Re: [Qemu-devel] TCG flow vs dyngen

[Stefano Bonifazi <stefboombastic@gmail.com>]

On 12/11/2010 03:44 PM, Blue Swirl wrote:
> On Sat, Dec 11, 2010 at 2:32 PM, Stefano Bonifazi
> <stefboombastic@gmail.com>  wrote:
>> Where does the execution of host binary take place in the previous list of events?  Between point 5) and 6) ?
>> After 6) ? In what QEMU source code file/function does the final execution of host binary take place?
>>
>> In the previous list of events, when does the translator try to chain the current TB with previous ones?  Before TCG generates the binary in order to feed it with "linked micro code"?
> All of this happens in cpu-exec.c:581 to 618.
Hi!
Thank you very much! Knowing exactly where I should check, in a so big 
project helped me very much!!
Anyway after having spent more than 2 days on that code I still can't 
understand how it works the real execution:

in cpu-exec.c : cpu_exec_nocache i find:

> /* execute the generated code */
>     next_tb = tcg_qemu_tb_exec(tb->tc_ptr);
and in cpu-exec.c : cpu_exec

> /* execute the generated code */
>
>                     next_tb = tcg_qemu_tb_exec(tc_ptr);
so I thought tcg_qemu_tb_exec "function" should do the work of executing 
the translated binary in the host.
But then I found out it is just a define in tcg.h:

> #define tcg_qemu_tb_exec(tb_ptr) ((long REGPARM (*)(void 
> *))code_gen_prologue)(tb_ptr)
and again in exec.c

> uint8_t code_gen_prologue[1024] code_gen_section;
Maybe I have some problems with that C syntax, but I really don't 
understand what happens there.. how the execution happens!

Maybe I am too stuck to my idea of a common emulator "fetch -> decode -> 
execute" where an addition would be implemented simply as "env->regC = 
env->regA +env->regB" ... where this C instruction would be compiled 
offline into host machine binary by host compiler.. so the emulator 
would be a monolith block of host code just with branches for the 
different opcodes that would come from the target binary loaded at runtime..
Here instead  with QEMU/TCG I understood that at runtime the target 
binary is translated into host binary (somehow) .. but then.. how can 
this new host binary be run? Shall the host code at runtime do some sort 
of (assembly speaking) branch jump to an area of memory with new host 
binary instructions .. and then jump back to the old process binary code?
If so, can you explain me how this happens in those lines of code?
I am just a student.. unluckily at university they just tell you that a 
cpu follows some sort of "fetch ->decode->execute" flow .. but then you 
open QEMU.. and wow there is a huge gap for understanding it, and no 
books where to study it! ;)
Please help me understanding it :)
Thank you very very much in advance!
Stefano B.