[Qemu-devel] TCG jumping inside translation block

[Qemu-devel] TCG jumping inside translation block

[Schrober]

Hi,

I am currently trying to understand how the tcg stuff works from the outside  
based on some real basic, imaginary processor instruction set. So for example 
there is following code (each line is one instruction of the processor):

i1: set r1, 123
i2: add r1, r1, 456
i3: foobar

The foobar instruction is just a magic instruction which checks and then jumps 
to an important place somewhere else. Just assume that it is the end of the 
translation block. The first time this block is encountered, it was started at 
i1. The translation was done for this processor and TCG did its magic job.

I first thought about how QEMU would represent this block on the host system 
using TCG.

My first idea was following (super optimized, no labels were inserted in the 
TCG intermediate code):

t1: target_set mem_r1, 579
-------
t2: target_jump foobar_helper

But now it would be "problematic" to have a jmp to i2 in the guest code. So 
inserting labels before each guest instruction would create something like 
this in the (TCG optimized) target code:

t1: target_set mem_r1, 123
----
t2: target_load target_register1, mem_r1
t3: target_add target_register1, target_register1, 456
t4: target_save mem_r1, target_register1
----
t5: target_jump foobar_helper

This would create a lot more instructions (most likely a lot slower) than the 
first way for the benefit that it may can handle a jump to i2 instead of i1. 
But this still leaves the problem open: how would TCG inform the translator 
that i2 now starts at t2? TCG doesn't seem to inform the translator about this 
kind of things.

So here is the assumption I made which I would like to have corrected:

Is qemu just recompiling the block again when it encounters a different entry 
point to an already translated block? I am currently starring at the code in 
translate-all.c and cpu-exec.c and don't seem to find the right part of the 
code which would help to understand this basic concept. At least it seems to 
me that labels are not used very often because it ruins the code optimization.

Btw. do I understand it correctly and the memory for the TCG compiled code is 
allocated in the "lets hope everything will fit in there or we are all doomed" 
way?

Thanks

Re: [Qemu-devel] TCG jumping inside translation block

[Peter Maydell]

On 21 August 2013 14:02, Schrober <franzschrober@yahoo.de> wrote:
> Is qemu just recompiling the block again when it encounters a different entry
> point to an already translated block?

Yes. We only use a previously translated block if it matches all of:
 * starts at the PC we want to execute
 * same flags (CPU-specific, usually means things like "same
   privilege level", possibly "fpu enabled/not enabled")

(this is checked in tb_find_fast()/tb_find_slow()

Otherwise we just retranslate.

> I am currently starring at the code in
> translate-all.c and cpu-exec.c and don't seem to find the right part of the
> code which would help to understand this basic concept. At least it seems to
> me that labels are not used very often because it ruins the code optimization.

Mostly we don't use labels much because (a) a guest branch instruction
means the end of the TB (b) there aren't many reasons to use labels
for the average guest instruction (c) we do have TCG instructions like
setcond for the common conditional-but-not-a-branch instructions.

> Btw. do I understand it correctly and the memory for the TCG compiled code is
> allocated in the "lets hope everything will fit in there or we are all doomed"
> way?

Well, we have compile time defines for "most TCG ops a guest instruction
could possibly expand into" and similar limits, which means we can
assume that when we're generating code we won't run out of space
in our buffer (we end the TB if we wouldn't have enough space left
for the next instruction). And if we fill the buffer up completely because
we've created a lot of TBs, we just throw them all away and start
again with an empty buffer (which might mean we have to retranslate
something we just threw away, but it's easy and safe).

-- PMM

Re: [Qemu-devel] TCG jumping inside translation block

[Richard Henderson]

On 08/21/2013 06:02 AM, Schrober wrote:
> Is qemu just recompiling the block again when it encounters a different entry 
> point to an already translated block? I am currently starring at the code in 
> translate-all.c and cpu-exec.c and don't seem to find the right part of the 
> code which would help to understand this basic concept. At least it seems to 
> me that labels are not used very often because it ruins the code optimization.

The primary misconception here is that each guest insn address can only be part
of one host TB.  We can and will have 2 TBs for the situation you describe.
One for I1-I3, and another for I2-I3.


r~