From nobody Wed Oct 29 22:58:36 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=fail(p=none dis=none)  header.from=linaro.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 152588149083751.57146963329399;
 Wed, 9 May 2018 08:58:10 -0700 (PDT)
Received: from localhost ([::1]:57254 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1fGRTk-0001vb-TK
	for importer@patchew.org; Wed, 09 May 2018 11:58:08 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41378)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <richard.henderson@linaro.org>) id 1fGRKr-0000uV-0N
	for qemu-devel@nongnu.org; Wed, 09 May 2018 11:49:01 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <richard.henderson@linaro.org>) id 1fGRKp-00070H-Qr
	for qemu-devel@nongnu.org; Wed, 09 May 2018 11:48:57 -0400
Received: from mail-pg0-x244.google.com ([2607:f8b0:400e:c05::244]:35578)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <richard.henderson@linaro.org>)
	id 1fGRKp-0006zR-L3
	for qemu-devel@nongnu.org; Wed, 09 May 2018 11:48:55 -0400
Received: by mail-pg0-x244.google.com with SMTP id n1-v6so343535pgs.2
	for <qemu-devel@nongnu.org>; Wed, 09 May 2018 08:48:55 -0700 (PDT)
Received: from cloudburst.twiddle.net (97-113-2-170.tukw.qwest.net.
	[97.113.2.170]) by smtp.gmail.com with ESMTPSA id
	d3-v6sm44058794pgc.12.2018.05.09.08.48.52
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Wed, 09 May 2018 08:48:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=Jvfnq0w+xnpwr6tpohC7wpgDXHKzpW6j9smwRxzLQAg=;
	b=Yao78RRFn9SrKNqPVLcg/RiVq7AlOtY/KB5CbLZwWg3Mm0gruEl4M1+kdeyIpE+/vB
	mrJyuKB+mrBbSZN38f+zGaoY0qN55Lsbm7+DUcBpkgA+3wF79ua0oMZtyWl94VztLD7Z
	73RjXOnbRtBmR3J+wlHg3PHrkVlXmhdMQWobk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=Jvfnq0w+xnpwr6tpohC7wpgDXHKzpW6j9smwRxzLQAg=;
	b=m73DtQxx8fVUoQzwoU6dmeEFg5MfeZQjilRszkaYn1a3OyRSqgJ7AT/MAFrhrkamGw
	JqCs+Ya/GQZkcb1rNB2KXECKvvUPAgHJcLb3YP+KzFdqqgy//wPhVNVsgr6efQ819YrA
	XPXUHVrjuPGS60ARr0TXWsIhU75ifVgzeCxWgAbZ/fo7RuKeJAqxKkjVgYSF/Rz348e+
	SXkixCQC3+6Bmn4+l0zXxf+RoYbLCQhjVlgIiXlAj1j3wRr8J9dbMatGeBGFoD/LILr6
	WuPNqApa1d6HBr1kp5qkN1IoTKCyl+OluWm/pYtLg4Oy+ogskLAiM/Fr4h/0BzKWEx+s
	9hZA==
X-Gm-Message-State: ALQs6tBda39T0WAszpFt3wmfRaLrtnxyPnJq5iLqnohee7AV8kbq0+9R
	Z/1EYfjZGuamoNo332BtCbgHJMkW9Ao=
X-Google-Smtp-Source: 
 AB8JxZqaqMIt/cAMUT8l6i3nxWJj+lncPKUYaVhxDYjHZMnAkkbsXHoBYCIBQWwrJxN8ZeuOnHM31A==
X-Received: by 10.98.34.24 with SMTP id i24mr27931900pfi.53.1525880934269;
	Wed, 09 May 2018 08:48:54 -0700 (PDT)
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Date: Wed,  9 May 2018 08:48:49 -0700
Message-Id: <20180509154849.27979-3-richard.henderson@linaro.org>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20180509154849.27979-1-richard.henderson@linaro.org>
References: <20180509154849.27979-1-richard.henderson@linaro.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2607:f8b0:400e:c05::244
Subject: [Qemu-devel] [PULL 2/2] tcg: Limit the number of ops in a TB
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: peter.maydell@linaro.org, qemu-stable@nongnu.org,
	Richard Henderson <rth@twiddle.net>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_0  Z_629925259 SPT_0

In 6001f7729e12 we partially attempt to address the branch
displacement overflow caused by 15fa08f845.

However, gcc/testsuite/gcc.target/aarch64/advsimd-intrinsics/vqtbX.c
is a testcase that contains a TB so large as to overflow anyway.
The limit here of 8000 ops produces a maximum output TB size of
24112 bytes on a ppc64le host with that test case.  This is still
much less than the maximum forward branch distance of 32764 bytes.

Cc: qemu-stable@nongnu.org
Fixes: 15fa08f845 ("tcg: Dynamically allocate TCGOps")
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daud=C3=A9 <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/tcg.h | 8 +++++++-
 tcg/tcg.c | 3 +++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/tcg/tcg.h b/tcg/tcg.h
index 75fbad128b..88378be310 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -655,6 +655,7 @@ struct TCGContext {
     int nb_globals;
     int nb_temps;
     int nb_indirects;
+    int nb_ops;
=20
     /* goto_tb support */
     tcg_insn_unit *code_buf;
@@ -844,7 +845,12 @@ static inline TCGOp *tcg_last_op(void)
 /* Test for whether to terminate the TB for using too many opcodes.  */
 static inline bool tcg_op_buf_full(void)
 {
-    return false;
+    /* This is not a hard limit, it merely stops translation when
+     * we have produced "enough" opcodes.  We want to limit TB size
+     * such that a RISC host can reasonably use a 16-bit signed
+     * branch within the TB.
+     */
+    return tcg_ctx->nb_ops >=3D 8000;
 }
=20
 /* pool based memory allocation */
diff --git a/tcg/tcg.c b/tcg/tcg.c
index 551caf1c53..6eeebe0624 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -866,6 +866,7 @@ void tcg_func_start(TCGContext *s)
     /* No temps have been previously allocated for size or locality.  */
     memset(s->free_temps, 0, sizeof(s->free_temps));
=20
+    s->nb_ops =3D 0;
     s->nb_labels =3D 0;
     s->current_frame_offset =3D s->frame_start;
=20
@@ -1956,6 +1957,7 @@ void tcg_op_remove(TCGContext *s, TCGOp *op)
 {
     QTAILQ_REMOVE(&s->ops, op, link);
     QTAILQ_INSERT_TAIL(&s->free_ops, op, link);
+    s->nb_ops--;
=20
 #ifdef CONFIG_PROFILER
     atomic_set(&s->prof.del_op_count, s->prof.del_op_count + 1);
@@ -1975,6 +1977,7 @@ static TCGOp *tcg_op_alloc(TCGOpcode opc)
     }
     memset(op, 0, offsetof(TCGOp, link));
     op->opc =3D opc;
+    s->nb_ops++;
=20
     return op;
 }
--=20
2.17.0