From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:36785)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <prathmesh.kallurkar@gmail.com>) id 1T1ZPW-0007uW-PT
	for qemu-devel@nongnu.org; Wed, 15 Aug 2012 04:57:07 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <prathmesh.kallurkar@gmail.com>) id 1T1ZPV-0003fe-31
	for qemu-devel@nongnu.org; Wed, 15 Aug 2012 04:57:06 -0400
Received: from mail-gh0-f173.google.com ([209.85.160.173]:50578)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <prathmesh.kallurkar@gmail.com>) id 1T1ZPU-0003fZ-SW
	for qemu-devel@nongnu.org; Wed, 15 Aug 2012 04:57:05 -0400
Received: by ghrr17 with SMTP id r17so1532328ghr.4
	for <qemu-devel@nongnu.org>; Wed, 15 Aug 2012 01:57:04 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <CAMTrTqXd3cSrkrxTXU+qo5xBhx0+oUDGLuMYzRMV5KK9-XX1PQ@mail.gmail.com>
References: <CAF_r1AYNekV43LwBz1zqsspppqQzWQkrYWuoLLFWNPuq1YvB4Q@mail.gmail.com>
	<CAMTrTqXd3cSrkrxTXU+qo5xBhx0+oUDGLuMYzRMV5KK9-XX1PQ@mail.gmail.com>
Date: Wed, 15 Aug 2012 14:27:04 +0530
Message-ID: <CAF_r1AYi1vawSTeZNgJbcXsdkJzfaJ_txTsA9j-7oPf4KDqRoA@mail.gmail.com>
From: Prathmesh Kallurkar <prathmesh.kallurkar@gmail.com>
Content-Type: multipart/alternative; boundary=14dae93404c75b5e0f04c74a1cfc
Subject: Re: [Qemu-devel] Qemu memory operations
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Steven <wangwangkang@gmail.com>
Cc: qemu-devel@nongnu.org

--14dae93404c75b5e0f04c74a1cfc
Content-Type: text/plain; charset=ISO-8859-1

1. Did you get the guest physical address for the load/store instructions?
No, I am getting the guest virtual address for the load and store
instructions.



> 2. The code you pasted seems translated code. The number of input code
> could be smaller than this. So don't you think we should trap the
> input code, instead of the translated code?
>

I am trapping the guest code and NOT the translated code.  For this I am
transferring the guest instruction bytes (using ldub_code) to a remote
disassembler and then inspecting the instruction.


> > cmp ecx, [r12+0x4]
> > mov r10b, [r13+0x0]
> > mov byte [rax+0xf0000], 0x0
> > mov byte [rax+rdx], 0x0
>

The above instructions are instructions of a i386 guest system.

>
> 3. Suppose that I have a tb block which has only one instruction to be
> translated
>             mov    0x4(%esp),%edx
>     I tried to calculate the guest physical address of 0x4(%esp) in
> the above in the function of disas_insns(...), is this possible? Or do
> you have any other solutions?
>

Sorry but seems I have not considered this case. See, I am just trapping
the calls to tcg_gen_qemu_ld/st and then checking my coverage by inspecting
the decoded instructions given by my disassembler. I flag an error when I
receive an instruction which was supposed to contain a load/store
instruction but  I could not trace one. I will definitely see what I get
for *mov    0x4(%esp),%edx*


-- 
Regards,
Prathmesh Kallurkar <http://www.cse.iitd.ernet.in/%7Eprathmesh>

--14dae93404c75b5e0f04c74a1cfc
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

1. Did you get the guest physical address for the load/store instructions?<=
br><div>No, I am getting the guest virtual address for the load and store i=
nstructions.</div><div><br></div><div>=A0</div><blockquote class=3D"gmail_q=
uote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1e=
x">

2. The code you pasted seems translated code. The number of input code<br>
could be smaller than this. So don&#39;t you think we should trap the<br>
input code, instead of the translated code?<br></blockquote><div><br></div>=
<div>I am trapping the guest code and NOT the translated code. =A0For this =
I am transferring the guest instruction bytes (using ldub_code) to a remote=
 disassembler and then inspecting the instruction.</div>
<div>=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;=
border-left:1px #ccc solid;padding-left:1ex"><div class=3D"im">
&gt; cmp ecx, [r12+0x4]<br>
&gt; mov r10b, [r13+0x0]<br>
&gt; mov byte [rax+0xf0000], 0x0<br>
&gt; mov byte [rax+rdx], 0x0<br></div></blockquote><div><br></div><div>The =
above instructions are instructions of a i386 guest system.=A0</div><blockq=
uote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc =
solid;padding-left:1ex">
<div class=3D"im">
<br>
</div>3. Suppose that I have a tb block which has only one instruction to b=
e<br>
translated<br>
=A0 =A0 =A0 =A0 =A0 =A0 mov =A0 =A00x4(%esp),%edx<br>
=A0 =A0 I tried to calculate the guest physical address of 0x4(%esp) in<br>
the above in the function of disas_insns(...), is this possible? Or do<br>
you have any other solutions?<br></blockquote><div><br></div><div>Sorry but=
 seems I have not considered this case. See, I am just trapping the calls t=
o tcg_gen_qemu_ld/st and then checking my coverage by inspecting the decode=
d instructions given by my disassembler. I flag an error when I receive an =
instruction which was supposed to contain a load/store instruction but =A0I=
 could not trace one. I will definitely see what I get for=A0<strong>mov =
=A0 =A00x4(%esp),%edx</strong></div>
<div>=A0</div><div><br></div><div>--=A0<br></div>Regards,<br><a href=3D"htt=
p://www.cse.iitd.ernet.in/%7Eprathmesh" target=3D"_blank">Prathmesh Kallurk=
ar</a><br>

--14dae93404c75b5e0f04c74a1cfc--