x86: 1.000
i386: 0.989
assembly: 0.989
semantic: 0.987
debug: 0.282
register: 0.159
operating system: 0.067
kernel: 0.025
files: 0.022
TCG: 0.021
performance: 0.021
virtual: 0.020
user-level: 0.013
hypervisor: 0.010
architecture: 0.009
PID: 0.008
device: 0.008
peripherals: 0.007
KVM: 0.004
network: 0.004
VMM: 0.003
risc-v: 0.003
socket: 0.003
permissions: 0.003
boot: 0.003
alpha: 0.002
graphic: 0.002
vnc: 0.001
ppc: 0.001
mistranslation: 0.001
arm: 0.000

x86 BZHI semantic bug
Description of problem
The result of instruction BZHI is different from the CPU. The value of destination register and SF of EFLAGS are different.

Steps to reproduce

Compile this code


void main() {
    asm("mov rax, 0xb1aa9da2fe33fe3");
    asm("mov rbx, 0x80000000ffffffff");
    asm("mov rcx, 0xf3fce8829b99a5c6");
    asm("bzhi rax, rbx, rcx");
}



Execute and compare the result with the CPU.

CPU

RAX = 0x0x80000000ffffffff
SF = 1


QEMU

RAX = 0xffffffff
SF = 0






Additional information
This bug is discovered by research conducted by KAIST SoftSec.