2 * emulator main execution loop
4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include "qemu-barrier.h"
26 int tb_invalidated_flag;
28 //#define CONFIG_DEBUG_EXEC
30 bool qemu_cpu_has_work(CPUArchState *env)
32 return cpu_has_work(env);
35 void cpu_loop_exit(CPUArchState *env)
37 env->current_tb = NULL;
38 longjmp(env->jmp_env, 1);
41 /* exit the current TB from a signal handler. The host registers are
42 restored in a state compatible with the CPU emulator
44 #if defined(CONFIG_SOFTMMU)
45 void cpu_resume_from_signal(CPUArchState *env, void *puc)
47 /* XXX: restore cpu registers saved in host registers */
49 env->exception_index = -1;
50 longjmp(env->jmp_env, 1);
54 /* Execute the code without caching the generated code. An interpreter
55 could be used if available. */
56 static void cpu_exec_nocache(CPUArchState *env, int max_cycles,
57 TranslationBlock *orig_tb)
59 tcg_target_ulong next_tb;
62 /* Should never happen.
63 We only end up here when an existing TB is too long. */
64 if (max_cycles > CF_COUNT_MASK)
65 max_cycles = CF_COUNT_MASK;
67 tb = tb_gen_code(env, orig_tb->pc, orig_tb->cs_base, orig_tb->flags,
70 /* execute the generated code */
71 next_tb = tcg_qemu_tb_exec(env, tb->tc_ptr);
72 env->current_tb = NULL;
74 if ((next_tb & 3) == 2) {
75 /* Restore PC. This may happen if async event occurs before
76 the TB starts executing. */
77 cpu_pc_from_tb(env, tb);
79 tb_phys_invalidate(tb, -1);
83 static TranslationBlock *tb_find_slow(CPUArchState *env,
88 TranslationBlock *tb, **ptb1;
90 tb_page_addr_t phys_pc, phys_page1;
91 target_ulong virt_page2;
93 tb_invalidated_flag = 0;
95 /* find translated block using physical mappings */
96 phys_pc = get_page_addr_code(env, pc);
97 phys_page1 = phys_pc & TARGET_PAGE_MASK;
98 h = tb_phys_hash_func(phys_pc);
99 ptb1 = &tb_phys_hash[h];
105 tb->page_addr[0] == phys_page1 &&
106 tb->cs_base == cs_base &&
107 tb->flags == flags) {
108 /* check next page if needed */
109 if (tb->page_addr[1] != -1) {
110 tb_page_addr_t phys_page2;
112 virt_page2 = (pc & TARGET_PAGE_MASK) +
114 phys_page2 = get_page_addr_code(env, virt_page2);
115 if (tb->page_addr[1] == phys_page2)
121 ptb1 = &tb->phys_hash_next;
124 /* if no translated code available, then translate it now */
125 tb = tb_gen_code(env, pc, cs_base, flags, 0);
128 /* Move the last found TB to the head of the list */
130 *ptb1 = tb->phys_hash_next;
131 tb->phys_hash_next = tb_phys_hash[h];
132 tb_phys_hash[h] = tb;
134 /* we add the TB in the virtual pc hash table */
135 env->tb_jmp_cache[tb_jmp_cache_hash_func(pc)] = tb;
139 static inline TranslationBlock *tb_find_fast(CPUArchState *env)
141 TranslationBlock *tb;
142 target_ulong cs_base, pc;
145 /* we record a subset of the CPU state. It will
146 always be the same before a given translated block
148 cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
149 tb = env->tb_jmp_cache[tb_jmp_cache_hash_func(pc)];
150 if (unlikely(!tb || tb->pc != pc || tb->cs_base != cs_base ||
151 tb->flags != flags)) {
152 tb = tb_find_slow(env, pc, cs_base, flags);
157 static CPUDebugExcpHandler *debug_excp_handler;
159 CPUDebugExcpHandler *cpu_set_debug_excp_handler(CPUDebugExcpHandler *handler)
161 CPUDebugExcpHandler *old_handler = debug_excp_handler;
163 debug_excp_handler = handler;
167 static void cpu_handle_debug_exception(CPUArchState *env)
171 if (!env->watchpoint_hit) {
172 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
173 wp->flags &= ~BP_WATCHPOINT_HIT;
176 if (debug_excp_handler) {
177 debug_excp_handler(env);
181 /* main execution loop */
183 volatile sig_atomic_t exit_request;
185 int cpu_exec(CPUArchState *env)
187 int ret, interrupt_request;
188 TranslationBlock *tb;
190 tcg_target_ulong next_tb;
193 if (!cpu_has_work(env)) {
200 cpu_single_env = env;
202 if (unlikely(exit_request)) {
203 env->exit_request = 1;
206 #if defined(TARGET_I386)
207 /* put eflags in CPU temporary format */
208 CC_SRC = env->eflags & (CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
209 DF = 1 - (2 * ((env->eflags >> 10) & 1));
210 CC_OP = CC_OP_EFLAGS;
211 env->eflags &= ~(DF_MASK | CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
212 #elif defined(TARGET_SPARC)
213 #elif defined(TARGET_M68K)
214 env->cc_op = CC_OP_FLAGS;
215 env->cc_dest = env->sr & 0xf;
216 env->cc_x = (env->sr >> 4) & 1;
217 #elif defined(TARGET_ALPHA)
218 #elif defined(TARGET_ARM)
219 #elif defined(TARGET_UNICORE32)
220 #elif defined(TARGET_PPC)
221 env->reserve_addr = -1;
222 #elif defined(TARGET_LM32)
223 #elif defined(TARGET_MICROBLAZE)
224 #elif defined(TARGET_MIPS)
225 #elif defined(TARGET_SH4)
226 #elif defined(TARGET_CRIS)
227 #elif defined(TARGET_S390X)
228 #elif defined(TARGET_XTENSA)
231 #error unsupported target CPU
233 env->exception_index = -1;
235 /* prepare setjmp context for exception handling */
237 if (setjmp(env->jmp_env) == 0) {
238 /* if an exception is pending, we execute it here */
239 if (env->exception_index >= 0) {
240 if (env->exception_index >= EXCP_INTERRUPT) {
241 /* exit request from the cpu execution loop */
242 ret = env->exception_index;
243 if (ret == EXCP_DEBUG) {
244 cpu_handle_debug_exception(env);
248 #if defined(CONFIG_USER_ONLY)
249 /* if user mode only, we simulate a fake exception
250 which will be handled outside the cpu execution
252 #if defined(TARGET_I386)
255 ret = env->exception_index;
259 env->exception_index = -1;
264 next_tb = 0; /* force lookup of first TB */
266 interrupt_request = env->interrupt_request;
267 if (unlikely(interrupt_request)) {
268 if (unlikely(env->singlestep_enabled & SSTEP_NOIRQ)) {
269 /* Mask out external interrupts for this step. */
270 interrupt_request &= ~CPU_INTERRUPT_SSTEP_MASK;
272 if (interrupt_request & CPU_INTERRUPT_DEBUG) {
273 env->interrupt_request &= ~CPU_INTERRUPT_DEBUG;
274 env->exception_index = EXCP_DEBUG;
277 #if defined(TARGET_ARM) || defined(TARGET_SPARC) || defined(TARGET_MIPS) || \
278 defined(TARGET_PPC) || defined(TARGET_ALPHA) || defined(TARGET_CRIS) || \
279 defined(TARGET_MICROBLAZE) || defined(TARGET_LM32) || defined(TARGET_UNICORE32)
280 if (interrupt_request & CPU_INTERRUPT_HALT) {
281 env->interrupt_request &= ~CPU_INTERRUPT_HALT;
283 env->exception_index = EXCP_HLT;
287 #if defined(TARGET_I386)
288 if (interrupt_request & CPU_INTERRUPT_INIT) {
289 svm_check_intercept(env, SVM_EXIT_INIT);
291 env->exception_index = EXCP_HALTED;
293 } else if (interrupt_request & CPU_INTERRUPT_SIPI) {
295 } else if (env->hflags2 & HF2_GIF_MASK) {
296 if ((interrupt_request & CPU_INTERRUPT_SMI) &&
297 !(env->hflags & HF_SMM_MASK)) {
298 svm_check_intercept(env, SVM_EXIT_SMI);
299 env->interrupt_request &= ~CPU_INTERRUPT_SMI;
302 } else if ((interrupt_request & CPU_INTERRUPT_NMI) &&
303 !(env->hflags2 & HF2_NMI_MASK)) {
304 env->interrupt_request &= ~CPU_INTERRUPT_NMI;
305 env->hflags2 |= HF2_NMI_MASK;
306 do_interrupt_x86_hardirq(env, EXCP02_NMI, 1);
308 } else if (interrupt_request & CPU_INTERRUPT_MCE) {
309 env->interrupt_request &= ~CPU_INTERRUPT_MCE;
310 do_interrupt_x86_hardirq(env, EXCP12_MCHK, 0);
312 } else if ((interrupt_request & CPU_INTERRUPT_HARD) &&
313 (((env->hflags2 & HF2_VINTR_MASK) &&
314 (env->hflags2 & HF2_HIF_MASK)) ||
315 (!(env->hflags2 & HF2_VINTR_MASK) &&
316 (env->eflags & IF_MASK &&
317 !(env->hflags & HF_INHIBIT_IRQ_MASK))))) {
319 svm_check_intercept(env, SVM_EXIT_INTR);
320 env->interrupt_request &= ~(CPU_INTERRUPT_HARD | CPU_INTERRUPT_VIRQ);
321 intno = cpu_get_pic_interrupt(env);
322 qemu_log_mask(CPU_LOG_TB_IN_ASM, "Servicing hardware INT=0x%02x\n", intno);
323 do_interrupt_x86_hardirq(env, intno, 1);
324 /* ensure that no TB jump will be modified as
325 the program flow was changed */
327 #if !defined(CONFIG_USER_ONLY)
328 } else if ((interrupt_request & CPU_INTERRUPT_VIRQ) &&
329 (env->eflags & IF_MASK) &&
330 !(env->hflags & HF_INHIBIT_IRQ_MASK)) {
332 /* FIXME: this should respect TPR */
333 svm_check_intercept(env, SVM_EXIT_VINTR);
334 intno = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.int_vector));
335 qemu_log_mask(CPU_LOG_TB_IN_ASM, "Servicing virtual hardware INT=0x%02x\n", intno);
336 do_interrupt_x86_hardirq(env, intno, 1);
337 env->interrupt_request &= ~CPU_INTERRUPT_VIRQ;
342 #elif defined(TARGET_PPC)
343 if ((interrupt_request & CPU_INTERRUPT_RESET)) {
344 cpu_state_reset(env);
346 if (interrupt_request & CPU_INTERRUPT_HARD) {
347 ppc_hw_interrupt(env);
348 if (env->pending_interrupts == 0)
349 env->interrupt_request &= ~CPU_INTERRUPT_HARD;
352 #elif defined(TARGET_LM32)
353 if ((interrupt_request & CPU_INTERRUPT_HARD)
354 && (env->ie & IE_IE)) {
355 env->exception_index = EXCP_IRQ;
359 #elif defined(TARGET_MICROBLAZE)
360 if ((interrupt_request & CPU_INTERRUPT_HARD)
361 && (env->sregs[SR_MSR] & MSR_IE)
362 && !(env->sregs[SR_MSR] & (MSR_EIP | MSR_BIP))
363 && !(env->iflags & (D_FLAG | IMM_FLAG))) {
364 env->exception_index = EXCP_IRQ;
368 #elif defined(TARGET_MIPS)
369 if ((interrupt_request & CPU_INTERRUPT_HARD) &&
370 cpu_mips_hw_interrupts_pending(env)) {
372 env->exception_index = EXCP_EXT_INTERRUPT;
377 #elif defined(TARGET_SPARC)
378 if (interrupt_request & CPU_INTERRUPT_HARD) {
379 if (cpu_interrupts_enabled(env) &&
380 env->interrupt_index > 0) {
381 int pil = env->interrupt_index & 0xf;
382 int type = env->interrupt_index & 0xf0;
384 if (((type == TT_EXTINT) &&
385 cpu_pil_allowed(env, pil)) ||
387 env->exception_index = env->interrupt_index;
393 #elif defined(TARGET_ARM)
394 if (interrupt_request & CPU_INTERRUPT_FIQ
395 && !(env->uncached_cpsr & CPSR_F)) {
396 env->exception_index = EXCP_FIQ;
400 /* ARMv7-M interrupt return works by loading a magic value
401 into the PC. On real hardware the load causes the
402 return to occur. The qemu implementation performs the
403 jump normally, then does the exception return when the
404 CPU tries to execute code at the magic address.
405 This will cause the magic PC value to be pushed to
406 the stack if an interrupt occurred at the wrong time.
407 We avoid this by disabling interrupts when
408 pc contains a magic address. */
409 if (interrupt_request & CPU_INTERRUPT_HARD
410 && ((IS_M(env) && env->regs[15] < 0xfffffff0)
411 || !(env->uncached_cpsr & CPSR_I))) {
412 env->exception_index = EXCP_IRQ;
416 #elif defined(TARGET_UNICORE32)
417 if (interrupt_request & CPU_INTERRUPT_HARD
418 && !(env->uncached_asr & ASR_I)) {
422 #elif defined(TARGET_SH4)
423 if (interrupt_request & CPU_INTERRUPT_HARD) {
427 #elif defined(TARGET_ALPHA)
430 /* ??? This hard-codes the OSF/1 interrupt levels. */
431 switch (env->pal_mode ? 7 : env->ps & PS_INT_MASK) {
433 if (interrupt_request & CPU_INTERRUPT_HARD) {
434 idx = EXCP_DEV_INTERRUPT;
438 if (interrupt_request & CPU_INTERRUPT_TIMER) {
439 idx = EXCP_CLK_INTERRUPT;
443 if (interrupt_request & CPU_INTERRUPT_SMP) {
444 idx = EXCP_SMP_INTERRUPT;
448 if (interrupt_request & CPU_INTERRUPT_MCHK) {
453 env->exception_index = idx;
459 #elif defined(TARGET_CRIS)
460 if (interrupt_request & CPU_INTERRUPT_HARD
461 && (env->pregs[PR_CCS] & I_FLAG)
462 && !env->locked_irq) {
463 env->exception_index = EXCP_IRQ;
467 if (interrupt_request & CPU_INTERRUPT_NMI
468 && (env->pregs[PR_CCS] & M_FLAG)) {
469 env->exception_index = EXCP_NMI;
473 #elif defined(TARGET_M68K)
474 if (interrupt_request & CPU_INTERRUPT_HARD
475 && ((env->sr & SR_I) >> SR_I_SHIFT)
476 < env->pending_level) {
477 /* Real hardware gets the interrupt vector via an
478 IACK cycle at this point. Current emulated
479 hardware doesn't rely on this, so we
480 provide/save the vector when the interrupt is
482 env->exception_index = env->pending_vector;
483 do_interrupt_m68k_hardirq(env);
486 #elif defined(TARGET_S390X) && !defined(CONFIG_USER_ONLY)
487 if ((interrupt_request & CPU_INTERRUPT_HARD) &&
488 (env->psw.mask & PSW_MASK_EXT)) {
492 #elif defined(TARGET_XTENSA)
493 if (interrupt_request & CPU_INTERRUPT_HARD) {
494 env->exception_index = EXC_IRQ;
499 /* Don't use the cached interrupt_request value,
500 do_interrupt may have updated the EXITTB flag. */
501 if (env->interrupt_request & CPU_INTERRUPT_EXITTB) {
502 env->interrupt_request &= ~CPU_INTERRUPT_EXITTB;
503 /* ensure that no TB jump will be modified as
504 the program flow was changed */
508 if (unlikely(env->exit_request)) {
509 env->exit_request = 0;
510 env->exception_index = EXCP_INTERRUPT;
513 #if defined(DEBUG_DISAS) || defined(CONFIG_DEBUG_EXEC)
514 if (qemu_loglevel_mask(CPU_LOG_TB_CPU)) {
515 /* restore flags in standard format */
516 #if defined(TARGET_I386)
517 env->eflags = env->eflags | cpu_cc_compute_all(env, CC_OP)
519 log_cpu_state(env, X86_DUMP_CCOP);
520 env->eflags &= ~(DF_MASK | CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
521 #elif defined(TARGET_M68K)
522 cpu_m68k_flush_flags(env, env->cc_op);
523 env->cc_op = CC_OP_FLAGS;
524 env->sr = (env->sr & 0xffe0)
525 | env->cc_dest | (env->cc_x << 4);
526 log_cpu_state(env, 0);
528 log_cpu_state(env, 0);
531 #endif /* DEBUG_DISAS || CONFIG_DEBUG_EXEC */
533 tb = tb_find_fast(env);
534 /* Note: we do it here to avoid a gcc bug on Mac OS X when
535 doing it in tb_find_slow */
536 if (tb_invalidated_flag) {
537 /* as some TB could have been invalidated because
538 of memory exceptions while generating the code, we
539 must recompute the hash index here */
541 tb_invalidated_flag = 0;
543 #ifdef CONFIG_DEBUG_EXEC
544 qemu_log_mask(CPU_LOG_EXEC, "Trace %p [" TARGET_FMT_lx "] %s\n",
546 lookup_symbol(tb->pc));
548 /* see if we can patch the calling TB. When the TB
549 spans two pages, we cannot safely do a direct
551 if (next_tb != 0 && tb->page_addr[1] == -1) {
552 tb_add_jump((TranslationBlock *)(next_tb & ~3), next_tb & 3, tb);
554 spin_unlock(&tb_lock);
556 /* cpu_interrupt might be called while translating the
557 TB, but before it is linked into a potentially
558 infinite loop and becomes env->current_tb. Avoid
559 starting execution if there is a pending interrupt. */
560 env->current_tb = tb;
562 if (likely(!env->exit_request)) {
564 /* execute the generated code */
565 next_tb = tcg_qemu_tb_exec(env, tc_ptr);
566 if ((next_tb & 3) == 2) {
567 /* Instruction counter expired. */
569 tb = (TranslationBlock *)(next_tb & ~3);
571 cpu_pc_from_tb(env, tb);
572 insns_left = env->icount_decr.u32;
573 if (env->icount_extra && insns_left >= 0) {
574 /* Refill decrementer and continue execution. */
575 env->icount_extra += insns_left;
576 if (env->icount_extra > 0xffff) {
579 insns_left = env->icount_extra;
581 env->icount_extra -= insns_left;
582 env->icount_decr.u16.low = insns_left;
584 if (insns_left > 0) {
585 /* Execute remaining instructions. */
586 cpu_exec_nocache(env, insns_left, tb);
588 env->exception_index = EXCP_INTERRUPT;
594 env->current_tb = NULL;
595 /* reset soft MMU for next block (it can currently
596 only be set by a memory fault) */
599 /* Reload env after longjmp - the compiler may have smashed all
600 * local variables as longjmp is marked 'noreturn'. */
601 env = cpu_single_env;
606 #if defined(TARGET_I386)
607 /* restore flags in standard format */
608 env->eflags = env->eflags | cpu_cc_compute_all(env, CC_OP)
610 #elif defined(TARGET_ARM)
611 /* XXX: Save/restore host fpu exception state?. */
612 #elif defined(TARGET_UNICORE32)
613 #elif defined(TARGET_SPARC)
614 #elif defined(TARGET_PPC)
615 #elif defined(TARGET_LM32)
616 #elif defined(TARGET_M68K)
617 cpu_m68k_flush_flags(env, env->cc_op);
618 env->cc_op = CC_OP_FLAGS;
619 env->sr = (env->sr & 0xffe0)
620 | env->cc_dest | (env->cc_x << 4);
621 #elif defined(TARGET_MICROBLAZE)
622 #elif defined(TARGET_MIPS)
623 #elif defined(TARGET_SH4)
624 #elif defined(TARGET_ALPHA)
625 #elif defined(TARGET_CRIS)
626 #elif defined(TARGET_S390X)
627 #elif defined(TARGET_XTENSA)
630 #error unsupported target CPU
633 /* fail safe : never use cpu_single_env outside cpu_exec() */
634 cpu_single_env = NULL;
projects / qemu.git / blob