mirror of
https://github.com/qemu/qemu.git
synced 2025-01-21 04:53:26 +08:00
d45a5270d0
-----BEGIN PGP SIGNATURE----- iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmCPtbASHGxhdXJlbnRA dml2aWVyLmV1AAoJEPMMOL0/L748I3wP/Al7yi77BMpts1t3lGMm7EBjKgkppnpr wZYEM68bJonvvGiEKQjexn1CUfnDcq7f5SZkzcUNLI4oP57pyywb4/gshN0k/Zz8 uCDveMfnhbio2sqlXiMsH9TOhcv/4wtXAek/ghP7EOjkBvyXrAFIQ7eEPEB9cp+X xxs9DxqfWmrGB6vt7Er78zjfUETSMa+UrheVLwbRMhJcc0Bg8hT2DCn9Lw6IjfOy usWdrLTGc6qg1zdZzi8QR7jZ+bNx0h+aJLlm8M4cVitXq9v2wb3+6KdsOAeYioAE AsnClw0m8j/xtMh3g4/hB4oCxMj0jRdZ9GIGs8Didw5ZwkXTRvFM1GK1PHxqX4pF 8xMW6Qq0bSUr4II6bPOukBUMUAnPYdkh+iHXsYSZG0I3u6VZLgMK3AXmKRukAYqe kQ1lcRe3Lwsp2h+jMBBsbCWhwYdA3THFO4YO31cUaZ191A7z57905QMbqJG/H3HB 7IUBYBNbrhgysPsNBvY6Lr7yUJIocMgcfP36UHYcBPsDdZgjNCQZneJlkaRlQb8+ CtUSF8D614EguzGsWaIn3uBSm9THKKLd1rSXCyTSgrXDI285mXlKmEWZvm236ew0 OEmIz/Ach/R4268j76enYGa1aubsxnrphUfC3aePu0Wzd3QW4RxnCSq7wc4ARPw7 WTL7J00P578h =aCeG -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/vivier2/tags/trivial-branch-for-6.1-pull-request' into staging Trivial patches pull request 20210503 # gpg: Signature made Mon 03 May 2021 09:34:56 BST # gpg: using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C # gpg: issuer "laurent@vivier.eu" # gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full] # gpg: aka "Laurent Vivier <laurent@vivier.eu>" [full] # gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full] # Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C * remotes/vivier2/tags/trivial-branch-for-6.1-pull-request: (23 commits) hw/rx/rx-gdbsim: Do not accept invalid memory size docs: More precisely describe memory-backend-*::id's user scripts: fix generation update-binfmts templates docs/system: Document the removal of "compat" property for POWER CPUs mc146818rtc: put it into the 'misc' category Do not include exec/address-spaces.h if it's not really necessary Do not include cpu.h if it's not really necessary Do not include hw/boards.h if it's not really necessary Do not include sysemu/sysemu.h if it's not really necessary hw: Do not include qemu/log.h if it is not necessary hw: Do not include hw/irq.h if it is not necessary hw: Do not include hw/sysbus.h if it is not necessary hw: Remove superfluous includes of hw/hw.h ui: Fix memory leak in qemu_xkeymap_mapping_table() hw/usb: Constify VMStateDescription hw/display/qxl: Constify VMStateDescription hw/arm: Constify VMStateDescription vmstate: Constify some VMStateDescriptions Fix typo in CFI build documentation hw/pcmcia: Do not register PCMCIA type if not required ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org> |
||
---|---|---|
.. | ||
imported | ||
arch.c | ||
arch.h | ||
attribs_def.h.inc | ||
attribs.h | ||
cpu_bits.h | ||
cpu-param.h | ||
cpu.c | ||
cpu.h | ||
decode.c | ||
decode.h | ||
dectree.py | ||
fma_emu.c | ||
fma_emu.h | ||
gdbstub.c | ||
gen_dectree_import.c | ||
gen_helper_funcs.py | ||
gen_helper_protos.py | ||
gen_op_attribs.py | ||
gen_op_regs.py | ||
gen_opcodes_def.py | ||
gen_printinsn.py | ||
gen_semantics.c | ||
gen_shortcode.py | ||
gen_tcg_func_table.py | ||
gen_tcg_funcs.py | ||
gen_tcg.h | ||
genptr.c | ||
genptr.h | ||
helper.h | ||
hex_arch_types.h | ||
hex_common.py | ||
hex_regs.h | ||
iclass.c | ||
iclass.h | ||
insn.h | ||
internal.h | ||
macros.h | ||
meson.build | ||
op_helper.c | ||
opcodes.c | ||
opcodes.h | ||
printinsn.c | ||
printinsn.h | ||
README | ||
reg_fields_def.h.inc | ||
reg_fields.c | ||
reg_fields.h | ||
translate.c | ||
translate.h |
Hexagon is Qualcomm's very long instruction word (VLIW) digital signal processor(DSP). The following versions of the Hexagon core are supported Scalar core: v67 https://developer.qualcomm.com/downloads/qualcomm-hexagon-v67-programmer-s-reference-manual We presented an overview of the project at the 2019 KVM Forum. https://kvmforum2019.sched.com/event/Tmwc/qemu-hexagon-automatic-translation-of-the-isa-manual-pseudcode-to-tiny-code-instructions-of-a-vliw-architecture-niccolo-izzo-revng-taylor-simpson-qualcomm-innovation-center *** Tour of the code *** The qemu-hexagon implementation is a combination of qemu and the Hexagon architecture library (aka archlib). The three primary directories with Hexagon-specific code are qemu/target/hexagon This has all the instruction and packet semantics qemu/target/hexagon/imported These files are imported with very little modification from archlib *.idef Instruction semantics definition macros.def Mapping of macros to instruction attributes encode*.def Encoding patterns for each instruction iclass.def Instruction class definitions used to determine legal VLIW slots for each instruction qemu/linux-user/hexagon Helpers for loading the ELF file and making Linux system calls, signals, etc We start with scripts that generate a bunch of include files. This is a two step process. The first step is to use the C preprocessor to expand macros inside the architecture definition files. This is done in target/hexagon/gen_semantics.c. This step produces <BUILD_DIR>/target/hexagon/semantics_generated.pyinc. That file is consumed by the following python scripts to produce the indicated header files in <BUILD_DIR>/target/hexagon gen_opcodes_def.py -> opcodes_def_generated.h.inc gen_op_regs.py -> op_regs_generated.h.inc gen_printinsn.py -> printinsn_generated.h.inc gen_op_attribs.py -> op_attribs_generated.h.inc gen_helper_protos.py -> helper_protos_generated.h.inc gen_shortcode.py -> shortcode_generated.h.inc gen_tcg_funcs.py -> tcg_funcs_generated.c.inc gen_tcg_func_table.py -> tcg_func_table_generated.c.inc gen_helper_funcs.py -> helper_funcs_generated.c.inc Qemu helper functions have 3 parts DEF_HELPER declaration indicates the signature of the helper gen_helper_<NAME> will generate a TCG call to the helper function The helper implementation Here's an example of the A2_add instruction. Instruction tag A2_add Assembly syntax "Rd32=add(Rs32,Rt32)" Instruction semantics "{ RdV=RsV+RtV;}" By convention, the operands are identified by letter RdV is the destination register RsV, RtV are source registers The generator uses the operand naming conventions (see large comment in hex_common.py) to determine the signature of the helper function. Here are the results for A2_add helper_protos_generated.h.inc DEF_HELPER_3(A2_add, s32, env, s32, s32) tcg_funcs_generated.c.inc static void generate_A2_add( CPUHexagonState *env, DisasContext *ctx, Insn *insn, Packet *pkt) { TCGv RdV = tcg_temp_local_new(); const int RdN = insn->regno[0]; TCGv RsV = hex_gpr[insn->regno[1]]; TCGv RtV = hex_gpr[insn->regno[2]]; gen_helper_A2_add(RdV, cpu_env, RsV, RtV); gen_log_reg_write(RdN, RdV); ctx_log_reg_write(ctx, RdN); tcg_temp_free(RdV); } helper_funcs_generated.c.inc int32_t HELPER(A2_add)(CPUHexagonState *env, int32_t RsV, int32_t RtV) { uint32_t slot __attribute__((unused)) = 4; int32_t RdV = 0; { RdV=RsV+RtV;} return RdV; } Note that generate_A2_add updates the disassembly context to be processed when the packet commits (see "Packet Semantics" below). The generator checks for fGEN_TCG_<tag> macro. This allows us to generate TCG code instead of a call to the helper. If defined, the macro takes 1 argument. C semantics (aka short code) This allows the code generator to override the auto-generated code. In some cases this is necessary for correct execution. We can also override for faster emulation. For example, calling a helper for add is more expensive than generating a TCG add operation. The gen_tcg.h file has any overrides. For example, we could write #define fGEN_TCG_A2_add(GENHLPR, SHORTCODE) \ tcg_gen_add_tl(RdV, RsV, RtV) The instruction semantics C code relies heavily on macros. In cases where the C semantics are specified only with macros, we can override the default with the short semantics option and #define the macros to generate TCG code. One example is L2_loadw_locked: Instruction tag L2_loadw_locked Assembly syntax "Rd32=memw_locked(Rs32)" Instruction semantics "{ fEA_REG(RsV); fLOAD_LOCKED(1,4,u,EA,RdV) }" In gen_tcg.h, we use the shortcode #define fGEN_TCG_L2_loadw_locked(SHORTCODE) \ SHORTCODE There are also cases where we brute force the TCG code generation. Instructions with multiple definitions are examples. These require special handling because qemu helpers can only return a single value. In addition to instruction semantics, we use a generator to create the decode tree. This generation is also a two step process. The first step is to run target/hexagon/gen_dectree_import.c to produce <BUILD_DIR>/target/hexagon/iset.py This file is imported by target/hexagon/dectree.py to produce <BUILD_DIR>/target/hexagon/dectree_generated.h.inc *** Key Files *** cpu.h This file contains the definition of the CPUHexagonState struct. It is the runtime information for each thread and contains stuff like the GPR and predicate registers. macros.h The Hexagon arch lib relies heavily on macros for the instruction semantics. This is a great advantage for qemu because we can override them for different purposes. You will also notice there are sometimes two definitions of a macro. The QEMU_GENERATE variable determines whether we want the macro to generate TCG code. If QEMU_GENERATE is not defined, we want the macro to generate vanilla C code that will work in the helper implementation. translate.c The functions in this file generate TCG code for a translation block. Some important functions in this file are gen_start_packet - initialize the data structures for packet semantics gen_commit_packet - commit the register writes, stores, etc for a packet decode_and_translate_packet - disassemble a packet and generate code genptr.c gen_tcg.h These files create a function for each instruction. It is mostly composed of fGEN_TCG_<tag> definitions followed by including tcg_funcs_generated.c.inc. op_helper.c This file contains the implementations of all the helpers. There are a few general purpose helpers, but most of them are generated by including helper_funcs_generated.c.inc. There are also several helpers used for debugging. *** Packet Semantics *** VLIW packet semantics differ from serial semantics in that all input operands are read, then the operations are performed, then all the results are written. For exmaple, this packet performs a swap of registers r0 and r1 { r0 = r1; r1 = r0 } Note that the result is different if the instructions are executed serially. Packet semantics dictate that we defer any changes of state until the entire packet is committed. We record the results of each instruction in a side data structure, and update the visible processor state when we commit the packet. The data structures are divided between the runtime state and the translation context. During the TCG generation (see translate.[ch]), we use the DisasContext to track what needs to be done during packet commit. Here are the relevant fields reg_log list of registers written reg_log_idx index into ctx_reg_log pred_log list of predicates written pred_log_idx index into ctx_pred_log store_width width of stores (indexed by slot) During runtime, the following fields in CPUHexagonState (see cpu.h) are used new_value new value of a given register reg_written boolean indicating if register was written new_pred_value new value of a predicate register pred_written boolean indicating if predicate was written mem_log_stores record of the stores (indexed by slot) *** Debugging *** You can turn on a lot of debugging by changing the HEX_DEBUG macro to 1 in internal.h. This will stream a lot of information as it generates TCG and executes the code. To track down nasty issues with Hexagon->TCG generation, we compare the execution results with actual hardware running on a Hexagon Linux target. Run qemu with the "-d cpu" option. Then, we can diff the results and figure out where qemu and hardware behave differently. The stacks are located at different locations. We handle this by changing env->stack_adjust in translate.c. First, set this to zero and run qemu. Then, change env->stack_adjust to the difference between the two stack locations. Then rebuild qemu and run again. That will produce a very clean diff. Here are some handy places to set breakpoints At the call to gen_start_packet for a given PC (note that the line number might change in the future) br translate.c:602 if ctx->base.pc_next == 0xdeadbeef The helper function for each instruction is named helper_<TAG>, so here's an example that will set a breakpoint at the start br helper_A2_add If you have the HEX_DEBUG macro set, the following will be useful At the start of execution of a packet for a given PC br helper_debug_start_packet if env->gpr[41] == 0xdeadbeef At the end of execution of a packet for a given PC br helper_debug_commit_end if env->this_PC == 0xdeadbeef