Skip to content

x86 ADOX and ADCX semantic bug

Host environment

  • Operating system: Windows 10 20H2
  • OS/kernel version: WSL2 Ubuntu 20.04.4 LTS (GNU/Linux 5.10.102.1-microsoft-standard-WSL2 x86_64)
  • Architecture: x86
  • QEMU flavor: qemu-x86_64
  • QEMU version: 7.1.90 (v7.2.0-rc0)
  • QEMU command line: qemu-x86_64 -cpu max a.out

Emulated/Virtualized environment

  • Operating system: None
  • OS/kernel version: None
  • Architecture: x86

Description of problem

The result of instruction ADOX and ADCX are different from the CPU. The value of one of EFLAGS is different.

Steps to reproduce

  1. Compile this code
void main() {
    asm("push 512; popfq;");
    asm("mov rax, 0xffffffff84fdbf24");
    asm("mov rbx, 0xb197d26043bec15d");
    asm("adox eax, ebx");
}
  1. Execute and compare the result with the CPU. This problem happens with ADCX, too (with CF).
    • CPU
      • OF = 0
    • QEMU
      • OF = 1

Additional information

This bug is discovered by research conducted by KAIST SoftSec.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information