Avi Kivity wrote: > On 12/15/2009 08:48 PM, Clemens Kolbitsch wrote: > >Hi list, > > > >I'm experiencing a strange emulation bug with the op-code below. The > >instruction raises a segfault in the application (running on the guest), > >however, if I enable KVM to run the exact same application, no segfault is > >raised. > > > >0x0080023b: 8b 04 65 11 22 33 44 mov regEAX, [0x44332211] > > > >where "11 22 33 44" is just some address. According to gdb (on a 32bit > >little- > >endian machine), this instruction can be disassembled as a "mov address to > >reg-eax". > > > > This is an odd encoding for this instruction, since there is a shorter > one possible (8b 05 11 22 33 44). So it is possible there is a bug in > qemu that has never been triggered because compilers/assemblers don't > generate this encoding. > > btw, binutils disassembles this as > > 8b 04 65 11 22 33 44 mov 0x44332211(,%eiz,2),%eax > > I guess %eiz is some mnemonic for a "zero register" so the assembly can > be reassembled into a 7-byte instruction later.
That's right. Gas accepts it if given the undocumented -mindex-reg flag, apparently. %eiz / eiz appears to be a Gas-specific invention, not standard AT&T or Intel syntax. -- Jamie
