2 * emulator main execution loop
4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include "qemu-barrier.h"
26 int tb_invalidated_flag;
28 //#define CONFIG_DEBUG_EXEC
30 bool qemu_cpu_has_work(CPUArchState *env)
32 return cpu_has_work(env);
35 void cpu_loop_exit(CPUArchState *env)
37 env->current_tb = NULL;
38 longjmp(env->jmp_env, 1);
41 /* exit the current TB from a signal handler. The host registers are
42 restored in a state compatible with the CPU emulator
44 #if defined(CONFIG_SOFTMMU)
45 void cpu_resume_from_signal(CPUArchState *env, void *puc)
47 /* XXX: restore cpu registers saved in host registers */
49 env->exception_index = -1;
50 longjmp(env->jmp_env, 1);
54 /* Execute the code without caching the generated code. An interpreter
55 could be used if available. */
56 static void cpu_exec_nocache(CPUArchState *env, int max_cycles,
57 TranslationBlock *orig_tb)
59 tcg_target_ulong next_tb;
62 /* Should never happen.
63 We only end up here when an existing TB is too long. */
64 if (max_cycles > CF_COUNT_MASK)
65 max_cycles = CF_COUNT_MASK;
67 tb = tb_gen_code(env, orig_tb->pc, orig_tb->cs_base, orig_tb->flags,
70 /* execute the generated code */
71 next_tb = tcg_qemu_tb_exec(env, tb->tc_ptr);
72 env->current_tb = NULL;
74 if ((next_tb & 3) == 2) {
75 /* Restore PC. This may happen if async event occurs before
76 the TB starts executing. */
77 cpu_pc_from_tb(env, tb);
79 tb_phys_invalidate(tb, -1);
83 static TranslationBlock *tb_find_slow(CPUArchState *env,
88 TranslationBlock *tb, **ptb1;
90 tb_page_addr_t phys_pc, phys_page1;
91 target_ulong virt_page2;
93 tb_invalidated_flag = 0;
95 /* find translated block using physical mappings */
96 phys_pc = get_page_addr_code(env, pc);
97 phys_page1 = phys_pc & TARGET_PAGE_MASK;
98 h = tb_phys_hash_func(phys_pc);
99 ptb1 = &tb_phys_hash[h];
105 tb->page_addr[0] == phys_page1 &&
106 tb->cs_base == cs_base &&
107 tb->flags == flags) {
108 /* check next page if needed */
109 if (tb->page_addr[1] != -1) {
110 tb_page_addr_t phys_page2;
112 virt_page2 = (pc & TARGET_PAGE_MASK) +
114 phys_page2 = get_page_addr_code(env, virt_page2);
115 if (tb->page_addr[1] == phys_page2)
121 ptb1 = &tb->phys_hash_next;
124 /* if no translated code available, then translate it now */
125 tb = tb_gen_code(env, pc, cs_base, flags, 0);
128 /* Move the last found TB to the head of the list */
130 *ptb1 = tb->phys_hash_next;
131 tb->phys_hash_next = tb_phys_hash[h];
132 tb_phys_hash[h] = tb;
134 /* we add the TB in the virtual pc hash table */
135 env->tb_jmp_cache[tb_jmp_cache_hash_func(pc)] = tb;
139 static inline TranslationBlock *tb_find_fast(CPUArchState *env)
141 TranslationBlock *tb;
142 target_ulong cs_base, pc;
145 /* we record a subset of the CPU state. It will
146 always be the same before a given translated block
148 cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
149 tb = env->tb_jmp_cache[tb_jmp_cache_hash_func(pc)];
150 if (unlikely(!tb || tb->pc != pc || tb->cs_base != cs_base ||
151 tb->flags != flags)) {
152 tb = tb_find_slow(env, pc, cs_base, flags);
157 static CPUDebugExcpHandler *debug_excp_handler;
159 void cpu_set_debug_excp_handler(CPUDebugExcpHandler *handler)
161 debug_excp_handler = handler;
164 static void cpu_handle_debug_exception(CPUArchState *env)
168 if (!env->watchpoint_hit) {
169 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
170 wp->flags &= ~BP_WATCHPOINT_HIT;
173 if (debug_excp_handler) {
174 debug_excp_handler(env);
178 /* main execution loop */
180 volatile sig_atomic_t exit_request;
182 int cpu_exec(CPUArchState *env)
185 CPUState *cpu = ENV_GET_CPU(env);
187 int ret, interrupt_request;
188 TranslationBlock *tb;
190 tcg_target_ulong next_tb;
193 if (!cpu_has_work(env)) {
200 cpu_single_env = env;
202 if (unlikely(exit_request)) {
203 env->exit_request = 1;
206 #if defined(TARGET_I386)
207 /* put eflags in CPU temporary format */
208 CC_SRC = env->eflags & (CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
209 DF = 1 - (2 * ((env->eflags >> 10) & 1));
210 CC_OP = CC_OP_EFLAGS;
211 env->eflags &= ~(DF_MASK | CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
212 #elif defined(TARGET_SPARC)
213 #elif defined(TARGET_M68K)
214 env->cc_op = CC_OP_FLAGS;
215 env->cc_dest = env->sr & 0xf;
216 env->cc_x = (env->sr >> 4) & 1;
217 #elif defined(TARGET_ALPHA)
218 #elif defined(TARGET_ARM)
219 #elif defined(TARGET_UNICORE32)
220 #elif defined(TARGET_PPC)
221 env->reserve_addr = -1;
222 #elif defined(TARGET_LM32)
223 #elif defined(TARGET_MICROBLAZE)
224 #elif defined(TARGET_MIPS)
225 #elif defined(TARGET_SH4)
226 #elif defined(TARGET_CRIS)
227 #elif defined(TARGET_S390X)
228 #elif defined(TARGET_XTENSA)
231 #error unsupported target CPU
233 env->exception_index = -1;
235 /* prepare setjmp context for exception handling */
237 if (setjmp(env->jmp_env) == 0) {
238 /* if an exception is pending, we execute it here */
239 if (env->exception_index >= 0) {
240 if (env->exception_index >= EXCP_INTERRUPT) {
241 /* exit request from the cpu execution loop */
242 ret = env->exception_index;
243 if (ret == EXCP_DEBUG) {
244 cpu_handle_debug_exception(env);
248 #if defined(CONFIG_USER_ONLY)
249 /* if user mode only, we simulate a fake exception
250 which will be handled outside the cpu execution
252 #if defined(TARGET_I386)
255 ret = env->exception_index;
259 env->exception_index = -1;
264 next_tb = 0; /* force lookup of first TB */
266 interrupt_request = env->interrupt_request;
267 if (unlikely(interrupt_request)) {
268 if (unlikely(env->singlestep_enabled & SSTEP_NOIRQ)) {
269 /* Mask out external interrupts for this step. */
270 interrupt_request &= ~CPU_INTERRUPT_SSTEP_MASK;
272 if (interrupt_request & CPU_INTERRUPT_DEBUG) {
273 env->interrupt_request &= ~CPU_INTERRUPT_DEBUG;
274 env->exception_index = EXCP_DEBUG;
277 #if defined(TARGET_ARM) || defined(TARGET_SPARC) || defined(TARGET_MIPS) || \
278 defined(TARGET_PPC) || defined(TARGET_ALPHA) || defined(TARGET_CRIS) || \
279 defined(TARGET_MICROBLAZE) || defined(TARGET_LM32) || defined(TARGET_UNICORE32)
280 if (interrupt_request & CPU_INTERRUPT_HALT) {
281 env->interrupt_request &= ~CPU_INTERRUPT_HALT;
283 env->exception_index = EXCP_HLT;
287 #if defined(TARGET_I386)
288 if (interrupt_request & CPU_INTERRUPT_INIT) {
289 svm_check_intercept(env, SVM_EXIT_INIT);
290 do_cpu_init(x86_env_get_cpu(env));
291 env->exception_index = EXCP_HALTED;
293 } else if (interrupt_request & CPU_INTERRUPT_SIPI) {
294 do_cpu_sipi(x86_env_get_cpu(env));
295 } else if (env->hflags2 & HF2_GIF_MASK) {
296 if ((interrupt_request & CPU_INTERRUPT_SMI) &&
297 !(env->hflags & HF_SMM_MASK)) {
298 svm_check_intercept(env, SVM_EXIT_SMI);
299 env->interrupt_request &= ~CPU_INTERRUPT_SMI;
302 } else if ((interrupt_request & CPU_INTERRUPT_NMI) &&
303 !(env->hflags2 & HF2_NMI_MASK)) {
304 env->interrupt_request &= ~CPU_INTERRUPT_NMI;
305 env->hflags2 |= HF2_NMI_MASK;
306 do_interrupt_x86_hardirq(env, EXCP02_NMI, 1);
308 } else if (interrupt_request & CPU_INTERRUPT_MCE) {
309 env->interrupt_request &= ~CPU_INTERRUPT_MCE;
310 do_interrupt_x86_hardirq(env, EXCP12_MCHK, 0);
312 } else if ((interrupt_request & CPU_INTERRUPT_HARD) &&
313 (((env->hflags2 & HF2_VINTR_MASK) &&
314 (env->hflags2 & HF2_HIF_MASK)) ||
315 (!(env->hflags2 & HF2_VINTR_MASK) &&
316 (env->eflags & IF_MASK &&
317 !(env->hflags & HF_INHIBIT_IRQ_MASK))))) {
319 svm_check_intercept(env, SVM_EXIT_INTR);
320 env->interrupt_request &= ~(CPU_INTERRUPT_HARD | CPU_INTERRUPT_VIRQ);
321 intno = cpu_get_pic_interrupt(env);
322 qemu_log_mask(CPU_LOG_TB_IN_ASM, "Servicing hardware INT=0x%02x\n", intno);
323 do_interrupt_x86_hardirq(env, intno, 1);
324 /* ensure that no TB jump will be modified as
325 the program flow was changed */
327 #if !defined(CONFIG_USER_ONLY)
328 } else if ((interrupt_request & CPU_INTERRUPT_VIRQ) &&
329 (env->eflags & IF_MASK) &&
330 !(env->hflags & HF_INHIBIT_IRQ_MASK)) {
332 /* FIXME: this should respect TPR */
333 svm_check_intercept(env, SVM_EXIT_VINTR);
334 intno = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.int_vector));
335 qemu_log_mask(CPU_LOG_TB_IN_ASM, "Servicing virtual hardware INT=0x%02x\n", intno);
336 do_interrupt_x86_hardirq(env, intno, 1);
337 env->interrupt_request &= ~CPU_INTERRUPT_VIRQ;
342 #elif defined(TARGET_PPC)
343 if ((interrupt_request & CPU_INTERRUPT_RESET)) {
346 if (interrupt_request & CPU_INTERRUPT_HARD) {
347 ppc_hw_interrupt(env);
348 if (env->pending_interrupts == 0)
349 env->interrupt_request &= ~CPU_INTERRUPT_HARD;
352 #elif defined(TARGET_LM32)
353 if ((interrupt_request & CPU_INTERRUPT_HARD)
354 && (env->ie & IE_IE)) {
355 env->exception_index = EXCP_IRQ;
359 #elif defined(TARGET_MICROBLAZE)
360 if ((interrupt_request & CPU_INTERRUPT_HARD)
361 && (env->sregs[SR_MSR] & MSR_IE)
362 && !(env->sregs[SR_MSR] & (MSR_EIP | MSR_BIP))
363 && !(env->iflags & (D_FLAG | IMM_FLAG))) {
364 env->exception_index = EXCP_IRQ;
368 #elif defined(TARGET_MIPS)
369 if ((interrupt_request & CPU_INTERRUPT_HARD) &&
370 cpu_mips_hw_interrupts_pending(env)) {
372 env->exception_index = EXCP_EXT_INTERRUPT;
377 #elif defined(TARGET_SPARC)
378 if (interrupt_request & CPU_INTERRUPT_HARD) {
379 if (cpu_interrupts_enabled(env) &&
380 env->interrupt_index > 0) {
381 int pil = env->interrupt_index & 0xf;
382 int type = env->interrupt_index & 0xf0;
384 if (((type == TT_EXTINT) &&
385 cpu_pil_allowed(env, pil)) ||
387 env->exception_index = env->interrupt_index;
393 #elif defined(TARGET_ARM)
394 if (interrupt_request & CPU_INTERRUPT_FIQ
395 && !(env->uncached_cpsr & CPSR_F)) {
396 env->exception_index = EXCP_FIQ;
400 /* ARMv7-M interrupt return works by loading a magic value
401 into the PC. On real hardware the load causes the
402 return to occur. The qemu implementation performs the
403 jump normally, then does the exception return when the
404 CPU tries to execute code at the magic address.
405 This will cause the magic PC value to be pushed to
406 the stack if an interrupt occurred at the wrong time.
407 We avoid this by disabling interrupts when
408 pc contains a magic address. */
409 if (interrupt_request & CPU_INTERRUPT_HARD
410 && ((IS_M(env) && env->regs[15] < 0xfffffff0)
411 || !(env->uncached_cpsr & CPSR_I))) {
412 env->exception_index = EXCP_IRQ;
416 #elif defined(TARGET_UNICORE32)
417 if (interrupt_request & CPU_INTERRUPT_HARD
418 && !(env->uncached_asr & ASR_I)) {
422 #elif defined(TARGET_SH4)
423 if (interrupt_request & CPU_INTERRUPT_HARD) {
427 #elif defined(TARGET_ALPHA)
430 /* ??? This hard-codes the OSF/1 interrupt levels. */
431 switch (env->pal_mode ? 7 : env->ps & PS_INT_MASK) {
433 if (interrupt_request & CPU_INTERRUPT_HARD) {
434 idx = EXCP_DEV_INTERRUPT;
438 if (interrupt_request & CPU_INTERRUPT_TIMER) {
439 idx = EXCP_CLK_INTERRUPT;
443 if (interrupt_request & CPU_INTERRUPT_SMP) {
444 idx = EXCP_SMP_INTERRUPT;
448 if (interrupt_request & CPU_INTERRUPT_MCHK) {
453 env->exception_index = idx;
459 #elif defined(TARGET_CRIS)
460 if (interrupt_request & CPU_INTERRUPT_HARD
461 && (env->pregs[PR_CCS] & I_FLAG)
462 && !env->locked_irq) {
463 env->exception_index = EXCP_IRQ;
467 if (interrupt_request & CPU_INTERRUPT_NMI) {
468 unsigned int m_flag_archval;
469 if (env->pregs[PR_VR] < 32) {
470 m_flag_archval = M_FLAG_V10;
472 m_flag_archval = M_FLAG_V32;
474 if ((env->pregs[PR_CCS] & m_flag_archval)) {
475 env->exception_index = EXCP_NMI;
480 #elif defined(TARGET_M68K)
481 if (interrupt_request & CPU_INTERRUPT_HARD
482 && ((env->sr & SR_I) >> SR_I_SHIFT)
483 < env->pending_level) {
484 /* Real hardware gets the interrupt vector via an
485 IACK cycle at this point. Current emulated
486 hardware doesn't rely on this, so we
487 provide/save the vector when the interrupt is
489 env->exception_index = env->pending_vector;
490 do_interrupt_m68k_hardirq(env);
493 #elif defined(TARGET_S390X) && !defined(CONFIG_USER_ONLY)
494 if ((interrupt_request & CPU_INTERRUPT_HARD) &&
495 (env->psw.mask & PSW_MASK_EXT)) {
499 #elif defined(TARGET_XTENSA)
500 if (interrupt_request & CPU_INTERRUPT_HARD) {
501 env->exception_index = EXC_IRQ;
506 /* Don't use the cached interrupt_request value,
507 do_interrupt may have updated the EXITTB flag. */
508 if (env->interrupt_request & CPU_INTERRUPT_EXITTB) {
509 env->interrupt_request &= ~CPU_INTERRUPT_EXITTB;
510 /* ensure that no TB jump will be modified as
511 the program flow was changed */
515 if (unlikely(env->exit_request)) {
516 env->exit_request = 0;
517 env->exception_index = EXCP_INTERRUPT;
520 #if defined(DEBUG_DISAS) || defined(CONFIG_DEBUG_EXEC)
521 if (qemu_loglevel_mask(CPU_LOG_TB_CPU)) {
522 /* restore flags in standard format */
523 #if defined(TARGET_I386)
524 env->eflags = env->eflags | cpu_cc_compute_all(env, CC_OP)
526 log_cpu_state(env, X86_DUMP_CCOP);
527 env->eflags &= ~(DF_MASK | CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
528 #elif defined(TARGET_M68K)
529 cpu_m68k_flush_flags(env, env->cc_op);
530 env->cc_op = CC_OP_FLAGS;
531 env->sr = (env->sr & 0xffe0)
532 | env->cc_dest | (env->cc_x << 4);
533 log_cpu_state(env, 0);
535 log_cpu_state(env, 0);
538 #endif /* DEBUG_DISAS || CONFIG_DEBUG_EXEC */
540 tb = tb_find_fast(env);
541 /* Note: we do it here to avoid a gcc bug on Mac OS X when
542 doing it in tb_find_slow */
543 if (tb_invalidated_flag) {
544 /* as some TB could have been invalidated because
545 of memory exceptions while generating the code, we
546 must recompute the hash index here */
548 tb_invalidated_flag = 0;
550 #ifdef CONFIG_DEBUG_EXEC
551 qemu_log_mask(CPU_LOG_EXEC, "Trace %p [" TARGET_FMT_lx "] %s\n",
553 lookup_symbol(tb->pc));
555 /* see if we can patch the calling TB. When the TB
556 spans two pages, we cannot safely do a direct
558 if (next_tb != 0 && tb->page_addr[1] == -1) {
559 tb_add_jump((TranslationBlock *)(next_tb & ~3), next_tb & 3, tb);
561 spin_unlock(&tb_lock);
563 /* cpu_interrupt might be called while translating the
564 TB, but before it is linked into a potentially
565 infinite loop and becomes env->current_tb. Avoid
566 starting execution if there is a pending interrupt. */
567 env->current_tb = tb;
569 if (likely(!env->exit_request)) {
571 /* execute the generated code */
572 next_tb = tcg_qemu_tb_exec(env, tc_ptr);
573 if ((next_tb & 3) == 2) {
574 /* Instruction counter expired. */
576 tb = (TranslationBlock *)(next_tb & ~3);
578 cpu_pc_from_tb(env, tb);
579 insns_left = env->icount_decr.u32;
580 if (env->icount_extra && insns_left >= 0) {
581 /* Refill decrementer and continue execution. */
582 env->icount_extra += insns_left;
583 if (env->icount_extra > 0xffff) {
586 insns_left = env->icount_extra;
588 env->icount_extra -= insns_left;
589 env->icount_decr.u16.low = insns_left;
591 if (insns_left > 0) {
592 /* Execute remaining instructions. */
593 cpu_exec_nocache(env, insns_left, tb);
595 env->exception_index = EXCP_INTERRUPT;
601 env->current_tb = NULL;
602 /* reset soft MMU for next block (it can currently
603 only be set by a memory fault) */
606 /* Reload env after longjmp - the compiler may have smashed all
607 * local variables as longjmp is marked 'noreturn'. */
608 env = cpu_single_env;
613 #if defined(TARGET_I386)
614 /* restore flags in standard format */
615 env->eflags = env->eflags | cpu_cc_compute_all(env, CC_OP)
617 #elif defined(TARGET_ARM)
618 /* XXX: Save/restore host fpu exception state?. */
619 #elif defined(TARGET_UNICORE32)
620 #elif defined(TARGET_SPARC)
621 #elif defined(TARGET_PPC)
622 #elif defined(TARGET_LM32)
623 #elif defined(TARGET_M68K)
624 cpu_m68k_flush_flags(env, env->cc_op);
625 env->cc_op = CC_OP_FLAGS;
626 env->sr = (env->sr & 0xffe0)
627 | env->cc_dest | (env->cc_x << 4);
628 #elif defined(TARGET_MICROBLAZE)
629 #elif defined(TARGET_MIPS)
630 #elif defined(TARGET_SH4)
631 #elif defined(TARGET_ALPHA)
632 #elif defined(TARGET_CRIS)
633 #elif defined(TARGET_S390X)
634 #elif defined(TARGET_XTENSA)
637 #error unsupported target CPU
640 /* fail safe : never use cpu_single_env outside cpu_exec() */
641 cpu_single_env = NULL;
projects / qemu.git / blob