From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35211)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1YwGoJ-0001dV-FR
	for qemu-devel@nongnu.org; Sat, 23 May 2015 17:18:27 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1YwGoF-0000TM-FB
	for qemu-devel@nongnu.org; Sat, 23 May 2015 17:18:23 -0400
Received: from mail-ig0-f175.google.com ([209.85.213.175]:38075)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1YwGoF-0000TI-AR
	for qemu-devel@nongnu.org; Sat, 23 May 2015 17:18:19 -0400
Received: by igcau1 with SMTP id au1so12791457igc.1
	for <qemu-devel@nongnu.org>; Sat, 23 May 2015 14:18:18 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <1183137169.307126.1432383513091.JavaMail.yahoo@mail.yahoo.com>
References: <1183137169.307126.1432383513091.JavaMail.yahoo@mail.yahoo.com>
From: Peter Maydell <peter.maydell@linaro.org>
Date: Sat, 23 May 2015 22:17:58 +0100
Message-ID: <CAFEAcA-jWe907_QBGWbnGS-RN2zd=vXsqWDSnOnADdivBOsNjQ@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] What's the differences betweencld/st and
 qemu_ld/st in TCG IR?
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: =?UTF-8?B?5rWp5YCrIOmtjw==?= <goberwei@yahoo.com.tw>
Cc: "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>

On 23 May 2015 at 13:18, =E6=B5=A9=E5=80=AB =E9=AD=8F <goberwei@yahoo.com.t=
w> wrote:
> Hi, all:
> I've been trying to understand the process of binary translation inside T=
CG.
> If I haven't misunderstood, qemu_ld/st are the operations that will call
> helper function(ld_mmu) to let softmmu translate the GVA->GPA for the gue=
st
> load/store instructions.
> So there are some points that I hope you can help me out:
> 1. Is every guest load/store instruction would be translated to qemu_ld/s=
t
> IR?

Yes, as a general rule. There are a few special cases:
 * sometimes complicated instructions are just translated into
   calls to helper functions which do the guest memory access
   at runtime (for instance x86 cmpxchg8b turns into a call to
   helper_cmpxchg8b())
 * for linux-user some of the atomic instructions (load-lock/
   store-conditional pairs) are handled by translating to a
   "raise internal exception" call, and the actual load/store
   is then dealt with in linux-user/main.c
   [This mechanism might change in the near future; we're looking at
   multi-threaded TCG emulation, and so might switch the linux-user
   atomics to work the same way as a future mechanism for doing atomics
   in multi-threaded system emulation]
But almost all guest accesses will turn into qemu_ld/st ops.

> 2. What about another TCG IR "ld/st"? What kind of guest instructions wou=
ld
> cause TCG generates that IRs and for what purpose?

These just do plain load/store to the *host* address specified.
This is almost always used to read a value from the CPU state
structure (CPUARMState, etc). Generated code always has access
to a pointer to this struct, and uses the ld/st ops to read
or write fields within it. (If you search for tcg_gen_ld
in target-*/ you'll see lots of examples.) The op can be used
for any host load or store, but in practice use for anything
other than "read a value from the CPU state struct" is very rare.

-- PMM