[Qemu-devel] Regarding TB retranslation code.

[Qemu-devel] Regarding TB retranslation code.

[Venkatesh N]

This is regarding  TB retranslation code.

[Qemu-devel] [RFC 00/20] Do away with TB retranslation, Richard Henderson <=

Though i understood the code to avoid the retranslation, i could not
get picture on how "host" or backend registers are ensured to have the
older contents when the guest PC is restored from
"cpu_restore_state_from_tb"

For e.g, lets take these two Guest Instruction.

Instruction 1.  Mov r1, [r2];
Instruction 2.  mov [r1], r3 <-------- faulted instruction

In the above example if r1 is stored in x86 register EAX of the Host
and r3 is stored in EBX of the host.

the return from fault ensures that guest PC [EIP ] is recovered. But,
How does tcg ensures that execution of TB from the restored PC ensures
that HOST registers contents  have instruction 1 context also.

Can somebody please share how this is done are there any assumption
when inserting TCG-Opcode INDEX_op_insn_start is done.

Re: [Qemu-devel] Regarding TB retranslation code.

[Alex Bennée]

Venkatesh N <venkatesh.nagaraj@gmail.com> writes:

> This is regarding  TB retranslation code.
>
> [Qemu-devel] [RFC 00/20] Do away with TB retranslation, Richard Henderson <=
>
> Though i understood the code to avoid the retranslation, i could not
> get picture on how "host" or backend registers are ensured to have the
> older contents when the guest PC is restored from
> "cpu_restore_state_from_tb"
>
> For e.g, lets take these two Guest Instruction.
>
> Instruction 1.  Mov r1, [r2];
> Instruction 2.  mov [r1], r3 <-------- faulted instruction
>
> In the above example if r1 is stored in x86 register EAX of the Host
> and r3 is stored in EBX of the host.

The key thing to realise is the guests register state is not set until
the host temporary registers are stored back to the memory representing
the guest register state.

This does mean the TCG has to ensure the values of guest registers are
written back to memory before another potentially faulting instruction
can occur. While there are mechanisms we could use to track where the
current value of a guest register is currently held we don't do this
currently.

>
> the return from fault ensures that guest PC [EIP ] is recovered. But,
> How does tcg ensures that execution of TB from the restored PC ensures
> that HOST registers contents  have instruction 1 context also.
>
> Can somebody please share how this is done are there any assumption
> when inserting TCG-Opcode INDEX_op_insn_start is done.


--
Alex Bennée

Re: [Qemu-devel] Regarding TB retranslation code.

[Venkatesh N]

Thanks Alex.

While executing the host instruction(s) for the guest instruction,
when a callq to c helper routine is made,  will every CALLQ will be
treated as End of TB. If so, what happens to TB optimizations.

Will optimization such as avoiding multiple loads between two target
host instructions will be lost?


On Sun, Mar 13, 2016 at 1:36 PM, Alex Bennée <alex.bennee@linaro.org> wrote:
>
> Venkatesh N <venkatesh.nagaraj@gmail.com> writes:
>
>> This is regarding  TB retranslation code.
>>
>> [Qemu-devel] [RFC 00/20] Do away with TB retranslation, Richard Henderson <=
>>
>> Though i understood the code to avoid the retranslation, i could not
>> get picture on how "host" or backend registers are ensured to have the
>> older contents when the guest PC is restored from
>> "cpu_restore_state_from_tb"
>>
>> For e.g, lets take these two Guest Instruction.
>>
>> Instruction 1.  Mov r1, [r2];
>> Instruction 2.  mov [r1], r3 <-------- faulted instruction
>>
>> In the above example if r1 is stored in x86 register EAX of the Host
>> and r3 is stored in EBX of the host.
>
> The key thing to realise is the guests register state is not set until
> the host temporary registers are stored back to the memory representing
> the guest register state.
>
> This does mean the TCG has to ensure the values of guest registers are
> written back to memory before another potentially faulting instruction
> can occur. While there are mechanisms we could use to track where the
> current value of a guest register is currently held we don't do this
> currently.
>
>>
>> the return from fault ensures that guest PC [EIP ] is recovered. But,
>> How does tcg ensures that execution of TB from the restored PC ensures
>> that HOST registers contents  have instruction 1 context also.
>>
>> Can somebody please share how this is done are there any assumption
>> when inserting TCG-Opcode INDEX_op_insn_start is done.
>
>
> --
> Alex Bennée

Re: [Qemu-devel] Regarding TB retranslation code.

[Peter Maydell]

On 15 March 2016 at 13:17, Venkatesh N <venkatesh.nagaraj@gmail.com> wrote:
> Thanks Alex.
>
> While executing the host instruction(s) for the guest instruction,
> when a callq to c helper routine is made,  will every CALLQ will be
> treated as End of TB. If so, what happens to TB optimizations.

No, a call to a helper function does not automatically end the TB.
A helper function can be marked with flags to indicate whether it
has side effects or reads or writes globals (see the "Helpers" section
in tcg/README) -- this then affects whether the optimization pass
and register allocator write TCG values back to memory before the
call or not. (A helper which can trigger an exception counts as
having a side effect, so guest register values are written back
to their canonical locations in the CPU state struct before the
call.)

thanks
-- PMM