aboutsummaryrefslogtreecommitdiff
path: root/target/m68k
AgeCommit message (Collapse)AuthorFilesLines
2019-06-12Include qemu-common.h exactly where neededMarkus Armbruster4-4/+0
No header includes qemu-common.h after this commit, as prescribed by qemu-common.h's file comment. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190523143508.25387-5-armbru@redhat.com> [Rebased with conflicts resolved automatically, except for include/hw/arm/xlnx-zynqmp.h hw/arm/nrf51_soc.c hw/arm/msf2-soc.c block/qcow2-refcount.c block/qcow2-cluster.c block/qcow2-cache.c target/arm/cpu.h target/lm32/cpu.h target/m68k/cpu.h target/mips/cpu.h target/moxie/cpu.h target/nios2/cpu.h target/openrisc/cpu.h target/riscv/cpu.h target/tilegx/cpu.h target/tricore/cpu.h target/unicore32/cpu.h target/xtensa/cpu.h; bsd-user/main.c and net/tap-bsd.c fixed up]
2019-06-10cpu: Remove CPU_COMMONRichard Henderson1-2/+0
This macro is now always empty, so remove it. This leaves the entire contents of CPUArchState under the control of the guest architecture. Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-06-10cpu: Introduce CPUNegativeOffsetStateRichard Henderson1-0/+1
Nothing in there so far, but all of the plumbing done within the target ArchCPU state. Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-06-10cpu: Introduce cpu_set_cpustate_pointersRichard Henderson1-3/+1
Consolidate some boilerplate from foo_cpu_initfn. Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-06-10cpu: Move ENV_OFFSET to exec/gen-icount.hRichard Henderson1-1/+0
Now that we have ArchCPU, we can define this generically, in the one place that needs it. Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-06-10target/m68k: Use env_cpuRichard Henderson5-37/+21
Cleanup in the boilerplate that each target must define. The combination CPU(m68k_env_get_cpu) should have used ENV_GET_CPU to begin; use env_cpu now. Acked-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-06-10cpu: Replace ENV_GET_CPU with env_cpuRichard Henderson2-3/+1
Now that we have both ArchCPU and CPUArchState, we can define this generically instead of via macro in each target's cpu.h. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-06-10cpu: Define ArchCPURichard Henderson1-0/+1
For all targets, do this just before including exec/cpu-all.h. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-06-10cpu: Define CPUArchState with typedefRichard Henderson1-2/+2
For all targets, do this just before including exec/cpu-all.h. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-06-10tcg: Split out target/arch/cpu-param.hRichard Henderson2-14/+24
For all targets, into this new file move TARGET_LONG_BITS, TARGET_PAGE_BITS, TARGET_PHYS_ADDR_SPACE_BITS, TARGET_VIRT_ADDR_SPACE_BITS, and NB_MMU_MODES. Include this new file from exec/cpu-defs.h. This now removes the somewhat odd requirement that target/arch/cpu.h defines TARGET_LONG_BITS before including exec/cpu-defs.h, so push the bulk of the includes within target/arch/cpu.h to the top. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-05-28semihosting: move semihosting configuration into its own directoryAlex Bennée1-1/+1
In preparation for having some more common semihosting code let's excise the current config magic from vl.c into its own file. We shall later add more conditionals to the build configurations so we can avoid building this if we don't need it. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2019-05-17Merge remote-tracking branch 'remotes/vivier/tags/m68k-staging-pull-request' ↵Peter Maydell5-38/+84
into staging code cleanup, switch to transaction_failed hook # gpg: Signature made Thu 16 May 2019 23:33:00 BST # gpg: using RSA key F30C38BD3F2FBE3C # gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full] # gpg: aka "Laurent Vivier <laurent@vivier.eu>" [full] # gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full] # Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C * remotes/vivier/tags/m68k-staging-pull-request: target/m68k: Optimize rotate_x() using extract_i32() target/m68k: Fix a tcg_temp leak target/m68k: Reduce the l1 TCGLabel scope target/m68k: Switch to transaction_failed hook target/m68k: In get_physical_address() check for memory access failures target/m68k: In dump_address_map() check for memory access failures Signed-off-by: Peter Maydell <peter.maydell@linaro.org> # Conflicts: # target/m68k/cpu.h
2019-05-17target/m68k: Optimize rotate_x() using extract_i32()Philippe Mathieu-Daudé1-3/+2
Optimize rotate_x() using tcg_gen_extract_i32(). We can now free the 'sz' tcg_temp earlier. Since it is allocated with tcg_const_i32(), free it with tcg_temp_free_i32(). Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20190310003428.11723-6-f4bug@amsat.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-05-17target/m68k: Fix a tcg_temp leakPhilippe Mathieu-Daudé1-0/+1
The function gen_get_ccr() returns a tcg_temp created with tcg_temp_new(). Free it with tcg_temp_free(). Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20190310003428.11723-4-f4bug@amsat.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-05-17target/m68k: Reduce the l1 TCGLabel scopePhilippe Mathieu-Daudé1-2/+1
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20190310003428.11723-2-f4bug@amsat.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-05-16target/m68k: Switch to transaction_failed hookPeter Maydell3-16/+13
Switch the m68k target from the old unassigned_access hook to the transaction_failed hook. The notable difference is that rather than it being called for all physical memory accesses which fail (including those made by DMA devices or by the gdbstub), it is only called for those made by the CPU via its MMU. (In previous commits we put in explicit checks for the direct physical loads made by the target/m68k code which will no longer be handled by calling the unassigned_access hook.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20181210165636.28366-4-peter.maydell@linaro.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-05-16target/m68k: In get_physical_address() check for memory access failuresPeter Maydell1-10/+52
In get_physical_address(), use address_space_ldl() and address_space_stl() instead of ldl_phys() and stl_phys(). This allows us to check whether the memory access failed. For the moment, we simply return -1 in this case; add a TODO comment that we should ideally generate the appropriate kind of fault. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20181210165636.28366-3-peter.maydell@linaro.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-05-16target/m68k: In dump_address_map() check for memory access failuresPeter Maydell1-7/+15
In dump_address_map(), use address_space_ldl() instead of ldl_phys(). This allows us to check whether the memory access failed. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20181210165636.28366-2-peter.maydell@linaro.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-05-10tcg: Use CPUClass::tlb_fill in cputlb.cRichard Henderson1-8/+0
We can now use the CPUClass hook instead of a named function. Create a static tlb_fill function to avoid other changes within cputlb.c. This also isolates the asserts within. Remove the named tlb_fill function from all of the targets. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-05-10target/m68k: Convert to CPUClass::tlb_fillRichard Henderson4-59/+50
Cc: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-04-24tcg: Hoist max_insns computation to tb_gen_codeRichard Henderson1-2/+2
In order to handle TB's that translate to too much code, we need to place the control of the length of the translation in the hands of the code gen master loop. Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-04-18qom/cpu: Simplify how CPUClass:cpu_dump_state() printsMarkus Armbruster2-46/+45
CPUClass method dump_statistics() takes an fprintf()-like callback and a FILE * to pass to it. Most callers pass fprintf() and stderr. log_cpu_state() passes fprintf() and qemu_log_file. hmp_info_registers() passes monitor_fprintf() and the current monitor cast to FILE *. monitor_fprintf() casts it right back, and is otherwise identical to monitor_printf(). The callback gets passed around a lot, which is tiresome. The type-punning around monitor_fprintf() is ugly. Drop the callback, and call qemu_fprintf() instead. Also gets rid of the type-punning, since qemu_fprintf() takes NULL instead of the current monitor cast to FILE *. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20190417191805.28198-15-armbru@redhat.com>
2019-04-18target: Clean up how the dump_mmu() printMarkus Armbruster3-61/+59
The various dump_mmu() take an fprintf()-like callback and a FILE * to pass to it, and so do their helper functions. Passing around callback and argument is rather tiresome. Most dump_mmu() are called only by the target's hmp_info_tlb(). These all pass monitor_printf() cast to fprintf_function and the current monitor cast to FILE *. SPARC's dump_mmu() gets also called from target/sparc/ldst_helper.c a few times #ifdef DEBUG_MMU. These calls pass fprintf() and stdout. The type-punning is technically undefined behaviour, but works in practice. Clean up: drop the callback, and call qemu_printf() instead. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20190417191805.28198-11-armbru@redhat.com>
2019-04-18target: Simplify how the TARGET_cpu_list() printMarkus Armbruster2-11/+5
The various TARGET_cpu_list() take an fprintf()-like callback and a FILE * to pass to it. Their callers (vl.c's main() via list_cpus(), bsd-user/main.c's main(), linux-user/main.c's main()) all pass fprintf() and stdout. Thus, the flexibility provided by the (rather tiresome) indirection isn't actually used. Drop the callback, and call qemu_printf() instead. Calling printf() would also work, but would make the code unsuitable for monitor context without making it simpler. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190417191805.28198-10-armbru@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2019-01-30target/m68k: Fix LGPL information in the file headersThomas Huth6-10/+10
It's either "GNU *Library* General Public License version 2" or "GNU Lesser General Public License version *2.1*", but there was no "version 2.0" of the "Lesser" license. So assume that version 2.1 is meant here. Also some files mention the GPL instead of the LGPL after declaring that the files are licensed under the LGPL, so change these spots to use LGPL, too. Reviewed-by: Liam Merwick <liam.merwick@oracle.com> Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1548769438-28942-1-git-send-email-thuth@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2018-11-01target/m68k: use EXCP_ILLEGAL instead of EXCP_UNSUPPORTEDLaurent Vivier2-4/+3
Coldfire defines an "Unsupported instruction" exception if execution of a valid instruction is attempted but the required hardware is not present in the processor. We use it with instructions that are in fact undefined or illegal, and the exception expected in this case by the kernel is the illegal exception, so this patch fixes that. Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20181030165554.5761-1-laurent@vivier.eu>
2018-06-11target/m68k: Merge disas_m68k_insn into m68k_tr_translate_insnRichard Henderson1-11/+6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20180512050250.12774-10-richard.henderson@linaro.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2018-06-11target/m68k: Improve ending TB at page boundariesRichard Henderson1-3/+19
Rather than limit total TB size to PAGE-32 bytes, end the TB when near the end of a page. This should provide proper semantics of SIGSEGV when executing near the end of a page. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20180512050250.12774-9-richard.henderson@linaro.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2018-06-11target/m68k: Convert to TranslatorOpsRichard Henderson1-92/+88
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20180512050250.12774-8-richard.henderson@linaro.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2018-06-11target/m68k: Convert to DisasContextBaseRichard Henderson1-70/+67
Removed ctx->insn_pc in favour of ctx->base.pc_next. Yes, it is annoying, but didn't want to waste its 4 bytes. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20180512050250.12774-7-richard.henderson@linaro.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2018-06-11target/m68k: Rename DISAS_UPDATE and gen_lookup_tbRichard Henderson1-10/+10
The name gen_lookup_tb is at odds with tcg_gen_lookup_and_goto_tb. For these cases, we do indeed want to exit back to the main loop. Similarly, DISAS_UPDATE performs no actual update, whereas DISAS_EXIT does what it says. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20180512050250.12774-6-richard.henderson@linaro.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2018-06-11target/m68k: Use lookup_and_goto_tb for DISAS_JUMPRichard Henderson1-1/+4
These are all indirect or out-of-page direct jumps. We can indirectly chain to the next TB without going back to the main loop. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20180512050250.12774-5-richard.henderson@linaro.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2018-06-11target/m68k: Remove DISAS_JUMP_NEXT as unusedRichard Henderson1-1/+0
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20180512050250.12774-4-richard.henderson@linaro.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2018-06-11target/m68k: Replace DISAS_TB_JUMP with DISAS_NORETURNRichard Henderson1-3/+1
We have exited the TB after using goto_tb; there is no distinction from DISAS_NORETURN. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20180512050250.12774-3-richard.henderson@linaro.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2018-06-11target/m68k: Use DISAS_NORETURN for exceptionsRichard Henderson1-8/+8
The raise_exception helper does not return. Do not generate any code following that. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20180512050250.12774-2-richard.henderson@linaro.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2018-06-08target/m68k: Add trailing '\n' to qemu_log() callPhilippe Mathieu-Daudé1-1/+1
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-id: 20180606152128.449-10-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-06-04Merge remote-tracking branch 'remotes/rth/tags/tcg-next-pull-request' into ↵Peter Maydell1-3/+3
staging tcg-next queue # gpg: Signature made Sat 02 Jun 2018 00:12:42 BST # gpg: using RSA key 64DF38E8AF7E215F # gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" # Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F * remotes/rth/tags/tcg-next-pull-request: tcg: Pass tb and index to tcg_gen_exit_tb separately Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-06-01tcg: Pass tb and index to tcg_gen_exit_tb separatelyRichard Henderson1-3/+3
Do the cast to uintptr_t within the helper, so that the compiler can type check the pointer argument. We can also do some more sanity checking of the index argument. Reviewed-by: Laurent Vivier <laurent@vivier.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-06-01target: Do not include "exec/exec-all.h" if it is not necessaryPhilippe Mathieu-Daudé1-1/+0
Code change produced with: $ git grep '#include "exec/exec-all.h"' | \ cut -d: -f-1 | \ xargs egrep -L "(cpu_address_space_init|cpu_loop_|tlb_|tb_|GETPC|singlestep|TranslationBlock)" | \ xargs sed -i.bak '/#include "exec\/exec-all.h"/d' Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20180528232719.4721-10-f4bug@amsat.org> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-05-20tcg: fix s/compliment/complement/ typosEmilio G. Cota1-1/+1
Signed-off-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2018-05-17target/m68k: Use floatX_silence_nan when we have already checked for SNaNRichard Henderson1-1/+2
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-14m68k: fix floatx80_mod() (Coverity CID1390568)Laurent Vivier1-0/+1
Update the variable checked by the loop condition (expDiff). Backport the update from Previous. Fixes: 591596b77a ("target/m68k: add fmod/frem") Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Thomas Huth <huth@tuxfamily.org> Message-Id: <20180508203937.16796-1-laurent@vivier.eu>
2018-05-11target/m68k: Fix build Werror with gcc 8.0.1Richard Henderson1-2/+3
Fedora 28 ships with the released gcc 8. The Werror stems from the compiler finding a path through the second switch via a missing default case in which src1 is uninitialized, and not being able to prove that the missing default case is unreachable due to the first switch. Simplify the second switch to merge default with OS_LONG, which returns directly. This removes the unreachable path. Cc: Laurent Vivier <laurent@vivier.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-id: 20180508185520.23757-1-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-05-01m68k: remove dead code (Coverity CID1390617)Laurent Vivier1-29/+14
floatx80_sin() and floatx80_cos() are derived from one sincos() function. They have both unused code coming from their common origin. Remove it. Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20180430170156.1860-2-laurent@vivier.eu>
2018-05-01m68k: Fix floatx80_lognp1 (Coverity CID1390587)Laurent Vivier1-1/+2
return the result of packFloatx80() instead of dropping it. Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20180430170156.1860-1-laurent@vivier.eu>
2018-04-30m68k: fix subx mem, mem instructionPavel Dovgalyuk1-2/+2
This patch fixes decrement of the pointers for subx mem, mem instructions. Without the patch pointers are decremented by OS_* constant value instead of retrieving the corresponding data size and using it as a decrement. Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20180418064152.24606.71975.stgit@pasha-VirtualBox> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2018-04-15m68k: fix exception stack frame for 68000Pavel Dovgalyuk1-15/+18
68000 CPUs do not save format in the exception stack frame. This patch adds feature checking to prevent format saving for 68000. m68k_ret() already includes this modification, this patch fixes the exception processing function too. Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20180413133041.29509.59064.stgit@pasha-VirtualBox> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2018-04-11icount: fix cpu_restore_state_from_tb for non-tb-exit casesPavel Dovgalyuk1-2/+2
In icount mode, instructions that access io memory spaces in the middle of the translation block invoke TB recompilation. After recompilation, such instructions become last in the TB and are allowed to access io memory spaces. When the code includes instruction like i386 'xchg eax, 0xffffd080' which accesses APIC, QEMU goes into an infinite loop of the recompilation. This instruction includes two memory accesses - one read and one write. After the first access, APIC calls cpu_report_tpr_access, which restores the CPU state to get the current eip. But cpu_restore_state_from_tb resets the cpu->can_do_io flag which makes the second memory access invalid. Therefore the second memory access causes a recompilation of the block. Then these operations repeat again and again. This patch moves resetting cpu->can_do_io flag from cpu_restore_state_from_tb to cpu_loop_exit* functions. It also adds a parameter for cpu_restore_state which controls restoring icount. There is no need to restore icount when we only query CPU state without breaking the TB. Restoring it in such cases leads to the incorrect flow of the virtual time. In most cases new parameter is true (icount should be recalculated). But there are two cases in i386 and openrisc when the CPU state is only queried without the need to break the TB. This patch fixes both of these cases. Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru> Message-Id: <20180409091320.12504.35329.stgit@pasha-VirtualBox> [rth: Make can_do_io setting unconditional; move from cpu_exec; make cpu_loop_exit_{noexc,restore} call cpu_loop_exit.] Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-03-20Merge remote-tracking branch ↵Peter Maydell1-36/+66
'remotes/vivier/tags/m68k-for-2.12-pull-request' into staging # gpg: Signature made Tue 20 Mar 2018 09:07:55 GMT # gpg: using RSA key F30C38BD3F2FBE3C # gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" # gpg: aka "Laurent Vivier <laurent@vivier.eu>" # gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" # Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C * remotes/vivier/tags/m68k-for-2.12-pull-request: target/m68k: add a mechanism to automatically free TCGv target/m68k: add DisasContext parameter to gen_extend() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-20target/m68k: add a mechanism to automatically free TCGvLaurent Vivier1-13/+43
SRC_EA() and gen_extend() can return either a temporary TCGv or a memory allocated one. Mark them when they are allocated, and free them automatically at end of the instruction translation. We want to free locally allocated TCGv to avoid overflow in sequence like: 0xc00ae406: movel %fp@(-132),%fp@(-268) 0xc00ae40c: movel %fp@(-128),%fp@(-264) 0xc00ae412: movel %fp@(-20),%fp@(-212) 0xc00ae418: movel %fp@(-16),%fp@(-208) 0xc00ae41e: movel %fp@(-60),%fp@(-220) 0xc00ae424: movel %fp@(-56),%fp@(-216) 0xc00ae42a: movel %fp@(-124),%fp@(-252) 0xc00ae430: movel %fp@(-120),%fp@(-248) 0xc00ae436: movel %fp@(-12),%fp@(-260) 0xc00ae43c: movel %fp@(-8),%fp@(-256) 0xc00ae442: movel %fp@(-52),%fp@(-276) 0xc00ae448: movel %fp@(-48),%fp@(-272) ... That can fill a lot of TCGv entries in a sequence, especially since 15fa08f845 ("tcg: Dynamically allocate TCGOps") we have no limit to fill the TCGOps cache and we can fill the entire TCG variables array and overflow it. Suggested-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20180319113544.704-3-laurent@vivier.eu>