-
在qemu tcg里改指令
在tcg里对一些指令做hook,unicorn就是搞这个,比如两年前的代码里,主要就是hook了syscall指令。现在好像在搞啥trace。 简单的说,要hook一条指令,有几个地方要改。以x86为例,qemu tcg解析指令的函数是: qemu/target/i386/tcg/translate.c (unicorn代码比较老,是qemu/target/i386/translate.c) static target_ulong disas_insn (DisasContext *s, CPUState *cpu); 这里面是个非常大的switch case。 比如要解析 0: 67 f3 a7 repz cmps DWORD PTR ds:[esi],DWORD PTR es:[edi] 67是prefix,表明是在64位系统下用32位寄存器esi edi。f3也是prefix,表示指令前面的repz。 找解析这条语句的地方就在switch case里找a7。 case 0xa6: /* cmpsS */ case 0xa7: ot = mo_b_d(b, dflag); if (prefixes & PREFIX_REPNZ) { gen_repz_cmps(s, ot, pc_start -...
-
看看OpenSparc T1里exu的各模块是怎样安排的
特别是ALU和DIV执行周期不一样,最后Writeback的时候是怎样做的。 /* // Module Name: sparc_exu // Description: Execution unit containing register file(IRF), // execution control (ECL), ALU, shifting (SHFT). */ module sparc_exu (/*AUTOARG*/ // Outputs exu_tlu_wsr_data_m, exu_tlu_va_oor_m, exu_tlu_va_oor_jl_ret_m, exu_tlu_ue_trap_m, exu_tlu_ttype_vld_m, exu_tlu_ttype_m, exu_tlu_spill_wtype, exu_tlu_spill_tid, exu_tlu_spill_other, exu_tlu_spill, exu_tlu_misalign_addr_jmpl_rtn_m, exu_tlu_cwp_retry, exu_tlu_cwp_cmplt_tid, exu_tlu_cwp_cmplt, exu_tlu_cwp3_w, exu_tlu_cwp2_w, exu_tlu_cwp1_w, exu_tlu_cwp0_w, exu_tlu_ccr3_w, exu_tlu_ccr2_w, exu_tlu_ccr1_w, exu_tlu_ccr0_w, exu_spu_rs3_data_e, exu_mul_rs2_data,...
-
Chiplab, how instructions go through the issue, ex1 and ex2 stages
I want to trace how the “add” instruction goes through the ex1 and ex2 stages. Because there are several things that I feel weird about. For one, there are ALUs in both ex1 and ex2. And for simple arithmetic operations such as add, it only takes one cycle to finish....