qemu/target/i386/tcg
Paolo Bonzini 60c7dd22e1 target/i386: fix ADOX followed by ADCX
When ADCX is followed by ADOX or vice versa, the second instruction's
carry comes from EFLAGS and the condition codes use the CC_OP_ADCOX
operation.  Retrieving the carry from EFLAGS is handled by this bit
of gen_ADCOX:

        tcg_gen_extract_tl(carry_in, cpu_cc_src,
            ctz32(cc_op == CC_OP_ADCX ? CC_C : CC_O), 1);

Unfortunately, in this case cc_op has been overwritten by the previous
"if" statement to CC_OP_ADCOX.  This works by chance when the first
instruction is ADCX; however, if the first instruction is ADOX,
ADCX will incorrectly take its carry from OF instead of CF.

Fix by moving the computation of the new cc_op at the end of the function.
The included exhaustive test case fails without this patch and passes
afterwards.

Because ADCX/ADOX need not be invoked through the VEX prefix, this
regression bisects to commit 16fc5726a6 ("target/i386: reimplement
0x0f 0x38, add AVX", 2022-10-18).  However, the mistake happened a
little earlier, when BMI instructions were rewritten using the new
decoder framework.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1471
Reported-by: Paul Jolly <https://gitlab.com/myitcv>
Fixes: 1d0b926150 ("target/i386: move scalar 0F 38 and 0F 3A instruction to new decoder", 2022-10-18)
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-02-11 09:07:25 +01:00
..
sysemu target/i386: Always completely initialize TranslateFault 2022-12-01 09:53:24 +01:00
user target/i386: Raise #GP on unaligned m128 accesses when required. 2022-09-18 09:17:40 +02:00
bpt_helper.c compiler.h: replace QEMU_NORETURN with G_NORETURN 2022-04-21 17:03:51 +04:00
cc_helper_template.h
cc_helper.c target/i386: Expand eflags updates inline 2022-11-01 08:31:41 +11:00
decode-new.c.inc target/i386: fix operand size of unary SSE operations 2023-01-11 10:44:35 +01:00
decode-new.h target/i386: implement FMA instructions 2022-10-22 09:05:54 +02:00
emit.c.inc target/i386: fix ADOX followed by ADCX 2023-02-11 09:07:25 +01:00
excp_helper.c target/i386: Raise #GP on unaligned m128 accesses when required. 2022-09-18 09:17:40 +02:00
fpu_helper.c target/i386: introduce function to set rounding mode from FPCW or MXCSR bits 2022-10-20 15:16:13 +02:00
helper-tcg.h target/i386: Raise #GP on unaligned m128 accesses when required. 2022-09-18 09:17:40 +02:00
int_helper.c exec/exec-all: Move 'qemu/log.h' include in units requiring it 2022-02-21 10:18:06 +01:00
mem_helper.c target/i386: Inline cmpxchg16b 2023-02-04 06:19:43 -10:00
meson.build i386: split svm_helper into sysemu and stub-only user 2021-05-10 15:41:51 -04:00
misc_helper.c compiler.h: replace QEMU_NORETURN with G_NORETURN 2022-04-21 17:03:51 +04:00
mpx_helper.c i386: move TCG cpu class initialization to tcg/ 2020-12-16 15:50:33 -05:00
seg_helper.c i386: Emit correct error code for 64-bit IDT entry 2023-01-11 09:59:38 +01:00
seg_helper.h i386: split seg_helper into user-only and sysemu parts 2021-05-10 15:41:52 -04:00
tcg-cpu.c target/i386: Convert to tcg_ops restore_state_to_opc 2022-10-26 11:11:28 +10:00
tcg-cpu.h target/i386: Move X86XSaveArea into TCG 2021-07-06 08:33:51 +02:00
tcg-stub.c
translate.c target/i386: Inline cmpxchg16b 2023-02-04 06:19:43 -10:00