Hi, Some background: I am trying to write a CPU emulator for MSP430 with Qemu. I am loading the MSP430 program as follows using the generic device loader:
/qemu-system-msp430 -machine msp430-launchpad -device loader,file=simple_test -d in_asm,out_asm I have implemented somewhat the TranslatorOps callbacks and my sample output with some prints is as follows: ===msp430_tr_disas_log:204=== OUT: [size=51] -- guest addr 0x00000000000007fa + tb prologue 0x7fff6403fe00: 8b 5d f0 movl -0x10(%rbp), %ebx 0x7fff6403fe03: 85 db testl %ebx, %ebx 0x7fff6403fe05: 0f 8c 1c 00 00 00 jl 0x7fff6403fe27 0x7fff6403fe0b: c6 45 f4 01 movb $1, -0xc(%rbp) 0x7fff6403fe0f: e9 00 00 00 00 jmp 0x7fff6403fe14 0x7fff6403fe14: c7 45 00 fc 07 00 00 movl $0x7fc, (%rbp) 0x7fff6403fe1b: 48 8d 05 1e ff ff ff leaq -0xe2(%rip), %rax 0x7fff6403fe22: e9 f1 01 fc ff jmp 0x7fff64000018 0x7fff6403fe27: 48 8d 05 15 ff ff ff leaq -0xeb(%rip), %rax 0x7fff6403fe2e: e9 e5 01 fc ff jmp 0x7fff64000018 ===gen_intermediate_code:251=== ===msp430_tr_init_disas_context:84=== ===msp430_tr_tb_start:99=== ===msp430_tr_insn_start:107=== ===msp430_tr_translate_insn:122=== CTX Dump State ============== pc_first 2044 pc_next 2044 is_jmp 0 max_insns 1 num_insns 1 TB flags: 1 TB cflags: 4278190081 TB CS base: 0 TB PC: 2044 ============== Opcode: 0 is_jmp: 1 DISAS_TOO_MANY ===msp430_tr_tb_stop:170=== I was trying to find out where exactly in the Qemu code does it read the target instructions from the file loaded (I could trace it to load_elf(...) loading the FW file) and call my TranslatorOps callbacks. I get the above output continuously in a loop. Also when the device generic loader is used, should I set the program counter to a specific value? I am not able to understand how to proceed. Any help would be greatly appreciated.
