semantic: 0.920
graphic: 0.652
instruction: 0.623
device: 0.589
assembly: 0.406
vnc: 0.287
boot: 0.220
network: 0.203
socket: 0.198
mistranslation: 0.171
other: 0.064
KVM: 0.064

x86 BZHI semantic bug
Description of problem
The result of instruction BZHI is different from the CPU. The value of destination register and SF of EFLAGS are different.

Steps to reproduce

Compile this code


void main() {
    asm("mov rax, 0xb1aa9da2fe33fe3");
    asm("mov rbx, 0x80000000ffffffff");
    asm("mov rcx, 0xf3fce8829b99a5c6");
    asm("bzhi rax, rbx, rcx");
}



Execute and compare the result with the CPU.

CPU

RAX = 0x0x80000000ffffffff
SF = 1


QEMU

RAX = 0xffffffff
SF = 0






Additional information
This bug is discovered by research conducted by KAIST SoftSec.