From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:56483)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1S8cke-0001PI-JR
	for qemu-devel@nongnu.org; Fri, 16 Mar 2012 15:23:49 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1S8ckc-0002ZM-Gr
	for qemu-devel@nongnu.org; Fri, 16 Mar 2012 15:23:48 -0400
Received: from mail-iy0-f173.google.com ([209.85.210.173]:61111)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1S8ckc-0002Vc-CN
	for qemu-devel@nongnu.org; Fri, 16 Mar 2012 15:23:46 -0400
Received: by iafj26 with SMTP id j26so6515598iaf.4
	for <qemu-devel@nongnu.org>; Fri, 16 Mar 2012 12:23:43 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <CAGdaadaD9d2T+6YGtKbrMSHSJ2QgVmpEypWyh0+tvxNe0TuwOA@mail.gmail.com>
References: <4F6212C2.4030104@rambo-mes.net>
	<CAGdaadbShhtHP0r351b2sO2HWmFCHG7nPpxW__HB3xQEZa+_dg@mail.gmail.com>
	<4F62E808.4070002@rambo-mes.net>
	<CAGdaadaD9d2T+6YGtKbrMSHSJ2QgVmpEypWyh0+tvxNe0TuwOA@mail.gmail.com>
Date: Fri, 16 Mar 2012 19:23:43 +0000
Message-ID: <CAFEAcA_HbcwWBGZcvOGsBVq_ax2FGVOxcw6=T3fTpv-UEfTBRA@mail.gmail.com>
From: Peter Maydell <peter.maydell@linaro.org>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [Qemu-devel] qemu gdb issue
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Mulyadi Santosa <mulyadi.santosa@gmail.com>
Cc: Jacques <Jacques@rambo-mes.net>, qemu-devel@nongnu.org

On 16 March 2012 19:10, Mulyadi Santosa <mulyadi.santosa@gmail.com> wrote:
> On Fri, Mar 16, 2012 at 14:13, Jacques <Jacques@rambo-mes.net> wrote:
>> I see what you mean. How do I know if this is happening? When I do 'x/i
>> $eip' I get a completely sane result with exactly the instructions I want.
>
> Alright, that confuses me too.
>
> The best other explanation I can offer is that if you arbitrarily set
> EIP into any address, you might violate the Qemu translation block
> (TB) jump (between TB to TB). Maybe you think you correctly hit one,
> but by the time it is going to be executed, it is flushed by
> translated block cache, so it is read again and re-translated, thus
> getting another address in TB cache.

This ought not to cause a problem -- when the user sets PC via the
gdb stub the next thing that should happen is we try to execute that
instruction, which should cause us either (a) to pull the right TB
out of the cache or (b) to translate it from scratch.

My guess is that this is gdb being too clever for its own good:

(gdb) set $eip=0x08059924
Cannot access memory at address 0x35704638

That address is (according to the register dump) EBP+4. Perhaps
there is some debug info or similar that makes gdb think that at
this point in time EIP is really being held in memory at EBP+4.
So when you try to set EIP it's (trying to) write to memory...

You could confirm this hypothesis by turning on gdb's logging
of remote protocol packets (via "set debug remote 1") and then
looking at what it actually does when you try to set $eip in
this situation. (Warning: this will require you to decode the
protocol packets manually which is not for the faint of heart,
although they are all documented in the gdb manual.)

-- PMM