2 * emulator main execution loop
4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include "qemu-barrier.h"
26 int tb_invalidated_flag;
28 //#define CONFIG_DEBUG_EXEC
30 bool qemu_cpu_has_work(CPUArchState *env)
32 return cpu_has_work(env);
35 void cpu_loop_exit(CPUArchState *env)
37 env->current_tb = NULL;
38 longjmp(env->jmp_env, 1);
41 /* exit the current TB from a signal handler. The host registers are
42 restored in a state compatible with the CPU emulator
44 #if defined(CONFIG_SOFTMMU)
45 void cpu_resume_from_signal(CPUArchState *env, void *puc)
47 /* XXX: restore cpu registers saved in host registers */
49 env->exception_index = -1;
50 longjmp(env->jmp_env, 1);
54 /* Execute the code without caching the generated code. An interpreter
55 could be used if available. */
56 static void cpu_exec_nocache(CPUArchState *env, int max_cycles,
57 TranslationBlock *orig_tb)
59 tcg_target_ulong next_tb;
62 /* Should never happen.
63 We only end up here when an existing TB is too long. */
64 if (max_cycles > CF_COUNT_MASK)
65 max_cycles = CF_COUNT_MASK;
67 tb = tb_gen_code(env, orig_tb->pc, orig_tb->cs_base, orig_tb->flags,
70 /* execute the generated code */
71 next_tb = tcg_qemu_tb_exec(env, tb->tc_ptr);
72 env->current_tb = NULL;
74 if ((next_tb & 3) == 2) {
75 /* Restore PC. This may happen if async event occurs before
76 the TB starts executing. */
77 cpu_pc_from_tb(env, tb);
79 tb_phys_invalidate(tb, -1);
83 static TranslationBlock *tb_find_slow(CPUArchState *env,
88 TranslationBlock *tb, **ptb1;
90 tb_page_addr_t phys_pc, phys_page1;
91 target_ulong virt_page2;
93 tb_invalidated_flag = 0;
95 /* find translated block using physical mappings */
96 phys_pc = get_page_addr_code(env, pc);
97 phys_page1 = phys_pc & TARGET_PAGE_MASK;
98 h = tb_phys_hash_func(phys_pc);
99 ptb1 = &tb_phys_hash[h];
105 tb->page_addr[0] == phys_page1 &&
106 tb->cs_base == cs_base &&
107 tb->flags == flags) {
108 /* check next page if needed */
109 if (tb->page_addr[1] != -1) {
110 tb_page_addr_t phys_page2;
112 virt_page2 = (pc & TARGET_PAGE_MASK) +
114 phys_page2 = get_page_addr_code(env, virt_page2);
115 if (tb->page_addr[1] == phys_page2)
121 ptb1 = &tb->phys_hash_next;
124 /* if no translated code available, then translate it now */
125 tb = tb_gen_code(env, pc, cs_base, flags, 0);
128 /* Move the last found TB to the head of the list */
130 *ptb1 = tb->phys_hash_next;
131 tb->phys_hash_next = tb_phys_hash[h];
132 tb_phys_hash[h] = tb;
134 /* we add the TB in the virtual pc hash table */
135 env->tb_jmp_cache[tb_jmp_cache_hash_func(pc)] = tb;
139 static inline TranslationBlock *tb_find_fast(CPUArchState *env)
141 TranslationBlock *tb;
142 target_ulong cs_base, pc;
145 /* we record a subset of the CPU state. It will
146 always be the same before a given translated block
148 cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
149 tb = env->tb_jmp_cache[tb_jmp_cache_hash_func(pc)];
150 if (unlikely(!tb || tb->pc != pc || tb->cs_base != cs_base ||
151 tb->flags != flags)) {
152 tb = tb_find_slow(env, pc, cs_base, flags);
157 static CPUDebugExcpHandler *debug_excp_handler;
159 CPUDebugExcpHandler *cpu_set_debug_excp_handler(CPUDebugExcpHandler *handler)
161 CPUDebugExcpHandler *old_handler = debug_excp_handler;
163 debug_excp_handler = handler;
167 static void cpu_handle_debug_exception(CPUArchState *env)
171 if (!env->watchpoint_hit) {
172 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
173 wp->flags &= ~BP_WATCHPOINT_HIT;
176 if (debug_excp_handler) {
177 debug_excp_handler(env);
181 /* main execution loop */
183 volatile sig_atomic_t exit_request;
185 int cpu_exec(CPUArchState *env)
188 CPUState *cpu = ENV_GET_CPU(env);
190 int ret, interrupt_request;
191 TranslationBlock *tb;
193 tcg_target_ulong next_tb;
196 if (!cpu_has_work(env)) {
203 cpu_single_env = env;
205 if (unlikely(exit_request)) {
206 env->exit_request = 1;
209 #if defined(TARGET_I386)
210 /* put eflags in CPU temporary format */
211 CC_SRC = env->eflags & (CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
212 DF = 1 - (2 * ((env->eflags >> 10) & 1));
213 CC_OP = CC_OP_EFLAGS;
214 env->eflags &= ~(DF_MASK | CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
215 #elif defined(TARGET_SPARC)
216 #elif defined(TARGET_M68K)
217 env->cc_op = CC_OP_FLAGS;
218 env->cc_dest = env->sr & 0xf;
219 env->cc_x = (env->sr >> 4) & 1;
220 #elif defined(TARGET_ALPHA)
221 #elif defined(TARGET_ARM)
222 #elif defined(TARGET_UNICORE32)
223 #elif defined(TARGET_PPC)
224 env->reserve_addr = -1;
225 #elif defined(TARGET_LM32)
226 #elif defined(TARGET_MICROBLAZE)
227 #elif defined(TARGET_MIPS)
228 #elif defined(TARGET_SH4)
229 #elif defined(TARGET_CRIS)
230 #elif defined(TARGET_S390X)
231 #elif defined(TARGET_XTENSA)
234 #error unsupported target CPU
236 env->exception_index = -1;
238 /* prepare setjmp context for exception handling */
240 if (setjmp(env->jmp_env) == 0) {
241 /* if an exception is pending, we execute it here */
242 if (env->exception_index >= 0) {
243 if (env->exception_index >= EXCP_INTERRUPT) {
244 /* exit request from the cpu execution loop */
245 ret = env->exception_index;
246 if (ret == EXCP_DEBUG) {
247 cpu_handle_debug_exception(env);
251 #if defined(CONFIG_USER_ONLY)
252 /* if user mode only, we simulate a fake exception
253 which will be handled outside the cpu execution
255 #if defined(TARGET_I386)
258 ret = env->exception_index;
262 env->exception_index = -1;
267 next_tb = 0; /* force lookup of first TB */
269 interrupt_request = env->interrupt_request;
270 if (unlikely(interrupt_request)) {
271 if (unlikely(env->singlestep_enabled & SSTEP_NOIRQ)) {
272 /* Mask out external interrupts for this step. */
273 interrupt_request &= ~CPU_INTERRUPT_SSTEP_MASK;
275 if (interrupt_request & CPU_INTERRUPT_DEBUG) {
276 env->interrupt_request &= ~CPU_INTERRUPT_DEBUG;
277 env->exception_index = EXCP_DEBUG;
280 #if defined(TARGET_ARM) || defined(TARGET_SPARC) || defined(TARGET_MIPS) || \
281 defined(TARGET_PPC) || defined(TARGET_ALPHA) || defined(TARGET_CRIS) || \
282 defined(TARGET_MICROBLAZE) || defined(TARGET_LM32) || defined(TARGET_UNICORE32)
283 if (interrupt_request & CPU_INTERRUPT_HALT) {
284 env->interrupt_request &= ~CPU_INTERRUPT_HALT;
286 env->exception_index = EXCP_HLT;
290 #if defined(TARGET_I386)
291 if (interrupt_request & CPU_INTERRUPT_INIT) {
292 cpu_svm_check_intercept_param(env, SVM_EXIT_INIT,
294 do_cpu_init(x86_env_get_cpu(env));
295 env->exception_index = EXCP_HALTED;
297 } else if (interrupt_request & CPU_INTERRUPT_SIPI) {
298 do_cpu_sipi(x86_env_get_cpu(env));
299 } else if (env->hflags2 & HF2_GIF_MASK) {
300 if ((interrupt_request & CPU_INTERRUPT_SMI) &&
301 !(env->hflags & HF_SMM_MASK)) {
302 cpu_svm_check_intercept_param(env, SVM_EXIT_SMI,
304 env->interrupt_request &= ~CPU_INTERRUPT_SMI;
307 } else if ((interrupt_request & CPU_INTERRUPT_NMI) &&
308 !(env->hflags2 & HF2_NMI_MASK)) {
309 env->interrupt_request &= ~CPU_INTERRUPT_NMI;
310 env->hflags2 |= HF2_NMI_MASK;
311 do_interrupt_x86_hardirq(env, EXCP02_NMI, 1);
313 } else if (interrupt_request & CPU_INTERRUPT_MCE) {
314 env->interrupt_request &= ~CPU_INTERRUPT_MCE;
315 do_interrupt_x86_hardirq(env, EXCP12_MCHK, 0);
317 } else if ((interrupt_request & CPU_INTERRUPT_HARD) &&
318 (((env->hflags2 & HF2_VINTR_MASK) &&
319 (env->hflags2 & HF2_HIF_MASK)) ||
320 (!(env->hflags2 & HF2_VINTR_MASK) &&
321 (env->eflags & IF_MASK &&
322 !(env->hflags & HF_INHIBIT_IRQ_MASK))))) {
324 cpu_svm_check_intercept_param(env, SVM_EXIT_INTR,
326 env->interrupt_request &= ~(CPU_INTERRUPT_HARD | CPU_INTERRUPT_VIRQ);
327 intno = cpu_get_pic_interrupt(env);
328 qemu_log_mask(CPU_LOG_TB_IN_ASM, "Servicing hardware INT=0x%02x\n", intno);
329 do_interrupt_x86_hardirq(env, intno, 1);
330 /* ensure that no TB jump will be modified as
331 the program flow was changed */
333 #if !defined(CONFIG_USER_ONLY)
334 } else if ((interrupt_request & CPU_INTERRUPT_VIRQ) &&
335 (env->eflags & IF_MASK) &&
336 !(env->hflags & HF_INHIBIT_IRQ_MASK)) {
338 /* FIXME: this should respect TPR */
339 cpu_svm_check_intercept_param(env, SVM_EXIT_VINTR,
341 intno = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.int_vector));
342 qemu_log_mask(CPU_LOG_TB_IN_ASM, "Servicing virtual hardware INT=0x%02x\n", intno);
343 do_interrupt_x86_hardirq(env, intno, 1);
344 env->interrupt_request &= ~CPU_INTERRUPT_VIRQ;
349 #elif defined(TARGET_PPC)
350 if ((interrupt_request & CPU_INTERRUPT_RESET)) {
353 if (interrupt_request & CPU_INTERRUPT_HARD) {
354 ppc_hw_interrupt(env);
355 if (env->pending_interrupts == 0)
356 env->interrupt_request &= ~CPU_INTERRUPT_HARD;
359 #elif defined(TARGET_LM32)
360 if ((interrupt_request & CPU_INTERRUPT_HARD)
361 && (env->ie & IE_IE)) {
362 env->exception_index = EXCP_IRQ;
366 #elif defined(TARGET_MICROBLAZE)
367 if ((interrupt_request & CPU_INTERRUPT_HARD)
368 && (env->sregs[SR_MSR] & MSR_IE)
369 && !(env->sregs[SR_MSR] & (MSR_EIP | MSR_BIP))
370 && !(env->iflags & (D_FLAG | IMM_FLAG))) {
371 env->exception_index = EXCP_IRQ;
375 #elif defined(TARGET_MIPS)
376 if ((interrupt_request & CPU_INTERRUPT_HARD) &&
377 cpu_mips_hw_interrupts_pending(env)) {
379 env->exception_index = EXCP_EXT_INTERRUPT;
384 #elif defined(TARGET_SPARC)
385 if (interrupt_request & CPU_INTERRUPT_HARD) {
386 if (cpu_interrupts_enabled(env) &&
387 env->interrupt_index > 0) {
388 int pil = env->interrupt_index & 0xf;
389 int type = env->interrupt_index & 0xf0;
391 if (((type == TT_EXTINT) &&
392 cpu_pil_allowed(env, pil)) ||
394 env->exception_index = env->interrupt_index;
400 #elif defined(TARGET_ARM)
401 if (interrupt_request & CPU_INTERRUPT_FIQ
402 && !(env->uncached_cpsr & CPSR_F)) {
403 env->exception_index = EXCP_FIQ;
407 /* ARMv7-M interrupt return works by loading a magic value
408 into the PC. On real hardware the load causes the
409 return to occur. The qemu implementation performs the
410 jump normally, then does the exception return when the
411 CPU tries to execute code at the magic address.
412 This will cause the magic PC value to be pushed to
413 the stack if an interrupt occurred at the wrong time.
414 We avoid this by disabling interrupts when
415 pc contains a magic address. */
416 if (interrupt_request & CPU_INTERRUPT_HARD
417 && ((IS_M(env) && env->regs[15] < 0xfffffff0)
418 || !(env->uncached_cpsr & CPSR_I))) {
419 env->exception_index = EXCP_IRQ;
423 #elif defined(TARGET_UNICORE32)
424 if (interrupt_request & CPU_INTERRUPT_HARD
425 && !(env->uncached_asr & ASR_I)) {
429 #elif defined(TARGET_SH4)
430 if (interrupt_request & CPU_INTERRUPT_HARD) {
434 #elif defined(TARGET_ALPHA)
437 /* ??? This hard-codes the OSF/1 interrupt levels. */
438 switch (env->pal_mode ? 7 : env->ps & PS_INT_MASK) {
440 if (interrupt_request & CPU_INTERRUPT_HARD) {
441 idx = EXCP_DEV_INTERRUPT;
445 if (interrupt_request & CPU_INTERRUPT_TIMER) {
446 idx = EXCP_CLK_INTERRUPT;
450 if (interrupt_request & CPU_INTERRUPT_SMP) {
451 idx = EXCP_SMP_INTERRUPT;
455 if (interrupt_request & CPU_INTERRUPT_MCHK) {
460 env->exception_index = idx;
466 #elif defined(TARGET_CRIS)
467 if (interrupt_request & CPU_INTERRUPT_HARD
468 && (env->pregs[PR_CCS] & I_FLAG)
469 && !env->locked_irq) {
470 env->exception_index = EXCP_IRQ;
474 if (interrupt_request & CPU_INTERRUPT_NMI) {
475 unsigned int m_flag_archval;
476 if (env->pregs[PR_VR] < 32) {
477 m_flag_archval = M_FLAG_V10;
479 m_flag_archval = M_FLAG_V32;
481 if ((env->pregs[PR_CCS] & m_flag_archval)) {
482 env->exception_index = EXCP_NMI;
487 #elif defined(TARGET_M68K)
488 if (interrupt_request & CPU_INTERRUPT_HARD
489 && ((env->sr & SR_I) >> SR_I_SHIFT)
490 < env->pending_level) {
491 /* Real hardware gets the interrupt vector via an
492 IACK cycle at this point. Current emulated
493 hardware doesn't rely on this, so we
494 provide/save the vector when the interrupt is
496 env->exception_index = env->pending_vector;
497 do_interrupt_m68k_hardirq(env);
500 #elif defined(TARGET_S390X) && !defined(CONFIG_USER_ONLY)
501 if ((interrupt_request & CPU_INTERRUPT_HARD) &&
502 (env->psw.mask & PSW_MASK_EXT)) {
506 #elif defined(TARGET_XTENSA)
507 if (interrupt_request & CPU_INTERRUPT_HARD) {
508 env->exception_index = EXC_IRQ;
513 /* Don't use the cached interrupt_request value,
514 do_interrupt may have updated the EXITTB flag. */
515 if (env->interrupt_request & CPU_INTERRUPT_EXITTB) {
516 env->interrupt_request &= ~CPU_INTERRUPT_EXITTB;
517 /* ensure that no TB jump will be modified as
518 the program flow was changed */
522 if (unlikely(env->exit_request)) {
523 env->exit_request = 0;
524 env->exception_index = EXCP_INTERRUPT;
527 #if defined(DEBUG_DISAS) || defined(CONFIG_DEBUG_EXEC)
528 if (qemu_loglevel_mask(CPU_LOG_TB_CPU)) {
529 /* restore flags in standard format */
530 #if defined(TARGET_I386)
531 env->eflags = env->eflags | cpu_cc_compute_all(env, CC_OP)
533 log_cpu_state(env, X86_DUMP_CCOP);
534 env->eflags &= ~(DF_MASK | CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
535 #elif defined(TARGET_M68K)
536 cpu_m68k_flush_flags(env, env->cc_op);
537 env->cc_op = CC_OP_FLAGS;
538 env->sr = (env->sr & 0xffe0)
539 | env->cc_dest | (env->cc_x << 4);
540 log_cpu_state(env, 0);
542 log_cpu_state(env, 0);
545 #endif /* DEBUG_DISAS || CONFIG_DEBUG_EXEC */
547 tb = tb_find_fast(env);
548 /* Note: we do it here to avoid a gcc bug on Mac OS X when
549 doing it in tb_find_slow */
550 if (tb_invalidated_flag) {
551 /* as some TB could have been invalidated because
552 of memory exceptions while generating the code, we
553 must recompute the hash index here */
555 tb_invalidated_flag = 0;
557 #ifdef CONFIG_DEBUG_EXEC
558 qemu_log_mask(CPU_LOG_EXEC, "Trace %p [" TARGET_FMT_lx "] %s\n",
560 lookup_symbol(tb->pc));
562 /* see if we can patch the calling TB. When the TB
563 spans two pages, we cannot safely do a direct
565 if (next_tb != 0 && tb->page_addr[1] == -1) {
566 tb_add_jump((TranslationBlock *)(next_tb & ~3), next_tb & 3, tb);
568 spin_unlock(&tb_lock);
570 /* cpu_interrupt might be called while translating the
571 TB, but before it is linked into a potentially
572 infinite loop and becomes env->current_tb. Avoid
573 starting execution if there is a pending interrupt. */
574 env->current_tb = tb;
576 if (likely(!env->exit_request)) {
578 /* execute the generated code */
579 next_tb = tcg_qemu_tb_exec(env, tc_ptr);
580 if ((next_tb & 3) == 2) {
581 /* Instruction counter expired. */
583 tb = (TranslationBlock *)(next_tb & ~3);
585 cpu_pc_from_tb(env, tb);
586 insns_left = env->icount_decr.u32;
587 if (env->icount_extra && insns_left >= 0) {
588 /* Refill decrementer and continue execution. */
589 env->icount_extra += insns_left;
590 if (env->icount_extra > 0xffff) {
593 insns_left = env->icount_extra;
595 env->icount_extra -= insns_left;
596 env->icount_decr.u16.low = insns_left;
598 if (insns_left > 0) {
599 /* Execute remaining instructions. */
600 cpu_exec_nocache(env, insns_left, tb);
602 env->exception_index = EXCP_INTERRUPT;
608 env->current_tb = NULL;
609 /* reset soft MMU for next block (it can currently
610 only be set by a memory fault) */
613 /* Reload env after longjmp - the compiler may have smashed all
614 * local variables as longjmp is marked 'noreturn'. */
615 env = cpu_single_env;
620 #if defined(TARGET_I386)
621 /* restore flags in standard format */
622 env->eflags = env->eflags | cpu_cc_compute_all(env, CC_OP)
624 #elif defined(TARGET_ARM)
625 /* XXX: Save/restore host fpu exception state?. */
626 #elif defined(TARGET_UNICORE32)
627 #elif defined(TARGET_SPARC)
628 #elif defined(TARGET_PPC)
629 #elif defined(TARGET_LM32)
630 #elif defined(TARGET_M68K)
631 cpu_m68k_flush_flags(env, env->cc_op);
632 env->cc_op = CC_OP_FLAGS;
633 env->sr = (env->sr & 0xffe0)
634 | env->cc_dest | (env->cc_x << 4);
635 #elif defined(TARGET_MICROBLAZE)
636 #elif defined(TARGET_MIPS)
637 #elif defined(TARGET_SH4)
638 #elif defined(TARGET_ALPHA)
639 #elif defined(TARGET_CRIS)
640 #elif defined(TARGET_S390X)
641 #elif defined(TARGET_XTENSA)
644 #error unsupported target CPU
647 /* fail safe : never use cpu_single_env outside cpu_exec() */
648 cpu_single_env = NULL;
projects / qemu.git / blob