[Qemu-devel] How does TCG gen host code for a TB?

Discussion:

Valerón JC

2015-12-11 03:43:22 UTC

I want to trace a bug in tcg, which for me, at some point, generate infinite loop TB chains, that's unexpected. and I've found the final TB(head, since they're chaining) which run in an infinite loop, and I know a very weird trick to 'disable' this bug, so I would like to track the tcg-ops for the TB, hope that I can figure what's wrong.

but when I read the tcg_gen_code(), I'm confused...

how does tcg_gen_code() generate codes for one TB? if I read the code correctly, gen_intermediate_code() will not flush the tcg_ctx->gen_opc_buf[], codes for previous TB are mixed together... and tcg_gen_code() will start gen from index 0 of gen_opc_buf, how does it generate codes for the TB just created?

even though there's label for a TB-start(I'm not familiar with this label stuff yet), but the fact that the gen_opc_buf not flush every time a new TB is generated seems weird to me, won't the new tcg-ops mixed with the ones of previous TB? Isnât the newly generated host-code dedicate to one TB?

Sent from Mail for Windows 10

Peter Maydell

2015-12-11 13:37:20 UTC

Permalink

Post by ValerÃ³n JC
I want to trace a bug in tcg, which for me, at some point, generate infinite
loop TB chains, that's unexpected. and I've found the final TB(head, since
they're chaining) which run in an infinite loop, and I know a very weird
trick to 'disable' this bug, so I would like to track the tcg-ops for the
TB, hope that I can figure what's wrong.

If the guest code is an infinite loop then we will generate
a chain of TBs which goes round in a loop too. (Execution will
escape from the loop via longjmp when there is a guest interrupt
or other exception.)

Post by ValerÃ³n JC
but when I read the tcg_gen_code(), I'm confused...
how does tcg_gen_code() generate codes for one TB? if I read the code
correctly, gen_intermediate_code() will not flush the
tcg_ctx->gen_opc_buf[], codes for previous TB are mixed together... and
tcg_gen_code() will start gen from index 0 of gen_opc_buf, how does it
generate codes for the TB just created?

This code has changed, and tcg_ctx->gen_opc_buf doesn't exist any more.
We store ops in a linked list now rather than an array.
The answer to your question in general is still the same, though:
before calling gen_intermediate_code() we call tcg_func_start(),
which resets the TCGContext to a clean state, including "no temporaries
allocated", "no labels" and "no ops".

thanks
-- PMM

Sergey Fedorov

2015-12-11 14:20:17 UTC

Permalink

Post by ValerÃ³n JC
I want to trace a bug in tcg, which for me, at some point, generate
infinite loop TB chains, that's unexpected. and I've found the final
TB(head, since they're chaining) which run in an infinite loop, and I
know a very weird trick to 'disable' this bug, so I would like to
track the tcg-ops for the TB, hope that I can figure what's wrong.

Hi,

You may find it useful to enable logging of TCG ops generated with '-d
op', as well as input and output assembly with '-d in_asm,out_asm'. '-D
<filename>' could be useful to output log to a file. Here are references
to documentation: http://qemu.weilnetz.de/qemu-doc.html#index-_002dd and
http://qemu.weilnetz.de/qemu-doc.html#index-_002dD.

Best,
Sergey

Valerón JC

2015-12-11 15:34:05 UTC

Permalink

Peter and Sergey, Thank you so much for your help and explanation.
I appreciate your helps very much.

Sent from Mail for Windows 10

From: Sergey Fedorov
Sent: Friday, December 11, 2015 10:21 PM
To: ValerÃ³n JC;qemu-***@nongnu.org
Subject: Re: [Qemu-devel] How does TCG gen host code for a TB?

Post by ValerÃ³n JC
I want to trace a bug in tcg, which for me, at some point, generate
infinite loop TB chains, that's unexpected. and I've found the final
TB(head, since they're chaining) which run in an infinite loop, and I
know a very weird trick to 'disable' this bug, so I would like to
track the tcg-ops for the TB, hope that I can figure what's wrong.