id = 1368
title = "unexpect rax value"
state = "closed"
created_at = "2022-12-15T07:54:32.732Z"
closed_at = "2023-01-15T16:30:16.041Z"
labels = ["Closed::Invalid", "target: i386"]
url = "https://gitlab.com/qemu-project/qemu/-/issues/1368"
host-os = "Ubuntu 22.04"
host-arch = "x86"
qemu-version = "QEMU emulator version 7.1.94 (v7.2.0-rc4)"
guest-os = "- OS/kernel version:"
guest-arch = "x86"
description = """- When I execute "mov -0x8(%rbp), %rax" and "movq 0xb8000, (%rax)", the value of rax should be 0x7fedf but it is 0x7fefe. It is 1 less."""
reproduce = """- 1. Code currently executed
<pre>
(gdb) x/2i $pc
=> 0x2202 <vga_init+12>:\tmov    -0x8(%rbp),%rax
   0x2206 <vga_init+16>:\tmovq   $0xb8000,(%rax)
</pre>
- 2. Value of memory address -0x8(%rbp)
<pre>
(gdb) x /xg $rbp-0x8
0x7fec8:\t0x000000000007fedf
</pre>
- 3. Value of rax before execution
<pre>
(gdb) p /x $rax
$1 = 0xfffffffd
</pre>
- 4. Value of rax after execution
<pre>
(gdb) p /x $rax
$1 = 0x7fedf
</pre>
It's all right so far.
- 5. View the current execution code again
<pre>
(gdb) x/i $pc
=> 0x2207 <vga_init+17>:\tmovl   $0xb8000,(%rax)
</pre>
the code address changed from 0x2206 to 0x2207 and the code changed from "movq xx, xx" to "movl xx, xx".<br>
Now rax is 0x7fedf.
- 6. After execution<br>
After executing "movl   $0xb8000,(%rax)"<br>
The rax change to 0x7fede"""
additional = """"""