| blob | 02d1ef3457ae7cb58281cc33d26b5dbf8db333e8 |
1 /*
2 * Host code generation
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #ifdef _WIN32
20 #include <windows.h>
21 #endif
25 #define NO_CPU_IO_DEFS
31 #if defined(CONFIG_USER_ONLY)
33 #if defined(TARGET_X86_64)
35 #endif
36 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
37 #include <sys/param.h>
38 #if __FreeBSD_version >= 700104
39 #define HAVE_KINFO_GETVMMAP
41 #include <sys/proc.h>
42 #include <machine/profile.h>
43 #define _KERNEL
44 #include <sys/user.h>
45 #undef _KERNEL
46 #undef sigqueue
47 #include <libutil.h>
48 #endif
49 #endif
50 #else
52 #endif
61 /* #define DEBUG_TB_INVALIDATE */
62 /* #define DEBUG_TB_FLUSH */
63 /* #define DEBUG_LOCKING */
64 /* make various TB consistency checks */
65 /* #define DEBUG_TB_CHECK */
67 #if !defined(CONFIG_USER_ONLY)
68 /* TB consistency checks only implemented for usermode emulation. */
69 #undef DEBUG_TB_CHECK
70 #endif
72 /* Access to the various translations structures need to be serialised via locks
73 * for consistency. This is automatic for SoftMMU based system
74 * emulation due to its single threaded nature. In user-mode emulation
75 * access to the memory related structures are protected with the
76 * mmap_lock.
77 */
78 #ifdef DEBUG_LOCKING
79 #define DEBUG_MEM_LOCKS 1
80 #else
81 #define DEBUG_MEM_LOCKS 0
82 #endif
84 #ifdef CONFIG_SOFTMMU
86 #else
87 #define assert_memory_lock() do { \
88 if (DEBUG_MEM_LOCKS) { \
89 g_assert(have_mmap_lock()); \
90 } \
91 } while (0)
92 #endif
94 #define SMC_BITMAP_USE_THRESHOLD 10
97 /* list of TBs intersecting this ram page */
99 #ifdef CONFIG_SOFTMMU
100 /* in order to optimize self modifying code, we count the number
101 of lookups we do to a given page to use a bitmap */
104 #else
106 #endif
109 /* In system mode we want L1_MAP to be based on ram offsets,
110 while in user mode we want it to be based on virtual addresses. */
111 #if !defined(CONFIG_USER_ONLY)
112 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
113 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
114 #else
115 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
116 #endif
117 #else
118 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
119 #endif
121 /* Size of the L2 (and L3, etc) page tables. */
122 #define V_L2_BITS 10
123 #define V_L2_SIZE (1 << V_L2_BITS)
128 /*
129 * L1 Mapping properties
130 */
135 /* The bottom level has pointers to PageDesc, and is indexed by
136 * anything from 4 to (V_L2_BITS + 3) bits, depending on target page size.
137 */
138 #define V_L1_MIN_BITS 4
139 #define V_L1_MAX_BITS (V_L2_BITS + 3)
140 #define V_L1_MAX_SIZE (1 << V_L1_MAX_BITS)
144 /* code generation context */
145 TCGContext tcg_ctx;
148 /* translation block context */
149 #ifdef CONFIG_USER_ONLY
151 #endif
154 {
158 /* The bits remaining after N lower levels of page tables. */
162 }
171 }
174 {
175 #ifdef CONFIG_USER_ONLY
178 have_tb_lock++;
179 #endif
180 }
183 {
184 #ifdef CONFIG_USER_ONLY
186 have_tb_lock--;
188 #endif
189 }
192 {
193 #ifdef CONFIG_USER_ONLY
197 }
198 #endif
199 }
201 #ifdef DEBUG_LOCKING
202 #define DEBUG_TB_LOCKS 1
203 #else
204 #define DEBUG_TB_LOCKS 0
205 #endif
207 #ifdef CONFIG_SOFTMMU
209 #else
210 #define assert_tb_lock() do { \
211 if (DEBUG_TB_LOCKS) { \
212 g_assert(have_tb_lock); \
213 } \
214 } while (0)
215 #endif
221 {
223 }
225 /* Encode VAL as a signed leb128 sequence at P.
226 Return P incremented past the encoded value. */
228 {
238 }
243 }
245 /* Decode a signed leb128 sequence at *PP; increment *PP past the
246 decoded value. Return the decoded value. */
248 {
260 }
264 }
266 /* Encode the data collected about the instructions while compiling TB.
267 Place the data at BLOCK, and return the number of bytes consumed.
269 The logical table consisits of TARGET_INSN_START_WORDS target_ulong's,
270 which come from the target's insn_start data, followed by a uintptr_t
271 which comes from the host pc of the end of the code implementing the insn.
273 Each line of the table is encoded as sleb128 deltas from the previous
274 line. The seed for the first line is { tb->pc, 0..., tb->tc_ptr }.
275 That is, the first column is seeded with the guest pc, the last column
276 with the host pc, and the middle columns with zeros. */
279 {
287 target_ulong prev;
294 }
296 }
300 /* Test for (pending) buffer overflow. The assumption is that any
301 one row beginning below the high water mark cannot overrun
302 the buffer completely. Thus we can test for overflow after
303 encoding a row without having to check during encoding. */
306 }
307 }
310 }
312 /* The cpu state corresponding to 'searched_pc' is restored.
313 * Called with tb_lock held.
314 */
317 {
323 #ifdef CONFIG_PROFILER
325 #endif
331 }
333 /* Reconstruct the stored insn data while looking for the point at
334 which the end of the insn exceeds the searched_pc. */
338 }
342 }
343 }
346 found:
349 /* Reset the cycle counter to the start of the block. */
351 /* Clear the IO flag. */
353 }
357 #ifdef CONFIG_PROFILER
360 #endif
362 }
365 {
374 /* one-shot translation, invalidate it immediately */
377 }
379 }
383 }
386 {
387 /* NOTE: we can always suppose that qemu_host_page_size >=
388 TARGET_PAGE_SIZE */
393 }
396 }
398 }
401 {
405 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
406 {
407 #ifdef HAVE_KINFO_GETVMMAP
426 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
429 #endif
430 }
431 }
432 }
435 }
436 #else
458 }
460 }
465 }
466 #endif
467 }
468 #endif
469 }
471 /* If alloc=1:
472 * Called with tb_lock held for system emulation.
473 * Called with mmap_lock held for user-mode emulation.
474 */
476 {
483 }
485 /* Level 1. Always allocated. */
488 /* Level 2..N-1. */
495 }
498 }
501 }
507 }
510 }
513 }
516 {
518 }
520 #if defined(CONFIG_USER_ONLY)
521 /* Currently it is not recommended to allocate big chunks of data in
522 user mode. It will change when a dedicated libc will be used. */
523 /* ??? 64-bit hosts ought to have no problem mmaping data outside the
524 region in which the guest needs to run. Revisit this. */
525 #define USE_STATIC_CODE_GEN_BUFFER
526 #endif
528 /* Minimum size of the code gen buffer. This number is randomly chosen,
529 but not so small that we can't have a fair number of TB's live. */
530 #define MIN_CODE_GEN_BUFFER_SIZE (1024u * 1024)
532 /* Maximum size of the code gen buffer we'd like to use. Unless otherwise
533 indicated, this is constrained by the range of direct branches on the
534 host cpu, as used by the TCG implementation of goto_tb. */
535 #if defined(__x86_64__)
536 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
537 #elif defined(__sparc__)
538 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
539 #elif defined(__powerpc64__)
540 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
541 #elif defined(__powerpc__)
542 # define MAX_CODE_GEN_BUFFER_SIZE (32u * 1024 * 1024)
543 #elif defined(__aarch64__)
544 # define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024)
545 #elif defined(__arm__)
546 # define MAX_CODE_GEN_BUFFER_SIZE (16u * 1024 * 1024)
547 #elif defined(__s390x__)
548 /* We have a +- 4GB range on the branches; leave some slop. */
549 # define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024)
550 #elif defined(__mips__)
551 /* We have a 256MB branch region, but leave room to make sure the
552 main executable is also within that region. */
553 # define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024)
554 #else
555 # define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
556 #endif
558 #define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)
560 #define DEFAULT_CODE_GEN_BUFFER_SIZE \
561 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
562 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)
565 {
566 /* Size the buffer. */
568 #ifdef USE_STATIC_CODE_GEN_BUFFER
570 #else
571 /* ??? Needs adjustments. */
572 /* ??? If we relax the requirement that CONFIG_USER_ONLY use the
573 static buffer, we could size this on RESERVED_VA, on the text
574 segment size of the executable, or continue to use the default. */
576 #endif
577 }
580 }
583 }
585 }
587 #ifdef __mips__
588 /* In order to use J and JAL within the code_gen_buffer, we require
589 that the buffer not cross a 256MB boundary. */
591 {
593 }
595 /* We weren't able to allocate a buffer without crossing that boundary,
596 so make do with the larger portion of the buffer that doesn't cross.
597 Returns the new base of the buffer, and adjusts code_gen_buffer_size. */
599 {
607 }
611 }
612 #endif
614 #ifdef USE_STATIC_CODE_GEN_BUFFER
618 # ifdef _WIN32
620 {
621 DWORD old_protect;
623 }
626 {
628 }
631 {
633 }
634 # else
636 {
646 }
649 {
651 }
654 {
656 }
660 {
664 /* The size of the buffer, rounded down to end on a page boundary. */
668 /* Reserve a guard page. */
671 /* Honor a command-line option limiting the size of the buffer. */
675 }
678 #ifdef __mips__
682 }
683 #endif
690 }
691 #elif defined(_WIN32)
693 {
697 /* Perform the allocation in two steps, so that the guard page
698 is reserved but uncommitted. */
704 }
707 }
708 #else
710 {
716 /* Constrain the position of the buffer based on the host cpu.
717 Note that these addresses are chosen in concert with the
718 addresses assigned in the relevant linker script file. */
719 # if defined(__PIE__) || defined(__PIC__)
720 /* Don't bother setting a preferred location if we're building
721 a position-independent executable. We're more likely to get
722 an address near the main executable if we let the kernel
723 choose the address. */
724 # elif defined(__x86_64__) && defined(MAP_32BIT)
725 /* Force the memory down into low memory with the executable.
726 Leave the choice of exact location with the kernel. */
728 /* Cannot expect to map more than 800MB in low memory. */
731 }
732 # elif defined(__sparc__)
734 # elif defined(__s390x__)
736 # elif defined(__mips__)
737 # if _MIPS_SIM == _ABI64
739 # else
741 # endif
742 # endif
748 }
750 #ifdef __mips__
752 /* Try again, with the original still mapped, to avoid re-acquiring
753 that 256mb crossing. This time don't specify an address. */
760 /* Success! Use the new buffer. */
763 }
764 /* Failure. Work with what we had. */
766 /* fallthru */
768 /* Split the original buffer. Free the smaller half. */
775 }
778 }
780 }
781 #endif
783 /* Make the final buffer accessible. The guard page at the end
784 will remain inaccessible with PROT_NONE. */
787 /* Request large pages for the buffer. */
791 }
795 {
801 }
803 /* Estimate a good size for the number of TBs we can support. We
804 still haven't deducted the prologue from the buffer size here,
805 but that's minimal and won't affect the estimate much. */
806 tcg_ctx.code_gen_max_blocks
811 }
814 {
818 }
820 /* Must be called before using the QEMU cpus. 'tb_size' is the size
821 (in bytes) allocated to the translation buffer. Zero means default
822 size. */
824 {
829 #if defined(CONFIG_SOFTMMU)
830 /* There's no guest base to take into account, so go ahead and
831 initialize the prologue now. */
833 #endif
834 }
837 {
839 }
841 /*
842 * Allocate a new translation block. Flush the translation buffer if
843 * too many translation blocks or too much generated code.
844 *
845 * Called with tb_lock held.
846 */
848 {
855 }
861 }
863 /* Called with tb_lock held. */
865 {
868 /* In practice this is mostly used for single use temporary TB
869 Ignore the hard cases and just back up if this TB happens to
870 be the last one generated. */
875 }
876 }
879 {
880 #ifdef CONFIG_SOFTMMU
884 #endif
885 }
887 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
889 {
894 }
901 }
907 }
908 }
909 }
912 {
917 }
918 }
920 /* flush all the translation blocks */
922 {
925 /* If it is already been done on request of another CPU,
926 * just retry.
927 */
930 }
932 #if defined(DEBUG_TB_FLUSH)
938 #endif
942 }
949 }
950 }
957 /* XXX: flush processor icache at this point if cache flush is
958 expensive */
962 done:
964 }
967 {
972 }
973 }
975 #ifdef DEBUG_TB_CHECK
977 static void
979 {
986 }
987 }
989 /* verify that all the pages have correct rights for code
990 *
991 * Called with tb_lock held.
992 */
994 {
997 }
999 static void
1001 {
1010 }
1011 }
1013 /* verify that all the pages have correct rights for code */
1015 {
1017 }
1019 #endif
1022 {
1033 }
1035 }
1036 }
1038 /* remove the TB from a list of TBs jumping to the n-th jump target of the TB */
1040 {
1047 /* find tb(n) in circular list */
1054 }
1059 }
1060 }
1061 /* now we can suppress tb(n) from the list */
1065 }
1066 }
1068 /* reset the jump entry 'n' of a TB so that it is not chained to
1069 another TB */
1071 {
1074 }
1076 /* remove any jumps to the TB */
1078 {
1090 }
1094 }
1095 }
1097 /* invalidate one TB
1098 *
1099 * Called with tb_lock held.
1100 */
1102 {
1106 tb_page_addr_t phys_pc;
1112 /* remove the TB from the hash list */
1117 /* remove the TB from the page list */
1122 }
1127 }
1129 /* remove the TB from the hash list */
1134 }
1135 }
1137 /* suppress this TB from the two jump lists */
1141 /* suppress any remaining jumps to this TB */
1145 }
1147 #ifdef CONFIG_SOFTMMU
1149 {
1159 /* NOTE: this is subtle as a TB may span two physical pages */
1161 /* NOTE: tb_end may be after the end of the page, but
1162 it is not a problem */
1167 }
1171 }
1174 }
1175 }
1176 #endif
1178 /* add the tb in the target page and protect it if necessary
1179 *
1180 * Called with mmap_lock held for user-mode emulation.
1181 */
1184 {
1186 #ifndef CONFIG_USER_ONLY
1188 #endif
1195 #ifndef CONFIG_USER_ONLY
1197 #endif
1201 #if defined(CONFIG_USER_ONLY)
1203 target_ulong addr;
1207 /* force the host page as non writable (writes will have a
1208 page fault + mprotect overhead) */
1217 }
1220 }
1223 #ifdef DEBUG_TB_INVALIDATE
1225 page_addr);
1226 #endif
1227 }
1228 #else
1229 /* if some code is already present, then the pages are already
1230 protected. So we handle the case where only the first TB is
1231 allocated in a physical page */
1234 }
1235 #endif
1236 }
1238 /* add a new TB and link it to the physical page tables. phys_page2 is
1239 * (-1) to indicate that only one page contains the TB.
1240 *
1241 * Called with mmap_lock held for user-mode emulation.
1242 */
1244 tb_page_addr_t phys_page2)
1245 {
1250 /* add in the page list */
1256 }
1258 /* add in the hash table */
1262 #ifdef DEBUG_TB_CHECK
1264 #endif
1265 }
1267 /* Called with mmap_lock held for user mode emulation. */
1271 {
1275 target_ulong virt_page2;
1278 #ifdef CONFIG_PROFILER
1280 #endif
1286 }
1290 buffer_overflow:
1291 /* flush must be done */
1295 }
1303 #ifdef CONFIG_PROFILER
1305 exceptions */
1307 #endif
1317 /* generate machine code */
1321 #ifdef USE_DIRECT_JUMP
1324 #else
1327 #endif
1329 #ifdef CONFIG_PROFILER
1333 #endif
1335 /* ??? Overflow could be handled better here. In particular, we
1336 don't need to re-do gen_intermediate_code, nor should we re-do
1337 the tcg optimization currently hidden inside tcg_gen_code. All
1338 that should be required is to flush the TBs, allocate a new TB,
1339 re-initialize it per above, and re-do the actual code generation. */
1343 }
1347 }
1349 #ifdef CONFIG_PROFILER
1354 #endif
1356 #ifdef DEBUG_DISAS
1365 }
1366 #endif
1370 CODE_GEN_ALIGN);
1372 #if defined(CONFIG_USER_ONLY) && defined(TARGET_X86_64)
1373 /* if we are doing vsyscall don't link the page as it lies in high memory
1374 and tb_alloc_page will abort due to page_l1_map returning NULL */
1378 #endif
1380 /* init jump list */
1386 /* init original jump addresses wich has been set during tcg_gen_code() */
1389 }
1392 }
1394 /* check next page if needed */
1399 }
1400 /* As long as consistency of the TB stuff is provided by tb_lock in user
1401 * mode and is implicit in single-threaded softmmu emulation, no explicit
1402 * memory barrier is required before tb_link_page() makes the TB visible
1403 * through the physical hash table and physical page list.
1404 */
1407 }
1409 /*
1410 * Invalidate all TBs which intersect with the target physical address range
1411 * [start;end[. NOTE: start and end may refer to *different* physical pages.
1412 * 'is_cpu_write_access' should be true if called from a real cpu write
1413 * access: the virtual CPU will exit the current TB if code is modified inside
1414 * this TB.
1415 *
1416 * Called with mmap_lock held for user-mode emulation, grabs tb_lock
1417 * Called with tb_lock held for system-mode emulation
1418 */
1420 {
1425 }
1426 }
1428 #ifdef CONFIG_SOFTMMU
1430 {
1433 }
1434 #else
1436 {
1441 }
1442 #endif
1443 /*
1444 * Invalidate all TBs which intersect with the target physical address range
1445 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1446 * 'is_cpu_write_access' should be true if called from a real cpu write
1447 * access: the virtual CPU will exit the current TB if code is modified inside
1448 * this TB.
1449 *
1450 * Called with tb_lock/mmap_lock held for user-mode emulation
1451 * Called with tb_lock held for system-mode emulation
1452 */
1455 {
1457 #if defined(TARGET_HAS_PRECISE_SMC)
1460 #endif
1464 #ifdef TARGET_HAS_PRECISE_SMC
1479 }
1480 #if defined(TARGET_HAS_PRECISE_SMC)
1483 }
1484 #endif
1486 /* we remove all the TBs in the range [start, end[ */
1487 /* XXX: see if in some cases it could be faster to invalidate all
1488 the code */
1494 /* NOTE: this is subtle as a TB may span two physical pages */
1496 /* NOTE: tb_end may be after the end of the page, but
1497 it is not a problem */
1503 }
1505 #ifdef TARGET_HAS_PRECISE_SMC
1510 /* now we have a real cpu fault */
1512 }
1513 }
1516 /* If we are modifying the current TB, we must stop
1517 its execution. We could be more precise by checking
1518 that the modification is after the current PC, but it
1519 would require a specialized function to partially
1520 restore the CPU state */
1526 }
1529 }
1531 }
1532 #if !defined(CONFIG_USER_ONLY)
1533 /* if no code remaining, no need to continue to use slow writes */
1537 }
1538 #endif
1539 #ifdef TARGET_HAS_PRECISE_SMC
1541 /* we generate a block containing just the instruction
1542 modifying the memory. It will ensure that it cannot modify
1543 itself */
1546 }
1547 #endif
1548 }
1550 #ifdef CONFIG_SOFTMMU
1551 /* len must be <= 8 and start must be a multiple of len.
1552 * Called via softmmu_template.h when code areas are written to with
1553 * tb_lock held.
1554 */
1556 {
1559 #if 0
1566 }
1567 #endif
1573 }
1576 /* build code bitmap. FIXME: writes should be protected by
1577 * tb_lock, reads by tb_lock or RCU.
1578 */
1580 }
1589 }
1591 do_invalidate:
1593 }
1594 }
1595 #else
1596 /* Called with mmap_lock held. If pc is not 0 then it indicates the
1597 * host PC of the faulting store instruction that caused this invalidate.
1598 * Returns true if the caller needs to abort execution of the current
1599 * TB (because it was modified by this store and the guest CPU has
1600 * precise-SMC semantics).
1601 */
1603 {
1607 #ifdef TARGET_HAS_PRECISE_SMC
1615 #endif
1623 }
1627 #ifdef TARGET_HAS_PRECISE_SMC
1630 }
1633 }
1634 #endif
1638 #ifdef TARGET_HAS_PRECISE_SMC
1641 /* If we are modifying the current TB, we must stop
1642 its execution. We could be more precise by checking
1643 that the modification is after the current PC, but it
1644 would require a specialized function to partially
1645 restore the CPU state */
1651 }
1655 }
1657 #ifdef TARGET_HAS_PRECISE_SMC
1659 /* we generate a block containing just the instruction
1660 modifying the memory. It will ensure that it cannot modify
1661 itself */
1663 /* tb_lock will be reset after cpu_loop_exit_noexc longjmps
1664 * back into the cpu_exec loop. */
1666 }
1667 #endif
1671 }
1672 #endif
1674 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1675 tb[1].tc_ptr. Return NULL if not found */
1677 {
1684 }
1688 }
1689 /* binary search (cf Knuth) */
1702 }
1703 }
1705 }
1707 #if !defined(CONFIG_USER_ONLY)
1709 {
1710 ram_addr_t ram_addr;
1720 }
1726 }
1729 /* Called with tb_lock held. */
1731 {
1736 /* We can use retranslation to find the PC. */
1740 /* The exception probably happened in a helper. The CPU state should
1741 have been saved before calling it. Fetch the PC from there. */
1744 tb_page_addr_t addr;
1750 }
1751 }
1753 #ifndef CONFIG_USER_ONLY
1754 /* in deterministic execution mode, instructions doing device I/Os
1755 must be at the end of the TB */
1757 {
1758 #if defined(TARGET_MIPS) || defined(TARGET_SH4)
1760 #endif
1771 }
1774 /* Calculate how many instructions had been executed before the fault
1775 occurred. */
1777 /* Generate a new TB ending on the I/O insn. */
1778 n++;
1779 /* On MIPS and SH, delay slot instructions can only be restarted if
1780 they were already the first instruction in the TB. If this is not
1781 the first instruction in a TB then re-execute the preceding
1782 branch. */
1783 #if defined(TARGET_MIPS)
1788 }
1789 #elif defined(TARGET_SH4)
1795 }
1796 #endif
1797 /* This should never happen. */
1800 }
1809 /* Invalidate original TB if this TB was generated in
1810 * cpu_exec_nocache() */
1812 }
1814 }
1815 /* FIXME: In theory this could raise an exception. In practice
1816 we have already translated the block once so it's probably ok. */
1819 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
1820 * the first in the TB) then we end up generating a whole new TB and
1821 * repeating the fault, which is horribly inefficient.
1822 * Better would be to execute just this insn uncached, or generate a
1823 * second new TB.
1824 *
1825 * cpu_loop_exit_noexc will longjmp back to cpu_exec where the
1826 * tb_lock gets reset.
1827 */
1829 }
1832 {
1835 /* Discard jump cache entries for any tb which might potentially
1836 overlap the flushed page. */
1844 }
1848 {
1855 }
1864 }
1877 }
1882 }
1885 {
1903 }
1905 cross_page++;
1906 }
1908 direct_jmp_count++;
1910 direct_jmp2_count++;
1911 }
1912 }
1913 }
1914 /* XXX: avoid using doubles ? */
1924 max_target_code_size);
1936 direct_jmp_count,
1939 direct_jmp2_count,
1956 }
1959 {
1961 }
1966 {
1969 }
1971 /*
1972 * Walks guest process memory "regions" one by one
1973 * and calls callback function 'fn' for each region.
1974 */
1976 walk_memory_regions_fn fn;
1978 target_ulong start;
1980 };
1984 {
1989 }
1990 }
1996 }
2000 {
2001 target_ulong pa;
2006 }
2019 }
2020 }
2021 }
2031 }
2032 }
2033 }
2036 }
2039 {
2053 }
2054 }
2057 }
2061 {
2072 }
2074 /* dump memory mappings */
2076 {
2081 }
2084 {
2090 }
2092 }
2094 /* Modify the flags of a page and invalidate the code if necessary.
2095 The flag PAGE_WRITE_ORG is positioned automatically depending
2096 on PAGE_WRITE. The mmap_lock should already be held. */
2098 {
2101 /* This function should never be called with addresses outside the
2102 guest address space. If this assert fires, it probably indicates
2103 a missing call to h2g_valid. */
2104 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2106 #endif
2115 }
2122 /* If the write protection bit is set, then we invalidate
2123 the code inside. */
2128 }
2130 }
2131 }
2134 {
2136 target_ulong end;
2137 target_ulong addr;
2139 /* This function should never be called with addresses outside the
2140 guest address space. If this assert fires, it probably indicates
2141 a missing call to h2g_valid. */
2142 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2144 #endif
2148 }
2150 /* We've wrapped around. */
2152 }
2154 /* must do before we loose bits in the next step */
2164 }
2167 }
2171 }
2175 }
2176 /* unprotect the page if it was put read-only because it
2177 contains translated code */
2181 }
2182 }
2183 }
2184 }
2186 }
2188 /* called from signal handler: invalidate the code and unprotect the
2189 * page. Return 0 if the fault was not handled, 1 if it was handled,
2190 * and 2 if it was handled but the caller must cause the TB to be
2191 * immediately exited. (We can only return 2 if the 'pc' argument is
2192 * non-zero.)
2193 */
2195 {
2201 /* Technically this isn't safe inside a signal handler. However we
2202 know this only ever happens in a synchronous SEGV handler, so in
2203 practice it seems to be ok. */
2210 }
2212 /* if the page was really writable, then we change its
2213 protection back to writable */
2225 /* and since the content will be modified, we must invalidate
2226 the corresponding translated code. */
2228 #ifdef DEBUG_TB_CHECK
2230 #endif
2231 }
2236 /* If current TB was invalidated return to main loop */
2238 }
2241 }