110 likes | 267 Views
Online Reference. http://wiki.qemu.org/Main_Page http://people.cs.nctu.edu.tw/~chenwj/dokuwiki/doku.php?id=qemu http://www.hellogcc.org/archives/248 http://lugatgt.org/content/qemu_internals/downloads/slides.pdf. Using GDB. Entry point User mode - linux-user/main.c System mode - vl.c.
E N D
Online Reference • http://wiki.qemu.org/Main_Page • http://people.cs.nctu.edu.tw/~chenwj/dokuwiki/doku.php?id=qemu • http://www.hellogcc.org/archives/248 • http://lugatgt.org/content/qemu_internals/downloads/slides.pdf
Using GDB • Entry point • User mode - linux-user/main.c • System mode - vl.c $ ../qemu-1.0/configure --prefix=$INSTALL \ --target-list=i386-softmmu \ --enable-debug --disable-pie $ gdb qemu (gdb) handle SIG38 noprint pass (gdb) break cpu_exec
OP:(右到左) ---- 0x408018f0 mov_i32 tmp0,esp mov_i32 eax,tmp0 ---- 0x408018f2 movi_i32 tmp0,$0x408018f7 mov_i32 tmp2,esp movi_i32 tmp12,$0xfffffffc add_i32 tmp2,tmp2,tmp12 qemu_st32 tmp0,tmp2,$0xffffffffffffffff mov_i32 esp,tmp2 movi_i32 tmp4,$0x40802040 st_i32 tmp4,env,$0x20 exit_tb $0x0 IN: (左到右) 0x408018f0: mov %esp,%eax 0x408018f2: call 0x40802040
OUT: [size=43](左到右) 0x601f3010: mov 0x10(%r14),%ebp 0x601f3014: mov 0x10(%r14),%ebx 0x601f3018: add $0xfffffffffffffffc,%ebx 0x601f301b: mov $0x408018f7,%r12d 0x601f3021: mov %ebp,(%r14) 0x601f3024: mov %r12d,(%rbx) 0x601f3027: mov $0x40802040,%ebp 0x601f302c: mov %ebp,0x20(%r14) 0x601f3030: mov %ebx,0x10(%r14) 0x601f3034: xor %eax,%eax 0x601f3036: jmpq 0x6223684e
QEMU CPU Events CPUIdle Find Slow Hit Miss Miss Find Fast Done Build Hit Full Flush Chain SMC Invalidate Execute Interrupt Unchain Exception Check Interrupt Restore Halt? No http://www.cs.nthu.edu.tw/~ychung/conference/ICPADS2011.pdf Yes
Read the Code • Find Fast - tb_find_fast (cpu-exec.c) • Fins Slow - tb_find_slow (cpu-exec.c) • Build - tb_gen_code (exec.c) • Flush - tb_flush (exec.c) • Chain - tb_add_jump (exec-all.h)
Read the Code • Excute - tcg_qemu_tb_exec (tcg/tcg.h) • Invalidate - tb_phys_invalidate (exec.c) • Unchain - cpu_unlink_tb (exec.c) • Restore - cpu_restore_state (translate-all.c)
Shared Resources in CPU Events Restore Execute Flush Invalidate TCG CC TBD TBDA TBHT MPD Chain Unchain Find Slow Build
Read the Code • TCG (Tiny Code Generator) • gen_intermediate_code (target-i386/translate.c) • tcg_gen_code (tcg/tcg.c) • CC (Code Cache) • gen_opc_buf and gen_opparam_buf (translate-all.c) • static_code_gen_buffer (exec.c) • TBD (TB Descriptor) • TranslationBlock (exec-all.h)
Read the Code • TBDA (TB Descriptor Array) • TranslationBlock *tbs (exec.c) • TBHT (TB Hash Table) • TranslationBlock *tb_phys_hash (exec.c) • MPD (Memory Page Descriptor) • PageDesc (exec.c)