References:
The target CPUs have many internal states which change the way it evaluates instructions. In order to achieve a good speed, the translation phase considers that some state information of the virtual CPU cannot change in it. The state is recorded in the Translation Block (TB). If the state changes (e.g. privilege level), a new TB will be generated and the previous TB won’t be used anymore until the state matches the state recorded in the previous TB. The same idea can be applied to other aspects of the CPU state. For example, on x86, if the SS, DS and ES segments have a zero base, then the translator does not even generate an addition for the segment base.
To simulate a self modified code, previous translated block must be invalidated after the original code is modified.
Correct translated code invalidation is done efficiently by maintaining a linked list of every translated block contained in a given page. (How this is related to a page??? == MMU emulation)
In soft MMU mode, the MMU virtual to physical address translation is done at every memory access.
QEMU soft MMU uses an address translation cache (TLB) to speed up the translation.
In order to avoid flushing the translated code each time the MMU mappings change, all caches in QEMU are physically indexed. This means that each basic block is indexed with its physical address.
In order to avoid invalidating the basic block chain when MMU mappings change, chaining is only performed within a page, i.e. when the destination of the jump shares a page with the basic block that is performing the jump.
MMU can also distinguish RAM and ROM memory areas from MMIO memory areas.
Access to RAM/ROM is faster than MMIO because the translation cache also hosts the offset between guest address and host memory. But access MMIO memory areas instead calls out to C code for device emulation.
MMU helps tracking dirty pages and pages pointed to by translation blocks.
If you could revise
the fundmental principles of
computer system design
to improve security...
... what would you change?