Series comparison

-[PULL for-5.1 0/3] tcg patch queue
+[PULL v2 00/29] tcg patch queue
-The following changes since commit 95d1fbabae0cd44156ac4b96d512d143ca7dfd5e:
+v2: Fix FreeBSD build error in patch 18.
-  Merge remote-tracking branch 'remotes/kraxel/tags/fixes-20200716-pull-request' into staging (2020-07-16 18:50:51 +0100)
+r~
 The following changes since commit 0d239e513e0117e66fa739fb71a43b9383a108ff:
   Merge tag 'pull-lu-20231018' of https://gitlab.com/rth7680/qemu into staging (2023-10-19 10:20:57 -0700)
 are available in the Git repository at:
-  https://github.com/rth7680/qemu.git tags/pull-tcg-20200717
+  https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20231018-2
-for you to fetch changes up to ba3c35d9c4026361fd380b269dc6def9510b7166:
+for you to fetch changes up to a75f704d972b9408f5e2843784b3add48c724c52:
-  tcg/cpu-exec: precise single-stepping after an interrupt (2020-07-17 11:09:34 -0700)
+  target/i386: Use i128 for 128 and 256-bit loads and stores (2023-10-19 21:11:44 -0700)
 ----------------------------------------------------------------
-Fix vector min/max fallback expansion
+tcg: Drop unused tcg_temp_free define
-Fix singlestep from exception and interrupt
+tcg: Introduce tcg_use_softmmu
 tcg: Optimize past conditional branches
 tcg: Use constant zero when expanding with divu2
 tcg/ppc: Enable direct branching tcg_out_goto_tb with TCG_REG_TB
 tcg/ppc: Use ADDPCIS for power9
 tcg/ppc: Use prefixed instructions for power10
 tcg/ppc: Disable TCG_REG_TB for Power9/Power10
 ----------------------------------------------------------------
-Luc Michel (1):
+Jordan Niethe (1):
-      tcg/cpu-exec: precise single-stepping after an exception
+      tcg/ppc: Enable direct branching tcg_out_goto_tb with TCG_REG_TB
-Richard Henderson (2):
+Mike Frysinger (1):
-      tcg: Save/restore vecop_list around minmax fallback
+      tcg: drop unused tcg_temp_free define
       tcg/cpu-exec: precise single-stepping after an interrupt
- accel/tcg/cpu-exec.c | 19 ++++++++++++++++++-
+Richard Henderson (27):
- tcg/tcg-op-vec.c     |  2 ++
+      tcg/ppc: Untabify tcg-target.c.inc
-files changed, 20 insertions(+), 1 deletion(-)
+      tcg/ppc: Reinterpret tb-relative to TB+4
       tcg/ppc: Use ADDPCIS in tcg_out_tb_start
       tcg/ppc: Use ADDPCIS in tcg_out_movi_int
       tcg/ppc: Use ADDPCIS for the constant pool
       tcg/ppc: Use ADDPCIS in tcg_out_goto_tb
       tcg/ppc: Use PADDI in tcg_out_movi
       tcg/ppc: Use prefixed instructions in tcg_out_mem_long
       tcg/ppc: Use PLD in tcg_out_movi for constant pool
       tcg/ppc: Use prefixed instructions in tcg_out_dupi_vec
       tcg/ppc: Use PLD in tcg_out_goto_tb
       tcg/ppc: Disable TCG_REG_TB for Power9/Power10
       tcg: Introduce tcg_use_softmmu
       tcg: Provide guest_base fallback for system mode
       tcg/arm: Use tcg_use_softmmu
       tcg/aarch64: Use tcg_use_softmmu
       tcg/i386: Use tcg_use_softmmu
       tcg/loongarch64: Use tcg_use_softmmu
       tcg/mips: Use tcg_use_softmmu
       tcg/ppc: Use tcg_use_softmmu
       tcg/riscv: Do not reserve TCG_GUEST_BASE_REG for guest_base zero
       tcg/riscv: Use tcg_use_softmmu
       tcg/s390x: Use tcg_use_softmmu
       tcg: Use constant zero when expanding with divu2
       tcg: Optimize past conditional branches
       tcg: Add tcg_gen_{ld,st}_i128
       target/i386: Use i128 for 128 and 256-bit loads and stores
+ include/tcg/tcg-op-common.h      |   3 +
+ include/tcg/tcg-op.h             |   2 -
+ include/tcg/tcg.h                |   8 +-
+ target/i386/tcg/translate.c      |  63 ++---
+ tcg/optimize.c                   |   8 +-
+ tcg/tcg-op-ldst.c                |  14 +-
+ tcg/tcg-op.c                     |  38 ++-
+ tcg/tcg.c                        |  13 +-
+ tcg/aarch64/tcg-target.c.inc     | 177 ++++++------
+ tcg/arm/tcg-target.c.inc         | 203 +++++++-------
+ tcg/i386/tcg-target.c.inc        | 198 +++++++-------
+ tcg/loongarch64/tcg-target.c.inc | 126 +++++----
+ tcg/mips/tcg-target.c.inc        | 231 ++++++++--------
+ tcg/ppc/tcg-target.c.inc         | 561 ++++++++++++++++++++++++++-------------
+ tcg/riscv/tcg-target.c.inc       | 189 ++++++-------
+ tcg/s390x/tcg-target.c.inc       | 161 ++++++-----
+files changed, 1102 insertions(+), 893 deletions(-)

-[PULL for-5.1 1/3] tcg: Save/restore vecop_list around minmax fallback
+Deleted patch
-Forgetting this asserts when tcg_gen_cmp_vec is called from
-within tcg_gen_cmpsel_vec.
-Fixes: 72b4c792c7a
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- tcg/tcg-op-vec.c | 2 ++
-file changed, 2 insertions(+)
-diff --git a/tcg/tcg-op-vec.c b/tcg/tcg-op-vec.c
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/tcg-op-vec.c
-+++ b/tcg/tcg-op-vec.c
-@@ -XXX,XX +XXX,XX @@ static void do_minmax(unsigned vece, TCGv_vec r, TCGv_vec a,
-                       TCGv_vec b, TCGOpcode opc, TCGCond cond)
- {
-     if (!do_op3(vece, r, a, b, opc)) {
-+        const TCGOpcode *hold_list = tcg_swap_vecop_list(NULL);
-         tcg_gen_cmpsel_vec(cond, vece, r, a, b, a, b);
-+        tcg_swap_vecop_list(hold_list);
-     }
- }
---
-.25.1

-[PULL for-5.1 2/3] tcg/cpu-exec: precise single-stepping after an exception
+Deleted patch
-From: Luc Michel <luc.michel@greensocs.com>
-When single-stepping with a debugger attached to QEMU, and when an
-exception is raised, the debugger misses the first instruction after the
-exception:
-$ qemu-system-aarch64 -M virt -display none -cpu cortex-a53 -s -S
-$ aarch64-linux-gnu-gdb
-GNU gdb (GDB) 9.2
-[...]
-(gdb) tar rem :1234
-Remote debugging using :1234
-warning: No executable has been specified and target does not support
-determining executable automatically.  Try using the "file" command.
-x0000000000000000 in ?? ()
-(gdb) # writing nop insns to 0x200 and 0x204
-(gdb) set *0x200 = 0xd503201f
-(gdb) set *0x204 = 0xd503201f
-(gdb) # 0x0 address contains 0 which is an invalid opcode.
-(gdb) # The CPU should raise an exception and jump to 0x200
-(gdb) si
-x0000000000000204 in ?? ()
-With this commit, the same run steps correctly on the first instruction
-of the exception vector:
-(gdb) si
-x0000000000000200 in ?? ()
-Buglink: https://bugs.launchpad.net/qemu/+bug/757702
-Signed-off-by: Luc Michel <luc.michel@greensocs.com>
-Message-Id: <20200716193947.3058389-1-luc.michel@greensocs.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- accel/tcg/cpu-exec.c | 11 +++++++++++
-file changed, 11 insertions(+)
-diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/cpu-exec.c
-+++ b/accel/tcg/cpu-exec.c
-@@ -XXX,XX +XXX,XX @@ static inline bool cpu_handle_exception(CPUState *cpu, int *ret)
-             cc->do_interrupt(cpu);
-             qemu_mutex_unlock_iothread();
-             cpu->exception_index = -1;
-+
-+            if (unlikely(cpu->singlestep_enabled)) {
-+                /*
-+                 * After processing the exception, ensure an EXCP_DEBUG is
-+                 * raised when single-stepping so that GDB doesn't miss the
-+                 * next instruction.
-+                 */
-+                *ret = EXCP_DEBUG;
-+                cpu_handle_debug_exception(cpu);
-+                return true;
-+            }
-         } else if (!replay_has_interrupt()) {
-             /* give a chance to iothread in replay mode */
-             *ret = EXCP_INTERRUPT;
---
-.25.1

-[PULL for-5.1 3/3] tcg/cpu-exec: precise single-stepping after an interrupt
+[PULL v2 18/29] tcg/i386: Use tcg_use_softmmu
-When single-stepping with a debugger attached to QEMU, and when an
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
 interrupt is raised, the debugger misses the first instruction after
 the interrupt.
 Tested-by: Luc Michel <luc.michel@greensocs.com>
 Reviewed-by: Luc Michel <luc.michel@greensocs.com>
 Buglink: https://bugs.launchpad.net/qemu/+bug/757702
 Message-Id: <20200717163029.2737546-1-richard.henderson@linaro.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- accel/tcg/cpu-exec.c | 8 +++++++-
+ tcg/i386/tcg-target.c.inc | 198 +++++++++++++++++++-------------------
-file changed, 7 insertions(+), 1 deletion(-)
+file changed, 98 insertions(+), 100 deletions(-)
-diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
+diff --git a/tcg/i386/tcg-target.c.inc b/tcg/i386/tcg-target.c.inc
 index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/cpu-exec.c
+--- a/tcg/i386/tcg-target.c.inc
-+++ b/accel/tcg/cpu-exec.c
++++ b/tcg/i386/tcg-target.c.inc
-@@ -XXX,XX +XXX,XX @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
+@@ -XXX,XX +XXX,XX @@ static TCGReg tcg_target_call_oarg_reg(TCGCallReturnKind kind, int slot)
-         else {
+ # define ALL_VECTOR_REGS       0x00ff0000u
-             if (cc->cpu_exec_interrupt(cpu, interrupt_request)) {
+ # define ALL_BYTEL_REGS        0x0000000fu
-                 replay_interrupt();
+ #endif
--                cpu->exception_index = -1;
+-#ifdef CONFIG_SOFTMMU
-+                /*
+-# define SOFTMMU_RESERVE_REGS  ((1 << TCG_REG_L0) | (1 << TCG_REG_L1))
-+                 * After processing the interrupt, ensure an EXCP_DEBUG is
+-#else
-+                 * raised when single-stepping so that GDB doesn't miss the
+-# define SOFTMMU_RESERVE_REGS  0
-+                 * next instruction.
+-#endif
-+                 */
++#define SOFTMMU_RESERVE_REGS \
-+                cpu->exception_index =
++    (tcg_use_softmmu ? (1 << TCG_REG_L0) | (1 << TCG_REG_L1) : 0)
-+                    (cpu->singlestep_enabled ? EXCP_DEBUG : -1);
-                 *last_tb = NULL;
+ /* For 64-bit, we always know that CMOV is available.  */
  #if TCG_TARGET_REG_BITS == 64
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
      return true;
  }
 -#ifndef CONFIG_SOFTMMU
 +#ifdef CONFIG_USER_ONLY
  static HostAddress x86_guest_base = {
      .index = -1
  };
@@ -XXX,XX +XXX,XX @@ static inline int setup_guest_base_seg(void)
      }
      return 0;
  }
 +#define setup_guest_base_seg  setup_guest_base_seg
  #elif defined(__x86_64__) && \
        (defined (__FreeBSD__) || defined (__FreeBSD_kernel__))
  # include <machine/sysarch.h>
@@ -XXX,XX +XXX,XX @@ static inline int setup_guest_base_seg(void)
      }
      return 0;
  }
 +#define setup_guest_base_seg  setup_guest_base_seg
 +#endif
  #else
 -static inline int setup_guest_base_seg(void)
 -{
 -    return 0;
 -}
 -#endif /* setup_guest_base_seg */
 -#endif /* !SOFTMMU */
 +# define x86_guest_base (*(HostAddress *)({ qemu_build_not_reached(); NULL; }))
 +#endif /* CONFIG_USER_ONLY */
 +#ifndef setup_guest_base_seg
 +# define setup_guest_base_seg()  0
 +#endif
  #define MIN_TLB_MASK_TABLE_OFS  INT_MIN
@@ -XXX,XX +XXX,XX @@ static TCGLabelQemuLdst *prepare_host_addr(TCGContext *s, HostAddress *h,
      MemOp s_bits = opc & MO_SIZE;
      unsigned a_mask;
 -#ifdef CONFIG_SOFTMMU
 -    h->index = TCG_REG_L0;
 -    h->ofs = 0;
 -    h->seg = 0;
 -#else
 -    *h = x86_guest_base;
 -#endif
 +    if (tcg_use_softmmu) {
 +        h->index = TCG_REG_L0;
 +        h->ofs = 0;
 +        h->seg = 0;
 +    } else {
 +        *h = x86_guest_base;
 +    }
      h->base = addrlo;
      h->aa = atom_and_align_for_opc(s, opc, MO_ATOM_IFALIGN, s_bits == MO_128);
      a_mask = (1 << h->aa.align) - 1;
 -#ifdef CONFIG_SOFTMMU
 -    int cmp_ofs = is_ld ? offsetof(CPUTLBEntry, addr_read)
 -                        : offsetof(CPUTLBEntry, addr_write);
 -    TCGType ttype = TCG_TYPE_I32;
 -    TCGType tlbtype = TCG_TYPE_I32;
 -    int trexw = 0, hrexw = 0, tlbrexw = 0;
 -    unsigned mem_index = get_mmuidx(oi);
 -    unsigned s_mask = (1 << s_bits) - 1;
 -    int fast_ofs = tlb_mask_table_ofs(s, mem_index);
 -    int tlb_mask;
 +    if (tcg_use_softmmu) {
 +        int cmp_ofs = is_ld ? offsetof(CPUTLBEntry, addr_read)
 +                            : offsetof(CPUTLBEntry, addr_write);
 +        TCGType ttype = TCG_TYPE_I32;
 +        TCGType tlbtype = TCG_TYPE_I32;
 +        int trexw = 0, hrexw = 0, tlbrexw = 0;
 +        unsigned mem_index = get_mmuidx(oi);
 +        unsigned s_mask = (1 << s_bits) - 1;
 +        int fast_ofs = tlb_mask_table_ofs(s, mem_index);
 +        int tlb_mask;
 -    ldst = new_ldst_label(s);
 -    ldst->is_ld = is_ld;
 -    ldst->oi = oi;
 -    ldst->addrlo_reg = addrlo;
 -    ldst->addrhi_reg = addrhi;
 +        ldst = new_ldst_label(s);
 +        ldst->is_ld = is_ld;
 +        ldst->oi = oi;
 +        ldst->addrlo_reg = addrlo;
 +        ldst->addrhi_reg = addrhi;
 -    if (TCG_TARGET_REG_BITS == 64) {
 -        ttype = s->addr_type;
 -        trexw = (ttype == TCG_TYPE_I32 ? 0 : P_REXW);
 -        if (TCG_TYPE_PTR == TCG_TYPE_I64) {
 -            hrexw = P_REXW;
 -            if (s->page_bits + s->tlb_dyn_max_bits > 32) {
 -                tlbtype = TCG_TYPE_I64;
 -                tlbrexw = P_REXW;
 +        if (TCG_TARGET_REG_BITS == 64) {
 +            ttype = s->addr_type;
 +            trexw = (ttype == TCG_TYPE_I32 ? 0 : P_REXW);
 +            if (TCG_TYPE_PTR == TCG_TYPE_I64) {
 +                hrexw = P_REXW;
 +                if (s->page_bits + s->tlb_dyn_max_bits > 32) {
 +                    tlbtype = TCG_TYPE_I64;
 +                    tlbrexw = P_REXW;
 +                }
              }
-             /* The target hook may have updated the 'cpu->interrupt_request';
+         }
 -    }
 -    tcg_out_mov(s, tlbtype, TCG_REG_L0, addrlo);
 -    tcg_out_shifti(s, SHIFT_SHR + tlbrexw, TCG_REG_L0,
 -                   s->page_bits - CPU_TLB_ENTRY_BITS);
 +        tcg_out_mov(s, tlbtype, TCG_REG_L0, addrlo);
 +        tcg_out_shifti(s, SHIFT_SHR + tlbrexw, TCG_REG_L0,
 +                       s->page_bits - CPU_TLB_ENTRY_BITS);
 -    tcg_out_modrm_offset(s, OPC_AND_GvEv + trexw, TCG_REG_L0, TCG_AREG0,
 -                         fast_ofs + offsetof(CPUTLBDescFast, mask));
 +        tcg_out_modrm_offset(s, OPC_AND_GvEv + trexw, TCG_REG_L0, TCG_AREG0,
 +                             fast_ofs + offsetof(CPUTLBDescFast, mask));
 -    tcg_out_modrm_offset(s, OPC_ADD_GvEv + hrexw, TCG_REG_L0, TCG_AREG0,
 -                         fast_ofs + offsetof(CPUTLBDescFast, table));
 +        tcg_out_modrm_offset(s, OPC_ADD_GvEv + hrexw, TCG_REG_L0, TCG_AREG0,
 +                             fast_ofs + offsetof(CPUTLBDescFast, table));
 -    /*
 -     * If the required alignment is at least as large as the access, simply
 -     * copy the address and mask.  For lesser alignments, check that we don't
 -     * cross pages for the complete access.
 -     */
 -    if (a_mask >= s_mask) {
 -        tcg_out_mov(s, ttype, TCG_REG_L1, addrlo);
 -    } else {
 -        tcg_out_modrm_offset(s, OPC_LEA + trexw, TCG_REG_L1,
 -                             addrlo, s_mask - a_mask);
 -    }
 -    tlb_mask = s->page_mask | a_mask;
 -    tgen_arithi(s, ARITH_AND + trexw, TCG_REG_L1, tlb_mask, 0);
 +        /*
 +         * If the required alignment is at least as large as the access,
 +         * simply copy the address and mask.  For lesser alignments,
 +         * check that we don't cross pages for the complete access.
 +         */
 +        if (a_mask >= s_mask) {
 +            tcg_out_mov(s, ttype, TCG_REG_L1, addrlo);
 +        } else {
 +            tcg_out_modrm_offset(s, OPC_LEA + trexw, TCG_REG_L1,
 +                                 addrlo, s_mask - a_mask);
 +        }
 +        tlb_mask = s->page_mask | a_mask;
 +        tgen_arithi(s, ARITH_AND + trexw, TCG_REG_L1, tlb_mask, 0);
 -    /* cmp 0(TCG_REG_L0), TCG_REG_L1 */
 -    tcg_out_modrm_offset(s, OPC_CMP_GvEv + trexw,
 -                         TCG_REG_L1, TCG_REG_L0, cmp_ofs);
 -
 -    /* jne slow_path */
 -    tcg_out_opc(s, OPC_JCC_long + JCC_JNE, 0, 0, 0);
 -    ldst->label_ptr[0] = s->code_ptr;
 -    s->code_ptr += 4;
 -
 -    if (TCG_TARGET_REG_BITS == 32 && s->addr_type == TCG_TYPE_I64) {
 -        /* cmp 4(TCG_REG_L0), addrhi */
 -        tcg_out_modrm_offset(s, OPC_CMP_GvEv, addrhi, TCG_REG_L0, cmp_ofs + 4);
 +        /* cmp 0(TCG_REG_L0), TCG_REG_L1 */
 +        tcg_out_modrm_offset(s, OPC_CMP_GvEv + trexw,
 +                             TCG_REG_L1, TCG_REG_L0, cmp_ofs);
          /* jne slow_path */
          tcg_out_opc(s, OPC_JCC_long + JCC_JNE, 0, 0, 0);
 -        ldst->label_ptr[1] = s->code_ptr;
 +        ldst->label_ptr[0] = s->code_ptr;
          s->code_ptr += 4;
 -    }
 -    /* TLB Hit.  */
 -    tcg_out_ld(s, TCG_TYPE_PTR, TCG_REG_L0, TCG_REG_L0,
 -               offsetof(CPUTLBEntry, addend));
 -#else
 -    if (a_mask) {
 +        if (TCG_TARGET_REG_BITS == 32 && s->addr_type == TCG_TYPE_I64) {
 +            /* cmp 4(TCG_REG_L0), addrhi */
 +            tcg_out_modrm_offset(s, OPC_CMP_GvEv, addrhi,
 +                                 TCG_REG_L0, cmp_ofs + 4);
 +
 +            /* jne slow_path */
 +            tcg_out_opc(s, OPC_JCC_long + JCC_JNE, 0, 0, 0);
 +            ldst->label_ptr[1] = s->code_ptr;
 +            s->code_ptr += 4;
 +        }
 +
 +        /* TLB Hit.  */
 +        tcg_out_ld(s, TCG_TYPE_PTR, TCG_REG_L0, TCG_REG_L0,
 +                   offsetof(CPUTLBEntry, addend));
 +    } else if (a_mask) {
          ldst = new_ldst_label(s);
          ldst->is_ld = is_ld;
@@ -XXX,XX +XXX,XX @@ static TCGLabelQemuLdst *prepare_host_addr(TCGContext *s, HostAddress *h,
          ldst->label_ptr[0] = s->code_ptr;
          s->code_ptr += 4;
      }
 -#endif
      return ldst;
  }
@@ -XXX,XX +XXX,XX @@ static void tcg_target_qemu_prologue(TCGContext *s)
          tcg_out_push(s, tcg_target_callee_save_regs[i]);
      }
 -#if TCG_TARGET_REG_BITS == 32
 -    tcg_out_ld(s, TCG_TYPE_PTR, TCG_AREG0, TCG_REG_ESP,
 -               (ARRAY_SIZE(tcg_target_callee_save_regs) + 1) * 4);
 -    tcg_out_addi(s, TCG_REG_ESP, -stack_addend);
 -    /* jmp *tb.  */
 -    tcg_out_modrm_offset(s, OPC_GRP5, EXT5_JMPN_Ev, TCG_REG_ESP,
 -                         (ARRAY_SIZE(tcg_target_callee_save_regs) + 2) * 4
 -                         + stack_addend);
 -#else
 -# if !defined(CONFIG_SOFTMMU)
 -    if (guest_base) {
 +    if (!tcg_use_softmmu && guest_base) {
          int seg = setup_guest_base_seg();
          if (seg != 0) {
              x86_guest_base.seg = seg;
          } else if (guest_base == (int32_t)guest_base) {
              x86_guest_base.ofs = guest_base;
          } else {
 +            assert(TCG_TARGET_REG_BITS == 64);
              /* Choose R12 because, as a base, it requires a SIB byte. */
              x86_guest_base.index = TCG_REG_R12;
              tcg_out_movi(s, TCG_TYPE_PTR, x86_guest_base.index, guest_base);
              tcg_regset_set_reg(s->reserved_regs, x86_guest_base.index);
          }
      }
 -# endif
 -    tcg_out_mov(s, TCG_TYPE_PTR, TCG_AREG0, tcg_target_call_iarg_regs[0]);
 -    tcg_out_addi(s, TCG_REG_ESP, -stack_addend);
 -    /* jmp *tb.  */
 -    tcg_out_modrm(s, OPC_GRP5, EXT5_JMPN_Ev, tcg_target_call_iarg_regs[1]);
 -#endif
 +
 +    if (TCG_TARGET_REG_BITS == 32) {
 +        tcg_out_ld(s, TCG_TYPE_PTR, TCG_AREG0, TCG_REG_ESP,
 +                   (ARRAY_SIZE(tcg_target_callee_save_regs) + 1) * 4);
 +        tcg_out_addi(s, TCG_REG_ESP, -stack_addend);
 +        /* jmp *tb.  */
 +        tcg_out_modrm_offset(s, OPC_GRP5, EXT5_JMPN_Ev, TCG_REG_ESP,
 +                             (ARRAY_SIZE(tcg_target_callee_save_regs) + 2) * 4
 +                             + stack_addend);
 +    } else {
 +        tcg_out_mov(s, TCG_TYPE_PTR, TCG_AREG0, tcg_target_call_iarg_regs[0]);
 +        tcg_out_addi(s, TCG_REG_ESP, -stack_addend);
 +        /* jmp *tb.  */
 +        tcg_out_modrm(s, OPC_GRP5, EXT5_JMPN_Ev, tcg_target_call_iarg_regs[1]);
 +    }
      /*
       * Return path for goto_ptr. Set return value to 0, a-la exit_tb,
 --
-.25.1
+.34.1

The following changes since commit 95d1fbabae0cd44156ac4b96d512d143ca7dfd5e:

Merge remote-tracking branch 'remotes/kraxel/tags/fixes-20200716-pull-request' into staging (2020-07-16 18:50:51 +0100)

are available in the Git repository at:

https://github.com/rth7680/qemu.git tags/pull-tcg-20200717

for you to fetch changes up to ba3c35d9c4026361fd380b269dc6def9510b7166:

tcg/cpu-exec: precise single-stepping after an interrupt (2020-07-17 11:09:34 -0700)

----------------------------------------------------------------
Fix vector min/max fallback expansion
Fix singlestep from exception and interrupt

----------------------------------------------------------------
Luc Michel (1):
      tcg/cpu-exec: precise single-stepping after an exception

Richard Henderson (2):
      tcg: Save/restore vecop_list around minmax fallback
      tcg/cpu-exec: precise single-stepping after an interrupt

accel/tcg/cpu-exec.c | 19 ++++++++++++++++++-
 tcg/tcg-op-vec.c     |  2 ++
 2 files changed, 20 insertions(+), 1 deletion(-)

From: Luc Michel <luc.michel@greensocs.com>

When single-stepping with a debugger attached to QEMU, and when an
exception is raised, the debugger misses the first instruction after the
exception:

$ qemu-system-aarch64 -M virt -display none -cpu cortex-a53 -s -S

$ aarch64-linux-gnu-gdb
GNU gdb (GDB) 9.2
[...]
(gdb) tar rem :1234
Remote debugging using :1234
warning: No executable has been specified and target does not support
determining executable automatically.  Try using the "file" command.
0x0000000000000000 in ?? ()
(gdb) # writing nop insns to 0x200 and 0x204
(gdb) set *0x200 = 0xd503201f
(gdb) set *0x204 = 0xd503201f
(gdb) # 0x0 address contains 0 which is an invalid opcode.
(gdb) # The CPU should raise an exception and jump to 0x200
(gdb) si
0x0000000000000204 in ?? ()

With this commit, the same run steps correctly on the first instruction
of the exception vector:

(gdb) si
0x0000000000000200 in ?? ()

Buglink: https://bugs.launchpad.net/qemu/+bug/757702
Signed-off-by: Luc Michel <luc.michel@greensocs.com>
Message-Id: <20200716193947.3058389-1-luc.michel@greensocs.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/cpu-exec.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -XXX,XX +XXX,XX @@ static inline bool cpu_handle_exception(CPUState *cpu, int *ret)
             cc->do_interrupt(cpu);
             qemu_mutex_unlock_iothread();
             cpu->exception_index = -1;
+
+            if (unlikely(cpu->singlestep_enabled)) {
+                /*
+                 * After processing the exception, ensure an EXCP_DEBUG is
+                 * raised when single-stepping so that GDB doesn't miss the
+                 * next instruction.
+                 */
+                *ret = EXCP_DEBUG;
+                cpu_handle_debug_exception(cpu);
+                return true;
+            }
         } else if (!replay_has_interrupt()) {
             /* give a chance to iothread in replay mode */
             *ret = EXCP_INTERRUPT;
-- 
2.25.1

When single-stepping with a debugger attached to QEMU, and when an
interrupt is raised, the debugger misses the first instruction after
the interrupt.

Tested-by: Luc Michel <luc.michel@greensocs.com>
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Buglink: https://bugs.launchpad.net/qemu/+bug/757702
Message-Id: <20200717163029.2737546-1-richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/cpu-exec.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -XXX,XX +XXX,XX @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
         else {
             if (cc->cpu_exec_interrupt(cpu, interrupt_request)) {
                 replay_interrupt();
-                cpu->exception_index = -1;
+                /*
+                 * After processing the interrupt, ensure an EXCP_DEBUG is
+                 * raised when single-stepping so that GDB doesn't miss the
+                 * next instruction.
+                 */
+                cpu->exception_index =
+                    (cpu->singlestep_enabled ? EXCP_DEBUG : -1);
                 *last_tb = NULL;
             }
             /* The target hook may have updated the 'cpu->interrupt_request';
-- 
2.25.1

v2: Fix FreeBSD build error in patch 18.

The following changes since commit 0d239e513e0117e66fa739fb71a43b9383a108ff:

Merge tag 'pull-lu-20231018' of https://gitlab.com/rth7680/qemu into staging (2023-10-19 10:20:57 -0700)

are available in the Git repository at:

https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20231018-2

for you to fetch changes up to a75f704d972b9408f5e2843784b3add48c724c52:

target/i386: Use i128 for 128 and 256-bit loads and stores (2023-10-19 21:11:44 -0700)

----------------------------------------------------------------
tcg: Drop unused tcg_temp_free define
tcg: Introduce tcg_use_softmmu
tcg: Optimize past conditional branches
tcg: Use constant zero when expanding with divu2
tcg/ppc: Enable direct branching tcg_out_goto_tb with TCG_REG_TB
tcg/ppc: Use ADDPCIS for power9
tcg/ppc: Use prefixed instructions for power10
tcg/ppc: Disable TCG_REG_TB for Power9/Power10

----------------------------------------------------------------
Jordan Niethe (1):
      tcg/ppc: Enable direct branching tcg_out_goto_tb with TCG_REG_TB

Mike Frysinger (1):
      tcg: drop unused tcg_temp_free define

Richard Henderson (27):
      tcg/ppc: Untabify tcg-target.c.inc
      tcg/ppc: Reinterpret tb-relative to TB+4
      tcg/ppc: Use ADDPCIS in tcg_out_tb_start
      tcg/ppc: Use ADDPCIS in tcg_out_movi_int
      tcg/ppc: Use ADDPCIS for the constant pool
      tcg/ppc: Use ADDPCIS in tcg_out_goto_tb
      tcg/ppc: Use PADDI in tcg_out_movi
      tcg/ppc: Use prefixed instructions in tcg_out_mem_long
      tcg/ppc: Use PLD in tcg_out_movi for constant pool
      tcg/ppc: Use prefixed instructions in tcg_out_dupi_vec
      tcg/ppc: Use PLD in tcg_out_goto_tb
      tcg/ppc: Disable TCG_REG_TB for Power9/Power10
      tcg: Introduce tcg_use_softmmu
      tcg: Provide guest_base fallback for system mode
      tcg/arm: Use tcg_use_softmmu
      tcg/aarch64: Use tcg_use_softmmu
      tcg/i386: Use tcg_use_softmmu
      tcg/loongarch64: Use tcg_use_softmmu
      tcg/mips: Use tcg_use_softmmu
      tcg/ppc: Use tcg_use_softmmu
      tcg/riscv: Do not reserve TCG_GUEST_BASE_REG for guest_base zero
      tcg/riscv: Use tcg_use_softmmu
      tcg/s390x: Use tcg_use_softmmu
      tcg: Use constant zero when expanding with divu2
      tcg: Optimize past conditional branches
      tcg: Add tcg_gen_{ld,st}_i128
      target/i386: Use i128 for 128 and 256-bit loads and stores

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/i386/tcg-target.c.inc | 198 +++++++++++++++++++-------------------
 1 file changed, 98 insertions(+), 100 deletions(-)

diff --git a/tcg/i386/tcg-target.c.inc b/tcg/i386/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/i386/tcg-target.c.inc
+++ b/tcg/i386/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static TCGReg tcg_target_call_oarg_reg(TCGCallReturnKind kind, int slot)
 # define ALL_VECTOR_REGS       0x00ff0000u
 # define ALL_BYTEL_REGS        0x0000000fu
 #endif
-#ifdef CONFIG_SOFTMMU
-# define SOFTMMU_RESERVE_REGS  ((1 << TCG_REG_L0) | (1 << TCG_REG_L1))
-#else
-# define SOFTMMU_RESERVE_REGS  0
-#endif
+#define SOFTMMU_RESERVE_REGS \
+    (tcg_use_softmmu ? (1 << TCG_REG_L0) | (1 << TCG_REG_L1) : 0)
 
 /* For 64-bit, we always know that CMOV is available.  */
 #if TCG_TARGET_REG_BITS == 64
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
     return true;
 }
 
-#ifndef CONFIG_SOFTMMU
+#ifdef CONFIG_USER_ONLY
 static HostAddress x86_guest_base = {
     .index = -1
 };
@@ -XXX,XX +XXX,XX @@ static inline int setup_guest_base_seg(void)
     }
     return 0;
 }
+#define setup_guest_base_seg  setup_guest_base_seg
 #elif defined(__x86_64__) && \
       (defined (__FreeBSD__) || defined (__FreeBSD_kernel__))
 # include <machine/sysarch.h>
@@ -XXX,XX +XXX,XX @@ static inline int setup_guest_base_seg(void)
     }
     return 0;
 }
+#define setup_guest_base_seg  setup_guest_base_seg
+#endif
 #else
-static inline int setup_guest_base_seg(void)
-{
-    return 0;
-}
-#endif /* setup_guest_base_seg */
-#endif /* !SOFTMMU */
+# define x86_guest_base (*(HostAddress *)({ qemu_build_not_reached(); NULL; }))
+#endif /* CONFIG_USER_ONLY */
+#ifndef setup_guest_base_seg
+# define setup_guest_base_seg()  0
+#endif
 
 #define MIN_TLB_MASK_TABLE_OFS  INT_MIN
 
@@ -XXX,XX +XXX,XX @@ static TCGLabelQemuLdst *prepare_host_addr(TCGContext *s, HostAddress *h,
     MemOp s_bits = opc & MO_SIZE;
     unsigned a_mask;
 
-#ifdef CONFIG_SOFTMMU
-    h->index = TCG_REG_L0;
-    h->ofs = 0;
-    h->seg = 0;
-#else
-    *h = x86_guest_base;
-#endif
+    if (tcg_use_softmmu) {
+        h->index = TCG_REG_L0;
+        h->ofs = 0;
+        h->seg = 0;
+    } else {
+        *h = x86_guest_base;
+    }
     h->base = addrlo;
     h->aa = atom_and_align_for_opc(s, opc, MO_ATOM_IFALIGN, s_bits == MO_128);
     a_mask = (1 << h->aa.align) - 1;
 
-#ifdef CONFIG_SOFTMMU
-    int cmp_ofs = is_ld ? offsetof(CPUTLBEntry, addr_read)
-                        : offsetof(CPUTLBEntry, addr_write);
-    TCGType ttype = TCG_TYPE_I32;
-    TCGType tlbtype = TCG_TYPE_I32;
-    int trexw = 0, hrexw = 0, tlbrexw = 0;
-    unsigned mem_index = get_mmuidx(oi);
-    unsigned s_mask = (1 << s_bits) - 1;
-    int fast_ofs = tlb_mask_table_ofs(s, mem_index);
-    int tlb_mask;
+    if (tcg_use_softmmu) {
+        int cmp_ofs = is_ld ? offsetof(CPUTLBEntry, addr_read)
+                            : offsetof(CPUTLBEntry, addr_write);
+        TCGType ttype = TCG_TYPE_I32;
+        TCGType tlbtype = TCG_TYPE_I32;
+        int trexw = 0, hrexw = 0, tlbrexw = 0;
+        unsigned mem_index = get_mmuidx(oi);
+        unsigned s_mask = (1 << s_bits) - 1;
+        int fast_ofs = tlb_mask_table_ofs(s, mem_index);
+        int tlb_mask;
 
-    ldst = new_ldst_label(s);
-    ldst->is_ld = is_ld;
-    ldst->oi = oi;
-    ldst->addrlo_reg = addrlo;
-    ldst->addrhi_reg = addrhi;
+        ldst = new_ldst_label(s);
+        ldst->is_ld = is_ld;
+        ldst->oi = oi;
+        ldst->addrlo_reg = addrlo;
+        ldst->addrhi_reg = addrhi;
 
-    if (TCG_TARGET_REG_BITS == 64) {
-        ttype = s->addr_type;
-        trexw = (ttype == TCG_TYPE_I32 ? 0 : P_REXW);
-        if (TCG_TYPE_PTR == TCG_TYPE_I64) {
-            hrexw = P_REXW;
-            if (s->page_bits + s->tlb_dyn_max_bits > 32) {
-                tlbtype = TCG_TYPE_I64;
-                tlbrexw = P_REXW;
+        if (TCG_TARGET_REG_BITS == 64) {
+            ttype = s->addr_type;
+            trexw = (ttype == TCG_TYPE_I32 ? 0 : P_REXW);
+            if (TCG_TYPE_PTR == TCG_TYPE_I64) {
+                hrexw = P_REXW;
+                if (s->page_bits + s->tlb_dyn_max_bits > 32) {
+                    tlbtype = TCG_TYPE_I64;
+                    tlbrexw = P_REXW;
+                }
             }
         }
-    }
 
-    tcg_out_mov(s, tlbtype, TCG_REG_L0, addrlo);
-    tcg_out_shifti(s, SHIFT_SHR + tlbrexw, TCG_REG_L0,
-                   s->page_bits - CPU_TLB_ENTRY_BITS);
+        tcg_out_mov(s, tlbtype, TCG_REG_L0, addrlo);
+        tcg_out_shifti(s, SHIFT_SHR + tlbrexw, TCG_REG_L0,
+                       s->page_bits - CPU_TLB_ENTRY_BITS);
 
-    tcg_out_modrm_offset(s, OPC_AND_GvEv + trexw, TCG_REG_L0, TCG_AREG0,
-                         fast_ofs + offsetof(CPUTLBDescFast, mask));
+        tcg_out_modrm_offset(s, OPC_AND_GvEv + trexw, TCG_REG_L0, TCG_AREG0,
+                             fast_ofs + offsetof(CPUTLBDescFast, mask));
 
-    tcg_out_modrm_offset(s, OPC_ADD_GvEv + hrexw, TCG_REG_L0, TCG_AREG0,
-                         fast_ofs + offsetof(CPUTLBDescFast, table));
+        tcg_out_modrm_offset(s, OPC_ADD_GvEv + hrexw, TCG_REG_L0, TCG_AREG0,
+                             fast_ofs + offsetof(CPUTLBDescFast, table));
 
-    /*
-     * If the required alignment is at least as large as the access, simply
-     * copy the address and mask.  For lesser alignments, check that we don't
-     * cross pages for the complete access.
-     */
-    if (a_mask >= s_mask) {
-        tcg_out_mov(s, ttype, TCG_REG_L1, addrlo);
-    } else {
-        tcg_out_modrm_offset(s, OPC_LEA + trexw, TCG_REG_L1,
-                             addrlo, s_mask - a_mask);
-    }
-    tlb_mask = s->page_mask | a_mask;
-    tgen_arithi(s, ARITH_AND + trexw, TCG_REG_L1, tlb_mask, 0);
+        /*
+         * If the required alignment is at least as large as the access,
+         * simply copy the address and mask.  For lesser alignments,
+         * check that we don't cross pages for the complete access.
+         */
+        if (a_mask >= s_mask) {
+            tcg_out_mov(s, ttype, TCG_REG_L1, addrlo);
+        } else {
+            tcg_out_modrm_offset(s, OPC_LEA + trexw, TCG_REG_L1,
+                                 addrlo, s_mask - a_mask);
+        }
+        tlb_mask = s->page_mask | a_mask;
+        tgen_arithi(s, ARITH_AND + trexw, TCG_REG_L1, tlb_mask, 0);
 
-    /* cmp 0(TCG_REG_L0), TCG_REG_L1 */
-    tcg_out_modrm_offset(s, OPC_CMP_GvEv + trexw,
-                         TCG_REG_L1, TCG_REG_L0, cmp_ofs);
-
-    /* jne slow_path */
-    tcg_out_opc(s, OPC_JCC_long + JCC_JNE, 0, 0, 0);
-    ldst->label_ptr[0] = s->code_ptr;
-    s->code_ptr += 4;
-
-    if (TCG_TARGET_REG_BITS == 32 && s->addr_type == TCG_TYPE_I64) {
-        /* cmp 4(TCG_REG_L0), addrhi */
-        tcg_out_modrm_offset(s, OPC_CMP_GvEv, addrhi, TCG_REG_L0, cmp_ofs + 4);
+        /* cmp 0(TCG_REG_L0), TCG_REG_L1 */
+        tcg_out_modrm_offset(s, OPC_CMP_GvEv + trexw,
+                             TCG_REG_L1, TCG_REG_L0, cmp_ofs);
 
         /* jne slow_path */
         tcg_out_opc(s, OPC_JCC_long + JCC_JNE, 0, 0, 0);
-        ldst->label_ptr[1] = s->code_ptr;
+        ldst->label_ptr[0] = s->code_ptr;
         s->code_ptr += 4;
-    }
 
-    /* TLB Hit.  */
-    tcg_out_ld(s, TCG_TYPE_PTR, TCG_REG_L0, TCG_REG_L0,
-               offsetof(CPUTLBEntry, addend));
-#else
-    if (a_mask) {
+        if (TCG_TARGET_REG_BITS == 32 && s->addr_type == TCG_TYPE_I64) {
+            /* cmp 4(TCG_REG_L0), addrhi */
+            tcg_out_modrm_offset(s, OPC_CMP_GvEv, addrhi,
+                                 TCG_REG_L0, cmp_ofs + 4);
+
+            /* jne slow_path */
+            tcg_out_opc(s, OPC_JCC_long + JCC_JNE, 0, 0, 0);
+            ldst->label_ptr[1] = s->code_ptr;
+            s->code_ptr += 4;
+        }
+
+        /* TLB Hit.  */
+        tcg_out_ld(s, TCG_TYPE_PTR, TCG_REG_L0, TCG_REG_L0,
+                   offsetof(CPUTLBEntry, addend));
+    } else if (a_mask) {
         ldst = new_ldst_label(s);
 
         ldst->is_ld = is_ld;
@@ -XXX,XX +XXX,XX @@ static TCGLabelQemuLdst *prepare_host_addr(TCGContext *s, HostAddress *h,
         ldst->label_ptr[0] = s->code_ptr;
         s->code_ptr += 4;
     }
-#endif
 
     return ldst;
 }
@@ -XXX,XX +XXX,XX @@ static void tcg_target_qemu_prologue(TCGContext *s)
         tcg_out_push(s, tcg_target_callee_save_regs[i]);
     }
 
-#if TCG_TARGET_REG_BITS == 32
-    tcg_out_ld(s, TCG_TYPE_PTR, TCG_AREG0, TCG_REG_ESP,
-               (ARRAY_SIZE(tcg_target_callee_save_regs) + 1) * 4);
-    tcg_out_addi(s, TCG_REG_ESP, -stack_addend);
-    /* jmp *tb.  */
-    tcg_out_modrm_offset(s, OPC_GRP5, EXT5_JMPN_Ev, TCG_REG_ESP,
-                         (ARRAY_SIZE(tcg_target_callee_save_regs) + 2) * 4
-                         + stack_addend);
-#else
-# if !defined(CONFIG_SOFTMMU)
-    if (guest_base) {
+    if (!tcg_use_softmmu && guest_base) {
         int seg = setup_guest_base_seg();
         if (seg != 0) {
             x86_guest_base.seg = seg;
         } else if (guest_base == (int32_t)guest_base) {
             x86_guest_base.ofs = guest_base;
         } else {
+            assert(TCG_TARGET_REG_BITS == 64);
             /* Choose R12 because, as a base, it requires a SIB byte. */
             x86_guest_base.index = TCG_REG_R12;
             tcg_out_movi(s, TCG_TYPE_PTR, x86_guest_base.index, guest_base);
             tcg_regset_set_reg(s->reserved_regs, x86_guest_base.index);
         }
     }
-# endif
-    tcg_out_mov(s, TCG_TYPE_PTR, TCG_AREG0, tcg_target_call_iarg_regs[0]);
-    tcg_out_addi(s, TCG_REG_ESP, -stack_addend);
-    /* jmp *tb.  */
-    tcg_out_modrm(s, OPC_GRP5, EXT5_JMPN_Ev, tcg_target_call_iarg_regs[1]);
-#endif
+
+    if (TCG_TARGET_REG_BITS == 32) {
+        tcg_out_ld(s, TCG_TYPE_PTR, TCG_AREG0, TCG_REG_ESP,
+                   (ARRAY_SIZE(tcg_target_callee_save_regs) + 1) * 4);
+        tcg_out_addi(s, TCG_REG_ESP, -stack_addend);
+        /* jmp *tb.  */
+        tcg_out_modrm_offset(s, OPC_GRP5, EXT5_JMPN_Ev, TCG_REG_ESP,
+                             (ARRAY_SIZE(tcg_target_callee_save_regs) + 2) * 4
+                             + stack_addend);
+    } else {
+        tcg_out_mov(s, TCG_TYPE_PTR, TCG_AREG0, tcg_target_call_iarg_regs[0]);
+        tcg_out_addi(s, TCG_REG_ESP, -stack_addend);
+        /* jmp *tb.  */
+        tcg_out_modrm(s, OPC_GRP5, EXT5_JMPN_Ev, tcg_target_call_iarg_regs[1]);
+    }
 
     /*
      * Return path for goto_ptr. Set return value to 0, a-la exit_tb,
-- 
2.34.1