From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.33)
	id 1CGk6K-0006eY-JM
	for qemu-devel@nongnu.org; Sun, 10 Oct 2004 16:15:28 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.33)
	id 1CGk6I-0006cK-AO
	for qemu-devel@nongnu.org; Sun, 10 Oct 2004 16:15:27 -0400
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.33) id 1CGk6I-0006c9-3S
	for qemu-devel@nongnu.org; Sun, 10 Oct 2004 16:15:26 -0400
Received: from [199.232.41.8] (helo=mx20.gnu.org)
	by monty-python.gnu.org with esmtp (TLSv1:DES-CBC3-SHA:168)
	(Exim 4.34) id 1CGjzK-0007hV-AB
	for qemu-devel@nongnu.org; Sun, 10 Oct 2004 16:08:14 -0400
Received: from [62.2.95.247] (helo=smtp.hispeed.ch)
	by mx20.gnu.org with esmtp (Exim 4.34) id 1CGjua-0007IS-DU
	for qemu-devel@nongnu.org; Sun, 10 Oct 2004 16:03:20 -0400
Received: from [192.168.66.32] (217-162-179-71.dclient.hispeed.ch
	[217.162.179.71]) (authenticated bits=0)
	by smtp.hispeed.ch (8.12.6/8.12.6/tornado-1.0) with ESMTP id
	i9AK3Hxp022971
	for <qemu-devel@nongnu.org>; Sun, 10 Oct 2004 22:03:18 +0200
Message-ID: <41699584.7090409@hispeed.ch>
Date: Sun, 10 Oct 2004 22:03:16 +0200
From: Stefan Kisdaroczi <kisda@hispeed.ch>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------040401070409000307060109"
Subject: [Qemu-devel] bug: enter fails if level > 0
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

This is a multi-part message in MIME format.
--------------040401070409000307060109
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Hi,

Instruction: enter esp_addend,level

If level is greater than 0, the enter instruction fails.

1) The Stack-Pointer (esp) is decremented too much
2) too many values are put on the stack
3) the values are wrong.

I changed this two lines in gen_enter() (target-i386/translate.c) :

... fixes 2)
-       while (level--) {
+       while (---level) {

... fixes 1)
-    addend -= opsize * (level1 + 1);
+    addend -= opsize * (level1);
...

level = 1 is now ok, but for 3) the following line inside the while loop
is wrong :
     gen_op_st_T0_A0[ot + s->mem_index]();

This copies T0, but it should copy the value where T0 points to.
How can i fix this ?

merci beaucoup

kisda

A log is attached...( Its a 16bit App, but the Bug seems not to be
16-Bit specific.)


--------------040401070409000307060109
Content-Type: text/x-log;
 name="enter.log"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="enter.log"

----------------
IN: 
0x010d2fb2:  enter  $0x4,$0x2
0x010d2fb6:  movb   $0x0,-7(%bp)
0x010d2fba:  mov    $0x32,%ax
0x010d2fbd:  push   %ax
0x010d2fbe:  mov    -2(%bp),%si
0x010d2fc1:  lea    %ss:-63(%si),%cx
0x010d2fc5:  push   %ss
0x010d2fc6:  push   %cx
0x010d2fc7:  lcall  $0xb088,$0x143a

OUT: [size=722]
0x08d78e30:  mov    0x10(%ebp),%edi
0x08d78e33:  add    $0xfffffffe,%edi
0x08d78e39:  mov    %edi,%esi
0x08d78e3b:  mov    0xe8(%ebp),%eax
0x08d78e41:  add    %eax,%edi
0x08d78e43:  mov    0x14(%ebp),%ebx
0x08d78e46:  mov    %edi,%edx
0x08d78e48:  mov    %edi,%eax
0x08d78e4a:  shr    $0x9,%edx
0x08d78e4d:  and    $0xfffff001,%eax
0x08d78e52:  and    $0x7f8,%edx
0x08d78e58:  lea    0x1268(%edx,%ebp,1),%edx
0x08d78e5f:  cmp    (%edx),%eax
0x08d78e61:  mov    %edi,%eax
0x08d78e63:  je     0x8d78e72
0x08d78e65:  movzwl %bx,%edx
0x08d78e68:  push   $0x0
0x08d78e6a:  call   0x80b77d0
0x08d78e6f:  pop    %eax
0x08d78e70:  jmp    0x8d78e78
0x08d78e72:  add    0x4(%edx),%eax
0x08d78e75:  mov    %bx,(%eax)
0x08d78e78:  add    $0xfffffffe,%edi
0x08d78e7e:  add    $0xfffffffe,%ebx
0x08d78e84:  mov    %edi,%edx
0x08d78e86:  mov    %edi,%eax
0x08d78e88:  shr    $0x9,%edx
0x08d78e8b:  and    $0xfffff001,%eax
0x08d78e90:  and    $0x7f8,%edx
0x08d78e96:  lea    0x1268(%edx,%ebp,1),%edx
0x08d78e9d:  cmp    (%edx),%eax
0x08d78e9f:  mov    %edi,%eax
0x08d78ea1:  je     0x8d78eb0
0x08d78ea3:  movzwl %bx,%edx
0x08d78ea6:  push   $0x0
0x08d78ea8:  call   0x80b77d0
0x08d78ead:  pop    %eax
0x08d78eae:  jmp    0x8d78eb6
0x08d78eb0:  add    0x4(%edx),%eax
0x08d78eb3:  mov    %bx,(%eax)
0x08d78eb6:  add    $0xfffffffe,%edi
0x08d78ebc:  add    $0xfffffffe,%ebx
0x08d78ec2:  mov    %edi,%edx
0x08d78ec4:  mov    %edi,%eax
0x08d78ec6:  shr    $0x9,%edx
0x08d78ec9:  and    $0xfffff001,%eax
0x08d78ece:  and    $0x7f8,%edx
0x08d78ed4:  lea    0x1268(%edx,%ebp,1),%edx
0x08d78edb:  cmp    (%edx),%eax
0x08d78edd:  mov    %edi,%eax
0x08d78edf:  je     0x8d78eee
0x08d78ee1:  movzwl %bx,%edx
0x08d78ee4:  push   $0x0
0x08d78ee6:  call   0x80b77d0
0x08d78eeb:  pop    %eax
0x08d78eec:  jmp    0x8d78ef4
0x08d78eee:  add    0x4(%edx),%eax
0x08d78ef1:  mov    %bx,(%eax)
0x08d78ef4:  add    $0xfffffffe,%edi
0x08d78efa:  mov    %edi,%edx
0x08d78efc:  mov    %edi,%eax
0x08d78efe:  shr    $0x9,%edx
0x08d78f01:  and    $0xfffff001,%eax
0x08d78f06:  and    $0x7f8,%edx
0x08d78f0c:  lea    0x1268(%edx,%ebp,1),%edx
0x08d78f13:  cmp    (%edx),%eax
0x08d78f15:  mov    %edi,%eax
0x08d78f17:  je     0x8d78f26
0x08d78f19:  movzwl %si,%edx
0x08d78f1c:  push   $0x0
0x08d78f1e:  call   0x80b77d0
0x08d78f23:  pop    %eax
0x08d78f24:  jmp    0x8d78f2c
0x08d78f26:  add    0x4(%edx),%eax
0x08d78f29:  mov    %si,(%eax)
0x08d78f2c:  mov    %si,0x14(%ebp)
0x08d78f30:  add    $0xfffffff6,%esi
0x08d78f36:  mov    %si,0x10(%ebp)
0x08d78f3a:  mov    0x14(%ebp),%edi
0x08d78f3d:  add    $0xfffffff9,%edi
0x08d78f43:  and    $0xffff,%edi
0x08d78f49:  mov    0xe8(%ebp),%eax
0x08d78f4f:  add    %eax,%edi
0x08d78f51:  mov    $0x0,%ebx
0x08d78f56:  mov    %edi,%edx
0x08d78f58:  mov    %edi,%eax
0x08d78f5a:  shr    $0x9,%edx
0x08d78f5d:  and    $0xfffff000,%eax
0x08d78f62:  and    $0x7f8,%edx
0x08d78f68:  lea    0x1268(%edx,%ebp,1),%edx
0x08d78f6f:  cmp    (%edx),%eax
0x08d78f71:  mov    %edi,%eax
0x08d78f73:  je     0x8d78f82
0x08d78f75:  movzbl %bl,%edx
0x08d78f78:  push   $0x0
0x08d78f7a:  call   0x80b7330
0x08d78f7f:  pop    %eax
0x08d78f80:  jmp    0x8d78f87
0x08d78f82:  add    0x4(%edx),%eax
0x08d78f85:  mov    %bl,(%eax)
0x08d78f87:  mov    $0x32,%ebx
0x08d78f8c:  mov    %bx,0x0(%ebp)
0x08d78f90:  mov    0x0(%ebp),%ebx
0x08d78f93:  mov    0x10(%ebp),%edi
0x08d78f96:  sub    $0x2,%edi
0x08d78f99:  mov    %edi,%esi
0x08d78f9b:  mov    0xe8(%ebp),%eax
0x08d78fa1:  add    %eax,%edi
0x08d78fa3:  mov    %edi,%edx
0x08d78fa5:  mov    %edi,%eax
0x08d78fa7:  shr    $0x9,%edx
0x08d78faa:  and    $0xfffff001,%eax
0x08d78faf:  and    $0x7f8,%edx
0x08d78fb5:  lea    0x1268(%edx,%ebp,1),%edx
0x08d78fbc:  cmp    (%edx),%eax
0x08d78fbe:  mov    %edi,%eax
0x08d78fc0:  je     0x8d78fcf
0x08d78fc2:  movzwl %bx,%edx
0x08d78fc5:  push   $0x0
0x08d78fc7:  call   0x80b77d0
0x08d78fcc:  pop    %eax
0x08d78fcd:  jmp    0x8d78fd5
0x08d78fcf:  add    0x4(%edx),%eax
0x08d78fd2:  mov    %bx,(%eax)
0x08d78fd5:  mov    %esi,0x10(%ebp)
0x08d78fd8:  mov    0x14(%ebp),%edi
0x08d78fdb:  add    $0xfffffffe,%edi
0x08d78fe1:  and    $0xffff,%edi
0x08d78fe7:  mov    0xe8(%ebp),%eax
0x08d78fed:  add    %eax,%edi
0x08d78fef:  mov    %edi,%edx
0x08d78ff1:  mov    %edi,%eax
0x08d78ff3:  shr    $0x9,%edx
0x08d78ff6:  and    $0xfffff001,%eax
0x08d78ffb:  and    $0x7f8,%edx
0x08d79001:  lea    0x268(%edx,%ebp,1),%edx
0x08d79008:  cmp    (%edx),%eax
0x08d7900a:  mov    %edi,%eax
0x08d7900c:  je     0x8d7901a
0x08d7900e:  push   $0x0
0x08d79010:  call   0x80b7570
0x08d79015:  pop    %edx
0x08d79016:  mov    %eax,%ebx
0x08d79018:  jmp    0x8d79020
0x08d7901a:  add    0x4(%edx),%eax
0x08d7901d:  movzwl (%eax),%ebx
0x08d79020:  mov    %bx,0x18(%ebp)
0x08d79024:  mov    0x18(%ebp),%edi
0x08d79027:  add    $0xffffffc1,%edi
0x08d7902d:  and    $0xffff,%edi
0x08d79033:  mov    %di,0x4(%ebp)
0x08d79037:  mov    $0x2,%eax
0x08d7903c:  shl    $0x4,%eax
0x08d7903f:  mov    0xc4(%ebp,%eax,1),%ebx
0x08d79046:  mov    0x10(%ebp),%edi
0x08d79049:  sub    $0x2,%edi
0x08d7904c:  mov    %edi,%esi
0x08d7904e:  mov    0xe8(%ebp),%eax
0x08d79054:  add    %eax,%edi
0x08d79056:  mov    %edi,%edx
0x08d79058:  mov    %edi,%eax
0x08d7905a:  shr    $0x9,%edx
0x08d7905d:  and    $0xfffff001,%eax
0x08d79062:  and    $0x7f8,%edx
0x08d79068:  lea    0x1268(%edx,%ebp,1),%edx
0x08d7906f:  cmp    (%edx),%eax
0x08d79071:  mov    %edi,%eax
0x08d79073:  je     0x8d79082
0x08d79075:  movzwl %bx,%edx
0x08d79078:  push   $0x0
0x08d7907a:  call   0x80b77d0
0x08d7907f:  pop    %eax
0x08d79080:  jmp    0x8d79088
0x08d79082:  add    0x4(%edx),%eax
0x08d79085:  mov    %bx,(%eax)
0x08d79088:  mov    %esi,0x10(%ebp)
0x08d7908b:  mov    0x4(%ebp),%ebx
0x08d7908e:  mov    0x10(%ebp),%edi
0x08d79091:  sub    $0x2,%edi
0x08d79094:  mov    %edi,%esi
0x08d79096:  mov    0xe8(%ebp),%eax
0x08d7909c:  add    %eax,%edi
0x08d7909e:  mov    %edi,%edx
0x08d790a0:  mov    %edi,%eax
0x08d790a2:  shr    $0x9,%edx
0x08d790a5:  and    $0xfffff001,%eax
0x08d790aa:  and    $0x7f8,%edx
0x08d790b0:  lea    0x1268(%edx,%ebp,1),%edx
0x08d790b7:  cmp    (%edx),%eax
0x08d790b9:  mov    %edi,%eax
0x08d790bb:  je     0x8d790ca
0x08d790bd:  movzwl %bx,%edx
0x08d790c0:  push   $0x0
0x08d790c2:  call   0x80b77d0
0x08d790c7:  pop    %eax
0x08d790c8:  jmp    0x8d790d0
0x08d790ca:  add    0x4(%edx),%eax
0x08d790cd:  mov    %bx,(%eax)
0x08d790d0:  mov    %esi,0x10(%ebp)
0x08d790d3:  mov    $0xb088,%ebx
0x08d790d8:  mov    $0x143a,%esi
0x08d790dd:  movl   $0x307,0x20(%ebp)
0x08d790e4:  sub    $0x8,%esp
0x08d790e7:  mov    $0x30c,%ecx
0x08d790ec:  mov    %ecx,0x4(%esp,1)
0x08d790f0:  movl   $0x0,(%esp,1)
0x08d790f7:  call   0x80b2f30
0x08d790fc:  add    $0x8,%esp
0x08d790ff:  xor    %ebx,%ebx
0x08d79101:  ret    


--------------040401070409000307060109--