On 9/21/22 06:06, Paolo Bonzini wrote:
On Tue, Sep 6, 2022 at 12:09 PM Richard Henderson
<richard.hender...@linaro.org> wrote:
Create a common helper for pc-relative branches.
The jmp jb insn was missing a mask for CODE32.
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
(Oops, my remark the previous patch should still have pointed to gen_jmp_tb).
In gen_jz_ecx_string, in the translation for LOOPNZ/LOOPZ/LOOP/JECXZ
and in i386_tr_tb_stop there is:
- gen_jmp_tb(s, s->pc - s->cs_base, 1);
+ gen_jmp_rel(s, MO_32, 0, 1);
What happens if the instruction's last byte is at 0xffff? Wraparound
in the middle of an instruction is generally undefined, but I think it
should work if the instruction does not cross the 64K/4G limit (and on
real hardware, which obeys segment limits unlike TCG, said limit must
be 64K/4G of course).
In other words, why MO_32 and not "CODE32(s) ? MO_32 : MO_16"?
I believe it really should be s->dflag, which makes all users of the function pass dflag
(the manual consistently talks about "operand size"). At which point this parameter goes
away and gen_jmp_rel grabs the operand size from DisasContext.
Also, pre-existing bug vs CODE64 here -- operand size is always 64-bits for
near jumps.
r~
