]>
Commit | Line | Data |
---|---|---|
d19893da FB |
1 | /* |
2 | * Host code generation | |
5fafdf24 | 3 | * |
d19893da FB |
4 | * Copyright (c) 2003 Fabrice Bellard |
5 | * | |
6 | * This library is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU Lesser General Public | |
8 | * License as published by the Free Software Foundation; either | |
9 | * version 2 of the License, or (at your option) any later version. | |
10 | * | |
11 | * This library is distributed in the hope that it will be useful, | |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
14 | * Lesser General Public License for more details. | |
15 | * | |
16 | * You should have received a copy of the GNU Lesser General Public | |
8167ee88 | 17 | * License along with this library; if not, see <http://www.gnu.org/licenses/>. |
d19893da | 18 | */ |
5b6dd868 BS |
19 | #ifdef _WIN32 |
20 | #include <windows.h> | |
5b6dd868 | 21 | #endif |
7b31bbc2 | 22 | #include "qemu/osdep.h" |
d19893da | 23 | |
2054396a | 24 | |
5b6dd868 | 25 | #include "qemu-common.h" |
af5ad107 | 26 | #define NO_CPU_IO_DEFS |
d3eead2e | 27 | #include "cpu.h" |
0ab8ed18 | 28 | #include "trace-root.h" |
76cad711 | 29 | #include "disas/disas.h" |
63c91552 | 30 | #include "exec/exec-all.h" |
57fec1fe | 31 | #include "tcg.h" |
5b6dd868 BS |
32 | #if defined(CONFIG_USER_ONLY) |
33 | #include "qemu.h" | |
301e40ed | 34 | #include "exec/exec-all.h" |
5b6dd868 BS |
35 | #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) |
36 | #include <sys/param.h> | |
37 | #if __FreeBSD_version >= 700104 | |
38 | #define HAVE_KINFO_GETVMMAP | |
39 | #define sigqueue sigqueue_freebsd /* avoid redefinition */ | |
5b6dd868 BS |
40 | #include <sys/proc.h> |
41 | #include <machine/profile.h> | |
42 | #define _KERNEL | |
43 | #include <sys/user.h> | |
44 | #undef _KERNEL | |
45 | #undef sigqueue | |
46 | #include <libutil.h> | |
47 | #endif | |
48 | #endif | |
0bc3cd62 PB |
49 | #else |
50 | #include "exec/address-spaces.h" | |
5b6dd868 BS |
51 | #endif |
52 | ||
022c62cb | 53 | #include "exec/cputlb.h" |
e1b89321 | 54 | #include "exec/tb-hash.h" |
5b6dd868 | 55 | #include "translate-all.h" |
510a647f | 56 | #include "qemu/bitmap.h" |
0aa09897 | 57 | #include "qemu/timer.h" |
8d04fb55 | 58 | #include "qemu/main-loop.h" |
508127e2 | 59 | #include "exec/log.h" |
d2528bdc | 60 | #include "sysemu/cpus.h" |
5b6dd868 | 61 | |
955939a2 AB |
62 | /* #define DEBUG_TB_INVALIDATE */ |
63 | /* #define DEBUG_TB_FLUSH */ | |
5b6dd868 | 64 | /* make various TB consistency checks */ |
955939a2 | 65 | /* #define DEBUG_TB_CHECK */ |
5b6dd868 BS |
66 | |
67 | #if !defined(CONFIG_USER_ONLY) | |
68 | /* TB consistency checks only implemented for usermode emulation. */ | |
69 | #undef DEBUG_TB_CHECK | |
70 | #endif | |
71 | ||
301e40ed AB |
72 | /* Access to the various translations structures need to be serialised via locks |
73 | * for consistency. This is automatic for SoftMMU based system | |
74 | * emulation due to its single threaded nature. In user-mode emulation | |
75 | * access to the memory related structures are protected with the | |
76 | * mmap_lock. | |
77 | */ | |
301e40ed | 78 | #ifdef CONFIG_SOFTMMU |
2f169606 | 79 | #define assert_memory_lock() tcg_debug_assert(have_tb_lock) |
301e40ed | 80 | #else |
6ac3d7e8 | 81 | #define assert_memory_lock() tcg_debug_assert(have_mmap_lock()) |
301e40ed AB |
82 | #endif |
83 | ||
5b6dd868 BS |
84 | #define SMC_BITMAP_USE_THRESHOLD 10 |
85 | ||
5b6dd868 BS |
86 | typedef struct PageDesc { |
87 | /* list of TBs intersecting this ram page */ | |
88 | TranslationBlock *first_tb; | |
6fad459c | 89 | #ifdef CONFIG_SOFTMMU |
5b6dd868 BS |
90 | /* in order to optimize self modifying code, we count the number |
91 | of lookups we do to a given page to use a bitmap */ | |
92 | unsigned int code_write_count; | |
510a647f | 93 | unsigned long *code_bitmap; |
6fad459c | 94 | #else |
5b6dd868 BS |
95 | unsigned long flags; |
96 | #endif | |
97 | } PageDesc; | |
98 | ||
99 | /* In system mode we want L1_MAP to be based on ram offsets, | |
100 | while in user mode we want it to be based on virtual addresses. */ | |
101 | #if !defined(CONFIG_USER_ONLY) | |
102 | #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS | |
103 | # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS | |
104 | #else | |
105 | # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS | |
106 | #endif | |
107 | #else | |
108 | # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS | |
109 | #endif | |
110 | ||
03f49957 PB |
111 | /* Size of the L2 (and L3, etc) page tables. */ |
112 | #define V_L2_BITS 10 | |
113 | #define V_L2_SIZE (1 << V_L2_BITS) | |
114 | ||
5b6dd868 | 115 | uintptr_t qemu_host_page_size; |
0c2d70c4 | 116 | intptr_t qemu_host_page_mask; |
5b6dd868 | 117 | |
66ec9f49 VK |
118 | /* |
119 | * L1 Mapping properties | |
120 | */ | |
121 | static int v_l1_size; | |
122 | static int v_l1_shift; | |
123 | static int v_l2_levels; | |
124 | ||
125 | /* The bottom level has pointers to PageDesc, and is indexed by | |
126 | * anything from 4 to (V_L2_BITS + 3) bits, depending on target page size. | |
127 | */ | |
128 | #define V_L1_MIN_BITS 4 | |
129 | #define V_L1_MAX_BITS (V_L2_BITS + 3) | |
130 | #define V_L1_MAX_SIZE (1 << V_L1_MAX_BITS) | |
131 | ||
132 | static void *l1_map[V_L1_MAX_SIZE]; | |
5b6dd868 | 133 | |
57fec1fe FB |
134 | /* code generation context */ |
135 | TCGContext tcg_ctx; | |
fdbc2b57 | 136 | bool parallel_cpus; |
d19893da | 137 | |
677ef623 | 138 | /* translation block context */ |
677ef623 | 139 | __thread int have_tb_lock; |
677ef623 | 140 | |
66ec9f49 VK |
141 | static void page_table_config_init(void) |
142 | { | |
143 | uint32_t v_l1_bits; | |
144 | ||
145 | assert(TARGET_PAGE_BITS); | |
146 | /* The bits remaining after N lower levels of page tables. */ | |
147 | v_l1_bits = (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % V_L2_BITS; | |
148 | if (v_l1_bits < V_L1_MIN_BITS) { | |
149 | v_l1_bits += V_L2_BITS; | |
150 | } | |
151 | ||
152 | v_l1_size = 1 << v_l1_bits; | |
153 | v_l1_shift = L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - v_l1_bits; | |
154 | v_l2_levels = v_l1_shift / V_L2_BITS - 1; | |
155 | ||
156 | assert(v_l1_bits <= V_L1_MAX_BITS); | |
157 | assert(v_l1_shift % V_L2_BITS == 0); | |
158 | assert(v_l2_levels >= 0); | |
159 | } | |
160 | ||
6ac3d7e8 PK |
161 | #define assert_tb_locked() tcg_debug_assert(have_tb_lock) |
162 | #define assert_tb_unlocked() tcg_debug_assert(!have_tb_lock) | |
6ac3d7e8 | 163 | |
677ef623 FK |
164 | void tb_lock(void) |
165 | { | |
6ac3d7e8 | 166 | assert_tb_unlocked(); |
677ef623 FK |
167 | qemu_mutex_lock(&tcg_ctx.tb_ctx.tb_lock); |
168 | have_tb_lock++; | |
677ef623 FK |
169 | } |
170 | ||
171 | void tb_unlock(void) | |
172 | { | |
6ac3d7e8 | 173 | assert_tb_locked(); |
677ef623 FK |
174 | have_tb_lock--; |
175 | qemu_mutex_unlock(&tcg_ctx.tb_ctx.tb_lock); | |
677ef623 FK |
176 | } |
177 | ||
178 | void tb_lock_reset(void) | |
179 | { | |
677ef623 FK |
180 | if (have_tb_lock) { |
181 | qemu_mutex_unlock(&tcg_ctx.tb_ctx.tb_lock); | |
182 | have_tb_lock = 0; | |
183 | } | |
677ef623 FK |
184 | } |
185 | ||
a8a826a3 | 186 | static TranslationBlock *tb_find_pc(uintptr_t tc_ptr); |
5b6dd868 | 187 | |
57fec1fe FB |
188 | void cpu_gen_init(void) |
189 | { | |
190 | tcg_context_init(&tcg_ctx); | |
57fec1fe FB |
191 | } |
192 | ||
fca8a500 RH |
193 | /* Encode VAL as a signed leb128 sequence at P. |
194 | Return P incremented past the encoded value. */ | |
195 | static uint8_t *encode_sleb128(uint8_t *p, target_long val) | |
196 | { | |
197 | int more, byte; | |
198 | ||
199 | do { | |
200 | byte = val & 0x7f; | |
201 | val >>= 7; | |
202 | more = !((val == 0 && (byte & 0x40) == 0) | |
203 | || (val == -1 && (byte & 0x40) != 0)); | |
204 | if (more) { | |
205 | byte |= 0x80; | |
206 | } | |
207 | *p++ = byte; | |
208 | } while (more); | |
209 | ||
210 | return p; | |
211 | } | |
212 | ||
213 | /* Decode a signed leb128 sequence at *PP; increment *PP past the | |
214 | decoded value. Return the decoded value. */ | |
215 | static target_long decode_sleb128(uint8_t **pp) | |
216 | { | |
217 | uint8_t *p = *pp; | |
218 | target_long val = 0; | |
219 | int byte, shift = 0; | |
220 | ||
221 | do { | |
222 | byte = *p++; | |
223 | val |= (target_ulong)(byte & 0x7f) << shift; | |
224 | shift += 7; | |
225 | } while (byte & 0x80); | |
226 | if (shift < TARGET_LONG_BITS && (byte & 0x40)) { | |
227 | val |= -(target_ulong)1 << shift; | |
228 | } | |
229 | ||
230 | *pp = p; | |
231 | return val; | |
232 | } | |
233 | ||
234 | /* Encode the data collected about the instructions while compiling TB. | |
235 | Place the data at BLOCK, and return the number of bytes consumed. | |
236 | ||
237 | The logical table consisits of TARGET_INSN_START_WORDS target_ulong's, | |
238 | which come from the target's insn_start data, followed by a uintptr_t | |
239 | which comes from the host pc of the end of the code implementing the insn. | |
240 | ||
241 | Each line of the table is encoded as sleb128 deltas from the previous | |
242 | line. The seed for the first line is { tb->pc, 0..., tb->tc_ptr }. | |
243 | That is, the first column is seeded with the guest pc, the last column | |
244 | with the host pc, and the middle columns with zeros. */ | |
245 | ||
246 | static int encode_search(TranslationBlock *tb, uint8_t *block) | |
247 | { | |
b125f9dc | 248 | uint8_t *highwater = tcg_ctx.code_gen_highwater; |
fca8a500 RH |
249 | uint8_t *p = block; |
250 | int i, j, n; | |
251 | ||
252 | tb->tc_search = block; | |
253 | ||
254 | for (i = 0, n = tb->icount; i < n; ++i) { | |
255 | target_ulong prev; | |
256 | ||
257 | for (j = 0; j < TARGET_INSN_START_WORDS; ++j) { | |
258 | if (i == 0) { | |
259 | prev = (j == 0 ? tb->pc : 0); | |
260 | } else { | |
261 | prev = tcg_ctx.gen_insn_data[i - 1][j]; | |
262 | } | |
263 | p = encode_sleb128(p, tcg_ctx.gen_insn_data[i][j] - prev); | |
264 | } | |
265 | prev = (i == 0 ? 0 : tcg_ctx.gen_insn_end_off[i - 1]); | |
266 | p = encode_sleb128(p, tcg_ctx.gen_insn_end_off[i] - prev); | |
b125f9dc RH |
267 | |
268 | /* Test for (pending) buffer overflow. The assumption is that any | |
269 | one row beginning below the high water mark cannot overrun | |
270 | the buffer completely. Thus we can test for overflow after | |
271 | encoding a row without having to check during encoding. */ | |
272 | if (unlikely(p > highwater)) { | |
273 | return -1; | |
274 | } | |
fca8a500 RH |
275 | } |
276 | ||
277 | return p - block; | |
278 | } | |
279 | ||
7d7500d9 PB |
280 | /* The cpu state corresponding to 'searched_pc' is restored. |
281 | * Called with tb_lock held. | |
282 | */ | |
74f10515 | 283 | static int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb, |
a8a826a3 | 284 | uintptr_t searched_pc) |
d19893da | 285 | { |
fca8a500 RH |
286 | target_ulong data[TARGET_INSN_START_WORDS] = { tb->pc }; |
287 | uintptr_t host_pc = (uintptr_t)tb->tc_ptr; | |
74f10515 | 288 | CPUArchState *env = cpu->env_ptr; |
fca8a500 RH |
289 | uint8_t *p = tb->tc_search; |
290 | int i, j, num_insns = tb->icount; | |
57fec1fe | 291 | #ifdef CONFIG_PROFILER |
fca8a500 | 292 | int64_t ti = profile_getclock(); |
57fec1fe FB |
293 | #endif |
294 | ||
01ecaf43 RH |
295 | searched_pc -= GETPC_ADJ; |
296 | ||
fca8a500 RH |
297 | if (searched_pc < host_pc) { |
298 | return -1; | |
299 | } | |
d19893da | 300 | |
fca8a500 RH |
301 | /* Reconstruct the stored insn data while looking for the point at |
302 | which the end of the insn exceeds the searched_pc. */ | |
303 | for (i = 0; i < num_insns; ++i) { | |
304 | for (j = 0; j < TARGET_INSN_START_WORDS; ++j) { | |
305 | data[j] += decode_sleb128(&p); | |
306 | } | |
307 | host_pc += decode_sleb128(&p); | |
308 | if (host_pc > searched_pc) { | |
309 | goto found; | |
310 | } | |
311 | } | |
312 | return -1; | |
3b46e624 | 313 | |
fca8a500 | 314 | found: |
bd79255d | 315 | if (tb->cflags & CF_USE_ICOUNT) { |
414b15c9 | 316 | assert(use_icount); |
2e70f6ef | 317 | /* Reset the cycle counter to the start of the block. */ |
fca8a500 | 318 | cpu->icount_decr.u16.low += num_insns; |
2e70f6ef | 319 | /* Clear the IO flag. */ |
99df7dce | 320 | cpu->can_do_io = 0; |
2e70f6ef | 321 | } |
fca8a500 RH |
322 | cpu->icount_decr.u16.low -= i; |
323 | restore_state_to_opc(env, tb, data); | |
57fec1fe FB |
324 | |
325 | #ifdef CONFIG_PROFILER | |
fca8a500 RH |
326 | tcg_ctx.restore_time += profile_getclock() - ti; |
327 | tcg_ctx.restore_count++; | |
57fec1fe | 328 | #endif |
d19893da FB |
329 | return 0; |
330 | } | |
5b6dd868 | 331 | |
3f38f309 | 332 | bool cpu_restore_state(CPUState *cpu, uintptr_t retaddr) |
a8a826a3 BS |
333 | { |
334 | TranslationBlock *tb; | |
a5e99826 | 335 | bool r = false; |
a8a826a3 | 336 | |
d8b2239b AB |
337 | /* A retaddr of zero is invalid so we really shouldn't have ended |
338 | * up here. The target code has likely forgotten to check retaddr | |
339 | * != 0 before attempting to restore state. We return early to | |
340 | * avoid blowing up on a recursive tb_lock(). The target must have | |
341 | * previously survived a failed cpu_restore_state because | |
342 | * tb_find_pc(0) would have failed anyway. It still should be | |
343 | * fixed though. | |
344 | */ | |
345 | ||
346 | if (!retaddr) { | |
347 | return r; | |
348 | } | |
349 | ||
a5e99826 | 350 | tb_lock(); |
a8a826a3 BS |
351 | tb = tb_find_pc(retaddr); |
352 | if (tb) { | |
74f10515 | 353 | cpu_restore_state_from_tb(cpu, tb, retaddr); |
d8a499f1 PD |
354 | if (tb->cflags & CF_NOCACHE) { |
355 | /* one-shot translation, invalidate it immediately */ | |
d8a499f1 PD |
356 | tb_phys_invalidate(tb, -1); |
357 | tb_free(tb); | |
358 | } | |
a5e99826 | 359 | r = true; |
a8a826a3 | 360 | } |
a5e99826 FK |
361 | tb_unlock(); |
362 | ||
363 | return r; | |
a8a826a3 BS |
364 | } |
365 | ||
47c16ed5 | 366 | void page_size_init(void) |
5b6dd868 BS |
367 | { |
368 | /* NOTE: we can always suppose that qemu_host_page_size >= | |
369 | TARGET_PAGE_SIZE */ | |
5b6dd868 | 370 | qemu_real_host_page_size = getpagesize(); |
0c2d70c4 | 371 | qemu_real_host_page_mask = -(intptr_t)qemu_real_host_page_size; |
5b6dd868 BS |
372 | if (qemu_host_page_size == 0) { |
373 | qemu_host_page_size = qemu_real_host_page_size; | |
374 | } | |
375 | if (qemu_host_page_size < TARGET_PAGE_SIZE) { | |
376 | qemu_host_page_size = TARGET_PAGE_SIZE; | |
377 | } | |
0c2d70c4 | 378 | qemu_host_page_mask = -(intptr_t)qemu_host_page_size; |
47c16ed5 | 379 | } |
5b6dd868 | 380 | |
47c16ed5 AK |
381 | static void page_init(void) |
382 | { | |
383 | page_size_init(); | |
66ec9f49 VK |
384 | page_table_config_init(); |
385 | ||
5b6dd868 BS |
386 | #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY) |
387 | { | |
388 | #ifdef HAVE_KINFO_GETVMMAP | |
389 | struct kinfo_vmentry *freep; | |
390 | int i, cnt; | |
391 | ||
392 | freep = kinfo_getvmmap(getpid(), &cnt); | |
393 | if (freep) { | |
394 | mmap_lock(); | |
395 | for (i = 0; i < cnt; i++) { | |
396 | unsigned long startaddr, endaddr; | |
397 | ||
398 | startaddr = freep[i].kve_start; | |
399 | endaddr = freep[i].kve_end; | |
400 | if (h2g_valid(startaddr)) { | |
401 | startaddr = h2g(startaddr) & TARGET_PAGE_MASK; | |
402 | ||
403 | if (h2g_valid(endaddr)) { | |
404 | endaddr = h2g(endaddr); | |
405 | page_set_flags(startaddr, endaddr, PAGE_RESERVED); | |
406 | } else { | |
407 | #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS | |
408 | endaddr = ~0ul; | |
409 | page_set_flags(startaddr, endaddr, PAGE_RESERVED); | |
410 | #endif | |
411 | } | |
412 | } | |
413 | } | |
414 | free(freep); | |
415 | mmap_unlock(); | |
416 | } | |
417 | #else | |
418 | FILE *f; | |
419 | ||
420 | last_brk = (unsigned long)sbrk(0); | |
421 | ||
422 | f = fopen("/compat/linux/proc/self/maps", "r"); | |
423 | if (f) { | |
424 | mmap_lock(); | |
425 | ||
426 | do { | |
427 | unsigned long startaddr, endaddr; | |
428 | int n; | |
429 | ||
430 | n = fscanf(f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr); | |
431 | ||
432 | if (n == 2 && h2g_valid(startaddr)) { | |
433 | startaddr = h2g(startaddr) & TARGET_PAGE_MASK; | |
434 | ||
435 | if (h2g_valid(endaddr)) { | |
436 | endaddr = h2g(endaddr); | |
437 | } else { | |
438 | endaddr = ~0ul; | |
439 | } | |
440 | page_set_flags(startaddr, endaddr, PAGE_RESERVED); | |
441 | } | |
442 | } while (!feof(f)); | |
443 | ||
444 | fclose(f); | |
445 | mmap_unlock(); | |
446 | } | |
447 | #endif | |
448 | } | |
449 | #endif | |
450 | } | |
451 | ||
75692087 | 452 | /* If alloc=1: |
7d7500d9 | 453 | * Called with tb_lock held for system emulation. |
75692087 PB |
454 | * Called with mmap_lock held for user-mode emulation. |
455 | */ | |
5b6dd868 BS |
456 | static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc) |
457 | { | |
458 | PageDesc *pd; | |
459 | void **lp; | |
460 | int i; | |
461 | ||
e505a063 AB |
462 | if (alloc) { |
463 | assert_memory_lock(); | |
464 | } | |
465 | ||
5b6dd868 | 466 | /* Level 1. Always allocated. */ |
66ec9f49 | 467 | lp = l1_map + ((index >> v_l1_shift) & (v_l1_size - 1)); |
5b6dd868 BS |
468 | |
469 | /* Level 2..N-1. */ | |
66ec9f49 | 470 | for (i = v_l2_levels; i > 0; i--) { |
6940fab8 | 471 | void **p = atomic_rcu_read(lp); |
5b6dd868 BS |
472 | |
473 | if (p == NULL) { | |
474 | if (!alloc) { | |
475 | return NULL; | |
476 | } | |
e3a0abfd | 477 | p = g_new0(void *, V_L2_SIZE); |
6940fab8 | 478 | atomic_rcu_set(lp, p); |
5b6dd868 BS |
479 | } |
480 | ||
03f49957 | 481 | lp = p + ((index >> (i * V_L2_BITS)) & (V_L2_SIZE - 1)); |
5b6dd868 BS |
482 | } |
483 | ||
6940fab8 | 484 | pd = atomic_rcu_read(lp); |
5b6dd868 BS |
485 | if (pd == NULL) { |
486 | if (!alloc) { | |
487 | return NULL; | |
488 | } | |
e3a0abfd | 489 | pd = g_new0(PageDesc, V_L2_SIZE); |
6940fab8 | 490 | atomic_rcu_set(lp, pd); |
5b6dd868 BS |
491 | } |
492 | ||
03f49957 | 493 | return pd + (index & (V_L2_SIZE - 1)); |
5b6dd868 BS |
494 | } |
495 | ||
496 | static inline PageDesc *page_find(tb_page_addr_t index) | |
497 | { | |
498 | return page_find_alloc(index, 0); | |
499 | } | |
500 | ||
5b6dd868 BS |
501 | #if defined(CONFIG_USER_ONLY) |
502 | /* Currently it is not recommended to allocate big chunks of data in | |
503 | user mode. It will change when a dedicated libc will be used. */ | |
504 | /* ??? 64-bit hosts ought to have no problem mmaping data outside the | |
505 | region in which the guest needs to run. Revisit this. */ | |
506 | #define USE_STATIC_CODE_GEN_BUFFER | |
507 | #endif | |
508 | ||
5b6dd868 BS |
509 | /* Minimum size of the code gen buffer. This number is randomly chosen, |
510 | but not so small that we can't have a fair number of TB's live. */ | |
511 | #define MIN_CODE_GEN_BUFFER_SIZE (1024u * 1024) | |
512 | ||
513 | /* Maximum size of the code gen buffer we'd like to use. Unless otherwise | |
514 | indicated, this is constrained by the range of direct branches on the | |
515 | host cpu, as used by the TCG implementation of goto_tb. */ | |
516 | #if defined(__x86_64__) | |
517 | # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024) | |
518 | #elif defined(__sparc__) | |
519 | # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024) | |
5bfd75a3 RH |
520 | #elif defined(__powerpc64__) |
521 | # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024) | |
399f1648 SF |
522 | #elif defined(__powerpc__) |
523 | # define MAX_CODE_GEN_BUFFER_SIZE (32u * 1024 * 1024) | |
4a136e0a CF |
524 | #elif defined(__aarch64__) |
525 | # define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024) | |
5b6dd868 BS |
526 | #elif defined(__arm__) |
527 | # define MAX_CODE_GEN_BUFFER_SIZE (16u * 1024 * 1024) | |
528 | #elif defined(__s390x__) | |
529 | /* We have a +- 4GB range on the branches; leave some slop. */ | |
530 | # define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024) | |
479eb121 RH |
531 | #elif defined(__mips__) |
532 | /* We have a 256MB branch region, but leave room to make sure the | |
533 | main executable is also within that region. */ | |
534 | # define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024) | |
5b6dd868 BS |
535 | #else |
536 | # define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1) | |
537 | #endif | |
538 | ||
539 | #define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024) | |
540 | ||
541 | #define DEFAULT_CODE_GEN_BUFFER_SIZE \ | |
542 | (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \ | |
543 | ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE) | |
544 | ||
545 | static inline size_t size_code_gen_buffer(size_t tb_size) | |
546 | { | |
547 | /* Size the buffer. */ | |
548 | if (tb_size == 0) { | |
549 | #ifdef USE_STATIC_CODE_GEN_BUFFER | |
550 | tb_size = DEFAULT_CODE_GEN_BUFFER_SIZE; | |
551 | #else | |
552 | /* ??? Needs adjustments. */ | |
553 | /* ??? If we relax the requirement that CONFIG_USER_ONLY use the | |
554 | static buffer, we could size this on RESERVED_VA, on the text | |
555 | segment size of the executable, or continue to use the default. */ | |
556 | tb_size = (unsigned long)(ram_size / 4); | |
557 | #endif | |
558 | } | |
559 | if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) { | |
560 | tb_size = MIN_CODE_GEN_BUFFER_SIZE; | |
561 | } | |
562 | if (tb_size > MAX_CODE_GEN_BUFFER_SIZE) { | |
563 | tb_size = MAX_CODE_GEN_BUFFER_SIZE; | |
564 | } | |
5b6dd868 BS |
565 | return tb_size; |
566 | } | |
567 | ||
483c76e1 RH |
568 | #ifdef __mips__ |
569 | /* In order to use J and JAL within the code_gen_buffer, we require | |
570 | that the buffer not cross a 256MB boundary. */ | |
571 | static inline bool cross_256mb(void *addr, size_t size) | |
572 | { | |
7ba6a512 | 573 | return ((uintptr_t)addr ^ ((uintptr_t)addr + size)) & ~0x0ffffffful; |
483c76e1 RH |
574 | } |
575 | ||
576 | /* We weren't able to allocate a buffer without crossing that boundary, | |
577 | so make do with the larger portion of the buffer that doesn't cross. | |
578 | Returns the new base of the buffer, and adjusts code_gen_buffer_size. */ | |
579 | static inline void *split_cross_256mb(void *buf1, size_t size1) | |
580 | { | |
7ba6a512 | 581 | void *buf2 = (void *)(((uintptr_t)buf1 + size1) & ~0x0ffffffful); |
483c76e1 RH |
582 | size_t size2 = buf1 + size1 - buf2; |
583 | ||
584 | size1 = buf2 - buf1; | |
585 | if (size1 < size2) { | |
586 | size1 = size2; | |
587 | buf1 = buf2; | |
588 | } | |
589 | ||
590 | tcg_ctx.code_gen_buffer_size = size1; | |
591 | return buf1; | |
592 | } | |
593 | #endif | |
594 | ||
5b6dd868 BS |
595 | #ifdef USE_STATIC_CODE_GEN_BUFFER |
596 | static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE] | |
597 | __attribute__((aligned(CODE_GEN_ALIGN))); | |
598 | ||
f293709c RH |
599 | # ifdef _WIN32 |
600 | static inline void do_protect(void *addr, long size, int prot) | |
601 | { | |
602 | DWORD old_protect; | |
603 | VirtualProtect(addr, size, prot, &old_protect); | |
604 | } | |
605 | ||
606 | static inline void map_exec(void *addr, long size) | |
607 | { | |
608 | do_protect(addr, size, PAGE_EXECUTE_READWRITE); | |
609 | } | |
610 | ||
611 | static inline void map_none(void *addr, long size) | |
612 | { | |
613 | do_protect(addr, size, PAGE_NOACCESS); | |
614 | } | |
615 | # else | |
616 | static inline void do_protect(void *addr, long size, int prot) | |
617 | { | |
618 | uintptr_t start, end; | |
619 | ||
620 | start = (uintptr_t)addr; | |
621 | start &= qemu_real_host_page_mask; | |
622 | ||
623 | end = (uintptr_t)addr + size; | |
624 | end = ROUND_UP(end, qemu_real_host_page_size); | |
625 | ||
626 | mprotect((void *)start, end - start, prot); | |
627 | } | |
628 | ||
629 | static inline void map_exec(void *addr, long size) | |
630 | { | |
631 | do_protect(addr, size, PROT_READ | PROT_WRITE | PROT_EXEC); | |
632 | } | |
633 | ||
634 | static inline void map_none(void *addr, long size) | |
635 | { | |
636 | do_protect(addr, size, PROT_NONE); | |
637 | } | |
638 | # endif /* WIN32 */ | |
639 | ||
5b6dd868 BS |
640 | static inline void *alloc_code_gen_buffer(void) |
641 | { | |
483c76e1 | 642 | void *buf = static_code_gen_buffer; |
f293709c RH |
643 | size_t full_size, size; |
644 | ||
645 | /* The size of the buffer, rounded down to end on a page boundary. */ | |
646 | full_size = (((uintptr_t)buf + sizeof(static_code_gen_buffer)) | |
647 | & qemu_real_host_page_mask) - (uintptr_t)buf; | |
648 | ||
649 | /* Reserve a guard page. */ | |
650 | size = full_size - qemu_real_host_page_size; | |
651 | ||
652 | /* Honor a command-line option limiting the size of the buffer. */ | |
653 | if (size > tcg_ctx.code_gen_buffer_size) { | |
654 | size = (((uintptr_t)buf + tcg_ctx.code_gen_buffer_size) | |
655 | & qemu_real_host_page_mask) - (uintptr_t)buf; | |
656 | } | |
657 | tcg_ctx.code_gen_buffer_size = size; | |
658 | ||
483c76e1 | 659 | #ifdef __mips__ |
f293709c RH |
660 | if (cross_256mb(buf, size)) { |
661 | buf = split_cross_256mb(buf, size); | |
662 | size = tcg_ctx.code_gen_buffer_size; | |
483c76e1 RH |
663 | } |
664 | #endif | |
f293709c RH |
665 | |
666 | map_exec(buf, size); | |
667 | map_none(buf + size, qemu_real_host_page_size); | |
668 | qemu_madvise(buf, size, QEMU_MADV_HUGEPAGE); | |
669 | ||
483c76e1 | 670 | return buf; |
5b6dd868 | 671 | } |
f293709c RH |
672 | #elif defined(_WIN32) |
673 | static inline void *alloc_code_gen_buffer(void) | |
674 | { | |
675 | size_t size = tcg_ctx.code_gen_buffer_size; | |
676 | void *buf1, *buf2; | |
677 | ||
678 | /* Perform the allocation in two steps, so that the guard page | |
679 | is reserved but uncommitted. */ | |
680 | buf1 = VirtualAlloc(NULL, size + qemu_real_host_page_size, | |
681 | MEM_RESERVE, PAGE_NOACCESS); | |
682 | if (buf1 != NULL) { | |
683 | buf2 = VirtualAlloc(buf1, size, MEM_COMMIT, PAGE_EXECUTE_READWRITE); | |
684 | assert(buf1 == buf2); | |
685 | } | |
686 | ||
687 | return buf1; | |
688 | } | |
689 | #else | |
5b6dd868 BS |
690 | static inline void *alloc_code_gen_buffer(void) |
691 | { | |
692 | int flags = MAP_PRIVATE | MAP_ANONYMOUS; | |
693 | uintptr_t start = 0; | |
f293709c | 694 | size_t size = tcg_ctx.code_gen_buffer_size; |
5b6dd868 BS |
695 | void *buf; |
696 | ||
697 | /* Constrain the position of the buffer based on the host cpu. | |
698 | Note that these addresses are chosen in concert with the | |
699 | addresses assigned in the relevant linker script file. */ | |
700 | # if defined(__PIE__) || defined(__PIC__) | |
701 | /* Don't bother setting a preferred location if we're building | |
702 | a position-independent executable. We're more likely to get | |
703 | an address near the main executable if we let the kernel | |
704 | choose the address. */ | |
705 | # elif defined(__x86_64__) && defined(MAP_32BIT) | |
706 | /* Force the memory down into low memory with the executable. | |
707 | Leave the choice of exact location with the kernel. */ | |
708 | flags |= MAP_32BIT; | |
709 | /* Cannot expect to map more than 800MB in low memory. */ | |
f293709c RH |
710 | if (size > 800u * 1024 * 1024) { |
711 | tcg_ctx.code_gen_buffer_size = size = 800u * 1024 * 1024; | |
5b6dd868 BS |
712 | } |
713 | # elif defined(__sparc__) | |
714 | start = 0x40000000ul; | |
715 | # elif defined(__s390x__) | |
716 | start = 0x90000000ul; | |
479eb121 | 717 | # elif defined(__mips__) |
f293709c | 718 | # if _MIPS_SIM == _ABI64 |
479eb121 RH |
719 | start = 0x128000000ul; |
720 | # else | |
721 | start = 0x08000000ul; | |
722 | # endif | |
5b6dd868 BS |
723 | # endif |
724 | ||
f293709c RH |
725 | buf = mmap((void *)start, size + qemu_real_host_page_size, |
726 | PROT_NONE, flags, -1, 0); | |
483c76e1 RH |
727 | if (buf == MAP_FAILED) { |
728 | return NULL; | |
729 | } | |
730 | ||
731 | #ifdef __mips__ | |
f293709c | 732 | if (cross_256mb(buf, size)) { |
5d831be2 | 733 | /* Try again, with the original still mapped, to avoid re-acquiring |
483c76e1 | 734 | that 256mb crossing. This time don't specify an address. */ |
f293709c RH |
735 | size_t size2; |
736 | void *buf2 = mmap(NULL, size + qemu_real_host_page_size, | |
737 | PROT_NONE, flags, -1, 0); | |
f68808c7 | 738 | switch ((int)(buf2 != MAP_FAILED)) { |
f293709c RH |
739 | case 1: |
740 | if (!cross_256mb(buf2, size)) { | |
483c76e1 | 741 | /* Success! Use the new buffer. */ |
8bdf4997 | 742 | munmap(buf, size + qemu_real_host_page_size); |
f293709c | 743 | break; |
483c76e1 RH |
744 | } |
745 | /* Failure. Work with what we had. */ | |
8bdf4997 | 746 | munmap(buf2, size + qemu_real_host_page_size); |
f293709c RH |
747 | /* fallthru */ |
748 | default: | |
749 | /* Split the original buffer. Free the smaller half. */ | |
750 | buf2 = split_cross_256mb(buf, size); | |
751 | size2 = tcg_ctx.code_gen_buffer_size; | |
752 | if (buf == buf2) { | |
753 | munmap(buf + size2 + qemu_real_host_page_size, size - size2); | |
754 | } else { | |
755 | munmap(buf, size - size2); | |
756 | } | |
757 | size = size2; | |
758 | break; | |
483c76e1 | 759 | } |
f293709c | 760 | buf = buf2; |
483c76e1 RH |
761 | } |
762 | #endif | |
763 | ||
f293709c RH |
764 | /* Make the final buffer accessible. The guard page at the end |
765 | will remain inaccessible with PROT_NONE. */ | |
766 | mprotect(buf, size, PROT_WRITE | PROT_READ | PROT_EXEC); | |
483c76e1 | 767 | |
f293709c RH |
768 | /* Request large pages for the buffer. */ |
769 | qemu_madvise(buf, size, QEMU_MADV_HUGEPAGE); | |
483c76e1 | 770 | |
5b6dd868 BS |
771 | return buf; |
772 | } | |
f293709c | 773 | #endif /* USE_STATIC_CODE_GEN_BUFFER, WIN32, POSIX */ |
5b6dd868 BS |
774 | |
775 | static inline void code_gen_alloc(size_t tb_size) | |
776 | { | |
0b0d3320 EV |
777 | tcg_ctx.code_gen_buffer_size = size_code_gen_buffer(tb_size); |
778 | tcg_ctx.code_gen_buffer = alloc_code_gen_buffer(); | |
779 | if (tcg_ctx.code_gen_buffer == NULL) { | |
5b6dd868 BS |
780 | fprintf(stderr, "Could not allocate dynamic translator buffer\n"); |
781 | exit(1); | |
782 | } | |
783 | ||
6e3b2bfd EC |
784 | /* size this conservatively -- realloc later if needed */ |
785 | tcg_ctx.tb_ctx.tbs_size = | |
786 | tcg_ctx.code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE / 8; | |
787 | if (unlikely(!tcg_ctx.tb_ctx.tbs_size)) { | |
788 | tcg_ctx.tb_ctx.tbs_size = 64 * 1024; | |
789 | } | |
790 | tcg_ctx.tb_ctx.tbs = g_new(TranslationBlock *, tcg_ctx.tb_ctx.tbs_size); | |
8163b749 | 791 | |
677ef623 | 792 | qemu_mutex_init(&tcg_ctx.tb_ctx.tb_lock); |
5b6dd868 BS |
793 | } |
794 | ||
909eaac9 EC |
795 | static void tb_htable_init(void) |
796 | { | |
797 | unsigned int mode = QHT_MODE_AUTO_RESIZE; | |
798 | ||
799 | qht_init(&tcg_ctx.tb_ctx.htable, CODE_GEN_HTABLE_SIZE, mode); | |
800 | } | |
801 | ||
5b6dd868 BS |
802 | /* Must be called before using the QEMU cpus. 'tb_size' is the size |
803 | (in bytes) allocated to the translation buffer. Zero means default | |
804 | size. */ | |
805 | void tcg_exec_init(unsigned long tb_size) | |
806 | { | |
807 | cpu_gen_init(); | |
5b6dd868 | 808 | page_init(); |
909eaac9 | 809 | tb_htable_init(); |
f293709c | 810 | code_gen_alloc(tb_size); |
4cbea598 | 811 | #if defined(CONFIG_SOFTMMU) |
5b6dd868 BS |
812 | /* There's no guest base to take into account, so go ahead and |
813 | initialize the prologue now. */ | |
814 | tcg_prologue_init(&tcg_ctx); | |
815 | #endif | |
816 | } | |
817 | ||
818 | bool tcg_enabled(void) | |
819 | { | |
0b0d3320 | 820 | return tcg_ctx.code_gen_buffer != NULL; |
5b6dd868 BS |
821 | } |
822 | ||
7d7500d9 PB |
823 | /* |
824 | * Allocate a new translation block. Flush the translation buffer if | |
825 | * too many translation blocks or too much generated code. | |
826 | * | |
827 | * Called with tb_lock held. | |
828 | */ | |
5b6dd868 BS |
829 | static TranslationBlock *tb_alloc(target_ulong pc) |
830 | { | |
831 | TranslationBlock *tb; | |
6e3b2bfd | 832 | TBContext *ctx; |
5b6dd868 | 833 | |
6ac3d7e8 | 834 | assert_tb_locked(); |
e505a063 | 835 | |
6e3b2bfd EC |
836 | tb = tcg_tb_alloc(&tcg_ctx); |
837 | if (unlikely(tb == NULL)) { | |
5b6dd868 BS |
838 | return NULL; |
839 | } | |
6e3b2bfd EC |
840 | ctx = &tcg_ctx.tb_ctx; |
841 | if (unlikely(ctx->nb_tbs == ctx->tbs_size)) { | |
842 | ctx->tbs_size *= 2; | |
843 | ctx->tbs = g_renew(TranslationBlock *, ctx->tbs, ctx->tbs_size); | |
844 | } | |
845 | ctx->tbs[ctx->nb_tbs++] = tb; | |
5b6dd868 BS |
846 | tb->pc = pc; |
847 | tb->cflags = 0; | |
6d21e420 | 848 | tb->invalid = false; |
5b6dd868 BS |
849 | return tb; |
850 | } | |
851 | ||
7d7500d9 | 852 | /* Called with tb_lock held. */ |
5b6dd868 BS |
853 | void tb_free(TranslationBlock *tb) |
854 | { | |
6ac3d7e8 | 855 | assert_tb_locked(); |
e505a063 | 856 | |
5b6dd868 BS |
857 | /* In practice this is mostly used for single use temporary TB |
858 | Ignore the hard cases and just back up if this TB happens to | |
859 | be the last one generated. */ | |
5e5f07e0 | 860 | if (tcg_ctx.tb_ctx.nb_tbs > 0 && |
6e3b2bfd EC |
861 | tb == tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs - 1]) { |
862 | size_t struct_size = ROUND_UP(sizeof(*tb), qemu_icache_linesize); | |
863 | ||
864 | tcg_ctx.code_gen_ptr = tb->tc_ptr - struct_size; | |
5e5f07e0 | 865 | tcg_ctx.tb_ctx.nb_tbs--; |
5b6dd868 BS |
866 | } |
867 | } | |
868 | ||
869 | static inline void invalidate_page_bitmap(PageDesc *p) | |
870 | { | |
6fad459c | 871 | #ifdef CONFIG_SOFTMMU |
012aef07 MA |
872 | g_free(p->code_bitmap); |
873 | p->code_bitmap = NULL; | |
5b6dd868 | 874 | p->code_write_count = 0; |
6fad459c | 875 | #endif |
5b6dd868 BS |
876 | } |
877 | ||
878 | /* Set to NULL all the 'first_tb' fields in all PageDescs. */ | |
879 | static void page_flush_tb_1(int level, void **lp) | |
880 | { | |
881 | int i; | |
882 | ||
883 | if (*lp == NULL) { | |
884 | return; | |
885 | } | |
886 | if (level == 0) { | |
887 | PageDesc *pd = *lp; | |
888 | ||
03f49957 | 889 | for (i = 0; i < V_L2_SIZE; ++i) { |
5b6dd868 BS |
890 | pd[i].first_tb = NULL; |
891 | invalidate_page_bitmap(pd + i); | |
892 | } | |
893 | } else { | |
894 | void **pp = *lp; | |
895 | ||
03f49957 | 896 | for (i = 0; i < V_L2_SIZE; ++i) { |
5b6dd868 BS |
897 | page_flush_tb_1(level - 1, pp + i); |
898 | } | |
899 | } | |
900 | } | |
901 | ||
902 | static void page_flush_tb(void) | |
903 | { | |
66ec9f49 | 904 | int i, l1_sz = v_l1_size; |
5b6dd868 | 905 | |
66ec9f49 VK |
906 | for (i = 0; i < l1_sz; i++) { |
907 | page_flush_tb_1(v_l2_levels, l1_map + i); | |
5b6dd868 BS |
908 | } |
909 | } | |
910 | ||
911 | /* flush all the translation blocks */ | |
14e6fe12 | 912 | static void do_tb_flush(CPUState *cpu, run_on_cpu_data tb_flush_count) |
5b6dd868 | 913 | { |
3359baad SF |
914 | tb_lock(); |
915 | ||
14e6fe12 | 916 | /* If it is already been done on request of another CPU, |
3359baad SF |
917 | * just retry. |
918 | */ | |
14e6fe12 | 919 | if (tcg_ctx.tb_ctx.tb_flush_count != tb_flush_count.host_int) { |
3359baad | 920 | goto done; |
135a972b | 921 | } |
3359baad | 922 | |
955939a2 | 923 | #if defined(DEBUG_TB_FLUSH) |
5b6dd868 | 924 | printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n", |
0b0d3320 | 925 | (unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer), |
5e5f07e0 | 926 | tcg_ctx.tb_ctx.nb_tbs, tcg_ctx.tb_ctx.nb_tbs > 0 ? |
0b0d3320 | 927 | ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)) / |
5e5f07e0 | 928 | tcg_ctx.tb_ctx.nb_tbs : 0); |
5b6dd868 | 929 | #endif |
0b0d3320 EV |
930 | if ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer) |
931 | > tcg_ctx.code_gen_buffer_size) { | |
a47dddd7 | 932 | cpu_abort(cpu, "Internal error: code buffer overflow\n"); |
5b6dd868 | 933 | } |
5b6dd868 | 934 | |
bdc44640 | 935 | CPU_FOREACH(cpu) { |
89a16b1e SF |
936 | int i; |
937 | ||
938 | for (i = 0; i < TB_JMP_CACHE_SIZE; ++i) { | |
939 | atomic_set(&cpu->tb_jmp_cache[i], NULL); | |
940 | } | |
5b6dd868 BS |
941 | } |
942 | ||
118b0730 | 943 | tcg_ctx.tb_ctx.nb_tbs = 0; |
909eaac9 | 944 | qht_reset_size(&tcg_ctx.tb_ctx.htable, CODE_GEN_HTABLE_SIZE); |
5b6dd868 BS |
945 | page_flush_tb(); |
946 | ||
0b0d3320 | 947 | tcg_ctx.code_gen_ptr = tcg_ctx.code_gen_buffer; |
5b6dd868 BS |
948 | /* XXX: flush processor icache at this point if cache flush is |
949 | expensive */ | |
3359baad SF |
950 | atomic_mb_set(&tcg_ctx.tb_ctx.tb_flush_count, |
951 | tcg_ctx.tb_ctx.tb_flush_count + 1); | |
952 | ||
953 | done: | |
954 | tb_unlock(); | |
955 | } | |
956 | ||
957 | void tb_flush(CPUState *cpu) | |
958 | { | |
959 | if (tcg_enabled()) { | |
14e6fe12 PB |
960 | unsigned tb_flush_count = atomic_mb_read(&tcg_ctx.tb_ctx.tb_flush_count); |
961 | async_safe_run_on_cpu(cpu, do_tb_flush, | |
962 | RUN_ON_CPU_HOST_INT(tb_flush_count)); | |
3359baad | 963 | } |
5b6dd868 BS |
964 | } |
965 | ||
966 | #ifdef DEBUG_TB_CHECK | |
967 | ||
909eaac9 EC |
968 | static void |
969 | do_tb_invalidate_check(struct qht *ht, void *p, uint32_t hash, void *userp) | |
5b6dd868 | 970 | { |
909eaac9 EC |
971 | TranslationBlock *tb = p; |
972 | target_ulong addr = *(target_ulong *)userp; | |
973 | ||
974 | if (!(addr + TARGET_PAGE_SIZE <= tb->pc || addr >= tb->pc + tb->size)) { | |
975 | printf("ERROR invalidate: address=" TARGET_FMT_lx | |
976 | " PC=%08lx size=%04x\n", addr, (long)tb->pc, tb->size); | |
977 | } | |
978 | } | |
5b6dd868 | 979 | |
7d7500d9 PB |
980 | /* verify that all the pages have correct rights for code |
981 | * | |
982 | * Called with tb_lock held. | |
983 | */ | |
909eaac9 EC |
984 | static void tb_invalidate_check(target_ulong address) |
985 | { | |
5b6dd868 | 986 | address &= TARGET_PAGE_MASK; |
909eaac9 EC |
987 | qht_iter(&tcg_ctx.tb_ctx.htable, do_tb_invalidate_check, &address); |
988 | } | |
989 | ||
990 | static void | |
991 | do_tb_page_check(struct qht *ht, void *p, uint32_t hash, void *userp) | |
992 | { | |
993 | TranslationBlock *tb = p; | |
994 | int flags1, flags2; | |
995 | ||
996 | flags1 = page_get_flags(tb->pc); | |
997 | flags2 = page_get_flags(tb->pc + tb->size - 1); | |
998 | if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) { | |
999 | printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n", | |
1000 | (long)tb->pc, tb->size, flags1, flags2); | |
5b6dd868 BS |
1001 | } |
1002 | } | |
1003 | ||
1004 | /* verify that all the pages have correct rights for code */ | |
1005 | static void tb_page_check(void) | |
1006 | { | |
909eaac9 | 1007 | qht_iter(&tcg_ctx.tb_ctx.htable, do_tb_page_check, NULL); |
5b6dd868 BS |
1008 | } |
1009 | ||
1010 | #endif | |
1011 | ||
5b6dd868 BS |
1012 | static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb) |
1013 | { | |
1014 | TranslationBlock *tb1; | |
1015 | unsigned int n1; | |
1016 | ||
1017 | for (;;) { | |
1018 | tb1 = *ptb; | |
1019 | n1 = (uintptr_t)tb1 & 3; | |
1020 | tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3); | |
1021 | if (tb1 == tb) { | |
1022 | *ptb = tb1->page_next[n1]; | |
1023 | break; | |
1024 | } | |
1025 | ptb = &tb1->page_next[n1]; | |
1026 | } | |
1027 | } | |
1028 | ||
13362678 SF |
1029 | /* remove the TB from a list of TBs jumping to the n-th jump target of the TB */ |
1030 | static inline void tb_remove_from_jmp_list(TranslationBlock *tb, int n) | |
5b6dd868 | 1031 | { |
c37e6d7e SF |
1032 | TranslationBlock *tb1; |
1033 | uintptr_t *ptb, ntb; | |
5b6dd868 BS |
1034 | unsigned int n1; |
1035 | ||
f309101c | 1036 | ptb = &tb->jmp_list_next[n]; |
c37e6d7e | 1037 | if (*ptb) { |
5b6dd868 BS |
1038 | /* find tb(n) in circular list */ |
1039 | for (;;) { | |
c37e6d7e SF |
1040 | ntb = *ptb; |
1041 | n1 = ntb & 3; | |
1042 | tb1 = (TranslationBlock *)(ntb & ~3); | |
5b6dd868 BS |
1043 | if (n1 == n && tb1 == tb) { |
1044 | break; | |
1045 | } | |
1046 | if (n1 == 2) { | |
f309101c | 1047 | ptb = &tb1->jmp_list_first; |
5b6dd868 | 1048 | } else { |
f309101c | 1049 | ptb = &tb1->jmp_list_next[n1]; |
5b6dd868 BS |
1050 | } |
1051 | } | |
1052 | /* now we can suppress tb(n) from the list */ | |
f309101c | 1053 | *ptb = tb->jmp_list_next[n]; |
5b6dd868 | 1054 | |
c37e6d7e | 1055 | tb->jmp_list_next[n] = (uintptr_t)NULL; |
5b6dd868 BS |
1056 | } |
1057 | } | |
1058 | ||
1059 | /* reset the jump entry 'n' of a TB so that it is not chained to | |
1060 | another TB */ | |
1061 | static inline void tb_reset_jump(TranslationBlock *tb, int n) | |
1062 | { | |
f309101c SF |
1063 | uintptr_t addr = (uintptr_t)(tb->tc_ptr + tb->jmp_reset_offset[n]); |
1064 | tb_set_jmp_target(tb, n, addr); | |
5b6dd868 BS |
1065 | } |
1066 | ||
89bba496 SF |
1067 | /* remove any jumps to the TB */ |
1068 | static inline void tb_jmp_unlink(TranslationBlock *tb) | |
1069 | { | |
f9c5b66f SF |
1070 | TranslationBlock *tb1; |
1071 | uintptr_t *ptb, ntb; | |
89bba496 SF |
1072 | unsigned int n1; |
1073 | ||
f9c5b66f | 1074 | ptb = &tb->jmp_list_first; |
89bba496 | 1075 | for (;;) { |
f9c5b66f SF |
1076 | ntb = *ptb; |
1077 | n1 = ntb & 3; | |
1078 | tb1 = (TranslationBlock *)(ntb & ~3); | |
89bba496 SF |
1079 | if (n1 == 2) { |
1080 | break; | |
1081 | } | |
f9c5b66f SF |
1082 | tb_reset_jump(tb1, n1); |
1083 | *ptb = tb1->jmp_list_next[n1]; | |
1084 | tb1->jmp_list_next[n1] = (uintptr_t)NULL; | |
89bba496 | 1085 | } |
89bba496 SF |
1086 | } |
1087 | ||
7d7500d9 PB |
1088 | /* invalidate one TB |
1089 | * | |
1090 | * Called with tb_lock held. | |
1091 | */ | |
5b6dd868 BS |
1092 | void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr) |
1093 | { | |
182735ef | 1094 | CPUState *cpu; |
5b6dd868 | 1095 | PageDesc *p; |
42bd3228 | 1096 | uint32_t h; |
5b6dd868 | 1097 | tb_page_addr_t phys_pc; |
5b6dd868 | 1098 | |
6ac3d7e8 | 1099 | assert_tb_locked(); |
e505a063 | 1100 | |
6d21e420 PB |
1101 | atomic_set(&tb->invalid, true); |
1102 | ||
5b6dd868 BS |
1103 | /* remove the TB from the hash list */ |
1104 | phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK); | |
42bd3228 | 1105 | h = tb_hash_func(phys_pc, tb->pc, tb->flags); |
909eaac9 | 1106 | qht_remove(&tcg_ctx.tb_ctx.htable, tb, h); |
5b6dd868 BS |
1107 | |
1108 | /* remove the TB from the page list */ | |
1109 | if (tb->page_addr[0] != page_addr) { | |
1110 | p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS); | |
1111 | tb_page_remove(&p->first_tb, tb); | |
1112 | invalidate_page_bitmap(p); | |
1113 | } | |
1114 | if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) { | |
1115 | p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS); | |
1116 | tb_page_remove(&p->first_tb, tb); | |
1117 | invalidate_page_bitmap(p); | |
1118 | } | |
1119 | ||
5b6dd868 BS |
1120 | /* remove the TB from the hash list */ |
1121 | h = tb_jmp_cache_hash_func(tb->pc); | |
bdc44640 | 1122 | CPU_FOREACH(cpu) { |
89a16b1e SF |
1123 | if (atomic_read(&cpu->tb_jmp_cache[h]) == tb) { |
1124 | atomic_set(&cpu->tb_jmp_cache[h], NULL); | |
5b6dd868 BS |
1125 | } |
1126 | } | |
1127 | ||
1128 | /* suppress this TB from the two jump lists */ | |
13362678 SF |
1129 | tb_remove_from_jmp_list(tb, 0); |
1130 | tb_remove_from_jmp_list(tb, 1); | |
5b6dd868 BS |
1131 | |
1132 | /* suppress any remaining jumps to this TB */ | |
89bba496 | 1133 | tb_jmp_unlink(tb); |
5b6dd868 | 1134 | |
5e5f07e0 | 1135 | tcg_ctx.tb_ctx.tb_phys_invalidate_count++; |
5b6dd868 BS |
1136 | } |
1137 | ||
6fad459c | 1138 | #ifdef CONFIG_SOFTMMU |
5b6dd868 BS |
1139 | static void build_page_bitmap(PageDesc *p) |
1140 | { | |
1141 | int n, tb_start, tb_end; | |
1142 | TranslationBlock *tb; | |
1143 | ||
510a647f | 1144 | p->code_bitmap = bitmap_new(TARGET_PAGE_SIZE); |
5b6dd868 BS |
1145 | |
1146 | tb = p->first_tb; | |
1147 | while (tb != NULL) { | |
1148 | n = (uintptr_t)tb & 3; | |
1149 | tb = (TranslationBlock *)((uintptr_t)tb & ~3); | |
1150 | /* NOTE: this is subtle as a TB may span two physical pages */ | |
1151 | if (n == 0) { | |
1152 | /* NOTE: tb_end may be after the end of the page, but | |
1153 | it is not a problem */ | |
1154 | tb_start = tb->pc & ~TARGET_PAGE_MASK; | |
1155 | tb_end = tb_start + tb->size; | |
1156 | if (tb_end > TARGET_PAGE_SIZE) { | |
1157 | tb_end = TARGET_PAGE_SIZE; | |
e505a063 | 1158 | } |
5b6dd868 BS |
1159 | } else { |
1160 | tb_start = 0; | |
1161 | tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK); | |
1162 | } | |
510a647f | 1163 | bitmap_set(p->code_bitmap, tb_start, tb_end - tb_start); |
5b6dd868 BS |
1164 | tb = tb->page_next[n]; |
1165 | } | |
1166 | } | |
6fad459c | 1167 | #endif |
5b6dd868 | 1168 | |
e90d96b1 SF |
1169 | /* add the tb in the target page and protect it if necessary |
1170 | * | |
1171 | * Called with mmap_lock held for user-mode emulation. | |
1172 | */ | |
1173 | static inline void tb_alloc_page(TranslationBlock *tb, | |
1174 | unsigned int n, tb_page_addr_t page_addr) | |
1175 | { | |
1176 | PageDesc *p; | |
1177 | #ifndef CONFIG_USER_ONLY | |
1178 | bool page_already_protected; | |
1179 | #endif | |
1180 | ||
e505a063 AB |
1181 | assert_memory_lock(); |
1182 | ||
e90d96b1 SF |
1183 | tb->page_addr[n] = page_addr; |
1184 | p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1); | |
1185 | tb->page_next[n] = p->first_tb; | |
1186 | #ifndef CONFIG_USER_ONLY | |
1187 | page_already_protected = p->first_tb != NULL; | |
1188 | #endif | |
1189 | p->first_tb = (TranslationBlock *)((uintptr_t)tb | n); | |
1190 | invalidate_page_bitmap(p); | |
1191 | ||
1192 | #if defined(CONFIG_USER_ONLY) | |
1193 | if (p->flags & PAGE_WRITE) { | |
1194 | target_ulong addr; | |
1195 | PageDesc *p2; | |
1196 | int prot; | |
1197 | ||
1198 | /* force the host page as non writable (writes will have a | |
1199 | page fault + mprotect overhead) */ | |
1200 | page_addr &= qemu_host_page_mask; | |
1201 | prot = 0; | |
1202 | for (addr = page_addr; addr < page_addr + qemu_host_page_size; | |
1203 | addr += TARGET_PAGE_SIZE) { | |
1204 | ||
1205 | p2 = page_find(addr >> TARGET_PAGE_BITS); | |
1206 | if (!p2) { | |
1207 | continue; | |
1208 | } | |
1209 | prot |= p2->flags; | |
1210 | p2->flags &= ~PAGE_WRITE; | |
1211 | } | |
1212 | mprotect(g2h(page_addr), qemu_host_page_size, | |
1213 | (prot & PAGE_BITS) & ~PAGE_WRITE); | |
1214 | #ifdef DEBUG_TB_INVALIDATE | |
1215 | printf("protecting code page: 0x" TARGET_FMT_lx "\n", | |
1216 | page_addr); | |
1217 | #endif | |
1218 | } | |
1219 | #else | |
1220 | /* if some code is already present, then the pages are already | |
1221 | protected. So we handle the case where only the first TB is | |
1222 | allocated in a physical page */ | |
1223 | if (!page_already_protected) { | |
1224 | tlb_protect_code(page_addr); | |
1225 | } | |
1226 | #endif | |
1227 | } | |
1228 | ||
1229 | /* add a new TB and link it to the physical page tables. phys_page2 is | |
1230 | * (-1) to indicate that only one page contains the TB. | |
1231 | * | |
1232 | * Called with mmap_lock held for user-mode emulation. | |
1233 | */ | |
1234 | static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc, | |
1235 | tb_page_addr_t phys_page2) | |
1236 | { | |
42bd3228 | 1237 | uint32_t h; |
e90d96b1 | 1238 | |
e505a063 AB |
1239 | assert_memory_lock(); |
1240 | ||
e90d96b1 SF |
1241 | /* add in the page list */ |
1242 | tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK); | |
1243 | if (phys_page2 != -1) { | |
1244 | tb_alloc_page(tb, 1, phys_page2); | |
1245 | } else { | |
1246 | tb->page_addr[1] = -1; | |
1247 | } | |
1248 | ||
2e1ae44a AB |
1249 | /* add in the hash table */ |
1250 | h = tb_hash_func(phys_pc, tb->pc, tb->flags); | |
1251 | qht_insert(&tcg_ctx.tb_ctx.htable, tb, h); | |
1252 | ||
e90d96b1 SF |
1253 | #ifdef DEBUG_TB_CHECK |
1254 | tb_page_check(); | |
1255 | #endif | |
1256 | } | |
1257 | ||
75692087 | 1258 | /* Called with mmap_lock held for user mode emulation. */ |
648f034c | 1259 | TranslationBlock *tb_gen_code(CPUState *cpu, |
5b6dd868 | 1260 | target_ulong pc, target_ulong cs_base, |
89fee74a | 1261 | uint32_t flags, int cflags) |
5b6dd868 | 1262 | { |
648f034c | 1263 | CPUArchState *env = cpu->env_ptr; |
5b6dd868 | 1264 | TranslationBlock *tb; |
5b6dd868 BS |
1265 | tb_page_addr_t phys_pc, phys_page2; |
1266 | target_ulong virt_page2; | |
fec88f64 | 1267 | tcg_insn_unit *gen_code_buf; |
fca8a500 | 1268 | int gen_code_size, search_size; |
fec88f64 RH |
1269 | #ifdef CONFIG_PROFILER |
1270 | int64_t ti; | |
1271 | #endif | |
e505a063 | 1272 | assert_memory_lock(); |
5b6dd868 BS |
1273 | |
1274 | phys_pc = get_page_addr_code(env, pc); | |
56c0269a | 1275 | if (use_icount && !(cflags & CF_IGNORE_ICOUNT)) { |
0266359e PB |
1276 | cflags |= CF_USE_ICOUNT; |
1277 | } | |
b125f9dc | 1278 | |
5b6dd868 | 1279 | tb = tb_alloc(pc); |
b125f9dc RH |
1280 | if (unlikely(!tb)) { |
1281 | buffer_overflow: | |
5b6dd868 | 1282 | /* flush must be done */ |
bbd77c18 | 1283 | tb_flush(cpu); |
3359baad | 1284 | mmap_unlock(); |
8499c8fc PD |
1285 | /* Make the execution loop process the flush as soon as possible. */ |
1286 | cpu->exception_index = EXCP_INTERRUPT; | |
3359baad | 1287 | cpu_loop_exit(cpu); |
5b6dd868 | 1288 | } |
fec88f64 RH |
1289 | |
1290 | gen_code_buf = tcg_ctx.code_gen_ptr; | |
1291 | tb->tc_ptr = gen_code_buf; | |
5b6dd868 BS |
1292 | tb->cs_base = cs_base; |
1293 | tb->flags = flags; | |
1294 | tb->cflags = cflags; | |
fec88f64 RH |
1295 | |
1296 | #ifdef CONFIG_PROFILER | |
1297 | tcg_ctx.tb_count1++; /* includes aborted translations because of | |
1298 | exceptions */ | |
1299 | ti = profile_getclock(); | |
1300 | #endif | |
1301 | ||
1302 | tcg_func_start(&tcg_ctx); | |
1303 | ||
7c255043 | 1304 | tcg_ctx.cpu = ENV_GET_CPU(env); |
fec88f64 | 1305 | gen_intermediate_code(env, tb); |
7c255043 | 1306 | tcg_ctx.cpu = NULL; |
fec88f64 RH |
1307 | |
1308 | trace_translate_block(tb, tb->pc, tb->tc_ptr); | |
1309 | ||
1310 | /* generate machine code */ | |
f309101c SF |
1311 | tb->jmp_reset_offset[0] = TB_JMP_RESET_OFFSET_INVALID; |
1312 | tb->jmp_reset_offset[1] = TB_JMP_RESET_OFFSET_INVALID; | |
1313 | tcg_ctx.tb_jmp_reset_offset = tb->jmp_reset_offset; | |
fec88f64 | 1314 | #ifdef USE_DIRECT_JUMP |
f309101c SF |
1315 | tcg_ctx.tb_jmp_insn_offset = tb->jmp_insn_offset; |
1316 | tcg_ctx.tb_jmp_target_addr = NULL; | |
fec88f64 | 1317 | #else |
f309101c SF |
1318 | tcg_ctx.tb_jmp_insn_offset = NULL; |
1319 | tcg_ctx.tb_jmp_target_addr = tb->jmp_target_addr; | |
fec88f64 RH |
1320 | #endif |
1321 | ||
1322 | #ifdef CONFIG_PROFILER | |
1323 | tcg_ctx.tb_count++; | |
1324 | tcg_ctx.interm_time += profile_getclock() - ti; | |
1325 | tcg_ctx.code_time -= profile_getclock(); | |
1326 | #endif | |
1327 | ||
b125f9dc RH |
1328 | /* ??? Overflow could be handled better here. In particular, we |
1329 | don't need to re-do gen_intermediate_code, nor should we re-do | |
1330 | the tcg optimization currently hidden inside tcg_gen_code. All | |
1331 | that should be required is to flush the TBs, allocate a new TB, | |
1332 | re-initialize it per above, and re-do the actual code generation. */ | |
5bd2ec3d | 1333 | gen_code_size = tcg_gen_code(&tcg_ctx, tb); |
b125f9dc RH |
1334 | if (unlikely(gen_code_size < 0)) { |
1335 | goto buffer_overflow; | |
1336 | } | |
fca8a500 | 1337 | search_size = encode_search(tb, (void *)gen_code_buf + gen_code_size); |
b125f9dc RH |
1338 | if (unlikely(search_size < 0)) { |
1339 | goto buffer_overflow; | |
1340 | } | |
fec88f64 RH |
1341 | |
1342 | #ifdef CONFIG_PROFILER | |
1343 | tcg_ctx.code_time += profile_getclock(); | |
1344 | tcg_ctx.code_in_len += tb->size; | |
1345 | tcg_ctx.code_out_len += gen_code_size; | |
fca8a500 | 1346 | tcg_ctx.search_out_len += search_size; |
fec88f64 RH |
1347 | #endif |
1348 | ||
1349 | #ifdef DEBUG_DISAS | |
d977e1c2 AB |
1350 | if (qemu_loglevel_mask(CPU_LOG_TB_OUT_ASM) && |
1351 | qemu_log_in_addr_range(tb->pc)) { | |
1ee73216 | 1352 | qemu_log_lock(); |
fec88f64 RH |
1353 | qemu_log("OUT: [size=%d]\n", gen_code_size); |
1354 | log_disas(tb->tc_ptr, gen_code_size); | |
1355 | qemu_log("\n"); | |
1356 | qemu_log_flush(); | |
1ee73216 | 1357 | qemu_log_unlock(); |
fec88f64 RH |
1358 | } |
1359 | #endif | |
1360 | ||
fca8a500 RH |
1361 | tcg_ctx.code_gen_ptr = (void *) |
1362 | ROUND_UP((uintptr_t)gen_code_buf + gen_code_size + search_size, | |
1363 | CODE_GEN_ALIGN); | |
5b6dd868 | 1364 | |
901bc3de SF |
1365 | /* init jump list */ |
1366 | assert(((uintptr_t)tb & 3) == 0); | |
1367 | tb->jmp_list_first = (uintptr_t)tb | 2; | |
1368 | tb->jmp_list_next[0] = (uintptr_t)NULL; | |
1369 | tb->jmp_list_next[1] = (uintptr_t)NULL; | |
1370 | ||
1371 | /* init original jump addresses wich has been set during tcg_gen_code() */ | |
1372 | if (tb->jmp_reset_offset[0] != TB_JMP_RESET_OFFSET_INVALID) { | |
1373 | tb_reset_jump(tb, 0); | |
1374 | } | |
1375 | if (tb->jmp_reset_offset[1] != TB_JMP_RESET_OFFSET_INVALID) { | |
1376 | tb_reset_jump(tb, 1); | |
1377 | } | |
1378 | ||
5b6dd868 BS |
1379 | /* check next page if needed */ |
1380 | virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK; | |
1381 | phys_page2 = -1; | |
1382 | if ((pc & TARGET_PAGE_MASK) != virt_page2) { | |
1383 | phys_page2 = get_page_addr_code(env, virt_page2); | |
1384 | } | |
901bc3de SF |
1385 | /* As long as consistency of the TB stuff is provided by tb_lock in user |
1386 | * mode and is implicit in single-threaded softmmu emulation, no explicit | |
1387 | * memory barrier is required before tb_link_page() makes the TB visible | |
1388 | * through the physical hash table and physical page list. | |
1389 | */ | |
5b6dd868 BS |
1390 | tb_link_page(tb, phys_pc, phys_page2); |
1391 | return tb; | |
1392 | } | |
1393 | ||
1394 | /* | |
1395 | * Invalidate all TBs which intersect with the target physical address range | |
1396 | * [start;end[. NOTE: start and end may refer to *different* physical pages. | |
1397 | * 'is_cpu_write_access' should be true if called from a real cpu write | |
1398 | * access: the virtual CPU will exit the current TB if code is modified inside | |
1399 | * this TB. | |
75692087 | 1400 | * |
ba051fb5 AB |
1401 | * Called with mmap_lock held for user-mode emulation, grabs tb_lock |
1402 | * Called with tb_lock held for system-mode emulation | |
5b6dd868 | 1403 | */ |
ba051fb5 | 1404 | static void tb_invalidate_phys_range_1(tb_page_addr_t start, tb_page_addr_t end) |
5b6dd868 BS |
1405 | { |
1406 | while (start < end) { | |
35865339 | 1407 | tb_invalidate_phys_page_range(start, end, 0); |
5b6dd868 BS |
1408 | start &= TARGET_PAGE_MASK; |
1409 | start += TARGET_PAGE_SIZE; | |
1410 | } | |
1411 | } | |
1412 | ||
ba051fb5 AB |
1413 | #ifdef CONFIG_SOFTMMU |
1414 | void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end) | |
1415 | { | |
6ac3d7e8 | 1416 | assert_tb_locked(); |
ba051fb5 AB |
1417 | tb_invalidate_phys_range_1(start, end); |
1418 | } | |
1419 | #else | |
1420 | void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end) | |
1421 | { | |
1422 | assert_memory_lock(); | |
1423 | tb_lock(); | |
1424 | tb_invalidate_phys_range_1(start, end); | |
1425 | tb_unlock(); | |
1426 | } | |
1427 | #endif | |
5b6dd868 BS |
1428 | /* |
1429 | * Invalidate all TBs which intersect with the target physical address range | |
1430 | * [start;end[. NOTE: start and end must refer to the *same* physical page. | |
1431 | * 'is_cpu_write_access' should be true if called from a real cpu write | |
1432 | * access: the virtual CPU will exit the current TB if code is modified inside | |
1433 | * this TB. | |
75692087 | 1434 | * |
ba051fb5 AB |
1435 | * Called with tb_lock/mmap_lock held for user-mode emulation |
1436 | * Called with tb_lock held for system-mode emulation | |
5b6dd868 BS |
1437 | */ |
1438 | void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end, | |
1439 | int is_cpu_write_access) | |
1440 | { | |
3213525f | 1441 | TranslationBlock *tb, *tb_next; |
baea4fae | 1442 | #if defined(TARGET_HAS_PRECISE_SMC) |
3213525f | 1443 | CPUState *cpu = current_cpu; |
4917cf44 AF |
1444 | CPUArchState *env = NULL; |
1445 | #endif | |
5b6dd868 BS |
1446 | tb_page_addr_t tb_start, tb_end; |
1447 | PageDesc *p; | |
1448 | int n; | |
1449 | #ifdef TARGET_HAS_PRECISE_SMC | |
1450 | int current_tb_not_found = is_cpu_write_access; | |
1451 | TranslationBlock *current_tb = NULL; | |
1452 | int current_tb_modified = 0; | |
1453 | target_ulong current_pc = 0; | |
1454 | target_ulong current_cs_base = 0; | |
89fee74a | 1455 | uint32_t current_flags = 0; |
5b6dd868 BS |
1456 | #endif /* TARGET_HAS_PRECISE_SMC */ |
1457 | ||
e505a063 | 1458 | assert_memory_lock(); |
6ac3d7e8 | 1459 | assert_tb_locked(); |
e505a063 | 1460 | |
5b6dd868 BS |
1461 | p = page_find(start >> TARGET_PAGE_BITS); |
1462 | if (!p) { | |
1463 | return; | |
1464 | } | |
baea4fae | 1465 | #if defined(TARGET_HAS_PRECISE_SMC) |
4917cf44 AF |
1466 | if (cpu != NULL) { |
1467 | env = cpu->env_ptr; | |
d77953b9 | 1468 | } |
4917cf44 | 1469 | #endif |
5b6dd868 BS |
1470 | |
1471 | /* we remove all the TBs in the range [start, end[ */ | |
1472 | /* XXX: see if in some cases it could be faster to invalidate all | |
1473 | the code */ | |
1474 | tb = p->first_tb; | |
1475 | while (tb != NULL) { | |
1476 | n = (uintptr_t)tb & 3; | |
1477 | tb = (TranslationBlock *)((uintptr_t)tb & ~3); | |
1478 | tb_next = tb->page_next[n]; | |
1479 | /* NOTE: this is subtle as a TB may span two physical pages */ | |
1480 | if (n == 0) { | |
1481 | /* NOTE: tb_end may be after the end of the page, but | |
1482 | it is not a problem */ | |
1483 | tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK); | |
1484 | tb_end = tb_start + tb->size; | |
1485 | } else { | |
1486 | tb_start = tb->page_addr[1]; | |
1487 | tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK); | |
1488 | } | |
1489 | if (!(tb_end <= start || tb_start >= end)) { | |
1490 | #ifdef TARGET_HAS_PRECISE_SMC | |
1491 | if (current_tb_not_found) { | |
1492 | current_tb_not_found = 0; | |
1493 | current_tb = NULL; | |
93afeade | 1494 | if (cpu->mem_io_pc) { |
5b6dd868 | 1495 | /* now we have a real cpu fault */ |
93afeade | 1496 | current_tb = tb_find_pc(cpu->mem_io_pc); |
5b6dd868 BS |
1497 | } |
1498 | } | |
1499 | if (current_tb == tb && | |
1500 | (current_tb->cflags & CF_COUNT_MASK) != 1) { | |
1501 | /* If we are modifying the current TB, we must stop | |
1502 | its execution. We could be more precise by checking | |
1503 | that the modification is after the current PC, but it | |
1504 | would require a specialized function to partially | |
1505 | restore the CPU state */ | |
1506 | ||
1507 | current_tb_modified = 1; | |
74f10515 | 1508 | cpu_restore_state_from_tb(cpu, current_tb, cpu->mem_io_pc); |
5b6dd868 BS |
1509 | cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base, |
1510 | ¤t_flags); | |
1511 | } | |
1512 | #endif /* TARGET_HAS_PRECISE_SMC */ | |
5b6dd868 | 1513 | tb_phys_invalidate(tb, -1); |
5b6dd868 BS |
1514 | } |
1515 | tb = tb_next; | |
1516 | } | |
1517 | #if !defined(CONFIG_USER_ONLY) | |
1518 | /* if no code remaining, no need to continue to use slow writes */ | |
1519 | if (!p->first_tb) { | |
1520 | invalidate_page_bitmap(p); | |
fc377bcf | 1521 | tlb_unprotect_code(start); |
5b6dd868 BS |
1522 | } |
1523 | #endif | |
1524 | #ifdef TARGET_HAS_PRECISE_SMC | |
1525 | if (current_tb_modified) { | |
1526 | /* we generate a block containing just the instruction | |
1527 | modifying the memory. It will ensure that it cannot modify | |
1528 | itself */ | |
648f034c | 1529 | tb_gen_code(cpu, current_pc, current_cs_base, current_flags, 1); |
6886b980 | 1530 | cpu_loop_exit_noexc(cpu); |
5b6dd868 BS |
1531 | } |
1532 | #endif | |
1533 | } | |
1534 | ||
6fad459c | 1535 | #ifdef CONFIG_SOFTMMU |
ba051fb5 AB |
1536 | /* len must be <= 8 and start must be a multiple of len. |
1537 | * Called via softmmu_template.h when code areas are written to with | |
8d04fb55 | 1538 | * iothread mutex not held. |
ba051fb5 | 1539 | */ |
5b6dd868 BS |
1540 | void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len) |
1541 | { | |
1542 | PageDesc *p; | |
5b6dd868 BS |
1543 | |
1544 | #if 0 | |
1545 | if (1) { | |
1546 | qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n", | |
1547 | cpu_single_env->mem_io_vaddr, len, | |
1548 | cpu_single_env->eip, | |
1549 | cpu_single_env->eip + | |
1550 | (intptr_t)cpu_single_env->segs[R_CS].base); | |
1551 | } | |
1552 | #endif | |
ba051fb5 AB |
1553 | assert_memory_lock(); |
1554 | ||
5b6dd868 BS |
1555 | p = page_find(start >> TARGET_PAGE_BITS); |
1556 | if (!p) { | |
1557 | return; | |
1558 | } | |
fc377bcf PB |
1559 | if (!p->code_bitmap && |
1560 | ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD) { | |
7d7500d9 PB |
1561 | /* build code bitmap. FIXME: writes should be protected by |
1562 | * tb_lock, reads by tb_lock or RCU. | |
1563 | */ | |
fc377bcf PB |
1564 | build_page_bitmap(p); |
1565 | } | |
5b6dd868 | 1566 | if (p->code_bitmap) { |
510a647f EC |
1567 | unsigned int nr; |
1568 | unsigned long b; | |
1569 | ||
1570 | nr = start & ~TARGET_PAGE_MASK; | |
1571 | b = p->code_bitmap[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG - 1)); | |
5b6dd868 BS |
1572 | if (b & ((1 << len) - 1)) { |
1573 | goto do_invalidate; | |
1574 | } | |
1575 | } else { | |
1576 | do_invalidate: | |
1577 | tb_invalidate_phys_page_range(start, start + len, 1); | |
1578 | } | |
1579 | } | |
6fad459c | 1580 | #else |
75809229 PM |
1581 | /* Called with mmap_lock held. If pc is not 0 then it indicates the |
1582 | * host PC of the faulting store instruction that caused this invalidate. | |
1583 | * Returns true if the caller needs to abort execution of the current | |
1584 | * TB (because it was modified by this store and the guest CPU has | |
1585 | * precise-SMC semantics). | |
1586 | */ | |
1587 | static bool tb_invalidate_phys_page(tb_page_addr_t addr, uintptr_t pc) | |
5b6dd868 BS |
1588 | { |
1589 | TranslationBlock *tb; | |
1590 | PageDesc *p; | |
1591 | int n; | |
1592 | #ifdef TARGET_HAS_PRECISE_SMC | |
1593 | TranslationBlock *current_tb = NULL; | |
4917cf44 AF |
1594 | CPUState *cpu = current_cpu; |
1595 | CPUArchState *env = NULL; | |
5b6dd868 BS |
1596 | int current_tb_modified = 0; |
1597 | target_ulong current_pc = 0; | |
1598 | target_ulong current_cs_base = 0; | |
89fee74a | 1599 | uint32_t current_flags = 0; |
5b6dd868 BS |
1600 | #endif |
1601 | ||
ba051fb5 AB |
1602 | assert_memory_lock(); |
1603 | ||
5b6dd868 BS |
1604 | addr &= TARGET_PAGE_MASK; |
1605 | p = page_find(addr >> TARGET_PAGE_BITS); | |
1606 | if (!p) { | |
75809229 | 1607 | return false; |
5b6dd868 | 1608 | } |
a5e99826 FK |
1609 | |
1610 | tb_lock(); | |
5b6dd868 BS |
1611 | tb = p->first_tb; |
1612 | #ifdef TARGET_HAS_PRECISE_SMC | |
1613 | if (tb && pc != 0) { | |
1614 | current_tb = tb_find_pc(pc); | |
1615 | } | |
4917cf44 AF |
1616 | if (cpu != NULL) { |
1617 | env = cpu->env_ptr; | |
d77953b9 | 1618 | } |
5b6dd868 BS |
1619 | #endif |
1620 | while (tb != NULL) { | |
1621 | n = (uintptr_t)tb & 3; | |
1622 | tb = (TranslationBlock *)((uintptr_t)tb & ~3); | |
1623 | #ifdef TARGET_HAS_PRECISE_SMC | |
1624 | if (current_tb == tb && | |
1625 | (current_tb->cflags & CF_COUNT_MASK) != 1) { | |
1626 | /* If we are modifying the current TB, we must stop | |
1627 | its execution. We could be more precise by checking | |
1628 | that the modification is after the current PC, but it | |
1629 | would require a specialized function to partially | |
1630 | restore the CPU state */ | |
1631 | ||
1632 | current_tb_modified = 1; | |
74f10515 | 1633 | cpu_restore_state_from_tb(cpu, current_tb, pc); |
5b6dd868 BS |
1634 | cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base, |
1635 | ¤t_flags); | |
1636 | } | |
1637 | #endif /* TARGET_HAS_PRECISE_SMC */ | |
1638 | tb_phys_invalidate(tb, addr); | |
1639 | tb = tb->page_next[n]; | |
1640 | } | |
1641 | p->first_tb = NULL; | |
1642 | #ifdef TARGET_HAS_PRECISE_SMC | |
1643 | if (current_tb_modified) { | |
1644 | /* we generate a block containing just the instruction | |
1645 | modifying the memory. It will ensure that it cannot modify | |
1646 | itself */ | |
648f034c | 1647 | tb_gen_code(cpu, current_pc, current_cs_base, current_flags, 1); |
a5e99826 FK |
1648 | /* tb_lock will be reset after cpu_loop_exit_noexc longjmps |
1649 | * back into the cpu_exec loop. */ | |
75809229 | 1650 | return true; |
5b6dd868 BS |
1651 | } |
1652 | #endif | |
a5e99826 FK |
1653 | tb_unlock(); |
1654 | ||
75809229 | 1655 | return false; |
5b6dd868 BS |
1656 | } |
1657 | #endif | |
1658 | ||
5b6dd868 BS |
1659 | /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr < |
1660 | tb[1].tc_ptr. Return NULL if not found */ | |
a8a826a3 | 1661 | static TranslationBlock *tb_find_pc(uintptr_t tc_ptr) |
5b6dd868 BS |
1662 | { |
1663 | int m_min, m_max, m; | |
1664 | uintptr_t v; | |
1665 | TranslationBlock *tb; | |
1666 | ||
5e5f07e0 | 1667 | if (tcg_ctx.tb_ctx.nb_tbs <= 0) { |
5b6dd868 BS |
1668 | return NULL; |
1669 | } | |
0b0d3320 EV |
1670 | if (tc_ptr < (uintptr_t)tcg_ctx.code_gen_buffer || |
1671 | tc_ptr >= (uintptr_t)tcg_ctx.code_gen_ptr) { | |
5b6dd868 BS |
1672 | return NULL; |
1673 | } | |
1674 | /* binary search (cf Knuth) */ | |
1675 | m_min = 0; | |
5e5f07e0 | 1676 | m_max = tcg_ctx.tb_ctx.nb_tbs - 1; |
5b6dd868 BS |
1677 | while (m_min <= m_max) { |
1678 | m = (m_min + m_max) >> 1; | |
6e3b2bfd | 1679 | tb = tcg_ctx.tb_ctx.tbs[m]; |
5b6dd868 BS |
1680 | v = (uintptr_t)tb->tc_ptr; |
1681 | if (v == tc_ptr) { | |
1682 | return tb; | |
1683 | } else if (tc_ptr < v) { | |
1684 | m_max = m - 1; | |
1685 | } else { | |
1686 | m_min = m + 1; | |
1687 | } | |
1688 | } | |
6e3b2bfd | 1689 | return tcg_ctx.tb_ctx.tbs[m_max]; |
5b6dd868 BS |
1690 | } |
1691 | ||
ec53b45b | 1692 | #if !defined(CONFIG_USER_ONLY) |
29d8ec7b | 1693 | void tb_invalidate_phys_addr(AddressSpace *as, hwaddr addr) |
5b6dd868 BS |
1694 | { |
1695 | ram_addr_t ram_addr; | |
5c8a00ce | 1696 | MemoryRegion *mr; |
149f54b5 | 1697 | hwaddr l = 1; |
5b6dd868 | 1698 | |
41063e1e | 1699 | rcu_read_lock(); |
29d8ec7b | 1700 | mr = address_space_translate(as, addr, &addr, &l, false); |
5c8a00ce PB |
1701 | if (!(memory_region_is_ram(mr) |
1702 | || memory_region_is_romd(mr))) { | |
41063e1e | 1703 | rcu_read_unlock(); |
5b6dd868 BS |
1704 | return; |
1705 | } | |
e4e69794 | 1706 | ram_addr = memory_region_get_ram_addr(mr) + addr; |
ba051fb5 | 1707 | tb_lock(); |
5b6dd868 | 1708 | tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0); |
ba051fb5 | 1709 | tb_unlock(); |
41063e1e | 1710 | rcu_read_unlock(); |
5b6dd868 | 1711 | } |
ec53b45b | 1712 | #endif /* !defined(CONFIG_USER_ONLY) */ |
5b6dd868 | 1713 | |
7d7500d9 | 1714 | /* Called with tb_lock held. */ |
239c51a5 | 1715 | void tb_check_watchpoint(CPUState *cpu) |
5b6dd868 BS |
1716 | { |
1717 | TranslationBlock *tb; | |
1718 | ||
93afeade | 1719 | tb = tb_find_pc(cpu->mem_io_pc); |
8d302e76 AJ |
1720 | if (tb) { |
1721 | /* We can use retranslation to find the PC. */ | |
1722 | cpu_restore_state_from_tb(cpu, tb, cpu->mem_io_pc); | |
1723 | tb_phys_invalidate(tb, -1); | |
1724 | } else { | |
1725 | /* The exception probably happened in a helper. The CPU state should | |
1726 | have been saved before calling it. Fetch the PC from there. */ | |
1727 | CPUArchState *env = cpu->env_ptr; | |
1728 | target_ulong pc, cs_base; | |
1729 | tb_page_addr_t addr; | |
89fee74a | 1730 | uint32_t flags; |
8d302e76 AJ |
1731 | |
1732 | cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags); | |
1733 | addr = get_page_addr_code(env, pc); | |
1734 | tb_invalidate_phys_range(addr, addr + 1); | |
5b6dd868 | 1735 | } |
5b6dd868 BS |
1736 | } |
1737 | ||
1738 | #ifndef CONFIG_USER_ONLY | |
5b6dd868 | 1739 | /* in deterministic execution mode, instructions doing device I/Os |
8d04fb55 JK |
1740 | * must be at the end of the TB. |
1741 | * | |
1742 | * Called by softmmu_template.h, with iothread mutex not held. | |
1743 | */ | |
90b40a69 | 1744 | void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr) |
5b6dd868 | 1745 | { |
a47dddd7 | 1746 | #if defined(TARGET_MIPS) || defined(TARGET_SH4) |
90b40a69 | 1747 | CPUArchState *env = cpu->env_ptr; |
a47dddd7 | 1748 | #endif |
5b6dd868 BS |
1749 | TranslationBlock *tb; |
1750 | uint32_t n, cflags; | |
1751 | target_ulong pc, cs_base; | |
89fee74a | 1752 | uint32_t flags; |
5b6dd868 | 1753 | |
a5e99826 | 1754 | tb_lock(); |
5b6dd868 BS |
1755 | tb = tb_find_pc(retaddr); |
1756 | if (!tb) { | |
a47dddd7 | 1757 | cpu_abort(cpu, "cpu_io_recompile: could not find TB for pc=%p", |
5b6dd868 BS |
1758 | (void *)retaddr); |
1759 | } | |
28ecfd7a | 1760 | n = cpu->icount_decr.u16.low + tb->icount; |
74f10515 | 1761 | cpu_restore_state_from_tb(cpu, tb, retaddr); |
5b6dd868 BS |
1762 | /* Calculate how many instructions had been executed before the fault |
1763 | occurred. */ | |
28ecfd7a | 1764 | n = n - cpu->icount_decr.u16.low; |
5b6dd868 BS |
1765 | /* Generate a new TB ending on the I/O insn. */ |
1766 | n++; | |
1767 | /* On MIPS and SH, delay slot instructions can only be restarted if | |
1768 | they were already the first instruction in the TB. If this is not | |
1769 | the first instruction in a TB then re-execute the preceding | |
1770 | branch. */ | |
1771 | #if defined(TARGET_MIPS) | |
1772 | if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) { | |
c3577479 | 1773 | env->active_tc.PC -= (env->hflags & MIPS_HFLAG_B16 ? 2 : 4); |
28ecfd7a | 1774 | cpu->icount_decr.u16.low++; |
5b6dd868 BS |
1775 | env->hflags &= ~MIPS_HFLAG_BMASK; |
1776 | } | |
1777 | #elif defined(TARGET_SH4) | |
1778 | if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0 | |
1779 | && n > 1) { | |
1780 | env->pc -= 2; | |
28ecfd7a | 1781 | cpu->icount_decr.u16.low++; |
5b6dd868 BS |
1782 | env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL); |
1783 | } | |
1784 | #endif | |
1785 | /* This should never happen. */ | |
1786 | if (n > CF_COUNT_MASK) { | |
a47dddd7 | 1787 | cpu_abort(cpu, "TB too big during recompile"); |
5b6dd868 BS |
1788 | } |
1789 | ||
1790 | cflags = n | CF_LAST_IO; | |
1791 | pc = tb->pc; | |
1792 | cs_base = tb->cs_base; | |
1793 | flags = tb->flags; | |
1794 | tb_phys_invalidate(tb, -1); | |
02d57ea1 SF |
1795 | if (tb->cflags & CF_NOCACHE) { |
1796 | if (tb->orig_tb) { | |
1797 | /* Invalidate original TB if this TB was generated in | |
1798 | * cpu_exec_nocache() */ | |
1799 | tb_phys_invalidate(tb->orig_tb, -1); | |
1800 | } | |
1801 | tb_free(tb); | |
1802 | } | |
5b6dd868 BS |
1803 | /* FIXME: In theory this could raise an exception. In practice |
1804 | we have already translated the block once so it's probably ok. */ | |
648f034c | 1805 | tb_gen_code(cpu, pc, cs_base, flags, cflags); |
a5e99826 | 1806 | |
5b6dd868 | 1807 | /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not |
a5e99826 FK |
1808 | * the first in the TB) then we end up generating a whole new TB and |
1809 | * repeating the fault, which is horribly inefficient. | |
1810 | * Better would be to execute just this insn uncached, or generate a | |
1811 | * second new TB. | |
1812 | * | |
1813 | * cpu_loop_exit_noexc will longjmp back to cpu_exec where the | |
1814 | * tb_lock gets reset. | |
1815 | */ | |
6886b980 | 1816 | cpu_loop_exit_noexc(cpu); |
5b6dd868 BS |
1817 | } |
1818 | ||
611d4f99 | 1819 | void tb_flush_jmp_cache(CPUState *cpu, target_ulong addr) |
5b6dd868 BS |
1820 | { |
1821 | unsigned int i; | |
1822 | ||
1823 | /* Discard jump cache entries for any tb which might potentially | |
1824 | overlap the flushed page. */ | |
1825 | i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE); | |
8cd70437 | 1826 | memset(&cpu->tb_jmp_cache[i], 0, |
5b6dd868 BS |
1827 | TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *)); |
1828 | ||
1829 | i = tb_jmp_cache_hash_page(addr); | |
8cd70437 | 1830 | memset(&cpu->tb_jmp_cache[i], 0, |
5b6dd868 BS |
1831 | TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *)); |
1832 | } | |
1833 | ||
7266ae91 EC |
1834 | static void print_qht_statistics(FILE *f, fprintf_function cpu_fprintf, |
1835 | struct qht_stats hst) | |
1836 | { | |
1837 | uint32_t hgram_opts; | |
1838 | size_t hgram_bins; | |
1839 | char *hgram; | |
1840 | ||
1841 | if (!hst.head_buckets) { | |
1842 | return; | |
1843 | } | |
1844 | cpu_fprintf(f, "TB hash buckets %zu/%zu (%0.2f%% head buckets used)\n", | |
1845 | hst.used_head_buckets, hst.head_buckets, | |
1846 | (double)hst.used_head_buckets / hst.head_buckets * 100); | |
1847 | ||
1848 | hgram_opts = QDIST_PR_BORDER | QDIST_PR_LABELS; | |
1849 | hgram_opts |= QDIST_PR_100X | QDIST_PR_PERCENT; | |
1850 | if (qdist_xmax(&hst.occupancy) - qdist_xmin(&hst.occupancy) == 1) { | |
1851 | hgram_opts |= QDIST_PR_NODECIMAL; | |
1852 | } | |
1853 | hgram = qdist_pr(&hst.occupancy, 10, hgram_opts); | |
1854 | cpu_fprintf(f, "TB hash occupancy %0.2f%% avg chain occ. Histogram: %s\n", | |
1855 | qdist_avg(&hst.occupancy) * 100, hgram); | |
1856 | g_free(hgram); | |
1857 | ||
1858 | hgram_opts = QDIST_PR_BORDER | QDIST_PR_LABELS; | |
1859 | hgram_bins = qdist_xmax(&hst.chain) - qdist_xmin(&hst.chain); | |
1860 | if (hgram_bins > 10) { | |
1861 | hgram_bins = 10; | |
1862 | } else { | |
1863 | hgram_bins = 0; | |
1864 | hgram_opts |= QDIST_PR_NODECIMAL | QDIST_PR_NOBINRANGE; | |
1865 | } | |
1866 | hgram = qdist_pr(&hst.chain, hgram_bins, hgram_opts); | |
1867 | cpu_fprintf(f, "TB hash avg chain %0.3f buckets. Histogram: %s\n", | |
1868 | qdist_avg(&hst.chain), hgram); | |
1869 | g_free(hgram); | |
1870 | } | |
1871 | ||
5b6dd868 BS |
1872 | void dump_exec_info(FILE *f, fprintf_function cpu_fprintf) |
1873 | { | |
1874 | int i, target_code_size, max_target_code_size; | |
1875 | int direct_jmp_count, direct_jmp2_count, cross_page; | |
1876 | TranslationBlock *tb; | |
329844d4 | 1877 | struct qht_stats hst; |
5b6dd868 | 1878 | |
a5e99826 FK |
1879 | tb_lock(); |
1880 | ||
5b6dd868 BS |
1881 | target_code_size = 0; |
1882 | max_target_code_size = 0; | |
1883 | cross_page = 0; | |
1884 | direct_jmp_count = 0; | |
1885 | direct_jmp2_count = 0; | |
5e5f07e0 | 1886 | for (i = 0; i < tcg_ctx.tb_ctx.nb_tbs; i++) { |
6e3b2bfd | 1887 | tb = tcg_ctx.tb_ctx.tbs[i]; |
5b6dd868 BS |
1888 | target_code_size += tb->size; |
1889 | if (tb->size > max_target_code_size) { | |
1890 | max_target_code_size = tb->size; | |
1891 | } | |
1892 | if (tb->page_addr[1] != -1) { | |
1893 | cross_page++; | |
1894 | } | |
f309101c | 1895 | if (tb->jmp_reset_offset[0] != TB_JMP_RESET_OFFSET_INVALID) { |
5b6dd868 | 1896 | direct_jmp_count++; |
f309101c | 1897 | if (tb->jmp_reset_offset[1] != TB_JMP_RESET_OFFSET_INVALID) { |
5b6dd868 BS |
1898 | direct_jmp2_count++; |
1899 | } | |
1900 | } | |
1901 | } | |
1902 | /* XXX: avoid using doubles ? */ | |
1903 | cpu_fprintf(f, "Translation buffer state:\n"); | |
1904 | cpu_fprintf(f, "gen code size %td/%zd\n", | |
0b0d3320 | 1905 | tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer, |
b125f9dc | 1906 | tcg_ctx.code_gen_highwater - tcg_ctx.code_gen_buffer); |
6e3b2bfd | 1907 | cpu_fprintf(f, "TB count %d\n", tcg_ctx.tb_ctx.nb_tbs); |
5b6dd868 | 1908 | cpu_fprintf(f, "TB avg target size %d max=%d bytes\n", |
5e5f07e0 EV |
1909 | tcg_ctx.tb_ctx.nb_tbs ? target_code_size / |
1910 | tcg_ctx.tb_ctx.nb_tbs : 0, | |
1911 | max_target_code_size); | |
5b6dd868 | 1912 | cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n", |
5e5f07e0 EV |
1913 | tcg_ctx.tb_ctx.nb_tbs ? (tcg_ctx.code_gen_ptr - |
1914 | tcg_ctx.code_gen_buffer) / | |
1915 | tcg_ctx.tb_ctx.nb_tbs : 0, | |
1916 | target_code_size ? (double) (tcg_ctx.code_gen_ptr - | |
1917 | tcg_ctx.code_gen_buffer) / | |
1918 | target_code_size : 0); | |
1919 | cpu_fprintf(f, "cross page TB count %d (%d%%)\n", cross_page, | |
1920 | tcg_ctx.tb_ctx.nb_tbs ? (cross_page * 100) / | |
1921 | tcg_ctx.tb_ctx.nb_tbs : 0); | |
5b6dd868 BS |
1922 | cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n", |
1923 | direct_jmp_count, | |
5e5f07e0 EV |
1924 | tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp_count * 100) / |
1925 | tcg_ctx.tb_ctx.nb_tbs : 0, | |
5b6dd868 | 1926 | direct_jmp2_count, |
5e5f07e0 EV |
1927 | tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp2_count * 100) / |
1928 | tcg_ctx.tb_ctx.nb_tbs : 0); | |
329844d4 EC |
1929 | |
1930 | qht_statistics_init(&tcg_ctx.tb_ctx.htable, &hst); | |
7266ae91 | 1931 | print_qht_statistics(f, cpu_fprintf, hst); |
329844d4 EC |
1932 | qht_statistics_destroy(&hst); |
1933 | ||
5b6dd868 | 1934 | cpu_fprintf(f, "\nStatistics:\n"); |
3359baad SF |
1935 | cpu_fprintf(f, "TB flush count %u\n", |
1936 | atomic_read(&tcg_ctx.tb_ctx.tb_flush_count)); | |
5e5f07e0 EV |
1937 | cpu_fprintf(f, "TB invalidate count %d\n", |
1938 | tcg_ctx.tb_ctx.tb_phys_invalidate_count); | |
5b6dd868 BS |
1939 | cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count); |
1940 | tcg_dump_info(f, cpu_fprintf); | |
a5e99826 FK |
1941 | |
1942 | tb_unlock(); | |
5b6dd868 BS |
1943 | } |
1944 | ||
246ae24d MF |
1945 | void dump_opcount_info(FILE *f, fprintf_function cpu_fprintf) |
1946 | { | |
1947 | tcg_dump_op_count(f, cpu_fprintf); | |
1948 | } | |
1949 | ||
5b6dd868 BS |
1950 | #else /* CONFIG_USER_ONLY */ |
1951 | ||
c3affe56 | 1952 | void cpu_interrupt(CPUState *cpu, int mask) |
5b6dd868 | 1953 | { |
8d04fb55 | 1954 | g_assert(qemu_mutex_iothread_locked()); |
259186a7 | 1955 | cpu->interrupt_request |= mask; |
1aab16c2 | 1956 | cpu->icount_decr.u16.high = -1; |
5b6dd868 BS |
1957 | } |
1958 | ||
1959 | /* | |
1960 | * Walks guest process memory "regions" one by one | |
1961 | * and calls callback function 'fn' for each region. | |
1962 | */ | |
1963 | struct walk_memory_regions_data { | |
1964 | walk_memory_regions_fn fn; | |
1965 | void *priv; | |
1a1c4db9 | 1966 | target_ulong start; |
5b6dd868 BS |
1967 | int prot; |
1968 | }; | |
1969 | ||
1970 | static int walk_memory_regions_end(struct walk_memory_regions_data *data, | |
1a1c4db9 | 1971 | target_ulong end, int new_prot) |
5b6dd868 | 1972 | { |
1a1c4db9 | 1973 | if (data->start != -1u) { |
5b6dd868 BS |
1974 | int rc = data->fn(data->priv, data->start, end, data->prot); |
1975 | if (rc != 0) { | |
1976 | return rc; | |
1977 | } | |
1978 | } | |
1979 | ||
1a1c4db9 | 1980 | data->start = (new_prot ? end : -1u); |
5b6dd868 BS |
1981 | data->prot = new_prot; |
1982 | ||
1983 | return 0; | |
1984 | } | |
1985 | ||
1986 | static int walk_memory_regions_1(struct walk_memory_regions_data *data, | |
1a1c4db9 | 1987 | target_ulong base, int level, void **lp) |
5b6dd868 | 1988 | { |
1a1c4db9 | 1989 | target_ulong pa; |
5b6dd868 BS |
1990 | int i, rc; |
1991 | ||
1992 | if (*lp == NULL) { | |
1993 | return walk_memory_regions_end(data, base, 0); | |
1994 | } | |
1995 | ||
1996 | if (level == 0) { | |
1997 | PageDesc *pd = *lp; | |
1998 | ||
03f49957 | 1999 | for (i = 0; i < V_L2_SIZE; ++i) { |
5b6dd868 BS |
2000 | int prot = pd[i].flags; |
2001 | ||
2002 | pa = base | (i << TARGET_PAGE_BITS); | |
2003 | if (prot != data->prot) { | |
2004 | rc = walk_memory_regions_end(data, pa, prot); | |
2005 | if (rc != 0) { | |
2006 | return rc; | |
2007 | } | |
2008 | } | |
2009 | } | |
2010 | } else { | |
2011 | void **pp = *lp; | |
2012 | ||
03f49957 | 2013 | for (i = 0; i < V_L2_SIZE; ++i) { |
1a1c4db9 | 2014 | pa = base | ((target_ulong)i << |
03f49957 | 2015 | (TARGET_PAGE_BITS + V_L2_BITS * level)); |
5b6dd868 BS |
2016 | rc = walk_memory_regions_1(data, pa, level - 1, pp + i); |
2017 | if (rc != 0) { | |
2018 | return rc; | |
2019 | } | |
2020 | } | |
2021 | } | |
2022 | ||
2023 | return 0; | |
2024 | } | |
2025 | ||
2026 | int walk_memory_regions(void *priv, walk_memory_regions_fn fn) | |
2027 | { | |
2028 | struct walk_memory_regions_data data; | |
66ec9f49 | 2029 | uintptr_t i, l1_sz = v_l1_size; |
5b6dd868 BS |
2030 | |
2031 | data.fn = fn; | |
2032 | data.priv = priv; | |
1a1c4db9 | 2033 | data.start = -1u; |
5b6dd868 BS |
2034 | data.prot = 0; |
2035 | ||
66ec9f49 VK |
2036 | for (i = 0; i < l1_sz; i++) { |
2037 | target_ulong base = i << (v_l1_shift + TARGET_PAGE_BITS); | |
2038 | int rc = walk_memory_regions_1(&data, base, v_l2_levels, l1_map + i); | |
5b6dd868 BS |
2039 | if (rc != 0) { |
2040 | return rc; | |
2041 | } | |
2042 | } | |
2043 | ||
2044 | return walk_memory_regions_end(&data, 0, 0); | |
2045 | } | |
2046 | ||
1a1c4db9 MI |
2047 | static int dump_region(void *priv, target_ulong start, |
2048 | target_ulong end, unsigned long prot) | |
5b6dd868 BS |
2049 | { |
2050 | FILE *f = (FILE *)priv; | |
2051 | ||
1a1c4db9 MI |
2052 | (void) fprintf(f, TARGET_FMT_lx"-"TARGET_FMT_lx |
2053 | " "TARGET_FMT_lx" %c%c%c\n", | |
5b6dd868 BS |
2054 | start, end, end - start, |
2055 | ((prot & PAGE_READ) ? 'r' : '-'), | |
2056 | ((prot & PAGE_WRITE) ? 'w' : '-'), | |
2057 | ((prot & PAGE_EXEC) ? 'x' : '-')); | |
2058 | ||
2059 | return 0; | |
2060 | } | |
2061 | ||
2062 | /* dump memory mappings */ | |
2063 | void page_dump(FILE *f) | |
2064 | { | |
1a1c4db9 | 2065 | const int length = sizeof(target_ulong) * 2; |
227b8175 SW |
2066 | (void) fprintf(f, "%-*s %-*s %-*s %s\n", |
2067 | length, "start", length, "end", length, "size", "prot"); | |
5b6dd868 BS |
2068 | walk_memory_regions(f, dump_region); |
2069 | } | |
2070 | ||
2071 | int page_get_flags(target_ulong address) | |
2072 | { | |
2073 | PageDesc *p; | |
2074 | ||
2075 | p = page_find(address >> TARGET_PAGE_BITS); | |
2076 | if (!p) { | |
2077 | return 0; | |
2078 | } | |
2079 | return p->flags; | |
2080 | } | |
2081 | ||
2082 | /* Modify the flags of a page and invalidate the code if necessary. | |
2083 | The flag PAGE_WRITE_ORG is positioned automatically depending | |
2084 | on PAGE_WRITE. The mmap_lock should already be held. */ | |
2085 | void page_set_flags(target_ulong start, target_ulong end, int flags) | |
2086 | { | |
2087 | target_ulong addr, len; | |
2088 | ||
2089 | /* This function should never be called with addresses outside the | |
2090 | guest address space. If this assert fires, it probably indicates | |
2091 | a missing call to h2g_valid. */ | |
2092 | #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS | |
1a1c4db9 | 2093 | assert(end < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)); |
5b6dd868 BS |
2094 | #endif |
2095 | assert(start < end); | |
e505a063 | 2096 | assert_memory_lock(); |
5b6dd868 BS |
2097 | |
2098 | start = start & TARGET_PAGE_MASK; | |
2099 | end = TARGET_PAGE_ALIGN(end); | |
2100 | ||
2101 | if (flags & PAGE_WRITE) { | |
2102 | flags |= PAGE_WRITE_ORG; | |
2103 | } | |
2104 | ||
2105 | for (addr = start, len = end - start; | |
2106 | len != 0; | |
2107 | len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) { | |
2108 | PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1); | |
2109 | ||
2110 | /* If the write protection bit is set, then we invalidate | |
2111 | the code inside. */ | |
2112 | if (!(p->flags & PAGE_WRITE) && | |
2113 | (flags & PAGE_WRITE) && | |
2114 | p->first_tb) { | |
75809229 | 2115 | tb_invalidate_phys_page(addr, 0); |
5b6dd868 BS |
2116 | } |
2117 | p->flags = flags; | |
2118 | } | |
2119 | } | |
2120 | ||
2121 | int page_check_range(target_ulong start, target_ulong len, int flags) | |
2122 | { | |
2123 | PageDesc *p; | |
2124 | target_ulong end; | |
2125 | target_ulong addr; | |
2126 | ||
2127 | /* This function should never be called with addresses outside the | |
2128 | guest address space. If this assert fires, it probably indicates | |
2129 | a missing call to h2g_valid. */ | |
2130 | #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS | |
1a1c4db9 | 2131 | assert(start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)); |
5b6dd868 BS |
2132 | #endif |
2133 | ||
2134 | if (len == 0) { | |
2135 | return 0; | |
2136 | } | |
2137 | if (start + len - 1 < start) { | |
2138 | /* We've wrapped around. */ | |
2139 | return -1; | |
2140 | } | |
2141 | ||
2142 | /* must do before we loose bits in the next step */ | |
2143 | end = TARGET_PAGE_ALIGN(start + len); | |
2144 | start = start & TARGET_PAGE_MASK; | |
2145 | ||
2146 | for (addr = start, len = end - start; | |
2147 | len != 0; | |
2148 | len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) { | |
2149 | p = page_find(addr >> TARGET_PAGE_BITS); | |
2150 | if (!p) { | |
2151 | return -1; | |
2152 | } | |
2153 | if (!(p->flags & PAGE_VALID)) { | |
2154 | return -1; | |
2155 | } | |
2156 | ||
2157 | if ((flags & PAGE_READ) && !(p->flags & PAGE_READ)) { | |
2158 | return -1; | |
2159 | } | |
2160 | if (flags & PAGE_WRITE) { | |
2161 | if (!(p->flags & PAGE_WRITE_ORG)) { | |
2162 | return -1; | |
2163 | } | |
2164 | /* unprotect the page if it was put read-only because it | |
2165 | contains translated code */ | |
2166 | if (!(p->flags & PAGE_WRITE)) { | |
f213e72f | 2167 | if (!page_unprotect(addr, 0)) { |
5b6dd868 BS |
2168 | return -1; |
2169 | } | |
2170 | } | |
5b6dd868 BS |
2171 | } |
2172 | } | |
2173 | return 0; | |
2174 | } | |
2175 | ||
2176 | /* called from signal handler: invalidate the code and unprotect the | |
f213e72f PM |
2177 | * page. Return 0 if the fault was not handled, 1 if it was handled, |
2178 | * and 2 if it was handled but the caller must cause the TB to be | |
2179 | * immediately exited. (We can only return 2 if the 'pc' argument is | |
2180 | * non-zero.) | |
2181 | */ | |
2182 | int page_unprotect(target_ulong address, uintptr_t pc) | |
5b6dd868 BS |
2183 | { |
2184 | unsigned int prot; | |
7399a337 | 2185 | bool current_tb_invalidated; |
5b6dd868 BS |
2186 | PageDesc *p; |
2187 | target_ulong host_start, host_end, addr; | |
2188 | ||
2189 | /* Technically this isn't safe inside a signal handler. However we | |
2190 | know this only ever happens in a synchronous SEGV handler, so in | |
2191 | practice it seems to be ok. */ | |
2192 | mmap_lock(); | |
2193 | ||
2194 | p = page_find(address >> TARGET_PAGE_BITS); | |
2195 | if (!p) { | |
2196 | mmap_unlock(); | |
2197 | return 0; | |
2198 | } | |
2199 | ||
2200 | /* if the page was really writable, then we change its | |
2201 | protection back to writable */ | |
2202 | if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) { | |
2203 | host_start = address & qemu_host_page_mask; | |
2204 | host_end = host_start + qemu_host_page_size; | |
2205 | ||
2206 | prot = 0; | |
7399a337 | 2207 | current_tb_invalidated = false; |
5b6dd868 BS |
2208 | for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) { |
2209 | p = page_find(addr >> TARGET_PAGE_BITS); | |
2210 | p->flags |= PAGE_WRITE; | |
2211 | prot |= p->flags; | |
2212 | ||
2213 | /* and since the content will be modified, we must invalidate | |
2214 | the corresponding translated code. */ | |
7399a337 | 2215 | current_tb_invalidated |= tb_invalidate_phys_page(addr, pc); |
5b6dd868 BS |
2216 | #ifdef DEBUG_TB_CHECK |
2217 | tb_invalidate_check(addr); | |
2218 | #endif | |
2219 | } | |
2220 | mprotect((void *)g2h(host_start), qemu_host_page_size, | |
2221 | prot & PAGE_BITS); | |
2222 | ||
2223 | mmap_unlock(); | |
7399a337 SS |
2224 | /* If current TB was invalidated return to main loop */ |
2225 | return current_tb_invalidated ? 2 : 1; | |
5b6dd868 BS |
2226 | } |
2227 | mmap_unlock(); | |
2228 | return 0; | |
2229 | } | |
2230 | #endif /* CONFIG_USER_ONLY */ |