4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
22 #include <sys/types.h>
33 #include "qemu-common.h"
34 #define NO_CPU_IO_DEFS
36 #include "disas/disas.h"
38 #if defined(CONFIG_USER_ONLY)
40 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41 #include <sys/param.h>
42 #if __FreeBSD_version >= 700104
43 #define HAVE_KINFO_GETVMMAP
44 #define sigqueue sigqueue_freebsd /* avoid redefinition */
47 #include <machine/profile.h>
56 #include "exec/address-spaces.h"
59 #include "exec/cputlb.h"
60 #include "translate-all.h"
62 //#define DEBUG_TB_INVALIDATE
64 /* make various TB consistency checks */
65 //#define DEBUG_TB_CHECK
67 #if !defined(CONFIG_USER_ONLY)
68 /* TB consistency checks only implemented for usermode emulation. */
72 #define SMC_BITMAP_USE_THRESHOLD 10
74 typedef struct PageDesc {
75 /* list of TBs intersecting this ram page */
76 TranslationBlock *first_tb;
77 /* in order to optimize self modifying code, we count the number
78 of lookups we do to a given page to use a bitmap */
79 unsigned int code_write_count;
81 #if defined(CONFIG_USER_ONLY)
86 /* In system mode we want L1_MAP to be based on ram offsets,
87 while in user mode we want it to be based on virtual addresses. */
88 #if !defined(CONFIG_USER_ONLY)
89 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
90 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
92 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
95 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
98 /* The bits remaining after N lower levels of page tables. */
99 #define V_L1_BITS_REM \
100 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
102 #if V_L1_BITS_REM < 4
103 #define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
105 #define V_L1_BITS V_L1_BITS_REM
108 #define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
110 #define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
112 uintptr_t qemu_real_host_page_size;
113 uintptr_t qemu_host_page_size;
114 uintptr_t qemu_host_page_mask;
116 /* This is a multi-level map on the virtual address space.
117 The bottom level has pointers to PageDesc. */
118 static void *l1_map[V_L1_SIZE];
120 /* code generation context */
123 static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
124 tb_page_addr_t phys_page2);
125 static TranslationBlock *tb_find_pc(uintptr_t tc_ptr);
127 void cpu_gen_init(void)
129 tcg_context_init(&tcg_ctx);
132 /* return non zero if the very first instruction is invalid so that
133 the virtual CPU can trigger an exception.
135 '*gen_code_size_ptr' contains the size of the generated code (host
138 int cpu_gen_code(CPUArchState *env, TranslationBlock *tb, int *gen_code_size_ptr)
140 TCGContext *s = &tcg_ctx;
141 uint8_t *gen_code_buf;
143 #ifdef CONFIG_PROFILER
147 #ifdef CONFIG_PROFILER
148 s->tb_count1++; /* includes aborted translations because of
150 ti = profile_getclock();
154 gen_intermediate_code(env, tb);
156 /* generate machine code */
157 gen_code_buf = tb->tc_ptr;
158 tb->tb_next_offset[0] = 0xffff;
159 tb->tb_next_offset[1] = 0xffff;
160 s->tb_next_offset = tb->tb_next_offset;
161 #ifdef USE_DIRECT_JUMP
162 s->tb_jmp_offset = tb->tb_jmp_offset;
165 s->tb_jmp_offset = NULL;
166 s->tb_next = tb->tb_next;
169 #ifdef CONFIG_PROFILER
171 s->interm_time += profile_getclock() - ti;
172 s->code_time -= profile_getclock();
174 gen_code_size = tcg_gen_code(s, gen_code_buf);
175 *gen_code_size_ptr = gen_code_size;
176 #ifdef CONFIG_PROFILER
177 s->code_time += profile_getclock();
178 s->code_in_len += tb->size;
179 s->code_out_len += gen_code_size;
183 if (qemu_loglevel_mask(CPU_LOG_TB_OUT_ASM)) {
184 qemu_log("OUT: [size=%d]\n", *gen_code_size_ptr);
185 log_disas(tb->tc_ptr, *gen_code_size_ptr);
193 /* The cpu state corresponding to 'searched_pc' is restored.
195 static int cpu_restore_state_from_tb(TranslationBlock *tb, CPUArchState *env,
196 uintptr_t searched_pc)
198 TCGContext *s = &tcg_ctx;
201 #ifdef CONFIG_PROFILER
205 #ifdef CONFIG_PROFILER
206 ti = profile_getclock();
210 gen_intermediate_code_pc(env, tb);
213 /* Reset the cycle counter to the start of the block. */
214 env->icount_decr.u16.low += tb->icount;
215 /* Clear the IO flag. */
219 /* find opc index corresponding to search_pc */
220 tc_ptr = (uintptr_t)tb->tc_ptr;
221 if (searched_pc < tc_ptr)
224 s->tb_next_offset = tb->tb_next_offset;
225 #ifdef USE_DIRECT_JUMP
226 s->tb_jmp_offset = tb->tb_jmp_offset;
229 s->tb_jmp_offset = NULL;
230 s->tb_next = tb->tb_next;
232 j = tcg_gen_code_search_pc(s, (uint8_t *)tc_ptr, searched_pc - tc_ptr);
235 /* now find start of instruction before */
236 while (s->gen_opc_instr_start[j] == 0) {
239 env->icount_decr.u16.low -= s->gen_opc_icount[j];
241 restore_state_to_opc(env, tb, j);
243 #ifdef CONFIG_PROFILER
244 s->restore_time += profile_getclock() - ti;
250 bool cpu_restore_state(CPUArchState *env, uintptr_t retaddr)
252 TranslationBlock *tb;
254 tb = tb_find_pc(retaddr);
256 cpu_restore_state_from_tb(tb, env, retaddr);
263 static inline void map_exec(void *addr, long size)
266 VirtualProtect(addr, size,
267 PAGE_EXECUTE_READWRITE, &old_protect);
270 static inline void map_exec(void *addr, long size)
272 unsigned long start, end, page_size;
274 page_size = getpagesize();
275 start = (unsigned long)addr;
276 start &= ~(page_size - 1);
278 end = (unsigned long)addr + size;
279 end += page_size - 1;
280 end &= ~(page_size - 1);
282 mprotect((void *)start, end - start,
283 PROT_READ | PROT_WRITE | PROT_EXEC);
287 static void page_init(void)
289 /* NOTE: we can always suppose that qemu_host_page_size >=
293 SYSTEM_INFO system_info;
295 GetSystemInfo(&system_info);
296 qemu_real_host_page_size = system_info.dwPageSize;
299 qemu_real_host_page_size = getpagesize();
301 if (qemu_host_page_size == 0) {
302 qemu_host_page_size = qemu_real_host_page_size;
304 if (qemu_host_page_size < TARGET_PAGE_SIZE) {
305 qemu_host_page_size = TARGET_PAGE_SIZE;
307 qemu_host_page_mask = ~(qemu_host_page_size - 1);
309 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
311 #ifdef HAVE_KINFO_GETVMMAP
312 struct kinfo_vmentry *freep;
315 freep = kinfo_getvmmap(getpid(), &cnt);
318 for (i = 0; i < cnt; i++) {
319 unsigned long startaddr, endaddr;
321 startaddr = freep[i].kve_start;
322 endaddr = freep[i].kve_end;
323 if (h2g_valid(startaddr)) {
324 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
326 if (h2g_valid(endaddr)) {
327 endaddr = h2g(endaddr);
328 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
330 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
332 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
343 last_brk = (unsigned long)sbrk(0);
345 f = fopen("/compat/linux/proc/self/maps", "r");
350 unsigned long startaddr, endaddr;
353 n = fscanf(f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
355 if (n == 2 && h2g_valid(startaddr)) {
356 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
358 if (h2g_valid(endaddr)) {
359 endaddr = h2g(endaddr);
363 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
375 static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
381 #if defined(CONFIG_USER_ONLY)
382 /* We can't use g_malloc because it may recurse into a locked mutex. */
383 # define ALLOC(P, SIZE) \
385 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
386 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
389 # define ALLOC(P, SIZE) \
390 do { P = g_malloc0(SIZE); } while (0)
393 /* Level 1. Always allocated. */
394 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
397 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
404 ALLOC(p, sizeof(void *) * L2_SIZE);
408 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
416 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
422 return pd + (index & (L2_SIZE - 1));
425 static inline PageDesc *page_find(tb_page_addr_t index)
427 return page_find_alloc(index, 0);
430 #if !defined(CONFIG_USER_ONLY)
431 #define mmap_lock() do { } while (0)
432 #define mmap_unlock() do { } while (0)
435 #if defined(CONFIG_USER_ONLY)
436 /* Currently it is not recommended to allocate big chunks of data in
437 user mode. It will change when a dedicated libc will be used. */
438 /* ??? 64-bit hosts ought to have no problem mmaping data outside the
439 region in which the guest needs to run. Revisit this. */
440 #define USE_STATIC_CODE_GEN_BUFFER
443 /* ??? Should configure for this, not list operating systems here. */
444 #if (defined(__linux__) \
445 || defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
446 || defined(__DragonFly__) || defined(__OpenBSD__) \
447 || defined(__NetBSD__))
451 /* Minimum size of the code gen buffer. This number is randomly chosen,
452 but not so small that we can't have a fair number of TB's live. */
453 #define MIN_CODE_GEN_BUFFER_SIZE (1024u * 1024)
455 /* Maximum size of the code gen buffer we'd like to use. Unless otherwise
456 indicated, this is constrained by the range of direct branches on the
457 host cpu, as used by the TCG implementation of goto_tb. */
458 #if defined(__x86_64__)
459 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
460 #elif defined(__sparc__)
461 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
462 #elif defined(__arm__)
463 # define MAX_CODE_GEN_BUFFER_SIZE (16u * 1024 * 1024)
464 #elif defined(__s390x__)
465 /* We have a +- 4GB range on the branches; leave some slop. */
466 # define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024)
468 # define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
471 #define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)
473 #define DEFAULT_CODE_GEN_BUFFER_SIZE \
474 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
475 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)
477 static inline size_t size_code_gen_buffer(size_t tb_size)
479 /* Size the buffer. */
481 #ifdef USE_STATIC_CODE_GEN_BUFFER
482 tb_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
484 /* ??? Needs adjustments. */
485 /* ??? If we relax the requirement that CONFIG_USER_ONLY use the
486 static buffer, we could size this on RESERVED_VA, on the text
487 segment size of the executable, or continue to use the default. */
488 tb_size = (unsigned long)(ram_size / 4);
491 if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) {
492 tb_size = MIN_CODE_GEN_BUFFER_SIZE;
494 if (tb_size > MAX_CODE_GEN_BUFFER_SIZE) {
495 tb_size = MAX_CODE_GEN_BUFFER_SIZE;
497 tcg_ctx.code_gen_buffer_size = tb_size;
501 #ifdef USE_STATIC_CODE_GEN_BUFFER
502 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
503 __attribute__((aligned(CODE_GEN_ALIGN)));
505 static inline void *alloc_code_gen_buffer(void)
507 map_exec(static_code_gen_buffer, tcg_ctx.code_gen_buffer_size);
508 return static_code_gen_buffer;
510 #elif defined(USE_MMAP)
511 static inline void *alloc_code_gen_buffer(void)
513 int flags = MAP_PRIVATE | MAP_ANONYMOUS;
517 /* Constrain the position of the buffer based on the host cpu.
518 Note that these addresses are chosen in concert with the
519 addresses assigned in the relevant linker script file. */
520 # if defined(__PIE__) || defined(__PIC__)
521 /* Don't bother setting a preferred location if we're building
522 a position-independent executable. We're more likely to get
523 an address near the main executable if we let the kernel
524 choose the address. */
525 # elif defined(__x86_64__) && defined(MAP_32BIT)
526 /* Force the memory down into low memory with the executable.
527 Leave the choice of exact location with the kernel. */
529 /* Cannot expect to map more than 800MB in low memory. */
530 if (tcg_ctx.code_gen_buffer_size > 800u * 1024 * 1024) {
531 tcg_ctx.code_gen_buffer_size = 800u * 1024 * 1024;
533 # elif defined(__sparc__)
534 start = 0x40000000ul;
535 # elif defined(__s390x__)
536 start = 0x90000000ul;
539 buf = mmap((void *)start, tcg_ctx.code_gen_buffer_size,
540 PROT_WRITE | PROT_READ | PROT_EXEC, flags, -1, 0);
541 return buf == MAP_FAILED ? NULL : buf;
544 static inline void *alloc_code_gen_buffer(void)
546 void *buf = g_malloc(tcg_ctx.code_gen_buffer_size);
549 map_exec(buf, tcg_ctx.code_gen_buffer_size);
553 #endif /* USE_STATIC_CODE_GEN_BUFFER, USE_MMAP */
555 static inline void code_gen_alloc(size_t tb_size)
557 tcg_ctx.code_gen_buffer_size = size_code_gen_buffer(tb_size);
558 tcg_ctx.code_gen_buffer = alloc_code_gen_buffer();
559 if (tcg_ctx.code_gen_buffer == NULL) {
560 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
564 qemu_madvise(tcg_ctx.code_gen_buffer, tcg_ctx.code_gen_buffer_size,
567 /* Steal room for the prologue at the end of the buffer. This ensures
568 (via the MAX_CODE_GEN_BUFFER_SIZE limits above) that direct branches
569 from TB's to the prologue are going to be in range. It also means
570 that we don't need to mark (additional) portions of the data segment
572 tcg_ctx.code_gen_prologue = tcg_ctx.code_gen_buffer +
573 tcg_ctx.code_gen_buffer_size - 1024;
574 tcg_ctx.code_gen_buffer_size -= 1024;
576 tcg_ctx.code_gen_buffer_max_size = tcg_ctx.code_gen_buffer_size -
577 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
578 tcg_ctx.code_gen_max_blocks = tcg_ctx.code_gen_buffer_size /
579 CODE_GEN_AVG_BLOCK_SIZE;
581 g_malloc(tcg_ctx.code_gen_max_blocks * sizeof(TranslationBlock));
584 /* Must be called before using the QEMU cpus. 'tb_size' is the size
585 (in bytes) allocated to the translation buffer. Zero means default
587 void tcg_exec_init(unsigned long tb_size)
590 code_gen_alloc(tb_size);
591 tcg_ctx.code_gen_ptr = tcg_ctx.code_gen_buffer;
592 tcg_register_jit(tcg_ctx.code_gen_buffer, tcg_ctx.code_gen_buffer_size);
594 #if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
595 /* There's no guest base to take into account, so go ahead and
596 initialize the prologue now. */
597 tcg_prologue_init(&tcg_ctx);
601 bool tcg_enabled(void)
603 return tcg_ctx.code_gen_buffer != NULL;
606 /* Allocate a new translation block. Flush the translation buffer if
607 too many translation blocks or too much generated code. */
608 static TranslationBlock *tb_alloc(target_ulong pc)
610 TranslationBlock *tb;
612 if (tcg_ctx.tb_ctx.nb_tbs >= tcg_ctx.code_gen_max_blocks ||
613 (tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer) >=
614 tcg_ctx.code_gen_buffer_max_size) {
617 tb = &tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs++];
623 void tb_free(TranslationBlock *tb)
625 /* In practice this is mostly used for single use temporary TB
626 Ignore the hard cases and just back up if this TB happens to
627 be the last one generated. */
628 if (tcg_ctx.tb_ctx.nb_tbs > 0 &&
629 tb == &tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs - 1]) {
630 tcg_ctx.code_gen_ptr = tb->tc_ptr;
631 tcg_ctx.tb_ctx.nb_tbs--;
635 static inline void invalidate_page_bitmap(PageDesc *p)
637 if (p->code_bitmap) {
638 g_free(p->code_bitmap);
639 p->code_bitmap = NULL;
641 p->code_write_count = 0;
644 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
645 static void page_flush_tb_1(int level, void **lp)
655 for (i = 0; i < L2_SIZE; ++i) {
656 pd[i].first_tb = NULL;
657 invalidate_page_bitmap(pd + i);
662 for (i = 0; i < L2_SIZE; ++i) {
663 page_flush_tb_1(level - 1, pp + i);
668 static void page_flush_tb(void)
672 for (i = 0; i < V_L1_SIZE; i++) {
673 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
677 /* flush all the translation blocks */
678 /* XXX: tb_flush is currently not thread safe */
679 void tb_flush(CPUArchState *env1)
683 #if defined(DEBUG_FLUSH)
684 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
685 (unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer),
686 tcg_ctx.tb_ctx.nb_tbs, tcg_ctx.tb_ctx.nb_tbs > 0 ?
687 ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)) /
688 tcg_ctx.tb_ctx.nb_tbs : 0);
690 if ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)
691 > tcg_ctx.code_gen_buffer_size) {
692 cpu_abort(env1, "Internal error: code buffer overflow\n");
694 tcg_ctx.tb_ctx.nb_tbs = 0;
696 for (env = first_cpu; env != NULL; env = env->next_cpu) {
697 memset(env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof(void *));
700 memset(tcg_ctx.tb_ctx.tb_phys_hash, 0,
701 CODE_GEN_PHYS_HASH_SIZE * sizeof(void *));
704 tcg_ctx.code_gen_ptr = tcg_ctx.code_gen_buffer;
705 /* XXX: flush processor icache at this point if cache flush is
707 tcg_ctx.tb_ctx.tb_flush_count++;
710 #ifdef DEBUG_TB_CHECK
712 static void tb_invalidate_check(target_ulong address)
714 TranslationBlock *tb;
717 address &= TARGET_PAGE_MASK;
718 for (i = 0; i < CODE_GEN_PHYS_HASH_SIZE; i++) {
719 for (tb = tb_ctx.tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
720 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
721 address >= tb->pc + tb->size)) {
722 printf("ERROR invalidate: address=" TARGET_FMT_lx
723 " PC=%08lx size=%04x\n",
724 address, (long)tb->pc, tb->size);
730 /* verify that all the pages have correct rights for code */
731 static void tb_page_check(void)
733 TranslationBlock *tb;
734 int i, flags1, flags2;
736 for (i = 0; i < CODE_GEN_PHYS_HASH_SIZE; i++) {
737 for (tb = tcg_ctx.tb_ctx.tb_phys_hash[i]; tb != NULL;
738 tb = tb->phys_hash_next) {
739 flags1 = page_get_flags(tb->pc);
740 flags2 = page_get_flags(tb->pc + tb->size - 1);
741 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
742 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
743 (long)tb->pc, tb->size, flags1, flags2);
751 static inline void tb_hash_remove(TranslationBlock **ptb, TranslationBlock *tb)
753 TranslationBlock *tb1;
758 *ptb = tb1->phys_hash_next;
761 ptb = &tb1->phys_hash_next;
765 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
767 TranslationBlock *tb1;
772 n1 = (uintptr_t)tb1 & 3;
773 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
775 *ptb = tb1->page_next[n1];
778 ptb = &tb1->page_next[n1];
782 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
784 TranslationBlock *tb1, **ptb;
787 ptb = &tb->jmp_next[n];
790 /* find tb(n) in circular list */
793 n1 = (uintptr_t)tb1 & 3;
794 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
795 if (n1 == n && tb1 == tb) {
799 ptb = &tb1->jmp_first;
801 ptb = &tb1->jmp_next[n1];
804 /* now we can suppress tb(n) from the list */
805 *ptb = tb->jmp_next[n];
807 tb->jmp_next[n] = NULL;
811 /* reset the jump entry 'n' of a TB so that it is not chained to
813 static inline void tb_reset_jump(TranslationBlock *tb, int n)
815 tb_set_jmp_target(tb, n, (uintptr_t)(tb->tc_ptr + tb->tb_next_offset[n]));
818 /* invalidate one TB */
819 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
824 tb_page_addr_t phys_pc;
825 TranslationBlock *tb1, *tb2;
827 /* remove the TB from the hash list */
828 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
829 h = tb_phys_hash_func(phys_pc);
830 tb_hash_remove(&tcg_ctx.tb_ctx.tb_phys_hash[h], tb);
832 /* remove the TB from the page list */
833 if (tb->page_addr[0] != page_addr) {
834 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
835 tb_page_remove(&p->first_tb, tb);
836 invalidate_page_bitmap(p);
838 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
839 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
840 tb_page_remove(&p->first_tb, tb);
841 invalidate_page_bitmap(p);
844 tcg_ctx.tb_ctx.tb_invalidated_flag = 1;
846 /* remove the TB from the hash list */
847 h = tb_jmp_cache_hash_func(tb->pc);
848 for (env = first_cpu; env != NULL; env = env->next_cpu) {
849 if (env->tb_jmp_cache[h] == tb) {
850 env->tb_jmp_cache[h] = NULL;
854 /* suppress this TB from the two jump lists */
855 tb_jmp_remove(tb, 0);
856 tb_jmp_remove(tb, 1);
858 /* suppress any remaining jumps to this TB */
861 n1 = (uintptr_t)tb1 & 3;
865 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
866 tb2 = tb1->jmp_next[n1];
867 tb_reset_jump(tb1, n1);
868 tb1->jmp_next[n1] = NULL;
871 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
873 tcg_ctx.tb_ctx.tb_phys_invalidate_count++;
876 static inline void set_bits(uint8_t *tab, int start, int len)
882 mask = 0xff << (start & 7);
883 if ((start & ~7) == (end & ~7)) {
885 mask &= ~(0xff << (end & 7));
890 start = (start + 8) & ~7;
892 while (start < end1) {
897 mask = ~(0xff << (end & 7));
903 static void build_page_bitmap(PageDesc *p)
905 int n, tb_start, tb_end;
906 TranslationBlock *tb;
908 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
912 n = (uintptr_t)tb & 3;
913 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
914 /* NOTE: this is subtle as a TB may span two physical pages */
916 /* NOTE: tb_end may be after the end of the page, but
917 it is not a problem */
918 tb_start = tb->pc & ~TARGET_PAGE_MASK;
919 tb_end = tb_start + tb->size;
920 if (tb_end > TARGET_PAGE_SIZE) {
921 tb_end = TARGET_PAGE_SIZE;
925 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
927 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
928 tb = tb->page_next[n];
932 TranslationBlock *tb_gen_code(CPUArchState *env,
933 target_ulong pc, target_ulong cs_base,
934 int flags, int cflags)
936 TranslationBlock *tb;
938 tb_page_addr_t phys_pc, phys_page2;
939 target_ulong virt_page2;
942 phys_pc = get_page_addr_code(env, pc);
945 /* flush must be done */
947 /* cannot fail at this point */
949 /* Don't forget to invalidate previous TB info. */
950 tcg_ctx.tb_ctx.tb_invalidated_flag = 1;
952 tc_ptr = tcg_ctx.code_gen_ptr;
954 tb->cs_base = cs_base;
957 cpu_gen_code(env, tb, &code_gen_size);
958 tcg_ctx.code_gen_ptr = (void *)(((uintptr_t)tcg_ctx.code_gen_ptr +
959 code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
961 /* check next page if needed */
962 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
964 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
965 phys_page2 = get_page_addr_code(env, virt_page2);
967 tb_link_page(tb, phys_pc, phys_page2);
972 * Invalidate all TBs which intersect with the target physical address range
973 * [start;end[. NOTE: start and end may refer to *different* physical pages.
974 * 'is_cpu_write_access' should be true if called from a real cpu write
975 * access: the virtual CPU will exit the current TB if code is modified inside
978 void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end,
979 int is_cpu_write_access)
981 while (start < end) {
982 tb_invalidate_phys_page_range(start, end, is_cpu_write_access);
983 start &= TARGET_PAGE_MASK;
984 start += TARGET_PAGE_SIZE;
989 * Invalidate all TBs which intersect with the target physical address range
990 * [start;end[. NOTE: start and end must refer to the *same* physical page.
991 * 'is_cpu_write_access' should be true if called from a real cpu write
992 * access: the virtual CPU will exit the current TB if code is modified inside
995 void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
996 int is_cpu_write_access)
998 TranslationBlock *tb, *tb_next, *saved_tb;
999 CPUArchState *env = cpu_single_env;
1000 CPUState *cpu = NULL;
1001 tb_page_addr_t tb_start, tb_end;
1004 #ifdef TARGET_HAS_PRECISE_SMC
1005 int current_tb_not_found = is_cpu_write_access;
1006 TranslationBlock *current_tb = NULL;
1007 int current_tb_modified = 0;
1008 target_ulong current_pc = 0;
1009 target_ulong current_cs_base = 0;
1010 int current_flags = 0;
1011 #endif /* TARGET_HAS_PRECISE_SMC */
1013 p = page_find(start >> TARGET_PAGE_BITS);
1017 if (!p->code_bitmap &&
1018 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1019 is_cpu_write_access) {
1020 /* build code bitmap */
1021 build_page_bitmap(p);
1024 cpu = ENV_GET_CPU(env);
1027 /* we remove all the TBs in the range [start, end[ */
1028 /* XXX: see if in some cases it could be faster to invalidate all
1031 while (tb != NULL) {
1032 n = (uintptr_t)tb & 3;
1033 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1034 tb_next = tb->page_next[n];
1035 /* NOTE: this is subtle as a TB may span two physical pages */
1037 /* NOTE: tb_end may be after the end of the page, but
1038 it is not a problem */
1039 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1040 tb_end = tb_start + tb->size;
1042 tb_start = tb->page_addr[1];
1043 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1045 if (!(tb_end <= start || tb_start >= end)) {
1046 #ifdef TARGET_HAS_PRECISE_SMC
1047 if (current_tb_not_found) {
1048 current_tb_not_found = 0;
1050 if (env->mem_io_pc) {
1051 /* now we have a real cpu fault */
1052 current_tb = tb_find_pc(env->mem_io_pc);
1055 if (current_tb == tb &&
1056 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1057 /* If we are modifying the current TB, we must stop
1058 its execution. We could be more precise by checking
1059 that the modification is after the current PC, but it
1060 would require a specialized function to partially
1061 restore the CPU state */
1063 current_tb_modified = 1;
1064 cpu_restore_state_from_tb(current_tb, env, env->mem_io_pc);
1065 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1068 #endif /* TARGET_HAS_PRECISE_SMC */
1069 /* we need to do that to handle the case where a signal
1070 occurs while doing tb_phys_invalidate() */
1073 saved_tb = cpu->current_tb;
1074 cpu->current_tb = NULL;
1076 tb_phys_invalidate(tb, -1);
1078 cpu->current_tb = saved_tb;
1079 if (cpu->interrupt_request && cpu->current_tb) {
1080 cpu_interrupt(cpu, cpu->interrupt_request);
1086 #if !defined(CONFIG_USER_ONLY)
1087 /* if no code remaining, no need to continue to use slow writes */
1089 invalidate_page_bitmap(p);
1090 if (is_cpu_write_access) {
1091 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
1095 #ifdef TARGET_HAS_PRECISE_SMC
1096 if (current_tb_modified) {
1097 /* we generate a block containing just the instruction
1098 modifying the memory. It will ensure that it cannot modify
1100 cpu->current_tb = NULL;
1101 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1102 cpu_resume_from_signal(env, NULL);
1107 /* len must be <= 8 and start must be a multiple of len */
1108 void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1115 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1116 cpu_single_env->mem_io_vaddr, len,
1117 cpu_single_env->eip,
1118 cpu_single_env->eip +
1119 (intptr_t)cpu_single_env->segs[R_CS].base);
1122 p = page_find(start >> TARGET_PAGE_BITS);
1126 if (p->code_bitmap) {
1127 offset = start & ~TARGET_PAGE_MASK;
1128 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1129 if (b & ((1 << len) - 1)) {
1134 tb_invalidate_phys_page_range(start, start + len, 1);
1138 #if !defined(CONFIG_SOFTMMU)
1139 static void tb_invalidate_phys_page(tb_page_addr_t addr,
1140 uintptr_t pc, void *puc)
1142 TranslationBlock *tb;
1145 #ifdef TARGET_HAS_PRECISE_SMC
1146 TranslationBlock *current_tb = NULL;
1147 CPUArchState *env = cpu_single_env;
1148 CPUState *cpu = NULL;
1149 int current_tb_modified = 0;
1150 target_ulong current_pc = 0;
1151 target_ulong current_cs_base = 0;
1152 int current_flags = 0;
1155 addr &= TARGET_PAGE_MASK;
1156 p = page_find(addr >> TARGET_PAGE_BITS);
1161 #ifdef TARGET_HAS_PRECISE_SMC
1162 if (tb && pc != 0) {
1163 current_tb = tb_find_pc(pc);
1166 cpu = ENV_GET_CPU(env);
1169 while (tb != NULL) {
1170 n = (uintptr_t)tb & 3;
1171 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1172 #ifdef TARGET_HAS_PRECISE_SMC
1173 if (current_tb == tb &&
1174 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1175 /* If we are modifying the current TB, we must stop
1176 its execution. We could be more precise by checking
1177 that the modification is after the current PC, but it
1178 would require a specialized function to partially
1179 restore the CPU state */
1181 current_tb_modified = 1;
1182 cpu_restore_state_from_tb(current_tb, env, pc);
1183 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1186 #endif /* TARGET_HAS_PRECISE_SMC */
1187 tb_phys_invalidate(tb, addr);
1188 tb = tb->page_next[n];
1191 #ifdef TARGET_HAS_PRECISE_SMC
1192 if (current_tb_modified) {
1193 /* we generate a block containing just the instruction
1194 modifying the memory. It will ensure that it cannot modify
1196 cpu->current_tb = NULL;
1197 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1198 cpu_resume_from_signal(env, puc);
1204 /* add the tb in the target page and protect it if necessary */
1205 static inline void tb_alloc_page(TranslationBlock *tb,
1206 unsigned int n, tb_page_addr_t page_addr)
1209 #ifndef CONFIG_USER_ONLY
1210 bool page_already_protected;
1213 tb->page_addr[n] = page_addr;
1214 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1215 tb->page_next[n] = p->first_tb;
1216 #ifndef CONFIG_USER_ONLY
1217 page_already_protected = p->first_tb != NULL;
1219 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
1220 invalidate_page_bitmap(p);
1222 #if defined(TARGET_HAS_SMC) || 1
1224 #if defined(CONFIG_USER_ONLY)
1225 if (p->flags & PAGE_WRITE) {
1230 /* force the host page as non writable (writes will have a
1231 page fault + mprotect overhead) */
1232 page_addr &= qemu_host_page_mask;
1234 for (addr = page_addr; addr < page_addr + qemu_host_page_size;
1235 addr += TARGET_PAGE_SIZE) {
1237 p2 = page_find(addr >> TARGET_PAGE_BITS);
1242 p2->flags &= ~PAGE_WRITE;
1244 mprotect(g2h(page_addr), qemu_host_page_size,
1245 (prot & PAGE_BITS) & ~PAGE_WRITE);
1246 #ifdef DEBUG_TB_INVALIDATE
1247 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1252 /* if some code is already present, then the pages are already
1253 protected. So we handle the case where only the first TB is
1254 allocated in a physical page */
1255 if (!page_already_protected) {
1256 tlb_protect_code(page_addr);
1260 #endif /* TARGET_HAS_SMC */
1263 /* add a new TB and link it to the physical page tables. phys_page2 is
1264 (-1) to indicate that only one page contains the TB. */
1265 static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
1266 tb_page_addr_t phys_page2)
1269 TranslationBlock **ptb;
1271 /* Grab the mmap lock to stop another thread invalidating this TB
1272 before we are done. */
1274 /* add in the physical hash table */
1275 h = tb_phys_hash_func(phys_pc);
1276 ptb = &tcg_ctx.tb_ctx.tb_phys_hash[h];
1277 tb->phys_hash_next = *ptb;
1280 /* add in the page list */
1281 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1282 if (phys_page2 != -1) {
1283 tb_alloc_page(tb, 1, phys_page2);
1285 tb->page_addr[1] = -1;
1288 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2);
1289 tb->jmp_next[0] = NULL;
1290 tb->jmp_next[1] = NULL;
1292 /* init original jump addresses */
1293 if (tb->tb_next_offset[0] != 0xffff) {
1294 tb_reset_jump(tb, 0);
1296 if (tb->tb_next_offset[1] != 0xffff) {
1297 tb_reset_jump(tb, 1);
1300 #ifdef DEBUG_TB_CHECK
1306 #if defined(CONFIG_QEMU_LDST_OPTIMIZATION) && defined(CONFIG_SOFTMMU)
1307 /* check whether the given addr is in TCG generated code buffer or not */
1308 bool is_tcg_gen_code(uintptr_t tc_ptr)
1310 /* This can be called during code generation, code_gen_buffer_size
1311 is used instead of code_gen_ptr for upper boundary checking */
1312 return (tc_ptr >= (uintptr_t)tcg_ctx.code_gen_buffer &&
1313 tc_ptr < (uintptr_t)(tcg_ctx.code_gen_buffer +
1314 tcg_ctx.code_gen_buffer_size));
1318 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1319 tb[1].tc_ptr. Return NULL if not found */
1320 static TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
1322 int m_min, m_max, m;
1324 TranslationBlock *tb;
1326 if (tcg_ctx.tb_ctx.nb_tbs <= 0) {
1329 if (tc_ptr < (uintptr_t)tcg_ctx.code_gen_buffer ||
1330 tc_ptr >= (uintptr_t)tcg_ctx.code_gen_ptr) {
1333 /* binary search (cf Knuth) */
1335 m_max = tcg_ctx.tb_ctx.nb_tbs - 1;
1336 while (m_min <= m_max) {
1337 m = (m_min + m_max) >> 1;
1338 tb = &tcg_ctx.tb_ctx.tbs[m];
1339 v = (uintptr_t)tb->tc_ptr;
1342 } else if (tc_ptr < v) {
1348 return &tcg_ctx.tb_ctx.tbs[m_max];
1351 #if defined(TARGET_HAS_ICE) && !defined(CONFIG_USER_ONLY)
1352 void tb_invalidate_phys_addr(hwaddr addr)
1354 ram_addr_t ram_addr;
1355 MemoryRegionSection *section;
1357 section = phys_page_find(address_space_memory.dispatch,
1358 addr >> TARGET_PAGE_BITS);
1359 if (!(memory_region_is_ram(section->mr)
1360 || (section->mr->rom_device && section->mr->readable))) {
1363 ram_addr = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
1364 + memory_region_section_addr(section, addr);
1365 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1367 #endif /* TARGET_HAS_ICE && !defined(CONFIG_USER_ONLY) */
1369 void tb_check_watchpoint(CPUArchState *env)
1371 TranslationBlock *tb;
1373 tb = tb_find_pc(env->mem_io_pc);
1375 cpu_abort(env, "check_watchpoint: could not find TB for pc=%p",
1376 (void *)env->mem_io_pc);
1378 cpu_restore_state_from_tb(tb, env, env->mem_io_pc);
1379 tb_phys_invalidate(tb, -1);
1382 #ifndef CONFIG_USER_ONLY
1383 /* mask must never be zero, except for A20 change call */
1384 static void tcg_handle_interrupt(CPUState *cpu, int mask)
1386 CPUArchState *env = cpu->env_ptr;
1389 old_mask = cpu->interrupt_request;
1390 cpu->interrupt_request |= mask;
1393 * If called from iothread context, wake the target cpu in
1396 if (!qemu_cpu_is_self(cpu)) {
1402 env->icount_decr.u16.high = 0xffff;
1404 && (mask & ~old_mask) != 0) {
1405 cpu_abort(env, "Raised interrupt while not in I/O function");
1408 cpu->tcg_exit_req = 1;
1412 CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1414 /* in deterministic execution mode, instructions doing device I/Os
1415 must be at the end of the TB */
1416 void cpu_io_recompile(CPUArchState *env, uintptr_t retaddr)
1418 TranslationBlock *tb;
1420 target_ulong pc, cs_base;
1423 tb = tb_find_pc(retaddr);
1425 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
1428 n = env->icount_decr.u16.low + tb->icount;
1429 cpu_restore_state_from_tb(tb, env, retaddr);
1430 /* Calculate how many instructions had been executed before the fault
1432 n = n - env->icount_decr.u16.low;
1433 /* Generate a new TB ending on the I/O insn. */
1435 /* On MIPS and SH, delay slot instructions can only be restarted if
1436 they were already the first instruction in the TB. If this is not
1437 the first instruction in a TB then re-execute the preceding
1439 #if defined(TARGET_MIPS)
1440 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
1441 env->active_tc.PC -= 4;
1442 env->icount_decr.u16.low++;
1443 env->hflags &= ~MIPS_HFLAG_BMASK;
1445 #elif defined(TARGET_SH4)
1446 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
1449 env->icount_decr.u16.low++;
1450 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
1453 /* This should never happen. */
1454 if (n > CF_COUNT_MASK) {
1455 cpu_abort(env, "TB too big during recompile");
1458 cflags = n | CF_LAST_IO;
1460 cs_base = tb->cs_base;
1462 tb_phys_invalidate(tb, -1);
1463 /* FIXME: In theory this could raise an exception. In practice
1464 we have already translated the block once so it's probably ok. */
1465 tb_gen_code(env, pc, cs_base, flags, cflags);
1466 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
1467 the first in the TB) then we end up generating a whole new TB and
1468 repeating the fault, which is horribly inefficient.
1469 Better would be to execute just this insn uncached, or generate a
1471 cpu_resume_from_signal(env, NULL);
1474 void tb_flush_jmp_cache(CPUArchState *env, target_ulong addr)
1478 /* Discard jump cache entries for any tb which might potentially
1479 overlap the flushed page. */
1480 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1481 memset(&env->tb_jmp_cache[i], 0,
1482 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1484 i = tb_jmp_cache_hash_page(addr);
1485 memset(&env->tb_jmp_cache[i], 0,
1486 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1489 void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
1491 int i, target_code_size, max_target_code_size;
1492 int direct_jmp_count, direct_jmp2_count, cross_page;
1493 TranslationBlock *tb;
1495 target_code_size = 0;
1496 max_target_code_size = 0;
1498 direct_jmp_count = 0;
1499 direct_jmp2_count = 0;
1500 for (i = 0; i < tcg_ctx.tb_ctx.nb_tbs; i++) {
1501 tb = &tcg_ctx.tb_ctx.tbs[i];
1502 target_code_size += tb->size;
1503 if (tb->size > max_target_code_size) {
1504 max_target_code_size = tb->size;
1506 if (tb->page_addr[1] != -1) {
1509 if (tb->tb_next_offset[0] != 0xffff) {
1511 if (tb->tb_next_offset[1] != 0xffff) {
1512 direct_jmp2_count++;
1516 /* XXX: avoid using doubles ? */
1517 cpu_fprintf(f, "Translation buffer state:\n");
1518 cpu_fprintf(f, "gen code size %td/%zd\n",
1519 tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer,
1520 tcg_ctx.code_gen_buffer_max_size);
1521 cpu_fprintf(f, "TB count %d/%d\n",
1522 tcg_ctx.tb_ctx.nb_tbs, tcg_ctx.code_gen_max_blocks);
1523 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
1524 tcg_ctx.tb_ctx.nb_tbs ? target_code_size /
1525 tcg_ctx.tb_ctx.nb_tbs : 0,
1526 max_target_code_size);
1527 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
1528 tcg_ctx.tb_ctx.nb_tbs ? (tcg_ctx.code_gen_ptr -
1529 tcg_ctx.code_gen_buffer) /
1530 tcg_ctx.tb_ctx.nb_tbs : 0,
1531 target_code_size ? (double) (tcg_ctx.code_gen_ptr -
1532 tcg_ctx.code_gen_buffer) /
1533 target_code_size : 0);
1534 cpu_fprintf(f, "cross page TB count %d (%d%%)\n", cross_page,
1535 tcg_ctx.tb_ctx.nb_tbs ? (cross_page * 100) /
1536 tcg_ctx.tb_ctx.nb_tbs : 0);
1537 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
1539 tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp_count * 100) /
1540 tcg_ctx.tb_ctx.nb_tbs : 0,
1542 tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp2_count * 100) /
1543 tcg_ctx.tb_ctx.nb_tbs : 0);
1544 cpu_fprintf(f, "\nStatistics:\n");
1545 cpu_fprintf(f, "TB flush count %d\n", tcg_ctx.tb_ctx.tb_flush_count);
1546 cpu_fprintf(f, "TB invalidate count %d\n",
1547 tcg_ctx.tb_ctx.tb_phys_invalidate_count);
1548 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
1549 tcg_dump_info(f, cpu_fprintf);
1552 #else /* CONFIG_USER_ONLY */
1554 void cpu_interrupt(CPUState *cpu, int mask)
1556 cpu->interrupt_request |= mask;
1557 cpu->tcg_exit_req = 1;
1561 * Walks guest process memory "regions" one by one
1562 * and calls callback function 'fn' for each region.
1564 struct walk_memory_regions_data {
1565 walk_memory_regions_fn fn;
1571 static int walk_memory_regions_end(struct walk_memory_regions_data *data,
1572 abi_ulong end, int new_prot)
1574 if (data->start != -1ul) {
1575 int rc = data->fn(data->priv, data->start, end, data->prot);
1581 data->start = (new_prot ? end : -1ul);
1582 data->prot = new_prot;
1587 static int walk_memory_regions_1(struct walk_memory_regions_data *data,
1588 abi_ulong base, int level, void **lp)
1594 return walk_memory_regions_end(data, base, 0);
1600 for (i = 0; i < L2_SIZE; ++i) {
1601 int prot = pd[i].flags;
1603 pa = base | (i << TARGET_PAGE_BITS);
1604 if (prot != data->prot) {
1605 rc = walk_memory_regions_end(data, pa, prot);
1614 for (i = 0; i < L2_SIZE; ++i) {
1615 pa = base | ((abi_ulong)i <<
1616 (TARGET_PAGE_BITS + L2_BITS * level));
1617 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
1627 int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
1629 struct walk_memory_regions_data data;
1637 for (i = 0; i < V_L1_SIZE; i++) {
1638 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
1639 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
1646 return walk_memory_regions_end(&data, 0, 0);
1649 static int dump_region(void *priv, abi_ulong start,
1650 abi_ulong end, unsigned long prot)
1652 FILE *f = (FILE *)priv;
1654 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
1655 " "TARGET_ABI_FMT_lx" %c%c%c\n",
1656 start, end, end - start,
1657 ((prot & PAGE_READ) ? 'r' : '-'),
1658 ((prot & PAGE_WRITE) ? 'w' : '-'),
1659 ((prot & PAGE_EXEC) ? 'x' : '-'));
1664 /* dump memory mappings */
1665 void page_dump(FILE *f)
1667 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
1668 "start", "end", "size", "prot");
1669 walk_memory_regions(f, dump_region);
1672 int page_get_flags(target_ulong address)
1676 p = page_find(address >> TARGET_PAGE_BITS);
1683 /* Modify the flags of a page and invalidate the code if necessary.
1684 The flag PAGE_WRITE_ORG is positioned automatically depending
1685 on PAGE_WRITE. The mmap_lock should already be held. */
1686 void page_set_flags(target_ulong start, target_ulong end, int flags)
1688 target_ulong addr, len;
1690 /* This function should never be called with addresses outside the
1691 guest address space. If this assert fires, it probably indicates
1692 a missing call to h2g_valid. */
1693 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
1694 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
1696 assert(start < end);
1698 start = start & TARGET_PAGE_MASK;
1699 end = TARGET_PAGE_ALIGN(end);
1701 if (flags & PAGE_WRITE) {
1702 flags |= PAGE_WRITE_ORG;
1705 for (addr = start, len = end - start;
1707 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
1708 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
1710 /* If the write protection bit is set, then we invalidate
1712 if (!(p->flags & PAGE_WRITE) &&
1713 (flags & PAGE_WRITE) &&
1715 tb_invalidate_phys_page(addr, 0, NULL);
1721 int page_check_range(target_ulong start, target_ulong len, int flags)
1727 /* This function should never be called with addresses outside the
1728 guest address space. If this assert fires, it probably indicates
1729 a missing call to h2g_valid. */
1730 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
1731 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
1737 if (start + len - 1 < start) {
1738 /* We've wrapped around. */
1742 /* must do before we loose bits in the next step */
1743 end = TARGET_PAGE_ALIGN(start + len);
1744 start = start & TARGET_PAGE_MASK;
1746 for (addr = start, len = end - start;
1748 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
1749 p = page_find(addr >> TARGET_PAGE_BITS);
1753 if (!(p->flags & PAGE_VALID)) {
1757 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ)) {
1760 if (flags & PAGE_WRITE) {
1761 if (!(p->flags & PAGE_WRITE_ORG)) {
1764 /* unprotect the page if it was put read-only because it
1765 contains translated code */
1766 if (!(p->flags & PAGE_WRITE)) {
1767 if (!page_unprotect(addr, 0, NULL)) {
1777 /* called from signal handler: invalidate the code and unprotect the
1778 page. Return TRUE if the fault was successfully handled. */
1779 int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
1783 target_ulong host_start, host_end, addr;
1785 /* Technically this isn't safe inside a signal handler. However we
1786 know this only ever happens in a synchronous SEGV handler, so in
1787 practice it seems to be ok. */
1790 p = page_find(address >> TARGET_PAGE_BITS);
1796 /* if the page was really writable, then we change its
1797 protection back to writable */
1798 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
1799 host_start = address & qemu_host_page_mask;
1800 host_end = host_start + qemu_host_page_size;
1803 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
1804 p = page_find(addr >> TARGET_PAGE_BITS);
1805 p->flags |= PAGE_WRITE;
1808 /* and since the content will be modified, we must invalidate
1809 the corresponding translated code. */
1810 tb_invalidate_phys_page(addr, pc, puc);
1811 #ifdef DEBUG_TB_CHECK
1812 tb_invalidate_check(addr);
1815 mprotect((void *)g2h(host_start), qemu_host_page_size,
1824 #endif /* CONFIG_USER_ONLY */
projects / qemu.git / blob