From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.33)
	id 1CRYZL-0004W4-Pf
	for qemu-devel@nongnu.org; Tue, 09 Nov 2004 11:10:07 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.33)
	id 1CRYZI-0004VH-TK
	for qemu-devel@nongnu.org; Tue, 09 Nov 2004 11:10:06 -0500
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.33) id 1CRYZI-0004VE-LZ
	for qemu-devel@nongnu.org; Tue, 09 Nov 2004 11:10:04 -0500
Received: from [193.49.184.17] (helo=gip.u-picardie.fr)
	by monty-python.gnu.org with esmtp (Exim 4.34) id 1CRYQf-0003KL-Fb
	for qemu-devel@nongnu.org; Tue, 09 Nov 2004 11:01:09 -0500
Received: from Olivier (port-cozette.laria-prive.u-picardie.fr [10.16.24.246])
	by gip.u-picardie.fr (Postfix) with ESMTP id EF0C88071
	for <qemu-devel@nongnu.org.>; Tue,  9 Nov 2004 17:01:06 +0100 (CET)
From: "Olivier Cozette" <olivier.cozette@u-picardie.fr>
Subject: Re:Another related question Re: [Qemu-devel] Question about softmmu
Date: Tue, 9 Nov 2004 17:01:11 +0100
Message-ID: <006401c4c675$556b86c0$f618100a@Olivier>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org


  Hello Ye,

First, I will describe the memory access. All access to memory from the =
CPU,
data access or load instruction access cross the TLB (Translation Look =
aside
Buffer), the TLB convert the virtual address to the real address (it's a
cache of the page mapping), so only the real address go to the memory
subsystem or the cache. Note that the TLB are only flushed when you =
change
CR3 value or if you use INVLPG instruction.

              =20
-------      =20
| Proc|
------->=3D=3D=3D=3D=3D>-------------
              |  TLB      |
              ------------->=3D=3D=3D=3D=3D=3D=3D\/
						--------------
                                   | Cache/Memory|
                                   ---------------

With i386, the only to get the pc (eip register) is to use the CALL
instruction, this instruction store the virtual next PC (eip) and so if =
the
mapping change, the next PC change.

With Qemu in target-i386/translate.c you have this code :

    case 2: /* call Ev */
            /* XXX: optimize if memory (no 'and' is necessary) */
            if (s->dflag =3D=3D 0)
                gen_op_andl_T0_ffff();
            next_eip =3D s->pc - s->cs_base;
            gen_op_movl_T1_im(next_eip);
            gen_push_T1(s);
            gen_op_jmp_T0();
            gen_eob(s);
            break;

             =20


Olivier