4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
22 #include <sys/types.h>
33 #include "qemu-common.h"
34 #define NO_CPU_IO_DEFS
36 #include "disas/disas.h"
38 #if defined(CONFIG_USER_ONLY)
40 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41 #include <sys/param.h>
42 #if __FreeBSD_version >= 700104
43 #define HAVE_KINFO_GETVMMAP
44 #define sigqueue sigqueue_freebsd /* avoid redefinition */
47 #include <machine/profile.h>
56 #include "exec/address-spaces.h"
59 #include "exec/cputlb.h"
60 #include "translate-all.h"
61 #include "qemu/timer.h"
63 //#define DEBUG_TB_INVALIDATE
65 /* make various TB consistency checks */
66 //#define DEBUG_TB_CHECK
68 #if !defined(CONFIG_USER_ONLY)
69 /* TB consistency checks only implemented for usermode emulation. */
73 #define SMC_BITMAP_USE_THRESHOLD 10
75 typedef struct PageDesc {
76 /* list of TBs intersecting this ram page */
77 TranslationBlock *first_tb;
78 /* in order to optimize self modifying code, we count the number
79 of lookups we do to a given page to use a bitmap */
80 unsigned int code_write_count;
82 #if defined(CONFIG_USER_ONLY)
87 /* In system mode we want L1_MAP to be based on ram offsets,
88 while in user mode we want it to be based on virtual addresses. */
89 #if !defined(CONFIG_USER_ONLY)
90 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
91 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
93 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
96 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
99 /* Size of the L2 (and L3, etc) page tables. */
101 #define V_L2_SIZE (1 << V_L2_BITS)
103 /* The bits remaining after N lower levels of page tables. */
104 #define V_L1_BITS_REM \
105 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % V_L2_BITS)
107 #if V_L1_BITS_REM < 4
108 #define V_L1_BITS (V_L1_BITS_REM + V_L2_BITS)
110 #define V_L1_BITS V_L1_BITS_REM
113 #define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
115 #define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
117 uintptr_t qemu_real_host_page_size;
118 uintptr_t qemu_host_page_size;
119 uintptr_t qemu_host_page_mask;
121 /* This is a multi-level map on the virtual address space.
122 The bottom level has pointers to PageDesc. */
123 static void *l1_map[V_L1_SIZE];
125 /* code generation context */
128 static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
129 tb_page_addr_t phys_page2);
130 static TranslationBlock *tb_find_pc(uintptr_t tc_ptr);
132 void cpu_gen_init(void)
134 tcg_context_init(&tcg_ctx);
137 /* return non zero if the very first instruction is invalid so that
138 the virtual CPU can trigger an exception.
140 '*gen_code_size_ptr' contains the size of the generated code (host
143 int cpu_gen_code(CPUArchState *env, TranslationBlock *tb, int *gen_code_size_ptr)
145 TCGContext *s = &tcg_ctx;
146 tcg_insn_unit *gen_code_buf;
148 #ifdef CONFIG_PROFILER
152 #ifdef CONFIG_PROFILER
153 s->tb_count1++; /* includes aborted translations because of
155 ti = profile_getclock();
159 gen_intermediate_code(env, tb);
161 /* generate machine code */
162 gen_code_buf = tb->tc_ptr;
163 tb->tb_next_offset[0] = 0xffff;
164 tb->tb_next_offset[1] = 0xffff;
165 s->tb_next_offset = tb->tb_next_offset;
166 #ifdef USE_DIRECT_JUMP
167 s->tb_jmp_offset = tb->tb_jmp_offset;
170 s->tb_jmp_offset = NULL;
171 s->tb_next = tb->tb_next;
174 #ifdef CONFIG_PROFILER
176 s->interm_time += profile_getclock() - ti;
177 s->code_time -= profile_getclock();
179 gen_code_size = tcg_gen_code(s, gen_code_buf);
180 *gen_code_size_ptr = gen_code_size;
181 #ifdef CONFIG_PROFILER
182 s->code_time += profile_getclock();
183 s->code_in_len += tb->size;
184 s->code_out_len += gen_code_size;
188 if (qemu_loglevel_mask(CPU_LOG_TB_OUT_ASM)) {
189 qemu_log("OUT: [size=%d]\n", gen_code_size);
190 log_disas(tb->tc_ptr, gen_code_size);
198 /* The cpu state corresponding to 'searched_pc' is restored.
200 static int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
201 uintptr_t searched_pc)
203 CPUArchState *env = cpu->env_ptr;
204 TCGContext *s = &tcg_ctx;
207 #ifdef CONFIG_PROFILER
211 #ifdef CONFIG_PROFILER
212 ti = profile_getclock();
216 gen_intermediate_code_pc(env, tb);
219 /* Reset the cycle counter to the start of the block. */
220 cpu->icount_decr.u16.low += tb->icount;
221 /* Clear the IO flag. */
225 /* find opc index corresponding to search_pc */
226 tc_ptr = (uintptr_t)tb->tc_ptr;
227 if (searched_pc < tc_ptr)
230 s->tb_next_offset = tb->tb_next_offset;
231 #ifdef USE_DIRECT_JUMP
232 s->tb_jmp_offset = tb->tb_jmp_offset;
235 s->tb_jmp_offset = NULL;
236 s->tb_next = tb->tb_next;
238 j = tcg_gen_code_search_pc(s, (tcg_insn_unit *)tc_ptr,
239 searched_pc - tc_ptr);
242 /* now find start of instruction before */
243 while (s->gen_opc_instr_start[j] == 0) {
246 cpu->icount_decr.u16.low -= s->gen_opc_icount[j];
248 restore_state_to_opc(env, tb, j);
250 #ifdef CONFIG_PROFILER
251 s->restore_time += profile_getclock() - ti;
257 bool cpu_restore_state(CPUState *cpu, uintptr_t retaddr)
259 TranslationBlock *tb;
261 tb = tb_find_pc(retaddr);
263 cpu_restore_state_from_tb(cpu, tb, retaddr);
270 static inline void map_exec(void *addr, long size)
273 VirtualProtect(addr, size,
274 PAGE_EXECUTE_READWRITE, &old_protect);
277 static inline void map_exec(void *addr, long size)
279 unsigned long start, end, page_size;
281 page_size = getpagesize();
282 start = (unsigned long)addr;
283 start &= ~(page_size - 1);
285 end = (unsigned long)addr + size;
286 end += page_size - 1;
287 end &= ~(page_size - 1);
289 mprotect((void *)start, end - start,
290 PROT_READ | PROT_WRITE | PROT_EXEC);
294 void page_size_init(void)
296 /* NOTE: we can always suppose that qemu_host_page_size >=
299 SYSTEM_INFO system_info;
301 GetSystemInfo(&system_info);
302 qemu_real_host_page_size = system_info.dwPageSize;
304 qemu_real_host_page_size = getpagesize();
306 if (qemu_host_page_size == 0) {
307 qemu_host_page_size = qemu_real_host_page_size;
309 if (qemu_host_page_size < TARGET_PAGE_SIZE) {
310 qemu_host_page_size = TARGET_PAGE_SIZE;
312 qemu_host_page_mask = ~(qemu_host_page_size - 1);
315 static void page_init(void)
318 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
320 #ifdef HAVE_KINFO_GETVMMAP
321 struct kinfo_vmentry *freep;
324 freep = kinfo_getvmmap(getpid(), &cnt);
327 for (i = 0; i < cnt; i++) {
328 unsigned long startaddr, endaddr;
330 startaddr = freep[i].kve_start;
331 endaddr = freep[i].kve_end;
332 if (h2g_valid(startaddr)) {
333 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
335 if (h2g_valid(endaddr)) {
336 endaddr = h2g(endaddr);
337 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
339 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
341 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
352 last_brk = (unsigned long)sbrk(0);
354 f = fopen("/compat/linux/proc/self/maps", "r");
359 unsigned long startaddr, endaddr;
362 n = fscanf(f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
364 if (n == 2 && h2g_valid(startaddr)) {
365 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
367 if (h2g_valid(endaddr)) {
368 endaddr = h2g(endaddr);
372 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
384 static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
390 #if defined(CONFIG_USER_ONLY)
391 /* We can't use g_malloc because it may recurse into a locked mutex. */
392 # define ALLOC(P, SIZE) \
394 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
395 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
398 # define ALLOC(P, SIZE) \
399 do { P = g_malloc0(SIZE); } while (0)
402 /* Level 1. Always allocated. */
403 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
406 for (i = V_L1_SHIFT / V_L2_BITS - 1; i > 0; i--) {
413 ALLOC(p, sizeof(void *) * V_L2_SIZE);
417 lp = p + ((index >> (i * V_L2_BITS)) & (V_L2_SIZE - 1));
425 ALLOC(pd, sizeof(PageDesc) * V_L2_SIZE);
431 return pd + (index & (V_L2_SIZE - 1));
434 static inline PageDesc *page_find(tb_page_addr_t index)
436 return page_find_alloc(index, 0);
439 #if !defined(CONFIG_USER_ONLY)
440 #define mmap_lock() do { } while (0)
441 #define mmap_unlock() do { } while (0)
444 #if defined(CONFIG_USER_ONLY)
445 /* Currently it is not recommended to allocate big chunks of data in
446 user mode. It will change when a dedicated libc will be used. */
447 /* ??? 64-bit hosts ought to have no problem mmaping data outside the
448 region in which the guest needs to run. Revisit this. */
449 #define USE_STATIC_CODE_GEN_BUFFER
452 /* ??? Should configure for this, not list operating systems here. */
453 #if (defined(__linux__) \
454 || defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
455 || defined(__DragonFly__) || defined(__OpenBSD__) \
456 || defined(__NetBSD__))
460 /* Minimum size of the code gen buffer. This number is randomly chosen,
461 but not so small that we can't have a fair number of TB's live. */
462 #define MIN_CODE_GEN_BUFFER_SIZE (1024u * 1024)
464 /* Maximum size of the code gen buffer we'd like to use. Unless otherwise
465 indicated, this is constrained by the range of direct branches on the
466 host cpu, as used by the TCG implementation of goto_tb. */
467 #if defined(__x86_64__)
468 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
469 #elif defined(__sparc__)
470 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
471 #elif defined(__aarch64__)
472 # define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024)
473 #elif defined(__arm__)
474 # define MAX_CODE_GEN_BUFFER_SIZE (16u * 1024 * 1024)
475 #elif defined(__s390x__)
476 /* We have a +- 4GB range on the branches; leave some slop. */
477 # define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024)
479 # define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
482 #define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)
484 #define DEFAULT_CODE_GEN_BUFFER_SIZE \
485 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
486 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)
488 static inline size_t size_code_gen_buffer(size_t tb_size)
490 /* Size the buffer. */
492 #ifdef USE_STATIC_CODE_GEN_BUFFER
493 tb_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
495 /* ??? Needs adjustments. */
496 /* ??? If we relax the requirement that CONFIG_USER_ONLY use the
497 static buffer, we could size this on RESERVED_VA, on the text
498 segment size of the executable, or continue to use the default. */
499 tb_size = (unsigned long)(ram_size / 4);
502 if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) {
503 tb_size = MIN_CODE_GEN_BUFFER_SIZE;
505 if (tb_size > MAX_CODE_GEN_BUFFER_SIZE) {
506 tb_size = MAX_CODE_GEN_BUFFER_SIZE;
508 tcg_ctx.code_gen_buffer_size = tb_size;
512 #ifdef USE_STATIC_CODE_GEN_BUFFER
513 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
514 __attribute__((aligned(CODE_GEN_ALIGN)));
516 static inline void *alloc_code_gen_buffer(void)
518 map_exec(static_code_gen_buffer, tcg_ctx.code_gen_buffer_size);
519 return static_code_gen_buffer;
521 #elif defined(USE_MMAP)
522 static inline void *alloc_code_gen_buffer(void)
524 int flags = MAP_PRIVATE | MAP_ANONYMOUS;
528 /* Constrain the position of the buffer based on the host cpu.
529 Note that these addresses are chosen in concert with the
530 addresses assigned in the relevant linker script file. */
531 # if defined(__PIE__) || defined(__PIC__)
532 /* Don't bother setting a preferred location if we're building
533 a position-independent executable. We're more likely to get
534 an address near the main executable if we let the kernel
535 choose the address. */
536 # elif defined(__x86_64__) && defined(MAP_32BIT)
537 /* Force the memory down into low memory with the executable.
538 Leave the choice of exact location with the kernel. */
540 /* Cannot expect to map more than 800MB in low memory. */
541 if (tcg_ctx.code_gen_buffer_size > 800u * 1024 * 1024) {
542 tcg_ctx.code_gen_buffer_size = 800u * 1024 * 1024;
544 # elif defined(__sparc__)
545 start = 0x40000000ul;
546 # elif defined(__s390x__)
547 start = 0x90000000ul;
550 buf = mmap((void *)start, tcg_ctx.code_gen_buffer_size,
551 PROT_WRITE | PROT_READ | PROT_EXEC, flags, -1, 0);
552 return buf == MAP_FAILED ? NULL : buf;
555 static inline void *alloc_code_gen_buffer(void)
557 void *buf = g_malloc(tcg_ctx.code_gen_buffer_size);
560 map_exec(buf, tcg_ctx.code_gen_buffer_size);
564 #endif /* USE_STATIC_CODE_GEN_BUFFER, USE_MMAP */
566 static inline void code_gen_alloc(size_t tb_size)
568 tcg_ctx.code_gen_buffer_size = size_code_gen_buffer(tb_size);
569 tcg_ctx.code_gen_buffer = alloc_code_gen_buffer();
570 if (tcg_ctx.code_gen_buffer == NULL) {
571 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
575 qemu_madvise(tcg_ctx.code_gen_buffer, tcg_ctx.code_gen_buffer_size,
578 /* Steal room for the prologue at the end of the buffer. This ensures
579 (via the MAX_CODE_GEN_BUFFER_SIZE limits above) that direct branches
580 from TB's to the prologue are going to be in range. It also means
581 that we don't need to mark (additional) portions of the data segment
583 tcg_ctx.code_gen_prologue = tcg_ctx.code_gen_buffer +
584 tcg_ctx.code_gen_buffer_size - 1024;
585 tcg_ctx.code_gen_buffer_size -= 1024;
587 tcg_ctx.code_gen_buffer_max_size = tcg_ctx.code_gen_buffer_size -
588 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
589 tcg_ctx.code_gen_max_blocks = tcg_ctx.code_gen_buffer_size /
590 CODE_GEN_AVG_BLOCK_SIZE;
592 g_malloc(tcg_ctx.code_gen_max_blocks * sizeof(TranslationBlock));
595 /* Must be called before using the QEMU cpus. 'tb_size' is the size
596 (in bytes) allocated to the translation buffer. Zero means default
598 void tcg_exec_init(unsigned long tb_size)
601 code_gen_alloc(tb_size);
602 tcg_ctx.code_gen_ptr = tcg_ctx.code_gen_buffer;
603 tcg_register_jit(tcg_ctx.code_gen_buffer, tcg_ctx.code_gen_buffer_size);
605 #if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
606 /* There's no guest base to take into account, so go ahead and
607 initialize the prologue now. */
608 tcg_prologue_init(&tcg_ctx);
612 bool tcg_enabled(void)
614 return tcg_ctx.code_gen_buffer != NULL;
617 /* Allocate a new translation block. Flush the translation buffer if
618 too many translation blocks or too much generated code. */
619 static TranslationBlock *tb_alloc(target_ulong pc)
621 TranslationBlock *tb;
623 if (tcg_ctx.tb_ctx.nb_tbs >= tcg_ctx.code_gen_max_blocks ||
624 (tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer) >=
625 tcg_ctx.code_gen_buffer_max_size) {
628 tb = &tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs++];
634 void tb_free(TranslationBlock *tb)
636 /* In practice this is mostly used for single use temporary TB
637 Ignore the hard cases and just back up if this TB happens to
638 be the last one generated. */
639 if (tcg_ctx.tb_ctx.nb_tbs > 0 &&
640 tb == &tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs - 1]) {
641 tcg_ctx.code_gen_ptr = tb->tc_ptr;
642 tcg_ctx.tb_ctx.nb_tbs--;
646 static inline void invalidate_page_bitmap(PageDesc *p)
648 if (p->code_bitmap) {
649 g_free(p->code_bitmap);
650 p->code_bitmap = NULL;
652 p->code_write_count = 0;
655 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
656 static void page_flush_tb_1(int level, void **lp)
666 for (i = 0; i < V_L2_SIZE; ++i) {
667 pd[i].first_tb = NULL;
668 invalidate_page_bitmap(pd + i);
673 for (i = 0; i < V_L2_SIZE; ++i) {
674 page_flush_tb_1(level - 1, pp + i);
679 static void page_flush_tb(void)
683 for (i = 0; i < V_L1_SIZE; i++) {
684 page_flush_tb_1(V_L1_SHIFT / V_L2_BITS - 1, l1_map + i);
688 /* flush all the translation blocks */
689 /* XXX: tb_flush is currently not thread safe */
690 void tb_flush(CPUArchState *env1)
692 CPUState *cpu = ENV_GET_CPU(env1);
694 #if defined(DEBUG_FLUSH)
695 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
696 (unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer),
697 tcg_ctx.tb_ctx.nb_tbs, tcg_ctx.tb_ctx.nb_tbs > 0 ?
698 ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)) /
699 tcg_ctx.tb_ctx.nb_tbs : 0);
701 if ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)
702 > tcg_ctx.code_gen_buffer_size) {
703 cpu_abort(cpu, "Internal error: code buffer overflow\n");
705 tcg_ctx.tb_ctx.nb_tbs = 0;
708 memset(cpu->tb_jmp_cache, 0, sizeof(cpu->tb_jmp_cache));
711 memset(tcg_ctx.tb_ctx.tb_phys_hash, 0, sizeof(tcg_ctx.tb_ctx.tb_phys_hash));
714 tcg_ctx.code_gen_ptr = tcg_ctx.code_gen_buffer;
715 /* XXX: flush processor icache at this point if cache flush is
717 tcg_ctx.tb_ctx.tb_flush_count++;
720 #ifdef DEBUG_TB_CHECK
722 static void tb_invalidate_check(target_ulong address)
724 TranslationBlock *tb;
727 address &= TARGET_PAGE_MASK;
728 for (i = 0; i < CODE_GEN_PHYS_HASH_SIZE; i++) {
729 for (tb = tb_ctx.tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
730 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
731 address >= tb->pc + tb->size)) {
732 printf("ERROR invalidate: address=" TARGET_FMT_lx
733 " PC=%08lx size=%04x\n",
734 address, (long)tb->pc, tb->size);
740 /* verify that all the pages have correct rights for code */
741 static void tb_page_check(void)
743 TranslationBlock *tb;
744 int i, flags1, flags2;
746 for (i = 0; i < CODE_GEN_PHYS_HASH_SIZE; i++) {
747 for (tb = tcg_ctx.tb_ctx.tb_phys_hash[i]; tb != NULL;
748 tb = tb->phys_hash_next) {
749 flags1 = page_get_flags(tb->pc);
750 flags2 = page_get_flags(tb->pc + tb->size - 1);
751 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
752 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
753 (long)tb->pc, tb->size, flags1, flags2);
761 static inline void tb_hash_remove(TranslationBlock **ptb, TranslationBlock *tb)
763 TranslationBlock *tb1;
768 *ptb = tb1->phys_hash_next;
771 ptb = &tb1->phys_hash_next;
775 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
777 TranslationBlock *tb1;
782 n1 = (uintptr_t)tb1 & 3;
783 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
785 *ptb = tb1->page_next[n1];
788 ptb = &tb1->page_next[n1];
792 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
794 TranslationBlock *tb1, **ptb;
797 ptb = &tb->jmp_next[n];
800 /* find tb(n) in circular list */
803 n1 = (uintptr_t)tb1 & 3;
804 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
805 if (n1 == n && tb1 == tb) {
809 ptb = &tb1->jmp_first;
811 ptb = &tb1->jmp_next[n1];
814 /* now we can suppress tb(n) from the list */
815 *ptb = tb->jmp_next[n];
817 tb->jmp_next[n] = NULL;
821 /* reset the jump entry 'n' of a TB so that it is not chained to
823 static inline void tb_reset_jump(TranslationBlock *tb, int n)
825 tb_set_jmp_target(tb, n, (uintptr_t)(tb->tc_ptr + tb->tb_next_offset[n]));
828 /* invalidate one TB */
829 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
834 tb_page_addr_t phys_pc;
835 TranslationBlock *tb1, *tb2;
837 /* remove the TB from the hash list */
838 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
839 h = tb_phys_hash_func(phys_pc);
840 tb_hash_remove(&tcg_ctx.tb_ctx.tb_phys_hash[h], tb);
842 /* remove the TB from the page list */
843 if (tb->page_addr[0] != page_addr) {
844 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
845 tb_page_remove(&p->first_tb, tb);
846 invalidate_page_bitmap(p);
848 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
849 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
850 tb_page_remove(&p->first_tb, tb);
851 invalidate_page_bitmap(p);
854 tcg_ctx.tb_ctx.tb_invalidated_flag = 1;
856 /* remove the TB from the hash list */
857 h = tb_jmp_cache_hash_func(tb->pc);
859 if (cpu->tb_jmp_cache[h] == tb) {
860 cpu->tb_jmp_cache[h] = NULL;
864 /* suppress this TB from the two jump lists */
865 tb_jmp_remove(tb, 0);
866 tb_jmp_remove(tb, 1);
868 /* suppress any remaining jumps to this TB */
871 n1 = (uintptr_t)tb1 & 3;
875 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
876 tb2 = tb1->jmp_next[n1];
877 tb_reset_jump(tb1, n1);
878 tb1->jmp_next[n1] = NULL;
881 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
883 tcg_ctx.tb_ctx.tb_phys_invalidate_count++;
886 static inline void set_bits(uint8_t *tab, int start, int len)
892 mask = 0xff << (start & 7);
893 if ((start & ~7) == (end & ~7)) {
895 mask &= ~(0xff << (end & 7));
900 start = (start + 8) & ~7;
902 while (start < end1) {
907 mask = ~(0xff << (end & 7));
913 static void build_page_bitmap(PageDesc *p)
915 int n, tb_start, tb_end;
916 TranslationBlock *tb;
918 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
922 n = (uintptr_t)tb & 3;
923 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
924 /* NOTE: this is subtle as a TB may span two physical pages */
926 /* NOTE: tb_end may be after the end of the page, but
927 it is not a problem */
928 tb_start = tb->pc & ~TARGET_PAGE_MASK;
929 tb_end = tb_start + tb->size;
930 if (tb_end > TARGET_PAGE_SIZE) {
931 tb_end = TARGET_PAGE_SIZE;
935 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
937 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
938 tb = tb->page_next[n];
942 TranslationBlock *tb_gen_code(CPUState *cpu,
943 target_ulong pc, target_ulong cs_base,
944 int flags, int cflags)
946 CPUArchState *env = cpu->env_ptr;
947 TranslationBlock *tb;
948 tb_page_addr_t phys_pc, phys_page2;
949 target_ulong virt_page2;
952 phys_pc = get_page_addr_code(env, pc);
955 /* flush must be done */
957 /* cannot fail at this point */
959 /* Don't forget to invalidate previous TB info. */
960 tcg_ctx.tb_ctx.tb_invalidated_flag = 1;
962 tb->tc_ptr = tcg_ctx.code_gen_ptr;
963 tb->cs_base = cs_base;
966 cpu_gen_code(env, tb, &code_gen_size);
967 tcg_ctx.code_gen_ptr = (void *)(((uintptr_t)tcg_ctx.code_gen_ptr +
968 code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
970 /* check next page if needed */
971 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
973 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
974 phys_page2 = get_page_addr_code(env, virt_page2);
976 tb_link_page(tb, phys_pc, phys_page2);
981 * Invalidate all TBs which intersect with the target physical address range
982 * [start;end[. NOTE: start and end may refer to *different* physical pages.
983 * 'is_cpu_write_access' should be true if called from a real cpu write
984 * access: the virtual CPU will exit the current TB if code is modified inside
987 void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end,
988 int is_cpu_write_access)
990 while (start < end) {
991 tb_invalidate_phys_page_range(start, end, is_cpu_write_access);
992 start &= TARGET_PAGE_MASK;
993 start += TARGET_PAGE_SIZE;
998 * Invalidate all TBs which intersect with the target physical address range
999 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1000 * 'is_cpu_write_access' should be true if called from a real cpu write
1001 * access: the virtual CPU will exit the current TB if code is modified inside
1004 void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
1005 int is_cpu_write_access)
1007 TranslationBlock *tb, *tb_next, *saved_tb;
1008 CPUState *cpu = current_cpu;
1009 #if defined(TARGET_HAS_PRECISE_SMC)
1010 CPUArchState *env = NULL;
1012 tb_page_addr_t tb_start, tb_end;
1015 #ifdef TARGET_HAS_PRECISE_SMC
1016 int current_tb_not_found = is_cpu_write_access;
1017 TranslationBlock *current_tb = NULL;
1018 int current_tb_modified = 0;
1019 target_ulong current_pc = 0;
1020 target_ulong current_cs_base = 0;
1021 int current_flags = 0;
1022 #endif /* TARGET_HAS_PRECISE_SMC */
1024 p = page_find(start >> TARGET_PAGE_BITS);
1028 if (!p->code_bitmap &&
1029 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1030 is_cpu_write_access) {
1031 /* build code bitmap */
1032 build_page_bitmap(p);
1034 #if defined(TARGET_HAS_PRECISE_SMC)
1040 /* we remove all the TBs in the range [start, end[ */
1041 /* XXX: see if in some cases it could be faster to invalidate all
1044 while (tb != NULL) {
1045 n = (uintptr_t)tb & 3;
1046 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1047 tb_next = tb->page_next[n];
1048 /* NOTE: this is subtle as a TB may span two physical pages */
1050 /* NOTE: tb_end may be after the end of the page, but
1051 it is not a problem */
1052 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1053 tb_end = tb_start + tb->size;
1055 tb_start = tb->page_addr[1];
1056 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1058 if (!(tb_end <= start || tb_start >= end)) {
1059 #ifdef TARGET_HAS_PRECISE_SMC
1060 if (current_tb_not_found) {
1061 current_tb_not_found = 0;
1063 if (cpu->mem_io_pc) {
1064 /* now we have a real cpu fault */
1065 current_tb = tb_find_pc(cpu->mem_io_pc);
1068 if (current_tb == tb &&
1069 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1070 /* If we are modifying the current TB, we must stop
1071 its execution. We could be more precise by checking
1072 that the modification is after the current PC, but it
1073 would require a specialized function to partially
1074 restore the CPU state */
1076 current_tb_modified = 1;
1077 cpu_restore_state_from_tb(cpu, current_tb, cpu->mem_io_pc);
1078 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1081 #endif /* TARGET_HAS_PRECISE_SMC */
1082 /* we need to do that to handle the case where a signal
1083 occurs while doing tb_phys_invalidate() */
1086 saved_tb = cpu->current_tb;
1087 cpu->current_tb = NULL;
1089 tb_phys_invalidate(tb, -1);
1091 cpu->current_tb = saved_tb;
1092 if (cpu->interrupt_request && cpu->current_tb) {
1093 cpu_interrupt(cpu, cpu->interrupt_request);
1099 #if !defined(CONFIG_USER_ONLY)
1100 /* if no code remaining, no need to continue to use slow writes */
1102 invalidate_page_bitmap(p);
1103 if (is_cpu_write_access) {
1104 tlb_unprotect_code_phys(cpu, start, cpu->mem_io_vaddr);
1108 #ifdef TARGET_HAS_PRECISE_SMC
1109 if (current_tb_modified) {
1110 /* we generate a block containing just the instruction
1111 modifying the memory. It will ensure that it cannot modify
1113 cpu->current_tb = NULL;
1114 tb_gen_code(cpu, current_pc, current_cs_base, current_flags, 1);
1115 cpu_resume_from_signal(cpu, NULL);
1120 /* len must be <= 8 and start must be a multiple of len */
1121 void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1128 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1129 cpu_single_env->mem_io_vaddr, len,
1130 cpu_single_env->eip,
1131 cpu_single_env->eip +
1132 (intptr_t)cpu_single_env->segs[R_CS].base);
1135 p = page_find(start >> TARGET_PAGE_BITS);
1139 if (p->code_bitmap) {
1140 offset = start & ~TARGET_PAGE_MASK;
1141 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1142 if (b & ((1 << len) - 1)) {
1147 tb_invalidate_phys_page_range(start, start + len, 1);
1151 #if !defined(CONFIG_SOFTMMU)
1152 static void tb_invalidate_phys_page(tb_page_addr_t addr,
1153 uintptr_t pc, void *puc,
1156 TranslationBlock *tb;
1159 #ifdef TARGET_HAS_PRECISE_SMC
1160 TranslationBlock *current_tb = NULL;
1161 CPUState *cpu = current_cpu;
1162 CPUArchState *env = NULL;
1163 int current_tb_modified = 0;
1164 target_ulong current_pc = 0;
1165 target_ulong current_cs_base = 0;
1166 int current_flags = 0;
1169 addr &= TARGET_PAGE_MASK;
1170 p = page_find(addr >> TARGET_PAGE_BITS);
1175 #ifdef TARGET_HAS_PRECISE_SMC
1176 if (tb && pc != 0) {
1177 current_tb = tb_find_pc(pc);
1183 while (tb != NULL) {
1184 n = (uintptr_t)tb & 3;
1185 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1186 #ifdef TARGET_HAS_PRECISE_SMC
1187 if (current_tb == tb &&
1188 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1189 /* If we are modifying the current TB, we must stop
1190 its execution. We could be more precise by checking
1191 that the modification is after the current PC, but it
1192 would require a specialized function to partially
1193 restore the CPU state */
1195 current_tb_modified = 1;
1196 cpu_restore_state_from_tb(cpu, current_tb, pc);
1197 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1200 #endif /* TARGET_HAS_PRECISE_SMC */
1201 tb_phys_invalidate(tb, addr);
1202 tb = tb->page_next[n];
1205 #ifdef TARGET_HAS_PRECISE_SMC
1206 if (current_tb_modified) {
1207 /* we generate a block containing just the instruction
1208 modifying the memory. It will ensure that it cannot modify
1210 cpu->current_tb = NULL;
1211 tb_gen_code(cpu, current_pc, current_cs_base, current_flags, 1);
1215 cpu_resume_from_signal(cpu, puc);
1221 /* add the tb in the target page and protect it if necessary */
1222 static inline void tb_alloc_page(TranslationBlock *tb,
1223 unsigned int n, tb_page_addr_t page_addr)
1226 #ifndef CONFIG_USER_ONLY
1227 bool page_already_protected;
1230 tb->page_addr[n] = page_addr;
1231 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1232 tb->page_next[n] = p->first_tb;
1233 #ifndef CONFIG_USER_ONLY
1234 page_already_protected = p->first_tb != NULL;
1236 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
1237 invalidate_page_bitmap(p);
1239 #if defined(TARGET_HAS_SMC) || 1
1241 #if defined(CONFIG_USER_ONLY)
1242 if (p->flags & PAGE_WRITE) {
1247 /* force the host page as non writable (writes will have a
1248 page fault + mprotect overhead) */
1249 page_addr &= qemu_host_page_mask;
1251 for (addr = page_addr; addr < page_addr + qemu_host_page_size;
1252 addr += TARGET_PAGE_SIZE) {
1254 p2 = page_find(addr >> TARGET_PAGE_BITS);
1259 p2->flags &= ~PAGE_WRITE;
1261 mprotect(g2h(page_addr), qemu_host_page_size,
1262 (prot & PAGE_BITS) & ~PAGE_WRITE);
1263 #ifdef DEBUG_TB_INVALIDATE
1264 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1269 /* if some code is already present, then the pages are already
1270 protected. So we handle the case where only the first TB is
1271 allocated in a physical page */
1272 if (!page_already_protected) {
1273 tlb_protect_code(page_addr);
1277 #endif /* TARGET_HAS_SMC */
1280 /* add a new TB and link it to the physical page tables. phys_page2 is
1281 (-1) to indicate that only one page contains the TB. */
1282 static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
1283 tb_page_addr_t phys_page2)
1286 TranslationBlock **ptb;
1288 /* Grab the mmap lock to stop another thread invalidating this TB
1289 before we are done. */
1291 /* add in the physical hash table */
1292 h = tb_phys_hash_func(phys_pc);
1293 ptb = &tcg_ctx.tb_ctx.tb_phys_hash[h];
1294 tb->phys_hash_next = *ptb;
1297 /* add in the page list */
1298 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1299 if (phys_page2 != -1) {
1300 tb_alloc_page(tb, 1, phys_page2);
1302 tb->page_addr[1] = -1;
1305 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2);
1306 tb->jmp_next[0] = NULL;
1307 tb->jmp_next[1] = NULL;
1309 /* init original jump addresses */
1310 if (tb->tb_next_offset[0] != 0xffff) {
1311 tb_reset_jump(tb, 0);
1313 if (tb->tb_next_offset[1] != 0xffff) {
1314 tb_reset_jump(tb, 1);
1317 #ifdef DEBUG_TB_CHECK
1323 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1324 tb[1].tc_ptr. Return NULL if not found */
1325 static TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
1327 int m_min, m_max, m;
1329 TranslationBlock *tb;
1331 if (tcg_ctx.tb_ctx.nb_tbs <= 0) {
1334 if (tc_ptr < (uintptr_t)tcg_ctx.code_gen_buffer ||
1335 tc_ptr >= (uintptr_t)tcg_ctx.code_gen_ptr) {
1338 /* binary search (cf Knuth) */
1340 m_max = tcg_ctx.tb_ctx.nb_tbs - 1;
1341 while (m_min <= m_max) {
1342 m = (m_min + m_max) >> 1;
1343 tb = &tcg_ctx.tb_ctx.tbs[m];
1344 v = (uintptr_t)tb->tc_ptr;
1347 } else if (tc_ptr < v) {
1353 return &tcg_ctx.tb_ctx.tbs[m_max];
1356 #if defined(TARGET_HAS_ICE) && !defined(CONFIG_USER_ONLY)
1357 void tb_invalidate_phys_addr(AddressSpace *as, hwaddr addr)
1359 ram_addr_t ram_addr;
1363 mr = address_space_translate(as, addr, &addr, &l, false);
1364 if (!(memory_region_is_ram(mr)
1365 || memory_region_is_romd(mr))) {
1368 ram_addr = (memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK)
1370 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1372 #endif /* TARGET_HAS_ICE && !defined(CONFIG_USER_ONLY) */
1374 void tb_check_watchpoint(CPUState *cpu)
1376 TranslationBlock *tb;
1378 tb = tb_find_pc(cpu->mem_io_pc);
1380 cpu_abort(cpu, "check_watchpoint: could not find TB for pc=%p",
1381 (void *)cpu->mem_io_pc);
1383 cpu_restore_state_from_tb(cpu, tb, cpu->mem_io_pc);
1384 tb_phys_invalidate(tb, -1);
1387 #ifndef CONFIG_USER_ONLY
1388 /* mask must never be zero, except for A20 change call */
1389 static void tcg_handle_interrupt(CPUState *cpu, int mask)
1393 old_mask = cpu->interrupt_request;
1394 cpu->interrupt_request |= mask;
1397 * If called from iothread context, wake the target cpu in
1400 if (!qemu_cpu_is_self(cpu)) {
1406 cpu->icount_decr.u16.high = 0xffff;
1407 if (!cpu_can_do_io(cpu)
1408 && (mask & ~old_mask) != 0) {
1409 cpu_abort(cpu, "Raised interrupt while not in I/O function");
1412 cpu->tcg_exit_req = 1;
1416 CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1418 /* in deterministic execution mode, instructions doing device I/Os
1419 must be at the end of the TB */
1420 void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
1422 #if defined(TARGET_MIPS) || defined(TARGET_SH4)
1423 CPUArchState *env = cpu->env_ptr;
1425 TranslationBlock *tb;
1427 target_ulong pc, cs_base;
1430 tb = tb_find_pc(retaddr);
1432 cpu_abort(cpu, "cpu_io_recompile: could not find TB for pc=%p",
1435 n = cpu->icount_decr.u16.low + tb->icount;
1436 cpu_restore_state_from_tb(cpu, tb, retaddr);
1437 /* Calculate how many instructions had been executed before the fault
1439 n = n - cpu->icount_decr.u16.low;
1440 /* Generate a new TB ending on the I/O insn. */
1442 /* On MIPS and SH, delay slot instructions can only be restarted if
1443 they were already the first instruction in the TB. If this is not
1444 the first instruction in a TB then re-execute the preceding
1446 #if defined(TARGET_MIPS)
1447 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
1448 env->active_tc.PC -= 4;
1449 cpu->icount_decr.u16.low++;
1450 env->hflags &= ~MIPS_HFLAG_BMASK;
1452 #elif defined(TARGET_SH4)
1453 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
1456 cpu->icount_decr.u16.low++;
1457 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
1460 /* This should never happen. */
1461 if (n > CF_COUNT_MASK) {
1462 cpu_abort(cpu, "TB too big during recompile");
1465 cflags = n | CF_LAST_IO;
1467 cs_base = tb->cs_base;
1469 tb_phys_invalidate(tb, -1);
1470 /* FIXME: In theory this could raise an exception. In practice
1471 we have already translated the block once so it's probably ok. */
1472 tb_gen_code(cpu, pc, cs_base, flags, cflags);
1473 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
1474 the first in the TB) then we end up generating a whole new TB and
1475 repeating the fault, which is horribly inefficient.
1476 Better would be to execute just this insn uncached, or generate a
1478 cpu_resume_from_signal(cpu, NULL);
1481 void tb_flush_jmp_cache(CPUState *cpu, target_ulong addr)
1485 /* Discard jump cache entries for any tb which might potentially
1486 overlap the flushed page. */
1487 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1488 memset(&cpu->tb_jmp_cache[i], 0,
1489 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1491 i = tb_jmp_cache_hash_page(addr);
1492 memset(&cpu->tb_jmp_cache[i], 0,
1493 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1496 void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
1498 int i, target_code_size, max_target_code_size;
1499 int direct_jmp_count, direct_jmp2_count, cross_page;
1500 TranslationBlock *tb;
1502 target_code_size = 0;
1503 max_target_code_size = 0;
1505 direct_jmp_count = 0;
1506 direct_jmp2_count = 0;
1507 for (i = 0; i < tcg_ctx.tb_ctx.nb_tbs; i++) {
1508 tb = &tcg_ctx.tb_ctx.tbs[i];
1509 target_code_size += tb->size;
1510 if (tb->size > max_target_code_size) {
1511 max_target_code_size = tb->size;
1513 if (tb->page_addr[1] != -1) {
1516 if (tb->tb_next_offset[0] != 0xffff) {
1518 if (tb->tb_next_offset[1] != 0xffff) {
1519 direct_jmp2_count++;
1523 /* XXX: avoid using doubles ? */
1524 cpu_fprintf(f, "Translation buffer state:\n");
1525 cpu_fprintf(f, "gen code size %td/%zd\n",
1526 tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer,
1527 tcg_ctx.code_gen_buffer_max_size);
1528 cpu_fprintf(f, "TB count %d/%d\n",
1529 tcg_ctx.tb_ctx.nb_tbs, tcg_ctx.code_gen_max_blocks);
1530 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
1531 tcg_ctx.tb_ctx.nb_tbs ? target_code_size /
1532 tcg_ctx.tb_ctx.nb_tbs : 0,
1533 max_target_code_size);
1534 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
1535 tcg_ctx.tb_ctx.nb_tbs ? (tcg_ctx.code_gen_ptr -
1536 tcg_ctx.code_gen_buffer) /
1537 tcg_ctx.tb_ctx.nb_tbs : 0,
1538 target_code_size ? (double) (tcg_ctx.code_gen_ptr -
1539 tcg_ctx.code_gen_buffer) /
1540 target_code_size : 0);
1541 cpu_fprintf(f, "cross page TB count %d (%d%%)\n", cross_page,
1542 tcg_ctx.tb_ctx.nb_tbs ? (cross_page * 100) /
1543 tcg_ctx.tb_ctx.nb_tbs : 0);
1544 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
1546 tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp_count * 100) /
1547 tcg_ctx.tb_ctx.nb_tbs : 0,
1549 tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp2_count * 100) /
1550 tcg_ctx.tb_ctx.nb_tbs : 0);
1551 cpu_fprintf(f, "\nStatistics:\n");
1552 cpu_fprintf(f, "TB flush count %d\n", tcg_ctx.tb_ctx.tb_flush_count);
1553 cpu_fprintf(f, "TB invalidate count %d\n",
1554 tcg_ctx.tb_ctx.tb_phys_invalidate_count);
1555 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
1556 tcg_dump_info(f, cpu_fprintf);
1559 #else /* CONFIG_USER_ONLY */
1561 void cpu_interrupt(CPUState *cpu, int mask)
1563 cpu->interrupt_request |= mask;
1564 cpu->tcg_exit_req = 1;
1568 * Walks guest process memory "regions" one by one
1569 * and calls callback function 'fn' for each region.
1571 struct walk_memory_regions_data {
1572 walk_memory_regions_fn fn;
1578 static int walk_memory_regions_end(struct walk_memory_regions_data *data,
1579 abi_ulong end, int new_prot)
1581 if (data->start != -1ul) {
1582 int rc = data->fn(data->priv, data->start, end, data->prot);
1588 data->start = (new_prot ? end : -1ul);
1589 data->prot = new_prot;
1594 static int walk_memory_regions_1(struct walk_memory_regions_data *data,
1595 abi_ulong base, int level, void **lp)
1601 return walk_memory_regions_end(data, base, 0);
1607 for (i = 0; i < V_L2_SIZE; ++i) {
1608 int prot = pd[i].flags;
1610 pa = base | (i << TARGET_PAGE_BITS);
1611 if (prot != data->prot) {
1612 rc = walk_memory_regions_end(data, pa, prot);
1621 for (i = 0; i < V_L2_SIZE; ++i) {
1622 pa = base | ((abi_ulong)i <<
1623 (TARGET_PAGE_BITS + V_L2_BITS * level));
1624 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
1634 int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
1636 struct walk_memory_regions_data data;
1644 for (i = 0; i < V_L1_SIZE; i++) {
1645 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
1646 V_L1_SHIFT / V_L2_BITS - 1, l1_map + i);
1653 return walk_memory_regions_end(&data, 0, 0);
1656 static int dump_region(void *priv, abi_ulong start,
1657 abi_ulong end, unsigned long prot)
1659 FILE *f = (FILE *)priv;
1661 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
1662 " "TARGET_ABI_FMT_lx" %c%c%c\n",
1663 start, end, end - start,
1664 ((prot & PAGE_READ) ? 'r' : '-'),
1665 ((prot & PAGE_WRITE) ? 'w' : '-'),
1666 ((prot & PAGE_EXEC) ? 'x' : '-'));
1671 /* dump memory mappings */
1672 void page_dump(FILE *f)
1674 const int length = sizeof(abi_ulong) * 2;
1675 (void) fprintf(f, "%-*s %-*s %-*s %s\n",
1676 length, "start", length, "end", length, "size", "prot");
1677 walk_memory_regions(f, dump_region);
1680 int page_get_flags(target_ulong address)
1684 p = page_find(address >> TARGET_PAGE_BITS);
1691 /* Modify the flags of a page and invalidate the code if necessary.
1692 The flag PAGE_WRITE_ORG is positioned automatically depending
1693 on PAGE_WRITE. The mmap_lock should already be held. */
1694 void page_set_flags(target_ulong start, target_ulong end, int flags)
1696 target_ulong addr, len;
1698 /* This function should never be called with addresses outside the
1699 guest address space. If this assert fires, it probably indicates
1700 a missing call to h2g_valid. */
1701 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
1702 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
1704 assert(start < end);
1706 start = start & TARGET_PAGE_MASK;
1707 end = TARGET_PAGE_ALIGN(end);
1709 if (flags & PAGE_WRITE) {
1710 flags |= PAGE_WRITE_ORG;
1713 for (addr = start, len = end - start;
1715 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
1716 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
1718 /* If the write protection bit is set, then we invalidate
1720 if (!(p->flags & PAGE_WRITE) &&
1721 (flags & PAGE_WRITE) &&
1723 tb_invalidate_phys_page(addr, 0, NULL, false);
1729 int page_check_range(target_ulong start, target_ulong len, int flags)
1735 /* This function should never be called with addresses outside the
1736 guest address space. If this assert fires, it probably indicates
1737 a missing call to h2g_valid. */
1738 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
1739 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
1745 if (start + len - 1 < start) {
1746 /* We've wrapped around. */
1750 /* must do before we loose bits in the next step */
1751 end = TARGET_PAGE_ALIGN(start + len);
1752 start = start & TARGET_PAGE_MASK;
1754 for (addr = start, len = end - start;
1756 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
1757 p = page_find(addr >> TARGET_PAGE_BITS);
1761 if (!(p->flags & PAGE_VALID)) {
1765 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ)) {
1768 if (flags & PAGE_WRITE) {
1769 if (!(p->flags & PAGE_WRITE_ORG)) {
1772 /* unprotect the page if it was put read-only because it
1773 contains translated code */
1774 if (!(p->flags & PAGE_WRITE)) {
1775 if (!page_unprotect(addr, 0, NULL)) {
1784 /* called from signal handler: invalidate the code and unprotect the
1785 page. Return TRUE if the fault was successfully handled. */
1786 int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
1790 target_ulong host_start, host_end, addr;
1792 /* Technically this isn't safe inside a signal handler. However we
1793 know this only ever happens in a synchronous SEGV handler, so in
1794 practice it seems to be ok. */
1797 p = page_find(address >> TARGET_PAGE_BITS);
1803 /* if the page was really writable, then we change its
1804 protection back to writable */
1805 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
1806 host_start = address & qemu_host_page_mask;
1807 host_end = host_start + qemu_host_page_size;
1810 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
1811 p = page_find(addr >> TARGET_PAGE_BITS);
1812 p->flags |= PAGE_WRITE;
1815 /* and since the content will be modified, we must invalidate
1816 the corresponding translated code. */
1817 tb_invalidate_phys_page(addr, pc, puc, true);
1818 #ifdef DEBUG_TB_CHECK
1819 tb_invalidate_check(addr);
1822 mprotect((void *)g2h(host_start), qemu_host_page_size,
1831 #endif /* CONFIG_USER_ONLY */
projects / qemu.git / blob