4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
22 #include <sys/types.h>
33 #include "qemu-common.h"
34 #define NO_CPU_IO_DEFS
36 #include "disas/disas.h"
38 #if defined(CONFIG_USER_ONLY)
40 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41 #include <sys/param.h>
42 #if __FreeBSD_version >= 700104
43 #define HAVE_KINFO_GETVMMAP
44 #define sigqueue sigqueue_freebsd /* avoid redefinition */
47 #include <machine/profile.h>
56 #include "exec/address-spaces.h"
59 #include "exec/cputlb.h"
60 #include "translate-all.h"
61 #include "qemu/timer.h"
63 //#define DEBUG_TB_INVALIDATE
65 /* make various TB consistency checks */
66 //#define DEBUG_TB_CHECK
68 #if !defined(CONFIG_USER_ONLY)
69 /* TB consistency checks only implemented for usermode emulation. */
73 #define SMC_BITMAP_USE_THRESHOLD 10
75 typedef struct PageDesc {
76 /* list of TBs intersecting this ram page */
77 TranslationBlock *first_tb;
78 /* in order to optimize self modifying code, we count the number
79 of lookups we do to a given page to use a bitmap */
80 unsigned int code_write_count;
82 #if defined(CONFIG_USER_ONLY)
87 /* In system mode we want L1_MAP to be based on ram offsets,
88 while in user mode we want it to be based on virtual addresses. */
89 #if !defined(CONFIG_USER_ONLY)
90 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
91 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
93 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
96 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
99 /* Size of the L2 (and L3, etc) page tables. */
101 #define V_L2_SIZE (1 << V_L2_BITS)
103 /* The bits remaining after N lower levels of page tables. */
104 #define V_L1_BITS_REM \
105 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % V_L2_BITS)
107 #if V_L1_BITS_REM < 4
108 #define V_L1_BITS (V_L1_BITS_REM + V_L2_BITS)
110 #define V_L1_BITS V_L1_BITS_REM
113 #define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
115 #define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
117 uintptr_t qemu_real_host_page_size;
118 uintptr_t qemu_host_page_size;
119 uintptr_t qemu_host_page_mask;
121 /* This is a multi-level map on the virtual address space.
122 The bottom level has pointers to PageDesc. */
123 static void *l1_map[V_L1_SIZE];
125 /* code generation context */
128 static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
129 tb_page_addr_t phys_page2);
130 static TranslationBlock *tb_find_pc(uintptr_t tc_ptr);
132 void cpu_gen_init(void)
134 tcg_context_init(&tcg_ctx);
137 /* return non zero if the very first instruction is invalid so that
138 the virtual CPU can trigger an exception.
140 '*gen_code_size_ptr' contains the size of the generated code (host
143 int cpu_gen_code(CPUArchState *env, TranslationBlock *tb, int *gen_code_size_ptr)
145 TCGContext *s = &tcg_ctx;
146 tcg_insn_unit *gen_code_buf;
148 #ifdef CONFIG_PROFILER
152 #ifdef CONFIG_PROFILER
153 s->tb_count1++; /* includes aborted translations because of
155 ti = profile_getclock();
159 gen_intermediate_code(env, tb);
161 /* generate machine code */
162 gen_code_buf = tb->tc_ptr;
163 tb->tb_next_offset[0] = 0xffff;
164 tb->tb_next_offset[1] = 0xffff;
165 s->tb_next_offset = tb->tb_next_offset;
166 #ifdef USE_DIRECT_JUMP
167 s->tb_jmp_offset = tb->tb_jmp_offset;
170 s->tb_jmp_offset = NULL;
171 s->tb_next = tb->tb_next;
174 #ifdef CONFIG_PROFILER
176 s->interm_time += profile_getclock() - ti;
177 s->code_time -= profile_getclock();
179 gen_code_size = tcg_gen_code(s, gen_code_buf);
180 *gen_code_size_ptr = gen_code_size;
181 #ifdef CONFIG_PROFILER
182 s->code_time += profile_getclock();
183 s->code_in_len += tb->size;
184 s->code_out_len += gen_code_size;
188 if (qemu_loglevel_mask(CPU_LOG_TB_OUT_ASM)) {
189 qemu_log("OUT: [size=%d]\n", gen_code_size);
190 log_disas(tb->tc_ptr, gen_code_size);
198 /* The cpu state corresponding to 'searched_pc' is restored.
200 static int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
201 uintptr_t searched_pc)
203 CPUArchState *env = cpu->env_ptr;
204 TCGContext *s = &tcg_ctx;
207 #ifdef CONFIG_PROFILER
211 #ifdef CONFIG_PROFILER
212 ti = profile_getclock();
216 gen_intermediate_code_pc(env, tb);
219 /* Reset the cycle counter to the start of the block. */
220 cpu->icount_decr.u16.low += tb->icount;
221 /* Clear the IO flag. */
225 /* find opc index corresponding to search_pc */
226 tc_ptr = (uintptr_t)tb->tc_ptr;
227 if (searched_pc < tc_ptr)
230 s->tb_next_offset = tb->tb_next_offset;
231 #ifdef USE_DIRECT_JUMP
232 s->tb_jmp_offset = tb->tb_jmp_offset;
235 s->tb_jmp_offset = NULL;
236 s->tb_next = tb->tb_next;
238 j = tcg_gen_code_search_pc(s, (tcg_insn_unit *)tc_ptr,
239 searched_pc - tc_ptr);
242 /* now find start of instruction before */
243 while (s->gen_opc_instr_start[j] == 0) {
246 cpu->icount_decr.u16.low -= s->gen_opc_icount[j];
248 restore_state_to_opc(env, tb, j);
250 #ifdef CONFIG_PROFILER
251 s->restore_time += profile_getclock() - ti;
257 bool cpu_restore_state(CPUState *cpu, uintptr_t retaddr)
259 TranslationBlock *tb;
261 tb = tb_find_pc(retaddr);
263 cpu_restore_state_from_tb(cpu, tb, retaddr);
270 static inline void map_exec(void *addr, long size)
273 VirtualProtect(addr, size,
274 PAGE_EXECUTE_READWRITE, &old_protect);
277 static inline void map_exec(void *addr, long size)
279 unsigned long start, end, page_size;
281 page_size = getpagesize();
282 start = (unsigned long)addr;
283 start &= ~(page_size - 1);
285 end = (unsigned long)addr + size;
286 end += page_size - 1;
287 end &= ~(page_size - 1);
289 mprotect((void *)start, end - start,
290 PROT_READ | PROT_WRITE | PROT_EXEC);
294 void page_size_init(void)
296 /* NOTE: we can always suppose that qemu_host_page_size >=
299 SYSTEM_INFO system_info;
301 GetSystemInfo(&system_info);
302 qemu_real_host_page_size = system_info.dwPageSize;
304 qemu_real_host_page_size = getpagesize();
306 if (qemu_host_page_size == 0) {
307 qemu_host_page_size = qemu_real_host_page_size;
309 if (qemu_host_page_size < TARGET_PAGE_SIZE) {
310 qemu_host_page_size = TARGET_PAGE_SIZE;
312 qemu_host_page_mask = ~(qemu_host_page_size - 1);
315 static void page_init(void)
318 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
320 #ifdef HAVE_KINFO_GETVMMAP
321 struct kinfo_vmentry *freep;
324 freep = kinfo_getvmmap(getpid(), &cnt);
327 for (i = 0; i < cnt; i++) {
328 unsigned long startaddr, endaddr;
330 startaddr = freep[i].kve_start;
331 endaddr = freep[i].kve_end;
332 if (h2g_valid(startaddr)) {
333 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
335 if (h2g_valid(endaddr)) {
336 endaddr = h2g(endaddr);
337 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
339 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
341 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
352 last_brk = (unsigned long)sbrk(0);
354 f = fopen("/compat/linux/proc/self/maps", "r");
359 unsigned long startaddr, endaddr;
362 n = fscanf(f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
364 if (n == 2 && h2g_valid(startaddr)) {
365 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
367 if (h2g_valid(endaddr)) {
368 endaddr = h2g(endaddr);
372 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
384 static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
390 #if defined(CONFIG_USER_ONLY)
391 /* We can't use g_malloc because it may recurse into a locked mutex. */
392 # define ALLOC(P, SIZE) \
394 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
395 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
398 # define ALLOC(P, SIZE) \
399 do { P = g_malloc0(SIZE); } while (0)
402 /* Level 1. Always allocated. */
403 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
406 for (i = V_L1_SHIFT / V_L2_BITS - 1; i > 0; i--) {
413 ALLOC(p, sizeof(void *) * V_L2_SIZE);
417 lp = p + ((index >> (i * V_L2_BITS)) & (V_L2_SIZE - 1));
425 ALLOC(pd, sizeof(PageDesc) * V_L2_SIZE);
431 return pd + (index & (V_L2_SIZE - 1));
434 static inline PageDesc *page_find(tb_page_addr_t index)
436 return page_find_alloc(index, 0);
439 #if !defined(CONFIG_USER_ONLY)
440 #define mmap_lock() do { } while (0)
441 #define mmap_unlock() do { } while (0)
444 #if defined(CONFIG_USER_ONLY)
445 /* Currently it is not recommended to allocate big chunks of data in
446 user mode. It will change when a dedicated libc will be used. */
447 /* ??? 64-bit hosts ought to have no problem mmaping data outside the
448 region in which the guest needs to run. Revisit this. */
449 #define USE_STATIC_CODE_GEN_BUFFER
452 /* ??? Should configure for this, not list operating systems here. */
453 #if (defined(__linux__) \
454 || defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
455 || defined(__DragonFly__) || defined(__OpenBSD__) \
456 || defined(__NetBSD__))
460 /* Minimum size of the code gen buffer. This number is randomly chosen,
461 but not so small that we can't have a fair number of TB's live. */
462 #define MIN_CODE_GEN_BUFFER_SIZE (1024u * 1024)
464 /* Maximum size of the code gen buffer we'd like to use. Unless otherwise
465 indicated, this is constrained by the range of direct branches on the
466 host cpu, as used by the TCG implementation of goto_tb. */
467 #if defined(__x86_64__)
468 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
469 #elif defined(__sparc__)
470 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
471 #elif defined(__aarch64__)
472 # define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024)
473 #elif defined(__arm__)
474 # define MAX_CODE_GEN_BUFFER_SIZE (16u * 1024 * 1024)
475 #elif defined(__s390x__)
476 /* We have a +- 4GB range on the branches; leave some slop. */
477 # define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024)
478 #elif defined(__mips__)
479 /* We have a 256MB branch region, but leave room to make sure the
480 main executable is also within that region. */
481 # define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024)
483 # define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
486 #define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)
488 #define DEFAULT_CODE_GEN_BUFFER_SIZE \
489 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
490 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)
492 static inline size_t size_code_gen_buffer(size_t tb_size)
494 /* Size the buffer. */
496 #ifdef USE_STATIC_CODE_GEN_BUFFER
497 tb_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
499 /* ??? Needs adjustments. */
500 /* ??? If we relax the requirement that CONFIG_USER_ONLY use the
501 static buffer, we could size this on RESERVED_VA, on the text
502 segment size of the executable, or continue to use the default. */
503 tb_size = (unsigned long)(ram_size / 4);
506 if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) {
507 tb_size = MIN_CODE_GEN_BUFFER_SIZE;
509 if (tb_size > MAX_CODE_GEN_BUFFER_SIZE) {
510 tb_size = MAX_CODE_GEN_BUFFER_SIZE;
512 tcg_ctx.code_gen_buffer_size = tb_size;
517 /* In order to use J and JAL within the code_gen_buffer, we require
518 that the buffer not cross a 256MB boundary. */
519 static inline bool cross_256mb(void *addr, size_t size)
521 return ((uintptr_t)addr ^ ((uintptr_t)addr + size)) & 0xf0000000;
524 /* We weren't able to allocate a buffer without crossing that boundary,
525 so make do with the larger portion of the buffer that doesn't cross.
526 Returns the new base of the buffer, and adjusts code_gen_buffer_size. */
527 static inline void *split_cross_256mb(void *buf1, size_t size1)
529 void *buf2 = (void *)(((uintptr_t)buf1 + size1) & 0xf0000000);
530 size_t size2 = buf1 + size1 - buf2;
538 tcg_ctx.code_gen_buffer_size = size1;
543 #ifdef USE_STATIC_CODE_GEN_BUFFER
544 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
545 __attribute__((aligned(CODE_GEN_ALIGN)));
547 static inline void *alloc_code_gen_buffer(void)
549 void *buf = static_code_gen_buffer;
551 if (cross_256mb(buf, tcg_ctx.code_gen_buffer_size)) {
552 buf = split_cross_256mb(buf, tcg_ctx.code_gen_buffer_size);
555 map_exec(buf, tcg_ctx.code_gen_buffer_size);
558 #elif defined(USE_MMAP)
559 static inline void *alloc_code_gen_buffer(void)
561 int flags = MAP_PRIVATE | MAP_ANONYMOUS;
565 /* Constrain the position of the buffer based on the host cpu.
566 Note that these addresses are chosen in concert with the
567 addresses assigned in the relevant linker script file. */
568 # if defined(__PIE__) || defined(__PIC__)
569 /* Don't bother setting a preferred location if we're building
570 a position-independent executable. We're more likely to get
571 an address near the main executable if we let the kernel
572 choose the address. */
573 # elif defined(__x86_64__) && defined(MAP_32BIT)
574 /* Force the memory down into low memory with the executable.
575 Leave the choice of exact location with the kernel. */
577 /* Cannot expect to map more than 800MB in low memory. */
578 if (tcg_ctx.code_gen_buffer_size > 800u * 1024 * 1024) {
579 tcg_ctx.code_gen_buffer_size = 800u * 1024 * 1024;
581 # elif defined(__sparc__)
582 start = 0x40000000ul;
583 # elif defined(__s390x__)
584 start = 0x90000000ul;
585 # elif defined(__mips__)
586 /* ??? We ought to more explicitly manage layout for softmmu too. */
587 # ifdef CONFIG_USER_ONLY
588 start = 0x68000000ul;
589 # elif _MIPS_SIM == _ABI64
590 start = 0x128000000ul;
592 start = 0x08000000ul;
596 buf = mmap((void *)start, tcg_ctx.code_gen_buffer_size,
597 PROT_WRITE | PROT_READ | PROT_EXEC, flags, -1, 0);
598 if (buf == MAP_FAILED) {
603 if (cross_256mb(buf, tcg_ctx.code_gen_buffer_size)) {
604 /* Try again, with the original still mapped, to avoid re-aquiring
605 that 256mb crossing. This time don't specify an address. */
606 size_t size2, size1 = tcg_ctx.code_gen_buffer_size;
607 void *buf2 = mmap(NULL, size1, PROT_WRITE | PROT_READ | PROT_EXEC,
609 if (buf2 != MAP_FAILED) {
610 if (!cross_256mb(buf2, size1)) {
611 /* Success! Use the new buffer. */
615 /* Failure. Work with what we had. */
619 /* Split the original buffer. Free the smaller half. */
620 buf2 = split_cross_256mb(buf, size1);
621 size2 = tcg_ctx.code_gen_buffer_size;
622 munmap(buf + (buf == buf2 ? size2 : 0), size1 - size2);
630 static inline void *alloc_code_gen_buffer(void)
632 void *buf = g_malloc(tcg_ctx.code_gen_buffer_size);
639 if (cross_256mb(buf, tcg_ctx.code_gen_buffer_size)) {
640 void *buf2 = g_malloc(tcg_ctx.code_gen_buffer_size);
641 if (buf2 != NULL && !cross_256mb(buf2, size1)) {
642 /* Success! Use the new buffer. */
646 /* Failure. Work with what we had. Since this is malloc
647 and not mmap, we can't free the other half. */
649 buf = split_cross_256mb(buf, tcg_ctx.code_gen_buffer_size);
654 map_exec(buf, tcg_ctx.code_gen_buffer_size);
657 #endif /* USE_STATIC_CODE_GEN_BUFFER, USE_MMAP */
659 static inline void code_gen_alloc(size_t tb_size)
661 tcg_ctx.code_gen_buffer_size = size_code_gen_buffer(tb_size);
662 tcg_ctx.code_gen_buffer = alloc_code_gen_buffer();
663 if (tcg_ctx.code_gen_buffer == NULL) {
664 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
668 qemu_madvise(tcg_ctx.code_gen_buffer, tcg_ctx.code_gen_buffer_size,
671 /* Steal room for the prologue at the end of the buffer. This ensures
672 (via the MAX_CODE_GEN_BUFFER_SIZE limits above) that direct branches
673 from TB's to the prologue are going to be in range. It also means
674 that we don't need to mark (additional) portions of the data segment
676 tcg_ctx.code_gen_prologue = tcg_ctx.code_gen_buffer +
677 tcg_ctx.code_gen_buffer_size - 1024;
678 tcg_ctx.code_gen_buffer_size -= 1024;
680 tcg_ctx.code_gen_buffer_max_size = tcg_ctx.code_gen_buffer_size -
681 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
682 tcg_ctx.code_gen_max_blocks = tcg_ctx.code_gen_buffer_size /
683 CODE_GEN_AVG_BLOCK_SIZE;
685 g_malloc(tcg_ctx.code_gen_max_blocks * sizeof(TranslationBlock));
688 /* Must be called before using the QEMU cpus. 'tb_size' is the size
689 (in bytes) allocated to the translation buffer. Zero means default
691 void tcg_exec_init(unsigned long tb_size)
694 code_gen_alloc(tb_size);
695 tcg_ctx.code_gen_ptr = tcg_ctx.code_gen_buffer;
696 tcg_register_jit(tcg_ctx.code_gen_buffer, tcg_ctx.code_gen_buffer_size);
698 #if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
699 /* There's no guest base to take into account, so go ahead and
700 initialize the prologue now. */
701 tcg_prologue_init(&tcg_ctx);
705 bool tcg_enabled(void)
707 return tcg_ctx.code_gen_buffer != NULL;
710 /* Allocate a new translation block. Flush the translation buffer if
711 too many translation blocks or too much generated code. */
712 static TranslationBlock *tb_alloc(target_ulong pc)
714 TranslationBlock *tb;
716 if (tcg_ctx.tb_ctx.nb_tbs >= tcg_ctx.code_gen_max_blocks ||
717 (tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer) >=
718 tcg_ctx.code_gen_buffer_max_size) {
721 tb = &tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs++];
727 void tb_free(TranslationBlock *tb)
729 /* In practice this is mostly used for single use temporary TB
730 Ignore the hard cases and just back up if this TB happens to
731 be the last one generated. */
732 if (tcg_ctx.tb_ctx.nb_tbs > 0 &&
733 tb == &tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs - 1]) {
734 tcg_ctx.code_gen_ptr = tb->tc_ptr;
735 tcg_ctx.tb_ctx.nb_tbs--;
739 static inline void invalidate_page_bitmap(PageDesc *p)
741 if (p->code_bitmap) {
742 g_free(p->code_bitmap);
743 p->code_bitmap = NULL;
745 p->code_write_count = 0;
748 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
749 static void page_flush_tb_1(int level, void **lp)
759 for (i = 0; i < V_L2_SIZE; ++i) {
760 pd[i].first_tb = NULL;
761 invalidate_page_bitmap(pd + i);
766 for (i = 0; i < V_L2_SIZE; ++i) {
767 page_flush_tb_1(level - 1, pp + i);
772 static void page_flush_tb(void)
776 for (i = 0; i < V_L1_SIZE; i++) {
777 page_flush_tb_1(V_L1_SHIFT / V_L2_BITS - 1, l1_map + i);
781 /* flush all the translation blocks */
782 /* XXX: tb_flush is currently not thread safe */
783 void tb_flush(CPUArchState *env1)
785 CPUState *cpu = ENV_GET_CPU(env1);
787 #if defined(DEBUG_FLUSH)
788 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
789 (unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer),
790 tcg_ctx.tb_ctx.nb_tbs, tcg_ctx.tb_ctx.nb_tbs > 0 ?
791 ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)) /
792 tcg_ctx.tb_ctx.nb_tbs : 0);
794 if ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)
795 > tcg_ctx.code_gen_buffer_size) {
796 cpu_abort(cpu, "Internal error: code buffer overflow\n");
798 tcg_ctx.tb_ctx.nb_tbs = 0;
801 memset(cpu->tb_jmp_cache, 0, sizeof(cpu->tb_jmp_cache));
804 memset(tcg_ctx.tb_ctx.tb_phys_hash, 0, sizeof(tcg_ctx.tb_ctx.tb_phys_hash));
807 tcg_ctx.code_gen_ptr = tcg_ctx.code_gen_buffer;
808 /* XXX: flush processor icache at this point if cache flush is
810 tcg_ctx.tb_ctx.tb_flush_count++;
813 #ifdef DEBUG_TB_CHECK
815 static void tb_invalidate_check(target_ulong address)
817 TranslationBlock *tb;
820 address &= TARGET_PAGE_MASK;
821 for (i = 0; i < CODE_GEN_PHYS_HASH_SIZE; i++) {
822 for (tb = tb_ctx.tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
823 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
824 address >= tb->pc + tb->size)) {
825 printf("ERROR invalidate: address=" TARGET_FMT_lx
826 " PC=%08lx size=%04x\n",
827 address, (long)tb->pc, tb->size);
833 /* verify that all the pages have correct rights for code */
834 static void tb_page_check(void)
836 TranslationBlock *tb;
837 int i, flags1, flags2;
839 for (i = 0; i < CODE_GEN_PHYS_HASH_SIZE; i++) {
840 for (tb = tcg_ctx.tb_ctx.tb_phys_hash[i]; tb != NULL;
841 tb = tb->phys_hash_next) {
842 flags1 = page_get_flags(tb->pc);
843 flags2 = page_get_flags(tb->pc + tb->size - 1);
844 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
845 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
846 (long)tb->pc, tb->size, flags1, flags2);
854 static inline void tb_hash_remove(TranslationBlock **ptb, TranslationBlock *tb)
856 TranslationBlock *tb1;
861 *ptb = tb1->phys_hash_next;
864 ptb = &tb1->phys_hash_next;
868 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
870 TranslationBlock *tb1;
875 n1 = (uintptr_t)tb1 & 3;
876 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
878 *ptb = tb1->page_next[n1];
881 ptb = &tb1->page_next[n1];
885 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
887 TranslationBlock *tb1, **ptb;
890 ptb = &tb->jmp_next[n];
893 /* find tb(n) in circular list */
896 n1 = (uintptr_t)tb1 & 3;
897 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
898 if (n1 == n && tb1 == tb) {
902 ptb = &tb1->jmp_first;
904 ptb = &tb1->jmp_next[n1];
907 /* now we can suppress tb(n) from the list */
908 *ptb = tb->jmp_next[n];
910 tb->jmp_next[n] = NULL;
914 /* reset the jump entry 'n' of a TB so that it is not chained to
916 static inline void tb_reset_jump(TranslationBlock *tb, int n)
918 tb_set_jmp_target(tb, n, (uintptr_t)(tb->tc_ptr + tb->tb_next_offset[n]));
921 /* invalidate one TB */
922 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
927 tb_page_addr_t phys_pc;
928 TranslationBlock *tb1, *tb2;
930 /* remove the TB from the hash list */
931 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
932 h = tb_phys_hash_func(phys_pc);
933 tb_hash_remove(&tcg_ctx.tb_ctx.tb_phys_hash[h], tb);
935 /* remove the TB from the page list */
936 if (tb->page_addr[0] != page_addr) {
937 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
938 tb_page_remove(&p->first_tb, tb);
939 invalidate_page_bitmap(p);
941 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
942 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
943 tb_page_remove(&p->first_tb, tb);
944 invalidate_page_bitmap(p);
947 tcg_ctx.tb_ctx.tb_invalidated_flag = 1;
949 /* remove the TB from the hash list */
950 h = tb_jmp_cache_hash_func(tb->pc);
952 if (cpu->tb_jmp_cache[h] == tb) {
953 cpu->tb_jmp_cache[h] = NULL;
957 /* suppress this TB from the two jump lists */
958 tb_jmp_remove(tb, 0);
959 tb_jmp_remove(tb, 1);
961 /* suppress any remaining jumps to this TB */
964 n1 = (uintptr_t)tb1 & 3;
968 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
969 tb2 = tb1->jmp_next[n1];
970 tb_reset_jump(tb1, n1);
971 tb1->jmp_next[n1] = NULL;
974 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
976 tcg_ctx.tb_ctx.tb_phys_invalidate_count++;
979 static inline void set_bits(uint8_t *tab, int start, int len)
985 mask = 0xff << (start & 7);
986 if ((start & ~7) == (end & ~7)) {
988 mask &= ~(0xff << (end & 7));
993 start = (start + 8) & ~7;
995 while (start < end1) {
1000 mask = ~(0xff << (end & 7));
1006 static void build_page_bitmap(PageDesc *p)
1008 int n, tb_start, tb_end;
1009 TranslationBlock *tb;
1011 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
1014 while (tb != NULL) {
1015 n = (uintptr_t)tb & 3;
1016 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1017 /* NOTE: this is subtle as a TB may span two physical pages */
1019 /* NOTE: tb_end may be after the end of the page, but
1020 it is not a problem */
1021 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1022 tb_end = tb_start + tb->size;
1023 if (tb_end > TARGET_PAGE_SIZE) {
1024 tb_end = TARGET_PAGE_SIZE;
1028 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1030 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
1031 tb = tb->page_next[n];
1035 TranslationBlock *tb_gen_code(CPUState *cpu,
1036 target_ulong pc, target_ulong cs_base,
1037 int flags, int cflags)
1039 CPUArchState *env = cpu->env_ptr;
1040 TranslationBlock *tb;
1041 tb_page_addr_t phys_pc, phys_page2;
1042 target_ulong virt_page2;
1045 phys_pc = get_page_addr_code(env, pc);
1048 /* flush must be done */
1050 /* cannot fail at this point */
1052 /* Don't forget to invalidate previous TB info. */
1053 tcg_ctx.tb_ctx.tb_invalidated_flag = 1;
1055 tb->tc_ptr = tcg_ctx.code_gen_ptr;
1056 tb->cs_base = cs_base;
1058 tb->cflags = cflags;
1059 cpu_gen_code(env, tb, &code_gen_size);
1060 tcg_ctx.code_gen_ptr = (void *)(((uintptr_t)tcg_ctx.code_gen_ptr +
1061 code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
1063 /* check next page if needed */
1064 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
1066 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
1067 phys_page2 = get_page_addr_code(env, virt_page2);
1069 tb_link_page(tb, phys_pc, phys_page2);
1074 * Invalidate all TBs which intersect with the target physical address range
1075 * [start;end[. NOTE: start and end may refer to *different* physical pages.
1076 * 'is_cpu_write_access' should be true if called from a real cpu write
1077 * access: the virtual CPU will exit the current TB if code is modified inside
1080 void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end,
1081 int is_cpu_write_access)
1083 while (start < end) {
1084 tb_invalidate_phys_page_range(start, end, is_cpu_write_access);
1085 start &= TARGET_PAGE_MASK;
1086 start += TARGET_PAGE_SIZE;
1091 * Invalidate all TBs which intersect with the target physical address range
1092 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1093 * 'is_cpu_write_access' should be true if called from a real cpu write
1094 * access: the virtual CPU will exit the current TB if code is modified inside
1097 void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
1098 int is_cpu_write_access)
1100 TranslationBlock *tb, *tb_next, *saved_tb;
1101 CPUState *cpu = current_cpu;
1102 #if defined(TARGET_HAS_PRECISE_SMC)
1103 CPUArchState *env = NULL;
1105 tb_page_addr_t tb_start, tb_end;
1108 #ifdef TARGET_HAS_PRECISE_SMC
1109 int current_tb_not_found = is_cpu_write_access;
1110 TranslationBlock *current_tb = NULL;
1111 int current_tb_modified = 0;
1112 target_ulong current_pc = 0;
1113 target_ulong current_cs_base = 0;
1114 int current_flags = 0;
1115 #endif /* TARGET_HAS_PRECISE_SMC */
1117 p = page_find(start >> TARGET_PAGE_BITS);
1121 if (!p->code_bitmap &&
1122 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1123 is_cpu_write_access) {
1124 /* build code bitmap */
1125 build_page_bitmap(p);
1127 #if defined(TARGET_HAS_PRECISE_SMC)
1133 /* we remove all the TBs in the range [start, end[ */
1134 /* XXX: see if in some cases it could be faster to invalidate all
1137 while (tb != NULL) {
1138 n = (uintptr_t)tb & 3;
1139 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1140 tb_next = tb->page_next[n];
1141 /* NOTE: this is subtle as a TB may span two physical pages */
1143 /* NOTE: tb_end may be after the end of the page, but
1144 it is not a problem */
1145 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1146 tb_end = tb_start + tb->size;
1148 tb_start = tb->page_addr[1];
1149 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1151 if (!(tb_end <= start || tb_start >= end)) {
1152 #ifdef TARGET_HAS_PRECISE_SMC
1153 if (current_tb_not_found) {
1154 current_tb_not_found = 0;
1156 if (cpu->mem_io_pc) {
1157 /* now we have a real cpu fault */
1158 current_tb = tb_find_pc(cpu->mem_io_pc);
1161 if (current_tb == tb &&
1162 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1163 /* If we are modifying the current TB, we must stop
1164 its execution. We could be more precise by checking
1165 that the modification is after the current PC, but it
1166 would require a specialized function to partially
1167 restore the CPU state */
1169 current_tb_modified = 1;
1170 cpu_restore_state_from_tb(cpu, current_tb, cpu->mem_io_pc);
1171 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1174 #endif /* TARGET_HAS_PRECISE_SMC */
1175 /* we need to do that to handle the case where a signal
1176 occurs while doing tb_phys_invalidate() */
1179 saved_tb = cpu->current_tb;
1180 cpu->current_tb = NULL;
1182 tb_phys_invalidate(tb, -1);
1184 cpu->current_tb = saved_tb;
1185 if (cpu->interrupt_request && cpu->current_tb) {
1186 cpu_interrupt(cpu, cpu->interrupt_request);
1192 #if !defined(CONFIG_USER_ONLY)
1193 /* if no code remaining, no need to continue to use slow writes */
1195 invalidate_page_bitmap(p);
1196 if (is_cpu_write_access) {
1197 tlb_unprotect_code_phys(cpu, start, cpu->mem_io_vaddr);
1201 #ifdef TARGET_HAS_PRECISE_SMC
1202 if (current_tb_modified) {
1203 /* we generate a block containing just the instruction
1204 modifying the memory. It will ensure that it cannot modify
1206 cpu->current_tb = NULL;
1207 tb_gen_code(cpu, current_pc, current_cs_base, current_flags, 1);
1208 cpu_resume_from_signal(cpu, NULL);
1213 /* len must be <= 8 and start must be a multiple of len */
1214 void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1221 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1222 cpu_single_env->mem_io_vaddr, len,
1223 cpu_single_env->eip,
1224 cpu_single_env->eip +
1225 (intptr_t)cpu_single_env->segs[R_CS].base);
1228 p = page_find(start >> TARGET_PAGE_BITS);
1232 if (p->code_bitmap) {
1233 offset = start & ~TARGET_PAGE_MASK;
1234 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1235 if (b & ((1 << len) - 1)) {
1240 tb_invalidate_phys_page_range(start, start + len, 1);
1244 #if !defined(CONFIG_SOFTMMU)
1245 static void tb_invalidate_phys_page(tb_page_addr_t addr,
1246 uintptr_t pc, void *puc,
1249 TranslationBlock *tb;
1252 #ifdef TARGET_HAS_PRECISE_SMC
1253 TranslationBlock *current_tb = NULL;
1254 CPUState *cpu = current_cpu;
1255 CPUArchState *env = NULL;
1256 int current_tb_modified = 0;
1257 target_ulong current_pc = 0;
1258 target_ulong current_cs_base = 0;
1259 int current_flags = 0;
1262 addr &= TARGET_PAGE_MASK;
1263 p = page_find(addr >> TARGET_PAGE_BITS);
1268 #ifdef TARGET_HAS_PRECISE_SMC
1269 if (tb && pc != 0) {
1270 current_tb = tb_find_pc(pc);
1276 while (tb != NULL) {
1277 n = (uintptr_t)tb & 3;
1278 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1279 #ifdef TARGET_HAS_PRECISE_SMC
1280 if (current_tb == tb &&
1281 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1282 /* If we are modifying the current TB, we must stop
1283 its execution. We could be more precise by checking
1284 that the modification is after the current PC, but it
1285 would require a specialized function to partially
1286 restore the CPU state */
1288 current_tb_modified = 1;
1289 cpu_restore_state_from_tb(cpu, current_tb, pc);
1290 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1293 #endif /* TARGET_HAS_PRECISE_SMC */
1294 tb_phys_invalidate(tb, addr);
1295 tb = tb->page_next[n];
1298 #ifdef TARGET_HAS_PRECISE_SMC
1299 if (current_tb_modified) {
1300 /* we generate a block containing just the instruction
1301 modifying the memory. It will ensure that it cannot modify
1303 cpu->current_tb = NULL;
1304 tb_gen_code(cpu, current_pc, current_cs_base, current_flags, 1);
1308 cpu_resume_from_signal(cpu, puc);
1314 /* add the tb in the target page and protect it if necessary */
1315 static inline void tb_alloc_page(TranslationBlock *tb,
1316 unsigned int n, tb_page_addr_t page_addr)
1319 #ifndef CONFIG_USER_ONLY
1320 bool page_already_protected;
1323 tb->page_addr[n] = page_addr;
1324 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1325 tb->page_next[n] = p->first_tb;
1326 #ifndef CONFIG_USER_ONLY
1327 page_already_protected = p->first_tb != NULL;
1329 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
1330 invalidate_page_bitmap(p);
1332 #if defined(TARGET_HAS_SMC) || 1
1334 #if defined(CONFIG_USER_ONLY)
1335 if (p->flags & PAGE_WRITE) {
1340 /* force the host page as non writable (writes will have a
1341 page fault + mprotect overhead) */
1342 page_addr &= qemu_host_page_mask;
1344 for (addr = page_addr; addr < page_addr + qemu_host_page_size;
1345 addr += TARGET_PAGE_SIZE) {
1347 p2 = page_find(addr >> TARGET_PAGE_BITS);
1352 p2->flags &= ~PAGE_WRITE;
1354 mprotect(g2h(page_addr), qemu_host_page_size,
1355 (prot & PAGE_BITS) & ~PAGE_WRITE);
1356 #ifdef DEBUG_TB_INVALIDATE
1357 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1362 /* if some code is already present, then the pages are already
1363 protected. So we handle the case where only the first TB is
1364 allocated in a physical page */
1365 if (!page_already_protected) {
1366 tlb_protect_code(page_addr);
1370 #endif /* TARGET_HAS_SMC */
1373 /* add a new TB and link it to the physical page tables. phys_page2 is
1374 (-1) to indicate that only one page contains the TB. */
1375 static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
1376 tb_page_addr_t phys_page2)
1379 TranslationBlock **ptb;
1381 /* Grab the mmap lock to stop another thread invalidating this TB
1382 before we are done. */
1384 /* add in the physical hash table */
1385 h = tb_phys_hash_func(phys_pc);
1386 ptb = &tcg_ctx.tb_ctx.tb_phys_hash[h];
1387 tb->phys_hash_next = *ptb;
1390 /* add in the page list */
1391 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1392 if (phys_page2 != -1) {
1393 tb_alloc_page(tb, 1, phys_page2);
1395 tb->page_addr[1] = -1;
1398 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2);
1399 tb->jmp_next[0] = NULL;
1400 tb->jmp_next[1] = NULL;
1402 /* init original jump addresses */
1403 if (tb->tb_next_offset[0] != 0xffff) {
1404 tb_reset_jump(tb, 0);
1406 if (tb->tb_next_offset[1] != 0xffff) {
1407 tb_reset_jump(tb, 1);
1410 #ifdef DEBUG_TB_CHECK
1416 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1417 tb[1].tc_ptr. Return NULL if not found */
1418 static TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
1420 int m_min, m_max, m;
1422 TranslationBlock *tb;
1424 if (tcg_ctx.tb_ctx.nb_tbs <= 0) {
1427 if (tc_ptr < (uintptr_t)tcg_ctx.code_gen_buffer ||
1428 tc_ptr >= (uintptr_t)tcg_ctx.code_gen_ptr) {
1431 /* binary search (cf Knuth) */
1433 m_max = tcg_ctx.tb_ctx.nb_tbs - 1;
1434 while (m_min <= m_max) {
1435 m = (m_min + m_max) >> 1;
1436 tb = &tcg_ctx.tb_ctx.tbs[m];
1437 v = (uintptr_t)tb->tc_ptr;
1440 } else if (tc_ptr < v) {
1446 return &tcg_ctx.tb_ctx.tbs[m_max];
1449 #if defined(TARGET_HAS_ICE) && !defined(CONFIG_USER_ONLY)
1450 void tb_invalidate_phys_addr(AddressSpace *as, hwaddr addr)
1452 ram_addr_t ram_addr;
1456 mr = address_space_translate(as, addr, &addr, &l, false);
1457 if (!(memory_region_is_ram(mr)
1458 || memory_region_is_romd(mr))) {
1461 ram_addr = (memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK)
1463 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1465 #endif /* TARGET_HAS_ICE && !defined(CONFIG_USER_ONLY) */
1467 void tb_check_watchpoint(CPUState *cpu)
1469 TranslationBlock *tb;
1471 tb = tb_find_pc(cpu->mem_io_pc);
1473 cpu_abort(cpu, "check_watchpoint: could not find TB for pc=%p",
1474 (void *)cpu->mem_io_pc);
1476 cpu_restore_state_from_tb(cpu, tb, cpu->mem_io_pc);
1477 tb_phys_invalidate(tb, -1);
1480 #ifndef CONFIG_USER_ONLY
1481 /* mask must never be zero, except for A20 change call */
1482 static void tcg_handle_interrupt(CPUState *cpu, int mask)
1486 old_mask = cpu->interrupt_request;
1487 cpu->interrupt_request |= mask;
1490 * If called from iothread context, wake the target cpu in
1493 if (!qemu_cpu_is_self(cpu)) {
1499 cpu->icount_decr.u16.high = 0xffff;
1500 if (!cpu_can_do_io(cpu)
1501 && (mask & ~old_mask) != 0) {
1502 cpu_abort(cpu, "Raised interrupt while not in I/O function");
1505 cpu->tcg_exit_req = 1;
1509 CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1511 /* in deterministic execution mode, instructions doing device I/Os
1512 must be at the end of the TB */
1513 void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
1515 #if defined(TARGET_MIPS) || defined(TARGET_SH4)
1516 CPUArchState *env = cpu->env_ptr;
1518 TranslationBlock *tb;
1520 target_ulong pc, cs_base;
1523 tb = tb_find_pc(retaddr);
1525 cpu_abort(cpu, "cpu_io_recompile: could not find TB for pc=%p",
1528 n = cpu->icount_decr.u16.low + tb->icount;
1529 cpu_restore_state_from_tb(cpu, tb, retaddr);
1530 /* Calculate how many instructions had been executed before the fault
1532 n = n - cpu->icount_decr.u16.low;
1533 /* Generate a new TB ending on the I/O insn. */
1535 /* On MIPS and SH, delay slot instructions can only be restarted if
1536 they were already the first instruction in the TB. If this is not
1537 the first instruction in a TB then re-execute the preceding
1539 #if defined(TARGET_MIPS)
1540 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
1541 env->active_tc.PC -= 4;
1542 cpu->icount_decr.u16.low++;
1543 env->hflags &= ~MIPS_HFLAG_BMASK;
1545 #elif defined(TARGET_SH4)
1546 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
1549 cpu->icount_decr.u16.low++;
1550 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
1553 /* This should never happen. */
1554 if (n > CF_COUNT_MASK) {
1555 cpu_abort(cpu, "TB too big during recompile");
1558 cflags = n | CF_LAST_IO;
1560 cs_base = tb->cs_base;
1562 tb_phys_invalidate(tb, -1);
1563 /* FIXME: In theory this could raise an exception. In practice
1564 we have already translated the block once so it's probably ok. */
1565 tb_gen_code(cpu, pc, cs_base, flags, cflags);
1566 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
1567 the first in the TB) then we end up generating a whole new TB and
1568 repeating the fault, which is horribly inefficient.
1569 Better would be to execute just this insn uncached, or generate a
1571 cpu_resume_from_signal(cpu, NULL);
1574 void tb_flush_jmp_cache(CPUState *cpu, target_ulong addr)
1578 /* Discard jump cache entries for any tb which might potentially
1579 overlap the flushed page. */
1580 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1581 memset(&cpu->tb_jmp_cache[i], 0,
1582 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1584 i = tb_jmp_cache_hash_page(addr);
1585 memset(&cpu->tb_jmp_cache[i], 0,
1586 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1589 void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
1591 int i, target_code_size, max_target_code_size;
1592 int direct_jmp_count, direct_jmp2_count, cross_page;
1593 TranslationBlock *tb;
1595 target_code_size = 0;
1596 max_target_code_size = 0;
1598 direct_jmp_count = 0;
1599 direct_jmp2_count = 0;
1600 for (i = 0; i < tcg_ctx.tb_ctx.nb_tbs; i++) {
1601 tb = &tcg_ctx.tb_ctx.tbs[i];
1602 target_code_size += tb->size;
1603 if (tb->size > max_target_code_size) {
1604 max_target_code_size = tb->size;
1606 if (tb->page_addr[1] != -1) {
1609 if (tb->tb_next_offset[0] != 0xffff) {
1611 if (tb->tb_next_offset[1] != 0xffff) {
1612 direct_jmp2_count++;
1616 /* XXX: avoid using doubles ? */
1617 cpu_fprintf(f, "Translation buffer state:\n");
1618 cpu_fprintf(f, "gen code size %td/%zd\n",
1619 tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer,
1620 tcg_ctx.code_gen_buffer_max_size);
1621 cpu_fprintf(f, "TB count %d/%d\n",
1622 tcg_ctx.tb_ctx.nb_tbs, tcg_ctx.code_gen_max_blocks);
1623 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
1624 tcg_ctx.tb_ctx.nb_tbs ? target_code_size /
1625 tcg_ctx.tb_ctx.nb_tbs : 0,
1626 max_target_code_size);
1627 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
1628 tcg_ctx.tb_ctx.nb_tbs ? (tcg_ctx.code_gen_ptr -
1629 tcg_ctx.code_gen_buffer) /
1630 tcg_ctx.tb_ctx.nb_tbs : 0,
1631 target_code_size ? (double) (tcg_ctx.code_gen_ptr -
1632 tcg_ctx.code_gen_buffer) /
1633 target_code_size : 0);
1634 cpu_fprintf(f, "cross page TB count %d (%d%%)\n", cross_page,
1635 tcg_ctx.tb_ctx.nb_tbs ? (cross_page * 100) /
1636 tcg_ctx.tb_ctx.nb_tbs : 0);
1637 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
1639 tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp_count * 100) /
1640 tcg_ctx.tb_ctx.nb_tbs : 0,
1642 tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp2_count * 100) /
1643 tcg_ctx.tb_ctx.nb_tbs : 0);
1644 cpu_fprintf(f, "\nStatistics:\n");
1645 cpu_fprintf(f, "TB flush count %d\n", tcg_ctx.tb_ctx.tb_flush_count);
1646 cpu_fprintf(f, "TB invalidate count %d\n",
1647 tcg_ctx.tb_ctx.tb_phys_invalidate_count);
1648 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
1649 tcg_dump_info(f, cpu_fprintf);
1652 #else /* CONFIG_USER_ONLY */
1654 void cpu_interrupt(CPUState *cpu, int mask)
1656 cpu->interrupt_request |= mask;
1657 cpu->tcg_exit_req = 1;
1661 * Walks guest process memory "regions" one by one
1662 * and calls callback function 'fn' for each region.
1664 struct walk_memory_regions_data {
1665 walk_memory_regions_fn fn;
1671 static int walk_memory_regions_end(struct walk_memory_regions_data *data,
1672 abi_ulong end, int new_prot)
1674 if (data->start != -1ul) {
1675 int rc = data->fn(data->priv, data->start, end, data->prot);
1681 data->start = (new_prot ? end : -1ul);
1682 data->prot = new_prot;
1687 static int walk_memory_regions_1(struct walk_memory_regions_data *data,
1688 abi_ulong base, int level, void **lp)
1694 return walk_memory_regions_end(data, base, 0);
1700 for (i = 0; i < V_L2_SIZE; ++i) {
1701 int prot = pd[i].flags;
1703 pa = base | (i << TARGET_PAGE_BITS);
1704 if (prot != data->prot) {
1705 rc = walk_memory_regions_end(data, pa, prot);
1714 for (i = 0; i < V_L2_SIZE; ++i) {
1715 pa = base | ((abi_ulong)i <<
1716 (TARGET_PAGE_BITS + V_L2_BITS * level));
1717 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
1727 int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
1729 struct walk_memory_regions_data data;
1737 for (i = 0; i < V_L1_SIZE; i++) {
1738 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
1739 V_L1_SHIFT / V_L2_BITS - 1, l1_map + i);
1746 return walk_memory_regions_end(&data, 0, 0);
1749 static int dump_region(void *priv, abi_ulong start,
1750 abi_ulong end, unsigned long prot)
1752 FILE *f = (FILE *)priv;
1754 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
1755 " "TARGET_ABI_FMT_lx" %c%c%c\n",
1756 start, end, end - start,
1757 ((prot & PAGE_READ) ? 'r' : '-'),
1758 ((prot & PAGE_WRITE) ? 'w' : '-'),
1759 ((prot & PAGE_EXEC) ? 'x' : '-'));
1764 /* dump memory mappings */
1765 void page_dump(FILE *f)
1767 const int length = sizeof(abi_ulong) * 2;
1768 (void) fprintf(f, "%-*s %-*s %-*s %s\n",
1769 length, "start", length, "end", length, "size", "prot");
1770 walk_memory_regions(f, dump_region);
1773 int page_get_flags(target_ulong address)
1777 p = page_find(address >> TARGET_PAGE_BITS);
1784 /* Modify the flags of a page and invalidate the code if necessary.
1785 The flag PAGE_WRITE_ORG is positioned automatically depending
1786 on PAGE_WRITE. The mmap_lock should already be held. */
1787 void page_set_flags(target_ulong start, target_ulong end, int flags)
1789 target_ulong addr, len;
1791 /* This function should never be called with addresses outside the
1792 guest address space. If this assert fires, it probably indicates
1793 a missing call to h2g_valid. */
1794 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
1795 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
1797 assert(start < end);
1799 start = start & TARGET_PAGE_MASK;
1800 end = TARGET_PAGE_ALIGN(end);
1802 if (flags & PAGE_WRITE) {
1803 flags |= PAGE_WRITE_ORG;
1806 for (addr = start, len = end - start;
1808 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
1809 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
1811 /* If the write protection bit is set, then we invalidate
1813 if (!(p->flags & PAGE_WRITE) &&
1814 (flags & PAGE_WRITE) &&
1816 tb_invalidate_phys_page(addr, 0, NULL, false);
1822 int page_check_range(target_ulong start, target_ulong len, int flags)
1828 /* This function should never be called with addresses outside the
1829 guest address space. If this assert fires, it probably indicates
1830 a missing call to h2g_valid. */
1831 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
1832 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
1838 if (start + len - 1 < start) {
1839 /* We've wrapped around. */
1843 /* must do before we loose bits in the next step */
1844 end = TARGET_PAGE_ALIGN(start + len);
1845 start = start & TARGET_PAGE_MASK;
1847 for (addr = start, len = end - start;
1849 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
1850 p = page_find(addr >> TARGET_PAGE_BITS);
1854 if (!(p->flags & PAGE_VALID)) {
1858 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ)) {
1861 if (flags & PAGE_WRITE) {
1862 if (!(p->flags & PAGE_WRITE_ORG)) {
1865 /* unprotect the page if it was put read-only because it
1866 contains translated code */
1867 if (!(p->flags & PAGE_WRITE)) {
1868 if (!page_unprotect(addr, 0, NULL)) {
1877 /* called from signal handler: invalidate the code and unprotect the
1878 page. Return TRUE if the fault was successfully handled. */
1879 int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
1883 target_ulong host_start, host_end, addr;
1885 /* Technically this isn't safe inside a signal handler. However we
1886 know this only ever happens in a synchronous SEGV handler, so in
1887 practice it seems to be ok. */
1890 p = page_find(address >> TARGET_PAGE_BITS);
1896 /* if the page was really writable, then we change its
1897 protection back to writable */
1898 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
1899 host_start = address & qemu_host_page_mask;
1900 host_end = host_start + qemu_host_page_size;
1903 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
1904 p = page_find(addr >> TARGET_PAGE_BITS);
1905 p->flags |= PAGE_WRITE;
1908 /* and since the content will be modified, we must invalidate
1909 the corresponding translated code. */
1910 tb_invalidate_phys_page(addr, pc, puc, true);
1911 #ifdef DEBUG_TB_CHECK
1912 tb_invalidate_check(addr);
1915 mprotect((void *)g2h(host_start), qemu_host_page_size,
1924 #endif /* CONFIG_USER_ONLY */
projects / lisovros / qemu_apohw.git / blob