From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1JvynX-0006vp-AX for qemu-devel@nongnu.org; Tue, 13 May 2008 14:00:23 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1JvynS-0006uT-Pi for qemu-devel@nongnu.org; Tue, 13 May 2008 14:00:22 -0400 Received: from [199.232.76.173] (port=39977 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1JvynS-0006uL-FQ for qemu-devel@nongnu.org; Tue, 13 May 2008 14:00:18 -0400 Received: from relay2-v.mail.gandi.net ([217.70.178.76]:39972) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1JvynS-00031I-Bk for qemu-devel@nongnu.org; Tue, 13 May 2008 14:00:18 -0400 Received: from localhost (mfilter4-v.gandi.net [217.70.178.38]) by relay2-v.mail.gandi.net (Postfix) with ESMTP id E48F5135DB for ; Tue, 13 May 2008 20:00:16 +0200 (CEST) Received: from relay2-v.mail.gandi.net ([217.70.178.76]) by localhost (mfilter4-v.mgt.gandi.net [217.70.178.38]) (amavisd-new, port 10024) with ESMTP id tT+uYsO3zHuV for ; Tue, 13 May 2008 20:00:11 +0200 (CEST) Received: from [84.102.211.55] (55.211.102-84.rev.gaoland.net [84.102.211.55]) by relay2-v.mail.gandi.net (Postfix) with ESMTP id EEAB1135D7 for ; Tue, 13 May 2008 20:00:10 +0200 (CEST) Message-ID: <4829D6F8.3070502@bellard.org> Date: Tue, 13 May 2008 19:59:20 +0200 From: Fabrice Bellard MIME-Version: 1.0 Subject: Re: [Qemu-devel] understanding how arpl is translated References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Jun Koi wrote: > Hi, > > I am trying to understand how "arpl" insn (i386) is translated. In > translate.c we have: > > ..... > modrm = ldub_code(s->pc++); > reg = (modrm >> 3) & 7; > mod = (modrm >> 6) & 3; > rm = modrm & 7; > if (mod != 3) { > gen_lea_modrm(s, modrm, ®_addr, &offset_addr); > gen_op_ld_T0_A0(ot + s->mem_index); // (1) **** > } else { > gen_op_mov_TN_reg(ot, 0, rm); // (2) **** > } > if (s->cc_op != CC_OP_DYNAMIC) > gen_op_set_cc_op(s->cc_op); > gen_op_arpl(); > s->cc_op = CC_OP_EFLAGS; > ... > > I can see that we decrypt 2 operands of arpl and then call > gen_op_arpl(). This function finally leads to execute op_arpl(), which > is defined as: > > void OPPROTO op_arpl(void) > { > if ((T0 & 3) < (T1 & 3)) { > /* XXX: emulate bug or 0xff3f0000 oring as in bochs ? */ > T0 = (T0 & ~3) | (T1 & 3); > T1 = CC_Z; > } else { > T1 = 0; > } > FORCE_RET(); > } > > Obviously op_arpl() relies on T0 and T1 have the value of the 1st and > 2nd operands of the above "arpl" insn. However, I can only see that we > copy the 1st operand into T0 at (1) or (2) in the first snippet, but I > never see when we copy 2nd operand into T1. This confuses me, or I > missed something here? You are right. Moreover, the eflags update is also invalid because arpl is not signaled in the opc_write_flags array... Fabrice.