Re: [Qemu-devel] Write to guest memory space in target-i386/translate.c

[Alexander Graf]

Hi Tommy,

On 03.08.2009, at 08:24, Tommy Huang wrote:

> Hi all,
>
> I've found that no functions in target-i386/translate.c try to  
> "write" to guest memory space.
> There is ldub_code which can be used to read from guest space.
> Which function can I use to write to the guest memory space in  
> translate.c?
> I know I can use stb_kernel in target-i386/helper.c. But I can't use  
> it in target-i386/translate.c.
> Any workaround?

Those files get called in different steps of the emulator.

translate.c code gets executed when qemu finds that a block is not  
translated yet, but wants to translate it. So in translate.c you only  
write TCG calls that generate host code, because you're not executing  
code yet, but only translating it.

helper.c code gets called from TCG code when the block is executed. In  
here you can just do normal C calls, because you know you're running  
at the time the code gets executed.


Imagine this easy to read x86 assembly code:

x:
    mov %eax, $0
    mov %cr0, %eax
    jmp x


Qemu would call translate.c once(!) for this block. translate.c would  
now take the opcodes and create host equivalents out of them.

The mov to cr0 gets translated to a helper call in translate.c, which  
would get called all the time while running the code, because you're  
stuck in an endless loop while _executing_.

I hope I haven't confused you more than you were now :-)


Alex

PS: I don't take guarantees for valid code examples :-). Maybe I have  
a typo in here, maybe writing 0 to cr0 makes the whole code fail. The  
code is really just there to explain the difference between  
translation and execution step.