[LLVMbugs] [Bug 23271] New: llvm-mc incorrectly disassembles RIP relative instructions with REX.B

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Fri Apr 17 11:54:21 PDT 2015 

https://llvm.org/bugs/show_bug.cgi?id=23271

            Bug ID: 23271
           Summary: llvm-mc incorrectly disassembles RIP relative
                    instructions with REX.B
           Product: tools
           Version: 3.5
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: llvmc
          Assignee: unassignedbugs at nondot.org
          Reporter: matt_barney at yahoo.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

Bug Synopsis
============

From:
http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf

"The ModR/M encoding for RIP-relative addressing does not depend on using
prefix.  Specifically, the r/m bit field encoding of 101B (used to select
RIP-relative addressing) is not affected by the REX prefix.  For example,
selecting R13 (REX.B = 1, r/m = 101B) with mod = 00B still results in
RIP-relative addressing."  -- 2-6 Vol. 2A, Intel 64 and ia32 Architectures
Software Developer's Manual

As such, we should expect when REX = 0x49 (REX.W = 1, and REX.B = 1), for
example, to not affect the disassembly of RIP relative addressing in an ADD
instruction.

So:

    echo "0x49 0x03 0x1d 0xff 0x0 0x0 0x0" | llvm-mc --disassemble

should disassemble to:

    .text
        addq    255(%rip), %rbp

instead, we receive:

    .text
        addq    (%r13), %rbp
        incl    (%rax)
        addb    %al, (%rax)

I.e., REX.B selected %r13 in the ModR/M byte after disassembly, which is
explicitly proscribed in the specification above.

Compare this to a REX without the B bit set (REX.W = 1, REX.R = 1), i.e., 0x4c:

    echo "0x4c 0x03 0x1d 0xff 0x0 0x0 0x0" | llvm-mc --disassemble

which correctly disassembles to:

    .text
        addq    255(%rip), %r13


Steps to Reproduce
=================

uname:
Linux derp 3.19.3-3-ARCH #1 SMP PREEMPT Wed Apr 8 14:10:00 CEST 2015 x86_64
GNU/Linux
llvm: 3.5
tool: llvm-mc

1. run the following command: 
    echo "0x49 0x03 0x1d 0xff 0x0 0x0 0x0" | llvm-mc --disassemble
2. Note the output:
    .text
        addq    (%r13), %rbp
        incl    (%rax)
        addb    %al, (%rax)
3. Which should be:
    .text
        addq    255(%rip), %rbp

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20150417/6b3547dd/attachment.html>

More information about the llvm-bugs mailing list