search

xlab-uiuc / qemu_ECPT

Official QEMU mirror. Please see http://wiki.qemu.org/Contribute/SubmitAPatch for how to submit changes to QEMU. Pull Requests are ignored. Please only use release tarballs from the QEMU website.
http://www.qemu.org
Other
0 stars 0 forks source link

Optimize to accelerate simualtion #3

Closed siyuanchai1999 closed 2 months ago

siyuanchai1999 commented 2 months ago

Right now, QEMU’s plugin injects a call back for every instruction. However, when we capture the instruction trace of the running phase result, all loading phase instructions have a callback injected which makes the loading phase simulation very slow. All of those loading phase call backs are not necessary since we care about running phase data.

QEMU first translates each translation block into native machine executables, then execute them. One block can run multiple times but only translated for once. QEMU callback registration is done per translation block at translation time. That's the reason why we need to register call back functions for all translation blocks. If we start registration only after we received starting signal of running phase, there will be translation blocks that have been translated and executed before but without call back registration. We will then miss the trace for instructions in those blocks.

One idea to accelerate is to remove all cached translated blocks, and redo translation with call back.

tianyin commented 2 months ago

It feels like a great idea. We should discuss it.

siyuanchai1999 commented 2 months ago

Commits to fix this: https://github.com/xlab-uiuc/qemu_ECPT/commit/df741fbe970d1625aca6065bac4f1b2dd3af3ba3 https://github.com/xlab-uiuc/qemu_ECPT/commit/66adcdd78be0fc8ff7c3bfb0edaa9a40e130c9bc

Original commit that explains why we need to instrument everything https://github.com/xlab-uiuc/qemu_ECPT/commit/1d089533383c9ea6d9de293cabefe259a9029d9d