On Mon, May 15, 2023 at 7:22 PM Alex Bennée <alex.ben...@linaro.org> wrote: > > > Gautam Bhat <mindentr...@gmail.com> writes: > > > Hi, > > > > I am going through some translation code for existing targets. > > > > I would like to know if there are any good resources on deeper > > understanding of translation blocks? Also some advice on the best way > > to read code related to translation in Qemu and trying it out maybe > > using the debugger, printing etc? I am getting lost trying to make > > sense of the translation code. > > We have a section in the developers manual that gives an overview of the > translator and how it goes together: > > https://qemu.readthedocs.io/en/latest/devel/index-tcg.html > > Generally for following code the best option is to use the debug flags, > the usual is: > > -d in_asm,op,op_opt,out_asm > > which will dump in order: > > - in_asm, the guest instructions > - op, the TCG ops they break down into > - op_opt, the TCG ops after optimiation > - out_asm, the host instructions for the block > > as this is a lot of data you can limit to certain address ranges using > the -dfilter option. > > Remember the above options will only dump the code as it is translated, > not each time the guest runs it. > > You can attach to the guest using the gdbstub: > > https://qemu.readthedocs.io/en/latest/system/gdb.html > > and stick a breakpoint at the code in question. If you have the HMP > monitor enabled you can then enable the debug options and single step > through the code and see each instruction translated and executed in > turn. > > > > > > Thanks, > > Gautam. > > > -- > Alex Bennée > Virtualisation Tech Lead @ Linaro
Hi Alex, Thanks for the resources. I have been going through the documentation and also running it using a debugger to analyze the code. I am still not there with the op code emulation. I am more or less stuck understanding how to handle translator_ops callbacks and disassembly I will be specific. 1. Could you please explain what the state machine should be for the tb_stop(...) callback? I am looking at code from AVR and Microblaze architecture and I see the following cases: DISAS_NORETURN, DISAS_NEXT, DISAS_TOO_MANY, DISAS_LOOKUP and DISAS_EXIT. Is there some documentation on how to handle these cases and how the disassembly goes through these states? 2. How should the callback for translate_insn be handled? 3. Do you have more information or a visual diagram of sorts for TARGET_PAGE_* and PAGE_* and the relation between translation blocks and pages? Also how should one handle where architectures don't have any paging? Thanks, Gautam.
