From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LljE7-0002Ji-ET for qemu-devel@nongnu.org; Mon, 23 Mar 2009 08:25:59 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LljE2-0002Fe-43 for qemu-devel@nongnu.org; Mon, 23 Mar 2009 08:25:58 -0400 Received: from [199.232.76.173] (port=36049 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LljE1-0002FS-UB for qemu-devel@nongnu.org; Mon, 23 Mar 2009 08:25:54 -0400 Received: from main.gmane.org ([80.91.229.2]:37545 helo=ciao.gmane.org) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1LljE1-0000pY-GS for qemu-devel@nongnu.org; Mon, 23 Mar 2009 08:25:53 -0400 Received: from list by ciao.gmane.org with local (Exim 4.43) id 1LljDx-00027D-C6 for qemu-devel@nongnu.org; Mon, 23 Mar 2009 12:25:49 +0000 Received: from 141.76.6.219 ([141.76.6.219]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 23 Mar 2009 12:25:49 +0000 Received: from usenet by 141.76.6.219 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 23 Mar 2009 12:25:49 +0000 From: Steffen Liebergeld Date: Mon, 23 Mar 2009 12:25:38 +0000 (UTC) Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: news Subject: [Qemu-devel] No chaining on ARM hosts? Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Hi, I am currently looking into the code generation of Qemu on a ARM host machine with target ARM. While messuring how many instructions Qemu needs in order to run guest instructions. Instructions like add and subs need 4 to 40 instructions, which is the amount I expected. However, branches take 150 host instructions to execute. I figured that with the use of chaining this number has to be significantly smaller. To double check if the chaining is performed, I altered the function tb_add_jmp_target to print the target address and the base address of the TB which is to be patched, when the guest PC is in the range of my example code. I am using a setup as in figure 1. The outer Qemu is running on a x86 host machine, and runs ARM guest code. The inner Qemu is an ARM binary and running ARM guest code as well. I altered both Qemu instances in order to be able to trigger actions from my example code. If the example code issues a NOP (mov r0, r0) and registers 1 and 2 have special values, the outer Qemu prints the current guest instruction count. The example code I used is shown in figure 2. It includes unconditional jumps, which I think would be eligible for chaining. When running the example code in the outer Qemu, chaining is performed as expected. But when run in the inner Qemu no chaining takes place. Do you have an idea why no chaining is performed on ARM hosts? Can somebody explain the role of code_gen_prologue to me? Many thanks in advance, Steffen Liebergeld Figure : Qemu setup, using qemu-0.10.0 |-----------------------------| | |-------------------------| | | | Example code | | | | | | | |-------------------------| | | | Inner Qemu | | | |-------------------------| | | | | ARM code | |-----------------------------| | Outer Qemu on an x86 host | ------------------------------| Figure 2: ARM example code " mov r0, %[deadbeef] \n" " mov r1, %[deadbabe] \n" " mov r2, $10 \n" "outerloop: \n" " mov r0, r0 \n" " mov r4, $0 \n" " mov r5, $0 \n" " mov r6, $0 \n" "Eins: \n" " add r4, r4, $1 \n" " b DREI \n" "ZWEI: \n" " add r5, r5, $1 \n" " b OUT \n" "DREI: \n" " add r6, r6, $1 \n" " b ZWEI \n" "OUT: \n" " mov r0, r0 \n" " subs r2, r2, $1 \n" " bne outerloop \n"