Re: [Qemu-devel] FreeSBIE-20040919, ffreep insn

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] FreeSBIE-20040919, ffreep insn

From:	Juergen Lock
Subject:	Re: [Qemu-devel] FreeSBIE-20040919, ffreep insn
Date:	Thu, 18 Nov 2004 00:42:38 +0100

On Wed, Nov 17, 2004 at 11:18:55PM +0000, Fabrice Bellard wrote:
> I don't think ffreep is used by the software you tried. It must be a bug 
> which yields a jump in a data section.

Mmmh it certainly does look like genuine code...

address@hidden:~# gdb /usr/X11R6/bin/Xorg Xorg.core 
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...(no debugging symbols 
found)...
Core was generated by `Xorg'.
Program terminated with signal 4, Illegal instruction.
Reading symbols from /lib/libz.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libz.so.2
Reading symbols from /lib/libm.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libm.so.2
Reading symbols from /usr/X11R6/lib/libXau.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /usr/X11R6/lib/libXau.so.0
Reading symbols from /usr/X11R6/lib/libXdmcp.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /usr/X11R6/lib/libXdmcp.so.0
Reading symbols from /lib/libc.so.5...(no debugging symbols found)...done.
Loaded symbols for /lib/libc.so.5
Reading symbols from /libexec/ld-elf.so.1...(no debugging symbols found)...done.
Loaded symbols for /libexec/ld-elf.so.1
#0  0x0807b1e0 in configMonitor ()
(gdb) disassemble configMonitor 
Dump of assembler code for function configMonitor:
0x0807ad50 <configMonitor+0>:   push   %ebp
0x0807ad51 <configMonitor+1>:   mov    $0x3,%ecx
0x0807ad56 <configMonitor+6>:   fldz   
0x0807ad58 <configMonitor+8>:   cld    
0x0807ad59 <configMonitor+9>:   mov    %esp,%ebp
0x0807ad5b <configMonitor+11>:  push   %edi
0x0807ad5c <configMonitor+12>:  lea    0xffffffd8(%ebp),%edi
0x0807ad5f <configMonitor+15>:  push   %esi
0x0807ad60 <configMonitor+16>:  push   %ebx
0x0807ad61 <configMonitor+17>:  sub    $0x5c,%esp
0x0807ad64 <configMonitor+20>:  mov    %eax,0xffffffd4(%ebp)
0x0807ad67 <configMonitor+23>:  xor    %eax,%eax
0x0807ad69 <configMonitor+25>:  repz stos %eax,%es:(%edi)
0x0807ad6b <configMonitor+27>:  fstps  0xffffffc8(%ebp)
0x0807ad6e <configMonitor+30>:  mov    0x4(%edx),%eax
...
0x0807b0d1 <configMonitor+897>: mov    0xffffffd0(%ebp),%eax
0x0807b0d4 <configMonitor+900>: fldl   0x8193da0
0x0807b0da <configMonitor+906>: fld    %st(0)
0x0807b0dc <configMonitor+908>: mov    0xffffffd4(%ebp),%ebx
0x0807b0df <configMonitor+911>: flds   0xa4(%eax)
0x0807b0e5 <configMonitor+917>: fld    %st(0)
0x0807b0e7 <configMonitor+919>: mov    %esi,0x98(%ebx)
0x0807b0ed <configMonitor+925>: fucomip %st(3),%st
0x0807b0ef <configMonitor+927>: jbe    0x807b1e0 <configMonitor+1168>
0x0807b10e <configMonitor+958>: mov    0xffffffd4(%ebp),%eax
...
0x0807b1e0 <configMonitor+1168>:        ffreep %st(0)
0x0807b1e2 <configMonitor+1170>:        mov    0xffffffd4(%ebp),%edx
0x0807b1e5 <configMonitor+1173>:        flds   0x9c(%edx)
0x0807b1eb <configMonitor+1179>:        mov    0xffffffd0(%ebp),%ebx
0x0807b1ee <configMonitor+1182>:        flds   0xa8(%ebx)
0x0807b1f4 <configMonitor+1188>:        fld    %st(0)
0x0807b1f6 <configMonitor+1190>:        fucomip %st(3),%st
0x0807b1f8 <configMonitor+1192>:        ja     0x807b10e <configMonitor+958>
0x0807b1fe <configMonitor+1198>:        ffreep %st(0)
---Type <return> to continue, or q <return> to quit---
0x0807b200 <configMonitor+1200>:        mov    0xffffffd0(%ebp),%edx
0x0807b203 <configMonitor+1203>:        flds   0xac(%edx)
0x0807b209 <configMonitor+1209>:        fld    %st(0)
0x0807b20b <configMonitor+1211>:        fucomip %st(3),%st
0x0807b20d <configMonitor+1213>:        ja     0x807b12a <configMonitor+986>
...

>  ffreep is not documented and it 
> does not work on every CPU (I get an invalid instruction exception on 
> P4), so I propose not to implement it.

        http://webster.cs.ucr.edu/AsmTools/NASM/Doc/NASMDOCA.HTM
says its P6, like fucomip which is also used by the code above (and
which qemu knows).

        Juergen

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] FreeSBIE-20040919, ffreep insn, Juergen Lock, 2004/11/17
- Re: [Qemu-devel] FreeSBIE-20040919, ffreep insn, Fabrice Bellard, 2004/11/17
  - Re: [Qemu-devel] FreeSBIE-20040919, ffreep insn, Juergen Lock <=

Prev by Date: Re: [Qemu-devel] question for QEMU users
Next by Date: Re: [Qemu-devel] qemu/hw ide.c
Previous by thread: Re: [Qemu-devel] FreeSBIE-20040919, ffreep insn
Next by thread: [Qemu-devel] Question about QEMU 0.6.1
Index(es):
- Date
- Thread