On Sat, Dec 11, 2010 at 2:32 PM, Stefano Bonifazi <stefboombas...@gmail.com> wrote: > -----Original Message----- > From: Blue Swirl [mailto:blauwir...@gmail.com] > Sent: sabato 11 dicembre 2010 14:12 > To: Stefano Bonifazi > Cc: qemu-devel@nongnu.org > Subject: Re: [Qemu-devel] TCG flow vs dyngen > > >>There's a large buffer for generated code, allocated in exec.c. This is >>filled with host code by TCG, when full it is flushed. The CPU execution loop >>>generates new TBs when needed, otherwise the old code can be executed. > >>TCG also uses intermediate ops but those are used only once during >>translation. > > So if I understand well the flow is the following: > > 1) the CPU execution loop at runtime takes a new TB from the target code > 2) I guess some hash function is computed on this TB for getting a key for > searching into the buffer of generated code that probably should store the > binary as a map key-binary > 3) if the search is successful the binary is given to the translator(how? You > said no copy involved) and we return to point 1) otherwise:
1-3) Please see tb_find_fast() and its caller in cpu-exec.c. Only pointer passing is involved. > 4) the target specific translator generates TCG uops from the TB > 5) TCG uses uops for generating host binary code > 6) this new binary code is cached by TGC if there is enough storage place > > Is that all correct? 4-5) OK. 6) If there is no space, all previously generated code is thrown away. > > Where does the execution of host binary take place in the previous list of > events? Between point 5) and 6) ? > After 6) ? In what QEMU source code file/function does the final execution of > host binary take place? > > In the previous list of events, when does the translator try to chain the > current TB with previous ones? Before TCG generates the binary in order to > feed it with "linked micro code"? All of this happens in cpu-exec.c:581 to 618.
