[Qemu-devel] address translation

[Qemu-devel] address translation

[Shashidhar Mysore]

[-- Attachment #1: Type: text/plain, Size: 1402 bytes --]

Hello group,

I have two questions, both regarding the virtual-physical translation of
addresses (all in the virtual machine context).

1>
Can somebody tell me if the program counter value available in the following
snippet from target-i386/translate.c
is virtual or physical? I learnt it may be virtual, in which case is there a
way to extract the physical address corresponding to the
virtual address, or if it is physical, then is there a way to translate to
its virtual address (within the virtual machine context)?

************************************************
/* convert one instruction. s->is_jmp is set if the translation must
   be stopped. Return the next pc value */
static target_ulong disas_insn(DisasContext *s, target_ulong pc_start)
{
    int b, prefixes, aflag, dflag;
    int shift, ot;
    int modrm, reg, rm, mod, reg_addr, op, opreg, offset_addr, val;
    target_ulong next_eip, tval;
    int rex_w, rex_r;

    s->pc = pc_start;   // This s->pc is what I am using to extract all
executed PC values
************************************************


2>
Second question I have is - Within the functions from target-i386/ops_mem.h
for example,

void OPPROTO glue(glue(op_ldub, MEMSUFFIX), _T0_A0)(void)
{
    T0 = glue(ldub, MEMSUFFIX)(A0);
}

Is A0 the physical address? or is it virtual?
And how to I translate from one to another in either case?


Thanks in advance.
-Shashi.

[-- Attachment #2: Type: text/html, Size: 1673 bytes --]

Re: [Qemu-devel] address translation

[andrzej zaborowski]

On 13/07/07, Shashidhar Mysore <shashimc@gmail.com> wrote:
> Hello group,
>
> I have two questions, both regarding the virtual-physical translation of
> addresses (all in the virtual machine context).
>
> 1>
> Can somebody tell me if the program counter value available in the following
> snippet from target-i386/translate.c
> is virtual or physical? I learnt it may be virtual, in which case is there a
> way to extract the physical address corresponding to the
> virtual address, or if it is physical, then is there a way to translate to
> its virtual address (within the virtual machine context)?

It is virtual, I think cpu_get_phys_page_debug() + the offset should
give you physical.

>
> ************************************************
> /* convert one instruction. s->is_jmp is set if the translation must
>    be stopped. Return the next pc value */
> static target_ulong disas_insn(DisasContext *s, target_ulong pc_start)
> {
>     int b, prefixes, aflag, dflag;
>     int shift, ot;
>     int modrm, reg, rm, mod, reg_addr, op, opreg, offset_addr, val;
>     target_ulong next_eip, tval;
>     int rex_w, rex_r;
>
>     s->pc = pc_start;   // This s->pc is what I am using to extract all
> executed PC values

This s->pc doesn't correspond to executed PC values, qemu is a translator.

> ************************************************
>
>
> 2>
> Second question I have is - Within the functions from target-i386/ops_mem.h
> for example,
>
> void OPPROTO glue(glue(op_ldub, MEMSUFFIX), _T0_A0)(void)
>  {
>      T0 = glue(ldub, MEMSUFFIX)(A0);
>  }
>
> Is A0 the physical address? or is it virtual?
> And how to I translate from one to another in either case?

Also virtual.

Regards

Re: [Qemu-devel] address translation

[Shashidhar Mysore]

[-- Attachment #1: Type: text/plain, Size: 973 bytes --]

Thanks for the reply, Andrzej!

Some clarifications below ...

On 7/13/07, andrzej zaborowski <balrogg@gmail.com> wrote:

> >
> > ************************************************
> > /* convert one instruction. s->is_jmp is set if the translation must
> >    be stopped. Return the next pc value */
> > static target_ulong disas_insn(DisasContext *s, target_ulong pc_start)
> > {
> >     int b, prefixes, aflag, dflag;
> >     int shift, ot;
> >     int modrm, reg, rm, mod, reg_addr, op, opreg, offset_addr, val;
> >     target_ulong next_eip, tval;
> >     int rex_w, rex_r;
> >
> >     s->pc = pc_start;   // This s->pc is what I am using to extract all
> > executed PC values
>
> This s->pc doesn't correspond to executed PC values, qemu is a translator.


Can you tell me what s->pc is, in this context? Is the the start PC of a
basic block that is about to be executed? Is there any way in which I could
extract the trace of executed PCs in QEMU?


Regards,
-Shashi.

[-- Attachment #2: Type: text/html, Size: 1515 bytes --]

Re: [Qemu-devel] address translation

[andrzej zaborowski]

On 14/07/07, Shashidhar Mysore <shashimc@gmail.com> wrote:
> Thanks for the reply, Andrzej!
>
> Some clarifications below ...
>
> On 7/13/07, andrzej zaborowski <balrogg@gmail.com > wrote:
> > >
> > > ************************************************
> > > /* convert one instruction. s->is_jmp is set if the translation must
> > >    be stopped. Return the next pc value */
> > > static target_ulong disas_insn(DisasContext *s, target_ulong pc_start)
> > > {
> > >     int b, prefixes, aflag, dflag;
> > >     int shift, ot;
> > >     int modrm, reg, rm, mod, reg_addr, op, opreg, offset_addr, val;
> > >     target_ulong next_eip, tval;
> > >     int rex_w, rex_r;
> > >
> > >     s->pc = pc_start;   // This s->pc is what I am using to extract all
> > > executed PC values
> >
> > This s->pc doesn't correspond to executed PC values, qemu is a translator.
>
> Can you tell me what s->pc is, in this context? Is the the start PC of a

It is the PC of the disassembled instruction (hence disasm_insn).

> basic block that is about to be executed? Is there any way in which I could
> extract the trace of executed PCs in QEMU?

Yes, there was a thread about this about two months ago.

Regards

Re: [Qemu-devel] address translation

[Shashidhar Mysore]

[-- Attachment #1: Type: text/plain, Size: 1949 bytes --]

Hi Andrzej,

There were actually two methods described in the thread referred to in the
thread to which you were referring in your previous mail. :)
The thread was -
http://thread.gmane.org/gmane.comp.emulators.qemu/16604

I used the patch provided by Stuart Brady (in the thread referred above) -
and I believed that this is the one which helps me extract executed PC
values, until you told me in your previous email that this is _not_ the
case, and they are just the disassembled and not the executed PC trace! Can
you please let me know if you were referring to the same thread or a
different one?

Thanks,
-Shashi.

On 7/13/07, andrzej zaborowski <balrogg@gmail.com> wrote:
>
> On 14/07/07, Shashidhar Mysore <shashimc@gmail.com> wrote:
> > Thanks for the reply, Andrzej!
> >
> > Some clarifications below ...
> >
> > On 7/13/07, andrzej zaborowski <balrogg@gmail.com > wrote:
> > > >
> > > > ************************************************
> > > > /* convert one instruction. s->is_jmp is set if the translation must
> > > >    be stopped. Return the next pc value */
> > > > static target_ulong disas_insn(DisasContext *s, target_ulong
> pc_start)
> > > > {
> > > >     int b, prefixes, aflag, dflag;
> > > >     int shift, ot;
> > > >     int modrm, reg, rm, mod, reg_addr, op, opreg, offset_addr, val;
> > > >     target_ulong next_eip, tval;
> > > >     int rex_w, rex_r;
> > > >
> > > >     s->pc = pc_start;   // This s->pc is what I am using to extract
> all
> > > > executed PC values
> > >
> > > This s->pc doesn't correspond to executed PC values, qemu is a
> translator.
> >
> > Can you tell me what s->pc is, in this context? Is the the start PC of a
>
> It is the PC of the disassembled instruction (hence disasm_insn).
>
> > basic block that is about to be executed? Is there any way in which I
> could
> > extract the trace of executed PCs in QEMU?
>
> Yes, there was a thread about this about two months ago.
>
> Regards
>
>
>

[-- Attachment #2: Type: text/html, Size: 2895 bytes --]