| blob | 0caf80db75f559adae8841a93925a733b59f3ebc |
1 /*
2 * Host code generation
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #ifdef _WIN32
20 #include <windows.h>
21 #endif
26 #define NO_CPU_IO_DEFS
32 #if defined(CONFIG_USER_ONLY)
35 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
36 #include <sys/param.h>
37 #if __FreeBSD_version >= 700104
38 #define HAVE_KINFO_GETVMMAP
40 #include <sys/proc.h>
41 #include <machine/profile.h>
42 #define _KERNEL
43 #include <sys/user.h>
44 #undef _KERNEL
45 #undef sigqueue
46 #include <libutil.h>
47 #endif
48 #endif
49 #else
51 #endif
62 /* #define DEBUG_TB_INVALIDATE */
63 /* #define DEBUG_TB_FLUSH */
64 /* make various TB consistency checks */
65 /* #define DEBUG_TB_CHECK */
67 #if !defined(CONFIG_USER_ONLY)
68 /* TB consistency checks only implemented for usermode emulation. */
69 #undef DEBUG_TB_CHECK
70 #endif
72 /* Access to the various translations structures need to be serialised via locks
73 * for consistency. This is automatic for SoftMMU based system
74 * emulation due to its single threaded nature. In user-mode emulation
75 * access to the memory related structures are protected with the
76 * mmap_lock.
77 */
78 #ifdef CONFIG_SOFTMMU
79 #define assert_memory_lock() tcg_debug_assert(have_tb_lock)
80 #else
81 #define assert_memory_lock() tcg_debug_assert(have_mmap_lock())
82 #endif
84 #define SMC_BITMAP_USE_THRESHOLD 10
87 /* list of TBs intersecting this ram page */
89 #ifdef CONFIG_SOFTMMU
90 /* in order to optimize self modifying code, we count the number
91 of lookups we do to a given page to use a bitmap */
94 #else
96 #endif
99 /* In system mode we want L1_MAP to be based on ram offsets,
100 while in user mode we want it to be based on virtual addresses. */
101 #if !defined(CONFIG_USER_ONLY)
102 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
103 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
104 #else
105 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
106 #endif
107 #else
108 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
109 #endif
111 /* Size of the L2 (and L3, etc) page tables. */
112 #define V_L2_BITS 10
113 #define V_L2_SIZE (1 << V_L2_BITS)
115 /*
116 * L1 Mapping properties
117 */
122 /* The bottom level has pointers to PageDesc, and is indexed by
123 * anything from 4 to (V_L2_BITS + 3) bits, depending on target page size.
124 */
125 #define V_L1_MIN_BITS 4
126 #define V_L1_MAX_BITS (V_L2_BITS + 3)
127 #define V_L1_MAX_SIZE (1 << V_L1_MAX_BITS)
131 /* code generation context */
132 TCGContext tcg_ctx;
135 /* translation block context */
139 {
143 /* The bits remaining after N lower levels of page tables. */
147 }
156 }
158 #define assert_tb_locked() tcg_debug_assert(have_tb_lock)
159 #define assert_tb_unlocked() tcg_debug_assert(!have_tb_lock)
162 {
165 have_tb_lock++;
166 }
169 {
171 have_tb_lock--;
173 }
176 {
180 }
181 }
186 {
188 }
190 /* Encode VAL as a signed leb128 sequence at P.
191 Return P incremented past the encoded value. */
193 {
203 }
208 }
210 /* Decode a signed leb128 sequence at *PP; increment *PP past the
211 decoded value. Return the decoded value. */
213 {
225 }
229 }
231 /* Encode the data collected about the instructions while compiling TB.
232 Place the data at BLOCK, and return the number of bytes consumed.
234 The logical table consisits of TARGET_INSN_START_WORDS target_ulong's,
235 which come from the target's insn_start data, followed by a uintptr_t
236 which comes from the host pc of the end of the code implementing the insn.
238 Each line of the table is encoded as sleb128 deltas from the previous
239 line. The seed for the first line is { tb->pc, 0..., tb->tc_ptr }.
240 That is, the first column is seeded with the guest pc, the last column
241 with the host pc, and the middle columns with zeros. */
244 {
252 target_ulong prev;
259 }
261 }
265 /* Test for (pending) buffer overflow. The assumption is that any
266 one row beginning below the high water mark cannot overrun
267 the buffer completely. Thus we can test for overflow after
268 encoding a row without having to check during encoding. */
271 }
272 }
275 }
277 /* The cpu state corresponding to 'searched_pc' is restored.
278 * Called with tb_lock held.
279 */
282 {
288 #ifdef CONFIG_PROFILER
290 #endif
296 }
298 /* Reconstruct the stored insn data while looking for the point at
299 which the end of the insn exceeds the searched_pc. */
303 }
307 }
308 }
311 found:
314 /* Reset the cycle counter to the start of the block. */
316 /* Clear the IO flag. */
318 }
322 #ifdef CONFIG_PROFILER
325 #endif
327 }
330 {
334 /* A retaddr of zero is invalid so we really shouldn't have ended
335 * up here. The target code has likely forgotten to check retaddr
336 * != 0 before attempting to restore state. We return early to
337 * avoid blowing up on a recursive tb_lock(). The target must have
338 * previously survived a failed cpu_restore_state because
339 * tb_find_pc(0) would have failed anyway. It still should be
340 * fixed though.
341 */
345 }
352 /* one-shot translation, invalidate it immediately */
355 }
357 }
361 }
364 {
368 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
369 {
370 #ifdef HAVE_KINFO_GETVMMAP
389 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
392 #endif
393 }
394 }
395 }
398 }
399 #else
421 }
423 }
428 }
429 #endif
430 }
431 #endif
432 }
434 /* If alloc=1:
435 * Called with tb_lock held for system emulation.
436 * Called with mmap_lock held for user-mode emulation.
437 */
439 {
446 }
448 /* Level 1. Always allocated. */
451 /* Level 2..N-1. */
458 }
461 }
464 }
470 }
473 }
476 }
479 {
481 }
483 #if defined(CONFIG_USER_ONLY)
484 /* Currently it is not recommended to allocate big chunks of data in
485 user mode. It will change when a dedicated libc will be used. */
486 /* ??? 64-bit hosts ought to have no problem mmaping data outside the
487 region in which the guest needs to run. Revisit this. */
488 #define USE_STATIC_CODE_GEN_BUFFER
489 #endif
491 /* Minimum size of the code gen buffer. This number is randomly chosen,
492 but not so small that we can't have a fair number of TB's live. */
493 #define MIN_CODE_GEN_BUFFER_SIZE (1024u * 1024)
495 /* Maximum size of the code gen buffer we'd like to use. Unless otherwise
496 indicated, this is constrained by the range of direct branches on the
497 host cpu, as used by the TCG implementation of goto_tb. */
498 #if defined(__x86_64__)
499 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
500 #elif defined(__sparc__)
501 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
502 #elif defined(__powerpc64__)
503 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
504 #elif defined(__powerpc__)
505 # define MAX_CODE_GEN_BUFFER_SIZE (32u * 1024 * 1024)
506 #elif defined(__aarch64__)
507 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
508 #elif defined(__s390x__)
509 /* We have a +- 4GB range on the branches; leave some slop. */
510 # define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024)
511 #elif defined(__mips__)
512 /* We have a 256MB branch region, but leave room to make sure the
513 main executable is also within that region. */
514 # define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024)
515 #else
516 # define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
517 #endif
519 #define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)
521 #define DEFAULT_CODE_GEN_BUFFER_SIZE \
522 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
523 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)
526 {
527 /* Size the buffer. */
529 #ifdef USE_STATIC_CODE_GEN_BUFFER
531 #else
532 /* ??? Needs adjustments. */
533 /* ??? If we relax the requirement that CONFIG_USER_ONLY use the
534 static buffer, we could size this on RESERVED_VA, on the text
535 segment size of the executable, or continue to use the default. */
537 #endif
538 }
541 }
544 }
546 }
548 #ifdef __mips__
549 /* In order to use J and JAL within the code_gen_buffer, we require
550 that the buffer not cross a 256MB boundary. */
552 {
554 }
556 /* We weren't able to allocate a buffer without crossing that boundary,
557 so make do with the larger portion of the buffer that doesn't cross.
558 Returns the new base of the buffer, and adjusts code_gen_buffer_size. */
560 {
568 }
572 }
573 #endif
575 #ifdef USE_STATIC_CODE_GEN_BUFFER
579 # ifdef _WIN32
581 {
582 DWORD old_protect;
584 }
587 {
589 }
592 {
594 }
595 # else
597 {
607 }
610 {
612 }
615 {
617 }
621 {
625 /* The size of the buffer, rounded down to end on a page boundary. */
629 /* Reserve a guard page. */
632 /* Honor a command-line option limiting the size of the buffer. */
636 }
639 #ifdef __mips__
643 }
644 #endif
651 }
652 #elif defined(_WIN32)
654 {
658 /* Perform the allocation in two steps, so that the guard page
659 is reserved but uncommitted. */
665 }
668 }
669 #else
671 {
677 /* Constrain the position of the buffer based on the host cpu.
678 Note that these addresses are chosen in concert with the
679 addresses assigned in the relevant linker script file. */
680 # if defined(__PIE__) || defined(__PIC__)
681 /* Don't bother setting a preferred location if we're building
682 a position-independent executable. We're more likely to get
683 an address near the main executable if we let the kernel
684 choose the address. */
685 # elif defined(__x86_64__) && defined(MAP_32BIT)
686 /* Force the memory down into low memory with the executable.
687 Leave the choice of exact location with the kernel. */
689 /* Cannot expect to map more than 800MB in low memory. */
692 }
693 # elif defined(__sparc__)
695 # elif defined(__s390x__)
697 # elif defined(__mips__)
698 # if _MIPS_SIM == _ABI64
700 # else
702 # endif
703 # endif
709 }
711 #ifdef __mips__
713 /* Try again, with the original still mapped, to avoid re-acquiring
714 that 256mb crossing. This time don't specify an address. */
721 /* Success! Use the new buffer. */
724 }
725 /* Failure. Work with what we had. */
727 /* fallthru */
729 /* Split the original buffer. Free the smaller half. */
736 }
739 }
741 }
742 #endif
744 /* Make the final buffer accessible. The guard page at the end
745 will remain inaccessible with PROT_NONE. */
748 /* Request large pages for the buffer. */
752 }
756 {
762 }
764 /* size this conservatively -- realloc later if needed */
769 }
773 }
776 {
780 }
782 /* Must be called before using the QEMU cpus. 'tb_size' is the size
783 (in bytes) allocated to the translation buffer. Zero means default
784 size. */
786 {
792 #if defined(CONFIG_SOFTMMU)
793 /* There's no guest base to take into account, so go ahead and
794 initialize the prologue now. */
796 #endif
797 }
799 /*
800 * Allocate a new translation block. Flush the translation buffer if
801 * too many translation blocks or too much generated code.
802 *
803 * Called with tb_lock held.
804 */
806 {
815 }
820 }
823 }
825 /* Called with tb_lock held. */
827 {
830 /* In practice this is mostly used for single use temporary TB
831 Ignore the hard cases and just back up if this TB happens to
832 be the last one generated. */
839 }
840 }
843 {
844 #ifdef CONFIG_SOFTMMU
848 #endif
849 }
851 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
853 {
858 }
865 }
871 }
872 }
873 }
876 {
881 }
882 }
884 /* flush all the translation blocks */
886 {
889 /* If it is already been done on request of another CPU,
890 * just retry.
891 */
894 }
896 #if defined(DEBUG_TB_FLUSH)
902 #endif
906 }
910 }
917 /* XXX: flush processor icache at this point if cache flush is
918 expensive */
922 done:
924 }
927 {
932 }
933 }
935 #ifdef DEBUG_TB_CHECK
937 static void
939 {
946 }
947 }
949 /* verify that all the pages have correct rights for code
950 *
951 * Called with tb_lock held.
952 */
954 {
957 }
959 static void
961 {
970 }
971 }
973 /* verify that all the pages have correct rights for code */
975 {
977 }
979 #endif
982 {
993 }
995 }
996 }
998 /* remove the TB from a list of TBs jumping to the n-th jump target of the TB */
1000 {
1007 /* find tb(n) in circular list */
1014 }
1019 }
1020 }
1021 /* now we can suppress tb(n) from the list */
1025 }
1026 }
1028 /* reset the jump entry 'n' of a TB so that it is not chained to
1029 another TB */
1031 {
1034 }
1036 /* remove any jumps to the TB */
1038 {
1050 }
1054 }
1055 }
1057 /* invalidate one TB
1058 *
1059 * Called with tb_lock held.
1060 */
1062 {
1066 tb_page_addr_t phys_pc;
1072 /* remove the TB from the hash list */
1077 /* remove the TB from the page list */
1082 }
1087 }
1089 /* remove the TB from the hash list */
1094 }
1095 }
1097 /* suppress this TB from the two jump lists */
1101 /* suppress any remaining jumps to this TB */
1105 }
1107 #ifdef CONFIG_SOFTMMU
1109 {
1119 /* NOTE: this is subtle as a TB may span two physical pages */
1121 /* NOTE: tb_end may be after the end of the page, but
1122 it is not a problem */
1127 }
1131 }
1134 }
1135 }
1136 #endif
1138 /* add the tb in the target page and protect it if necessary
1139 *
1140 * Called with mmap_lock held for user-mode emulation.
1141 */
1144 {
1146 #ifndef CONFIG_USER_ONLY
1148 #endif
1155 #ifndef CONFIG_USER_ONLY
1157 #endif
1161 #if defined(CONFIG_USER_ONLY)
1163 target_ulong addr;
1167 /* force the host page as non writable (writes will have a
1168 page fault + mprotect overhead) */
1177 }
1180 }
1183 #ifdef DEBUG_TB_INVALIDATE
1185 page_addr);
1186 #endif
1187 }
1188 #else
1189 /* if some code is already present, then the pages are already
1190 protected. So we handle the case where only the first TB is
1191 allocated in a physical page */
1194 }
1195 #endif
1196 }
1198 /* add a new TB and link it to the physical page tables. phys_page2 is
1199 * (-1) to indicate that only one page contains the TB.
1200 *
1201 * Called with mmap_lock held for user-mode emulation.
1202 */
1204 tb_page_addr_t phys_page2)
1205 {
1210 /* add in the page list */
1216 }
1218 /* add in the hash table */
1222 #ifdef DEBUG_TB_CHECK
1224 #endif
1225 }
1227 /* Called with mmap_lock held for user mode emulation. */
1231 {
1235 target_ulong virt_page2;
1238 #ifdef CONFIG_PROFILER
1240 #endif
1246 }
1250 buffer_overflow:
1251 /* flush must be done */
1254 /* Make the execution loop process the flush as soon as possible. */
1257 }
1267 #ifdef CONFIG_PROFILER
1269 exceptions */
1271 #endif
1281 /* generate machine code */
1285 #ifdef USE_DIRECT_JUMP
1288 #else
1291 #endif
1293 #ifdef CONFIG_PROFILER
1297 #endif
1299 /* ??? Overflow could be handled better here. In particular, we
1300 don't need to re-do gen_intermediate_code, nor should we re-do
1301 the tcg optimization currently hidden inside tcg_gen_code. All
1302 that should be required is to flush the TBs, allocate a new TB,
1303 re-initialize it per above, and re-do the actual code generation. */
1307 }
1311 }
1313 #ifdef CONFIG_PROFILER
1318 #endif
1320 #ifdef DEBUG_DISAS
1329 }
1330 #endif
1334 CODE_GEN_ALIGN);
1336 /* init jump list */
1342 /* init original jump addresses wich has been set during tcg_gen_code() */
1345 }
1348 }
1350 /* check next page if needed */
1355 }
1356 /* As long as consistency of the TB stuff is provided by tb_lock in user
1357 * mode and is implicit in single-threaded softmmu emulation, no explicit
1358 * memory barrier is required before tb_link_page() makes the TB visible
1359 * through the physical hash table and physical page list.
1360 */
1363 }
1365 /*
1366 * Invalidate all TBs which intersect with the target physical address range
1367 * [start;end[. NOTE: start and end may refer to *different* physical pages.
1368 * 'is_cpu_write_access' should be true if called from a real cpu write
1369 * access: the virtual CPU will exit the current TB if code is modified inside
1370 * this TB.
1371 *
1372 * Called with mmap_lock held for user-mode emulation, grabs tb_lock
1373 * Called with tb_lock held for system-mode emulation
1374 */
1376 {
1381 }
1382 }
1384 #ifdef CONFIG_SOFTMMU
1386 {
1389 }
1390 #else
1392 {
1397 }
1398 #endif
1399 /*
1400 * Invalidate all TBs which intersect with the target physical address range
1401 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1402 * 'is_cpu_write_access' should be true if called from a real cpu write
1403 * access: the virtual CPU will exit the current TB if code is modified inside
1404 * this TB.
1405 *
1406 * Called with tb_lock/mmap_lock held for user-mode emulation
1407 * Called with tb_lock held for system-mode emulation
1408 */
1411 {
1413 #if defined(TARGET_HAS_PRECISE_SMC)
1416 #endif
1420 #ifdef TARGET_HAS_PRECISE_SMC
1435 }
1436 #if defined(TARGET_HAS_PRECISE_SMC)
1439 }
1440 #endif
1442 /* we remove all the TBs in the range [start, end[ */
1443 /* XXX: see if in some cases it could be faster to invalidate all
1444 the code */
1450 /* NOTE: this is subtle as a TB may span two physical pages */
1452 /* NOTE: tb_end may be after the end of the page, but
1453 it is not a problem */
1459 }
1461 #ifdef TARGET_HAS_PRECISE_SMC
1466 /* now we have a real cpu fault */
1468 }
1469 }
1472 /* If we are modifying the current TB, we must stop
1473 its execution. We could be more precise by checking
1474 that the modification is after the current PC, but it
1475 would require a specialized function to partially
1476 restore the CPU state */
1482 }
1485 }
1487 }
1488 #if !defined(CONFIG_USER_ONLY)
1489 /* if no code remaining, no need to continue to use slow writes */
1493 }
1494 #endif
1495 #ifdef TARGET_HAS_PRECISE_SMC
1497 /* we generate a block containing just the instruction
1498 modifying the memory. It will ensure that it cannot modify
1499 itself */
1502 }
1503 #endif
1504 }
1506 #ifdef CONFIG_SOFTMMU
1507 /* len must be <= 8 and start must be a multiple of len.
1508 * Called via softmmu_template.h when code areas are written to with
1509 * iothread mutex not held.
1510 */
1512 {
1515 #if 0
1522 }
1523 #endif
1529 }
1532 /* build code bitmap. FIXME: writes should be protected by
1533 * tb_lock, reads by tb_lock or RCU.
1534 */
1536 }
1545 }
1547 do_invalidate:
1549 }
1550 }
1551 #else
1552 /* Called with mmap_lock held. If pc is not 0 then it indicates the
1553 * host PC of the faulting store instruction that caused this invalidate.
1554 * Returns true if the caller needs to abort execution of the current
1555 * TB (because it was modified by this store and the guest CPU has
1556 * precise-SMC semantics).
1557 */
1559 {
1563 #ifdef TARGET_HAS_PRECISE_SMC
1571 #endif
1579 }
1583 #ifdef TARGET_HAS_PRECISE_SMC
1586 }
1589 }
1590 #endif
1594 #ifdef TARGET_HAS_PRECISE_SMC
1597 /* If we are modifying the current TB, we must stop
1598 its execution. We could be more precise by checking
1599 that the modification is after the current PC, but it
1600 would require a specialized function to partially
1601 restore the CPU state */
1607 }
1611 }
1613 #ifdef TARGET_HAS_PRECISE_SMC
1615 /* we generate a block containing just the instruction
1616 modifying the memory. It will ensure that it cannot modify
1617 itself */
1619 /* tb_lock will be reset after cpu_loop_exit_noexc longjmps
1620 * back into the cpu_exec loop. */
1622 }
1623 #endif
1627 }
1628 #endif
1630 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1631 tb[1].tc_ptr. Return NULL if not found */
1633 {
1640 }
1644 }
1645 /* binary search (cf Knuth) */
1658 }
1659 }
1661 }
1663 #if !defined(CONFIG_USER_ONLY)
1665 {
1666 ram_addr_t ram_addr;
1676 }
1682 }
1685 /* Called with tb_lock held. */
1687 {
1692 /* We can use retranslation to find the PC. */
1696 /* The exception probably happened in a helper. The CPU state should
1697 have been saved before calling it. Fetch the PC from there. */
1700 tb_page_addr_t addr;
1706 }
1707 }
1709 #ifndef CONFIG_USER_ONLY
1710 /* in deterministic execution mode, instructions doing device I/Os
1711 * must be at the end of the TB.
1712 *
1713 * Called by softmmu_template.h, with iothread mutex not held.
1714 */
1716 {
1717 #if defined(TARGET_MIPS) || defined(TARGET_SH4)
1719 #endif
1730 }
1733 /* Calculate how many instructions had been executed before the fault
1734 occurred. */
1736 /* Generate a new TB ending on the I/O insn. */
1737 n++;
1738 /* On MIPS and SH, delay slot instructions can only be restarted if
1739 they were already the first instruction in the TB. If this is not
1740 the first instruction in a TB then re-execute the preceding
1741 branch. */
1742 #if defined(TARGET_MIPS)
1747 }
1748 #elif defined(TARGET_SH4)
1754 }
1755 #endif
1756 /* This should never happen. */
1759 }
1768 /* Invalidate original TB if this TB was generated in
1769 * cpu_exec_nocache() */
1771 }
1773 }
1774 /* FIXME: In theory this could raise an exception. In practice
1775 we have already translated the block once so it's probably ok. */
1778 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
1779 * the first in the TB) then we end up generating a whole new TB and
1780 * repeating the fault, which is horribly inefficient.
1781 * Better would be to execute just this insn uncached, or generate a
1782 * second new TB.
1783 *
1784 * cpu_loop_exit_noexc will longjmp back to cpu_exec where the
1785 * tb_lock gets reset.
1786 */
1788 }
1791 {
1796 }
1797 }
1800 {
1801 /* Discard jump cache entries for any tb which might potentially
1802 overlap the flushed page. */
1805 }
1809 {
1816 }
1825 }
1838 }
1843 }
1846 {
1857 }
1869 }
1871 cross_page++;
1872 }
1874 direct_jmp_count++;
1876 direct_jmp2_count++;
1877 }
1878 }
1879 }
1880 /* XXX: avoid using doubles ? */
1889 max_target_code_size);
1901 direct_jmp_count,
1904 direct_jmp2_count,
1921 }
1924 {
1926 }
1931 {
1935 }
1937 /*
1938 * Walks guest process memory "regions" one by one
1939 * and calls callback function 'fn' for each region.
1940 */
1942 walk_memory_regions_fn fn;
1944 target_ulong start;
1946 };
1950 {
1955 }
1956 }
1962 }
1966 {
1967 target_ulong pa;
1972 }
1985 }
1986 }
1987 }
1997 }
1998 }
1999 }
2002 }
2005 {
2019 }
2020 }
2023 }
2027 {
2038 }
2040 /* dump memory mappings */
2042 {
2047 }
2050 {
2056 }
2058 }
2060 /* Modify the flags of a page and invalidate the code if necessary.
2061 The flag PAGE_WRITE_ORG is positioned automatically depending
2062 on PAGE_WRITE. The mmap_lock should already be held. */
2064 {
2067 /* This function should never be called with addresses outside the
2068 guest address space. If this assert fires, it probably indicates
2069 a missing call to h2g_valid. */
2070 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2072 #endif
2081 }
2088 /* If the write protection bit is set, then we invalidate
2089 the code inside. */
2094 }
2096 }
2097 }
2100 {
2102 target_ulong end;
2103 target_ulong addr;
2105 /* This function should never be called with addresses outside the
2106 guest address space. If this assert fires, it probably indicates
2107 a missing call to h2g_valid. */
2108 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2110 #endif
2114 }
2116 /* We've wrapped around. */
2118 }
2120 /* must do before we loose bits in the next step */
2130 }
2133 }
2137 }
2141 }
2142 /* unprotect the page if it was put read-only because it
2143 contains translated code */
2147 }
2148 }
2149 }
2150 }
2152 }
2154 /* called from signal handler: invalidate the code and unprotect the
2155 * page. Return 0 if the fault was not handled, 1 if it was handled,
2156 * and 2 if it was handled but the caller must cause the TB to be
2157 * immediately exited. (We can only return 2 if the 'pc' argument is
2158 * non-zero.)
2159 */
2161 {
2167 /* Technically this isn't safe inside a signal handler. However we
2168 know this only ever happens in a synchronous SEGV handler, so in
2169 practice it seems to be ok. */
2176 }
2178 /* if the page was really writable, then we change its
2179 protection back to writable */
2191 /* and since the content will be modified, we must invalidate
2192 the corresponding translated code. */
2194 #ifdef DEBUG_TB_CHECK
2196 #endif
2197 }
2202 /* If current TB was invalidated return to main loop */
2204 }
2207 }
2210 /* This is a wrapper for common code that can not use CONFIG_SOFTMMU */
2212 {
2213 #ifdef CONFIG_SOFTMMU
2215 #endif
2216 }