On Fri, Aug 17, 2012 at 9:38 AM, Steven <wangwangk...@gmail.com> wrote: > Hi, Max, > I appreciate your help and got some results using your patch. But I > still have two questions as blow. > >>> I see that with the following patch >>> >>> diff --git a/softmmu_template.h b/softmmu_template.h >>> index b8bd700..2d02133 100644 >>> --- a/softmmu_template.h >>> +++ b/softmmu_template.h >>> @@ -114,6 +114,7 @@ glue(glue(glue(HELPER_PREFIX, ld), SUFFIX), >>> MMUSUFFIX)(ENV_PARAM >>> target_phys_addr_t ioaddr; >>> uintptr_t retaddr; >>> >>> + fprintf(stderr, "%s: %08x\n", __func__, addr); >>> /* test if there is match for unaligned or IO access */ >>> /* XXX: could done more in memory macro in a non portable way */ >>> index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1); >>> >>> I get some memory accesses logged, but not all. That's due to fast >>> path in tcg_out_qemu_ld >>> in case there's TLB hit. I guess you can play with tcg_out_qemu_ld and >>> make it produce a call >>> to a helper function, like qemu_ld_helpers, that will print addresses >>> for all memory access >>> attempts. >> >> Easier solution would be to disable fast path and always go through >> softmmu helpers, like this (specific for x86 host): >> >> diff --git a/softmmu_template.h b/softmmu_template.h >> index b8bd700..2d02133 100644 >> --- a/softmmu_template.h >> +++ b/softmmu_template.h >> @@ -114,6 +114,7 @@ glue(glue(glue(HELPER_PREFIX, ld), SUFFIX), >> MMUSUFFIX)(ENV_PARAM >> target_phys_addr_t ioaddr; >> uintptr_t retaddr; >> >> + fprintf(stderr, "%s: %08x\n", __func__, addr); >> /* test if there is match for unaligned or IO access */ >> /* XXX: could done more in memory macro in a non portable way */ >> index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1); >> diff --git a/tcg/i386/tcg-target.c b/tcg/i386/tcg-target.c >> index da17bba..ec68c19 100644 >> --- a/tcg/i386/tcg-target.c >> +++ b/tcg/i386/tcg-target.c >> @@ -1062,7 +1062,7 @@ static inline void tcg_out_tlb_load(TCGContext >> *s, int addrlo_idx, >> tcg_out_mov(s, type, r0, addrlo); >> >> /* jne label1 */ >> - tcg_out8(s, OPC_JCC_short + JCC_JNE); >> + tcg_out8(s, OPC_JMP_short); >> label_ptr[0] = s->code_ptr; >> s->code_ptr++; >> > > IN: > 0x00000000c13e3a33: mov 0x8(%ebp),%ebx (guest code in the tb) > __ldl_mmu: c13a9fdc > > So 0xc13a9fdc is the guest virtual memory address of 0x8(%ebp). Is this > correct?
Right. > IN: > 0x00000000c13e3a36: mov %eax,-0x10(%ebp) > However, for this instruction, no ldl_mmu is logged. > Does that mean the patch you provided does not cover this case? Yes, this is not 'ld', it is 'st'; to see it too I guess you need this: diff --git a/softmmu_template.h b/softmmu_template.h index b8bd700..b2ae078 100644 --- a/softmmu_template.h +++ b/softmmu_template.h @@ -114,6 +114,7 @@ glue(glue(glue(HELPER_PREFIX, ld), SUFFIX), MMUSUFFIX)(ENV_PARAM target_phys_addr_t ioaddr; uintptr_t retaddr; + fprintf(stderr, "%s: %08x\n", __func__, addr); /* test if there is match for unaligned or IO access */ /* XXX: could done more in memory macro in a non portable way */ index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1); @@ -263,6 +264,7 @@ void glue(glue(glue(HELPER_PREFIX, st), SUFFIX), MMUSUFFIX)(ENV_PARAM uintptr_t retaddr; int index; + fprintf(stderr, "%s: %08x\n", __func__, addr); index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1); redo: tlb_addr = env->tlb_table[mmu_idx][index].addr_write; -- Thanks. -- Max