Hello, I tried the fix from malc, but it does not work on my testcase. The reason is that the compiler optimizes the test away, since PARAM1 is a constant value at that point in the build process.
The following fix does work: --- qemu-0.9.0-orig/target-i386/translate.c 2007-02-06 00:01:54.000000000 +0100 +++ qemu-0.9.0/target-i386/translate.c 2007-04-30 13:31:25.000000000 +0200 @@ -5326,8 +5326,12 @@ if (CODE64(s)) goto illegal_op; val = ldub_code(s->pc++); - gen_op_aam(val); - s->cc_op = CC_OP_LOGICB; + if (val == 0) { + gen_exception(s, EXCP00_DIVZ, pc_start - s->cs_base); + } else { + gen_op_aam(val); + s->cc_op = CC_OP_LOGICB; + } break; case 0xd5: /* aad */ if (CODE64(s)) -- Joris. On Sat, Apr 28, 2007 at 07:52:57PM +0200, Joris van Rantwijk wrote: > Qemu crashes with a floating point exception when emulating the "AAM 0" > instruction. By "crash", I mean that the whole qemu process actually > blows up (not just the program running inside Qemu). On Sun, 29 Apr 2007 at 19:55:24 +0400, malc wrote: > Following (given that real iron does indeed produce divide by zero > exception) should do the trick. > > Index: op.c > =================================================================== > RCS file: /cvsroot/qemu/qemu/target-i386/op.c,v > retrieving revision 1.47 > diff -u -r1.47 op.c > --- op.c 1 Feb 2007 22:11:07 -0000 1.47 > +++ op.c 29 Apr 2007 15:54:47 -0000 > @@ -1004,6 +1004,9 @@ > { > int base = PARAM1; > int al, ah; > + if (!base) { > + raise_exception(EXCP00_DIVZ); > + } > al = EAX & 0xff; > ah = al / base; > al = al % base;