x86_64 test regression in git version (test_tb_x86_64_32_imul_Gv_Ev_Ib)

[anthraxx]

Hi, I have noticed some test regressions in the latest git HEAD of unicorn (the last release passes fine).
Note 1: i have even reduced -O level to 2
Note 2: not sure if this also happens with gcc5, but: gcc (GCC) 6.1.1 20160501

./test_tb_x86
[==========] Running 1 test(s).
[ RUN      ] test_tb_x86_64_32_imul_Gv_Ev_Ib

hook_code32: Address: 60000021, Opcode Size: 3
Register dump:
eax 00000041 ecx 5ffffff8 edx 5ffffff8 ebx 034a129b
esp 6010229a ebp 60000002 esi 1f350211 edi 488ac239 
Opcode: 30 41 30 
Stack region dump
60000000: 89 e1 d9 cd d9 71 f4 5d 55 59 49 49 49 49 49 49 
60000010: 49 49 49 49 43 43 43 43 43 43 37 51 5a 6a 41 58 
60000020: 50 30 41 30 41 6b 41 41 51 32 41 42 32 42 42 30 
60000030: 42 42 41 42 58 50 38 41 42 75 4a 49 51 51 51 52 
60000040: 47 33 47 34 51 55 51 56 50 47 47 38 47 39 50 4a 
60000050: 50 4b 50 4c 50 4d 50 4e 50 4f 50 50 50 31 47 42 
60000060: 47 42 50 34 50 5a 50 45 51 52 46 32 47 31 50 4d 
60000070: 51 51 50 4e 41 41 0 
Register dump:
eax 00000041 ecx 5ffffff8 edx 5ffffff8 ebx 034a129b
esp 6010229a ebp 60000002 esi 1f350211 edi 488ac239 
hook_mem32(R): Address: 0x60000028, Size: 1, Value:0x0
hook_mem32(W): Address: 0x60000028, Size: 1, Value:0x10
hook_code32: Address: 60000021, Opcode Size: 3
Register dump:
eax 00000041 ecx 5ffffff8 edx 5ffffff8 ebx 034a129b
esp 6010229a ebp 60000002 esi 1f350211 edi 488ac239 
Opcode: 30 41 30 
Stack region dump
60000000: 89 e1 d9 cd d9 71 f4 5d 55 59 49 49 49 49 49 49 
60000010: 49 49 49 49 43 43 43 43 43 43 37 51 5a 6a 41 58 
60000020: 50 30 41 30 41 6b 41 41 51 32 41 42 32 42 42 30 
60000030: 42 42 41 42 58 50 38 41 42 75 4a 49 51 51 51 52 
60000040: 47 33 47 34 51 55 51 56 50 47 47 38 47 39 50 4a 
60000050: 50 4b 50 4c 50 4d 50 4e 50 4f 50 50 50 31 47 42 
60000060: 47 42 50 34 50 5a 50 45 51 52 46 32 47 31 50 4d 
60000070: 51 51 50 4e 41 41 0 
Register dump:
eax 00000041 ecx 5ffffff8 edx 5ffffff8 ebx 034a129b
esp 6010229a ebp 60000002 esi 1f350211 edi 488ac239 
hook_mem32(R): Add    ress: 0x60000028, Size: 1, Value:0x0
hook_mem32(W): Address: 0x60000028, Size: 1, Value:0x10
hook_code32: Address: 60000024, Opcode Size: 1
Register dump:
eax 00000041 ecx 5ffffff8 edx 5ffffff8 ebx 034a129b
esp 6010229a ebp 60000002 esi 1f350211 edi 488ac239 
Opcode: 41 
Stack region dump
60000000: 89 e1 d9 cd d9 71 f4 5d 55 59 49 49 49 49 49 49 
60000010: 49 49 49 49 43 43 43 43 43 43 37 51 5a 6a 41 58 
60000020: 50 30 41 30 41 6b 41 41 10 32 41 42 32 42 42 30 
60000030: 42 42 41 42 58 50 38 41 42 75 4a 49 51 51 51 52 
60000040: 47 33 47 34 51 55 51 56 50 47 47 38 47 39 50 4a 
60000050: 50 4b 50 4c 50 4d 50 4e 50 4f 50 50 50 31 47 42 
60000060: 47 42 50 34 50 5a 50 45 51 52 46 32 47 31 50 4d 
60000070: 51 51 50 4e 41 41 0 
Register dump:
eax 00000041 ecx 5ffffff8 edx 5ffffff8 ebx 034a129b
esp 6010229a ebp 60000002 esi 1f350211 edi 488ac239 

hook_code32: Address: 60000025, Opcode Size: 4
Register dump:
eax 00000041 ecx 5ffffff9 edx 5ffffff8 ebx 034a129b
esp 6010229a ebp 60000002 esi 1f350211 edi 488ac239 
Opcode: 6b 41 41 10 
Stack region dump
60000000: 89 e1 d9 cd d9 71 f4 5d 55 59 49 49 49 49 49 49 
60000010: 49 49 49 49 43 43 43 43 43 43 37 51 5a 6a 41 58 
60000020: 50 30 41 30 41 6b 41 41 10 32 41 42 32 42 42 30 
60000030: 42 42 41 42 58 50 38 41 42 75 4a 49 51 51 51 52 
60000040: 47 33 47 34 51 55 51 56 50 47 47 38 47 39 50 4a 
60000050: 50 4b 50 4c 50 4d 50 4e 50 4f 50 50 50 31 47 42 
60000060: 47 42 50 34 50 5a 50 45 51 52 46 32 47 31 50 4d 
60000070: 51 51 50 4e 41 41 0 
IMUL eax,[ecx+0x41],0x10
ECX = 5ffffff9
5ffffff9 + 0x41 = 6000003a
Proved that 0x6000003a contains the proper 0x5151494a
Register dump:
eax 00000041 ecx 5ffffff9 edx 5ffffff8 ebx 034a129b
esp 6010229a ebp 60000002 esi 1f350211 edi 488ac239 
hook_mem32(R): Address: 0x6000003a, Size: 4, Value:0x0

hook_code32: Address: 60000029, Opcode Size: 3
Register dump:
eax bab8306a ecx 5ffffff9 edx 5ffffff8 ebx 034a129b
esp 6010229a ebp 60000002 esi 1f350211 edi 488ac239 
Opcode: 32 41 42 
Stack region dump
60000000: 89 e1 d9 cd d9 71 f4 5d 55 59 49 49 49 49 49 49 
60000010: 49 49 49 49 43 43 43 43 43 43 37 51 5a 6a 41 58 
60000020: 50 30 41 30 41 6b 41 41 10 32 41 42 32 42 42 30 
60000030: 42 42 41 42 58 50 38 41 42 75 4a 49 51 51 51 52 
60000040: 47 33 47 34 51 55 51 56 50 47 47 38 47 39 50 4a 
60000050: 50 4b 50 4c 50 4d 50 4e 50 4f 50 50 50 31 47 42 
60000060: 47 42 50 34 50 5a 50 45 51 52 46 32 47 31 50 4d 
60000070: 51 51 50 4e 41 41 0 
ERROR: FAIL: TB did not flush; eax is not the expected 0x151494a0

test_tb_x86.c:185: error: Failure!

[  FAILED  ] test_tb_x86_64_32_imul_Gv_Ev_Ib
[==========] 1 test(s) run.
[  PASSED  ] 0 test(s).
[  FAILED  ] 1 test(s), listed below:
[  FAILED  ] test_tb_x86_64_32_imul_Gv_Ev_Ib

 1 FAILED TEST(S)
Makefile:28: recipe for target 'test' failed

[anthraxx]

So it looks like this test case was introduced for the bug report #364 and was not yet solved?

git bisect gave:

f0dac63 is the first bad commit
commit f0dac63
Author: steve steve@steve.home
Date: Sat Jan 16 18:05:32 2016 -0500

In response to issue #364, a unit test case has been created
for exercising proper flushing of the instruction translation cache.

:040000 040000 cfde67c25f3146d5108919cdcc6fa98213aa7492 b0cb19da988a1d373997e3701a875a3ecfa9da6f M tests

should we just close this one as its kind of a duplicate? At least it will now give a reference point for people going through issue titles

[egberts]

Yeah, its not solved yet.
It is a design flaw of QEMU.
It runs invalidation twice if found within the same Translation Block.
Since XOR was emulated twice on a memory location also within the same TLB, it became essentially a NOP code modifier.