From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.24)
	id 1AQbjp-0006Y1-9B
	for qemu-devel@nongnu.org; Sun, 30 Nov 2003 19:16:29 -0500
Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.24)
	id 1AQbjI-0006Sa-7Z
	for qemu-devel@nongnu.org; Sun, 30 Nov 2003 19:16:27 -0500
Received: from [193.252.22.25] (helo=mwinf0601.wanadoo.fr)
	by monty-python.gnu.org with esmtp (Exim 4.24) id 1AQbjG-0006SH-Hi
	for qemu-devel@nongnu.org; Sun, 30 Nov 2003 19:15:54 -0500
Received: from free.fr (ATuileries-112-1-3-153.w81-48.abo.wanadoo.fr
	[81.48.134.153])
	by mwinf0601.wanadoo.fr (SMTP Server) with ESMTP id 5BDD0340011D
	for <qemu-devel@nongnu.org>; Mon,  1 Dec 2003 00:14:28 +0100 (CET)
Message-ID: <3FCA7A08.2000408@free.fr>
Date: Mon, 01 Dec 2003 00:15:20 +0100
From: Fabrice Bellard <fabrice.bellard@free.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] IMUL eflags update
Reply-To: qemu-devel@nongnu.org
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <http://mail.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://mail.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://mail.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Hi,

My next patches will allow Windows 3.11 to be usable in QEMU. While 
fixing a bug related to the cursor drawing, I found an interesting 
problem related to x86 processors:

Which x86 condition codes get updated by the mul/imul instructions ?

The intel specs says that only CF and OF are updated. The other 
condition codes are said to be undefined. The problem is that the 
Windows 3.11 cursor drawing code relies on the "SF" flag after imul 
(here is the offending code disassembled with Bochs):

0002866d: (                    ): mov AX, DS:[BX+0169]      ; 8b876901
00028671: (                    ): mov CX, DS:[BP+0165]      ; 3e8b8e6501
00028676: (                    ): sub AX, CX                ; 2bc1
00028678: (                    ): mov DL, AL                ; 8ad0
0002867a: (                    ): imul AX, AX, 05           ; 6bc005
0002867d: (                    ): jl 8685                   ; 7c06
0002867f: (                    ): add DI, AX                ; 03f8
00028681: (                    ): neg DL                    ; f6da
00028683: (                    ): jmp 8687                  ; eb02
00028685: (                    ): sub SI, AX                ; 2bf0
00028687: (                    ): add DL, 20                ; 80c220

The solution used by Bochs to fix the problem is to say that imul 
modifies only OF and CF. The other flas are not modified.

QEMU currently zeros all the other flags in order to have a faster flag 
update.

By doing tests on a Pentium 4 processor, it seems that at least SF is 
set according to the result of the IMUL operation.

So what is the best behavior to implement ? Bochs one or P4 one ?

Fabrice.