x86: Fix evaluation order of CMOV #6523
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ryanmkurtz
added
Feature: Processor/x86
Status: Triage
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When the register holding the source address of a CMOV instruction is the 64-bit register that overlaps with the 32-bit destination (e.g.,
CMOV EAX, dword ptr [RAX]) then the wrong address will be loaded from if the upper bits are non-zero. (e.g. the previous example will load fromRAX & 0xffff_ffffinstead ofRAX).This is directly caused by the
build check_Reg32_deststatement, but the actual issue is that the source address should be loaded into a temporary before before checking the condition. Notably, it is still correct to zero the upper 32-bit of the 64-bit register in x64 mode even if the condition is false, so this behavior has been kept.e.g.,
0f4000 "CMOVO EAX, dword ptr [RAX]" with RAX=0x1_0000_0000, OF=1, mem[0x1_0000_0000]=aaaaaaaa, mem[0x0]=bbbbbbbb.
x86:LE:64:default(Existing): "CMOV EAX, dword ptr [RAX]" { RAX=0xbbbbbbbb }x86:LE:64:default(This patch): CMOV EAX, dword ptr [RAX]" { RAX=0xaaaaaaaa }The other constructors have been adjusted even though this issue doesn't directly affect them, to more closely match the real semantics, i.e. the manual states: "CMOVcc loads data from its source operand into a temporary register unconditionally (regardless of the condition code and the status flags in the EFLAGS register)".