Bug 411451

Summary: x86/amd64->IR of bt/btc/bts/btr with immediate clears zero flag
Product: [Developer tools] valgrind Reporter: baumratte
Component: vexAssignee: Julian Seward <jseward>
Status: RESOLVED FIXED    
Severity: minor CC: baumratte
Priority: NOR    
Version First Reported In: 3.15 SVN   
Target Milestone: ---   
Platform: unspecified   
OS: Unspecified   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: c++ code to reproduce the issue
Patch

Description baumratte 2019-08-30 15:49:28 UTC 
Created attachment 122426 [details]
c++ code to reproduce the issue

According to Intel's Instruction Set Reference A-Z
(https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.pdf),
the instructions bt/btc/bts/btr leave the ZF unchanged.
However, in VEX/priv/guest_amd64_toIR.c:4016ff in function dis_Grp8_Imm
the ZF is cleared, unlike the implementation for bt/btc/bts/btr with non-immediate argument
in VEX/priv/guest_amd64_toIR.c:8225ff in function dis_bt_G_E which conforms to the Intel 
specification.

Also it seems that the x86 implementation clears the ZF both for immediate and non-immediate argument versions of the  bt/btc/bts/btr instructions.



See the attached code to reproduce the issue:

baumratte@linux:~/tmp/valgrind-bug> g++ -omain main.cxx 
baumratte@linux:~/tmp/valgrind-bug> ./main 
result = 0 (expecting 0)
baumratte@linux:~/tmp/valgrind-bug> valgrind ./main 
==29558== Memcheck, a memory error detector
==29558== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==29558== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==29558== Command: ./main
==29558== 
result = -1 (expecting 0)
==29558== 
==29558== HEAP SUMMARY:
==29558==     in use at exit: 0 bytes in 0 blocks
==29558==   total heap usage: 1 allocs, 1 frees, 72,704 bytes allocated
==29558== 
==29558== All heap blocks were freed -- no leaks are possible
==29558== 
==29558== For lists of detected and suppressed errors, rerun with: -s
==29558== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Comment 1 baumratte 2019-09-01 09:09:12 UTC 
Created attachment 122443 [details]
Patch

A patch the fixes this for amd64 (but not for x86)
Comment 2 Julian Seward 2019-12-30 10:45:47 UTC 
Committed as 0ddbdddc7ae735e258528fc6276478128999a2e7.
Thanks for the patch.