blob: 9e438c998e365d5e9bca7fbb8ac119a8c79a28e9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
x86: 0.996
semantic: 0.990
i386: 0.922
assembly: 0.913
architecture: 0.909
graphic: 0.782
device: 0.776
debug: 0.706
ppc: 0.677
operating system: 0.675
vnc: 0.663
kernel: 0.617
boot: 0.599
socket: 0.556
arm: 0.503
risc-v: 0.501
permissions: 0.500
register: 0.494
performance: 0.460
mistranslation: 0.452
network: 0.426
files: 0.374
alpha: 0.371
PID: 0.343
VMM: 0.283
TCG: 0.244
KVM: 0.240
virtual: 0.238
peripherals: 0.190
hypervisor: 0.108
user-level: 0.047
--------------------
x86: 1.000
assembly: 0.986
semantic: 0.984
i386: 0.965
debug: 0.322
register: 0.126
operating system: 0.048
files: 0.023
TCG: 0.018
kernel: 0.015
performance: 0.015
virtual: 0.013
user-level: 0.009
architecture: 0.007
PID: 0.007
device: 0.005
peripherals: 0.005
hypervisor: 0.004
VMM: 0.004
KVM: 0.003
network: 0.002
boot: 0.002
graphic: 0.002
permissions: 0.002
socket: 0.002
alpha: 0.002
risc-v: 0.002
ppc: 0.001
vnc: 0.001
mistranslation: 0.000
arm: 0.000
x86 ADOX and ADCX semantic bug
Description of problem
The result of instruction ADOX and ADCX are different from the CPU. The value of one of EFLAGS is different.
Steps to reproduce
Compile this code
void main() {
asm("push 512; popfq;");
asm("mov rax, 0xffffffff84fdbf24");
asm("mov rbx, 0xb197d26043bec15d");
asm("adox eax, ebx");
}
Execute and compare the result with the CPU. This problem happens with ADCX, too (with CF).
CPU
OF = 0
QEMU
OF = 1
Additional information
This bug is discovered by research conducted by KAIST SoftSec.
|