[Qemu-devel] softMMU / MOV translation

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] softMMU / MOV translation

From:	Clemens Kolbitsch
Subject:	[Qemu-devel] softMMU / MOV translation
Date:	Wed, 25 Jul 2007 14:04:47 +0200
User-agent:	KMail/1.9.6

hi!
i tried asking this in the irc  but got no answer, hope someone can help me 
here :-)

i'm working on memory-protection for my mather's thesis and have to dig into 
qemu memory management... could someone help me here please? i have the 
following problem:

i'm trying to understand the dynamic translation for the following mov-opcode 
(it's taken from the qemu log with "log asm_in,asm_out"):

IN:
0xc011c9f2:  mov    0x60(%esi),%edx
the hex-code would be "0x8b 0x56 0x60"
...

OUT:
OUT: [size=455]
0x08d30fa0:  mov    0x18(%ebp),%edi
0x08d30fa3:  add    $0x60,%edi
0x08d30fa9:  mov    %edi,%edx
0x08d30fab:  mov    %edi,%eax
0x08d30fad:  shr    $0x8,%edx
0x08d30fb0:  and    $0xfffff003,%eax
0x08d30fb5:  and    $0xff0,%edx
0x08d30fbb:  lea    0x350(%edx,%ebp,1),%edx
0x08d30fc2:  cmp    (%edx),%eax
0x08d30fc4:  mov    %edi,%eax
0x08d30fc6:  je     0x8d30fd4
0x08d30fc8:  push   $0x0
0x08d30fca:  call   0x80ee06a           // __ldl_mmu
0x08d30fcf:  pop    %edx
0x08d30fd0:  mov    %eax,%ebx
0x08d30fd2:  jmp    0x8d30fd9
0x08d30fd4:  add    0xc(%edx),%eax
0x08d30fd7:  mov    (%eax),%ebx         // possibly the output of 
gen_op_ld_T0_A0
[ot]+ s->mem_index]();
0x08d30fd9:  mov    %ebx,0x8(%ebp)      // this is the output of 
gen_op_mov_reg_T0
[ot][reg](); (translate.c:4005)
...


therefore, i think the following code in translate.c should be executed:

case 0x8b: /* mov Ev, Gv */
        if ((b & 1) == 0)
            ot = OT_BYTE;
        else
            ot = OT_WORD + dflag;
        modrm = ldub_code(s->pc++);
        reg = ((modrm >> 3) & 7) | rex_r;
        
        gen_ldst_modrm(s, modrm, ot, OR_TMP0, 0);
        gen_op_mov_reg_T0[ot][reg]();
        break;


i debugged some time and found out that the last gen_op

        gen_op_mov_reg_T0[ot][reg]();

only produces 

        mov    %ebx,0x8(%ebp).

thus, the rest of the OUT-codes is produced by

       gen_ldst_modrm(s, modrm, ot, OR_TMP0, 0);

however, i tried reading through the code but i could not find the function 
where

      0x08d30fca:  call   0x80ee06a           // __ldl_mmu

is inserted into the translation-buffer... i (think to) know why it must be 
inserted, but i just cannot figure out where it is put into the buffer.

if someone could point that out, it would help me a LOT!
thanks,
  Clemens

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] softMMU / MOV translation, Clemens Kolbitsch <=
- [Qemu-devel] Re: softMMU / MOV translation, Clemens Kolbitsch, 2007/07/25
  - [Qemu-devel] Re: Re: softMMU / MOV translation, Clemens Kolbitsch, 2007/07/25
- Re: [Qemu-devel] softMMU / MOV translation, Eddie C. Dost, 2007/07/25
- Re: Re: [Qemu-devel] softMMU / MOV translation, Clemens Kolbitsch, 2007/07/25

Prev by Date: Re: Re: [Qemu-devel] Linux KDE vs. Windows
Next by Date: [Qemu-devel] Re: softMMU / MOV translation
Previous by thread: [Qemu-devel] case A ... B:
Next by thread: [Qemu-devel] Re: softMMU / MOV translation
Index(es):
- Date
- Thread