From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HiUWl-0006ws-P6 for qemu-devel@nongnu.org; Mon, 30 Apr 2007 07:58:47 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HiUWk-0006tt-DI for qemu-devel@nongnu.org; Mon, 30 Apr 2007 07:58:47 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HiUWk-0006tb-2Z for qemu-devel@nongnu.org; Mon, 30 Apr 2007 07:58:46 -0400 Received: from smtp-vbr9.xs4all.nl ([194.109.24.29]) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1HiUQY-0005k5-7T for qemu-devel@nongnu.org; Mon, 30 Apr 2007 07:52:22 -0400 Received: from xs2.xs4all.nl (xs2.xs4all.nl [194.109.21.3]) by smtp-vbr9.xs4all.nl (8.13.8/8.13.8) with ESMTP id l3UBqLdv072600 for ; Mon, 30 Apr 2007 13:52:21 +0200 (CEST) (envelope-from rjoris@xs4all.nl) Received: from xs2.xs4all.nl (rjoris@localhost [127.0.0.1]) by xs2.xs4all.nl (8.13.6/8.13.6) with ESMTP id l3UBqL1T094586 for ; Mon, 30 Apr 2007 13:52:21 +0200 (CEST) (envelope-from rjoris@xs4all.nl) Received: (from rjoris@localhost) by xs2.xs4all.nl (8.13.6/8.13.6/Submit) id l3UBqLZh094585 for qemu-devel@nongnu.org; Mon, 30 Apr 2007 13:52:21 +0200 (CEST) (envelope-from rjoris) Date: Mon, 30 Apr 2007 13:52:21 +0200 From: Joris van Rantwijk Message-ID: <20070430115221.GA93900@xs4all.nl> References: <20070428175257.GA28282@xs4all.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070428175257.GA28282@xs4all.nl> Subject: [Qemu-devel] Re: Qemu crashes on AAM 0 Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Hello, I tried the fix from malc, but it does not work on my testcase. The reason is that the compiler optimizes the test away, since PARAM1 is a constant value at that point in the build process. The following fix does work: --- qemu-0.9.0-orig/target-i386/translate.c 2007-02-06 00:01:54.000000000 +0100 +++ qemu-0.9.0/target-i386/translate.c 2007-04-30 13:31:25.000000000 +0200 @@ -5326,8 +5326,12 @@ if (CODE64(s)) goto illegal_op; val = ldub_code(s->pc++); - gen_op_aam(val); - s->cc_op = CC_OP_LOGICB; + if (val == 0) { + gen_exception(s, EXCP00_DIVZ, pc_start - s->cs_base); + } else { + gen_op_aam(val); + s->cc_op = CC_OP_LOGICB; + } break; case 0xd5: /* aad */ if (CODE64(s)) -- Joris. On Sat, Apr 28, 2007 at 07:52:57PM +0200, Joris van Rantwijk wrote: > Qemu crashes with a floating point exception when emulating the "AAM 0" > instruction. By "crash", I mean that the whole qemu process actually > blows up (not just the program running inside Qemu). On Sun, 29 Apr 2007 at 19:55:24 +0400, malc wrote: > Following (given that real iron does indeed produce divide by zero > exception) should do the trick. > > Index: op.c > =================================================================== > RCS file: /cvsroot/qemu/qemu/target-i386/op.c,v > retrieving revision 1.47 > diff -u -r1.47 op.c > --- op.c 1 Feb 2007 22:11:07 -0000 1.47 > +++ op.c 29 Apr 2007 15:54:47 -0000 > @@ -1004,6 +1004,9 @@ > { > int base = PARAM1; > int al, ah; > + if (!base) { > + raise_exception(EXCP00_DIVZ); > + } > al = EAX & 0xff; > ah = al / base; > al = al % base;