[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] qemu softmmu inlined lookup sequence
From: |
Wei-Ren Chen |
Subject: |
Re: [Qemu-devel] qemu softmmu inlined lookup sequence |
Date: |
Thu, 12 Jul 2012 11:52:49 +0800 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Sat, Apr 21, 2012 at 05:28:36PM -0400, Xin Tong wrote:
> On Mon, Apr 16, 2012 at 10:51 PM, 陳韋任 <address@hidden> wrote:
> >> what does the inline sequence look like ? what kind of things (other
> >> than refill tlb) performed in callout but not the inlined sequence ?
> >
> > What do you mean by the inline sequence, the host binary? If so,
> >
> > ---
> > ---- 0xe86c8
> > mov_i32 tmp2,edi
> > qemu_ld8u tmp0,tmp2,$0x0
> > ext8u_i32 tmp12,tmp0
> > movi_i32 tmp13,$0xffffff00
> > and_i32 edx,edx,tmp13
> > or_i32 edx,edx,tmp12
> >
> > OUT: [size=172]
> > 0x40000ce0: mov 0x1c(%r14),%ebp
> > 0x40000ce4: mov %ebp,%esi <--- (a)
> > 0x40000ce6: mov %ebp,%edi
> > 0x40000ce8: shr $0x7,%esi
> > 0x40000ceb: and $0xfffff000,%edi
> > 0x40000cf1: and $0x1fe0,%esi
> > 0x40000cf7: lea 0x348(%r14,%rsi,1),%rsi
> > 0x40000cff: cmp (%rsi),%edi
> > 0x40000d01: mov %ebp,%edi
> > 0x40000d03: jne 0x40000d0e
> > 0x40000d05: add 0x10(%rsi),%rdi
> > 0x40000d09: movzbl (%rdi),%ebp
> > 0x40000d0c: jmp 0x40000d18
> > 0x40000d0e: xor %esi,%esi
> > 0x40000d10: callq 0x54cf8e <--- (b)
> > 0x40000d15: movzbl %al,%ebp
> > 0x40000d18: movzbl %bpl,%ebp
> > 0x40000d1c: mov 0x8(%r14),%ebx
> > ---
> >
>
>
> I had anotated the inlined TLB lookup sequence. can you please help me
> verify whether it is correct ? I am putting this in a paper... must
> make sure it is correct ...
>
>
> # %ebp is the guest virtual address.
> 0x40000ce4: mov %ebp,%esi
> # %ebp is the guest virtual address.
> 0x40000ce6: mov %ebp,%edi
>
> # take the page address of the guest virtual address.
> # take the bit 12 - 19 of the guest virtual address.
> 0x40000ce8: shr $0x7,%esi
> 0x40000ceb: and $0xfffff000,%edi
> 0x40000cf1: and $0x1fe0,%esi
>
> # index into the software tlb using the bit 12 - 19.
> 0x40000cf7: lea 0x348(%r14,%rsi,1),%rsi
>
> # check for a possible match
> 0x40000cff: cmp (%rsi),%edi
>
> 0x40000d01: mov %ebp,%edi
> 0x40000d03: jne 0x40000d0e
>
> # there is a match, calculate the translated address.
> 0x40000d05: add 0x10(%rsi),%rdi
> 0x40000d09: movzbl (%rdi),%ebp
> 0x40000d0c: jmp 0x40000d18
>
> # can not find a match, perform the callout.
> 0x40000d0e: xor %esi,%esi
> 0x40000d10: callq callout_TLBLookup
>
> # other emulation code
> 0x40000d18: movzbl %bpl,%ebp
> 0x40000d1c: mov 0x8(%r14),%ebx
I believe this reply is too late, but it's LGTM. :)
>
> > The code between (a) and (b) is (almost) what TLB lookup hit/miss looks
> > like.
> > If TLB miss, it will call something like __ldb_mmu (b). __ldb_mmu will try
> > to
> > walk guest page table, then fill TLB entry if page table hit, or raise a
> > guest
> > page fault exception if page table miss.
Regards,
chenwj
--
Wei-Ren Chen (陳韋任)
Computer Systems Lab, Institute of Information Science,
Academia Sinica, Taiwan (R.O.C.)
Tel:886-2-2788-3799 #1667
Homepage: http://people.cs.nctu.edu.tw/~chenwj
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [Qemu-devel] qemu softmmu inlined lookup sequence,
Wei-Ren Chen <=