From: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Date: Thu, 20 Sep 2018 07:17:03 +0000 (+0300)
Subject: target/i386: fix translation for icount mode
X-Git-Tag: qemu-xen-4.13.0-rc1~641^2~11
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=41d54dc09f1f327dedc79d5ba0b1b437ab7b0e94;p=qemu-xen.git

target/i386: fix translation for icount mode

This patch fixes the checking of boundary crossing instructions.
In icount mode only first instruction of the block may cross
the page boundary to keep the translation deterministic.
These conditions already existed, but compared the wrong variable.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Message-Id: <20180920071702.22477.43980.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---

diff --git a/target/i386/translate.c b/target/i386/translate.c
index 8fcd88e326..83c1ebe491 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -8538,10 +8538,10 @@ static void i386_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
            chance to happen */
         dc->base.is_jmp = DISAS_TOO_MANY;
     } else if ((tb_cflags(dc->base.tb) & CF_USE_ICOUNT)
-               && ((dc->base.pc_next & TARGET_PAGE_MASK)
-                   != ((dc->base.pc_next + TARGET_MAX_INSN_SIZE - 1)
+               && ((pc_next & TARGET_PAGE_MASK)
+                   != ((pc_next + TARGET_MAX_INSN_SIZE - 1)
                        & TARGET_PAGE_MASK)
-                   || (dc->base.pc_next & ~TARGET_PAGE_MASK) == 0)) {
+                   || (pc_next & ~TARGET_PAGE_MASK) == 0)) {
         /* Do not cross the boundary of the pages in icount mode,
            it can cause an exception. Do it only when boundary is
            crossed by the first instruction in the block.