2 * emulator main execution loop
4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include "disas/disas.h"
23 #include "qemu/atomic.h"
24 #include "sysemu/qtest.h"
26 int tb_invalidated_flag;
28 //#define CONFIG_DEBUG_EXEC
30 bool qemu_cpu_has_work(CPUState *cpu)
32 return cpu_has_work(cpu);
35 void cpu_loop_exit(CPUArchState *env)
37 env->current_tb = NULL;
38 longjmp(env->jmp_env, 1);
41 /* exit the current TB from a signal handler. The host registers are
42 restored in a state compatible with the CPU emulator
44 #if defined(CONFIG_SOFTMMU)
45 void cpu_resume_from_signal(CPUArchState *env, void *puc)
47 /* XXX: restore cpu registers saved in host registers */
49 env->exception_index = -1;
50 longjmp(env->jmp_env, 1);
54 /* Execute the code without caching the generated code. An interpreter
55 could be used if available. */
56 static void cpu_exec_nocache(CPUArchState *env, int max_cycles,
57 TranslationBlock *orig_tb)
59 tcg_target_ulong next_tb;
62 /* Should never happen.
63 We only end up here when an existing TB is too long. */
64 if (max_cycles > CF_COUNT_MASK)
65 max_cycles = CF_COUNT_MASK;
67 tb = tb_gen_code(env, orig_tb->pc, orig_tb->cs_base, orig_tb->flags,
70 /* execute the generated code */
71 next_tb = tcg_qemu_tb_exec(env, tb->tc_ptr);
72 env->current_tb = NULL;
74 if ((next_tb & 3) == 2) {
75 /* Restore PC. This may happen if async event occurs before
76 the TB starts executing. */
77 cpu_pc_from_tb(env, tb);
79 tb_phys_invalidate(tb, -1);
83 static TranslationBlock *tb_find_slow(CPUArchState *env,
88 TranslationBlock *tb, **ptb1;
90 tb_page_addr_t phys_pc, phys_page1;
91 target_ulong virt_page2;
93 tb_invalidated_flag = 0;
95 /* find translated block using physical mappings */
96 phys_pc = get_page_addr_code(env, pc);
97 phys_page1 = phys_pc & TARGET_PAGE_MASK;
98 h = tb_phys_hash_func(phys_pc);
99 ptb1 = &tb_phys_hash[h];
105 tb->page_addr[0] == phys_page1 &&
106 tb->cs_base == cs_base &&
107 tb->flags == flags) {
108 /* check next page if needed */
109 if (tb->page_addr[1] != -1) {
110 tb_page_addr_t phys_page2;
112 virt_page2 = (pc & TARGET_PAGE_MASK) +
114 phys_page2 = get_page_addr_code(env, virt_page2);
115 if (tb->page_addr[1] == phys_page2)
121 ptb1 = &tb->phys_hash_next;
124 /* if no translated code available, then translate it now */
125 tb = tb_gen_code(env, pc, cs_base, flags, 0);
128 /* Move the last found TB to the head of the list */
130 *ptb1 = tb->phys_hash_next;
131 tb->phys_hash_next = tb_phys_hash[h];
132 tb_phys_hash[h] = tb;
134 /* we add the TB in the virtual pc hash table */
135 env->tb_jmp_cache[tb_jmp_cache_hash_func(pc)] = tb;
139 static inline TranslationBlock *tb_find_fast(CPUArchState *env)
141 TranslationBlock *tb;
142 target_ulong cs_base, pc;
145 /* we record a subset of the CPU state. It will
146 always be the same before a given translated block
148 cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
149 tb = env->tb_jmp_cache[tb_jmp_cache_hash_func(pc)];
150 if (unlikely(!tb || tb->pc != pc || tb->cs_base != cs_base ||
151 tb->flags != flags)) {
152 tb = tb_find_slow(env, pc, cs_base, flags);
157 static CPUDebugExcpHandler *debug_excp_handler;
159 void cpu_set_debug_excp_handler(CPUDebugExcpHandler *handler)
161 debug_excp_handler = handler;
164 static void cpu_handle_debug_exception(CPUArchState *env)
168 if (!env->watchpoint_hit) {
169 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
170 wp->flags &= ~BP_WATCHPOINT_HIT;
173 if (debug_excp_handler) {
174 debug_excp_handler(env);
178 /* main execution loop */
180 volatile sig_atomic_t exit_request;
182 int cpu_exec(CPUArchState *env)
184 CPUState *cpu = ENV_GET_CPU(env);
185 int ret, interrupt_request;
186 TranslationBlock *tb;
188 tcg_target_ulong next_tb;
191 if (!cpu_has_work(cpu)) {
198 cpu_single_env = env;
200 if (unlikely(exit_request)) {
201 env->exit_request = 1;
204 #if defined(TARGET_I386)
205 /* put eflags in CPU temporary format */
206 CC_SRC = env->eflags & (CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
207 DF = 1 - (2 * ((env->eflags >> 10) & 1));
208 CC_OP = CC_OP_EFLAGS;
209 env->eflags &= ~(DF_MASK | CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
210 #elif defined(TARGET_SPARC)
211 #elif defined(TARGET_M68K)
212 env->cc_op = CC_OP_FLAGS;
213 env->cc_dest = env->sr & 0xf;
214 env->cc_x = (env->sr >> 4) & 1;
215 #elif defined(TARGET_ALPHA)
216 #elif defined(TARGET_ARM)
217 #elif defined(TARGET_UNICORE32)
218 #elif defined(TARGET_PPC)
219 env->reserve_addr = -1;
220 #elif defined(TARGET_LM32)
221 #elif defined(TARGET_MICROBLAZE)
222 #elif defined(TARGET_MIPS)
223 #elif defined(TARGET_OPENRISC)
224 #elif defined(TARGET_SH4)
225 #elif defined(TARGET_CRIS)
226 #elif defined(TARGET_S390X)
227 #elif defined(TARGET_XTENSA)
230 #error unsupported target CPU
232 env->exception_index = -1;
234 /* prepare setjmp context for exception handling */
236 if (setjmp(env->jmp_env) == 0) {
237 /* if an exception is pending, we execute it here */
238 if (env->exception_index >= 0) {
239 if (env->exception_index >= EXCP_INTERRUPT) {
240 /* exit request from the cpu execution loop */
241 ret = env->exception_index;
242 if (ret == EXCP_DEBUG) {
243 cpu_handle_debug_exception(env);
247 #if defined(CONFIG_USER_ONLY)
248 /* if user mode only, we simulate a fake exception
249 which will be handled outside the cpu execution
251 #if defined(TARGET_I386)
254 ret = env->exception_index;
258 env->exception_index = -1;
263 next_tb = 0; /* force lookup of first TB */
265 interrupt_request = env->interrupt_request;
266 if (unlikely(interrupt_request)) {
267 if (unlikely(env->singlestep_enabled & SSTEP_NOIRQ)) {
268 /* Mask out external interrupts for this step. */
269 interrupt_request &= ~CPU_INTERRUPT_SSTEP_MASK;
271 if (interrupt_request & CPU_INTERRUPT_DEBUG) {
272 env->interrupt_request &= ~CPU_INTERRUPT_DEBUG;
273 env->exception_index = EXCP_DEBUG;
276 #if defined(TARGET_ARM) || defined(TARGET_SPARC) || defined(TARGET_MIPS) || \
277 defined(TARGET_PPC) || defined(TARGET_ALPHA) || defined(TARGET_CRIS) || \
278 defined(TARGET_MICROBLAZE) || defined(TARGET_LM32) || defined(TARGET_UNICORE32)
279 if (interrupt_request & CPU_INTERRUPT_HALT) {
280 env->interrupt_request &= ~CPU_INTERRUPT_HALT;
282 env->exception_index = EXCP_HLT;
286 #if defined(TARGET_I386)
287 #if !defined(CONFIG_USER_ONLY)
288 if (interrupt_request & CPU_INTERRUPT_POLL) {
289 env->interrupt_request &= ~CPU_INTERRUPT_POLL;
290 apic_poll_irq(env->apic_state);
293 if (interrupt_request & CPU_INTERRUPT_INIT) {
294 cpu_svm_check_intercept_param(env, SVM_EXIT_INIT,
296 do_cpu_init(x86_env_get_cpu(env));
297 env->exception_index = EXCP_HALTED;
299 } else if (interrupt_request & CPU_INTERRUPT_SIPI) {
300 do_cpu_sipi(x86_env_get_cpu(env));
301 } else if (env->hflags2 & HF2_GIF_MASK) {
302 if ((interrupt_request & CPU_INTERRUPT_SMI) &&
303 !(env->hflags & HF_SMM_MASK)) {
304 cpu_svm_check_intercept_param(env, SVM_EXIT_SMI,
306 env->interrupt_request &= ~CPU_INTERRUPT_SMI;
309 } else if ((interrupt_request & CPU_INTERRUPT_NMI) &&
310 !(env->hflags2 & HF2_NMI_MASK)) {
311 env->interrupt_request &= ~CPU_INTERRUPT_NMI;
312 env->hflags2 |= HF2_NMI_MASK;
313 do_interrupt_x86_hardirq(env, EXCP02_NMI, 1);
315 } else if (interrupt_request & CPU_INTERRUPT_MCE) {
316 env->interrupt_request &= ~CPU_INTERRUPT_MCE;
317 do_interrupt_x86_hardirq(env, EXCP12_MCHK, 0);
319 } else if ((interrupt_request & CPU_INTERRUPT_HARD) &&
320 (((env->hflags2 & HF2_VINTR_MASK) &&
321 (env->hflags2 & HF2_HIF_MASK)) ||
322 (!(env->hflags2 & HF2_VINTR_MASK) &&
323 (env->eflags & IF_MASK &&
324 !(env->hflags & HF_INHIBIT_IRQ_MASK))))) {
326 cpu_svm_check_intercept_param(env, SVM_EXIT_INTR,
328 env->interrupt_request &= ~(CPU_INTERRUPT_HARD | CPU_INTERRUPT_VIRQ);
329 intno = cpu_get_pic_interrupt(env);
330 qemu_log_mask(CPU_LOG_TB_IN_ASM, "Servicing hardware INT=0x%02x\n", intno);
331 do_interrupt_x86_hardirq(env, intno, 1);
332 /* ensure that no TB jump will be modified as
333 the program flow was changed */
335 #if !defined(CONFIG_USER_ONLY)
336 } else if ((interrupt_request & CPU_INTERRUPT_VIRQ) &&
337 (env->eflags & IF_MASK) &&
338 !(env->hflags & HF_INHIBIT_IRQ_MASK)) {
340 /* FIXME: this should respect TPR */
341 cpu_svm_check_intercept_param(env, SVM_EXIT_VINTR,
343 intno = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.int_vector));
344 qemu_log_mask(CPU_LOG_TB_IN_ASM, "Servicing virtual hardware INT=0x%02x\n", intno);
345 do_interrupt_x86_hardirq(env, intno, 1);
346 env->interrupt_request &= ~CPU_INTERRUPT_VIRQ;
351 #elif defined(TARGET_PPC)
352 if ((interrupt_request & CPU_INTERRUPT_RESET)) {
355 if (interrupt_request & CPU_INTERRUPT_HARD) {
356 ppc_hw_interrupt(env);
357 if (env->pending_interrupts == 0)
358 env->interrupt_request &= ~CPU_INTERRUPT_HARD;
361 #elif defined(TARGET_LM32)
362 if ((interrupt_request & CPU_INTERRUPT_HARD)
363 && (env->ie & IE_IE)) {
364 env->exception_index = EXCP_IRQ;
368 #elif defined(TARGET_MICROBLAZE)
369 if ((interrupt_request & CPU_INTERRUPT_HARD)
370 && (env->sregs[SR_MSR] & MSR_IE)
371 && !(env->sregs[SR_MSR] & (MSR_EIP | MSR_BIP))
372 && !(env->iflags & (D_FLAG | IMM_FLAG))) {
373 env->exception_index = EXCP_IRQ;
377 #elif defined(TARGET_MIPS)
378 if ((interrupt_request & CPU_INTERRUPT_HARD) &&
379 cpu_mips_hw_interrupts_pending(env)) {
381 env->exception_index = EXCP_EXT_INTERRUPT;
386 #elif defined(TARGET_OPENRISC)
389 if ((interrupt_request & CPU_INTERRUPT_HARD)
390 && (env->sr & SR_IEE)) {
393 if ((interrupt_request & CPU_INTERRUPT_TIMER)
394 && (env->sr & SR_TEE)) {
398 env->exception_index = idx;
403 #elif defined(TARGET_SPARC)
404 if (interrupt_request & CPU_INTERRUPT_HARD) {
405 if (cpu_interrupts_enabled(env) &&
406 env->interrupt_index > 0) {
407 int pil = env->interrupt_index & 0xf;
408 int type = env->interrupt_index & 0xf0;
410 if (((type == TT_EXTINT) &&
411 cpu_pil_allowed(env, pil)) ||
413 env->exception_index = env->interrupt_index;
419 #elif defined(TARGET_ARM)
420 if (interrupt_request & CPU_INTERRUPT_FIQ
421 && !(env->uncached_cpsr & CPSR_F)) {
422 env->exception_index = EXCP_FIQ;
426 /* ARMv7-M interrupt return works by loading a magic value
427 into the PC. On real hardware the load causes the
428 return to occur. The qemu implementation performs the
429 jump normally, then does the exception return when the
430 CPU tries to execute code at the magic address.
431 This will cause the magic PC value to be pushed to
432 the stack if an interrupt occurred at the wrong time.
433 We avoid this by disabling interrupts when
434 pc contains a magic address. */
435 if (interrupt_request & CPU_INTERRUPT_HARD
436 && ((IS_M(env) && env->regs[15] < 0xfffffff0)
437 || !(env->uncached_cpsr & CPSR_I))) {
438 env->exception_index = EXCP_IRQ;
442 #elif defined(TARGET_UNICORE32)
443 if (interrupt_request & CPU_INTERRUPT_HARD
444 && !(env->uncached_asr & ASR_I)) {
445 env->exception_index = UC32_EXCP_INTR;
449 #elif defined(TARGET_SH4)
450 if (interrupt_request & CPU_INTERRUPT_HARD) {
454 #elif defined(TARGET_ALPHA)
457 /* ??? This hard-codes the OSF/1 interrupt levels. */
458 switch (env->pal_mode ? 7 : env->ps & PS_INT_MASK) {
460 if (interrupt_request & CPU_INTERRUPT_HARD) {
461 idx = EXCP_DEV_INTERRUPT;
465 if (interrupt_request & CPU_INTERRUPT_TIMER) {
466 idx = EXCP_CLK_INTERRUPT;
470 if (interrupt_request & CPU_INTERRUPT_SMP) {
471 idx = EXCP_SMP_INTERRUPT;
475 if (interrupt_request & CPU_INTERRUPT_MCHK) {
480 env->exception_index = idx;
486 #elif defined(TARGET_CRIS)
487 if (interrupt_request & CPU_INTERRUPT_HARD
488 && (env->pregs[PR_CCS] & I_FLAG)
489 && !env->locked_irq) {
490 env->exception_index = EXCP_IRQ;
494 if (interrupt_request & CPU_INTERRUPT_NMI) {
495 unsigned int m_flag_archval;
496 if (env->pregs[PR_VR] < 32) {
497 m_flag_archval = M_FLAG_V10;
499 m_flag_archval = M_FLAG_V32;
501 if ((env->pregs[PR_CCS] & m_flag_archval)) {
502 env->exception_index = EXCP_NMI;
507 #elif defined(TARGET_M68K)
508 if (interrupt_request & CPU_INTERRUPT_HARD
509 && ((env->sr & SR_I) >> SR_I_SHIFT)
510 < env->pending_level) {
511 /* Real hardware gets the interrupt vector via an
512 IACK cycle at this point. Current emulated
513 hardware doesn't rely on this, so we
514 provide/save the vector when the interrupt is
516 env->exception_index = env->pending_vector;
517 do_interrupt_m68k_hardirq(env);
520 #elif defined(TARGET_S390X) && !defined(CONFIG_USER_ONLY)
521 if ((interrupt_request & CPU_INTERRUPT_HARD) &&
522 (env->psw.mask & PSW_MASK_EXT)) {
526 #elif defined(TARGET_XTENSA)
527 if (interrupt_request & CPU_INTERRUPT_HARD) {
528 env->exception_index = EXC_IRQ;
533 /* Don't use the cached interrupt_request value,
534 do_interrupt may have updated the EXITTB flag. */
535 if (env->interrupt_request & CPU_INTERRUPT_EXITTB) {
536 env->interrupt_request &= ~CPU_INTERRUPT_EXITTB;
537 /* ensure that no TB jump will be modified as
538 the program flow was changed */
542 if (unlikely(env->exit_request)) {
543 env->exit_request = 0;
544 env->exception_index = EXCP_INTERRUPT;
547 #if defined(DEBUG_DISAS) || defined(CONFIG_DEBUG_EXEC)
548 if (qemu_loglevel_mask(CPU_LOG_TB_CPU)) {
549 /* restore flags in standard format */
550 #if defined(TARGET_I386)
551 env->eflags = env->eflags | cpu_cc_compute_all(env, CC_OP)
553 log_cpu_state(env, CPU_DUMP_CCOP);
554 env->eflags &= ~(DF_MASK | CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
555 #elif defined(TARGET_M68K)
556 cpu_m68k_flush_flags(env, env->cc_op);
557 env->cc_op = CC_OP_FLAGS;
558 env->sr = (env->sr & 0xffe0)
559 | env->cc_dest | (env->cc_x << 4);
560 log_cpu_state(env, 0);
562 log_cpu_state(env, 0);
565 #endif /* DEBUG_DISAS || CONFIG_DEBUG_EXEC */
567 tb = tb_find_fast(env);
568 /* Note: we do it here to avoid a gcc bug on Mac OS X when
569 doing it in tb_find_slow */
570 if (tb_invalidated_flag) {
571 /* as some TB could have been invalidated because
572 of memory exceptions while generating the code, we
573 must recompute the hash index here */
575 tb_invalidated_flag = 0;
577 #ifdef CONFIG_DEBUG_EXEC
578 qemu_log_mask(CPU_LOG_EXEC, "Trace %p [" TARGET_FMT_lx "] %s\n",
580 lookup_symbol(tb->pc));
582 /* see if we can patch the calling TB. When the TB
583 spans two pages, we cannot safely do a direct
585 if (next_tb != 0 && tb->page_addr[1] == -1) {
586 tb_add_jump((TranslationBlock *)(next_tb & ~3), next_tb & 3, tb);
588 spin_unlock(&tb_lock);
590 /* cpu_interrupt might be called while translating the
591 TB, but before it is linked into a potentially
592 infinite loop and becomes env->current_tb. Avoid
593 starting execution if there is a pending interrupt. */
594 env->current_tb = tb;
596 if (likely(!env->exit_request)) {
598 /* execute the generated code */
599 next_tb = tcg_qemu_tb_exec(env, tc_ptr);
600 if ((next_tb & 3) == 2) {
601 /* Instruction counter expired. */
603 tb = (TranslationBlock *)(next_tb & ~3);
605 cpu_pc_from_tb(env, tb);
606 insns_left = env->icount_decr.u32;
607 if (env->icount_extra && insns_left >= 0) {
608 /* Refill decrementer and continue execution. */
609 env->icount_extra += insns_left;
610 if (env->icount_extra > 0xffff) {
613 insns_left = env->icount_extra;
615 env->icount_extra -= insns_left;
616 env->icount_decr.u16.low = insns_left;
618 if (insns_left > 0) {
619 /* Execute remaining instructions. */
620 cpu_exec_nocache(env, insns_left, tb);
622 env->exception_index = EXCP_INTERRUPT;
628 env->current_tb = NULL;
629 /* reset soft MMU for next block (it can currently
630 only be set by a memory fault) */
633 /* Reload env after longjmp - the compiler may have smashed all
634 * local variables as longjmp is marked 'noreturn'. */
635 env = cpu_single_env;
640 #if defined(TARGET_I386)
641 /* restore flags in standard format */
642 env->eflags = env->eflags | cpu_cc_compute_all(env, CC_OP)
644 #elif defined(TARGET_ARM)
645 /* XXX: Save/restore host fpu exception state?. */
646 #elif defined(TARGET_UNICORE32)
647 #elif defined(TARGET_SPARC)
648 #elif defined(TARGET_PPC)
649 #elif defined(TARGET_LM32)
650 #elif defined(TARGET_M68K)
651 cpu_m68k_flush_flags(env, env->cc_op);
652 env->cc_op = CC_OP_FLAGS;
653 env->sr = (env->sr & 0xffe0)
654 | env->cc_dest | (env->cc_x << 4);
655 #elif defined(TARGET_MICROBLAZE)
656 #elif defined(TARGET_MIPS)
657 #elif defined(TARGET_OPENRISC)
658 #elif defined(TARGET_SH4)
659 #elif defined(TARGET_ALPHA)
660 #elif defined(TARGET_CRIS)
661 #elif defined(TARGET_S390X)
662 #elif defined(TARGET_XTENSA)
665 #error unsupported target CPU
668 /* fail safe : never use cpu_single_env outside cpu_exec() */
669 cpu_single_env = NULL;
projects / qemu.git / blob