Re: [Qemu-devel] TCG flow vs dyngen

[Blue Swirl]

On Sat, Dec 11, 2010 at 2:32 PM, Stefano Bonifazi
<address@hidden> wrote:
> -----Original Message-----
> From: Blue Swirl [mailto:address@hidden
> Sent: sabato 11 dicembre 2010 14:12
> To: Stefano Bonifazi
> Cc: address@hidden
> Subject: Re: [Qemu-devel] TCG flow vs dyngen
>
>
>>There's a large buffer for generated code, allocated in exec.c. This is 
>>filled with host code by TCG, when full it is flushed. The CPU execution loop 
>>>generates new TBs when needed, otherwise the old code can be executed.
>
>>TCG also uses intermediate ops but those are used only once during 
>>translation.
>
> So if I understand well the flow is the following:
>
> 1) the CPU execution loop at runtime takes a new TB from the target code
> 2) I guess some hash function is computed on this TB for getting a key for 
> searching into the buffer of generated code that probably should store the 
> binary as a map key-binary
> 3) if the search is successful the binary is given to the translator(how? You 
> said no copy involved) and we return to point 1) otherwise:

1-3) Please see tb_find_fast() and its caller in cpu-exec.c. Only
pointer passing is involved.

> 4) the target specific translator generates TCG uops from the TB
> 5) TCG uses uops for generating  host binary code
> 6) this new binary code is cached by TGC if there is enough storage place
>
> Is that all correct?

4-5) OK.
6) If there is no space, all previously generated code is thrown away.

>
> Where does the execution of host binary take place in the previous list of 
> events?  Between point 5) and 6) ?
> After 6) ? In what QEMU source code file/function does the final execution of 
> host binary take place?
>
> In the previous list of events, when does the translator try to chain the 
> current TB with previous ones?  Before TCG generates the binary in order to 
> feed it with "linked micro code"?

All of this happens in cpu-exec.c:581 to 618.