* [Qemu-devel] bug: enter fails if level > 0
@ 2004-10-10 20:03 Stefan Kisdaroczi
2004-10-10 23:37 ` [Qemu-devel] " Ben Pfaff
0 siblings, 1 reply; 2+ messages in thread
From: Stefan Kisdaroczi @ 2004-10-10 20:03 UTC (permalink / raw)
To: qemu-devel
[-- Attachment #1: Type: text/plain, Size: 767 bytes --]
Hi,
Instruction: enter esp_addend,level
If level is greater than 0, the enter instruction fails.
1) The Stack-Pointer (esp) is decremented too much
2) too many values are put on the stack
3) the values are wrong.
I changed this two lines in gen_enter() (target-i386/translate.c) :
... fixes 2)
- while (level--) {
+ while (---level) {
... fixes 1)
- addend -= opsize * (level1 + 1);
+ addend -= opsize * (level1);
...
level = 1 is now ok, but for 3) the following line inside the while loop
is wrong :
gen_op_st_T0_A0[ot + s->mem_index]();
This copies T0, but it should copy the value where T0 points to.
How can i fix this ?
merci beaucoup
kisda
A log is attached...( Its a 16bit App, but the Bug seems not to be
16-Bit specific.)
[-- Attachment #2: enter.log --]
[-- Type: text/x-log, Size: 7046 bytes --]
----------------
IN:
0x010d2fb2: enter $0x4,$0x2
0x010d2fb6: movb $0x0,-7(%bp)
0x010d2fba: mov $0x32,%ax
0x010d2fbd: push %ax
0x010d2fbe: mov -2(%bp),%si
0x010d2fc1: lea %ss:-63(%si),%cx
0x010d2fc5: push %ss
0x010d2fc6: push %cx
0x010d2fc7: lcall $0xb088,$0x143a
OUT: [size=722]
0x08d78e30: mov 0x10(%ebp),%edi
0x08d78e33: add $0xfffffffe,%edi
0x08d78e39: mov %edi,%esi
0x08d78e3b: mov 0xe8(%ebp),%eax
0x08d78e41: add %eax,%edi
0x08d78e43: mov 0x14(%ebp),%ebx
0x08d78e46: mov %edi,%edx
0x08d78e48: mov %edi,%eax
0x08d78e4a: shr $0x9,%edx
0x08d78e4d: and $0xfffff001,%eax
0x08d78e52: and $0x7f8,%edx
0x08d78e58: lea 0x1268(%edx,%ebp,1),%edx
0x08d78e5f: cmp (%edx),%eax
0x08d78e61: mov %edi,%eax
0x08d78e63: je 0x8d78e72
0x08d78e65: movzwl %bx,%edx
0x08d78e68: push $0x0
0x08d78e6a: call 0x80b77d0
0x08d78e6f: pop %eax
0x08d78e70: jmp 0x8d78e78
0x08d78e72: add 0x4(%edx),%eax
0x08d78e75: mov %bx,(%eax)
0x08d78e78: add $0xfffffffe,%edi
0x08d78e7e: add $0xfffffffe,%ebx
0x08d78e84: mov %edi,%edx
0x08d78e86: mov %edi,%eax
0x08d78e88: shr $0x9,%edx
0x08d78e8b: and $0xfffff001,%eax
0x08d78e90: and $0x7f8,%edx
0x08d78e96: lea 0x1268(%edx,%ebp,1),%edx
0x08d78e9d: cmp (%edx),%eax
0x08d78e9f: mov %edi,%eax
0x08d78ea1: je 0x8d78eb0
0x08d78ea3: movzwl %bx,%edx
0x08d78ea6: push $0x0
0x08d78ea8: call 0x80b77d0
0x08d78ead: pop %eax
0x08d78eae: jmp 0x8d78eb6
0x08d78eb0: add 0x4(%edx),%eax
0x08d78eb3: mov %bx,(%eax)
0x08d78eb6: add $0xfffffffe,%edi
0x08d78ebc: add $0xfffffffe,%ebx
0x08d78ec2: mov %edi,%edx
0x08d78ec4: mov %edi,%eax
0x08d78ec6: shr $0x9,%edx
0x08d78ec9: and $0xfffff001,%eax
0x08d78ece: and $0x7f8,%edx
0x08d78ed4: lea 0x1268(%edx,%ebp,1),%edx
0x08d78edb: cmp (%edx),%eax
0x08d78edd: mov %edi,%eax
0x08d78edf: je 0x8d78eee
0x08d78ee1: movzwl %bx,%edx
0x08d78ee4: push $0x0
0x08d78ee6: call 0x80b77d0
0x08d78eeb: pop %eax
0x08d78eec: jmp 0x8d78ef4
0x08d78eee: add 0x4(%edx),%eax
0x08d78ef1: mov %bx,(%eax)
0x08d78ef4: add $0xfffffffe,%edi
0x08d78efa: mov %edi,%edx
0x08d78efc: mov %edi,%eax
0x08d78efe: shr $0x9,%edx
0x08d78f01: and $0xfffff001,%eax
0x08d78f06: and $0x7f8,%edx
0x08d78f0c: lea 0x1268(%edx,%ebp,1),%edx
0x08d78f13: cmp (%edx),%eax
0x08d78f15: mov %edi,%eax
0x08d78f17: je 0x8d78f26
0x08d78f19: movzwl %si,%edx
0x08d78f1c: push $0x0
0x08d78f1e: call 0x80b77d0
0x08d78f23: pop %eax
0x08d78f24: jmp 0x8d78f2c
0x08d78f26: add 0x4(%edx),%eax
0x08d78f29: mov %si,(%eax)
0x08d78f2c: mov %si,0x14(%ebp)
0x08d78f30: add $0xfffffff6,%esi
0x08d78f36: mov %si,0x10(%ebp)
0x08d78f3a: mov 0x14(%ebp),%edi
0x08d78f3d: add $0xfffffff9,%edi
0x08d78f43: and $0xffff,%edi
0x08d78f49: mov 0xe8(%ebp),%eax
0x08d78f4f: add %eax,%edi
0x08d78f51: mov $0x0,%ebx
0x08d78f56: mov %edi,%edx
0x08d78f58: mov %edi,%eax
0x08d78f5a: shr $0x9,%edx
0x08d78f5d: and $0xfffff000,%eax
0x08d78f62: and $0x7f8,%edx
0x08d78f68: lea 0x1268(%edx,%ebp,1),%edx
0x08d78f6f: cmp (%edx),%eax
0x08d78f71: mov %edi,%eax
0x08d78f73: je 0x8d78f82
0x08d78f75: movzbl %bl,%edx
0x08d78f78: push $0x0
0x08d78f7a: call 0x80b7330
0x08d78f7f: pop %eax
0x08d78f80: jmp 0x8d78f87
0x08d78f82: add 0x4(%edx),%eax
0x08d78f85: mov %bl,(%eax)
0x08d78f87: mov $0x32,%ebx
0x08d78f8c: mov %bx,0x0(%ebp)
0x08d78f90: mov 0x0(%ebp),%ebx
0x08d78f93: mov 0x10(%ebp),%edi
0x08d78f96: sub $0x2,%edi
0x08d78f99: mov %edi,%esi
0x08d78f9b: mov 0xe8(%ebp),%eax
0x08d78fa1: add %eax,%edi
0x08d78fa3: mov %edi,%edx
0x08d78fa5: mov %edi,%eax
0x08d78fa7: shr $0x9,%edx
0x08d78faa: and $0xfffff001,%eax
0x08d78faf: and $0x7f8,%edx
0x08d78fb5: lea 0x1268(%edx,%ebp,1),%edx
0x08d78fbc: cmp (%edx),%eax
0x08d78fbe: mov %edi,%eax
0x08d78fc0: je 0x8d78fcf
0x08d78fc2: movzwl %bx,%edx
0x08d78fc5: push $0x0
0x08d78fc7: call 0x80b77d0
0x08d78fcc: pop %eax
0x08d78fcd: jmp 0x8d78fd5
0x08d78fcf: add 0x4(%edx),%eax
0x08d78fd2: mov %bx,(%eax)
0x08d78fd5: mov %esi,0x10(%ebp)
0x08d78fd8: mov 0x14(%ebp),%edi
0x08d78fdb: add $0xfffffffe,%edi
0x08d78fe1: and $0xffff,%edi
0x08d78fe7: mov 0xe8(%ebp),%eax
0x08d78fed: add %eax,%edi
0x08d78fef: mov %edi,%edx
0x08d78ff1: mov %edi,%eax
0x08d78ff3: shr $0x9,%edx
0x08d78ff6: and $0xfffff001,%eax
0x08d78ffb: and $0x7f8,%edx
0x08d79001: lea 0x268(%edx,%ebp,1),%edx
0x08d79008: cmp (%edx),%eax
0x08d7900a: mov %edi,%eax
0x08d7900c: je 0x8d7901a
0x08d7900e: push $0x0
0x08d79010: call 0x80b7570
0x08d79015: pop %edx
0x08d79016: mov %eax,%ebx
0x08d79018: jmp 0x8d79020
0x08d7901a: add 0x4(%edx),%eax
0x08d7901d: movzwl (%eax),%ebx
0x08d79020: mov %bx,0x18(%ebp)
0x08d79024: mov 0x18(%ebp),%edi
0x08d79027: add $0xffffffc1,%edi
0x08d7902d: and $0xffff,%edi
0x08d79033: mov %di,0x4(%ebp)
0x08d79037: mov $0x2,%eax
0x08d7903c: shl $0x4,%eax
0x08d7903f: mov 0xc4(%ebp,%eax,1),%ebx
0x08d79046: mov 0x10(%ebp),%edi
0x08d79049: sub $0x2,%edi
0x08d7904c: mov %edi,%esi
0x08d7904e: mov 0xe8(%ebp),%eax
0x08d79054: add %eax,%edi
0x08d79056: mov %edi,%edx
0x08d79058: mov %edi,%eax
0x08d7905a: shr $0x9,%edx
0x08d7905d: and $0xfffff001,%eax
0x08d79062: and $0x7f8,%edx
0x08d79068: lea 0x1268(%edx,%ebp,1),%edx
0x08d7906f: cmp (%edx),%eax
0x08d79071: mov %edi,%eax
0x08d79073: je 0x8d79082
0x08d79075: movzwl %bx,%edx
0x08d79078: push $0x0
0x08d7907a: call 0x80b77d0
0x08d7907f: pop %eax
0x08d79080: jmp 0x8d79088
0x08d79082: add 0x4(%edx),%eax
0x08d79085: mov %bx,(%eax)
0x08d79088: mov %esi,0x10(%ebp)
0x08d7908b: mov 0x4(%ebp),%ebx
0x08d7908e: mov 0x10(%ebp),%edi
0x08d79091: sub $0x2,%edi
0x08d79094: mov %edi,%esi
0x08d79096: mov 0xe8(%ebp),%eax
0x08d7909c: add %eax,%edi
0x08d7909e: mov %edi,%edx
0x08d790a0: mov %edi,%eax
0x08d790a2: shr $0x9,%edx
0x08d790a5: and $0xfffff001,%eax
0x08d790aa: and $0x7f8,%edx
0x08d790b0: lea 0x1268(%edx,%ebp,1),%edx
0x08d790b7: cmp (%edx),%eax
0x08d790b9: mov %edi,%eax
0x08d790bb: je 0x8d790ca
0x08d790bd: movzwl %bx,%edx
0x08d790c0: push $0x0
0x08d790c2: call 0x80b77d0
0x08d790c7: pop %eax
0x08d790c8: jmp 0x8d790d0
0x08d790ca: add 0x4(%edx),%eax
0x08d790cd: mov %bx,(%eax)
0x08d790d0: mov %esi,0x10(%ebp)
0x08d790d3: mov $0xb088,%ebx
0x08d790d8: mov $0x143a,%esi
0x08d790dd: movl $0x307,0x20(%ebp)
0x08d790e4: sub $0x8,%esp
0x08d790e7: mov $0x30c,%ecx
0x08d790ec: mov %ecx,0x4(%esp,1)
0x08d790f0: movl $0x0,(%esp,1)
0x08d790f7: call 0x80b2f30
0x08d790fc: add $0x8,%esp
0x08d790ff: xor %ebx,%ebx
0x08d79101: ret
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Qemu-devel] Re: bug: enter fails if level > 0
2004-10-10 20:03 [Qemu-devel] bug: enter fails if level > 0 Stefan Kisdaroczi
@ 2004-10-10 23:37 ` Ben Pfaff
0 siblings, 0 replies; 2+ messages in thread
From: Ben Pfaff @ 2004-10-10 23:37 UTC (permalink / raw)
To: qemu-devel
Stefan Kisdaroczi <kisda@hispeed.ch> writes:
> ... fixes 2)
> - while (level--) {
> + while (---level) {
You mean -- not --- right?
--
Aim to please, shoot to kill.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-10-10 23:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-10-10 20:03 [Qemu-devel] bug: enter fails if level > 0 Stefan Kisdaroczi
2004-10-10 23:37 ` [Qemu-devel] " Ben Pfaff
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).