Series comparison

-[PATCH 00/41] tcg patch queue
+[PULL v2 00/53] tcg patch queue
-The following changes since commit 05de778b5b8ab0b402996769117b88c7ea5c7c61:
+v2: Remove poisoned symbol CONFIG_RISCV_DIS from disas.c.
     Wasn't visible from x86 with gcc or clang;
     was visible from macos clang;
     was visible from native riscv clang.
-  Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging (2021-07-09 14:30:01 +0100)
 r~
 The following changes since commit fff86d48a2cdcdfa75f845cac3e0d3cdd848d9e4:
   Merge tag 'migration-20230509-pull-request' of https://gitlab.com/juan.quintela/qemu into staging (2023-05-11 05:55:12 +0100)
 are available in the Git repository at:
-  https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20210710
+  https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20230511-2
-for you to fetch changes up to ad1a706f386c2281adb0b09257d892735e405834:
+for you to fetch changes up to 335dfd253fc242b009a1b9b5d4fffbf4ea52928d:
-  cpu: Add breakpoint tracepoints (2021-07-09 21:31:11 -0700)
+  target/loongarch: Do not include tcg-ldst.h (2023-05-11 09:53:41 +0100)
 ----------------------------------------------------------------
-Add translator_use_goto_tb.
+target/m68k: Fix gen_load_fp regression
-Cleanups in prep of breakpoint fixes.
+accel/tcg: Ensure fairness with icount
-Misc fixes.
+disas: Move disas.c into the target-independent source sets
 tcg: Use common routines for calling slow path helpers
 tcg/*: Cleanups to qemu_ld/st constraints
 tcg: Remove TARGET_ALIGNED_ONLY
 accel/tcg: Reorg system mode load/store helpers
 ----------------------------------------------------------------
-Liren Wei (2):
+Jamie Iles (2):
-      accel/tcg: Hoist tcg_tb_insert() up above tb_link_page()
+      cpu: expose qemu_cpu_list_lock for lock-guard use
-      tcg: Bake tb_destroy() into tcg_region_tree
+      accel/tcg/tcg-accel-ops-rr: ensure fairness with icount
-Philippe Mathieu-Daudé (1):
+Richard Henderson (49):
-      tcg: Avoid including 'trace-tcg.h' in target translate.c
+      target/m68k: Fix gen_load_fp for OS_LONG
       accel/tcg: Fix atomic_mmu_lookup for reads
       disas: Fix tabs and braces in disas.c
       disas: Move disas.c to disas/
       disas: Remove target_ulong from the interface
       disas: Remove target-specific headers
       tcg/i386: Introduce prepare_host_addr
       tcg/i386: Use indexed addressing for softmmu fast path
       tcg/aarch64: Introduce prepare_host_addr
       tcg/arm: Introduce prepare_host_addr
       tcg/loongarch64: Introduce prepare_host_addr
       tcg/mips: Introduce prepare_host_addr
       tcg/ppc: Introduce prepare_host_addr
       tcg/riscv: Introduce prepare_host_addr
       tcg/s390x: Introduce prepare_host_addr
       tcg: Add routines for calling slow-path helpers
       tcg/i386: Convert tcg_out_qemu_ld_slow_path
       tcg/i386: Convert tcg_out_qemu_st_slow_path
       tcg/aarch64: Convert tcg_out_qemu_{ld,st}_slow_path
       tcg/arm: Convert tcg_out_qemu_{ld,st}_slow_path
       tcg/loongarch64: Convert tcg_out_qemu_{ld,st}_slow_path
       tcg/mips: Convert tcg_out_qemu_{ld,st}_slow_path
       tcg/ppc: Convert tcg_out_qemu_{ld,st}_slow_path
       tcg/riscv: Convert tcg_out_qemu_{ld,st}_slow_path
       tcg/s390x: Convert tcg_out_qemu_{ld,st}_slow_path
       tcg/loongarch64: Simplify constraints on qemu_ld/st
       tcg/mips: Remove MO_BSWAP handling
       tcg/mips: Reorg tlb load within prepare_host_addr
       tcg/mips: Simplify constraints on qemu_ld/st
       tcg/ppc: Reorg tcg_out_tlb_read
       tcg/ppc: Adjust constraints on qemu_ld/st
       tcg/ppc: Remove unused constraints A, B, C, D
       tcg/ppc: Remove unused constraint J
       tcg/riscv: Simplify constraints on qemu_ld/st
       tcg/s390x: Use ALGFR in constructing softmmu host address
       tcg/s390x: Simplify constraints on qemu_ld/st
       target/mips: Add MO_ALIGN to gen_llwp, gen_scwp
       target/mips: Add missing default_tcg_memop_mask
       target/mips: Use MO_ALIGN instead of 0
       target/mips: Remove TARGET_ALIGNED_ONLY
       target/nios2: Remove TARGET_ALIGNED_ONLY
       target/sh4: Use MO_ALIGN where required
       target/sh4: Remove TARGET_ALIGNED_ONLY
       tcg: Remove TARGET_ALIGNED_ONLY
       accel/tcg: Add cpu_in_serial_context
       accel/tcg: Introduce tlb_read_idx
       accel/tcg: Reorg system mode load helpers
       accel/tcg: Reorg system mode store helpers
       target/loongarch: Do not include tcg-ldst.h
-Richard Henderson (38):
+Thomas Huth (2):
-      tcg: Add separator in INDEX_op_call dump
+      disas: Move softmmu specific code to separate file
-      tcg: Move tb_phys_invalidate_count to tb_ctx
+      disas: Move disas.c into the target-independent source set
       accel/tcg: Introduce translator_use_goto_tb
       target/alpha: Remove use_exit_tb
       target/alpha: Remove in_superpage
       target/alpha: Use translator_use_goto_tb
       target/arm: Use DISAS_TOO_MANY for ISB and SB
       target/arm: Use translator_use_goto_tb for aarch64
       target/arm: Use translator_use_goto_tb for aarch32
       target/avr: Use translator_use_goto_tb
       target/avr: Mark some helpers noreturn
       target/cris: Use translator_use_goto_tb
       target/hppa: Use translator_use_goto_tb
       target/i386: Use translator_use_goto_tb
       target/m68k: Use translator_use_goto_tb
       target/microblaze: Use translator_use_goto_tb
       target/mips: Use translator_use_goto_tb
       target/mips: Fix missing else in gen_goto_tb
       target/nios2: Use translator_use_goto_tb
       target/openrisc: Use translator_use_goto_tb
       target/ppc: Use translator_use_goto_tb
       target/riscv: Use translator_use_goto_tb
       target/rx: Use translator_use_goto_tb
       target/s390x: Use translator_use_goto_tb
       target/s390x: Remove use_exit_tb
       target/sh4: Use translator_use_goto_tb
       target/sparc: Use translator_use_goto_tb
       target/tricore: Use translator_use_goto_tb
       target/tricore: Use tcg_gen_lookup_and_goto_ptr
       target/xtensa: Use translator_use_goto_tb
       tcg: Fix prologue disassembly
       target/i386: Use cpu_breakpoint_test in breakpoint_handler
       accel/tcg: Move helper_lookup_tb_ptr to cpu-exec.c
       accel/tcg: Move tb_lookup to cpu-exec.c
       accel/tcg: Split out log_cpu_exec
       accel/tcg: Log tb->cflags with -d exec
       tcg: Remove TCG_TARGET_HAS_goto_ptr
       cpu: Add breakpoint tracepoints
- accel/tcg/tb-context.h              |   1 +
+ configs/targets/mips-linux-user.mak       |    1 -
- accel/tcg/tb-lookup.h               |  49 ----------------
+ configs/targets/mips-softmmu.mak          |    1 -
- include/exec/translator.h           |  10 ++++
+ configs/targets/mips64-linux-user.mak     |    1 -
- include/tcg/tcg-opc.h               |   3 +-
+ configs/targets/mips64-softmmu.mak        |    1 -
- include/tcg/tcg.h                   |   4 --
+ configs/targets/mips64el-linux-user.mak   |    1 -
- target/avr/helper.h                 |   8 +--
+ configs/targets/mips64el-softmmu.mak      |    1 -
- tcg/aarch64/tcg-target.h            |   1 -
+ configs/targets/mipsel-linux-user.mak     |    1 -
- tcg/arm/tcg-target.h                |   1 -
+ configs/targets/mipsel-softmmu.mak        |    1 -
- tcg/i386/tcg-target.h               |   1 -
+ configs/targets/mipsn32-linux-user.mak    |    1 -
- tcg/mips/tcg-target.h               |   1 -
+ configs/targets/mipsn32el-linux-user.mak  |    1 -
- tcg/ppc/tcg-target.h                |   1 -
+ configs/targets/nios2-softmmu.mak         |    1 -
- tcg/riscv/tcg-target.h              |   1 -
+ configs/targets/sh4-linux-user.mak        |    1 -
- tcg/s390/tcg-target.h               |   1 -
+ configs/targets/sh4-softmmu.mak           |    1 -
- tcg/sparc/tcg-target.h              |   1 -
+ configs/targets/sh4eb-linux-user.mak      |    1 -
- tcg/tci/tcg-target.h                |   1 -
+ configs/targets/sh4eb-softmmu.mak         |    1 -
- accel/tcg/cpu-exec.c                | 112 ++++++++++++++++++++++++++++--------
+ meson.build                               |    3 -
- accel/tcg/tcg-runtime.c             |  22 -------
+ accel/tcg/internal.h                      |    9 +
- accel/tcg/translate-all.c           |  23 ++++----
+ accel/tcg/tcg-accel-ops-icount.h          |    3 +-
- accel/tcg/translator.c              |  11 ++++
+ disas/disas-internal.h                    |   21 +
- cpu.c                               |  13 +++--
+ include/disas/disas.h                     |   23 +-
- target/alpha/translate.c            |  47 ++-------------
+ include/exec/cpu-common.h                 |    1 +
- target/arm/translate-a64.c          |  26 ++-------
+ include/exec/cpu-defs.h                   |    7 +-
- target/arm/translate-sve.c          |   1 -
+ include/exec/cpu_ldst.h                   |   26 +-
- target/arm/translate.c              |  17 +-----
+ include/exec/memop.h                      |   13 +-
- target/avr/translate.c              |   9 ++-
+ include/exec/poison.h                     |    1 -
- target/cris/translate.c             |   6 +-
+ tcg/loongarch64/tcg-target-con-set.h      |    2 -
- target/hppa/translate.c             |   6 +-
+ tcg/loongarch64/tcg-target-con-str.h      |    1 -
- target/i386/tcg/sysemu/bpt_helper.c |  12 +---
+ tcg/mips/tcg-target-con-set.h             |   13 +-
- target/i386/tcg/translate.c         |  15 +----
+ tcg/mips/tcg-target-con-str.h             |    2 -
- target/m68k/translate.c             |  13 +----
+ tcg/mips/tcg-target.h                     |    4 +-
- target/microblaze/translate.c       |  12 +---
+ tcg/ppc/tcg-target-con-set.h              |   11 +-
- target/mips/tcg/translate.c         |  21 ++-----
+ tcg/ppc/tcg-target-con-str.h              |    7 -
- target/nios2/translate.c            |  15 +----
+ tcg/riscv/tcg-target-con-set.h            |    2 -
- target/openrisc/translate.c         |  16 +++---
+ tcg/riscv/tcg-target-con-str.h            |    1 -
- target/ppc/translate.c              |  11 +---
+ tcg/s390x/tcg-target-con-set.h            |    2 -
- target/riscv/translate.c            |  20 +------
+ tcg/s390x/tcg-target-con-str.h            |    1 -
- target/rx/translate.c               |  12 +---
+ accel/tcg/cpu-exec-common.c               |    3 +
- target/s390x/translate.c            |  19 +-----
+ accel/tcg/cputlb.c                        | 1113 ++++++++++++++++-------------
- target/sh4/translate.c              |  12 +---
+ accel/tcg/tb-maint.c                      |    2 +-
- target/sparc/translate.c            |  20 ++-----
+ accel/tcg/tcg-accel-ops-icount.c          |   21 +-
- target/tricore/translate.c          |  20 ++-----
+ accel/tcg/tcg-accel-ops-rr.c              |   37 +-
- target/xtensa/translate.c           |   7 +--
+ bsd-user/elfload.c                        |    5 +-
- tcg/region.c                        |  33 +++--------
+ cpus-common.c                             |    2 +-
- tcg/tcg-op.c                        |   2 +-
+ disas/disas-mon.c                         |   65 ++
- tcg/tcg.c                           |  14 ++---
+ disas.c => disas/disas.c                  |  111 +--
- trace-events                        |   5 ++
+ linux-user/elfload.c                      |   18 +-
-files changed, 217 insertions(+), 439 deletions(-)
+ migration/dirtyrate.c                     |   26 +-
- delete mode 100644 accel/tcg/tb-lookup.h
+ replay/replay.c                           |    3 +-
+ target/loongarch/csr_helper.c             |    1 -
  target/loongarch/iocsr_helper.c           |    1 -
  target/m68k/translate.c                   |    1 +
  target/mips/tcg/mxu_translate.c           |    3 +-
  target/nios2/translate.c                  |   10 +
  target/sh4/translate.c                    |  102 ++-
  tcg/tcg.c                                 |  480 ++++++++++++-
  trace/control-target.c                    |    9 +-
  target/mips/tcg/micromips_translate.c.inc |   24 +-
  target/mips/tcg/mips16e_translate.c.inc   |   18 +-
  target/mips/tcg/nanomips_translate.c.inc  |   32 +-
  tcg/aarch64/tcg-target.c.inc              |  347 ++++-----
  tcg/arm/tcg-target.c.inc                  |  455 +++++-------
  tcg/i386/tcg-target.c.inc                 |  453 +++++-------
  tcg/loongarch64/tcg-target.c.inc          |  313 +++-----
  tcg/mips/tcg-target.c.inc                 |  870 +++++++---------------
  tcg/ppc/tcg-target.c.inc                  |  512 ++++++-------
  tcg/riscv/tcg-target.c.inc                |  304 ++++----
  tcg/s390x/tcg-target.c.inc                |  314 ++++----
  disas/meson.build                         |    6 +-
 files changed, 2789 insertions(+), 3040 deletions(-)
  create mode 100644 disas/disas-internal.h
  create mode 100644 disas/disas-mon.c
  rename disas.c => disas/disas.c (78%)

-[PATCH 01/41] tcg: Add separator in INDEX_op_call dump
+Deleted patch
-We lost the ',' following the called function name.
-Fixes: 3e92aa34434
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- tcg/tcg.c | 2 +-
-file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/tcg/tcg.c b/tcg/tcg.c
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/tcg.c
-+++ b/tcg/tcg.c
-@@ -XXX,XX +XXX,XX @@ static void tcg_dump_ops(TCGContext *s, bool have_prefs)
-                 col += qemu_log("plugin(%p)", func);
-             }
--            col += qemu_log("$0x%x,$%d", info->flags, nb_oargs);
-+            col += qemu_log(",$0x%x,$%d", info->flags, nb_oargs);
-             for (i = 0; i < nb_oargs; i++) {
-                 col += qemu_log(",%s", tcg_get_arg_str(s, buf, sizeof(buf),
-                                                        op->args[i]));
---
-.25.1

-[PATCH 02/41] tcg: Avoid including 'trace-tcg.h' in target translate.c
+Deleted patch
-From: Philippe Mathieu-Daudé <f4bug@amsat.org>
-The root trace-events only declares a single TCG event:
-  $ git grep -w tcg trace-events
-  trace-events:115:# tcg/tcg-op.c
-  trace-events:137:vcpu tcg guest_mem_before(TCGv vaddr, uint16_t info) "info=%d", "vaddr=0x%016"PRIx64" info=%d"
-and only a tcg/tcg-op.c uses it:
-  $ git grep -l trace_guest_mem_before_tcg
-  tcg/tcg-op.c
-therefore it is pointless to include "trace-tcg.h" in each target
-(because it is not used). Remove it.
-Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Message-Id: <20210629050935.2570721-1-f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/alpha/translate.c      | 1 -
- target/arm/translate-a64.c    | 1 -
- target/arm/translate-sve.c    | 1 -
- target/arm/translate.c        | 1 -
- target/cris/translate.c       | 1 -
- target/hppa/translate.c       | 1 -
- target/i386/tcg/translate.c   | 1 -
- target/m68k/translate.c       | 1 -
- target/microblaze/translate.c | 1 -
- target/mips/tcg/translate.c   | 1 -
- target/openrisc/translate.c   | 1 -
- target/ppc/translate.c        | 1 -
- target/rx/translate.c         | 1 -
- target/s390x/translate.c      | 1 -
- target/sh4/translate.c        | 1 -
- target/sparc/translate.c      | 1 -
- target/xtensa/translate.c     | 1 -
-files changed, 17 deletions(-)
-diff --git a/target/alpha/translate.c b/target/alpha/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/alpha/translate.c
-+++ b/target/alpha/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/cpu_ldst.h"
- #include "exec/helper-proto.h"
- #include "exec/helper-gen.h"
--#include "trace-tcg.h"
- #include "exec/translator.h"
- #include "exec/log.h"
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.c
-+++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-gen.h"
- #include "exec/log.h"
--#include "trace-tcg.h"
- #include "translate-a64.h"
- #include "qemu/atomic128.h"
-diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-sve.c
-+++ b/target/arm/translate-sve.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-proto.h"
- #include "exec/helper-gen.h"
- #include "exec/log.h"
--#include "trace-tcg.h"
- #include "translate-a64.h"
- #include "fpu/softfloat.h"
-diff --git a/target/arm/translate.c b/target/arm/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate.c
-+++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-proto.h"
- #include "exec/helper-gen.h"
--#include "trace-tcg.h"
- #include "exec/log.h"
-diff --git a/target/cris/translate.c b/target/cris/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/cris/translate.c
-+++ b/target/cris/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-gen.h"
--#include "trace-tcg.h"
- #include "exec/log.h"
-diff --git a/target/hppa/translate.c b/target/hppa/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/hppa/translate.c
-+++ b/target/hppa/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-proto.h"
- #include "exec/helper-gen.h"
- #include "exec/translator.h"
--#include "trace-tcg.h"
- #include "exec/log.h"
- /* Since we have a distinction between register size and address size,
-diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/i386/tcg/translate.c
-+++ b/target/i386/tcg/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-gen.h"
- #include "helper-tcg.h"
--#include "trace-tcg.h"
- #include "exec/log.h"
- #define PREFIX_REPZ   0x01
-diff --git a/target/m68k/translate.c b/target/m68k/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/m68k/translate.c
-+++ b/target/m68k/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-proto.h"
- #include "exec/helper-gen.h"
--#include "trace-tcg.h"
- #include "exec/log.h"
- #include "fpu/softfloat.h"
-diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/microblaze/translate.c
-+++ b/target/microblaze/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/translator.h"
- #include "qemu/qemu-print.h"
--#include "trace-tcg.h"
- #include "exec/log.h"
- #define EXTRACT_FIELD(src, start, end) \
-diff --git a/target/mips/tcg/translate.c b/target/mips/tcg/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/mips/tcg/translate.c
-+++ b/target/mips/tcg/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "semihosting/semihost.h"
- #include "trace.h"
--#include "trace-tcg.h"
- #include "exec/translator.h"
- #include "exec/log.h"
- #include "qemu/qemu-print.h"
-diff --git a/target/openrisc/translate.c b/target/openrisc/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/openrisc/translate.c
-+++ b/target/openrisc/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-gen.h"
- #include "exec/gen-icount.h"
--#include "trace-tcg.h"
- #include "exec/log.h"
- /* is_jmp field values */
-diff --git a/target/ppc/translate.c b/target/ppc/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/ppc/translate.c
-+++ b/target/ppc/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-proto.h"
- #include "exec/helper-gen.h"
--#include "trace-tcg.h"
- #include "exec/translator.h"
- #include "exec/log.h"
- #include "qemu/atomic128.h"
-diff --git a/target/rx/translate.c b/target/rx/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/rx/translate.c
-+++ b/target/rx/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-proto.h"
- #include "exec/helper-gen.h"
- #include "exec/translator.h"
--#include "trace-tcg.h"
- #include "exec/log.h"
- typedef struct DisasContext {
-diff --git a/target/s390x/translate.c b/target/s390x/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/s390x/translate.c
-+++ b/target/s390x/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-proto.h"
- #include "exec/helper-gen.h"
--#include "trace-tcg.h"
- #include "exec/translator.h"
- #include "exec/log.h"
- #include "qemu/atomic128.h"
-diff --git a/target/sh4/translate.c b/target/sh4/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/sh4/translate.c
-+++ b/target/sh4/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-proto.h"
- #include "exec/helper-gen.h"
- #include "exec/translator.h"
--#include "trace-tcg.h"
- #include "exec/log.h"
- #include "qemu/qemu-print.h"
-diff --git a/target/sparc/translate.c b/target/sparc/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/sparc/translate.c
-+++ b/target/sparc/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-gen.h"
--#include "trace-tcg.h"
- #include "exec/translator.h"
- #include "exec/log.h"
- #include "asi.h"
-diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/xtensa/translate.c
-+++ b/target/xtensa/translate.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-proto.h"
- #include "exec/helper-gen.h"
--#include "trace-tcg.h"
- #include "exec/log.h"
---
-.25.1

-[PATCH 03/41] accel/tcg: Hoist tcg_tb_insert() up above tb_link_page()
+Deleted patch
-From: Liren Wei <lrwei@bupt.edu.cn>
-TranslationBlocks not inserted into the corresponding region
-tree shall be regarded as partially initialized objects, and
-needs to be finalized first before inserting into QHT.
-Signed-off-by: Liren Wei <lrwei@bupt.edu.cn>
-Message-Id: <f9fc263f71e11b6308d8c1fbc0dd366bf4aeb532.1625404483.git.lrwei@bupt.edu.cn>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- accel/tcg/translate-all.c | 9 ++++++++-
-file changed, 8 insertions(+), 1 deletion(-)
-diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/translate-all.c
-+++ b/accel/tcg/translate-all.c
-@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
-         return tb;
-     }
-+    /*
-+     * Insert TB into the corresponding region tree before publishing it
-+     * through QHT. Otherwise rewinding happened in the TB might fail to
-+     * lookup itself using host PC.
-+     */
-+    tcg_tb_insert(tb);
-+
-     /* check next page if needed */
-     virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
-     phys_page2 = -1;
-@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
-         orig_aligned -= ROUND_UP(sizeof(*tb), qemu_icache_linesize);
-         qatomic_set(&tcg_ctx->code_gen_ptr, (void *)orig_aligned);
-         tb_destroy(tb);
-+        tcg_tb_remove(tb);
-         return existing_tb;
-     }
--    tcg_tb_insert(tb);
-     return tb;
- }
---
-.25.1

-[PATCH 04/41] tcg: Bake tb_destroy() into tcg_region_tree
+Deleted patch
-From: Liren Wei <lrwei@bupt.edu.cn>
-The function is called only at tcg_gen_code() when duplicated TBs
-are translated by different threads, and when the tcg_region_tree
-is reset. Bake it into the underlying GTree as its value destroy
-function to unite these situations.
-Also remove tcg_region_tree_traverse() which now becomes useless.
-Signed-off-by: Liren Wei <lrwei@bupt.edu.cn>
-Message-Id: <8dc352f08d038c4e7a1f5f56962398cdc700c3aa.1625404483.git.lrwei@bupt.edu.cn>
-[rth: Name the new tb_tc_cmp parameter correctly.]
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/tcg/tcg.h         |  1 -
- accel/tcg/translate-all.c |  6 ------
- tcg/region.c              | 19 ++++++++-----------
-files changed, 8 insertions(+), 18 deletions(-)
-diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/tcg/tcg.h
-+++ b/include/tcg/tcg.h
-@@ -XXX,XX +XXX,XX @@ void *tcg_malloc_internal(TCGContext *s, int size);
- void tcg_pool_reset(TCGContext *s);
- TranslationBlock *tcg_tb_alloc(TCGContext *s);
--void tb_destroy(TranslationBlock *tb);
- void tcg_region_reset_all(void);
- size_t tcg_code_size(void);
-diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/translate-all.c
-+++ b/accel/tcg/translate-all.c
-@@ -XXX,XX +XXX,XX @@ static int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
-     return 0;
- }
--void tb_destroy(TranslationBlock *tb)
--{
--    qemu_spin_destroy(&tb->jmp_lock);
--}
--
- bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc, bool will_exit)
- {
-     /*
-@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
-         orig_aligned -= ROUND_UP(sizeof(*tb), qemu_icache_linesize);
-         qatomic_set(&tcg_ctx->code_gen_ptr, (void *)orig_aligned);
--        tb_destroy(tb);
-         tcg_tb_remove(tb);
-         return existing_tb;
-     }
-diff --git a/tcg/region.c b/tcg/region.c
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/region.c
-+++ b/tcg/region.c
-@@ -XXX,XX +XXX,XX @@ static int ptr_cmp_tb_tc(const void *ptr, const struct tb_tc *s)
-     return 0;
- }
--static gint tb_tc_cmp(gconstpointer ap, gconstpointer bp)
-+static gint tb_tc_cmp(gconstpointer ap, gconstpointer bp, gpointer userdata)
- {
-     const struct tb_tc *a = ap;
-     const struct tb_tc *b = bp;
-@@ -XXX,XX +XXX,XX @@ static gint tb_tc_cmp(gconstpointer ap, gconstpointer bp)
-     return ptr_cmp_tb_tc(b->ptr, a);
- }
-+static void tb_destroy(gpointer value)
-+{
-+    TranslationBlock *tb = value;
-+    qemu_spin_destroy(&tb->jmp_lock);
-+}
-+
- static void tcg_region_trees_init(void)
- {
-     size_t i;
-@@ -XXX,XX +XXX,XX @@ static void tcg_region_trees_init(void)
-         struct tcg_region_tree *rt = region_trees + i * tree_size;
-         qemu_mutex_init(&rt->lock);
--        rt->tree = g_tree_new(tb_tc_cmp);
-+        rt->tree = g_tree_new_full(tb_tc_cmp, NULL, NULL, tb_destroy);
-     }
- }
-@@ -XXX,XX +XXX,XX @@ size_t tcg_nb_tbs(void)
-     return nb_tbs;
- }
--static gboolean tcg_region_tree_traverse(gpointer k, gpointer v, gpointer data)
--{
--    TranslationBlock *tb = v;
--
--    tb_destroy(tb);
--    return FALSE;
--}
--
- static void tcg_region_tree_reset_all(void)
- {
-     size_t i;
-@@ -XXX,XX +XXX,XX @@ static void tcg_region_tree_reset_all(void)
-     for (i = 0; i < region.n; i++) {
-         struct tcg_region_tree *rt = region_trees + i * tree_size;
--        g_tree_foreach(rt->tree, tcg_region_tree_traverse, NULL);
-         /* Increment the refcount first so that destroy acts as a reset */
-         g_tree_ref(rt->tree);
-         g_tree_destroy(rt->tree);
---
-.25.1

-[PATCH 05/41] tcg: Move tb_phys_invalidate_count to tb_ctx
+Deleted patch
-We can call do_tb_phys_invalidate from an iocontext, which has
-no per-thread tcg_ctx.  Move this to tb_ctx, which is global.
-The actual update still takes place with a lock held, so only
-an atomic set is required, not an atomic increment.
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/457
-Tested-by: Viktor Ashirov <vashirov@redhat.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- accel/tcg/tb-context.h    |  1 +
- include/tcg/tcg.h         |  3 ---
- accel/tcg/translate-all.c |  8 ++++----
- tcg/region.c              | 14 --------------
-files changed, 5 insertions(+), 21 deletions(-)
-diff --git a/accel/tcg/tb-context.h b/accel/tcg/tb-context.h
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/tb-context.h
-+++ b/accel/tcg/tb-context.h
-@@ -XXX,XX +XXX,XX @@ struct TBContext {
-     /* statistics */
-     unsigned tb_flush_count;
-+    unsigned tb_phys_invalidate_count;
- };
- extern TBContext tb_ctx;
-diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/tcg/tcg.h
-+++ b/include/tcg/tcg.h
-@@ -XXX,XX +XXX,XX @@ struct TCGContext {
-     /* Threshold to flush the translated code buffer.  */
-     void *code_gen_highwater;
--    size_t tb_phys_invalidate_count;
--
-     /* Track which vCPU triggers events */
-     CPUState *cpu;                      /* *_trans */
-@@ -XXX,XX +XXX,XX @@ size_t tcg_code_capacity(void);
- void tcg_tb_insert(TranslationBlock *tb);
- void tcg_tb_remove(TranslationBlock *tb);
--size_t tcg_tb_phys_invalidate_count(void);
- TranslationBlock *tcg_tb_lookup(uintptr_t tc_ptr);
- void tcg_tb_foreach(GTraverseFunc func, gpointer user_data);
- size_t tcg_nb_tbs(void);
-diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/translate-all.c
-+++ b/accel/tcg/translate-all.c
-@@ -XXX,XX +XXX,XX @@ static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list)
-     /* suppress any remaining jumps to this TB */
-     tb_jmp_unlink(tb);
--    qatomic_set(&tcg_ctx->tb_phys_invalidate_count,
--               tcg_ctx->tb_phys_invalidate_count + 1);
-+    qatomic_set(&tb_ctx.tb_phys_invalidate_count,
-+                tb_ctx.tb_phys_invalidate_count + 1);
- }
- static void tb_phys_invalidate__locked(TranslationBlock *tb)
-@@ -XXX,XX +XXX,XX @@ void dump_exec_info(void)
-     qemu_printf("\nStatistics:\n");
-     qemu_printf("TB flush count      %u\n",
-                 qatomic_read(&tb_ctx.tb_flush_count));
--    qemu_printf("TB invalidate count %zu\n",
--                tcg_tb_phys_invalidate_count());
-+    qemu_printf("TB invalidate count %u\n",
-+                qatomic_read(&tb_ctx.tb_phys_invalidate_count));
-     tlb_flush_counts(&flush_full, &flush_part, &flush_elide);
-     qemu_printf("TLB full flushes    %zu\n", flush_full);
-diff --git a/tcg/region.c b/tcg/region.c
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/region.c
-+++ b/tcg/region.c
-@@ -XXX,XX +XXX,XX @@ size_t tcg_code_capacity(void)
-     return capacity;
- }
--
--size_t tcg_tb_phys_invalidate_count(void)
--{
--    unsigned int n_ctxs = qatomic_read(&tcg_cur_ctxs);
--    unsigned int i;
--    size_t total = 0;
--
--    for (i = 0; i < n_ctxs; i++) {
--        const TCGContext *s = qatomic_read(&tcg_ctxs[i]);
--
--        total += qatomic_read(&s->tb_phys_invalidate_count);
--    }
--    return total;
--}
---
-.25.1

-[PATCH 06/41] accel/tcg: Introduce translator_use_goto_tb
+Deleted patch
-Add a generic version of the common use_goto_tb test.
-Various targets avoid the page crossing test for CONFIG_USER_ONLY,
-but that is wrong: mmap and mprotect can change page permissions.
-Reviewed-by: Max Filippov <jcmvbkbc@gmail.com>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/exec/translator.h | 10 ++++++++++
- accel/tcg/translator.c    | 11 +++++++++++
-files changed, 21 insertions(+)
-diff --git a/include/exec/translator.h b/include/exec/translator.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/exec/translator.h
-+++ b/include/exec/translator.h
-@@ -XXX,XX +XXX,XX @@ void translator_loop(const TranslatorOps *ops, DisasContextBase *db,
- void translator_loop_temp_check(DisasContextBase *db);
-+/**
-+ * translator_use_goto_tb
-+ * @db: Disassembly context
-+ * @dest: target pc of the goto
-+ *
-+ * Return true if goto_tb is allowed between the current TB
-+ * and the destination PC.
-+ */
-+bool translator_use_goto_tb(DisasContextBase *db, target_ulong dest);
-+
- /*
-  * Translator Load Functions
-  *
-diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/translator.c
-+++ b/accel/tcg/translator.c
-@@ -XXX,XX +XXX,XX @@ void translator_loop_temp_check(DisasContextBase *db)
-     }
- }
-+bool translator_use_goto_tb(DisasContextBase *db, target_ulong dest)
-+{
-+    /* Suppress goto_tb in the case of single-steping.  */
-+    if (db->singlestep_enabled || singlestep) {
-+        return false;
-+    }
-+
-+    /* Check for the dest on the same page as the start of the TB.  */
-+    return ((db->pc_first ^ dest) & TARGET_PAGE_MASK) == 0;
-+}
-+
- void translator_loop(const TranslatorOps *ops, DisasContextBase *db,
-                      CPUState *cpu, TranslationBlock *tb, int max_insns)
- {
---
-.25.1

-[PATCH 07/41] target/alpha: Remove use_exit_tb
+Deleted patch
-We have not needed to end a TB for I/O since ba3e7926691
-("icount: clean up cpu_can_io at the entry to the block").
-We do not need to use exit_tb for singlestep, which only
-means generate one insn per TB.
-Which leaves only singlestep_enabled, which means raise a
-debug trap after every TB, which does not use exit_tb,
-which would leave the function mis-named.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/alpha/translate.c | 15 ++-------------
-file changed, 2 insertions(+), 13 deletions(-)
-diff --git a/target/alpha/translate.c b/target/alpha/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/alpha/translate.c
-+++ b/target/alpha/translate.c
-@@ -XXX,XX +XXX,XX @@ static bool in_superpage(DisasContext *ctx, int64_t addr)
- #endif
- }
--static bool use_exit_tb(DisasContext *ctx)
--{
--    return ((tb_cflags(ctx->base.tb) & CF_LAST_IO)
--            || ctx->base.singlestep_enabled
--            || singlestep);
--}
--
- static bool use_goto_tb(DisasContext *ctx, uint64_t dest)
- {
--    /* Suppress goto_tb in the case of single-steping and IO.  */
--    if (unlikely(use_exit_tb(ctx))) {
--        return false;
--    }
- #ifndef CONFIG_USER_ONLY
-     /* If the destination is in the superpage, the page perms can't change.  */
-     if (in_superpage(ctx, dest)) {
-@@ -XXX,XX +XXX,XX @@ static DisasJumpType gen_call_pal(DisasContext *ctx, int palcode)
-            need the page permissions check.  We'll see the existence of
-            the page when we create the TB, and we'll flush all TBs if
-            we change the PAL base register.  */
--        if (!use_exit_tb(ctx)) {
-+        if (!ctx->base.singlestep_enabled) {
-             tcg_gen_goto_tb(0);
-             tcg_gen_movi_i64(cpu_pc, entry);
-             tcg_gen_exit_tb(ctx->base.tb, 0);
-@@ -XXX,XX +XXX,XX @@ static void alpha_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
-         tcg_gen_movi_i64(cpu_pc, ctx->base.pc_next);
-         /* FALLTHRU */
-     case DISAS_PC_UPDATED:
--        if (!use_exit_tb(ctx)) {
-+        if (!ctx->base.singlestep_enabled) {
-             tcg_gen_lookup_and_goto_ptr();
-             break;
-         }
---
-.25.1

-[PATCH 08/41] target/alpha: Remove in_superpage
+Deleted patch
-The number of links across (normal) pages using this is low,
-and it will shortly violate the contract for breakpoints.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/alpha/translate.c | 24 ++----------------------
-file changed, 2 insertions(+), 22 deletions(-)
-diff --git a/target/alpha/translate.c b/target/alpha/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/alpha/translate.c
-+++ b/target/alpha/translate.c
-@@ -XXX,XX +XXX,XX @@ static DisasJumpType gen_store_conditional(DisasContext *ctx, int ra, int rb,
-     return DISAS_NEXT;
- }
--static bool in_superpage(DisasContext *ctx, int64_t addr)
--{
--#ifndef CONFIG_USER_ONLY
--    return ((ctx->tbflags & ENV_FLAG_PS_USER) == 0
--            && addr >> TARGET_VIRT_ADDR_SPACE_BITS == -1
--            && ((addr >> 41) & 3) == 2);
--#else
--    return false;
--#endif
--}
--
- static bool use_goto_tb(DisasContext *ctx, uint64_t dest)
- {
- #ifndef CONFIG_USER_ONLY
--    /* If the destination is in the superpage, the page perms can't change.  */
--    if (in_superpage(ctx, dest)) {
--        return true;
--    }
-     /* Check for the dest on the same page as the start of the TB.  */
-     return ((ctx->base.tb->pc ^ dest) & TARGET_PAGE_MASK) == 0;
- #else
-@@ -XXX,XX +XXX,XX @@ static void alpha_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu)
- {
-     DisasContext *ctx = container_of(dcbase, DisasContext, base);
-     CPUAlphaState *env = cpu->env_ptr;
--    int64_t bound, mask;
-+    int64_t bound;
-     ctx->tbflags = ctx->base.tb->flags;
-     ctx->mem_idx = cpu_mmu_index(env, false);
-@@ -XXX,XX +XXX,XX @@ static void alpha_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu)
-     ctx->lit = NULL;
-     /* Bound the number of insns to execute to those left on the page.  */
--    if (in_superpage(ctx, ctx->base.pc_first)) {
--        mask = -1ULL << 41;
--    } else {
--        mask = TARGET_PAGE_MASK;
--    }
--    bound = -(ctx->base.pc_first | mask) / 4;
-+    bound = -(ctx->base.pc_first | TARGET_PAGE_MASK) / 4;
-     ctx->base.max_insns = MIN(ctx->base.max_insns, bound);
- }
---
-.25.1

-[PATCH 09/41] target/alpha: Use translator_use_goto_tb
+Deleted patch
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/alpha/translate.c | 7 +------
-file changed, 1 insertion(+), 6 deletions(-)
-diff --git a/target/alpha/translate.c b/target/alpha/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/alpha/translate.c
-+++ b/target/alpha/translate.c
-@@ -XXX,XX +XXX,XX @@ static DisasJumpType gen_store_conditional(DisasContext *ctx, int ra, int rb,
- static bool use_goto_tb(DisasContext *ctx, uint64_t dest)
- {
--#ifndef CONFIG_USER_ONLY
--    /* Check for the dest on the same page as the start of the TB.  */
--    return ((ctx->base.tb->pc ^ dest) & TARGET_PAGE_MASK) == 0;
--#else
--    return true;
--#endif
-+    return translator_use_goto_tb(&ctx->base, dest);
- }
- static DisasJumpType gen_bdirect(DisasContext *ctx, int ra, int32_t disp)
---
-.25.1

-[PATCH 10/41] target/arm: Use DISAS_TOO_MANY for ISB and SB
+Deleted patch
-Using gen_goto_tb directly misses the single-step check.
-Let the branch or debug exception be emitted by arm_tr_tb_stop.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/arm/translate.c | 4 ++--
-file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/target/arm/translate.c b/target/arm/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate.c
-+++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static bool trans_ISB(DisasContext *s, arg_ISB *a)
-      * self-modifying code correctly and also to take
-      * any pending interrupts immediately.
-      */
--    gen_goto_tb(s, 0, s->base.pc_next);
-+    s->base.is_jmp = DISAS_TOO_MANY;
-     return true;
- }
-@@ -XXX,XX +XXX,XX @@ static bool trans_SB(DisasContext *s, arg_SB *a)
-      * for TCG; MB and end the TB instead.
-      */
-     tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
--    gen_goto_tb(s, 0, s->base.pc_next);
-+    s->base.is_jmp = DISAS_TOO_MANY;
-     return true;
- }
---
-.25.1

-[PATCH 11/41] target/arm: Use translator_use_goto_tb for aarch64
+Deleted patch
-We have not needed to end a TB for I/O since ba3e7926691
-("icount: clean up cpu_can_io at the entry to the block"),
-and gdbstub singlestep is handled by the generic function.
-Drop the unused 'n' argument to use_goto_tb.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/arm/translate-a64.c | 25 +++++--------------------
-file changed, 5 insertions(+), 20 deletions(-)
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.c
-+++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ static void gen_step_complete_exception(DisasContext *s)
-     s->base.is_jmp = DISAS_NORETURN;
- }
--static inline bool use_goto_tb(DisasContext *s, int n, uint64_t dest)
-+static inline bool use_goto_tb(DisasContext *s, uint64_t dest)
- {
--    /* No direct tb linking with singlestep (either QEMU's or the ARM
--     * debug architecture kind) or deterministic io
--     */
--    if (s->base.singlestep_enabled || s->ss_active ||
--        (tb_cflags(s->base.tb) & CF_LAST_IO)) {
-+    if (s->ss_active) {
-         return false;
-     }
--
--#ifndef CONFIG_USER_ONLY
--    /* Only link tbs from inside the same guest page */
--    if ((s->base.tb->pc & TARGET_PAGE_MASK) != (dest & TARGET_PAGE_MASK)) {
--        return false;
--    }
--#endif
--
--    return true;
-+    return translator_use_goto_tb(&s->base, dest);
- }
- static inline void gen_goto_tb(DisasContext *s, int n, uint64_t dest)
- {
--    const TranslationBlock *tb;
--
--    tb = s->base.tb;
--    if (use_goto_tb(s, n, dest)) {
-+    if (use_goto_tb(s, dest)) {
-         tcg_gen_goto_tb(n);
-         gen_a64_set_pc_im(dest);
--        tcg_gen_exit_tb(tb, n);
-+        tcg_gen_exit_tb(s->base.tb, n);
-         s->base.is_jmp = DISAS_NORETURN;
-     } else {
-         gen_a64_set_pc_im(dest);
---
-.25.1

-[PATCH 12/41] target/arm: Use translator_use_goto_tb for aarch32
+Deleted patch
-Just use translator_use_goto_tb directly at the one call site,
-rather than maintaining a local wrapper.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/arm/translate.c | 12 +-----------
-file changed, 1 insertion(+), 11 deletions(-)
-diff --git a/target/arm/translate.c b/target/arm/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate.c
-+++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static int disas_dsp_insn(DisasContext *s, uint32_t insn)
-     return 1;
- }
--static inline bool use_goto_tb(DisasContext *s, target_ulong dest)
--{
--#ifndef CONFIG_USER_ONLY
--    return (s->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK) ||
--           ((s->base.pc_next - 1) & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
--#else
--    return true;
--#endif
--}
--
- static void gen_goto_ptr(void)
- {
-     tcg_gen_lookup_and_goto_ptr();
-@@ -XXX,XX +XXX,XX @@ static void gen_goto_ptr(void)
-  */
- static void gen_goto_tb(DisasContext *s, int n, target_ulong dest)
- {
--    if (use_goto_tb(s, dest)) {
-+    if (translator_use_goto_tb(&s->base, dest)) {
-         tcg_gen_goto_tb(n);
-         gen_set_pc_im(s, dest);
-         tcg_gen_exit_tb(s->base.tb, n);
---
-.25.1

-[PATCH 13/41] target/avr: Use translator_use_goto_tb
+Deleted patch
-Single stepping is not the only reason not to use goto_tb.
-If goto_tb is disallowed, and single-stepping is not enabled,
-then use tcg_gen_lookup_and_goto_tb to indirectly chain.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/avr/translate.c | 9 ++++++---
-file changed, 6 insertions(+), 3 deletions(-)
-diff --git a/target/avr/translate.c b/target/avr/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/avr/translate.c
-+++ b/target/avr/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
- {
-     const TranslationBlock *tb = ctx->base.tb;
--    if (!ctx->base.singlestep_enabled) {
-+    if (translator_use_goto_tb(&ctx->base, dest)) {
-         tcg_gen_goto_tb(n);
-         tcg_gen_movi_i32(cpu_pc, dest);
-         tcg_gen_exit_tb(tb, n);
-     } else {
-         tcg_gen_movi_i32(cpu_pc, dest);
--        gen_helper_debug(cpu_env);
--        tcg_gen_exit_tb(NULL, 0);
-+        if (ctx->base.singlestep_enabled) {
-+            gen_helper_debug(cpu_env);
-+        } else {
-+            tcg_gen_lookup_and_goto_ptr();
-+        }
-     }
-     ctx->base.is_jmp = DISAS_NORETURN;
- }
---
-.25.1

-[PATCH 14/41] target/avr: Mark some helpers noreturn
+Deleted patch
-All of these helpers end with cpu_loop_exit.
-Reviewed-by: Michael Rolnik <mrolnik@gmail.com>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/avr/helper.h | 8 ++++----
-file changed, 4 insertions(+), 4 deletions(-)
-diff --git a/target/avr/helper.h b/target/avr/helper.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/avr/helper.h
-+++ b/target/avr/helper.h
-@@ -XXX,XX +XXX,XX @@
-  */
- DEF_HELPER_1(wdr, void, env)
--DEF_HELPER_1(debug, void, env)
--DEF_HELPER_1(break, void, env)
--DEF_HELPER_1(sleep, void, env)
--DEF_HELPER_1(unsupported, void, env)
-+DEF_HELPER_1(debug, noreturn, env)
-+DEF_HELPER_1(break, noreturn, env)
-+DEF_HELPER_1(sleep, noreturn, env)
-+DEF_HELPER_1(unsupported, noreturn, env)
- DEF_HELPER_3(outb, void, env, i32, i32)
- DEF_HELPER_2(inb, tl, env, i32)
- DEF_HELPER_3(fullwr, void, env, i32, i32)
---
-.25.1

-[PATCH 15/41] target/cris: Use translator_use_goto_tb
+Deleted patch
-The test for singlestepping is done in translator_use_goto_tb,
-so we may elide it from cris_tr_tb_stop.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/cris/translate.c | 5 ++---
-file changed, 2 insertions(+), 3 deletions(-)
-diff --git a/target/cris/translate.c b/target/cris/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/cris/translate.c
-+++ b/target/cris/translate.c
-@@ -XXX,XX +XXX,XX @@ static void t_gen_swapr(TCGv d, TCGv s)
- static bool use_goto_tb(DisasContext *dc, target_ulong dest)
- {
--    return ((dest ^ dc->base.pc_first) & TARGET_PAGE_MASK) == 0;
-+    return translator_use_goto_tb(&dc->base, dest);
- }
- static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
-@@ -XXX,XX +XXX,XX @@ static void cris_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
-              * Use a conditional branch if either taken or not-taken path
-              * can use goto_tb.  If neither can, then treat it as indirect.
-              */
--            if (likely(!dc->base.singlestep_enabled)
--                && likely(!dc->cpustate_changed)
-+            if (likely(!dc->cpustate_changed)
-                 && (use_goto_tb(dc, dc->jmp_pc) || use_goto_tb(dc, npc))) {
-                 TCGLabel *not_taken = gen_new_label();
---
-.25.1

-[PATCH 16/41] target/hppa: Use translator_use_goto_tb
+Deleted patch
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/hppa/translate.c | 5 +----
-file changed, 1 insertion(+), 4 deletions(-)
-diff --git a/target/hppa/translate.c b/target/hppa/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/hppa/translate.c
-+++ b/target/hppa/translate.c
-@@ -XXX,XX +XXX,XX @@ static bool gen_illegal(DisasContext *ctx)
- static bool use_goto_tb(DisasContext *ctx, target_ureg dest)
- {
--    /* Suppress goto_tb for page crossing, IO, or single-steping.  */
--    return !(((ctx->base.pc_first ^ dest) & TARGET_PAGE_MASK)
--             || (tb_cflags(ctx->base.tb) & CF_LAST_IO)
--             || ctx->base.singlestep_enabled);
-+    return translator_use_goto_tb(&ctx->base, dest);
- }
- /* If the next insn is to be nullified, and it's on the same page,
---
-.25.1

-[PATCH 17/41] target/i386: Use translator_use_goto_tb
+Deleted patch
-Just use translator_use_goto_tb directly at the one call site,
-rather than maintaining a local wrapper.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/i386/tcg/translate.c | 14 ++------------
-file changed, 2 insertions(+), 12 deletions(-)
-diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/i386/tcg/translate.c
-+++ b/target/i386/tcg/translate.c
-@@ -XXX,XX +XXX,XX @@ static inline int insn_const_size(MemOp ot)
-     }
- }
--static inline bool use_goto_tb(DisasContext *s, target_ulong pc)
--{
--#ifndef CONFIG_USER_ONLY
--    return (pc & TARGET_PAGE_MASK) == (s->base.tb->pc & TARGET_PAGE_MASK) ||
--           (pc & TARGET_PAGE_MASK) == (s->pc_start & TARGET_PAGE_MASK);
--#else
--    return true;
--#endif
--}
--
--static inline void gen_goto_tb(DisasContext *s, int tb_num, target_ulong eip)
-+static void gen_goto_tb(DisasContext *s, int tb_num, target_ulong eip)
- {
-     target_ulong pc = s->cs_base + eip;
--    if (use_goto_tb(s, pc))  {
-+    if (translator_use_goto_tb(&s->base, pc))  {
-         /* jump to same page: we can use a direct jump */
-         tcg_gen_goto_tb(tb_num);
-         gen_jmp_im(s, eip);
---
-.25.1

-[PATCH 18/41] target/m68k: Use translator_use_goto_tb
+Deleted patch
-Just use translator_use_goto_tb directly at the one call site,
-rather than maintaining a local wrapper.
-Acked-by: Laurent Vivier <laurent@vivier.eu>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/m68k/translate.c | 12 +-----------
-file changed, 1 insertion(+), 11 deletions(-)
-diff --git a/target/m68k/translate.c b/target/m68k/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/m68k/translate.c
-+++ b/target/m68k/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_exit_tb(DisasContext *s)
-         }                                                               \
-     } while (0)
--static inline bool use_goto_tb(DisasContext *s, uint32_t dest)
--{
--#ifndef CONFIG_USER_ONLY
--    return (s->base.pc_first & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK)
--        || (s->base.pc_next & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
--#else
--    return true;
--#endif
--}
--
- /* Generate a jump to an immediate address.  */
- static void gen_jmp_tb(DisasContext *s, int n, uint32_t dest)
- {
-@@ -XXX,XX +XXX,XX @@ static void gen_jmp_tb(DisasContext *s, int n, uint32_t dest)
-         update_cc_op(s);
-         tcg_gen_movi_i32(QREG_PC, dest);
-         gen_singlestep_exception(s);
--    } else if (use_goto_tb(s, dest)) {
-+    } else if (translator_use_goto_tb(&s->base, dest)) {
-         tcg_gen_goto_tb(n);
-         tcg_gen_movi_i32(QREG_PC, dest);
-         tcg_gen_exit_tb(s->base.tb, n);
---
-.25.1

-[PATCH 19/41] target/microblaze: Use translator_use_goto_tb
+Deleted patch
-Just use translator_use_goto_tb directly at the one call site,
-rather than maintaining a local wrapper.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/microblaze/translate.c | 11 +----------
-file changed, 1 insertion(+), 10 deletions(-)
-diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/microblaze/translate.c
-+++ b/target/microblaze/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_raise_hw_excp(DisasContext *dc, uint32_t esr_ec)
-     gen_raise_exception_sync(dc, EXCP_HW_EXCP);
- }
--static inline bool use_goto_tb(DisasContext *dc, target_ulong dest)
--{
--#ifndef CONFIG_USER_ONLY
--    return (dc->base.pc_first & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
--#else
--    return true;
--#endif
--}
--
- static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
- {
-     if (dc->base.singlestep_enabled) {
-@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
-         tcg_gen_movi_i32(cpu_pc, dest);
-         gen_helper_raise_exception(cpu_env, tmp);
-         tcg_temp_free_i32(tmp);
--    } else if (use_goto_tb(dc, dest)) {
-+    } else if (translator_use_goto_tb(&dc->base, dest)) {
-         tcg_gen_goto_tb(n);
-         tcg_gen_movi_i32(cpu_pc, dest);
-         tcg_gen_exit_tb(dc->base.tb, n);
---
-.25.1

-[PATCH 20/41] target/mips: Use translator_use_goto_tb
+Deleted patch
-Just use translator_use_goto_tb directly at the one call site,
-rather than maintaining a local wrapper.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/mips/tcg/translate.c | 17 ++---------------
-file changed, 2 insertions(+), 15 deletions(-)
-diff --git a/target/mips/tcg/translate.c b/target/mips/tcg/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/mips/tcg/translate.c
-+++ b/target/mips/tcg/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_trap(DisasContext *ctx, uint32_t opc,
-     tcg_temp_free(t1);
- }
--static inline bool use_goto_tb(DisasContext *ctx, target_ulong dest)
-+static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
- {
--    if (unlikely(ctx->base.singlestep_enabled)) {
--        return false;
--    }
--
--#ifndef CONFIG_USER_ONLY
--    return (ctx->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
--#else
--    return true;
--#endif
--}
--
--static inline void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
--{
--    if (use_goto_tb(ctx, dest)) {
-+    if (translator_use_goto_tb(&ctx->base, dest)) {
-         tcg_gen_goto_tb(n);
-         gen_save_pc(dest);
-         tcg_gen_exit_tb(ctx->base.tb, n);
---
-.25.1

-[PATCH 21/41] target/mips: Fix missing else in gen_goto_tb
+Deleted patch
-Do not emit dead code for the singlestep_enabled case,
-after having exited the TB with a debug exception.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/mips/tcg/translate.c | 3 ++-
-file changed, 2 insertions(+), 1 deletion(-)
-diff --git a/target/mips/tcg/translate.c b/target/mips/tcg/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/mips/tcg/translate.c
-+++ b/target/mips/tcg/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
-         if (ctx->base.singlestep_enabled) {
-             save_cpu_state(ctx, 0);
-             gen_helper_raise_exception_debug(cpu_env);
-+        } else {
-+            tcg_gen_lookup_and_goto_ptr();
-         }
--        tcg_gen_lookup_and_goto_ptr();
-     }
- }
---
-.25.1

-[PATCH 22/41] target/nios2: Use translator_use_goto_tb
+Deleted patch
-Just use translator_use_goto_tb directly at the one call site,
-rather than maintaining a local wrapper.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/nios2/translate.c | 15 +--------------
-file changed, 1 insertion(+), 14 deletions(-)
-diff --git a/target/nios2/translate.c b/target/nios2/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/nios2/translate.c
-+++ b/target/nios2/translate.c
-@@ -XXX,XX +XXX,XX @@ static void t_gen_helper_raise_exception(DisasContext *dc,
-     dc->base.is_jmp = DISAS_NORETURN;
- }
--static bool use_goto_tb(DisasContext *dc, uint32_t dest)
--{
--    if (unlikely(dc->base.singlestep_enabled)) {
--        return false;
--    }
--
--#ifndef CONFIG_USER_ONLY
--    return (dc->base.pc_first & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
--#else
--    return true;
--#endif
--}
--
- static void gen_goto_tb(DisasContext *dc, int n, uint32_t dest)
- {
-     const TranslationBlock *tb = dc->base.tb;
--    if (use_goto_tb(dc, dest)) {
-+    if (translator_use_goto_tb(&dc->base, dest)) {
-         tcg_gen_goto_tb(n);
-         tcg_gen_movi_tl(cpu_R[R_PC], dest);
-         tcg_gen_exit_tb(tb, n);
---
-.25.1

-[PATCH 23/41] target/openrisc: Use translator_use_goto_tb
+Deleted patch
-Reorder the control statements to allow using the page boundary
-check from translator_use_goto_tb().
-Reviewed-by: Stafford Horne <shorne@gmail.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/openrisc/translate.c | 15 ++++++++-------
-file changed, 8 insertions(+), 7 deletions(-)
-diff --git a/target/openrisc/translate.c b/target/openrisc/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/openrisc/translate.c
-+++ b/target/openrisc/translate.c
-@@ -XXX,XX +XXX,XX @@ static void openrisc_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
-         /* fallthru */
-     case DISAS_TOO_MANY:
--        if (unlikely(dc->base.singlestep_enabled)) {
--            tcg_gen_movi_tl(cpu_pc, jmp_dest);
--            gen_exception(dc, EXCP_DEBUG);
--        } else if ((dc->base.pc_first ^ jmp_dest) & TARGET_PAGE_MASK) {
--            tcg_gen_movi_tl(cpu_pc, jmp_dest);
--            tcg_gen_lookup_and_goto_ptr();
--        } else {
-+        if (translator_use_goto_tb(&dc->base, jmp_dest)) {
-             tcg_gen_goto_tb(0);
-             tcg_gen_movi_tl(cpu_pc, jmp_dest);
-             tcg_gen_exit_tb(dc->base.tb, 0);
-+            break;
-+        }
-+        tcg_gen_movi_tl(cpu_pc, jmp_dest);
-+        if (unlikely(dc->base.singlestep_enabled)) {
-+            gen_exception(dc, EXCP_DEBUG);
-+        } else {
-+            tcg_gen_lookup_and_goto_ptr();
-         }
-         break;
---
-.25.1

-[PATCH 24/41] target/ppc: Use translator_use_goto_tb
+Deleted patch
-Reviewed-by: Luis Pires <luis.pires@eldorado.org.br>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/ppc/translate.c | 10 +---------
-file changed, 1 insertion(+), 9 deletions(-)
-diff --git a/target/ppc/translate.c b/target/ppc/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/ppc/translate.c
-+++ b/target/ppc/translate.c
-@@ -XXX,XX +XXX,XX @@ static inline void gen_update_cfar(DisasContext *ctx, target_ulong nip)
- static inline bool use_goto_tb(DisasContext *ctx, target_ulong dest)
- {
--    if (unlikely(ctx->singlestep_enabled)) {
--        return false;
--    }
--
--#ifndef CONFIG_USER_ONLY
--    return (ctx->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
--#else
--    return true;
--#endif
-+    return translator_use_goto_tb(&ctx->base, dest);
- }
- static void gen_lookup_and_goto_ptr(DisasContext *ctx)
---
-.25.1

-[PATCH 25/41] target/riscv: Use translator_use_goto_tb
+Deleted patch
-Just use translator_use_goto_tb directly at the one call site,
-rather than maintaining a local wrapper.
-Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/riscv/translate.c | 20 +-------------------
-file changed, 1 insertion(+), 19 deletions(-)
-diff --git a/target/riscv/translate.c b/target/riscv/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/riscv/translate.c
-+++ b/target/riscv/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_exception_inst_addr_mis(DisasContext *ctx)
-     generate_exception_mtval(ctx, RISCV_EXCP_INST_ADDR_MIS);
- }
--static inline bool use_goto_tb(DisasContext *ctx, target_ulong dest)
--{
--    if (unlikely(ctx->base.singlestep_enabled)) {
--        return false;
--    }
--
--#ifndef CONFIG_USER_ONLY
--    return (ctx->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
--#else
--    return true;
--#endif
--}
--
- static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
- {
--    if (use_goto_tb(ctx, dest)) {
--        /* chaining is only allowed when the jump is to the same page */
-+    if (translator_use_goto_tb(&ctx->base, dest)) {
-         tcg_gen_goto_tb(n);
-         tcg_gen_movi_tl(cpu_pc, dest);
--
--        /* No need to check for single stepping here as use_goto_tb() will
--         * return false in case of single stepping.
--         */
-         tcg_gen_exit_tb(ctx->base.tb, n);
-     } else {
-         tcg_gen_movi_tl(cpu_pc, dest);
---
-.25.1

-[PATCH 26/41] target/rx: Use translator_use_goto_tb
+Deleted patch
-Just use translator_use_goto_tb directly at the one call site,
-rather than maintaining a local wrapper.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/rx/translate.c | 11 +----------
-file changed, 1 insertion(+), 10 deletions(-)
-diff --git a/target/rx/translate.c b/target/rx/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/rx/translate.c
-+++ b/target/rx/translate.c
-@@ -XXX,XX +XXX,XX @@ void rx_cpu_dump_state(CPUState *cs, FILE *f, int flags)
-     }
- }
--static bool use_goto_tb(DisasContext *dc, target_ulong dest)
--{
--    if (unlikely(dc->base.singlestep_enabled)) {
--        return false;
--    } else {
--        return true;
--    }
--}
--
- static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
- {
--    if (use_goto_tb(dc, dest)) {
-+    if (translator_use_goto_tb(&dc->base, dest)) {
-         tcg_gen_goto_tb(n);
-         tcg_gen_movi_i32(cpu_pc, dest);
-         tcg_gen_exit_tb(dc->base.tb, n);
---
-.25.1

-[PATCH 27/41] target/s390x: Use translator_use_goto_tb
+Deleted patch
-Reviewed-by: David Hildenbrand <david@redhat.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/s390x/translate.c | 7 +------
-file changed, 1 insertion(+), 6 deletions(-)
-diff --git a/target/s390x/translate.c b/target/s390x/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/s390x/translate.c
-+++ b/target/s390x/translate.c
-@@ -XXX,XX +XXX,XX @@ static bool use_goto_tb(DisasContext *s, uint64_t dest)
-     if (unlikely(use_exit_tb(s))) {
-         return false;
-     }
--#ifndef CONFIG_USER_ONLY
--    return (dest & TARGET_PAGE_MASK) == (s->base.tb->pc & TARGET_PAGE_MASK) ||
--           (dest & TARGET_PAGE_MASK) == (s->base.pc_next & TARGET_PAGE_MASK);
--#else
--    return true;
--#endif
-+    return translator_use_goto_tb(&s->base, dest);
- }
- static void account_noninline_branch(DisasContext *s, int cc_op)
---
-.25.1

-[PATCH 28/41] target/s390x: Remove use_exit_tb
+Deleted patch
-We have not needed to end a TB for I/O since ba3e7926691
-("icount: clean up cpu_can_io at the entry to the block").
-In use_goto_tb, the check for singlestep_enabled is in the
-generic translator_use_goto_tb.  In s390x_tr_tb_stop, the
-check for singlestep_enabled is in the preceding do_debug test.
-Which leaves only FLAG_MASK_PER: fold that test alone into
-the two callers of use_exit tb.
-Reviewed-by: David Hildenbrand <david@redhat.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/s390x/translate.c | 11 ++---------
-file changed, 2 insertions(+), 9 deletions(-)
-diff --git a/target/s390x/translate.c b/target/s390x/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/s390x/translate.c
-+++ b/target/s390x/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_op_calc_cc(DisasContext *s)
-     set_cc_static(s);
- }
--static bool use_exit_tb(DisasContext *s)
--{
--    return s->base.singlestep_enabled ||
--            (tb_cflags(s->base.tb) & CF_LAST_IO) ||
--            (s->base.tb->flags & FLAG_MASK_PER);
--}
--
- static bool use_goto_tb(DisasContext *s, uint64_t dest)
- {
--    if (unlikely(use_exit_tb(s))) {
-+    if (unlikely(s->base.tb->flags & FLAG_MASK_PER)) {
-         return false;
-     }
-     return translator_use_goto_tb(&s->base, dest);
-@@ -XXX,XX +XXX,XX @@ static void s390x_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
-         /* Exit the TB, either by raising a debug exception or by return.  */
-         if (dc->do_debug) {
-             gen_exception(EXCP_DEBUG);
--        } else if (use_exit_tb(dc) ||
-+        } else if ((dc->base.tb->flags & FLAG_MASK_PER) ||
-                    dc->base.is_jmp == DISAS_PC_STALE_NOCHAIN) {
-             tcg_gen_exit_tb(NULL, 0);
-         } else {
---
-.25.1

-[PATCH 29/41] target/sh4: Use translator_use_goto_tb
+Deleted patch
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/sh4/translate.c | 11 +++--------
-file changed, 3 insertions(+), 8 deletions(-)
-diff --git a/target/sh4/translate.c b/target/sh4/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/sh4/translate.c
-+++ b/target/sh4/translate.c
-@@ -XXX,XX +XXX,XX @@ static inline bool use_exit_tb(DisasContext *ctx)
-     return (ctx->tbflags & GUSA_EXCLUSIVE) != 0;
- }
--static inline bool use_goto_tb(DisasContext *ctx, target_ulong dest)
-+static bool use_goto_tb(DisasContext *ctx, target_ulong dest)
- {
--    /* Use a direct jump if in same page and singlestep not enabled */
--    if (unlikely(ctx->base.singlestep_enabled || use_exit_tb(ctx))) {
-+    if (use_exit_tb(ctx)) {
-         return false;
-     }
--#ifndef CONFIG_USER_ONLY
--    return (ctx->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
--#else
--    return true;
--#endif
-+    return translator_use_goto_tb(&ctx->base, dest);
- }
- static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
---
-.25.1

-[PATCH 30/41] target/sparc: Use translator_use_goto_tb
+Deleted patch
-Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/sparc/translate.c | 19 +++++--------------
-file changed, 5 insertions(+), 14 deletions(-)
-diff --git a/target/sparc/translate.c b/target/sparc/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/sparc/translate.c
-+++ b/target/sparc/translate.c
-@@ -XXX,XX +XXX,XX @@ static inline TCGv gen_dest_gpr(DisasContext *dc, int reg)
-     }
- }
--static inline bool use_goto_tb(DisasContext *s, target_ulong pc,
--                               target_ulong npc)
-+static bool use_goto_tb(DisasContext *s, target_ulong pc, target_ulong npc)
- {
--    if (unlikely(s->base.singlestep_enabled || singlestep)) {
--        return false;
--    }
--
--#ifndef CONFIG_USER_ONLY
--    return (pc & TARGET_PAGE_MASK) == (s->base.tb->pc & TARGET_PAGE_MASK) &&
--           (npc & TARGET_PAGE_MASK) == (s->base.tb->pc & TARGET_PAGE_MASK);
--#else
--    return true;
--#endif
-+    return translator_use_goto_tb(&s->base, pc) &&
-+           translator_use_goto_tb(&s->base, npc);
- }
--static inline void gen_goto_tb(DisasContext *s, int tb_num,
--                               target_ulong pc, target_ulong npc)
-+static void gen_goto_tb(DisasContext *s, int tb_num,
-+                        target_ulong pc, target_ulong npc)
- {
-     if (use_goto_tb(s, pc, npc))  {
-         /* jump to same page: we can use a direct jump */
---
-.25.1

-[PATCH 31/41] target/tricore: Use translator_use_goto_tb
+Deleted patch
-Just use translator_use_goto_tb directly at the one call site,
-rather than maintaining a local wrapper.
-Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/tricore/translate.c | 17 ++---------------
-file changed, 2 insertions(+), 15 deletions(-)
-diff --git a/target/tricore/translate.c b/target/tricore/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/tricore/translate.c
-+++ b/target/tricore/translate.c
-@@ -XXX,XX +XXX,XX @@ static inline void gen_save_pc(target_ulong pc)
-     tcg_gen_movi_tl(cpu_PC, pc);
- }
--static inline bool use_goto_tb(DisasContext *ctx, target_ulong dest)
--{
--    if (unlikely(ctx->base.singlestep_enabled)) {
--        return false;
--    }
--
--#ifndef CONFIG_USER_ONLY
--    return (ctx->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
--#else
--    return true;
--#endif
--}
--
- static void generate_qemu_excp(DisasContext *ctx, int excp)
- {
-     TCGv_i32 tmp = tcg_const_i32(excp);
-@@ -XXX,XX +XXX,XX @@ static void generate_qemu_excp(DisasContext *ctx, int excp)
-     tcg_temp_free(tmp);
- }
--static inline void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
-+static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
- {
--    if (use_goto_tb(ctx, dest)) {
-+    if (translator_use_goto_tb(&ctx->base, dest)) {
-         tcg_gen_goto_tb(n);
-         gen_save_pc(dest);
-         tcg_gen_exit_tb(ctx->base.tb, n);
---
-.25.1

-[PATCH 32/41] target/tricore: Use tcg_gen_lookup_and_goto_ptr
+Deleted patch
-The non-single-step case of gen_goto_tb may use
-tcg_gen_lookup_and_goto_ptr to indirectly chain.
-Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/tricore/translate.c | 3 ++-
-file changed, 2 insertions(+), 1 deletion(-)
-diff --git a/target/tricore/translate.c b/target/tricore/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/tricore/translate.c
-+++ b/target/tricore/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
-         gen_save_pc(dest);
-         if (ctx->base.singlestep_enabled) {
-             generate_qemu_excp(ctx, EXCP_DEBUG);
-+        } else {
-+            tcg_gen_lookup_and_goto_ptr();
-         }
--        tcg_gen_exit_tb(NULL, 0);
-     }
- }
---
-.25.1

-[PATCH 33/41] target/xtensa: Use translator_use_goto_tb
+Deleted patch
-Reviewed-by: Max Filippov <jcmvbkbc@gmail.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/xtensa/translate.c | 6 +-----
-file changed, 1 insertion(+), 5 deletions(-)
-diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/xtensa/translate.c
-+++ b/target/xtensa/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_jump(DisasContext *dc, TCGv dest)
- static int adjust_jump_slot(DisasContext *dc, uint32_t dest, int slot)
- {
--    if (((dc->base.pc_first ^ dest) & TARGET_PAGE_MASK) != 0) {
--        return -1;
--    } else {
--        return slot;
--    }
-+    return translator_use_goto_tb(&dc->base, dest) ? slot : -1;
- }
- static void gen_jumpi(DisasContext *dc, uint32_t dest, int slot)
---
-.25.1

-[PATCH 34/41] tcg: Fix prologue disassembly
+Deleted patch
-In tcg_region_prologue_set, we reset TCGContext.code_gen_ptr.
-So do that after we've used it to dump the prologue contents.
-Fixes: b0a0794a0f16
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- tcg/tcg.c | 4 ++--
-file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/tcg/tcg.c b/tcg/tcg.c
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/tcg.c
-+++ b/tcg/tcg.c
-@@ -XXX,XX +XXX,XX @@ void tcg_prologue_init(TCGContext *s)
-                         (uintptr_t)s->code_buf, prologue_size);
- #endif
--    tcg_region_prologue_set(s);
--
- #ifdef DEBUG_DISAS
-     if (qemu_loglevel_mask(CPU_LOG_TB_OUT_ASM)) {
-         FILE *logfile = qemu_log_lock();
-@@ -XXX,XX +XXX,XX @@ void tcg_prologue_init(TCGContext *s)
-         tcg_debug_assert(tcg_code_gen_epilogue != NULL);
-     }
- #endif
-+
-+    tcg_region_prologue_set(s);
- }
- void tcg_func_start(TCGContext *s)
---
-.25.1

-[PATCH 35/41] target/i386: Use cpu_breakpoint_test in breakpoint_handler
+Deleted patch
-The loop is performing a simple boolean test for the existence
-of a BP_CPU breakpoint at EIP.  Plus it gets the iteration wrong,
-if we happen to have a BP_GDB breakpoint at the same address.
-We have a function for this: cpu_breakpoint_test.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
-Message-Id: <20210620062317.1399034-1-richard.henderson@linaro.org>
----
- target/i386/tcg/sysemu/bpt_helper.c | 12 +++---------
-file changed, 3 insertions(+), 9 deletions(-)
-diff --git a/target/i386/tcg/sysemu/bpt_helper.c b/target/i386/tcg/sysemu/bpt_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/i386/tcg/sysemu/bpt_helper.c
-+++ b/target/i386/tcg/sysemu/bpt_helper.c
-@@ -XXX,XX +XXX,XX @@ void breakpoint_handler(CPUState *cs)
- {
-     X86CPU *cpu = X86_CPU(cs);
-     CPUX86State *env = &cpu->env;
--    CPUBreakpoint *bp;
-     if (cs->watchpoint_hit) {
-         if (cs->watchpoint_hit->flags & BP_CPU) {
-@@ -XXX,XX +XXX,XX @@ void breakpoint_handler(CPUState *cs)
-             }
-         }
-     } else {
--        QTAILQ_FOREACH(bp, &cs->breakpoints, entry) {
--            if (bp->pc == env->eip) {
--                if (bp->flags & BP_CPU) {
--                    check_hw_breakpoints(env, true);
--                    raise_exception(env, EXCP01_DB);
--                }
--                break;
--            }
-+        if (cpu_breakpoint_test(cs, env->eip, BP_CPU)) {
-+            check_hw_breakpoints(env, true);
-+            raise_exception(env, EXCP01_DB);
-         }
-     }
- }
---
-.25.1

-[PATCH 36/41] accel/tcg: Move helper_lookup_tb_ptr to cpu-exec.c
+Deleted patch
-This will allow additional code sharing.
-No functional change.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- accel/tcg/cpu-exec.c    | 30 ++++++++++++++++++++++++++++++
- accel/tcg/tcg-runtime.c | 22 ----------------------
-files changed, 30 insertions(+), 22 deletions(-)
-diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/cpu-exec.c
-+++ b/accel/tcg/cpu-exec.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/cpu-all.h"
- #include "sysemu/cpu-timers.h"
- #include "sysemu/replay.h"
-+#include "exec/helper-proto.h"
- #include "tb-hash.h"
- #include "tb-lookup.h"
- #include "tb-context.h"
-@@ -XXX,XX +XXX,XX @@ static void init_delay_params(SyncClocks *sc, const CPUState *cpu)
- }
- #endif /* CONFIG USER ONLY */
-+/**
-+ * helper_lookup_tb_ptr: quick check for next tb
-+ * @env: current cpu state
-+ *
-+ * Look for an existing TB matching the current cpu state.
-+ * If found, return the code pointer.  If not found, return
-+ * the tcg epilogue so that we return into cpu_tb_exec.
-+ */
-+const void *HELPER(lookup_tb_ptr)(CPUArchState *env)
-+{
-+    CPUState *cpu = env_cpu(env);
-+    TranslationBlock *tb;
-+    target_ulong cs_base, pc;
-+    uint32_t flags;
-+
-+    cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
-+
-+    tb = tb_lookup(cpu, pc, cs_base, flags, curr_cflags(cpu));
-+    if (tb == NULL) {
-+        return tcg_code_gen_epilogue;
-+    }
-+    qemu_log_mask_and_addr(CPU_LOG_EXEC, pc,
-+                           "Chain %d: %p ["
-+                           TARGET_FMT_lx "/" TARGET_FMT_lx "/%#x] %s\n",
-+                           cpu->cpu_index, tb->tc.ptr, cs_base, pc, flags,
-+                           lookup_symbol(pc));
-+    return tb->tc.ptr;
-+}
-+
- /* Execute a TB, and fix up the CPU state afterwards if necessary */
- /*
-  * Disable CFI checks.
-diff --git a/accel/tcg/tcg-runtime.c b/accel/tcg/tcg-runtime.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/tcg-runtime.c
-+++ b/accel/tcg/tcg-runtime.c
-@@ -XXX,XX +XXX,XX @@
- #include "disas/disas.h"
- #include "exec/log.h"
- #include "tcg/tcg.h"
--#include "tb-lookup.h"
- /* 32-bit helpers */
-@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(ctpop_i64)(uint64_t arg)
-     return ctpop64(arg);
- }
--const void *HELPER(lookup_tb_ptr)(CPUArchState *env)
--{
--    CPUState *cpu = env_cpu(env);
--    TranslationBlock *tb;
--    target_ulong cs_base, pc;
--    uint32_t flags;
--
--    cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
--
--    tb = tb_lookup(cpu, pc, cs_base, flags, curr_cflags(cpu));
--    if (tb == NULL) {
--        return tcg_code_gen_epilogue;
--    }
--    qemu_log_mask_and_addr(CPU_LOG_EXEC, pc,
--                           "Chain %d: %p ["
--                           TARGET_FMT_lx "/" TARGET_FMT_lx "/%#x] %s\n",
--                           cpu->cpu_index, tb->tc.ptr, cs_base, pc, flags,
--                           lookup_symbol(pc));
--    return tb->tc.ptr;
--}
--
- void HELPER(exit_atomic)(CPUArchState *env)
- {
-     cpu_loop_exit_atomic(env_cpu(env), GETPC());
---
-.25.1

-[PATCH 37/41] accel/tcg: Move tb_lookup to cpu-exec.c
+Deleted patch
-Now that we've moved helper_lookup_tb_ptr, the only user
-of tb-lookup.h is cpu-exec.c; merge the contents in.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- accel/tcg/tb-lookup.h | 49 -------------------------------------------
- accel/tcg/cpu-exec.c  | 31 ++++++++++++++++++++++++++-
-files changed, 30 insertions(+), 50 deletions(-)
- delete mode 100644 accel/tcg/tb-lookup.h
-diff --git a/accel/tcg/tb-lookup.h b/accel/tcg/tb-lookup.h
-deleted file mode 100644
-index XXXXXXX..XXXXXXX
---- a/accel/tcg/tb-lookup.h
-+++ /dev/null
-@@ -XXX,XX +XXX,XX @@
--/*
-- * Copyright (C) 2017, Emilio G. Cota <cota@braap.org>
-- *
-- * License: GNU GPL, version 2 or later.
-- *   See the COPYING file in the top-level directory.
-- */
--#ifndef EXEC_TB_LOOKUP_H
--#define EXEC_TB_LOOKUP_H
--
--#ifdef NEED_CPU_H
--#include "cpu.h"
--#else
--#include "exec/poison.h"
--#endif
--
--#include "exec/exec-all.h"
--#include "tb-hash.h"
--
--/* Might cause an exception, so have a longjmp destination ready */
--static inline TranslationBlock *tb_lookup(CPUState *cpu, target_ulong pc,
--                                          target_ulong cs_base,
--                                          uint32_t flags, uint32_t cflags)
--{
--    TranslationBlock *tb;
--    uint32_t hash;
--
--    /* we should never be trying to look up an INVALID tb */
--    tcg_debug_assert(!(cflags & CF_INVALID));
--
--    hash = tb_jmp_cache_hash_func(pc);
--    tb = qatomic_rcu_read(&cpu->tb_jmp_cache[hash]);
--
--    if (likely(tb &&
--               tb->pc == pc &&
--               tb->cs_base == cs_base &&
--               tb->flags == flags &&
--               tb->trace_vcpu_dstate == *cpu->trace_dstate &&
--               tb_cflags(tb) == cflags)) {
--        return tb;
--    }
--    tb = tb_htable_lookup(cpu, pc, cs_base, flags, cflags);
--    if (tb == NULL) {
--        return NULL;
--    }
--    qatomic_set(&cpu->tb_jmp_cache[hash], tb);
--    return tb;
--}
--
--#endif /* EXEC_TB_LOOKUP_H */
-diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/cpu-exec.c
-+++ b/accel/tcg/cpu-exec.c
-@@ -XXX,XX +XXX,XX @@
- #include "sysemu/replay.h"
- #include "exec/helper-proto.h"
- #include "tb-hash.h"
--#include "tb-lookup.h"
- #include "tb-context.h"
- #include "internal.h"
-@@ -XXX,XX +XXX,XX @@ static void init_delay_params(SyncClocks *sc, const CPUState *cpu)
- }
- #endif /* CONFIG USER ONLY */
-+/* Might cause an exception, so have a longjmp destination ready */
-+static inline TranslationBlock *tb_lookup(CPUState *cpu, target_ulong pc,
-+                                          target_ulong cs_base,
-+                                          uint32_t flags, uint32_t cflags)
-+{
-+    TranslationBlock *tb;
-+    uint32_t hash;
-+
-+    /* we should never be trying to look up an INVALID tb */
-+    tcg_debug_assert(!(cflags & CF_INVALID));
-+
-+    hash = tb_jmp_cache_hash_func(pc);
-+    tb = qatomic_rcu_read(&cpu->tb_jmp_cache[hash]);
-+
-+    if (likely(tb &&
-+               tb->pc == pc &&
-+               tb->cs_base == cs_base &&
-+               tb->flags == flags &&
-+               tb->trace_vcpu_dstate == *cpu->trace_dstate &&
-+               tb_cflags(tb) == cflags)) {
-+        return tb;
-+    }
-+    tb = tb_htable_lookup(cpu, pc, cs_base, flags, cflags);
-+    if (tb == NULL) {
-+        return NULL;
-+    }
-+    qatomic_set(&cpu->tb_jmp_cache[hash], tb);
-+    return tb;
-+}
-+
- /**
-  * helper_lookup_tb_ptr: quick check for next tb
-  * @env: current cpu state
---
-.25.1

-[PATCH 38/41] accel/tcg: Split out log_cpu_exec
+Deleted patch
-Split out CPU_LOG_EXEC and CPU_LOG_TB_CPU logging from
-cpu_tb_exec to a new function.  Perform only one pc
-range check after a combined mask check.
-Use the new function in lookup_tb_ptr.  This enables
-CPU_LOG_TB_CPU between indirectly chained tbs.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- accel/tcg/cpu-exec.c | 61 ++++++++++++++++++++++++--------------------
-file changed, 34 insertions(+), 27 deletions(-)
-diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/cpu-exec.c
-+++ b/accel/tcg/cpu-exec.c
-@@ -XXX,XX +XXX,XX @@ static inline TranslationBlock *tb_lookup(CPUState *cpu, target_ulong pc,
-     return tb;
- }
-+static inline void log_cpu_exec(target_ulong pc, CPUState *cpu,
-+                                const TranslationBlock *tb)
-+{
-+    if (unlikely(qemu_loglevel_mask(CPU_LOG_TB_CPU | CPU_LOG_EXEC))
-+        && qemu_log_in_addr_range(pc)) {
-+
-+        qemu_log_mask(CPU_LOG_EXEC,
-+                      "Trace %d: %p [" TARGET_FMT_lx
-+                      "/" TARGET_FMT_lx "/%#x] %s\n",
-+                      cpu->cpu_index, tb->tc.ptr, tb->cs_base, pc, tb->flags,
-+                      lookup_symbol(pc));
-+
-+#if defined(DEBUG_DISAS)
-+        if (qemu_loglevel_mask(CPU_LOG_TB_CPU)) {
-+            FILE *logfile = qemu_log_lock();
-+            int flags = 0;
-+
-+            if (qemu_loglevel_mask(CPU_LOG_TB_FPU)) {
-+                flags |= CPU_DUMP_FPU;
-+            }
-+#if defined(TARGET_I386)
-+            flags |= CPU_DUMP_CCOP;
-+#endif
-+            log_cpu_state(cpu, flags);
-+            qemu_log_unlock(logfile);
-+        }
-+#endif /* DEBUG_DISAS */
-+    }
-+}
-+
- /**
-  * helper_lookup_tb_ptr: quick check for next tb
-  * @env: current cpu state
-@@ -XXX,XX +XXX,XX @@ const void *HELPER(lookup_tb_ptr)(CPUArchState *env)
-     if (tb == NULL) {
-         return tcg_code_gen_epilogue;
-     }
--    qemu_log_mask_and_addr(CPU_LOG_EXEC, pc,
--                           "Chain %d: %p ["
--                           TARGET_FMT_lx "/" TARGET_FMT_lx "/%#x] %s\n",
--                           cpu->cpu_index, tb->tc.ptr, cs_base, pc, flags,
--                           lookup_symbol(pc));
-+
-+    log_cpu_exec(pc, cpu, tb);
-+
-     return tb->tc.ptr;
- }
-@@ -XXX,XX +XXX,XX @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit)
-     TranslationBlock *last_tb;
-     const void *tb_ptr = itb->tc.ptr;
--    qemu_log_mask_and_addr(CPU_LOG_EXEC, itb->pc,
--                           "Trace %d: %p ["
--                           TARGET_FMT_lx "/" TARGET_FMT_lx "/%#x] %s\n",
--                           cpu->cpu_index, itb->tc.ptr,
--                           itb->cs_base, itb->pc, itb->flags,
--                           lookup_symbol(itb->pc));
--
--#if defined(DEBUG_DISAS)
--    if (qemu_loglevel_mask(CPU_LOG_TB_CPU)
--        && qemu_log_in_addr_range(itb->pc)) {
--        FILE *logfile = qemu_log_lock();
--        int flags = 0;
--        if (qemu_loglevel_mask(CPU_LOG_TB_FPU)) {
--            flags |= CPU_DUMP_FPU;
--        }
--#if defined(TARGET_I386)
--        flags |= CPU_DUMP_CCOP;
--#endif
--        log_cpu_state(cpu, flags);
--        qemu_log_unlock(logfile);
--    }
--#endif /* DEBUG_DISAS */
-+    log_cpu_exec(itb->pc, cpu, itb);
-     qemu_thread_jit_execute();
-     ret = tcg_qemu_tb_exec(env, tb_ptr);
---
-.25.1

-[PATCH 39/41] accel/tcg: Log tb->cflags with -d exec
+Deleted patch
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- accel/tcg/cpu-exec.c | 6 +++---
-file changed, 3 insertions(+), 3 deletions(-)
-diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/cpu-exec.c
-+++ b/accel/tcg/cpu-exec.c
-@@ -XXX,XX +XXX,XX @@ static inline void log_cpu_exec(target_ulong pc, CPUState *cpu,
-         qemu_log_mask(CPU_LOG_EXEC,
-                       "Trace %d: %p [" TARGET_FMT_lx
--                      "/" TARGET_FMT_lx "/%#x] %s\n",
--                      cpu->cpu_index, tb->tc.ptr, tb->cs_base, pc, tb->flags,
--                      lookup_symbol(pc));
-+                      "/" TARGET_FMT_lx "/%08x/%08x] %s\n",
-+                      cpu->cpu_index, tb->tc.ptr, tb->cs_base, pc,
-+                      tb->flags, tb->cflags, lookup_symbol(pc));
- #if defined(DEBUG_DISAS)
-         if (qemu_loglevel_mask(CPU_LOG_TB_CPU)) {
---
-.25.1

-[PATCH 40/41] tcg: Remove TCG_TARGET_HAS_goto_ptr
+Deleted patch
-Since 6eea04347eb6, all tcg backends support goto_ptr.
-Remove the conditional, making support mandatory.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/tcg/tcg-opc.h    | 3 +--
- tcg/aarch64/tcg-target.h | 1 -
- tcg/arm/tcg-target.h     | 1 -
- tcg/i386/tcg-target.h    | 1 -
- tcg/mips/tcg-target.h    | 1 -
- tcg/ppc/tcg-target.h     | 1 -
- tcg/riscv/tcg-target.h   | 1 -
- tcg/s390/tcg-target.h    | 1 -
- tcg/sparc/tcg-target.h   | 1 -
- tcg/tci/tcg-target.h     | 1 -
- tcg/tcg-op.c             | 2 +-
- tcg/tcg.c                | 8 ++------
-files changed, 4 insertions(+), 18 deletions(-)
-diff --git a/include/tcg/tcg-opc.h b/include/tcg/tcg-opc.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/tcg/tcg-opc.h
-+++ b/include/tcg/tcg-opc.h
-@@ -XXX,XX +XXX,XX @@ DEF(insn_start, 0, 0, TLADDR_ARGS * TARGET_INSN_START_WORDS,
-     TCG_OPF_NOT_PRESENT)
- DEF(exit_tb, 0, 0, 1, TCG_OPF_BB_EXIT | TCG_OPF_BB_END)
- DEF(goto_tb, 0, 0, 1, TCG_OPF_BB_EXIT | TCG_OPF_BB_END)
--DEF(goto_ptr, 0, 1, 0,
--    TCG_OPF_BB_EXIT | TCG_OPF_BB_END | IMPL(TCG_TARGET_HAS_goto_ptr))
-+DEF(goto_ptr, 0, 1, 0, TCG_OPF_BB_EXIT | TCG_OPF_BB_END)
- DEF(plugin_cb_start, 0, 0, 3, TCG_OPF_NOT_PRESENT)
- DEF(plugin_cb_end, 0, 0, 0, TCG_OPF_NOT_PRESENT)
-diff --git a/tcg/aarch64/tcg-target.h b/tcg/aarch64/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/aarch64/tcg-target.h
-+++ b/tcg/aarch64/tcg-target.h
-@@ -XXX,XX +XXX,XX @@ typedef enum {
- #define TCG_TARGET_HAS_mulsh_i32        0
- #define TCG_TARGET_HAS_extrl_i64_i32    0
- #define TCG_TARGET_HAS_extrh_i64_i32    0
--#define TCG_TARGET_HAS_goto_ptr         1
- #define TCG_TARGET_HAS_qemu_st8_i32     0
- #define TCG_TARGET_HAS_div_i64          1
-diff --git a/tcg/arm/tcg-target.h b/tcg/arm/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/arm/tcg-target.h
-+++ b/tcg/arm/tcg-target.h
-@@ -XXX,XX +XXX,XX @@ extern bool use_neon_instructions;
- #define TCG_TARGET_HAS_mulsh_i32        0
- #define TCG_TARGET_HAS_div_i32          use_idiv_instructions
- #define TCG_TARGET_HAS_rem_i32          0
--#define TCG_TARGET_HAS_goto_ptr         1
- #define TCG_TARGET_HAS_direct_jump      0
- #define TCG_TARGET_HAS_qemu_st8_i32     0
-diff --git a/tcg/i386/tcg-target.h b/tcg/i386/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/i386/tcg-target.h
-+++ b/tcg/i386/tcg-target.h
-@@ -XXX,XX +XXX,XX @@ extern bool have_movbe;
- #define TCG_TARGET_HAS_muls2_i32        1
- #define TCG_TARGET_HAS_muluh_i32        0
- #define TCG_TARGET_HAS_mulsh_i32        0
--#define TCG_TARGET_HAS_goto_ptr         1
- #define TCG_TARGET_HAS_direct_jump      1
- #if TCG_TARGET_REG_BITS == 64
-diff --git a/tcg/mips/tcg-target.h b/tcg/mips/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/mips/tcg-target.h
-+++ b/tcg/mips/tcg-target.h
-@@ -XXX,XX +XXX,XX @@ extern bool use_mips32r2_instructions;
- #define TCG_TARGET_HAS_muluh_i32        1
- #define TCG_TARGET_HAS_mulsh_i32        1
- #define TCG_TARGET_HAS_bswap32_i32      1
--#define TCG_TARGET_HAS_goto_ptr         1
- #define TCG_TARGET_HAS_direct_jump      1
- #if TCG_TARGET_REG_BITS == 64
-diff --git a/tcg/ppc/tcg-target.h b/tcg/ppc/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/ppc/tcg-target.h
-+++ b/tcg/ppc/tcg-target.h
-@@ -XXX,XX +XXX,XX @@ extern bool have_vsx;
- #define TCG_TARGET_HAS_muls2_i32        0
- #define TCG_TARGET_HAS_muluh_i32        1
- #define TCG_TARGET_HAS_mulsh_i32        1
--#define TCG_TARGET_HAS_goto_ptr         1
- #define TCG_TARGET_HAS_direct_jump      1
- #define TCG_TARGET_HAS_qemu_st8_i32     0
-diff --git a/tcg/riscv/tcg-target.h b/tcg/riscv/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/riscv/tcg-target.h
-+++ b/tcg/riscv/tcg-target.h
-@@ -XXX,XX +XXX,XX @@ typedef enum {
- #define TCG_TARGET_CALL_STACK_OFFSET    0
- /* optional instructions */
--#define TCG_TARGET_HAS_goto_ptr         1
- #define TCG_TARGET_HAS_movcond_i32      0
- #define TCG_TARGET_HAS_div_i32          1
- #define TCG_TARGET_HAS_rem_i32          1
-diff --git a/tcg/s390/tcg-target.h b/tcg/s390/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390/tcg-target.h
-+++ b/tcg/s390/tcg-target.h
-@@ -XXX,XX +XXX,XX @@ extern uint64_t s390_facilities;
- #define TCG_TARGET_HAS_mulsh_i32      0
- #define TCG_TARGET_HAS_extrl_i64_i32  0
- #define TCG_TARGET_HAS_extrh_i64_i32  0
--#define TCG_TARGET_HAS_goto_ptr       1
- #define TCG_TARGET_HAS_direct_jump    (s390_facilities & FACILITY_GEN_INST_EXT)
- #define TCG_TARGET_HAS_qemu_st8_i32   0
-diff --git a/tcg/sparc/tcg-target.h b/tcg/sparc/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/sparc/tcg-target.h
-+++ b/tcg/sparc/tcg-target.h
-@@ -XXX,XX +XXX,XX @@ extern bool use_vis3_instructions;
- #define TCG_TARGET_HAS_muls2_i32        1
- #define TCG_TARGET_HAS_muluh_i32        0
- #define TCG_TARGET_HAS_mulsh_i32        0
--#define TCG_TARGET_HAS_goto_ptr         1
- #define TCG_TARGET_HAS_direct_jump      1
- #define TCG_TARGET_HAS_qemu_st8_i32     0
-diff --git a/tcg/tci/tcg-target.h b/tcg/tci/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/tci/tcg-target.h
-+++ b/tcg/tci/tcg-target.h
-@@ -XXX,XX +XXX,XX @@
- #define TCG_TARGET_HAS_muls2_i32        1
- #define TCG_TARGET_HAS_muluh_i32        0
- #define TCG_TARGET_HAS_mulsh_i32        0
--#define TCG_TARGET_HAS_goto_ptr         1
- #define TCG_TARGET_HAS_direct_jump      0
- #define TCG_TARGET_HAS_qemu_st8_i32     0
-diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/tcg-op.c
-+++ b/tcg/tcg-op.c
-@@ -XXX,XX +XXX,XX @@ void tcg_gen_goto_tb(unsigned idx)
- void tcg_gen_lookup_and_goto_ptr(void)
- {
--    if (TCG_TARGET_HAS_goto_ptr && !qemu_loglevel_mask(CPU_LOG_TB_NOCHAIN)) {
-+    if (!qemu_loglevel_mask(CPU_LOG_TB_NOCHAIN)) {
-         TCGv_ptr ptr;
-         plugin_gen_disable_mem_helpers();
-diff --git a/tcg/tcg.c b/tcg/tcg.c
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/tcg.c
-+++ b/tcg/tcg.c
-@@ -XXX,XX +XXX,XX @@ void tcg_prologue_init(TCGContext *s)
-      * For tci, we use NULL as the signal to return from the interpreter,
-      * so skip this check.
-      */
--    if (TCG_TARGET_HAS_goto_ptr) {
--        tcg_debug_assert(tcg_code_gen_epilogue != NULL);
--    }
-+    tcg_debug_assert(tcg_code_gen_epilogue != NULL);
- #endif
-     tcg_region_prologue_set(s);
-@@ -XXX,XX +XXX,XX @@ bool tcg_op_supported(TCGOpcode op)
-     case INDEX_op_insn_start:
-     case INDEX_op_exit_tb:
-     case INDEX_op_goto_tb:
-+    case INDEX_op_goto_ptr:
-     case INDEX_op_qemu_ld_i32:
-     case INDEX_op_qemu_st_i32:
-     case INDEX_op_qemu_ld_i64:
-@@ -XXX,XX +XXX,XX @@ bool tcg_op_supported(TCGOpcode op)
-     case INDEX_op_qemu_st8_i32:
-         return TCG_TARGET_HAS_qemu_st8_i32;
--    case INDEX_op_goto_ptr:
--        return TCG_TARGET_HAS_goto_ptr;
--
-     case INDEX_op_mov_i32:
-     case INDEX_op_setcond_i32:
-     case INDEX_op_brcond_i32:
---
-.25.1

-[PATCH 41/41] cpu: Add breakpoint tracepoints
+[PULL v2 08/53] disas: Move disas.c into the target-independent source set
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
+From: Thomas Huth <thuth@redhat.com>
 Use target_words_bigendian() instead of an ifdef.
 Remove CONFIG_RISCV_DIS from the check for riscv as a host; this is
 a poisoned identifier, and anyway will always be set by meson.build
 when building on a riscv host.
 Signed-off-by: Thomas Huth <thuth@redhat.com>
 Message-Id: <20230508133745.109463-3-thuth@redhat.com>
 [rth: Type change done in a separate patch]
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- cpu.c        | 13 +++++++++----
+ disas/disas.c     | 12 ++++++------
- trace-events |  5 +++++
+ disas/meson.build |  3 ++-
-files changed, 14 insertions(+), 4 deletions(-)
+files changed, 8 insertions(+), 7 deletions(-)
-diff --git a/cpu.c b/cpu.c
+diff --git a/disas/disas.c b/disas/disas.c
 index XXXXXXX..XXXXXXX 100644
---- a/cpu.c
+--- a/disas/disas.c
-+++ b/cpu.c
++++ b/disas/disas.c
-@@ -XXX,XX +XXX,XX @@
+@@ -XXX,XX +XXX,XX @@ void disas_initialize_debug_target(CPUDebug *s, CPUState *cpu)
- #include "exec/translate-all.h"
+     s->cpu = cpu;
- #include "exec/log.h"
+     s->info.read_memory_func = target_read_memory;
- #include "hw/core/accel-cpu.h"
+     s->info.print_address_func = print_address;
-+#include "trace/trace-root.h"
+-#if TARGET_BIG_ENDIAN
+-    s->info.endian = BFD_ENDIAN_BIG;
- uintptr_t qemu_host_page_size;
+-#else
- intptr_t qemu_host_page_mask;
+-    s->info.endian = BFD_ENDIAN_LITTLE;
-@@ -XXX,XX +XXX,XX @@ int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
+-#endif
-     if (breakpoint) {
++    if (target_words_bigendian()) {
-         *breakpoint = bp;
++        s->info.endian = BFD_ENDIAN_BIG;
-     }
++    } else {
-+
++        s->info.endian =  BFD_ENDIAN_LITTLE;
-+    trace_breakpoint_insert(cpu->cpu_index, pc, flags);
++    }
-     return 0;
- }
+     CPUClass *cc = CPU_GET_CLASS(cpu);
+     if (cc->disas_set_info) {
-@@ -XXX,XX +XXX,XX @@ int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
+@@ -XXX,XX +XXX,XX @@ static void initialize_debug_host(CPUDebug *s)
- }
+ # ifdef _ARCH_PPC64
+     s->info.cap_mode = CS_MODE_64;
- /* Remove a specific breakpoint by reference.  */
+ # endif
--void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
+-#elif defined(__riscv) && defined(CONFIG_RISCV_DIS)
-+void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *bp)
++#elif defined(__riscv)
- {
+ #if defined(_ILP32) || (__riscv_xlen == 32)
--    QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
+     s->info.print_insn = print_insn_riscv32;
-+    QTAILQ_REMOVE(&cpu->breakpoints, bp, entry);
+ #elif defined(_LP64)
+diff --git a/disas/meson.build b/disas/meson.build
 -    breakpoint_invalidate(cpu, breakpoint->pc);
 +    breakpoint_invalidate(cpu, bp->pc);
 -    g_free(breakpoint);
 +    trace_breakpoint_remove(cpu->cpu_index, bp->pc, bp->flags);
 +    g_free(bp);
  }
  /* Remove all matching breakpoints. */
@@ -XXX,XX +XXX,XX @@ void cpu_single_step(CPUState *cpu, int enabled)
              /* XXX: only flush what is necessary */
              tb_flush(cpu);
          }
 +        trace_breakpoint_singlestep(cpu->cpu_index, enabled);
      }
  }
 diff --git a/trace-events b/trace-events
 index XXXXXXX..XXXXXXX 100644
---- a/trace-events
+--- a/disas/meson.build
-+++ b/trace-events
++++ b/disas/meson.build
-@@ -XXX,XX +XXX,XX @@
+@@ -XXX,XX +XXX,XX @@ common_ss.add(when: 'CONFIG_SH4_DIS', if_true: files('sh4.c'))
- #
+ common_ss.add(when: 'CONFIG_SPARC_DIS', if_true: files('sparc.c'))
- # The <format-string> should be a sprintf()-compatible format string.
+ common_ss.add(when: 'CONFIG_XTENSA_DIS', if_true: files('xtensa.c'))
+ common_ss.add(when: capstone, if_true: [files('capstone.c'), capstone])
-+# cpu.c
++common_ss.add(files('disas.c'))
-+breakpoint_insert(int cpu_index, uint64_t pc, int flags) "cpu=%d pc=0x%" PRIx64 " flags=0x%x"
-+breakpoint_remove(int cpu_index, uint64_t pc, int flags) "cpu=%d pc=0x%" PRIx64 " flags=0x%x"
+ softmmu_ss.add(files('disas-mon.c'))
-+breakpoint_singlestep(int cpu_index, int enabled) "cpu=%d enable=%d"
+-specific_ss.add(files('disas.c'), capstone)
-+
++specific_ss.add(capstone)
  # dma-helpers.c
  dma_blk_io(void *dbs, void *bs, int64_t offset, bool to_dev) "dbs=%p bs=%p offset=%" PRId64 " to_dev=%d"
  dma_aio_cancel(void *dbs) "dbs=%p"
 --
-.25.1
+.34.1

The following changes since commit 05de778b5b8ab0b402996769117b88c7ea5c7c61:

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging (2021-07-09 14:30:01 +0100)

are available in the Git repository at:

https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20210710

for you to fetch changes up to ad1a706f386c2281adb0b09257d892735e405834:

cpu: Add breakpoint tracepoints (2021-07-09 21:31:11 -0700)

----------------------------------------------------------------
Add translator_use_goto_tb.
Cleanups in prep of breakpoint fixes.
Misc fixes.

----------------------------------------------------------------
Liren Wei (2):
      accel/tcg: Hoist tcg_tb_insert() up above tb_link_page()
      tcg: Bake tb_destroy() into tcg_region_tree

Philippe Mathieu-Daudé (1):
      tcg: Avoid including 'trace-tcg.h' in target translate.c

Richard Henderson (38):
      tcg: Add separator in INDEX_op_call dump
      tcg: Move tb_phys_invalidate_count to tb_ctx
      accel/tcg: Introduce translator_use_goto_tb
      target/alpha: Remove use_exit_tb
      target/alpha: Remove in_superpage
      target/alpha: Use translator_use_goto_tb
      target/arm: Use DISAS_TOO_MANY for ISB and SB
      target/arm: Use translator_use_goto_tb for aarch64
      target/arm: Use translator_use_goto_tb for aarch32
      target/avr: Use translator_use_goto_tb
      target/avr: Mark some helpers noreturn
      target/cris: Use translator_use_goto_tb
      target/hppa: Use translator_use_goto_tb
      target/i386: Use translator_use_goto_tb
      target/m68k: Use translator_use_goto_tb
      target/microblaze: Use translator_use_goto_tb
      target/mips: Use translator_use_goto_tb
      target/mips: Fix missing else in gen_goto_tb
      target/nios2: Use translator_use_goto_tb
      target/openrisc: Use translator_use_goto_tb
      target/ppc: Use translator_use_goto_tb
      target/riscv: Use translator_use_goto_tb
      target/rx: Use translator_use_goto_tb
      target/s390x: Use translator_use_goto_tb
      target/s390x: Remove use_exit_tb
      target/sh4: Use translator_use_goto_tb
      target/sparc: Use translator_use_goto_tb
      target/tricore: Use translator_use_goto_tb
      target/tricore: Use tcg_gen_lookup_and_goto_ptr
      target/xtensa: Use translator_use_goto_tb
      tcg: Fix prologue disassembly
      target/i386: Use cpu_breakpoint_test in breakpoint_handler
      accel/tcg: Move helper_lookup_tb_ptr to cpu-exec.c
      accel/tcg: Move tb_lookup to cpu-exec.c
      accel/tcg: Split out log_cpu_exec
      accel/tcg: Log tb->cflags with -d exec
      tcg: Remove TCG_TARGET_HAS_goto_ptr
      cpu: Add breakpoint tracepoints

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

The root trace-events only declares a single TCG event:

$ git grep -w tcg trace-events
  trace-events:115:# tcg/tcg-op.c
  trace-events:137:vcpu tcg guest_mem_before(TCGv vaddr, uint16_t info) "info=%d", "vaddr=0x%016"PRIx64" info=%d"

and only a tcg/tcg-op.c uses it:

$ git grep -l trace_guest_mem_before_tcg
  tcg/tcg-op.c

therefore it is pointless to include "trace-tcg.h" in each target
(because it is not used). Remove it.

diff --git a/target/alpha/translate.c b/target/alpha/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/alpha/translate.c
+++ b/target/alpha/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/cpu_ldst.h"
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
-#include "trace-tcg.h"
 #include "exec/translator.h"
 #include "exec/log.h"
 
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-gen.h"
 #include "exec/log.h"
 
-#include "trace-tcg.h"
 #include "translate-a64.h"
 #include "qemu/atomic128.h"
 
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
 #include "exec/log.h"
-#include "trace-tcg.h"
 #include "translate-a64.h"
 #include "fpu/softfloat.h"
 
diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
 
-#include "trace-tcg.h"
 #include "exec/log.h"
 
 
diff --git a/target/cris/translate.c b/target/cris/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/cris/translate.c
+++ b/target/cris/translate.c
@@ -XXX,XX +XXX,XX @@
 
 #include "exec/helper-gen.h"
 
-#include "trace-tcg.h"
 #include "exec/log.h"
 
 
diff --git a/target/hppa/translate.c b/target/hppa/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/hppa/translate.c
+++ b/target/hppa/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
 #include "exec/translator.h"
-#include "trace-tcg.h"
 #include "exec/log.h"
 
 /* Since we have a distinction between register size and address size,
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-gen.h"
 #include "helper-tcg.h"
 
-#include "trace-tcg.h"
 #include "exec/log.h"
 
 #define PREFIX_REPZ   0x01
diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
 
-#include "trace-tcg.h"
 #include "exec/log.h"
 #include "fpu/softfloat.h"
 
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/translator.h"
 #include "qemu/qemu-print.h"
 
-#include "trace-tcg.h"
 #include "exec/log.h"
 
 #define EXTRACT_FIELD(src, start, end) \
diff --git a/target/mips/tcg/translate.c b/target/mips/tcg/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/mips/tcg/translate.c
+++ b/target/mips/tcg/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "semihosting/semihost.h"
 
 #include "trace.h"
-#include "trace-tcg.h"
 #include "exec/translator.h"
 #include "exec/log.h"
 #include "qemu/qemu-print.h"
diff --git a/target/openrisc/translate.c b/target/openrisc/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/openrisc/translate.c
+++ b/target/openrisc/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-gen.h"
 #include "exec/gen-icount.h"
 
-#include "trace-tcg.h"
 #include "exec/log.h"
 
 /* is_jmp field values */
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
 
-#include "trace-tcg.h"
 #include "exec/translator.h"
 #include "exec/log.h"
 #include "qemu/atomic128.h"
diff --git a/target/rx/translate.c b/target/rx/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/rx/translate.c
+++ b/target/rx/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
 #include "exec/translator.h"
-#include "trace-tcg.h"
 #include "exec/log.h"
 
 typedef struct DisasContext {
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
 
-#include "trace-tcg.h"
 #include "exec/translator.h"
 #include "exec/log.h"
 #include "qemu/atomic128.h"
diff --git a/target/sh4/translate.c b/target/sh4/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sh4/translate.c
+++ b/target/sh4/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
 #include "exec/translator.h"
-#include "trace-tcg.h"
 #include "exec/log.h"
 #include "qemu/qemu-print.h"
 
diff --git a/target/sparc/translate.c b/target/sparc/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sparc/translate.c
+++ b/target/sparc/translate.c
@@ -XXX,XX +XXX,XX @@
 
 #include "exec/helper-gen.h"
 
-#include "trace-tcg.h"
 #include "exec/translator.h"
 #include "exec/log.h"
 #include "asi.h"
diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/xtensa/translate.c
+++ b/target/xtensa/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
 
-#include "trace-tcg.h"
 #include "exec/log.h"
 
 
-- 
2.25.1

From: Liren Wei <lrwei@bupt.edu.cn>

TranslationBlocks not inserted into the corresponding region
tree shall be regarded as partially initialized objects, and
needs to be finalized first before inserting into QHT.

Signed-off-by: Liren Wei <lrwei@bupt.edu.cn>
Message-Id: <f9fc263f71e11b6308d8c1fbc0dd366bf4aeb532.1625404483.git.lrwei@bupt.edu.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/translate-all.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
         return tb;
     }
 
+    /*
+     * Insert TB into the corresponding region tree before publishing it
+     * through QHT. Otherwise rewinding happened in the TB might fail to
+     * lookup itself using host PC.
+     */
+    tcg_tb_insert(tb);
+
     /* check next page if needed */
     virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
     phys_page2 = -1;
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
         orig_aligned -= ROUND_UP(sizeof(*tb), qemu_icache_linesize);
         qatomic_set(&tcg_ctx->code_gen_ptr, (void *)orig_aligned);
         tb_destroy(tb);
+        tcg_tb_remove(tb);
         return existing_tb;
     }
-    tcg_tb_insert(tb);
     return tb;
 }
 
-- 
2.25.1

From: Liren Wei <lrwei@bupt.edu.cn>

The function is called only at tcg_gen_code() when duplicated TBs
are translated by different threads, and when the tcg_region_tree
is reset. Bake it into the underlying GTree as its value destroy
function to unite these situations.
Also remove tcg_region_tree_traverse() which now becomes useless.

Signed-off-by: Liren Wei <lrwei@bupt.edu.cn>
Message-Id: <8dc352f08d038c4e7a1f5f56962398cdc700c3aa.1625404483.git.lrwei@bupt.edu.cn>
[rth: Name the new tb_tc_cmp parameter correctly.]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/tcg/tcg.h         |  1 -
 accel/tcg/translate-all.c |  6 ------
 tcg/region.c              | 19 ++++++++-----------
 3 files changed, 8 insertions(+), 18 deletions(-)

diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
index XXXXXXX..XXXXXXX 100644
--- a/include/tcg/tcg.h
+++ b/include/tcg/tcg.h
@@ -XXX,XX +XXX,XX @@ void *tcg_malloc_internal(TCGContext *s, int size);
 void tcg_pool_reset(TCGContext *s);
 TranslationBlock *tcg_tb_alloc(TCGContext *s);
 
-void tb_destroy(TranslationBlock *tb);
 void tcg_region_reset_all(void);
 
 size_t tcg_code_size(void);
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ static int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
     return 0;
 }
 
-void tb_destroy(TranslationBlock *tb)
-{
-    qemu_spin_destroy(&tb->jmp_lock);
-}
-
 bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc, bool will_exit)
 {
     /*
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
 
         orig_aligned -= ROUND_UP(sizeof(*tb), qemu_icache_linesize);
         qatomic_set(&tcg_ctx->code_gen_ptr, (void *)orig_aligned);
-        tb_destroy(tb);
         tcg_tb_remove(tb);
         return existing_tb;
     }
diff --git a/tcg/region.c b/tcg/region.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/region.c
+++ b/tcg/region.c
@@ -XXX,XX +XXX,XX @@ static int ptr_cmp_tb_tc(const void *ptr, const struct tb_tc *s)
     return 0;
 }
 
-static gint tb_tc_cmp(gconstpointer ap, gconstpointer bp)
+static gint tb_tc_cmp(gconstpointer ap, gconstpointer bp, gpointer userdata)
 {
     const struct tb_tc *a = ap;
     const struct tb_tc *b = bp;
@@ -XXX,XX +XXX,XX @@ static gint tb_tc_cmp(gconstpointer ap, gconstpointer bp)
     return ptr_cmp_tb_tc(b->ptr, a);
 }
 
+static void tb_destroy(gpointer value)
+{
+    TranslationBlock *tb = value;
+    qemu_spin_destroy(&tb->jmp_lock);
+}
+
 static void tcg_region_trees_init(void)
 {
     size_t i;
@@ -XXX,XX +XXX,XX @@ static void tcg_region_trees_init(void)
         struct tcg_region_tree *rt = region_trees + i * tree_size;
 
         qemu_mutex_init(&rt->lock);
-        rt->tree = g_tree_new(tb_tc_cmp);
+        rt->tree = g_tree_new_full(tb_tc_cmp, NULL, NULL, tb_destroy);
     }
 }
 
@@ -XXX,XX +XXX,XX @@ size_t tcg_nb_tbs(void)
     return nb_tbs;
 }
 
-static gboolean tcg_region_tree_traverse(gpointer k, gpointer v, gpointer data)
-{
-    TranslationBlock *tb = v;
-
-    tb_destroy(tb);
-    return FALSE;
-}
-
 static void tcg_region_tree_reset_all(void)
 {
     size_t i;
@@ -XXX,XX +XXX,XX @@ static void tcg_region_tree_reset_all(void)
     for (i = 0; i < region.n; i++) {
         struct tcg_region_tree *rt = region_trees + i * tree_size;
 
-        g_tree_foreach(rt->tree, tcg_region_tree_traverse, NULL);
         /* Increment the refcount first so that destroy acts as a reset */
         g_tree_ref(rt->tree);
         g_tree_destroy(rt->tree);
-- 
2.25.1

We can call do_tb_phys_invalidate from an iocontext, which has
no per-thread tcg_ctx.  Move this to tb_ctx, which is global.
The actual update still takes place with a lock held, so only
an atomic set is required, not an atomic increment.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/457
Tested-by: Viktor Ashirov <vashirov@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/tb-context.h    |  1 +
 include/tcg/tcg.h         |  3 ---
 accel/tcg/translate-all.c |  8 ++++----
 tcg/region.c              | 14 --------------
 4 files changed, 5 insertions(+), 21 deletions(-)

diff --git a/accel/tcg/tb-context.h b/accel/tcg/tb-context.h
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/tb-context.h
+++ b/accel/tcg/tb-context.h
@@ -XXX,XX +XXX,XX @@ struct TBContext {
 
     /* statistics */
     unsigned tb_flush_count;
+    unsigned tb_phys_invalidate_count;
 };
 
 extern TBContext tb_ctx;
diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
index XXXXXXX..XXXXXXX 100644
--- a/include/tcg/tcg.h
+++ b/include/tcg/tcg.h
@@ -XXX,XX +XXX,XX @@ struct TCGContext {
     /* Threshold to flush the translated code buffer.  */
     void *code_gen_highwater;
 
-    size_t tb_phys_invalidate_count;
-
     /* Track which vCPU triggers events */
     CPUState *cpu;                      /* *_trans */
 
@@ -XXX,XX +XXX,XX @@ size_t tcg_code_capacity(void);
 
 void tcg_tb_insert(TranslationBlock *tb);
 void tcg_tb_remove(TranslationBlock *tb);
-size_t tcg_tb_phys_invalidate_count(void);
 TranslationBlock *tcg_tb_lookup(uintptr_t tc_ptr);
 void tcg_tb_foreach(GTraverseFunc func, gpointer user_data);
 size_t tcg_nb_tbs(void);
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list)
     /* suppress any remaining jumps to this TB */
     tb_jmp_unlink(tb);
 
-    qatomic_set(&tcg_ctx->tb_phys_invalidate_count,
-               tcg_ctx->tb_phys_invalidate_count + 1);
+    qatomic_set(&tb_ctx.tb_phys_invalidate_count,
+                tb_ctx.tb_phys_invalidate_count + 1);
 }
 
 static void tb_phys_invalidate__locked(TranslationBlock *tb)
@@ -XXX,XX +XXX,XX @@ void dump_exec_info(void)
     qemu_printf("\nStatistics:\n");
     qemu_printf("TB flush count      %u\n",
                 qatomic_read(&tb_ctx.tb_flush_count));
-    qemu_printf("TB invalidate count %zu\n",
-                tcg_tb_phys_invalidate_count());
+    qemu_printf("TB invalidate count %u\n",
+                qatomic_read(&tb_ctx.tb_phys_invalidate_count));
 
     tlb_flush_counts(&flush_full, &flush_part, &flush_elide);
     qemu_printf("TLB full flushes    %zu\n", flush_full);
diff --git a/tcg/region.c b/tcg/region.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/region.c
+++ b/tcg/region.c
@@ -XXX,XX +XXX,XX @@ size_t tcg_code_capacity(void)
 
     return capacity;
 }
-
-size_t tcg_tb_phys_invalidate_count(void)
-{
-    unsigned int n_ctxs = qatomic_read(&tcg_cur_ctxs);
-    unsigned int i;
-    size_t total = 0;
-
-    for (i = 0; i < n_ctxs; i++) {
-        const TCGContext *s = qatomic_read(&tcg_ctxs[i]);
-
-        total += qatomic_read(&s->tb_phys_invalidate_count);
-    }
-    return total;
-}
-- 
2.25.1

Add a generic version of the common use_goto_tb test.

Various targets avoid the page crossing test for CONFIG_USER_ONLY,
but that is wrong: mmap and mprotect can change page permissions.

Reviewed-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/exec/translator.h | 10 ++++++++++
 accel/tcg/translator.c    | 11 +++++++++++
 2 files changed, 21 insertions(+)

diff --git a/include/exec/translator.h b/include/exec/translator.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/translator.h
+++ b/include/exec/translator.h
@@ -XXX,XX +XXX,XX @@ void translator_loop(const TranslatorOps *ops, DisasContextBase *db,
 
 void translator_loop_temp_check(DisasContextBase *db);
 
+/**
+ * translator_use_goto_tb
+ * @db: Disassembly context
+ * @dest: target pc of the goto
+ *
+ * Return true if goto_tb is allowed between the current TB
+ * and the destination PC.
+ */
+bool translator_use_goto_tb(DisasContextBase *db, target_ulong dest);
+
 /*
  * Translator Load Functions
  *
diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translator.c
+++ b/accel/tcg/translator.c
@@ -XXX,XX +XXX,XX @@ void translator_loop_temp_check(DisasContextBase *db)
     }
 }
 
+bool translator_use_goto_tb(DisasContextBase *db, target_ulong dest)
+{
+    /* Suppress goto_tb in the case of single-steping.  */
+    if (db->singlestep_enabled || singlestep) {
+        return false;
+    }
+
+    /* Check for the dest on the same page as the start of the TB.  */
+    return ((db->pc_first ^ dest) & TARGET_PAGE_MASK) == 0;
+}
+
 void translator_loop(const TranslatorOps *ops, DisasContextBase *db,
                      CPUState *cpu, TranslationBlock *tb, int max_insns)
 {
-- 
2.25.1

We have not needed to end a TB for I/O since ba3e7926691
("icount: clean up cpu_can_io at the entry to the block").
We do not need to use exit_tb for singlestep, which only
means generate one insn per TB.

Which leaves only singlestep_enabled, which means raise a
debug trap after every TB, which does not use exit_tb,
which would leave the function mis-named.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/alpha/translate.c | 15 ++-------------
 1 file changed, 2 insertions(+), 13 deletions(-)

diff --git a/target/alpha/translate.c b/target/alpha/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/alpha/translate.c
+++ b/target/alpha/translate.c
@@ -XXX,XX +XXX,XX @@ static bool in_superpage(DisasContext *ctx, int64_t addr)
 #endif
 }
 
-static bool use_exit_tb(DisasContext *ctx)
-{
-    return ((tb_cflags(ctx->base.tb) & CF_LAST_IO)
-            || ctx->base.singlestep_enabled
-            || singlestep);
-}
-
 static bool use_goto_tb(DisasContext *ctx, uint64_t dest)
 {
-    /* Suppress goto_tb in the case of single-steping and IO.  */
-    if (unlikely(use_exit_tb(ctx))) {
-        return false;
-    }
 #ifndef CONFIG_USER_ONLY
     /* If the destination is in the superpage, the page perms can't change.  */
     if (in_superpage(ctx, dest)) {
@@ -XXX,XX +XXX,XX @@ static DisasJumpType gen_call_pal(DisasContext *ctx, int palcode)
            need the page permissions check.  We'll see the existence of
            the page when we create the TB, and we'll flush all TBs if
            we change the PAL base register.  */
-        if (!use_exit_tb(ctx)) {
+        if (!ctx->base.singlestep_enabled) {
             tcg_gen_goto_tb(0);
             tcg_gen_movi_i64(cpu_pc, entry);
             tcg_gen_exit_tb(ctx->base.tb, 0);
@@ -XXX,XX +XXX,XX @@ static void alpha_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
         tcg_gen_movi_i64(cpu_pc, ctx->base.pc_next);
         /* FALLTHRU */
     case DISAS_PC_UPDATED:
-        if (!use_exit_tb(ctx)) {
+        if (!ctx->base.singlestep_enabled) {
             tcg_gen_lookup_and_goto_ptr();
             break;
         }
-- 
2.25.1

The number of links across (normal) pages using this is low,
and it will shortly violate the contract for breakpoints.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/alpha/translate.c | 24 ++----------------------
 1 file changed, 2 insertions(+), 22 deletions(-)

diff --git a/target/alpha/translate.c b/target/alpha/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/alpha/translate.c
+++ b/target/alpha/translate.c
@@ -XXX,XX +XXX,XX @@ static DisasJumpType gen_store_conditional(DisasContext *ctx, int ra, int rb,
     return DISAS_NEXT;
 }
 
-static bool in_superpage(DisasContext *ctx, int64_t addr)
-{
-#ifndef CONFIG_USER_ONLY
-    return ((ctx->tbflags & ENV_FLAG_PS_USER) == 0
-            && addr >> TARGET_VIRT_ADDR_SPACE_BITS == -1
-            && ((addr >> 41) & 3) == 2);
-#else
-    return false;
-#endif
-}
-
 static bool use_goto_tb(DisasContext *ctx, uint64_t dest)
 {
 #ifndef CONFIG_USER_ONLY
-    /* If the destination is in the superpage, the page perms can't change.  */
-    if (in_superpage(ctx, dest)) {
-        return true;
-    }
     /* Check for the dest on the same page as the start of the TB.  */
     return ((ctx->base.tb->pc ^ dest) & TARGET_PAGE_MASK) == 0;
 #else
@@ -XXX,XX +XXX,XX @@ static void alpha_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu)
 {
     DisasContext *ctx = container_of(dcbase, DisasContext, base);
     CPUAlphaState *env = cpu->env_ptr;
-    int64_t bound, mask;
+    int64_t bound;
 
     ctx->tbflags = ctx->base.tb->flags;
     ctx->mem_idx = cpu_mmu_index(env, false);
@@ -XXX,XX +XXX,XX @@ static void alpha_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu)
     ctx->lit = NULL;
 
     /* Bound the number of insns to execute to those left on the page.  */
-    if (in_superpage(ctx, ctx->base.pc_first)) {
-        mask = -1ULL << 41;
-    } else {
-        mask = TARGET_PAGE_MASK;
-    }
-    bound = -(ctx->base.pc_first | mask) / 4;
+    bound = -(ctx->base.pc_first | TARGET_PAGE_MASK) / 4;
     ctx->base.max_insns = MIN(ctx->base.max_insns, bound);
 }
 
-- 
2.25.1

Using gen_goto_tb directly misses the single-step check.
Let the branch or debug exception be emitted by arm_tr_tb_stop.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/translate.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static bool trans_ISB(DisasContext *s, arg_ISB *a)
      * self-modifying code correctly and also to take
      * any pending interrupts immediately.
      */
-    gen_goto_tb(s, 0, s->base.pc_next);
+    s->base.is_jmp = DISAS_TOO_MANY;
     return true;
 }
 
@@ -XXX,XX +XXX,XX @@ static bool trans_SB(DisasContext *s, arg_SB *a)
      * for TCG; MB and end the TB instead.
      */
     tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
-    gen_goto_tb(s, 0, s->base.pc_next);
+    s->base.is_jmp = DISAS_TOO_MANY;
     return true;
 }
 
-- 
2.25.1

We have not needed to end a TB for I/O since ba3e7926691
("icount: clean up cpu_can_io at the entry to the block"),
and gdbstub singlestep is handled by the generic function.

Drop the unused 'n' argument to use_goto_tb.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/translate-a64.c | 25 +++++--------------------
 1 file changed, 5 insertions(+), 20 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void gen_step_complete_exception(DisasContext *s)
     s->base.is_jmp = DISAS_NORETURN;
 }
 
-static inline bool use_goto_tb(DisasContext *s, int n, uint64_t dest)
+static inline bool use_goto_tb(DisasContext *s, uint64_t dest)
 {
-    /* No direct tb linking with singlestep (either QEMU's or the ARM
-     * debug architecture kind) or deterministic io
-     */
-    if (s->base.singlestep_enabled || s->ss_active ||
-        (tb_cflags(s->base.tb) & CF_LAST_IO)) {
+    if (s->ss_active) {
         return false;
     }
-
-#ifndef CONFIG_USER_ONLY
-    /* Only link tbs from inside the same guest page */
-    if ((s->base.tb->pc & TARGET_PAGE_MASK) != (dest & TARGET_PAGE_MASK)) {
-        return false;
-    }
-#endif
-
-    return true;
+    return translator_use_goto_tb(&s->base, dest);
 }
 
 static inline void gen_goto_tb(DisasContext *s, int n, uint64_t dest)
 {
-    const TranslationBlock *tb;
-
-    tb = s->base.tb;
-    if (use_goto_tb(s, n, dest)) {
+    if (use_goto_tb(s, dest)) {
         tcg_gen_goto_tb(n);
         gen_a64_set_pc_im(dest);
-        tcg_gen_exit_tb(tb, n);
+        tcg_gen_exit_tb(s->base.tb, n);
         s->base.is_jmp = DISAS_NORETURN;
     } else {
         gen_a64_set_pc_im(dest);
-- 
2.25.1

Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/translate.c | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static int disas_dsp_insn(DisasContext *s, uint32_t insn)
     return 1;
 }
 
-static inline bool use_goto_tb(DisasContext *s, target_ulong dest)
-{
-#ifndef CONFIG_USER_ONLY
-    return (s->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK) ||
-           ((s->base.pc_next - 1) & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
-#else
-    return true;
-#endif
-}
-
 static void gen_goto_ptr(void)
 {
     tcg_gen_lookup_and_goto_ptr();
@@ -XXX,XX +XXX,XX @@ static void gen_goto_ptr(void)
  */
 static void gen_goto_tb(DisasContext *s, int n, target_ulong dest)
 {
-    if (use_goto_tb(s, dest)) {
+    if (translator_use_goto_tb(&s->base, dest)) {
         tcg_gen_goto_tb(n);
         gen_set_pc_im(s, dest);
         tcg_gen_exit_tb(s->base.tb, n);
-- 
2.25.1

Single stepping is not the only reason not to use goto_tb.
If goto_tb is disallowed, and single-stepping is not enabled,
then use tcg_gen_lookup_and_goto_tb to indirectly chain.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/avr/translate.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/target/avr/translate.c b/target/avr/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/avr/translate.c
+++ b/target/avr/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
 {
     const TranslationBlock *tb = ctx->base.tb;
 
-    if (!ctx->base.singlestep_enabled) {
+    if (translator_use_goto_tb(&ctx->base, dest)) {
         tcg_gen_goto_tb(n);
         tcg_gen_movi_i32(cpu_pc, dest);
         tcg_gen_exit_tb(tb, n);
     } else {
         tcg_gen_movi_i32(cpu_pc, dest);
-        gen_helper_debug(cpu_env);
-        tcg_gen_exit_tb(NULL, 0);
+        if (ctx->base.singlestep_enabled) {
+            gen_helper_debug(cpu_env);
+        } else {
+            tcg_gen_lookup_and_goto_ptr();
+        }
     }
     ctx->base.is_jmp = DISAS_NORETURN;
 }
-- 
2.25.1

The test for singlestepping is done in translator_use_goto_tb,
so we may elide it from cris_tr_tb_stop.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/cris/translate.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/target/cris/translate.c b/target/cris/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/cris/translate.c
+++ b/target/cris/translate.c
@@ -XXX,XX +XXX,XX @@ static void t_gen_swapr(TCGv d, TCGv s)
 
 static bool use_goto_tb(DisasContext *dc, target_ulong dest)
 {
-    return ((dest ^ dc->base.pc_first) & TARGET_PAGE_MASK) == 0;
+    return translator_use_goto_tb(&dc->base, dest);
 }
 
 static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
@@ -XXX,XX +XXX,XX @@ static void cris_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
              * Use a conditional branch if either taken or not-taken path
              * can use goto_tb.  If neither can, then treat it as indirect.
              */
-            if (likely(!dc->base.singlestep_enabled)
-                && likely(!dc->cpustate_changed)
+            if (likely(!dc->cpustate_changed)
                 && (use_goto_tb(dc, dc->jmp_pc) || use_goto_tb(dc, npc))) {
                 TCGLabel *not_taken = gen_new_label();
 
-- 
2.25.1

Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/i386/tcg/translate.c | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -XXX,XX +XXX,XX @@ static inline int insn_const_size(MemOp ot)
     }
 }
 
-static inline bool use_goto_tb(DisasContext *s, target_ulong pc)
-{
-#ifndef CONFIG_USER_ONLY
-    return (pc & TARGET_PAGE_MASK) == (s->base.tb->pc & TARGET_PAGE_MASK) ||
-           (pc & TARGET_PAGE_MASK) == (s->pc_start & TARGET_PAGE_MASK);
-#else
-    return true;
-#endif
-}
-
-static inline void gen_goto_tb(DisasContext *s, int tb_num, target_ulong eip)
+static void gen_goto_tb(DisasContext *s, int tb_num, target_ulong eip)
 {
     target_ulong pc = s->cs_base + eip;
 
-    if (use_goto_tb(s, pc))  {
+    if (translator_use_goto_tb(&s->base, pc))  {
         /* jump to same page: we can use a direct jump */
         tcg_gen_goto_tb(tb_num);
         gen_jmp_im(s, eip);
-- 
2.25.1

Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Acked-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/m68k/translate.c | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_exit_tb(DisasContext *s)
         }                                                               \
     } while (0)
 
-static inline bool use_goto_tb(DisasContext *s, uint32_t dest)
-{
-#ifndef CONFIG_USER_ONLY
-    return (s->base.pc_first & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK)
-        || (s->base.pc_next & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
-#else
-    return true;
-#endif
-}
-
 /* Generate a jump to an immediate address.  */
 static void gen_jmp_tb(DisasContext *s, int n, uint32_t dest)
 {
@@ -XXX,XX +XXX,XX @@ static void gen_jmp_tb(DisasContext *s, int n, uint32_t dest)
         update_cc_op(s);
         tcg_gen_movi_i32(QREG_PC, dest);
         gen_singlestep_exception(s);
-    } else if (use_goto_tb(s, dest)) {
+    } else if (translator_use_goto_tb(&s->base, dest)) {
         tcg_gen_goto_tb(n);
         tcg_gen_movi_i32(QREG_PC, dest);
         tcg_gen_exit_tb(s->base.tb, n);
-- 
2.25.1

Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/microblaze/translate.c | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_raise_hw_excp(DisasContext *dc, uint32_t esr_ec)
     gen_raise_exception_sync(dc, EXCP_HW_EXCP);
 }
 
-static inline bool use_goto_tb(DisasContext *dc, target_ulong dest)
-{
-#ifndef CONFIG_USER_ONLY
-    return (dc->base.pc_first & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
-#else
-    return true;
-#endif
-}
-
 static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
 {
     if (dc->base.singlestep_enabled) {
@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
         tcg_gen_movi_i32(cpu_pc, dest);
         gen_helper_raise_exception(cpu_env, tmp);
         tcg_temp_free_i32(tmp);
-    } else if (use_goto_tb(dc, dest)) {
+    } else if (translator_use_goto_tb(&dc->base, dest)) {
         tcg_gen_goto_tb(n);
         tcg_gen_movi_i32(cpu_pc, dest);
         tcg_gen_exit_tb(dc->base.tb, n);
-- 
2.25.1

Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/mips/tcg/translate.c | 17 ++---------------
 1 file changed, 2 insertions(+), 15 deletions(-)

diff --git a/target/mips/tcg/translate.c b/target/mips/tcg/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/mips/tcg/translate.c
+++ b/target/mips/tcg/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_trap(DisasContext *ctx, uint32_t opc,
     tcg_temp_free(t1);
 }
 
-static inline bool use_goto_tb(DisasContext *ctx, target_ulong dest)
+static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
 {
-    if (unlikely(ctx->base.singlestep_enabled)) {
-        return false;
-    }
-
-#ifndef CONFIG_USER_ONLY
-    return (ctx->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
-#else
-    return true;
-#endif
-}
-
-static inline void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
-{
-    if (use_goto_tb(ctx, dest)) {
+    if (translator_use_goto_tb(&ctx->base, dest)) {
         tcg_gen_goto_tb(n);
         gen_save_pc(dest);
         tcg_gen_exit_tb(ctx->base.tb, n);
-- 
2.25.1

Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/nios2/translate.c | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

diff --git a/target/nios2/translate.c b/target/nios2/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/nios2/translate.c
+++ b/target/nios2/translate.c
@@ -XXX,XX +XXX,XX @@ static void t_gen_helper_raise_exception(DisasContext *dc,
     dc->base.is_jmp = DISAS_NORETURN;
 }
 
-static bool use_goto_tb(DisasContext *dc, uint32_t dest)
-{
-    if (unlikely(dc->base.singlestep_enabled)) {
-        return false;
-    }
-
-#ifndef CONFIG_USER_ONLY
-    return (dc->base.pc_first & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
-#else
-    return true;
-#endif
-}
-
 static void gen_goto_tb(DisasContext *dc, int n, uint32_t dest)
 {
     const TranslationBlock *tb = dc->base.tb;
 
-    if (use_goto_tb(dc, dest)) {
+    if (translator_use_goto_tb(&dc->base, dest)) {
         tcg_gen_goto_tb(n);
         tcg_gen_movi_tl(cpu_R[R_PC], dest);
         tcg_gen_exit_tb(tb, n);
-- 
2.25.1

Reorder the control statements to allow using the page boundary
check from translator_use_goto_tb().

Reviewed-by: Stafford Horne <shorne@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/openrisc/translate.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/target/openrisc/translate.c b/target/openrisc/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/openrisc/translate.c
+++ b/target/openrisc/translate.c
@@ -XXX,XX +XXX,XX @@ static void openrisc_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
         /* fallthru */
 
     case DISAS_TOO_MANY:
-        if (unlikely(dc->base.singlestep_enabled)) {
-            tcg_gen_movi_tl(cpu_pc, jmp_dest);
-            gen_exception(dc, EXCP_DEBUG);
-        } else if ((dc->base.pc_first ^ jmp_dest) & TARGET_PAGE_MASK) {
-            tcg_gen_movi_tl(cpu_pc, jmp_dest);
-            tcg_gen_lookup_and_goto_ptr();
-        } else {
+        if (translator_use_goto_tb(&dc->base, jmp_dest)) {
             tcg_gen_goto_tb(0);
             tcg_gen_movi_tl(cpu_pc, jmp_dest);
             tcg_gen_exit_tb(dc->base.tb, 0);
+            break;
+        }
+        tcg_gen_movi_tl(cpu_pc, jmp_dest);
+        if (unlikely(dc->base.singlestep_enabled)) {
+            gen_exception(dc, EXCP_DEBUG);
+        } else {
+            tcg_gen_lookup_and_goto_ptr();
         }
         break;
 
-- 
2.25.1

Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/riscv/translate.c | 20 +-------------------
 1 file changed, 1 insertion(+), 19 deletions(-)

diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_exception_inst_addr_mis(DisasContext *ctx)
     generate_exception_mtval(ctx, RISCV_EXCP_INST_ADDR_MIS);
 }
 
-static inline bool use_goto_tb(DisasContext *ctx, target_ulong dest)
-{
-    if (unlikely(ctx->base.singlestep_enabled)) {
-        return false;
-    }
-
-#ifndef CONFIG_USER_ONLY
-    return (ctx->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
-#else
-    return true;
-#endif
-}
-
 static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
 {
-    if (use_goto_tb(ctx, dest)) {
-        /* chaining is only allowed when the jump is to the same page */
+    if (translator_use_goto_tb(&ctx->base, dest)) {
         tcg_gen_goto_tb(n);
         tcg_gen_movi_tl(cpu_pc, dest);
-
-        /* No need to check for single stepping here as use_goto_tb() will
-         * return false in case of single stepping.
-         */
         tcg_gen_exit_tb(ctx->base.tb, n);
     } else {
         tcg_gen_movi_tl(cpu_pc, dest);
-- 
2.25.1

Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/rx/translate.c | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/target/rx/translate.c b/target/rx/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/rx/translate.c
+++ b/target/rx/translate.c
@@ -XXX,XX +XXX,XX @@ void rx_cpu_dump_state(CPUState *cs, FILE *f, int flags)
     }
 }
 
-static bool use_goto_tb(DisasContext *dc, target_ulong dest)
-{
-    if (unlikely(dc->base.singlestep_enabled)) {
-        return false;
-    } else {
-        return true;
-    }
-}
-
 static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
 {
-    if (use_goto_tb(dc, dest)) {
+    if (translator_use_goto_tb(&dc->base, dest)) {
         tcg_gen_goto_tb(n);
         tcg_gen_movi_i32(cpu_pc, dest);
         tcg_gen_exit_tb(dc->base.tb, n);
-- 
2.25.1

We have not needed to end a TB for I/O since ba3e7926691
("icount: clean up cpu_can_io at the entry to the block").

In use_goto_tb, the check for singlestep_enabled is in the
generic translator_use_goto_tb.  In s390x_tr_tb_stop, the
check for singlestep_enabled is in the preceding do_debug test.

Which leaves only FLAG_MASK_PER: fold that test alone into
the two callers of use_exit tb.

Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/s390x/translate.c | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_op_calc_cc(DisasContext *s)
     set_cc_static(s);
 }
 
-static bool use_exit_tb(DisasContext *s)
-{
-    return s->base.singlestep_enabled ||
-            (tb_cflags(s->base.tb) & CF_LAST_IO) ||
-            (s->base.tb->flags & FLAG_MASK_PER);
-}
-
 static bool use_goto_tb(DisasContext *s, uint64_t dest)
 {
-    if (unlikely(use_exit_tb(s))) {
+    if (unlikely(s->base.tb->flags & FLAG_MASK_PER)) {
         return false;
     }
     return translator_use_goto_tb(&s->base, dest);
@@ -XXX,XX +XXX,XX @@ static void s390x_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
         /* Exit the TB, either by raising a debug exception or by return.  */
         if (dc->do_debug) {
             gen_exception(EXCP_DEBUG);
-        } else if (use_exit_tb(dc) ||
+        } else if ((dc->base.tb->flags & FLAG_MASK_PER) ||
                    dc->base.is_jmp == DISAS_PC_STALE_NOCHAIN) {
             tcg_gen_exit_tb(NULL, 0);
         } else {
-- 
2.25.1

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/sh4/translate.c | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/target/sh4/translate.c b/target/sh4/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sh4/translate.c
+++ b/target/sh4/translate.c
@@ -XXX,XX +XXX,XX @@ static inline bool use_exit_tb(DisasContext *ctx)
     return (ctx->tbflags & GUSA_EXCLUSIVE) != 0;
 }
 
-static inline bool use_goto_tb(DisasContext *ctx, target_ulong dest)
+static bool use_goto_tb(DisasContext *ctx, target_ulong dest)
 {
-    /* Use a direct jump if in same page and singlestep not enabled */
-    if (unlikely(ctx->base.singlestep_enabled || use_exit_tb(ctx))) {
+    if (use_exit_tb(ctx)) {
         return false;
     }
-#ifndef CONFIG_USER_ONLY
-    return (ctx->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
-#else
-    return true;
-#endif
+    return translator_use_goto_tb(&ctx->base, dest);
 }
 
 static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
-- 
2.25.1

Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/sparc/translate.c | 19 +++++--------------
 1 file changed, 5 insertions(+), 14 deletions(-)

diff --git a/target/sparc/translate.c b/target/sparc/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sparc/translate.c
+++ b/target/sparc/translate.c
@@ -XXX,XX +XXX,XX @@ static inline TCGv gen_dest_gpr(DisasContext *dc, int reg)
     }
 }
 
-static inline bool use_goto_tb(DisasContext *s, target_ulong pc,
-                               target_ulong npc)
+static bool use_goto_tb(DisasContext *s, target_ulong pc, target_ulong npc)
 {
-    if (unlikely(s->base.singlestep_enabled || singlestep)) {
-        return false;
-    }
-
-#ifndef CONFIG_USER_ONLY
-    return (pc & TARGET_PAGE_MASK) == (s->base.tb->pc & TARGET_PAGE_MASK) &&
-           (npc & TARGET_PAGE_MASK) == (s->base.tb->pc & TARGET_PAGE_MASK);
-#else
-    return true;
-#endif
+    return translator_use_goto_tb(&s->base, pc) &&
+           translator_use_goto_tb(&s->base, npc);
 }
 
-static inline void gen_goto_tb(DisasContext *s, int tb_num,
-                               target_ulong pc, target_ulong npc)
+static void gen_goto_tb(DisasContext *s, int tb_num,
+                        target_ulong pc, target_ulong npc)
 {
     if (use_goto_tb(s, pc, npc))  {
         /* jump to same page: we can use a direct jump */
-- 
2.25.1

Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/tricore/translate.c | 17 ++---------------
 1 file changed, 2 insertions(+), 15 deletions(-)

diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -XXX,XX +XXX,XX @@ static inline void gen_save_pc(target_ulong pc)
     tcg_gen_movi_tl(cpu_PC, pc);
 }
 
-static inline bool use_goto_tb(DisasContext *ctx, target_ulong dest)
-{
-    if (unlikely(ctx->base.singlestep_enabled)) {
-        return false;
-    }
-
-#ifndef CONFIG_USER_ONLY
-    return (ctx->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
-#else
-    return true;
-#endif
-}
-
 static void generate_qemu_excp(DisasContext *ctx, int excp)
 {
     TCGv_i32 tmp = tcg_const_i32(excp);
@@ -XXX,XX +XXX,XX @@ static void generate_qemu_excp(DisasContext *ctx, int excp)
     tcg_temp_free(tmp);
 }
 
-static inline void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
+static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
 {
-    if (use_goto_tb(ctx, dest)) {
+    if (translator_use_goto_tb(&ctx->base, dest)) {
         tcg_gen_goto_tb(n);
         gen_save_pc(dest);
         tcg_gen_exit_tb(ctx->base.tb, n);
-- 
2.25.1

The loop is performing a simple boolean test for the existence
of a BP_CPU breakpoint at EIP.  Plus it gets the iteration wrong,
if we happen to have a BP_GDB breakpoint at the same address.

We have a function for this: cpu_breakpoint_test.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20210620062317.1399034-1-richard.henderson@linaro.org>
---
 target/i386/tcg/sysemu/bpt_helper.c | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/target/i386/tcg/sysemu/bpt_helper.c b/target/i386/tcg/sysemu/bpt_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/tcg/sysemu/bpt_helper.c
+++ b/target/i386/tcg/sysemu/bpt_helper.c
@@ -XXX,XX +XXX,XX @@ void breakpoint_handler(CPUState *cs)
 {
     X86CPU *cpu = X86_CPU(cs);
     CPUX86State *env = &cpu->env;
-    CPUBreakpoint *bp;
 
     if (cs->watchpoint_hit) {
         if (cs->watchpoint_hit->flags & BP_CPU) {
@@ -XXX,XX +XXX,XX @@ void breakpoint_handler(CPUState *cs)
             }
         }
     } else {
-        QTAILQ_FOREACH(bp, &cs->breakpoints, entry) {
-            if (bp->pc == env->eip) {
-                if (bp->flags & BP_CPU) {
-                    check_hw_breakpoints(env, true);
-                    raise_exception(env, EXCP01_DB);
-                }
-                break;
-            }
+        if (cpu_breakpoint_test(cs, env->eip, BP_CPU)) {
+            check_hw_breakpoints(env, true);
+            raise_exception(env, EXCP01_DB);
         }
     }
 }
-- 
2.25.1

This will allow additional code sharing.
No functional change.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/cpu-exec.c    | 30 ++++++++++++++++++++++++++++++
 accel/tcg/tcg-runtime.c | 22 ----------------------
 2 files changed, 30 insertions(+), 22 deletions(-)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/cpu-all.h"
 #include "sysemu/cpu-timers.h"
 #include "sysemu/replay.h"
+#include "exec/helper-proto.h"
 #include "tb-hash.h"
 #include "tb-lookup.h"
 #include "tb-context.h"
@@ -XXX,XX +XXX,XX @@ static void init_delay_params(SyncClocks *sc, const CPUState *cpu)
 }
 #endif /* CONFIG USER ONLY */
 
+/**
+ * helper_lookup_tb_ptr: quick check for next tb
+ * @env: current cpu state
+ *
+ * Look for an existing TB matching the current cpu state.
+ * If found, return the code pointer.  If not found, return
+ * the tcg epilogue so that we return into cpu_tb_exec.
+ */
+const void *HELPER(lookup_tb_ptr)(CPUArchState *env)
+{
+    CPUState *cpu = env_cpu(env);
+    TranslationBlock *tb;
+    target_ulong cs_base, pc;
+    uint32_t flags;
+
+    cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
+
+    tb = tb_lookup(cpu, pc, cs_base, flags, curr_cflags(cpu));
+    if (tb == NULL) {
+        return tcg_code_gen_epilogue;
+    }
+    qemu_log_mask_and_addr(CPU_LOG_EXEC, pc,
+                           "Chain %d: %p ["
+                           TARGET_FMT_lx "/" TARGET_FMT_lx "/%#x] %s\n",
+                           cpu->cpu_index, tb->tc.ptr, cs_base, pc, flags,
+                           lookup_symbol(pc));
+    return tb->tc.ptr;
+}
+
 /* Execute a TB, and fix up the CPU state afterwards if necessary */
 /*
  * Disable CFI checks.
diff --git a/accel/tcg/tcg-runtime.c b/accel/tcg/tcg-runtime.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/tcg-runtime.c
+++ b/accel/tcg/tcg-runtime.c
@@ -XXX,XX +XXX,XX @@
 #include "disas/disas.h"
 #include "exec/log.h"
 #include "tcg/tcg.h"
-#include "tb-lookup.h"
 
 /* 32-bit helpers */
 
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(ctpop_i64)(uint64_t arg)
     return ctpop64(arg);
 }
 
-const void *HELPER(lookup_tb_ptr)(CPUArchState *env)
-{
-    CPUState *cpu = env_cpu(env);
-    TranslationBlock *tb;
-    target_ulong cs_base, pc;
-    uint32_t flags;
-
-    cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
-
-    tb = tb_lookup(cpu, pc, cs_base, flags, curr_cflags(cpu));
-    if (tb == NULL) {
-        return tcg_code_gen_epilogue;
-    }
-    qemu_log_mask_and_addr(CPU_LOG_EXEC, pc,
-                           "Chain %d: %p ["
-                           TARGET_FMT_lx "/" TARGET_FMT_lx "/%#x] %s\n",
-                           cpu->cpu_index, tb->tc.ptr, cs_base, pc, flags,
-                           lookup_symbol(pc));
-    return tb->tc.ptr;
-}
-
 void HELPER(exit_atomic)(CPUArchState *env)
 {
     cpu_loop_exit_atomic(env_cpu(env), GETPC());
-- 
2.25.1

Now that we've moved helper_lookup_tb_ptr, the only user
of tb-lookup.h is cpu-exec.c; merge the contents in.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/tb-lookup.h | 49 -------------------------------------------
 accel/tcg/cpu-exec.c  | 31 ++++++++++++++++++++++++++-
 2 files changed, 30 insertions(+), 50 deletions(-)
 delete mode 100644 accel/tcg/tb-lookup.h

diff --git a/accel/tcg/tb-lookup.h b/accel/tcg/tb-lookup.h
deleted file mode 100644
index XXXXXXX..XXXXXXX
--- a/accel/tcg/tb-lookup.h
+++ /dev/null
@@ -XXX,XX +XXX,XX @@
-/*
- * Copyright (C) 2017, Emilio G. Cota <cota@braap.org>
- *
- * License: GNU GPL, version 2 or later.
- *   See the COPYING file in the top-level directory.
- */
-#ifndef EXEC_TB_LOOKUP_H
-#define EXEC_TB_LOOKUP_H
-
-#ifdef NEED_CPU_H
-#include "cpu.h"
-#else
-#include "exec/poison.h"
-#endif
-
-#include "exec/exec-all.h"
-#include "tb-hash.h"
-
-/* Might cause an exception, so have a longjmp destination ready */
-static inline TranslationBlock *tb_lookup(CPUState *cpu, target_ulong pc,
-                                          target_ulong cs_base,
-                                          uint32_t flags, uint32_t cflags)
-{
-    TranslationBlock *tb;
-    uint32_t hash;
-
-    /* we should never be trying to look up an INVALID tb */
-    tcg_debug_assert(!(cflags & CF_INVALID));
-
-    hash = tb_jmp_cache_hash_func(pc);
-    tb = qatomic_rcu_read(&cpu->tb_jmp_cache[hash]);
-
-    if (likely(tb &&
-               tb->pc == pc &&
-               tb->cs_base == cs_base &&
-               tb->flags == flags &&
-               tb->trace_vcpu_dstate == *cpu->trace_dstate &&
-               tb_cflags(tb) == cflags)) {
-        return tb;
-    }
-    tb = tb_htable_lookup(cpu, pc, cs_base, flags, cflags);
-    if (tb == NULL) {
-        return NULL;
-    }
-    qatomic_set(&cpu->tb_jmp_cache[hash], tb);
-    return tb;
-}
-
-#endif /* EXEC_TB_LOOKUP_H */
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -XXX,XX +XXX,XX @@
 #include "sysemu/replay.h"
 #include "exec/helper-proto.h"
 #include "tb-hash.h"
-#include "tb-lookup.h"
 #include "tb-context.h"
 #include "internal.h"
 
@@ -XXX,XX +XXX,XX @@ static void init_delay_params(SyncClocks *sc, const CPUState *cpu)
 }
 #endif /* CONFIG USER ONLY */
 
+/* Might cause an exception, so have a longjmp destination ready */
+static inline TranslationBlock *tb_lookup(CPUState *cpu, target_ulong pc,
+                                          target_ulong cs_base,
+                                          uint32_t flags, uint32_t cflags)
+{
+    TranslationBlock *tb;
+    uint32_t hash;
+
+    /* we should never be trying to look up an INVALID tb */
+    tcg_debug_assert(!(cflags & CF_INVALID));
+
+    hash = tb_jmp_cache_hash_func(pc);
+    tb = qatomic_rcu_read(&cpu->tb_jmp_cache[hash]);
+
+    if (likely(tb &&
+               tb->pc == pc &&
+               tb->cs_base == cs_base &&
+               tb->flags == flags &&
+               tb->trace_vcpu_dstate == *cpu->trace_dstate &&
+               tb_cflags(tb) == cflags)) {
+        return tb;
+    }
+    tb = tb_htable_lookup(cpu, pc, cs_base, flags, cflags);
+    if (tb == NULL) {
+        return NULL;
+    }
+    qatomic_set(&cpu->tb_jmp_cache[hash], tb);
+    return tb;
+}
+
 /**
  * helper_lookup_tb_ptr: quick check for next tb
  * @env: current cpu state
-- 
2.25.1

Split out CPU_LOG_EXEC and CPU_LOG_TB_CPU logging from
cpu_tb_exec to a new function.  Perform only one pc
range check after a combined mask check.

Use the new function in lookup_tb_ptr.  This enables
CPU_LOG_TB_CPU between indirectly chained tbs.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/cpu-exec.c | 61 ++++++++++++++++++++++++--------------------
 1 file changed, 34 insertions(+), 27 deletions(-)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -XXX,XX +XXX,XX @@ static inline TranslationBlock *tb_lookup(CPUState *cpu, target_ulong pc,
     return tb;
 }
 
+static inline void log_cpu_exec(target_ulong pc, CPUState *cpu,
+                                const TranslationBlock *tb)
+{
+    if (unlikely(qemu_loglevel_mask(CPU_LOG_TB_CPU | CPU_LOG_EXEC))
+        && qemu_log_in_addr_range(pc)) {
+
+        qemu_log_mask(CPU_LOG_EXEC,
+                      "Trace %d: %p [" TARGET_FMT_lx
+                      "/" TARGET_FMT_lx "/%#x] %s\n",
+                      cpu->cpu_index, tb->tc.ptr, tb->cs_base, pc, tb->flags,
+                      lookup_symbol(pc));
+
+#if defined(DEBUG_DISAS)
+        if (qemu_loglevel_mask(CPU_LOG_TB_CPU)) {
+            FILE *logfile = qemu_log_lock();
+            int flags = 0;
+
+            if (qemu_loglevel_mask(CPU_LOG_TB_FPU)) {
+                flags |= CPU_DUMP_FPU;
+            }
+#if defined(TARGET_I386)
+            flags |= CPU_DUMP_CCOP;
+#endif
+            log_cpu_state(cpu, flags);
+            qemu_log_unlock(logfile);
+        }
+#endif /* DEBUG_DISAS */
+    }
+}
+
 /**
  * helper_lookup_tb_ptr: quick check for next tb
  * @env: current cpu state
@@ -XXX,XX +XXX,XX @@ const void *HELPER(lookup_tb_ptr)(CPUArchState *env)
     if (tb == NULL) {
         return tcg_code_gen_epilogue;
     }
-    qemu_log_mask_and_addr(CPU_LOG_EXEC, pc,
-                           "Chain %d: %p ["
-                           TARGET_FMT_lx "/" TARGET_FMT_lx "/%#x] %s\n",
-                           cpu->cpu_index, tb->tc.ptr, cs_base, pc, flags,
-                           lookup_symbol(pc));
+
+    log_cpu_exec(pc, cpu, tb);
+
     return tb->tc.ptr;
 }
 
@@ -XXX,XX +XXX,XX @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit)
     TranslationBlock *last_tb;
     const void *tb_ptr = itb->tc.ptr;
 
-    qemu_log_mask_and_addr(CPU_LOG_EXEC, itb->pc,
-                           "Trace %d: %p ["
-                           TARGET_FMT_lx "/" TARGET_FMT_lx "/%#x] %s\n",
-                           cpu->cpu_index, itb->tc.ptr,
-                           itb->cs_base, itb->pc, itb->flags,
-                           lookup_symbol(itb->pc));
-
-#if defined(DEBUG_DISAS)
-    if (qemu_loglevel_mask(CPU_LOG_TB_CPU)
-        && qemu_log_in_addr_range(itb->pc)) {
-        FILE *logfile = qemu_log_lock();
-        int flags = 0;
-        if (qemu_loglevel_mask(CPU_LOG_TB_FPU)) {
-            flags |= CPU_DUMP_FPU;
-        }
-#if defined(TARGET_I386)
-        flags |= CPU_DUMP_CCOP;
-#endif
-        log_cpu_state(cpu, flags);
-        qemu_log_unlock(logfile);
-    }
-#endif /* DEBUG_DISAS */
+    log_cpu_exec(itb->pc, cpu, itb);
 
     qemu_thread_jit_execute();
     ret = tcg_qemu_tb_exec(env, tb_ptr);
-- 
2.25.1

Since 6eea04347eb6, all tcg backends support goto_ptr.
Remove the conditional, making support mandatory.

diff --git a/include/tcg/tcg-opc.h b/include/tcg/tcg-opc.h
index XXXXXXX..XXXXXXX 100644
--- a/include/tcg/tcg-opc.h
+++ b/include/tcg/tcg-opc.h
@@ -XXX,XX +XXX,XX @@ DEF(insn_start, 0, 0, TLADDR_ARGS * TARGET_INSN_START_WORDS,
     TCG_OPF_NOT_PRESENT)
 DEF(exit_tb, 0, 0, 1, TCG_OPF_BB_EXIT | TCG_OPF_BB_END)
 DEF(goto_tb, 0, 0, 1, TCG_OPF_BB_EXIT | TCG_OPF_BB_END)
-DEF(goto_ptr, 0, 1, 0,
-    TCG_OPF_BB_EXIT | TCG_OPF_BB_END | IMPL(TCG_TARGET_HAS_goto_ptr))
+DEF(goto_ptr, 0, 1, 0, TCG_OPF_BB_EXIT | TCG_OPF_BB_END)
 
 DEF(plugin_cb_start, 0, 0, 3, TCG_OPF_NOT_PRESENT)
 DEF(plugin_cb_end, 0, 0, 0, TCG_OPF_NOT_PRESENT)
diff --git a/tcg/aarch64/tcg-target.h b/tcg/aarch64/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/aarch64/tcg-target.h
+++ b/tcg/aarch64/tcg-target.h
@@ -XXX,XX +XXX,XX @@ typedef enum {
 #define TCG_TARGET_HAS_mulsh_i32        0
 #define TCG_TARGET_HAS_extrl_i64_i32    0
 #define TCG_TARGET_HAS_extrh_i64_i32    0
-#define TCG_TARGET_HAS_goto_ptr         1
 #define TCG_TARGET_HAS_qemu_st8_i32     0
 
 #define TCG_TARGET_HAS_div_i64          1
diff --git a/tcg/arm/tcg-target.h b/tcg/arm/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/arm/tcg-target.h
+++ b/tcg/arm/tcg-target.h
@@ -XXX,XX +XXX,XX @@ extern bool use_neon_instructions;
 #define TCG_TARGET_HAS_mulsh_i32        0
 #define TCG_TARGET_HAS_div_i32          use_idiv_instructions
 #define TCG_TARGET_HAS_rem_i32          0
-#define TCG_TARGET_HAS_goto_ptr         1
 #define TCG_TARGET_HAS_direct_jump      0
 #define TCG_TARGET_HAS_qemu_st8_i32     0
 
diff --git a/tcg/i386/tcg-target.h b/tcg/i386/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/i386/tcg-target.h
+++ b/tcg/i386/tcg-target.h
@@ -XXX,XX +XXX,XX @@ extern bool have_movbe;
 #define TCG_TARGET_HAS_muls2_i32        1
 #define TCG_TARGET_HAS_muluh_i32        0
 #define TCG_TARGET_HAS_mulsh_i32        0
-#define TCG_TARGET_HAS_goto_ptr         1
 #define TCG_TARGET_HAS_direct_jump      1
 
 #if TCG_TARGET_REG_BITS == 64
diff --git a/tcg/mips/tcg-target.h b/tcg/mips/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/mips/tcg-target.h
+++ b/tcg/mips/tcg-target.h
@@ -XXX,XX +XXX,XX @@ extern bool use_mips32r2_instructions;
 #define TCG_TARGET_HAS_muluh_i32        1
 #define TCG_TARGET_HAS_mulsh_i32        1
 #define TCG_TARGET_HAS_bswap32_i32      1
-#define TCG_TARGET_HAS_goto_ptr         1
 #define TCG_TARGET_HAS_direct_jump      1
 
 #if TCG_TARGET_REG_BITS == 64
diff --git a/tcg/ppc/tcg-target.h b/tcg/ppc/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/ppc/tcg-target.h
+++ b/tcg/ppc/tcg-target.h
@@ -XXX,XX +XXX,XX @@ extern bool have_vsx;
 #define TCG_TARGET_HAS_muls2_i32        0
 #define TCG_TARGET_HAS_muluh_i32        1
 #define TCG_TARGET_HAS_mulsh_i32        1
-#define TCG_TARGET_HAS_goto_ptr         1
 #define TCG_TARGET_HAS_direct_jump      1
 #define TCG_TARGET_HAS_qemu_st8_i32     0
 
diff --git a/tcg/riscv/tcg-target.h b/tcg/riscv/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/riscv/tcg-target.h
+++ b/tcg/riscv/tcg-target.h
@@ -XXX,XX +XXX,XX @@ typedef enum {
 #define TCG_TARGET_CALL_STACK_OFFSET    0
 
 /* optional instructions */
-#define TCG_TARGET_HAS_goto_ptr         1
 #define TCG_TARGET_HAS_movcond_i32      0
 #define TCG_TARGET_HAS_div_i32          1
 #define TCG_TARGET_HAS_rem_i32          1
diff --git a/tcg/s390/tcg-target.h b/tcg/s390/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/s390/tcg-target.h
+++ b/tcg/s390/tcg-target.h
@@ -XXX,XX +XXX,XX @@ extern uint64_t s390_facilities;
 #define TCG_TARGET_HAS_mulsh_i32      0
 #define TCG_TARGET_HAS_extrl_i64_i32  0
 #define TCG_TARGET_HAS_extrh_i64_i32  0
-#define TCG_TARGET_HAS_goto_ptr       1
 #define TCG_TARGET_HAS_direct_jump    (s390_facilities & FACILITY_GEN_INST_EXT)
 #define TCG_TARGET_HAS_qemu_st8_i32   0
 
diff --git a/tcg/sparc/tcg-target.h b/tcg/sparc/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/sparc/tcg-target.h
+++ b/tcg/sparc/tcg-target.h
@@ -XXX,XX +XXX,XX @@ extern bool use_vis3_instructions;
 #define TCG_TARGET_HAS_muls2_i32        1
 #define TCG_TARGET_HAS_muluh_i32        0
 #define TCG_TARGET_HAS_mulsh_i32        0
-#define TCG_TARGET_HAS_goto_ptr         1
 #define TCG_TARGET_HAS_direct_jump      1
 #define TCG_TARGET_HAS_qemu_st8_i32     0
 
diff --git a/tcg/tci/tcg-target.h b/tcg/tci/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tci/tcg-target.h
+++ b/tcg/tci/tcg-target.h
@@ -XXX,XX +XXX,XX @@
 #define TCG_TARGET_HAS_muls2_i32        1
 #define TCG_TARGET_HAS_muluh_i32        0
 #define TCG_TARGET_HAS_mulsh_i32        0
-#define TCG_TARGET_HAS_goto_ptr         1
 #define TCG_TARGET_HAS_direct_jump      0
 #define TCG_TARGET_HAS_qemu_st8_i32     0
 
diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg-op.c
+++ b/tcg/tcg-op.c
@@ -XXX,XX +XXX,XX @@ void tcg_gen_goto_tb(unsigned idx)
 
 void tcg_gen_lookup_and_goto_ptr(void)
 {
-    if (TCG_TARGET_HAS_goto_ptr && !qemu_loglevel_mask(CPU_LOG_TB_NOCHAIN)) {
+    if (!qemu_loglevel_mask(CPU_LOG_TB_NOCHAIN)) {
         TCGv_ptr ptr;
 
         plugin_gen_disable_mem_helpers();
diff --git a/tcg/tcg.c b/tcg/tcg.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -XXX,XX +XXX,XX @@ void tcg_prologue_init(TCGContext *s)
      * For tci, we use NULL as the signal to return from the interpreter,
      * so skip this check.
      */
-    if (TCG_TARGET_HAS_goto_ptr) {
-        tcg_debug_assert(tcg_code_gen_epilogue != NULL);
-    }
+    tcg_debug_assert(tcg_code_gen_epilogue != NULL);
 #endif
 
     tcg_region_prologue_set(s);
@@ -XXX,XX +XXX,XX @@ bool tcg_op_supported(TCGOpcode op)
     case INDEX_op_insn_start:
     case INDEX_op_exit_tb:
     case INDEX_op_goto_tb:
+    case INDEX_op_goto_ptr:
     case INDEX_op_qemu_ld_i32:
     case INDEX_op_qemu_st_i32:
     case INDEX_op_qemu_ld_i64:
@@ -XXX,XX +XXX,XX @@ bool tcg_op_supported(TCGOpcode op)
     case INDEX_op_qemu_st8_i32:
         return TCG_TARGET_HAS_qemu_st8_i32;
 
-    case INDEX_op_goto_ptr:
-        return TCG_TARGET_HAS_goto_ptr;
-
     case INDEX_op_mov_i32:
     case INDEX_op_setcond_i32:
     case INDEX_op_brcond_i32:
-- 
2.25.1

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 cpu.c        | 13 +++++++++----
 trace-events |  5 +++++
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/cpu.c b/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/cpu.c
+++ b/cpu.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/translate-all.h"
 #include "exec/log.h"
 #include "hw/core/accel-cpu.h"
+#include "trace/trace-root.h"
 
 uintptr_t qemu_host_page_size;
 intptr_t qemu_host_page_mask;
@@ -XXX,XX +XXX,XX @@ int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
     if (breakpoint) {
         *breakpoint = bp;
     }
+
+    trace_breakpoint_insert(cpu->cpu_index, pc, flags);
     return 0;
 }
 
@@ -XXX,XX +XXX,XX @@ int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
 }
 
 /* Remove a specific breakpoint by reference.  */
-void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
+void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *bp)
 {
-    QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
+    QTAILQ_REMOVE(&cpu->breakpoints, bp, entry);
 
-    breakpoint_invalidate(cpu, breakpoint->pc);
+    breakpoint_invalidate(cpu, bp->pc);
 
-    g_free(breakpoint);
+    trace_breakpoint_remove(cpu->cpu_index, bp->pc, bp->flags);
+    g_free(bp);
 }
 
 /* Remove all matching breakpoints. */
@@ -XXX,XX +XXX,XX @@ void cpu_single_step(CPUState *cpu, int enabled)
             /* XXX: only flush what is necessary */
             tb_flush(cpu);
         }
+        trace_breakpoint_singlestep(cpu->cpu_index, enabled);
     }
 }
 
diff --git a/trace-events b/trace-events
index XXXXXXX..XXXXXXX 100644
--- a/trace-events
+++ b/trace-events
@@ -XXX,XX +XXX,XX @@
 #
 # The <format-string> should be a sprintf()-compatible format string.
 
+# cpu.c
+breakpoint_insert(int cpu_index, uint64_t pc, int flags) "cpu=%d pc=0x%" PRIx64 " flags=0x%x"
+breakpoint_remove(int cpu_index, uint64_t pc, int flags) "cpu=%d pc=0x%" PRIx64 " flags=0x%x"
+breakpoint_singlestep(int cpu_index, int enabled) "cpu=%d enable=%d"
+
 # dma-helpers.c
 dma_blk_io(void *dbs, void *bs, int64_t offset, bool to_dev) "dbs=%p bs=%p offset=%" PRId64 " to_dev=%d"
 dma_aio_cancel(void *dbs) "dbs=%p"
-- 
2.25.1

v2: Remove poisoned symbol CONFIG_RISCV_DIS from disas.c.
    Wasn't visible from x86 with gcc or clang;
    was visible from macos clang;
    was visible from native riscv clang.

The following changes since commit fff86d48a2cdcdfa75f845cac3e0d3cdd848d9e4:

Merge tag 'migration-20230509-pull-request' of https://gitlab.com/juan.quintela/qemu into staging (2023-05-11 05:55:12 +0100)

are available in the Git repository at:

https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20230511-2

for you to fetch changes up to 335dfd253fc242b009a1b9b5d4fffbf4ea52928d:

target/loongarch: Do not include tcg-ldst.h (2023-05-11 09:53:41 +0100)

----------------------------------------------------------------
target/m68k: Fix gen_load_fp regression
accel/tcg: Ensure fairness with icount
disas: Move disas.c into the target-independent source sets
tcg: Use common routines for calling slow path helpers
tcg/*: Cleanups to qemu_ld/st constraints
tcg: Remove TARGET_ALIGNED_ONLY
accel/tcg: Reorg system mode load/store helpers

----------------------------------------------------------------
Jamie Iles (2):
      cpu: expose qemu_cpu_list_lock for lock-guard use
      accel/tcg/tcg-accel-ops-rr: ensure fairness with icount

Richard Henderson (49):
      target/m68k: Fix gen_load_fp for OS_LONG
      accel/tcg: Fix atomic_mmu_lookup for reads
      disas: Fix tabs and braces in disas.c
      disas: Move disas.c to disas/
      disas: Remove target_ulong from the interface
      disas: Remove target-specific headers
      tcg/i386: Introduce prepare_host_addr
      tcg/i386: Use indexed addressing for softmmu fast path
      tcg/aarch64: Introduce prepare_host_addr
      tcg/arm: Introduce prepare_host_addr
      tcg/loongarch64: Introduce prepare_host_addr
      tcg/mips: Introduce prepare_host_addr
      tcg/ppc: Introduce prepare_host_addr
      tcg/riscv: Introduce prepare_host_addr
      tcg/s390x: Introduce prepare_host_addr
      tcg: Add routines for calling slow-path helpers
      tcg/i386: Convert tcg_out_qemu_ld_slow_path
      tcg/i386: Convert tcg_out_qemu_st_slow_path
      tcg/aarch64: Convert tcg_out_qemu_{ld,st}_slow_path
      tcg/arm: Convert tcg_out_qemu_{ld,st}_slow_path
      tcg/loongarch64: Convert tcg_out_qemu_{ld,st}_slow_path
      tcg/mips: Convert tcg_out_qemu_{ld,st}_slow_path
      tcg/ppc: Convert tcg_out_qemu_{ld,st}_slow_path
      tcg/riscv: Convert tcg_out_qemu_{ld,st}_slow_path
      tcg/s390x: Convert tcg_out_qemu_{ld,st}_slow_path
      tcg/loongarch64: Simplify constraints on qemu_ld/st
      tcg/mips: Remove MO_BSWAP handling
      tcg/mips: Reorg tlb load within prepare_host_addr
      tcg/mips: Simplify constraints on qemu_ld/st
      tcg/ppc: Reorg tcg_out_tlb_read
      tcg/ppc: Adjust constraints on qemu_ld/st
      tcg/ppc: Remove unused constraints A, B, C, D
      tcg/ppc: Remove unused constraint J
      tcg/riscv: Simplify constraints on qemu_ld/st
      tcg/s390x: Use ALGFR in constructing softmmu host address
      tcg/s390x: Simplify constraints on qemu_ld/st
      target/mips: Add MO_ALIGN to gen_llwp, gen_scwp
      target/mips: Add missing default_tcg_memop_mask
      target/mips: Use MO_ALIGN instead of 0
      target/mips: Remove TARGET_ALIGNED_ONLY
      target/nios2: Remove TARGET_ALIGNED_ONLY
      target/sh4: Use MO_ALIGN where required
      target/sh4: Remove TARGET_ALIGNED_ONLY
      tcg: Remove TARGET_ALIGNED_ONLY
      accel/tcg: Add cpu_in_serial_context
      accel/tcg: Introduce tlb_read_idx
      accel/tcg: Reorg system mode load helpers
      accel/tcg: Reorg system mode store helpers
      target/loongarch: Do not include tcg-ldst.h

Thomas Huth (2):
      disas: Move softmmu specific code to separate file
      disas: Move disas.c into the target-independent source set

From: Thomas Huth <thuth@redhat.com>

Use target_words_bigendian() instead of an ifdef.

Remove CONFIG_RISCV_DIS from the check for riscv as a host; this is
a poisoned identifier, and anyway will always be set by meson.build
when building on a riscv host.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230508133745.109463-3-thuth@redhat.com>
[rth: Type change done in a separate patch]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 disas/disas.c     | 12 ++++++------
 disas/meson.build |  3 ++-
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/disas/disas.c b/disas/disas.c
index XXXXXXX..XXXXXXX 100644
--- a/disas/disas.c
+++ b/disas/disas.c
@@ -XXX,XX +XXX,XX @@ void disas_initialize_debug_target(CPUDebug *s, CPUState *cpu)
     s->cpu = cpu;
     s->info.read_memory_func = target_read_memory;
     s->info.print_address_func = print_address;
-#if TARGET_BIG_ENDIAN
-    s->info.endian = BFD_ENDIAN_BIG;
-#else
-    s->info.endian = BFD_ENDIAN_LITTLE;
-#endif
+    if (target_words_bigendian()) {
+        s->info.endian = BFD_ENDIAN_BIG;
+    } else {
+        s->info.endian =  BFD_ENDIAN_LITTLE;
+    }
 
     CPUClass *cc = CPU_GET_CLASS(cpu);
     if (cc->disas_set_info) {
@@ -XXX,XX +XXX,XX @@ static void initialize_debug_host(CPUDebug *s)
 # ifdef _ARCH_PPC64
     s->info.cap_mode = CS_MODE_64;
 # endif
-#elif defined(__riscv) && defined(CONFIG_RISCV_DIS)
+#elif defined(__riscv)
 #if defined(_ILP32) || (__riscv_xlen == 32)
     s->info.print_insn = print_insn_riscv32;
 #elif defined(_LP64)
diff --git a/disas/meson.build b/disas/meson.build
index XXXXXXX..XXXXXXX 100644
--- a/disas/meson.build
+++ b/disas/meson.build
@@ -XXX,XX +XXX,XX @@ common_ss.add(when: 'CONFIG_SH4_DIS', if_true: files('sh4.c'))
 common_ss.add(when: 'CONFIG_SPARC_DIS', if_true: files('sparc.c'))
 common_ss.add(when: 'CONFIG_XTENSA_DIS', if_true: files('xtensa.c'))
 common_ss.add(when: capstone, if_true: [files('capstone.c'), capstone])
+common_ss.add(files('disas.c'))
 
 softmmu_ss.add(files('disas-mon.c'))
-specific_ss.add(files('disas.c'), capstone)
+specific_ss.add(capstone)
-- 
2.34.1