Qemu source code analysis 4-dyngen dynamic translation technology

Since I have just been in touch with qemu, the first few articlesArticleThis is just a superficial introduction to some background knowledge of qemu. Today, I suddenly feel that I am too unorganized, and most of them are reading other people's articles, and I have no summary experience, I feel a little bit touched on today. Please kindly advise.

1. Specify guest and host

For qemu, the simulated platform becomes guest or target. Obviously, the platform running qemu is called host.

2. Understand the development of qemu dynamic translation technology

Qemu uses dynamic translation technology to dynamically translate guest binary instructions into host binary instructions, and then the host runs the translated command. Earlier versions of qemu-0.9 all adopt dyngen's dynamic translation technology, while earlier versions of qemu-0.10 start with TCG (tiny code generator) translation technology.

The materials using dyngen dynamic translation technology mainly include the following two articles, which are a good introduction to dynamic translation technology (dyngen technology will be briefly introduced in subsequent analysis ):

• Qemu, a fast and portable dynamic Translator

• Porting qemu to Plan 9: qemu internals and port strategy

There are few articles about TCG technology, mainly reading the source code of qemu and related materials on the qemu official website.

3. Brief Introduction to dyngen

Figure 1 illustrates the simple process in which qemu uses dyngen dynamic translation technology to translate target platform commands into host platform commands.

If target is PowerPC and host is x86, the entire translation process is described as follows:

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Dyngen plays a very important role throughout the process. Its detailed functions are not described here, but I have a question and hope to discuss with you: in the transformation of the Target Platform instruction set to micro-operations, the Hand coded code method is introduced in qemu, a fast and portable dynamic translator, I understand that we are talking about "Hard coding", that is, the one-to-one ing between the target platform commands and micro-op is written in advance, my question is how this one-to-one ing relationship is implemented, because I have not seen the qemu-0.9 version beforeCode So I want to know how Hand coded. In addition, this article also mentions "When qemu first encounters
A piece of target code, it translates it to host code ....... ", my question is, how does qemu process objective files on the target platform? For example, how does qemu analyze an elf file, how does it read instructions from it, and how does it perform subsequent Hand coded ???? In dyngen dynamic translation technology, it also involves several important aspects, such as: (1) TBS, translated blocks qemu defines TB as all the code before the next jump command or the command to modify the CPU state. It is called a TB.
(2) register allocation the register on the target platform is mapped to the fixed register of the host or the specified memory address. (3) conditional code optimization  (4) TB blocks are organized as hash tables.  (5) The MMAP () system calls the MMU of the simulation target.  (6) longjmp () exception Simulation (7) Simulation of interruption in asynchronous round robin Mode    As (3 )~ (7) The specific implementation method is still vague. I hope to communicate with you !!!!!!!!!