From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1NlLwg-0000p1-8X for qemu-devel@nongnu.org; Sat, 27 Feb 2010 07:38:58 -0500 Received: from [199.232.76.173] (port=57780 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NlLwf-0000oh-UC for qemu-devel@nongnu.org; Sat, 27 Feb 2010 07:38:57 -0500 Received: from Debian-exim by monty-python.gnu.org with spam-scanned (Exim 4.60) (envelope-from ) id 1NlLwf-0004JF-6Y for qemu-devel@nongnu.org; Sat, 27 Feb 2010 07:38:57 -0500 Received: from mail-pv0-f173.google.com ([74.125.83.173]:34679) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1NlLwe-0004J9-T3 for qemu-devel@nongnu.org; Sat, 27 Feb 2010 07:38:57 -0500 Received: by pvg12 with SMTP id 12so314649pvg.4 for ; Sat, 27 Feb 2010 04:38:55 -0800 (PST) MIME-Version: 1.0 In-Reply-To: <408d4ad1002270408o7749a4e7u603a6e7bf6fdfc5f@mail.gmail.com> References: <408d4ad1002270408o7749a4e7u603a6e7bf6fdfc5f@mail.gmail.com> Date: Sat, 27 Feb 2010 14:38:55 +0200 Message-ID: Subject: Re: [Qemu-devel] How to precisely monitor all the memory references in QEMU to feed the cache model From: Blue Swirl Content-Type: text/plain; charset=UTF-8 List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "shocklink99@yahoo.com.tw" Cc: qemu-devel@nongnu.org On 2/27/10, shocklink99@yahoo.com.tw wrote: > Hi, > I'm adding a cache model into QEMU 0.12 > I have encountered a problem that the cache miss error rate was high > compared to real platform Creator(arm926) . > I used the QEMU integrator board to run the experiment. > I've modified > softmmu_header.h > softmmu_template.h > target-arm/translate.c > > e.g. in softmmu_header.h > glue(glue(ld, USUFFIX), MEMSUFFIX)(target_ulong ptr) > I monitored the ptr, I know that ptr is the access address > > e.g. in softmmu_template.h > glue(glue(__ld, SUFFIX), MMUSUFFIX)(target_ulong addr > > > e.g. target-arm/translate.c > static inline TCGv gen_ld8s(TCGv addr, int index) > { > TCGv tmp = new_tmp(); > > gen_helper_cache_access(addr , tcg_const_i32(1) ); > > tcg_gen_qemu_ld8s(tmp, addr, index); > return tmp; > } > > I had taken care of all the related function. > Is there anything I ignored when running with the model? > > I have also reduce the timer interrupt to make it closed enough with the > real platform. > SO the context switch overhead should be little enough. Interesting approach, this could be useful for modeling caches on other architectures. If your cache statistics merge I/D cache values, this could be one source of error. I'd suppose pure data cache statistics should be closer to reality, but QEMU's mode of operation for instruction accesses differs a lot from real CPU: * on some architectures, translation may access some instructions in the basic block which would not be executed by the CPU * we have a large TB cache, its size could be different from real CPU cache * TBs are flushed by QEMU (and that logic is different) * cache flushes by guest are ignored (this also applies to data caches)