From: Igor Kovalenko <garrison@mail.ru>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] patch for qemu with newer gcc-3.4.x (support repz retq optimization for amd processors correctly)
Date: Wed, 09 Nov 2005 22:17:38 +0300 [thread overview]
Message-ID: <43724B52.3050101@mail.ru> (raw)
Hi!
It turned out that newer gcc produces very interesting code
for op_goto_tbX and possibly other functions used by dyngen;
in that it adds 'rep' prefix to return instruction.
I have the following code in i386-softmmu/op.o:
00000000000084c0 <op_goto_tb0>:
84c0: 8b 05 00 00 00 00 mov 0(%rip),%eax # 84c6 <op_goto_tb0+0x6>
84c6: ff e0 jmpq *%eax
84c8: f3 c3 repz retq
84ca: 66 data16
84cb: 66 data16
84cc: 90 nop
84cd: 66 data16
84ce: 66 data16
84cf: 90 nop
Quite obviously stripping the 'retq' in dyngen won't always
work because 'rep' prefix could interfere with appended code.
I found that trying to run qemu under valgrind, see bug page
http://bugs.kde.org/show_bug.cgi?id=115869 for details.
For example, at the very beginning of qemu booting the pc
the following code is generated:
## ...
## 0x000fe07d: je 0xfe092
##
0x016f75ec: cmpb $0x0,0x2c(%rbp)
0x016f75f0: jne 0x16f75f7
0x016f75f2: jmpq 0x16f760f
###the return from call
0x016f75f7: mov -13631729(%rip),%eax # 0x9f750c
0x016f75fd: jmpq *%eax
0x016f75ff: repz mov $0xe07f,%eax
0x016f7605: mov %eax,0x20(%rbp)
0x016f7608: lea -13631814(%rip),%ebx # 0x9f74c8
0x016f760e: retq
###the not zero branch
0x016f760f: mov -13631749(%rip),%eax # 0x9f7510
0x016f7615: jmpq *%eax
0x016f7617: repz mov $0xe092,%eax
0x016f761d: mov %eax,0x20(%rbp)
0x016f7620: lea -13631837(%rip),%ebx # 0x9f74c9
0x016f7626: retq
Notice the 'repz mov' sequence, which seems to be undocumented
instruction. It seems to work somehow but chokes valgrind decoder.
The following patch (against current CVS) fixes this problem,
please apply:
Index: dyngen.c
===================================================================
RCS file: /cvsroot/qemu/qemu/dyngen.c,v
retrieving revision 1.40
diff -u -r1.40 dyngen.c
--- dyngen.c 27 Apr 2005 19:55:58 -0000 1.40
+++ dyngen.c 9 Nov 2005 19:12:38 -0000
@@ -1387,6 +1387,12 @@
error("empty code for %s", name);
if (p_end[-1] == 0xc3) {
len--;
+ /* This can be 'rep ; ret' optimized return sequence,
+ * need to check further and strip the 'rep' prefix
+ */
+ if (len != 0 && p_end[-2] == 0xf3) {
+ len--;
+ }
} else {
error("ret or jmp expected at the end of %s", name);
}
--
Kind regards,
Igor V. Kovalenko
next reply other threads:[~2005-11-09 19:17 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-09 19:17 Igor Kovalenko [this message]
2005-11-09 19:45 ` [Qemu-devel] patch for qemu with newer gcc-3.4.x (support repz retq optimization for amd processors correctly) Paul Brook
2005-11-09 19:51 ` Igor Kovalenko
2005-11-10 1:33 ` Julian Seward
2005-11-10 1:44 ` Jamie Lokier
2005-11-10 3:35 ` Jim C. Brown
2005-11-11 7:59 ` John R. Hogerhuis
2005-11-10 1:54 ` Jim C. Brown
2005-11-10 22:28 ` Igor Kovalenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43724B52.3050101@mail.ru \
--to=garrison@mail.ru \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).