On Fri, Jun 24, 2011 at 4:44 AM, Max Filippov <jcmvb...@gmail.com> wrote: > Hello guys. > > I'm running qemu on x86_64 host. > It's clean build from git sources dated 2011.05.19, commit > 1fddfba129f5435c80eda14e8bc23fdb888c7187 > I have the following output from "log trace,op,out_asm": > > Trace 0x4000a310 [d0026c92] > OP: > ---- 0xd00000c0 > movi_i32 tmp1,$0xfffffff4 > add_i32 tmp0,ar9,tmp1 > qemu_ld32 ar1,tmp0,$0x0 > > ---- 0xd00000c3 > movi_i32 tmp1,$0xfffffff0 > add_i32 tmp0,ar9,tmp1 > qemu_ld32 ar0,tmp0,$0x0 > > [...snip...] [...] > 0x4000a360: xor %esi,%esi > 0x4000a362: callq 0x52edc2 [...] > (gdb) x/25i 0x4000a330 [...] > 0x4000a360: mov $0x1,%esi > 0x4000a365: callq 0x52edc2 <__ldl_mmu> > 0x4000a36a: mov %eax,%ebp > 0x4000a36c: sub $0x44,%al > => 0x4000a36e: lea -0x10(%rbx),%esp > 0x4000a371: mov %ebp,0xc(%r14) > 0x4000a375: mov %r12d,%esi > 0x4000a378: mov %r12d,%edi > > Please note how the current instruction in gdb differ from what was said in > OUT. This lea corrupts stack pointer and the next callq generates segfault. > Could please anyone familiar with TCG take a look at this, or suggest where I > should look myself?
As Peter hinted, you're not looking at the code you think :-) Note how your original TCG code does loads: qemu_ld32 ar1,tmp0,$0x0 That $0x0 will end up in %RSI. It's the mem index used to distinguish from user and privileged level accesses. In your examples of host code, in one case it is 0 and in the other it is 1, so you're definitely not really looking at the same block in the same running conditions. HTH, Laurent
