From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Ihvzj-0007AO-Fd for qemu-devel@nongnu.org; Tue, 16 Oct 2007 19:38:39 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Ihvzg-000793-Un for qemu-devel@nongnu.org; Tue, 16 Oct 2007 19:38:38 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Ihvzg-000790-Q5 for qemu-devel@nongnu.org; Tue, 16 Oct 2007 19:38:36 -0400 Received: from bangui.magic.fr ([195.154.194.245]) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1Ihvzg-00046p-Cv for qemu-devel@nongnu.org; Tue, 16 Oct 2007 19:38:36 -0400 Subject: Re: [Qemu-devel] RFC: Code fetch optimisation From: "J. Mayer" In-Reply-To: <200710162300.27862.paul@codesourcery.com> References: <1192362267.9976.383.camel@rapid> <200710152342.08019.paul@codesourcery.com> <1192566444.9976.510.camel@rapid> <200710162300.27862.paul@codesourcery.com> Content-Type: text/plain Date: Wed, 17 Oct 2007 01:38:28 +0200 Message-Id: <1192577909.9976.534.camel@rapid> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Paul Brook Cc: qemu-devel@nongnu.org On Tue, 2007-10-16 at 23:00 +0100, Paul Brook wrote: > > Well, we got the same behavior on PowerPC. What I was thinking of is > > that if we fix the VLE problems, the fix, if done in a proper way, could > > also allow benefit to RISC targets. What I don't know is; would we > > really have a benefit not stopping translation on page boundaries ? > I suspect that we're going to want/need to break the TB to get the exception > semantics right, so for RISC targets there's no point having TBs that > span a > page boundary. My opinion is that this an optimisation that may be tried later, if it really give an advantage in terms of translation efficiency, which is far from being evident. Then, let's keep what works well and just try to solve the VLE problems for now... > > > For VLE targets we already get this wrong (the prefetch abort occurs some > > > time before the faulting instruction executes). I don't know if this > > > behavior is permitted by the ISA, but it's definitely possible to > > > construct cases where it has visible effect. > > > > I think that it would be possible to do things properly. > > [...] Or maybe the solution would > > just be to stop the translation knowing that the exception will be > > raised when trying to translate the first instruction in the next page. > > I'd go for this one. It's approximately the same method currently used for > RISC targets. > In general think this will require target specific support. For RISC targets > this is trivial. For x86/m68k figuring out the length of an insn is trickier. > > Detecting crossing a page boundary on subsequent insns in the load/mmu > routines is problematic because it happens relatively late. In particular it > may theoretically happen after we've output ops that change CPU state. > > I suspect the best solution is to backtrack (remove the generated ops) after > decoding the insn if we discover we've passed a page boundary. The ld*_code > routines can simply return garbage (e.g. zero) if the read is not on the > first page. The "incorrect" returned value may be target specific to be sure it's always an invalid opcode. Backtracking should not be hard if we register the last cc pointer each time we finish translating an insn. I'll think about this solution, which really seems feasible to me. > Trying to generate prefetch aborts at runtime sounds too hairy for my liking. It might be really tricky and is likely to be bugged, I agree. -- J. Mayer Never organized