[Qemu-devel] patch for qemu with newer gcc-3.4.x (support repz retq optimization for amd processors correctly)

Wed, 09 Nov 2005 11:18:02 -0800 

Hi!

It turned out that newer gcc produces very interesting code
for op_goto_tbX and possibly other functions used by dyngen;
in that it adds 'rep' prefix to return instruction.
I have the following code in i386-softmmu/op.o:

00000000000084c0 <op_goto_tb0>:
    84c0:       8b 05 00 00 00 00       mov    0(%rip),%eax        # 84c6 
<op_goto_tb0+0x6>
    84c6:       ff e0                   jmpq   *%eax
    84c8:       f3 c3                   repz retq
    84ca:       66                      data16
    84cb:       66                      data16
    84cc:       90                      nop
    84cd:       66                      data16
    84ce:       66                      data16
    84cf:       90                      nop

Quite obviously stripping the 'retq' in dyngen won't always
work because 'rep' prefix could interfere with appended code.
I found that trying to run qemu under valgrind, see bug page
http://bugs.kde.org/show_bug.cgi?id=115869 for details.
For example, at the very beginning of qemu booting the pc
the following code is generated:

## ...
## 0x000fe07d:  je     0xfe092
##
0x016f75ec:  cmpb   $0x0,0x2c(%rbp)
0x016f75f0:  jne    0x16f75f7
0x016f75f2:  jmpq   0x16f760f

###the return from call
0x016f75f7:  mov    -13631729(%rip),%eax        # 0x9f750c
0x016f75fd:  jmpq   *%eax

0x016f75ff:  repz mov $0xe07f,%eax
0x016f7605:  mov    %eax,0x20(%rbp)

0x016f7608:  lea    -13631814(%rip),%ebx        # 0x9f74c8
0x016f760e:  retq

###the not zero branch
0x016f760f:  mov    -13631749(%rip),%eax        # 0x9f7510
0x016f7615:  jmpq   *%eax

0x016f7617:  repz mov $0xe092,%eax
0x016f761d:  mov    %eax,0x20(%rbp)

0x016f7620:  lea    -13631837(%rip),%ebx        # 0x9f74c9
0x016f7626:  retq

Notice the 'repz mov' sequence, which seems to be undocumented
instruction. It seems to work somehow but chokes valgrind decoder.
The following patch (against current CVS) fixes this problem,
please apply:

Index: dyngen.c
===================================================================
RCS file: /cvsroot/qemu/qemu/dyngen.c,v
retrieving revision 1.40
diff -u -r1.40 dyngen.c
--- dyngen.c    27 Apr 2005 19:55:58 -0000      1.40
+++ dyngen.c    9 Nov 2005 19:12:38 -0000
@@ -1387,6 +1387,12 @@
             error("empty code for %s", name);
         if (p_end[-1] == 0xc3) {
             len--;
+            /* This can be 'rep ; ret' optimized return sequence,
+             * need to check further and strip the 'rep' prefix
+             */
+            if (len != 0 && p_end[-2] == 0xf3) {
+                len--;
+            }
         } else {
             error("ret or jmp expected at the end of %s", name);
         }

--
Kind regards,
Igor V. Kovalenko


_______________________________________________
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel

Reply via email to