From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1M3C94-0006wE-7O
	for qemu-devel@nongnu.org; Sun, 10 May 2009 12:44:58 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1M3C8z-0006sM-LL
	for qemu-devel@nongnu.org; Sun, 10 May 2009 12:44:57 -0400
Received: from [199.232.76.173] (port=33336 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1M3C8z-0006sH-E5
	for qemu-devel@nongnu.org; Sun, 10 May 2009 12:44:53 -0400
Received: from wf-out-1314.google.com ([209.85.200.169]:40693)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <owenustc@gmail.com>) id 1M3C8y-0003PV-TK
	for qemu-devel@nongnu.org; Sun, 10 May 2009 12:44:53 -0400
Received: by wf-out-1314.google.com with SMTP id 26so2110810wfd.4
	for <qemu-devel@nongnu.org>; Sun, 10 May 2009 09:44:51 -0700 (PDT)
MIME-Version: 1.0
Date: Mon, 11 May 2009 00:44:51 +0800
Message-ID: <7e6b3e0f0905100944n4f0a5e0v87d24bdad1e755f2@mail.gmail.com>
From: owen <owenustc@gmail.com>
Content-Type: multipart/alternative; boundary=000e0cd311a29ab45e0469919451
Subject: [Qemu-devel] a problem about translate tb
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

--000e0cd311a29ab45e0469919451
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Dear Mr Fabrice:
      I am a graduate student of university in china. I  major in computer.
Recently,I found " When QEMU first encounters a piece of target code, it
translate it to host code up to
the next jump or instruction modifying the static CPU state in a way that
cannot be deduced at translation
time "  in your paper called QEMU, a Fast and portable Dynamic Translator.
So do I think that the size of
some translate block is big. I want to print the tb which contains two or
more powerpc code.
      I modifying the function called cpu_exec as list:
         tb = tb_find_fast();
 639                 if(tb->size>4)
 640                   { printf("tb size:%d\n",tb->size);
 641                     exit(0);
 642                   }// in cpu-exec.c

   I let the  ppc emulator reset address is 0x100.  And my  testbench  code
is as list:
00000100 <_start>:
     100: 3c 60 00 00  lis r3,0
     104: 60 63 00 00  ori r3,r3,0
     108: 7c 60 01 24  mtmsr r3
     10c: 7c 7b 03 a6  mtsrr1 r3
     110: 3c 60 00 00  lis r3,0
     114: 60 63 00 00  ori r3,r3,0
     118: 7c 70 8b a6  mtspr 560,r3
     11c: 3c 60 00 00  lis r3,0
     120: 60 63 08 00  ori r3,r3,2048
     124: 7c 7e 9b a6  mtspr 638,r3
     128: 3c 20 00 40  lis r1,64
     12c: 60 21 00 00  ori r1,r1,0
     130: 7c 00 02 78  xor r0,r0,r0
     134: 94 01 ff fc  stwu r0,-4(r1)
     138: 94 01 ff fc  stwu r0,-4(r1)
     13c: 3c 60 00 00  lis r3,0
     140: 60 63 00 00  ori r3,r3,0
     144: 48 00 5c 09  bl 5d4c <cpu_init_f>
     148: 3c 40 00 50  lis r2,80
     14c: 7c 56 03 a6  mtdec r2
     150: 3c 60 00 2f  lis r3,47
     154: 60 63 c0 14  ori r3,r3,49172
     158: 3c 80 ff ff  lis r4,-1
     15c: 60 84 ff ff  ori r4,r4,65535
     160: 90 83 00 00  stw r4,0(r3)
     164: 3c 60 00 00  lis r3,0
     168: 60 63 20 8c  ori r3,r3,8332
     16c: 7c 68 03 a6  mtlr r3
     170: 4e 80 00 21  blrl
       .......
        I expect that QEMU would exit  because one tb is more than 4(tb only
contains one ppc code).
But I can not find this thing take place in the test. I don't understand why
QEMU is not encounters a big tb.
 I wonder if you would tell me the reason by Email.
                            Thank you for your kind consideration of this
request.

--000e0cd311a29ab45e0469919451
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<p>Dear Mr Fabrice:<br>=A0=A0=A0=A0=A0 I am a graduate student of universit=
y in china. I=A0 major in computer.<br>Recently,I found &quot; When QEMU fi=
rst encounters a piece of target code, it translate it to host code up to <=
br>the next jump or instruction modifying the static CPU state in a way tha=
t cannot be deduced at translation<br>
time &quot;=A0 in your paper called QEMU, a Fast and portable Dynamic Trans=
lator. So do I think that the size of <br>some translate block is big. I wa=
nt to print the tb which contains two or more powerpc code.<br>=A0=A0=A0=A0=
=A0 I modifying the function called cpu_exec as list:<br>
=A0=A0=A0=A0=A0=A0=A0=A0 tb =3D tb_find_fast();<br>=A0639=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 if(tb-&gt;size&gt;4)<br>=A0640=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 { printf(&quot;tb size:%d\n&quot=
;,tb-&gt;size);<br>=A0641=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0 exit(0);<br>=A0642=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0 }// in cpu-exec.c</p>

<p>=A0=A0 I let the=A0 ppc emulator reset address is 0x100.=A0 And my=A0 te=
stbench=A0 code is as list:<br>00000100 &lt;_start&gt;:<br>=A0=A0=A0=A0 100=
: 3c 60 00 00=A0 lis r3,0<br>=A0=A0=A0=A0 104: 60 63 00 00=A0 ori r3,r3,0<b=
r>=A0=A0=A0=A0 108: 7c 60 01 24=A0 mtmsr r3<br>
=A0=A0=A0=A0 10c: 7c 7b 03 a6=A0 mtsrr1 r3<br>=A0=A0=A0=A0 110: 3c 60 00 00=
=A0 lis r3,0<br>=A0=A0=A0=A0 114: 60 63 00 00=A0 ori r3,r3,0<br>=A0=A0=A0=
=A0 118: 7c 70 8b a6=A0 mtspr 560,r3<br>=A0=A0=A0=A0 11c: 3c 60 00 00=A0 li=
s r3,0<br>=A0=A0=A0=A0 120: 60 63 08 00=A0 ori r3,r3,2048<br>
=A0=A0=A0=A0 124: 7c 7e 9b a6=A0 mtspr 638,r3<br>=A0=A0=A0=A0 128: 3c 20 00=
 40=A0 lis r1,64<br>=A0=A0=A0=A0 12c: 60 21 00 00=A0 ori r1,r1,0<br>=A0=A0=
=A0=A0 130: 7c 00 02 78=A0 xor r0,r0,r0<br>=A0=A0=A0=A0 134: 94 01 ff fc=A0=
 stwu r0,-4(r1)<br>=A0=A0=A0=A0 138: 94 01 ff fc=A0 stwu r0,-4(r1)<br>
=A0=A0=A0=A0 13c: 3c 60 00 00=A0 lis r3,0<br>=A0=A0=A0=A0 140: 60 63 00 00=
=A0 ori r3,r3,0<br>=A0=A0=A0=A0 144: 48 00 5c 09=A0 bl 5d4c &lt;cpu_init_f&=
gt;<br>=A0=A0=A0=A0 148: 3c 40 00 50=A0 lis r2,80<br>=A0=A0=A0=A0 14c: 7c 5=
6 03 a6=A0 mtdec r2<br>=A0=A0=A0=A0 150: 3c 60 00 2f=A0 lis r3,47<br>
=A0=A0=A0=A0 154: 60 63 c0 14=A0 ori r3,r3,49172<br>=A0=A0=A0=A0 158: 3c 80=
 ff ff=A0 lis r4,-1<br>=A0=A0=A0=A0 15c: 60 84 ff ff=A0 ori r4,r4,65535<br>=
=A0=A0=A0=A0 160: 90 83 00 00=A0 stw r4,0(r3)<br>=A0=A0=A0=A0 164: 3c 60 00=
 00=A0 lis r3,0<br>=A0=A0=A0=A0 168: 60 63 20 8c=A0 ori r3,r3,8332<br>
=A0=A0=A0=A0 16c: 7c 68 03 a6=A0 mtlr r3<br>=A0=A0=A0=A0 170: 4e 80 00 21=
=A0 blrl<br>=A0=A0=A0=A0=A0=A0 .......</p>
<div>=A0=A0=A0=A0=A0=A0=A0 I expect that QEMU would exit=A0 because one tb =
is more than 4(tb only contains one ppc code). <br>But I can not find this =
thing take place in the test. I don&#39;t understand why QEMU is not encoun=
ters a big tb.<br>
=A0I wonder if you would tell me the reason by Email.</div>
<div>=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0 Thank you for your kind consideration of this request. </div>

--000e0cd311a29ab45e0469919451--