Intel® ISA Extensions
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.
1120 Discussions

Possible bug in SDE - jump with 16-bit operand size

Michael_R_8
Beginner
‎10-20-2015 02:00 PM
882 Views

The Software Developer's Manual, and the corresponding AMD document, indicate that after the new RIP is calculated, it is then truncated to whatever the instruction's operand size is.

To see if this was actually true, I assembled a JMP instruction with a 66 prefix, to set an operand size of 16 bits.  I would expect this to jump to a 16-bit address.

Running this instruction on my AMD Steamroller CPU, I got a segmentation fault.

But running it with SDE, the trace shows a jump without truncating the destination address.

It would appear that SDE is incorrect.

Here is the assembler code

.global main
main:

jmp x
x:

data16 jmp y          # This instruction seg faults on AMD processor
y:


ret

Here is the trace from SDE

TID0: INS 0x0000000100401000             BASE     jmp 0x100401002
TID0: INS 0x0000000100401002             BASE     jmp 0x100401005
TID0: Read 0x76e15a4d = *(UINT64*)000000000022FF58
TID0: INS 0x0000000100401005             BASE     ret                                      | rsp = 0x22ff60

 

 

0 Kudos

Link Copied

3 Replies
MarkC_Intel
Moderator
‎10-20-2015 02:18 PM
882 Views

Can you show the hex for the 2nd instruction please? 

0 Kudos
Copy link
Michael_R_8
Beginner
‎10-20-2015 02:41 PM
882 Views

Here is objdump of the code

0000000000000000 <main>:
   0:   eb 00                   jmp    2 <x>

0000000000000002 <x>:
   2:   66 eb 00                data16 jmp 5 <y>

0000000000000005 <y>:
   5:   c3                      ret

ADDITIONAL NOTE:

I've also verified the same behavior for Jcc.

For JRCXZ, however, both docs say the jump address is truncated, but on my AMD processor, I do not get the segmentation fault.  I have verified that the branch is actually taken.

I haven't tried CALL, nor a JMP with a 32-bit displacement.

 

0 Kudos
Copy link
MarkC_Intel
Moderator
‎10-21-2015 04:58 AM
882 Views

This is not an SDE bug. There are some historic ISA differences in implementations between Intel and AMD processors. RIP-handling for 66-prefixed near  branches in 64b mode is one of the areas of difference. FWIW, your code runs fine on the Intel processors. 

 

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.