Created attachment 122426 [details] c++ code to reproduce the issue According to Intel's Instruction Set Reference A-Z (https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.pdf), the instructions bt/btc/bts/btr leave the ZF unchanged. However, in VEX/priv/guest_amd64_toIR.c:4016ff in function dis_Grp8_Imm the ZF is cleared, unlike the implementation for bt/btc/bts/btr with non-immediate argument in VEX/priv/guest_amd64_toIR.c:8225ff in function dis_bt_G_E which conforms to the Intel specification. Also it seems that the x86 implementation clears the ZF both for immediate and non-immediate argument versions of the bt/btc/bts/btr instructions. See the attached code to reproduce the issue: baumratte@linux:~/tmp/valgrind-bug> g++ -omain main.cxx baumratte@linux:~/tmp/valgrind-bug> ./main result = 0 (expecting 0) baumratte@linux:~/tmp/valgrind-bug> valgrind ./main ==29558== Memcheck, a memory error detector ==29558== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==29558== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info ==29558== Command: ./main ==29558== result = -1 (expecting 0) ==29558== ==29558== HEAP SUMMARY: ==29558== in use at exit: 0 bytes in 0 blocks ==29558== total heap usage: 1 allocs, 1 frees, 72,704 bytes allocated ==29558== ==29558== All heap blocks were freed -- no leaks are possible ==29558== ==29558== For lists of detected and suppressed errors, rerun with: -s ==29558== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Created attachment 122443 [details] Patch A patch the fixes this for amd64 (but not for x86)
Committed as 0ddbdddc7ae735e258528fc6276478128999a2e7. Thanks for the patch.