[Qemu-devel] How does TCG gen host code for a TB?

[Qemu-devel] How does TCG gen host code for a TB?

[Valerón JC]

[-- Attachment #1: Type: text/plain, Size: 1040 bytes --]

I want to trace a bug in tcg, which for me, at some point, generate infinite loop TB chains, that's unexpected. and I've found the final TB(head, since they're chaining) which run in an infinite loop, and I know a very weird trick to 'disable' this bug, so I would like to track the tcg-ops for the TB, hope that I can figure what's wrong.

but when I read the tcg_gen_code(), I'm confused...

how does tcg_gen_code() generate codes for one TB? if I read the code correctly, gen_intermediate_code() will not flush the tcg_ctx->gen_opc_buf[], codes for previous TB are mixed together... and tcg_gen_code() will start gen from index 0 of gen_opc_buf, how does it generate codes for the TB just created?

even though there's label for a TB-start(I'm not familiar with this label stuff yet), but the fact that the gen_opc_buf not flush every time a new TB is generated seems weird to me, won't the new tcg-ops mixed with the ones of previous TB? Isn’t the newly generated host-code dedicate to one TB?

Sent from Mail for Windows 10

[-- Attachment #2: Type: text/html, Size: 2715 bytes --]

Re: [Qemu-devel] How does TCG gen host code for a TB?

[Peter Maydell]

On 11 December 2015 at 03:43, Valerón JC <bandinfinite@hotmail.com> wrote:
> I want to trace a bug in tcg, which for me, at some point, generate infinite
> loop TB chains, that's unexpected. and I've found the final TB(head, since
> they're chaining) which run in an infinite loop, and I know a very weird
> trick to 'disable' this bug, so I would like to track the tcg-ops for the
> TB, hope that I can figure what's wrong.

If the guest code is an infinite loop then we will generate
a chain of TBs which goes round in a loop too. (Execution will
escape from the loop via longjmp when there is a guest interrupt
or other exception.)

> but when I read the tcg_gen_code(), I'm confused...

> how does tcg_gen_code() generate codes for one TB? if I read the code
> correctly, gen_intermediate_code() will not flush the
> tcg_ctx->gen_opc_buf[], codes for previous TB are mixed together... and
> tcg_gen_code() will start gen from index 0 of gen_opc_buf, how does it
> generate codes for the TB just created?

This code has changed, and tcg_ctx->gen_opc_buf doesn't exist any more.
We store ops in a linked list now rather than an array.
The answer to your question in general is still the same, though:
before calling gen_intermediate_code() we call tcg_func_start(),
which resets the TCGContext to a clean state, including "no temporaries
allocated", "no labels" and "no ops".

thanks
-- PMM

Re: [Qemu-devel] How does TCG gen host code for a TB?

[Sergey Fedorov]

On 11.12.2015 06:43, Valerón JC wrote:
> I want to trace a bug in tcg, which for me, at some point, generate
> infinite loop TB chains, that's unexpected. and I've found the final
> TB(head, since they're chaining) which run in an infinite loop, and I
> know a very weird trick to 'disable' this bug, so I would like to
> track the tcg-ops for the TB, hope that I can figure what's wrong.

Hi,

You may find it useful to enable logging of TCG ops generated with '-d
op', as well as input and output assembly with '-d in_asm,out_asm'. '-D
<filename>' could be useful to output log to a file. Here are references
to documentation: http://qemu.weilnetz.de/qemu-doc.html#index-_002dd and
http://qemu.weilnetz.de/qemu-doc.html#index-_002dD.

Best,
Sergey

Re: [Qemu-devel] How does TCG gen host code for a TB?

[Valerón JC]

[-- Attachment #1: Type: text/plain, Size: 1087 bytes --]

Peter and Sergey, Thank you so much for your help and explanation. 
I appreciate your helps very much.

Sent from Mail for Windows 10



From: Sergey Fedorov
Sent: Friday, December 11, 2015 10:21 PM
To: Valerón JC;qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] How does TCG gen host code for a TB?


On 11.12.2015 06:43, Valerón JC wrote:
> I want to trace a bug in tcg, which for me, at some point, generate
> infinite loop TB chains, that's unexpected. and I've found the final
> TB(head, since they're chaining) which run in an infinite loop, and I
> know a very weird trick to 'disable' this bug, so I would like to
> track the tcg-ops for the TB, hope that I can figure what's wrong.

Hi,

You may find it useful to enable logging of TCG ops generated with '-d
op', as well as input and output assembly with '-d in_asm,out_asm'. '-D
<filename>' could be useful to output log to a file. Here are references
to documentation: http://qemu.weilnetz.de/qemu-doc.html#index-_002dd and
http://qemu.weilnetz.de/qemu-doc.html#index-_002dD.

Best,
Sergey



[-- Attachment #2: Type: text/html, Size: 3531 bytes --]