Series comparison

-[PATCH 00/41] tcg patch queue
+[PULL v3 00/91] tcg patch queue
-The following changes since commit 05de778b5b8ab0b402996769117b88c7ea5c7c61:
+Version 3 fixes a rebase error from v2 affecting ARM BFC insn.
-  Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging (2021-07-09 14:30:01 +0100)
 r~
 The following changes since commit 29c8a9e31a982874ce4e2c15f2bf82d5f8dc3517:
   Merge tag 'linux-user-for-8.0-pull-request' of https://gitlab.com/laurent_vivier/qemu into staging (2023-03-12 10:57:00 +0000)
 are available in the Git repository at:
-  https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20210710
+  https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20230313
-for you to fetch changes up to ad1a706f386c2281adb0b09257d892735e405834:
+for you to fetch changes up to 0c8b6b9a6383e2e37ff3d1d12b40c58b7ed36c1c:
-  cpu: Add breakpoint tracepoints (2021-07-09 21:31:11 -0700)
+  tcg: Drop tcg_const_* (2023-03-13 07:03:39 -0700)
 ----------------------------------------------------------------
-Add translator_use_goto_tb.
+accel/tcg: Fix NB_MMU_MODES to 16
-Cleanups in prep of breakpoint fixes.
+Balance of the target/ patchset which eliminates tcg_temp_free
-Misc fixes.
+Balance of the target/ patchset which eliminates tcg_const
 ----------------------------------------------------------------
-Liren Wei (2):
+Anton Johansson (23):
-      accel/tcg: Hoist tcg_tb_insert() up above tb_link_page()
+      include/exec: Set default `NB_MMU_MODES` to 16
-      tcg: Bake tb_destroy() into tcg_region_tree
+      target/alpha: Remove `NB_MMU_MODES` define
       target/arm: Remove `NB_MMU_MODES` define
       target/avr: Remove `NB_MMU_MODES` define
       target/cris: Remove `NB_MMU_MODES` define
       target/hexagon: Remove `NB_MMU_MODES` define
       target/hppa: Remove `NB_MMU_MODES` define
       target/i386: Remove `NB_MMU_MODES` define
       target/loongarch: Remove `NB_MMU_MODES` define
       target/m68k: Remove `NB_MMU_MODES` define
       target/microblaze: Remove `NB_MMU_MODES` define
       target/mips: Remove `NB_MMU_MODES` define
       target/nios2: Remove `NB_MMU_MODES` define
       target/openrisc: Remove `NB_MMU_MODES` define
       target/ppc: Remove `NB_MMU_MODES` define
       target/riscv: Remove `NB_MMU_MODES` define
       target/rx: Remove `NB_MMU_MODES` define
       target/s390x: Remove `NB_MMU_MODES` define
       target/sh4: Remove `NB_MMU_MODES` define
       target/sparc: Remove `NB_MMU_MODES` define
       target/tricore: Remove `NB_MMU_MODES` define
       target/xtensa: Remove `NB_MMU_MODES` define
       include/exec: Remove guards around `NB_MMU_MODES`
-Philippe Mathieu-Daudé (1):
+Richard Henderson (68):
-      tcg: Avoid including 'trace-tcg.h' in target translate.c
+      target/mips: Drop tcg_temp_free from micromips_translate.c.inc
       target/mips: Drop tcg_temp_free from msa_translate.c
       target/mips: Drop tcg_temp_free from mxu_translate.c
       target/mips: Drop tcg_temp_free from nanomips_translate.c.inc
       target/mips: Drop tcg_temp_free from octeon_translate.c
       target/mips: Drop tcg_temp_free from translate_addr_const.c
       target/mips: Drop tcg_temp_free from tx79_translate.c
       target/mips: Drop tcg_temp_free from vr54xx_translate.c
       target/mips: Drop tcg_temp_free from translate.c
       target/s390x: Drop free_compare
       target/s390x: Drop tcg_temp_free from translate_vx.c.inc
       target/s390x: Drop tcg_temp_free from translate.c
       target/s390x: Remove assert vs g_in2
       target/s390x: Remove g_out, g_out2, g_in1, g_in2 from DisasContext
       tcg: Create tcg/tcg-temp-internal.h
       target/avr: Avoid use of tcg_const_i32 in SBIC, SBIS
       target/avr: Avoid use of tcg_const_i32 throughout
       target/cris: Avoid use of tcg_const_i32 throughout
       target/hppa: Avoid tcg_const_i64 in trans_fid_f
       target/hppa: Avoid use of tcg_const_i32 throughout
       target/i386: Avoid use of tcg_const_* throughout
       target/m68k: Avoid tcg_const_i32 when modified
       target/m68k: Avoid tcg_const_i32 in bfop_reg
       target/m68k: Avoid tcg_const_* throughout
       target/mips: Split out gen_lxl
       target/mips: Split out gen_lxr
       target/mips: Avoid tcg_const_tl in gen_r6_ld
       target/mips: Avoid tcg_const_* throughout
       target/ppc: Split out gen_vx_vmul10
       target/ppc: Avoid tcg_const_i64 in do_vector_shift_quad
       target/rx: Use tcg_gen_abs_i32
       target/rx: Use cpu_psw_z as temp in flags computation
       target/rx: Avoid tcg_const_i32 when new temp needed
       target/rx: Avoid tcg_const_i32
       target/s390x: Avoid tcg_const_i64
       target/sh4: Avoid tcg_const_i32 for TAS.B
       target/sh4: Avoid tcg_const_i32
       tcg/sparc: Avoid tcg_const_tl in gen_edge
       target/tricore: Split t_n as constant from temp as variable
       target/tricore: Rename t_off10 and use tcg_constant_i32
       target/tricore: Use setcondi instead of explicit allocation
       target/tricore: Drop some temp initialization
       target/tricore: Avoid tcg_const_i32
       tcg: Replace tcg_const_i64 in tcg-op.c
       target/arm: Use rmode >= 0 for need_rmode
       target/arm: Handle FPROUNDING_ODD in arm_rmode_to_sf
       target/arm: Improve arm_rmode_to_sf
       target/arm: Consistently use ARMFPRounding during translation
       target/arm: Create gen_set_rmode, gen_restore_rmode
       target/arm: Improve trans_BFCI
       target/arm: Avoid tcg_const_ptr in gen_sve_{ldr,str}
       target/arm: Avoid tcg_const_* in translate-mve.c
       target/arm: Avoid tcg_const_ptr in disas_simd_zip_trn
       target/arm: Avoid tcg_const_ptr in handle_vec_simd_sqshrn
       target/arm: Avoid tcg_const_ptr in handle_rev
       target/m68k: Use tcg_constant_i32 in gen_ea_mode
       target/ppc: Avoid tcg_const_i64 in do_vcntmb
       target/ppc: Avoid tcg_const_* in vmx-impl.c.inc
       target/ppc: Avoid tcg_const_* in xxeval
       target/ppc: Avoid tcg_const_* in vsx-impl.c.inc
       target/ppc: Avoid tcg_const_* in fp-impl.c.inc
       target/ppc: Avoid tcg_const_* in power8-pmu-regs.c.inc
       target/ppc: Rewrite trans_ADDG6S
       target/ppc: Fix gen_tlbsx_booke206
       target/ppc: Avoid tcg_const_* in translate.c
       target/tricore: Use min/max for saturate
       tcg: Drop tcg_const_*_vec
       tcg: Drop tcg_const_*
-Richard Henderson (38):
+ include/exec/cpu-defs.h                    |   9 +-
-      tcg: Add separator in INDEX_op_call dump
+ include/tcg/tcg-op.h                       |   4 -
-      tcg: Move tb_phys_invalidate_count to tb_ctx
+ include/tcg/tcg-temp-internal.h            |  83 +++
-      accel/tcg: Introduce translator_use_goto_tb
+ include/tcg/tcg.h                          |  64 ---
-      target/alpha: Remove use_exit_tb
+ target/alpha/cpu-param.h                   |   2 -
-      target/alpha: Remove in_superpage
+ target/arm/cpu-param.h                     |   2 -
-      target/alpha: Use translator_use_goto_tb
+ target/arm/internals.h                     |  12 +-
-      target/arm: Use DISAS_TOO_MANY for ISB and SB
+ target/arm/tcg/translate.h                 |  17 +
-      target/arm: Use translator_use_goto_tb for aarch64
+ target/avr/cpu-param.h                     |   1 -
-      target/arm: Use translator_use_goto_tb for aarch32
+ target/cris/cpu-param.h                    |   1 -
-      target/avr: Use translator_use_goto_tb
+ target/hexagon/cpu-param.h                 |   2 -
-      target/avr: Mark some helpers noreturn
+ target/hppa/cpu-param.h                    |   1 -
-      target/cris: Use translator_use_goto_tb
+ target/i386/cpu-param.h                    |   1 -
-      target/hppa: Use translator_use_goto_tb
+ target/loongarch/cpu-param.h               |   1 -
-      target/i386: Use translator_use_goto_tb
+ target/m68k/cpu-param.h                    |   1 -
-      target/m68k: Use translator_use_goto_tb
+ target/microblaze/cpu-param.h              |   1 -
-      target/microblaze: Use translator_use_goto_tb
+ target/microblaze/cpu.h                    |   2 +-
-      target/mips: Use translator_use_goto_tb
+ target/mips/cpu-param.h                    |   1 -
-      target/mips: Fix missing else in gen_goto_tb
+ target/nios2/cpu-param.h                   |   1 -
-      target/nios2: Use translator_use_goto_tb
+ target/openrisc/cpu-param.h                |   1 -
-      target/openrisc: Use translator_use_goto_tb
+ target/ppc/cpu-param.h                     |   1 -
-      target/ppc: Use translator_use_goto_tb
+ target/riscv/cpu-param.h                   |   1 -
-      target/riscv: Use translator_use_goto_tb
+ target/rx/cpu-param.h                      |   2 -
-      target/rx: Use translator_use_goto_tb
+ target/s390x/cpu-param.h                   |   1 -
-      target/s390x: Use translator_use_goto_tb
+ target/sh4/cpu-param.h                     |   1 -
-      target/s390x: Remove use_exit_tb
+ target/sparc/cpu-param.h                   |   2 -
-      target/sh4: Use translator_use_goto_tb
+ target/tricore/cpu-param.h                 |   1 -
-      target/sparc: Use translator_use_goto_tb
+ target/xtensa/cpu-param.h                  |   1 -
-      target/tricore: Use translator_use_goto_tb
+ accel/tcg/plugin-gen.c                     |   1 +
-      target/tricore: Use tcg_gen_lookup_and_goto_ptr
+ target/arm/tcg/translate-a64.c             | 168 +++---
-      target/xtensa: Use translator_use_goto_tb
+ target/arm/tcg/translate-mve.c             |  56 +-
-      tcg: Fix prologue disassembly
+ target/arm/tcg/translate-sve.c             |  28 +-
-      target/i386: Use cpu_breakpoint_test in breakpoint_handler
+ target/arm/tcg/translate-vfp.c             |  26 +-
-      accel/tcg: Move helper_lookup_tb_ptr to cpu-exec.c
+ target/arm/tcg/translate.c                 |  14 +-
-      accel/tcg: Move tb_lookup to cpu-exec.c
+ target/arm/vfp_helper.c                    |  35 +-
-      accel/tcg: Split out log_cpu_exec
+ target/avr/translate.c                     |  48 +-
-      accel/tcg: Log tb->cflags with -d exec
+ target/cris/translate.c                    |  46 +-
-      tcg: Remove TCG_TARGET_HAS_goto_ptr
+ target/hppa/translate.c                    |  35 +-
-      cpu: Add breakpoint tracepoints
+ target/i386/tcg/translate.c                |  83 +--
+ target/m68k/translate.c                    | 231 ++++----
- accel/tcg/tb-context.h              |   1 +
+ target/mips/tcg/msa_translate.c            |   9 -
- accel/tcg/tb-lookup.h               |  49 ----------------
+ target/mips/tcg/mxu_translate.c            |  55 +-
- include/exec/translator.h           |  10 ++++
+ target/mips/tcg/octeon_translate.c         |  23 -
- include/tcg/tcg-opc.h               |   3 +-
+ target/mips/tcg/translate.c                | 819 +++++------------------------
- include/tcg/tcg.h                   |   4 --
+ target/mips/tcg/translate_addr_const.c     |   7 -
- target/avr/helper.h                 |   8 +--
+ target/mips/tcg/tx79_translate.c           |  45 +-
- tcg/aarch64/tcg-target.h            |   1 -
+ target/mips/tcg/vr54xx_translate.c         |   4 -
- tcg/arm/tcg-target.h                |   1 -
+ target/ppc/translate.c                     | 148 +++---
- tcg/i386/tcg-target.h               |   1 -
+ target/rx/translate.c                      |  84 ++-
- tcg/mips/tcg-target.h               |   1 -
+ target/s390x/tcg/translate.c               | 208 +-------
- tcg/ppc/tcg-target.h                |   1 -
+ target/sh4/translate.c                     |  35 +-
- tcg/riscv/tcg-target.h              |   1 -
+ target/sparc/translate.c                   |  14 +-
- tcg/s390/tcg-target.h               |   1 -
+ target/tricore/translate.c                 | 476 ++++++++---------
- tcg/sparc/tcg-target.h              |   1 -
+ tcg/tcg-op-gvec.c                          |   1 +
- tcg/tci/tcg-target.h                |   1 -
+ tcg/tcg-op-vec.c                           |  35 +-
- accel/tcg/cpu-exec.c                | 112 ++++++++++++++++++++++++++++--------
+ tcg/tcg-op.c                               |  13 +-
- accel/tcg/tcg-runtime.c             |  22 -------
+ tcg/tcg.c                                  |  17 +-
- accel/tcg/translate-all.c           |  23 ++++----
+ target/cris/translate_v10.c.inc            |  26 +-
- accel/tcg/translator.c              |  11 ++++
+ target/mips/tcg/micromips_translate.c.inc  |  12 +-
- cpu.c                               |  13 +++--
+ target/mips/tcg/nanomips_translate.c.inc   | 143 +----
- target/alpha/translate.c            |  47 ++-------------
+ target/ppc/power8-pmu-regs.c.inc           |   4 +-
- target/arm/translate-a64.c          |  26 ++-------
+ target/ppc/translate/fixedpoint-impl.c.inc |  44 +-
- target/arm/translate-sve.c          |   1 -
+ target/ppc/translate/fp-impl.c.inc         |  26 +-
- target/arm/translate.c              |  17 +-----
+ target/ppc/translate/vmx-impl.c.inc        | 130 ++---
- target/avr/translate.c              |   9 ++-
+ target/ppc/translate/vsx-impl.c.inc        |  36 +-
- target/cris/translate.c             |   6 +-
+ target/s390x/tcg/translate_vx.c.inc        | 143 -----
- target/hppa/translate.c             |   6 +-
+ tcg/i386/tcg-target.c.inc                  |   9 +-
- target/i386/tcg/sysemu/bpt_helper.c |  12 +---
+files changed, 1166 insertions(+), 2388 deletions(-)
- target/i386/tcg/translate.c         |  15 +----
+ create mode 100644 include/tcg/tcg-temp-internal.h
  target/m68k/translate.c             |  13 +----
  target/microblaze/translate.c       |  12 +---
  target/mips/tcg/translate.c         |  21 ++-----
  target/nios2/translate.c            |  15 +----
  target/openrisc/translate.c         |  16 +++---
  target/ppc/translate.c              |  11 +---
  target/riscv/translate.c            |  20 +------
  target/rx/translate.c               |  12 +---
  target/s390x/translate.c            |  19 +-----
  target/sh4/translate.c              |  12 +---
  target/sparc/translate.c            |  20 ++-----
  target/tricore/translate.c          |  20 ++-----
  target/xtensa/translate.c           |   7 +--
  tcg/region.c                        |  33 +++--------
  tcg/tcg-op.c                        |   2 +-
  tcg/tcg.c                           |  14 ++---
  trace-events                        |   5 ++
 files changed, 217 insertions(+), 439 deletions(-)
  delete mode 100644 accel/tcg/tb-lookup.h

-[PATCH 01/41] tcg: Add separator in INDEX_op_call dump
+Deleted patch
-We lost the ',' following the called function name.
-Fixes: 3e92aa34434
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- tcg/tcg.c | 2 +-
-file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/tcg/tcg.c b/tcg/tcg.c
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/tcg.c
-+++ b/tcg/tcg.c
-@@ -XXX,XX +XXX,XX @@ static void tcg_dump_ops(TCGContext *s, bool have_prefs)
-                 col += qemu_log("plugin(%p)", func);
-             }
--            col += qemu_log("$0x%x,$%d", info->flags, nb_oargs);
-+            col += qemu_log(",$0x%x,$%d", info->flags, nb_oargs);
-             for (i = 0; i < nb_oargs; i++) {
-                 col += qemu_log(",%s", tcg_get_arg_str(s, buf, sizeof(buf),
-                                                        op->args[i]));
---
-.25.1

-[PATCH 02/41] tcg: Avoid including 'trace-tcg.h' in target translate.c
+Deleted patch
-From: Philippe Mathieu-Daudé <f4bug@amsat.org>
-The root trace-events only declares a single TCG event:
-  $ git grep -w tcg trace-events
-  trace-events:115:# tcg/tcg-op.c
-  trace-events:137:vcpu tcg guest_mem_before(TCGv vaddr, uint16_t info) "info=%d", "vaddr=0x%016"PRIx64" info=%d"
-and only a tcg/tcg-op.c uses it:
-  $ git grep -l trace_guest_mem_before_tcg
-  tcg/tcg-op.c
-therefore it is pointless to include "trace-tcg.h" in each target
-(because it is not used). Remove it.
-Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Message-Id: <20210629050935.2570721-1-f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/alpha/translate.c      | 1 -
- target/arm/translate-a64.c    | 1 -
- target/arm/translate-sve.c    | 1 -
- target/arm/translate.c        | 1 -
- target/cris/translate.c       | 1 -
- target/hppa/translate.c       | 1 -
- target/i386/tcg/translate.c   | 1 -
- target/m68k/translate.c       | 1 -
- target/microblaze/translate.c | 1 -
- target/mips/tcg/translate.c   | 1 -
- target/openrisc/translate.c   | 1 -
- target/ppc/translate.c        | 1 -
- target/rx/translate.c         | 1 -
- target/s390x/translate.c      | 1 -
- target/sh4/translate.c        | 1 -
- target/sparc/translate.c      | 1 -
- target/xtensa/translate.c     | 1 -
-files changed, 17 deletions(-)
-diff --git a/target/alpha/translate.c b/target/alpha/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/alpha/translate.c
-+++ b/target/alpha/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/cpu_ldst.h"
- #include "exec/helper-proto.h"
- #include "exec/helper-gen.h"
--#include "trace-tcg.h"
- #include "exec/translator.h"
- #include "exec/log.h"
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.c
-+++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-gen.h"
- #include "exec/log.h"
--#include "trace-tcg.h"
- #include "translate-a64.h"
- #include "qemu/atomic128.h"
-diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-sve.c
-+++ b/target/arm/translate-sve.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-proto.h"
- #include "exec/helper-gen.h"
- #include "exec/log.h"
--#include "trace-tcg.h"
- #include "translate-a64.h"
- #include "fpu/softfloat.h"
-diff --git a/target/arm/translate.c b/target/arm/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate.c
-+++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-proto.h"
- #include "exec/helper-gen.h"
--#include "trace-tcg.h"
- #include "exec/log.h"
-diff --git a/target/cris/translate.c b/target/cris/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/cris/translate.c
-+++ b/target/cris/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-gen.h"
--#include "trace-tcg.h"
- #include "exec/log.h"
-diff --git a/target/hppa/translate.c b/target/hppa/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/hppa/translate.c
-+++ b/target/hppa/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-proto.h"
- #include "exec/helper-gen.h"
- #include "exec/translator.h"
--#include "trace-tcg.h"
- #include "exec/log.h"
- /* Since we have a distinction between register size and address size,
-diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/i386/tcg/translate.c
-+++ b/target/i386/tcg/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-gen.h"
- #include "helper-tcg.h"
--#include "trace-tcg.h"
- #include "exec/log.h"
- #define PREFIX_REPZ   0x01
-diff --git a/target/m68k/translate.c b/target/m68k/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/m68k/translate.c
-+++ b/target/m68k/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-proto.h"
- #include "exec/helper-gen.h"
--#include "trace-tcg.h"
- #include "exec/log.h"
- #include "fpu/softfloat.h"
-diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/microblaze/translate.c
-+++ b/target/microblaze/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/translator.h"
- #include "qemu/qemu-print.h"
--#include "trace-tcg.h"
- #include "exec/log.h"
- #define EXTRACT_FIELD(src, start, end) \
-diff --git a/target/mips/tcg/translate.c b/target/mips/tcg/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/mips/tcg/translate.c
-+++ b/target/mips/tcg/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "semihosting/semihost.h"
- #include "trace.h"
--#include "trace-tcg.h"
- #include "exec/translator.h"
- #include "exec/log.h"
- #include "qemu/qemu-print.h"
-diff --git a/target/openrisc/translate.c b/target/openrisc/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/openrisc/translate.c
-+++ b/target/openrisc/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-gen.h"
- #include "exec/gen-icount.h"
--#include "trace-tcg.h"
- #include "exec/log.h"
- /* is_jmp field values */
-diff --git a/target/ppc/translate.c b/target/ppc/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/ppc/translate.c
-+++ b/target/ppc/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-proto.h"
- #include "exec/helper-gen.h"
--#include "trace-tcg.h"
- #include "exec/translator.h"
- #include "exec/log.h"
- #include "qemu/atomic128.h"
-diff --git a/target/rx/translate.c b/target/rx/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/rx/translate.c
-+++ b/target/rx/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-proto.h"
- #include "exec/helper-gen.h"
- #include "exec/translator.h"
--#include "trace-tcg.h"
- #include "exec/log.h"
- typedef struct DisasContext {
-diff --git a/target/s390x/translate.c b/target/s390x/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/s390x/translate.c
-+++ b/target/s390x/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-proto.h"
- #include "exec/helper-gen.h"
--#include "trace-tcg.h"
- #include "exec/translator.h"
- #include "exec/log.h"
- #include "qemu/atomic128.h"
-diff --git a/target/sh4/translate.c b/target/sh4/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/sh4/translate.c
-+++ b/target/sh4/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-proto.h"
- #include "exec/helper-gen.h"
- #include "exec/translator.h"
--#include "trace-tcg.h"
- #include "exec/log.h"
- #include "qemu/qemu-print.h"
-diff --git a/target/sparc/translate.c b/target/sparc/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/sparc/translate.c
-+++ b/target/sparc/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-gen.h"
--#include "trace-tcg.h"
- #include "exec/translator.h"
- #include "exec/log.h"
- #include "asi.h"
-diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/xtensa/translate.c
-+++ b/target/xtensa/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-proto.h"
- #include "exec/helper-gen.h"
--#include "trace-tcg.h"
- #include "exec/log.h"
---
-.25.1

-[PATCH 03/41] accel/tcg: Hoist tcg_tb_insert() up above tb_link_page()
+[PULL v3 73/91] target/arm: Improve trans_BFCI
-From: Liren Wei <lrwei@bupt.edu.cn>
+Reorg temporary usage so that we can use tcg_constant_i32.
 tcg_gen_deposit_i32 already has a width == 32 special case,
 so remove the check here.
-TranslationBlocks not inserted into the corresponding region
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
 tree shall be regarded as partially initialized objects, and
 needs to be finalized first before inserting into QHT.
 Signed-off-by: Liren Wei <lrwei@bupt.edu.cn>
 Message-Id: <f9fc263f71e11b6308d8c1fbc0dd366bf4aeb532.1625404483.git.lrwei@bupt.edu.cn>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- accel/tcg/translate-all.c | 9 ++++++++-
+ target/arm/tcg/translate.c | 14 ++++++--------
-file changed, 8 insertions(+), 1 deletion(-)
+file changed, 6 insertions(+), 8 deletions(-)
-diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
+diff --git a/target/arm/tcg/translate.c b/target/arm/tcg/translate.c
 index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/translate-all.c
+--- a/target/arm/tcg/translate.c
-+++ b/accel/tcg/translate-all.c
++++ b/target/arm/tcg/translate.c
-@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
+@@ -XXX,XX +XXX,XX @@ static bool trans_UBFX(DisasContext *s, arg_UBFX *a)
-         return tb;
  static bool trans_BFCI(DisasContext *s, arg_BFCI *a)
  {
 -    TCGv_i32 tmp;
      int msb = a->msb, lsb = a->lsb;
 +    TCGv_i32 t_in, t_rd;
      int width;
      if (!ENABLE_ARCH_6T2) {
@@ -XXX,XX +XXX,XX @@ static bool trans_BFCI(DisasContext *s, arg_BFCI *a)
      width = msb + 1 - lsb;
      if (a->rn == 15) {
          /* BFC */
 -        tmp = tcg_const_i32(0);
 +        t_in = tcg_constant_i32(0);
      } else {
          /* BFI */
 -        tmp = load_reg(s, a->rn);
 +        t_in = load_reg(s, a->rn);
      }
+-    if (width != 32) {
-+    /*
+-        TCGv_i32 tmp2 = load_reg(s, a->rd);
-+     * Insert TB into the corresponding region tree before publishing it
+-        tcg_gen_deposit_i32(tmp, tmp2, tmp, lsb, width);
-+     * through QHT. Otherwise rewinding happened in the TB might fail to
+-    }
-+     * lookup itself using host PC.
+-    store_reg(s, a->rd, tmp);
-+     */
++    t_rd = load_reg(s, a->rd);
-+    tcg_tb_insert(tb);
++    tcg_gen_deposit_i32(t_rd, t_rd, t_in, lsb, width);
-+
++    store_reg(s, a->rd, t_rd);
-     /* check next page if needed */
+     return true;
      virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
      phys_page2 = -1;
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
          orig_aligned -= ROUND_UP(sizeof(*tb), qemu_icache_linesize);
          qatomic_set(&tcg_ctx->code_gen_ptr, (void *)orig_aligned);
          tb_destroy(tb);
 +        tcg_tb_remove(tb);
          return existing_tb;
      }
 -    tcg_tb_insert(tb);
      return tb;
  }
 --
-.25.1
+.34.1

-[PATCH 04/41] tcg: Bake tb_destroy() into tcg_region_tree
+Deleted patch
-From: Liren Wei <lrwei@bupt.edu.cn>
-The function is called only at tcg_gen_code() when duplicated TBs
-are translated by different threads, and when the tcg_region_tree
-is reset. Bake it into the underlying GTree as its value destroy
-function to unite these situations.
-Also remove tcg_region_tree_traverse() which now becomes useless.
-Signed-off-by: Liren Wei <lrwei@bupt.edu.cn>
-Message-Id: <8dc352f08d038c4e7a1f5f56962398cdc700c3aa.1625404483.git.lrwei@bupt.edu.cn>
-[rth: Name the new tb_tc_cmp parameter correctly.]
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/tcg/tcg.h         |  1 -
- accel/tcg/translate-all.c |  6 ------
- tcg/region.c              | 19 ++++++++-----------
-files changed, 8 insertions(+), 18 deletions(-)
-diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/tcg/tcg.h
-+++ b/include/tcg/tcg.h
-@@ -XXX,XX +XXX,XX @@ void *tcg_malloc_internal(TCGContext *s, int size);
- void tcg_pool_reset(TCGContext *s);
- TranslationBlock *tcg_tb_alloc(TCGContext *s);
--void tb_destroy(TranslationBlock *tb);
- void tcg_region_reset_all(void);
- size_t tcg_code_size(void);
-diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/translate-all.c
-+++ b/accel/tcg/translate-all.c
-@@ -XXX,XX +XXX,XX @@ static int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
-     return 0;
- }
--void tb_destroy(TranslationBlock *tb)
--{
--    qemu_spin_destroy(&tb->jmp_lock);
--}
--
- bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc, bool will_exit)
- {
-     /*
-@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
-         orig_aligned -= ROUND_UP(sizeof(*tb), qemu_icache_linesize);
-         qatomic_set(&tcg_ctx->code_gen_ptr, (void *)orig_aligned);
--        tb_destroy(tb);
-         tcg_tb_remove(tb);
-         return existing_tb;
-     }
-diff --git a/tcg/region.c b/tcg/region.c
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/region.c
-+++ b/tcg/region.c
-@@ -XXX,XX +XXX,XX @@ static int ptr_cmp_tb_tc(const void *ptr, const struct tb_tc *s)
-     return 0;
- }
--static gint tb_tc_cmp(gconstpointer ap, gconstpointer bp)
-+static gint tb_tc_cmp(gconstpointer ap, gconstpointer bp, gpointer userdata)
- {
-     const struct tb_tc *a = ap;
-     const struct tb_tc *b = bp;
-@@ -XXX,XX +XXX,XX @@ static gint tb_tc_cmp(gconstpointer ap, gconstpointer bp)
-     return ptr_cmp_tb_tc(b->ptr, a);
- }
-+static void tb_destroy(gpointer value)
-+{
-+    TranslationBlock *tb = value;
-+    qemu_spin_destroy(&tb->jmp_lock);
-+}
-+
- static void tcg_region_trees_init(void)
- {
-     size_t i;
-@@ -XXX,XX +XXX,XX @@ static void tcg_region_trees_init(void)
-         struct tcg_region_tree *rt = region_trees + i * tree_size;
-         qemu_mutex_init(&rt->lock);
--        rt->tree = g_tree_new(tb_tc_cmp);
-+        rt->tree = g_tree_new_full(tb_tc_cmp, NULL, NULL, tb_destroy);
-     }
- }
-@@ -XXX,XX +XXX,XX @@ size_t tcg_nb_tbs(void)
-     return nb_tbs;
- }
--static gboolean tcg_region_tree_traverse(gpointer k, gpointer v, gpointer data)
--{
--    TranslationBlock *tb = v;
--
--    tb_destroy(tb);
--    return FALSE;
--}
--
- static void tcg_region_tree_reset_all(void)
- {
-     size_t i;
-@@ -XXX,XX +XXX,XX @@ static void tcg_region_tree_reset_all(void)
-     for (i = 0; i < region.n; i++) {
-         struct tcg_region_tree *rt = region_trees + i * tree_size;
--        g_tree_foreach(rt->tree, tcg_region_tree_traverse, NULL);
-         /* Increment the refcount first so that destroy acts as a reset */
-         g_tree_ref(rt->tree);
-         g_tree_destroy(rt->tree);
---
-.25.1

-[PATCH 05/41] tcg: Move tb_phys_invalidate_count to tb_ctx
+Deleted patch
-We can call do_tb_phys_invalidate from an iocontext, which has
-no per-thread tcg_ctx.  Move this to tb_ctx, which is global.
-The actual update still takes place with a lock held, so only
-an atomic set is required, not an atomic increment.
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/457
-Tested-by: Viktor Ashirov <vashirov@redhat.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- accel/tcg/tb-context.h    |  1 +
- include/tcg/tcg.h         |  3 ---
- accel/tcg/translate-all.c |  8 ++++----
- tcg/region.c              | 14 --------------
-files changed, 5 insertions(+), 21 deletions(-)
-diff --git a/accel/tcg/tb-context.h b/accel/tcg/tb-context.h
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/tb-context.h
-+++ b/accel/tcg/tb-context.h
-@@ -XXX,XX +XXX,XX @@ struct TBContext {
-     /* statistics */
-     unsigned tb_flush_count;
-+    unsigned tb_phys_invalidate_count;
- };
- extern TBContext tb_ctx;
-diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/tcg/tcg.h
-+++ b/include/tcg/tcg.h
-@@ -XXX,XX +XXX,XX @@ struct TCGContext {
-     /* Threshold to flush the translated code buffer.  */
-     void *code_gen_highwater;
--    size_t tb_phys_invalidate_count;
--
-     /* Track which vCPU triggers events */
-     CPUState *cpu;                      /* *_trans */
-@@ -XXX,XX +XXX,XX @@ size_t tcg_code_capacity(void);
- void tcg_tb_insert(TranslationBlock *tb);
- void tcg_tb_remove(TranslationBlock *tb);
--size_t tcg_tb_phys_invalidate_count(void);
- TranslationBlock *tcg_tb_lookup(uintptr_t tc_ptr);
- void tcg_tb_foreach(GTraverseFunc func, gpointer user_data);
- size_t tcg_nb_tbs(void);
-diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/translate-all.c
-+++ b/accel/tcg/translate-all.c
-@@ -XXX,XX +XXX,XX @@ static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list)
-     /* suppress any remaining jumps to this TB */
-     tb_jmp_unlink(tb);
--    qatomic_set(&tcg_ctx->tb_phys_invalidate_count,
--               tcg_ctx->tb_phys_invalidate_count + 1);
-+    qatomic_set(&tb_ctx.tb_phys_invalidate_count,
-+                tb_ctx.tb_phys_invalidate_count + 1);
- }
- static void tb_phys_invalidate__locked(TranslationBlock *tb)
-@@ -XXX,XX +XXX,XX @@ void dump_exec_info(void)
-     qemu_printf("\nStatistics:\n");
-     qemu_printf("TB flush count      %u\n",
-                 qatomic_read(&tb_ctx.tb_flush_count));
--    qemu_printf("TB invalidate count %zu\n",
--                tcg_tb_phys_invalidate_count());
-+    qemu_printf("TB invalidate count %u\n",
-+                qatomic_read(&tb_ctx.tb_phys_invalidate_count));
-     tlb_flush_counts(&flush_full, &flush_part, &flush_elide);
-     qemu_printf("TLB full flushes    %zu\n", flush_full);
-diff --git a/tcg/region.c b/tcg/region.c
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/region.c
-+++ b/tcg/region.c
-@@ -XXX,XX +XXX,XX @@ size_t tcg_code_capacity(void)
-     return capacity;
- }
--
--size_t tcg_tb_phys_invalidate_count(void)
--{
--    unsigned int n_ctxs = qatomic_read(&tcg_cur_ctxs);
--    unsigned int i;
--    size_t total = 0;
--
--    for (i = 0; i < n_ctxs; i++) {
--        const TCGContext *s = qatomic_read(&tcg_ctxs[i]);
--
--        total += qatomic_read(&s->tb_phys_invalidate_count);
--    }
--    return total;
--}
---
-.25.1

-[PATCH 06/41] accel/tcg: Introduce translator_use_goto_tb
+Deleted patch
-Add a generic version of the common use_goto_tb test.
-Various targets avoid the page crossing test for CONFIG_USER_ONLY,
-but that is wrong: mmap and mprotect can change page permissions.
-Reviewed-by: Max Filippov <jcmvbkbc@gmail.com>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/exec/translator.h | 10 ++++++++++
- accel/tcg/translator.c    | 11 +++++++++++
-files changed, 21 insertions(+)
-diff --git a/include/exec/translator.h b/include/exec/translator.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/exec/translator.h
-+++ b/include/exec/translator.h
-@@ -XXX,XX +XXX,XX @@ void translator_loop(const TranslatorOps *ops, DisasContextBase *db,
- void translator_loop_temp_check(DisasContextBase *db);
-+/**
-+ * translator_use_goto_tb
-+ * @db: Disassembly context
-+ * @dest: target pc of the goto
-+ *
-+ * Return true if goto_tb is allowed between the current TB
-+ * and the destination PC.
-+ */
-+bool translator_use_goto_tb(DisasContextBase *db, target_ulong dest);
-+
- /*
-  * Translator Load Functions
-  *
-diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/translator.c
-+++ b/accel/tcg/translator.c
-@@ -XXX,XX +XXX,XX @@ void translator_loop_temp_check(DisasContextBase *db)
-     }
- }
-+bool translator_use_goto_tb(DisasContextBase *db, target_ulong dest)
-+{
-+    /* Suppress goto_tb in the case of single-steping.  */
-+    if (db->singlestep_enabled || singlestep) {
-+        return false;
-+    }
-+
-+    /* Check for the dest on the same page as the start of the TB.  */
-+    return ((db->pc_first ^ dest) & TARGET_PAGE_MASK) == 0;
-+}
-+
- void translator_loop(const TranslatorOps *ops, DisasContextBase *db,
-                      CPUState *cpu, TranslationBlock *tb, int max_insns)
- {
---
-.25.1

-[PATCH 07/41] target/alpha: Remove use_exit_tb
+Deleted patch
-We have not needed to end a TB for I/O since ba3e7926691
-("icount: clean up cpu_can_io at the entry to the block").
-We do not need to use exit_tb for singlestep, which only
-means generate one insn per TB.
-Which leaves only singlestep_enabled, which means raise a
-debug trap after every TB, which does not use exit_tb,
-which would leave the function mis-named.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/alpha/translate.c | 15 ++-------------
-file changed, 2 insertions(+), 13 deletions(-)
-diff --git a/target/alpha/translate.c b/target/alpha/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/alpha/translate.c
-+++ b/target/alpha/translate.c
-@@ -XXX,XX +XXX,XX @@ static bool in_superpage(DisasContext *ctx, int64_t addr)
- #endif
- }
--static bool use_exit_tb(DisasContext *ctx)
--{
--    return ((tb_cflags(ctx->base.tb) & CF_LAST_IO)
--            || ctx->base.singlestep_enabled
--            || singlestep);
--}
--
- static bool use_goto_tb(DisasContext *ctx, uint64_t dest)
- {
--    /* Suppress goto_tb in the case of single-steping and IO.  */
--    if (unlikely(use_exit_tb(ctx))) {
--        return false;
--    }
- #ifndef CONFIG_USER_ONLY
-     /* If the destination is in the superpage, the page perms can't change.  */
-     if (in_superpage(ctx, dest)) {
-@@ -XXX,XX +XXX,XX @@ static DisasJumpType gen_call_pal(DisasContext *ctx, int palcode)
-            need the page permissions check.  We'll see the existence of
-            the page when we create the TB, and we'll flush all TBs if
-            we change the PAL base register.  */
--        if (!use_exit_tb(ctx)) {
-+        if (!ctx->base.singlestep_enabled) {
-             tcg_gen_goto_tb(0);
-             tcg_gen_movi_i64(cpu_pc, entry);
-             tcg_gen_exit_tb(ctx->base.tb, 0);
-@@ -XXX,XX +XXX,XX @@ static void alpha_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
-         tcg_gen_movi_i64(cpu_pc, ctx->base.pc_next);
-         /* FALLTHRU */
-     case DISAS_PC_UPDATED:
--        if (!use_exit_tb(ctx)) {
-+        if (!ctx->base.singlestep_enabled) {
-             tcg_gen_lookup_and_goto_ptr();
-             break;
-         }
---
-.25.1

-[PATCH 08/41] target/alpha: Remove in_superpage
+Deleted patch
-The number of links across (normal) pages using this is low,
-and it will shortly violate the contract for breakpoints.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/alpha/translate.c | 24 ++----------------------
-file changed, 2 insertions(+), 22 deletions(-)
-diff --git a/target/alpha/translate.c b/target/alpha/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/alpha/translate.c
-+++ b/target/alpha/translate.c
-@@ -XXX,XX +XXX,XX @@ static DisasJumpType gen_store_conditional(DisasContext *ctx, int ra, int rb,
-     return DISAS_NEXT;
- }
--static bool in_superpage(DisasContext *ctx, int64_t addr)
--{
--#ifndef CONFIG_USER_ONLY
--    return ((ctx->tbflags & ENV_FLAG_PS_USER) == 0
--            && addr >> TARGET_VIRT_ADDR_SPACE_BITS == -1
--            && ((addr >> 41) & 3) == 2);
--#else
--    return false;
--#endif
--}
--
- static bool use_goto_tb(DisasContext *ctx, uint64_t dest)
- {
- #ifndef CONFIG_USER_ONLY
--    /* If the destination is in the superpage, the page perms can't change.  */
--    if (in_superpage(ctx, dest)) {
--        return true;
--    }
-     /* Check for the dest on the same page as the start of the TB.  */
-     return ((ctx->base.tb->pc ^ dest) & TARGET_PAGE_MASK) == 0;
- #else
-@@ -XXX,XX +XXX,XX @@ static void alpha_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu)
- {
-     DisasContext *ctx = container_of(dcbase, DisasContext, base);
-     CPUAlphaState *env = cpu->env_ptr;
--    int64_t bound, mask;
-+    int64_t bound;
-     ctx->tbflags = ctx->base.tb->flags;
-     ctx->mem_idx = cpu_mmu_index(env, false);
-@@ -XXX,XX +XXX,XX @@ static void alpha_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu)
-     ctx->lit = NULL;
-     /* Bound the number of insns to execute to those left on the page.  */
--    if (in_superpage(ctx, ctx->base.pc_first)) {
--        mask = -1ULL << 41;
--    } else {
--        mask = TARGET_PAGE_MASK;
--    }
--    bound = -(ctx->base.pc_first | mask) / 4;
-+    bound = -(ctx->base.pc_first | TARGET_PAGE_MASK) / 4;
-     ctx->base.max_insns = MIN(ctx->base.max_insns, bound);
- }
---
-.25.1

-[PATCH 09/41] target/alpha: Use translator_use_goto_tb
+Deleted patch
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/alpha/translate.c | 7 +------
-file changed, 1 insertion(+), 6 deletions(-)
-diff --git a/target/alpha/translate.c b/target/alpha/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/alpha/translate.c
-+++ b/target/alpha/translate.c
-@@ -XXX,XX +XXX,XX @@ static DisasJumpType gen_store_conditional(DisasContext *ctx, int ra, int rb,
- static bool use_goto_tb(DisasContext *ctx, uint64_t dest)
- {
--#ifndef CONFIG_USER_ONLY
--    /* Check for the dest on the same page as the start of the TB.  */
--    return ((ctx->base.tb->pc ^ dest) & TARGET_PAGE_MASK) == 0;
--#else
--    return true;
--#endif
-+    return translator_use_goto_tb(&ctx->base, dest);
- }
- static DisasJumpType gen_bdirect(DisasContext *ctx, int ra, int32_t disp)
---
-.25.1

-[PATCH 10/41] target/arm: Use DISAS_TOO_MANY for ISB and SB
+Deleted patch
-Using gen_goto_tb directly misses the single-step check.
-Let the branch or debug exception be emitted by arm_tr_tb_stop.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/arm/translate.c | 4 ++--
-file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/target/arm/translate.c b/target/arm/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate.c
-+++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static bool trans_ISB(DisasContext *s, arg_ISB *a)
-      * self-modifying code correctly and also to take
-      * any pending interrupts immediately.
-      */
--    gen_goto_tb(s, 0, s->base.pc_next);
-+    s->base.is_jmp = DISAS_TOO_MANY;
-     return true;
- }
-@@ -XXX,XX +XXX,XX @@ static bool trans_SB(DisasContext *s, arg_SB *a)
-      * for TCG; MB and end the TB instead.
-      */
-     tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
--    gen_goto_tb(s, 0, s->base.pc_next);
-+    s->base.is_jmp = DISAS_TOO_MANY;
-     return true;
- }
---
-.25.1

-[PATCH 11/41] target/arm: Use translator_use_goto_tb for aarch64
+Deleted patch
-We have not needed to end a TB for I/O since ba3e7926691
-("icount: clean up cpu_can_io at the entry to the block"),
-and gdbstub singlestep is handled by the generic function.
-Drop the unused 'n' argument to use_goto_tb.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/arm/translate-a64.c | 25 +++++--------------------
-file changed, 5 insertions(+), 20 deletions(-)
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.c
-+++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ static void gen_step_complete_exception(DisasContext *s)
-     s->base.is_jmp = DISAS_NORETURN;
- }
--static inline bool use_goto_tb(DisasContext *s, int n, uint64_t dest)
-+static inline bool use_goto_tb(DisasContext *s, uint64_t dest)
- {
--    /* No direct tb linking with singlestep (either QEMU's or the ARM
--     * debug architecture kind) or deterministic io
--     */
--    if (s->base.singlestep_enabled || s->ss_active ||
--        (tb_cflags(s->base.tb) & CF_LAST_IO)) {
-+    if (s->ss_active) {
-         return false;
-     }
--
--#ifndef CONFIG_USER_ONLY
--    /* Only link tbs from inside the same guest page */
--    if ((s->base.tb->pc & TARGET_PAGE_MASK) != (dest & TARGET_PAGE_MASK)) {
--        return false;
--    }
--#endif
--
--    return true;
-+    return translator_use_goto_tb(&s->base, dest);
- }
- static inline void gen_goto_tb(DisasContext *s, int n, uint64_t dest)
- {
--    const TranslationBlock *tb;
--
--    tb = s->base.tb;
--    if (use_goto_tb(s, n, dest)) {
-+    if (use_goto_tb(s, dest)) {
-         tcg_gen_goto_tb(n);
-         gen_a64_set_pc_im(dest);
--        tcg_gen_exit_tb(tb, n);
-+        tcg_gen_exit_tb(s->base.tb, n);
-         s->base.is_jmp = DISAS_NORETURN;
-     } else {
-         gen_a64_set_pc_im(dest);
---
-.25.1

-[PATCH 12/41] target/arm: Use translator_use_goto_tb for aarch32
+Deleted patch
-Just use translator_use_goto_tb directly at the one call site,
-rather than maintaining a local wrapper.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/arm/translate.c | 12 +-----------
-file changed, 1 insertion(+), 11 deletions(-)
-diff --git a/target/arm/translate.c b/target/arm/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate.c
-+++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static int disas_dsp_insn(DisasContext *s, uint32_t insn)
-     return 1;
- }
--static inline bool use_goto_tb(DisasContext *s, target_ulong dest)
--{
--#ifndef CONFIG_USER_ONLY
--    return (s->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK) ||
--           ((s->base.pc_next - 1) & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
--#else
--    return true;
--#endif
--}
--
- static void gen_goto_ptr(void)
- {
-     tcg_gen_lookup_and_goto_ptr();
-@@ -XXX,XX +XXX,XX @@ static void gen_goto_ptr(void)
-  */
- static void gen_goto_tb(DisasContext *s, int n, target_ulong dest)
- {
--    if (use_goto_tb(s, dest)) {
-+    if (translator_use_goto_tb(&s->base, dest)) {
-         tcg_gen_goto_tb(n);
-         gen_set_pc_im(s, dest);
-         tcg_gen_exit_tb(s->base.tb, n);
---
-.25.1

-[PATCH 13/41] target/avr: Use translator_use_goto_tb
+Deleted patch
-Single stepping is not the only reason not to use goto_tb.
-If goto_tb is disallowed, and single-stepping is not enabled,
-then use tcg_gen_lookup_and_goto_tb to indirectly chain.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/avr/translate.c | 9 ++++++---
-file changed, 6 insertions(+), 3 deletions(-)
-diff --git a/target/avr/translate.c b/target/avr/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/avr/translate.c
-+++ b/target/avr/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
- {
-     const TranslationBlock *tb = ctx->base.tb;
--    if (!ctx->base.singlestep_enabled) {
-+    if (translator_use_goto_tb(&ctx->base, dest)) {
-         tcg_gen_goto_tb(n);
-         tcg_gen_movi_i32(cpu_pc, dest);
-         tcg_gen_exit_tb(tb, n);
-     } else {
-         tcg_gen_movi_i32(cpu_pc, dest);
--        gen_helper_debug(cpu_env);
--        tcg_gen_exit_tb(NULL, 0);
-+        if (ctx->base.singlestep_enabled) {
-+            gen_helper_debug(cpu_env);
-+        } else {
-+            tcg_gen_lookup_and_goto_ptr();
-+        }
-     }
-     ctx->base.is_jmp = DISAS_NORETURN;
- }
---
-.25.1

-[PATCH 14/41] target/avr: Mark some helpers noreturn
+Deleted patch
-All of these helpers end with cpu_loop_exit.
-Reviewed-by: Michael Rolnik <mrolnik@gmail.com>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/avr/helper.h | 8 ++++----
-file changed, 4 insertions(+), 4 deletions(-)
-diff --git a/target/avr/helper.h b/target/avr/helper.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/avr/helper.h
-+++ b/target/avr/helper.h
-@@ -XXX,XX +XXX,XX @@
-  */
- DEF_HELPER_1(wdr, void, env)
--DEF_HELPER_1(debug, void, env)
--DEF_HELPER_1(break, void, env)
--DEF_HELPER_1(sleep, void, env)
--DEF_HELPER_1(unsupported, void, env)
-+DEF_HELPER_1(debug, noreturn, env)
-+DEF_HELPER_1(break, noreturn, env)
-+DEF_HELPER_1(sleep, noreturn, env)
-+DEF_HELPER_1(unsupported, noreturn, env)
- DEF_HELPER_3(outb, void, env, i32, i32)
- DEF_HELPER_2(inb, tl, env, i32)
- DEF_HELPER_3(fullwr, void, env, i32, i32)
---
-.25.1

-[PATCH 15/41] target/cris: Use translator_use_goto_tb
+Deleted patch
-The test for singlestepping is done in translator_use_goto_tb,
-so we may elide it from cris_tr_tb_stop.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/cris/translate.c | 5 ++---
-file changed, 2 insertions(+), 3 deletions(-)
-diff --git a/target/cris/translate.c b/target/cris/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/cris/translate.c
-+++ b/target/cris/translate.c
-@@ -XXX,XX +XXX,XX @@ static void t_gen_swapr(TCGv d, TCGv s)
- static bool use_goto_tb(DisasContext *dc, target_ulong dest)
- {
--    return ((dest ^ dc->base.pc_first) & TARGET_PAGE_MASK) == 0;
-+    return translator_use_goto_tb(&dc->base, dest);
- }
- static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
-@@ -XXX,XX +XXX,XX @@ static void cris_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
-              * Use a conditional branch if either taken or not-taken path
-              * can use goto_tb.  If neither can, then treat it as indirect.
-              */
--            if (likely(!dc->base.singlestep_enabled)
--                && likely(!dc->cpustate_changed)
-+            if (likely(!dc->cpustate_changed)
-                 && (use_goto_tb(dc, dc->jmp_pc) || use_goto_tb(dc, npc))) {
-                 TCGLabel *not_taken = gen_new_label();
---
-.25.1

-[PATCH 16/41] target/hppa: Use translator_use_goto_tb
+Deleted patch
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/hppa/translate.c | 5 +----
-file changed, 1 insertion(+), 4 deletions(-)
-diff --git a/target/hppa/translate.c b/target/hppa/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/hppa/translate.c
-+++ b/target/hppa/translate.c
-@@ -XXX,XX +XXX,XX @@ static bool gen_illegal(DisasContext *ctx)
- static bool use_goto_tb(DisasContext *ctx, target_ureg dest)
- {
--    /* Suppress goto_tb for page crossing, IO, or single-steping.  */
--    return !(((ctx->base.pc_first ^ dest) & TARGET_PAGE_MASK)
--             || (tb_cflags(ctx->base.tb) & CF_LAST_IO)
--             || ctx->base.singlestep_enabled);
-+    return translator_use_goto_tb(&ctx->base, dest);
- }
- /* If the next insn is to be nullified, and it's on the same page,
---
-.25.1

-[PATCH 17/41] target/i386: Use translator_use_goto_tb
+Deleted patch
-Just use translator_use_goto_tb directly at the one call site,
-rather than maintaining a local wrapper.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/i386/tcg/translate.c | 14 ++------------
-file changed, 2 insertions(+), 12 deletions(-)
-diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/i386/tcg/translate.c
-+++ b/target/i386/tcg/translate.c
-@@ -XXX,XX +XXX,XX @@ static inline int insn_const_size(MemOp ot)
-     }
- }
--static inline bool use_goto_tb(DisasContext *s, target_ulong pc)
--{
--#ifndef CONFIG_USER_ONLY
--    return (pc & TARGET_PAGE_MASK) == (s->base.tb->pc & TARGET_PAGE_MASK) ||
--           (pc & TARGET_PAGE_MASK) == (s->pc_start & TARGET_PAGE_MASK);
--#else
--    return true;
--#endif
--}
--
--static inline void gen_goto_tb(DisasContext *s, int tb_num, target_ulong eip)
-+static void gen_goto_tb(DisasContext *s, int tb_num, target_ulong eip)
- {
-     target_ulong pc = s->cs_base + eip;
--    if (use_goto_tb(s, pc))  {
-+    if (translator_use_goto_tb(&s->base, pc))  {
-         /* jump to same page: we can use a direct jump */
-         tcg_gen_goto_tb(tb_num);
-         gen_jmp_im(s, eip);
---
-.25.1

-[PATCH 18/41] target/m68k: Use translator_use_goto_tb
+Deleted patch
-Just use translator_use_goto_tb directly at the one call site,
-rather than maintaining a local wrapper.
-Acked-by: Laurent Vivier <laurent@vivier.eu>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/m68k/translate.c | 12 +-----------
-file changed, 1 insertion(+), 11 deletions(-)
-diff --git a/target/m68k/translate.c b/target/m68k/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/m68k/translate.c
-+++ b/target/m68k/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_exit_tb(DisasContext *s)
-         }                                                               \
-     } while (0)
--static inline bool use_goto_tb(DisasContext *s, uint32_t dest)
--{
--#ifndef CONFIG_USER_ONLY
--    return (s->base.pc_first & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK)
--        || (s->base.pc_next & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
--#else
--    return true;
--#endif
--}
--
- /* Generate a jump to an immediate address.  */
- static void gen_jmp_tb(DisasContext *s, int n, uint32_t dest)
- {
-@@ -XXX,XX +XXX,XX @@ static void gen_jmp_tb(DisasContext *s, int n, uint32_t dest)
-         update_cc_op(s);
-         tcg_gen_movi_i32(QREG_PC, dest);
-         gen_singlestep_exception(s);
--    } else if (use_goto_tb(s, dest)) {
-+    } else if (translator_use_goto_tb(&s->base, dest)) {
-         tcg_gen_goto_tb(n);
-         tcg_gen_movi_i32(QREG_PC, dest);
-         tcg_gen_exit_tb(s->base.tb, n);
---
-.25.1

-[PATCH 19/41] target/microblaze: Use translator_use_goto_tb
+Deleted patch
-Just use translator_use_goto_tb directly at the one call site,
-rather than maintaining a local wrapper.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/microblaze/translate.c | 11 +----------
-file changed, 1 insertion(+), 10 deletions(-)
-diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/microblaze/translate.c
-+++ b/target/microblaze/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_raise_hw_excp(DisasContext *dc, uint32_t esr_ec)
-     gen_raise_exception_sync(dc, EXCP_HW_EXCP);
- }
--static inline bool use_goto_tb(DisasContext *dc, target_ulong dest)
--{
--#ifndef CONFIG_USER_ONLY
--    return (dc->base.pc_first & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
--#else
--    return true;
--#endif
--}
--
- static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
- {
-     if (dc->base.singlestep_enabled) {
-@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
-         tcg_gen_movi_i32(cpu_pc, dest);
-         gen_helper_raise_exception(cpu_env, tmp);
-         tcg_temp_free_i32(tmp);
--    } else if (use_goto_tb(dc, dest)) {
-+    } else if (translator_use_goto_tb(&dc->base, dest)) {
-         tcg_gen_goto_tb(n);
-         tcg_gen_movi_i32(cpu_pc, dest);
-         tcg_gen_exit_tb(dc->base.tb, n);
---
-.25.1

-[PATCH 20/41] target/mips: Use translator_use_goto_tb
+Deleted patch
-Just use translator_use_goto_tb directly at the one call site,
-rather than maintaining a local wrapper.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/mips/tcg/translate.c | 17 ++---------------
-file changed, 2 insertions(+), 15 deletions(-)
-diff --git a/target/mips/tcg/translate.c b/target/mips/tcg/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/mips/tcg/translate.c
-+++ b/target/mips/tcg/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_trap(DisasContext *ctx, uint32_t opc,
-     tcg_temp_free(t1);
- }
--static inline bool use_goto_tb(DisasContext *ctx, target_ulong dest)
-+static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
- {
--    if (unlikely(ctx->base.singlestep_enabled)) {
--        return false;
--    }
--
--#ifndef CONFIG_USER_ONLY
--    return (ctx->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
--#else
--    return true;
--#endif
--}
--
--static inline void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
--{
--    if (use_goto_tb(ctx, dest)) {
-+    if (translator_use_goto_tb(&ctx->base, dest)) {
-         tcg_gen_goto_tb(n);
-         gen_save_pc(dest);
-         tcg_gen_exit_tb(ctx->base.tb, n);
---
-.25.1

-[PATCH 21/41] target/mips: Fix missing else in gen_goto_tb
+Deleted patch
-Do not emit dead code for the singlestep_enabled case,
-after having exited the TB with a debug exception.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/mips/tcg/translate.c | 3 ++-
-file changed, 2 insertions(+), 1 deletion(-)
-diff --git a/target/mips/tcg/translate.c b/target/mips/tcg/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/mips/tcg/translate.c
-+++ b/target/mips/tcg/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
-         if (ctx->base.singlestep_enabled) {
-             save_cpu_state(ctx, 0);
-             gen_helper_raise_exception_debug(cpu_env);
-+        } else {
-+            tcg_gen_lookup_and_goto_ptr();
-         }
--        tcg_gen_lookup_and_goto_ptr();
-     }
- }
---
-.25.1

-[PATCH 22/41] target/nios2: Use translator_use_goto_tb
+Deleted patch
-Just use translator_use_goto_tb directly at the one call site,
-rather than maintaining a local wrapper.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/nios2/translate.c | 15 +--------------
-file changed, 1 insertion(+), 14 deletions(-)
-diff --git a/target/nios2/translate.c b/target/nios2/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/nios2/translate.c
-+++ b/target/nios2/translate.c
-@@ -XXX,XX +XXX,XX @@ static void t_gen_helper_raise_exception(DisasContext *dc,
-     dc->base.is_jmp = DISAS_NORETURN;
- }
--static bool use_goto_tb(DisasContext *dc, uint32_t dest)
--{
--    if (unlikely(dc->base.singlestep_enabled)) {
--        return false;
--    }
--
--#ifndef CONFIG_USER_ONLY
--    return (dc->base.pc_first & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
--#else
--    return true;
--#endif
--}
--
- static void gen_goto_tb(DisasContext *dc, int n, uint32_t dest)
- {
-     const TranslationBlock *tb = dc->base.tb;
--    if (use_goto_tb(dc, dest)) {
-+    if (translator_use_goto_tb(&dc->base, dest)) {
-         tcg_gen_goto_tb(n);
-         tcg_gen_movi_tl(cpu_R[R_PC], dest);
-         tcg_gen_exit_tb(tb, n);
---
-.25.1

-[PATCH 23/41] target/openrisc: Use translator_use_goto_tb
+Deleted patch
-Reorder the control statements to allow using the page boundary
-check from translator_use_goto_tb().
-Reviewed-by: Stafford Horne <shorne@gmail.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/openrisc/translate.c | 15 ++++++++-------
-file changed, 8 insertions(+), 7 deletions(-)
-diff --git a/target/openrisc/translate.c b/target/openrisc/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/openrisc/translate.c
-+++ b/target/openrisc/translate.c
-@@ -XXX,XX +XXX,XX @@ static void openrisc_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
-         /* fallthru */
-     case DISAS_TOO_MANY:
--        if (unlikely(dc->base.singlestep_enabled)) {
--            tcg_gen_movi_tl(cpu_pc, jmp_dest);
--            gen_exception(dc, EXCP_DEBUG);
--        } else if ((dc->base.pc_first ^ jmp_dest) & TARGET_PAGE_MASK) {
--            tcg_gen_movi_tl(cpu_pc, jmp_dest);
--            tcg_gen_lookup_and_goto_ptr();
--        } else {
-+        if (translator_use_goto_tb(&dc->base, jmp_dest)) {
-             tcg_gen_goto_tb(0);
-             tcg_gen_movi_tl(cpu_pc, jmp_dest);
-             tcg_gen_exit_tb(dc->base.tb, 0);
-+            break;
-+        }
-+        tcg_gen_movi_tl(cpu_pc, jmp_dest);
-+        if (unlikely(dc->base.singlestep_enabled)) {
-+            gen_exception(dc, EXCP_DEBUG);
-+        } else {
-+            tcg_gen_lookup_and_goto_ptr();
-         }
-         break;
---
-.25.1

-[PATCH 24/41] target/ppc: Use translator_use_goto_tb
+Deleted patch
-Reviewed-by: Luis Pires <luis.pires@eldorado.org.br>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/ppc/translate.c | 10 +---------
-file changed, 1 insertion(+), 9 deletions(-)
-diff --git a/target/ppc/translate.c b/target/ppc/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/ppc/translate.c
-+++ b/target/ppc/translate.c
-@@ -XXX,XX +XXX,XX @@ static inline void gen_update_cfar(DisasContext *ctx, target_ulong nip)
- static inline bool use_goto_tb(DisasContext *ctx, target_ulong dest)
- {
--    if (unlikely(ctx->singlestep_enabled)) {
--        return false;
--    }
--
--#ifndef CONFIG_USER_ONLY
--    return (ctx->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
--#else
--    return true;
--#endif
-+    return translator_use_goto_tb(&ctx->base, dest);
- }
- static void gen_lookup_and_goto_ptr(DisasContext *ctx)
---
-.25.1

-[PATCH 25/41] target/riscv: Use translator_use_goto_tb
+Deleted patch
-Just use translator_use_goto_tb directly at the one call site,
-rather than maintaining a local wrapper.
-Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/riscv/translate.c | 20 +-------------------
-file changed, 1 insertion(+), 19 deletions(-)
-diff --git a/target/riscv/translate.c b/target/riscv/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/riscv/translate.c
-+++ b/target/riscv/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_exception_inst_addr_mis(DisasContext *ctx)
-     generate_exception_mtval(ctx, RISCV_EXCP_INST_ADDR_MIS);
- }
--static inline bool use_goto_tb(DisasContext *ctx, target_ulong dest)
--{
--    if (unlikely(ctx->base.singlestep_enabled)) {
--        return false;
--    }
--
--#ifndef CONFIG_USER_ONLY
--    return (ctx->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
--#else
--    return true;
--#endif
--}
--
- static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
- {
--    if (use_goto_tb(ctx, dest)) {
--        /* chaining is only allowed when the jump is to the same page */
-+    if (translator_use_goto_tb(&ctx->base, dest)) {
-         tcg_gen_goto_tb(n);
-         tcg_gen_movi_tl(cpu_pc, dest);
--
--        /* No need to check for single stepping here as use_goto_tb() will
--         * return false in case of single stepping.
--         */
-         tcg_gen_exit_tb(ctx->base.tb, n);
-     } else {
-         tcg_gen_movi_tl(cpu_pc, dest);
---
-.25.1

-[PATCH 26/41] target/rx: Use translator_use_goto_tb
+Deleted patch
-Just use translator_use_goto_tb directly at the one call site,
-rather than maintaining a local wrapper.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/rx/translate.c | 11 +----------
-file changed, 1 insertion(+), 10 deletions(-)
-diff --git a/target/rx/translate.c b/target/rx/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/rx/translate.c
-+++ b/target/rx/translate.c
-@@ -XXX,XX +XXX,XX @@ void rx_cpu_dump_state(CPUState *cs, FILE *f, int flags)
-     }
- }
--static bool use_goto_tb(DisasContext *dc, target_ulong dest)
--{
--    if (unlikely(dc->base.singlestep_enabled)) {
--        return false;
--    } else {
--        return true;
--    }
--}
--
- static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
- {
--    if (use_goto_tb(dc, dest)) {
-+    if (translator_use_goto_tb(&dc->base, dest)) {
-         tcg_gen_goto_tb(n);
-         tcg_gen_movi_i32(cpu_pc, dest);
-         tcg_gen_exit_tb(dc->base.tb, n);
---
-.25.1

-[PATCH 27/41] target/s390x: Use translator_use_goto_tb
+Deleted patch
-Reviewed-by: David Hildenbrand <david@redhat.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/s390x/translate.c | 7 +------
-file changed, 1 insertion(+), 6 deletions(-)
-diff --git a/target/s390x/translate.c b/target/s390x/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/s390x/translate.c
-+++ b/target/s390x/translate.c
-@@ -XXX,XX +XXX,XX @@ static bool use_goto_tb(DisasContext *s, uint64_t dest)
-     if (unlikely(use_exit_tb(s))) {
-         return false;
-     }
--#ifndef CONFIG_USER_ONLY
--    return (dest & TARGET_PAGE_MASK) == (s->base.tb->pc & TARGET_PAGE_MASK) ||
--           (dest & TARGET_PAGE_MASK) == (s->base.pc_next & TARGET_PAGE_MASK);
--#else
--    return true;
--#endif
-+    return translator_use_goto_tb(&s->base, dest);
- }
- static void account_noninline_branch(DisasContext *s, int cc_op)
---
-.25.1

-[PATCH 28/41] target/s390x: Remove use_exit_tb
+Deleted patch
-We have not needed to end a TB for I/O since ba3e7926691
-("icount: clean up cpu_can_io at the entry to the block").
-In use_goto_tb, the check for singlestep_enabled is in the
-generic translator_use_goto_tb.  In s390x_tr_tb_stop, the
-check for singlestep_enabled is in the preceding do_debug test.
-Which leaves only FLAG_MASK_PER: fold that test alone into
-the two callers of use_exit tb.
-Reviewed-by: David Hildenbrand <david@redhat.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/s390x/translate.c | 11 ++---------
-file changed, 2 insertions(+), 9 deletions(-)
-diff --git a/target/s390x/translate.c b/target/s390x/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/s390x/translate.c
-+++ b/target/s390x/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_op_calc_cc(DisasContext *s)
-     set_cc_static(s);
- }
--static bool use_exit_tb(DisasContext *s)
--{
--    return s->base.singlestep_enabled ||
--            (tb_cflags(s->base.tb) & CF_LAST_IO) ||
--            (s->base.tb->flags & FLAG_MASK_PER);
--}
--
- static bool use_goto_tb(DisasContext *s, uint64_t dest)
- {
--    if (unlikely(use_exit_tb(s))) {
-+    if (unlikely(s->base.tb->flags & FLAG_MASK_PER)) {
-         return false;
-     }
-     return translator_use_goto_tb(&s->base, dest);
-@@ -XXX,XX +XXX,XX @@ static void s390x_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
-         /* Exit the TB, either by raising a debug exception or by return.  */
-         if (dc->do_debug) {
-             gen_exception(EXCP_DEBUG);
--        } else if (use_exit_tb(dc) ||
-+        } else if ((dc->base.tb->flags & FLAG_MASK_PER) ||
-                    dc->base.is_jmp == DISAS_PC_STALE_NOCHAIN) {
-             tcg_gen_exit_tb(NULL, 0);
-         } else {
---
-.25.1

-[PATCH 29/41] target/sh4: Use translator_use_goto_tb
+Deleted patch
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/sh4/translate.c | 11 +++--------
-file changed, 3 insertions(+), 8 deletions(-)
-diff --git a/target/sh4/translate.c b/target/sh4/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/sh4/translate.c
-+++ b/target/sh4/translate.c
-@@ -XXX,XX +XXX,XX @@ static inline bool use_exit_tb(DisasContext *ctx)
-     return (ctx->tbflags & GUSA_EXCLUSIVE) != 0;
- }
--static inline bool use_goto_tb(DisasContext *ctx, target_ulong dest)
-+static bool use_goto_tb(DisasContext *ctx, target_ulong dest)
- {
--    /* Use a direct jump if in same page and singlestep not enabled */
--    if (unlikely(ctx->base.singlestep_enabled || use_exit_tb(ctx))) {
-+    if (use_exit_tb(ctx)) {
-         return false;
-     }
--#ifndef CONFIG_USER_ONLY
--    return (ctx->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
--#else
--    return true;
--#endif
-+    return translator_use_goto_tb(&ctx->base, dest);
- }
- static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
---
-.25.1

-[PATCH 30/41] target/sparc: Use translator_use_goto_tb
+Deleted patch
-Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/sparc/translate.c | 19 +++++--------------
-file changed, 5 insertions(+), 14 deletions(-)
-diff --git a/target/sparc/translate.c b/target/sparc/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/sparc/translate.c
-+++ b/target/sparc/translate.c
-@@ -XXX,XX +XXX,XX @@ static inline TCGv gen_dest_gpr(DisasContext *dc, int reg)
-     }
- }
--static inline bool use_goto_tb(DisasContext *s, target_ulong pc,
--                               target_ulong npc)
-+static bool use_goto_tb(DisasContext *s, target_ulong pc, target_ulong npc)
- {
--    if (unlikely(s->base.singlestep_enabled || singlestep)) {
--        return false;
--    }
--
--#ifndef CONFIG_USER_ONLY
--    return (pc & TARGET_PAGE_MASK) == (s->base.tb->pc & TARGET_PAGE_MASK) &&
--           (npc & TARGET_PAGE_MASK) == (s->base.tb->pc & TARGET_PAGE_MASK);
--#else
--    return true;
--#endif
-+    return translator_use_goto_tb(&s->base, pc) &&
-+           translator_use_goto_tb(&s->base, npc);
- }
--static inline void gen_goto_tb(DisasContext *s, int tb_num,
--                               target_ulong pc, target_ulong npc)
-+static void gen_goto_tb(DisasContext *s, int tb_num,
-+                        target_ulong pc, target_ulong npc)
- {
-     if (use_goto_tb(s, pc, npc))  {
-         /* jump to same page: we can use a direct jump */
---
-.25.1

-[PATCH 31/41] target/tricore: Use translator_use_goto_tb
+Deleted patch
-Just use translator_use_goto_tb directly at the one call site,
-rather than maintaining a local wrapper.
-Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/tricore/translate.c | 17 ++---------------
-file changed, 2 insertions(+), 15 deletions(-)
-diff --git a/target/tricore/translate.c b/target/tricore/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/tricore/translate.c
-+++ b/target/tricore/translate.c
-@@ -XXX,XX +XXX,XX @@ static inline void gen_save_pc(target_ulong pc)
-     tcg_gen_movi_tl(cpu_PC, pc);
- }
--static inline bool use_goto_tb(DisasContext *ctx, target_ulong dest)
--{
--    if (unlikely(ctx->base.singlestep_enabled)) {
--        return false;
--    }
--
--#ifndef CONFIG_USER_ONLY
--    return (ctx->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
--#else
--    return true;
--#endif
--}
--
- static void generate_qemu_excp(DisasContext *ctx, int excp)
- {
-     TCGv_i32 tmp = tcg_const_i32(excp);
-@@ -XXX,XX +XXX,XX @@ static void generate_qemu_excp(DisasContext *ctx, int excp)
-     tcg_temp_free(tmp);
- }
--static inline void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
-+static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
- {
--    if (use_goto_tb(ctx, dest)) {
-+    if (translator_use_goto_tb(&ctx->base, dest)) {
-         tcg_gen_goto_tb(n);
-         gen_save_pc(dest);
-         tcg_gen_exit_tb(ctx->base.tb, n);
---
-.25.1

-[PATCH 32/41] target/tricore: Use tcg_gen_lookup_and_goto_ptr
+Deleted patch
-The non-single-step case of gen_goto_tb may use
-tcg_gen_lookup_and_goto_ptr to indirectly chain.
-Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/tricore/translate.c | 3 ++-
-file changed, 2 insertions(+), 1 deletion(-)
-diff --git a/target/tricore/translate.c b/target/tricore/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/tricore/translate.c
-+++ b/target/tricore/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
-         gen_save_pc(dest);
-         if (ctx->base.singlestep_enabled) {
-             generate_qemu_excp(ctx, EXCP_DEBUG);
-+        } else {
-+            tcg_gen_lookup_and_goto_ptr();
-         }
--        tcg_gen_exit_tb(NULL, 0);
-     }
- }
---
-.25.1

-[PATCH 33/41] target/xtensa: Use translator_use_goto_tb
+Deleted patch
-Reviewed-by: Max Filippov <jcmvbkbc@gmail.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/xtensa/translate.c | 6 +-----
-file changed, 1 insertion(+), 5 deletions(-)
-diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/xtensa/translate.c
-+++ b/target/xtensa/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_jump(DisasContext *dc, TCGv dest)
- static int adjust_jump_slot(DisasContext *dc, uint32_t dest, int slot)
- {
--    if (((dc->base.pc_first ^ dest) & TARGET_PAGE_MASK) != 0) {
--        return -1;
--    } else {
--        return slot;
--    }
-+    return translator_use_goto_tb(&dc->base, dest) ? slot : -1;
- }
- static void gen_jumpi(DisasContext *dc, uint32_t dest, int slot)
---
-.25.1

-[PATCH 34/41] tcg: Fix prologue disassembly
+Deleted patch
-In tcg_region_prologue_set, we reset TCGContext.code_gen_ptr.
-So do that after we've used it to dump the prologue contents.
-Fixes: b0a0794a0f16
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- tcg/tcg.c | 4 ++--
-file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/tcg/tcg.c b/tcg/tcg.c
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/tcg.c
-+++ b/tcg/tcg.c
-@@ -XXX,XX +XXX,XX @@ void tcg_prologue_init(TCGContext *s)
-                         (uintptr_t)s->code_buf, prologue_size);
- #endif
--    tcg_region_prologue_set(s);
--
- #ifdef DEBUG_DISAS
-     if (qemu_loglevel_mask(CPU_LOG_TB_OUT_ASM)) {
-         FILE *logfile = qemu_log_lock();
-@@ -XXX,XX +XXX,XX @@ void tcg_prologue_init(TCGContext *s)
-         tcg_debug_assert(tcg_code_gen_epilogue != NULL);
-     }
- #endif
-+
-+    tcg_region_prologue_set(s);
- }
- void tcg_func_start(TCGContext *s)
---
-.25.1

-[PATCH 35/41] target/i386: Use cpu_breakpoint_test in breakpoint_handler
+Deleted patch
-The loop is performing a simple boolean test for the existence
-of a BP_CPU breakpoint at EIP.  Plus it gets the iteration wrong,
-if we happen to have a BP_GDB breakpoint at the same address.
-We have a function for this: cpu_breakpoint_test.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
-Message-Id: <20210620062317.1399034-1-richard.henderson@linaro.org>
----
- target/i386/tcg/sysemu/bpt_helper.c | 12 +++---------
-file changed, 3 insertions(+), 9 deletions(-)
-diff --git a/target/i386/tcg/sysemu/bpt_helper.c b/target/i386/tcg/sysemu/bpt_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/i386/tcg/sysemu/bpt_helper.c
-+++ b/target/i386/tcg/sysemu/bpt_helper.c
-@@ -XXX,XX +XXX,XX @@ void breakpoint_handler(CPUState *cs)
- {
-     X86CPU *cpu = X86_CPU(cs);
-     CPUX86State *env = &cpu->env;
--    CPUBreakpoint *bp;
-     if (cs->watchpoint_hit) {
-         if (cs->watchpoint_hit->flags & BP_CPU) {
-@@ -XXX,XX +XXX,XX @@ void breakpoint_handler(CPUState *cs)
-             }
-         }
-     } else {
--        QTAILQ_FOREACH(bp, &cs->breakpoints, entry) {
--            if (bp->pc == env->eip) {
--                if (bp->flags & BP_CPU) {
--                    check_hw_breakpoints(env, true);
--                    raise_exception(env, EXCP01_DB);
--                }
--                break;
--            }
-+        if (cpu_breakpoint_test(cs, env->eip, BP_CPU)) {
-+            check_hw_breakpoints(env, true);
-+            raise_exception(env, EXCP01_DB);
-         }
-     }
- }
---
-.25.1

-[PATCH 36/41] accel/tcg: Move helper_lookup_tb_ptr to cpu-exec.c
+Deleted patch
-This will allow additional code sharing.
-No functional change.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- accel/tcg/cpu-exec.c    | 30 ++++++++++++++++++++++++++++++
- accel/tcg/tcg-runtime.c | 22 ----------------------
-files changed, 30 insertions(+), 22 deletions(-)
-diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/cpu-exec.c
-+++ b/accel/tcg/cpu-exec.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/cpu-all.h"
- #include "sysemu/cpu-timers.h"
- #include "sysemu/replay.h"
-+#include "exec/helper-proto.h"
- #include "tb-hash.h"
- #include "tb-lookup.h"
- #include "tb-context.h"
-@@ -XXX,XX +XXX,XX @@ static void init_delay_params(SyncClocks *sc, const CPUState *cpu)
- }
- #endif /* CONFIG USER ONLY */
-+/**
-+ * helper_lookup_tb_ptr: quick check for next tb
-+ * @env: current cpu state
-+ *
-+ * Look for an existing TB matching the current cpu state.
-+ * If found, return the code pointer.  If not found, return
-+ * the tcg epilogue so that we return into cpu_tb_exec.
-+ */
-+const void *HELPER(lookup_tb_ptr)(CPUArchState *env)
-+{
-+    CPUState *cpu = env_cpu(env);
-+    TranslationBlock *tb;
-+    target_ulong cs_base, pc;
-+    uint32_t flags;
-+
-+    cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
-+
-+    tb = tb_lookup(cpu, pc, cs_base, flags, curr_cflags(cpu));
-+    if (tb == NULL) {
-+        return tcg_code_gen_epilogue;
-+    }
-+    qemu_log_mask_and_addr(CPU_LOG_EXEC, pc,
-+                           "Chain %d: %p ["
-+                           TARGET_FMT_lx "/" TARGET_FMT_lx "/%#x] %s\n",
-+                           cpu->cpu_index, tb->tc.ptr, cs_base, pc, flags,
-+                           lookup_symbol(pc));
-+    return tb->tc.ptr;
-+}
-+
- /* Execute a TB, and fix up the CPU state afterwards if necessary */
- /*
-  * Disable CFI checks.
-diff --git a/accel/tcg/tcg-runtime.c b/accel/tcg/tcg-runtime.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/tcg-runtime.c
-+++ b/accel/tcg/tcg-runtime.c
-@@ -XXX,XX +XXX,XX @@
- #include "disas/disas.h"
- #include "exec/log.h"
- #include "tcg/tcg.h"
--#include "tb-lookup.h"
- /* 32-bit helpers */
-@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(ctpop_i64)(uint64_t arg)
-     return ctpop64(arg);
- }
--const void *HELPER(lookup_tb_ptr)(CPUArchState *env)
--{
--    CPUState *cpu = env_cpu(env);
--    TranslationBlock *tb;
--    target_ulong cs_base, pc;
--    uint32_t flags;
--
--    cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
--
--    tb = tb_lookup(cpu, pc, cs_base, flags, curr_cflags(cpu));
--    if (tb == NULL) {
--        return tcg_code_gen_epilogue;
--    }
--    qemu_log_mask_and_addr(CPU_LOG_EXEC, pc,
--                           "Chain %d: %p ["
--                           TARGET_FMT_lx "/" TARGET_FMT_lx "/%#x] %s\n",
--                           cpu->cpu_index, tb->tc.ptr, cs_base, pc, flags,
--                           lookup_symbol(pc));
--    return tb->tc.ptr;
--}
--
- void HELPER(exit_atomic)(CPUArchState *env)
- {
-     cpu_loop_exit_atomic(env_cpu(env), GETPC());
---
-.25.1

-[PATCH 37/41] accel/tcg: Move tb_lookup to cpu-exec.c
+Deleted patch
-Now that we've moved helper_lookup_tb_ptr, the only user
-of tb-lookup.h is cpu-exec.c; merge the contents in.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- accel/tcg/tb-lookup.h | 49 -------------------------------------------
- accel/tcg/cpu-exec.c  | 31 ++++++++++++++++++++++++++-
-files changed, 30 insertions(+), 50 deletions(-)
- delete mode 100644 accel/tcg/tb-lookup.h
-diff --git a/accel/tcg/tb-lookup.h b/accel/tcg/tb-lookup.h
-deleted file mode 100644
-index XXXXXXX..XXXXXXX
---- a/accel/tcg/tb-lookup.h
-+++ /dev/null
-@@ -XXX,XX +XXX,XX @@
--/*
-- * Copyright (C) 2017, Emilio G. Cota <cota@braap.org>
-- *
-- * License: GNU GPL, version 2 or later.
-- *   See the COPYING file in the top-level directory.
-- */
--#ifndef EXEC_TB_LOOKUP_H
--#define EXEC_TB_LOOKUP_H
--
--#ifdef NEED_CPU_H
--#include "cpu.h"
--#else
--#include "exec/poison.h"
--#endif
--
--#include "exec/exec-all.h"
--#include "tb-hash.h"
--
--/* Might cause an exception, so have a longjmp destination ready */
--static inline TranslationBlock *tb_lookup(CPUState *cpu, target_ulong pc,
--                                          target_ulong cs_base,
--                                          uint32_t flags, uint32_t cflags)
--{
--    TranslationBlock *tb;
--    uint32_t hash;
--
--    /* we should never be trying to look up an INVALID tb */
--    tcg_debug_assert(!(cflags & CF_INVALID));
--
--    hash = tb_jmp_cache_hash_func(pc);
--    tb = qatomic_rcu_read(&cpu->tb_jmp_cache[hash]);
--
--    if (likely(tb &&
--               tb->pc == pc &&
--               tb->cs_base == cs_base &&
--               tb->flags == flags &&
--               tb->trace_vcpu_dstate == *cpu->trace_dstate &&
--               tb_cflags(tb) == cflags)) {
--        return tb;
--    }
--    tb = tb_htable_lookup(cpu, pc, cs_base, flags, cflags);
--    if (tb == NULL) {
--        return NULL;
--    }
--    qatomic_set(&cpu->tb_jmp_cache[hash], tb);
--    return tb;
--}
--
--#endif /* EXEC_TB_LOOKUP_H */
-diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/cpu-exec.c
-+++ b/accel/tcg/cpu-exec.c
-@@ -XXX,XX +XXX,XX @@
- #include "sysemu/replay.h"
- #include "exec/helper-proto.h"
- #include "tb-hash.h"
--#include "tb-lookup.h"
- #include "tb-context.h"
- #include "internal.h"
-@@ -XXX,XX +XXX,XX @@ static void init_delay_params(SyncClocks *sc, const CPUState *cpu)
- }
- #endif /* CONFIG USER ONLY */
-+/* Might cause an exception, so have a longjmp destination ready */
-+static inline TranslationBlock *tb_lookup(CPUState *cpu, target_ulong pc,
-+                                          target_ulong cs_base,
-+                                          uint32_t flags, uint32_t cflags)
-+{
-+    TranslationBlock *tb;
-+    uint32_t hash;
-+
-+    /* we should never be trying to look up an INVALID tb */
-+    tcg_debug_assert(!(cflags & CF_INVALID));
-+
-+    hash = tb_jmp_cache_hash_func(pc);
-+    tb = qatomic_rcu_read(&cpu->tb_jmp_cache[hash]);
-+
-+    if (likely(tb &&
-+               tb->pc == pc &&
-+               tb->cs_base == cs_base &&
-+               tb->flags == flags &&
-+               tb->trace_vcpu_dstate == *cpu->trace_dstate &&
-+               tb_cflags(tb) == cflags)) {
-+        return tb;
-+    }
-+    tb = tb_htable_lookup(cpu, pc, cs_base, flags, cflags);
-+    if (tb == NULL) {
-+        return NULL;
-+    }
-+    qatomic_set(&cpu->tb_jmp_cache[hash], tb);
-+    return tb;
-+}
-+
- /**
-  * helper_lookup_tb_ptr: quick check for next tb
-  * @env: current cpu state
---
-.25.1

-[PATCH 38/41] accel/tcg: Split out log_cpu_exec
+Deleted patch
-Split out CPU_LOG_EXEC and CPU_LOG_TB_CPU logging from
-cpu_tb_exec to a new function.  Perform only one pc
-range check after a combined mask check.
-Use the new function in lookup_tb_ptr.  This enables
-CPU_LOG_TB_CPU between indirectly chained tbs.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- accel/tcg/cpu-exec.c | 61 ++++++++++++++++++++++++--------------------
-file changed, 34 insertions(+), 27 deletions(-)
-diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/cpu-exec.c
-+++ b/accel/tcg/cpu-exec.c
-@@ -XXX,XX +XXX,XX @@ static inline TranslationBlock *tb_lookup(CPUState *cpu, target_ulong pc,
-     return tb;
- }
-+static inline void log_cpu_exec(target_ulong pc, CPUState *cpu,
-+                                const TranslationBlock *tb)
-+{
-+    if (unlikely(qemu_loglevel_mask(CPU_LOG_TB_CPU | CPU_LOG_EXEC))
-+        && qemu_log_in_addr_range(pc)) {
-+
-+        qemu_log_mask(CPU_LOG_EXEC,
-+                      "Trace %d: %p [" TARGET_FMT_lx
-+                      "/" TARGET_FMT_lx "/%#x] %s\n",
-+                      cpu->cpu_index, tb->tc.ptr, tb->cs_base, pc, tb->flags,
-+                      lookup_symbol(pc));
-+
-+#if defined(DEBUG_DISAS)
-+        if (qemu_loglevel_mask(CPU_LOG_TB_CPU)) {
-+            FILE *logfile = qemu_log_lock();
-+            int flags = 0;
-+
-+            if (qemu_loglevel_mask(CPU_LOG_TB_FPU)) {
-+                flags |= CPU_DUMP_FPU;
-+            }
-+#if defined(TARGET_I386)
-+            flags |= CPU_DUMP_CCOP;
-+#endif
-+            log_cpu_state(cpu, flags);
-+            qemu_log_unlock(logfile);
-+        }
-+#endif /* DEBUG_DISAS */
-+    }
-+}
-+
- /**
-  * helper_lookup_tb_ptr: quick check for next tb
-  * @env: current cpu state
-@@ -XXX,XX +XXX,XX @@ const void *HELPER(lookup_tb_ptr)(CPUArchState *env)
-     if (tb == NULL) {
-         return tcg_code_gen_epilogue;
-     }
--    qemu_log_mask_and_addr(CPU_LOG_EXEC, pc,
--                           "Chain %d: %p ["
--                           TARGET_FMT_lx "/" TARGET_FMT_lx "/%#x] %s\n",
--                           cpu->cpu_index, tb->tc.ptr, cs_base, pc, flags,
--                           lookup_symbol(pc));
-+
-+    log_cpu_exec(pc, cpu, tb);
-+
-     return tb->tc.ptr;
- }
-@@ -XXX,XX +XXX,XX @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit)
-     TranslationBlock *last_tb;
-     const void *tb_ptr = itb->tc.ptr;
--    qemu_log_mask_and_addr(CPU_LOG_EXEC, itb->pc,
--                           "Trace %d: %p ["
--                           TARGET_FMT_lx "/" TARGET_FMT_lx "/%#x] %s\n",
--                           cpu->cpu_index, itb->tc.ptr,
--                           itb->cs_base, itb->pc, itb->flags,
--                           lookup_symbol(itb->pc));
--
--#if defined(DEBUG_DISAS)
--    if (qemu_loglevel_mask(CPU_LOG_TB_CPU)
--        && qemu_log_in_addr_range(itb->pc)) {
--        FILE *logfile = qemu_log_lock();
--        int flags = 0;
--        if (qemu_loglevel_mask(CPU_LOG_TB_FPU)) {
--            flags |= CPU_DUMP_FPU;
--        }
--#if defined(TARGET_I386)
--        flags |= CPU_DUMP_CCOP;
--#endif
--        log_cpu_state(cpu, flags);
--        qemu_log_unlock(logfile);
--    }
--#endif /* DEBUG_DISAS */
-+    log_cpu_exec(itb->pc, cpu, itb);
-     qemu_thread_jit_execute();
-     ret = tcg_qemu_tb_exec(env, tb_ptr);
---
-.25.1

-[PATCH 39/41] accel/tcg: Log tb->cflags with -d exec
+Deleted patch
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- accel/tcg/cpu-exec.c | 6 +++---
-file changed, 3 insertions(+), 3 deletions(-)
-diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/cpu-exec.c
-+++ b/accel/tcg/cpu-exec.c
-@@ -XXX,XX +XXX,XX @@ static inline void log_cpu_exec(target_ulong pc, CPUState *cpu,
-         qemu_log_mask(CPU_LOG_EXEC,
-                       "Trace %d: %p [" TARGET_FMT_lx
--                      "/" TARGET_FMT_lx "/%#x] %s\n",
--                      cpu->cpu_index, tb->tc.ptr, tb->cs_base, pc, tb->flags,
--                      lookup_symbol(pc));
-+                      "/" TARGET_FMT_lx "/%08x/%08x] %s\n",
-+                      cpu->cpu_index, tb->tc.ptr, tb->cs_base, pc,
-+                      tb->flags, tb->cflags, lookup_symbol(pc));
- #if defined(DEBUG_DISAS)
-         if (qemu_loglevel_mask(CPU_LOG_TB_CPU)) {
---
-.25.1

-[PATCH 40/41] tcg: Remove TCG_TARGET_HAS_goto_ptr
+Deleted patch
-Since 6eea04347eb6, all tcg backends support goto_ptr.
-Remove the conditional, making support mandatory.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/tcg/tcg-opc.h    | 3 +--
- tcg/aarch64/tcg-target.h | 1 -
- tcg/arm/tcg-target.h     | 1 -
- tcg/i386/tcg-target.h    | 1 -
- tcg/mips/tcg-target.h    | 1 -
- tcg/ppc/tcg-target.h     | 1 -
- tcg/riscv/tcg-target.h   | 1 -
- tcg/s390/tcg-target.h    | 1 -
- tcg/sparc/tcg-target.h   | 1 -
- tcg/tci/tcg-target.h     | 1 -
- tcg/tcg-op.c             | 2 +-
- tcg/tcg.c                | 8 ++------
-files changed, 4 insertions(+), 18 deletions(-)
-diff --git a/include/tcg/tcg-opc.h b/include/tcg/tcg-opc.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/tcg/tcg-opc.h
-+++ b/include/tcg/tcg-opc.h
-@@ -XXX,XX +XXX,XX @@ DEF(insn_start, 0, 0, TLADDR_ARGS * TARGET_INSN_START_WORDS,
-     TCG_OPF_NOT_PRESENT)
- DEF(exit_tb, 0, 0, 1, TCG_OPF_BB_EXIT | TCG_OPF_BB_END)
- DEF(goto_tb, 0, 0, 1, TCG_OPF_BB_EXIT | TCG_OPF_BB_END)
--DEF(goto_ptr, 0, 1, 0,
--    TCG_OPF_BB_EXIT | TCG_OPF_BB_END | IMPL(TCG_TARGET_HAS_goto_ptr))
-+DEF(goto_ptr, 0, 1, 0, TCG_OPF_BB_EXIT | TCG_OPF_BB_END)
- DEF(plugin_cb_start, 0, 0, 3, TCG_OPF_NOT_PRESENT)
- DEF(plugin_cb_end, 0, 0, 0, TCG_OPF_NOT_PRESENT)
-diff --git a/tcg/aarch64/tcg-target.h b/tcg/aarch64/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/aarch64/tcg-target.h
-+++ b/tcg/aarch64/tcg-target.h
-@@ -XXX,XX +XXX,XX @@ typedef enum {
- #define TCG_TARGET_HAS_mulsh_i32        0
- #define TCG_TARGET_HAS_extrl_i64_i32    0
- #define TCG_TARGET_HAS_extrh_i64_i32    0
--#define TCG_TARGET_HAS_goto_ptr         1
- #define TCG_TARGET_HAS_qemu_st8_i32     0
- #define TCG_TARGET_HAS_div_i64          1
-diff --git a/tcg/arm/tcg-target.h b/tcg/arm/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/arm/tcg-target.h
-+++ b/tcg/arm/tcg-target.h
-@@ -XXX,XX +XXX,XX @@ extern bool use_neon_instructions;
- #define TCG_TARGET_HAS_mulsh_i32        0
- #define TCG_TARGET_HAS_div_i32          use_idiv_instructions
- #define TCG_TARGET_HAS_rem_i32          0
--#define TCG_TARGET_HAS_goto_ptr         1
- #define TCG_TARGET_HAS_direct_jump      0
- #define TCG_TARGET_HAS_qemu_st8_i32     0
-diff --git a/tcg/i386/tcg-target.h b/tcg/i386/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/i386/tcg-target.h
-+++ b/tcg/i386/tcg-target.h
-@@ -XXX,XX +XXX,XX @@ extern bool have_movbe;
- #define TCG_TARGET_HAS_muls2_i32        1
- #define TCG_TARGET_HAS_muluh_i32        0
- #define TCG_TARGET_HAS_mulsh_i32        0
--#define TCG_TARGET_HAS_goto_ptr         1
- #define TCG_TARGET_HAS_direct_jump      1
- #if TCG_TARGET_REG_BITS == 64
-diff --git a/tcg/mips/tcg-target.h b/tcg/mips/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/mips/tcg-target.h
-+++ b/tcg/mips/tcg-target.h
-@@ -XXX,XX +XXX,XX @@ extern bool use_mips32r2_instructions;
- #define TCG_TARGET_HAS_muluh_i32        1
- #define TCG_TARGET_HAS_mulsh_i32        1
- #define TCG_TARGET_HAS_bswap32_i32      1
--#define TCG_TARGET_HAS_goto_ptr         1
- #define TCG_TARGET_HAS_direct_jump      1
- #if TCG_TARGET_REG_BITS == 64
-diff --git a/tcg/ppc/tcg-target.h b/tcg/ppc/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/ppc/tcg-target.h
-+++ b/tcg/ppc/tcg-target.h
-@@ -XXX,XX +XXX,XX @@ extern bool have_vsx;
- #define TCG_TARGET_HAS_muls2_i32        0
- #define TCG_TARGET_HAS_muluh_i32        1
- #define TCG_TARGET_HAS_mulsh_i32        1
--#define TCG_TARGET_HAS_goto_ptr         1
- #define TCG_TARGET_HAS_direct_jump      1
- #define TCG_TARGET_HAS_qemu_st8_i32     0
-diff --git a/tcg/riscv/tcg-target.h b/tcg/riscv/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/riscv/tcg-target.h
-+++ b/tcg/riscv/tcg-target.h
-@@ -XXX,XX +XXX,XX @@ typedef enum {
- #define TCG_TARGET_CALL_STACK_OFFSET    0
- /* optional instructions */
--#define TCG_TARGET_HAS_goto_ptr         1
- #define TCG_TARGET_HAS_movcond_i32      0
- #define TCG_TARGET_HAS_div_i32          1
- #define TCG_TARGET_HAS_rem_i32          1
-diff --git a/tcg/s390/tcg-target.h b/tcg/s390/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390/tcg-target.h
-+++ b/tcg/s390/tcg-target.h
-@@ -XXX,XX +XXX,XX @@ extern uint64_t s390_facilities;
- #define TCG_TARGET_HAS_mulsh_i32      0
- #define TCG_TARGET_HAS_extrl_i64_i32  0
- #define TCG_TARGET_HAS_extrh_i64_i32  0
--#define TCG_TARGET_HAS_goto_ptr       1
- #define TCG_TARGET_HAS_direct_jump    (s390_facilities & FACILITY_GEN_INST_EXT)
- #define TCG_TARGET_HAS_qemu_st8_i32   0
-diff --git a/tcg/sparc/tcg-target.h b/tcg/sparc/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/sparc/tcg-target.h
-+++ b/tcg/sparc/tcg-target.h
-@@ -XXX,XX +XXX,XX @@ extern bool use_vis3_instructions;
- #define TCG_TARGET_HAS_muls2_i32        1
- #define TCG_TARGET_HAS_muluh_i32        0
- #define TCG_TARGET_HAS_mulsh_i32        0
--#define TCG_TARGET_HAS_goto_ptr         1
- #define TCG_TARGET_HAS_direct_jump      1
- #define TCG_TARGET_HAS_qemu_st8_i32     0
-diff --git a/tcg/tci/tcg-target.h b/tcg/tci/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/tci/tcg-target.h
-+++ b/tcg/tci/tcg-target.h
-@@ -XXX,XX +XXX,XX @@
- #define TCG_TARGET_HAS_muls2_i32        1
- #define TCG_TARGET_HAS_muluh_i32        0
- #define TCG_TARGET_HAS_mulsh_i32        0
--#define TCG_TARGET_HAS_goto_ptr         1
- #define TCG_TARGET_HAS_direct_jump      0
- #define TCG_TARGET_HAS_qemu_st8_i32     0
-diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/tcg-op.c
-+++ b/tcg/tcg-op.c
-@@ -XXX,XX +XXX,XX @@ void tcg_gen_goto_tb(unsigned idx)
- void tcg_gen_lookup_and_goto_ptr(void)
- {
--    if (TCG_TARGET_HAS_goto_ptr && !qemu_loglevel_mask(CPU_LOG_TB_NOCHAIN)) {
-+    if (!qemu_loglevel_mask(CPU_LOG_TB_NOCHAIN)) {
-         TCGv_ptr ptr;
-         plugin_gen_disable_mem_helpers();
-diff --git a/tcg/tcg.c b/tcg/tcg.c
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/tcg.c
-+++ b/tcg/tcg.c
-@@ -XXX,XX +XXX,XX @@ void tcg_prologue_init(TCGContext *s)
-      * For tci, we use NULL as the signal to return from the interpreter,
-      * so skip this check.
-      */
--    if (TCG_TARGET_HAS_goto_ptr) {
--        tcg_debug_assert(tcg_code_gen_epilogue != NULL);
--    }
-+    tcg_debug_assert(tcg_code_gen_epilogue != NULL);
- #endif
-     tcg_region_prologue_set(s);
-@@ -XXX,XX +XXX,XX @@ bool tcg_op_supported(TCGOpcode op)
-     case INDEX_op_insn_start:
-     case INDEX_op_exit_tb:
-     case INDEX_op_goto_tb:
-+    case INDEX_op_goto_ptr:
-     case INDEX_op_qemu_ld_i32:
-     case INDEX_op_qemu_st_i32:
-     case INDEX_op_qemu_ld_i64:
-@@ -XXX,XX +XXX,XX @@ bool tcg_op_supported(TCGOpcode op)
-     case INDEX_op_qemu_st8_i32:
-         return TCG_TARGET_HAS_qemu_st8_i32;
--    case INDEX_op_goto_ptr:
--        return TCG_TARGET_HAS_goto_ptr;
--
-     case INDEX_op_mov_i32:
-     case INDEX_op_setcond_i32:
-     case INDEX_op_brcond_i32:
---
-.25.1

-[PATCH 41/41] cpu: Add breakpoint tracepoints
+Deleted patch
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- cpu.c        | 13 +++++++++----
- trace-events |  5 +++++
-files changed, 14 insertions(+), 4 deletions(-)
-diff --git a/cpu.c b/cpu.c
-index XXXXXXX..XXXXXXX 100644
---- a/cpu.c
-+++ b/cpu.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/translate-all.h"
- #include "exec/log.h"
- #include "hw/core/accel-cpu.h"
-+#include "trace/trace-root.h"
- uintptr_t qemu_host_page_size;
- intptr_t qemu_host_page_mask;
-@@ -XXX,XX +XXX,XX @@ int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
-     if (breakpoint) {
-         *breakpoint = bp;
-     }
-+
-+    trace_breakpoint_insert(cpu->cpu_index, pc, flags);
-     return 0;
- }
-@@ -XXX,XX +XXX,XX @@ int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
- }
- /* Remove a specific breakpoint by reference.  */
--void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
-+void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *bp)
- {
--    QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
-+    QTAILQ_REMOVE(&cpu->breakpoints, bp, entry);
--    breakpoint_invalidate(cpu, breakpoint->pc);
-+    breakpoint_invalidate(cpu, bp->pc);
--    g_free(breakpoint);
-+    trace_breakpoint_remove(cpu->cpu_index, bp->pc, bp->flags);
-+    g_free(bp);
- }
- /* Remove all matching breakpoints. */
-@@ -XXX,XX +XXX,XX @@ void cpu_single_step(CPUState *cpu, int enabled)
-             /* XXX: only flush what is necessary */
-             tb_flush(cpu);
-         }
-+        trace_breakpoint_singlestep(cpu->cpu_index, enabled);
-     }
- }
-diff --git a/trace-events b/trace-events
-index XXXXXXX..XXXXXXX 100644
---- a/trace-events
-+++ b/trace-events
-@@ -XXX,XX +XXX,XX @@
- #
- # The <format-string> should be a sprintf()-compatible format string.
-+# cpu.c
-+breakpoint_insert(int cpu_index, uint64_t pc, int flags) "cpu=%d pc=0x%" PRIx64 " flags=0x%x"
-+breakpoint_remove(int cpu_index, uint64_t pc, int flags) "cpu=%d pc=0x%" PRIx64 " flags=0x%x"
-+breakpoint_singlestep(int cpu_index, int enabled) "cpu=%d enable=%d"
-+
- # dma-helpers.c
- dma_blk_io(void *dbs, void *bs, int64_t offset, bool to_dev) "dbs=%p bs=%p offset=%" PRId64 " to_dev=%d"
- dma_aio_cancel(void *dbs) "dbs=%p"
---
-.25.1

The following changes since commit 05de778b5b8ab0b402996769117b88c7ea5c7c61:

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging (2021-07-09 14:30:01 +0100)

are available in the Git repository at:

https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20210710

for you to fetch changes up to ad1a706f386c2281adb0b09257d892735e405834:

cpu: Add breakpoint tracepoints (2021-07-09 21:31:11 -0700)

----------------------------------------------------------------
Add translator_use_goto_tb.
Cleanups in prep of breakpoint fixes.
Misc fixes.

----------------------------------------------------------------
Liren Wei (2):
      accel/tcg: Hoist tcg_tb_insert() up above tb_link_page()
      tcg: Bake tb_destroy() into tcg_region_tree

Philippe Mathieu-Daudé (1):
      tcg: Avoid including 'trace-tcg.h' in target translate.c

Richard Henderson (38):
      tcg: Add separator in INDEX_op_call dump
      tcg: Move tb_phys_invalidate_count to tb_ctx
      accel/tcg: Introduce translator_use_goto_tb
      target/alpha: Remove use_exit_tb
      target/alpha: Remove in_superpage
      target/alpha: Use translator_use_goto_tb
      target/arm: Use DISAS_TOO_MANY for ISB and SB
      target/arm: Use translator_use_goto_tb for aarch64
      target/arm: Use translator_use_goto_tb for aarch32
      target/avr: Use translator_use_goto_tb
      target/avr: Mark some helpers noreturn
      target/cris: Use translator_use_goto_tb
      target/hppa: Use translator_use_goto_tb
      target/i386: Use translator_use_goto_tb
      target/m68k: Use translator_use_goto_tb
      target/microblaze: Use translator_use_goto_tb
      target/mips: Use translator_use_goto_tb
      target/mips: Fix missing else in gen_goto_tb
      target/nios2: Use translator_use_goto_tb
      target/openrisc: Use translator_use_goto_tb
      target/ppc: Use translator_use_goto_tb
      target/riscv: Use translator_use_goto_tb
      target/rx: Use translator_use_goto_tb
      target/s390x: Use translator_use_goto_tb
      target/s390x: Remove use_exit_tb
      target/sh4: Use translator_use_goto_tb
      target/sparc: Use translator_use_goto_tb
      target/tricore: Use translator_use_goto_tb
      target/tricore: Use tcg_gen_lookup_and_goto_ptr
      target/xtensa: Use translator_use_goto_tb
      tcg: Fix prologue disassembly
      target/i386: Use cpu_breakpoint_test in breakpoint_handler
      accel/tcg: Move helper_lookup_tb_ptr to cpu-exec.c
      accel/tcg: Move tb_lookup to cpu-exec.c
      accel/tcg: Split out log_cpu_exec
      accel/tcg: Log tb->cflags with -d exec
      tcg: Remove TCG_TARGET_HAS_goto_ptr
      cpu: Add breakpoint tracepoints

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

The root trace-events only declares a single TCG event:

$ git grep -w tcg trace-events
  trace-events:115:# tcg/tcg-op.c
  trace-events:137:vcpu tcg guest_mem_before(TCGv vaddr, uint16_t info) "info=%d", "vaddr=0x%016"PRIx64" info=%d"

and only a tcg/tcg-op.c uses it:

$ git grep -l trace_guest_mem_before_tcg
  tcg/tcg-op.c

therefore it is pointless to include "trace-tcg.h" in each target
(because it is not used). Remove it.

diff --git a/target/alpha/translate.c b/target/alpha/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/alpha/translate.c
+++ b/target/alpha/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/cpu_ldst.h"
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
-#include "trace-tcg.h"
 #include "exec/translator.h"
 #include "exec/log.h"
 
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-gen.h"
 #include "exec/log.h"
 
-#include "trace-tcg.h"
 #include "translate-a64.h"
 #include "qemu/atomic128.h"
 
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
 #include "exec/log.h"
-#include "trace-tcg.h"
 #include "translate-a64.h"
 #include "fpu/softfloat.h"
 
diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
 
-#include "trace-tcg.h"
 #include "exec/log.h"
 
 
diff --git a/target/cris/translate.c b/target/cris/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/cris/translate.c
+++ b/target/cris/translate.c
@@ -XXX,XX +XXX,XX @@
 
 #include "exec/helper-gen.h"
 
-#include "trace-tcg.h"
 #include "exec/log.h"
 
 
diff --git a/target/hppa/translate.c b/target/hppa/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/hppa/translate.c
+++ b/target/hppa/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
 #include "exec/translator.h"
-#include "trace-tcg.h"
 #include "exec/log.h"
 
 /* Since we have a distinction between register size and address size,
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-gen.h"
 #include "helper-tcg.h"
 
-#include "trace-tcg.h"
 #include "exec/log.h"
 
 #define PREFIX_REPZ   0x01
diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
 
-#include "trace-tcg.h"
 #include "exec/log.h"
 #include "fpu/softfloat.h"
 
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/translator.h"
 #include "qemu/qemu-print.h"
 
-#include "trace-tcg.h"
 #include "exec/log.h"
 
 #define EXTRACT_FIELD(src, start, end) \
diff --git a/target/mips/tcg/translate.c b/target/mips/tcg/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/mips/tcg/translate.c
+++ b/target/mips/tcg/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "semihosting/semihost.h"
 
 #include "trace.h"
-#include "trace-tcg.h"
 #include "exec/translator.h"
 #include "exec/log.h"
 #include "qemu/qemu-print.h"
diff --git a/target/openrisc/translate.c b/target/openrisc/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/openrisc/translate.c
+++ b/target/openrisc/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-gen.h"
 #include "exec/gen-icount.h"
 
-#include "trace-tcg.h"
 #include "exec/log.h"
 
 /* is_jmp field values */
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
 
-#include "trace-tcg.h"
 #include "exec/translator.h"
 #include "exec/log.h"
 #include "qemu/atomic128.h"
diff --git a/target/rx/translate.c b/target/rx/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/rx/translate.c
+++ b/target/rx/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
 #include "exec/translator.h"
-#include "trace-tcg.h"
 #include "exec/log.h"
 
 typedef struct DisasContext {
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
 
-#include "trace-tcg.h"
 #include "exec/translator.h"
 #include "exec/log.h"
 #include "qemu/atomic128.h"
diff --git a/target/sh4/translate.c b/target/sh4/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sh4/translate.c
+++ b/target/sh4/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
 #include "exec/translator.h"
-#include "trace-tcg.h"
 #include "exec/log.h"
 #include "qemu/qemu-print.h"
 
diff --git a/target/sparc/translate.c b/target/sparc/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sparc/translate.c
+++ b/target/sparc/translate.c
@@ -XXX,XX +XXX,XX @@
 
 #include "exec/helper-gen.h"
 
-#include "trace-tcg.h"
 #include "exec/translator.h"
 #include "exec/log.h"
 #include "asi.h"
diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/xtensa/translate.c
+++ b/target/xtensa/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
 
-#include "trace-tcg.h"
 #include "exec/log.h"
 
 
-- 
2.25.1

From: Liren Wei <lrwei@bupt.edu.cn>

TranslationBlocks not inserted into the corresponding region
tree shall be regarded as partially initialized objects, and
needs to be finalized first before inserting into QHT.

Signed-off-by: Liren Wei <lrwei@bupt.edu.cn>
Message-Id: <f9fc263f71e11b6308d8c1fbc0dd366bf4aeb532.1625404483.git.lrwei@bupt.edu.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/translate-all.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
         return tb;
     }
 
+    /*
+     * Insert TB into the corresponding region tree before publishing it
+     * through QHT. Otherwise rewinding happened in the TB might fail to
+     * lookup itself using host PC.
+     */
+    tcg_tb_insert(tb);
+
     /* check next page if needed */
     virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
     phys_page2 = -1;
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
         orig_aligned -= ROUND_UP(sizeof(*tb), qemu_icache_linesize);
         qatomic_set(&tcg_ctx->code_gen_ptr, (void *)orig_aligned);
         tb_destroy(tb);
+        tcg_tb_remove(tb);
         return existing_tb;
     }
-    tcg_tb_insert(tb);
     return tb;
 }
 
-- 
2.25.1

From: Liren Wei <lrwei@bupt.edu.cn>

The function is called only at tcg_gen_code() when duplicated TBs
are translated by different threads, and when the tcg_region_tree
is reset. Bake it into the underlying GTree as its value destroy
function to unite these situations.
Also remove tcg_region_tree_traverse() which now becomes useless.

Signed-off-by: Liren Wei <lrwei@bupt.edu.cn>
Message-Id: <8dc352f08d038c4e7a1f5f56962398cdc700c3aa.1625404483.git.lrwei@bupt.edu.cn>
[rth: Name the new tb_tc_cmp parameter correctly.]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/tcg/tcg.h         |  1 -
 accel/tcg/translate-all.c |  6 ------
 tcg/region.c              | 19 ++++++++-----------
 3 files changed, 8 insertions(+), 18 deletions(-)

diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
index XXXXXXX..XXXXXXX 100644
--- a/include/tcg/tcg.h
+++ b/include/tcg/tcg.h
@@ -XXX,XX +XXX,XX @@ void *tcg_malloc_internal(TCGContext *s, int size);
 void tcg_pool_reset(TCGContext *s);
 TranslationBlock *tcg_tb_alloc(TCGContext *s);
 
-void tb_destroy(TranslationBlock *tb);
 void tcg_region_reset_all(void);
 
 size_t tcg_code_size(void);
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ static int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
     return 0;
 }
 
-void tb_destroy(TranslationBlock *tb)
-{
-    qemu_spin_destroy(&tb->jmp_lock);
-}
-
 bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc, bool will_exit)
 {
     /*
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
 
         orig_aligned -= ROUND_UP(sizeof(*tb), qemu_icache_linesize);
         qatomic_set(&tcg_ctx->code_gen_ptr, (void *)orig_aligned);
-        tb_destroy(tb);
         tcg_tb_remove(tb);
         return existing_tb;
     }
diff --git a/tcg/region.c b/tcg/region.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/region.c
+++ b/tcg/region.c
@@ -XXX,XX +XXX,XX @@ static int ptr_cmp_tb_tc(const void *ptr, const struct tb_tc *s)
     return 0;
 }
 
-static gint tb_tc_cmp(gconstpointer ap, gconstpointer bp)
+static gint tb_tc_cmp(gconstpointer ap, gconstpointer bp, gpointer userdata)
 {
     const struct tb_tc *a = ap;
     const struct tb_tc *b = bp;
@@ -XXX,XX +XXX,XX @@ static gint tb_tc_cmp(gconstpointer ap, gconstpointer bp)
     return ptr_cmp_tb_tc(b->ptr, a);
 }
 
+static void tb_destroy(gpointer value)
+{
+    TranslationBlock *tb = value;
+    qemu_spin_destroy(&tb->jmp_lock);
+}
+
 static void tcg_region_trees_init(void)
 {
     size_t i;
@@ -XXX,XX +XXX,XX @@ static void tcg_region_trees_init(void)
         struct tcg_region_tree *rt = region_trees + i * tree_size;
 
         qemu_mutex_init(&rt->lock);
-        rt->tree = g_tree_new(tb_tc_cmp);
+        rt->tree = g_tree_new_full(tb_tc_cmp, NULL, NULL, tb_destroy);
     }
 }
 
@@ -XXX,XX +XXX,XX @@ size_t tcg_nb_tbs(void)
     return nb_tbs;
 }
 
-static gboolean tcg_region_tree_traverse(gpointer k, gpointer v, gpointer data)
-{
-    TranslationBlock *tb = v;
-
-    tb_destroy(tb);
-    return FALSE;
-}
-
 static void tcg_region_tree_reset_all(void)
 {
     size_t i;
@@ -XXX,XX +XXX,XX @@ static void tcg_region_tree_reset_all(void)
     for (i = 0; i < region.n; i++) {
         struct tcg_region_tree *rt = region_trees + i * tree_size;
 
-        g_tree_foreach(rt->tree, tcg_region_tree_traverse, NULL);
         /* Increment the refcount first so that destroy acts as a reset */
         g_tree_ref(rt->tree);
         g_tree_destroy(rt->tree);
-- 
2.25.1

We can call do_tb_phys_invalidate from an iocontext, which has
no per-thread tcg_ctx.  Move this to tb_ctx, which is global.
The actual update still takes place with a lock held, so only
an atomic set is required, not an atomic increment.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/457
Tested-by: Viktor Ashirov <vashirov@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/tb-context.h    |  1 +
 include/tcg/tcg.h         |  3 ---
 accel/tcg/translate-all.c |  8 ++++----
 tcg/region.c              | 14 --------------
 4 files changed, 5 insertions(+), 21 deletions(-)

diff --git a/accel/tcg/tb-context.h b/accel/tcg/tb-context.h
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/tb-context.h
+++ b/accel/tcg/tb-context.h
@@ -XXX,XX +XXX,XX @@ struct TBContext {
 
     /* statistics */
     unsigned tb_flush_count;
+    unsigned tb_phys_invalidate_count;
 };
 
 extern TBContext tb_ctx;
diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
index XXXXXXX..XXXXXXX 100644
--- a/include/tcg/tcg.h
+++ b/include/tcg/tcg.h
@@ -XXX,XX +XXX,XX @@ struct TCGContext {
     /* Threshold to flush the translated code buffer.  */
     void *code_gen_highwater;
 
-    size_t tb_phys_invalidate_count;
-
     /* Track which vCPU triggers events */
     CPUState *cpu;                      /* *_trans */
 
@@ -XXX,XX +XXX,XX @@ size_t tcg_code_capacity(void);
 
 void tcg_tb_insert(TranslationBlock *tb);
 void tcg_tb_remove(TranslationBlock *tb);
-size_t tcg_tb_phys_invalidate_count(void);
 TranslationBlock *tcg_tb_lookup(uintptr_t tc_ptr);
 void tcg_tb_foreach(GTraverseFunc func, gpointer user_data);
 size_t tcg_nb_tbs(void);
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list)
     /* suppress any remaining jumps to this TB */
     tb_jmp_unlink(tb);
 
-    qatomic_set(&tcg_ctx->tb_phys_invalidate_count,
-               tcg_ctx->tb_phys_invalidate_count + 1);
+    qatomic_set(&tb_ctx.tb_phys_invalidate_count,
+                tb_ctx.tb_phys_invalidate_count + 1);
 }
 
 static void tb_phys_invalidate__locked(TranslationBlock *tb)
@@ -XXX,XX +XXX,XX @@ void dump_exec_info(void)
     qemu_printf("\nStatistics:\n");
     qemu_printf("TB flush count      %u\n",
                 qatomic_read(&tb_ctx.tb_flush_count));
-    qemu_printf("TB invalidate count %zu\n",
-                tcg_tb_phys_invalidate_count());
+    qemu_printf("TB invalidate count %u\n",
+                qatomic_read(&tb_ctx.tb_phys_invalidate_count));
 
     tlb_flush_counts(&flush_full, &flush_part, &flush_elide);
     qemu_printf("TLB full flushes    %zu\n", flush_full);
diff --git a/tcg/region.c b/tcg/region.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/region.c
+++ b/tcg/region.c
@@ -XXX,XX +XXX,XX @@ size_t tcg_code_capacity(void)
 
     return capacity;
 }
-
-size_t tcg_tb_phys_invalidate_count(void)
-{
-    unsigned int n_ctxs = qatomic_read(&tcg_cur_ctxs);
-    unsigned int i;
-    size_t total = 0;
-
-    for (i = 0; i < n_ctxs; i++) {
-        const TCGContext *s = qatomic_read(&tcg_ctxs[i]);
-
-        total += qatomic_read(&s->tb_phys_invalidate_count);
-    }
-    return total;
-}
-- 
2.25.1

Add a generic version of the common use_goto_tb test.

Various targets avoid the page crossing test for CONFIG_USER_ONLY,
but that is wrong: mmap and mprotect can change page permissions.

Reviewed-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/exec/translator.h | 10 ++++++++++
 accel/tcg/translator.c    | 11 +++++++++++
 2 files changed, 21 insertions(+)

diff --git a/include/exec/translator.h b/include/exec/translator.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/translator.h
+++ b/include/exec/translator.h
@@ -XXX,XX +XXX,XX @@ void translator_loop(const TranslatorOps *ops, DisasContextBase *db,
 
 void translator_loop_temp_check(DisasContextBase *db);
 
+/**
+ * translator_use_goto_tb
+ * @db: Disassembly context
+ * @dest: target pc of the goto
+ *
+ * Return true if goto_tb is allowed between the current TB
+ * and the destination PC.
+ */
+bool translator_use_goto_tb(DisasContextBase *db, target_ulong dest);
+
 /*
  * Translator Load Functions
  *
diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translator.c
+++ b/accel/tcg/translator.c
@@ -XXX,XX +XXX,XX @@ void translator_loop_temp_check(DisasContextBase *db)
     }
 }
 
+bool translator_use_goto_tb(DisasContextBase *db, target_ulong dest)
+{
+    /* Suppress goto_tb in the case of single-steping.  */
+    if (db->singlestep_enabled || singlestep) {
+        return false;
+    }
+
+    /* Check for the dest on the same page as the start of the TB.  */
+    return ((db->pc_first ^ dest) & TARGET_PAGE_MASK) == 0;
+}
+
 void translator_loop(const TranslatorOps *ops, DisasContextBase *db,
                      CPUState *cpu, TranslationBlock *tb, int max_insns)
 {
-- 
2.25.1

We have not needed to end a TB for I/O since ba3e7926691
("icount: clean up cpu_can_io at the entry to the block").
We do not need to use exit_tb for singlestep, which only
means generate one insn per TB.

Which leaves only singlestep_enabled, which means raise a
debug trap after every TB, which does not use exit_tb,
which would leave the function mis-named.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/alpha/translate.c | 15 ++-------------
 1 file changed, 2 insertions(+), 13 deletions(-)

diff --git a/target/alpha/translate.c b/target/alpha/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/alpha/translate.c
+++ b/target/alpha/translate.c
@@ -XXX,XX +XXX,XX @@ static bool in_superpage(DisasContext *ctx, int64_t addr)
 #endif
 }
 
-static bool use_exit_tb(DisasContext *ctx)
-{
-    return ((tb_cflags(ctx->base.tb) & CF_LAST_IO)
-            || ctx->base.singlestep_enabled
-            || singlestep);
-}
-
 static bool use_goto_tb(DisasContext *ctx, uint64_t dest)
 {
-    /* Suppress goto_tb in the case of single-steping and IO.  */
-    if (unlikely(use_exit_tb(ctx))) {
-        return false;
-    }
 #ifndef CONFIG_USER_ONLY
     /* If the destination is in the superpage, the page perms can't change.  */
     if (in_superpage(ctx, dest)) {
@@ -XXX,XX +XXX,XX @@ static DisasJumpType gen_call_pal(DisasContext *ctx, int palcode)
            need the page permissions check.  We'll see the existence of
            the page when we create the TB, and we'll flush all TBs if
            we change the PAL base register.  */
-        if (!use_exit_tb(ctx)) {
+        if (!ctx->base.singlestep_enabled) {
             tcg_gen_goto_tb(0);
             tcg_gen_movi_i64(cpu_pc, entry);
             tcg_gen_exit_tb(ctx->base.tb, 0);
@@ -XXX,XX +XXX,XX @@ static void alpha_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
         tcg_gen_movi_i64(cpu_pc, ctx->base.pc_next);
         /* FALLTHRU */
     case DISAS_PC_UPDATED:
-        if (!use_exit_tb(ctx)) {
+        if (!ctx->base.singlestep_enabled) {
             tcg_gen_lookup_and_goto_ptr();
             break;
         }
-- 
2.25.1

The number of links across (normal) pages using this is low,
and it will shortly violate the contract for breakpoints.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/alpha/translate.c | 24 ++----------------------
 1 file changed, 2 insertions(+), 22 deletions(-)

diff --git a/target/alpha/translate.c b/target/alpha/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/alpha/translate.c
+++ b/target/alpha/translate.c
@@ -XXX,XX +XXX,XX @@ static DisasJumpType gen_store_conditional(DisasContext *ctx, int ra, int rb,
     return DISAS_NEXT;
 }
 
-static bool in_superpage(DisasContext *ctx, int64_t addr)
-{
-#ifndef CONFIG_USER_ONLY
-    return ((ctx->tbflags & ENV_FLAG_PS_USER) == 0
-            && addr >> TARGET_VIRT_ADDR_SPACE_BITS == -1
-            && ((addr >> 41) & 3) == 2);
-#else
-    return false;
-#endif
-}
-
 static bool use_goto_tb(DisasContext *ctx, uint64_t dest)
 {
 #ifndef CONFIG_USER_ONLY
-    /* If the destination is in the superpage, the page perms can't change.  */
-    if (in_superpage(ctx, dest)) {
-        return true;
-    }
     /* Check for the dest on the same page as the start of the TB.  */
     return ((ctx->base.tb->pc ^ dest) & TARGET_PAGE_MASK) == 0;
 #else
@@ -XXX,XX +XXX,XX @@ static void alpha_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu)
 {
     DisasContext *ctx = container_of(dcbase, DisasContext, base);
     CPUAlphaState *env = cpu->env_ptr;
-    int64_t bound, mask;
+    int64_t bound;
 
     ctx->tbflags = ctx->base.tb->flags;
     ctx->mem_idx = cpu_mmu_index(env, false);
@@ -XXX,XX +XXX,XX @@ static void alpha_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu)
     ctx->lit = NULL;
 
     /* Bound the number of insns to execute to those left on the page.  */
-    if (in_superpage(ctx, ctx->base.pc_first)) {
-        mask = -1ULL << 41;
-    } else {
-        mask = TARGET_PAGE_MASK;
-    }
-    bound = -(ctx->base.pc_first | mask) / 4;
+    bound = -(ctx->base.pc_first | TARGET_PAGE_MASK) / 4;
     ctx->base.max_insns = MIN(ctx->base.max_insns, bound);
 }
 
-- 
2.25.1

Using gen_goto_tb directly misses the single-step check.
Let the branch or debug exception be emitted by arm_tr_tb_stop.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/translate.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static bool trans_ISB(DisasContext *s, arg_ISB *a)
      * self-modifying code correctly and also to take
      * any pending interrupts immediately.
      */
-    gen_goto_tb(s, 0, s->base.pc_next);
+    s->base.is_jmp = DISAS_TOO_MANY;
     return true;
 }
 
@@ -XXX,XX +XXX,XX @@ static bool trans_SB(DisasContext *s, arg_SB *a)
      * for TCG; MB and end the TB instead.
      */
     tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
-    gen_goto_tb(s, 0, s->base.pc_next);
+    s->base.is_jmp = DISAS_TOO_MANY;
     return true;
 }
 
-- 
2.25.1

We have not needed to end a TB for I/O since ba3e7926691
("icount: clean up cpu_can_io at the entry to the block"),
and gdbstub singlestep is handled by the generic function.

Drop the unused 'n' argument to use_goto_tb.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/translate-a64.c | 25 +++++--------------------
 1 file changed, 5 insertions(+), 20 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void gen_step_complete_exception(DisasContext *s)
     s->base.is_jmp = DISAS_NORETURN;
 }
 
-static inline bool use_goto_tb(DisasContext *s, int n, uint64_t dest)
+static inline bool use_goto_tb(DisasContext *s, uint64_t dest)
 {
-    /* No direct tb linking with singlestep (either QEMU's or the ARM
-     * debug architecture kind) or deterministic io
-     */
-    if (s->base.singlestep_enabled || s->ss_active ||
-        (tb_cflags(s->base.tb) & CF_LAST_IO)) {
+    if (s->ss_active) {
         return false;
     }
-
-#ifndef CONFIG_USER_ONLY
-    /* Only link tbs from inside the same guest page */
-    if ((s->base.tb->pc & TARGET_PAGE_MASK) != (dest & TARGET_PAGE_MASK)) {
-        return false;
-    }
-#endif
-
-    return true;
+    return translator_use_goto_tb(&s->base, dest);
 }
 
 static inline void gen_goto_tb(DisasContext *s, int n, uint64_t dest)
 {
-    const TranslationBlock *tb;
-
-    tb = s->base.tb;
-    if (use_goto_tb(s, n, dest)) {
+    if (use_goto_tb(s, dest)) {
         tcg_gen_goto_tb(n);
         gen_a64_set_pc_im(dest);
-        tcg_gen_exit_tb(tb, n);
+        tcg_gen_exit_tb(s->base.tb, n);
         s->base.is_jmp = DISAS_NORETURN;
     } else {
         gen_a64_set_pc_im(dest);
-- 
2.25.1

Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/translate.c | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static int disas_dsp_insn(DisasContext *s, uint32_t insn)
     return 1;
 }
 
-static inline bool use_goto_tb(DisasContext *s, target_ulong dest)
-{
-#ifndef CONFIG_USER_ONLY
-    return (s->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK) ||
-           ((s->base.pc_next - 1) & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
-#else
-    return true;
-#endif
-}
-
 static void gen_goto_ptr(void)
 {
     tcg_gen_lookup_and_goto_ptr();
@@ -XXX,XX +XXX,XX @@ static void gen_goto_ptr(void)
  */
 static void gen_goto_tb(DisasContext *s, int n, target_ulong dest)
 {
-    if (use_goto_tb(s, dest)) {
+    if (translator_use_goto_tb(&s->base, dest)) {
         tcg_gen_goto_tb(n);
         gen_set_pc_im(s, dest);
         tcg_gen_exit_tb(s->base.tb, n);
-- 
2.25.1

Single stepping is not the only reason not to use goto_tb.
If goto_tb is disallowed, and single-stepping is not enabled,
then use tcg_gen_lookup_and_goto_tb to indirectly chain.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/avr/translate.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/target/avr/translate.c b/target/avr/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/avr/translate.c
+++ b/target/avr/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
 {
     const TranslationBlock *tb = ctx->base.tb;
 
-    if (!ctx->base.singlestep_enabled) {
+    if (translator_use_goto_tb(&ctx->base, dest)) {
         tcg_gen_goto_tb(n);
         tcg_gen_movi_i32(cpu_pc, dest);
         tcg_gen_exit_tb(tb, n);
     } else {
         tcg_gen_movi_i32(cpu_pc, dest);
-        gen_helper_debug(cpu_env);
-        tcg_gen_exit_tb(NULL, 0);
+        if (ctx->base.singlestep_enabled) {
+            gen_helper_debug(cpu_env);
+        } else {
+            tcg_gen_lookup_and_goto_ptr();
+        }
     }
     ctx->base.is_jmp = DISAS_NORETURN;
 }
-- 
2.25.1

The test for singlestepping is done in translator_use_goto_tb,
so we may elide it from cris_tr_tb_stop.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/cris/translate.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/target/cris/translate.c b/target/cris/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/cris/translate.c
+++ b/target/cris/translate.c
@@ -XXX,XX +XXX,XX @@ static void t_gen_swapr(TCGv d, TCGv s)
 
 static bool use_goto_tb(DisasContext *dc, target_ulong dest)
 {
-    return ((dest ^ dc->base.pc_first) & TARGET_PAGE_MASK) == 0;
+    return translator_use_goto_tb(&dc->base, dest);
 }
 
 static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
@@ -XXX,XX +XXX,XX @@ static void cris_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
              * Use a conditional branch if either taken or not-taken path
              * can use goto_tb.  If neither can, then treat it as indirect.
              */
-            if (likely(!dc->base.singlestep_enabled)
-                && likely(!dc->cpustate_changed)
+            if (likely(!dc->cpustate_changed)
                 && (use_goto_tb(dc, dc->jmp_pc) || use_goto_tb(dc, npc))) {
                 TCGLabel *not_taken = gen_new_label();
 
-- 
2.25.1

Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/i386/tcg/translate.c | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -XXX,XX +XXX,XX @@ static inline int insn_const_size(MemOp ot)
     }
 }
 
-static inline bool use_goto_tb(DisasContext *s, target_ulong pc)
-{
-#ifndef CONFIG_USER_ONLY
-    return (pc & TARGET_PAGE_MASK) == (s->base.tb->pc & TARGET_PAGE_MASK) ||
-           (pc & TARGET_PAGE_MASK) == (s->pc_start & TARGET_PAGE_MASK);
-#else
-    return true;
-#endif
-}
-
-static inline void gen_goto_tb(DisasContext *s, int tb_num, target_ulong eip)
+static void gen_goto_tb(DisasContext *s, int tb_num, target_ulong eip)
 {
     target_ulong pc = s->cs_base + eip;
 
-    if (use_goto_tb(s, pc))  {
+    if (translator_use_goto_tb(&s->base, pc))  {
         /* jump to same page: we can use a direct jump */
         tcg_gen_goto_tb(tb_num);
         gen_jmp_im(s, eip);
-- 
2.25.1

Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Acked-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/m68k/translate.c | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_exit_tb(DisasContext *s)
         }                                                               \
     } while (0)
 
-static inline bool use_goto_tb(DisasContext *s, uint32_t dest)
-{
-#ifndef CONFIG_USER_ONLY
-    return (s->base.pc_first & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK)
-        || (s->base.pc_next & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
-#else
-    return true;
-#endif
-}
-
 /* Generate a jump to an immediate address.  */
 static void gen_jmp_tb(DisasContext *s, int n, uint32_t dest)
 {
@@ -XXX,XX +XXX,XX @@ static void gen_jmp_tb(DisasContext *s, int n, uint32_t dest)
         update_cc_op(s);
         tcg_gen_movi_i32(QREG_PC, dest);
         gen_singlestep_exception(s);
-    } else if (use_goto_tb(s, dest)) {
+    } else if (translator_use_goto_tb(&s->base, dest)) {
         tcg_gen_goto_tb(n);
         tcg_gen_movi_i32(QREG_PC, dest);
         tcg_gen_exit_tb(s->base.tb, n);
-- 
2.25.1

Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/microblaze/translate.c | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_raise_hw_excp(DisasContext *dc, uint32_t esr_ec)
     gen_raise_exception_sync(dc, EXCP_HW_EXCP);
 }
 
-static inline bool use_goto_tb(DisasContext *dc, target_ulong dest)
-{
-#ifndef CONFIG_USER_ONLY
-    return (dc->base.pc_first & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
-#else
-    return true;
-#endif
-}
-
 static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
 {
     if (dc->base.singlestep_enabled) {
@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
         tcg_gen_movi_i32(cpu_pc, dest);
         gen_helper_raise_exception(cpu_env, tmp);
         tcg_temp_free_i32(tmp);
-    } else if (use_goto_tb(dc, dest)) {
+    } else if (translator_use_goto_tb(&dc->base, dest)) {
         tcg_gen_goto_tb(n);
         tcg_gen_movi_i32(cpu_pc, dest);
         tcg_gen_exit_tb(dc->base.tb, n);
-- 
2.25.1

Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/mips/tcg/translate.c | 17 ++---------------
 1 file changed, 2 insertions(+), 15 deletions(-)

diff --git a/target/mips/tcg/translate.c b/target/mips/tcg/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/mips/tcg/translate.c
+++ b/target/mips/tcg/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_trap(DisasContext *ctx, uint32_t opc,
     tcg_temp_free(t1);
 }
 
-static inline bool use_goto_tb(DisasContext *ctx, target_ulong dest)
+static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
 {
-    if (unlikely(ctx->base.singlestep_enabled)) {
-        return false;
-    }
-
-#ifndef CONFIG_USER_ONLY
-    return (ctx->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
-#else
-    return true;
-#endif
-}
-
-static inline void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
-{
-    if (use_goto_tb(ctx, dest)) {
+    if (translator_use_goto_tb(&ctx->base, dest)) {
         tcg_gen_goto_tb(n);
         gen_save_pc(dest);
         tcg_gen_exit_tb(ctx->base.tb, n);
-- 
2.25.1

Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/nios2/translate.c | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

diff --git a/target/nios2/translate.c b/target/nios2/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/nios2/translate.c
+++ b/target/nios2/translate.c
@@ -XXX,XX +XXX,XX @@ static void t_gen_helper_raise_exception(DisasContext *dc,
     dc->base.is_jmp = DISAS_NORETURN;
 }
 
-static bool use_goto_tb(DisasContext *dc, uint32_t dest)
-{
-    if (unlikely(dc->base.singlestep_enabled)) {
-        return false;
-    }
-
-#ifndef CONFIG_USER_ONLY
-    return (dc->base.pc_first & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
-#else
-    return true;
-#endif
-}
-
 static void gen_goto_tb(DisasContext *dc, int n, uint32_t dest)
 {
     const TranslationBlock *tb = dc->base.tb;
 
-    if (use_goto_tb(dc, dest)) {
+    if (translator_use_goto_tb(&dc->base, dest)) {
         tcg_gen_goto_tb(n);
         tcg_gen_movi_tl(cpu_R[R_PC], dest);
         tcg_gen_exit_tb(tb, n);
-- 
2.25.1

Reorder the control statements to allow using the page boundary
check from translator_use_goto_tb().

Reviewed-by: Stafford Horne <shorne@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/openrisc/translate.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/target/openrisc/translate.c b/target/openrisc/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/openrisc/translate.c
+++ b/target/openrisc/translate.c
@@ -XXX,XX +XXX,XX @@ static void openrisc_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
         /* fallthru */
 
     case DISAS_TOO_MANY:
-        if (unlikely(dc->base.singlestep_enabled)) {
-            tcg_gen_movi_tl(cpu_pc, jmp_dest);
-            gen_exception(dc, EXCP_DEBUG);
-        } else if ((dc->base.pc_first ^ jmp_dest) & TARGET_PAGE_MASK) {
-            tcg_gen_movi_tl(cpu_pc, jmp_dest);
-            tcg_gen_lookup_and_goto_ptr();
-        } else {
+        if (translator_use_goto_tb(&dc->base, jmp_dest)) {
             tcg_gen_goto_tb(0);
             tcg_gen_movi_tl(cpu_pc, jmp_dest);
             tcg_gen_exit_tb(dc->base.tb, 0);
+            break;
+        }
+        tcg_gen_movi_tl(cpu_pc, jmp_dest);
+        if (unlikely(dc->base.singlestep_enabled)) {
+            gen_exception(dc, EXCP_DEBUG);
+        } else {
+            tcg_gen_lookup_and_goto_ptr();
         }
         break;
 
-- 
2.25.1

Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/riscv/translate.c | 20 +-------------------
 1 file changed, 1 insertion(+), 19 deletions(-)

diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_exception_inst_addr_mis(DisasContext *ctx)
     generate_exception_mtval(ctx, RISCV_EXCP_INST_ADDR_MIS);
 }
 
-static inline bool use_goto_tb(DisasContext *ctx, target_ulong dest)
-{
-    if (unlikely(ctx->base.singlestep_enabled)) {
-        return false;
-    }
-
-#ifndef CONFIG_USER_ONLY
-    return (ctx->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
-#else
-    return true;
-#endif
-}
-
 static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
 {
-    if (use_goto_tb(ctx, dest)) {
-        /* chaining is only allowed when the jump is to the same page */
+    if (translator_use_goto_tb(&ctx->base, dest)) {
         tcg_gen_goto_tb(n);
         tcg_gen_movi_tl(cpu_pc, dest);
-
-        /* No need to check for single stepping here as use_goto_tb() will
-         * return false in case of single stepping.
-         */
         tcg_gen_exit_tb(ctx->base.tb, n);
     } else {
         tcg_gen_movi_tl(cpu_pc, dest);
-- 
2.25.1

Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/rx/translate.c | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/target/rx/translate.c b/target/rx/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/rx/translate.c
+++ b/target/rx/translate.c
@@ -XXX,XX +XXX,XX @@ void rx_cpu_dump_state(CPUState *cs, FILE *f, int flags)
     }
 }
 
-static bool use_goto_tb(DisasContext *dc, target_ulong dest)
-{
-    if (unlikely(dc->base.singlestep_enabled)) {
-        return false;
-    } else {
-        return true;
-    }
-}
-
 static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
 {
-    if (use_goto_tb(dc, dest)) {
+    if (translator_use_goto_tb(&dc->base, dest)) {
         tcg_gen_goto_tb(n);
         tcg_gen_movi_i32(cpu_pc, dest);
         tcg_gen_exit_tb(dc->base.tb, n);
-- 
2.25.1

We have not needed to end a TB for I/O since ba3e7926691
("icount: clean up cpu_can_io at the entry to the block").

In use_goto_tb, the check for singlestep_enabled is in the
generic translator_use_goto_tb.  In s390x_tr_tb_stop, the
check for singlestep_enabled is in the preceding do_debug test.

Which leaves only FLAG_MASK_PER: fold that test alone into
the two callers of use_exit tb.

Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/s390x/translate.c | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_op_calc_cc(DisasContext *s)
     set_cc_static(s);
 }
 
-static bool use_exit_tb(DisasContext *s)
-{
-    return s->base.singlestep_enabled ||
-            (tb_cflags(s->base.tb) & CF_LAST_IO) ||
-            (s->base.tb->flags & FLAG_MASK_PER);
-}
-
 static bool use_goto_tb(DisasContext *s, uint64_t dest)
 {
-    if (unlikely(use_exit_tb(s))) {
+    if (unlikely(s->base.tb->flags & FLAG_MASK_PER)) {
         return false;
     }
     return translator_use_goto_tb(&s->base, dest);
@@ -XXX,XX +XXX,XX @@ static void s390x_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
         /* Exit the TB, either by raising a debug exception or by return.  */
         if (dc->do_debug) {
             gen_exception(EXCP_DEBUG);
-        } else if (use_exit_tb(dc) ||
+        } else if ((dc->base.tb->flags & FLAG_MASK_PER) ||
                    dc->base.is_jmp == DISAS_PC_STALE_NOCHAIN) {
             tcg_gen_exit_tb(NULL, 0);
         } else {
-- 
2.25.1

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/sh4/translate.c | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/target/sh4/translate.c b/target/sh4/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sh4/translate.c
+++ b/target/sh4/translate.c
@@ -XXX,XX +XXX,XX @@ static inline bool use_exit_tb(DisasContext *ctx)
     return (ctx->tbflags & GUSA_EXCLUSIVE) != 0;
 }
 
-static inline bool use_goto_tb(DisasContext *ctx, target_ulong dest)
+static bool use_goto_tb(DisasContext *ctx, target_ulong dest)
 {
-    /* Use a direct jump if in same page and singlestep not enabled */
-    if (unlikely(ctx->base.singlestep_enabled || use_exit_tb(ctx))) {
+    if (use_exit_tb(ctx)) {
         return false;
     }
-#ifndef CONFIG_USER_ONLY
-    return (ctx->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
-#else
-    return true;
-#endif
+    return translator_use_goto_tb(&ctx->base, dest);
 }
 
 static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
-- 
2.25.1

Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/sparc/translate.c | 19 +++++--------------
 1 file changed, 5 insertions(+), 14 deletions(-)

diff --git a/target/sparc/translate.c b/target/sparc/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sparc/translate.c
+++ b/target/sparc/translate.c
@@ -XXX,XX +XXX,XX @@ static inline TCGv gen_dest_gpr(DisasContext *dc, int reg)
     }
 }
 
-static inline bool use_goto_tb(DisasContext *s, target_ulong pc,
-                               target_ulong npc)
+static bool use_goto_tb(DisasContext *s, target_ulong pc, target_ulong npc)
 {
-    if (unlikely(s->base.singlestep_enabled || singlestep)) {
-        return false;
-    }
-
-#ifndef CONFIG_USER_ONLY
-    return (pc & TARGET_PAGE_MASK) == (s->base.tb->pc & TARGET_PAGE_MASK) &&
-           (npc & TARGET_PAGE_MASK) == (s->base.tb->pc & TARGET_PAGE_MASK);
-#else
-    return true;
-#endif
+    return translator_use_goto_tb(&s->base, pc) &&
+           translator_use_goto_tb(&s->base, npc);
 }
 
-static inline void gen_goto_tb(DisasContext *s, int tb_num,
-                               target_ulong pc, target_ulong npc)
+static void gen_goto_tb(DisasContext *s, int tb_num,
+                        target_ulong pc, target_ulong npc)
 {
     if (use_goto_tb(s, pc, npc))  {
         /* jump to same page: we can use a direct jump */
-- 
2.25.1

Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/tricore/translate.c | 17 ++---------------
 1 file changed, 2 insertions(+), 15 deletions(-)

diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -XXX,XX +XXX,XX @@ static inline void gen_save_pc(target_ulong pc)
     tcg_gen_movi_tl(cpu_PC, pc);
 }
 
-static inline bool use_goto_tb(DisasContext *ctx, target_ulong dest)
-{
-    if (unlikely(ctx->base.singlestep_enabled)) {
-        return false;
-    }
-
-#ifndef CONFIG_USER_ONLY
-    return (ctx->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
-#else
-    return true;
-#endif
-}
-
 static void generate_qemu_excp(DisasContext *ctx, int excp)
 {
     TCGv_i32 tmp = tcg_const_i32(excp);
@@ -XXX,XX +XXX,XX @@ static void generate_qemu_excp(DisasContext *ctx, int excp)
     tcg_temp_free(tmp);
 }
 
-static inline void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
+static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
 {
-    if (use_goto_tb(ctx, dest)) {
+    if (translator_use_goto_tb(&ctx->base, dest)) {
         tcg_gen_goto_tb(n);
         gen_save_pc(dest);
         tcg_gen_exit_tb(ctx->base.tb, n);
-- 
2.25.1

The loop is performing a simple boolean test for the existence
of a BP_CPU breakpoint at EIP.  Plus it gets the iteration wrong,
if we happen to have a BP_GDB breakpoint at the same address.

We have a function for this: cpu_breakpoint_test.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20210620062317.1399034-1-richard.henderson@linaro.org>
---
 target/i386/tcg/sysemu/bpt_helper.c | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/target/i386/tcg/sysemu/bpt_helper.c b/target/i386/tcg/sysemu/bpt_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/tcg/sysemu/bpt_helper.c
+++ b/target/i386/tcg/sysemu/bpt_helper.c
@@ -XXX,XX +XXX,XX @@ void breakpoint_handler(CPUState *cs)
 {
     X86CPU *cpu = X86_CPU(cs);
     CPUX86State *env = &cpu->env;
-    CPUBreakpoint *bp;
 
     if (cs->watchpoint_hit) {
         if (cs->watchpoint_hit->flags & BP_CPU) {
@@ -XXX,XX +XXX,XX @@ void breakpoint_handler(CPUState *cs)
             }
         }
     } else {
-        QTAILQ_FOREACH(bp, &cs->breakpoints, entry) {
-            if (bp->pc == env->eip) {
-                if (bp->flags & BP_CPU) {
-                    check_hw_breakpoints(env, true);
-                    raise_exception(env, EXCP01_DB);
-                }
-                break;
-            }
+        if (cpu_breakpoint_test(cs, env->eip, BP_CPU)) {
+            check_hw_breakpoints(env, true);
+            raise_exception(env, EXCP01_DB);
         }
     }
 }
-- 
2.25.1

This will allow additional code sharing.
No functional change.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/cpu-exec.c    | 30 ++++++++++++++++++++++++++++++
 accel/tcg/tcg-runtime.c | 22 ----------------------
 2 files changed, 30 insertions(+), 22 deletions(-)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/cpu-all.h"
 #include "sysemu/cpu-timers.h"
 #include "sysemu/replay.h"
+#include "exec/helper-proto.h"
 #include "tb-hash.h"
 #include "tb-lookup.h"
 #include "tb-context.h"
@@ -XXX,XX +XXX,XX @@ static void init_delay_params(SyncClocks *sc, const CPUState *cpu)
 }
 #endif /* CONFIG USER ONLY */
 
+/**
+ * helper_lookup_tb_ptr: quick check for next tb
+ * @env: current cpu state
+ *
+ * Look for an existing TB matching the current cpu state.
+ * If found, return the code pointer.  If not found, return
+ * the tcg epilogue so that we return into cpu_tb_exec.
+ */
+const void *HELPER(lookup_tb_ptr)(CPUArchState *env)
+{
+    CPUState *cpu = env_cpu(env);
+    TranslationBlock *tb;
+    target_ulong cs_base, pc;
+    uint32_t flags;
+
+    cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
+
+    tb = tb_lookup(cpu, pc, cs_base, flags, curr_cflags(cpu));
+    if (tb == NULL) {
+        return tcg_code_gen_epilogue;
+    }
+    qemu_log_mask_and_addr(CPU_LOG_EXEC, pc,
+                           "Chain %d: %p ["
+                           TARGET_FMT_lx "/" TARGET_FMT_lx "/%#x] %s\n",
+                           cpu->cpu_index, tb->tc.ptr, cs_base, pc, flags,
+                           lookup_symbol(pc));
+    return tb->tc.ptr;
+}
+
 /* Execute a TB, and fix up the CPU state afterwards if necessary */
 /*
  * Disable CFI checks.
diff --git a/accel/tcg/tcg-runtime.c b/accel/tcg/tcg-runtime.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/tcg-runtime.c
+++ b/accel/tcg/tcg-runtime.c
@@ -XXX,XX +XXX,XX @@
 #include "disas/disas.h"
 #include "exec/log.h"
 #include "tcg/tcg.h"
-#include "tb-lookup.h"
 
 /* 32-bit helpers */
 
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(ctpop_i64)(uint64_t arg)
     return ctpop64(arg);
 }
 
-const void *HELPER(lookup_tb_ptr)(CPUArchState *env)
-{
-    CPUState *cpu = env_cpu(env);
-    TranslationBlock *tb;
-    target_ulong cs_base, pc;
-    uint32_t flags;
-
-    cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
-
-    tb = tb_lookup(cpu, pc, cs_base, flags, curr_cflags(cpu));
-    if (tb == NULL) {
-        return tcg_code_gen_epilogue;
-    }
-    qemu_log_mask_and_addr(CPU_LOG_EXEC, pc,
-                           "Chain %d: %p ["
-                           TARGET_FMT_lx "/" TARGET_FMT_lx "/%#x] %s\n",
-                           cpu->cpu_index, tb->tc.ptr, cs_base, pc, flags,
-                           lookup_symbol(pc));
-    return tb->tc.ptr;
-}
-
 void HELPER(exit_atomic)(CPUArchState *env)
 {
     cpu_loop_exit_atomic(env_cpu(env), GETPC());
-- 
2.25.1

Now that we've moved helper_lookup_tb_ptr, the only user
of tb-lookup.h is cpu-exec.c; merge the contents in.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/tb-lookup.h | 49 -------------------------------------------
 accel/tcg/cpu-exec.c  | 31 ++++++++++++++++++++++++++-
 2 files changed, 30 insertions(+), 50 deletions(-)
 delete mode 100644 accel/tcg/tb-lookup.h

diff --git a/accel/tcg/tb-lookup.h b/accel/tcg/tb-lookup.h
deleted file mode 100644
index XXXXXXX..XXXXXXX
--- a/accel/tcg/tb-lookup.h
+++ /dev/null
@@ -XXX,XX +XXX,XX @@
-/*
- * Copyright (C) 2017, Emilio G. Cota <cota@braap.org>
- *
- * License: GNU GPL, version 2 or later.
- *   See the COPYING file in the top-level directory.
- */
-#ifndef EXEC_TB_LOOKUP_H
-#define EXEC_TB_LOOKUP_H
-
-#ifdef NEED_CPU_H
-#include "cpu.h"
-#else
-#include "exec/poison.h"
-#endif
-
-#include "exec/exec-all.h"
-#include "tb-hash.h"
-
-/* Might cause an exception, so have a longjmp destination ready */
-static inline TranslationBlock *tb_lookup(CPUState *cpu, target_ulong pc,
-                                          target_ulong cs_base,
-                                          uint32_t flags, uint32_t cflags)
-{
-    TranslationBlock *tb;
-    uint32_t hash;
-
-    /* we should never be trying to look up an INVALID tb */
-    tcg_debug_assert(!(cflags & CF_INVALID));
-
-    hash = tb_jmp_cache_hash_func(pc);
-    tb = qatomic_rcu_read(&cpu->tb_jmp_cache[hash]);
-
-    if (likely(tb &&
-               tb->pc == pc &&
-               tb->cs_base == cs_base &&
-               tb->flags == flags &&
-               tb->trace_vcpu_dstate == *cpu->trace_dstate &&
-               tb_cflags(tb) == cflags)) {
-        return tb;
-    }
-    tb = tb_htable_lookup(cpu, pc, cs_base, flags, cflags);
-    if (tb == NULL) {
-        return NULL;
-    }
-    qatomic_set(&cpu->tb_jmp_cache[hash], tb);
-    return tb;
-}
-
-#endif /* EXEC_TB_LOOKUP_H */
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -XXX,XX +XXX,XX @@
 #include "sysemu/replay.h"
 #include "exec/helper-proto.h"
 #include "tb-hash.h"
-#include "tb-lookup.h"
 #include "tb-context.h"
 #include "internal.h"
 
@@ -XXX,XX +XXX,XX @@ static void init_delay_params(SyncClocks *sc, const CPUState *cpu)
 }
 #endif /* CONFIG USER ONLY */
 
+/* Might cause an exception, so have a longjmp destination ready */
+static inline TranslationBlock *tb_lookup(CPUState *cpu, target_ulong pc,
+                                          target_ulong cs_base,
+                                          uint32_t flags, uint32_t cflags)
+{
+    TranslationBlock *tb;
+    uint32_t hash;
+
+    /* we should never be trying to look up an INVALID tb */
+    tcg_debug_assert(!(cflags & CF_INVALID));
+
+    hash = tb_jmp_cache_hash_func(pc);
+    tb = qatomic_rcu_read(&cpu->tb_jmp_cache[hash]);
+
+    if (likely(tb &&
+               tb->pc == pc &&
+               tb->cs_base == cs_base &&
+               tb->flags == flags &&
+               tb->trace_vcpu_dstate == *cpu->trace_dstate &&
+               tb_cflags(tb) == cflags)) {
+        return tb;
+    }
+    tb = tb_htable_lookup(cpu, pc, cs_base, flags, cflags);
+    if (tb == NULL) {
+        return NULL;
+    }
+    qatomic_set(&cpu->tb_jmp_cache[hash], tb);
+    return tb;
+}
+
 /**
  * helper_lookup_tb_ptr: quick check for next tb
  * @env: current cpu state
-- 
2.25.1

Split out CPU_LOG_EXEC and CPU_LOG_TB_CPU logging from
cpu_tb_exec to a new function.  Perform only one pc
range check after a combined mask check.

Use the new function in lookup_tb_ptr.  This enables
CPU_LOG_TB_CPU between indirectly chained tbs.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/cpu-exec.c | 61 ++++++++++++++++++++++++--------------------
 1 file changed, 34 insertions(+), 27 deletions(-)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -XXX,XX +XXX,XX @@ static inline TranslationBlock *tb_lookup(CPUState *cpu, target_ulong pc,
     return tb;
 }
 
+static inline void log_cpu_exec(target_ulong pc, CPUState *cpu,
+                                const TranslationBlock *tb)
+{
+    if (unlikely(qemu_loglevel_mask(CPU_LOG_TB_CPU | CPU_LOG_EXEC))
+        && qemu_log_in_addr_range(pc)) {
+
+        qemu_log_mask(CPU_LOG_EXEC,
+                      "Trace %d: %p [" TARGET_FMT_lx
+                      "/" TARGET_FMT_lx "/%#x] %s\n",
+                      cpu->cpu_index, tb->tc.ptr, tb->cs_base, pc, tb->flags,
+                      lookup_symbol(pc));
+
+#if defined(DEBUG_DISAS)
+        if (qemu_loglevel_mask(CPU_LOG_TB_CPU)) {
+            FILE *logfile = qemu_log_lock();
+            int flags = 0;
+
+            if (qemu_loglevel_mask(CPU_LOG_TB_FPU)) {
+                flags |= CPU_DUMP_FPU;
+            }
+#if defined(TARGET_I386)
+            flags |= CPU_DUMP_CCOP;
+#endif
+            log_cpu_state(cpu, flags);
+            qemu_log_unlock(logfile);
+        }
+#endif /* DEBUG_DISAS */
+    }
+}
+
 /**
  * helper_lookup_tb_ptr: quick check for next tb
  * @env: current cpu state
@@ -XXX,XX +XXX,XX @@ const void *HELPER(lookup_tb_ptr)(CPUArchState *env)
     if (tb == NULL) {
         return tcg_code_gen_epilogue;
     }
-    qemu_log_mask_and_addr(CPU_LOG_EXEC, pc,
-                           "Chain %d: %p ["
-                           TARGET_FMT_lx "/" TARGET_FMT_lx "/%#x] %s\n",
-                           cpu->cpu_index, tb->tc.ptr, cs_base, pc, flags,
-                           lookup_symbol(pc));
+
+    log_cpu_exec(pc, cpu, tb);
+
     return tb->tc.ptr;
 }
 
@@ -XXX,XX +XXX,XX @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit)
     TranslationBlock *last_tb;
     const void *tb_ptr = itb->tc.ptr;
 
-    qemu_log_mask_and_addr(CPU_LOG_EXEC, itb->pc,
-                           "Trace %d: %p ["
-                           TARGET_FMT_lx "/" TARGET_FMT_lx "/%#x] %s\n",
-                           cpu->cpu_index, itb->tc.ptr,
-                           itb->cs_base, itb->pc, itb->flags,
-                           lookup_symbol(itb->pc));
-
-#if defined(DEBUG_DISAS)
-    if (qemu_loglevel_mask(CPU_LOG_TB_CPU)
-        && qemu_log_in_addr_range(itb->pc)) {
-        FILE *logfile = qemu_log_lock();
-        int flags = 0;
-        if (qemu_loglevel_mask(CPU_LOG_TB_FPU)) {
-            flags |= CPU_DUMP_FPU;
-        }
-#if defined(TARGET_I386)
-        flags |= CPU_DUMP_CCOP;
-#endif
-        log_cpu_state(cpu, flags);
-        qemu_log_unlock(logfile);
-    }
-#endif /* DEBUG_DISAS */
+    log_cpu_exec(itb->pc, cpu, itb);
 
     qemu_thread_jit_execute();
     ret = tcg_qemu_tb_exec(env, tb_ptr);
-- 
2.25.1

Since 6eea04347eb6, all tcg backends support goto_ptr.
Remove the conditional, making support mandatory.

diff --git a/include/tcg/tcg-opc.h b/include/tcg/tcg-opc.h
index XXXXXXX..XXXXXXX 100644
--- a/include/tcg/tcg-opc.h
+++ b/include/tcg/tcg-opc.h
@@ -XXX,XX +XXX,XX @@ DEF(insn_start, 0, 0, TLADDR_ARGS * TARGET_INSN_START_WORDS,
     TCG_OPF_NOT_PRESENT)
 DEF(exit_tb, 0, 0, 1, TCG_OPF_BB_EXIT | TCG_OPF_BB_END)
 DEF(goto_tb, 0, 0, 1, TCG_OPF_BB_EXIT | TCG_OPF_BB_END)
-DEF(goto_ptr, 0, 1, 0,
-    TCG_OPF_BB_EXIT | TCG_OPF_BB_END | IMPL(TCG_TARGET_HAS_goto_ptr))
+DEF(goto_ptr, 0, 1, 0, TCG_OPF_BB_EXIT | TCG_OPF_BB_END)
 
 DEF(plugin_cb_start, 0, 0, 3, TCG_OPF_NOT_PRESENT)
 DEF(plugin_cb_end, 0, 0, 0, TCG_OPF_NOT_PRESENT)
diff --git a/tcg/aarch64/tcg-target.h b/tcg/aarch64/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/aarch64/tcg-target.h
+++ b/tcg/aarch64/tcg-target.h
@@ -XXX,XX +XXX,XX @@ typedef enum {
 #define TCG_TARGET_HAS_mulsh_i32        0
 #define TCG_TARGET_HAS_extrl_i64_i32    0
 #define TCG_TARGET_HAS_extrh_i64_i32    0
-#define TCG_TARGET_HAS_goto_ptr         1
 #define TCG_TARGET_HAS_qemu_st8_i32     0
 
 #define TCG_TARGET_HAS_div_i64          1
diff --git a/tcg/arm/tcg-target.h b/tcg/arm/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/arm/tcg-target.h
+++ b/tcg/arm/tcg-target.h
@@ -XXX,XX +XXX,XX @@ extern bool use_neon_instructions;
 #define TCG_TARGET_HAS_mulsh_i32        0
 #define TCG_TARGET_HAS_div_i32          use_idiv_instructions
 #define TCG_TARGET_HAS_rem_i32          0
-#define TCG_TARGET_HAS_goto_ptr         1
 #define TCG_TARGET_HAS_direct_jump      0
 #define TCG_TARGET_HAS_qemu_st8_i32     0
 
diff --git a/tcg/i386/tcg-target.h b/tcg/i386/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/i386/tcg-target.h
+++ b/tcg/i386/tcg-target.h
@@ -XXX,XX +XXX,XX @@ extern bool have_movbe;
 #define TCG_TARGET_HAS_muls2_i32        1
 #define TCG_TARGET_HAS_muluh_i32        0
 #define TCG_TARGET_HAS_mulsh_i32        0
-#define TCG_TARGET_HAS_goto_ptr         1
 #define TCG_TARGET_HAS_direct_jump      1
 
 #if TCG_TARGET_REG_BITS == 64
diff --git a/tcg/mips/tcg-target.h b/tcg/mips/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/mips/tcg-target.h
+++ b/tcg/mips/tcg-target.h
@@ -XXX,XX +XXX,XX @@ extern bool use_mips32r2_instructions;
 #define TCG_TARGET_HAS_muluh_i32        1
 #define TCG_TARGET_HAS_mulsh_i32        1
 #define TCG_TARGET_HAS_bswap32_i32      1
-#define TCG_TARGET_HAS_goto_ptr         1
 #define TCG_TARGET_HAS_direct_jump      1
 
 #if TCG_TARGET_REG_BITS == 64
diff --git a/tcg/ppc/tcg-target.h b/tcg/ppc/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/ppc/tcg-target.h
+++ b/tcg/ppc/tcg-target.h
@@ -XXX,XX +XXX,XX @@ extern bool have_vsx;
 #define TCG_TARGET_HAS_muls2_i32        0
 #define TCG_TARGET_HAS_muluh_i32        1
 #define TCG_TARGET_HAS_mulsh_i32        1
-#define TCG_TARGET_HAS_goto_ptr         1
 #define TCG_TARGET_HAS_direct_jump      1
 #define TCG_TARGET_HAS_qemu_st8_i32     0
 
diff --git a/tcg/riscv/tcg-target.h b/tcg/riscv/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/riscv/tcg-target.h
+++ b/tcg/riscv/tcg-target.h
@@ -XXX,XX +XXX,XX @@ typedef enum {
 #define TCG_TARGET_CALL_STACK_OFFSET    0
 
 /* optional instructions */
-#define TCG_TARGET_HAS_goto_ptr         1
 #define TCG_TARGET_HAS_movcond_i32      0
 #define TCG_TARGET_HAS_div_i32          1
 #define TCG_TARGET_HAS_rem_i32          1
diff --git a/tcg/s390/tcg-target.h b/tcg/s390/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/s390/tcg-target.h
+++ b/tcg/s390/tcg-target.h
@@ -XXX,XX +XXX,XX @@ extern uint64_t s390_facilities;
 #define TCG_TARGET_HAS_mulsh_i32      0
 #define TCG_TARGET_HAS_extrl_i64_i32  0
 #define TCG_TARGET_HAS_extrh_i64_i32  0
-#define TCG_TARGET_HAS_goto_ptr       1
 #define TCG_TARGET_HAS_direct_jump    (s390_facilities & FACILITY_GEN_INST_EXT)
 #define TCG_TARGET_HAS_qemu_st8_i32   0
 
diff --git a/tcg/sparc/tcg-target.h b/tcg/sparc/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/sparc/tcg-target.h
+++ b/tcg/sparc/tcg-target.h
@@ -XXX,XX +XXX,XX @@ extern bool use_vis3_instructions;
 #define TCG_TARGET_HAS_muls2_i32        1
 #define TCG_TARGET_HAS_muluh_i32        0
 #define TCG_TARGET_HAS_mulsh_i32        0
-#define TCG_TARGET_HAS_goto_ptr         1
 #define TCG_TARGET_HAS_direct_jump      1
 #define TCG_TARGET_HAS_qemu_st8_i32     0
 
diff --git a/tcg/tci/tcg-target.h b/tcg/tci/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tci/tcg-target.h
+++ b/tcg/tci/tcg-target.h
@@ -XXX,XX +XXX,XX @@
 #define TCG_TARGET_HAS_muls2_i32        1
 #define TCG_TARGET_HAS_muluh_i32        0
 #define TCG_TARGET_HAS_mulsh_i32        0
-#define TCG_TARGET_HAS_goto_ptr         1
 #define TCG_TARGET_HAS_direct_jump      0
 #define TCG_TARGET_HAS_qemu_st8_i32     0
 
diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg-op.c
+++ b/tcg/tcg-op.c
@@ -XXX,XX +XXX,XX @@ void tcg_gen_goto_tb(unsigned idx)
 
 void tcg_gen_lookup_and_goto_ptr(void)
 {
-    if (TCG_TARGET_HAS_goto_ptr && !qemu_loglevel_mask(CPU_LOG_TB_NOCHAIN)) {
+    if (!qemu_loglevel_mask(CPU_LOG_TB_NOCHAIN)) {
         TCGv_ptr ptr;
 
         plugin_gen_disable_mem_helpers();
diff --git a/tcg/tcg.c b/tcg/tcg.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -XXX,XX +XXX,XX @@ void tcg_prologue_init(TCGContext *s)
      * For tci, we use NULL as the signal to return from the interpreter,
      * so skip this check.
      */
-    if (TCG_TARGET_HAS_goto_ptr) {
-        tcg_debug_assert(tcg_code_gen_epilogue != NULL);
-    }
+    tcg_debug_assert(tcg_code_gen_epilogue != NULL);
 #endif
 
     tcg_region_prologue_set(s);
@@ -XXX,XX +XXX,XX @@ bool tcg_op_supported(TCGOpcode op)
     case INDEX_op_insn_start:
     case INDEX_op_exit_tb:
     case INDEX_op_goto_tb:
+    case INDEX_op_goto_ptr:
     case INDEX_op_qemu_ld_i32:
     case INDEX_op_qemu_st_i32:
     case INDEX_op_qemu_ld_i64:
@@ -XXX,XX +XXX,XX @@ bool tcg_op_supported(TCGOpcode op)
     case INDEX_op_qemu_st8_i32:
         return TCG_TARGET_HAS_qemu_st8_i32;
 
-    case INDEX_op_goto_ptr:
-        return TCG_TARGET_HAS_goto_ptr;
-
     case INDEX_op_mov_i32:
     case INDEX_op_setcond_i32:
     case INDEX_op_brcond_i32:
-- 
2.25.1

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 cpu.c        | 13 +++++++++----
 trace-events |  5 +++++
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/cpu.c b/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/cpu.c
+++ b/cpu.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/translate-all.h"
 #include "exec/log.h"
 #include "hw/core/accel-cpu.h"
+#include "trace/trace-root.h"
 
 uintptr_t qemu_host_page_size;
 intptr_t qemu_host_page_mask;
@@ -XXX,XX +XXX,XX @@ int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
     if (breakpoint) {
         *breakpoint = bp;
     }
+
+    trace_breakpoint_insert(cpu->cpu_index, pc, flags);
     return 0;
 }
 
@@ -XXX,XX +XXX,XX @@ int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
 }
 
 /* Remove a specific breakpoint by reference.  */
-void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
+void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *bp)
 {
-    QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
+    QTAILQ_REMOVE(&cpu->breakpoints, bp, entry);
 
-    breakpoint_invalidate(cpu, breakpoint->pc);
+    breakpoint_invalidate(cpu, bp->pc);
 
-    g_free(breakpoint);
+    trace_breakpoint_remove(cpu->cpu_index, bp->pc, bp->flags);
+    g_free(bp);
 }
 
 /* Remove all matching breakpoints. */
@@ -XXX,XX +XXX,XX @@ void cpu_single_step(CPUState *cpu, int enabled)
             /* XXX: only flush what is necessary */
             tb_flush(cpu);
         }
+        trace_breakpoint_singlestep(cpu->cpu_index, enabled);
     }
 }
 
diff --git a/trace-events b/trace-events
index XXXXXXX..XXXXXXX 100644
--- a/trace-events
+++ b/trace-events
@@ -XXX,XX +XXX,XX @@
 #
 # The <format-string> should be a sprintf()-compatible format string.
 
+# cpu.c
+breakpoint_insert(int cpu_index, uint64_t pc, int flags) "cpu=%d pc=0x%" PRIx64 " flags=0x%x"
+breakpoint_remove(int cpu_index, uint64_t pc, int flags) "cpu=%d pc=0x%" PRIx64 " flags=0x%x"
+breakpoint_singlestep(int cpu_index, int enabled) "cpu=%d enable=%d"
+
 # dma-helpers.c
 dma_blk_io(void *dbs, void *bs, int64_t offset, bool to_dev) "dbs=%p bs=%p offset=%" PRId64 " to_dev=%d"
 dma_aio_cancel(void *dbs) "dbs=%p"
-- 
2.25.1

Version 3 fixes a rebase error from v2 affecting ARM BFC insn.

The following changes since commit 29c8a9e31a982874ce4e2c15f2bf82d5f8dc3517:

Merge tag 'linux-user-for-8.0-pull-request' of https://gitlab.com/laurent_vivier/qemu into staging (2023-03-12 10:57:00 +0000)

are available in the Git repository at:

https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20230313

for you to fetch changes up to 0c8b6b9a6383e2e37ff3d1d12b40c58b7ed36c1c:

tcg: Drop tcg_const_* (2023-03-13 07:03:39 -0700)

----------------------------------------------------------------
accel/tcg: Fix NB_MMU_MODES to 16
Balance of the target/ patchset which eliminates tcg_temp_free
Balance of the target/ patchset which eliminates tcg_const

----------------------------------------------------------------
Anton Johansson (23):
      include/exec: Set default `NB_MMU_MODES` to 16
      target/alpha: Remove `NB_MMU_MODES` define
      target/arm: Remove `NB_MMU_MODES` define
      target/avr: Remove `NB_MMU_MODES` define
      target/cris: Remove `NB_MMU_MODES` define
      target/hexagon: Remove `NB_MMU_MODES` define
      target/hppa: Remove `NB_MMU_MODES` define
      target/i386: Remove `NB_MMU_MODES` define
      target/loongarch: Remove `NB_MMU_MODES` define
      target/m68k: Remove `NB_MMU_MODES` define
      target/microblaze: Remove `NB_MMU_MODES` define
      target/mips: Remove `NB_MMU_MODES` define
      target/nios2: Remove `NB_MMU_MODES` define
      target/openrisc: Remove `NB_MMU_MODES` define
      target/ppc: Remove `NB_MMU_MODES` define
      target/riscv: Remove `NB_MMU_MODES` define
      target/rx: Remove `NB_MMU_MODES` define
      target/s390x: Remove `NB_MMU_MODES` define
      target/sh4: Remove `NB_MMU_MODES` define
      target/sparc: Remove `NB_MMU_MODES` define
      target/tricore: Remove `NB_MMU_MODES` define
      target/xtensa: Remove `NB_MMU_MODES` define
      include/exec: Remove guards around `NB_MMU_MODES`

Richard Henderson (68):
      target/mips: Drop tcg_temp_free from micromips_translate.c.inc
      target/mips: Drop tcg_temp_free from msa_translate.c
      target/mips: Drop tcg_temp_free from mxu_translate.c
      target/mips: Drop tcg_temp_free from nanomips_translate.c.inc
      target/mips: Drop tcg_temp_free from octeon_translate.c
      target/mips: Drop tcg_temp_free from translate_addr_const.c
      target/mips: Drop tcg_temp_free from tx79_translate.c
      target/mips: Drop tcg_temp_free from vr54xx_translate.c
      target/mips: Drop tcg_temp_free from translate.c
      target/s390x: Drop free_compare
      target/s390x: Drop tcg_temp_free from translate_vx.c.inc
      target/s390x: Drop tcg_temp_free from translate.c
      target/s390x: Remove assert vs g_in2
      target/s390x: Remove g_out, g_out2, g_in1, g_in2 from DisasContext
      tcg: Create tcg/tcg-temp-internal.h
      target/avr: Avoid use of tcg_const_i32 in SBIC, SBIS
      target/avr: Avoid use of tcg_const_i32 throughout
      target/cris: Avoid use of tcg_const_i32 throughout
      target/hppa: Avoid tcg_const_i64 in trans_fid_f
      target/hppa: Avoid use of tcg_const_i32 throughout
      target/i386: Avoid use of tcg_const_* throughout
      target/m68k: Avoid tcg_const_i32 when modified
      target/m68k: Avoid tcg_const_i32 in bfop_reg
      target/m68k: Avoid tcg_const_* throughout
      target/mips: Split out gen_lxl
      target/mips: Split out gen_lxr
      target/mips: Avoid tcg_const_tl in gen_r6_ld
      target/mips: Avoid tcg_const_* throughout
      target/ppc: Split out gen_vx_vmul10
      target/ppc: Avoid tcg_const_i64 in do_vector_shift_quad
      target/rx: Use tcg_gen_abs_i32
      target/rx: Use cpu_psw_z as temp in flags computation
      target/rx: Avoid tcg_const_i32 when new temp needed
      target/rx: Avoid tcg_const_i32
      target/s390x: Avoid tcg_const_i64
      target/sh4: Avoid tcg_const_i32 for TAS.B
      target/sh4: Avoid tcg_const_i32
      tcg/sparc: Avoid tcg_const_tl in gen_edge
      target/tricore: Split t_n as constant from temp as variable
      target/tricore: Rename t_off10 and use tcg_constant_i32
      target/tricore: Use setcondi instead of explicit allocation
      target/tricore: Drop some temp initialization
      target/tricore: Avoid tcg_const_i32
      tcg: Replace tcg_const_i64 in tcg-op.c
      target/arm: Use rmode >= 0 for need_rmode
      target/arm: Handle FPROUNDING_ODD in arm_rmode_to_sf
      target/arm: Improve arm_rmode_to_sf
      target/arm: Consistently use ARMFPRounding during translation
      target/arm: Create gen_set_rmode, gen_restore_rmode
      target/arm: Improve trans_BFCI
      target/arm: Avoid tcg_const_ptr in gen_sve_{ldr,str}
      target/arm: Avoid tcg_const_* in translate-mve.c
      target/arm: Avoid tcg_const_ptr in disas_simd_zip_trn
      target/arm: Avoid tcg_const_ptr in handle_vec_simd_sqshrn
      target/arm: Avoid tcg_const_ptr in handle_rev
      target/m68k: Use tcg_constant_i32 in gen_ea_mode
      target/ppc: Avoid tcg_const_i64 in do_vcntmb
      target/ppc: Avoid tcg_const_* in vmx-impl.c.inc
      target/ppc: Avoid tcg_const_* in xxeval
      target/ppc: Avoid tcg_const_* in vsx-impl.c.inc
      target/ppc: Avoid tcg_const_* in fp-impl.c.inc
      target/ppc: Avoid tcg_const_* in power8-pmu-regs.c.inc
      target/ppc: Rewrite trans_ADDG6S
      target/ppc: Fix gen_tlbsx_booke206
      target/ppc: Avoid tcg_const_* in translate.c
      target/tricore: Use min/max for saturate
      tcg: Drop tcg_const_*_vec
      tcg: Drop tcg_const_*

Reorg temporary usage so that we can use tcg_constant_i32.
tcg_gen_deposit_i32 already has a width == 32 special case,
so remove the check here.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/tcg/translate.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/target/arm/tcg/translate.c b/target/arm/tcg/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/tcg/translate.c
+++ b/target/arm/tcg/translate.c
@@ -XXX,XX +XXX,XX @@ static bool trans_UBFX(DisasContext *s, arg_UBFX *a)
 
 static bool trans_BFCI(DisasContext *s, arg_BFCI *a)
 {
-    TCGv_i32 tmp;
     int msb = a->msb, lsb = a->lsb;
+    TCGv_i32 t_in, t_rd;
     int width;
 
     if (!ENABLE_ARCH_6T2) {
@@ -XXX,XX +XXX,XX @@ static bool trans_BFCI(DisasContext *s, arg_BFCI *a)
     width = msb + 1 - lsb;
     if (a->rn == 15) {
         /* BFC */
-        tmp = tcg_const_i32(0);
+        t_in = tcg_constant_i32(0);
     } else {
         /* BFI */
-        tmp = load_reg(s, a->rn);
+        t_in = load_reg(s, a->rn);
     }
-    if (width != 32) {
-        TCGv_i32 tmp2 = load_reg(s, a->rd);
-        tcg_gen_deposit_i32(tmp, tmp2, tmp, lsb, width);
-    }
-    store_reg(s, a->rd, tmp);
+    t_rd = load_reg(s, a->rd);
+    tcg_gen_deposit_i32(t_rd, t_rd, t_in, lsb, width);
+    store_reg(s, a->rd, t_rd);
     return true;
 }
 
-- 
2.34.1