From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1JvlFE-0000lB-CG
	for qemu-devel@nongnu.org; Mon, 12 May 2008 23:32:04 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1JvlFC-0000kv-Vh
	for qemu-devel@nongnu.org; Mon, 12 May 2008 23:32:04 -0400
Received: from [199.232.76.173] (port=55918 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1JvlFC-0000ks-Q2
	for qemu-devel@nongnu.org; Mon, 12 May 2008 23:32:02 -0400
Received: from wf-out-1314.google.com ([209.85.200.171]:19592)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <junkoi2004@gmail.com>) id 1JvlFC-00025e-Ig
	for qemu-devel@nongnu.org; Mon, 12 May 2008 23:32:02 -0400
Received: by wf-out-1314.google.com with SMTP id 27so2573440wfd.4
	for <qemu-devel@nongnu.org>; Mon, 12 May 2008 20:32:00 -0700 (PDT)
Message-ID: <fdaac4d50805122032j4923a2fbs7fc5ab4aeabb30cc@mail.gmail.com>
Date: Tue, 13 May 2008 12:32:00 +0900
From: "Jun Koi" <junkoi2004@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Subject: [Qemu-devel] understanding how arpl is translated
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Hi,

I am trying to understand how "arpl" insn (i386) is translated. In
translate.c we have:

.....
modrm = ldub_code(s->pc++);
reg = (modrm >> 3) & 7;
mod = (modrm >> 6) & 3;
rm = modrm & 7;
if (mod != 3) {
    gen_lea_modrm(s, modrm, &reg_addr, &offset_addr);
    gen_op_ld_T0_A0(ot + s->mem_index);      // (1)  ****
} else {
    gen_op_mov_TN_reg(ot, 0, rm);                   // (2)  ****
}
if (s->cc_op != CC_OP_DYNAMIC)
    gen_op_set_cc_op(s->cc_op);
gen_op_arpl();
s->cc_op = CC_OP_EFLAGS;
...

I can see that we decrypt 2 operands of arpl and then call
gen_op_arpl(). This function finally leads to execute op_arpl(), which
is defined as:

void OPPROTO op_arpl(void)
{
    if ((T0 & 3) < (T1 & 3)) {
        /* XXX: emulate bug or 0xff3f0000 oring as in bochs ? */
        T0 = (T0 & ~3) | (T1 & 3);
        T1 = CC_Z;
   } else {
        T1 = 0;
    }
    FORCE_RET();
}

Obviously op_arpl() relies on T0 and T1 have the value of the 1st and
2nd operands of the above "arpl" insn. However, I can only see that we
copy the 1st operand into T0 at (1) or (2) in the first snippet, but I
never see when we copy 2nd operand into T1. This confuses me, or I
missed something here?

Many thanks,
Jun