On Tue, Sep 27, 2011 at 11:02 AM, 陳韋任 <che...@iis.sinica.edu.tw> wrote:
> Hi, Jan
>
>> You can find the answer yourself: Load qemu into gdb, set a breakpoint
>> on that function and let it run. If you want to catch only the retaddr
>> == NULL case, make the breakpoint conditional.
>
> Thanks for your tip. I see when retaddr != NULL, then the calling
> sequence of tlb_fill might be something like (take i386 guest for
> example):
>
> - __stl_mmu/__ldl_mmu -> tlb_fill
>
> - helper_ljmp_protected -> load_segment -> ldl_kernel -> __ldl_mmu
>
> I am not sure when/where __stl_mmu/__ldl_mmu are used. I do set
> breakpoint on __stl_mmu/__ldl_mmu, but the backtrace can only show
> something like,
>
> #0 __stl_mmu (addr=196608, val=0, mmu_idx=0) at
> /tmp/chenwj/temp/qemu-0.13.0/softmmu_template.h:228
> #1 0x00000000400028e1 in ?? ()
> #2 0x00000000000000b4 in ?? ()
> #3 0xecc68ff412fa4137 in ?? ()
> #4 0x0000000000000000 in ?? ()
>
> When retaddr == NULL, then the calling sequence of tlb_fill is,
>
> tb_find_slow -> get_page_addr_code -> ldub_code -> __ldb_cmmu
>
> I can only guest the b in __ldb_cmmu means load byte, but I can't
> figure out what's the difference between _cmmu and _mmu. Could you
> give me some hint? Thanks!
End of exec.c instantiates the code load functions (ld*_code), there
GETPC is defined as NULL. Otherwise GETPC works as usual, so it will
not return NULL.
The memory access templates are a bit confusing. Op helpers use
softmmu_exec.h to instantiate {ld,st}*_{kernel,user,etc} functions.
TCG needs __{ld,st}* helpers for qemu_{ld,st}* TLB miss case, these
are generated by softmmu_template.h. I'll soon apply a patch which
adds comments to the files.
