| blob | a867579be348e6b4a9b7f230781fd1df7515bd31 |
1 /*
2 * Host code generation
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #ifdef _WIN32
20 #include <windows.h>
21 #endif
25 #define NO_CPU_IO_DEFS
31 #if defined(CONFIG_USER_ONLY)
33 #if defined(TARGET_X86_64)
35 #endif
36 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
37 #include <sys/param.h>
38 #if __FreeBSD_version >= 700104
39 #define HAVE_KINFO_GETVMMAP
41 #include <sys/proc.h>
42 #include <machine/profile.h>
43 #define _KERNEL
44 #include <sys/user.h>
45 #undef _KERNEL
46 #undef sigqueue
47 #include <libutil.h>
48 #endif
49 #endif
50 #else
52 #endif
63 /* #define DEBUG_TB_INVALIDATE */
64 /* #define DEBUG_TB_FLUSH */
65 /* make various TB consistency checks */
66 /* #define DEBUG_TB_CHECK */
68 #if !defined(CONFIG_USER_ONLY)
69 /* TB consistency checks only implemented for usermode emulation. */
70 #undef DEBUG_TB_CHECK
71 #endif
73 /* Access to the various translations structures need to be serialised via locks
74 * for consistency. This is automatic for SoftMMU based system
75 * emulation due to its single threaded nature. In user-mode emulation
76 * access to the memory related structures are protected with the
77 * mmap_lock.
78 */
79 #ifdef CONFIG_SOFTMMU
80 #define assert_memory_lock() tcg_debug_assert(have_tb_lock)
81 #else
82 #define assert_memory_lock() tcg_debug_assert(have_mmap_lock())
83 #endif
85 #define SMC_BITMAP_USE_THRESHOLD 10
88 /* list of TBs intersecting this ram page */
90 #ifdef CONFIG_SOFTMMU
91 /* in order to optimize self modifying code, we count the number
92 of lookups we do to a given page to use a bitmap */
95 #else
97 #endif
100 /* In system mode we want L1_MAP to be based on ram offsets,
101 while in user mode we want it to be based on virtual addresses. */
102 #if !defined(CONFIG_USER_ONLY)
103 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
104 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
105 #else
106 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
107 #endif
108 #else
109 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
110 #endif
112 /* Size of the L2 (and L3, etc) page tables. */
113 #define V_L2_BITS 10
114 #define V_L2_SIZE (1 << V_L2_BITS)
119 /*
120 * L1 Mapping properties
121 */
126 /* The bottom level has pointers to PageDesc, and is indexed by
127 * anything from 4 to (V_L2_BITS + 3) bits, depending on target page size.
128 */
129 #define V_L1_MIN_BITS 4
130 #define V_L1_MAX_BITS (V_L2_BITS + 3)
131 #define V_L1_MAX_SIZE (1 << V_L1_MAX_BITS)
135 /* code generation context */
136 TCGContext tcg_ctx;
139 /* translation block context */
143 {
147 /* The bits remaining after N lower levels of page tables. */
151 }
160 }
162 #define assert_tb_locked() tcg_debug_assert(have_tb_lock)
163 #define assert_tb_unlocked() tcg_debug_assert(!have_tb_lock)
166 {
169 have_tb_lock++;
170 }
173 {
175 have_tb_lock--;
177 }
180 {
184 }
185 }
190 {
192 }
194 /* Encode VAL as a signed leb128 sequence at P.
195 Return P incremented past the encoded value. */
197 {
207 }
212 }
214 /* Decode a signed leb128 sequence at *PP; increment *PP past the
215 decoded value. Return the decoded value. */
217 {
229 }
233 }
235 /* Encode the data collected about the instructions while compiling TB.
236 Place the data at BLOCK, and return the number of bytes consumed.
238 The logical table consisits of TARGET_INSN_START_WORDS target_ulong's,
239 which come from the target's insn_start data, followed by a uintptr_t
240 which comes from the host pc of the end of the code implementing the insn.
242 Each line of the table is encoded as sleb128 deltas from the previous
243 line. The seed for the first line is { tb->pc, 0..., tb->tc_ptr }.
244 That is, the first column is seeded with the guest pc, the last column
245 with the host pc, and the middle columns with zeros. */
248 {
256 target_ulong prev;
263 }
265 }
269 /* Test for (pending) buffer overflow. The assumption is that any
270 one row beginning below the high water mark cannot overrun
271 the buffer completely. Thus we can test for overflow after
272 encoding a row without having to check during encoding. */
275 }
276 }
279 }
281 /* The cpu state corresponding to 'searched_pc' is restored.
282 * Called with tb_lock held.
283 */
286 {
292 #ifdef CONFIG_PROFILER
294 #endif
300 }
302 /* Reconstruct the stored insn data while looking for the point at
303 which the end of the insn exceeds the searched_pc. */
307 }
311 }
312 }
315 found:
318 /* Reset the cycle counter to the start of the block. */
320 /* Clear the IO flag. */
322 }
326 #ifdef CONFIG_PROFILER
329 #endif
331 }
334 {
338 /* A retaddr of zero is invalid so we really shouldn't have ended
339 * up here. The target code has likely forgotten to check retaddr
340 * != 0 before attempting to restore state. We return early to
341 * avoid blowing up on a recursive tb_lock(). The target must have
342 * previously survived a failed cpu_restore_state because
343 * tb_find_pc(0) would have failed anyway. It still should be
344 * fixed though.
345 */
349 }
356 /* one-shot translation, invalidate it immediately */
359 }
361 }
365 }
368 {
369 /* NOTE: we can always suppose that qemu_host_page_size >=
370 TARGET_PAGE_SIZE */
375 }
378 }
380 }
383 {
387 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
388 {
389 #ifdef HAVE_KINFO_GETVMMAP
408 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
411 #endif
412 }
413 }
414 }
417 }
418 #else
440 }
442 }
447 }
448 #endif
449 }
450 #endif
451 }
453 /* If alloc=1:
454 * Called with tb_lock held for system emulation.
455 * Called with mmap_lock held for user-mode emulation.
456 */
458 {
465 }
467 /* Level 1. Always allocated. */
470 /* Level 2..N-1. */
477 }
480 }
483 }
489 }
492 }
495 }
498 {
500 }
502 #if defined(CONFIG_USER_ONLY)
503 /* Currently it is not recommended to allocate big chunks of data in
504 user mode. It will change when a dedicated libc will be used. */
505 /* ??? 64-bit hosts ought to have no problem mmaping data outside the
506 region in which the guest needs to run. Revisit this. */
507 #define USE_STATIC_CODE_GEN_BUFFER
508 #endif
510 /* Minimum size of the code gen buffer. This number is randomly chosen,
511 but not so small that we can't have a fair number of TB's live. */
512 #define MIN_CODE_GEN_BUFFER_SIZE (1024u * 1024)
514 /* Maximum size of the code gen buffer we'd like to use. Unless otherwise
515 indicated, this is constrained by the range of direct branches on the
516 host cpu, as used by the TCG implementation of goto_tb. */
517 #if defined(__x86_64__)
518 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
519 #elif defined(__sparc__)
520 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
521 #elif defined(__powerpc64__)
522 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
523 #elif defined(__powerpc__)
524 # define MAX_CODE_GEN_BUFFER_SIZE (32u * 1024 * 1024)
525 #elif defined(__aarch64__)
526 # define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024)
527 #elif defined(__s390x__)
528 /* We have a +- 4GB range on the branches; leave some slop. */
529 # define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024)
530 #elif defined(__mips__)
531 /* We have a 256MB branch region, but leave room to make sure the
532 main executable is also within that region. */
533 # define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024)
534 #else
535 # define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
536 #endif
538 #define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)
540 #define DEFAULT_CODE_GEN_BUFFER_SIZE \
541 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
542 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)
545 {
546 /* Size the buffer. */
548 #ifdef USE_STATIC_CODE_GEN_BUFFER
550 #else
551 /* ??? Needs adjustments. */
552 /* ??? If we relax the requirement that CONFIG_USER_ONLY use the
553 static buffer, we could size this on RESERVED_VA, on the text
554 segment size of the executable, or continue to use the default. */
556 #endif
557 }
560 }
563 }
565 }
567 #ifdef __mips__
568 /* In order to use J and JAL within the code_gen_buffer, we require
569 that the buffer not cross a 256MB boundary. */
571 {
573 }
575 /* We weren't able to allocate a buffer without crossing that boundary,
576 so make do with the larger portion of the buffer that doesn't cross.
577 Returns the new base of the buffer, and adjusts code_gen_buffer_size. */
579 {
587 }
591 }
592 #endif
594 #ifdef USE_STATIC_CODE_GEN_BUFFER
598 # ifdef _WIN32
600 {
601 DWORD old_protect;
603 }
606 {
608 }
611 {
613 }
614 # else
616 {
626 }
629 {
631 }
634 {
636 }
640 {
644 /* The size of the buffer, rounded down to end on a page boundary. */
648 /* Reserve a guard page. */
651 /* Honor a command-line option limiting the size of the buffer. */
655 }
658 #ifdef __mips__
662 }
663 #endif
670 }
671 #elif defined(_WIN32)
673 {
677 /* Perform the allocation in two steps, so that the guard page
678 is reserved but uncommitted. */
684 }
687 }
688 #else
690 {
696 /* Constrain the position of the buffer based on the host cpu.
697 Note that these addresses are chosen in concert with the
698 addresses assigned in the relevant linker script file. */
699 # if defined(__PIE__) || defined(__PIC__)
700 /* Don't bother setting a preferred location if we're building
701 a position-independent executable. We're more likely to get
702 an address near the main executable if we let the kernel
703 choose the address. */
704 # elif defined(__x86_64__) && defined(MAP_32BIT)
705 /* Force the memory down into low memory with the executable.
706 Leave the choice of exact location with the kernel. */
708 /* Cannot expect to map more than 800MB in low memory. */
711 }
712 # elif defined(__sparc__)
714 # elif defined(__s390x__)
716 # elif defined(__mips__)
717 # if _MIPS_SIM == _ABI64
719 # else
721 # endif
722 # endif
728 }
730 #ifdef __mips__
732 /* Try again, with the original still mapped, to avoid re-acquiring
733 that 256mb crossing. This time don't specify an address. */
740 /* Success! Use the new buffer. */
743 }
744 /* Failure. Work with what we had. */
746 /* fallthru */
748 /* Split the original buffer. Free the smaller half. */
755 }
758 }
760 }
761 #endif
763 /* Make the final buffer accessible. The guard page at the end
764 will remain inaccessible with PROT_NONE. */
767 /* Request large pages for the buffer. */
771 }
775 {
781 }
783 /* size this conservatively -- realloc later if needed */
788 }
792 }
795 {
799 }
801 /* Must be called before using the QEMU cpus. 'tb_size' is the size
802 (in bytes) allocated to the translation buffer. Zero means default
803 size. */
805 {
810 #if defined(CONFIG_SOFTMMU)
811 /* There's no guest base to take into account, so go ahead and
812 initialize the prologue now. */
814 #endif
815 }
818 {
820 }
822 /*
823 * Allocate a new translation block. Flush the translation buffer if
824 * too many translation blocks or too much generated code.
825 *
826 * Called with tb_lock held.
827 */
829 {
838 }
843 }
846 }
848 /* Called with tb_lock held. */
850 {
853 /* In practice this is mostly used for single use temporary TB
854 Ignore the hard cases and just back up if this TB happens to
855 be the last one generated. */
862 }
863 }
866 {
867 #ifdef CONFIG_SOFTMMU
871 #endif
872 }
874 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
876 {
881 }
888 }
894 }
895 }
896 }
899 {
904 }
905 }
907 /* flush all the translation blocks */
909 {
912 /* If it is already been done on request of another CPU,
913 * just retry.
914 */
917 }
919 #if defined(DEBUG_TB_FLUSH)
925 #endif
929 }
936 }
937 }
944 /* XXX: flush processor icache at this point if cache flush is
945 expensive */
949 done:
951 }
954 {
959 }
960 }
962 #ifdef DEBUG_TB_CHECK
964 static void
966 {
973 }
974 }
976 /* verify that all the pages have correct rights for code
977 *
978 * Called with tb_lock held.
979 */
981 {
984 }
986 static void
988 {
997 }
998 }
1000 /* verify that all the pages have correct rights for code */
1002 {
1004 }
1006 #endif
1009 {
1020 }
1022 }
1023 }
1025 /* remove the TB from a list of TBs jumping to the n-th jump target of the TB */
1027 {
1034 /* find tb(n) in circular list */
1041 }
1046 }
1047 }
1048 /* now we can suppress tb(n) from the list */
1052 }
1053 }
1055 /* reset the jump entry 'n' of a TB so that it is not chained to
1056 another TB */
1058 {
1061 }
1063 /* remove any jumps to the TB */
1065 {
1077 }
1081 }
1082 }
1084 /* invalidate one TB
1085 *
1086 * Called with tb_lock held.
1087 */
1089 {
1093 tb_page_addr_t phys_pc;
1099 /* remove the TB from the hash list */
1104 /* remove the TB from the page list */
1109 }
1114 }
1116 /* remove the TB from the hash list */
1121 }
1122 }
1124 /* suppress this TB from the two jump lists */
1128 /* suppress any remaining jumps to this TB */
1132 }
1134 #ifdef CONFIG_SOFTMMU
1136 {
1146 /* NOTE: this is subtle as a TB may span two physical pages */
1148 /* NOTE: tb_end may be after the end of the page, but
1149 it is not a problem */
1154 }
1158 }
1161 }
1162 }
1163 #endif
1165 /* add the tb in the target page and protect it if necessary
1166 *
1167 * Called with mmap_lock held for user-mode emulation.
1168 */
1171 {
1173 #ifndef CONFIG_USER_ONLY
1175 #endif
1182 #ifndef CONFIG_USER_ONLY
1184 #endif
1188 #if defined(CONFIG_USER_ONLY)
1190 target_ulong addr;
1194 /* force the host page as non writable (writes will have a
1195 page fault + mprotect overhead) */
1204 }
1207 }
1210 #ifdef DEBUG_TB_INVALIDATE
1212 page_addr);
1213 #endif
1214 }
1215 #else
1216 /* if some code is already present, then the pages are already
1217 protected. So we handle the case where only the first TB is
1218 allocated in a physical page */
1221 }
1222 #endif
1223 }
1225 /* add a new TB and link it to the physical page tables. phys_page2 is
1226 * (-1) to indicate that only one page contains the TB.
1227 *
1228 * Called with mmap_lock held for user-mode emulation.
1229 */
1231 tb_page_addr_t phys_page2)
1232 {
1237 /* add in the page list */
1243 }
1245 /* add in the hash table */
1249 #ifdef DEBUG_TB_CHECK
1251 #endif
1252 }
1254 /* Called with mmap_lock held for user mode emulation. */
1258 {
1262 target_ulong virt_page2;
1265 #ifdef CONFIG_PROFILER
1267 #endif
1273 }
1277 buffer_overflow:
1278 /* flush must be done */
1281 /* Make the execution loop process the flush as soon as possible. */
1284 }
1294 #ifdef CONFIG_PROFILER
1296 exceptions */
1298 #endif
1308 /* generate machine code */
1312 #ifdef USE_DIRECT_JUMP
1315 #else
1318 #endif
1320 #ifdef CONFIG_PROFILER
1324 #endif
1326 /* ??? Overflow could be handled better here. In particular, we
1327 don't need to re-do gen_intermediate_code, nor should we re-do
1328 the tcg optimization currently hidden inside tcg_gen_code. All
1329 that should be required is to flush the TBs, allocate a new TB,
1330 re-initialize it per above, and re-do the actual code generation. */
1334 }
1338 }
1340 #ifdef CONFIG_PROFILER
1345 #endif
1347 #ifdef DEBUG_DISAS
1356 }
1357 #endif
1361 CODE_GEN_ALIGN);
1363 #if defined(CONFIG_USER_ONLY) && defined(TARGET_X86_64)
1364 /* if we are doing vsyscall don't link the page as it lies in high memory
1365 and tb_alloc_page will abort due to page_l1_map returning NULL */
1369 #endif
1371 /* init jump list */
1377 /* init original jump addresses wich has been set during tcg_gen_code() */
1380 }
1383 }
1385 /* check next page if needed */
1390 }
1391 /* As long as consistency of the TB stuff is provided by tb_lock in user
1392 * mode and is implicit in single-threaded softmmu emulation, no explicit
1393 * memory barrier is required before tb_link_page() makes the TB visible
1394 * through the physical hash table and physical page list.
1395 */
1398 }
1400 /*
1401 * Invalidate all TBs which intersect with the target physical address range
1402 * [start;end[. NOTE: start and end may refer to *different* physical pages.
1403 * 'is_cpu_write_access' should be true if called from a real cpu write
1404 * access: the virtual CPU will exit the current TB if code is modified inside
1405 * this TB.
1406 *
1407 * Called with mmap_lock held for user-mode emulation, grabs tb_lock
1408 * Called with tb_lock held for system-mode emulation
1409 */
1411 {
1416 }
1417 }
1419 #ifdef CONFIG_SOFTMMU
1421 {
1424 }
1425 #else
1427 {
1432 }
1433 #endif
1434 /*
1435 * Invalidate all TBs which intersect with the target physical address range
1436 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1437 * 'is_cpu_write_access' should be true if called from a real cpu write
1438 * access: the virtual CPU will exit the current TB if code is modified inside
1439 * this TB.
1440 *
1441 * Called with tb_lock/mmap_lock held for user-mode emulation
1442 * Called with tb_lock held for system-mode emulation
1443 */
1446 {
1448 #if defined(TARGET_HAS_PRECISE_SMC)
1451 #endif
1455 #ifdef TARGET_HAS_PRECISE_SMC
1470 }
1471 #if defined(TARGET_HAS_PRECISE_SMC)
1474 }
1475 #endif
1477 /* we remove all the TBs in the range [start, end[ */
1478 /* XXX: see if in some cases it could be faster to invalidate all
1479 the code */
1485 /* NOTE: this is subtle as a TB may span two physical pages */
1487 /* NOTE: tb_end may be after the end of the page, but
1488 it is not a problem */
1494 }
1496 #ifdef TARGET_HAS_PRECISE_SMC
1501 /* now we have a real cpu fault */
1503 }
1504 }
1507 /* If we are modifying the current TB, we must stop
1508 its execution. We could be more precise by checking
1509 that the modification is after the current PC, but it
1510 would require a specialized function to partially
1511 restore the CPU state */
1517 }
1520 }
1522 }
1523 #if !defined(CONFIG_USER_ONLY)
1524 /* if no code remaining, no need to continue to use slow writes */
1528 }
1529 #endif
1530 #ifdef TARGET_HAS_PRECISE_SMC
1532 /* we generate a block containing just the instruction
1533 modifying the memory. It will ensure that it cannot modify
1534 itself */
1537 }
1538 #endif
1539 }
1541 #ifdef CONFIG_SOFTMMU
1542 /* len must be <= 8 and start must be a multiple of len.
1543 * Called via softmmu_template.h when code areas are written to with
1544 * iothread mutex not held.
1545 */
1547 {
1550 #if 0
1557 }
1558 #endif
1564 }
1567 /* build code bitmap. FIXME: writes should be protected by
1568 * tb_lock, reads by tb_lock or RCU.
1569 */
1571 }
1580 }
1582 do_invalidate:
1584 }
1585 }
1586 #else
1587 /* Called with mmap_lock held. If pc is not 0 then it indicates the
1588 * host PC of the faulting store instruction that caused this invalidate.
1589 * Returns true if the caller needs to abort execution of the current
1590 * TB (because it was modified by this store and the guest CPU has
1591 * precise-SMC semantics).
1592 */
1594 {
1598 #ifdef TARGET_HAS_PRECISE_SMC
1606 #endif
1614 }
1618 #ifdef TARGET_HAS_PRECISE_SMC
1621 }
1624 }
1625 #endif
1629 #ifdef TARGET_HAS_PRECISE_SMC
1632 /* If we are modifying the current TB, we must stop
1633 its execution. We could be more precise by checking
1634 that the modification is after the current PC, but it
1635 would require a specialized function to partially
1636 restore the CPU state */
1642 }
1646 }
1648 #ifdef TARGET_HAS_PRECISE_SMC
1650 /* we generate a block containing just the instruction
1651 modifying the memory. It will ensure that it cannot modify
1652 itself */
1654 /* tb_lock will be reset after cpu_loop_exit_noexc longjmps
1655 * back into the cpu_exec loop. */
1657 }
1658 #endif
1662 }
1663 #endif
1665 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1666 tb[1].tc_ptr. Return NULL if not found */
1668 {
1675 }
1679 }
1680 /* binary search (cf Knuth) */
1693 }
1694 }
1696 }
1698 #if !defined(CONFIG_USER_ONLY)
1700 {
1701 ram_addr_t ram_addr;
1711 }
1717 }
1720 /* Called with tb_lock held. */
1722 {
1727 /* We can use retranslation to find the PC. */
1731 /* The exception probably happened in a helper. The CPU state should
1732 have been saved before calling it. Fetch the PC from there. */
1735 tb_page_addr_t addr;
1741 }
1742 }
1744 #ifndef CONFIG_USER_ONLY
1745 /* in deterministic execution mode, instructions doing device I/Os
1746 * must be at the end of the TB.
1747 *
1748 * Called by softmmu_template.h, with iothread mutex not held.
1749 */
1751 {
1752 #if defined(TARGET_MIPS) || defined(TARGET_SH4)
1754 #endif
1765 }
1768 /* Calculate how many instructions had been executed before the fault
1769 occurred. */
1771 /* Generate a new TB ending on the I/O insn. */
1772 n++;
1773 /* On MIPS and SH, delay slot instructions can only be restarted if
1774 they were already the first instruction in the TB. If this is not
1775 the first instruction in a TB then re-execute the preceding
1776 branch. */
1777 #if defined(TARGET_MIPS)
1782 }
1783 #elif defined(TARGET_SH4)
1789 }
1790 #endif
1791 /* This should never happen. */
1794 }
1803 /* Invalidate original TB if this TB was generated in
1804 * cpu_exec_nocache() */
1806 }
1808 }
1809 /* FIXME: In theory this could raise an exception. In practice
1810 we have already translated the block once so it's probably ok. */
1813 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
1814 * the first in the TB) then we end up generating a whole new TB and
1815 * repeating the fault, which is horribly inefficient.
1816 * Better would be to execute just this insn uncached, or generate a
1817 * second new TB.
1818 *
1819 * cpu_loop_exit_noexc will longjmp back to cpu_exec where the
1820 * tb_lock gets reset.
1821 */
1823 }
1826 {
1829 /* Discard jump cache entries for any tb which might potentially
1830 overlap the flushed page. */
1838 }
1842 {
1849 }
1858 }
1871 }
1876 }
1879 {
1897 }
1899 cross_page++;
1900 }
1902 direct_jmp_count++;
1904 direct_jmp2_count++;
1905 }
1906 }
1907 }
1908 /* XXX: avoid using doubles ? */
1917 max_target_code_size);
1929 direct_jmp_count,
1932 direct_jmp2_count,
1949 }
1952 {
1954 }
1959 {
1963 }
1965 /*
1966 * Walks guest process memory "regions" one by one
1967 * and calls callback function 'fn' for each region.
1968 */
1970 walk_memory_regions_fn fn;
1972 target_ulong start;
1974 };
1978 {
1983 }
1984 }
1990 }
1994 {
1995 target_ulong pa;
2000 }
2013 }
2014 }
2015 }
2025 }
2026 }
2027 }
2030 }
2033 {
2047 }
2048 }
2051 }
2055 {
2066 }
2068 /* dump memory mappings */
2070 {
2075 }
2078 {
2084 }
2086 }
2088 /* Modify the flags of a page and invalidate the code if necessary.
2089 The flag PAGE_WRITE_ORG is positioned automatically depending
2090 on PAGE_WRITE. The mmap_lock should already be held. */
2092 {
2095 /* This function should never be called with addresses outside the
2096 guest address space. If this assert fires, it probably indicates
2097 a missing call to h2g_valid. */
2098 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2100 #endif
2109 }
2116 /* If the write protection bit is set, then we invalidate
2117 the code inside. */
2122 }
2124 }
2125 }
2128 {
2130 target_ulong end;
2131 target_ulong addr;
2133 /* This function should never be called with addresses outside the
2134 guest address space. If this assert fires, it probably indicates
2135 a missing call to h2g_valid. */
2136 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2138 #endif
2142 }
2144 /* We've wrapped around. */
2146 }
2148 /* must do before we loose bits in the next step */
2158 }
2161 }
2165 }
2169 }
2170 /* unprotect the page if it was put read-only because it
2171 contains translated code */
2175 }
2176 }
2177 }
2178 }
2180 }
2182 /* called from signal handler: invalidate the code and unprotect the
2183 * page. Return 0 if the fault was not handled, 1 if it was handled,
2184 * and 2 if it was handled but the caller must cause the TB to be
2185 * immediately exited. (We can only return 2 if the 'pc' argument is
2186 * non-zero.)
2187 */
2189 {
2195 /* Technically this isn't safe inside a signal handler. However we
2196 know this only ever happens in a synchronous SEGV handler, so in
2197 practice it seems to be ok. */
2204 }
2206 /* if the page was really writable, then we change its
2207 protection back to writable */
2219 /* and since the content will be modified, we must invalidate
2220 the corresponding translated code. */
2222 #ifdef DEBUG_TB_CHECK
2224 #endif
2225 }
2230 /* If current TB was invalidated return to main loop */
2232 }
2235 }