<html>

    <head>

      <base href="https://llvm.org/bugs/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW --- - llvm-mc incorrectly disassembles RIP relative instructions with REX.B"

   href="https://llvm.org/bugs/show_bug.cgi?id=23271">23271</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>llvm-mc incorrectly disassembles RIP relative instructions with REX.B

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>tools

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>3.5

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>llvmc

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>matt_barney@yahoo.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvmbugs@cs.uiuc.edu

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Bug Synopsis

============

From:

<a href="http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf">http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf</a>

"The ModR/M encoding for RIP-relative addressing does not depend on using

prefix.  Specifically, the r/m bit field encoding of 101B (used to select

RIP-relative addressing) is not affected by the REX prefix.  For example,

selecting R13 (REX.B = 1, r/m = 101B) with mod = 00B still results in

RIP-relative addressing."  -- 2-6 Vol. 2A, Intel 64 and ia32 Architectures

Software Developer's Manual

As such, we should expect when REX = 0x49 (REX.W = 1, and REX.B = 1), for

example, to not affect the disassembly of RIP relative addressing in an ADD

instruction.

So:

    echo "0x49 0x03 0x1d 0xff 0x0 0x0 0x0" | llvm-mc --disassemble

should disassemble to:

    .text

        addq    255(%rip), %rbp

instead, we receive:

    .text

        addq    (%r13), %rbp

        incl    (%rax)

        addb    %al, (%rax)

I.e., REX.B selected %r13 in the ModR/M byte after disassembly, which is

explicitly proscribed in the specification above.

Compare this to a REX without the B bit set (REX.W = 1, REX.R = 1), i.e., 0x4c:

    echo "0x4c 0x03 0x1d 0xff 0x0 0x0 0x0" | llvm-mc --disassemble

which correctly disassembles to:

    .text

        addq    255(%rip), %r13

Steps to Reproduce

=================

uname:

Linux derp 3.19.3-3-ARCH #1 SMP PREEMPT Wed Apr 8 14:10:00 CEST 2015 x86_64

GNU/Linux

llvm: 3.5

tool: llvm-mc

1. run the following command: 

    echo "0x49 0x03 0x1d 0xff 0x0 0x0 0x0" | llvm-mc --disassemble

2. Note the output:

    .text

        addq    (%r13), %rbp

        incl    (%rax)

        addb    %al, (%rax)

3. Which should be:

    .text

        addq    255(%rip), %rbp</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>