From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:39624) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RTlu4-0006rv-KH for qemu-devel@nongnu.org; Thu, 24 Nov 2011 21:52:41 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RTlu3-0000rf-0P for qemu-devel@nongnu.org; Thu, 24 Nov 2011 21:52:40 -0500 Received: from csmailer.cs.nctu.edu.tw ([140.113.235.130]:25788) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RTlu1-0000rK-Tw for qemu-devel@nongnu.org; Thu, 24 Nov 2011 21:52:38 -0500 Date: Fri, 25 Nov 2011 10:52:31 +0800 From: =?utf-8?B?6Zmz6Z+L5Lu7?= Message-ID: <20111125025231.GA36145@cs.nctu.edu.tw> References: <20110922015833.GA11618@cs.nctu.edu.tw> <4E7A9D2E.20402@linux.vnet.ibm.com> <20110922023611.GA14886@cs.nctu.edu.tw> <20110923021411.GA2359@cs.nctu.edu.tw> <20110924025026.GA55686@cs.nctu.edu.tw> <20110924111600.GA35317@cs.nctu.edu.tw> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] TB chaining List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Xin Tong Cc: qemu-devel@nongnu.org, =?utf-8?B?6Zmz6Z+L5Lu7?= On Thu, Nov 24, 2011 at 08:54:36PM -0500, Xin Tong wrote: > I came back to the block chaining code. This code is still not very > clear to me. Here we are linking tb_next -> tb. jmp_next of the tb > contains the next tbs it will jump to. why are we checking the > !tb->jmp_next[n], but not !tb_next->jmp_next[n] ? >=20 > static inline void tb_add_jump(TranslationBlock *tb, int n, > TranslationBlock *tb_next) > { > if (!tb->jmp_next[n]) { > /* patch the native jump address */ > tb_set_jmp_target(tb, n, (unsigned long)tb_next->tc_ptr); >=20 > /* add in TB jmp circular list */ > tb->jmp_next[n] =3D tb_next->jmp_first; > tb_next->jmp_first =3D (TranslationBlock *)((long)(tb) | (n)); > } > } Maybe I talked about TB chaining wrong before. The variable names in QEMU could be misleading. next_tb and tb_next are _different_ things. Let's see cpu_exec (cpu-exec.c) which calls tb_add_jump first. // TB chaining direction: next_tb -> tb if (next_tb !=3D 0 && tb->page_addr[1] =3D=3D -1) { tb_add_jump((TranslationBlock *)(next_tb & ~3), next_tb & 3, tb); } Then let's see tb_add_jump. // TB chaining direction: tb -> tb_next static inline void tb_add_jump(TranslationBlock *tb, int n, TranslationBlock *tb_next) { if (!tb->jmp_next[n]) { /* patch the native jump address */ tb_set_jmp_target(tb, n, (unsigned long)tb_next->tc_ptr); /* add in TB jmp circular list */ tb->jmp_next[n] =3D tb_next->jmp_first; tb_next->jmp_first =3D (TranslationBlock *)((long)(tb) | (n)); } } QEMU uses jmp_next and jmp_first to record the TB chaining status. I think visual presentation can help you understand how this is working. Here you go, http://people.cs.nctu.edu.tw/~chenwj/slide/QEMU/QEMU%20-%20block%20chai= ning.ppt P.S. In case you know chinese, you can see the articles on http://www.hellogcc.org/ (search tag qemu). Regards, chenwj --=20 Wei-Ren Chen (=E9=99=B3=E9=9F=8B=E4=BB=BB) Computer Systems Lab, Institute of Information Science, Academia Sinica, Taiwan (R.O.C.) Tel:886-2-2788-3799 #1667 Homepage: http://people.cs.nctu.edu.tw/~chenwj