diff options
Diffstat (limited to 'results/classifier/semantic-bugs/graphic')
| -rw-r--r-- | results/classifier/semantic-bugs/graphic/1641637 | 743 | ||||
| -rw-r--r-- | results/classifier/semantic-bugs/graphic/1722 | 100 | ||||
| -rw-r--r-- | results/classifier/semantic-bugs/graphic/2595 | 148 | ||||
| -rw-r--r-- | results/classifier/semantic-bugs/graphic/2672 | 33 | ||||
| -rw-r--r-- | results/classifier/semantic-bugs/graphic/904308 | 201 |
5 files changed, 0 insertions, 1225 deletions
diff --git a/results/classifier/semantic-bugs/graphic/1641637 b/results/classifier/semantic-bugs/graphic/1641637 deleted file mode 100644 index dff815184..000000000 --- a/results/classifier/semantic-bugs/graphic/1641637 +++ /dev/null @@ -1,743 +0,0 @@ -graphic: 0.957 -instruction: 0.942 -semantic: 0.931 -mistranslation: 0.910 -other: 0.901 -assembly: 0.881 -device: 0.878 -socket: 0.874 -KVM: 0.857 -boot: 0.846 -network: 0.842 -vnc: 0.842 - -incorrect illegal SSE3 instructions reporting on x86_64 - -Hi all, we found 28 differently encoded illegal SSE3 instructions reporting on the most recent x86_64 user mode linux qemu (version 2.7.0). We believe these reporting should be incorrect because the same code can be executed on a real machine. The instructions are the following: - -pabsb %mm0, %mm1 -pabsb %xmm0, %xmm1 -pabsd %mm0, %mm1 -pabsd %xmm0, %xmm1 -pabsw %mm0, %mm1 -pabsw %xmm0, %xmm1 -phaddd %mm0, %mm1 -phaddd %xmm0, %xmm1 -phaddsw %mm0, %mm1 -phaddsw %xmm0, %xmm1 -phaddw %mm0, %mm1 -phaddw %xmm0, %xmm1 -phsubd %mm0, %mm1 -phsubd %xmm0, %xmm1 -phsubsw %mm0, %mm1 -phsubsw %xmm0, %xmm1 -phsubw %mm0, %mm1 -phsubw %xmm0, %xmm1 -pmaddubsw %mm0, %mm1 -pmaddubsw %xmm0, %xmm1 -pmulhrsw %mm0, %mm1 -pmulhrsw %xmm0, %xmm1 -psignb %mm0, %mm1 -psignb %xmm0, %xmm1 -psignd %mm0, %mm1 -psignd %xmm0, %xmm1 -psignw %mm0, %mm1 -psignw %xmm0, %xmm1 - -The following is the proof of code - -/********** Beginning of bug 1.c: pabsb %mm0, %mm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; - asm("pabsb %mm0, %mm1"); - asm("mov %0, %%rdx\n" - "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 1.c **********/ - - -/********** Beginning of bug 2.c: pabsb %xmm0, %xmm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; - asm("pabsb %xmm0, %xmm1"); - asm("mov %0, %%rdx\n" - "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 2.c **********/ - - -/********** Beginning of bug 3.c: pabsd %mm0, %mm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; - asm("pabsd %mm0, %mm1"); - asm("mov %0, %%rdx\n" - "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 3.c **********/ - - -/********** Beginning of bug 4.c: pabsd %xmm0, %xmm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; - asm("pabsd %xmm0, %xmm1"); - asm("mov %0, %%rdx\n" - "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 4.c **********/ - - -/********** Beginning of bug 5.c: pabsw %mm0, %mm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; - asm("pabsw %mm0, %mm1"); - asm("mov %0, %%rdx\n" - "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 5.c **********/ - - -/********** Beginning of bug 6.c: pabsw %xmm0, %xmm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; - asm("pabsw %xmm0, %xmm1"); - asm("mov %0, %%rdx\n" - "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 6.c **********/ - - -/********** Beginning of bug 7.c: phaddd %mm0, %mm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; - asm("phaddd %mm0, %mm1"); - asm("mov %0, %%rdx\n" - "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 7.c **********/ - - -/********** Beginning of bug 8.c: phaddd %xmm0, %xmm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; - asm("phaddd %xmm0, %xmm1"); - asm("mov %0, %%rdx\n" - "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 8.c **********/ - - -/********** Beginning of bug 9.c: phaddsw %mm0, %mm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; - asm("phaddsw %mm0, %mm1"); - asm("mov %0, %%rdx\n" - "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 9.c **********/ - - -/********** Beginning of bug 10.c: phaddsw %xmm0, %xmm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; - asm("phaddsw %xmm0, %xmm1"); - asm("mov %0, %%rdx\n" - "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 10.c **********/ - - -/********** Beginning of bug 11.c: phaddw %mm0, %mm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; - asm("phaddw %mm0, %mm1"); - asm("mov %0, %%rdx\n" - "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 11.c **********/ - - -/********** Beginning of bug 12.c: phaddw %xmm0, %xmm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; - asm("phaddw %xmm0, %xmm1"); - asm("mov %0, %%rdx\n" - "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 12.c **********/ - - -/********** Beginning of bug 13.c: phsubd %mm0, %mm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; - asm("phsubd %mm0, %mm1"); - asm("mov %0, %%rdx\n" - "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 13.c **********/ - - -/********** Beginning of bug 14.c: phsubd %xmm0, %xmm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; - asm("phsubd %xmm0, %xmm1"); - asm("mov %0, %%rdx\n" - "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 14.c **********/ - - -/********** Beginning of bug 15.c: phsubsw %mm0, %mm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; - asm("phsubsw %mm0, %mm1"); - asm("mov %0, %%rdx\n" - "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 15.c **********/ - - -/********** Beginning of bug 16.c: phsubsw %xmm0, %xmm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; - asm("phsubsw %xmm0, %xmm1"); - asm("mov %0, %%rdx\n" - "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 16.c **********/ - - -/********** Beginning of bug 17.c: phsubw %mm0, %mm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; - asm("phsubw %mm0, %mm1"); - asm("mov %0, %%rdx\n" - "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 17.c **********/ - - -/********** Beginning of bug 18.c: phsubw %xmm0, %xmm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; - asm("phsubw %xmm0, %xmm1"); - asm("mov %0, %%rdx\n" - "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 18.c **********/ - - -/********** Beginning of bug 19.c: pmaddubsw %mm0, %mm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char i2[0x10]; -unsigned char i3[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm0\n"::"r"((char *)(i2)));; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm1\n"::"r"((char *)(i3)));; - asm("pmaddubsw %mm0, %mm1"); - asm("mov %0, %%rdx\n" - "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 19.c **********/ - - -/********** Beginning of bug 20.c: pmaddubsw %xmm0, %xmm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char i2[0x10]; -unsigned char i3[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i2)));; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i3)));; - asm("pmaddubsw %xmm0, %xmm1"); - asm("mov %0, %%rdx\n" - "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 20.c **********/ - - -/********** Beginning of bug 21.c: pmulhrsw %mm0, %mm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; - asm("pmulhrsw %mm0, %mm1"); - asm("mov %0, %%rdx\n" - "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 21.c **********/ - - -/********** Beginning of bug 22.c: pmulhrsw %xmm0, %xmm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; - asm("pmulhrsw %xmm0, %xmm1"); - asm("mov %0, %%rdx\n" - "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 22.c **********/ - - -/********** Beginning of bug 23.c: psignb %mm0, %mm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; - asm("psignb %mm0, %mm1"); - asm("mov %0, %%rdx\n" - "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 23.c **********/ - - -/********** Beginning of bug 24.c: psignb %xmm0, %xmm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; - asm("psignb %xmm0, %xmm1"); - asm("mov %0, %%rdx\n" - "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 24.c **********/ - - -/********** Beginning of bug 25.c: psignd %mm0, %mm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; - asm("psignd %mm0, %mm1"); - asm("mov %0, %%rdx\n" - "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 25.c **********/ - - -/********** Beginning of bug 26.c: psignd %xmm0, %xmm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; - asm("psignd %xmm0, %xmm1"); - asm("mov %0, %%rdx\n" - "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 26.c **********/ - - -/********** Beginning of bug 27.c: psignw %mm0, %mm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; - asm("psignw %mm0, %mm1"); - asm("mov %0, %%rdx\n" - "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 27.c **********/ - - -/********** Beginning of bug 28.c: psignw %xmm0, %xmm1 **********/ - -int printf(const char *format, ...); -unsigned char i0[0x10]; -unsigned char i1[0x10]; -unsigned char o[0x10]; -int main() { - int k = 0; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));; - asm("mov %0, %%rdx\n" - "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; - asm("psignw %xmm0, %xmm1"); - asm("mov %0, %%rdx\n" - "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; - for (k = 0; k < 0x10; k++) - printf("%02x", o[0x10 - 1 - k]); - printf("\n"); -} - -/********** End of bug 28.c **********/ - -For any of the above code, when compiled into x86-64 binary code with gcc, qemu reports the illegal instructions bug. However, these can be correctly executed on a real machine. For example, - -$ gcc 28.c -o 28 -$ qemu-x86_64 ./28 -qemu: uncaught target signal 4 (Illegal instruction) - core dumped -Illegal instruction -$ ./28 -00000000000000000000000000000000 - -Some information about the system: - -$ qemu-x86_64 --version -qemu-x86_64 version 2.7.0, Copyright (c) 2003-2016 Fabrice Bellard and the QEMU Project developers -$ uname -a -Linux cgos-System-Product-Name 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux -$ gcc --version -gcc (Ubuntu 4.8.4-2ubuntu1~14.04) 4.8.4 -Copyright (C) 2013 Free Software Foundation, Inc. -This is free software; see the source for copying conditions. There is NO -warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - - -Thanks! - -Hi Jie, - -I can reproduce this by single-stepping through the bug1 testing code using gdb, and SIGILL was encountered when executing the pabsb SSE3 instruction. Maybe it was due to QEMU's translator, I'll look further into it. - -Hi Jie, - -Seems that the problem was caused by not specifying the cpu model when running QEMU. -when running -qemu-x86_64 ./28 -QEMU would recognize the cpu model as "qemu64", which act like a cpu doesn't support advanced instruction sets like SSSE3. To workaround, you can run -qemu-x86_86 -cpu core2duo ./28 -The cpu specifications could be found at target-i386/cpu.c. - -I haven't tested through all the cases yet, but I'm almost sure that was the problem, for all your test cases used SSSE3 instructions or something alike. -Please let me know if there are some more exceptions, thanks! - diff --git a/results/classifier/semantic-bugs/graphic/1722 b/results/classifier/semantic-bugs/graphic/1722 deleted file mode 100644 index 4dcbfc5fe..000000000 --- a/results/classifier/semantic-bugs/graphic/1722 +++ /dev/null @@ -1,100 +0,0 @@ -graphic: 0.963 -semantic: 0.957 -device: 0.956 -mistranslation: 0.954 -other: 0.948 -vnc: 0.944 -instruction: 0.943 -assembly: 0.934 -network: 0.909 -socket: 0.896 -boot: 0.813 -KVM: 0.808 - -qemu-mipsn32: Illegal Instruction at `exts` instruction -Description of problem: -Run with the command above, I got this error: - -``` -qemu-mipsn32 run -qemu: uncaught target signal 4 (Illegal instruction) - core dumped -Illegal instruction (core dumped) -``` - -I then tried to debug the program with qemu option `-g 1234` and know that - -``` -$ gdb-multiarch run -... - -pwndbg> target remote 0:1234 -... - -pwndbg> c -Continuing. - -Program received signal SIGILL, Illegal instruction. -0x3f7d2434 in ?? () from /lib32/ld.so.1 -warning: GDB can't find the start of the function at 0x3f7d2434. -x/10i - -pwndbg> x/10i $pc -=> 0x3f7d2434: 0x7047f03a - 0x3f7d2438: lui a3,0x7000 - 0x3f7d243c: ori a3,a3,0x5e - 0x3f7d2440: b 0x3f7d241c - 0x3f7d2444: subu v0,a3,v0 - 0x3f7d2448: sltiu a7,a3,-3 - 0x3f7d244c: bnezl a7,0x3f7d246c - 0x3f7d2450: subu a3,a4,v0 - 0x3f7d2454: addiu a3,a3,1 - 0x3f7d2458: li v0,-4 -``` - -So I know the problem is in libc32/ld.so.1. When I dissasemble that file and look at offset 0x4434, it's an `exts` instruction as below: - -``` -$ file /lib32/ld.so.1 -/lib32/ld-2.15.so: ELF 32-bit MSB shared object, MIPS, N32 MIPS64 rel2 version 1 (SYSV), dynamically linked, stripped - -$ ./mips64-n32--glibc--stable-2022.08-1/bin/mips64-buildroot-linux-gnu-objdump -d /lib32/ld.so.1 | less - ... - 4434: 7047f03a exts a3,v0,0x0,0x1e - 4438: 3c077000 lui a3,0x7000 - 443c: 34e7005e ori a3,a3,0x5e - 4440: 1000fff6 b 441c <GLIBC_2.0@@GLIBC_2.0+0x441c> - 4444: 00e21023 subu v0,a3,v0 - 4448: 2cebfffd sltiu a7,a3,-3 - 444c: 55600007 bnezl a7,446c <GLIBC_2.0@@GLIBC_2.0+0x446c> - 4450: 01023823 subu a3,a4,v0 - 4454: 24e70001 addiu a3,a3,1 - 4458: 2402fffc li v0,-4 -``` -Steps to reproduce: -1. Download toolchain of mips64-n32 on toolchains.bootlin.com [here](https://toolchains.bootlin.com/releases_mips64-n32.html) -2. Write this c code to file `run.c`: - -```c -#include <stdio.h> - -int main(){ - puts("hello world"); - while (1); -} -``` - -3. Compile file run.c with downloaded toolchain: - -``` -mips64-n32--glibc--stable-2022.08-1/bin/mips64-buildroot-linux-gnu-gcc run.c -o run -``` - -> Step 1, 2 and 3 can be skip if you download the attached `run` file. - -4. Download the attached ld -5. Make new dir at `/lib32` and move the file ld to `/lib32` -6. Run command `qemu-mipsn32 run` -Additional information: -[ld-2.15.so](/uploads/95f4da26e42d43d39aa2350670134bb5/ld-2.15.so) - -[run](/uploads/01be57442009a75cf2f59cbcf53474f4/run) diff --git a/results/classifier/semantic-bugs/graphic/2595 b/results/classifier/semantic-bugs/graphic/2595 deleted file mode 100644 index e0e1afbe0..000000000 --- a/results/classifier/semantic-bugs/graphic/2595 +++ /dev/null @@ -1,148 +0,0 @@ -graphic: 0.959 -other: 0.957 -semantic: 0.951 -mistranslation: 0.934 -device: 0.919 -assembly: 0.915 -socket: 0.901 -boot: 0.896 -instruction: 0.895 -vnc: 0.886 -network: 0.861 -KVM: 0.850 - -Incorrect behavior with 64-bit element SDOT and UDOT instructions on ARM SVE when sve-default-vector-length>=64 -Description of problem: -The behavior of SDOT and UDOT instructions are incorrect when the Zresult.D register is used, which is the 64-bit svdot_lane\_{s,u}64 intrinsic in ACLE. - -I have tested the same code using [Arm Instruction Emulator](https://developer.arm.com/Tools%20and%20Software/Arm%20Instruction%20Emulator) (which is deprecated though) and gem5 which produced correct result, I believe that the SDOT and UDOT implementation in qemu is incorrect. -Steps to reproduce: -1. Get Arm Gnu toolchain from [Arm GNU Toolchain Downloads – Arm Developer](https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads), for x86 Linux hosts, download arm-gnu-toolchain-13.3.rel1-x86_64-aarch64-none-linux-gnu.tar.xz and extract it. Alternatively, use any compiler that is able to cross compile for armv8.2-a+sve targets. -2. Compile the following program with these compiler arguments - - ``` - arm-gnu-toolchain-13.3.rel1-x86_64-aarch64-none-linux-gnu/bin/aarch64-none-linux-gnu-gcc -O3 -march=armv8.2-a+sve dot_lane.c -o dot_lane - ``` - - ```c - #include <stdio.h> - #include <arm_sve.h> - - int64_t a[32] = { 0 }; - int16_t b[128]; - int16_t c[128]; - int64_t r[32]; - int64_t expected_r[32]; - - #define IMM 0 - - int main(void) - { - for (size_t i = 0; i < 128; i++) { - b[i] = 1; - c[i] = i / 4; - } - - svint64_t av = svld1(svptrue_b64(), a); - svint16_t bv = svld1(svptrue_b16(), b); - svint16_t cv = svld1(svptrue_b16(), c); - - svint64_t result = svdot_lane_s64(av, bv, cv, IMM); - - svst1(svptrue_b64(), r, result); - - for (size_t i = 0; i < svcntd(); i++) { - expected_r[i] = - (int64_t)b[i * 4 + 0] * (int64_t)c[(i - i % 2) * 4 + IMM * 4 + 0] + - (int64_t)b[i * 4 + 1] * (int64_t)c[(i - i % 2) * 4 + IMM * 4 + 1] + - (int64_t)b[i * 4 + 2] * (int64_t)c[(i - i % 2) * 4 + IMM * 4 + 2] + - (int64_t)b[i * 4 + 3] * (int64_t)c[(i - i % 2) * 4 + IMM * 4 + 3] + - a[i]; - } - - printf("%12s", "r: "); - for (size_t i = 0; i < svcntd(); i++) { - printf("%4ld", r[i]); - } - printf("\n"); - printf("%12s", "expected_r: "); - for (size_t i = 0; i < svcntd(); i++) { - printf("%4ld", expected_r[i]); - } - printf("\n\t\t"); - for (size_t i = 0; i < svcntd(); i++) { - if (r[i] != expected_r[i]) { - printf("%4c", '^'); - } else { - printf("%4c", ' '); - } - } - printf("\n"); - printf("idx:\t\t"); - for (size_t i = 0; i < svcntd(); i++) { - if (r[i] != expected_r[i]) { - printf("%4d", i); - } else { - printf("%4c", ' '); - } - } - printf("\n"); - - return 0; - } - ``` -3. Execute it with the following commands: - - ``` - qemu-aarch64 -cpu max,sve-default-vector-length=16 -L arm-gnu-toolchain-13.3.rel1-x86_64-aarch64-none-linux-gnu/bin/../aarch64-none-linux-gnu/libc dot_lane - ``` - - Change the value of `sve-default-vector-length` to 32, 64, 128, 256 and observe the outputs, we should see that for `sve-default-vector-length` \>= 64, the result is incorrect. - - `sve-default-vector-length=16` - - ``` - r: 0 0 - expected_r: 0 0 - - idx: - ``` - - `sve-default-vector-length=32` - - ``` - r: 0 0 8 8 - expected_r: 0 0 8 8 - - idx: - ``` - - `sve-default-vector-length=64` - - ``` - r: 0 0 8 8 8 8 24 24 - expected_r: 0 0 8 8 16 16 24 24 - ^ ^ - idx: 4 5 - ``` - - `sve-default-vector-length=128` - - ``` - r: 0 0 8 8 8 8 24 24 24 24 40 40 40 40 56 56 - expected_r: 0 0 8 8 16 16 24 24 32 32 40 40 48 48 56 56 - ^ ^ ^ ^ ^ ^ - idx: 4 5 8 9 12 13 - ``` - - `sve-default-vector-length=256` - - ``` - r: 0 0 8 8 8 8 24 24 24 24 40 40 40 40 56 56 56 56 72 72 72 72 88 88 88 88 104 104 104 104 120 120 - expected_r: 0 0 8 8 16 16 24 24 32 32 40 40 48 48 56 56 64 64 72 72 80 80 88 88 96 96 104 104 112 112 120 120 - ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ - idx: 4 5 8 9 12 13 16 17 20 21 24 25 28 29 - ``` -4. By passing `-S` to the compiler, we can see that sdot (or udot if using `svdot_lane_u64()`) is produced in assembly (`sdot z0.d, z1.h, z2.h[0]`), which is correct behavior according to [Intrinsics – Arm Developer](https://developer.arm.com/architectures/instruction-sets/intrinsics/svdot_lane%5B_s64%5D). -Additional information: - diff --git a/results/classifier/semantic-bugs/graphic/2672 b/results/classifier/semantic-bugs/graphic/2672 deleted file mode 100644 index 3a1f3f9a5..000000000 --- a/results/classifier/semantic-bugs/graphic/2672 +++ /dev/null @@ -1,33 +0,0 @@ -graphic: 0.901 -instruction: 0.868 -device: 0.714 -vnc: 0.423 -socket: 0.247 -boot: 0.240 -mistranslation: 0.222 -semantic: 0.216 -network: 0.205 -assembly: 0.203 -other: 0.148 -KVM: 0.040 - -Skipping a jal instruction in riscv64 baremetal emulation -Description of problem: -The binary contains an illegal instruction after a jal. Normally the jal should be taken but the illegal instructi[aia_tests2.elf](/uploads/b8b646b01d7bcc15b51c36ddbffacac7/aia_tests2.elf)on next to the jal is executed generating and illegal instruction exception: - -``` -0x80006070: 00200513 addi a0,zero,2 -0x80006074: 89cff0ef jal ra,-3940 # 0x80005110 - ----------------- -IN: _Z15int_switch_modehh -0x80006078: 0000 illegal - ----------------- -IN: mtvec_table -0x8000e600: 64d0406f j 20044 # 0x8001344c -``` -Steps to reproduce: -1. Execute the same binary with QEMU. -Additional information: - diff --git a/results/classifier/semantic-bugs/graphic/904308 b/results/classifier/semantic-bugs/graphic/904308 deleted file mode 100644 index a32657642..000000000 --- a/results/classifier/semantic-bugs/graphic/904308 +++ /dev/null @@ -1,201 +0,0 @@ -graphic: 0.975 -other: 0.967 -assembly: 0.959 -device: 0.954 -semantic: 0.949 -instruction: 0.941 -boot: 0.934 -socket: 0.929 -network: 0.906 -vnc: 0.879 -mistranslation: 0.833 -KVM: 0.820 - -x86: BT/BTS/BTR/BTC: ZF flag is unaffected - -Hello! - -Bug was found in qemu.git. -See target-i386/translate.c: - - case 0x1ba: /* bt/bts/btr/btc Gv, im */ - ot = dflag + OT_WORD; - modrm = ldub_code(s->pc++); - op = (modrm >> 3) & 7; - mod = (modrm >> 6) & 3; - rm = (modrm & 7) | REX_B(s); - if (mod != 3) { - s->rip_offset = 1; - gen_lea_modrm(s, modrm, ®_addr, &offset_addr); - gen_op_ld_T0_A0(ot + s->mem_index); - } else { - gen_op_mov_TN_reg(ot, 0, rm); - } - /* load shift */ - val = ldub_code(s->pc++); - gen_op_movl_T1_im(val); - if (op < 4) - goto illegal_op; - op -= 4; - goto bt_op; - case 0x1a3: /* bt Gv, Ev */ - op = 0; - goto do_btx; - case 0x1ab: /* bts */ - op = 1; - goto do_btx; - case 0x1b3: /* btr */ - op = 2; - goto do_btx; - case 0x1bb: /* btc */ - op = 3; - do_btx: - ot = dflag + OT_WORD; - modrm = ldub_code(s->pc++); - reg = ((modrm >> 3) & 7) | rex_r; - mod = (modrm >> 6) & 3; - rm = (modrm & 7) | REX_B(s); - gen_op_mov_TN_reg(OT_LONG, 1, reg); - if (mod != 3) { - gen_lea_modrm(s, modrm, ®_addr, &offset_addr); - /* specific case: we need to add a displacement */ - gen_exts(ot, cpu_T[1]); - tcg_gen_sari_tl(cpu_tmp0, cpu_T[1], 3 + ot); - tcg_gen_shli_tl(cpu_tmp0, cpu_tmp0, ot); - tcg_gen_add_tl(cpu_A0, cpu_A0, cpu_tmp0); - gen_op_ld_T0_A0(ot + s->mem_index); - } else { - gen_op_mov_TN_reg(ot, 0, rm); - } - bt_op: - tcg_gen_andi_tl(cpu_T[1], cpu_T[1], (1 << (3 + ot)) - 1); - switch(op) { - case 0: - tcg_gen_shr_tl(cpu_cc_src, cpu_T[0], cpu_T[1]); - tcg_gen_movi_tl(cpu_cc_dst, 0); <<<<<<<<<<<<<<<<<<<<<< always set zf - break; - case 1: - tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]); - tcg_gen_movi_tl(cpu_tmp0, 1); - tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]); - tcg_gen_or_tl(cpu_T[0], cpu_T[0], cpu_tmp0); - break; - case 2: - tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]); - tcg_gen_movi_tl(cpu_tmp0, 1); - tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]); - tcg_gen_not_tl(cpu_tmp0, cpu_tmp0); - tcg_gen_and_tl(cpu_T[0], cpu_T[0], cpu_tmp0); - break; - default: - case 3: - tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]); - tcg_gen_movi_tl(cpu_tmp0, 1); - tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]); - tcg_gen_xor_tl(cpu_T[0], cpu_T[0], cpu_tmp0); - break; - } - s->cc_op = CC_OP_SARB + ot; - if (op != 0) { - if (mod != 3) - gen_op_st_T0_A0(ot + s->mem_index); - else - gen_op_mov_reg_T0(ot, rm); - tcg_gen_mov_tl(cpu_cc_src, cpu_tmp4); - tcg_gen_movi_tl(cpu_cc_dst, 0); <<<<<<<<<<<<<<<<<<<<<< always set zf - } - break; - -always set zf... - -There is fixed patch. - - - -It would be helpful if you could submit patches in line with the guidance documented on the wiki: -http://wiki.qemu.org/Contribute/SubmitAPatch - -In particular, patches should be sent to the mailing list in the right format, and we cannot apply any patch without a signed-off-by line. - -Thanks. - - -On 12/14/2011 06:08 PM, malc wrote: -> On Wed, 14 Dec 2011, Daniil Troshkov wrote: -> -> > Public bug reported: -> > -> > Hello! -> > -> > Bug was found in qemu.git. -> > See target-i386/translate.c: -> > -> -> [..snip..] -> -> Intel's documentation doesn't cover this, AMD's says that ZF is undefined, so, -> question is: why do you think QEMU is wrong here? - -The Intel documentation states that ZF is unaffected. - --- -error compiling committee.c: too many arguments to function - - - -On 12/14/2011 06:22 PM, malc wrote: -> On Wed, 14 Dec 2011, Avi Kivity wrote: -> -> > On 12/14/2011 06:08 PM, malc wrote: -> > > On Wed, 14 Dec 2011, Daniil Troshkov wrote: -> > > -> > > > Public bug reported: -> > > > -> > > > Hello! -> > > > -> > > > Bug was found in qemu.git. -> > > > See target-i386/translate.c: -> > > > -> > > -> > > [..snip..] -> > > -> > > Intel's documentation doesn't cover this, AMD's says that ZF is undefined, so, -> > > question is: why do you think QEMU is wrong here? -> > -> > The Intel documentation states that ZF is unaffected. -> > -> -> Right, i was blind, anyways, AMD disagrees. -> - -Best to be conservative here. - --- -error compiling committee.c: too many arguments to function - - - ->Best to be conservative here. -What is it means? - -On 12/14/2011 06:33 PM, malc wrote: -> > -> > Best to be conservative here. -> > -> -> Point being, any code that relies on it being in any particular state is -> broken (potentially, on AMD chips) - -Yes of course, but not all software is written to be portable. Probably -the only thing that will break here is a vendor test suite, but even so, -if we can comply to the spec, we should. - --- -error compiling committee.c: too many arguments to function - - - -Looking at the previous comments ... is there anything left to do here? Or can we close this bug nowadays? - -[Expired for QEMU because there has been no activity for 60 days.] - |