Re: [Qemu-devel] TCG flow vs dyngen

From: Stefano Bonifazi <stefboombastic@gmail.com>
To: Raphael Lefevre <taylor.lefevre@gmail.com>
Cc: blauwirbel@gmail.com, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] TCG flow vs dyngen
Date: Sun, 16 Jan 2011 16:21:37 +0100	[thread overview]
Message-ID: <4D330D01.9060801@gmail.com> (raw)
In-Reply-To: <000001cbb58c$221f5a00$011aa8c0@side35ya3cah0n>

[-- Attachment #1: Type: text/plain, Size: 3132 bytes --]

On 01/16/2011 03:46 PM, Raphael Lefevre wrote:
>
> On Wed, Dec 15, 2010 at 4:17 AM, Stefano Bonifazi 
> <stefboombastic@gmail.com> wrote:
>
> > On 12/11/2010 03:44 PM, Blue Swirl wrote:
>
> >
>
> > Hi!
>
> > Thank you very much! Knowing exactly where I should check, in a so big
>
> > project helped me very much!!
>
> > Anyway after having spent more than 2 days on that code I still can't
>
> > understand how it works the real execution:
>
> >
>
> > in cpu-exec.c : cpu_exec_nocache i find:
>
> >
>
> >> /* execute the generated code */
>
> >>    next_tb = tcg_qemu_tb_exec(tb->tc_ptr);
>
> >
>
> > and in cpu-exec.c : cpu_exec
>
> >
>
> >> /* execute the generated code */
>
> >>
>
> >>                    next_tb = tcg_qemu_tb_exec(tc_ptr);
>
> >
>
> > so I thought tcg_qemu_tb_exec "function" should do the work of 
> executing the
>
> > translated binary in the host.
>
> > But then I found out it is just a define in tcg.h:
>
> >
>
> >> #define tcg_qemu_tb_exec(tb_ptr) ((long REGPARM (*)(void
>
> >> *))code_gen_prologue)(tb_ptr)
>
> >
>
> > and again in exec.c
>
> >
>
> >> uint8_t code_gen_prologue[1024] code_gen_section;
>
> >
>
> > Maybe I have some problems with that C syntax, but I really don't 
> understand
>
> > what happens there.. how the execution happens!
>
> >
>
> > Here instead  with QEMU/TCG I understood that at runtime the target 
> binary
>
> > is translated into host binary (somehow) .. but then.. how can this 
> new host
>
> > binary be run? Shall the host code at runtime do some sort of (assembly
>
> > speaking) branch jump to an area of memory with new host binary 
> instructions
>
> > .. and then jump back to the old process binary code?
>
> 1. As I know, the host codes translated from the target instructions 
> exist by the format of object file, that’s why they can be executed 
> directly.
>
> 2. I think you catch the right concept in some point of view, one part 
> of the internal of QEMU does such jump & back works certainly.
>
> > If so, can you explain me how this happens in those lines of code?
>
> I only can give a rough profile, the code you listed do a simple thing:
>
> Modify the pointer of the host code execution to point the next 
> address that the host processor should continue to execute.
>
> > I am just a student.. unluckily at university they just tell you that 
> a cpu
>
> > follows some sort of "fetch ->decode->execute" flow .. but then you open
>
> > QEMU.. and wow there is a huge gap for understanding it, and no books 
> where
>
> > to study it! ;)
>
> The QEMU is not used to simulate the every details of the processor 
> should behave, it just try to approximate the necessary operations 
> what a machine should be!
>
> “fetch->decode->execute” flow only need to be concerned when you 
> involve into the hardware design.
>
> Raphaël Lefèvre
>
Thank you very much!
I've already solved this problem.. Right now I am fighting with the 
possibility of changing qemu-user code for making it run several 
binaries in succession .. But it seems to remember the first translated 
code.. Nobody answered to my post about it, do you have any idea?


[-- Attachment #2: Type: text/html, Size: 14125 bytes --]