The Intel specification clearly indicates that the low part
of the result is written first and the high part of the result
is written second; thus if ModRM:reg and VEX.vvvv are identical,
the final result should be the high part of the result.
At present, TCG may either produce incorrect results or crash
with --enable-checking.
Reported-by: Toni Nedialkov <farm...@gmail.com>
Reported-by: Max Reitz <mre...@redhat.com>
Signed-off-by: Richard Henderson <r...@twiddle.net>
---
target-i386/translate.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/target-i386/translate.c b/target-i386/translate.c
index fbe4f80..a3dd167 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -3848,8 +3848,10 @@ static void gen_sse(CPUX86State *env, DisasContext *s,
int b,
break;
#ifdef TARGET_X86_64
case MO_64:
- tcg_gen_mulu2_i64(cpu_regs[s->vex_v], cpu_regs[reg],
+ tcg_gen_mulu2_i64(cpu_T[0], cpu_T[1],
cpu_T[0], cpu_regs[R_EDX]);
+ tcg_gen_mov_i64(cpu_regs[s->vex_v], cpu_T[0]);
+ tcg_gen_mov_i64(cpu_regs[reg], cpu_T[1]);
break;
#endif
}
--
2.4.3
