On 26 July 2016 at 19:49, Kartik Ramkrishnan <ramkr...@umn.edu> wrote: > Hello all, > > I am running an i386 binary in user mode using qemu. > > In the code, I am looking for the next location that the simulated > program counter jumps to when a TranslationBlock completes execution. This > address should be the guest address, not the address on the host.
The place we go to is whatever the PC in the CPUState says at the point when we finish execution of the TB. > I found a variable called tb_next_offset[2] in 'struct TranslationBlock' in > exec-all.h , which says (offset of original jump target). It sounds like > the jump offset can be added to the target code's last address to obtain > the new PC value. This field was renamed earlier this year, so it's called jmp_reset_offset. It's part of an optimisation where rather than finishing the TB, and then going out to the top level loop and looking up the next TB from the guest PC, we can patch the first TB to directly jump to the second TB. jmp_reset_offset is the offset within the generated code of the branch instruction which we need to patch in order to create this direct link. It has nothing to do with the guest address. thanks -- PMM
