Re: [Qemu-devel] Re: [BUG] QEMU x86_64 SSE bug in modf() + MMX bug
Ludovic Drolez a écrit : > I've also found the buggy SSE instruction by tracing modf() with gdb. > It's similar to the MMX bug found below: only the 32 bits part of the > register > is stored instead of the whole 64 bits. > > The bug is in the movd instruction in 64 bits emulation. > Under gdb, just before the movd I had %rsi=0x3FF0 > and, after movd, %xmm0=0 ! Only the 32bits part seems to be copied when > the source is a 64bits register. > > 2edaa: 48 d3 e0shl%cl,%rax > 2edad: 48 21 c6and%rax,%rsi > 2edb0: 66 48 0f 6e c6 movd %rsi,%xmm0 > > So in fact the valgrind mmx bug and the modf() bug have the same cause. > I have just looked at the documentation from AMD. I confirm that in 32-bit mode, the 32 bits of the register have to be copied in the lower part of mmx or xmm register. In 64-bit mode, the 64 bits of the register have to be copied in the mmx register or in the lower part of the xmm register. So that confirms the implementation in QEMU is wrong. -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' [EMAIL PROTECTED] | [EMAIL PROTECTED] `-people.debian.org/~aurel32 | www.aurel32.net ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] Re: [BUG] QEMU x86_64 SSE bug in modf() + MMX bug
I've also found the buggy SSE instruction by tracing modf() with gdb. It's similar to the MMX bug found below: only the 32 bits part of the register is stored instead of the whole 64 bits. The bug is in the movd instruction in 64 bits emulation. Under gdb, just before the movd I had %rsi=0x3FF0 and, after movd, %xmm0=0 ! Only the 32bits part seems to be copied when the source is a 64bits register. 2edaa: 48 d3 e0shl%cl,%rax 2edad: 48 21 c6and%rax,%rsi 2edb0: 66 48 0f 6e c6 movd %rsi,%xmm0 So in fact the valgrind mmx bug and the modf() bug have the same cause. Anyone knows where to fix this bug ? Cheers, Ludovic. Hi ! I've run the valgrind tests on Qemu 0.8.2, in particular insn_basic, insn_fpu, _mmx, _sse, _sse2. No bugs were found in SSE and FPU emulation, but one was found in MMX !: ~/tests/none/tests/amd64 # diff insn_mmx.r insn_mmx.stdout.exp 1,6c1,2 < movd_1 ... not ok < result0.sd[0] = 1234 (expected 1234) < result0.sd[1] = 0 (expected 5678) < movd_2 ... not ok < result0.sd[0] = 1234 (expected 1234) < result0.sd[1] = 0 (expected 5678) --- > movd_1 ... ok > movd_2 ... ok Which comes from the following test: # # %mm <-> ireg64 # movd mm.sd[1234,5678] r64.sd[,] => 1.sd[1234,5678] movd r64.sd[1234,5678] mm.sd[,] => 1.sd[1234,5678] So one MMX bug when using 64 bits regs has been found, but the SSE2 bug is still a mystery :-( Cheers, -- Ludovic DROLEZ Linbox / Free&ALter Soft www.linbox.com www.linbox.org ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] Re: [BUG] QEMU x86_64 SSE bug in modf() + MMX bug
Julian Seward wrote: Would someone be able to track down this SSE QEMU bug seen only in SLES's modf() function ? The Valgrind sources contain test programs, including expected outputs, for all SSE/SSE2/SSE3 instructions on amd64 (see none/tests/amd64/insn-sse and insn-sse2). Running those on QEMU might be a quick and easy first check for something wrong in the SSE department. They are not completely comprehensive but may find obvious arithmetic errors and instruction decoding errors. Hi ! I've run the valgrind tests on Qemu 0.8.2, in particular insn_basic, insn_fpu, _mmx, _sse, _sse2. No bugs were found in SSE and FPU emulation, but one was found in MMX !: ~/tests/none/tests/amd64 # diff insn_mmx.r insn_mmx.stdout.exp 1,6c1,2 < movd_1 ... not ok < result0.sd[0] = 1234 (expected 1234) < result0.sd[1] = 0 (expected 5678) < movd_2 ... not ok < result0.sd[0] = 1234 (expected 1234) < result0.sd[1] = 0 (expected 5678) --- > movd_1 ... ok > movd_2 ... ok Which comes from the following test: # # %mm <-> ireg64 # movd mm.sd[1234,5678] r64.sd[,] => 1.sd[1234,5678] movd r64.sd[1234,5678] mm.sd[,] => 1.sd[1234,5678] So one MMX bug when using 64 bits regs has been found, but the SSE2 bug is still a mystery :-( Cheers, -- Ludovic DROLEZ Linbox / Free&ALter Soft www.linbox.com www.linbox.org tel: +33 3 87 50 87 90 152 rue de Grigy - Technopole Metz 2000 57070 METZ ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
