From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HduRh-0000zL-F4 for qemu-devel@nongnu.org; Tue, 17 Apr 2007 16:38:37 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HduRe-0000z9-Vo for qemu-devel@nongnu.org; Tue, 17 Apr 2007 16:38:36 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HduRe-0000z6-QI for qemu-devel@nongnu.org; Tue, 17 Apr 2007 16:38:34 -0400 Received: from wr-out-0506.google.com ([64.233.184.238]) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1HduMt-0007bs-5N for qemu-devel@nongnu.org; Tue, 17 Apr 2007 16:33:39 -0400 Received: by wr-out-0506.google.com with SMTP id i20so3394564wra for ; Tue, 17 Apr 2007 13:33:38 -0700 (PDT) Message-ID: Date: Tue, 17 Apr 2007 15:33:36 -0500 From: "Atif Hashmi" Subject: Re: [Qemu-devel] Re: Detecting an assembly instruction in QEMU In-Reply-To: <83a4d4ca0704170249l83c5d7bqe0b0f8cc8b5a4a58@mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_67425_20596039.1176842016404" References: <83a4d4ca0704060515l172d6f9ep59b6467c6e49f250@mail.gmail.com> <83a4d4ca0704080713t596e4d83lbd1c495d92eda581@mail.gmail.com> <83a4d4ca0704081514v584660e4h8a36e5d1aee16d82@mail.gmail.com> <83a4d4ca0704170249l83c5d7bqe0b0f8cc8b5a4a58@mail.gmail.com> Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org ------=_Part_67425_20596039.1176842016404 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline HI Eduardo, Thanks for you reply. I have update target-i386/translate.c as follows if(modrm==0xC0) { stored_eip = pc_start - s->cs_base; gen_op_movl_AL_AL(); } else if(modrm==0xDB) { gen_op_movl_BL_BL(stored_eip); gen_eob(s); } target-i386/op.c contains the following. void OPPROTO op_movl_AL_AL() { helper_StartTransaction(); } void OPPROTO op_movl_BL_BL() { if(helper_CommitTransaction()) { EIP = PARAM1; } } and helper.c looks like void helper_StartTransaction() { printf("StartTransaction Called\n"); } unsigned char helper_CommitTransaction() { static int i=0; printf("CommitTransaction Called\n"); return 1; } Essentially, if we have a program like int main() { __asm_volatile("mov %al %al"); //is detected in translation.c and helper_StartTransaction is called printf("middle"); __asm_volatile("mov %bl %bl"); //is detected in translation.c and helper_CommitTransaction is called } We should continuously print "middle" on the QEMU screen while "StartTransaction Called" and "End Transaction Called" for infinite amount of time. But I get the following behaviour. On QEMU screen, "middle" is printed once, and I get the following on the xterm StartTransaction Called CommitTransaction Called StartTransaction Called After that I get the QEMU prompt back and the program finishes. I still have not been able to figure it out why after calling helper_StartTransaction() for the seconds time the program does not continue? Is their anything else that we have not considered. I will really appreciate your help. Regards, Atif On 4/17/07, Eduardo Felipe wrote: > > Hi > > 2007/4/17, Atif Hashmi : > > > > > > But this prints "Transaction restart" once and then the program > > finishes. This means that commit transaction is not called the second time. > > Could you please tell me what am I doing wrong? > > > Helper functions are outside the translated opcode stream and are invoked > by call/ret: > > .------. > | | > | ---+--> helper_StartTransaction() > | <--+-------------------/ > | | > | | > | ---+--> helper_CommitTransaction() > | <--+-------------------/ > | | > '------' > > When you longjmp from helper_CommitTransaction to helper_StartTransaction > it's probable that you return back to the point where > helper_CommitTransaction should have returned to, as it is the last address > stored in the stack. > > Anyway, guest code between the start and the end of the transaction should > not be rerun without updating guest machine state (eip, flags, etc.). > > You should better forget about using setjmp/longjmp. Maybe something like > this could do the trick: > > when translating mov %al,%al: > { > ... > ... > store the address (eip) of mov %al,%al instruction somewhere > gen_op_start_transaction(); > } > > when translating mov %bl, %bl: > { > ... > ... > gen_op_commit_transaction(stored_eip); > gen_eob(s); // Stop translation to force guest state updating > } > > op_commit_transaction should look like: > { > if ( helper_CommitTransaction() ) // helper should return !=0 on error > EIP = PARAM1; > } > > Regards, > Eduardo > ------=_Part_67425_20596039.1176842016404 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline HI Eduardo,

Thanks for you reply. I have update target-i386/translate.c as follows

if(modrm==0xC0)
    {
        stored_eip = pc_start - s->cs_base;
        gen_op_movl_AL_AL();
    }
    else if(modrm==0xDB)
    {
        gen_op_movl_BL_BL(stored_eip);
        gen_eob(s);
    }

target-i386/op.c contains the following.
void OPPROTO op_movl_AL_AL()
{
    helper_StartTransaction();
}
void OPPROTO op_movl_BL_BL()
{
    if(helper_CommitTransaction())
    {
        EIP = PARAM1;
    }
}

and helper.c looks like
void helper_StartTransaction()
{
    printf("StartTransaction Called\n");
}

unsigned char helper_CommitTransaction()
{
    static int i=0;
    printf("CommitTransaction Called\n");
    return 1;
}

Essentially, if we have a program like

int main()
{
       __asm_volatile("mov %al %al"); //is detected in translation.c and helper_StartTransaction is called
       printf("middle");
      __asm_volatile("mov %bl %bl"); //is detected in translation.c and helper_CommitTransaction is called
}

We should continuously print "middle" on the QEMU screen while "StartTransaction Called" and "End Transaction Called" for infinite amount of time.

But I get the following behaviour.
On QEMU screen, "middle" is printed once, and I get the following on the xterm
StartTransaction Called
CommitTransaction Called
StartTransaction Called

After that I get the QEMU prompt back and the program finishes. I still have not been able to figure it out why after calling helper_StartTransaction() for the seconds time the program does not continue? Is their anything else that we have not considered.

I will really appreciate your help.

Regards,
Atif


On 4/17/07, Eduardo Felipe <edusaper@gmail.com > wrote:
Hi

2007/4/17, Atif Hashmi < atifhashmi@gmail.com>:

But this prints "Transaction restart" once and then the program finishes. This means that commit transaction is not called the second time. Could you please tell me what am I doing wrong?

Helper functions are outside the translated opcode stream and are invoked by call/ret:

.------.
|      |
|   ---+-->  helper_StartTransaction()
|   <--+-------------------/
|      |
|      |
|   ---+-->  helper_CommitTransaction()
|   <--+-------------------/
|      |
'------'

When you longjmp from helper_CommitTransaction to helper_StartTransaction it's probable that you return back to the point where helper_CommitTransaction should have returned to, as it is the last address stored in the stack.

Anyway, guest code between the start and the end of the transaction should not be rerun without updating guest machine state (eip, flags, etc.).

You should better forget about using setjmp/longjmp. Maybe something like this could do the trick:

when translating mov %al,%al:
{
  ...
  ...
  store the address (eip) of mov %al,%al instruction somewhere
  gen_op_start_transaction();
}

when translating mov %bl, %bl:
{
  ...
  ...
  gen_op_commit_transaction(stored_eip);
  gen_eob(s);  // Stop translation to force guest state updating
}

op_commit_transaction should look like:
{
  if ( helper_CommitTransaction() ) // helper should return !=0 on error
     EIP = PARAM1;
}

Regards,
Eduardo

------=_Part_67425_20596039.1176842016404--