diff options
author | Richard Henderson <rth@twiddle.net> | 2015-11-17 12:41:47 +0100 |
---|---|---|
committer | Eduardo Habkost <ehabkost@redhat.com> | 2015-11-17 17:05:59 -0200 |
commit | 9ecac5dad16722ce2a8c3e88d8eeba5794990031 (patch) | |
tree | baa00a9da13e3b98c20ccfa7ff452fa3d7966288 | |
parent | 9be060f5278dc0d732ebfcf2bf0a293f88b833eb (diff) | |
download | qemu-9ecac5dad16722ce2a8c3e88d8eeba5794990031.zip qemu-9ecac5dad16722ce2a8c3e88d8eeba5794990031.tar.gz qemu-9ecac5dad16722ce2a8c3e88d8eeba5794990031.tar.bz2 |
target-i386: Fix mulx for identical target regs
The Intel specification clearly indicates that the low part
of the result is written first and the high part of the result
is written second; thus if ModRM:reg and VEX.vvvv are identical,
the final result should be the high part of the result.
At present, TCG may either produce incorrect results or crash
with --enable-checking.
Reported-by: Toni Nedialkov <farmdve@gmail.com>
Reported-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
-rw-r--r-- | target-i386/translate.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/target-i386/translate.c b/target-i386/translate.c index fbe4f80..a3dd167 100644 --- a/target-i386/translate.c +++ b/target-i386/translate.c @@ -3848,8 +3848,10 @@ static void gen_sse(CPUX86State *env, DisasContext *s, int b, break; #ifdef TARGET_X86_64 case MO_64: - tcg_gen_mulu2_i64(cpu_regs[s->vex_v], cpu_regs[reg], + tcg_gen_mulu2_i64(cpu_T[0], cpu_T[1], cpu_T[0], cpu_regs[R_EDX]); + tcg_gen_mov_i64(cpu_regs[s->vex_v], cpu_T[0]); + tcg_gen_mov_i64(cpu_regs[reg], cpu_T[1]); break; #endif } |