Hi all!
I found that each time when Qemu is running via gdb, with the same start
options, the exact Translation Blocks (TBs) execute slightly different each
time.
For example the first time I start Qemu with gdb, and set the
breakpoint at tcg_qemu_tb_exec(env,
tc_ptr), and I ignore the first 1000 times hits, the next TB is about to
execute is:
breakpoint already hit 1001 times
(gdb) x/10i tc_ptr
0xb50c9900: mov 0x28(%ebp),%ebx
0xb50c9903: mov 0x8(%ebp),%esi
0xb50c9906: mov %ebx,%edi
0xb50c9908: mov %esi,%ecx
0xb50c990a: mov $0xf27ef,%edx
However, the second time, I did the exactly same thing, and the results
became:
breakpoint already hit 1001 times
(gdb) x/5i tc_ptr
0xb50c9bb0: mov 0x1c(%ebp),%ebx
0xb50c9bb3: push %ebx
0xb50c9bb4: mov %ebx,%edx
0xb50c9bb6: mov %ebx,%eax
0xb50c9bb8: shr $0x8,%edx
So Qemu was actually executing different TBs. I wonder the reason of this?
And is it possible to make it as static? It make it difficult for
debugging.
The qemu version I'm running is 1.0, the test image is linux-0.2.img from
http://wiki.qemu.org/Testing
And the start option is just -hda to the test image path.
Thanks!
Michael Chen
