From: 陳韋任 <chenwj@iis.sinica.edu.tw>
To: Xin Tong <xerox.time.tech@gmail.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] TB chaining
Date: Thu, 22 Sep 2011 10:15:53 +0800 [thread overview]
Message-ID: <20110922021553.GA11442@cs.nctu.edu.tw> (raw)
In-Reply-To: <CALKntY0kWES6fFn2_xVN9LGgbjtyZQ3wNSvP3gV7S93n-iVk1Q@mail.gmail.com>
> I am new to QEMU, can anyone please tell me where the TB chaining code is in
> QEMU ?
struct TranslationBlock has fields used to to block chaining. You also
need to look into it.
cpu_exec (cpu-exec.c)
It's the main execution loop where the interrupt/exception is handled
, and translared TB is found then executed.
/* prepare setjmp context for exception handling */
for(;;) {
if (setjmp(env->jmp_env) == 0) {
/* if an exception is pending, we execute it here */
}
next_tb = 0; /* force lookup of first TB */
for(;;) {
interrupt_request = env->interrupt_request;
if (unlikely(interrupt_request)) {
}
tb = tb_find_fast(env);
if (next_tb != 0 && tb->page_addr[1] == -1) {
tb_add_jump((TranslationBlock *)(next_tb & ~3), next_tb & 3, tb);
}
if (likely(!env->exit_request)) {
tc_ptr = tb->tc_ptr;
/* execute the generated code */
next_tb = tcg_qemu_tb_exec(env, tc_ptr);
}
}
}
tb_add_jump does block chaining. The variable names next_tb and tb
could be misleading here. tb_add_jump will link next_tb to tb, i.e.,
next_tb -> tb. And QEMU use the last two bit of the pointer to
TranslationBlock to encode the direction of the block chaining.
For example, next_tb[0] might be the if branch, and next_tb[1]
might be the else branch.
Block chaining can be done direct or indirect. Direct means you patch
the translated code in the tranlation code cache, so that it'll jump
to next translated code block then executed. Indirect means you use
TranslationBlock tb_next field to point to next translated code block
in the tranlation code cache. On host like x86 and arm, direct block
chaining is used.
Also note that while QEMU generate host binary from TCG IR, it will
leave some space for further block chaining to do the patch.
Regards,
chenwj
--
Wei-Ren Chen (陳韋任)
Computer Systems Lab, Institute of Information Science,
Academia Sinica, Taiwan (R.O.C.)
Tel:886-2-2788-3799 #1667
prev parent reply other threads:[~2011-09-22 2:15 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-21 23:05 [Qemu-devel] TB chaining Xin Tong
2011-09-22 1:37 ` Lei Li
2011-09-22 1:58 ` 陳韋任
2011-09-22 2:27 ` Lei Li
2011-09-22 2:36 ` 陳韋任
2011-09-22 12:41 ` Xin Tong
2011-09-23 2:14 ` 陳韋任
[not found] ` <CALKntY2XeOc1LUE0NGXy_CKUer9+gxQykYC5hDzJnskx+OfdCQ@mail.gmail.com>
2011-09-24 2:50 ` 陳韋任
2011-09-24 10:36 ` Xin Tong
2011-09-24 11:16 ` 陳韋任
2011-11-25 1:54 ` Xin Tong
2011-11-25 2:52 ` 陳韋任
2011-09-22 2:15 ` 陳韋任 [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110922021553.GA11442@cs.nctu.edu.tw \
--to=chenwj@iis.sinica.edu.tw \
--cc=qemu-devel@nongnu.org \
--cc=xerox.time.tech@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).