* Re: [Qemu-devel] qemu softmmu inlined lookup sequence
[not found] ` <CALKntY0JNefZpuDNBB-jeWGj4KKjL7kUkv0LdSBRv+hQhDM2sg@mail.gmail.com>
@ 2012-07-12 3:52 ` 陳韋任 (Wei-Ren Chen)
0 siblings, 0 replies; only message in thread
From: 陳韋任 (Wei-Ren Chen) @ 2012-07-12 3:52 UTC (permalink / raw)
To: Xin Tong; +Cc: qemu-devel, 陳韋任
On Sat, Apr 21, 2012 at 05:28:36PM -0400, Xin Tong wrote:
> On Mon, Apr 16, 2012 at 10:51 PM, 陳韋任 <chenwj@iis.sinica.edu.tw> wrote:
> >> what does the inline sequence look like ? what kind of things (other
> >> than refill tlb) performed in callout but not the inlined sequence ?
> >
> > What do you mean by the inline sequence, the host binary? If so,
> >
> > ---
> > ---- 0xe86c8
> > mov_i32 tmp2,edi
> > qemu_ld8u tmp0,tmp2,$0x0
> > ext8u_i32 tmp12,tmp0
> > movi_i32 tmp13,$0xffffff00
> > and_i32 edx,edx,tmp13
> > or_i32 edx,edx,tmp12
> >
> > OUT: [size=172]
> > 0x40000ce0: mov 0x1c(%r14),%ebp
> > 0x40000ce4: mov %ebp,%esi <--- (a)
> > 0x40000ce6: mov %ebp,%edi
> > 0x40000ce8: shr $0x7,%esi
> > 0x40000ceb: and $0xfffff000,%edi
> > 0x40000cf1: and $0x1fe0,%esi
> > 0x40000cf7: lea 0x348(%r14,%rsi,1),%rsi
> > 0x40000cff: cmp (%rsi),%edi
> > 0x40000d01: mov %ebp,%edi
> > 0x40000d03: jne 0x40000d0e
> > 0x40000d05: add 0x10(%rsi),%rdi
> > 0x40000d09: movzbl (%rdi),%ebp
> > 0x40000d0c: jmp 0x40000d18
> > 0x40000d0e: xor %esi,%esi
> > 0x40000d10: callq 0x54cf8e <--- (b)
> > 0x40000d15: movzbl %al,%ebp
> > 0x40000d18: movzbl %bpl,%ebp
> > 0x40000d1c: mov 0x8(%r14),%ebx
> > ---
> >
>
>
> I had anotated the inlined TLB lookup sequence. can you please help me
> verify whether it is correct ? I am putting this in a paper... must
> make sure it is correct ...
>
>
> # %ebp is the guest virtual address.
> 0x40000ce4: mov %ebp,%esi
> # %ebp is the guest virtual address.
> 0x40000ce6: mov %ebp,%edi
>
> # take the page address of the guest virtual address.
> # take the bit 12 - 19 of the guest virtual address.
> 0x40000ce8: shr $0x7,%esi
> 0x40000ceb: and $0xfffff000,%edi
> 0x40000cf1: and $0x1fe0,%esi
>
> # index into the software tlb using the bit 12 - 19.
> 0x40000cf7: lea 0x348(%r14,%rsi,1),%rsi
>
> # check for a possible match
> 0x40000cff: cmp (%rsi),%edi
>
> 0x40000d01: mov %ebp,%edi
> 0x40000d03: jne 0x40000d0e
>
> # there is a match, calculate the translated address.
> 0x40000d05: add 0x10(%rsi),%rdi
> 0x40000d09: movzbl (%rdi),%ebp
> 0x40000d0c: jmp 0x40000d18
>
> # can not find a match, perform the callout.
> 0x40000d0e: xor %esi,%esi
> 0x40000d10: callq callout_TLBLookup
>
> # other emulation code
> 0x40000d18: movzbl %bpl,%ebp
> 0x40000d1c: mov 0x8(%r14),%ebx
I believe this reply is too late, but it's LGTM. :)
>
> > The code between (a) and (b) is (almost) what TLB lookup hit/miss looks like.
> > If TLB miss, it will call something like __ldb_mmu (b). __ldb_mmu will try to
> > walk guest page table, then fill TLB entry if page table hit, or raise a guest
> > page fault exception if page table miss.
Regards,
chenwj
--
Wei-Ren Chen (陳韋任)
Computer Systems Lab, Institute of Information Science,
Academia Sinica, Taiwan (R.O.C.)
Tel:886-2-2788-3799 #1667
Homepage: http://people.cs.nctu.edu.tw/~chenwj
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2012-07-12 3:52 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <CALKntY3=ZOaBqcscMknOr4P-=EJpmQTPZjkGgHqa+MCqvA-TQw@mail.gmail.com>
[not found] ` <20120417025140.GA40861@cs.nctu.edu.tw>
[not found] ` <CALKntY0JNefZpuDNBB-jeWGj4KKjL7kUkv0LdSBRv+hQhDM2sg@mail.gmail.com>
2012-07-12 3:52 ` [Qemu-devel] qemu softmmu inlined lookup sequence 陳韋任 (Wei-Ren Chen)
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.