From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:60974)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <chenwj@cs.nctu.edu.tw>) id 1QqzzT-0001mp-8o
	for qemu-devel@nongnu.org; Wed, 10 Aug 2011 00:02:02 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <chenwj@cs.nctu.edu.tw>) id 1QqzzP-0003eR-4W
	for qemu-devel@nongnu.org; Wed, 10 Aug 2011 00:01:59 -0400
Received: from csmailer.cs.nctu.edu.tw ([140.113.235.130]:47420)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <chenwj@cs.nctu.edu.tw>) id 1QqzzO-0003X1-8m
	for qemu-devel@nongnu.org; Wed, 10 Aug 2011 00:01:54 -0400
Received: from csmailer.cs.nctu.edu.tw (localhost [127.0.0.1])
	by csmailer.cs.nctu.edu.tw (Postfix) with ESMTP id BA6BC506
	for <qemu-devel@nongnu.org>; Wed, 10 Aug 2011 12:01:19 +0800 (CST)
Received: from alumni.cs.nctu.edu.tw (alumni.cs.nctu.edu.tw [140.113.235.116])
	by csmailer.cs.nctu.edu.tw (Postfix) with ESMTP id 9996D505
	for <qemu-devel@nongnu.org>; Wed, 10 Aug 2011 12:01:19 +0800 (CST)
Received: (from chenwj@localhost)
	by alumni.cs.nctu.edu.tw (8.14.4/8.14.4/Submit) id p7A41i0R032940
	for qemu-devel@nongnu.org; Wed, 10 Aug 2011 12:01:44 +0800 (CST)
	(envelope-from chenwj)
Date: Wed, 10 Aug 2011 12:01:44 +0800
From: =?utf-8?B?6Zmz6Z+L5Lu7?= <chenwj@iis.sinica.edu.tw>
Message-ID: <20110810040143.GA29512@cs.nctu.edu.tw>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Subject: [Qemu-devel] Question about adding IBTC (Indirect Branch
 Translation Cache) into QEMU
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Hi, all

  I want to add a binary tranlation optimization, called IBTC
(Indirect Branch Translation Cache) to QEMU. IBTC is a data
structure used to cache the mapping between guest IB (indirect
branch) and its corresponding translated code cache address.
If IBTC get a hit, then there is no need to jump back to QEMU,
next translated code cache can be excuted directly. An example
below.=20

=3D------------------- target-i386/translation.c -------------------=3D
static target_ulong disas_insn(CPUState *env, DisasContext *s, target_ulo=
ng pc_start)
{
    // Place IBTC lookup in the following cases
    case 2: /* call Ev */
    case 4: /* jmp Ev */
    case 0xc2: /* ret im */
        /*
         *  generate IBTC lookup TCG IR in the code cache while
         *  encounting indirect branch (ret im)
         */
        if (s->cc_op !=3D CC_OP_DYNAMIC)
            gen_op_set_cc_op(s->cc_op);
        TCGv_ptr ibtc_host_eip =3D tcg_temp_new_ptr();
        gen_helper_lookup_ibtc(ibtc_host_eip, cpu_T[0]);
        *gen_opc_ptr++ =3D INDEX_op_jmp;
        *gen_opparam_ptr++ =3D GET_TCGV_PTR(ibtc_host_eip);
        tcg_temp_free_ptr(ibtc_host_eip);

        gen_eob(s);
        break;
    case 0xc3: /* ret */
}
=3D------------------- target-i386/translation.c -------------------=3D

  IBTC works fine in the process (user) mode, but not in the system
mode. In process mode, since the IBTC allocated is big enough, I
don't need to invalidate an IBTC entry or flush the entire IBTC. I
suspect this is why IBTC doesn't work in the system mode. I spot a
few place to might be needed to call flush_ibtc() to flush the entire
IBTC, but I am not sure if there are the right place. Or I might miss
some place. The places I insert flush_ibtc are below,

-----
1. cpu-exec.c

int cpu_exec(CPUState *env1)
{
  if (tb_invalidated_flag) {
    next_tb =3D 0;
    flush_ibtc(); // flush IBTC
    tb_invalidated_flag =3D 0;
  }
}

2. exec.c

TranslationBlock *tb_gen_code(CPUState *env,
                              target_ulong pc, target_ulong cs_base,
                              int flags, int cflags)
{
  if (!tb) {
      /* flush must be done */
      tb_flush(env);
      flush_ibtc(); // flush IBTC
      /* cannot fail at this point */
      tb =3D tb_alloc(pc);
      /* Don't forget to invalidate previous TB info.  */
      tb_invalidated_flag =3D 1;
  }
}

3. exec.c

void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
{
  tb_invalidated_flag =3D 1;

  /* remove the TB from the hash list */
  h =3D tb_jmp_cache_hash_func(tb->pc);
  for(env =3D first_cpu; env !=3D NULL; env =3D env->next_cpu) {
      if (env->tb_jmp_cache[h] =3D=3D tb)
          env->tb_jmp_cache[h] =3D NULL;
  }

  flush_ibtc(); // flush IBTC
}
-----

  Have I already considered all kind of situations? Or something else
I need to do to make IBTC work in system mode?

  Thanks!

Regards,
chenwj

--=20
Wei-Ren Chen (=E9=99=B3=E9=9F=8B=E4=BB=BB)
Computer Systems Lab, Institute of Information Science,
Academia Sinica, Taiwan (R.O.C.)
Tel:886-2-2788-3799 #1667