* [Qemu-devel] FreeSBIE-20040919, ffreep insn
@ 2004-11-17 20:46 Juergen Lock
2004-11-17 22:00 ` Fabrice Bellard
0 siblings, 1 reply; 3+ messages in thread
From: Juergen Lock @ 2004-11-17 20:46 UTC (permalink / raw)
To: qemu-devel
Hi! I just tried FreeSBIE-20040919,
http://torrent.freesbie.org/FreeSBIE-20040919.iso.torrent
and got an illegal instruction when starting X. I gdb'd the core
and found its the ffreep insn that it failed on:
http://webster.cs.ucr.edu/AsmTools/NASM/Doc/NASMDOCA.HTM
says its undocumented (A.55, does an ffree and then pops st0),
so thats probably the reason why its missing. So i added it:
Index: qemu/target-i386/translate.c
@@ -3187,6 +3187,10 @@
goto illegal_op;
}
break;
+ case 0x38: /* ffreep sti */
+ gen_op_ffree_STN(opreg);
+ gen_op_fpop();
+ break;
case 0x3c: /* df/4 */
switch(rm) {
case 0:
and now X gets a bit further but then gets another illegal instruction,
this time with a signal handler setup so i dont know the failed eip.
(I guess i'd have to patch X to get it...) But, later i started an xterm
(displaying on the host), and that came up but then also died of an
illegal instruction, this time it was xorps %xmm0,%xmm0. So i guess
this FreeSBIE's X is built with -march=pentium3 or something.
(What are the chances of adding sse to qemu? I guess slim :)
Anyway, I guess there's nothing wrong with adding ffreep...
Juergen
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Qemu-devel] FreeSBIE-20040919, ffreep insn
2004-11-17 20:46 [Qemu-devel] FreeSBIE-20040919, ffreep insn Juergen Lock
@ 2004-11-17 22:00 ` Fabrice Bellard
2004-11-17 23:42 ` Juergen Lock
0 siblings, 1 reply; 3+ messages in thread
From: Fabrice Bellard @ 2004-11-17 22:00 UTC (permalink / raw)
To: qemu-devel
I don't think ffreep is used by the software you tried. It must be a bug
which yields a jump in a data section. ffreep is not documented and it
does not work on every CPU (I get an invalid instruction exception on
P4), so I propose not to implement it.
Fabrice.
Juergen Lock wrote:
> Hi! I just tried FreeSBIE-20040919,
> http://torrent.freesbie.org/FreeSBIE-20040919.iso.torrent
> and got an illegal instruction when starting X. I gdb'd the core
> and found its the ffreep insn that it failed on:
> http://webster.cs.ucr.edu/AsmTools/NASM/Doc/NASMDOCA.HTM
> says its undocumented (A.55, does an ffree and then pops st0),
> so thats probably the reason why its missing. So i added it:
>
> Index: qemu/target-i386/translate.c
> @@ -3187,6 +3187,10 @@
> goto illegal_op;
> }
> break;
> + case 0x38: /* ffreep sti */
> + gen_op_ffree_STN(opreg);
> + gen_op_fpop();
> + break;
> case 0x3c: /* df/4 */
> switch(rm) {
> case 0:
>
> and now X gets a bit further but then gets another illegal instruction,
> this time with a signal handler setup so i dont know the failed eip.
> (I guess i'd have to patch X to get it...) But, later i started an xterm
> (displaying on the host), and that came up but then also died of an
> illegal instruction, this time it was xorps %xmm0,%xmm0. So i guess
> this FreeSBIE's X is built with -march=pentium3 or something.
> (What are the chances of adding sse to qemu? I guess slim :)
>
> Anyway, I guess there's nothing wrong with adding ffreep...
> Juergen
>
>
> _______________________________________________
> Qemu-devel mailing list
> Qemu-devel@nongnu.org
> http://lists.nongnu.org/mailman/listinfo/qemu-devel
>
>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Qemu-devel] FreeSBIE-20040919, ffreep insn
2004-11-17 22:00 ` Fabrice Bellard
@ 2004-11-17 23:42 ` Juergen Lock
0 siblings, 0 replies; 3+ messages in thread
From: Juergen Lock @ 2004-11-17 23:42 UTC (permalink / raw)
To: Fabrice Bellard; +Cc: qemu-devel
On Wed, Nov 17, 2004 at 11:18:55PM +0000, Fabrice Bellard wrote:
> I don't think ffreep is used by the software you tried. It must be a bug
> which yields a jump in a data section.
Mmmh it certainly does look like genuine code...
root@FreeSBIE:~# gdb /usr/X11R6/bin/Xorg Xorg.core
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...(no debugging symbols found)...
Core was generated by `Xorg'.
Program terminated with signal 4, Illegal instruction.
Reading symbols from /lib/libz.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libz.so.2
Reading symbols from /lib/libm.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libm.so.2
Reading symbols from /usr/X11R6/lib/libXau.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/X11R6/lib/libXau.so.0
Reading symbols from /usr/X11R6/lib/libXdmcp.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/X11R6/lib/libXdmcp.so.0
Reading symbols from /lib/libc.so.5...(no debugging symbols found)...done.
Loaded symbols for /lib/libc.so.5
Reading symbols from /libexec/ld-elf.so.1...(no debugging symbols found)...done.
Loaded symbols for /libexec/ld-elf.so.1
#0 0x0807b1e0 in configMonitor ()
(gdb) disassemble configMonitor
Dump of assembler code for function configMonitor:
0x0807ad50 <configMonitor+0>: push %ebp
0x0807ad51 <configMonitor+1>: mov $0x3,%ecx
0x0807ad56 <configMonitor+6>: fldz
0x0807ad58 <configMonitor+8>: cld
0x0807ad59 <configMonitor+9>: mov %esp,%ebp
0x0807ad5b <configMonitor+11>: push %edi
0x0807ad5c <configMonitor+12>: lea 0xffffffd8(%ebp),%edi
0x0807ad5f <configMonitor+15>: push %esi
0x0807ad60 <configMonitor+16>: push %ebx
0x0807ad61 <configMonitor+17>: sub $0x5c,%esp
0x0807ad64 <configMonitor+20>: mov %eax,0xffffffd4(%ebp)
0x0807ad67 <configMonitor+23>: xor %eax,%eax
0x0807ad69 <configMonitor+25>: repz stos %eax,%es:(%edi)
0x0807ad6b <configMonitor+27>: fstps 0xffffffc8(%ebp)
0x0807ad6e <configMonitor+30>: mov 0x4(%edx),%eax
...
0x0807b0d1 <configMonitor+897>: mov 0xffffffd0(%ebp),%eax
0x0807b0d4 <configMonitor+900>: fldl 0x8193da0
0x0807b0da <configMonitor+906>: fld %st(0)
0x0807b0dc <configMonitor+908>: mov 0xffffffd4(%ebp),%ebx
0x0807b0df <configMonitor+911>: flds 0xa4(%eax)
0x0807b0e5 <configMonitor+917>: fld %st(0)
0x0807b0e7 <configMonitor+919>: mov %esi,0x98(%ebx)
0x0807b0ed <configMonitor+925>: fucomip %st(3),%st
0x0807b0ef <configMonitor+927>: jbe 0x807b1e0 <configMonitor+1168>
0x0807b10e <configMonitor+958>: mov 0xffffffd4(%ebp),%eax
...
0x0807b1e0 <configMonitor+1168>: ffreep %st(0)
0x0807b1e2 <configMonitor+1170>: mov 0xffffffd4(%ebp),%edx
0x0807b1e5 <configMonitor+1173>: flds 0x9c(%edx)
0x0807b1eb <configMonitor+1179>: mov 0xffffffd0(%ebp),%ebx
0x0807b1ee <configMonitor+1182>: flds 0xa8(%ebx)
0x0807b1f4 <configMonitor+1188>: fld %st(0)
0x0807b1f6 <configMonitor+1190>: fucomip %st(3),%st
0x0807b1f8 <configMonitor+1192>: ja 0x807b10e <configMonitor+958>
0x0807b1fe <configMonitor+1198>: ffreep %st(0)
---Type <return> to continue, or q <return> to quit---
0x0807b200 <configMonitor+1200>: mov 0xffffffd0(%ebp),%edx
0x0807b203 <configMonitor+1203>: flds 0xac(%edx)
0x0807b209 <configMonitor+1209>: fld %st(0)
0x0807b20b <configMonitor+1211>: fucomip %st(3),%st
0x0807b20d <configMonitor+1213>: ja 0x807b12a <configMonitor+986>
...
> ffreep is not documented and it
> does not work on every CPU (I get an invalid instruction exception on
> P4), so I propose not to implement it.
http://webster.cs.ucr.edu/AsmTools/NASM/Doc/NASMDOCA.HTM
says its P6, like fucomip which is also used by the code above (and
which qemu knows).
Juergen
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2004-11-17 23:39 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-11-17 20:46 [Qemu-devel] FreeSBIE-20040919, ffreep insn Juergen Lock
2004-11-17 22:00 ` Fabrice Bellard
2004-11-17 23:42 ` Juergen Lock
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.