lifting-bits · mrexodia · May 22, 2026 · May 22, 2026 · May 22, 2026 · May 22, 2026
@@ -283,9 +283,12 @@ DEF_SEM(MULX, D dst1, D dst2, const S2 src2) {
   auto res_high = UShr(res, ZExt(BitSizeOf(src2)));
 
   // In 64-bit, a 32-bit dest needs to zero-extend up to 64 bits because the
-  // write version of the reg will be the 64-bit version.
-  WriteZExt(dst1, TruncTo<S2>(res_high));  // High N bits.
+  // write version of the reg will be the 64-bit version. MULX writes its
+  // first explicit destination with the high half and its second explicit
+  // destination with the low half; write the second destination first so that
+  // aliasing destinations leave the architecturally observed high half.
   WriteZExt(dst2, TruncTo<S2>(res));  // Low N bits.
+  WriteZExt(dst1, TruncTo<S2>(res_high));  // High N bits.
   return memory;
 }
 
@@ -534,23 +537,63 @@ IF_64BIT(DEF_ISEL(DIV_GPRv_64) = DIVrdxrax<R64>;)
 
 namespace {
 
+ALWAYS_INLINE static float32_t X86IndefiniteQNaN(float32_t) {
+  nan32_t ret = {};
+  ret.flat = 0xFFC00000U;
+  return ret.f;
+}
+
+ALWAYS_INLINE static float64_t X86IndefiniteQNaN(float64_t) {
+  nan64_t ret = {};
+  ret.flat = 0xFFF8000000000000ULL;
+  return ret.d;
+}
+
+template <typename T>
+ALWAYS_INLINE static T X86Div(T lhs, T rhs) {
+  auto quot = FDiv(lhs, rhs);
+  if ((IsZero(lhs) && IsZero(rhs)) ||
+      (IsInfinite(lhs) && IsInfinite(rhs))) {
+    return X86IndefiniteQNaN(lhs);
+  }
+  return quot;
+}
+
+template <typename V>
+ALWAYS_INLINE static V X86DivV32(V lhs, V rhs) {
+  auto res = lhs;
+  _Pragma("unroll") for (addr_t i = 0; i < NumVectorElems(lhs); ++i) {
+    res = FInsertV32(res, i, X86Div(FExtractV32(lhs, i), FExtractV32(rhs, i)));
+  }
+  return res;
+}
+
+template <typename V>
+ALWAYS_INLINE static V X86DivV64(V lhs, V rhs) {
+  auto res = lhs;
+  _Pragma("unroll") for (addr_t i = 0; i < NumVectorElems(lhs); ++i) {
+    res = FInsertV64(res, i, X86Div(FExtractV64(lhs, i), FExtractV64(rhs, i)));
+  }
+  return res;
+}
+
 template <typename D, typename S1, typename S2>
 DEF_SEM(DIVPS, D dst, S1 src1, S2 src2) {
-  FWriteV32(dst, FDivV32(FReadV32(src1), FReadV32(src2)));
+  FWriteV32(dst, X86DivV32(FReadV32(src1), FReadV32(src2)));
   return memory;
 }
 
 template <typename D, typename S1, typename S2>
 DEF_SEM(DIVPD, D dst, const S1 src1, const S2 src2) {
-  FWriteV64(dst, FDivV64(FReadV64(src1), FReadV64(src2)));
+  FWriteV64(dst, X86DivV64(FReadV64(src1), FReadV64(src2)));
   return memory;
 }
 
 template <typename D, typename S1, typename S2>
 DEF_SEM(DIVSS, D dst, S1 src1, S2 src2) {
   auto lhs = FReadV32(src1);
   auto rhs = FReadV32(src2);
-  auto quot = FDiv(FExtractV32(lhs, 0), FExtractV32(rhs, 0));
+  auto quot = X86Div(FExtractV32(lhs, 0), FExtractV32(rhs, 0));
   auto res = FInsertV32(lhs, 0, quot);
   FWriteV32(dst, res);  // SSE: Writes to XMM, AVX: Zero-extends XMM.
   return memory;
@@ -560,7 +603,7 @@ template <typename D, typename S1, typename S2>
 DEF_SEM(DIVSD, D dst, S1 src1, S2 src2) {
   auto lhs = FReadV64(src1);
   auto rhs = FReadV64(src2);
-  auto quot = FDiv(FExtractV64(lhs, 0), FExtractV64(rhs, 0));
+  auto quot = X86Div(FExtractV64(lhs, 0), FExtractV64(rhs, 0));
   auto res = FInsertV64(lhs, 0, quot);
   FWriteV64(dst, res);  // SSE: Writes to XMM, AVX: Zero-extends XMM.
   return memory;
@@ -665,6 +708,30 @@ DEF_SEM(ADC, D dst, S1 src1, S2 src2) {
   return memory;
 }
 
+template <typename D, typename S1, typename S2>
+DEF_SEM(ADCX, D dst, S1 src1, S2 src2) {
+  auto lhs = Read(src1);
+  auto rhs = Read(src2);
+  auto carry = ZExtTo<S1>(Unsigned(Read(FLAG_CF)));
+  auto sum = UAdd(lhs, rhs);
+  auto res = UAdd(sum, carry);
+  WriteZExt(dst, res);
+  Write(FLAG_CF, CarryFlag<tag_add>(lhs, rhs, sum, carry, res));
+  return memory;
+}
+
+template <typename D, typename S1, typename S2>
+DEF_SEM(ADOX, D dst, S1 src1, S2 src2) {
+  auto lhs = Read(src1);
+  auto rhs = Read(src2);
+  auto carry = ZExtTo<S1>(Unsigned(Read(FLAG_OF)));
+  auto sum = UAdd(lhs, rhs);
+  auto res = UAdd(sum, carry);
+  WriteZExt(dst, res);
+  Write(FLAG_OF, CarryFlag<tag_add>(lhs, rhs, sum, carry, res));
+  return memory;
+}
+
 template <typename D, typename S1, typename S2>
 DEF_SEM(SBB, D dst, S1 src1, S2 src2) {
   auto lhs = Read(src1);
@@ -717,3 +784,9 @@ DEF_ISEL_RnW_Rn_Mn(ADC_GPRv_MEMv, ADC);
 DEF_ISEL_RnW_Rn_Rn(ADC_GPRv_GPRv_13, ADC);
 DEF_ISEL(ADC_AL_IMMb) = ADC<R8W, R8, I8>;
 DEF_ISEL_RnW_Rn_In(ADC_OrAX_IMMz, ADC);
+
+DEF_ISEL(ADCX_GPR32d_GPR32d) = ADCX<R32W, R32, R32>;
+IF_64BIT(DEF_ISEL(ADCX_GPR64q_GPR64q) = ADCX<R64W, R64, R64>;)
+
+DEF_ISEL(ADOX_GPR32d_GPR32d) = ADOX<R32W, R32, R32>;
+IF_64BIT(DEF_ISEL(ADOX_GPR64q_GPR64q) = ADOX<R64W, R64, R64>;)
@@ -160,6 +160,21 @@ namespace {
     UndefFlag(pf); \
   } while (false)
 
+template <typename S1, typename S2>
+ALWAYS_INLINE static auto BTMemoryIndex(Memory *&memory, S1, S2 src2) {
+  using ElementT = typename BaseType<S1>::BT;
+  constexpr unsigned kBitIndexShift = sizeof(ElementT) == 8 ? 6u :
+                                      sizeof(ElementT) == 4 ? 5u :
+                                      sizeof(ElementT) == 2 ? 4u : 3u;
+  auto signed_index = SShr(SExtTo<S1>(Read(src2)), SLiteral<S1>(kBitIndexShift));
+  return static_cast<addr_t>(signed_index);
+}
+
+template <typename S1, typename T>
+ALWAYS_INLINE static addr_t BTMemoryIndex(Memory *&, S1, In<T>) {
+  return 0;
+}
+
 template <typename S1, typename S2>
 DEF_SEM(BTreg, S1 src1, S2 src2) {
   auto val = Read(src1);
@@ -174,7 +189,7 @@ template <typename S1, typename S2>
 DEF_SEM(BTmem, S1 src1, S2 src2) {
   auto bit = ZExtTo<S1>(Read(src2));
   auto bit_mask = UShl(Literal<S1>(1), URem(bit, BitSizeOf(src1)));
-  auto index = UDiv(bit, BitSizeOf(src1));
+  auto index = BTMemoryIndex(memory, src1, src2);
   auto val = Read(GetElementPtr(src1, index));
   Write(FLAG_CF, UCmpNeq(UAnd(val, bit_mask), Literal<S1>(0)));
   _BTClearUndefFlags();
@@ -196,7 +211,7 @@ template <typename D, typename S1, typename S2>
 DEF_SEM(BTSmem, D dst, S1 src1, S2 src2) {
   auto bit = ZExtTo<S1>(Read(src2));
   auto bit_mask = UShl(Literal<S1>(1), URem(bit, BitSizeOf(src1)));
-  auto index = UDiv(bit, BitSizeOf(src1));
+  auto index = BTMemoryIndex(memory, src1, src2);
   auto val = Read(GetElementPtr(src1, index));
   Write(GetElementPtr(dst, index), UOr(val, bit_mask));
   Write(FLAG_CF, UCmpNeq(UAnd(val, bit_mask), Literal<S1>(0)));
@@ -219,7 +234,7 @@ template <typename D, typename S1, typename S2>
 DEF_SEM(BTRmem, D dst, S1 src1, S2 src2) {
   auto bit = ZExtTo<S1>(Read(src2));
   auto bit_mask = UShl(Literal<S1>(1), URem(bit, BitSizeOf(src1)));
-  auto index = UDiv(bit, BitSizeOf(src1));
+  auto index = BTMemoryIndex(memory, src1, src2);
   auto val = Read(GetElementPtr(src1, index));
   Write(GetElementPtr(dst, index), UAnd(val, UNot(bit_mask)));
   Write(FLAG_CF, UCmpNeq(UAnd(val, bit_mask), Literal<S1>(0)));
@@ -242,7 +257,7 @@ template <typename D, typename S1, typename S2>
 DEF_SEM(BTCmem, D dst, S1 src1, S2 src2) {
   auto bit = ZExtTo<S1>(Read(src2));
   auto bit_mask = UShl(Literal<S1>(1), URem(bit, BitSizeOf(src1)));
-  auto index = UDiv(bit, BitSizeOf(src1));
+  auto index = BTMemoryIndex(memory, src1, src2);
   auto val = Read(GetElementPtr(src1, index));
   Write(GetElementPtr(dst, index), UXor(val, bit_mask));
   Write(FLAG_CF, UCmpNeq(UAnd(val, bit_mask), Literal<S1>(0)));
@@ -410,6 +425,50 @@ DEF_SEM(BZHI, D dst, S1 src1, S2 src2) {
   return memory;
 }
 
+// BMI1 bit-low operations write CF/ZF/SF/OF, leave AF/PF undefined, and do
+// not read flags.
+template <typename D, typename S>
+DEF_SEM(BLSI, D dst, S src) {
+  auto val = Read(src);
+  auto res = UAnd(val, USub(Literal<S>(0), val));
+  WriteZExt(dst, res);
+  Write(FLAG_CF, UCmpNeq(val, Literal<S>(0)));
+  Write(FLAG_ZF, ZeroFlag(res));
+  Write(FLAG_SF, SignFlag(res));
+  Write(FLAG_OF, false);
+  UndefFlag(af);
+  UndefFlag(pf);
+  return memory;
+}
+
+template <typename D, typename S>
+DEF_SEM(BLSR, D dst, S src) {
+  auto val = Read(src);
+  auto res = UAnd(val, USub(val, Literal<S>(1)));
+  WriteZExt(dst, res);
+  Write(FLAG_CF, ZeroFlag(val));
+  Write(FLAG_ZF, ZeroFlag(res));
+  Write(FLAG_SF, SignFlag(res));
+  Write(FLAG_OF, false);
+  UndefFlag(af);
+  UndefFlag(pf);
+  return memory;
+}
+
+template <typename D, typename S>
+DEF_SEM(BLSMSK, D dst, S src) {
+  auto val = Read(src);
+  auto res = UXor(val, USub(val, Literal<S>(1)));
+  WriteZExt(dst, res);
+  Write(FLAG_CF, ZeroFlag(val));
+  Write(FLAG_ZF, ZeroFlag(res));
+  Write(FLAG_SF, SignFlag(res));
+  Write(FLAG_OF, false);
+  UndefFlag(af);
+  UndefFlag(pf);
+  return memory;
+}
+
 template <typename D, typename S>
 DEF_SEM(POPCNT, D dst, S src) {
   auto val = Read(src);
@@ -508,6 +567,33 @@ IF_64BIT(DEF_ISEL(BZHI_GPR64q_GPR64q_GPR64q) = BZHI<R64W, R64, R64>;)
 IF_64BIT(DEF_ISEL(BZHI_VGPR64q_MEMq_VGPR64q) = BZHI<R64W, M64, R64>;)
 IF_64BIT(DEF_ISEL(BZHI_VGPR64q_VGPR64q_VGPR64q) = BZHI<R64W, R64, R64>;)
 
+DEF_ISEL(BLSI_GPR32d_MEMd) = BLSI<R32W, M32>;
+DEF_ISEL(BLSI_GPR32d_GPR32d) = BLSI<R32W, R32>;
+DEF_ISEL(BLSI_VGPR32d_MEMd) = BLSI<R32W, M32>;
+DEF_ISEL(BLSI_VGPR32d_VGPR32d) = BLSI<R32W, R32>;
+IF_64BIT(DEF_ISEL(BLSI_GPR64q_MEMq) = BLSI<R64W, M64>;)
+IF_64BIT(DEF_ISEL(BLSI_GPR64q_GPR64q) = BLSI<R64W, R64>;)
+IF_64BIT(DEF_ISEL(BLSI_VGPR64q_MEMq) = BLSI<R64W, M64>;)
+IF_64BIT(DEF_ISEL(BLSI_VGPR64q_VGPR64q) = BLSI<R64W, R64>;)
+
+DEF_ISEL(BLSR_GPR32d_MEMd) = BLSR<R32W, M32>;
+DEF_ISEL(BLSR_GPR32d_GPR32d) = BLSR<R32W, R32>;
+DEF_ISEL(BLSR_VGPR32d_MEMd) = BLSR<R32W, M32>;
+DEF_ISEL(BLSR_VGPR32d_VGPR32d) = BLSR<R32W, R32>;
+IF_64BIT(DEF_ISEL(BLSR_GPR64q_MEMq) = BLSR<R64W, M64>;)
+IF_64BIT(DEF_ISEL(BLSR_GPR64q_GPR64q) = BLSR<R64W, R64>;)
+IF_64BIT(DEF_ISEL(BLSR_VGPR64q_MEMq) = BLSR<R64W, M64>;)
+IF_64BIT(DEF_ISEL(BLSR_VGPR64q_VGPR64q) = BLSR<R64W, R64>;)
+
+DEF_ISEL(BLSMSK_GPR32d_MEMd) = BLSMSK<R32W, M32>;
+DEF_ISEL(BLSMSK_GPR32d_GPR32d) = BLSMSK<R32W, R32>;
+DEF_ISEL(BLSMSK_VGPR32d_MEMd) = BLSMSK<R32W, M32>;
+DEF_ISEL(BLSMSK_VGPR32d_VGPR32d) = BLSMSK<R32W, R32>;
+IF_64BIT(DEF_ISEL(BLSMSK_GPR64q_MEMq) = BLSMSK<R64W, M64>;)
+IF_64BIT(DEF_ISEL(BLSMSK_GPR64q_GPR64q) = BLSMSK<R64W, R64>;)
+IF_64BIT(DEF_ISEL(BLSMSK_VGPR64q_MEMq) = BLSMSK<R64W, M64>;)
+IF_64BIT(DEF_ISEL(BLSMSK_VGPR64q_VGPR64q) = BLSMSK<R64W, R64>;)
+
 DEF_ISEL_RnW_Mn(POPCNT_GPRv_MEMv, POPCNT);
 DEF_ISEL_RnW_Rn(POPCNT_GPRv_GPRv, POPCNT);
 

@@ -113,6 +113,48 @@ DEF_SEM(CVTDQ2PD, D dst, S1 src) {
 typedef float32_t (*FloatConv32)(float32_t);
 typedef float64_t (*FloatConv64)(float64_t);
 
+ALWAYS_INLINE static bool IsInvalidInt32Result(float32_t val) {
+  return IsNaN(val) || val >= 2147483648.0f || val < -2147483648.0f;
+}
+
+ALWAYS_INLINE static bool IsInvalidInt32Result(float64_t val) {
+  return IsNaN(val) || val >= 2147483648.0 || val < -2147483648.0;
+}
+
+ALWAYS_INLINE static bool IsInvalidInt64Result(float32_t val) {
+  return IsNaN(val) || val >= 9223372036854775808.0f ||
+         val < -9223372036854775808.0f;
+}
+
+ALWAYS_INLINE static bool IsInvalidInt64Result(float64_t val) {
+  return IsNaN(val) || val >= 9223372036854775808.0 ||
+         val < -9223372036854775808.0;
+}
+
+ALWAYS_INLINE static int32_t X86FloatToInt32(float32_t val) {
+  return Select<int32_t>(IsInvalidInt32Result(val),
+                         static_cast<int32_t>(0x80000000U),
+                         Float32ToInt32(val));
+}
+
+ALWAYS_INLINE static int32_t X86FloatToInt32(float64_t val) {
+  return Select<int32_t>(IsInvalidInt32Result(val),
+                         static_cast<int32_t>(0x80000000U),
+                         Float64ToInt32(val));
+}
+
+ALWAYS_INLINE static int64_t X86FloatToInt64(float32_t val) {
+  return Select<int64_t>(IsInvalidInt64Result(val),
+                         static_cast<int64_t>(0x8000000000000000ULL),
+                         Float32ToInt64(val));
+}
+
+ALWAYS_INLINE static int64_t X86FloatToInt64(float64_t val) {
+  return Select<int64_t>(IsInvalidInt64Result(val),
+                         static_cast<int64_t>(0x8000000000000000ULL),
+                         Float64ToInt64(val));
+}
+
 }  // namespace
 
 DEF_ISEL(CVTDQ2PD_XMMpd_MEMq) = CVTDQ2PD<V128W, MV64, 2>;
@@ -154,7 +196,7 @@ DEF_SEM(CVTPD2DQ, D dst, S1 src) {
   auto dst_vec = SClearV32(SReadV32(dst));
   _Pragma("unroll") for (size_t i = 0; i < num_to_convert; ++i) {
     float64_t rounded_elem = FRound(FExtractV64(src_vec, i));
-    auto entry = Float64ToInt32(rounded_elem);
+    auto entry = X86FloatToInt32(rounded_elem);
     dst_vec = SInsertV32(dst_vec, i, entry);
   }
   SWriteV32(dst, dst_vec);
@@ -190,7 +232,7 @@ DEF_SEM(CVTPS2DQ, D dst, S1 src) {
   auto dst_vec = SClearV32(SReadV32(dst));
   _Pragma("unroll") for (size_t i = 0; i < num_to_convert; ++i) {
     float32_t rounded_elem = FRound(FExtractV32(src_vec, i));
-    dst_vec = SInsertV32(dst_vec, i, Float32ToInt32(rounded_elem));
+    dst_vec = SInsertV32(dst_vec, i, X86FloatToInt32(rounded_elem));
   }
   SWriteV32(dst, dst_vec);
   return memory;
@@ -221,15 +263,15 @@ namespace {
 template <typename S, FloatConv32 FRound = FRoundUsingMode32>
 DEF_SEM(CVTSS2SI_32, R32W dst, S src) {
   float32_t rounded_val = FRound(FExtractV32(FReadV32(src), 0));
-  WriteZExt(dst, Unsigned(Float32ToInt32(rounded_val)));
+  WriteZExt(dst, Unsigned(X86FloatToInt32(rounded_val)));
   return memory;
 }
 
 #if 64 == ADDRESS_SIZE_BITS
 template <typename S, FloatConv32 FRound = FRoundUsingMode32>
 DEF_SEM(CVTSS2SI_64, R64W dst, S src) {
   float32_t rounded_val = FRound(FExtractV32(FReadV32(src), 0));
-  Write(dst, Unsigned(Float32ToInt64(rounded_val)));
+  Write(dst, Unsigned(X86FloatToInt64(rounded_val)));
   return memory;
 }
 #endif  // ADDRESS_SIZE_BITS
@@ -265,15 +307,15 @@ namespace {
 template <typename S, FloatConv64 FRound = FRoundUsingMode64>
 DEF_SEM(CVTSD2SI_32, R32W dst, S src) {
   auto rounded_val = FRound(FExtractV64(FReadV64(src), 0));
-  WriteZExt(dst, Unsigned(Float64ToInt32(rounded_val)));
+  WriteZExt(dst, Unsigned(X86FloatToInt32(rounded_val)));
   return memory;
 }
 
 #if 64 == ADDRESS_SIZE_BITS
 template <typename S, FloatConv64 FRound = FRoundUsingMode64>
 DEF_SEM(CVTSD2SI_64, R64W dst, S src) {
   auto rounded_val = FRound(FExtractV64(FReadV64(src), 0));
-  Write(dst, Unsigned(Float64ToInt64(rounded_val)));
+  Write(dst, Unsigned(X86FloatToInt64(rounded_val)));
   return memory;
 }
 #endif  // ADDRESS_SIZE_BITS