graphic: 0.957 instruction: 0.942 semantic: 0.931 mistranslation: 0.910 other: 0.901 assembly: 0.881 device: 0.878 socket: 0.874 KVM: 0.857 boot: 0.846 network: 0.842 vnc: 0.842 incorrect illegal SSE3 instructions reporting on x86_64 Hi all, we found 28 differently encoded illegal SSE3 instructions reporting on the most recent x86_64 user mode linux qemu (version 2.7.0). We believe these reporting should be incorrect because the same code can be executed on a real machine. The instructions are the following: pabsb %mm0, %mm1 pabsb %xmm0, %xmm1 pabsd %mm0, %mm1 pabsd %xmm0, %xmm1 pabsw %mm0, %mm1 pabsw %xmm0, %xmm1 phaddd %mm0, %mm1 phaddd %xmm0, %xmm1 phaddsw %mm0, %mm1 phaddsw %xmm0, %xmm1 phaddw %mm0, %mm1 phaddw %xmm0, %xmm1 phsubd %mm0, %mm1 phsubd %xmm0, %xmm1 phsubsw %mm0, %mm1 phsubsw %xmm0, %xmm1 phsubw %mm0, %mm1 phsubw %xmm0, %xmm1 pmaddubsw %mm0, %mm1 pmaddubsw %xmm0, %xmm1 pmulhrsw %mm0, %mm1 pmulhrsw %xmm0, %xmm1 psignb %mm0, %mm1 psignb %xmm0, %xmm1 psignd %mm0, %mm1 psignd %xmm0, %xmm1 psignw %mm0, %mm1 psignw %xmm0, %xmm1 The following is the proof of code /********** Beginning of bug 1.c: pabsb %mm0, %mm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; asm("pabsb %mm0, %mm1"); asm("mov %0, %%rdx\n" "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 1.c **********/ /********** Beginning of bug 2.c: pabsb %xmm0, %xmm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; asm("pabsb %xmm0, %xmm1"); asm("mov %0, %%rdx\n" "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 2.c **********/ /********** Beginning of bug 3.c: pabsd %mm0, %mm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; asm("pabsd %mm0, %mm1"); asm("mov %0, %%rdx\n" "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 3.c **********/ /********** Beginning of bug 4.c: pabsd %xmm0, %xmm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; asm("pabsd %xmm0, %xmm1"); asm("mov %0, %%rdx\n" "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 4.c **********/ /********** Beginning of bug 5.c: pabsw %mm0, %mm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; asm("pabsw %mm0, %mm1"); asm("mov %0, %%rdx\n" "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 5.c **********/ /********** Beginning of bug 6.c: pabsw %xmm0, %xmm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; asm("pabsw %xmm0, %xmm1"); asm("mov %0, %%rdx\n" "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 6.c **********/ /********** Beginning of bug 7.c: phaddd %mm0, %mm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; asm("phaddd %mm0, %mm1"); asm("mov %0, %%rdx\n" "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 7.c **********/ /********** Beginning of bug 8.c: phaddd %xmm0, %xmm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; asm("phaddd %xmm0, %xmm1"); asm("mov %0, %%rdx\n" "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 8.c **********/ /********** Beginning of bug 9.c: phaddsw %mm0, %mm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; asm("phaddsw %mm0, %mm1"); asm("mov %0, %%rdx\n" "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 9.c **********/ /********** Beginning of bug 10.c: phaddsw %xmm0, %xmm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; asm("phaddsw %xmm0, %xmm1"); asm("mov %0, %%rdx\n" "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 10.c **********/ /********** Beginning of bug 11.c: phaddw %mm0, %mm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; asm("phaddw %mm0, %mm1"); asm("mov %0, %%rdx\n" "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 11.c **********/ /********** Beginning of bug 12.c: phaddw %xmm0, %xmm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; asm("phaddw %xmm0, %xmm1"); asm("mov %0, %%rdx\n" "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 12.c **********/ /********** Beginning of bug 13.c: phsubd %mm0, %mm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; asm("phsubd %mm0, %mm1"); asm("mov %0, %%rdx\n" "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 13.c **********/ /********** Beginning of bug 14.c: phsubd %xmm0, %xmm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; asm("phsubd %xmm0, %xmm1"); asm("mov %0, %%rdx\n" "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 14.c **********/ /********** Beginning of bug 15.c: phsubsw %mm0, %mm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; asm("phsubsw %mm0, %mm1"); asm("mov %0, %%rdx\n" "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 15.c **********/ /********** Beginning of bug 16.c: phsubsw %xmm0, %xmm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; asm("phsubsw %xmm0, %xmm1"); asm("mov %0, %%rdx\n" "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 16.c **********/ /********** Beginning of bug 17.c: phsubw %mm0, %mm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; asm("phsubw %mm0, %mm1"); asm("mov %0, %%rdx\n" "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 17.c **********/ /********** Beginning of bug 18.c: phsubw %xmm0, %xmm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; asm("phsubw %xmm0, %xmm1"); asm("mov %0, %%rdx\n" "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 18.c **********/ /********** Beginning of bug 19.c: pmaddubsw %mm0, %mm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char i2[0x10]; unsigned char i3[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm0\n"::"r"((char *)(i2)));; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm1\n"::"r"((char *)(i3)));; asm("pmaddubsw %mm0, %mm1"); asm("mov %0, %%rdx\n" "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 19.c **********/ /********** Beginning of bug 20.c: pmaddubsw %xmm0, %xmm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char i2[0x10]; unsigned char i3[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i2)));; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i3)));; asm("pmaddubsw %xmm0, %xmm1"); asm("mov %0, %%rdx\n" "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 20.c **********/ /********** Beginning of bug 21.c: pmulhrsw %mm0, %mm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; asm("pmulhrsw %mm0, %mm1"); asm("mov %0, %%rdx\n" "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 21.c **********/ /********** Beginning of bug 22.c: pmulhrsw %xmm0, %xmm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; asm("pmulhrsw %xmm0, %xmm1"); asm("mov %0, %%rdx\n" "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 22.c **********/ /********** Beginning of bug 23.c: psignb %mm0, %mm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; asm("psignb %mm0, %mm1"); asm("mov %0, %%rdx\n" "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 23.c **********/ /********** Beginning of bug 24.c: psignb %xmm0, %xmm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; asm("psignb %xmm0, %xmm1"); asm("mov %0, %%rdx\n" "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 24.c **********/ /********** Beginning of bug 25.c: psignd %mm0, %mm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; asm("psignd %mm0, %mm1"); asm("mov %0, %%rdx\n" "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 25.c **********/ /********** Beginning of bug 26.c: psignd %xmm0, %xmm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; asm("psignd %xmm0, %xmm1"); asm("mov %0, %%rdx\n" "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 26.c **********/ /********** Beginning of bug 27.c: psignw %mm0, %mm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; asm("psignw %mm0, %mm1"); asm("mov %0, %%rdx\n" "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 27.c **********/ /********** Beginning of bug 28.c: psignw %xmm0, %xmm1 **********/ int printf(const char *format, ...); unsigned char i0[0x10]; unsigned char i1[0x10]; unsigned char o[0x10]; int main() { int k = 0; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));; asm("mov %0, %%rdx\n" "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; asm("psignw %xmm0, %xmm1"); asm("mov %0, %%rdx\n" "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; for (k = 0; k < 0x10; k++) printf("%02x", o[0x10 - 1 - k]); printf("\n"); } /********** End of bug 28.c **********/ For any of the above code, when compiled into x86-64 binary code with gcc, qemu reports the illegal instructions bug. However, these can be correctly executed on a real machine. For example, $ gcc 28.c -o 28 $ qemu-x86_64 ./28 qemu: uncaught target signal 4 (Illegal instruction) - core dumped Illegal instruction $ ./28 00000000000000000000000000000000 Some information about the system: $ qemu-x86_64 --version qemu-x86_64 version 2.7.0, Copyright (c) 2003-2016 Fabrice Bellard and the QEMU Project developers $ uname -a Linux cgos-System-Product-Name 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux $ gcc --version gcc (Ubuntu 4.8.4-2ubuntu1~14.04) 4.8.4 Copyright (C) 2013 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Thanks! Hi Jie, I can reproduce this by single-stepping through the bug1 testing code using gdb, and SIGILL was encountered when executing the pabsb SSE3 instruction. Maybe it was due to QEMU's translator, I'll look further into it. Hi Jie, Seems that the problem was caused by not specifying the cpu model when running QEMU. when running qemu-x86_64 ./28 QEMU would recognize the cpu model as "qemu64", which act like a cpu doesn't support advanced instruction sets like SSSE3. To workaround, you can run qemu-x86_86 -cpu core2duo ./28 The cpu specifications could be found at target-i386/cpu.c. I haven't tested through all the cases yet, but I'm almost sure that was the problem, for all your test cases used SSSE3 instructions or something alike. Please let me know if there are some more exceptions, thanks!