From: Steffen Liebergeld <usenet@gmx.eu>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] No chaining on ARM hosts?
Date: Mon, 23 Mar 2009 12:25:38 +0000 (UTC) [thread overview]
Message-ID: <gq7v42$saa$1@ger.gmane.org> (raw)
Hi,
I am currently looking into the code generation of Qemu on a ARM host machine
with target ARM. While messuring how many instructions Qemu needs in order to
run guest instructions. Instructions like add and subs need 4 to 40
instructions, which is the amount I expected. However, branches take 150 host
instructions to execute. I figured that with the use of chaining this number
has to be significantly smaller.
To double check if the chaining is performed, I altered the function
tb_add_jmp_target to print the target address and the base address of the TB
which is to be patched, when the guest PC is in the range of my example code.
I am using a setup as in figure 1. The outer Qemu is running on a x86 host
machine, and runs ARM guest code. The inner Qemu is an ARM binary and running
ARM guest code as well. I altered both Qemu instances in order to be able to
trigger actions from my example code. If the example code issues a NOP (mov
r0, r0) and registers 1 and 2 have special values, the outer Qemu prints the
current guest instruction count.
The example code I used is shown in figure 2. It includes unconditional jumps,
which I think would be eligible for chaining.
When running the example code in the outer Qemu, chaining is performed as
expected. But when run in the inner Qemu no chaining takes place.
Do you have an idea why no chaining is performed on ARM hosts? Can somebody
explain the role of code_gen_prologue to me?
Many thanks in advance,
Steffen Liebergeld
Figure : Qemu setup, using qemu-0.10.0
|-----------------------------|
| |-------------------------| |
| | Example code | |
| | | |
| |-------------------------| |
| | Inner Qemu | |
| |-------------------------| |
| |
| ARM code |
|-----------------------------|
| Outer Qemu on an x86 host |
------------------------------|
Figure 2: ARM example code
" mov r0, %[deadbeef] \n"
" mov r1, %[deadbabe] \n"
" mov r2, $10 \n"
"outerloop: \n"
" mov r0, r0 \n"
" mov r4, $0 \n"
" mov r5, $0 \n"
" mov r6, $0 \n"
"Eins: \n"
" add r4, r4, $1 \n"
" b DREI \n"
"ZWEI: \n"
" add r5, r5, $1 \n"
" b OUT \n"
"DREI: \n"
" add r6, r6, $1 \n"
" b ZWEI \n"
"OUT: \n"
" mov r0, r0 \n"
" subs r2, r2, $1 \n"
" bne outerloop \n"
reply other threads:[~2009-03-23 12:25 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='gq7v42$saa$1@ger.gmane.org' \
--to=usenet@gmx.eu \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.