From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=44355 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Q2E46-0003av-Hq
	for qemu-devel@nongnu.org; Tue, 22 Mar 2011 22:44:55 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <felix.matenaar@rwth-aachen.de>) id 1Q2E45-00023j-7p
	for qemu-devel@nongnu.org; Tue, 22 Mar 2011 22:44:54 -0400
Received: from mta-2.ms.rz.rwth-aachen.de ([134.130.7.73]:50197)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <felix.matenaar@rwth-aachen.de>) id 1Q2E45-00022z-2t
	for qemu-devel@nongnu.org; Tue, 22 Mar 2011 22:44:53 -0400
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=ISO-8859-1
Received: from ironport-out-1.rz.rwth-aachen.de ([134.130.5.40])
	by mta-2.ms.rz.RWTH-Aachen.de
	(Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008))
	with ESMTP id <0LIH00C7YOYR1940@mta-2.ms.rz.RWTH-Aachen.de> for
	qemu-devel@nongnu.org; Wed, 23 Mar 2011 03:44:51 +0100 (CET)
Received: from [172.23.23.114] ([unknown] [87.79.236.180])
	by relay-auth-1.ms.rz.rwth-aachen.de
	(Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9
	2008))
	with ESMTPA id <0LIH00JIXOYQC330@relay-auth-1.ms.rz.rwth-aachen.de> for
	qemu-devel@nongnu.org; Wed, 23 Mar 2011 03:44:51 +0100 (CET)
Message-id: <4D895EA5.6030302@rwth-aachen.de>
Date: Wed, 23 Mar 2011 03:44:53 +0100
From: "felix.matenaar@rwth-aachen" <felix.matenaar@rwth-aachen.de>
Subject: [Qemu-devel] BBL execution hooking
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Hello everyone,

I started implementing BBL execution hooking. Requirements were that two
callbacks (bbl_start and bbl_stop) are called when a BBL is executed.
Since bbl_start is called through a gen_helper in
gen_intermediate_code_internal, that is not a problem.

But I saw that modifying gen_eob() so that gen_helper_bbl_stop() is
called does not trigger all ends of a BBL.

Some sample output:

BBL start at 0x1002a12
BBL stop with 5 instructions
BBL start at 0x1002a1b
BBL start at 0x10029b3
BBL start at 0x10029cc
BBL start at 0x10029e4
BBL stop with 4 instructions


here you see that on the first and the last BBL the stop callback is
called properly but not for the other three.
Disassembly:

 1002a1b:   85 c0                   test   %eax,%eax
 1002a1d:   75 94                   jne    0x10029b3

 10029b3:   83 7d e4 50         cmpl   $0x50,-0x1c(%ebp)
 10029b7:   75 13                   jne    0x10029cc

 10029cc:   a1 3c 98 00 01     mov    0x100983c,%eax
 10029d1:   3b c6                   cmp    %esi,%eax
 10029d3:   74 0f                    je     0x10029e4

The two working BBLs end up in a call instruction. Is gen_eob() not used
on conditional jump instructions? Since I were not able to find how you
handle je/jne my question is where you handle that.

Regards,
    Felix