Message ID | CAMo8Bf+xZF41UYs=LUHs_ufqOHwJ6utrj7KTjLcKY5Eje6eDVA@mail.gmail.com |
---|---|
State | New |
Headers | show |
Hi, Max, I appreciate your help and got some results using your patch. But I still have two questions as blow. >> I see that with the following patch >> >> diff --git a/softmmu_template.h b/softmmu_template.h >> index b8bd700..2d02133 100644 >> --- a/softmmu_template.h >> +++ b/softmmu_template.h >> @@ -114,6 +114,7 @@ glue(glue(glue(HELPER_PREFIX, ld), SUFFIX), >> MMUSUFFIX)(ENV_PARAM >> target_phys_addr_t ioaddr; >> uintptr_t retaddr; >> >> + fprintf(stderr, "%s: %08x\n", __func__, addr); >> /* test if there is match for unaligned or IO access */ >> /* XXX: could done more in memory macro in a non portable way */ >> index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1); >> >> I get some memory accesses logged, but not all. That's due to fast >> path in tcg_out_qemu_ld >> in case there's TLB hit. I guess you can play with tcg_out_qemu_ld and >> make it produce a call >> to a helper function, like qemu_ld_helpers, that will print addresses >> for all memory access >> attempts. > > Easier solution would be to disable fast path and always go through > softmmu helpers, like this (specific for x86 host): > > diff --git a/softmmu_template.h b/softmmu_template.h > index b8bd700..2d02133 100644 > --- a/softmmu_template.h > +++ b/softmmu_template.h > @@ -114,6 +114,7 @@ glue(glue(glue(HELPER_PREFIX, ld), SUFFIX), > MMUSUFFIX)(ENV_PARAM > target_phys_addr_t ioaddr; > uintptr_t retaddr; > > + fprintf(stderr, "%s: %08x\n", __func__, addr); > /* test if there is match for unaligned or IO access */ > /* XXX: could done more in memory macro in a non portable way */ > index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1); > diff --git a/tcg/i386/tcg-target.c b/tcg/i386/tcg-target.c > index da17bba..ec68c19 100644 > --- a/tcg/i386/tcg-target.c > +++ b/tcg/i386/tcg-target.c > @@ -1062,7 +1062,7 @@ static inline void tcg_out_tlb_load(TCGContext > *s, int addrlo_idx, > tcg_out_mov(s, type, r0, addrlo); > > /* jne label1 */ > - tcg_out8(s, OPC_JCC_short + JCC_JNE); > + tcg_out8(s, OPC_JMP_short); > label_ptr[0] = s->code_ptr; > s->code_ptr++; > IN: 0x00000000c13e3a33: mov 0x8(%ebp),%ebx (guest code in the tb) __ldl_mmu: c13a9fdc So 0xc13a9fdc is the guest virtual memory address of 0x8(%ebp). Is this correct? IN: 0x00000000c13e3a36: mov %eax,-0x10(%ebp) However, for this instruction, no ldl_mmu is logged. Does that mean the patch you provided does not cover this case? Thanks. > > -- > Thanks. > -- Max
diff --git a/softmmu_template.h b/softmmu_template.h index b8bd700..2d02133 100644 --- a/softmmu_template.h +++ b/softmmu_template.h @@ -114,6 +114,7 @@ glue(glue(glue(HELPER_PREFIX, ld), SUFFIX), MMUSUFFIX)(ENV_PARAM target_phys_addr_t ioaddr; uintptr_t retaddr; + fprintf(stderr, "%s: %08x\n", __func__, addr); /* test if there is match for unaligned or IO access */ /* XXX: could done more in memory macro in a non portable way */ index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1); diff --git a/tcg/i386/tcg-target.c b/tcg/i386/tcg-target.c index da17bba..ec68c19 100644 --- a/tcg/i386/tcg-target.c +++ b/tcg/i386/tcg-target.c @@ -1062,7 +1062,7 @@ static inline void tcg_out_tlb_load(TCGContext *s, int addrlo_idx, tcg_out_mov(s, type, r0, addrlo); /* jne label1 */ - tcg_out8(s, OPC_JCC_short + JCC_JNE); + tcg_out8(s, OPC_JMP_short); label_ptr[0] = s->code_ptr; s->code_ptr++;