[Qemu-devel] QEMU release 0.5.0

[Qemu-devel] QEMU release 0.5.0

[Fabrice Bellard]

Hi,

QEMU version 0.5.0 is available at http://bellard.org/qemu/. I put 
screenshots of various emulated OSes at 
http://bellard.org/qemu/screenshots.html.

version 0.5.0:

   - full hardware level VGA emulation
   - graphical display with SDL
   - added PS/2 mouse and keyboard emulation
   - popw (%esp) fix
   - mov to/from segment data width fix
   - added real mode support
   - added Bochs BIOS and LGPL'ed VGA BIOS loader in qemu
   - m68k host port (Richard Zidlicky)
   - partial soft MMU support for memory mapped I/Os
   - multi-target build
   - fixed: no error code in hardware interrupts
   - fixed: pop ss, mov ss, x and sti disable hardware irqs for the next 
insn
   - correct single stepping thru string operations
   - preliminary SPARC target support (Thomas M. Ogrisegg)
   - tun-fd option (Rusty Russell)
   - automatic IDE geometry detection
   - renamed 'vl' to qemu[-fast] and user qemu to qemu-{cpu}.
   - added man page
   - added full soft mmu mode to launch unpatched OSes.

Fabrice.

Re: [Qemu-devel] QEMU release 0.5.0

[Falk Hueffner]

Hi,

I tried 0.5.0 on Alpha, and besides the "empty code for op_noop", it
seems to basically work; however, I still get segfaults for nontrivial
programs, e. g. for the Mathematica test case, or test-i386:

[...]
lsll: Z=0 12345678
func1() = 0x00000001
func2() = 0x00005678 spdec=2
func3() = 0x00000025
Hello VM86 world
qemu: uncaught target signal 11 (Segmentation fault) - exiting

For this, the tail of the log says:

----------------
IN: 
0x00001107:  xorw   %ax,%ax
0x00001109:  movw   %ax,%es
0x0000110b:  movw   $0x153,%es:0x240
0x00001112:  movw   %cs,%es:0x242
0x00001117:  int    $0x90

OP:
0x0000: movl_T0_0
0x0001: movw_EAX_T0
0x0002: update1_cc
0x0003: movl_T0_EAX
0x0004: movl_seg_T0_vm 0xa0
0x0005: movl_A0_im 0x240
0x0006: addl_A0_seg 0xa8
0x0007: movl_T0_im 0x153
0x0008: stw_raw_T0_A0
0x0009: movl_T0_seg 0x1
0x000a: movl_A0_im 0x242
0x000b: addl_A0_seg 0xa8
0x000c: stw_raw_T0_A0
0x000d: set_cc_op 0x10
0x000e: jmp_im 0x117
0x000f: raise_exception 0xd
0x0010: end

AFTER FLAGS OPT:
0x0000: movl_T0_0
0x0001: movw_EAX_T0
0x0002: update1_cc
0x0003: movl_T0_EAX
0x0004: movl_seg_T0_vm 0xa0
0x0005: movl_A0_im 0x240
0x0006: addl_A0_seg 0xa8
0x0007: movl_T0_im 0x153
0x0008: stw_raw_T0_A0
0x0009: movl_T0_seg 0x1
0x000a: movl_A0_im 0x242
0x000b: addl_A0_seg 0xa8
0x000c: stw_raw_T0_A0
0x000d: set_cc_op 0x10
0x000e: jmp_im 0x117
0x000f: raise_exception 0xd
0x0010: end

RESTORE:
0x0000: 0x00001107
0x0003: 0x00001109
0x0005: 0x0000110b
spc=0x605b2800 j=0x5 eip=0x10b cs_base=1000

Not having a clue about i386, I can't tell whether that looks OK...
for Mathematica, the tail is:

----------------
IN: 
0x080ec220:  pushl  %esi
0x080ec221:  pushl  %ebx
0x080ec222:  movl   0xc(%esp,1),%esi
0x080ec226:  cmpl   $0xf,%esi
0x080ec229:  jg     0x80ec240

OP:
0x0000: movl_T0_ESI
0x0001: pushl_T0
0x0002: movl_T0_EBX
0x0003: pushl_T0
0x0004: movl_A0_ESP
0x0005: addl_A0_im 0xc
0x0006: ldl_raw_T0_A0
0x0007: movl_ESI_T0
0x0008: movl_T1_im 0xf
0x0009: movl_T0_ESI
0x000a: cmpl_T0_T1_cc
0x000b: set_cc_op 0xb
0x000c: jle_subl 0x601f27f0 0x80ec22b 0x80ec240
0x000d: end

AFTER FLAGS OPT:
0x0000: movl_T0_ESI
0x0001: pushl_T0
0x0002: movl_T0_EBX
0x0003: pushl_T0
0x0004: movl_A0_ESP
0x0005: addl_A0_im 0xc
0x0006: ldl_raw_T0_A0
0x0007: movl_ESI_T0
0x0008: movl_T1_im 0xf
0x0009: movl_T0_ESI
0x000a: cmpl_T0_T1_cc
0x000b: set_cc_op 0xb
0x000c: jle_subl 0x601f27f0 0x80ec22b 0x80ec240
0x000d: end

RESTORE:
0x0000: 0x080ec220
0x0002: 0x080ec221
spc=0x604f59b4 j=0x2 eip=0x80ec221 cs_base=0

So it is probably a problem with RESTORE (whatever that may be),
anybody has some tips before I try to look into this myself?

-- 
	Falk