[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] MAX_OP_PER_INSTR should be larger
|
From: |
TeLeMan |
|
Subject: |
[Qemu-devel] MAX_OP_PER_INSTR should be larger |
|
Date: |
Tue, 17 Mar 2009 23:17:26 -0700 (PDT) |
MAX_OP_PER_INSTR is 64 now,but the x64 instruction "ROR" will be translated
into more than 64 ops.
It will cause gen_opc_buf overflowed and tcg_ctx overwritten.
qemu.log:
IN:
0x00000000004463d3: and %ecx,%ebx
0x00000000004463d5: add %edi,%esi
0x00000000004463d7: mov %esi,-0x14(%ebp)
0x00000000004463da: mov %ecx,%esi
0x00000000004463dc: ror $0x19,%esi
0x00000000004463df: mov %ecx,%edi
0x00000000004463e1: ror $0xb,%edi
0x00000000004463e4: xor %edi,%esi
0x00000000004463e6: mov %ecx,%edi
0x00000000004463e8: ror $0x6,%edi
0x00000000004463eb: xor %edi,%esi
0x00000000004463ed: mov %ecx,%edi
0x00000000004463ef: not %edi
0x00000000004463f1: and -0x28(%ebp),%edi
0x00000000004463f4: xor %ebx,%edi
0x00000000004463f6: add %edi,%esi
0x00000000004463f8: add 0x501280(,%eax,4),%esi
0x00000000004463ff: mov -0x14(%ebp),%edi
0x0000000000446402: add -0x70(%ebp,%eax,4),%esi
OP:
---- 0x4463d3
ld_i32 tmp2,env,$0x8
ld_i32 tmp3,env,$0xc
ld_i32 tmp0,env,$0x18
ld_i32 tmp1,env,$0x1c
and_i32 tmp0,tmp0,tmp2
and_i32 tmp1,tmp1,tmp3
st_i32 tmp0,env,$0x18
movi_i32 tmp8,$0x0
movi_i32 tmp9,$0x0
st_i32 tmp8,env,$0x1c
discard cc_src_0
discard cc_src_1
mov_i32 cc_dst_0,tmp0
mov_i32 cc_dst_1,tmp1
---- 0x4463d5
ld_i32 tmp2,env,$0x38
ld_i32 tmp3,env,$0x3c
ld_i32 tmp0,env,$0x30
ld_i32 tmp1,env,$0x34
add2_i32 tmp0,tmp1,tmp0,tmp1,tmp2,tmp3
st_i32 tmp0,env,$0x30
movi_i32 tmp8,$0x0
movi_i32 tmp9,$0x0
st_i32 tmp8,env,$0x34
mov_i32 cc_src_0,tmp2
mov_i32 cc_src_1,tmp3
mov_i32 cc_dst_0,tmp0
mov_i32 cc_dst_1,tmp1
---- 0x4463d7
ld_i32 tmp4,env,$0x28
movi_i32 tmp5,$0x0
movi_i32 tmp22,$0xffffffec
movi_i32 tmp23,$0xffffffff
add2_i32 tmp4,tmp5,tmp4,tmp5,tmp22,tmp23
movi_i32 tmp5,$0x0
ld_i32 tmp0,env,$0x30
ld_i32 tmp1,env,$0x34
qemu_st32 tmp0,tmp4,tmp5,$0x0
---- 0x4463da
ld_i32 tmp0,env,$0x8
ld_i32 tmp1,env,$0xc
st_i32 tmp0,env,$0x30
movi_i32 tmp8,$0x0
movi_i32 tmp9,$0x0
st_i32 tmp8,env,$0x34
---- 0x4463dc
movi_i32 tmp2,$0x19
movi_i32 tmp3,$0x0
ld_i32 loc24,env,$0x30
ld_i32 loc25,env,$0x34
mov_i32 loc26,tmp2
mov_i32 loc27,tmp3
movi_i32 tmp32,$0x1f
and_i32 loc26,loc26,tmp32
movi_i32 loc27,$0x0
movi_i32 tmp22,$0x0
movi_i32 tmp23,$0x0
brcond2_i32 loc26,loc27,tmp22,tmp23,eq,$0x0
mov_i32 tmp8,loc26
mov_i32 tmp9,loc27
movi_i32 loc25,$0x0
mov_i32 loc28,loc24
mov_i32 loc29,loc25
movi_i32 tmp32,$0x54d17c
call tmp32,$0x0,$2,tmp14,tmp15,loc24,loc25,tmp8,tmp9
movi_i32 tmp22,$0x20
movi_i32 tmp23,$0x0
sub2_i32 tmp8,tmp9,tmp22,tmp23,tmp8,tmp9
movi_i32 tmp32,$0x54d160
call tmp32,$0x0,$2,loc24,loc25,loc24,loc25,tmp8,tmp9
or_i32 loc24,loc24,tmp14
or_i32 loc25,loc25,tmp15
set_label $0x0
st_i32 loc24,env,$0x30
movi_i32 tmp8,$0x0
movi_i32 tmp9,$0x0
st_i32 tmp8,env,$0x34
movi_i32 cc_op,$0x8
movi_i32 tmp33,$0x0
movi_i32 tmp34,$0x0
brcond2_i32 loc26,loc27,tmp33,tmp34,eq,$0x1
movi_i32 tmp32,$cc_compute_all
call tmp32,$0x10,$1,tmp12,cc_op
mov_i32 cc_src_0,tmp12
movi_i32 cc_src_1,$0x0
movi_i32 tmp32,$0xfffff7fe
and_i32 cc_src_0,cc_src_0,tmp32
xor_i32 tmp8,loc28,loc24
xor_i32 tmp9,loc29,loc25
movi_i32 tmp36,$0xc
shl_i32 tmp32,tmp9,tmp36
movi_i32 tmp36,$0x14
shr_i32 tmp35,tmp9,tmp36
movi_i32 tmp36,$0x14
shr_i32 tmp8,tmp8,tmp36
or_i32 tmp8,tmp8,tmp32
mov_i32 tmp9,tmp35
movi_i32 tmp35,$0x800
and_i32 tmp8,tmp8,tmp35
movi_i32 tmp9,$0x0
or_i32 cc_src_0,cc_src_0,tmp8
or_i32 cc_src_1,cc_src_1,tmp9
movi_i32 tmp36,$0x1
shl_i32 tmp35,loc25,tmp36
movi_i32 tmp36,$0x1f
shr_i32 tmp32,loc25,tmp36
movi_i32 tmp36,$0x1f
shr_i32 loc24,loc24,tmp36
or_i32 loc24,loc24,tmp35
mov_i32 loc25,tmp32
movi_i32 tmp32,$0x1
and_i32 loc24,loc24,tmp32
movi_i32 loc25,$0x0
or_i32 cc_src_0,cc_src_0,loc24
or_i32 cc_src_1,cc_src_1,loc25
discard cc_dst_0
discard cc_dst_1
movi_i32 cc_op,$0x1
set_label $0x1
---- 0x4463df
ld_i32 tmp0,env,$0x8
ld_i32 tmp1,env,$0xc
st_i32 tmp0,env,$0x38
movi_i32 tmp8,$0x0
movi_i32 tmp9,$0x0
st_i32 tmp8,env,$0x3c
---- 0x4463e1
movi_i32 tmp2,$0xb
movi_i32 tmp3,$0x0
ld_i32 loc30,env,$0x38
ld_i32 loc31,env,$0x3c
mov_i32 loc28,tmp2
mov_i32 loc29,tmp3
movi_i32 tmp32,$0x1f
and_i32 loc28,loc28,tmp32
movi_i32 loc29,$0x0
movi_i32 tmp33,$0x0
movi_i32 tmp34,$0x0
brcond2_i32 loc28,loc29,tmp33,tmp34,eq,$0x2
mov_i32 tmp8,loc28
mov_i32 tmp9,loc29
movi_i32 loc31,$0x0
mov_i32 loc26,loc30
mov_i32 loc27,loc31
movi_i32 tmp32,$0x54d17c
call tmp32,$0x0,$2,tmp14,tmp15,loc30,loc31,tmp8,tmp9
movi_i32 tmp33,$0x20
movi_i32 tmp34,$0x0
sub2_i32 tmp8,tmp9,tmp33,tmp34,tmp8,tmp9
movi_i32 tmp32,$0x54d160
call tmp32,$0x0,$2,loc30,loc31,loc30,loc31,tmp8,tmp9
or_i32 loc30,loc30,tmp14
or_i32 loc31,loc31,tmp15
set_label $0x2
st_i32 loc30,env,$0x38
movi_i32 tmp8,$0x0
movi_i32 tmp9,$0x0
st_i32 tmp8,env,$0x3c
movi_i32 tmp37,$0x0
movi_i32 tmp38,$0x0
brcond2_i32 loc28,loc29,tmp37,tmp38,eq,$0x3
movi_i32 tmp32,$cc_compute_all
call tmp32,$0x10,$1,tmp12,cc_op
mov_i32 cc_src_0,tmp12
movi_i32 cc_src_1,$0x0
movi_i32 tmp32,$0xfffff7fe
and_i32 cc_src_0,cc_src_0,tmp32
xor_i32 tmp8,loc26,loc30
xor_i32 tmp9,loc27,loc31
movi_i32 tmp36,$0xc
shl_i32 tmp32,tmp9,tmp36
movi_i32 tmp36,$0x14
shr_i32 tmp35,tmp9,tmp36
movi_i32 tmp36,$0x14
shr_i32 tmp8,tmp8,tmp36
or_i32 tmp8,tmp8,tmp32
mov_i32 tmp9,tmp35
movi_i32 tmp35,$0x800
and_i32 tmp8,tmp8,tmp35
movi_i32 tmp9,$0x0
or_i32 cc_src_0,cc_src_0,tmp8
or_i32 cc_src_1,cc_src_1,tmp9
movi_i32 tmp36,$0x1
shl_i32 tmp35,loc31,tmp36
movi_i32 tmp36,$0x1f
shr_i32 tmp32,loc31,tmp36
movi_i32 tmp36,$0x1f
shr_i32 loc30,loc30,tmp36
or_i32 loc30,loc30,tmp35
mov_i32 loc31,tmp32
movi_i32 tmp32,$0x1
and_i32 loc30,loc30,tmp32
movi_i32 loc31,$0x0
or_i32 cc_src_0,cc_src_0,loc30
or_i32 cc_src_1,cc_src_1,loc31
discard cc_dst_0
discard cc_dst_1
movi_i32 cc_op,$0x1
set_label $0x3
--
View this message in context:
http://www.nabble.com/MAX_OP_PER_INSTR-should-be-larger-tp22573338p22573338.html
Sent from the QEMU - Dev mailing list archive at Nabble.com.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-devel] MAX_OP_PER_INSTR should be larger,
TeLeMan <=