[Qemu-devel] Stack problem

[Johannes Schindelin]

Hi,

while trying to port QEmu to an IRIX host, I found a problem with the
implementation of jcxw_im, which is also present with x86 on x86:

00005db0 <op_jz_ecxw_im>:
    5db0:       83 ec 04                sub    $0x4,%esp
        [...]
    5de0:       31 db                   xor    %ebx,%ebx
    5de2:       c3                      ret
    5de3:       59                      pop    %ecx
    5de4:       c3                      ret

Note the "ret" at 5de2, which is an EXIT_TB(), and the "pop %ecx" just
after it. So, $ecx is not properly reset, and what is worse: QEmu will
jump to a wrong address (the value $ecx should have).

This will be a problem *anytime* a function takes some heap from the
stack, but calls EXIT_TB (which is a "ret" on most platforms) without
giving it back. I only found another one, jz_ecxl_im (for obvious reasons
it has the same flaw).

Two methods spring to my mind:
- We could try to find out how many bytes were reserved, and add them to
  the stack in EXIT_TB(),
- or we could try to force gcc not to reserve a chunk from the stack (e.g.
  by calling another function for the complicated things, which returns
  whether to EXIT_TB() or not,
- or we introduce op_exit_tb_T0, which does only EXIT_TB() if T0!=0, and
  rewrite the op_jz_ecx{SUFFIX}_im function.

Comments? Suggestions?

Ciao,
Dscho