4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
22 #include <sys/types.h>
33 #include "qemu-common.h"
34 #define NO_CPU_IO_DEFS
37 #include "disas/disas.h"
39 #if defined(CONFIG_USER_ONLY)
41 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
42 #include <sys/param.h>
43 #if __FreeBSD_version >= 700104
44 #define HAVE_KINFO_GETVMMAP
45 #define sigqueue sigqueue_freebsd /* avoid redefinition */
48 #include <machine/profile.h>
57 #include "exec/address-spaces.h"
60 #include "exec/cputlb.h"
61 #include "exec/tb-hash.h"
62 #include "translate-all.h"
63 #include "qemu/bitmap.h"
64 #include "qemu/timer.h"
66 //#define DEBUG_TB_INVALIDATE
68 /* make various TB consistency checks */
69 //#define DEBUG_TB_CHECK
71 #if !defined(CONFIG_USER_ONLY)
72 /* TB consistency checks only implemented for usermode emulation. */
76 #define SMC_BITMAP_USE_THRESHOLD 10
78 typedef struct PageDesc {
79 /* list of TBs intersecting this ram page */
80 TranslationBlock *first_tb;
81 /* in order to optimize self modifying code, we count the number
82 of lookups we do to a given page to use a bitmap */
83 unsigned int code_write_count;
84 unsigned long *code_bitmap;
85 #if defined(CONFIG_USER_ONLY)
90 /* In system mode we want L1_MAP to be based on ram offsets,
91 while in user mode we want it to be based on virtual addresses. */
92 #if !defined(CONFIG_USER_ONLY)
93 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
94 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
96 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
99 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
102 /* Size of the L2 (and L3, etc) page tables. */
104 #define V_L2_SIZE (1 << V_L2_BITS)
106 /* The bits remaining after N lower levels of page tables. */
107 #define V_L1_BITS_REM \
108 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % V_L2_BITS)
110 #if V_L1_BITS_REM < 4
111 #define V_L1_BITS (V_L1_BITS_REM + V_L2_BITS)
113 #define V_L1_BITS V_L1_BITS_REM
116 #define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
118 #define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
120 uintptr_t qemu_host_page_size;
121 intptr_t qemu_host_page_mask;
123 /* The bottom level has pointers to PageDesc */
124 static void *l1_map[V_L1_SIZE];
126 /* code generation context */
129 /* translation block context */
130 #ifdef CONFIG_USER_ONLY
131 __thread int have_tb_lock;
136 #ifdef CONFIG_USER_ONLY
137 assert(!have_tb_lock);
138 qemu_mutex_lock(&tcg_ctx.tb_ctx.tb_lock);
145 #ifdef CONFIG_USER_ONLY
146 assert(have_tb_lock);
148 qemu_mutex_unlock(&tcg_ctx.tb_ctx.tb_lock);
152 void tb_lock_reset(void)
154 #ifdef CONFIG_USER_ONLY
156 qemu_mutex_unlock(&tcg_ctx.tb_ctx.tb_lock);
162 static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
163 tb_page_addr_t phys_page2);
164 static TranslationBlock *tb_find_pc(uintptr_t tc_ptr);
166 void cpu_gen_init(void)
168 tcg_context_init(&tcg_ctx);
171 /* Encode VAL as a signed leb128 sequence at P.
172 Return P incremented past the encoded value. */
173 static uint8_t *encode_sleb128(uint8_t *p, target_long val)
180 more = !((val == 0 && (byte & 0x40) == 0)
181 || (val == -1 && (byte & 0x40) != 0));
191 /* Decode a signed leb128 sequence at *PP; increment *PP past the
192 decoded value. Return the decoded value. */
193 static target_long decode_sleb128(uint8_t **pp)
201 val |= (target_ulong)(byte & 0x7f) << shift;
203 } while (byte & 0x80);
204 if (shift < TARGET_LONG_BITS && (byte & 0x40)) {
205 val |= -(target_ulong)1 << shift;
212 /* Encode the data collected about the instructions while compiling TB.
213 Place the data at BLOCK, and return the number of bytes consumed.
215 The logical table consisits of TARGET_INSN_START_WORDS target_ulong's,
216 which come from the target's insn_start data, followed by a uintptr_t
217 which comes from the host pc of the end of the code implementing the insn.
219 Each line of the table is encoded as sleb128 deltas from the previous
220 line. The seed for the first line is { tb->pc, 0..., tb->tc_ptr }.
221 That is, the first column is seeded with the guest pc, the last column
222 with the host pc, and the middle columns with zeros. */
224 static int encode_search(TranslationBlock *tb, uint8_t *block)
226 uint8_t *highwater = tcg_ctx.code_gen_highwater;
230 tb->tc_search = block;
232 for (i = 0, n = tb->icount; i < n; ++i) {
235 for (j = 0; j < TARGET_INSN_START_WORDS; ++j) {
237 prev = (j == 0 ? tb->pc : 0);
239 prev = tcg_ctx.gen_insn_data[i - 1][j];
241 p = encode_sleb128(p, tcg_ctx.gen_insn_data[i][j] - prev);
243 prev = (i == 0 ? 0 : tcg_ctx.gen_insn_end_off[i - 1]);
244 p = encode_sleb128(p, tcg_ctx.gen_insn_end_off[i] - prev);
246 /* Test for (pending) buffer overflow. The assumption is that any
247 one row beginning below the high water mark cannot overrun
248 the buffer completely. Thus we can test for overflow after
249 encoding a row without having to check during encoding. */
250 if (unlikely(p > highwater)) {
258 /* The cpu state corresponding to 'searched_pc' is restored. */
259 static int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
260 uintptr_t searched_pc)
262 target_ulong data[TARGET_INSN_START_WORDS] = { tb->pc };
263 uintptr_t host_pc = (uintptr_t)tb->tc_ptr;
264 CPUArchState *env = cpu->env_ptr;
265 uint8_t *p = tb->tc_search;
266 int i, j, num_insns = tb->icount;
267 #ifdef CONFIG_PROFILER
268 int64_t ti = profile_getclock();
271 if (searched_pc < host_pc) {
275 /* Reconstruct the stored insn data while looking for the point at
276 which the end of the insn exceeds the searched_pc. */
277 for (i = 0; i < num_insns; ++i) {
278 for (j = 0; j < TARGET_INSN_START_WORDS; ++j) {
279 data[j] += decode_sleb128(&p);
281 host_pc += decode_sleb128(&p);
282 if (host_pc > searched_pc) {
289 if (tb->cflags & CF_USE_ICOUNT) {
291 /* Reset the cycle counter to the start of the block. */
292 cpu->icount_decr.u16.low += num_insns;
293 /* Clear the IO flag. */
296 cpu->icount_decr.u16.low -= i;
297 restore_state_to_opc(env, tb, data);
299 #ifdef CONFIG_PROFILER
300 tcg_ctx.restore_time += profile_getclock() - ti;
301 tcg_ctx.restore_count++;
306 bool cpu_restore_state(CPUState *cpu, uintptr_t retaddr)
308 TranslationBlock *tb;
310 tb = tb_find_pc(retaddr);
312 cpu_restore_state_from_tb(cpu, tb, retaddr);
313 if (tb->cflags & CF_NOCACHE) {
314 /* one-shot translation, invalidate it immediately */
315 cpu->current_tb = NULL;
316 tb_phys_invalidate(tb, -1);
324 void page_size_init(void)
326 /* NOTE: we can always suppose that qemu_host_page_size >=
328 qemu_real_host_page_size = getpagesize();
329 qemu_real_host_page_mask = -(intptr_t)qemu_real_host_page_size;
330 if (qemu_host_page_size == 0) {
331 qemu_host_page_size = qemu_real_host_page_size;
333 if (qemu_host_page_size < TARGET_PAGE_SIZE) {
334 qemu_host_page_size = TARGET_PAGE_SIZE;
336 qemu_host_page_mask = -(intptr_t)qemu_host_page_size;
339 static void page_init(void)
342 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
344 #ifdef HAVE_KINFO_GETVMMAP
345 struct kinfo_vmentry *freep;
348 freep = kinfo_getvmmap(getpid(), &cnt);
351 for (i = 0; i < cnt; i++) {
352 unsigned long startaddr, endaddr;
354 startaddr = freep[i].kve_start;
355 endaddr = freep[i].kve_end;
356 if (h2g_valid(startaddr)) {
357 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
359 if (h2g_valid(endaddr)) {
360 endaddr = h2g(endaddr);
361 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
363 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
365 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
376 last_brk = (unsigned long)sbrk(0);
378 f = fopen("/compat/linux/proc/self/maps", "r");
383 unsigned long startaddr, endaddr;
386 n = fscanf(f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
388 if (n == 2 && h2g_valid(startaddr)) {
389 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
391 if (h2g_valid(endaddr)) {
392 endaddr = h2g(endaddr);
396 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
409 * Called with mmap_lock held for user-mode emulation.
411 static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
417 /* Level 1. Always allocated. */
418 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
421 for (i = V_L1_SHIFT / V_L2_BITS - 1; i > 0; i--) {
422 void **p = atomic_rcu_read(lp);
428 p = g_new0(void *, V_L2_SIZE);
429 atomic_rcu_set(lp, p);
432 lp = p + ((index >> (i * V_L2_BITS)) & (V_L2_SIZE - 1));
435 pd = atomic_rcu_read(lp);
440 pd = g_new0(PageDesc, V_L2_SIZE);
441 atomic_rcu_set(lp, pd);
444 return pd + (index & (V_L2_SIZE - 1));
447 static inline PageDesc *page_find(tb_page_addr_t index)
449 return page_find_alloc(index, 0);
452 #if defined(CONFIG_USER_ONLY)
453 /* Currently it is not recommended to allocate big chunks of data in
454 user mode. It will change when a dedicated libc will be used. */
455 /* ??? 64-bit hosts ought to have no problem mmaping data outside the
456 region in which the guest needs to run. Revisit this. */
457 #define USE_STATIC_CODE_GEN_BUFFER
460 /* Minimum size of the code gen buffer. This number is randomly chosen,
461 but not so small that we can't have a fair number of TB's live. */
462 #define MIN_CODE_GEN_BUFFER_SIZE (1024u * 1024)
464 /* Maximum size of the code gen buffer we'd like to use. Unless otherwise
465 indicated, this is constrained by the range of direct branches on the
466 host cpu, as used by the TCG implementation of goto_tb. */
467 #if defined(__x86_64__)
468 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
469 #elif defined(__sparc__)
470 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
471 #elif defined(__powerpc64__)
472 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
473 #elif defined(__aarch64__)
474 # define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024)
475 #elif defined(__arm__)
476 # define MAX_CODE_GEN_BUFFER_SIZE (16u * 1024 * 1024)
477 #elif defined(__s390x__)
478 /* We have a +- 4GB range on the branches; leave some slop. */
479 # define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024)
480 #elif defined(__mips__)
481 /* We have a 256MB branch region, but leave room to make sure the
482 main executable is also within that region. */
483 # define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024)
485 # define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
488 #define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)
490 #define DEFAULT_CODE_GEN_BUFFER_SIZE \
491 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
492 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)
494 static inline size_t size_code_gen_buffer(size_t tb_size)
496 /* Size the buffer. */
498 #ifdef USE_STATIC_CODE_GEN_BUFFER
499 tb_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
501 /* ??? Needs adjustments. */
502 /* ??? If we relax the requirement that CONFIG_USER_ONLY use the
503 static buffer, we could size this on RESERVED_VA, on the text
504 segment size of the executable, or continue to use the default. */
505 tb_size = (unsigned long)(ram_size / 4);
508 if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) {
509 tb_size = MIN_CODE_GEN_BUFFER_SIZE;
511 if (tb_size > MAX_CODE_GEN_BUFFER_SIZE) {
512 tb_size = MAX_CODE_GEN_BUFFER_SIZE;
514 tcg_ctx.code_gen_buffer_size = tb_size;
519 /* In order to use J and JAL within the code_gen_buffer, we require
520 that the buffer not cross a 256MB boundary. */
521 static inline bool cross_256mb(void *addr, size_t size)
523 return ((uintptr_t)addr ^ ((uintptr_t)addr + size)) & 0xf0000000;
526 /* We weren't able to allocate a buffer without crossing that boundary,
527 so make do with the larger portion of the buffer that doesn't cross.
528 Returns the new base of the buffer, and adjusts code_gen_buffer_size. */
529 static inline void *split_cross_256mb(void *buf1, size_t size1)
531 void *buf2 = (void *)(((uintptr_t)buf1 + size1) & 0xf0000000);
532 size_t size2 = buf1 + size1 - buf2;
540 tcg_ctx.code_gen_buffer_size = size1;
545 #ifdef USE_STATIC_CODE_GEN_BUFFER
546 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
547 __attribute__((aligned(CODE_GEN_ALIGN)));
550 static inline void do_protect(void *addr, long size, int prot)
553 VirtualProtect(addr, size, prot, &old_protect);
556 static inline void map_exec(void *addr, long size)
558 do_protect(addr, size, PAGE_EXECUTE_READWRITE);
561 static inline void map_none(void *addr, long size)
563 do_protect(addr, size, PAGE_NOACCESS);
566 static inline void do_protect(void *addr, long size, int prot)
568 uintptr_t start, end;
570 start = (uintptr_t)addr;
571 start &= qemu_real_host_page_mask;
573 end = (uintptr_t)addr + size;
574 end = ROUND_UP(end, qemu_real_host_page_size);
576 mprotect((void *)start, end - start, prot);
579 static inline void map_exec(void *addr, long size)
581 do_protect(addr, size, PROT_READ | PROT_WRITE | PROT_EXEC);
584 static inline void map_none(void *addr, long size)
586 do_protect(addr, size, PROT_NONE);
590 static inline void *alloc_code_gen_buffer(void)
592 void *buf = static_code_gen_buffer;
593 size_t full_size, size;
595 /* The size of the buffer, rounded down to end on a page boundary. */
596 full_size = (((uintptr_t)buf + sizeof(static_code_gen_buffer))
597 & qemu_real_host_page_mask) - (uintptr_t)buf;
599 /* Reserve a guard page. */
600 size = full_size - qemu_real_host_page_size;
602 /* Honor a command-line option limiting the size of the buffer. */
603 if (size > tcg_ctx.code_gen_buffer_size) {
604 size = (((uintptr_t)buf + tcg_ctx.code_gen_buffer_size)
605 & qemu_real_host_page_mask) - (uintptr_t)buf;
607 tcg_ctx.code_gen_buffer_size = size;
610 if (cross_256mb(buf, size)) {
611 buf = split_cross_256mb(buf, size);
612 size = tcg_ctx.code_gen_buffer_size;
617 map_none(buf + size, qemu_real_host_page_size);
618 qemu_madvise(buf, size, QEMU_MADV_HUGEPAGE);
622 #elif defined(_WIN32)
623 static inline void *alloc_code_gen_buffer(void)
625 size_t size = tcg_ctx.code_gen_buffer_size;
628 /* Perform the allocation in two steps, so that the guard page
629 is reserved but uncommitted. */
630 buf1 = VirtualAlloc(NULL, size + qemu_real_host_page_size,
631 MEM_RESERVE, PAGE_NOACCESS);
633 buf2 = VirtualAlloc(buf1, size, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
634 assert(buf1 == buf2);
640 static inline void *alloc_code_gen_buffer(void)
642 int flags = MAP_PRIVATE | MAP_ANONYMOUS;
644 size_t size = tcg_ctx.code_gen_buffer_size;
647 /* Constrain the position of the buffer based on the host cpu.
648 Note that these addresses are chosen in concert with the
649 addresses assigned in the relevant linker script file. */
650 # if defined(__PIE__) || defined(__PIC__)
651 /* Don't bother setting a preferred location if we're building
652 a position-independent executable. We're more likely to get
653 an address near the main executable if we let the kernel
654 choose the address. */
655 # elif defined(__x86_64__) && defined(MAP_32BIT)
656 /* Force the memory down into low memory with the executable.
657 Leave the choice of exact location with the kernel. */
659 /* Cannot expect to map more than 800MB in low memory. */
660 if (size > 800u * 1024 * 1024) {
661 tcg_ctx.code_gen_buffer_size = size = 800u * 1024 * 1024;
663 # elif defined(__sparc__)
664 start = 0x40000000ul;
665 # elif defined(__s390x__)
666 start = 0x90000000ul;
667 # elif defined(__mips__)
668 # if _MIPS_SIM == _ABI64
669 start = 0x128000000ul;
671 start = 0x08000000ul;
675 buf = mmap((void *)start, size + qemu_real_host_page_size,
676 PROT_NONE, flags, -1, 0);
677 if (buf == MAP_FAILED) {
682 if (cross_256mb(buf, size)) {
683 /* Try again, with the original still mapped, to avoid re-acquiring
684 that 256mb crossing. This time don't specify an address. */
686 void *buf2 = mmap(NULL, size + qemu_real_host_page_size,
687 PROT_NONE, flags, -1, 0);
688 switch (buf2 != MAP_FAILED) {
690 if (!cross_256mb(buf2, size)) {
691 /* Success! Use the new buffer. */
695 /* Failure. Work with what we had. */
699 /* Split the original buffer. Free the smaller half. */
700 buf2 = split_cross_256mb(buf, size);
701 size2 = tcg_ctx.code_gen_buffer_size;
703 munmap(buf + size2 + qemu_real_host_page_size, size - size2);
705 munmap(buf, size - size2);
714 /* Make the final buffer accessible. The guard page at the end
715 will remain inaccessible with PROT_NONE. */
716 mprotect(buf, size, PROT_WRITE | PROT_READ | PROT_EXEC);
718 /* Request large pages for the buffer. */
719 qemu_madvise(buf, size, QEMU_MADV_HUGEPAGE);
723 #endif /* USE_STATIC_CODE_GEN_BUFFER, WIN32, POSIX */
725 static inline void code_gen_alloc(size_t tb_size)
727 tcg_ctx.code_gen_buffer_size = size_code_gen_buffer(tb_size);
728 tcg_ctx.code_gen_buffer = alloc_code_gen_buffer();
729 if (tcg_ctx.code_gen_buffer == NULL) {
730 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
734 /* Estimate a good size for the number of TBs we can support. We
735 still haven't deducted the prologue from the buffer size here,
736 but that's minimal and won't affect the estimate much. */
737 tcg_ctx.code_gen_max_blocks
738 = tcg_ctx.code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
739 tcg_ctx.tb_ctx.tbs = g_new(TranslationBlock, tcg_ctx.code_gen_max_blocks);
741 qemu_mutex_init(&tcg_ctx.tb_ctx.tb_lock);
744 /* Must be called before using the QEMU cpus. 'tb_size' is the size
745 (in bytes) allocated to the translation buffer. Zero means default
747 void tcg_exec_init(unsigned long tb_size)
751 code_gen_alloc(tb_size);
752 #if defined(CONFIG_SOFTMMU)
753 /* There's no guest base to take into account, so go ahead and
754 initialize the prologue now. */
755 tcg_prologue_init(&tcg_ctx);
759 bool tcg_enabled(void)
761 return tcg_ctx.code_gen_buffer != NULL;
764 /* Allocate a new translation block. Flush the translation buffer if
765 too many translation blocks or too much generated code. */
766 static TranslationBlock *tb_alloc(target_ulong pc)
768 TranslationBlock *tb;
770 if (tcg_ctx.tb_ctx.nb_tbs >= tcg_ctx.code_gen_max_blocks) {
773 tb = &tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs++];
779 void tb_free(TranslationBlock *tb)
781 /* In practice this is mostly used for single use temporary TB
782 Ignore the hard cases and just back up if this TB happens to
783 be the last one generated. */
784 if (tcg_ctx.tb_ctx.nb_tbs > 0 &&
785 tb == &tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs - 1]) {
786 tcg_ctx.code_gen_ptr = tb->tc_ptr;
787 tcg_ctx.tb_ctx.nb_tbs--;
791 static inline void invalidate_page_bitmap(PageDesc *p)
793 g_free(p->code_bitmap);
794 p->code_bitmap = NULL;
795 p->code_write_count = 0;
798 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
799 static void page_flush_tb_1(int level, void **lp)
809 for (i = 0; i < V_L2_SIZE; ++i) {
810 pd[i].first_tb = NULL;
811 invalidate_page_bitmap(pd + i);
816 for (i = 0; i < V_L2_SIZE; ++i) {
817 page_flush_tb_1(level - 1, pp + i);
822 static void page_flush_tb(void)
826 for (i = 0; i < V_L1_SIZE; i++) {
827 page_flush_tb_1(V_L1_SHIFT / V_L2_BITS - 1, l1_map + i);
831 /* flush all the translation blocks */
832 /* XXX: tb_flush is currently not thread safe */
833 void tb_flush(CPUState *cpu)
835 #if defined(DEBUG_FLUSH)
836 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
837 (unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer),
838 tcg_ctx.tb_ctx.nb_tbs, tcg_ctx.tb_ctx.nb_tbs > 0 ?
839 ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)) /
840 tcg_ctx.tb_ctx.nb_tbs : 0);
842 if ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)
843 > tcg_ctx.code_gen_buffer_size) {
844 cpu_abort(cpu, "Internal error: code buffer overflow\n");
846 tcg_ctx.tb_ctx.nb_tbs = 0;
849 memset(cpu->tb_jmp_cache, 0, sizeof(cpu->tb_jmp_cache));
852 memset(tcg_ctx.tb_ctx.tb_phys_hash, 0, sizeof(tcg_ctx.tb_ctx.tb_phys_hash));
855 tcg_ctx.code_gen_ptr = tcg_ctx.code_gen_buffer;
856 /* XXX: flush processor icache at this point if cache flush is
858 tcg_ctx.tb_ctx.tb_flush_count++;
861 #ifdef DEBUG_TB_CHECK
863 static void tb_invalidate_check(target_ulong address)
865 TranslationBlock *tb;
868 address &= TARGET_PAGE_MASK;
869 for (i = 0; i < CODE_GEN_PHYS_HASH_SIZE; i++) {
870 for (tb = tb_ctx.tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
871 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
872 address >= tb->pc + tb->size)) {
873 printf("ERROR invalidate: address=" TARGET_FMT_lx
874 " PC=%08lx size=%04x\n",
875 address, (long)tb->pc, tb->size);
881 /* verify that all the pages have correct rights for code */
882 static void tb_page_check(void)
884 TranslationBlock *tb;
885 int i, flags1, flags2;
887 for (i = 0; i < CODE_GEN_PHYS_HASH_SIZE; i++) {
888 for (tb = tcg_ctx.tb_ctx.tb_phys_hash[i]; tb != NULL;
889 tb = tb->phys_hash_next) {
890 flags1 = page_get_flags(tb->pc);
891 flags2 = page_get_flags(tb->pc + tb->size - 1);
892 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
893 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
894 (long)tb->pc, tb->size, flags1, flags2);
902 static inline void tb_hash_remove(TranslationBlock **ptb, TranslationBlock *tb)
904 TranslationBlock *tb1;
909 *ptb = tb1->phys_hash_next;
912 ptb = &tb1->phys_hash_next;
916 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
918 TranslationBlock *tb1;
923 n1 = (uintptr_t)tb1 & 3;
924 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
926 *ptb = tb1->page_next[n1];
929 ptb = &tb1->page_next[n1];
933 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
935 TranslationBlock *tb1, **ptb;
938 ptb = &tb->jmp_next[n];
941 /* find tb(n) in circular list */
944 n1 = (uintptr_t)tb1 & 3;
945 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
946 if (n1 == n && tb1 == tb) {
950 ptb = &tb1->jmp_first;
952 ptb = &tb1->jmp_next[n1];
955 /* now we can suppress tb(n) from the list */
956 *ptb = tb->jmp_next[n];
958 tb->jmp_next[n] = NULL;
962 /* reset the jump entry 'n' of a TB so that it is not chained to
964 static inline void tb_reset_jump(TranslationBlock *tb, int n)
966 tb_set_jmp_target(tb, n, (uintptr_t)(tb->tc_ptr + tb->tb_next_offset[n]));
969 /* invalidate one TB */
970 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
975 tb_page_addr_t phys_pc;
976 TranslationBlock *tb1, *tb2;
978 /* remove the TB from the hash list */
979 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
980 h = tb_phys_hash_func(phys_pc);
981 tb_hash_remove(&tcg_ctx.tb_ctx.tb_phys_hash[h], tb);
983 /* remove the TB from the page list */
984 if (tb->page_addr[0] != page_addr) {
985 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
986 tb_page_remove(&p->first_tb, tb);
987 invalidate_page_bitmap(p);
989 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
990 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
991 tb_page_remove(&p->first_tb, tb);
992 invalidate_page_bitmap(p);
995 tcg_ctx.tb_ctx.tb_invalidated_flag = 1;
997 /* remove the TB from the hash list */
998 h = tb_jmp_cache_hash_func(tb->pc);
1000 if (cpu->tb_jmp_cache[h] == tb) {
1001 cpu->tb_jmp_cache[h] = NULL;
1005 /* suppress this TB from the two jump lists */
1006 tb_jmp_remove(tb, 0);
1007 tb_jmp_remove(tb, 1);
1009 /* suppress any remaining jumps to this TB */
1010 tb1 = tb->jmp_first;
1012 n1 = (uintptr_t)tb1 & 3;
1016 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
1017 tb2 = tb1->jmp_next[n1];
1018 tb_reset_jump(tb1, n1);
1019 tb1->jmp_next[n1] = NULL;
1022 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
1024 tcg_ctx.tb_ctx.tb_phys_invalidate_count++;
1027 static void build_page_bitmap(PageDesc *p)
1029 int n, tb_start, tb_end;
1030 TranslationBlock *tb;
1032 p->code_bitmap = bitmap_new(TARGET_PAGE_SIZE);
1035 while (tb != NULL) {
1036 n = (uintptr_t)tb & 3;
1037 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1038 /* NOTE: this is subtle as a TB may span two physical pages */
1040 /* NOTE: tb_end may be after the end of the page, but
1041 it is not a problem */
1042 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1043 tb_end = tb_start + tb->size;
1044 if (tb_end > TARGET_PAGE_SIZE) {
1045 tb_end = TARGET_PAGE_SIZE;
1049 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1051 bitmap_set(p->code_bitmap, tb_start, tb_end - tb_start);
1052 tb = tb->page_next[n];
1056 /* Called with mmap_lock held for user mode emulation. */
1057 TranslationBlock *tb_gen_code(CPUState *cpu,
1058 target_ulong pc, target_ulong cs_base,
1059 int flags, int cflags)
1061 CPUArchState *env = cpu->env_ptr;
1062 TranslationBlock *tb;
1063 tb_page_addr_t phys_pc, phys_page2;
1064 target_ulong virt_page2;
1065 tcg_insn_unit *gen_code_buf;
1066 int gen_code_size, search_size;
1067 #ifdef CONFIG_PROFILER
1071 phys_pc = get_page_addr_code(env, pc);
1072 if (use_icount && !(cflags & CF_IGNORE_ICOUNT)) {
1073 cflags |= CF_USE_ICOUNT;
1077 if (unlikely(!tb)) {
1079 /* flush must be done */
1081 /* cannot fail at this point */
1084 /* Don't forget to invalidate previous TB info. */
1085 tcg_ctx.tb_ctx.tb_invalidated_flag = 1;
1088 gen_code_buf = tcg_ctx.code_gen_ptr;
1089 tb->tc_ptr = gen_code_buf;
1090 tb->cs_base = cs_base;
1092 tb->cflags = cflags;
1094 #ifdef CONFIG_PROFILER
1095 tcg_ctx.tb_count1++; /* includes aborted translations because of
1097 ti = profile_getclock();
1100 tcg_func_start(&tcg_ctx);
1102 gen_intermediate_code(env, tb);
1104 trace_translate_block(tb, tb->pc, tb->tc_ptr);
1106 /* generate machine code */
1107 tb->tb_next_offset[0] = 0xffff;
1108 tb->tb_next_offset[1] = 0xffff;
1109 tcg_ctx.tb_next_offset = tb->tb_next_offset;
1110 #ifdef USE_DIRECT_JUMP
1111 tcg_ctx.tb_jmp_offset = tb->tb_jmp_offset;
1112 tcg_ctx.tb_next = NULL;
1114 tcg_ctx.tb_jmp_offset = NULL;
1115 tcg_ctx.tb_next = tb->tb_next;
1118 #ifdef CONFIG_PROFILER
1120 tcg_ctx.interm_time += profile_getclock() - ti;
1121 tcg_ctx.code_time -= profile_getclock();
1124 /* ??? Overflow could be handled better here. In particular, we
1125 don't need to re-do gen_intermediate_code, nor should we re-do
1126 the tcg optimization currently hidden inside tcg_gen_code. All
1127 that should be required is to flush the TBs, allocate a new TB,
1128 re-initialize it per above, and re-do the actual code generation. */
1129 gen_code_size = tcg_gen_code(&tcg_ctx, gen_code_buf);
1130 if (unlikely(gen_code_size < 0)) {
1131 goto buffer_overflow;
1133 search_size = encode_search(tb, (void *)gen_code_buf + gen_code_size);
1134 if (unlikely(search_size < 0)) {
1135 goto buffer_overflow;
1138 #ifdef CONFIG_PROFILER
1139 tcg_ctx.code_time += profile_getclock();
1140 tcg_ctx.code_in_len += tb->size;
1141 tcg_ctx.code_out_len += gen_code_size;
1142 tcg_ctx.search_out_len += search_size;
1146 if (qemu_loglevel_mask(CPU_LOG_TB_OUT_ASM)) {
1147 qemu_log("OUT: [size=%d]\n", gen_code_size);
1148 log_disas(tb->tc_ptr, gen_code_size);
1154 tcg_ctx.code_gen_ptr = (void *)
1155 ROUND_UP((uintptr_t)gen_code_buf + gen_code_size + search_size,
1158 /* check next page if needed */
1159 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
1161 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
1162 phys_page2 = get_page_addr_code(env, virt_page2);
1164 tb_link_page(tb, phys_pc, phys_page2);
1169 * Invalidate all TBs which intersect with the target physical address range
1170 * [start;end[. NOTE: start and end may refer to *different* physical pages.
1171 * 'is_cpu_write_access' should be true if called from a real cpu write
1172 * access: the virtual CPU will exit the current TB if code is modified inside
1175 * Called with mmap_lock held for user-mode emulation
1177 void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end)
1179 while (start < end) {
1180 tb_invalidate_phys_page_range(start, end, 0);
1181 start &= TARGET_PAGE_MASK;
1182 start += TARGET_PAGE_SIZE;
1187 * Invalidate all TBs which intersect with the target physical address range
1188 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1189 * 'is_cpu_write_access' should be true if called from a real cpu write
1190 * access: the virtual CPU will exit the current TB if code is modified inside
1193 * Called with mmap_lock held for user-mode emulation
1195 void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
1196 int is_cpu_write_access)
1198 TranslationBlock *tb, *tb_next, *saved_tb;
1199 CPUState *cpu = current_cpu;
1200 #if defined(TARGET_HAS_PRECISE_SMC)
1201 CPUArchState *env = NULL;
1203 tb_page_addr_t tb_start, tb_end;
1206 #ifdef TARGET_HAS_PRECISE_SMC
1207 int current_tb_not_found = is_cpu_write_access;
1208 TranslationBlock *current_tb = NULL;
1209 int current_tb_modified = 0;
1210 target_ulong current_pc = 0;
1211 target_ulong current_cs_base = 0;
1212 int current_flags = 0;
1213 #endif /* TARGET_HAS_PRECISE_SMC */
1215 p = page_find(start >> TARGET_PAGE_BITS);
1219 #if defined(TARGET_HAS_PRECISE_SMC)
1225 /* we remove all the TBs in the range [start, end[ */
1226 /* XXX: see if in some cases it could be faster to invalidate all
1229 while (tb != NULL) {
1230 n = (uintptr_t)tb & 3;
1231 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1232 tb_next = tb->page_next[n];
1233 /* NOTE: this is subtle as a TB may span two physical pages */
1235 /* NOTE: tb_end may be after the end of the page, but
1236 it is not a problem */
1237 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1238 tb_end = tb_start + tb->size;
1240 tb_start = tb->page_addr[1];
1241 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1243 if (!(tb_end <= start || tb_start >= end)) {
1244 #ifdef TARGET_HAS_PRECISE_SMC
1245 if (current_tb_not_found) {
1246 current_tb_not_found = 0;
1248 if (cpu->mem_io_pc) {
1249 /* now we have a real cpu fault */
1250 current_tb = tb_find_pc(cpu->mem_io_pc);
1253 if (current_tb == tb &&
1254 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1255 /* If we are modifying the current TB, we must stop
1256 its execution. We could be more precise by checking
1257 that the modification is after the current PC, but it
1258 would require a specialized function to partially
1259 restore the CPU state */
1261 current_tb_modified = 1;
1262 cpu_restore_state_from_tb(cpu, current_tb, cpu->mem_io_pc);
1263 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1266 #endif /* TARGET_HAS_PRECISE_SMC */
1267 /* we need to do that to handle the case where a signal
1268 occurs while doing tb_phys_invalidate() */
1271 saved_tb = cpu->current_tb;
1272 cpu->current_tb = NULL;
1274 tb_phys_invalidate(tb, -1);
1276 cpu->current_tb = saved_tb;
1277 if (cpu->interrupt_request && cpu->current_tb) {
1278 cpu_interrupt(cpu, cpu->interrupt_request);
1284 #if !defined(CONFIG_USER_ONLY)
1285 /* if no code remaining, no need to continue to use slow writes */
1287 invalidate_page_bitmap(p);
1288 tlb_unprotect_code(start);
1291 #ifdef TARGET_HAS_PRECISE_SMC
1292 if (current_tb_modified) {
1293 /* we generate a block containing just the instruction
1294 modifying the memory. It will ensure that it cannot modify
1296 cpu->current_tb = NULL;
1297 tb_gen_code(cpu, current_pc, current_cs_base, current_flags, 1);
1298 cpu_resume_from_signal(cpu, NULL);
1303 /* len must be <= 8 and start must be a multiple of len */
1304 void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1310 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1311 cpu_single_env->mem_io_vaddr, len,
1312 cpu_single_env->eip,
1313 cpu_single_env->eip +
1314 (intptr_t)cpu_single_env->segs[R_CS].base);
1317 p = page_find(start >> TARGET_PAGE_BITS);
1321 if (!p->code_bitmap &&
1322 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD) {
1323 /* build code bitmap */
1324 build_page_bitmap(p);
1326 if (p->code_bitmap) {
1330 nr = start & ~TARGET_PAGE_MASK;
1331 b = p->code_bitmap[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG - 1));
1332 if (b & ((1 << len) - 1)) {
1337 tb_invalidate_phys_page_range(start, start + len, 1);
1341 #if !defined(CONFIG_SOFTMMU)
1342 /* Called with mmap_lock held. */
1343 static void tb_invalidate_phys_page(tb_page_addr_t addr,
1344 uintptr_t pc, void *puc,
1347 TranslationBlock *tb;
1350 #ifdef TARGET_HAS_PRECISE_SMC
1351 TranslationBlock *current_tb = NULL;
1352 CPUState *cpu = current_cpu;
1353 CPUArchState *env = NULL;
1354 int current_tb_modified = 0;
1355 target_ulong current_pc = 0;
1356 target_ulong current_cs_base = 0;
1357 int current_flags = 0;
1360 addr &= TARGET_PAGE_MASK;
1361 p = page_find(addr >> TARGET_PAGE_BITS);
1366 #ifdef TARGET_HAS_PRECISE_SMC
1367 if (tb && pc != 0) {
1368 current_tb = tb_find_pc(pc);
1374 while (tb != NULL) {
1375 n = (uintptr_t)tb & 3;
1376 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1377 #ifdef TARGET_HAS_PRECISE_SMC
1378 if (current_tb == tb &&
1379 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1380 /* If we are modifying the current TB, we must stop
1381 its execution. We could be more precise by checking
1382 that the modification is after the current PC, but it
1383 would require a specialized function to partially
1384 restore the CPU state */
1386 current_tb_modified = 1;
1387 cpu_restore_state_from_tb(cpu, current_tb, pc);
1388 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1391 #endif /* TARGET_HAS_PRECISE_SMC */
1392 tb_phys_invalidate(tb, addr);
1393 tb = tb->page_next[n];
1396 #ifdef TARGET_HAS_PRECISE_SMC
1397 if (current_tb_modified) {
1398 /* we generate a block containing just the instruction
1399 modifying the memory. It will ensure that it cannot modify
1401 cpu->current_tb = NULL;
1402 tb_gen_code(cpu, current_pc, current_cs_base, current_flags, 1);
1406 cpu_resume_from_signal(cpu, puc);
1412 /* add the tb in the target page and protect it if necessary
1414 * Called with mmap_lock held for user-mode emulation.
1416 static inline void tb_alloc_page(TranslationBlock *tb,
1417 unsigned int n, tb_page_addr_t page_addr)
1420 #ifndef CONFIG_USER_ONLY
1421 bool page_already_protected;
1424 tb->page_addr[n] = page_addr;
1425 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1426 tb->page_next[n] = p->first_tb;
1427 #ifndef CONFIG_USER_ONLY
1428 page_already_protected = p->first_tb != NULL;
1430 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
1431 invalidate_page_bitmap(p);
1433 #if defined(CONFIG_USER_ONLY)
1434 if (p->flags & PAGE_WRITE) {
1439 /* force the host page as non writable (writes will have a
1440 page fault + mprotect overhead) */
1441 page_addr &= qemu_host_page_mask;
1443 for (addr = page_addr; addr < page_addr + qemu_host_page_size;
1444 addr += TARGET_PAGE_SIZE) {
1446 p2 = page_find(addr >> TARGET_PAGE_BITS);
1451 p2->flags &= ~PAGE_WRITE;
1453 mprotect(g2h(page_addr), qemu_host_page_size,
1454 (prot & PAGE_BITS) & ~PAGE_WRITE);
1455 #ifdef DEBUG_TB_INVALIDATE
1456 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1461 /* if some code is already present, then the pages are already
1462 protected. So we handle the case where only the first TB is
1463 allocated in a physical page */
1464 if (!page_already_protected) {
1465 tlb_protect_code(page_addr);
1470 /* add a new TB and link it to the physical page tables. phys_page2 is
1471 * (-1) to indicate that only one page contains the TB.
1473 * Called with mmap_lock held for user-mode emulation.
1475 static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
1476 tb_page_addr_t phys_page2)
1479 TranslationBlock **ptb;
1481 /* add in the physical hash table */
1482 h = tb_phys_hash_func(phys_pc);
1483 ptb = &tcg_ctx.tb_ctx.tb_phys_hash[h];
1484 tb->phys_hash_next = *ptb;
1487 /* add in the page list */
1488 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1489 if (phys_page2 != -1) {
1490 tb_alloc_page(tb, 1, phys_page2);
1492 tb->page_addr[1] = -1;
1495 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2);
1496 tb->jmp_next[0] = NULL;
1497 tb->jmp_next[1] = NULL;
1499 /* init original jump addresses */
1500 if (tb->tb_next_offset[0] != 0xffff) {
1501 tb_reset_jump(tb, 0);
1503 if (tb->tb_next_offset[1] != 0xffff) {
1504 tb_reset_jump(tb, 1);
1507 #ifdef DEBUG_TB_CHECK
1512 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1513 tb[1].tc_ptr. Return NULL if not found */
1514 static TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
1516 int m_min, m_max, m;
1518 TranslationBlock *tb;
1520 if (tcg_ctx.tb_ctx.nb_tbs <= 0) {
1523 if (tc_ptr < (uintptr_t)tcg_ctx.code_gen_buffer ||
1524 tc_ptr >= (uintptr_t)tcg_ctx.code_gen_ptr) {
1527 /* binary search (cf Knuth) */
1529 m_max = tcg_ctx.tb_ctx.nb_tbs - 1;
1530 while (m_min <= m_max) {
1531 m = (m_min + m_max) >> 1;
1532 tb = &tcg_ctx.tb_ctx.tbs[m];
1533 v = (uintptr_t)tb->tc_ptr;
1536 } else if (tc_ptr < v) {
1542 return &tcg_ctx.tb_ctx.tbs[m_max];
1545 #if !defined(CONFIG_USER_ONLY)
1546 void tb_invalidate_phys_addr(AddressSpace *as, hwaddr addr)
1548 ram_addr_t ram_addr;
1553 mr = address_space_translate(as, addr, &addr, &l, false);
1554 if (!(memory_region_is_ram(mr)
1555 || memory_region_is_romd(mr))) {
1559 ram_addr = (memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK)
1561 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1564 #endif /* !defined(CONFIG_USER_ONLY) */
1566 void tb_check_watchpoint(CPUState *cpu)
1568 TranslationBlock *tb;
1570 tb = tb_find_pc(cpu->mem_io_pc);
1572 /* We can use retranslation to find the PC. */
1573 cpu_restore_state_from_tb(cpu, tb, cpu->mem_io_pc);
1574 tb_phys_invalidate(tb, -1);
1576 /* The exception probably happened in a helper. The CPU state should
1577 have been saved before calling it. Fetch the PC from there. */
1578 CPUArchState *env = cpu->env_ptr;
1579 target_ulong pc, cs_base;
1580 tb_page_addr_t addr;
1583 cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
1584 addr = get_page_addr_code(env, pc);
1585 tb_invalidate_phys_range(addr, addr + 1);
1589 #ifndef CONFIG_USER_ONLY
1590 /* in deterministic execution mode, instructions doing device I/Os
1591 must be at the end of the TB */
1592 void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
1594 #if defined(TARGET_MIPS) || defined(TARGET_SH4)
1595 CPUArchState *env = cpu->env_ptr;
1597 TranslationBlock *tb;
1599 target_ulong pc, cs_base;
1602 tb = tb_find_pc(retaddr);
1604 cpu_abort(cpu, "cpu_io_recompile: could not find TB for pc=%p",
1607 n = cpu->icount_decr.u16.low + tb->icount;
1608 cpu_restore_state_from_tb(cpu, tb, retaddr);
1609 /* Calculate how many instructions had been executed before the fault
1611 n = n - cpu->icount_decr.u16.low;
1612 /* Generate a new TB ending on the I/O insn. */
1614 /* On MIPS and SH, delay slot instructions can only be restarted if
1615 they were already the first instruction in the TB. If this is not
1616 the first instruction in a TB then re-execute the preceding
1618 #if defined(TARGET_MIPS)
1619 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
1620 env->active_tc.PC -= (env->hflags & MIPS_HFLAG_B16 ? 2 : 4);
1621 cpu->icount_decr.u16.low++;
1622 env->hflags &= ~MIPS_HFLAG_BMASK;
1624 #elif defined(TARGET_SH4)
1625 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
1628 cpu->icount_decr.u16.low++;
1629 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
1632 /* This should never happen. */
1633 if (n > CF_COUNT_MASK) {
1634 cpu_abort(cpu, "TB too big during recompile");
1637 cflags = n | CF_LAST_IO;
1639 cs_base = tb->cs_base;
1641 tb_phys_invalidate(tb, -1);
1642 if (tb->cflags & CF_NOCACHE) {
1644 /* Invalidate original TB if this TB was generated in
1645 * cpu_exec_nocache() */
1646 tb_phys_invalidate(tb->orig_tb, -1);
1650 /* FIXME: In theory this could raise an exception. In practice
1651 we have already translated the block once so it's probably ok. */
1652 tb_gen_code(cpu, pc, cs_base, flags, cflags);
1653 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
1654 the first in the TB) then we end up generating a whole new TB and
1655 repeating the fault, which is horribly inefficient.
1656 Better would be to execute just this insn uncached, or generate a
1658 cpu_resume_from_signal(cpu, NULL);
1661 void tb_flush_jmp_cache(CPUState *cpu, target_ulong addr)
1665 /* Discard jump cache entries for any tb which might potentially
1666 overlap the flushed page. */
1667 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1668 memset(&cpu->tb_jmp_cache[i], 0,
1669 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1671 i = tb_jmp_cache_hash_page(addr);
1672 memset(&cpu->tb_jmp_cache[i], 0,
1673 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1676 void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
1678 int i, target_code_size, max_target_code_size;
1679 int direct_jmp_count, direct_jmp2_count, cross_page;
1680 TranslationBlock *tb;
1682 target_code_size = 0;
1683 max_target_code_size = 0;
1685 direct_jmp_count = 0;
1686 direct_jmp2_count = 0;
1687 for (i = 0; i < tcg_ctx.tb_ctx.nb_tbs; i++) {
1688 tb = &tcg_ctx.tb_ctx.tbs[i];
1689 target_code_size += tb->size;
1690 if (tb->size > max_target_code_size) {
1691 max_target_code_size = tb->size;
1693 if (tb->page_addr[1] != -1) {
1696 if (tb->tb_next_offset[0] != 0xffff) {
1698 if (tb->tb_next_offset[1] != 0xffff) {
1699 direct_jmp2_count++;
1703 /* XXX: avoid using doubles ? */
1704 cpu_fprintf(f, "Translation buffer state:\n");
1705 cpu_fprintf(f, "gen code size %td/%zd\n",
1706 tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer,
1707 tcg_ctx.code_gen_highwater - tcg_ctx.code_gen_buffer);
1708 cpu_fprintf(f, "TB count %d/%d\n",
1709 tcg_ctx.tb_ctx.nb_tbs, tcg_ctx.code_gen_max_blocks);
1710 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
1711 tcg_ctx.tb_ctx.nb_tbs ? target_code_size /
1712 tcg_ctx.tb_ctx.nb_tbs : 0,
1713 max_target_code_size);
1714 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
1715 tcg_ctx.tb_ctx.nb_tbs ? (tcg_ctx.code_gen_ptr -
1716 tcg_ctx.code_gen_buffer) /
1717 tcg_ctx.tb_ctx.nb_tbs : 0,
1718 target_code_size ? (double) (tcg_ctx.code_gen_ptr -
1719 tcg_ctx.code_gen_buffer) /
1720 target_code_size : 0);
1721 cpu_fprintf(f, "cross page TB count %d (%d%%)\n", cross_page,
1722 tcg_ctx.tb_ctx.nb_tbs ? (cross_page * 100) /
1723 tcg_ctx.tb_ctx.nb_tbs : 0);
1724 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
1726 tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp_count * 100) /
1727 tcg_ctx.tb_ctx.nb_tbs : 0,
1729 tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp2_count * 100) /
1730 tcg_ctx.tb_ctx.nb_tbs : 0);
1731 cpu_fprintf(f, "\nStatistics:\n");
1732 cpu_fprintf(f, "TB flush count %d\n", tcg_ctx.tb_ctx.tb_flush_count);
1733 cpu_fprintf(f, "TB invalidate count %d\n",
1734 tcg_ctx.tb_ctx.tb_phys_invalidate_count);
1735 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
1736 tcg_dump_info(f, cpu_fprintf);
1739 void dump_opcount_info(FILE *f, fprintf_function cpu_fprintf)
1741 tcg_dump_op_count(f, cpu_fprintf);
1744 #else /* CONFIG_USER_ONLY */
1746 void cpu_interrupt(CPUState *cpu, int mask)
1748 cpu->interrupt_request |= mask;
1749 cpu->tcg_exit_req = 1;
1753 * Walks guest process memory "regions" one by one
1754 * and calls callback function 'fn' for each region.
1756 struct walk_memory_regions_data {
1757 walk_memory_regions_fn fn;
1763 static int walk_memory_regions_end(struct walk_memory_regions_data *data,
1764 target_ulong end, int new_prot)
1766 if (data->start != -1u) {
1767 int rc = data->fn(data->priv, data->start, end, data->prot);
1773 data->start = (new_prot ? end : -1u);
1774 data->prot = new_prot;
1779 static int walk_memory_regions_1(struct walk_memory_regions_data *data,
1780 target_ulong base, int level, void **lp)
1786 return walk_memory_regions_end(data, base, 0);
1792 for (i = 0; i < V_L2_SIZE; ++i) {
1793 int prot = pd[i].flags;
1795 pa = base | (i << TARGET_PAGE_BITS);
1796 if (prot != data->prot) {
1797 rc = walk_memory_regions_end(data, pa, prot);
1806 for (i = 0; i < V_L2_SIZE; ++i) {
1807 pa = base | ((target_ulong)i <<
1808 (TARGET_PAGE_BITS + V_L2_BITS * level));
1809 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
1819 int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
1821 struct walk_memory_regions_data data;
1829 for (i = 0; i < V_L1_SIZE; i++) {
1830 int rc = walk_memory_regions_1(&data, (target_ulong)i << (V_L1_SHIFT + TARGET_PAGE_BITS),
1831 V_L1_SHIFT / V_L2_BITS - 1, l1_map + i);
1837 return walk_memory_regions_end(&data, 0, 0);
1840 static int dump_region(void *priv, target_ulong start,
1841 target_ulong end, unsigned long prot)
1843 FILE *f = (FILE *)priv;
1845 (void) fprintf(f, TARGET_FMT_lx"-"TARGET_FMT_lx
1846 " "TARGET_FMT_lx" %c%c%c\n",
1847 start, end, end - start,
1848 ((prot & PAGE_READ) ? 'r' : '-'),
1849 ((prot & PAGE_WRITE) ? 'w' : '-'),
1850 ((prot & PAGE_EXEC) ? 'x' : '-'));
1855 /* dump memory mappings */
1856 void page_dump(FILE *f)
1858 const int length = sizeof(target_ulong) * 2;
1859 (void) fprintf(f, "%-*s %-*s %-*s %s\n",
1860 length, "start", length, "end", length, "size", "prot");
1861 walk_memory_regions(f, dump_region);
1864 int page_get_flags(target_ulong address)
1868 p = page_find(address >> TARGET_PAGE_BITS);
1875 /* Modify the flags of a page and invalidate the code if necessary.
1876 The flag PAGE_WRITE_ORG is positioned automatically depending
1877 on PAGE_WRITE. The mmap_lock should already be held. */
1878 void page_set_flags(target_ulong start, target_ulong end, int flags)
1880 target_ulong addr, len;
1882 /* This function should never be called with addresses outside the
1883 guest address space. If this assert fires, it probably indicates
1884 a missing call to h2g_valid. */
1885 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
1886 assert(end < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
1888 assert(start < end);
1890 start = start & TARGET_PAGE_MASK;
1891 end = TARGET_PAGE_ALIGN(end);
1893 if (flags & PAGE_WRITE) {
1894 flags |= PAGE_WRITE_ORG;
1897 for (addr = start, len = end - start;
1899 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
1900 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
1902 /* If the write protection bit is set, then we invalidate
1904 if (!(p->flags & PAGE_WRITE) &&
1905 (flags & PAGE_WRITE) &&
1907 tb_invalidate_phys_page(addr, 0, NULL, false);
1913 int page_check_range(target_ulong start, target_ulong len, int flags)
1919 /* This function should never be called with addresses outside the
1920 guest address space. If this assert fires, it probably indicates
1921 a missing call to h2g_valid. */
1922 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
1923 assert(start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
1929 if (start + len - 1 < start) {
1930 /* We've wrapped around. */
1934 /* must do before we loose bits in the next step */
1935 end = TARGET_PAGE_ALIGN(start + len);
1936 start = start & TARGET_PAGE_MASK;
1938 for (addr = start, len = end - start;
1940 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
1941 p = page_find(addr >> TARGET_PAGE_BITS);
1945 if (!(p->flags & PAGE_VALID)) {
1949 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ)) {
1952 if (flags & PAGE_WRITE) {
1953 if (!(p->flags & PAGE_WRITE_ORG)) {
1956 /* unprotect the page if it was put read-only because it
1957 contains translated code */
1958 if (!(p->flags & PAGE_WRITE)) {
1959 if (!page_unprotect(addr, 0, NULL)) {
1968 /* called from signal handler: invalidate the code and unprotect the
1969 page. Return TRUE if the fault was successfully handled. */
1970 int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
1974 target_ulong host_start, host_end, addr;
1976 /* Technically this isn't safe inside a signal handler. However we
1977 know this only ever happens in a synchronous SEGV handler, so in
1978 practice it seems to be ok. */
1981 p = page_find(address >> TARGET_PAGE_BITS);
1987 /* if the page was really writable, then we change its
1988 protection back to writable */
1989 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
1990 host_start = address & qemu_host_page_mask;
1991 host_end = host_start + qemu_host_page_size;
1994 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
1995 p = page_find(addr >> TARGET_PAGE_BITS);
1996 p->flags |= PAGE_WRITE;
1999 /* and since the content will be modified, we must invalidate
2000 the corresponding translated code. */
2001 tb_invalidate_phys_page(addr, pc, puc, true);
2002 #ifdef DEBUG_TB_CHECK
2003 tb_invalidate_check(addr);
2006 mprotect((void *)g2h(host_start), qemu_host_page_size,
2015 #endif /* CONFIG_USER_ONLY */
projects / sdk / emulator / qemu.git / blob