]>
Commit | Line | Data |
---|---|---|
d19893da FB |
1 | /* |
2 | * Host code generation | |
5fafdf24 | 3 | * |
d19893da FB |
4 | * Copyright (c) 2003 Fabrice Bellard |
5 | * | |
6 | * This library is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU Lesser General Public | |
8 | * License as published by the Free Software Foundation; either | |
9 | * version 2 of the License, or (at your option) any later version. | |
10 | * | |
11 | * This library is distributed in the hope that it will be useful, | |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
14 | * Lesser General Public License for more details. | |
15 | * | |
16 | * You should have received a copy of the GNU Lesser General Public | |
8167ee88 | 17 | * License along with this library; if not, see <http://www.gnu.org/licenses/>. |
d19893da | 18 | */ |
5b6dd868 BS |
19 | #ifdef _WIN32 |
20 | #include <windows.h> | |
5b6dd868 | 21 | #endif |
7b31bbc2 | 22 | #include "qemu/osdep.h" |
d19893da | 23 | |
2054396a | 24 | |
5b6dd868 | 25 | #include "qemu-common.h" |
af5ad107 | 26 | #define NO_CPU_IO_DEFS |
d3eead2e | 27 | #include "cpu.h" |
0ab8ed18 | 28 | #include "trace-root.h" |
76cad711 | 29 | #include "disas/disas.h" |
63c91552 | 30 | #include "exec/exec-all.h" |
57fec1fe | 31 | #include "tcg.h" |
5b6dd868 BS |
32 | #if defined(CONFIG_USER_ONLY) |
33 | #include "qemu.h" | |
301e40ed | 34 | #include "exec/exec-all.h" |
5b6dd868 BS |
35 | #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) |
36 | #include <sys/param.h> | |
37 | #if __FreeBSD_version >= 700104 | |
38 | #define HAVE_KINFO_GETVMMAP | |
39 | #define sigqueue sigqueue_freebsd /* avoid redefinition */ | |
5b6dd868 BS |
40 | #include <sys/proc.h> |
41 | #include <machine/profile.h> | |
42 | #define _KERNEL | |
43 | #include <sys/user.h> | |
44 | #undef _KERNEL | |
45 | #undef sigqueue | |
46 | #include <libutil.h> | |
47 | #endif | |
48 | #endif | |
0bc3cd62 PB |
49 | #else |
50 | #include "exec/address-spaces.h" | |
5b6dd868 BS |
51 | #endif |
52 | ||
022c62cb | 53 | #include "exec/cputlb.h" |
e1b89321 | 54 | #include "exec/tb-hash.h" |
5b6dd868 | 55 | #include "translate-all.h" |
510a647f | 56 | #include "qemu/bitmap.h" |
0aa09897 | 57 | #include "qemu/timer.h" |
8d04fb55 | 58 | #include "qemu/main-loop.h" |
508127e2 | 59 | #include "exec/log.h" |
5b6dd868 | 60 | |
955939a2 AB |
61 | /* #define DEBUG_TB_INVALIDATE */ |
62 | /* #define DEBUG_TB_FLUSH */ | |
5b6dd868 | 63 | /* make various TB consistency checks */ |
955939a2 | 64 | /* #define DEBUG_TB_CHECK */ |
5b6dd868 BS |
65 | |
66 | #if !defined(CONFIG_USER_ONLY) | |
67 | /* TB consistency checks only implemented for usermode emulation. */ | |
68 | #undef DEBUG_TB_CHECK | |
69 | #endif | |
70 | ||
301e40ed AB |
71 | /* Access to the various translations structures need to be serialised via locks |
72 | * for consistency. This is automatic for SoftMMU based system | |
73 | * emulation due to its single threaded nature. In user-mode emulation | |
74 | * access to the memory related structures are protected with the | |
75 | * mmap_lock. | |
76 | */ | |
301e40ed | 77 | #ifdef CONFIG_SOFTMMU |
2f169606 | 78 | #define assert_memory_lock() tcg_debug_assert(have_tb_lock) |
301e40ed | 79 | #else |
6ac3d7e8 | 80 | #define assert_memory_lock() tcg_debug_assert(have_mmap_lock()) |
301e40ed AB |
81 | #endif |
82 | ||
5b6dd868 BS |
83 | #define SMC_BITMAP_USE_THRESHOLD 10 |
84 | ||
5b6dd868 BS |
85 | typedef struct PageDesc { |
86 | /* list of TBs intersecting this ram page */ | |
87 | TranslationBlock *first_tb; | |
6fad459c | 88 | #ifdef CONFIG_SOFTMMU |
5b6dd868 BS |
89 | /* in order to optimize self modifying code, we count the number |
90 | of lookups we do to a given page to use a bitmap */ | |
91 | unsigned int code_write_count; | |
510a647f | 92 | unsigned long *code_bitmap; |
6fad459c | 93 | #else |
5b6dd868 BS |
94 | unsigned long flags; |
95 | #endif | |
96 | } PageDesc; | |
97 | ||
98 | /* In system mode we want L1_MAP to be based on ram offsets, | |
99 | while in user mode we want it to be based on virtual addresses. */ | |
100 | #if !defined(CONFIG_USER_ONLY) | |
101 | #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS | |
102 | # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS | |
103 | #else | |
104 | # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS | |
105 | #endif | |
106 | #else | |
107 | # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS | |
108 | #endif | |
109 | ||
03f49957 PB |
110 | /* Size of the L2 (and L3, etc) page tables. */ |
111 | #define V_L2_BITS 10 | |
112 | #define V_L2_SIZE (1 << V_L2_BITS) | |
113 | ||
5b6dd868 | 114 | uintptr_t qemu_host_page_size; |
0c2d70c4 | 115 | intptr_t qemu_host_page_mask; |
5b6dd868 | 116 | |
66ec9f49 VK |
117 | /* |
118 | * L1 Mapping properties | |
119 | */ | |
120 | static int v_l1_size; | |
121 | static int v_l1_shift; | |
122 | static int v_l2_levels; | |
123 | ||
124 | /* The bottom level has pointers to PageDesc, and is indexed by | |
125 | * anything from 4 to (V_L2_BITS + 3) bits, depending on target page size. | |
126 | */ | |
127 | #define V_L1_MIN_BITS 4 | |
128 | #define V_L1_MAX_BITS (V_L2_BITS + 3) | |
129 | #define V_L1_MAX_SIZE (1 << V_L1_MAX_BITS) | |
130 | ||
131 | static void *l1_map[V_L1_MAX_SIZE]; | |
5b6dd868 | 132 | |
57fec1fe FB |
133 | /* code generation context */ |
134 | TCGContext tcg_ctx; | |
fdbc2b57 | 135 | bool parallel_cpus; |
d19893da | 136 | |
677ef623 | 137 | /* translation block context */ |
677ef623 | 138 | __thread int have_tb_lock; |
677ef623 | 139 | |
66ec9f49 VK |
140 | static void page_table_config_init(void) |
141 | { | |
142 | uint32_t v_l1_bits; | |
143 | ||
144 | assert(TARGET_PAGE_BITS); | |
145 | /* The bits remaining after N lower levels of page tables. */ | |
146 | v_l1_bits = (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % V_L2_BITS; | |
147 | if (v_l1_bits < V_L1_MIN_BITS) { | |
148 | v_l1_bits += V_L2_BITS; | |
149 | } | |
150 | ||
151 | v_l1_size = 1 << v_l1_bits; | |
152 | v_l1_shift = L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - v_l1_bits; | |
153 | v_l2_levels = v_l1_shift / V_L2_BITS - 1; | |
154 | ||
155 | assert(v_l1_bits <= V_L1_MAX_BITS); | |
156 | assert(v_l1_shift % V_L2_BITS == 0); | |
157 | assert(v_l2_levels >= 0); | |
158 | } | |
159 | ||
6ac3d7e8 PK |
160 | #define assert_tb_locked() tcg_debug_assert(have_tb_lock) |
161 | #define assert_tb_unlocked() tcg_debug_assert(!have_tb_lock) | |
6ac3d7e8 | 162 | |
677ef623 FK |
163 | void tb_lock(void) |
164 | { | |
6ac3d7e8 | 165 | assert_tb_unlocked(); |
677ef623 FK |
166 | qemu_mutex_lock(&tcg_ctx.tb_ctx.tb_lock); |
167 | have_tb_lock++; | |
677ef623 FK |
168 | } |
169 | ||
170 | void tb_unlock(void) | |
171 | { | |
6ac3d7e8 | 172 | assert_tb_locked(); |
677ef623 FK |
173 | have_tb_lock--; |
174 | qemu_mutex_unlock(&tcg_ctx.tb_ctx.tb_lock); | |
677ef623 FK |
175 | } |
176 | ||
177 | void tb_lock_reset(void) | |
178 | { | |
677ef623 FK |
179 | if (have_tb_lock) { |
180 | qemu_mutex_unlock(&tcg_ctx.tb_ctx.tb_lock); | |
181 | have_tb_lock = 0; | |
182 | } | |
677ef623 FK |
183 | } |
184 | ||
a8a826a3 | 185 | static TranslationBlock *tb_find_pc(uintptr_t tc_ptr); |
5b6dd868 | 186 | |
57fec1fe FB |
187 | void cpu_gen_init(void) |
188 | { | |
189 | tcg_context_init(&tcg_ctx); | |
57fec1fe FB |
190 | } |
191 | ||
fca8a500 RH |
192 | /* Encode VAL as a signed leb128 sequence at P. |
193 | Return P incremented past the encoded value. */ | |
194 | static uint8_t *encode_sleb128(uint8_t *p, target_long val) | |
195 | { | |
196 | int more, byte; | |
197 | ||
198 | do { | |
199 | byte = val & 0x7f; | |
200 | val >>= 7; | |
201 | more = !((val == 0 && (byte & 0x40) == 0) | |
202 | || (val == -1 && (byte & 0x40) != 0)); | |
203 | if (more) { | |
204 | byte |= 0x80; | |
205 | } | |
206 | *p++ = byte; | |
207 | } while (more); | |
208 | ||
209 | return p; | |
210 | } | |
211 | ||
212 | /* Decode a signed leb128 sequence at *PP; increment *PP past the | |
213 | decoded value. Return the decoded value. */ | |
214 | static target_long decode_sleb128(uint8_t **pp) | |
215 | { | |
216 | uint8_t *p = *pp; | |
217 | target_long val = 0; | |
218 | int byte, shift = 0; | |
219 | ||
220 | do { | |
221 | byte = *p++; | |
222 | val |= (target_ulong)(byte & 0x7f) << shift; | |
223 | shift += 7; | |
224 | } while (byte & 0x80); | |
225 | if (shift < TARGET_LONG_BITS && (byte & 0x40)) { | |
226 | val |= -(target_ulong)1 << shift; | |
227 | } | |
228 | ||
229 | *pp = p; | |
230 | return val; | |
231 | } | |
232 | ||
233 | /* Encode the data collected about the instructions while compiling TB. | |
234 | Place the data at BLOCK, and return the number of bytes consumed. | |
235 | ||
236 | The logical table consisits of TARGET_INSN_START_WORDS target_ulong's, | |
237 | which come from the target's insn_start data, followed by a uintptr_t | |
238 | which comes from the host pc of the end of the code implementing the insn. | |
239 | ||
240 | Each line of the table is encoded as sleb128 deltas from the previous | |
241 | line. The seed for the first line is { tb->pc, 0..., tb->tc_ptr }. | |
242 | That is, the first column is seeded with the guest pc, the last column | |
243 | with the host pc, and the middle columns with zeros. */ | |
244 | ||
245 | static int encode_search(TranslationBlock *tb, uint8_t *block) | |
246 | { | |
b125f9dc | 247 | uint8_t *highwater = tcg_ctx.code_gen_highwater; |
fca8a500 RH |
248 | uint8_t *p = block; |
249 | int i, j, n; | |
250 | ||
251 | tb->tc_search = block; | |
252 | ||
253 | for (i = 0, n = tb->icount; i < n; ++i) { | |
254 | target_ulong prev; | |
255 | ||
256 | for (j = 0; j < TARGET_INSN_START_WORDS; ++j) { | |
257 | if (i == 0) { | |
258 | prev = (j == 0 ? tb->pc : 0); | |
259 | } else { | |
260 | prev = tcg_ctx.gen_insn_data[i - 1][j]; | |
261 | } | |
262 | p = encode_sleb128(p, tcg_ctx.gen_insn_data[i][j] - prev); | |
263 | } | |
264 | prev = (i == 0 ? 0 : tcg_ctx.gen_insn_end_off[i - 1]); | |
265 | p = encode_sleb128(p, tcg_ctx.gen_insn_end_off[i] - prev); | |
b125f9dc RH |
266 | |
267 | /* Test for (pending) buffer overflow. The assumption is that any | |
268 | one row beginning below the high water mark cannot overrun | |
269 | the buffer completely. Thus we can test for overflow after | |
270 | encoding a row without having to check during encoding. */ | |
271 | if (unlikely(p > highwater)) { | |
272 | return -1; | |
273 | } | |
fca8a500 RH |
274 | } |
275 | ||
276 | return p - block; | |
277 | } | |
278 | ||
7d7500d9 PB |
279 | /* The cpu state corresponding to 'searched_pc' is restored. |
280 | * Called with tb_lock held. | |
281 | */ | |
74f10515 | 282 | static int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb, |
a8a826a3 | 283 | uintptr_t searched_pc) |
d19893da | 284 | { |
fca8a500 RH |
285 | target_ulong data[TARGET_INSN_START_WORDS] = { tb->pc }; |
286 | uintptr_t host_pc = (uintptr_t)tb->tc_ptr; | |
74f10515 | 287 | CPUArchState *env = cpu->env_ptr; |
fca8a500 RH |
288 | uint8_t *p = tb->tc_search; |
289 | int i, j, num_insns = tb->icount; | |
57fec1fe | 290 | #ifdef CONFIG_PROFILER |
fca8a500 | 291 | int64_t ti = profile_getclock(); |
57fec1fe FB |
292 | #endif |
293 | ||
01ecaf43 RH |
294 | searched_pc -= GETPC_ADJ; |
295 | ||
fca8a500 RH |
296 | if (searched_pc < host_pc) { |
297 | return -1; | |
298 | } | |
d19893da | 299 | |
fca8a500 RH |
300 | /* Reconstruct the stored insn data while looking for the point at |
301 | which the end of the insn exceeds the searched_pc. */ | |
302 | for (i = 0; i < num_insns; ++i) { | |
303 | for (j = 0; j < TARGET_INSN_START_WORDS; ++j) { | |
304 | data[j] += decode_sleb128(&p); | |
305 | } | |
306 | host_pc += decode_sleb128(&p); | |
307 | if (host_pc > searched_pc) { | |
308 | goto found; | |
309 | } | |
310 | } | |
311 | return -1; | |
3b46e624 | 312 | |
fca8a500 | 313 | found: |
bd79255d | 314 | if (tb->cflags & CF_USE_ICOUNT) { |
414b15c9 | 315 | assert(use_icount); |
2e70f6ef | 316 | /* Reset the cycle counter to the start of the block. */ |
fca8a500 | 317 | cpu->icount_decr.u16.low += num_insns; |
2e70f6ef | 318 | /* Clear the IO flag. */ |
99df7dce | 319 | cpu->can_do_io = 0; |
2e70f6ef | 320 | } |
fca8a500 RH |
321 | cpu->icount_decr.u16.low -= i; |
322 | restore_state_to_opc(env, tb, data); | |
57fec1fe FB |
323 | |
324 | #ifdef CONFIG_PROFILER | |
fca8a500 RH |
325 | tcg_ctx.restore_time += profile_getclock() - ti; |
326 | tcg_ctx.restore_count++; | |
57fec1fe | 327 | #endif |
d19893da FB |
328 | return 0; |
329 | } | |
5b6dd868 | 330 | |
3f38f309 | 331 | bool cpu_restore_state(CPUState *cpu, uintptr_t retaddr) |
a8a826a3 BS |
332 | { |
333 | TranslationBlock *tb; | |
a5e99826 | 334 | bool r = false; |
a8a826a3 | 335 | |
d8b2239b AB |
336 | /* A retaddr of zero is invalid so we really shouldn't have ended |
337 | * up here. The target code has likely forgotten to check retaddr | |
338 | * != 0 before attempting to restore state. We return early to | |
339 | * avoid blowing up on a recursive tb_lock(). The target must have | |
340 | * previously survived a failed cpu_restore_state because | |
341 | * tb_find_pc(0) would have failed anyway. It still should be | |
342 | * fixed though. | |
343 | */ | |
344 | ||
345 | if (!retaddr) { | |
346 | return r; | |
347 | } | |
348 | ||
a5e99826 | 349 | tb_lock(); |
a8a826a3 BS |
350 | tb = tb_find_pc(retaddr); |
351 | if (tb) { | |
74f10515 | 352 | cpu_restore_state_from_tb(cpu, tb, retaddr); |
d8a499f1 PD |
353 | if (tb->cflags & CF_NOCACHE) { |
354 | /* one-shot translation, invalidate it immediately */ | |
d8a499f1 PD |
355 | tb_phys_invalidate(tb, -1); |
356 | tb_free(tb); | |
357 | } | |
a5e99826 | 358 | r = true; |
a8a826a3 | 359 | } |
a5e99826 FK |
360 | tb_unlock(); |
361 | ||
362 | return r; | |
a8a826a3 BS |
363 | } |
364 | ||
47c16ed5 | 365 | void page_size_init(void) |
5b6dd868 BS |
366 | { |
367 | /* NOTE: we can always suppose that qemu_host_page_size >= | |
368 | TARGET_PAGE_SIZE */ | |
5b6dd868 | 369 | qemu_real_host_page_size = getpagesize(); |
0c2d70c4 | 370 | qemu_real_host_page_mask = -(intptr_t)qemu_real_host_page_size; |
5b6dd868 BS |
371 | if (qemu_host_page_size == 0) { |
372 | qemu_host_page_size = qemu_real_host_page_size; | |
373 | } | |
374 | if (qemu_host_page_size < TARGET_PAGE_SIZE) { | |
375 | qemu_host_page_size = TARGET_PAGE_SIZE; | |
376 | } | |
0c2d70c4 | 377 | qemu_host_page_mask = -(intptr_t)qemu_host_page_size; |
47c16ed5 | 378 | } |
5b6dd868 | 379 | |
47c16ed5 AK |
380 | static void page_init(void) |
381 | { | |
382 | page_size_init(); | |
66ec9f49 VK |
383 | page_table_config_init(); |
384 | ||
5b6dd868 BS |
385 | #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY) |
386 | { | |
387 | #ifdef HAVE_KINFO_GETVMMAP | |
388 | struct kinfo_vmentry *freep; | |
389 | int i, cnt; | |
390 | ||
391 | freep = kinfo_getvmmap(getpid(), &cnt); | |
392 | if (freep) { | |
393 | mmap_lock(); | |
394 | for (i = 0; i < cnt; i++) { | |
395 | unsigned long startaddr, endaddr; | |
396 | ||
397 | startaddr = freep[i].kve_start; | |
398 | endaddr = freep[i].kve_end; | |
399 | if (h2g_valid(startaddr)) { | |
400 | startaddr = h2g(startaddr) & TARGET_PAGE_MASK; | |
401 | ||
402 | if (h2g_valid(endaddr)) { | |
403 | endaddr = h2g(endaddr); | |
404 | page_set_flags(startaddr, endaddr, PAGE_RESERVED); | |
405 | } else { | |
406 | #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS | |
407 | endaddr = ~0ul; | |
408 | page_set_flags(startaddr, endaddr, PAGE_RESERVED); | |
409 | #endif | |
410 | } | |
411 | } | |
412 | } | |
413 | free(freep); | |
414 | mmap_unlock(); | |
415 | } | |
416 | #else | |
417 | FILE *f; | |
418 | ||
419 | last_brk = (unsigned long)sbrk(0); | |
420 | ||
421 | f = fopen("/compat/linux/proc/self/maps", "r"); | |
422 | if (f) { | |
423 | mmap_lock(); | |
424 | ||
425 | do { | |
426 | unsigned long startaddr, endaddr; | |
427 | int n; | |
428 | ||
429 | n = fscanf(f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr); | |
430 | ||
431 | if (n == 2 && h2g_valid(startaddr)) { | |
432 | startaddr = h2g(startaddr) & TARGET_PAGE_MASK; | |
433 | ||
434 | if (h2g_valid(endaddr)) { | |
435 | endaddr = h2g(endaddr); | |
436 | } else { | |
437 | endaddr = ~0ul; | |
438 | } | |
439 | page_set_flags(startaddr, endaddr, PAGE_RESERVED); | |
440 | } | |
441 | } while (!feof(f)); | |
442 | ||
443 | fclose(f); | |
444 | mmap_unlock(); | |
445 | } | |
446 | #endif | |
447 | } | |
448 | #endif | |
449 | } | |
450 | ||
75692087 | 451 | /* If alloc=1: |
7d7500d9 | 452 | * Called with tb_lock held for system emulation. |
75692087 PB |
453 | * Called with mmap_lock held for user-mode emulation. |
454 | */ | |
5b6dd868 BS |
455 | static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc) |
456 | { | |
457 | PageDesc *pd; | |
458 | void **lp; | |
459 | int i; | |
460 | ||
e505a063 AB |
461 | if (alloc) { |
462 | assert_memory_lock(); | |
463 | } | |
464 | ||
5b6dd868 | 465 | /* Level 1. Always allocated. */ |
66ec9f49 | 466 | lp = l1_map + ((index >> v_l1_shift) & (v_l1_size - 1)); |
5b6dd868 BS |
467 | |
468 | /* Level 2..N-1. */ | |
66ec9f49 | 469 | for (i = v_l2_levels; i > 0; i--) { |
6940fab8 | 470 | void **p = atomic_rcu_read(lp); |
5b6dd868 BS |
471 | |
472 | if (p == NULL) { | |
473 | if (!alloc) { | |
474 | return NULL; | |
475 | } | |
e3a0abfd | 476 | p = g_new0(void *, V_L2_SIZE); |
6940fab8 | 477 | atomic_rcu_set(lp, p); |
5b6dd868 BS |
478 | } |
479 | ||
03f49957 | 480 | lp = p + ((index >> (i * V_L2_BITS)) & (V_L2_SIZE - 1)); |
5b6dd868 BS |
481 | } |
482 | ||
6940fab8 | 483 | pd = atomic_rcu_read(lp); |
5b6dd868 BS |
484 | if (pd == NULL) { |
485 | if (!alloc) { | |
486 | return NULL; | |
487 | } | |
e3a0abfd | 488 | pd = g_new0(PageDesc, V_L2_SIZE); |
6940fab8 | 489 | atomic_rcu_set(lp, pd); |
5b6dd868 BS |
490 | } |
491 | ||
03f49957 | 492 | return pd + (index & (V_L2_SIZE - 1)); |
5b6dd868 BS |
493 | } |
494 | ||
495 | static inline PageDesc *page_find(tb_page_addr_t index) | |
496 | { | |
497 | return page_find_alloc(index, 0); | |
498 | } | |
499 | ||
5b6dd868 BS |
500 | #if defined(CONFIG_USER_ONLY) |
501 | /* Currently it is not recommended to allocate big chunks of data in | |
502 | user mode. It will change when a dedicated libc will be used. */ | |
503 | /* ??? 64-bit hosts ought to have no problem mmaping data outside the | |
504 | region in which the guest needs to run. Revisit this. */ | |
505 | #define USE_STATIC_CODE_GEN_BUFFER | |
506 | #endif | |
507 | ||
5b6dd868 BS |
508 | /* Minimum size of the code gen buffer. This number is randomly chosen, |
509 | but not so small that we can't have a fair number of TB's live. */ | |
510 | #define MIN_CODE_GEN_BUFFER_SIZE (1024u * 1024) | |
511 | ||
512 | /* Maximum size of the code gen buffer we'd like to use. Unless otherwise | |
513 | indicated, this is constrained by the range of direct branches on the | |
514 | host cpu, as used by the TCG implementation of goto_tb. */ | |
515 | #if defined(__x86_64__) | |
516 | # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024) | |
517 | #elif defined(__sparc__) | |
518 | # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024) | |
5bfd75a3 RH |
519 | #elif defined(__powerpc64__) |
520 | # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024) | |
399f1648 SF |
521 | #elif defined(__powerpc__) |
522 | # define MAX_CODE_GEN_BUFFER_SIZE (32u * 1024 * 1024) | |
4a136e0a CF |
523 | #elif defined(__aarch64__) |
524 | # define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024) | |
5b6dd868 BS |
525 | #elif defined(__arm__) |
526 | # define MAX_CODE_GEN_BUFFER_SIZE (16u * 1024 * 1024) | |
527 | #elif defined(__s390x__) | |
528 | /* We have a +- 4GB range on the branches; leave some slop. */ | |
529 | # define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024) | |
479eb121 RH |
530 | #elif defined(__mips__) |
531 | /* We have a 256MB branch region, but leave room to make sure the | |
532 | main executable is also within that region. */ | |
533 | # define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024) | |
5b6dd868 BS |
534 | #else |
535 | # define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1) | |
536 | #endif | |
537 | ||
538 | #define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024) | |
539 | ||
540 | #define DEFAULT_CODE_GEN_BUFFER_SIZE \ | |
541 | (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \ | |
542 | ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE) | |
543 | ||
544 | static inline size_t size_code_gen_buffer(size_t tb_size) | |
545 | { | |
546 | /* Size the buffer. */ | |
547 | if (tb_size == 0) { | |
548 | #ifdef USE_STATIC_CODE_GEN_BUFFER | |
549 | tb_size = DEFAULT_CODE_GEN_BUFFER_SIZE; | |
550 | #else | |
551 | /* ??? Needs adjustments. */ | |
552 | /* ??? If we relax the requirement that CONFIG_USER_ONLY use the | |
553 | static buffer, we could size this on RESERVED_VA, on the text | |
554 | segment size of the executable, or continue to use the default. */ | |
555 | tb_size = (unsigned long)(ram_size / 4); | |
556 | #endif | |
557 | } | |
558 | if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) { | |
559 | tb_size = MIN_CODE_GEN_BUFFER_SIZE; | |
560 | } | |
561 | if (tb_size > MAX_CODE_GEN_BUFFER_SIZE) { | |
562 | tb_size = MAX_CODE_GEN_BUFFER_SIZE; | |
563 | } | |
5b6dd868 BS |
564 | return tb_size; |
565 | } | |
566 | ||
483c76e1 RH |
567 | #ifdef __mips__ |
568 | /* In order to use J and JAL within the code_gen_buffer, we require | |
569 | that the buffer not cross a 256MB boundary. */ | |
570 | static inline bool cross_256mb(void *addr, size_t size) | |
571 | { | |
7ba6a512 | 572 | return ((uintptr_t)addr ^ ((uintptr_t)addr + size)) & ~0x0ffffffful; |
483c76e1 RH |
573 | } |
574 | ||
575 | /* We weren't able to allocate a buffer without crossing that boundary, | |
576 | so make do with the larger portion of the buffer that doesn't cross. | |
577 | Returns the new base of the buffer, and adjusts code_gen_buffer_size. */ | |
578 | static inline void *split_cross_256mb(void *buf1, size_t size1) | |
579 | { | |
7ba6a512 | 580 | void *buf2 = (void *)(((uintptr_t)buf1 + size1) & ~0x0ffffffful); |
483c76e1 RH |
581 | size_t size2 = buf1 + size1 - buf2; |
582 | ||
583 | size1 = buf2 - buf1; | |
584 | if (size1 < size2) { | |
585 | size1 = size2; | |
586 | buf1 = buf2; | |
587 | } | |
588 | ||
589 | tcg_ctx.code_gen_buffer_size = size1; | |
590 | return buf1; | |
591 | } | |
592 | #endif | |
593 | ||
5b6dd868 BS |
594 | #ifdef USE_STATIC_CODE_GEN_BUFFER |
595 | static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE] | |
596 | __attribute__((aligned(CODE_GEN_ALIGN))); | |
597 | ||
f293709c RH |
598 | # ifdef _WIN32 |
599 | static inline void do_protect(void *addr, long size, int prot) | |
600 | { | |
601 | DWORD old_protect; | |
602 | VirtualProtect(addr, size, prot, &old_protect); | |
603 | } | |
604 | ||
605 | static inline void map_exec(void *addr, long size) | |
606 | { | |
607 | do_protect(addr, size, PAGE_EXECUTE_READWRITE); | |
608 | } | |
609 | ||
610 | static inline void map_none(void *addr, long size) | |
611 | { | |
612 | do_protect(addr, size, PAGE_NOACCESS); | |
613 | } | |
614 | # else | |
615 | static inline void do_protect(void *addr, long size, int prot) | |
616 | { | |
617 | uintptr_t start, end; | |
618 | ||
619 | start = (uintptr_t)addr; | |
620 | start &= qemu_real_host_page_mask; | |
621 | ||
622 | end = (uintptr_t)addr + size; | |
623 | end = ROUND_UP(end, qemu_real_host_page_size); | |
624 | ||
625 | mprotect((void *)start, end - start, prot); | |
626 | } | |
627 | ||
628 | static inline void map_exec(void *addr, long size) | |
629 | { | |
630 | do_protect(addr, size, PROT_READ | PROT_WRITE | PROT_EXEC); | |
631 | } | |
632 | ||
633 | static inline void map_none(void *addr, long size) | |
634 | { | |
635 | do_protect(addr, size, PROT_NONE); | |
636 | } | |
637 | # endif /* WIN32 */ | |
638 | ||
5b6dd868 BS |
639 | static inline void *alloc_code_gen_buffer(void) |
640 | { | |
483c76e1 | 641 | void *buf = static_code_gen_buffer; |
f293709c RH |
642 | size_t full_size, size; |
643 | ||
644 | /* The size of the buffer, rounded down to end on a page boundary. */ | |
645 | full_size = (((uintptr_t)buf + sizeof(static_code_gen_buffer)) | |
646 | & qemu_real_host_page_mask) - (uintptr_t)buf; | |
647 | ||
648 | /* Reserve a guard page. */ | |
649 | size = full_size - qemu_real_host_page_size; | |
650 | ||
651 | /* Honor a command-line option limiting the size of the buffer. */ | |
652 | if (size > tcg_ctx.code_gen_buffer_size) { | |
653 | size = (((uintptr_t)buf + tcg_ctx.code_gen_buffer_size) | |
654 | & qemu_real_host_page_mask) - (uintptr_t)buf; | |
655 | } | |
656 | tcg_ctx.code_gen_buffer_size = size; | |
657 | ||
483c76e1 | 658 | #ifdef __mips__ |
f293709c RH |
659 | if (cross_256mb(buf, size)) { |
660 | buf = split_cross_256mb(buf, size); | |
661 | size = tcg_ctx.code_gen_buffer_size; | |
483c76e1 RH |
662 | } |
663 | #endif | |
f293709c RH |
664 | |
665 | map_exec(buf, size); | |
666 | map_none(buf + size, qemu_real_host_page_size); | |
667 | qemu_madvise(buf, size, QEMU_MADV_HUGEPAGE); | |
668 | ||
483c76e1 | 669 | return buf; |
5b6dd868 | 670 | } |
f293709c RH |
671 | #elif defined(_WIN32) |
672 | static inline void *alloc_code_gen_buffer(void) | |
673 | { | |
674 | size_t size = tcg_ctx.code_gen_buffer_size; | |
675 | void *buf1, *buf2; | |
676 | ||
677 | /* Perform the allocation in two steps, so that the guard page | |
678 | is reserved but uncommitted. */ | |
679 | buf1 = VirtualAlloc(NULL, size + qemu_real_host_page_size, | |
680 | MEM_RESERVE, PAGE_NOACCESS); | |
681 | if (buf1 != NULL) { | |
682 | buf2 = VirtualAlloc(buf1, size, MEM_COMMIT, PAGE_EXECUTE_READWRITE); | |
683 | assert(buf1 == buf2); | |
684 | } | |
685 | ||
686 | return buf1; | |
687 | } | |
688 | #else | |
5b6dd868 BS |
689 | static inline void *alloc_code_gen_buffer(void) |
690 | { | |
691 | int flags = MAP_PRIVATE | MAP_ANONYMOUS; | |
692 | uintptr_t start = 0; | |
f293709c | 693 | size_t size = tcg_ctx.code_gen_buffer_size; |
5b6dd868 BS |
694 | void *buf; |
695 | ||
696 | /* Constrain the position of the buffer based on the host cpu. | |
697 | Note that these addresses are chosen in concert with the | |
698 | addresses assigned in the relevant linker script file. */ | |
699 | # if defined(__PIE__) || defined(__PIC__) | |
700 | /* Don't bother setting a preferred location if we're building | |
701 | a position-independent executable. We're more likely to get | |
702 | an address near the main executable if we let the kernel | |
703 | choose the address. */ | |
704 | # elif defined(__x86_64__) && defined(MAP_32BIT) | |
705 | /* Force the memory down into low memory with the executable. | |
706 | Leave the choice of exact location with the kernel. */ | |
707 | flags |= MAP_32BIT; | |
708 | /* Cannot expect to map more than 800MB in low memory. */ | |
f293709c RH |
709 | if (size > 800u * 1024 * 1024) { |
710 | tcg_ctx.code_gen_buffer_size = size = 800u * 1024 * 1024; | |
5b6dd868 BS |
711 | } |
712 | # elif defined(__sparc__) | |
713 | start = 0x40000000ul; | |
714 | # elif defined(__s390x__) | |
715 | start = 0x90000000ul; | |
479eb121 | 716 | # elif defined(__mips__) |
f293709c | 717 | # if _MIPS_SIM == _ABI64 |
479eb121 RH |
718 | start = 0x128000000ul; |
719 | # else | |
720 | start = 0x08000000ul; | |
721 | # endif | |
5b6dd868 BS |
722 | # endif |
723 | ||
f293709c RH |
724 | buf = mmap((void *)start, size + qemu_real_host_page_size, |
725 | PROT_NONE, flags, -1, 0); | |
483c76e1 RH |
726 | if (buf == MAP_FAILED) { |
727 | return NULL; | |
728 | } | |
729 | ||
730 | #ifdef __mips__ | |
f293709c | 731 | if (cross_256mb(buf, size)) { |
5d831be2 | 732 | /* Try again, with the original still mapped, to avoid re-acquiring |
483c76e1 | 733 | that 256mb crossing. This time don't specify an address. */ |
f293709c RH |
734 | size_t size2; |
735 | void *buf2 = mmap(NULL, size + qemu_real_host_page_size, | |
736 | PROT_NONE, flags, -1, 0); | |
f68808c7 | 737 | switch ((int)(buf2 != MAP_FAILED)) { |
f293709c RH |
738 | case 1: |
739 | if (!cross_256mb(buf2, size)) { | |
483c76e1 | 740 | /* Success! Use the new buffer. */ |
8bdf4997 | 741 | munmap(buf, size + qemu_real_host_page_size); |
f293709c | 742 | break; |
483c76e1 RH |
743 | } |
744 | /* Failure. Work with what we had. */ | |
8bdf4997 | 745 | munmap(buf2, size + qemu_real_host_page_size); |
f293709c RH |
746 | /* fallthru */ |
747 | default: | |
748 | /* Split the original buffer. Free the smaller half. */ | |
749 | buf2 = split_cross_256mb(buf, size); | |
750 | size2 = tcg_ctx.code_gen_buffer_size; | |
751 | if (buf == buf2) { | |
752 | munmap(buf + size2 + qemu_real_host_page_size, size - size2); | |
753 | } else { | |
754 | munmap(buf, size - size2); | |
755 | } | |
756 | size = size2; | |
757 | break; | |
483c76e1 | 758 | } |
f293709c | 759 | buf = buf2; |
483c76e1 RH |
760 | } |
761 | #endif | |
762 | ||
f293709c RH |
763 | /* Make the final buffer accessible. The guard page at the end |
764 | will remain inaccessible with PROT_NONE. */ | |
765 | mprotect(buf, size, PROT_WRITE | PROT_READ | PROT_EXEC); | |
483c76e1 | 766 | |
f293709c RH |
767 | /* Request large pages for the buffer. */ |
768 | qemu_madvise(buf, size, QEMU_MADV_HUGEPAGE); | |
483c76e1 | 769 | |
5b6dd868 BS |
770 | return buf; |
771 | } | |
f293709c | 772 | #endif /* USE_STATIC_CODE_GEN_BUFFER, WIN32, POSIX */ |
5b6dd868 BS |
773 | |
774 | static inline void code_gen_alloc(size_t tb_size) | |
775 | { | |
0b0d3320 EV |
776 | tcg_ctx.code_gen_buffer_size = size_code_gen_buffer(tb_size); |
777 | tcg_ctx.code_gen_buffer = alloc_code_gen_buffer(); | |
778 | if (tcg_ctx.code_gen_buffer == NULL) { | |
5b6dd868 BS |
779 | fprintf(stderr, "Could not allocate dynamic translator buffer\n"); |
780 | exit(1); | |
781 | } | |
782 | ||
8163b749 RH |
783 | /* Estimate a good size for the number of TBs we can support. We |
784 | still haven't deducted the prologue from the buffer size here, | |
785 | but that's minimal and won't affect the estimate much. */ | |
786 | tcg_ctx.code_gen_max_blocks | |
787 | = tcg_ctx.code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE; | |
788 | tcg_ctx.tb_ctx.tbs = g_new(TranslationBlock, tcg_ctx.code_gen_max_blocks); | |
789 | ||
677ef623 | 790 | qemu_mutex_init(&tcg_ctx.tb_ctx.tb_lock); |
5b6dd868 BS |
791 | } |
792 | ||
909eaac9 EC |
793 | static void tb_htable_init(void) |
794 | { | |
795 | unsigned int mode = QHT_MODE_AUTO_RESIZE; | |
796 | ||
797 | qht_init(&tcg_ctx.tb_ctx.htable, CODE_GEN_HTABLE_SIZE, mode); | |
798 | } | |
799 | ||
5b6dd868 BS |
800 | /* Must be called before using the QEMU cpus. 'tb_size' is the size |
801 | (in bytes) allocated to the translation buffer. Zero means default | |
802 | size. */ | |
803 | void tcg_exec_init(unsigned long tb_size) | |
804 | { | |
805 | cpu_gen_init(); | |
5b6dd868 | 806 | page_init(); |
909eaac9 | 807 | tb_htable_init(); |
f293709c | 808 | code_gen_alloc(tb_size); |
4cbea598 | 809 | #if defined(CONFIG_SOFTMMU) |
5b6dd868 BS |
810 | /* There's no guest base to take into account, so go ahead and |
811 | initialize the prologue now. */ | |
812 | tcg_prologue_init(&tcg_ctx); | |
813 | #endif | |
814 | } | |
815 | ||
816 | bool tcg_enabled(void) | |
817 | { | |
0b0d3320 | 818 | return tcg_ctx.code_gen_buffer != NULL; |
5b6dd868 BS |
819 | } |
820 | ||
7d7500d9 PB |
821 | /* |
822 | * Allocate a new translation block. Flush the translation buffer if | |
823 | * too many translation blocks or too much generated code. | |
824 | * | |
825 | * Called with tb_lock held. | |
826 | */ | |
5b6dd868 BS |
827 | static TranslationBlock *tb_alloc(target_ulong pc) |
828 | { | |
829 | TranslationBlock *tb; | |
830 | ||
6ac3d7e8 | 831 | assert_tb_locked(); |
e505a063 | 832 | |
b125f9dc | 833 | if (tcg_ctx.tb_ctx.nb_tbs >= tcg_ctx.code_gen_max_blocks) { |
5b6dd868 BS |
834 | return NULL; |
835 | } | |
5e5f07e0 | 836 | tb = &tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs++]; |
5b6dd868 BS |
837 | tb->pc = pc; |
838 | tb->cflags = 0; | |
6d21e420 | 839 | tb->invalid = false; |
5b6dd868 BS |
840 | return tb; |
841 | } | |
842 | ||
7d7500d9 | 843 | /* Called with tb_lock held. */ |
5b6dd868 BS |
844 | void tb_free(TranslationBlock *tb) |
845 | { | |
6ac3d7e8 | 846 | assert_tb_locked(); |
e505a063 | 847 | |
5b6dd868 BS |
848 | /* In practice this is mostly used for single use temporary TB |
849 | Ignore the hard cases and just back up if this TB happens to | |
850 | be the last one generated. */ | |
5e5f07e0 EV |
851 | if (tcg_ctx.tb_ctx.nb_tbs > 0 && |
852 | tb == &tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs - 1]) { | |
0b0d3320 | 853 | tcg_ctx.code_gen_ptr = tb->tc_ptr; |
5e5f07e0 | 854 | tcg_ctx.tb_ctx.nb_tbs--; |
5b6dd868 BS |
855 | } |
856 | } | |
857 | ||
858 | static inline void invalidate_page_bitmap(PageDesc *p) | |
859 | { | |
6fad459c | 860 | #ifdef CONFIG_SOFTMMU |
012aef07 MA |
861 | g_free(p->code_bitmap); |
862 | p->code_bitmap = NULL; | |
5b6dd868 | 863 | p->code_write_count = 0; |
6fad459c | 864 | #endif |
5b6dd868 BS |
865 | } |
866 | ||
867 | /* Set to NULL all the 'first_tb' fields in all PageDescs. */ | |
868 | static void page_flush_tb_1(int level, void **lp) | |
869 | { | |
870 | int i; | |
871 | ||
872 | if (*lp == NULL) { | |
873 | return; | |
874 | } | |
875 | if (level == 0) { | |
876 | PageDesc *pd = *lp; | |
877 | ||
03f49957 | 878 | for (i = 0; i < V_L2_SIZE; ++i) { |
5b6dd868 BS |
879 | pd[i].first_tb = NULL; |
880 | invalidate_page_bitmap(pd + i); | |
881 | } | |
882 | } else { | |
883 | void **pp = *lp; | |
884 | ||
03f49957 | 885 | for (i = 0; i < V_L2_SIZE; ++i) { |
5b6dd868 BS |
886 | page_flush_tb_1(level - 1, pp + i); |
887 | } | |
888 | } | |
889 | } | |
890 | ||
891 | static void page_flush_tb(void) | |
892 | { | |
66ec9f49 | 893 | int i, l1_sz = v_l1_size; |
5b6dd868 | 894 | |
66ec9f49 VK |
895 | for (i = 0; i < l1_sz; i++) { |
896 | page_flush_tb_1(v_l2_levels, l1_map + i); | |
5b6dd868 BS |
897 | } |
898 | } | |
899 | ||
900 | /* flush all the translation blocks */ | |
14e6fe12 | 901 | static void do_tb_flush(CPUState *cpu, run_on_cpu_data tb_flush_count) |
5b6dd868 | 902 | { |
3359baad SF |
903 | tb_lock(); |
904 | ||
14e6fe12 | 905 | /* If it is already been done on request of another CPU, |
3359baad SF |
906 | * just retry. |
907 | */ | |
14e6fe12 | 908 | if (tcg_ctx.tb_ctx.tb_flush_count != tb_flush_count.host_int) { |
3359baad | 909 | goto done; |
135a972b | 910 | } |
3359baad | 911 | |
955939a2 | 912 | #if defined(DEBUG_TB_FLUSH) |
5b6dd868 | 913 | printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n", |
0b0d3320 | 914 | (unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer), |
5e5f07e0 | 915 | tcg_ctx.tb_ctx.nb_tbs, tcg_ctx.tb_ctx.nb_tbs > 0 ? |
0b0d3320 | 916 | ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)) / |
5e5f07e0 | 917 | tcg_ctx.tb_ctx.nb_tbs : 0); |
5b6dd868 | 918 | #endif |
0b0d3320 EV |
919 | if ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer) |
920 | > tcg_ctx.code_gen_buffer_size) { | |
a47dddd7 | 921 | cpu_abort(cpu, "Internal error: code buffer overflow\n"); |
5b6dd868 | 922 | } |
5b6dd868 | 923 | |
bdc44640 | 924 | CPU_FOREACH(cpu) { |
89a16b1e SF |
925 | int i; |
926 | ||
927 | for (i = 0; i < TB_JMP_CACHE_SIZE; ++i) { | |
928 | atomic_set(&cpu->tb_jmp_cache[i], NULL); | |
929 | } | |
5b6dd868 BS |
930 | } |
931 | ||
118b0730 | 932 | tcg_ctx.tb_ctx.nb_tbs = 0; |
909eaac9 | 933 | qht_reset_size(&tcg_ctx.tb_ctx.htable, CODE_GEN_HTABLE_SIZE); |
5b6dd868 BS |
934 | page_flush_tb(); |
935 | ||
0b0d3320 | 936 | tcg_ctx.code_gen_ptr = tcg_ctx.code_gen_buffer; |
5b6dd868 BS |
937 | /* XXX: flush processor icache at this point if cache flush is |
938 | expensive */ | |
3359baad SF |
939 | atomic_mb_set(&tcg_ctx.tb_ctx.tb_flush_count, |
940 | tcg_ctx.tb_ctx.tb_flush_count + 1); | |
941 | ||
942 | done: | |
943 | tb_unlock(); | |
944 | } | |
945 | ||
946 | void tb_flush(CPUState *cpu) | |
947 | { | |
948 | if (tcg_enabled()) { | |
14e6fe12 PB |
949 | unsigned tb_flush_count = atomic_mb_read(&tcg_ctx.tb_ctx.tb_flush_count); |
950 | async_safe_run_on_cpu(cpu, do_tb_flush, | |
951 | RUN_ON_CPU_HOST_INT(tb_flush_count)); | |
3359baad | 952 | } |
5b6dd868 BS |
953 | } |
954 | ||
955 | #ifdef DEBUG_TB_CHECK | |
956 | ||
909eaac9 EC |
957 | static void |
958 | do_tb_invalidate_check(struct qht *ht, void *p, uint32_t hash, void *userp) | |
5b6dd868 | 959 | { |
909eaac9 EC |
960 | TranslationBlock *tb = p; |
961 | target_ulong addr = *(target_ulong *)userp; | |
962 | ||
963 | if (!(addr + TARGET_PAGE_SIZE <= tb->pc || addr >= tb->pc + tb->size)) { | |
964 | printf("ERROR invalidate: address=" TARGET_FMT_lx | |
965 | " PC=%08lx size=%04x\n", addr, (long)tb->pc, tb->size); | |
966 | } | |
967 | } | |
5b6dd868 | 968 | |
7d7500d9 PB |
969 | /* verify that all the pages have correct rights for code |
970 | * | |
971 | * Called with tb_lock held. | |
972 | */ | |
909eaac9 EC |
973 | static void tb_invalidate_check(target_ulong address) |
974 | { | |
5b6dd868 | 975 | address &= TARGET_PAGE_MASK; |
909eaac9 EC |
976 | qht_iter(&tcg_ctx.tb_ctx.htable, do_tb_invalidate_check, &address); |
977 | } | |
978 | ||
979 | static void | |
980 | do_tb_page_check(struct qht *ht, void *p, uint32_t hash, void *userp) | |
981 | { | |
982 | TranslationBlock *tb = p; | |
983 | int flags1, flags2; | |
984 | ||
985 | flags1 = page_get_flags(tb->pc); | |
986 | flags2 = page_get_flags(tb->pc + tb->size - 1); | |
987 | if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) { | |
988 | printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n", | |
989 | (long)tb->pc, tb->size, flags1, flags2); | |
5b6dd868 BS |
990 | } |
991 | } | |
992 | ||
993 | /* verify that all the pages have correct rights for code */ | |
994 | static void tb_page_check(void) | |
995 | { | |
909eaac9 | 996 | qht_iter(&tcg_ctx.tb_ctx.htable, do_tb_page_check, NULL); |
5b6dd868 BS |
997 | } |
998 | ||
999 | #endif | |
1000 | ||
5b6dd868 BS |
1001 | static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb) |
1002 | { | |
1003 | TranslationBlock *tb1; | |
1004 | unsigned int n1; | |
1005 | ||
1006 | for (;;) { | |
1007 | tb1 = *ptb; | |
1008 | n1 = (uintptr_t)tb1 & 3; | |
1009 | tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3); | |
1010 | if (tb1 == tb) { | |
1011 | *ptb = tb1->page_next[n1]; | |
1012 | break; | |
1013 | } | |
1014 | ptb = &tb1->page_next[n1]; | |
1015 | } | |
1016 | } | |
1017 | ||
13362678 SF |
1018 | /* remove the TB from a list of TBs jumping to the n-th jump target of the TB */ |
1019 | static inline void tb_remove_from_jmp_list(TranslationBlock *tb, int n) | |
5b6dd868 | 1020 | { |
c37e6d7e SF |
1021 | TranslationBlock *tb1; |
1022 | uintptr_t *ptb, ntb; | |
5b6dd868 BS |
1023 | unsigned int n1; |
1024 | ||
f309101c | 1025 | ptb = &tb->jmp_list_next[n]; |
c37e6d7e | 1026 | if (*ptb) { |
5b6dd868 BS |
1027 | /* find tb(n) in circular list */ |
1028 | for (;;) { | |
c37e6d7e SF |
1029 | ntb = *ptb; |
1030 | n1 = ntb & 3; | |
1031 | tb1 = (TranslationBlock *)(ntb & ~3); | |
5b6dd868 BS |
1032 | if (n1 == n && tb1 == tb) { |
1033 | break; | |
1034 | } | |
1035 | if (n1 == 2) { | |
f309101c | 1036 | ptb = &tb1->jmp_list_first; |
5b6dd868 | 1037 | } else { |
f309101c | 1038 | ptb = &tb1->jmp_list_next[n1]; |
5b6dd868 BS |
1039 | } |
1040 | } | |
1041 | /* now we can suppress tb(n) from the list */ | |
f309101c | 1042 | *ptb = tb->jmp_list_next[n]; |
5b6dd868 | 1043 | |
c37e6d7e | 1044 | tb->jmp_list_next[n] = (uintptr_t)NULL; |
5b6dd868 BS |
1045 | } |
1046 | } | |
1047 | ||
1048 | /* reset the jump entry 'n' of a TB so that it is not chained to | |
1049 | another TB */ | |
1050 | static inline void tb_reset_jump(TranslationBlock *tb, int n) | |
1051 | { | |
f309101c SF |
1052 | uintptr_t addr = (uintptr_t)(tb->tc_ptr + tb->jmp_reset_offset[n]); |
1053 | tb_set_jmp_target(tb, n, addr); | |
5b6dd868 BS |
1054 | } |
1055 | ||
89bba496 SF |
1056 | /* remove any jumps to the TB */ |
1057 | static inline void tb_jmp_unlink(TranslationBlock *tb) | |
1058 | { | |
f9c5b66f SF |
1059 | TranslationBlock *tb1; |
1060 | uintptr_t *ptb, ntb; | |
89bba496 SF |
1061 | unsigned int n1; |
1062 | ||
f9c5b66f | 1063 | ptb = &tb->jmp_list_first; |
89bba496 | 1064 | for (;;) { |
f9c5b66f SF |
1065 | ntb = *ptb; |
1066 | n1 = ntb & 3; | |
1067 | tb1 = (TranslationBlock *)(ntb & ~3); | |
89bba496 SF |
1068 | if (n1 == 2) { |
1069 | break; | |
1070 | } | |
f9c5b66f SF |
1071 | tb_reset_jump(tb1, n1); |
1072 | *ptb = tb1->jmp_list_next[n1]; | |
1073 | tb1->jmp_list_next[n1] = (uintptr_t)NULL; | |
89bba496 | 1074 | } |
89bba496 SF |
1075 | } |
1076 | ||
7d7500d9 PB |
1077 | /* invalidate one TB |
1078 | * | |
1079 | * Called with tb_lock held. | |
1080 | */ | |
5b6dd868 BS |
1081 | void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr) |
1082 | { | |
182735ef | 1083 | CPUState *cpu; |
5b6dd868 | 1084 | PageDesc *p; |
42bd3228 | 1085 | uint32_t h; |
5b6dd868 | 1086 | tb_page_addr_t phys_pc; |
5b6dd868 | 1087 | |
6ac3d7e8 | 1088 | assert_tb_locked(); |
e505a063 | 1089 | |
6d21e420 PB |
1090 | atomic_set(&tb->invalid, true); |
1091 | ||
5b6dd868 BS |
1092 | /* remove the TB from the hash list */ |
1093 | phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK); | |
42bd3228 | 1094 | h = tb_hash_func(phys_pc, tb->pc, tb->flags); |
909eaac9 | 1095 | qht_remove(&tcg_ctx.tb_ctx.htable, tb, h); |
5b6dd868 BS |
1096 | |
1097 | /* remove the TB from the page list */ | |
1098 | if (tb->page_addr[0] != page_addr) { | |
1099 | p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS); | |
1100 | tb_page_remove(&p->first_tb, tb); | |
1101 | invalidate_page_bitmap(p); | |
1102 | } | |
1103 | if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) { | |
1104 | p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS); | |
1105 | tb_page_remove(&p->first_tb, tb); | |
1106 | invalidate_page_bitmap(p); | |
1107 | } | |
1108 | ||
5b6dd868 BS |
1109 | /* remove the TB from the hash list */ |
1110 | h = tb_jmp_cache_hash_func(tb->pc); | |
bdc44640 | 1111 | CPU_FOREACH(cpu) { |
89a16b1e SF |
1112 | if (atomic_read(&cpu->tb_jmp_cache[h]) == tb) { |
1113 | atomic_set(&cpu->tb_jmp_cache[h], NULL); | |
5b6dd868 BS |
1114 | } |
1115 | } | |
1116 | ||
1117 | /* suppress this TB from the two jump lists */ | |
13362678 SF |
1118 | tb_remove_from_jmp_list(tb, 0); |
1119 | tb_remove_from_jmp_list(tb, 1); | |
5b6dd868 BS |
1120 | |
1121 | /* suppress any remaining jumps to this TB */ | |
89bba496 | 1122 | tb_jmp_unlink(tb); |
5b6dd868 | 1123 | |
5e5f07e0 | 1124 | tcg_ctx.tb_ctx.tb_phys_invalidate_count++; |
5b6dd868 BS |
1125 | } |
1126 | ||
6fad459c | 1127 | #ifdef CONFIG_SOFTMMU |
5b6dd868 BS |
1128 | static void build_page_bitmap(PageDesc *p) |
1129 | { | |
1130 | int n, tb_start, tb_end; | |
1131 | TranslationBlock *tb; | |
1132 | ||
510a647f | 1133 | p->code_bitmap = bitmap_new(TARGET_PAGE_SIZE); |
5b6dd868 BS |
1134 | |
1135 | tb = p->first_tb; | |
1136 | while (tb != NULL) { | |
1137 | n = (uintptr_t)tb & 3; | |
1138 | tb = (TranslationBlock *)((uintptr_t)tb & ~3); | |
1139 | /* NOTE: this is subtle as a TB may span two physical pages */ | |
1140 | if (n == 0) { | |
1141 | /* NOTE: tb_end may be after the end of the page, but | |
1142 | it is not a problem */ | |
1143 | tb_start = tb->pc & ~TARGET_PAGE_MASK; | |
1144 | tb_end = tb_start + tb->size; | |
1145 | if (tb_end > TARGET_PAGE_SIZE) { | |
1146 | tb_end = TARGET_PAGE_SIZE; | |
e505a063 | 1147 | } |
5b6dd868 BS |
1148 | } else { |
1149 | tb_start = 0; | |
1150 | tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK); | |
1151 | } | |
510a647f | 1152 | bitmap_set(p->code_bitmap, tb_start, tb_end - tb_start); |
5b6dd868 BS |
1153 | tb = tb->page_next[n]; |
1154 | } | |
1155 | } | |
6fad459c | 1156 | #endif |
5b6dd868 | 1157 | |
e90d96b1 SF |
1158 | /* add the tb in the target page and protect it if necessary |
1159 | * | |
1160 | * Called with mmap_lock held for user-mode emulation. | |
1161 | */ | |
1162 | static inline void tb_alloc_page(TranslationBlock *tb, | |
1163 | unsigned int n, tb_page_addr_t page_addr) | |
1164 | { | |
1165 | PageDesc *p; | |
1166 | #ifndef CONFIG_USER_ONLY | |
1167 | bool page_already_protected; | |
1168 | #endif | |
1169 | ||
e505a063 AB |
1170 | assert_memory_lock(); |
1171 | ||
e90d96b1 SF |
1172 | tb->page_addr[n] = page_addr; |
1173 | p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1); | |
1174 | tb->page_next[n] = p->first_tb; | |
1175 | #ifndef CONFIG_USER_ONLY | |
1176 | page_already_protected = p->first_tb != NULL; | |
1177 | #endif | |
1178 | p->first_tb = (TranslationBlock *)((uintptr_t)tb | n); | |
1179 | invalidate_page_bitmap(p); | |
1180 | ||
1181 | #if defined(CONFIG_USER_ONLY) | |
1182 | if (p->flags & PAGE_WRITE) { | |
1183 | target_ulong addr; | |
1184 | PageDesc *p2; | |
1185 | int prot; | |
1186 | ||
1187 | /* force the host page as non writable (writes will have a | |
1188 | page fault + mprotect overhead) */ | |
1189 | page_addr &= qemu_host_page_mask; | |
1190 | prot = 0; | |
1191 | for (addr = page_addr; addr < page_addr + qemu_host_page_size; | |
1192 | addr += TARGET_PAGE_SIZE) { | |
1193 | ||
1194 | p2 = page_find(addr >> TARGET_PAGE_BITS); | |
1195 | if (!p2) { | |
1196 | continue; | |
1197 | } | |
1198 | prot |= p2->flags; | |
1199 | p2->flags &= ~PAGE_WRITE; | |
1200 | } | |
1201 | mprotect(g2h(page_addr), qemu_host_page_size, | |
1202 | (prot & PAGE_BITS) & ~PAGE_WRITE); | |
1203 | #ifdef DEBUG_TB_INVALIDATE | |
1204 | printf("protecting code page: 0x" TARGET_FMT_lx "\n", | |
1205 | page_addr); | |
1206 | #endif | |
1207 | } | |
1208 | #else | |
1209 | /* if some code is already present, then the pages are already | |
1210 | protected. So we handle the case where only the first TB is | |
1211 | allocated in a physical page */ | |
1212 | if (!page_already_protected) { | |
1213 | tlb_protect_code(page_addr); | |
1214 | } | |
1215 | #endif | |
1216 | } | |
1217 | ||
1218 | /* add a new TB and link it to the physical page tables. phys_page2 is | |
1219 | * (-1) to indicate that only one page contains the TB. | |
1220 | * | |
1221 | * Called with mmap_lock held for user-mode emulation. | |
1222 | */ | |
1223 | static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc, | |
1224 | tb_page_addr_t phys_page2) | |
1225 | { | |
42bd3228 | 1226 | uint32_t h; |
e90d96b1 | 1227 | |
e505a063 AB |
1228 | assert_memory_lock(); |
1229 | ||
e90d96b1 SF |
1230 | /* add in the page list */ |
1231 | tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK); | |
1232 | if (phys_page2 != -1) { | |
1233 | tb_alloc_page(tb, 1, phys_page2); | |
1234 | } else { | |
1235 | tb->page_addr[1] = -1; | |
1236 | } | |
1237 | ||
2e1ae44a AB |
1238 | /* add in the hash table */ |
1239 | h = tb_hash_func(phys_pc, tb->pc, tb->flags); | |
1240 | qht_insert(&tcg_ctx.tb_ctx.htable, tb, h); | |
1241 | ||
e90d96b1 SF |
1242 | #ifdef DEBUG_TB_CHECK |
1243 | tb_page_check(); | |
1244 | #endif | |
1245 | } | |
1246 | ||
75692087 | 1247 | /* Called with mmap_lock held for user mode emulation. */ |
648f034c | 1248 | TranslationBlock *tb_gen_code(CPUState *cpu, |
5b6dd868 | 1249 | target_ulong pc, target_ulong cs_base, |
89fee74a | 1250 | uint32_t flags, int cflags) |
5b6dd868 | 1251 | { |
648f034c | 1252 | CPUArchState *env = cpu->env_ptr; |
5b6dd868 | 1253 | TranslationBlock *tb; |
5b6dd868 BS |
1254 | tb_page_addr_t phys_pc, phys_page2; |
1255 | target_ulong virt_page2; | |
fec88f64 | 1256 | tcg_insn_unit *gen_code_buf; |
fca8a500 | 1257 | int gen_code_size, search_size; |
fec88f64 RH |
1258 | #ifdef CONFIG_PROFILER |
1259 | int64_t ti; | |
1260 | #endif | |
e505a063 | 1261 | assert_memory_lock(); |
5b6dd868 BS |
1262 | |
1263 | phys_pc = get_page_addr_code(env, pc); | |
56c0269a | 1264 | if (use_icount && !(cflags & CF_IGNORE_ICOUNT)) { |
0266359e PB |
1265 | cflags |= CF_USE_ICOUNT; |
1266 | } | |
b125f9dc | 1267 | |
5b6dd868 | 1268 | tb = tb_alloc(pc); |
b125f9dc RH |
1269 | if (unlikely(!tb)) { |
1270 | buffer_overflow: | |
5b6dd868 | 1271 | /* flush must be done */ |
bbd77c18 | 1272 | tb_flush(cpu); |
3359baad | 1273 | mmap_unlock(); |
8499c8fc PD |
1274 | /* Make the execution loop process the flush as soon as possible. */ |
1275 | cpu->exception_index = EXCP_INTERRUPT; | |
3359baad | 1276 | cpu_loop_exit(cpu); |
5b6dd868 | 1277 | } |
fec88f64 RH |
1278 | |
1279 | gen_code_buf = tcg_ctx.code_gen_ptr; | |
1280 | tb->tc_ptr = gen_code_buf; | |
5b6dd868 BS |
1281 | tb->cs_base = cs_base; |
1282 | tb->flags = flags; | |
1283 | tb->cflags = cflags; | |
fec88f64 RH |
1284 | |
1285 | #ifdef CONFIG_PROFILER | |
1286 | tcg_ctx.tb_count1++; /* includes aborted translations because of | |
1287 | exceptions */ | |
1288 | ti = profile_getclock(); | |
1289 | #endif | |
1290 | ||
1291 | tcg_func_start(&tcg_ctx); | |
1292 | ||
7c255043 | 1293 | tcg_ctx.cpu = ENV_GET_CPU(env); |
fec88f64 | 1294 | gen_intermediate_code(env, tb); |
7c255043 | 1295 | tcg_ctx.cpu = NULL; |
fec88f64 RH |
1296 | |
1297 | trace_translate_block(tb, tb->pc, tb->tc_ptr); | |
1298 | ||
1299 | /* generate machine code */ | |
f309101c SF |
1300 | tb->jmp_reset_offset[0] = TB_JMP_RESET_OFFSET_INVALID; |
1301 | tb->jmp_reset_offset[1] = TB_JMP_RESET_OFFSET_INVALID; | |
1302 | tcg_ctx.tb_jmp_reset_offset = tb->jmp_reset_offset; | |
fec88f64 | 1303 | #ifdef USE_DIRECT_JUMP |
f309101c SF |
1304 | tcg_ctx.tb_jmp_insn_offset = tb->jmp_insn_offset; |
1305 | tcg_ctx.tb_jmp_target_addr = NULL; | |
fec88f64 | 1306 | #else |
f309101c SF |
1307 | tcg_ctx.tb_jmp_insn_offset = NULL; |
1308 | tcg_ctx.tb_jmp_target_addr = tb->jmp_target_addr; | |
fec88f64 RH |
1309 | #endif |
1310 | ||
1311 | #ifdef CONFIG_PROFILER | |
1312 | tcg_ctx.tb_count++; | |
1313 | tcg_ctx.interm_time += profile_getclock() - ti; | |
1314 | tcg_ctx.code_time -= profile_getclock(); | |
1315 | #endif | |
1316 | ||
b125f9dc RH |
1317 | /* ??? Overflow could be handled better here. In particular, we |
1318 | don't need to re-do gen_intermediate_code, nor should we re-do | |
1319 | the tcg optimization currently hidden inside tcg_gen_code. All | |
1320 | that should be required is to flush the TBs, allocate a new TB, | |
1321 | re-initialize it per above, and re-do the actual code generation. */ | |
5bd2ec3d | 1322 | gen_code_size = tcg_gen_code(&tcg_ctx, tb); |
b125f9dc RH |
1323 | if (unlikely(gen_code_size < 0)) { |
1324 | goto buffer_overflow; | |
1325 | } | |
fca8a500 | 1326 | search_size = encode_search(tb, (void *)gen_code_buf + gen_code_size); |
b125f9dc RH |
1327 | if (unlikely(search_size < 0)) { |
1328 | goto buffer_overflow; | |
1329 | } | |
fec88f64 RH |
1330 | |
1331 | #ifdef CONFIG_PROFILER | |
1332 | tcg_ctx.code_time += profile_getclock(); | |
1333 | tcg_ctx.code_in_len += tb->size; | |
1334 | tcg_ctx.code_out_len += gen_code_size; | |
fca8a500 | 1335 | tcg_ctx.search_out_len += search_size; |
fec88f64 RH |
1336 | #endif |
1337 | ||
1338 | #ifdef DEBUG_DISAS | |
d977e1c2 AB |
1339 | if (qemu_loglevel_mask(CPU_LOG_TB_OUT_ASM) && |
1340 | qemu_log_in_addr_range(tb->pc)) { | |
1ee73216 | 1341 | qemu_log_lock(); |
fec88f64 RH |
1342 | qemu_log("OUT: [size=%d]\n", gen_code_size); |
1343 | log_disas(tb->tc_ptr, gen_code_size); | |
1344 | qemu_log("\n"); | |
1345 | qemu_log_flush(); | |
1ee73216 | 1346 | qemu_log_unlock(); |
fec88f64 RH |
1347 | } |
1348 | #endif | |
1349 | ||
fca8a500 RH |
1350 | tcg_ctx.code_gen_ptr = (void *) |
1351 | ROUND_UP((uintptr_t)gen_code_buf + gen_code_size + search_size, | |
1352 | CODE_GEN_ALIGN); | |
5b6dd868 | 1353 | |
901bc3de SF |
1354 | /* init jump list */ |
1355 | assert(((uintptr_t)tb & 3) == 0); | |
1356 | tb->jmp_list_first = (uintptr_t)tb | 2; | |
1357 | tb->jmp_list_next[0] = (uintptr_t)NULL; | |
1358 | tb->jmp_list_next[1] = (uintptr_t)NULL; | |
1359 | ||
1360 | /* init original jump addresses wich has been set during tcg_gen_code() */ | |
1361 | if (tb->jmp_reset_offset[0] != TB_JMP_RESET_OFFSET_INVALID) { | |
1362 | tb_reset_jump(tb, 0); | |
1363 | } | |
1364 | if (tb->jmp_reset_offset[1] != TB_JMP_RESET_OFFSET_INVALID) { | |
1365 | tb_reset_jump(tb, 1); | |
1366 | } | |
1367 | ||
5b6dd868 BS |
1368 | /* check next page if needed */ |
1369 | virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK; | |
1370 | phys_page2 = -1; | |
1371 | if ((pc & TARGET_PAGE_MASK) != virt_page2) { | |
1372 | phys_page2 = get_page_addr_code(env, virt_page2); | |
1373 | } | |
901bc3de SF |
1374 | /* As long as consistency of the TB stuff is provided by tb_lock in user |
1375 | * mode and is implicit in single-threaded softmmu emulation, no explicit | |
1376 | * memory barrier is required before tb_link_page() makes the TB visible | |
1377 | * through the physical hash table and physical page list. | |
1378 | */ | |
5b6dd868 BS |
1379 | tb_link_page(tb, phys_pc, phys_page2); |
1380 | return tb; | |
1381 | } | |
1382 | ||
1383 | /* | |
1384 | * Invalidate all TBs which intersect with the target physical address range | |
1385 | * [start;end[. NOTE: start and end may refer to *different* physical pages. | |
1386 | * 'is_cpu_write_access' should be true if called from a real cpu write | |
1387 | * access: the virtual CPU will exit the current TB if code is modified inside | |
1388 | * this TB. | |
75692087 | 1389 | * |
ba051fb5 AB |
1390 | * Called with mmap_lock held for user-mode emulation, grabs tb_lock |
1391 | * Called with tb_lock held for system-mode emulation | |
5b6dd868 | 1392 | */ |
ba051fb5 | 1393 | static void tb_invalidate_phys_range_1(tb_page_addr_t start, tb_page_addr_t end) |
5b6dd868 BS |
1394 | { |
1395 | while (start < end) { | |
35865339 | 1396 | tb_invalidate_phys_page_range(start, end, 0); |
5b6dd868 BS |
1397 | start &= TARGET_PAGE_MASK; |
1398 | start += TARGET_PAGE_SIZE; | |
1399 | } | |
1400 | } | |
1401 | ||
ba051fb5 AB |
1402 | #ifdef CONFIG_SOFTMMU |
1403 | void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end) | |
1404 | { | |
6ac3d7e8 | 1405 | assert_tb_locked(); |
ba051fb5 AB |
1406 | tb_invalidate_phys_range_1(start, end); |
1407 | } | |
1408 | #else | |
1409 | void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end) | |
1410 | { | |
1411 | assert_memory_lock(); | |
1412 | tb_lock(); | |
1413 | tb_invalidate_phys_range_1(start, end); | |
1414 | tb_unlock(); | |
1415 | } | |
1416 | #endif | |
5b6dd868 BS |
1417 | /* |
1418 | * Invalidate all TBs which intersect with the target physical address range | |
1419 | * [start;end[. NOTE: start and end must refer to the *same* physical page. | |
1420 | * 'is_cpu_write_access' should be true if called from a real cpu write | |
1421 | * access: the virtual CPU will exit the current TB if code is modified inside | |
1422 | * this TB. | |
75692087 | 1423 | * |
ba051fb5 AB |
1424 | * Called with tb_lock/mmap_lock held for user-mode emulation |
1425 | * Called with tb_lock held for system-mode emulation | |
5b6dd868 BS |
1426 | */ |
1427 | void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end, | |
1428 | int is_cpu_write_access) | |
1429 | { | |
3213525f | 1430 | TranslationBlock *tb, *tb_next; |
baea4fae | 1431 | #if defined(TARGET_HAS_PRECISE_SMC) |
3213525f | 1432 | CPUState *cpu = current_cpu; |
4917cf44 AF |
1433 | CPUArchState *env = NULL; |
1434 | #endif | |
5b6dd868 BS |
1435 | tb_page_addr_t tb_start, tb_end; |
1436 | PageDesc *p; | |
1437 | int n; | |
1438 | #ifdef TARGET_HAS_PRECISE_SMC | |
1439 | int current_tb_not_found = is_cpu_write_access; | |
1440 | TranslationBlock *current_tb = NULL; | |
1441 | int current_tb_modified = 0; | |
1442 | target_ulong current_pc = 0; | |
1443 | target_ulong current_cs_base = 0; | |
89fee74a | 1444 | uint32_t current_flags = 0; |
5b6dd868 BS |
1445 | #endif /* TARGET_HAS_PRECISE_SMC */ |
1446 | ||
e505a063 | 1447 | assert_memory_lock(); |
6ac3d7e8 | 1448 | assert_tb_locked(); |
e505a063 | 1449 | |
5b6dd868 BS |
1450 | p = page_find(start >> TARGET_PAGE_BITS); |
1451 | if (!p) { | |
1452 | return; | |
1453 | } | |
baea4fae | 1454 | #if defined(TARGET_HAS_PRECISE_SMC) |
4917cf44 AF |
1455 | if (cpu != NULL) { |
1456 | env = cpu->env_ptr; | |
d77953b9 | 1457 | } |
4917cf44 | 1458 | #endif |
5b6dd868 BS |
1459 | |
1460 | /* we remove all the TBs in the range [start, end[ */ | |
1461 | /* XXX: see if in some cases it could be faster to invalidate all | |
1462 | the code */ | |
1463 | tb = p->first_tb; | |
1464 | while (tb != NULL) { | |
1465 | n = (uintptr_t)tb & 3; | |
1466 | tb = (TranslationBlock *)((uintptr_t)tb & ~3); | |
1467 | tb_next = tb->page_next[n]; | |
1468 | /* NOTE: this is subtle as a TB may span two physical pages */ | |
1469 | if (n == 0) { | |
1470 | /* NOTE: tb_end may be after the end of the page, but | |
1471 | it is not a problem */ | |
1472 | tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK); | |
1473 | tb_end = tb_start + tb->size; | |
1474 | } else { | |
1475 | tb_start = tb->page_addr[1]; | |
1476 | tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK); | |
1477 | } | |
1478 | if (!(tb_end <= start || tb_start >= end)) { | |
1479 | #ifdef TARGET_HAS_PRECISE_SMC | |
1480 | if (current_tb_not_found) { | |
1481 | current_tb_not_found = 0; | |
1482 | current_tb = NULL; | |
93afeade | 1483 | if (cpu->mem_io_pc) { |
5b6dd868 | 1484 | /* now we have a real cpu fault */ |
93afeade | 1485 | current_tb = tb_find_pc(cpu->mem_io_pc); |
5b6dd868 BS |
1486 | } |
1487 | } | |
1488 | if (current_tb == tb && | |
1489 | (current_tb->cflags & CF_COUNT_MASK) != 1) { | |
1490 | /* If we are modifying the current TB, we must stop | |
1491 | its execution. We could be more precise by checking | |
1492 | that the modification is after the current PC, but it | |
1493 | would require a specialized function to partially | |
1494 | restore the CPU state */ | |
1495 | ||
1496 | current_tb_modified = 1; | |
74f10515 | 1497 | cpu_restore_state_from_tb(cpu, current_tb, cpu->mem_io_pc); |
5b6dd868 BS |
1498 | cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base, |
1499 | ¤t_flags); | |
1500 | } | |
1501 | #endif /* TARGET_HAS_PRECISE_SMC */ | |
5b6dd868 | 1502 | tb_phys_invalidate(tb, -1); |
5b6dd868 BS |
1503 | } |
1504 | tb = tb_next; | |
1505 | } | |
1506 | #if !defined(CONFIG_USER_ONLY) | |
1507 | /* if no code remaining, no need to continue to use slow writes */ | |
1508 | if (!p->first_tb) { | |
1509 | invalidate_page_bitmap(p); | |
fc377bcf | 1510 | tlb_unprotect_code(start); |
5b6dd868 BS |
1511 | } |
1512 | #endif | |
1513 | #ifdef TARGET_HAS_PRECISE_SMC | |
1514 | if (current_tb_modified) { | |
1515 | /* we generate a block containing just the instruction | |
1516 | modifying the memory. It will ensure that it cannot modify | |
1517 | itself */ | |
648f034c | 1518 | tb_gen_code(cpu, current_pc, current_cs_base, current_flags, 1); |
6886b980 | 1519 | cpu_loop_exit_noexc(cpu); |
5b6dd868 BS |
1520 | } |
1521 | #endif | |
1522 | } | |
1523 | ||
6fad459c | 1524 | #ifdef CONFIG_SOFTMMU |
ba051fb5 AB |
1525 | /* len must be <= 8 and start must be a multiple of len. |
1526 | * Called via softmmu_template.h when code areas are written to with | |
8d04fb55 | 1527 | * iothread mutex not held. |
ba051fb5 | 1528 | */ |
5b6dd868 BS |
1529 | void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len) |
1530 | { | |
1531 | PageDesc *p; | |
5b6dd868 BS |
1532 | |
1533 | #if 0 | |
1534 | if (1) { | |
1535 | qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n", | |
1536 | cpu_single_env->mem_io_vaddr, len, | |
1537 | cpu_single_env->eip, | |
1538 | cpu_single_env->eip + | |
1539 | (intptr_t)cpu_single_env->segs[R_CS].base); | |
1540 | } | |
1541 | #endif | |
ba051fb5 AB |
1542 | assert_memory_lock(); |
1543 | ||
5b6dd868 BS |
1544 | p = page_find(start >> TARGET_PAGE_BITS); |
1545 | if (!p) { | |
1546 | return; | |
1547 | } | |
fc377bcf PB |
1548 | if (!p->code_bitmap && |
1549 | ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD) { | |
7d7500d9 PB |
1550 | /* build code bitmap. FIXME: writes should be protected by |
1551 | * tb_lock, reads by tb_lock or RCU. | |
1552 | */ | |
fc377bcf PB |
1553 | build_page_bitmap(p); |
1554 | } | |
5b6dd868 | 1555 | if (p->code_bitmap) { |
510a647f EC |
1556 | unsigned int nr; |
1557 | unsigned long b; | |
1558 | ||
1559 | nr = start & ~TARGET_PAGE_MASK; | |
1560 | b = p->code_bitmap[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG - 1)); | |
5b6dd868 BS |
1561 | if (b & ((1 << len) - 1)) { |
1562 | goto do_invalidate; | |
1563 | } | |
1564 | } else { | |
1565 | do_invalidate: | |
1566 | tb_invalidate_phys_page_range(start, start + len, 1); | |
1567 | } | |
1568 | } | |
6fad459c | 1569 | #else |
75809229 PM |
1570 | /* Called with mmap_lock held. If pc is not 0 then it indicates the |
1571 | * host PC of the faulting store instruction that caused this invalidate. | |
1572 | * Returns true if the caller needs to abort execution of the current | |
1573 | * TB (because it was modified by this store and the guest CPU has | |
1574 | * precise-SMC semantics). | |
1575 | */ | |
1576 | static bool tb_invalidate_phys_page(tb_page_addr_t addr, uintptr_t pc) | |
5b6dd868 BS |
1577 | { |
1578 | TranslationBlock *tb; | |
1579 | PageDesc *p; | |
1580 | int n; | |
1581 | #ifdef TARGET_HAS_PRECISE_SMC | |
1582 | TranslationBlock *current_tb = NULL; | |
4917cf44 AF |
1583 | CPUState *cpu = current_cpu; |
1584 | CPUArchState *env = NULL; | |
5b6dd868 BS |
1585 | int current_tb_modified = 0; |
1586 | target_ulong current_pc = 0; | |
1587 | target_ulong current_cs_base = 0; | |
89fee74a | 1588 | uint32_t current_flags = 0; |
5b6dd868 BS |
1589 | #endif |
1590 | ||
ba051fb5 AB |
1591 | assert_memory_lock(); |
1592 | ||
5b6dd868 BS |
1593 | addr &= TARGET_PAGE_MASK; |
1594 | p = page_find(addr >> TARGET_PAGE_BITS); | |
1595 | if (!p) { | |
75809229 | 1596 | return false; |
5b6dd868 | 1597 | } |
a5e99826 FK |
1598 | |
1599 | tb_lock(); | |
5b6dd868 BS |
1600 | tb = p->first_tb; |
1601 | #ifdef TARGET_HAS_PRECISE_SMC | |
1602 | if (tb && pc != 0) { | |
1603 | current_tb = tb_find_pc(pc); | |
1604 | } | |
4917cf44 AF |
1605 | if (cpu != NULL) { |
1606 | env = cpu->env_ptr; | |
d77953b9 | 1607 | } |
5b6dd868 BS |
1608 | #endif |
1609 | while (tb != NULL) { | |
1610 | n = (uintptr_t)tb & 3; | |
1611 | tb = (TranslationBlock *)((uintptr_t)tb & ~3); | |
1612 | #ifdef TARGET_HAS_PRECISE_SMC | |
1613 | if (current_tb == tb && | |
1614 | (current_tb->cflags & CF_COUNT_MASK) != 1) { | |
1615 | /* If we are modifying the current TB, we must stop | |
1616 | its execution. We could be more precise by checking | |
1617 | that the modification is after the current PC, but it | |
1618 | would require a specialized function to partially | |
1619 | restore the CPU state */ | |
1620 | ||
1621 | current_tb_modified = 1; | |
74f10515 | 1622 | cpu_restore_state_from_tb(cpu, current_tb, pc); |
5b6dd868 BS |
1623 | cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base, |
1624 | ¤t_flags); | |
1625 | } | |
1626 | #endif /* TARGET_HAS_PRECISE_SMC */ | |
1627 | tb_phys_invalidate(tb, addr); | |
1628 | tb = tb->page_next[n]; | |
1629 | } | |
1630 | p->first_tb = NULL; | |
1631 | #ifdef TARGET_HAS_PRECISE_SMC | |
1632 | if (current_tb_modified) { | |
1633 | /* we generate a block containing just the instruction | |
1634 | modifying the memory. It will ensure that it cannot modify | |
1635 | itself */ | |
648f034c | 1636 | tb_gen_code(cpu, current_pc, current_cs_base, current_flags, 1); |
a5e99826 FK |
1637 | /* tb_lock will be reset after cpu_loop_exit_noexc longjmps |
1638 | * back into the cpu_exec loop. */ | |
75809229 | 1639 | return true; |
5b6dd868 BS |
1640 | } |
1641 | #endif | |
a5e99826 FK |
1642 | tb_unlock(); |
1643 | ||
75809229 | 1644 | return false; |
5b6dd868 BS |
1645 | } |
1646 | #endif | |
1647 | ||
5b6dd868 BS |
1648 | /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr < |
1649 | tb[1].tc_ptr. Return NULL if not found */ | |
a8a826a3 | 1650 | static TranslationBlock *tb_find_pc(uintptr_t tc_ptr) |
5b6dd868 BS |
1651 | { |
1652 | int m_min, m_max, m; | |
1653 | uintptr_t v; | |
1654 | TranslationBlock *tb; | |
1655 | ||
5e5f07e0 | 1656 | if (tcg_ctx.tb_ctx.nb_tbs <= 0) { |
5b6dd868 BS |
1657 | return NULL; |
1658 | } | |
0b0d3320 EV |
1659 | if (tc_ptr < (uintptr_t)tcg_ctx.code_gen_buffer || |
1660 | tc_ptr >= (uintptr_t)tcg_ctx.code_gen_ptr) { | |
5b6dd868 BS |
1661 | return NULL; |
1662 | } | |
1663 | /* binary search (cf Knuth) */ | |
1664 | m_min = 0; | |
5e5f07e0 | 1665 | m_max = tcg_ctx.tb_ctx.nb_tbs - 1; |
5b6dd868 BS |
1666 | while (m_min <= m_max) { |
1667 | m = (m_min + m_max) >> 1; | |
5e5f07e0 | 1668 | tb = &tcg_ctx.tb_ctx.tbs[m]; |
5b6dd868 BS |
1669 | v = (uintptr_t)tb->tc_ptr; |
1670 | if (v == tc_ptr) { | |
1671 | return tb; | |
1672 | } else if (tc_ptr < v) { | |
1673 | m_max = m - 1; | |
1674 | } else { | |
1675 | m_min = m + 1; | |
1676 | } | |
1677 | } | |
5e5f07e0 | 1678 | return &tcg_ctx.tb_ctx.tbs[m_max]; |
5b6dd868 BS |
1679 | } |
1680 | ||
ec53b45b | 1681 | #if !defined(CONFIG_USER_ONLY) |
29d8ec7b | 1682 | void tb_invalidate_phys_addr(AddressSpace *as, hwaddr addr) |
5b6dd868 BS |
1683 | { |
1684 | ram_addr_t ram_addr; | |
5c8a00ce | 1685 | MemoryRegion *mr; |
149f54b5 | 1686 | hwaddr l = 1; |
5b6dd868 | 1687 | |
41063e1e | 1688 | rcu_read_lock(); |
29d8ec7b | 1689 | mr = address_space_translate(as, addr, &addr, &l, false); |
5c8a00ce PB |
1690 | if (!(memory_region_is_ram(mr) |
1691 | || memory_region_is_romd(mr))) { | |
41063e1e | 1692 | rcu_read_unlock(); |
5b6dd868 BS |
1693 | return; |
1694 | } | |
e4e69794 | 1695 | ram_addr = memory_region_get_ram_addr(mr) + addr; |
ba051fb5 | 1696 | tb_lock(); |
5b6dd868 | 1697 | tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0); |
ba051fb5 | 1698 | tb_unlock(); |
41063e1e | 1699 | rcu_read_unlock(); |
5b6dd868 | 1700 | } |
ec53b45b | 1701 | #endif /* !defined(CONFIG_USER_ONLY) */ |
5b6dd868 | 1702 | |
7d7500d9 | 1703 | /* Called with tb_lock held. */ |
239c51a5 | 1704 | void tb_check_watchpoint(CPUState *cpu) |
5b6dd868 BS |
1705 | { |
1706 | TranslationBlock *tb; | |
1707 | ||
93afeade | 1708 | tb = tb_find_pc(cpu->mem_io_pc); |
8d302e76 AJ |
1709 | if (tb) { |
1710 | /* We can use retranslation to find the PC. */ | |
1711 | cpu_restore_state_from_tb(cpu, tb, cpu->mem_io_pc); | |
1712 | tb_phys_invalidate(tb, -1); | |
1713 | } else { | |
1714 | /* The exception probably happened in a helper. The CPU state should | |
1715 | have been saved before calling it. Fetch the PC from there. */ | |
1716 | CPUArchState *env = cpu->env_ptr; | |
1717 | target_ulong pc, cs_base; | |
1718 | tb_page_addr_t addr; | |
89fee74a | 1719 | uint32_t flags; |
8d302e76 AJ |
1720 | |
1721 | cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags); | |
1722 | addr = get_page_addr_code(env, pc); | |
1723 | tb_invalidate_phys_range(addr, addr + 1); | |
5b6dd868 | 1724 | } |
5b6dd868 BS |
1725 | } |
1726 | ||
1727 | #ifndef CONFIG_USER_ONLY | |
5b6dd868 | 1728 | /* in deterministic execution mode, instructions doing device I/Os |
8d04fb55 JK |
1729 | * must be at the end of the TB. |
1730 | * | |
1731 | * Called by softmmu_template.h, with iothread mutex not held. | |
1732 | */ | |
90b40a69 | 1733 | void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr) |
5b6dd868 | 1734 | { |
a47dddd7 | 1735 | #if defined(TARGET_MIPS) || defined(TARGET_SH4) |
90b40a69 | 1736 | CPUArchState *env = cpu->env_ptr; |
a47dddd7 | 1737 | #endif |
5b6dd868 BS |
1738 | TranslationBlock *tb; |
1739 | uint32_t n, cflags; | |
1740 | target_ulong pc, cs_base; | |
89fee74a | 1741 | uint32_t flags; |
5b6dd868 | 1742 | |
a5e99826 | 1743 | tb_lock(); |
5b6dd868 BS |
1744 | tb = tb_find_pc(retaddr); |
1745 | if (!tb) { | |
a47dddd7 | 1746 | cpu_abort(cpu, "cpu_io_recompile: could not find TB for pc=%p", |
5b6dd868 BS |
1747 | (void *)retaddr); |
1748 | } | |
28ecfd7a | 1749 | n = cpu->icount_decr.u16.low + tb->icount; |
74f10515 | 1750 | cpu_restore_state_from_tb(cpu, tb, retaddr); |
5b6dd868 BS |
1751 | /* Calculate how many instructions had been executed before the fault |
1752 | occurred. */ | |
28ecfd7a | 1753 | n = n - cpu->icount_decr.u16.low; |
5b6dd868 BS |
1754 | /* Generate a new TB ending on the I/O insn. */ |
1755 | n++; | |
1756 | /* On MIPS and SH, delay slot instructions can only be restarted if | |
1757 | they were already the first instruction in the TB. If this is not | |
1758 | the first instruction in a TB then re-execute the preceding | |
1759 | branch. */ | |
1760 | #if defined(TARGET_MIPS) | |
1761 | if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) { | |
c3577479 | 1762 | env->active_tc.PC -= (env->hflags & MIPS_HFLAG_B16 ? 2 : 4); |
28ecfd7a | 1763 | cpu->icount_decr.u16.low++; |
5b6dd868 BS |
1764 | env->hflags &= ~MIPS_HFLAG_BMASK; |
1765 | } | |
1766 | #elif defined(TARGET_SH4) | |
1767 | if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0 | |
1768 | && n > 1) { | |
1769 | env->pc -= 2; | |
28ecfd7a | 1770 | cpu->icount_decr.u16.low++; |
5b6dd868 BS |
1771 | env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL); |
1772 | } | |
1773 | #endif | |
1774 | /* This should never happen. */ | |
1775 | if (n > CF_COUNT_MASK) { | |
a47dddd7 | 1776 | cpu_abort(cpu, "TB too big during recompile"); |
5b6dd868 BS |
1777 | } |
1778 | ||
1779 | cflags = n | CF_LAST_IO; | |
1780 | pc = tb->pc; | |
1781 | cs_base = tb->cs_base; | |
1782 | flags = tb->flags; | |
1783 | tb_phys_invalidate(tb, -1); | |
02d57ea1 SF |
1784 | if (tb->cflags & CF_NOCACHE) { |
1785 | if (tb->orig_tb) { | |
1786 | /* Invalidate original TB if this TB was generated in | |
1787 | * cpu_exec_nocache() */ | |
1788 | tb_phys_invalidate(tb->orig_tb, -1); | |
1789 | } | |
1790 | tb_free(tb); | |
1791 | } | |
5b6dd868 BS |
1792 | /* FIXME: In theory this could raise an exception. In practice |
1793 | we have already translated the block once so it's probably ok. */ | |
648f034c | 1794 | tb_gen_code(cpu, pc, cs_base, flags, cflags); |
a5e99826 | 1795 | |
5b6dd868 | 1796 | /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not |
a5e99826 FK |
1797 | * the first in the TB) then we end up generating a whole new TB and |
1798 | * repeating the fault, which is horribly inefficient. | |
1799 | * Better would be to execute just this insn uncached, or generate a | |
1800 | * second new TB. | |
1801 | * | |
1802 | * cpu_loop_exit_noexc will longjmp back to cpu_exec where the | |
1803 | * tb_lock gets reset. | |
1804 | */ | |
6886b980 | 1805 | cpu_loop_exit_noexc(cpu); |
5b6dd868 BS |
1806 | } |
1807 | ||
611d4f99 | 1808 | void tb_flush_jmp_cache(CPUState *cpu, target_ulong addr) |
5b6dd868 BS |
1809 | { |
1810 | unsigned int i; | |
1811 | ||
1812 | /* Discard jump cache entries for any tb which might potentially | |
1813 | overlap the flushed page. */ | |
1814 | i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE); | |
8cd70437 | 1815 | memset(&cpu->tb_jmp_cache[i], 0, |
5b6dd868 BS |
1816 | TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *)); |
1817 | ||
1818 | i = tb_jmp_cache_hash_page(addr); | |
8cd70437 | 1819 | memset(&cpu->tb_jmp_cache[i], 0, |
5b6dd868 BS |
1820 | TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *)); |
1821 | } | |
1822 | ||
7266ae91 EC |
1823 | static void print_qht_statistics(FILE *f, fprintf_function cpu_fprintf, |
1824 | struct qht_stats hst) | |
1825 | { | |
1826 | uint32_t hgram_opts; | |
1827 | size_t hgram_bins; | |
1828 | char *hgram; | |
1829 | ||
1830 | if (!hst.head_buckets) { | |
1831 | return; | |
1832 | } | |
1833 | cpu_fprintf(f, "TB hash buckets %zu/%zu (%0.2f%% head buckets used)\n", | |
1834 | hst.used_head_buckets, hst.head_buckets, | |
1835 | (double)hst.used_head_buckets / hst.head_buckets * 100); | |
1836 | ||
1837 | hgram_opts = QDIST_PR_BORDER | QDIST_PR_LABELS; | |
1838 | hgram_opts |= QDIST_PR_100X | QDIST_PR_PERCENT; | |
1839 | if (qdist_xmax(&hst.occupancy) - qdist_xmin(&hst.occupancy) == 1) { | |
1840 | hgram_opts |= QDIST_PR_NODECIMAL; | |
1841 | } | |
1842 | hgram = qdist_pr(&hst.occupancy, 10, hgram_opts); | |
1843 | cpu_fprintf(f, "TB hash occupancy %0.2f%% avg chain occ. Histogram: %s\n", | |
1844 | qdist_avg(&hst.occupancy) * 100, hgram); | |
1845 | g_free(hgram); | |
1846 | ||
1847 | hgram_opts = QDIST_PR_BORDER | QDIST_PR_LABELS; | |
1848 | hgram_bins = qdist_xmax(&hst.chain) - qdist_xmin(&hst.chain); | |
1849 | if (hgram_bins > 10) { | |
1850 | hgram_bins = 10; | |
1851 | } else { | |
1852 | hgram_bins = 0; | |
1853 | hgram_opts |= QDIST_PR_NODECIMAL | QDIST_PR_NOBINRANGE; | |
1854 | } | |
1855 | hgram = qdist_pr(&hst.chain, hgram_bins, hgram_opts); | |
1856 | cpu_fprintf(f, "TB hash avg chain %0.3f buckets. Histogram: %s\n", | |
1857 | qdist_avg(&hst.chain), hgram); | |
1858 | g_free(hgram); | |
1859 | } | |
1860 | ||
5b6dd868 BS |
1861 | void dump_exec_info(FILE *f, fprintf_function cpu_fprintf) |
1862 | { | |
1863 | int i, target_code_size, max_target_code_size; | |
1864 | int direct_jmp_count, direct_jmp2_count, cross_page; | |
1865 | TranslationBlock *tb; | |
329844d4 | 1866 | struct qht_stats hst; |
5b6dd868 | 1867 | |
a5e99826 FK |
1868 | tb_lock(); |
1869 | ||
5b6dd868 BS |
1870 | target_code_size = 0; |
1871 | max_target_code_size = 0; | |
1872 | cross_page = 0; | |
1873 | direct_jmp_count = 0; | |
1874 | direct_jmp2_count = 0; | |
5e5f07e0 EV |
1875 | for (i = 0; i < tcg_ctx.tb_ctx.nb_tbs; i++) { |
1876 | tb = &tcg_ctx.tb_ctx.tbs[i]; | |
5b6dd868 BS |
1877 | target_code_size += tb->size; |
1878 | if (tb->size > max_target_code_size) { | |
1879 | max_target_code_size = tb->size; | |
1880 | } | |
1881 | if (tb->page_addr[1] != -1) { | |
1882 | cross_page++; | |
1883 | } | |
f309101c | 1884 | if (tb->jmp_reset_offset[0] != TB_JMP_RESET_OFFSET_INVALID) { |
5b6dd868 | 1885 | direct_jmp_count++; |
f309101c | 1886 | if (tb->jmp_reset_offset[1] != TB_JMP_RESET_OFFSET_INVALID) { |
5b6dd868 BS |
1887 | direct_jmp2_count++; |
1888 | } | |
1889 | } | |
1890 | } | |
1891 | /* XXX: avoid using doubles ? */ | |
1892 | cpu_fprintf(f, "Translation buffer state:\n"); | |
1893 | cpu_fprintf(f, "gen code size %td/%zd\n", | |
0b0d3320 | 1894 | tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer, |
b125f9dc | 1895 | tcg_ctx.code_gen_highwater - tcg_ctx.code_gen_buffer); |
5b6dd868 | 1896 | cpu_fprintf(f, "TB count %d/%d\n", |
5e5f07e0 | 1897 | tcg_ctx.tb_ctx.nb_tbs, tcg_ctx.code_gen_max_blocks); |
5b6dd868 | 1898 | cpu_fprintf(f, "TB avg target size %d max=%d bytes\n", |
5e5f07e0 EV |
1899 | tcg_ctx.tb_ctx.nb_tbs ? target_code_size / |
1900 | tcg_ctx.tb_ctx.nb_tbs : 0, | |
1901 | max_target_code_size); | |
5b6dd868 | 1902 | cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n", |
5e5f07e0 EV |
1903 | tcg_ctx.tb_ctx.nb_tbs ? (tcg_ctx.code_gen_ptr - |
1904 | tcg_ctx.code_gen_buffer) / | |
1905 | tcg_ctx.tb_ctx.nb_tbs : 0, | |
1906 | target_code_size ? (double) (tcg_ctx.code_gen_ptr - | |
1907 | tcg_ctx.code_gen_buffer) / | |
1908 | target_code_size : 0); | |
1909 | cpu_fprintf(f, "cross page TB count %d (%d%%)\n", cross_page, | |
1910 | tcg_ctx.tb_ctx.nb_tbs ? (cross_page * 100) / | |
1911 | tcg_ctx.tb_ctx.nb_tbs : 0); | |
5b6dd868 BS |
1912 | cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n", |
1913 | direct_jmp_count, | |
5e5f07e0 EV |
1914 | tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp_count * 100) / |
1915 | tcg_ctx.tb_ctx.nb_tbs : 0, | |
5b6dd868 | 1916 | direct_jmp2_count, |
5e5f07e0 EV |
1917 | tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp2_count * 100) / |
1918 | tcg_ctx.tb_ctx.nb_tbs : 0); | |
329844d4 EC |
1919 | |
1920 | qht_statistics_init(&tcg_ctx.tb_ctx.htable, &hst); | |
7266ae91 | 1921 | print_qht_statistics(f, cpu_fprintf, hst); |
329844d4 EC |
1922 | qht_statistics_destroy(&hst); |
1923 | ||
5b6dd868 | 1924 | cpu_fprintf(f, "\nStatistics:\n"); |
3359baad SF |
1925 | cpu_fprintf(f, "TB flush count %u\n", |
1926 | atomic_read(&tcg_ctx.tb_ctx.tb_flush_count)); | |
5e5f07e0 EV |
1927 | cpu_fprintf(f, "TB invalidate count %d\n", |
1928 | tcg_ctx.tb_ctx.tb_phys_invalidate_count); | |
5b6dd868 BS |
1929 | cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count); |
1930 | tcg_dump_info(f, cpu_fprintf); | |
a5e99826 FK |
1931 | |
1932 | tb_unlock(); | |
5b6dd868 BS |
1933 | } |
1934 | ||
246ae24d MF |
1935 | void dump_opcount_info(FILE *f, fprintf_function cpu_fprintf) |
1936 | { | |
1937 | tcg_dump_op_count(f, cpu_fprintf); | |
1938 | } | |
1939 | ||
5b6dd868 BS |
1940 | #else /* CONFIG_USER_ONLY */ |
1941 | ||
c3affe56 | 1942 | void cpu_interrupt(CPUState *cpu, int mask) |
5b6dd868 | 1943 | { |
8d04fb55 | 1944 | g_assert(qemu_mutex_iothread_locked()); |
259186a7 | 1945 | cpu->interrupt_request |= mask; |
1aab16c2 | 1946 | cpu->icount_decr.u16.high = -1; |
5b6dd868 BS |
1947 | } |
1948 | ||
1949 | /* | |
1950 | * Walks guest process memory "regions" one by one | |
1951 | * and calls callback function 'fn' for each region. | |
1952 | */ | |
1953 | struct walk_memory_regions_data { | |
1954 | walk_memory_regions_fn fn; | |
1955 | void *priv; | |
1a1c4db9 | 1956 | target_ulong start; |
5b6dd868 BS |
1957 | int prot; |
1958 | }; | |
1959 | ||
1960 | static int walk_memory_regions_end(struct walk_memory_regions_data *data, | |
1a1c4db9 | 1961 | target_ulong end, int new_prot) |
5b6dd868 | 1962 | { |
1a1c4db9 | 1963 | if (data->start != -1u) { |
5b6dd868 BS |
1964 | int rc = data->fn(data->priv, data->start, end, data->prot); |
1965 | if (rc != 0) { | |
1966 | return rc; | |
1967 | } | |
1968 | } | |
1969 | ||
1a1c4db9 | 1970 | data->start = (new_prot ? end : -1u); |
5b6dd868 BS |
1971 | data->prot = new_prot; |
1972 | ||
1973 | return 0; | |
1974 | } | |
1975 | ||
1976 | static int walk_memory_regions_1(struct walk_memory_regions_data *data, | |
1a1c4db9 | 1977 | target_ulong base, int level, void **lp) |
5b6dd868 | 1978 | { |
1a1c4db9 | 1979 | target_ulong pa; |
5b6dd868 BS |
1980 | int i, rc; |
1981 | ||
1982 | if (*lp == NULL) { | |
1983 | return walk_memory_regions_end(data, base, 0); | |
1984 | } | |
1985 | ||
1986 | if (level == 0) { | |
1987 | PageDesc *pd = *lp; | |
1988 | ||
03f49957 | 1989 | for (i = 0; i < V_L2_SIZE; ++i) { |
5b6dd868 BS |
1990 | int prot = pd[i].flags; |
1991 | ||
1992 | pa = base | (i << TARGET_PAGE_BITS); | |
1993 | if (prot != data->prot) { | |
1994 | rc = walk_memory_regions_end(data, pa, prot); | |
1995 | if (rc != 0) { | |
1996 | return rc; | |
1997 | } | |
1998 | } | |
1999 | } | |
2000 | } else { | |
2001 | void **pp = *lp; | |
2002 | ||
03f49957 | 2003 | for (i = 0; i < V_L2_SIZE; ++i) { |
1a1c4db9 | 2004 | pa = base | ((target_ulong)i << |
03f49957 | 2005 | (TARGET_PAGE_BITS + V_L2_BITS * level)); |
5b6dd868 BS |
2006 | rc = walk_memory_regions_1(data, pa, level - 1, pp + i); |
2007 | if (rc != 0) { | |
2008 | return rc; | |
2009 | } | |
2010 | } | |
2011 | } | |
2012 | ||
2013 | return 0; | |
2014 | } | |
2015 | ||
2016 | int walk_memory_regions(void *priv, walk_memory_regions_fn fn) | |
2017 | { | |
2018 | struct walk_memory_regions_data data; | |
66ec9f49 | 2019 | uintptr_t i, l1_sz = v_l1_size; |
5b6dd868 BS |
2020 | |
2021 | data.fn = fn; | |
2022 | data.priv = priv; | |
1a1c4db9 | 2023 | data.start = -1u; |
5b6dd868 BS |
2024 | data.prot = 0; |
2025 | ||
66ec9f49 VK |
2026 | for (i = 0; i < l1_sz; i++) { |
2027 | target_ulong base = i << (v_l1_shift + TARGET_PAGE_BITS); | |
2028 | int rc = walk_memory_regions_1(&data, base, v_l2_levels, l1_map + i); | |
5b6dd868 BS |
2029 | if (rc != 0) { |
2030 | return rc; | |
2031 | } | |
2032 | } | |
2033 | ||
2034 | return walk_memory_regions_end(&data, 0, 0); | |
2035 | } | |
2036 | ||
1a1c4db9 MI |
2037 | static int dump_region(void *priv, target_ulong start, |
2038 | target_ulong end, unsigned long prot) | |
5b6dd868 BS |
2039 | { |
2040 | FILE *f = (FILE *)priv; | |
2041 | ||
1a1c4db9 MI |
2042 | (void) fprintf(f, TARGET_FMT_lx"-"TARGET_FMT_lx |
2043 | " "TARGET_FMT_lx" %c%c%c\n", | |
5b6dd868 BS |
2044 | start, end, end - start, |
2045 | ((prot & PAGE_READ) ? 'r' : '-'), | |
2046 | ((prot & PAGE_WRITE) ? 'w' : '-'), | |
2047 | ((prot & PAGE_EXEC) ? 'x' : '-')); | |
2048 | ||
2049 | return 0; | |
2050 | } | |
2051 | ||
2052 | /* dump memory mappings */ | |
2053 | void page_dump(FILE *f) | |
2054 | { | |
1a1c4db9 | 2055 | const int length = sizeof(target_ulong) * 2; |
227b8175 SW |
2056 | (void) fprintf(f, "%-*s %-*s %-*s %s\n", |
2057 | length, "start", length, "end", length, "size", "prot"); | |
5b6dd868 BS |
2058 | walk_memory_regions(f, dump_region); |
2059 | } | |
2060 | ||
2061 | int page_get_flags(target_ulong address) | |
2062 | { | |
2063 | PageDesc *p; | |
2064 | ||
2065 | p = page_find(address >> TARGET_PAGE_BITS); | |
2066 | if (!p) { | |
2067 | return 0; | |
2068 | } | |
2069 | return p->flags; | |
2070 | } | |
2071 | ||
2072 | /* Modify the flags of a page and invalidate the code if necessary. | |
2073 | The flag PAGE_WRITE_ORG is positioned automatically depending | |
2074 | on PAGE_WRITE. The mmap_lock should already be held. */ | |
2075 | void page_set_flags(target_ulong start, target_ulong end, int flags) | |
2076 | { | |
2077 | target_ulong addr, len; | |
2078 | ||
2079 | /* This function should never be called with addresses outside the | |
2080 | guest address space. If this assert fires, it probably indicates | |
2081 | a missing call to h2g_valid. */ | |
2082 | #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS | |
1a1c4db9 | 2083 | assert(end < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)); |
5b6dd868 BS |
2084 | #endif |
2085 | assert(start < end); | |
e505a063 | 2086 | assert_memory_lock(); |
5b6dd868 BS |
2087 | |
2088 | start = start & TARGET_PAGE_MASK; | |
2089 | end = TARGET_PAGE_ALIGN(end); | |
2090 | ||
2091 | if (flags & PAGE_WRITE) { | |
2092 | flags |= PAGE_WRITE_ORG; | |
2093 | } | |
2094 | ||
2095 | for (addr = start, len = end - start; | |
2096 | len != 0; | |
2097 | len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) { | |
2098 | PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1); | |
2099 | ||
2100 | /* If the write protection bit is set, then we invalidate | |
2101 | the code inside. */ | |
2102 | if (!(p->flags & PAGE_WRITE) && | |
2103 | (flags & PAGE_WRITE) && | |
2104 | p->first_tb) { | |
75809229 | 2105 | tb_invalidate_phys_page(addr, 0); |
5b6dd868 BS |
2106 | } |
2107 | p->flags = flags; | |
2108 | } | |
2109 | } | |
2110 | ||
2111 | int page_check_range(target_ulong start, target_ulong len, int flags) | |
2112 | { | |
2113 | PageDesc *p; | |
2114 | target_ulong end; | |
2115 | target_ulong addr; | |
2116 | ||
2117 | /* This function should never be called with addresses outside the | |
2118 | guest address space. If this assert fires, it probably indicates | |
2119 | a missing call to h2g_valid. */ | |
2120 | #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS | |
1a1c4db9 | 2121 | assert(start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)); |
5b6dd868 BS |
2122 | #endif |
2123 | ||
2124 | if (len == 0) { | |
2125 | return 0; | |
2126 | } | |
2127 | if (start + len - 1 < start) { | |
2128 | /* We've wrapped around. */ | |
2129 | return -1; | |
2130 | } | |
2131 | ||
2132 | /* must do before we loose bits in the next step */ | |
2133 | end = TARGET_PAGE_ALIGN(start + len); | |
2134 | start = start & TARGET_PAGE_MASK; | |
2135 | ||
2136 | for (addr = start, len = end - start; | |
2137 | len != 0; | |
2138 | len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) { | |
2139 | p = page_find(addr >> TARGET_PAGE_BITS); | |
2140 | if (!p) { | |
2141 | return -1; | |
2142 | } | |
2143 | if (!(p->flags & PAGE_VALID)) { | |
2144 | return -1; | |
2145 | } | |
2146 | ||
2147 | if ((flags & PAGE_READ) && !(p->flags & PAGE_READ)) { | |
2148 | return -1; | |
2149 | } | |
2150 | if (flags & PAGE_WRITE) { | |
2151 | if (!(p->flags & PAGE_WRITE_ORG)) { | |
2152 | return -1; | |
2153 | } | |
2154 | /* unprotect the page if it was put read-only because it | |
2155 | contains translated code */ | |
2156 | if (!(p->flags & PAGE_WRITE)) { | |
f213e72f | 2157 | if (!page_unprotect(addr, 0)) { |
5b6dd868 BS |
2158 | return -1; |
2159 | } | |
2160 | } | |
5b6dd868 BS |
2161 | } |
2162 | } | |
2163 | return 0; | |
2164 | } | |
2165 | ||
2166 | /* called from signal handler: invalidate the code and unprotect the | |
f213e72f PM |
2167 | * page. Return 0 if the fault was not handled, 1 if it was handled, |
2168 | * and 2 if it was handled but the caller must cause the TB to be | |
2169 | * immediately exited. (We can only return 2 if the 'pc' argument is | |
2170 | * non-zero.) | |
2171 | */ | |
2172 | int page_unprotect(target_ulong address, uintptr_t pc) | |
5b6dd868 BS |
2173 | { |
2174 | unsigned int prot; | |
7399a337 | 2175 | bool current_tb_invalidated; |
5b6dd868 BS |
2176 | PageDesc *p; |
2177 | target_ulong host_start, host_end, addr; | |
2178 | ||
2179 | /* Technically this isn't safe inside a signal handler. However we | |
2180 | know this only ever happens in a synchronous SEGV handler, so in | |
2181 | practice it seems to be ok. */ | |
2182 | mmap_lock(); | |
2183 | ||
2184 | p = page_find(address >> TARGET_PAGE_BITS); | |
2185 | if (!p) { | |
2186 | mmap_unlock(); | |
2187 | return 0; | |
2188 | } | |
2189 | ||
2190 | /* if the page was really writable, then we change its | |
2191 | protection back to writable */ | |
2192 | if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) { | |
2193 | host_start = address & qemu_host_page_mask; | |
2194 | host_end = host_start + qemu_host_page_size; | |
2195 | ||
2196 | prot = 0; | |
7399a337 | 2197 | current_tb_invalidated = false; |
5b6dd868 BS |
2198 | for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) { |
2199 | p = page_find(addr >> TARGET_PAGE_BITS); | |
2200 | p->flags |= PAGE_WRITE; | |
2201 | prot |= p->flags; | |
2202 | ||
2203 | /* and since the content will be modified, we must invalidate | |
2204 | the corresponding translated code. */ | |
7399a337 | 2205 | current_tb_invalidated |= tb_invalidate_phys_page(addr, pc); |
5b6dd868 BS |
2206 | #ifdef DEBUG_TB_CHECK |
2207 | tb_invalidate_check(addr); | |
2208 | #endif | |
2209 | } | |
2210 | mprotect((void *)g2h(host_start), qemu_host_page_size, | |
2211 | prot & PAGE_BITS); | |
2212 | ||
2213 | mmap_unlock(); | |
7399a337 SS |
2214 | /* If current TB was invalidated return to main loop */ |
2215 | return current_tb_invalidated ? 2 : 1; | |
5b6dd868 BS |
2216 | } |
2217 | mmap_unlock(); | |
2218 | return 0; | |
2219 | } | |
2220 | #endif /* CONFIG_USER_ONLY */ |