2 * virtual page mapping and translated block handling
4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 #define WIN32_LEAN_AND_MEAN
25 #include <sys/types.h>
38 #include "qemu-common.h"
40 #if defined(CONFIG_USER_ONLY)
44 //#define DEBUG_TB_INVALIDATE
47 //#define DEBUG_UNASSIGNED
49 /* make various TB consistency checks */
50 //#define DEBUG_TB_CHECK
51 //#define DEBUG_TLB_CHECK
53 //#define DEBUG_IOPORT
54 //#define DEBUG_SUBPAGE
56 #if !defined(CONFIG_USER_ONLY)
57 /* TB consistency checks only implemented for usermode emulation. */
61 #define SMC_BITMAP_USE_THRESHOLD 10
63 #define MMAP_AREA_START 0x00000000
64 #define MMAP_AREA_END 0xa8000000
66 #if defined(TARGET_SPARC64)
67 #define TARGET_PHYS_ADDR_SPACE_BITS 41
68 #elif defined(TARGET_SPARC)
69 #define TARGET_PHYS_ADDR_SPACE_BITS 36
70 #elif defined(TARGET_ALPHA)
71 #define TARGET_PHYS_ADDR_SPACE_BITS 42
72 #define TARGET_VIRT_ADDR_SPACE_BITS 42
73 #elif defined(TARGET_PPC64)
74 #define TARGET_PHYS_ADDR_SPACE_BITS 42
75 #elif defined(TARGET_X86_64) && !defined(USE_KQEMU)
76 #define TARGET_PHYS_ADDR_SPACE_BITS 42
77 #elif defined(TARGET_I386) && !defined(USE_KQEMU)
78 #define TARGET_PHYS_ADDR_SPACE_BITS 36
80 /* Note: for compatibility with kqemu, we use 32 bits for x86_64 */
81 #define TARGET_PHYS_ADDR_SPACE_BITS 32
84 TranslationBlock *tbs;
85 int code_gen_max_blocks;
86 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
88 /* any access to the tbs or the page table must use this lock */
89 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
91 uint8_t code_gen_prologue[1024] __attribute__((aligned (32)));
92 uint8_t *code_gen_buffer;
93 unsigned long code_gen_buffer_size;
94 /* threshold to flush the translated code buffer */
95 unsigned long code_gen_buffer_max_size;
96 uint8_t *code_gen_ptr;
98 #if !defined(CONFIG_USER_ONLY)
99 ram_addr_t phys_ram_size;
101 uint8_t *phys_ram_base;
102 uint8_t *phys_ram_dirty;
103 static ram_addr_t phys_ram_alloc_offset = 0;
107 /* current CPU in the current thread. It is only valid inside
109 CPUState *cpu_single_env;
110 /* 0 = Do not count executed instructions.
111 1 = Precice instruction counting.
112 2 = Adaptive rate instruction counting. */
114 /* Current instruction counter. While executing translated code this may
115 include some instructions that have not yet been executed. */
118 typedef struct PageDesc {
119 /* list of TBs intersecting this ram page */
120 TranslationBlock *first_tb;
121 /* in order to optimize self modifying code, we count the number
122 of lookups we do to a given page to use a bitmap */
123 unsigned int code_write_count;
124 uint8_t *code_bitmap;
125 #if defined(CONFIG_USER_ONLY)
130 typedef struct PhysPageDesc {
131 /* offset in host memory of the page + io_index in the low bits */
132 ram_addr_t phys_offset;
136 #if defined(CONFIG_USER_ONLY) && defined(TARGET_VIRT_ADDR_SPACE_BITS)
137 /* XXX: this is a temporary hack for alpha target.
138 * In the future, this is to be replaced by a multi-level table
139 * to actually be able to handle the complete 64 bits address space.
141 #define L1_BITS (TARGET_VIRT_ADDR_SPACE_BITS - L2_BITS - TARGET_PAGE_BITS)
143 #define L1_BITS (32 - L2_BITS - TARGET_PAGE_BITS)
146 #define L1_SIZE (1 << L1_BITS)
147 #define L2_SIZE (1 << L2_BITS)
149 unsigned long qemu_real_host_page_size;
150 unsigned long qemu_host_page_bits;
151 unsigned long qemu_host_page_size;
152 unsigned long qemu_host_page_mask;
154 /* XXX: for system emulation, it could just be an array */
155 static PageDesc *l1_map[L1_SIZE];
156 PhysPageDesc **l1_phys_map;
158 #if !defined(CONFIG_USER_ONLY)
159 static void io_mem_init(void);
161 /* io memory support */
162 CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4];
163 CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
164 void *io_mem_opaque[IO_MEM_NB_ENTRIES];
165 static int io_mem_nb;
166 static int io_mem_watch;
170 char *logfilename = "/tmp/qemu.log";
173 static int log_append = 0;
176 static int tlb_flush_count;
177 static int tb_flush_count;
178 static int tb_phys_invalidate_count;
180 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
181 typedef struct subpage_t {
182 target_phys_addr_t base;
183 CPUReadMemoryFunc **mem_read[TARGET_PAGE_SIZE][4];
184 CPUWriteMemoryFunc **mem_write[TARGET_PAGE_SIZE][4];
185 void *opaque[TARGET_PAGE_SIZE][2][4];
189 static void map_exec(void *addr, long size)
192 VirtualProtect(addr, size,
193 PAGE_EXECUTE_READWRITE, &old_protect);
197 static void map_exec(void *addr, long size)
199 unsigned long start, end, page_size;
201 page_size = getpagesize();
202 start = (unsigned long)addr;
203 start &= ~(page_size - 1);
205 end = (unsigned long)addr + size;
206 end += page_size - 1;
207 end &= ~(page_size - 1);
209 mprotect((void *)start, end - start,
210 PROT_READ | PROT_WRITE | PROT_EXEC);
214 static void page_init(void)
216 /* NOTE: we can always suppose that qemu_host_page_size >=
220 SYSTEM_INFO system_info;
223 GetSystemInfo(&system_info);
224 qemu_real_host_page_size = system_info.dwPageSize;
227 qemu_real_host_page_size = getpagesize();
229 if (qemu_host_page_size == 0)
230 qemu_host_page_size = qemu_real_host_page_size;
231 if (qemu_host_page_size < TARGET_PAGE_SIZE)
232 qemu_host_page_size = TARGET_PAGE_SIZE;
233 qemu_host_page_bits = 0;
234 while ((1 << qemu_host_page_bits) < qemu_host_page_size)
235 qemu_host_page_bits++;
236 qemu_host_page_mask = ~(qemu_host_page_size - 1);
237 l1_phys_map = qemu_vmalloc(L1_SIZE * sizeof(void *));
238 memset(l1_phys_map, 0, L1_SIZE * sizeof(void *));
240 #if !defined(_WIN32) && defined(CONFIG_USER_ONLY)
242 long long startaddr, endaddr;
247 last_brk = (unsigned long)sbrk(0);
248 f = fopen("/proc/self/maps", "r");
251 n = fscanf (f, "%llx-%llx %*[^\n]\n", &startaddr, &endaddr);
253 startaddr = MIN(startaddr,
254 (1ULL << TARGET_PHYS_ADDR_SPACE_BITS) - 1);
255 endaddr = MIN(endaddr,
256 (1ULL << TARGET_PHYS_ADDR_SPACE_BITS) - 1);
257 page_set_flags(startaddr & TARGET_PAGE_MASK,
258 TARGET_PAGE_ALIGN(endaddr),
269 static inline PageDesc *page_find_alloc(target_ulong index)
273 #if TARGET_LONG_BITS > 32
274 /* Host memory outside guest VM. For 32-bit targets we have already
275 excluded high addresses. */
276 if (index > ((target_ulong)L2_SIZE * L1_SIZE * TARGET_PAGE_SIZE))
279 lp = &l1_map[index >> L2_BITS];
282 /* allocate if not found */
283 #if defined(CONFIG_USER_ONLY)
285 size_t len = sizeof(PageDesc) * L2_SIZE;
286 /* Don't use qemu_malloc because it may recurse. */
287 p = mmap(0, len, PROT_READ | PROT_WRITE,
288 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
291 if (addr == (target_ulong)addr) {
292 page_set_flags(addr & TARGET_PAGE_MASK,
293 TARGET_PAGE_ALIGN(addr + len),
297 p = qemu_mallocz(sizeof(PageDesc) * L2_SIZE);
301 return p + (index & (L2_SIZE - 1));
304 static inline PageDesc *page_find(target_ulong index)
308 p = l1_map[index >> L2_BITS];
311 return p + (index & (L2_SIZE - 1));
314 static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
319 p = (void **)l1_phys_map;
320 #if TARGET_PHYS_ADDR_SPACE_BITS > 32
322 #if TARGET_PHYS_ADDR_SPACE_BITS > (32 + L1_BITS)
323 #error unsupported TARGET_PHYS_ADDR_SPACE_BITS
325 lp = p + ((index >> (L1_BITS + L2_BITS)) & (L1_SIZE - 1));
328 /* allocate if not found */
331 p = qemu_vmalloc(sizeof(void *) * L1_SIZE);
332 memset(p, 0, sizeof(void *) * L1_SIZE);
336 lp = p + ((index >> L2_BITS) & (L1_SIZE - 1));
340 /* allocate if not found */
343 pd = qemu_vmalloc(sizeof(PhysPageDesc) * L2_SIZE);
345 for (i = 0; i < L2_SIZE; i++)
346 pd[i].phys_offset = IO_MEM_UNASSIGNED;
348 return ((PhysPageDesc *)pd) + (index & (L2_SIZE - 1));
351 static inline PhysPageDesc *phys_page_find(target_phys_addr_t index)
353 return phys_page_find_alloc(index, 0);
356 #if !defined(CONFIG_USER_ONLY)
357 static void tlb_protect_code(ram_addr_t ram_addr);
358 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
360 #define mmap_lock() do { } while(0)
361 #define mmap_unlock() do { } while(0)
364 #define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
366 #if defined(CONFIG_USER_ONLY)
367 /* Currently it is not recommanded to allocate big chunks of data in
368 user mode. It will change when a dedicated libc will be used */
369 #define USE_STATIC_CODE_GEN_BUFFER
372 #ifdef USE_STATIC_CODE_GEN_BUFFER
373 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE];
376 void code_gen_alloc(unsigned long tb_size)
378 #ifdef USE_STATIC_CODE_GEN_BUFFER
379 code_gen_buffer = static_code_gen_buffer;
380 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
381 map_exec(code_gen_buffer, code_gen_buffer_size);
383 code_gen_buffer_size = tb_size;
384 if (code_gen_buffer_size == 0) {
385 #if defined(CONFIG_USER_ONLY)
386 /* in user mode, phys_ram_size is not meaningful */
387 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
389 /* XXX: needs ajustments */
390 code_gen_buffer_size = (int)(phys_ram_size / 4);
393 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
394 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
395 /* The code gen buffer location may have constraints depending on
396 the host cpu and OS */
397 #if defined(__linux__)
400 flags = MAP_PRIVATE | MAP_ANONYMOUS;
401 #if defined(__x86_64__)
403 /* Cannot map more than that */
404 if (code_gen_buffer_size > (800 * 1024 * 1024))
405 code_gen_buffer_size = (800 * 1024 * 1024);
407 code_gen_buffer = mmap(NULL, code_gen_buffer_size,
408 PROT_WRITE | PROT_READ | PROT_EXEC,
410 if (code_gen_buffer == MAP_FAILED) {
411 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
416 code_gen_buffer = qemu_malloc(code_gen_buffer_size);
417 if (!code_gen_buffer) {
418 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
421 map_exec(code_gen_buffer, code_gen_buffer_size);
423 #endif /* !USE_STATIC_CODE_GEN_BUFFER */
424 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
425 code_gen_buffer_max_size = code_gen_buffer_size -
426 code_gen_max_block_size();
427 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
428 tbs = qemu_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
431 /* Must be called before using the QEMU cpus. 'tb_size' is the size
432 (in bytes) allocated to the translation buffer. Zero means default
434 void cpu_exec_init_all(unsigned long tb_size)
437 code_gen_alloc(tb_size);
438 code_gen_ptr = code_gen_buffer;
440 #if !defined(CONFIG_USER_ONLY)
445 void cpu_exec_init(CPUState *env)
450 env->next_cpu = NULL;
453 while (*penv != NULL) {
454 penv = (CPUState **)&(*penv)->next_cpu;
457 env->cpu_index = cpu_index;
458 env->nb_watchpoints = 0;
462 static inline void invalidate_page_bitmap(PageDesc *p)
464 if (p->code_bitmap) {
465 qemu_free(p->code_bitmap);
466 p->code_bitmap = NULL;
468 p->code_write_count = 0;
471 /* set to NULL all the 'first_tb' fields in all PageDescs */
472 static void page_flush_tb(void)
477 for(i = 0; i < L1_SIZE; i++) {
480 for(j = 0; j < L2_SIZE; j++) {
482 invalidate_page_bitmap(p);
489 /* flush all the translation blocks */
490 /* XXX: tb_flush is currently not thread safe */
491 void tb_flush(CPUState *env1)
494 #if defined(DEBUG_FLUSH)
495 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
496 (unsigned long)(code_gen_ptr - code_gen_buffer),
498 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
500 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
501 cpu_abort(env1, "Internal error: code buffer overflow\n");
505 for(env = first_cpu; env != NULL; env = env->next_cpu) {
506 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
509 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
512 code_gen_ptr = code_gen_buffer;
513 /* XXX: flush processor icache at this point if cache flush is
518 #ifdef DEBUG_TB_CHECK
520 static void tb_invalidate_check(target_ulong address)
522 TranslationBlock *tb;
524 address &= TARGET_PAGE_MASK;
525 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
526 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
527 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
528 address >= tb->pc + tb->size)) {
529 printf("ERROR invalidate: address=%08lx PC=%08lx size=%04x\n",
530 address, (long)tb->pc, tb->size);
536 /* verify that all the pages have correct rights for code */
537 static void tb_page_check(void)
539 TranslationBlock *tb;
540 int i, flags1, flags2;
542 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
543 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
544 flags1 = page_get_flags(tb->pc);
545 flags2 = page_get_flags(tb->pc + tb->size - 1);
546 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
547 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
548 (long)tb->pc, tb->size, flags1, flags2);
554 void tb_jmp_check(TranslationBlock *tb)
556 TranslationBlock *tb1;
559 /* suppress any remaining jumps to this TB */
563 tb1 = (TranslationBlock *)((long)tb1 & ~3);
566 tb1 = tb1->jmp_next[n1];
568 /* check end of list */
570 printf("ERROR: jmp_list from 0x%08lx\n", (long)tb);
576 /* invalidate one TB */
577 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
580 TranslationBlock *tb1;
584 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
587 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
591 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
593 TranslationBlock *tb1;
599 tb1 = (TranslationBlock *)((long)tb1 & ~3);
601 *ptb = tb1->page_next[n1];
604 ptb = &tb1->page_next[n1];
608 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
610 TranslationBlock *tb1, **ptb;
613 ptb = &tb->jmp_next[n];
616 /* find tb(n) in circular list */
620 tb1 = (TranslationBlock *)((long)tb1 & ~3);
621 if (n1 == n && tb1 == tb)
624 ptb = &tb1->jmp_first;
626 ptb = &tb1->jmp_next[n1];
629 /* now we can suppress tb(n) from the list */
630 *ptb = tb->jmp_next[n];
632 tb->jmp_next[n] = NULL;
636 /* reset the jump entry 'n' of a TB so that it is not chained to
638 static inline void tb_reset_jump(TranslationBlock *tb, int n)
640 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
643 void tb_phys_invalidate(TranslationBlock *tb, target_ulong page_addr)
648 target_phys_addr_t phys_pc;
649 TranslationBlock *tb1, *tb2;
651 /* remove the TB from the hash list */
652 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
653 h = tb_phys_hash_func(phys_pc);
654 tb_remove(&tb_phys_hash[h], tb,
655 offsetof(TranslationBlock, phys_hash_next));
657 /* remove the TB from the page list */
658 if (tb->page_addr[0] != page_addr) {
659 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
660 tb_page_remove(&p->first_tb, tb);
661 invalidate_page_bitmap(p);
663 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
664 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
665 tb_page_remove(&p->first_tb, tb);
666 invalidate_page_bitmap(p);
669 tb_invalidated_flag = 1;
671 /* remove the TB from the hash list */
672 h = tb_jmp_cache_hash_func(tb->pc);
673 for(env = first_cpu; env != NULL; env = env->next_cpu) {
674 if (env->tb_jmp_cache[h] == tb)
675 env->tb_jmp_cache[h] = NULL;
678 /* suppress this TB from the two jump lists */
679 tb_jmp_remove(tb, 0);
680 tb_jmp_remove(tb, 1);
682 /* suppress any remaining jumps to this TB */
688 tb1 = (TranslationBlock *)((long)tb1 & ~3);
689 tb2 = tb1->jmp_next[n1];
690 tb_reset_jump(tb1, n1);
691 tb1->jmp_next[n1] = NULL;
694 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
696 tb_phys_invalidate_count++;
699 static inline void set_bits(uint8_t *tab, int start, int len)
705 mask = 0xff << (start & 7);
706 if ((start & ~7) == (end & ~7)) {
708 mask &= ~(0xff << (end & 7));
713 start = (start + 8) & ~7;
715 while (start < end1) {
720 mask = ~(0xff << (end & 7));
726 static void build_page_bitmap(PageDesc *p)
728 int n, tb_start, tb_end;
729 TranslationBlock *tb;
731 p->code_bitmap = qemu_mallocz(TARGET_PAGE_SIZE / 8);
738 tb = (TranslationBlock *)((long)tb & ~3);
739 /* NOTE: this is subtle as a TB may span two physical pages */
741 /* NOTE: tb_end may be after the end of the page, but
742 it is not a problem */
743 tb_start = tb->pc & ~TARGET_PAGE_MASK;
744 tb_end = tb_start + tb->size;
745 if (tb_end > TARGET_PAGE_SIZE)
746 tb_end = TARGET_PAGE_SIZE;
749 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
751 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
752 tb = tb->page_next[n];
756 TranslationBlock *tb_gen_code(CPUState *env,
757 target_ulong pc, target_ulong cs_base,
758 int flags, int cflags)
760 TranslationBlock *tb;
762 target_ulong phys_pc, phys_page2, virt_page2;
765 phys_pc = get_phys_addr_code(env, pc);
768 /* flush must be done */
770 /* cannot fail at this point */
772 /* Don't forget to invalidate previous TB info. */
773 tb_invalidated_flag = 1;
775 tc_ptr = code_gen_ptr;
777 tb->cs_base = cs_base;
780 cpu_gen_code(env, tb, &code_gen_size);
781 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
783 /* check next page if needed */
784 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
786 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
787 phys_page2 = get_phys_addr_code(env, virt_page2);
789 tb_link_phys(tb, phys_pc, phys_page2);
793 /* invalidate all TBs which intersect with the target physical page
794 starting in range [start;end[. NOTE: start and end must refer to
795 the same physical page. 'is_cpu_write_access' should be true if called
796 from a real cpu write access: the virtual CPU will exit the current
797 TB if code is modified inside this TB. */
798 void tb_invalidate_phys_page_range(target_phys_addr_t start, target_phys_addr_t end,
799 int is_cpu_write_access)
801 int n, current_tb_modified, current_tb_not_found, current_flags;
802 CPUState *env = cpu_single_env;
804 TranslationBlock *tb, *tb_next, *current_tb, *saved_tb;
805 target_ulong tb_start, tb_end;
806 target_ulong current_pc, current_cs_base;
808 p = page_find(start >> TARGET_PAGE_BITS);
811 if (!p->code_bitmap &&
812 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
813 is_cpu_write_access) {
814 /* build code bitmap */
815 build_page_bitmap(p);
818 /* we remove all the TBs in the range [start, end[ */
819 /* XXX: see if in some cases it could be faster to invalidate all the code */
820 current_tb_not_found = is_cpu_write_access;
821 current_tb_modified = 0;
822 current_tb = NULL; /* avoid warning */
823 current_pc = 0; /* avoid warning */
824 current_cs_base = 0; /* avoid warning */
825 current_flags = 0; /* avoid warning */
829 tb = (TranslationBlock *)((long)tb & ~3);
830 tb_next = tb->page_next[n];
831 /* NOTE: this is subtle as a TB may span two physical pages */
833 /* NOTE: tb_end may be after the end of the page, but
834 it is not a problem */
835 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
836 tb_end = tb_start + tb->size;
838 tb_start = tb->page_addr[1];
839 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
841 if (!(tb_end <= start || tb_start >= end)) {
842 #ifdef TARGET_HAS_PRECISE_SMC
843 if (current_tb_not_found) {
844 current_tb_not_found = 0;
846 if (env->mem_io_pc) {
847 /* now we have a real cpu fault */
848 current_tb = tb_find_pc(env->mem_io_pc);
851 if (current_tb == tb &&
852 (current_tb->cflags & CF_COUNT_MASK) != 1) {
853 /* If we are modifying the current TB, we must stop
854 its execution. We could be more precise by checking
855 that the modification is after the current PC, but it
856 would require a specialized function to partially
857 restore the CPU state */
859 current_tb_modified = 1;
860 cpu_restore_state(current_tb, env,
861 env->mem_io_pc, NULL);
862 #if defined(TARGET_I386)
863 current_flags = env->hflags;
864 current_flags |= (env->eflags & (IOPL_MASK | TF_MASK | VM_MASK));
865 current_cs_base = (target_ulong)env->segs[R_CS].base;
866 current_pc = current_cs_base + env->eip;
868 #error unsupported CPU
871 #endif /* TARGET_HAS_PRECISE_SMC */
872 /* we need to do that to handle the case where a signal
873 occurs while doing tb_phys_invalidate() */
876 saved_tb = env->current_tb;
877 env->current_tb = NULL;
879 tb_phys_invalidate(tb, -1);
881 env->current_tb = saved_tb;
882 if (env->interrupt_request && env->current_tb)
883 cpu_interrupt(env, env->interrupt_request);
888 #if !defined(CONFIG_USER_ONLY)
889 /* if no code remaining, no need to continue to use slow writes */
891 invalidate_page_bitmap(p);
892 if (is_cpu_write_access) {
893 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
897 #ifdef TARGET_HAS_PRECISE_SMC
898 if (current_tb_modified) {
899 /* we generate a block containing just the instruction
900 modifying the memory. It will ensure that it cannot modify
902 env->current_tb = NULL;
903 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
904 cpu_resume_from_signal(env, NULL);
909 /* len must be <= 8 and start must be a multiple of len */
910 static inline void tb_invalidate_phys_page_fast(target_phys_addr_t start, int len)
917 fprintf(logfile, "modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
918 cpu_single_env->mem_io_vaddr, len,
920 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
924 p = page_find(start >> TARGET_PAGE_BITS);
927 if (p->code_bitmap) {
928 offset = start & ~TARGET_PAGE_MASK;
929 b = p->code_bitmap[offset >> 3] >> (offset & 7);
930 if (b & ((1 << len) - 1))
934 tb_invalidate_phys_page_range(start, start + len, 1);
938 #if !defined(CONFIG_SOFTMMU)
939 static void tb_invalidate_phys_page(target_phys_addr_t addr,
940 unsigned long pc, void *puc)
942 int n, current_flags, current_tb_modified;
943 target_ulong current_pc, current_cs_base;
945 TranslationBlock *tb, *current_tb;
946 #ifdef TARGET_HAS_PRECISE_SMC
947 CPUState *env = cpu_single_env;
950 addr &= TARGET_PAGE_MASK;
951 p = page_find(addr >> TARGET_PAGE_BITS);
955 current_tb_modified = 0;
957 current_pc = 0; /* avoid warning */
958 current_cs_base = 0; /* avoid warning */
959 current_flags = 0; /* avoid warning */
960 #ifdef TARGET_HAS_PRECISE_SMC
962 current_tb = tb_find_pc(pc);
967 tb = (TranslationBlock *)((long)tb & ~3);
968 #ifdef TARGET_HAS_PRECISE_SMC
969 if (current_tb == tb &&
970 (current_tb->cflags & CF_COUNT_MASK) != 1) {
971 /* If we are modifying the current TB, we must stop
972 its execution. We could be more precise by checking
973 that the modification is after the current PC, but it
974 would require a specialized function to partially
975 restore the CPU state */
977 current_tb_modified = 1;
978 cpu_restore_state(current_tb, env, pc, puc);
979 #if defined(TARGET_I386)
980 current_flags = env->hflags;
981 current_flags |= (env->eflags & (IOPL_MASK | TF_MASK | VM_MASK));
982 current_cs_base = (target_ulong)env->segs[R_CS].base;
983 current_pc = current_cs_base + env->eip;
985 #error unsupported CPU
988 #endif /* TARGET_HAS_PRECISE_SMC */
989 tb_phys_invalidate(tb, addr);
990 tb = tb->page_next[n];
993 #ifdef TARGET_HAS_PRECISE_SMC
994 if (current_tb_modified) {
995 /* we generate a block containing just the instruction
996 modifying the memory. It will ensure that it cannot modify
998 env->current_tb = NULL;
999 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1000 cpu_resume_from_signal(env, puc);
1006 /* add the tb in the target page and protect it if necessary */
1007 static inline void tb_alloc_page(TranslationBlock *tb,
1008 unsigned int n, target_ulong page_addr)
1011 TranslationBlock *last_first_tb;
1013 tb->page_addr[n] = page_addr;
1014 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS);
1015 tb->page_next[n] = p->first_tb;
1016 last_first_tb = p->first_tb;
1017 p->first_tb = (TranslationBlock *)((long)tb | n);
1018 invalidate_page_bitmap(p);
1020 #if defined(TARGET_HAS_SMC) || 1
1022 #if defined(CONFIG_USER_ONLY)
1023 if (p->flags & PAGE_WRITE) {
1028 /* force the host page as non writable (writes will have a
1029 page fault + mprotect overhead) */
1030 page_addr &= qemu_host_page_mask;
1032 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1033 addr += TARGET_PAGE_SIZE) {
1035 p2 = page_find (addr >> TARGET_PAGE_BITS);
1039 p2->flags &= ~PAGE_WRITE;
1040 page_get_flags(addr);
1042 mprotect(g2h(page_addr), qemu_host_page_size,
1043 (prot & PAGE_BITS) & ~PAGE_WRITE);
1044 #ifdef DEBUG_TB_INVALIDATE
1045 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1050 /* if some code is already present, then the pages are already
1051 protected. So we handle the case where only the first TB is
1052 allocated in a physical page */
1053 if (!last_first_tb) {
1054 tlb_protect_code(page_addr);
1058 #endif /* TARGET_HAS_SMC */
1061 /* Allocate a new translation block. Flush the translation buffer if
1062 too many translation blocks or too much generated code. */
1063 TranslationBlock *tb_alloc(target_ulong pc)
1065 TranslationBlock *tb;
1067 if (nb_tbs >= code_gen_max_blocks ||
1068 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
1070 tb = &tbs[nb_tbs++];
1076 void tb_free(TranslationBlock *tb)
1078 /* In practice this is mostly used for single use temorary TB
1079 Ignore the hard cases and just back up if this TB happens to
1080 be the last one generated. */
1081 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
1082 code_gen_ptr = tb->tc_ptr;
1087 /* add a new TB and link it to the physical page tables. phys_page2 is
1088 (-1) to indicate that only one page contains the TB. */
1089 void tb_link_phys(TranslationBlock *tb,
1090 target_ulong phys_pc, target_ulong phys_page2)
1093 TranslationBlock **ptb;
1095 /* Grab the mmap lock to stop another thread invalidating this TB
1096 before we are done. */
1098 /* add in the physical hash table */
1099 h = tb_phys_hash_func(phys_pc);
1100 ptb = &tb_phys_hash[h];
1101 tb->phys_hash_next = *ptb;
1104 /* add in the page list */
1105 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1106 if (phys_page2 != -1)
1107 tb_alloc_page(tb, 1, phys_page2);
1109 tb->page_addr[1] = -1;
1111 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1112 tb->jmp_next[0] = NULL;
1113 tb->jmp_next[1] = NULL;
1115 /* init original jump addresses */
1116 if (tb->tb_next_offset[0] != 0xffff)
1117 tb_reset_jump(tb, 0);
1118 if (tb->tb_next_offset[1] != 0xffff)
1119 tb_reset_jump(tb, 1);
1121 #ifdef DEBUG_TB_CHECK
1127 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1128 tb[1].tc_ptr. Return NULL if not found */
1129 TranslationBlock *tb_find_pc(unsigned long tc_ptr)
1131 int m_min, m_max, m;
1133 TranslationBlock *tb;
1137 if (tc_ptr < (unsigned long)code_gen_buffer ||
1138 tc_ptr >= (unsigned long)code_gen_ptr)
1140 /* binary search (cf Knuth) */
1143 while (m_min <= m_max) {
1144 m = (m_min + m_max) >> 1;
1146 v = (unsigned long)tb->tc_ptr;
1149 else if (tc_ptr < v) {
1158 static void tb_reset_jump_recursive(TranslationBlock *tb);
1160 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1162 TranslationBlock *tb1, *tb_next, **ptb;
1165 tb1 = tb->jmp_next[n];
1167 /* find head of list */
1170 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1173 tb1 = tb1->jmp_next[n1];
1175 /* we are now sure now that tb jumps to tb1 */
1178 /* remove tb from the jmp_first list */
1179 ptb = &tb_next->jmp_first;
1183 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1184 if (n1 == n && tb1 == tb)
1186 ptb = &tb1->jmp_next[n1];
1188 *ptb = tb->jmp_next[n];
1189 tb->jmp_next[n] = NULL;
1191 /* suppress the jump to next tb in generated code */
1192 tb_reset_jump(tb, n);
1194 /* suppress jumps in the tb on which we could have jumped */
1195 tb_reset_jump_recursive(tb_next);
1199 static void tb_reset_jump_recursive(TranslationBlock *tb)
1201 tb_reset_jump_recursive2(tb, 0);
1202 tb_reset_jump_recursive2(tb, 1);
1205 #if defined(TARGET_HAS_ICE)
1206 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1208 target_phys_addr_t addr;
1210 ram_addr_t ram_addr;
1213 addr = cpu_get_phys_page_debug(env, pc);
1214 p = phys_page_find(addr >> TARGET_PAGE_BITS);
1216 pd = IO_MEM_UNASSIGNED;
1218 pd = p->phys_offset;
1220 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
1221 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1225 /* Add a watchpoint. */
1226 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, int type)
1230 for (i = 0; i < env->nb_watchpoints; i++) {
1231 if (addr == env->watchpoint[i].vaddr)
1234 if (env->nb_watchpoints >= MAX_WATCHPOINTS)
1237 i = env->nb_watchpoints++;
1238 env->watchpoint[i].vaddr = addr;
1239 env->watchpoint[i].type = type;
1240 tlb_flush_page(env, addr);
1241 /* FIXME: This flush is needed because of the hack to make memory ops
1242 terminate the TB. It can be removed once the proper IO trap and
1243 re-execute bits are in. */
1248 /* Remove a watchpoint. */
1249 int cpu_watchpoint_remove(CPUState *env, target_ulong addr)
1253 for (i = 0; i < env->nb_watchpoints; i++) {
1254 if (addr == env->watchpoint[i].vaddr) {
1255 env->nb_watchpoints--;
1256 env->watchpoint[i] = env->watchpoint[env->nb_watchpoints];
1257 tlb_flush_page(env, addr);
1264 /* Remove all watchpoints. */
1265 void cpu_watchpoint_remove_all(CPUState *env) {
1268 for (i = 0; i < env->nb_watchpoints; i++) {
1269 tlb_flush_page(env, env->watchpoint[i].vaddr);
1271 env->nb_watchpoints = 0;
1274 /* add a breakpoint. EXCP_DEBUG is returned by the CPU loop if a
1275 breakpoint is reached */
1276 int cpu_breakpoint_insert(CPUState *env, target_ulong pc)
1278 #if defined(TARGET_HAS_ICE)
1281 for(i = 0; i < env->nb_breakpoints; i++) {
1282 if (env->breakpoints[i] == pc)
1286 if (env->nb_breakpoints >= MAX_BREAKPOINTS)
1288 env->breakpoints[env->nb_breakpoints++] = pc;
1290 breakpoint_invalidate(env, pc);
1297 /* remove all breakpoints */
1298 void cpu_breakpoint_remove_all(CPUState *env) {
1299 #if defined(TARGET_HAS_ICE)
1301 for(i = 0; i < env->nb_breakpoints; i++) {
1302 breakpoint_invalidate(env, env->breakpoints[i]);
1304 env->nb_breakpoints = 0;
1308 /* remove a breakpoint */
1309 int cpu_breakpoint_remove(CPUState *env, target_ulong pc)
1311 #if defined(TARGET_HAS_ICE)
1313 for(i = 0; i < env->nb_breakpoints; i++) {
1314 if (env->breakpoints[i] == pc)
1319 env->nb_breakpoints--;
1320 if (i < env->nb_breakpoints)
1321 env->breakpoints[i] = env->breakpoints[env->nb_breakpoints];
1323 breakpoint_invalidate(env, pc);
1330 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1331 CPU loop after each instruction */
1332 void cpu_single_step(CPUState *env, int enabled)
1334 #if defined(TARGET_HAS_ICE)
1335 if (env->singlestep_enabled != enabled) {
1336 env->singlestep_enabled = enabled;
1337 /* must flush all the translated code to avoid inconsistancies */
1338 /* XXX: only flush what is necessary */
1344 /* enable or disable low levels log */
1345 void cpu_set_log(int log_flags)
1347 loglevel = log_flags;
1348 if (loglevel && !logfile) {
1349 logfile = fopen(logfilename, log_append ? "a" : "w");
1351 perror(logfilename);
1354 #if !defined(CONFIG_SOFTMMU)
1355 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1357 static uint8_t logfile_buf[4096];
1358 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1361 setvbuf(logfile, NULL, _IOLBF, 0);
1365 if (!loglevel && logfile) {
1371 void cpu_set_log_filename(const char *filename)
1373 logfilename = strdup(filename);
1378 cpu_set_log(loglevel);
1381 /* mask must never be zero, except for A20 change call */
1382 void cpu_interrupt(CPUState *env, int mask)
1384 #if !defined(USE_NPTL)
1385 TranslationBlock *tb;
1386 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1390 old_mask = env->interrupt_request;
1391 /* FIXME: This is probably not threadsafe. A different thread could
1392 be in the mittle of a read-modify-write operation. */
1393 env->interrupt_request |= mask;
1394 #if defined(USE_NPTL)
1395 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1396 problem and hope the cpu will stop of its own accord. For userspace
1397 emulation this often isn't actually as bad as it sounds. Often
1398 signals are used primarily to interrupt blocking syscalls. */
1401 env->icount_decr.u16.high = 0x8000;
1402 #ifndef CONFIG_USER_ONLY
1403 /* CPU_INTERRUPT_EXIT isn't a real interrupt. It just means
1404 an async event happened and we need to process it. */
1406 && (mask & ~(old_mask | CPU_INTERRUPT_EXIT)) != 0) {
1407 cpu_abort(env, "Raised interrupt while not in I/O function");
1411 tb = env->current_tb;
1412 /* if the cpu is currently executing code, we must unlink it and
1413 all the potentially executing TB */
1414 if (tb && !testandset(&interrupt_lock)) {
1415 env->current_tb = NULL;
1416 tb_reset_jump_recursive(tb);
1417 resetlock(&interrupt_lock);
1423 void cpu_reset_interrupt(CPUState *env, int mask)
1425 env->interrupt_request &= ~mask;
1428 CPULogItem cpu_log_items[] = {
1429 { CPU_LOG_TB_OUT_ASM, "out_asm",
1430 "show generated host assembly code for each compiled TB" },
1431 { CPU_LOG_TB_IN_ASM, "in_asm",
1432 "show target assembly code for each compiled TB" },
1433 { CPU_LOG_TB_OP, "op",
1434 "show micro ops for each compiled TB" },
1435 { CPU_LOG_TB_OP_OPT, "op_opt",
1438 "before eflags optimization and "
1440 "after liveness analysis" },
1441 { CPU_LOG_INT, "int",
1442 "show interrupts/exceptions in short format" },
1443 { CPU_LOG_EXEC, "exec",
1444 "show trace before each executed TB (lots of logs)" },
1445 { CPU_LOG_TB_CPU, "cpu",
1446 "show CPU state before block translation" },
1448 { CPU_LOG_PCALL, "pcall",
1449 "show protected mode far calls/returns/exceptions" },
1452 { CPU_LOG_IOPORT, "ioport",
1453 "show all i/o ports accesses" },
1458 static int cmp1(const char *s1, int n, const char *s2)
1460 if (strlen(s2) != n)
1462 return memcmp(s1, s2, n) == 0;
1465 /* takes a comma separated list of log masks. Return 0 if error. */
1466 int cpu_str_to_log_mask(const char *str)
1475 p1 = strchr(p, ',');
1478 if(cmp1(p,p1-p,"all")) {
1479 for(item = cpu_log_items; item->mask != 0; item++) {
1483 for(item = cpu_log_items; item->mask != 0; item++) {
1484 if (cmp1(p, p1 - p, item->name))
1498 void cpu_abort(CPUState *env, const char *fmt, ...)
1505 fprintf(stderr, "qemu: fatal: ");
1506 vfprintf(stderr, fmt, ap);
1507 fprintf(stderr, "\n");
1509 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1511 cpu_dump_state(env, stderr, fprintf, 0);
1514 fprintf(logfile, "qemu: fatal: ");
1515 vfprintf(logfile, fmt, ap2);
1516 fprintf(logfile, "\n");
1518 cpu_dump_state(env, logfile, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1520 cpu_dump_state(env, logfile, fprintf, 0);
1530 CPUState *cpu_copy(CPUState *env)
1532 CPUState *new_env = cpu_init(env->cpu_model_str);
1533 /* preserve chaining and index */
1534 CPUState *next_cpu = new_env->next_cpu;
1535 int cpu_index = new_env->cpu_index;
1536 memcpy(new_env, env, sizeof(CPUState));
1537 new_env->next_cpu = next_cpu;
1538 new_env->cpu_index = cpu_index;
1542 #if !defined(CONFIG_USER_ONLY)
1544 static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1548 /* Discard jump cache entries for any tb which might potentially
1549 overlap the flushed page. */
1550 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1551 memset (&env->tb_jmp_cache[i], 0,
1552 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1554 i = tb_jmp_cache_hash_page(addr);
1555 memset (&env->tb_jmp_cache[i], 0,
1556 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1559 /* NOTE: if flush_global is true, also flush global entries (not
1561 void tlb_flush(CPUState *env, int flush_global)
1565 #if defined(DEBUG_TLB)
1566 printf("tlb_flush:\n");
1568 /* must reset current TB so that interrupts cannot modify the
1569 links while we are modifying them */
1570 env->current_tb = NULL;
1572 for(i = 0; i < CPU_TLB_SIZE; i++) {
1573 env->tlb_table[0][i].addr_read = -1;
1574 env->tlb_table[0][i].addr_write = -1;
1575 env->tlb_table[0][i].addr_code = -1;
1576 env->tlb_table[1][i].addr_read = -1;
1577 env->tlb_table[1][i].addr_write = -1;
1578 env->tlb_table[1][i].addr_code = -1;
1579 #if (NB_MMU_MODES >= 3)
1580 env->tlb_table[2][i].addr_read = -1;
1581 env->tlb_table[2][i].addr_write = -1;
1582 env->tlb_table[2][i].addr_code = -1;
1583 #if (NB_MMU_MODES == 4)
1584 env->tlb_table[3][i].addr_read = -1;
1585 env->tlb_table[3][i].addr_write = -1;
1586 env->tlb_table[3][i].addr_code = -1;
1591 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
1594 if (env->kqemu_enabled) {
1595 kqemu_flush(env, flush_global);
1601 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
1603 if (addr == (tlb_entry->addr_read &
1604 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1605 addr == (tlb_entry->addr_write &
1606 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1607 addr == (tlb_entry->addr_code &
1608 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
1609 tlb_entry->addr_read = -1;
1610 tlb_entry->addr_write = -1;
1611 tlb_entry->addr_code = -1;
1615 void tlb_flush_page(CPUState *env, target_ulong addr)
1619 #if defined(DEBUG_TLB)
1620 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
1622 /* must reset current TB so that interrupts cannot modify the
1623 links while we are modifying them */
1624 env->current_tb = NULL;
1626 addr &= TARGET_PAGE_MASK;
1627 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1628 tlb_flush_entry(&env->tlb_table[0][i], addr);
1629 tlb_flush_entry(&env->tlb_table[1][i], addr);
1630 #if (NB_MMU_MODES >= 3)
1631 tlb_flush_entry(&env->tlb_table[2][i], addr);
1632 #if (NB_MMU_MODES == 4)
1633 tlb_flush_entry(&env->tlb_table[3][i], addr);
1637 tlb_flush_jmp_cache(env, addr);
1640 if (env->kqemu_enabled) {
1641 kqemu_flush_page(env, addr);
1646 /* update the TLBs so that writes to code in the virtual page 'addr'
1648 static void tlb_protect_code(ram_addr_t ram_addr)
1650 cpu_physical_memory_reset_dirty(ram_addr,
1651 ram_addr + TARGET_PAGE_SIZE,
1655 /* update the TLB so that writes in physical page 'phys_addr' are no longer
1656 tested for self modifying code */
1657 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
1660 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] |= CODE_DIRTY_FLAG;
1663 static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
1664 unsigned long start, unsigned long length)
1667 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1668 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
1669 if ((addr - start) < length) {
1670 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
1675 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
1679 unsigned long length, start1;
1683 start &= TARGET_PAGE_MASK;
1684 end = TARGET_PAGE_ALIGN(end);
1686 length = end - start;
1689 len = length >> TARGET_PAGE_BITS;
1691 /* XXX: should not depend on cpu context */
1693 if (env->kqemu_enabled) {
1696 for(i = 0; i < len; i++) {
1697 kqemu_set_notdirty(env, addr);
1698 addr += TARGET_PAGE_SIZE;
1702 mask = ~dirty_flags;
1703 p = phys_ram_dirty + (start >> TARGET_PAGE_BITS);
1704 for(i = 0; i < len; i++)
1707 /* we modify the TLB cache so that the dirty bit will be set again
1708 when accessing the range */
1709 start1 = start + (unsigned long)phys_ram_base;
1710 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1711 for(i = 0; i < CPU_TLB_SIZE; i++)
1712 tlb_reset_dirty_range(&env->tlb_table[0][i], start1, length);
1713 for(i = 0; i < CPU_TLB_SIZE; i++)
1714 tlb_reset_dirty_range(&env->tlb_table[1][i], start1, length);
1715 #if (NB_MMU_MODES >= 3)
1716 for(i = 0; i < CPU_TLB_SIZE; i++)
1717 tlb_reset_dirty_range(&env->tlb_table[2][i], start1, length);
1718 #if (NB_MMU_MODES == 4)
1719 for(i = 0; i < CPU_TLB_SIZE; i++)
1720 tlb_reset_dirty_range(&env->tlb_table[3][i], start1, length);
1726 static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
1728 ram_addr_t ram_addr;
1730 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1731 ram_addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) +
1732 tlb_entry->addend - (unsigned long)phys_ram_base;
1733 if (!cpu_physical_memory_is_dirty(ram_addr)) {
1734 tlb_entry->addr_write |= TLB_NOTDIRTY;
1739 /* update the TLB according to the current state of the dirty bits */
1740 void cpu_tlb_update_dirty(CPUState *env)
1743 for(i = 0; i < CPU_TLB_SIZE; i++)
1744 tlb_update_dirty(&env->tlb_table[0][i]);
1745 for(i = 0; i < CPU_TLB_SIZE; i++)
1746 tlb_update_dirty(&env->tlb_table[1][i]);
1747 #if (NB_MMU_MODES >= 3)
1748 for(i = 0; i < CPU_TLB_SIZE; i++)
1749 tlb_update_dirty(&env->tlb_table[2][i]);
1750 #if (NB_MMU_MODES == 4)
1751 for(i = 0; i < CPU_TLB_SIZE; i++)
1752 tlb_update_dirty(&env->tlb_table[3][i]);
1757 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
1759 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
1760 tlb_entry->addr_write = vaddr;
1763 /* update the TLB corresponding to virtual page vaddr
1764 so that it is no longer dirty */
1765 static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
1769 vaddr &= TARGET_PAGE_MASK;
1770 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1771 tlb_set_dirty1(&env->tlb_table[0][i], vaddr);
1772 tlb_set_dirty1(&env->tlb_table[1][i], vaddr);
1773 #if (NB_MMU_MODES >= 3)
1774 tlb_set_dirty1(&env->tlb_table[2][i], vaddr);
1775 #if (NB_MMU_MODES == 4)
1776 tlb_set_dirty1(&env->tlb_table[3][i], vaddr);
1781 /* add a new TLB entry. At most one entry for a given virtual address
1782 is permitted. Return 0 if OK or 2 if the page could not be mapped
1783 (can only happen in non SOFTMMU mode for I/O pages or pages
1784 conflicting with the host address space). */
1785 int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
1786 target_phys_addr_t paddr, int prot,
1787 int mmu_idx, int is_softmmu)
1792 target_ulong address;
1793 target_ulong code_address;
1794 target_phys_addr_t addend;
1798 target_phys_addr_t iotlb;
1800 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
1802 pd = IO_MEM_UNASSIGNED;
1804 pd = p->phys_offset;
1806 #if defined(DEBUG_TLB)
1807 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x%08x prot=%x idx=%d smmu=%d pd=0x%08lx\n",
1808 vaddr, (int)paddr, prot, mmu_idx, is_softmmu, pd);
1813 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
1814 /* IO memory case (romd handled later) */
1815 address |= TLB_MMIO;
1817 addend = (unsigned long)phys_ram_base + (pd & TARGET_PAGE_MASK);
1818 if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM) {
1820 iotlb = pd & TARGET_PAGE_MASK;
1821 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
1822 iotlb |= IO_MEM_NOTDIRTY;
1824 iotlb |= IO_MEM_ROM;
1826 /* IO handlers are currently passed a phsical address.
1827 It would be nice to pass an offset from the base address
1828 of that region. This would avoid having to special case RAM,
1829 and avoid full address decoding in every device.
1830 We can't use the high bits of pd for this because
1831 IO_MEM_ROMD uses these as a ram address. */
1832 iotlb = (pd & ~TARGET_PAGE_MASK) + paddr;
1835 code_address = address;
1836 /* Make accesses to pages with watchpoints go via the
1837 watchpoint trap routines. */
1838 for (i = 0; i < env->nb_watchpoints; i++) {
1839 if (vaddr == (env->watchpoint[i].vaddr & TARGET_PAGE_MASK)) {
1840 iotlb = io_mem_watch + paddr;
1841 /* TODO: The memory case can be optimized by not trapping
1842 reads of pages with a write breakpoint. */
1843 address |= TLB_MMIO;
1847 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1848 env->iotlb[mmu_idx][index] = iotlb - vaddr;
1849 te = &env->tlb_table[mmu_idx][index];
1850 te->addend = addend - vaddr;
1851 if (prot & PAGE_READ) {
1852 te->addr_read = address;
1857 if (prot & PAGE_EXEC) {
1858 te->addr_code = code_address;
1862 if (prot & PAGE_WRITE) {
1863 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM ||
1864 (pd & IO_MEM_ROMD)) {
1865 /* Write access calls the I/O callback. */
1866 te->addr_write = address | TLB_MMIO;
1867 } else if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
1868 !cpu_physical_memory_is_dirty(pd)) {
1869 te->addr_write = address | TLB_NOTDIRTY;
1871 te->addr_write = address;
1874 te->addr_write = -1;
1881 void tlb_flush(CPUState *env, int flush_global)
1885 void tlb_flush_page(CPUState *env, target_ulong addr)
1889 int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
1890 target_phys_addr_t paddr, int prot,
1891 int mmu_idx, int is_softmmu)
1896 /* dump memory mappings */
1897 void page_dump(FILE *f)
1899 unsigned long start, end;
1900 int i, j, prot, prot1;
1903 fprintf(f, "%-8s %-8s %-8s %s\n",
1904 "start", "end", "size", "prot");
1908 for(i = 0; i <= L1_SIZE; i++) {
1913 for(j = 0;j < L2_SIZE; j++) {
1918 if (prot1 != prot) {
1919 end = (i << (32 - L1_BITS)) | (j << TARGET_PAGE_BITS);
1921 fprintf(f, "%08lx-%08lx %08lx %c%c%c\n",
1922 start, end, end - start,
1923 prot & PAGE_READ ? 'r' : '-',
1924 prot & PAGE_WRITE ? 'w' : '-',
1925 prot & PAGE_EXEC ? 'x' : '-');
1939 int page_get_flags(target_ulong address)
1943 p = page_find(address >> TARGET_PAGE_BITS);
1949 /* modify the flags of a page and invalidate the code if
1950 necessary. The flag PAGE_WRITE_ORG is positionned automatically
1951 depending on PAGE_WRITE */
1952 void page_set_flags(target_ulong start, target_ulong end, int flags)
1957 /* mmap_lock should already be held. */
1958 start = start & TARGET_PAGE_MASK;
1959 end = TARGET_PAGE_ALIGN(end);
1960 if (flags & PAGE_WRITE)
1961 flags |= PAGE_WRITE_ORG;
1962 for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
1963 p = page_find_alloc(addr >> TARGET_PAGE_BITS);
1964 /* We may be called for host regions that are outside guest
1968 /* if the write protection is set, then we invalidate the code
1970 if (!(p->flags & PAGE_WRITE) &&
1971 (flags & PAGE_WRITE) &&
1973 tb_invalidate_phys_page(addr, 0, NULL);
1979 int page_check_range(target_ulong start, target_ulong len, int flags)
1985 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
1986 start = start & TARGET_PAGE_MASK;
1989 /* we've wrapped around */
1991 for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
1992 p = page_find(addr >> TARGET_PAGE_BITS);
1995 if( !(p->flags & PAGE_VALID) )
1998 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
2000 if (flags & PAGE_WRITE) {
2001 if (!(p->flags & PAGE_WRITE_ORG))
2003 /* unprotect the page if it was put read-only because it
2004 contains translated code */
2005 if (!(p->flags & PAGE_WRITE)) {
2006 if (!page_unprotect(addr, 0, NULL))
2015 /* called from signal handler: invalidate the code and unprotect the
2016 page. Return TRUE if the fault was succesfully handled. */
2017 int page_unprotect(target_ulong address, unsigned long pc, void *puc)
2019 unsigned int page_index, prot, pindex;
2021 target_ulong host_start, host_end, addr;
2023 /* Technically this isn't safe inside a signal handler. However we
2024 know this only ever happens in a synchronous SEGV handler, so in
2025 practice it seems to be ok. */
2028 host_start = address & qemu_host_page_mask;
2029 page_index = host_start >> TARGET_PAGE_BITS;
2030 p1 = page_find(page_index);
2035 host_end = host_start + qemu_host_page_size;
2038 for(addr = host_start;addr < host_end; addr += TARGET_PAGE_SIZE) {
2042 /* if the page was really writable, then we change its
2043 protection back to writable */
2044 if (prot & PAGE_WRITE_ORG) {
2045 pindex = (address - host_start) >> TARGET_PAGE_BITS;
2046 if (!(p1[pindex].flags & PAGE_WRITE)) {
2047 mprotect((void *)g2h(host_start), qemu_host_page_size,
2048 (prot & PAGE_BITS) | PAGE_WRITE);
2049 p1[pindex].flags |= PAGE_WRITE;
2050 /* and since the content will be modified, we must invalidate
2051 the corresponding translated code. */
2052 tb_invalidate_phys_page(address, pc, puc);
2053 #ifdef DEBUG_TB_CHECK
2054 tb_invalidate_check(address);
2064 static inline void tlb_set_dirty(CPUState *env,
2065 unsigned long addr, target_ulong vaddr)
2068 #endif /* defined(CONFIG_USER_ONLY) */
2070 #if !defined(CONFIG_USER_ONLY)
2071 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2073 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2074 ram_addr_t orig_memory);
2075 #define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2078 if (addr > start_addr) \
2081 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2082 if (start_addr2 > 0) \
2086 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
2087 end_addr2 = TARGET_PAGE_SIZE - 1; \
2089 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2090 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2095 /* register physical memory. 'size' must be a multiple of the target
2096 page size. If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
2098 void cpu_register_physical_memory(target_phys_addr_t start_addr,
2100 ram_addr_t phys_offset)
2102 target_phys_addr_t addr, end_addr;
2105 ram_addr_t orig_size = size;
2109 /* XXX: should not depend on cpu context */
2111 if (env->kqemu_enabled) {
2112 kqemu_set_phys_mem(start_addr, size, phys_offset);
2115 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
2116 end_addr = start_addr + (target_phys_addr_t)size;
2117 for(addr = start_addr; addr != end_addr; addr += TARGET_PAGE_SIZE) {
2118 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2119 if (p && p->phys_offset != IO_MEM_UNASSIGNED) {
2120 ram_addr_t orig_memory = p->phys_offset;
2121 target_phys_addr_t start_addr2, end_addr2;
2122 int need_subpage = 0;
2124 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2126 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2127 if (!(orig_memory & IO_MEM_SUBPAGE)) {
2128 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2129 &p->phys_offset, orig_memory);
2131 subpage = io_mem_opaque[(orig_memory & ~TARGET_PAGE_MASK)
2134 subpage_register(subpage, start_addr2, end_addr2, phys_offset);
2136 p->phys_offset = phys_offset;
2137 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2138 (phys_offset & IO_MEM_ROMD))
2139 phys_offset += TARGET_PAGE_SIZE;
2142 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2143 p->phys_offset = phys_offset;
2144 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2145 (phys_offset & IO_MEM_ROMD))
2146 phys_offset += TARGET_PAGE_SIZE;
2148 target_phys_addr_t start_addr2, end_addr2;
2149 int need_subpage = 0;
2151 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2152 end_addr2, need_subpage);
2154 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2155 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2156 &p->phys_offset, IO_MEM_UNASSIGNED);
2157 subpage_register(subpage, start_addr2, end_addr2,
2164 /* since each CPU stores ram addresses in its TLB cache, we must
2165 reset the modified entries */
2167 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2172 /* XXX: temporary until new memory mapping API */
2173 ram_addr_t cpu_get_physical_page_desc(target_phys_addr_t addr)
2177 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2179 return IO_MEM_UNASSIGNED;
2180 return p->phys_offset;
2183 /* XXX: better than nothing */
2184 ram_addr_t qemu_ram_alloc(ram_addr_t size)
2187 if ((phys_ram_alloc_offset + size) > phys_ram_size) {
2188 fprintf(stderr, "Not enough memory (requested_size = %" PRIu64 ", max memory = %" PRIu64 "\n",
2189 (uint64_t)size, (uint64_t)phys_ram_size);
2192 addr = phys_ram_alloc_offset;
2193 phys_ram_alloc_offset = TARGET_PAGE_ALIGN(phys_ram_alloc_offset + size);
2197 void qemu_ram_free(ram_addr_t addr)
2201 static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
2203 #ifdef DEBUG_UNASSIGNED
2204 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2207 do_unassigned_access(addr, 0, 0, 0);
2209 do_unassigned_access(addr, 0, 0, 0);
2214 static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
2216 #ifdef DEBUG_UNASSIGNED
2217 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2220 do_unassigned_access(addr, 1, 0, 0);
2222 do_unassigned_access(addr, 1, 0, 0);
2226 static CPUReadMemoryFunc *unassigned_mem_read[3] = {
2227 unassigned_mem_readb,
2228 unassigned_mem_readb,
2229 unassigned_mem_readb,
2232 static CPUWriteMemoryFunc *unassigned_mem_write[3] = {
2233 unassigned_mem_writeb,
2234 unassigned_mem_writeb,
2235 unassigned_mem_writeb,
2238 static void notdirty_mem_writeb(void *opaque, target_phys_addr_t ram_addr,
2242 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2243 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2244 #if !defined(CONFIG_USER_ONLY)
2245 tb_invalidate_phys_page_fast(ram_addr, 1);
2246 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2249 stb_p(phys_ram_base + ram_addr, val);
2251 if (cpu_single_env->kqemu_enabled &&
2252 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2253 kqemu_modify_page(cpu_single_env, ram_addr);
2255 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2256 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2257 /* we remove the notdirty callback only if the code has been
2259 if (dirty_flags == 0xff)
2260 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2263 static void notdirty_mem_writew(void *opaque, target_phys_addr_t ram_addr,
2267 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2268 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2269 #if !defined(CONFIG_USER_ONLY)
2270 tb_invalidate_phys_page_fast(ram_addr, 2);
2271 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2274 stw_p(phys_ram_base + ram_addr, val);
2276 if (cpu_single_env->kqemu_enabled &&
2277 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2278 kqemu_modify_page(cpu_single_env, ram_addr);
2280 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2281 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2282 /* we remove the notdirty callback only if the code has been
2284 if (dirty_flags == 0xff)
2285 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2288 static void notdirty_mem_writel(void *opaque, target_phys_addr_t ram_addr,
2292 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2293 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2294 #if !defined(CONFIG_USER_ONLY)
2295 tb_invalidate_phys_page_fast(ram_addr, 4);
2296 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2299 stl_p(phys_ram_base + ram_addr, val);
2301 if (cpu_single_env->kqemu_enabled &&
2302 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2303 kqemu_modify_page(cpu_single_env, ram_addr);
2305 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2306 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2307 /* we remove the notdirty callback only if the code has been
2309 if (dirty_flags == 0xff)
2310 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2313 static CPUReadMemoryFunc *error_mem_read[3] = {
2314 NULL, /* never used */
2315 NULL, /* never used */
2316 NULL, /* never used */
2319 static CPUWriteMemoryFunc *notdirty_mem_write[3] = {
2320 notdirty_mem_writeb,
2321 notdirty_mem_writew,
2322 notdirty_mem_writel,
2325 /* Generate a debug exception if a watchpoint has been hit. */
2326 static void check_watchpoint(int offset, int flags)
2328 CPUState *env = cpu_single_env;
2332 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2333 for (i = 0; i < env->nb_watchpoints; i++) {
2334 if (vaddr == env->watchpoint[i].vaddr
2335 && (env->watchpoint[i].type & flags)) {
2336 env->watchpoint_hit = i + 1;
2337 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
2343 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2344 so these check for a hit then pass through to the normal out-of-line
2346 static uint32_t watch_mem_readb(void *opaque, target_phys_addr_t addr)
2348 check_watchpoint(addr & ~TARGET_PAGE_MASK, PAGE_READ);
2349 return ldub_phys(addr);
2352 static uint32_t watch_mem_readw(void *opaque, target_phys_addr_t addr)
2354 check_watchpoint(addr & ~TARGET_PAGE_MASK, PAGE_READ);
2355 return lduw_phys(addr);
2358 static uint32_t watch_mem_readl(void *opaque, target_phys_addr_t addr)
2360 check_watchpoint(addr & ~TARGET_PAGE_MASK, PAGE_READ);
2361 return ldl_phys(addr);
2364 static void watch_mem_writeb(void *opaque, target_phys_addr_t addr,
2367 check_watchpoint(addr & ~TARGET_PAGE_MASK, PAGE_WRITE);
2368 stb_phys(addr, val);
2371 static void watch_mem_writew(void *opaque, target_phys_addr_t addr,
2374 check_watchpoint(addr & ~TARGET_PAGE_MASK, PAGE_WRITE);
2375 stw_phys(addr, val);
2378 static void watch_mem_writel(void *opaque, target_phys_addr_t addr,
2381 check_watchpoint(addr & ~TARGET_PAGE_MASK, PAGE_WRITE);
2382 stl_phys(addr, val);
2385 static CPUReadMemoryFunc *watch_mem_read[3] = {
2391 static CPUWriteMemoryFunc *watch_mem_write[3] = {
2397 static inline uint32_t subpage_readlen (subpage_t *mmio, target_phys_addr_t addr,
2403 idx = SUBPAGE_IDX(addr - mmio->base);
2404 #if defined(DEBUG_SUBPAGE)
2405 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
2406 mmio, len, addr, idx);
2408 ret = (**mmio->mem_read[idx][len])(mmio->opaque[idx][0][len], addr);
2413 static inline void subpage_writelen (subpage_t *mmio, target_phys_addr_t addr,
2414 uint32_t value, unsigned int len)
2418 idx = SUBPAGE_IDX(addr - mmio->base);
2419 #if defined(DEBUG_SUBPAGE)
2420 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d value %08x\n", __func__,
2421 mmio, len, addr, idx, value);
2423 (**mmio->mem_write[idx][len])(mmio->opaque[idx][1][len], addr, value);
2426 static uint32_t subpage_readb (void *opaque, target_phys_addr_t addr)
2428 #if defined(DEBUG_SUBPAGE)
2429 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2432 return subpage_readlen(opaque, addr, 0);
2435 static void subpage_writeb (void *opaque, target_phys_addr_t addr,
2438 #if defined(DEBUG_SUBPAGE)
2439 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2441 subpage_writelen(opaque, addr, value, 0);
2444 static uint32_t subpage_readw (void *opaque, target_phys_addr_t addr)
2446 #if defined(DEBUG_SUBPAGE)
2447 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2450 return subpage_readlen(opaque, addr, 1);
2453 static void subpage_writew (void *opaque, target_phys_addr_t addr,
2456 #if defined(DEBUG_SUBPAGE)
2457 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2459 subpage_writelen(opaque, addr, value, 1);
2462 static uint32_t subpage_readl (void *opaque, target_phys_addr_t addr)
2464 #if defined(DEBUG_SUBPAGE)
2465 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2468 return subpage_readlen(opaque, addr, 2);
2471 static void subpage_writel (void *opaque,
2472 target_phys_addr_t addr, uint32_t value)
2474 #if defined(DEBUG_SUBPAGE)
2475 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2477 subpage_writelen(opaque, addr, value, 2);
2480 static CPUReadMemoryFunc *subpage_read[] = {
2486 static CPUWriteMemoryFunc *subpage_write[] = {
2492 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2498 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2500 idx = SUBPAGE_IDX(start);
2501 eidx = SUBPAGE_IDX(end);
2502 #if defined(DEBUG_SUBPAGE)
2503 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %d\n", __func__,
2504 mmio, start, end, idx, eidx, memory);
2506 memory >>= IO_MEM_SHIFT;
2507 for (; idx <= eidx; idx++) {
2508 for (i = 0; i < 4; i++) {
2509 if (io_mem_read[memory][i]) {
2510 mmio->mem_read[idx][i] = &io_mem_read[memory][i];
2511 mmio->opaque[idx][0][i] = io_mem_opaque[memory];
2513 if (io_mem_write[memory][i]) {
2514 mmio->mem_write[idx][i] = &io_mem_write[memory][i];
2515 mmio->opaque[idx][1][i] = io_mem_opaque[memory];
2523 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2524 ram_addr_t orig_memory)
2529 mmio = qemu_mallocz(sizeof(subpage_t));
2532 subpage_memory = cpu_register_io_memory(0, subpage_read, subpage_write, mmio);
2533 #if defined(DEBUG_SUBPAGE)
2534 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
2535 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
2537 *phys = subpage_memory | IO_MEM_SUBPAGE;
2538 subpage_register(mmio, 0, TARGET_PAGE_SIZE - 1, orig_memory);
2544 static void io_mem_init(void)
2546 cpu_register_io_memory(IO_MEM_ROM >> IO_MEM_SHIFT, error_mem_read, unassigned_mem_write, NULL);
2547 cpu_register_io_memory(IO_MEM_UNASSIGNED >> IO_MEM_SHIFT, unassigned_mem_read, unassigned_mem_write, NULL);
2548 cpu_register_io_memory(IO_MEM_NOTDIRTY >> IO_MEM_SHIFT, error_mem_read, notdirty_mem_write, NULL);
2551 io_mem_watch = cpu_register_io_memory(0, watch_mem_read,
2552 watch_mem_write, NULL);
2553 /* alloc dirty bits array */
2554 phys_ram_dirty = qemu_vmalloc(phys_ram_size >> TARGET_PAGE_BITS);
2555 memset(phys_ram_dirty, 0xff, phys_ram_size >> TARGET_PAGE_BITS);
2558 /* mem_read and mem_write are arrays of functions containing the
2559 function to access byte (index 0), word (index 1) and dword (index
2560 2). Functions can be omitted with a NULL function pointer. The
2561 registered functions may be modified dynamically later.
2562 If io_index is non zero, the corresponding io zone is
2563 modified. If it is zero, a new io zone is allocated. The return
2564 value can be used with cpu_register_physical_memory(). (-1) is
2565 returned if error. */
2566 int cpu_register_io_memory(int io_index,
2567 CPUReadMemoryFunc **mem_read,
2568 CPUWriteMemoryFunc **mem_write,
2571 int i, subwidth = 0;
2573 if (io_index <= 0) {
2574 if (io_mem_nb >= IO_MEM_NB_ENTRIES)
2576 io_index = io_mem_nb++;
2578 if (io_index >= IO_MEM_NB_ENTRIES)
2582 for(i = 0;i < 3; i++) {
2583 if (!mem_read[i] || !mem_write[i])
2584 subwidth = IO_MEM_SUBWIDTH;
2585 io_mem_read[io_index][i] = mem_read[i];
2586 io_mem_write[io_index][i] = mem_write[i];
2588 io_mem_opaque[io_index] = opaque;
2589 return (io_index << IO_MEM_SHIFT) | subwidth;
2592 CPUWriteMemoryFunc **cpu_get_io_memory_write(int io_index)
2594 return io_mem_write[io_index >> IO_MEM_SHIFT];
2597 CPUReadMemoryFunc **cpu_get_io_memory_read(int io_index)
2599 return io_mem_read[io_index >> IO_MEM_SHIFT];
2602 #endif /* !defined(CONFIG_USER_ONLY) */
2604 /* physical memory access (slow version, mainly for debug) */
2605 #if defined(CONFIG_USER_ONLY)
2606 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
2607 int len, int is_write)
2614 page = addr & TARGET_PAGE_MASK;
2615 l = (page + TARGET_PAGE_SIZE) - addr;
2618 flags = page_get_flags(page);
2619 if (!(flags & PAGE_VALID))
2622 if (!(flags & PAGE_WRITE))
2624 /* XXX: this code should not depend on lock_user */
2625 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2626 /* FIXME - should this return an error rather than just fail? */
2629 unlock_user(p, addr, l);
2631 if (!(flags & PAGE_READ))
2633 /* XXX: this code should not depend on lock_user */
2634 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2635 /* FIXME - should this return an error rather than just fail? */
2638 unlock_user(p, addr, 0);
2647 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
2648 int len, int is_write)
2653 target_phys_addr_t page;
2658 page = addr & TARGET_PAGE_MASK;
2659 l = (page + TARGET_PAGE_SIZE) - addr;
2662 p = phys_page_find(page >> TARGET_PAGE_BITS);
2664 pd = IO_MEM_UNASSIGNED;
2666 pd = p->phys_offset;
2670 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
2671 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2672 /* XXX: could force cpu_single_env to NULL to avoid
2674 if (l >= 4 && ((addr & 3) == 0)) {
2675 /* 32 bit write access */
2677 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
2679 } else if (l >= 2 && ((addr & 1) == 0)) {
2680 /* 16 bit write access */
2682 io_mem_write[io_index][1](io_mem_opaque[io_index], addr, val);
2685 /* 8 bit write access */
2687 io_mem_write[io_index][0](io_mem_opaque[io_index], addr, val);
2691 unsigned long addr1;
2692 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
2694 ptr = phys_ram_base + addr1;
2695 memcpy(ptr, buf, l);
2696 if (!cpu_physical_memory_is_dirty(addr1)) {
2697 /* invalidate code */
2698 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
2700 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
2701 (0xff & ~CODE_DIRTY_FLAG);
2705 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
2706 !(pd & IO_MEM_ROMD)) {
2708 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2709 if (l >= 4 && ((addr & 3) == 0)) {
2710 /* 32 bit read access */
2711 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
2714 } else if (l >= 2 && ((addr & 1) == 0)) {
2715 /* 16 bit read access */
2716 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr);
2720 /* 8 bit read access */
2721 val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr);
2727 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
2728 (addr & ~TARGET_PAGE_MASK);
2729 memcpy(buf, ptr, l);
2738 /* used for ROM loading : can write in RAM and ROM */
2739 void cpu_physical_memory_write_rom(target_phys_addr_t addr,
2740 const uint8_t *buf, int len)
2744 target_phys_addr_t page;
2749 page = addr & TARGET_PAGE_MASK;
2750 l = (page + TARGET_PAGE_SIZE) - addr;
2753 p = phys_page_find(page >> TARGET_PAGE_BITS);
2755 pd = IO_MEM_UNASSIGNED;
2757 pd = p->phys_offset;
2760 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM &&
2761 (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM &&
2762 !(pd & IO_MEM_ROMD)) {
2765 unsigned long addr1;
2766 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
2768 ptr = phys_ram_base + addr1;
2769 memcpy(ptr, buf, l);
2778 /* warning: addr must be aligned */
2779 uint32_t ldl_phys(target_phys_addr_t addr)
2787 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2789 pd = IO_MEM_UNASSIGNED;
2791 pd = p->phys_offset;
2794 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
2795 !(pd & IO_MEM_ROMD)) {
2797 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2798 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
2801 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
2802 (addr & ~TARGET_PAGE_MASK);
2808 /* warning: addr must be aligned */
2809 uint64_t ldq_phys(target_phys_addr_t addr)
2817 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2819 pd = IO_MEM_UNASSIGNED;
2821 pd = p->phys_offset;
2824 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
2825 !(pd & IO_MEM_ROMD)) {
2827 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2828 #ifdef TARGET_WORDS_BIGENDIAN
2829 val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32;
2830 val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4);
2832 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
2833 val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32;
2837 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
2838 (addr & ~TARGET_PAGE_MASK);
2845 uint32_t ldub_phys(target_phys_addr_t addr)
2848 cpu_physical_memory_read(addr, &val, 1);
2853 uint32_t lduw_phys(target_phys_addr_t addr)
2856 cpu_physical_memory_read(addr, (uint8_t *)&val, 2);
2857 return tswap16(val);
2860 /* warning: addr must be aligned. The ram page is not masked as dirty
2861 and the code inside is not invalidated. It is useful if the dirty
2862 bits are used to track modified PTEs */
2863 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
2870 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2872 pd = IO_MEM_UNASSIGNED;
2874 pd = p->phys_offset;
2877 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
2878 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2879 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
2881 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
2882 (addr & ~TARGET_PAGE_MASK);
2887 void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
2894 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2896 pd = IO_MEM_UNASSIGNED;
2898 pd = p->phys_offset;
2901 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
2902 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2903 #ifdef TARGET_WORDS_BIGENDIAN
2904 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val >> 32);
2905 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val);
2907 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
2908 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val >> 32);
2911 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
2912 (addr & ~TARGET_PAGE_MASK);
2917 /* warning: addr must be aligned */
2918 void stl_phys(target_phys_addr_t addr, uint32_t val)
2925 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2927 pd = IO_MEM_UNASSIGNED;
2929 pd = p->phys_offset;
2932 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
2933 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2934 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
2936 unsigned long addr1;
2937 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
2939 ptr = phys_ram_base + addr1;
2941 if (!cpu_physical_memory_is_dirty(addr1)) {
2942 /* invalidate code */
2943 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2945 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
2946 (0xff & ~CODE_DIRTY_FLAG);
2952 void stb_phys(target_phys_addr_t addr, uint32_t val)
2955 cpu_physical_memory_write(addr, &v, 1);
2959 void stw_phys(target_phys_addr_t addr, uint32_t val)
2961 uint16_t v = tswap16(val);
2962 cpu_physical_memory_write(addr, (const uint8_t *)&v, 2);
2966 void stq_phys(target_phys_addr_t addr, uint64_t val)
2969 cpu_physical_memory_write(addr, (const uint8_t *)&val, 8);
2974 /* virtual memory access for debug */
2975 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
2976 uint8_t *buf, int len, int is_write)
2979 target_phys_addr_t phys_addr;
2983 page = addr & TARGET_PAGE_MASK;
2984 phys_addr = cpu_get_phys_page_debug(env, page);
2985 /* if no physical page mapped, return an error */
2986 if (phys_addr == -1)
2988 l = (page + TARGET_PAGE_SIZE) - addr;
2991 cpu_physical_memory_rw(phys_addr + (addr & ~TARGET_PAGE_MASK),
3000 /* in deterministic execution mode, instructions doing device I/Os
3001 must be at the end of the TB */
3002 void cpu_io_recompile(CPUState *env, void *retaddr)
3004 TranslationBlock *tb;
3006 target_ulong pc, cs_base;
3009 tb = tb_find_pc((unsigned long)retaddr);
3011 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
3014 n = env->icount_decr.u16.low + tb->icount;
3015 cpu_restore_state(tb, env, (unsigned long)retaddr, NULL);
3016 /* Calculate how many instructions had been executed before the fault
3018 n = n - env->icount_decr.u16.low;
3019 /* Generate a new TB ending on the I/O insn. */
3021 /* On MIPS and SH, delay slot instructions can only be restarted if
3022 they were already the first instruction in the TB. If this is not
3023 the first instruction in a TB then re-execute the preceeding
3025 #if defined(TARGET_MIPS)
3026 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
3027 env->active_tc.PC -= 4;
3028 env->icount_decr.u16.low++;
3029 env->hflags &= ~MIPS_HFLAG_BMASK;
3031 #elif defined(TARGET_SH4)
3032 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
3035 env->icount_decr.u16.low++;
3036 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
3039 /* This should never happen. */
3040 if (n > CF_COUNT_MASK)
3041 cpu_abort(env, "TB too big during recompile");
3043 cflags = n | CF_LAST_IO;
3045 cs_base = tb->cs_base;
3047 tb_phys_invalidate(tb, -1);
3048 /* FIXME: In theory this could raise an exception. In practice
3049 we have already translated the block once so it's probably ok. */
3050 tb_gen_code(env, pc, cs_base, flags, cflags);
3051 /* TODO: If env->pc != tb->pc (i.e. the failuting instruction was not
3052 the first in the TB) then we end up generating a whole new TB and
3053 repeating the fault, which is horribly inefficient.
3054 Better would be to execute just this insn uncached, or generate a
3056 cpu_resume_from_signal(env, NULL);
3059 void dump_exec_info(FILE *f,
3060 int (*cpu_fprintf)(FILE *f, const char *fmt, ...))
3062 int i, target_code_size, max_target_code_size;
3063 int direct_jmp_count, direct_jmp2_count, cross_page;
3064 TranslationBlock *tb;
3066 target_code_size = 0;
3067 max_target_code_size = 0;
3069 direct_jmp_count = 0;
3070 direct_jmp2_count = 0;
3071 for(i = 0; i < nb_tbs; i++) {
3073 target_code_size += tb->size;
3074 if (tb->size > max_target_code_size)
3075 max_target_code_size = tb->size;
3076 if (tb->page_addr[1] != -1)
3078 if (tb->tb_next_offset[0] != 0xffff) {
3080 if (tb->tb_next_offset[1] != 0xffff) {
3081 direct_jmp2_count++;
3085 /* XXX: avoid using doubles ? */
3086 cpu_fprintf(f, "Translation buffer state:\n");
3087 cpu_fprintf(f, "gen code size %ld/%ld\n",
3088 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
3089 cpu_fprintf(f, "TB count %d/%d\n",
3090 nb_tbs, code_gen_max_blocks);
3091 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
3092 nb_tbs ? target_code_size / nb_tbs : 0,
3093 max_target_code_size);
3094 cpu_fprintf(f, "TB avg host size %d bytes (expansion ratio: %0.1f)\n",
3095 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
3096 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
3097 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
3099 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
3100 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
3102 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
3104 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
3105 cpu_fprintf(f, "\nStatistics:\n");
3106 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
3107 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
3108 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
3109 tcg_dump_info(f, cpu_fprintf);
3112 #if !defined(CONFIG_USER_ONLY)
3114 #define MMUSUFFIX _cmmu
3115 #define GETPC() NULL
3116 #define env cpu_single_env
3117 #define SOFTMMU_CODE_ACCESS
3120 #include "softmmu_template.h"
3123 #include "softmmu_template.h"
3126 #include "softmmu_template.h"
3129 #include "softmmu_template.h"
projects / qemu / blob