1 / 10

Online Reference

Online Reference. http://wiki.qemu.org/Main_Page http://people.cs.nctu.edu.tw/~chenwj/dokuwiki/doku.php?id=qemu http://www.hellogcc.org/archives/248 http://lugatgt.org/content/qemu_internals/downloads/slides.pdf. Using GDB. Entry point User mode - linux-user/main.c System mode - vl.c.

Download Presentation

Online Reference

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Online Reference • http://wiki.qemu.org/Main_Page • http://people.cs.nctu.edu.tw/~chenwj/dokuwiki/doku.php?id=qemu • http://www.hellogcc.org/archives/248 • http://lugatgt.org/content/qemu_internals/downloads/slides.pdf

  2. Using GDB • Entry point • User mode - linux-user/main.c • System mode - vl.c $ ../qemu-1.0/configure --prefix=$INSTALL \ --target-list=i386-softmmu \ --enable-debug --disable-pie $ gdb qemu (gdb) handle SIG38 noprint pass (gdb) break cpu_exec

  3. OP:(右到左) ---- 0x408018f0 mov_i32 tmp0,esp mov_i32 eax,tmp0 ---- 0x408018f2 movi_i32 tmp0,$0x408018f7 mov_i32 tmp2,esp movi_i32 tmp12,$0xfffffffc add_i32 tmp2,tmp2,tmp12 qemu_st32 tmp0,tmp2,$0xffffffffffffffff mov_i32 esp,tmp2 movi_i32 tmp4,$0x40802040 st_i32 tmp4,env,$0x20 exit_tb $0x0 IN: (左到右) 0x408018f0: mov %esp,%eax 0x408018f2: call 0x40802040

  4. OUT: [size=43](左到右) 0x601f3010: mov 0x10(%r14),%ebp 0x601f3014: mov 0x10(%r14),%ebx 0x601f3018: add $0xfffffffffffffffc,%ebx 0x601f301b: mov $0x408018f7,%r12d 0x601f3021: mov %ebp,(%r14) 0x601f3024: mov %r12d,(%rbx) 0x601f3027: mov $0x40802040,%ebp 0x601f302c: mov %ebp,0x20(%r14) 0x601f3030: mov %ebx,0x10(%r14) 0x601f3034: xor %eax,%eax 0x601f3036: jmpq 0x6223684e

  5. QEMU CPU Events CPUIdle Find Slow Hit Miss Miss Find Fast Done Build Hit Full Flush Chain SMC Invalidate Execute Interrupt Unchain Exception Check Interrupt Restore Halt? No http://www.cs.nthu.edu.tw/~ychung/conference/ICPADS2011.pdf Yes

  6. Read the Code • Find Fast - tb_find_fast (cpu-exec.c) • Fins Slow - tb_find_slow (cpu-exec.c) • Build - tb_gen_code (exec.c) • Flush - tb_flush (exec.c) • Chain - tb_add_jump (exec-all.h)

  7. Read the Code • Excute - tcg_qemu_tb_exec (tcg/tcg.h) • Invalidate - tb_phys_invalidate (exec.c) • Unchain - cpu_unlink_tb (exec.c) • Restore - cpu_restore_state (translate-all.c)

  8. Shared Resources in CPU Events Restore Execute Flush Invalidate TCG CC TBD TBDA TBHT MPD Chain Unchain Find Slow Build

  9. Read the Code • TCG (Tiny Code Generator) • gen_intermediate_code (target-i386/translate.c) • tcg_gen_code (tcg/tcg.c) • CC (Code Cache) • gen_opc_buf and gen_opparam_buf (translate-all.c) • static_code_gen_buffer (exec.c) • TBD (TB Descriptor) • TranslationBlock (exec-all.h)

  10. Read the Code • TBDA (TB Descriptor Array) • TranslationBlock *tbs (exec.c) • TBHT (TB Hash Table) • TranslationBlock *tb_phys_hash (exec.c) • MPD (Memory Page Descriptor) • PageDesc (exec.c)

More Related