weird translation block execution trace

[Robert Bu]

Hi,

I got some translation block execution trace with the runtime arguments:
-smp sockets=1 -smp cores=1 ---trace events=qemu-events -d nochain,guest_errors 
-icount 0

qemu-events is shown as blow:
exec_tb
exec_tb_nocache
exec_tb_exit
sigjmp
translate_block
tb_invalidate

where sigjmp, tb_invalidate are added by me. I got a trace snippet as:

exec_tb tb=0x2b1e8414c780 pc=0x8004bfe4
exec_tb_exit last_tb=0x0 flags=0x0
exec_tb tb=0x2b1e8414c980 pc=0x8004bfd8
exec_tb_exit last_tb=0x0 flags=0x0
exec_tb tb=0x2b1e8414c780 pc=0x8004bfe4
exec_tb_exit last_tb=0x0 flags=0x0
exec_tb_exit last_tb=0x0 flags=0x0
exec_tb tb=0x2b1e8414c780 pc=0x8004bfe4
exec_tb_exit last_tb=0x0 flags=0x0
exec_tb tb=0x2b1e8414c980 pc=0x8004bfd8
exec_tb_exit last_tb=0x0 flags=0x0

It's weired that there are two consecutive exec_tb_exit without any exec_tb 
in-between. I checked the source code without any luck to find any reasonable 
reason. And also, the code block of pc=0x8004bfe4 is executed twice, which not 
reasonable either. Only if the last exit flags=0x3, should the block 
re-execute. Is there any other cases I do not cover?

And the disassembly of the code snippet is:
000000008004bfd4 <memcpy>:
    8004bfd4:   d2800003        mov     x3, #0x0                        // #0
    8004bfd8:   eb03005f        cmp     x2, x3
    8004bfdc:   54000041        b.ne    8004bfe4 <memcpy+0x10>  // b.any
    8004bfe0:   d65f03c0        ret
    8004bfe4:   38636824        ldrb    w4, [x1, x3]
    8004bfe8:   38236804        strb    w4, [x0, x3]
    8004bfec:   91000463        add     x3, x3, #0x1
    8004bff0:   17fffffa        b       8004bfd8 <memcpy+0x4>

Best regards.
Robert