commit c28ae41e introduced GETPC() usage for sparc, which is currently
not defined when building with --enable-tcg-interpreter. Add sparc to
the list of targets we selectively define GETPC() for.
Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Signed-off-by: NRichard Henderson <rth@twiddle.net>

Now that CONFIG_TCG_PASS_AREG0 is enabled for all targets,
remove dead code and support for !CONFIG_TCG_PASS_AREG0 case.

Remove dyngen-exec.h and all references to it. Although included by
hw/spapr_hcall.c, it does not seem to use it.

Remove unused HELPER_CFLAGS.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>
Reviewed-by: NRichard Henderson <rth@twiddle.net>

DEF_HELPER_FLAGS_5 was added some time ago without adjusting
MAX_OPC_PARAM_IARGS.

Fixing the definition becomes more important as QEMU is using
an increasing number of helper functions called with 5 arguments.

Add also a comment to avoid future problems when DEF_HELPER_FLAGS_6
will be added.
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Reviewed-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

There are no users left for previous exception handler returned from
cpu_set_debug_excp_handler. It should simplify code a little.
Signed-off-by: NIgor Mammedov <imammedo@redhat.com>

If we execute linux-user code that does the following:

  * A = mmap()
  * execute code in A
  * munmap(A)
  * B = mmap(), but mmap returns the same address as A
  * execute code in B

we end up executing a stale cached tb that contains translated code
from A, while we want new code from B.

This patch adds a TB flush for mmap'ed regions, before we return them,
avoiding the whole issue. It also adds a flush for munmap, so that we
don't execute stale TBs instead of getting a segfault.
Reported-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NAlexander Graf <agraf@suse.de>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Acked-by: NRiku Voipio <riku.voipio@linaro.org>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Move TLB handling and softmmu code load helpers to cputlb.c,
compile only for softmmu targets.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Change the data type of tci_tb_ptr, so GETPC() returns an
uintptr_t now (like for all other TCG targets).

This completes commit 20503968
and fixes builds with TCI.
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Allow TB invalidation by its physical address, extract implementation
from the breakpoint_invalidate function.
Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Use uintptr_t instead of void * or unsigned long in
several op related functions, env->mem_io_pc and
GETPC() macro.
Reviewed-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

cpu_io_recompile terminates by calling either cpu_abort or
cpu_resume_from_signal which both never return.
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

cpu_resume_from_signal terminates by calling longjmp.
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

QEMU host addresses must use uintptr_t to be portable for hosts with
an unusual size of long (w64).

tb_jmp_offset is an uint16_t value, therefore the local variable offset
in function tb_set_jmp_target was changed from unsigned long to uint16_t.

The type cast to long in function tb_add_jump now also uses uintptr_t.
For the bit operation used here, the signedness of the type cast does
not matter.

Some remaining unsigned long values are either only used for ARM assembler
code or will be fixed in a later patch for PPC.

v2:
Fix signature of tb_find_pc in exec.c, too (hint from Blue Swirl, thanks).
There remain lots of other long / unsigned long in exec.c which must be
replaced by uintptr_t. This will be done in a separate patch. Here
only one of these type casts is fixed.

v3:
Also fix signature of page_unprotect.
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Optionally, make memory access helpers take a parameter for CPUState
instead of relying on global env.

On most targets, perform simple moves to reorder registers. On i386,
switch from regparm(3) calling convention to standard stack-based
version.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Scripted conversion:
  for file in *.[hc] hw/*.[hc] hw/kvm/*.[hc] linux-user/*.[hc] linux-user/m68k/*.[hc] bsd-user/*.[hc] darwin-user/*.[hc] tcg/*/*.[hc] target-*/cpu.h; do
    sed -i "s/CPUState/CPUArchState/g" $file
  done

All occurrences of CPUArchState are expected to be replaced by QOM CPUState,
once all targets are QOM'ified and common fields have been extracted.
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NAnthony Liguori <aliguori@us.ibm.com>

The return value of cpu_register_io_memory() is no longer used anywhere, so
we can remove it and all associated data and code.
Signed-off-by: NAvi Kivity <avi@redhat.com>

Instead of indirecting via io_mem_region, dispatch directly
through the MemoryRegion obtained from the iotlb or phys_page_find().
Signed-off-by: NAvi Kivity <avi@redhat.com>

A step towards eliminating io indices.
Signed-off-by: NAvi Kivity <avi@redhat.com>

Now that all mmio goes through MemoryRegions, we can convert
io_mem_opaque to be a MemoryRegion pointer, and remove the thunks
that convert from old-style CPU{Read,Write}MemoryFunc to MemoryRegionOps.
Signed-off-by: NAvi Kivity <avi@redhat.com>
Reviewed-by: NRichard Henderson <rth@twiddle.net>

Its use of IO_MEM_ROM and friends will later cause #include loops; and it
is too large to merit inlining.
Signed-off-by: NAvi Kivity <avi@redhat.com>
Reviewed-by: NRichard Henderson <rth@twiddle.net>

The code sometimes uses range comparisons on io indexes (e.g.
index =< IO_MEM_ROM).  Avoid these as they make moving to objects harder.
Signed-off-by: NAvi Kivity <avi@redhat.com>
Reviewed-by: NRichard Henderson <rth@twiddle.net>

Currently mmio access goes directly to the io_mem_{read,write} arrays.
In preparation for eliminating them, add indirection via a function.
Signed-off-by: NAvi Kivity <avi@redhat.com>
Reviewed-by: NRichard Henderson <rth@twiddle.net>

Unlike other tcg target code generators, this one does not generate
machine code for some cpu. It generates machine independent bytecode
which is interpreted later.

This allows running QEMU on any host.

Interpreted bytecode is slower than direct execution of generated
machine code.
Signed-off-by: NStefan Weil <sw@weilnetz.de>

Adding an offset to a void pointer works with gcc but is not allowed
by the current C standards. With -pedantic, gcc complains:

exec-all.h:344: error: pointer of type ‘void *’ used in arithmetic

Fix this, and also replace (unsigned long) by (uintptr_t) in the same
statement.
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

None of this is needed by tools, and most of it can even be made static
inside cpus.c.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

GETPC() can be used even from outside of helper code. Move the macro to
a more accessible location. Avoid a compile warning from redefining it in exec.c.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Pass CPUState pointer to tlb_fill() instead of architecture local
cpu_single_env hacks.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

cea5f9a2 exposed bugs in unassigned memory
access handling. Fix them by always passing CPUState to the handlers.
Reported-by: NHervé Poussineau <hpoussin@reactos.org>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

The target-arm frontend's worst-case TCG ops per instr is 194 (and in
general many of the "load multiple registers" ARM instructions generate
more than 100 TCG ops). Raise MAX_OP_PER_INSTR accordingly to avoid
possible buffer overruns.

Since it doesn't make any sense for the "64 bit guest on 32 bit host"
case to have a smaller limit than the normal case, we collapse the
two cases back into each other again.

(This increase costs us about 14K in extra static buffer space and
21K of extra margin at the end of a 32MB codegen buffer.)
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Move functions cpu_has_work() and cpu_pc_from_tb() from exec.h to cpu.h. This is
needed by later patches.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Make cpu_loop_exit() take a parameter for CPUState instead of relying
on global env.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: NRichard Henderson <rth@twiddle.net>

tb_invalidate_page_range() was intended to be used to invalidate an
area of a TB which the guest explicitly flushes from i-cache. However,
QEMU detects writes to code areas where TBs have been generated, so
his has never been useful.

Delete the function, adjust callers.
Reviewed-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

When running a 64 bit guest on a 32 bit host, we tend to use more TCG ops
than on a 64 bit host. Reflect that in the reserved opcode amount constant.
Signed-off-by: NAlexander Graf <agraf@suse.de>

The previous patch removed the need for parameter puc.
Is is now unused, so remove it.

Cc: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NStefan Weil <weil@mail.berlios.de>

Function gen_pc_load was introduced in commit
d2856f1a.
The only reason for parameter searched_pc was
a debug statement in target-i386/translate.c.

Parameter puc was needed by target-sparc until
commit d7da2a10.

Remove searched_pc from the debug statement and remove both
parameters from the parameter list of gen_pc_load.

As the function name gen_pc_load was also misleading,
it is now called restore_state_to_opc. This new name
was suggested by Peter Maydell, thanks.

v2: Remove last parameter, too, and rename the function.

v3: Fix [] typo in target-arm/translate.c.
    Fix wrong SHA1 object name in commit message (copy+paste error).

Cc: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NStefan Weil <weil@mail.berlios.de>

This function is only used within exec.c, so no need to make it public.
Signed-off-by: NTristan Gingold <gingold@adacore.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

'extern' qualifier is useless for function declarations. Delete
them.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Most of emulated CPU have instructions aligned on 16 or 32 bits, while
on others GCC tries to align the target jump location. This means that
1/2 or 3/4 of tb_phys_hash entries are never used.

Update the hash function tb_phys_hash_func() to ignore the two lowest
bits of the address. This brings a 6% speed-up when booting a MIPS
image.
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Use __builtin___clear_cache() instead of __clear_cache() to avoid having
to define the function as extern. Fix the following warning:

| In file included from qemu/cpus.c:34:
| qemu/exec-all.h: In function 'tb_set_jmp_target1':
| qemu/exec-all.h:208: error: nested extern declaration of '__clear_cache'
| make[1]: *** [cpus.o] Error 1
| make: *** [subdir-i386-softmmu] Error 2
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>