From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1H6sSY-0007lE-IR
	for qemu-devel@nongnu.org; Tue, 16 Jan 2007 12:50:58 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1H6sST-0007kO-RZ
	for qemu-devel@nongnu.org; Tue, 16 Jan 2007 12:50:57 -0500
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1H6sST-0007kK-Lc
	for qemu-devel@nongnu.org; Tue, 16 Jan 2007 12:50:53 -0500
Received: from [82.232.2.251] (helo=mail.aurel32.net)
	by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32)
	(Exim 4.52) id 1H6sST-0000mU-01
	for qemu-devel@nongnu.org; Tue, 16 Jan 2007 12:50:53 -0500
Received: from anguille.univ-lyon1.fr ([134.214.4.207])
	by mail.aurel32.net with esmtpsa (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.63) (envelope-from <aurelien@aurel32.net>)
	id 1H6sSR-0000RJ-Qc
	for qemu-devel@nongnu.org; Tue, 16 Jan 2007 18:50:51 +0100
Message-ID: <45AD1068.40507@aurel32.net>
Date: Tue, 16 Jan 2007 18:50:32 +0100
From: Aurelien Jarno <aurelien@aurel32.net>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] Re: [BUG] QEMU x86_64 SSE bug in modf() + MMX bug
References: <45AB54D9.9020207@linbox.com>	<20070115115410.GA25141@tapir.sajinet.com.pe>	<200701151416.03608.jseward@acm.org>	<45ACB57C.4090304@linbox.com>
	<45ACFB1E.4020803@linbox.com>
In-Reply-To: <45ACFB1E.4020803@linbox.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Ludovic Drolez a écrit :
> I've also found the buggy SSE instruction by tracing modf() with gdb.
> It's similar to the MMX bug found below: only the 32 bits part of the register 
> is stored instead of the whole 64 bits.
> 
> The bug is in the movd instruction in 64 bits emulation.
> Under gdb, just before the movd I had %rsi=0x3FF0000000000000
> and, after movd, %xmm0=0 ! Only the 32bits part seems to be copied when
> the source is a 64bits register.
> 
>     2edaa:       48 d3 e0                shl    %cl,%rax
>     2edad:       48 21 c6                and    %rax,%rsi
>     2edb0:       66 48 0f 6e c6          movd   %rsi,%xmm0
> 
> So in fact the valgrind mmx bug and the modf() bug have the same cause.
> 

I have just looked at the documentation from AMD. I confirm that in
32-bit mode, the 32 bits of the register have to be copied in the lower
part of mmx or xmm register. In 64-bit mode, the 64 bits of the register
have to be copied in the mmx register or in the lower part of the xmm
register.

So that confirms the implementation in QEMU is wrong.

-- 
  .''`.  Aurelien Jarno	            | GPG: 1024D/F1BCDB73
 : :' :  Debian developer           | Electrical Engineer
 `. `'   aurel32@debian.org         | aurelien@aurel32.net
   `-    people.debian.org/~aurel32 | www.aurel32.net