Series comparison

-[PULL 00/10] tcg patch queue
+[PULL v2 00/29] tcg patch queue
-The following changes since commit 0e32462630687a18039464511bd0447ada5709c3:
+v2: Fix FreeBSD build error in patch 18.
-  Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-6.0-pull-request' into staging (2021-01-22 10:35:55 +0000)
+r~
 The following changes since commit 0d239e513e0117e66fa739fb71a43b9383a108ff:
   Merge tag 'pull-lu-20231018' of https://gitlab.com/rth7680/qemu into staging (2023-10-19 10:20:57 -0700)
 are available in the Git repository at:
-  https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20210123
+  https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20231018-2
-for you to fetch changes up to 2e34067e9959f149a904cf1255985d3b68b52566:
+for you to fetch changes up to a75f704d972b9408f5e2843784b3add48c724c52:
-  tcg: Toggle page execution for Apple Silicon (2021-01-22 12:48:01 -1000)
+  target/i386: Use i128 for 128 and 256-bit loads and stores (2023-10-19 21:11:44 -0700)
 ----------------------------------------------------------------
-Fix tcg constant segv.
+tcg: Drop unused tcg_temp_free define
-Optimize inline dup_const for MO_64.
+tcg: Introduce tcg_use_softmmu
-Update the cpu running flag in cpu_exec_step_atomic
+tcg: Optimize past conditional branches
-Some tidy up of tcg vs other accelerators
+tcg: Use constant zero when expanding with divu2
 tcg/ppc: Enable direct branching tcg_out_goto_tb with TCG_REG_TB
 tcg/ppc: Use ADDPCIS for power9
 tcg/ppc: Use prefixed instructions for power10
 tcg/ppc: Disable TCG_REG_TB for Power9/Power10
 ----------------------------------------------------------------
-Douglas Crosher (1):
+Jordan Niethe (1):
-      tcg: update the cpu running flag in cpu_exec_step_atomic
+      tcg/ppc: Enable direct branching tcg_out_goto_tb with TCG_REG_TB
-Philippe Mathieu-Daudé (4):
+Mike Frysinger (1):
-      accel/tcg: Make cpu_gen_init() static
+      tcg: drop unused tcg_temp_free define
       accel/tcg: Restrict tb_gen_code() from other accelerators
       accel/tcg: Declare missing cpu_loop_exit*() stubs
       accel/tcg: Restrict cpu_io_recompile() from other accelerators
-Richard Henderson (4):
+Richard Henderson (27):
-      qemu/compiler: Split out qemu_build_not_reached_always
+      tcg/ppc: Untabify tcg-target.c.inc
-      tcg: Optimize inline dup_const for MO_64
+      tcg/ppc: Reinterpret tb-relative to TB+4
-      tcg: Increase the static number of temporaries
+      tcg/ppc: Use ADDPCIS in tcg_out_tb_start
-      accel/tcg: Move tb_flush_jmp_cache() to cputlb.c
+      tcg/ppc: Use ADDPCIS in tcg_out_movi_int
       tcg/ppc: Use ADDPCIS for the constant pool
       tcg/ppc: Use ADDPCIS in tcg_out_goto_tb
       tcg/ppc: Use PADDI in tcg_out_movi
       tcg/ppc: Use prefixed instructions in tcg_out_mem_long
       tcg/ppc: Use PLD in tcg_out_movi for constant pool
       tcg/ppc: Use prefixed instructions in tcg_out_dupi_vec
       tcg/ppc: Use PLD in tcg_out_goto_tb
       tcg/ppc: Disable TCG_REG_TB for Power9/Power10
       tcg: Introduce tcg_use_softmmu
       tcg: Provide guest_base fallback for system mode
       tcg/arm: Use tcg_use_softmmu
       tcg/aarch64: Use tcg_use_softmmu
       tcg/i386: Use tcg_use_softmmu
       tcg/loongarch64: Use tcg_use_softmmu
       tcg/mips: Use tcg_use_softmmu
       tcg/ppc: Use tcg_use_softmmu
       tcg/riscv: Do not reserve TCG_GUEST_BASE_REG for guest_base zero
       tcg/riscv: Use tcg_use_softmmu
       tcg/s390x: Use tcg_use_softmmu
       tcg: Use constant zero when expanding with divu2
       tcg: Optimize past conditional branches
       tcg: Add tcg_gen_{ld,st}_i128
       target/i386: Use i128 for 128 and 256-bit loads and stores
-Roman Bolshakov (1):
+ include/tcg/tcg-op-common.h      |   3 +
-      tcg: Toggle page execution for Apple Silicon
+ include/tcg/tcg-op.h             |   2 -
+ include/tcg/tcg.h                |   8 +-
- accel/tcg/internal.h      | 20 ++++++++++++++++++++
+ target/i386/tcg/translate.c      |  63 ++---
- include/exec/exec-all.h   | 11 -----------
+ tcg/optimize.c                   |   8 +-
- include/qemu/compiler.h   |  5 +++--
+ tcg/tcg-op-ldst.c                |  14 +-
- include/qemu/osdep.h      | 28 ++++++++++++++++++++++++++++
+ tcg/tcg-op.c                     |  38 ++-
- include/tcg/tcg.h         |  5 +++--
+ tcg/tcg.c                        |  13 +-
- accel/stubs/tcg-stub.c    | 10 ++++++++++
+ tcg/aarch64/tcg-target.c.inc     | 177 ++++++------
- accel/tcg/cpu-exec.c      |  7 +++++++
+ tcg/arm/tcg-target.c.inc         | 203 +++++++-------
- accel/tcg/cputlb.c        | 19 +++++++++++++++++++
+ tcg/i386/tcg-target.c.inc        | 198 +++++++-------
- accel/tcg/translate-all.c | 23 +++++------------------
+ tcg/loongarch64/tcg-target.c.inc | 126 +++++----
- tcg/tcg.c                 |  7 ++++---
+ tcg/mips/tcg-target.c.inc        | 231 ++++++++--------
-files changed, 99 insertions(+), 36 deletions(-)
+ tcg/ppc/tcg-target.c.inc         | 561 ++++++++++++++++++++++++++-------------
- create mode 100644 accel/tcg/internal.h
+ tcg/riscv/tcg-target.c.inc       | 189 ++++++-------
+ tcg/s390x/tcg-target.c.inc       | 161 ++++++-----
 files changed, 1102 insertions(+), 893 deletions(-)

-[PULL 01/10] tcg: update the cpu running flag in cpu_exec_step_atomic
+Deleted patch
-From: Douglas Crosher <dtc-ubuntu@scieneer.com>
-The cpu_exec_step_atomic() function is called with the cpu->running
-clear and proceeds to run target code without setting this flag. If
-this target code generates an exception then handle_cpu_signal() will
-unnecessarily abort.  For example if atomic code generates a memory
-protection fault.
-This patch at least sets and clears this running flag, and adds some
-assertions to help detect other cases.
-Signed-off-by: Douglas Crosher <dtc-ubuntu@scieneer.com>
-Message-Id: <a272c656-f7c5-019d-1cc0-499b8f80f2fc@scieneer.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- accel/tcg/cpu-exec.c | 4 ++++
-file changed, 4 insertions(+)
-diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/cpu-exec.c
-+++ b/accel/tcg/cpu-exec.c
-@@ -XXX,XX +XXX,XX @@ void cpu_exec_step_atomic(CPUState *cpu)
-     if (sigsetjmp(cpu->jmp_env, 0) == 0) {
-         start_exclusive();
-+        g_assert(cpu == current_cpu);
-+        g_assert(!cpu->running);
-+        cpu->running = true;
-         tb = tb_lookup__cpu_state(cpu, &pc, &cs_base, &flags, cf_mask);
-         if (tb == NULL) {
-@@ -XXX,XX +XXX,XX @@ void cpu_exec_step_atomic(CPUState *cpu)
-      */
-     g_assert(cpu_in_exclusive_context(cpu));
-     parallel_cpus = true;
-+    cpu->running = false;
-     end_exclusive();
- }
---
-.25.1

-[PULL 02/10] qemu/compiler: Split out qemu_build_not_reached_always
+Deleted patch
-Provide a symbol that can always be used to signal an error,
-regardless of optimization.  Usage of this should be protected
-by e.g. __builtin_constant_p, which guards for optimization.
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/qemu/compiler.h | 5 +++--
-file changed, 3 insertions(+), 2 deletions(-)
-diff --git a/include/qemu/compiler.h b/include/qemu/compiler.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/qemu/compiler.h
-+++ b/include/qemu/compiler.h
-@@ -XXX,XX +XXX,XX @@
-  * supports QEMU_ERROR, this will be reported at compile time; otherwise
-  * this will be reported at link time due to the missing symbol.
-  */
--#if defined(__OPTIMIZE__) && !defined(__NO_INLINE__)
- extern void QEMU_NORETURN QEMU_ERROR("code path is reachable")
--    qemu_build_not_reached(void);
-+    qemu_build_not_reached_always(void);
-+#if defined(__OPTIMIZE__) && !defined(__NO_INLINE__)
-+#define qemu_build_not_reached()  qemu_build_not_reached_always()
- #else
- #define qemu_build_not_reached()  g_assert_not_reached()
- #endif
---
-.25.1

-[PULL 03/10] tcg: Optimize inline dup_const for MO_64
+Deleted patch
-Avoid the out-of-line function call for immediate MO_64.
-In addition, diagnose all invalid constants at compile-time.
-Reviewed-by: David Hildenbrand <david@redhat.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/tcg/tcg.h | 3 ++-
-file changed, 2 insertions(+), 1 deletion(-)
-diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/tcg/tcg.h
-+++ b/include/tcg/tcg.h
-@@ -XXX,XX +XXX,XX @@ uint64_t dup_const(unsigned vece, uint64_t c);
-      ? (  (VECE) == MO_8  ? 0x0101010101010101ull * (uint8_t)(C)   \
-         : (VECE) == MO_16 ? 0x0001000100010001ull * (uint16_t)(C)  \
-         : (VECE) == MO_32 ? 0x0000000100000001ull * (uint32_t)(C)  \
--        : dup_const(VECE, C))                                      \
-+        : (VECE) == MO_64 ? (uint64_t)(C)                          \
-+        : (qemu_build_not_reached_always(), 0))                    \
-      : dup_const(VECE, C))
---
-.25.1

-[PULL 04/10] tcg: Increase the static number of temporaries
+Deleted patch
-This isn't a total or permanent solution to the problem of running
-out of temporaries, but it puts off the issue for a bit.
-Make the assert in tcg_temp_alloc unconditional.  If we do run out
-of temps, this can fail much later as a weird SIGSEGV, due to the
-buffer overrun of the temp array.
-Remove the inlines from tcg_temp_alloc and tcg_global_alloc.
-Buglink: https://bugs.launchpad.net/bugs/1912065
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/tcg/tcg.h | 2 +-
- tcg/tcg.c         | 6 +++---
-files changed, 4 insertions(+), 4 deletions(-)
-diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/tcg/tcg.h
-+++ b/include/tcg/tcg.h
-@@ -XXX,XX +XXX,XX @@ typedef struct TCGPool {
- #define TCG_POOL_CHUNK_SIZE 32768
--#define TCG_MAX_TEMPS 512
-+#define TCG_MAX_TEMPS 1024
- #define TCG_MAX_INSNS 512
- /* when the size of the arguments of a called function is smaller than
-diff --git a/tcg/tcg.c b/tcg/tcg.c
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/tcg.c
-+++ b/tcg/tcg.c
-@@ -XXX,XX +XXX,XX @@ void tcg_func_start(TCGContext *s)
-     QSIMPLEQ_INIT(&s->labels);
- }
--static inline TCGTemp *tcg_temp_alloc(TCGContext *s)
-+static TCGTemp *tcg_temp_alloc(TCGContext *s)
- {
-     int n = s->nb_temps++;
--    tcg_debug_assert(n < TCG_MAX_TEMPS);
-+    g_assert(n < TCG_MAX_TEMPS);
-     return memset(&s->temps[n], 0, sizeof(TCGTemp));
- }
--static inline TCGTemp *tcg_global_alloc(TCGContext *s)
-+static TCGTemp *tcg_global_alloc(TCGContext *s)
- {
-     TCGTemp *ts;
---
-.25.1

-[PULL 05/10] accel/tcg: Make cpu_gen_init() static
+Deleted patch
-From: Philippe Mathieu-Daudé <f4bug@amsat.org>
-cpu_gen_init() is TCG specific, only used in tcg/translate-all.c.
-No need to export it to other accelerators, declare it statically.
-Reviewed-by: Claudio Fontana <cfontana@suse.de>
-Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Message-Id: <20210117164813.4101761-2-f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/exec/exec-all.h   | 2 --
- accel/tcg/translate-all.c | 2 +-
-files changed, 1 insertion(+), 3 deletions(-)
-diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/exec/exec-all.h
-+++ b/include/exec/exec-all.h
-@@ -XXX,XX +XXX,XX @@ void gen_intermediate_code(CPUState *cpu, TranslationBlock *tb, int max_insns);
- void restore_state_to_opc(CPUArchState *env, TranslationBlock *tb,
-                           target_ulong *data);
--void cpu_gen_init(void);
--
- /**
-  * cpu_restore_state:
-  * @cpu: the vCPU state is to be restore to
-diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/translate-all.c
-+++ b/accel/tcg/translate-all.c
-@@ -XXX,XX +XXX,XX @@ static void page_table_config_init(void)
-     assert(v_l2_levels >= 0);
- }
--void cpu_gen_init(void)
-+static void cpu_gen_init(void)
- {
-     tcg_context_init(&tcg_init_ctx);
- }
---
-.25.1

-[PULL 06/10] accel/tcg: Move tb_flush_jmp_cache() to cputlb.c
+Deleted patch
-Move and make the function static, as the only users
-are here in cputlb.c.
-Suggested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/exec/exec-all.h   |  3 ---
- accel/tcg/cputlb.c        | 18 ++++++++++++++++++
- accel/tcg/translate-all.c | 17 -----------------
-files changed, 18 insertions(+), 20 deletions(-)
-diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/exec/exec-all.h
-+++ b/include/exec/exec-all.h
-@@ -XXX,XX +XXX,XX @@ tb_page_addr_t get_page_addr_code_hostp(CPUArchState *env, target_ulong addr,
- void tlb_reset_dirty(CPUState *cpu, ram_addr_t start1, ram_addr_t length);
- void tlb_set_dirty(CPUState *cpu, target_ulong vaddr);
--/* exec.c */
--void tb_flush_jmp_cache(CPUState *cpu, target_ulong addr);
--
- MemoryRegionSection *
- address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
-                                   hwaddr *xlat, hwaddr *plen,
-diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/cputlb.c
-+++ b/accel/tcg/cputlb.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/address-spaces.h"
- #include "exec/cpu_ldst.h"
- #include "exec/cputlb.h"
-+#include "exec/tb-hash.h"
- #include "exec/memory-internal.h"
- #include "exec/ram_addr.h"
- #include "tcg/tcg.h"
-@@ -XXX,XX +XXX,XX @@ static void tlb_window_reset(CPUTLBDesc *desc, int64_t ns,
-     desc->window_max_entries = max_entries;
- }
-+static void tb_jmp_cache_clear_page(CPUState *cpu, target_ulong page_addr)
-+{
-+    unsigned int i, i0 = tb_jmp_cache_hash_page(page_addr);
-+
-+    for (i = 0; i < TB_JMP_PAGE_SIZE; i++) {
-+        qatomic_set(&cpu->tb_jmp_cache[i0 + i], NULL);
-+    }
-+}
-+
-+static void tb_flush_jmp_cache(CPUState *cpu, target_ulong addr)
-+{
-+    /* Discard jump cache entries for any tb which might potentially
-+       overlap the flushed page.  */
-+    tb_jmp_cache_clear_page(cpu, addr - TARGET_PAGE_SIZE);
-+    tb_jmp_cache_clear_page(cpu, addr);
-+}
-+
- /**
-  * tlb_mmu_resize_locked() - perform TLB resize bookkeeping; resize if necessary
-  * @desc: The CPUTLBDesc portion of the TLB
-diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/translate-all.c
-+++ b/accel/tcg/translate-all.c
-@@ -XXX,XX +XXX,XX @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
-     cpu_loop_exit_noexc(cpu);
- }
--static void tb_jmp_cache_clear_page(CPUState *cpu, target_ulong page_addr)
--{
--    unsigned int i, i0 = tb_jmp_cache_hash_page(page_addr);
--
--    for (i = 0; i < TB_JMP_PAGE_SIZE; i++) {
--        qatomic_set(&cpu->tb_jmp_cache[i0 + i], NULL);
--    }
--}
--
--void tb_flush_jmp_cache(CPUState *cpu, target_ulong addr)
--{
--    /* Discard jump cache entries for any tb which might potentially
--       overlap the flushed page.  */
--    tb_jmp_cache_clear_page(cpu, addr - TARGET_PAGE_SIZE);
--    tb_jmp_cache_clear_page(cpu, addr);
--}
--
- static void print_qht_statistics(struct qht_stats hst)
- {
-     uint32_t hgram_opts;
---
-.25.1

-[PULL 07/10] accel/tcg: Restrict tb_gen_code() from other accelerators
+Deleted patch
-From: Philippe Mathieu-Daudé <f4bug@amsat.org>
-tb_gen_code() is only called within TCG accelerator, declare it locally.
-Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Message-Id: <20210117164813.4101761-4-f4bug@amsat.org>
-[rth: Adjust vs changed tb_flush_jmp_cache patch.]
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- accel/tcg/internal.h      | 18 ++++++++++++++++++
- include/exec/exec-all.h   |  5 -----
- accel/tcg/cpu-exec.c      |  1 +
- accel/tcg/translate-all.c |  1 +
-files changed, 20 insertions(+), 5 deletions(-)
- create mode 100644 accel/tcg/internal.h
-diff --git a/accel/tcg/internal.h b/accel/tcg/internal.h
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/accel/tcg/internal.h
-@@ -XXX,XX +XXX,XX @@
-+/*
-+ * Internal execution defines for qemu
-+ *
-+ *  Copyright (c) 2003 Fabrice Bellard
-+ *
-+ * SPDX-License-Identifier: LGPL-2.1-or-later
-+ */
-+
-+#ifndef ACCEL_TCG_INTERNAL_H
-+#define ACCEL_TCG_INTERNAL_H
-+
-+#include "exec/exec-all.h"
-+
-+TranslationBlock *tb_gen_code(CPUState *cpu, target_ulong pc,
-+                              target_ulong cs_base, uint32_t flags,
-+                              int cflags);
-+
-+#endif /* ACCEL_TCG_INTERNAL_H */
-diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/exec/exec-all.h
-+++ b/include/exec/exec-all.h
-@@ -XXX,XX +XXX,XX @@ bool cpu_restore_state(CPUState *cpu, uintptr_t searched_pc, bool will_exit);
- void QEMU_NORETURN cpu_loop_exit_noexc(CPUState *cpu);
- void QEMU_NORETURN cpu_io_recompile(CPUState *cpu, uintptr_t retaddr);
--TranslationBlock *tb_gen_code(CPUState *cpu,
--                              target_ulong pc, target_ulong cs_base,
--                              uint32_t flags,
--                              int cflags);
--
- void QEMU_NORETURN cpu_loop_exit(CPUState *cpu);
- void QEMU_NORETURN cpu_loop_exit_restore(CPUState *cpu, uintptr_t pc);
- void QEMU_NORETURN cpu_loop_exit_atomic(CPUState *cpu, uintptr_t pc);
-diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/cpu-exec.c
-+++ b/accel/tcg/cpu-exec.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/cpu-all.h"
- #include "sysemu/cpu-timers.h"
- #include "sysemu/replay.h"
-+#include "internal.h"
- /* -icount align implementation. */
-diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/translate-all.c
-+++ b/accel/tcg/translate-all.c
-@@ -XXX,XX +XXX,XX @@
- #include "sysemu/cpu-timers.h"
- #include "sysemu/tcg.h"
- #include "qapi/error.h"
-+#include "internal.h"
- /* #define DEBUG_TB_INVALIDATE */
- /* #define DEBUG_TB_FLUSH */
---
-.25.1

-[PULL 08/10] accel/tcg: Declare missing cpu_loop_exit*() stubs
+Deleted patch
-From: Philippe Mathieu-Daudé <f4bug@amsat.org>
-cpu_loop_exit*() functions are declared in accel/tcg/cpu-exec-common.c,
-and are not available when TCG accelerator is not built. Add stubs so
-linking without TCG succeed.
-Problematic files:
-- hw/semihosting/console.c in qemu_semihosting_console_inc()
-- hw/ppc/spapr_hcall.c in h_confer()
-- hw/s390x/ipl.c in s390_ipl_reset_request()
-- hw/misc/mips_itu.c
-Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Message-Id: <20210117164813.4101761-5-f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- accel/stubs/tcg-stub.c | 10 ++++++++++
-file changed, 10 insertions(+)
-diff --git a/accel/stubs/tcg-stub.c b/accel/stubs/tcg-stub.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/stubs/tcg-stub.c
-+++ b/accel/stubs/tcg-stub.c
-@@ -XXX,XX +XXX,XX @@ void *probe_access(CPUArchState *env, target_ulong addr, int size,
-      /* Handled by hardware accelerator. */
-      g_assert_not_reached();
- }
-+
-+void QEMU_NORETURN cpu_loop_exit(CPUState *cpu)
-+{
-+    g_assert_not_reached();
-+}
-+
-+void QEMU_NORETURN cpu_loop_exit_restore(CPUState *cpu, uintptr_t pc)
-+{
-+    g_assert_not_reached();
-+}
---
-.25.1

-[PULL 09/10] accel/tcg: Restrict cpu_io_recompile() from other accelerators
+Deleted patch
-From: Philippe Mathieu-Daudé <f4bug@amsat.org>
-As cpu_io_recompile() is only called within TCG accelerator
-in cputlb.c, declare it locally.
-Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Message-Id: <20210117164813.4101761-6-f4bug@amsat.org>
-[rth: Adjust vs changed tb_flush_jmp_cache patch.]
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- accel/tcg/internal.h    | 2 ++
- include/exec/exec-all.h | 1 -
- accel/tcg/cputlb.c      | 1 +
-files changed, 3 insertions(+), 1 deletion(-)
-diff --git a/accel/tcg/internal.h b/accel/tcg/internal.h
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/internal.h
-+++ b/accel/tcg/internal.h
-@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu, target_ulong pc,
-                               target_ulong cs_base, uint32_t flags,
-                               int cflags);
-+void QEMU_NORETURN cpu_io_recompile(CPUState *cpu, uintptr_t retaddr);
-+
- #endif /* ACCEL_TCG_INTERNAL_H */
-diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/exec/exec-all.h
-+++ b/include/exec/exec-all.h
-@@ -XXX,XX +XXX,XX @@ void restore_state_to_opc(CPUArchState *env, TranslationBlock *tb,
- bool cpu_restore_state(CPUState *cpu, uintptr_t searched_pc, bool will_exit);
- void QEMU_NORETURN cpu_loop_exit_noexc(CPUState *cpu);
--void QEMU_NORETURN cpu_io_recompile(CPUState *cpu, uintptr_t retaddr);
- void QEMU_NORETURN cpu_loop_exit(CPUState *cpu);
- void QEMU_NORETURN cpu_loop_exit_restore(CPUState *cpu, uintptr_t pc);
- void QEMU_NORETURN cpu_loop_exit_atomic(CPUState *cpu, uintptr_t pc);
-diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/cputlb.c
-+++ b/accel/tcg/cputlb.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/translate-all.h"
- #include "trace/trace-root.h"
- #include "trace/mem.h"
-+#include "internal.h"
- #ifdef CONFIG_PLUGIN
- #include "qemu/plugin-memory.h"
- #endif
---
-.25.1

-[PULL 10/10] tcg: Toggle page execution for Apple Silicon
+[PULL v2 18/29] tcg/i386: Use tcg_use_softmmu
-From: Roman Bolshakov <r.bolshakov@yadro.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
 Pages can't be both write and executable at the same time on Apple
 Silicon. macOS provides public API to switch write protection [1] for
 JIT applications, like TCG.
 . https://developer.apple.com/documentation/apple_silicon/porting_just-in-time_compilers_to_apple_silicon
 Tested-by: Alexander Graf <agraf@csgraf.de>
 Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
 Message-Id: <20210113032806.18220-1-r.bolshakov@yadro.com>
 [rth: Inline the qemu_thread_jit_* functions;
  drop the MAP_JIT change for a follow-on patch.]
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- include/qemu/osdep.h      | 28 ++++++++++++++++++++++++++++
+ tcg/i386/tcg-target.c.inc | 198 +++++++++++++++++++-------------------
- accel/tcg/cpu-exec.c      |  2 ++
+file changed, 98 insertions(+), 100 deletions(-)
  accel/tcg/translate-all.c |  3 +++
  tcg/tcg.c                 |  1 +
 files changed, 34 insertions(+)
-diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
+diff --git a/tcg/i386/tcg-target.c.inc b/tcg/i386/tcg-target.c.inc
 index XXXXXXX..XXXXXXX 100644
---- a/include/qemu/osdep.h
+--- a/tcg/i386/tcg-target.c.inc
-+++ b/include/qemu/osdep.h
++++ b/tcg/i386/tcg-target.c.inc
-@@ -XXX,XX +XXX,XX @@ extern int daemon(int, int);
+@@ -XXX,XX +XXX,XX @@ static TCGReg tcg_target_call_oarg_reg(TCGCallReturnKind kind, int slot)
- #include "sysemu/os-posix.h"
+ # define ALL_VECTOR_REGS       0x00ff0000u
  # define ALL_BYTEL_REGS        0x0000000fu
  #endif
+-#ifdef CONFIG_SOFTMMU
-+#ifdef __APPLE__
+-# define SOFTMMU_RESERVE_REGS  ((1 << TCG_REG_L0) | (1 << TCG_REG_L1))
-+#include <AvailabilityMacros.h>
+-#else
 -# define SOFTMMU_RESERVE_REGS  0
 -#endif
 +#define SOFTMMU_RESERVE_REGS \
 +    (tcg_use_softmmu ? (1 << TCG_REG_L0) | (1 << TCG_REG_L1) : 0)
  /* For 64-bit, we always know that CMOV is available.  */
  #if TCG_TARGET_REG_BITS == 64
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
      return true;
  }
 -#ifndef CONFIG_SOFTMMU
 +#ifdef CONFIG_USER_ONLY
  static HostAddress x86_guest_base = {
      .index = -1
  };
@@ -XXX,XX +XXX,XX @@ static inline int setup_guest_base_seg(void)
      }
      return 0;
  }
 +#define setup_guest_base_seg  setup_guest_base_seg
  #elif defined(__x86_64__) && \
        (defined (__FreeBSD__) || defined (__FreeBSD_kernel__))
  # include <machine/sysarch.h>
@@ -XXX,XX +XXX,XX @@ static inline int setup_guest_base_seg(void)
      }
      return 0;
  }
 +#define setup_guest_base_seg  setup_guest_base_seg
 +#endif
+ #else
+-static inline int setup_guest_base_seg(void)
+-{
+-    return 0;
+-}
+-#endif /* setup_guest_base_seg */
+-#endif /* !SOFTMMU */
++# define x86_guest_base (*(HostAddress *)({ qemu_build_not_reached(); NULL; }))
++#endif /* CONFIG_USER_ONLY */
++#ifndef setup_guest_base_seg
++# define setup_guest_base_seg()  0
++#endif
+ #define MIN_TLB_MASK_TABLE_OFS  INT_MIN
+@@ -XXX,XX +XXX,XX @@ static TCGLabelQemuLdst *prepare_host_addr(TCGContext *s, HostAddress *h,
+     MemOp s_bits = opc & MO_SIZE;
+     unsigned a_mask;
+-#ifdef CONFIG_SOFTMMU
+-    h->index = TCG_REG_L0;
+-    h->ofs = 0;
+-    h->seg = 0;
+-#else
+-    *h = x86_guest_base;
+-#endif
++    if (tcg_use_softmmu) {
++        h->index = TCG_REG_L0;
++        h->ofs = 0;
++        h->seg = 0;
++    } else {
++        *h = x86_guest_base;
++    }
+     h->base = addrlo;
+     h->aa = atom_and_align_for_opc(s, opc, MO_ATOM_IFALIGN, s_bits == MO_128);
+     a_mask = (1 << h->aa.align) - 1;
+-#ifdef CONFIG_SOFTMMU
+-    int cmp_ofs = is_ld ? offsetof(CPUTLBEntry, addr_read)
+-                        : offsetof(CPUTLBEntry, addr_write);
+-    TCGType ttype = TCG_TYPE_I32;
+-    TCGType tlbtype = TCG_TYPE_I32;
+-    int trexw = 0, hrexw = 0, tlbrexw = 0;
+-    unsigned mem_index = get_mmuidx(oi);
+-    unsigned s_mask = (1 << s_bits) - 1;
+-    int fast_ofs = tlb_mask_table_ofs(s, mem_index);
+-    int tlb_mask;
++    if (tcg_use_softmmu) {
++        int cmp_ofs = is_ld ? offsetof(CPUTLBEntry, addr_read)
++                            : offsetof(CPUTLBEntry, addr_write);
++        TCGType ttype = TCG_TYPE_I32;
++        TCGType tlbtype = TCG_TYPE_I32;
++        int trexw = 0, hrexw = 0, tlbrexw = 0;
++        unsigned mem_index = get_mmuidx(oi);
++        unsigned s_mask = (1 << s_bits) - 1;
++        int fast_ofs = tlb_mask_table_ofs(s, mem_index);
++        int tlb_mask;
+-    ldst = new_ldst_label(s);
+-    ldst->is_ld = is_ld;
+-    ldst->oi = oi;
+-    ldst->addrlo_reg = addrlo;
+-    ldst->addrhi_reg = addrhi;
++        ldst = new_ldst_label(s);
++        ldst->is_ld = is_ld;
++        ldst->oi = oi;
++        ldst->addrlo_reg = addrlo;
++        ldst->addrhi_reg = addrhi;
+-    if (TCG_TARGET_REG_BITS == 64) {
+-        ttype = s->addr_type;
+-        trexw = (ttype == TCG_TYPE_I32 ? 0 : P_REXW);
+-        if (TCG_TYPE_PTR == TCG_TYPE_I64) {
+-            hrexw = P_REXW;
+-            if (s->page_bits + s->tlb_dyn_max_bits > 32) {
+-                tlbtype = TCG_TYPE_I64;
+-                tlbrexw = P_REXW;
++        if (TCG_TARGET_REG_BITS == 64) {
++            ttype = s->addr_type;
++            trexw = (ttype == TCG_TYPE_I32 ? 0 : P_REXW);
++            if (TCG_TYPE_PTR == TCG_TYPE_I64) {
++                hrexw = P_REXW;
++                if (s->page_bits + s->tlb_dyn_max_bits > 32) {
++                    tlbtype = TCG_TYPE_I64;
++                    tlbrexw = P_REXW;
++                }
+             }
+         }
+-    }
+-    tcg_out_mov(s, tlbtype, TCG_REG_L0, addrlo);
+-    tcg_out_shifti(s, SHIFT_SHR + tlbrexw, TCG_REG_L0,
+-                   s->page_bits - CPU_TLB_ENTRY_BITS);
++        tcg_out_mov(s, tlbtype, TCG_REG_L0, addrlo);
++        tcg_out_shifti(s, SHIFT_SHR + tlbrexw, TCG_REG_L0,
++                       s->page_bits - CPU_TLB_ENTRY_BITS);
+-    tcg_out_modrm_offset(s, OPC_AND_GvEv + trexw, TCG_REG_L0, TCG_AREG0,
+-                         fast_ofs + offsetof(CPUTLBDescFast, mask));
++        tcg_out_modrm_offset(s, OPC_AND_GvEv + trexw, TCG_REG_L0, TCG_AREG0,
++                             fast_ofs + offsetof(CPUTLBDescFast, mask));
+-    tcg_out_modrm_offset(s, OPC_ADD_GvEv + hrexw, TCG_REG_L0, TCG_AREG0,
+-                         fast_ofs + offsetof(CPUTLBDescFast, table));
++        tcg_out_modrm_offset(s, OPC_ADD_GvEv + hrexw, TCG_REG_L0, TCG_AREG0,
++                             fast_ofs + offsetof(CPUTLBDescFast, table));
+-    /*
+-     * If the required alignment is at least as large as the access, simply
+-     * copy the address and mask.  For lesser alignments, check that we don't
+-     * cross pages for the complete access.
+-     */
+-    if (a_mask >= s_mask) {
+-        tcg_out_mov(s, ttype, TCG_REG_L1, addrlo);
+-    } else {
+-        tcg_out_modrm_offset(s, OPC_LEA + trexw, TCG_REG_L1,
+-                             addrlo, s_mask - a_mask);
+-    }
+-    tlb_mask = s->page_mask | a_mask;
+-    tgen_arithi(s, ARITH_AND + trexw, TCG_REG_L1, tlb_mask, 0);
++        /*
++         * If the required alignment is at least as large as the access,
++         * simply copy the address and mask.  For lesser alignments,
++         * check that we don't cross pages for the complete access.
++         */
++        if (a_mask >= s_mask) {
++            tcg_out_mov(s, ttype, TCG_REG_L1, addrlo);
++        } else {
++            tcg_out_modrm_offset(s, OPC_LEA + trexw, TCG_REG_L1,
++                                 addrlo, s_mask - a_mask);
++        }
++        tlb_mask = s->page_mask | a_mask;
++        tgen_arithi(s, ARITH_AND + trexw, TCG_REG_L1, tlb_mask, 0);
+-    /* cmp 0(TCG_REG_L0), TCG_REG_L1 */
+-    tcg_out_modrm_offset(s, OPC_CMP_GvEv + trexw,
+-                         TCG_REG_L1, TCG_REG_L0, cmp_ofs);
+-
+-    /* jne slow_path */
+-    tcg_out_opc(s, OPC_JCC_long + JCC_JNE, 0, 0, 0);
+-    ldst->label_ptr[0] = s->code_ptr;
+-    s->code_ptr += 4;
+-
+-    if (TCG_TARGET_REG_BITS == 32 && s->addr_type == TCG_TYPE_I64) {
+-        /* cmp 4(TCG_REG_L0), addrhi */
+-        tcg_out_modrm_offset(s, OPC_CMP_GvEv, addrhi, TCG_REG_L0, cmp_ofs + 4);
++        /* cmp 0(TCG_REG_L0), TCG_REG_L1 */
++        tcg_out_modrm_offset(s, OPC_CMP_GvEv + trexw,
++                             TCG_REG_L1, TCG_REG_L0, cmp_ofs);
+         /* jne slow_path */
+         tcg_out_opc(s, OPC_JCC_long + JCC_JNE, 0, 0, 0);
+-        ldst->label_ptr[1] = s->code_ptr;
++        ldst->label_ptr[0] = s->code_ptr;
+         s->code_ptr += 4;
+-    }
+-    /* TLB Hit.  */
+-    tcg_out_ld(s, TCG_TYPE_PTR, TCG_REG_L0, TCG_REG_L0,
+-               offsetof(CPUTLBEntry, addend));
+-#else
+-    if (a_mask) {
++        if (TCG_TARGET_REG_BITS == 32 && s->addr_type == TCG_TYPE_I64) {
++            /* cmp 4(TCG_REG_L0), addrhi */
++            tcg_out_modrm_offset(s, OPC_CMP_GvEv, addrhi,
++                                 TCG_REG_L0, cmp_ofs + 4);
 +
- #include "glib-compat.h"
++            /* jne slow_path */
- #include "qemu/typedefs.h"
++            tcg_out_opc(s, OPC_JCC_long + JCC_JNE, 0, 0, 0);
++            ldst->label_ptr[1] = s->code_ptr;
-@@ -XXX,XX +XXX,XX @@ char *qemu_get_host_name(Error **errp);
++            s->code_ptr += 4;
-  */
++        }
- size_t qemu_get_host_physmem(void);
++
++        /* TLB Hit.  */
-+/*
++        tcg_out_ld(s, TCG_TYPE_PTR, TCG_REG_L0, TCG_REG_L0,
-+ * Toggle write/execute on the pages marked MAP_JIT
++                   offsetof(CPUTLBEntry, addend));
-+ * for the current thread.
++    } else if (a_mask) {
-+ */
+         ldst = new_ldst_label(s);
-+#if defined(MAC_OS_VERSION_11_0) && \
-+    MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_VERSION_11_0
+         ldst->is_ld = is_ld;
-+static inline void qemu_thread_jit_execute(void)
+@@ -XXX,XX +XXX,XX @@ static TCGLabelQemuLdst *prepare_host_addr(TCGContext *s, HostAddress *h,
-+{
+         ldst->label_ptr[0] = s->code_ptr;
-+    if (__builtin_available(macOS 11.0, *)) {
+         s->code_ptr += 4;
-+        pthread_jit_write_protect_np(true);
+     }
 -#endif
      return ldst;
  }
@@ -XXX,XX +XXX,XX @@ static void tcg_target_qemu_prologue(TCGContext *s)
          tcg_out_push(s, tcg_target_callee_save_regs[i]);
      }
 -#if TCG_TARGET_REG_BITS == 32
 -    tcg_out_ld(s, TCG_TYPE_PTR, TCG_AREG0, TCG_REG_ESP,
 -               (ARRAY_SIZE(tcg_target_callee_save_regs) + 1) * 4);
 -    tcg_out_addi(s, TCG_REG_ESP, -stack_addend);
 -    /* jmp *tb.  */
 -    tcg_out_modrm_offset(s, OPC_GRP5, EXT5_JMPN_Ev, TCG_REG_ESP,
 -                         (ARRAY_SIZE(tcg_target_callee_save_regs) + 2) * 4
 -                         + stack_addend);
 -#else
 -# if !defined(CONFIG_SOFTMMU)
 -    if (guest_base) {
 +    if (!tcg_use_softmmu && guest_base) {
          int seg = setup_guest_base_seg();
          if (seg != 0) {
              x86_guest_base.seg = seg;
          } else if (guest_base == (int32_t)guest_base) {
              x86_guest_base.ofs = guest_base;
          } else {
 +            assert(TCG_TARGET_REG_BITS == 64);
              /* Choose R12 because, as a base, it requires a SIB byte. */
              x86_guest_base.index = TCG_REG_R12;
              tcg_out_movi(s, TCG_TYPE_PTR, x86_guest_base.index, guest_base);
              tcg_regset_set_reg(s->reserved_regs, x86_guest_base.index);
          }
      }
 -# endif
 -    tcg_out_mov(s, TCG_TYPE_PTR, TCG_AREG0, tcg_target_call_iarg_regs[0]);
 -    tcg_out_addi(s, TCG_REG_ESP, -stack_addend);
 -    /* jmp *tb.  */
 -    tcg_out_modrm(s, OPC_GRP5, EXT5_JMPN_Ev, tcg_target_call_iarg_regs[1]);
 -#endif
 +
 +    if (TCG_TARGET_REG_BITS == 32) {
 +        tcg_out_ld(s, TCG_TYPE_PTR, TCG_AREG0, TCG_REG_ESP,
 +                   (ARRAY_SIZE(tcg_target_callee_save_regs) + 1) * 4);
 +        tcg_out_addi(s, TCG_REG_ESP, -stack_addend);
 +        /* jmp *tb.  */
 +        tcg_out_modrm_offset(s, OPC_GRP5, EXT5_JMPN_Ev, TCG_REG_ESP,
 +                             (ARRAY_SIZE(tcg_target_callee_save_regs) + 2) * 4
 +                             + stack_addend);
 +    } else {
 +        tcg_out_mov(s, TCG_TYPE_PTR, TCG_AREG0, tcg_target_call_iarg_regs[0]);
 +        tcg_out_addi(s, TCG_REG_ESP, -stack_addend);
 +        /* jmp *tb.  */
 +        tcg_out_modrm(s, OPC_GRP5, EXT5_JMPN_Ev, tcg_target_call_iarg_regs[1]);
 +    }
-+}
 +
 +static inline void qemu_thread_jit_write(void)
 +{
 +    if (__builtin_available(macOS 11.0, *)) {
 +        pthread_jit_write_protect_np(false);
 +    }
 +}
 +#else
 +static inline void qemu_thread_jit_write(void) {}
 +static inline void qemu_thread_jit_execute(void) {}
 +#endif
 +
  #endif
 diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/cpu-exec.c
 +++ b/accel/tcg/cpu-exec.c
@@ -XXX,XX +XXX,XX @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit)
      }
  #endif /* DEBUG_DISAS */
 +    qemu_thread_jit_execute();
      ret = tcg_qemu_tb_exec(env, tb_ptr);
      cpu->can_do_io = 1;
      /*
-@@ -XXX,XX +XXX,XX @@ static inline void tb_add_jump(TranslationBlock *tb, int n,
+      * Return path for goto_ptr. Set return value to 0, a-la exit_tb,
  {
      uintptr_t old;
 +    qemu_thread_jit_write();
      assert(n < ARRAY_SIZE(tb->jmp_list_next));
      qemu_spin_lock(&tb_next->jmp_lock);
 diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/translate-all.c
 +++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list)
  static void tb_phys_invalidate__locked(TranslationBlock *tb)
  {
 +    qemu_thread_jit_write();
      do_tb_phys_invalidate(tb, true);
 +    qemu_thread_jit_execute();
  }
  /* invalidate one TB
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
  #endif
      assert_memory_lock();
 +    qemu_thread_jit_write();
      phys_pc = get_page_addr_code(env, pc);
 diff --git a/tcg/tcg.c b/tcg/tcg.c
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/tcg.c
 +++ b/tcg/tcg.c
@@ -XXX,XX +XXX,XX @@ void tcg_prologue_init(TCGContext *s)
      s->pool_labels = NULL;
  #endif
 +    qemu_thread_jit_write();
      /* Generate the prologue.  */
      tcg_target_qemu_prologue(s);
 --
-.25.1
+.34.1

The following changes since commit 0e32462630687a18039464511bd0447ada5709c3:

Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-6.0-pull-request' into staging (2021-01-22 10:35:55 +0000)

are available in the Git repository at:

https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20210123

for you to fetch changes up to 2e34067e9959f149a904cf1255985d3b68b52566:

tcg: Toggle page execution for Apple Silicon (2021-01-22 12:48:01 -1000)

----------------------------------------------------------------
Fix tcg constant segv.
Optimize inline dup_const for MO_64.
Update the cpu running flag in cpu_exec_step_atomic
Some tidy up of tcg vs other accelerators

----------------------------------------------------------------
Douglas Crosher (1):
      tcg: update the cpu running flag in cpu_exec_step_atomic

Philippe Mathieu-Daudé (4):
      accel/tcg: Make cpu_gen_init() static
      accel/tcg: Restrict tb_gen_code() from other accelerators
      accel/tcg: Declare missing cpu_loop_exit*() stubs
      accel/tcg: Restrict cpu_io_recompile() from other accelerators

Richard Henderson (4):
      qemu/compiler: Split out qemu_build_not_reached_always
      tcg: Optimize inline dup_const for MO_64
      tcg: Increase the static number of temporaries
      accel/tcg: Move tb_flush_jmp_cache() to cputlb.c

Roman Bolshakov (1):
      tcg: Toggle page execution for Apple Silicon

accel/tcg/internal.h      | 20 ++++++++++++++++++++
 include/exec/exec-all.h   | 11 -----------
 include/qemu/compiler.h   |  5 +++--
 include/qemu/osdep.h      | 28 ++++++++++++++++++++++++++++
 include/tcg/tcg.h         |  5 +++--
 accel/stubs/tcg-stub.c    | 10 ++++++++++
 accel/tcg/cpu-exec.c      |  7 +++++++
 accel/tcg/cputlb.c        | 19 +++++++++++++++++++
 accel/tcg/translate-all.c | 23 +++++------------------
 tcg/tcg.c                 |  7 ++++---
 10 files changed, 99 insertions(+), 36 deletions(-)
 create mode 100644 accel/tcg/internal.h

From: Douglas Crosher <dtc-ubuntu@scieneer.com>

The cpu_exec_step_atomic() function is called with the cpu->running
clear and proceeds to run target code without setting this flag. If
this target code generates an exception then handle_cpu_signal() will
unnecessarily abort.  For example if atomic code generates a memory
protection fault.

This patch at least sets and clears this running flag, and adds some
assertions to help detect other cases.

Signed-off-by: Douglas Crosher <dtc-ubuntu@scieneer.com>
Message-Id: <a272c656-f7c5-019d-1cc0-499b8f80f2fc@scieneer.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/cpu-exec.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -XXX,XX +XXX,XX @@ void cpu_exec_step_atomic(CPUState *cpu)
 
     if (sigsetjmp(cpu->jmp_env, 0) == 0) {
         start_exclusive();
+        g_assert(cpu == current_cpu);
+        g_assert(!cpu->running);
+        cpu->running = true;
 
         tb = tb_lookup__cpu_state(cpu, &pc, &cs_base, &flags, cf_mask);
         if (tb == NULL) {
@@ -XXX,XX +XXX,XX @@ void cpu_exec_step_atomic(CPUState *cpu)
      */
     g_assert(cpu_in_exclusive_context(cpu));
     parallel_cpus = true;
+    cpu->running = false;
     end_exclusive();
 }
 
-- 
2.25.1

Provide a symbol that can always be used to signal an error,
regardless of optimization.  Usage of this should be protected
by e.g. __builtin_constant_p, which guards for optimization.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/qemu/compiler.h | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/include/qemu/compiler.h b/include/qemu/compiler.h
index XXXXXXX..XXXXXXX 100644
--- a/include/qemu/compiler.h
+++ b/include/qemu/compiler.h
@@ -XXX,XX +XXX,XX @@
  * supports QEMU_ERROR, this will be reported at compile time; otherwise
  * this will be reported at link time due to the missing symbol.
  */
-#if defined(__OPTIMIZE__) && !defined(__NO_INLINE__)
 extern void QEMU_NORETURN QEMU_ERROR("code path is reachable")
-    qemu_build_not_reached(void);
+    qemu_build_not_reached_always(void);
+#if defined(__OPTIMIZE__) && !defined(__NO_INLINE__)
+#define qemu_build_not_reached()  qemu_build_not_reached_always()
 #else
 #define qemu_build_not_reached()  g_assert_not_reached()
 #endif
-- 
2.25.1

This isn't a total or permanent solution to the problem of running
out of temporaries, but it puts off the issue for a bit.

Make the assert in tcg_temp_alloc unconditional.  If we do run out
of temps, this can fail much later as a weird SIGSEGV, due to the
buffer overrun of the temp array.

Remove the inlines from tcg_temp_alloc and tcg_global_alloc.

Buglink: https://bugs.launchpad.net/bugs/1912065
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/tcg/tcg.h | 2 +-
 tcg/tcg.c         | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
index XXXXXXX..XXXXXXX 100644
--- a/include/tcg/tcg.h
+++ b/include/tcg/tcg.h
@@ -XXX,XX +XXX,XX @@ typedef struct TCGPool {
 
 #define TCG_POOL_CHUNK_SIZE 32768
 
-#define TCG_MAX_TEMPS 512
+#define TCG_MAX_TEMPS 1024
 #define TCG_MAX_INSNS 512
 
 /* when the size of the arguments of a called function is smaller than
diff --git a/tcg/tcg.c b/tcg/tcg.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -XXX,XX +XXX,XX @@ void tcg_func_start(TCGContext *s)
     QSIMPLEQ_INIT(&s->labels);
 }
 
-static inline TCGTemp *tcg_temp_alloc(TCGContext *s)
+static TCGTemp *tcg_temp_alloc(TCGContext *s)
 {
     int n = s->nb_temps++;
-    tcg_debug_assert(n < TCG_MAX_TEMPS);
+    g_assert(n < TCG_MAX_TEMPS);
     return memset(&s->temps[n], 0, sizeof(TCGTemp));
 }
 
-static inline TCGTemp *tcg_global_alloc(TCGContext *s)
+static TCGTemp *tcg_global_alloc(TCGContext *s)
 {
     TCGTemp *ts;
 
-- 
2.25.1

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

cpu_gen_init() is TCG specific, only used in tcg/translate-all.c.
No need to export it to other accelerators, declare it statically.

Reviewed-by: Claudio Fontana <cfontana@suse.de>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210117164813.4101761-2-f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/exec/exec-all.h   | 2 --
 accel/tcg/translate-all.c | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -XXX,XX +XXX,XX @@ void gen_intermediate_code(CPUState *cpu, TranslationBlock *tb, int max_insns);
 void restore_state_to_opc(CPUArchState *env, TranslationBlock *tb,
                           target_ulong *data);
 
-void cpu_gen_init(void);
-
 /**
  * cpu_restore_state:
  * @cpu: the vCPU state is to be restore to
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ static void page_table_config_init(void)
     assert(v_l2_levels >= 0);
 }
 
-void cpu_gen_init(void)
+static void cpu_gen_init(void)
 {
     tcg_context_init(&tcg_init_ctx);
 }
-- 
2.25.1

Move and make the function static, as the only users
are here in cputlb.c.

Suggested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/exec/exec-all.h   |  3 ---
 accel/tcg/cputlb.c        | 18 ++++++++++++++++++
 accel/tcg/translate-all.c | 17 -----------------
 3 files changed, 18 insertions(+), 20 deletions(-)

diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -XXX,XX +XXX,XX @@ tb_page_addr_t get_page_addr_code_hostp(CPUArchState *env, target_ulong addr,
 void tlb_reset_dirty(CPUState *cpu, ram_addr_t start1, ram_addr_t length);
 void tlb_set_dirty(CPUState *cpu, target_ulong vaddr);
 
-/* exec.c */
-void tb_flush_jmp_cache(CPUState *cpu, target_ulong addr);
-
 MemoryRegionSection *
 address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
                                   hwaddr *xlat, hwaddr *plen,
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/address-spaces.h"
 #include "exec/cpu_ldst.h"
 #include "exec/cputlb.h"
+#include "exec/tb-hash.h"
 #include "exec/memory-internal.h"
 #include "exec/ram_addr.h"
 #include "tcg/tcg.h"
@@ -XXX,XX +XXX,XX @@ static void tlb_window_reset(CPUTLBDesc *desc, int64_t ns,
     desc->window_max_entries = max_entries;
 }
 
+static void tb_jmp_cache_clear_page(CPUState *cpu, target_ulong page_addr)
+{
+    unsigned int i, i0 = tb_jmp_cache_hash_page(page_addr);
+
+    for (i = 0; i < TB_JMP_PAGE_SIZE; i++) {
+        qatomic_set(&cpu->tb_jmp_cache[i0 + i], NULL);
+    }
+}
+
+static void tb_flush_jmp_cache(CPUState *cpu, target_ulong addr)
+{
+    /* Discard jump cache entries for any tb which might potentially
+       overlap the flushed page.  */
+    tb_jmp_cache_clear_page(cpu, addr - TARGET_PAGE_SIZE);
+    tb_jmp_cache_clear_page(cpu, addr);
+}
+
 /**
  * tlb_mmu_resize_locked() - perform TLB resize bookkeeping; resize if necessary
  * @desc: The CPUTLBDesc portion of the TLB
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
     cpu_loop_exit_noexc(cpu);
 }
 
-static void tb_jmp_cache_clear_page(CPUState *cpu, target_ulong page_addr)
-{
-    unsigned int i, i0 = tb_jmp_cache_hash_page(page_addr);
-
-    for (i = 0; i < TB_JMP_PAGE_SIZE; i++) {
-        qatomic_set(&cpu->tb_jmp_cache[i0 + i], NULL);
-    }
-}
-
-void tb_flush_jmp_cache(CPUState *cpu, target_ulong addr)
-{
-    /* Discard jump cache entries for any tb which might potentially
-       overlap the flushed page.  */
-    tb_jmp_cache_clear_page(cpu, addr - TARGET_PAGE_SIZE);
-    tb_jmp_cache_clear_page(cpu, addr);
-}
-
 static void print_qht_statistics(struct qht_stats hst)
 {
     uint32_t hgram_opts;
-- 
2.25.1

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

tb_gen_code() is only called within TCG accelerator, declare it locally.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210117164813.4101761-4-f4bug@amsat.org>
[rth: Adjust vs changed tb_flush_jmp_cache patch.]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/internal.h      | 18 ++++++++++++++++++
 include/exec/exec-all.h   |  5 -----
 accel/tcg/cpu-exec.c      |  1 +
 accel/tcg/translate-all.c |  1 +
 4 files changed, 20 insertions(+), 5 deletions(-)
 create mode 100644 accel/tcg/internal.h

diff --git a/accel/tcg/internal.h b/accel/tcg/internal.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/accel/tcg/internal.h
@@ -XXX,XX +XXX,XX @@
+/*
+ * Internal execution defines for qemu
+ *
+ *  Copyright (c) 2003 Fabrice Bellard
+ *
+ * SPDX-License-Identifier: LGPL-2.1-or-later
+ */
+
+#ifndef ACCEL_TCG_INTERNAL_H
+#define ACCEL_TCG_INTERNAL_H
+
+#include "exec/exec-all.h"
+
+TranslationBlock *tb_gen_code(CPUState *cpu, target_ulong pc,
+                              target_ulong cs_base, uint32_t flags,
+                              int cflags);
+
+#endif /* ACCEL_TCG_INTERNAL_H */
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -XXX,XX +XXX,XX @@ bool cpu_restore_state(CPUState *cpu, uintptr_t searched_pc, bool will_exit);
 
 void QEMU_NORETURN cpu_loop_exit_noexc(CPUState *cpu);
 void QEMU_NORETURN cpu_io_recompile(CPUState *cpu, uintptr_t retaddr);
-TranslationBlock *tb_gen_code(CPUState *cpu,
-                              target_ulong pc, target_ulong cs_base,
-                              uint32_t flags,
-                              int cflags);
-
 void QEMU_NORETURN cpu_loop_exit(CPUState *cpu);
 void QEMU_NORETURN cpu_loop_exit_restore(CPUState *cpu, uintptr_t pc);
 void QEMU_NORETURN cpu_loop_exit_atomic(CPUState *cpu, uintptr_t pc);
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/cpu-all.h"
 #include "sysemu/cpu-timers.h"
 #include "sysemu/replay.h"
+#include "internal.h"
 
 /* -icount align implementation. */
 
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@
 #include "sysemu/cpu-timers.h"
 #include "sysemu/tcg.h"
 #include "qapi/error.h"
+#include "internal.h"
 
 /* #define DEBUG_TB_INVALIDATE */
 /* #define DEBUG_TB_FLUSH */
-- 
2.25.1

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

cpu_loop_exit*() functions are declared in accel/tcg/cpu-exec-common.c,
and are not available when TCG accelerator is not built. Add stubs so
linking without TCG succeed.

Problematic files:

- hw/semihosting/console.c in qemu_semihosting_console_inc()
- hw/ppc/spapr_hcall.c in h_confer()
- hw/s390x/ipl.c in s390_ipl_reset_request()
- hw/misc/mips_itu.c

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210117164813.4101761-5-f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/stubs/tcg-stub.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/accel/stubs/tcg-stub.c b/accel/stubs/tcg-stub.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/stubs/tcg-stub.c
+++ b/accel/stubs/tcg-stub.c
@@ -XXX,XX +XXX,XX @@ void *probe_access(CPUArchState *env, target_ulong addr, int size,
      /* Handled by hardware accelerator. */
      g_assert_not_reached();
 }
+
+void QEMU_NORETURN cpu_loop_exit(CPUState *cpu)
+{
+    g_assert_not_reached();
+}
+
+void QEMU_NORETURN cpu_loop_exit_restore(CPUState *cpu, uintptr_t pc)
+{
+    g_assert_not_reached();
+}
-- 
2.25.1

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

As cpu_io_recompile() is only called within TCG accelerator
in cputlb.c, declare it locally.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210117164813.4101761-6-f4bug@amsat.org>
[rth: Adjust vs changed tb_flush_jmp_cache patch.]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/internal.h    | 2 ++
 include/exec/exec-all.h | 1 -
 accel/tcg/cputlb.c      | 1 +
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/accel/tcg/internal.h b/accel/tcg/internal.h
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/internal.h
+++ b/accel/tcg/internal.h
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu, target_ulong pc,
                               target_ulong cs_base, uint32_t flags,
                               int cflags);
 
+void QEMU_NORETURN cpu_io_recompile(CPUState *cpu, uintptr_t retaddr);
+
 #endif /* ACCEL_TCG_INTERNAL_H */
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -XXX,XX +XXX,XX @@ void restore_state_to_opc(CPUArchState *env, TranslationBlock *tb,
 bool cpu_restore_state(CPUState *cpu, uintptr_t searched_pc, bool will_exit);
 
 void QEMU_NORETURN cpu_loop_exit_noexc(CPUState *cpu);
-void QEMU_NORETURN cpu_io_recompile(CPUState *cpu, uintptr_t retaddr);
 void QEMU_NORETURN cpu_loop_exit(CPUState *cpu);
 void QEMU_NORETURN cpu_loop_exit_restore(CPUState *cpu, uintptr_t pc);
 void QEMU_NORETURN cpu_loop_exit_atomic(CPUState *cpu, uintptr_t pc);
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/translate-all.h"
 #include "trace/trace-root.h"
 #include "trace/mem.h"
+#include "internal.h"
 #ifdef CONFIG_PLUGIN
 #include "qemu/plugin-memory.h"
 #endif
-- 
2.25.1

From: Roman Bolshakov <r.bolshakov@yadro.com>

Pages can't be both write and executable at the same time on Apple
Silicon. macOS provides public API to switch write protection [1] for
JIT applications, like TCG.

1. https://developer.apple.com/documentation/apple_silicon/porting_just-in-time_compilers_to_apple_silicon

Tested-by: Alexander Graf <agraf@csgraf.de>
Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-Id: <20210113032806.18220-1-r.bolshakov@yadro.com>
[rth: Inline the qemu_thread_jit_* functions;
 drop the MAP_JIT change for a follow-on patch.]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/qemu/osdep.h      | 28 ++++++++++++++++++++++++++++
 accel/tcg/cpu-exec.c      |  2 ++
 accel/tcg/translate-all.c |  3 +++
 tcg/tcg.c                 |  1 +
 4 files changed, 34 insertions(+)

diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
index XXXXXXX..XXXXXXX 100644
--- a/include/qemu/osdep.h
+++ b/include/qemu/osdep.h
@@ -XXX,XX +XXX,XX @@ extern int daemon(int, int);
 #include "sysemu/os-posix.h"
 #endif
 
+#ifdef __APPLE__
+#include <AvailabilityMacros.h>
+#endif
+
 #include "glib-compat.h"
 #include "qemu/typedefs.h"
 
@@ -XXX,XX +XXX,XX @@ char *qemu_get_host_name(Error **errp);
  */
 size_t qemu_get_host_physmem(void);
 
+/*
+ * Toggle write/execute on the pages marked MAP_JIT
+ * for the current thread.
+ */
+#if defined(MAC_OS_VERSION_11_0) && \
+    MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_VERSION_11_0
+static inline void qemu_thread_jit_execute(void)
+{
+    if (__builtin_available(macOS 11.0, *)) {
+        pthread_jit_write_protect_np(true);
+    }
+}
+
+static inline void qemu_thread_jit_write(void)
+{
+    if (__builtin_available(macOS 11.0, *)) {
+        pthread_jit_write_protect_np(false);
+    }
+}
+#else
+static inline void qemu_thread_jit_write(void) {}
+static inline void qemu_thread_jit_execute(void) {}
+#endif
+
 #endif
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -XXX,XX +XXX,XX @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit)
     }
 #endif /* DEBUG_DISAS */
 
+    qemu_thread_jit_execute();
     ret = tcg_qemu_tb_exec(env, tb_ptr);
     cpu->can_do_io = 1;
     /*
@@ -XXX,XX +XXX,XX @@ static inline void tb_add_jump(TranslationBlock *tb, int n,
 {
     uintptr_t old;
 
+    qemu_thread_jit_write();
     assert(n < ARRAY_SIZE(tb->jmp_list_next));
     qemu_spin_lock(&tb_next->jmp_lock);
 
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list)
 
 static void tb_phys_invalidate__locked(TranslationBlock *tb)
 {
+    qemu_thread_jit_write();
     do_tb_phys_invalidate(tb, true);
+    qemu_thread_jit_execute();
 }
 
 /* invalidate one TB
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
 #endif
 
     assert_memory_lock();
+    qemu_thread_jit_write();
 
     phys_pc = get_page_addr_code(env, pc);
 
diff --git a/tcg/tcg.c b/tcg/tcg.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -XXX,XX +XXX,XX @@ void tcg_prologue_init(TCGContext *s)
     s->pool_labels = NULL;
 #endif
 
+    qemu_thread_jit_write();
     /* Generate the prologue.  */
     tcg_target_qemu_prologue(s);
 
-- 
2.25.1

v2: Fix FreeBSD build error in patch 18.

The following changes since commit 0d239e513e0117e66fa739fb71a43b9383a108ff:

Merge tag 'pull-lu-20231018' of https://gitlab.com/rth7680/qemu into staging (2023-10-19 10:20:57 -0700)

are available in the Git repository at:

https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20231018-2

for you to fetch changes up to a75f704d972b9408f5e2843784b3add48c724c52:

target/i386: Use i128 for 128 and 256-bit loads and stores (2023-10-19 21:11:44 -0700)

----------------------------------------------------------------
tcg: Drop unused tcg_temp_free define
tcg: Introduce tcg_use_softmmu
tcg: Optimize past conditional branches
tcg: Use constant zero when expanding with divu2
tcg/ppc: Enable direct branching tcg_out_goto_tb with TCG_REG_TB
tcg/ppc: Use ADDPCIS for power9
tcg/ppc: Use prefixed instructions for power10
tcg/ppc: Disable TCG_REG_TB for Power9/Power10

----------------------------------------------------------------
Jordan Niethe (1):
      tcg/ppc: Enable direct branching tcg_out_goto_tb with TCG_REG_TB

Mike Frysinger (1):
      tcg: drop unused tcg_temp_free define

Richard Henderson (27):
      tcg/ppc: Untabify tcg-target.c.inc
      tcg/ppc: Reinterpret tb-relative to TB+4
      tcg/ppc: Use ADDPCIS in tcg_out_tb_start
      tcg/ppc: Use ADDPCIS in tcg_out_movi_int
      tcg/ppc: Use ADDPCIS for the constant pool
      tcg/ppc: Use ADDPCIS in tcg_out_goto_tb
      tcg/ppc: Use PADDI in tcg_out_movi
      tcg/ppc: Use prefixed instructions in tcg_out_mem_long
      tcg/ppc: Use PLD in tcg_out_movi for constant pool
      tcg/ppc: Use prefixed instructions in tcg_out_dupi_vec
      tcg/ppc: Use PLD in tcg_out_goto_tb
      tcg/ppc: Disable TCG_REG_TB for Power9/Power10
      tcg: Introduce tcg_use_softmmu
      tcg: Provide guest_base fallback for system mode
      tcg/arm: Use tcg_use_softmmu
      tcg/aarch64: Use tcg_use_softmmu
      tcg/i386: Use tcg_use_softmmu
      tcg/loongarch64: Use tcg_use_softmmu
      tcg/mips: Use tcg_use_softmmu
      tcg/ppc: Use tcg_use_softmmu
      tcg/riscv: Do not reserve TCG_GUEST_BASE_REG for guest_base zero
      tcg/riscv: Use tcg_use_softmmu
      tcg/s390x: Use tcg_use_softmmu
      tcg: Use constant zero when expanding with divu2
      tcg: Optimize past conditional branches
      tcg: Add tcg_gen_{ld,st}_i128
      target/i386: Use i128 for 128 and 256-bit loads and stores

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/i386/tcg-target.c.inc | 198 +++++++++++++++++++-------------------
 1 file changed, 98 insertions(+), 100 deletions(-)

diff --git a/tcg/i386/tcg-target.c.inc b/tcg/i386/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/i386/tcg-target.c.inc
+++ b/tcg/i386/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static TCGReg tcg_target_call_oarg_reg(TCGCallReturnKind kind, int slot)
 # define ALL_VECTOR_REGS       0x00ff0000u
 # define ALL_BYTEL_REGS        0x0000000fu
 #endif
-#ifdef CONFIG_SOFTMMU
-# define SOFTMMU_RESERVE_REGS  ((1 << TCG_REG_L0) | (1 << TCG_REG_L1))
-#else
-# define SOFTMMU_RESERVE_REGS  0
-#endif
+#define SOFTMMU_RESERVE_REGS \
+    (tcg_use_softmmu ? (1 << TCG_REG_L0) | (1 << TCG_REG_L1) : 0)
 
 /* For 64-bit, we always know that CMOV is available.  */
 #if TCG_TARGET_REG_BITS == 64
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
     return true;
 }
 
-#ifndef CONFIG_SOFTMMU
+#ifdef CONFIG_USER_ONLY
 static HostAddress x86_guest_base = {
     .index = -1
 };
@@ -XXX,XX +XXX,XX @@ static inline int setup_guest_base_seg(void)
     }
     return 0;
 }
+#define setup_guest_base_seg  setup_guest_base_seg
 #elif defined(__x86_64__) && \
       (defined (__FreeBSD__) || defined (__FreeBSD_kernel__))
 # include <machine/sysarch.h>
@@ -XXX,XX +XXX,XX @@ static inline int setup_guest_base_seg(void)
     }
     return 0;
 }
+#define setup_guest_base_seg  setup_guest_base_seg
+#endif
 #else
-static inline int setup_guest_base_seg(void)
-{
-    return 0;
-}
-#endif /* setup_guest_base_seg */
-#endif /* !SOFTMMU */
+# define x86_guest_base (*(HostAddress *)({ qemu_build_not_reached(); NULL; }))
+#endif /* CONFIG_USER_ONLY */
+#ifndef setup_guest_base_seg
+# define setup_guest_base_seg()  0
+#endif
 
 #define MIN_TLB_MASK_TABLE_OFS  INT_MIN
 
@@ -XXX,XX +XXX,XX @@ static TCGLabelQemuLdst *prepare_host_addr(TCGContext *s, HostAddress *h,
     MemOp s_bits = opc & MO_SIZE;
     unsigned a_mask;
 
-#ifdef CONFIG_SOFTMMU
-    h->index = TCG_REG_L0;
-    h->ofs = 0;
-    h->seg = 0;
-#else
-    *h = x86_guest_base;
-#endif
+    if (tcg_use_softmmu) {
+        h->index = TCG_REG_L0;
+        h->ofs = 0;
+        h->seg = 0;
+    } else {
+        *h = x86_guest_base;
+    }
     h->base = addrlo;
     h->aa = atom_and_align_for_opc(s, opc, MO_ATOM_IFALIGN, s_bits == MO_128);
     a_mask = (1 << h->aa.align) - 1;
 
-#ifdef CONFIG_SOFTMMU
-    int cmp_ofs = is_ld ? offsetof(CPUTLBEntry, addr_read)
-                        : offsetof(CPUTLBEntry, addr_write);
-    TCGType ttype = TCG_TYPE_I32;
-    TCGType tlbtype = TCG_TYPE_I32;
-    int trexw = 0, hrexw = 0, tlbrexw = 0;
-    unsigned mem_index = get_mmuidx(oi);
-    unsigned s_mask = (1 << s_bits) - 1;
-    int fast_ofs = tlb_mask_table_ofs(s, mem_index);
-    int tlb_mask;
+    if (tcg_use_softmmu) {
+        int cmp_ofs = is_ld ? offsetof(CPUTLBEntry, addr_read)
+                            : offsetof(CPUTLBEntry, addr_write);
+        TCGType ttype = TCG_TYPE_I32;
+        TCGType tlbtype = TCG_TYPE_I32;
+        int trexw = 0, hrexw = 0, tlbrexw = 0;
+        unsigned mem_index = get_mmuidx(oi);
+        unsigned s_mask = (1 << s_bits) - 1;
+        int fast_ofs = tlb_mask_table_ofs(s, mem_index);
+        int tlb_mask;
 
-    ldst = new_ldst_label(s);
-    ldst->is_ld = is_ld;
-    ldst->oi = oi;
-    ldst->addrlo_reg = addrlo;
-    ldst->addrhi_reg = addrhi;
+        ldst = new_ldst_label(s);
+        ldst->is_ld = is_ld;
+        ldst->oi = oi;
+        ldst->addrlo_reg = addrlo;
+        ldst->addrhi_reg = addrhi;
 
-    if (TCG_TARGET_REG_BITS == 64) {
-        ttype = s->addr_type;
-        trexw = (ttype == TCG_TYPE_I32 ? 0 : P_REXW);
-        if (TCG_TYPE_PTR == TCG_TYPE_I64) {
-            hrexw = P_REXW;
-            if (s->page_bits + s->tlb_dyn_max_bits > 32) {
-                tlbtype = TCG_TYPE_I64;
-                tlbrexw = P_REXW;
+        if (TCG_TARGET_REG_BITS == 64) {
+            ttype = s->addr_type;
+            trexw = (ttype == TCG_TYPE_I32 ? 0 : P_REXW);
+            if (TCG_TYPE_PTR == TCG_TYPE_I64) {
+                hrexw = P_REXW;
+                if (s->page_bits + s->tlb_dyn_max_bits > 32) {
+                    tlbtype = TCG_TYPE_I64;
+                    tlbrexw = P_REXW;
+                }
             }
         }
-    }
 
-    tcg_out_mov(s, tlbtype, TCG_REG_L0, addrlo);
-    tcg_out_shifti(s, SHIFT_SHR + tlbrexw, TCG_REG_L0,
-                   s->page_bits - CPU_TLB_ENTRY_BITS);
+        tcg_out_mov(s, tlbtype, TCG_REG_L0, addrlo);
+        tcg_out_shifti(s, SHIFT_SHR + tlbrexw, TCG_REG_L0,
+                       s->page_bits - CPU_TLB_ENTRY_BITS);
 
-    tcg_out_modrm_offset(s, OPC_AND_GvEv + trexw, TCG_REG_L0, TCG_AREG0,
-                         fast_ofs + offsetof(CPUTLBDescFast, mask));
+        tcg_out_modrm_offset(s, OPC_AND_GvEv + trexw, TCG_REG_L0, TCG_AREG0,
+                             fast_ofs + offsetof(CPUTLBDescFast, mask));
 
-    tcg_out_modrm_offset(s, OPC_ADD_GvEv + hrexw, TCG_REG_L0, TCG_AREG0,
-                         fast_ofs + offsetof(CPUTLBDescFast, table));
+        tcg_out_modrm_offset(s, OPC_ADD_GvEv + hrexw, TCG_REG_L0, TCG_AREG0,
+                             fast_ofs + offsetof(CPUTLBDescFast, table));
 
-    /*
-     * If the required alignment is at least as large as the access, simply
-     * copy the address and mask.  For lesser alignments, check that we don't
-     * cross pages for the complete access.
-     */
-    if (a_mask >= s_mask) {
-        tcg_out_mov(s, ttype, TCG_REG_L1, addrlo);
-    } else {
-        tcg_out_modrm_offset(s, OPC_LEA + trexw, TCG_REG_L1,
-                             addrlo, s_mask - a_mask);
-    }
-    tlb_mask = s->page_mask | a_mask;
-    tgen_arithi(s, ARITH_AND + trexw, TCG_REG_L1, tlb_mask, 0);
+        /*
+         * If the required alignment is at least as large as the access,
+         * simply copy the address and mask.  For lesser alignments,
+         * check that we don't cross pages for the complete access.
+         */
+        if (a_mask >= s_mask) {
+            tcg_out_mov(s, ttype, TCG_REG_L1, addrlo);
+        } else {
+            tcg_out_modrm_offset(s, OPC_LEA + trexw, TCG_REG_L1,
+                                 addrlo, s_mask - a_mask);
+        }
+        tlb_mask = s->page_mask | a_mask;
+        tgen_arithi(s, ARITH_AND + trexw, TCG_REG_L1, tlb_mask, 0);
 
-    /* cmp 0(TCG_REG_L0), TCG_REG_L1 */
-    tcg_out_modrm_offset(s, OPC_CMP_GvEv + trexw,
-                         TCG_REG_L1, TCG_REG_L0, cmp_ofs);
-
-    /* jne slow_path */
-    tcg_out_opc(s, OPC_JCC_long + JCC_JNE, 0, 0, 0);
-    ldst->label_ptr[0] = s->code_ptr;
-    s->code_ptr += 4;
-
-    if (TCG_TARGET_REG_BITS == 32 && s->addr_type == TCG_TYPE_I64) {
-        /* cmp 4(TCG_REG_L0), addrhi */
-        tcg_out_modrm_offset(s, OPC_CMP_GvEv, addrhi, TCG_REG_L0, cmp_ofs + 4);
+        /* cmp 0(TCG_REG_L0), TCG_REG_L1 */
+        tcg_out_modrm_offset(s, OPC_CMP_GvEv + trexw,
+                             TCG_REG_L1, TCG_REG_L0, cmp_ofs);
 
         /* jne slow_path */
         tcg_out_opc(s, OPC_JCC_long + JCC_JNE, 0, 0, 0);
-        ldst->label_ptr[1] = s->code_ptr;
+        ldst->label_ptr[0] = s->code_ptr;
         s->code_ptr += 4;
-    }
 
-    /* TLB Hit.  */
-    tcg_out_ld(s, TCG_TYPE_PTR, TCG_REG_L0, TCG_REG_L0,
-               offsetof(CPUTLBEntry, addend));
-#else
-    if (a_mask) {
+        if (TCG_TARGET_REG_BITS == 32 && s->addr_type == TCG_TYPE_I64) {
+            /* cmp 4(TCG_REG_L0), addrhi */
+            tcg_out_modrm_offset(s, OPC_CMP_GvEv, addrhi,
+                                 TCG_REG_L0, cmp_ofs + 4);
+
+            /* jne slow_path */
+            tcg_out_opc(s, OPC_JCC_long + JCC_JNE, 0, 0, 0);
+            ldst->label_ptr[1] = s->code_ptr;
+            s->code_ptr += 4;
+        }
+
+        /* TLB Hit.  */
+        tcg_out_ld(s, TCG_TYPE_PTR, TCG_REG_L0, TCG_REG_L0,
+                   offsetof(CPUTLBEntry, addend));
+    } else if (a_mask) {
         ldst = new_ldst_label(s);
 
         ldst->is_ld = is_ld;
@@ -XXX,XX +XXX,XX @@ static TCGLabelQemuLdst *prepare_host_addr(TCGContext *s, HostAddress *h,
         ldst->label_ptr[0] = s->code_ptr;
         s->code_ptr += 4;
     }
-#endif
 
     return ldst;
 }
@@ -XXX,XX +XXX,XX @@ static void tcg_target_qemu_prologue(TCGContext *s)
         tcg_out_push(s, tcg_target_callee_save_regs[i]);
     }
 
-#if TCG_TARGET_REG_BITS == 32
-    tcg_out_ld(s, TCG_TYPE_PTR, TCG_AREG0, TCG_REG_ESP,
-               (ARRAY_SIZE(tcg_target_callee_save_regs) + 1) * 4);
-    tcg_out_addi(s, TCG_REG_ESP, -stack_addend);
-    /* jmp *tb.  */
-    tcg_out_modrm_offset(s, OPC_GRP5, EXT5_JMPN_Ev, TCG_REG_ESP,
-                         (ARRAY_SIZE(tcg_target_callee_save_regs) + 2) * 4
-                         + stack_addend);
-#else
-# if !defined(CONFIG_SOFTMMU)
-    if (guest_base) {
+    if (!tcg_use_softmmu && guest_base) {
         int seg = setup_guest_base_seg();
         if (seg != 0) {
             x86_guest_base.seg = seg;
         } else if (guest_base == (int32_t)guest_base) {
             x86_guest_base.ofs = guest_base;
         } else {
+            assert(TCG_TARGET_REG_BITS == 64);
             /* Choose R12 because, as a base, it requires a SIB byte. */
             x86_guest_base.index = TCG_REG_R12;
             tcg_out_movi(s, TCG_TYPE_PTR, x86_guest_base.index, guest_base);
             tcg_regset_set_reg(s->reserved_regs, x86_guest_base.index);
         }
     }
-# endif
-    tcg_out_mov(s, TCG_TYPE_PTR, TCG_AREG0, tcg_target_call_iarg_regs[0]);
-    tcg_out_addi(s, TCG_REG_ESP, -stack_addend);
-    /* jmp *tb.  */
-    tcg_out_modrm(s, OPC_GRP5, EXT5_JMPN_Ev, tcg_target_call_iarg_regs[1]);
-#endif
+
+    if (TCG_TARGET_REG_BITS == 32) {
+        tcg_out_ld(s, TCG_TYPE_PTR, TCG_AREG0, TCG_REG_ESP,
+                   (ARRAY_SIZE(tcg_target_callee_save_regs) + 1) * 4);
+        tcg_out_addi(s, TCG_REG_ESP, -stack_addend);
+        /* jmp *tb.  */
+        tcg_out_modrm_offset(s, OPC_GRP5, EXT5_JMPN_Ev, TCG_REG_ESP,
+                             (ARRAY_SIZE(tcg_target_callee_save_regs) + 2) * 4
+                             + stack_addend);
+    } else {
+        tcg_out_mov(s, TCG_TYPE_PTR, TCG_AREG0, tcg_target_call_iarg_regs[0]);
+        tcg_out_addi(s, TCG_REG_ESP, -stack_addend);
+        /* jmp *tb.  */
+        tcg_out_modrm(s, OPC_GRP5, EXT5_JMPN_Ev, tcg_target_call_iarg_regs[1]);
+    }
 
     /*
      * Return path for goto_ptr. Set return value to 0, a-la exit_tb,
-- 
2.34.1