From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1JwaRB-0002Iy-EU for qemu-devel@nongnu.org; Thu, 15 May 2008 06:11:49 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1JwaR7-0002H2-Cb for qemu-devel@nongnu.org; Thu, 15 May 2008 06:11:47 -0400 Received: from [199.232.76.173] (port=54898 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1JwaR5-0002GY-Ci for qemu-devel@nongnu.org; Thu, 15 May 2008 06:11:43 -0400 Received: from rv-out-0708.google.com ([209.85.198.249]:54236) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1JwaR5-000368-BL for qemu-devel@nongnu.org; Thu, 15 May 2008 06:11:43 -0400 Received: by rv-out-0708.google.com with SMTP id f25so331056rvb.22 for ; Thu, 15 May 2008 03:11:41 -0700 (PDT) Message-ID: Date: Thu, 15 May 2008 19:11:41 +0900 From: "Jun Koi" Subject: Re: [Qemu-devel] understanding how arpl is translated In-Reply-To: <4829D6F8.3070502@bellard.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <4829D6F8.3070502@bellard.org> Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org On Wed, May 14, 2008 at 2:59 AM, Fabrice Bellard wrote: > Jun Koi wrote: >> Hi, >> >> I am trying to understand how "arpl" insn (i386) is translated. In >> translate.c we have: >> >> ..... >> modrm = ldub_code(s->pc++); >> reg = (modrm >> 3) & 7; >> mod = (modrm >> 6) & 3; >> rm = modrm & 7; >> if (mod != 3) { >> gen_lea_modrm(s, modrm, ®_addr, &offset_addr); >> gen_op_ld_T0_A0(ot + s->mem_index); // (1) **** >> } else { >> gen_op_mov_TN_reg(ot, 0, rm); // (2) **** >> } >> if (s->cc_op != CC_OP_DYNAMIC) >> gen_op_set_cc_op(s->cc_op); >> gen_op_arpl(); >> s->cc_op = CC_OP_EFLAGS; >> ... >> >> I can see that we decrypt 2 operands of arpl and then call >> gen_op_arpl(). This function finally leads to execute op_arpl(), which >> is defined as: >> >> void OPPROTO op_arpl(void) >> { >> if ((T0 & 3) < (T1 & 3)) { >> /* XXX: emulate bug or 0xff3f0000 oring as in bochs ? */ >> T0 = (T0 & ~3) | (T1 & 3); >> T1 = CC_Z; >> } else { >> T1 = 0; >> } >> FORCE_RET(); >> } >> >> Obviously op_arpl() relies on T0 and T1 have the value of the 1st and >> 2nd operands of the above "arpl" insn. However, I can only see that we >> copy the 1st operand into T0 at (1) or (2) in the first snippet, but I >> never see when we copy 2nd operand into T1. This confuses me, or I >> missed something here? > > You are right. Moreover, the eflags update is also invalid because arpl > is not signaled in the opc_write_flags array... OK, so that means ARPL is incorrectly implemented? No wonder why I badly struggle to understand how it works :-) Many thanks, Jun