From nobody Sun Feb  8 12:38:06 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 1532380271981912.7137620158204;
 Mon, 23 Jul 2018 14:11:11 -0700 (PDT)
Received: from localhost ([::1]:36658 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1fhi6o-0006RA-Lh
	for importer@patchew.org; Mon, 23 Jul 2018 17:11:10 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:42716)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <flukshun@gmail.com>) id 1fhhKE-0003SC-3h
	for qemu-devel@nongnu.org; Mon, 23 Jul 2018 16:20:59 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <flukshun@gmail.com>) id 1fhhKC-00058Z-Sf
	for qemu-devel@nongnu.org; Mon, 23 Jul 2018 16:20:58 -0400
Received: from mail-oi0-x242.google.com ([2607:f8b0:4003:c06::242]:37281)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <flukshun@gmail.com>)
	id 1fhhKC-00058L-NG; Mon, 23 Jul 2018 16:20:56 -0400
Received: by mail-oi0-x242.google.com with SMTP id k81-v6so3480648oib.4;
	Mon, 23 Jul 2018 13:20:56 -0700 (PDT)
Received: from localhost (76-251-165-188.lightspeed.austtx.sbcglobal.net.
	[76.251.165.188]) by smtp.gmail.com with ESMTPSA id
	m62-v6sm26388292oik.30.2018.07.23.13.20.54
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Mon, 23 Jul 2018 13:20:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=R567CLjPuLcmj/VmBI4Kxetfln6noYhEtAG8G2ZZXUI=;
	b=Q+X5h3MGXiNclUucpwx+wTKNg7AinTo4CDBFlySZINKpoMs+cu6QdcSmuPF0FJpLMM
	8jf6GIJaaGvjSRQtBP8lsJmL6dWqG7eyCbAaAU4RDp/lD46gEUaCp2kteeFUXU1rcEjH
	9I5D/1TXoaG+FttQniQu8oSbL5gyAx/cRqSwF4NDLmM5MwaS+TeLuJAFp7lA2JbbYYwH
	HsGr034qGOVhN6J04RMZQ6ZhBDrf3b/TuC0ErZc/YQ3D7cY/SeY7AHsWiPNQK9hy3UV6
	4y5KNBZXe1s0DVL5I8v4hGrR7w540llH6uae4TRBsSTbiC12oCKc7GRuZ0NRZJMopAuI
	CBOQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
	:in-reply-to:references:mime-version:content-transfer-encoding;
	bh=R567CLjPuLcmj/VmBI4Kxetfln6noYhEtAG8G2ZZXUI=;
	b=YyV4z+Bm8TpitwsATSHhrQC2vcJw9xHIbsKOF7J5bXDy+6g6Y+xwkHhP0IDv3dqBx+
	KZz4dCkeHzP2is6gLN56F2kL/4y0l4W+15yHeHEYC1jLleDN1iH6fjjU7AYn+LonJRPl
	Cyvjnes9X6YVw5tfbw1BT1tC8vULJH48IyGKzhzLlzcYCKbVAUPr7GR9fLurjjJ6RnOm
	8nqFZnsWm8jIDlmBCM45S2ZSLBDePH6GOlaiMBYk2pVWNkuA5xxM41Tg7kwV7YYjxbxo
	TSHkAflEOxjUlgKo67B7KG0m9eOAlbI204tq0HVk0LgN7nBLryxHdGaXdlAkn63BD0mN
	4gvg==
X-Gm-Message-State: AOUpUlEFKawoKQ78LlpxEblxkXhVtWuGNCbVBWJM+gD0V7xgL2up5dcW
	T257D5sHHO+GTtJjijsdksWDc8JSMQv7+g==
X-Google-Smtp-Source: 
 AAOMgpcE6ASJLexHb9D7hHOXuRgoQG8k+uVVanSSqcSi4UhB0oQgfRpl0JdKrh6FWZ3/ufz8Gidq1w==
X-Received: by 2002:aca:d015:: with SMTP id
	h21-v6mr345379oig.142.1532377255554;
	Mon, 23 Jul 2018 13:20:55 -0700 (PDT)
From: Michael Roth <mdroth@linux.vnet.ibm.com>
To: qemu-devel@nongnu.org
Date: Mon, 23 Jul 2018 15:17:15 -0500
Message-Id: <20180723201748.25573-67-mdroth@linux.vnet.ibm.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180723201748.25573-1-mdroth@linux.vnet.ibm.com>
References: <20180723201748.25573-1-mdroth@linux.vnet.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2607:f8b0:4003:c06::242
Subject: [Qemu-devel] [PATCH 66/99] tcg: Limit the number of ops in a TB
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Richard Henderson <richard.henderson@linaro.org>, qemu-stable@nongnu.org
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_0  Z_629925259 SPT_0

From: Richard Henderson <richard.henderson@linaro.org>

In 6001f7729e12 we partially attempt to address the branch
displacement overflow caused by 15fa08f845.

However, gcc/testsuite/gcc.target/aarch64/advsimd-intrinsics/vqtbX.c
is a testcase that contains a TB so large as to overflow anyway.
The limit here of 8000 ops produces a maximum output TB size of
24112 bytes on a ppc64le host with that test case.  This is still
much less than the maximum forward branch distance of 32764 bytes.

Cc: qemu-stable@nongnu.org
Fixes: 15fa08f845 ("tcg: Dynamically allocate TCGOps")
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daud=C3=A9 <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit abebf92597186be2bc48d487235da28b1127860f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 tcg/tcg.c | 3 +++
 tcg/tcg.h | 8 +++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/tcg/tcg.c b/tcg/tcg.c
index bb24526c93..66997cc653 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -866,6 +866,7 @@ void tcg_func_start(TCGContext *s)
     /* No temps have been previously allocated for size or locality.  */
     memset(s->free_temps, 0, sizeof(s->free_temps));
=20
+    s->nb_ops =3D 0;
     s->nb_labels =3D 0;
     s->current_frame_offset =3D s->frame_start;
=20
@@ -1983,6 +1984,7 @@ void tcg_op_remove(TCGContext *s, TCGOp *op)
 {
     QTAILQ_REMOVE(&s->ops, op, link);
     QTAILQ_INSERT_TAIL(&s->free_ops, op, link);
+    s->nb_ops--;
=20
 #ifdef CONFIG_PROFILER
     atomic_set(&s->prof.del_op_count, s->prof.del_op_count + 1);
@@ -2002,6 +2004,7 @@ static TCGOp *tcg_op_alloc(TCGOpcode opc)
     }
     memset(op, 0, offsetof(TCGOp, link));
     op->opc =3D opc;
+    s->nb_ops++;
=20
     return op;
 }
diff --git a/tcg/tcg.h b/tcg/tcg.h
index 30896ca304..17cf764565 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -655,6 +655,7 @@ struct TCGContext {
     int nb_globals;
     int nb_temps;
     int nb_indirects;
+    int nb_ops;
=20
     /* goto_tb support */
     tcg_insn_unit *code_buf;
@@ -844,7 +845,12 @@ static inline TCGOp *tcg_last_op(void)
 /* Test for whether to terminate the TB for using too many opcodes.  */
 static inline bool tcg_op_buf_full(void)
 {
-    return false;
+    /* This is not a hard limit, it merely stops translation when
+     * we have produced "enough" opcodes.  We want to limit TB size
+     * such that a RISC host can reasonably use a 16-bit signed
+     * branch within the TB.
+     */
+    return tcg_ctx->nb_ops >=3D 8000;
 }
=20
 /* pool based memory allocation */
--=20
2.17.1