2 * virtual page mapping and translated block handling
4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 #define WIN32_LEAN_AND_MEAN
25 #include <sys/types.h>
38 #include "qemu-common.h"
41 #if defined(CONFIG_USER_ONLY)
45 //#define DEBUG_TB_INVALIDATE
48 //#define DEBUG_UNASSIGNED
50 /* make various TB consistency checks */
51 //#define DEBUG_TB_CHECK
52 //#define DEBUG_TLB_CHECK
54 //#define DEBUG_IOPORT
55 //#define DEBUG_SUBPAGE
57 #if !defined(CONFIG_USER_ONLY)
58 /* TB consistency checks only implemented for usermode emulation. */
62 #define SMC_BITMAP_USE_THRESHOLD 10
64 #define MMAP_AREA_START 0x00000000
65 #define MMAP_AREA_END 0xa8000000
67 #if defined(TARGET_SPARC64)
68 #define TARGET_PHYS_ADDR_SPACE_BITS 41
69 #elif defined(TARGET_SPARC)
70 #define TARGET_PHYS_ADDR_SPACE_BITS 36
71 #elif defined(TARGET_ALPHA)
72 #define TARGET_PHYS_ADDR_SPACE_BITS 42
73 #define TARGET_VIRT_ADDR_SPACE_BITS 42
74 #elif defined(TARGET_PPC64)
75 #define TARGET_PHYS_ADDR_SPACE_BITS 42
76 #elif defined(TARGET_X86_64) && !defined(USE_KQEMU)
77 #define TARGET_PHYS_ADDR_SPACE_BITS 42
78 #elif defined(TARGET_I386) && !defined(USE_KQEMU)
79 #define TARGET_PHYS_ADDR_SPACE_BITS 36
81 /* Note: for compatibility with kqemu, we use 32 bits for x86_64 */
82 #define TARGET_PHYS_ADDR_SPACE_BITS 32
85 static TranslationBlock *tbs;
86 int code_gen_max_blocks;
87 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
89 /* any access to the tbs or the page table must use this lock */
90 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
92 #if defined(__arm__) || defined(__sparc_v9__)
93 /* The prologue must be reachable with a direct jump. ARM and Sparc64
94 have limited branch ranges (possibly also PPC) so place it in a
95 section close to code segment. */
96 #define code_gen_section \
97 __attribute__((__section__(".gen_code"))) \
98 __attribute__((aligned (32)))
100 #define code_gen_section \
101 __attribute__((aligned (32)))
104 uint8_t code_gen_prologue[1024] code_gen_section;
105 static uint8_t *code_gen_buffer;
106 static unsigned long code_gen_buffer_size;
107 /* threshold to flush the translated code buffer */
108 static unsigned long code_gen_buffer_max_size;
109 uint8_t *code_gen_ptr;
111 #if !defined(CONFIG_USER_ONLY)
112 ram_addr_t phys_ram_size;
114 uint8_t *phys_ram_base;
115 uint8_t *phys_ram_dirty;
116 static ram_addr_t phys_ram_alloc_offset = 0;
120 /* current CPU in the current thread. It is only valid inside
122 CPUState *cpu_single_env;
123 /* 0 = Do not count executed instructions.
124 1 = Precise instruction counting.
125 2 = Adaptive rate instruction counting. */
127 /* Current instruction counter. While executing translated code this may
128 include some instructions that have not yet been executed. */
131 typedef struct PageDesc {
132 /* list of TBs intersecting this ram page */
133 TranslationBlock *first_tb;
134 /* in order to optimize self modifying code, we count the number
135 of lookups we do to a given page to use a bitmap */
136 unsigned int code_write_count;
137 uint8_t *code_bitmap;
138 #if defined(CONFIG_USER_ONLY)
143 typedef struct PhysPageDesc {
144 /* offset in host memory of the page + io_index in the low bits */
145 ram_addr_t phys_offset;
149 #if defined(CONFIG_USER_ONLY) && defined(TARGET_VIRT_ADDR_SPACE_BITS)
150 /* XXX: this is a temporary hack for alpha target.
151 * In the future, this is to be replaced by a multi-level table
152 * to actually be able to handle the complete 64 bits address space.
154 #define L1_BITS (TARGET_VIRT_ADDR_SPACE_BITS - L2_BITS - TARGET_PAGE_BITS)
156 #define L1_BITS (32 - L2_BITS - TARGET_PAGE_BITS)
159 #define L1_SIZE (1 << L1_BITS)
160 #define L2_SIZE (1 << L2_BITS)
162 unsigned long qemu_real_host_page_size;
163 unsigned long qemu_host_page_bits;
164 unsigned long qemu_host_page_size;
165 unsigned long qemu_host_page_mask;
167 /* XXX: for system emulation, it could just be an array */
168 static PageDesc *l1_map[L1_SIZE];
169 static PhysPageDesc **l1_phys_map;
171 #if !defined(CONFIG_USER_ONLY)
172 static void io_mem_init(void);
174 /* io memory support */
175 CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4];
176 CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
177 void *io_mem_opaque[IO_MEM_NB_ENTRIES];
178 static int io_mem_nb;
179 static int io_mem_watch;
183 const char *logfilename = "/tmp/qemu.log";
186 static int log_append = 0;
189 static int tlb_flush_count;
190 static int tb_flush_count;
191 static int tb_phys_invalidate_count;
193 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
194 typedef struct subpage_t {
195 target_phys_addr_t base;
196 CPUReadMemoryFunc **mem_read[TARGET_PAGE_SIZE][4];
197 CPUWriteMemoryFunc **mem_write[TARGET_PAGE_SIZE][4];
198 void *opaque[TARGET_PAGE_SIZE][2][4];
202 static void map_exec(void *addr, long size)
205 VirtualProtect(addr, size,
206 PAGE_EXECUTE_READWRITE, &old_protect);
210 static void map_exec(void *addr, long size)
212 unsigned long start, end, page_size;
214 page_size = getpagesize();
215 start = (unsigned long)addr;
216 start &= ~(page_size - 1);
218 end = (unsigned long)addr + size;
219 end += page_size - 1;
220 end &= ~(page_size - 1);
222 mprotect((void *)start, end - start,
223 PROT_READ | PROT_WRITE | PROT_EXEC);
227 static void page_init(void)
229 /* NOTE: we can always suppose that qemu_host_page_size >=
233 SYSTEM_INFO system_info;
236 GetSystemInfo(&system_info);
237 qemu_real_host_page_size = system_info.dwPageSize;
240 qemu_real_host_page_size = getpagesize();
242 if (qemu_host_page_size == 0)
243 qemu_host_page_size = qemu_real_host_page_size;
244 if (qemu_host_page_size < TARGET_PAGE_SIZE)
245 qemu_host_page_size = TARGET_PAGE_SIZE;
246 qemu_host_page_bits = 0;
247 while ((1 << qemu_host_page_bits) < qemu_host_page_size)
248 qemu_host_page_bits++;
249 qemu_host_page_mask = ~(qemu_host_page_size - 1);
250 l1_phys_map = qemu_vmalloc(L1_SIZE * sizeof(void *));
251 memset(l1_phys_map, 0, L1_SIZE * sizeof(void *));
253 #if !defined(_WIN32) && defined(CONFIG_USER_ONLY)
255 long long startaddr, endaddr;
260 last_brk = (unsigned long)sbrk(0);
261 f = fopen("/proc/self/maps", "r");
264 n = fscanf (f, "%llx-%llx %*[^\n]\n", &startaddr, &endaddr);
266 startaddr = MIN(startaddr,
267 (1ULL << TARGET_PHYS_ADDR_SPACE_BITS) - 1);
268 endaddr = MIN(endaddr,
269 (1ULL << TARGET_PHYS_ADDR_SPACE_BITS) - 1);
270 page_set_flags(startaddr & TARGET_PAGE_MASK,
271 TARGET_PAGE_ALIGN(endaddr),
282 static inline PageDesc **page_l1_map(target_ulong index)
284 #if TARGET_LONG_BITS > 32
285 /* Host memory outside guest VM. For 32-bit targets we have already
286 excluded high addresses. */
287 if (index > ((target_ulong)L2_SIZE * L1_SIZE))
290 return &l1_map[index >> L2_BITS];
293 static inline PageDesc *page_find_alloc(target_ulong index)
296 lp = page_l1_map(index);
302 /* allocate if not found */
303 #if defined(CONFIG_USER_ONLY)
305 size_t len = sizeof(PageDesc) * L2_SIZE;
306 /* Don't use qemu_malloc because it may recurse. */
307 p = mmap(0, len, PROT_READ | PROT_WRITE,
308 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
311 if (addr == (target_ulong)addr) {
312 page_set_flags(addr & TARGET_PAGE_MASK,
313 TARGET_PAGE_ALIGN(addr + len),
317 p = qemu_mallocz(sizeof(PageDesc) * L2_SIZE);
321 return p + (index & (L2_SIZE - 1));
324 static inline PageDesc *page_find(target_ulong index)
327 lp = page_l1_map(index);
334 return p + (index & (L2_SIZE - 1));
337 static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
342 p = (void **)l1_phys_map;
343 #if TARGET_PHYS_ADDR_SPACE_BITS > 32
345 #if TARGET_PHYS_ADDR_SPACE_BITS > (32 + L1_BITS)
346 #error unsupported TARGET_PHYS_ADDR_SPACE_BITS
348 lp = p + ((index >> (L1_BITS + L2_BITS)) & (L1_SIZE - 1));
351 /* allocate if not found */
354 p = qemu_vmalloc(sizeof(void *) * L1_SIZE);
355 memset(p, 0, sizeof(void *) * L1_SIZE);
359 lp = p + ((index >> L2_BITS) & (L1_SIZE - 1));
363 /* allocate if not found */
366 pd = qemu_vmalloc(sizeof(PhysPageDesc) * L2_SIZE);
368 for (i = 0; i < L2_SIZE; i++)
369 pd[i].phys_offset = IO_MEM_UNASSIGNED;
371 return ((PhysPageDesc *)pd) + (index & (L2_SIZE - 1));
374 static inline PhysPageDesc *phys_page_find(target_phys_addr_t index)
376 return phys_page_find_alloc(index, 0);
379 #if !defined(CONFIG_USER_ONLY)
380 static void tlb_protect_code(ram_addr_t ram_addr);
381 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
383 #define mmap_lock() do { } while(0)
384 #define mmap_unlock() do { } while(0)
387 #define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
389 #if defined(CONFIG_USER_ONLY)
390 /* Currently it is not recommanded to allocate big chunks of data in
391 user mode. It will change when a dedicated libc will be used */
392 #define USE_STATIC_CODE_GEN_BUFFER
395 #ifdef USE_STATIC_CODE_GEN_BUFFER
396 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE];
399 static void code_gen_alloc(unsigned long tb_size)
401 #ifdef USE_STATIC_CODE_GEN_BUFFER
402 code_gen_buffer = static_code_gen_buffer;
403 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
404 map_exec(code_gen_buffer, code_gen_buffer_size);
406 code_gen_buffer_size = tb_size;
407 if (code_gen_buffer_size == 0) {
408 #if defined(CONFIG_USER_ONLY)
409 /* in user mode, phys_ram_size is not meaningful */
410 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
412 /* XXX: needs ajustments */
413 code_gen_buffer_size = (unsigned long)(phys_ram_size / 4);
416 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
417 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
418 /* The code gen buffer location may have constraints depending on
419 the host cpu and OS */
420 #if defined(__linux__)
425 flags = MAP_PRIVATE | MAP_ANONYMOUS;
426 #if defined(__x86_64__)
428 /* Cannot map more than that */
429 if (code_gen_buffer_size > (800 * 1024 * 1024))
430 code_gen_buffer_size = (800 * 1024 * 1024);
431 #elif defined(__sparc_v9__)
432 // Map the buffer below 2G, so we can use direct calls and branches
434 start = (void *) 0x60000000UL;
435 if (code_gen_buffer_size > (512 * 1024 * 1024))
436 code_gen_buffer_size = (512 * 1024 * 1024);
438 code_gen_buffer = mmap(start, code_gen_buffer_size,
439 PROT_WRITE | PROT_READ | PROT_EXEC,
441 if (code_gen_buffer == MAP_FAILED) {
442 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
446 #elif defined(__FreeBSD__)
450 flags = MAP_PRIVATE | MAP_ANONYMOUS;
451 #if defined(__x86_64__)
452 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
453 * 0x40000000 is free */
455 addr = (void *)0x40000000;
456 /* Cannot map more than that */
457 if (code_gen_buffer_size > (800 * 1024 * 1024))
458 code_gen_buffer_size = (800 * 1024 * 1024);
460 code_gen_buffer = mmap(addr, code_gen_buffer_size,
461 PROT_WRITE | PROT_READ | PROT_EXEC,
463 if (code_gen_buffer == MAP_FAILED) {
464 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
469 code_gen_buffer = qemu_malloc(code_gen_buffer_size);
470 if (!code_gen_buffer) {
471 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
474 map_exec(code_gen_buffer, code_gen_buffer_size);
476 #endif /* !USE_STATIC_CODE_GEN_BUFFER */
477 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
478 code_gen_buffer_max_size = code_gen_buffer_size -
479 code_gen_max_block_size();
480 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
481 tbs = qemu_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
484 /* Must be called before using the QEMU cpus. 'tb_size' is the size
485 (in bytes) allocated to the translation buffer. Zero means default
487 void cpu_exec_init_all(unsigned long tb_size)
490 code_gen_alloc(tb_size);
491 code_gen_ptr = code_gen_buffer;
493 #if !defined(CONFIG_USER_ONLY)
498 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
500 #define CPU_COMMON_SAVE_VERSION 1
502 static void cpu_common_save(QEMUFile *f, void *opaque)
504 CPUState *env = opaque;
506 qemu_put_be32s(f, &env->halted);
507 qemu_put_be32s(f, &env->interrupt_request);
510 static int cpu_common_load(QEMUFile *f, void *opaque, int version_id)
512 CPUState *env = opaque;
514 if (version_id != CPU_COMMON_SAVE_VERSION)
517 qemu_get_be32s(f, &env->halted);
518 qemu_get_be32s(f, &env->interrupt_request);
525 void cpu_exec_init(CPUState *env)
530 env->next_cpu = NULL;
533 while (*penv != NULL) {
534 penv = (CPUState **)&(*penv)->next_cpu;
537 env->cpu_index = cpu_index;
538 env->nb_watchpoints = 0;
540 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
541 register_savevm("cpu_common", cpu_index, CPU_COMMON_SAVE_VERSION,
542 cpu_common_save, cpu_common_load, env);
543 register_savevm("cpu", cpu_index, CPU_SAVE_VERSION,
544 cpu_save, cpu_load, env);
548 static inline void invalidate_page_bitmap(PageDesc *p)
550 if (p->code_bitmap) {
551 qemu_free(p->code_bitmap);
552 p->code_bitmap = NULL;
554 p->code_write_count = 0;
557 /* set to NULL all the 'first_tb' fields in all PageDescs */
558 static void page_flush_tb(void)
563 for(i = 0; i < L1_SIZE; i++) {
566 for(j = 0; j < L2_SIZE; j++) {
568 invalidate_page_bitmap(p);
575 /* flush all the translation blocks */
576 /* XXX: tb_flush is currently not thread safe */
577 void tb_flush(CPUState *env1)
580 #if defined(DEBUG_FLUSH)
581 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
582 (unsigned long)(code_gen_ptr - code_gen_buffer),
584 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
586 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
587 cpu_abort(env1, "Internal error: code buffer overflow\n");
591 for(env = first_cpu; env != NULL; env = env->next_cpu) {
592 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
595 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
598 code_gen_ptr = code_gen_buffer;
599 /* XXX: flush processor icache at this point if cache flush is
604 #ifdef DEBUG_TB_CHECK
606 static void tb_invalidate_check(target_ulong address)
608 TranslationBlock *tb;
610 address &= TARGET_PAGE_MASK;
611 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
612 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
613 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
614 address >= tb->pc + tb->size)) {
615 printf("ERROR invalidate: address=%08lx PC=%08lx size=%04x\n",
616 address, (long)tb->pc, tb->size);
622 /* verify that all the pages have correct rights for code */
623 static void tb_page_check(void)
625 TranslationBlock *tb;
626 int i, flags1, flags2;
628 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
629 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
630 flags1 = page_get_flags(tb->pc);
631 flags2 = page_get_flags(tb->pc + tb->size - 1);
632 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
633 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
634 (long)tb->pc, tb->size, flags1, flags2);
640 static void tb_jmp_check(TranslationBlock *tb)
642 TranslationBlock *tb1;
645 /* suppress any remaining jumps to this TB */
649 tb1 = (TranslationBlock *)((long)tb1 & ~3);
652 tb1 = tb1->jmp_next[n1];
654 /* check end of list */
656 printf("ERROR: jmp_list from 0x%08lx\n", (long)tb);
662 /* invalidate one TB */
663 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
666 TranslationBlock *tb1;
670 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
673 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
677 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
679 TranslationBlock *tb1;
685 tb1 = (TranslationBlock *)((long)tb1 & ~3);
687 *ptb = tb1->page_next[n1];
690 ptb = &tb1->page_next[n1];
694 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
696 TranslationBlock *tb1, **ptb;
699 ptb = &tb->jmp_next[n];
702 /* find tb(n) in circular list */
706 tb1 = (TranslationBlock *)((long)tb1 & ~3);
707 if (n1 == n && tb1 == tb)
710 ptb = &tb1->jmp_first;
712 ptb = &tb1->jmp_next[n1];
715 /* now we can suppress tb(n) from the list */
716 *ptb = tb->jmp_next[n];
718 tb->jmp_next[n] = NULL;
722 /* reset the jump entry 'n' of a TB so that it is not chained to
724 static inline void tb_reset_jump(TranslationBlock *tb, int n)
726 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
729 void tb_phys_invalidate(TranslationBlock *tb, target_ulong page_addr)
734 target_phys_addr_t phys_pc;
735 TranslationBlock *tb1, *tb2;
737 /* remove the TB from the hash list */
738 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
739 h = tb_phys_hash_func(phys_pc);
740 tb_remove(&tb_phys_hash[h], tb,
741 offsetof(TranslationBlock, phys_hash_next));
743 /* remove the TB from the page list */
744 if (tb->page_addr[0] != page_addr) {
745 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
746 tb_page_remove(&p->first_tb, tb);
747 invalidate_page_bitmap(p);
749 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
750 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
751 tb_page_remove(&p->first_tb, tb);
752 invalidate_page_bitmap(p);
755 tb_invalidated_flag = 1;
757 /* remove the TB from the hash list */
758 h = tb_jmp_cache_hash_func(tb->pc);
759 for(env = first_cpu; env != NULL; env = env->next_cpu) {
760 if (env->tb_jmp_cache[h] == tb)
761 env->tb_jmp_cache[h] = NULL;
764 /* suppress this TB from the two jump lists */
765 tb_jmp_remove(tb, 0);
766 tb_jmp_remove(tb, 1);
768 /* suppress any remaining jumps to this TB */
774 tb1 = (TranslationBlock *)((long)tb1 & ~3);
775 tb2 = tb1->jmp_next[n1];
776 tb_reset_jump(tb1, n1);
777 tb1->jmp_next[n1] = NULL;
780 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
782 tb_phys_invalidate_count++;
785 static inline void set_bits(uint8_t *tab, int start, int len)
791 mask = 0xff << (start & 7);
792 if ((start & ~7) == (end & ~7)) {
794 mask &= ~(0xff << (end & 7));
799 start = (start + 8) & ~7;
801 while (start < end1) {
806 mask = ~(0xff << (end & 7));
812 static void build_page_bitmap(PageDesc *p)
814 int n, tb_start, tb_end;
815 TranslationBlock *tb;
817 p->code_bitmap = qemu_mallocz(TARGET_PAGE_SIZE / 8);
824 tb = (TranslationBlock *)((long)tb & ~3);
825 /* NOTE: this is subtle as a TB may span two physical pages */
827 /* NOTE: tb_end may be after the end of the page, but
828 it is not a problem */
829 tb_start = tb->pc & ~TARGET_PAGE_MASK;
830 tb_end = tb_start + tb->size;
831 if (tb_end > TARGET_PAGE_SIZE)
832 tb_end = TARGET_PAGE_SIZE;
835 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
837 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
838 tb = tb->page_next[n];
842 TranslationBlock *tb_gen_code(CPUState *env,
843 target_ulong pc, target_ulong cs_base,
844 int flags, int cflags)
846 TranslationBlock *tb;
848 target_ulong phys_pc, phys_page2, virt_page2;
851 phys_pc = get_phys_addr_code(env, pc);
854 /* flush must be done */
856 /* cannot fail at this point */
858 /* Don't forget to invalidate previous TB info. */
859 tb_invalidated_flag = 1;
861 tc_ptr = code_gen_ptr;
863 tb->cs_base = cs_base;
866 cpu_gen_code(env, tb, &code_gen_size);
867 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
869 /* check next page if needed */
870 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
872 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
873 phys_page2 = get_phys_addr_code(env, virt_page2);
875 tb_link_phys(tb, phys_pc, phys_page2);
879 /* invalidate all TBs which intersect with the target physical page
880 starting in range [start;end[. NOTE: start and end must refer to
881 the same physical page. 'is_cpu_write_access' should be true if called
882 from a real cpu write access: the virtual CPU will exit the current
883 TB if code is modified inside this TB. */
884 void tb_invalidate_phys_page_range(target_phys_addr_t start, target_phys_addr_t end,
885 int is_cpu_write_access)
887 int n, current_tb_modified, current_tb_not_found, current_flags;
888 CPUState *env = cpu_single_env;
890 TranslationBlock *tb, *tb_next, *current_tb, *saved_tb;
891 target_ulong tb_start, tb_end;
892 target_ulong current_pc, current_cs_base;
894 p = page_find(start >> TARGET_PAGE_BITS);
897 if (!p->code_bitmap &&
898 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
899 is_cpu_write_access) {
900 /* build code bitmap */
901 build_page_bitmap(p);
904 /* we remove all the TBs in the range [start, end[ */
905 /* XXX: see if in some cases it could be faster to invalidate all the code */
906 current_tb_not_found = is_cpu_write_access;
907 current_tb_modified = 0;
908 current_tb = NULL; /* avoid warning */
909 current_pc = 0; /* avoid warning */
910 current_cs_base = 0; /* avoid warning */
911 current_flags = 0; /* avoid warning */
915 tb = (TranslationBlock *)((long)tb & ~3);
916 tb_next = tb->page_next[n];
917 /* NOTE: this is subtle as a TB may span two physical pages */
919 /* NOTE: tb_end may be after the end of the page, but
920 it is not a problem */
921 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
922 tb_end = tb_start + tb->size;
924 tb_start = tb->page_addr[1];
925 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
927 if (!(tb_end <= start || tb_start >= end)) {
928 #ifdef TARGET_HAS_PRECISE_SMC
929 if (current_tb_not_found) {
930 current_tb_not_found = 0;
932 if (env->mem_io_pc) {
933 /* now we have a real cpu fault */
934 current_tb = tb_find_pc(env->mem_io_pc);
937 if (current_tb == tb &&
938 (current_tb->cflags & CF_COUNT_MASK) != 1) {
939 /* If we are modifying the current TB, we must stop
940 its execution. We could be more precise by checking
941 that the modification is after the current PC, but it
942 would require a specialized function to partially
943 restore the CPU state */
945 current_tb_modified = 1;
946 cpu_restore_state(current_tb, env,
947 env->mem_io_pc, NULL);
948 #if defined(TARGET_I386)
949 current_flags = env->hflags;
950 current_flags |= (env->eflags & (IOPL_MASK | TF_MASK | VM_MASK));
951 current_cs_base = (target_ulong)env->segs[R_CS].base;
952 current_pc = current_cs_base + env->eip;
954 #error unsupported CPU
957 #endif /* TARGET_HAS_PRECISE_SMC */
958 /* we need to do that to handle the case where a signal
959 occurs while doing tb_phys_invalidate() */
962 saved_tb = env->current_tb;
963 env->current_tb = NULL;
965 tb_phys_invalidate(tb, -1);
967 env->current_tb = saved_tb;
968 if (env->interrupt_request && env->current_tb)
969 cpu_interrupt(env, env->interrupt_request);
974 #if !defined(CONFIG_USER_ONLY)
975 /* if no code remaining, no need to continue to use slow writes */
977 invalidate_page_bitmap(p);
978 if (is_cpu_write_access) {
979 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
983 #ifdef TARGET_HAS_PRECISE_SMC
984 if (current_tb_modified) {
985 /* we generate a block containing just the instruction
986 modifying the memory. It will ensure that it cannot modify
988 env->current_tb = NULL;
989 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
990 cpu_resume_from_signal(env, NULL);
995 /* len must be <= 8 and start must be a multiple of len */
996 static inline void tb_invalidate_phys_page_fast(target_phys_addr_t start, int len)
1003 fprintf(logfile, "modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1004 cpu_single_env->mem_io_vaddr, len,
1005 cpu_single_env->eip,
1006 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
1010 p = page_find(start >> TARGET_PAGE_BITS);
1013 if (p->code_bitmap) {
1014 offset = start & ~TARGET_PAGE_MASK;
1015 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1016 if (b & ((1 << len) - 1))
1020 tb_invalidate_phys_page_range(start, start + len, 1);
1024 #if !defined(CONFIG_SOFTMMU)
1025 static void tb_invalidate_phys_page(target_phys_addr_t addr,
1026 unsigned long pc, void *puc)
1028 int n, current_flags, current_tb_modified;
1029 target_ulong current_pc, current_cs_base;
1031 TranslationBlock *tb, *current_tb;
1032 #ifdef TARGET_HAS_PRECISE_SMC
1033 CPUState *env = cpu_single_env;
1036 addr &= TARGET_PAGE_MASK;
1037 p = page_find(addr >> TARGET_PAGE_BITS);
1041 current_tb_modified = 0;
1043 current_pc = 0; /* avoid warning */
1044 current_cs_base = 0; /* avoid warning */
1045 current_flags = 0; /* avoid warning */
1046 #ifdef TARGET_HAS_PRECISE_SMC
1047 if (tb && pc != 0) {
1048 current_tb = tb_find_pc(pc);
1051 while (tb != NULL) {
1053 tb = (TranslationBlock *)((long)tb & ~3);
1054 #ifdef TARGET_HAS_PRECISE_SMC
1055 if (current_tb == tb &&
1056 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1057 /* If we are modifying the current TB, we must stop
1058 its execution. We could be more precise by checking
1059 that the modification is after the current PC, but it
1060 would require a specialized function to partially
1061 restore the CPU state */
1063 current_tb_modified = 1;
1064 cpu_restore_state(current_tb, env, pc, puc);
1065 #if defined(TARGET_I386)
1066 current_flags = env->hflags;
1067 current_flags |= (env->eflags & (IOPL_MASK | TF_MASK | VM_MASK));
1068 current_cs_base = (target_ulong)env->segs[R_CS].base;
1069 current_pc = current_cs_base + env->eip;
1071 #error unsupported CPU
1074 #endif /* TARGET_HAS_PRECISE_SMC */
1075 tb_phys_invalidate(tb, addr);
1076 tb = tb->page_next[n];
1079 #ifdef TARGET_HAS_PRECISE_SMC
1080 if (current_tb_modified) {
1081 /* we generate a block containing just the instruction
1082 modifying the memory. It will ensure that it cannot modify
1084 env->current_tb = NULL;
1085 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1086 cpu_resume_from_signal(env, puc);
1092 /* add the tb in the target page and protect it if necessary */
1093 static inline void tb_alloc_page(TranslationBlock *tb,
1094 unsigned int n, target_ulong page_addr)
1097 TranslationBlock *last_first_tb;
1099 tb->page_addr[n] = page_addr;
1100 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS);
1101 tb->page_next[n] = p->first_tb;
1102 last_first_tb = p->first_tb;
1103 p->first_tb = (TranslationBlock *)((long)tb | n);
1104 invalidate_page_bitmap(p);
1106 #if defined(TARGET_HAS_SMC) || 1
1108 #if defined(CONFIG_USER_ONLY)
1109 if (p->flags & PAGE_WRITE) {
1114 /* force the host page as non writable (writes will have a
1115 page fault + mprotect overhead) */
1116 page_addr &= qemu_host_page_mask;
1118 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1119 addr += TARGET_PAGE_SIZE) {
1121 p2 = page_find (addr >> TARGET_PAGE_BITS);
1125 p2->flags &= ~PAGE_WRITE;
1126 page_get_flags(addr);
1128 mprotect(g2h(page_addr), qemu_host_page_size,
1129 (prot & PAGE_BITS) & ~PAGE_WRITE);
1130 #ifdef DEBUG_TB_INVALIDATE
1131 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1136 /* if some code is already present, then the pages are already
1137 protected. So we handle the case where only the first TB is
1138 allocated in a physical page */
1139 if (!last_first_tb) {
1140 tlb_protect_code(page_addr);
1144 #endif /* TARGET_HAS_SMC */
1147 /* Allocate a new translation block. Flush the translation buffer if
1148 too many translation blocks or too much generated code. */
1149 TranslationBlock *tb_alloc(target_ulong pc)
1151 TranslationBlock *tb;
1153 if (nb_tbs >= code_gen_max_blocks ||
1154 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
1156 tb = &tbs[nb_tbs++];
1162 void tb_free(TranslationBlock *tb)
1164 /* In practice this is mostly used for single use temporary TB
1165 Ignore the hard cases and just back up if this TB happens to
1166 be the last one generated. */
1167 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
1168 code_gen_ptr = tb->tc_ptr;
1173 /* add a new TB and link it to the physical page tables. phys_page2 is
1174 (-1) to indicate that only one page contains the TB. */
1175 void tb_link_phys(TranslationBlock *tb,
1176 target_ulong phys_pc, target_ulong phys_page2)
1179 TranslationBlock **ptb;
1181 /* Grab the mmap lock to stop another thread invalidating this TB
1182 before we are done. */
1184 /* add in the physical hash table */
1185 h = tb_phys_hash_func(phys_pc);
1186 ptb = &tb_phys_hash[h];
1187 tb->phys_hash_next = *ptb;
1190 /* add in the page list */
1191 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1192 if (phys_page2 != -1)
1193 tb_alloc_page(tb, 1, phys_page2);
1195 tb->page_addr[1] = -1;
1197 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1198 tb->jmp_next[0] = NULL;
1199 tb->jmp_next[1] = NULL;
1201 /* init original jump addresses */
1202 if (tb->tb_next_offset[0] != 0xffff)
1203 tb_reset_jump(tb, 0);
1204 if (tb->tb_next_offset[1] != 0xffff)
1205 tb_reset_jump(tb, 1);
1207 #ifdef DEBUG_TB_CHECK
1213 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1214 tb[1].tc_ptr. Return NULL if not found */
1215 TranslationBlock *tb_find_pc(unsigned long tc_ptr)
1217 int m_min, m_max, m;
1219 TranslationBlock *tb;
1223 if (tc_ptr < (unsigned long)code_gen_buffer ||
1224 tc_ptr >= (unsigned long)code_gen_ptr)
1226 /* binary search (cf Knuth) */
1229 while (m_min <= m_max) {
1230 m = (m_min + m_max) >> 1;
1232 v = (unsigned long)tb->tc_ptr;
1235 else if (tc_ptr < v) {
1244 static void tb_reset_jump_recursive(TranslationBlock *tb);
1246 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1248 TranslationBlock *tb1, *tb_next, **ptb;
1251 tb1 = tb->jmp_next[n];
1253 /* find head of list */
1256 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1259 tb1 = tb1->jmp_next[n1];
1261 /* we are now sure now that tb jumps to tb1 */
1264 /* remove tb from the jmp_first list */
1265 ptb = &tb_next->jmp_first;
1269 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1270 if (n1 == n && tb1 == tb)
1272 ptb = &tb1->jmp_next[n1];
1274 *ptb = tb->jmp_next[n];
1275 tb->jmp_next[n] = NULL;
1277 /* suppress the jump to next tb in generated code */
1278 tb_reset_jump(tb, n);
1280 /* suppress jumps in the tb on which we could have jumped */
1281 tb_reset_jump_recursive(tb_next);
1285 static void tb_reset_jump_recursive(TranslationBlock *tb)
1287 tb_reset_jump_recursive2(tb, 0);
1288 tb_reset_jump_recursive2(tb, 1);
1291 #if defined(TARGET_HAS_ICE)
1292 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1294 target_phys_addr_t addr;
1296 ram_addr_t ram_addr;
1299 addr = cpu_get_phys_page_debug(env, pc);
1300 p = phys_page_find(addr >> TARGET_PAGE_BITS);
1302 pd = IO_MEM_UNASSIGNED;
1304 pd = p->phys_offset;
1306 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
1307 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1311 /* Add a watchpoint. */
1312 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, int type)
1316 for (i = 0; i < env->nb_watchpoints; i++) {
1317 if (addr == env->watchpoint[i].vaddr)
1320 if (env->nb_watchpoints >= MAX_WATCHPOINTS)
1323 i = env->nb_watchpoints++;
1324 env->watchpoint[i].vaddr = addr;
1325 env->watchpoint[i].type = type;
1326 tlb_flush_page(env, addr);
1327 /* FIXME: This flush is needed because of the hack to make memory ops
1328 terminate the TB. It can be removed once the proper IO trap and
1329 re-execute bits are in. */
1334 /* Remove a watchpoint. */
1335 int cpu_watchpoint_remove(CPUState *env, target_ulong addr)
1339 for (i = 0; i < env->nb_watchpoints; i++) {
1340 if (addr == env->watchpoint[i].vaddr) {
1341 env->nb_watchpoints--;
1342 env->watchpoint[i] = env->watchpoint[env->nb_watchpoints];
1343 tlb_flush_page(env, addr);
1350 /* Remove all watchpoints. */
1351 void cpu_watchpoint_remove_all(CPUState *env) {
1354 for (i = 0; i < env->nb_watchpoints; i++) {
1355 tlb_flush_page(env, env->watchpoint[i].vaddr);
1357 env->nb_watchpoints = 0;
1360 /* add a breakpoint. EXCP_DEBUG is returned by the CPU loop if a
1361 breakpoint is reached */
1362 int cpu_breakpoint_insert(CPUState *env, target_ulong pc)
1364 #if defined(TARGET_HAS_ICE)
1367 for(i = 0; i < env->nb_breakpoints; i++) {
1368 if (env->breakpoints[i] == pc)
1372 if (env->nb_breakpoints >= MAX_BREAKPOINTS)
1374 env->breakpoints[env->nb_breakpoints++] = pc;
1376 breakpoint_invalidate(env, pc);
1383 /* remove all breakpoints */
1384 void cpu_breakpoint_remove_all(CPUState *env) {
1385 #if defined(TARGET_HAS_ICE)
1387 for(i = 0; i < env->nb_breakpoints; i++) {
1388 breakpoint_invalidate(env, env->breakpoints[i]);
1390 env->nb_breakpoints = 0;
1394 /* remove a breakpoint */
1395 int cpu_breakpoint_remove(CPUState *env, target_ulong pc)
1397 #if defined(TARGET_HAS_ICE)
1399 for(i = 0; i < env->nb_breakpoints; i++) {
1400 if (env->breakpoints[i] == pc)
1405 env->nb_breakpoints--;
1406 if (i < env->nb_breakpoints)
1407 env->breakpoints[i] = env->breakpoints[env->nb_breakpoints];
1409 breakpoint_invalidate(env, pc);
1416 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1417 CPU loop after each instruction */
1418 void cpu_single_step(CPUState *env, int enabled)
1420 #if defined(TARGET_HAS_ICE)
1421 if (env->singlestep_enabled != enabled) {
1422 env->singlestep_enabled = enabled;
1423 /* must flush all the translated code to avoid inconsistancies */
1424 /* XXX: only flush what is necessary */
1430 /* enable or disable low levels log */
1431 void cpu_set_log(int log_flags)
1433 loglevel = log_flags;
1434 if (loglevel && !logfile) {
1435 logfile = fopen(logfilename, log_append ? "a" : "w");
1437 perror(logfilename);
1440 #if !defined(CONFIG_SOFTMMU)
1441 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1443 static char logfile_buf[4096];
1444 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1447 setvbuf(logfile, NULL, _IOLBF, 0);
1451 if (!loglevel && logfile) {
1457 void cpu_set_log_filename(const char *filename)
1459 logfilename = strdup(filename);
1464 cpu_set_log(loglevel);
1467 /* mask must never be zero, except for A20 change call */
1468 void cpu_interrupt(CPUState *env, int mask)
1470 #if !defined(USE_NPTL)
1471 TranslationBlock *tb;
1472 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1476 old_mask = env->interrupt_request;
1477 /* FIXME: This is probably not threadsafe. A different thread could
1478 be in the middle of a read-modify-write operation. */
1479 env->interrupt_request |= mask;
1480 #if defined(USE_NPTL)
1481 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1482 problem and hope the cpu will stop of its own accord. For userspace
1483 emulation this often isn't actually as bad as it sounds. Often
1484 signals are used primarily to interrupt blocking syscalls. */
1487 env->icount_decr.u16.high = 0xffff;
1488 #ifndef CONFIG_USER_ONLY
1489 /* CPU_INTERRUPT_EXIT isn't a real interrupt. It just means
1490 an async event happened and we need to process it. */
1492 && (mask & ~(old_mask | CPU_INTERRUPT_EXIT)) != 0) {
1493 cpu_abort(env, "Raised interrupt while not in I/O function");
1497 tb = env->current_tb;
1498 /* if the cpu is currently executing code, we must unlink it and
1499 all the potentially executing TB */
1500 if (tb && !testandset(&interrupt_lock)) {
1501 env->current_tb = NULL;
1502 tb_reset_jump_recursive(tb);
1503 resetlock(&interrupt_lock);
1509 void cpu_reset_interrupt(CPUState *env, int mask)
1511 env->interrupt_request &= ~mask;
1514 const CPULogItem cpu_log_items[] = {
1515 { CPU_LOG_TB_OUT_ASM, "out_asm",
1516 "show generated host assembly code for each compiled TB" },
1517 { CPU_LOG_TB_IN_ASM, "in_asm",
1518 "show target assembly code for each compiled TB" },
1519 { CPU_LOG_TB_OP, "op",
1520 "show micro ops for each compiled TB" },
1521 { CPU_LOG_TB_OP_OPT, "op_opt",
1524 "before eflags optimization and "
1526 "after liveness analysis" },
1527 { CPU_LOG_INT, "int",
1528 "show interrupts/exceptions in short format" },
1529 { CPU_LOG_EXEC, "exec",
1530 "show trace before each executed TB (lots of logs)" },
1531 { CPU_LOG_TB_CPU, "cpu",
1532 "show CPU state before block translation" },
1534 { CPU_LOG_PCALL, "pcall",
1535 "show protected mode far calls/returns/exceptions" },
1538 { CPU_LOG_IOPORT, "ioport",
1539 "show all i/o ports accesses" },
1544 static int cmp1(const char *s1, int n, const char *s2)
1546 if (strlen(s2) != n)
1548 return memcmp(s1, s2, n) == 0;
1551 /* takes a comma separated list of log masks. Return 0 if error. */
1552 int cpu_str_to_log_mask(const char *str)
1554 const CPULogItem *item;
1561 p1 = strchr(p, ',');
1564 if(cmp1(p,p1-p,"all")) {
1565 for(item = cpu_log_items; item->mask != 0; item++) {
1569 for(item = cpu_log_items; item->mask != 0; item++) {
1570 if (cmp1(p, p1 - p, item->name))
1584 void cpu_abort(CPUState *env, const char *fmt, ...)
1591 fprintf(stderr, "qemu: fatal: ");
1592 vfprintf(stderr, fmt, ap);
1593 fprintf(stderr, "\n");
1595 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1597 cpu_dump_state(env, stderr, fprintf, 0);
1600 fprintf(logfile, "qemu: fatal: ");
1601 vfprintf(logfile, fmt, ap2);
1602 fprintf(logfile, "\n");
1604 cpu_dump_state(env, logfile, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1606 cpu_dump_state(env, logfile, fprintf, 0);
1616 CPUState *cpu_copy(CPUState *env)
1618 CPUState *new_env = cpu_init(env->cpu_model_str);
1619 /* preserve chaining and index */
1620 CPUState *next_cpu = new_env->next_cpu;
1621 int cpu_index = new_env->cpu_index;
1622 memcpy(new_env, env, sizeof(CPUState));
1623 new_env->next_cpu = next_cpu;
1624 new_env->cpu_index = cpu_index;
1628 #if !defined(CONFIG_USER_ONLY)
1630 static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1634 /* Discard jump cache entries for any tb which might potentially
1635 overlap the flushed page. */
1636 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1637 memset (&env->tb_jmp_cache[i], 0,
1638 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1640 i = tb_jmp_cache_hash_page(addr);
1641 memset (&env->tb_jmp_cache[i], 0,
1642 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1645 /* NOTE: if flush_global is true, also flush global entries (not
1647 void tlb_flush(CPUState *env, int flush_global)
1651 #if defined(DEBUG_TLB)
1652 printf("tlb_flush:\n");
1654 /* must reset current TB so that interrupts cannot modify the
1655 links while we are modifying them */
1656 env->current_tb = NULL;
1658 for(i = 0; i < CPU_TLB_SIZE; i++) {
1659 env->tlb_table[0][i].addr_read = -1;
1660 env->tlb_table[0][i].addr_write = -1;
1661 env->tlb_table[0][i].addr_code = -1;
1662 env->tlb_table[1][i].addr_read = -1;
1663 env->tlb_table[1][i].addr_write = -1;
1664 env->tlb_table[1][i].addr_code = -1;
1665 #if (NB_MMU_MODES >= 3)
1666 env->tlb_table[2][i].addr_read = -1;
1667 env->tlb_table[2][i].addr_write = -1;
1668 env->tlb_table[2][i].addr_code = -1;
1669 #if (NB_MMU_MODES == 4)
1670 env->tlb_table[3][i].addr_read = -1;
1671 env->tlb_table[3][i].addr_write = -1;
1672 env->tlb_table[3][i].addr_code = -1;
1677 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
1680 if (env->kqemu_enabled) {
1681 kqemu_flush(env, flush_global);
1687 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
1689 if (addr == (tlb_entry->addr_read &
1690 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1691 addr == (tlb_entry->addr_write &
1692 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1693 addr == (tlb_entry->addr_code &
1694 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
1695 tlb_entry->addr_read = -1;
1696 tlb_entry->addr_write = -1;
1697 tlb_entry->addr_code = -1;
1701 void tlb_flush_page(CPUState *env, target_ulong addr)
1705 #if defined(DEBUG_TLB)
1706 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
1708 /* must reset current TB so that interrupts cannot modify the
1709 links while we are modifying them */
1710 env->current_tb = NULL;
1712 addr &= TARGET_PAGE_MASK;
1713 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1714 tlb_flush_entry(&env->tlb_table[0][i], addr);
1715 tlb_flush_entry(&env->tlb_table[1][i], addr);
1716 #if (NB_MMU_MODES >= 3)
1717 tlb_flush_entry(&env->tlb_table[2][i], addr);
1718 #if (NB_MMU_MODES == 4)
1719 tlb_flush_entry(&env->tlb_table[3][i], addr);
1723 tlb_flush_jmp_cache(env, addr);
1726 if (env->kqemu_enabled) {
1727 kqemu_flush_page(env, addr);
1732 /* update the TLBs so that writes to code in the virtual page 'addr'
1734 static void tlb_protect_code(ram_addr_t ram_addr)
1736 cpu_physical_memory_reset_dirty(ram_addr,
1737 ram_addr + TARGET_PAGE_SIZE,
1741 /* update the TLB so that writes in physical page 'phys_addr' are no longer
1742 tested for self modifying code */
1743 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
1746 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] |= CODE_DIRTY_FLAG;
1749 static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
1750 unsigned long start, unsigned long length)
1753 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1754 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
1755 if ((addr - start) < length) {
1756 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
1761 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
1765 unsigned long length, start1;
1769 start &= TARGET_PAGE_MASK;
1770 end = TARGET_PAGE_ALIGN(end);
1772 length = end - start;
1775 len = length >> TARGET_PAGE_BITS;
1777 /* XXX: should not depend on cpu context */
1779 if (env->kqemu_enabled) {
1782 for(i = 0; i < len; i++) {
1783 kqemu_set_notdirty(env, addr);
1784 addr += TARGET_PAGE_SIZE;
1788 mask = ~dirty_flags;
1789 p = phys_ram_dirty + (start >> TARGET_PAGE_BITS);
1790 for(i = 0; i < len; i++)
1793 /* we modify the TLB cache so that the dirty bit will be set again
1794 when accessing the range */
1795 start1 = start + (unsigned long)phys_ram_base;
1796 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1797 for(i = 0; i < CPU_TLB_SIZE; i++)
1798 tlb_reset_dirty_range(&env->tlb_table[0][i], start1, length);
1799 for(i = 0; i < CPU_TLB_SIZE; i++)
1800 tlb_reset_dirty_range(&env->tlb_table[1][i], start1, length);
1801 #if (NB_MMU_MODES >= 3)
1802 for(i = 0; i < CPU_TLB_SIZE; i++)
1803 tlb_reset_dirty_range(&env->tlb_table[2][i], start1, length);
1804 #if (NB_MMU_MODES == 4)
1805 for(i = 0; i < CPU_TLB_SIZE; i++)
1806 tlb_reset_dirty_range(&env->tlb_table[3][i], start1, length);
1812 static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
1814 ram_addr_t ram_addr;
1816 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1817 ram_addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) +
1818 tlb_entry->addend - (unsigned long)phys_ram_base;
1819 if (!cpu_physical_memory_is_dirty(ram_addr)) {
1820 tlb_entry->addr_write |= TLB_NOTDIRTY;
1825 /* update the TLB according to the current state of the dirty bits */
1826 void cpu_tlb_update_dirty(CPUState *env)
1829 for(i = 0; i < CPU_TLB_SIZE; i++)
1830 tlb_update_dirty(&env->tlb_table[0][i]);
1831 for(i = 0; i < CPU_TLB_SIZE; i++)
1832 tlb_update_dirty(&env->tlb_table[1][i]);
1833 #if (NB_MMU_MODES >= 3)
1834 for(i = 0; i < CPU_TLB_SIZE; i++)
1835 tlb_update_dirty(&env->tlb_table[2][i]);
1836 #if (NB_MMU_MODES == 4)
1837 for(i = 0; i < CPU_TLB_SIZE; i++)
1838 tlb_update_dirty(&env->tlb_table[3][i]);
1843 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
1845 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
1846 tlb_entry->addr_write = vaddr;
1849 /* update the TLB corresponding to virtual page vaddr
1850 so that it is no longer dirty */
1851 static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
1855 vaddr &= TARGET_PAGE_MASK;
1856 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1857 tlb_set_dirty1(&env->tlb_table[0][i], vaddr);
1858 tlb_set_dirty1(&env->tlb_table[1][i], vaddr);
1859 #if (NB_MMU_MODES >= 3)
1860 tlb_set_dirty1(&env->tlb_table[2][i], vaddr);
1861 #if (NB_MMU_MODES == 4)
1862 tlb_set_dirty1(&env->tlb_table[3][i], vaddr);
1867 /* add a new TLB entry. At most one entry for a given virtual address
1868 is permitted. Return 0 if OK or 2 if the page could not be mapped
1869 (can only happen in non SOFTMMU mode for I/O pages or pages
1870 conflicting with the host address space). */
1871 int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
1872 target_phys_addr_t paddr, int prot,
1873 int mmu_idx, int is_softmmu)
1878 target_ulong address;
1879 target_ulong code_address;
1880 target_phys_addr_t addend;
1884 target_phys_addr_t iotlb;
1886 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
1888 pd = IO_MEM_UNASSIGNED;
1890 pd = p->phys_offset;
1892 #if defined(DEBUG_TLB)
1893 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x%08x prot=%x idx=%d smmu=%d pd=0x%08lx\n",
1894 vaddr, (int)paddr, prot, mmu_idx, is_softmmu, pd);
1899 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
1900 /* IO memory case (romd handled later) */
1901 address |= TLB_MMIO;
1903 addend = (unsigned long)phys_ram_base + (pd & TARGET_PAGE_MASK);
1904 if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM) {
1906 iotlb = pd & TARGET_PAGE_MASK;
1907 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
1908 iotlb |= IO_MEM_NOTDIRTY;
1910 iotlb |= IO_MEM_ROM;
1912 /* IO handlers are currently passed a phsical address.
1913 It would be nice to pass an offset from the base address
1914 of that region. This would avoid having to special case RAM,
1915 and avoid full address decoding in every device.
1916 We can't use the high bits of pd for this because
1917 IO_MEM_ROMD uses these as a ram address. */
1918 iotlb = (pd & ~TARGET_PAGE_MASK) + paddr;
1921 code_address = address;
1922 /* Make accesses to pages with watchpoints go via the
1923 watchpoint trap routines. */
1924 for (i = 0; i < env->nb_watchpoints; i++) {
1925 if (vaddr == (env->watchpoint[i].vaddr & TARGET_PAGE_MASK)) {
1926 iotlb = io_mem_watch + paddr;
1927 /* TODO: The memory case can be optimized by not trapping
1928 reads of pages with a write breakpoint. */
1929 address |= TLB_MMIO;
1933 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1934 env->iotlb[mmu_idx][index] = iotlb - vaddr;
1935 te = &env->tlb_table[mmu_idx][index];
1936 te->addend = addend - vaddr;
1937 if (prot & PAGE_READ) {
1938 te->addr_read = address;
1943 if (prot & PAGE_EXEC) {
1944 te->addr_code = code_address;
1948 if (prot & PAGE_WRITE) {
1949 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM ||
1950 (pd & IO_MEM_ROMD)) {
1951 /* Write access calls the I/O callback. */
1952 te->addr_write = address | TLB_MMIO;
1953 } else if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
1954 !cpu_physical_memory_is_dirty(pd)) {
1955 te->addr_write = address | TLB_NOTDIRTY;
1957 te->addr_write = address;
1960 te->addr_write = -1;
1967 void tlb_flush(CPUState *env, int flush_global)
1971 void tlb_flush_page(CPUState *env, target_ulong addr)
1975 int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
1976 target_phys_addr_t paddr, int prot,
1977 int mmu_idx, int is_softmmu)
1982 /* dump memory mappings */
1983 void page_dump(FILE *f)
1985 unsigned long start, end;
1986 int i, j, prot, prot1;
1989 fprintf(f, "%-8s %-8s %-8s %s\n",
1990 "start", "end", "size", "prot");
1994 for(i = 0; i <= L1_SIZE; i++) {
1999 for(j = 0;j < L2_SIZE; j++) {
2004 if (prot1 != prot) {
2005 end = (i << (32 - L1_BITS)) | (j << TARGET_PAGE_BITS);
2007 fprintf(f, "%08lx-%08lx %08lx %c%c%c\n",
2008 start, end, end - start,
2009 prot & PAGE_READ ? 'r' : '-',
2010 prot & PAGE_WRITE ? 'w' : '-',
2011 prot & PAGE_EXEC ? 'x' : '-');
2025 int page_get_flags(target_ulong address)
2029 p = page_find(address >> TARGET_PAGE_BITS);
2035 /* modify the flags of a page and invalidate the code if
2036 necessary. The flag PAGE_WRITE_ORG is positionned automatically
2037 depending on PAGE_WRITE */
2038 void page_set_flags(target_ulong start, target_ulong end, int flags)
2043 /* mmap_lock should already be held. */
2044 start = start & TARGET_PAGE_MASK;
2045 end = TARGET_PAGE_ALIGN(end);
2046 if (flags & PAGE_WRITE)
2047 flags |= PAGE_WRITE_ORG;
2048 for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
2049 p = page_find_alloc(addr >> TARGET_PAGE_BITS);
2050 /* We may be called for host regions that are outside guest
2054 /* if the write protection is set, then we invalidate the code
2056 if (!(p->flags & PAGE_WRITE) &&
2057 (flags & PAGE_WRITE) &&
2059 tb_invalidate_phys_page(addr, 0, NULL);
2065 int page_check_range(target_ulong start, target_ulong len, int flags)
2071 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2072 start = start & TARGET_PAGE_MASK;
2075 /* we've wrapped around */
2077 for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
2078 p = page_find(addr >> TARGET_PAGE_BITS);
2081 if( !(p->flags & PAGE_VALID) )
2084 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
2086 if (flags & PAGE_WRITE) {
2087 if (!(p->flags & PAGE_WRITE_ORG))
2089 /* unprotect the page if it was put read-only because it
2090 contains translated code */
2091 if (!(p->flags & PAGE_WRITE)) {
2092 if (!page_unprotect(addr, 0, NULL))
2101 /* called from signal handler: invalidate the code and unprotect the
2102 page. Return TRUE if the fault was succesfully handled. */
2103 int page_unprotect(target_ulong address, unsigned long pc, void *puc)
2105 unsigned int page_index, prot, pindex;
2107 target_ulong host_start, host_end, addr;
2109 /* Technically this isn't safe inside a signal handler. However we
2110 know this only ever happens in a synchronous SEGV handler, so in
2111 practice it seems to be ok. */
2114 host_start = address & qemu_host_page_mask;
2115 page_index = host_start >> TARGET_PAGE_BITS;
2116 p1 = page_find(page_index);
2121 host_end = host_start + qemu_host_page_size;
2124 for(addr = host_start;addr < host_end; addr += TARGET_PAGE_SIZE) {
2128 /* if the page was really writable, then we change its
2129 protection back to writable */
2130 if (prot & PAGE_WRITE_ORG) {
2131 pindex = (address - host_start) >> TARGET_PAGE_BITS;
2132 if (!(p1[pindex].flags & PAGE_WRITE)) {
2133 mprotect((void *)g2h(host_start), qemu_host_page_size,
2134 (prot & PAGE_BITS) | PAGE_WRITE);
2135 p1[pindex].flags |= PAGE_WRITE;
2136 /* and since the content will be modified, we must invalidate
2137 the corresponding translated code. */
2138 tb_invalidate_phys_page(address, pc, puc);
2139 #ifdef DEBUG_TB_CHECK
2140 tb_invalidate_check(address);
2150 static inline void tlb_set_dirty(CPUState *env,
2151 unsigned long addr, target_ulong vaddr)
2154 #endif /* defined(CONFIG_USER_ONLY) */
2156 #if !defined(CONFIG_USER_ONLY)
2157 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2159 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2160 ram_addr_t orig_memory);
2161 #define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2164 if (addr > start_addr) \
2167 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2168 if (start_addr2 > 0) \
2172 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
2173 end_addr2 = TARGET_PAGE_SIZE - 1; \
2175 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2176 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2181 /* register physical memory. 'size' must be a multiple of the target
2182 page size. If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
2184 void cpu_register_physical_memory(target_phys_addr_t start_addr,
2186 ram_addr_t phys_offset)
2188 target_phys_addr_t addr, end_addr;
2191 ram_addr_t orig_size = size;
2195 /* XXX: should not depend on cpu context */
2197 if (env->kqemu_enabled) {
2198 kqemu_set_phys_mem(start_addr, size, phys_offset);
2201 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
2202 end_addr = start_addr + (target_phys_addr_t)size;
2203 for(addr = start_addr; addr != end_addr; addr += TARGET_PAGE_SIZE) {
2204 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2205 if (p && p->phys_offset != IO_MEM_UNASSIGNED) {
2206 ram_addr_t orig_memory = p->phys_offset;
2207 target_phys_addr_t start_addr2, end_addr2;
2208 int need_subpage = 0;
2210 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2212 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2213 if (!(orig_memory & IO_MEM_SUBPAGE)) {
2214 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2215 &p->phys_offset, orig_memory);
2217 subpage = io_mem_opaque[(orig_memory & ~TARGET_PAGE_MASK)
2220 subpage_register(subpage, start_addr2, end_addr2, phys_offset);
2222 p->phys_offset = phys_offset;
2223 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2224 (phys_offset & IO_MEM_ROMD))
2225 phys_offset += TARGET_PAGE_SIZE;
2228 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2229 p->phys_offset = phys_offset;
2230 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2231 (phys_offset & IO_MEM_ROMD))
2232 phys_offset += TARGET_PAGE_SIZE;
2234 target_phys_addr_t start_addr2, end_addr2;
2235 int need_subpage = 0;
2237 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2238 end_addr2, need_subpage);
2240 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2241 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2242 &p->phys_offset, IO_MEM_UNASSIGNED);
2243 subpage_register(subpage, start_addr2, end_addr2,
2250 /* since each CPU stores ram addresses in its TLB cache, we must
2251 reset the modified entries */
2253 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2258 /* XXX: temporary until new memory mapping API */
2259 ram_addr_t cpu_get_physical_page_desc(target_phys_addr_t addr)
2263 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2265 return IO_MEM_UNASSIGNED;
2266 return p->phys_offset;
2269 /* XXX: better than nothing */
2270 ram_addr_t qemu_ram_alloc(ram_addr_t size)
2273 if ((phys_ram_alloc_offset + size) > phys_ram_size) {
2274 fprintf(stderr, "Not enough memory (requested_size = %" PRIu64 ", max memory = %" PRIu64 ")\n",
2275 (uint64_t)size, (uint64_t)phys_ram_size);
2278 addr = phys_ram_alloc_offset;
2279 phys_ram_alloc_offset = TARGET_PAGE_ALIGN(phys_ram_alloc_offset + size);
2283 void qemu_ram_free(ram_addr_t addr)
2287 static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
2289 #ifdef DEBUG_UNASSIGNED
2290 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2293 do_unassigned_access(addr, 0, 0, 0);
2294 #elif defined(TARGET_CRIS)
2295 do_unassigned_access(addr, 0, 0, 0);
2300 static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
2302 #ifdef DEBUG_UNASSIGNED
2303 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2306 do_unassigned_access(addr, 1, 0, 0);
2307 #elif defined(TARGET_CRIS)
2308 do_unassigned_access(addr, 1, 0, 0);
2312 static CPUReadMemoryFunc *unassigned_mem_read[3] = {
2313 unassigned_mem_readb,
2314 unassigned_mem_readb,
2315 unassigned_mem_readb,
2318 static CPUWriteMemoryFunc *unassigned_mem_write[3] = {
2319 unassigned_mem_writeb,
2320 unassigned_mem_writeb,
2321 unassigned_mem_writeb,
2324 static void notdirty_mem_writeb(void *opaque, target_phys_addr_t ram_addr,
2328 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2329 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2330 #if !defined(CONFIG_USER_ONLY)
2331 tb_invalidate_phys_page_fast(ram_addr, 1);
2332 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2335 stb_p(phys_ram_base + ram_addr, val);
2337 if (cpu_single_env->kqemu_enabled &&
2338 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2339 kqemu_modify_page(cpu_single_env, ram_addr);
2341 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2342 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2343 /* we remove the notdirty callback only if the code has been
2345 if (dirty_flags == 0xff)
2346 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2349 static void notdirty_mem_writew(void *opaque, target_phys_addr_t ram_addr,
2353 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2354 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2355 #if !defined(CONFIG_USER_ONLY)
2356 tb_invalidate_phys_page_fast(ram_addr, 2);
2357 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2360 stw_p(phys_ram_base + ram_addr, val);
2362 if (cpu_single_env->kqemu_enabled &&
2363 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2364 kqemu_modify_page(cpu_single_env, ram_addr);
2366 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2367 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2368 /* we remove the notdirty callback only if the code has been
2370 if (dirty_flags == 0xff)
2371 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2374 static void notdirty_mem_writel(void *opaque, target_phys_addr_t ram_addr,
2378 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2379 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2380 #if !defined(CONFIG_USER_ONLY)
2381 tb_invalidate_phys_page_fast(ram_addr, 4);
2382 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2385 stl_p(phys_ram_base + ram_addr, val);
2387 if (cpu_single_env->kqemu_enabled &&
2388 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2389 kqemu_modify_page(cpu_single_env, ram_addr);
2391 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2392 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2393 /* we remove the notdirty callback only if the code has been
2395 if (dirty_flags == 0xff)
2396 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2399 static CPUReadMemoryFunc *error_mem_read[3] = {
2400 NULL, /* never used */
2401 NULL, /* never used */
2402 NULL, /* never used */
2405 static CPUWriteMemoryFunc *notdirty_mem_write[3] = {
2406 notdirty_mem_writeb,
2407 notdirty_mem_writew,
2408 notdirty_mem_writel,
2411 /* Generate a debug exception if a watchpoint has been hit. */
2412 static void check_watchpoint(int offset, int flags)
2414 CPUState *env = cpu_single_env;
2418 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2419 for (i = 0; i < env->nb_watchpoints; i++) {
2420 if (vaddr == env->watchpoint[i].vaddr
2421 && (env->watchpoint[i].type & flags)) {
2422 env->watchpoint_hit = i + 1;
2423 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
2429 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2430 so these check for a hit then pass through to the normal out-of-line
2432 static uint32_t watch_mem_readb(void *opaque, target_phys_addr_t addr)
2434 check_watchpoint(addr & ~TARGET_PAGE_MASK, PAGE_READ);
2435 return ldub_phys(addr);
2438 static uint32_t watch_mem_readw(void *opaque, target_phys_addr_t addr)
2440 check_watchpoint(addr & ~TARGET_PAGE_MASK, PAGE_READ);
2441 return lduw_phys(addr);
2444 static uint32_t watch_mem_readl(void *opaque, target_phys_addr_t addr)
2446 check_watchpoint(addr & ~TARGET_PAGE_MASK, PAGE_READ);
2447 return ldl_phys(addr);
2450 static void watch_mem_writeb(void *opaque, target_phys_addr_t addr,
2453 check_watchpoint(addr & ~TARGET_PAGE_MASK, PAGE_WRITE);
2454 stb_phys(addr, val);
2457 static void watch_mem_writew(void *opaque, target_phys_addr_t addr,
2460 check_watchpoint(addr & ~TARGET_PAGE_MASK, PAGE_WRITE);
2461 stw_phys(addr, val);
2464 static void watch_mem_writel(void *opaque, target_phys_addr_t addr,
2467 check_watchpoint(addr & ~TARGET_PAGE_MASK, PAGE_WRITE);
2468 stl_phys(addr, val);
2471 static CPUReadMemoryFunc *watch_mem_read[3] = {
2477 static CPUWriteMemoryFunc *watch_mem_write[3] = {
2483 static inline uint32_t subpage_readlen (subpage_t *mmio, target_phys_addr_t addr,
2489 idx = SUBPAGE_IDX(addr - mmio->base);
2490 #if defined(DEBUG_SUBPAGE)
2491 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
2492 mmio, len, addr, idx);
2494 ret = (**mmio->mem_read[idx][len])(mmio->opaque[idx][0][len], addr);
2499 static inline void subpage_writelen (subpage_t *mmio, target_phys_addr_t addr,
2500 uint32_t value, unsigned int len)
2504 idx = SUBPAGE_IDX(addr - mmio->base);
2505 #if defined(DEBUG_SUBPAGE)
2506 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d value %08x\n", __func__,
2507 mmio, len, addr, idx, value);
2509 (**mmio->mem_write[idx][len])(mmio->opaque[idx][1][len], addr, value);
2512 static uint32_t subpage_readb (void *opaque, target_phys_addr_t addr)
2514 #if defined(DEBUG_SUBPAGE)
2515 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2518 return subpage_readlen(opaque, addr, 0);
2521 static void subpage_writeb (void *opaque, target_phys_addr_t addr,
2524 #if defined(DEBUG_SUBPAGE)
2525 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2527 subpage_writelen(opaque, addr, value, 0);
2530 static uint32_t subpage_readw (void *opaque, target_phys_addr_t addr)
2532 #if defined(DEBUG_SUBPAGE)
2533 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2536 return subpage_readlen(opaque, addr, 1);
2539 static void subpage_writew (void *opaque, target_phys_addr_t addr,
2542 #if defined(DEBUG_SUBPAGE)
2543 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2545 subpage_writelen(opaque, addr, value, 1);
2548 static uint32_t subpage_readl (void *opaque, target_phys_addr_t addr)
2550 #if defined(DEBUG_SUBPAGE)
2551 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2554 return subpage_readlen(opaque, addr, 2);
2557 static void subpage_writel (void *opaque,
2558 target_phys_addr_t addr, uint32_t value)
2560 #if defined(DEBUG_SUBPAGE)
2561 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2563 subpage_writelen(opaque, addr, value, 2);
2566 static CPUReadMemoryFunc *subpage_read[] = {
2572 static CPUWriteMemoryFunc *subpage_write[] = {
2578 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2584 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2586 idx = SUBPAGE_IDX(start);
2587 eidx = SUBPAGE_IDX(end);
2588 #if defined(DEBUG_SUBPAGE)
2589 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %d\n", __func__,
2590 mmio, start, end, idx, eidx, memory);
2592 memory >>= IO_MEM_SHIFT;
2593 for (; idx <= eidx; idx++) {
2594 for (i = 0; i < 4; i++) {
2595 if (io_mem_read[memory][i]) {
2596 mmio->mem_read[idx][i] = &io_mem_read[memory][i];
2597 mmio->opaque[idx][0][i] = io_mem_opaque[memory];
2599 if (io_mem_write[memory][i]) {
2600 mmio->mem_write[idx][i] = &io_mem_write[memory][i];
2601 mmio->opaque[idx][1][i] = io_mem_opaque[memory];
2609 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2610 ram_addr_t orig_memory)
2615 mmio = qemu_mallocz(sizeof(subpage_t));
2618 subpage_memory = cpu_register_io_memory(0, subpage_read, subpage_write, mmio);
2619 #if defined(DEBUG_SUBPAGE)
2620 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
2621 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
2623 *phys = subpage_memory | IO_MEM_SUBPAGE;
2624 subpage_register(mmio, 0, TARGET_PAGE_SIZE - 1, orig_memory);
2630 static void io_mem_init(void)
2632 cpu_register_io_memory(IO_MEM_ROM >> IO_MEM_SHIFT, error_mem_read, unassigned_mem_write, NULL);
2633 cpu_register_io_memory(IO_MEM_UNASSIGNED >> IO_MEM_SHIFT, unassigned_mem_read, unassigned_mem_write, NULL);
2634 cpu_register_io_memory(IO_MEM_NOTDIRTY >> IO_MEM_SHIFT, error_mem_read, notdirty_mem_write, NULL);
2637 io_mem_watch = cpu_register_io_memory(0, watch_mem_read,
2638 watch_mem_write, NULL);
2639 /* alloc dirty bits array */
2640 phys_ram_dirty = qemu_vmalloc(phys_ram_size >> TARGET_PAGE_BITS);
2641 memset(phys_ram_dirty, 0xff, phys_ram_size >> TARGET_PAGE_BITS);
2644 /* mem_read and mem_write are arrays of functions containing the
2645 function to access byte (index 0), word (index 1) and dword (index
2646 2). Functions can be omitted with a NULL function pointer. The
2647 registered functions may be modified dynamically later.
2648 If io_index is non zero, the corresponding io zone is
2649 modified. If it is zero, a new io zone is allocated. The return
2650 value can be used with cpu_register_physical_memory(). (-1) is
2651 returned if error. */
2652 int cpu_register_io_memory(int io_index,
2653 CPUReadMemoryFunc **mem_read,
2654 CPUWriteMemoryFunc **mem_write,
2657 int i, subwidth = 0;
2659 if (io_index <= 0) {
2660 if (io_mem_nb >= IO_MEM_NB_ENTRIES)
2662 io_index = io_mem_nb++;
2664 if (io_index >= IO_MEM_NB_ENTRIES)
2668 for(i = 0;i < 3; i++) {
2669 if (!mem_read[i] || !mem_write[i])
2670 subwidth = IO_MEM_SUBWIDTH;
2671 io_mem_read[io_index][i] = mem_read[i];
2672 io_mem_write[io_index][i] = mem_write[i];
2674 io_mem_opaque[io_index] = opaque;
2675 return (io_index << IO_MEM_SHIFT) | subwidth;
2678 CPUWriteMemoryFunc **cpu_get_io_memory_write(int io_index)
2680 return io_mem_write[io_index >> IO_MEM_SHIFT];
2683 CPUReadMemoryFunc **cpu_get_io_memory_read(int io_index)
2685 return io_mem_read[io_index >> IO_MEM_SHIFT];
2688 #endif /* !defined(CONFIG_USER_ONLY) */
2690 /* physical memory access (slow version, mainly for debug) */
2691 #if defined(CONFIG_USER_ONLY)
2692 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
2693 int len, int is_write)
2700 page = addr & TARGET_PAGE_MASK;
2701 l = (page + TARGET_PAGE_SIZE) - addr;
2704 flags = page_get_flags(page);
2705 if (!(flags & PAGE_VALID))
2708 if (!(flags & PAGE_WRITE))
2710 /* XXX: this code should not depend on lock_user */
2711 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2712 /* FIXME - should this return an error rather than just fail? */
2715 unlock_user(p, addr, l);
2717 if (!(flags & PAGE_READ))
2719 /* XXX: this code should not depend on lock_user */
2720 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2721 /* FIXME - should this return an error rather than just fail? */
2724 unlock_user(p, addr, 0);
2733 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
2734 int len, int is_write)
2739 target_phys_addr_t page;
2744 page = addr & TARGET_PAGE_MASK;
2745 l = (page + TARGET_PAGE_SIZE) - addr;
2748 p = phys_page_find(page >> TARGET_PAGE_BITS);
2750 pd = IO_MEM_UNASSIGNED;
2752 pd = p->phys_offset;
2756 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
2757 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2758 /* XXX: could force cpu_single_env to NULL to avoid
2760 if (l >= 4 && ((addr & 3) == 0)) {
2761 /* 32 bit write access */
2763 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
2765 } else if (l >= 2 && ((addr & 1) == 0)) {
2766 /* 16 bit write access */
2768 io_mem_write[io_index][1](io_mem_opaque[io_index], addr, val);
2771 /* 8 bit write access */
2773 io_mem_write[io_index][0](io_mem_opaque[io_index], addr, val);
2777 unsigned long addr1;
2778 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
2780 ptr = phys_ram_base + addr1;
2781 memcpy(ptr, buf, l);
2782 if (!cpu_physical_memory_is_dirty(addr1)) {
2783 /* invalidate code */
2784 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
2786 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
2787 (0xff & ~CODE_DIRTY_FLAG);
2791 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
2792 !(pd & IO_MEM_ROMD)) {
2794 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2795 if (l >= 4 && ((addr & 3) == 0)) {
2796 /* 32 bit read access */
2797 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
2800 } else if (l >= 2 && ((addr & 1) == 0)) {
2801 /* 16 bit read access */
2802 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr);
2806 /* 8 bit read access */
2807 val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr);
2813 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
2814 (addr & ~TARGET_PAGE_MASK);
2815 memcpy(buf, ptr, l);
2824 /* used for ROM loading : can write in RAM and ROM */
2825 void cpu_physical_memory_write_rom(target_phys_addr_t addr,
2826 const uint8_t *buf, int len)
2830 target_phys_addr_t page;
2835 page = addr & TARGET_PAGE_MASK;
2836 l = (page + TARGET_PAGE_SIZE) - addr;
2839 p = phys_page_find(page >> TARGET_PAGE_BITS);
2841 pd = IO_MEM_UNASSIGNED;
2843 pd = p->phys_offset;
2846 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM &&
2847 (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM &&
2848 !(pd & IO_MEM_ROMD)) {
2851 unsigned long addr1;
2852 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
2854 ptr = phys_ram_base + addr1;
2855 memcpy(ptr, buf, l);
2864 /* warning: addr must be aligned */
2865 uint32_t ldl_phys(target_phys_addr_t addr)
2873 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2875 pd = IO_MEM_UNASSIGNED;
2877 pd = p->phys_offset;
2880 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
2881 !(pd & IO_MEM_ROMD)) {
2883 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2884 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
2887 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
2888 (addr & ~TARGET_PAGE_MASK);
2894 /* warning: addr must be aligned */
2895 uint64_t ldq_phys(target_phys_addr_t addr)
2903 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2905 pd = IO_MEM_UNASSIGNED;
2907 pd = p->phys_offset;
2910 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
2911 !(pd & IO_MEM_ROMD)) {
2913 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2914 #ifdef TARGET_WORDS_BIGENDIAN
2915 val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32;
2916 val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4);
2918 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
2919 val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32;
2923 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
2924 (addr & ~TARGET_PAGE_MASK);
2931 uint32_t ldub_phys(target_phys_addr_t addr)
2934 cpu_physical_memory_read(addr, &val, 1);
2939 uint32_t lduw_phys(target_phys_addr_t addr)
2942 cpu_physical_memory_read(addr, (uint8_t *)&val, 2);
2943 return tswap16(val);
2946 /* warning: addr must be aligned. The ram page is not masked as dirty
2947 and the code inside is not invalidated. It is useful if the dirty
2948 bits are used to track modified PTEs */
2949 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
2956 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2958 pd = IO_MEM_UNASSIGNED;
2960 pd = p->phys_offset;
2963 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
2964 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2965 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
2967 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
2968 (addr & ~TARGET_PAGE_MASK);
2973 void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
2980 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2982 pd = IO_MEM_UNASSIGNED;
2984 pd = p->phys_offset;
2987 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
2988 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2989 #ifdef TARGET_WORDS_BIGENDIAN
2990 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val >> 32);
2991 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val);
2993 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
2994 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val >> 32);
2997 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
2998 (addr & ~TARGET_PAGE_MASK);
3003 /* warning: addr must be aligned */
3004 void stl_phys(target_phys_addr_t addr, uint32_t val)
3011 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3013 pd = IO_MEM_UNASSIGNED;
3015 pd = p->phys_offset;
3018 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3019 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3020 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3022 unsigned long addr1;
3023 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3025 ptr = phys_ram_base + addr1;
3027 if (!cpu_physical_memory_is_dirty(addr1)) {
3028 /* invalidate code */
3029 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3031 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3032 (0xff & ~CODE_DIRTY_FLAG);
3038 void stb_phys(target_phys_addr_t addr, uint32_t val)
3041 cpu_physical_memory_write(addr, &v, 1);
3045 void stw_phys(target_phys_addr_t addr, uint32_t val)
3047 uint16_t v = tswap16(val);
3048 cpu_physical_memory_write(addr, (const uint8_t *)&v, 2);
3052 void stq_phys(target_phys_addr_t addr, uint64_t val)
3055 cpu_physical_memory_write(addr, (const uint8_t *)&val, 8);
3060 /* virtual memory access for debug */
3061 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3062 uint8_t *buf, int len, int is_write)
3065 target_phys_addr_t phys_addr;
3069 page = addr & TARGET_PAGE_MASK;
3070 phys_addr = cpu_get_phys_page_debug(env, page);
3071 /* if no physical page mapped, return an error */
3072 if (phys_addr == -1)
3074 l = (page + TARGET_PAGE_SIZE) - addr;
3077 cpu_physical_memory_rw(phys_addr + (addr & ~TARGET_PAGE_MASK),
3086 /* in deterministic execution mode, instructions doing device I/Os
3087 must be at the end of the TB */
3088 void cpu_io_recompile(CPUState *env, void *retaddr)
3090 TranslationBlock *tb;
3092 target_ulong pc, cs_base;
3095 tb = tb_find_pc((unsigned long)retaddr);
3097 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
3100 n = env->icount_decr.u16.low + tb->icount;
3101 cpu_restore_state(tb, env, (unsigned long)retaddr, NULL);
3102 /* Calculate how many instructions had been executed before the fault
3104 n = n - env->icount_decr.u16.low;
3105 /* Generate a new TB ending on the I/O insn. */
3107 /* On MIPS and SH, delay slot instructions can only be restarted if
3108 they were already the first instruction in the TB. If this is not
3109 the first instruction in a TB then re-execute the preceding
3111 #if defined(TARGET_MIPS)
3112 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
3113 env->active_tc.PC -= 4;
3114 env->icount_decr.u16.low++;
3115 env->hflags &= ~MIPS_HFLAG_BMASK;
3117 #elif defined(TARGET_SH4)
3118 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
3121 env->icount_decr.u16.low++;
3122 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
3125 /* This should never happen. */
3126 if (n > CF_COUNT_MASK)
3127 cpu_abort(env, "TB too big during recompile");
3129 cflags = n | CF_LAST_IO;
3131 cs_base = tb->cs_base;
3133 tb_phys_invalidate(tb, -1);
3134 /* FIXME: In theory this could raise an exception. In practice
3135 we have already translated the block once so it's probably ok. */
3136 tb_gen_code(env, pc, cs_base, flags, cflags);
3137 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
3138 the first in the TB) then we end up generating a whole new TB and
3139 repeating the fault, which is horribly inefficient.
3140 Better would be to execute just this insn uncached, or generate a
3142 cpu_resume_from_signal(env, NULL);
3145 void dump_exec_info(FILE *f,
3146 int (*cpu_fprintf)(FILE *f, const char *fmt, ...))
3148 int i, target_code_size, max_target_code_size;
3149 int direct_jmp_count, direct_jmp2_count, cross_page;
3150 TranslationBlock *tb;
3152 target_code_size = 0;
3153 max_target_code_size = 0;
3155 direct_jmp_count = 0;
3156 direct_jmp2_count = 0;
3157 for(i = 0; i < nb_tbs; i++) {
3159 target_code_size += tb->size;
3160 if (tb->size > max_target_code_size)
3161 max_target_code_size = tb->size;
3162 if (tb->page_addr[1] != -1)
3164 if (tb->tb_next_offset[0] != 0xffff) {
3166 if (tb->tb_next_offset[1] != 0xffff) {
3167 direct_jmp2_count++;
3171 /* XXX: avoid using doubles ? */
3172 cpu_fprintf(f, "Translation buffer state:\n");
3173 cpu_fprintf(f, "gen code size %ld/%ld\n",
3174 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
3175 cpu_fprintf(f, "TB count %d/%d\n",
3176 nb_tbs, code_gen_max_blocks);
3177 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
3178 nb_tbs ? target_code_size / nb_tbs : 0,
3179 max_target_code_size);
3180 cpu_fprintf(f, "TB avg host size %d bytes (expansion ratio: %0.1f)\n",
3181 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
3182 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
3183 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
3185 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
3186 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
3188 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
3190 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
3191 cpu_fprintf(f, "\nStatistics:\n");
3192 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
3193 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
3194 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
3195 tcg_dump_info(f, cpu_fprintf);
3198 #if !defined(CONFIG_USER_ONLY)
3200 #define MMUSUFFIX _cmmu
3201 #define GETPC() NULL
3202 #define env cpu_single_env
3203 #define SOFTMMU_CODE_ACCESS
3206 #include "softmmu_template.h"
3209 #include "softmmu_template.h"
3212 #include "softmmu_template.h"
3215 #include "softmmu_template.h"
projects / qemu / blob