[Qemu-devel] Qemu Translation Blocks Execute slightly different each time?

[M Chen]

Hi all!

I found that each time when Qemu is running via gdb, with the same start options, the exact Translation Blocks (TBs) execute slightly different each time.

For example the first time I start Qemu with gdb, and set the breakpoint at tcg_qemu_tb_exec(env, tc_ptr), and I ignore the first 1000 times hits, the next TB is about to execute is:

breakpoint already hit 1001 times

    (gdb) x/10i tc_ptr 

    0xb50c9900: mov    0x28(%ebp),%ebx

    0xb50c9903: mov    0x8(%ebp),%esi

    0xb50c9906: mov    %ebx,%edi

    0xb50c9908: mov    %esi,%ecx

    0xb50c990a: mov    $0xf27ef,%edx

However, the second time, I did the exactly same thing, and the results became:

breakpoint already hit 1001 times

(gdb) x/5i tc_ptr 

0xb50c9bb0: mov    0x1c(%ebp),%ebx

0xb50c9bb3: push   %ebx

0xb50c9bb4: mov    %ebx,%edx

0xb50c9bb6: mov    %ebx,%eax

0xb50c9bb8: shr    $0x8,%edx

So Qemu was actually executing different TBs. I wonder the reason of this? And is it possible to make it as static? It make it difficult for debugging. 

The qemu version I'm running is 1.0, the test image is linux-0.2.img from http://wiki.qemu.org/Testing

And the start option is just -hda to the test image path.

Thanks!

Michael Chen