2 * virtual page mapping and translated block handling
4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 #define WIN32_LEAN_AND_MEAN
25 #include <sys/types.h>
38 #include "qemu-common.h"
41 #if defined(CONFIG_USER_ONLY)
45 //#define DEBUG_TB_INVALIDATE
48 //#define DEBUG_UNASSIGNED
50 /* make various TB consistency checks */
51 //#define DEBUG_TB_CHECK
52 //#define DEBUG_TLB_CHECK
54 //#define DEBUG_IOPORT
55 //#define DEBUG_SUBPAGE
57 #if !defined(CONFIG_USER_ONLY)
58 /* TB consistency checks only implemented for usermode emulation. */
62 #define SMC_BITMAP_USE_THRESHOLD 10
64 #define MMAP_AREA_START 0x00000000
65 #define MMAP_AREA_END 0xa8000000
67 #if defined(TARGET_SPARC64)
68 #define TARGET_PHYS_ADDR_SPACE_BITS 41
69 #elif defined(TARGET_SPARC)
70 #define TARGET_PHYS_ADDR_SPACE_BITS 36
71 #elif defined(TARGET_ALPHA)
72 #define TARGET_PHYS_ADDR_SPACE_BITS 42
73 #define TARGET_VIRT_ADDR_SPACE_BITS 42
74 #elif defined(TARGET_PPC64)
75 #define TARGET_PHYS_ADDR_SPACE_BITS 42
76 #elif defined(TARGET_X86_64) && !defined(USE_KQEMU)
77 #define TARGET_PHYS_ADDR_SPACE_BITS 42
78 #elif defined(TARGET_I386) && !defined(USE_KQEMU)
79 #define TARGET_PHYS_ADDR_SPACE_BITS 36
81 /* Note: for compatibility with kqemu, we use 32 bits for x86_64 */
82 #define TARGET_PHYS_ADDR_SPACE_BITS 32
85 TranslationBlock *tbs;
86 int code_gen_max_blocks;
87 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
89 /* any access to the tbs or the page table must use this lock */
90 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
92 #if defined(__arm__) || defined(__sparc_v9__)
93 /* The prologue must be reachable with a direct jump. ARM and Sparc64
94 have limited branch ranges (possibly also PPC) so place it in a
95 section close to code segment. */
96 #define code_gen_section \
97 __attribute__((__section__(".gen_code"))) \
98 __attribute__((aligned (32)))
100 #define code_gen_section \
101 __attribute__((aligned (32)))
104 uint8_t code_gen_prologue[1024] code_gen_section;
105 uint8_t *code_gen_buffer;
106 unsigned long code_gen_buffer_size;
107 /* threshold to flush the translated code buffer */
108 unsigned long code_gen_buffer_max_size;
109 uint8_t *code_gen_ptr;
111 #if !defined(CONFIG_USER_ONLY)
112 ram_addr_t phys_ram_size;
114 uint8_t *phys_ram_base;
115 uint8_t *phys_ram_dirty;
116 static ram_addr_t phys_ram_alloc_offset = 0;
120 /* current CPU in the current thread. It is only valid inside
122 CPUState *cpu_single_env;
123 /* 0 = Do not count executed instructions.
124 1 = Precise instruction counting.
125 2 = Adaptive rate instruction counting. */
127 /* Current instruction counter. While executing translated code this may
128 include some instructions that have not yet been executed. */
131 typedef struct PageDesc {
132 /* list of TBs intersecting this ram page */
133 TranslationBlock *first_tb;
134 /* in order to optimize self modifying code, we count the number
135 of lookups we do to a given page to use a bitmap */
136 unsigned int code_write_count;
137 uint8_t *code_bitmap;
138 #if defined(CONFIG_USER_ONLY)
143 typedef struct PhysPageDesc {
144 /* offset in host memory of the page + io_index in the low bits */
145 ram_addr_t phys_offset;
149 #if defined(CONFIG_USER_ONLY) && defined(TARGET_VIRT_ADDR_SPACE_BITS)
150 /* XXX: this is a temporary hack for alpha target.
151 * In the future, this is to be replaced by a multi-level table
152 * to actually be able to handle the complete 64 bits address space.
154 #define L1_BITS (TARGET_VIRT_ADDR_SPACE_BITS - L2_BITS - TARGET_PAGE_BITS)
156 #define L1_BITS (32 - L2_BITS - TARGET_PAGE_BITS)
159 #define L1_SIZE (1 << L1_BITS)
160 #define L2_SIZE (1 << L2_BITS)
162 unsigned long qemu_real_host_page_size;
163 unsigned long qemu_host_page_bits;
164 unsigned long qemu_host_page_size;
165 unsigned long qemu_host_page_mask;
167 /* XXX: for system emulation, it could just be an array */
168 static PageDesc *l1_map[L1_SIZE];
169 PhysPageDesc **l1_phys_map;
171 #if !defined(CONFIG_USER_ONLY)
172 static void io_mem_init(void);
174 /* io memory support */
175 CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4];
176 CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
177 void *io_mem_opaque[IO_MEM_NB_ENTRIES];
178 static int io_mem_nb;
179 static int io_mem_watch;
183 const char *logfilename = "/tmp/qemu.log";
186 static int log_append = 0;
189 static int tlb_flush_count;
190 static int tb_flush_count;
191 static int tb_phys_invalidate_count;
193 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
194 typedef struct subpage_t {
195 target_phys_addr_t base;
196 CPUReadMemoryFunc **mem_read[TARGET_PAGE_SIZE][4];
197 CPUWriteMemoryFunc **mem_write[TARGET_PAGE_SIZE][4];
198 void *opaque[TARGET_PAGE_SIZE][2][4];
202 static void map_exec(void *addr, long size)
205 VirtualProtect(addr, size,
206 PAGE_EXECUTE_READWRITE, &old_protect);
210 static void map_exec(void *addr, long size)
212 unsigned long start, end, page_size;
214 page_size = getpagesize();
215 start = (unsigned long)addr;
216 start &= ~(page_size - 1);
218 end = (unsigned long)addr + size;
219 end += page_size - 1;
220 end &= ~(page_size - 1);
222 mprotect((void *)start, end - start,
223 PROT_READ | PROT_WRITE | PROT_EXEC);
227 static void page_init(void)
229 /* NOTE: we can always suppose that qemu_host_page_size >=
233 SYSTEM_INFO system_info;
236 GetSystemInfo(&system_info);
237 qemu_real_host_page_size = system_info.dwPageSize;
240 qemu_real_host_page_size = getpagesize();
242 if (qemu_host_page_size == 0)
243 qemu_host_page_size = qemu_real_host_page_size;
244 if (qemu_host_page_size < TARGET_PAGE_SIZE)
245 qemu_host_page_size = TARGET_PAGE_SIZE;
246 qemu_host_page_bits = 0;
247 while ((1 << qemu_host_page_bits) < qemu_host_page_size)
248 qemu_host_page_bits++;
249 qemu_host_page_mask = ~(qemu_host_page_size - 1);
250 l1_phys_map = qemu_vmalloc(L1_SIZE * sizeof(void *));
251 memset(l1_phys_map, 0, L1_SIZE * sizeof(void *));
253 #if !defined(_WIN32) && defined(CONFIG_USER_ONLY)
255 long long startaddr, endaddr;
260 last_brk = (unsigned long)sbrk(0);
261 f = fopen("/proc/self/maps", "r");
264 n = fscanf (f, "%llx-%llx %*[^\n]\n", &startaddr, &endaddr);
266 startaddr = MIN(startaddr,
267 (1ULL << TARGET_PHYS_ADDR_SPACE_BITS) - 1);
268 endaddr = MIN(endaddr,
269 (1ULL << TARGET_PHYS_ADDR_SPACE_BITS) - 1);
270 page_set_flags(startaddr & TARGET_PAGE_MASK,
271 TARGET_PAGE_ALIGN(endaddr),
282 static inline PageDesc **page_l1_map(target_ulong index)
284 #if TARGET_LONG_BITS > 32
285 /* Host memory outside guest VM. For 32-bit targets we have already
286 excluded high addresses. */
287 if (index > ((target_ulong)L2_SIZE * L1_SIZE))
290 return &l1_map[index >> L2_BITS];
293 static inline PageDesc *page_find_alloc(target_ulong index)
296 lp = page_l1_map(index);
302 /* allocate if not found */
303 #if defined(CONFIG_USER_ONLY)
305 size_t len = sizeof(PageDesc) * L2_SIZE;
306 /* Don't use qemu_malloc because it may recurse. */
307 p = mmap(0, len, PROT_READ | PROT_WRITE,
308 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
311 if (addr == (target_ulong)addr) {
312 page_set_flags(addr & TARGET_PAGE_MASK,
313 TARGET_PAGE_ALIGN(addr + len),
317 p = qemu_mallocz(sizeof(PageDesc) * L2_SIZE);
321 return p + (index & (L2_SIZE - 1));
324 static inline PageDesc *page_find(target_ulong index)
327 lp = page_l1_map(index);
334 return p + (index & (L2_SIZE - 1));
337 static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
342 p = (void **)l1_phys_map;
343 #if TARGET_PHYS_ADDR_SPACE_BITS > 32
345 #if TARGET_PHYS_ADDR_SPACE_BITS > (32 + L1_BITS)
346 #error unsupported TARGET_PHYS_ADDR_SPACE_BITS
348 lp = p + ((index >> (L1_BITS + L2_BITS)) & (L1_SIZE - 1));
351 /* allocate if not found */
354 p = qemu_vmalloc(sizeof(void *) * L1_SIZE);
355 memset(p, 0, sizeof(void *) * L1_SIZE);
359 lp = p + ((index >> L2_BITS) & (L1_SIZE - 1));
363 /* allocate if not found */
366 pd = qemu_vmalloc(sizeof(PhysPageDesc) * L2_SIZE);
368 for (i = 0; i < L2_SIZE; i++)
369 pd[i].phys_offset = IO_MEM_UNASSIGNED;
371 return ((PhysPageDesc *)pd) + (index & (L2_SIZE - 1));
374 static inline PhysPageDesc *phys_page_find(target_phys_addr_t index)
376 return phys_page_find_alloc(index, 0);
379 #if !defined(CONFIG_USER_ONLY)
380 static void tlb_protect_code(ram_addr_t ram_addr);
381 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
383 #define mmap_lock() do { } while(0)
384 #define mmap_unlock() do { } while(0)
387 #define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
389 #if defined(CONFIG_USER_ONLY)
390 /* Currently it is not recommanded to allocate big chunks of data in
391 user mode. It will change when a dedicated libc will be used */
392 #define USE_STATIC_CODE_GEN_BUFFER
395 #ifdef USE_STATIC_CODE_GEN_BUFFER
396 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE];
399 static void code_gen_alloc(unsigned long tb_size)
401 #ifdef USE_STATIC_CODE_GEN_BUFFER
402 code_gen_buffer = static_code_gen_buffer;
403 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
404 map_exec(code_gen_buffer, code_gen_buffer_size);
406 code_gen_buffer_size = tb_size;
407 if (code_gen_buffer_size == 0) {
408 #if defined(CONFIG_USER_ONLY)
409 /* in user mode, phys_ram_size is not meaningful */
410 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
412 /* XXX: needs ajustments */
413 code_gen_buffer_size = (int)(phys_ram_size / 4);
416 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
417 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
418 /* The code gen buffer location may have constraints depending on
419 the host cpu and OS */
420 #if defined(__linux__)
425 flags = MAP_PRIVATE | MAP_ANONYMOUS;
426 #if defined(__x86_64__)
428 /* Cannot map more than that */
429 if (code_gen_buffer_size > (800 * 1024 * 1024))
430 code_gen_buffer_size = (800 * 1024 * 1024);
431 #elif defined(__sparc_v9__)
432 // Map the buffer below 2G, so we can use direct calls and branches
434 start = (void *) 0x60000000UL;
435 if (code_gen_buffer_size > (512 * 1024 * 1024))
436 code_gen_buffer_size = (512 * 1024 * 1024);
438 code_gen_buffer = mmap(start, code_gen_buffer_size,
439 PROT_WRITE | PROT_READ | PROT_EXEC,
441 if (code_gen_buffer == MAP_FAILED) {
442 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
447 code_gen_buffer = qemu_malloc(code_gen_buffer_size);
448 if (!code_gen_buffer) {
449 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
452 map_exec(code_gen_buffer, code_gen_buffer_size);
454 #endif /* !USE_STATIC_CODE_GEN_BUFFER */
455 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
456 code_gen_buffer_max_size = code_gen_buffer_size -
457 code_gen_max_block_size();
458 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
459 tbs = qemu_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
462 /* Must be called before using the QEMU cpus. 'tb_size' is the size
463 (in bytes) allocated to the translation buffer. Zero means default
465 void cpu_exec_init_all(unsigned long tb_size)
468 code_gen_alloc(tb_size);
469 code_gen_ptr = code_gen_buffer;
471 #if !defined(CONFIG_USER_ONLY)
476 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
478 #define CPU_COMMON_SAVE_VERSION 1
480 static void cpu_common_save(QEMUFile *f, void *opaque)
482 CPUState *env = opaque;
484 qemu_put_be32s(f, &env->halted);
485 qemu_put_be32s(f, &env->interrupt_request);
488 static int cpu_common_load(QEMUFile *f, void *opaque, int version_id)
490 CPUState *env = opaque;
492 if (version_id != CPU_COMMON_SAVE_VERSION)
495 qemu_get_be32s(f, &env->halted);
496 qemu_get_be32s(f, &env->interrupt_request);
503 void cpu_exec_init(CPUState *env)
508 env->next_cpu = NULL;
511 while (*penv != NULL) {
512 penv = (CPUState **)&(*penv)->next_cpu;
515 env->cpu_index = cpu_index;
516 env->nb_watchpoints = 0;
518 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
519 register_savevm("cpu_common", cpu_index, CPU_COMMON_SAVE_VERSION,
520 cpu_common_save, cpu_common_load, env);
521 register_savevm("cpu", cpu_index, CPU_SAVE_VERSION,
522 cpu_save, cpu_load, env);
526 static inline void invalidate_page_bitmap(PageDesc *p)
528 if (p->code_bitmap) {
529 qemu_free(p->code_bitmap);
530 p->code_bitmap = NULL;
532 p->code_write_count = 0;
535 /* set to NULL all the 'first_tb' fields in all PageDescs */
536 static void page_flush_tb(void)
541 for(i = 0; i < L1_SIZE; i++) {
544 for(j = 0; j < L2_SIZE; j++) {
546 invalidate_page_bitmap(p);
553 /* flush all the translation blocks */
554 /* XXX: tb_flush is currently not thread safe */
555 void tb_flush(CPUState *env1)
558 #if defined(DEBUG_FLUSH)
559 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
560 (unsigned long)(code_gen_ptr - code_gen_buffer),
562 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
564 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
565 cpu_abort(env1, "Internal error: code buffer overflow\n");
569 for(env = first_cpu; env != NULL; env = env->next_cpu) {
570 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
573 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
576 code_gen_ptr = code_gen_buffer;
577 /* XXX: flush processor icache at this point if cache flush is
582 #ifdef DEBUG_TB_CHECK
584 static void tb_invalidate_check(target_ulong address)
586 TranslationBlock *tb;
588 address &= TARGET_PAGE_MASK;
589 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
590 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
591 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
592 address >= tb->pc + tb->size)) {
593 printf("ERROR invalidate: address=%08lx PC=%08lx size=%04x\n",
594 address, (long)tb->pc, tb->size);
600 /* verify that all the pages have correct rights for code */
601 static void tb_page_check(void)
603 TranslationBlock *tb;
604 int i, flags1, flags2;
606 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
607 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
608 flags1 = page_get_flags(tb->pc);
609 flags2 = page_get_flags(tb->pc + tb->size - 1);
610 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
611 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
612 (long)tb->pc, tb->size, flags1, flags2);
618 void tb_jmp_check(TranslationBlock *tb)
620 TranslationBlock *tb1;
623 /* suppress any remaining jumps to this TB */
627 tb1 = (TranslationBlock *)((long)tb1 & ~3);
630 tb1 = tb1->jmp_next[n1];
632 /* check end of list */
634 printf("ERROR: jmp_list from 0x%08lx\n", (long)tb);
640 /* invalidate one TB */
641 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
644 TranslationBlock *tb1;
648 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
651 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
655 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
657 TranslationBlock *tb1;
663 tb1 = (TranslationBlock *)((long)tb1 & ~3);
665 *ptb = tb1->page_next[n1];
668 ptb = &tb1->page_next[n1];
672 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
674 TranslationBlock *tb1, **ptb;
677 ptb = &tb->jmp_next[n];
680 /* find tb(n) in circular list */
684 tb1 = (TranslationBlock *)((long)tb1 & ~3);
685 if (n1 == n && tb1 == tb)
688 ptb = &tb1->jmp_first;
690 ptb = &tb1->jmp_next[n1];
693 /* now we can suppress tb(n) from the list */
694 *ptb = tb->jmp_next[n];
696 tb->jmp_next[n] = NULL;
700 /* reset the jump entry 'n' of a TB so that it is not chained to
702 static inline void tb_reset_jump(TranslationBlock *tb, int n)
704 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
707 void tb_phys_invalidate(TranslationBlock *tb, target_ulong page_addr)
712 target_phys_addr_t phys_pc;
713 TranslationBlock *tb1, *tb2;
715 /* remove the TB from the hash list */
716 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
717 h = tb_phys_hash_func(phys_pc);
718 tb_remove(&tb_phys_hash[h], tb,
719 offsetof(TranslationBlock, phys_hash_next));
721 /* remove the TB from the page list */
722 if (tb->page_addr[0] != page_addr) {
723 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
724 tb_page_remove(&p->first_tb, tb);
725 invalidate_page_bitmap(p);
727 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
728 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
729 tb_page_remove(&p->first_tb, tb);
730 invalidate_page_bitmap(p);
733 tb_invalidated_flag = 1;
735 /* remove the TB from the hash list */
736 h = tb_jmp_cache_hash_func(tb->pc);
737 for(env = first_cpu; env != NULL; env = env->next_cpu) {
738 if (env->tb_jmp_cache[h] == tb)
739 env->tb_jmp_cache[h] = NULL;
742 /* suppress this TB from the two jump lists */
743 tb_jmp_remove(tb, 0);
744 tb_jmp_remove(tb, 1);
746 /* suppress any remaining jumps to this TB */
752 tb1 = (TranslationBlock *)((long)tb1 & ~3);
753 tb2 = tb1->jmp_next[n1];
754 tb_reset_jump(tb1, n1);
755 tb1->jmp_next[n1] = NULL;
758 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
760 tb_phys_invalidate_count++;
763 static inline void set_bits(uint8_t *tab, int start, int len)
769 mask = 0xff << (start & 7);
770 if ((start & ~7) == (end & ~7)) {
772 mask &= ~(0xff << (end & 7));
777 start = (start + 8) & ~7;
779 while (start < end1) {
784 mask = ~(0xff << (end & 7));
790 static void build_page_bitmap(PageDesc *p)
792 int n, tb_start, tb_end;
793 TranslationBlock *tb;
795 p->code_bitmap = qemu_mallocz(TARGET_PAGE_SIZE / 8);
802 tb = (TranslationBlock *)((long)tb & ~3);
803 /* NOTE: this is subtle as a TB may span two physical pages */
805 /* NOTE: tb_end may be after the end of the page, but
806 it is not a problem */
807 tb_start = tb->pc & ~TARGET_PAGE_MASK;
808 tb_end = tb_start + tb->size;
809 if (tb_end > TARGET_PAGE_SIZE)
810 tb_end = TARGET_PAGE_SIZE;
813 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
815 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
816 tb = tb->page_next[n];
820 TranslationBlock *tb_gen_code(CPUState *env,
821 target_ulong pc, target_ulong cs_base,
822 int flags, int cflags)
824 TranslationBlock *tb;
826 target_ulong phys_pc, phys_page2, virt_page2;
829 phys_pc = get_phys_addr_code(env, pc);
832 /* flush must be done */
834 /* cannot fail at this point */
836 /* Don't forget to invalidate previous TB info. */
837 tb_invalidated_flag = 1;
839 tc_ptr = code_gen_ptr;
841 tb->cs_base = cs_base;
844 cpu_gen_code(env, tb, &code_gen_size);
845 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
847 /* check next page if needed */
848 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
850 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
851 phys_page2 = get_phys_addr_code(env, virt_page2);
853 tb_link_phys(tb, phys_pc, phys_page2);
857 /* invalidate all TBs which intersect with the target physical page
858 starting in range [start;end[. NOTE: start and end must refer to
859 the same physical page. 'is_cpu_write_access' should be true if called
860 from a real cpu write access: the virtual CPU will exit the current
861 TB if code is modified inside this TB. */
862 void tb_invalidate_phys_page_range(target_phys_addr_t start, target_phys_addr_t end,
863 int is_cpu_write_access)
865 int n, current_tb_modified, current_tb_not_found, current_flags;
866 CPUState *env = cpu_single_env;
868 TranslationBlock *tb, *tb_next, *current_tb, *saved_tb;
869 target_ulong tb_start, tb_end;
870 target_ulong current_pc, current_cs_base;
872 p = page_find(start >> TARGET_PAGE_BITS);
875 if (!p->code_bitmap &&
876 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
877 is_cpu_write_access) {
878 /* build code bitmap */
879 build_page_bitmap(p);
882 /* we remove all the TBs in the range [start, end[ */
883 /* XXX: see if in some cases it could be faster to invalidate all the code */
884 current_tb_not_found = is_cpu_write_access;
885 current_tb_modified = 0;
886 current_tb = NULL; /* avoid warning */
887 current_pc = 0; /* avoid warning */
888 current_cs_base = 0; /* avoid warning */
889 current_flags = 0; /* avoid warning */
893 tb = (TranslationBlock *)((long)tb & ~3);
894 tb_next = tb->page_next[n];
895 /* NOTE: this is subtle as a TB may span two physical pages */
897 /* NOTE: tb_end may be after the end of the page, but
898 it is not a problem */
899 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
900 tb_end = tb_start + tb->size;
902 tb_start = tb->page_addr[1];
903 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
905 if (!(tb_end <= start || tb_start >= end)) {
906 #ifdef TARGET_HAS_PRECISE_SMC
907 if (current_tb_not_found) {
908 current_tb_not_found = 0;
910 if (env->mem_io_pc) {
911 /* now we have a real cpu fault */
912 current_tb = tb_find_pc(env->mem_io_pc);
915 if (current_tb == tb &&
916 (current_tb->cflags & CF_COUNT_MASK) != 1) {
917 /* If we are modifying the current TB, we must stop
918 its execution. We could be more precise by checking
919 that the modification is after the current PC, but it
920 would require a specialized function to partially
921 restore the CPU state */
923 current_tb_modified = 1;
924 cpu_restore_state(current_tb, env,
925 env->mem_io_pc, NULL);
926 #if defined(TARGET_I386)
927 current_flags = env->hflags;
928 current_flags |= (env->eflags & (IOPL_MASK | TF_MASK | VM_MASK));
929 current_cs_base = (target_ulong)env->segs[R_CS].base;
930 current_pc = current_cs_base + env->eip;
932 #error unsupported CPU
935 #endif /* TARGET_HAS_PRECISE_SMC */
936 /* we need to do that to handle the case where a signal
937 occurs while doing tb_phys_invalidate() */
940 saved_tb = env->current_tb;
941 env->current_tb = NULL;
943 tb_phys_invalidate(tb, -1);
945 env->current_tb = saved_tb;
946 if (env->interrupt_request && env->current_tb)
947 cpu_interrupt(env, env->interrupt_request);
952 #if !defined(CONFIG_USER_ONLY)
953 /* if no code remaining, no need to continue to use slow writes */
955 invalidate_page_bitmap(p);
956 if (is_cpu_write_access) {
957 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
961 #ifdef TARGET_HAS_PRECISE_SMC
962 if (current_tb_modified) {
963 /* we generate a block containing just the instruction
964 modifying the memory. It will ensure that it cannot modify
966 env->current_tb = NULL;
967 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
968 cpu_resume_from_signal(env, NULL);
973 /* len must be <= 8 and start must be a multiple of len */
974 static inline void tb_invalidate_phys_page_fast(target_phys_addr_t start, int len)
981 fprintf(logfile, "modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
982 cpu_single_env->mem_io_vaddr, len,
984 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
988 p = page_find(start >> TARGET_PAGE_BITS);
991 if (p->code_bitmap) {
992 offset = start & ~TARGET_PAGE_MASK;
993 b = p->code_bitmap[offset >> 3] >> (offset & 7);
994 if (b & ((1 << len) - 1))
998 tb_invalidate_phys_page_range(start, start + len, 1);
1002 #if !defined(CONFIG_SOFTMMU)
1003 static void tb_invalidate_phys_page(target_phys_addr_t addr,
1004 unsigned long pc, void *puc)
1006 int n, current_flags, current_tb_modified;
1007 target_ulong current_pc, current_cs_base;
1009 TranslationBlock *tb, *current_tb;
1010 #ifdef TARGET_HAS_PRECISE_SMC
1011 CPUState *env = cpu_single_env;
1014 addr &= TARGET_PAGE_MASK;
1015 p = page_find(addr >> TARGET_PAGE_BITS);
1019 current_tb_modified = 0;
1021 current_pc = 0; /* avoid warning */
1022 current_cs_base = 0; /* avoid warning */
1023 current_flags = 0; /* avoid warning */
1024 #ifdef TARGET_HAS_PRECISE_SMC
1025 if (tb && pc != 0) {
1026 current_tb = tb_find_pc(pc);
1029 while (tb != NULL) {
1031 tb = (TranslationBlock *)((long)tb & ~3);
1032 #ifdef TARGET_HAS_PRECISE_SMC
1033 if (current_tb == tb &&
1034 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1035 /* If we are modifying the current TB, we must stop
1036 its execution. We could be more precise by checking
1037 that the modification is after the current PC, but it
1038 would require a specialized function to partially
1039 restore the CPU state */
1041 current_tb_modified = 1;
1042 cpu_restore_state(current_tb, env, pc, puc);
1043 #if defined(TARGET_I386)
1044 current_flags = env->hflags;
1045 current_flags |= (env->eflags & (IOPL_MASK | TF_MASK | VM_MASK));
1046 current_cs_base = (target_ulong)env->segs[R_CS].base;
1047 current_pc = current_cs_base + env->eip;
1049 #error unsupported CPU
1052 #endif /* TARGET_HAS_PRECISE_SMC */
1053 tb_phys_invalidate(tb, addr);
1054 tb = tb->page_next[n];
1057 #ifdef TARGET_HAS_PRECISE_SMC
1058 if (current_tb_modified) {
1059 /* we generate a block containing just the instruction
1060 modifying the memory. It will ensure that it cannot modify
1062 env->current_tb = NULL;
1063 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1064 cpu_resume_from_signal(env, puc);
1070 /* add the tb in the target page and protect it if necessary */
1071 static inline void tb_alloc_page(TranslationBlock *tb,
1072 unsigned int n, target_ulong page_addr)
1075 TranslationBlock *last_first_tb;
1077 tb->page_addr[n] = page_addr;
1078 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS);
1079 tb->page_next[n] = p->first_tb;
1080 last_first_tb = p->first_tb;
1081 p->first_tb = (TranslationBlock *)((long)tb | n);
1082 invalidate_page_bitmap(p);
1084 #if defined(TARGET_HAS_SMC) || 1
1086 #if defined(CONFIG_USER_ONLY)
1087 if (p->flags & PAGE_WRITE) {
1092 /* force the host page as non writable (writes will have a
1093 page fault + mprotect overhead) */
1094 page_addr &= qemu_host_page_mask;
1096 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1097 addr += TARGET_PAGE_SIZE) {
1099 p2 = page_find (addr >> TARGET_PAGE_BITS);
1103 p2->flags &= ~PAGE_WRITE;
1104 page_get_flags(addr);
1106 mprotect(g2h(page_addr), qemu_host_page_size,
1107 (prot & PAGE_BITS) & ~PAGE_WRITE);
1108 #ifdef DEBUG_TB_INVALIDATE
1109 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1114 /* if some code is already present, then the pages are already
1115 protected. So we handle the case where only the first TB is
1116 allocated in a physical page */
1117 if (!last_first_tb) {
1118 tlb_protect_code(page_addr);
1122 #endif /* TARGET_HAS_SMC */
1125 /* Allocate a new translation block. Flush the translation buffer if
1126 too many translation blocks or too much generated code. */
1127 TranslationBlock *tb_alloc(target_ulong pc)
1129 TranslationBlock *tb;
1131 if (nb_tbs >= code_gen_max_blocks ||
1132 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
1134 tb = &tbs[nb_tbs++];
1140 void tb_free(TranslationBlock *tb)
1142 /* In practice this is mostly used for single use temporary TB
1143 Ignore the hard cases and just back up if this TB happens to
1144 be the last one generated. */
1145 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
1146 code_gen_ptr = tb->tc_ptr;
1151 /* add a new TB and link it to the physical page tables. phys_page2 is
1152 (-1) to indicate that only one page contains the TB. */
1153 void tb_link_phys(TranslationBlock *tb,
1154 target_ulong phys_pc, target_ulong phys_page2)
1157 TranslationBlock **ptb;
1159 /* Grab the mmap lock to stop another thread invalidating this TB
1160 before we are done. */
1162 /* add in the physical hash table */
1163 h = tb_phys_hash_func(phys_pc);
1164 ptb = &tb_phys_hash[h];
1165 tb->phys_hash_next = *ptb;
1168 /* add in the page list */
1169 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1170 if (phys_page2 != -1)
1171 tb_alloc_page(tb, 1, phys_page2);
1173 tb->page_addr[1] = -1;
1175 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1176 tb->jmp_next[0] = NULL;
1177 tb->jmp_next[1] = NULL;
1179 /* init original jump addresses */
1180 if (tb->tb_next_offset[0] != 0xffff)
1181 tb_reset_jump(tb, 0);
1182 if (tb->tb_next_offset[1] != 0xffff)
1183 tb_reset_jump(tb, 1);
1185 #ifdef DEBUG_TB_CHECK
1191 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1192 tb[1].tc_ptr. Return NULL if not found */
1193 TranslationBlock *tb_find_pc(unsigned long tc_ptr)
1195 int m_min, m_max, m;
1197 TranslationBlock *tb;
1201 if (tc_ptr < (unsigned long)code_gen_buffer ||
1202 tc_ptr >= (unsigned long)code_gen_ptr)
1204 /* binary search (cf Knuth) */
1207 while (m_min <= m_max) {
1208 m = (m_min + m_max) >> 1;
1210 v = (unsigned long)tb->tc_ptr;
1213 else if (tc_ptr < v) {
1222 static void tb_reset_jump_recursive(TranslationBlock *tb);
1224 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1226 TranslationBlock *tb1, *tb_next, **ptb;
1229 tb1 = tb->jmp_next[n];
1231 /* find head of list */
1234 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1237 tb1 = tb1->jmp_next[n1];
1239 /* we are now sure now that tb jumps to tb1 */
1242 /* remove tb from the jmp_first list */
1243 ptb = &tb_next->jmp_first;
1247 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1248 if (n1 == n && tb1 == tb)
1250 ptb = &tb1->jmp_next[n1];
1252 *ptb = tb->jmp_next[n];
1253 tb->jmp_next[n] = NULL;
1255 /* suppress the jump to next tb in generated code */
1256 tb_reset_jump(tb, n);
1258 /* suppress jumps in the tb on which we could have jumped */
1259 tb_reset_jump_recursive(tb_next);
1263 static void tb_reset_jump_recursive(TranslationBlock *tb)
1265 tb_reset_jump_recursive2(tb, 0);
1266 tb_reset_jump_recursive2(tb, 1);
1269 #if defined(TARGET_HAS_ICE)
1270 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1272 target_phys_addr_t addr;
1274 ram_addr_t ram_addr;
1277 addr = cpu_get_phys_page_debug(env, pc);
1278 p = phys_page_find(addr >> TARGET_PAGE_BITS);
1280 pd = IO_MEM_UNASSIGNED;
1282 pd = p->phys_offset;
1284 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
1285 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1289 /* Add a watchpoint. */
1290 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, int type)
1294 for (i = 0; i < env->nb_watchpoints; i++) {
1295 if (addr == env->watchpoint[i].vaddr)
1298 if (env->nb_watchpoints >= MAX_WATCHPOINTS)
1301 i = env->nb_watchpoints++;
1302 env->watchpoint[i].vaddr = addr;
1303 env->watchpoint[i].type = type;
1304 tlb_flush_page(env, addr);
1305 /* FIXME: This flush is needed because of the hack to make memory ops
1306 terminate the TB. It can be removed once the proper IO trap and
1307 re-execute bits are in. */
1312 /* Remove a watchpoint. */
1313 int cpu_watchpoint_remove(CPUState *env, target_ulong addr)
1317 for (i = 0; i < env->nb_watchpoints; i++) {
1318 if (addr == env->watchpoint[i].vaddr) {
1319 env->nb_watchpoints--;
1320 env->watchpoint[i] = env->watchpoint[env->nb_watchpoints];
1321 tlb_flush_page(env, addr);
1328 /* Remove all watchpoints. */
1329 void cpu_watchpoint_remove_all(CPUState *env) {
1332 for (i = 0; i < env->nb_watchpoints; i++) {
1333 tlb_flush_page(env, env->watchpoint[i].vaddr);
1335 env->nb_watchpoints = 0;
1338 /* add a breakpoint. EXCP_DEBUG is returned by the CPU loop if a
1339 breakpoint is reached */
1340 int cpu_breakpoint_insert(CPUState *env, target_ulong pc)
1342 #if defined(TARGET_HAS_ICE)
1345 for(i = 0; i < env->nb_breakpoints; i++) {
1346 if (env->breakpoints[i] == pc)
1350 if (env->nb_breakpoints >= MAX_BREAKPOINTS)
1352 env->breakpoints[env->nb_breakpoints++] = pc;
1354 breakpoint_invalidate(env, pc);
1361 /* remove all breakpoints */
1362 void cpu_breakpoint_remove_all(CPUState *env) {
1363 #if defined(TARGET_HAS_ICE)
1365 for(i = 0; i < env->nb_breakpoints; i++) {
1366 breakpoint_invalidate(env, env->breakpoints[i]);
1368 env->nb_breakpoints = 0;
1372 /* remove a breakpoint */
1373 int cpu_breakpoint_remove(CPUState *env, target_ulong pc)
1375 #if defined(TARGET_HAS_ICE)
1377 for(i = 0; i < env->nb_breakpoints; i++) {
1378 if (env->breakpoints[i] == pc)
1383 env->nb_breakpoints--;
1384 if (i < env->nb_breakpoints)
1385 env->breakpoints[i] = env->breakpoints[env->nb_breakpoints];
1387 breakpoint_invalidate(env, pc);
1394 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1395 CPU loop after each instruction */
1396 void cpu_single_step(CPUState *env, int enabled)
1398 #if defined(TARGET_HAS_ICE)
1399 if (env->singlestep_enabled != enabled) {
1400 env->singlestep_enabled = enabled;
1401 /* must flush all the translated code to avoid inconsistancies */
1402 /* XXX: only flush what is necessary */
1408 /* enable or disable low levels log */
1409 void cpu_set_log(int log_flags)
1411 loglevel = log_flags;
1412 if (loglevel && !logfile) {
1413 logfile = fopen(logfilename, log_append ? "a" : "w");
1415 perror(logfilename);
1418 #if !defined(CONFIG_SOFTMMU)
1419 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1421 static char logfile_buf[4096];
1422 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1425 setvbuf(logfile, NULL, _IOLBF, 0);
1429 if (!loglevel && logfile) {
1435 void cpu_set_log_filename(const char *filename)
1437 logfilename = strdup(filename);
1442 cpu_set_log(loglevel);
1445 /* mask must never be zero, except for A20 change call */
1446 void cpu_interrupt(CPUState *env, int mask)
1448 #if !defined(USE_NPTL)
1449 TranslationBlock *tb;
1450 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1454 old_mask = env->interrupt_request;
1455 /* FIXME: This is probably not threadsafe. A different thread could
1456 be in the middle of a read-modify-write operation. */
1457 env->interrupt_request |= mask;
1458 #if defined(USE_NPTL)
1459 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1460 problem and hope the cpu will stop of its own accord. For userspace
1461 emulation this often isn't actually as bad as it sounds. Often
1462 signals are used primarily to interrupt blocking syscalls. */
1465 env->icount_decr.u16.high = 0xffff;
1466 #ifndef CONFIG_USER_ONLY
1467 /* CPU_INTERRUPT_EXIT isn't a real interrupt. It just means
1468 an async event happened and we need to process it. */
1470 && (mask & ~(old_mask | CPU_INTERRUPT_EXIT)) != 0) {
1471 cpu_abort(env, "Raised interrupt while not in I/O function");
1475 tb = env->current_tb;
1476 /* if the cpu is currently executing code, we must unlink it and
1477 all the potentially executing TB */
1478 if (tb && !testandset(&interrupt_lock)) {
1479 env->current_tb = NULL;
1480 tb_reset_jump_recursive(tb);
1481 resetlock(&interrupt_lock);
1487 void cpu_reset_interrupt(CPUState *env, int mask)
1489 env->interrupt_request &= ~mask;
1492 CPULogItem cpu_log_items[] = {
1493 { CPU_LOG_TB_OUT_ASM, "out_asm",
1494 "show generated host assembly code for each compiled TB" },
1495 { CPU_LOG_TB_IN_ASM, "in_asm",
1496 "show target assembly code for each compiled TB" },
1497 { CPU_LOG_TB_OP, "op",
1498 "show micro ops for each compiled TB" },
1499 { CPU_LOG_TB_OP_OPT, "op_opt",
1502 "before eflags optimization and "
1504 "after liveness analysis" },
1505 { CPU_LOG_INT, "int",
1506 "show interrupts/exceptions in short format" },
1507 { CPU_LOG_EXEC, "exec",
1508 "show trace before each executed TB (lots of logs)" },
1509 { CPU_LOG_TB_CPU, "cpu",
1510 "show CPU state before block translation" },
1512 { CPU_LOG_PCALL, "pcall",
1513 "show protected mode far calls/returns/exceptions" },
1516 { CPU_LOG_IOPORT, "ioport",
1517 "show all i/o ports accesses" },
1522 static int cmp1(const char *s1, int n, const char *s2)
1524 if (strlen(s2) != n)
1526 return memcmp(s1, s2, n) == 0;
1529 /* takes a comma separated list of log masks. Return 0 if error. */
1530 int cpu_str_to_log_mask(const char *str)
1539 p1 = strchr(p, ',');
1542 if(cmp1(p,p1-p,"all")) {
1543 for(item = cpu_log_items; item->mask != 0; item++) {
1547 for(item = cpu_log_items; item->mask != 0; item++) {
1548 if (cmp1(p, p1 - p, item->name))
1562 void cpu_abort(CPUState *env, const char *fmt, ...)
1569 fprintf(stderr, "qemu: fatal: ");
1570 vfprintf(stderr, fmt, ap);
1571 fprintf(stderr, "\n");
1573 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1575 cpu_dump_state(env, stderr, fprintf, 0);
1578 fprintf(logfile, "qemu: fatal: ");
1579 vfprintf(logfile, fmt, ap2);
1580 fprintf(logfile, "\n");
1582 cpu_dump_state(env, logfile, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1584 cpu_dump_state(env, logfile, fprintf, 0);
1594 CPUState *cpu_copy(CPUState *env)
1596 CPUState *new_env = cpu_init(env->cpu_model_str);
1597 /* preserve chaining and index */
1598 CPUState *next_cpu = new_env->next_cpu;
1599 int cpu_index = new_env->cpu_index;
1600 memcpy(new_env, env, sizeof(CPUState));
1601 new_env->next_cpu = next_cpu;
1602 new_env->cpu_index = cpu_index;
1606 #if !defined(CONFIG_USER_ONLY)
1608 static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1612 /* Discard jump cache entries for any tb which might potentially
1613 overlap the flushed page. */
1614 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1615 memset (&env->tb_jmp_cache[i], 0,
1616 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1618 i = tb_jmp_cache_hash_page(addr);
1619 memset (&env->tb_jmp_cache[i], 0,
1620 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1623 /* NOTE: if flush_global is true, also flush global entries (not
1625 void tlb_flush(CPUState *env, int flush_global)
1629 #if defined(DEBUG_TLB)
1630 printf("tlb_flush:\n");
1632 /* must reset current TB so that interrupts cannot modify the
1633 links while we are modifying them */
1634 env->current_tb = NULL;
1636 for(i = 0; i < CPU_TLB_SIZE; i++) {
1637 env->tlb_table[0][i].addr_read = -1;
1638 env->tlb_table[0][i].addr_write = -1;
1639 env->tlb_table[0][i].addr_code = -1;
1640 env->tlb_table[1][i].addr_read = -1;
1641 env->tlb_table[1][i].addr_write = -1;
1642 env->tlb_table[1][i].addr_code = -1;
1643 #if (NB_MMU_MODES >= 3)
1644 env->tlb_table[2][i].addr_read = -1;
1645 env->tlb_table[2][i].addr_write = -1;
1646 env->tlb_table[2][i].addr_code = -1;
1647 #if (NB_MMU_MODES == 4)
1648 env->tlb_table[3][i].addr_read = -1;
1649 env->tlb_table[3][i].addr_write = -1;
1650 env->tlb_table[3][i].addr_code = -1;
1655 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
1658 if (env->kqemu_enabled) {
1659 kqemu_flush(env, flush_global);
1665 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
1667 if (addr == (tlb_entry->addr_read &
1668 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1669 addr == (tlb_entry->addr_write &
1670 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1671 addr == (tlb_entry->addr_code &
1672 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
1673 tlb_entry->addr_read = -1;
1674 tlb_entry->addr_write = -1;
1675 tlb_entry->addr_code = -1;
1679 void tlb_flush_page(CPUState *env, target_ulong addr)
1683 #if defined(DEBUG_TLB)
1684 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
1686 /* must reset current TB so that interrupts cannot modify the
1687 links while we are modifying them */
1688 env->current_tb = NULL;
1690 addr &= TARGET_PAGE_MASK;
1691 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1692 tlb_flush_entry(&env->tlb_table[0][i], addr);
1693 tlb_flush_entry(&env->tlb_table[1][i], addr);
1694 #if (NB_MMU_MODES >= 3)
1695 tlb_flush_entry(&env->tlb_table[2][i], addr);
1696 #if (NB_MMU_MODES == 4)
1697 tlb_flush_entry(&env->tlb_table[3][i], addr);
1701 tlb_flush_jmp_cache(env, addr);
1704 if (env->kqemu_enabled) {
1705 kqemu_flush_page(env, addr);
1710 /* update the TLBs so that writes to code in the virtual page 'addr'
1712 static void tlb_protect_code(ram_addr_t ram_addr)
1714 cpu_physical_memory_reset_dirty(ram_addr,
1715 ram_addr + TARGET_PAGE_SIZE,
1719 /* update the TLB so that writes in physical page 'phys_addr' are no longer
1720 tested for self modifying code */
1721 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
1724 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] |= CODE_DIRTY_FLAG;
1727 static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
1728 unsigned long start, unsigned long length)
1731 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1732 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
1733 if ((addr - start) < length) {
1734 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
1739 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
1743 unsigned long length, start1;
1747 start &= TARGET_PAGE_MASK;
1748 end = TARGET_PAGE_ALIGN(end);
1750 length = end - start;
1753 len = length >> TARGET_PAGE_BITS;
1755 /* XXX: should not depend on cpu context */
1757 if (env->kqemu_enabled) {
1760 for(i = 0; i < len; i++) {
1761 kqemu_set_notdirty(env, addr);
1762 addr += TARGET_PAGE_SIZE;
1766 mask = ~dirty_flags;
1767 p = phys_ram_dirty + (start >> TARGET_PAGE_BITS);
1768 for(i = 0; i < len; i++)
1771 /* we modify the TLB cache so that the dirty bit will be set again
1772 when accessing the range */
1773 start1 = start + (unsigned long)phys_ram_base;
1774 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1775 for(i = 0; i < CPU_TLB_SIZE; i++)
1776 tlb_reset_dirty_range(&env->tlb_table[0][i], start1, length);
1777 for(i = 0; i < CPU_TLB_SIZE; i++)
1778 tlb_reset_dirty_range(&env->tlb_table[1][i], start1, length);
1779 #if (NB_MMU_MODES >= 3)
1780 for(i = 0; i < CPU_TLB_SIZE; i++)
1781 tlb_reset_dirty_range(&env->tlb_table[2][i], start1, length);
1782 #if (NB_MMU_MODES == 4)
1783 for(i = 0; i < CPU_TLB_SIZE; i++)
1784 tlb_reset_dirty_range(&env->tlb_table[3][i], start1, length);
1790 static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
1792 ram_addr_t ram_addr;
1794 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1795 ram_addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) +
1796 tlb_entry->addend - (unsigned long)phys_ram_base;
1797 if (!cpu_physical_memory_is_dirty(ram_addr)) {
1798 tlb_entry->addr_write |= TLB_NOTDIRTY;
1803 /* update the TLB according to the current state of the dirty bits */
1804 void cpu_tlb_update_dirty(CPUState *env)
1807 for(i = 0; i < CPU_TLB_SIZE; i++)
1808 tlb_update_dirty(&env->tlb_table[0][i]);
1809 for(i = 0; i < CPU_TLB_SIZE; i++)
1810 tlb_update_dirty(&env->tlb_table[1][i]);
1811 #if (NB_MMU_MODES >= 3)
1812 for(i = 0; i < CPU_TLB_SIZE; i++)
1813 tlb_update_dirty(&env->tlb_table[2][i]);
1814 #if (NB_MMU_MODES == 4)
1815 for(i = 0; i < CPU_TLB_SIZE; i++)
1816 tlb_update_dirty(&env->tlb_table[3][i]);
1821 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
1823 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
1824 tlb_entry->addr_write = vaddr;
1827 /* update the TLB corresponding to virtual page vaddr
1828 so that it is no longer dirty */
1829 static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
1833 vaddr &= TARGET_PAGE_MASK;
1834 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1835 tlb_set_dirty1(&env->tlb_table[0][i], vaddr);
1836 tlb_set_dirty1(&env->tlb_table[1][i], vaddr);
1837 #if (NB_MMU_MODES >= 3)
1838 tlb_set_dirty1(&env->tlb_table[2][i], vaddr);
1839 #if (NB_MMU_MODES == 4)
1840 tlb_set_dirty1(&env->tlb_table[3][i], vaddr);
1845 /* add a new TLB entry. At most one entry for a given virtual address
1846 is permitted. Return 0 if OK or 2 if the page could not be mapped
1847 (can only happen in non SOFTMMU mode for I/O pages or pages
1848 conflicting with the host address space). */
1849 int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
1850 target_phys_addr_t paddr, int prot,
1851 int mmu_idx, int is_softmmu)
1856 target_ulong address;
1857 target_ulong code_address;
1858 target_phys_addr_t addend;
1862 target_phys_addr_t iotlb;
1864 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
1866 pd = IO_MEM_UNASSIGNED;
1868 pd = p->phys_offset;
1870 #if defined(DEBUG_TLB)
1871 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x%08x prot=%x idx=%d smmu=%d pd=0x%08lx\n",
1872 vaddr, (int)paddr, prot, mmu_idx, is_softmmu, pd);
1877 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
1878 /* IO memory case (romd handled later) */
1879 address |= TLB_MMIO;
1881 addend = (unsigned long)phys_ram_base + (pd & TARGET_PAGE_MASK);
1882 if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM) {
1884 iotlb = pd & TARGET_PAGE_MASK;
1885 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
1886 iotlb |= IO_MEM_NOTDIRTY;
1888 iotlb |= IO_MEM_ROM;
1890 /* IO handlers are currently passed a phsical address.
1891 It would be nice to pass an offset from the base address
1892 of that region. This would avoid having to special case RAM,
1893 and avoid full address decoding in every device.
1894 We can't use the high bits of pd for this because
1895 IO_MEM_ROMD uses these as a ram address. */
1896 iotlb = (pd & ~TARGET_PAGE_MASK) + paddr;
1899 code_address = address;
1900 /* Make accesses to pages with watchpoints go via the
1901 watchpoint trap routines. */
1902 for (i = 0; i < env->nb_watchpoints; i++) {
1903 if (vaddr == (env->watchpoint[i].vaddr & TARGET_PAGE_MASK)) {
1904 iotlb = io_mem_watch + paddr;
1905 /* TODO: The memory case can be optimized by not trapping
1906 reads of pages with a write breakpoint. */
1907 address |= TLB_MMIO;
1911 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1912 env->iotlb[mmu_idx][index] = iotlb - vaddr;
1913 te = &env->tlb_table[mmu_idx][index];
1914 te->addend = addend - vaddr;
1915 if (prot & PAGE_READ) {
1916 te->addr_read = address;
1921 if (prot & PAGE_EXEC) {
1922 te->addr_code = code_address;
1926 if (prot & PAGE_WRITE) {
1927 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM ||
1928 (pd & IO_MEM_ROMD)) {
1929 /* Write access calls the I/O callback. */
1930 te->addr_write = address | TLB_MMIO;
1931 } else if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
1932 !cpu_physical_memory_is_dirty(pd)) {
1933 te->addr_write = address | TLB_NOTDIRTY;
1935 te->addr_write = address;
1938 te->addr_write = -1;
1945 void tlb_flush(CPUState *env, int flush_global)
1949 void tlb_flush_page(CPUState *env, target_ulong addr)
1953 int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
1954 target_phys_addr_t paddr, int prot,
1955 int mmu_idx, int is_softmmu)
1960 /* dump memory mappings */
1961 void page_dump(FILE *f)
1963 unsigned long start, end;
1964 int i, j, prot, prot1;
1967 fprintf(f, "%-8s %-8s %-8s %s\n",
1968 "start", "end", "size", "prot");
1972 for(i = 0; i <= L1_SIZE; i++) {
1977 for(j = 0;j < L2_SIZE; j++) {
1982 if (prot1 != prot) {
1983 end = (i << (32 - L1_BITS)) | (j << TARGET_PAGE_BITS);
1985 fprintf(f, "%08lx-%08lx %08lx %c%c%c\n",
1986 start, end, end - start,
1987 prot & PAGE_READ ? 'r' : '-',
1988 prot & PAGE_WRITE ? 'w' : '-',
1989 prot & PAGE_EXEC ? 'x' : '-');
2003 int page_get_flags(target_ulong address)
2007 p = page_find(address >> TARGET_PAGE_BITS);
2013 /* modify the flags of a page and invalidate the code if
2014 necessary. The flag PAGE_WRITE_ORG is positionned automatically
2015 depending on PAGE_WRITE */
2016 void page_set_flags(target_ulong start, target_ulong end, int flags)
2021 /* mmap_lock should already be held. */
2022 start = start & TARGET_PAGE_MASK;
2023 end = TARGET_PAGE_ALIGN(end);
2024 if (flags & PAGE_WRITE)
2025 flags |= PAGE_WRITE_ORG;
2026 for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
2027 p = page_find_alloc(addr >> TARGET_PAGE_BITS);
2028 /* We may be called for host regions that are outside guest
2032 /* if the write protection is set, then we invalidate the code
2034 if (!(p->flags & PAGE_WRITE) &&
2035 (flags & PAGE_WRITE) &&
2037 tb_invalidate_phys_page(addr, 0, NULL);
2043 int page_check_range(target_ulong start, target_ulong len, int flags)
2049 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2050 start = start & TARGET_PAGE_MASK;
2053 /* we've wrapped around */
2055 for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
2056 p = page_find(addr >> TARGET_PAGE_BITS);
2059 if( !(p->flags & PAGE_VALID) )
2062 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
2064 if (flags & PAGE_WRITE) {
2065 if (!(p->flags & PAGE_WRITE_ORG))
2067 /* unprotect the page if it was put read-only because it
2068 contains translated code */
2069 if (!(p->flags & PAGE_WRITE)) {
2070 if (!page_unprotect(addr, 0, NULL))
2079 /* called from signal handler: invalidate the code and unprotect the
2080 page. Return TRUE if the fault was succesfully handled. */
2081 int page_unprotect(target_ulong address, unsigned long pc, void *puc)
2083 unsigned int page_index, prot, pindex;
2085 target_ulong host_start, host_end, addr;
2087 /* Technically this isn't safe inside a signal handler. However we
2088 know this only ever happens in a synchronous SEGV handler, so in
2089 practice it seems to be ok. */
2092 host_start = address & qemu_host_page_mask;
2093 page_index = host_start >> TARGET_PAGE_BITS;
2094 p1 = page_find(page_index);
2099 host_end = host_start + qemu_host_page_size;
2102 for(addr = host_start;addr < host_end; addr += TARGET_PAGE_SIZE) {
2106 /* if the page was really writable, then we change its
2107 protection back to writable */
2108 if (prot & PAGE_WRITE_ORG) {
2109 pindex = (address - host_start) >> TARGET_PAGE_BITS;
2110 if (!(p1[pindex].flags & PAGE_WRITE)) {
2111 mprotect((void *)g2h(host_start), qemu_host_page_size,
2112 (prot & PAGE_BITS) | PAGE_WRITE);
2113 p1[pindex].flags |= PAGE_WRITE;
2114 /* and since the content will be modified, we must invalidate
2115 the corresponding translated code. */
2116 tb_invalidate_phys_page(address, pc, puc);
2117 #ifdef DEBUG_TB_CHECK
2118 tb_invalidate_check(address);
2128 static inline void tlb_set_dirty(CPUState *env,
2129 unsigned long addr, target_ulong vaddr)
2132 #endif /* defined(CONFIG_USER_ONLY) */
2134 #if !defined(CONFIG_USER_ONLY)
2135 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2137 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2138 ram_addr_t orig_memory);
2139 #define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2142 if (addr > start_addr) \
2145 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2146 if (start_addr2 > 0) \
2150 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
2151 end_addr2 = TARGET_PAGE_SIZE - 1; \
2153 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2154 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2159 /* register physical memory. 'size' must be a multiple of the target
2160 page size. If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
2162 void cpu_register_physical_memory(target_phys_addr_t start_addr,
2164 ram_addr_t phys_offset)
2166 target_phys_addr_t addr, end_addr;
2169 ram_addr_t orig_size = size;
2173 /* XXX: should not depend on cpu context */
2175 if (env->kqemu_enabled) {
2176 kqemu_set_phys_mem(start_addr, size, phys_offset);
2179 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
2180 end_addr = start_addr + (target_phys_addr_t)size;
2181 for(addr = start_addr; addr != end_addr; addr += TARGET_PAGE_SIZE) {
2182 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2183 if (p && p->phys_offset != IO_MEM_UNASSIGNED) {
2184 ram_addr_t orig_memory = p->phys_offset;
2185 target_phys_addr_t start_addr2, end_addr2;
2186 int need_subpage = 0;
2188 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2190 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2191 if (!(orig_memory & IO_MEM_SUBPAGE)) {
2192 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2193 &p->phys_offset, orig_memory);
2195 subpage = io_mem_opaque[(orig_memory & ~TARGET_PAGE_MASK)
2198 subpage_register(subpage, start_addr2, end_addr2, phys_offset);
2200 p->phys_offset = phys_offset;
2201 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2202 (phys_offset & IO_MEM_ROMD))
2203 phys_offset += TARGET_PAGE_SIZE;
2206 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2207 p->phys_offset = phys_offset;
2208 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2209 (phys_offset & IO_MEM_ROMD))
2210 phys_offset += TARGET_PAGE_SIZE;
2212 target_phys_addr_t start_addr2, end_addr2;
2213 int need_subpage = 0;
2215 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2216 end_addr2, need_subpage);
2218 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2219 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2220 &p->phys_offset, IO_MEM_UNASSIGNED);
2221 subpage_register(subpage, start_addr2, end_addr2,
2228 /* since each CPU stores ram addresses in its TLB cache, we must
2229 reset the modified entries */
2231 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2236 /* XXX: temporary until new memory mapping API */
2237 ram_addr_t cpu_get_physical_page_desc(target_phys_addr_t addr)
2241 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2243 return IO_MEM_UNASSIGNED;
2244 return p->phys_offset;
2247 /* XXX: better than nothing */
2248 ram_addr_t qemu_ram_alloc(ram_addr_t size)
2251 if ((phys_ram_alloc_offset + size) > phys_ram_size) {
2252 fprintf(stderr, "Not enough memory (requested_size = %" PRIu64 ", max memory = %" PRIu64 "\n",
2253 (uint64_t)size, (uint64_t)phys_ram_size);
2256 addr = phys_ram_alloc_offset;
2257 phys_ram_alloc_offset = TARGET_PAGE_ALIGN(phys_ram_alloc_offset + size);
2261 void qemu_ram_free(ram_addr_t addr)
2265 static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
2267 #ifdef DEBUG_UNASSIGNED
2268 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2271 do_unassigned_access(addr, 0, 0, 0);
2272 #elif defined(TARGET_CRIS)
2273 do_unassigned_access(addr, 0, 0, 0);
2278 static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
2280 #ifdef DEBUG_UNASSIGNED
2281 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2284 do_unassigned_access(addr, 1, 0, 0);
2285 #elif defined(TARGET_CRIS)
2286 do_unassigned_access(addr, 1, 0, 0);
2290 static CPUReadMemoryFunc *unassigned_mem_read[3] = {
2291 unassigned_mem_readb,
2292 unassigned_mem_readb,
2293 unassigned_mem_readb,
2296 static CPUWriteMemoryFunc *unassigned_mem_write[3] = {
2297 unassigned_mem_writeb,
2298 unassigned_mem_writeb,
2299 unassigned_mem_writeb,
2302 static void notdirty_mem_writeb(void *opaque, target_phys_addr_t ram_addr,
2306 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2307 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2308 #if !defined(CONFIG_USER_ONLY)
2309 tb_invalidate_phys_page_fast(ram_addr, 1);
2310 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2313 stb_p(phys_ram_base + ram_addr, val);
2315 if (cpu_single_env->kqemu_enabled &&
2316 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2317 kqemu_modify_page(cpu_single_env, ram_addr);
2319 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2320 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2321 /* we remove the notdirty callback only if the code has been
2323 if (dirty_flags == 0xff)
2324 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2327 static void notdirty_mem_writew(void *opaque, target_phys_addr_t ram_addr,
2331 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2332 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2333 #if !defined(CONFIG_USER_ONLY)
2334 tb_invalidate_phys_page_fast(ram_addr, 2);
2335 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2338 stw_p(phys_ram_base + ram_addr, val);
2340 if (cpu_single_env->kqemu_enabled &&
2341 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2342 kqemu_modify_page(cpu_single_env, ram_addr);
2344 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2345 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2346 /* we remove the notdirty callback only if the code has been
2348 if (dirty_flags == 0xff)
2349 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2352 static void notdirty_mem_writel(void *opaque, target_phys_addr_t ram_addr,
2356 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2357 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2358 #if !defined(CONFIG_USER_ONLY)
2359 tb_invalidate_phys_page_fast(ram_addr, 4);
2360 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2363 stl_p(phys_ram_base + ram_addr, val);
2365 if (cpu_single_env->kqemu_enabled &&
2366 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2367 kqemu_modify_page(cpu_single_env, ram_addr);
2369 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2370 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2371 /* we remove the notdirty callback only if the code has been
2373 if (dirty_flags == 0xff)
2374 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2377 static CPUReadMemoryFunc *error_mem_read[3] = {
2378 NULL, /* never used */
2379 NULL, /* never used */
2380 NULL, /* never used */
2383 static CPUWriteMemoryFunc *notdirty_mem_write[3] = {
2384 notdirty_mem_writeb,
2385 notdirty_mem_writew,
2386 notdirty_mem_writel,
2389 /* Generate a debug exception if a watchpoint has been hit. */
2390 static void check_watchpoint(int offset, int flags)
2392 CPUState *env = cpu_single_env;
2396 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2397 for (i = 0; i < env->nb_watchpoints; i++) {
2398 if (vaddr == env->watchpoint[i].vaddr
2399 && (env->watchpoint[i].type & flags)) {
2400 env->watchpoint_hit = i + 1;
2401 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
2407 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2408 so these check for a hit then pass through to the normal out-of-line
2410 static uint32_t watch_mem_readb(void *opaque, target_phys_addr_t addr)
2412 check_watchpoint(addr & ~TARGET_PAGE_MASK, PAGE_READ);
2413 return ldub_phys(addr);
2416 static uint32_t watch_mem_readw(void *opaque, target_phys_addr_t addr)
2418 check_watchpoint(addr & ~TARGET_PAGE_MASK, PAGE_READ);
2419 return lduw_phys(addr);
2422 static uint32_t watch_mem_readl(void *opaque, target_phys_addr_t addr)
2424 check_watchpoint(addr & ~TARGET_PAGE_MASK, PAGE_READ);
2425 return ldl_phys(addr);
2428 static void watch_mem_writeb(void *opaque, target_phys_addr_t addr,
2431 check_watchpoint(addr & ~TARGET_PAGE_MASK, PAGE_WRITE);
2432 stb_phys(addr, val);
2435 static void watch_mem_writew(void *opaque, target_phys_addr_t addr,
2438 check_watchpoint(addr & ~TARGET_PAGE_MASK, PAGE_WRITE);
2439 stw_phys(addr, val);
2442 static void watch_mem_writel(void *opaque, target_phys_addr_t addr,
2445 check_watchpoint(addr & ~TARGET_PAGE_MASK, PAGE_WRITE);
2446 stl_phys(addr, val);
2449 static CPUReadMemoryFunc *watch_mem_read[3] = {
2455 static CPUWriteMemoryFunc *watch_mem_write[3] = {
2461 static inline uint32_t subpage_readlen (subpage_t *mmio, target_phys_addr_t addr,
2467 idx = SUBPAGE_IDX(addr - mmio->base);
2468 #if defined(DEBUG_SUBPAGE)
2469 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
2470 mmio, len, addr, idx);
2472 ret = (**mmio->mem_read[idx][len])(mmio->opaque[idx][0][len], addr);
2477 static inline void subpage_writelen (subpage_t *mmio, target_phys_addr_t addr,
2478 uint32_t value, unsigned int len)
2482 idx = SUBPAGE_IDX(addr - mmio->base);
2483 #if defined(DEBUG_SUBPAGE)
2484 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d value %08x\n", __func__,
2485 mmio, len, addr, idx, value);
2487 (**mmio->mem_write[idx][len])(mmio->opaque[idx][1][len], addr, value);
2490 static uint32_t subpage_readb (void *opaque, target_phys_addr_t addr)
2492 #if defined(DEBUG_SUBPAGE)
2493 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2496 return subpage_readlen(opaque, addr, 0);
2499 static void subpage_writeb (void *opaque, target_phys_addr_t addr,
2502 #if defined(DEBUG_SUBPAGE)
2503 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2505 subpage_writelen(opaque, addr, value, 0);
2508 static uint32_t subpage_readw (void *opaque, target_phys_addr_t addr)
2510 #if defined(DEBUG_SUBPAGE)
2511 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2514 return subpage_readlen(opaque, addr, 1);
2517 static void subpage_writew (void *opaque, target_phys_addr_t addr,
2520 #if defined(DEBUG_SUBPAGE)
2521 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2523 subpage_writelen(opaque, addr, value, 1);
2526 static uint32_t subpage_readl (void *opaque, target_phys_addr_t addr)
2528 #if defined(DEBUG_SUBPAGE)
2529 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2532 return subpage_readlen(opaque, addr, 2);
2535 static void subpage_writel (void *opaque,
2536 target_phys_addr_t addr, uint32_t value)
2538 #if defined(DEBUG_SUBPAGE)
2539 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2541 subpage_writelen(opaque, addr, value, 2);
2544 static CPUReadMemoryFunc *subpage_read[] = {
2550 static CPUWriteMemoryFunc *subpage_write[] = {
2556 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2562 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2564 idx = SUBPAGE_IDX(start);
2565 eidx = SUBPAGE_IDX(end);
2566 #if defined(DEBUG_SUBPAGE)
2567 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %d\n", __func__,
2568 mmio, start, end, idx, eidx, memory);
2570 memory >>= IO_MEM_SHIFT;
2571 for (; idx <= eidx; idx++) {
2572 for (i = 0; i < 4; i++) {
2573 if (io_mem_read[memory][i]) {
2574 mmio->mem_read[idx][i] = &io_mem_read[memory][i];
2575 mmio->opaque[idx][0][i] = io_mem_opaque[memory];
2577 if (io_mem_write[memory][i]) {
2578 mmio->mem_write[idx][i] = &io_mem_write[memory][i];
2579 mmio->opaque[idx][1][i] = io_mem_opaque[memory];
2587 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2588 ram_addr_t orig_memory)
2593 mmio = qemu_mallocz(sizeof(subpage_t));
2596 subpage_memory = cpu_register_io_memory(0, subpage_read, subpage_write, mmio);
2597 #if defined(DEBUG_SUBPAGE)
2598 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
2599 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
2601 *phys = subpage_memory | IO_MEM_SUBPAGE;
2602 subpage_register(mmio, 0, TARGET_PAGE_SIZE - 1, orig_memory);
2608 static void io_mem_init(void)
2610 cpu_register_io_memory(IO_MEM_ROM >> IO_MEM_SHIFT, error_mem_read, unassigned_mem_write, NULL);
2611 cpu_register_io_memory(IO_MEM_UNASSIGNED >> IO_MEM_SHIFT, unassigned_mem_read, unassigned_mem_write, NULL);
2612 cpu_register_io_memory(IO_MEM_NOTDIRTY >> IO_MEM_SHIFT, error_mem_read, notdirty_mem_write, NULL);
2615 io_mem_watch = cpu_register_io_memory(0, watch_mem_read,
2616 watch_mem_write, NULL);
2617 /* alloc dirty bits array */
2618 phys_ram_dirty = qemu_vmalloc(phys_ram_size >> TARGET_PAGE_BITS);
2619 memset(phys_ram_dirty, 0xff, phys_ram_size >> TARGET_PAGE_BITS);
2622 /* mem_read and mem_write are arrays of functions containing the
2623 function to access byte (index 0), word (index 1) and dword (index
2624 2). Functions can be omitted with a NULL function pointer. The
2625 registered functions may be modified dynamically later.
2626 If io_index is non zero, the corresponding io zone is
2627 modified. If it is zero, a new io zone is allocated. The return
2628 value can be used with cpu_register_physical_memory(). (-1) is
2629 returned if error. */
2630 int cpu_register_io_memory(int io_index,
2631 CPUReadMemoryFunc **mem_read,
2632 CPUWriteMemoryFunc **mem_write,
2635 int i, subwidth = 0;
2637 if (io_index <= 0) {
2638 if (io_mem_nb >= IO_MEM_NB_ENTRIES)
2640 io_index = io_mem_nb++;
2642 if (io_index >= IO_MEM_NB_ENTRIES)
2646 for(i = 0;i < 3; i++) {
2647 if (!mem_read[i] || !mem_write[i])
2648 subwidth = IO_MEM_SUBWIDTH;
2649 io_mem_read[io_index][i] = mem_read[i];
2650 io_mem_write[io_index][i] = mem_write[i];
2652 io_mem_opaque[io_index] = opaque;
2653 return (io_index << IO_MEM_SHIFT) | subwidth;
2656 CPUWriteMemoryFunc **cpu_get_io_memory_write(int io_index)
2658 return io_mem_write[io_index >> IO_MEM_SHIFT];
2661 CPUReadMemoryFunc **cpu_get_io_memory_read(int io_index)
2663 return io_mem_read[io_index >> IO_MEM_SHIFT];
2666 #endif /* !defined(CONFIG_USER_ONLY) */
2668 /* physical memory access (slow version, mainly for debug) */
2669 #if defined(CONFIG_USER_ONLY)
2670 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
2671 int len, int is_write)
2678 page = addr & TARGET_PAGE_MASK;
2679 l = (page + TARGET_PAGE_SIZE) - addr;
2682 flags = page_get_flags(page);
2683 if (!(flags & PAGE_VALID))
2686 if (!(flags & PAGE_WRITE))
2688 /* XXX: this code should not depend on lock_user */
2689 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2690 /* FIXME - should this return an error rather than just fail? */
2693 unlock_user(p, addr, l);
2695 if (!(flags & PAGE_READ))
2697 /* XXX: this code should not depend on lock_user */
2698 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2699 /* FIXME - should this return an error rather than just fail? */
2702 unlock_user(p, addr, 0);
2711 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
2712 int len, int is_write)
2717 target_phys_addr_t page;
2722 page = addr & TARGET_PAGE_MASK;
2723 l = (page + TARGET_PAGE_SIZE) - addr;
2726 p = phys_page_find(page >> TARGET_PAGE_BITS);
2728 pd = IO_MEM_UNASSIGNED;
2730 pd = p->phys_offset;
2734 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
2735 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2736 /* XXX: could force cpu_single_env to NULL to avoid
2738 if (l >= 4 && ((addr & 3) == 0)) {
2739 /* 32 bit write access */
2741 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
2743 } else if (l >= 2 && ((addr & 1) == 0)) {
2744 /* 16 bit write access */
2746 io_mem_write[io_index][1](io_mem_opaque[io_index], addr, val);
2749 /* 8 bit write access */
2751 io_mem_write[io_index][0](io_mem_opaque[io_index], addr, val);
2755 unsigned long addr1;
2756 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
2758 ptr = phys_ram_base + addr1;
2759 memcpy(ptr, buf, l);
2760 if (!cpu_physical_memory_is_dirty(addr1)) {
2761 /* invalidate code */
2762 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
2764 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
2765 (0xff & ~CODE_DIRTY_FLAG);
2769 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
2770 !(pd & IO_MEM_ROMD)) {
2772 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2773 if (l >= 4 && ((addr & 3) == 0)) {
2774 /* 32 bit read access */
2775 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
2778 } else if (l >= 2 && ((addr & 1) == 0)) {
2779 /* 16 bit read access */
2780 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr);
2784 /* 8 bit read access */
2785 val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr);
2791 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
2792 (addr & ~TARGET_PAGE_MASK);
2793 memcpy(buf, ptr, l);
2802 /* used for ROM loading : can write in RAM and ROM */
2803 void cpu_physical_memory_write_rom(target_phys_addr_t addr,
2804 const uint8_t *buf, int len)
2808 target_phys_addr_t page;
2813 page = addr & TARGET_PAGE_MASK;
2814 l = (page + TARGET_PAGE_SIZE) - addr;
2817 p = phys_page_find(page >> TARGET_PAGE_BITS);
2819 pd = IO_MEM_UNASSIGNED;
2821 pd = p->phys_offset;
2824 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM &&
2825 (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM &&
2826 !(pd & IO_MEM_ROMD)) {
2829 unsigned long addr1;
2830 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
2832 ptr = phys_ram_base + addr1;
2833 memcpy(ptr, buf, l);
2842 /* warning: addr must be aligned */
2843 uint32_t ldl_phys(target_phys_addr_t addr)
2851 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2853 pd = IO_MEM_UNASSIGNED;
2855 pd = p->phys_offset;
2858 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
2859 !(pd & IO_MEM_ROMD)) {
2861 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2862 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
2865 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
2866 (addr & ~TARGET_PAGE_MASK);
2872 /* warning: addr must be aligned */
2873 uint64_t ldq_phys(target_phys_addr_t addr)
2881 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2883 pd = IO_MEM_UNASSIGNED;
2885 pd = p->phys_offset;
2888 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
2889 !(pd & IO_MEM_ROMD)) {
2891 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2892 #ifdef TARGET_WORDS_BIGENDIAN
2893 val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32;
2894 val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4);
2896 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
2897 val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32;
2901 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
2902 (addr & ~TARGET_PAGE_MASK);
2909 uint32_t ldub_phys(target_phys_addr_t addr)
2912 cpu_physical_memory_read(addr, &val, 1);
2917 uint32_t lduw_phys(target_phys_addr_t addr)
2920 cpu_physical_memory_read(addr, (uint8_t *)&val, 2);
2921 return tswap16(val);
2924 /* warning: addr must be aligned. The ram page is not masked as dirty
2925 and the code inside is not invalidated. It is useful if the dirty
2926 bits are used to track modified PTEs */
2927 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
2934 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2936 pd = IO_MEM_UNASSIGNED;
2938 pd = p->phys_offset;
2941 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
2942 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2943 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
2945 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
2946 (addr & ~TARGET_PAGE_MASK);
2951 void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
2958 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2960 pd = IO_MEM_UNASSIGNED;
2962 pd = p->phys_offset;
2965 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
2966 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2967 #ifdef TARGET_WORDS_BIGENDIAN
2968 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val >> 32);
2969 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val);
2971 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
2972 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val >> 32);
2975 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
2976 (addr & ~TARGET_PAGE_MASK);
2981 /* warning: addr must be aligned */
2982 void stl_phys(target_phys_addr_t addr, uint32_t val)
2989 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2991 pd = IO_MEM_UNASSIGNED;
2993 pd = p->phys_offset;
2996 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
2997 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2998 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3000 unsigned long addr1;
3001 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3003 ptr = phys_ram_base + addr1;
3005 if (!cpu_physical_memory_is_dirty(addr1)) {
3006 /* invalidate code */
3007 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3009 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3010 (0xff & ~CODE_DIRTY_FLAG);
3016 void stb_phys(target_phys_addr_t addr, uint32_t val)
3019 cpu_physical_memory_write(addr, &v, 1);
3023 void stw_phys(target_phys_addr_t addr, uint32_t val)
3025 uint16_t v = tswap16(val);
3026 cpu_physical_memory_write(addr, (const uint8_t *)&v, 2);
3030 void stq_phys(target_phys_addr_t addr, uint64_t val)
3033 cpu_physical_memory_write(addr, (const uint8_t *)&val, 8);
3038 /* virtual memory access for debug */
3039 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3040 uint8_t *buf, int len, int is_write)
3043 target_phys_addr_t phys_addr;
3047 page = addr & TARGET_PAGE_MASK;
3048 phys_addr = cpu_get_phys_page_debug(env, page);
3049 /* if no physical page mapped, return an error */
3050 if (phys_addr == -1)
3052 l = (page + TARGET_PAGE_SIZE) - addr;
3055 cpu_physical_memory_rw(phys_addr + (addr & ~TARGET_PAGE_MASK),
3064 /* in deterministic execution mode, instructions doing device I/Os
3065 must be at the end of the TB */
3066 void cpu_io_recompile(CPUState *env, void *retaddr)
3068 TranslationBlock *tb;
3070 target_ulong pc, cs_base;
3073 tb = tb_find_pc((unsigned long)retaddr);
3075 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
3078 n = env->icount_decr.u16.low + tb->icount;
3079 cpu_restore_state(tb, env, (unsigned long)retaddr, NULL);
3080 /* Calculate how many instructions had been executed before the fault
3082 n = n - env->icount_decr.u16.low;
3083 /* Generate a new TB ending on the I/O insn. */
3085 /* On MIPS and SH, delay slot instructions can only be restarted if
3086 they were already the first instruction in the TB. If this is not
3087 the first instruction in a TB then re-execute the preceding
3089 #if defined(TARGET_MIPS)
3090 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
3091 env->active_tc.PC -= 4;
3092 env->icount_decr.u16.low++;
3093 env->hflags &= ~MIPS_HFLAG_BMASK;
3095 #elif defined(TARGET_SH4)
3096 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
3099 env->icount_decr.u16.low++;
3100 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
3103 /* This should never happen. */
3104 if (n > CF_COUNT_MASK)
3105 cpu_abort(env, "TB too big during recompile");
3107 cflags = n | CF_LAST_IO;
3109 cs_base = tb->cs_base;
3111 tb_phys_invalidate(tb, -1);
3112 /* FIXME: In theory this could raise an exception. In practice
3113 we have already translated the block once so it's probably ok. */
3114 tb_gen_code(env, pc, cs_base, flags, cflags);
3115 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
3116 the first in the TB) then we end up generating a whole new TB and
3117 repeating the fault, which is horribly inefficient.
3118 Better would be to execute just this insn uncached, or generate a
3120 cpu_resume_from_signal(env, NULL);
3123 void dump_exec_info(FILE *f,
3124 int (*cpu_fprintf)(FILE *f, const char *fmt, ...))
3126 int i, target_code_size, max_target_code_size;
3127 int direct_jmp_count, direct_jmp2_count, cross_page;
3128 TranslationBlock *tb;
3130 target_code_size = 0;
3131 max_target_code_size = 0;
3133 direct_jmp_count = 0;
3134 direct_jmp2_count = 0;
3135 for(i = 0; i < nb_tbs; i++) {
3137 target_code_size += tb->size;
3138 if (tb->size > max_target_code_size)
3139 max_target_code_size = tb->size;
3140 if (tb->page_addr[1] != -1)
3142 if (tb->tb_next_offset[0] != 0xffff) {
3144 if (tb->tb_next_offset[1] != 0xffff) {
3145 direct_jmp2_count++;
3149 /* XXX: avoid using doubles ? */
3150 cpu_fprintf(f, "Translation buffer state:\n");
3151 cpu_fprintf(f, "gen code size %ld/%ld\n",
3152 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
3153 cpu_fprintf(f, "TB count %d/%d\n",
3154 nb_tbs, code_gen_max_blocks);
3155 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
3156 nb_tbs ? target_code_size / nb_tbs : 0,
3157 max_target_code_size);
3158 cpu_fprintf(f, "TB avg host size %d bytes (expansion ratio: %0.1f)\n",
3159 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
3160 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
3161 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
3163 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
3164 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
3166 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
3168 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
3169 cpu_fprintf(f, "\nStatistics:\n");
3170 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
3171 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
3172 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
3173 tcg_dump_info(f, cpu_fprintf);
3176 #if !defined(CONFIG_USER_ONLY)
3178 #define MMUSUFFIX _cmmu
3179 #define GETPC() NULL
3180 #define env cpu_single_env
3181 #define SOFTMMU_CODE_ACCESS
3184 #include "softmmu_template.h"
3187 #include "softmmu_template.h"
3190 #include "softmmu_template.h"
3193 #include "softmmu_template.h"
projects / qemu / blob