Incorrect decoding of MOVEFROMCREG_DSZ64 when studying rdmsr handlers

Open fishilico opened this issue 4 years ago • 0 comments

Hello, When studying the instructions referenced in misc/glm_msr_read_desc.txt, I stumbled upon something odd. Some MSR use chkproc: U3740, others chkproc: U3748, and the associated instructions are decoded in exactly the same way:

U3740: 006200035e80                tmp5:= MOVEFROMCREG_DSZ64(tmp10)
           05370000                SEQW GOTO U3700

U3748: 106200035e80                tmp5:= MOVEFROMCREG_DSZ64(tmp10)
           05370000                SEQW GOTO U3700

The only difference between these two entries is the bit 44 of the uop (0x100000000000). If I understood things correctly, this bit changes the meaning of the instruction and it could be for example to use a different data size.

Moreover a third entry, U300c, uses a similar uop but with bit 45 set (in uop 306200035e80):

U300c: 306200035e80                tmp5:= MOVEFROMCREG_DSZ64(tmp10)
U300d: 000401031e08                tmp1:= AND_DSZ32(0x00000001, tmp8)
U300e: 006520032235                tmp2:= SHR_DSZ64(tmp5, 0x00000020)
           01c4b180                SEQW GOTO U44b1

Is there a way to check the semantics of uops 006200035e80, 106200035e80 and 306200035e80? For example if bits 44 and 45 control the data size of the operation, it would be great to verify this and to update the disassembler with this knowledge.

Anyway thanks for sharing this great work!

May 21 '21 17:05 fishilico