Paul Brook wrote:
> Revision: 4799
>           http://svn.sv.gnu.org/viewvc/?view=rev&root=qemu&revision=4799
> Author:   pbrook
> Date:     2008-06-29 01:03:05 +0000 (Sun, 29 Jun 2008)
> 
> Log Message:
> -----------
> Add instruction counter.

...

> +/* in deterministic execution mode, instructions doing device I/Os
> +   must be at the end of the TB */
> +void cpu_io_recompile(CPUState *env, void *retaddr)
> +{
> +    TranslationBlock *tb;
> +    uint32_t n, cflags;
> +    target_ulong pc, cs_base;
> +    uint64_t flags;
> +
> +    tb = tb_find_pc((unsigned long)retaddr);
> +    if (!tb) {
> +        cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p", 
> +                  retaddr);
> +    }
> +    n = env->icount_decr.u16.low + tb->icount;
> +    cpu_restore_state(tb, env, (unsigned long)retaddr, NULL);
> +    /* Calculate how many instructions had been executed before the fault
> +       occured.  */
> +    n = n - env->icount_decr.u16.low;
> +    /* Generate a new TB ending on the I/O insn.  */
> +    n++;

On the first glance this function looked like it could serve as an
alternative to SSTEP_INTERNAL and provide the required roll-back on
watchpoint hit. But looking closer I realized that icount_decr is only
maintained if use_icount is set. But that appears to be optional and
default off. Now I'm wondering if I should simply rebase my roll-back
approach or if I should try to generalize yours in order to get the
debugging series work again.

I do not yet get why you were forced to go a different path for
cpu_io_recompile, ie. rebuilding and (re-executing?) the whole TB up to
the instruction that caused the IO access instead of just regenerating a
single-insn TB for that purpose. Is it more efficient? But if use_icount
is off by default, I guess this doesn't come for free either...

Jan