Re: [Qemu-devel] icount and tb chaining

[James Greensky]

Sure, usually a tb chain is setup after a subsequent tb is
found/constructed in the loop in cpu_exec when a tb returns.
Taken/non-taken branch chaining is implemented by indicating the
branch direction by the two least significant digits of the the
previously returned tb. This is usually 0/1. When running icount, you
can also get a 2 value in these least significant digits, indicating
that the translation block was restarted due to the
icount_decr.u16.low field being exhausted but having instructions left
to execute in icount_extra. This 2 value falls through to tb_add_jump,
which then updates the tb's jmp_first field, as both tb and next_tb
refer to the same translation block. My question is why is this
necessary, why not do nothing, and leave the previous chaining intact?
I hope this is clearer and thanks for the response. -Jim

On Thu, Jan 12, 2012 at 7:41 PM, 陳韋任 <address@hidden> wrote:
> On Thu, Jan 12, 2012 at 11:00:43AM -0800, James Greensky wrote:
>> Hello all, I have a question about icount and tb chaining that I hope
>> somebody can clear up.  In cpu-exec.c, when the icount_decr.u16.low
>> counter expires, it passes back the current tb as the next_tb and add
>> a jump with the least significant bits = 2. This falls through to tb
>> add jump, which then updates the jmp_first field of the current tb.
>> why is this done? Thanks -Jim
>
>  Could you elaborate on the whole sequence? I am not sure where should
> I look into to answer your question. Thanks.
>
> Regards,
> chenwj
>
> --
> Wei-Ren Chen (陳韋任)
> Computer Systems Lab, Institute of Information Science,
> Academia Sinica, Taiwan (R.O.C.)
> Tel:886-2-2788-3799 #1667
> Homepage: http://people.cs.nctu.edu.tw/~chenwj