From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:41187) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a7Ebg-0006aO-A2 for qemu-devel@nongnu.org; Thu, 10 Dec 2015 22:42:57 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1a7Ebb-0004a8-7t for qemu-devel@nongnu.org; Thu, 10 Dec 2015 22:42:56 -0500 Received: from bay004-omc2s12.hotmail.com ([65.54.190.87]:57917) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a7Eba-0004Zu-Vy for qemu-devel@nongnu.org; Thu, 10 Dec 2015 22:42:51 -0500 Message-ID: MIME-Version: 1.0 From: =?utf-8?B?VmFsZXLDs24gSkM=?= Date: Fri, 11 Dec 2015 11:43:22 +0800 Content-Type: multipart/alternative; boundary="_5ADBF08B-A29F-4BC6-936E-11504EF10F7F_" Subject: [Qemu-devel] How does TCG gen host code for a TB? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "qemu-devel@nongnu.org" --_5ADBF08B-A29F-4BC6-936E-11504EF10F7F_ Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" I want to trace a bug in tcg, which for me, at some point, generate infinit= e loop TB chains, that's unexpected. and I've found the final TB(head, sinc= e they're chaining) which run in an infinite loop, and I know a very weird = trick to 'disable' this bug, so I would like to track the tcg-ops for the T= B, hope that I can figure what's wrong. but when I read the tcg_gen_code(), I'm confused... how does tcg_gen_code() generate codes for one TB? if I read the code corre= ctly, gen_intermediate_code() will not flush the tcg_ctx->gen_opc_buf[], co= des for previous TB are mixed together... and tcg_gen_code() will start gen= from index 0 of gen_opc_buf, how does it generate codes for the TB just cr= eated? even though there's label for a TB-start(I'm not familiar with this label s= tuff yet), but the fact that the gen_opc_buf not flush every time a new TB = is generated seems weird to me, won't the new tcg-ops mixed with the ones o= f previous TB? Isn=E2=80=99t the newly generated host-code dedicate to one = TB? Sent from Mail for Windows 10 --_5ADBF08B-A29F-4BC6-936E-11504EF10F7F_ Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="utf-8"

I want to trace a bug in tcg, which = for me, at some point, generate infinite loop TB chains, that's unexpected.= and I've found the final TB(head, since they're chaining) which run in an = infinite loop, and I know a very weird trick to 'disable' this bug, so I wo= uld like to track the tcg-ops for the TB, hope that I can figure what's wro= ng.

 

but when I read the tcg_gen_code(), I'm confused...

 

how does tcg_ge= n_code() generate codes for one TB? if I read the code correctly, gen_inter= mediate_code() will not flush the tcg_ctx->gen_opc_buf[], codes for prev= ious TB are mixed together... and tcg_gen_code() will start gen from index = 0 of gen_opc_buf, how does it generate codes for the TB just created?<= /o:p>

 

eve= n though there's label for a TB-start(I'm not familiar with this label stuf= f yet), but the fact that the gen_opc_buf not flush every time a new TB is = generated seems weird to me, won't the new tcg-ops mixed with the ones of p= revious TB? Isn=E2=80=99t the newly generated host-code dedicate to one TB?=

 

Sent from Ma= il for Windows 10

= --_5ADBF08B-A29F-4BC6-936E-11504EF10F7F_-- From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45073) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a7NtF-0007dR-Mo for qemu-devel@nongnu.org; Fri, 11 Dec 2015 08:37:42 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1a7NtE-0007u5-Oz for qemu-devel@nongnu.org; Fri, 11 Dec 2015 08:37:41 -0500 Received: from mail-vk0-x22f.google.com ([2607:f8b0:400c:c05::22f]:34273) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a7NtE-0007tx-II for qemu-devel@nongnu.org; Fri, 11 Dec 2015 08:37:40 -0500 Received: by vkgj66 with SMTP id j66so19383998vkg.1 for ; Fri, 11 Dec 2015 05:37:40 -0800 (PST) MIME-Version: 1.0 In-Reply-To: References: From: Peter Maydell Date: Fri, 11 Dec 2015 13:37:20 +0000 Message-ID: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] How does TCG gen host code for a TB? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: =?UTF-8?Q?Valer=C3=B3n_JC?= Cc: "qemu-devel@nongnu.org" On 11 December 2015 at 03:43, Valer=C3=B3n JC wr= ote: > I want to trace a bug in tcg, which for me, at some point, generate infin= ite > loop TB chains, that's unexpected. and I've found the final TB(head, sinc= e > they're chaining) which run in an infinite loop, and I know a very weird > trick to 'disable' this bug, so I would like to track the tcg-ops for the > TB, hope that I can figure what's wrong. If the guest code is an infinite loop then we will generate a chain of TBs which goes round in a loop too. (Execution will escape from the loop via longjmp when there is a guest interrupt or other exception.) > but when I read the tcg_gen_code(), I'm confused... > how does tcg_gen_code() generate codes for one TB? if I read the code > correctly, gen_intermediate_code() will not flush the > tcg_ctx->gen_opc_buf[], codes for previous TB are mixed together... and > tcg_gen_code() will start gen from index 0 of gen_opc_buf, how does it > generate codes for the TB just created? This code has changed, and tcg_ctx->gen_opc_buf doesn't exist any more. We store ops in a linked list now rather than an array. The answer to your question in general is still the same, though: before calling gen_intermediate_code() we call tcg_func_start(), which resets the TCGContext to a clean state, including "no temporaries allocated", "no labels" and "no ops". thanks -- PMM From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:55876) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a7OYZ-0006ib-Hp for qemu-devel@nongnu.org; Fri, 11 Dec 2015 09:20:24 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1a7OYW-0002ZA-Bq for qemu-devel@nongnu.org; Fri, 11 Dec 2015 09:20:23 -0500 Received: from mail-lf0-x22e.google.com ([2a00:1450:4010:c07::22e]:33076) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a7OYW-0002Z4-4b for qemu-devel@nongnu.org; Fri, 11 Dec 2015 09:20:20 -0500 Received: by lfap203 with SMTP id p203so11827754lfa.0 for ; Fri, 11 Dec 2015 06:20:19 -0800 (PST) References: From: Sergey Fedorov Message-ID: <566ADBA1.8060106@gmail.com> Date: Fri, 11 Dec 2015 17:20:17 +0300 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Subject: Re: [Qemu-devel] How does TCG gen host code for a TB? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: =?UTF-8?Q?Valer=c3=b3n_JC?= , "qemu-devel@nongnu.org" On 11.12.2015 06:43, ValerĂ³n JC wrote: > I want to trace a bug in tcg, which for me, at some point, generate > infinite loop TB chains, that's unexpected. and I've found the final > TB(head, since they're chaining) which run in an infinite loop, and I > know a very weird trick to 'disable' this bug, so I would like to > track the tcg-ops for the TB, hope that I can figure what's wrong. Hi, You may find it useful to enable logging of TCG ops generated with '-d op', as well as input and output assembly with '-d in_asm,out_asm'. '-D ' could be useful to output log to a file. Here are references to documentation: http://qemu.weilnetz.de/qemu-doc.html#index-_002dd and http://qemu.weilnetz.de/qemu-doc.html#index-_002dD. Best, Sergey From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45952) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a7Phf-0003s4-Ux for qemu-devel@nongnu.org; Fri, 11 Dec 2015 10:33:53 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1a7Phc-0005MX-MR for qemu-devel@nongnu.org; Fri, 11 Dec 2015 10:33:51 -0500 Received: from bay004-omc3s13.hotmail.com ([65.54.190.151]:59105) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a7Phc-0005MQ-Dj for qemu-devel@nongnu.org; Fri, 11 Dec 2015 10:33:48 -0500 Message-ID: MIME-Version: 1.0 From: =?utf-8?B?VmFsZXLDs24gSkM=?= Date: Fri, 11 Dec 2015 23:34:05 +0800 Content-Type: multipart/alternative; boundary="_139FE2AB-065D-4766-B532-A2D598F2CF0E_" Subject: Re: [Qemu-devel] How does TCG gen host code for a TB? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Sergey Fedorov , "qemu-devel@nongnu.org" --_139FE2AB-065D-4766-B532-A2D598F2CF0E_ Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Peter and Sergey, Thank you so much for your help and explanation.=20 I appreciate your helps very much. Sent from Mail for Windows 10 From: Sergey Fedorov Sent: Friday, December 11, 2015 10:21 PM To: Valer=C3=B3n JC;qemu-devel@nongnu.org Subject: Re: [Qemu-devel] How does TCG gen host code for a TB? On 11.12.2015 06:43, Valer=C3=B3n JC wrote: > I want to trace a bug in tcg, which for me, at some point, generate > infinite loop TB chains, that's unexpected. and I've found the final > TB(head, since they're chaining) which run in an infinite loop, and I > know a very weird trick to 'disable' this bug, so I would like to > track the tcg-ops for the TB, hope that I can figure what's wrong. Hi, You may find it useful to enable logging of TCG ops generated with '-d op', as well as input and output assembly with '-d in_asm,out_asm'. '-D ' could be useful to output log to a file. Here are references to documentation: http://qemu.weilnetz.de/qemu-doc.html#index-_002dd and http://qemu.weilnetz.de/qemu-doc.html#index-_002dD. Best, Sergey --_139FE2AB-065D-4766-B532-A2D598F2CF0E_ Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="utf-8"

Peter and Sergey, Thank you so much = for your help and explanation.

I appreciate your h= elps very much.

 

Sent from Mail for Windows 10

 

 


<= b>From: Sergey Fedorov
Sent: Friday, December 11, 2015 10:21 = PM
To: Valer=C3=B3n JC;qemu-devel@nongnu.org
Subject: R= e: [Qemu-devel] How does TCG gen host code for a TB?

 

 

On 11.12.2015 06:43, Valer=C3=B3= n JC wrote:
> I want to trace a bug in tcg, which for me, at some poi= nt, generate
> infinite loop TB chains, that's unexpected. and I've f= ound the final
> TB(head, since they're chaining) which run in an inf= inite loop, and I
> know a very weird trick to 'disable' this bug, so= I would like to
> track the tcg-ops for the TB, hope that I can figu= re what's wrong.

Hi,

You may find it useful to enable logging= of TCG ops generated with '-d
op', as well as input and output assembly= with '-d in_asm,out_asm'. '-D
<filename>' could be useful to outp= ut log to a file. Here are references
to documentation: http://qemu.weilnetz.de/qemu= -doc.html#index-_002dd and
http://qemu.weilnetz.de/qemu-doc.html#index-_002dD.

Best,
Sergey

&n= bsp;

 

= --_139FE2AB-065D-4766-B532-A2D598F2CF0E_--