuntu1~14.04) 4.8.4
Copyright (C) 2013 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.


Thanks!

** Affects: qemu
     Importance: Undecided
         Status: New

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1641637

Title:
  incorrect illegal SSE3 instructions reporting on x86_64

Status in QEMU:
  New

Bug description:
  Hi all, we found 28 differently encoded illegal SSE3 instructions
  reporting on the most recent x86_64 user mode linux qemu (version
  2.7.0). We believe these reporting should be incorrect because the
  same code can be executed on a real machine. The instructions are the
  following:

  pabsb %mm0, %mm1
  pabsb %xmm0, %xmm1
  pabsd %mm0, %mm1
  pabsd %xmm0, %xmm1
  pabsw %mm0, %mm1
  pabsw %xmm0, %xmm1
  phaddd %mm0, %mm1
  phaddd %xmm0, %xmm1
  phaddsw %mm0, %mm1
  phaddsw %xmm0, %xmm1
  phaddw %mm0, %mm1
  phaddw %xmm0, %xmm1
  phsubd %mm0, %mm1
  phsubd %xmm0, %xmm1
  phsubsw %mm0, %mm1
  phsubsw %xmm0, %xmm1
  phsubw %mm0, %mm1
  phsubw %xmm0, %xmm1
  pmaddubsw %mm0, %mm1
  pmaddubsw %xmm0, %xmm1
  pmulhrsw %mm0, %mm1
  pmulhrsw %xmm0, %xmm1
  psignb %mm0, %mm1
  psignb %xmm0, %xmm1
  psignd %mm0, %mm1
  psignd %xmm0, %xmm1
  psignw %mm0, %mm1
  psignw %xmm0, %xmm1

  The following is the proof of code

  /********** Beginning of bug 1.c: pabsb %mm0, %mm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
      asm("pabsb %mm0, %mm1");
      asm("mov %0, %%rdx\n"
          "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 1.c **********/

  
  /********** Beginning of bug 2.c: pabsb %xmm0, %xmm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
      asm("pabsb %xmm0, %xmm1");
      asm("mov %0, %%rdx\n"
          "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 2.c **********/

  
  /********** Beginning of bug 3.c: pabsd %mm0, %mm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
      asm("pabsd %mm0, %mm1");
      asm("mov %0, %%rdx\n"
          "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 3.c **********/

  
  /********** Beginning of bug 4.c: pabsd %xmm0, %xmm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
      asm("pabsd %xmm0, %xmm1");
      asm("mov %0, %%rdx\n"
          "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 4.c **********/

  
  /********** Beginning of bug 5.c: pabsw %mm0, %mm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
      asm("pabsw %mm0, %mm1");
      asm("mov %0, %%rdx\n"
          "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 5.c **********/

  
  /********** Beginning of bug 6.c: pabsw %xmm0, %xmm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
      asm("pabsw %xmm0, %xmm1");
      asm("mov %0, %%rdx\n"
          "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 6.c **********/

  
  /********** Beginning of bug 7.c: phaddd %mm0, %mm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
      asm("phaddd %mm0, %mm1");
      asm("mov %0, %%rdx\n"
          "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 7.c **********/

  
  /********** Beginning of bug 8.c: phaddd %xmm0, %xmm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
      asm("phaddd %xmm0, %xmm1");
      asm("mov %0, %%rdx\n"
          "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 8.c **********/

  
  /********** Beginning of bug 9.c: phaddsw %mm0, %mm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
      asm("phaddsw %mm0, %mm1");
      asm("mov %0, %%rdx\n"
          "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 9.c **********/

  
  /********** Beginning of bug 10.c: phaddsw %xmm0, %xmm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
      asm("phaddsw %xmm0, %xmm1");
      asm("mov %0, %%rdx\n"
          "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 10.c **********/

  
  /********** Beginning of bug 11.c: phaddw %mm0, %mm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
      asm("phaddw %mm0, %mm1");
      asm("mov %0, %%rdx\n"
          "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 11.c **********/

  
  /********** Beginning of bug 12.c: phaddw %xmm0, %xmm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
      asm("phaddw %xmm0, %xmm1");
      asm("mov %0, %%rdx\n"
          "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 12.c **********/

  
  /********** Beginning of bug 13.c: phsubd %mm0, %mm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
      asm("phsubd %mm0, %mm1");
      asm("mov %0, %%rdx\n"
          "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 13.c **********/

  
  /********** Beginning of bug 14.c: phsubd %xmm0, %xmm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
      asm("phsubd %xmm0, %xmm1");
      asm("mov %0, %%rdx\n"
          "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 14.c **********/

  
  /********** Beginning of bug 15.c: phsubsw %mm0, %mm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
      asm("phsubsw %mm0, %mm1");
      asm("mov %0, %%rdx\n"
          "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 15.c **********/

  
  /********** Beginning of bug 16.c: phsubsw %xmm0, %xmm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
      asm("phsubsw %xmm0, %xmm1");
      asm("mov %0, %%rdx\n"
          "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 16.c **********/

  
  /********** Beginning of bug 17.c: phsubw %mm0, %mm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
      asm("phsubw %mm0, %mm1");
      asm("mov %0, %%rdx\n"
          "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 17.c **********/

  
  /********** Beginning of bug 18.c: phsubw %xmm0, %xmm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
      asm("phsubw %xmm0, %xmm1");
      asm("mov %0, %%rdx\n"
          "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 18.c **********/

  
  /********** Beginning of bug 19.c: pmaddubsw %mm0, %mm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char i2[0x10];
  unsigned char i3[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm0\n"::"r"((char *)(i2)));;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm1\n"::"r"((char *)(i3)));;
      asm("pmaddubsw %mm0, %mm1");
      asm("mov %0, %%rdx\n"
          "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 19.c **********/

  
  /********** Beginning of bug 20.c: pmaddubsw %xmm0, %xmm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char i2[0x10];
  unsigned char i3[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i2)));;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i3)));;
      asm("pmaddubsw %xmm0, %xmm1");
      asm("mov %0, %%rdx\n"
          "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 20.c **********/

  
  /********** Beginning of bug 21.c: pmulhrsw %mm0, %mm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
      asm("pmulhrsw %mm0, %mm1");
      asm("mov %0, %%rdx\n"
          "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 21.c **********/

  
  /********** Beginning of bug 22.c: pmulhrsw %xmm0, %xmm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
      asm("pmulhrsw %xmm0, %xmm1");
      asm("mov %0, %%rdx\n"
          "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 22.c **********/

  
  /********** Beginning of bug 23.c: psignb %mm0, %mm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
      asm("psignb %mm0, %mm1");
      asm("mov %0, %%rdx\n"
          "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 23.c **********/

  
  /********** Beginning of bug 24.c: psignb %xmm0, %xmm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
      asm("psignb %xmm0, %xmm1");
      asm("mov %0, %%rdx\n"
          "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 24.c **********/

  
  /********** Beginning of bug 25.c: psignd %mm0, %mm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
      asm("psignd %mm0, %mm1");
      asm("mov %0, %%rdx\n"
          "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 25.c **********/

  
  /********** Beginning of bug 26.c: psignd %xmm0, %xmm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
      asm("psignd %xmm0, %xmm1");
      asm("mov %0, %%rdx\n"
          "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 26.c **********/

  
  /********** Beginning of bug 27.c: psignw %mm0, %mm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
      asm("psignw %mm0, %mm1");
      asm("mov %0, %%rdx\n"
          "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 27.c **********/

  
  /********** Beginning of bug 28.c: psignw %xmm0, %xmm1 **********/

  int printf(const char *format, ...);
  unsigned char i0[0x10];
  unsigned char i1[0x10];
  unsigned char o[0x10];
  int main() {
      int k = 0;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));;
      asm("mov %0, %%rdx\n"
          "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
      asm("psignw %xmm0, %xmm1");
      asm("mov %0, %%rdx\n"
          "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
      for (k = 0; k < 0x10; k++)
          printf("%02x", o[0x10 - 1 - k]);
      printf("\n");
  }

  /********** End of bug 28.c **********/

  For any of the above code, when compiled into x86-64 binary code with
  gcc, qemu reports the illegal instructions bug. However, these can be
  correctly executed on a real machine. For example,

  $ gcc 28.c -o 28
  $ qemu-x86_64 ./28
  qemu: uncaught target signal 4 (Illegal instruction) - core dumped
  Illegal instruction
  $ ./28
  00000000000000000000000000000000

  Some information about the system:

  $ qemu-x86_64 --version
  qemu-x86_64 version 2.7.0, Copyright (c) 2003-2016 Fabrice Bellard and the 
QEMU Project developers
  $ uname -a
  Linux cgos-System-Product-Name 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 
03:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
  $ gcc --version
  gcc (Ubuntu 4.8.4-2ubuntu1~14.04) 4.8.4
  Copyright (C) 2013 Free Software Foundation, Inc.
  This is free software; see the source for copying conditions.  There is NO
  warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

  
  Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1641637/+subscriptions



reply via email to

[Prev in Thread] Current Thread [Next in Thread]