[Qemu-devel] How to break cpu_tb_exec()?

[Qemu-devel] How to break cpu_tb_exec()?

[Jun Koi]

[-- Attachment #1: Type: text/plain, Size: 489 bytes --]

Hello,

I am looking at how the main thread interrupts TCG thread. Inside
cpu-exec.c, in function cpu_tb_exec(), I can see that it executes one TB,
and when this is over, it can check for events from other threads (like
main thread). This is the reason why TCG thread can be interrupted.

Is my understanding correct?

If this is true, then what if this TB is running infinitely, and do not
return, or it is in a very long loop? In this case, TCG thread cannot be
interrupted?

Thank you.

[-- Attachment #2: Type: text/html, Size: 594 bytes --]

Re: [Qemu-devel] How to break cpu_tb_exec()?

[Peter Maydell]

On 3 July 2015 at 18:02, Jun Koi <junkoi2004@gmail.com> wrote:
> I am looking at how the main thread interrupts TCG thread. Inside
> cpu-exec.c, in function cpu_tb_exec(), I can see that it executes one TB,
> and when this is over, it can check for events from other threads (like main
> thread). This is the reason why TCG thread can be interrupted.
>
> Is my understanding correct?
>
> If this is true, then what if this TB is running infinitely, and do not
> return, or it is in a very long loop? In this case, TCG thread cannot be
> interrupted?

Every TB starts with a little bit of generated code that checks
the 'tcg_exit_req' flag in the CPUState for the CPU (see the
gen_tb_start() function). If some other part of QEMU wants the
CPU to stop running guest code and return to the top level loop,
it calls cpu_exit() which sets this flag.

thanks
-- PMM

Re: [Qemu-devel] How to break cpu_tb_exec()?

[Jun Koi]

[-- Attachment #1: Type: text/plain, Size: 1128 bytes --]

On Sat, Jul 4, 2015 at 1:06 AM, Peter Maydell <peter.maydell@linaro.org>
wrote:

> On 3 July 2015 at 18:02, Jun Koi <junkoi2004@gmail.com> wrote:
> > I am looking at how the main thread interrupts TCG thread. Inside
> > cpu-exec.c, in function cpu_tb_exec(), I can see that it executes one TB,
> > and when this is over, it can check for events from other threads (like
> main
> > thread). This is the reason why TCG thread can be interrupted.
> >
> > Is my understanding correct?
> >
> > If this is true, then what if this TB is running infinitely, and do not
> > return, or it is in a very long loop? In this case, TCG thread cannot be
> > interrupted?
>
> Every TB starts with a little bit of generated code that checks
> the 'tcg_exit_req' flag in the CPUState for the CPU (see the
> gen_tb_start() function). If some other part of QEMU wants the
> CPU to stop running guest code and return to the top level loop,
> it calls cpu_exit() which sets this flag.
>

But this does not answer my question yet: if we the flag is only enable
when TB already enters the "long loop", then nothing can break this TB
execution?

Thanks.

[-- Attachment #2: Type: text/html, Size: 1664 bytes --]

Re: [Qemu-devel] How to break cpu_tb_exec()?

[Peter Maydell]

On 3 July 2015 at 18:10, Jun Koi <junkoi2004@gmail.com> wrote:
> On Sat, Jul 4, 2015 at 1:06 AM, Peter Maydell <peter.maydell@linaro.org>
> wrote:
>> On 3 July 2015 at 18:02, Jun Koi <junkoi2004@gmail.com> wrote:
>> > If this is true, then what if this TB is running infinitely, and do not
>> > return, or it is in a very long loop? In this case, TCG thread cannot be
>> > interrupted?
>>
>> Every TB starts with a little bit of generated code that checks
>> the 'tcg_exit_req' flag in the CPUState for the CPU (see the
>> gen_tb_start() function). If some other part of QEMU wants the
>> CPU to stop running guest code and return to the top level loop,
>> it calls cpu_exit() which sets this flag.
>
>
> But this does not answer my question yet: if we the flag is only
> enable when TB already enters the "long loop", then nothing can break
> this TB execution?

We check the flag for every TB we execute. Therefore in any
loop we must check the flag each time round the loop. So
if another thread sets the flag, we will exit.

(A TB is always ended by any kind of branch instruction,
so you can't have a loop within a single TB. A tight loop
turns into a TB that ends with "branch back to the start
of this TB", but that will re-execute the flag-check code.)

-- PMM

Re: [Qemu-devel] How to break cpu_tb_exec()?

[Jun Koi]

[-- Attachment #1: Type: text/plain, Size: 1477 bytes --]

On Sat, Jul 4, 2015 at 1:12 AM, Peter Maydell <peter.maydell@linaro.org>
wrote:

> On 3 July 2015 at 18:10, Jun Koi <junkoi2004@gmail.com> wrote:
> > On Sat, Jul 4, 2015 at 1:06 AM, Peter Maydell <peter.maydell@linaro.org>
> > wrote:
> >> On 3 July 2015 at 18:02, Jun Koi <junkoi2004@gmail.com> wrote:
> >> > If this is true, then what if this TB is running infinitely, and do
> not
> >> > return, or it is in a very long loop? In this case, TCG thread cannot
> be
> >> > interrupted?
> >>
> >> Every TB starts with a little bit of generated code that checks
> >> the 'tcg_exit_req' flag in the CPUState for the CPU (see the
> >> gen_tb_start() function). If some other part of QEMU wants the
> >> CPU to stop running guest code and return to the top level loop,
> >> it calls cpu_exit() which sets this flag.
> >
> >
> > But this does not answer my question yet: if we the flag is only
> > enable when TB already enters the "long loop", then nothing can break
> > this TB execution?
>
> We check the flag for every TB we execute. Therefore in any
> loop we must check the flag each time round the loop. So
> if another thread sets the flag, we will exit.
>
> (A TB is always ended by any kind of branch instruction,
> so you can't have a loop within a single TB. A tight loop
> turns into a TB that ends with "branch back to the start
> of this TB", but that will re-execute the flag-check code.)
>

Oh right, this tight loop is my main concern. It makes sense now.

Thanks!!

[-- Attachment #2: Type: text/html, Size: 2212 bytes --]

Re: [Qemu-devel] How to break cpu_tb_exec()?

[Lluís Vilanova]

Jun Koi writes:

> On Sat, Jul 4, 2015 at 1:12 AM, Peter Maydell <peter.maydell@linaro.org> wrote:
>     On 3 July 2015 at 18:10, Jun Koi <junkoi2004@gmail.com> wrote:
>> On Sat, Jul 4, 2015 at 1:06 AM, Peter Maydell <peter.maydell@linaro.org>
>> wrote:
>>> On 3 July 2015 at 18:02, Jun Koi <junkoi2004@gmail.com> wrote:
>>> > If this is true, then what if this TB is running infinitely, and do not
>>> > return, or it is in a very long loop? In this case, TCG thread cannot
>     be
>>> > interrupted?
>>> 
>>> Every TB starts with a little bit of generated code that checks
>>> the 'tcg_exit_req' flag in the CPUState for the CPU (see the
>>> gen_tb_start() function). If some other part of QEMU wants the
>>> CPU to stop running guest code and return to the top level loop,
>>> it calls cpu_exit() which sets this flag.
>> 
>> 
>> But this does not answer my question yet: if we the flag is only
>> enable when TB already enters the "long loop", then nothing can break
>> this TB execution?
    
>     We check the flag for every TB we execute. Therefore in any
>     loop we must check the flag each time round the loop. So
>     if another thread sets the flag, we will exit.
    
>     (A TB is always ended by any kind of branch instruction,
>     so you can't have a loop within a single TB. A tight loop
>     turns into a TB that ends with "branch back to the start
>     of this TB", but that will re-execute the flag-check code.)
    

> Oh right, this tight loop is my main concern. It makes sense now.

I'm not sure if "rep"-style x86 instructions loop inside the same TB, though.


Cheers,
  Lluis

-- 
"And it's much the same thing with knowledge, for whenever you learn
something new, the whole world becomes that much richer."
-- The Princess of Pure Reason, as told by Norton Juster in The Phantom
Tollbooth

Re: [Qemu-devel] How to break cpu_tb_exec()?

[Richard Henderson]

On 07/06/2015 12:26 PM, Lluís Vilanova wrote:
> Jun Koi writes:
>
>> On Sat, Jul 4, 2015 at 1:12 AM, Peter Maydell <peter.maydell@linaro.org> wrote:
>>      On 3 July 2015 at 18:10, Jun Koi <junkoi2004@gmail.com> wrote:
>>> On Sat, Jul 4, 2015 at 1:06 AM, Peter Maydell <peter.maydell@linaro.org>
>>> wrote:
>>>> On 3 July 2015 at 18:02, Jun Koi <junkoi2004@gmail.com> wrote:
>>>>> If this is true, then what if this TB is running infinitely, and do not
>>>>> return, or it is in a very long loop? In this case, TCG thread cannot
>>      be
>>>>> interrupted?
>>>>
>>>> Every TB starts with a little bit of generated code that checks
>>>> the 'tcg_exit_req' flag in the CPUState for the CPU (see the
>>>> gen_tb_start() function). If some other part of QEMU wants the
>>>> CPU to stop running guest code and return to the top level loop,
>>>> it calls cpu_exit() which sets this flag.
>>>
>>>
>>> But this does not answer my question yet: if we the flag is only
>>> enable when TB already enters the "long loop", then nothing can break
>>> this TB execution?
>
>>      We check the flag for every TB we execute. Therefore in any
>>      loop we must check the flag each time round the loop. So
>>      if another thread sets the flag, we will exit.
>
>>      (A TB is always ended by any kind of branch instruction,
>>      so you can't have a loop within a single TB. A tight loop
>>      turns into a TB that ends with "branch back to the start
>>      of this TB", but that will re-execute the flag-check code.)
>
>
>> Oh right, this tight loop is my main concern. It makes sense now.
>
> I'm not sure if "rep"-style x86 instructions loop inside the same TB, though.

They do not.


r~