Re: [Qemu-devel] Virtual Address translation in QEMU

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Virtual Address translation in QEMU

From:	Peter Maydell
Subject:	Re: [Qemu-devel] Virtual Address translation in QEMU
Date:	Sat, 16 Nov 2013 21:46:46 +0000

On 15 November 2013 23:37, Fardin Abdi <address@hidden> wrote:
> I need to deal with all the load and store functions in ARM architecture.
> Basically, I want to record all the load and store instructions along with
> their address.
>
> There is a TLB in QEMU that is flushed with every context switch. So, as I
> understand, for every data request to memory, QEMU looks up in the table to
> see if there is a physical translation, otherwise, it fetches the page table
> and translates the vritual address.

Not exactly. We take the guest virtual address and look it up in our
TLB; if we get a hit that gives us the host virtual address in RAM then
we can directly load/store. (Note that in this fast path the guest physical
address never appears.) Otherwise we will take a slower path; this
may still be able to do a fairly direct lookup from a TLB entry to an
IO TLB entry which gives us pointers to emulated device load/store
functions. If all else fails we'll do a TLB fill (which will do a page table
walk).

> What I want to find, is the function in QEMU source code that is calling the
> TLb and checks wether there is a entry in the TLB or not.

There is no single such function, because we emit native code for
the host system which does this lookup inline. (For example, on
x86 this is done in tcg/i386/tcg-target.c:tcg_out_tlb_load().) We
also repeat the TLB lookup in the slowpath functions I think.

Note also that at the point where we are doing this we do not
know what the guest program counter is. (Updating the PC
for every instruction executed would be very slow, so we only
do it at the end of basic blocks or in a complicated fixup process
that happens for unexpected exceptions like abort on load/store.)

For what you seem to want I would suggest you would be better
adding code to the ARM frontend so that for every load/store it also
emits a call to a helper function which you can use to record
information about it.

Other people have been down this road of trying to instrument
QEMU before -- you may be able to find some of their work
if you search. It hasn't gone upstream because it's difficult
to do it  in a way that doesn't compromise speed or
maintainability.

-- PMM

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] Virtual Address translation in QEMU, Fardin Abdi, 2013/11/16
- Re: [Qemu-devel] Virtual Address translation in QEMU, Peter Maydell <=

Prev by Date: [Qemu-devel] Virtual Address translation in QEMU
Next by Date: [Qemu-devel] [PATCH] hw/gpio/max7310.c : add the reset-pin in Max7310 and the GPIO will be reseted by the reset signal(active low) when necessary
Previous by thread: [Qemu-devel] Virtual Address translation in QEMU
Next by thread: [Qemu-devel] [PATCH] hw/gpio/max7310.c : add the reset-pin in Max7310 and the GPIO will be reseted by the reset signal(active low) when necessary
Index(es):
- Date
- Thread