It seems to me that when QEMU emits a TB to TB transition, it does not look
for whether the code has already been generated or not ( at least x86 on
x86 emulation) . it just lay down a 4 byte address, waiting to be patched
later. Am I right ?
case INDEX_op_goto_tb:
if (s->tb_jmp_offset) {
/* direct jump method */
/* need to make sure that the jmp offset does not cross 32 byte
boundary on Intel chip
* and 8 byte boundary on AMD chip. As qemu is not checking for
processor type. Assume
* 8 byte boundary to be safe */
* tcg_out8(s, OPC_JMP_long); /* jmp im */
s->tb_jmp_offset[args[0]] = s->code_ptr - s->code_buf;
tcg_out32(s, 0);*
} else {
/* indirect jump method */
tcg_out_modrm_offset(s, OPC_GRP5, EXT5_JMPN_Ev, -1,
(tcg_target_long)(s->tb_next + args[0]));
}
s->tb_next_offset[args[0]] = s->code_ptr - s->code_buf;
break;
Thanks
Xin
