On 6 June 2015 at 08:36, Sandhya Kumar <insatiablecuriousit...@gmail.com> wrote: > Thanks Peter for your explanation. > > [The following question on TLB working could be a deviation from the first > mail here, but asking here instead of starting new thread.] > > I picked up a simple 'Hello world' ELF executable (shown at the end) and > tried to experiment with QEMU's address translations (i.e. guest VA -> host > VA in softmmu_template.h) occurring in userland for that process. This is > the sequence of guest VA (in hexadecimal) being translated: > > 401bee > 401c07 > 401c0e > 401c13 > 401d23 > 401d39 > 402009 > ...... and so on > > The italized ones (first four) belong to _start of my executable and the > next few can be traced to __libc_start_main in my executable. Can anyone > please help me understand why the order is appearing like this?
Most code loads don't go through the softmmu_template.h code. The frontend (target-*/translate.c) calls cpu_ld*_code functions, which are implemented by macros in include/exec/cpu_ldst_template.h. Those functions will try to do a direct lookup in QEMU's TLB first, and will only call the helper functions in softmmu_template.h if they miss. So you're not going to see a call for every instruction. (My guess is you're seeing one call every basic block, but it's not possible to tell from the detail you give.) -- PMM
