Commit 5b053a4a authored Apr 08, 2016 by Sergey Fedorov Committed by Richard Henderson May 12, 2016

tcg: Clean up direct block chaining safety checks

We don't take care of direct jumps when address mapping changes. Thus we
must be sure to generate direct jumps so that they always keep valid
even if address mapping changes. Luckily, we can only allow to execute a
TB if it was generated from the pages which match with current mapping.

Document tcg_gen_goto_tb() declaration and note the reason for
destination PC limitations.

Some targets with variable length instructions allow TB to straddle a
page boundary. However, we make sure that both of TB pages match the
current address mapping when looking up TBs. So it is safe to do direct
jumps into the both pages. Correct the checks for some of those targets.

Given that, we can safely patch a TB which spans two pages. Remove the
unnecessary check in cpu_exec() and allow such TBs to be patched.

Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com>
Signed-off-by: Sergey Fedorov <sergey.fedorov@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>

parent f9c5b66f

cpu-exec.c

+2 −5

Original line number	Diff line number	Diff line
		@@ -508,11 +508,8 @@ int cpu_exec(CPUState *cpu)
		next_tb = 0;
		tcg_ctx.tb_ctx.tb_invalidated_flag = 0;
		}
		/* see if we can patch the calling TB. When the TB
		spans two pages, we cannot safely do a direct
		jump. */
		if (next_tb != 0 && tb->page_addr[1] == -1
		&& !qemu_loglevel_mask(CPU_LOG_TB_NOCHAIN)) {
		/* See if we can patch the calling TB. */
		if (next_tb != 0 && !qemu_loglevel_mask(CPU_LOG_TB_NOCHAIN)) {
		tb_add_jump((TranslationBlock *)(next_tb & ~TB_EXIT_MASK),
		next_tb & TB_EXIT_MASK, tb);
		}

target-arm/translate.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -4054,7 +4054,8 @@ static inline void gen_goto_tb(DisasContext *s, int n, target_ulong dest)
		TranslationBlock *tb;

		tb = s->tb;
		if ((tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK)) {
		if ((tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK) \|\|
		((s->pc - 1) & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK)) {
		tcg_gen_goto_tb(n);
		gen_set_pc_im(s, dest);
		tcg_gen_exit_tb((uintptr_t)tb + n);

target-cris/translate.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -524,7 +524,9 @@ static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
		{
		TranslationBlock *tb;
		tb = dc->tb;
		if ((tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK)) {

		if ((tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK) \|\|
		(dc->ppc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK)) {
		tcg_gen_goto_tb(n);
		tcg_gen_movi_tl(env_pc, dest);
		tcg_gen_exit_tb((uintptr_t)tb + n);

target-i386/translate.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -2094,7 +2094,7 @@ static inline void gen_goto_tb(DisasContext *s, int tb_num, target_ulong eip)
		tb = s->tb;
		/* NOTE: we handle the case where the TB spans two pages here */
		if ((pc & TARGET_PAGE_MASK) == (tb->pc & TARGET_PAGE_MASK) \|\|
		(pc & TARGET_PAGE_MASK) == ((s->pc - 1) & TARGET_PAGE_MASK)) {
		(pc & TARGET_PAGE_MASK) == (s->pc_start & TARGET_PAGE_MASK)) {
		/* jump to same page: we can use a direct jump */
		tcg_gen_goto_tb(tb_num);
		gen_jmp_im(eip);

target-m68k/translate.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -861,7 +861,7 @@ static void gen_jmp_tb(DisasContext *s, int n, uint32_t dest)
		if (unlikely(s->singlestep_enabled)) {
		gen_exception(s, dest, EXCP_DEBUG);
		} else if ((tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK) \|\|
		(s->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK)) {
		(s->insn_pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK)) {
		tcg_gen_goto_tb(n);
		tcg_gen_movi_i32(QREG_PC, dest);
		tcg_gen_exit_tb((uintptr_t)tb + n);