问题
I am building a project in which i have to extract the pages which are dirty of Virtual Machine running on top of qemu-kvm.I downloaded the qemu source code but could not able to understand this properly because source code is very big.So please give me guide line regarding handling of source code and getting dirty pages.
回答1:
Agreed that source code is large and difficult to grasp.
There was similar question recently, I posted a diagram there, and I wanted to bring it to your attention, maybe to serve as a good starting point for exploration:
Question on QEMU code flow
回答2:
I agree that QEMU source code is too huge and time consuming to understand. The link below gives a breif of how QEMU runs and what are the basic blocks of QEMU.
In this link the person has done a detailed study on QEMU functionalities, QEMU structure, flow. A PDF is attached with the detailed explaination. He talks about vl.c (main file) , target code, TCG, Dynamic Translation, codebase, start of execution etc. It is quite insightful.
Documentation on QEMU
EDIT: Some important points from the document:
Start of Execution: The major C files in the / that are important for the study are ; /vl.c,/cpus.c, /execall.c, /exec.c, /cpu-exec.c. The ‘main’ function where the execution starts is defined in /vl.c. The functions in this file sets up a virtual machine environment as per the given virtual machine specification such as size of ram, available devices, number of CPUs etc. From the main function, after the virtual machine is set up, execution branches out through files such as /cpus.c, /exec-all.c, /exec.c, /cpu-exec.c.
Emulated Hardware: The code that emulates all virtual hardware in the virtual machine can be found in /hw/. QEMU emulates a considerable number of hardware but detailed understanding of how the hardware are emulated is not necessary in this study.
Guest (Target) Specific: The processor architectures currently emulated in QEMU are; Alpha, ARM, Cris, i386, M68K, PPC, Sparc, Mips, MicroBlaze, S390X and SH4. The code specific to these architectures necessary to convert TBs to TCG ops are available in /target-xyz/ where xyz can any of the above given architecture names. Therefore the code specific to i386 can be found in /target-i386/. This part can be called as the frontend of TCG.
Host (TCG) Specific: The host specific code for generating the host code from the TCG ops are placed in /tcg/ . Inside TCG one can find /xyz/ where xyz can be i386 ,sparc etc which contain the code that converts TCG ops to architecture specific code. This part can be called as the backend of TCG.
/vl.c : The main emulator loop, the virtual machine is setup and CPUs are executed.
/target-xyz/translate.c : The extracted guest code (guest specific ISA) is converted into architecture independent TCG ops
/tcg/tcg.c : The main code for TCG.
/tcg/*/tcg-target.c : Code that converts the TCG ops to host code (host specific ISA).
/cpu-exec.c : Function cpu-exec() in /cpu-exec.c finds the next translation block (TB), if not found calls are made to generate the next TB and finally to execute the generated code.
来源:https://stackoverflow.com/questions/15485257/qemu-source-code-flow