[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-discuss] How do -icount flags work in QEMU TCG
|
From: |
Peter Maydell |
|
Subject: |
Re: [Qemu-discuss] How do -icount flags work in QEMU TCG |
|
Date: |
Fri, 23 Mar 2018 10:03:24 +0000 |
On 22 March 2018 at 22:34, Arnabjyoti Kalita <address@hidden> wrote:
> From what I can see from the logs, it is quite hard to tell why this occurs.
> I am afraid I might have to disagree with your point 2. If it was an MMU
> page fault, one of the TCG blocks would have started executing the page
> fault handlers already - which I do not see in the TCG execution flow yet
> and a page fault in the kernel would anyway be dangerous. ( I am not aware
> of any other scenarios of MMU faults in the guest though ).
*You* can see that. What I said was that I couldn't tell whether
it was that or not from the logs you sent in your email, which is true :-)
> It is a bit likely that the -icount value probably ran out, much more likely
> is that one of the loads/stores could be to an emulated device as you
> explained. But atleast in the translation phase, the icount values correctly
> count the number of instructions in the TCG block, even for cases like the
> ones I described previously. If things go wrong in the final host code
> execution phase, the code jumping to the middle of the TB could happen.
>
> I see this pattern quite irregularly across other Translation Blocks as well
> (not many times, but they are scattered around).
>
> I would have to take this irregularity into consideration with the use of
> -icount as I try to analyze the execution flow.
You can't analyse execution flow from the translation-time events.
You need to look at execution time logs for that (-d exec). You
don't need to care if we translate a TB once or many times, only
what TBs we actually executed.
thanks
-- PMM