From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1H6r2L-0006XX-36
	for qemu-devel@nongnu.org; Tue, 16 Jan 2007 11:19:49 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1H6r2I-0006Wi-4S
	for qemu-devel@nongnu.org; Tue, 16 Jan 2007 11:19:48 -0500
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1H6r2I-0006Wf-0u
	for qemu-devel@nongnu.org; Tue, 16 Jan 2007 11:19:46 -0500
Received: from [81.56.128.63] (helo=fbxmetz.linbox.com)
	by monty-python.gnu.org with esmtp (Exim 4.52) id 1H6r2H-0008Oy-AI
	for qemu-devel@nongnu.org; Tue, 16 Jan 2007 11:19:45 -0500
Message-ID: <45ACFB1E.4020803@linbox.com>
Date: Tue, 16 Jan 2007 17:19:42 +0100
From: Ludovic Drolez <ldrolez@linbox.com>
MIME-Version: 1.0
References: <45AB54D9.9020207@linbox.com>	<20070115115410.GA25141@tapir.sajinet.com.pe>	<200701151416.03608.jseward@acm.org>
	<45ACB57C.4090304@linbox.com>
In-Reply-To: <45ACB57C.4090304@linbox.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] Re: [BUG] QEMU x86_64 SSE bug in modf() + MMX bug
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

I've also found the buggy SSE instruction by tracing modf() with gdb.
It's similar to the MMX bug found below: only the 32 bits part of the register 
is stored instead of the whole 64 bits.

The bug is in the movd instruction in 64 bits emulation.
Under gdb, just before the movd I had %rsi=0x3FF0000000000000
and, after movd, %xmm0=0 ! Only the 32bits part seems to be copied when
the source is a 64bits register.

    2edaa:       48 d3 e0                shl    %cl,%rax
    2edad:       48 21 c6                and    %rax,%rsi
    2edb0:       66 48 0f 6e c6          movd   %rsi,%xmm0

So in fact the valgrind mmx bug and the modf() bug have the same cause.

Anyone knows where to fix this bug ?

Cheers,

   Ludovic.

> 
> Hi !
> 
> I've run the valgrind tests on Qemu 0.8.2, in particular insn_basic, 
> insn_fpu,  _mmx, _sse, _sse2. No bugs were found in SSE and FPU 
> emulation, but one was found in MMX !:
> 
>   ~/tests/none/tests/amd64 # diff insn_mmx.r insn_mmx.stdout.exp
>   1,6c1,2
>   < movd_1 ... not ok
>   <   result0.sd[0] = 1234 (expected 1234)
>   <   result0.sd[1] = 0 (expected 5678)
>   < movd_2 ... not ok
>   <   result0.sd[0] = 1234 (expected 1234)
>   <   result0.sd[1] = 0 (expected 5678)
>   ---
>   > movd_1 ... ok
>   > movd_2 ... ok
> 
> Which comes from the following test:
>   #
>   # %mm <-> ireg64
>   #
>   movd mm.sd[1234,5678] r64.sd[1111,2222] => 1.sd[1234,5678]
>   movd r64.sd[1234,5678] mm.sd[1111,2222] => 1.sd[1234,5678]
> 
> 
> So one MMX bug when using 64 bits regs has been found, but the SSE2 bug is
> still a mystery :-(
> 
> Cheers,
> 
> 


-- 
Ludovic DROLEZ                              Linbox / Free&ALter Soft
www.linbox.com www.linbox.org