On 12 January 2015 at 18:08, Peter Maydell <peter.mayd...@linaro.org> wrote: > So we're just sat in a loop which never finishes. This > seems to be because the first time in to it we set > the loop counter EBP to 0x5b207801.
Looking further up the trace we seem to be mistranslating movsbl: IN: 0x00000000000f195e: movsbl (%ebx),%eax 0x00000000000f1961: lea -0x30(%eax),%edx 0x00000000000f1964: cmp $0x9,%dl 0x00000000000f1967: ja 0xf1984 OP: ld_i32 tmp18,env,$0xfffffff4 movi_i32 tmp19,$0x0 brcond_i32 tmp18,tmp19,ne,$0x0 ---- 0xf195e mov_i32 tmp4,rbx_0 mov_i32 tmp5,rbx_1 movi_i32 tmp5,$0x0 qemu_ld_i32 tmp0,tmp4,tmp5,leul,$0x4 movi_i32 tmp18,$0x1f sar_i32 tmp1,tmp0,tmp18 mov_i32 rax_0,tmp0 movi_i32 rax_1,$0x0 ---- 0xf1961 movi_i32 tmp20,$0xffffffd0 movi_i32 tmp21,$0xffffffff add2_i32 tmp4,tmp5,rax_0,rax_1,tmp20,tmp21 movi_i32 tmp5,$0x0 mov_i32 rdx_0,tmp4 movi_i32 rdx_1,$0x0 [etc] movsbl should be a signed byte load, but we seem to have emitted a "qemu_ld_i32 tmp0,tmp4,tmp5,leul,$0x4", which is a 32 bit load ("leul"), and then sign extended 32->64 bits. [the insn bytes here are 0x0f 0xbe 0x03.] -- PMM