On Fri, Sep 23, 2011 at 10:50 PM, 陳韋任
<address@hidden> wrote:
> I see, so they (jmp_next, jmp_first) are just for finding the tbs when
> unchaining is needed. do they have any other uses? also, does QEMU do inline
> caching ( when it is a conditional branch)?
Yes, they are used for unchaining. Please see cpu_unlink_tb ->
tb_reset_jump_recursive.
What "inline caching" means? When it's a conditional branch, the
Say your are trying to emulate an indirect jump ( i.e. jmp eax). Because eax is unknown at compile time, you will have to return to the mainloop to look it up. However, if you know some likely values, you can do a few cached compare and hope it hits one of them.
compare eax = 0x33e3e23
jmp tb 30
compare eax = 0332d2ed
jmp tb 30
tb exit
branch target is fixed, and here comes the direct block chaining.
If the branch target is fix, you will still need 2 jmps, one for taken branch another for nottaken branch. can you show me where the code does that is ?
There is another dynamic translation technique called IBTC (indirect
branch translation cache) for indirect branch which has no fixed
branch target. But QEMU doesn't has IBTC. Could you please explain
what "inline caching" is?
Regards,
chenwj
--
Wei-Ren Chen (陳韋任)
Computer Systems Lab, Institute of Information Science,
Academia Sinica, Taiwan (R.O.C.)
Tel:886-2-2788-3799 #1667