> a jump with the least significant bits = 2. This falls through to tb > add jump, which then updates the jmp_first field of the current tb.
I don't know if tb_add_jump's second parameter will be two or not, but look at TranslationBlock (exec-all.h), struct TranslationBlock { struct TranslationBlock *jmp_next[2]; } and tb_add_jump (exec-all.h). static inline void tb_add_jump(TranslationBlock *tb, int n, TranslationBlock *tb_next) { /* NOTE: this test is only needed for thread safety */ if (!tb->jmp_next[n]) { <--- what if n is 2? } } Regards, chenwj -- Wei-Ren Chen (陳韋任) Computer Systems Lab, Institute of Information Science, Academia Sinica, Taiwan (R.O.C.) Tel:886-2-2788-3799 #1667 Homepage: http://people.cs.nctu.edu.tw/~chenwj