2 * emulator main execution loop
4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include "qemu-barrier.h"
26 int tb_invalidated_flag;
28 //#define CONFIG_DEBUG_EXEC
30 bool qemu_cpu_has_work(CPUArchState *env)
32 return cpu_has_work(env);
35 void cpu_loop_exit(CPUArchState *env)
37 env->current_tb = NULL;
38 longjmp(env->jmp_env, 1);
41 /* exit the current TB from a signal handler. The host registers are
42 restored in a state compatible with the CPU emulator
44 #if defined(CONFIG_SOFTMMU)
45 void cpu_resume_from_signal(CPUArchState *env, void *puc)
47 /* XXX: restore cpu registers saved in host registers */
49 env->exception_index = -1;
50 longjmp(env->jmp_env, 1);
54 /* Execute the code without caching the generated code. An interpreter
55 could be used if available. */
56 static void cpu_exec_nocache(CPUArchState *env, int max_cycles,
57 TranslationBlock *orig_tb)
59 tcg_target_ulong next_tb;
62 /* Should never happen.
63 We only end up here when an existing TB is too long. */
64 if (max_cycles > CF_COUNT_MASK)
65 max_cycles = CF_COUNT_MASK;
67 tb = tb_gen_code(env, orig_tb->pc, orig_tb->cs_base, orig_tb->flags,
70 /* execute the generated code */
71 next_tb = tcg_qemu_tb_exec(env, tb->tc_ptr);
72 env->current_tb = NULL;
74 if ((next_tb & 3) == 2) {
75 /* Restore PC. This may happen if async event occurs before
76 the TB starts executing. */
77 cpu_pc_from_tb(env, tb);
79 tb_phys_invalidate(tb, -1);
83 static TranslationBlock *tb_find_slow(CPUArchState *env,
88 TranslationBlock *tb, **ptb1;
90 tb_page_addr_t phys_pc, phys_page1;
91 target_ulong virt_page2;
93 tb_invalidated_flag = 0;
95 /* find translated block using physical mappings */
96 phys_pc = get_page_addr_code(env, pc);
97 phys_page1 = phys_pc & TARGET_PAGE_MASK;
98 h = tb_phys_hash_func(phys_pc);
99 ptb1 = &tb_phys_hash[h];
105 tb->page_addr[0] == phys_page1 &&
106 tb->cs_base == cs_base &&
107 tb->flags == flags) {
108 /* check next page if needed */
109 if (tb->page_addr[1] != -1) {
110 tb_page_addr_t phys_page2;
112 virt_page2 = (pc & TARGET_PAGE_MASK) +
114 phys_page2 = get_page_addr_code(env, virt_page2);
115 if (tb->page_addr[1] == phys_page2)
121 ptb1 = &tb->phys_hash_next;
124 /* if no translated code available, then translate it now */
125 tb = tb_gen_code(env, pc, cs_base, flags, 0);
128 /* Move the last found TB to the head of the list */
130 *ptb1 = tb->phys_hash_next;
131 tb->phys_hash_next = tb_phys_hash[h];
132 tb_phys_hash[h] = tb;
134 /* we add the TB in the virtual pc hash table */
135 env->tb_jmp_cache[tb_jmp_cache_hash_func(pc)] = tb;
139 static inline TranslationBlock *tb_find_fast(CPUArchState *env)
141 TranslationBlock *tb;
142 target_ulong cs_base, pc;
145 /* we record a subset of the CPU state. It will
146 always be the same before a given translated block
148 cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
149 tb = env->tb_jmp_cache[tb_jmp_cache_hash_func(pc)];
150 if (unlikely(!tb || tb->pc != pc || tb->cs_base != cs_base ||
151 tb->flags != flags)) {
152 tb = tb_find_slow(env, pc, cs_base, flags);
157 static CPUDebugExcpHandler *debug_excp_handler;
159 void cpu_set_debug_excp_handler(CPUDebugExcpHandler *handler)
161 debug_excp_handler = handler;
164 static void cpu_handle_debug_exception(CPUArchState *env)
168 if (!env->watchpoint_hit) {
169 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
170 wp->flags &= ~BP_WATCHPOINT_HIT;
173 if (debug_excp_handler) {
174 debug_excp_handler(env);
178 /* main execution loop */
180 volatile sig_atomic_t exit_request;
182 int cpu_exec(CPUArchState *env)
185 CPUState *cpu = ENV_GET_CPU(env);
187 int ret, interrupt_request;
188 TranslationBlock *tb;
190 tcg_target_ulong next_tb;
193 if (!cpu_has_work(env)) {
200 cpu_single_env = env;
202 if (unlikely(exit_request)) {
203 env->exit_request = 1;
206 #if defined(TARGET_I386)
207 /* put eflags in CPU temporary format */
208 CC_SRC = env->eflags & (CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
209 DF = 1 - (2 * ((env->eflags >> 10) & 1));
210 CC_OP = CC_OP_EFLAGS;
211 env->eflags &= ~(DF_MASK | CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
212 #elif defined(TARGET_SPARC)
213 #elif defined(TARGET_M68K)
214 env->cc_op = CC_OP_FLAGS;
215 env->cc_dest = env->sr & 0xf;
216 env->cc_x = (env->sr >> 4) & 1;
217 #elif defined(TARGET_ALPHA)
218 #elif defined(TARGET_ARM)
219 #elif defined(TARGET_UNICORE32)
220 #elif defined(TARGET_PPC)
221 env->reserve_addr = -1;
222 #elif defined(TARGET_LM32)
223 #elif defined(TARGET_MICROBLAZE)
224 #elif defined(TARGET_MIPS)
225 #elif defined(TARGET_OPENRISC)
226 #elif defined(TARGET_SH4)
227 #elif defined(TARGET_CRIS)
228 #elif defined(TARGET_S390X)
229 #elif defined(TARGET_XTENSA)
232 #error unsupported target CPU
234 env->exception_index = -1;
236 /* prepare setjmp context for exception handling */
238 if (setjmp(env->jmp_env) == 0) {
239 /* if an exception is pending, we execute it here */
240 if (env->exception_index >= 0) {
241 if (env->exception_index >= EXCP_INTERRUPT) {
242 /* exit request from the cpu execution loop */
243 ret = env->exception_index;
244 if (ret == EXCP_DEBUG) {
245 cpu_handle_debug_exception(env);
249 #if defined(CONFIG_USER_ONLY)
250 /* if user mode only, we simulate a fake exception
251 which will be handled outside the cpu execution
253 #if defined(TARGET_I386)
256 ret = env->exception_index;
260 env->exception_index = -1;
265 next_tb = 0; /* force lookup of first TB */
267 interrupt_request = env->interrupt_request;
268 if (unlikely(interrupt_request)) {
269 if (unlikely(env->singlestep_enabled & SSTEP_NOIRQ)) {
270 /* Mask out external interrupts for this step. */
271 interrupt_request &= ~CPU_INTERRUPT_SSTEP_MASK;
273 if (interrupt_request & CPU_INTERRUPT_DEBUG) {
274 env->interrupt_request &= ~CPU_INTERRUPT_DEBUG;
275 env->exception_index = EXCP_DEBUG;
278 #if defined(TARGET_ARM) || defined(TARGET_SPARC) || defined(TARGET_MIPS) || \
279 defined(TARGET_PPC) || defined(TARGET_ALPHA) || defined(TARGET_CRIS) || \
280 defined(TARGET_MICROBLAZE) || defined(TARGET_LM32) || defined(TARGET_UNICORE32)
281 if (interrupt_request & CPU_INTERRUPT_HALT) {
282 env->interrupt_request &= ~CPU_INTERRUPT_HALT;
284 env->exception_index = EXCP_HLT;
288 #if defined(TARGET_I386)
289 #if !defined(CONFIG_USER_ONLY)
290 if (interrupt_request & CPU_INTERRUPT_POLL) {
291 env->interrupt_request &= ~CPU_INTERRUPT_POLL;
292 apic_poll_irq(env->apic_state);
295 if (interrupt_request & CPU_INTERRUPT_INIT) {
296 cpu_svm_check_intercept_param(env, SVM_EXIT_INIT,
298 do_cpu_init(x86_env_get_cpu(env));
299 env->exception_index = EXCP_HALTED;
301 } else if (interrupt_request & CPU_INTERRUPT_SIPI) {
302 do_cpu_sipi(x86_env_get_cpu(env));
303 } else if (env->hflags2 & HF2_GIF_MASK) {
304 if ((interrupt_request & CPU_INTERRUPT_SMI) &&
305 !(env->hflags & HF_SMM_MASK)) {
306 cpu_svm_check_intercept_param(env, SVM_EXIT_SMI,
308 env->interrupt_request &= ~CPU_INTERRUPT_SMI;
311 } else if ((interrupt_request & CPU_INTERRUPT_NMI) &&
312 !(env->hflags2 & HF2_NMI_MASK)) {
313 env->interrupt_request &= ~CPU_INTERRUPT_NMI;
314 env->hflags2 |= HF2_NMI_MASK;
315 do_interrupt_x86_hardirq(env, EXCP02_NMI, 1);
317 } else if (interrupt_request & CPU_INTERRUPT_MCE) {
318 env->interrupt_request &= ~CPU_INTERRUPT_MCE;
319 do_interrupt_x86_hardirq(env, EXCP12_MCHK, 0);
321 } else if ((interrupt_request & CPU_INTERRUPT_HARD) &&
322 (((env->hflags2 & HF2_VINTR_MASK) &&
323 (env->hflags2 & HF2_HIF_MASK)) ||
324 (!(env->hflags2 & HF2_VINTR_MASK) &&
325 (env->eflags & IF_MASK &&
326 !(env->hflags & HF_INHIBIT_IRQ_MASK))))) {
328 cpu_svm_check_intercept_param(env, SVM_EXIT_INTR,
330 env->interrupt_request &= ~(CPU_INTERRUPT_HARD | CPU_INTERRUPT_VIRQ);
331 intno = cpu_get_pic_interrupt(env);
332 qemu_log_mask(CPU_LOG_TB_IN_ASM, "Servicing hardware INT=0x%02x\n", intno);
333 do_interrupt_x86_hardirq(env, intno, 1);
334 /* ensure that no TB jump will be modified as
335 the program flow was changed */
337 #if !defined(CONFIG_USER_ONLY)
338 } else if ((interrupt_request & CPU_INTERRUPT_VIRQ) &&
339 (env->eflags & IF_MASK) &&
340 !(env->hflags & HF_INHIBIT_IRQ_MASK)) {
342 /* FIXME: this should respect TPR */
343 cpu_svm_check_intercept_param(env, SVM_EXIT_VINTR,
345 intno = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.int_vector));
346 qemu_log_mask(CPU_LOG_TB_IN_ASM, "Servicing virtual hardware INT=0x%02x\n", intno);
347 do_interrupt_x86_hardirq(env, intno, 1);
348 env->interrupt_request &= ~CPU_INTERRUPT_VIRQ;
353 #elif defined(TARGET_PPC)
354 if ((interrupt_request & CPU_INTERRUPT_RESET)) {
357 if (interrupt_request & CPU_INTERRUPT_HARD) {
358 ppc_hw_interrupt(env);
359 if (env->pending_interrupts == 0)
360 env->interrupt_request &= ~CPU_INTERRUPT_HARD;
363 #elif defined(TARGET_LM32)
364 if ((interrupt_request & CPU_INTERRUPT_HARD)
365 && (env->ie & IE_IE)) {
366 env->exception_index = EXCP_IRQ;
370 #elif defined(TARGET_MICROBLAZE)
371 if ((interrupt_request & CPU_INTERRUPT_HARD)
372 && (env->sregs[SR_MSR] & MSR_IE)
373 && !(env->sregs[SR_MSR] & (MSR_EIP | MSR_BIP))
374 && !(env->iflags & (D_FLAG | IMM_FLAG))) {
375 env->exception_index = EXCP_IRQ;
379 #elif defined(TARGET_MIPS)
380 if ((interrupt_request & CPU_INTERRUPT_HARD) &&
381 cpu_mips_hw_interrupts_pending(env)) {
383 env->exception_index = EXCP_EXT_INTERRUPT;
388 #elif defined(TARGET_OPENRISC)
391 if ((interrupt_request & CPU_INTERRUPT_HARD)
392 && (env->sr & SR_IEE)) {
395 if ((interrupt_request & CPU_INTERRUPT_TIMER)
396 && (env->sr & SR_TEE)) {
400 env->exception_index = idx;
405 #elif defined(TARGET_SPARC)
406 if (interrupt_request & CPU_INTERRUPT_HARD) {
407 if (cpu_interrupts_enabled(env) &&
408 env->interrupt_index > 0) {
409 int pil = env->interrupt_index & 0xf;
410 int type = env->interrupt_index & 0xf0;
412 if (((type == TT_EXTINT) &&
413 cpu_pil_allowed(env, pil)) ||
415 env->exception_index = env->interrupt_index;
421 #elif defined(TARGET_ARM)
422 if (interrupt_request & CPU_INTERRUPT_FIQ
423 && !(env->uncached_cpsr & CPSR_F)) {
424 env->exception_index = EXCP_FIQ;
428 /* ARMv7-M interrupt return works by loading a magic value
429 into the PC. On real hardware the load causes the
430 return to occur. The qemu implementation performs the
431 jump normally, then does the exception return when the
432 CPU tries to execute code at the magic address.
433 This will cause the magic PC value to be pushed to
434 the stack if an interrupt occurred at the wrong time.
435 We avoid this by disabling interrupts when
436 pc contains a magic address. */
437 if (interrupt_request & CPU_INTERRUPT_HARD
438 && ((IS_M(env) && env->regs[15] < 0xfffffff0)
439 || !(env->uncached_cpsr & CPSR_I))) {
440 env->exception_index = EXCP_IRQ;
444 #elif defined(TARGET_UNICORE32)
445 if (interrupt_request & CPU_INTERRUPT_HARD
446 && !(env->uncached_asr & ASR_I)) {
447 env->exception_index = UC32_EXCP_INTR;
451 #elif defined(TARGET_SH4)
452 if (interrupt_request & CPU_INTERRUPT_HARD) {
456 #elif defined(TARGET_ALPHA)
459 /* ??? This hard-codes the OSF/1 interrupt levels. */
460 switch (env->pal_mode ? 7 : env->ps & PS_INT_MASK) {
462 if (interrupt_request & CPU_INTERRUPT_HARD) {
463 idx = EXCP_DEV_INTERRUPT;
467 if (interrupt_request & CPU_INTERRUPT_TIMER) {
468 idx = EXCP_CLK_INTERRUPT;
472 if (interrupt_request & CPU_INTERRUPT_SMP) {
473 idx = EXCP_SMP_INTERRUPT;
477 if (interrupt_request & CPU_INTERRUPT_MCHK) {
482 env->exception_index = idx;
488 #elif defined(TARGET_CRIS)
489 if (interrupt_request & CPU_INTERRUPT_HARD
490 && (env->pregs[PR_CCS] & I_FLAG)
491 && !env->locked_irq) {
492 env->exception_index = EXCP_IRQ;
496 if (interrupt_request & CPU_INTERRUPT_NMI) {
497 unsigned int m_flag_archval;
498 if (env->pregs[PR_VR] < 32) {
499 m_flag_archval = M_FLAG_V10;
501 m_flag_archval = M_FLAG_V32;
503 if ((env->pregs[PR_CCS] & m_flag_archval)) {
504 env->exception_index = EXCP_NMI;
509 #elif defined(TARGET_M68K)
510 if (interrupt_request & CPU_INTERRUPT_HARD
511 && ((env->sr & SR_I) >> SR_I_SHIFT)
512 < env->pending_level) {
513 /* Real hardware gets the interrupt vector via an
514 IACK cycle at this point. Current emulated
515 hardware doesn't rely on this, so we
516 provide/save the vector when the interrupt is
518 env->exception_index = env->pending_vector;
519 do_interrupt_m68k_hardirq(env);
522 #elif defined(TARGET_S390X) && !defined(CONFIG_USER_ONLY)
523 if ((interrupt_request & CPU_INTERRUPT_HARD) &&
524 (env->psw.mask & PSW_MASK_EXT)) {
528 #elif defined(TARGET_XTENSA)
529 if (interrupt_request & CPU_INTERRUPT_HARD) {
530 env->exception_index = EXC_IRQ;
535 /* Don't use the cached interrupt_request value,
536 do_interrupt may have updated the EXITTB flag. */
537 if (env->interrupt_request & CPU_INTERRUPT_EXITTB) {
538 env->interrupt_request &= ~CPU_INTERRUPT_EXITTB;
539 /* ensure that no TB jump will be modified as
540 the program flow was changed */
544 if (unlikely(env->exit_request)) {
545 env->exit_request = 0;
546 env->exception_index = EXCP_INTERRUPT;
549 #if defined(DEBUG_DISAS) || defined(CONFIG_DEBUG_EXEC)
550 if (qemu_loglevel_mask(CPU_LOG_TB_CPU)) {
551 /* restore flags in standard format */
552 #if defined(TARGET_I386)
553 env->eflags = env->eflags | cpu_cc_compute_all(env, CC_OP)
555 log_cpu_state(env, X86_DUMP_CCOP);
556 env->eflags &= ~(DF_MASK | CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
557 #elif defined(TARGET_M68K)
558 cpu_m68k_flush_flags(env, env->cc_op);
559 env->cc_op = CC_OP_FLAGS;
560 env->sr = (env->sr & 0xffe0)
561 | env->cc_dest | (env->cc_x << 4);
562 log_cpu_state(env, 0);
564 log_cpu_state(env, 0);
567 #endif /* DEBUG_DISAS || CONFIG_DEBUG_EXEC */
569 tb = tb_find_fast(env);
570 /* Note: we do it here to avoid a gcc bug on Mac OS X when
571 doing it in tb_find_slow */
572 if (tb_invalidated_flag) {
573 /* as some TB could have been invalidated because
574 of memory exceptions while generating the code, we
575 must recompute the hash index here */
577 tb_invalidated_flag = 0;
579 #ifdef CONFIG_DEBUG_EXEC
580 qemu_log_mask(CPU_LOG_EXEC, "Trace %p [" TARGET_FMT_lx "] %s\n",
582 lookup_symbol(tb->pc));
584 /* see if we can patch the calling TB. When the TB
585 spans two pages, we cannot safely do a direct
587 if (next_tb != 0 && tb->page_addr[1] == -1) {
588 tb_add_jump((TranslationBlock *)(next_tb & ~3), next_tb & 3, tb);
590 spin_unlock(&tb_lock);
592 /* cpu_interrupt might be called while translating the
593 TB, but before it is linked into a potentially
594 infinite loop and becomes env->current_tb. Avoid
595 starting execution if there is a pending interrupt. */
596 env->current_tb = tb;
598 if (likely(!env->exit_request)) {
600 /* execute the generated code */
601 next_tb = tcg_qemu_tb_exec(env, tc_ptr);
602 if ((next_tb & 3) == 2) {
603 /* Instruction counter expired. */
605 tb = (TranslationBlock *)(next_tb & ~3);
607 cpu_pc_from_tb(env, tb);
608 insns_left = env->icount_decr.u32;
609 if (env->icount_extra && insns_left >= 0) {
610 /* Refill decrementer and continue execution. */
611 env->icount_extra += insns_left;
612 if (env->icount_extra > 0xffff) {
615 insns_left = env->icount_extra;
617 env->icount_extra -= insns_left;
618 env->icount_decr.u16.low = insns_left;
620 if (insns_left > 0) {
621 /* Execute remaining instructions. */
622 cpu_exec_nocache(env, insns_left, tb);
624 env->exception_index = EXCP_INTERRUPT;
630 env->current_tb = NULL;
631 /* reset soft MMU for next block (it can currently
632 only be set by a memory fault) */
635 /* Reload env after longjmp - the compiler may have smashed all
636 * local variables as longjmp is marked 'noreturn'. */
637 env = cpu_single_env;
642 #if defined(TARGET_I386)
643 /* restore flags in standard format */
644 env->eflags = env->eflags | cpu_cc_compute_all(env, CC_OP)
646 #elif defined(TARGET_ARM)
647 /* XXX: Save/restore host fpu exception state?. */
648 #elif defined(TARGET_UNICORE32)
649 #elif defined(TARGET_SPARC)
650 #elif defined(TARGET_PPC)
651 #elif defined(TARGET_LM32)
652 #elif defined(TARGET_M68K)
653 cpu_m68k_flush_flags(env, env->cc_op);
654 env->cc_op = CC_OP_FLAGS;
655 env->sr = (env->sr & 0xffe0)
656 | env->cc_dest | (env->cc_x << 4);
657 #elif defined(TARGET_MICROBLAZE)
658 #elif defined(TARGET_MIPS)
659 #elif defined(TARGET_OPENRISC)
660 #elif defined(TARGET_SH4)
661 #elif defined(TARGET_ALPHA)
662 #elif defined(TARGET_CRIS)
663 #elif defined(TARGET_S390X)
664 #elif defined(TARGET_XTENSA)
667 #error unsupported target CPU
670 /* fail safe : never use cpu_single_env outside cpu_exec() */
671 cpu_single_env = NULL;
projects / sdk / emulator / qemu.git / blob