[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] TCG flow vs dyngen
From: |
Stefano Bonifazi |
Subject: |
Re: [Qemu-devel] TCG flow vs dyngen |
Date: |
Tue, 14 Dec 2010 21:17:35 +0100 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7 |
On 12/11/2010 03:44 PM, Blue Swirl wrote:
On Sat, Dec 11, 2010 at 2:32 PM, Stefano Bonifazi
<address@hidden> wrote:
Where does the execution of host binary take place in the previous list of
events? Between point 5) and 6) ?
After 6) ? In what QEMU source code file/function does the final execution of
host binary take place?
In the previous list of events, when does the translator try to chain the current TB with
previous ones? Before TCG generates the binary in order to feed it with "linked
micro code"?
All of this happens in cpu-exec.c:581 to 618.
Hi!
Thank you very much! Knowing exactly where I should check, in a so big
project helped me very much!!
Anyway after having spent more than 2 days on that code I still can't
understand how it works the real execution:
in cpu-exec.c : cpu_exec_nocache i find:
/* execute the generated code */
next_tb = tcg_qemu_tb_exec(tb->tc_ptr);
and in cpu-exec.c : cpu_exec
/* execute the generated code */
next_tb = tcg_qemu_tb_exec(tc_ptr);
so I thought tcg_qemu_tb_exec "function" should do the work of executing
the translated binary in the host.
But then I found out it is just a define in tcg.h:
#define tcg_qemu_tb_exec(tb_ptr) ((long REGPARM (*)(void
*))code_gen_prologue)(tb_ptr)
and again in exec.c
uint8_t code_gen_prologue[1024] code_gen_section;
Maybe I have some problems with that C syntax, but I really don't
understand what happens there.. how the execution happens!
Maybe I am too stuck to my idea of a common emulator "fetch -> decode ->
execute" where an addition would be implemented simply as "env->regC =
env->regA +env->regB" ... where this C instruction would be compiled
offline into host machine binary by host compiler.. so the emulator
would be a monolith block of host code just with branches for the
different opcodes that would come from the target binary loaded at runtime..
Here instead with QEMU/TCG I understood that at runtime the target
binary is translated into host binary (somehow) .. but then.. how can
this new host binary be run? Shall the host code at runtime do some sort
of (assembly speaking) branch jump to an area of memory with new host
binary instructions .. and then jump back to the old process binary code?
If so, can you explain me how this happens in those lines of code?
I am just a student.. unluckily at university they just tell you that a
cpu follows some sort of "fetch ->decode->execute" flow .. but then you
open QEMU.. and wow there is a huge gap for understanding it, and no
books where to study it! ;)
Please help me understanding it :)
Thank you very very much in advance!
Stefano B.