2 * virtual page mapping and translated block handling
4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 #define WIN32_LEAN_AND_MEAN
25 #include <sys/types.h>
38 #include "qemu-common.h"
42 #if defined(CONFIG_USER_ONLY)
46 //#define DEBUG_TB_INVALIDATE
49 //#define DEBUG_UNASSIGNED
51 /* make various TB consistency checks */
52 //#define DEBUG_TB_CHECK
53 //#define DEBUG_TLB_CHECK
55 //#define DEBUG_IOPORT
56 //#define DEBUG_SUBPAGE
58 #if !defined(CONFIG_USER_ONLY)
59 /* TB consistency checks only implemented for usermode emulation. */
63 #define SMC_BITMAP_USE_THRESHOLD 10
65 #define MMAP_AREA_START 0x00000000
66 #define MMAP_AREA_END 0xa8000000
68 #if defined(TARGET_SPARC64)
69 #define TARGET_PHYS_ADDR_SPACE_BITS 41
70 #elif defined(TARGET_SPARC)
71 #define TARGET_PHYS_ADDR_SPACE_BITS 36
72 #elif defined(TARGET_ALPHA)
73 #define TARGET_PHYS_ADDR_SPACE_BITS 42
74 #define TARGET_VIRT_ADDR_SPACE_BITS 42
75 #elif defined(TARGET_PPC64)
76 #define TARGET_PHYS_ADDR_SPACE_BITS 42
77 #elif defined(TARGET_X86_64) && !defined(USE_KQEMU)
78 #define TARGET_PHYS_ADDR_SPACE_BITS 42
79 #elif defined(TARGET_I386) && !defined(USE_KQEMU)
80 #define TARGET_PHYS_ADDR_SPACE_BITS 36
82 /* Note: for compatibility with kqemu, we use 32 bits for x86_64 */
83 #define TARGET_PHYS_ADDR_SPACE_BITS 32
86 static TranslationBlock *tbs;
87 int code_gen_max_blocks;
88 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
90 /* any access to the tbs or the page table must use this lock */
91 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
93 #if defined(__arm__) || defined(__sparc_v9__)
94 /* The prologue must be reachable with a direct jump. ARM and Sparc64
95 have limited branch ranges (possibly also PPC) so place it in a
96 section close to code segment. */
97 #define code_gen_section \
98 __attribute__((__section__(".gen_code"))) \
99 __attribute__((aligned (32)))
101 #define code_gen_section \
102 __attribute__((aligned (32)))
105 uint8_t code_gen_prologue[1024] code_gen_section;
106 static uint8_t *code_gen_buffer;
107 static unsigned long code_gen_buffer_size;
108 /* threshold to flush the translated code buffer */
109 static unsigned long code_gen_buffer_max_size;
110 uint8_t *code_gen_ptr;
112 #if !defined(CONFIG_USER_ONLY)
113 ram_addr_t phys_ram_size;
115 uint8_t *phys_ram_base;
116 uint8_t *phys_ram_dirty;
117 static int in_migration;
118 static ram_addr_t phys_ram_alloc_offset = 0;
122 /* current CPU in the current thread. It is only valid inside
124 CPUState *cpu_single_env;
125 /* 0 = Do not count executed instructions.
126 1 = Precise instruction counting.
127 2 = Adaptive rate instruction counting. */
129 /* Current instruction counter. While executing translated code this may
130 include some instructions that have not yet been executed. */
133 typedef struct PageDesc {
134 /* list of TBs intersecting this ram page */
135 TranslationBlock *first_tb;
136 /* in order to optimize self modifying code, we count the number
137 of lookups we do to a given page to use a bitmap */
138 unsigned int code_write_count;
139 uint8_t *code_bitmap;
140 #if defined(CONFIG_USER_ONLY)
145 typedef struct PhysPageDesc {
146 /* offset in host memory of the page + io_index in the low bits */
147 ram_addr_t phys_offset;
151 #if defined(CONFIG_USER_ONLY) && defined(TARGET_VIRT_ADDR_SPACE_BITS)
152 /* XXX: this is a temporary hack for alpha target.
153 * In the future, this is to be replaced by a multi-level table
154 * to actually be able to handle the complete 64 bits address space.
156 #define L1_BITS (TARGET_VIRT_ADDR_SPACE_BITS - L2_BITS - TARGET_PAGE_BITS)
158 #define L1_BITS (32 - L2_BITS - TARGET_PAGE_BITS)
161 #define L1_SIZE (1 << L1_BITS)
162 #define L2_SIZE (1 << L2_BITS)
164 unsigned long qemu_real_host_page_size;
165 unsigned long qemu_host_page_bits;
166 unsigned long qemu_host_page_size;
167 unsigned long qemu_host_page_mask;
169 /* XXX: for system emulation, it could just be an array */
170 static PageDesc *l1_map[L1_SIZE];
171 static PhysPageDesc **l1_phys_map;
173 #if !defined(CONFIG_USER_ONLY)
174 static void io_mem_init(void);
176 /* io memory support */
177 CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4];
178 CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
179 void *io_mem_opaque[IO_MEM_NB_ENTRIES];
180 static int io_mem_nb;
181 static int io_mem_watch;
185 static const char *logfilename = "/tmp/qemu.log";
188 static int log_append = 0;
191 static int tlb_flush_count;
192 static int tb_flush_count;
193 static int tb_phys_invalidate_count;
195 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
196 typedef struct subpage_t {
197 target_phys_addr_t base;
198 CPUReadMemoryFunc **mem_read[TARGET_PAGE_SIZE][4];
199 CPUWriteMemoryFunc **mem_write[TARGET_PAGE_SIZE][4];
200 void *opaque[TARGET_PAGE_SIZE][2][4];
204 static void map_exec(void *addr, long size)
207 VirtualProtect(addr, size,
208 PAGE_EXECUTE_READWRITE, &old_protect);
212 static void map_exec(void *addr, long size)
214 unsigned long start, end, page_size;
216 page_size = getpagesize();
217 start = (unsigned long)addr;
218 start &= ~(page_size - 1);
220 end = (unsigned long)addr + size;
221 end += page_size - 1;
222 end &= ~(page_size - 1);
224 mprotect((void *)start, end - start,
225 PROT_READ | PROT_WRITE | PROT_EXEC);
229 static void page_init(void)
231 /* NOTE: we can always suppose that qemu_host_page_size >=
235 SYSTEM_INFO system_info;
238 GetSystemInfo(&system_info);
239 qemu_real_host_page_size = system_info.dwPageSize;
242 qemu_real_host_page_size = getpagesize();
244 if (qemu_host_page_size == 0)
245 qemu_host_page_size = qemu_real_host_page_size;
246 if (qemu_host_page_size < TARGET_PAGE_SIZE)
247 qemu_host_page_size = TARGET_PAGE_SIZE;
248 qemu_host_page_bits = 0;
249 while ((1 << qemu_host_page_bits) < qemu_host_page_size)
250 qemu_host_page_bits++;
251 qemu_host_page_mask = ~(qemu_host_page_size - 1);
252 l1_phys_map = qemu_vmalloc(L1_SIZE * sizeof(void *));
253 memset(l1_phys_map, 0, L1_SIZE * sizeof(void *));
255 #if !defined(_WIN32) && defined(CONFIG_USER_ONLY)
257 long long startaddr, endaddr;
262 last_brk = (unsigned long)sbrk(0);
263 f = fopen("/proc/self/maps", "r");
266 n = fscanf (f, "%llx-%llx %*[^\n]\n", &startaddr, &endaddr);
268 startaddr = MIN(startaddr,
269 (1ULL << TARGET_PHYS_ADDR_SPACE_BITS) - 1);
270 endaddr = MIN(endaddr,
271 (1ULL << TARGET_PHYS_ADDR_SPACE_BITS) - 1);
272 page_set_flags(startaddr & TARGET_PAGE_MASK,
273 TARGET_PAGE_ALIGN(endaddr),
284 static inline PageDesc **page_l1_map(target_ulong index)
286 #if TARGET_LONG_BITS > 32
287 /* Host memory outside guest VM. For 32-bit targets we have already
288 excluded high addresses. */
289 if (index > ((target_ulong)L2_SIZE * L1_SIZE))
292 return &l1_map[index >> L2_BITS];
295 static inline PageDesc *page_find_alloc(target_ulong index)
298 lp = page_l1_map(index);
304 /* allocate if not found */
305 #if defined(CONFIG_USER_ONLY)
307 size_t len = sizeof(PageDesc) * L2_SIZE;
308 /* Don't use qemu_malloc because it may recurse. */
309 p = mmap(0, len, PROT_READ | PROT_WRITE,
310 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
313 if (addr == (target_ulong)addr) {
314 page_set_flags(addr & TARGET_PAGE_MASK,
315 TARGET_PAGE_ALIGN(addr + len),
319 p = qemu_mallocz(sizeof(PageDesc) * L2_SIZE);
323 return p + (index & (L2_SIZE - 1));
326 static inline PageDesc *page_find(target_ulong index)
329 lp = page_l1_map(index);
336 return p + (index & (L2_SIZE - 1));
339 static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
344 p = (void **)l1_phys_map;
345 #if TARGET_PHYS_ADDR_SPACE_BITS > 32
347 #if TARGET_PHYS_ADDR_SPACE_BITS > (32 + L1_BITS)
348 #error unsupported TARGET_PHYS_ADDR_SPACE_BITS
350 lp = p + ((index >> (L1_BITS + L2_BITS)) & (L1_SIZE - 1));
353 /* allocate if not found */
356 p = qemu_vmalloc(sizeof(void *) * L1_SIZE);
357 memset(p, 0, sizeof(void *) * L1_SIZE);
361 lp = p + ((index >> L2_BITS) & (L1_SIZE - 1));
365 /* allocate if not found */
368 pd = qemu_vmalloc(sizeof(PhysPageDesc) * L2_SIZE);
370 for (i = 0; i < L2_SIZE; i++)
371 pd[i].phys_offset = IO_MEM_UNASSIGNED;
373 return ((PhysPageDesc *)pd) + (index & (L2_SIZE - 1));
376 static inline PhysPageDesc *phys_page_find(target_phys_addr_t index)
378 return phys_page_find_alloc(index, 0);
381 #if !defined(CONFIG_USER_ONLY)
382 static void tlb_protect_code(ram_addr_t ram_addr);
383 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
385 #define mmap_lock() do { } while(0)
386 #define mmap_unlock() do { } while(0)
389 #define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
391 #if defined(CONFIG_USER_ONLY)
392 /* Currently it is not recommanded to allocate big chunks of data in
393 user mode. It will change when a dedicated libc will be used */
394 #define USE_STATIC_CODE_GEN_BUFFER
397 #ifdef USE_STATIC_CODE_GEN_BUFFER
398 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE];
401 static void code_gen_alloc(unsigned long tb_size)
403 #ifdef USE_STATIC_CODE_GEN_BUFFER
404 code_gen_buffer = static_code_gen_buffer;
405 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
406 map_exec(code_gen_buffer, code_gen_buffer_size);
408 code_gen_buffer_size = tb_size;
409 if (code_gen_buffer_size == 0) {
410 #if defined(CONFIG_USER_ONLY)
411 /* in user mode, phys_ram_size is not meaningful */
412 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
414 /* XXX: needs ajustments */
415 code_gen_buffer_size = (unsigned long)(phys_ram_size / 4);
418 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
419 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
420 /* The code gen buffer location may have constraints depending on
421 the host cpu and OS */
422 #if defined(__linux__)
427 flags = MAP_PRIVATE | MAP_ANONYMOUS;
428 #if defined(__x86_64__)
430 /* Cannot map more than that */
431 if (code_gen_buffer_size > (800 * 1024 * 1024))
432 code_gen_buffer_size = (800 * 1024 * 1024);
433 #elif defined(__sparc_v9__)
434 // Map the buffer below 2G, so we can use direct calls and branches
436 start = (void *) 0x60000000UL;
437 if (code_gen_buffer_size > (512 * 1024 * 1024))
438 code_gen_buffer_size = (512 * 1024 * 1024);
440 code_gen_buffer = mmap(start, code_gen_buffer_size,
441 PROT_WRITE | PROT_READ | PROT_EXEC,
443 if (code_gen_buffer == MAP_FAILED) {
444 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
448 #elif defined(__FreeBSD__)
452 flags = MAP_PRIVATE | MAP_ANONYMOUS;
453 #if defined(__x86_64__)
454 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
455 * 0x40000000 is free */
457 addr = (void *)0x40000000;
458 /* Cannot map more than that */
459 if (code_gen_buffer_size > (800 * 1024 * 1024))
460 code_gen_buffer_size = (800 * 1024 * 1024);
462 code_gen_buffer = mmap(addr, code_gen_buffer_size,
463 PROT_WRITE | PROT_READ | PROT_EXEC,
465 if (code_gen_buffer == MAP_FAILED) {
466 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
471 code_gen_buffer = qemu_malloc(code_gen_buffer_size);
472 if (!code_gen_buffer) {
473 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
476 map_exec(code_gen_buffer, code_gen_buffer_size);
478 #endif /* !USE_STATIC_CODE_GEN_BUFFER */
479 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
480 code_gen_buffer_max_size = code_gen_buffer_size -
481 code_gen_max_block_size();
482 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
483 tbs = qemu_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
486 /* Must be called before using the QEMU cpus. 'tb_size' is the size
487 (in bytes) allocated to the translation buffer. Zero means default
489 void cpu_exec_init_all(unsigned long tb_size)
492 code_gen_alloc(tb_size);
493 code_gen_ptr = code_gen_buffer;
495 #if !defined(CONFIG_USER_ONLY)
500 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
502 #define CPU_COMMON_SAVE_VERSION 1
504 static void cpu_common_save(QEMUFile *f, void *opaque)
506 CPUState *env = opaque;
508 qemu_put_be32s(f, &env->halted);
509 qemu_put_be32s(f, &env->interrupt_request);
512 static int cpu_common_load(QEMUFile *f, void *opaque, int version_id)
514 CPUState *env = opaque;
516 if (version_id != CPU_COMMON_SAVE_VERSION)
519 qemu_get_be32s(f, &env->halted);
520 qemu_get_be32s(f, &env->interrupt_request);
527 void cpu_exec_init(CPUState *env)
532 env->next_cpu = NULL;
535 while (*penv != NULL) {
536 penv = (CPUState **)&(*penv)->next_cpu;
539 env->cpu_index = cpu_index;
540 env->nb_watchpoints = 0;
542 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
543 register_savevm("cpu_common", cpu_index, CPU_COMMON_SAVE_VERSION,
544 cpu_common_save, cpu_common_load, env);
545 register_savevm("cpu", cpu_index, CPU_SAVE_VERSION,
546 cpu_save, cpu_load, env);
550 static inline void invalidate_page_bitmap(PageDesc *p)
552 if (p->code_bitmap) {
553 qemu_free(p->code_bitmap);
554 p->code_bitmap = NULL;
556 p->code_write_count = 0;
559 /* set to NULL all the 'first_tb' fields in all PageDescs */
560 static void page_flush_tb(void)
565 for(i = 0; i < L1_SIZE; i++) {
568 for(j = 0; j < L2_SIZE; j++) {
570 invalidate_page_bitmap(p);
577 /* flush all the translation blocks */
578 /* XXX: tb_flush is currently not thread safe */
579 void tb_flush(CPUState *env1)
582 #if defined(DEBUG_FLUSH)
583 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
584 (unsigned long)(code_gen_ptr - code_gen_buffer),
586 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
588 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
589 cpu_abort(env1, "Internal error: code buffer overflow\n");
593 for(env = first_cpu; env != NULL; env = env->next_cpu) {
594 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
597 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
600 code_gen_ptr = code_gen_buffer;
601 /* XXX: flush processor icache at this point if cache flush is
606 #ifdef DEBUG_TB_CHECK
608 static void tb_invalidate_check(target_ulong address)
610 TranslationBlock *tb;
612 address &= TARGET_PAGE_MASK;
613 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
614 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
615 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
616 address >= tb->pc + tb->size)) {
617 printf("ERROR invalidate: address=%08lx PC=%08lx size=%04x\n",
618 address, (long)tb->pc, tb->size);
624 /* verify that all the pages have correct rights for code */
625 static void tb_page_check(void)
627 TranslationBlock *tb;
628 int i, flags1, flags2;
630 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
631 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
632 flags1 = page_get_flags(tb->pc);
633 flags2 = page_get_flags(tb->pc + tb->size - 1);
634 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
635 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
636 (long)tb->pc, tb->size, flags1, flags2);
642 static void tb_jmp_check(TranslationBlock *tb)
644 TranslationBlock *tb1;
647 /* suppress any remaining jumps to this TB */
651 tb1 = (TranslationBlock *)((long)tb1 & ~3);
654 tb1 = tb1->jmp_next[n1];
656 /* check end of list */
658 printf("ERROR: jmp_list from 0x%08lx\n", (long)tb);
664 /* invalidate one TB */
665 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
668 TranslationBlock *tb1;
672 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
675 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
679 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
681 TranslationBlock *tb1;
687 tb1 = (TranslationBlock *)((long)tb1 & ~3);
689 *ptb = tb1->page_next[n1];
692 ptb = &tb1->page_next[n1];
696 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
698 TranslationBlock *tb1, **ptb;
701 ptb = &tb->jmp_next[n];
704 /* find tb(n) in circular list */
708 tb1 = (TranslationBlock *)((long)tb1 & ~3);
709 if (n1 == n && tb1 == tb)
712 ptb = &tb1->jmp_first;
714 ptb = &tb1->jmp_next[n1];
717 /* now we can suppress tb(n) from the list */
718 *ptb = tb->jmp_next[n];
720 tb->jmp_next[n] = NULL;
724 /* reset the jump entry 'n' of a TB so that it is not chained to
726 static inline void tb_reset_jump(TranslationBlock *tb, int n)
728 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
731 void tb_phys_invalidate(TranslationBlock *tb, target_ulong page_addr)
736 target_phys_addr_t phys_pc;
737 TranslationBlock *tb1, *tb2;
739 /* remove the TB from the hash list */
740 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
741 h = tb_phys_hash_func(phys_pc);
742 tb_remove(&tb_phys_hash[h], tb,
743 offsetof(TranslationBlock, phys_hash_next));
745 /* remove the TB from the page list */
746 if (tb->page_addr[0] != page_addr) {
747 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
748 tb_page_remove(&p->first_tb, tb);
749 invalidate_page_bitmap(p);
751 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
752 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
753 tb_page_remove(&p->first_tb, tb);
754 invalidate_page_bitmap(p);
757 tb_invalidated_flag = 1;
759 /* remove the TB from the hash list */
760 h = tb_jmp_cache_hash_func(tb->pc);
761 for(env = first_cpu; env != NULL; env = env->next_cpu) {
762 if (env->tb_jmp_cache[h] == tb)
763 env->tb_jmp_cache[h] = NULL;
766 /* suppress this TB from the two jump lists */
767 tb_jmp_remove(tb, 0);
768 tb_jmp_remove(tb, 1);
770 /* suppress any remaining jumps to this TB */
776 tb1 = (TranslationBlock *)((long)tb1 & ~3);
777 tb2 = tb1->jmp_next[n1];
778 tb_reset_jump(tb1, n1);
779 tb1->jmp_next[n1] = NULL;
782 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
784 tb_phys_invalidate_count++;
787 static inline void set_bits(uint8_t *tab, int start, int len)
793 mask = 0xff << (start & 7);
794 if ((start & ~7) == (end & ~7)) {
796 mask &= ~(0xff << (end & 7));
801 start = (start + 8) & ~7;
803 while (start < end1) {
808 mask = ~(0xff << (end & 7));
814 static void build_page_bitmap(PageDesc *p)
816 int n, tb_start, tb_end;
817 TranslationBlock *tb;
819 p->code_bitmap = qemu_mallocz(TARGET_PAGE_SIZE / 8);
826 tb = (TranslationBlock *)((long)tb & ~3);
827 /* NOTE: this is subtle as a TB may span two physical pages */
829 /* NOTE: tb_end may be after the end of the page, but
830 it is not a problem */
831 tb_start = tb->pc & ~TARGET_PAGE_MASK;
832 tb_end = tb_start + tb->size;
833 if (tb_end > TARGET_PAGE_SIZE)
834 tb_end = TARGET_PAGE_SIZE;
837 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
839 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
840 tb = tb->page_next[n];
844 TranslationBlock *tb_gen_code(CPUState *env,
845 target_ulong pc, target_ulong cs_base,
846 int flags, int cflags)
848 TranslationBlock *tb;
850 target_ulong phys_pc, phys_page2, virt_page2;
853 phys_pc = get_phys_addr_code(env, pc);
856 /* flush must be done */
858 /* cannot fail at this point */
860 /* Don't forget to invalidate previous TB info. */
861 tb_invalidated_flag = 1;
863 tc_ptr = code_gen_ptr;
865 tb->cs_base = cs_base;
868 cpu_gen_code(env, tb, &code_gen_size);
869 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
871 /* check next page if needed */
872 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
874 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
875 phys_page2 = get_phys_addr_code(env, virt_page2);
877 tb_link_phys(tb, phys_pc, phys_page2);
881 /* invalidate all TBs which intersect with the target physical page
882 starting in range [start;end[. NOTE: start and end must refer to
883 the same physical page. 'is_cpu_write_access' should be true if called
884 from a real cpu write access: the virtual CPU will exit the current
885 TB if code is modified inside this TB. */
886 void tb_invalidate_phys_page_range(target_phys_addr_t start, target_phys_addr_t end,
887 int is_cpu_write_access)
889 int n, current_tb_modified, current_tb_not_found, current_flags;
890 CPUState *env = cpu_single_env;
892 TranslationBlock *tb, *tb_next, *current_tb, *saved_tb;
893 target_ulong tb_start, tb_end;
894 target_ulong current_pc, current_cs_base;
896 p = page_find(start >> TARGET_PAGE_BITS);
899 if (!p->code_bitmap &&
900 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
901 is_cpu_write_access) {
902 /* build code bitmap */
903 build_page_bitmap(p);
906 /* we remove all the TBs in the range [start, end[ */
907 /* XXX: see if in some cases it could be faster to invalidate all the code */
908 current_tb_not_found = is_cpu_write_access;
909 current_tb_modified = 0;
910 current_tb = NULL; /* avoid warning */
911 current_pc = 0; /* avoid warning */
912 current_cs_base = 0; /* avoid warning */
913 current_flags = 0; /* avoid warning */
917 tb = (TranslationBlock *)((long)tb & ~3);
918 tb_next = tb->page_next[n];
919 /* NOTE: this is subtle as a TB may span two physical pages */
921 /* NOTE: tb_end may be after the end of the page, but
922 it is not a problem */
923 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
924 tb_end = tb_start + tb->size;
926 tb_start = tb->page_addr[1];
927 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
929 if (!(tb_end <= start || tb_start >= end)) {
930 #ifdef TARGET_HAS_PRECISE_SMC
931 if (current_tb_not_found) {
932 current_tb_not_found = 0;
934 if (env->mem_io_pc) {
935 /* now we have a real cpu fault */
936 current_tb = tb_find_pc(env->mem_io_pc);
939 if (current_tb == tb &&
940 (current_tb->cflags & CF_COUNT_MASK) != 1) {
941 /* If we are modifying the current TB, we must stop
942 its execution. We could be more precise by checking
943 that the modification is after the current PC, but it
944 would require a specialized function to partially
945 restore the CPU state */
947 current_tb_modified = 1;
948 cpu_restore_state(current_tb, env,
949 env->mem_io_pc, NULL);
950 #if defined(TARGET_I386)
951 current_flags = env->hflags;
952 current_flags |= (env->eflags & (IOPL_MASK | TF_MASK | VM_MASK));
953 current_cs_base = (target_ulong)env->segs[R_CS].base;
954 current_pc = current_cs_base + env->eip;
956 #error unsupported CPU
959 #endif /* TARGET_HAS_PRECISE_SMC */
960 /* we need to do that to handle the case where a signal
961 occurs while doing tb_phys_invalidate() */
964 saved_tb = env->current_tb;
965 env->current_tb = NULL;
967 tb_phys_invalidate(tb, -1);
969 env->current_tb = saved_tb;
970 if (env->interrupt_request && env->current_tb)
971 cpu_interrupt(env, env->interrupt_request);
976 #if !defined(CONFIG_USER_ONLY)
977 /* if no code remaining, no need to continue to use slow writes */
979 invalidate_page_bitmap(p);
980 if (is_cpu_write_access) {
981 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
985 #ifdef TARGET_HAS_PRECISE_SMC
986 if (current_tb_modified) {
987 /* we generate a block containing just the instruction
988 modifying the memory. It will ensure that it cannot modify
990 env->current_tb = NULL;
991 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
992 cpu_resume_from_signal(env, NULL);
997 /* len must be <= 8 and start must be a multiple of len */
998 static inline void tb_invalidate_phys_page_fast(target_phys_addr_t start, int len)
1005 fprintf(logfile, "modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1006 cpu_single_env->mem_io_vaddr, len,
1007 cpu_single_env->eip,
1008 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
1012 p = page_find(start >> TARGET_PAGE_BITS);
1015 if (p->code_bitmap) {
1016 offset = start & ~TARGET_PAGE_MASK;
1017 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1018 if (b & ((1 << len) - 1))
1022 tb_invalidate_phys_page_range(start, start + len, 1);
1026 #if !defined(CONFIG_SOFTMMU)
1027 static void tb_invalidate_phys_page(target_phys_addr_t addr,
1028 unsigned long pc, void *puc)
1030 int n, current_flags, current_tb_modified;
1031 target_ulong current_pc, current_cs_base;
1033 TranslationBlock *tb, *current_tb;
1034 #ifdef TARGET_HAS_PRECISE_SMC
1035 CPUState *env = cpu_single_env;
1038 addr &= TARGET_PAGE_MASK;
1039 p = page_find(addr >> TARGET_PAGE_BITS);
1043 current_tb_modified = 0;
1045 current_pc = 0; /* avoid warning */
1046 current_cs_base = 0; /* avoid warning */
1047 current_flags = 0; /* avoid warning */
1048 #ifdef TARGET_HAS_PRECISE_SMC
1049 if (tb && pc != 0) {
1050 current_tb = tb_find_pc(pc);
1053 while (tb != NULL) {
1055 tb = (TranslationBlock *)((long)tb & ~3);
1056 #ifdef TARGET_HAS_PRECISE_SMC
1057 if (current_tb == tb &&
1058 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1059 /* If we are modifying the current TB, we must stop
1060 its execution. We could be more precise by checking
1061 that the modification is after the current PC, but it
1062 would require a specialized function to partially
1063 restore the CPU state */
1065 current_tb_modified = 1;
1066 cpu_restore_state(current_tb, env, pc, puc);
1067 #if defined(TARGET_I386)
1068 current_flags = env->hflags;
1069 current_flags |= (env->eflags & (IOPL_MASK | TF_MASK | VM_MASK));
1070 current_cs_base = (target_ulong)env->segs[R_CS].base;
1071 current_pc = current_cs_base + env->eip;
1073 #error unsupported CPU
1076 #endif /* TARGET_HAS_PRECISE_SMC */
1077 tb_phys_invalidate(tb, addr);
1078 tb = tb->page_next[n];
1081 #ifdef TARGET_HAS_PRECISE_SMC
1082 if (current_tb_modified) {
1083 /* we generate a block containing just the instruction
1084 modifying the memory. It will ensure that it cannot modify
1086 env->current_tb = NULL;
1087 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1088 cpu_resume_from_signal(env, puc);
1094 /* add the tb in the target page and protect it if necessary */
1095 static inline void tb_alloc_page(TranslationBlock *tb,
1096 unsigned int n, target_ulong page_addr)
1099 TranslationBlock *last_first_tb;
1101 tb->page_addr[n] = page_addr;
1102 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS);
1103 tb->page_next[n] = p->first_tb;
1104 last_first_tb = p->first_tb;
1105 p->first_tb = (TranslationBlock *)((long)tb | n);
1106 invalidate_page_bitmap(p);
1108 #if defined(TARGET_HAS_SMC) || 1
1110 #if defined(CONFIG_USER_ONLY)
1111 if (p->flags & PAGE_WRITE) {
1116 /* force the host page as non writable (writes will have a
1117 page fault + mprotect overhead) */
1118 page_addr &= qemu_host_page_mask;
1120 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1121 addr += TARGET_PAGE_SIZE) {
1123 p2 = page_find (addr >> TARGET_PAGE_BITS);
1127 p2->flags &= ~PAGE_WRITE;
1128 page_get_flags(addr);
1130 mprotect(g2h(page_addr), qemu_host_page_size,
1131 (prot & PAGE_BITS) & ~PAGE_WRITE);
1132 #ifdef DEBUG_TB_INVALIDATE
1133 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1138 /* if some code is already present, then the pages are already
1139 protected. So we handle the case where only the first TB is
1140 allocated in a physical page */
1141 if (!last_first_tb) {
1142 tlb_protect_code(page_addr);
1146 #endif /* TARGET_HAS_SMC */
1149 /* Allocate a new translation block. Flush the translation buffer if
1150 too many translation blocks or too much generated code. */
1151 TranslationBlock *tb_alloc(target_ulong pc)
1153 TranslationBlock *tb;
1155 if (nb_tbs >= code_gen_max_blocks ||
1156 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
1158 tb = &tbs[nb_tbs++];
1164 void tb_free(TranslationBlock *tb)
1166 /* In practice this is mostly used for single use temporary TB
1167 Ignore the hard cases and just back up if this TB happens to
1168 be the last one generated. */
1169 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
1170 code_gen_ptr = tb->tc_ptr;
1175 /* add a new TB and link it to the physical page tables. phys_page2 is
1176 (-1) to indicate that only one page contains the TB. */
1177 void tb_link_phys(TranslationBlock *tb,
1178 target_ulong phys_pc, target_ulong phys_page2)
1181 TranslationBlock **ptb;
1183 /* Grab the mmap lock to stop another thread invalidating this TB
1184 before we are done. */
1186 /* add in the physical hash table */
1187 h = tb_phys_hash_func(phys_pc);
1188 ptb = &tb_phys_hash[h];
1189 tb->phys_hash_next = *ptb;
1192 /* add in the page list */
1193 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1194 if (phys_page2 != -1)
1195 tb_alloc_page(tb, 1, phys_page2);
1197 tb->page_addr[1] = -1;
1199 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1200 tb->jmp_next[0] = NULL;
1201 tb->jmp_next[1] = NULL;
1203 /* init original jump addresses */
1204 if (tb->tb_next_offset[0] != 0xffff)
1205 tb_reset_jump(tb, 0);
1206 if (tb->tb_next_offset[1] != 0xffff)
1207 tb_reset_jump(tb, 1);
1209 #ifdef DEBUG_TB_CHECK
1215 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1216 tb[1].tc_ptr. Return NULL if not found */
1217 TranslationBlock *tb_find_pc(unsigned long tc_ptr)
1219 int m_min, m_max, m;
1221 TranslationBlock *tb;
1225 if (tc_ptr < (unsigned long)code_gen_buffer ||
1226 tc_ptr >= (unsigned long)code_gen_ptr)
1228 /* binary search (cf Knuth) */
1231 while (m_min <= m_max) {
1232 m = (m_min + m_max) >> 1;
1234 v = (unsigned long)tb->tc_ptr;
1237 else if (tc_ptr < v) {
1246 static void tb_reset_jump_recursive(TranslationBlock *tb);
1248 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1250 TranslationBlock *tb1, *tb_next, **ptb;
1253 tb1 = tb->jmp_next[n];
1255 /* find head of list */
1258 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1261 tb1 = tb1->jmp_next[n1];
1263 /* we are now sure now that tb jumps to tb1 */
1266 /* remove tb from the jmp_first list */
1267 ptb = &tb_next->jmp_first;
1271 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1272 if (n1 == n && tb1 == tb)
1274 ptb = &tb1->jmp_next[n1];
1276 *ptb = tb->jmp_next[n];
1277 tb->jmp_next[n] = NULL;
1279 /* suppress the jump to next tb in generated code */
1280 tb_reset_jump(tb, n);
1282 /* suppress jumps in the tb on which we could have jumped */
1283 tb_reset_jump_recursive(tb_next);
1287 static void tb_reset_jump_recursive(TranslationBlock *tb)
1289 tb_reset_jump_recursive2(tb, 0);
1290 tb_reset_jump_recursive2(tb, 1);
1293 #if defined(TARGET_HAS_ICE)
1294 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1296 target_phys_addr_t addr;
1298 ram_addr_t ram_addr;
1301 addr = cpu_get_phys_page_debug(env, pc);
1302 p = phys_page_find(addr >> TARGET_PAGE_BITS);
1304 pd = IO_MEM_UNASSIGNED;
1306 pd = p->phys_offset;
1308 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
1309 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1313 /* Add a watchpoint. */
1314 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, int type)
1318 for (i = 0; i < env->nb_watchpoints; i++) {
1319 if (addr == env->watchpoint[i].vaddr)
1322 if (env->nb_watchpoints >= MAX_WATCHPOINTS)
1325 i = env->nb_watchpoints++;
1326 env->watchpoint[i].vaddr = addr;
1327 env->watchpoint[i].type = type;
1328 tlb_flush_page(env, addr);
1329 /* FIXME: This flush is needed because of the hack to make memory ops
1330 terminate the TB. It can be removed once the proper IO trap and
1331 re-execute bits are in. */
1336 /* Remove a watchpoint. */
1337 int cpu_watchpoint_remove(CPUState *env, target_ulong addr)
1341 for (i = 0; i < env->nb_watchpoints; i++) {
1342 if (addr == env->watchpoint[i].vaddr) {
1343 env->nb_watchpoints--;
1344 env->watchpoint[i] = env->watchpoint[env->nb_watchpoints];
1345 tlb_flush_page(env, addr);
1352 /* Remove all watchpoints. */
1353 void cpu_watchpoint_remove_all(CPUState *env) {
1356 for (i = 0; i < env->nb_watchpoints; i++) {
1357 tlb_flush_page(env, env->watchpoint[i].vaddr);
1359 env->nb_watchpoints = 0;
1362 /* add a breakpoint. EXCP_DEBUG is returned by the CPU loop if a
1363 breakpoint is reached */
1364 int cpu_breakpoint_insert(CPUState *env, target_ulong pc)
1366 #if defined(TARGET_HAS_ICE)
1369 for(i = 0; i < env->nb_breakpoints; i++) {
1370 if (env->breakpoints[i] == pc)
1374 if (env->nb_breakpoints >= MAX_BREAKPOINTS)
1376 env->breakpoints[env->nb_breakpoints++] = pc;
1378 breakpoint_invalidate(env, pc);
1385 /* remove all breakpoints */
1386 void cpu_breakpoint_remove_all(CPUState *env) {
1387 #if defined(TARGET_HAS_ICE)
1389 for(i = 0; i < env->nb_breakpoints; i++) {
1390 breakpoint_invalidate(env, env->breakpoints[i]);
1392 env->nb_breakpoints = 0;
1396 /* remove a breakpoint */
1397 int cpu_breakpoint_remove(CPUState *env, target_ulong pc)
1399 #if defined(TARGET_HAS_ICE)
1401 for(i = 0; i < env->nb_breakpoints; i++) {
1402 if (env->breakpoints[i] == pc)
1407 env->nb_breakpoints--;
1408 if (i < env->nb_breakpoints)
1409 env->breakpoints[i] = env->breakpoints[env->nb_breakpoints];
1411 breakpoint_invalidate(env, pc);
1418 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1419 CPU loop after each instruction */
1420 void cpu_single_step(CPUState *env, int enabled)
1422 #if defined(TARGET_HAS_ICE)
1423 if (env->singlestep_enabled != enabled) {
1424 env->singlestep_enabled = enabled;
1425 /* must flush all the translated code to avoid inconsistancies */
1426 /* XXX: only flush what is necessary */
1432 /* enable or disable low levels log */
1433 void cpu_set_log(int log_flags)
1435 loglevel = log_flags;
1436 if (loglevel && !logfile) {
1437 logfile = fopen(logfilename, log_append ? "a" : "w");
1439 perror(logfilename);
1442 #if !defined(CONFIG_SOFTMMU)
1443 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1445 static char logfile_buf[4096];
1446 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1449 setvbuf(logfile, NULL, _IOLBF, 0);
1453 if (!loglevel && logfile) {
1459 void cpu_set_log_filename(const char *filename)
1461 logfilename = strdup(filename);
1466 cpu_set_log(loglevel);
1469 /* mask must never be zero, except for A20 change call */
1470 void cpu_interrupt(CPUState *env, int mask)
1472 #if !defined(USE_NPTL)
1473 TranslationBlock *tb;
1474 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1478 old_mask = env->interrupt_request;
1479 /* FIXME: This is probably not threadsafe. A different thread could
1480 be in the middle of a read-modify-write operation. */
1481 env->interrupt_request |= mask;
1482 #if defined(USE_NPTL)
1483 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1484 problem and hope the cpu will stop of its own accord. For userspace
1485 emulation this often isn't actually as bad as it sounds. Often
1486 signals are used primarily to interrupt blocking syscalls. */
1489 env->icount_decr.u16.high = 0xffff;
1490 #ifndef CONFIG_USER_ONLY
1491 /* CPU_INTERRUPT_EXIT isn't a real interrupt. It just means
1492 an async event happened and we need to process it. */
1494 && (mask & ~(old_mask | CPU_INTERRUPT_EXIT)) != 0) {
1495 cpu_abort(env, "Raised interrupt while not in I/O function");
1499 tb = env->current_tb;
1500 /* if the cpu is currently executing code, we must unlink it and
1501 all the potentially executing TB */
1502 if (tb && !testandset(&interrupt_lock)) {
1503 env->current_tb = NULL;
1504 tb_reset_jump_recursive(tb);
1505 resetlock(&interrupt_lock);
1511 void cpu_reset_interrupt(CPUState *env, int mask)
1513 env->interrupt_request &= ~mask;
1516 const CPULogItem cpu_log_items[] = {
1517 { CPU_LOG_TB_OUT_ASM, "out_asm",
1518 "show generated host assembly code for each compiled TB" },
1519 { CPU_LOG_TB_IN_ASM, "in_asm",
1520 "show target assembly code for each compiled TB" },
1521 { CPU_LOG_TB_OP, "op",
1522 "show micro ops for each compiled TB" },
1523 { CPU_LOG_TB_OP_OPT, "op_opt",
1526 "before eflags optimization and "
1528 "after liveness analysis" },
1529 { CPU_LOG_INT, "int",
1530 "show interrupts/exceptions in short format" },
1531 { CPU_LOG_EXEC, "exec",
1532 "show trace before each executed TB (lots of logs)" },
1533 { CPU_LOG_TB_CPU, "cpu",
1534 "show CPU state before block translation" },
1536 { CPU_LOG_PCALL, "pcall",
1537 "show protected mode far calls/returns/exceptions" },
1540 { CPU_LOG_IOPORT, "ioport",
1541 "show all i/o ports accesses" },
1546 static int cmp1(const char *s1, int n, const char *s2)
1548 if (strlen(s2) != n)
1550 return memcmp(s1, s2, n) == 0;
1553 /* takes a comma separated list of log masks. Return 0 if error. */
1554 int cpu_str_to_log_mask(const char *str)
1556 const CPULogItem *item;
1563 p1 = strchr(p, ',');
1566 if(cmp1(p,p1-p,"all")) {
1567 for(item = cpu_log_items; item->mask != 0; item++) {
1571 for(item = cpu_log_items; item->mask != 0; item++) {
1572 if (cmp1(p, p1 - p, item->name))
1586 void cpu_abort(CPUState *env, const char *fmt, ...)
1593 fprintf(stderr, "qemu: fatal: ");
1594 vfprintf(stderr, fmt, ap);
1595 fprintf(stderr, "\n");
1597 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1599 cpu_dump_state(env, stderr, fprintf, 0);
1602 fprintf(logfile, "qemu: fatal: ");
1603 vfprintf(logfile, fmt, ap2);
1604 fprintf(logfile, "\n");
1606 cpu_dump_state(env, logfile, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1608 cpu_dump_state(env, logfile, fprintf, 0);
1618 CPUState *cpu_copy(CPUState *env)
1620 CPUState *new_env = cpu_init(env->cpu_model_str);
1621 /* preserve chaining and index */
1622 CPUState *next_cpu = new_env->next_cpu;
1623 int cpu_index = new_env->cpu_index;
1624 memcpy(new_env, env, sizeof(CPUState));
1625 new_env->next_cpu = next_cpu;
1626 new_env->cpu_index = cpu_index;
1630 #if !defined(CONFIG_USER_ONLY)
1632 static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1636 /* Discard jump cache entries for any tb which might potentially
1637 overlap the flushed page. */
1638 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1639 memset (&env->tb_jmp_cache[i], 0,
1640 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1642 i = tb_jmp_cache_hash_page(addr);
1643 memset (&env->tb_jmp_cache[i], 0,
1644 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1647 /* NOTE: if flush_global is true, also flush global entries (not
1649 void tlb_flush(CPUState *env, int flush_global)
1653 #if defined(DEBUG_TLB)
1654 printf("tlb_flush:\n");
1656 /* must reset current TB so that interrupts cannot modify the
1657 links while we are modifying them */
1658 env->current_tb = NULL;
1660 for(i = 0; i < CPU_TLB_SIZE; i++) {
1661 env->tlb_table[0][i].addr_read = -1;
1662 env->tlb_table[0][i].addr_write = -1;
1663 env->tlb_table[0][i].addr_code = -1;
1664 env->tlb_table[1][i].addr_read = -1;
1665 env->tlb_table[1][i].addr_write = -1;
1666 env->tlb_table[1][i].addr_code = -1;
1667 #if (NB_MMU_MODES >= 3)
1668 env->tlb_table[2][i].addr_read = -1;
1669 env->tlb_table[2][i].addr_write = -1;
1670 env->tlb_table[2][i].addr_code = -1;
1671 #if (NB_MMU_MODES == 4)
1672 env->tlb_table[3][i].addr_read = -1;
1673 env->tlb_table[3][i].addr_write = -1;
1674 env->tlb_table[3][i].addr_code = -1;
1679 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
1682 if (env->kqemu_enabled) {
1683 kqemu_flush(env, flush_global);
1689 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
1691 if (addr == (tlb_entry->addr_read &
1692 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1693 addr == (tlb_entry->addr_write &
1694 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1695 addr == (tlb_entry->addr_code &
1696 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
1697 tlb_entry->addr_read = -1;
1698 tlb_entry->addr_write = -1;
1699 tlb_entry->addr_code = -1;
1703 void tlb_flush_page(CPUState *env, target_ulong addr)
1707 #if defined(DEBUG_TLB)
1708 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
1710 /* must reset current TB so that interrupts cannot modify the
1711 links while we are modifying them */
1712 env->current_tb = NULL;
1714 addr &= TARGET_PAGE_MASK;
1715 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1716 tlb_flush_entry(&env->tlb_table[0][i], addr);
1717 tlb_flush_entry(&env->tlb_table[1][i], addr);
1718 #if (NB_MMU_MODES >= 3)
1719 tlb_flush_entry(&env->tlb_table[2][i], addr);
1720 #if (NB_MMU_MODES == 4)
1721 tlb_flush_entry(&env->tlb_table[3][i], addr);
1725 tlb_flush_jmp_cache(env, addr);
1728 if (env->kqemu_enabled) {
1729 kqemu_flush_page(env, addr);
1734 /* update the TLBs so that writes to code in the virtual page 'addr'
1736 static void tlb_protect_code(ram_addr_t ram_addr)
1738 cpu_physical_memory_reset_dirty(ram_addr,
1739 ram_addr + TARGET_PAGE_SIZE,
1743 /* update the TLB so that writes in physical page 'phys_addr' are no longer
1744 tested for self modifying code */
1745 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
1748 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] |= CODE_DIRTY_FLAG;
1751 static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
1752 unsigned long start, unsigned long length)
1755 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1756 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
1757 if ((addr - start) < length) {
1758 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
1763 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
1767 unsigned long length, start1;
1771 start &= TARGET_PAGE_MASK;
1772 end = TARGET_PAGE_ALIGN(end);
1774 length = end - start;
1777 len = length >> TARGET_PAGE_BITS;
1779 /* XXX: should not depend on cpu context */
1781 if (env->kqemu_enabled) {
1784 for(i = 0; i < len; i++) {
1785 kqemu_set_notdirty(env, addr);
1786 addr += TARGET_PAGE_SIZE;
1790 mask = ~dirty_flags;
1791 p = phys_ram_dirty + (start >> TARGET_PAGE_BITS);
1792 for(i = 0; i < len; i++)
1795 /* we modify the TLB cache so that the dirty bit will be set again
1796 when accessing the range */
1797 start1 = start + (unsigned long)phys_ram_base;
1798 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1799 for(i = 0; i < CPU_TLB_SIZE; i++)
1800 tlb_reset_dirty_range(&env->tlb_table[0][i], start1, length);
1801 for(i = 0; i < CPU_TLB_SIZE; i++)
1802 tlb_reset_dirty_range(&env->tlb_table[1][i], start1, length);
1803 #if (NB_MMU_MODES >= 3)
1804 for(i = 0; i < CPU_TLB_SIZE; i++)
1805 tlb_reset_dirty_range(&env->tlb_table[2][i], start1, length);
1806 #if (NB_MMU_MODES == 4)
1807 for(i = 0; i < CPU_TLB_SIZE; i++)
1808 tlb_reset_dirty_range(&env->tlb_table[3][i], start1, length);
1814 int cpu_physical_memory_set_dirty_tracking(int enable)
1816 in_migration = enable;
1820 int cpu_physical_memory_get_dirty_tracking(void)
1822 return in_migration;
1825 static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
1827 ram_addr_t ram_addr;
1829 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1830 ram_addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) +
1831 tlb_entry->addend - (unsigned long)phys_ram_base;
1832 if (!cpu_physical_memory_is_dirty(ram_addr)) {
1833 tlb_entry->addr_write |= TLB_NOTDIRTY;
1838 /* update the TLB according to the current state of the dirty bits */
1839 void cpu_tlb_update_dirty(CPUState *env)
1842 for(i = 0; i < CPU_TLB_SIZE; i++)
1843 tlb_update_dirty(&env->tlb_table[0][i]);
1844 for(i = 0; i < CPU_TLB_SIZE; i++)
1845 tlb_update_dirty(&env->tlb_table[1][i]);
1846 #if (NB_MMU_MODES >= 3)
1847 for(i = 0; i < CPU_TLB_SIZE; i++)
1848 tlb_update_dirty(&env->tlb_table[2][i]);
1849 #if (NB_MMU_MODES == 4)
1850 for(i = 0; i < CPU_TLB_SIZE; i++)
1851 tlb_update_dirty(&env->tlb_table[3][i]);
1856 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
1858 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
1859 tlb_entry->addr_write = vaddr;
1862 /* update the TLB corresponding to virtual page vaddr
1863 so that it is no longer dirty */
1864 static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
1868 vaddr &= TARGET_PAGE_MASK;
1869 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1870 tlb_set_dirty1(&env->tlb_table[0][i], vaddr);
1871 tlb_set_dirty1(&env->tlb_table[1][i], vaddr);
1872 #if (NB_MMU_MODES >= 3)
1873 tlb_set_dirty1(&env->tlb_table[2][i], vaddr);
1874 #if (NB_MMU_MODES == 4)
1875 tlb_set_dirty1(&env->tlb_table[3][i], vaddr);
1880 /* add a new TLB entry. At most one entry for a given virtual address
1881 is permitted. Return 0 if OK or 2 if the page could not be mapped
1882 (can only happen in non SOFTMMU mode for I/O pages or pages
1883 conflicting with the host address space). */
1884 int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
1885 target_phys_addr_t paddr, int prot,
1886 int mmu_idx, int is_softmmu)
1891 target_ulong address;
1892 target_ulong code_address;
1893 target_phys_addr_t addend;
1897 target_phys_addr_t iotlb;
1899 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
1901 pd = IO_MEM_UNASSIGNED;
1903 pd = p->phys_offset;
1905 #if defined(DEBUG_TLB)
1906 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x%08x prot=%x idx=%d smmu=%d pd=0x%08lx\n",
1907 vaddr, (int)paddr, prot, mmu_idx, is_softmmu, pd);
1912 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
1913 /* IO memory case (romd handled later) */
1914 address |= TLB_MMIO;
1916 addend = (unsigned long)phys_ram_base + (pd & TARGET_PAGE_MASK);
1917 if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM) {
1919 iotlb = pd & TARGET_PAGE_MASK;
1920 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
1921 iotlb |= IO_MEM_NOTDIRTY;
1923 iotlb |= IO_MEM_ROM;
1925 /* IO handlers are currently passed a phsical address.
1926 It would be nice to pass an offset from the base address
1927 of that region. This would avoid having to special case RAM,
1928 and avoid full address decoding in every device.
1929 We can't use the high bits of pd for this because
1930 IO_MEM_ROMD uses these as a ram address. */
1931 iotlb = (pd & ~TARGET_PAGE_MASK) + paddr;
1934 code_address = address;
1935 /* Make accesses to pages with watchpoints go via the
1936 watchpoint trap routines. */
1937 for (i = 0; i < env->nb_watchpoints; i++) {
1938 if (vaddr == (env->watchpoint[i].vaddr & TARGET_PAGE_MASK)) {
1939 iotlb = io_mem_watch + paddr;
1940 /* TODO: The memory case can be optimized by not trapping
1941 reads of pages with a write breakpoint. */
1942 address |= TLB_MMIO;
1946 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1947 env->iotlb[mmu_idx][index] = iotlb - vaddr;
1948 te = &env->tlb_table[mmu_idx][index];
1949 te->addend = addend - vaddr;
1950 if (prot & PAGE_READ) {
1951 te->addr_read = address;
1956 if (prot & PAGE_EXEC) {
1957 te->addr_code = code_address;
1961 if (prot & PAGE_WRITE) {
1962 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM ||
1963 (pd & IO_MEM_ROMD)) {
1964 /* Write access calls the I/O callback. */
1965 te->addr_write = address | TLB_MMIO;
1966 } else if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
1967 !cpu_physical_memory_is_dirty(pd)) {
1968 te->addr_write = address | TLB_NOTDIRTY;
1970 te->addr_write = address;
1973 te->addr_write = -1;
1980 void tlb_flush(CPUState *env, int flush_global)
1984 void tlb_flush_page(CPUState *env, target_ulong addr)
1988 int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
1989 target_phys_addr_t paddr, int prot,
1990 int mmu_idx, int is_softmmu)
1995 /* dump memory mappings */
1996 void page_dump(FILE *f)
1998 unsigned long start, end;
1999 int i, j, prot, prot1;
2002 fprintf(f, "%-8s %-8s %-8s %s\n",
2003 "start", "end", "size", "prot");
2007 for(i = 0; i <= L1_SIZE; i++) {
2012 for(j = 0;j < L2_SIZE; j++) {
2017 if (prot1 != prot) {
2018 end = (i << (32 - L1_BITS)) | (j << TARGET_PAGE_BITS);
2020 fprintf(f, "%08lx-%08lx %08lx %c%c%c\n",
2021 start, end, end - start,
2022 prot & PAGE_READ ? 'r' : '-',
2023 prot & PAGE_WRITE ? 'w' : '-',
2024 prot & PAGE_EXEC ? 'x' : '-');
2038 int page_get_flags(target_ulong address)
2042 p = page_find(address >> TARGET_PAGE_BITS);
2048 /* modify the flags of a page and invalidate the code if
2049 necessary. The flag PAGE_WRITE_ORG is positionned automatically
2050 depending on PAGE_WRITE */
2051 void page_set_flags(target_ulong start, target_ulong end, int flags)
2056 /* mmap_lock should already be held. */
2057 start = start & TARGET_PAGE_MASK;
2058 end = TARGET_PAGE_ALIGN(end);
2059 if (flags & PAGE_WRITE)
2060 flags |= PAGE_WRITE_ORG;
2061 for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
2062 p = page_find_alloc(addr >> TARGET_PAGE_BITS);
2063 /* We may be called for host regions that are outside guest
2067 /* if the write protection is set, then we invalidate the code
2069 if (!(p->flags & PAGE_WRITE) &&
2070 (flags & PAGE_WRITE) &&
2072 tb_invalidate_phys_page(addr, 0, NULL);
2078 int page_check_range(target_ulong start, target_ulong len, int flags)
2084 if (start + len < start)
2085 /* we've wrapped around */
2088 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2089 start = start & TARGET_PAGE_MASK;
2091 for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
2092 p = page_find(addr >> TARGET_PAGE_BITS);
2095 if( !(p->flags & PAGE_VALID) )
2098 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
2100 if (flags & PAGE_WRITE) {
2101 if (!(p->flags & PAGE_WRITE_ORG))
2103 /* unprotect the page if it was put read-only because it
2104 contains translated code */
2105 if (!(p->flags & PAGE_WRITE)) {
2106 if (!page_unprotect(addr, 0, NULL))
2115 /* called from signal handler: invalidate the code and unprotect the
2116 page. Return TRUE if the fault was succesfully handled. */
2117 int page_unprotect(target_ulong address, unsigned long pc, void *puc)
2119 unsigned int page_index, prot, pindex;
2121 target_ulong host_start, host_end, addr;
2123 /* Technically this isn't safe inside a signal handler. However we
2124 know this only ever happens in a synchronous SEGV handler, so in
2125 practice it seems to be ok. */
2128 host_start = address & qemu_host_page_mask;
2129 page_index = host_start >> TARGET_PAGE_BITS;
2130 p1 = page_find(page_index);
2135 host_end = host_start + qemu_host_page_size;
2138 for(addr = host_start;addr < host_end; addr += TARGET_PAGE_SIZE) {
2142 /* if the page was really writable, then we change its
2143 protection back to writable */
2144 if (prot & PAGE_WRITE_ORG) {
2145 pindex = (address - host_start) >> TARGET_PAGE_BITS;
2146 if (!(p1[pindex].flags & PAGE_WRITE)) {
2147 mprotect((void *)g2h(host_start), qemu_host_page_size,
2148 (prot & PAGE_BITS) | PAGE_WRITE);
2149 p1[pindex].flags |= PAGE_WRITE;
2150 /* and since the content will be modified, we must invalidate
2151 the corresponding translated code. */
2152 tb_invalidate_phys_page(address, pc, puc);
2153 #ifdef DEBUG_TB_CHECK
2154 tb_invalidate_check(address);
2164 static inline void tlb_set_dirty(CPUState *env,
2165 unsigned long addr, target_ulong vaddr)
2168 #endif /* defined(CONFIG_USER_ONLY) */
2170 #if !defined(CONFIG_USER_ONLY)
2171 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2173 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2174 ram_addr_t orig_memory);
2175 #define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2178 if (addr > start_addr) \
2181 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2182 if (start_addr2 > 0) \
2186 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
2187 end_addr2 = TARGET_PAGE_SIZE - 1; \
2189 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2190 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2195 /* register physical memory. 'size' must be a multiple of the target
2196 page size. If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
2198 void cpu_register_physical_memory(target_phys_addr_t start_addr,
2200 ram_addr_t phys_offset)
2202 target_phys_addr_t addr, end_addr;
2205 ram_addr_t orig_size = size;
2209 /* XXX: should not depend on cpu context */
2211 if (env->kqemu_enabled) {
2212 kqemu_set_phys_mem(start_addr, size, phys_offset);
2215 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
2216 end_addr = start_addr + (target_phys_addr_t)size;
2217 for(addr = start_addr; addr != end_addr; addr += TARGET_PAGE_SIZE) {
2218 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2219 if (p && p->phys_offset != IO_MEM_UNASSIGNED) {
2220 ram_addr_t orig_memory = p->phys_offset;
2221 target_phys_addr_t start_addr2, end_addr2;
2222 int need_subpage = 0;
2224 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2226 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2227 if (!(orig_memory & IO_MEM_SUBPAGE)) {
2228 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2229 &p->phys_offset, orig_memory);
2231 subpage = io_mem_opaque[(orig_memory & ~TARGET_PAGE_MASK)
2234 subpage_register(subpage, start_addr2, end_addr2, phys_offset);
2236 p->phys_offset = phys_offset;
2237 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2238 (phys_offset & IO_MEM_ROMD))
2239 phys_offset += TARGET_PAGE_SIZE;
2242 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2243 p->phys_offset = phys_offset;
2244 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2245 (phys_offset & IO_MEM_ROMD))
2246 phys_offset += TARGET_PAGE_SIZE;
2248 target_phys_addr_t start_addr2, end_addr2;
2249 int need_subpage = 0;
2251 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2252 end_addr2, need_subpage);
2254 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2255 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2256 &p->phys_offset, IO_MEM_UNASSIGNED);
2257 subpage_register(subpage, start_addr2, end_addr2,
2264 /* since each CPU stores ram addresses in its TLB cache, we must
2265 reset the modified entries */
2267 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2272 /* XXX: temporary until new memory mapping API */
2273 ram_addr_t cpu_get_physical_page_desc(target_phys_addr_t addr)
2277 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2279 return IO_MEM_UNASSIGNED;
2280 return p->phys_offset;
2283 /* XXX: better than nothing */
2284 ram_addr_t qemu_ram_alloc(ram_addr_t size)
2287 if ((phys_ram_alloc_offset + size) > phys_ram_size) {
2288 fprintf(stderr, "Not enough memory (requested_size = %" PRIu64 ", max memory = %" PRIu64 ")\n",
2289 (uint64_t)size, (uint64_t)phys_ram_size);
2292 addr = phys_ram_alloc_offset;
2293 phys_ram_alloc_offset = TARGET_PAGE_ALIGN(phys_ram_alloc_offset + size);
2297 void qemu_ram_free(ram_addr_t addr)
2301 static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
2303 #ifdef DEBUG_UNASSIGNED
2304 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2306 #if defined(TARGET_SPARC) || defined(TARGET_CRIS)
2307 do_unassigned_access(addr, 0, 0, 0, 1);
2312 static uint32_t unassigned_mem_readw(void *opaque, target_phys_addr_t addr)
2314 #ifdef DEBUG_UNASSIGNED
2315 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2317 #if defined(TARGET_SPARC) || defined(TARGET_CRIS)
2318 do_unassigned_access(addr, 0, 0, 0, 2);
2323 static uint32_t unassigned_mem_readl(void *opaque, target_phys_addr_t addr)
2325 #ifdef DEBUG_UNASSIGNED
2326 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2328 #if defined(TARGET_SPARC) || defined(TARGET_CRIS)
2329 do_unassigned_access(addr, 0, 0, 0, 4);
2334 static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
2336 #ifdef DEBUG_UNASSIGNED
2337 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2339 #if defined(TARGET_SPARC) || defined(TARGET_CRIS)
2340 do_unassigned_access(addr, 1, 0, 0, 1);
2344 static void unassigned_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
2346 #ifdef DEBUG_UNASSIGNED
2347 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2349 #if defined(TARGET_SPARC) || defined(TARGET_CRIS)
2350 do_unassigned_access(addr, 1, 0, 0, 2);
2354 static void unassigned_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
2356 #ifdef DEBUG_UNASSIGNED
2357 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2359 #if defined(TARGET_SPARC) || defined(TARGET_CRIS)
2360 do_unassigned_access(addr, 1, 0, 0, 4);
2364 static CPUReadMemoryFunc *unassigned_mem_read[3] = {
2365 unassigned_mem_readb,
2366 unassigned_mem_readw,
2367 unassigned_mem_readl,
2370 static CPUWriteMemoryFunc *unassigned_mem_write[3] = {
2371 unassigned_mem_writeb,
2372 unassigned_mem_writew,
2373 unassigned_mem_writel,
2376 static void notdirty_mem_writeb(void *opaque, target_phys_addr_t ram_addr,
2380 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2381 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2382 #if !defined(CONFIG_USER_ONLY)
2383 tb_invalidate_phys_page_fast(ram_addr, 1);
2384 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2387 stb_p(phys_ram_base + ram_addr, val);
2389 if (cpu_single_env->kqemu_enabled &&
2390 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2391 kqemu_modify_page(cpu_single_env, ram_addr);
2393 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2394 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2395 /* we remove the notdirty callback only if the code has been
2397 if (dirty_flags == 0xff)
2398 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2401 static void notdirty_mem_writew(void *opaque, target_phys_addr_t ram_addr,
2405 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2406 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2407 #if !defined(CONFIG_USER_ONLY)
2408 tb_invalidate_phys_page_fast(ram_addr, 2);
2409 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2412 stw_p(phys_ram_base + ram_addr, val);
2414 if (cpu_single_env->kqemu_enabled &&
2415 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2416 kqemu_modify_page(cpu_single_env, ram_addr);
2418 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2419 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2420 /* we remove the notdirty callback only if the code has been
2422 if (dirty_flags == 0xff)
2423 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2426 static void notdirty_mem_writel(void *opaque, target_phys_addr_t ram_addr,
2430 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2431 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2432 #if !defined(CONFIG_USER_ONLY)
2433 tb_invalidate_phys_page_fast(ram_addr, 4);
2434 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2437 stl_p(phys_ram_base + ram_addr, val);
2439 if (cpu_single_env->kqemu_enabled &&
2440 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2441 kqemu_modify_page(cpu_single_env, ram_addr);
2443 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2444 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2445 /* we remove the notdirty callback only if the code has been
2447 if (dirty_flags == 0xff)
2448 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2451 static CPUReadMemoryFunc *error_mem_read[3] = {
2452 NULL, /* never used */
2453 NULL, /* never used */
2454 NULL, /* never used */
2457 static CPUWriteMemoryFunc *notdirty_mem_write[3] = {
2458 notdirty_mem_writeb,
2459 notdirty_mem_writew,
2460 notdirty_mem_writel,
2463 /* Generate a debug exception if a watchpoint has been hit. */
2464 static void check_watchpoint(int offset, int flags)
2466 CPUState *env = cpu_single_env;
2470 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2471 for (i = 0; i < env->nb_watchpoints; i++) {
2472 if (vaddr == env->watchpoint[i].vaddr
2473 && (env->watchpoint[i].type & flags)) {
2474 env->watchpoint_hit = i + 1;
2475 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
2481 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2482 so these check for a hit then pass through to the normal out-of-line
2484 static uint32_t watch_mem_readb(void *opaque, target_phys_addr_t addr)
2486 check_watchpoint(addr & ~TARGET_PAGE_MASK, PAGE_READ);
2487 return ldub_phys(addr);
2490 static uint32_t watch_mem_readw(void *opaque, target_phys_addr_t addr)
2492 check_watchpoint(addr & ~TARGET_PAGE_MASK, PAGE_READ);
2493 return lduw_phys(addr);
2496 static uint32_t watch_mem_readl(void *opaque, target_phys_addr_t addr)
2498 check_watchpoint(addr & ~TARGET_PAGE_MASK, PAGE_READ);
2499 return ldl_phys(addr);
2502 static void watch_mem_writeb(void *opaque, target_phys_addr_t addr,
2505 check_watchpoint(addr & ~TARGET_PAGE_MASK, PAGE_WRITE);
2506 stb_phys(addr, val);
2509 static void watch_mem_writew(void *opaque, target_phys_addr_t addr,
2512 check_watchpoint(addr & ~TARGET_PAGE_MASK, PAGE_WRITE);
2513 stw_phys(addr, val);
2516 static void watch_mem_writel(void *opaque, target_phys_addr_t addr,
2519 check_watchpoint(addr & ~TARGET_PAGE_MASK, PAGE_WRITE);
2520 stl_phys(addr, val);
2523 static CPUReadMemoryFunc *watch_mem_read[3] = {
2529 static CPUWriteMemoryFunc *watch_mem_write[3] = {
2535 static inline uint32_t subpage_readlen (subpage_t *mmio, target_phys_addr_t addr,
2541 idx = SUBPAGE_IDX(addr - mmio->base);
2542 #if defined(DEBUG_SUBPAGE)
2543 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
2544 mmio, len, addr, idx);
2546 ret = (**mmio->mem_read[idx][len])(mmio->opaque[idx][0][len], addr);
2551 static inline void subpage_writelen (subpage_t *mmio, target_phys_addr_t addr,
2552 uint32_t value, unsigned int len)
2556 idx = SUBPAGE_IDX(addr - mmio->base);
2557 #if defined(DEBUG_SUBPAGE)
2558 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d value %08x\n", __func__,
2559 mmio, len, addr, idx, value);
2561 (**mmio->mem_write[idx][len])(mmio->opaque[idx][1][len], addr, value);
2564 static uint32_t subpage_readb (void *opaque, target_phys_addr_t addr)
2566 #if defined(DEBUG_SUBPAGE)
2567 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2570 return subpage_readlen(opaque, addr, 0);
2573 static void subpage_writeb (void *opaque, target_phys_addr_t addr,
2576 #if defined(DEBUG_SUBPAGE)
2577 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2579 subpage_writelen(opaque, addr, value, 0);
2582 static uint32_t subpage_readw (void *opaque, target_phys_addr_t addr)
2584 #if defined(DEBUG_SUBPAGE)
2585 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2588 return subpage_readlen(opaque, addr, 1);
2591 static void subpage_writew (void *opaque, target_phys_addr_t addr,
2594 #if defined(DEBUG_SUBPAGE)
2595 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2597 subpage_writelen(opaque, addr, value, 1);
2600 static uint32_t subpage_readl (void *opaque, target_phys_addr_t addr)
2602 #if defined(DEBUG_SUBPAGE)
2603 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2606 return subpage_readlen(opaque, addr, 2);
2609 static void subpage_writel (void *opaque,
2610 target_phys_addr_t addr, uint32_t value)
2612 #if defined(DEBUG_SUBPAGE)
2613 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2615 subpage_writelen(opaque, addr, value, 2);
2618 static CPUReadMemoryFunc *subpage_read[] = {
2624 static CPUWriteMemoryFunc *subpage_write[] = {
2630 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2636 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2638 idx = SUBPAGE_IDX(start);
2639 eidx = SUBPAGE_IDX(end);
2640 #if defined(DEBUG_SUBPAGE)
2641 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %d\n", __func__,
2642 mmio, start, end, idx, eidx, memory);
2644 memory >>= IO_MEM_SHIFT;
2645 for (; idx <= eidx; idx++) {
2646 for (i = 0; i < 4; i++) {
2647 if (io_mem_read[memory][i]) {
2648 mmio->mem_read[idx][i] = &io_mem_read[memory][i];
2649 mmio->opaque[idx][0][i] = io_mem_opaque[memory];
2651 if (io_mem_write[memory][i]) {
2652 mmio->mem_write[idx][i] = &io_mem_write[memory][i];
2653 mmio->opaque[idx][1][i] = io_mem_opaque[memory];
2661 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2662 ram_addr_t orig_memory)
2667 mmio = qemu_mallocz(sizeof(subpage_t));
2670 subpage_memory = cpu_register_io_memory(0, subpage_read, subpage_write, mmio);
2671 #if defined(DEBUG_SUBPAGE)
2672 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
2673 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
2675 *phys = subpage_memory | IO_MEM_SUBPAGE;
2676 subpage_register(mmio, 0, TARGET_PAGE_SIZE - 1, orig_memory);
2682 static void io_mem_init(void)
2684 cpu_register_io_memory(IO_MEM_ROM >> IO_MEM_SHIFT, error_mem_read, unassigned_mem_write, NULL);
2685 cpu_register_io_memory(IO_MEM_UNASSIGNED >> IO_MEM_SHIFT, unassigned_mem_read, unassigned_mem_write, NULL);
2686 cpu_register_io_memory(IO_MEM_NOTDIRTY >> IO_MEM_SHIFT, error_mem_read, notdirty_mem_write, NULL);
2689 io_mem_watch = cpu_register_io_memory(0, watch_mem_read,
2690 watch_mem_write, NULL);
2691 /* alloc dirty bits array */
2692 phys_ram_dirty = qemu_vmalloc(phys_ram_size >> TARGET_PAGE_BITS);
2693 memset(phys_ram_dirty, 0xff, phys_ram_size >> TARGET_PAGE_BITS);
2696 /* mem_read and mem_write are arrays of functions containing the
2697 function to access byte (index 0), word (index 1) and dword (index
2698 2). Functions can be omitted with a NULL function pointer. The
2699 registered functions may be modified dynamically later.
2700 If io_index is non zero, the corresponding io zone is
2701 modified. If it is zero, a new io zone is allocated. The return
2702 value can be used with cpu_register_physical_memory(). (-1) is
2703 returned if error. */
2704 int cpu_register_io_memory(int io_index,
2705 CPUReadMemoryFunc **mem_read,
2706 CPUWriteMemoryFunc **mem_write,
2709 int i, subwidth = 0;
2711 if (io_index <= 0) {
2712 if (io_mem_nb >= IO_MEM_NB_ENTRIES)
2714 io_index = io_mem_nb++;
2716 if (io_index >= IO_MEM_NB_ENTRIES)
2720 for(i = 0;i < 3; i++) {
2721 if (!mem_read[i] || !mem_write[i])
2722 subwidth = IO_MEM_SUBWIDTH;
2723 io_mem_read[io_index][i] = mem_read[i];
2724 io_mem_write[io_index][i] = mem_write[i];
2726 io_mem_opaque[io_index] = opaque;
2727 return (io_index << IO_MEM_SHIFT) | subwidth;
2730 CPUWriteMemoryFunc **cpu_get_io_memory_write(int io_index)
2732 return io_mem_write[io_index >> IO_MEM_SHIFT];
2735 CPUReadMemoryFunc **cpu_get_io_memory_read(int io_index)
2737 return io_mem_read[io_index >> IO_MEM_SHIFT];
2740 #endif /* !defined(CONFIG_USER_ONLY) */
2742 /* physical memory access (slow version, mainly for debug) */
2743 #if defined(CONFIG_USER_ONLY)
2744 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
2745 int len, int is_write)
2752 page = addr & TARGET_PAGE_MASK;
2753 l = (page + TARGET_PAGE_SIZE) - addr;
2756 flags = page_get_flags(page);
2757 if (!(flags & PAGE_VALID))
2760 if (!(flags & PAGE_WRITE))
2762 /* XXX: this code should not depend on lock_user */
2763 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2764 /* FIXME - should this return an error rather than just fail? */
2767 unlock_user(p, addr, l);
2769 if (!(flags & PAGE_READ))
2771 /* XXX: this code should not depend on lock_user */
2772 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2773 /* FIXME - should this return an error rather than just fail? */
2776 unlock_user(p, addr, 0);
2785 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
2786 int len, int is_write)
2791 target_phys_addr_t page;
2796 page = addr & TARGET_PAGE_MASK;
2797 l = (page + TARGET_PAGE_SIZE) - addr;
2800 p = phys_page_find(page >> TARGET_PAGE_BITS);
2802 pd = IO_MEM_UNASSIGNED;
2804 pd = p->phys_offset;
2808 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
2809 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2810 /* XXX: could force cpu_single_env to NULL to avoid
2812 if (l >= 4 && ((addr & 3) == 0)) {
2813 /* 32 bit write access */
2815 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
2817 } else if (l >= 2 && ((addr & 1) == 0)) {
2818 /* 16 bit write access */
2820 io_mem_write[io_index][1](io_mem_opaque[io_index], addr, val);
2823 /* 8 bit write access */
2825 io_mem_write[io_index][0](io_mem_opaque[io_index], addr, val);
2829 unsigned long addr1;
2830 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
2832 ptr = phys_ram_base + addr1;
2833 memcpy(ptr, buf, l);
2834 if (!cpu_physical_memory_is_dirty(addr1)) {
2835 /* invalidate code */
2836 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
2838 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
2839 (0xff & ~CODE_DIRTY_FLAG);
2843 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
2844 !(pd & IO_MEM_ROMD)) {
2846 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2847 if (l >= 4 && ((addr & 3) == 0)) {
2848 /* 32 bit read access */
2849 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
2852 } else if (l >= 2 && ((addr & 1) == 0)) {
2853 /* 16 bit read access */
2854 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr);
2858 /* 8 bit read access */
2859 val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr);
2865 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
2866 (addr & ~TARGET_PAGE_MASK);
2867 memcpy(buf, ptr, l);
2876 /* used for ROM loading : can write in RAM and ROM */
2877 void cpu_physical_memory_write_rom(target_phys_addr_t addr,
2878 const uint8_t *buf, int len)
2882 target_phys_addr_t page;
2887 page = addr & TARGET_PAGE_MASK;
2888 l = (page + TARGET_PAGE_SIZE) - addr;
2891 p = phys_page_find(page >> TARGET_PAGE_BITS);
2893 pd = IO_MEM_UNASSIGNED;
2895 pd = p->phys_offset;
2898 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM &&
2899 (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM &&
2900 !(pd & IO_MEM_ROMD)) {
2903 unsigned long addr1;
2904 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
2906 ptr = phys_ram_base + addr1;
2907 memcpy(ptr, buf, l);
2916 /* warning: addr must be aligned */
2917 uint32_t ldl_phys(target_phys_addr_t addr)
2925 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2927 pd = IO_MEM_UNASSIGNED;
2929 pd = p->phys_offset;
2932 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
2933 !(pd & IO_MEM_ROMD)) {
2935 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2936 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
2939 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
2940 (addr & ~TARGET_PAGE_MASK);
2946 /* warning: addr must be aligned */
2947 uint64_t ldq_phys(target_phys_addr_t addr)
2955 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2957 pd = IO_MEM_UNASSIGNED;
2959 pd = p->phys_offset;
2962 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
2963 !(pd & IO_MEM_ROMD)) {
2965 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2966 #ifdef TARGET_WORDS_BIGENDIAN
2967 val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32;
2968 val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4);
2970 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
2971 val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32;
2975 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
2976 (addr & ~TARGET_PAGE_MASK);
2983 uint32_t ldub_phys(target_phys_addr_t addr)
2986 cpu_physical_memory_read(addr, &val, 1);
2991 uint32_t lduw_phys(target_phys_addr_t addr)
2994 cpu_physical_memory_read(addr, (uint8_t *)&val, 2);
2995 return tswap16(val);
2998 /* warning: addr must be aligned. The ram page is not masked as dirty
2999 and the code inside is not invalidated. It is useful if the dirty
3000 bits are used to track modified PTEs */
3001 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
3008 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3010 pd = IO_MEM_UNASSIGNED;
3012 pd = p->phys_offset;
3015 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3016 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3017 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3019 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3020 ptr = phys_ram_base + addr1;
3023 if (unlikely(in_migration)) {
3024 if (!cpu_physical_memory_is_dirty(addr1)) {
3025 /* invalidate code */
3026 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3028 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3029 (0xff & ~CODE_DIRTY_FLAG);
3035 void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
3042 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3044 pd = IO_MEM_UNASSIGNED;
3046 pd = p->phys_offset;
3049 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3050 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3051 #ifdef TARGET_WORDS_BIGENDIAN
3052 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val >> 32);
3053 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val);
3055 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3056 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val >> 32);
3059 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
3060 (addr & ~TARGET_PAGE_MASK);
3065 /* warning: addr must be aligned */
3066 void stl_phys(target_phys_addr_t addr, uint32_t val)
3073 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3075 pd = IO_MEM_UNASSIGNED;
3077 pd = p->phys_offset;
3080 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3081 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3082 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3084 unsigned long addr1;
3085 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3087 ptr = phys_ram_base + addr1;
3089 if (!cpu_physical_memory_is_dirty(addr1)) {
3090 /* invalidate code */
3091 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3093 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3094 (0xff & ~CODE_DIRTY_FLAG);
3100 void stb_phys(target_phys_addr_t addr, uint32_t val)
3103 cpu_physical_memory_write(addr, &v, 1);
3107 void stw_phys(target_phys_addr_t addr, uint32_t val)
3109 uint16_t v = tswap16(val);
3110 cpu_physical_memory_write(addr, (const uint8_t *)&v, 2);
3114 void stq_phys(target_phys_addr_t addr, uint64_t val)
3117 cpu_physical_memory_write(addr, (const uint8_t *)&val, 8);
3122 /* virtual memory access for debug */
3123 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3124 uint8_t *buf, int len, int is_write)
3127 target_phys_addr_t phys_addr;
3131 page = addr & TARGET_PAGE_MASK;
3132 phys_addr = cpu_get_phys_page_debug(env, page);
3133 /* if no physical page mapped, return an error */
3134 if (phys_addr == -1)
3136 l = (page + TARGET_PAGE_SIZE) - addr;
3139 cpu_physical_memory_rw(phys_addr + (addr & ~TARGET_PAGE_MASK),
3148 /* in deterministic execution mode, instructions doing device I/Os
3149 must be at the end of the TB */
3150 void cpu_io_recompile(CPUState *env, void *retaddr)
3152 TranslationBlock *tb;
3154 target_ulong pc, cs_base;
3157 tb = tb_find_pc((unsigned long)retaddr);
3159 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
3162 n = env->icount_decr.u16.low + tb->icount;
3163 cpu_restore_state(tb, env, (unsigned long)retaddr, NULL);
3164 /* Calculate how many instructions had been executed before the fault
3166 n = n - env->icount_decr.u16.low;
3167 /* Generate a new TB ending on the I/O insn. */
3169 /* On MIPS and SH, delay slot instructions can only be restarted if
3170 they were already the first instruction in the TB. If this is not
3171 the first instruction in a TB then re-execute the preceding
3173 #if defined(TARGET_MIPS)
3174 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
3175 env->active_tc.PC -= 4;
3176 env->icount_decr.u16.low++;
3177 env->hflags &= ~MIPS_HFLAG_BMASK;
3179 #elif defined(TARGET_SH4)
3180 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
3183 env->icount_decr.u16.low++;
3184 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
3187 /* This should never happen. */
3188 if (n > CF_COUNT_MASK)
3189 cpu_abort(env, "TB too big during recompile");
3191 cflags = n | CF_LAST_IO;
3193 cs_base = tb->cs_base;
3195 tb_phys_invalidate(tb, -1);
3196 /* FIXME: In theory this could raise an exception. In practice
3197 we have already translated the block once so it's probably ok. */
3198 tb_gen_code(env, pc, cs_base, flags, cflags);
3199 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
3200 the first in the TB) then we end up generating a whole new TB and
3201 repeating the fault, which is horribly inefficient.
3202 Better would be to execute just this insn uncached, or generate a
3204 cpu_resume_from_signal(env, NULL);
3207 void dump_exec_info(FILE *f,
3208 int (*cpu_fprintf)(FILE *f, const char *fmt, ...))
3210 int i, target_code_size, max_target_code_size;
3211 int direct_jmp_count, direct_jmp2_count, cross_page;
3212 TranslationBlock *tb;
3214 target_code_size = 0;
3215 max_target_code_size = 0;
3217 direct_jmp_count = 0;
3218 direct_jmp2_count = 0;
3219 for(i = 0; i < nb_tbs; i++) {
3221 target_code_size += tb->size;
3222 if (tb->size > max_target_code_size)
3223 max_target_code_size = tb->size;
3224 if (tb->page_addr[1] != -1)
3226 if (tb->tb_next_offset[0] != 0xffff) {
3228 if (tb->tb_next_offset[1] != 0xffff) {
3229 direct_jmp2_count++;
3233 /* XXX: avoid using doubles ? */
3234 cpu_fprintf(f, "Translation buffer state:\n");
3235 cpu_fprintf(f, "gen code size %ld/%ld\n",
3236 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
3237 cpu_fprintf(f, "TB count %d/%d\n",
3238 nb_tbs, code_gen_max_blocks);
3239 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
3240 nb_tbs ? target_code_size / nb_tbs : 0,
3241 max_target_code_size);
3242 cpu_fprintf(f, "TB avg host size %d bytes (expansion ratio: %0.1f)\n",
3243 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
3244 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
3245 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
3247 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
3248 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
3250 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
3252 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
3253 cpu_fprintf(f, "\nStatistics:\n");
3254 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
3255 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
3256 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
3257 tcg_dump_info(f, cpu_fprintf);
3260 #if !defined(CONFIG_USER_ONLY)
3262 #define MMUSUFFIX _cmmu
3263 #define GETPC() NULL
3264 #define env cpu_single_env
3265 #define SOFTMMU_CODE_ACCESS
3268 #include "softmmu_template.h"
3271 #include "softmmu_template.h"
3274 #include "softmmu_template.h"
3277 #include "softmmu_template.h"
projects / qemu.git / blob