4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
22 #include <sys/types.h>
33 #include "qemu-common.h"
34 #define NO_CPU_IO_DEFS
36 #include "disas/disas.h"
38 #if defined(CONFIG_USER_ONLY)
40 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41 #include <sys/param.h>
42 #if __FreeBSD_version >= 700104
43 #define HAVE_KINFO_GETVMMAP
44 #define sigqueue sigqueue_freebsd /* avoid redefinition */
47 #include <machine/profile.h>
56 #include "exec/address-spaces.h"
59 #include "exec/cputlb.h"
60 #include "translate-all.h"
61 #include "qemu/timer.h"
63 //#define DEBUG_TB_INVALIDATE
65 /* make various TB consistency checks */
66 //#define DEBUG_TB_CHECK
68 #if !defined(CONFIG_USER_ONLY)
69 /* TB consistency checks only implemented for usermode emulation. */
73 #define SMC_BITMAP_USE_THRESHOLD 10
75 typedef struct PageDesc {
76 /* list of TBs intersecting this ram page */
77 TranslationBlock *first_tb;
78 /* in order to optimize self modifying code, we count the number
79 of lookups we do to a given page to use a bitmap */
80 unsigned int code_write_count;
82 #if defined(CONFIG_USER_ONLY)
87 /* In system mode we want L1_MAP to be based on ram offsets,
88 while in user mode we want it to be based on virtual addresses. */
89 #if !defined(CONFIG_USER_ONLY)
90 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
91 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
93 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
96 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
99 /* Size of the L2 (and L3, etc) page tables. */
101 #define V_L2_SIZE (1 << V_L2_BITS)
103 /* The bits remaining after N lower levels of page tables. */
104 #define V_L1_BITS_REM \
105 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % V_L2_BITS)
107 #if V_L1_BITS_REM < 4
108 #define V_L1_BITS (V_L1_BITS_REM + V_L2_BITS)
110 #define V_L1_BITS V_L1_BITS_REM
113 #define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
115 #define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
117 uintptr_t qemu_real_host_page_size;
118 uintptr_t qemu_host_page_size;
119 uintptr_t qemu_host_page_mask;
121 /* This is a multi-level map on the virtual address space.
122 The bottom level has pointers to PageDesc. */
123 static void *l1_map[V_L1_SIZE];
125 /* code generation context */
128 static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
129 tb_page_addr_t phys_page2);
130 static TranslationBlock *tb_find_pc(uintptr_t tc_ptr);
132 void cpu_gen_init(void)
134 tcg_context_init(&tcg_ctx);
137 /* return non zero if the very first instruction is invalid so that
138 the virtual CPU can trigger an exception.
140 '*gen_code_size_ptr' contains the size of the generated code (host
143 int cpu_gen_code(CPUArchState *env, TranslationBlock *tb, int *gen_code_size_ptr)
145 TCGContext *s = &tcg_ctx;
146 uint8_t *gen_code_buf;
148 #ifdef CONFIG_PROFILER
152 #ifdef CONFIG_PROFILER
153 s->tb_count1++; /* includes aborted translations because of
155 ti = profile_getclock();
159 gen_intermediate_code(env, tb);
161 /* generate machine code */
162 gen_code_buf = tb->tc_ptr;
163 tb->tb_next_offset[0] = 0xffff;
164 tb->tb_next_offset[1] = 0xffff;
165 s->tb_next_offset = tb->tb_next_offset;
166 #ifdef USE_DIRECT_JUMP
167 s->tb_jmp_offset = tb->tb_jmp_offset;
170 s->tb_jmp_offset = NULL;
171 s->tb_next = tb->tb_next;
174 #ifdef CONFIG_PROFILER
176 s->interm_time += profile_getclock() - ti;
177 s->code_time -= profile_getclock();
179 gen_code_size = tcg_gen_code(s, gen_code_buf);
180 *gen_code_size_ptr = gen_code_size;
181 #ifdef CONFIG_PROFILER
182 s->code_time += profile_getclock();
183 s->code_in_len += tb->size;
184 s->code_out_len += gen_code_size;
188 if (qemu_loglevel_mask(CPU_LOG_TB_OUT_ASM)) {
189 qemu_log("OUT: [size=%d]\n", *gen_code_size_ptr);
190 log_disas(tb->tc_ptr, *gen_code_size_ptr);
198 /* The cpu state corresponding to 'searched_pc' is restored.
200 static int cpu_restore_state_from_tb(TranslationBlock *tb, CPUArchState *env,
201 uintptr_t searched_pc)
203 TCGContext *s = &tcg_ctx;
206 #ifdef CONFIG_PROFILER
210 #ifdef CONFIG_PROFILER
211 ti = profile_getclock();
215 gen_intermediate_code_pc(env, tb);
218 /* Reset the cycle counter to the start of the block. */
219 env->icount_decr.u16.low += tb->icount;
220 /* Clear the IO flag. */
224 /* find opc index corresponding to search_pc */
225 tc_ptr = (uintptr_t)tb->tc_ptr;
226 if (searched_pc < tc_ptr)
229 s->tb_next_offset = tb->tb_next_offset;
230 #ifdef USE_DIRECT_JUMP
231 s->tb_jmp_offset = tb->tb_jmp_offset;
234 s->tb_jmp_offset = NULL;
235 s->tb_next = tb->tb_next;
237 j = tcg_gen_code_search_pc(s, (uint8_t *)tc_ptr, searched_pc - tc_ptr);
240 /* now find start of instruction before */
241 while (s->gen_opc_instr_start[j] == 0) {
244 env->icount_decr.u16.low -= s->gen_opc_icount[j];
246 restore_state_to_opc(env, tb, j);
248 #ifdef CONFIG_PROFILER
249 s->restore_time += profile_getclock() - ti;
255 bool cpu_restore_state(CPUArchState *env, uintptr_t retaddr)
257 TranslationBlock *tb;
259 tb = tb_find_pc(retaddr);
261 cpu_restore_state_from_tb(tb, env, retaddr);
268 static inline void map_exec(void *addr, long size)
271 VirtualProtect(addr, size,
272 PAGE_EXECUTE_READWRITE, &old_protect);
275 static inline void map_exec(void *addr, long size)
277 unsigned long start, end, page_size;
279 page_size = getpagesize();
280 start = (unsigned long)addr;
281 start &= ~(page_size - 1);
283 end = (unsigned long)addr + size;
284 end += page_size - 1;
285 end &= ~(page_size - 1);
287 mprotect((void *)start, end - start,
288 PROT_READ | PROT_WRITE | PROT_EXEC);
292 static void page_init(void)
294 /* NOTE: we can always suppose that qemu_host_page_size >=
298 SYSTEM_INFO system_info;
300 GetSystemInfo(&system_info);
301 qemu_real_host_page_size = system_info.dwPageSize;
304 qemu_real_host_page_size = getpagesize();
306 if (qemu_host_page_size == 0) {
307 qemu_host_page_size = qemu_real_host_page_size;
309 if (qemu_host_page_size < TARGET_PAGE_SIZE) {
310 qemu_host_page_size = TARGET_PAGE_SIZE;
312 qemu_host_page_mask = ~(qemu_host_page_size - 1);
314 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
316 #ifdef HAVE_KINFO_GETVMMAP
317 struct kinfo_vmentry *freep;
320 freep = kinfo_getvmmap(getpid(), &cnt);
323 for (i = 0; i < cnt; i++) {
324 unsigned long startaddr, endaddr;
326 startaddr = freep[i].kve_start;
327 endaddr = freep[i].kve_end;
328 if (h2g_valid(startaddr)) {
329 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
331 if (h2g_valid(endaddr)) {
332 endaddr = h2g(endaddr);
333 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
335 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
337 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
348 last_brk = (unsigned long)sbrk(0);
350 f = fopen("/compat/linux/proc/self/maps", "r");
355 unsigned long startaddr, endaddr;
358 n = fscanf(f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
360 if (n == 2 && h2g_valid(startaddr)) {
361 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
363 if (h2g_valid(endaddr)) {
364 endaddr = h2g(endaddr);
368 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
380 static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
386 #if defined(CONFIG_USER_ONLY)
387 /* We can't use g_malloc because it may recurse into a locked mutex. */
388 # define ALLOC(P, SIZE) \
390 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
391 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
394 # define ALLOC(P, SIZE) \
395 do { P = g_malloc0(SIZE); } while (0)
398 /* Level 1. Always allocated. */
399 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
402 for (i = V_L1_SHIFT / V_L2_BITS - 1; i > 0; i--) {
409 ALLOC(p, sizeof(void *) * V_L2_SIZE);
413 lp = p + ((index >> (i * V_L2_BITS)) & (V_L2_SIZE - 1));
421 ALLOC(pd, sizeof(PageDesc) * V_L2_SIZE);
427 return pd + (index & (V_L2_SIZE - 1));
430 static inline PageDesc *page_find(tb_page_addr_t index)
432 return page_find_alloc(index, 0);
435 #if !defined(CONFIG_USER_ONLY)
436 #define mmap_lock() do { } while (0)
437 #define mmap_unlock() do { } while (0)
440 #if defined(CONFIG_USER_ONLY)
441 /* Currently it is not recommended to allocate big chunks of data in
442 user mode. It will change when a dedicated libc will be used. */
443 /* ??? 64-bit hosts ought to have no problem mmaping data outside the
444 region in which the guest needs to run. Revisit this. */
445 #define USE_STATIC_CODE_GEN_BUFFER
448 /* ??? Should configure for this, not list operating systems here. */
449 #if (defined(__linux__) \
450 || defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
451 || defined(__DragonFly__) || defined(__OpenBSD__) \
452 || defined(__NetBSD__))
456 /* Minimum size of the code gen buffer. This number is randomly chosen,
457 but not so small that we can't have a fair number of TB's live. */
458 #define MIN_CODE_GEN_BUFFER_SIZE (1024u * 1024)
460 /* Maximum size of the code gen buffer we'd like to use. Unless otherwise
461 indicated, this is constrained by the range of direct branches on the
462 host cpu, as used by the TCG implementation of goto_tb. */
463 #if defined(__x86_64__)
464 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
465 #elif defined(__sparc__)
466 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
467 #elif defined(__aarch64__)
468 # define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024)
469 #elif defined(__arm__)
470 # define MAX_CODE_GEN_BUFFER_SIZE (16u * 1024 * 1024)
471 #elif defined(__s390x__)
472 /* We have a +- 4GB range on the branches; leave some slop. */
473 # define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024)
475 # define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
478 #define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)
480 #define DEFAULT_CODE_GEN_BUFFER_SIZE \
481 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
482 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)
484 static inline size_t size_code_gen_buffer(size_t tb_size)
486 /* Size the buffer. */
488 #ifdef USE_STATIC_CODE_GEN_BUFFER
489 tb_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
491 /* ??? Needs adjustments. */
492 /* ??? If we relax the requirement that CONFIG_USER_ONLY use the
493 static buffer, we could size this on RESERVED_VA, on the text
494 segment size of the executable, or continue to use the default. */
495 tb_size = (unsigned long)(ram_size / 4);
498 if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) {
499 tb_size = MIN_CODE_GEN_BUFFER_SIZE;
501 if (tb_size > MAX_CODE_GEN_BUFFER_SIZE) {
502 tb_size = MAX_CODE_GEN_BUFFER_SIZE;
504 tcg_ctx.code_gen_buffer_size = tb_size;
508 #ifdef USE_STATIC_CODE_GEN_BUFFER
509 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
510 __attribute__((aligned(CODE_GEN_ALIGN)));
512 static inline void *alloc_code_gen_buffer(void)
514 map_exec(static_code_gen_buffer, tcg_ctx.code_gen_buffer_size);
515 return static_code_gen_buffer;
517 #elif defined(USE_MMAP)
518 static inline void *alloc_code_gen_buffer(void)
520 int flags = MAP_PRIVATE | MAP_ANONYMOUS;
524 /* Constrain the position of the buffer based on the host cpu.
525 Note that these addresses are chosen in concert with the
526 addresses assigned in the relevant linker script file. */
527 # if defined(__PIE__) || defined(__PIC__)
528 /* Don't bother setting a preferred location if we're building
529 a position-independent executable. We're more likely to get
530 an address near the main executable if we let the kernel
531 choose the address. */
532 # elif defined(__x86_64__) && defined(MAP_32BIT)
533 /* Force the memory down into low memory with the executable.
534 Leave the choice of exact location with the kernel. */
536 /* Cannot expect to map more than 800MB in low memory. */
537 if (tcg_ctx.code_gen_buffer_size > 800u * 1024 * 1024) {
538 tcg_ctx.code_gen_buffer_size = 800u * 1024 * 1024;
540 # elif defined(__sparc__)
541 start = 0x40000000ul;
542 # elif defined(__s390x__)
543 start = 0x90000000ul;
546 buf = mmap((void *)start, tcg_ctx.code_gen_buffer_size,
547 PROT_WRITE | PROT_READ | PROT_EXEC, flags, -1, 0);
548 return buf == MAP_FAILED ? NULL : buf;
551 static inline void *alloc_code_gen_buffer(void)
553 void *buf = g_malloc(tcg_ctx.code_gen_buffer_size);
556 map_exec(buf, tcg_ctx.code_gen_buffer_size);
560 #endif /* USE_STATIC_CODE_GEN_BUFFER, USE_MMAP */
562 static inline void code_gen_alloc(size_t tb_size)
564 tcg_ctx.code_gen_buffer_size = size_code_gen_buffer(tb_size);
565 tcg_ctx.code_gen_buffer = alloc_code_gen_buffer();
566 if (tcg_ctx.code_gen_buffer == NULL) {
567 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
571 qemu_madvise(tcg_ctx.code_gen_buffer, tcg_ctx.code_gen_buffer_size,
574 /* Steal room for the prologue at the end of the buffer. This ensures
575 (via the MAX_CODE_GEN_BUFFER_SIZE limits above) that direct branches
576 from TB's to the prologue are going to be in range. It also means
577 that we don't need to mark (additional) portions of the data segment
579 tcg_ctx.code_gen_prologue = tcg_ctx.code_gen_buffer +
580 tcg_ctx.code_gen_buffer_size - 1024;
581 tcg_ctx.code_gen_buffer_size -= 1024;
583 tcg_ctx.code_gen_buffer_max_size = tcg_ctx.code_gen_buffer_size -
584 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
585 tcg_ctx.code_gen_max_blocks = tcg_ctx.code_gen_buffer_size /
586 CODE_GEN_AVG_BLOCK_SIZE;
588 g_malloc(tcg_ctx.code_gen_max_blocks * sizeof(TranslationBlock));
591 /* Must be called before using the QEMU cpus. 'tb_size' is the size
592 (in bytes) allocated to the translation buffer. Zero means default
594 void tcg_exec_init(unsigned long tb_size)
597 code_gen_alloc(tb_size);
598 tcg_ctx.code_gen_ptr = tcg_ctx.code_gen_buffer;
599 tcg_register_jit(tcg_ctx.code_gen_buffer, tcg_ctx.code_gen_buffer_size);
601 #if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
602 /* There's no guest base to take into account, so go ahead and
603 initialize the prologue now. */
604 tcg_prologue_init(&tcg_ctx);
608 bool tcg_enabled(void)
610 return tcg_ctx.code_gen_buffer != NULL;
613 /* Allocate a new translation block. Flush the translation buffer if
614 too many translation blocks or too much generated code. */
615 static TranslationBlock *tb_alloc(target_ulong pc)
617 TranslationBlock *tb;
619 if (tcg_ctx.tb_ctx.nb_tbs >= tcg_ctx.code_gen_max_blocks ||
620 (tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer) >=
621 tcg_ctx.code_gen_buffer_max_size) {
624 tb = &tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs++];
630 void tb_free(TranslationBlock *tb)
632 /* In practice this is mostly used for single use temporary TB
633 Ignore the hard cases and just back up if this TB happens to
634 be the last one generated. */
635 if (tcg_ctx.tb_ctx.nb_tbs > 0 &&
636 tb == &tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs - 1]) {
637 tcg_ctx.code_gen_ptr = tb->tc_ptr;
638 tcg_ctx.tb_ctx.nb_tbs--;
642 static inline void invalidate_page_bitmap(PageDesc *p)
644 if (p->code_bitmap) {
645 g_free(p->code_bitmap);
646 p->code_bitmap = NULL;
648 p->code_write_count = 0;
651 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
652 static void page_flush_tb_1(int level, void **lp)
662 for (i = 0; i < V_L2_SIZE; ++i) {
663 pd[i].first_tb = NULL;
664 invalidate_page_bitmap(pd + i);
669 for (i = 0; i < V_L2_SIZE; ++i) {
670 page_flush_tb_1(level - 1, pp + i);
675 static void page_flush_tb(void)
679 for (i = 0; i < V_L1_SIZE; i++) {
680 page_flush_tb_1(V_L1_SHIFT / V_L2_BITS - 1, l1_map + i);
684 /* flush all the translation blocks */
685 /* XXX: tb_flush is currently not thread safe */
686 void tb_flush(CPUArchState *env1)
690 #if defined(DEBUG_FLUSH)
691 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
692 (unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer),
693 tcg_ctx.tb_ctx.nb_tbs, tcg_ctx.tb_ctx.nb_tbs > 0 ?
694 ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)) /
695 tcg_ctx.tb_ctx.nb_tbs : 0);
697 if ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)
698 > tcg_ctx.code_gen_buffer_size) {
699 cpu_abort(env1, "Internal error: code buffer overflow\n");
701 tcg_ctx.tb_ctx.nb_tbs = 0;
704 CPUArchState *env = cpu->env_ptr;
706 memset(env->tb_jmp_cache, 0, sizeof(env->tb_jmp_cache));
709 memset(tcg_ctx.tb_ctx.tb_phys_hash, 0, sizeof(tcg_ctx.tb_ctx.tb_phys_hash));
712 tcg_ctx.code_gen_ptr = tcg_ctx.code_gen_buffer;
713 /* XXX: flush processor icache at this point if cache flush is
715 tcg_ctx.tb_ctx.tb_flush_count++;
718 #ifdef DEBUG_TB_CHECK
720 static void tb_invalidate_check(target_ulong address)
722 TranslationBlock *tb;
725 address &= TARGET_PAGE_MASK;
726 for (i = 0; i < CODE_GEN_PHYS_HASH_SIZE; i++) {
727 for (tb = tb_ctx.tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
728 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
729 address >= tb->pc + tb->size)) {
730 printf("ERROR invalidate: address=" TARGET_FMT_lx
731 " PC=%08lx size=%04x\n",
732 address, (long)tb->pc, tb->size);
738 /* verify that all the pages have correct rights for code */
739 static void tb_page_check(void)
741 TranslationBlock *tb;
742 int i, flags1, flags2;
744 for (i = 0; i < CODE_GEN_PHYS_HASH_SIZE; i++) {
745 for (tb = tcg_ctx.tb_ctx.tb_phys_hash[i]; tb != NULL;
746 tb = tb->phys_hash_next) {
747 flags1 = page_get_flags(tb->pc);
748 flags2 = page_get_flags(tb->pc + tb->size - 1);
749 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
750 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
751 (long)tb->pc, tb->size, flags1, flags2);
759 static inline void tb_hash_remove(TranslationBlock **ptb, TranslationBlock *tb)
761 TranslationBlock *tb1;
766 *ptb = tb1->phys_hash_next;
769 ptb = &tb1->phys_hash_next;
773 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
775 TranslationBlock *tb1;
780 n1 = (uintptr_t)tb1 & 3;
781 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
783 *ptb = tb1->page_next[n1];
786 ptb = &tb1->page_next[n1];
790 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
792 TranslationBlock *tb1, **ptb;
795 ptb = &tb->jmp_next[n];
798 /* find tb(n) in circular list */
801 n1 = (uintptr_t)tb1 & 3;
802 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
803 if (n1 == n && tb1 == tb) {
807 ptb = &tb1->jmp_first;
809 ptb = &tb1->jmp_next[n1];
812 /* now we can suppress tb(n) from the list */
813 *ptb = tb->jmp_next[n];
815 tb->jmp_next[n] = NULL;
819 /* reset the jump entry 'n' of a TB so that it is not chained to
821 static inline void tb_reset_jump(TranslationBlock *tb, int n)
823 tb_set_jmp_target(tb, n, (uintptr_t)(tb->tc_ptr + tb->tb_next_offset[n]));
826 /* invalidate one TB */
827 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
832 tb_page_addr_t phys_pc;
833 TranslationBlock *tb1, *tb2;
835 /* remove the TB from the hash list */
836 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
837 h = tb_phys_hash_func(phys_pc);
838 tb_hash_remove(&tcg_ctx.tb_ctx.tb_phys_hash[h], tb);
840 /* remove the TB from the page list */
841 if (tb->page_addr[0] != page_addr) {
842 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
843 tb_page_remove(&p->first_tb, tb);
844 invalidate_page_bitmap(p);
846 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
847 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
848 tb_page_remove(&p->first_tb, tb);
849 invalidate_page_bitmap(p);
852 tcg_ctx.tb_ctx.tb_invalidated_flag = 1;
854 /* remove the TB from the hash list */
855 h = tb_jmp_cache_hash_func(tb->pc);
857 CPUArchState *env = cpu->env_ptr;
859 if (env->tb_jmp_cache[h] == tb) {
860 env->tb_jmp_cache[h] = NULL;
864 /* suppress this TB from the two jump lists */
865 tb_jmp_remove(tb, 0);
866 tb_jmp_remove(tb, 1);
868 /* suppress any remaining jumps to this TB */
871 n1 = (uintptr_t)tb1 & 3;
875 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
876 tb2 = tb1->jmp_next[n1];
877 tb_reset_jump(tb1, n1);
878 tb1->jmp_next[n1] = NULL;
881 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
883 tcg_ctx.tb_ctx.tb_phys_invalidate_count++;
886 static inline void set_bits(uint8_t *tab, int start, int len)
892 mask = 0xff << (start & 7);
893 if ((start & ~7) == (end & ~7)) {
895 mask &= ~(0xff << (end & 7));
900 start = (start + 8) & ~7;
902 while (start < end1) {
907 mask = ~(0xff << (end & 7));
913 static void build_page_bitmap(PageDesc *p)
915 int n, tb_start, tb_end;
916 TranslationBlock *tb;
918 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
922 n = (uintptr_t)tb & 3;
923 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
924 /* NOTE: this is subtle as a TB may span two physical pages */
926 /* NOTE: tb_end may be after the end of the page, but
927 it is not a problem */
928 tb_start = tb->pc & ~TARGET_PAGE_MASK;
929 tb_end = tb_start + tb->size;
930 if (tb_end > TARGET_PAGE_SIZE) {
931 tb_end = TARGET_PAGE_SIZE;
935 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
937 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
938 tb = tb->page_next[n];
942 TranslationBlock *tb_gen_code(CPUArchState *env,
943 target_ulong pc, target_ulong cs_base,
944 int flags, int cflags)
946 TranslationBlock *tb;
948 tb_page_addr_t phys_pc, phys_page2;
949 target_ulong virt_page2;
952 phys_pc = get_page_addr_code(env, pc);
955 /* flush must be done */
957 /* cannot fail at this point */
959 /* Don't forget to invalidate previous TB info. */
960 tcg_ctx.tb_ctx.tb_invalidated_flag = 1;
962 tc_ptr = tcg_ctx.code_gen_ptr;
964 tb->cs_base = cs_base;
967 cpu_gen_code(env, tb, &code_gen_size);
968 tcg_ctx.code_gen_ptr = (void *)(((uintptr_t)tcg_ctx.code_gen_ptr +
969 code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
971 /* check next page if needed */
972 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
974 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
975 phys_page2 = get_page_addr_code(env, virt_page2);
977 tb_link_page(tb, phys_pc, phys_page2);
982 * Invalidate all TBs which intersect with the target physical address range
983 * [start;end[. NOTE: start and end may refer to *different* physical pages.
984 * 'is_cpu_write_access' should be true if called from a real cpu write
985 * access: the virtual CPU will exit the current TB if code is modified inside
988 void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end,
989 int is_cpu_write_access)
991 while (start < end) {
992 tb_invalidate_phys_page_range(start, end, is_cpu_write_access);
993 start &= TARGET_PAGE_MASK;
994 start += TARGET_PAGE_SIZE;
999 * Invalidate all TBs which intersect with the target physical address range
1000 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1001 * 'is_cpu_write_access' should be true if called from a real cpu write
1002 * access: the virtual CPU will exit the current TB if code is modified inside
1005 void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
1006 int is_cpu_write_access)
1008 TranslationBlock *tb, *tb_next, *saved_tb;
1009 CPUState *cpu = current_cpu;
1010 #if defined(TARGET_HAS_PRECISE_SMC) || !defined(CONFIG_USER_ONLY)
1011 CPUArchState *env = NULL;
1013 tb_page_addr_t tb_start, tb_end;
1016 #ifdef TARGET_HAS_PRECISE_SMC
1017 int current_tb_not_found = is_cpu_write_access;
1018 TranslationBlock *current_tb = NULL;
1019 int current_tb_modified = 0;
1020 target_ulong current_pc = 0;
1021 target_ulong current_cs_base = 0;
1022 int current_flags = 0;
1023 #endif /* TARGET_HAS_PRECISE_SMC */
1025 p = page_find(start >> TARGET_PAGE_BITS);
1029 if (!p->code_bitmap &&
1030 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1031 is_cpu_write_access) {
1032 /* build code bitmap */
1033 build_page_bitmap(p);
1035 #if defined(TARGET_HAS_PRECISE_SMC) || !defined(CONFIG_USER_ONLY)
1041 /* we remove all the TBs in the range [start, end[ */
1042 /* XXX: see if in some cases it could be faster to invalidate all
1045 while (tb != NULL) {
1046 n = (uintptr_t)tb & 3;
1047 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1048 tb_next = tb->page_next[n];
1049 /* NOTE: this is subtle as a TB may span two physical pages */
1051 /* NOTE: tb_end may be after the end of the page, but
1052 it is not a problem */
1053 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1054 tb_end = tb_start + tb->size;
1056 tb_start = tb->page_addr[1];
1057 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1059 if (!(tb_end <= start || tb_start >= end)) {
1060 #ifdef TARGET_HAS_PRECISE_SMC
1061 if (current_tb_not_found) {
1062 current_tb_not_found = 0;
1064 if (env->mem_io_pc) {
1065 /* now we have a real cpu fault */
1066 current_tb = tb_find_pc(env->mem_io_pc);
1069 if (current_tb == tb &&
1070 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1071 /* If we are modifying the current TB, we must stop
1072 its execution. We could be more precise by checking
1073 that the modification is after the current PC, but it
1074 would require a specialized function to partially
1075 restore the CPU state */
1077 current_tb_modified = 1;
1078 cpu_restore_state_from_tb(current_tb, env, env->mem_io_pc);
1079 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1082 #endif /* TARGET_HAS_PRECISE_SMC */
1083 /* we need to do that to handle the case where a signal
1084 occurs while doing tb_phys_invalidate() */
1087 saved_tb = cpu->current_tb;
1088 cpu->current_tb = NULL;
1090 tb_phys_invalidate(tb, -1);
1092 cpu->current_tb = saved_tb;
1093 if (cpu->interrupt_request && cpu->current_tb) {
1094 cpu_interrupt(cpu, cpu->interrupt_request);
1100 #if !defined(CONFIG_USER_ONLY)
1101 /* if no code remaining, no need to continue to use slow writes */
1103 invalidate_page_bitmap(p);
1104 if (is_cpu_write_access) {
1105 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
1109 #ifdef TARGET_HAS_PRECISE_SMC
1110 if (current_tb_modified) {
1111 /* we generate a block containing just the instruction
1112 modifying the memory. It will ensure that it cannot modify
1114 cpu->current_tb = NULL;
1115 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1116 cpu_resume_from_signal(env, NULL);
1121 /* len must be <= 8 and start must be a multiple of len */
1122 void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1129 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1130 cpu_single_env->mem_io_vaddr, len,
1131 cpu_single_env->eip,
1132 cpu_single_env->eip +
1133 (intptr_t)cpu_single_env->segs[R_CS].base);
1136 p = page_find(start >> TARGET_PAGE_BITS);
1140 if (p->code_bitmap) {
1141 offset = start & ~TARGET_PAGE_MASK;
1142 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1143 if (b & ((1 << len) - 1)) {
1148 tb_invalidate_phys_page_range(start, start + len, 1);
1152 #if !defined(CONFIG_SOFTMMU)
1153 static void tb_invalidate_phys_page(tb_page_addr_t addr,
1154 uintptr_t pc, void *puc,
1157 TranslationBlock *tb;
1160 #ifdef TARGET_HAS_PRECISE_SMC
1161 TranslationBlock *current_tb = NULL;
1162 CPUState *cpu = current_cpu;
1163 CPUArchState *env = NULL;
1164 int current_tb_modified = 0;
1165 target_ulong current_pc = 0;
1166 target_ulong current_cs_base = 0;
1167 int current_flags = 0;
1170 addr &= TARGET_PAGE_MASK;
1171 p = page_find(addr >> TARGET_PAGE_BITS);
1176 #ifdef TARGET_HAS_PRECISE_SMC
1177 if (tb && pc != 0) {
1178 current_tb = tb_find_pc(pc);
1184 while (tb != NULL) {
1185 n = (uintptr_t)tb & 3;
1186 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1187 #ifdef TARGET_HAS_PRECISE_SMC
1188 if (current_tb == tb &&
1189 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1190 /* If we are modifying the current TB, we must stop
1191 its execution. We could be more precise by checking
1192 that the modification is after the current PC, but it
1193 would require a specialized function to partially
1194 restore the CPU state */
1196 current_tb_modified = 1;
1197 cpu_restore_state_from_tb(current_tb, env, pc);
1198 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1201 #endif /* TARGET_HAS_PRECISE_SMC */
1202 tb_phys_invalidate(tb, addr);
1203 tb = tb->page_next[n];
1206 #ifdef TARGET_HAS_PRECISE_SMC
1207 if (current_tb_modified) {
1208 /* we generate a block containing just the instruction
1209 modifying the memory. It will ensure that it cannot modify
1211 cpu->current_tb = NULL;
1212 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1216 cpu_resume_from_signal(env, puc);
1222 /* add the tb in the target page and protect it if necessary */
1223 static inline void tb_alloc_page(TranslationBlock *tb,
1224 unsigned int n, tb_page_addr_t page_addr)
1227 #ifndef CONFIG_USER_ONLY
1228 bool page_already_protected;
1231 tb->page_addr[n] = page_addr;
1232 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1233 tb->page_next[n] = p->first_tb;
1234 #ifndef CONFIG_USER_ONLY
1235 page_already_protected = p->first_tb != NULL;
1237 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
1238 invalidate_page_bitmap(p);
1240 #if defined(TARGET_HAS_SMC) || 1
1242 #if defined(CONFIG_USER_ONLY)
1243 if (p->flags & PAGE_WRITE) {
1248 /* force the host page as non writable (writes will have a
1249 page fault + mprotect overhead) */
1250 page_addr &= qemu_host_page_mask;
1252 for (addr = page_addr; addr < page_addr + qemu_host_page_size;
1253 addr += TARGET_PAGE_SIZE) {
1255 p2 = page_find(addr >> TARGET_PAGE_BITS);
1260 p2->flags &= ~PAGE_WRITE;
1262 mprotect(g2h(page_addr), qemu_host_page_size,
1263 (prot & PAGE_BITS) & ~PAGE_WRITE);
1264 #ifdef DEBUG_TB_INVALIDATE
1265 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1270 /* if some code is already present, then the pages are already
1271 protected. So we handle the case where only the first TB is
1272 allocated in a physical page */
1273 if (!page_already_protected) {
1274 tlb_protect_code(page_addr);
1278 #endif /* TARGET_HAS_SMC */
1281 /* add a new TB and link it to the physical page tables. phys_page2 is
1282 (-1) to indicate that only one page contains the TB. */
1283 static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
1284 tb_page_addr_t phys_page2)
1287 TranslationBlock **ptb;
1289 /* Grab the mmap lock to stop another thread invalidating this TB
1290 before we are done. */
1292 /* add in the physical hash table */
1293 h = tb_phys_hash_func(phys_pc);
1294 ptb = &tcg_ctx.tb_ctx.tb_phys_hash[h];
1295 tb->phys_hash_next = *ptb;
1298 /* add in the page list */
1299 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1300 if (phys_page2 != -1) {
1301 tb_alloc_page(tb, 1, phys_page2);
1303 tb->page_addr[1] = -1;
1306 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2);
1307 tb->jmp_next[0] = NULL;
1308 tb->jmp_next[1] = NULL;
1310 /* init original jump addresses */
1311 if (tb->tb_next_offset[0] != 0xffff) {
1312 tb_reset_jump(tb, 0);
1314 if (tb->tb_next_offset[1] != 0xffff) {
1315 tb_reset_jump(tb, 1);
1318 #ifdef DEBUG_TB_CHECK
1324 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1325 tb[1].tc_ptr. Return NULL if not found */
1326 static TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
1328 int m_min, m_max, m;
1330 TranslationBlock *tb;
1332 if (tcg_ctx.tb_ctx.nb_tbs <= 0) {
1335 if (tc_ptr < (uintptr_t)tcg_ctx.code_gen_buffer ||
1336 tc_ptr >= (uintptr_t)tcg_ctx.code_gen_ptr) {
1339 /* binary search (cf Knuth) */
1341 m_max = tcg_ctx.tb_ctx.nb_tbs - 1;
1342 while (m_min <= m_max) {
1343 m = (m_min + m_max) >> 1;
1344 tb = &tcg_ctx.tb_ctx.tbs[m];
1345 v = (uintptr_t)tb->tc_ptr;
1348 } else if (tc_ptr < v) {
1354 return &tcg_ctx.tb_ctx.tbs[m_max];
1357 #if defined(TARGET_HAS_ICE) && !defined(CONFIG_USER_ONLY)
1358 void tb_invalidate_phys_addr(hwaddr addr)
1360 ram_addr_t ram_addr;
1364 mr = address_space_translate(&address_space_memory, addr, &addr, &l, false);
1365 if (!(memory_region_is_ram(mr)
1366 || memory_region_is_romd(mr))) {
1369 ram_addr = (memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK)
1371 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1373 #endif /* TARGET_HAS_ICE && !defined(CONFIG_USER_ONLY) */
1375 void tb_check_watchpoint(CPUArchState *env)
1377 TranslationBlock *tb;
1379 tb = tb_find_pc(env->mem_io_pc);
1381 cpu_abort(env, "check_watchpoint: could not find TB for pc=%p",
1382 (void *)env->mem_io_pc);
1384 cpu_restore_state_from_tb(tb, env, env->mem_io_pc);
1385 tb_phys_invalidate(tb, -1);
1388 #ifndef CONFIG_USER_ONLY
1389 /* mask must never be zero, except for A20 change call */
1390 static void tcg_handle_interrupt(CPUState *cpu, int mask)
1392 CPUArchState *env = cpu->env_ptr;
1395 old_mask = cpu->interrupt_request;
1396 cpu->interrupt_request |= mask;
1399 * If called from iothread context, wake the target cpu in
1402 if (!qemu_cpu_is_self(cpu)) {
1408 env->icount_decr.u16.high = 0xffff;
1410 && (mask & ~old_mask) != 0) {
1411 cpu_abort(env, "Raised interrupt while not in I/O function");
1414 cpu->tcg_exit_req = 1;
1418 CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1420 /* in deterministic execution mode, instructions doing device I/Os
1421 must be at the end of the TB */
1422 void cpu_io_recompile(CPUArchState *env, uintptr_t retaddr)
1424 TranslationBlock *tb;
1426 target_ulong pc, cs_base;
1429 tb = tb_find_pc(retaddr);
1431 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
1434 n = env->icount_decr.u16.low + tb->icount;
1435 cpu_restore_state_from_tb(tb, env, retaddr);
1436 /* Calculate how many instructions had been executed before the fault
1438 n = n - env->icount_decr.u16.low;
1439 /* Generate a new TB ending on the I/O insn. */
1441 /* On MIPS and SH, delay slot instructions can only be restarted if
1442 they were already the first instruction in the TB. If this is not
1443 the first instruction in a TB then re-execute the preceding
1445 #if defined(TARGET_MIPS)
1446 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
1447 env->active_tc.PC -= 4;
1448 env->icount_decr.u16.low++;
1449 env->hflags &= ~MIPS_HFLAG_BMASK;
1451 #elif defined(TARGET_SH4)
1452 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
1455 env->icount_decr.u16.low++;
1456 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
1459 /* This should never happen. */
1460 if (n > CF_COUNT_MASK) {
1461 cpu_abort(env, "TB too big during recompile");
1464 cflags = n | CF_LAST_IO;
1466 cs_base = tb->cs_base;
1468 tb_phys_invalidate(tb, -1);
1469 /* FIXME: In theory this could raise an exception. In practice
1470 we have already translated the block once so it's probably ok. */
1471 tb_gen_code(env, pc, cs_base, flags, cflags);
1472 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
1473 the first in the TB) then we end up generating a whole new TB and
1474 repeating the fault, which is horribly inefficient.
1475 Better would be to execute just this insn uncached, or generate a
1477 cpu_resume_from_signal(env, NULL);
1480 void tb_flush_jmp_cache(CPUArchState *env, target_ulong addr)
1484 /* Discard jump cache entries for any tb which might potentially
1485 overlap the flushed page. */
1486 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1487 memset(&env->tb_jmp_cache[i], 0,
1488 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1490 i = tb_jmp_cache_hash_page(addr);
1491 memset(&env->tb_jmp_cache[i], 0,
1492 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1495 void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
1497 int i, target_code_size, max_target_code_size;
1498 int direct_jmp_count, direct_jmp2_count, cross_page;
1499 TranslationBlock *tb;
1501 target_code_size = 0;
1502 max_target_code_size = 0;
1504 direct_jmp_count = 0;
1505 direct_jmp2_count = 0;
1506 for (i = 0; i < tcg_ctx.tb_ctx.nb_tbs; i++) {
1507 tb = &tcg_ctx.tb_ctx.tbs[i];
1508 target_code_size += tb->size;
1509 if (tb->size > max_target_code_size) {
1510 max_target_code_size = tb->size;
1512 if (tb->page_addr[1] != -1) {
1515 if (tb->tb_next_offset[0] != 0xffff) {
1517 if (tb->tb_next_offset[1] != 0xffff) {
1518 direct_jmp2_count++;
1522 /* XXX: avoid using doubles ? */
1523 cpu_fprintf(f, "Translation buffer state:\n");
1524 cpu_fprintf(f, "gen code size %td/%zd\n",
1525 tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer,
1526 tcg_ctx.code_gen_buffer_max_size);
1527 cpu_fprintf(f, "TB count %d/%d\n",
1528 tcg_ctx.tb_ctx.nb_tbs, tcg_ctx.code_gen_max_blocks);
1529 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
1530 tcg_ctx.tb_ctx.nb_tbs ? target_code_size /
1531 tcg_ctx.tb_ctx.nb_tbs : 0,
1532 max_target_code_size);
1533 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
1534 tcg_ctx.tb_ctx.nb_tbs ? (tcg_ctx.code_gen_ptr -
1535 tcg_ctx.code_gen_buffer) /
1536 tcg_ctx.tb_ctx.nb_tbs : 0,
1537 target_code_size ? (double) (tcg_ctx.code_gen_ptr -
1538 tcg_ctx.code_gen_buffer) /
1539 target_code_size : 0);
1540 cpu_fprintf(f, "cross page TB count %d (%d%%)\n", cross_page,
1541 tcg_ctx.tb_ctx.nb_tbs ? (cross_page * 100) /
1542 tcg_ctx.tb_ctx.nb_tbs : 0);
1543 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
1545 tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp_count * 100) /
1546 tcg_ctx.tb_ctx.nb_tbs : 0,
1548 tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp2_count * 100) /
1549 tcg_ctx.tb_ctx.nb_tbs : 0);
1550 cpu_fprintf(f, "\nStatistics:\n");
1551 cpu_fprintf(f, "TB flush count %d\n", tcg_ctx.tb_ctx.tb_flush_count);
1552 cpu_fprintf(f, "TB invalidate count %d\n",
1553 tcg_ctx.tb_ctx.tb_phys_invalidate_count);
1554 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
1555 tcg_dump_info(f, cpu_fprintf);
1558 #else /* CONFIG_USER_ONLY */
1560 void cpu_interrupt(CPUState *cpu, int mask)
1562 cpu->interrupt_request |= mask;
1563 cpu->tcg_exit_req = 1;
1567 * Walks guest process memory "regions" one by one
1568 * and calls callback function 'fn' for each region.
1570 struct walk_memory_regions_data {
1571 walk_memory_regions_fn fn;
1577 static int walk_memory_regions_end(struct walk_memory_regions_data *data,
1578 abi_ulong end, int new_prot)
1580 if (data->start != -1ul) {
1581 int rc = data->fn(data->priv, data->start, end, data->prot);
1587 data->start = (new_prot ? end : -1ul);
1588 data->prot = new_prot;
1593 static int walk_memory_regions_1(struct walk_memory_regions_data *data,
1594 abi_ulong base, int level, void **lp)
1600 return walk_memory_regions_end(data, base, 0);
1606 for (i = 0; i < V_L2_SIZE; ++i) {
1607 int prot = pd[i].flags;
1609 pa = base | (i << TARGET_PAGE_BITS);
1610 if (prot != data->prot) {
1611 rc = walk_memory_regions_end(data, pa, prot);
1620 for (i = 0; i < V_L2_SIZE; ++i) {
1621 pa = base | ((abi_ulong)i <<
1622 (TARGET_PAGE_BITS + V_L2_BITS * level));
1623 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
1633 int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
1635 struct walk_memory_regions_data data;
1643 for (i = 0; i < V_L1_SIZE; i++) {
1644 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
1645 V_L1_SHIFT / V_L2_BITS - 1, l1_map + i);
1652 return walk_memory_regions_end(&data, 0, 0);
1655 static int dump_region(void *priv, abi_ulong start,
1656 abi_ulong end, unsigned long prot)
1658 FILE *f = (FILE *)priv;
1660 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
1661 " "TARGET_ABI_FMT_lx" %c%c%c\n",
1662 start, end, end - start,
1663 ((prot & PAGE_READ) ? 'r' : '-'),
1664 ((prot & PAGE_WRITE) ? 'w' : '-'),
1665 ((prot & PAGE_EXEC) ? 'x' : '-'));
1670 /* dump memory mappings */
1671 void page_dump(FILE *f)
1673 const int length = sizeof(abi_ulong) * 2;
1674 (void) fprintf(f, "%-*s %-*s %-*s %s\n",
1675 length, "start", length, "end", length, "size", "prot");
1676 walk_memory_regions(f, dump_region);
1679 int page_get_flags(target_ulong address)
1683 p = page_find(address >> TARGET_PAGE_BITS);
1690 /* Modify the flags of a page and invalidate the code if necessary.
1691 The flag PAGE_WRITE_ORG is positioned automatically depending
1692 on PAGE_WRITE. The mmap_lock should already be held. */
1693 void page_set_flags(target_ulong start, target_ulong end, int flags)
1695 target_ulong addr, len;
1697 /* This function should never be called with addresses outside the
1698 guest address space. If this assert fires, it probably indicates
1699 a missing call to h2g_valid. */
1700 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
1701 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
1703 assert(start < end);
1705 start = start & TARGET_PAGE_MASK;
1706 end = TARGET_PAGE_ALIGN(end);
1708 if (flags & PAGE_WRITE) {
1709 flags |= PAGE_WRITE_ORG;
1712 for (addr = start, len = end - start;
1714 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
1715 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
1717 /* If the write protection bit is set, then we invalidate
1719 if (!(p->flags & PAGE_WRITE) &&
1720 (flags & PAGE_WRITE) &&
1722 tb_invalidate_phys_page(addr, 0, NULL, false);
1728 int page_check_range(target_ulong start, target_ulong len, int flags)
1734 /* This function should never be called with addresses outside the
1735 guest address space. If this assert fires, it probably indicates
1736 a missing call to h2g_valid. */
1737 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
1738 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
1744 if (start + len - 1 < start) {
1745 /* We've wrapped around. */
1749 /* must do before we loose bits in the next step */
1750 end = TARGET_PAGE_ALIGN(start + len);
1751 start = start & TARGET_PAGE_MASK;
1753 for (addr = start, len = end - start;
1755 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
1756 p = page_find(addr >> TARGET_PAGE_BITS);
1760 if (!(p->flags & PAGE_VALID)) {
1764 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ)) {
1767 if (flags & PAGE_WRITE) {
1768 if (!(p->flags & PAGE_WRITE_ORG)) {
1771 /* unprotect the page if it was put read-only because it
1772 contains translated code */
1773 if (!(p->flags & PAGE_WRITE)) {
1774 if (!page_unprotect(addr, 0, NULL)) {
1784 /* called from signal handler: invalidate the code and unprotect the
1785 page. Return TRUE if the fault was successfully handled. */
1786 int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
1790 target_ulong host_start, host_end, addr;
1792 /* Technically this isn't safe inside a signal handler. However we
1793 know this only ever happens in a synchronous SEGV handler, so in
1794 practice it seems to be ok. */
1797 p = page_find(address >> TARGET_PAGE_BITS);
1803 /* if the page was really writable, then we change its
1804 protection back to writable */
1805 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
1806 host_start = address & qemu_host_page_mask;
1807 host_end = host_start + qemu_host_page_size;
1810 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
1811 p = page_find(addr >> TARGET_PAGE_BITS);
1812 p->flags |= PAGE_WRITE;
1815 /* and since the content will be modified, we must invalidate
1816 the corresponding translated code. */
1817 tb_invalidate_phys_page(addr, pc, puc, true);
1818 #ifdef DEBUG_TB_CHECK
1819 tb_invalidate_check(addr);
1822 mprotect((void *)g2h(host_start), qemu_host_page_size,
1831 #endif /* CONFIG_USER_ONLY */
projects / lisovros / qemu_apohw.git / blob