[Qemu-devel] No chaining on ARM hosts?

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] No chaining on ARM hosts?

From:	Steffen Liebergeld
Subject:	[Qemu-devel] No chaining on ARM hosts?
Date:	Mon, 23 Mar 2009 12:25:38 +0000 (UTC)
User-agent:	slrn/pre0.9.9-111 (Linux)

Hi,

I am currently looking into the code generation of Qemu on a ARM host machine
with target ARM. While messuring how many instructions Qemu needs in order to
run guest instructions. Instructions like add and subs need 4 to 40
instructions, which is the amount I expected. However, branches take 150 host
instructions to execute. I figured that with the use of chaining this number
has to be significantly smaller.

To double check if the chaining is performed, I altered the function
tb_add_jmp_target to print the target address and the base address of the TB
which is to be patched, when the guest PC is in the range of my example code.

I am using a setup as in figure 1. The outer Qemu is running on a x86 host
machine, and runs ARM guest code. The inner Qemu is an ARM binary and running
ARM guest code as well. I altered both Qemu instances in order to be able to
trigger actions from my example code. If the example code issues a NOP (mov
r0, r0) and registers 1 and 2 have special values, the outer Qemu prints the
current guest instruction count.

The example code I used is shown in figure 2. It includes unconditional jumps,
which I think would be eligible for chaining.

When running the example code in the outer Qemu, chaining is performed as
expected. But when run in the inner Qemu no chaining takes place.

Do you have an idea why no chaining is performed on ARM hosts? Can somebody
explain the role of code_gen_prologue to me?

Many thanks in advance,
Steffen Liebergeld

Figure : Qemu setup, using qemu-0.10.0

|-----------------------------|
| |-------------------------| |
| | Example code            | |
| |                         | |
| |-------------------------| |
| | Inner Qemu              | |
| |-------------------------| |
|                             |
| ARM code                    |
|-----------------------------|
| Outer Qemu on an x86 host   |
------------------------------|

Figure 2: ARM example code
            "   mov r0, %[deadbeef]      \n"
            "   mov r1, %[deadbabe]      \n"
            "   mov r2, $10     \n"
            "outerloop:         \n"
            "   mov r0, r0      \n"
            "   mov r4, $0      \n"
            "   mov r5, $0      \n"
            "   mov r6, $0      \n"
            "Eins:              \n"
            "   add r4, r4, $1  \n"
            "   b DREI          \n"
            "ZWEI:              \n"
            "   add r5, r5, $1  \n"
            "   b OUT           \n"
            "DREI:              \n"
            "   add r6, r6, $1  \n"
            "   b ZWEI          \n"
            "OUT:               \n"
            "   mov r0, r0      \n"
            "   subs r2, r2, $1 \n"
            "   bne outerloop   \n"

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] No chaining on ARM hosts?, Steffen Liebergeld <=

Prev by Date: [Qemu-devel] Release: USB image of OS Circular and deb packages of LBCAS (LoopBack Content Addressable Storage)
Next by Date: Re: [Qemu-devel] r6677 broke access to physical FDD on Win32
Previous by thread: [Qemu-devel] Release: USB image of OS Circular and deb packages of LBCAS (LoopBack Content Addressable Storage)
Next by thread: [Qemu-devel] Re: Release: USB image of OS Circular and deb packages of LBCAS (LoopBack Content Addressable Storage)
Index(es):
- Date
- Thread