Re: [Qemu-devel] Get only TCG code without execution

[Peter Maydell]

On 19 January 2012 16:00, Rajat Goyal <address@hidden> wrote:
> Thank you so much for your help Peter. I was using version 0.15.1. On 1.0,
> it works like a dream!

Good.

> I was not talking about semantics of individual instructions but semantics
> of the whole multi-threaded program. Multi-threaded programs can lead to
> several different (most of which are unintended) states of the CPU. What
> states are possible is described in a mathematically rigorous definition of
> the ARM memory model. My task is to implement this memory model over TCG ops
> and then compare the results on several different (multi-threaded) litmus
> tests with the implementation of the memory model over ARM instructions.

Some points to note:
 * The current QEMU code has some known race conditions which can cause
crashes/hangs in heavily threaded programs in linux-user mode; see eg
https://bugs.launchpad.net/qemu/+bug/668799
 * We don't really make a serious attempt at implementing the ARM memory
model in QEMU; our load/store exclusive implementation is pretty hopeless,
for instance
 * In linux-user mode we basically just pass loads/stores/etc through as
host-cpu loads/stores, so you get whatever the host's memory model semantics
are, not what the guest CPU is supposed to do
 * a combination of the above plus the fact we don't implement caches in
system emulation mode means that our implementation of all the barrier
insns is a simple no-op; you'll never see barriers at the TCG op level

> For
> the same task, I need QEMU to give me the TCG translation for code which it
> never branches into and hence, never needs to translate and execute (because
> ARM multiprocessors can perform speculative execution).

QEMU does not do TCG translation for code which it doesn't branch into.
Indeed, it's not actually possible to tell whether it is code and not
data until you've branched into it...

-- PMM