[Qemu-devel] [RFD] Translation block instrumentation and multiple TCG code buffers

[Laurent Desnogues]

Hello,

some people are interested in instrumenting translated blocks for
various reasons.  For instance, Paul Brook added instruction counting;
another use includes instruction profiling.

Both these examples require the full basic block to have been
translated, while the counters updates should be at the beginning of
the translated block.

To achieve that, Paul did what he calls a "horrid hack": generate a tcg
subi which is patched with the correct count once the BB has been
translated.

When there is a single instruction to patch one can live with that
hack, but when one wants more, something cleaner is definitely needed.

One possible solution would be to have two tcg code buffers.
Instrumentation tcg ops would go into the second buffer;  that second
buffer would generate code before generating code for the translated
block.

I think the cleanest way to do that would be to move gen_opc_ptr and
gen_opparam_ptr to the tcg context (BTW this is already hinted in
tcg.c) and have a mechanism to change between the first and second
buffer when needed.  (Note I am not sure using multiple tcg contexts is
really the way to go at the moment given the way some of the code
assumes a single context exists [for instance the profiler].)

One could be more ambitious and have more than two buffers (for
instance, Paul's counter has to generate code that goes after the BB
has been translated), but that could come later.

What do people think?

Cheers,

                        Laurent