On 22 April 2016 at 16:06, Tom Spink <t.sp...@sms.ed.ac.uk> wrote: > So, my question is, how can a TB for a particular block containing a > constant folded *virtual* PC work, if the MMU mappings change and a > different virtual address is used to access the same physical address? > > E.g. assume we have an instruction such as: ldr r0, [pc, #8] > > If this is compiled in a block that begins at virtual address 0x10000, then > the load will be emitted as a constant load from address 0x10008 (and will > be subject to the usual TLB lookup code). But, if the MMU mappings change, > and the block is entered from virtual address 0x20000 (because 0x20000 now > points to the same physical page), then the load will be incorrect, as it > would still be accessing address 0x10000, but should actually be accessing > address 0x20008.
TBs are looked up by (virtual) PC + flags + physical address, so if the same lump of code is mapped at two different virtual addresses we'll translate it twice. (More precisely, tb_find_fast() checks only the virtual address, but it does so in a cache which is invalidated when the guest does a TLB invalidate operation; if the cache misses we fall back to tb_find_slow() which also checks physical address.) thanks -- PMM
