Re: [Qemu-devel] How qemu access memory in target-i386/translate.c disas

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] How qemu access memory in target-i386/translate.c disas

From:	Peter Maydell
Subject:	Re: [Qemu-devel] How qemu access memory in target-i386/translate.c disas_insn function?
Date:	Thu, 12 Feb 2015 01:01:24 +0000

On 11 February 2015 at 22:32, Pang Wing <address@hidden> wrote:
> Hi,
>
> I'm trying to understanding how disas_insn in target-i386/translate.c works.
>
> However, I'm confused at disas_insn function.
>
> In /* arith & logic */ part, when f == 0 (OP Ev, Gv) && mod != 3, I found
> these codes:
>
> gen_lea_modrm(env, s, modrm);
> opreg = OR_TMP0;
>
> gen_op_mov_v_reg(ot, cpu_T[1], reg);
> gen_op(s, op, ot, opreg);
>
> I found that this is the code that trying to add (or other ops) a register
> to a memory address.
> gen_lea_modrm will calculate the referenced memory address and store the
> final address in cpu_A0, but I can't find anywhere uses cpu_A0.

Look at gen_op() -- the first thing it does is use cpu_A0 in the
case where opreg is OR_TMP0 (which it is here).

So the top level code you quote is:
 * decode modrm byte and put the effective address into cpu_A0
 * get the register operand into cpu_T[1]
 * perform the operation on the two inputs (one of which is in
   cpu_T[1] and the other of which gen_op() emits code to load
   from memory using cpu_A0), and handle CPU flag updates

> Besides, I
> have no idea what are gen_op_mov_v_reg and gen_op doing. After these codes,
> disas_insn is returned.

gen_op_mov_v_reg() generates code to get the current contents of
the guest CPU register into a TCG value.
gen_op() generates code for performing some of the basic logic ops.

> I found in the last of the gen_lea_modrm will call
> "tcg_gen_ext32u_tl(cpu_A0, cpu_A0);", but when I trace the code I found
> "#define tcg_gen_ext32u_tl tcg_gen_mov_i32" and there's a condition that
> when "TCGV_EQUAL_I32(ret, arg)" is true, it will return immediately, so
> basically do nothing.

This is because you're generating code for a 32 bit guest. This
means that the "target long" size is 32 bits, and so "unsigned
extend 32 bit value to a target-long sized value" is just
"copy this 32 bit value to the 32 bit destination". Then if
the source and destination are the same place, this collapses
down to "do nothing".

thanks
-- PMM

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] How qemu access memory in target-i386/translate.c disas_insn function?, Pang Wing, 2015/02/11
- Re: [Qemu-devel] How qemu access memory in target-i386/translate.c disas_insn function?, Peter Maydell <=

Prev by Date: Re: [Qemu-devel] [PATCH] tile: Can load elf64 tilegx binary successfully for linux-user.
Next by Date: Re: [Qemu-devel] [PATCH] monitor: Fix Resource leak
Previous by thread: [Qemu-devel] How qemu access memory in target-i386/translate.c disas_insn function?
Next by thread: [Qemu-devel] [PATCH] tile: Can load elf64 tilegx binary successfully for linux-user.
Index(es):
- Date
- Thread