* [Qemu-devel] Question on implementatio of GETPC()
@ 2010-04-28 4:51 Jun Koi
2010-04-28 8:12 ` [Qemu-devel] " Jan Kiszka
0 siblings, 1 reply; 4+ messages in thread
From: Jun Koi @ 2010-04-28 4:51 UTC (permalink / raw)
To: qemu-devel
Hi,
In x86, GETPC() is implemented as below:
# define GETPC() ((void *)((unsigned long)__builtin_return_address(0) - 1))
As I understand, it gets the returned address on the stack, then
subtract 1 to get back to the above address.
Imagine we have code like this (pseudo asm code):
....
CALL <relative address>
<next-insn>
....
When we call GETPC, we get the address of <next-insn>, and subtract 1.
But the problem is that the CALL insn is more than 1 byte, so how can
GETPC() gives us the address of the CALL insn above?
I guess I must misunderstood something here ....
Many thanks,
Jun
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Qemu-devel] Re: Question on implementatio of GETPC()
2010-04-28 4:51 [Qemu-devel] Question on implementatio of GETPC() Jun Koi
@ 2010-04-28 8:12 ` Jan Kiszka
2010-04-28 8:29 ` Jun Koi
0 siblings, 1 reply; 4+ messages in thread
From: Jan Kiszka @ 2010-04-28 8:12 UTC (permalink / raw)
To: Jun Koi; +Cc: qemu-devel
Jun Koi wrote:
> Hi,
>
> In x86, GETPC() is implemented as below:
>
> # define GETPC() ((void *)((unsigned long)__builtin_return_address(0) - 1))
>
> As I understand, it gets the returned address on the stack, then
> subtract 1 to get back to the above address.
>
> Imagine we have code like this (pseudo asm code):
>
> ....
> CALL <relative address>
> <next-insn>
> ....
>
> When we call GETPC, we get the address of <next-insn>, and subtract 1.
> But the problem is that the CALL insn is more than 1 byte, so how can
> GETPC() gives us the address of the CALL insn above?
>
> I guess I must misunderstood something here ....
IIRC, the result of GETPC is used for a range check. So you just have to
ensure that it points somewhere into the translated code sequence of the
current target instruction.
Jan
--
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Qemu-devel] Re: Question on implementatio of GETPC()
2010-04-28 8:12 ` [Qemu-devel] " Jan Kiszka
@ 2010-04-28 8:29 ` Jun Koi
2010-04-28 10:41 ` Jan Kiszka
0 siblings, 1 reply; 4+ messages in thread
From: Jun Koi @ 2010-04-28 8:29 UTC (permalink / raw)
To: Jan Kiszka; +Cc: qemu-devel
On Wed, Apr 28, 2010 at 5:12 PM, Jan Kiszka <jan.kiszka@siemens.com> wrote:
> Jun Koi wrote:
>> Hi,
>>
>> In x86, GETPC() is implemented as below:
>>
>> # define GETPC() ((void *)((unsigned long)__builtin_return_address(0) - 1))
>>
>> As I understand, it gets the returned address on the stack, then
>> subtract 1 to get back to the above address.
>>
>> Imagine we have code like this (pseudo asm code):
>>
>> ....
>> CALL <relative address>
>> <next-insn>
>> ....
>>
>> When we call GETPC, we get the address of <next-insn>, and subtract 1.
>> But the problem is that the CALL insn is more than 1 byte, so how can
>> GETPC() gives us the address of the CALL insn above?
>>
>> I guess I must misunderstood something here ....
>
> IIRC, the result of GETPC is used for a range check. So you just have to
> ensure that it points somewhere into the translated code sequence of the
> current target instruction.
>
Hmm if I am not wrong, the GETPC address is really used as jump target
of some code (such as when handling page fault), so that must be
accurate.
This is so confused to me!
Thanks,
J
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Qemu-devel] Re: Question on implementatio of GETPC()
2010-04-28 8:29 ` Jun Koi
@ 2010-04-28 10:41 ` Jan Kiszka
0 siblings, 0 replies; 4+ messages in thread
From: Jan Kiszka @ 2010-04-28 10:41 UTC (permalink / raw)
To: Jun Koi; +Cc: qemu-devel@nongnu.org
Jun Koi wrote:
> On Wed, Apr 28, 2010 at 5:12 PM, Jan Kiszka <jan.kiszka@siemens.com> wrote:
>> Jun Koi wrote:
>>> Hi,
>>>
>>> In x86, GETPC() is implemented as below:
>>>
>>> # define GETPC() ((void *)((unsigned long)__builtin_return_address(0) - 1))
>>>
>>> As I understand, it gets the returned address on the stack, then
>>> subtract 1 to get back to the above address.
>>>
>>> Imagine we have code like this (pseudo asm code):
>>>
>>> ....
>>> CALL <relative address>
>>> <next-insn>
>>> ....
>>>
>>> When we call GETPC, we get the address of <next-insn>, and subtract 1.
>>> But the problem is that the CALL insn is more than 1 byte, so how can
>>> GETPC() gives us the address of the CALL insn above?
>>>
>>> I guess I must misunderstood something here ....
>> IIRC, the result of GETPC is used for a range check. So you just have to
>> ensure that it points somewhere into the translated code sequence of the
>> current target instruction.
>>
>
> Hmm if I am not wrong, the GETPC address is really used as jump target
> of some code (such as when handling page fault), so that must be
> accurate.
That won't work. GETPC could - at best - point to a host instruction
that raised the fault. But for proper fault handling, we need the guest
instruction pointer. So QEMU does a reverse mapping of the host address,
often via re-translating the code block as it may contain more than one
guest instruction.
Jan
--
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2010-04-28 10:41 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-04-28 4:51 [Qemu-devel] Question on implementatio of GETPC() Jun Koi
2010-04-28 8:12 ` [Qemu-devel] " Jan Kiszka
2010-04-28 8:29 ` Jun Koi
2010-04-28 10:41 ` Jan Kiszka
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).