Re: access guest address from within instruction

[Peter Maydell]

On Sun, 2 Oct 2022 at 10:22, BitFriends <commandspider12@gmail.com> wrote:
> I now came up with this code:
>
> TCGv_i64 res = 0;
> TCGv_i64 addr = (TCGv_i64)(env->regs[R_EDI]);
>
> tcg_gen_qemu_ld_i64(res, addr, 0, MO_LEUQ);
>
> env->regs[R_EAX] = (target_ulong)res;

This is wrong, because you cannot read or write env->regs[] at
translate time. The "translate time" vs "run time" distinction
in a JIT is critical to understand:

 * translate time is when we read guest instructions,
   and output TCG ops. We do this once, the first time
   we encounter a particular piece of guest code. At
   this point you cannot directly access the state of the
   guest CPU. This is because the exact value of EDI
   will be *different* each time the generated code is run.
 * run time is when we are actually emulating the guest
   CPU, by executing the code built from the TCG ops.
   At run time the CPU state is known and can be updated.

You should look at how existing instructions in the x86
translator generate code to read and write registers --
you will see that they use cpu_regs[], which is an array
of TCGv which correspond to the CPU registers (so they can
say "generate code which will read EDI"), and they
never use env->regs[] (which would be "read EDI right now").

More generally, "read guest memory and get the result into
a guest CPU register" is a common thing in existing x86
instructions. So find how we implement one of those
existing insns that's similar to what you want, and see
how that is handled.

(NB: so far you haven't said why your custom instruction
would be any different from a normal load instruction
that x86 already has...)

thanks
-- PMM