On Thu, Jan 19, 2012 at 2:32 AM, 陳韋任 <che...@iis.sinica.edu.tw> wrote:
>> What i mean here is that in gen-icount.h, the icount_decr.u32 field is
>> exhausted and jumps out to the cpu-exec loop. This is where you would
>> fall into tb_add_jump with the second argument being 2, and only if
>> icount_extra was greater than zero. This is what I meant, and
>> previously you showed me that the chaining is left intact by the check
>> in tb_add_jump. Hope this is clearer. -Jim
>
> I am not familiar with icount stuff, so some dunmp questions here. In
> gen_icount_start (gen-icount.h), it loads icount_decr.u32 into count,
> then subtracts 0xdeadbeef from count, finally stores count back to
> icount_decr.u16.low.
>
> 1) Why subtract 0xdeadbeef from count? Does 0xdeadbeef have any meaning?
>
> 2) Why store count back to icount_decr.u16.low rather than icount_decr.u32?
>
> In cpu_exec (cpu-exec.c),
>
> // Does insns_left means how many guest instructions left in tb and needed
> // to be executed?
> insns_left = env->icount_decr.u32;
>
> // what the if-branch means, in particular icount_extra? I guess it has
> // something to do with Qemu timer, but not sure.
> if (env->icount_extra && insns_left >= 0) {
>
> // I cannot figure out what's going on here. Could you shed light on it?
>
> } else {
> }
>
>
> Many thanks! :)
>
> Regards,
> chenwj
>
> --
> Wei-Ren Chen (陳韋任)
> Computer Systems Lab, Institute of Information Science,
> Academia Sinica, Taiwan (R.O.C.)
> Tel:886-2-2788-3799 #1667
> Homepage: http://people.cs.nctu.edu.tw/~chenwj
1) 0xdeadbeef is the argument value that will be overwritten in
gen_icount_end with the real number of instruction translated in this
block, num_insns. If you notice, the argument is saved in icount_arg
and it value is replaced.
2) Only the low bits are used for the instruction counting, once the
low bits are exhausted, they will be refilled in the cpu_exec loop.
The high bits are used to indicate an interrupt has occurred, you can
see them set in cpu_interrup of exec.c. They indicate an interrupt is
waiting, and the test in the beginning of a translation block can jump
out of the loop with a simple check to see if the value is below zero,
as the count is a signed value.
> // Does insns_left means how many guest instructions left in tb and needed
> // to be executed?
No, insns_left are number of instruction left in qemu_icount over what
can be stored in the low bits of icount_decr. look at qemu_cpu_exec of
cpus.c
This is my understanding. -Jim
