Re: [Qemu-devel] Question regarding tcg trace-events

["Alex Bennée" <alex.bennee@linaro.org>]

sainath grandhi <saiallforums@gmail.com> writes:

> Hello
> I am working with qemu tracing support and combined with tcg.
> I read that if tcg property is used for trace-event, it generates a
> trace-event once during translation and another trace-event after the
> execution.
>
> I made the following change in target/i386/translate.c
>
> -static inline void gen_op_movl_seg_T0_vm(DisasContext *s, int seg_reg)
> +static inline void gen_op_movl_seg_T0_vm(DisasContext *s, int
> seg_reg, CPUX86State *env)
>  {
>      tcg_gen_ext16u_tl(s->T0, s->T0);
>      tcg_gen_st32_tl(s->T0, cpu_env,
>                      offsetof(CPUX86State,segs[seg_reg].selector));
> +    trace_seg_write_tcg(tcg_ctx->cpu, cpu_env, env->eip, seg_reg,
> env->segs[seg_reg].selector, s->T0);

This is a new trace point you've added?

>      tcg_gen_shli_tl(cpu_seg_base[seg_reg], s->T0, 4);
>
> I see seg_write_trans and seg_write_exec trace-events.
> Question I have is the following:
> I expect one seg_write_trans trace-event per seg_write_exec
> trace-event. However I notice more than one seg_write_exec
> trace-events after a seg_write_trans

If a translated block is executed more than once (most are) you should
see more exec events than trans events.

> and in some cases seg_write_exec
> trace-events occur without a seg_write_trans.

That is odd.

> Why do this happen? Does this have something to do with TCG and TBs?

In TCG an execution block (TranslationBlock) is:

  - translated into TCgops
  - generated into host code
  - added to the code cache

from this point each time we need to execute something with the same
parameters (pc/flags) we fetch the already translated code and execute
it directly. There are more pointers to how the TCG works on the wiki.

--
Alex Bennée