| blob | 3aa5f18d6776f8e8711db2afd53092bfa6e65658 |
1 /*
2 * Host code generation
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #ifdef _WIN32
20 #include <windows.h>
21 #endif
25 #define NO_CPU_IO_DEFS
31 #if defined(CONFIG_USER_ONLY)
33 #if defined(TARGET_X86_64)
35 #endif
36 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
37 #include <sys/param.h>
38 #if __FreeBSD_version >= 700104
39 #define HAVE_KINFO_GETVMMAP
41 #include <sys/proc.h>
42 #include <machine/profile.h>
43 #define _KERNEL
44 #include <sys/user.h>
45 #undef _KERNEL
46 #undef sigqueue
47 #include <libutil.h>
48 #endif
49 #endif
50 #else
52 #endif
64 /* #define DEBUG_TB_INVALIDATE */
65 /* #define DEBUG_TB_FLUSH */
66 /* make various TB consistency checks */
67 /* #define DEBUG_TB_CHECK */
69 #ifdef DEBUG_TB_INVALIDATE
70 #define DEBUG_TB_INVALIDATE_GATE 1
71 #else
72 #define DEBUG_TB_INVALIDATE_GATE 0
73 #endif
75 #ifdef DEBUG_TB_FLUSH
76 #define DEBUG_TB_FLUSH_GATE 1
77 #else
78 #define DEBUG_TB_FLUSH_GATE 0
79 #endif
81 #if !defined(CONFIG_USER_ONLY)
82 /* TB consistency checks only implemented for usermode emulation. */
83 #undef DEBUG_TB_CHECK
84 #endif
86 #ifdef DEBUG_TB_CHECK
87 #define DEBUG_TB_CHECK_GATE 1
88 #else
89 #define DEBUG_TB_CHECK_GATE 0
90 #endif
92 /* Access to the various translations structures need to be serialised via locks
93 * for consistency. This is automatic for SoftMMU based system
94 * emulation due to its single threaded nature. In user-mode emulation
95 * access to the memory related structures are protected with the
96 * mmap_lock.
97 */
98 #ifdef CONFIG_SOFTMMU
99 #define assert_memory_lock() tcg_debug_assert(have_tb_lock)
100 #else
101 #define assert_memory_lock() tcg_debug_assert(have_mmap_lock())
102 #endif
104 #define SMC_BITMAP_USE_THRESHOLD 10
107 /* list of TBs intersecting this ram page */
109 #ifdef CONFIG_SOFTMMU
110 /* in order to optimize self modifying code, we count the number
111 of lookups we do to a given page to use a bitmap */
114 #else
116 #endif
119 /* In system mode we want L1_MAP to be based on ram offsets,
120 while in user mode we want it to be based on virtual addresses. */
121 #if !defined(CONFIG_USER_ONLY)
122 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
123 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
124 #else
125 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
126 #endif
127 #else
128 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
129 #endif
131 /* Size of the L2 (and L3, etc) page tables. */
132 #define V_L2_BITS 10
133 #define V_L2_SIZE (1 << V_L2_BITS)
135 /* Make sure all possible CPU event bits fit in tb->trace_vcpu_dstate */
140 /*
141 * L1 Mapping properties
142 */
147 /* The bottom level has pointers to PageDesc, and is indexed by
148 * anything from 4 to (V_L2_BITS + 3) bits, depending on target page size.
149 */
150 #define V_L1_MIN_BITS 4
151 #define V_L1_MAX_BITS (V_L2_BITS + 3)
152 #define V_L1_MAX_SIZE (1 << V_L1_MAX_BITS)
156 /* code generation context */
157 TCGContext tcg_init_ctx;
159 TBContext tb_ctx;
162 /* translation block context */
166 {
170 /* The bits remaining after N lower levels of page tables. */
174 }
183 }
185 #define assert_tb_locked() tcg_debug_assert(have_tb_lock)
186 #define assert_tb_unlocked() tcg_debug_assert(!have_tb_lock)
189 {
192 have_tb_lock++;
193 }
196 {
198 have_tb_lock--;
200 }
203 {
207 }
208 }
213 {
215 }
217 /* Encode VAL as a signed leb128 sequence at P.
218 Return P incremented past the encoded value. */
220 {
230 }
235 }
237 /* Decode a signed leb128 sequence at *PP; increment *PP past the
238 decoded value. Return the decoded value. */
240 {
252 }
256 }
258 /* Encode the data collected about the instructions while compiling TB.
259 Place the data at BLOCK, and return the number of bytes consumed.
261 The logical table consisits of TARGET_INSN_START_WORDS target_ulong's,
262 which come from the target's insn_start data, followed by a uintptr_t
263 which comes from the host pc of the end of the code implementing the insn.
265 Each line of the table is encoded as sleb128 deltas from the previous
266 line. The seed for the first line is { tb->pc, 0..., tb->tc.ptr }.
267 That is, the first column is seeded with the guest pc, the last column
268 with the host pc, and the middle columns with zeros. */
271 {
277 target_ulong prev;
284 }
286 }
290 /* Test for (pending) buffer overflow. The assumption is that any
291 one row beginning below the high water mark cannot overrun
292 the buffer completely. Thus we can test for overflow after
293 encoding a row without having to check during encoding. */
296 }
297 }
300 }
302 /* The cpu state corresponding to 'searched_pc' is restored.
303 * Called with tb_lock held.
304 */
307 {
313 #ifdef CONFIG_PROFILER
316 #endif
322 }
324 /* Reconstruct the stored insn data while looking for the point at
325 which the end of the insn exceeds the searched_pc. */
329 }
333 }
334 }
337 found:
340 /* Reset the cycle counter to the start of the block. */
342 /* Clear the IO flag. */
344 }
348 #ifdef CONFIG_PROFILER
352 #endif
354 }
357 {
361 /* A retaddr of zero is invalid so we really shouldn't have ended
362 * up here. The target code has likely forgotten to check retaddr
363 * != 0 before attempting to restore state. We return early to
364 * avoid blowing up on a recursive tb_lock(). The target must have
365 * previously survived a failed cpu_restore_state because
366 * tb_find_pc(0) would have failed anyway. It still should be
367 * fixed though.
368 */
372 }
379 /* one-shot translation, invalidate it immediately */
382 }
384 }
388 }
391 {
395 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
396 {
397 #ifdef HAVE_KINFO_GETVMMAP
416 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
419 #endif
420 }
421 }
422 }
425 }
426 #else
448 }
450 }
455 }
456 #endif
457 }
458 #endif
459 }
461 /* If alloc=1:
462 * Called with tb_lock held for system emulation.
463 * Called with mmap_lock held for user-mode emulation.
464 */
466 {
473 }
475 /* Level 1. Always allocated. */
478 /* Level 2..N-1. */
485 }
488 }
491 }
497 }
500 }
503 }
506 {
508 }
510 #if defined(CONFIG_USER_ONLY)
511 /* Currently it is not recommended to allocate big chunks of data in
512 user mode. It will change when a dedicated libc will be used. */
513 /* ??? 64-bit hosts ought to have no problem mmaping data outside the
514 region in which the guest needs to run. Revisit this. */
515 #define USE_STATIC_CODE_GEN_BUFFER
516 #endif
518 /* Minimum size of the code gen buffer. This number is randomly chosen,
519 but not so small that we can't have a fair number of TB's live. */
520 #define MIN_CODE_GEN_BUFFER_SIZE (1024u * 1024)
522 /* Maximum size of the code gen buffer we'd like to use. Unless otherwise
523 indicated, this is constrained by the range of direct branches on the
524 host cpu, as used by the TCG implementation of goto_tb. */
525 #if defined(__x86_64__)
526 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
527 #elif defined(__sparc__)
528 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
529 #elif defined(__powerpc64__)
530 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
531 #elif defined(__powerpc__)
532 # define MAX_CODE_GEN_BUFFER_SIZE (32u * 1024 * 1024)
533 #elif defined(__aarch64__)
534 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
535 #elif defined(__s390x__)
536 /* We have a +- 4GB range on the branches; leave some slop. */
537 # define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024)
538 #elif defined(__mips__)
539 /* We have a 256MB branch region, but leave room to make sure the
540 main executable is also within that region. */
541 # define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024)
542 #else
543 # define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
544 #endif
546 #define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)
548 #define DEFAULT_CODE_GEN_BUFFER_SIZE \
549 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
550 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)
553 {
554 /* Size the buffer. */
556 #ifdef USE_STATIC_CODE_GEN_BUFFER
558 #else
559 /* ??? Needs adjustments. */
560 /* ??? If we relax the requirement that CONFIG_USER_ONLY use the
561 static buffer, we could size this on RESERVED_VA, on the text
562 segment size of the executable, or continue to use the default. */
564 #endif
565 }
568 }
571 }
573 }
575 #ifdef __mips__
576 /* In order to use J and JAL within the code_gen_buffer, we require
577 that the buffer not cross a 256MB boundary. */
579 {
581 }
583 /* We weren't able to allocate a buffer without crossing that boundary,
584 so make do with the larger portion of the buffer that doesn't cross.
585 Returns the new base of the buffer, and adjusts code_gen_buffer_size. */
587 {
595 }
599 }
600 #endif
602 #ifdef USE_STATIC_CODE_GEN_BUFFER
607 {
612 /* page-align the beginning and end of the buffer */
618 /* Honor a command-line option limiting the size of the buffer. */
621 qemu_real_host_page_size);
622 }
625 #ifdef __mips__
629 }
630 #endif
634 }
638 }
639 #elif defined(_WIN32)
641 {
646 PAGE_EXECUTE_READWRITE);
648 }
649 #else
651 {
658 /* Constrain the position of the buffer based on the host cpu.
659 Note that these addresses are chosen in concert with the
660 addresses assigned in the relevant linker script file. */
661 # if defined(__PIE__) || defined(__PIC__)
662 /* Don't bother setting a preferred location if we're building
663 a position-independent executable. We're more likely to get
664 an address near the main executable if we let the kernel
665 choose the address. */
666 # elif defined(__x86_64__) && defined(MAP_32BIT)
667 /* Force the memory down into low memory with the executable.
668 Leave the choice of exact location with the kernel. */
670 /* Cannot expect to map more than 800MB in low memory. */
673 }
674 # elif defined(__sparc__)
676 # elif defined(__s390x__)
678 # elif defined(__mips__)
679 # if _MIPS_SIM == _ABI64
681 # else
683 # endif
684 # endif
689 }
691 #ifdef __mips__
693 /* Try again, with the original still mapped, to avoid re-acquiring
694 that 256mb crossing. This time don't specify an address. */
700 /* Success! Use the new buffer. */
703 }
704 /* Failure. Work with what we had. */
706 /* fallthru */
708 /* Split the original buffer. Free the smaller half. */
715 }
718 }
720 }
721 #endif
723 /* Request large pages for the buffer. */
727 }
730 /* compare a pointer @ptr and a tb_tc @s */
732 {
737 }
739 }
742 {
746 /*
747 * When both sizes are set, we know this isn't a lookup.
748 * This is the most likely case: every TB must be inserted; lookups
749 * are a lot less frequent.
750 */
756 }
757 /* a->ptr == b->ptr should happen only on deletions */
760 }
761 /*
762 * All lookups have either .size field set to 0.
763 * From the glib sources we see that @ap is always the lookup key. However
764 * the docs provide no guarantee, so we just mark this case as likely.
765 */
768 }
770 }
773 {
779 }
782 }
785 {
789 }
791 /* Must be called before using the QEMU cpus. 'tb_size' is the size
792 (in bytes) allocated to the translation buffer. Zero means default
793 size. */
795 {
801 #if defined(CONFIG_SOFTMMU)
802 /* There's no guest base to take into account, so go ahead and
803 initialize the prologue now. */
805 #endif
806 }
808 /*
809 * Allocate a new translation block. Flush the translation buffer if
810 * too many translation blocks or too much generated code.
811 *
812 * Called with tb_lock held.
813 */
815 {
823 }
825 }
827 /* Called with tb_lock held. */
829 {
833 }
836 {
837 #ifdef CONFIG_SOFTMMU
841 #endif
842 }
844 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
846 {
851 }
858 }
864 }
865 }
866 }
869 {
874 }
875 }
878 {
884 }
886 /* flush all the translation blocks */
888 {
891 /* If it is already been done on request of another CPU,
892 * just retry.
893 */
896 }
905 }
909 }
911 /* Increment the refcount first so that destroy acts as a reset */
919 /* XXX: flush processor icache at this point if cache flush is
920 expensive */
923 done:
925 }
928 {
933 }
934 }
936 /*
937 * Formerly ifdef DEBUG_TB_CHECK. These debug functions are user-mode-only,
938 * so in order to prevent bit rot we compile them unconditionally in user-mode,
939 * and let the optimizer get rid of them by wrapping their user-only callers
940 * with if (DEBUG_TB_CHECK_GATE).
941 */
942 #ifdef CONFIG_USER_ONLY
944 static void
946 {
953 }
954 }
956 /* verify that all the pages have correct rights for code
957 *
958 * Called with tb_lock held.
959 */
961 {
964 }
966 static void
968 {
977 }
978 }
980 /* verify that all the pages have correct rights for code */
982 {
984 }
989 {
1000 }
1002 }
1003 }
1005 /* remove the TB from a list of TBs jumping to the n-th jump target of the TB */
1007 {
1014 /* find tb(n) in circular list */
1021 }
1026 }
1027 }
1028 /* now we can suppress tb(n) from the list */
1032 }
1033 }
1035 /* reset the jump entry 'n' of a TB so that it is not chained to
1036 another TB */
1038 {
1041 }
1043 /* remove any jumps to the TB */
1045 {
1057 }
1061 }
1062 }
1064 /* invalidate one TB
1065 *
1066 * Called with tb_lock held.
1067 */
1069 {
1073 tb_page_addr_t phys_pc;
1079 /* remove the TB from the hash list */
1085 }
1087 /* remove the TB from the page list */
1092 }
1097 }
1099 /* remove the TB from the hash list */
1104 }
1105 }
1107 /* suppress this TB from the two jump lists */
1111 /* suppress any remaining jumps to this TB */
1115 }
1117 #ifdef CONFIG_SOFTMMU
1119 {
1129 /* NOTE: this is subtle as a TB may span two physical pages */
1131 /* NOTE: tb_end may be after the end of the page, but
1132 it is not a problem */
1137 }
1141 }
1144 }
1145 }
1146 #endif
1148 /* add the tb in the target page and protect it if necessary
1149 *
1150 * Called with mmap_lock held for user-mode emulation.
1151 */
1154 {
1156 #ifndef CONFIG_USER_ONLY
1158 #endif
1165 #ifndef CONFIG_USER_ONLY
1167 #endif
1171 #if defined(CONFIG_USER_ONLY)
1173 target_ulong addr;
1177 /* force the host page as non writable (writes will have a
1178 page fault + mprotect overhead) */
1187 }
1190 }
1195 }
1196 }
1197 #else
1198 /* if some code is already present, then the pages are already
1199 protected. So we handle the case where only the first TB is
1200 allocated in a physical page */
1203 }
1204 #endif
1205 }
1207 /* add a new TB and link it to the physical page tables. phys_page2 is
1208 * (-1) to indicate that only one page contains the TB.
1209 *
1210 * Called with mmap_lock held for user-mode emulation.
1211 */
1213 tb_page_addr_t phys_page2)
1214 {
1219 /* add in the page list */
1225 }
1227 /* add in the hash table */
1232 #ifdef CONFIG_USER_ONLY
1235 }
1236 #endif
1237 }
1239 /* Called with mmap_lock held for user mode emulation. */
1243 {
1247 target_ulong virt_page2;
1250 #ifdef CONFIG_PROFILER
1253 #endif
1258 buffer_overflow:
1261 /* flush must be done */
1264 /* Make the execution loop process the flush as soon as possible. */
1267 }
1278 #ifdef CONFIG_PROFILER
1279 /* includes aborted translations because of exceptions */
1282 #endif
1292 /* generate machine code */
1302 }
1304 #ifdef CONFIG_PROFILER
1308 #endif
1310 /* ??? Overflow could be handled better here. In particular, we
1311 don't need to re-do gen_intermediate_code, nor should we re-do
1312 the tcg optimization currently hidden inside tcg_gen_code. All
1313 that should be required is to flush the TBs, allocate a new TB,
1314 re-initialize it per above, and re-do the actual code generation. */
1318 }
1322 }
1325 #ifdef CONFIG_PROFILER
1330 #endif
1332 #ifdef DEBUG_DISAS
1353 }
1354 }
1357 }
1361 }
1362 #endif
1366 CODE_GEN_ALIGN));
1368 #if defined(CONFIG_USER_ONLY) && defined(TARGET_X86_64)
1369 /* if we are doing vsyscall don't link the page as it lies in high memory
1370 and tb_alloc_page will abort due to page_l1_map returning NULL */
1374 #endif
1376 /* init jump list */
1382 /* init original jump addresses wich has been set during tcg_gen_code() */
1385 }
1388 }
1390 /* check next page if needed */
1395 }
1396 /* As long as consistency of the TB stuff is provided by tb_lock in user
1397 * mode and is implicit in single-threaded softmmu emulation, no explicit
1398 * memory barrier is required before tb_link_page() makes the TB visible
1399 * through the physical hash table and physical page list.
1400 */
1404 }
1406 /*
1407 * Invalidate all TBs which intersect with the target physical address range
1408 * [start;end[. NOTE: start and end may refer to *different* physical pages.
1409 * 'is_cpu_write_access' should be true if called from a real cpu write
1410 * access: the virtual CPU will exit the current TB if code is modified inside
1411 * this TB.
1412 *
1413 * Called with mmap_lock held for user-mode emulation, grabs tb_lock
1414 * Called with tb_lock held for system-mode emulation
1415 */
1417 {
1422 }
1423 }
1425 #ifdef CONFIG_SOFTMMU
1427 {
1430 }
1431 #else
1433 {
1438 }
1439 #endif
1440 /*
1441 * Invalidate all TBs which intersect with the target physical address range
1442 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1443 * 'is_cpu_write_access' should be true if called from a real cpu write
1444 * access: the virtual CPU will exit the current TB if code is modified inside
1445 * this TB.
1446 *
1447 * Called with tb_lock/mmap_lock held for user-mode emulation
1448 * Called with tb_lock held for system-mode emulation
1449 */
1452 {
1457 #ifdef TARGET_HAS_PRECISE_SMC
1474 }
1475 #if defined(TARGET_HAS_PRECISE_SMC)
1478 }
1479 #endif
1481 /* we remove all the TBs in the range [start, end[ */
1482 /* XXX: see if in some cases it could be faster to invalidate all
1483 the code */
1489 /* NOTE: this is subtle as a TB may span two physical pages */
1491 /* NOTE: tb_end may be after the end of the page, but
1492 it is not a problem */
1498 }
1500 #ifdef TARGET_HAS_PRECISE_SMC
1505 /* now we have a real cpu fault */
1507 }
1508 }
1511 /* If we are modifying the current TB, we must stop
1512 its execution. We could be more precise by checking
1513 that the modification is after the current PC, but it
1514 would require a specialized function to partially
1515 restore the CPU state */
1521 }
1524 }
1526 }
1527 #if !defined(CONFIG_USER_ONLY)
1528 /* if no code remaining, no need to continue to use slow writes */
1532 }
1533 #endif
1534 #ifdef TARGET_HAS_PRECISE_SMC
1536 /* Force execution of one insn next time. */
1539 }
1540 #endif
1541 }
1543 #ifdef CONFIG_SOFTMMU
1544 /* len must be <= 8 and start must be a multiple of len.
1545 * Called via softmmu_template.h when code areas are written to with
1546 * iothread mutex not held.
1547 */
1549 {
1552 #if 0
1559 }
1560 #endif
1566 }
1569 /* build code bitmap. FIXME: writes should be protected by
1570 * tb_lock, reads by tb_lock or RCU.
1571 */
1573 }
1582 }
1584 do_invalidate:
1586 }
1587 }
1588 #else
1589 /* Called with mmap_lock held. If pc is not 0 then it indicates the
1590 * host PC of the faulting store instruction that caused this invalidate.
1591 * Returns true if the caller needs to abort execution of the current
1592 * TB (because it was modified by this store and the guest CPU has
1593 * precise-SMC semantics).
1594 */
1596 {
1600 #ifdef TARGET_HAS_PRECISE_SMC
1608 #endif
1616 }
1620 #ifdef TARGET_HAS_PRECISE_SMC
1623 }
1626 }
1627 #endif
1631 #ifdef TARGET_HAS_PRECISE_SMC
1634 /* If we are modifying the current TB, we must stop
1635 its execution. We could be more precise by checking
1636 that the modification is after the current PC, but it
1637 would require a specialized function to partially
1638 restore the CPU state */
1644 }
1648 }
1650 #ifdef TARGET_HAS_PRECISE_SMC
1652 /* Force execution of one insn next time. */
1654 /* tb_lock will be reset after cpu_loop_exit_noexc longjmps
1655 * back into the cpu_exec loop. */
1657 }
1658 #endif
1662 }
1663 #endif
1665 /*
1666 * Find the TB 'tb' such that
1667 * tb->tc.ptr <= tc_ptr < tb->tc.ptr + tb->tc.size
1668 * Return NULL if not found.
1669 */
1671 {
1675 }
1677 #if !defined(CONFIG_USER_ONLY)
1679 {
1680 ram_addr_t ram_addr;
1690 }
1696 }
1699 /* Called with tb_lock held. */
1701 {
1706 /* We can use retranslation to find the PC. */
1710 /* The exception probably happened in a helper. The CPU state should
1711 have been saved before calling it. Fetch the PC from there. */
1714 tb_page_addr_t addr;
1720 }
1721 }
1723 #ifndef CONFIG_USER_ONLY
1724 /* in deterministic execution mode, instructions doing device I/Os
1725 * must be at the end of the TB.
1726 *
1727 * Called by softmmu_template.h, with iothread mutex not held.
1728 */
1730 {
1731 #if defined(TARGET_MIPS) || defined(TARGET_SH4)
1733 #endif
1742 }
1745 /* Calculate how many instructions had been executed before the fault
1746 occurred. */
1748 /* Generate a new TB ending on the I/O insn. */
1749 n++;
1750 /* On MIPS and SH, delay slot instructions can only be restarted if
1751 they were already the first instruction in the TB. If this is not
1752 the first instruction in a TB then re-execute the preceding
1753 branch. */
1754 #if defined(TARGET_MIPS)
1759 }
1760 #elif defined(TARGET_SH4)
1766 }
1767 #endif
1768 /* This should never happen. */
1771 }
1773 /* Adjust the execution state of the next TB. */
1778 /* Invalidate original TB if this TB was generated in
1779 * cpu_exec_nocache() */
1781 }
1783 }
1785 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
1786 * the first in the TB) then we end up generating a whole new TB and
1787 * repeating the fault, which is horribly inefficient.
1788 * Better would be to execute just this insn uncached, or generate a
1789 * second new TB.
1790 *
1791 * cpu_loop_exit_noexc will longjmp back to cpu_exec where the
1792 * tb_lock gets reset.
1793 */
1795 }
1798 {
1803 }
1804 }
1807 {
1808 /* Discard jump cache entries for any tb which might potentially
1809 overlap the flushed page. */
1812 }
1816 {
1823 }
1832 }
1845 }
1850 }
1859 };
1862 {
1870 }
1873 }
1878 }
1879 }
1881 }
1884 {
1893 /* XXX: avoid using doubles ? */
1895 /*
1896 * Report total code size including the padding and TB structs;
1897 * otherwise users might think "-tb-size" is not honoured.
1898 * For avg host size we use the precise numbers from tb_tree_stats though.
1899 */
1929 }
1932 {
1934 }
1939 {
1943 }
1945 /*
1946 * Walks guest process memory "regions" one by one
1947 * and calls callback function 'fn' for each region.
1948 */
1950 walk_memory_regions_fn fn;
1952 target_ulong start;
1954 };
1958 {
1963 }
1964 }
1970 }
1974 {
1975 target_ulong pa;
1980 }
1993 }
1994 }
1995 }
2005 }
2006 }
2007 }
2010 }
2013 {
2027 }
2028 }
2031 }
2035 {
2046 }
2048 /* dump memory mappings */
2050 {
2055 }
2058 {
2064 }
2066 }
2068 /* Modify the flags of a page and invalidate the code if necessary.
2069 The flag PAGE_WRITE_ORG is positioned automatically depending
2070 on PAGE_WRITE. The mmap_lock should already be held. */
2072 {
2075 /* This function should never be called with addresses outside the
2076 guest address space. If this assert fires, it probably indicates
2077 a missing call to h2g_valid. */
2078 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2080 #endif
2089 }
2096 /* If the write protection bit is set, then we invalidate
2097 the code inside. */
2102 }
2104 }
2105 }
2108 {
2110 target_ulong end;
2111 target_ulong addr;
2113 /* This function should never be called with addresses outside the
2114 guest address space. If this assert fires, it probably indicates
2115 a missing call to h2g_valid. */
2116 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2118 #endif
2122 }
2124 /* We've wrapped around. */
2126 }
2128 /* must do before we loose bits in the next step */
2138 }
2141 }
2145 }
2149 }
2150 /* unprotect the page if it was put read-only because it
2151 contains translated code */
2155 }
2156 }
2157 }
2158 }
2160 }
2162 /* called from signal handler: invalidate the code and unprotect the
2163 * page. Return 0 if the fault was not handled, 1 if it was handled,
2164 * and 2 if it was handled but the caller must cause the TB to be
2165 * immediately exited. (We can only return 2 if the 'pc' argument is
2166 * non-zero.)
2167 */
2169 {
2175 /* Technically this isn't safe inside a signal handler. However we
2176 know this only ever happens in a synchronous SEGV handler, so in
2177 practice it seems to be ok. */
2184 }
2186 /* if the page was really writable, then we change its
2187 protection back to writable */
2199 /* and since the content will be modified, we must invalidate
2200 the corresponding translated code. */
2202 #ifdef CONFIG_USER_ONLY
2205 }
2206 #endif
2207 }
2212 /* If current TB was invalidated return to main loop */
2214 }
2217 }
2220 /* This is a wrapper for common code that can not use CONFIG_SOFTMMU */
2222 {
2223 #ifdef CONFIG_SOFTMMU
2225 #endif
2226 }