1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
Unexpected Behaviors when Using RISC-V Extension "zbs"
### Description & Investigation
I tried to run python3.12 on box64, and it crashed with SIGSEGV. Using `BOX64_DYNAREC_TEST=1`, I saw many differences about RIP:
```txt
Warning, difference between x64 Interpreter and Dynarec in 0x3f001e44b1 (0f 82 82 03 00 00 8d b0)
=======================================
DIFF: Dynarec | Interpreter
----------------------
RIP: 0000003f001e44b7 | 0000003f001e4839
Warning, difference between x64 Interpreter and Dynarec in 0x3f001e4405 (0f 82 2d 01 00 00 83 ea)
=======================================
DIFF: Dynarec | Interpreter
----------------------
RIP: 0000003f001e440b | 0000003f001e4538
Warning, difference between x64 Interpreter and Dynarec in 0x3f002683c7 (72 2b 2d 00 01 00 00 83)
=======================================
DIFF: Dynarec | Interpreter
(( omitted ))
```
These addresses are all in `libpython3.12.so` and `objdump` told me **they all almost look like**:
```asm
bt %eax,%ecx
jb (( somewhere ))
```
The `bt` instruction should set the CF flag and the behavior of the following `jb` instruction depends on it. So I read current code:
https://github.com/ptitSeb/box64/blob/d6b9fd2860dc097de8aebf147b3aa6d1741ea550/src/dynarec/rv64/dynarec_rv64_0f.c#L1720-L1739
and saw `BEXT` will emit to `bext` instruction when "zbs" extension enabled.
---
When turning off the "zbs" extension, `libpython3.12` still crashed but the test log showed other differences irrelative with `bt` instruction:
```txt
(( BEGIN ))
Warning, difference between x64 Interpreter and Dynarec in 0x3f001ea3f3 (7e 17 83 fe 63 7f 12 89)
=======================================
DIFF: Dynarec | Interpreter
----------------------
RIP: 0000003f001ea40c | 0000003f001ea3f5
Warning, difference between x64 Interpreter and Dynarec in 0x3f001ea36f (0f 8f bb 00 00 00 39 c3)
=======================================
DIFF: Dynarec | Interpreter
----------------------
RIP: 0000003f001ea430 | 0000003f001ea375
Warning, difference between x64 Interpreter and Dynarec in 0x3f001ea3f3 (7e 17 83 fe 63 7f 12 89)
=======================================
DIFF: Dynarec | Interpreter
----------------------
RIP: 0000003f001ea40c | 0000003f001ea3f5
Warning, difference between x64 Interpreter and Dynarec in 0x3f001ea36f (0f 8f bb 00 00 00 39 c3)
=======================================
DIFF: Dynarec | Interpreter
----------------------
RIP: 0000003f001ea430 | 0000003f001ea375
(( END ))
```
Again, `objdump` told me **they all look like**:
```asm
cmp (( %esi or $0x63 here )),%eax
jle/jg (( somewhere ))
```
---
Maybe at least we can say the `bt` instruction with "zbs" extension results in the my first "dynarec test" difference of this issue. And the latter one is still in investigation.
|