Re: [Qemu-devel] Re: Detecting an assembly instruction in QEMU

["Atif Hashmi" <atifhashmi@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 3272 bytes --]

HI Eduardo,

Thanks for you reply. I have update target-i386/translate.c as follows

if(modrm==0xC0)
    {
        stored_eip = pc_start - s->cs_base;
        gen_op_movl_AL_AL();
    }
    else if(modrm==0xDB)
    {
        gen_op_movl_BL_BL(stored_eip);
        gen_eob(s);
    }

target-i386/op.c contains the following.
void OPPROTO op_movl_AL_AL()
{
    helper_StartTransaction();
}
void OPPROTO op_movl_BL_BL()
{
    if(helper_CommitTransaction())
    {
        EIP = PARAM1;
    }
}

and helper.c looks like
void helper_StartTransaction()
{
    printf("StartTransaction Called\n");
}

unsigned char helper_CommitTransaction()
{
    static int i=0;
    printf("CommitTransaction Called\n");
    return 1;
}

Essentially, if we have a program like

int main()
{
       __asm_volatile("mov %al %al"); //is detected in translation.c and
helper_StartTransaction is called
       printf("middle");
      __asm_volatile("mov %bl %bl"); //is detected in translation.c and
helper_CommitTransaction is called
}

We should continuously print "middle" on the QEMU screen while
"StartTransaction Called" and "End Transaction Called" for infinite amount
of time.

But I get the following behaviour.
On QEMU screen, "middle" is printed once, and I get the following on the
xterm
StartTransaction Called
CommitTransaction Called
StartTransaction Called

After that I get the QEMU prompt back and the program finishes. I still have
not been able to figure it out why after calling helper_StartTransaction()
for the seconds time the program does not continue? Is their anything else
that we have not considered.

I will really appreciate your help.

Regards,
Atif


On 4/17/07, Eduardo Felipe <edusaper@gmail.com> wrote:
>
> Hi
>
> 2007/4/17, Atif Hashmi <atifhashmi@gmail.com>:
> >
> >
> > But this prints "Transaction restart" once and then the program
> > finishes. This means that commit transaction is not called the second time.
> > Could you please tell me what am I doing wrong?
>
>
> Helper functions are outside the translated opcode stream and are invoked
> by call/ret:
>
> .------.
> |      |
> |   ---+-->  helper_StartTransaction()
> |   <--+-------------------/
> |      |
> |      |
> |   ---+-->  helper_CommitTransaction()
> |   <--+-------------------/
> |      |
> '------'
>
> When you longjmp from helper_CommitTransaction to helper_StartTransaction
> it's probable that you return back to the point where
> helper_CommitTransaction should have returned to, as it is the last address
> stored in the stack.
>
> Anyway, guest code between the start and the end of the transaction should
> not be rerun without updating guest machine state (eip, flags, etc.).
>
> You should better forget about using setjmp/longjmp. Maybe something like
> this could do the trick:
>
> when translating mov %al,%al:
> {
>   ...
>   ...
>   store the address (eip) of mov %al,%al instruction somewhere
>   gen_op_start_transaction();
> }
>
> when translating mov %bl, %bl:
> {
>   ...
>   ...
>   gen_op_commit_transaction(stored_eip);
>   gen_eob(s);  // Stop translation to force guest state updating
> }
>
> op_commit_transaction should look like:
> {
>   if ( helper_CommitTransaction() ) // helper should return !=0 on error
>      EIP = PARAM1;
> }
>
> Regards,
> Eduardo
>

[-- Attachment #2: Type: text/html, Size: 6099 bytes --]