On Tue, 20 Aug 2019 at 11:12, 立 <zhl...@foxmail.com> wrote: > > I am working on a project that requires me to modify the ISA of the MIPS > target. I have been staring at the source code for about a week, but found it > really difficult due to me being a young rookie and the sparse comments. > Specifically, I need to extend MIPS, by adding some new instructions and new > CPU registers to the current architecture, and that sounds really easy. I > think the place for me to look at should be at the directory > ${qemu_root}/target/mips/. With a MIPS Instruction Set Manual Release 6 > handy, I have difficulty finding the source code where the ISA resides. Is it > in op_helper.c? Or translate.c? Any guidance would be really appreciated. > Thank you very much in advance.
The general structure of a QEMU target front-end is that there is a 'decoder', typically in translate.c, which takes target instructions, figures out what they are, and emits TCG operations (an intermediate representation) for them. Sometimes a guest instruction is simple and can be handled by directly generating TCG code to do it. Some instructions are more complex, and we handle them by generating TCG code which will at runtime call a helper function to do the bulk of the work. Those helpers (and some other code, like code to handle TLB misses and various exceptions) lives in the various helper.c files. One important concept to be clear on is that QEMU is a JIT -- this means that we generate host code that corresponds to target code (at "translate time"), and then later we will run the host code (at "run time"); code generated once can be run many times. You need to be clear about whether QEMU C code you're looking at is called at translate time or at run time, because the things that you can do are very different. thanks -- PMM