]> git.proxmox.com Git - mirror_qemu.git/blob - accel/tcg/translate-all.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tcg/aarch64: Use ADRP+ADD to compute target address
[mirror_qemu.git] / accel / tcg / translate-all.c
1 /*
2 * Host code generation
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #ifdef _WIN32
20 #include <windows.h>
21 #endif
22 #include "qemu/osdep.h"
23
24
25 #include "qemu-common.h"
26 #define NO_CPU_IO_DEFS
27 #include "cpu.h"
28 #include "trace.h"
29 #include "disas/disas.h"
30 #include "exec/exec-all.h"
31 #include "tcg.h"
32 #if defined(CONFIG_USER_ONLY)
33 #include "qemu.h"
34 #include "exec/exec-all.h"
35 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
36 #include <sys/param.h>
37 #if __FreeBSD_version >= 700104
38 #define HAVE_KINFO_GETVMMAP
39 #define sigqueue sigqueue_freebsd /* avoid redefinition */
40 #include <sys/proc.h>
41 #include <machine/profile.h>
42 #define _KERNEL
43 #include <sys/user.h>
44 #undef _KERNEL
45 #undef sigqueue
46 #include <libutil.h>
47 #endif
48 #endif
49 #else
50 #include "exec/address-spaces.h"
51 #endif
52
53 #include "exec/cputlb.h"
54 #include "exec/tb-hash.h"
55 #include "translate-all.h"
56 #include "qemu/bitmap.h"
57 #include "qemu/timer.h"
58 #include "qemu/main-loop.h"
59 #include "exec/log.h"
60 #include "sysemu/cpus.h"
61
62 /* #define DEBUG_TB_INVALIDATE */
63 /* #define DEBUG_TB_FLUSH */
64 /* make various TB consistency checks */
65 /* #define DEBUG_TB_CHECK */
66
67 #if !defined(CONFIG_USER_ONLY)
68 /* TB consistency checks only implemented for usermode emulation. */
69 #undef DEBUG_TB_CHECK
70 #endif
71
72 /* Access to the various translations structures need to be serialised via locks
73 * for consistency. This is automatic for SoftMMU based system
74 * emulation due to its single threaded nature. In user-mode emulation
75 * access to the memory related structures are protected with the
76 * mmap_lock.
77 */
78 #ifdef CONFIG_SOFTMMU
79 #define assert_memory_lock() tcg_debug_assert(have_tb_lock)
80 #else
81 #define assert_memory_lock() tcg_debug_assert(have_mmap_lock())
82 #endif
83
84 #define SMC_BITMAP_USE_THRESHOLD 10
85
86 typedef struct PageDesc {
87 /* list of TBs intersecting this ram page */
88 TranslationBlock *first_tb;
89 #ifdef CONFIG_SOFTMMU
90 /* in order to optimize self modifying code, we count the number
91 of lookups we do to a given page to use a bitmap */
92 unsigned int code_write_count;
93 unsigned long *code_bitmap;
94 #else
95 unsigned long flags;
96 #endif
97 } PageDesc;
98
99 /* In system mode we want L1_MAP to be based on ram offsets,
100 while in user mode we want it to be based on virtual addresses. */
101 #if !defined(CONFIG_USER_ONLY)
102 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
103 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
104 #else
105 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
106 #endif
107 #else
108 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
109 #endif
110
111 /* Size of the L2 (and L3, etc) page tables. */
112 #define V_L2_BITS 10
113 #define V_L2_SIZE (1 << V_L2_BITS)
114
115 /*
116 * L1 Mapping properties
117 */
118 static int v_l1_size;
119 static int v_l1_shift;
120 static int v_l2_levels;
121
122 /* The bottom level has pointers to PageDesc, and is indexed by
123 * anything from 4 to (V_L2_BITS + 3) bits, depending on target page size.
124 */
125 #define V_L1_MIN_BITS 4
126 #define V_L1_MAX_BITS (V_L2_BITS + 3)
127 #define V_L1_MAX_SIZE (1 << V_L1_MAX_BITS)
128
129 static void *l1_map[V_L1_MAX_SIZE];
130
131 /* code generation context */
132 TCGContext tcg_ctx;
133 bool parallel_cpus;
134
135 /* translation block context */
136 __thread int have_tb_lock;
137
138 static void page_table_config_init(void)
139 {
140 uint32_t v_l1_bits;
141
142 assert(TARGET_PAGE_BITS);
143 /* The bits remaining after N lower levels of page tables. */
144 v_l1_bits = (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % V_L2_BITS;
145 if (v_l1_bits < V_L1_MIN_BITS) {
146 v_l1_bits += V_L2_BITS;
147 }
148
149 v_l1_size = 1 << v_l1_bits;
150 v_l1_shift = L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - v_l1_bits;
151 v_l2_levels = v_l1_shift / V_L2_BITS - 1;
152
153 assert(v_l1_bits <= V_L1_MAX_BITS);
154 assert(v_l1_shift % V_L2_BITS == 0);
155 assert(v_l2_levels >= 0);
156 }
157
158 #define assert_tb_locked() tcg_debug_assert(have_tb_lock)
159 #define assert_tb_unlocked() tcg_debug_assert(!have_tb_lock)
160
161 void tb_lock(void)
162 {
163 assert_tb_unlocked();
164 qemu_mutex_lock(&tcg_ctx.tb_ctx.tb_lock);
165 have_tb_lock++;
166 }
167
168 void tb_unlock(void)
169 {
170 assert_tb_locked();
171 have_tb_lock--;
172 qemu_mutex_unlock(&tcg_ctx.tb_ctx.tb_lock);
173 }
174
175 void tb_lock_reset(void)
176 {
177 if (have_tb_lock) {
178 qemu_mutex_unlock(&tcg_ctx.tb_ctx.tb_lock);
179 have_tb_lock = 0;
180 }
181 }
182
183 static TranslationBlock *tb_find_pc(uintptr_t tc_ptr);
184
185 void cpu_gen_init(void)
186 {
187 tcg_context_init(&tcg_ctx);
188 }
189
190 /* Encode VAL as a signed leb128 sequence at P.
191 Return P incremented past the encoded value. */
192 static uint8_t *encode_sleb128(uint8_t *p, target_long val)
193 {
194 int more, byte;
195
196 do {
197 byte = val & 0x7f;
198 val >>= 7;
199 more = !((val == 0 && (byte & 0x40) == 0)
200 || (val == -1 && (byte & 0x40) != 0));
201 if (more) {
202 byte |= 0x80;
203 }
204 *p++ = byte;
205 } while (more);
206
207 return p;
208 }
209
210 /* Decode a signed leb128 sequence at *PP; increment *PP past the
211 decoded value. Return the decoded value. */
212 static target_long decode_sleb128(uint8_t **pp)
213 {
214 uint8_t *p = *pp;
215 target_long val = 0;
216 int byte, shift = 0;
217
218 do {
219 byte = *p++;
220 val |= (target_ulong)(byte & 0x7f) << shift;
221 shift += 7;
222 } while (byte & 0x80);
223 if (shift < TARGET_LONG_BITS && (byte & 0x40)) {
224 val |= -(target_ulong)1 << shift;
225 }
226
227 *pp = p;
228 return val;
229 }
230
231 /* Encode the data collected about the instructions while compiling TB.
232 Place the data at BLOCK, and return the number of bytes consumed.
233
234 The logical table consisits of TARGET_INSN_START_WORDS target_ulong's,
235 which come from the target's insn_start data, followed by a uintptr_t
236 which comes from the host pc of the end of the code implementing the insn.
237
238 Each line of the table is encoded as sleb128 deltas from the previous
239 line. The seed for the first line is { tb->pc, 0..., tb->tc_ptr }.
240 That is, the first column is seeded with the guest pc, the last column
241 with the host pc, and the middle columns with zeros. */
242
243 static int encode_search(TranslationBlock *tb, uint8_t *block)
244 {
245 uint8_t *highwater = tcg_ctx.code_gen_highwater;
246 uint8_t *p = block;
247 int i, j, n;
248
249 tb->tc_search = block;
250
251 for (i = 0, n = tb->icount; i < n; ++i) {
252 target_ulong prev;
253
254 for (j = 0; j < TARGET_INSN_START_WORDS; ++j) {
255 if (i == 0) {
256 prev = (j == 0 ? tb->pc : 0);
257 } else {
258 prev = tcg_ctx.gen_insn_data[i - 1][j];
259 }
260 p = encode_sleb128(p, tcg_ctx.gen_insn_data[i][j] - prev);
261 }
262 prev = (i == 0 ? 0 : tcg_ctx.gen_insn_end_off[i - 1]);
263 p = encode_sleb128(p, tcg_ctx.gen_insn_end_off[i] - prev);
264
265 /* Test for (pending) buffer overflow. The assumption is that any
266 one row beginning below the high water mark cannot overrun
267 the buffer completely. Thus we can test for overflow after
268 encoding a row without having to check during encoding. */
269 if (unlikely(p > highwater)) {
270 return -1;
271 }
272 }
273
274 return p - block;
275 }
276
277 /* The cpu state corresponding to 'searched_pc' is restored.
278 * Called with tb_lock held.
279 */
280 static int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
281 uintptr_t searched_pc)
282 {
283 target_ulong data[TARGET_INSN_START_WORDS] = { tb->pc };
284 uintptr_t host_pc = (uintptr_t)tb->tc_ptr;
285 CPUArchState *env = cpu->env_ptr;
286 uint8_t *p = tb->tc_search;
287 int i, j, num_insns = tb->icount;
288 #ifdef CONFIG_PROFILER
289 int64_t ti = profile_getclock();
290 #endif
291
292 searched_pc -= GETPC_ADJ;
293
294 if (searched_pc < host_pc) {
295 return -1;
296 }
297
298 /* Reconstruct the stored insn data while looking for the point at
299 which the end of the insn exceeds the searched_pc. */
300 for (i = 0; i < num_insns; ++i) {
301 for (j = 0; j < TARGET_INSN_START_WORDS; ++j) {
302 data[j] += decode_sleb128(&p);
303 }
304 host_pc += decode_sleb128(&p);
305 if (host_pc > searched_pc) {
306 goto found;
307 }
308 }
309 return -1;
310
311 found:
312 if (tb->cflags & CF_USE_ICOUNT) {
313 assert(use_icount);
314 /* Reset the cycle counter to the start of the block. */
315 cpu->icount_decr.u16.low += num_insns;
316 /* Clear the IO flag. */
317 cpu->can_do_io = 0;
318 }
319 cpu->icount_decr.u16.low -= i;
320 restore_state_to_opc(env, tb, data);
321
322 #ifdef CONFIG_PROFILER
323 tcg_ctx.restore_time += profile_getclock() - ti;
324 tcg_ctx.restore_count++;
325 #endif
326 return 0;
327 }
328
329 bool cpu_restore_state(CPUState *cpu, uintptr_t retaddr)
330 {
331 TranslationBlock *tb;
332 bool r = false;
333
334 /* A retaddr of zero is invalid so we really shouldn't have ended
335 * up here. The target code has likely forgotten to check retaddr
336 * != 0 before attempting to restore state. We return early to
337 * avoid blowing up on a recursive tb_lock(). The target must have
338 * previously survived a failed cpu_restore_state because
339 * tb_find_pc(0) would have failed anyway. It still should be
340 * fixed though.
341 */
342
343 if (!retaddr) {
344 return r;
345 }
346
347 tb_lock();
348 tb = tb_find_pc(retaddr);
349 if (tb) {
350 cpu_restore_state_from_tb(cpu, tb, retaddr);
351 if (tb->cflags & CF_NOCACHE) {
352 /* one-shot translation, invalidate it immediately */
353 tb_phys_invalidate(tb, -1);
354 tb_free(tb);
355 }
356 r = true;
357 }
358 tb_unlock();
359
360 return r;
361 }
362
363 static void page_init(void)
364 {
365 page_size_init();
366 page_table_config_init();
367
368 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
369 {
370 #ifdef HAVE_KINFO_GETVMMAP
371 struct kinfo_vmentry *freep;
372 int i, cnt;
373
374 freep = kinfo_getvmmap(getpid(), &cnt);
375 if (freep) {
376 mmap_lock();
377 for (i = 0; i < cnt; i++) {
378 unsigned long startaddr, endaddr;
379
380 startaddr = freep[i].kve_start;
381 endaddr = freep[i].kve_end;
382 if (h2g_valid(startaddr)) {
383 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
384
385 if (h2g_valid(endaddr)) {
386 endaddr = h2g(endaddr);
387 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
388 } else {
389 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
390 endaddr = ~0ul;
391 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
392 #endif
393 }
394 }
395 }
396 free(freep);
397 mmap_unlock();
398 }
399 #else
400 FILE *f;
401
402 last_brk = (unsigned long)sbrk(0);
403
404 f = fopen("/compat/linux/proc/self/maps", "r");
405 if (f) {
406 mmap_lock();
407
408 do {
409 unsigned long startaddr, endaddr;
410 int n;
411
412 n = fscanf(f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
413
414 if (n == 2 && h2g_valid(startaddr)) {
415 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
416
417 if (h2g_valid(endaddr)) {
418 endaddr = h2g(endaddr);
419 } else {
420 endaddr = ~0ul;
421 }
422 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
423 }
424 } while (!feof(f));
425
426 fclose(f);
427 mmap_unlock();
428 }
429 #endif
430 }
431 #endif
432 }
433
434 /* If alloc=1:
435 * Called with tb_lock held for system emulation.
436 * Called with mmap_lock held for user-mode emulation.
437 */
438 static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
439 {
440 PageDesc *pd;
441 void **lp;
442 int i;
443
444 if (alloc) {
445 assert_memory_lock();
446 }
447
448 /* Level 1. Always allocated. */
449 lp = l1_map + ((index >> v_l1_shift) & (v_l1_size - 1));
450
451 /* Level 2..N-1. */
452 for (i = v_l2_levels; i > 0; i--) {
453 void **p = atomic_rcu_read(lp);
454
455 if (p == NULL) {
456 if (!alloc) {
457 return NULL;
458 }
459 p = g_new0(void *, V_L2_SIZE);
460 atomic_rcu_set(lp, p);
461 }
462
463 lp = p + ((index >> (i * V_L2_BITS)) & (V_L2_SIZE - 1));
464 }
465
466 pd = atomic_rcu_read(lp);
467 if (pd == NULL) {
468 if (!alloc) {
469 return NULL;
470 }
471 pd = g_new0(PageDesc, V_L2_SIZE);
472 atomic_rcu_set(lp, pd);
473 }
474
475 return pd + (index & (V_L2_SIZE - 1));
476 }
477
478 static inline PageDesc *page_find(tb_page_addr_t index)
479 {
480 return page_find_alloc(index, 0);
481 }
482
483 #if defined(CONFIG_USER_ONLY)
484 /* Currently it is not recommended to allocate big chunks of data in
485 user mode. It will change when a dedicated libc will be used. */
486 /* ??? 64-bit hosts ought to have no problem mmaping data outside the
487 region in which the guest needs to run. Revisit this. */
488 #define USE_STATIC_CODE_GEN_BUFFER
489 #endif
490
491 /* Minimum size of the code gen buffer. This number is randomly chosen,
492 but not so small that we can't have a fair number of TB's live. */
493 #define MIN_CODE_GEN_BUFFER_SIZE (1024u * 1024)
494
495 /* Maximum size of the code gen buffer we'd like to use. Unless otherwise
496 indicated, this is constrained by the range of direct branches on the
497 host cpu, as used by the TCG implementation of goto_tb. */
498 #if defined(__x86_64__)
499 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
500 #elif defined(__sparc__)
501 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
502 #elif defined(__powerpc64__)
503 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
504 #elif defined(__powerpc__)
505 # define MAX_CODE_GEN_BUFFER_SIZE (32u * 1024 * 1024)
506 #elif defined(__aarch64__)
507 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
508 #elif defined(__s390x__)
509 /* We have a +- 4GB range on the branches; leave some slop. */
510 # define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024)
511 #elif defined(__mips__)
512 /* We have a 256MB branch region, but leave room to make sure the
513 main executable is also within that region. */
514 # define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024)
515 #else
516 # define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
517 #endif
518
519 #define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)
520
521 #define DEFAULT_CODE_GEN_BUFFER_SIZE \
522 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
523 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)
524
525 static inline size_t size_code_gen_buffer(size_t tb_size)
526 {
527 /* Size the buffer. */
528 if (tb_size == 0) {
529 #ifdef USE_STATIC_CODE_GEN_BUFFER
530 tb_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
531 #else
532 /* ??? Needs adjustments. */
533 /* ??? If we relax the requirement that CONFIG_USER_ONLY use the
534 static buffer, we could size this on RESERVED_VA, on the text
535 segment size of the executable, or continue to use the default. */
536 tb_size = (unsigned long)(ram_size / 4);
537 #endif
538 }
539 if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) {
540 tb_size = MIN_CODE_GEN_BUFFER_SIZE;
541 }
542 if (tb_size > MAX_CODE_GEN_BUFFER_SIZE) {
543 tb_size = MAX_CODE_GEN_BUFFER_SIZE;
544 }
545 return tb_size;
546 }
547
548 #ifdef __mips__
549 /* In order to use J and JAL within the code_gen_buffer, we require
550 that the buffer not cross a 256MB boundary. */
551 static inline bool cross_256mb(void *addr, size_t size)
552 {
553 return ((uintptr_t)addr ^ ((uintptr_t)addr + size)) & ~0x0ffffffful;
554 }
555
556 /* We weren't able to allocate a buffer without crossing that boundary,
557 so make do with the larger portion of the buffer that doesn't cross.
558 Returns the new base of the buffer, and adjusts code_gen_buffer_size. */
559 static inline void *split_cross_256mb(void *buf1, size_t size1)
560 {
561 void *buf2 = (void *)(((uintptr_t)buf1 + size1) & ~0x0ffffffful);
562 size_t size2 = buf1 + size1 - buf2;
563
564 size1 = buf2 - buf1;
565 if (size1 < size2) {
566 size1 = size2;
567 buf1 = buf2;
568 }
569
570 tcg_ctx.code_gen_buffer_size = size1;
571 return buf1;
572 }
573 #endif
574
575 #ifdef USE_STATIC_CODE_GEN_BUFFER
576 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
577 __attribute__((aligned(CODE_GEN_ALIGN)));
578
579 # ifdef _WIN32
580 static inline void do_protect(void *addr, long size, int prot)
581 {
582 DWORD old_protect;
583 VirtualProtect(addr, size, prot, &old_protect);
584 }
585
586 static inline void map_exec(void *addr, long size)
587 {
588 do_protect(addr, size, PAGE_EXECUTE_READWRITE);
589 }
590
591 static inline void map_none(void *addr, long size)
592 {
593 do_protect(addr, size, PAGE_NOACCESS);
594 }
595 # else
596 static inline void do_protect(void *addr, long size, int prot)
597 {
598 uintptr_t start, end;
599
600 start = (uintptr_t)addr;
601 start &= qemu_real_host_page_mask;
602
603 end = (uintptr_t)addr + size;
604 end = ROUND_UP(end, qemu_real_host_page_size);
605
606 mprotect((void *)start, end - start, prot);
607 }
608
609 static inline void map_exec(void *addr, long size)
610 {
611 do_protect(addr, size, PROT_READ | PROT_WRITE | PROT_EXEC);
612 }
613
614 static inline void map_none(void *addr, long size)
615 {
616 do_protect(addr, size, PROT_NONE);
617 }
618 # endif /* WIN32 */
619
620 static inline void *alloc_code_gen_buffer(void)
621 {
622 void *buf = static_code_gen_buffer;
623 size_t full_size, size;
624
625 /* The size of the buffer, rounded down to end on a page boundary. */
626 full_size = (((uintptr_t)buf + sizeof(static_code_gen_buffer))
627 & qemu_real_host_page_mask) - (uintptr_t)buf;
628
629 /* Reserve a guard page. */
630 size = full_size - qemu_real_host_page_size;
631
632 /* Honor a command-line option limiting the size of the buffer. */
633 if (size > tcg_ctx.code_gen_buffer_size) {
634 size = (((uintptr_t)buf + tcg_ctx.code_gen_buffer_size)
635 & qemu_real_host_page_mask) - (uintptr_t)buf;
636 }
637 tcg_ctx.code_gen_buffer_size = size;
638
639 #ifdef __mips__
640 if (cross_256mb(buf, size)) {
641 buf = split_cross_256mb(buf, size);
642 size = tcg_ctx.code_gen_buffer_size;
643 }
644 #endif
645
646 map_exec(buf, size);
647 map_none(buf + size, qemu_real_host_page_size);
648 qemu_madvise(buf, size, QEMU_MADV_HUGEPAGE);
649
650 return buf;
651 }
652 #elif defined(_WIN32)
653 static inline void *alloc_code_gen_buffer(void)
654 {
655 size_t size = tcg_ctx.code_gen_buffer_size;
656 void *buf1, *buf2;
657
658 /* Perform the allocation in two steps, so that the guard page
659 is reserved but uncommitted. */
660 buf1 = VirtualAlloc(NULL, size + qemu_real_host_page_size,
661 MEM_RESERVE, PAGE_NOACCESS);
662 if (buf1 != NULL) {
663 buf2 = VirtualAlloc(buf1, size, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
664 assert(buf1 == buf2);
665 }
666
667 return buf1;
668 }
669 #else
670 static inline void *alloc_code_gen_buffer(void)
671 {
672 int flags = MAP_PRIVATE | MAP_ANONYMOUS;
673 uintptr_t start = 0;
674 size_t size = tcg_ctx.code_gen_buffer_size;
675 void *buf;
676
677 /* Constrain the position of the buffer based on the host cpu.
678 Note that these addresses are chosen in concert with the
679 addresses assigned in the relevant linker script file. */
680 # if defined(__PIE__) || defined(__PIC__)
681 /* Don't bother setting a preferred location if we're building
682 a position-independent executable. We're more likely to get
683 an address near the main executable if we let the kernel
684 choose the address. */
685 # elif defined(__x86_64__) && defined(MAP_32BIT)
686 /* Force the memory down into low memory with the executable.
687 Leave the choice of exact location with the kernel. */
688 flags |= MAP_32BIT;
689 /* Cannot expect to map more than 800MB in low memory. */
690 if (size > 800u * 1024 * 1024) {
691 tcg_ctx.code_gen_buffer_size = size = 800u * 1024 * 1024;
692 }
693 # elif defined(__sparc__)
694 start = 0x40000000ul;
695 # elif defined(__s390x__)
696 start = 0x90000000ul;
697 # elif defined(__mips__)
698 # if _MIPS_SIM == _ABI64
699 start = 0x128000000ul;
700 # else
701 start = 0x08000000ul;
702 # endif
703 # endif
704
705 buf = mmap((void *)start, size + qemu_real_host_page_size,
706 PROT_NONE, flags, -1, 0);
707 if (buf == MAP_FAILED) {
708 return NULL;
709 }
710
711 #ifdef __mips__
712 if (cross_256mb(buf, size)) {
713 /* Try again, with the original still mapped, to avoid re-acquiring
714 that 256mb crossing. This time don't specify an address. */
715 size_t size2;
716 void *buf2 = mmap(NULL, size + qemu_real_host_page_size,
717 PROT_NONE, flags, -1, 0);
718 switch ((int)(buf2 != MAP_FAILED)) {
719 case 1:
720 if (!cross_256mb(buf2, size)) {
721 /* Success! Use the new buffer. */
722 munmap(buf, size + qemu_real_host_page_size);
723 break;
724 }
725 /* Failure. Work with what we had. */
726 munmap(buf2, size + qemu_real_host_page_size);
727 /* fallthru */
728 default:
729 /* Split the original buffer. Free the smaller half. */
730 buf2 = split_cross_256mb(buf, size);
731 size2 = tcg_ctx.code_gen_buffer_size;
732 if (buf == buf2) {
733 munmap(buf + size2 + qemu_real_host_page_size, size - size2);
734 } else {
735 munmap(buf, size - size2);
736 }
737 size = size2;
738 break;
739 }
740 buf = buf2;
741 }
742 #endif
743
744 /* Make the final buffer accessible. The guard page at the end
745 will remain inaccessible with PROT_NONE. */
746 mprotect(buf, size, PROT_WRITE | PROT_READ | PROT_EXEC);
747
748 /* Request large pages for the buffer. */
749 qemu_madvise(buf, size, QEMU_MADV_HUGEPAGE);
750
751 return buf;
752 }
753 #endif /* USE_STATIC_CODE_GEN_BUFFER, WIN32, POSIX */
754
755 static inline void code_gen_alloc(size_t tb_size)
756 {
757 tcg_ctx.code_gen_buffer_size = size_code_gen_buffer(tb_size);
758 tcg_ctx.code_gen_buffer = alloc_code_gen_buffer();
759 if (tcg_ctx.code_gen_buffer == NULL) {
760 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
761 exit(1);
762 }
763
764 /* size this conservatively -- realloc later if needed */
765 tcg_ctx.tb_ctx.tbs_size =
766 tcg_ctx.code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE / 8;
767 if (unlikely(!tcg_ctx.tb_ctx.tbs_size)) {
768 tcg_ctx.tb_ctx.tbs_size = 64 * 1024;
769 }
770 tcg_ctx.tb_ctx.tbs = g_new(TranslationBlock *, tcg_ctx.tb_ctx.tbs_size);
771
772 qemu_mutex_init(&tcg_ctx.tb_ctx.tb_lock);
773 }
774
775 static void tb_htable_init(void)
776 {
777 unsigned int mode = QHT_MODE_AUTO_RESIZE;
778
779 qht_init(&tcg_ctx.tb_ctx.htable, CODE_GEN_HTABLE_SIZE, mode);
780 }
781
782 /* Must be called before using the QEMU cpus. 'tb_size' is the size
783 (in bytes) allocated to the translation buffer. Zero means default
784 size. */
785 void tcg_exec_init(unsigned long tb_size)
786 {
787 tcg_allowed = true;
788 cpu_gen_init();
789 page_init();
790 tb_htable_init();
791 code_gen_alloc(tb_size);
792 #if defined(CONFIG_SOFTMMU)
793 /* There's no guest base to take into account, so go ahead and
794 initialize the prologue now. */
795 tcg_prologue_init(&tcg_ctx);
796 #endif
797 }
798
799 /*
800 * Allocate a new translation block. Flush the translation buffer if
801 * too many translation blocks or too much generated code.
802 *
803 * Called with tb_lock held.
804 */
805 static TranslationBlock *tb_alloc(target_ulong pc)
806 {
807 TranslationBlock *tb;
808 TBContext *ctx;
809
810 assert_tb_locked();
811
812 tb = tcg_tb_alloc(&tcg_ctx);
813 if (unlikely(tb == NULL)) {
814 return NULL;
815 }
816 ctx = &tcg_ctx.tb_ctx;
817 if (unlikely(ctx->nb_tbs == ctx->tbs_size)) {
818 ctx->tbs_size *= 2;
819 ctx->tbs = g_renew(TranslationBlock *, ctx->tbs, ctx->tbs_size);
820 }
821 ctx->tbs[ctx->nb_tbs++] = tb;
822 return tb;
823 }
824
825 /* Called with tb_lock held. */
826 void tb_free(TranslationBlock *tb)
827 {
828 assert_tb_locked();
829
830 /* In practice this is mostly used for single use temporary TB
831 Ignore the hard cases and just back up if this TB happens to
832 be the last one generated. */
833 if (tcg_ctx.tb_ctx.nb_tbs > 0 &&
834 tb == tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs - 1]) {
835 size_t struct_size = ROUND_UP(sizeof(*tb), qemu_icache_linesize);
836
837 tcg_ctx.code_gen_ptr = tb->tc_ptr - struct_size;
838 tcg_ctx.tb_ctx.nb_tbs--;
839 }
840 }
841
842 static inline void invalidate_page_bitmap(PageDesc *p)
843 {
844 #ifdef CONFIG_SOFTMMU
845 g_free(p->code_bitmap);
846 p->code_bitmap = NULL;
847 p->code_write_count = 0;
848 #endif
849 }
850
851 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
852 static void page_flush_tb_1(int level, void **lp)
853 {
854 int i;
855
856 if (*lp == NULL) {
857 return;
858 }
859 if (level == 0) {
860 PageDesc *pd = *lp;
861
862 for (i = 0; i < V_L2_SIZE; ++i) {
863 pd[i].first_tb = NULL;
864 invalidate_page_bitmap(pd + i);
865 }
866 } else {
867 void **pp = *lp;
868
869 for (i = 0; i < V_L2_SIZE; ++i) {
870 page_flush_tb_1(level - 1, pp + i);
871 }
872 }
873 }
874
875 static void page_flush_tb(void)
876 {
877 int i, l1_sz = v_l1_size;
878
879 for (i = 0; i < l1_sz; i++) {
880 page_flush_tb_1(v_l2_levels, l1_map + i);
881 }
882 }
883
884 /* flush all the translation blocks */
885 static void do_tb_flush(CPUState *cpu, run_on_cpu_data tb_flush_count)
886 {
887 tb_lock();
888
889 /* If it is already been done on request of another CPU,
890 * just retry.
891 */
892 if (tcg_ctx.tb_ctx.tb_flush_count != tb_flush_count.host_int) {
893 goto done;
894 }
895
896 #if defined(DEBUG_TB_FLUSH)
897 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
898 (unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer),
899 tcg_ctx.tb_ctx.nb_tbs, tcg_ctx.tb_ctx.nb_tbs > 0 ?
900 ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)) /
901 tcg_ctx.tb_ctx.nb_tbs : 0);
902 #endif
903 if ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)
904 > tcg_ctx.code_gen_buffer_size) {
905 cpu_abort(cpu, "Internal error: code buffer overflow\n");
906 }
907
908 CPU_FOREACH(cpu) {
909 cpu_tb_jmp_cache_clear(cpu);
910 }
911
912 tcg_ctx.tb_ctx.nb_tbs = 0;
913 qht_reset_size(&tcg_ctx.tb_ctx.htable, CODE_GEN_HTABLE_SIZE);
914 page_flush_tb();
915
916 tcg_ctx.code_gen_ptr = tcg_ctx.code_gen_buffer;
917 /* XXX: flush processor icache at this point if cache flush is
918 expensive */
919 atomic_mb_set(&tcg_ctx.tb_ctx.tb_flush_count,
920 tcg_ctx.tb_ctx.tb_flush_count + 1);
921
922 done:
923 tb_unlock();
924 }
925
926 void tb_flush(CPUState *cpu)
927 {
928 if (tcg_enabled()) {
929 unsigned tb_flush_count = atomic_mb_read(&tcg_ctx.tb_ctx.tb_flush_count);
930 async_safe_run_on_cpu(cpu, do_tb_flush,
931 RUN_ON_CPU_HOST_INT(tb_flush_count));
932 }
933 }
934
935 #ifdef DEBUG_TB_CHECK
936
937 static void
938 do_tb_invalidate_check(struct qht *ht, void *p, uint32_t hash, void *userp)
939 {
940 TranslationBlock *tb = p;
941 target_ulong addr = *(target_ulong *)userp;
942
943 if (!(addr + TARGET_PAGE_SIZE <= tb->pc || addr >= tb->pc + tb->size)) {
944 printf("ERROR invalidate: address=" TARGET_FMT_lx
945 " PC=%08lx size=%04x\n", addr, (long)tb->pc, tb->size);
946 }
947 }
948
949 /* verify that all the pages have correct rights for code
950 *
951 * Called with tb_lock held.
952 */
953 static void tb_invalidate_check(target_ulong address)
954 {
955 address &= TARGET_PAGE_MASK;
956 qht_iter(&tcg_ctx.tb_ctx.htable, do_tb_invalidate_check, &address);
957 }
958
959 static void
960 do_tb_page_check(struct qht *ht, void *p, uint32_t hash, void *userp)
961 {
962 TranslationBlock *tb = p;
963 int flags1, flags2;
964
965 flags1 = page_get_flags(tb->pc);
966 flags2 = page_get_flags(tb->pc + tb->size - 1);
967 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
968 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
969 (long)tb->pc, tb->size, flags1, flags2);
970 }
971 }
972
973 /* verify that all the pages have correct rights for code */
974 static void tb_page_check(void)
975 {
976 qht_iter(&tcg_ctx.tb_ctx.htable, do_tb_page_check, NULL);
977 }
978
979 #endif
980
981 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
982 {
983 TranslationBlock *tb1;
984 unsigned int n1;
985
986 for (;;) {
987 tb1 = *ptb;
988 n1 = (uintptr_t)tb1 & 3;
989 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
990 if (tb1 == tb) {
991 *ptb = tb1->page_next[n1];
992 break;
993 }
994 ptb = &tb1->page_next[n1];
995 }
996 }
997
998 /* remove the TB from a list of TBs jumping to the n-th jump target of the TB */
999 static inline void tb_remove_from_jmp_list(TranslationBlock *tb, int n)
1000 {
1001 TranslationBlock *tb1;
1002 uintptr_t *ptb, ntb;
1003 unsigned int n1;
1004
1005 ptb = &tb->jmp_list_next[n];
1006 if (*ptb) {
1007 /* find tb(n) in circular list */
1008 for (;;) {
1009 ntb = *ptb;
1010 n1 = ntb & 3;
1011 tb1 = (TranslationBlock *)(ntb & ~3);
1012 if (n1 == n && tb1 == tb) {
1013 break;
1014 }
1015 if (n1 == 2) {
1016 ptb = &tb1->jmp_list_first;
1017 } else {
1018 ptb = &tb1->jmp_list_next[n1];
1019 }
1020 }
1021 /* now we can suppress tb(n) from the list */
1022 *ptb = tb->jmp_list_next[n];
1023
1024 tb->jmp_list_next[n] = (uintptr_t)NULL;
1025 }
1026 }
1027
1028 /* reset the jump entry 'n' of a TB so that it is not chained to
1029 another TB */
1030 static inline void tb_reset_jump(TranslationBlock *tb, int n)
1031 {
1032 uintptr_t addr = (uintptr_t)(tb->tc_ptr + tb->jmp_reset_offset[n]);
1033 tb_set_jmp_target(tb, n, addr);
1034 }
1035
1036 /* remove any jumps to the TB */
1037 static inline void tb_jmp_unlink(TranslationBlock *tb)
1038 {
1039 TranslationBlock *tb1;
1040 uintptr_t *ptb, ntb;
1041 unsigned int n1;
1042
1043 ptb = &tb->jmp_list_first;
1044 for (;;) {
1045 ntb = *ptb;
1046 n1 = ntb & 3;
1047 tb1 = (TranslationBlock *)(ntb & ~3);
1048 if (n1 == 2) {
1049 break;
1050 }
1051 tb_reset_jump(tb1, n1);
1052 *ptb = tb1->jmp_list_next[n1];
1053 tb1->jmp_list_next[n1] = (uintptr_t)NULL;
1054 }
1055 }
1056
1057 /* invalidate one TB
1058 *
1059 * Called with tb_lock held.
1060 */
1061 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
1062 {
1063 CPUState *cpu;
1064 PageDesc *p;
1065 uint32_t h;
1066 tb_page_addr_t phys_pc;
1067
1068 assert_tb_locked();
1069
1070 atomic_set(&tb->invalid, true);
1071
1072 /* remove the TB from the hash list */
1073 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1074 h = tb_hash_func(phys_pc, tb->pc, tb->flags);
1075 qht_remove(&tcg_ctx.tb_ctx.htable, tb, h);
1076
1077 /* remove the TB from the page list */
1078 if (tb->page_addr[0] != page_addr) {
1079 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
1080 tb_page_remove(&p->first_tb, tb);
1081 invalidate_page_bitmap(p);
1082 }
1083 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
1084 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
1085 tb_page_remove(&p->first_tb, tb);
1086 invalidate_page_bitmap(p);
1087 }
1088
1089 /* remove the TB from the hash list */
1090 h = tb_jmp_cache_hash_func(tb->pc);
1091 CPU_FOREACH(cpu) {
1092 if (atomic_read(&cpu->tb_jmp_cache[h]) == tb) {
1093 atomic_set(&cpu->tb_jmp_cache[h], NULL);
1094 }
1095 }
1096
1097 /* suppress this TB from the two jump lists */
1098 tb_remove_from_jmp_list(tb, 0);
1099 tb_remove_from_jmp_list(tb, 1);
1100
1101 /* suppress any remaining jumps to this TB */
1102 tb_jmp_unlink(tb);
1103
1104 tcg_ctx.tb_ctx.tb_phys_invalidate_count++;
1105 }
1106
1107 #ifdef CONFIG_SOFTMMU
1108 static void build_page_bitmap(PageDesc *p)
1109 {
1110 int n, tb_start, tb_end;
1111 TranslationBlock *tb;
1112
1113 p->code_bitmap = bitmap_new(TARGET_PAGE_SIZE);
1114
1115 tb = p->first_tb;
1116 while (tb != NULL) {
1117 n = (uintptr_t)tb & 3;
1118 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1119 /* NOTE: this is subtle as a TB may span two physical pages */
1120 if (n == 0) {
1121 /* NOTE: tb_end may be after the end of the page, but
1122 it is not a problem */
1123 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1124 tb_end = tb_start + tb->size;
1125 if (tb_end > TARGET_PAGE_SIZE) {
1126 tb_end = TARGET_PAGE_SIZE;
1127 }
1128 } else {
1129 tb_start = 0;
1130 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1131 }
1132 bitmap_set(p->code_bitmap, tb_start, tb_end - tb_start);
1133 tb = tb->page_next[n];
1134 }
1135 }
1136 #endif
1137
1138 /* add the tb in the target page and protect it if necessary
1139 *
1140 * Called with mmap_lock held for user-mode emulation.
1141 */
1142 static inline void tb_alloc_page(TranslationBlock *tb,
1143 unsigned int n, tb_page_addr_t page_addr)
1144 {
1145 PageDesc *p;
1146 #ifndef CONFIG_USER_ONLY
1147 bool page_already_protected;
1148 #endif
1149
1150 assert_memory_lock();
1151
1152 tb->page_addr[n] = page_addr;
1153 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1154 tb->page_next[n] = p->first_tb;
1155 #ifndef CONFIG_USER_ONLY
1156 page_already_protected = p->first_tb != NULL;
1157 #endif
1158 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
1159 invalidate_page_bitmap(p);
1160
1161 #if defined(CONFIG_USER_ONLY)
1162 if (p->flags & PAGE_WRITE) {
1163 target_ulong addr;
1164 PageDesc *p2;
1165 int prot;
1166
1167 /* force the host page as non writable (writes will have a
1168 page fault + mprotect overhead) */
1169 page_addr &= qemu_host_page_mask;
1170 prot = 0;
1171 for (addr = page_addr; addr < page_addr + qemu_host_page_size;
1172 addr += TARGET_PAGE_SIZE) {
1173
1174 p2 = page_find(addr >> TARGET_PAGE_BITS);
1175 if (!p2) {
1176 continue;
1177 }
1178 prot |= p2->flags;
1179 p2->flags &= ~PAGE_WRITE;
1180 }
1181 mprotect(g2h(page_addr), qemu_host_page_size,
1182 (prot & PAGE_BITS) & ~PAGE_WRITE);
1183 #ifdef DEBUG_TB_INVALIDATE
1184 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1185 page_addr);
1186 #endif
1187 }
1188 #else
1189 /* if some code is already present, then the pages are already
1190 protected. So we handle the case where only the first TB is
1191 allocated in a physical page */
1192 if (!page_already_protected) {
1193 tlb_protect_code(page_addr);
1194 }
1195 #endif
1196 }
1197
1198 /* add a new TB and link it to the physical page tables. phys_page2 is
1199 * (-1) to indicate that only one page contains the TB.
1200 *
1201 * Called with mmap_lock held for user-mode emulation.
1202 */
1203 static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
1204 tb_page_addr_t phys_page2)
1205 {
1206 uint32_t h;
1207
1208 assert_memory_lock();
1209
1210 /* add in the page list */
1211 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1212 if (phys_page2 != -1) {
1213 tb_alloc_page(tb, 1, phys_page2);
1214 } else {
1215 tb->page_addr[1] = -1;
1216 }
1217
1218 /* add in the hash table */
1219 h = tb_hash_func(phys_pc, tb->pc, tb->flags);
1220 qht_insert(&tcg_ctx.tb_ctx.htable, tb, h);
1221
1222 #ifdef DEBUG_TB_CHECK
1223 tb_page_check();
1224 #endif
1225 }
1226
1227 /* Called with mmap_lock held for user mode emulation. */
1228 TranslationBlock *tb_gen_code(CPUState *cpu,
1229 target_ulong pc, target_ulong cs_base,
1230 uint32_t flags, int cflags)
1231 {
1232 CPUArchState *env = cpu->env_ptr;
1233 TranslationBlock *tb;
1234 tb_page_addr_t phys_pc, phys_page2;
1235 target_ulong virt_page2;
1236 tcg_insn_unit *gen_code_buf;
1237 int gen_code_size, search_size;
1238 #ifdef CONFIG_PROFILER
1239 int64_t ti;
1240 #endif
1241 assert_memory_lock();
1242
1243 phys_pc = get_page_addr_code(env, pc);
1244 if (use_icount && !(cflags & CF_IGNORE_ICOUNT)) {
1245 cflags |= CF_USE_ICOUNT;
1246 }
1247
1248 tb = tb_alloc(pc);
1249 if (unlikely(!tb)) {
1250 buffer_overflow:
1251 /* flush must be done */
1252 tb_flush(cpu);
1253 mmap_unlock();
1254 /* Make the execution loop process the flush as soon as possible. */
1255 cpu->exception_index = EXCP_INTERRUPT;
1256 cpu_loop_exit(cpu);
1257 }
1258
1259 gen_code_buf = tcg_ctx.code_gen_ptr;
1260 tb->tc_ptr = gen_code_buf;
1261 tb->pc = pc;
1262 tb->cs_base = cs_base;
1263 tb->flags = flags;
1264 tb->cflags = cflags;
1265 tb->invalid = false;
1266
1267 #ifdef CONFIG_PROFILER
1268 tcg_ctx.tb_count1++; /* includes aborted translations because of
1269 exceptions */
1270 ti = profile_getclock();
1271 #endif
1272
1273 tcg_func_start(&tcg_ctx);
1274
1275 tcg_ctx.cpu = ENV_GET_CPU(env);
1276 gen_intermediate_code(env, tb);
1277 tcg_ctx.cpu = NULL;
1278
1279 trace_translate_block(tb, tb->pc, tb->tc_ptr);
1280
1281 /* generate machine code */
1282 tb->jmp_reset_offset[0] = TB_JMP_RESET_OFFSET_INVALID;
1283 tb->jmp_reset_offset[1] = TB_JMP_RESET_OFFSET_INVALID;
1284 tcg_ctx.tb_jmp_reset_offset = tb->jmp_reset_offset;
1285 #ifdef USE_DIRECT_JUMP
1286 tcg_ctx.tb_jmp_insn_offset = tb->jmp_insn_offset;
1287 tcg_ctx.tb_jmp_target_addr = NULL;
1288 #else
1289 tcg_ctx.tb_jmp_insn_offset = NULL;
1290 tcg_ctx.tb_jmp_target_addr = tb->jmp_target_addr;
1291 #endif
1292
1293 #ifdef CONFIG_PROFILER
1294 tcg_ctx.tb_count++;
1295 tcg_ctx.interm_time += profile_getclock() - ti;
1296 tcg_ctx.code_time -= profile_getclock();
1297 #endif
1298
1299 /* ??? Overflow could be handled better here. In particular, we
1300 don't need to re-do gen_intermediate_code, nor should we re-do
1301 the tcg optimization currently hidden inside tcg_gen_code. All
1302 that should be required is to flush the TBs, allocate a new TB,
1303 re-initialize it per above, and re-do the actual code generation. */
1304 gen_code_size = tcg_gen_code(&tcg_ctx, tb);
1305 if (unlikely(gen_code_size < 0)) {
1306 goto buffer_overflow;
1307 }
1308 search_size = encode_search(tb, (void *)gen_code_buf + gen_code_size);
1309 if (unlikely(search_size < 0)) {
1310 goto buffer_overflow;
1311 }
1312
1313 #ifdef CONFIG_PROFILER
1314 tcg_ctx.code_time += profile_getclock();
1315 tcg_ctx.code_in_len += tb->size;
1316 tcg_ctx.code_out_len += gen_code_size;
1317 tcg_ctx.search_out_len += search_size;
1318 #endif
1319
1320 #ifdef DEBUG_DISAS
1321 if (qemu_loglevel_mask(CPU_LOG_TB_OUT_ASM) &&
1322 qemu_log_in_addr_range(tb->pc)) {
1323 qemu_log_lock();
1324 qemu_log("OUT: [size=%d]\n", gen_code_size);
1325 log_disas(tb->tc_ptr, gen_code_size);
1326 qemu_log("\n");
1327 qemu_log_flush();
1328 qemu_log_unlock();
1329 }
1330 #endif
1331
1332 tcg_ctx.code_gen_ptr = (void *)
1333 ROUND_UP((uintptr_t)gen_code_buf + gen_code_size + search_size,
1334 CODE_GEN_ALIGN);
1335
1336 /* init jump list */
1337 assert(((uintptr_t)tb & 3) == 0);
1338 tb->jmp_list_first = (uintptr_t)tb | 2;
1339 tb->jmp_list_next[0] = (uintptr_t)NULL;
1340 tb->jmp_list_next[1] = (uintptr_t)NULL;
1341
1342 /* init original jump addresses wich has been set during tcg_gen_code() */
1343 if (tb->jmp_reset_offset[0] != TB_JMP_RESET_OFFSET_INVALID) {
1344 tb_reset_jump(tb, 0);
1345 }
1346 if (tb->jmp_reset_offset[1] != TB_JMP_RESET_OFFSET_INVALID) {
1347 tb_reset_jump(tb, 1);
1348 }
1349
1350 /* check next page if needed */
1351 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
1352 phys_page2 = -1;
1353 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
1354 phys_page2 = get_page_addr_code(env, virt_page2);
1355 }
1356 /* As long as consistency of the TB stuff is provided by tb_lock in user
1357 * mode and is implicit in single-threaded softmmu emulation, no explicit
1358 * memory barrier is required before tb_link_page() makes the TB visible
1359 * through the physical hash table and physical page list.
1360 */
1361 tb_link_page(tb, phys_pc, phys_page2);
1362 return tb;
1363 }
1364
1365 /*
1366 * Invalidate all TBs which intersect with the target physical address range
1367 * [start;end[. NOTE: start and end may refer to *different* physical pages.
1368 * 'is_cpu_write_access' should be true if called from a real cpu write
1369 * access: the virtual CPU will exit the current TB if code is modified inside
1370 * this TB.
1371 *
1372 * Called with mmap_lock held for user-mode emulation, grabs tb_lock
1373 * Called with tb_lock held for system-mode emulation
1374 */
1375 static void tb_invalidate_phys_range_1(tb_page_addr_t start, tb_page_addr_t end)
1376 {
1377 while (start < end) {
1378 tb_invalidate_phys_page_range(start, end, 0);
1379 start &= TARGET_PAGE_MASK;
1380 start += TARGET_PAGE_SIZE;
1381 }
1382 }
1383
1384 #ifdef CONFIG_SOFTMMU
1385 void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end)
1386 {
1387 assert_tb_locked();
1388 tb_invalidate_phys_range_1(start, end);
1389 }
1390 #else
1391 void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end)
1392 {
1393 assert_memory_lock();
1394 tb_lock();
1395 tb_invalidate_phys_range_1(start, end);
1396 tb_unlock();
1397 }
1398 #endif
1399 /*
1400 * Invalidate all TBs which intersect with the target physical address range
1401 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1402 * 'is_cpu_write_access' should be true if called from a real cpu write
1403 * access: the virtual CPU will exit the current TB if code is modified inside
1404 * this TB.
1405 *
1406 * Called with tb_lock/mmap_lock held for user-mode emulation
1407 * Called with tb_lock held for system-mode emulation
1408 */
1409 void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
1410 int is_cpu_write_access)
1411 {
1412 TranslationBlock *tb, *tb_next;
1413 #if defined(TARGET_HAS_PRECISE_SMC)
1414 CPUState *cpu = current_cpu;
1415 CPUArchState *env = NULL;
1416 #endif
1417 tb_page_addr_t tb_start, tb_end;
1418 PageDesc *p;
1419 int n;
1420 #ifdef TARGET_HAS_PRECISE_SMC
1421 int current_tb_not_found = is_cpu_write_access;
1422 TranslationBlock *current_tb = NULL;
1423 int current_tb_modified = 0;
1424 target_ulong current_pc = 0;
1425 target_ulong current_cs_base = 0;
1426 uint32_t current_flags = 0;
1427 #endif /* TARGET_HAS_PRECISE_SMC */
1428
1429 assert_memory_lock();
1430 assert_tb_locked();
1431
1432 p = page_find(start >> TARGET_PAGE_BITS);
1433 if (!p) {
1434 return;
1435 }
1436 #if defined(TARGET_HAS_PRECISE_SMC)
1437 if (cpu != NULL) {
1438 env = cpu->env_ptr;
1439 }
1440 #endif
1441
1442 /* we remove all the TBs in the range [start, end[ */
1443 /* XXX: see if in some cases it could be faster to invalidate all
1444 the code */
1445 tb = p->first_tb;
1446 while (tb != NULL) {
1447 n = (uintptr_t)tb & 3;
1448 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1449 tb_next = tb->page_next[n];
1450 /* NOTE: this is subtle as a TB may span two physical pages */
1451 if (n == 0) {
1452 /* NOTE: tb_end may be after the end of the page, but
1453 it is not a problem */
1454 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1455 tb_end = tb_start + tb->size;
1456 } else {
1457 tb_start = tb->page_addr[1];
1458 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1459 }
1460 if (!(tb_end <= start || tb_start >= end)) {
1461 #ifdef TARGET_HAS_PRECISE_SMC
1462 if (current_tb_not_found) {
1463 current_tb_not_found = 0;
1464 current_tb = NULL;
1465 if (cpu->mem_io_pc) {
1466 /* now we have a real cpu fault */
1467 current_tb = tb_find_pc(cpu->mem_io_pc);
1468 }
1469 }
1470 if (current_tb == tb &&
1471 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1472 /* If we are modifying the current TB, we must stop
1473 its execution. We could be more precise by checking
1474 that the modification is after the current PC, but it
1475 would require a specialized function to partially
1476 restore the CPU state */
1477
1478 current_tb_modified = 1;
1479 cpu_restore_state_from_tb(cpu, current_tb, cpu->mem_io_pc);
1480 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1481 &current_flags);
1482 }
1483 #endif /* TARGET_HAS_PRECISE_SMC */
1484 tb_phys_invalidate(tb, -1);
1485 }
1486 tb = tb_next;
1487 }
1488 #if !defined(CONFIG_USER_ONLY)
1489 /* if no code remaining, no need to continue to use slow writes */
1490 if (!p->first_tb) {
1491 invalidate_page_bitmap(p);
1492 tlb_unprotect_code(start);
1493 }
1494 #endif
1495 #ifdef TARGET_HAS_PRECISE_SMC
1496 if (current_tb_modified) {
1497 /* we generate a block containing just the instruction
1498 modifying the memory. It will ensure that it cannot modify
1499 itself */
1500 tb_gen_code(cpu, current_pc, current_cs_base, current_flags, 1);
1501 cpu_loop_exit_noexc(cpu);
1502 }
1503 #endif
1504 }
1505
1506 #ifdef CONFIG_SOFTMMU
1507 /* len must be <= 8 and start must be a multiple of len.
1508 * Called via softmmu_template.h when code areas are written to with
1509 * iothread mutex not held.
1510 */
1511 void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1512 {
1513 PageDesc *p;
1514
1515 #if 0
1516 if (1) {
1517 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1518 cpu_single_env->mem_io_vaddr, len,
1519 cpu_single_env->eip,
1520 cpu_single_env->eip +
1521 (intptr_t)cpu_single_env->segs[R_CS].base);
1522 }
1523 #endif
1524 assert_memory_lock();
1525
1526 p = page_find(start >> TARGET_PAGE_BITS);
1527 if (!p) {
1528 return;
1529 }
1530 if (!p->code_bitmap &&
1531 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD) {
1532 /* build code bitmap. FIXME: writes should be protected by
1533 * tb_lock, reads by tb_lock or RCU.
1534 */
1535 build_page_bitmap(p);
1536 }
1537 if (p->code_bitmap) {
1538 unsigned int nr;
1539 unsigned long b;
1540
1541 nr = start & ~TARGET_PAGE_MASK;
1542 b = p->code_bitmap[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG - 1));
1543 if (b & ((1 << len) - 1)) {
1544 goto do_invalidate;
1545 }
1546 } else {
1547 do_invalidate:
1548 tb_invalidate_phys_page_range(start, start + len, 1);
1549 }
1550 }
1551 #else
1552 /* Called with mmap_lock held. If pc is not 0 then it indicates the
1553 * host PC of the faulting store instruction that caused this invalidate.
1554 * Returns true if the caller needs to abort execution of the current
1555 * TB (because it was modified by this store and the guest CPU has
1556 * precise-SMC semantics).
1557 */
1558 static bool tb_invalidate_phys_page(tb_page_addr_t addr, uintptr_t pc)
1559 {
1560 TranslationBlock *tb;
1561 PageDesc *p;
1562 int n;
1563 #ifdef TARGET_HAS_PRECISE_SMC
1564 TranslationBlock *current_tb = NULL;
1565 CPUState *cpu = current_cpu;
1566 CPUArchState *env = NULL;
1567 int current_tb_modified = 0;
1568 target_ulong current_pc = 0;
1569 target_ulong current_cs_base = 0;
1570 uint32_t current_flags = 0;
1571 #endif
1572
1573 assert_memory_lock();
1574
1575 addr &= TARGET_PAGE_MASK;
1576 p = page_find(addr >> TARGET_PAGE_BITS);
1577 if (!p) {
1578 return false;
1579 }
1580
1581 tb_lock();
1582 tb = p->first_tb;
1583 #ifdef TARGET_HAS_PRECISE_SMC
1584 if (tb && pc != 0) {
1585 current_tb = tb_find_pc(pc);
1586 }
1587 if (cpu != NULL) {
1588 env = cpu->env_ptr;
1589 }
1590 #endif
1591 while (tb != NULL) {
1592 n = (uintptr_t)tb & 3;
1593 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1594 #ifdef TARGET_HAS_PRECISE_SMC
1595 if (current_tb == tb &&
1596 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1597 /* If we are modifying the current TB, we must stop
1598 its execution. We could be more precise by checking
1599 that the modification is after the current PC, but it
1600 would require a specialized function to partially
1601 restore the CPU state */
1602
1603 current_tb_modified = 1;
1604 cpu_restore_state_from_tb(cpu, current_tb, pc);
1605 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1606 &current_flags);
1607 }
1608 #endif /* TARGET_HAS_PRECISE_SMC */
1609 tb_phys_invalidate(tb, addr);
1610 tb = tb->page_next[n];
1611 }
1612 p->first_tb = NULL;
1613 #ifdef TARGET_HAS_PRECISE_SMC
1614 if (current_tb_modified) {
1615 /* we generate a block containing just the instruction
1616 modifying the memory. It will ensure that it cannot modify
1617 itself */
1618 tb_gen_code(cpu, current_pc, current_cs_base, current_flags, 1);
1619 /* tb_lock will be reset after cpu_loop_exit_noexc longjmps
1620 * back into the cpu_exec loop. */
1621 return true;
1622 }
1623 #endif
1624 tb_unlock();
1625
1626 return false;
1627 }
1628 #endif
1629
1630 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1631 tb[1].tc_ptr. Return NULL if not found */
1632 static TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
1633 {
1634 int m_min, m_max, m;
1635 uintptr_t v;
1636 TranslationBlock *tb;
1637
1638 if (tcg_ctx.tb_ctx.nb_tbs <= 0) {
1639 return NULL;
1640 }
1641 if (tc_ptr < (uintptr_t)tcg_ctx.code_gen_buffer ||
1642 tc_ptr >= (uintptr_t)tcg_ctx.code_gen_ptr) {
1643 return NULL;
1644 }
1645 /* binary search (cf Knuth) */
1646 m_min = 0;
1647 m_max = tcg_ctx.tb_ctx.nb_tbs - 1;
1648 while (m_min <= m_max) {
1649 m = (m_min + m_max) >> 1;
1650 tb = tcg_ctx.tb_ctx.tbs[m];
1651 v = (uintptr_t)tb->tc_ptr;
1652 if (v == tc_ptr) {
1653 return tb;
1654 } else if (tc_ptr < v) {
1655 m_max = m - 1;
1656 } else {
1657 m_min = m + 1;
1658 }
1659 }
1660 return tcg_ctx.tb_ctx.tbs[m_max];
1661 }
1662
1663 #if !defined(CONFIG_USER_ONLY)
1664 void tb_invalidate_phys_addr(AddressSpace *as, hwaddr addr)
1665 {
1666 ram_addr_t ram_addr;
1667 MemoryRegion *mr;
1668 hwaddr l = 1;
1669
1670 rcu_read_lock();
1671 mr = address_space_translate(as, addr, &addr, &l, false);
1672 if (!(memory_region_is_ram(mr)
1673 || memory_region_is_romd(mr))) {
1674 rcu_read_unlock();
1675 return;
1676 }
1677 ram_addr = memory_region_get_ram_addr(mr) + addr;
1678 tb_lock();
1679 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1680 tb_unlock();
1681 rcu_read_unlock();
1682 }
1683 #endif /* !defined(CONFIG_USER_ONLY) */
1684
1685 /* Called with tb_lock held. */
1686 void tb_check_watchpoint(CPUState *cpu)
1687 {
1688 TranslationBlock *tb;
1689
1690 tb = tb_find_pc(cpu->mem_io_pc);
1691 if (tb) {
1692 /* We can use retranslation to find the PC. */
1693 cpu_restore_state_from_tb(cpu, tb, cpu->mem_io_pc);
1694 tb_phys_invalidate(tb, -1);
1695 } else {
1696 /* The exception probably happened in a helper. The CPU state should
1697 have been saved before calling it. Fetch the PC from there. */
1698 CPUArchState *env = cpu->env_ptr;
1699 target_ulong pc, cs_base;
1700 tb_page_addr_t addr;
1701 uint32_t flags;
1702
1703 cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
1704 addr = get_page_addr_code(env, pc);
1705 tb_invalidate_phys_range(addr, addr + 1);
1706 }
1707 }
1708
1709 #ifndef CONFIG_USER_ONLY
1710 /* in deterministic execution mode, instructions doing device I/Os
1711 * must be at the end of the TB.
1712 *
1713 * Called by softmmu_template.h, with iothread mutex not held.
1714 */
1715 void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
1716 {
1717 #if defined(TARGET_MIPS) || defined(TARGET_SH4)
1718 CPUArchState *env = cpu->env_ptr;
1719 #endif
1720 TranslationBlock *tb;
1721 uint32_t n, cflags;
1722 target_ulong pc, cs_base;
1723 uint32_t flags;
1724
1725 tb_lock();
1726 tb = tb_find_pc(retaddr);
1727 if (!tb) {
1728 cpu_abort(cpu, "cpu_io_recompile: could not find TB for pc=%p",
1729 (void *)retaddr);
1730 }
1731 n = cpu->icount_decr.u16.low + tb->icount;
1732 cpu_restore_state_from_tb(cpu, tb, retaddr);
1733 /* Calculate how many instructions had been executed before the fault
1734 occurred. */
1735 n = n - cpu->icount_decr.u16.low;
1736 /* Generate a new TB ending on the I/O insn. */
1737 n++;
1738 /* On MIPS and SH, delay slot instructions can only be restarted if
1739 they were already the first instruction in the TB. If this is not
1740 the first instruction in a TB then re-execute the preceding
1741 branch. */
1742 #if defined(TARGET_MIPS)
1743 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
1744 env->active_tc.PC -= (env->hflags & MIPS_HFLAG_B16 ? 2 : 4);
1745 cpu->icount_decr.u16.low++;
1746 env->hflags &= ~MIPS_HFLAG_BMASK;
1747 }
1748 #elif defined(TARGET_SH4)
1749 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
1750 && n > 1) {
1751 env->pc -= 2;
1752 cpu->icount_decr.u16.low++;
1753 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
1754 }
1755 #endif
1756 /* This should never happen. */
1757 if (n > CF_COUNT_MASK) {
1758 cpu_abort(cpu, "TB too big during recompile");
1759 }
1760
1761 cflags = n | CF_LAST_IO;
1762 pc = tb->pc;
1763 cs_base = tb->cs_base;
1764 flags = tb->flags;
1765 tb_phys_invalidate(tb, -1);
1766 if (tb->cflags & CF_NOCACHE) {
1767 if (tb->orig_tb) {
1768 /* Invalidate original TB if this TB was generated in
1769 * cpu_exec_nocache() */
1770 tb_phys_invalidate(tb->orig_tb, -1);
1771 }
1772 tb_free(tb);
1773 }
1774 /* FIXME: In theory this could raise an exception. In practice
1775 we have already translated the block once so it's probably ok. */
1776 tb_gen_code(cpu, pc, cs_base, flags, cflags);
1777
1778 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
1779 * the first in the TB) then we end up generating a whole new TB and
1780 * repeating the fault, which is horribly inefficient.
1781 * Better would be to execute just this insn uncached, or generate a
1782 * second new TB.
1783 *
1784 * cpu_loop_exit_noexc will longjmp back to cpu_exec where the
1785 * tb_lock gets reset.
1786 */
1787 cpu_loop_exit_noexc(cpu);
1788 }
1789
1790 static void tb_jmp_cache_clear_page(CPUState *cpu, target_ulong page_addr)
1791 {
1792 unsigned int i, i0 = tb_jmp_cache_hash_page(page_addr);
1793
1794 for (i = 0; i < TB_JMP_PAGE_SIZE; i++) {
1795 atomic_set(&cpu->tb_jmp_cache[i0 + i], NULL);
1796 }
1797 }
1798
1799 void tb_flush_jmp_cache(CPUState *cpu, target_ulong addr)
1800 {
1801 /* Discard jump cache entries for any tb which might potentially
1802 overlap the flushed page. */
1803 tb_jmp_cache_clear_page(cpu, addr - TARGET_PAGE_SIZE);
1804 tb_jmp_cache_clear_page(cpu, addr);
1805 }
1806
1807 static void print_qht_statistics(FILE *f, fprintf_function cpu_fprintf,
1808 struct qht_stats hst)
1809 {
1810 uint32_t hgram_opts;
1811 size_t hgram_bins;
1812 char *hgram;
1813
1814 if (!hst.head_buckets) {
1815 return;
1816 }
1817 cpu_fprintf(f, "TB hash buckets %zu/%zu (%0.2f%% head buckets used)\n",
1818 hst.used_head_buckets, hst.head_buckets,
1819 (double)hst.used_head_buckets / hst.head_buckets * 100);
1820
1821 hgram_opts = QDIST_PR_BORDER | QDIST_PR_LABELS;
1822 hgram_opts |= QDIST_PR_100X | QDIST_PR_PERCENT;
1823 if (qdist_xmax(&hst.occupancy) - qdist_xmin(&hst.occupancy) == 1) {
1824 hgram_opts |= QDIST_PR_NODECIMAL;
1825 }
1826 hgram = qdist_pr(&hst.occupancy, 10, hgram_opts);
1827 cpu_fprintf(f, "TB hash occupancy %0.2f%% avg chain occ. Histogram: %s\n",
1828 qdist_avg(&hst.occupancy) * 100, hgram);
1829 g_free(hgram);
1830
1831 hgram_opts = QDIST_PR_BORDER | QDIST_PR_LABELS;
1832 hgram_bins = qdist_xmax(&hst.chain) - qdist_xmin(&hst.chain);
1833 if (hgram_bins > 10) {
1834 hgram_bins = 10;
1835 } else {
1836 hgram_bins = 0;
1837 hgram_opts |= QDIST_PR_NODECIMAL | QDIST_PR_NOBINRANGE;
1838 }
1839 hgram = qdist_pr(&hst.chain, hgram_bins, hgram_opts);
1840 cpu_fprintf(f, "TB hash avg chain %0.3f buckets. Histogram: %s\n",
1841 qdist_avg(&hst.chain), hgram);
1842 g_free(hgram);
1843 }
1844
1845 void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
1846 {
1847 int i, target_code_size, max_target_code_size;
1848 int direct_jmp_count, direct_jmp2_count, cross_page;
1849 TranslationBlock *tb;
1850 struct qht_stats hst;
1851
1852 tb_lock();
1853
1854 if (!tcg_enabled()) {
1855 cpu_fprintf(f, "TCG not enabled\n");
1856 return;
1857 }
1858
1859 target_code_size = 0;
1860 max_target_code_size = 0;
1861 cross_page = 0;
1862 direct_jmp_count = 0;
1863 direct_jmp2_count = 0;
1864 for (i = 0; i < tcg_ctx.tb_ctx.nb_tbs; i++) {
1865 tb = tcg_ctx.tb_ctx.tbs[i];
1866 target_code_size += tb->size;
1867 if (tb->size > max_target_code_size) {
1868 max_target_code_size = tb->size;
1869 }
1870 if (tb->page_addr[1] != -1) {
1871 cross_page++;
1872 }
1873 if (tb->jmp_reset_offset[0] != TB_JMP_RESET_OFFSET_INVALID) {
1874 direct_jmp_count++;
1875 if (tb->jmp_reset_offset[1] != TB_JMP_RESET_OFFSET_INVALID) {
1876 direct_jmp2_count++;
1877 }
1878 }
1879 }
1880 /* XXX: avoid using doubles ? */
1881 cpu_fprintf(f, "Translation buffer state:\n");
1882 cpu_fprintf(f, "gen code size %td/%zd\n",
1883 tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer,
1884 tcg_ctx.code_gen_highwater - tcg_ctx.code_gen_buffer);
1885 cpu_fprintf(f, "TB count %d\n", tcg_ctx.tb_ctx.nb_tbs);
1886 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
1887 tcg_ctx.tb_ctx.nb_tbs ? target_code_size /
1888 tcg_ctx.tb_ctx.nb_tbs : 0,
1889 max_target_code_size);
1890 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
1891 tcg_ctx.tb_ctx.nb_tbs ? (tcg_ctx.code_gen_ptr -
1892 tcg_ctx.code_gen_buffer) /
1893 tcg_ctx.tb_ctx.nb_tbs : 0,
1894 target_code_size ? (double) (tcg_ctx.code_gen_ptr -
1895 tcg_ctx.code_gen_buffer) /
1896 target_code_size : 0);
1897 cpu_fprintf(f, "cross page TB count %d (%d%%)\n", cross_page,
1898 tcg_ctx.tb_ctx.nb_tbs ? (cross_page * 100) /
1899 tcg_ctx.tb_ctx.nb_tbs : 0);
1900 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
1901 direct_jmp_count,
1902 tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp_count * 100) /
1903 tcg_ctx.tb_ctx.nb_tbs : 0,
1904 direct_jmp2_count,
1905 tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp2_count * 100) /
1906 tcg_ctx.tb_ctx.nb_tbs : 0);
1907
1908 qht_statistics_init(&tcg_ctx.tb_ctx.htable, &hst);
1909 print_qht_statistics(f, cpu_fprintf, hst);
1910 qht_statistics_destroy(&hst);
1911
1912 cpu_fprintf(f, "\nStatistics:\n");
1913 cpu_fprintf(f, "TB flush count %u\n",
1914 atomic_read(&tcg_ctx.tb_ctx.tb_flush_count));
1915 cpu_fprintf(f, "TB invalidate count %d\n",
1916 tcg_ctx.tb_ctx.tb_phys_invalidate_count);
1917 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
1918 tcg_dump_info(f, cpu_fprintf);
1919
1920 tb_unlock();
1921 }
1922
1923 void dump_opcount_info(FILE *f, fprintf_function cpu_fprintf)
1924 {
1925 tcg_dump_op_count(f, cpu_fprintf);
1926 }
1927
1928 #else /* CONFIG_USER_ONLY */
1929
1930 void cpu_interrupt(CPUState *cpu, int mask)
1931 {
1932 g_assert(qemu_mutex_iothread_locked());
1933 cpu->interrupt_request |= mask;
1934 cpu->icount_decr.u16.high = -1;
1935 }
1936
1937 /*
1938 * Walks guest process memory "regions" one by one
1939 * and calls callback function 'fn' for each region.
1940 */
1941 struct walk_memory_regions_data {
1942 walk_memory_regions_fn fn;
1943 void *priv;
1944 target_ulong start;
1945 int prot;
1946 };
1947
1948 static int walk_memory_regions_end(struct walk_memory_regions_data *data,
1949 target_ulong end, int new_prot)
1950 {
1951 if (data->start != -1u) {
1952 int rc = data->fn(data->priv, data->start, end, data->prot);
1953 if (rc != 0) {
1954 return rc;
1955 }
1956 }
1957
1958 data->start = (new_prot ? end : -1u);
1959 data->prot = new_prot;
1960
1961 return 0;
1962 }
1963
1964 static int walk_memory_regions_1(struct walk_memory_regions_data *data,
1965 target_ulong base, int level, void **lp)
1966 {
1967 target_ulong pa;
1968 int i, rc;
1969
1970 if (*lp == NULL) {
1971 return walk_memory_regions_end(data, base, 0);
1972 }
1973
1974 if (level == 0) {
1975 PageDesc *pd = *lp;
1976
1977 for (i = 0; i < V_L2_SIZE; ++i) {
1978 int prot = pd[i].flags;
1979
1980 pa = base | (i << TARGET_PAGE_BITS);
1981 if (prot != data->prot) {
1982 rc = walk_memory_regions_end(data, pa, prot);
1983 if (rc != 0) {
1984 return rc;
1985 }
1986 }
1987 }
1988 } else {
1989 void **pp = *lp;
1990
1991 for (i = 0; i < V_L2_SIZE; ++i) {
1992 pa = base | ((target_ulong)i <<
1993 (TARGET_PAGE_BITS + V_L2_BITS * level));
1994 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
1995 if (rc != 0) {
1996 return rc;
1997 }
1998 }
1999 }
2000
2001 return 0;
2002 }
2003
2004 int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2005 {
2006 struct walk_memory_regions_data data;
2007 uintptr_t i, l1_sz = v_l1_size;
2008
2009 data.fn = fn;
2010 data.priv = priv;
2011 data.start = -1u;
2012 data.prot = 0;
2013
2014 for (i = 0; i < l1_sz; i++) {
2015 target_ulong base = i << (v_l1_shift + TARGET_PAGE_BITS);
2016 int rc = walk_memory_regions_1(&data, base, v_l2_levels, l1_map + i);
2017 if (rc != 0) {
2018 return rc;
2019 }
2020 }
2021
2022 return walk_memory_regions_end(&data, 0, 0);
2023 }
2024
2025 static int dump_region(void *priv, target_ulong start,
2026 target_ulong end, unsigned long prot)
2027 {
2028 FILE *f = (FILE *)priv;
2029
2030 (void) fprintf(f, TARGET_FMT_lx"-"TARGET_FMT_lx
2031 " "TARGET_FMT_lx" %c%c%c\n",
2032 start, end, end - start,
2033 ((prot & PAGE_READ) ? 'r' : '-'),
2034 ((prot & PAGE_WRITE) ? 'w' : '-'),
2035 ((prot & PAGE_EXEC) ? 'x' : '-'));
2036
2037 return 0;
2038 }
2039
2040 /* dump memory mappings */
2041 void page_dump(FILE *f)
2042 {
2043 const int length = sizeof(target_ulong) * 2;
2044 (void) fprintf(f, "%-*s %-*s %-*s %s\n",
2045 length, "start", length, "end", length, "size", "prot");
2046 walk_memory_regions(f, dump_region);
2047 }
2048
2049 int page_get_flags(target_ulong address)
2050 {
2051 PageDesc *p;
2052
2053 p = page_find(address >> TARGET_PAGE_BITS);
2054 if (!p) {
2055 return 0;
2056 }
2057 return p->flags;
2058 }
2059
2060 /* Modify the flags of a page and invalidate the code if necessary.
2061 The flag PAGE_WRITE_ORG is positioned automatically depending
2062 on PAGE_WRITE. The mmap_lock should already be held. */
2063 void page_set_flags(target_ulong start, target_ulong end, int flags)
2064 {
2065 target_ulong addr, len;
2066
2067 /* This function should never be called with addresses outside the
2068 guest address space. If this assert fires, it probably indicates
2069 a missing call to h2g_valid. */
2070 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2071 assert(end < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2072 #endif
2073 assert(start < end);
2074 assert_memory_lock();
2075
2076 start = start & TARGET_PAGE_MASK;
2077 end = TARGET_PAGE_ALIGN(end);
2078
2079 if (flags & PAGE_WRITE) {
2080 flags |= PAGE_WRITE_ORG;
2081 }
2082
2083 for (addr = start, len = end - start;
2084 len != 0;
2085 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2086 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2087
2088 /* If the write protection bit is set, then we invalidate
2089 the code inside. */
2090 if (!(p->flags & PAGE_WRITE) &&
2091 (flags & PAGE_WRITE) &&
2092 p->first_tb) {
2093 tb_invalidate_phys_page(addr, 0);
2094 }
2095 p->flags = flags;
2096 }
2097 }
2098
2099 int page_check_range(target_ulong start, target_ulong len, int flags)
2100 {
2101 PageDesc *p;
2102 target_ulong end;
2103 target_ulong addr;
2104
2105 /* This function should never be called with addresses outside the
2106 guest address space. If this assert fires, it probably indicates
2107 a missing call to h2g_valid. */
2108 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2109 assert(start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2110 #endif
2111
2112 if (len == 0) {
2113 return 0;
2114 }
2115 if (start + len - 1 < start) {
2116 /* We've wrapped around. */
2117 return -1;
2118 }
2119
2120 /* must do before we loose bits in the next step */
2121 end = TARGET_PAGE_ALIGN(start + len);
2122 start = start & TARGET_PAGE_MASK;
2123
2124 for (addr = start, len = end - start;
2125 len != 0;
2126 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2127 p = page_find(addr >> TARGET_PAGE_BITS);
2128 if (!p) {
2129 return -1;
2130 }
2131 if (!(p->flags & PAGE_VALID)) {
2132 return -1;
2133 }
2134
2135 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ)) {
2136 return -1;
2137 }
2138 if (flags & PAGE_WRITE) {
2139 if (!(p->flags & PAGE_WRITE_ORG)) {
2140 return -1;
2141 }
2142 /* unprotect the page if it was put read-only because it
2143 contains translated code */
2144 if (!(p->flags & PAGE_WRITE)) {
2145 if (!page_unprotect(addr, 0)) {
2146 return -1;
2147 }
2148 }
2149 }
2150 }
2151 return 0;
2152 }
2153
2154 /* called from signal handler: invalidate the code and unprotect the
2155 * page. Return 0 if the fault was not handled, 1 if it was handled,
2156 * and 2 if it was handled but the caller must cause the TB to be
2157 * immediately exited. (We can only return 2 if the 'pc' argument is
2158 * non-zero.)
2159 */
2160 int page_unprotect(target_ulong address, uintptr_t pc)
2161 {
2162 unsigned int prot;
2163 bool current_tb_invalidated;
2164 PageDesc *p;
2165 target_ulong host_start, host_end, addr;
2166
2167 /* Technically this isn't safe inside a signal handler. However we
2168 know this only ever happens in a synchronous SEGV handler, so in
2169 practice it seems to be ok. */
2170 mmap_lock();
2171
2172 p = page_find(address >> TARGET_PAGE_BITS);
2173 if (!p) {
2174 mmap_unlock();
2175 return 0;
2176 }
2177
2178 /* if the page was really writable, then we change its
2179 protection back to writable */
2180 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2181 host_start = address & qemu_host_page_mask;
2182 host_end = host_start + qemu_host_page_size;
2183
2184 prot = 0;
2185 current_tb_invalidated = false;
2186 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2187 p = page_find(addr >> TARGET_PAGE_BITS);
2188 p->flags |= PAGE_WRITE;
2189 prot |= p->flags;
2190
2191 /* and since the content will be modified, we must invalidate
2192 the corresponding translated code. */
2193 current_tb_invalidated |= tb_invalidate_phys_page(addr, pc);
2194 #ifdef DEBUG_TB_CHECK
2195 tb_invalidate_check(addr);
2196 #endif
2197 }
2198 mprotect((void *)g2h(host_start), qemu_host_page_size,
2199 prot & PAGE_BITS);
2200
2201 mmap_unlock();
2202 /* If current TB was invalidated return to main loop */
2203 return current_tb_invalidated ? 2 : 1;
2204 }
2205 mmap_unlock();
2206 return 0;
2207 }
2208 #endif /* CONFIG_USER_ONLY */
2209
2210 /* This is a wrapper for common code that can not use CONFIG_SOFTMMU */
2211 void tcg_flush_softmmu_tlb(CPUState *cs)
2212 {
2213 #ifdef CONFIG_SOFTMMU
2214 tlb_flush(cs);
2215 #endif
2216 }
QEMU mirror