On Thu, Jan 12, 2012 at 02:00:38PM +0000, Peter Maydell wrote: > When doing TCG code translation, the target-foo translate.c > code is allowed to bake assumptions into the generated code from > the current values of various fields in the CPUState. This then > imposes the requirement that if the field is changed then tb_flush > must be called to throw away the now-incorrect generated code. > > However, cpu_reset() changes (unsurprisingly) lots of fields in > the CPUState, but it doesn't call tb_flush()...
I dig what tlb_flush does further and think maybe we don't need to call tb_flush when tlb_flush is called. First, look at tlb_flush (exec.c). It clears env's tb_jmp_cache which use GHA as an index to search if there is a translated code. Since tb_jmp_cache is reset now, QEMU is forced to call tb_find_slow which uses GPA as the index. In tb_find_slow's for loop, it compares hit TranslationBlock's various fields with current values. To be more specific, static TranslationBlock *tb_find_slow(...) { for(;;) { tb = *ptb1; if (!tb) goto not_found; if (tb->pc == pc && <--- Here tb->page_addr[0] == phys_page1 && tb->cs_base == cs_base && tb->flags == flags) { } } } What do you think? Regards, chenwj -- Wei-Ren Chen (陳韋任) Computer Systems Lab, Institute of Information Science, Academia Sinica, Taiwan (R.O.C.) Tel:886-2-2788-3799 #1667 Homepage: http://people.cs.nctu.edu.tw/~chenwj