I'm understand your position. But why in TCG undefined flags obviously change to zero in some cases? For example: af = 0; /* undefined */
It is not a part of Intel specification, what reason was apply that convention? 28.04.2014, 17:49, "Peter Maydell" <peter.mayd...@linaro.org>: > On 28 April 2014 14:41, Dmitry Poletaev <poletaev-q...@yandex.ru> wrote: > >> Let's imagine we analyse a program(may be a malware) and so >> run it in emulator. Malware can execute that test and understand >> that it run in an emulator. After that malware can make decision, >> that someone analyse it and alter its behavior with a view to >> make analysis more complicated. > > I understand this theory. I think it's misguided to think that > it's possible to avoid the problem. > >> So it makes sense to apply that patch. > > I disagree with this, because we can never make QEMU behave > exactly identically to the hardware (timing effects, weird > choices of QEMU devices, etc). We cannot offer this guarantee, > so there is no point in attempting to make changes purely > to try to provide the guarantee in some areas. > > (Just to pick a fairly easy way guest malware can > detect QEMU TCG, it can run timing tests that probe for > the size of L1 cache by looking for the point where memory > access time falls off a cliff. QEMU will never be able to > emulate caches with the same sort of memory timing profile.) > > thanks > -- PMM
