Series comparison

-[PULL 00/28] tcg patch queue
+[PULL 00/20] tcg patch queue
-The following changes since commit e3acc2c1961cbe22ca474cd5da4163b7bbf7cea3:
+TCG patch queue, plus one target/sh4 patch that
 Yoshinori Sato asked me to process.
-  tests/docker/dockerfiles: Bump fedora-i386-cross to fedora 34 (2021-10-05 16:40:39 -0700)
 r~
 The following changes since commit efbf38d73e5dcc4d5f8b98c6e7a12be1f3b91745:
   Merge tag 'for-upstream' of git://repo.or.cz/qemu/kevin into staging (2022-10-03 15:06:07 -0400)
 are available in the Git repository at:
-  https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20211006
+  https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20221004
-for you to fetch changes up to ea3f2af8f1b87d7bced9b75ef2e788b66ec49961:
+for you to fetch changes up to ab419fd8a035a65942de4e63effcd55ccbf1a9fe:
-  tcg/s390x: Implement TCG_TARGET_HAS_cmpsel_vec (2021-10-05 16:53:17 -0700)
+  target/sh4: Fix TB_FLAG_UNALIGN (2022-10-04 12:33:05 -0700)
 ----------------------------------------------------------------
-More fixes for fedora-i386-cross
+Cache CPUClass for use in hot code paths.
-Add dup_const_tl
+Add CPUTLBEntryFull, probe_access_full, tlb_set_page_full.
-Expand MemOp MO_SIZE
+Add generic support for TARGET_TB_PCREL.
-Move MemOpIdx out of tcg.h
+tcg/ppc: Optimize 26-bit jumps using STQ for POWER 2.07
-Vector support for tcg/s390x
+target/sh4: Fix TB_FLAG_UNALIGN
 ----------------------------------------------------------------
-Philipp Tomsich (1):
+Alex Bennée (3):
-      tcg: add dup_const_tl wrapper
+      cpu: cache CPUClass in CPUState for hot code paths
       hw/core/cpu-sysemu: used cached class in cpu_asidx_from_attrs
       cputlb: used cached CPUClass in our hot-paths
-Richard Henderson (27):
+Leandro Lupori (1):
-      tests/docker: Remove fedora-i386-cross from DOCKER_PARTIAL_IMAGES
+      tcg/ppc: Optimize 26-bit jumps
       tests/docker: Fix fedora-i386-cross cross-compilation
       accel/tcg: Drop signness in tracing in cputlb.c
       tcg: Expand MO_SIZE to 3 bits
       tcg: Rename TCGMemOpIdx to MemOpIdx
       tcg: Split out MemOpIdx to exec/memopidx.h
       trace/mem: Pass MemOpIdx to trace_mem_get_info
       accel/tcg: Pass MemOpIdx to atomic_trace_*_post
       plugins: Reorg arguments to qemu_plugin_vcpu_mem_cb
       trace: Split guest_mem_before
       hw/core/cpu: Re-sort the non-pointers to the end of CPUClass
       tcg: Expand usadd/ussub with umin/umax
       tcg/s390x: Rename from tcg/s390
       tcg/s390x: Change FACILITY representation
       tcg/s390x: Merge TCG_AREG0 and TCG_REG_CALL_STACK into TCGReg
       tcg/s390x: Add host vector framework
       tcg/s390x: Implement tcg_out_ld/st for vector types
       tcg/s390x: Implement tcg_out_mov for vector types
       tcg/s390x: Implement tcg_out_dup*_vec
       tcg/s390x: Implement minimal vector operations
       tcg/s390x: Implement andc, orc, abs, neg, not vector operations
       tcg/s390x: Implement TCG_TARGET_HAS_mul_vec
       tcg/s390x: Implement vector shift operations
       tcg/s390x: Implement TCG_TARGET_HAS_minmax_vec
       tcg/s390x: Implement TCG_TARGET_HAS_sat_vec
       tcg/s390x: Implement TCG_TARGET_HAS_bitsel_vec
       tcg/s390x: Implement TCG_TARGET_HAS_cmpsel_vec
- meson.build                                       |   2 -
+Richard Henderson (16):
- accel/tcg/atomic_template.h                       |  73 +-
+      accel/tcg: Rename CPUIOTLBEntry to CPUTLBEntryFull
- include/exec/memop.h                              |  14 +-
+      accel/tcg: Drop addr member from SavedIOTLB
- include/exec/memopidx.h                           |  55 ++
+      accel/tcg: Suppress auto-invalidate in probe_access_internal
- include/hw/core/cpu.h                             |  11 +-
+      accel/tcg: Introduce probe_access_full
- include/qemu/plugin.h                             |  26 +-
+      accel/tcg: Introduce tlb_set_page_full
- include/tcg/tcg.h                                 | 117 ++-
+      include/exec: Introduce TARGET_PAGE_ENTRY_EXTRA
- tcg/{s390 => s390x}/tcg-target-con-set.h          |   7 +
+      accel/tcg: Remove PageDesc code_bitmap
- tcg/{s390 => s390x}/tcg-target-con-str.h          |   1 +
+      accel/tcg: Use bool for page_find_alloc
- tcg/{s390 => s390x}/tcg-target.h                  |  91 ++-
+      accel/tcg: Use DisasContextBase in plugin_gen_tb_start
- tcg/s390x/tcg-target.opc.h                        |  15 +
+      accel/tcg: Do not align tb->page_addr[0]
- trace/mem.h                                       |  63 --
+      accel/tcg: Inline tb_flush_jmp_cache
- accel/tcg/cputlb.c                                | 103 ++-
+      include/hw/core: Create struct CPUJumpCache
- accel/tcg/plugin-gen.c                            |   5 +-
+      hw/core: Add CPUClass.get_pc
- accel/tcg/user-exec.c                             | 133 ++-
+      accel/tcg: Introduce tb_pc and log_pc
- plugins/api.c                                     |  19 +-
+      accel/tcg: Introduce TARGET_TB_PCREL
- plugins/core.c                                    |  10 +-
+      target/sh4: Fix TB_FLAG_UNALIGN
  target/arm/helper-a64.c                           |  16 +-
  target/arm/m_helper.c                             |   2 +-
  target/arm/translate-a64.c                        |   2 +-
  target/i386/tcg/mem_helper.c                      |   4 +-
  target/m68k/op_helper.c                           |   2 +-
  target/mips/tcg/msa_helper.c                      |   6 +-
  target/s390x/tcg/mem_helper.c                     |  20 +-
  target/sparc/ldst_helper.c                        |   2 +-
  tcg/optimize.c                                    |   2 +-
  tcg/tcg-op-vec.c                                  |  37 +-
  tcg/tcg-op.c                                      |  60 +-
  tcg/tcg.c                                         |   2 +-
  tcg/tci.c                                         |  14 +-
  accel/tcg/atomic_common.c.inc                     |  43 +-
  target/s390x/tcg/translate_vx.c.inc               |   2 +-
  tcg/aarch64/tcg-target.c.inc                      |  18 +-
  tcg/arm/tcg-target.c.inc                          |  14 +-
  tcg/i386/tcg-target.c.inc                         |  14 +-
  tcg/mips/tcg-target.c.inc                         |  16 +-
  tcg/ppc/tcg-target.c.inc                          |  18 +-
  tcg/riscv/tcg-target.c.inc                        |  20 +-
  tcg/{s390 => s390x}/tcg-target.c.inc              | 949 ++++++++++++++++++++--
  tcg/sparc/tcg-target.c.inc                        |  20 +-
  tcg/tcg-ldst.c.inc                                |   2 +-
  tests/docker/Makefile.include                     |   2 +-
  tests/docker/dockerfiles/fedora-i386-cross.docker |   5 +-
  trace-events                                      |  18 +-
 files changed, 1445 insertions(+), 610 deletions(-)
  create mode 100644 include/exec/memopidx.h
  rename tcg/{s390 => s390x}/tcg-target-con-set.h (86%)
  rename tcg/{s390 => s390x}/tcg-target-con-str.h (96%)
  rename tcg/{s390 => s390x}/tcg-target.h (66%)
  create mode 100644 tcg/s390x/tcg-target.opc.h
  delete mode 100644 trace/mem.h
  rename tcg/{s390 => s390x}/tcg-target.c.inc (73%)
+ accel/tcg/internal.h                    |  10 ++
+ accel/tcg/tb-hash.h                     |   1 +
+ accel/tcg/tb-jmp-cache.h                |  65 ++++++++
+ include/exec/cpu-common.h               |   1 +
+ include/exec/cpu-defs.h                 |  48 ++++--
+ include/exec/exec-all.h                 |  75 ++++++++-
+ include/exec/plugin-gen.h               |   7 +-
+ include/hw/core/cpu.h                   |  28 ++--
+ include/qemu/typedefs.h                 |   2 +
+ include/tcg/tcg.h                       |   2 +-
+ target/sh4/cpu.h                        |  56 ++++---
+ accel/stubs/tcg-stub.c                  |   4 +
+ accel/tcg/cpu-exec.c                    |  80 +++++-----
+ accel/tcg/cputlb.c                      | 259 ++++++++++++++++++--------------
+ accel/tcg/plugin-gen.c                  |  22 +--
+ accel/tcg/translate-all.c               | 214 ++++++++++++--------------
+ accel/tcg/translator.c                  |   2 +-
+ cpu.c                                   |   9 +-
+ hw/core/cpu-common.c                    |   3 +-
+ hw/core/cpu-sysemu.c                    |   5 +-
+ linux-user/sh4/signal.c                 |   6 +-
+ plugins/core.c                          |   2 +-
+ target/alpha/cpu.c                      |   9 ++
+ target/arm/cpu.c                        |  17 ++-
+ target/arm/mte_helper.c                 |  14 +-
+ target/arm/sve_helper.c                 |   4 +-
+ target/arm/translate-a64.c              |   2 +-
+ target/avr/cpu.c                        |  10 +-
+ target/cris/cpu.c                       |   8 +
+ target/hexagon/cpu.c                    |  10 +-
+ target/hppa/cpu.c                       |  12 +-
+ target/i386/cpu.c                       |   9 ++
+ target/i386/tcg/tcg-cpu.c               |   2 +-
+ target/loongarch/cpu.c                  |  11 +-
+ target/m68k/cpu.c                       |   8 +
+ target/microblaze/cpu.c                 |  10 +-
+ target/mips/cpu.c                       |   8 +
+ target/mips/tcg/exception.c             |   2 +-
+ target/mips/tcg/sysemu/special_helper.c |   2 +-
+ target/nios2/cpu.c                      |   9 ++
+ target/openrisc/cpu.c                   |  10 +-
+ target/ppc/cpu_init.c                   |   8 +
+ target/riscv/cpu.c                      |  17 ++-
+ target/rx/cpu.c                         |  10 +-
+ target/s390x/cpu.c                      |   8 +
+ target/s390x/tcg/mem_helper.c           |   4 -
+ target/sh4/cpu.c                        |  18 ++-
+ target/sh4/helper.c                     |   6 +-
+ target/sh4/translate.c                  |  90 +++++------
+ target/sparc/cpu.c                      |  10 +-
+ target/tricore/cpu.c                    |  11 +-
+ target/xtensa/cpu.c                     |   8 +
+ tcg/tcg.c                               |   8 +-
+ trace/control-target.c                  |   2 +-
+ tcg/ppc/tcg-target.c.inc                | 119 +++++++++++----
+files changed, 915 insertions(+), 462 deletions(-)
+ create mode 100644 accel/tcg/tb-jmp-cache.h

-[PULL 01/28] tests/docker: Remove fedora-i386-cross from DOCKER_PARTIAL_IMAGES
+Deleted patch
-The image was upgraded to a full image in ee381b7fe146.
-This makes it possible to use docker-test@image syntax
-with this container.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-Message-Id: <20210930163636.721311-2-richard.henderson@linaro.org>
----
- tests/docker/Makefile.include | 2 +-
-file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
-index XXXXXXX..XXXXXXX 100644
---- a/tests/docker/Makefile.include
-+++ b/tests/docker/Makefile.include
-@@ -XXX,XX +XXX,XX @@ DOCKER_PARTIAL_IMAGES += debian-riscv64-cross
- DOCKER_PARTIAL_IMAGES += debian-sh4-cross debian-sparc64-cross
- DOCKER_PARTIAL_IMAGES += debian-tricore-cross
- DOCKER_PARTIAL_IMAGES += debian-xtensa-cross
--DOCKER_PARTIAL_IMAGES += fedora-i386-cross fedora-cris-cross
-+DOCKER_PARTIAL_IMAGES += fedora-cris-cross
- # Rules for building linux-user powered images
- #
---
-.25.1

-[PULL 02/28] tests/docker: Fix fedora-i386-cross cross-compilation
+Deleted patch
-By using PKG_CONFIG_PATH instead of PKG_CONFIG_LIBDIR,
-we were still including the 64-bit packages.  Install
-pcre-devel.i686 to fill a missing glib2 dependency.
-By using --extra-cflags instead of --cpu, we incorrectly
-use the wrong probing during meson.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-Message-Id: <20210930163636.721311-3-richard.henderson@linaro.org>
----
- tests/docker/dockerfiles/fedora-i386-cross.docker | 5 +++--
-file changed, 3 insertions(+), 2 deletions(-)
-diff --git a/tests/docker/dockerfiles/fedora-i386-cross.docker b/tests/docker/dockerfiles/fedora-i386-cross.docker
-index XXXXXXX..XXXXXXX 100644
---- a/tests/docker/dockerfiles/fedora-i386-cross.docker
-+++ b/tests/docker/dockerfiles/fedora-i386-cross.docker
-@@ -XXX,XX +XXX,XX @@ ENV PACKAGES \
-     glibc-static.i686 \
-     gnutls-devel.i686 \
-     nettle-devel.i686 \
-+    pcre-devel.i686 \
-     perl-Test-Harness \
-     pixman-devel.i686 \
-     sysprof-capture-devel.i686 \
-     zlib-devel.i686
--ENV QEMU_CONFIGURE_OPTS --extra-cflags=-m32 --disable-vhost-user
--ENV PKG_CONFIG_PATH /usr/lib/pkgconfig
-+ENV QEMU_CONFIGURE_OPTS --cpu=i386 --disable-vhost-user
-+ENV PKG_CONFIG_LIBDIR /usr/lib/pkgconfig
- RUN dnf update -y && dnf install -y $PACKAGES
- RUN rpm -q $PACKAGES | sort > /packages.txt
---
-.25.1

-[PULL 19/28] tcg/s390x: Implement tcg_out_mov for vector types
+[PULL 01/20] cpu: cache CPUClass in CPUState for hot code paths
-Reviewed-by: David Hildenbrand <david@redhat.com>
+From: Alex Bennée <alex.bennee@linaro.org>
 The class cast checkers are quite expensive and always on (unlike the
 dynamic case who's checks are gated by CONFIG_QOM_CAST_DEBUG). To
 avoid the overhead of repeatedly checking something which should never
 change we cache the CPUClass reference for use in the hot code paths.
 Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
 Message-Id: <20220811151413.3350684-3-alex.bennee@linaro.org>
 Signed-off-by: Cédric Le Goater <clg@kaod.org>
 Message-Id: <20220923084803.498337-3-clg@kaod.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- tcg/s390x/tcg-target.c.inc | 72 +++++++++++++++++++++++++++++++++++---
+ include/hw/core/cpu.h | 9 +++++++++
-file changed, 68 insertions(+), 4 deletions(-)
+ cpu.c                 | 9 ++++-----
 files changed, 13 insertions(+), 5 deletions(-)
-diff --git a/tcg/s390x/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
+diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
 index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390x/tcg-target.c.inc
+--- a/include/hw/core/cpu.h
-+++ b/tcg/s390x/tcg-target.c.inc
++++ b/include/hw/core/cpu.h
-@@ -XXX,XX +XXX,XX @@ typedef enum S390Opcode {
+@@ -XXX,XX +XXX,XX @@ typedef int (*WriteCoreDumpFunction)(const void *buf, size_t size,
-     RX_STC      = 0x42,
+  */
-     RX_STH      = 0x40,
+ #define CPU(obj) ((CPUState *)(obj))
-+    VRRa_VLR    = 0xe756,
++/*
-+
++ * The class checkers bring in CPU_GET_CLASS() which is potentially
-+    VRSb_VLVG   = 0xe722,
++ * expensive given the eventual call to
-+    VRSc_VLGV   = 0xe721,
++ * object_class_dynamic_cast_assert(). Because of this the CPUState
-+
++ * has a cached value for the class in cs->cc which is set up in
-     VRX_VL      = 0xe706,
++ * cpu_exec_realizefn() for use in hot code paths.
-     VRX_VLLEZ   = 0xe704,
++ */
-     VRX_VST     = 0xe70e,
+ typedef struct CPUClass CPUClass;
-@@ -XXX,XX +XXX,XX @@ static int RXB(TCGReg v1, TCGReg v2, TCGReg v3, TCGReg v4)
+ DECLARE_CLASS_CHECKERS(CPUClass, CPU,
-          | ((v4 & 0x10) << (4 + 0));
+                        TYPE_CPU)
- }
+@@ -XXX,XX +XXX,XX @@ struct qemu_work_item;
+ struct CPUState {
-+static void tcg_out_insn_VRRa(TCGContext *s, S390Opcode op,
+     /*< private >*/
-+                              TCGReg v1, TCGReg v2, int m3)
+     DeviceState parent_obj;
-+{
++    /* cache to avoid expensive CPU_GET_CLASS */
-+    tcg_debug_assert(is_vector_reg(v1));
++    CPUClass *cc;
-+    tcg_debug_assert(is_vector_reg(v2));
+     /*< public >*/
-+    tcg_out16(s, (op & 0xff00) | ((v1 & 0xf) << 4) | (v2 & 0xf));
-+    tcg_out32(s, (op & 0x00ff) | RXB(v1, v2, 0, 0) | (m3 << 12));
+     int nr_cores;
-+}
+diff --git a/cpu.c b/cpu.c
-+
+index XXXXXXX..XXXXXXX 100644
-+static void tcg_out_insn_VRSb(TCGContext *s, S390Opcode op, TCGReg v1,
+--- a/cpu.c
-+                              intptr_t d2, TCGReg b2, TCGReg r3, int m4)
++++ b/cpu.c
-+{
+@@ -XXX,XX +XXX,XX @@ const VMStateDescription vmstate_cpu_common = {
-+    tcg_debug_assert(is_vector_reg(v1));
-+    tcg_debug_assert(d2 >= 0 && d2 <= 0xfff);
+ void cpu_exec_realizefn(CPUState *cpu, Error **errp)
 +    tcg_debug_assert(is_general_reg(b2));
 +    tcg_debug_assert(is_general_reg(r3));
 +    tcg_out16(s, (op & 0xff00) | ((v1 & 0xf) << 4) | r3);
 +    tcg_out16(s, b2 << 12 | d2);
 +    tcg_out16(s, (op & 0x00ff) | RXB(v1, 0, 0, 0) | (m4 << 12));
 +}
 +
 +static void tcg_out_insn_VRSc(TCGContext *s, S390Opcode op, TCGReg r1,
 +                              intptr_t d2, TCGReg b2, TCGReg v3, int m4)
 +{
 +    tcg_debug_assert(is_general_reg(r1));
 +    tcg_debug_assert(d2 >= 0 && d2 <= 0xfff);
 +    tcg_debug_assert(is_general_reg(b2));
 +    tcg_debug_assert(is_vector_reg(v3));
 +    tcg_out16(s, (op & 0xff00) | (r1 << 4) | (v3 & 0xf));
 +    tcg_out16(s, b2 << 12 | d2);
 +    tcg_out16(s, (op & 0x00ff) | RXB(0, 0, v3, 0) | (m4 << 12));
 +}
 +
  static void tcg_out_insn_VRX(TCGContext *s, S390Opcode op, TCGReg v1,
                               TCGReg b2, TCGReg x2, intptr_t d2, int m3)
  {
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_sh32(TCGContext* s, S390Opcode op, TCGReg dest,
+-#ifndef CONFIG_USER_ONLY
+-    CPUClass *cc = CPU_GET_CLASS(cpu);
- static bool tcg_out_mov(TCGContext *s, TCGType type, TCGReg dst, TCGReg src)
+-#endif
- {
++    /* cache the cpu class for the hotpath */
--    if (src != dst) {
++    cpu->cc = CPU_GET_CLASS(cpu);
--        if (type == TCG_TYPE_I32) {
-+    if (src == dst) {
+     cpu_list_add(cpu);
-+        return true;
+     if (!accel_cpu_realizefn(cpu, errp)) {
-+    }
+@@ -XXX,XX +XXX,XX @@ void cpu_exec_realizefn(CPUState *cpu, Error **errp)
-+    switch (type) {
+     if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
-+    case TCG_TYPE_I32:
+         vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
 +        if (likely(is_general_reg(dst) && is_general_reg(src))) {
              tcg_out_insn(s, RR, LR, dst, src);
 -        } else {
 -            tcg_out_insn(s, RRE, LGR, dst, src);
 +            break;
          }
 +        /* fallthru */
 +
 +    case TCG_TYPE_I64:
 +        if (likely(is_general_reg(dst))) {
 +            if (likely(is_general_reg(src))) {
 +                tcg_out_insn(s, RRE, LGR, dst, src);
 +            } else {
 +                tcg_out_insn(s, VRSc, VLGV, dst, 0, 0, src, 3);
 +            }
 +            break;
 +        } else if (is_general_reg(src)) {
 +            tcg_out_insn(s, VRSb, VLVG, dst, 0, 0, src, 3);
 +            break;
 +        }
 +        /* fallthru */
 +
 +    case TCG_TYPE_V64:
 +    case TCG_TYPE_V128:
 +        tcg_out_insn(s, VRRa, VLR, dst, src, 0);
 +        break;
 +
 +    default:
 +        g_assert_not_reached();
      }
-     return true;
+-    if (cc->sysemu_ops->legacy_vmsd != NULL) {
 -        vmstate_register(NULL, cpu->cpu_index, cc->sysemu_ops->legacy_vmsd, cpu);
 +    if (cpu->cc->sysemu_ops->legacy_vmsd != NULL) {
 +        vmstate_register(NULL, cpu->cpu_index, cpu->cc->sysemu_ops->legacy_vmsd, cpu);
      }
  #endif /* CONFIG_USER_ONLY */
  }
 --
-.25.1
+.34.1

-[PULL 28/28] tcg/s390x: Implement TCG_TARGET_HAS_cmpsel_vec
+[PULL 02/20] hw/core/cpu-sysemu: used cached class in cpu_asidx_from_attrs
-This is via expansion; don't actually set TCG_TARGET_HAS_cmpsel_vec.
+From: Alex Bennée <alex.bennee@linaro.org>
+This is a heavily used function so lets avoid the cost of
+CPU_GET_CLASS. On the romulus-bmc run it has a modest effect:
+  Before: 36.812 s ±  0.506 s
+  After:  35.912 s ±  0.168 s
+Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Message-Id: <20220811151413.3350684-4-alex.bennee@linaro.org>
+Signed-off-by: Cédric Le Goater <clg@kaod.org>
+Message-Id: <20220923084803.498337-4-clg@kaod.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- tcg/s390x/tcg-target.c.inc | 24 +++++++++++++++++++++++-
+ hw/core/cpu-sysemu.c | 5 ++---
-file changed, 23 insertions(+), 1 deletion(-)
+file changed, 2 insertions(+), 3 deletions(-)
-diff --git a/tcg/s390x/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
+diff --git a/hw/core/cpu-sysemu.c b/hw/core/cpu-sysemu.c
 index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390x/tcg-target.c.inc
+--- a/hw/core/cpu-sysemu.c
-+++ b/tcg/s390x/tcg-target.c.inc
++++ b/hw/core/cpu-sysemu.c
-@@ -XXX,XX +XXX,XX @@ int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, unsigned vece)
+@@ -XXX,XX +XXX,XX @@ hwaddr cpu_get_phys_page_debug(CPUState *cpu, vaddr addr)
-     case INDEX_op_xor_vec:
-         return 1;
+ int cpu_asidx_from_attrs(CPUState *cpu, MemTxAttrs attrs)
-     case INDEX_op_cmp_vec:
+ {
-+    case INDEX_op_cmpsel_vec:
+-    CPUClass *cc = CPU_GET_CLASS(cpu);
-     case INDEX_op_rotrv_vec:
+     int ret = 0;
-         return -1;
-     case INDEX_op_mul_vec:
+-    if (cc->sysemu_ops->asidx_from_attrs) {
-@@ -XXX,XX +XXX,XX @@ static void expand_vec_cmp(TCGType type, unsigned vece, TCGv_vec v0,
+-        ret = cc->sysemu_ops->asidx_from_attrs(cpu, attrs);
 +    if (cpu->cc->sysemu_ops->asidx_from_attrs) {
 +        ret = cpu->cc->sysemu_ops->asidx_from_attrs(cpu, attrs);
          assert(ret < cpu->num_ases && ret >= 0);
      }
- }
+     return ret;
 +static void expand_vec_cmpsel(TCGType type, unsigned vece, TCGv_vec v0,
 +                              TCGv_vec c1, TCGv_vec c2,
 +                              TCGv_vec v3, TCGv_vec v4, TCGCond cond)
 +{
 +    TCGv_vec t = tcg_temp_new_vec(type);
 +
 +    if (expand_vec_cmp_noinv(type, vece, t, c1, c2, cond)) {
 +        /* Invert the sense of the compare by swapping arguments.  */
 +        tcg_gen_bitsel_vec(vece, v0, t, v4, v3);
 +    } else {
 +        tcg_gen_bitsel_vec(vece, v0, t, v3, v4);
 +    }
 +    tcg_temp_free_vec(t);
 +}
 +
  static void expand_vec_sat(TCGType type, unsigned vece, TCGv_vec v0,
                             TCGv_vec v1, TCGv_vec v2, TCGOpcode add_sub_opc)
  {
@@ -XXX,XX +XXX,XX @@ void tcg_expand_vec_op(TCGOpcode opc, TCGType type, unsigned vece,
                         TCGArg a0, ...)
  {
      va_list va;
 -    TCGv_vec v0, v1, v2, t0;
 +    TCGv_vec v0, v1, v2, v3, v4, t0;
      va_start(va, a0);
      v0 = temp_tcgv_vec(arg_temp(a0));
@@ -XXX,XX +XXX,XX @@ void tcg_expand_vec_op(TCGOpcode opc, TCGType type, unsigned vece,
          expand_vec_cmp(type, vece, v0, v1, v2, va_arg(va, TCGArg));
          break;
 +    case INDEX_op_cmpsel_vec:
 +        v3 = temp_tcgv_vec(arg_temp(va_arg(va, TCGArg)));
 +        v4 = temp_tcgv_vec(arg_temp(va_arg(va, TCGArg)));
 +        expand_vec_cmpsel(type, vece, v0, v1, v2, v3, v4, va_arg(va, TCGArg));
 +        break;
 +
      case INDEX_op_rotrv_vec:
          t0 = tcg_temp_new_vec(type);
          tcg_gen_neg_vec(vece, t0, v2);
 --
-.25.1
+.34.1

-[PULL 04/28] accel/tcg: Drop signness in tracing in cputlb.c
+[PULL 03/20] cputlb: used cached CPUClass in our hot-paths
-We are already inconsistent about whether or not
+From: Alex Bennée <alex.bennee@linaro.org>
 MO_SIGN is set in trace_mem_get_info.  Dropping it
 entirely allows some simplification.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
+Before: 35.912 s ±  0.168 s
   After: 35.565 s ±  0.087 s
 Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
 Message-Id: <20220811151413.3350684-5-alex.bennee@linaro.org>
 Signed-off-by: Cédric Le Goater <clg@kaod.org>
 Message-Id: <20220923084803.498337-5-clg@kaod.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- accel/tcg/cputlb.c    | 10 +++-------
+ accel/tcg/cputlb.c | 15 ++++++---------
- accel/tcg/user-exec.c | 45 ++++++-------------------------------------
+file changed, 6 insertions(+), 9 deletions(-)
 files changed, 9 insertions(+), 46 deletions(-)
 diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/cputlb.c
 +++ b/accel/tcg/cputlb.c
-@@ -XXX,XX +XXX,XX @@ static inline uint64_t cpu_load_helper(CPUArchState *env, abi_ptr addr,
+@@ -XXX,XX +XXX,XX @@ void tlb_set_page(CPUState *cpu, target_ulong vaddr,
-     meminfo = trace_mem_get_info(op, mmu_idx, false);
+ static void tlb_fill(CPUState *cpu, target_ulong addr, int size,
-     trace_guest_mem_before_exec(env_cpu(env), addr, meminfo);
+                      MMUAccessType access_type, int mmu_idx, uintptr_t retaddr)
 -    op &= ~MO_SIGN;
      oi = make_memop_idx(op, mmu_idx);
      ret = full_load(env, addr, oi, retaddr);
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr addr,
  int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
                         int mmu_idx, uintptr_t ra)
  {
--    return (int8_t)cpu_load_helper(env, addr, mmu_idx, ra, MO_SB,
+-    CPUClass *cc = CPU_GET_CLASS(cpu);
--                                   full_ldub_mmu);
+     bool ok;
-+    return (int8_t)cpu_ldub_mmuidx_ra(env, addr, mmu_idx, ra);
      /*
       * This is not a probe, so only valid return is success; failure
       * should result in exception + longjmp to the cpu loop.
       */
 -    ok = cc->tcg_ops->tlb_fill(cpu, addr, size,
 -                               access_type, mmu_idx, false, retaddr);
 +    ok = cpu->cc->tcg_ops->tlb_fill(cpu, addr, size,
 +                                    access_type, mmu_idx, false, retaddr);
      assert(ok);
  }
- uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+@@ -XXX,XX +XXX,XX @@ static inline void cpu_unaligned_access(CPUState *cpu, vaddr addr,
-@@ -XXX,XX +XXX,XX @@ uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+                                         MMUAccessType access_type,
- int cpu_ldsw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+                                         int mmu_idx, uintptr_t retaddr)
                            int mmu_idx, uintptr_t ra)
  {
--    return (int16_t)cpu_load_helper(env, addr, mmu_idx, ra, MO_BESW,
+-    CPUClass *cc = CPU_GET_CLASS(cpu);
--                                    full_be_lduw_mmu);
+-
-+    return (int16_t)cpu_lduw_be_mmuidx_ra(env, addr, mmu_idx, ra);
+-    cc->tcg_ops->do_unaligned_access(cpu, addr, access_type, mmu_idx, retaddr);
 +    cpu->cc->tcg_ops->do_unaligned_access(cpu, addr, access_type,
 +                                          mmu_idx, retaddr);
  }
- uint32_t cpu_ldl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+ static inline void cpu_transaction_failed(CPUState *cpu, hwaddr physaddr,
-@@ -XXX,XX +XXX,XX @@ uint32_t cpu_lduw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+@@ -XXX,XX +XXX,XX @@ static int probe_access_internal(CPUArchState *env, target_ulong addr,
- int cpu_ldsw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+     if (!tlb_hit_page(tlb_addr, page_addr)) {
-                           int mmu_idx, uintptr_t ra)
+         if (!victim_tlb_hit(env, mmu_idx, index, elt_ofs, page_addr)) {
- {
+             CPUState *cs = env_cpu(env);
--    return (int16_t)cpu_load_helper(env, addr, mmu_idx, ra, MO_LESW,
+-            CPUClass *cc = CPU_GET_CLASS(cs);
--                                    full_le_lduw_mmu);
-+    return (int16_t)cpu_lduw_le_mmuidx_ra(env, addr, mmu_idx, ra);
+-            if (!cc->tcg_ops->tlb_fill(cs, addr, fault_size, access_type,
- }
+-                                       mmu_idx, nonfault, retaddr)) {
++            if (!cs->cc->tcg_ops->tlb_fill(cs, addr, fault_size, access_type,
- uint32_t cpu_ldl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
++                                           mmu_idx, nonfault, retaddr)) {
-diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
+                 /* Non-faulting page table read failed.  */
-index XXXXXXX..XXXXXXX 100644
+                 *phost = NULL;
---- a/accel/tcg/user-exec.c
+                 return TLB_INVALID_MASK;
 +++ b/accel/tcg/user-exec.c
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_ldub_data(CPUArchState *env, abi_ptr ptr)
  int cpu_ldsb_data(CPUArchState *env, abi_ptr ptr)
  {
 -    int ret;
 -    uint16_t meminfo = trace_mem_get_info(MO_SB, MMU_USER_IDX, false);
 -
 -    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
 -    ret = ldsb_p(g2h(env_cpu(env), ptr));
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
 -    return ret;
 +    return (int8_t)cpu_ldub_data(env, ptr);
  }
  uint32_t cpu_lduw_be_data(CPUArchState *env, abi_ptr ptr)
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_lduw_be_data(CPUArchState *env, abi_ptr ptr)
  int cpu_ldsw_be_data(CPUArchState *env, abi_ptr ptr)
  {
 -    int ret;
 -    uint16_t meminfo = trace_mem_get_info(MO_BESW, MMU_USER_IDX, false);
 -
 -    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
 -    ret = ldsw_be_p(g2h(env_cpu(env), ptr));
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
 -    return ret;
 +    return (int16_t)cpu_lduw_be_data(env, ptr);
  }
  uint32_t cpu_ldl_be_data(CPUArchState *env, abi_ptr ptr)
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_lduw_le_data(CPUArchState *env, abi_ptr ptr)
  int cpu_ldsw_le_data(CPUArchState *env, abi_ptr ptr)
  {
 -    int ret;
 -    uint16_t meminfo = trace_mem_get_info(MO_LESW, MMU_USER_IDX, false);
 -
 -    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
 -    ret = ldsw_le_p(g2h(env_cpu(env), ptr));
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
 -    return ret;
 +    return (int16_t)cpu_lduw_le_data(env, ptr);
  }
  uint32_t cpu_ldl_le_data(CPUArchState *env, abi_ptr ptr)
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_ldub_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
  int cpu_ldsb_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
  {
 -    int ret;
 -
 -    set_helper_retaddr(retaddr);
 -    ret = cpu_ldsb_data(env, ptr);
 -    clear_helper_retaddr();
 -    return ret;
 +    return (int8_t)cpu_ldub_data_ra(env, ptr, retaddr);
  }
  uint32_t cpu_lduw_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_lduw_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
  int cpu_ldsw_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
  {
 -    int ret;
 -
 -    set_helper_retaddr(retaddr);
 -    ret = cpu_ldsw_be_data(env, ptr);
 -    clear_helper_retaddr();
 -    return ret;
 +    return (int16_t)cpu_lduw_be_data_ra(env, ptr, retaddr);
  }
  uint32_t cpu_ldl_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_lduw_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
  int cpu_ldsw_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
  {
 -    int ret;
 -
 -    set_helper_retaddr(retaddr);
 -    ret = cpu_ldsw_le_data(env, ptr);
 -    clear_helper_retaddr();
 -    return ret;
 +    return (int16_t)cpu_lduw_le_data_ra(env, ptr, retaddr);
  }
  uint32_t cpu_ldl_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
 --
-.25.1
+.34.1

-[PULL 05/28] tcg: Expand MO_SIZE to 3 bits
+[PULL 04/20] accel/tcg: Rename CPUIOTLBEntry to CPUTLBEntryFull
-We have lacked expressive support for memory sizes larger
+This structure will shortly contain more than just
-than 64-bits for a while.  Fixing that requires adjustment
+data for accessing MMIO.  Rename the 'addr' member
-to several points where we used this for array indexing,
+to 'xlat_section' to more clearly indicate its purpose.
 and two places that develop -Wswitch warnings after the change.
-Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- include/exec/memop.h                | 14 +++++++++-----
+ include/exec/cpu-defs.h    |  22 ++++----
- target/arm/translate-a64.c          |  2 +-
+ accel/tcg/cputlb.c         | 102 +++++++++++++++++++------------------
- tcg/tcg-op.c                        | 13 ++++++++-----
+ target/arm/mte_helper.c    |  14 ++---
- target/s390x/tcg/translate_vx.c.inc |  2 +-
+ target/arm/sve_helper.c    |   4 +-
- tcg/aarch64/tcg-target.c.inc        |  4 ++--
+ target/arm/translate-a64.c |   2 +-
- tcg/arm/tcg-target.c.inc            |  4 ++--
+files changed, 73 insertions(+), 71 deletions(-)
  tcg/i386/tcg-target.c.inc           |  4 ++--
  tcg/mips/tcg-target.c.inc           |  4 ++--
  tcg/ppc/tcg-target.c.inc            |  8 ++++----
  tcg/riscv/tcg-target.c.inc          |  4 ++--
  tcg/s390/tcg-target.c.inc           |  4 ++--
  tcg/sparc/tcg-target.c.inc          | 16 ++++++++--------
 files changed, 43 insertions(+), 36 deletions(-)
-diff --git a/include/exec/memop.h b/include/exec/memop.h
+diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
 index XXXXXXX..XXXXXXX 100644
---- a/include/exec/memop.h
+--- a/include/exec/cpu-defs.h
-+++ b/include/exec/memop.h
++++ b/include/exec/cpu-defs.h
-@@ -XXX,XX +XXX,XX @@ typedef enum MemOp {
+@@ -XXX,XX +XXX,XX @@ typedef uint64_t target_ulong;
-     MO_16    = 1,
+ #  endif
-     MO_32    = 2,
+ # endif
-     MO_64    = 3,
--    MO_SIZE  = 3,   /* Mask for the above.  */
++/* Minimalized TLB entry for use by TCG fast path. */
-+    MO_128   = 4,
+ typedef struct CPUTLBEntry {
-+    MO_256   = 5,
+     /* bit TARGET_LONG_BITS to TARGET_PAGE_BITS : virtual address
-+    MO_512   = 6,
+        bit TARGET_PAGE_BITS-1..4  : Nonzero for accesses that should not
-+    MO_1024  = 7,
+@@ -XXX,XX +XXX,XX @@ typedef struct CPUTLBEntry {
-+    MO_SIZE  = 0x07,   /* Mask for the above.  */
+ QEMU_BUILD_BUG_ON(sizeof(CPUTLBEntry) != (1 << CPU_TLB_ENTRY_BITS));
--    MO_SIGN  = 4,   /* Sign-extended, otherwise zero-extended.  */
-+    MO_SIGN  = 0x08,   /* Sign-extended, otherwise zero-extended.  */
+-/* The IOTLB is not accessed directly inline by generated TCG code,
+- * so the CPUIOTLBEntry layout is not as critical as that of the
--    MO_BSWAP = 8,   /* Host reverse endian.  */
+- * CPUTLBEntry. (This is also why we don't want to combine the two
-+    MO_BSWAP = 0x10,   /* Host reverse endian.  */
+- * structs into one.)
- #ifdef HOST_WORDS_BIGENDIAN
++/*
-     MO_LE    = MO_BSWAP,
++ * The full TLB entry, which is not accessed by generated TCG code,
-     MO_BE    = 0,
++ * so the layout is not as critical as that of CPUTLBEntry. This is
-@@ -XXX,XX +XXX,XX @@ typedef enum MemOp {
++ * also why we don't want to combine the two structs.
-      * - an alignment to a specified size, which may be more or less than
+  */
-      *   the access size (MO_ALIGN_x where 'x' is a size in bytes);
+-typedef struct CPUIOTLBEntry {
 +typedef struct CPUTLBEntryFull {
      /*
 -     * @addr contains:
 +     * @xlat_section contains:
       *  - in the lower TARGET_PAGE_BITS, a physical section number
       *  - with the lower TARGET_PAGE_BITS masked off, an offset which
       *    must be added to the virtual address to obtain:
@@ -XXX,XX +XXX,XX @@ typedef struct CPUIOTLBEntry {
       *       number is PHYS_SECTION_NOTDIRTY or PHYS_SECTION_ROM)
       *     + the offset within the target MemoryRegion (otherwise)
       */
--    MO_ASHIFT = 4,
+-    hwaddr addr;
--    MO_AMASK = 7 << MO_ASHIFT,
++    hwaddr xlat_section;
-+    MO_ASHIFT = 5,
+     MemTxAttrs attrs;
-+    MO_AMASK = 0x7 << MO_ASHIFT,
+-} CPUIOTLBEntry;
- #ifdef NEED_CPU_H
++} CPUTLBEntryFull;
- #ifdef TARGET_ALIGNED_ONLY
-     MO_ALIGN = 0,
+ /*
   * Data elements that are per MMU mode, minus the bits accessed by
@@ -XXX,XX +XXX,XX @@ typedef struct CPUTLBDesc {
      size_t vindex;
      /* The tlb victim table, in two parts.  */
      CPUTLBEntry vtable[CPU_VTLB_SIZE];
 -    CPUIOTLBEntry viotlb[CPU_VTLB_SIZE];
 -    /* The iotlb.  */
 -    CPUIOTLBEntry *iotlb;
 +    CPUTLBEntryFull vfulltlb[CPU_VTLB_SIZE];
 +    CPUTLBEntryFull *fulltlb;
  } CPUTLBDesc;
  /*
 diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/cputlb.c
 +++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ static void tlb_mmu_resize_locked(CPUTLBDesc *desc, CPUTLBDescFast *fast,
      }
      g_free(fast->table);
 -    g_free(desc->iotlb);
 +    g_free(desc->fulltlb);
      tlb_window_reset(desc, now, 0);
      /* desc->n_used_entries is cleared by the caller */
      fast->mask = (new_size - 1) << CPU_TLB_ENTRY_BITS;
      fast->table = g_try_new(CPUTLBEntry, new_size);
 -    desc->iotlb = g_try_new(CPUIOTLBEntry, new_size);
 +    desc->fulltlb = g_try_new(CPUTLBEntryFull, new_size);
      /*
       * If the allocations fail, try smaller sizes. We just freed some
@@ -XXX,XX +XXX,XX @@ static void tlb_mmu_resize_locked(CPUTLBDesc *desc, CPUTLBDescFast *fast,
       * allocations to fail though, so we progressively reduce the allocation
       * size, aborting if we cannot even allocate the smallest TLB we support.
       */
 -    while (fast->table == NULL || desc->iotlb == NULL) {
 +    while (fast->table == NULL || desc->fulltlb == NULL) {
          if (new_size == (1 << CPU_TLB_DYN_MIN_BITS)) {
              error_report("%s: %s", __func__, strerror(errno));
              abort();
@@ -XXX,XX +XXX,XX @@ static void tlb_mmu_resize_locked(CPUTLBDesc *desc, CPUTLBDescFast *fast,
          fast->mask = (new_size - 1) << CPU_TLB_ENTRY_BITS;
          g_free(fast->table);
 -        g_free(desc->iotlb);
 +        g_free(desc->fulltlb);
          fast->table = g_try_new(CPUTLBEntry, new_size);
 -        desc->iotlb = g_try_new(CPUIOTLBEntry, new_size);
 +        desc->fulltlb = g_try_new(CPUTLBEntryFull, new_size);
      }
  }
@@ -XXX,XX +XXX,XX @@ static void tlb_mmu_init(CPUTLBDesc *desc, CPUTLBDescFast *fast, int64_t now)
      desc->n_used_entries = 0;
      fast->mask = (n_entries - 1) << CPU_TLB_ENTRY_BITS;
      fast->table = g_new(CPUTLBEntry, n_entries);
 -    desc->iotlb = g_new(CPUIOTLBEntry, n_entries);
 +    desc->fulltlb = g_new(CPUTLBEntryFull, n_entries);
      tlb_mmu_flush_locked(desc, fast);
  }
@@ -XXX,XX +XXX,XX @@ void tlb_destroy(CPUState *cpu)
          CPUTLBDescFast *fast = &env_tlb(env)->f[i];
          g_free(fast->table);
 -        g_free(desc->iotlb);
 +        g_free(desc->fulltlb);
      }
  }
@@ -XXX,XX +XXX,XX @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
          /* Evict the old entry into the victim tlb.  */
          copy_tlb_helper_locked(tv, te);
 -        desc->viotlb[vidx] = desc->iotlb[index];
 +        desc->vfulltlb[vidx] = desc->fulltlb[index];
          tlb_n_used_entries_dec(env, mmu_idx);
      }
@@ -XXX,XX +XXX,XX @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
       * subtract here is that of the page base, and not the same as the
       * vaddr we add back in io_readx()/io_writex()/get_page_addr_code().
       */
 -    desc->iotlb[index].addr = iotlb - vaddr_page;
 -    desc->iotlb[index].attrs = attrs;
 +    desc->fulltlb[index].xlat_section = iotlb - vaddr_page;
 +    desc->fulltlb[index].attrs = attrs;
      /* Now calculate the new entry */
      tn.addend = addend - vaddr_page;
@@ -XXX,XX +XXX,XX @@ static inline void cpu_transaction_failed(CPUState *cpu, hwaddr physaddr,
      }
  }
 -static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
 +static uint64_t io_readx(CPUArchState *env, CPUTLBEntryFull *full,
                           int mmu_idx, target_ulong addr, uintptr_t retaddr,
                           MMUAccessType access_type, MemOp op)
  {
@@ -XXX,XX +XXX,XX @@ static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
      bool locked = false;
      MemTxResult r;
 -    section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
 +    section = iotlb_to_section(cpu, full->xlat_section, full->attrs);
      mr = section->mr;
 -    mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
 +    mr_offset = (full->xlat_section & TARGET_PAGE_MASK) + addr;
      cpu->mem_io_pc = retaddr;
      if (!cpu->can_do_io) {
          cpu_io_recompile(cpu, retaddr);
@@ -XXX,XX +XXX,XX @@ static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
          qemu_mutex_lock_iothread();
          locked = true;
      }
 -    r = memory_region_dispatch_read(mr, mr_offset, &val, op, iotlbentry->attrs);
 +    r = memory_region_dispatch_read(mr, mr_offset, &val, op, full->attrs);
      if (r != MEMTX_OK) {
          hwaddr physaddr = mr_offset +
              section->offset_within_address_space -
              section->offset_within_region;
          cpu_transaction_failed(cpu, physaddr, addr, memop_size(op), access_type,
 -                               mmu_idx, iotlbentry->attrs, r, retaddr);
 +                               mmu_idx, full->attrs, r, retaddr);
      }
      if (locked) {
          qemu_mutex_unlock_iothread();
@@ -XXX,XX +XXX,XX @@ static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
  }
  /*
 - * Save a potentially trashed IOTLB entry for later lookup by plugin.
 - * This is read by tlb_plugin_lookup if the iotlb entry doesn't match
 + * Save a potentially trashed CPUTLBEntryFull for later lookup by plugin.
 + * This is read by tlb_plugin_lookup if the fulltlb entry doesn't match
   * because of the side effect of io_writex changing memory layout.
   */
  static void save_iotlb_data(CPUState *cs, hwaddr addr,
@@ -XXX,XX +XXX,XX @@ static void save_iotlb_data(CPUState *cs, hwaddr addr,
  #endif
  }
 -static void io_writex(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
 +static void io_writex(CPUArchState *env, CPUTLBEntryFull *full,
                        int mmu_idx, uint64_t val, target_ulong addr,
                        uintptr_t retaddr, MemOp op)
  {
@@ -XXX,XX +XXX,XX @@ static void io_writex(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
      bool locked = false;
      MemTxResult r;
 -    section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
 +    section = iotlb_to_section(cpu, full->xlat_section, full->attrs);
      mr = section->mr;
 -    mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
 +    mr_offset = (full->xlat_section & TARGET_PAGE_MASK) + addr;
      if (!cpu->can_do_io) {
          cpu_io_recompile(cpu, retaddr);
      }
@@ -XXX,XX +XXX,XX @@ static void io_writex(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
       * The memory_region_dispatch may trigger a flush/resize
       * so for plugins we save the iotlb_data just in case.
       */
 -    save_iotlb_data(cpu, iotlbentry->addr, section, mr_offset);
 +    save_iotlb_data(cpu, full->xlat_section, section, mr_offset);
      if (!qemu_mutex_iothread_locked()) {
          qemu_mutex_lock_iothread();
          locked = true;
      }
 -    r = memory_region_dispatch_write(mr, mr_offset, val, op, iotlbentry->attrs);
 +    r = memory_region_dispatch_write(mr, mr_offset, val, op, full->attrs);
      if (r != MEMTX_OK) {
          hwaddr physaddr = mr_offset +
              section->offset_within_address_space -
              section->offset_within_region;
          cpu_transaction_failed(cpu, physaddr, addr, memop_size(op),
 -                               MMU_DATA_STORE, mmu_idx, iotlbentry->attrs, r,
 +                               MMU_DATA_STORE, mmu_idx, full->attrs, r,
                                 retaddr);
      }
      if (locked) {
@@ -XXX,XX +XXX,XX @@ static bool victim_tlb_hit(CPUArchState *env, size_t mmu_idx, size_t index,
              copy_tlb_helper_locked(vtlb, &tmptlb);
              qemu_spin_unlock(&env_tlb(env)->c.lock);
 -            CPUIOTLBEntry tmpio, *io = &env_tlb(env)->d[mmu_idx].iotlb[index];
 -            CPUIOTLBEntry *vio = &env_tlb(env)->d[mmu_idx].viotlb[vidx];
 -            tmpio = *io; *io = *vio; *vio = tmpio;
 +            CPUTLBEntryFull *f1 = &env_tlb(env)->d[mmu_idx].fulltlb[index];
 +            CPUTLBEntryFull *f2 = &env_tlb(env)->d[mmu_idx].vfulltlb[vidx];
 +            CPUTLBEntryFull tmpf;
 +            tmpf = *f1; *f1 = *f2; *f2 = tmpf;
              return true;
          }
      }
@@ -XXX,XX +XXX,XX @@ static bool victim_tlb_hit(CPUArchState *env, size_t mmu_idx, size_t index,
                   (ADDR) & TARGET_PAGE_MASK)
  static void notdirty_write(CPUState *cpu, vaddr mem_vaddr, unsigned size,
 -                           CPUIOTLBEntry *iotlbentry, uintptr_t retaddr)
 +                           CPUTLBEntryFull *full, uintptr_t retaddr)
  {
 -    ram_addr_t ram_addr = mem_vaddr + iotlbentry->addr;
 +    ram_addr_t ram_addr = mem_vaddr + full->xlat_section;
      trace_memory_notdirty_write_access(mem_vaddr, ram_addr, size);
@@ -XXX,XX +XXX,XX @@ int probe_access_flags(CPUArchState *env, target_ulong addr,
      /* Handle clean RAM pages.  */
      if (unlikely(flags & TLB_NOTDIRTY)) {
          uintptr_t index = tlb_index(env, mmu_idx, addr);
 -        CPUIOTLBEntry *iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
 +        CPUTLBEntryFull *full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
 -        notdirty_write(env_cpu(env), addr, 1, iotlbentry, retaddr);
 +        notdirty_write(env_cpu(env), addr, 1, full, retaddr);
          flags &= ~TLB_NOTDIRTY;
      }
@@ -XXX,XX +XXX,XX @@ void *probe_access(CPUArchState *env, target_ulong addr, int size,
      if (unlikely(flags & (TLB_NOTDIRTY | TLB_WATCHPOINT))) {
          uintptr_t index = tlb_index(env, mmu_idx, addr);
 -        CPUIOTLBEntry *iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
 +        CPUTLBEntryFull *full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
          /* Handle watchpoints.  */
          if (flags & TLB_WATCHPOINT) {
              int wp_access = (access_type == MMU_DATA_STORE
                               ? BP_MEM_WRITE : BP_MEM_READ);
              cpu_check_watchpoint(env_cpu(env), addr, size,
 -                                 iotlbentry->attrs, wp_access, retaddr);
 +                                 full->attrs, wp_access, retaddr);
          }
          /* Handle clean RAM pages.  */
          if (flags & TLB_NOTDIRTY) {
 -            notdirty_write(env_cpu(env), addr, 1, iotlbentry, retaddr);
 +            notdirty_write(env_cpu(env), addr, 1, full, retaddr);
          }
      }
@@ -XXX,XX +XXX,XX @@ tb_page_addr_t get_page_addr_code_hostp(CPUArchState *env, target_ulong addr,
   * should have just filled the TLB. The one corner case is io_writex
   * which can cause TLB flushes and potential resizing of the TLBs
   * losing the information we need. In those cases we need to recover
 - * data from a copy of the iotlbentry. As long as this always occurs
 + * data from a copy of the CPUTLBEntryFull. As long as this always occurs
   * from the same thread (which a mem callback will be) this is safe.
   */
@@ -XXX,XX +XXX,XX @@ bool tlb_plugin_lookup(CPUState *cpu, target_ulong addr, int mmu_idx,
      if (likely(tlb_hit(tlb_addr, addr))) {
          /* We must have an iotlb entry for MMIO */
          if (tlb_addr & TLB_MMIO) {
 -            CPUIOTLBEntry *iotlbentry;
 -            iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
 +            CPUTLBEntryFull *full;
 +            full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
              data->is_io = true;
 -            data->v.io.section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
 -            data->v.io.offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
 +            data->v.io.section =
 +                iotlb_to_section(cpu, full->xlat_section, full->attrs);
 +            data->v.io.offset = (full->xlat_section & TARGET_PAGE_MASK) + addr;
          } else {
              data->is_io = false;
              data->v.ram.hostaddr = (void *)((uintptr_t)addr + tlbe->addend);
@@ -XXX,XX +XXX,XX @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
      if (unlikely(tlb_addr & TLB_NOTDIRTY)) {
          notdirty_write(env_cpu(env), addr, size,
 -                       &env_tlb(env)->d[mmu_idx].iotlb[index], retaddr);
 +                       &env_tlb(env)->d[mmu_idx].fulltlb[index], retaddr);
      }
      return hostaddr;
@@ -XXX,XX +XXX,XX @@ load_helper(CPUArchState *env, target_ulong addr, MemOpIdx oi,
      /* Handle anything that isn't just a straight memory access.  */
      if (unlikely(tlb_addr & ~TARGET_PAGE_MASK)) {
 -        CPUIOTLBEntry *iotlbentry;
 +        CPUTLBEntryFull *full;
          bool need_swap;
          /* For anything that is unaligned, recurse through full_load.  */
@@ -XXX,XX +XXX,XX @@ load_helper(CPUArchState *env, target_ulong addr, MemOpIdx oi,
              goto do_unaligned_access;
          }
 -        iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
 +        full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
          /* Handle watchpoints.  */
          if (unlikely(tlb_addr & TLB_WATCHPOINT)) {
              /* On watchpoint hit, this will longjmp out.  */
              cpu_check_watchpoint(env_cpu(env), addr, size,
 -                                 iotlbentry->attrs, BP_MEM_READ, retaddr);
 +                                 full->attrs, BP_MEM_READ, retaddr);
          }
          need_swap = size > 1 && (tlb_addr & TLB_BSWAP);
          /* Handle I/O access.  */
          if (likely(tlb_addr & TLB_MMIO)) {
 -            return io_readx(env, iotlbentry, mmu_idx, addr, retaddr,
 +            return io_readx(env, full, mmu_idx, addr, retaddr,
                              access_type, op ^ (need_swap * MO_BSWAP));
          }
@@ -XXX,XX +XXX,XX @@ store_helper_unaligned(CPUArchState *env, target_ulong addr, uint64_t val,
       */
      if (unlikely(tlb_addr & TLB_WATCHPOINT)) {
          cpu_check_watchpoint(env_cpu(env), addr, size - size2,
 -                             env_tlb(env)->d[mmu_idx].iotlb[index].attrs,
 +                             env_tlb(env)->d[mmu_idx].fulltlb[index].attrs,
                               BP_MEM_WRITE, retaddr);
      }
      if (unlikely(tlb_addr2 & TLB_WATCHPOINT)) {
          cpu_check_watchpoint(env_cpu(env), page2, size2,
 -                             env_tlb(env)->d[mmu_idx].iotlb[index2].attrs,
 +                             env_tlb(env)->d[mmu_idx].fulltlb[index2].attrs,
                               BP_MEM_WRITE, retaddr);
      }
@@ -XXX,XX +XXX,XX @@ store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
      /* Handle anything that isn't just a straight memory access.  */
      if (unlikely(tlb_addr & ~TARGET_PAGE_MASK)) {
 -        CPUIOTLBEntry *iotlbentry;
 +        CPUTLBEntryFull *full;
          bool need_swap;
          /* For anything that is unaligned, recurse through byte stores.  */
@@ -XXX,XX +XXX,XX @@ store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
              goto do_unaligned_access;
          }
 -        iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
 +        full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
          /* Handle watchpoints.  */
          if (unlikely(tlb_addr & TLB_WATCHPOINT)) {
              /* On watchpoint hit, this will longjmp out.  */
              cpu_check_watchpoint(env_cpu(env), addr, size,
 -                                 iotlbentry->attrs, BP_MEM_WRITE, retaddr);
 +                                 full->attrs, BP_MEM_WRITE, retaddr);
          }
          need_swap = size > 1 && (tlb_addr & TLB_BSWAP);
          /* Handle I/O access.  */
          if (tlb_addr & TLB_MMIO) {
 -            io_writex(env, iotlbentry, mmu_idx, val, addr, retaddr,
 +            io_writex(env, full, mmu_idx, val, addr, retaddr,
                        op ^ (need_swap * MO_BSWAP));
              return;
          }
@@ -XXX,XX +XXX,XX @@ store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
          /* Handle clean RAM pages.  */
          if (tlb_addr & TLB_NOTDIRTY) {
 -            notdirty_write(env_cpu(env), addr, size, iotlbentry, retaddr);
 +            notdirty_write(env_cpu(env), addr, size, full, retaddr);
          }
          haddr = (void *)((uintptr_t)addr + entry->addend);
 diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/mte_helper.c
 +++ b/target/arm/mte_helper.c
@@ -XXX,XX +XXX,XX @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
      return tags + index;
  #else
      uintptr_t index;
 -    CPUIOTLBEntry *iotlbentry;
 +    CPUTLBEntryFull *full;
      int in_page, flags;
      ram_addr_t ptr_ra;
      hwaddr ptr_paddr, tag_paddr, xlat;
@@ -XXX,XX +XXX,XX @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
      assert(!(flags & TLB_INVALID_MASK));
      /*
 -     * Find the iotlbentry for ptr.  This *must* be present in the TLB
 +     * Find the CPUTLBEntryFull for ptr.  This *must* be present in the TLB
       * because we just found the mapping.
       * TODO: Perhaps there should be a cputlb helper that returns a
       * matching tlb entry + iotlb entry.
@@ -XXX,XX +XXX,XX @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
          g_assert(tlb_hit(comparator, ptr));
      }
  # endif
 -    iotlbentry = &env_tlb(env)->d[ptr_mmu_idx].iotlb[index];
 +    full = &env_tlb(env)->d[ptr_mmu_idx].fulltlb[index];
      /* If the virtual page MemAttr != Tagged, access unchecked. */
 -    if (!arm_tlb_mte_tagged(&iotlbentry->attrs)) {
 +    if (!arm_tlb_mte_tagged(&full->attrs)) {
          return NULL;
      }
@@ -XXX,XX +XXX,XX @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
          int wp = ptr_access == MMU_DATA_LOAD ? BP_MEM_READ : BP_MEM_WRITE;
          assert(ra != 0);
          cpu_check_watchpoint(env_cpu(env), ptr, ptr_size,
 -                             iotlbentry->attrs, wp, ra);
 +                             full->attrs, wp, ra);
      }
      /*
@@ -XXX,XX +XXX,XX @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
      tag_paddr = ptr_paddr >> (LOG2_TAG_GRANULE + 1);
      /* Look up the address in tag space. */
 -    tag_asi = iotlbentry->attrs.secure ? ARMASIdx_TagS : ARMASIdx_TagNS;
 +    tag_asi = full->attrs.secure ? ARMASIdx_TagS : ARMASIdx_TagNS;
      tag_as = cpu_get_address_space(env_cpu(env), tag_asi);
      mr = address_space_translate(tag_as, tag_paddr, &xlat, NULL,
                                   tag_access == MMU_DATA_STORE,
 -                                 iotlbentry->attrs);
 +                                 full->attrs);
      /*
       * Note that @mr will never be NULL.  If there is nothing in the address
 diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/sve_helper.c
 +++ b/target/arm/sve_helper.c
@@ -XXX,XX +XXX,XX @@ bool sve_probe_page(SVEHostPage *info, bool nofault, CPUARMState *env,
          g_assert(tlb_hit(comparator, addr));
  # endif
 -        CPUIOTLBEntry *iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
 -        info->attrs = iotlbentry->attrs;
 +        CPUTLBEntryFull *full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
 +        info->attrs = full->attrs;
      }
  #endif
 diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate-a64.c
 +++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ static void read_vec_element(DisasContext *s, TCGv_i64 tcg_dest, int srcidx,
+@@ -XXX,XX +XXX,XX @@ static bool is_guarded_page(CPUARMState *env, DisasContext *s)
-                              int element, MemOp memop)
+      * table entry even for that case.
- {
+      */
-     int vect_off = vec_reg_offset(s, srcidx, element, memop & MO_SIZE);
+     return (tlb_hit(entry->addr_code, addr) &&
--    switch (memop) {
+-            arm_tlb_bti_gp(&env_tlb(env)->d[mmu_idx].iotlb[index].attrs));
-+    switch ((unsigned)memop) {
++            arm_tlb_bti_gp(&env_tlb(env)->d[mmu_idx].fulltlb[index].attrs));
      case MO_8:
          tcg_gen_ld8u_i64(tcg_dest, cpu_env, vect_off);
          break;
 diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/tcg-op.c
 +++ b/tcg/tcg-op.c
@@ -XXX,XX +XXX,XX @@ static inline MemOp tcg_canonicalize_memop(MemOp op, bool is64, bool st)
          }
          break;
      case MO_64:
 -        if (!is64) {
 -            tcg_abort();
 +        if (is64) {
 +            op &= ~MO_SIGN;
 +            break;
          }
 -        break;
 +        /* fall through */
 +    default:
 +        g_assert_not_reached();
      }
      if (st) {
          op &= ~MO_SIGN;
@@ -XXX,XX +XXX,XX @@ typedef void (*gen_atomic_op_i64)(TCGv_i64, TCGv_env, TCGv,
  # define WITH_ATOMIC64(X)
  #endif
+ }
--static void * const table_cmpxchg[16] = {
 +static void * const table_cmpxchg[(MO_SIZE | MO_BSWAP) + 1] = {
      [MO_8] = gen_helper_atomic_cmpxchgb,
      [MO_16 | MO_LE] = gen_helper_atomic_cmpxchgw_le,
      [MO_16 | MO_BE] = gen_helper_atomic_cmpxchgw_be,
@@ -XXX,XX +XXX,XX @@ static void do_atomic_op_i64(TCGv_i64 ret, TCGv addr, TCGv_i64 val,
  }
  #define GEN_ATOMIC_HELPER(NAME, OP, NEW)                                \
 -static void * const table_##NAME[16] = {                                \
 +static void * const table_##NAME[(MO_SIZE | MO_BSWAP) + 1] = {          \
      [MO_8] = gen_helper_atomic_##NAME##b,                               \
      [MO_16 | MO_LE] = gen_helper_atomic_##NAME##w_le,                   \
      [MO_16 | MO_BE] = gen_helper_atomic_##NAME##w_be,                   \
 diff --git a/target/s390x/tcg/translate_vx.c.inc b/target/s390x/tcg/translate_vx.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/target/s390x/tcg/translate_vx.c.inc
 +++ b/target/s390x/tcg/translate_vx.c.inc
@@ -XXX,XX +XXX,XX @@ static void read_vec_element_i64(TCGv_i64 dst, uint8_t reg, uint8_t enr,
  {
      const int offs = vec_reg_offset(reg, enr, memop & MO_SIZE);
 -    switch (memop) {
 +    switch ((unsigned)memop) {
      case ES_8:
          tcg_gen_ld8u_i64(dst, cpu_env, offs);
          break;
 diff --git a/tcg/aarch64/tcg-target.c.inc b/tcg/aarch64/tcg-target.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/aarch64/tcg-target.c.inc
 +++ b/tcg/aarch64/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static void tcg_out_cltz(TCGContext *s, TCGType ext, TCGReg d,
  /* helper signature: helper_ret_ld_mmu(CPUState *env, target_ulong addr,
   *                                     TCGMemOpIdx oi, uintptr_t ra)
   */
 -static void * const qemu_ld_helpers[4] = {
 +static void * const qemu_ld_helpers[MO_SIZE + 1] = {
      [MO_8]  = helper_ret_ldub_mmu,
  #ifdef HOST_WORDS_BIGENDIAN
      [MO_16] = helper_be_lduw_mmu,
@@ -XXX,XX +XXX,XX @@ static void * const qemu_ld_helpers[4] = {
   *                                     uintxx_t val, TCGMemOpIdx oi,
   *                                     uintptr_t ra)
   */
 -static void * const qemu_st_helpers[4] = {
 +static void * const qemu_st_helpers[MO_SIZE + 1] = {
      [MO_8]  = helper_ret_stb_mmu,
  #ifdef HOST_WORDS_BIGENDIAN
      [MO_16] = helper_be_stw_mmu,
 diff --git a/tcg/arm/tcg-target.c.inc b/tcg/arm/tcg-target.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/arm/tcg-target.c.inc
 +++ b/tcg/arm/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static void tcg_out_vldst(TCGContext *s, ARMInsn insn,
  /* helper signature: helper_ret_ld_mmu(CPUState *env, target_ulong addr,
   *                                     int mmu_idx, uintptr_t ra)
   */
 -static void * const qemu_ld_helpers[8] = {
 +static void * const qemu_ld_helpers[MO_SSIZE + 1] = {
      [MO_UB]   = helper_ret_ldub_mmu,
      [MO_SB]   = helper_ret_ldsb_mmu,
  #ifdef HOST_WORDS_BIGENDIAN
@@ -XXX,XX +XXX,XX @@ static void * const qemu_ld_helpers[8] = {
  /* helper signature: helper_ret_st_mmu(CPUState *env, target_ulong addr,
   *                                     uintxx_t val, int mmu_idx, uintptr_t ra)
   */
 -static void * const qemu_st_helpers[4] = {
 +static void * const qemu_st_helpers[MO_SIZE + 1] = {
      [MO_8]   = helper_ret_stb_mmu,
  #ifdef HOST_WORDS_BIGENDIAN
      [MO_16] = helper_be_stw_mmu,
 diff --git a/tcg/i386/tcg-target.c.inc b/tcg/i386/tcg-target.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/i386/tcg-target.c.inc
 +++ b/tcg/i386/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static void tcg_out_nopn(TCGContext *s, int n)
  /* helper signature: helper_ret_ld_mmu(CPUState *env, target_ulong addr,
   *                                     int mmu_idx, uintptr_t ra)
   */
 -static void * const qemu_ld_helpers[16] = {
 +static void * const qemu_ld_helpers[(MO_SIZE | MO_BSWAP) + 1] = {
      [MO_UB]   = helper_ret_ldub_mmu,
      [MO_LEUW] = helper_le_lduw_mmu,
      [MO_LEUL] = helper_le_ldul_mmu,
@@ -XXX,XX +XXX,XX @@ static void * const qemu_ld_helpers[16] = {
  /* helper signature: helper_ret_st_mmu(CPUState *env, target_ulong addr,
   *                                     uintxx_t val, int mmu_idx, uintptr_t ra)
   */
 -static void * const qemu_st_helpers[16] = {
 +static void * const qemu_st_helpers[(MO_SIZE | MO_BSWAP) + 1] = {
      [MO_UB]   = helper_ret_stb_mmu,
      [MO_LEUW] = helper_le_stw_mmu,
      [MO_LEUL] = helper_le_stl_mmu,
 diff --git a/tcg/mips/tcg-target.c.inc b/tcg/mips/tcg-target.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/mips/tcg-target.c.inc
 +++ b/tcg/mips/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static void tcg_out_call(TCGContext *s, const tcg_insn_unit *arg)
  #if defined(CONFIG_SOFTMMU)
  #include "../tcg-ldst.c.inc"
 -static void * const qemu_ld_helpers[16] = {
 +static void * const qemu_ld_helpers[(MO_SSIZE | MO_BSWAP) + 1] = {
      [MO_UB]   = helper_ret_ldub_mmu,
      [MO_SB]   = helper_ret_ldsb_mmu,
      [MO_LEUW] = helper_le_lduw_mmu,
@@ -XXX,XX +XXX,XX @@ static void * const qemu_ld_helpers[16] = {
  #endif
  };
 -static void * const qemu_st_helpers[16] = {
 +static void * const qemu_st_helpers[(MO_SIZE | MO_BSWAP) + 1] = {
      [MO_UB]   = helper_ret_stb_mmu,
      [MO_LEUW] = helper_le_stw_mmu,
      [MO_LEUL] = helper_le_stl_mmu,
 diff --git a/tcg/ppc/tcg-target.c.inc b/tcg/ppc/tcg-target.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/ppc/tcg-target.c.inc
 +++ b/tcg/ppc/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static void tcg_out_call(TCGContext *s, const tcg_insn_unit *target)
  #endif
  }
 -static const uint32_t qemu_ldx_opc[16] = {
 +static const uint32_t qemu_ldx_opc[(MO_SSIZE + MO_BSWAP) + 1] = {
      [MO_UB] = LBZX,
      [MO_UW] = LHZX,
      [MO_UL] = LWZX,
@@ -XXX,XX +XXX,XX @@ static const uint32_t qemu_ldx_opc[16] = {
      [MO_BSWAP | MO_Q]  = LDBRX,
  };
 -static const uint32_t qemu_stx_opc[16] = {
 +static const uint32_t qemu_stx_opc[(MO_SIZE + MO_BSWAP) + 1] = {
      [MO_UB] = STBX,
      [MO_UW] = STHX,
      [MO_UL] = STWX,
@@ -XXX,XX +XXX,XX @@ static const uint32_t qemu_exts_opc[4] = {
  /* helper signature: helper_ld_mmu(CPUState *env, target_ulong addr,
   *                                 int mmu_idx, uintptr_t ra)
   */
 -static void * const qemu_ld_helpers[16] = {
 +static void * const qemu_ld_helpers[(MO_SIZE | MO_BSWAP) + 1] = {
      [MO_UB]   = helper_ret_ldub_mmu,
      [MO_LEUW] = helper_le_lduw_mmu,
      [MO_LEUL] = helper_le_ldul_mmu,
@@ -XXX,XX +XXX,XX @@ static void * const qemu_ld_helpers[16] = {
  /* helper signature: helper_st_mmu(CPUState *env, target_ulong addr,
   *                                 uintxx_t val, int mmu_idx, uintptr_t ra)
   */
 -static void * const qemu_st_helpers[16] = {
 +static void * const qemu_st_helpers[(MO_SIZE | MO_BSWAP) + 1] = {
      [MO_UB]   = helper_ret_stb_mmu,
      [MO_LEUW] = helper_le_stw_mmu,
      [MO_LEUL] = helper_le_stl_mmu,
 diff --git a/tcg/riscv/tcg-target.c.inc b/tcg/riscv/tcg-target.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/riscv/tcg-target.c.inc
 +++ b/tcg/riscv/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static void tcg_out_mb(TCGContext *s, TCGArg a0)
  /* helper signature: helper_ret_ld_mmu(CPUState *env, target_ulong addr,
   *                                     TCGMemOpIdx oi, uintptr_t ra)
   */
 -static void * const qemu_ld_helpers[8] = {
 +static void * const qemu_ld_helpers[MO_SSIZE + 1] = {
      [MO_UB] = helper_ret_ldub_mmu,
      [MO_SB] = helper_ret_ldsb_mmu,
  #ifdef HOST_WORDS_BIGENDIAN
@@ -XXX,XX +XXX,XX @@ static void * const qemu_ld_helpers[8] = {
   *                                     uintxx_t val, TCGMemOpIdx oi,
   *                                     uintptr_t ra)
   */
 -static void * const qemu_st_helpers[4] = {
 +static void * const qemu_st_helpers[MO_SIZE + 1] = {
      [MO_8]   = helper_ret_stb_mmu,
  #ifdef HOST_WORDS_BIGENDIAN
      [MO_16] = helper_be_stw_mmu,
 diff --git a/tcg/s390/tcg-target.c.inc b/tcg/s390/tcg-target.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/s390/tcg-target.c.inc
 +++ b/tcg/s390/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static const uint8_t tcg_cond_to_ltr_cond[] = {
  };
  #ifdef CONFIG_SOFTMMU
 -static void * const qemu_ld_helpers[16] = {
 +static void * const qemu_ld_helpers[(MO_SSIZE | MO_BSWAP) + 1] = {
      [MO_UB]   = helper_ret_ldub_mmu,
      [MO_SB]   = helper_ret_ldsb_mmu,
      [MO_LEUW] = helper_le_lduw_mmu,
@@ -XXX,XX +XXX,XX @@ static void * const qemu_ld_helpers[16] = {
      [MO_BEQ]  = helper_be_ldq_mmu,
  };
 -static void * const qemu_st_helpers[16] = {
 +static void * const qemu_st_helpers[(MO_SIZE | MO_BSWAP) + 1] = {
      [MO_UB]   = helper_ret_stb_mmu,
      [MO_LEUW] = helper_le_stw_mmu,
      [MO_LEUL] = helper_le_stl_mmu,
 diff --git a/tcg/sparc/tcg-target.c.inc b/tcg/sparc/tcg-target.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/sparc/tcg-target.c.inc
 +++ b/tcg/sparc/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static void tcg_out_mb(TCGContext *s, TCGArg a0)
  }
  #ifdef CONFIG_SOFTMMU
 -static const tcg_insn_unit *qemu_ld_trampoline[16];
 -static const tcg_insn_unit *qemu_st_trampoline[16];
 +static const tcg_insn_unit *qemu_ld_trampoline[(MO_SSIZE | MO_BSWAP) + 1];
 +static const tcg_insn_unit *qemu_st_trampoline[(MO_SIZE | MO_BSWAP) + 1];
  static void emit_extend(TCGContext *s, TCGReg r, int op)
  {
@@ -XXX,XX +XXX,XX @@ static void emit_extend(TCGContext *s, TCGReg r, int op)
  static void build_trampolines(TCGContext *s)
  {
 -    static void * const qemu_ld_helpers[16] = {
 +    static void * const qemu_ld_helpers[] = {
          [MO_UB]   = helper_ret_ldub_mmu,
          [MO_SB]   = helper_ret_ldsb_mmu,
          [MO_LEUW] = helper_le_lduw_mmu,
@@ -XXX,XX +XXX,XX @@ static void build_trampolines(TCGContext *s)
          [MO_BEUL] = helper_be_ldul_mmu,
          [MO_BEQ]  = helper_be_ldq_mmu,
      };
 -    static void * const qemu_st_helpers[16] = {
 +    static void * const qemu_st_helpers[] = {
          [MO_UB]   = helper_ret_stb_mmu,
          [MO_LEUW] = helper_le_stw_mmu,
          [MO_LEUL] = helper_le_stl_mmu,
@@ -XXX,XX +XXX,XX @@ static void build_trampolines(TCGContext *s)
      int i;
      TCGReg ra;
 -    for (i = 0; i < 16; ++i) {
 +    for (i = 0; i < ARRAY_SIZE(qemu_ld_helpers); ++i) {
          if (qemu_ld_helpers[i] == NULL) {
              continue;
          }
@@ -XXX,XX +XXX,XX @@ static void build_trampolines(TCGContext *s)
          tcg_out_mov(s, TCG_TYPE_PTR, TCG_REG_O7, ra);
      }
 -    for (i = 0; i < 16; ++i) {
 +    for (i = 0; i < ARRAY_SIZE(qemu_st_helpers); ++i) {
          if (qemu_st_helpers[i] == NULL) {
              continue;
          }
@@ -XXX,XX +XXX,XX @@ static TCGReg tcg_out_tlb_load(TCGContext *s, TCGReg addr, int mem_index,
  }
  #endif /* CONFIG_SOFTMMU */
 -static const int qemu_ld_opc[16] = {
 +static const int qemu_ld_opc[(MO_SSIZE | MO_BSWAP) + 1] = {
      [MO_UB]   = LDUB,
      [MO_SB]   = LDSB,
@@ -XXX,XX +XXX,XX @@ static const int qemu_ld_opc[16] = {
      [MO_LEQ]  = LDX_LE,
  };
 -static const int qemu_st_opc[16] = {
 +static const int qemu_st_opc[(MO_SIZE | MO_BSWAP) + 1] = {
      [MO_UB]   = STB,
      [MO_BEUW] = STH,
 --
-.25.1
+.34.1

-[PULL 11/28] trace: Split guest_mem_before
+[PULL 05/20] accel/tcg: Drop addr member from SavedIOTLB
-There is no point in encoding load/store within a bit of
+This field is only written, not read; remove it.
 the memory trace info operand.  Represent atomic operations
 as a single read-modify-write tracepoint.  Use MemOpIdx
 instead of inventing a form specifically for traces.
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- accel/tcg/atomic_template.h   |  1 -
+ include/hw/core/cpu.h | 1 -
- trace/mem.h                   | 51 -----------------------------------
+ accel/tcg/cputlb.c    | 7 +++----
- accel/tcg/cputlb.c            |  7 ++---
+files changed, 3 insertions(+), 5 deletions(-)
  accel/tcg/user-exec.c         | 44 +++++++++++-------------------
  tcg/tcg-op.c                  | 17 +++---------
  accel/tcg/atomic_common.c.inc | 12 +++------
  trace-events                  | 18 +++----------
 files changed, 28 insertions(+), 122 deletions(-)
  delete mode 100644 trace/mem.h
-diff --git a/accel/tcg/atomic_template.h b/accel/tcg/atomic_template.h
+diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
 index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/atomic_template.h
+--- a/include/hw/core/cpu.h
-+++ b/accel/tcg/atomic_template.h
++++ b/include/hw/core/cpu.h
-@@ -XXX,XX +XXX,XX @@
+@@ -XXX,XX +XXX,XX @@ struct CPUWatchpoint {
   * the memory regions get moved around  by io_writex.
   */
+ typedef struct SavedIOTLB {
- #include "qemu/plugin.h"
+-    hwaddr addr;
--#include "trace/mem.h"
+     MemoryRegionSection *section;
+     hwaddr mr_offset;
- #if DATA_SIZE == 16
+ } SavedIOTLB;
  # define SUFFIX     o
 diff --git a/trace/mem.h b/trace/mem.h
 deleted file mode 100644
 index XXXXXXX..XXXXXXX
 --- a/trace/mem.h
 +++ /dev/null
@@ -XXX,XX +XXX,XX @@
 -/*
 - * Helper functions for guest memory tracing
 - *
 - * Copyright (C) 2016 Lluís Vilanova <vilanova@ac.upc.edu>
 - *
 - * This work is licensed under the terms of the GNU GPL, version 2 or later.
 - * See the COPYING file in the top-level directory.
 - */
 -
 -#ifndef TRACE__MEM_H
 -#define TRACE__MEM_H
 -
 -#include "exec/memopidx.h"
 -
 -#define TRACE_MEM_SZ_SHIFT_MASK 0xf /* size shift mask */
 -#define TRACE_MEM_SE (1ULL << 4)    /* sign extended (y/n) */
 -#define TRACE_MEM_BE (1ULL << 5)    /* big endian (y/n) */
 -#define TRACE_MEM_ST (1ULL << 6)    /* store (y/n) */
 -#define TRACE_MEM_MMU_SHIFT 8       /* mmu idx */
 -
 -/**
 - * trace_mem_get_info:
 - *
 - * Return a value for the 'info' argument in guest memory access traces.
 - */
 -static inline uint16_t trace_mem_get_info(MemOpIdx oi, bool store)
 -{
 -    MemOp op = get_memop(oi);
 -    uint32_t size_shift = op & MO_SIZE;
 -    bool sign_extend = op & MO_SIGN;
 -    bool big_endian = (op & MO_BSWAP) == MO_BE;
 -    uint16_t res;
 -
 -    res = size_shift & TRACE_MEM_SZ_SHIFT_MASK;
 -    if (sign_extend) {
 -        res |= TRACE_MEM_SE;
 -    }
 -    if (big_endian) {
 -        res |= TRACE_MEM_BE;
 -    }
 -    if (store) {
 -        res |= TRACE_MEM_ST;
 -    }
 -#ifdef CONFIG_SOFTMMU
 -    res |= get_mmuidx(oi) << TRACE_MEM_MMU_SHIFT;
 -#endif
 -
 -    return res;
 -}
 -
 -#endif /* TRACE__MEM_H */
 diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/cputlb.c
 +++ b/accel/tcg/cputlb.c
-@@ -XXX,XX +XXX,XX @@
+@@ -XXX,XX +XXX,XX @@ static uint64_t io_readx(CPUArchState *env, CPUTLBEntryFull *full,
- #include "qemu/atomic128.h"
+  * This is read by tlb_plugin_lookup if the fulltlb entry doesn't match
- #include "exec/translate-all.h"
+  * because of the side effect of io_writex changing memory layout.
- #include "trace/trace-root.h"
+  */
--#include "trace/mem.h"
+-static void save_iotlb_data(CPUState *cs, hwaddr addr,
- #include "tb-hash.h"
+-                            MemoryRegionSection *section, hwaddr mr_offset)
- #include "internal.h"
++static void save_iotlb_data(CPUState *cs, MemoryRegionSection *section,
 +                            hwaddr mr_offset)
  {
  #ifdef CONFIG_PLUGIN
-@@ -XXX,XX +XXX,XX @@ static inline uint64_t cpu_load_helper(CPUArchState *env, abi_ptr addr,
+     SavedIOTLB *saved = &cs->saved_iotlb;
-                                        MemOp op, FullLoadHelper *full_load)
+-    saved->addr = addr;
- {
+     saved->section = section;
-     MemOpIdx oi = make_memop_idx(op, mmu_idx);
+     saved->mr_offset = mr_offset;
--    uint16_t meminfo = trace_mem_get_info(oi, false);
+ #endif
-     uint64_t ret;
+@@ -XXX,XX +XXX,XX @@ static void io_writex(CPUArchState *env, CPUTLBEntryFull *full,
+      * The memory_region_dispatch may trigger a flush/resize
--    trace_guest_mem_before_exec(env_cpu(env), addr, meminfo);
+      * so for plugins we save the iotlb_data just in case.
-+    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
+      */
+-    save_iotlb_data(cpu, full->xlat_section, section, mr_offset);
-     ret = full_load(env, addr, oi, retaddr);
++    save_iotlb_data(cpu, section, mr_offset);
-@@ -XXX,XX +XXX,XX @@ cpu_store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
+     if (!qemu_mutex_iothread_locked()) {
-                  int mmu_idx, uintptr_t retaddr, MemOp op)
+         qemu_mutex_lock_iothread();
  {
      MemOpIdx oi = make_memop_idx(op, mmu_idx);
 -    uint16_t meminfo = trace_mem_get_info(oi, true);
 -    trace_guest_mem_before_exec(env_cpu(env), addr, meminfo);
 +    trace_guest_st_before_exec(env_cpu(env), addr, oi);
      store_helper(env, addr, val, oi, retaddr, op);
 diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/user-exec.c
 +++ b/accel/tcg/user-exec.c
@@ -XXX,XX +XXX,XX @@
  #include "exec/helper-proto.h"
  #include "qemu/atomic128.h"
  #include "trace/trace-root.h"
 -#include "trace/mem.h"
 +#include "internal.h"
  #undef EAX
  #undef ECX
@@ -XXX,XX +XXX,XX @@ int cpu_signal_handler(int host_signum, void *pinfo,
  uint32_t cpu_ldub_data(CPUArchState *env, abi_ptr ptr)
  {
      MemOpIdx oi = make_memop_idx(MO_UB, MMU_USER_IDX);
 -    uint16_t meminfo = trace_mem_get_info(oi, false);
      uint32_t ret;
 -    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
 +    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
      ret = ldub_p(g2h(env_cpu(env), ptr));
      qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
      return ret;
@@ -XXX,XX +XXX,XX @@ int cpu_ldsb_data(CPUArchState *env, abi_ptr ptr)
  uint32_t cpu_lduw_be_data(CPUArchState *env, abi_ptr ptr)
  {
      MemOpIdx oi = make_memop_idx(MO_BEUW, MMU_USER_IDX);
 -    uint16_t meminfo = trace_mem_get_info(oi, false);
      uint32_t ret;
 -    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
 +    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
      ret = lduw_be_p(g2h(env_cpu(env), ptr));
      qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
      return ret;
@@ -XXX,XX +XXX,XX @@ int cpu_ldsw_be_data(CPUArchState *env, abi_ptr ptr)
  uint32_t cpu_ldl_be_data(CPUArchState *env, abi_ptr ptr)
  {
      MemOpIdx oi = make_memop_idx(MO_BEUL, MMU_USER_IDX);
 -    uint16_t meminfo = trace_mem_get_info(oi, false);
      uint32_t ret;
 -    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
 +    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
      ret = ldl_be_p(g2h(env_cpu(env), ptr));
      qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
      return ret;
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_ldl_be_data(CPUArchState *env, abi_ptr ptr)
  uint64_t cpu_ldq_be_data(CPUArchState *env, abi_ptr ptr)
  {
      MemOpIdx oi = make_memop_idx(MO_BEQ, MMU_USER_IDX);
 -    uint16_t meminfo = trace_mem_get_info(oi, false);
      uint64_t ret;
 -    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
 +    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
      ret = ldq_be_p(g2h(env_cpu(env), ptr));
      qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
      return ret;
@@ -XXX,XX +XXX,XX @@ uint64_t cpu_ldq_be_data(CPUArchState *env, abi_ptr ptr)
  uint32_t cpu_lduw_le_data(CPUArchState *env, abi_ptr ptr)
  {
      MemOpIdx oi = make_memop_idx(MO_LEUW, MMU_USER_IDX);
 -    uint16_t meminfo = trace_mem_get_info(oi, false);
      uint32_t ret;
 -    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
 +    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
      ret = lduw_le_p(g2h(env_cpu(env), ptr));
      qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
      return ret;
@@ -XXX,XX +XXX,XX @@ int cpu_ldsw_le_data(CPUArchState *env, abi_ptr ptr)
  uint32_t cpu_ldl_le_data(CPUArchState *env, abi_ptr ptr)
  {
      MemOpIdx oi = make_memop_idx(MO_LEUL, MMU_USER_IDX);
 -    uint16_t meminfo = trace_mem_get_info(oi, false);
      uint32_t ret;
 -    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
 +    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
      ret = ldl_le_p(g2h(env_cpu(env), ptr));
      qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
      return ret;
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_ldl_le_data(CPUArchState *env, abi_ptr ptr)
  uint64_t cpu_ldq_le_data(CPUArchState *env, abi_ptr ptr)
  {
      MemOpIdx oi = make_memop_idx(MO_LEQ, MMU_USER_IDX);
 -    uint16_t meminfo = trace_mem_get_info(oi, false);
      uint64_t ret;
 -    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
 +    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
      ret = ldq_le_p(g2h(env_cpu(env), ptr));
      qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
      return ret;
@@ -XXX,XX +XXX,XX @@ uint64_t cpu_ldq_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
  void cpu_stb_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
  {
      MemOpIdx oi = make_memop_idx(MO_UB, MMU_USER_IDX);
 -    uint16_t meminfo = trace_mem_get_info(oi, true);
 -    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
 +    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
      stb_p(g2h(env_cpu(env), ptr), val);
      qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
  }
@@ -XXX,XX +XXX,XX @@ void cpu_stb_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
  void cpu_stw_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
  {
      MemOpIdx oi = make_memop_idx(MO_BEUW, MMU_USER_IDX);
 -    uint16_t meminfo = trace_mem_get_info(oi, true);
 -    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
 +    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
      stw_be_p(g2h(env_cpu(env), ptr), val);
      qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
  }
@@ -XXX,XX +XXX,XX @@ void cpu_stw_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
  void cpu_stl_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
  {
      MemOpIdx oi = make_memop_idx(MO_BEUL, MMU_USER_IDX);
 -    uint16_t meminfo = trace_mem_get_info(oi, true);
 -    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
 +    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
      stl_be_p(g2h(env_cpu(env), ptr), val);
      qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
  }
@@ -XXX,XX +XXX,XX @@ void cpu_stl_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
  void cpu_stq_be_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
  {
      MemOpIdx oi = make_memop_idx(MO_BEQ, MMU_USER_IDX);
 -    uint16_t meminfo = trace_mem_get_info(oi, true);
 -    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
 +    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
      stq_be_p(g2h(env_cpu(env), ptr), val);
      qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
  }
@@ -XXX,XX +XXX,XX @@ void cpu_stq_be_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
  void cpu_stw_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
  {
      MemOpIdx oi = make_memop_idx(MO_LEUW, MMU_USER_IDX);
 -    uint16_t meminfo = trace_mem_get_info(oi, true);
 -    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
 +    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
      stw_le_p(g2h(env_cpu(env), ptr), val);
      qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
  }
@@ -XXX,XX +XXX,XX @@ void cpu_stw_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
  void cpu_stl_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
  {
      MemOpIdx oi = make_memop_idx(MO_LEUL, MMU_USER_IDX);
 -    uint16_t meminfo = trace_mem_get_info(oi, true);
 -    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
 +    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
      stl_le_p(g2h(env_cpu(env), ptr), val);
      qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
  }
@@ -XXX,XX +XXX,XX @@ void cpu_stl_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
  void cpu_stq_le_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
  {
      MemOpIdx oi = make_memop_idx(MO_LEQ, MMU_USER_IDX);
 -    uint16_t meminfo = trace_mem_get_info(oi, true);
 -    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
 +    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
      stq_le_p(g2h(env_cpu(env), ptr), val);
      qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
  }
 diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/tcg-op.c
 +++ b/tcg/tcg-op.c
@@ -XXX,XX +XXX,XX @@
  #include "tcg/tcg-op.h"
  #include "tcg/tcg-mo.h"
  #include "trace-tcg.h"
 -#include "trace/mem.h"
  #include "exec/plugin-gen.h"
  /* Reduce the number of ifdefs below.  This assumes that all uses of
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_ld_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
  {
      MemOp orig_memop;
      MemOpIdx oi;
 -    uint16_t info;
      tcg_gen_req_mo(TCG_MO_LD_LD | TCG_MO_ST_LD);
      memop = tcg_canonicalize_memop(memop, 0, 0);
      oi = make_memop_idx(memop, idx);
 -    info = trace_mem_get_info(oi, 0);
 -    trace_guest_mem_before_tcg(tcg_ctx->cpu, cpu_env, addr, info);
 +    trace_guest_ld_before_tcg(tcg_ctx->cpu, cpu_env, addr, oi);
      orig_memop = memop;
      if (!TCG_TARGET_HAS_MEMORY_BSWAP && (memop & MO_BSWAP)) {
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_st_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
  {
      TCGv_i32 swap = NULL;
      MemOpIdx oi;
 -    uint16_t info;
      tcg_gen_req_mo(TCG_MO_LD_ST | TCG_MO_ST_ST);
      memop = tcg_canonicalize_memop(memop, 0, 1);
      oi = make_memop_idx(memop, idx);
 -    info = trace_mem_get_info(oi, 1);
 -    trace_guest_mem_before_tcg(tcg_ctx->cpu, cpu_env, addr, info);
 +    trace_guest_st_before_tcg(tcg_ctx->cpu, cpu_env, addr, oi);
      if (!TCG_TARGET_HAS_MEMORY_BSWAP && (memop & MO_BSWAP)) {
          swap = tcg_temp_new_i32();
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_ld_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
  {
      MemOp orig_memop;
      MemOpIdx oi;
 -    uint16_t info;
      if (TCG_TARGET_REG_BITS == 32 && (memop & MO_SIZE) < MO_64) {
          tcg_gen_qemu_ld_i32(TCGV_LOW(val), addr, idx, memop);
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_ld_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
      tcg_gen_req_mo(TCG_MO_LD_LD | TCG_MO_ST_LD);
      memop = tcg_canonicalize_memop(memop, 1, 0);
      oi = make_memop_idx(memop, idx);
 -    info = trace_mem_get_info(oi, 0);
 -    trace_guest_mem_before_tcg(tcg_ctx->cpu, cpu_env, addr, info);
 +    trace_guest_ld_before_tcg(tcg_ctx->cpu, cpu_env, addr, oi);
      orig_memop = memop;
      if (!TCG_TARGET_HAS_MEMORY_BSWAP && (memop & MO_BSWAP)) {
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_st_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
  {
      TCGv_i64 swap = NULL;
      MemOpIdx oi;
 -    uint16_t info;
      if (TCG_TARGET_REG_BITS == 32 && (memop & MO_SIZE) < MO_64) {
          tcg_gen_qemu_st_i32(TCGV_LOW(val), addr, idx, memop);
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_st_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
      tcg_gen_req_mo(TCG_MO_LD_ST | TCG_MO_ST_ST);
      memop = tcg_canonicalize_memop(memop, 1, 1);
      oi = make_memop_idx(memop, idx);
 -    info = trace_mem_get_info(oi, 1);
 -    trace_guest_mem_before_tcg(tcg_ctx->cpu, cpu_env, addr, info);
 +    trace_guest_st_before_tcg(tcg_ctx->cpu, cpu_env, addr, oi);
      if (!TCG_TARGET_HAS_MEMORY_BSWAP && (memop & MO_BSWAP)) {
          swap = tcg_temp_new_i64();
 diff --git a/accel/tcg/atomic_common.c.inc b/accel/tcg/atomic_common.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/atomic_common.c.inc
 +++ b/accel/tcg/atomic_common.c.inc
@@ -XXX,XX +XXX,XX @@ static void atomic_trace_rmw_pre(CPUArchState *env, target_ulong addr,
                                   MemOpIdx oi)
  {
      CPUState *cpu = env_cpu(env);
 -    uint16_t info = trace_mem_get_info(oi, false);
 -    trace_guest_mem_before_exec(cpu, addr, info);
 -    trace_guest_mem_before_exec(cpu, addr, info | TRACE_MEM_ST);
 +    trace_guest_rmw_before_exec(cpu, addr, oi);
  }
  static void atomic_trace_rmw_post(CPUArchState *env, target_ulong addr,
@@ -XXX,XX +XXX,XX @@ static void atomic_trace_rmw_post(CPUArchState *env, target_ulong addr,
  static void atomic_trace_ld_pre(CPUArchState *env, target_ulong addr,
                                  MemOpIdx oi)
  {
 -    uint16_t info = trace_mem_get_info(oi, false);
 -
 -    trace_guest_mem_before_exec(env_cpu(env), addr, info);
 +    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
  }
  static void atomic_trace_ld_post(CPUArchState *env, target_ulong addr,
@@ -XXX,XX +XXX,XX @@ static void atomic_trace_ld_post(CPUArchState *env, target_ulong addr,
  static void atomic_trace_st_pre(CPUArchState *env, target_ulong addr,
                                  MemOpIdx oi)
  {
 -    uint16_t info = trace_mem_get_info(oi, true);
 -
 -    trace_guest_mem_before_exec(env_cpu(env), addr, info);
 +    trace_guest_st_before_exec(env_cpu(env), addr, oi);
  }
  static void atomic_trace_st_post(CPUArchState *env, target_ulong addr,
 diff --git a/trace-events b/trace-events
 index XXXXXXX..XXXXXXX 100644
 --- a/trace-events
 +++ b/trace-events
@@ -XXX,XX +XXX,XX @@ vcpu guest_cpu_reset(void)
  # tcg/tcg-op.c
  # @vaddr: Access' virtual address.
 -# @info : Access' information (see below).
 +# @memopidx: Access' information (see below).
  #
  # Start virtual memory access (before any potential access violation).
 -#
  # Does not include memory accesses performed by devices.
  #
 -# Access information can be parsed as:
 -#
 -# struct mem_info {
 -#     uint8_t size_shift : 4; /* interpreted as "1 << size_shift" bytes */
 -#     bool    sign_extend: 1; /* sign-extended */
 -#     uint8_t endianness : 1; /* 0: little, 1: big */
 -#     bool    store      : 1; /* whether it is a store operation */
 -#             pad        : 1;
 -#     uint8_t mmuidx     : 4; /* mmuidx (softmmu only)  */
 -# };
 -#
  # Mode: user, softmmu
  # Targets: TCG(all)
 -vcpu tcg guest_mem_before(TCGv vaddr, uint16_t info) "info=%d", "vaddr=0x%016"PRIx64" info=%d"
 +vcpu tcg guest_ld_before(TCGv vaddr, uint32_t memopidx) "info=%d", "vaddr=0x%016"PRIx64" memopidx=0x%x"
 +vcpu tcg guest_st_before(TCGv vaddr, uint32_t memopidx) "info=%d", "vaddr=0x%016"PRIx64" memopidx=0x%x"
 +vcpu tcg guest_rmw_before(TCGv vaddr, uint32_t memopidx) "info=%d", "vaddr=0x%016"PRIx64" memopidx=0x%x"
  # include/user/syscall-trace.h
 --
-.25.1
+.34.1

-[PULL 06/28] tcg: Rename TCGMemOpIdx to MemOpIdx
+[PULL 06/20] accel/tcg: Suppress auto-invalidate in probe_access_internal
-We're about to move this out of tcg.h, so rename it
+When PAGE_WRITE_INV is set when calling tlb_set_page,
-as we did when moving MemOp.
+we immediately set TLB_INVALID_MASK in order to force
 tlb_fill to be called on the next lookup.  Here in
 probe_access_internal, we have just called tlb_fill
 and eliminated true misses, thus the lookup must be valid.
-Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
+This allows us to remove a warning comment from s390x.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
+There doesn't seem to be a reason to change the code though.
 Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
 Reviewed-by: David Hildenbrand <david@redhat.com>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- accel/tcg/atomic_template.h   | 24 +++++------
+ accel/tcg/cputlb.c            | 10 +++++++++-
- include/tcg/tcg.h             | 74 ++++++++++++++++-----------------
+ target/s390x/tcg/mem_helper.c |  4 ----
- accel/tcg/cputlb.c            | 78 +++++++++++++++++------------------
+files changed, 9 insertions(+), 5 deletions(-)
  accel/tcg/user-exec.c         |  2 +-
  target/arm/helper-a64.c       | 16 +++----
  target/arm/m_helper.c         |  2 +-
  target/i386/tcg/mem_helper.c  |  4 +-
  target/m68k/op_helper.c       |  2 +-
  target/mips/tcg/msa_helper.c  |  6 +--
  target/s390x/tcg/mem_helper.c | 20 ++++-----
  target/sparc/ldst_helper.c    |  2 +-
  tcg/optimize.c                |  2 +-
  tcg/tcg-op.c                  | 12 +++---
  tcg/tcg.c                     |  2 +-
  tcg/tci.c                     | 14 +++----
  accel/tcg/atomic_common.c.inc |  6 +--
  tcg/aarch64/tcg-target.c.inc  | 14 +++----
  tcg/arm/tcg-target.c.inc      | 10 ++---
  tcg/i386/tcg-target.c.inc     | 10 ++---
  tcg/mips/tcg-target.c.inc     | 12 +++---
  tcg/ppc/tcg-target.c.inc      | 10 ++---
  tcg/riscv/tcg-target.c.inc    | 16 +++----
  tcg/s390/tcg-target.c.inc     | 10 ++---
  tcg/sparc/tcg-target.c.inc    |  4 +-
  tcg/tcg-ldst.c.inc            |  2 +-
 files changed, 177 insertions(+), 177 deletions(-)
-diff --git a/accel/tcg/atomic_template.h b/accel/tcg/atomic_template.h
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/atomic_template.h
-+++ b/accel/tcg/atomic_template.h
-@@ -XXX,XX +XXX,XX @@
- ABI_TYPE ATOMIC_NAME(cmpxchg)(CPUArchState *env, target_ulong addr,
-                               ABI_TYPE cmpv, ABI_TYPE newv,
--                              TCGMemOpIdx oi, uintptr_t retaddr)
-+                              MemOpIdx oi, uintptr_t retaddr)
- {
-     DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,
-                                          PAGE_READ | PAGE_WRITE, retaddr);
-@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(cmpxchg)(CPUArchState *env, target_ulong addr,
- #if DATA_SIZE >= 16
- #if HAVE_ATOMIC128
- ABI_TYPE ATOMIC_NAME(ld)(CPUArchState *env, target_ulong addr,
--                         TCGMemOpIdx oi, uintptr_t retaddr)
-+                         MemOpIdx oi, uintptr_t retaddr)
- {
-     DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,
-                                          PAGE_READ, retaddr);
-@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(ld)(CPUArchState *env, target_ulong addr,
- }
- void ATOMIC_NAME(st)(CPUArchState *env, target_ulong addr, ABI_TYPE val,
--                     TCGMemOpIdx oi, uintptr_t retaddr)
-+                     MemOpIdx oi, uintptr_t retaddr)
- {
-     DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,
-                                          PAGE_WRITE, retaddr);
-@@ -XXX,XX +XXX,XX @@ void ATOMIC_NAME(st)(CPUArchState *env, target_ulong addr, ABI_TYPE val,
- #endif
- #else
- ABI_TYPE ATOMIC_NAME(xchg)(CPUArchState *env, target_ulong addr, ABI_TYPE val,
--                           TCGMemOpIdx oi, uintptr_t retaddr)
-+                           MemOpIdx oi, uintptr_t retaddr)
- {
-     DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,
-                                          PAGE_READ | PAGE_WRITE, retaddr);
-@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(xchg)(CPUArchState *env, target_ulong addr, ABI_TYPE val,
- #define GEN_ATOMIC_HELPER(X)                                        \
- ABI_TYPE ATOMIC_NAME(X)(CPUArchState *env, target_ulong addr,       \
--                        ABI_TYPE val, TCGMemOpIdx oi, uintptr_t retaddr) \
-+                        ABI_TYPE val, MemOpIdx oi, uintptr_t retaddr) \
- {                                                                   \
-     DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,  \
-                                          PAGE_READ | PAGE_WRITE, retaddr); \
-@@ -XXX,XX +XXX,XX @@ GEN_ATOMIC_HELPER(xor_fetch)
-  */
- #define GEN_ATOMIC_HELPER_FN(X, FN, XDATA_TYPE, RET)                \
- ABI_TYPE ATOMIC_NAME(X)(CPUArchState *env, target_ulong addr,       \
--                        ABI_TYPE xval, TCGMemOpIdx oi, uintptr_t retaddr) \
-+                        ABI_TYPE xval, MemOpIdx oi, uintptr_t retaddr) \
- {                                                                   \
-     XDATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE, \
-                                           PAGE_READ | PAGE_WRITE, retaddr); \
-@@ -XXX,XX +XXX,XX @@ GEN_ATOMIC_HELPER_FN(umax_fetch, MAX,  DATA_TYPE, new)
- ABI_TYPE ATOMIC_NAME(cmpxchg)(CPUArchState *env, target_ulong addr,
-                               ABI_TYPE cmpv, ABI_TYPE newv,
--                              TCGMemOpIdx oi, uintptr_t retaddr)
-+                              MemOpIdx oi, uintptr_t retaddr)
- {
-     DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,
-                                          PAGE_READ | PAGE_WRITE, retaddr);
-@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(cmpxchg)(CPUArchState *env, target_ulong addr,
- #if DATA_SIZE >= 16
- #if HAVE_ATOMIC128
- ABI_TYPE ATOMIC_NAME(ld)(CPUArchState *env, target_ulong addr,
--                         TCGMemOpIdx oi, uintptr_t retaddr)
-+                         MemOpIdx oi, uintptr_t retaddr)
- {
-     DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,
-                                          PAGE_READ, retaddr);
-@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(ld)(CPUArchState *env, target_ulong addr,
- }
- void ATOMIC_NAME(st)(CPUArchState *env, target_ulong addr, ABI_TYPE val,
--                     TCGMemOpIdx oi, uintptr_t retaddr)
-+                     MemOpIdx oi, uintptr_t retaddr)
- {
-     DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,
-                                          PAGE_WRITE, retaddr);
-@@ -XXX,XX +XXX,XX @@ void ATOMIC_NAME(st)(CPUArchState *env, target_ulong addr, ABI_TYPE val,
- #endif
- #else
- ABI_TYPE ATOMIC_NAME(xchg)(CPUArchState *env, target_ulong addr, ABI_TYPE val,
--                           TCGMemOpIdx oi, uintptr_t retaddr)
-+                           MemOpIdx oi, uintptr_t retaddr)
- {
-     DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,
-                                          PAGE_READ | PAGE_WRITE, retaddr);
-@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(xchg)(CPUArchState *env, target_ulong addr, ABI_TYPE val,
- #define GEN_ATOMIC_HELPER(X)                                        \
- ABI_TYPE ATOMIC_NAME(X)(CPUArchState *env, target_ulong addr,       \
--                        ABI_TYPE val, TCGMemOpIdx oi, uintptr_t retaddr) \
-+                        ABI_TYPE val, MemOpIdx oi, uintptr_t retaddr) \
- {                                                                   \
-     DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,  \
-                                          PAGE_READ | PAGE_WRITE, retaddr); \
-@@ -XXX,XX +XXX,XX @@ GEN_ATOMIC_HELPER(xor_fetch)
-  */
- #define GEN_ATOMIC_HELPER_FN(X, FN, XDATA_TYPE, RET)                \
- ABI_TYPE ATOMIC_NAME(X)(CPUArchState *env, target_ulong addr,       \
--                        ABI_TYPE xval, TCGMemOpIdx oi, uintptr_t retaddr) \
-+                        ABI_TYPE xval, MemOpIdx oi, uintptr_t retaddr) \
- {                                                                   \
-     XDATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE, \
-                                           PAGE_READ | PAGE_WRITE, retaddr); \
-diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/tcg/tcg.h
-+++ b/include/tcg/tcg.h
-@@ -XXX,XX +XXX,XX @@ static inline size_t tcg_current_code_size(TCGContext *s)
- }
- /* Combine the MemOp and mmu_idx parameters into a single value.  */
--typedef uint32_t TCGMemOpIdx;
-+typedef uint32_t MemOpIdx;
- /**
-  * make_memop_idx
-@@ -XXX,XX +XXX,XX @@ typedef uint32_t TCGMemOpIdx;
-  *
-  * Encode these values into a single parameter.
-  */
--static inline TCGMemOpIdx make_memop_idx(MemOp op, unsigned idx)
-+static inline MemOpIdx make_memop_idx(MemOp op, unsigned idx)
- {
-     tcg_debug_assert(idx <= 15);
-     return (op << 4) | idx;
-@@ -XXX,XX +XXX,XX @@ static inline TCGMemOpIdx make_memop_idx(MemOp op, unsigned idx)
-  *
-  * Extract the memory operation from the combined value.
-  */
--static inline MemOp get_memop(TCGMemOpIdx oi)
-+static inline MemOp get_memop(MemOpIdx oi)
- {
-     return oi >> 4;
- }
-@@ -XXX,XX +XXX,XX @@ static inline MemOp get_memop(TCGMemOpIdx oi)
-  *
-  * Extract the mmu index from the combined value.
-  */
--static inline unsigned get_mmuidx(TCGMemOpIdx oi)
-+static inline unsigned get_mmuidx(MemOpIdx oi)
- {
-     return oi & 15;
- }
-@@ -XXX,XX +XXX,XX @@ uint64_t dup_const(unsigned vece, uint64_t c);
- #ifdef CONFIG_SOFTMMU
- /* Value zero-extended to tcg register size.  */
- tcg_target_ulong helper_ret_ldub_mmu(CPUArchState *env, target_ulong addr,
--                                     TCGMemOpIdx oi, uintptr_t retaddr);
-+                                     MemOpIdx oi, uintptr_t retaddr);
- tcg_target_ulong helper_le_lduw_mmu(CPUArchState *env, target_ulong addr,
--                                    TCGMemOpIdx oi, uintptr_t retaddr);
-+                                    MemOpIdx oi, uintptr_t retaddr);
- tcg_target_ulong helper_le_ldul_mmu(CPUArchState *env, target_ulong addr,
--                                    TCGMemOpIdx oi, uintptr_t retaddr);
-+                                    MemOpIdx oi, uintptr_t retaddr);
- uint64_t helper_le_ldq_mmu(CPUArchState *env, target_ulong addr,
--                           TCGMemOpIdx oi, uintptr_t retaddr);
-+                           MemOpIdx oi, uintptr_t retaddr);
- tcg_target_ulong helper_be_lduw_mmu(CPUArchState *env, target_ulong addr,
--                                    TCGMemOpIdx oi, uintptr_t retaddr);
-+                                    MemOpIdx oi, uintptr_t retaddr);
- tcg_target_ulong helper_be_ldul_mmu(CPUArchState *env, target_ulong addr,
--                                    TCGMemOpIdx oi, uintptr_t retaddr);
-+                                    MemOpIdx oi, uintptr_t retaddr);
- uint64_t helper_be_ldq_mmu(CPUArchState *env, target_ulong addr,
--                           TCGMemOpIdx oi, uintptr_t retaddr);
-+                           MemOpIdx oi, uintptr_t retaddr);
- /* Value sign-extended to tcg register size.  */
- tcg_target_ulong helper_ret_ldsb_mmu(CPUArchState *env, target_ulong addr,
--                                     TCGMemOpIdx oi, uintptr_t retaddr);
-+                                     MemOpIdx oi, uintptr_t retaddr);
- tcg_target_ulong helper_le_ldsw_mmu(CPUArchState *env, target_ulong addr,
--                                    TCGMemOpIdx oi, uintptr_t retaddr);
-+                                    MemOpIdx oi, uintptr_t retaddr);
- tcg_target_ulong helper_le_ldsl_mmu(CPUArchState *env, target_ulong addr,
--                                    TCGMemOpIdx oi, uintptr_t retaddr);
-+                                    MemOpIdx oi, uintptr_t retaddr);
- tcg_target_ulong helper_be_ldsw_mmu(CPUArchState *env, target_ulong addr,
--                                    TCGMemOpIdx oi, uintptr_t retaddr);
-+                                    MemOpIdx oi, uintptr_t retaddr);
- tcg_target_ulong helper_be_ldsl_mmu(CPUArchState *env, target_ulong addr,
--                                    TCGMemOpIdx oi, uintptr_t retaddr);
-+                                    MemOpIdx oi, uintptr_t retaddr);
- void helper_ret_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
--                        TCGMemOpIdx oi, uintptr_t retaddr);
-+                        MemOpIdx oi, uintptr_t retaddr);
- void helper_le_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
--                       TCGMemOpIdx oi, uintptr_t retaddr);
-+                       MemOpIdx oi, uintptr_t retaddr);
- void helper_le_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
--                       TCGMemOpIdx oi, uintptr_t retaddr);
-+                       MemOpIdx oi, uintptr_t retaddr);
- void helper_le_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
--                       TCGMemOpIdx oi, uintptr_t retaddr);
-+                       MemOpIdx oi, uintptr_t retaddr);
- void helper_be_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
--                       TCGMemOpIdx oi, uintptr_t retaddr);
-+                       MemOpIdx oi, uintptr_t retaddr);
- void helper_be_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
--                       TCGMemOpIdx oi, uintptr_t retaddr);
-+                       MemOpIdx oi, uintptr_t retaddr);
- void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
--                       TCGMemOpIdx oi, uintptr_t retaddr);
-+                       MemOpIdx oi, uintptr_t retaddr);
- /* Temporary aliases until backends are converted.  */
- #ifdef TARGET_WORDS_BIGENDIAN
-@@ -XXX,XX +XXX,XX @@ void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
- uint32_t cpu_atomic_cmpxchgb_mmu(CPUArchState *env, target_ulong addr,
-                                  uint32_t cmpv, uint32_t newv,
--                                 TCGMemOpIdx oi, uintptr_t retaddr);
-+                                 MemOpIdx oi, uintptr_t retaddr);
- uint32_t cpu_atomic_cmpxchgw_le_mmu(CPUArchState *env, target_ulong addr,
-                                     uint32_t cmpv, uint32_t newv,
--                                    TCGMemOpIdx oi, uintptr_t retaddr);
-+                                    MemOpIdx oi, uintptr_t retaddr);
- uint32_t cpu_atomic_cmpxchgl_le_mmu(CPUArchState *env, target_ulong addr,
-                                     uint32_t cmpv, uint32_t newv,
--                                    TCGMemOpIdx oi, uintptr_t retaddr);
-+                                    MemOpIdx oi, uintptr_t retaddr);
- uint64_t cpu_atomic_cmpxchgq_le_mmu(CPUArchState *env, target_ulong addr,
-                                     uint64_t cmpv, uint64_t newv,
--                                    TCGMemOpIdx oi, uintptr_t retaddr);
-+                                    MemOpIdx oi, uintptr_t retaddr);
- uint32_t cpu_atomic_cmpxchgw_be_mmu(CPUArchState *env, target_ulong addr,
-                                     uint32_t cmpv, uint32_t newv,
--                                    TCGMemOpIdx oi, uintptr_t retaddr);
-+                                    MemOpIdx oi, uintptr_t retaddr);
- uint32_t cpu_atomic_cmpxchgl_be_mmu(CPUArchState *env, target_ulong addr,
-                                     uint32_t cmpv, uint32_t newv,
--                                    TCGMemOpIdx oi, uintptr_t retaddr);
-+                                    MemOpIdx oi, uintptr_t retaddr);
- uint64_t cpu_atomic_cmpxchgq_be_mmu(CPUArchState *env, target_ulong addr,
-                                     uint64_t cmpv, uint64_t newv,
--                                    TCGMemOpIdx oi, uintptr_t retaddr);
-+                                    MemOpIdx oi, uintptr_t retaddr);
- #define GEN_ATOMIC_HELPER(NAME, TYPE, SUFFIX)         \
- TYPE cpu_atomic_ ## NAME ## SUFFIX ## _mmu            \
-     (CPUArchState *env, target_ulong addr, TYPE val,  \
--     TCGMemOpIdx oi, uintptr_t retaddr);
-+     MemOpIdx oi, uintptr_t retaddr);
- #ifdef CONFIG_ATOMIC64
- #define GEN_ATOMIC_HELPER_ALL(NAME)          \
-@@ -XXX,XX +XXX,XX @@ GEN_ATOMIC_HELPER_ALL(xchg)
- Int128 cpu_atomic_cmpxchgo_le_mmu(CPUArchState *env, target_ulong addr,
-                                   Int128 cmpv, Int128 newv,
--                                  TCGMemOpIdx oi, uintptr_t retaddr);
-+                                  MemOpIdx oi, uintptr_t retaddr);
- Int128 cpu_atomic_cmpxchgo_be_mmu(CPUArchState *env, target_ulong addr,
-                                   Int128 cmpv, Int128 newv,
--                                  TCGMemOpIdx oi, uintptr_t retaddr);
-+                                  MemOpIdx oi, uintptr_t retaddr);
- Int128 cpu_atomic_ldo_le_mmu(CPUArchState *env, target_ulong addr,
--                             TCGMemOpIdx oi, uintptr_t retaddr);
-+                             MemOpIdx oi, uintptr_t retaddr);
- Int128 cpu_atomic_ldo_be_mmu(CPUArchState *env, target_ulong addr,
--                             TCGMemOpIdx oi, uintptr_t retaddr);
-+                             MemOpIdx oi, uintptr_t retaddr);
- void cpu_atomic_sto_le_mmu(CPUArchState *env, target_ulong addr, Int128 val,
--                           TCGMemOpIdx oi, uintptr_t retaddr);
-+                           MemOpIdx oi, uintptr_t retaddr);
- void cpu_atomic_sto_be_mmu(CPUArchState *env, target_ulong addr, Int128 val,
--                           TCGMemOpIdx oi, uintptr_t retaddr);
-+                           MemOpIdx oi, uintptr_t retaddr);
- #ifdef CONFIG_DEBUG_TCG
- void tcg_assert_listed_vecop(TCGOpcode);
 diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/cputlb.c
 +++ b/accel/tcg/cputlb.c
-@@ -XXX,XX +XXX,XX @@ bool tlb_plugin_lookup(CPUState *cpu, target_ulong addr, int mmu_idx,
+@@ -XXX,XX +XXX,XX @@ static int probe_access_internal(CPUArchState *env, target_ulong addr,
   * @prot may be PAGE_READ, PAGE_WRITE, or PAGE_READ|PAGE_WRITE.
   */
  static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
 -                               TCGMemOpIdx oi, int size, int prot,
 +                               MemOpIdx oi, int size, int prot,
                                 uintptr_t retaddr)
  {
      size_t mmu_idx = get_mmuidx(oi);
@@ -XXX,XX +XXX,XX @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
   */
  typedef uint64_t FullLoadHelper(CPUArchState *env, target_ulong addr,
 -                                TCGMemOpIdx oi, uintptr_t retaddr);
 +                                MemOpIdx oi, uintptr_t retaddr);
  static inline uint64_t QEMU_ALWAYS_INLINE
  load_memop(const void *haddr, MemOp op)
@@ -XXX,XX +XXX,XX @@ load_memop(const void *haddr, MemOp op)
  }
  static inline uint64_t QEMU_ALWAYS_INLINE
 -load_helper(CPUArchState *env, target_ulong addr, TCGMemOpIdx oi,
 +load_helper(CPUArchState *env, target_ulong addr, MemOpIdx oi,
              uintptr_t retaddr, MemOp op, bool code_read,
              FullLoadHelper *full_load)
  {
@@ -XXX,XX +XXX,XX @@ load_helper(CPUArchState *env, target_ulong addr, TCGMemOpIdx oi,
   */
  static uint64_t full_ldub_mmu(CPUArchState *env, target_ulong addr,
 -                              TCGMemOpIdx oi, uintptr_t retaddr)
 +                              MemOpIdx oi, uintptr_t retaddr)
  {
      return load_helper(env, addr, oi, retaddr, MO_UB, false, full_ldub_mmu);
  }
  tcg_target_ulong helper_ret_ldub_mmu(CPUArchState *env, target_ulong addr,
 -                                     TCGMemOpIdx oi, uintptr_t retaddr)
 +                                     MemOpIdx oi, uintptr_t retaddr)
  {
      return full_ldub_mmu(env, addr, oi, retaddr);
  }
  static uint64_t full_le_lduw_mmu(CPUArchState *env, target_ulong addr,
 -                                 TCGMemOpIdx oi, uintptr_t retaddr)
 +                                 MemOpIdx oi, uintptr_t retaddr)
  {
      return load_helper(env, addr, oi, retaddr, MO_LEUW, false,
                         full_le_lduw_mmu);
  }
  tcg_target_ulong helper_le_lduw_mmu(CPUArchState *env, target_ulong addr,
 -                                    TCGMemOpIdx oi, uintptr_t retaddr)
 +                                    MemOpIdx oi, uintptr_t retaddr)
  {
      return full_le_lduw_mmu(env, addr, oi, retaddr);
  }
  static uint64_t full_be_lduw_mmu(CPUArchState *env, target_ulong addr,
 -                                 TCGMemOpIdx oi, uintptr_t retaddr)
 +                                 MemOpIdx oi, uintptr_t retaddr)
  {
      return load_helper(env, addr, oi, retaddr, MO_BEUW, false,
                         full_be_lduw_mmu);
  }
  tcg_target_ulong helper_be_lduw_mmu(CPUArchState *env, target_ulong addr,
 -                                    TCGMemOpIdx oi, uintptr_t retaddr)
 +                                    MemOpIdx oi, uintptr_t retaddr)
  {
      return full_be_lduw_mmu(env, addr, oi, retaddr);
  }
  static uint64_t full_le_ldul_mmu(CPUArchState *env, target_ulong addr,
 -                                 TCGMemOpIdx oi, uintptr_t retaddr)
 +                                 MemOpIdx oi, uintptr_t retaddr)
  {
      return load_helper(env, addr, oi, retaddr, MO_LEUL, false,
                         full_le_ldul_mmu);
  }
  tcg_target_ulong helper_le_ldul_mmu(CPUArchState *env, target_ulong addr,
 -                                    TCGMemOpIdx oi, uintptr_t retaddr)
 +                                    MemOpIdx oi, uintptr_t retaddr)
  {
      return full_le_ldul_mmu(env, addr, oi, retaddr);
  }
  static uint64_t full_be_ldul_mmu(CPUArchState *env, target_ulong addr,
 -                                 TCGMemOpIdx oi, uintptr_t retaddr)
 +                                 MemOpIdx oi, uintptr_t retaddr)
  {
      return load_helper(env, addr, oi, retaddr, MO_BEUL, false,
                         full_be_ldul_mmu);
  }
  tcg_target_ulong helper_be_ldul_mmu(CPUArchState *env, target_ulong addr,
 -                                    TCGMemOpIdx oi, uintptr_t retaddr)
 +                                    MemOpIdx oi, uintptr_t retaddr)
  {
      return full_be_ldul_mmu(env, addr, oi, retaddr);
  }
  uint64_t helper_le_ldq_mmu(CPUArchState *env, target_ulong addr,
 -                           TCGMemOpIdx oi, uintptr_t retaddr)
 +                           MemOpIdx oi, uintptr_t retaddr)
  {
      return load_helper(env, addr, oi, retaddr, MO_LEQ, false,
                         helper_le_ldq_mmu);
  }
  uint64_t helper_be_ldq_mmu(CPUArchState *env, target_ulong addr,
 -                           TCGMemOpIdx oi, uintptr_t retaddr)
 +                           MemOpIdx oi, uintptr_t retaddr)
  {
      return load_helper(env, addr, oi, retaddr, MO_BEQ, false,
                         helper_be_ldq_mmu);
@@ -XXX,XX +XXX,XX @@ uint64_t helper_be_ldq_mmu(CPUArchState *env, target_ulong addr,
  tcg_target_ulong helper_ret_ldsb_mmu(CPUArchState *env, target_ulong addr,
 -                                     TCGMemOpIdx oi, uintptr_t retaddr)
 +                                     MemOpIdx oi, uintptr_t retaddr)
  {
      return (int8_t)helper_ret_ldub_mmu(env, addr, oi, retaddr);
  }
  tcg_target_ulong helper_le_ldsw_mmu(CPUArchState *env, target_ulong addr,
 -                                    TCGMemOpIdx oi, uintptr_t retaddr)
 +                                    MemOpIdx oi, uintptr_t retaddr)
  {
      return (int16_t)helper_le_lduw_mmu(env, addr, oi, retaddr);
  }
  tcg_target_ulong helper_be_ldsw_mmu(CPUArchState *env, target_ulong addr,
 -                                    TCGMemOpIdx oi, uintptr_t retaddr)
 +                                    MemOpIdx oi, uintptr_t retaddr)
  {
      return (int16_t)helper_be_lduw_mmu(env, addr, oi, retaddr);
  }
  tcg_target_ulong helper_le_ldsl_mmu(CPUArchState *env, target_ulong addr,
 -                                    TCGMemOpIdx oi, uintptr_t retaddr)
 +                                    MemOpIdx oi, uintptr_t retaddr)
  {
      return (int32_t)helper_le_ldul_mmu(env, addr, oi, retaddr);
  }
  tcg_target_ulong helper_be_ldsl_mmu(CPUArchState *env, target_ulong addr,
 -                                    TCGMemOpIdx oi, uintptr_t retaddr)
 +                                    MemOpIdx oi, uintptr_t retaddr)
  {
      return (int32_t)helper_be_ldul_mmu(env, addr, oi, retaddr);
  }
@@ -XXX,XX +XXX,XX @@ static inline uint64_t cpu_load_helper(CPUArchState *env, abi_ptr addr,
                                         MemOp op, FullLoadHelper *full_load)
  {
      uint16_t meminfo;
 -    TCGMemOpIdx oi;
 +    MemOpIdx oi;
      uint64_t ret;
      meminfo = trace_mem_get_info(op, mmu_idx, false);
@@ -XXX,XX +XXX,XX @@ store_helper_unaligned(CPUArchState *env, target_ulong addr, uint64_t val,
      uintptr_t index, index2;
      CPUTLBEntry *entry, *entry2;
      target_ulong page2, tlb_addr, tlb_addr2;
 -    TCGMemOpIdx oi;
 +    MemOpIdx oi;
      size_t size2;
      int i;
@@ -XXX,XX +XXX,XX @@ store_helper_unaligned(CPUArchState *env, target_ulong addr, uint64_t val,
  static inline void QEMU_ALWAYS_INLINE
  store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
 -             TCGMemOpIdx oi, uintptr_t retaddr, MemOp op)
 +             MemOpIdx oi, uintptr_t retaddr, MemOp op)
  {
      uintptr_t mmu_idx = get_mmuidx(oi);
      uintptr_t index = tlb_index(env, mmu_idx, addr);
@@ -XXX,XX +XXX,XX @@ store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
  void __attribute__((noinline))
  helper_ret_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
 -                   TCGMemOpIdx oi, uintptr_t retaddr)
 +                   MemOpIdx oi, uintptr_t retaddr)
  {
      store_helper(env, addr, val, oi, retaddr, MO_UB);
  }
  void helper_le_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
 -                       TCGMemOpIdx oi, uintptr_t retaddr)
 +                       MemOpIdx oi, uintptr_t retaddr)
  {
      store_helper(env, addr, val, oi, retaddr, MO_LEUW);
  }
  void helper_be_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
 -                       TCGMemOpIdx oi, uintptr_t retaddr)
 +                       MemOpIdx oi, uintptr_t retaddr)
  {
      store_helper(env, addr, val, oi, retaddr, MO_BEUW);
  }
  void helper_le_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
 -                       TCGMemOpIdx oi, uintptr_t retaddr)
 +                       MemOpIdx oi, uintptr_t retaddr)
  {
      store_helper(env, addr, val, oi, retaddr, MO_LEUL);
  }
  void helper_be_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
 -                       TCGMemOpIdx oi, uintptr_t retaddr)
 +                       MemOpIdx oi, uintptr_t retaddr)
  {
      store_helper(env, addr, val, oi, retaddr, MO_BEUL);
  }
  void helper_le_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
 -                       TCGMemOpIdx oi, uintptr_t retaddr)
 +                       MemOpIdx oi, uintptr_t retaddr)
  {
      store_helper(env, addr, val, oi, retaddr, MO_LEQ);
  }
  void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
 -                       TCGMemOpIdx oi, uintptr_t retaddr)
 +                       MemOpIdx oi, uintptr_t retaddr)
  {
      store_helper(env, addr, val, oi, retaddr, MO_BEQ);
  }
@@ -XXX,XX +XXX,XX @@ static inline void QEMU_ALWAYS_INLINE
  cpu_store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
                   int mmu_idx, uintptr_t retaddr, MemOp op)
  {
 -    TCGMemOpIdx oi;
 +    MemOpIdx oi;
      uint16_t meminfo;
      meminfo = trace_mem_get_info(op, mmu_idx, true);
@@ -XXX,XX +XXX,XX @@ void cpu_stq_le_data(CPUArchState *env, target_ulong ptr, uint64_t val)
  /* Code access functions.  */
  static uint64_t full_ldub_code(CPUArchState *env, target_ulong addr,
 -                               TCGMemOpIdx oi, uintptr_t retaddr)
 +                               MemOpIdx oi, uintptr_t retaddr)
  {
      return load_helper(env, addr, oi, retaddr, MO_8, true, full_ldub_code);
  }
  uint32_t cpu_ldub_code(CPUArchState *env, abi_ptr addr)
  {
 -    TCGMemOpIdx oi = make_memop_idx(MO_UB, cpu_mmu_index(env, true));
 +    MemOpIdx oi = make_memop_idx(MO_UB, cpu_mmu_index(env, true));
      return full_ldub_code(env, addr, oi, 0);
  }
  static uint64_t full_lduw_code(CPUArchState *env, target_ulong addr,
 -                               TCGMemOpIdx oi, uintptr_t retaddr)
 +                               MemOpIdx oi, uintptr_t retaddr)
  {
      return load_helper(env, addr, oi, retaddr, MO_TEUW, true, full_lduw_code);
  }
  uint32_t cpu_lduw_code(CPUArchState *env, abi_ptr addr)
  {
 -    TCGMemOpIdx oi = make_memop_idx(MO_TEUW, cpu_mmu_index(env, true));
 +    MemOpIdx oi = make_memop_idx(MO_TEUW, cpu_mmu_index(env, true));
      return full_lduw_code(env, addr, oi, 0);
  }
  static uint64_t full_ldl_code(CPUArchState *env, target_ulong addr,
 -                              TCGMemOpIdx oi, uintptr_t retaddr)
 +                              MemOpIdx oi, uintptr_t retaddr)
  {
      return load_helper(env, addr, oi, retaddr, MO_TEUL, true, full_ldl_code);
  }
  uint32_t cpu_ldl_code(CPUArchState *env, abi_ptr addr)
  {
 -    TCGMemOpIdx oi = make_memop_idx(MO_TEUL, cpu_mmu_index(env, true));
 +    MemOpIdx oi = make_memop_idx(MO_TEUL, cpu_mmu_index(env, true));
      return full_ldl_code(env, addr, oi, 0);
  }
  static uint64_t full_ldq_code(CPUArchState *env, target_ulong addr,
 -                              TCGMemOpIdx oi, uintptr_t retaddr)
 +                              MemOpIdx oi, uintptr_t retaddr)
  {
      return load_helper(env, addr, oi, retaddr, MO_TEQ, true, full_ldq_code);
  }
  uint64_t cpu_ldq_code(CPUArchState *env, abi_ptr addr)
  {
 -    TCGMemOpIdx oi = make_memop_idx(MO_TEQ, cpu_mmu_index(env, true));
 +    MemOpIdx oi = make_memop_idx(MO_TEQ, cpu_mmu_index(env, true));
      return full_ldq_code(env, addr, oi, 0);
  }
 diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/user-exec.c
 +++ b/accel/tcg/user-exec.c
@@ -XXX,XX +XXX,XX @@ uint64_t cpu_ldq_code(CPUArchState *env, abi_ptr ptr)
   * @prot may be PAGE_READ, PAGE_WRITE, or PAGE_READ|PAGE_WRITE.
   */
  static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
 -                               TCGMemOpIdx oi, int size, int prot,
 +                               MemOpIdx oi, int size, int prot,
                                 uintptr_t retaddr)
  {
      /* Enforce qemu required alignment.  */
 diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/helper-a64.c
 +++ b/target/arm/helper-a64.c
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_le)(CPUARMState *env, uint64_t addr,
      clear_helper_retaddr();
  #else
      int mem_idx = cpu_mmu_index(env, false);
 -    TCGMemOpIdx oi0 = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
 -    TCGMemOpIdx oi1 = make_memop_idx(MO_LEQ, mem_idx);
 +    MemOpIdx oi0 = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
 +    MemOpIdx oi1 = make_memop_idx(MO_LEQ, mem_idx);
      o0 = helper_le_ldq_mmu(env, addr + 0, oi0, ra);
      o1 = helper_le_ldq_mmu(env, addr + 8, oi1, ra);
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_le_parallel)(CPUARMState *env, uint64_t addr,
      uintptr_t ra = GETPC();
      bool success;
      int mem_idx;
 -    TCGMemOpIdx oi;
 +    MemOpIdx oi;
      assert(HAVE_CMPXCHG128);
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_be)(CPUARMState *env, uint64_t addr,
      clear_helper_retaddr();
  #else
      int mem_idx = cpu_mmu_index(env, false);
 -    TCGMemOpIdx oi0 = make_memop_idx(MO_BEQ | MO_ALIGN_16, mem_idx);
 -    TCGMemOpIdx oi1 = make_memop_idx(MO_BEQ, mem_idx);
 +    MemOpIdx oi0 = make_memop_idx(MO_BEQ | MO_ALIGN_16, mem_idx);
 +    MemOpIdx oi1 = make_memop_idx(MO_BEQ, mem_idx);
      o1 = helper_be_ldq_mmu(env, addr + 0, oi0, ra);
      o0 = helper_be_ldq_mmu(env, addr + 8, oi1, ra);
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_be_parallel)(CPUARMState *env, uint64_t addr,
      uintptr_t ra = GETPC();
      bool success;
      int mem_idx;
 -    TCGMemOpIdx oi;
 +    MemOpIdx oi;
      assert(HAVE_CMPXCHG128);
@@ -XXX,XX +XXX,XX @@ void HELPER(casp_le_parallel)(CPUARMState *env, uint32_t rs, uint64_t addr,
      Int128 oldv, cmpv, newv;
      uintptr_t ra = GETPC();
      int mem_idx;
 -    TCGMemOpIdx oi;
 +    MemOpIdx oi;
      assert(HAVE_CMPXCHG128);
@@ -XXX,XX +XXX,XX @@ void HELPER(casp_be_parallel)(CPUARMState *env, uint32_t rs, uint64_t addr,
      Int128 oldv, cmpv, newv;
      uintptr_t ra = GETPC();
      int mem_idx;
 -    TCGMemOpIdx oi;
 +    MemOpIdx oi;
      assert(HAVE_CMPXCHG128);
 diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/m_helper.c
 +++ b/target/arm/m_helper.c
@@ -XXX,XX +XXX,XX @@ static bool do_v7m_function_return(ARMCPU *cpu)
      {
          bool threadmode, spsel;
 -        TCGMemOpIdx oi;
 +        MemOpIdx oi;
          ARMMMUIdx mmu_idx;
          uint32_t *frame_sp_p;
          uint32_t frameptr;
 diff --git a/target/i386/tcg/mem_helper.c b/target/i386/tcg/mem_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/i386/tcg/mem_helper.c
 +++ b/target/i386/tcg/mem_helper.c
@@ -XXX,XX +XXX,XX @@ void helper_cmpxchg8b(CPUX86State *env, target_ulong a0)
      {
          uintptr_t ra = GETPC();
          int mem_idx = cpu_mmu_index(env, false);
 -        TCGMemOpIdx oi = make_memop_idx(MO_TEQ, mem_idx);
 +        MemOpIdx oi = make_memop_idx(MO_TEQ, mem_idx);
          oldv = cpu_atomic_cmpxchgq_le_mmu(env, a0, cmpv, newv, oi, ra);
      }
+     tlb_addr = tlb_read_ofs(entry, elt_ofs);
-@@ -XXX,XX +XXX,XX @@ void helper_cmpxchg16b(CPUX86State *env, target_ulong a0)
-         Int128 newv = int128_make128(env->regs[R_EBX], env->regs[R_ECX]);
++    flags = TLB_FLAGS_MASK;
+     page_addr = addr & TARGET_PAGE_MASK;
-         int mem_idx = cpu_mmu_index(env, false);
+     if (!tlb_hit_page(tlb_addr, page_addr)) {
--        TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
+         if (!victim_tlb_hit(env, mmu_idx, index, elt_ofs, page_addr)) {
-+        MemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
+@@ -XXX,XX +XXX,XX @@ static int probe_access_internal(CPUArchState *env, target_ulong addr,
-         Int128 oldv = cpu_atomic_cmpxchgo_le_mmu(env, a0, cmpv, newv, oi, ra);
+             /* TLB resize via tlb_fill may have moved the entry.  */
-         if (int128_eq(oldv, cmpv)) {
+             entry = tlb_entry(env, mmu_idx, addr);
-diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
++
-index XXXXXXX..XXXXXXX 100644
++            /*
---- a/target/m68k/op_helper.c
++             * With PAGE_WRITE_INV, we set TLB_INVALID_MASK immediately,
-+++ b/target/m68k/op_helper.c
++             * to force the next access through tlb_fill.  We've just
-@@ -XXX,XX +XXX,XX @@ static void do_cas2l(CPUM68KState *env, uint32_t regs, uint32_t a1, uint32_t a2,
++             * called tlb_fill, so we know that this entry *is* valid.
-     uintptr_t ra = GETPC();
++             */
- #if defined(CONFIG_ATOMIC64)
++            flags &= ~TLB_INVALID_MASK;
-     int mmu_idx = cpu_mmu_index(env, 0);
+         }
--    TCGMemOpIdx oi = make_memop_idx(MO_BEQ, mmu_idx);
+         tlb_addr = tlb_read_ofs(entry, elt_ofs);
-+    MemOpIdx oi = make_memop_idx(MO_BEQ, mmu_idx);
+     }
- #endif
+-    flags = tlb_addr & TLB_FLAGS_MASK;
++    flags &= tlb_addr;
-     if (parallel) {
-diff --git a/target/mips/tcg/msa_helper.c b/target/mips/tcg/msa_helper.c
+     /* Fold all "mmio-like" bits into TLB_MMIO.  This is not RAM.  */
-index XXXXXXX..XXXXXXX 100644
+     if (unlikely(flags & ~(TLB_WATCHPOINT | TLB_NOTDIRTY))) {
 --- a/target/mips/tcg/msa_helper.c
 +++ b/target/mips/tcg/msa_helper.c
@@ -XXX,XX +XXX,XX @@ void helper_msa_ffint_u_df(CPUMIPSState *env, uint32_t df, uint32_t wd,
  #define DF_ELEMENTS(df) (MSA_WRLEN / DF_BITS(df))
  #if !defined(CONFIG_USER_ONLY)
 -#define MEMOP_IDX(DF)                                           \
 -        TCGMemOpIdx oi = make_memop_idx(MO_TE | DF | MO_UNALN,  \
 -                                        cpu_mmu_index(env, false));
 +#define MEMOP_IDX(DF)                                                   \
 +    MemOpIdx oi = make_memop_idx(MO_TE | DF | MO_UNALN,                 \
 +                                 cpu_mmu_index(env, false));
  #else
  #define MEMOP_IDX(DF)
  #endif
 diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/s390x/tcg/mem_helper.c
 +++ b/target/s390x/tcg/mem_helper.c
-@@ -XXX,XX +XXX,XX @@ static void do_access_memset(CPUS390XState *env, vaddr vaddr, char *haddr,
+@@ -XXX,XX +XXX,XX @@ static int s390_probe_access(CPUArchState *env, target_ulong addr, int size,
      g_assert(haddr);
      memset(haddr, byte, size);
  #else
--    TCGMemOpIdx oi = make_memop_idx(MO_UB, mmu_idx);
+     int flags;
-+    MemOpIdx oi = make_memop_idx(MO_UB, mmu_idx);
-     int i;
+-    /*
+-     * For !CONFIG_USER_ONLY, we cannot rely on TLB_INVALID_MASK or haddr==NULL
-     if (likely(haddr)) {
+-     * to detect if there was an exception during tlb_fill().
-@@ -XXX,XX +XXX,XX @@ static uint8_t do_access_get_byte(CPUS390XState *env, vaddr vaddr, char **haddr,
+-     */
- #ifdef CONFIG_USER_ONLY
+     env->tlb_fill_exc = 0;
-     return ldub_p(*haddr + offset);
+     flags = probe_access_flags(env, addr, access_type, mmu_idx, nonfault, phost,
- #else
+                                ra);
 -    TCGMemOpIdx oi = make_memop_idx(MO_UB, mmu_idx);
 +    MemOpIdx oi = make_memop_idx(MO_UB, mmu_idx);
      uint8_t byte;
      if (likely(*haddr)) {
@@ -XXX,XX +XXX,XX @@ static void do_access_set_byte(CPUS390XState *env, vaddr vaddr, char **haddr,
  #ifdef CONFIG_USER_ONLY
      stb_p(*haddr + offset, byte);
  #else
 -    TCGMemOpIdx oi = make_memop_idx(MO_UB, mmu_idx);
 +    MemOpIdx oi = make_memop_idx(MO_UB, mmu_idx);
      if (likely(*haddr)) {
          stb_p(*haddr + offset, byte);
@@ -XXX,XX +XXX,XX @@ void HELPER(cdsg_parallel)(CPUS390XState *env, uint64_t addr,
      Int128 cmpv = int128_make128(env->regs[r1 + 1], env->regs[r1]);
      Int128 newv = int128_make128(env->regs[r3 + 1], env->regs[r3]);
      int mem_idx;
 -    TCGMemOpIdx oi;
 +    MemOpIdx oi;
      Int128 oldv;
      bool fail;
@@ -XXX,XX +XXX,XX @@ static uint32_t do_csst(CPUS390XState *env, uint32_t r3, uint64_t a1,
                  uint32_t *haddr = g2h(env_cpu(env), a1);
                  ov = qatomic_cmpxchg__nocheck(haddr, cv, nv);
  #else
 -                TCGMemOpIdx oi = make_memop_idx(MO_TEUL | MO_ALIGN, mem_idx);
 +                MemOpIdx oi = make_memop_idx(MO_TEUL | MO_ALIGN, mem_idx);
                  ov = cpu_atomic_cmpxchgl_be_mmu(env, a1, cv, nv, oi, ra);
  #endif
              } else {
@@ -XXX,XX +XXX,XX @@ static uint32_t do_csst(CPUS390XState *env, uint32_t r3, uint64_t a1,
              if (parallel) {
  #ifdef CONFIG_ATOMIC64
 -                TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN, mem_idx);
 +                MemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN, mem_idx);
                  ov = cpu_atomic_cmpxchgq_be_mmu(env, a1, cv, nv, oi, ra);
  #else
                  /* Note that we asserted !parallel above.  */
@@ -XXX,XX +XXX,XX @@ static uint32_t do_csst(CPUS390XState *env, uint32_t r3, uint64_t a1,
                  cpu_stq_data_ra(env, a1 + 0, int128_gethi(nv), ra);
                  cpu_stq_data_ra(env, a1 + 8, int128_getlo(nv), ra);
              } else if (HAVE_CMPXCHG128) {
 -                TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
 +                MemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
                  ov = cpu_atomic_cmpxchgo_be_mmu(env, a1, cv, nv, oi, ra);
                  cc = !int128_eq(ov, cv);
              } else {
@@ -XXX,XX +XXX,XX @@ static uint32_t do_csst(CPUS390XState *env, uint32_t r3, uint64_t a1,
                  cpu_stq_data_ra(env, a2 + 0, svh, ra);
                  cpu_stq_data_ra(env, a2 + 8, svl, ra);
              } else if (HAVE_ATOMIC128) {
 -                TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
 +                MemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
                  Int128 sv = int128_make128(svl, svh);
                  cpu_atomic_sto_be_mmu(env, a2, sv, oi, ra);
              } else {
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(lpq_parallel)(CPUS390XState *env, uint64_t addr)
      uintptr_t ra = GETPC();
      uint64_t hi, lo;
      int mem_idx;
 -    TCGMemOpIdx oi;
 +    MemOpIdx oi;
      Int128 v;
      assert(HAVE_ATOMIC128);
@@ -XXX,XX +XXX,XX @@ void HELPER(stpq_parallel)(CPUS390XState *env, uint64_t addr,
  {
      uintptr_t ra = GETPC();
      int mem_idx;
 -    TCGMemOpIdx oi;
 +    MemOpIdx oi;
      Int128 v;
      assert(HAVE_ATOMIC128);
 diff --git a/target/sparc/ldst_helper.c b/target/sparc/ldst_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/sparc/ldst_helper.c
 +++ b/target/sparc/ldst_helper.c
@@ -XXX,XX +XXX,XX @@ uint64_t helper_ld_asi(CPUSPARCState *env, target_ulong addr,
      case ASI_SNF:
      case ASI_SNFL:
          {
 -            TCGMemOpIdx oi;
 +            MemOpIdx oi;
              int idx = (env->pstate & PS_PRIV
                         ? (asi & 1 ? MMU_KERNEL_SECONDARY_IDX : MMU_KERNEL_IDX)
                         : (asi & 1 ? MMU_USER_SECONDARY_IDX : MMU_USER_IDX));
 diff --git a/tcg/optimize.c b/tcg/optimize.c
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/optimize.c
 +++ b/tcg/optimize.c
@@ -XXX,XX +XXX,XX @@ void tcg_optimize(TCGContext *s)
          CASE_OP_32_64(qemu_ld):
              {
 -                TCGMemOpIdx oi = op->args[nb_oargs + nb_iargs];
 +                MemOpIdx oi = op->args[nb_oargs + nb_iargs];
                  MemOp mop = get_memop(oi);
                  if (!(mop & MO_SIGN)) {
                      mask = (2ULL << ((8 << (mop & MO_SIZE)) - 1)) - 1;
 diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/tcg-op.c
 +++ b/tcg/tcg-op.c
@@ -XXX,XX +XXX,XX @@ static inline MemOp tcg_canonicalize_memop(MemOp op, bool is64, bool st)
  static void gen_ldst_i32(TCGOpcode opc, TCGv_i32 val, TCGv addr,
                           MemOp memop, TCGArg idx)
  {
 -    TCGMemOpIdx oi = make_memop_idx(memop, idx);
 +    MemOpIdx oi = make_memop_idx(memop, idx);
  #if TARGET_LONG_BITS == 32
      tcg_gen_op3i_i32(opc, val, addr, oi);
  #else
@@ -XXX,XX +XXX,XX @@ static void gen_ldst_i32(TCGOpcode opc, TCGv_i32 val, TCGv addr,
  static void gen_ldst_i64(TCGOpcode opc, TCGv_i64 val, TCGv addr,
                           MemOp memop, TCGArg idx)
  {
 -    TCGMemOpIdx oi = make_memop_idx(memop, idx);
 +    MemOpIdx oi = make_memop_idx(memop, idx);
  #if TARGET_LONG_BITS == 32
      if (TCG_TARGET_REG_BITS == 32) {
          tcg_gen_op4i_i32(opc, TCGV_LOW(val), TCGV_HIGH(val), addr, oi);
@@ -XXX,XX +XXX,XX @@ void tcg_gen_atomic_cmpxchg_i32(TCGv_i32 retv, TCGv addr, TCGv_i32 cmpv,
          tcg_temp_free_i32(t1);
      } else {
          gen_atomic_cx_i32 gen;
 -        TCGMemOpIdx oi;
 +        MemOpIdx oi;
          gen = table_cmpxchg[memop & (MO_SIZE | MO_BSWAP)];
          tcg_debug_assert(gen != NULL);
@@ -XXX,XX +XXX,XX @@ void tcg_gen_atomic_cmpxchg_i64(TCGv_i64 retv, TCGv addr, TCGv_i64 cmpv,
      } else if ((memop & MO_SIZE) == MO_64) {
  #ifdef CONFIG_ATOMIC64
          gen_atomic_cx_i64 gen;
 -        TCGMemOpIdx oi;
 +        MemOpIdx oi;
          gen = table_cmpxchg[memop & (MO_SIZE | MO_BSWAP)];
          tcg_debug_assert(gen != NULL);
@@ -XXX,XX +XXX,XX @@ static void do_atomic_op_i32(TCGv_i32 ret, TCGv addr, TCGv_i32 val,
                               TCGArg idx, MemOp memop, void * const table[])
  {
      gen_atomic_op_i32 gen;
 -    TCGMemOpIdx oi;
 +    MemOpIdx oi;
      memop = tcg_canonicalize_memop(memop, 0, 0);
@@ -XXX,XX +XXX,XX @@ static void do_atomic_op_i64(TCGv_i64 ret, TCGv addr, TCGv_i64 val,
      if ((memop & MO_SIZE) == MO_64) {
  #ifdef CONFIG_ATOMIC64
          gen_atomic_op_i64 gen;
 -        TCGMemOpIdx oi;
 +        MemOpIdx oi;
          gen = table[memop & (MO_SIZE | MO_BSWAP)];
          tcg_debug_assert(gen != NULL);
 diff --git a/tcg/tcg.c b/tcg/tcg.c
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/tcg.c
 +++ b/tcg/tcg.c
@@ -XXX,XX +XXX,XX @@ static void tcg_dump_ops(TCGContext *s, bool have_prefs)
              case INDEX_op_qemu_ld_i64:
              case INDEX_op_qemu_st_i64:
                  {
 -                    TCGMemOpIdx oi = op->args[k++];
 +                    MemOpIdx oi = op->args[k++];
                      MemOp op = get_memop(oi);
                      unsigned ix = get_mmuidx(oi);
 diff --git a/tcg/tci.c b/tcg/tci.c
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/tci.c
 +++ b/tcg/tci.c
@@ -XXX,XX +XXX,XX @@ static uint64_t tci_uint64(uint32_t high, uint32_t low)
   *   i = immediate (uint32_t)
   *   I = immediate (tcg_target_ulong)
   *   l = label or pointer
 - *   m = immediate (TCGMemOpIdx)
 + *   m = immediate (MemOpIdx)
   *   n = immediate (call return length)
   *   r = register
   *   s = signed ldst offset
@@ -XXX,XX +XXX,XX @@ static void tci_args_ri(uint32_t insn, TCGReg *r0, tcg_target_ulong *i1)
  }
  static void tci_args_rrm(uint32_t insn, TCGReg *r0,
 -                         TCGReg *r1, TCGMemOpIdx *m2)
 +                         TCGReg *r1, MemOpIdx *m2)
  {
      *r0 = extract32(insn, 8, 4);
      *r1 = extract32(insn, 12, 4);
@@ -XXX,XX +XXX,XX @@ static void tci_args_rrrc(uint32_t insn,
  }
  static void tci_args_rrrm(uint32_t insn,
 -                          TCGReg *r0, TCGReg *r1, TCGReg *r2, TCGMemOpIdx *m3)
 +                          TCGReg *r0, TCGReg *r1, TCGReg *r2, MemOpIdx *m3)
  {
      *r0 = extract32(insn, 8, 4);
      *r1 = extract32(insn, 12, 4);
@@ -XXX,XX +XXX,XX @@ static bool tci_compare64(uint64_t u0, uint64_t u1, TCGCond condition)
  }
  static uint64_t tci_qemu_ld(CPUArchState *env, target_ulong taddr,
 -                            TCGMemOpIdx oi, const void *tb_ptr)
 +                            MemOpIdx oi, const void *tb_ptr)
  {
      MemOp mop = get_memop(oi) & (MO_BSWAP | MO_SSIZE);
      uintptr_t ra = (uintptr_t)tb_ptr;
@@ -XXX,XX +XXX,XX @@ static uint64_t tci_qemu_ld(CPUArchState *env, target_ulong taddr,
  }
  static void tci_qemu_st(CPUArchState *env, target_ulong taddr, uint64_t val,
 -                        TCGMemOpIdx oi, const void *tb_ptr)
 +                        MemOpIdx oi, const void *tb_ptr)
  {
      MemOp mop = get_memop(oi) & (MO_BSWAP | MO_SSIZE);
      uintptr_t ra = (uintptr_t)tb_ptr;
@@ -XXX,XX +XXX,XX @@ uintptr_t QEMU_DISABLE_CFI tcg_qemu_tb_exec(CPUArchState *env,
          uint32_t tmp32;
          uint64_t tmp64;
          uint64_t T1, T2;
 -        TCGMemOpIdx oi;
 +        MemOpIdx oi;
          int32_t ofs;
          void *ptr;
@@ -XXX,XX +XXX,XX @@ int print_insn_tci(bfd_vma addr, disassemble_info *info)
      tcg_target_ulong i1;
      int32_t s2;
      TCGCond c;
 -    TCGMemOpIdx oi;
 +    MemOpIdx oi;
      uint8_t pos, len;
      void *ptr;
 diff --git a/accel/tcg/atomic_common.c.inc b/accel/tcg/atomic_common.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/atomic_common.c.inc
 +++ b/accel/tcg/atomic_common.c.inc
@@ -XXX,XX +XXX,XX @@
   */
  static uint16_t atomic_trace_rmw_pre(CPUArchState *env, target_ulong addr,
 -                                     TCGMemOpIdx oi)
 +                                     MemOpIdx oi)
  {
      CPUState *cpu = env_cpu(env);
      uint16_t info = trace_mem_get_info(get_memop(oi), get_mmuidx(oi), false);
@@ -XXX,XX +XXX,XX @@ static void atomic_trace_rmw_post(CPUArchState *env, target_ulong addr,
  #if HAVE_ATOMIC128
  static uint16_t atomic_trace_ld_pre(CPUArchState *env, target_ulong addr,
 -                                    TCGMemOpIdx oi)
 +                                    MemOpIdx oi)
  {
      uint16_t info = trace_mem_get_info(get_memop(oi), get_mmuidx(oi), false);
@@ -XXX,XX +XXX,XX @@ static void atomic_trace_ld_post(CPUArchState *env, target_ulong addr,
  }
  static uint16_t atomic_trace_st_pre(CPUArchState *env, target_ulong addr,
 -                                    TCGMemOpIdx oi)
 +                                    MemOpIdx oi)
  {
      uint16_t info = trace_mem_get_info(get_memop(oi), get_mmuidx(oi), true);
 diff --git a/tcg/aarch64/tcg-target.c.inc b/tcg/aarch64/tcg-target.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/aarch64/tcg-target.c.inc
 +++ b/tcg/aarch64/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static void tcg_out_cltz(TCGContext *s, TCGType ext, TCGReg d,
  #include "../tcg-ldst.c.inc"
  /* helper signature: helper_ret_ld_mmu(CPUState *env, target_ulong addr,
 - *                                     TCGMemOpIdx oi, uintptr_t ra)
 + *                                     MemOpIdx oi, uintptr_t ra)
   */
  static void * const qemu_ld_helpers[MO_SIZE + 1] = {
      [MO_8]  = helper_ret_ldub_mmu,
@@ -XXX,XX +XXX,XX @@ static void * const qemu_ld_helpers[MO_SIZE + 1] = {
  };
  /* helper signature: helper_ret_st_mmu(CPUState *env, target_ulong addr,
 - *                                     uintxx_t val, TCGMemOpIdx oi,
 + *                                     uintxx_t val, MemOpIdx oi,
   *                                     uintptr_t ra)
   */
  static void * const qemu_st_helpers[MO_SIZE + 1] = {
@@ -XXX,XX +XXX,XX @@ static inline void tcg_out_adr(TCGContext *s, TCGReg rd, const void *target)
  static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
  {
 -    TCGMemOpIdx oi = lb->oi;
 +    MemOpIdx oi = lb->oi;
      MemOp opc = get_memop(oi);
      MemOp size = opc & MO_SIZE;
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
  static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
  {
 -    TCGMemOpIdx oi = lb->oi;
 +    MemOpIdx oi = lb->oi;
      MemOp opc = get_memop(oi);
      MemOp size = opc & MO_SIZE;
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
      return true;
  }
 -static void add_qemu_ldst_label(TCGContext *s, bool is_ld, TCGMemOpIdx oi,
 +static void add_qemu_ldst_label(TCGContext *s, bool is_ld, MemOpIdx oi,
                                  TCGType ext, TCGReg data_reg, TCGReg addr_reg,
                                  tcg_insn_unit *raddr, tcg_insn_unit *label_ptr)
  {
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st_direct(TCGContext *s, MemOp memop,
  }
  static void tcg_out_qemu_ld(TCGContext *s, TCGReg data_reg, TCGReg addr_reg,
 -                            TCGMemOpIdx oi, TCGType ext)
 +                            MemOpIdx oi, TCGType ext)
  {
      MemOp memop = get_memop(oi);
      const TCGType otype = TARGET_LONG_BITS == 64 ? TCG_TYPE_I64 : TCG_TYPE_I32;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, TCGReg data_reg, TCGReg addr_reg,
  }
  static void tcg_out_qemu_st(TCGContext *s, TCGReg data_reg, TCGReg addr_reg,
 -                            TCGMemOpIdx oi)
 +                            MemOpIdx oi)
  {
      MemOp memop = get_memop(oi);
      const TCGType otype = TARGET_LONG_BITS == 64 ? TCG_TYPE_I64 : TCG_TYPE_I32;
 diff --git a/tcg/arm/tcg-target.c.inc b/tcg/arm/tcg-target.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/arm/tcg-target.c.inc
 +++ b/tcg/arm/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static TCGReg tcg_out_tlb_read(TCGContext *s, TCGReg addrlo, TCGReg addrhi,
  /* Record the context of a call to the out of line helper code for the slow
     path for a load or store, so that we can later generate the correct
     helper code.  */
 -static void add_qemu_ldst_label(TCGContext *s, bool is_ld, TCGMemOpIdx oi,
 +static void add_qemu_ldst_label(TCGContext *s, bool is_ld, MemOpIdx oi,
                                  TCGReg datalo, TCGReg datahi, TCGReg addrlo,
                                  TCGReg addrhi, tcg_insn_unit *raddr,
                                  tcg_insn_unit *label_ptr)
@@ -XXX,XX +XXX,XX @@ static void add_qemu_ldst_label(TCGContext *s, bool is_ld, TCGMemOpIdx oi,
  static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
  {
      TCGReg argreg, datalo, datahi;
 -    TCGMemOpIdx oi = lb->oi;
 +    MemOpIdx oi = lb->oi;
      MemOp opc = get_memop(oi);
      void *func;
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
  static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
  {
      TCGReg argreg, datalo, datahi;
 -    TCGMemOpIdx oi = lb->oi;
 +    MemOpIdx oi = lb->oi;
      MemOp opc = get_memop(oi);
      if (!reloc_pc24(lb->label_ptr[0], tcg_splitwx_to_rx(s->code_ptr))) {
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld_direct(TCGContext *s, MemOp opc, TCGReg datalo,
  static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is64)
  {
      TCGReg addrlo, datalo, datahi, addrhi __attribute__((unused));
 -    TCGMemOpIdx oi;
 +    MemOpIdx oi;
      MemOp opc;
  #ifdef CONFIG_SOFTMMU
      int mem_index;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st_direct(TCGContext *s, MemOp opc, TCGReg datalo,
  static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is64)
  {
      TCGReg addrlo, datalo, datahi, addrhi __attribute__((unused));
 -    TCGMemOpIdx oi;
 +    MemOpIdx oi;
      MemOp opc;
  #ifdef CONFIG_SOFTMMU
      int mem_index;
 diff --git a/tcg/i386/tcg-target.c.inc b/tcg/i386/tcg-target.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/i386/tcg-target.c.inc
 +++ b/tcg/i386/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static inline void tcg_out_tlb_load(TCGContext *s, TCGReg addrlo, TCGReg addrhi,
   * for a load or store, so that we can later generate the correct helper code
   */
  static void add_qemu_ldst_label(TCGContext *s, bool is_ld, bool is_64,
 -                                TCGMemOpIdx oi,
 +                                MemOpIdx oi,
                                  TCGReg datalo, TCGReg datahi,
                                  TCGReg addrlo, TCGReg addrhi,
                                  tcg_insn_unit *raddr,
@@ -XXX,XX +XXX,XX @@ static void add_qemu_ldst_label(TCGContext *s, bool is_ld, bool is_64,
   */
  static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
  {
 -    TCGMemOpIdx oi = l->oi;
 +    MemOpIdx oi = l->oi;
      MemOp opc = get_memop(oi);
      TCGReg data_reg;
      tcg_insn_unit **label_ptr = &l->label_ptr[0];
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
   */
  static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
  {
 -    TCGMemOpIdx oi = l->oi;
 +    MemOpIdx oi = l->oi;
      MemOp opc = get_memop(oi);
      MemOp s_bits = opc & MO_SIZE;
      tcg_insn_unit **label_ptr = &l->label_ptr[0];
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is64)
  {
      TCGReg datalo, datahi, addrlo;
      TCGReg addrhi __attribute__((unused));
 -    TCGMemOpIdx oi;
 +    MemOpIdx oi;
      MemOp opc;
  #if defined(CONFIG_SOFTMMU)
      int mem_index;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is64)
  {
      TCGReg datalo, datahi, addrlo;
      TCGReg addrhi __attribute__((unused));
 -    TCGMemOpIdx oi;
 +    MemOpIdx oi;
      MemOp opc;
  #if defined(CONFIG_SOFTMMU)
      int mem_index;
 diff --git a/tcg/mips/tcg-target.c.inc b/tcg/mips/tcg-target.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/mips/tcg-target.c.inc
 +++ b/tcg/mips/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ QEMU_BUILD_BUG_ON(TLB_MASK_TABLE_OFS(0) < -32768);
   * Clobbers TMP0, TMP1, TMP2, TMP3.
   */
  static void tcg_out_tlb_load(TCGContext *s, TCGReg base, TCGReg addrl,
 -                             TCGReg addrh, TCGMemOpIdx oi,
 +                             TCGReg addrh, MemOpIdx oi,
                               tcg_insn_unit *label_ptr[2], bool is_load)
  {
      MemOp opc = get_memop(oi);
@@ -XXX,XX +XXX,XX @@ static void tcg_out_tlb_load(TCGContext *s, TCGReg base, TCGReg addrl,
      tcg_out_opc_reg(s, ALIAS_PADD, base, TCG_TMP2, addrl);
  }
 -static void add_qemu_ldst_label(TCGContext *s, int is_ld, TCGMemOpIdx oi,
 +static void add_qemu_ldst_label(TCGContext *s, int is_ld, MemOpIdx oi,
                                  TCGType ext,
                                  TCGReg datalo, TCGReg datahi,
                                  TCGReg addrlo, TCGReg addrhi,
@@ -XXX,XX +XXX,XX @@ static void add_qemu_ldst_label(TCGContext *s, int is_ld, TCGMemOpIdx oi,
  static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
  {
      const tcg_insn_unit *tgt_rx = tcg_splitwx_to_rx(s->code_ptr);
 -    TCGMemOpIdx oi = l->oi;
 +    MemOpIdx oi = l->oi;
      MemOp opc = get_memop(oi);
      TCGReg v0;
      int i;
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
  static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
  {
      const tcg_insn_unit *tgt_rx = tcg_splitwx_to_rx(s->code_ptr);
 -    TCGMemOpIdx oi = l->oi;
 +    MemOpIdx oi = l->oi;
      MemOp opc = get_memop(oi);
      MemOp s_bits = opc & MO_SIZE;
      int i;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is_64)
  {
      TCGReg addr_regl, addr_regh __attribute__((unused));
      TCGReg data_regl, data_regh;
 -    TCGMemOpIdx oi;
 +    MemOpIdx oi;
      MemOp opc;
  #if defined(CONFIG_SOFTMMU)
      tcg_insn_unit *label_ptr[2];
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is_64)
  {
      TCGReg addr_regl, addr_regh __attribute__((unused));
      TCGReg data_regl, data_regh;
 -    TCGMemOpIdx oi;
 +    MemOpIdx oi;
      MemOp opc;
  #if defined(CONFIG_SOFTMMU)
      tcg_insn_unit *label_ptr[2];
 diff --git a/tcg/ppc/tcg-target.c.inc b/tcg/ppc/tcg-target.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/ppc/tcg-target.c.inc
 +++ b/tcg/ppc/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static TCGReg tcg_out_tlb_read(TCGContext *s, MemOp opc,
  /* Record the context of a call to the out of line helper code for the slow
     path for a load or store, so that we can later generate the correct
     helper code.  */
 -static void add_qemu_ldst_label(TCGContext *s, bool is_ld, TCGMemOpIdx oi,
 +static void add_qemu_ldst_label(TCGContext *s, bool is_ld, MemOpIdx oi,
                                  TCGReg datalo_reg, TCGReg datahi_reg,
                                  TCGReg addrlo_reg, TCGReg addrhi_reg,
                                  tcg_insn_unit *raddr, tcg_insn_unit *lptr)
@@ -XXX,XX +XXX,XX @@ static void add_qemu_ldst_label(TCGContext *s, bool is_ld, TCGMemOpIdx oi,
  static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
  {
 -    TCGMemOpIdx oi = lb->oi;
 +    MemOpIdx oi = lb->oi;
      MemOp opc = get_memop(oi);
      TCGReg hi, lo, arg = TCG_REG_R3;
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
  static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
  {
 -    TCGMemOpIdx oi = lb->oi;
 +    MemOpIdx oi = lb->oi;
      MemOp opc = get_memop(oi);
      MemOp s_bits = opc & MO_SIZE;
      TCGReg hi, lo, arg = TCG_REG_R3;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is_64)
  {
      TCGReg datalo, datahi, addrlo, rbase;
      TCGReg addrhi __attribute__((unused));
 -    TCGMemOpIdx oi;
 +    MemOpIdx oi;
      MemOp opc, s_bits;
  #ifdef CONFIG_SOFTMMU
      int mem_index;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is_64)
  {
      TCGReg datalo, datahi, addrlo, rbase;
      TCGReg addrhi __attribute__((unused));
 -    TCGMemOpIdx oi;
 +    MemOpIdx oi;
      MemOp opc, s_bits;
  #ifdef CONFIG_SOFTMMU
      int mem_index;
 diff --git a/tcg/riscv/tcg-target.c.inc b/tcg/riscv/tcg-target.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/riscv/tcg-target.c.inc
 +++ b/tcg/riscv/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static void tcg_out_mb(TCGContext *s, TCGArg a0)
  #include "../tcg-ldst.c.inc"
  /* helper signature: helper_ret_ld_mmu(CPUState *env, target_ulong addr,
 - *                                     TCGMemOpIdx oi, uintptr_t ra)
 + *                                     MemOpIdx oi, uintptr_t ra)
   */
  static void * const qemu_ld_helpers[MO_SSIZE + 1] = {
      [MO_UB] = helper_ret_ldub_mmu,
@@ -XXX,XX +XXX,XX @@ static void * const qemu_ld_helpers[MO_SSIZE + 1] = {
  };
  /* helper signature: helper_ret_st_mmu(CPUState *env, target_ulong addr,
 - *                                     uintxx_t val, TCGMemOpIdx oi,
 + *                                     uintxx_t val, MemOpIdx oi,
   *                                     uintptr_t ra)
   */
  static void * const qemu_st_helpers[MO_SIZE + 1] = {
@@ -XXX,XX +XXX,XX @@ static void tcg_out_goto(TCGContext *s, const tcg_insn_unit *target)
  }
  static void tcg_out_tlb_load(TCGContext *s, TCGReg addrl,
 -                             TCGReg addrh, TCGMemOpIdx oi,
 +                             TCGReg addrh, MemOpIdx oi,
                               tcg_insn_unit **label_ptr, bool is_load)
  {
      MemOp opc = get_memop(oi);
@@ -XXX,XX +XXX,XX @@ static void tcg_out_tlb_load(TCGContext *s, TCGReg addrl,
      tcg_out_opc_reg(s, OPC_ADD, TCG_REG_TMP0, TCG_REG_TMP2, addrl);
  }
 -static void add_qemu_ldst_label(TCGContext *s, int is_ld, TCGMemOpIdx oi,
 +static void add_qemu_ldst_label(TCGContext *s, int is_ld, MemOpIdx oi,
                                  TCGType ext,
                                  TCGReg datalo, TCGReg datahi,
                                  TCGReg addrlo, TCGReg addrhi,
@@ -XXX,XX +XXX,XX @@ static void add_qemu_ldst_label(TCGContext *s, int is_ld, TCGMemOpIdx oi,
  static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
  {
 -    TCGMemOpIdx oi = l->oi;
 +    MemOpIdx oi = l->oi;
      MemOp opc = get_memop(oi);
      TCGReg a0 = tcg_target_call_iarg_regs[0];
      TCGReg a1 = tcg_target_call_iarg_regs[1];
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
  static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
  {
 -    TCGMemOpIdx oi = l->oi;
 +    MemOpIdx oi = l->oi;
      MemOp opc = get_memop(oi);
      MemOp s_bits = opc & MO_SIZE;
      TCGReg a0 = tcg_target_call_iarg_regs[0];
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is_64)
  {
      TCGReg addr_regl, addr_regh __attribute__((unused));
      TCGReg data_regl, data_regh;
 -    TCGMemOpIdx oi;
 +    MemOpIdx oi;
      MemOp opc;
  #if defined(CONFIG_SOFTMMU)
      tcg_insn_unit *label_ptr[1];
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is_64)
  {
      TCGReg addr_regl, addr_regh __attribute__((unused));
      TCGReg data_regl, data_regh;
 -    TCGMemOpIdx oi;
 +    MemOpIdx oi;
      MemOp opc;
  #if defined(CONFIG_SOFTMMU)
      tcg_insn_unit *label_ptr[1];
 diff --git a/tcg/s390/tcg-target.c.inc b/tcg/s390/tcg-target.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/s390/tcg-target.c.inc
 +++ b/tcg/s390/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static TCGReg tcg_out_tlb_read(TCGContext *s, TCGReg addr_reg, MemOp opc,
      return addr_reg;
  }
 -static void add_qemu_ldst_label(TCGContext *s, bool is_ld, TCGMemOpIdx oi,
 +static void add_qemu_ldst_label(TCGContext *s, bool is_ld, MemOpIdx oi,
                                  TCGReg data, TCGReg addr,
                                  tcg_insn_unit *raddr, tcg_insn_unit *label_ptr)
  {
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
  {
      TCGReg addr_reg = lb->addrlo_reg;
      TCGReg data_reg = lb->datalo_reg;
 -    TCGMemOpIdx oi = lb->oi;
 +    MemOpIdx oi = lb->oi;
      MemOp opc = get_memop(oi);
      if (!patch_reloc(lb->label_ptr[0], R_390_PC16DBL,
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
  {
      TCGReg addr_reg = lb->addrlo_reg;
      TCGReg data_reg = lb->datalo_reg;
 -    TCGMemOpIdx oi = lb->oi;
 +    MemOpIdx oi = lb->oi;
      MemOp opc = get_memop(oi);
      if (!patch_reloc(lb->label_ptr[0], R_390_PC16DBL,
@@ -XXX,XX +XXX,XX @@ static void tcg_prepare_user_ldst(TCGContext *s, TCGReg *addr_reg,
  #endif /* CONFIG_SOFTMMU */
  static void tcg_out_qemu_ld(TCGContext* s, TCGReg data_reg, TCGReg addr_reg,
 -                            TCGMemOpIdx oi)
 +                            MemOpIdx oi)
  {
      MemOp opc = get_memop(oi);
  #ifdef CONFIG_SOFTMMU
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext* s, TCGReg data_reg, TCGReg addr_reg,
  }
  static void tcg_out_qemu_st(TCGContext* s, TCGReg data_reg, TCGReg addr_reg,
 -                            TCGMemOpIdx oi)
 +                            MemOpIdx oi)
  {
      MemOp opc = get_memop(oi);
  #ifdef CONFIG_SOFTMMU
 diff --git a/tcg/sparc/tcg-target.c.inc b/tcg/sparc/tcg-target.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/sparc/tcg-target.c.inc
 +++ b/tcg/sparc/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static const int qemu_st_opc[(MO_SIZE | MO_BSWAP) + 1] = {
  };
  static void tcg_out_qemu_ld(TCGContext *s, TCGReg data, TCGReg addr,
 -                            TCGMemOpIdx oi, bool is_64)
 +                            MemOpIdx oi, bool is_64)
  {
      MemOp memop = get_memop(oi);
  #ifdef CONFIG_SOFTMMU
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, TCGReg data, TCGReg addr,
  }
  static void tcg_out_qemu_st(TCGContext *s, TCGReg data, TCGReg addr,
 -                            TCGMemOpIdx oi)
 +                            MemOpIdx oi)
  {
      MemOp memop = get_memop(oi);
  #ifdef CONFIG_SOFTMMU
 diff --git a/tcg/tcg-ldst.c.inc b/tcg/tcg-ldst.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/tcg-ldst.c.inc
 +++ b/tcg/tcg-ldst.c.inc
@@ -XXX,XX +XXX,XX @@
  typedef struct TCGLabelQemuLdst {
      bool is_ld;             /* qemu_ld: true, qemu_st: false */
 -    TCGMemOpIdx oi;
 +    MemOpIdx oi;
      TCGType type;           /* result type of a load */
      TCGReg addrlo_reg;      /* reg index for low word of guest virtual addr */
      TCGReg addrhi_reg;      /* reg index for high word of guest virtual addr */
 --
-.25.1
+.34.1

-[PULL 27/28] tcg/s390x: Implement TCG_TARGET_HAS_bitsel_vec
+[PULL 07/20] accel/tcg: Introduce probe_access_full
+Add an interface to return the CPUTLBEntryFull struct
+that goes with the lookup.  The result is not intended
+to be valid across multiple lookups, so the user must
+use the results immediately.
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- tcg/s390x/tcg-target-con-set.h |  1 +
+ include/exec/exec-all.h | 15 +++++++++++++
- tcg/s390x/tcg-target.h         |  2 +-
+ include/qemu/typedefs.h |  1 +
- tcg/s390x/tcg-target.c.inc     | 20 ++++++++++++++++++++
+ accel/tcg/cputlb.c      | 47 +++++++++++++++++++++++++----------------
-files changed, 22 insertions(+), 1 deletion(-)
+files changed, 45 insertions(+), 18 deletions(-)
-diff --git a/tcg/s390x/tcg-target-con-set.h b/tcg/s390x/tcg-target-con-set.h
+diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
 index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390x/tcg-target-con-set.h
+--- a/include/exec/exec-all.h
-+++ b/tcg/s390x/tcg-target-con-set.h
++++ b/include/exec/exec-all.h
-@@ -XXX,XX +XXX,XX @@ C_O1_I2(r, r, ri)
+@@ -XXX,XX +XXX,XX @@ int probe_access_flags(CPUArchState *env, target_ulong addr,
- C_O1_I2(r, rZ, r)
+                        MMUAccessType access_type, int mmu_idx,
- C_O1_I2(v, v, r)
+                        bool nonfault, void **phost, uintptr_t retaddr);
- C_O1_I2(v, v, v)
-+C_O1_I3(v, v, v, v)
++#ifndef CONFIG_USER_ONLY
- C_O1_I4(r, r, ri, r, 0)
++/**
- C_O1_I4(r, r, ri, rI, 0)
++ * probe_access_full:
- C_O2_I2(b, a, 0, r)
++ * Like probe_access_flags, except also return into @pfull.
-diff --git a/tcg/s390x/tcg-target.h b/tcg/s390x/tcg-target.h
++ *
 + * The CPUTLBEntryFull structure returned via @pfull is transient
 + * and must be consumed or copied immediately, before any further
 + * access or changes to TLB @mmu_idx.
 + */
 +int probe_access_full(CPUArchState *env, target_ulong addr,
 +                      MMUAccessType access_type, int mmu_idx,
 +                      bool nonfault, void **phost,
 +                      CPUTLBEntryFull **pfull, uintptr_t retaddr);
 +#endif
 +
  #define CODE_GEN_ALIGN           16 /* must be >= of the size of a icache line */
  /* Estimated block size for TB allocation.  */
 diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
 index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390x/tcg-target.h
+--- a/include/qemu/typedefs.h
-+++ b/tcg/s390x/tcg-target.h
++++ b/include/qemu/typedefs.h
-@@ -XXX,XX +XXX,XX @@ extern uint64_t s390_facilities[3];
+@@ -XXX,XX +XXX,XX @@ typedef struct ConfidentialGuestSupport ConfidentialGuestSupport;
- #define TCG_TARGET_HAS_mul_vec        1
+ typedef struct CPUAddressSpace CPUAddressSpace;
- #define TCG_TARGET_HAS_sat_vec        0
+ typedef struct CPUArchState CPUArchState;
- #define TCG_TARGET_HAS_minmax_vec     1
+ typedef struct CPUState CPUState;
--#define TCG_TARGET_HAS_bitsel_vec     0
++typedef struct CPUTLBEntryFull CPUTLBEntryFull;
-+#define TCG_TARGET_HAS_bitsel_vec     1
+ typedef struct DeviceListener DeviceListener;
- #define TCG_TARGET_HAS_cmpsel_vec     0
+ typedef struct DeviceState DeviceState;
+ typedef struct DirtyBitmapSnapshot DirtyBitmapSnapshot;
- /* used for function call generation */
+diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
 diff --git a/tcg/s390x/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
 index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390x/tcg-target.c.inc
+--- a/accel/tcg/cputlb.c
-+++ b/tcg/s390x/tcg-target.c.inc
++++ b/accel/tcg/cputlb.c
-@@ -XXX,XX +XXX,XX @@ typedef enum S390Opcode {
+@@ -XXX,XX +XXX,XX @@ static void notdirty_write(CPUState *cpu, vaddr mem_vaddr, unsigned size,
-     VRRa_VUPH   = 0xe7d7,
+ static int probe_access_internal(CPUArchState *env, target_ulong addr,
-     VRRa_VUPL   = 0xe7d6,
+                                  int fault_size, MMUAccessType access_type,
-     VRRc_VX     = 0xe76d,
+                                  int mmu_idx, bool nonfault,
-+    VRRe_VSEL   = 0xe78d,
+-                                 void **phost, uintptr_t retaddr)
-     VRRf_VLVGP  = 0xe762,
++                                 void **phost, CPUTLBEntryFull **pfull,
++                                 uintptr_t retaddr)
-     VRSa_VERLL  = 0xe733,
+ {
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_insn_VRRc(TCGContext *s, S390Opcode op,
+     uintptr_t index = tlb_index(env, mmu_idx, addr);
-     tcg_out16(s, (op & 0x00ff) | RXB(v1, v2, v3, 0) | (m4 << 12));
+     CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
@@ -XXX,XX +XXX,XX @@ static int probe_access_internal(CPUArchState *env, target_ulong addr,
                                             mmu_idx, nonfault, retaddr)) {
                  /* Non-faulting page table read failed.  */
                  *phost = NULL;
 +                *pfull = NULL;
                  return TLB_INVALID_MASK;
              }
              /* TLB resize via tlb_fill may have moved the entry.  */
 +            index = tlb_index(env, mmu_idx, addr);
              entry = tlb_entry(env, mmu_idx, addr);
              /*
@@ -XXX,XX +XXX,XX @@ static int probe_access_internal(CPUArchState *env, target_ulong addr,
      }
      flags &= tlb_addr;
 +    *pfull = &env_tlb(env)->d[mmu_idx].fulltlb[index];
 +
      /* Fold all "mmio-like" bits into TLB_MMIO.  This is not RAM.  */
      if (unlikely(flags & ~(TLB_WATCHPOINT | TLB_NOTDIRTY))) {
          *phost = NULL;
@@ -XXX,XX +XXX,XX @@ static int probe_access_internal(CPUArchState *env, target_ulong addr,
      return flags;
  }
-+static void tcg_out_insn_VRRe(TCGContext *s, S390Opcode op,
+-int probe_access_flags(CPUArchState *env, target_ulong addr,
-+                              TCGReg v1, TCGReg v2, TCGReg v3, TCGReg v4)
+-                       MMUAccessType access_type, int mmu_idx,
 -                       bool nonfault, void **phost, uintptr_t retaddr)
 +int probe_access_full(CPUArchState *env, target_ulong addr,
 +                      MMUAccessType access_type, int mmu_idx,
 +                      bool nonfault, void **phost, CPUTLBEntryFull **pfull,
 +                      uintptr_t retaddr)
  {
 -    int flags;
 -
 -    flags = probe_access_internal(env, addr, 0, access_type, mmu_idx,
 -                                  nonfault, phost, retaddr);
 +    int flags = probe_access_internal(env, addr, 0, access_type, mmu_idx,
 +                                      nonfault, phost, pfull, retaddr);
      /* Handle clean RAM pages.  */
      if (unlikely(flags & TLB_NOTDIRTY)) {
 -        uintptr_t index = tlb_index(env, mmu_idx, addr);
 -        CPUTLBEntryFull *full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
 -
 -        notdirty_write(env_cpu(env), addr, 1, full, retaddr);
 +        notdirty_write(env_cpu(env), addr, 1, *pfull, retaddr);
          flags &= ~TLB_NOTDIRTY;
      }
      return flags;
  }
 +int probe_access_flags(CPUArchState *env, target_ulong addr,
 +                       MMUAccessType access_type, int mmu_idx,
 +                       bool nonfault, void **phost, uintptr_t retaddr)
 +{
-+    tcg_debug_assert(is_vector_reg(v1));
++    CPUTLBEntryFull *full;
-+    tcg_debug_assert(is_vector_reg(v2));
++
-+    tcg_debug_assert(is_vector_reg(v3));
++    return probe_access_full(env, addr, access_type, mmu_idx,
-+    tcg_debug_assert(is_vector_reg(v4));
++                             nonfault, phost, &full, retaddr);
 +    tcg_out16(s, (op & 0xff00) | ((v1 & 0xf) << 4) | (v2 & 0xf));
 +    tcg_out16(s, v3 << 12);
 +    tcg_out16(s, (op & 0x00ff) | RXB(v1, v2, v3, v4) | (v4 << 12));
 +}
 +
- static void tcg_out_insn_VRRf(TCGContext *s, S390Opcode op,
+ void *probe_access(CPUArchState *env, target_ulong addr, int size,
-                               TCGReg v1, TCGReg r2, TCGReg r3)
+                    MMUAccessType access_type, int mmu_idx, uintptr_t retaddr)
  {
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
++    CPUTLBEntryFull *full;
-         tcg_out_insn(s, VRRc, VMXL, a0, a1, a2, vece);
+     void *host;
-         break;
+     int flags;
-+    case INDEX_op_bitsel_vec:
+     g_assert(-(addr | TARGET_PAGE_MASK) >= size);
-+        tcg_out_insn(s, VRRe, VSEL, a0, a1, a2, args[3]);
-+        break;
+     flags = probe_access_internal(env, addr, size, access_type, mmu_idx,
-+
+-                                  false, &host, retaddr);
-     case INDEX_op_cmp_vec:
++                                  false, &host, &full, retaddr);
-         switch ((TCGCond)args[3]) {
-         case TCG_COND_EQ:
+     /* Per the interface, size == 0 merely faults the access. */
-@@ -XXX,XX +XXX,XX @@ int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, unsigned vece)
+     if (size == 0) {
-     case INDEX_op_add_vec:
+@@ -XXX,XX +XXX,XX @@ void *probe_access(CPUArchState *env, target_ulong addr, int size,
-     case INDEX_op_and_vec:
+     }
-     case INDEX_op_andc_vec:
-+    case INDEX_op_bitsel_vec:
+     if (unlikely(flags & (TLB_NOTDIRTY | TLB_WATCHPOINT))) {
-     case INDEX_op_neg_vec:
+-        uintptr_t index = tlb_index(env, mmu_idx, addr);
-     case INDEX_op_not_vec:
+-        CPUTLBEntryFull *full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
-     case INDEX_op_or_vec:
+-
-@@ -XXX,XX +XXX,XX @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
+         /* Handle watchpoints.  */
-     case INDEX_op_shrs_vec:
+         if (flags & TLB_WATCHPOINT) {
-     case INDEX_op_sars_vec:
+             int wp_access = (access_type == MMU_DATA_STORE
-         return C_O1_I2(v, v, r);
+@@ -XXX,XX +XXX,XX @@ void *probe_access(CPUArchState *env, target_ulong addr, int size,
-+    case INDEX_op_bitsel_vec:
+ void *tlb_vaddr_to_host(CPUArchState *env, abi_ptr addr,
-+        return C_O1_I3(v, v, v, v);
+                         MMUAccessType access_type, int mmu_idx)
+ {
-     default:
++    CPUTLBEntryFull *full;
-         g_assert_not_reached();
+     void *host;
      int flags;
      flags = probe_access_internal(env, addr, 0, access_type,
 -                                  mmu_idx, true, &host, 0);
 +                                  mmu_idx, true, &host, &full, 0);
      /* No combination of flags are expected by the caller. */
      return flags ? NULL : host;
@@ -XXX,XX +XXX,XX @@ void *tlb_vaddr_to_host(CPUArchState *env, abi_ptr addr,
  tb_page_addr_t get_page_addr_code_hostp(CPUArchState *env, target_ulong addr,
                                          void **hostp)
  {
 +    CPUTLBEntryFull *full;
      void *p;
      (void)probe_access_internal(env, addr, 1, MMU_INST_FETCH,
 -                                cpu_mmu_index(env, true), false, &p, 0);
 +                                cpu_mmu_index(env, true), false, &p, &full, 0);
      if (p == NULL) {
          return -1;
      }
 --
-.25.1
+.34.1

-[PULL 09/28] accel/tcg: Pass MemOpIdx to atomic_trace_*_post
+[PULL 08/20] accel/tcg: Introduce tlb_set_page_full
-We will shortly use the MemOpIdx directly, but in the meantime
+Now that we have collected all of the page data into
-re-compute the trace meminfo.
+CPUTLBEntryFull, provide an interface to record that
 all in one go, instead of using 4 arguments.  This interface
 allows CPUTLBEntryFull to be extended without having to
 change the number of arguments.
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- accel/tcg/atomic_template.h   | 48 +++++++++++++++++------------------
+ include/exec/cpu-defs.h | 14 +++++++++++
- accel/tcg/atomic_common.c.inc | 30 +++++++++++-----------
+ include/exec/exec-all.h | 22 ++++++++++++++++++
-files changed, 39 insertions(+), 39 deletions(-)
+ accel/tcg/cputlb.c      | 51 ++++++++++++++++++++++++++---------------
 files changed, 69 insertions(+), 18 deletions(-)
-diff --git a/accel/tcg/atomic_template.h b/accel/tcg/atomic_template.h
+diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
 index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/atomic_template.h
+--- a/include/exec/cpu-defs.h
-+++ b/accel/tcg/atomic_template.h
++++ b/include/exec/cpu-defs.h
-@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(cmpxchg)(CPUArchState *env, target_ulong addr,
+@@ -XXX,XX +XXX,XX @@ typedef struct CPUTLBEntryFull {
-     DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,
+      *     + the offset within the target MemoryRegion (otherwise)
-                                          PAGE_READ | PAGE_WRITE, retaddr);
+      */
-     DATA_TYPE ret;
+     hwaddr xlat_section;
--    uint16_t info = atomic_trace_rmw_pre(env, addr, oi);
++
++    /*
-+    atomic_trace_rmw_pre(env, addr, oi);
++     * @phys_addr contains the physical address in the address space
- #if DATA_SIZE == 16
++     * given by cpu_asidx_from_attrs(cpu, @attrs).
-     ret = atomic16_cmpxchg(haddr, cmpv, newv);
++     */
- #else
++    hwaddr phys_addr;
-     ret = qatomic_cmpxchg__nocheck(haddr, cmpv, newv);
++
- #endif
++    /* @attrs contains the memory transaction attributes for the page. */
-     ATOMIC_MMU_CLEANUP;
+     MemTxAttrs attrs;
--    atomic_trace_rmw_post(env, addr, info);
++
-+    atomic_trace_rmw_post(env, addr, oi);
++    /* @prot contains the complete protections for the page. */
-     return ret;
++    uint8_t prot;
 +
 +    /* @lg_page_size contains the log2 of the page size. */
 +    uint8_t lg_page_size;
  } CPUTLBEntryFull;
  /*
 diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/exec/exec-all.h
 +++ b/include/exec/exec-all.h
@@ -XXX,XX +XXX,XX @@ void tlb_flush_range_by_mmuidx_all_cpus_synced(CPUState *cpu,
                                                 uint16_t idxmap,
                                                 unsigned bits);
 +/**
 + * tlb_set_page_full:
 + * @cpu: CPU context
 + * @mmu_idx: mmu index of the tlb to modify
 + * @vaddr: virtual address of the entry to add
 + * @full: the details of the tlb entry
 + *
 + * Add an entry to @cpu tlb index @mmu_idx.  All of the fields of
 + * @full must be filled, except for xlat_section, and constitute
 + * the complete description of the translated page.
 + *
 + * This is generally called by the target tlb_fill function after
 + * having performed a successful page table walk to find the physical
 + * address and attributes for the translation.
 + *
 + * At most one entry for a given virtual address is permitted. Only a
 + * single TARGET_PAGE_SIZE region is mapped; @full->lg_page_size is only
 + * used by tlb_flush_page.
 + */
 +void tlb_set_page_full(CPUState *cpu, int mmu_idx, target_ulong vaddr,
 +                       CPUTLBEntryFull *full);
 +
  /**
   * tlb_set_page_with_attrs:
   * @cpu: CPU to add this TLB entry for
 diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/cputlb.c
 +++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ static void tlb_add_large_page(CPUArchState *env, int mmu_idx,
      env_tlb(env)->d[mmu_idx].large_page_mask = lp_mask;
  }
-@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(ld)(CPUArchState *env, target_ulong addr,
+-/* Add a new TLB entry. At most one entry for a given virtual address
-     DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,
++/*
-                                          PAGE_READ, retaddr);
++ * Add a new TLB entry. At most one entry for a given virtual address
-     DATA_TYPE val;
+  * is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
--    uint16_t info = atomic_trace_ld_pre(env, addr, oi);
+  * supplied size is only used by tlb_flush_page.
+  *
-+    atomic_trace_ld_pre(env, addr, oi);
+  * Called from TCG-generated code, which is under an RCU read-side
-     val = atomic16_read(haddr);
+  * critical section.
-     ATOMIC_MMU_CLEANUP;
+  */
--    atomic_trace_ld_post(env, addr, info);
+-void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
-+    atomic_trace_ld_post(env, addr, oi);
+-                             hwaddr paddr, MemTxAttrs attrs, int prot,
-     return val;
+-                             int mmu_idx, target_ulong size)
 +void tlb_set_page_full(CPUState *cpu, int mmu_idx,
 +                       target_ulong vaddr, CPUTLBEntryFull *full)
  {
      CPUArchState *env = cpu->env_ptr;
      CPUTLB *tlb = env_tlb(env);
@@ -XXX,XX +XXX,XX @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
      CPUTLBEntry *te, tn;
      hwaddr iotlb, xlat, sz, paddr_page;
      target_ulong vaddr_page;
 -    int asidx = cpu_asidx_from_attrs(cpu, attrs);
 -    int wp_flags;
 +    int asidx, wp_flags, prot;
      bool is_ram, is_romd;
      assert_cpu_is_self(cpu);
 -    if (size <= TARGET_PAGE_SIZE) {
 +    if (full->lg_page_size <= TARGET_PAGE_BITS) {
          sz = TARGET_PAGE_SIZE;
      } else {
 -        tlb_add_large_page(env, mmu_idx, vaddr, size);
 -        sz = size;
 +        sz = (hwaddr)1 << full->lg_page_size;
 +        tlb_add_large_page(env, mmu_idx, vaddr, sz);
      }
      vaddr_page = vaddr & TARGET_PAGE_MASK;
 -    paddr_page = paddr & TARGET_PAGE_MASK;
 +    paddr_page = full->phys_addr & TARGET_PAGE_MASK;
 +    prot = full->prot;
 +    asidx = cpu_asidx_from_attrs(cpu, full->attrs);
      section = address_space_translate_for_iotlb(cpu, asidx, paddr_page,
 -                                                &xlat, &sz, attrs, &prot);
 +                                                &xlat, &sz, full->attrs, &prot);
      assert(sz >= TARGET_PAGE_SIZE);
      tlb_debug("vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
                " prot=%x idx=%d\n",
 -              vaddr, paddr, prot, mmu_idx);
 +              vaddr, full->phys_addr, prot, mmu_idx);
      address = vaddr_page;
 -    if (size < TARGET_PAGE_SIZE) {
 +    if (full->lg_page_size < TARGET_PAGE_BITS) {
          /* Repeat the MMU check and TLB fill on every access.  */
          address |= TLB_INVALID_MASK;
      }
 -    if (attrs.byte_swap) {
 +    if (full->attrs.byte_swap) {
          address |= TLB_BSWAP;
      }
@@ -XXX,XX +XXX,XX @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
       * subtract here is that of the page base, and not the same as the
       * vaddr we add back in io_readx()/io_writex()/get_page_addr_code().
       */
 +    desc->fulltlb[index] = *full;
      desc->fulltlb[index].xlat_section = iotlb - vaddr_page;
 -    desc->fulltlb[index].attrs = attrs;
 +    desc->fulltlb[index].phys_addr = paddr_page;
 +    desc->fulltlb[index].prot = prot;
      /* Now calculate the new entry */
      tn.addend = addend - vaddr_page;
@@ -XXX,XX +XXX,XX @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
      qemu_spin_unlock(&tlb->c.lock);
  }
-@@ -XXX,XX +XXX,XX @@ void ATOMIC_NAME(st)(CPUArchState *env, target_ulong addr, ABI_TYPE val,
+-/* Add a new TLB entry, but without specifying the memory
- {
+- * transaction attributes to be used.
-     DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,
+- */
-                                          PAGE_WRITE, retaddr);
++void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
--    uint16_t info = atomic_trace_st_pre(env, addr, oi);
++                             hwaddr paddr, MemTxAttrs attrs, int prot,
++                             int mmu_idx, target_ulong size)
-+    atomic_trace_st_pre(env, addr, oi);
++{
-     atomic16_set(haddr, val);
++    CPUTLBEntryFull full = {
-     ATOMIC_MMU_CLEANUP;
++        .phys_addr = paddr,
--    atomic_trace_st_post(env, addr, info);
++        .attrs = attrs,
-+    atomic_trace_st_post(env, addr, oi);
++        .prot = prot,
- }
++        .lg_page_size = ctz64(size)
- #endif
++    };
  #else
@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(xchg)(CPUArchState *env, target_ulong addr, ABI_TYPE val,
      DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,
                                           PAGE_READ | PAGE_WRITE, retaddr);
      DATA_TYPE ret;
 -    uint16_t info = atomic_trace_rmw_pre(env, addr, oi);
 +    atomic_trace_rmw_pre(env, addr, oi);
      ret = qatomic_xchg__nocheck(haddr, val);
      ATOMIC_MMU_CLEANUP;
 -    atomic_trace_rmw_post(env, addr, info);
 +    atomic_trace_rmw_post(env, addr, oi);
      return ret;
  }
@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(X)(CPUArchState *env, target_ulong addr,       \
      DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,  \
                                           PAGE_READ | PAGE_WRITE, retaddr); \
      DATA_TYPE ret;                                                  \
 -    uint16_t info = atomic_trace_rmw_pre(env, addr, oi);            \
 +    atomic_trace_rmw_pre(env, addr, oi);                            \
      ret = qatomic_##X(haddr, val);                                  \
      ATOMIC_MMU_CLEANUP;                                             \
 -    atomic_trace_rmw_post(env, addr, info);                         \
 +    atomic_trace_rmw_post(env, addr, oi);                           \
      return ret;                                                     \
  }
@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(X)(CPUArchState *env, target_ulong addr,       \
      XDATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE, \
                                            PAGE_READ | PAGE_WRITE, retaddr); \
      XDATA_TYPE cmp, old, new, val = xval;                           \
 -    uint16_t info = atomic_trace_rmw_pre(env, addr, oi);            \
 +    atomic_trace_rmw_pre(env, addr, oi);                            \
      smp_mb();                                                       \
      cmp = qatomic_read__nocheck(haddr);                             \
      do {                                                            \
@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(X)(CPUArchState *env, target_ulong addr,       \
          cmp = qatomic_cmpxchg__nocheck(haddr, old, new);            \
      } while (cmp != old);                                           \
      ATOMIC_MMU_CLEANUP;                                             \
 -    atomic_trace_rmw_post(env, addr, info);                         \
 +    atomic_trace_rmw_post(env, addr, oi);                           \
      return RET;                                                     \
  }
@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(cmpxchg)(CPUArchState *env, target_ulong addr,
      DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,
                                           PAGE_READ | PAGE_WRITE, retaddr);
      DATA_TYPE ret;
 -    uint16_t info = atomic_trace_rmw_pre(env, addr, oi);
 +    atomic_trace_rmw_pre(env, addr, oi);
  #if DATA_SIZE == 16
      ret = atomic16_cmpxchg(haddr, BSWAP(cmpv), BSWAP(newv));
  #else
      ret = qatomic_cmpxchg__nocheck(haddr, BSWAP(cmpv), BSWAP(newv));
  #endif
      ATOMIC_MMU_CLEANUP;
 -    atomic_trace_rmw_post(env, addr, info);
 +    atomic_trace_rmw_post(env, addr, oi);
      return BSWAP(ret);
  }
@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(ld)(CPUArchState *env, target_ulong addr,
      DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,
                                           PAGE_READ, retaddr);
      DATA_TYPE val;
 -    uint16_t info = atomic_trace_ld_pre(env, addr, oi);
 +    atomic_trace_ld_pre(env, addr, oi);
      val = atomic16_read(haddr);
      ATOMIC_MMU_CLEANUP;
 -    atomic_trace_ld_post(env, addr, info);
 +    atomic_trace_ld_post(env, addr, oi);
      return BSWAP(val);
  }
@@ -XXX,XX +XXX,XX @@ void ATOMIC_NAME(st)(CPUArchState *env, target_ulong addr, ABI_TYPE val,
  {
      DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,
                                           PAGE_WRITE, retaddr);
 -    uint16_t info = atomic_trace_st_pre(env, addr, oi);
 +    atomic_trace_st_pre(env, addr, oi);
      val = BSWAP(val);
      atomic16_set(haddr, val);
      ATOMIC_MMU_CLEANUP;
 -    atomic_trace_st_post(env, addr, info);
 +    atomic_trace_st_post(env, addr, oi);
  }
  #endif
  #else
@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(xchg)(CPUArchState *env, target_ulong addr, ABI_TYPE val,
      DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,
                                           PAGE_READ | PAGE_WRITE, retaddr);
      ABI_TYPE ret;
 -    uint16_t info = atomic_trace_rmw_pre(env, addr, oi);
 +    atomic_trace_rmw_pre(env, addr, oi);
      ret = qatomic_xchg__nocheck(haddr, BSWAP(val));
      ATOMIC_MMU_CLEANUP;
 -    atomic_trace_rmw_post(env, addr, info);
 +    atomic_trace_rmw_post(env, addr, oi);
      return BSWAP(ret);
  }
@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(X)(CPUArchState *env, target_ulong addr,       \
      DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,  \
                                           PAGE_READ | PAGE_WRITE, retaddr); \
      DATA_TYPE ret;                                                  \
 -    uint16_t info = atomic_trace_rmw_pre(env, addr, oi);            \
 +    atomic_trace_rmw_pre(env, addr, oi);                            \
      ret = qatomic_##X(haddr, BSWAP(val));                           \
      ATOMIC_MMU_CLEANUP;                                             \
 -    atomic_trace_rmw_post(env, addr, info);                         \
 +    atomic_trace_rmw_post(env, addr, oi);                           \
      return BSWAP(ret);                                              \
  }
@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(X)(CPUArchState *env, target_ulong addr,       \
      XDATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE, \
                                            PAGE_READ | PAGE_WRITE, retaddr); \
      XDATA_TYPE ldo, ldn, old, new, val = xval;                      \
 -    uint16_t info = atomic_trace_rmw_pre(env, addr, oi);            \
 +    atomic_trace_rmw_pre(env, addr, oi);                            \
      smp_mb();                                                       \
      ldn = qatomic_read__nocheck(haddr);                             \
      do {                                                            \
@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(X)(CPUArchState *env, target_ulong addr,       \
          ldn = qatomic_cmpxchg__nocheck(haddr, ldo, BSWAP(new));     \
      } while (ldo != ldn);                                           \
      ATOMIC_MMU_CLEANUP;                                             \
 -    atomic_trace_rmw_post(env, addr, info);                         \
 +    atomic_trace_rmw_post(env, addr, oi);                           \
      return RET;                                                     \
  }
 diff --git a/accel/tcg/atomic_common.c.inc b/accel/tcg/atomic_common.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/atomic_common.c.inc
 +++ b/accel/tcg/atomic_common.c.inc
@@ -XXX,XX +XXX,XX @@
   * See the COPYING file in the top-level directory.
   */
 -static uint16_t atomic_trace_rmw_pre(CPUArchState *env, target_ulong addr,
 -                                     MemOpIdx oi)
 +static void atomic_trace_rmw_pre(CPUArchState *env, target_ulong addr,
 +                                 MemOpIdx oi)
  {
      CPUState *cpu = env_cpu(env);
      uint16_t info = trace_mem_get_info(oi, false);
      trace_guest_mem_before_exec(cpu, addr, info);
      trace_guest_mem_before_exec(cpu, addr, info | TRACE_MEM_ST);
 -
 -    return info;
  }
  static void atomic_trace_rmw_post(CPUArchState *env, target_ulong addr,
 -                                  uint16_t info)
 +                                  MemOpIdx oi)
  {
 +    uint16_t info = trace_mem_get_info(oi, false);
 +
-     qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, info);
++    assert(is_power_of_2(size));
-     qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, info | TRACE_MEM_ST);
++    tlb_set_page_full(cpu, mmu_idx, vaddr, &full);
- }
++}
  #if HAVE_ATOMIC128
 -static uint16_t atomic_trace_ld_pre(CPUArchState *env, target_ulong addr,
 -                                    MemOpIdx oi)
 +static void atomic_trace_ld_pre(CPUArchState *env, target_ulong addr,
 +                                MemOpIdx oi)
  {
      uint16_t info = trace_mem_get_info(oi, false);
      trace_guest_mem_before_exec(env_cpu(env), addr, info);
 -
 -    return info;
  }
  static void atomic_trace_ld_post(CPUArchState *env, target_ulong addr,
 -                                 uint16_t info)
 +                                 MemOpIdx oi)
  {
 +    uint16_t info = trace_mem_get_info(oi, false);
 +
-     qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, info);
+ void tlb_set_page(CPUState *cpu, target_ulong vaddr,
- }
+                   hwaddr paddr, int prot,
+                   int mmu_idx, target_ulong size)
 -static uint16_t atomic_trace_st_pre(CPUArchState *env, target_ulong addr,
 -                                    MemOpIdx oi)
 +static void atomic_trace_st_pre(CPUArchState *env, target_ulong addr,
 +                                MemOpIdx oi)
  {
      uint16_t info = trace_mem_get_info(oi, true);
      trace_guest_mem_before_exec(env_cpu(env), addr, info);
 -
 -    return info;
  }
  static void atomic_trace_st_post(CPUArchState *env, target_ulong addr,
 -                                 uint16_t info)
 +                                 MemOpIdx oi)
  {
 +    uint16_t info = trace_mem_get_info(oi, false);
 +
      qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, info);
  }
  #endif
 --
-.25.1
+.34.1

-[PULL 12/28] hw/core/cpu: Re-sort the non-pointers to the end of CPUClass
+[PULL 09/20] include/exec: Introduce TARGET_PAGE_ENTRY_EXTRA
-Despite the comment, the members were not kept at the end.
+Allow the target to cache items from the guest page tables.
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- include/hw/core/cpu.h | 11 +++++++----
+ include/exec/cpu-defs.h | 9 +++++++++
-file changed, 7 insertions(+), 4 deletions(-)
+file changed, 9 insertions(+)
-diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
+diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
 index XXXXXXX..XXXXXXX 100644
---- a/include/hw/core/cpu.h
+--- a/include/exec/cpu-defs.h
-+++ b/include/hw/core/cpu.h
++++ b/include/exec/cpu-defs.h
-@@ -XXX,XX +XXX,XX @@ struct CPUClass {
+@@ -XXX,XX +XXX,XX @@ typedef struct CPUTLBEntryFull {
-     ObjectClass *(*class_by_name)(const char *cpu_model);
-     void (*parse_features)(const char *typename, char *str, Error **errp);
+     /* @lg_page_size contains the log2 of the page size. */
+     uint8_t lg_page_size;
 -    int reset_dump_flags;
      bool (*has_work)(CPUState *cpu);
      int (*memory_rw_debug)(CPUState *cpu, vaddr addr,
                             uint8_t *buf, int len, bool is_write);
@@ -XXX,XX +XXX,XX @@ struct CPUClass {
      void (*disas_set_info)(CPUState *cpu, disassemble_info *info);
      const char *deprecation_note;
 -    /* Keep non-pointer data at the end to minimize holes.  */
 -    int gdb_num_core_regs;
 -    bool gdb_stop_before_watchpoint;
      struct AccelCPUClass *accel_cpu;
      /* when system emulation is not available, this pointer is NULL */
@@ -XXX,XX +XXX,XX @@ struct CPUClass {
       * class data that depends on the accelerator, see accel/accel-common.c.
       */
      void (*init_accel_cpu)(struct AccelCPUClass *accel_cpu, CPUClass *cc);
 +
 +    /*
-+     * Keep non-pointer data at the end to minimize holes.
++     * Allow target-specific additions to this structure.
 +     * This may be used to cache items from the guest cpu
 +     * page tables for later use by the implementation.
 +     */
-+    int reset_dump_flags;
++#ifdef TARGET_PAGE_ENTRY_EXTRA
-+    int gdb_num_core_regs;
++    TARGET_PAGE_ENTRY_EXTRA
-+    bool gdb_stop_before_watchpoint;
++#endif
- };
+ } CPUTLBEntryFull;
  /*
 --
-.25.1
+.34.1

-[PULL 15/28] tcg/s390x: Change FACILITY representation
+[PULL 10/20] accel/tcg: Remove PageDesc code_bitmap
-We will shortly need to be able to check facilities beyond the
+This bitmap is created and discarded immediately.
-first 64.  Instead of explicitly masking against s390_facilities,
+We gain nothing by its existence.
 create a HAVE_FACILITY macro that indexes an array.
-Reviewed-by: David Hildenbrand <david@redhat.com>
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-Id: <20220822232338.1727934-2-richard.henderson@linaro.org>
 ---
-v2: Change name to HAVE_FACILITY (david)
+ accel/tcg/translate-all.c | 78 ++-------------------------------------
----
+file changed, 4 insertions(+), 74 deletions(-)
  tcg/s390x/tcg-target.h     | 29 ++++++++-------
  tcg/s390x/tcg-target.c.inc | 74 +++++++++++++++++++-------------------
 files changed, 52 insertions(+), 51 deletions(-)
-diff --git a/tcg/s390x/tcg-target.h b/tcg/s390x/tcg-target.h
+diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
 index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390x/tcg-target.h
+--- a/accel/tcg/translate-all.c
-+++ b/tcg/s390x/tcg-target.h
++++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ typedef enum TCGReg {
  /* A list of relevant facilities used by this translator.  Some of these
     are required for proper operation, and these are checked at startup.  */
 -#define FACILITY_ZARCH_ACTIVE         (1ULL << (63 - 2))
 -#define FACILITY_LONG_DISP            (1ULL << (63 - 18))
 -#define FACILITY_EXT_IMM              (1ULL << (63 - 21))
 -#define FACILITY_GEN_INST_EXT         (1ULL << (63 - 34))
 -#define FACILITY_LOAD_ON_COND         (1ULL << (63 - 45))
 +#define FACILITY_ZARCH_ACTIVE         2
 +#define FACILITY_LONG_DISP            18
 +#define FACILITY_EXT_IMM              21
 +#define FACILITY_GEN_INST_EXT         34
 +#define FACILITY_LOAD_ON_COND         45
  #define FACILITY_FAST_BCR_SER         FACILITY_LOAD_ON_COND
  #define FACILITY_DISTINCT_OPS         FACILITY_LOAD_ON_COND
 -#define FACILITY_LOAD_ON_COND2        (1ULL << (63 - 53))
 +#define FACILITY_LOAD_ON_COND2        53
 -extern uint64_t s390_facilities;
 +extern uint64_t s390_facilities[1];
 +
 +#define HAVE_FACILITY(X) \
 +    ((s390_facilities[FACILITY_##X / 64] >> (63 - FACILITY_##X % 64)) & 1)
  /* optional instructions */
  #define TCG_TARGET_HAS_div2_i32       1
@@ -XXX,XX +XXX,XX @@ extern uint64_t s390_facilities;
  #define TCG_TARGET_HAS_clz_i32        0
  #define TCG_TARGET_HAS_ctz_i32        0
  #define TCG_TARGET_HAS_ctpop_i32      0
 -#define TCG_TARGET_HAS_deposit_i32    (s390_facilities & FACILITY_GEN_INST_EXT)
 -#define TCG_TARGET_HAS_extract_i32    (s390_facilities & FACILITY_GEN_INST_EXT)
 +#define TCG_TARGET_HAS_deposit_i32    HAVE_FACILITY(GEN_INST_EXT)
 +#define TCG_TARGET_HAS_extract_i32    HAVE_FACILITY(GEN_INST_EXT)
  #define TCG_TARGET_HAS_sextract_i32   0
  #define TCG_TARGET_HAS_extract2_i32   0
  #define TCG_TARGET_HAS_movcond_i32    1
@@ -XXX,XX +XXX,XX @@ extern uint64_t s390_facilities;
  #define TCG_TARGET_HAS_mulsh_i32      0
  #define TCG_TARGET_HAS_extrl_i64_i32  0
  #define TCG_TARGET_HAS_extrh_i64_i32  0
 -#define TCG_TARGET_HAS_direct_jump    (s390_facilities & FACILITY_GEN_INST_EXT)
 +#define TCG_TARGET_HAS_direct_jump    HAVE_FACILITY(GEN_INST_EXT)
  #define TCG_TARGET_HAS_qemu_st8_i32   0
  #define TCG_TARGET_HAS_div2_i64       1
@@ -XXX,XX +XXX,XX @@ extern uint64_t s390_facilities;
  #define TCG_TARGET_HAS_eqv_i64        0
  #define TCG_TARGET_HAS_nand_i64       0
  #define TCG_TARGET_HAS_nor_i64        0
 -#define TCG_TARGET_HAS_clz_i64        (s390_facilities & FACILITY_EXT_IMM)
 +#define TCG_TARGET_HAS_clz_i64        HAVE_FACILITY(EXT_IMM)
  #define TCG_TARGET_HAS_ctz_i64        0
  #define TCG_TARGET_HAS_ctpop_i64      0
 -#define TCG_TARGET_HAS_deposit_i64    (s390_facilities & FACILITY_GEN_INST_EXT)
 -#define TCG_TARGET_HAS_extract_i64    (s390_facilities & FACILITY_GEN_INST_EXT)
 +#define TCG_TARGET_HAS_deposit_i64    HAVE_FACILITY(GEN_INST_EXT)
 +#define TCG_TARGET_HAS_extract_i64    HAVE_FACILITY(GEN_INST_EXT)
  #define TCG_TARGET_HAS_sextract_i64   0
  #define TCG_TARGET_HAS_extract2_i64   0
  #define TCG_TARGET_HAS_movcond_i64    1
 diff --git a/tcg/s390x/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/s390x/tcg-target.c.inc
 +++ b/tcg/s390x/tcg-target.c.inc
 @@ -XXX,XX +XXX,XX @@
-    We don't need this when we have pc-relative loads with the general
+ #define assert_memory_lock() tcg_debug_assert(have_mmap_lock())
     instructions extension facility.  */
  #define TCG_REG_TB      TCG_REG_R12
 -#define USE_REG_TB      (!(s390_facilities & FACILITY_GEN_INST_EXT))
 +#define USE_REG_TB      (!HAVE_FACILITY(GEN_INST_EXT))
  #ifndef CONFIG_SOFTMMU
  #define TCG_GUEST_BASE_REG TCG_REG_R13
@@ -XXX,XX +XXX,XX @@ static void * const qemu_st_helpers[(MO_SIZE | MO_BSWAP) + 1] = {
  #endif
- static const tcg_insn_unit *tb_ret_addr;
+-#define SMC_BITMAP_USE_THRESHOLD 10
--uint64_t s390_facilities;
+-
-+uint64_t s390_facilities[1];
+ typedef struct PageDesc {
+     /* list of TBs intersecting this ram page */
- static bool patch_reloc(tcg_insn_unit *src_rw, int type,
+     uintptr_t first_tb;
-                         intptr_t value, intptr_t addend)
+-#ifdef CONFIG_SOFTMMU
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_movi_int(TCGContext *s, TCGType type, TCGReg ret,
+-    /* in order to optimize self modifying code, we count the number
-     }
+-       of lookups we do to a given page to use a bitmap */
+-    unsigned long *code_bitmap;
-     /* Try all 48-bit insns that can load it in one go.  */
+-    unsigned int code_write_count;
--    if (s390_facilities & FACILITY_EXT_IMM) {
+-#else
-+    if (HAVE_FACILITY(EXT_IMM)) {
++#ifdef CONFIG_USER_ONLY
-         if (sval == (int32_t)sval) {
+     unsigned long flags;
-             tcg_out_insn(s, RIL, LGFI, ret, sval);
+     void *target_data;
-             return;
+ #endif
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_movi_int(TCGContext *s, TCGType type, TCGReg ret,
+-#ifndef CONFIG_USER_ONLY
-     }
++#ifdef CONFIG_SOFTMMU
+     QemuSpin lock;
-     /* Otherwise, stuff it in the constant pool.  */
+ #endif
--    if (s390_facilities & FACILITY_GEN_INST_EXT) {
+ } PageDesc;
-+    if (HAVE_FACILITY(GEN_INST_EXT)) {
+@@ -XXX,XX +XXX,XX @@ void tb_htable_init(void)
-         tcg_out_insn(s, RIL, LGRL, ret, 0);
+     qht_init(&tb_ctx.htable, tb_cmp, CODE_GEN_HTABLE_SIZE, mode);
-         new_pool_label(s, sval, R_390_PC32DBL, s->code_ptr - 2, 2);
+ }
-     } else if (USE_REG_TB && !in_prologue) {
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_ld_abs(TCGContext *s, TCGType type,
+-/* call with @p->lock held */
 -static inline void invalidate_page_bitmap(PageDesc *p)
 -{
 -    assert_page_locked(p);
 -#ifdef CONFIG_SOFTMMU
 -    g_free(p->code_bitmap);
 -    p->code_bitmap = NULL;
 -    p->code_write_count = 0;
 -#endif
 -}
 -
  /* Set to NULL all the 'first_tb' fields in all PageDescs. */
  static void page_flush_tb_1(int level, void **lp)
  {
-     intptr_t addr = (intptr_t)abs;
+@@ -XXX,XX +XXX,XX @@ static void page_flush_tb_1(int level, void **lp)
+         for (i = 0; i < V_L2_SIZE; ++i) {
--    if ((s390_facilities & FACILITY_GEN_INST_EXT) && !(addr & 1)) {
+             page_lock(&pd[i]);
-+    if (HAVE_FACILITY(GEN_INST_EXT) && !(addr & 1)) {
+             pd[i].first_tb = (uintptr_t)NULL;
-         ptrdiff_t disp = tcg_pcrel_diff(s, abs) >> 1;
+-            invalidate_page_bitmap(pd + i);
-         if (disp == (int32_t)disp) {
+             page_unlock(&pd[i]);
-             if (type == TCG_TYPE_I32) {
+         }
-@@ -XXX,XX +XXX,XX @@ static inline void tcg_out_risbg(TCGContext *s, TCGReg dest, TCGReg src,
+     } else {
+@@ -XXX,XX +XXX,XX @@ static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list)
- static void tgen_ext8s(TCGContext *s, TCGType type, TCGReg dest, TCGReg src)
+     if (rm_from_page_list) {
- {
+         p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
--    if (s390_facilities & FACILITY_EXT_IMM) {
+         tb_page_remove(p, tb);
-+    if (HAVE_FACILITY(EXT_IMM)) {
+-        invalidate_page_bitmap(p);
-         tcg_out_insn(s, RRE, LGBR, dest, src);
+         if (tb->page_addr[1] != -1) {
-         return;
+             p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
-     }
+             tb_page_remove(p, tb);
-@@ -XXX,XX +XXX,XX @@ static void tgen_ext8s(TCGContext *s, TCGType type, TCGReg dest, TCGReg src)
+-            invalidate_page_bitmap(p);
  static void tgen_ext8u(TCGContext *s, TCGType type, TCGReg dest, TCGReg src)
  {
 -    if (s390_facilities & FACILITY_EXT_IMM) {
 +    if (HAVE_FACILITY(EXT_IMM)) {
          tcg_out_insn(s, RRE, LLGCR, dest, src);
          return;
      }
@@ -XXX,XX +XXX,XX @@ static void tgen_ext8u(TCGContext *s, TCGType type, TCGReg dest, TCGReg src)
  static void tgen_ext16s(TCGContext *s, TCGType type, TCGReg dest, TCGReg src)
  {
 -    if (s390_facilities & FACILITY_EXT_IMM) {
 +    if (HAVE_FACILITY(EXT_IMM)) {
          tcg_out_insn(s, RRE, LGHR, dest, src);
          return;
      }
@@ -XXX,XX +XXX,XX @@ static void tgen_ext16s(TCGContext *s, TCGType type, TCGReg dest, TCGReg src)
  static void tgen_ext16u(TCGContext *s, TCGType type, TCGReg dest, TCGReg src)
  {
 -    if (s390_facilities & FACILITY_EXT_IMM) {
 +    if (HAVE_FACILITY(EXT_IMM)) {
          tcg_out_insn(s, RRE, LLGHR, dest, src);
          return;
      }
@@ -XXX,XX +XXX,XX @@ static void tgen_andi(TCGContext *s, TCGType type, TCGReg dest, uint64_t val)
          tgen_ext32u(s, dest, dest);
          return;
      }
 -    if (s390_facilities & FACILITY_EXT_IMM) {
 +    if (HAVE_FACILITY(EXT_IMM)) {
          if ((val & valid) == 0xff) {
              tgen_ext8u(s, TCG_TYPE_I64, dest, dest);
              return;
@@ -XXX,XX +XXX,XX @@ static void tgen_andi(TCGContext *s, TCGType type, TCGReg dest, uint64_t val)
      }
      /* Try all 48-bit insns that can perform it in one go.  */
 -    if (s390_facilities & FACILITY_EXT_IMM) {
 +    if (HAVE_FACILITY(EXT_IMM)) {
          for (i = 0; i < 2; i++) {
              tcg_target_ulong mask = ~(0xffffffffull << i*32);
              if (((val | ~valid) & mask) == mask) {
@@ -XXX,XX +XXX,XX @@ static void tgen_andi(TCGContext *s, TCGType type, TCGReg dest, uint64_t val)
              }
          }
      }
--    if ((s390_facilities & FACILITY_GEN_INST_EXT) && risbg_mask(val)) {
-+    if (HAVE_FACILITY(GEN_INST_EXT) && risbg_mask(val)) {
+@@ -XXX,XX +XXX,XX @@ void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
          tgen_andi_risbg(s, dest, dest, val);
          return;
      }
@@ -XXX,XX +XXX,XX @@ static void tgen_ori(TCGContext *s, TCGType type, TCGReg dest, uint64_t val)
      }
      /* Try all 48-bit insns that can perform it in one go.  */
 -    if (s390_facilities & FACILITY_EXT_IMM) {
 +    if (HAVE_FACILITY(EXT_IMM)) {
          for (i = 0; i < 2; i++) {
              tcg_target_ulong mask = (0xffffffffull << i*32);
              if ((val & mask) != 0 && (val & ~mask) == 0) {
@@ -XXX,XX +XXX,XX @@ static void tgen_ori(TCGContext *s, TCGType type, TCGReg dest, uint64_t val)
          /* Perform the OR via sequential modifications to the high and
             low parts.  Do this via recursion to handle 16-bit vs 32-bit
             masks in each half.  */
 -        tcg_debug_assert(s390_facilities & FACILITY_EXT_IMM);
 +        tcg_debug_assert(HAVE_FACILITY(EXT_IMM));
          tgen_ori(s, type, dest, val & 0x00000000ffffffffull);
          tgen_ori(s, type, dest, val & 0xffffffff00000000ull);
      }
@@ -XXX,XX +XXX,XX @@ static void tgen_ori(TCGContext *s, TCGType type, TCGReg dest, uint64_t val)
  static void tgen_xori(TCGContext *s, TCGType type, TCGReg dest, uint64_t val)
  {
      /* Try all 48-bit insns that can perform it in one go.  */
 -    if (s390_facilities & FACILITY_EXT_IMM) {
 +    if (HAVE_FACILITY(EXT_IMM)) {
          if ((val & 0xffffffff00000000ull) == 0) {
              tcg_out_insn(s, RIL, XILF, dest, val);
              return;
@@ -XXX,XX +XXX,XX @@ static void tgen_xori(TCGContext *s, TCGType type, TCGReg dest, uint64_t val)
                         tcg_tbrel_diff(s, NULL));
      } else {
          /* Perform the xor by parts.  */
 -        tcg_debug_assert(s390_facilities & FACILITY_EXT_IMM);
 +        tcg_debug_assert(HAVE_FACILITY(EXT_IMM));
          if (val & 0xffffffff) {
              tcg_out_insn(s, RIL, XILF, dest, val);
          }
@@ -XXX,XX +XXX,XX @@ static int tgen_cmp(TCGContext *s, TCGType type, TCGCond c, TCGReg r1,
              goto exit;
          }
 -        if (s390_facilities & FACILITY_EXT_IMM) {
 +        if (HAVE_FACILITY(EXT_IMM)) {
              if (type == TCG_TYPE_I32) {
                  op = (is_unsigned ? RIL_CLFI : RIL_CFI);
                  tcg_out_insn_RIL(s, op, r1, c2);
@@ -XXX,XX +XXX,XX @@ static void tgen_setcond(TCGContext *s, TCGType type, TCGCond cond,
      bool have_loc;
      /* With LOC2, we can always emit the minimum 3 insns.  */
 -    if (s390_facilities & FACILITY_LOAD_ON_COND2) {
 +    if (HAVE_FACILITY(LOAD_ON_COND2)) {
          /* Emit: d = 0, d = (cc ? 1 : d).  */
          cc = tgen_cmp(s, type, cond, c1, c2, c2const, false);
          tcg_out_movi(s, TCG_TYPE_I64, dest, 0);
@@ -XXX,XX +XXX,XX @@ static void tgen_setcond(TCGContext *s, TCGType type, TCGCond cond,
          return;
      }
 -    have_loc = (s390_facilities & FACILITY_LOAD_ON_COND) != 0;
 +    have_loc = HAVE_FACILITY(LOAD_ON_COND);
      /* For HAVE_LOC, only the paths through GTU/GT/LEU/LE are smaller.  */
   restart:
@@ -XXX,XX +XXX,XX @@ static void tgen_movcond(TCGContext *s, TCGType type, TCGCond c, TCGReg dest,
                           TCGArg v3, int v3const)
  {
      int cc;
 -    if (s390_facilities & FACILITY_LOAD_ON_COND) {
 +    if (HAVE_FACILITY(LOAD_ON_COND)) {
          cc = tgen_cmp(s, type, c, c1, c2, c2const, false);
          if (v3const) {
              tcg_out_insn(s, RIE, LOCGHI, dest, v3, cc);
@@ -XXX,XX +XXX,XX @@ static void tgen_clz(TCGContext *s, TCGReg dest, TCGReg a1,
          } else {
              tcg_out_mov(s, TCG_TYPE_I64, dest, a2);
          }
 -        if (s390_facilities & FACILITY_LOAD_ON_COND) {
 +        if (HAVE_FACILITY(LOAD_ON_COND)) {
              /* Emit: if (one bit found) dest = r0.  */
              tcg_out_insn(s, RRF, LOCGR, dest, TCG_REG_R0, 2);
          } else {
@@ -XXX,XX +XXX,XX @@ static void tgen_brcond(TCGContext *s, TCGType type, TCGCond c,
  {
      int cc;
 -    if (s390_facilities & FACILITY_GEN_INST_EXT) {
 +    if (HAVE_FACILITY(GEN_INST_EXT)) {
          bool is_unsigned = is_unsigned_cond(c);
          bool in_range;
          S390Opcode opc;
@@ -XXX,XX +XXX,XX @@ static TCGReg tcg_out_tlb_read(TCGContext *s, TCGReg addr_reg, MemOp opc,
         cross pages using the address of the last byte of the access.  */
      a_off = (a_bits >= s_bits ? 0 : s_mask - a_mask);
      tlb_mask = (uint64_t)TARGET_PAGE_MASK | a_mask;
 -    if ((s390_facilities & FACILITY_GEN_INST_EXT) && a_off == 0) {
 +    if (HAVE_FACILITY(GEN_INST_EXT) && a_off == 0) {
          tgen_andi_risbg(s, TCG_REG_R3, addr_reg, tlb_mask);
      } else {
          tcg_out_insn(s, RX, LA, TCG_REG_R3, addr_reg, TCG_REG_NONE, a_off);
@@ -XXX,XX +XXX,XX @@ static inline void tcg_out_op(TCGContext *s, TCGOpcode opc,
                      tcg_out_insn(s, RI, AHI, a0, a2);
                      break;
                  }
 -                if (s390_facilities & FACILITY_EXT_IMM) {
 +                if (HAVE_FACILITY(EXT_IMM)) {
                      tcg_out_insn(s, RIL, AFI, a0, a2);
                      break;
                  }
@@ -XXX,XX +XXX,XX @@ static inline void tcg_out_op(TCGContext *s, TCGOpcode opc,
                      tcg_out_insn(s, RI, AGHI, a0, a2);
                      break;
                  }
 -                if (s390_facilities & FACILITY_EXT_IMM) {
 +                if (HAVE_FACILITY(EXT_IMM)) {
                      if (a2 == (int32_t)a2) {
                          tcg_out_insn(s, RIL, AGFI, a0, a2);
                          break;
@@ -XXX,XX +XXX,XX @@ static inline void tcg_out_op(TCGContext *s, TCGOpcode opc,
          /* The host memory model is quite strong, we simply need to
             serialize the instruction stream.  */
          if (args[0] & TCG_MO_ST_LD) {
 -            tcg_out_insn(s, RR, BCR,
 -                         s390_facilities & FACILITY_FAST_BCR_SER ? 14 : 15, 0);
 +            tcg_out_insn(s, RR, BCR, HAVE_FACILITY(FAST_BCR_SER) ? 14 : 15, 0);
          }
          break;
@@ -XXX,XX +XXX,XX @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
      case INDEX_op_or_i64:
      case INDEX_op_xor_i32:
      case INDEX_op_xor_i64:
 -        return (s390_facilities & FACILITY_DISTINCT_OPS
 +        return (HAVE_FACILITY(DISTINCT_OPS)
                  ? C_O1_I2(r, r, ri)
                  : C_O1_I2(r, 0, ri));
@@ -XXX,XX +XXX,XX @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
          /* If we have the general-instruction-extensions, then we have
             MULTIPLY SINGLE IMMEDIATE with a signed 32-bit, otherwise we
             have only MULTIPLY HALFWORD IMMEDIATE, with a signed 16-bit.  */
 -        return (s390_facilities & FACILITY_GEN_INST_EXT
 +        return (HAVE_FACILITY(GEN_INST_EXT)
                  ? C_O1_I2(r, 0, ri)
                  : C_O1_I2(r, 0, rI));
      case INDEX_op_mul_i64:
 -        return (s390_facilities & FACILITY_GEN_INST_EXT
 +        return (HAVE_FACILITY(GEN_INST_EXT)
                  ? C_O1_I2(r, 0, rJ)
                  : C_O1_I2(r, 0, rI));
      case INDEX_op_shl_i32:
      case INDEX_op_shr_i32:
      case INDEX_op_sar_i32:
 -        return (s390_facilities & FACILITY_DISTINCT_OPS
 +        return (HAVE_FACILITY(DISTINCT_OPS)
                  ? C_O1_I2(r, r, ri)
                  : C_O1_I2(r, 0, ri));
@@ -XXX,XX +XXX,XX @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
      case INDEX_op_movcond_i32:
      case INDEX_op_movcond_i64:
 -        return (s390_facilities & FACILITY_LOAD_ON_COND2
 +        return (HAVE_FACILITY(LOAD_ON_COND2)
                  ? C_O1_I4(r, r, ri, rI, 0)
                  : C_O1_I4(r, r, ri, r, 0));
@@ -XXX,XX +XXX,XX @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
      case INDEX_op_add2_i32:
      case INDEX_op_sub2_i32:
 -        return (s390_facilities & FACILITY_EXT_IMM
 +        return (HAVE_FACILITY(EXT_IMM)
                  ? C_O2_I4(r, r, 0, 1, ri, r)
                  : C_O2_I4(r, r, 0, 1, r, r));
      case INDEX_op_add2_i64:
      case INDEX_op_sub2_i64:
 -        return (s390_facilities & FACILITY_EXT_IMM
 +        return (HAVE_FACILITY(EXT_IMM)
                  ? C_O2_I4(r, r, 0, 1, rA, r)
                  : C_O2_I4(r, r, 0, 1, r, r));
@@ -XXX,XX +XXX,XX @@ static void query_s390_facilities(void)
      /* Is STORE FACILITY LIST EXTENDED available?  Honestly, I believe this
         is present on all 64-bit systems, but let's check for it anyway.  */
      if (hwcap & HWCAP_S390_STFLE) {
 -        register int r0 __asm__("0");
 -        register void *r1 __asm__("1");
 +        register int r0 __asm__("0") = ARRAY_SIZE(s390_facilities) - 1;
 +        register void *r1 __asm__("1") = s390_facilities;
          /* stfle 0(%r1) */
 -        r1 = &s390_facilities;
          asm volatile(".word 0xb2b0,0x1000"
 -                     : "=r"(r0) : "0"(0), "r"(r1) : "memory", "cc");
 +                     : "=r"(r0) : "r"(r0), "r"(r1) : "memory", "cc");
      }
  }
+-#ifdef CONFIG_SOFTMMU
+-/* call with @p->lock held */
+-static void build_page_bitmap(PageDesc *p)
+-{
+-    int n, tb_start, tb_end;
+-    TranslationBlock *tb;
+-
+-    assert_page_locked(p);
+-    p->code_bitmap = bitmap_new(TARGET_PAGE_SIZE);
+-
+-    PAGE_FOR_EACH_TB(p, tb, n) {
+-        /* NOTE: this is subtle as a TB may span two physical pages */
+-        if (n == 0) {
+-            /* NOTE: tb_end may be after the end of the page, but
+-               it is not a problem */
+-            tb_start = tb->pc & ~TARGET_PAGE_MASK;
+-            tb_end = tb_start + tb->size;
+-            if (tb_end > TARGET_PAGE_SIZE) {
+-                tb_end = TARGET_PAGE_SIZE;
+-             }
+-        } else {
+-            tb_start = 0;
+-            tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
+-        }
+-        bitmap_set(p->code_bitmap, tb_start, tb_end - tb_start);
+-    }
+-}
+-#endif
+-
+ /* add the tb in the target page and protect it if necessary
+  *
+  * Called with mmap_lock held for user-mode emulation.
+@@ -XXX,XX +XXX,XX @@ static inline void tb_page_add(PageDesc *p, TranslationBlock *tb,
+     page_already_protected = p->first_tb != (uintptr_t)NULL;
+ #endif
+     p->first_tb = (uintptr_t)tb | n;
+-    invalidate_page_bitmap(p);
+ #if defined(CONFIG_USER_ONLY)
+     /* translator_loop() must have made all TB pages non-writable */
+@@ -XXX,XX +XXX,XX @@ tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
+     /* remove TB from the page(s) if we couldn't insert it */
+     if (unlikely(existing_tb)) {
+         tb_page_remove(p, tb);
+-        invalidate_page_bitmap(p);
+         if (p2) {
+             tb_page_remove(p2, tb);
+-            invalidate_page_bitmap(p2);
+         }
+         tb = existing_tb;
+     }
+@@ -XXX,XX +XXX,XX @@ tb_invalidate_phys_page_range__locked(struct page_collection *pages,
+ #if !defined(CONFIG_USER_ONLY)
+     /* if no code remaining, no need to continue to use slow writes */
+     if (!p->first_tb) {
+-        invalidate_page_bitmap(p);
+         tlb_unprotect_code(start);
+     }
+ #endif
+@@ -XXX,XX +XXX,XX @@ void tb_invalidate_phys_page_fast(struct page_collection *pages,
+     }
+     assert_page_locked(p);
+-    if (!p->code_bitmap &&
+-        ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD) {
+-        build_page_bitmap(p);
+-    }
+-    if (p->code_bitmap) {
+-        unsigned int nr;
+-        unsigned long b;
+-
+-        nr = start & ~TARGET_PAGE_MASK;
+-        b = p->code_bitmap[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG - 1));
+-        if (b & ((1 << len) - 1)) {
+-            goto do_invalidate;
+-        }
+-    } else {
+-    do_invalidate:
+-        tb_invalidate_phys_page_range__locked(pages, p, start, start + len,
+-                                              retaddr);
+-    }
++    tb_invalidate_phys_page_range__locked(pages, p, start, start + len,
++                                          retaddr);
+ }
+ #else
+ /* Called with mmap_lock held. If pc is not 0 then it indicates the
 --
-.25.1
+.34.1

-[PULL 21/28] tcg/s390x: Implement minimal vector operations
+[PULL 11/20] accel/tcg: Use bool for page_find_alloc
-Implementing add, sub, and, or, xor as the minimal set.
+Bool is more appropriate type for the alloc parameter.
 This allows us to actually enable vectors in query_s390_facilities.
-Reviewed-by: David Hildenbrand <david@redhat.com>
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
 Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- tcg/s390x/tcg-target.c.inc | 154 ++++++++++++++++++++++++++++++++++++-
+ accel/tcg/translate-all.c | 14 +++++++-------
-file changed, 150 insertions(+), 4 deletions(-)
+file changed, 7 insertions(+), 7 deletions(-)
-diff --git a/tcg/s390x/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
+diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
 index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390x/tcg-target.c.inc
+--- a/accel/tcg/translate-all.c
-+++ b/tcg/s390x/tcg-target.c.inc
++++ b/accel/tcg/translate-all.c
-@@ -XXX,XX +XXX,XX @@ typedef enum S390Opcode {
+@@ -XXX,XX +XXX,XX @@ void page_init(void)
-     VRIc_VREP   = 0xe74d,
+ #endif
      VRRa_VLR    = 0xe756,
 +    VRRc_VA     = 0xe7f3,
 +    VRRc_VCEQ   = 0xe7f8,   /* we leave the m5 cs field 0 */
 +    VRRc_VCH    = 0xe7fb,   /* " */
 +    VRRc_VCHL   = 0xe7f9,   /* " */
 +    VRRc_VN     = 0xe768,
 +    VRRc_VO     = 0xe76a,
 +    VRRc_VS     = 0xe7f7,
 +    VRRc_VX     = 0xe76d,
      VRRf_VLVGP  = 0xe762,
      VRSb_VLVG   = 0xe722,
@@ -XXX,XX +XXX,XX @@ static void tcg_out_insn_VRRa(TCGContext *s, S390Opcode op,
      tcg_out32(s, (op & 0x00ff) | RXB(v1, v2, 0, 0) | (m3 << 12));
  }
-+static void tcg_out_insn_VRRc(TCGContext *s, S390Opcode op,
+-static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
-+                              TCGReg v1, TCGReg v2, TCGReg v3, int m4)
++static PageDesc *page_find_alloc(tb_page_addr_t index, bool alloc)
 +{
 +    tcg_debug_assert(is_vector_reg(v1));
 +    tcg_debug_assert(is_vector_reg(v2));
 +    tcg_debug_assert(is_vector_reg(v3));
 +    tcg_out16(s, (op & 0xff00) | ((v1 & 0xf) << 4) | (v2 & 0xf));
 +    tcg_out16(s, v3 << 12);
 +    tcg_out16(s, (op & 0x00ff) | RXB(v1, v2, v3, 0) | (m4 << 12));
 +}
 +
  static void tcg_out_insn_VRRf(TCGContext *s, S390Opcode op,
                                TCGReg v1, TCGReg r2, TCGReg r3)
  {
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
+     PageDesc *pd;
-                            unsigned vecl, unsigned vece,
+     void **lp;
-                            const TCGArg *args, const int *const_args)
+@@ -XXX,XX +XXX,XX @@ static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
  static inline PageDesc *page_find(tb_page_addr_t index)
  {
--    g_assert_not_reached();
+-    return page_find_alloc(index, 0);
-+    TCGType type = vecl + TCG_TYPE_V64;
++    return page_find_alloc(index, false);
 +    TCGArg a0 = args[0], a1 = args[1], a2 = args[2];
 +
 +    switch (opc) {
 +    case INDEX_op_ld_vec:
 +        tcg_out_ld(s, type, a0, a1, a2);
 +        break;
 +    case INDEX_op_st_vec:
 +        tcg_out_st(s, type, a0, a1, a2);
 +        break;
 +    case INDEX_op_dupm_vec:
 +        tcg_out_dupm_vec(s, type, vece, a0, a1, a2);
 +        break;
 +
 +    case INDEX_op_add_vec:
 +        tcg_out_insn(s, VRRc, VA, a0, a1, a2, vece);
 +        break;
 +    case INDEX_op_sub_vec:
 +        tcg_out_insn(s, VRRc, VS, a0, a1, a2, vece);
 +        break;
 +    case INDEX_op_and_vec:
 +        tcg_out_insn(s, VRRc, VN, a0, a1, a2, 0);
 +        break;
 +    case INDEX_op_or_vec:
 +        tcg_out_insn(s, VRRc, VO, a0, a1, a2, 0);
 +        break;
 +    case INDEX_op_xor_vec:
 +        tcg_out_insn(s, VRRc, VX, a0, a1, a2, 0);
 +        break;
 +
 +    case INDEX_op_cmp_vec:
 +        switch ((TCGCond)args[3]) {
 +        case TCG_COND_EQ:
 +            tcg_out_insn(s, VRRc, VCEQ, a0, a1, a2, vece);
 +            break;
 +        case TCG_COND_GT:
 +            tcg_out_insn(s, VRRc, VCH, a0, a1, a2, vece);
 +            break;
 +        case TCG_COND_GTU:
 +            tcg_out_insn(s, VRRc, VCHL, a0, a1, a2, vece);
 +            break;
 +        default:
 +            g_assert_not_reached();
 +        }
 +        break;
 +
 +    case INDEX_op_mov_vec:   /* Always emitted via tcg_out_mov.  */
 +    case INDEX_op_dup_vec:   /* Always emitted via tcg_out_dup_vec.  */
 +    default:
 +        g_assert_not_reached();
 +    }
  }
- int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, unsigned vece)
+ static void page_lock_pair(PageDesc **ret_p1, tb_page_addr_t phys1,
 -                           PageDesc **ret_p2, tb_page_addr_t phys2, int alloc);
 +                           PageDesc **ret_p2, tb_page_addr_t phys2, bool alloc);
  /* In user-mode page locks aren't used; mmap_lock is enough */
  #ifdef CONFIG_USER_ONLY
@@ -XXX,XX +XXX,XX @@ static inline void page_unlock(PageDesc *pd)
  /* lock the page(s) of a TB in the correct acquisition order */
  static inline void page_lock_tb(const TranslationBlock *tb)
  {
--    return 0;
+-    page_lock_pair(NULL, tb->page_addr[0], NULL, tb->page_addr[1], 0);
-+    switch (opc) {
++    page_lock_pair(NULL, tb->page_addr[0], NULL, tb->page_addr[1], false);
 +    case INDEX_op_add_vec:
 +    case INDEX_op_and_vec:
 +    case INDEX_op_or_vec:
 +    case INDEX_op_sub_vec:
 +    case INDEX_op_xor_vec:
 +        return 1;
 +    case INDEX_op_cmp_vec:
 +        return -1;
 +    default:
 +        return 0;
 +    }
 +}
 +
 +static bool expand_vec_cmp_noinv(TCGType type, unsigned vece, TCGv_vec v0,
 +                                 TCGv_vec v1, TCGv_vec v2, TCGCond cond)
 +{
 +    bool need_swap = false, need_inv = false;
 +
 +    switch (cond) {
 +    case TCG_COND_EQ:
 +    case TCG_COND_GT:
 +    case TCG_COND_GTU:
 +        break;
 +    case TCG_COND_NE:
 +    case TCG_COND_LE:
 +    case TCG_COND_LEU:
 +        need_inv = true;
 +        break;
 +    case TCG_COND_LT:
 +    case TCG_COND_LTU:
 +        need_swap = true;
 +        break;
 +    case TCG_COND_GE:
 +    case TCG_COND_GEU:
 +        need_swap = need_inv = true;
 +        break;
 +    default:
 +        g_assert_not_reached();
 +    }
 +
 +    if (need_inv) {
 +        cond = tcg_invert_cond(cond);
 +    }
 +    if (need_swap) {
 +        TCGv_vec t1;
 +        t1 = v1, v1 = v2, v2 = t1;
 +        cond = tcg_swap_cond(cond);
 +    }
 +
 +    vec_gen_4(INDEX_op_cmp_vec, type, vece, tcgv_vec_arg(v0),
 +              tcgv_vec_arg(v1), tcgv_vec_arg(v2), cond);
 +
 +    return need_inv;
 +}
 +
 +static void expand_vec_cmp(TCGType type, unsigned vece, TCGv_vec v0,
 +                           TCGv_vec v1, TCGv_vec v2, TCGCond cond)
 +{
 +    if (expand_vec_cmp_noinv(type, vece, v0, v1, v2, cond)) {
 +        tcg_gen_not_vec(vece, v0, v0);
 +    }
  }
- void tcg_expand_vec_op(TCGOpcode opc, TCGType type, unsigned vece,
+ static inline void page_unlock_tb(const TranslationBlock *tb)
-                        TCGArg a0, ...)
+@@ -XXX,XX +XXX,XX @@ void page_collection_unlock(struct page_collection *set)
  #endif /* !CONFIG_USER_ONLY */
  static void page_lock_pair(PageDesc **ret_p1, tb_page_addr_t phys1,
 -                           PageDesc **ret_p2, tb_page_addr_t phys2, int alloc)
 +                           PageDesc **ret_p2, tb_page_addr_t phys2, bool alloc)
  {
--    g_assert_not_reached();
+     PageDesc *p1, *p2;
-+    va_list va;
+     tb_page_addr_t page1;
-+    TCGv_vec v0, v1, v2;
+@@ -XXX,XX +XXX,XX @@ tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
-+
+      * Note that inserting into the hash table first isn't an option, since
-+    va_start(va, a0);
+      * we can only insert TBs that are fully initialized.
 +    v0 = temp_tcgv_vec(arg_temp(a0));
 +    v1 = temp_tcgv_vec(arg_temp(va_arg(va, TCGArg)));
 +    v2 = temp_tcgv_vec(arg_temp(va_arg(va, TCGArg)));
 +
 +    switch (opc) {
 +    case INDEX_op_cmp_vec:
 +        expand_vec_cmp(type, vece, v0, v1, v2, va_arg(va, TCGArg));
 +        break;
 +
 +    default:
 +        g_assert_not_reached();
 +    }
 +    va_end(va);
  }
  static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
@@ -XXX,XX +XXX,XX @@ static void query_s390_facilities(void)
       * There is nothing else we currently care about in the 3rd word, so
       * disable VECTOR with one store.
       */
--    if (1 || !(hwcap & HWCAP_S390_VXRS)) {
+-    page_lock_pair(&p, phys_pc, &p2, phys_page2, 1);
-+    if (!(hwcap & HWCAP_S390_VXRS)) {
++    page_lock_pair(&p, phys_pc, &p2, phys_page2, true);
-         s390_facilities[2] = 0;
+     tb_page_add(p, tb, 0, phys_pc & TARGET_PAGE_MASK);
-     }
+     if (p2) {
- }
+         tb_page_add(p2, tb, 1, phys_page2);
@@ -XXX,XX +XXX,XX @@ void page_set_flags(target_ulong start, target_ulong end, int flags)
      for (addr = start, len = end - start;
           len != 0;
           len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
 -        PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
 +        PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, true);
          /* If the write protection bit is set, then we invalidate
             the code inside.  */
 --
-.25.1
+.34.1

-[PULL 26/28] tcg/s390x: Implement TCG_TARGET_HAS_sat_vec
+[PULL 12/20] accel/tcg: Use DisasContextBase in plugin_gen_tb_start
-The unsigned saturations are handled via generic code
+Use the pc coming from db->pc_first rather than the TB.
 using min/max.  The signed saturations are expanded using
 double-sized arithmetic and a saturating pack.
-Since all operations are done via expansion, do not
+Use the cached host_addr rather than re-computing for the
-actually set TCG_TARGET_HAS_sat_vec.
+first page.  We still need a separate lookup for the second
 page because it won't be computed for DisasContextBase until
 the translator actually performs a read from the page.
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- tcg/s390x/tcg-target.opc.h |  3 ++
+ include/exec/plugin-gen.h |  7 ++++---
- tcg/s390x/tcg-target.c.inc | 63 ++++++++++++++++++++++++++++++++++++++
+ accel/tcg/plugin-gen.c    | 22 +++++++++++-----------
-files changed, 66 insertions(+)
+ accel/tcg/translator.c    |  2 +-
 files changed, 16 insertions(+), 15 deletions(-)
-diff --git a/tcg/s390x/tcg-target.opc.h b/tcg/s390x/tcg-target.opc.h
+diff --git a/include/exec/plugin-gen.h b/include/exec/plugin-gen.h
 index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390x/tcg-target.opc.h
+--- a/include/exec/plugin-gen.h
-+++ b/tcg/s390x/tcg-target.opc.h
++++ b/include/exec/plugin-gen.h
-@@ -XXX,XX +XXX,XX @@
+@@ -XXX,XX +XXX,XX @@ struct DisasContextBase;
-  * emitted by tcg_expand_vec_op.  For those familiar with GCC internals,
-  * consider these to be UNSPEC with names.
+ #ifdef CONFIG_PLUGIN
-  */
-+DEF(s390_vuph_vec, 1, 1, 0, IMPLVEC)
+-bool plugin_gen_tb_start(CPUState *cpu, const TranslationBlock *tb, bool supress);
-+DEF(s390_vupl_vec, 1, 1, 0, IMPLVEC)
++bool plugin_gen_tb_start(CPUState *cpu, const struct DisasContextBase *db,
-+DEF(s390_vpks_vec, 1, 2, 0, IMPLVEC)
++                         bool supress);
-diff --git a/tcg/s390x/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
+ void plugin_gen_tb_end(CPUState *cpu);
  void plugin_gen_insn_start(CPUState *cpu, const struct DisasContextBase *db);
  void plugin_gen_insn_end(void);
@@ -XXX,XX +XXX,XX @@ static inline void plugin_insn_append(abi_ptr pc, const void *from, size_t size)
  #else /* !CONFIG_PLUGIN */
 -static inline
 -bool plugin_gen_tb_start(CPUState *cpu, const TranslationBlock *tb, bool supress)
 +static inline bool
 +plugin_gen_tb_start(CPUState *cpu, const struct DisasContextBase *db, bool sup)
  {
      return false;
  }
 diff --git a/accel/tcg/plugin-gen.c b/accel/tcg/plugin-gen.c
 index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390x/tcg-target.c.inc
+--- a/accel/tcg/plugin-gen.c
-+++ b/tcg/s390x/tcg-target.c.inc
++++ b/accel/tcg/plugin-gen.c
-@@ -XXX,XX +XXX,XX @@ typedef enum S390Opcode {
+@@ -XXX,XX +XXX,XX @@ static void plugin_gen_inject(const struct qemu_plugin_tb *plugin_tb)
-     VRRc_VNO    = 0xe76b,
+     pr_ops();
-     VRRc_VO     = 0xe76a,
+ }
-     VRRc_VOC    = 0xe76f,
-+    VRRc_VPKS   = 0xe797,   /* we leave the m5 cs field 0 */
+-bool plugin_gen_tb_start(CPUState *cpu, const TranslationBlock *tb, bool mem_only)
-     VRRc_VS     = 0xe7f7,
++bool plugin_gen_tb_start(CPUState *cpu, const DisasContextBase *db,
-+    VRRa_VUPH   = 0xe7d7,
++                         bool mem_only)
-+    VRRa_VUPL   = 0xe7d6,
+ {
-     VRRc_VX     = 0xe76d,
+     bool ret = false;
-     VRRf_VLVGP  = 0xe762,
+@@ -XXX,XX +XXX,XX @@ bool plugin_gen_tb_start(CPUState *cpu, const TranslationBlock *tb, bool mem_onl
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
-         }
+         ret = true;
-         break;
+-        ptb->vaddr = tb->pc;
-+    case INDEX_op_s390_vuph_vec:
++        ptb->vaddr = db->pc_first;
-+        tcg_out_insn(s, VRRa, VUPH, a0, a1, vece);
+         ptb->vaddr2 = -1;
-+        break;
+-        get_page_addr_code_hostp(cpu->env_ptr, tb->pc, &ptb->haddr1);
-+    case INDEX_op_s390_vupl_vec:
++        ptb->haddr1 = db->host_addr[0];
-+        tcg_out_insn(s, VRRa, VUPL, a0, a1, vece);
+         ptb->haddr2 = NULL;
-+        break;
+         ptb->mem_only = mem_only;
-+    case INDEX_op_s390_vpks_vec:
-+        tcg_out_insn(s, VRRc, VPKS, a0, a1, a2, vece);
+@@ -XXX,XX +XXX,XX @@ void plugin_gen_insn_start(CPUState *cpu, const DisasContextBase *db)
-+        break;
+      * Note that we skip this when haddr1 == NULL, e.g. when we're
-+
+      * fetching instructions from a region not backed by RAM.
-     case INDEX_op_mov_vec:   /* Always emitted via tcg_out_mov.  */
+      */
-     case INDEX_op_dup_vec:   /* Always emitted via tcg_out_dup_vec.  */
+-    if (likely(ptb->haddr1 != NULL && ptb->vaddr2 == -1) &&
-     default:
+-        unlikely((db->pc_next & TARGET_PAGE_MASK) !=
-@@ -XXX,XX +XXX,XX @@ int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, unsigned vece)
+-                 (db->pc_first & TARGET_PAGE_MASK))) {
-         return -1;
+-        get_page_addr_code_hostp(cpu->env_ptr, db->pc_next,
-     case INDEX_op_mul_vec:
+-                                 &ptb->haddr2);
-         return vece < MO_64;
+-        ptb->vaddr2 = db->pc_next;
-+    case INDEX_op_ssadd_vec:
+-    }
-+    case INDEX_op_sssub_vec:
+-    if (likely(ptb->vaddr2 == -1)) {
-+        return vece < MO_64 ? -1 : 0;
++    if (ptb->haddr1 == NULL) {
-     default:
++        pinsn->haddr = NULL;
-         return 0;
++    } else if (is_same_page(db, db->pc_next)) {
-     }
+         pinsn->haddr = ptb->haddr1 + pinsn->vaddr - ptb->vaddr;
-@@ -XXX,XX +XXX,XX @@ static void expand_vec_cmp(TCGType type, unsigned vece, TCGv_vec v0,
+     } else {
 +        if (ptb->vaddr2 == -1) {
 +            ptb->vaddr2 = TARGET_PAGE_ALIGN(db->pc_first);
 +            get_page_addr_code_hostp(cpu->env_ptr, ptb->vaddr2, &ptb->haddr2);
 +        }
          pinsn->haddr = ptb->haddr2 + pinsn->vaddr - ptb->vaddr2;
      }
  }
+diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c
-+static void expand_vec_sat(TCGType type, unsigned vece, TCGv_vec v0,
+index XXXXXXX..XXXXXXX 100644
-+                           TCGv_vec v1, TCGv_vec v2, TCGOpcode add_sub_opc)
+--- a/accel/tcg/translator.c
-+{
++++ b/accel/tcg/translator.c
-+    TCGv_vec h1 = tcg_temp_new_vec(type);
+@@ -XXX,XX +XXX,XX @@ void translator_loop(CPUState *cpu, TranslationBlock *tb, int max_insns,
-+    TCGv_vec h2 = tcg_temp_new_vec(type);
+     ops->tb_start(db, cpu);
-+    TCGv_vec l1 = tcg_temp_new_vec(type);
+     tcg_debug_assert(db->is_jmp == DISAS_NEXT);  /* no early exit */
-+    TCGv_vec l2 = tcg_temp_new_vec(type);
-+
+-    plugin_enabled = plugin_gen_tb_start(cpu, tb, cflags & CF_MEMI_ONLY);
-+    tcg_debug_assert (vece < MO_64);
++    plugin_enabled = plugin_gen_tb_start(cpu, db, cflags & CF_MEMI_ONLY);
-+
-+    /* Unpack with sign-extension. */
+     while (true) {
-+    vec_gen_2(INDEX_op_s390_vuph_vec, type, vece,
+         db->num_insns++;
 +              tcgv_vec_arg(h1), tcgv_vec_arg(v1));
 +    vec_gen_2(INDEX_op_s390_vuph_vec, type, vece,
 +              tcgv_vec_arg(h2), tcgv_vec_arg(v2));
 +
 +    vec_gen_2(INDEX_op_s390_vupl_vec, type, vece,
 +              tcgv_vec_arg(l1), tcgv_vec_arg(v1));
 +    vec_gen_2(INDEX_op_s390_vupl_vec, type, vece,
 +              tcgv_vec_arg(l2), tcgv_vec_arg(v2));
 +
 +    /* Arithmetic on a wider element size. */
 +    vec_gen_3(add_sub_opc, type, vece + 1, tcgv_vec_arg(h1),
 +              tcgv_vec_arg(h1), tcgv_vec_arg(h2));
 +    vec_gen_3(add_sub_opc, type, vece + 1, tcgv_vec_arg(l1),
 +              tcgv_vec_arg(l1), tcgv_vec_arg(l2));
 +
 +    /* Pack with saturation. */
 +    vec_gen_3(INDEX_op_s390_vpks_vec, type, vece + 1,
 +              tcgv_vec_arg(v0), tcgv_vec_arg(h1), tcgv_vec_arg(l1));
 +
 +    tcg_temp_free_vec(h1);
 +    tcg_temp_free_vec(h2);
 +    tcg_temp_free_vec(l1);
 +    tcg_temp_free_vec(l2);
 +}
 +
  void tcg_expand_vec_op(TCGOpcode opc, TCGType type, unsigned vece,
                         TCGArg a0, ...)
  {
@@ -XXX,XX +XXX,XX @@ void tcg_expand_vec_op(TCGOpcode opc, TCGType type, unsigned vece,
          tcg_temp_free_vec(t0);
          break;
 +    case INDEX_op_ssadd_vec:
 +        expand_vec_sat(type, vece, v0, v1, v2, INDEX_op_add_vec);
 +        break;
 +    case INDEX_op_sssub_vec:
 +        expand_vec_sat(type, vece, v0, v1, v2, INDEX_op_sub_vec);
 +        break;
 +
      default:
          g_assert_not_reached();
      }
@@ -XXX,XX +XXX,XX @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
      case INDEX_op_sari_vec:
      case INDEX_op_shli_vec:
      case INDEX_op_shri_vec:
 +    case INDEX_op_s390_vuph_vec:
 +    case INDEX_op_s390_vupl_vec:
          return C_O1_I1(v, v);
      case INDEX_op_add_vec:
      case INDEX_op_sub_vec:
@@ -XXX,XX +XXX,XX @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
      case INDEX_op_smin_vec:
      case INDEX_op_umax_vec:
      case INDEX_op_umin_vec:
 +    case INDEX_op_s390_vpks_vec:
          return C_O1_I2(v, v, v);
      case INDEX_op_rotls_vec:
      case INDEX_op_shls_vec:
 --
-.25.1
+.34.1

-[PULL 08/28] trace/mem: Pass MemOpIdx to trace_mem_get_info
+[PULL 13/20] accel/tcg: Do not align tb->page_addr[0]
-We (will) often have the complete MemOpIdx handy, so use that.
+Let tb->page_addr[0] contain the address of the first byte of the
 translated block, rather than the address of the page containing the
 start of the translated block.  We need to recover this value anyway
 at various points, and it is easier to discard a page offset when it
 is not needed, which happens naturally via the existing find_page shift.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
 Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- trace/mem.h                   | 32 +++++++++-----------------
+ accel/tcg/cpu-exec.c      | 16 ++++++++--------
- accel/tcg/cputlb.c            | 12 ++++------
+ accel/tcg/cputlb.c        |  3 ++-
- accel/tcg/user-exec.c         | 42 +++++++++++++++++++++++------------
+ accel/tcg/translate-all.c |  9 +++++----
- tcg/tcg-op.c                  |  8 +++----
+files changed, 15 insertions(+), 13 deletions(-)
  accel/tcg/atomic_common.c.inc |  6 ++---
 files changed, 49 insertions(+), 51 deletions(-)
-diff --git a/trace/mem.h b/trace/mem.h
+diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
 index XXXXXXX..XXXXXXX 100644
---- a/trace/mem.h
+--- a/accel/tcg/cpu-exec.c
-+++ b/trace/mem.h
++++ b/accel/tcg/cpu-exec.c
-@@ -XXX,XX +XXX,XX @@
+@@ -XXX,XX +XXX,XX @@ struct tb_desc {
- #ifndef TRACE__MEM_H
+     target_ulong pc;
- #define TRACE__MEM_H
+     target_ulong cs_base;
+     CPUArchState *env;
--#include "tcg/tcg.h"
+-    tb_page_addr_t phys_page1;
-+#include "exec/memopidx.h"
++    tb_page_addr_t page_addr0;
+     uint32_t flags;
- #define TRACE_MEM_SZ_SHIFT_MASK 0xf /* size shift mask */
+     uint32_t cflags;
- #define TRACE_MEM_SE (1ULL << 4)    /* sign extended (y/n) */
+     uint32_t trace_vcpu_dstate;
-@@ -XXX,XX +XXX,XX @@
+@@ -XXX,XX +XXX,XX @@ static bool tb_lookup_cmp(const void *p, const void *d)
- #define TRACE_MEM_MMU_SHIFT 8       /* mmu idx */
+     const struct tb_desc *desc = d;
- /**
+     if (tb->pc == desc->pc &&
-- * trace_mem_build_info:
+-        tb->page_addr[0] == desc->phys_page1 &&
-+ * trace_mem_get_info:
++        tb->page_addr[0] == desc->page_addr0 &&
-  *
+         tb->cs_base == desc->cs_base &&
-  * Return a value for the 'info' argument in guest memory access traces.
+         tb->flags == desc->flags &&
-  */
+         tb->trace_vcpu_dstate == desc->trace_vcpu_dstate &&
--static inline uint16_t trace_mem_build_info(int size_shift, bool sign_extend,
+@@ -XXX,XX +XXX,XX @@ static bool tb_lookup_cmp(const void *p, const void *d)
--                                            MemOp endianness, bool store,
+         if (tb->page_addr[1] == -1) {
--                                            unsigned int mmu_idx)
+             return true;
-+static inline uint16_t trace_mem_get_info(MemOpIdx oi, bool store)
+         } else {
- {
+-            tb_page_addr_t phys_page2;
-+    MemOp op = get_memop(oi);
+-            target_ulong virt_page2;
-+    uint32_t size_shift = op & MO_SIZE;
++            tb_page_addr_t phys_page1;
-+    bool sign_extend = op & MO_SIGN;
++            target_ulong virt_page1;
-+    bool big_endian = (op & MO_BSWAP) == MO_BE;
-     uint16_t res;
+             /*
+              * We know that the first page matched, and an otherwise valid TB
-     res = size_shift & TRACE_MEM_SZ_SHIFT_MASK;
+@@ -XXX,XX +XXX,XX @@ static bool tb_lookup_cmp(const void *p, const void *d)
-     if (sign_extend) {
+              * is different for the new TB.  Therefore any exception raised
-         res |= TRACE_MEM_SE;
+              * here by the faulting lookup is not premature.
               */
 -            virt_page2 = TARGET_PAGE_ALIGN(desc->pc);
 -            phys_page2 = get_page_addr_code(desc->env, virt_page2);
 -            if (tb->page_addr[1] == phys_page2) {
 +            virt_page1 = TARGET_PAGE_ALIGN(desc->pc);
 +            phys_page1 = get_page_addr_code(desc->env, virt_page1);
 +            if (tb->page_addr[1] == phys_page1) {
                  return true;
              }
          }
@@ -XXX,XX +XXX,XX @@ static TranslationBlock *tb_htable_lookup(CPUState *cpu, target_ulong pc,
      if (phys_pc == -1) {
          return NULL;
      }
--    if (endianness == MO_BE) {
+-    desc.phys_page1 = phys_pc & TARGET_PAGE_MASK;
-+    if (big_endian) {
++    desc.page_addr0 = phys_pc;
-         res |= TRACE_MEM_BE;
+     h = tb_hash_func(phys_pc, pc, flags, cflags, *cpu->trace_dstate);
-     }
+     return qht_lookup_custom(&tb_ctx.htable, &desc, h, tb_lookup_cmp);
      if (store) {
          res |= TRACE_MEM_ST;
      }
  #ifdef CONFIG_SOFTMMU
 -    res |= mmu_idx << TRACE_MEM_MMU_SHIFT;
 +    res |= get_mmuidx(oi) << TRACE_MEM_MMU_SHIFT;
  #endif
 +
      return res;
  }
--
--/**
-- * trace_mem_get_info:
-- *
-- * Return a value for the 'info' argument in guest memory access traces.
-- */
--static inline uint16_t trace_mem_get_info(MemOp op,
--                                          unsigned int mmu_idx,
--                                          bool store)
--{
--    return trace_mem_build_info(op & MO_SIZE, !!(op & MO_SIGN),
--                                op & MO_BSWAP, store,
--                                mmu_idx);
--}
--
- #endif /* TRACE__MEM_H */
 diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/cputlb.c
 +++ b/accel/tcg/cputlb.c
-@@ -XXX,XX +XXX,XX @@ static inline uint64_t cpu_load_helper(CPUArchState *env, abi_ptr addr,
+@@ -XXX,XX +XXX,XX @@ void tlb_flush_page_bits_by_mmuidx_all_cpus_synced(CPUState *src_cpu,
-                                        int mmu_idx, uintptr_t retaddr,
+    can be detected */
-                                        MemOp op, FullLoadHelper *full_load)
+ void tlb_protect_code(ram_addr_t ram_addr)
  {
--    uint16_t meminfo;
+-    cpu_physical_memory_test_and_clear_dirty(ram_addr, TARGET_PAGE_SIZE,
--    MemOpIdx oi;
++    cpu_physical_memory_test_and_clear_dirty(ram_addr & TARGET_PAGE_MASK,
-+    MemOpIdx oi = make_memop_idx(op, mmu_idx);
++                                             TARGET_PAGE_SIZE,
-+    uint16_t meminfo = trace_mem_get_info(oi, false);
+                                              DIRTY_MEMORY_CODE);
-     uint64_t ret;
+ }
--    meminfo = trace_mem_get_info(op, mmu_idx, false);
+diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
      trace_guest_mem_before_exec(env_cpu(env), addr, meminfo);
 -    oi = make_memop_idx(op, mmu_idx);
      ret = full_load(env, addr, oi, retaddr);
      qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, meminfo);
@@ -XXX,XX +XXX,XX @@ static inline void QEMU_ALWAYS_INLINE
  cpu_store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
                   int mmu_idx, uintptr_t retaddr, MemOp op)
  {
 -    MemOpIdx oi;
 -    uint16_t meminfo;
 +    MemOpIdx oi = make_memop_idx(op, mmu_idx);
 +    uint16_t meminfo = trace_mem_get_info(oi, true);
 -    meminfo = trace_mem_get_info(op, mmu_idx, true);
      trace_guest_mem_before_exec(env_cpu(env), addr, meminfo);
 -    oi = make_memop_idx(op, mmu_idx);
      store_helper(env, addr, val, oi, retaddr, op);
      qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, meminfo);
 diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
 index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/user-exec.c
+--- a/accel/tcg/translate-all.c
-+++ b/accel/tcg/user-exec.c
++++ b/accel/tcg/translate-all.c
-@@ -XXX,XX +XXX,XX @@ int cpu_signal_handler(int host_signum, void *pinfo,
+@@ -XXX,XX +XXX,XX @@ static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list)
+     qemu_spin_unlock(&tb->jmp_lock);
- uint32_t cpu_ldub_data(CPUArchState *env, abi_ptr ptr)
- {
+     /* remove the TB from the hash list */
-+    MemOpIdx oi = make_memop_idx(MO_UB, MMU_USER_IDX);
+-    phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
-+    uint16_t meminfo = trace_mem_get_info(oi, false);
++    phys_pc = tb->page_addr[0];
-     uint32_t ret;
+     h = tb_hash_func(phys_pc, tb->pc, tb->flags, orig_cflags,
--    uint16_t meminfo = trace_mem_get_info(MO_UB, MMU_USER_IDX, false);
+                      tb->trace_vcpu_dstate);
+     if (!qht_remove(&tb_ctx.htable, tb, h)) {
-     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
+@@ -XXX,XX +XXX,XX @@ tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
-     ret = ldub_p(g2h(env_cpu(env), ptr));
+      * we can only insert TBs that are fully initialized.
-@@ -XXX,XX +XXX,XX @@ int cpu_ldsb_data(CPUArchState *env, abi_ptr ptr)
+      */
+     page_lock_pair(&p, phys_pc, &p2, phys_page2, true);
- uint32_t cpu_lduw_be_data(CPUArchState *env, abi_ptr ptr)
+-    tb_page_add(p, tb, 0, phys_pc & TARGET_PAGE_MASK);
- {
++    tb_page_add(p, tb, 0, phys_pc);
-+    MemOpIdx oi = make_memop_idx(MO_BEUW, MMU_USER_IDX);
+     if (p2) {
-+    uint16_t meminfo = trace_mem_get_info(oi, false);
+         tb_page_add(p2, tb, 1, phys_page2);
-     uint32_t ret;
+     } else {
--    uint16_t meminfo = trace_mem_get_info(MO_BEUW, MMU_USER_IDX, false);
+@@ -XXX,XX +XXX,XX @@ tb_invalidate_phys_page_range__locked(struct page_collection *pages,
+         if (n == 0) {
-     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
+             /* NOTE: tb_end may be after the end of the page, but
-     ret = lduw_be_p(g2h(env_cpu(env), ptr));
+                it is not a problem */
-@@ -XXX,XX +XXX,XX @@ int cpu_ldsw_be_data(CPUArchState *env, abi_ptr ptr)
+-            tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
++            tb_start = tb->page_addr[0];
- uint32_t cpu_ldl_be_data(CPUArchState *env, abi_ptr ptr)
+             tb_end = tb_start + tb->size;
- {
+         } else {
-+    MemOpIdx oi = make_memop_idx(MO_BEUL, MMU_USER_IDX);
+             tb_start = tb->page_addr[1];
-+    uint16_t meminfo = trace_mem_get_info(oi, false);
+-            tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
-     uint32_t ret;
++            tb_end = tb_start + ((tb->page_addr[0] + tb->size)
--    uint16_t meminfo = trace_mem_get_info(MO_BEUL, MMU_USER_IDX, false);
++                                 & ~TARGET_PAGE_MASK);
+         }
-     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
+         if (!(tb_end <= start || tb_start >= end)) {
-     ret = ldl_be_p(g2h(env_cpu(env), ptr));
+ #ifdef TARGET_HAS_PRECISE_SMC
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_ldl_be_data(CPUArchState *env, abi_ptr ptr)
  uint64_t cpu_ldq_be_data(CPUArchState *env, abi_ptr ptr)
  {
 +    MemOpIdx oi = make_memop_idx(MO_BEQ, MMU_USER_IDX);
 +    uint16_t meminfo = trace_mem_get_info(oi, false);
      uint64_t ret;
 -    uint16_t meminfo = trace_mem_get_info(MO_BEQ, MMU_USER_IDX, false);
      trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
      ret = ldq_be_p(g2h(env_cpu(env), ptr));
@@ -XXX,XX +XXX,XX @@ uint64_t cpu_ldq_be_data(CPUArchState *env, abi_ptr ptr)
  uint32_t cpu_lduw_le_data(CPUArchState *env, abi_ptr ptr)
  {
 +    MemOpIdx oi = make_memop_idx(MO_LEUW, MMU_USER_IDX);
 +    uint16_t meminfo = trace_mem_get_info(oi, false);
      uint32_t ret;
 -    uint16_t meminfo = trace_mem_get_info(MO_LEUW, MMU_USER_IDX, false);
      trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
      ret = lduw_le_p(g2h(env_cpu(env), ptr));
@@ -XXX,XX +XXX,XX @@ int cpu_ldsw_le_data(CPUArchState *env, abi_ptr ptr)
  uint32_t cpu_ldl_le_data(CPUArchState *env, abi_ptr ptr)
  {
 +    MemOpIdx oi = make_memop_idx(MO_LEUL, MMU_USER_IDX);
 +    uint16_t meminfo = trace_mem_get_info(oi, false);
      uint32_t ret;
 -    uint16_t meminfo = trace_mem_get_info(MO_LEUL, MMU_USER_IDX, false);
      trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
      ret = ldl_le_p(g2h(env_cpu(env), ptr));
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_ldl_le_data(CPUArchState *env, abi_ptr ptr)
  uint64_t cpu_ldq_le_data(CPUArchState *env, abi_ptr ptr)
  {
 +    MemOpIdx oi = make_memop_idx(MO_LEQ, MMU_USER_IDX);
 +    uint16_t meminfo = trace_mem_get_info(oi, false);
      uint64_t ret;
 -    uint16_t meminfo = trace_mem_get_info(MO_LEQ, MMU_USER_IDX, false);
      trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
      ret = ldq_le_p(g2h(env_cpu(env), ptr));
@@ -XXX,XX +XXX,XX @@ uint64_t cpu_ldq_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
  void cpu_stb_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
  {
 -    uint16_t meminfo = trace_mem_get_info(MO_UB, MMU_USER_IDX, true);
 +    MemOpIdx oi = make_memop_idx(MO_UB, MMU_USER_IDX);
 +    uint16_t meminfo = trace_mem_get_info(oi, true);
      trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
      stb_p(g2h(env_cpu(env), ptr), val);
@@ -XXX,XX +XXX,XX @@ void cpu_stb_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
  void cpu_stw_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
  {
 -    uint16_t meminfo = trace_mem_get_info(MO_BEUW, MMU_USER_IDX, true);
 +    MemOpIdx oi = make_memop_idx(MO_BEUW, MMU_USER_IDX);
 +    uint16_t meminfo = trace_mem_get_info(oi, true);
      trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
      stw_be_p(g2h(env_cpu(env), ptr), val);
@@ -XXX,XX +XXX,XX @@ void cpu_stw_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
  void cpu_stl_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
  {
 -    uint16_t meminfo = trace_mem_get_info(MO_BEUL, MMU_USER_IDX, true);
 +    MemOpIdx oi = make_memop_idx(MO_BEUL, MMU_USER_IDX);
 +    uint16_t meminfo = trace_mem_get_info(oi, true);
      trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
      stl_be_p(g2h(env_cpu(env), ptr), val);
@@ -XXX,XX +XXX,XX @@ void cpu_stl_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
  void cpu_stq_be_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
  {
 -    uint16_t meminfo = trace_mem_get_info(MO_BEQ, MMU_USER_IDX, true);
 +    MemOpIdx oi = make_memop_idx(MO_BEQ, MMU_USER_IDX);
 +    uint16_t meminfo = trace_mem_get_info(oi, true);
      trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
      stq_be_p(g2h(env_cpu(env), ptr), val);
@@ -XXX,XX +XXX,XX @@ void cpu_stq_be_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
  void cpu_stw_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
  {
 -    uint16_t meminfo = trace_mem_get_info(MO_LEUW, MMU_USER_IDX, true);
 +    MemOpIdx oi = make_memop_idx(MO_LEUW, MMU_USER_IDX);
 +    uint16_t meminfo = trace_mem_get_info(oi, true);
      trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
      stw_le_p(g2h(env_cpu(env), ptr), val);
@@ -XXX,XX +XXX,XX @@ void cpu_stw_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
  void cpu_stl_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
  {
 -    uint16_t meminfo = trace_mem_get_info(MO_LEUL, MMU_USER_IDX, true);
 +    MemOpIdx oi = make_memop_idx(MO_LEUL, MMU_USER_IDX);
 +    uint16_t meminfo = trace_mem_get_info(oi, true);
      trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
      stl_le_p(g2h(env_cpu(env), ptr), val);
@@ -XXX,XX +XXX,XX @@ void cpu_stl_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
  void cpu_stq_le_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
  {
 -    uint16_t meminfo = trace_mem_get_info(MO_LEQ, MMU_USER_IDX, true);
 +    MemOpIdx oi = make_memop_idx(MO_LEQ, MMU_USER_IDX);
 +    uint16_t meminfo = trace_mem_get_info(oi, true);
      trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
      stq_le_p(g2h(env_cpu(env), ptr), val);
 diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/tcg-op.c
 +++ b/tcg/tcg-op.c
@@ -XXX,XX +XXX,XX @@ static inline void plugin_gen_mem_callbacks(TCGv vaddr, uint16_t info)
  void tcg_gen_qemu_ld_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
  {
      MemOp orig_memop;
 -    uint16_t info = trace_mem_get_info(memop, idx, 0);
 +    uint16_t info = trace_mem_get_info(make_memop_idx(memop, idx), 0);
      tcg_gen_req_mo(TCG_MO_LD_LD | TCG_MO_ST_LD);
      memop = tcg_canonicalize_memop(memop, 0, 0);
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_ld_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
  void tcg_gen_qemu_st_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
  {
      TCGv_i32 swap = NULL;
 -    uint16_t info = trace_mem_get_info(memop, idx, 1);
 +    uint16_t info = trace_mem_get_info(make_memop_idx(memop, idx), 1);
      tcg_gen_req_mo(TCG_MO_LD_ST | TCG_MO_ST_ST);
      memop = tcg_canonicalize_memop(memop, 0, 1);
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_ld_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
      tcg_gen_req_mo(TCG_MO_LD_LD | TCG_MO_ST_LD);
      memop = tcg_canonicalize_memop(memop, 1, 0);
 -    info = trace_mem_get_info(memop, idx, 0);
 +    info = trace_mem_get_info(make_memop_idx(memop, idx), 0);
      trace_guest_mem_before_tcg(tcg_ctx->cpu, cpu_env, addr, info);
      orig_memop = memop;
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_st_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
      tcg_gen_req_mo(TCG_MO_LD_ST | TCG_MO_ST_ST);
      memop = tcg_canonicalize_memop(memop, 1, 1);
 -    info = trace_mem_get_info(memop, idx, 1);
 +    info = trace_mem_get_info(make_memop_idx(memop, idx), 1);
      trace_guest_mem_before_tcg(tcg_ctx->cpu, cpu_env, addr, info);
      if (!TCG_TARGET_HAS_MEMORY_BSWAP && (memop & MO_BSWAP)) {
 diff --git a/accel/tcg/atomic_common.c.inc b/accel/tcg/atomic_common.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/atomic_common.c.inc
 +++ b/accel/tcg/atomic_common.c.inc
@@ -XXX,XX +XXX,XX @@ static uint16_t atomic_trace_rmw_pre(CPUArchState *env, target_ulong addr,
                                       MemOpIdx oi)
  {
      CPUState *cpu = env_cpu(env);
 -    uint16_t info = trace_mem_get_info(get_memop(oi), get_mmuidx(oi), false);
 +    uint16_t info = trace_mem_get_info(oi, false);
      trace_guest_mem_before_exec(cpu, addr, info);
      trace_guest_mem_before_exec(cpu, addr, info | TRACE_MEM_ST);
@@ -XXX,XX +XXX,XX @@ static void atomic_trace_rmw_post(CPUArchState *env, target_ulong addr,
  static uint16_t atomic_trace_ld_pre(CPUArchState *env, target_ulong addr,
                                      MemOpIdx oi)
  {
 -    uint16_t info = trace_mem_get_info(get_memop(oi), get_mmuidx(oi), false);
 +    uint16_t info = trace_mem_get_info(oi, false);
      trace_guest_mem_before_exec(env_cpu(env), addr, info);
@@ -XXX,XX +XXX,XX @@ static void atomic_trace_ld_post(CPUArchState *env, target_ulong addr,
  static uint16_t atomic_trace_st_pre(CPUArchState *env, target_ulong addr,
                                      MemOpIdx oi)
  {
 -    uint16_t info = trace_mem_get_info(get_memop(oi), get_mmuidx(oi), true);
 +    uint16_t info = trace_mem_get_info(oi, true);
      trace_guest_mem_before_exec(env_cpu(env), addr, info);
 --
-.25.1
+.34.1

-[PULL 10/28] plugins: Reorg arguments to qemu_plugin_vcpu_mem_cb
+[PULL 14/20] accel/tcg: Inline tb_flush_jmp_cache
-Use the MemOpIdx directly, rather than the rearrangement
+This function has two users, who use it incompatibly.
-of the same bits currently done by the trace infrastructure.
+In tlb_flush_page_by_mmuidx_async_0, when flushing a
-Pass in enum qemu_plugin_mem_rw so that we are able to treat
+single page, we need to flush exactly two pages.
-read-modify-write operations as a single operation.
+In tlb_flush_range_by_mmuidx_async_0, when flushing a
 range of pages, we need to flush N+1 pages.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
+This avoids double-flushing of jmp cache pages in a range.
 Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- include/qemu/plugin.h         | 26 ++++++++++++++++++++++++--
+ accel/tcg/cputlb.c | 25 ++++++++++++++-----------
- accel/tcg/cputlb.c            |  4 ++--
+file changed, 14 insertions(+), 11 deletions(-)
  accel/tcg/plugin-gen.c        |  5 ++---
  accel/tcg/user-exec.c         | 28 ++++++++++++++--------------
  plugins/api.c                 | 19 +++++++++++--------
  plugins/core.c                | 10 +++++-----
  tcg/tcg-op.c                  | 30 +++++++++++++++++++++---------
  accel/tcg/atomic_common.c.inc | 13 +++----------
 files changed, 82 insertions(+), 53 deletions(-)
-diff --git a/include/qemu/plugin.h b/include/qemu/plugin.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/qemu/plugin.h
-+++ b/include/qemu/plugin.h
-@@ -XXX,XX +XXX,XX @@
- #include "qemu/error-report.h"
- #include "qemu/queue.h"
- #include "qemu/option.h"
-+#include "exec/memopidx.h"
- /*
-  * Events that plugins can subscribe to.
-@@ -XXX,XX +XXX,XX @@ enum qemu_plugin_event {
- struct qemu_plugin_desc;
- typedef QTAILQ_HEAD(, qemu_plugin_desc) QemuPluginList;
-+/*
-+ * Construct a qemu_plugin_meminfo_t.
-+ */
-+static inline qemu_plugin_meminfo_t
-+make_plugin_meminfo(MemOpIdx oi, enum qemu_plugin_mem_rw rw)
-+{
-+    return oi | (rw << 16);
-+}
-+
-+/*
-+ * Extract the memory operation direction from a qemu_plugin_meminfo_t.
-+ * Other portions may be extracted via get_memop and get_mmuidx.
-+ */
-+static inline enum qemu_plugin_mem_rw
-+get_plugin_meminfo_rw(qemu_plugin_meminfo_t i)
-+{
-+    return i >> 16;
-+}
-+
- #ifdef CONFIG_PLUGIN
- extern QemuOptsList qemu_plugin_opts;
-@@ -XXX,XX +XXX,XX @@ qemu_plugin_vcpu_syscall(CPUState *cpu, int64_t num, uint64_t a1,
-                          uint64_t a6, uint64_t a7, uint64_t a8);
- void qemu_plugin_vcpu_syscall_ret(CPUState *cpu, int64_t num, int64_t ret);
--void qemu_plugin_vcpu_mem_cb(CPUState *cpu, uint64_t vaddr, uint32_t meminfo);
-+void qemu_plugin_vcpu_mem_cb(CPUState *cpu, uint64_t vaddr,
-+                             MemOpIdx oi, enum qemu_plugin_mem_rw rw);
- void qemu_plugin_flush_cb(void);
-@@ -XXX,XX +XXX,XX @@ void qemu_plugin_vcpu_syscall_ret(CPUState *cpu, int64_t num, int64_t ret)
- { }
- static inline void qemu_plugin_vcpu_mem_cb(CPUState *cpu, uint64_t vaddr,
--                                           uint32_t meminfo)
-+                                           MemOpIdx oi,
-+                                           enum qemu_plugin_mem_rw rw)
- { }
- static inline void qemu_plugin_flush_cb(void)
 diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/cputlb.c
 +++ b/accel/tcg/cputlb.c
-@@ -XXX,XX +XXX,XX @@ static inline uint64_t cpu_load_helper(CPUArchState *env, abi_ptr addr,
+@@ -XXX,XX +XXX,XX @@ static void tb_jmp_cache_clear_page(CPUState *cpu, target_ulong page_addr)
      ret = full_load(env, addr, oi, retaddr);
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, meminfo);
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
      return ret;
  }
@@ -XXX,XX +XXX,XX @@ cpu_store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
      store_helper(env, addr, val, oi, retaddr, op);
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, meminfo);
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
  }
  void cpu_stb_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
 diff --git a/accel/tcg/plugin-gen.c b/accel/tcg/plugin-gen.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/plugin-gen.c
 +++ b/accel/tcg/plugin-gen.c
@@ -XXX,XX +XXX,XX @@
  #include "qemu/osdep.h"
  #include "tcg/tcg.h"
  #include "tcg/tcg-op.h"
 -#include "trace/mem.h"
  #include "exec/exec-all.h"
  #include "exec/plugin-gen.h"
  #include "exec/translator.h"
@@ -XXX,XX +XXX,XX @@ static void gen_mem_wrapped(enum plugin_gen_cb type,
                              const union mem_gen_fn *f, TCGv addr,
                              uint32_t info, bool is_mem)
  {
 -    int wr = !!(info & TRACE_MEM_ST);
 +    enum qemu_plugin_mem_rw rw = get_plugin_meminfo_rw(info);
 -    gen_plugin_cb_start(PLUGIN_GEN_FROM_MEM, type, wr);
 +    gen_plugin_cb_start(PLUGIN_GEN_FROM_MEM, type, rw);
      if (is_mem) {
          f->mem_fn(addr, info);
      } else {
 diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/user-exec.c
 +++ b/accel/tcg/user-exec.c
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_ldub_data(CPUArchState *env, abi_ptr ptr)
      trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
      ret = ldub_p(g2h(env_cpu(env), ptr));
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
      return ret;
  }
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_lduw_be_data(CPUArchState *env, abi_ptr ptr)
      trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
      ret = lduw_be_p(g2h(env_cpu(env), ptr));
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
      return ret;
  }
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_ldl_be_data(CPUArchState *env, abi_ptr ptr)
      trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
      ret = ldl_be_p(g2h(env_cpu(env), ptr));
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
      return ret;
  }
@@ -XXX,XX +XXX,XX @@ uint64_t cpu_ldq_be_data(CPUArchState *env, abi_ptr ptr)
      trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
      ret = ldq_be_p(g2h(env_cpu(env), ptr));
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
      return ret;
  }
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_lduw_le_data(CPUArchState *env, abi_ptr ptr)
      trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
      ret = lduw_le_p(g2h(env_cpu(env), ptr));
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
      return ret;
  }
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_ldl_le_data(CPUArchState *env, abi_ptr ptr)
      trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
      ret = ldl_le_p(g2h(env_cpu(env), ptr));
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
      return ret;
  }
@@ -XXX,XX +XXX,XX @@ uint64_t cpu_ldq_le_data(CPUArchState *env, abi_ptr ptr)
      trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
      ret = ldq_le_p(g2h(env_cpu(env), ptr));
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
      return ret;
  }
@@ -XXX,XX +XXX,XX @@ void cpu_stb_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
      trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
      stb_p(g2h(env_cpu(env), ptr), val);
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
  }
  void cpu_stw_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
@@ -XXX,XX +XXX,XX @@ void cpu_stw_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
      trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
      stw_be_p(g2h(env_cpu(env), ptr), val);
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
  }
  void cpu_stl_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
@@ -XXX,XX +XXX,XX @@ void cpu_stl_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
      trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
      stl_be_p(g2h(env_cpu(env), ptr), val);
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
  }
  void cpu_stq_be_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
@@ -XXX,XX +XXX,XX @@ void cpu_stq_be_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
      trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
      stq_be_p(g2h(env_cpu(env), ptr), val);
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
  }
  void cpu_stw_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
@@ -XXX,XX +XXX,XX @@ void cpu_stw_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
      trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
      stw_le_p(g2h(env_cpu(env), ptr), val);
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
  }
  void cpu_stl_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
@@ -XXX,XX +XXX,XX @@ void cpu_stl_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
      trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
      stl_le_p(g2h(env_cpu(env), ptr), val);
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
  }
  void cpu_stq_le_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
@@ -XXX,XX +XXX,XX @@ void cpu_stq_le_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
      trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
      stq_le_p(g2h(env_cpu(env), ptr), val);
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
  }
  void cpu_stb_data_ra(CPUArchState *env, abi_ptr ptr,
 diff --git a/plugins/api.c b/plugins/api.c
 index XXXXXXX..XXXXXXX 100644
 --- a/plugins/api.c
 +++ b/plugins/api.c
@@ -XXX,XX +XXX,XX @@
  #include "qemu/plugin-memory.h"
  #include "hw/boards.h"
  #endif
 -#include "trace/mem.h"
  /* Uninstall and Reset handlers */
@@ -XXX,XX +XXX,XX @@ const char *qemu_plugin_insn_symbol(const struct qemu_plugin_insn *insn)
  unsigned qemu_plugin_mem_size_shift(qemu_plugin_meminfo_t info)
  {
 -    return info & TRACE_MEM_SZ_SHIFT_MASK;
 +    MemOp op = get_memop(info);
 +    return op & MO_SIZE;
  }
  bool qemu_plugin_mem_is_sign_extended(qemu_plugin_meminfo_t info)
  {
 -    return !!(info & TRACE_MEM_SE);
 +    MemOp op = get_memop(info);
 +    return op & MO_SIGN;
  }
  bool qemu_plugin_mem_is_big_endian(qemu_plugin_meminfo_t info)
  {
 -    return !!(info & TRACE_MEM_BE);
 +    MemOp op = get_memop(info);
 +    return (op & MO_BSWAP) == MO_BE;
  }
  bool qemu_plugin_mem_is_store(qemu_plugin_meminfo_t info)
  {
 -    return !!(info & TRACE_MEM_ST);
 +    return get_plugin_meminfo_rw(info) & QEMU_PLUGIN_MEM_W;
  }
  /*
@@ -XXX,XX +XXX,XX @@ struct qemu_plugin_hwaddr *qemu_plugin_get_hwaddr(qemu_plugin_meminfo_t info,
  {
  #ifdef CONFIG_SOFTMMU
      CPUState *cpu = current_cpu;
 -    unsigned int mmu_idx = info >> TRACE_MEM_MMU_SHIFT;
 -    hwaddr_info.is_store = info & TRACE_MEM_ST;
 +    unsigned int mmu_idx = get_mmuidx(info);
 +    enum qemu_plugin_mem_rw rw = get_plugin_meminfo_rw(info);
 +    hwaddr_info.is_store = (rw & QEMU_PLUGIN_MEM_W) != 0;
      if (!tlb_plugin_lookup(cpu, vaddr, mmu_idx,
 -                           info & TRACE_MEM_ST, &hwaddr_info)) {
 +                           hwaddr_info.is_store, &hwaddr_info)) {
          error_report("invalid use of qemu_plugin_get_hwaddr");
          return NULL;
      }
 diff --git a/plugins/core.c b/plugins/core.c
 index XXXXXXX..XXXXXXX 100644
 --- a/plugins/core.c
 +++ b/plugins/core.c
@@ -XXX,XX +XXX,XX @@
  #include "exec/helper-proto.h"
  #include "tcg/tcg.h"
  #include "tcg/tcg-op.h"
 -#include "trace/mem.h" /* mem_info macros */
  #include "plugin.h"
  #include "qemu/compiler.h"
@@ -XXX,XX +XXX,XX @@ void exec_inline_op(struct qemu_plugin_dyn_cb *cb)
      }
  }
--void qemu_plugin_vcpu_mem_cb(CPUState *cpu, uint64_t vaddr, uint32_t info)
+-static void tb_flush_jmp_cache(CPUState *cpu, target_ulong addr)
-+void qemu_plugin_vcpu_mem_cb(CPUState *cpu, uint64_t vaddr,
+-{
-+                             MemOpIdx oi, enum qemu_plugin_mem_rw rw)
+-    /* Discard jump cache entries for any tb which might potentially
- {
+-       overlap the flushed page.  */
-     GArray *arr = cpu->plugin_mem_cbs;
+-    tb_jmp_cache_clear_page(cpu, addr - TARGET_PAGE_SIZE);
-     size_t i;
+-    tb_jmp_cache_clear_page(cpu, addr);
-@@ -XXX,XX +XXX,XX @@ void qemu_plugin_vcpu_mem_cb(CPUState *cpu, uint64_t vaddr, uint32_t info)
+-}
-     for (i = 0; i < arr->len; i++) {
+-
-         struct qemu_plugin_dyn_cb *cb =
+ /**
-             &g_array_index(arr, struct qemu_plugin_dyn_cb, i);
+  * tlb_mmu_resize_locked() - perform TLB resize bookkeeping; resize if necessary
--        int w = !!(info & TRACE_MEM_ST) + 1;
+  * @desc: The CPUTLBDesc portion of the TLB
+@@ -XXX,XX +XXX,XX @@ static void tlb_flush_page_by_mmuidx_async_0(CPUState *cpu,
--        if (!(w & cb->rw)) {
+     }
-+        if (!(rw & cb->rw)) {
+     qemu_spin_unlock(&env_tlb(env)->c.lock);
-                 break;
-         }
+-    tb_flush_jmp_cache(cpu, addr);
-         switch (cb->type) {
++    /*
-         case PLUGIN_CB_REGULAR:
++     * Discard jump cache entries for any tb which might potentially
--            cb->f.vcpu_mem(cpu->cpu_index, info, vaddr, cb->userp);
++     * overlap the flushed page, which includes the previous.
-+            cb->f.vcpu_mem(cpu->cpu_index, make_plugin_meminfo(oi, rw),
++     */
-+                           vaddr, cb->userp);
++    tb_jmp_cache_clear_page(cpu, addr - TARGET_PAGE_SIZE);
-             break;
++    tb_jmp_cache_clear_page(cpu, addr);
          case PLUGIN_CB_INLINE:
              exec_inline_op(cb);
 diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/tcg-op.c
 +++ b/tcg/tcg-op.c
@@ -XXX,XX +XXX,XX @@ static inline TCGv plugin_prep_mem_callbacks(TCGv vaddr)
      return vaddr;
  }
--static inline void plugin_gen_mem_callbacks(TCGv vaddr, uint16_t info)
+ /**
-+static void plugin_gen_mem_callbacks(TCGv vaddr, MemOpIdx oi,
+@@ -XXX,XX +XXX,XX @@ static void tlb_flush_range_by_mmuidx_async_0(CPUState *cpu,
-+                                     enum qemu_plugin_mem_rw rw)
+         return;
  {
  #ifdef CONFIG_PLUGIN
      if (tcg_ctx->plugin_insn != NULL) {
 +        qemu_plugin_meminfo_t info = make_plugin_meminfo(oi, rw);
          plugin_gen_empty_mem_callback(vaddr, info);
          tcg_temp_free(vaddr);
      }
-@@ -XXX,XX +XXX,XX @@ static inline void plugin_gen_mem_callbacks(TCGv vaddr, uint16_t info)
- void tcg_gen_qemu_ld_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
+-    for (target_ulong i = 0; i < d.len; i += TARGET_PAGE_SIZE) {
- {
+-        tb_flush_jmp_cache(cpu, d.addr + i);
-     MemOp orig_memop;
++    /*
--    uint16_t info = trace_mem_get_info(make_memop_idx(memop, idx), 0);
++     * Discard jump cache entries for any tb which might potentially
-+    MemOpIdx oi;
++     * overlap the flushed pages, which includes the previous.
-+    uint16_t info;
++     */
++    d.addr -= TARGET_PAGE_SIZE;
-     tcg_gen_req_mo(TCG_MO_LD_LD | TCG_MO_ST_LD);
++    for (target_ulong i = 0, n = d.len / TARGET_PAGE_SIZE + 1; i < n; i++) {
-     memop = tcg_canonicalize_memop(memop, 0, 0);
++        tb_jmp_cache_clear_page(cpu, d.addr);
-+    oi = make_memop_idx(memop, idx);
++        d.addr += TARGET_PAGE_SIZE;
 +    info = trace_mem_get_info(oi, 0);
      trace_guest_mem_before_tcg(tcg_ctx->cpu, cpu_env, addr, info);
      orig_memop = memop;
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_ld_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
      addr = plugin_prep_mem_callbacks(addr);
      gen_ldst_i32(INDEX_op_qemu_ld_i32, val, addr, memop, idx);
 -    plugin_gen_mem_callbacks(addr, info);
 +    plugin_gen_mem_callbacks(addr, oi, QEMU_PLUGIN_MEM_R);
      if ((orig_memop ^ memop) & MO_BSWAP) {
          switch (orig_memop & MO_SIZE) {
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_ld_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
  void tcg_gen_qemu_st_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
  {
      TCGv_i32 swap = NULL;
 -    uint16_t info = trace_mem_get_info(make_memop_idx(memop, idx), 1);
 +    MemOpIdx oi;
 +    uint16_t info;
      tcg_gen_req_mo(TCG_MO_LD_ST | TCG_MO_ST_ST);
      memop = tcg_canonicalize_memop(memop, 0, 1);
 +    oi = make_memop_idx(memop, idx);
 +    info = trace_mem_get_info(oi, 1);
      trace_guest_mem_before_tcg(tcg_ctx->cpu, cpu_env, addr, info);
      if (!TCG_TARGET_HAS_MEMORY_BSWAP && (memop & MO_BSWAP)) {
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_st_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
      } else {
          gen_ldst_i32(INDEX_op_qemu_st_i32, val, addr, memop, idx);
      }
--    plugin_gen_mem_callbacks(addr, info);
-+    plugin_gen_mem_callbacks(addr, oi, QEMU_PLUGIN_MEM_W);
-     if (swap) {
-         tcg_temp_free_i32(swap);
-@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_st_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
- void tcg_gen_qemu_ld_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
- {
-     MemOp orig_memop;
-+    MemOpIdx oi;
-     uint16_t info;
-     if (TCG_TARGET_REG_BITS == 32 && (memop & MO_SIZE) < MO_64) {
-@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_ld_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
-     tcg_gen_req_mo(TCG_MO_LD_LD | TCG_MO_ST_LD);
-     memop = tcg_canonicalize_memop(memop, 1, 0);
--    info = trace_mem_get_info(make_memop_idx(memop, idx), 0);
-+    oi = make_memop_idx(memop, idx);
-+    info = trace_mem_get_info(oi, 0);
-     trace_guest_mem_before_tcg(tcg_ctx->cpu, cpu_env, addr, info);
-     orig_memop = memop;
-@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_ld_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
-     addr = plugin_prep_mem_callbacks(addr);
-     gen_ldst_i64(INDEX_op_qemu_ld_i64, val, addr, memop, idx);
--    plugin_gen_mem_callbacks(addr, info);
-+    plugin_gen_mem_callbacks(addr, oi, QEMU_PLUGIN_MEM_R);
-     if ((orig_memop ^ memop) & MO_BSWAP) {
-         int flags = (orig_memop & MO_SIGN
-@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_ld_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
- void tcg_gen_qemu_st_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
- {
-     TCGv_i64 swap = NULL;
-+    MemOpIdx oi;
-     uint16_t info;
-     if (TCG_TARGET_REG_BITS == 32 && (memop & MO_SIZE) < MO_64) {
-@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_st_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
-     tcg_gen_req_mo(TCG_MO_LD_ST | TCG_MO_ST_ST);
-     memop = tcg_canonicalize_memop(memop, 1, 1);
--    info = trace_mem_get_info(make_memop_idx(memop, idx), 1);
-+    oi = make_memop_idx(memop, idx);
-+    info = trace_mem_get_info(oi, 1);
-     trace_guest_mem_before_tcg(tcg_ctx->cpu, cpu_env, addr, info);
-     if (!TCG_TARGET_HAS_MEMORY_BSWAP && (memop & MO_BSWAP)) {
-@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_st_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
-     addr = plugin_prep_mem_callbacks(addr);
-     gen_ldst_i64(INDEX_op_qemu_st_i64, val, addr, memop, idx);
--    plugin_gen_mem_callbacks(addr, info);
-+    plugin_gen_mem_callbacks(addr, oi, QEMU_PLUGIN_MEM_W);
-     if (swap) {
-         tcg_temp_free_i64(swap);
-diff --git a/accel/tcg/atomic_common.c.inc b/accel/tcg/atomic_common.c.inc
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/atomic_common.c.inc
-+++ b/accel/tcg/atomic_common.c.inc
-@@ -XXX,XX +XXX,XX @@ static void atomic_trace_rmw_pre(CPUArchState *env, target_ulong addr,
- static void atomic_trace_rmw_post(CPUArchState *env, target_ulong addr,
-                                   MemOpIdx oi)
- {
--    uint16_t info = trace_mem_get_info(oi, false);
--
--    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, info);
--    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, info | TRACE_MEM_ST);
-+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_RW);
  }
- #if HAVE_ATOMIC128
-@@ -XXX,XX +XXX,XX @@ static void atomic_trace_ld_pre(CPUArchState *env, target_ulong addr,
- static void atomic_trace_ld_post(CPUArchState *env, target_ulong addr,
-                                  MemOpIdx oi)
- {
--    uint16_t info = trace_mem_get_info(oi, false);
--
--    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, info);
-+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
- }
- static void atomic_trace_st_pre(CPUArchState *env, target_ulong addr,
-@@ -XXX,XX +XXX,XX @@ static void atomic_trace_st_pre(CPUArchState *env, target_ulong addr,
- static void atomic_trace_st_post(CPUArchState *env, target_ulong addr,
-                                  MemOpIdx oi)
- {
--    uint16_t info = trace_mem_get_info(oi, false);
--
--    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, info);
-+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
- }
- #endif
 --
-.25.1
+.34.1

-[PULL 07/28] tcg: Split out MemOpIdx to exec/memopidx.h
+[PULL 15/20] include/hw/core: Create struct CPUJumpCache
-Move this code from tcg/tcg.h to its own header.
+Wrap the bare TranslationBlock pointer into a structure.
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
 Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- include/exec/memopidx.h | 55 +++++++++++++++++++++++++++++++++++++++++
+ accel/tcg/tb-hash.h       |  1 +
- include/tcg/tcg.h       | 39 +----------------------------
+ accel/tcg/tb-jmp-cache.h  | 24 ++++++++++++++++++++++++
-files changed, 56 insertions(+), 38 deletions(-)
+ include/exec/cpu-common.h |  1 +
- create mode 100644 include/exec/memopidx.h
+ include/hw/core/cpu.h     | 15 +--------------
  include/qemu/typedefs.h   |  1 +
  accel/stubs/tcg-stub.c    |  4 ++++
  accel/tcg/cpu-exec.c      | 10 +++++++---
  accel/tcg/cputlb.c        |  9 +++++----
  accel/tcg/translate-all.c | 28 +++++++++++++++++++++++++---
  hw/core/cpu-common.c      |  3 +--
  plugins/core.c            |  2 +-
  trace/control-target.c    |  2 +-
 files changed, 72 insertions(+), 28 deletions(-)
  create mode 100644 accel/tcg/tb-jmp-cache.h
-diff --git a/include/exec/memopidx.h b/include/exec/memopidx.h
+diff --git a/accel/tcg/tb-hash.h b/accel/tcg/tb-hash.h
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/tb-hash.h
 +++ b/accel/tcg/tb-hash.h
@@ -XXX,XX +XXX,XX @@
  #include "exec/cpu-defs.h"
  #include "exec/exec-all.h"
  #include "qemu/xxhash.h"
 +#include "tb-jmp-cache.h"
  #ifdef CONFIG_SOFTMMU
 diff --git a/accel/tcg/tb-jmp-cache.h b/accel/tcg/tb-jmp-cache.h
 new file mode 100644
 index XXXXXXX..XXXXXXX
 --- /dev/null
-+++ b/include/exec/memopidx.h
++++ b/accel/tcg/tb-jmp-cache.h
 @@ -XXX,XX +XXX,XX @@
 +/*
-+ * Combine the MemOp and mmu_idx parameters into a single value.
++ * The per-CPU TranslationBlock jump cache.
 + *
-+ * Authors:
++ *  Copyright (c) 2003 Fabrice Bellard
 + *  Richard Henderson <rth@twiddle.net>
 + *
-+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
++ * SPDX-License-Identifier: GPL-2.0-or-later
 + * See the COPYING file in the top-level directory.
 + */
 +
-+#ifndef EXEC_MEMOPIDX_H
++#ifndef ACCEL_TCG_TB_JMP_CACHE_H
-+#define EXEC_MEMOPIDX_H 1
++#define ACCEL_TCG_TB_JMP_CACHE_H
 +
-+#include "exec/memop.h"
++#define TB_JMP_CACHE_BITS 12
-+
++#define TB_JMP_CACHE_SIZE (1 << TB_JMP_CACHE_BITS)
-+typedef uint32_t MemOpIdx;
++
-+
++/*
-+/**
++ * Accessed in parallel; all accesses to 'tb' must be atomic.
 + * make_memop_idx
 + * @op: memory operation
 + * @idx: mmu index
 + *
 + * Encode these values into a single parameter.
 + */
-+static inline MemOpIdx make_memop_idx(MemOp op, unsigned idx)
++struct CPUJumpCache {
-+{
++    struct {
-+#ifdef CONFIG_DEBUG_TCG
++        TranslationBlock *tb;
-+    assert(idx <= 15);
++    } array[TB_JMP_CACHE_SIZE];
-+#endif
++};
-+    return (op << 4) | idx;
++
-+}
++#endif /* ACCEL_TCG_TB_JMP_CACHE_H */
-+
+diff --git a/include/exec/cpu-common.h b/include/exec/cpu-common.h
-+/**
+index XXXXXXX..XXXXXXX 100644
-+ * get_memop
+--- a/include/exec/cpu-common.h
-+ * @oi: combined op/idx parameter
++++ b/include/exec/cpu-common.h
-+ *
+@@ -XXX,XX +XXX,XX @@ void cpu_list_unlock(void);
-+ * Extract the memory operation from the combined value.
+ unsigned int cpu_list_generation_id_get(void);
-+ */
-+static inline MemOp get_memop(MemOpIdx oi)
+ void tcg_flush_softmmu_tlb(CPUState *cs);
-+{
++void tcg_flush_jmp_cache(CPUState *cs);
-+    return oi >> 4;
-+}
+ void tcg_iommu_init_notifier_list(CPUState *cpu);
-+
+ void tcg_iommu_free_notifier_list(CPUState *cpu);
-+/**
+diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
-+ * get_mmuidx
+index XXXXXXX..XXXXXXX 100644
-+ * @oi: combined op/idx parameter
+--- a/include/hw/core/cpu.h
-+ *
++++ b/include/hw/core/cpu.h
-+ * Extract the mmu index from the combined value.
+@@ -XXX,XX +XXX,XX @@ struct kvm_run;
-+ */
+ struct hax_vcpu_state;
-+static inline unsigned get_mmuidx(MemOpIdx oi)
+ struct hvf_vcpu_state;
-+{
-+    return oi & 15;
+-#define TB_JMP_CACHE_BITS 12
-+}
+-#define TB_JMP_CACHE_SIZE (1 << TB_JMP_CACHE_BITS)
 +
 +#endif
 diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/tcg/tcg.h
 +++ b/include/tcg/tcg.h
@@ -XXX,XX +XXX,XX @@
  #include "cpu.h"
  #include "exec/memop.h"
 +#include "exec/memopidx.h"
  #include "qemu/bitops.h"
  #include "qemu/plugin.h"
  #include "qemu/queue.h"
@@ -XXX,XX +XXX,XX @@ static inline size_t tcg_current_code_size(TCGContext *s)
      return tcg_ptr_byte_diff(s->code_ptr, s->code_buf);
  }
 -/* Combine the MemOp and mmu_idx parameters into a single value.  */
 -typedef uint32_t MemOpIdx;
 -
--/**
+ /* work queue */
-- * make_memop_idx
-- * @op: memory operation
+ /* The union type allows passing of 64 bit target pointers on 32 bit
-- * @idx: mmu index
+@@ -XXX,XX +XXX,XX @@ struct CPUState {
-- *
+     CPUArchState *env_ptr;
-- * Encode these values into a single parameter.
+     IcountDecr *icount_decr_ptr;
-- */
--static inline MemOpIdx make_memop_idx(MemOp op, unsigned idx)
+-    /* Accessed in parallel; all accesses must be atomic */
 -    TranslationBlock *tb_jmp_cache[TB_JMP_CACHE_SIZE];
 +    CPUJumpCache *tb_jmp_cache;
      struct GDBRegisterState *gdb_regs;
      int gdb_num_regs;
@@ -XXX,XX +XXX,XX @@ extern CPUTailQ cpus;
  extern __thread CPUState *current_cpu;
 -static inline void cpu_tb_jmp_cache_clear(CPUState *cpu)
 -{
--    tcg_debug_assert(idx <= 15);
+-    unsigned int i;
 -    return (op << 4) | idx;
 -}
 -
--/**
+-    for (i = 0; i < TB_JMP_CACHE_SIZE; i++) {
-- * get_memop
+-        qatomic_set(&cpu->tb_jmp_cache[i], NULL);
-- * @oi: combined op/idx parameter
+-    }
 - *
 - * Extract the memory operation from the combined value.
 - */
 -static inline MemOp get_memop(MemOpIdx oi)
 -{
 -    return oi >> 4;
 -}
 -
 -/**
 - * get_mmuidx
 - * @oi: combined op/idx parameter
 - *
 - * Extract the mmu index from the combined value.
 - */
 -static inline unsigned get_mmuidx(MemOpIdx oi)
 -{
 -    return oi & 15;
 -}
 -
  /**
-  * tcg_qemu_tb_exec:
+  * qemu_tcg_mttcg_enabled:
-  * @env: pointer to CPUArchState for the CPU
+  * Check whether we are running MultiThread TCG or not.
 diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/qemu/typedefs.h
 +++ b/include/qemu/typedefs.h
@@ -XXX,XX +XXX,XX @@ typedef struct CoMutex CoMutex;
  typedef struct ConfidentialGuestSupport ConfidentialGuestSupport;
  typedef struct CPUAddressSpace CPUAddressSpace;
  typedef struct CPUArchState CPUArchState;
 +typedef struct CPUJumpCache CPUJumpCache;
  typedef struct CPUState CPUState;
  typedef struct CPUTLBEntryFull CPUTLBEntryFull;
  typedef struct DeviceListener DeviceListener;
 diff --git a/accel/stubs/tcg-stub.c b/accel/stubs/tcg-stub.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/stubs/tcg-stub.c
 +++ b/accel/stubs/tcg-stub.c
@@ -XXX,XX +XXX,XX @@ void tlb_set_dirty(CPUState *cpu, target_ulong vaddr)
  {
  }
 +void tcg_flush_jmp_cache(CPUState *cpu)
 +{
 +}
 +
  int probe_access_flags(CPUArchState *env, target_ulong addr,
                         MMUAccessType access_type, int mmu_idx,
                         bool nonfault, void **phost, uintptr_t retaddr)
 diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/cpu-exec.c
 +++ b/accel/tcg/cpu-exec.c
@@ -XXX,XX +XXX,XX @@
  #include "sysemu/replay.h"
  #include "sysemu/tcg.h"
  #include "exec/helper-proto.h"
 +#include "tb-jmp-cache.h"
  #include "tb-hash.h"
  #include "tb-context.h"
  #include "internal.h"
@@ -XXX,XX +XXX,XX @@ static inline TranslationBlock *tb_lookup(CPUState *cpu, target_ulong pc,
      tcg_debug_assert(!(cflags & CF_INVALID));
      hash = tb_jmp_cache_hash_func(pc);
 -    tb = qatomic_rcu_read(&cpu->tb_jmp_cache[hash]);
 +    tb = qatomic_rcu_read(&cpu->tb_jmp_cache->array[hash].tb);
      if (likely(tb &&
                 tb->pc == pc &&
@@ -XXX,XX +XXX,XX @@ static inline TranslationBlock *tb_lookup(CPUState *cpu, target_ulong pc,
      if (tb == NULL) {
          return NULL;
      }
 -    qatomic_set(&cpu->tb_jmp_cache[hash], tb);
 +    qatomic_set(&cpu->tb_jmp_cache->array[hash].tb, tb);
      return tb;
  }
@@ -XXX,XX +XXX,XX @@ int cpu_exec(CPUState *cpu)
              tb = tb_lookup(cpu, pc, cs_base, flags, cflags);
              if (tb == NULL) {
 +                uint32_t h;
 +
                  mmap_lock();
                  tb = tb_gen_code(cpu, pc, cs_base, flags, cflags);
                  mmap_unlock();
@@ -XXX,XX +XXX,XX @@ int cpu_exec(CPUState *cpu)
                   * We add the TB in the virtual pc hash table
                   * for the fast lookup
                   */
 -                qatomic_set(&cpu->tb_jmp_cache[tb_jmp_cache_hash_func(pc)], tb);
 +                h = tb_jmp_cache_hash_func(pc);
 +                qatomic_set(&cpu->tb_jmp_cache->array[h].tb, tb);
              }
  #ifndef CONFIG_USER_ONLY
 diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/cputlb.c
 +++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ static void tlb_window_reset(CPUTLBDesc *desc, int64_t ns,
  static void tb_jmp_cache_clear_page(CPUState *cpu, target_ulong page_addr)
  {
 -    unsigned int i, i0 = tb_jmp_cache_hash_page(page_addr);
 +    int i, i0 = tb_jmp_cache_hash_page(page_addr);
 +    CPUJumpCache *jc = cpu->tb_jmp_cache;
      for (i = 0; i < TB_JMP_PAGE_SIZE; i++) {
 -        qatomic_set(&cpu->tb_jmp_cache[i0 + i], NULL);
 +        qatomic_set(&jc->array[i0 + i].tb, NULL);
      }
  }
@@ -XXX,XX +XXX,XX @@ static void tlb_flush_by_mmuidx_async_work(CPUState *cpu, run_on_cpu_data data)
      qemu_spin_unlock(&env_tlb(env)->c.lock);
 -    cpu_tb_jmp_cache_clear(cpu);
 +    tcg_flush_jmp_cache(cpu);
      if (to_clean == ALL_MMUIDX_BITS) {
          qatomic_set(&env_tlb(env)->c.full_flush_count,
@@ -XXX,XX +XXX,XX @@ static void tlb_flush_range_by_mmuidx_async_0(CPUState *cpu,
       * longer to clear each entry individually than it will to clear it all.
       */
      if (d.len >= (TARGET_PAGE_SIZE * TB_JMP_CACHE_SIZE)) {
 -        cpu_tb_jmp_cache_clear(cpu);
 +        tcg_flush_jmp_cache(cpu);
          return;
      }
 diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/translate-all.c
 +++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@
  #include "sysemu/tcg.h"
  #include "qapi/error.h"
  #include "hw/core/tcg-cpu-ops.h"
 +#include "tb-jmp-cache.h"
  #include "tb-hash.h"
  #include "tb-context.h"
  #include "internal.h"
@@ -XXX,XX +XXX,XX @@ static void do_tb_flush(CPUState *cpu, run_on_cpu_data tb_flush_count)
      }
      CPU_FOREACH(cpu) {
 -        cpu_tb_jmp_cache_clear(cpu);
 +        tcg_flush_jmp_cache(cpu);
      }
      qht_reset_size(&tb_ctx.htable, CODE_GEN_HTABLE_SIZE);
@@ -XXX,XX +XXX,XX @@ static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list)
      /* remove the TB from the hash list */
      h = tb_jmp_cache_hash_func(tb->pc);
      CPU_FOREACH(cpu) {
 -        if (qatomic_read(&cpu->tb_jmp_cache[h]) == tb) {
 -            qatomic_set(&cpu->tb_jmp_cache[h], NULL);
 +        CPUJumpCache *jc = cpu->tb_jmp_cache;
 +        if (qatomic_read(&jc->array[h].tb) == tb) {
 +            qatomic_set(&jc->array[h].tb, NULL);
          }
      }
@@ -XXX,XX +XXX,XX @@ int page_unprotect(target_ulong address, uintptr_t pc)
  }
  #endif /* CONFIG_USER_ONLY */
 +/*
 + * Called by generic code at e.g. cpu reset after cpu creation,
 + * therefore we must be prepared to allocate the jump cache.
 + */
 +void tcg_flush_jmp_cache(CPUState *cpu)
 +{
 +    CPUJumpCache *jc = cpu->tb_jmp_cache;
 +
 +    if (likely(jc)) {
 +        for (int i = 0; i < TB_JMP_CACHE_SIZE; i++) {
 +            qatomic_set(&jc->array[i].tb, NULL);
 +        }
 +    } else {
 +        /* This should happen once during realize, and thus never race. */
 +        jc = g_new0(CPUJumpCache, 1);
 +        jc = qatomic_xchg(&cpu->tb_jmp_cache, jc);
 +        assert(jc == NULL);
 +    }
 +}
 +
  /* This is a wrapper for common code that can not use CONFIG_SOFTMMU */
  void tcg_flush_softmmu_tlb(CPUState *cs)
  {
 diff --git a/hw/core/cpu-common.c b/hw/core/cpu-common.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/core/cpu-common.c
 +++ b/hw/core/cpu-common.c
@@ -XXX,XX +XXX,XX @@ static void cpu_common_reset(DeviceState *dev)
      cpu->cflags_next_tb = -1;
      if (tcg_enabled()) {
 -        cpu_tb_jmp_cache_clear(cpu);
 -
 +        tcg_flush_jmp_cache(cpu);
          tcg_flush_softmmu_tlb(cpu);
      }
  }
 diff --git a/plugins/core.c b/plugins/core.c
 index XXXXXXX..XXXXXXX 100644
 --- a/plugins/core.c
 +++ b/plugins/core.c
@@ -XXX,XX +XXX,XX @@ struct qemu_plugin_ctx *plugin_id_to_ctx_locked(qemu_plugin_id_t id)
  static void plugin_cpu_update__async(CPUState *cpu, run_on_cpu_data data)
  {
      bitmap_copy(cpu->plugin_mask, &data.host_ulong, QEMU_PLUGIN_EV_MAX);
 -    cpu_tb_jmp_cache_clear(cpu);
 +    tcg_flush_jmp_cache(cpu);
  }
  static void plugin_cpu_update__locked(gpointer k, gpointer v, gpointer udata)
 diff --git a/trace/control-target.c b/trace/control-target.c
 index XXXXXXX..XXXXXXX 100644
 --- a/trace/control-target.c
 +++ b/trace/control-target.c
@@ -XXX,XX +XXX,XX @@ static void trace_event_synchronize_vcpu_state_dynamic(
  {
      bitmap_copy(vcpu->trace_dstate, vcpu->trace_dstate_delayed,
                  CPU_TRACE_DSTATE_MAX_EVENTS);
 -    cpu_tb_jmp_cache_clear(vcpu);
 +    tcg_flush_jmp_cache(vcpu);
  }
  void trace_event_set_vcpu_state_dynamic(CPUState *vcpu,
 --
-.25.1
+.34.1

-[PULL 18/28] tcg/s390x: Implement tcg_out_ld/st for vector types
+[PULL 16/20] hw/core: Add CPUClass.get_pc
-Reviewed-by: David Hildenbrand <david@redhat.com>
+Populate this new method for all targets.  Always match
 the result that would be given by cpu_get_tb_cpu_state,
 as we will want these values to correspond in the logs.
 Reviewed-by: Taylor Simpson <tsimpson@quicinc.com>
 Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
 Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> (target/sparc)
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- tcg/s390x/tcg-target.c.inc | 132 +++++++++++++++++++++++++++++++++----
+Cc: Eduardo Habkost <eduardo@habkost.net> (supporter:Machine core)
-file changed, 120 insertions(+), 12 deletions(-)
+Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> (supporter:Machine core)
 Cc: "Philippe Mathieu-Daudé" <f4bug@amsat.org> (reviewer:Machine core)
 Cc: Yanan Wang <wangyanan55@huawei.com> (reviewer:Machine core)
 Cc: Michael Rolnik <mrolnik@gmail.com> (maintainer:AVR TCG CPUs)
 Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com> (maintainer:CRIS TCG CPUs)
 Cc: Taylor Simpson <tsimpson@quicinc.com> (supporter:Hexagon TCG CPUs)
 Cc: Song Gao <gaosong@loongson.cn> (maintainer:LoongArch TCG CPUs)
 Cc: Xiaojuan Yang <yangxiaojuan@loongson.cn> (maintainer:LoongArch TCG CPUs)
 Cc: Laurent Vivier <laurent@vivier.eu> (maintainer:M68K TCG CPUs)
 Cc: Jiaxun Yang <jiaxun.yang@flygoat.com> (reviewer:MIPS TCG CPUs)
 Cc: Aleksandar Rikalo <aleksandar.rikalo@syrmia.com> (reviewer:MIPS TCG CPUs)
 Cc: Chris Wulff <crwulff@gmail.com> (maintainer:NiosII TCG CPUs)
 Cc: Marek Vasut <marex@denx.de> (maintainer:NiosII TCG CPUs)
 Cc: Stafford Horne <shorne@gmail.com> (odd fixer:OpenRISC TCG CPUs)
 Cc: Yoshinori Sato <ysato@users.sourceforge.jp> (reviewer:RENESAS RX CPUs)
 Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> (maintainer:SPARC TCG CPUs)
 Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> (maintainer:TriCore TCG CPUs)
 Cc: Max Filippov <jcmvbkbc@gmail.com> (maintainer:Xtensa TCG CPUs)
 Cc: qemu-arm@nongnu.org (open list:ARM TCG CPUs)
 Cc: qemu-ppc@nongnu.org (open list:PowerPC TCG CPUs)
 Cc: qemu-riscv@nongnu.org (open list:RISC-V TCG CPUs)
 Cc: qemu-s390x@nongnu.org (open list:S390 TCG CPUs)
 ---
  include/hw/core/cpu.h   |  3 +++
  target/alpha/cpu.c      |  9 +++++++++
  target/arm/cpu.c        | 13 +++++++++++++
  target/avr/cpu.c        |  8 ++++++++
  target/cris/cpu.c       |  8 ++++++++
  target/hexagon/cpu.c    |  8 ++++++++
  target/hppa/cpu.c       |  8 ++++++++
  target/i386/cpu.c       |  9 +++++++++
  target/loongarch/cpu.c  |  9 +++++++++
  target/m68k/cpu.c       |  8 ++++++++
  target/microblaze/cpu.c |  8 ++++++++
  target/mips/cpu.c       |  8 ++++++++
  target/nios2/cpu.c      |  9 +++++++++
  target/openrisc/cpu.c   |  8 ++++++++
  target/ppc/cpu_init.c   |  8 ++++++++
  target/riscv/cpu.c      | 13 +++++++++++++
  target/rx/cpu.c         |  8 ++++++++
  target/s390x/cpu.c      |  8 ++++++++
  target/sh4/cpu.c        |  8 ++++++++
  target/sparc/cpu.c      |  8 ++++++++
  target/tricore/cpu.c    |  9 +++++++++
  target/xtensa/cpu.c     |  8 ++++++++
 files changed, 186 insertions(+)
-diff --git a/tcg/s390x/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
+diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
 index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390x/tcg-target.c.inc
+--- a/include/hw/core/cpu.h
-+++ b/tcg/s390x/tcg-target.c.inc
++++ b/include/hw/core/cpu.h
-@@ -XXX,XX +XXX,XX @@ typedef enum S390Opcode {
+@@ -XXX,XX +XXX,XX @@ struct SysemuCPUOps;
-     RX_STC      = 0x42,
+  *       If the target behaviour here is anything other than "set
-     RX_STH      = 0x40,
+  *       the PC register to the value passed in" then the target must
+  *       also implement the synchronize_from_tb hook.
-+    VRX_VL      = 0xe706,
++ * @get_pc: Callback for getting the Program Counter register.
-+    VRX_VLLEZ   = 0xe704,
++ *       As above, with the semantics of the target architecture.
-+    VRX_VST     = 0xe70e,
+  * @gdb_read_register: Callback for letting GDB read a register.
-+    VRX_VSTEF   = 0xe70b,
+  * @gdb_write_register: Callback for letting GDB write a register.
-+    VRX_VSTEG   = 0xe70a,
+  * @gdb_adjust_breakpoint: Callback for adjusting the address of a
-+
+@@ -XXX,XX +XXX,XX @@ struct CPUClass {
-     NOP         = 0x0707,
+     void (*dump_state)(CPUState *cpu, FILE *, int flags);
- } S390Opcode;
+     int64_t (*get_arch_id)(CPUState *cpu);
+     void (*set_pc)(CPUState *cpu, vaddr value);
-@@ -XXX,XX +XXX,XX @@ static void * const qemu_st_helpers[(MO_SIZE | MO_BSWAP) + 1] = {
++    vaddr (*get_pc)(CPUState *cpu);
- static const tcg_insn_unit *tb_ret_addr;
+     int (*gdb_read_register)(CPUState *cpu, GByteArray *buf, int reg);
- uint64_t s390_facilities[3];
+     int (*gdb_write_register)(CPUState *cpu, uint8_t *buf, int reg);
+     vaddr (*gdb_adjust_breakpoint)(CPUState *cpu, vaddr addr);
-+static inline bool is_general_reg(TCGReg r)
+diff --git a/target/alpha/cpu.c b/target/alpha/cpu.c
-+{
+index XXXXXXX..XXXXXXX 100644
-+    return r <= TCG_REG_R15;
+--- a/target/alpha/cpu.c
-+}
++++ b/target/alpha/cpu.c
-+
+@@ -XXX,XX +XXX,XX @@ static void alpha_cpu_set_pc(CPUState *cs, vaddr value)
-+static inline bool is_vector_reg(TCGReg r)
+     cpu->env.pc = value;
-+{
+ }
-+    return r >= TCG_REG_V0 && r <= TCG_REG_V31;
-+}
++static vaddr alpha_cpu_get_pc(CPUState *cs)
-+
++{
- static bool patch_reloc(tcg_insn_unit *src_rw, int type,
++    AlphaCPU *cpu = ALPHA_CPU(cs);
-                         intptr_t value, intptr_t addend)
++
- {
++    return cpu->env.pc;
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_insn_RSY(TCGContext *s, S390Opcode op, TCGReg r1,
++}
- #define tcg_out_insn_RX   tcg_out_insn_RS
++
- #define tcg_out_insn_RXY  tcg_out_insn_RSY
++
+ static bool alpha_cpu_has_work(CPUState *cs)
-+static int RXB(TCGReg v1, TCGReg v2, TCGReg v3, TCGReg v4)
+ {
-+{
+     /* Here we are checking to see if the CPU should wake up from HALT.
-+    /*
+@@ -XXX,XX +XXX,XX @@ static void alpha_cpu_class_init(ObjectClass *oc, void *data)
-+     * Shift bit 4 of each regno to its corresponding bit of RXB.
+     cc->has_work = alpha_cpu_has_work;
-+     * RXB itself begins at bit 8 of the instruction so 8 - 4 = 4
+     cc->dump_state = alpha_cpu_dump_state;
-+     * is the left-shift of the 4th operand.
+     cc->set_pc = alpha_cpu_set_pc;
-+     */
++    cc->get_pc = alpha_cpu_get_pc;
-+    return ((v1 & 0x10) << (4 + 3))
+     cc->gdb_read_register = alpha_cpu_gdb_read_register;
-+         | ((v2 & 0x10) << (4 + 2))
+     cc->gdb_write_register = alpha_cpu_gdb_write_register;
-+         | ((v3 & 0x10) << (4 + 1))
+ #ifndef CONFIG_USER_ONLY
-+         | ((v4 & 0x10) << (4 + 0));
+diff --git a/target/arm/cpu.c b/target/arm/cpu.c
-+}
+index XXXXXXX..XXXXXXX 100644
-+
+--- a/target/arm/cpu.c
-+static void tcg_out_insn_VRX(TCGContext *s, S390Opcode op, TCGReg v1,
++++ b/target/arm/cpu.c
-+                             TCGReg b2, TCGReg x2, intptr_t d2, int m3)
+@@ -XXX,XX +XXX,XX @@ static void arm_cpu_set_pc(CPUState *cs, vaddr value)
 +{
 +    tcg_debug_assert(is_vector_reg(v1));
 +    tcg_debug_assert(d2 >= 0 && d2 <= 0xfff);
 +    tcg_debug_assert(is_general_reg(x2));
 +    tcg_debug_assert(is_general_reg(b2));
 +    tcg_out16(s, (op & 0xff00) | ((v1 & 0xf) << 4) | x2);
 +    tcg_out16(s, (b2 << 12) | d2);
 +    tcg_out16(s, (op & 0x00ff) | RXB(v1, 0, 0, 0) | (m3 << 12));
 +}
 +
  /* Emit an opcode with "type-checking" of the format.  */
  #define tcg_out_insn(S, FMT, OP, ...) \
      glue(tcg_out_insn_,FMT)(S, glue(glue(FMT,_),OP), ## __VA_ARGS__)
@@ -XXX,XX +XXX,XX @@ static void tcg_out_mem(TCGContext *s, S390Opcode opc_rx, S390Opcode opc_rxy,
      }
  }
-+static void tcg_out_vrx_mem(TCGContext *s, S390Opcode opc_vrx,
++static vaddr arm_cpu_get_pc(CPUState *cs)
-+                            TCGReg data, TCGReg base, TCGReg index,
++{
-+                            tcg_target_long ofs, int m3)
++    ARMCPU *cpu = ARM_CPU(cs);
-+{
++    CPUARMState *env = &cpu->env;
-+    if (ofs < 0 || ofs >= 0x1000) {
++
-+        if (ofs >= -0x80000 && ofs < 0x80000) {
++    if (is_a64(env)) {
-+            tcg_out_insn(s, RXY, LAY, TCG_TMP0, base, index, ofs);
++        return env->pc;
-+            base = TCG_TMP0;
++    } else {
-+            index = TCG_REG_NONE;
++        return env->regs[15];
 +            ofs = 0;
 +        } else {
 +            tcg_out_movi(s, TCG_TYPE_PTR, TCG_TMP0, ofs);
 +            if (index != TCG_REG_NONE) {
 +                tcg_out_insn(s, RRE, AGR, TCG_TMP0, index);
 +            }
 +            index = TCG_TMP0;
 +            ofs = 0;
 +        }
 +    }
-+    tcg_out_insn_VRX(s, opc_vrx, data, base, index, ofs, m3);
++}
-+}
++
+ #ifdef CONFIG_TCG
- /* load data without address translation or endianness conversion */
+ void arm_cpu_synchronize_from_tb(CPUState *cs,
--static inline void tcg_out_ld(TCGContext *s, TCGType type, TCGReg data,
+                                  const TranslationBlock *tb)
--                              TCGReg base, intptr_t ofs)
+@@ -XXX,XX +XXX,XX @@ static void arm_cpu_class_init(ObjectClass *oc, void *data)
-+static void tcg_out_ld(TCGContext *s, TCGType type, TCGReg data,
+     cc->has_work = arm_cpu_has_work;
-+                       TCGReg base, intptr_t ofs)
+     cc->dump_state = arm_cpu_dump_state;
- {
+     cc->set_pc = arm_cpu_set_pc;
--    if (type == TCG_TYPE_I32) {
++    cc->get_pc = arm_cpu_get_pc;
--        tcg_out_mem(s, RX_L, RXY_LY, data, base, TCG_REG_NONE, ofs);
+     cc->gdb_read_register = arm_cpu_gdb_read_register;
--    } else {
+     cc->gdb_write_register = arm_cpu_gdb_write_register;
--        tcg_out_mem(s, 0, RXY_LG, data, base, TCG_REG_NONE, ofs);
+ #ifndef CONFIG_USER_ONLY
-+    switch (type) {
+diff --git a/target/avr/cpu.c b/target/avr/cpu.c
-+    case TCG_TYPE_I32:
+index XXXXXXX..XXXXXXX 100644
-+        if (likely(is_general_reg(data))) {
+--- a/target/avr/cpu.c
-+            tcg_out_mem(s, RX_L, RXY_LY, data, base, TCG_REG_NONE, ofs);
++++ b/target/avr/cpu.c
-+            break;
+@@ -XXX,XX +XXX,XX @@ static void avr_cpu_set_pc(CPUState *cs, vaddr value)
-+        }
+     cpu->env.pc_w = value / 2; /* internally PC points to words */
-+        tcg_out_vrx_mem(s, VRX_VLLEZ, data, base, TCG_REG_NONE, ofs, MO_32);
+ }
-+        break;
-+
++static vaddr avr_cpu_get_pc(CPUState *cs)
-+    case TCG_TYPE_I64:
++{
-+        if (likely(is_general_reg(data))) {
++    AVRCPU *cpu = AVR_CPU(cs);
-+            tcg_out_mem(s, 0, RXY_LG, data, base, TCG_REG_NONE, ofs);
++
-+            break;
++    return cpu->env.pc_w * 2;
-+        }
++}
-+        /* fallthru */
++
-+
+ static bool avr_cpu_has_work(CPUState *cs)
-+    case TCG_TYPE_V64:
+ {
-+        tcg_out_vrx_mem(s, VRX_VLLEZ, data, base, TCG_REG_NONE, ofs, MO_64);
+     AVRCPU *cpu = AVR_CPU(cs);
-+        break;
+@@ -XXX,XX +XXX,XX @@ static void avr_cpu_class_init(ObjectClass *oc, void *data)
-+
+     cc->has_work = avr_cpu_has_work;
-+    case TCG_TYPE_V128:
+     cc->dump_state = avr_cpu_dump_state;
-+        /* Hint quadword aligned.  */
+     cc->set_pc = avr_cpu_set_pc;
-+        tcg_out_vrx_mem(s, VRX_VL, data, base, TCG_REG_NONE, ofs, 4);
++    cc->get_pc = avr_cpu_get_pc;
-+        break;
+     dc->vmsd = &vms_avr_cpu;
-+
+     cc->sysemu_ops = &avr_sysemu_ops;
-+    default:
+     cc->disas_set_info = avr_cpu_disas_set_info;
-+        g_assert_not_reached();
+diff --git a/target/cris/cpu.c b/target/cris/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/cris/cpu.c
 +++ b/target/cris/cpu.c
@@ -XXX,XX +XXX,XX @@ static void cris_cpu_set_pc(CPUState *cs, vaddr value)
      cpu->env.pc = value;
  }
 +static vaddr cris_cpu_get_pc(CPUState *cs)
 +{
 +    CRISCPU *cpu = CRIS_CPU(cs);
 +
 +    return cpu->env.pc;
 +}
 +
  static bool cris_cpu_has_work(CPUState *cs)
  {
      return cs->interrupt_request & (CPU_INTERRUPT_HARD | CPU_INTERRUPT_NMI);
@@ -XXX,XX +XXX,XX @@ static void cris_cpu_class_init(ObjectClass *oc, void *data)
      cc->has_work = cris_cpu_has_work;
      cc->dump_state = cris_cpu_dump_state;
      cc->set_pc = cris_cpu_set_pc;
 +    cc->get_pc = cris_cpu_get_pc;
      cc->gdb_read_register = cris_cpu_gdb_read_register;
      cc->gdb_write_register = cris_cpu_gdb_write_register;
  #ifndef CONFIG_USER_ONLY
 diff --git a/target/hexagon/cpu.c b/target/hexagon/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/hexagon/cpu.c
 +++ b/target/hexagon/cpu.c
@@ -XXX,XX +XXX,XX @@ static void hexagon_cpu_set_pc(CPUState *cs, vaddr value)
      env->gpr[HEX_REG_PC] = value;
  }
 +static vaddr hexagon_cpu_get_pc(CPUState *cs)
 +{
 +    HexagonCPU *cpu = HEXAGON_CPU(cs);
 +    CPUHexagonState *env = &cpu->env;
 +    return env->gpr[HEX_REG_PC];
 +}
 +
  static void hexagon_cpu_synchronize_from_tb(CPUState *cs,
                                              const TranslationBlock *tb)
  {
@@ -XXX,XX +XXX,XX @@ static void hexagon_cpu_class_init(ObjectClass *c, void *data)
      cc->has_work = hexagon_cpu_has_work;
      cc->dump_state = hexagon_dump_state;
      cc->set_pc = hexagon_cpu_set_pc;
 +    cc->get_pc = hexagon_cpu_get_pc;
      cc->gdb_read_register = hexagon_gdb_read_register;
      cc->gdb_write_register = hexagon_gdb_write_register;
      cc->gdb_num_core_regs = TOTAL_PER_THREAD_REGS + NUM_VREGS + NUM_QREGS;
 diff --git a/target/hppa/cpu.c b/target/hppa/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/hppa/cpu.c
 +++ b/target/hppa/cpu.c
@@ -XXX,XX +XXX,XX @@ static void hppa_cpu_set_pc(CPUState *cs, vaddr value)
      cpu->env.iaoq_b = value + 4;
  }
 +static vaddr hppa_cpu_get_pc(CPUState *cs)
 +{
 +    HPPACPU *cpu = HPPA_CPU(cs);
 +
 +    return cpu->env.iaoq_f;
 +}
 +
  static void hppa_cpu_synchronize_from_tb(CPUState *cs,
                                           const TranslationBlock *tb)
  {
@@ -XXX,XX +XXX,XX @@ static void hppa_cpu_class_init(ObjectClass *oc, void *data)
      cc->has_work = hppa_cpu_has_work;
      cc->dump_state = hppa_cpu_dump_state;
      cc->set_pc = hppa_cpu_set_pc;
 +    cc->get_pc = hppa_cpu_get_pc;
      cc->gdb_read_register = hppa_cpu_gdb_read_register;
      cc->gdb_write_register = hppa_cpu_gdb_write_register;
  #ifndef CONFIG_USER_ONLY
 diff --git a/target/i386/cpu.c b/target/i386/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/i386/cpu.c
 +++ b/target/i386/cpu.c
@@ -XXX,XX +XXX,XX @@ static void x86_cpu_set_pc(CPUState *cs, vaddr value)
      cpu->env.eip = value;
  }
 +static vaddr x86_cpu_get_pc(CPUState *cs)
 +{
 +    X86CPU *cpu = X86_CPU(cs);
 +
 +    /* Match cpu_get_tb_cpu_state. */
 +    return cpu->env.eip + cpu->env.segs[R_CS].base;
 +}
 +
  int x86_cpu_pending_interrupt(CPUState *cs, int interrupt_request)
  {
      X86CPU *cpu = X86_CPU(cs);
@@ -XXX,XX +XXX,XX @@ static void x86_cpu_common_class_init(ObjectClass *oc, void *data)
      cc->has_work = x86_cpu_has_work;
      cc->dump_state = x86_cpu_dump_state;
      cc->set_pc = x86_cpu_set_pc;
 +    cc->get_pc = x86_cpu_get_pc;
      cc->gdb_read_register = x86_cpu_gdb_read_register;
      cc->gdb_write_register = x86_cpu_gdb_write_register;
      cc->get_arch_id = x86_cpu_get_arch_id;
 diff --git a/target/loongarch/cpu.c b/target/loongarch/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/loongarch/cpu.c
 +++ b/target/loongarch/cpu.c
@@ -XXX,XX +XXX,XX @@ static void loongarch_cpu_set_pc(CPUState *cs, vaddr value)
      env->pc = value;
  }
 +static vaddr loongarch_cpu_get_pc(CPUState *cs)
 +{
 +    LoongArchCPU *cpu = LOONGARCH_CPU(cs);
 +    CPULoongArchState *env = &cpu->env;
 +
 +    return env->pc;
 +}
 +
  #ifndef CONFIG_USER_ONLY
  #include "hw/loongarch/virt.h"
@@ -XXX,XX +XXX,XX @@ static void loongarch_cpu_class_init(ObjectClass *c, void *data)
      cc->has_work = loongarch_cpu_has_work;
      cc->dump_state = loongarch_cpu_dump_state;
      cc->set_pc = loongarch_cpu_set_pc;
 +    cc->get_pc = loongarch_cpu_get_pc;
  #ifndef CONFIG_USER_ONLY
      dc->vmsd = &vmstate_loongarch_cpu;
      cc->sysemu_ops = &loongarch_sysemu_ops;
 diff --git a/target/m68k/cpu.c b/target/m68k/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/m68k/cpu.c
 +++ b/target/m68k/cpu.c
@@ -XXX,XX +XXX,XX @@ static void m68k_cpu_set_pc(CPUState *cs, vaddr value)
      cpu->env.pc = value;
  }
 +static vaddr m68k_cpu_get_pc(CPUState *cs)
 +{
 +    M68kCPU *cpu = M68K_CPU(cs);
 +
 +    return cpu->env.pc;
 +}
 +
  static bool m68k_cpu_has_work(CPUState *cs)
  {
      return cs->interrupt_request & CPU_INTERRUPT_HARD;
@@ -XXX,XX +XXX,XX @@ static void m68k_cpu_class_init(ObjectClass *c, void *data)
      cc->has_work = m68k_cpu_has_work;
      cc->dump_state = m68k_cpu_dump_state;
      cc->set_pc = m68k_cpu_set_pc;
 +    cc->get_pc = m68k_cpu_get_pc;
      cc->gdb_read_register = m68k_cpu_gdb_read_register;
      cc->gdb_write_register = m68k_cpu_gdb_write_register;
  #if defined(CONFIG_SOFTMMU)
 diff --git a/target/microblaze/cpu.c b/target/microblaze/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/microblaze/cpu.c
 +++ b/target/microblaze/cpu.c
@@ -XXX,XX +XXX,XX @@ static void mb_cpu_set_pc(CPUState *cs, vaddr value)
      cpu->env.iflags = 0;
  }
 +static vaddr mb_cpu_get_pc(CPUState *cs)
 +{
 +    MicroBlazeCPU *cpu = MICROBLAZE_CPU(cs);
 +
 +    return cpu->env.pc;
 +}
 +
  static void mb_cpu_synchronize_from_tb(CPUState *cs,
                                         const TranslationBlock *tb)
  {
@@ -XXX,XX +XXX,XX @@ static void mb_cpu_class_init(ObjectClass *oc, void *data)
      cc->dump_state = mb_cpu_dump_state;
      cc->set_pc = mb_cpu_set_pc;
 +    cc->get_pc = mb_cpu_get_pc;
      cc->gdb_read_register = mb_cpu_gdb_read_register;
      cc->gdb_write_register = mb_cpu_gdb_write_register;
 diff --git a/target/mips/cpu.c b/target/mips/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/mips/cpu.c
 +++ b/target/mips/cpu.c
@@ -XXX,XX +XXX,XX @@ static void mips_cpu_set_pc(CPUState *cs, vaddr value)
      mips_env_set_pc(&cpu->env, value);
  }
 +static vaddr mips_cpu_get_pc(CPUState *cs)
 +{
 +    MIPSCPU *cpu = MIPS_CPU(cs);
 +
 +    return cpu->env.active_tc.PC;
 +}
 +
  static bool mips_cpu_has_work(CPUState *cs)
  {
      MIPSCPU *cpu = MIPS_CPU(cs);
@@ -XXX,XX +XXX,XX @@ static void mips_cpu_class_init(ObjectClass *c, void *data)
      cc->has_work = mips_cpu_has_work;
      cc->dump_state = mips_cpu_dump_state;
      cc->set_pc = mips_cpu_set_pc;
 +    cc->get_pc = mips_cpu_get_pc;
      cc->gdb_read_register = mips_cpu_gdb_read_register;
      cc->gdb_write_register = mips_cpu_gdb_write_register;
  #ifndef CONFIG_USER_ONLY
 diff --git a/target/nios2/cpu.c b/target/nios2/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/nios2/cpu.c
 +++ b/target/nios2/cpu.c
@@ -XXX,XX +XXX,XX @@ static void nios2_cpu_set_pc(CPUState *cs, vaddr value)
      env->pc = value;
  }
 +static vaddr nios2_cpu_get_pc(CPUState *cs)
 +{
 +    Nios2CPU *cpu = NIOS2_CPU(cs);
 +    CPUNios2State *env = &cpu->env;
 +
 +    return env->pc;
 +}
 +
  static bool nios2_cpu_has_work(CPUState *cs)
  {
      return cs->interrupt_request & CPU_INTERRUPT_HARD;
@@ -XXX,XX +XXX,XX @@ static void nios2_cpu_class_init(ObjectClass *oc, void *data)
      cc->has_work = nios2_cpu_has_work;
      cc->dump_state = nios2_cpu_dump_state;
      cc->set_pc = nios2_cpu_set_pc;
 +    cc->get_pc = nios2_cpu_get_pc;
      cc->disas_set_info = nios2_cpu_disas_set_info;
  #ifndef CONFIG_USER_ONLY
      cc->sysemu_ops = &nios2_sysemu_ops;
 diff --git a/target/openrisc/cpu.c b/target/openrisc/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/openrisc/cpu.c
 +++ b/target/openrisc/cpu.c
@@ -XXX,XX +XXX,XX @@ static void openrisc_cpu_set_pc(CPUState *cs, vaddr value)
      cpu->env.dflag = 0;
  }
 +static vaddr openrisc_cpu_get_pc(CPUState *cs)
 +{
 +    OpenRISCCPU *cpu = OPENRISC_CPU(cs);
 +
 +    return cpu->env.pc;
 +}
 +
  static void openrisc_cpu_synchronize_from_tb(CPUState *cs,
                                               const TranslationBlock *tb)
  {
@@ -XXX,XX +XXX,XX @@ static void openrisc_cpu_class_init(ObjectClass *oc, void *data)
      cc->has_work = openrisc_cpu_has_work;
      cc->dump_state = openrisc_cpu_dump_state;
      cc->set_pc = openrisc_cpu_set_pc;
 +    cc->get_pc = openrisc_cpu_get_pc;
      cc->gdb_read_register = openrisc_cpu_gdb_read_register;
      cc->gdb_write_register = openrisc_cpu_gdb_write_register;
  #ifndef CONFIG_USER_ONLY
 diff --git a/target/ppc/cpu_init.c b/target/ppc/cpu_init.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/ppc/cpu_init.c
 +++ b/target/ppc/cpu_init.c
@@ -XXX,XX +XXX,XX @@ static void ppc_cpu_set_pc(CPUState *cs, vaddr value)
      cpu->env.nip = value;
  }
 +static vaddr ppc_cpu_get_pc(CPUState *cs)
 +{
 +    PowerPCCPU *cpu = POWERPC_CPU(cs);
 +
 +    return cpu->env.nip;
 +}
 +
  static bool ppc_cpu_has_work(CPUState *cs)
  {
      PowerPCCPU *cpu = POWERPC_CPU(cs);
@@ -XXX,XX +XXX,XX @@ static void ppc_cpu_class_init(ObjectClass *oc, void *data)
      cc->has_work = ppc_cpu_has_work;
      cc->dump_state = ppc_cpu_dump_state;
      cc->set_pc = ppc_cpu_set_pc;
 +    cc->get_pc = ppc_cpu_get_pc;
      cc->gdb_read_register = ppc_cpu_gdb_read_register;
      cc->gdb_write_register = ppc_cpu_gdb_write_register;
  #ifndef CONFIG_USER_ONLY
 diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/riscv/cpu.c
 +++ b/target/riscv/cpu.c
@@ -XXX,XX +XXX,XX @@ static void riscv_cpu_set_pc(CPUState *cs, vaddr value)
      }
  }
--static inline void tcg_out_st(TCGContext *s, TCGType type, TCGReg data,
++static vaddr riscv_cpu_get_pc(CPUState *cs)
--                              TCGReg base, intptr_t ofs)
++{
-+static void tcg_out_st(TCGContext *s, TCGType type, TCGReg data,
++    RISCVCPU *cpu = RISCV_CPU(cs);
-+                       TCGReg base, intptr_t ofs)
++    CPURISCVState *env = &cpu->env;
- {
++
--    if (type == TCG_TYPE_I32) {
++    /* Match cpu_get_tb_cpu_state. */
--        tcg_out_mem(s, RX_ST, RXY_STY, data, base, TCG_REG_NONE, ofs);
++    if (env->xl == MXL_RV32) {
--    } else {
++        return env->pc & UINT32_MAX;
--        tcg_out_mem(s, 0, RXY_STG, data, base, TCG_REG_NONE, ofs);
++    }
-+    switch (type) {
++    return env->pc;
-+    case TCG_TYPE_I32:
++}
-+        if (likely(is_general_reg(data))) {
++
-+            tcg_out_mem(s, RX_ST, RXY_STY, data, base, TCG_REG_NONE, ofs);
+ static void riscv_cpu_synchronize_from_tb(CPUState *cs,
-+        } else {
+                                           const TranslationBlock *tb)
-+            tcg_out_vrx_mem(s, VRX_VSTEF, data, base, TCG_REG_NONE, ofs, 1);
+ {
-+        }
+@@ -XXX,XX +XXX,XX @@ static void riscv_cpu_class_init(ObjectClass *c, void *data)
-+        break;
+     cc->has_work = riscv_cpu_has_work;
-+
+     cc->dump_state = riscv_cpu_dump_state;
-+    case TCG_TYPE_I64:
+     cc->set_pc = riscv_cpu_set_pc;
-+        if (likely(is_general_reg(data))) {
++    cc->get_pc = riscv_cpu_get_pc;
-+            tcg_out_mem(s, 0, RXY_STG, data, base, TCG_REG_NONE, ofs);
+     cc->gdb_read_register = riscv_cpu_gdb_read_register;
-+            break;
+     cc->gdb_write_register = riscv_cpu_gdb_write_register;
-+        }
+     cc->gdb_num_core_regs = 33;
-+        /* fallthru */
+diff --git a/target/rx/cpu.c b/target/rx/cpu.c
-+
+index XXXXXXX..XXXXXXX 100644
-+    case TCG_TYPE_V64:
+--- a/target/rx/cpu.c
-+        tcg_out_vrx_mem(s, VRX_VSTEG, data, base, TCG_REG_NONE, ofs, 0);
++++ b/target/rx/cpu.c
-+        break;
+@@ -XXX,XX +XXX,XX @@ static void rx_cpu_set_pc(CPUState *cs, vaddr value)
-+
+     cpu->env.pc = value;
-+    case TCG_TYPE_V128:
+ }
-+        /* Hint quadword aligned.  */
-+        tcg_out_vrx_mem(s, VRX_VST, data, base, TCG_REG_NONE, ofs, 4);
++static vaddr rx_cpu_get_pc(CPUState *cs)
-+        break;
++{
-+
++    RXCPU *cpu = RX_CPU(cs);
-+    default:
++
-+        g_assert_not_reached();
++    return cpu->env.pc;
-     }
++}
- }
++
+ static void rx_cpu_synchronize_from_tb(CPUState *cs,
                                         const TranslationBlock *tb)
  {
@@ -XXX,XX +XXX,XX @@ static void rx_cpu_class_init(ObjectClass *klass, void *data)
      cc->has_work = rx_cpu_has_work;
      cc->dump_state = rx_cpu_dump_state;
      cc->set_pc = rx_cpu_set_pc;
 +    cc->get_pc = rx_cpu_get_pc;
  #ifndef CONFIG_USER_ONLY
      cc->sysemu_ops = &rx_sysemu_ops;
 diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/s390x/cpu.c
 +++ b/target/s390x/cpu.c
@@ -XXX,XX +XXX,XX @@ static void s390_cpu_set_pc(CPUState *cs, vaddr value)
      cpu->env.psw.addr = value;
  }
 +static vaddr s390_cpu_get_pc(CPUState *cs)
 +{
 +    S390CPU *cpu = S390_CPU(cs);
 +
 +    return cpu->env.psw.addr;
 +}
 +
  static bool s390_cpu_has_work(CPUState *cs)
  {
      S390CPU *cpu = S390_CPU(cs);
@@ -XXX,XX +XXX,XX @@ static void s390_cpu_class_init(ObjectClass *oc, void *data)
      cc->has_work = s390_cpu_has_work;
      cc->dump_state = s390_cpu_dump_state;
      cc->set_pc = s390_cpu_set_pc;
 +    cc->get_pc = s390_cpu_get_pc;
      cc->gdb_read_register = s390_cpu_gdb_read_register;
      cc->gdb_write_register = s390_cpu_gdb_write_register;
  #ifndef CONFIG_USER_ONLY
 diff --git a/target/sh4/cpu.c b/target/sh4/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/sh4/cpu.c
 +++ b/target/sh4/cpu.c
@@ -XXX,XX +XXX,XX @@ static void superh_cpu_set_pc(CPUState *cs, vaddr value)
      cpu->env.pc = value;
  }
 +static vaddr superh_cpu_get_pc(CPUState *cs)
 +{
 +    SuperHCPU *cpu = SUPERH_CPU(cs);
 +
 +    return cpu->env.pc;
 +}
 +
  static void superh_cpu_synchronize_from_tb(CPUState *cs,
                                             const TranslationBlock *tb)
  {
@@ -XXX,XX +XXX,XX @@ static void superh_cpu_class_init(ObjectClass *oc, void *data)
      cc->has_work = superh_cpu_has_work;
      cc->dump_state = superh_cpu_dump_state;
      cc->set_pc = superh_cpu_set_pc;
 +    cc->get_pc = superh_cpu_get_pc;
      cc->gdb_read_register = superh_cpu_gdb_read_register;
      cc->gdb_write_register = superh_cpu_gdb_write_register;
  #ifndef CONFIG_USER_ONLY
 diff --git a/target/sparc/cpu.c b/target/sparc/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/sparc/cpu.c
 +++ b/target/sparc/cpu.c
@@ -XXX,XX +XXX,XX @@ static void sparc_cpu_set_pc(CPUState *cs, vaddr value)
      cpu->env.npc = value + 4;
  }
 +static vaddr sparc_cpu_get_pc(CPUState *cs)
 +{
 +    SPARCCPU *cpu = SPARC_CPU(cs);
 +
 +    return cpu->env.pc;
 +}
 +
  static void sparc_cpu_synchronize_from_tb(CPUState *cs,
                                            const TranslationBlock *tb)
  {
@@ -XXX,XX +XXX,XX @@ static void sparc_cpu_class_init(ObjectClass *oc, void *data)
      cc->memory_rw_debug = sparc_cpu_memory_rw_debug;
  #endif
      cc->set_pc = sparc_cpu_set_pc;
 +    cc->get_pc = sparc_cpu_get_pc;
      cc->gdb_read_register = sparc_cpu_gdb_read_register;
      cc->gdb_write_register = sparc_cpu_gdb_write_register;
  #ifndef CONFIG_USER_ONLY
 diff --git a/target/tricore/cpu.c b/target/tricore/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/tricore/cpu.c
 +++ b/target/tricore/cpu.c
@@ -XXX,XX +XXX,XX @@ static void tricore_cpu_set_pc(CPUState *cs, vaddr value)
      env->PC = value & ~(target_ulong)1;
  }
 +static vaddr tricore_cpu_get_pc(CPUState *cs)
 +{
 +    TriCoreCPU *cpu = TRICORE_CPU(cs);
 +    CPUTriCoreState *env = &cpu->env;
 +
 +    return env->PC;
 +}
 +
  static void tricore_cpu_synchronize_from_tb(CPUState *cs,
                                              const TranslationBlock *tb)
  {
@@ -XXX,XX +XXX,XX @@ static void tricore_cpu_class_init(ObjectClass *c, void *data)
      cc->dump_state = tricore_cpu_dump_state;
      cc->set_pc = tricore_cpu_set_pc;
 +    cc->get_pc = tricore_cpu_get_pc;
      cc->sysemu_ops = &tricore_sysemu_ops;
      cc->tcg_ops = &tricore_tcg_ops;
  }
 diff --git a/target/xtensa/cpu.c b/target/xtensa/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/xtensa/cpu.c
 +++ b/target/xtensa/cpu.c
@@ -XXX,XX +XXX,XX @@ static void xtensa_cpu_set_pc(CPUState *cs, vaddr value)
      cpu->env.pc = value;
  }
 +static vaddr xtensa_cpu_get_pc(CPUState *cs)
 +{
 +    XtensaCPU *cpu = XTENSA_CPU(cs);
 +
 +    return cpu->env.pc;
 +}
 +
  static bool xtensa_cpu_has_work(CPUState *cs)
  {
  #ifndef CONFIG_USER_ONLY
@@ -XXX,XX +XXX,XX @@ static void xtensa_cpu_class_init(ObjectClass *oc, void *data)
      cc->has_work = xtensa_cpu_has_work;
      cc->dump_state = xtensa_cpu_dump_state;
      cc->set_pc = xtensa_cpu_set_pc;
 +    cc->get_pc = xtensa_cpu_get_pc;
      cc->gdb_read_register = xtensa_cpu_gdb_read_register;
      cc->gdb_write_register = xtensa_cpu_gdb_write_register;
      cc->gdb_stop_before_watchpoint = true;
 --
-.25.1
+.34.1

-[PULL 03/28] tcg: add dup_const_tl wrapper
+[PULL 17/20] accel/tcg: Introduce tb_pc and log_pc
-From: Philipp Tomsich <philipp.tomsich@vrull.eu>
+The availability of tb->pc will shortly be conditional.
 Introduce accessor functions to minimize ifdefs.
-dup_const always generates a uint64_t, which may exceed the size of a
+Pass around a known pc to places like tcg_gen_code,
-target_long (generating warnings with recent-enough compilers).
+where the caller must already have the value.
-To ensure that we can use dup_const both for 64bit and 32bit targets,
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
 this adds dup_const_tl, which either maps back to dup_const (for 64bit
 targets) or provides a similar implementation using 32bit constants.
 Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
 Signed-off-by: Philipp Tomsich <philipp.tomsich@vrull.eu>
 Message-Id: <20211003214243.3813425-1-philipp.tomsich@vrull.eu>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- include/tcg/tcg.h | 12 ++++++++++++
+ accel/tcg/internal.h                    |  6 ++++
-file changed, 12 insertions(+)
+ include/exec/exec-all.h                 |  6 ++++
  include/tcg/tcg.h                       |  2 +-
  accel/tcg/cpu-exec.c                    | 46 ++++++++++++++-----------
  accel/tcg/translate-all.c               | 37 +++++++++++---------
  target/arm/cpu.c                        |  4 +--
  target/avr/cpu.c                        |  2 +-
  target/hexagon/cpu.c                    |  2 +-
  target/hppa/cpu.c                       |  4 +--
  target/i386/tcg/tcg-cpu.c               |  2 +-
  target/loongarch/cpu.c                  |  2 +-
  target/microblaze/cpu.c                 |  2 +-
  target/mips/tcg/exception.c             |  2 +-
  target/mips/tcg/sysemu/special_helper.c |  2 +-
  target/openrisc/cpu.c                   |  2 +-
  target/riscv/cpu.c                      |  4 +--
  target/rx/cpu.c                         |  2 +-
  target/sh4/cpu.c                        |  4 +--
  target/sparc/cpu.c                      |  2 +-
  target/tricore/cpu.c                    |  2 +-
  tcg/tcg.c                               |  8 ++---
 files changed, 82 insertions(+), 61 deletions(-)
+diff --git a/accel/tcg/internal.h b/accel/tcg/internal.h
+index XXXXXXX..XXXXXXX 100644
+--- a/accel/tcg/internal.h
++++ b/accel/tcg/internal.h
+@@ -XXX,XX +XXX,XX @@ G_NORETURN void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr);
+ void page_init(void);
+ void tb_htable_init(void);
++/* Return the current PC from CPU, which may be cached in TB. */
++static inline target_ulong log_pc(CPUState *cpu, const TranslationBlock *tb)
++{
++    return tb_pc(tb);
++}
++
+ #endif /* ACCEL_TCG_INTERNAL_H */
+diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
+index XXXXXXX..XXXXXXX 100644
+--- a/include/exec/exec-all.h
++++ b/include/exec/exec-all.h
+@@ -XXX,XX +XXX,XX @@ struct TranslationBlock {
+     uintptr_t jmp_dest[2];
+ };
++/* Hide the read to avoid ifdefs for TARGET_TB_PCREL. */
++static inline target_ulong tb_pc(const TranslationBlock *tb)
++{
++    return tb->pc;
++}
++
+ /* Hide the qatomic_read to make code a little easier on the eyes */
+ static inline uint32_t tb_cflags(const TranslationBlock *tb)
+ {
 diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/tcg/tcg.h
 +++ b/include/tcg/tcg.h
-@@ -XXX,XX +XXX,XX @@ uint64_t dup_const(unsigned vece, uint64_t c);
+@@ -XXX,XX +XXX,XX @@ void tcg_register_thread(void);
-         : (qemu_build_not_reached_always(), 0))                    \
+ void tcg_prologue_init(TCGContext *s);
-      : dup_const(VECE, C))
+ void tcg_func_start(TCGContext *s);
-+#if TARGET_LONG_BITS == 64
+-int tcg_gen_code(TCGContext *s, TranslationBlock *tb);
-+# define dup_const_tl  dup_const
++int tcg_gen_code(TCGContext *s, TranslationBlock *tb, target_ulong pc_start);
-+#else
-+# define dup_const_tl(VECE, C)                                     \
+ void tcg_set_frame(TCGContext *s, TCGReg reg, intptr_t start, intptr_t size);
-+    (__builtin_constant_p(VECE)                                    \
-+     ? (  (VECE) == MO_8  ? 0x01010101ul * (uint8_t)(C)            \
+diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
-+        : (VECE) == MO_16 ? 0x00010001ul * (uint16_t)(C)           \
+index XXXXXXX..XXXXXXX 100644
-+        : (VECE) == MO_32 ? 0x00000001ul * (uint32_t)(C)           \
+--- a/accel/tcg/cpu-exec.c
-+        : (qemu_build_not_reached_always(), 0))                    \
++++ b/accel/tcg/cpu-exec.c
-+     :  (target_long)dup_const(VECE, C))
+@@ -XXX,XX +XXX,XX @@ static bool tb_lookup_cmp(const void *p, const void *d)
-+#endif
+     const TranslationBlock *tb = p;
      const struct tb_desc *desc = d;
 -    if (tb->pc == desc->pc &&
 +    if (tb_pc(tb) == desc->pc &&
          tb->page_addr[0] == desc->page_addr0 &&
          tb->cs_base == desc->cs_base &&
          tb->flags == desc->flags &&
@@ -XXX,XX +XXX,XX @@ static inline TranslationBlock *tb_lookup(CPUState *cpu, target_ulong pc,
      return tb;
  }
 -static inline void log_cpu_exec(target_ulong pc, CPUState *cpu,
 -                                const TranslationBlock *tb)
 +static void log_cpu_exec(target_ulong pc, CPUState *cpu,
 +                         const TranslationBlock *tb)
  {
 -    if (unlikely(qemu_loglevel_mask(CPU_LOG_TB_CPU | CPU_LOG_EXEC))
 -        && qemu_log_in_addr_range(pc)) {
 -
 +    if (qemu_log_in_addr_range(pc)) {
          qemu_log_mask(CPU_LOG_EXEC,
                        "Trace %d: %p [" TARGET_FMT_lx
                        "/" TARGET_FMT_lx "/%08x/%08x] %s\n",
@@ -XXX,XX +XXX,XX @@ const void *HELPER(lookup_tb_ptr)(CPUArchState *env)
          return tcg_code_gen_epilogue;
      }
 -    log_cpu_exec(pc, cpu, tb);
 +    if (qemu_loglevel_mask(CPU_LOG_TB_CPU | CPU_LOG_EXEC)) {
 +        log_cpu_exec(pc, cpu, tb);
 +    }
      return tb->tc.ptr;
  }
@@ -XXX,XX +XXX,XX @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit)
      TranslationBlock *last_tb;
      const void *tb_ptr = itb->tc.ptr;
 -    log_cpu_exec(itb->pc, cpu, itb);
 +    if (qemu_loglevel_mask(CPU_LOG_TB_CPU | CPU_LOG_EXEC)) {
 +        log_cpu_exec(log_pc(cpu, itb), cpu, itb);
 +    }
      qemu_thread_jit_execute();
      ret = tcg_qemu_tb_exec(env, tb_ptr);
@@ -XXX,XX +XXX,XX @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit)
           * of the start of the TB.
           */
          CPUClass *cc = CPU_GET_CLASS(cpu);
 -        qemu_log_mask_and_addr(CPU_LOG_EXEC, last_tb->pc,
 -                               "Stopped execution of TB chain before %p ["
 -                               TARGET_FMT_lx "] %s\n",
 -                               last_tb->tc.ptr, last_tb->pc,
 -                               lookup_symbol(last_tb->pc));
 +
- /*
+         if (cc->tcg_ops->synchronize_from_tb) {
-  * Memory helpers that will be used by TCG generated code.
+             cc->tcg_ops->synchronize_from_tb(cpu, last_tb);
-  */
+         } else {
              assert(cc->set_pc);
 -            cc->set_pc(cpu, last_tb->pc);
 +            cc->set_pc(cpu, tb_pc(last_tb));
 +        }
 +        if (qemu_loglevel_mask(CPU_LOG_EXEC)) {
 +            target_ulong pc = log_pc(cpu, last_tb);
 +            if (qemu_log_in_addr_range(pc)) {
 +                qemu_log("Stopped execution of TB chain before %p ["
 +                         TARGET_FMT_lx "] %s\n",
 +                         last_tb->tc.ptr, pc, lookup_symbol(pc));
 +            }
          }
      }
@@ -XXX,XX +XXX,XX @@ static inline void tb_add_jump(TranslationBlock *tb, int n,
      qemu_spin_unlock(&tb_next->jmp_lock);
 -    qemu_log_mask_and_addr(CPU_LOG_EXEC, tb->pc,
 -                           "Linking TBs %p [" TARGET_FMT_lx
 -                           "] index %d -> %p [" TARGET_FMT_lx "]\n",
 -                           tb->tc.ptr, tb->pc, n,
 -                           tb_next->tc.ptr, tb_next->pc);
 +    qemu_log_mask(CPU_LOG_EXEC, "Linking TBs %p index %d -> %p\n",
 +                  tb->tc.ptr, n, tb_next->tc.ptr);
      return;
   out_unlock_next:
@@ -XXX,XX +XXX,XX @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
  }
  static inline void cpu_loop_exec_tb(CPUState *cpu, TranslationBlock *tb,
 +                                    target_ulong pc,
                                      TranslationBlock **last_tb, int *tb_exit)
  {
      int32_t insns_left;
 -    trace_exec_tb(tb, tb->pc);
 +    trace_exec_tb(tb, pc);
      tb = cpu_tb_exec(cpu, tb, tb_exit);
      if (*tb_exit != TB_EXIT_REQUESTED) {
          *last_tb = tb;
@@ -XXX,XX +XXX,XX @@ int cpu_exec(CPUState *cpu)
                  tb_add_jump(last_tb, tb_exit, tb);
              }
 -            cpu_loop_exec_tb(cpu, tb, &last_tb, &tb_exit);
 +            cpu_loop_exec_tb(cpu, tb, pc, &last_tb, &tb_exit);
              /* Try to align the host and virtual clocks
                 if the guest is in advance */
 diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/translate-all.c
 +++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ static int encode_search(TranslationBlock *tb, uint8_t *block)
          for (j = 0; j < TARGET_INSN_START_WORDS; ++j) {
              if (i == 0) {
 -                prev = (j == 0 ? tb->pc : 0);
 +                prev = (j == 0 ? tb_pc(tb) : 0);
              } else {
                  prev = tcg_ctx->gen_insn_data[i - 1][j];
              }
@@ -XXX,XX +XXX,XX @@ static int encode_search(TranslationBlock *tb, uint8_t *block)
  static int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
                                       uintptr_t searched_pc, bool reset_icount)
  {
 -    target_ulong data[TARGET_INSN_START_WORDS] = { tb->pc };
 +    target_ulong data[TARGET_INSN_START_WORDS] = { tb_pc(tb) };
      uintptr_t host_pc = (uintptr_t)tb->tc.ptr;
      CPUArchState *env = cpu->env_ptr;
      const uint8_t *p = tb->tc.ptr + tb->tc.size;
@@ -XXX,XX +XXX,XX @@ static bool tb_cmp(const void *ap, const void *bp)
      const TranslationBlock *a = ap;
      const TranslationBlock *b = bp;
 -    return a->pc == b->pc &&
 +    return tb_pc(a) == tb_pc(b) &&
          a->cs_base == b->cs_base &&
          a->flags == b->flags &&
          (tb_cflags(a) & ~CF_INVALID) == (tb_cflags(b) & ~CF_INVALID) &&
@@ -XXX,XX +XXX,XX @@ static void do_tb_invalidate_check(void *p, uint32_t hash, void *userp)
      TranslationBlock *tb = p;
      target_ulong addr = *(target_ulong *)userp;
 -    if (!(addr + TARGET_PAGE_SIZE <= tb->pc || addr >= tb->pc + tb->size)) {
 +    if (!(addr + TARGET_PAGE_SIZE <= tb_pc(tb) ||
 +          addr >= tb_pc(tb) + tb->size)) {
          printf("ERROR invalidate: address=" TARGET_FMT_lx
 -               " PC=%08lx size=%04x\n", addr, (long)tb->pc, tb->size);
 +               " PC=%08lx size=%04x\n", addr, (long)tb_pc(tb), tb->size);
      }
  }
@@ -XXX,XX +XXX,XX @@ static void do_tb_page_check(void *p, uint32_t hash, void *userp)
      TranslationBlock *tb = p;
      int flags1, flags2;
 -    flags1 = page_get_flags(tb->pc);
 -    flags2 = page_get_flags(tb->pc + tb->size - 1);
 +    flags1 = page_get_flags(tb_pc(tb));
 +    flags2 = page_get_flags(tb_pc(tb) + tb->size - 1);
      if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
          printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
 -               (long)tb->pc, tb->size, flags1, flags2);
 +               (long)tb_pc(tb), tb->size, flags1, flags2);
      }
  }
@@ -XXX,XX +XXX,XX @@ static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list)
      /* remove the TB from the hash list */
      phys_pc = tb->page_addr[0];
 -    h = tb_hash_func(phys_pc, tb->pc, tb->flags, orig_cflags,
 +    h = tb_hash_func(phys_pc, tb_pc(tb), tb->flags, orig_cflags,
                       tb->trace_vcpu_dstate);
      if (!qht_remove(&tb_ctx.htable, tb, h)) {
          return;
@@ -XXX,XX +XXX,XX @@ tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
      }
      /* add in the hash table */
 -    h = tb_hash_func(phys_pc, tb->pc, tb->flags, tb->cflags,
 +    h = tb_hash_func(phys_pc, tb_pc(tb), tb->flags, tb->cflags,
                       tb->trace_vcpu_dstate);
      qht_insert(&tb_ctx.htable, tb, h, &existing_tb);
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
      tcg_ctx->cpu = NULL;
      max_insns = tb->icount;
 -    trace_translate_block(tb, tb->pc, tb->tc.ptr);
 +    trace_translate_block(tb, pc, tb->tc.ptr);
      /* generate machine code */
      tb->jmp_reset_offset[0] = TB_JMP_RESET_OFFSET_INVALID;
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
      ti = profile_getclock();
  #endif
 -    gen_code_size = tcg_gen_code(tcg_ctx, tb);
 +    gen_code_size = tcg_gen_code(tcg_ctx, tb, pc);
      if (unlikely(gen_code_size < 0)) {
   error_return:
          switch (gen_code_size) {
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
  #ifdef DEBUG_DISAS
      if (qemu_loglevel_mask(CPU_LOG_TB_OUT_ASM) &&
 -        qemu_log_in_addr_range(tb->pc)) {
 +        qemu_log_in_addr_range(pc)) {
          FILE *logfile = qemu_log_trylock();
          if (logfile) {
              int code_size, data_size;
@@ -XXX,XX +XXX,XX @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
       */
      cpu->cflags_next_tb = curr_cflags(cpu) | CF_MEMI_ONLY | CF_LAST_IO | n;
 -    qemu_log_mask_and_addr(CPU_LOG_EXEC, tb->pc,
 -                           "cpu_io_recompile: rewound execution of TB to "
 -                           TARGET_FMT_lx "\n", tb->pc);
 +    if (qemu_loglevel_mask(CPU_LOG_EXEC)) {
 +        target_ulong pc = log_pc(cpu, tb);
 +        if (qemu_log_in_addr_range(pc)) {
 +            qemu_log("cpu_io_recompile: rewound execution of TB to "
 +                     TARGET_FMT_lx "\n", pc);
 +        }
 +    }
      cpu_loop_exit_noexc(cpu);
  }
 diff --git a/target/arm/cpu.c b/target/arm/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/cpu.c
 +++ b/target/arm/cpu.c
@@ -XXX,XX +XXX,XX @@ void arm_cpu_synchronize_from_tb(CPUState *cs,
       * never possible for an AArch64 TB to chain to an AArch32 TB.
       */
      if (is_a64(env)) {
 -        env->pc = tb->pc;
 +        env->pc = tb_pc(tb);
      } else {
 -        env->regs[15] = tb->pc;
 +        env->regs[15] = tb_pc(tb);
      }
  }
  #endif /* CONFIG_TCG */
 diff --git a/target/avr/cpu.c b/target/avr/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/avr/cpu.c
 +++ b/target/avr/cpu.c
@@ -XXX,XX +XXX,XX @@ static void avr_cpu_synchronize_from_tb(CPUState *cs,
      AVRCPU *cpu = AVR_CPU(cs);
      CPUAVRState *env = &cpu->env;
 -    env->pc_w = tb->pc / 2; /* internally PC points to words */
 +    env->pc_w = tb_pc(tb) / 2; /* internally PC points to words */
  }
  static void avr_cpu_reset(DeviceState *ds)
 diff --git a/target/hexagon/cpu.c b/target/hexagon/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/hexagon/cpu.c
 +++ b/target/hexagon/cpu.c
@@ -XXX,XX +XXX,XX @@ static void hexagon_cpu_synchronize_from_tb(CPUState *cs,
  {
      HexagonCPU *cpu = HEXAGON_CPU(cs);
      CPUHexagonState *env = &cpu->env;
 -    env->gpr[HEX_REG_PC] = tb->pc;
 +    env->gpr[HEX_REG_PC] = tb_pc(tb);
  }
  static bool hexagon_cpu_has_work(CPUState *cs)
 diff --git a/target/hppa/cpu.c b/target/hppa/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/hppa/cpu.c
 +++ b/target/hppa/cpu.c
@@ -XXX,XX +XXX,XX @@ static void hppa_cpu_synchronize_from_tb(CPUState *cs,
      HPPACPU *cpu = HPPA_CPU(cs);
  #ifdef CONFIG_USER_ONLY
 -    cpu->env.iaoq_f = tb->pc;
 +    cpu->env.iaoq_f = tb_pc(tb);
      cpu->env.iaoq_b = tb->cs_base;
  #else
      /* Recover the IAOQ values from the GVA + PRIV.  */
@@ -XXX,XX +XXX,XX @@ static void hppa_cpu_synchronize_from_tb(CPUState *cs,
      int32_t diff = cs_base;
      cpu->env.iasq_f = iasq_f;
 -    cpu->env.iaoq_f = (tb->pc & ~iasq_f) + priv;
 +    cpu->env.iaoq_f = (tb_pc(tb) & ~iasq_f) + priv;
      if (diff) {
          cpu->env.iaoq_b = cpu->env.iaoq_f + diff;
      }
 diff --git a/target/i386/tcg/tcg-cpu.c b/target/i386/tcg/tcg-cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/i386/tcg/tcg-cpu.c
 +++ b/target/i386/tcg/tcg-cpu.c
@@ -XXX,XX +XXX,XX @@ static void x86_cpu_synchronize_from_tb(CPUState *cs,
  {
      X86CPU *cpu = X86_CPU(cs);
 -    cpu->env.eip = tb->pc - tb->cs_base;
 +    cpu->env.eip = tb_pc(tb) - tb->cs_base;
  }
  #ifndef CONFIG_USER_ONLY
 diff --git a/target/loongarch/cpu.c b/target/loongarch/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/loongarch/cpu.c
 +++ b/target/loongarch/cpu.c
@@ -XXX,XX +XXX,XX @@ static void loongarch_cpu_synchronize_from_tb(CPUState *cs,
      LoongArchCPU *cpu = LOONGARCH_CPU(cs);
      CPULoongArchState *env = &cpu->env;
 -    env->pc = tb->pc;
 +    env->pc = tb_pc(tb);
  }
  #endif /* CONFIG_TCG */
 diff --git a/target/microblaze/cpu.c b/target/microblaze/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/microblaze/cpu.c
 +++ b/target/microblaze/cpu.c
@@ -XXX,XX +XXX,XX @@ static void mb_cpu_synchronize_from_tb(CPUState *cs,
  {
      MicroBlazeCPU *cpu = MICROBLAZE_CPU(cs);
 -    cpu->env.pc = tb->pc;
 +    cpu->env.pc = tb_pc(tb);
      cpu->env.iflags = tb->flags & IFLAGS_TB_MASK;
  }
 diff --git a/target/mips/tcg/exception.c b/target/mips/tcg/exception.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/mips/tcg/exception.c
 +++ b/target/mips/tcg/exception.c
@@ -XXX,XX +XXX,XX @@ void mips_cpu_synchronize_from_tb(CPUState *cs, const TranslationBlock *tb)
      MIPSCPU *cpu = MIPS_CPU(cs);
      CPUMIPSState *env = &cpu->env;
 -    env->active_tc.PC = tb->pc;
 +    env->active_tc.PC = tb_pc(tb);
      env->hflags &= ~MIPS_HFLAG_BMASK;
      env->hflags |= tb->flags & MIPS_HFLAG_BMASK;
  }
 diff --git a/target/mips/tcg/sysemu/special_helper.c b/target/mips/tcg/sysemu/special_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/mips/tcg/sysemu/special_helper.c
 +++ b/target/mips/tcg/sysemu/special_helper.c
@@ -XXX,XX +XXX,XX @@ bool mips_io_recompile_replay_branch(CPUState *cs, const TranslationBlock *tb)
      CPUMIPSState *env = &cpu->env;
      if ((env->hflags & MIPS_HFLAG_BMASK) != 0
 -        && env->active_tc.PC != tb->pc) {
 +        && env->active_tc.PC != tb_pc(tb)) {
          env->active_tc.PC -= (env->hflags & MIPS_HFLAG_B16 ? 2 : 4);
          env->hflags &= ~MIPS_HFLAG_BMASK;
          return true;
 diff --git a/target/openrisc/cpu.c b/target/openrisc/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/openrisc/cpu.c
 +++ b/target/openrisc/cpu.c
@@ -XXX,XX +XXX,XX @@ static void openrisc_cpu_synchronize_from_tb(CPUState *cs,
  {
      OpenRISCCPU *cpu = OPENRISC_CPU(cs);
 -    cpu->env.pc = tb->pc;
 +    cpu->env.pc = tb_pc(tb);
  }
 diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/riscv/cpu.c
 +++ b/target/riscv/cpu.c
@@ -XXX,XX +XXX,XX @@ static void riscv_cpu_synchronize_from_tb(CPUState *cs,
      RISCVMXL xl = FIELD_EX32(tb->flags, TB_FLAGS, XL);
      if (xl == MXL_RV32) {
 -        env->pc = (int32_t)tb->pc;
 +        env->pc = (int32_t)tb_pc(tb);
      } else {
 -        env->pc = tb->pc;
 +        env->pc = tb_pc(tb);
      }
  }
 diff --git a/target/rx/cpu.c b/target/rx/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/rx/cpu.c
 +++ b/target/rx/cpu.c
@@ -XXX,XX +XXX,XX @@ static void rx_cpu_synchronize_from_tb(CPUState *cs,
  {
      RXCPU *cpu = RX_CPU(cs);
 -    cpu->env.pc = tb->pc;
 +    cpu->env.pc = tb_pc(tb);
  }
  static bool rx_cpu_has_work(CPUState *cs)
 diff --git a/target/sh4/cpu.c b/target/sh4/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/sh4/cpu.c
 +++ b/target/sh4/cpu.c
@@ -XXX,XX +XXX,XX @@ static void superh_cpu_synchronize_from_tb(CPUState *cs,
  {
      SuperHCPU *cpu = SUPERH_CPU(cs);
 -    cpu->env.pc = tb->pc;
 +    cpu->env.pc = tb_pc(tb);
      cpu->env.flags = tb->flags & TB_FLAG_ENVFLAGS_MASK;
  }
@@ -XXX,XX +XXX,XX @@ static bool superh_io_recompile_replay_branch(CPUState *cs,
      CPUSH4State *env = &cpu->env;
      if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
 -        && env->pc != tb->pc) {
 +        && env->pc != tb_pc(tb)) {
          env->pc -= 2;
          env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
          return true;
 diff --git a/target/sparc/cpu.c b/target/sparc/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/sparc/cpu.c
 +++ b/target/sparc/cpu.c
@@ -XXX,XX +XXX,XX @@ static void sparc_cpu_synchronize_from_tb(CPUState *cs,
  {
      SPARCCPU *cpu = SPARC_CPU(cs);
 -    cpu->env.pc = tb->pc;
 +    cpu->env.pc = tb_pc(tb);
      cpu->env.npc = tb->cs_base;
  }
 diff --git a/target/tricore/cpu.c b/target/tricore/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/tricore/cpu.c
 +++ b/target/tricore/cpu.c
@@ -XXX,XX +XXX,XX @@ static void tricore_cpu_synchronize_from_tb(CPUState *cs,
      TriCoreCPU *cpu = TRICORE_CPU(cs);
      CPUTriCoreState *env = &cpu->env;
 -    env->PC = tb->pc;
 +    env->PC = tb_pc(tb);
  }
  static void tricore_cpu_reset(DeviceState *dev)
 diff --git a/tcg/tcg.c b/tcg/tcg.c
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/tcg.c
 +++ b/tcg/tcg.c
@@ -XXX,XX +XXX,XX @@ int64_t tcg_cpu_exec_time(void)
  #endif
 -int tcg_gen_code(TCGContext *s, TranslationBlock *tb)
 +int tcg_gen_code(TCGContext *s, TranslationBlock *tb, target_ulong pc_start)
  {
  #ifdef CONFIG_PROFILER
      TCGProfile *prof = &s->prof;
@@ -XXX,XX +XXX,XX @@ int tcg_gen_code(TCGContext *s, TranslationBlock *tb)
  #ifdef DEBUG_DISAS
      if (unlikely(qemu_loglevel_mask(CPU_LOG_TB_OP)
 -                 && qemu_log_in_addr_range(tb->pc))) {
 +                 && qemu_log_in_addr_range(pc_start))) {
          FILE *logfile = qemu_log_trylock();
          if (logfile) {
              fprintf(logfile, "OP:\n");
@@ -XXX,XX +XXX,XX @@ int tcg_gen_code(TCGContext *s, TranslationBlock *tb)
      if (s->nb_indirects > 0) {
  #ifdef DEBUG_DISAS
          if (unlikely(qemu_loglevel_mask(CPU_LOG_TB_OP_IND)
 -                     && qemu_log_in_addr_range(tb->pc))) {
 +                     && qemu_log_in_addr_range(pc_start))) {
              FILE *logfile = qemu_log_trylock();
              if (logfile) {
                  fprintf(logfile, "OP before indirect lowering:\n");
@@ -XXX,XX +XXX,XX @@ int tcg_gen_code(TCGContext *s, TranslationBlock *tb)
  #ifdef DEBUG_DISAS
      if (unlikely(qemu_loglevel_mask(CPU_LOG_TB_OP_OPT)
 -                 && qemu_log_in_addr_range(tb->pc))) {
 +                 && qemu_log_in_addr_range(pc_start))) {
          FILE *logfile = qemu_log_trylock();
          if (logfile) {
              fprintf(logfile, "OP after optimization and liveness analysis:\n");
 --
-.25.1
+.34.1

-[PULL 20/28] tcg/s390x: Implement tcg_out_dup*_vec
+[PULL 18/20] accel/tcg: Introduce TARGET_TB_PCREL
+Prepare for targets to be able to produce TBs that can
+run in more than one virtual context.
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- tcg/s390x/tcg-target.c.inc | 122 ++++++++++++++++++++++++++++++++++++-
+ accel/tcg/internal.h      |  4 +++
-file changed, 119 insertions(+), 3 deletions(-)
+ accel/tcg/tb-jmp-cache.h  | 41 +++++++++++++++++++++++++
  include/exec/cpu-defs.h   |  3 ++
  include/exec/exec-all.h   | 32 ++++++++++++++++++--
  accel/tcg/cpu-exec.c      | 16 ++++++----
  accel/tcg/translate-all.c | 64 ++++++++++++++++++++++++++-------------
 files changed, 131 insertions(+), 29 deletions(-)
-diff --git a/tcg/s390x/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
+diff --git a/accel/tcg/internal.h b/accel/tcg/internal.h
 index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390x/tcg-target.c.inc
+--- a/accel/tcg/internal.h
-+++ b/tcg/s390x/tcg-target.c.inc
++++ b/accel/tcg/internal.h
-@@ -XXX,XX +XXX,XX @@ typedef enum S390Opcode {
+@@ -XXX,XX +XXX,XX @@ void tb_htable_init(void);
-     RX_STC      = 0x42,
+ /* Return the current PC from CPU, which may be cached in TB. */
-     RX_STH      = 0x40,
+ static inline target_ulong log_pc(CPUState *cpu, const TranslationBlock *tb)
+ {
-+    VRIa_VGBM   = 0xe744,
++#if TARGET_TB_PCREL
-+    VRIa_VREPI  = 0xe745,
++    return cpu->cc->get_pc(cpu);
-+    VRIb_VGM    = 0xe746,
++#else
-+    VRIc_VREP   = 0xe74d,
+     return tb_pc(tb);
-+
++#endif
-     VRRa_VLR    = 0xe756,
+ }
-+    VRRf_VLVGP  = 0xe762,
+ #endif /* ACCEL_TCG_INTERNAL_H */
-     VRSb_VLVG   = 0xe722,
+diff --git a/accel/tcg/tb-jmp-cache.h b/accel/tcg/tb-jmp-cache.h
-     VRSc_VLGV   = 0xe721,
+index XXXXXXX..XXXXXXX 100644
+--- a/accel/tcg/tb-jmp-cache.h
-     VRX_VL      = 0xe706,
++++ b/accel/tcg/tb-jmp-cache.h
-     VRX_VLLEZ   = 0xe704,
+@@ -XXX,XX +XXX,XX @@
-+    VRX_VLREP   = 0xe705,
-     VRX_VST     = 0xe70e,
+ /*
-     VRX_VSTEF   = 0xe70b,
+  * Accessed in parallel; all accesses to 'tb' must be atomic.
-     VRX_VSTEG   = 0xe70a,
++ * For TARGET_TB_PCREL, accesses to 'pc' must be protected by
-@@ -XXX,XX +XXX,XX @@ static int RXB(TCGReg v1, TCGReg v2, TCGReg v3, TCGReg v4)
++ * a load_acquire/store_release to 'tb'.
-          | ((v4 & 0x10) << (4 + 0));
+  */
- }
+ struct CPUJumpCache {
+     struct {
-+static void tcg_out_insn_VRIa(TCGContext *s, S390Opcode op,
+         TranslationBlock *tb;
-+                              TCGReg v1, uint16_t i2, int m3)
++#if TARGET_TB_PCREL
 +        target_ulong pc;
 +#endif
      } array[TB_JMP_CACHE_SIZE];
  };
 +static inline TranslationBlock *
 +tb_jmp_cache_get_tb(CPUJumpCache *jc, uint32_t hash)
 +{
-+    tcg_debug_assert(is_vector_reg(v1));
++#if TARGET_TB_PCREL
-+    tcg_out16(s, (op & 0xff00) | ((v1 & 0xf) << 4));
++    /* Use acquire to ensure current load of pc from jc. */
-+    tcg_out16(s, i2);
++    return qatomic_load_acquire(&jc->array[hash].tb);
-+    tcg_out16(s, (op & 0x00ff) | RXB(v1, 0, 0, 0) | (m3 << 12));
++#else
 +    /* Use rcu_read to ensure current load of pc from *tb. */
 +    return qatomic_rcu_read(&jc->array[hash].tb);
 +#endif
 +}
 +
-+static void tcg_out_insn_VRIb(TCGContext *s, S390Opcode op,
++static inline target_ulong
-+                              TCGReg v1, uint8_t i2, uint8_t i3, int m4)
++tb_jmp_cache_get_pc(CPUJumpCache *jc, uint32_t hash, TranslationBlock *tb)
 +{
-+    tcg_debug_assert(is_vector_reg(v1));
++#if TARGET_TB_PCREL
-+    tcg_out16(s, (op & 0xff00) | ((v1 & 0xf) << 4));
++    return jc->array[hash].pc;
-+    tcg_out16(s, (i2 << 8) | (i3 & 0xff));
++#else
-+    tcg_out16(s, (op & 0x00ff) | RXB(v1, 0, 0, 0) | (m4 << 12));
++    return tb_pc(tb);
 +#endif
 +}
 +
-+static void tcg_out_insn_VRIc(TCGContext *s, S390Opcode op,
++static inline void
-+                              TCGReg v1, uint16_t i2, TCGReg v3, int m4)
++tb_jmp_cache_set(CPUJumpCache *jc, uint32_t hash,
 +                 TranslationBlock *tb, target_ulong pc)
 +{
-+    tcg_debug_assert(is_vector_reg(v1));
++#if TARGET_TB_PCREL
-+    tcg_debug_assert(is_vector_reg(v3));
++    jc->array[hash].pc = pc;
-+    tcg_out16(s, (op & 0xff00) | ((v1 & 0xf) << 4) | (v3 & 0xf));
++    /* Use store_release on tb to ensure pc is written first. */
-+    tcg_out16(s, i2);
++    qatomic_store_release(&jc->array[hash].tb, tb);
-+    tcg_out16(s, (op & 0x00ff) | RXB(v1, 0, v3, 0) | (m4 << 12));
++#else
 +    /* Use the pc value already stored in tb->pc. */
 +    qatomic_set(&jc->array[hash].tb, tb);
 +#endif
 +}
 +
- static void tcg_out_insn_VRRa(TCGContext *s, S390Opcode op,
+ #endif /* ACCEL_TCG_TB_JMP_CACHE_H */
-                               TCGReg v1, TCGReg v2, int m3)
+diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
- {
+index XXXXXXX..XXXXXXX 100644
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_insn_VRRa(TCGContext *s, S390Opcode op,
+--- a/include/exec/cpu-defs.h
-     tcg_out32(s, (op & 0x00ff) | RXB(v1, v2, 0, 0) | (m3 << 12));
++++ b/include/exec/cpu-defs.h
- }
+@@ -XXX,XX +XXX,XX @@
+ #  error TARGET_PAGE_BITS must be defined in cpu-param.h
-+static void tcg_out_insn_VRRf(TCGContext *s, S390Opcode op,
+ # endif
-+                              TCGReg v1, TCGReg r2, TCGReg r3)
+ #endif
 +#ifndef TARGET_TB_PCREL
 +# define TARGET_TB_PCREL 0
 +#endif
  #define TARGET_LONG_SIZE (TARGET_LONG_BITS / 8)
 diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/exec/exec-all.h
 +++ b/include/exec/exec-all.h
@@ -XXX,XX +XXX,XX @@ struct tb_tc {
  };
  struct TranslationBlock {
 -    target_ulong pc;   /* simulated PC corresponding to this block (EIP + CS base) */
 -    target_ulong cs_base; /* CS base for this block */
 +#if !TARGET_TB_PCREL
 +    /*
 +     * Guest PC corresponding to this block.  This must be the true
 +     * virtual address.  Therefore e.g. x86 stores EIP + CS_BASE, and
 +     * targets like Arm, MIPS, HP-PA, which reuse low bits for ISA or
 +     * privilege, must store those bits elsewhere.
 +     *
 +     * If TARGET_TB_PCREL, the opcodes for the TranslationBlock are
 +     * written such that the TB is associated only with the physical
 +     * page and may be run in any virtual address context.  In this case,
 +     * PC must always be taken from ENV in a target-specific manner.
 +     * Unwind information is taken as offsets from the page, to be
 +     * deposited into the "current" PC.
 +     */
 +    target_ulong pc;
 +#endif
 +
 +    /*
 +     * Target-specific data associated with the TranslationBlock, e.g.:
 +     * x86: the original user, the Code Segment virtual base,
 +     * arm: an extension of tb->flags,
 +     * s390x: instruction data for EXECUTE,
 +     * sparc: the next pc of the instruction queue (for delay slots).
 +     */
 +    target_ulong cs_base;
 +
      uint32_t flags; /* flags defining in which context the code was generated */
      uint32_t cflags;    /* compile flags */
@@ -XXX,XX +XXX,XX @@ struct TranslationBlock {
  /* Hide the read to avoid ifdefs for TARGET_TB_PCREL. */
  static inline target_ulong tb_pc(const TranslationBlock *tb)
  {
 +#if TARGET_TB_PCREL
 +    qemu_build_not_reached();
 +#else
      return tb->pc;
 +#endif
  }
  /* Hide the qatomic_read to make code a little easier on the eyes */
 diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/cpu-exec.c
 +++ b/accel/tcg/cpu-exec.c
@@ -XXX,XX +XXX,XX @@ static bool tb_lookup_cmp(const void *p, const void *d)
      const TranslationBlock *tb = p;
      const struct tb_desc *desc = d;
 -    if (tb_pc(tb) == desc->pc &&
 +    if ((TARGET_TB_PCREL || tb_pc(tb) == desc->pc) &&
          tb->page_addr[0] == desc->page_addr0 &&
          tb->cs_base == desc->cs_base &&
          tb->flags == desc->flags &&
@@ -XXX,XX +XXX,XX @@ static TranslationBlock *tb_htable_lookup(CPUState *cpu, target_ulong pc,
          return NULL;
      }
      desc.page_addr0 = phys_pc;
 -    h = tb_hash_func(phys_pc, pc, flags, cflags, *cpu->trace_dstate);
 +    h = tb_hash_func(phys_pc, (TARGET_TB_PCREL ? 0 : pc),
 +                     flags, cflags, *cpu->trace_dstate);
      return qht_lookup_custom(&tb_ctx.htable, &desc, h, tb_lookup_cmp);
  }
@@ -XXX,XX +XXX,XX @@ static inline TranslationBlock *tb_lookup(CPUState *cpu, target_ulong pc,
                                            uint32_t flags, uint32_t cflags)
  {
      TranslationBlock *tb;
 +    CPUJumpCache *jc;
      uint32_t hash;
      /* we should never be trying to look up an INVALID tb */
      tcg_debug_assert(!(cflags & CF_INVALID));
      hash = tb_jmp_cache_hash_func(pc);
 -    tb = qatomic_rcu_read(&cpu->tb_jmp_cache->array[hash].tb);
 +    jc = cpu->tb_jmp_cache;
 +    tb = tb_jmp_cache_get_tb(jc, hash);
      if (likely(tb &&
 -               tb->pc == pc &&
 +               tb_jmp_cache_get_pc(jc, hash, tb) == pc &&
                 tb->cs_base == cs_base &&
                 tb->flags == flags &&
                 tb->trace_vcpu_dstate == *cpu->trace_dstate &&
@@ -XXX,XX +XXX,XX @@ static inline TranslationBlock *tb_lookup(CPUState *cpu, target_ulong pc,
      if (tb == NULL) {
          return NULL;
      }
 -    qatomic_set(&cpu->tb_jmp_cache->array[hash].tb, tb);
 +    tb_jmp_cache_set(jc, hash, tb, pc);
      return tb;
  }
@@ -XXX,XX +XXX,XX @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit)
          if (cc->tcg_ops->synchronize_from_tb) {
              cc->tcg_ops->synchronize_from_tb(cpu, last_tb);
          } else {
 +            assert(!TARGET_TB_PCREL);
              assert(cc->set_pc);
              cc->set_pc(cpu, tb_pc(last_tb));
          }
@@ -XXX,XX +XXX,XX @@ int cpu_exec(CPUState *cpu)
                   * for the fast lookup
                   */
                  h = tb_jmp_cache_hash_func(pc);
 -                qatomic_set(&cpu->tb_jmp_cache->array[h].tb, tb);
 +                tb_jmp_cache_set(cpu->tb_jmp_cache, h, tb, pc);
              }
  #ifndef CONFIG_USER_ONLY
 diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/translate-all.c
 +++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ static int encode_search(TranslationBlock *tb, uint8_t *block)
          for (j = 0; j < TARGET_INSN_START_WORDS; ++j) {
              if (i == 0) {
 -                prev = (j == 0 ? tb_pc(tb) : 0);
 +                prev = (!TARGET_TB_PCREL && j == 0 ? tb_pc(tb) : 0);
              } else {
                  prev = tcg_ctx->gen_insn_data[i - 1][j];
              }
@@ -XXX,XX +XXX,XX @@ static int encode_search(TranslationBlock *tb, uint8_t *block)
  static int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
                                       uintptr_t searched_pc, bool reset_icount)
  {
 -    target_ulong data[TARGET_INSN_START_WORDS] = { tb_pc(tb) };
 +    target_ulong data[TARGET_INSN_START_WORDS];
      uintptr_t host_pc = (uintptr_t)tb->tc.ptr;
      CPUArchState *env = cpu->env_ptr;
      const uint8_t *p = tb->tc.ptr + tb->tc.size;
@@ -XXX,XX +XXX,XX @@ static int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
          return -1;
      }
 +    memset(data, 0, sizeof(data));
 +    if (!TARGET_TB_PCREL) {
 +        data[0] = tb_pc(tb);
 +    }
 +
      /* Reconstruct the stored insn data while looking for the point at
         which the end of the insn exceeds the searched_pc.  */
      for (i = 0; i < num_insns; ++i) {
@@ -XXX,XX +XXX,XX @@ static bool tb_cmp(const void *ap, const void *bp)
      const TranslationBlock *a = ap;
      const TranslationBlock *b = bp;
 -    return tb_pc(a) == tb_pc(b) &&
 -        a->cs_base == b->cs_base &&
 -        a->flags == b->flags &&
 -        (tb_cflags(a) & ~CF_INVALID) == (tb_cflags(b) & ~CF_INVALID) &&
 -        a->trace_vcpu_dstate == b->trace_vcpu_dstate &&
 -        a->page_addr[0] == b->page_addr[0] &&
 -        a->page_addr[1] == b->page_addr[1];
 +    return ((TARGET_TB_PCREL || tb_pc(a) == tb_pc(b)) &&
 +            a->cs_base == b->cs_base &&
 +            a->flags == b->flags &&
 +            (tb_cflags(a) & ~CF_INVALID) == (tb_cflags(b) & ~CF_INVALID) &&
 +            a->trace_vcpu_dstate == b->trace_vcpu_dstate &&
 +            a->page_addr[0] == b->page_addr[0] &&
 +            a->page_addr[1] == b->page_addr[1]);
  }
  void tb_htable_init(void)
@@ -XXX,XX +XXX,XX @@ static inline void tb_jmp_unlink(TranslationBlock *dest)
      qemu_spin_unlock(&dest->jmp_lock);
  }
 +static void tb_jmp_cache_inval_tb(TranslationBlock *tb)
 +{
-+    tcg_debug_assert(is_vector_reg(v1));
++    CPUState *cpu;
-+    tcg_debug_assert(is_general_reg(r2));
++
-+    tcg_debug_assert(is_general_reg(r3));
++    if (TARGET_TB_PCREL) {
-+    tcg_out16(s, (op & 0xff00) | ((v1 & 0xf) << 4) | r2);
++        /* A TB may be at any virtual address */
-+    tcg_out16(s, r3 << 12);
++        CPU_FOREACH(cpu) {
-+    tcg_out16(s, (op & 0x00ff) | RXB(v1, 0, 0, 0));
++            tcg_flush_jmp_cache(cpu);
-+}
++        }
-+
++    } else {
- static void tcg_out_insn_VRSb(TCGContext *s, S390Opcode op, TCGReg v1,
++        uint32_t h = tb_jmp_cache_hash_func(tb_pc(tb));
-                               intptr_t d2, TCGReg b2, TCGReg r3, int m4)
++
- {
++        CPU_FOREACH(cpu) {
-@@ -XXX,XX +XXX,XX @@ static inline void tcg_out_op(TCGContext *s, TCGOpcode opc,
++            CPUJumpCache *jc = cpu->tb_jmp_cache;
- static bool tcg_out_dup_vec(TCGContext *s, TCGType type, unsigned vece,
++
-                             TCGReg dst, TCGReg src)
++            if (qatomic_read(&jc->array[h].tb) == tb) {
- {
++                qatomic_set(&jc->array[h].tb, NULL);
--    g_assert_not_reached();
++            }
 +    if (is_general_reg(src)) {
 +        /* Replicate general register into two MO_64. */
 +        tcg_out_insn(s, VRRf, VLVGP, dst, src, src);
 +        if (vece == MO_64) {
 +            return true;
 +        }
 +    }
-+
++}
-+    /*
++
-+     * Recall that the "standard" integer, within a vector, is the
+ /*
-+     * rightmost element of the leftmost doubleword, a-la VLLEZ.
+  * In user-mode, call with mmap_lock held.
-+     */
+  * In !user-mode, if @rm_from_page_list is set, call with the TB's pages'
-+    tcg_out_insn(s, VRIc, VREP, dst, (8 >> vece) - 1, src, vece);
+@@ -XXX,XX +XXX,XX @@ static inline void tb_jmp_unlink(TranslationBlock *dest)
-+    return true;
+  */
- }
+ static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list)
+ {
- static bool tcg_out_dupm_vec(TCGContext *s, TCGType type, unsigned vece,
+-    CPUState *cpu;
-                              TCGReg dst, TCGReg base, intptr_t offset)
+     PageDesc *p;
- {
+     uint32_t h;
--    g_assert_not_reached();
+     tb_page_addr_t phys_pc;
-+    tcg_out_vrx_mem(s, VRX_VLREP, dst, base, TCG_REG_NONE, offset, vece);
+@@ -XXX,XX +XXX,XX @@ static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list)
-+    return true;
- }
+     /* remove the TB from the hash list */
+     phys_pc = tb->page_addr[0];
- static void tcg_out_dupi_vec(TCGContext *s, TCGType type, unsigned vece,
+-    h = tb_hash_func(phys_pc, tb_pc(tb), tb->flags, orig_cflags,
-                              TCGReg dst, int64_t val)
+-                     tb->trace_vcpu_dstate);
- {
++    h = tb_hash_func(phys_pc, (TARGET_TB_PCREL ? 0 : tb_pc(tb)),
--    g_assert_not_reached();
++                     tb->flags, orig_cflags, tb->trace_vcpu_dstate);
-+    int i, mask, msb, lsb;
+     if (!qht_remove(&tb_ctx.htable, tb, h)) {
-+
+         return;
-+    /* Look for int16_t elements.  */
+     }
-+    if (vece <= MO_16 ||
+@@ -XXX,XX +XXX,XX @@ static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list)
-+        (vece == MO_32 ? (int32_t)val : val) == (int16_t)val) {
+     }
-+        tcg_out_insn(s, VRIa, VREPI, dst, val, vece);
-+        return;
+     /* remove the TB from the hash list */
-+    }
+-    h = tb_jmp_cache_hash_func(tb->pc);
-+
+-    CPU_FOREACH(cpu) {
-+    /* Look for bit masks.  */
+-        CPUJumpCache *jc = cpu->tb_jmp_cache;
-+    if (vece == MO_32) {
+-        if (qatomic_read(&jc->array[h].tb) == tb) {
-+        if (risbg_mask((int32_t)val)) {
+-            qatomic_set(&jc->array[h].tb, NULL);
-+            /* Handle wraparound by swapping msb and lsb.  */
+-        }
-+            if ((val & 0x80000001u) == 0x80000001u) {
+-    }
-+                msb = 32 - ctz32(~val);
++    tb_jmp_cache_inval_tb(tb);
-+                lsb = clz32(~val) - 1;
-+            } else {
+     /* suppress this TB from the two jump lists */
-+                msb = clz32(val);
+     tb_remove_from_jmp_list(tb, 0);
-+                lsb = 31 - ctz32(val);
+@@ -XXX,XX +XXX,XX @@ tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
-+            }
+     }
-+            tcg_out_insn(s, VRIb, VGM, dst, lsb, msb, MO_32);
-+            return;
+     /* add in the hash table */
-+        }
+-    h = tb_hash_func(phys_pc, tb_pc(tb), tb->flags, tb->cflags,
-+    } else {
+-                     tb->trace_vcpu_dstate);
-+        if (risbg_mask(val)) {
++    h = tb_hash_func(phys_pc, (TARGET_TB_PCREL ? 0 : tb_pc(tb)),
-+            /* Handle wraparound by swapping msb and lsb.  */
++                     tb->flags, tb->cflags, tb->trace_vcpu_dstate);
-+            if ((val & 0x8000000000000001ull) == 0x8000000000000001ull) {
+     qht_insert(&tb_ctx.htable, tb, h, &existing_tb);
-+                /* Handle wraparound by swapping msb and lsb.  */
-+                msb = 64 - ctz64(~val);
+     /* remove TB from the page(s) if we couldn't insert it */
-+                lsb = clz64(~val) - 1;
+@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
-+            } else {
-+                msb = clz64(val);
+     gen_code_buf = tcg_ctx->code_gen_ptr;
-+                lsb = 63 - ctz64(val);
+     tb->tc.ptr = tcg_splitwx_to_rx(gen_code_buf);
-+            }
++#if !TARGET_TB_PCREL
-+            tcg_out_insn(s, VRIb, VGM, dst, lsb, msb, MO_64);
+     tb->pc = pc;
-+            return;
++#endif
-+        }
+     tb->cs_base = cs_base;
-+    }
+     tb->flags = flags;
-+
+     tb->cflags = cflags;
 +    /* Look for all bytes 0x00 or 0xff.  */
 +    for (i = mask = 0; i < 8; i++) {
 +        uint8_t byte = val >> (i * 8);
 +        if (byte == 0xff) {
 +            mask |= 1 << i;
 +        } else if (byte != 0) {
 +            break;
 +        }
 +    }
 +    if (i == 8) {
 +        tcg_out_insn(s, VRIa, VGBM, dst, mask * 0x0101, 0);
 +        return;
 +    }
 +
 +    /* Otherwise, stuff it in the constant pool.  */
 +    tcg_out_insn(s, RIL, LARL, TCG_TMP0, 0);
 +    new_pool_label(s, val, R_390_PC32DBL, s->code_ptr - 2, 2);
 +    tcg_out_insn(s, VRX, VLREP, dst, TCG_TMP0, TCG_REG_NONE, 0, MO_64);
  }
  static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
 --
-.25.1
+.34.1

-[PULL 17/28] tcg/s390x: Add host vector framework
+[PULL 19/20] tcg/ppc: Optimize 26-bit jumps
-Add registers and function stubs.  The functionality
+From: Leandro Lupori <leandro.lupori@eldorado.org.br>
 is disabled via squashing s390_facilities[2] to 0.
-We must still include results for the mandatory opcodes in
+PowerPC64 processors handle direct branches better than indirect
-tcg_target_op_def, as all opcodes are checked during tcg init.
+ones, resulting in less stalled cycles and branch misses.
-Reviewed-by: David Hildenbrand <david@redhat.com>
+However, PPC's tb_target_set_jmp_target() was only using direct
 branches for 16-bit jumps, while PowerPC64's unconditional branch
 instructions are able to handle displacements of up to 26 bits.
 To take advantage of this, now jumps whose displacements fit in
 between 17 and 26 bits are also converted to direct branches.
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
 Signed-off-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
 [rth: Expanded some commentary.]
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- tcg/s390x/tcg-target-con-set.h |   4 +
+ tcg/ppc/tcg-target.c.inc | 119 +++++++++++++++++++++++++++++----------
- tcg/s390x/tcg-target-con-str.h |   1 +
+file changed, 88 insertions(+), 31 deletions(-)
  tcg/s390x/tcg-target.h         |  35 ++++++++-
  tcg/s390x/tcg-target.opc.h     |  12 +++
  tcg/s390x/tcg-target.c.inc     | 137 ++++++++++++++++++++++++++++++++-
 files changed, 184 insertions(+), 5 deletions(-)
  create mode 100644 tcg/s390x/tcg-target.opc.h
-diff --git a/tcg/s390x/tcg-target-con-set.h b/tcg/s390x/tcg-target-con-set.h
+diff --git a/tcg/ppc/tcg-target.c.inc b/tcg/ppc/tcg-target.c.inc
 index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390x/tcg-target-con-set.h
+--- a/tcg/ppc/tcg-target.c.inc
-+++ b/tcg/s390x/tcg-target-con-set.h
++++ b/tcg/ppc/tcg-target.c.inc
-@@ -XXX,XX +XXX,XX @@ C_O0_I1(r)
+@@ -XXX,XX +XXX,XX @@ static void tcg_out_mb(TCGContext *s, TCGArg a0)
- C_O0_I2(L, L)
+     tcg_out32(s, insn);
  C_O0_I2(r, r)
  C_O0_I2(r, ri)
 +C_O0_I2(v, r)
  C_O1_I1(r, L)
  C_O1_I1(r, r)
 +C_O1_I1(v, r)
 +C_O1_I1(v, vr)
  C_O1_I2(r, 0, ri)
  C_O1_I2(r, 0, rI)
  C_O1_I2(r, 0, rJ)
  C_O1_I2(r, r, ri)
  C_O1_I2(r, rZ, r)
 +C_O1_I2(v, v, v)
  C_O1_I4(r, r, ri, r, 0)
  C_O1_I4(r, r, ri, rI, 0)
  C_O2_I2(b, a, 0, r)
 diff --git a/tcg/s390x/tcg-target-con-str.h b/tcg/s390x/tcg-target-con-str.h
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/s390x/tcg-target-con-str.h
 +++ b/tcg/s390x/tcg-target-con-str.h
@@ -XXX,XX +XXX,XX @@
   */
  REGS('r', ALL_GENERAL_REGS)
  REGS('L', ALL_GENERAL_REGS & ~SOFTMMU_RESERVE_REGS)
 +REGS('v', ALL_VECTOR_REGS)
  /*
   * A (single) even/odd pair for division.
   * TODO: Add something to the register allocator to allow
 diff --git a/tcg/s390x/tcg-target.h b/tcg/s390x/tcg-target.h
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/s390x/tcg-target.h
 +++ b/tcg/s390x/tcg-target.h
@@ -XXX,XX +XXX,XX @@ typedef enum TCGReg {
      TCG_REG_R8,  TCG_REG_R9,  TCG_REG_R10, TCG_REG_R11,
      TCG_REG_R12, TCG_REG_R13, TCG_REG_R14, TCG_REG_R15,
 +    TCG_REG_V0 = 32, TCG_REG_V1,  TCG_REG_V2,  TCG_REG_V3,
 +    TCG_REG_V4,  TCG_REG_V5,  TCG_REG_V6,  TCG_REG_V7,
 +    TCG_REG_V8,  TCG_REG_V9,  TCG_REG_V10, TCG_REG_V11,
 +    TCG_REG_V12, TCG_REG_V13, TCG_REG_V14, TCG_REG_V15,
 +    TCG_REG_V16, TCG_REG_V17, TCG_REG_V18, TCG_REG_V19,
 +    TCG_REG_V20, TCG_REG_V21, TCG_REG_V22, TCG_REG_V23,
 +    TCG_REG_V24, TCG_REG_V25, TCG_REG_V26, TCG_REG_V27,
 +    TCG_REG_V28, TCG_REG_V29, TCG_REG_V30, TCG_REG_V31,
 +
      TCG_AREG0 = TCG_REG_R10,
      TCG_REG_CALL_STACK = TCG_REG_R15
  } TCGReg;
 -#define TCG_TARGET_NB_REGS 16
 +#define TCG_TARGET_NB_REGS 64
  /* A list of relevant facilities used by this translator.  Some of these
     are required for proper operation, and these are checked at startup.  */
@@ -XXX,XX +XXX,XX @@ typedef enum TCGReg {
  #define FACILITY_FAST_BCR_SER         FACILITY_LOAD_ON_COND
  #define FACILITY_DISTINCT_OPS         FACILITY_LOAD_ON_COND
  #define FACILITY_LOAD_ON_COND2        53
 +#define FACILITY_VECTOR               129
 -extern uint64_t s390_facilities[1];
 +extern uint64_t s390_facilities[3];
  #define HAVE_FACILITY(X) \
      ((s390_facilities[FACILITY_##X / 64] >> (63 - FACILITY_##X % 64)) & 1)
@@ -XXX,XX +XXX,XX @@ extern uint64_t s390_facilities[1];
  #define TCG_TARGET_HAS_muluh_i64      0
  #define TCG_TARGET_HAS_mulsh_i64      0
 +#define TCG_TARGET_HAS_v64            HAVE_FACILITY(VECTOR)
 +#define TCG_TARGET_HAS_v128           HAVE_FACILITY(VECTOR)
 +#define TCG_TARGET_HAS_v256           0
 +
 +#define TCG_TARGET_HAS_andc_vec       0
 +#define TCG_TARGET_HAS_orc_vec        0
 +#define TCG_TARGET_HAS_not_vec        0
 +#define TCG_TARGET_HAS_neg_vec        0
 +#define TCG_TARGET_HAS_abs_vec        0
 +#define TCG_TARGET_HAS_roti_vec       0
 +#define TCG_TARGET_HAS_rots_vec       0
 +#define TCG_TARGET_HAS_rotv_vec       0
 +#define TCG_TARGET_HAS_shi_vec        0
 +#define TCG_TARGET_HAS_shs_vec        0
 +#define TCG_TARGET_HAS_shv_vec        0
 +#define TCG_TARGET_HAS_mul_vec        0
 +#define TCG_TARGET_HAS_sat_vec        0
 +#define TCG_TARGET_HAS_minmax_vec     0
 +#define TCG_TARGET_HAS_bitsel_vec     0
 +#define TCG_TARGET_HAS_cmpsel_vec     0
 +
  /* used for function call generation */
  #define TCG_TARGET_STACK_ALIGN        8
  #define TCG_TARGET_CALL_STACK_OFFSET    160
 diff --git a/tcg/s390x/tcg-target.opc.h b/tcg/s390x/tcg-target.opc.h
 new file mode 100644
 index XXXXXXX..XXXXXXX
 --- /dev/null
 +++ b/tcg/s390x/tcg-target.opc.h
@@ -XXX,XX +XXX,XX @@
 +/*
 + * Copyright (c) 2021 Linaro
 + *
 + * This work is licensed under the terms of the GNU GPL, version 2 or
 + * (at your option) any later version.
 + *
 + * See the COPYING file in the top-level directory for details.
 + *
 + * Target-specific opcodes for host vector expansion.  These will be
 + * emitted by tcg_expand_vec_op.  For those familiar with GCC internals,
 + * consider these to be UNSPEC with names.
 + */
 diff --git a/tcg/s390x/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/s390x/tcg-target.c.inc
 +++ b/tcg/s390x/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@
  #define TCG_CT_CONST_ZERO  0x800
  #define ALL_GENERAL_REGS     MAKE_64BIT_MASK(0, 16)
 +#define ALL_VECTOR_REGS      MAKE_64BIT_MASK(32, 32)
 +
  /*
   * For softmmu, we need to avoid conflicts with the first 3
   * argument registers to perform the tlb lookup, and to call
@@ -XXX,XX +XXX,XX @@ typedef enum S390Opcode {
  #ifdef CONFIG_DEBUG_TCG
  static const char * const tcg_target_reg_names[TCG_TARGET_NB_REGS] = {
 -    "%r0", "%r1", "%r2", "%r3", "%r4", "%r5", "%r6", "%r7",
 -    "%r8", "%r9", "%r10" "%r11" "%r12" "%r13" "%r14" "%r15"
 +    "%r0",  "%r1",  "%r2",  "%r3",  "%r4",  "%r5",  "%r6",  "%r7",
 +    "%r8",  "%r9",  "%r10", "%r11", "%r12", "%r13", "%r14", "%r15",
 +    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 +    "%v0",  "%v1",  "%v2",  "%v3",  "%v4",  "%v5",  "%v6",  "%v7",
 +    "%v8",  "%v9",  "%v10", "%v11", "%v12", "%v13", "%v14", "%v15",
 +    "%v16", "%v17", "%v18", "%v19", "%v20", "%v21", "%v22", "%v23",
 +    "%v24", "%v25", "%v26", "%v27", "%v28", "%v29", "%v30", "%v31",
  };
  #endif
@@ -XXX,XX +XXX,XX @@ static const int tcg_target_reg_alloc_order[] = {
      TCG_REG_R4,
      TCG_REG_R3,
      TCG_REG_R2,
 +
 +    /* V8-V15 are call saved, and omitted. */
 +    TCG_REG_V0,
 +    TCG_REG_V1,
 +    TCG_REG_V2,
 +    TCG_REG_V3,
 +    TCG_REG_V4,
 +    TCG_REG_V5,
 +    TCG_REG_V6,
 +    TCG_REG_V7,
 +    TCG_REG_V16,
 +    TCG_REG_V17,
 +    TCG_REG_V18,
 +    TCG_REG_V19,
 +    TCG_REG_V20,
 +    TCG_REG_V21,
 +    TCG_REG_V22,
 +    TCG_REG_V23,
 +    TCG_REG_V24,
 +    TCG_REG_V25,
 +    TCG_REG_V26,
 +    TCG_REG_V27,
 +    TCG_REG_V28,
 +    TCG_REG_V29,
 +    TCG_REG_V30,
 +    TCG_REG_V31,
  };
  static const int tcg_target_call_iarg_regs[] = {
@@ -XXX,XX +XXX,XX @@ static void * const qemu_st_helpers[(MO_SIZE | MO_BSWAP) + 1] = {
  #endif
  static const tcg_insn_unit *tb_ret_addr;
 -uint64_t s390_facilities[1];
 +uint64_t s390_facilities[3];
  static bool patch_reloc(tcg_insn_unit *src_rw, int type,
                          intptr_t value, intptr_t addend)
@@ -XXX,XX +XXX,XX @@ static inline void tcg_out_op(TCGContext *s, TCGOpcode opc,
      }
  }
-+static bool tcg_out_dup_vec(TCGContext *s, TCGType type, unsigned vece,
++static inline uint64_t make_pair(tcg_insn_unit i1, tcg_insn_unit i2)
 +                            TCGReg dst, TCGReg src)
 +{
-+    g_assert_not_reached();
++    if (HOST_BIG_ENDIAN) {
 +        return (uint64_t)i1 << 32 | i2;
 +    }
 +    return (uint64_t)i2 << 32 | i1;
 +}
 +
-+static bool tcg_out_dupm_vec(TCGContext *s, TCGType type, unsigned vece,
++static inline void ppc64_replace2(uintptr_t rx, uintptr_t rw,
-+                             TCGReg dst, TCGReg base, intptr_t offset)
++                                  tcg_insn_unit i0, tcg_insn_unit i1)
 +{
-+    g_assert_not_reached();
++#if TCG_TARGET_REG_BITS == 64
 +    qatomic_set((uint64_t *)rw, make_pair(i0, i1));
 +    flush_idcache_range(rx, rw, 8);
 +#else
 +    qemu_build_not_reached();
 +#endif
 +}
 +
-+static void tcg_out_dupi_vec(TCGContext *s, TCGType type, unsigned vece,
++static inline void ppc64_replace4(uintptr_t rx, uintptr_t rw,
-+                             TCGReg dst, int64_t val)
++                                  tcg_insn_unit i0, tcg_insn_unit i1,
 +                                  tcg_insn_unit i2, tcg_insn_unit i3)
 +{
-+    g_assert_not_reached();
++    uint64_t p[2];
 +
 +    p[!HOST_BIG_ENDIAN] = make_pair(i0, i1);
 +    p[HOST_BIG_ENDIAN] = make_pair(i2, i3);
 +
 +    /*
 +     * There's no convenient way to get the compiler to allocate a pair
 +     * of registers at an even index, so copy into r6/r7 and clobber.
 +     */
 +    asm("mr  %%r6, %1\n\t"
 +        "mr  %%r7, %2\n\t"
 +        "stq %%r6, %0"
 +        : "=Q"(*(__int128 *)rw) : "r"(p[0]), "r"(p[1]) : "r6", "r7");
 +    flush_idcache_range(rx, rw, 16);
 +}
 +
-+static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
+ void tb_target_set_jmp_target(uintptr_t tc_ptr, uintptr_t jmp_rx,
-+                           unsigned vecl, unsigned vece,
+                               uintptr_t jmp_rw, uintptr_t addr)
 +                           const TCGArg *args, const int *const_args)
 +{
 +    g_assert_not_reached();
 +}
 +
 +int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, unsigned vece)
 +{
 +    return 0;
 +}
 +
 +void tcg_expand_vec_op(TCGOpcode opc, TCGType type, unsigned vece,
 +                       TCGArg a0, ...)
 +{
 +    g_assert_not_reached();
 +}
 +
  static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
  {
-     switch (op) {
+-    if (TCG_TARGET_REG_BITS == 64) {
-@@ -XXX,XX +XXX,XX @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
+-        tcg_insn_unit i1, i2;
-                 ? C_O2_I4(r, r, 0, 1, rA, r)
+-        intptr_t tb_diff = addr - tc_ptr;
-                 : C_O2_I4(r, r, 0, 1, r, r));
+-        intptr_t br_diff = addr - (jmp_rx + 4);
+-        uint64_t pair;
-+    case INDEX_op_st_vec:
++    tcg_insn_unit i0, i1, i2, i3;
-+        return C_O0_I2(v, r);
++    intptr_t tb_diff = addr - tc_ptr;
-+    case INDEX_op_ld_vec:
++    intptr_t br_diff = addr - (jmp_rx + 4);
-+    case INDEX_op_dupm_vec:
++    intptr_t lo, hi;
-+        return C_O1_I1(v, r);
-+    case INDEX_op_dup_vec:
+-        /* This does not exercise the range of the branch, but we do
-+        return C_O1_I1(v, vr);
+-           still need to be able to load the new value of TCG_REG_TB.
-+    case INDEX_op_add_vec:
+-           But this does still happen quite often.  */
-+    case INDEX_op_sub_vec:
+-        if (tb_diff == (int16_t)tb_diff) {
-+    case INDEX_op_and_vec:
+-            i1 = ADDI | TAI(TCG_REG_TB, TCG_REG_TB, tb_diff);
-+    case INDEX_op_or_vec:
+-            i2 = B | (br_diff & 0x3fffffc);
-+    case INDEX_op_xor_vec:
+-        } else {
-+    case INDEX_op_cmp_vec:
+-            intptr_t lo = (int16_t)tb_diff;
-+        return C_O1_I2(v, v, v);
+-            intptr_t hi = (int32_t)(tb_diff - lo);
-+
+-            assert(tb_diff == hi + lo);
-     default:
+-            i1 = ADDIS | TAI(TCG_REG_TB, TCG_REG_TB, hi >> 16);
-         g_assert_not_reached();
+-            i2 = ADDI | TAI(TCG_REG_TB, TCG_REG_TB, lo);
-     }
+-        }
- }
+-#if HOST_BIG_ENDIAN
+-        pair = (uint64_t)i1 << 32 | i2;
-+/*
+-#else
-+ * Mainline glibc added HWCAP_S390_VX before it was kernel abi.
+-        pair = (uint64_t)i2 << 32 | i1;
-+ * Some distros have fixed this up locally, others have not.
+-#endif
-+ */
+-
-+#ifndef HWCAP_S390_VXRS
+-        /* As per the enclosing if, this is ppc64.  Avoid the _Static_assert
-+#define HWCAP_S390_VXRS 2048
+-           within qatomic_set that would fail to build a ppc32 host.  */
-+#endif
+-        qatomic_set__nocheck((uint64_t *)jmp_rw, pair);
-+
+-        flush_idcache_range(jmp_rx, jmp_rw, 8);
- static void query_s390_facilities(void)
+-    } else {
- {
++    if (TCG_TARGET_REG_BITS == 32) {
-     unsigned long hwcap = qemu_getauxval(AT_HWCAP);
+         intptr_t diff = addr - jmp_rx;
-@@ -XXX,XX +XXX,XX @@ static void query_s390_facilities(void)
+         tcg_debug_assert(in_range_b(diff));
-         asm volatile(".word 0xb2b0,0x1000"
+         qatomic_set((uint32_t *)jmp_rw, B | (diff & 0x3fffffc));
-                      : "=r"(r0) : "r"(r0), "r"(r1) : "memory", "cc");
+         flush_idcache_range(jmp_rx, jmp_rw, 4);
 +        return;
      }
 +
 +    /*
-+     * Use of vector registers requires os support beyond the facility bit.
++     * For 16-bit displacements, we can use a single add + branch.
-+     * If the kernel does not advertise support, disable the facility bits.
++     * This happens quite often.
 +     * There is nothing else we currently care about in the 3rd word, so
 +     * disable VECTOR with one store.
 +     */
-+    if (1 || !(hwcap & HWCAP_S390_VXRS)) {
++    if (tb_diff == (int16_t)tb_diff) {
-+        s390_facilities[2] = 0;
++        i0 = ADDI | TAI(TCG_REG_TB, TCG_REG_TB, tb_diff);
 +        i1 = B | (br_diff & 0x3fffffc);
 +        ppc64_replace2(jmp_rx, jmp_rw, i0, i1);
 +        return;
 +    }
++
++    lo = (int16_t)tb_diff;
++    hi = (int32_t)(tb_diff - lo);
++    assert(tb_diff == hi + lo);
++    i0 = ADDIS | TAI(TCG_REG_TB, TCG_REG_TB, hi >> 16);
++    i1 = ADDI | TAI(TCG_REG_TB, TCG_REG_TB, lo);
++
++    /*
++     * Without stq from 2.07, we can only update two insns,
++     * and those must be the ones that load the target address.
++     */
++    if (!have_isa_2_07) {
++        ppc64_replace2(jmp_rx, jmp_rw, i0, i1);
++        return;
++    }
++
++    /*
++     * For 26-bit displacements, we can use a direct branch.
++     * Otherwise we still need the indirect branch, which we
++     * must restore after a potential direct branch write.
++     */
++    br_diff -= 4;
++    if (in_range_b(br_diff)) {
++        i2 = B | (br_diff & 0x3fffffc);
++        i3 = NOP;
++    } else {
++        i2 = MTSPR | RS(TCG_REG_TB) | CTR;
++        i3 = BCCTR | BO_ALWAYS;
++    }
++    ppc64_replace4(jmp_rx, jmp_rw, i0, i1, i2, i3);
  }
- static void tcg_target_init(TCGContext *s)
+ static void tcg_out_call_int(TCGContext *s, int lk,
-@@ -XXX,XX +XXX,XX @@ static void tcg_target_init(TCGContext *s)
+@@ -XXX,XX +XXX,XX @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
+         if (s->tb_jmp_insn_offset) {
-     tcg_target_available_regs[TCG_TYPE_I32] = 0xffff;
+             /* Direct jump. */
-     tcg_target_available_regs[TCG_TYPE_I64] = 0xffff;
+             if (TCG_TARGET_REG_BITS == 64) {
-+    if (HAVE_FACILITY(VECTOR)) {
+-                /* Ensure the next insns are 8-byte aligned. */
-+        tcg_target_available_regs[TCG_TYPE_V64] = 0xffffffff00000000ull;
+-                if ((uintptr_t)s->code_ptr & 7) {
-+        tcg_target_available_regs[TCG_TYPE_V128] = 0xffffffff00000000ull;
++                /* Ensure the next insns are 8 or 16-byte aligned. */
-+    }
++                while ((uintptr_t)s->code_ptr & (have_isa_2_07 ? 15 : 7)) {
+                     tcg_out32(s, NOP);
-     tcg_target_call_clobber_regs = 0;
+                 }
-     tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_R0);
+                 s->tb_jmp_insn_offset[args[0]] = tcg_current_code_size(s);
@@ -XXX,XX +XXX,XX @@ static void tcg_target_init(TCGContext *s)
      /* The return register can be considered call-clobbered.  */
      tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_R14);
 +    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V0);
 +    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V1);
 +    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V2);
 +    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V3);
 +    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V4);
 +    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V5);
 +    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V6);
 +    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V7);
 +    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V16);
 +    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V17);
 +    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V18);
 +    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V19);
 +    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V20);
 +    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V21);
 +    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V22);
 +    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V23);
 +    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V24);
 +    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V25);
 +    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V26);
 +    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V27);
 +    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V28);
 +    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V29);
 +    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V30);
 +    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V31);
 +
      s->reserved_regs = 0;
      tcg_regset_set_reg(s->reserved_regs, TCG_TMP0);
      /* XXX many insns can't be used with R0, so we better avoid it for now */
 --
-.25.1
+.34.1

-[PULL 13/28] tcg: Expand usadd/ussub with umin/umax
+[PULL 20/20] target/sh4: Fix TB_FLAG_UNALIGN
-For usadd, we only have to consider overflow.  Since ~B + B == -1,
+The value previously chosen overlaps GUSA_MASK.
 the maximum value for A that saturates is ~B.
-For ussub, we only have to consider underflow.  The minimum value
+Rename all DELAY_SLOT_* and GUSA_* defines to emphasize
-that saturates to 0 from A - B is B.
+that they are included in TB_FLAGs.  Add aliases for the
 FPSCR and SR bits that are included in TB_FLAGS, so that
 we don't accidentally reassign those bits.
+Fixes: 4da06fb3062 ("target/sh4: Implement prctl_unalign_sigbus")
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/856
+Reviewed-by: Yoshinori Sato <ysato@users.sourceforge.jp>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- tcg/tcg-op-vec.c | 37 +++++++++++++++++++++++++++++++++++--
+ target/sh4/cpu.h        | 56 +++++++++++++------------
-file changed, 35 insertions(+), 2 deletions(-)
+ linux-user/sh4/signal.c |  6 +--
  target/sh4/cpu.c        |  6 +--
  target/sh4/helper.c     |  6 +--
  target/sh4/translate.c  | 90 ++++++++++++++++++++++-------------------
 files changed, 88 insertions(+), 76 deletions(-)
-diff --git a/tcg/tcg-op-vec.c b/tcg/tcg-op-vec.c
+diff --git a/target/sh4/cpu.h b/target/sh4/cpu.h
 index XXXXXXX..XXXXXXX 100644
---- a/tcg/tcg-op-vec.c
+--- a/target/sh4/cpu.h
-+++ b/tcg/tcg-op-vec.c
++++ b/target/sh4/cpu.h
-@@ -XXX,XX +XXX,XX @@ bool tcg_can_emit_vecop_list(const TCGOpcode *list,
+@@ -XXX,XX +XXX,XX @@
-                 continue;
+ #define FPSCR_RM_NEAREST       (0 << 0)
-             }
+ #define FPSCR_RM_ZERO          (1 << 0)
-             break;
-+        case INDEX_op_usadd_vec:
+-#define DELAY_SLOT_MASK        0x7
-+            if (tcg_can_emit_vec_op(INDEX_op_umin_vec, type, vece) ||
+-#define DELAY_SLOT             (1 << 0)
-+                tcg_can_emit_vec_op(INDEX_op_cmp_vec, type, vece)) {
+-#define DELAY_SLOT_CONDITIONAL (1 << 1)
-+                continue;
+-#define DELAY_SLOT_RTE         (1 << 2)
-+            }
++#define TB_FLAG_DELAY_SLOT       (1 << 0)
-+            break;
++#define TB_FLAG_DELAY_SLOT_COND  (1 << 1)
-+        case INDEX_op_ussub_vec:
++#define TB_FLAG_DELAY_SLOT_RTE   (1 << 2)
-+            if (tcg_can_emit_vec_op(INDEX_op_umax_vec, type, vece) ||
++#define TB_FLAG_PENDING_MOVCA    (1 << 3)
-+                tcg_can_emit_vec_op(INDEX_op_cmp_vec, type, vece)) {
++#define TB_FLAG_GUSA_SHIFT       4                      /* [11:4] */
-+                continue;
++#define TB_FLAG_GUSA_EXCLUSIVE   (1 << 12)
-+            }
++#define TB_FLAG_UNALIGN          (1 << 13)
-+            break;
++#define TB_FLAG_SR_FD            (1 << SR_FD)           /* 15 */
-         case INDEX_op_cmpsel_vec:
++#define TB_FLAG_FPSCR_PR         FPSCR_PR               /* 19 */
-         case INDEX_op_smin_vec:
++#define TB_FLAG_FPSCR_SZ         FPSCR_SZ               /* 20 */
-         case INDEX_op_smax_vec:
++#define TB_FLAG_FPSCR_FR         FPSCR_FR               /* 21 */
-@@ -XXX,XX +XXX,XX @@ void tcg_gen_ssadd_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b)
++#define TB_FLAG_SR_RB            (1 << SR_RB)           /* 29 */
++#define TB_FLAG_SR_MD            (1 << SR_MD)           /* 30 */
- void tcg_gen_usadd_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b)
 -#define TB_FLAG_PENDING_MOVCA  (1 << 3)
 -#define TB_FLAG_UNALIGN        (1 << 4)
 -
 -#define GUSA_SHIFT             4
 -#ifdef CONFIG_USER_ONLY
 -#define GUSA_EXCLUSIVE         (1 << 12)
 -#define GUSA_MASK              ((0xff << GUSA_SHIFT) | GUSA_EXCLUSIVE)
 -#else
 -/* Provide dummy versions of the above to allow tests against tbflags
 -   to be elided while avoiding ifdefs.  */
 -#define GUSA_EXCLUSIVE         0
 -#define GUSA_MASK              0
 -#endif
 -
 -#define TB_FLAG_ENVFLAGS_MASK  (DELAY_SLOT_MASK | GUSA_MASK)
 +#define TB_FLAG_DELAY_SLOT_MASK  (TB_FLAG_DELAY_SLOT |       \
 +                                  TB_FLAG_DELAY_SLOT_COND |  \
 +                                  TB_FLAG_DELAY_SLOT_RTE)
 +#define TB_FLAG_GUSA_MASK        ((0xff << TB_FLAG_GUSA_SHIFT) | \
 +                                  TB_FLAG_GUSA_EXCLUSIVE)
 +#define TB_FLAG_FPSCR_MASK       (TB_FLAG_FPSCR_PR | \
 +                                  TB_FLAG_FPSCR_SZ | \
 +                                  TB_FLAG_FPSCR_FR)
 +#define TB_FLAG_SR_MASK          (TB_FLAG_SR_FD | \
 +                                  TB_FLAG_SR_RB | \
 +                                  TB_FLAG_SR_MD)
 +#define TB_FLAG_ENVFLAGS_MASK    (TB_FLAG_DELAY_SLOT_MASK | \
 +                                  TB_FLAG_GUSA_MASK)
  typedef struct tlb_t {
      uint32_t vpn;        /* virtual page number */
@@ -XXX,XX +XXX,XX @@ static inline int cpu_mmu_index (CPUSH4State *env, bool ifetch)
  {
--    do_op3_nofail(vece, r, a, b, INDEX_op_usadd_vec);
+     /* The instruction in a RTE delay slot is fetched in privileged
-+    if (!do_op3(vece, r, a, b, INDEX_op_usadd_vec)) {
+        mode, but executed in user mode.  */
-+        const TCGOpcode *hold_list = tcg_swap_vecop_list(NULL);
+-    if (ifetch && (env->flags & DELAY_SLOT_RTE)) {
-+        TCGv_vec t = tcg_temp_new_vec_matching(r);
++    if (ifetch && (env->flags & TB_FLAG_DELAY_SLOT_RTE)) {
-+
+         return 0;
-+        /* usadd(a, b) = min(a, ~b) + b */
+     } else {
-+        tcg_gen_not_vec(vece, t, b);
+         return (env->sr & (1u << SR_MD)) == 0 ? 1 : 0;
-+        tcg_gen_umin_vec(vece, t, t, a);
+@@ -XXX,XX +XXX,XX @@ static inline void cpu_get_tb_cpu_state(CPUSH4State *env, target_ulong *pc,
-+        tcg_gen_add_vec(vece, r, t, b);
+ {
-+
+     *pc = env->pc;
-+        tcg_temp_free_vec(t);
+     /* For a gUSA region, notice the end of the region.  */
-+        tcg_swap_vecop_list(hold_list);
+-    *cs_base = env->flags & GUSA_MASK ? env->gregs[0] : 0;
-+    }
+-    *flags = env->flags /* TB_FLAG_ENVFLAGS_MASK: bits 0-2, 4-12 */
 -            | (env->fpscr & (FPSCR_FR | FPSCR_SZ | FPSCR_PR))  /* Bits 19-21 */
 -            | (env->sr & ((1u << SR_MD) | (1u << SR_RB)))      /* Bits 29-30 */
 -            | (env->sr & (1u << SR_FD))                        /* Bit 15 */
 +    *cs_base = env->flags & TB_FLAG_GUSA_MASK ? env->gregs[0] : 0;
 +    *flags = env->flags
 +            | (env->fpscr & TB_FLAG_FPSCR_MASK)
 +            | (env->sr & TB_FLAG_SR_MASK)
              | (env->movcal_backup ? TB_FLAG_PENDING_MOVCA : 0); /* Bit 3 */
  #ifdef CONFIG_USER_ONLY
      *flags |= TB_FLAG_UNALIGN * !env_cpu(env)->prctl_unalign_sigbus;
 diff --git a/linux-user/sh4/signal.c b/linux-user/sh4/signal.c
 index XXXXXXX..XXXXXXX 100644
 --- a/linux-user/sh4/signal.c
 +++ b/linux-user/sh4/signal.c
@@ -XXX,XX +XXX,XX @@ static void restore_sigcontext(CPUSH4State *regs, struct target_sigcontext *sc)
      __get_user(regs->fpul, &sc->sc_fpul);
      regs->tra = -1;         /* disable syscall checks */
 -    regs->flags &= ~(DELAY_SLOT_MASK | GUSA_MASK);
 +    regs->flags = 0;
  }
- void tcg_gen_sssub_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b)
+ void setup_frame(int sig, struct target_sigaction *ka,
-@@ -XXX,XX +XXX,XX @@ void tcg_gen_sssub_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b)
+@@ -XXX,XX +XXX,XX @@ void setup_frame(int sig, struct target_sigaction *ka,
+     regs->gregs[5] = 0;
- void tcg_gen_ussub_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b)
+     regs->gregs[6] = frame_addr += offsetof(typeof(*frame), sc);
      regs->pc = (unsigned long) ka->_sa_handler;
 -    regs->flags &= ~(DELAY_SLOT_MASK | GUSA_MASK);
 +    regs->flags &= ~(TB_FLAG_DELAY_SLOT_MASK | TB_FLAG_GUSA_MASK);
      unlock_user_struct(frame, frame_addr, 1);
      return;
@@ -XXX,XX +XXX,XX @@ void setup_rt_frame(int sig, struct target_sigaction *ka,
      regs->gregs[5] = frame_addr + offsetof(typeof(*frame), info);
      regs->gregs[6] = frame_addr + offsetof(typeof(*frame), uc);
      regs->pc = (unsigned long) ka->_sa_handler;
 -    regs->flags &= ~(DELAY_SLOT_MASK | GUSA_MASK);
 +    regs->flags &= ~(TB_FLAG_DELAY_SLOT_MASK | TB_FLAG_GUSA_MASK);
      unlock_user_struct(frame, frame_addr, 1);
      return;
 diff --git a/target/sh4/cpu.c b/target/sh4/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/sh4/cpu.c
 +++ b/target/sh4/cpu.c
@@ -XXX,XX +XXX,XX @@ static void superh_cpu_synchronize_from_tb(CPUState *cs,
      SuperHCPU *cpu = SUPERH_CPU(cs);
      cpu->env.pc = tb_pc(tb);
 -    cpu->env.flags = tb->flags & TB_FLAG_ENVFLAGS_MASK;
 +    cpu->env.flags = tb->flags;
  }
  #ifndef CONFIG_USER_ONLY
@@ -XXX,XX +XXX,XX @@ static bool superh_io_recompile_replay_branch(CPUState *cs,
      SuperHCPU *cpu = SUPERH_CPU(cs);
      CPUSH4State *env = &cpu->env;
 -    if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
 +    if ((env->flags & (TB_FLAG_DELAY_SLOT | TB_FLAG_DELAY_SLOT_COND))
          && env->pc != tb_pc(tb)) {
          env->pc -= 2;
 -        env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
 +        env->flags &= ~(TB_FLAG_DELAY_SLOT | TB_FLAG_DELAY_SLOT_COND);
          return true;
      }
      return false;
 diff --git a/target/sh4/helper.c b/target/sh4/helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/sh4/helper.c
 +++ b/target/sh4/helper.c
@@ -XXX,XX +XXX,XX @@ void superh_cpu_do_interrupt(CPUState *cs)
      env->sr |= (1u << SR_BL) | (1u << SR_MD) | (1u << SR_RB);
      env->lock_addr = -1;
 -    if (env->flags & DELAY_SLOT_MASK) {
 +    if (env->flags & TB_FLAG_DELAY_SLOT_MASK) {
          /* Branch instruction should be executed again before delay slot. */
      env->spc -= 2;
      /* Clear flags for exception/interrupt routine. */
 -        env->flags &= ~DELAY_SLOT_MASK;
 +        env->flags &= ~TB_FLAG_DELAY_SLOT_MASK;
      }
      if (do_exp) {
@@ -XXX,XX +XXX,XX @@ bool superh_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
          CPUSH4State *env = &cpu->env;
          /* Delay slots are indivisible, ignore interrupts */
 -        if (env->flags & DELAY_SLOT_MASK) {
 +        if (env->flags & TB_FLAG_DELAY_SLOT_MASK) {
              return false;
          } else {
              superh_cpu_do_interrupt(cs);
 diff --git a/target/sh4/translate.c b/target/sh4/translate.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/sh4/translate.c
 +++ b/target/sh4/translate.c
@@ -XXX,XX +XXX,XX @@ void superh_cpu_dump_state(CPUState *cs, FILE *f, int flags)
              i, env->gregs[i], i + 1, env->gregs[i + 1],
              i + 2, env->gregs[i + 2], i + 3, env->gregs[i + 3]);
      }
 -    if (env->flags & DELAY_SLOT) {
 +    if (env->flags & TB_FLAG_DELAY_SLOT) {
          qemu_printf("in delay slot (delayed_pc=0x%08x)\n",
              env->delayed_pc);
 -    } else if (env->flags & DELAY_SLOT_CONDITIONAL) {
 +    } else if (env->flags & TB_FLAG_DELAY_SLOT_COND) {
          qemu_printf("in conditional delay slot (delayed_pc=0x%08x)\n",
              env->delayed_pc);
 -    } else if (env->flags & DELAY_SLOT_RTE) {
 +    } else if (env->flags & TB_FLAG_DELAY_SLOT_RTE) {
          qemu_fprintf(f, "in rte delay slot (delayed_pc=0x%08x)\n",
                       env->delayed_pc);
      }
@@ -XXX,XX +XXX,XX @@ static inline void gen_save_cpu_state(DisasContext *ctx, bool save_pc)
  static inline bool use_exit_tb(DisasContext *ctx)
  {
--    do_op3_nofail(vece, r, a, b, INDEX_op_ussub_vec);
+-    return (ctx->tbflags & GUSA_EXCLUSIVE) != 0;
-+    if (!do_op3(vece, r, a, b, INDEX_op_ussub_vec)) {
++    return (ctx->tbflags & TB_FLAG_GUSA_EXCLUSIVE) != 0;
 +        const TCGOpcode *hold_list = tcg_swap_vecop_list(NULL);
 +        TCGv_vec t = tcg_temp_new_vec_matching(r);
 +
 +        /* ussub(a, b) = max(a, b) - b */
 +        tcg_gen_umax_vec(vece, t, a, b);
 +        tcg_gen_sub_vec(vece, r, t, b);
 +
 +        tcg_temp_free_vec(t);
 +        tcg_swap_vecop_list(hold_list);
 +    }
  }
- static void do_minmax(unsigned vece, TCGv_vec r, TCGv_vec a,
+ static bool use_goto_tb(DisasContext *ctx, target_ulong dest)
@@ -XXX,XX +XXX,XX @@ static void gen_conditional_jump(DisasContext *ctx, target_ulong dest,
      TCGLabel *l1 = gen_new_label();
      TCGCond cond_not_taken = jump_if_true ? TCG_COND_EQ : TCG_COND_NE;
 -    if (ctx->tbflags & GUSA_EXCLUSIVE) {
 +    if (ctx->tbflags & TB_FLAG_GUSA_EXCLUSIVE) {
          /* When in an exclusive region, we must continue to the end.
             Therefore, exit the region on a taken branch, but otherwise
             fall through to the next instruction.  */
          tcg_gen_brcondi_i32(cond_not_taken, cpu_sr_t, 0, l1);
 -        tcg_gen_movi_i32(cpu_flags, ctx->envflags & ~GUSA_MASK);
 +        tcg_gen_movi_i32(cpu_flags, ctx->envflags & ~TB_FLAG_GUSA_MASK);
          /* Note that this won't actually use a goto_tb opcode because we
             disallow it in use_goto_tb, but it handles exit + singlestep.  */
          gen_goto_tb(ctx, 0, dest);
@@ -XXX,XX +XXX,XX @@ static void gen_delayed_conditional_jump(DisasContext * ctx)
      tcg_gen_mov_i32(ds, cpu_delayed_cond);
      tcg_gen_discard_i32(cpu_delayed_cond);
 -    if (ctx->tbflags & GUSA_EXCLUSIVE) {
 +    if (ctx->tbflags & TB_FLAG_GUSA_EXCLUSIVE) {
          /* When in an exclusive region, we must continue to the end.
             Therefore, exit the region on a taken branch, but otherwise
             fall through to the next instruction.  */
          tcg_gen_brcondi_i32(TCG_COND_EQ, ds, 0, l1);
          /* Leave the gUSA region.  */
 -        tcg_gen_movi_i32(cpu_flags, ctx->envflags & ~GUSA_MASK);
 +        tcg_gen_movi_i32(cpu_flags, ctx->envflags & ~TB_FLAG_GUSA_MASK);
          gen_jump(ctx);
          gen_set_label(l1);
@@ -XXX,XX +XXX,XX @@ static inline void gen_store_fpr64(DisasContext *ctx, TCGv_i64 t, int reg)
  #define XHACK(x) ((((x) & 1 ) << 4) | ((x) & 0xe))
  #define CHECK_NOT_DELAY_SLOT \
 -    if (ctx->envflags & DELAY_SLOT_MASK) {  \
 -        goto do_illegal_slot;               \
 +    if (ctx->envflags & TB_FLAG_DELAY_SLOT_MASK) {  \
 +        goto do_illegal_slot;                       \
      }
  #define CHECK_PRIVILEGED \
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
      case 0x000b:        /* rts */
      CHECK_NOT_DELAY_SLOT
      tcg_gen_mov_i32(cpu_delayed_pc, cpu_pr);
 -        ctx->envflags |= DELAY_SLOT;
 +        ctx->envflags |= TB_FLAG_DELAY_SLOT;
      ctx->delayed_pc = (uint32_t) - 1;
      return;
      case 0x0028:        /* clrmac */
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
      CHECK_NOT_DELAY_SLOT
          gen_write_sr(cpu_ssr);
      tcg_gen_mov_i32(cpu_delayed_pc, cpu_spc);
 -        ctx->envflags |= DELAY_SLOT_RTE;
 +        ctx->envflags |= TB_FLAG_DELAY_SLOT_RTE;
      ctx->delayed_pc = (uint32_t) - 1;
          ctx->base.is_jmp = DISAS_STOP;
      return;
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
      return;
      case 0xe000:        /* mov #imm,Rn */
  #ifdef CONFIG_USER_ONLY
 -        /* Detect the start of a gUSA region.  If so, update envflags
 -           and end the TB.  This will allow us to see the end of the
 -           region (stored in R0) in the next TB.  */
 +        /*
 +         * Detect the start of a gUSA region (mov #-n, r15).
 +         * If so, update envflags and end the TB.  This will allow us
 +         * to see the end of the region (stored in R0) in the next TB.
 +         */
          if (B11_8 == 15 && B7_0s < 0 &&
              (tb_cflags(ctx->base.tb) & CF_PARALLEL)) {
 -            ctx->envflags = deposit32(ctx->envflags, GUSA_SHIFT, 8, B7_0s);
 +            ctx->envflags =
 +                deposit32(ctx->envflags, TB_FLAG_GUSA_SHIFT, 8, B7_0s);
              ctx->base.is_jmp = DISAS_STOP;
          }
  #endif
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
      case 0xa000:        /* bra disp */
      CHECK_NOT_DELAY_SLOT
          ctx->delayed_pc = ctx->base.pc_next + 4 + B11_0s * 2;
 -        ctx->envflags |= DELAY_SLOT;
 +        ctx->envflags |= TB_FLAG_DELAY_SLOT;
      return;
      case 0xb000:        /* bsr disp */
      CHECK_NOT_DELAY_SLOT
          tcg_gen_movi_i32(cpu_pr, ctx->base.pc_next + 4);
          ctx->delayed_pc = ctx->base.pc_next + 4 + B11_0s * 2;
 -        ctx->envflags |= DELAY_SLOT;
 +        ctx->envflags |= TB_FLAG_DELAY_SLOT;
      return;
      }
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
      CHECK_NOT_DELAY_SLOT
          tcg_gen_xori_i32(cpu_delayed_cond, cpu_sr_t, 1);
          ctx->delayed_pc = ctx->base.pc_next + 4 + B7_0s * 2;
 -        ctx->envflags |= DELAY_SLOT_CONDITIONAL;
 +        ctx->envflags |= TB_FLAG_DELAY_SLOT_COND;
      return;
      case 0x8900:        /* bt label */
      CHECK_NOT_DELAY_SLOT
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
      CHECK_NOT_DELAY_SLOT
          tcg_gen_mov_i32(cpu_delayed_cond, cpu_sr_t);
          ctx->delayed_pc = ctx->base.pc_next + 4 + B7_0s * 2;
 -        ctx->envflags |= DELAY_SLOT_CONDITIONAL;
 +        ctx->envflags |= TB_FLAG_DELAY_SLOT_COND;
      return;
      case 0x8800:        /* cmp/eq #imm,R0 */
          tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, REG(0), B7_0s);
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
      case 0x0023:        /* braf Rn */
      CHECK_NOT_DELAY_SLOT
          tcg_gen_addi_i32(cpu_delayed_pc, REG(B11_8), ctx->base.pc_next + 4);
 -        ctx->envflags |= DELAY_SLOT;
 +        ctx->envflags |= TB_FLAG_DELAY_SLOT;
      ctx->delayed_pc = (uint32_t) - 1;
      return;
      case 0x0003:        /* bsrf Rn */
      CHECK_NOT_DELAY_SLOT
          tcg_gen_movi_i32(cpu_pr, ctx->base.pc_next + 4);
      tcg_gen_add_i32(cpu_delayed_pc, REG(B11_8), cpu_pr);
 -        ctx->envflags |= DELAY_SLOT;
 +        ctx->envflags |= TB_FLAG_DELAY_SLOT;
      ctx->delayed_pc = (uint32_t) - 1;
      return;
      case 0x4015:        /* cmp/pl Rn */
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
      case 0x402b:        /* jmp @Rn */
      CHECK_NOT_DELAY_SLOT
      tcg_gen_mov_i32(cpu_delayed_pc, REG(B11_8));
 -        ctx->envflags |= DELAY_SLOT;
 +        ctx->envflags |= TB_FLAG_DELAY_SLOT;
      ctx->delayed_pc = (uint32_t) - 1;
      return;
      case 0x400b:        /* jsr @Rn */
      CHECK_NOT_DELAY_SLOT
          tcg_gen_movi_i32(cpu_pr, ctx->base.pc_next + 4);
      tcg_gen_mov_i32(cpu_delayed_pc, REG(B11_8));
 -        ctx->envflags |= DELAY_SLOT;
 +        ctx->envflags |= TB_FLAG_DELAY_SLOT;
      ctx->delayed_pc = (uint32_t) - 1;
      return;
      case 0x400e:        /* ldc Rm,SR */
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
      fflush(stderr);
  #endif
   do_illegal:
 -    if (ctx->envflags & DELAY_SLOT_MASK) {
 +    if (ctx->envflags & TB_FLAG_DELAY_SLOT_MASK) {
   do_illegal_slot:
          gen_save_cpu_state(ctx, true);
          gen_helper_raise_slot_illegal_instruction(cpu_env);
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
   do_fpu_disabled:
      gen_save_cpu_state(ctx, true);
 -    if (ctx->envflags & DELAY_SLOT_MASK) {
 +    if (ctx->envflags & TB_FLAG_DELAY_SLOT_MASK) {
          gen_helper_raise_slot_fpu_disable(cpu_env);
      } else {
          gen_helper_raise_fpu_disable(cpu_env);
@@ -XXX,XX +XXX,XX @@ static void decode_opc(DisasContext * ctx)
      _decode_opc(ctx);
 -    if (old_flags & DELAY_SLOT_MASK) {
 +    if (old_flags & TB_FLAG_DELAY_SLOT_MASK) {
          /* go out of the delay slot */
 -        ctx->envflags &= ~DELAY_SLOT_MASK;
 +        ctx->envflags &= ~TB_FLAG_DELAY_SLOT_MASK;
          /* When in an exclusive region, we must continue to the end
             for conditional branches.  */
 -        if (ctx->tbflags & GUSA_EXCLUSIVE
 -            && old_flags & DELAY_SLOT_CONDITIONAL) {
 +        if (ctx->tbflags & TB_FLAG_GUSA_EXCLUSIVE
 +            && old_flags & TB_FLAG_DELAY_SLOT_COND) {
              gen_delayed_conditional_jump(ctx);
              return;
          }
          /* Otherwise this is probably an invalid gUSA region.
             Drop the GUSA bits so the next TB doesn't see them.  */
 -        ctx->envflags &= ~GUSA_MASK;
 +        ctx->envflags &= ~TB_FLAG_GUSA_MASK;
          tcg_gen_movi_i32(cpu_flags, ctx->envflags);
 -        if (old_flags & DELAY_SLOT_CONDITIONAL) {
 +        if (old_flags & TB_FLAG_DELAY_SLOT_COND) {
          gen_delayed_conditional_jump(ctx);
          } else {
              gen_jump(ctx);
@@ -XXX,XX +XXX,XX @@ static void decode_gusa(DisasContext *ctx, CPUSH4State *env)
      }
      /* The entire region has been translated.  */
 -    ctx->envflags &= ~GUSA_MASK;
 +    ctx->envflags &= ~TB_FLAG_GUSA_MASK;
      ctx->base.pc_next = pc_end;
      ctx->base.num_insns += max_insns - 1;
      return;
@@ -XXX,XX +XXX,XX @@ static void decode_gusa(DisasContext *ctx, CPUSH4State *env)
      /* Restart with the EXCLUSIVE bit set, within a TB run via
         cpu_exec_step_atomic holding the exclusive lock.  */
 -    ctx->envflags |= GUSA_EXCLUSIVE;
 +    ctx->envflags |= TB_FLAG_GUSA_EXCLUSIVE;
      gen_save_cpu_state(ctx, false);
      gen_helper_exclusive(cpu_env);
      ctx->base.is_jmp = DISAS_NORETURN;
@@ -XXX,XX +XXX,XX @@ static void sh4_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
                    (tbflags & (1 << SR_RB))) * 0x10;
      ctx->fbank = tbflags & FPSCR_FR ? 0x10 : 0;
 -    if (tbflags & GUSA_MASK) {
 +#ifdef CONFIG_USER_ONLY
 +    if (tbflags & TB_FLAG_GUSA_MASK) {
 +        /* In gUSA exclusive region. */
          uint32_t pc = ctx->base.pc_next;
          uint32_t pc_end = ctx->base.tb->cs_base;
 -        int backup = sextract32(ctx->tbflags, GUSA_SHIFT, 8);
 +        int backup = sextract32(ctx->tbflags, TB_FLAG_GUSA_SHIFT, 8);
          int max_insns = (pc_end - pc) / 2;
          if (pc != pc_end + backup || max_insns < 2) {
              /* This is a malformed gUSA region.  Don't do anything special,
                 since the interpreter is likely to get confused.  */
 -            ctx->envflags &= ~GUSA_MASK;
 -        } else if (tbflags & GUSA_EXCLUSIVE) {
 +            ctx->envflags &= ~TB_FLAG_GUSA_MASK;
 +        } else if (tbflags & TB_FLAG_GUSA_EXCLUSIVE) {
              /* Regardless of single-stepping or the end of the page,
                 we must complete execution of the gUSA region while
                 holding the exclusive lock.  */
@@ -XXX,XX +XXX,XX @@ static void sh4_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
              return;
          }
      }
 +#endif
      /* Since the ISA is fixed-width, we can bound by the number
         of instructions remaining on the page.  */
@@ -XXX,XX +XXX,XX @@ static void sh4_tr_translate_insn(DisasContextBase *dcbase, CPUState *cs)
      DisasContext *ctx = container_of(dcbase, DisasContext, base);
  #ifdef CONFIG_USER_ONLY
 -    if (unlikely(ctx->envflags & GUSA_MASK)
 -        && !(ctx->envflags & GUSA_EXCLUSIVE)) {
 +    if (unlikely(ctx->envflags & TB_FLAG_GUSA_MASK)
 +        && !(ctx->envflags & TB_FLAG_GUSA_EXCLUSIVE)) {
          /* We're in an gUSA region, and we have not already fallen
             back on using an exclusive region.  Attempt to parse the
             region into a single supported atomic operation.  Failure
@@ -XXX,XX +XXX,XX @@ static void sh4_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
  {
      DisasContext *ctx = container_of(dcbase, DisasContext, base);
 -    if (ctx->tbflags & GUSA_EXCLUSIVE) {
 +    if (ctx->tbflags & TB_FLAG_GUSA_EXCLUSIVE) {
          /* Ending the region of exclusivity.  Clear the bits.  */
 -        ctx->envflags &= ~GUSA_MASK;
 +        ctx->envflags &= ~TB_FLAG_GUSA_MASK;
      }
      switch (ctx->base.is_jmp) {
 --
-.25.1
+.34.1

-[PULL 14/28] tcg/s390x: Rename from tcg/s390
+Deleted patch
-This emphasizes that we don't support s390, only 64-bit s390x hosts.
-Reviewed-by: Thomas Huth <thuth@redhat.com>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Reviewed-by: David Hildenbrand <david@redhat.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- meson.build                              | 2 --
- tcg/{s390 => s390x}/tcg-target-con-set.h | 0
- tcg/{s390 => s390x}/tcg-target-con-str.h | 0
- tcg/{s390 => s390x}/tcg-target.h         | 0
- tcg/{s390 => s390x}/tcg-target.c.inc     | 0
-files changed, 2 deletions(-)
- rename tcg/{s390 => s390x}/tcg-target-con-set.h (100%)
- rename tcg/{s390 => s390x}/tcg-target-con-str.h (100%)
- rename tcg/{s390 => s390x}/tcg-target.h (100%)
- rename tcg/{s390 => s390x}/tcg-target.c.inc (100%)
-diff --git a/meson.build b/meson.build
-index XXXXXXX..XXXXXXX 100644
---- a/meson.build
-+++ b/meson.build
-@@ -XXX,XX +XXX,XX @@ if not get_option('tcg').disabled()
-     tcg_arch = 'tci'
-   elif config_host['ARCH'] == 'sparc64'
-     tcg_arch = 'sparc'
--  elif config_host['ARCH'] == 's390x'
--    tcg_arch = 's390'
-   elif config_host['ARCH'] in ['x86_64', 'x32']
-     tcg_arch = 'i386'
-   elif config_host['ARCH'] == 'ppc64'
-diff --git a/tcg/s390/tcg-target-con-set.h b/tcg/s390x/tcg-target-con-set.h
-similarity index 100%
-rename from tcg/s390/tcg-target-con-set.h
-rename to tcg/s390x/tcg-target-con-set.h
-diff --git a/tcg/s390/tcg-target-con-str.h b/tcg/s390x/tcg-target-con-str.h
-similarity index 100%
-rename from tcg/s390/tcg-target-con-str.h
-rename to tcg/s390x/tcg-target-con-str.h
-diff --git a/tcg/s390/tcg-target.h b/tcg/s390x/tcg-target.h
-similarity index 100%
-rename from tcg/s390/tcg-target.h
-rename to tcg/s390x/tcg-target.h
-diff --git a/tcg/s390/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
-similarity index 100%
-rename from tcg/s390/tcg-target.c.inc
-rename to tcg/s390x/tcg-target.c.inc
---
-.25.1

-[PULL 16/28] tcg/s390x: Merge TCG_AREG0 and TCG_REG_CALL_STACK into TCGReg
+Deleted patch
-They are rightly values in the same enumeration.
-Reviewed-by: David Hildenbrand <david@redhat.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- tcg/s390x/tcg-target.h | 28 +++++++---------------------
-file changed, 7 insertions(+), 21 deletions(-)
-diff --git a/tcg/s390x/tcg-target.h b/tcg/s390x/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390x/tcg-target.h
-+++ b/tcg/s390x/tcg-target.h
-@@ -XXX,XX +XXX,XX @@
- #define MAX_CODE_GEN_BUFFER_SIZE  (3 * GiB)
- typedef enum TCGReg {
--    TCG_REG_R0 = 0,
--    TCG_REG_R1,
--    TCG_REG_R2,
--    TCG_REG_R3,
--    TCG_REG_R4,
--    TCG_REG_R5,
--    TCG_REG_R6,
--    TCG_REG_R7,
--    TCG_REG_R8,
--    TCG_REG_R9,
--    TCG_REG_R10,
--    TCG_REG_R11,
--    TCG_REG_R12,
--    TCG_REG_R13,
--    TCG_REG_R14,
--    TCG_REG_R15
-+    TCG_REG_R0,  TCG_REG_R1,  TCG_REG_R2,  TCG_REG_R3,
-+    TCG_REG_R4,  TCG_REG_R5,  TCG_REG_R6,  TCG_REG_R7,
-+    TCG_REG_R8,  TCG_REG_R9,  TCG_REG_R10, TCG_REG_R11,
-+    TCG_REG_R12, TCG_REG_R13, TCG_REG_R14, TCG_REG_R15,
-+
-+    TCG_AREG0 = TCG_REG_R10,
-+    TCG_REG_CALL_STACK = TCG_REG_R15
- } TCGReg;
- #define TCG_TARGET_NB_REGS 16
-@@ -XXX,XX +XXX,XX @@ extern uint64_t s390_facilities[1];
- #define TCG_TARGET_HAS_mulsh_i64      0
- /* used for function call generation */
--#define TCG_REG_CALL_STACK        TCG_REG_R15
- #define TCG_TARGET_STACK_ALIGN        8
- #define TCG_TARGET_CALL_STACK_OFFSET    160
-@@ -XXX,XX +XXX,XX @@ extern uint64_t s390_facilities[1];
- #define TCG_TARGET_DEFAULT_MO (TCG_MO_ALL & ~TCG_MO_ST_LD)
--enum {
--    TCG_AREG0 = TCG_REG_R10,
--};
--
- static inline void tb_target_set_jmp_target(uintptr_t tc_ptr, uintptr_t jmp_rx,
-                                             uintptr_t jmp_rw, uintptr_t addr)
- {
---
-.25.1

-[PULL 22/28] tcg/s390x: Implement andc, orc, abs, neg, not vector operations
+Deleted patch
-These logical and arithmetic operations are optional but trivial.
-Reviewed-by: David Hildenbrand <david@redhat.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- tcg/s390x/tcg-target-con-set.h |  1 +
- tcg/s390x/tcg-target.h         | 11 ++++++-----
- tcg/s390x/tcg-target.c.inc     | 32 ++++++++++++++++++++++++++++++++
-files changed, 39 insertions(+), 5 deletions(-)
-diff --git a/tcg/s390x/tcg-target-con-set.h b/tcg/s390x/tcg-target-con-set.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390x/tcg-target-con-set.h
-+++ b/tcg/s390x/tcg-target-con-set.h
-@@ -XXX,XX +XXX,XX @@ C_O0_I2(v, r)
- C_O1_I1(r, L)
- C_O1_I1(r, r)
- C_O1_I1(v, r)
-+C_O1_I1(v, v)
- C_O1_I1(v, vr)
- C_O1_I2(r, 0, ri)
- C_O1_I2(r, 0, rI)
-diff --git a/tcg/s390x/tcg-target.h b/tcg/s390x/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390x/tcg-target.h
-+++ b/tcg/s390x/tcg-target.h
-@@ -XXX,XX +XXX,XX @@ typedef enum TCGReg {
- #define FACILITY_DISTINCT_OPS         FACILITY_LOAD_ON_COND
- #define FACILITY_LOAD_ON_COND2        53
- #define FACILITY_VECTOR               129
-+#define FACILITY_VECTOR_ENH1          135
- extern uint64_t s390_facilities[3];
-@@ -XXX,XX +XXX,XX @@ extern uint64_t s390_facilities[3];
- #define TCG_TARGET_HAS_v128           HAVE_FACILITY(VECTOR)
- #define TCG_TARGET_HAS_v256           0
--#define TCG_TARGET_HAS_andc_vec       0
--#define TCG_TARGET_HAS_orc_vec        0
--#define TCG_TARGET_HAS_not_vec        0
--#define TCG_TARGET_HAS_neg_vec        0
--#define TCG_TARGET_HAS_abs_vec        0
-+#define TCG_TARGET_HAS_andc_vec       1
-+#define TCG_TARGET_HAS_orc_vec        HAVE_FACILITY(VECTOR_ENH1)
-+#define TCG_TARGET_HAS_not_vec        1
-+#define TCG_TARGET_HAS_neg_vec        1
-+#define TCG_TARGET_HAS_abs_vec        1
- #define TCG_TARGET_HAS_roti_vec       0
- #define TCG_TARGET_HAS_rots_vec       0
- #define TCG_TARGET_HAS_rotv_vec       0
-diff --git a/tcg/s390x/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390x/tcg-target.c.inc
-+++ b/tcg/s390x/tcg-target.c.inc
-@@ -XXX,XX +XXX,XX @@ typedef enum S390Opcode {
-     VRIb_VGM    = 0xe746,
-     VRIc_VREP   = 0xe74d,
-+    VRRa_VLC    = 0xe7de,
-+    VRRa_VLP    = 0xe7df,
-     VRRa_VLR    = 0xe756,
-     VRRc_VA     = 0xe7f3,
-     VRRc_VCEQ   = 0xe7f8,   /* we leave the m5 cs field 0 */
-     VRRc_VCH    = 0xe7fb,   /* " */
-     VRRc_VCHL   = 0xe7f9,   /* " */
-     VRRc_VN     = 0xe768,
-+    VRRc_VNC    = 0xe769,
-+    VRRc_VNO    = 0xe76b,
-     VRRc_VO     = 0xe76a,
-+    VRRc_VOC    = 0xe76f,
-     VRRc_VS     = 0xe7f7,
-     VRRc_VX     = 0xe76d,
-     VRRf_VLVGP  = 0xe762,
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
-         tcg_out_dupm_vec(s, type, vece, a0, a1, a2);
-         break;
-+    case INDEX_op_abs_vec:
-+        tcg_out_insn(s, VRRa, VLP, a0, a1, vece);
-+        break;
-+    case INDEX_op_neg_vec:
-+        tcg_out_insn(s, VRRa, VLC, a0, a1, vece);
-+        break;
-+    case INDEX_op_not_vec:
-+        tcg_out_insn(s, VRRc, VNO, a0, a1, a1, 0);
-+        break;
-+
-     case INDEX_op_add_vec:
-         tcg_out_insn(s, VRRc, VA, a0, a1, a2, vece);
-         break;
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
-     case INDEX_op_and_vec:
-         tcg_out_insn(s, VRRc, VN, a0, a1, a2, 0);
-         break;
-+    case INDEX_op_andc_vec:
-+        tcg_out_insn(s, VRRc, VNC, a0, a1, a2, 0);
-+        break;
-     case INDEX_op_or_vec:
-         tcg_out_insn(s, VRRc, VO, a0, a1, a2, 0);
-         break;
-+    case INDEX_op_orc_vec:
-+        tcg_out_insn(s, VRRc, VOC, a0, a1, a2, 0);
-+        break;
-     case INDEX_op_xor_vec:
-         tcg_out_insn(s, VRRc, VX, a0, a1, a2, 0);
-         break;
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
- int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, unsigned vece)
- {
-     switch (opc) {
-+    case INDEX_op_abs_vec:
-     case INDEX_op_add_vec:
-     case INDEX_op_and_vec:
-+    case INDEX_op_andc_vec:
-+    case INDEX_op_neg_vec:
-+    case INDEX_op_not_vec:
-     case INDEX_op_or_vec:
-+    case INDEX_op_orc_vec:
-     case INDEX_op_sub_vec:
-     case INDEX_op_xor_vec:
-         return 1;
-@@ -XXX,XX +XXX,XX @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
-         return C_O1_I1(v, r);
-     case INDEX_op_dup_vec:
-         return C_O1_I1(v, vr);
-+    case INDEX_op_abs_vec:
-+    case INDEX_op_neg_vec:
-+    case INDEX_op_not_vec:
-+        return C_O1_I1(v, v);
-     case INDEX_op_add_vec:
-     case INDEX_op_sub_vec:
-     case INDEX_op_and_vec:
-+    case INDEX_op_andc_vec:
-     case INDEX_op_or_vec:
-+    case INDEX_op_orc_vec:
-     case INDEX_op_xor_vec:
-     case INDEX_op_cmp_vec:
-         return C_O1_I2(v, v, v);
---
-.25.1

-[PULL 23/28] tcg/s390x: Implement TCG_TARGET_HAS_mul_vec
+Deleted patch
-Reviewed-by: David Hildenbrand <david@redhat.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- tcg/s390x/tcg-target.h     | 2 +-
- tcg/s390x/tcg-target.c.inc | 7 +++++++
-files changed, 8 insertions(+), 1 deletion(-)
-diff --git a/tcg/s390x/tcg-target.h b/tcg/s390x/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390x/tcg-target.h
-+++ b/tcg/s390x/tcg-target.h
-@@ -XXX,XX +XXX,XX @@ extern uint64_t s390_facilities[3];
- #define TCG_TARGET_HAS_shi_vec        0
- #define TCG_TARGET_HAS_shs_vec        0
- #define TCG_TARGET_HAS_shv_vec        0
--#define TCG_TARGET_HAS_mul_vec        0
-+#define TCG_TARGET_HAS_mul_vec        1
- #define TCG_TARGET_HAS_sat_vec        0
- #define TCG_TARGET_HAS_minmax_vec     0
- #define TCG_TARGET_HAS_bitsel_vec     0
-diff --git a/tcg/s390x/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390x/tcg-target.c.inc
-+++ b/tcg/s390x/tcg-target.c.inc
-@@ -XXX,XX +XXX,XX @@ typedef enum S390Opcode {
-     VRRc_VCEQ   = 0xe7f8,   /* we leave the m5 cs field 0 */
-     VRRc_VCH    = 0xe7fb,   /* " */
-     VRRc_VCHL   = 0xe7f9,   /* " */
-+    VRRc_VML    = 0xe7a2,
-     VRRc_VN     = 0xe768,
-     VRRc_VNC    = 0xe769,
-     VRRc_VNO    = 0xe76b,
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
-     case INDEX_op_andc_vec:
-         tcg_out_insn(s, VRRc, VNC, a0, a1, a2, 0);
-         break;
-+    case INDEX_op_mul_vec:
-+        tcg_out_insn(s, VRRc, VML, a0, a1, a2, vece);
-+        break;
-     case INDEX_op_or_vec:
-         tcg_out_insn(s, VRRc, VO, a0, a1, a2, 0);
-         break;
-@@ -XXX,XX +XXX,XX @@ int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, unsigned vece)
-         return 1;
-     case INDEX_op_cmp_vec:
-         return -1;
-+    case INDEX_op_mul_vec:
-+        return vece < MO_64;
-     default:
-         return 0;
-     }
-@@ -XXX,XX +XXX,XX @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
-     case INDEX_op_orc_vec:
-     case INDEX_op_xor_vec:
-     case INDEX_op_cmp_vec:
-+    case INDEX_op_mul_vec:
-         return C_O1_I2(v, v, v);
-     default:
---
-.25.1

-[PULL 24/28] tcg/s390x: Implement vector shift operations
+Deleted patch
-Reviewed-by: David Hildenbrand <david@redhat.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- tcg/s390x/tcg-target-con-set.h |  1 +
- tcg/s390x/tcg-target.h         | 12 ++---
- tcg/s390x/tcg-target.c.inc     | 93 +++++++++++++++++++++++++++++++++-
-files changed, 99 insertions(+), 7 deletions(-)
-diff --git a/tcg/s390x/tcg-target-con-set.h b/tcg/s390x/tcg-target-con-set.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390x/tcg-target-con-set.h
-+++ b/tcg/s390x/tcg-target-con-set.h
-@@ -XXX,XX +XXX,XX @@ C_O1_I2(r, 0, rI)
- C_O1_I2(r, 0, rJ)
- C_O1_I2(r, r, ri)
- C_O1_I2(r, rZ, r)
-+C_O1_I2(v, v, r)
- C_O1_I2(v, v, v)
- C_O1_I4(r, r, ri, r, 0)
- C_O1_I4(r, r, ri, rI, 0)
-diff --git a/tcg/s390x/tcg-target.h b/tcg/s390x/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390x/tcg-target.h
-+++ b/tcg/s390x/tcg-target.h
-@@ -XXX,XX +XXX,XX @@ extern uint64_t s390_facilities[3];
- #define TCG_TARGET_HAS_not_vec        1
- #define TCG_TARGET_HAS_neg_vec        1
- #define TCG_TARGET_HAS_abs_vec        1
--#define TCG_TARGET_HAS_roti_vec       0
--#define TCG_TARGET_HAS_rots_vec       0
--#define TCG_TARGET_HAS_rotv_vec       0
--#define TCG_TARGET_HAS_shi_vec        0
--#define TCG_TARGET_HAS_shs_vec        0
--#define TCG_TARGET_HAS_shv_vec        0
-+#define TCG_TARGET_HAS_roti_vec       1
-+#define TCG_TARGET_HAS_rots_vec       1
-+#define TCG_TARGET_HAS_rotv_vec       1
-+#define TCG_TARGET_HAS_shi_vec        1
-+#define TCG_TARGET_HAS_shs_vec        1
-+#define TCG_TARGET_HAS_shv_vec        1
- #define TCG_TARGET_HAS_mul_vec        1
- #define TCG_TARGET_HAS_sat_vec        0
- #define TCG_TARGET_HAS_minmax_vec     0
-diff --git a/tcg/s390x/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390x/tcg-target.c.inc
-+++ b/tcg/s390x/tcg-target.c.inc
-@@ -XXX,XX +XXX,XX @@ typedef enum S390Opcode {
-     VRRc_VCEQ   = 0xe7f8,   /* we leave the m5 cs field 0 */
-     VRRc_VCH    = 0xe7fb,   /* " */
-     VRRc_VCHL   = 0xe7f9,   /* " */
-+    VRRc_VERLLV = 0xe773,
-+    VRRc_VESLV  = 0xe770,
-+    VRRc_VESRAV = 0xe77a,
-+    VRRc_VESRLV = 0xe778,
-     VRRc_VML    = 0xe7a2,
-     VRRc_VN     = 0xe768,
-     VRRc_VNC    = 0xe769,
-@@ -XXX,XX +XXX,XX @@ typedef enum S390Opcode {
-     VRRc_VX     = 0xe76d,
-     VRRf_VLVGP  = 0xe762,
-+    VRSa_VERLL  = 0xe733,
-+    VRSa_VESL   = 0xe730,
-+    VRSa_VESRA  = 0xe73a,
-+    VRSa_VESRL  = 0xe738,
-     VRSb_VLVG   = 0xe722,
-     VRSc_VLGV   = 0xe721,
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_insn_VRRf(TCGContext *s, S390Opcode op,
-     tcg_out16(s, (op & 0x00ff) | RXB(v1, 0, 0, 0));
- }
-+static void tcg_out_insn_VRSa(TCGContext *s, S390Opcode op, TCGReg v1,
-+                              intptr_t d2, TCGReg b2, TCGReg v3, int m4)
-+{
-+    tcg_debug_assert(is_vector_reg(v1));
-+    tcg_debug_assert(d2 >= 0 && d2 <= 0xfff);
-+    tcg_debug_assert(is_general_reg(b2));
-+    tcg_debug_assert(is_vector_reg(v3));
-+    tcg_out16(s, (op & 0xff00) | ((v1 & 0xf) << 4) | (v3 & 0xf));
-+    tcg_out16(s, b2 << 12 | d2);
-+    tcg_out16(s, (op & 0x00ff) | RXB(v1, 0, v3, 0) | (m4 << 12));
-+}
-+
- static void tcg_out_insn_VRSb(TCGContext *s, S390Opcode op, TCGReg v1,
-                               intptr_t d2, TCGReg b2, TCGReg r3, int m4)
- {
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
-         tcg_out_insn(s, VRRc, VX, a0, a1, a2, 0);
-         break;
-+    case INDEX_op_shli_vec:
-+        tcg_out_insn(s, VRSa, VESL, a0, a2, TCG_REG_NONE, a1, vece);
-+        break;
-+    case INDEX_op_shri_vec:
-+        tcg_out_insn(s, VRSa, VESRL, a0, a2, TCG_REG_NONE, a1, vece);
-+        break;
-+    case INDEX_op_sari_vec:
-+        tcg_out_insn(s, VRSa, VESRA, a0, a2, TCG_REG_NONE, a1, vece);
-+        break;
-+    case INDEX_op_rotli_vec:
-+        tcg_out_insn(s, VRSa, VERLL, a0, a2, TCG_REG_NONE, a1, vece);
-+        break;
-+    case INDEX_op_shls_vec:
-+        tcg_out_insn(s, VRSa, VESL, a0, 0, a2, a1, vece);
-+        break;
-+    case INDEX_op_shrs_vec:
-+        tcg_out_insn(s, VRSa, VESRL, a0, 0, a2, a1, vece);
-+        break;
-+    case INDEX_op_sars_vec:
-+        tcg_out_insn(s, VRSa, VESRA, a0, 0, a2, a1, vece);
-+        break;
-+    case INDEX_op_rotls_vec:
-+        tcg_out_insn(s, VRSa, VERLL, a0, 0, a2, a1, vece);
-+        break;
-+    case INDEX_op_shlv_vec:
-+        tcg_out_insn(s, VRRc, VESLV, a0, a1, a2, vece);
-+        break;
-+    case INDEX_op_shrv_vec:
-+        tcg_out_insn(s, VRRc, VESRLV, a0, a1, a2, vece);
-+        break;
-+    case INDEX_op_sarv_vec:
-+        tcg_out_insn(s, VRRc, VESRAV, a0, a1, a2, vece);
-+        break;
-+    case INDEX_op_rotlv_vec:
-+        tcg_out_insn(s, VRRc, VERLLV, a0, a1, a2, vece);
-+        break;
-+
-     case INDEX_op_cmp_vec:
-         switch ((TCGCond)args[3]) {
-         case TCG_COND_EQ:
-@@ -XXX,XX +XXX,XX @@ int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, unsigned vece)
-     case INDEX_op_not_vec:
-     case INDEX_op_or_vec:
-     case INDEX_op_orc_vec:
-+    case INDEX_op_rotli_vec:
-+    case INDEX_op_rotls_vec:
-+    case INDEX_op_rotlv_vec:
-+    case INDEX_op_sari_vec:
-+    case INDEX_op_sars_vec:
-+    case INDEX_op_sarv_vec:
-+    case INDEX_op_shli_vec:
-+    case INDEX_op_shls_vec:
-+    case INDEX_op_shlv_vec:
-+    case INDEX_op_shri_vec:
-+    case INDEX_op_shrs_vec:
-+    case INDEX_op_shrv_vec:
-     case INDEX_op_sub_vec:
-     case INDEX_op_xor_vec:
-         return 1;
-     case INDEX_op_cmp_vec:
-+    case INDEX_op_rotrv_vec:
-         return -1;
-     case INDEX_op_mul_vec:
-         return vece < MO_64;
-@@ -XXX,XX +XXX,XX @@ void tcg_expand_vec_op(TCGOpcode opc, TCGType type, unsigned vece,
-                        TCGArg a0, ...)
- {
-     va_list va;
--    TCGv_vec v0, v1, v2;
-+    TCGv_vec v0, v1, v2, t0;
-     va_start(va, a0);
-     v0 = temp_tcgv_vec(arg_temp(a0));
-@@ -XXX,XX +XXX,XX @@ void tcg_expand_vec_op(TCGOpcode opc, TCGType type, unsigned vece,
-         expand_vec_cmp(type, vece, v0, v1, v2, va_arg(va, TCGArg));
-         break;
-+    case INDEX_op_rotrv_vec:
-+        t0 = tcg_temp_new_vec(type);
-+        tcg_gen_neg_vec(vece, t0, v2);
-+        tcg_gen_rotlv_vec(vece, v0, v1, t0);
-+        tcg_temp_free_vec(t0);
-+        break;
-+
-     default:
-         g_assert_not_reached();
-     }
-@@ -XXX,XX +XXX,XX @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
-     case INDEX_op_abs_vec:
-     case INDEX_op_neg_vec:
-     case INDEX_op_not_vec:
-+    case INDEX_op_rotli_vec:
-+    case INDEX_op_sari_vec:
-+    case INDEX_op_shli_vec:
-+    case INDEX_op_shri_vec:
-         return C_O1_I1(v, v);
-     case INDEX_op_add_vec:
-     case INDEX_op_sub_vec:
-@@ -XXX,XX +XXX,XX @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
-     case INDEX_op_xor_vec:
-     case INDEX_op_cmp_vec:
-     case INDEX_op_mul_vec:
-+    case INDEX_op_rotlv_vec:
-+    case INDEX_op_rotrv_vec:
-+    case INDEX_op_shlv_vec:
-+    case INDEX_op_shrv_vec:
-+    case INDEX_op_sarv_vec:
-         return C_O1_I2(v, v, v);
-+    case INDEX_op_rotls_vec:
-+    case INDEX_op_shls_vec:
-+    case INDEX_op_shrs_vec:
-+    case INDEX_op_sars_vec:
-+        return C_O1_I2(v, v, r);
-     default:
-         g_assert_not_reached();
---
-.25.1

-[PULL 25/28] tcg/s390x: Implement TCG_TARGET_HAS_minmax_vec
+Deleted patch
-Reviewed-by: David Hildenbrand <david@redhat.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- tcg/s390x/tcg-target.h     |  2 +-
- tcg/s390x/tcg-target.c.inc | 25 +++++++++++++++++++++++++
-files changed, 26 insertions(+), 1 deletion(-)
-diff --git a/tcg/s390x/tcg-target.h b/tcg/s390x/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390x/tcg-target.h
-+++ b/tcg/s390x/tcg-target.h
-@@ -XXX,XX +XXX,XX @@ extern uint64_t s390_facilities[3];
- #define TCG_TARGET_HAS_shv_vec        1
- #define TCG_TARGET_HAS_mul_vec        1
- #define TCG_TARGET_HAS_sat_vec        0
--#define TCG_TARGET_HAS_minmax_vec     0
-+#define TCG_TARGET_HAS_minmax_vec     1
- #define TCG_TARGET_HAS_bitsel_vec     0
- #define TCG_TARGET_HAS_cmpsel_vec     0
-diff --git a/tcg/s390x/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390x/tcg-target.c.inc
-+++ b/tcg/s390x/tcg-target.c.inc
-@@ -XXX,XX +XXX,XX @@ typedef enum S390Opcode {
-     VRRc_VESRAV = 0xe77a,
-     VRRc_VESRLV = 0xe778,
-     VRRc_VML    = 0xe7a2,
-+    VRRc_VMN    = 0xe7fe,
-+    VRRc_VMNL   = 0xe7fc,
-+    VRRc_VMX    = 0xe7ff,
-+    VRRc_VMXL   = 0xe7fd,
-     VRRc_VN     = 0xe768,
-     VRRc_VNC    = 0xe769,
-     VRRc_VNO    = 0xe76b,
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
-         tcg_out_insn(s, VRRc, VERLLV, a0, a1, a2, vece);
-         break;
-+    case INDEX_op_smin_vec:
-+        tcg_out_insn(s, VRRc, VMN, a0, a1, a2, vece);
-+        break;
-+    case INDEX_op_smax_vec:
-+        tcg_out_insn(s, VRRc, VMX, a0, a1, a2, vece);
-+        break;
-+    case INDEX_op_umin_vec:
-+        tcg_out_insn(s, VRRc, VMNL, a0, a1, a2, vece);
-+        break;
-+    case INDEX_op_umax_vec:
-+        tcg_out_insn(s, VRRc, VMXL, a0, a1, a2, vece);
-+        break;
-+
-     case INDEX_op_cmp_vec:
-         switch ((TCGCond)args[3]) {
-         case TCG_COND_EQ:
-@@ -XXX,XX +XXX,XX @@ int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, unsigned vece)
-     case INDEX_op_shri_vec:
-     case INDEX_op_shrs_vec:
-     case INDEX_op_shrv_vec:
-+    case INDEX_op_smax_vec:
-+    case INDEX_op_smin_vec:
-     case INDEX_op_sub_vec:
-+    case INDEX_op_umax_vec:
-+    case INDEX_op_umin_vec:
-     case INDEX_op_xor_vec:
-         return 1;
-     case INDEX_op_cmp_vec:
-@@ -XXX,XX +XXX,XX @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
-     case INDEX_op_shlv_vec:
-     case INDEX_op_shrv_vec:
-     case INDEX_op_sarv_vec:
-+    case INDEX_op_smax_vec:
-+    case INDEX_op_smin_vec:
-+    case INDEX_op_umax_vec:
-+    case INDEX_op_umin_vec:
-         return C_O1_I2(v, v, v);
-     case INDEX_op_rotls_vec:
-     case INDEX_op_shls_vec:
---
-.25.1

The following changes since commit e3acc2c1961cbe22ca474cd5da4163b7bbf7cea3:

tests/docker/dockerfiles: Bump fedora-i386-cross to fedora 34 (2021-10-05 16:40:39 -0700)

are available in the Git repository at:

https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20211006

for you to fetch changes up to ea3f2af8f1b87d7bced9b75ef2e788b66ec49961:

tcg/s390x: Implement TCG_TARGET_HAS_cmpsel_vec (2021-10-05 16:53:17 -0700)

----------------------------------------------------------------
More fixes for fedora-i386-cross
Add dup_const_tl
Expand MemOp MO_SIZE
Move MemOpIdx out of tcg.h
Vector support for tcg/s390x

----------------------------------------------------------------
Philipp Tomsich (1):
      tcg: add dup_const_tl wrapper

Richard Henderson (27):
      tests/docker: Remove fedora-i386-cross from DOCKER_PARTIAL_IMAGES
      tests/docker: Fix fedora-i386-cross cross-compilation
      accel/tcg: Drop signness in tracing in cputlb.c
      tcg: Expand MO_SIZE to 3 bits
      tcg: Rename TCGMemOpIdx to MemOpIdx
      tcg: Split out MemOpIdx to exec/memopidx.h
      trace/mem: Pass MemOpIdx to trace_mem_get_info
      accel/tcg: Pass MemOpIdx to atomic_trace_*_post
      plugins: Reorg arguments to qemu_plugin_vcpu_mem_cb
      trace: Split guest_mem_before
      hw/core/cpu: Re-sort the non-pointers to the end of CPUClass
      tcg: Expand usadd/ussub with umin/umax
      tcg/s390x: Rename from tcg/s390
      tcg/s390x: Change FACILITY representation
      tcg/s390x: Merge TCG_AREG0 and TCG_REG_CALL_STACK into TCGReg
      tcg/s390x: Add host vector framework
      tcg/s390x: Implement tcg_out_ld/st for vector types
      tcg/s390x: Implement tcg_out_mov for vector types
      tcg/s390x: Implement tcg_out_dup*_vec
      tcg/s390x: Implement minimal vector operations
      tcg/s390x: Implement andc, orc, abs, neg, not vector operations
      tcg/s390x: Implement TCG_TARGET_HAS_mul_vec
      tcg/s390x: Implement vector shift operations
      tcg/s390x: Implement TCG_TARGET_HAS_minmax_vec
      tcg/s390x: Implement TCG_TARGET_HAS_sat_vec
      tcg/s390x: Implement TCG_TARGET_HAS_bitsel_vec
      tcg/s390x: Implement TCG_TARGET_HAS_cmpsel_vec

meson.build                                       |   2 -
 accel/tcg/atomic_template.h                       |  73 +-
 include/exec/memop.h                              |  14 +-
 include/exec/memopidx.h                           |  55 ++
 include/hw/core/cpu.h                             |  11 +-
 include/qemu/plugin.h                             |  26 +-
 include/tcg/tcg.h                                 | 117 ++-
 tcg/{s390 => s390x}/tcg-target-con-set.h          |   7 +
 tcg/{s390 => s390x}/tcg-target-con-str.h          |   1 +
 tcg/{s390 => s390x}/tcg-target.h                  |  91 ++-
 tcg/s390x/tcg-target.opc.h                        |  15 +
 trace/mem.h                                       |  63 --
 accel/tcg/cputlb.c                                | 103 ++-
 accel/tcg/plugin-gen.c                            |   5 +-
 accel/tcg/user-exec.c                             | 133 ++-
 plugins/api.c                                     |  19 +-
 plugins/core.c                                    |  10 +-
 target/arm/helper-a64.c                           |  16 +-
 target/arm/m_helper.c                             |   2 +-
 target/arm/translate-a64.c                        |   2 +-
 target/i386/tcg/mem_helper.c                      |   4 +-
 target/m68k/op_helper.c                           |   2 +-
 target/mips/tcg/msa_helper.c                      |   6 +-
 target/s390x/tcg/mem_helper.c                     |  20 +-
 target/sparc/ldst_helper.c                        |   2 +-
 tcg/optimize.c                                    |   2 +-
 tcg/tcg-op-vec.c                                  |  37 +-
 tcg/tcg-op.c                                      |  60 +-
 tcg/tcg.c                                         |   2 +-
 tcg/tci.c                                         |  14 +-
 accel/tcg/atomic_common.c.inc                     |  43 +-
 target/s390x/tcg/translate_vx.c.inc               |   2 +-
 tcg/aarch64/tcg-target.c.inc                      |  18 +-
 tcg/arm/tcg-target.c.inc                          |  14 +-
 tcg/i386/tcg-target.c.inc                         |  14 +-
 tcg/mips/tcg-target.c.inc                         |  16 +-
 tcg/ppc/tcg-target.c.inc                          |  18 +-
 tcg/riscv/tcg-target.c.inc                        |  20 +-
 tcg/{s390 => s390x}/tcg-target.c.inc              | 949 ++++++++++++++++++++--
 tcg/sparc/tcg-target.c.inc                        |  20 +-
 tcg/tcg-ldst.c.inc                                |   2 +-
 tests/docker/Makefile.include                     |   2 +-
 tests/docker/dockerfiles/fedora-i386-cross.docker |   5 +-
 trace-events                                      |  18 +-
 44 files changed, 1445 insertions(+), 610 deletions(-)
 create mode 100644 include/exec/memopidx.h
 rename tcg/{s390 => s390x}/tcg-target-con-set.h (86%)
 rename tcg/{s390 => s390x}/tcg-target-con-str.h (96%)
 rename tcg/{s390 => s390x}/tcg-target.h (66%)
 create mode 100644 tcg/s390x/tcg-target.opc.h
 delete mode 100644 trace/mem.h
 rename tcg/{s390 => s390x}/tcg-target.c.inc (73%)

By using PKG_CONFIG_PATH instead of PKG_CONFIG_LIBDIR,
we were still including the 64-bit packages.  Install
pcre-devel.i686 to fill a missing glib2 dependency.

By using --extra-cflags instead of --cpu, we incorrectly
use the wrong probing during meson.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210930163636.721311-3-richard.henderson@linaro.org>
---
 tests/docker/dockerfiles/fedora-i386-cross.docker | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/tests/docker/dockerfiles/fedora-i386-cross.docker b/tests/docker/dockerfiles/fedora-i386-cross.docker
index XXXXXXX..XXXXXXX 100644
--- a/tests/docker/dockerfiles/fedora-i386-cross.docker
+++ b/tests/docker/dockerfiles/fedora-i386-cross.docker
@@ -XXX,XX +XXX,XX @@ ENV PACKAGES \
     glibc-static.i686 \
     gnutls-devel.i686 \
     nettle-devel.i686 \
+    pcre-devel.i686 \
     perl-Test-Harness \
     pixman-devel.i686 \
     sysprof-capture-devel.i686 \
     zlib-devel.i686
 
-ENV QEMU_CONFIGURE_OPTS --extra-cflags=-m32 --disable-vhost-user
-ENV PKG_CONFIG_PATH /usr/lib/pkgconfig
+ENV QEMU_CONFIGURE_OPTS --cpu=i386 --disable-vhost-user
+ENV PKG_CONFIG_LIBDIR /usr/lib/pkgconfig
 
 RUN dnf update -y && dnf install -y $PACKAGES
 RUN rpm -q $PACKAGES | sort > /packages.txt
-- 
2.25.1

From: Philipp Tomsich <philipp.tomsich@vrull.eu>

dup_const always generates a uint64_t, which may exceed the size of a
target_long (generating warnings with recent-enough compilers).

To ensure that we can use dup_const both for 64bit and 32bit targets,
this adds dup_const_tl, which either maps back to dup_const (for 64bit
targets) or provides a similar implementation using 32bit constants.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Philipp Tomsich <philipp.tomsich@vrull.eu>
Message-Id: <20211003214243.3813425-1-philipp.tomsich@vrull.eu>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/tcg/tcg.h | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
index XXXXXXX..XXXXXXX 100644
--- a/include/tcg/tcg.h
+++ b/include/tcg/tcg.h
@@ -XXX,XX +XXX,XX @@ uint64_t dup_const(unsigned vece, uint64_t c);
         : (qemu_build_not_reached_always(), 0))                    \
      : dup_const(VECE, C))
 
+#if TARGET_LONG_BITS == 64
+# define dup_const_tl  dup_const
+#else
+# define dup_const_tl(VECE, C)                                     \
+    (__builtin_constant_p(VECE)                                    \
+     ? (  (VECE) == MO_8  ? 0x01010101ul * (uint8_t)(C)            \
+        : (VECE) == MO_16 ? 0x00010001ul * (uint16_t)(C)           \
+        : (VECE) == MO_32 ? 0x00000001ul * (uint32_t)(C)           \
+        : (qemu_build_not_reached_always(), 0))                    \
+     :  (target_long)dup_const(VECE, C))
+#endif
+
 /*
  * Memory helpers that will be used by TCG generated code.
  */
-- 
2.25.1

We are already inconsistent about whether or not
MO_SIGN is set in trace_mem_get_info.  Dropping it
entirely allows some simplification.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/cputlb.c    | 10 +++-------
 accel/tcg/user-exec.c | 45 ++++++-------------------------------------
 2 files changed, 9 insertions(+), 46 deletions(-)

diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ static inline uint64_t cpu_load_helper(CPUArchState *env, abi_ptr addr,
     meminfo = trace_mem_get_info(op, mmu_idx, false);
     trace_guest_mem_before_exec(env_cpu(env), addr, meminfo);
 
-    op &= ~MO_SIGN;
     oi = make_memop_idx(op, mmu_idx);
     ret = full_load(env, addr, oi, retaddr);
 
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
                        int mmu_idx, uintptr_t ra)
 {
-    return (int8_t)cpu_load_helper(env, addr, mmu_idx, ra, MO_SB,
-                                   full_ldub_mmu);
+    return (int8_t)cpu_ldub_mmuidx_ra(env, addr, mmu_idx, ra);
 }
 
 uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 int cpu_ldsw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
                           int mmu_idx, uintptr_t ra)
 {
-    return (int16_t)cpu_load_helper(env, addr, mmu_idx, ra, MO_BESW,
-                                    full_be_lduw_mmu);
+    return (int16_t)cpu_lduw_be_mmuidx_ra(env, addr, mmu_idx, ra);
 }
 
 uint32_t cpu_ldl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_lduw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 int cpu_ldsw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
                           int mmu_idx, uintptr_t ra)
 {
-    return (int16_t)cpu_load_helper(env, addr, mmu_idx, ra, MO_LESW,
-                                    full_le_lduw_mmu);
+    return (int16_t)cpu_lduw_le_mmuidx_ra(env, addr, mmu_idx, ra);
 }
 
 uint32_t cpu_ldl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/user-exec.c
+++ b/accel/tcg/user-exec.c
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_ldub_data(CPUArchState *env, abi_ptr ptr)
 
 int cpu_ldsb_data(CPUArchState *env, abi_ptr ptr)
 {
-    int ret;
-    uint16_t meminfo = trace_mem_get_info(MO_SB, MMU_USER_IDX, false);
-
-    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
-    ret = ldsb_p(g2h(env_cpu(env), ptr));
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
-    return ret;
+    return (int8_t)cpu_ldub_data(env, ptr);
 }
 
 uint32_t cpu_lduw_be_data(CPUArchState *env, abi_ptr ptr)
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_lduw_be_data(CPUArchState *env, abi_ptr ptr)
 
 int cpu_ldsw_be_data(CPUArchState *env, abi_ptr ptr)
 {
-    int ret;
-    uint16_t meminfo = trace_mem_get_info(MO_BESW, MMU_USER_IDX, false);
-
-    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
-    ret = ldsw_be_p(g2h(env_cpu(env), ptr));
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
-    return ret;
+    return (int16_t)cpu_lduw_be_data(env, ptr);
 }
 
 uint32_t cpu_ldl_be_data(CPUArchState *env, abi_ptr ptr)
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_lduw_le_data(CPUArchState *env, abi_ptr ptr)
 
 int cpu_ldsw_le_data(CPUArchState *env, abi_ptr ptr)
 {
-    int ret;
-    uint16_t meminfo = trace_mem_get_info(MO_LESW, MMU_USER_IDX, false);
-
-    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
-    ret = ldsw_le_p(g2h(env_cpu(env), ptr));
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
-    return ret;
+    return (int16_t)cpu_lduw_le_data(env, ptr);
 }
 
 uint32_t cpu_ldl_le_data(CPUArchState *env, abi_ptr ptr)
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_ldub_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
 
 int cpu_ldsb_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
 {
-    int ret;
-
-    set_helper_retaddr(retaddr);
-    ret = cpu_ldsb_data(env, ptr);
-    clear_helper_retaddr();
-    return ret;
+    return (int8_t)cpu_ldub_data_ra(env, ptr, retaddr);
 }
 
 uint32_t cpu_lduw_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_lduw_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
 
 int cpu_ldsw_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
 {
-    int ret;
-
-    set_helper_retaddr(retaddr);
-    ret = cpu_ldsw_be_data(env, ptr);
-    clear_helper_retaddr();
-    return ret;
+    return (int16_t)cpu_lduw_be_data_ra(env, ptr, retaddr);
 }
 
 uint32_t cpu_ldl_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_lduw_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
 
 int cpu_ldsw_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
 {
-    int ret;
-
-    set_helper_retaddr(retaddr);
-    ret = cpu_ldsw_le_data(env, ptr);
-    clear_helper_retaddr();
-    return ret;
+    return (int16_t)cpu_lduw_le_data_ra(env, ptr, retaddr);
 }
 
 uint32_t cpu_ldl_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
-- 
2.25.1

We have lacked expressive support for memory sizes larger
than 64-bits for a while.  Fixing that requires adjustment
to several points where we used this for array indexing,
and two places that develop -Wswitch warnings after the change.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/exec/memop.h                | 14 +++++++++-----
 target/arm/translate-a64.c          |  2 +-
 tcg/tcg-op.c                        | 13 ++++++++-----
 target/s390x/tcg/translate_vx.c.inc |  2 +-
 tcg/aarch64/tcg-target.c.inc        |  4 ++--
 tcg/arm/tcg-target.c.inc            |  4 ++--
 tcg/i386/tcg-target.c.inc           |  4 ++--
 tcg/mips/tcg-target.c.inc           |  4 ++--
 tcg/ppc/tcg-target.c.inc            |  8 ++++----
 tcg/riscv/tcg-target.c.inc          |  4 ++--
 tcg/s390/tcg-target.c.inc           |  4 ++--
 tcg/sparc/tcg-target.c.inc          | 16 ++++++++--------
 12 files changed, 43 insertions(+), 36 deletions(-)

diff --git a/include/exec/memop.h b/include/exec/memop.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/memop.h
+++ b/include/exec/memop.h
@@ -XXX,XX +XXX,XX @@ typedef enum MemOp {
     MO_16    = 1,
     MO_32    = 2,
     MO_64    = 3,
-    MO_SIZE  = 3,   /* Mask for the above.  */
+    MO_128   = 4,
+    MO_256   = 5,
+    MO_512   = 6,
+    MO_1024  = 7,
+    MO_SIZE  = 0x07,   /* Mask for the above.  */
 
-    MO_SIGN  = 4,   /* Sign-extended, otherwise zero-extended.  */
+    MO_SIGN  = 0x08,   /* Sign-extended, otherwise zero-extended.  */
 
-    MO_BSWAP = 8,   /* Host reverse endian.  */
+    MO_BSWAP = 0x10,   /* Host reverse endian.  */
 #ifdef HOST_WORDS_BIGENDIAN
     MO_LE    = MO_BSWAP,
     MO_BE    = 0,
@@ -XXX,XX +XXX,XX @@ typedef enum MemOp {
      * - an alignment to a specified size, which may be more or less than
      *   the access size (MO_ALIGN_x where 'x' is a size in bytes);
      */
-    MO_ASHIFT = 4,
-    MO_AMASK = 7 << MO_ASHIFT,
+    MO_ASHIFT = 5,
+    MO_AMASK = 0x7 << MO_ASHIFT,
 #ifdef NEED_CPU_H
 #ifdef TARGET_ALIGNED_ONLY
     MO_ALIGN = 0,
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void read_vec_element(DisasContext *s, TCGv_i64 tcg_dest, int srcidx,
                              int element, MemOp memop)
 {
     int vect_off = vec_reg_offset(s, srcidx, element, memop & MO_SIZE);
-    switch (memop) {
+    switch ((unsigned)memop) {
     case MO_8:
         tcg_gen_ld8u_i64(tcg_dest, cpu_env, vect_off);
         break;
diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg-op.c
+++ b/tcg/tcg-op.c
@@ -XXX,XX +XXX,XX @@ static inline MemOp tcg_canonicalize_memop(MemOp op, bool is64, bool st)
         }
         break;
     case MO_64:
-        if (!is64) {
-            tcg_abort();
+        if (is64) {
+            op &= ~MO_SIGN;
+            break;
         }
-        break;
+        /* fall through */
+    default:
+        g_assert_not_reached();
     }
     if (st) {
         op &= ~MO_SIGN;
@@ -XXX,XX +XXX,XX @@ typedef void (*gen_atomic_op_i64)(TCGv_i64, TCGv_env, TCGv,
 # define WITH_ATOMIC64(X)
 #endif
 
-static void * const table_cmpxchg[16] = {
+static void * const table_cmpxchg[(MO_SIZE | MO_BSWAP) + 1] = {
     [MO_8] = gen_helper_atomic_cmpxchgb,
     [MO_16 | MO_LE] = gen_helper_atomic_cmpxchgw_le,
     [MO_16 | MO_BE] = gen_helper_atomic_cmpxchgw_be,
@@ -XXX,XX +XXX,XX @@ static void do_atomic_op_i64(TCGv_i64 ret, TCGv addr, TCGv_i64 val,
 }
 
 #define GEN_ATOMIC_HELPER(NAME, OP, NEW)                                \
-static void * const table_##NAME[16] = {                                \
+static void * const table_##NAME[(MO_SIZE | MO_BSWAP) + 1] = {          \
     [MO_8] = gen_helper_atomic_##NAME##b,                               \
     [MO_16 | MO_LE] = gen_helper_atomic_##NAME##w_le,                   \
     [MO_16 | MO_BE] = gen_helper_atomic_##NAME##w_be,                   \
diff --git a/target/s390x/tcg/translate_vx.c.inc b/target/s390x/tcg/translate_vx.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/tcg/translate_vx.c.inc
+++ b/target/s390x/tcg/translate_vx.c.inc
@@ -XXX,XX +XXX,XX @@ static void read_vec_element_i64(TCGv_i64 dst, uint8_t reg, uint8_t enr,
 {
     const int offs = vec_reg_offset(reg, enr, memop & MO_SIZE);
 
-    switch (memop) {
+    switch ((unsigned)memop) {
     case ES_8:
         tcg_gen_ld8u_i64(dst, cpu_env, offs);
         break;
diff --git a/tcg/aarch64/tcg-target.c.inc b/tcg/aarch64/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/aarch64/tcg-target.c.inc
+++ b/tcg/aarch64/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static void tcg_out_cltz(TCGContext *s, TCGType ext, TCGReg d,
 /* helper signature: helper_ret_ld_mmu(CPUState *env, target_ulong addr,
  *                                     TCGMemOpIdx oi, uintptr_t ra)
  */
-static void * const qemu_ld_helpers[4] = {
+static void * const qemu_ld_helpers[MO_SIZE + 1] = {
     [MO_8]  = helper_ret_ldub_mmu,
 #ifdef HOST_WORDS_BIGENDIAN
     [MO_16] = helper_be_lduw_mmu,
@@ -XXX,XX +XXX,XX @@ static void * const qemu_ld_helpers[4] = {
  *                                     uintxx_t val, TCGMemOpIdx oi,
  *                                     uintptr_t ra)
  */
-static void * const qemu_st_helpers[4] = {
+static void * const qemu_st_helpers[MO_SIZE + 1] = {
     [MO_8]  = helper_ret_stb_mmu,
 #ifdef HOST_WORDS_BIGENDIAN
     [MO_16] = helper_be_stw_mmu,
diff --git a/tcg/arm/tcg-target.c.inc b/tcg/arm/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/arm/tcg-target.c.inc
+++ b/tcg/arm/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static void tcg_out_vldst(TCGContext *s, ARMInsn insn,
 /* helper signature: helper_ret_ld_mmu(CPUState *env, target_ulong addr,
  *                                     int mmu_idx, uintptr_t ra)
  */
-static void * const qemu_ld_helpers[8] = {
+static void * const qemu_ld_helpers[MO_SSIZE + 1] = {
     [MO_UB]   = helper_ret_ldub_mmu,
     [MO_SB]   = helper_ret_ldsb_mmu,
 #ifdef HOST_WORDS_BIGENDIAN
@@ -XXX,XX +XXX,XX @@ static void * const qemu_ld_helpers[8] = {
 /* helper signature: helper_ret_st_mmu(CPUState *env, target_ulong addr,
  *                                     uintxx_t val, int mmu_idx, uintptr_t ra)
  */
-static void * const qemu_st_helpers[4] = {
+static void * const qemu_st_helpers[MO_SIZE + 1] = {
     [MO_8]   = helper_ret_stb_mmu,
 #ifdef HOST_WORDS_BIGENDIAN
     [MO_16] = helper_be_stw_mmu,
diff --git a/tcg/i386/tcg-target.c.inc b/tcg/i386/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/i386/tcg-target.c.inc
+++ b/tcg/i386/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static void tcg_out_nopn(TCGContext *s, int n)
 /* helper signature: helper_ret_ld_mmu(CPUState *env, target_ulong addr,
  *                                     int mmu_idx, uintptr_t ra)
  */
-static void * const qemu_ld_helpers[16] = {
+static void * const qemu_ld_helpers[(MO_SIZE | MO_BSWAP) + 1] = {
     [MO_UB]   = helper_ret_ldub_mmu,
     [MO_LEUW] = helper_le_lduw_mmu,
     [MO_LEUL] = helper_le_ldul_mmu,
@@ -XXX,XX +XXX,XX @@ static void * const qemu_ld_helpers[16] = {
 /* helper signature: helper_ret_st_mmu(CPUState *env, target_ulong addr,
  *                                     uintxx_t val, int mmu_idx, uintptr_t ra)
  */
-static void * const qemu_st_helpers[16] = {
+static void * const qemu_st_helpers[(MO_SIZE | MO_BSWAP) + 1] = {
     [MO_UB]   = helper_ret_stb_mmu,
     [MO_LEUW] = helper_le_stw_mmu,
     [MO_LEUL] = helper_le_stl_mmu,
diff --git a/tcg/mips/tcg-target.c.inc b/tcg/mips/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/mips/tcg-target.c.inc
+++ b/tcg/mips/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static void tcg_out_call(TCGContext *s, const tcg_insn_unit *arg)
 #if defined(CONFIG_SOFTMMU)
 #include "../tcg-ldst.c.inc"
 
-static void * const qemu_ld_helpers[16] = {
+static void * const qemu_ld_helpers[(MO_SSIZE | MO_BSWAP) + 1] = {
     [MO_UB]   = helper_ret_ldub_mmu,
     [MO_SB]   = helper_ret_ldsb_mmu,
     [MO_LEUW] = helper_le_lduw_mmu,
@@ -XXX,XX +XXX,XX @@ static void * const qemu_ld_helpers[16] = {
 #endif
 };
 
-static void * const qemu_st_helpers[16] = {
+static void * const qemu_st_helpers[(MO_SIZE | MO_BSWAP) + 1] = {
     [MO_UB]   = helper_ret_stb_mmu,
     [MO_LEUW] = helper_le_stw_mmu,
     [MO_LEUL] = helper_le_stl_mmu,
diff --git a/tcg/ppc/tcg-target.c.inc b/tcg/ppc/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/ppc/tcg-target.c.inc
+++ b/tcg/ppc/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static void tcg_out_call(TCGContext *s, const tcg_insn_unit *target)
 #endif
 }
 
-static const uint32_t qemu_ldx_opc[16] = {
+static const uint32_t qemu_ldx_opc[(MO_SSIZE + MO_BSWAP) + 1] = {
     [MO_UB] = LBZX,
     [MO_UW] = LHZX,
     [MO_UL] = LWZX,
@@ -XXX,XX +XXX,XX @@ static const uint32_t qemu_ldx_opc[16] = {
     [MO_BSWAP | MO_Q]  = LDBRX,
 };
 
-static const uint32_t qemu_stx_opc[16] = {
+static const uint32_t qemu_stx_opc[(MO_SIZE + MO_BSWAP) + 1] = {
     [MO_UB] = STBX,
     [MO_UW] = STHX,
     [MO_UL] = STWX,
@@ -XXX,XX +XXX,XX @@ static const uint32_t qemu_exts_opc[4] = {
 /* helper signature: helper_ld_mmu(CPUState *env, target_ulong addr,
  *                                 int mmu_idx, uintptr_t ra)
  */
-static void * const qemu_ld_helpers[16] = {
+static void * const qemu_ld_helpers[(MO_SIZE | MO_BSWAP) + 1] = {
     [MO_UB]   = helper_ret_ldub_mmu,
     [MO_LEUW] = helper_le_lduw_mmu,
     [MO_LEUL] = helper_le_ldul_mmu,
@@ -XXX,XX +XXX,XX @@ static void * const qemu_ld_helpers[16] = {
 /* helper signature: helper_st_mmu(CPUState *env, target_ulong addr,
  *                                 uintxx_t val, int mmu_idx, uintptr_t ra)
  */
-static void * const qemu_st_helpers[16] = {
+static void * const qemu_st_helpers[(MO_SIZE | MO_BSWAP) + 1] = {
     [MO_UB]   = helper_ret_stb_mmu,
     [MO_LEUW] = helper_le_stw_mmu,
     [MO_LEUL] = helper_le_stl_mmu,
diff --git a/tcg/riscv/tcg-target.c.inc b/tcg/riscv/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/riscv/tcg-target.c.inc
+++ b/tcg/riscv/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static void tcg_out_mb(TCGContext *s, TCGArg a0)
 /* helper signature: helper_ret_ld_mmu(CPUState *env, target_ulong addr,
  *                                     TCGMemOpIdx oi, uintptr_t ra)
  */
-static void * const qemu_ld_helpers[8] = {
+static void * const qemu_ld_helpers[MO_SSIZE + 1] = {
     [MO_UB] = helper_ret_ldub_mmu,
     [MO_SB] = helper_ret_ldsb_mmu,
 #ifdef HOST_WORDS_BIGENDIAN
@@ -XXX,XX +XXX,XX @@ static void * const qemu_ld_helpers[8] = {
  *                                     uintxx_t val, TCGMemOpIdx oi,
  *                                     uintptr_t ra)
  */
-static void * const qemu_st_helpers[4] = {
+static void * const qemu_st_helpers[MO_SIZE + 1] = {
     [MO_8]   = helper_ret_stb_mmu,
 #ifdef HOST_WORDS_BIGENDIAN
     [MO_16] = helper_be_stw_mmu,
diff --git a/tcg/s390/tcg-target.c.inc b/tcg/s390/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/s390/tcg-target.c.inc
+++ b/tcg/s390/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static const uint8_t tcg_cond_to_ltr_cond[] = {
 };
 
 #ifdef CONFIG_SOFTMMU
-static void * const qemu_ld_helpers[16] = {
+static void * const qemu_ld_helpers[(MO_SSIZE | MO_BSWAP) + 1] = {
     [MO_UB]   = helper_ret_ldub_mmu,
     [MO_SB]   = helper_ret_ldsb_mmu,
     [MO_LEUW] = helper_le_lduw_mmu,
@@ -XXX,XX +XXX,XX @@ static void * const qemu_ld_helpers[16] = {
     [MO_BEQ]  = helper_be_ldq_mmu,
 };
 
-static void * const qemu_st_helpers[16] = {
+static void * const qemu_st_helpers[(MO_SIZE | MO_BSWAP) + 1] = {
     [MO_UB]   = helper_ret_stb_mmu,
     [MO_LEUW] = helper_le_stw_mmu,
     [MO_LEUL] = helper_le_stl_mmu,
diff --git a/tcg/sparc/tcg-target.c.inc b/tcg/sparc/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/sparc/tcg-target.c.inc
+++ b/tcg/sparc/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static void tcg_out_mb(TCGContext *s, TCGArg a0)
 }
 
 #ifdef CONFIG_SOFTMMU
-static const tcg_insn_unit *qemu_ld_trampoline[16];
-static const tcg_insn_unit *qemu_st_trampoline[16];
+static const tcg_insn_unit *qemu_ld_trampoline[(MO_SSIZE | MO_BSWAP) + 1];
+static const tcg_insn_unit *qemu_st_trampoline[(MO_SIZE | MO_BSWAP) + 1];
 
 static void emit_extend(TCGContext *s, TCGReg r, int op)
 {
@@ -XXX,XX +XXX,XX @@ static void emit_extend(TCGContext *s, TCGReg r, int op)
 
 static void build_trampolines(TCGContext *s)
 {
-    static void * const qemu_ld_helpers[16] = {
+    static void * const qemu_ld_helpers[] = {
         [MO_UB]   = helper_ret_ldub_mmu,
         [MO_SB]   = helper_ret_ldsb_mmu,
         [MO_LEUW] = helper_le_lduw_mmu,
@@ -XXX,XX +XXX,XX @@ static void build_trampolines(TCGContext *s)
         [MO_BEUL] = helper_be_ldul_mmu,
         [MO_BEQ]  = helper_be_ldq_mmu,
     };
-    static void * const qemu_st_helpers[16] = {
+    static void * const qemu_st_helpers[] = {
         [MO_UB]   = helper_ret_stb_mmu,
         [MO_LEUW] = helper_le_stw_mmu,
         [MO_LEUL] = helper_le_stl_mmu,
@@ -XXX,XX +XXX,XX @@ static void build_trampolines(TCGContext *s)
     int i;
     TCGReg ra;
 
-    for (i = 0; i < 16; ++i) {
+    for (i = 0; i < ARRAY_SIZE(qemu_ld_helpers); ++i) {
         if (qemu_ld_helpers[i] == NULL) {
             continue;
         }
@@ -XXX,XX +XXX,XX @@ static void build_trampolines(TCGContext *s)
         tcg_out_mov(s, TCG_TYPE_PTR, TCG_REG_O7, ra);
     }
 
-    for (i = 0; i < 16; ++i) {
+    for (i = 0; i < ARRAY_SIZE(qemu_st_helpers); ++i) {
         if (qemu_st_helpers[i] == NULL) {
             continue;
         }
@@ -XXX,XX +XXX,XX @@ static TCGReg tcg_out_tlb_load(TCGContext *s, TCGReg addr, int mem_index,
 }
 #endif /* CONFIG_SOFTMMU */
 
-static const int qemu_ld_opc[16] = {
+static const int qemu_ld_opc[(MO_SSIZE | MO_BSWAP) + 1] = {
     [MO_UB]   = LDUB,
     [MO_SB]   = LDSB,
 
@@ -XXX,XX +XXX,XX @@ static const int qemu_ld_opc[16] = {
     [MO_LEQ]  = LDX_LE,
 };
 
-static const int qemu_st_opc[16] = {
+static const int qemu_st_opc[(MO_SIZE | MO_BSWAP) + 1] = {
     [MO_UB]   = STB,
 
     [MO_BEUW] = STH,
-- 
2.25.1

We're about to move this out of tcg.h, so rename it
as we did when moving MemOp.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/atomic_template.h   | 24 +++++------
 include/tcg/tcg.h             | 74 ++++++++++++++++-----------------
 accel/tcg/cputlb.c            | 78 +++++++++++++++++------------------
 accel/tcg/user-exec.c         |  2 +-
 target/arm/helper-a64.c       | 16 +++----
 target/arm/m_helper.c         |  2 +-
 target/i386/tcg/mem_helper.c  |  4 +-
 target/m68k/op_helper.c       |  2 +-
 target/mips/tcg/msa_helper.c  |  6 +--
 target/s390x/tcg/mem_helper.c | 20 ++++-----
 target/sparc/ldst_helper.c    |  2 +-
 tcg/optimize.c                |  2 +-
 tcg/tcg-op.c                  | 12 +++---
 tcg/tcg.c                     |  2 +-
 tcg/tci.c                     | 14 +++----
 accel/tcg/atomic_common.c.inc |  6 +--
 tcg/aarch64/tcg-target.c.inc  | 14 +++----
 tcg/arm/tcg-target.c.inc      | 10 ++---
 tcg/i386/tcg-target.c.inc     | 10 ++---
 tcg/mips/tcg-target.c.inc     | 12 +++---
 tcg/ppc/tcg-target.c.inc      | 10 ++---
 tcg/riscv/tcg-target.c.inc    | 16 +++----
 tcg/s390/tcg-target.c.inc     | 10 ++---
 tcg/sparc/tcg-target.c.inc    |  4 +-
 tcg/tcg-ldst.c.inc            |  2 +-
 25 files changed, 177 insertions(+), 177 deletions(-)

diff --git a/accel/tcg/atomic_template.h b/accel/tcg/atomic_template.h
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/atomic_template.h
+++ b/accel/tcg/atomic_template.h
@@ -XXX,XX +XXX,XX @@
 
 ABI_TYPE ATOMIC_NAME(cmpxchg)(CPUArchState *env, target_ulong addr,
                               ABI_TYPE cmpv, ABI_TYPE newv,
-                              TCGMemOpIdx oi, uintptr_t retaddr)
+                              MemOpIdx oi, uintptr_t retaddr)
 {
     DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,
                                          PAGE_READ | PAGE_WRITE, retaddr);
@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(cmpxchg)(CPUArchState *env, target_ulong addr,
 #if DATA_SIZE >= 16
 #if HAVE_ATOMIC128
 ABI_TYPE ATOMIC_NAME(ld)(CPUArchState *env, target_ulong addr,
-                         TCGMemOpIdx oi, uintptr_t retaddr)
+                         MemOpIdx oi, uintptr_t retaddr)
 {
     DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,
                                          PAGE_READ, retaddr);
@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(ld)(CPUArchState *env, target_ulong addr,
 }
 
 void ATOMIC_NAME(st)(CPUArchState *env, target_ulong addr, ABI_TYPE val,
-                     TCGMemOpIdx oi, uintptr_t retaddr)
+                     MemOpIdx oi, uintptr_t retaddr)
 {
     DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,
                                          PAGE_WRITE, retaddr);
@@ -XXX,XX +XXX,XX @@ void ATOMIC_NAME(st)(CPUArchState *env, target_ulong addr, ABI_TYPE val,
 #endif
 #else
 ABI_TYPE ATOMIC_NAME(xchg)(CPUArchState *env, target_ulong addr, ABI_TYPE val,
-                           TCGMemOpIdx oi, uintptr_t retaddr)
+                           MemOpIdx oi, uintptr_t retaddr)
 {
     DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,
                                          PAGE_READ | PAGE_WRITE, retaddr);
@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(xchg)(CPUArchState *env, target_ulong addr, ABI_TYPE val,
 
 #define GEN_ATOMIC_HELPER(X)                                        \
 ABI_TYPE ATOMIC_NAME(X)(CPUArchState *env, target_ulong addr,       \
-                        ABI_TYPE val, TCGMemOpIdx oi, uintptr_t retaddr) \
+                        ABI_TYPE val, MemOpIdx oi, uintptr_t retaddr) \
 {                                                                   \
     DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,  \
                                          PAGE_READ | PAGE_WRITE, retaddr); \
@@ -XXX,XX +XXX,XX @@ GEN_ATOMIC_HELPER(xor_fetch)
  */
 #define GEN_ATOMIC_HELPER_FN(X, FN, XDATA_TYPE, RET)                \
 ABI_TYPE ATOMIC_NAME(X)(CPUArchState *env, target_ulong addr,       \
-                        ABI_TYPE xval, TCGMemOpIdx oi, uintptr_t retaddr) \
+                        ABI_TYPE xval, MemOpIdx oi, uintptr_t retaddr) \
 {                                                                   \
     XDATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE, \
                                           PAGE_READ | PAGE_WRITE, retaddr); \
@@ -XXX,XX +XXX,XX @@ GEN_ATOMIC_HELPER_FN(umax_fetch, MAX,  DATA_TYPE, new)
 
 ABI_TYPE ATOMIC_NAME(cmpxchg)(CPUArchState *env, target_ulong addr,
                               ABI_TYPE cmpv, ABI_TYPE newv,
-                              TCGMemOpIdx oi, uintptr_t retaddr)
+                              MemOpIdx oi, uintptr_t retaddr)
 {
     DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,
                                          PAGE_READ | PAGE_WRITE, retaddr);
@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(cmpxchg)(CPUArchState *env, target_ulong addr,
 #if DATA_SIZE >= 16
 #if HAVE_ATOMIC128
 ABI_TYPE ATOMIC_NAME(ld)(CPUArchState *env, target_ulong addr,
-                         TCGMemOpIdx oi, uintptr_t retaddr)
+                         MemOpIdx oi, uintptr_t retaddr)
 {
     DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,
                                          PAGE_READ, retaddr);
@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(ld)(CPUArchState *env, target_ulong addr,
 }
 
 void ATOMIC_NAME(st)(CPUArchState *env, target_ulong addr, ABI_TYPE val,
-                     TCGMemOpIdx oi, uintptr_t retaddr)
+                     MemOpIdx oi, uintptr_t retaddr)
 {
     DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,
                                          PAGE_WRITE, retaddr);
@@ -XXX,XX +XXX,XX @@ void ATOMIC_NAME(st)(CPUArchState *env, target_ulong addr, ABI_TYPE val,
 #endif
 #else
 ABI_TYPE ATOMIC_NAME(xchg)(CPUArchState *env, target_ulong addr, ABI_TYPE val,
-                           TCGMemOpIdx oi, uintptr_t retaddr)
+                           MemOpIdx oi, uintptr_t retaddr)
 {
     DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,
                                          PAGE_READ | PAGE_WRITE, retaddr);
@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(xchg)(CPUArchState *env, target_ulong addr, ABI_TYPE val,
 
 #define GEN_ATOMIC_HELPER(X)                                        \
 ABI_TYPE ATOMIC_NAME(X)(CPUArchState *env, target_ulong addr,       \
-                        ABI_TYPE val, TCGMemOpIdx oi, uintptr_t retaddr) \
+                        ABI_TYPE val, MemOpIdx oi, uintptr_t retaddr) \
 {                                                                   \
     DATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE,  \
                                          PAGE_READ | PAGE_WRITE, retaddr); \
@@ -XXX,XX +XXX,XX @@ GEN_ATOMIC_HELPER(xor_fetch)
  */
 #define GEN_ATOMIC_HELPER_FN(X, FN, XDATA_TYPE, RET)                \
 ABI_TYPE ATOMIC_NAME(X)(CPUArchState *env, target_ulong addr,       \
-                        ABI_TYPE xval, TCGMemOpIdx oi, uintptr_t retaddr) \
+                        ABI_TYPE xval, MemOpIdx oi, uintptr_t retaddr) \
 {                                                                   \
     XDATA_TYPE *haddr = atomic_mmu_lookup(env, addr, oi, DATA_SIZE, \
                                           PAGE_READ | PAGE_WRITE, retaddr); \
diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
index XXXXXXX..XXXXXXX 100644
--- a/include/tcg/tcg.h
+++ b/include/tcg/tcg.h
@@ -XXX,XX +XXX,XX @@ static inline size_t tcg_current_code_size(TCGContext *s)
 }
 
 /* Combine the MemOp and mmu_idx parameters into a single value.  */
-typedef uint32_t TCGMemOpIdx;
+typedef uint32_t MemOpIdx;
 
 /**
  * make_memop_idx
@@ -XXX,XX +XXX,XX @@ typedef uint32_t TCGMemOpIdx;
  *
  * Encode these values into a single parameter.
  */
-static inline TCGMemOpIdx make_memop_idx(MemOp op, unsigned idx)
+static inline MemOpIdx make_memop_idx(MemOp op, unsigned idx)
 {
     tcg_debug_assert(idx <= 15);
     return (op << 4) | idx;
@@ -XXX,XX +XXX,XX @@ static inline TCGMemOpIdx make_memop_idx(MemOp op, unsigned idx)
  *
  * Extract the memory operation from the combined value.
  */
-static inline MemOp get_memop(TCGMemOpIdx oi)
+static inline MemOp get_memop(MemOpIdx oi)
 {
     return oi >> 4;
 }
@@ -XXX,XX +XXX,XX @@ static inline MemOp get_memop(TCGMemOpIdx oi)
  *
  * Extract the mmu index from the combined value.
  */
-static inline unsigned get_mmuidx(TCGMemOpIdx oi)
+static inline unsigned get_mmuidx(MemOpIdx oi)
 {
     return oi & 15;
 }
@@ -XXX,XX +XXX,XX @@ uint64_t dup_const(unsigned vece, uint64_t c);
 #ifdef CONFIG_SOFTMMU
 /* Value zero-extended to tcg register size.  */
 tcg_target_ulong helper_ret_ldub_mmu(CPUArchState *env, target_ulong addr,
-                                     TCGMemOpIdx oi, uintptr_t retaddr);
+                                     MemOpIdx oi, uintptr_t retaddr);
 tcg_target_ulong helper_le_lduw_mmu(CPUArchState *env, target_ulong addr,
-                                    TCGMemOpIdx oi, uintptr_t retaddr);
+                                    MemOpIdx oi, uintptr_t retaddr);
 tcg_target_ulong helper_le_ldul_mmu(CPUArchState *env, target_ulong addr,
-                                    TCGMemOpIdx oi, uintptr_t retaddr);
+                                    MemOpIdx oi, uintptr_t retaddr);
 uint64_t helper_le_ldq_mmu(CPUArchState *env, target_ulong addr,
-                           TCGMemOpIdx oi, uintptr_t retaddr);
+                           MemOpIdx oi, uintptr_t retaddr);
 tcg_target_ulong helper_be_lduw_mmu(CPUArchState *env, target_ulong addr,
-                                    TCGMemOpIdx oi, uintptr_t retaddr);
+                                    MemOpIdx oi, uintptr_t retaddr);
 tcg_target_ulong helper_be_ldul_mmu(CPUArchState *env, target_ulong addr,
-                                    TCGMemOpIdx oi, uintptr_t retaddr);
+                                    MemOpIdx oi, uintptr_t retaddr);
 uint64_t helper_be_ldq_mmu(CPUArchState *env, target_ulong addr,
-                           TCGMemOpIdx oi, uintptr_t retaddr);
+                           MemOpIdx oi, uintptr_t retaddr);
 
 /* Value sign-extended to tcg register size.  */
 tcg_target_ulong helper_ret_ldsb_mmu(CPUArchState *env, target_ulong addr,
-                                     TCGMemOpIdx oi, uintptr_t retaddr);
+                                     MemOpIdx oi, uintptr_t retaddr);
 tcg_target_ulong helper_le_ldsw_mmu(CPUArchState *env, target_ulong addr,
-                                    TCGMemOpIdx oi, uintptr_t retaddr);
+                                    MemOpIdx oi, uintptr_t retaddr);
 tcg_target_ulong helper_le_ldsl_mmu(CPUArchState *env, target_ulong addr,
-                                    TCGMemOpIdx oi, uintptr_t retaddr);
+                                    MemOpIdx oi, uintptr_t retaddr);
 tcg_target_ulong helper_be_ldsw_mmu(CPUArchState *env, target_ulong addr,
-                                    TCGMemOpIdx oi, uintptr_t retaddr);
+                                    MemOpIdx oi, uintptr_t retaddr);
 tcg_target_ulong helper_be_ldsl_mmu(CPUArchState *env, target_ulong addr,
-                                    TCGMemOpIdx oi, uintptr_t retaddr);
+                                    MemOpIdx oi, uintptr_t retaddr);
 
 void helper_ret_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
-                        TCGMemOpIdx oi, uintptr_t retaddr);
+                        MemOpIdx oi, uintptr_t retaddr);
 void helper_le_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
-                       TCGMemOpIdx oi, uintptr_t retaddr);
+                       MemOpIdx oi, uintptr_t retaddr);
 void helper_le_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
-                       TCGMemOpIdx oi, uintptr_t retaddr);
+                       MemOpIdx oi, uintptr_t retaddr);
 void helper_le_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
-                       TCGMemOpIdx oi, uintptr_t retaddr);
+                       MemOpIdx oi, uintptr_t retaddr);
 void helper_be_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
-                       TCGMemOpIdx oi, uintptr_t retaddr);
+                       MemOpIdx oi, uintptr_t retaddr);
 void helper_be_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
-                       TCGMemOpIdx oi, uintptr_t retaddr);
+                       MemOpIdx oi, uintptr_t retaddr);
 void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
-                       TCGMemOpIdx oi, uintptr_t retaddr);
+                       MemOpIdx oi, uintptr_t retaddr);
 
 /* Temporary aliases until backends are converted.  */
 #ifdef TARGET_WORDS_BIGENDIAN
@@ -XXX,XX +XXX,XX @@ void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
 
 uint32_t cpu_atomic_cmpxchgb_mmu(CPUArchState *env, target_ulong addr,
                                  uint32_t cmpv, uint32_t newv,
-                                 TCGMemOpIdx oi, uintptr_t retaddr);
+                                 MemOpIdx oi, uintptr_t retaddr);
 uint32_t cpu_atomic_cmpxchgw_le_mmu(CPUArchState *env, target_ulong addr,
                                     uint32_t cmpv, uint32_t newv,
-                                    TCGMemOpIdx oi, uintptr_t retaddr);
+                                    MemOpIdx oi, uintptr_t retaddr);
 uint32_t cpu_atomic_cmpxchgl_le_mmu(CPUArchState *env, target_ulong addr,
                                     uint32_t cmpv, uint32_t newv,
-                                    TCGMemOpIdx oi, uintptr_t retaddr);
+                                    MemOpIdx oi, uintptr_t retaddr);
 uint64_t cpu_atomic_cmpxchgq_le_mmu(CPUArchState *env, target_ulong addr,
                                     uint64_t cmpv, uint64_t newv,
-                                    TCGMemOpIdx oi, uintptr_t retaddr);
+                                    MemOpIdx oi, uintptr_t retaddr);
 uint32_t cpu_atomic_cmpxchgw_be_mmu(CPUArchState *env, target_ulong addr,
                                     uint32_t cmpv, uint32_t newv,
-                                    TCGMemOpIdx oi, uintptr_t retaddr);
+                                    MemOpIdx oi, uintptr_t retaddr);
 uint32_t cpu_atomic_cmpxchgl_be_mmu(CPUArchState *env, target_ulong addr,
                                     uint32_t cmpv, uint32_t newv,
-                                    TCGMemOpIdx oi, uintptr_t retaddr);
+                                    MemOpIdx oi, uintptr_t retaddr);
 uint64_t cpu_atomic_cmpxchgq_be_mmu(CPUArchState *env, target_ulong addr,
                                     uint64_t cmpv, uint64_t newv,
-                                    TCGMemOpIdx oi, uintptr_t retaddr);
+                                    MemOpIdx oi, uintptr_t retaddr);
 
 #define GEN_ATOMIC_HELPER(NAME, TYPE, SUFFIX)         \
 TYPE cpu_atomic_ ## NAME ## SUFFIX ## _mmu            \
     (CPUArchState *env, target_ulong addr, TYPE val,  \
-     TCGMemOpIdx oi, uintptr_t retaddr);
+     MemOpIdx oi, uintptr_t retaddr);
 
 #ifdef CONFIG_ATOMIC64
 #define GEN_ATOMIC_HELPER_ALL(NAME)          \
@@ -XXX,XX +XXX,XX @@ GEN_ATOMIC_HELPER_ALL(xchg)
 
 Int128 cpu_atomic_cmpxchgo_le_mmu(CPUArchState *env, target_ulong addr,
                                   Int128 cmpv, Int128 newv,
-                                  TCGMemOpIdx oi, uintptr_t retaddr);
+                                  MemOpIdx oi, uintptr_t retaddr);
 Int128 cpu_atomic_cmpxchgo_be_mmu(CPUArchState *env, target_ulong addr,
                                   Int128 cmpv, Int128 newv,
-                                  TCGMemOpIdx oi, uintptr_t retaddr);
+                                  MemOpIdx oi, uintptr_t retaddr);
 
 Int128 cpu_atomic_ldo_le_mmu(CPUArchState *env, target_ulong addr,
-                             TCGMemOpIdx oi, uintptr_t retaddr);
+                             MemOpIdx oi, uintptr_t retaddr);
 Int128 cpu_atomic_ldo_be_mmu(CPUArchState *env, target_ulong addr,
-                             TCGMemOpIdx oi, uintptr_t retaddr);
+                             MemOpIdx oi, uintptr_t retaddr);
 void cpu_atomic_sto_le_mmu(CPUArchState *env, target_ulong addr, Int128 val,
-                           TCGMemOpIdx oi, uintptr_t retaddr);
+                           MemOpIdx oi, uintptr_t retaddr);
 void cpu_atomic_sto_be_mmu(CPUArchState *env, target_ulong addr, Int128 val,
-                           TCGMemOpIdx oi, uintptr_t retaddr);
+                           MemOpIdx oi, uintptr_t retaddr);
 
 #ifdef CONFIG_DEBUG_TCG
 void tcg_assert_listed_vecop(TCGOpcode);
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ bool tlb_plugin_lookup(CPUState *cpu, target_ulong addr, int mmu_idx,
  * @prot may be PAGE_READ, PAGE_WRITE, or PAGE_READ|PAGE_WRITE.
  */
 static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
-                               TCGMemOpIdx oi, int size, int prot,
+                               MemOpIdx oi, int size, int prot,
                                uintptr_t retaddr)
 {
     size_t mmu_idx = get_mmuidx(oi);
@@ -XXX,XX +XXX,XX @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
  */
 
 typedef uint64_t FullLoadHelper(CPUArchState *env, target_ulong addr,
-                                TCGMemOpIdx oi, uintptr_t retaddr);
+                                MemOpIdx oi, uintptr_t retaddr);
 
 static inline uint64_t QEMU_ALWAYS_INLINE
 load_memop(const void *haddr, MemOp op)
@@ -XXX,XX +XXX,XX @@ load_memop(const void *haddr, MemOp op)
 }
 
 static inline uint64_t QEMU_ALWAYS_INLINE
-load_helper(CPUArchState *env, target_ulong addr, TCGMemOpIdx oi,
+load_helper(CPUArchState *env, target_ulong addr, MemOpIdx oi,
             uintptr_t retaddr, MemOp op, bool code_read,
             FullLoadHelper *full_load)
 {
@@ -XXX,XX +XXX,XX @@ load_helper(CPUArchState *env, target_ulong addr, TCGMemOpIdx oi,
  */
 
 static uint64_t full_ldub_mmu(CPUArchState *env, target_ulong addr,
-                              TCGMemOpIdx oi, uintptr_t retaddr)
+                              MemOpIdx oi, uintptr_t retaddr)
 {
     return load_helper(env, addr, oi, retaddr, MO_UB, false, full_ldub_mmu);
 }
 
 tcg_target_ulong helper_ret_ldub_mmu(CPUArchState *env, target_ulong addr,
-                                     TCGMemOpIdx oi, uintptr_t retaddr)
+                                     MemOpIdx oi, uintptr_t retaddr)
 {
     return full_ldub_mmu(env, addr, oi, retaddr);
 }
 
 static uint64_t full_le_lduw_mmu(CPUArchState *env, target_ulong addr,
-                                 TCGMemOpIdx oi, uintptr_t retaddr)
+                                 MemOpIdx oi, uintptr_t retaddr)
 {
     return load_helper(env, addr, oi, retaddr, MO_LEUW, false,
                        full_le_lduw_mmu);
 }
 
 tcg_target_ulong helper_le_lduw_mmu(CPUArchState *env, target_ulong addr,
-                                    TCGMemOpIdx oi, uintptr_t retaddr)
+                                    MemOpIdx oi, uintptr_t retaddr)
 {
     return full_le_lduw_mmu(env, addr, oi, retaddr);
 }
 
 static uint64_t full_be_lduw_mmu(CPUArchState *env, target_ulong addr,
-                                 TCGMemOpIdx oi, uintptr_t retaddr)
+                                 MemOpIdx oi, uintptr_t retaddr)
 {
     return load_helper(env, addr, oi, retaddr, MO_BEUW, false,
                        full_be_lduw_mmu);
 }
 
 tcg_target_ulong helper_be_lduw_mmu(CPUArchState *env, target_ulong addr,
-                                    TCGMemOpIdx oi, uintptr_t retaddr)
+                                    MemOpIdx oi, uintptr_t retaddr)
 {
     return full_be_lduw_mmu(env, addr, oi, retaddr);
 }
 
 static uint64_t full_le_ldul_mmu(CPUArchState *env, target_ulong addr,
-                                 TCGMemOpIdx oi, uintptr_t retaddr)
+                                 MemOpIdx oi, uintptr_t retaddr)
 {
     return load_helper(env, addr, oi, retaddr, MO_LEUL, false,
                        full_le_ldul_mmu);
 }
 
 tcg_target_ulong helper_le_ldul_mmu(CPUArchState *env, target_ulong addr,
-                                    TCGMemOpIdx oi, uintptr_t retaddr)
+                                    MemOpIdx oi, uintptr_t retaddr)
 {
     return full_le_ldul_mmu(env, addr, oi, retaddr);
 }
 
 static uint64_t full_be_ldul_mmu(CPUArchState *env, target_ulong addr,
-                                 TCGMemOpIdx oi, uintptr_t retaddr)
+                                 MemOpIdx oi, uintptr_t retaddr)
 {
     return load_helper(env, addr, oi, retaddr, MO_BEUL, false,
                        full_be_ldul_mmu);
 }
 
 tcg_target_ulong helper_be_ldul_mmu(CPUArchState *env, target_ulong addr,
-                                    TCGMemOpIdx oi, uintptr_t retaddr)
+                                    MemOpIdx oi, uintptr_t retaddr)
 {
     return full_be_ldul_mmu(env, addr, oi, retaddr);
 }
 
 uint64_t helper_le_ldq_mmu(CPUArchState *env, target_ulong addr,
-                           TCGMemOpIdx oi, uintptr_t retaddr)
+                           MemOpIdx oi, uintptr_t retaddr)
 {
     return load_helper(env, addr, oi, retaddr, MO_LEQ, false,
                        helper_le_ldq_mmu);
 }
 
 uint64_t helper_be_ldq_mmu(CPUArchState *env, target_ulong addr,
-                           TCGMemOpIdx oi, uintptr_t retaddr)
+                           MemOpIdx oi, uintptr_t retaddr)
 {
     return load_helper(env, addr, oi, retaddr, MO_BEQ, false,
                        helper_be_ldq_mmu);
@@ -XXX,XX +XXX,XX @@ uint64_t helper_be_ldq_mmu(CPUArchState *env, target_ulong addr,
 
 
 tcg_target_ulong helper_ret_ldsb_mmu(CPUArchState *env, target_ulong addr,
-                                     TCGMemOpIdx oi, uintptr_t retaddr)
+                                     MemOpIdx oi, uintptr_t retaddr)
 {
     return (int8_t)helper_ret_ldub_mmu(env, addr, oi, retaddr);
 }
 
 tcg_target_ulong helper_le_ldsw_mmu(CPUArchState *env, target_ulong addr,
-                                    TCGMemOpIdx oi, uintptr_t retaddr)
+                                    MemOpIdx oi, uintptr_t retaddr)
 {
     return (int16_t)helper_le_lduw_mmu(env, addr, oi, retaddr);
 }
 
 tcg_target_ulong helper_be_ldsw_mmu(CPUArchState *env, target_ulong addr,
-                                    TCGMemOpIdx oi, uintptr_t retaddr)
+                                    MemOpIdx oi, uintptr_t retaddr)
 {
     return (int16_t)helper_be_lduw_mmu(env, addr, oi, retaddr);
 }
 
 tcg_target_ulong helper_le_ldsl_mmu(CPUArchState *env, target_ulong addr,
-                                    TCGMemOpIdx oi, uintptr_t retaddr)
+                                    MemOpIdx oi, uintptr_t retaddr)
 {
     return (int32_t)helper_le_ldul_mmu(env, addr, oi, retaddr);
 }
 
 tcg_target_ulong helper_be_ldsl_mmu(CPUArchState *env, target_ulong addr,
-                                    TCGMemOpIdx oi, uintptr_t retaddr)
+                                    MemOpIdx oi, uintptr_t retaddr)
 {
     return (int32_t)helper_be_ldul_mmu(env, addr, oi, retaddr);
 }
@@ -XXX,XX +XXX,XX @@ static inline uint64_t cpu_load_helper(CPUArchState *env, abi_ptr addr,
                                        MemOp op, FullLoadHelper *full_load)
 {
     uint16_t meminfo;
-    TCGMemOpIdx oi;
+    MemOpIdx oi;
     uint64_t ret;
 
     meminfo = trace_mem_get_info(op, mmu_idx, false);
@@ -XXX,XX +XXX,XX @@ store_helper_unaligned(CPUArchState *env, target_ulong addr, uint64_t val,
     uintptr_t index, index2;
     CPUTLBEntry *entry, *entry2;
     target_ulong page2, tlb_addr, tlb_addr2;
-    TCGMemOpIdx oi;
+    MemOpIdx oi;
     size_t size2;
     int i;
 
@@ -XXX,XX +XXX,XX @@ store_helper_unaligned(CPUArchState *env, target_ulong addr, uint64_t val,
 
 static inline void QEMU_ALWAYS_INLINE
 store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
-             TCGMemOpIdx oi, uintptr_t retaddr, MemOp op)
+             MemOpIdx oi, uintptr_t retaddr, MemOp op)
 {
     uintptr_t mmu_idx = get_mmuidx(oi);
     uintptr_t index = tlb_index(env, mmu_idx, addr);
@@ -XXX,XX +XXX,XX @@ store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
 
 void __attribute__((noinline))
 helper_ret_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
-                   TCGMemOpIdx oi, uintptr_t retaddr)
+                   MemOpIdx oi, uintptr_t retaddr)
 {
     store_helper(env, addr, val, oi, retaddr, MO_UB);
 }
 
 void helper_le_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
-                       TCGMemOpIdx oi, uintptr_t retaddr)
+                       MemOpIdx oi, uintptr_t retaddr)
 {
     store_helper(env, addr, val, oi, retaddr, MO_LEUW);
 }
 
 void helper_be_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
-                       TCGMemOpIdx oi, uintptr_t retaddr)
+                       MemOpIdx oi, uintptr_t retaddr)
 {
     store_helper(env, addr, val, oi, retaddr, MO_BEUW);
 }
 
 void helper_le_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
-                       TCGMemOpIdx oi, uintptr_t retaddr)
+                       MemOpIdx oi, uintptr_t retaddr)
 {
     store_helper(env, addr, val, oi, retaddr, MO_LEUL);
 }
 
 void helper_be_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
-                       TCGMemOpIdx oi, uintptr_t retaddr)
+                       MemOpIdx oi, uintptr_t retaddr)
 {
     store_helper(env, addr, val, oi, retaddr, MO_BEUL);
 }
 
 void helper_le_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
-                       TCGMemOpIdx oi, uintptr_t retaddr)
+                       MemOpIdx oi, uintptr_t retaddr)
 {
     store_helper(env, addr, val, oi, retaddr, MO_LEQ);
 }
 
 void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
-                       TCGMemOpIdx oi, uintptr_t retaddr)
+                       MemOpIdx oi, uintptr_t retaddr)
 {
     store_helper(env, addr, val, oi, retaddr, MO_BEQ);
 }
@@ -XXX,XX +XXX,XX @@ static inline void QEMU_ALWAYS_INLINE
 cpu_store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
                  int mmu_idx, uintptr_t retaddr, MemOp op)
 {
-    TCGMemOpIdx oi;
+    MemOpIdx oi;
     uint16_t meminfo;
 
     meminfo = trace_mem_get_info(op, mmu_idx, true);
@@ -XXX,XX +XXX,XX @@ void cpu_stq_le_data(CPUArchState *env, target_ulong ptr, uint64_t val)
 /* Code access functions.  */
 
 static uint64_t full_ldub_code(CPUArchState *env, target_ulong addr,
-                               TCGMemOpIdx oi, uintptr_t retaddr)
+                               MemOpIdx oi, uintptr_t retaddr)
 {
     return load_helper(env, addr, oi, retaddr, MO_8, true, full_ldub_code);
 }
 
 uint32_t cpu_ldub_code(CPUArchState *env, abi_ptr addr)
 {
-    TCGMemOpIdx oi = make_memop_idx(MO_UB, cpu_mmu_index(env, true));
+    MemOpIdx oi = make_memop_idx(MO_UB, cpu_mmu_index(env, true));
     return full_ldub_code(env, addr, oi, 0);
 }
 
 static uint64_t full_lduw_code(CPUArchState *env, target_ulong addr,
-                               TCGMemOpIdx oi, uintptr_t retaddr)
+                               MemOpIdx oi, uintptr_t retaddr)
 {
     return load_helper(env, addr, oi, retaddr, MO_TEUW, true, full_lduw_code);
 }
 
 uint32_t cpu_lduw_code(CPUArchState *env, abi_ptr addr)
 {
-    TCGMemOpIdx oi = make_memop_idx(MO_TEUW, cpu_mmu_index(env, true));
+    MemOpIdx oi = make_memop_idx(MO_TEUW, cpu_mmu_index(env, true));
     return full_lduw_code(env, addr, oi, 0);
 }
 
 static uint64_t full_ldl_code(CPUArchState *env, target_ulong addr,
-                              TCGMemOpIdx oi, uintptr_t retaddr)
+                              MemOpIdx oi, uintptr_t retaddr)
 {
     return load_helper(env, addr, oi, retaddr, MO_TEUL, true, full_ldl_code);
 }
 
 uint32_t cpu_ldl_code(CPUArchState *env, abi_ptr addr)
 {
-    TCGMemOpIdx oi = make_memop_idx(MO_TEUL, cpu_mmu_index(env, true));
+    MemOpIdx oi = make_memop_idx(MO_TEUL, cpu_mmu_index(env, true));
     return full_ldl_code(env, addr, oi, 0);
 }
 
 static uint64_t full_ldq_code(CPUArchState *env, target_ulong addr,
-                              TCGMemOpIdx oi, uintptr_t retaddr)
+                              MemOpIdx oi, uintptr_t retaddr)
 {
     return load_helper(env, addr, oi, retaddr, MO_TEQ, true, full_ldq_code);
 }
 
 uint64_t cpu_ldq_code(CPUArchState *env, abi_ptr addr)
 {
-    TCGMemOpIdx oi = make_memop_idx(MO_TEQ, cpu_mmu_index(env, true));
+    MemOpIdx oi = make_memop_idx(MO_TEQ, cpu_mmu_index(env, true));
     return full_ldq_code(env, addr, oi, 0);
 }
diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/user-exec.c
+++ b/accel/tcg/user-exec.c
@@ -XXX,XX +XXX,XX @@ uint64_t cpu_ldq_code(CPUArchState *env, abi_ptr ptr)
  * @prot may be PAGE_READ, PAGE_WRITE, or PAGE_READ|PAGE_WRITE.
  */
 static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
-                               TCGMemOpIdx oi, int size, int prot,
+                               MemOpIdx oi, int size, int prot,
                                uintptr_t retaddr)
 {
     /* Enforce qemu required alignment.  */
diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper-a64.c
+++ b/target/arm/helper-a64.c
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_le)(CPUARMState *env, uint64_t addr,
     clear_helper_retaddr();
 #else
     int mem_idx = cpu_mmu_index(env, false);
-    TCGMemOpIdx oi0 = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
-    TCGMemOpIdx oi1 = make_memop_idx(MO_LEQ, mem_idx);
+    MemOpIdx oi0 = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
+    MemOpIdx oi1 = make_memop_idx(MO_LEQ, mem_idx);
 
     o0 = helper_le_ldq_mmu(env, addr + 0, oi0, ra);
     o1 = helper_le_ldq_mmu(env, addr + 8, oi1, ra);
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_le_parallel)(CPUARMState *env, uint64_t addr,
     uintptr_t ra = GETPC();
     bool success;
     int mem_idx;
-    TCGMemOpIdx oi;
+    MemOpIdx oi;
 
     assert(HAVE_CMPXCHG128);
 
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_be)(CPUARMState *env, uint64_t addr,
     clear_helper_retaddr();
 #else
     int mem_idx = cpu_mmu_index(env, false);
-    TCGMemOpIdx oi0 = make_memop_idx(MO_BEQ | MO_ALIGN_16, mem_idx);
-    TCGMemOpIdx oi1 = make_memop_idx(MO_BEQ, mem_idx);
+    MemOpIdx oi0 = make_memop_idx(MO_BEQ | MO_ALIGN_16, mem_idx);
+    MemOpIdx oi1 = make_memop_idx(MO_BEQ, mem_idx);
 
     o1 = helper_be_ldq_mmu(env, addr + 0, oi0, ra);
     o0 = helper_be_ldq_mmu(env, addr + 8, oi1, ra);
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_be_parallel)(CPUARMState *env, uint64_t addr,
     uintptr_t ra = GETPC();
     bool success;
     int mem_idx;
-    TCGMemOpIdx oi;
+    MemOpIdx oi;
 
     assert(HAVE_CMPXCHG128);
 
@@ -XXX,XX +XXX,XX @@ void HELPER(casp_le_parallel)(CPUARMState *env, uint32_t rs, uint64_t addr,
     Int128 oldv, cmpv, newv;
     uintptr_t ra = GETPC();
     int mem_idx;
-    TCGMemOpIdx oi;
+    MemOpIdx oi;
 
     assert(HAVE_CMPXCHG128);
 
@@ -XXX,XX +XXX,XX @@ void HELPER(casp_be_parallel)(CPUARMState *env, uint32_t rs, uint64_t addr,
     Int128 oldv, cmpv, newv;
     uintptr_t ra = GETPC();
     int mem_idx;
-    TCGMemOpIdx oi;
+    MemOpIdx oi;
 
     assert(HAVE_CMPXCHG128);
 
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/m_helper.c
+++ b/target/arm/m_helper.c
@@ -XXX,XX +XXX,XX @@ static bool do_v7m_function_return(ARMCPU *cpu)
 
     {
         bool threadmode, spsel;
-        TCGMemOpIdx oi;
+        MemOpIdx oi;
         ARMMMUIdx mmu_idx;
         uint32_t *frame_sp_p;
         uint32_t frameptr;
diff --git a/target/i386/tcg/mem_helper.c b/target/i386/tcg/mem_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/tcg/mem_helper.c
+++ b/target/i386/tcg/mem_helper.c
@@ -XXX,XX +XXX,XX @@ void helper_cmpxchg8b(CPUX86State *env, target_ulong a0)
     {
         uintptr_t ra = GETPC();
         int mem_idx = cpu_mmu_index(env, false);
-        TCGMemOpIdx oi = make_memop_idx(MO_TEQ, mem_idx);
+        MemOpIdx oi = make_memop_idx(MO_TEQ, mem_idx);
         oldv = cpu_atomic_cmpxchgq_le_mmu(env, a0, cmpv, newv, oi, ra);
     }
 
@@ -XXX,XX +XXX,XX @@ void helper_cmpxchg16b(CPUX86State *env, target_ulong a0)
         Int128 newv = int128_make128(env->regs[R_EBX], env->regs[R_ECX]);
 
         int mem_idx = cpu_mmu_index(env, false);
-        TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
+        MemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
         Int128 oldv = cpu_atomic_cmpxchgo_le_mmu(env, a0, cmpv, newv, oi, ra);
 
         if (int128_eq(oldv, cmpv)) {
diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/m68k/op_helper.c
+++ b/target/m68k/op_helper.c
@@ -XXX,XX +XXX,XX @@ static void do_cas2l(CPUM68KState *env, uint32_t regs, uint32_t a1, uint32_t a2,
     uintptr_t ra = GETPC();
 #if defined(CONFIG_ATOMIC64)
     int mmu_idx = cpu_mmu_index(env, 0);
-    TCGMemOpIdx oi = make_memop_idx(MO_BEQ, mmu_idx);
+    MemOpIdx oi = make_memop_idx(MO_BEQ, mmu_idx);
 #endif
 
     if (parallel) {
diff --git a/target/mips/tcg/msa_helper.c b/target/mips/tcg/msa_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/mips/tcg/msa_helper.c
+++ b/target/mips/tcg/msa_helper.c
@@ -XXX,XX +XXX,XX @@ void helper_msa_ffint_u_df(CPUMIPSState *env, uint32_t df, uint32_t wd,
 #define DF_ELEMENTS(df) (MSA_WRLEN / DF_BITS(df))
 
 #if !defined(CONFIG_USER_ONLY)
-#define MEMOP_IDX(DF)                                           \
-        TCGMemOpIdx oi = make_memop_idx(MO_TE | DF | MO_UNALN,  \
-                                        cpu_mmu_index(env, false));
+#define MEMOP_IDX(DF)                                                   \
+    MemOpIdx oi = make_memop_idx(MO_TE | DF | MO_UNALN,                 \
+                                 cpu_mmu_index(env, false));
 #else
 #define MEMOP_IDX(DF)
 #endif
diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/tcg/mem_helper.c
+++ b/target/s390x/tcg/mem_helper.c
@@ -XXX,XX +XXX,XX @@ static void do_access_memset(CPUS390XState *env, vaddr vaddr, char *haddr,
     g_assert(haddr);
     memset(haddr, byte, size);
 #else
-    TCGMemOpIdx oi = make_memop_idx(MO_UB, mmu_idx);
+    MemOpIdx oi = make_memop_idx(MO_UB, mmu_idx);
     int i;
 
     if (likely(haddr)) {
@@ -XXX,XX +XXX,XX @@ static uint8_t do_access_get_byte(CPUS390XState *env, vaddr vaddr, char **haddr,
 #ifdef CONFIG_USER_ONLY
     return ldub_p(*haddr + offset);
 #else
-    TCGMemOpIdx oi = make_memop_idx(MO_UB, mmu_idx);
+    MemOpIdx oi = make_memop_idx(MO_UB, mmu_idx);
     uint8_t byte;
 
     if (likely(*haddr)) {
@@ -XXX,XX +XXX,XX @@ static void do_access_set_byte(CPUS390XState *env, vaddr vaddr, char **haddr,
 #ifdef CONFIG_USER_ONLY
     stb_p(*haddr + offset, byte);
 #else
-    TCGMemOpIdx oi = make_memop_idx(MO_UB, mmu_idx);
+    MemOpIdx oi = make_memop_idx(MO_UB, mmu_idx);
 
     if (likely(*haddr)) {
         stb_p(*haddr + offset, byte);
@@ -XXX,XX +XXX,XX @@ void HELPER(cdsg_parallel)(CPUS390XState *env, uint64_t addr,
     Int128 cmpv = int128_make128(env->regs[r1 + 1], env->regs[r1]);
     Int128 newv = int128_make128(env->regs[r3 + 1], env->regs[r3]);
     int mem_idx;
-    TCGMemOpIdx oi;
+    MemOpIdx oi;
     Int128 oldv;
     bool fail;
 
@@ -XXX,XX +XXX,XX @@ static uint32_t do_csst(CPUS390XState *env, uint32_t r3, uint64_t a1,
                 uint32_t *haddr = g2h(env_cpu(env), a1);
                 ov = qatomic_cmpxchg__nocheck(haddr, cv, nv);
 #else
-                TCGMemOpIdx oi = make_memop_idx(MO_TEUL | MO_ALIGN, mem_idx);
+                MemOpIdx oi = make_memop_idx(MO_TEUL | MO_ALIGN, mem_idx);
                 ov = cpu_atomic_cmpxchgl_be_mmu(env, a1, cv, nv, oi, ra);
 #endif
             } else {
@@ -XXX,XX +XXX,XX @@ static uint32_t do_csst(CPUS390XState *env, uint32_t r3, uint64_t a1,
 
             if (parallel) {
 #ifdef CONFIG_ATOMIC64
-                TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN, mem_idx);
+                MemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN, mem_idx);
                 ov = cpu_atomic_cmpxchgq_be_mmu(env, a1, cv, nv, oi, ra);
 #else
                 /* Note that we asserted !parallel above.  */
@@ -XXX,XX +XXX,XX @@ static uint32_t do_csst(CPUS390XState *env, uint32_t r3, uint64_t a1,
                 cpu_stq_data_ra(env, a1 + 0, int128_gethi(nv), ra);
                 cpu_stq_data_ra(env, a1 + 8, int128_getlo(nv), ra);
             } else if (HAVE_CMPXCHG128) {
-                TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
+                MemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
                 ov = cpu_atomic_cmpxchgo_be_mmu(env, a1, cv, nv, oi, ra);
                 cc = !int128_eq(ov, cv);
             } else {
@@ -XXX,XX +XXX,XX @@ static uint32_t do_csst(CPUS390XState *env, uint32_t r3, uint64_t a1,
                 cpu_stq_data_ra(env, a2 + 0, svh, ra);
                 cpu_stq_data_ra(env, a2 + 8, svl, ra);
             } else if (HAVE_ATOMIC128) {
-                TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
+                MemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
                 Int128 sv = int128_make128(svl, svh);
                 cpu_atomic_sto_be_mmu(env, a2, sv, oi, ra);
             } else {
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(lpq_parallel)(CPUS390XState *env, uint64_t addr)
     uintptr_t ra = GETPC();
     uint64_t hi, lo;
     int mem_idx;
-    TCGMemOpIdx oi;
+    MemOpIdx oi;
     Int128 v;
 
     assert(HAVE_ATOMIC128);
@@ -XXX,XX +XXX,XX @@ void HELPER(stpq_parallel)(CPUS390XState *env, uint64_t addr,
 {
     uintptr_t ra = GETPC();
     int mem_idx;
-    TCGMemOpIdx oi;
+    MemOpIdx oi;
     Int128 v;
 
     assert(HAVE_ATOMIC128);
diff --git a/target/sparc/ldst_helper.c b/target/sparc/ldst_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sparc/ldst_helper.c
+++ b/target/sparc/ldst_helper.c
@@ -XXX,XX +XXX,XX @@ uint64_t helper_ld_asi(CPUSPARCState *env, target_ulong addr,
     case ASI_SNF:
     case ASI_SNFL:
         {
-            TCGMemOpIdx oi;
+            MemOpIdx oi;
             int idx = (env->pstate & PS_PRIV
                        ? (asi & 1 ? MMU_KERNEL_SECONDARY_IDX : MMU_KERNEL_IDX)
                        : (asi & 1 ? MMU_USER_SECONDARY_IDX : MMU_USER_IDX));
diff --git a/tcg/optimize.c b/tcg/optimize.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/optimize.c
+++ b/tcg/optimize.c
@@ -XXX,XX +XXX,XX @@ void tcg_optimize(TCGContext *s)
 
         CASE_OP_32_64(qemu_ld):
             {
-                TCGMemOpIdx oi = op->args[nb_oargs + nb_iargs];
+                MemOpIdx oi = op->args[nb_oargs + nb_iargs];
                 MemOp mop = get_memop(oi);
                 if (!(mop & MO_SIGN)) {
                     mask = (2ULL << ((8 << (mop & MO_SIZE)) - 1)) - 1;
diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg-op.c
+++ b/tcg/tcg-op.c
@@ -XXX,XX +XXX,XX @@ static inline MemOp tcg_canonicalize_memop(MemOp op, bool is64, bool st)
 static void gen_ldst_i32(TCGOpcode opc, TCGv_i32 val, TCGv addr,
                          MemOp memop, TCGArg idx)
 {
-    TCGMemOpIdx oi = make_memop_idx(memop, idx);
+    MemOpIdx oi = make_memop_idx(memop, idx);
 #if TARGET_LONG_BITS == 32
     tcg_gen_op3i_i32(opc, val, addr, oi);
 #else
@@ -XXX,XX +XXX,XX @@ static void gen_ldst_i32(TCGOpcode opc, TCGv_i32 val, TCGv addr,
 static void gen_ldst_i64(TCGOpcode opc, TCGv_i64 val, TCGv addr,
                          MemOp memop, TCGArg idx)
 {
-    TCGMemOpIdx oi = make_memop_idx(memop, idx);
+    MemOpIdx oi = make_memop_idx(memop, idx);
 #if TARGET_LONG_BITS == 32
     if (TCG_TARGET_REG_BITS == 32) {
         tcg_gen_op4i_i32(opc, TCGV_LOW(val), TCGV_HIGH(val), addr, oi);
@@ -XXX,XX +XXX,XX @@ void tcg_gen_atomic_cmpxchg_i32(TCGv_i32 retv, TCGv addr, TCGv_i32 cmpv,
         tcg_temp_free_i32(t1);
     } else {
         gen_atomic_cx_i32 gen;
-        TCGMemOpIdx oi;
+        MemOpIdx oi;
 
         gen = table_cmpxchg[memop & (MO_SIZE | MO_BSWAP)];
         tcg_debug_assert(gen != NULL);
@@ -XXX,XX +XXX,XX @@ void tcg_gen_atomic_cmpxchg_i64(TCGv_i64 retv, TCGv addr, TCGv_i64 cmpv,
     } else if ((memop & MO_SIZE) == MO_64) {
 #ifdef CONFIG_ATOMIC64
         gen_atomic_cx_i64 gen;
-        TCGMemOpIdx oi;
+        MemOpIdx oi;
 
         gen = table_cmpxchg[memop & (MO_SIZE | MO_BSWAP)];
         tcg_debug_assert(gen != NULL);
@@ -XXX,XX +XXX,XX @@ static void do_atomic_op_i32(TCGv_i32 ret, TCGv addr, TCGv_i32 val,
                              TCGArg idx, MemOp memop, void * const table[])
 {
     gen_atomic_op_i32 gen;
-    TCGMemOpIdx oi;
+    MemOpIdx oi;
 
     memop = tcg_canonicalize_memop(memop, 0, 0);
 
@@ -XXX,XX +XXX,XX @@ static void do_atomic_op_i64(TCGv_i64 ret, TCGv addr, TCGv_i64 val,
     if ((memop & MO_SIZE) == MO_64) {
 #ifdef CONFIG_ATOMIC64
         gen_atomic_op_i64 gen;
-        TCGMemOpIdx oi;
+        MemOpIdx oi;
 
         gen = table[memop & (MO_SIZE | MO_BSWAP)];
         tcg_debug_assert(gen != NULL);
diff --git a/tcg/tcg.c b/tcg/tcg.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -XXX,XX +XXX,XX @@ static void tcg_dump_ops(TCGContext *s, bool have_prefs)
             case INDEX_op_qemu_ld_i64:
             case INDEX_op_qemu_st_i64:
                 {
-                    TCGMemOpIdx oi = op->args[k++];
+                    MemOpIdx oi = op->args[k++];
                     MemOp op = get_memop(oi);
                     unsigned ix = get_mmuidx(oi);
 
diff --git a/tcg/tci.c b/tcg/tci.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tci.c
+++ b/tcg/tci.c
@@ -XXX,XX +XXX,XX @@ static uint64_t tci_uint64(uint32_t high, uint32_t low)
  *   i = immediate (uint32_t)
  *   I = immediate (tcg_target_ulong)
  *   l = label or pointer
- *   m = immediate (TCGMemOpIdx)
+ *   m = immediate (MemOpIdx)
  *   n = immediate (call return length)
  *   r = register
  *   s = signed ldst offset
@@ -XXX,XX +XXX,XX @@ static void tci_args_ri(uint32_t insn, TCGReg *r0, tcg_target_ulong *i1)
 }
 
 static void tci_args_rrm(uint32_t insn, TCGReg *r0,
-                         TCGReg *r1, TCGMemOpIdx *m2)
+                         TCGReg *r1, MemOpIdx *m2)
 {
     *r0 = extract32(insn, 8, 4);
     *r1 = extract32(insn, 12, 4);
@@ -XXX,XX +XXX,XX @@ static void tci_args_rrrc(uint32_t insn,
 }
 
 static void tci_args_rrrm(uint32_t insn,
-                          TCGReg *r0, TCGReg *r1, TCGReg *r2, TCGMemOpIdx *m3)
+                          TCGReg *r0, TCGReg *r1, TCGReg *r2, MemOpIdx *m3)
 {
     *r0 = extract32(insn, 8, 4);
     *r1 = extract32(insn, 12, 4);
@@ -XXX,XX +XXX,XX @@ static bool tci_compare64(uint64_t u0, uint64_t u1, TCGCond condition)
 }
 
 static uint64_t tci_qemu_ld(CPUArchState *env, target_ulong taddr,
-                            TCGMemOpIdx oi, const void *tb_ptr)
+                            MemOpIdx oi, const void *tb_ptr)
 {
     MemOp mop = get_memop(oi) & (MO_BSWAP | MO_SSIZE);
     uintptr_t ra = (uintptr_t)tb_ptr;
@@ -XXX,XX +XXX,XX @@ static uint64_t tci_qemu_ld(CPUArchState *env, target_ulong taddr,
 }
 
 static void tci_qemu_st(CPUArchState *env, target_ulong taddr, uint64_t val,
-                        TCGMemOpIdx oi, const void *tb_ptr)
+                        MemOpIdx oi, const void *tb_ptr)
 {
     MemOp mop = get_memop(oi) & (MO_BSWAP | MO_SSIZE);
     uintptr_t ra = (uintptr_t)tb_ptr;
@@ -XXX,XX +XXX,XX @@ uintptr_t QEMU_DISABLE_CFI tcg_qemu_tb_exec(CPUArchState *env,
         uint32_t tmp32;
         uint64_t tmp64;
         uint64_t T1, T2;
-        TCGMemOpIdx oi;
+        MemOpIdx oi;
         int32_t ofs;
         void *ptr;
 
@@ -XXX,XX +XXX,XX @@ int print_insn_tci(bfd_vma addr, disassemble_info *info)
     tcg_target_ulong i1;
     int32_t s2;
     TCGCond c;
-    TCGMemOpIdx oi;
+    MemOpIdx oi;
     uint8_t pos, len;
     void *ptr;
 
diff --git a/accel/tcg/atomic_common.c.inc b/accel/tcg/atomic_common.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/atomic_common.c.inc
+++ b/accel/tcg/atomic_common.c.inc
@@ -XXX,XX +XXX,XX @@
  */
 
 static uint16_t atomic_trace_rmw_pre(CPUArchState *env, target_ulong addr,
-                                     TCGMemOpIdx oi)
+                                     MemOpIdx oi)
 {
     CPUState *cpu = env_cpu(env);
     uint16_t info = trace_mem_get_info(get_memop(oi), get_mmuidx(oi), false);
@@ -XXX,XX +XXX,XX @@ static void atomic_trace_rmw_post(CPUArchState *env, target_ulong addr,
 
 #if HAVE_ATOMIC128
 static uint16_t atomic_trace_ld_pre(CPUArchState *env, target_ulong addr,
-                                    TCGMemOpIdx oi)
+                                    MemOpIdx oi)
 {
     uint16_t info = trace_mem_get_info(get_memop(oi), get_mmuidx(oi), false);
 
@@ -XXX,XX +XXX,XX @@ static void atomic_trace_ld_post(CPUArchState *env, target_ulong addr,
 }
 
 static uint16_t atomic_trace_st_pre(CPUArchState *env, target_ulong addr,
-                                    TCGMemOpIdx oi)
+                                    MemOpIdx oi)
 {
     uint16_t info = trace_mem_get_info(get_memop(oi), get_mmuidx(oi), true);
 
diff --git a/tcg/aarch64/tcg-target.c.inc b/tcg/aarch64/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/aarch64/tcg-target.c.inc
+++ b/tcg/aarch64/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static void tcg_out_cltz(TCGContext *s, TCGType ext, TCGReg d,
 #include "../tcg-ldst.c.inc"
 
 /* helper signature: helper_ret_ld_mmu(CPUState *env, target_ulong addr,
- *                                     TCGMemOpIdx oi, uintptr_t ra)
+ *                                     MemOpIdx oi, uintptr_t ra)
  */
 static void * const qemu_ld_helpers[MO_SIZE + 1] = {
     [MO_8]  = helper_ret_ldub_mmu,
@@ -XXX,XX +XXX,XX @@ static void * const qemu_ld_helpers[MO_SIZE + 1] = {
 };
 
 /* helper signature: helper_ret_st_mmu(CPUState *env, target_ulong addr,
- *                                     uintxx_t val, TCGMemOpIdx oi,
+ *                                     uintxx_t val, MemOpIdx oi,
  *                                     uintptr_t ra)
  */
 static void * const qemu_st_helpers[MO_SIZE + 1] = {
@@ -XXX,XX +XXX,XX @@ static inline void tcg_out_adr(TCGContext *s, TCGReg rd, const void *target)
 
 static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
 {
-    TCGMemOpIdx oi = lb->oi;
+    MemOpIdx oi = lb->oi;
     MemOp opc = get_memop(oi);
     MemOp size = opc & MO_SIZE;
 
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
 
 static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
 {
-    TCGMemOpIdx oi = lb->oi;
+    MemOpIdx oi = lb->oi;
     MemOp opc = get_memop(oi);
     MemOp size = opc & MO_SIZE;
 
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
     return true;
 }
 
-static void add_qemu_ldst_label(TCGContext *s, bool is_ld, TCGMemOpIdx oi,
+static void add_qemu_ldst_label(TCGContext *s, bool is_ld, MemOpIdx oi,
                                 TCGType ext, TCGReg data_reg, TCGReg addr_reg,
                                 tcg_insn_unit *raddr, tcg_insn_unit *label_ptr)
 {
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st_direct(TCGContext *s, MemOp memop,
 }
 
 static void tcg_out_qemu_ld(TCGContext *s, TCGReg data_reg, TCGReg addr_reg,
-                            TCGMemOpIdx oi, TCGType ext)
+                            MemOpIdx oi, TCGType ext)
 {
     MemOp memop = get_memop(oi);
     const TCGType otype = TARGET_LONG_BITS == 64 ? TCG_TYPE_I64 : TCG_TYPE_I32;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, TCGReg data_reg, TCGReg addr_reg,
 }
 
 static void tcg_out_qemu_st(TCGContext *s, TCGReg data_reg, TCGReg addr_reg,
-                            TCGMemOpIdx oi)
+                            MemOpIdx oi)
 {
     MemOp memop = get_memop(oi);
     const TCGType otype = TARGET_LONG_BITS == 64 ? TCG_TYPE_I64 : TCG_TYPE_I32;
diff --git a/tcg/arm/tcg-target.c.inc b/tcg/arm/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/arm/tcg-target.c.inc
+++ b/tcg/arm/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static TCGReg tcg_out_tlb_read(TCGContext *s, TCGReg addrlo, TCGReg addrhi,
 /* Record the context of a call to the out of line helper code for the slow
    path for a load or store, so that we can later generate the correct
    helper code.  */
-static void add_qemu_ldst_label(TCGContext *s, bool is_ld, TCGMemOpIdx oi,
+static void add_qemu_ldst_label(TCGContext *s, bool is_ld, MemOpIdx oi,
                                 TCGReg datalo, TCGReg datahi, TCGReg addrlo,
                                 TCGReg addrhi, tcg_insn_unit *raddr,
                                 tcg_insn_unit *label_ptr)
@@ -XXX,XX +XXX,XX @@ static void add_qemu_ldst_label(TCGContext *s, bool is_ld, TCGMemOpIdx oi,
 static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
 {
     TCGReg argreg, datalo, datahi;
-    TCGMemOpIdx oi = lb->oi;
+    MemOpIdx oi = lb->oi;
     MemOp opc = get_memop(oi);
     void *func;
 
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
 static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
 {
     TCGReg argreg, datalo, datahi;
-    TCGMemOpIdx oi = lb->oi;
+    MemOpIdx oi = lb->oi;
     MemOp opc = get_memop(oi);
 
     if (!reloc_pc24(lb->label_ptr[0], tcg_splitwx_to_rx(s->code_ptr))) {
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld_direct(TCGContext *s, MemOp opc, TCGReg datalo,
 static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is64)
 {
     TCGReg addrlo, datalo, datahi, addrhi __attribute__((unused));
-    TCGMemOpIdx oi;
+    MemOpIdx oi;
     MemOp opc;
 #ifdef CONFIG_SOFTMMU
     int mem_index;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st_direct(TCGContext *s, MemOp opc, TCGReg datalo,
 static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is64)
 {
     TCGReg addrlo, datalo, datahi, addrhi __attribute__((unused));
-    TCGMemOpIdx oi;
+    MemOpIdx oi;
     MemOp opc;
 #ifdef CONFIG_SOFTMMU
     int mem_index;
diff --git a/tcg/i386/tcg-target.c.inc b/tcg/i386/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/i386/tcg-target.c.inc
+++ b/tcg/i386/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static inline void tcg_out_tlb_load(TCGContext *s, TCGReg addrlo, TCGReg addrhi,
  * for a load or store, so that we can later generate the correct helper code
  */
 static void add_qemu_ldst_label(TCGContext *s, bool is_ld, bool is_64,
-                                TCGMemOpIdx oi,
+                                MemOpIdx oi,
                                 TCGReg datalo, TCGReg datahi,
                                 TCGReg addrlo, TCGReg addrhi,
                                 tcg_insn_unit *raddr,
@@ -XXX,XX +XXX,XX @@ static void add_qemu_ldst_label(TCGContext *s, bool is_ld, bool is_64,
  */
 static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
 {
-    TCGMemOpIdx oi = l->oi;
+    MemOpIdx oi = l->oi;
     MemOp opc = get_memop(oi);
     TCGReg data_reg;
     tcg_insn_unit **label_ptr = &l->label_ptr[0];
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
  */
 static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
 {
-    TCGMemOpIdx oi = l->oi;
+    MemOpIdx oi = l->oi;
     MemOp opc = get_memop(oi);
     MemOp s_bits = opc & MO_SIZE;
     tcg_insn_unit **label_ptr = &l->label_ptr[0];
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is64)
 {
     TCGReg datalo, datahi, addrlo;
     TCGReg addrhi __attribute__((unused));
-    TCGMemOpIdx oi;
+    MemOpIdx oi;
     MemOp opc;
 #if defined(CONFIG_SOFTMMU)
     int mem_index;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is64)
 {
     TCGReg datalo, datahi, addrlo;
     TCGReg addrhi __attribute__((unused));
-    TCGMemOpIdx oi;
+    MemOpIdx oi;
     MemOp opc;
 #if defined(CONFIG_SOFTMMU)
     int mem_index;
diff --git a/tcg/mips/tcg-target.c.inc b/tcg/mips/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/mips/tcg-target.c.inc
+++ b/tcg/mips/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ QEMU_BUILD_BUG_ON(TLB_MASK_TABLE_OFS(0) < -32768);
  * Clobbers TMP0, TMP1, TMP2, TMP3.
  */
 static void tcg_out_tlb_load(TCGContext *s, TCGReg base, TCGReg addrl,
-                             TCGReg addrh, TCGMemOpIdx oi,
+                             TCGReg addrh, MemOpIdx oi,
                              tcg_insn_unit *label_ptr[2], bool is_load)
 {
     MemOp opc = get_memop(oi);
@@ -XXX,XX +XXX,XX @@ static void tcg_out_tlb_load(TCGContext *s, TCGReg base, TCGReg addrl,
     tcg_out_opc_reg(s, ALIAS_PADD, base, TCG_TMP2, addrl);
 }
 
-static void add_qemu_ldst_label(TCGContext *s, int is_ld, TCGMemOpIdx oi,
+static void add_qemu_ldst_label(TCGContext *s, int is_ld, MemOpIdx oi,
                                 TCGType ext,
                                 TCGReg datalo, TCGReg datahi,
                                 TCGReg addrlo, TCGReg addrhi,
@@ -XXX,XX +XXX,XX @@ static void add_qemu_ldst_label(TCGContext *s, int is_ld, TCGMemOpIdx oi,
 static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
 {
     const tcg_insn_unit *tgt_rx = tcg_splitwx_to_rx(s->code_ptr);
-    TCGMemOpIdx oi = l->oi;
+    MemOpIdx oi = l->oi;
     MemOp opc = get_memop(oi);
     TCGReg v0;
     int i;
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
 static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
 {
     const tcg_insn_unit *tgt_rx = tcg_splitwx_to_rx(s->code_ptr);
-    TCGMemOpIdx oi = l->oi;
+    MemOpIdx oi = l->oi;
     MemOp opc = get_memop(oi);
     MemOp s_bits = opc & MO_SIZE;
     int i;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is_64)
 {
     TCGReg addr_regl, addr_regh __attribute__((unused));
     TCGReg data_regl, data_regh;
-    TCGMemOpIdx oi;
+    MemOpIdx oi;
     MemOp opc;
 #if defined(CONFIG_SOFTMMU)
     tcg_insn_unit *label_ptr[2];
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is_64)
 {
     TCGReg addr_regl, addr_regh __attribute__((unused));
     TCGReg data_regl, data_regh;
-    TCGMemOpIdx oi;
+    MemOpIdx oi;
     MemOp opc;
 #if defined(CONFIG_SOFTMMU)
     tcg_insn_unit *label_ptr[2];
diff --git a/tcg/ppc/tcg-target.c.inc b/tcg/ppc/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/ppc/tcg-target.c.inc
+++ b/tcg/ppc/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static TCGReg tcg_out_tlb_read(TCGContext *s, MemOp opc,
 /* Record the context of a call to the out of line helper code for the slow
    path for a load or store, so that we can later generate the correct
    helper code.  */
-static void add_qemu_ldst_label(TCGContext *s, bool is_ld, TCGMemOpIdx oi,
+static void add_qemu_ldst_label(TCGContext *s, bool is_ld, MemOpIdx oi,
                                 TCGReg datalo_reg, TCGReg datahi_reg,
                                 TCGReg addrlo_reg, TCGReg addrhi_reg,
                                 tcg_insn_unit *raddr, tcg_insn_unit *lptr)
@@ -XXX,XX +XXX,XX @@ static void add_qemu_ldst_label(TCGContext *s, bool is_ld, TCGMemOpIdx oi,
 
 static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
 {
-    TCGMemOpIdx oi = lb->oi;
+    MemOpIdx oi = lb->oi;
     MemOp opc = get_memop(oi);
     TCGReg hi, lo, arg = TCG_REG_R3;
 
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
 
 static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
 {
-    TCGMemOpIdx oi = lb->oi;
+    MemOpIdx oi = lb->oi;
     MemOp opc = get_memop(oi);
     MemOp s_bits = opc & MO_SIZE;
     TCGReg hi, lo, arg = TCG_REG_R3;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is_64)
 {
     TCGReg datalo, datahi, addrlo, rbase;
     TCGReg addrhi __attribute__((unused));
-    TCGMemOpIdx oi;
+    MemOpIdx oi;
     MemOp opc, s_bits;
 #ifdef CONFIG_SOFTMMU
     int mem_index;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is_64)
 {
     TCGReg datalo, datahi, addrlo, rbase;
     TCGReg addrhi __attribute__((unused));
-    TCGMemOpIdx oi;
+    MemOpIdx oi;
     MemOp opc, s_bits;
 #ifdef CONFIG_SOFTMMU
     int mem_index;
diff --git a/tcg/riscv/tcg-target.c.inc b/tcg/riscv/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/riscv/tcg-target.c.inc
+++ b/tcg/riscv/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static void tcg_out_mb(TCGContext *s, TCGArg a0)
 #include "../tcg-ldst.c.inc"
 
 /* helper signature: helper_ret_ld_mmu(CPUState *env, target_ulong addr,
- *                                     TCGMemOpIdx oi, uintptr_t ra)
+ *                                     MemOpIdx oi, uintptr_t ra)
  */
 static void * const qemu_ld_helpers[MO_SSIZE + 1] = {
     [MO_UB] = helper_ret_ldub_mmu,
@@ -XXX,XX +XXX,XX @@ static void * const qemu_ld_helpers[MO_SSIZE + 1] = {
 };
 
 /* helper signature: helper_ret_st_mmu(CPUState *env, target_ulong addr,
- *                                     uintxx_t val, TCGMemOpIdx oi,
+ *                                     uintxx_t val, MemOpIdx oi,
  *                                     uintptr_t ra)
  */
 static void * const qemu_st_helpers[MO_SIZE + 1] = {
@@ -XXX,XX +XXX,XX @@ static void tcg_out_goto(TCGContext *s, const tcg_insn_unit *target)
 }
 
 static void tcg_out_tlb_load(TCGContext *s, TCGReg addrl,
-                             TCGReg addrh, TCGMemOpIdx oi,
+                             TCGReg addrh, MemOpIdx oi,
                              tcg_insn_unit **label_ptr, bool is_load)
 {
     MemOp opc = get_memop(oi);
@@ -XXX,XX +XXX,XX @@ static void tcg_out_tlb_load(TCGContext *s, TCGReg addrl,
     tcg_out_opc_reg(s, OPC_ADD, TCG_REG_TMP0, TCG_REG_TMP2, addrl);
 }
 
-static void add_qemu_ldst_label(TCGContext *s, int is_ld, TCGMemOpIdx oi,
+static void add_qemu_ldst_label(TCGContext *s, int is_ld, MemOpIdx oi,
                                 TCGType ext,
                                 TCGReg datalo, TCGReg datahi,
                                 TCGReg addrlo, TCGReg addrhi,
@@ -XXX,XX +XXX,XX @@ static void add_qemu_ldst_label(TCGContext *s, int is_ld, TCGMemOpIdx oi,
 
 static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
 {
-    TCGMemOpIdx oi = l->oi;
+    MemOpIdx oi = l->oi;
     MemOp opc = get_memop(oi);
     TCGReg a0 = tcg_target_call_iarg_regs[0];
     TCGReg a1 = tcg_target_call_iarg_regs[1];
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
 
 static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
 {
-    TCGMemOpIdx oi = l->oi;
+    MemOpIdx oi = l->oi;
     MemOp opc = get_memop(oi);
     MemOp s_bits = opc & MO_SIZE;
     TCGReg a0 = tcg_target_call_iarg_regs[0];
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is_64)
 {
     TCGReg addr_regl, addr_regh __attribute__((unused));
     TCGReg data_regl, data_regh;
-    TCGMemOpIdx oi;
+    MemOpIdx oi;
     MemOp opc;
 #if defined(CONFIG_SOFTMMU)
     tcg_insn_unit *label_ptr[1];
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is_64)
 {
     TCGReg addr_regl, addr_regh __attribute__((unused));
     TCGReg data_regl, data_regh;
-    TCGMemOpIdx oi;
+    MemOpIdx oi;
     MemOp opc;
 #if defined(CONFIG_SOFTMMU)
     tcg_insn_unit *label_ptr[1];
diff --git a/tcg/s390/tcg-target.c.inc b/tcg/s390/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/s390/tcg-target.c.inc
+++ b/tcg/s390/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static TCGReg tcg_out_tlb_read(TCGContext *s, TCGReg addr_reg, MemOp opc,
     return addr_reg;
 }
 
-static void add_qemu_ldst_label(TCGContext *s, bool is_ld, TCGMemOpIdx oi,
+static void add_qemu_ldst_label(TCGContext *s, bool is_ld, MemOpIdx oi,
                                 TCGReg data, TCGReg addr,
                                 tcg_insn_unit *raddr, tcg_insn_unit *label_ptr)
 {
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
 {
     TCGReg addr_reg = lb->addrlo_reg;
     TCGReg data_reg = lb->datalo_reg;
-    TCGMemOpIdx oi = lb->oi;
+    MemOpIdx oi = lb->oi;
     MemOp opc = get_memop(oi);
 
     if (!patch_reloc(lb->label_ptr[0], R_390_PC16DBL,
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
 {
     TCGReg addr_reg = lb->addrlo_reg;
     TCGReg data_reg = lb->datalo_reg;
-    TCGMemOpIdx oi = lb->oi;
+    MemOpIdx oi = lb->oi;
     MemOp opc = get_memop(oi);
 
     if (!patch_reloc(lb->label_ptr[0], R_390_PC16DBL,
@@ -XXX,XX +XXX,XX @@ static void tcg_prepare_user_ldst(TCGContext *s, TCGReg *addr_reg,
 #endif /* CONFIG_SOFTMMU */
 
 static void tcg_out_qemu_ld(TCGContext* s, TCGReg data_reg, TCGReg addr_reg,
-                            TCGMemOpIdx oi)
+                            MemOpIdx oi)
 {
     MemOp opc = get_memop(oi);
 #ifdef CONFIG_SOFTMMU
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext* s, TCGReg data_reg, TCGReg addr_reg,
 }
 
 static void tcg_out_qemu_st(TCGContext* s, TCGReg data_reg, TCGReg addr_reg,
-                            TCGMemOpIdx oi)
+                            MemOpIdx oi)
 {
     MemOp opc = get_memop(oi);
 #ifdef CONFIG_SOFTMMU
diff --git a/tcg/sparc/tcg-target.c.inc b/tcg/sparc/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/sparc/tcg-target.c.inc
+++ b/tcg/sparc/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static const int qemu_st_opc[(MO_SIZE | MO_BSWAP) + 1] = {
 };
 
 static void tcg_out_qemu_ld(TCGContext *s, TCGReg data, TCGReg addr,
-                            TCGMemOpIdx oi, bool is_64)
+                            MemOpIdx oi, bool is_64)
 {
     MemOp memop = get_memop(oi);
 #ifdef CONFIG_SOFTMMU
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, TCGReg data, TCGReg addr,
 }
 
 static void tcg_out_qemu_st(TCGContext *s, TCGReg data, TCGReg addr,
-                            TCGMemOpIdx oi)
+                            MemOpIdx oi)
 {
     MemOp memop = get_memop(oi);
 #ifdef CONFIG_SOFTMMU
diff --git a/tcg/tcg-ldst.c.inc b/tcg/tcg-ldst.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg-ldst.c.inc
+++ b/tcg/tcg-ldst.c.inc
@@ -XXX,XX +XXX,XX @@
 
 typedef struct TCGLabelQemuLdst {
     bool is_ld;             /* qemu_ld: true, qemu_st: false */
-    TCGMemOpIdx oi;
+    MemOpIdx oi;
     TCGType type;           /* result type of a load */
     TCGReg addrlo_reg;      /* reg index for low word of guest virtual addr */
     TCGReg addrhi_reg;      /* reg index for high word of guest virtual addr */
-- 
2.25.1

Move this code from tcg/tcg.h to its own header.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/exec/memopidx.h | 55 +++++++++++++++++++++++++++++++++++++++++
 include/tcg/tcg.h       | 39 +----------------------------
 2 files changed, 56 insertions(+), 38 deletions(-)
 create mode 100644 include/exec/memopidx.h

diff --git a/include/exec/memopidx.h b/include/exec/memopidx.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/include/exec/memopidx.h
@@ -XXX,XX +XXX,XX @@
+/*
+ * Combine the MemOp and mmu_idx parameters into a single value.
+ *
+ * Authors:
+ *  Richard Henderson <rth@twiddle.net>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#ifndef EXEC_MEMOPIDX_H
+#define EXEC_MEMOPIDX_H 1
+
+#include "exec/memop.h"
+
+typedef uint32_t MemOpIdx;
+
+/**
+ * make_memop_idx
+ * @op: memory operation
+ * @idx: mmu index
+ *
+ * Encode these values into a single parameter.
+ */
+static inline MemOpIdx make_memop_idx(MemOp op, unsigned idx)
+{
+#ifdef CONFIG_DEBUG_TCG
+    assert(idx <= 15);
+#endif
+    return (op << 4) | idx;
+}
+
+/**
+ * get_memop
+ * @oi: combined op/idx parameter
+ *
+ * Extract the memory operation from the combined value.
+ */
+static inline MemOp get_memop(MemOpIdx oi)
+{
+    return oi >> 4;
+}
+
+/**
+ * get_mmuidx
+ * @oi: combined op/idx parameter
+ *
+ * Extract the mmu index from the combined value.
+ */
+static inline unsigned get_mmuidx(MemOpIdx oi)
+{
+    return oi & 15;
+}
+
+#endif
diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
index XXXXXXX..XXXXXXX 100644
--- a/include/tcg/tcg.h
+++ b/include/tcg/tcg.h
@@ -XXX,XX +XXX,XX @@
 
 #include "cpu.h"
 #include "exec/memop.h"
+#include "exec/memopidx.h"
 #include "qemu/bitops.h"
 #include "qemu/plugin.h"
 #include "qemu/queue.h"
@@ -XXX,XX +XXX,XX @@ static inline size_t tcg_current_code_size(TCGContext *s)
     return tcg_ptr_byte_diff(s->code_ptr, s->code_buf);
 }
 
-/* Combine the MemOp and mmu_idx parameters into a single value.  */
-typedef uint32_t MemOpIdx;
-
-/**
- * make_memop_idx
- * @op: memory operation
- * @idx: mmu index
- *
- * Encode these values into a single parameter.
- */
-static inline MemOpIdx make_memop_idx(MemOp op, unsigned idx)
-{
-    tcg_debug_assert(idx <= 15);
-    return (op << 4) | idx;
-}
-
-/**
- * get_memop
- * @oi: combined op/idx parameter
- *
- * Extract the memory operation from the combined value.
- */
-static inline MemOp get_memop(MemOpIdx oi)
-{
-    return oi >> 4;
-}
-
-/**
- * get_mmuidx
- * @oi: combined op/idx parameter
- *
- * Extract the mmu index from the combined value.
- */
-static inline unsigned get_mmuidx(MemOpIdx oi)
-{
-    return oi & 15;
-}
-
 /**
  * tcg_qemu_tb_exec:
  * @env: pointer to CPUArchState for the CPU
-- 
2.25.1

We (will) often have the complete MemOpIdx handy, so use that.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 trace/mem.h                   | 32 +++++++++-----------------
 accel/tcg/cputlb.c            | 12 ++++------
 accel/tcg/user-exec.c         | 42 +++++++++++++++++++++++------------
 tcg/tcg-op.c                  |  8 +++----
 accel/tcg/atomic_common.c.inc |  6 ++---
 5 files changed, 49 insertions(+), 51 deletions(-)

diff --git a/trace/mem.h b/trace/mem.h
index XXXXXXX..XXXXXXX 100644
--- a/trace/mem.h
+++ b/trace/mem.h
@@ -XXX,XX +XXX,XX @@
 #ifndef TRACE__MEM_H
 #define TRACE__MEM_H
 
-#include "tcg/tcg.h"
+#include "exec/memopidx.h"
 
 #define TRACE_MEM_SZ_SHIFT_MASK 0xf /* size shift mask */
 #define TRACE_MEM_SE (1ULL << 4)    /* sign extended (y/n) */
@@ -XXX,XX +XXX,XX @@
 #define TRACE_MEM_MMU_SHIFT 8       /* mmu idx */
 
 /**
- * trace_mem_build_info:
+ * trace_mem_get_info:
  *
  * Return a value for the 'info' argument in guest memory access traces.
  */
-static inline uint16_t trace_mem_build_info(int size_shift, bool sign_extend,
-                                            MemOp endianness, bool store,
-                                            unsigned int mmu_idx)
+static inline uint16_t trace_mem_get_info(MemOpIdx oi, bool store)
 {
+    MemOp op = get_memop(oi);
+    uint32_t size_shift = op & MO_SIZE;
+    bool sign_extend = op & MO_SIGN;
+    bool big_endian = (op & MO_BSWAP) == MO_BE;
     uint16_t res;
 
     res = size_shift & TRACE_MEM_SZ_SHIFT_MASK;
     if (sign_extend) {
         res |= TRACE_MEM_SE;
     }
-    if (endianness == MO_BE) {
+    if (big_endian) {
         res |= TRACE_MEM_BE;
     }
     if (store) {
         res |= TRACE_MEM_ST;
     }
 #ifdef CONFIG_SOFTMMU
-    res |= mmu_idx << TRACE_MEM_MMU_SHIFT;
+    res |= get_mmuidx(oi) << TRACE_MEM_MMU_SHIFT;
 #endif
+
     return res;
 }
 
-
-/**
- * trace_mem_get_info:
- *
- * Return a value for the 'info' argument in guest memory access traces.
- */
-static inline uint16_t trace_mem_get_info(MemOp op,
-                                          unsigned int mmu_idx,
-                                          bool store)
-{
-    return trace_mem_build_info(op & MO_SIZE, !!(op & MO_SIGN),
-                                op & MO_BSWAP, store,
-                                mmu_idx);
-}
-
 #endif /* TRACE__MEM_H */
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ static inline uint64_t cpu_load_helper(CPUArchState *env, abi_ptr addr,
                                        int mmu_idx, uintptr_t retaddr,
                                        MemOp op, FullLoadHelper *full_load)
 {
-    uint16_t meminfo;
-    MemOpIdx oi;
+    MemOpIdx oi = make_memop_idx(op, mmu_idx);
+    uint16_t meminfo = trace_mem_get_info(oi, false);
     uint64_t ret;
 
-    meminfo = trace_mem_get_info(op, mmu_idx, false);
     trace_guest_mem_before_exec(env_cpu(env), addr, meminfo);
 
-    oi = make_memop_idx(op, mmu_idx);
     ret = full_load(env, addr, oi, retaddr);
 
     qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, meminfo);
@@ -XXX,XX +XXX,XX @@ static inline void QEMU_ALWAYS_INLINE
 cpu_store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
                  int mmu_idx, uintptr_t retaddr, MemOp op)
 {
-    MemOpIdx oi;
-    uint16_t meminfo;
+    MemOpIdx oi = make_memop_idx(op, mmu_idx);
+    uint16_t meminfo = trace_mem_get_info(oi, true);
 
-    meminfo = trace_mem_get_info(op, mmu_idx, true);
     trace_guest_mem_before_exec(env_cpu(env), addr, meminfo);
 
-    oi = make_memop_idx(op, mmu_idx);
     store_helper(env, addr, val, oi, retaddr, op);
 
     qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, meminfo);
diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/user-exec.c
+++ b/accel/tcg/user-exec.c
@@ -XXX,XX +XXX,XX @@ int cpu_signal_handler(int host_signum, void *pinfo,
 
 uint32_t cpu_ldub_data(CPUArchState *env, abi_ptr ptr)
 {
+    MemOpIdx oi = make_memop_idx(MO_UB, MMU_USER_IDX);
+    uint16_t meminfo = trace_mem_get_info(oi, false);
     uint32_t ret;
-    uint16_t meminfo = trace_mem_get_info(MO_UB, MMU_USER_IDX, false);
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     ret = ldub_p(g2h(env_cpu(env), ptr));
@@ -XXX,XX +XXX,XX @@ int cpu_ldsb_data(CPUArchState *env, abi_ptr ptr)
 
 uint32_t cpu_lduw_be_data(CPUArchState *env, abi_ptr ptr)
 {
+    MemOpIdx oi = make_memop_idx(MO_BEUW, MMU_USER_IDX);
+    uint16_t meminfo = trace_mem_get_info(oi, false);
     uint32_t ret;
-    uint16_t meminfo = trace_mem_get_info(MO_BEUW, MMU_USER_IDX, false);
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     ret = lduw_be_p(g2h(env_cpu(env), ptr));
@@ -XXX,XX +XXX,XX @@ int cpu_ldsw_be_data(CPUArchState *env, abi_ptr ptr)
 
 uint32_t cpu_ldl_be_data(CPUArchState *env, abi_ptr ptr)
 {
+    MemOpIdx oi = make_memop_idx(MO_BEUL, MMU_USER_IDX);
+    uint16_t meminfo = trace_mem_get_info(oi, false);
     uint32_t ret;
-    uint16_t meminfo = trace_mem_get_info(MO_BEUL, MMU_USER_IDX, false);
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     ret = ldl_be_p(g2h(env_cpu(env), ptr));
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_ldl_be_data(CPUArchState *env, abi_ptr ptr)
 
 uint64_t cpu_ldq_be_data(CPUArchState *env, abi_ptr ptr)
 {
+    MemOpIdx oi = make_memop_idx(MO_BEQ, MMU_USER_IDX);
+    uint16_t meminfo = trace_mem_get_info(oi, false);
     uint64_t ret;
-    uint16_t meminfo = trace_mem_get_info(MO_BEQ, MMU_USER_IDX, false);
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     ret = ldq_be_p(g2h(env_cpu(env), ptr));
@@ -XXX,XX +XXX,XX @@ uint64_t cpu_ldq_be_data(CPUArchState *env, abi_ptr ptr)
 
 uint32_t cpu_lduw_le_data(CPUArchState *env, abi_ptr ptr)
 {
+    MemOpIdx oi = make_memop_idx(MO_LEUW, MMU_USER_IDX);
+    uint16_t meminfo = trace_mem_get_info(oi, false);
     uint32_t ret;
-    uint16_t meminfo = trace_mem_get_info(MO_LEUW, MMU_USER_IDX, false);
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     ret = lduw_le_p(g2h(env_cpu(env), ptr));
@@ -XXX,XX +XXX,XX @@ int cpu_ldsw_le_data(CPUArchState *env, abi_ptr ptr)
 
 uint32_t cpu_ldl_le_data(CPUArchState *env, abi_ptr ptr)
 {
+    MemOpIdx oi = make_memop_idx(MO_LEUL, MMU_USER_IDX);
+    uint16_t meminfo = trace_mem_get_info(oi, false);
     uint32_t ret;
-    uint16_t meminfo = trace_mem_get_info(MO_LEUL, MMU_USER_IDX, false);
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     ret = ldl_le_p(g2h(env_cpu(env), ptr));
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_ldl_le_data(CPUArchState *env, abi_ptr ptr)
 
 uint64_t cpu_ldq_le_data(CPUArchState *env, abi_ptr ptr)
 {
+    MemOpIdx oi = make_memop_idx(MO_LEQ, MMU_USER_IDX);
+    uint16_t meminfo = trace_mem_get_info(oi, false);
     uint64_t ret;
-    uint16_t meminfo = trace_mem_get_info(MO_LEQ, MMU_USER_IDX, false);
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     ret = ldq_le_p(g2h(env_cpu(env), ptr));
@@ -XXX,XX +XXX,XX @@ uint64_t cpu_ldq_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
 
 void cpu_stb_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 {
-    uint16_t meminfo = trace_mem_get_info(MO_UB, MMU_USER_IDX, true);
+    MemOpIdx oi = make_memop_idx(MO_UB, MMU_USER_IDX);
+    uint16_t meminfo = trace_mem_get_info(oi, true);
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     stb_p(g2h(env_cpu(env), ptr), val);
@@ -XXX,XX +XXX,XX @@ void cpu_stb_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 
 void cpu_stw_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 {
-    uint16_t meminfo = trace_mem_get_info(MO_BEUW, MMU_USER_IDX, true);
+    MemOpIdx oi = make_memop_idx(MO_BEUW, MMU_USER_IDX);
+    uint16_t meminfo = trace_mem_get_info(oi, true);
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     stw_be_p(g2h(env_cpu(env), ptr), val);
@@ -XXX,XX +XXX,XX @@ void cpu_stw_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 
 void cpu_stl_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 {
-    uint16_t meminfo = trace_mem_get_info(MO_BEUL, MMU_USER_IDX, true);
+    MemOpIdx oi = make_memop_idx(MO_BEUL, MMU_USER_IDX);
+    uint16_t meminfo = trace_mem_get_info(oi, true);
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     stl_be_p(g2h(env_cpu(env), ptr), val);
@@ -XXX,XX +XXX,XX @@ void cpu_stl_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 
 void cpu_stq_be_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
 {
-    uint16_t meminfo = trace_mem_get_info(MO_BEQ, MMU_USER_IDX, true);
+    MemOpIdx oi = make_memop_idx(MO_BEQ, MMU_USER_IDX);
+    uint16_t meminfo = trace_mem_get_info(oi, true);
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     stq_be_p(g2h(env_cpu(env), ptr), val);
@@ -XXX,XX +XXX,XX @@ void cpu_stq_be_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
 
 void cpu_stw_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 {
-    uint16_t meminfo = trace_mem_get_info(MO_LEUW, MMU_USER_IDX, true);
+    MemOpIdx oi = make_memop_idx(MO_LEUW, MMU_USER_IDX);
+    uint16_t meminfo = trace_mem_get_info(oi, true);
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     stw_le_p(g2h(env_cpu(env), ptr), val);
@@ -XXX,XX +XXX,XX @@ void cpu_stw_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 
 void cpu_stl_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 {
-    uint16_t meminfo = trace_mem_get_info(MO_LEUL, MMU_USER_IDX, true);
+    MemOpIdx oi = make_memop_idx(MO_LEUL, MMU_USER_IDX);
+    uint16_t meminfo = trace_mem_get_info(oi, true);
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     stl_le_p(g2h(env_cpu(env), ptr), val);
@@ -XXX,XX +XXX,XX @@ void cpu_stl_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 
 void cpu_stq_le_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
 {
-    uint16_t meminfo = trace_mem_get_info(MO_LEQ, MMU_USER_IDX, true);
+    MemOpIdx oi = make_memop_idx(MO_LEQ, MMU_USER_IDX);
+    uint16_t meminfo = trace_mem_get_info(oi, true);
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     stq_le_p(g2h(env_cpu(env), ptr), val);
diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg-op.c
+++ b/tcg/tcg-op.c
@@ -XXX,XX +XXX,XX @@ static inline void plugin_gen_mem_callbacks(TCGv vaddr, uint16_t info)
 void tcg_gen_qemu_ld_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
 {
     MemOp orig_memop;
-    uint16_t info = trace_mem_get_info(memop, idx, 0);
+    uint16_t info = trace_mem_get_info(make_memop_idx(memop, idx), 0);
 
     tcg_gen_req_mo(TCG_MO_LD_LD | TCG_MO_ST_LD);
     memop = tcg_canonicalize_memop(memop, 0, 0);
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_ld_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
 void tcg_gen_qemu_st_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
 {
     TCGv_i32 swap = NULL;
-    uint16_t info = trace_mem_get_info(memop, idx, 1);
+    uint16_t info = trace_mem_get_info(make_memop_idx(memop, idx), 1);
 
     tcg_gen_req_mo(TCG_MO_LD_ST | TCG_MO_ST_ST);
     memop = tcg_canonicalize_memop(memop, 0, 1);
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_ld_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
 
     tcg_gen_req_mo(TCG_MO_LD_LD | TCG_MO_ST_LD);
     memop = tcg_canonicalize_memop(memop, 1, 0);
-    info = trace_mem_get_info(memop, idx, 0);
+    info = trace_mem_get_info(make_memop_idx(memop, idx), 0);
     trace_guest_mem_before_tcg(tcg_ctx->cpu, cpu_env, addr, info);
 
     orig_memop = memop;
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_st_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
 
     tcg_gen_req_mo(TCG_MO_LD_ST | TCG_MO_ST_ST);
     memop = tcg_canonicalize_memop(memop, 1, 1);
-    info = trace_mem_get_info(memop, idx, 1);
+    info = trace_mem_get_info(make_memop_idx(memop, idx), 1);
     trace_guest_mem_before_tcg(tcg_ctx->cpu, cpu_env, addr, info);
 
     if (!TCG_TARGET_HAS_MEMORY_BSWAP && (memop & MO_BSWAP)) {
diff --git a/accel/tcg/atomic_common.c.inc b/accel/tcg/atomic_common.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/atomic_common.c.inc
+++ b/accel/tcg/atomic_common.c.inc
@@ -XXX,XX +XXX,XX @@ static uint16_t atomic_trace_rmw_pre(CPUArchState *env, target_ulong addr,
                                      MemOpIdx oi)
 {
     CPUState *cpu = env_cpu(env);
-    uint16_t info = trace_mem_get_info(get_memop(oi), get_mmuidx(oi), false);
+    uint16_t info = trace_mem_get_info(oi, false);
 
     trace_guest_mem_before_exec(cpu, addr, info);
     trace_guest_mem_before_exec(cpu, addr, info | TRACE_MEM_ST);
@@ -XXX,XX +XXX,XX @@ static void atomic_trace_rmw_post(CPUArchState *env, target_ulong addr,
 static uint16_t atomic_trace_ld_pre(CPUArchState *env, target_ulong addr,
                                     MemOpIdx oi)
 {
-    uint16_t info = trace_mem_get_info(get_memop(oi), get_mmuidx(oi), false);
+    uint16_t info = trace_mem_get_info(oi, false);
 
     trace_guest_mem_before_exec(env_cpu(env), addr, info);
 
@@ -XXX,XX +XXX,XX @@ static void atomic_trace_ld_post(CPUArchState *env, target_ulong addr,
 static uint16_t atomic_trace_st_pre(CPUArchState *env, target_ulong addr,
                                     MemOpIdx oi)
 {
-    uint16_t info = trace_mem_get_info(get_memop(oi), get_mmuidx(oi), true);
+    uint16_t info = trace_mem_get_info(oi, true);
 
     trace_guest_mem_before_exec(env_cpu(env), addr, info);
 
-- 
2.25.1

We will shortly use the MemOpIdx directly, but in the meantime
re-compute the trace meminfo.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/atomic_template.h   | 48 +++++++++++++++++------------------
 accel/tcg/atomic_common.c.inc | 30 +++++++++++-----------
 2 files changed, 39 insertions(+), 39 deletions(-)

Use the MemOpIdx directly, rather than the rearrangement
of the same bits currently done by the trace infrastructure.
Pass in enum qemu_plugin_mem_rw so that we are able to treat
read-modify-write operations as a single operation.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/qemu/plugin.h         | 26 ++++++++++++++++++++++++--
 accel/tcg/cputlb.c            |  4 ++--
 accel/tcg/plugin-gen.c        |  5 ++---
 accel/tcg/user-exec.c         | 28 ++++++++++++++--------------
 plugins/api.c                 | 19 +++++++++++--------
 plugins/core.c                | 10 +++++-----
 tcg/tcg-op.c                  | 30 +++++++++++++++++++++---------
 accel/tcg/atomic_common.c.inc | 13 +++----------
 8 files changed, 82 insertions(+), 53 deletions(-)

diff --git a/include/qemu/plugin.h b/include/qemu/plugin.h
index XXXXXXX..XXXXXXX 100644
--- a/include/qemu/plugin.h
+++ b/include/qemu/plugin.h
@@ -XXX,XX +XXX,XX @@
 #include "qemu/error-report.h"
 #include "qemu/queue.h"
 #include "qemu/option.h"
+#include "exec/memopidx.h"
 
 /*
  * Events that plugins can subscribe to.
@@ -XXX,XX +XXX,XX @@ enum qemu_plugin_event {
 struct qemu_plugin_desc;
 typedef QTAILQ_HEAD(, qemu_plugin_desc) QemuPluginList;
 
+/*
+ * Construct a qemu_plugin_meminfo_t.
+ */
+static inline qemu_plugin_meminfo_t
+make_plugin_meminfo(MemOpIdx oi, enum qemu_plugin_mem_rw rw)
+{
+    return oi | (rw << 16);
+}
+
+/*
+ * Extract the memory operation direction from a qemu_plugin_meminfo_t.
+ * Other portions may be extracted via get_memop and get_mmuidx.
+ */
+static inline enum qemu_plugin_mem_rw
+get_plugin_meminfo_rw(qemu_plugin_meminfo_t i)
+{
+    return i >> 16;
+}
+
 #ifdef CONFIG_PLUGIN
 extern QemuOptsList qemu_plugin_opts;
 
@@ -XXX,XX +XXX,XX @@ qemu_plugin_vcpu_syscall(CPUState *cpu, int64_t num, uint64_t a1,
                          uint64_t a6, uint64_t a7, uint64_t a8);
 void qemu_plugin_vcpu_syscall_ret(CPUState *cpu, int64_t num, int64_t ret);
 
-void qemu_plugin_vcpu_mem_cb(CPUState *cpu, uint64_t vaddr, uint32_t meminfo);
+void qemu_plugin_vcpu_mem_cb(CPUState *cpu, uint64_t vaddr,
+                             MemOpIdx oi, enum qemu_plugin_mem_rw rw);
 
 void qemu_plugin_flush_cb(void);
 
@@ -XXX,XX +XXX,XX @@ void qemu_plugin_vcpu_syscall_ret(CPUState *cpu, int64_t num, int64_t ret)
 { }
 
 static inline void qemu_plugin_vcpu_mem_cb(CPUState *cpu, uint64_t vaddr,
-                                           uint32_t meminfo)
+                                           MemOpIdx oi,
+                                           enum qemu_plugin_mem_rw rw)
 { }
 
 static inline void qemu_plugin_flush_cb(void)
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ static inline uint64_t cpu_load_helper(CPUArchState *env, abi_ptr addr,
 
     ret = full_load(env, addr, oi, retaddr);
 
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, meminfo);
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
 
     return ret;
 }
@@ -XXX,XX +XXX,XX @@ cpu_store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
 
     store_helper(env, addr, val, oi, retaddr, op);
 
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, meminfo);
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
 }
 
 void cpu_stb_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
diff --git a/accel/tcg/plugin-gen.c b/accel/tcg/plugin-gen.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/plugin-gen.c
+++ b/accel/tcg/plugin-gen.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/osdep.h"
 #include "tcg/tcg.h"
 #include "tcg/tcg-op.h"
-#include "trace/mem.h"
 #include "exec/exec-all.h"
 #include "exec/plugin-gen.h"
 #include "exec/translator.h"
@@ -XXX,XX +XXX,XX @@ static void gen_mem_wrapped(enum plugin_gen_cb type,
                             const union mem_gen_fn *f, TCGv addr,
                             uint32_t info, bool is_mem)
 {
-    int wr = !!(info & TRACE_MEM_ST);
+    enum qemu_plugin_mem_rw rw = get_plugin_meminfo_rw(info);
 
-    gen_plugin_cb_start(PLUGIN_GEN_FROM_MEM, type, wr);
+    gen_plugin_cb_start(PLUGIN_GEN_FROM_MEM, type, rw);
     if (is_mem) {
         f->mem_fn(addr, info);
     } else {
diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/user-exec.c
+++ b/accel/tcg/user-exec.c
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_ldub_data(CPUArchState *env, abi_ptr ptr)
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     ret = ldub_p(g2h(env_cpu(env), ptr));
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
     return ret;
 }
 
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_lduw_be_data(CPUArchState *env, abi_ptr ptr)
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     ret = lduw_be_p(g2h(env_cpu(env), ptr));
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
     return ret;
 }
 
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_ldl_be_data(CPUArchState *env, abi_ptr ptr)
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     ret = ldl_be_p(g2h(env_cpu(env), ptr));
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
     return ret;
 }
 
@@ -XXX,XX +XXX,XX @@ uint64_t cpu_ldq_be_data(CPUArchState *env, abi_ptr ptr)
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     ret = ldq_be_p(g2h(env_cpu(env), ptr));
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
     return ret;
 }
 
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_lduw_le_data(CPUArchState *env, abi_ptr ptr)
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     ret = lduw_le_p(g2h(env_cpu(env), ptr));
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
     return ret;
 }
 
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_ldl_le_data(CPUArchState *env, abi_ptr ptr)
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     ret = ldl_le_p(g2h(env_cpu(env), ptr));
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
     return ret;
 }
 
@@ -XXX,XX +XXX,XX @@ uint64_t cpu_ldq_le_data(CPUArchState *env, abi_ptr ptr)
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     ret = ldq_le_p(g2h(env_cpu(env), ptr));
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
     return ret;
 }
 
@@ -XXX,XX +XXX,XX @@ void cpu_stb_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     stb_p(g2h(env_cpu(env), ptr), val);
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
 }
 
 void cpu_stw_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
@@ -XXX,XX +XXX,XX @@ void cpu_stw_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     stw_be_p(g2h(env_cpu(env), ptr), val);
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
 }
 
 void cpu_stl_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
@@ -XXX,XX +XXX,XX @@ void cpu_stl_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     stl_be_p(g2h(env_cpu(env), ptr), val);
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
 }
 
 void cpu_stq_be_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
@@ -XXX,XX +XXX,XX @@ void cpu_stq_be_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     stq_be_p(g2h(env_cpu(env), ptr), val);
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
 }
 
 void cpu_stw_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
@@ -XXX,XX +XXX,XX @@ void cpu_stw_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     stw_le_p(g2h(env_cpu(env), ptr), val);
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
 }
 
 void cpu_stl_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
@@ -XXX,XX +XXX,XX @@ void cpu_stl_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     stl_le_p(g2h(env_cpu(env), ptr), val);
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
 }
 
 void cpu_stq_le_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
@@ -XXX,XX +XXX,XX @@ void cpu_stq_le_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
 
     trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
     stq_le_p(g2h(env_cpu(env), ptr), val);
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, meminfo);
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
 }
 
 void cpu_stb_data_ra(CPUArchState *env, abi_ptr ptr,
diff --git a/plugins/api.c b/plugins/api.c
index XXXXXXX..XXXXXXX 100644
--- a/plugins/api.c
+++ b/plugins/api.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/plugin-memory.h"
 #include "hw/boards.h"
 #endif
-#include "trace/mem.h"
 
 /* Uninstall and Reset handlers */
 
@@ -XXX,XX +XXX,XX @@ const char *qemu_plugin_insn_symbol(const struct qemu_plugin_insn *insn)
 
 unsigned qemu_plugin_mem_size_shift(qemu_plugin_meminfo_t info)
 {
-    return info & TRACE_MEM_SZ_SHIFT_MASK;
+    MemOp op = get_memop(info);
+    return op & MO_SIZE;
 }
 
 bool qemu_plugin_mem_is_sign_extended(qemu_plugin_meminfo_t info)
 {
-    return !!(info & TRACE_MEM_SE);
+    MemOp op = get_memop(info);
+    return op & MO_SIGN;
 }
 
 bool qemu_plugin_mem_is_big_endian(qemu_plugin_meminfo_t info)
 {
-    return !!(info & TRACE_MEM_BE);
+    MemOp op = get_memop(info);
+    return (op & MO_BSWAP) == MO_BE;
 }
 
 bool qemu_plugin_mem_is_store(qemu_plugin_meminfo_t info)
 {
-    return !!(info & TRACE_MEM_ST);
+    return get_plugin_meminfo_rw(info) & QEMU_PLUGIN_MEM_W;
 }
 
 /*
@@ -XXX,XX +XXX,XX @@ struct qemu_plugin_hwaddr *qemu_plugin_get_hwaddr(qemu_plugin_meminfo_t info,
 {
 #ifdef CONFIG_SOFTMMU
     CPUState *cpu = current_cpu;
-    unsigned int mmu_idx = info >> TRACE_MEM_MMU_SHIFT;
-    hwaddr_info.is_store = info & TRACE_MEM_ST;
+    unsigned int mmu_idx = get_mmuidx(info);
+    enum qemu_plugin_mem_rw rw = get_plugin_meminfo_rw(info);
+    hwaddr_info.is_store = (rw & QEMU_PLUGIN_MEM_W) != 0;
 
     if (!tlb_plugin_lookup(cpu, vaddr, mmu_idx,
-                           info & TRACE_MEM_ST, &hwaddr_info)) {
+                           hwaddr_info.is_store, &hwaddr_info)) {
         error_report("invalid use of qemu_plugin_get_hwaddr");
         return NULL;
     }
diff --git a/plugins/core.c b/plugins/core.c
index XXXXXXX..XXXXXXX 100644
--- a/plugins/core.c
+++ b/plugins/core.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-proto.h"
 #include "tcg/tcg.h"
 #include "tcg/tcg-op.h"
-#include "trace/mem.h" /* mem_info macros */
 #include "plugin.h"
 #include "qemu/compiler.h"
 
@@ -XXX,XX +XXX,XX @@ void exec_inline_op(struct qemu_plugin_dyn_cb *cb)
     }
 }
 
-void qemu_plugin_vcpu_mem_cb(CPUState *cpu, uint64_t vaddr, uint32_t info)
+void qemu_plugin_vcpu_mem_cb(CPUState *cpu, uint64_t vaddr,
+                             MemOpIdx oi, enum qemu_plugin_mem_rw rw)
 {
     GArray *arr = cpu->plugin_mem_cbs;
     size_t i;
@@ -XXX,XX +XXX,XX @@ void qemu_plugin_vcpu_mem_cb(CPUState *cpu, uint64_t vaddr, uint32_t info)
     for (i = 0; i < arr->len; i++) {
         struct qemu_plugin_dyn_cb *cb =
             &g_array_index(arr, struct qemu_plugin_dyn_cb, i);
-        int w = !!(info & TRACE_MEM_ST) + 1;
 
-        if (!(w & cb->rw)) {
+        if (!(rw & cb->rw)) {
                 break;
         }
         switch (cb->type) {
         case PLUGIN_CB_REGULAR:
-            cb->f.vcpu_mem(cpu->cpu_index, info, vaddr, cb->userp);
+            cb->f.vcpu_mem(cpu->cpu_index, make_plugin_meminfo(oi, rw),
+                           vaddr, cb->userp);
             break;
         case PLUGIN_CB_INLINE:
             exec_inline_op(cb);
diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg-op.c
+++ b/tcg/tcg-op.c
@@ -XXX,XX +XXX,XX @@ static inline TCGv plugin_prep_mem_callbacks(TCGv vaddr)
     return vaddr;
 }
 
-static inline void plugin_gen_mem_callbacks(TCGv vaddr, uint16_t info)
+static void plugin_gen_mem_callbacks(TCGv vaddr, MemOpIdx oi,
+                                     enum qemu_plugin_mem_rw rw)
 {
 #ifdef CONFIG_PLUGIN
     if (tcg_ctx->plugin_insn != NULL) {
+        qemu_plugin_meminfo_t info = make_plugin_meminfo(oi, rw);
         plugin_gen_empty_mem_callback(vaddr, info);
         tcg_temp_free(vaddr);
     }
@@ -XXX,XX +XXX,XX @@ static inline void plugin_gen_mem_callbacks(TCGv vaddr, uint16_t info)
 void tcg_gen_qemu_ld_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
 {
     MemOp orig_memop;
-    uint16_t info = trace_mem_get_info(make_memop_idx(memop, idx), 0);
+    MemOpIdx oi;
+    uint16_t info;
 
     tcg_gen_req_mo(TCG_MO_LD_LD | TCG_MO_ST_LD);
     memop = tcg_canonicalize_memop(memop, 0, 0);
+    oi = make_memop_idx(memop, idx);
+    info = trace_mem_get_info(oi, 0);
     trace_guest_mem_before_tcg(tcg_ctx->cpu, cpu_env, addr, info);
 
     orig_memop = memop;
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_ld_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
 
     addr = plugin_prep_mem_callbacks(addr);
     gen_ldst_i32(INDEX_op_qemu_ld_i32, val, addr, memop, idx);
-    plugin_gen_mem_callbacks(addr, info);
+    plugin_gen_mem_callbacks(addr, oi, QEMU_PLUGIN_MEM_R);
 
     if ((orig_memop ^ memop) & MO_BSWAP) {
         switch (orig_memop & MO_SIZE) {
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_ld_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
 void tcg_gen_qemu_st_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
 {
     TCGv_i32 swap = NULL;
-    uint16_t info = trace_mem_get_info(make_memop_idx(memop, idx), 1);
+    MemOpIdx oi;
+    uint16_t info;
 
     tcg_gen_req_mo(TCG_MO_LD_ST | TCG_MO_ST_ST);
     memop = tcg_canonicalize_memop(memop, 0, 1);
+    oi = make_memop_idx(memop, idx);
+    info = trace_mem_get_info(oi, 1);
     trace_guest_mem_before_tcg(tcg_ctx->cpu, cpu_env, addr, info);
 
     if (!TCG_TARGET_HAS_MEMORY_BSWAP && (memop & MO_BSWAP)) {
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_st_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
     } else {
         gen_ldst_i32(INDEX_op_qemu_st_i32, val, addr, memop, idx);
     }
-    plugin_gen_mem_callbacks(addr, info);
+    plugin_gen_mem_callbacks(addr, oi, QEMU_PLUGIN_MEM_W);
 
     if (swap) {
         tcg_temp_free_i32(swap);
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_st_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
 void tcg_gen_qemu_ld_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
 {
     MemOp orig_memop;
+    MemOpIdx oi;
     uint16_t info;
 
     if (TCG_TARGET_REG_BITS == 32 && (memop & MO_SIZE) < MO_64) {
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_ld_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
 
     tcg_gen_req_mo(TCG_MO_LD_LD | TCG_MO_ST_LD);
     memop = tcg_canonicalize_memop(memop, 1, 0);
-    info = trace_mem_get_info(make_memop_idx(memop, idx), 0);
+    oi = make_memop_idx(memop, idx);
+    info = trace_mem_get_info(oi, 0);
     trace_guest_mem_before_tcg(tcg_ctx->cpu, cpu_env, addr, info);
 
     orig_memop = memop;
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_ld_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
 
     addr = plugin_prep_mem_callbacks(addr);
     gen_ldst_i64(INDEX_op_qemu_ld_i64, val, addr, memop, idx);
-    plugin_gen_mem_callbacks(addr, info);
+    plugin_gen_mem_callbacks(addr, oi, QEMU_PLUGIN_MEM_R);
 
     if ((orig_memop ^ memop) & MO_BSWAP) {
         int flags = (orig_memop & MO_SIGN
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_ld_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
 void tcg_gen_qemu_st_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
 {
     TCGv_i64 swap = NULL;
+    MemOpIdx oi;
     uint16_t info;
 
     if (TCG_TARGET_REG_BITS == 32 && (memop & MO_SIZE) < MO_64) {
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_st_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
 
     tcg_gen_req_mo(TCG_MO_LD_ST | TCG_MO_ST_ST);
     memop = tcg_canonicalize_memop(memop, 1, 1);
-    info = trace_mem_get_info(make_memop_idx(memop, idx), 1);
+    oi = make_memop_idx(memop, idx);
+    info = trace_mem_get_info(oi, 1);
     trace_guest_mem_before_tcg(tcg_ctx->cpu, cpu_env, addr, info);
 
     if (!TCG_TARGET_HAS_MEMORY_BSWAP && (memop & MO_BSWAP)) {
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_st_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
 
     addr = plugin_prep_mem_callbacks(addr);
     gen_ldst_i64(INDEX_op_qemu_st_i64, val, addr, memop, idx);
-    plugin_gen_mem_callbacks(addr, info);
+    plugin_gen_mem_callbacks(addr, oi, QEMU_PLUGIN_MEM_W);
 
     if (swap) {
         tcg_temp_free_i64(swap);
diff --git a/accel/tcg/atomic_common.c.inc b/accel/tcg/atomic_common.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/atomic_common.c.inc
+++ b/accel/tcg/atomic_common.c.inc
@@ -XXX,XX +XXX,XX @@ static void atomic_trace_rmw_pre(CPUArchState *env, target_ulong addr,
 static void atomic_trace_rmw_post(CPUArchState *env, target_ulong addr,
                                   MemOpIdx oi)
 {
-    uint16_t info = trace_mem_get_info(oi, false);
-
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, info);
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, info | TRACE_MEM_ST);
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_RW);
 }
 
 #if HAVE_ATOMIC128
@@ -XXX,XX +XXX,XX @@ static void atomic_trace_ld_pre(CPUArchState *env, target_ulong addr,
 static void atomic_trace_ld_post(CPUArchState *env, target_ulong addr,
                                  MemOpIdx oi)
 {
-    uint16_t info = trace_mem_get_info(oi, false);
-
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, info);
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
 }
 
 static void atomic_trace_st_pre(CPUArchState *env, target_ulong addr,
@@ -XXX,XX +XXX,XX @@ static void atomic_trace_st_pre(CPUArchState *env, target_ulong addr,
 static void atomic_trace_st_post(CPUArchState *env, target_ulong addr,
                                  MemOpIdx oi)
 {
-    uint16_t info = trace_mem_get_info(oi, false);
-
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, info);
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
 }
 #endif
 
-- 
2.25.1

There is no point in encoding load/store within a bit of
the memory trace info operand.  Represent atomic operations
as a single read-modify-write tracepoint.  Use MemOpIdx
instead of inventing a form specifically for traces.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/atomic_template.h   |  1 -
 trace/mem.h                   | 51 -----------------------------------
 accel/tcg/cputlb.c            |  7 ++---
 accel/tcg/user-exec.c         | 44 +++++++++++-------------------
 tcg/tcg-op.c                  | 17 +++---------
 accel/tcg/atomic_common.c.inc | 12 +++------
 trace-events                  | 18 +++----------
 7 files changed, 28 insertions(+), 122 deletions(-)
 delete mode 100644 trace/mem.h

diff --git a/accel/tcg/atomic_template.h b/accel/tcg/atomic_template.h
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/atomic_template.h
+++ b/accel/tcg/atomic_template.h
@@ -XXX,XX +XXX,XX @@
  */
 
 #include "qemu/plugin.h"
-#include "trace/mem.h"
 
 #if DATA_SIZE == 16
 # define SUFFIX     o
diff --git a/trace/mem.h b/trace/mem.h
deleted file mode 100644
index XXXXXXX..XXXXXXX
--- a/trace/mem.h
+++ /dev/null
@@ -XXX,XX +XXX,XX @@
-/*
- * Helper functions for guest memory tracing
- *
- * Copyright (C) 2016 Lluís Vilanova <vilanova@ac.upc.edu>
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or later.
- * See the COPYING file in the top-level directory.
- */
-
-#ifndef TRACE__MEM_H
-#define TRACE__MEM_H
-
-#include "exec/memopidx.h"
-
-#define TRACE_MEM_SZ_SHIFT_MASK 0xf /* size shift mask */
-#define TRACE_MEM_SE (1ULL << 4)    /* sign extended (y/n) */
-#define TRACE_MEM_BE (1ULL << 5)    /* big endian (y/n) */
-#define TRACE_MEM_ST (1ULL << 6)    /* store (y/n) */
-#define TRACE_MEM_MMU_SHIFT 8       /* mmu idx */
-
-/**
- * trace_mem_get_info:
- *
- * Return a value for the 'info' argument in guest memory access traces.
- */
-static inline uint16_t trace_mem_get_info(MemOpIdx oi, bool store)
-{
-    MemOp op = get_memop(oi);
-    uint32_t size_shift = op & MO_SIZE;
-    bool sign_extend = op & MO_SIGN;
-    bool big_endian = (op & MO_BSWAP) == MO_BE;
-    uint16_t res;
-
-    res = size_shift & TRACE_MEM_SZ_SHIFT_MASK;
-    if (sign_extend) {
-        res |= TRACE_MEM_SE;
-    }
-    if (big_endian) {
-        res |= TRACE_MEM_BE;
-    }
-    if (store) {
-        res |= TRACE_MEM_ST;
-    }
-#ifdef CONFIG_SOFTMMU
-    res |= get_mmuidx(oi) << TRACE_MEM_MMU_SHIFT;
-#endif
-
-    return res;
-}
-
-#endif /* TRACE__MEM_H */
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/atomic128.h"
 #include "exec/translate-all.h"
 #include "trace/trace-root.h"
-#include "trace/mem.h"
 #include "tb-hash.h"
 #include "internal.h"
 #ifdef CONFIG_PLUGIN
@@ -XXX,XX +XXX,XX @@ static inline uint64_t cpu_load_helper(CPUArchState *env, abi_ptr addr,
                                        MemOp op, FullLoadHelper *full_load)
 {
     MemOpIdx oi = make_memop_idx(op, mmu_idx);
-    uint16_t meminfo = trace_mem_get_info(oi, false);
     uint64_t ret;
 
-    trace_guest_mem_before_exec(env_cpu(env), addr, meminfo);
+    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
 
     ret = full_load(env, addr, oi, retaddr);
 
@@ -XXX,XX +XXX,XX @@ cpu_store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
                  int mmu_idx, uintptr_t retaddr, MemOp op)
 {
     MemOpIdx oi = make_memop_idx(op, mmu_idx);
-    uint16_t meminfo = trace_mem_get_info(oi, true);
 
-    trace_guest_mem_before_exec(env_cpu(env), addr, meminfo);
+    trace_guest_st_before_exec(env_cpu(env), addr, oi);
 
     store_helper(env, addr, val, oi, retaddr, op);
 
diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/user-exec.c
+++ b/accel/tcg/user-exec.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-proto.h"
 #include "qemu/atomic128.h"
 #include "trace/trace-root.h"
-#include "trace/mem.h"
+#include "internal.h"
 
 #undef EAX
 #undef ECX
@@ -XXX,XX +XXX,XX @@ int cpu_signal_handler(int host_signum, void *pinfo,
 uint32_t cpu_ldub_data(CPUArchState *env, abi_ptr ptr)
 {
     MemOpIdx oi = make_memop_idx(MO_UB, MMU_USER_IDX);
-    uint16_t meminfo = trace_mem_get_info(oi, false);
     uint32_t ret;
 
-    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
+    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
     ret = ldub_p(g2h(env_cpu(env), ptr));
     qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
     return ret;
@@ -XXX,XX +XXX,XX @@ int cpu_ldsb_data(CPUArchState *env, abi_ptr ptr)
 uint32_t cpu_lduw_be_data(CPUArchState *env, abi_ptr ptr)
 {
     MemOpIdx oi = make_memop_idx(MO_BEUW, MMU_USER_IDX);
-    uint16_t meminfo = trace_mem_get_info(oi, false);
     uint32_t ret;
 
-    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
+    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
     ret = lduw_be_p(g2h(env_cpu(env), ptr));
     qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
     return ret;
@@ -XXX,XX +XXX,XX @@ int cpu_ldsw_be_data(CPUArchState *env, abi_ptr ptr)
 uint32_t cpu_ldl_be_data(CPUArchState *env, abi_ptr ptr)
 {
     MemOpIdx oi = make_memop_idx(MO_BEUL, MMU_USER_IDX);
-    uint16_t meminfo = trace_mem_get_info(oi, false);
     uint32_t ret;
 
-    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
+    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
     ret = ldl_be_p(g2h(env_cpu(env), ptr));
     qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
     return ret;
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_ldl_be_data(CPUArchState *env, abi_ptr ptr)
 uint64_t cpu_ldq_be_data(CPUArchState *env, abi_ptr ptr)
 {
     MemOpIdx oi = make_memop_idx(MO_BEQ, MMU_USER_IDX);
-    uint16_t meminfo = trace_mem_get_info(oi, false);
     uint64_t ret;
 
-    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
+    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
     ret = ldq_be_p(g2h(env_cpu(env), ptr));
     qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
     return ret;
@@ -XXX,XX +XXX,XX @@ uint64_t cpu_ldq_be_data(CPUArchState *env, abi_ptr ptr)
 uint32_t cpu_lduw_le_data(CPUArchState *env, abi_ptr ptr)
 {
     MemOpIdx oi = make_memop_idx(MO_LEUW, MMU_USER_IDX);
-    uint16_t meminfo = trace_mem_get_info(oi, false);
     uint32_t ret;
 
-    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
+    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
     ret = lduw_le_p(g2h(env_cpu(env), ptr));
     qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
     return ret;
@@ -XXX,XX +XXX,XX @@ int cpu_ldsw_le_data(CPUArchState *env, abi_ptr ptr)
 uint32_t cpu_ldl_le_data(CPUArchState *env, abi_ptr ptr)
 {
     MemOpIdx oi = make_memop_idx(MO_LEUL, MMU_USER_IDX);
-    uint16_t meminfo = trace_mem_get_info(oi, false);
     uint32_t ret;
 
-    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
+    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
     ret = ldl_le_p(g2h(env_cpu(env), ptr));
     qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
     return ret;
@@ -XXX,XX +XXX,XX @@ uint32_t cpu_ldl_le_data(CPUArchState *env, abi_ptr ptr)
 uint64_t cpu_ldq_le_data(CPUArchState *env, abi_ptr ptr)
 {
     MemOpIdx oi = make_memop_idx(MO_LEQ, MMU_USER_IDX);
-    uint16_t meminfo = trace_mem_get_info(oi, false);
     uint64_t ret;
 
-    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
+    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
     ret = ldq_le_p(g2h(env_cpu(env), ptr));
     qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
     return ret;
@@ -XXX,XX +XXX,XX @@ uint64_t cpu_ldq_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
 void cpu_stb_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 {
     MemOpIdx oi = make_memop_idx(MO_UB, MMU_USER_IDX);
-    uint16_t meminfo = trace_mem_get_info(oi, true);
 
-    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
+    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
     stb_p(g2h(env_cpu(env), ptr), val);
     qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
 }
@@ -XXX,XX +XXX,XX @@ void cpu_stb_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 void cpu_stw_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 {
     MemOpIdx oi = make_memop_idx(MO_BEUW, MMU_USER_IDX);
-    uint16_t meminfo = trace_mem_get_info(oi, true);
 
-    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
+    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
     stw_be_p(g2h(env_cpu(env), ptr), val);
     qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
 }
@@ -XXX,XX +XXX,XX @@ void cpu_stw_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 void cpu_stl_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 {
     MemOpIdx oi = make_memop_idx(MO_BEUL, MMU_USER_IDX);
-    uint16_t meminfo = trace_mem_get_info(oi, true);
 
-    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
+    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
     stl_be_p(g2h(env_cpu(env), ptr), val);
     qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
 }
@@ -XXX,XX +XXX,XX @@ void cpu_stl_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 void cpu_stq_be_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
 {
     MemOpIdx oi = make_memop_idx(MO_BEQ, MMU_USER_IDX);
-    uint16_t meminfo = trace_mem_get_info(oi, true);
 
-    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
+    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
     stq_be_p(g2h(env_cpu(env), ptr), val);
     qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
 }
@@ -XXX,XX +XXX,XX @@ void cpu_stq_be_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
 void cpu_stw_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 {
     MemOpIdx oi = make_memop_idx(MO_LEUW, MMU_USER_IDX);
-    uint16_t meminfo = trace_mem_get_info(oi, true);
 
-    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
+    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
     stw_le_p(g2h(env_cpu(env), ptr), val);
     qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
 }
@@ -XXX,XX +XXX,XX @@ void cpu_stw_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 void cpu_stl_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 {
     MemOpIdx oi = make_memop_idx(MO_LEUL, MMU_USER_IDX);
-    uint16_t meminfo = trace_mem_get_info(oi, true);
 
-    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
+    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
     stl_le_p(g2h(env_cpu(env), ptr), val);
     qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
 }
@@ -XXX,XX +XXX,XX @@ void cpu_stl_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 void cpu_stq_le_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
 {
     MemOpIdx oi = make_memop_idx(MO_LEQ, MMU_USER_IDX);
-    uint16_t meminfo = trace_mem_get_info(oi, true);
 
-    trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
+    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
     stq_le_p(g2h(env_cpu(env), ptr), val);
     qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
 }
diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg-op.c
+++ b/tcg/tcg-op.c
@@ -XXX,XX +XXX,XX @@
 #include "tcg/tcg-op.h"
 #include "tcg/tcg-mo.h"
 #include "trace-tcg.h"
-#include "trace/mem.h"
 #include "exec/plugin-gen.h"
 
 /* Reduce the number of ifdefs below.  This assumes that all uses of
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_ld_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
 {
     MemOp orig_memop;
     MemOpIdx oi;
-    uint16_t info;
 
     tcg_gen_req_mo(TCG_MO_LD_LD | TCG_MO_ST_LD);
     memop = tcg_canonicalize_memop(memop, 0, 0);
     oi = make_memop_idx(memop, idx);
-    info = trace_mem_get_info(oi, 0);
-    trace_guest_mem_before_tcg(tcg_ctx->cpu, cpu_env, addr, info);
+    trace_guest_ld_before_tcg(tcg_ctx->cpu, cpu_env, addr, oi);
 
     orig_memop = memop;
     if (!TCG_TARGET_HAS_MEMORY_BSWAP && (memop & MO_BSWAP)) {
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_st_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
 {
     TCGv_i32 swap = NULL;
     MemOpIdx oi;
-    uint16_t info;
 
     tcg_gen_req_mo(TCG_MO_LD_ST | TCG_MO_ST_ST);
     memop = tcg_canonicalize_memop(memop, 0, 1);
     oi = make_memop_idx(memop, idx);
-    info = trace_mem_get_info(oi, 1);
-    trace_guest_mem_before_tcg(tcg_ctx->cpu, cpu_env, addr, info);
+    trace_guest_st_before_tcg(tcg_ctx->cpu, cpu_env, addr, oi);
 
     if (!TCG_TARGET_HAS_MEMORY_BSWAP && (memop & MO_BSWAP)) {
         swap = tcg_temp_new_i32();
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_ld_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
 {
     MemOp orig_memop;
     MemOpIdx oi;
-    uint16_t info;
 
     if (TCG_TARGET_REG_BITS == 32 && (memop & MO_SIZE) < MO_64) {
         tcg_gen_qemu_ld_i32(TCGV_LOW(val), addr, idx, memop);
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_ld_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
     tcg_gen_req_mo(TCG_MO_LD_LD | TCG_MO_ST_LD);
     memop = tcg_canonicalize_memop(memop, 1, 0);
     oi = make_memop_idx(memop, idx);
-    info = trace_mem_get_info(oi, 0);
-    trace_guest_mem_before_tcg(tcg_ctx->cpu, cpu_env, addr, info);
+    trace_guest_ld_before_tcg(tcg_ctx->cpu, cpu_env, addr, oi);
 
     orig_memop = memop;
     if (!TCG_TARGET_HAS_MEMORY_BSWAP && (memop & MO_BSWAP)) {
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_st_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
 {
     TCGv_i64 swap = NULL;
     MemOpIdx oi;
-    uint16_t info;
 
     if (TCG_TARGET_REG_BITS == 32 && (memop & MO_SIZE) < MO_64) {
         tcg_gen_qemu_st_i32(TCGV_LOW(val), addr, idx, memop);
@@ -XXX,XX +XXX,XX @@ void tcg_gen_qemu_st_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
     tcg_gen_req_mo(TCG_MO_LD_ST | TCG_MO_ST_ST);
     memop = tcg_canonicalize_memop(memop, 1, 1);
     oi = make_memop_idx(memop, idx);
-    info = trace_mem_get_info(oi, 1);
-    trace_guest_mem_before_tcg(tcg_ctx->cpu, cpu_env, addr, info);
+    trace_guest_st_before_tcg(tcg_ctx->cpu, cpu_env, addr, oi);
 
     if (!TCG_TARGET_HAS_MEMORY_BSWAP && (memop & MO_BSWAP)) {
         swap = tcg_temp_new_i64();
diff --git a/accel/tcg/atomic_common.c.inc b/accel/tcg/atomic_common.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/atomic_common.c.inc
+++ b/accel/tcg/atomic_common.c.inc
@@ -XXX,XX +XXX,XX @@ static void atomic_trace_rmw_pre(CPUArchState *env, target_ulong addr,
                                  MemOpIdx oi)
 {
     CPUState *cpu = env_cpu(env);
-    uint16_t info = trace_mem_get_info(oi, false);
 
-    trace_guest_mem_before_exec(cpu, addr, info);
-    trace_guest_mem_before_exec(cpu, addr, info | TRACE_MEM_ST);
+    trace_guest_rmw_before_exec(cpu, addr, oi);
 }
 
 static void atomic_trace_rmw_post(CPUArchState *env, target_ulong addr,
@@ -XXX,XX +XXX,XX @@ static void atomic_trace_rmw_post(CPUArchState *env, target_ulong addr,
 static void atomic_trace_ld_pre(CPUArchState *env, target_ulong addr,
                                 MemOpIdx oi)
 {
-    uint16_t info = trace_mem_get_info(oi, false);
-
-    trace_guest_mem_before_exec(env_cpu(env), addr, info);
+    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
 }
 
 static void atomic_trace_ld_post(CPUArchState *env, target_ulong addr,
@@ -XXX,XX +XXX,XX @@ static void atomic_trace_ld_post(CPUArchState *env, target_ulong addr,
 static void atomic_trace_st_pre(CPUArchState *env, target_ulong addr,
                                 MemOpIdx oi)
 {
-    uint16_t info = trace_mem_get_info(oi, true);
-
-    trace_guest_mem_before_exec(env_cpu(env), addr, info);
+    trace_guest_st_before_exec(env_cpu(env), addr, oi);
 }
 
 static void atomic_trace_st_post(CPUArchState *env, target_ulong addr,
diff --git a/trace-events b/trace-events
index XXXXXXX..XXXXXXX 100644
--- a/trace-events
+++ b/trace-events
@@ -XXX,XX +XXX,XX @@ vcpu guest_cpu_reset(void)
 # tcg/tcg-op.c
 
 # @vaddr: Access' virtual address.
-# @info : Access' information (see below).
+# @memopidx: Access' information (see below).
 #
 # Start virtual memory access (before any potential access violation).
-#
 # Does not include memory accesses performed by devices.
 #
-# Access information can be parsed as:
-#
-# struct mem_info {
-#     uint8_t size_shift : 4; /* interpreted as "1 << size_shift" bytes */
-#     bool    sign_extend: 1; /* sign-extended */
-#     uint8_t endianness : 1; /* 0: little, 1: big */
-#     bool    store      : 1; /* whether it is a store operation */
-#             pad        : 1;
-#     uint8_t mmuidx     : 4; /* mmuidx (softmmu only)  */
-# };
-#
 # Mode: user, softmmu
 # Targets: TCG(all)
-vcpu tcg guest_mem_before(TCGv vaddr, uint16_t info) "info=%d", "vaddr=0x%016"PRIx64" info=%d"
+vcpu tcg guest_ld_before(TCGv vaddr, uint32_t memopidx) "info=%d", "vaddr=0x%016"PRIx64" memopidx=0x%x"
+vcpu tcg guest_st_before(TCGv vaddr, uint32_t memopidx) "info=%d", "vaddr=0x%016"PRIx64" memopidx=0x%x"
+vcpu tcg guest_rmw_before(TCGv vaddr, uint32_t memopidx) "info=%d", "vaddr=0x%016"PRIx64" memopidx=0x%x"
 
 # include/user/syscall-trace.h
 
-- 
2.25.1

Despite the comment, the members were not kept at the end.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/hw/core/cpu.h | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -XXX,XX +XXX,XX @@ struct CPUClass {
     ObjectClass *(*class_by_name)(const char *cpu_model);
     void (*parse_features)(const char *typename, char *str, Error **errp);
 
-    int reset_dump_flags;
     bool (*has_work)(CPUState *cpu);
     int (*memory_rw_debug)(CPUState *cpu, vaddr addr,
                            uint8_t *buf, int len, bool is_write);
@@ -XXX,XX +XXX,XX @@ struct CPUClass {
     void (*disas_set_info)(CPUState *cpu, disassemble_info *info);
 
     const char *deprecation_note;
-    /* Keep non-pointer data at the end to minimize holes.  */
-    int gdb_num_core_regs;
-    bool gdb_stop_before_watchpoint;
     struct AccelCPUClass *accel_cpu;
 
     /* when system emulation is not available, this pointer is NULL */
@@ -XXX,XX +XXX,XX @@ struct CPUClass {
      * class data that depends on the accelerator, see accel/accel-common.c.
      */
     void (*init_accel_cpu)(struct AccelCPUClass *accel_cpu, CPUClass *cc);
+
+    /*
+     * Keep non-pointer data at the end to minimize holes.
+     */
+    int reset_dump_flags;
+    int gdb_num_core_regs;
+    bool gdb_stop_before_watchpoint;
 };
 
 /*
-- 
2.25.1

For usadd, we only have to consider overflow.  Since ~B + B == -1,
the maximum value for A that saturates is ~B.

For ussub, we only have to consider underflow.  The minimum value
that saturates to 0 from A - B is B.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/tcg-op-vec.c | 37 +++++++++++++++++++++++++++++++++++--
 1 file changed, 35 insertions(+), 2 deletions(-)

diff --git a/tcg/tcg-op-vec.c b/tcg/tcg-op-vec.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg-op-vec.c
+++ b/tcg/tcg-op-vec.c
@@ -XXX,XX +XXX,XX @@ bool tcg_can_emit_vecop_list(const TCGOpcode *list,
                 continue;
             }
             break;
+        case INDEX_op_usadd_vec:
+            if (tcg_can_emit_vec_op(INDEX_op_umin_vec, type, vece) ||
+                tcg_can_emit_vec_op(INDEX_op_cmp_vec, type, vece)) {
+                continue;
+            }
+            break;
+        case INDEX_op_ussub_vec:
+            if (tcg_can_emit_vec_op(INDEX_op_umax_vec, type, vece) ||
+                tcg_can_emit_vec_op(INDEX_op_cmp_vec, type, vece)) {
+                continue;
+            }
+            break;
         case INDEX_op_cmpsel_vec:
         case INDEX_op_smin_vec:
         case INDEX_op_smax_vec:
@@ -XXX,XX +XXX,XX @@ void tcg_gen_ssadd_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b)
 
 void tcg_gen_usadd_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b)
 {
-    do_op3_nofail(vece, r, a, b, INDEX_op_usadd_vec);
+    if (!do_op3(vece, r, a, b, INDEX_op_usadd_vec)) {
+        const TCGOpcode *hold_list = tcg_swap_vecop_list(NULL);
+        TCGv_vec t = tcg_temp_new_vec_matching(r);
+
+        /* usadd(a, b) = min(a, ~b) + b */
+        tcg_gen_not_vec(vece, t, b);
+        tcg_gen_umin_vec(vece, t, t, a);
+        tcg_gen_add_vec(vece, r, t, b);
+
+        tcg_temp_free_vec(t);
+        tcg_swap_vecop_list(hold_list);
+    }
 }
 
 void tcg_gen_sssub_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b)
@@ -XXX,XX +XXX,XX @@ void tcg_gen_sssub_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b)
 
 void tcg_gen_ussub_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b)
 {
-    do_op3_nofail(vece, r, a, b, INDEX_op_ussub_vec);
+    if (!do_op3(vece, r, a, b, INDEX_op_ussub_vec)) {
+        const TCGOpcode *hold_list = tcg_swap_vecop_list(NULL);
+        TCGv_vec t = tcg_temp_new_vec_matching(r);
+
+        /* ussub(a, b) = max(a, b) - b */
+        tcg_gen_umax_vec(vece, t, a, b);
+        tcg_gen_sub_vec(vece, r, t, b);
+
+        tcg_temp_free_vec(t);
+        tcg_swap_vecop_list(hold_list);
+    }
 }
 
 static void do_minmax(unsigned vece, TCGv_vec r, TCGv_vec a,
-- 
2.25.1

This emphasizes that we don't support s390, only 64-bit s390x hosts.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 meson.build                              | 2 --
 tcg/{s390 => s390x}/tcg-target-con-set.h | 0
 tcg/{s390 => s390x}/tcg-target-con-str.h | 0
 tcg/{s390 => s390x}/tcg-target.h         | 0
 tcg/{s390 => s390x}/tcg-target.c.inc     | 0
 5 files changed, 2 deletions(-)
 rename tcg/{s390 => s390x}/tcg-target-con-set.h (100%)
 rename tcg/{s390 => s390x}/tcg-target-con-str.h (100%)
 rename tcg/{s390 => s390x}/tcg-target.h (100%)
 rename tcg/{s390 => s390x}/tcg-target.c.inc (100%)

diff --git a/meson.build b/meson.build
index XXXXXXX..XXXXXXX 100644
--- a/meson.build
+++ b/meson.build
@@ -XXX,XX +XXX,XX @@ if not get_option('tcg').disabled()
     tcg_arch = 'tci'
   elif config_host['ARCH'] == 'sparc64'
     tcg_arch = 'sparc'
-  elif config_host['ARCH'] == 's390x'
-    tcg_arch = 's390'
   elif config_host['ARCH'] in ['x86_64', 'x32']
     tcg_arch = 'i386'
   elif config_host['ARCH'] == 'ppc64'
diff --git a/tcg/s390/tcg-target-con-set.h b/tcg/s390x/tcg-target-con-set.h
similarity index 100%
rename from tcg/s390/tcg-target-con-set.h
rename to tcg/s390x/tcg-target-con-set.h
diff --git a/tcg/s390/tcg-target-con-str.h b/tcg/s390x/tcg-target-con-str.h
similarity index 100%
rename from tcg/s390/tcg-target-con-str.h
rename to tcg/s390x/tcg-target-con-str.h
diff --git a/tcg/s390/tcg-target.h b/tcg/s390x/tcg-target.h
similarity index 100%
rename from tcg/s390/tcg-target.h
rename to tcg/s390x/tcg-target.h
diff --git a/tcg/s390/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
similarity index 100%
rename from tcg/s390/tcg-target.c.inc
rename to tcg/s390x/tcg-target.c.inc
-- 
2.25.1

We will shortly need to be able to check facilities beyond the
first 64.  Instead of explicitly masking against s390_facilities,
create a HAVE_FACILITY macro that indexes an array.

Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
v2: Change name to HAVE_FACILITY (david)
---
 tcg/s390x/tcg-target.h     | 29 ++++++++-------
 tcg/s390x/tcg-target.c.inc | 74 +++++++++++++++++++-------------------
 2 files changed, 52 insertions(+), 51 deletions(-)

diff --git a/tcg/s390x/tcg-target.h b/tcg/s390x/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/s390x/tcg-target.h
+++ b/tcg/s390x/tcg-target.h
@@ -XXX,XX +XXX,XX @@ typedef enum TCGReg {
 /* A list of relevant facilities used by this translator.  Some of these
    are required for proper operation, and these are checked at startup.  */
 
-#define FACILITY_ZARCH_ACTIVE         (1ULL << (63 - 2))
-#define FACILITY_LONG_DISP            (1ULL << (63 - 18))
-#define FACILITY_EXT_IMM              (1ULL << (63 - 21))
-#define FACILITY_GEN_INST_EXT         (1ULL << (63 - 34))
-#define FACILITY_LOAD_ON_COND         (1ULL << (63 - 45))
+#define FACILITY_ZARCH_ACTIVE         2
+#define FACILITY_LONG_DISP            18
+#define FACILITY_EXT_IMM              21
+#define FACILITY_GEN_INST_EXT         34
+#define FACILITY_LOAD_ON_COND         45
 #define FACILITY_FAST_BCR_SER         FACILITY_LOAD_ON_COND
 #define FACILITY_DISTINCT_OPS         FACILITY_LOAD_ON_COND
-#define FACILITY_LOAD_ON_COND2        (1ULL << (63 - 53))
+#define FACILITY_LOAD_ON_COND2        53
 
-extern uint64_t s390_facilities;
+extern uint64_t s390_facilities[1];
+
+#define HAVE_FACILITY(X) \
+    ((s390_facilities[FACILITY_##X / 64] >> (63 - FACILITY_##X % 64)) & 1)
 
 /* optional instructions */
 #define TCG_TARGET_HAS_div2_i32       1
@@ -XXX,XX +XXX,XX @@ extern uint64_t s390_facilities;
 #define TCG_TARGET_HAS_clz_i32        0
 #define TCG_TARGET_HAS_ctz_i32        0
 #define TCG_TARGET_HAS_ctpop_i32      0
-#define TCG_TARGET_HAS_deposit_i32    (s390_facilities & FACILITY_GEN_INST_EXT)
-#define TCG_TARGET_HAS_extract_i32    (s390_facilities & FACILITY_GEN_INST_EXT)
+#define TCG_TARGET_HAS_deposit_i32    HAVE_FACILITY(GEN_INST_EXT)
+#define TCG_TARGET_HAS_extract_i32    HAVE_FACILITY(GEN_INST_EXT)
 #define TCG_TARGET_HAS_sextract_i32   0
 #define TCG_TARGET_HAS_extract2_i32   0
 #define TCG_TARGET_HAS_movcond_i32    1
@@ -XXX,XX +XXX,XX @@ extern uint64_t s390_facilities;
 #define TCG_TARGET_HAS_mulsh_i32      0
 #define TCG_TARGET_HAS_extrl_i64_i32  0
 #define TCG_TARGET_HAS_extrh_i64_i32  0
-#define TCG_TARGET_HAS_direct_jump    (s390_facilities & FACILITY_GEN_INST_EXT)
+#define TCG_TARGET_HAS_direct_jump    HAVE_FACILITY(GEN_INST_EXT)
 #define TCG_TARGET_HAS_qemu_st8_i32   0
 
 #define TCG_TARGET_HAS_div2_i64       1
@@ -XXX,XX +XXX,XX @@ extern uint64_t s390_facilities;
 #define TCG_TARGET_HAS_eqv_i64        0
 #define TCG_TARGET_HAS_nand_i64       0
 #define TCG_TARGET_HAS_nor_i64        0
-#define TCG_TARGET_HAS_clz_i64        (s390_facilities & FACILITY_EXT_IMM)
+#define TCG_TARGET_HAS_clz_i64        HAVE_FACILITY(EXT_IMM)
 #define TCG_TARGET_HAS_ctz_i64        0
 #define TCG_TARGET_HAS_ctpop_i64      0
-#define TCG_TARGET_HAS_deposit_i64    (s390_facilities & FACILITY_GEN_INST_EXT)
-#define TCG_TARGET_HAS_extract_i64    (s390_facilities & FACILITY_GEN_INST_EXT)
+#define TCG_TARGET_HAS_deposit_i64    HAVE_FACILITY(GEN_INST_EXT)
+#define TCG_TARGET_HAS_extract_i64    HAVE_FACILITY(GEN_INST_EXT)
 #define TCG_TARGET_HAS_sextract_i64   0
 #define TCG_TARGET_HAS_extract2_i64   0
 #define TCG_TARGET_HAS_movcond_i64    1
diff --git a/tcg/s390x/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/s390x/tcg-target.c.inc
+++ b/tcg/s390x/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@
    We don't need this when we have pc-relative loads with the general
    instructions extension facility.  */
 #define TCG_REG_TB      TCG_REG_R12
-#define USE_REG_TB      (!(s390_facilities & FACILITY_GEN_INST_EXT))
+#define USE_REG_TB      (!HAVE_FACILITY(GEN_INST_EXT))
 
 #ifndef CONFIG_SOFTMMU
 #define TCG_GUEST_BASE_REG TCG_REG_R13
@@ -XXX,XX +XXX,XX @@ static void * const qemu_st_helpers[(MO_SIZE | MO_BSWAP) + 1] = {
 #endif
 
 static const tcg_insn_unit *tb_ret_addr;
-uint64_t s390_facilities;
+uint64_t s390_facilities[1];
 
 static bool patch_reloc(tcg_insn_unit *src_rw, int type,
                         intptr_t value, intptr_t addend)
@@ -XXX,XX +XXX,XX @@ static void tcg_out_movi_int(TCGContext *s, TCGType type, TCGReg ret,
     }
 
     /* Try all 48-bit insns that can load it in one go.  */
-    if (s390_facilities & FACILITY_EXT_IMM) {
+    if (HAVE_FACILITY(EXT_IMM)) {
         if (sval == (int32_t)sval) {
             tcg_out_insn(s, RIL, LGFI, ret, sval);
             return;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_movi_int(TCGContext *s, TCGType type, TCGReg ret,
     }
 
     /* Otherwise, stuff it in the constant pool.  */
-    if (s390_facilities & FACILITY_GEN_INST_EXT) {
+    if (HAVE_FACILITY(GEN_INST_EXT)) {
         tcg_out_insn(s, RIL, LGRL, ret, 0);
         new_pool_label(s, sval, R_390_PC32DBL, s->code_ptr - 2, 2);
     } else if (USE_REG_TB && !in_prologue) {
@@ -XXX,XX +XXX,XX @@ static void tcg_out_ld_abs(TCGContext *s, TCGType type,
 {
     intptr_t addr = (intptr_t)abs;
 
-    if ((s390_facilities & FACILITY_GEN_INST_EXT) && !(addr & 1)) {
+    if (HAVE_FACILITY(GEN_INST_EXT) && !(addr & 1)) {
         ptrdiff_t disp = tcg_pcrel_diff(s, abs) >> 1;
         if (disp == (int32_t)disp) {
             if (type == TCG_TYPE_I32) {
@@ -XXX,XX +XXX,XX @@ static inline void tcg_out_risbg(TCGContext *s, TCGReg dest, TCGReg src,
 
 static void tgen_ext8s(TCGContext *s, TCGType type, TCGReg dest, TCGReg src)
 {
-    if (s390_facilities & FACILITY_EXT_IMM) {
+    if (HAVE_FACILITY(EXT_IMM)) {
         tcg_out_insn(s, RRE, LGBR, dest, src);
         return;
     }
@@ -XXX,XX +XXX,XX @@ static void tgen_ext8s(TCGContext *s, TCGType type, TCGReg dest, TCGReg src)
 
 static void tgen_ext8u(TCGContext *s, TCGType type, TCGReg dest, TCGReg src)
 {
-    if (s390_facilities & FACILITY_EXT_IMM) {
+    if (HAVE_FACILITY(EXT_IMM)) {
         tcg_out_insn(s, RRE, LLGCR, dest, src);
         return;
     }
@@ -XXX,XX +XXX,XX @@ static void tgen_ext8u(TCGContext *s, TCGType type, TCGReg dest, TCGReg src)
 
 static void tgen_ext16s(TCGContext *s, TCGType type, TCGReg dest, TCGReg src)
 {
-    if (s390_facilities & FACILITY_EXT_IMM) {
+    if (HAVE_FACILITY(EXT_IMM)) {
         tcg_out_insn(s, RRE, LGHR, dest, src);
         return;
     }
@@ -XXX,XX +XXX,XX @@ static void tgen_ext16s(TCGContext *s, TCGType type, TCGReg dest, TCGReg src)
 
 static void tgen_ext16u(TCGContext *s, TCGType type, TCGReg dest, TCGReg src)
 {
-    if (s390_facilities & FACILITY_EXT_IMM) {
+    if (HAVE_FACILITY(EXT_IMM)) {
         tcg_out_insn(s, RRE, LLGHR, dest, src);
         return;
     }
@@ -XXX,XX +XXX,XX @@ static void tgen_andi(TCGContext *s, TCGType type, TCGReg dest, uint64_t val)
         tgen_ext32u(s, dest, dest);
         return;
     }
-    if (s390_facilities & FACILITY_EXT_IMM) {
+    if (HAVE_FACILITY(EXT_IMM)) {
         if ((val & valid) == 0xff) {
             tgen_ext8u(s, TCG_TYPE_I64, dest, dest);
             return;
@@ -XXX,XX +XXX,XX @@ static void tgen_andi(TCGContext *s, TCGType type, TCGReg dest, uint64_t val)
     }
 
     /* Try all 48-bit insns that can perform it in one go.  */
-    if (s390_facilities & FACILITY_EXT_IMM) {
+    if (HAVE_FACILITY(EXT_IMM)) {
         for (i = 0; i < 2; i++) {
             tcg_target_ulong mask = ~(0xffffffffull << i*32);
             if (((val | ~valid) & mask) == mask) {
@@ -XXX,XX +XXX,XX @@ static void tgen_andi(TCGContext *s, TCGType type, TCGReg dest, uint64_t val)
             }
         }
     }
-    if ((s390_facilities & FACILITY_GEN_INST_EXT) && risbg_mask(val)) {
+    if (HAVE_FACILITY(GEN_INST_EXT) && risbg_mask(val)) {
         tgen_andi_risbg(s, dest, dest, val);
         return;
     }
@@ -XXX,XX +XXX,XX @@ static void tgen_ori(TCGContext *s, TCGType type, TCGReg dest, uint64_t val)
     }
 
     /* Try all 48-bit insns that can perform it in one go.  */
-    if (s390_facilities & FACILITY_EXT_IMM) {
+    if (HAVE_FACILITY(EXT_IMM)) {
         for (i = 0; i < 2; i++) {
             tcg_target_ulong mask = (0xffffffffull << i*32);
             if ((val & mask) != 0 && (val & ~mask) == 0) {
@@ -XXX,XX +XXX,XX @@ static void tgen_ori(TCGContext *s, TCGType type, TCGReg dest, uint64_t val)
         /* Perform the OR via sequential modifications to the high and
            low parts.  Do this via recursion to handle 16-bit vs 32-bit
            masks in each half.  */
-        tcg_debug_assert(s390_facilities & FACILITY_EXT_IMM);
+        tcg_debug_assert(HAVE_FACILITY(EXT_IMM));
         tgen_ori(s, type, dest, val & 0x00000000ffffffffull);
         tgen_ori(s, type, dest, val & 0xffffffff00000000ull);
     }
@@ -XXX,XX +XXX,XX @@ static void tgen_ori(TCGContext *s, TCGType type, TCGReg dest, uint64_t val)
 static void tgen_xori(TCGContext *s, TCGType type, TCGReg dest, uint64_t val)
 {
     /* Try all 48-bit insns that can perform it in one go.  */
-    if (s390_facilities & FACILITY_EXT_IMM) {
+    if (HAVE_FACILITY(EXT_IMM)) {
         if ((val & 0xffffffff00000000ull) == 0) {
             tcg_out_insn(s, RIL, XILF, dest, val);
             return;
@@ -XXX,XX +XXX,XX @@ static void tgen_xori(TCGContext *s, TCGType type, TCGReg dest, uint64_t val)
                        tcg_tbrel_diff(s, NULL));
     } else {
         /* Perform the xor by parts.  */
-        tcg_debug_assert(s390_facilities & FACILITY_EXT_IMM);
+        tcg_debug_assert(HAVE_FACILITY(EXT_IMM));
         if (val & 0xffffffff) {
             tcg_out_insn(s, RIL, XILF, dest, val);
         }
@@ -XXX,XX +XXX,XX @@ static int tgen_cmp(TCGContext *s, TCGType type, TCGCond c, TCGReg r1,
             goto exit;
         }
 
-        if (s390_facilities & FACILITY_EXT_IMM) {
+        if (HAVE_FACILITY(EXT_IMM)) {
             if (type == TCG_TYPE_I32) {
                 op = (is_unsigned ? RIL_CLFI : RIL_CFI);
                 tcg_out_insn_RIL(s, op, r1, c2);
@@ -XXX,XX +XXX,XX @@ static void tgen_setcond(TCGContext *s, TCGType type, TCGCond cond,
     bool have_loc;
 
     /* With LOC2, we can always emit the minimum 3 insns.  */
-    if (s390_facilities & FACILITY_LOAD_ON_COND2) {
+    if (HAVE_FACILITY(LOAD_ON_COND2)) {
         /* Emit: d = 0, d = (cc ? 1 : d).  */
         cc = tgen_cmp(s, type, cond, c1, c2, c2const, false);
         tcg_out_movi(s, TCG_TYPE_I64, dest, 0);
@@ -XXX,XX +XXX,XX @@ static void tgen_setcond(TCGContext *s, TCGType type, TCGCond cond,
         return;
     }
 
-    have_loc = (s390_facilities & FACILITY_LOAD_ON_COND) != 0;
+    have_loc = HAVE_FACILITY(LOAD_ON_COND);
 
     /* For HAVE_LOC, only the paths through GTU/GT/LEU/LE are smaller.  */
  restart:
@@ -XXX,XX +XXX,XX @@ static void tgen_movcond(TCGContext *s, TCGType type, TCGCond c, TCGReg dest,
                          TCGArg v3, int v3const)
 {
     int cc;
-    if (s390_facilities & FACILITY_LOAD_ON_COND) {
+    if (HAVE_FACILITY(LOAD_ON_COND)) {
         cc = tgen_cmp(s, type, c, c1, c2, c2const, false);
         if (v3const) {
             tcg_out_insn(s, RIE, LOCGHI, dest, v3, cc);
@@ -XXX,XX +XXX,XX @@ static void tgen_clz(TCGContext *s, TCGReg dest, TCGReg a1,
         } else {
             tcg_out_mov(s, TCG_TYPE_I64, dest, a2);
         }
-        if (s390_facilities & FACILITY_LOAD_ON_COND) {
+        if (HAVE_FACILITY(LOAD_ON_COND)) {
             /* Emit: if (one bit found) dest = r0.  */
             tcg_out_insn(s, RRF, LOCGR, dest, TCG_REG_R0, 2);
         } else {
@@ -XXX,XX +XXX,XX @@ static void tgen_brcond(TCGContext *s, TCGType type, TCGCond c,
 {
     int cc;
 
-    if (s390_facilities & FACILITY_GEN_INST_EXT) {
+    if (HAVE_FACILITY(GEN_INST_EXT)) {
         bool is_unsigned = is_unsigned_cond(c);
         bool in_range;
         S390Opcode opc;
@@ -XXX,XX +XXX,XX @@ static TCGReg tcg_out_tlb_read(TCGContext *s, TCGReg addr_reg, MemOp opc,
        cross pages using the address of the last byte of the access.  */
     a_off = (a_bits >= s_bits ? 0 : s_mask - a_mask);
     tlb_mask = (uint64_t)TARGET_PAGE_MASK | a_mask;
-    if ((s390_facilities & FACILITY_GEN_INST_EXT) && a_off == 0) {
+    if (HAVE_FACILITY(GEN_INST_EXT) && a_off == 0) {
         tgen_andi_risbg(s, TCG_REG_R3, addr_reg, tlb_mask);
     } else {
         tcg_out_insn(s, RX, LA, TCG_REG_R3, addr_reg, TCG_REG_NONE, a_off);
@@ -XXX,XX +XXX,XX @@ static inline void tcg_out_op(TCGContext *s, TCGOpcode opc,
                     tcg_out_insn(s, RI, AHI, a0, a2);
                     break;
                 }
-                if (s390_facilities & FACILITY_EXT_IMM) {
+                if (HAVE_FACILITY(EXT_IMM)) {
                     tcg_out_insn(s, RIL, AFI, a0, a2);
                     break;
                 }
@@ -XXX,XX +XXX,XX @@ static inline void tcg_out_op(TCGContext *s, TCGOpcode opc,
                     tcg_out_insn(s, RI, AGHI, a0, a2);
                     break;
                 }
-                if (s390_facilities & FACILITY_EXT_IMM) {
+                if (HAVE_FACILITY(EXT_IMM)) {
                     if (a2 == (int32_t)a2) {
                         tcg_out_insn(s, RIL, AGFI, a0, a2);
                         break;
@@ -XXX,XX +XXX,XX @@ static inline void tcg_out_op(TCGContext *s, TCGOpcode opc,
         /* The host memory model is quite strong, we simply need to
            serialize the instruction stream.  */
         if (args[0] & TCG_MO_ST_LD) {
-            tcg_out_insn(s, RR, BCR,
-                         s390_facilities & FACILITY_FAST_BCR_SER ? 14 : 15, 0);
+            tcg_out_insn(s, RR, BCR, HAVE_FACILITY(FAST_BCR_SER) ? 14 : 15, 0);
         }
         break;
 
@@ -XXX,XX +XXX,XX @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
     case INDEX_op_or_i64:
     case INDEX_op_xor_i32:
     case INDEX_op_xor_i64:
-        return (s390_facilities & FACILITY_DISTINCT_OPS
+        return (HAVE_FACILITY(DISTINCT_OPS)
                 ? C_O1_I2(r, r, ri)
                 : C_O1_I2(r, 0, ri));
 
@@ -XXX,XX +XXX,XX @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
         /* If we have the general-instruction-extensions, then we have
            MULTIPLY SINGLE IMMEDIATE with a signed 32-bit, otherwise we
            have only MULTIPLY HALFWORD IMMEDIATE, with a signed 16-bit.  */
-        return (s390_facilities & FACILITY_GEN_INST_EXT
+        return (HAVE_FACILITY(GEN_INST_EXT)
                 ? C_O1_I2(r, 0, ri)
                 : C_O1_I2(r, 0, rI));
 
     case INDEX_op_mul_i64:
-        return (s390_facilities & FACILITY_GEN_INST_EXT
+        return (HAVE_FACILITY(GEN_INST_EXT)
                 ? C_O1_I2(r, 0, rJ)
                 : C_O1_I2(r, 0, rI));
 
     case INDEX_op_shl_i32:
     case INDEX_op_shr_i32:
     case INDEX_op_sar_i32:
-        return (s390_facilities & FACILITY_DISTINCT_OPS
+        return (HAVE_FACILITY(DISTINCT_OPS)
                 ? C_O1_I2(r, r, ri)
                 : C_O1_I2(r, 0, ri));
 
@@ -XXX,XX +XXX,XX @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
 
     case INDEX_op_movcond_i32:
     case INDEX_op_movcond_i64:
-        return (s390_facilities & FACILITY_LOAD_ON_COND2
+        return (HAVE_FACILITY(LOAD_ON_COND2)
                 ? C_O1_I4(r, r, ri, rI, 0)
                 : C_O1_I4(r, r, ri, r, 0));
 
@@ -XXX,XX +XXX,XX @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
 
     case INDEX_op_add2_i32:
     case INDEX_op_sub2_i32:
-        return (s390_facilities & FACILITY_EXT_IMM
+        return (HAVE_FACILITY(EXT_IMM)
                 ? C_O2_I4(r, r, 0, 1, ri, r)
                 : C_O2_I4(r, r, 0, 1, r, r));
 
     case INDEX_op_add2_i64:
     case INDEX_op_sub2_i64:
-        return (s390_facilities & FACILITY_EXT_IMM
+        return (HAVE_FACILITY(EXT_IMM)
                 ? C_O2_I4(r, r, 0, 1, rA, r)
                 : C_O2_I4(r, r, 0, 1, r, r));
 
@@ -XXX,XX +XXX,XX @@ static void query_s390_facilities(void)
     /* Is STORE FACILITY LIST EXTENDED available?  Honestly, I believe this
        is present on all 64-bit systems, but let's check for it anyway.  */
     if (hwcap & HWCAP_S390_STFLE) {
-        register int r0 __asm__("0");
-        register void *r1 __asm__("1");
+        register int r0 __asm__("0") = ARRAY_SIZE(s390_facilities) - 1;
+        register void *r1 __asm__("1") = s390_facilities;
 
         /* stfle 0(%r1) */
-        r1 = &s390_facilities;
         asm volatile(".word 0xb2b0,0x1000"
-                     : "=r"(r0) : "0"(0), "r"(r1) : "memory", "cc");
+                     : "=r"(r0) : "r"(r0), "r"(r1) : "memory", "cc");
     }
 }
 
-- 
2.25.1

They are rightly values in the same enumeration.

Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/s390x/tcg-target.h | 28 +++++++---------------------
 1 file changed, 7 insertions(+), 21 deletions(-)

diff --git a/tcg/s390x/tcg-target.h b/tcg/s390x/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/s390x/tcg-target.h
+++ b/tcg/s390x/tcg-target.h
@@ -XXX,XX +XXX,XX @@
 #define MAX_CODE_GEN_BUFFER_SIZE  (3 * GiB)
 
 typedef enum TCGReg {
-    TCG_REG_R0 = 0,
-    TCG_REG_R1,
-    TCG_REG_R2,
-    TCG_REG_R3,
-    TCG_REG_R4,
-    TCG_REG_R5,
-    TCG_REG_R6,
-    TCG_REG_R7,
-    TCG_REG_R8,
-    TCG_REG_R9,
-    TCG_REG_R10,
-    TCG_REG_R11,
-    TCG_REG_R12,
-    TCG_REG_R13,
-    TCG_REG_R14,
-    TCG_REG_R15
+    TCG_REG_R0,  TCG_REG_R1,  TCG_REG_R2,  TCG_REG_R3,
+    TCG_REG_R4,  TCG_REG_R5,  TCG_REG_R6,  TCG_REG_R7,
+    TCG_REG_R8,  TCG_REG_R9,  TCG_REG_R10, TCG_REG_R11,
+    TCG_REG_R12, TCG_REG_R13, TCG_REG_R14, TCG_REG_R15,
+
+    TCG_AREG0 = TCG_REG_R10,
+    TCG_REG_CALL_STACK = TCG_REG_R15
 } TCGReg;
 
 #define TCG_TARGET_NB_REGS 16
@@ -XXX,XX +XXX,XX @@ extern uint64_t s390_facilities[1];
 #define TCG_TARGET_HAS_mulsh_i64      0
 
 /* used for function call generation */
-#define TCG_REG_CALL_STACK		TCG_REG_R15
 #define TCG_TARGET_STACK_ALIGN		8
 #define TCG_TARGET_CALL_STACK_OFFSET	160
 
@@ -XXX,XX +XXX,XX @@ extern uint64_t s390_facilities[1];
 
 #define TCG_TARGET_DEFAULT_MO (TCG_MO_ALL & ~TCG_MO_ST_LD)
 
-enum {
-    TCG_AREG0 = TCG_REG_R10,
-};
-
 static inline void tb_target_set_jmp_target(uintptr_t tc_ptr, uintptr_t jmp_rx,
                                             uintptr_t jmp_rw, uintptr_t addr)
 {
-- 
2.25.1

Add registers and function stubs.  The functionality
is disabled via squashing s390_facilities[2] to 0.

We must still include results for the mandatory opcodes in
tcg_target_op_def, as all opcodes are checked during tcg init.

Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/s390x/tcg-target-con-set.h |   4 +
 tcg/s390x/tcg-target-con-str.h |   1 +
 tcg/s390x/tcg-target.h         |  35 ++++++++-
 tcg/s390x/tcg-target.opc.h     |  12 +++
 tcg/s390x/tcg-target.c.inc     | 137 ++++++++++++++++++++++++++++++++-
 5 files changed, 184 insertions(+), 5 deletions(-)
 create mode 100644 tcg/s390x/tcg-target.opc.h

diff --git a/tcg/s390x/tcg-target-con-set.h b/tcg/s390x/tcg-target-con-set.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/s390x/tcg-target-con-set.h
+++ b/tcg/s390x/tcg-target-con-set.h
@@ -XXX,XX +XXX,XX @@ C_O0_I1(r)
 C_O0_I2(L, L)
 C_O0_I2(r, r)
 C_O0_I2(r, ri)
+C_O0_I2(v, r)
 C_O1_I1(r, L)
 C_O1_I1(r, r)
+C_O1_I1(v, r)
+C_O1_I1(v, vr)
 C_O1_I2(r, 0, ri)
 C_O1_I2(r, 0, rI)
 C_O1_I2(r, 0, rJ)
 C_O1_I2(r, r, ri)
 C_O1_I2(r, rZ, r)
+C_O1_I2(v, v, v)
 C_O1_I4(r, r, ri, r, 0)
 C_O1_I4(r, r, ri, rI, 0)
 C_O2_I2(b, a, 0, r)
diff --git a/tcg/s390x/tcg-target-con-str.h b/tcg/s390x/tcg-target-con-str.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/s390x/tcg-target-con-str.h
+++ b/tcg/s390x/tcg-target-con-str.h
@@ -XXX,XX +XXX,XX @@
  */
 REGS('r', ALL_GENERAL_REGS)
 REGS('L', ALL_GENERAL_REGS & ~SOFTMMU_RESERVE_REGS)
+REGS('v', ALL_VECTOR_REGS)
 /*
  * A (single) even/odd pair for division.
  * TODO: Add something to the register allocator to allow
diff --git a/tcg/s390x/tcg-target.h b/tcg/s390x/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/s390x/tcg-target.h
+++ b/tcg/s390x/tcg-target.h
@@ -XXX,XX +XXX,XX @@ typedef enum TCGReg {
     TCG_REG_R8,  TCG_REG_R9,  TCG_REG_R10, TCG_REG_R11,
     TCG_REG_R12, TCG_REG_R13, TCG_REG_R14, TCG_REG_R15,
 
+    TCG_REG_V0 = 32, TCG_REG_V1,  TCG_REG_V2,  TCG_REG_V3,
+    TCG_REG_V4,  TCG_REG_V5,  TCG_REG_V6,  TCG_REG_V7,
+    TCG_REG_V8,  TCG_REG_V9,  TCG_REG_V10, TCG_REG_V11,
+    TCG_REG_V12, TCG_REG_V13, TCG_REG_V14, TCG_REG_V15,
+    TCG_REG_V16, TCG_REG_V17, TCG_REG_V18, TCG_REG_V19,
+    TCG_REG_V20, TCG_REG_V21, TCG_REG_V22, TCG_REG_V23,
+    TCG_REG_V24, TCG_REG_V25, TCG_REG_V26, TCG_REG_V27,
+    TCG_REG_V28, TCG_REG_V29, TCG_REG_V30, TCG_REG_V31,
+
     TCG_AREG0 = TCG_REG_R10,
     TCG_REG_CALL_STACK = TCG_REG_R15
 } TCGReg;
 
-#define TCG_TARGET_NB_REGS 16
+#define TCG_TARGET_NB_REGS 64
 
 /* A list of relevant facilities used by this translator.  Some of these
    are required for proper operation, and these are checked at startup.  */
@@ -XXX,XX +XXX,XX @@ typedef enum TCGReg {
 #define FACILITY_FAST_BCR_SER         FACILITY_LOAD_ON_COND
 #define FACILITY_DISTINCT_OPS         FACILITY_LOAD_ON_COND
 #define FACILITY_LOAD_ON_COND2        53
+#define FACILITY_VECTOR               129
 
-extern uint64_t s390_facilities[1];
+extern uint64_t s390_facilities[3];
 
 #define HAVE_FACILITY(X) \
     ((s390_facilities[FACILITY_##X / 64] >> (63 - FACILITY_##X % 64)) & 1)
@@ -XXX,XX +XXX,XX @@ extern uint64_t s390_facilities[1];
 #define TCG_TARGET_HAS_muluh_i64      0
 #define TCG_TARGET_HAS_mulsh_i64      0
 
+#define TCG_TARGET_HAS_v64            HAVE_FACILITY(VECTOR)
+#define TCG_TARGET_HAS_v128           HAVE_FACILITY(VECTOR)
+#define TCG_TARGET_HAS_v256           0
+
+#define TCG_TARGET_HAS_andc_vec       0
+#define TCG_TARGET_HAS_orc_vec        0
+#define TCG_TARGET_HAS_not_vec        0
+#define TCG_TARGET_HAS_neg_vec        0
+#define TCG_TARGET_HAS_abs_vec        0
+#define TCG_TARGET_HAS_roti_vec       0
+#define TCG_TARGET_HAS_rots_vec       0
+#define TCG_TARGET_HAS_rotv_vec       0
+#define TCG_TARGET_HAS_shi_vec        0
+#define TCG_TARGET_HAS_shs_vec        0
+#define TCG_TARGET_HAS_shv_vec        0
+#define TCG_TARGET_HAS_mul_vec        0
+#define TCG_TARGET_HAS_sat_vec        0
+#define TCG_TARGET_HAS_minmax_vec     0
+#define TCG_TARGET_HAS_bitsel_vec     0
+#define TCG_TARGET_HAS_cmpsel_vec     0
+
 /* used for function call generation */
 #define TCG_TARGET_STACK_ALIGN		8
 #define TCG_TARGET_CALL_STACK_OFFSET	160
diff --git a/tcg/s390x/tcg-target.opc.h b/tcg/s390x/tcg-target.opc.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/tcg/s390x/tcg-target.opc.h
@@ -XXX,XX +XXX,XX @@
+/*
+ * Copyright (c) 2021 Linaro
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version.
+ *
+ * See the COPYING file in the top-level directory for details.
+ *
+ * Target-specific opcodes for host vector expansion.  These will be
+ * emitted by tcg_expand_vec_op.  For those familiar with GCC internals,
+ * consider these to be UNSPEC with names.
+ */
diff --git a/tcg/s390x/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/s390x/tcg-target.c.inc
+++ b/tcg/s390x/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@
 #define TCG_CT_CONST_ZERO  0x800
 
 #define ALL_GENERAL_REGS     MAKE_64BIT_MASK(0, 16)
+#define ALL_VECTOR_REGS      MAKE_64BIT_MASK(32, 32)
+
 /*
  * For softmmu, we need to avoid conflicts with the first 3
  * argument registers to perform the tlb lookup, and to call
@@ -XXX,XX +XXX,XX @@ typedef enum S390Opcode {
 
 #ifdef CONFIG_DEBUG_TCG
 static const char * const tcg_target_reg_names[TCG_TARGET_NB_REGS] = {
-    "%r0", "%r1", "%r2", "%r3", "%r4", "%r5", "%r6", "%r7",
-    "%r8", "%r9", "%r10" "%r11" "%r12" "%r13" "%r14" "%r15"
+    "%r0",  "%r1",  "%r2",  "%r3",  "%r4",  "%r5",  "%r6",  "%r7",
+    "%r8",  "%r9",  "%r10", "%r11", "%r12", "%r13", "%r14", "%r15",
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    "%v0",  "%v1",  "%v2",  "%v3",  "%v4",  "%v5",  "%v6",  "%v7",
+    "%v8",  "%v9",  "%v10", "%v11", "%v12", "%v13", "%v14", "%v15",
+    "%v16", "%v17", "%v18", "%v19", "%v20", "%v21", "%v22", "%v23",
+    "%v24", "%v25", "%v26", "%v27", "%v28", "%v29", "%v30", "%v31",
 };
 #endif
 
@@ -XXX,XX +XXX,XX @@ static const int tcg_target_reg_alloc_order[] = {
     TCG_REG_R4,
     TCG_REG_R3,
     TCG_REG_R2,
+
+    /* V8-V15 are call saved, and omitted. */
+    TCG_REG_V0,
+    TCG_REG_V1,
+    TCG_REG_V2,
+    TCG_REG_V3,
+    TCG_REG_V4,
+    TCG_REG_V5,
+    TCG_REG_V6,
+    TCG_REG_V7,
+    TCG_REG_V16,
+    TCG_REG_V17,
+    TCG_REG_V18,
+    TCG_REG_V19,
+    TCG_REG_V20,
+    TCG_REG_V21,
+    TCG_REG_V22,
+    TCG_REG_V23,
+    TCG_REG_V24,
+    TCG_REG_V25,
+    TCG_REG_V26,
+    TCG_REG_V27,
+    TCG_REG_V28,
+    TCG_REG_V29,
+    TCG_REG_V30,
+    TCG_REG_V31,
 };
 
 static const int tcg_target_call_iarg_regs[] = {
@@ -XXX,XX +XXX,XX @@ static void * const qemu_st_helpers[(MO_SIZE | MO_BSWAP) + 1] = {
 #endif
 
 static const tcg_insn_unit *tb_ret_addr;
-uint64_t s390_facilities[1];
+uint64_t s390_facilities[3];
 
 static bool patch_reloc(tcg_insn_unit *src_rw, int type,
                         intptr_t value, intptr_t addend)
@@ -XXX,XX +XXX,XX @@ static inline void tcg_out_op(TCGContext *s, TCGOpcode opc,
     }
 }
 
+static bool tcg_out_dup_vec(TCGContext *s, TCGType type, unsigned vece,
+                            TCGReg dst, TCGReg src)
+{
+    g_assert_not_reached();
+}
+
+static bool tcg_out_dupm_vec(TCGContext *s, TCGType type, unsigned vece,
+                             TCGReg dst, TCGReg base, intptr_t offset)
+{
+    g_assert_not_reached();
+}
+
+static void tcg_out_dupi_vec(TCGContext *s, TCGType type, unsigned vece,
+                             TCGReg dst, int64_t val)
+{
+    g_assert_not_reached();
+}
+
+static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
+                           unsigned vecl, unsigned vece,
+                           const TCGArg *args, const int *const_args)
+{
+    g_assert_not_reached();
+}
+
+int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, unsigned vece)
+{
+    return 0;
+}
+
+void tcg_expand_vec_op(TCGOpcode opc, TCGType type, unsigned vece,
+                       TCGArg a0, ...)
+{
+    g_assert_not_reached();
+}
+
 static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
 {
     switch (op) {
@@ -XXX,XX +XXX,XX @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
                 ? C_O2_I4(r, r, 0, 1, rA, r)
                 : C_O2_I4(r, r, 0, 1, r, r));
 
+    case INDEX_op_st_vec:
+        return C_O0_I2(v, r);
+    case INDEX_op_ld_vec:
+    case INDEX_op_dupm_vec:
+        return C_O1_I1(v, r);
+    case INDEX_op_dup_vec:
+        return C_O1_I1(v, vr);
+    case INDEX_op_add_vec:
+    case INDEX_op_sub_vec:
+    case INDEX_op_and_vec:
+    case INDEX_op_or_vec:
+    case INDEX_op_xor_vec:
+    case INDEX_op_cmp_vec:
+        return C_O1_I2(v, v, v);
+
     default:
         g_assert_not_reached();
     }
 }
 
+/*
+ * Mainline glibc added HWCAP_S390_VX before it was kernel abi.
+ * Some distros have fixed this up locally, others have not.
+ */
+#ifndef HWCAP_S390_VXRS
+#define HWCAP_S390_VXRS 2048
+#endif
+
 static void query_s390_facilities(void)
 {
     unsigned long hwcap = qemu_getauxval(AT_HWCAP);
@@ -XXX,XX +XXX,XX @@ static void query_s390_facilities(void)
         asm volatile(".word 0xb2b0,0x1000"
                      : "=r"(r0) : "r"(r0), "r"(r1) : "memory", "cc");
     }
+
+    /*
+     * Use of vector registers requires os support beyond the facility bit.
+     * If the kernel does not advertise support, disable the facility bits.
+     * There is nothing else we currently care about in the 3rd word, so
+     * disable VECTOR with one store.
+     */
+    if (1 || !(hwcap & HWCAP_S390_VXRS)) {
+        s390_facilities[2] = 0;
+    }
 }
 
 static void tcg_target_init(TCGContext *s)
@@ -XXX,XX +XXX,XX @@ static void tcg_target_init(TCGContext *s)
 
     tcg_target_available_regs[TCG_TYPE_I32] = 0xffff;
     tcg_target_available_regs[TCG_TYPE_I64] = 0xffff;
+    if (HAVE_FACILITY(VECTOR)) {
+        tcg_target_available_regs[TCG_TYPE_V64] = 0xffffffff00000000ull;
+        tcg_target_available_regs[TCG_TYPE_V128] = 0xffffffff00000000ull;
+    }
 
     tcg_target_call_clobber_regs = 0;
     tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_R0);
@@ -XXX,XX +XXX,XX @@ static void tcg_target_init(TCGContext *s)
     /* The return register can be considered call-clobbered.  */
     tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_R14);
 
+    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V0);
+    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V1);
+    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V2);
+    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V3);
+    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V4);
+    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V5);
+    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V6);
+    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V7);
+    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V16);
+    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V17);
+    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V18);
+    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V19);
+    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V20);
+    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V21);
+    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V22);
+    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V23);
+    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V24);
+    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V25);
+    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V26);
+    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V27);
+    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V28);
+    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V29);
+    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V30);
+    tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_V31);
+
     s->reserved_regs = 0;
     tcg_regset_set_reg(s->reserved_regs, TCG_TMP0);
     /* XXX many insns can't be used with R0, so we better avoid it for now */
-- 
2.25.1

Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/s390x/tcg-target.c.inc | 132 +++++++++++++++++++++++++++++++++----
 1 file changed, 120 insertions(+), 12 deletions(-)

diff --git a/tcg/s390x/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/s390x/tcg-target.c.inc
+++ b/tcg/s390x/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ typedef enum S390Opcode {
     RX_STC      = 0x42,
     RX_STH      = 0x40,
 
+    VRX_VL      = 0xe706,
+    VRX_VLLEZ   = 0xe704,
+    VRX_VST     = 0xe70e,
+    VRX_VSTEF   = 0xe70b,
+    VRX_VSTEG   = 0xe70a,
+
     NOP         = 0x0707,
 } S390Opcode;
 
@@ -XXX,XX +XXX,XX @@ static void * const qemu_st_helpers[(MO_SIZE | MO_BSWAP) + 1] = {
 static const tcg_insn_unit *tb_ret_addr;
 uint64_t s390_facilities[3];
 
+static inline bool is_general_reg(TCGReg r)
+{
+    return r <= TCG_REG_R15;
+}
+
+static inline bool is_vector_reg(TCGReg r)
+{
+    return r >= TCG_REG_V0 && r <= TCG_REG_V31;
+}
+
 static bool patch_reloc(tcg_insn_unit *src_rw, int type,
                         intptr_t value, intptr_t addend)
 {
@@ -XXX,XX +XXX,XX @@ static void tcg_out_insn_RSY(TCGContext *s, S390Opcode op, TCGReg r1,
 #define tcg_out_insn_RX   tcg_out_insn_RS
 #define tcg_out_insn_RXY  tcg_out_insn_RSY
 
+static int RXB(TCGReg v1, TCGReg v2, TCGReg v3, TCGReg v4)
+{
+    /*
+     * Shift bit 4 of each regno to its corresponding bit of RXB.
+     * RXB itself begins at bit 8 of the instruction so 8 - 4 = 4
+     * is the left-shift of the 4th operand.
+     */
+    return ((v1 & 0x10) << (4 + 3))
+         | ((v2 & 0x10) << (4 + 2))
+         | ((v3 & 0x10) << (4 + 1))
+         | ((v4 & 0x10) << (4 + 0));
+}
+
+static void tcg_out_insn_VRX(TCGContext *s, S390Opcode op, TCGReg v1,
+                             TCGReg b2, TCGReg x2, intptr_t d2, int m3)
+{
+    tcg_debug_assert(is_vector_reg(v1));
+    tcg_debug_assert(d2 >= 0 && d2 <= 0xfff);
+    tcg_debug_assert(is_general_reg(x2));
+    tcg_debug_assert(is_general_reg(b2));
+    tcg_out16(s, (op & 0xff00) | ((v1 & 0xf) << 4) | x2);
+    tcg_out16(s, (b2 << 12) | d2);
+    tcg_out16(s, (op & 0x00ff) | RXB(v1, 0, 0, 0) | (m3 << 12));
+}
+
 /* Emit an opcode with "type-checking" of the format.  */
 #define tcg_out_insn(S, FMT, OP, ...) \
     glue(tcg_out_insn_,FMT)(S, glue(glue(FMT,_),OP), ## __VA_ARGS__)
@@ -XXX,XX +XXX,XX @@ static void tcg_out_mem(TCGContext *s, S390Opcode opc_rx, S390Opcode opc_rxy,
     }
 }
 
+static void tcg_out_vrx_mem(TCGContext *s, S390Opcode opc_vrx,
+                            TCGReg data, TCGReg base, TCGReg index,
+                            tcg_target_long ofs, int m3)
+{
+    if (ofs < 0 || ofs >= 0x1000) {
+        if (ofs >= -0x80000 && ofs < 0x80000) {
+            tcg_out_insn(s, RXY, LAY, TCG_TMP0, base, index, ofs);
+            base = TCG_TMP0;
+            index = TCG_REG_NONE;
+            ofs = 0;
+        } else {
+            tcg_out_movi(s, TCG_TYPE_PTR, TCG_TMP0, ofs);
+            if (index != TCG_REG_NONE) {
+                tcg_out_insn(s, RRE, AGR, TCG_TMP0, index);
+            }
+            index = TCG_TMP0;
+            ofs = 0;
+        }
+    }
+    tcg_out_insn_VRX(s, opc_vrx, data, base, index, ofs, m3);
+}
 
 /* load data without address translation or endianness conversion */
-static inline void tcg_out_ld(TCGContext *s, TCGType type, TCGReg data,
-                              TCGReg base, intptr_t ofs)
+static void tcg_out_ld(TCGContext *s, TCGType type, TCGReg data,
+                       TCGReg base, intptr_t ofs)
 {
-    if (type == TCG_TYPE_I32) {
-        tcg_out_mem(s, RX_L, RXY_LY, data, base, TCG_REG_NONE, ofs);
-    } else {
-        tcg_out_mem(s, 0, RXY_LG, data, base, TCG_REG_NONE, ofs);
+    switch (type) {
+    case TCG_TYPE_I32:
+        if (likely(is_general_reg(data))) {
+            tcg_out_mem(s, RX_L, RXY_LY, data, base, TCG_REG_NONE, ofs);
+            break;
+        }
+        tcg_out_vrx_mem(s, VRX_VLLEZ, data, base, TCG_REG_NONE, ofs, MO_32);
+        break;
+
+    case TCG_TYPE_I64:
+        if (likely(is_general_reg(data))) {
+            tcg_out_mem(s, 0, RXY_LG, data, base, TCG_REG_NONE, ofs);
+            break;
+        }
+        /* fallthru */
+
+    case TCG_TYPE_V64:
+        tcg_out_vrx_mem(s, VRX_VLLEZ, data, base, TCG_REG_NONE, ofs, MO_64);
+        break;
+
+    case TCG_TYPE_V128:
+        /* Hint quadword aligned.  */
+        tcg_out_vrx_mem(s, VRX_VL, data, base, TCG_REG_NONE, ofs, 4);
+        break;
+
+    default:
+        g_assert_not_reached();
     }
 }
 
-static inline void tcg_out_st(TCGContext *s, TCGType type, TCGReg data,
-                              TCGReg base, intptr_t ofs)
+static void tcg_out_st(TCGContext *s, TCGType type, TCGReg data,
+                       TCGReg base, intptr_t ofs)
 {
-    if (type == TCG_TYPE_I32) {
-        tcg_out_mem(s, RX_ST, RXY_STY, data, base, TCG_REG_NONE, ofs);
-    } else {
-        tcg_out_mem(s, 0, RXY_STG, data, base, TCG_REG_NONE, ofs);
+    switch (type) {
+    case TCG_TYPE_I32:
+        if (likely(is_general_reg(data))) {
+            tcg_out_mem(s, RX_ST, RXY_STY, data, base, TCG_REG_NONE, ofs);
+        } else {
+            tcg_out_vrx_mem(s, VRX_VSTEF, data, base, TCG_REG_NONE, ofs, 1);
+        }
+        break;
+
+    case TCG_TYPE_I64:
+        if (likely(is_general_reg(data))) {
+            tcg_out_mem(s, 0, RXY_STG, data, base, TCG_REG_NONE, ofs);
+            break;
+        }
+        /* fallthru */
+
+    case TCG_TYPE_V64:
+        tcg_out_vrx_mem(s, VRX_VSTEG, data, base, TCG_REG_NONE, ofs, 0);
+        break;
+
+    case TCG_TYPE_V128:
+        /* Hint quadword aligned.  */
+        tcg_out_vrx_mem(s, VRX_VST, data, base, TCG_REG_NONE, ofs, 4);
+        break;
+
+    default:
+        g_assert_not_reached();
     }
 }
 
-- 
2.25.1

Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/s390x/tcg-target.c.inc | 72 +++++++++++++++++++++++++++++++++++---
 1 file changed, 68 insertions(+), 4 deletions(-)

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/s390x/tcg-target.c.inc | 122 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 119 insertions(+), 3 deletions(-)

diff --git a/tcg/s390x/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/s390x/tcg-target.c.inc
+++ b/tcg/s390x/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ typedef enum S390Opcode {
     RX_STC      = 0x42,
     RX_STH      = 0x40,
 
+    VRIa_VGBM   = 0xe744,
+    VRIa_VREPI  = 0xe745,
+    VRIb_VGM    = 0xe746,
+    VRIc_VREP   = 0xe74d,
+
     VRRa_VLR    = 0xe756,
+    VRRf_VLVGP  = 0xe762,
 
     VRSb_VLVG   = 0xe722,
     VRSc_VLGV   = 0xe721,
 
     VRX_VL      = 0xe706,
     VRX_VLLEZ   = 0xe704,
+    VRX_VLREP   = 0xe705,
     VRX_VST     = 0xe70e,
     VRX_VSTEF   = 0xe70b,
     VRX_VSTEG   = 0xe70a,
@@ -XXX,XX +XXX,XX @@ static int RXB(TCGReg v1, TCGReg v2, TCGReg v3, TCGReg v4)
          | ((v4 & 0x10) << (4 + 0));
 }
 
+static void tcg_out_insn_VRIa(TCGContext *s, S390Opcode op,
+                              TCGReg v1, uint16_t i2, int m3)
+{
+    tcg_debug_assert(is_vector_reg(v1));
+    tcg_out16(s, (op & 0xff00) | ((v1 & 0xf) << 4));
+    tcg_out16(s, i2);
+    tcg_out16(s, (op & 0x00ff) | RXB(v1, 0, 0, 0) | (m3 << 12));
+}
+
+static void tcg_out_insn_VRIb(TCGContext *s, S390Opcode op,
+                              TCGReg v1, uint8_t i2, uint8_t i3, int m4)
+{
+    tcg_debug_assert(is_vector_reg(v1));
+    tcg_out16(s, (op & 0xff00) | ((v1 & 0xf) << 4));
+    tcg_out16(s, (i2 << 8) | (i3 & 0xff));
+    tcg_out16(s, (op & 0x00ff) | RXB(v1, 0, 0, 0) | (m4 << 12));
+}
+
+static void tcg_out_insn_VRIc(TCGContext *s, S390Opcode op,
+                              TCGReg v1, uint16_t i2, TCGReg v3, int m4)
+{
+    tcg_debug_assert(is_vector_reg(v1));
+    tcg_debug_assert(is_vector_reg(v3));
+    tcg_out16(s, (op & 0xff00) | ((v1 & 0xf) << 4) | (v3 & 0xf));
+    tcg_out16(s, i2);
+    tcg_out16(s, (op & 0x00ff) | RXB(v1, 0, v3, 0) | (m4 << 12));
+}
+
 static void tcg_out_insn_VRRa(TCGContext *s, S390Opcode op,
                               TCGReg v1, TCGReg v2, int m3)
 {
@@ -XXX,XX +XXX,XX @@ static void tcg_out_insn_VRRa(TCGContext *s, S390Opcode op,
     tcg_out32(s, (op & 0x00ff) | RXB(v1, v2, 0, 0) | (m3 << 12));
 }
 
+static void tcg_out_insn_VRRf(TCGContext *s, S390Opcode op,
+                              TCGReg v1, TCGReg r2, TCGReg r3)
+{
+    tcg_debug_assert(is_vector_reg(v1));
+    tcg_debug_assert(is_general_reg(r2));
+    tcg_debug_assert(is_general_reg(r3));
+    tcg_out16(s, (op & 0xff00) | ((v1 & 0xf) << 4) | r2);
+    tcg_out16(s, r3 << 12);
+    tcg_out16(s, (op & 0x00ff) | RXB(v1, 0, 0, 0));
+}
+
 static void tcg_out_insn_VRSb(TCGContext *s, S390Opcode op, TCGReg v1,
                               intptr_t d2, TCGReg b2, TCGReg r3, int m4)
 {
@@ -XXX,XX +XXX,XX @@ static inline void tcg_out_op(TCGContext *s, TCGOpcode opc,
 static bool tcg_out_dup_vec(TCGContext *s, TCGType type, unsigned vece,
                             TCGReg dst, TCGReg src)
 {
-    g_assert_not_reached();
+    if (is_general_reg(src)) {
+        /* Replicate general register into two MO_64. */
+        tcg_out_insn(s, VRRf, VLVGP, dst, src, src);
+        if (vece == MO_64) {
+            return true;
+        }
+    }
+
+    /*
+     * Recall that the "standard" integer, within a vector, is the
+     * rightmost element of the leftmost doubleword, a-la VLLEZ.
+     */
+    tcg_out_insn(s, VRIc, VREP, dst, (8 >> vece) - 1, src, vece);
+    return true;
 }
 
 static bool tcg_out_dupm_vec(TCGContext *s, TCGType type, unsigned vece,
                              TCGReg dst, TCGReg base, intptr_t offset)
 {
-    g_assert_not_reached();
+    tcg_out_vrx_mem(s, VRX_VLREP, dst, base, TCG_REG_NONE, offset, vece);
+    return true;
 }
 
 static void tcg_out_dupi_vec(TCGContext *s, TCGType type, unsigned vece,
                              TCGReg dst, int64_t val)
 {
-    g_assert_not_reached();
+    int i, mask, msb, lsb;
+
+    /* Look for int16_t elements.  */
+    if (vece <= MO_16 ||
+        (vece == MO_32 ? (int32_t)val : val) == (int16_t)val) {
+        tcg_out_insn(s, VRIa, VREPI, dst, val, vece);
+        return;
+    }
+
+    /* Look for bit masks.  */
+    if (vece == MO_32) {
+        if (risbg_mask((int32_t)val)) {
+            /* Handle wraparound by swapping msb and lsb.  */
+            if ((val & 0x80000001u) == 0x80000001u) {
+                msb = 32 - ctz32(~val);
+                lsb = clz32(~val) - 1;
+            } else {
+                msb = clz32(val);
+                lsb = 31 - ctz32(val);
+            }
+            tcg_out_insn(s, VRIb, VGM, dst, lsb, msb, MO_32);
+            return;
+        }
+    } else {
+        if (risbg_mask(val)) {
+            /* Handle wraparound by swapping msb and lsb.  */
+            if ((val & 0x8000000000000001ull) == 0x8000000000000001ull) {
+                /* Handle wraparound by swapping msb and lsb.  */
+                msb = 64 - ctz64(~val);
+                lsb = clz64(~val) - 1;
+            } else {
+                msb = clz64(val);
+                lsb = 63 - ctz64(val);
+            }
+            tcg_out_insn(s, VRIb, VGM, dst, lsb, msb, MO_64);
+            return;
+        }
+    }
+
+    /* Look for all bytes 0x00 or 0xff.  */
+    for (i = mask = 0; i < 8; i++) {
+        uint8_t byte = val >> (i * 8);
+        if (byte == 0xff) {
+            mask |= 1 << i;
+        } else if (byte != 0) {
+            break;
+        }
+    }
+    if (i == 8) {
+        tcg_out_insn(s, VRIa, VGBM, dst, mask * 0x0101, 0);
+        return;
+    }
+
+    /* Otherwise, stuff it in the constant pool.  */
+    tcg_out_insn(s, RIL, LARL, TCG_TMP0, 0);
+    new_pool_label(s, val, R_390_PC32DBL, s->code_ptr - 2, 2);
+    tcg_out_insn(s, VRX, VLREP, dst, TCG_TMP0, TCG_REG_NONE, 0, MO_64);
 }
 
 static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
-- 
2.25.1

Implementing add, sub, and, or, xor as the minimal set.
This allows us to actually enable vectors in query_s390_facilities.

Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/s390x/tcg-target.c.inc | 154 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 150 insertions(+), 4 deletions(-)

diff --git a/tcg/s390x/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/s390x/tcg-target.c.inc
+++ b/tcg/s390x/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ typedef enum S390Opcode {
     VRIc_VREP   = 0xe74d,
 
     VRRa_VLR    = 0xe756,
+    VRRc_VA     = 0xe7f3,
+    VRRc_VCEQ   = 0xe7f8,   /* we leave the m5 cs field 0 */
+    VRRc_VCH    = 0xe7fb,   /* " */
+    VRRc_VCHL   = 0xe7f9,   /* " */
+    VRRc_VN     = 0xe768,
+    VRRc_VO     = 0xe76a,
+    VRRc_VS     = 0xe7f7,
+    VRRc_VX     = 0xe76d,
     VRRf_VLVGP  = 0xe762,
 
     VRSb_VLVG   = 0xe722,
@@ -XXX,XX +XXX,XX @@ static void tcg_out_insn_VRRa(TCGContext *s, S390Opcode op,
     tcg_out32(s, (op & 0x00ff) | RXB(v1, v2, 0, 0) | (m3 << 12));
 }
 
+static void tcg_out_insn_VRRc(TCGContext *s, S390Opcode op,
+                              TCGReg v1, TCGReg v2, TCGReg v3, int m4)
+{
+    tcg_debug_assert(is_vector_reg(v1));
+    tcg_debug_assert(is_vector_reg(v2));
+    tcg_debug_assert(is_vector_reg(v3));
+    tcg_out16(s, (op & 0xff00) | ((v1 & 0xf) << 4) | (v2 & 0xf));
+    tcg_out16(s, v3 << 12);
+    tcg_out16(s, (op & 0x00ff) | RXB(v1, v2, v3, 0) | (m4 << 12));
+}
+
 static void tcg_out_insn_VRRf(TCGContext *s, S390Opcode op,
                               TCGReg v1, TCGReg r2, TCGReg r3)
 {
@@ -XXX,XX +XXX,XX @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
                            unsigned vecl, unsigned vece,
                            const TCGArg *args, const int *const_args)
 {
-    g_assert_not_reached();
+    TCGType type = vecl + TCG_TYPE_V64;
+    TCGArg a0 = args[0], a1 = args[1], a2 = args[2];
+
+    switch (opc) {
+    case INDEX_op_ld_vec:
+        tcg_out_ld(s, type, a0, a1, a2);
+        break;
+    case INDEX_op_st_vec:
+        tcg_out_st(s, type, a0, a1, a2);
+        break;
+    case INDEX_op_dupm_vec:
+        tcg_out_dupm_vec(s, type, vece, a0, a1, a2);
+        break;
+
+    case INDEX_op_add_vec:
+        tcg_out_insn(s, VRRc, VA, a0, a1, a2, vece);
+        break;
+    case INDEX_op_sub_vec:
+        tcg_out_insn(s, VRRc, VS, a0, a1, a2, vece);
+        break;
+    case INDEX_op_and_vec:
+        tcg_out_insn(s, VRRc, VN, a0, a1, a2, 0);
+        break;
+    case INDEX_op_or_vec:
+        tcg_out_insn(s, VRRc, VO, a0, a1, a2, 0);
+        break;
+    case INDEX_op_xor_vec:
+        tcg_out_insn(s, VRRc, VX, a0, a1, a2, 0);
+        break;
+
+    case INDEX_op_cmp_vec:
+        switch ((TCGCond)args[3]) {
+        case TCG_COND_EQ:
+            tcg_out_insn(s, VRRc, VCEQ, a0, a1, a2, vece);
+            break;
+        case TCG_COND_GT:
+            tcg_out_insn(s, VRRc, VCH, a0, a1, a2, vece);
+            break;
+        case TCG_COND_GTU:
+            tcg_out_insn(s, VRRc, VCHL, a0, a1, a2, vece);
+            break;
+        default:
+            g_assert_not_reached();
+        }
+        break;
+
+    case INDEX_op_mov_vec:   /* Always emitted via tcg_out_mov.  */
+    case INDEX_op_dup_vec:   /* Always emitted via tcg_out_dup_vec.  */
+    default:
+        g_assert_not_reached();
+    }
 }
 
 int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, unsigned vece)
 {
-    return 0;
+    switch (opc) {
+    case INDEX_op_add_vec:
+    case INDEX_op_and_vec:
+    case INDEX_op_or_vec:
+    case INDEX_op_sub_vec:
+    case INDEX_op_xor_vec:
+        return 1;
+    case INDEX_op_cmp_vec:
+        return -1;
+    default:
+        return 0;
+    }
+}
+
+static bool expand_vec_cmp_noinv(TCGType type, unsigned vece, TCGv_vec v0,
+                                 TCGv_vec v1, TCGv_vec v2, TCGCond cond)
+{
+    bool need_swap = false, need_inv = false;
+
+    switch (cond) {
+    case TCG_COND_EQ:
+    case TCG_COND_GT:
+    case TCG_COND_GTU:
+        break;
+    case TCG_COND_NE:
+    case TCG_COND_LE:
+    case TCG_COND_LEU:
+        need_inv = true;
+        break;
+    case TCG_COND_LT:
+    case TCG_COND_LTU:
+        need_swap = true;
+        break;
+    case TCG_COND_GE:
+    case TCG_COND_GEU:
+        need_swap = need_inv = true;
+        break;
+    default:
+        g_assert_not_reached();
+    }
+
+    if (need_inv) {
+        cond = tcg_invert_cond(cond);
+    }
+    if (need_swap) {
+        TCGv_vec t1;
+        t1 = v1, v1 = v2, v2 = t1;
+        cond = tcg_swap_cond(cond);
+    }
+
+    vec_gen_4(INDEX_op_cmp_vec, type, vece, tcgv_vec_arg(v0),
+              tcgv_vec_arg(v1), tcgv_vec_arg(v2), cond);
+
+    return need_inv;
+}
+
+static void expand_vec_cmp(TCGType type, unsigned vece, TCGv_vec v0,
+                           TCGv_vec v1, TCGv_vec v2, TCGCond cond)
+{
+    if (expand_vec_cmp_noinv(type, vece, v0, v1, v2, cond)) {
+        tcg_gen_not_vec(vece, v0, v0);
+    }
 }
 
 void tcg_expand_vec_op(TCGOpcode opc, TCGType type, unsigned vece,
                        TCGArg a0, ...)
 {
-    g_assert_not_reached();
+    va_list va;
+    TCGv_vec v0, v1, v2;
+
+    va_start(va, a0);
+    v0 = temp_tcgv_vec(arg_temp(a0));
+    v1 = temp_tcgv_vec(arg_temp(va_arg(va, TCGArg)));
+    v2 = temp_tcgv_vec(arg_temp(va_arg(va, TCGArg)));
+
+    switch (opc) {
+    case INDEX_op_cmp_vec:
+        expand_vec_cmp(type, vece, v0, v1, v2, va_arg(va, TCGArg));
+        break;
+
+    default:
+        g_assert_not_reached();
+    }
+    va_end(va);
 }
 
 static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
@@ -XXX,XX +XXX,XX @@ static void query_s390_facilities(void)
      * There is nothing else we currently care about in the 3rd word, so
      * disable VECTOR with one store.
      */
-    if (1 || !(hwcap & HWCAP_S390_VXRS)) {
+    if (!(hwcap & HWCAP_S390_VXRS)) {
         s390_facilities[2] = 0;
     }
 }
-- 
2.25.1

These logical and arithmetic operations are optional but trivial.

Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/s390x/tcg-target-con-set.h |  1 +
 tcg/s390x/tcg-target.h         | 11 ++++++-----
 tcg/s390x/tcg-target.c.inc     | 32 ++++++++++++++++++++++++++++++++
 3 files changed, 39 insertions(+), 5 deletions(-)

Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/s390x/tcg-target.h     | 2 +-
 tcg/s390x/tcg-target.c.inc | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/tcg/s390x/tcg-target.h b/tcg/s390x/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/s390x/tcg-target.h
+++ b/tcg/s390x/tcg-target.h
@@ -XXX,XX +XXX,XX @@ extern uint64_t s390_facilities[3];
 #define TCG_TARGET_HAS_shi_vec        0
 #define TCG_TARGET_HAS_shs_vec        0
 #define TCG_TARGET_HAS_shv_vec        0
-#define TCG_TARGET_HAS_mul_vec        0
+#define TCG_TARGET_HAS_mul_vec        1
 #define TCG_TARGET_HAS_sat_vec        0
 #define TCG_TARGET_HAS_minmax_vec     0
 #define TCG_TARGET_HAS_bitsel_vec     0
diff --git a/tcg/s390x/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/s390x/tcg-target.c.inc
+++ b/tcg/s390x/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ typedef enum S390Opcode {
     VRRc_VCEQ   = 0xe7f8,   /* we leave the m5 cs field 0 */
     VRRc_VCH    = 0xe7fb,   /* " */
     VRRc_VCHL   = 0xe7f9,   /* " */
+    VRRc_VML    = 0xe7a2,
     VRRc_VN     = 0xe768,
     VRRc_VNC    = 0xe769,
     VRRc_VNO    = 0xe76b,
@@ -XXX,XX +XXX,XX @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
     case INDEX_op_andc_vec:
         tcg_out_insn(s, VRRc, VNC, a0, a1, a2, 0);
         break;
+    case INDEX_op_mul_vec:
+        tcg_out_insn(s, VRRc, VML, a0, a1, a2, vece);
+        break;
     case INDEX_op_or_vec:
         tcg_out_insn(s, VRRc, VO, a0, a1, a2, 0);
         break;
@@ -XXX,XX +XXX,XX @@ int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, unsigned vece)
         return 1;
     case INDEX_op_cmp_vec:
         return -1;
+    case INDEX_op_mul_vec:
+        return vece < MO_64;
     default:
         return 0;
     }
@@ -XXX,XX +XXX,XX @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
     case INDEX_op_orc_vec:
     case INDEX_op_xor_vec:
     case INDEX_op_cmp_vec:
+    case INDEX_op_mul_vec:
         return C_O1_I2(v, v, v);
 
     default:
-- 
2.25.1

Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/s390x/tcg-target-con-set.h |  1 +
 tcg/s390x/tcg-target.h         | 12 ++---
 tcg/s390x/tcg-target.c.inc     | 93 +++++++++++++++++++++++++++++++++-
 3 files changed, 99 insertions(+), 7 deletions(-)

Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/s390x/tcg-target.h     |  2 +-
 tcg/s390x/tcg-target.c.inc | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/tcg/s390x/tcg-target.h b/tcg/s390x/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/s390x/tcg-target.h
+++ b/tcg/s390x/tcg-target.h
@@ -XXX,XX +XXX,XX @@ extern uint64_t s390_facilities[3];
 #define TCG_TARGET_HAS_shv_vec        1
 #define TCG_TARGET_HAS_mul_vec        1
 #define TCG_TARGET_HAS_sat_vec        0
-#define TCG_TARGET_HAS_minmax_vec     0
+#define TCG_TARGET_HAS_minmax_vec     1
 #define TCG_TARGET_HAS_bitsel_vec     0
 #define TCG_TARGET_HAS_cmpsel_vec     0
 
diff --git a/tcg/s390x/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/s390x/tcg-target.c.inc
+++ b/tcg/s390x/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ typedef enum S390Opcode {
     VRRc_VESRAV = 0xe77a,
     VRRc_VESRLV = 0xe778,
     VRRc_VML    = 0xe7a2,
+    VRRc_VMN    = 0xe7fe,
+    VRRc_VMNL   = 0xe7fc,
+    VRRc_VMX    = 0xe7ff,
+    VRRc_VMXL   = 0xe7fd,
     VRRc_VN     = 0xe768,
     VRRc_VNC    = 0xe769,
     VRRc_VNO    = 0xe76b,
@@ -XXX,XX +XXX,XX @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
         tcg_out_insn(s, VRRc, VERLLV, a0, a1, a2, vece);
         break;
 
+    case INDEX_op_smin_vec:
+        tcg_out_insn(s, VRRc, VMN, a0, a1, a2, vece);
+        break;
+    case INDEX_op_smax_vec:
+        tcg_out_insn(s, VRRc, VMX, a0, a1, a2, vece);
+        break;
+    case INDEX_op_umin_vec:
+        tcg_out_insn(s, VRRc, VMNL, a0, a1, a2, vece);
+        break;
+    case INDEX_op_umax_vec:
+        tcg_out_insn(s, VRRc, VMXL, a0, a1, a2, vece);
+        break;
+
     case INDEX_op_cmp_vec:
         switch ((TCGCond)args[3]) {
         case TCG_COND_EQ:
@@ -XXX,XX +XXX,XX @@ int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, unsigned vece)
     case INDEX_op_shri_vec:
     case INDEX_op_shrs_vec:
     case INDEX_op_shrv_vec:
+    case INDEX_op_smax_vec:
+    case INDEX_op_smin_vec:
     case INDEX_op_sub_vec:
+    case INDEX_op_umax_vec:
+    case INDEX_op_umin_vec:
     case INDEX_op_xor_vec:
         return 1;
     case INDEX_op_cmp_vec:
@@ -XXX,XX +XXX,XX @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
     case INDEX_op_shlv_vec:
     case INDEX_op_shrv_vec:
     case INDEX_op_sarv_vec:
+    case INDEX_op_smax_vec:
+    case INDEX_op_smin_vec:
+    case INDEX_op_umax_vec:
+    case INDEX_op_umin_vec:
         return C_O1_I2(v, v, v);
     case INDEX_op_rotls_vec:
     case INDEX_op_shls_vec:
-- 
2.25.1

The unsigned saturations are handled via generic code
using min/max.  The signed saturations are expanded using
double-sized arithmetic and a saturating pack.

Since all operations are done via expansion, do not
actually set TCG_TARGET_HAS_sat_vec.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/s390x/tcg-target.opc.h |  3 ++
 tcg/s390x/tcg-target.c.inc | 63 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 66 insertions(+)

diff --git a/tcg/s390x/tcg-target.opc.h b/tcg/s390x/tcg-target.opc.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/s390x/tcg-target.opc.h
+++ b/tcg/s390x/tcg-target.opc.h
@@ -XXX,XX +XXX,XX @@
  * emitted by tcg_expand_vec_op.  For those familiar with GCC internals,
  * consider these to be UNSPEC with names.
  */
+DEF(s390_vuph_vec, 1, 1, 0, IMPLVEC)
+DEF(s390_vupl_vec, 1, 1, 0, IMPLVEC)
+DEF(s390_vpks_vec, 1, 2, 0, IMPLVEC)
diff --git a/tcg/s390x/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/s390x/tcg-target.c.inc
+++ b/tcg/s390x/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ typedef enum S390Opcode {
     VRRc_VNO    = 0xe76b,
     VRRc_VO     = 0xe76a,
     VRRc_VOC    = 0xe76f,
+    VRRc_VPKS   = 0xe797,   /* we leave the m5 cs field 0 */
     VRRc_VS     = 0xe7f7,
+    VRRa_VUPH   = 0xe7d7,
+    VRRa_VUPL   = 0xe7d6,
     VRRc_VX     = 0xe76d,
     VRRf_VLVGP  = 0xe762,
 
@@ -XXX,XX +XXX,XX @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
         }
         break;
 
+    case INDEX_op_s390_vuph_vec:
+        tcg_out_insn(s, VRRa, VUPH, a0, a1, vece);
+        break;
+    case INDEX_op_s390_vupl_vec:
+        tcg_out_insn(s, VRRa, VUPL, a0, a1, vece);
+        break;
+    case INDEX_op_s390_vpks_vec:
+        tcg_out_insn(s, VRRc, VPKS, a0, a1, a2, vece);
+        break;
+
     case INDEX_op_mov_vec:   /* Always emitted via tcg_out_mov.  */
     case INDEX_op_dup_vec:   /* Always emitted via tcg_out_dup_vec.  */
     default:
@@ -XXX,XX +XXX,XX @@ int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, unsigned vece)
         return -1;
     case INDEX_op_mul_vec:
         return vece < MO_64;
+    case INDEX_op_ssadd_vec:
+    case INDEX_op_sssub_vec:
+        return vece < MO_64 ? -1 : 0;
     default:
         return 0;
     }
@@ -XXX,XX +XXX,XX @@ static void expand_vec_cmp(TCGType type, unsigned vece, TCGv_vec v0,
     }
 }
 
+static void expand_vec_sat(TCGType type, unsigned vece, TCGv_vec v0,
+                           TCGv_vec v1, TCGv_vec v2, TCGOpcode add_sub_opc)
+{
+    TCGv_vec h1 = tcg_temp_new_vec(type);
+    TCGv_vec h2 = tcg_temp_new_vec(type);
+    TCGv_vec l1 = tcg_temp_new_vec(type);
+    TCGv_vec l2 = tcg_temp_new_vec(type);
+
+    tcg_debug_assert (vece < MO_64);
+
+    /* Unpack with sign-extension. */
+    vec_gen_2(INDEX_op_s390_vuph_vec, type, vece,
+              tcgv_vec_arg(h1), tcgv_vec_arg(v1));
+    vec_gen_2(INDEX_op_s390_vuph_vec, type, vece,
+              tcgv_vec_arg(h2), tcgv_vec_arg(v2));
+
+    vec_gen_2(INDEX_op_s390_vupl_vec, type, vece,
+              tcgv_vec_arg(l1), tcgv_vec_arg(v1));
+    vec_gen_2(INDEX_op_s390_vupl_vec, type, vece,
+              tcgv_vec_arg(l2), tcgv_vec_arg(v2));
+
+    /* Arithmetic on a wider element size. */
+    vec_gen_3(add_sub_opc, type, vece + 1, tcgv_vec_arg(h1),
+              tcgv_vec_arg(h1), tcgv_vec_arg(h2));
+    vec_gen_3(add_sub_opc, type, vece + 1, tcgv_vec_arg(l1),
+              tcgv_vec_arg(l1), tcgv_vec_arg(l2));
+
+    /* Pack with saturation. */
+    vec_gen_3(INDEX_op_s390_vpks_vec, type, vece + 1,
+              tcgv_vec_arg(v0), tcgv_vec_arg(h1), tcgv_vec_arg(l1));
+
+    tcg_temp_free_vec(h1);
+    tcg_temp_free_vec(h2);
+    tcg_temp_free_vec(l1);
+    tcg_temp_free_vec(l2);
+}
+
 void tcg_expand_vec_op(TCGOpcode opc, TCGType type, unsigned vece,
                        TCGArg a0, ...)
 {
@@ -XXX,XX +XXX,XX @@ void tcg_expand_vec_op(TCGOpcode opc, TCGType type, unsigned vece,
         tcg_temp_free_vec(t0);
         break;
 
+    case INDEX_op_ssadd_vec:
+        expand_vec_sat(type, vece, v0, v1, v2, INDEX_op_add_vec);
+        break;
+    case INDEX_op_sssub_vec:
+        expand_vec_sat(type, vece, v0, v1, v2, INDEX_op_sub_vec);
+        break;
+
     default:
         g_assert_not_reached();
     }
@@ -XXX,XX +XXX,XX @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
     case INDEX_op_sari_vec:
     case INDEX_op_shli_vec:
     case INDEX_op_shri_vec:
+    case INDEX_op_s390_vuph_vec:
+    case INDEX_op_s390_vupl_vec:
         return C_O1_I1(v, v);
     case INDEX_op_add_vec:
     case INDEX_op_sub_vec:
@@ -XXX,XX +XXX,XX @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
     case INDEX_op_smin_vec:
     case INDEX_op_umax_vec:
     case INDEX_op_umin_vec:
+    case INDEX_op_s390_vpks_vec:
         return C_O1_I2(v, v, v);
     case INDEX_op_rotls_vec:
     case INDEX_op_shls_vec:
-- 
2.25.1

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/s390x/tcg-target-con-set.h |  1 +
 tcg/s390x/tcg-target.h         |  2 +-
 tcg/s390x/tcg-target.c.inc     | 20 ++++++++++++++++++++
 3 files changed, 22 insertions(+), 1 deletion(-)

This is via expansion; don't actually set TCG_TARGET_HAS_cmpsel_vec.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/s390x/tcg-target.c.inc | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/tcg/s390x/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/s390x/tcg-target.c.inc
+++ b/tcg/s390x/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, unsigned vece)
     case INDEX_op_xor_vec:
         return 1;
     case INDEX_op_cmp_vec:
+    case INDEX_op_cmpsel_vec:
     case INDEX_op_rotrv_vec:
         return -1;
     case INDEX_op_mul_vec:
@@ -XXX,XX +XXX,XX @@ static void expand_vec_cmp(TCGType type, unsigned vece, TCGv_vec v0,
     }
 }
 
+static void expand_vec_cmpsel(TCGType type, unsigned vece, TCGv_vec v0,
+                              TCGv_vec c1, TCGv_vec c2,
+                              TCGv_vec v3, TCGv_vec v4, TCGCond cond)
+{
+    TCGv_vec t = tcg_temp_new_vec(type);
+
+    if (expand_vec_cmp_noinv(type, vece, t, c1, c2, cond)) {
+        /* Invert the sense of the compare by swapping arguments.  */
+        tcg_gen_bitsel_vec(vece, v0, t, v4, v3);
+    } else {
+        tcg_gen_bitsel_vec(vece, v0, t, v3, v4);
+    }
+    tcg_temp_free_vec(t);
+}
+
 static void expand_vec_sat(TCGType type, unsigned vece, TCGv_vec v0,
                            TCGv_vec v1, TCGv_vec v2, TCGOpcode add_sub_opc)
 {
@@ -XXX,XX +XXX,XX @@ void tcg_expand_vec_op(TCGOpcode opc, TCGType type, unsigned vece,
                        TCGArg a0, ...)
 {
     va_list va;
-    TCGv_vec v0, v1, v2, t0;
+    TCGv_vec v0, v1, v2, v3, v4, t0;
 
     va_start(va, a0);
     v0 = temp_tcgv_vec(arg_temp(a0));
@@ -XXX,XX +XXX,XX @@ void tcg_expand_vec_op(TCGOpcode opc, TCGType type, unsigned vece,
         expand_vec_cmp(type, vece, v0, v1, v2, va_arg(va, TCGArg));
         break;
 
+    case INDEX_op_cmpsel_vec:
+        v3 = temp_tcgv_vec(arg_temp(va_arg(va, TCGArg)));
+        v4 = temp_tcgv_vec(arg_temp(va_arg(va, TCGArg)));
+        expand_vec_cmpsel(type, vece, v0, v1, v2, v3, v4, va_arg(va, TCGArg));
+        break;
+
     case INDEX_op_rotrv_vec:
         t0 = tcg_temp_new_vec(type);
         tcg_gen_neg_vec(vece, t0, v2);
-- 
2.25.1

TCG patch queue, plus one target/sh4 patch that
Yoshinori Sato asked me to process.

The following changes since commit efbf38d73e5dcc4d5f8b98c6e7a12be1f3b91745:

Merge tag 'for-upstream' of git://repo.or.cz/qemu/kevin into staging (2022-10-03 15:06:07 -0400)

are available in the Git repository at:

https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20221004

for you to fetch changes up to ab419fd8a035a65942de4e63effcd55ccbf1a9fe:

target/sh4: Fix TB_FLAG_UNALIGN (2022-10-04 12:33:05 -0700)

----------------------------------------------------------------
Cache CPUClass for use in hot code paths.
Add CPUTLBEntryFull, probe_access_full, tlb_set_page_full.
Add generic support for TARGET_TB_PCREL.
tcg/ppc: Optimize 26-bit jumps using STQ for POWER 2.07
target/sh4: Fix TB_FLAG_UNALIGN

----------------------------------------------------------------
Alex Bennée (3):
      cpu: cache CPUClass in CPUState for hot code paths
      hw/core/cpu-sysemu: used cached class in cpu_asidx_from_attrs
      cputlb: used cached CPUClass in our hot-paths

Leandro Lupori (1):
      tcg/ppc: Optimize 26-bit jumps

Richard Henderson (16):
      accel/tcg: Rename CPUIOTLBEntry to CPUTLBEntryFull
      accel/tcg: Drop addr member from SavedIOTLB
      accel/tcg: Suppress auto-invalidate in probe_access_internal
      accel/tcg: Introduce probe_access_full
      accel/tcg: Introduce tlb_set_page_full
      include/exec: Introduce TARGET_PAGE_ENTRY_EXTRA
      accel/tcg: Remove PageDesc code_bitmap
      accel/tcg: Use bool for page_find_alloc
      accel/tcg: Use DisasContextBase in plugin_gen_tb_start
      accel/tcg: Do not align tb->page_addr[0]
      accel/tcg: Inline tb_flush_jmp_cache
      include/hw/core: Create struct CPUJumpCache
      hw/core: Add CPUClass.get_pc
      accel/tcg: Introduce tb_pc and log_pc
      accel/tcg: Introduce TARGET_TB_PCREL
      target/sh4: Fix TB_FLAG_UNALIGN

From: Alex Bennée <alex.bennee@linaro.org>

The class cast checkers are quite expensive and always on (unlike the
dynamic case who's checks are gated by CONFIG_QOM_CAST_DEBUG). To
avoid the overhead of repeatedly checking something which should never
change we cache the CPUClass reference for use in the hot code paths.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220811151413.3350684-3-alex.bennee@linaro.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220923084803.498337-3-clg@kaod.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/hw/core/cpu.h | 9 +++++++++
 cpu.c                 | 9 ++++-----
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -XXX,XX +XXX,XX @@ typedef int (*WriteCoreDumpFunction)(const void *buf, size_t size,
  */
 #define CPU(obj) ((CPUState *)(obj))
 
+/*
+ * The class checkers bring in CPU_GET_CLASS() which is potentially
+ * expensive given the eventual call to
+ * object_class_dynamic_cast_assert(). Because of this the CPUState
+ * has a cached value for the class in cs->cc which is set up in
+ * cpu_exec_realizefn() for use in hot code paths.
+ */
 typedef struct CPUClass CPUClass;
 DECLARE_CLASS_CHECKERS(CPUClass, CPU,
                        TYPE_CPU)
@@ -XXX,XX +XXX,XX @@ struct qemu_work_item;
 struct CPUState {
     /*< private >*/
     DeviceState parent_obj;
+    /* cache to avoid expensive CPU_GET_CLASS */
+    CPUClass *cc;
     /*< public >*/
 
     int nr_cores;
diff --git a/cpu.c b/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/cpu.c
+++ b/cpu.c
@@ -XXX,XX +XXX,XX @@ const VMStateDescription vmstate_cpu_common = {
 
 void cpu_exec_realizefn(CPUState *cpu, Error **errp)
 {
-#ifndef CONFIG_USER_ONLY
-    CPUClass *cc = CPU_GET_CLASS(cpu);
-#endif
+    /* cache the cpu class for the hotpath */
+    cpu->cc = CPU_GET_CLASS(cpu);
 
     cpu_list_add(cpu);
     if (!accel_cpu_realizefn(cpu, errp)) {
@@ -XXX,XX +XXX,XX @@ void cpu_exec_realizefn(CPUState *cpu, Error **errp)
     if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
         vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
     }
-    if (cc->sysemu_ops->legacy_vmsd != NULL) {
-        vmstate_register(NULL, cpu->cpu_index, cc->sysemu_ops->legacy_vmsd, cpu);
+    if (cpu->cc->sysemu_ops->legacy_vmsd != NULL) {
+        vmstate_register(NULL, cpu->cpu_index, cpu->cc->sysemu_ops->legacy_vmsd, cpu);
     }
 #endif /* CONFIG_USER_ONLY */
 }
-- 
2.34.1

From: Alex Bennée <alex.bennee@linaro.org>

This is a heavily used function so lets avoid the cost of
CPU_GET_CLASS. On the romulus-bmc run it has a modest effect:

Before: 36.812 s ±  0.506 s
  After:  35.912 s ±  0.168 s

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220811151413.3350684-4-alex.bennee@linaro.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220923084803.498337-4-clg@kaod.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 hw/core/cpu-sysemu.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/hw/core/cpu-sysemu.c b/hw/core/cpu-sysemu.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/core/cpu-sysemu.c
+++ b/hw/core/cpu-sysemu.c
@@ -XXX,XX +XXX,XX @@ hwaddr cpu_get_phys_page_debug(CPUState *cpu, vaddr addr)
 
 int cpu_asidx_from_attrs(CPUState *cpu, MemTxAttrs attrs)
 {
-    CPUClass *cc = CPU_GET_CLASS(cpu);
     int ret = 0;
 
-    if (cc->sysemu_ops->asidx_from_attrs) {
-        ret = cc->sysemu_ops->asidx_from_attrs(cpu, attrs);
+    if (cpu->cc->sysemu_ops->asidx_from_attrs) {
+        ret = cpu->cc->sysemu_ops->asidx_from_attrs(cpu, attrs);
         assert(ret < cpu->num_ases && ret >= 0);
     }
     return ret;
-- 
2.34.1

From: Alex Bennée <alex.bennee@linaro.org>

Before: 35.912 s ±  0.168 s
  After: 35.565 s ±  0.087 s

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220811151413.3350684-5-alex.bennee@linaro.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220923084803.498337-5-clg@kaod.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/cputlb.c | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ void tlb_set_page(CPUState *cpu, target_ulong vaddr,
 static void tlb_fill(CPUState *cpu, target_ulong addr, int size,
                      MMUAccessType access_type, int mmu_idx, uintptr_t retaddr)
 {
-    CPUClass *cc = CPU_GET_CLASS(cpu);
     bool ok;
 
     /*
      * This is not a probe, so only valid return is success; failure
      * should result in exception + longjmp to the cpu loop.
      */
-    ok = cc->tcg_ops->tlb_fill(cpu, addr, size,
-                               access_type, mmu_idx, false, retaddr);
+    ok = cpu->cc->tcg_ops->tlb_fill(cpu, addr, size,
+                                    access_type, mmu_idx, false, retaddr);
     assert(ok);
 }
 
@@ -XXX,XX +XXX,XX @@ static inline void cpu_unaligned_access(CPUState *cpu, vaddr addr,
                                         MMUAccessType access_type,
                                         int mmu_idx, uintptr_t retaddr)
 {
-    CPUClass *cc = CPU_GET_CLASS(cpu);
-
-    cc->tcg_ops->do_unaligned_access(cpu, addr, access_type, mmu_idx, retaddr);
+    cpu->cc->tcg_ops->do_unaligned_access(cpu, addr, access_type,
+                                          mmu_idx, retaddr);
 }
 
 static inline void cpu_transaction_failed(CPUState *cpu, hwaddr physaddr,
@@ -XXX,XX +XXX,XX @@ static int probe_access_internal(CPUArchState *env, target_ulong addr,
     if (!tlb_hit_page(tlb_addr, page_addr)) {
         if (!victim_tlb_hit(env, mmu_idx, index, elt_ofs, page_addr)) {
             CPUState *cs = env_cpu(env);
-            CPUClass *cc = CPU_GET_CLASS(cs);
 
-            if (!cc->tcg_ops->tlb_fill(cs, addr, fault_size, access_type,
-                                       mmu_idx, nonfault, retaddr)) {
+            if (!cs->cc->tcg_ops->tlb_fill(cs, addr, fault_size, access_type,
+                                           mmu_idx, nonfault, retaddr)) {
                 /* Non-faulting page table read failed.  */
                 *phost = NULL;
                 return TLB_INVALID_MASK;
-- 
2.34.1

This structure will shortly contain more than just
data for accessing MMIO.  Rename the 'addr' member
to 'xlat_section' to more clearly indicate its purpose.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/exec/cpu-defs.h    |  22 ++++----
 accel/tcg/cputlb.c         | 102 +++++++++++++++++++------------------
 target/arm/mte_helper.c    |  14 ++---
 target/arm/sve_helper.c    |   4 +-
 target/arm/translate-a64.c |   2 +-
 5 files changed, 73 insertions(+), 71 deletions(-)

diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/cpu-defs.h
+++ b/include/exec/cpu-defs.h
@@ -XXX,XX +XXX,XX @@ typedef uint64_t target_ulong;
 #  endif
 # endif
 
+/* Minimalized TLB entry for use by TCG fast path. */
 typedef struct CPUTLBEntry {
     /* bit TARGET_LONG_BITS to TARGET_PAGE_BITS : virtual address
        bit TARGET_PAGE_BITS-1..4  : Nonzero for accesses that should not
@@ -XXX,XX +XXX,XX @@ typedef struct CPUTLBEntry {
 
 QEMU_BUILD_BUG_ON(sizeof(CPUTLBEntry) != (1 << CPU_TLB_ENTRY_BITS));
 
-/* The IOTLB is not accessed directly inline by generated TCG code,
- * so the CPUIOTLBEntry layout is not as critical as that of the
- * CPUTLBEntry. (This is also why we don't want to combine the two
- * structs into one.)
+/*
+ * The full TLB entry, which is not accessed by generated TCG code,
+ * so the layout is not as critical as that of CPUTLBEntry. This is
+ * also why we don't want to combine the two structs.
  */
-typedef struct CPUIOTLBEntry {
+typedef struct CPUTLBEntryFull {
     /*
-     * @addr contains:
+     * @xlat_section contains:
      *  - in the lower TARGET_PAGE_BITS, a physical section number
      *  - with the lower TARGET_PAGE_BITS masked off, an offset which
      *    must be added to the virtual address to obtain:
@@ -XXX,XX +XXX,XX @@ typedef struct CPUIOTLBEntry {
      *       number is PHYS_SECTION_NOTDIRTY or PHYS_SECTION_ROM)
      *     + the offset within the target MemoryRegion (otherwise)
      */
-    hwaddr addr;
+    hwaddr xlat_section;
     MemTxAttrs attrs;
-} CPUIOTLBEntry;
+} CPUTLBEntryFull;
 
 /*
  * Data elements that are per MMU mode, minus the bits accessed by
@@ -XXX,XX +XXX,XX @@ typedef struct CPUTLBDesc {
     size_t vindex;
     /* The tlb victim table, in two parts.  */
     CPUTLBEntry vtable[CPU_VTLB_SIZE];
-    CPUIOTLBEntry viotlb[CPU_VTLB_SIZE];
-    /* The iotlb.  */
-    CPUIOTLBEntry *iotlb;
+    CPUTLBEntryFull vfulltlb[CPU_VTLB_SIZE];
+    CPUTLBEntryFull *fulltlb;
 } CPUTLBDesc;
 
 /*
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ static void tlb_mmu_resize_locked(CPUTLBDesc *desc, CPUTLBDescFast *fast,
     }
 
     g_free(fast->table);
-    g_free(desc->iotlb);
+    g_free(desc->fulltlb);
 
     tlb_window_reset(desc, now, 0);
     /* desc->n_used_entries is cleared by the caller */
     fast->mask = (new_size - 1) << CPU_TLB_ENTRY_BITS;
     fast->table = g_try_new(CPUTLBEntry, new_size);
-    desc->iotlb = g_try_new(CPUIOTLBEntry, new_size);
+    desc->fulltlb = g_try_new(CPUTLBEntryFull, new_size);
 
     /*
      * If the allocations fail, try smaller sizes. We just freed some
@@ -XXX,XX +XXX,XX @@ static void tlb_mmu_resize_locked(CPUTLBDesc *desc, CPUTLBDescFast *fast,
      * allocations to fail though, so we progressively reduce the allocation
      * size, aborting if we cannot even allocate the smallest TLB we support.
      */
-    while (fast->table == NULL || desc->iotlb == NULL) {
+    while (fast->table == NULL || desc->fulltlb == NULL) {
         if (new_size == (1 << CPU_TLB_DYN_MIN_BITS)) {
             error_report("%s: %s", __func__, strerror(errno));
             abort();
@@ -XXX,XX +XXX,XX @@ static void tlb_mmu_resize_locked(CPUTLBDesc *desc, CPUTLBDescFast *fast,
         fast->mask = (new_size - 1) << CPU_TLB_ENTRY_BITS;
 
         g_free(fast->table);
-        g_free(desc->iotlb);
+        g_free(desc->fulltlb);
         fast->table = g_try_new(CPUTLBEntry, new_size);
-        desc->iotlb = g_try_new(CPUIOTLBEntry, new_size);
+        desc->fulltlb = g_try_new(CPUTLBEntryFull, new_size);
     }
 }
 
@@ -XXX,XX +XXX,XX @@ static void tlb_mmu_init(CPUTLBDesc *desc, CPUTLBDescFast *fast, int64_t now)
     desc->n_used_entries = 0;
     fast->mask = (n_entries - 1) << CPU_TLB_ENTRY_BITS;
     fast->table = g_new(CPUTLBEntry, n_entries);
-    desc->iotlb = g_new(CPUIOTLBEntry, n_entries);
+    desc->fulltlb = g_new(CPUTLBEntryFull, n_entries);
     tlb_mmu_flush_locked(desc, fast);
 }
 
@@ -XXX,XX +XXX,XX @@ void tlb_destroy(CPUState *cpu)
         CPUTLBDescFast *fast = &env_tlb(env)->f[i];
 
         g_free(fast->table);
-        g_free(desc->iotlb);
+        g_free(desc->fulltlb);
     }
 }
 
@@ -XXX,XX +XXX,XX @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
 
         /* Evict the old entry into the victim tlb.  */
         copy_tlb_helper_locked(tv, te);
-        desc->viotlb[vidx] = desc->iotlb[index];
+        desc->vfulltlb[vidx] = desc->fulltlb[index];
         tlb_n_used_entries_dec(env, mmu_idx);
     }
 
@@ -XXX,XX +XXX,XX @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
      * subtract here is that of the page base, and not the same as the
      * vaddr we add back in io_readx()/io_writex()/get_page_addr_code().
      */
-    desc->iotlb[index].addr = iotlb - vaddr_page;
-    desc->iotlb[index].attrs = attrs;
+    desc->fulltlb[index].xlat_section = iotlb - vaddr_page;
+    desc->fulltlb[index].attrs = attrs;
 
     /* Now calculate the new entry */
     tn.addend = addend - vaddr_page;
@@ -XXX,XX +XXX,XX @@ static inline void cpu_transaction_failed(CPUState *cpu, hwaddr physaddr,
     }
 }
 
-static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
+static uint64_t io_readx(CPUArchState *env, CPUTLBEntryFull *full,
                          int mmu_idx, target_ulong addr, uintptr_t retaddr,
                          MMUAccessType access_type, MemOp op)
 {
@@ -XXX,XX +XXX,XX @@ static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
     bool locked = false;
     MemTxResult r;
 
-    section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
+    section = iotlb_to_section(cpu, full->xlat_section, full->attrs);
     mr = section->mr;
-    mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
+    mr_offset = (full->xlat_section & TARGET_PAGE_MASK) + addr;
     cpu->mem_io_pc = retaddr;
     if (!cpu->can_do_io) {
         cpu_io_recompile(cpu, retaddr);
@@ -XXX,XX +XXX,XX @@ static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
         qemu_mutex_lock_iothread();
         locked = true;
     }
-    r = memory_region_dispatch_read(mr, mr_offset, &val, op, iotlbentry->attrs);
+    r = memory_region_dispatch_read(mr, mr_offset, &val, op, full->attrs);
     if (r != MEMTX_OK) {
         hwaddr physaddr = mr_offset +
             section->offset_within_address_space -
             section->offset_within_region;
 
         cpu_transaction_failed(cpu, physaddr, addr, memop_size(op), access_type,
-                               mmu_idx, iotlbentry->attrs, r, retaddr);
+                               mmu_idx, full->attrs, r, retaddr);
     }
     if (locked) {
         qemu_mutex_unlock_iothread();
@@ -XXX,XX +XXX,XX @@ static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
 }
 
 /*
- * Save a potentially trashed IOTLB entry for later lookup by plugin.
- * This is read by tlb_plugin_lookup if the iotlb entry doesn't match
+ * Save a potentially trashed CPUTLBEntryFull for later lookup by plugin.
+ * This is read by tlb_plugin_lookup if the fulltlb entry doesn't match
  * because of the side effect of io_writex changing memory layout.
  */
 static void save_iotlb_data(CPUState *cs, hwaddr addr,
@@ -XXX,XX +XXX,XX @@ static void save_iotlb_data(CPUState *cs, hwaddr addr,
 #endif
 }
 
-static void io_writex(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
+static void io_writex(CPUArchState *env, CPUTLBEntryFull *full,
                       int mmu_idx, uint64_t val, target_ulong addr,
                       uintptr_t retaddr, MemOp op)
 {
@@ -XXX,XX +XXX,XX @@ static void io_writex(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
     bool locked = false;
     MemTxResult r;
 
-    section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
+    section = iotlb_to_section(cpu, full->xlat_section, full->attrs);
     mr = section->mr;
-    mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
+    mr_offset = (full->xlat_section & TARGET_PAGE_MASK) + addr;
     if (!cpu->can_do_io) {
         cpu_io_recompile(cpu, retaddr);
     }
@@ -XXX,XX +XXX,XX @@ static void io_writex(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
      * The memory_region_dispatch may trigger a flush/resize
      * so for plugins we save the iotlb_data just in case.
      */
-    save_iotlb_data(cpu, iotlbentry->addr, section, mr_offset);
+    save_iotlb_data(cpu, full->xlat_section, section, mr_offset);
 
     if (!qemu_mutex_iothread_locked()) {
         qemu_mutex_lock_iothread();
         locked = true;
     }
-    r = memory_region_dispatch_write(mr, mr_offset, val, op, iotlbentry->attrs);
+    r = memory_region_dispatch_write(mr, mr_offset, val, op, full->attrs);
     if (r != MEMTX_OK) {
         hwaddr physaddr = mr_offset +
             section->offset_within_address_space -
             section->offset_within_region;
 
         cpu_transaction_failed(cpu, physaddr, addr, memop_size(op),
-                               MMU_DATA_STORE, mmu_idx, iotlbentry->attrs, r,
+                               MMU_DATA_STORE, mmu_idx, full->attrs, r,
                                retaddr);
     }
     if (locked) {
@@ -XXX,XX +XXX,XX @@ static bool victim_tlb_hit(CPUArchState *env, size_t mmu_idx, size_t index,
             copy_tlb_helper_locked(vtlb, &tmptlb);
             qemu_spin_unlock(&env_tlb(env)->c.lock);
 
-            CPUIOTLBEntry tmpio, *io = &env_tlb(env)->d[mmu_idx].iotlb[index];
-            CPUIOTLBEntry *vio = &env_tlb(env)->d[mmu_idx].viotlb[vidx];
-            tmpio = *io; *io = *vio; *vio = tmpio;
+            CPUTLBEntryFull *f1 = &env_tlb(env)->d[mmu_idx].fulltlb[index];
+            CPUTLBEntryFull *f2 = &env_tlb(env)->d[mmu_idx].vfulltlb[vidx];
+            CPUTLBEntryFull tmpf;
+            tmpf = *f1; *f1 = *f2; *f2 = tmpf;
             return true;
         }
     }
@@ -XXX,XX +XXX,XX @@ static bool victim_tlb_hit(CPUArchState *env, size_t mmu_idx, size_t index,
                  (ADDR) & TARGET_PAGE_MASK)
 
 static void notdirty_write(CPUState *cpu, vaddr mem_vaddr, unsigned size,
-                           CPUIOTLBEntry *iotlbentry, uintptr_t retaddr)
+                           CPUTLBEntryFull *full, uintptr_t retaddr)
 {
-    ram_addr_t ram_addr = mem_vaddr + iotlbentry->addr;
+    ram_addr_t ram_addr = mem_vaddr + full->xlat_section;
 
     trace_memory_notdirty_write_access(mem_vaddr, ram_addr, size);
 
@@ -XXX,XX +XXX,XX @@ int probe_access_flags(CPUArchState *env, target_ulong addr,
     /* Handle clean RAM pages.  */
     if (unlikely(flags & TLB_NOTDIRTY)) {
         uintptr_t index = tlb_index(env, mmu_idx, addr);
-        CPUIOTLBEntry *iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
+        CPUTLBEntryFull *full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
 
-        notdirty_write(env_cpu(env), addr, 1, iotlbentry, retaddr);
+        notdirty_write(env_cpu(env), addr, 1, full, retaddr);
         flags &= ~TLB_NOTDIRTY;
     }
 
@@ -XXX,XX +XXX,XX @@ void *probe_access(CPUArchState *env, target_ulong addr, int size,
 
     if (unlikely(flags & (TLB_NOTDIRTY | TLB_WATCHPOINT))) {
         uintptr_t index = tlb_index(env, mmu_idx, addr);
-        CPUIOTLBEntry *iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
+        CPUTLBEntryFull *full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
 
         /* Handle watchpoints.  */
         if (flags & TLB_WATCHPOINT) {
             int wp_access = (access_type == MMU_DATA_STORE
                              ? BP_MEM_WRITE : BP_MEM_READ);
             cpu_check_watchpoint(env_cpu(env), addr, size,
-                                 iotlbentry->attrs, wp_access, retaddr);
+                                 full->attrs, wp_access, retaddr);
         }
 
         /* Handle clean RAM pages.  */
         if (flags & TLB_NOTDIRTY) {
-            notdirty_write(env_cpu(env), addr, 1, iotlbentry, retaddr);
+            notdirty_write(env_cpu(env), addr, 1, full, retaddr);
         }
     }
 
@@ -XXX,XX +XXX,XX @@ tb_page_addr_t get_page_addr_code_hostp(CPUArchState *env, target_ulong addr,
  * should have just filled the TLB. The one corner case is io_writex
  * which can cause TLB flushes and potential resizing of the TLBs
  * losing the information we need. In those cases we need to recover
- * data from a copy of the iotlbentry. As long as this always occurs
+ * data from a copy of the CPUTLBEntryFull. As long as this always occurs
  * from the same thread (which a mem callback will be) this is safe.
  */
 
@@ -XXX,XX +XXX,XX @@ bool tlb_plugin_lookup(CPUState *cpu, target_ulong addr, int mmu_idx,
     if (likely(tlb_hit(tlb_addr, addr))) {
         /* We must have an iotlb entry for MMIO */
         if (tlb_addr & TLB_MMIO) {
-            CPUIOTLBEntry *iotlbentry;
-            iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
+            CPUTLBEntryFull *full;
+            full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
             data->is_io = true;
-            data->v.io.section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
-            data->v.io.offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
+            data->v.io.section =
+                iotlb_to_section(cpu, full->xlat_section, full->attrs);
+            data->v.io.offset = (full->xlat_section & TARGET_PAGE_MASK) + addr;
         } else {
             data->is_io = false;
             data->v.ram.hostaddr = (void *)((uintptr_t)addr + tlbe->addend);
@@ -XXX,XX +XXX,XX @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
 
     if (unlikely(tlb_addr & TLB_NOTDIRTY)) {
         notdirty_write(env_cpu(env), addr, size,
-                       &env_tlb(env)->d[mmu_idx].iotlb[index], retaddr);
+                       &env_tlb(env)->d[mmu_idx].fulltlb[index], retaddr);
     }
 
     return hostaddr;
@@ -XXX,XX +XXX,XX @@ load_helper(CPUArchState *env, target_ulong addr, MemOpIdx oi,
 
     /* Handle anything that isn't just a straight memory access.  */
     if (unlikely(tlb_addr & ~TARGET_PAGE_MASK)) {
-        CPUIOTLBEntry *iotlbentry;
+        CPUTLBEntryFull *full;
         bool need_swap;
 
         /* For anything that is unaligned, recurse through full_load.  */
@@ -XXX,XX +XXX,XX @@ load_helper(CPUArchState *env, target_ulong addr, MemOpIdx oi,
             goto do_unaligned_access;
         }
 
-        iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
+        full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
 
         /* Handle watchpoints.  */
         if (unlikely(tlb_addr & TLB_WATCHPOINT)) {
             /* On watchpoint hit, this will longjmp out.  */
             cpu_check_watchpoint(env_cpu(env), addr, size,
-                                 iotlbentry->attrs, BP_MEM_READ, retaddr);
+                                 full->attrs, BP_MEM_READ, retaddr);
         }
 
         need_swap = size > 1 && (tlb_addr & TLB_BSWAP);
 
         /* Handle I/O access.  */
         if (likely(tlb_addr & TLB_MMIO)) {
-            return io_readx(env, iotlbentry, mmu_idx, addr, retaddr,
+            return io_readx(env, full, mmu_idx, addr, retaddr,
                             access_type, op ^ (need_swap * MO_BSWAP));
         }
 
@@ -XXX,XX +XXX,XX @@ store_helper_unaligned(CPUArchState *env, target_ulong addr, uint64_t val,
      */
     if (unlikely(tlb_addr & TLB_WATCHPOINT)) {
         cpu_check_watchpoint(env_cpu(env), addr, size - size2,
-                             env_tlb(env)->d[mmu_idx].iotlb[index].attrs,
+                             env_tlb(env)->d[mmu_idx].fulltlb[index].attrs,
                              BP_MEM_WRITE, retaddr);
     }
     if (unlikely(tlb_addr2 & TLB_WATCHPOINT)) {
         cpu_check_watchpoint(env_cpu(env), page2, size2,
-                             env_tlb(env)->d[mmu_idx].iotlb[index2].attrs,
+                             env_tlb(env)->d[mmu_idx].fulltlb[index2].attrs,
                              BP_MEM_WRITE, retaddr);
     }
 
@@ -XXX,XX +XXX,XX @@ store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
 
     /* Handle anything that isn't just a straight memory access.  */
     if (unlikely(tlb_addr & ~TARGET_PAGE_MASK)) {
-        CPUIOTLBEntry *iotlbentry;
+        CPUTLBEntryFull *full;
         bool need_swap;
 
         /* For anything that is unaligned, recurse through byte stores.  */
@@ -XXX,XX +XXX,XX @@ store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
             goto do_unaligned_access;
         }
 
-        iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
+        full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
 
         /* Handle watchpoints.  */
         if (unlikely(tlb_addr & TLB_WATCHPOINT)) {
             /* On watchpoint hit, this will longjmp out.  */
             cpu_check_watchpoint(env_cpu(env), addr, size,
-                                 iotlbentry->attrs, BP_MEM_WRITE, retaddr);
+                                 full->attrs, BP_MEM_WRITE, retaddr);
         }
 
         need_swap = size > 1 && (tlb_addr & TLB_BSWAP);
 
         /* Handle I/O access.  */
         if (tlb_addr & TLB_MMIO) {
-            io_writex(env, iotlbentry, mmu_idx, val, addr, retaddr,
+            io_writex(env, full, mmu_idx, val, addr, retaddr,
                       op ^ (need_swap * MO_BSWAP));
             return;
         }
@@ -XXX,XX +XXX,XX @@ store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
 
         /* Handle clean RAM pages.  */
         if (tlb_addr & TLB_NOTDIRTY) {
-            notdirty_write(env_cpu(env), addr, size, iotlbentry, retaddr);
+            notdirty_write(env_cpu(env), addr, size, full, retaddr);
         }
 
         haddr = (void *)((uintptr_t)addr + entry->addend);
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -XXX,XX +XXX,XX @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
     return tags + index;
 #else
     uintptr_t index;
-    CPUIOTLBEntry *iotlbentry;
+    CPUTLBEntryFull *full;
     int in_page, flags;
     ram_addr_t ptr_ra;
     hwaddr ptr_paddr, tag_paddr, xlat;
@@ -XXX,XX +XXX,XX @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
     assert(!(flags & TLB_INVALID_MASK));
 
     /*
-     * Find the iotlbentry for ptr.  This *must* be present in the TLB
+     * Find the CPUTLBEntryFull for ptr.  This *must* be present in the TLB
      * because we just found the mapping.
      * TODO: Perhaps there should be a cputlb helper that returns a
      * matching tlb entry + iotlb entry.
@@ -XXX,XX +XXX,XX @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
         g_assert(tlb_hit(comparator, ptr));
     }
 # endif
-    iotlbentry = &env_tlb(env)->d[ptr_mmu_idx].iotlb[index];
+    full = &env_tlb(env)->d[ptr_mmu_idx].fulltlb[index];
 
     /* If the virtual page MemAttr != Tagged, access unchecked. */
-    if (!arm_tlb_mte_tagged(&iotlbentry->attrs)) {
+    if (!arm_tlb_mte_tagged(&full->attrs)) {
         return NULL;
     }
 
@@ -XXX,XX +XXX,XX @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
         int wp = ptr_access == MMU_DATA_LOAD ? BP_MEM_READ : BP_MEM_WRITE;
         assert(ra != 0);
         cpu_check_watchpoint(env_cpu(env), ptr, ptr_size,
-                             iotlbentry->attrs, wp, ra);
+                             full->attrs, wp, ra);
     }
 
     /*
@@ -XXX,XX +XXX,XX @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
     tag_paddr = ptr_paddr >> (LOG2_TAG_GRANULE + 1);
 
     /* Look up the address in tag space. */
-    tag_asi = iotlbentry->attrs.secure ? ARMASIdx_TagS : ARMASIdx_TagNS;
+    tag_asi = full->attrs.secure ? ARMASIdx_TagS : ARMASIdx_TagNS;
     tag_as = cpu_get_address_space(env_cpu(env), tag_asi);
     mr = address_space_translate(tag_as, tag_paddr, &xlat, NULL,
                                  tag_access == MMU_DATA_STORE,
-                                 iotlbentry->attrs);
+                                 full->attrs);
 
     /*
      * Note that @mr will never be NULL.  If there is nothing in the address
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -XXX,XX +XXX,XX @@ bool sve_probe_page(SVEHostPage *info, bool nofault, CPUARMState *env,
         g_assert(tlb_hit(comparator, addr));
 # endif
 
-        CPUIOTLBEntry *iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
-        info->attrs = iotlbentry->attrs;
+        CPUTLBEntryFull *full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
+        info->attrs = full->attrs;
     }
 #endif
 
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static bool is_guarded_page(CPUARMState *env, DisasContext *s)
      * table entry even for that case.
      */
     return (tlb_hit(entry->addr_code, addr) &&
-            arm_tlb_bti_gp(&env_tlb(env)->d[mmu_idx].iotlb[index].attrs));
+            arm_tlb_bti_gp(&env_tlb(env)->d[mmu_idx].fulltlb[index].attrs));
 #endif
 }
 
-- 
2.34.1

This field is only written, not read; remove it.

diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -XXX,XX +XXX,XX @@ struct CPUWatchpoint {
  * the memory regions get moved around  by io_writex.
  */
 typedef struct SavedIOTLB {
-    hwaddr addr;
     MemoryRegionSection *section;
     hwaddr mr_offset;
 } SavedIOTLB;
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ static uint64_t io_readx(CPUArchState *env, CPUTLBEntryFull *full,
  * This is read by tlb_plugin_lookup if the fulltlb entry doesn't match
  * because of the side effect of io_writex changing memory layout.
  */
-static void save_iotlb_data(CPUState *cs, hwaddr addr,
-                            MemoryRegionSection *section, hwaddr mr_offset)
+static void save_iotlb_data(CPUState *cs, MemoryRegionSection *section,
+                            hwaddr mr_offset)
 {
 #ifdef CONFIG_PLUGIN
     SavedIOTLB *saved = &cs->saved_iotlb;
-    saved->addr = addr;
     saved->section = section;
     saved->mr_offset = mr_offset;
 #endif
@@ -XXX,XX +XXX,XX @@ static void io_writex(CPUArchState *env, CPUTLBEntryFull *full,
      * The memory_region_dispatch may trigger a flush/resize
      * so for plugins we save the iotlb_data just in case.
      */
-    save_iotlb_data(cpu, full->xlat_section, section, mr_offset);
+    save_iotlb_data(cpu, section, mr_offset);
 
     if (!qemu_mutex_iothread_locked()) {
         qemu_mutex_lock_iothread();
-- 
2.34.1

When PAGE_WRITE_INV is set when calling tlb_set_page,
we immediately set TLB_INVALID_MASK in order to force
tlb_fill to be called on the next lookup.  Here in
probe_access_internal, we have just called tlb_fill
and eliminated true misses, thus the lookup must be valid.

This allows us to remove a warning comment from s390x.
There doesn't seem to be a reason to change the code though.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/cputlb.c            | 10 +++++++++-
 target/s390x/tcg/mem_helper.c |  4 ----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ static int probe_access_internal(CPUArchState *env, target_ulong addr,
     }
     tlb_addr = tlb_read_ofs(entry, elt_ofs);
 
+    flags = TLB_FLAGS_MASK;
     page_addr = addr & TARGET_PAGE_MASK;
     if (!tlb_hit_page(tlb_addr, page_addr)) {
         if (!victim_tlb_hit(env, mmu_idx, index, elt_ofs, page_addr)) {
@@ -XXX,XX +XXX,XX @@ static int probe_access_internal(CPUArchState *env, target_ulong addr,
 
             /* TLB resize via tlb_fill may have moved the entry.  */
             entry = tlb_entry(env, mmu_idx, addr);
+
+            /*
+             * With PAGE_WRITE_INV, we set TLB_INVALID_MASK immediately,
+             * to force the next access through tlb_fill.  We've just
+             * called tlb_fill, so we know that this entry *is* valid.
+             */
+            flags &= ~TLB_INVALID_MASK;
         }
         tlb_addr = tlb_read_ofs(entry, elt_ofs);
     }
-    flags = tlb_addr & TLB_FLAGS_MASK;
+    flags &= tlb_addr;
 
     /* Fold all "mmio-like" bits into TLB_MMIO.  This is not RAM.  */
     if (unlikely(flags & ~(TLB_WATCHPOINT | TLB_NOTDIRTY))) {
diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/tcg/mem_helper.c
+++ b/target/s390x/tcg/mem_helper.c
@@ -XXX,XX +XXX,XX @@ static int s390_probe_access(CPUArchState *env, target_ulong addr, int size,
 #else
     int flags;
 
-    /*
-     * For !CONFIG_USER_ONLY, we cannot rely on TLB_INVALID_MASK or haddr==NULL
-     * to detect if there was an exception during tlb_fill().
-     */
     env->tlb_fill_exc = 0;
     flags = probe_access_flags(env, addr, access_type, mmu_idx, nonfault, phost,
                                ra);
-- 
2.34.1

Add an interface to return the CPUTLBEntryFull struct
that goes with the lookup.  The result is not intended
to be valid across multiple lookups, so the user must
use the results immediately.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/exec/exec-all.h | 15 +++++++++++++
 include/qemu/typedefs.h |  1 +
 accel/tcg/cputlb.c      | 47 +++++++++++++++++++++++++----------------
 3 files changed, 45 insertions(+), 18 deletions(-)

diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -XXX,XX +XXX,XX @@ int probe_access_flags(CPUArchState *env, target_ulong addr,
                        MMUAccessType access_type, int mmu_idx,
                        bool nonfault, void **phost, uintptr_t retaddr);
 
+#ifndef CONFIG_USER_ONLY
+/**
+ * probe_access_full:
+ * Like probe_access_flags, except also return into @pfull.
+ *
+ * The CPUTLBEntryFull structure returned via @pfull is transient
+ * and must be consumed or copied immediately, before any further
+ * access or changes to TLB @mmu_idx.
+ */
+int probe_access_full(CPUArchState *env, target_ulong addr,
+                      MMUAccessType access_type, int mmu_idx,
+                      bool nonfault, void **phost,
+                      CPUTLBEntryFull **pfull, uintptr_t retaddr);
+#endif
+
 #define CODE_GEN_ALIGN           16 /* must be >= of the size of a icache line */
 
 /* Estimated block size for TB allocation.  */
diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
index XXXXXXX..XXXXXXX 100644
--- a/include/qemu/typedefs.h
+++ b/include/qemu/typedefs.h
@@ -XXX,XX +XXX,XX @@ typedef struct ConfidentialGuestSupport ConfidentialGuestSupport;
 typedef struct CPUAddressSpace CPUAddressSpace;
 typedef struct CPUArchState CPUArchState;
 typedef struct CPUState CPUState;
+typedef struct CPUTLBEntryFull CPUTLBEntryFull;
 typedef struct DeviceListener DeviceListener;
 typedef struct DeviceState DeviceState;
 typedef struct DirtyBitmapSnapshot DirtyBitmapSnapshot;
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ static void notdirty_write(CPUState *cpu, vaddr mem_vaddr, unsigned size,
 static int probe_access_internal(CPUArchState *env, target_ulong addr,
                                  int fault_size, MMUAccessType access_type,
                                  int mmu_idx, bool nonfault,
-                                 void **phost, uintptr_t retaddr)
+                                 void **phost, CPUTLBEntryFull **pfull,
+                                 uintptr_t retaddr)
 {
     uintptr_t index = tlb_index(env, mmu_idx, addr);
     CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
@@ -XXX,XX +XXX,XX @@ static int probe_access_internal(CPUArchState *env, target_ulong addr,
                                            mmu_idx, nonfault, retaddr)) {
                 /* Non-faulting page table read failed.  */
                 *phost = NULL;
+                *pfull = NULL;
                 return TLB_INVALID_MASK;
             }
 
             /* TLB resize via tlb_fill may have moved the entry.  */
+            index = tlb_index(env, mmu_idx, addr);
             entry = tlb_entry(env, mmu_idx, addr);
 
             /*
@@ -XXX,XX +XXX,XX @@ static int probe_access_internal(CPUArchState *env, target_ulong addr,
     }
     flags &= tlb_addr;
 
+    *pfull = &env_tlb(env)->d[mmu_idx].fulltlb[index];
+
     /* Fold all "mmio-like" bits into TLB_MMIO.  This is not RAM.  */
     if (unlikely(flags & ~(TLB_WATCHPOINT | TLB_NOTDIRTY))) {
         *phost = NULL;
@@ -XXX,XX +XXX,XX @@ static int probe_access_internal(CPUArchState *env, target_ulong addr,
     return flags;
 }
 
-int probe_access_flags(CPUArchState *env, target_ulong addr,
-                       MMUAccessType access_type, int mmu_idx,
-                       bool nonfault, void **phost, uintptr_t retaddr)
+int probe_access_full(CPUArchState *env, target_ulong addr,
+                      MMUAccessType access_type, int mmu_idx,
+                      bool nonfault, void **phost, CPUTLBEntryFull **pfull,
+                      uintptr_t retaddr)
 {
-    int flags;
-
-    flags = probe_access_internal(env, addr, 0, access_type, mmu_idx,
-                                  nonfault, phost, retaddr);
+    int flags = probe_access_internal(env, addr, 0, access_type, mmu_idx,
+                                      nonfault, phost, pfull, retaddr);
 
     /* Handle clean RAM pages.  */
     if (unlikely(flags & TLB_NOTDIRTY)) {
-        uintptr_t index = tlb_index(env, mmu_idx, addr);
-        CPUTLBEntryFull *full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
-
-        notdirty_write(env_cpu(env), addr, 1, full, retaddr);
+        notdirty_write(env_cpu(env), addr, 1, *pfull, retaddr);
         flags &= ~TLB_NOTDIRTY;
     }
 
     return flags;
 }
 
+int probe_access_flags(CPUArchState *env, target_ulong addr,
+                       MMUAccessType access_type, int mmu_idx,
+                       bool nonfault, void **phost, uintptr_t retaddr)
+{
+    CPUTLBEntryFull *full;
+
+    return probe_access_full(env, addr, access_type, mmu_idx,
+                             nonfault, phost, &full, retaddr);
+}
+
 void *probe_access(CPUArchState *env, target_ulong addr, int size,
                    MMUAccessType access_type, int mmu_idx, uintptr_t retaddr)
 {
+    CPUTLBEntryFull *full;
     void *host;
     int flags;
 
     g_assert(-(addr | TARGET_PAGE_MASK) >= size);
 
     flags = probe_access_internal(env, addr, size, access_type, mmu_idx,
-                                  false, &host, retaddr);
+                                  false, &host, &full, retaddr);
 
     /* Per the interface, size == 0 merely faults the access. */
     if (size == 0) {
@@ -XXX,XX +XXX,XX @@ void *probe_access(CPUArchState *env, target_ulong addr, int size,
     }
 
     if (unlikely(flags & (TLB_NOTDIRTY | TLB_WATCHPOINT))) {
-        uintptr_t index = tlb_index(env, mmu_idx, addr);
-        CPUTLBEntryFull *full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
-
         /* Handle watchpoints.  */
         if (flags & TLB_WATCHPOINT) {
             int wp_access = (access_type == MMU_DATA_STORE
@@ -XXX,XX +XXX,XX @@ void *probe_access(CPUArchState *env, target_ulong addr, int size,
 void *tlb_vaddr_to_host(CPUArchState *env, abi_ptr addr,
                         MMUAccessType access_type, int mmu_idx)
 {
+    CPUTLBEntryFull *full;
     void *host;
     int flags;
 
     flags = probe_access_internal(env, addr, 0, access_type,
-                                  mmu_idx, true, &host, 0);
+                                  mmu_idx, true, &host, &full, 0);
 
     /* No combination of flags are expected by the caller. */
     return flags ? NULL : host;
@@ -XXX,XX +XXX,XX @@ void *tlb_vaddr_to_host(CPUArchState *env, abi_ptr addr,
 tb_page_addr_t get_page_addr_code_hostp(CPUArchState *env, target_ulong addr,
                                         void **hostp)
 {
+    CPUTLBEntryFull *full;
     void *p;
 
     (void)probe_access_internal(env, addr, 1, MMU_INST_FETCH,
-                                cpu_mmu_index(env, true), false, &p, 0);
+                                cpu_mmu_index(env, true), false, &p, &full, 0);
     if (p == NULL) {
         return -1;
     }
-- 
2.34.1

Now that we have collected all of the page data into
CPUTLBEntryFull, provide an interface to record that
all in one go, instead of using 4 arguments.  This interface
allows CPUTLBEntryFull to be extended without having to
change the number of arguments.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/exec/cpu-defs.h | 14 +++++++++++
 include/exec/exec-all.h | 22 ++++++++++++++++++
 accel/tcg/cputlb.c      | 51 ++++++++++++++++++++++++++---------------
 3 files changed, 69 insertions(+), 18 deletions(-)

diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/cpu-defs.h
+++ b/include/exec/cpu-defs.h
@@ -XXX,XX +XXX,XX @@ typedef struct CPUTLBEntryFull {
      *     + the offset within the target MemoryRegion (otherwise)
      */
     hwaddr xlat_section;
+
+    /*
+     * @phys_addr contains the physical address in the address space
+     * given by cpu_asidx_from_attrs(cpu, @attrs).
+     */
+    hwaddr phys_addr;
+
+    /* @attrs contains the memory transaction attributes for the page. */
     MemTxAttrs attrs;
+
+    /* @prot contains the complete protections for the page. */
+    uint8_t prot;
+
+    /* @lg_page_size contains the log2 of the page size. */
+    uint8_t lg_page_size;
 } CPUTLBEntryFull;
 
 /*
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -XXX,XX +XXX,XX @@ void tlb_flush_range_by_mmuidx_all_cpus_synced(CPUState *cpu,
                                                uint16_t idxmap,
                                                unsigned bits);
 
+/**
+ * tlb_set_page_full:
+ * @cpu: CPU context
+ * @mmu_idx: mmu index of the tlb to modify
+ * @vaddr: virtual address of the entry to add
+ * @full: the details of the tlb entry
+ *
+ * Add an entry to @cpu tlb index @mmu_idx.  All of the fields of
+ * @full must be filled, except for xlat_section, and constitute
+ * the complete description of the translated page.
+ *
+ * This is generally called by the target tlb_fill function after
+ * having performed a successful page table walk to find the physical
+ * address and attributes for the translation.
+ *
+ * At most one entry for a given virtual address is permitted. Only a
+ * single TARGET_PAGE_SIZE region is mapped; @full->lg_page_size is only
+ * used by tlb_flush_page.
+ */
+void tlb_set_page_full(CPUState *cpu, int mmu_idx, target_ulong vaddr,
+                       CPUTLBEntryFull *full);
+
 /**
  * tlb_set_page_with_attrs:
  * @cpu: CPU to add this TLB entry for
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ static void tlb_add_large_page(CPUArchState *env, int mmu_idx,
     env_tlb(env)->d[mmu_idx].large_page_mask = lp_mask;
 }
 
-/* Add a new TLB entry. At most one entry for a given virtual address
+/*
+ * Add a new TLB entry. At most one entry for a given virtual address
  * is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
  * supplied size is only used by tlb_flush_page.
  *
  * Called from TCG-generated code, which is under an RCU read-side
  * critical section.
  */
-void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
-                             hwaddr paddr, MemTxAttrs attrs, int prot,
-                             int mmu_idx, target_ulong size)
+void tlb_set_page_full(CPUState *cpu, int mmu_idx,
+                       target_ulong vaddr, CPUTLBEntryFull *full)
 {
     CPUArchState *env = cpu->env_ptr;
     CPUTLB *tlb = env_tlb(env);
@@ -XXX,XX +XXX,XX @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
     CPUTLBEntry *te, tn;
     hwaddr iotlb, xlat, sz, paddr_page;
     target_ulong vaddr_page;
-    int asidx = cpu_asidx_from_attrs(cpu, attrs);
-    int wp_flags;
+    int asidx, wp_flags, prot;
     bool is_ram, is_romd;
 
     assert_cpu_is_self(cpu);
 
-    if (size <= TARGET_PAGE_SIZE) {
+    if (full->lg_page_size <= TARGET_PAGE_BITS) {
         sz = TARGET_PAGE_SIZE;
     } else {
-        tlb_add_large_page(env, mmu_idx, vaddr, size);
-        sz = size;
+        sz = (hwaddr)1 << full->lg_page_size;
+        tlb_add_large_page(env, mmu_idx, vaddr, sz);
     }
     vaddr_page = vaddr & TARGET_PAGE_MASK;
-    paddr_page = paddr & TARGET_PAGE_MASK;
+    paddr_page = full->phys_addr & TARGET_PAGE_MASK;
 
+    prot = full->prot;
+    asidx = cpu_asidx_from_attrs(cpu, full->attrs);
     section = address_space_translate_for_iotlb(cpu, asidx, paddr_page,
-                                                &xlat, &sz, attrs, &prot);
+                                                &xlat, &sz, full->attrs, &prot);
     assert(sz >= TARGET_PAGE_SIZE);
 
     tlb_debug("vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
               " prot=%x idx=%d\n",
-              vaddr, paddr, prot, mmu_idx);
+              vaddr, full->phys_addr, prot, mmu_idx);
 
     address = vaddr_page;
-    if (size < TARGET_PAGE_SIZE) {
+    if (full->lg_page_size < TARGET_PAGE_BITS) {
         /* Repeat the MMU check and TLB fill on every access.  */
         address |= TLB_INVALID_MASK;
     }
-    if (attrs.byte_swap) {
+    if (full->attrs.byte_swap) {
         address |= TLB_BSWAP;
     }
 
@@ -XXX,XX +XXX,XX @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
      * subtract here is that of the page base, and not the same as the
      * vaddr we add back in io_readx()/io_writex()/get_page_addr_code().
      */
+    desc->fulltlb[index] = *full;
     desc->fulltlb[index].xlat_section = iotlb - vaddr_page;
-    desc->fulltlb[index].attrs = attrs;
+    desc->fulltlb[index].phys_addr = paddr_page;
+    desc->fulltlb[index].prot = prot;
 
     /* Now calculate the new entry */
     tn.addend = addend - vaddr_page;
@@ -XXX,XX +XXX,XX @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
     qemu_spin_unlock(&tlb->c.lock);
 }
 
-/* Add a new TLB entry, but without specifying the memory
- * transaction attributes to be used.
- */
+void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
+                             hwaddr paddr, MemTxAttrs attrs, int prot,
+                             int mmu_idx, target_ulong size)
+{
+    CPUTLBEntryFull full = {
+        .phys_addr = paddr,
+        .attrs = attrs,
+        .prot = prot,
+        .lg_page_size = ctz64(size)
+    };
+
+    assert(is_power_of_2(size));
+    tlb_set_page_full(cpu, mmu_idx, vaddr, &full);
+}
+
 void tlb_set_page(CPUState *cpu, target_ulong vaddr,
                   hwaddr paddr, int prot,
                   int mmu_idx, target_ulong size)
-- 
2.34.1

This bitmap is created and discarded immediately.
We gain nothing by its existence.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220822232338.1727934-2-richard.henderson@linaro.org>
---
 accel/tcg/translate-all.c | 78 ++-------------------------------------
 1 file changed, 4 insertions(+), 74 deletions(-)

diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@
 #define assert_memory_lock() tcg_debug_assert(have_mmap_lock())
 #endif
 
-#define SMC_BITMAP_USE_THRESHOLD 10
-
 typedef struct PageDesc {
     /* list of TBs intersecting this ram page */
     uintptr_t first_tb;
-#ifdef CONFIG_SOFTMMU
-    /* in order to optimize self modifying code, we count the number
-       of lookups we do to a given page to use a bitmap */
-    unsigned long *code_bitmap;
-    unsigned int code_write_count;
-#else
+#ifdef CONFIG_USER_ONLY
     unsigned long flags;
     void *target_data;
 #endif
-#ifndef CONFIG_USER_ONLY
+#ifdef CONFIG_SOFTMMU
     QemuSpin lock;
 #endif
 } PageDesc;
@@ -XXX,XX +XXX,XX @@ void tb_htable_init(void)
     qht_init(&tb_ctx.htable, tb_cmp, CODE_GEN_HTABLE_SIZE, mode);
 }
 
-/* call with @p->lock held */
-static inline void invalidate_page_bitmap(PageDesc *p)
-{
-    assert_page_locked(p);
-#ifdef CONFIG_SOFTMMU
-    g_free(p->code_bitmap);
-    p->code_bitmap = NULL;
-    p->code_write_count = 0;
-#endif
-}
-
 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
 static void page_flush_tb_1(int level, void **lp)
 {
@@ -XXX,XX +XXX,XX @@ static void page_flush_tb_1(int level, void **lp)
         for (i = 0; i < V_L2_SIZE; ++i) {
             page_lock(&pd[i]);
             pd[i].first_tb = (uintptr_t)NULL;
-            invalidate_page_bitmap(pd + i);
             page_unlock(&pd[i]);
         }
     } else {
@@ -XXX,XX +XXX,XX @@ static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list)
     if (rm_from_page_list) {
         p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
         tb_page_remove(p, tb);
-        invalidate_page_bitmap(p);
         if (tb->page_addr[1] != -1) {
             p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
             tb_page_remove(p, tb);
-            invalidate_page_bitmap(p);
         }
     }
 
@@ -XXX,XX +XXX,XX @@ void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
     }
 }
 
-#ifdef CONFIG_SOFTMMU
-/* call with @p->lock held */
-static void build_page_bitmap(PageDesc *p)
-{
-    int n, tb_start, tb_end;
-    TranslationBlock *tb;
-
-    assert_page_locked(p);
-    p->code_bitmap = bitmap_new(TARGET_PAGE_SIZE);
-
-    PAGE_FOR_EACH_TB(p, tb, n) {
-        /* NOTE: this is subtle as a TB may span two physical pages */
-        if (n == 0) {
-            /* NOTE: tb_end may be after the end of the page, but
-               it is not a problem */
-            tb_start = tb->pc & ~TARGET_PAGE_MASK;
-            tb_end = tb_start + tb->size;
-            if (tb_end > TARGET_PAGE_SIZE) {
-                tb_end = TARGET_PAGE_SIZE;
-             }
-        } else {
-            tb_start = 0;
-            tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
-        }
-        bitmap_set(p->code_bitmap, tb_start, tb_end - tb_start);
-    }
-}
-#endif
-
 /* add the tb in the target page and protect it if necessary
  *
  * Called with mmap_lock held for user-mode emulation.
@@ -XXX,XX +XXX,XX @@ static inline void tb_page_add(PageDesc *p, TranslationBlock *tb,
     page_already_protected = p->first_tb != (uintptr_t)NULL;
 #endif
     p->first_tb = (uintptr_t)tb | n;
-    invalidate_page_bitmap(p);
 
 #if defined(CONFIG_USER_ONLY)
     /* translator_loop() must have made all TB pages non-writable */
@@ -XXX,XX +XXX,XX @@ tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
     /* remove TB from the page(s) if we couldn't insert it */
     if (unlikely(existing_tb)) {
         tb_page_remove(p, tb);
-        invalidate_page_bitmap(p);
         if (p2) {
             tb_page_remove(p2, tb);
-            invalidate_page_bitmap(p2);
         }
         tb = existing_tb;
     }
@@ -XXX,XX +XXX,XX @@ tb_invalidate_phys_page_range__locked(struct page_collection *pages,
 #if !defined(CONFIG_USER_ONLY)
     /* if no code remaining, no need to continue to use slow writes */
     if (!p->first_tb) {
-        invalidate_page_bitmap(p);
         tlb_unprotect_code(start);
     }
 #endif
@@ -XXX,XX +XXX,XX @@ void tb_invalidate_phys_page_fast(struct page_collection *pages,
     }
 
     assert_page_locked(p);
-    if (!p->code_bitmap &&
-        ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD) {
-        build_page_bitmap(p);
-    }
-    if (p->code_bitmap) {
-        unsigned int nr;
-        unsigned long b;
-
-        nr = start & ~TARGET_PAGE_MASK;
-        b = p->code_bitmap[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG - 1));
-        if (b & ((1 << len) - 1)) {
-            goto do_invalidate;
-        }
-    } else {
-    do_invalidate:
-        tb_invalidate_phys_page_range__locked(pages, p, start, start + len,
-                                              retaddr);
-    }
+    tb_invalidate_phys_page_range__locked(pages, p, start, start + len,
+                                          retaddr);
 }
 #else
 /* Called with mmap_lock held. If pc is not 0 then it indicates the
-- 
2.34.1

Bool is more appropriate type for the alloc parameter.

diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ void page_init(void)
 #endif
 }
 
-static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
+static PageDesc *page_find_alloc(tb_page_addr_t index, bool alloc)
 {
     PageDesc *pd;
     void **lp;
@@ -XXX,XX +XXX,XX @@ static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
 
 static inline PageDesc *page_find(tb_page_addr_t index)
 {
-    return page_find_alloc(index, 0);
+    return page_find_alloc(index, false);
 }
 
 static void page_lock_pair(PageDesc **ret_p1, tb_page_addr_t phys1,
-                           PageDesc **ret_p2, tb_page_addr_t phys2, int alloc);
+                           PageDesc **ret_p2, tb_page_addr_t phys2, bool alloc);
 
 /* In user-mode page locks aren't used; mmap_lock is enough */
 #ifdef CONFIG_USER_ONLY
@@ -XXX,XX +XXX,XX @@ static inline void page_unlock(PageDesc *pd)
 /* lock the page(s) of a TB in the correct acquisition order */
 static inline void page_lock_tb(const TranslationBlock *tb)
 {
-    page_lock_pair(NULL, tb->page_addr[0], NULL, tb->page_addr[1], 0);
+    page_lock_pair(NULL, tb->page_addr[0], NULL, tb->page_addr[1], false);
 }
 
 static inline void page_unlock_tb(const TranslationBlock *tb)
@@ -XXX,XX +XXX,XX @@ void page_collection_unlock(struct page_collection *set)
 #endif /* !CONFIG_USER_ONLY */
 
 static void page_lock_pair(PageDesc **ret_p1, tb_page_addr_t phys1,
-                           PageDesc **ret_p2, tb_page_addr_t phys2, int alloc)
+                           PageDesc **ret_p2, tb_page_addr_t phys2, bool alloc)
 {
     PageDesc *p1, *p2;
     tb_page_addr_t page1;
@@ -XXX,XX +XXX,XX @@ tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
      * Note that inserting into the hash table first isn't an option, since
      * we can only insert TBs that are fully initialized.
      */
-    page_lock_pair(&p, phys_pc, &p2, phys_page2, 1);
+    page_lock_pair(&p, phys_pc, &p2, phys_page2, true);
     tb_page_add(p, tb, 0, phys_pc & TARGET_PAGE_MASK);
     if (p2) {
         tb_page_add(p2, tb, 1, phys_page2);
@@ -XXX,XX +XXX,XX @@ void page_set_flags(target_ulong start, target_ulong end, int flags)
     for (addr = start, len = end - start;
          len != 0;
          len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
-        PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
+        PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, true);
 
         /* If the write protection bit is set, then we invalidate
            the code inside.  */
-- 
2.34.1

Use the pc coming from db->pc_first rather than the TB.

Use the cached host_addr rather than re-computing for the
first page.  We still need a separate lookup for the second
page because it won't be computed for DisasContextBase until
the translator actually performs a read from the page.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/exec/plugin-gen.h |  7 ++++---
 accel/tcg/plugin-gen.c    | 22 +++++++++++-----------
 accel/tcg/translator.c    |  2 +-
 3 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/include/exec/plugin-gen.h b/include/exec/plugin-gen.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/plugin-gen.h
+++ b/include/exec/plugin-gen.h
@@ -XXX,XX +XXX,XX @@ struct DisasContextBase;
 
 #ifdef CONFIG_PLUGIN
 
-bool plugin_gen_tb_start(CPUState *cpu, const TranslationBlock *tb, bool supress);
+bool plugin_gen_tb_start(CPUState *cpu, const struct DisasContextBase *db,
+                         bool supress);
 void plugin_gen_tb_end(CPUState *cpu);
 void plugin_gen_insn_start(CPUState *cpu, const struct DisasContextBase *db);
 void plugin_gen_insn_end(void);
@@ -XXX,XX +XXX,XX @@ static inline void plugin_insn_append(abi_ptr pc, const void *from, size_t size)
 
 #else /* !CONFIG_PLUGIN */
 
-static inline
-bool plugin_gen_tb_start(CPUState *cpu, const TranslationBlock *tb, bool supress)
+static inline bool
+plugin_gen_tb_start(CPUState *cpu, const struct DisasContextBase *db, bool sup)
 {
     return false;
 }
diff --git a/accel/tcg/plugin-gen.c b/accel/tcg/plugin-gen.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/plugin-gen.c
+++ b/accel/tcg/plugin-gen.c
@@ -XXX,XX +XXX,XX @@ static void plugin_gen_inject(const struct qemu_plugin_tb *plugin_tb)
     pr_ops();
 }
 
-bool plugin_gen_tb_start(CPUState *cpu, const TranslationBlock *tb, bool mem_only)
+bool plugin_gen_tb_start(CPUState *cpu, const DisasContextBase *db,
+                         bool mem_only)
 {
     bool ret = false;
 
@@ -XXX,XX +XXX,XX @@ bool plugin_gen_tb_start(CPUState *cpu, const TranslationBlock *tb, bool mem_onl
 
         ret = true;
 
-        ptb->vaddr = tb->pc;
+        ptb->vaddr = db->pc_first;
         ptb->vaddr2 = -1;
-        get_page_addr_code_hostp(cpu->env_ptr, tb->pc, &ptb->haddr1);
+        ptb->haddr1 = db->host_addr[0];
         ptb->haddr2 = NULL;
         ptb->mem_only = mem_only;
 
@@ -XXX,XX +XXX,XX @@ void plugin_gen_insn_start(CPUState *cpu, const DisasContextBase *db)
      * Note that we skip this when haddr1 == NULL, e.g. when we're
      * fetching instructions from a region not backed by RAM.
      */
-    if (likely(ptb->haddr1 != NULL && ptb->vaddr2 == -1) &&
-        unlikely((db->pc_next & TARGET_PAGE_MASK) !=
-                 (db->pc_first & TARGET_PAGE_MASK))) {
-        get_page_addr_code_hostp(cpu->env_ptr, db->pc_next,
-                                 &ptb->haddr2);
-        ptb->vaddr2 = db->pc_next;
-    }
-    if (likely(ptb->vaddr2 == -1)) {
+    if (ptb->haddr1 == NULL) {
+        pinsn->haddr = NULL;
+    } else if (is_same_page(db, db->pc_next)) {
         pinsn->haddr = ptb->haddr1 + pinsn->vaddr - ptb->vaddr;
     } else {
+        if (ptb->vaddr2 == -1) {
+            ptb->vaddr2 = TARGET_PAGE_ALIGN(db->pc_first);
+            get_page_addr_code_hostp(cpu->env_ptr, ptb->vaddr2, &ptb->haddr2);
+        }
         pinsn->haddr = ptb->haddr2 + pinsn->vaddr - ptb->vaddr2;
     }
 }
diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translator.c
+++ b/accel/tcg/translator.c
@@ -XXX,XX +XXX,XX @@ void translator_loop(CPUState *cpu, TranslationBlock *tb, int max_insns,
     ops->tb_start(db, cpu);
     tcg_debug_assert(db->is_jmp == DISAS_NEXT);  /* no early exit */
 
-    plugin_enabled = plugin_gen_tb_start(cpu, tb, cflags & CF_MEMI_ONLY);
+    plugin_enabled = plugin_gen_tb_start(cpu, db, cflags & CF_MEMI_ONLY);
 
     while (true) {
         db->num_insns++;
-- 
2.34.1

Let tb->page_addr[0] contain the address of the first byte of the
translated block, rather than the address of the page containing the
start of the translated block.  We need to recover this value anyway
at various points, and it is easier to discard a page offset when it
is not needed, which happens naturally via the existing find_page shift.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/cpu-exec.c      | 16 ++++++++--------
 accel/tcg/cputlb.c        |  3 ++-
 accel/tcg/translate-all.c |  9 +++++----
 3 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -XXX,XX +XXX,XX @@ struct tb_desc {
     target_ulong pc;
     target_ulong cs_base;
     CPUArchState *env;
-    tb_page_addr_t phys_page1;
+    tb_page_addr_t page_addr0;
     uint32_t flags;
     uint32_t cflags;
     uint32_t trace_vcpu_dstate;
@@ -XXX,XX +XXX,XX @@ static bool tb_lookup_cmp(const void *p, const void *d)
     const struct tb_desc *desc = d;
 
     if (tb->pc == desc->pc &&
-        tb->page_addr[0] == desc->phys_page1 &&
+        tb->page_addr[0] == desc->page_addr0 &&
         tb->cs_base == desc->cs_base &&
         tb->flags == desc->flags &&
         tb->trace_vcpu_dstate == desc->trace_vcpu_dstate &&
@@ -XXX,XX +XXX,XX @@ static bool tb_lookup_cmp(const void *p, const void *d)
         if (tb->page_addr[1] == -1) {
             return true;
         } else {
-            tb_page_addr_t phys_page2;
-            target_ulong virt_page2;
+            tb_page_addr_t phys_page1;
+            target_ulong virt_page1;
 
             /*
              * We know that the first page matched, and an otherwise valid TB
@@ -XXX,XX +XXX,XX @@ static bool tb_lookup_cmp(const void *p, const void *d)
              * is different for the new TB.  Therefore any exception raised
              * here by the faulting lookup is not premature.
              */
-            virt_page2 = TARGET_PAGE_ALIGN(desc->pc);
-            phys_page2 = get_page_addr_code(desc->env, virt_page2);
-            if (tb->page_addr[1] == phys_page2) {
+            virt_page1 = TARGET_PAGE_ALIGN(desc->pc);
+            phys_page1 = get_page_addr_code(desc->env, virt_page1);
+            if (tb->page_addr[1] == phys_page1) {
                 return true;
             }
         }
@@ -XXX,XX +XXX,XX @@ static TranslationBlock *tb_htable_lookup(CPUState *cpu, target_ulong pc,
     if (phys_pc == -1) {
         return NULL;
     }
-    desc.phys_page1 = phys_pc & TARGET_PAGE_MASK;
+    desc.page_addr0 = phys_pc;
     h = tb_hash_func(phys_pc, pc, flags, cflags, *cpu->trace_dstate);
     return qht_lookup_custom(&tb_ctx.htable, &desc, h, tb_lookup_cmp);
 }
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ void tlb_flush_page_bits_by_mmuidx_all_cpus_synced(CPUState *src_cpu,
    can be detected */
 void tlb_protect_code(ram_addr_t ram_addr)
 {
-    cpu_physical_memory_test_and_clear_dirty(ram_addr, TARGET_PAGE_SIZE,
+    cpu_physical_memory_test_and_clear_dirty(ram_addr & TARGET_PAGE_MASK,
+                                             TARGET_PAGE_SIZE,
                                              DIRTY_MEMORY_CODE);
 }
 
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list)
     qemu_spin_unlock(&tb->jmp_lock);
 
     /* remove the TB from the hash list */
-    phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
+    phys_pc = tb->page_addr[0];
     h = tb_hash_func(phys_pc, tb->pc, tb->flags, orig_cflags,
                      tb->trace_vcpu_dstate);
     if (!qht_remove(&tb_ctx.htable, tb, h)) {
@@ -XXX,XX +XXX,XX @@ tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
      * we can only insert TBs that are fully initialized.
      */
     page_lock_pair(&p, phys_pc, &p2, phys_page2, true);
-    tb_page_add(p, tb, 0, phys_pc & TARGET_PAGE_MASK);
+    tb_page_add(p, tb, 0, phys_pc);
     if (p2) {
         tb_page_add(p2, tb, 1, phys_page2);
     } else {
@@ -XXX,XX +XXX,XX @@ tb_invalidate_phys_page_range__locked(struct page_collection *pages,
         if (n == 0) {
             /* NOTE: tb_end may be after the end of the page, but
                it is not a problem */
-            tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
+            tb_start = tb->page_addr[0];
             tb_end = tb_start + tb->size;
         } else {
             tb_start = tb->page_addr[1];
-            tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
+            tb_end = tb_start + ((tb->page_addr[0] + tb->size)
+                                 & ~TARGET_PAGE_MASK);
         }
         if (!(tb_end <= start || tb_start >= end)) {
 #ifdef TARGET_HAS_PRECISE_SMC
-- 
2.34.1

This function has two users, who use it incompatibly.
In tlb_flush_page_by_mmuidx_async_0, when flushing a
single page, we need to flush exactly two pages.
In tlb_flush_range_by_mmuidx_async_0, when flushing a
range of pages, we need to flush N+1 pages.

This avoids double-flushing of jmp cache pages in a range.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/cputlb.c | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ static void tb_jmp_cache_clear_page(CPUState *cpu, target_ulong page_addr)
     }
 }
 
-static void tb_flush_jmp_cache(CPUState *cpu, target_ulong addr)
-{
-    /* Discard jump cache entries for any tb which might potentially
-       overlap the flushed page.  */
-    tb_jmp_cache_clear_page(cpu, addr - TARGET_PAGE_SIZE);
-    tb_jmp_cache_clear_page(cpu, addr);
-}
-
 /**
  * tlb_mmu_resize_locked() - perform TLB resize bookkeeping; resize if necessary
  * @desc: The CPUTLBDesc portion of the TLB
@@ -XXX,XX +XXX,XX @@ static void tlb_flush_page_by_mmuidx_async_0(CPUState *cpu,
     }
     qemu_spin_unlock(&env_tlb(env)->c.lock);
 
-    tb_flush_jmp_cache(cpu, addr);
+    /*
+     * Discard jump cache entries for any tb which might potentially
+     * overlap the flushed page, which includes the previous.
+     */
+    tb_jmp_cache_clear_page(cpu, addr - TARGET_PAGE_SIZE);
+    tb_jmp_cache_clear_page(cpu, addr);
 }
 
 /**
@@ -XXX,XX +XXX,XX @@ static void tlb_flush_range_by_mmuidx_async_0(CPUState *cpu,
         return;
     }
 
-    for (target_ulong i = 0; i < d.len; i += TARGET_PAGE_SIZE) {
-        tb_flush_jmp_cache(cpu, d.addr + i);
+    /*
+     * Discard jump cache entries for any tb which might potentially
+     * overlap the flushed pages, which includes the previous.
+     */
+    d.addr -= TARGET_PAGE_SIZE;
+    for (target_ulong i = 0, n = d.len / TARGET_PAGE_SIZE + 1; i < n; i++) {
+        tb_jmp_cache_clear_page(cpu, d.addr);
+        d.addr += TARGET_PAGE_SIZE;
     }
 }
 
-- 
2.34.1

Wrap the bare TranslationBlock pointer into a structure.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/tb-hash.h       |  1 +
 accel/tcg/tb-jmp-cache.h  | 24 ++++++++++++++++++++++++
 include/exec/cpu-common.h |  1 +
 include/hw/core/cpu.h     | 15 +--------------
 include/qemu/typedefs.h   |  1 +
 accel/stubs/tcg-stub.c    |  4 ++++
 accel/tcg/cpu-exec.c      | 10 +++++++---
 accel/tcg/cputlb.c        |  9 +++++----
 accel/tcg/translate-all.c | 28 +++++++++++++++++++++++++---
 hw/core/cpu-common.c      |  3 +--
 plugins/core.c            |  2 +-
 trace/control-target.c    |  2 +-
 12 files changed, 72 insertions(+), 28 deletions(-)
 create mode 100644 accel/tcg/tb-jmp-cache.h

diff --git a/accel/tcg/tb-hash.h b/accel/tcg/tb-hash.h
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/tb-hash.h
+++ b/accel/tcg/tb-hash.h
@@ -XXX,XX +XXX,XX @@
 #include "exec/cpu-defs.h"
 #include "exec/exec-all.h"
 #include "qemu/xxhash.h"
+#include "tb-jmp-cache.h"
 
 #ifdef CONFIG_SOFTMMU
 
diff --git a/accel/tcg/tb-jmp-cache.h b/accel/tcg/tb-jmp-cache.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/accel/tcg/tb-jmp-cache.h
@@ -XXX,XX +XXX,XX @@
+/*
+ * The per-CPU TranslationBlock jump cache.
+ *
+ *  Copyright (c) 2003 Fabrice Bellard
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#ifndef ACCEL_TCG_TB_JMP_CACHE_H
+#define ACCEL_TCG_TB_JMP_CACHE_H
+
+#define TB_JMP_CACHE_BITS 12
+#define TB_JMP_CACHE_SIZE (1 << TB_JMP_CACHE_BITS)
+
+/*
+ * Accessed in parallel; all accesses to 'tb' must be atomic.
+ */
+struct CPUJumpCache {
+    struct {
+        TranslationBlock *tb;
+    } array[TB_JMP_CACHE_SIZE];
+};
+
+#endif /* ACCEL_TCG_TB_JMP_CACHE_H */
diff --git a/include/exec/cpu-common.h b/include/exec/cpu-common.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/cpu-common.h
+++ b/include/exec/cpu-common.h
@@ -XXX,XX +XXX,XX @@ void cpu_list_unlock(void);
 unsigned int cpu_list_generation_id_get(void);
 
 void tcg_flush_softmmu_tlb(CPUState *cs);
+void tcg_flush_jmp_cache(CPUState *cs);
 
 void tcg_iommu_init_notifier_list(CPUState *cpu);
 void tcg_iommu_free_notifier_list(CPUState *cpu);
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -XXX,XX +XXX,XX @@ struct kvm_run;
 struct hax_vcpu_state;
 struct hvf_vcpu_state;
 
-#define TB_JMP_CACHE_BITS 12
-#define TB_JMP_CACHE_SIZE (1 << TB_JMP_CACHE_BITS)
-
 /* work queue */
 
 /* The union type allows passing of 64 bit target pointers on 32 bit
@@ -XXX,XX +XXX,XX @@ struct CPUState {
     CPUArchState *env_ptr;
     IcountDecr *icount_decr_ptr;
 
-    /* Accessed in parallel; all accesses must be atomic */
-    TranslationBlock *tb_jmp_cache[TB_JMP_CACHE_SIZE];
+    CPUJumpCache *tb_jmp_cache;
 
     struct GDBRegisterState *gdb_regs;
     int gdb_num_regs;
@@ -XXX,XX +XXX,XX @@ extern CPUTailQ cpus;
 
 extern __thread CPUState *current_cpu;
 
-static inline void cpu_tb_jmp_cache_clear(CPUState *cpu)
-{
-    unsigned int i;
-
-    for (i = 0; i < TB_JMP_CACHE_SIZE; i++) {
-        qatomic_set(&cpu->tb_jmp_cache[i], NULL);
-    }
-}
-
 /**
  * qemu_tcg_mttcg_enabled:
  * Check whether we are running MultiThread TCG or not.
diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
index XXXXXXX..XXXXXXX 100644
--- a/include/qemu/typedefs.h
+++ b/include/qemu/typedefs.h
@@ -XXX,XX +XXX,XX @@ typedef struct CoMutex CoMutex;
 typedef struct ConfidentialGuestSupport ConfidentialGuestSupport;
 typedef struct CPUAddressSpace CPUAddressSpace;
 typedef struct CPUArchState CPUArchState;
+typedef struct CPUJumpCache CPUJumpCache;
 typedef struct CPUState CPUState;
 typedef struct CPUTLBEntryFull CPUTLBEntryFull;
 typedef struct DeviceListener DeviceListener;
diff --git a/accel/stubs/tcg-stub.c b/accel/stubs/tcg-stub.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/stubs/tcg-stub.c
+++ b/accel/stubs/tcg-stub.c
@@ -XXX,XX +XXX,XX @@ void tlb_set_dirty(CPUState *cpu, target_ulong vaddr)
 {
 }
 
+void tcg_flush_jmp_cache(CPUState *cpu)
+{
+}
+
 int probe_access_flags(CPUArchState *env, target_ulong addr,
                        MMUAccessType access_type, int mmu_idx,
                        bool nonfault, void **phost, uintptr_t retaddr)
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -XXX,XX +XXX,XX @@
 #include "sysemu/replay.h"
 #include "sysemu/tcg.h"
 #include "exec/helper-proto.h"
+#include "tb-jmp-cache.h"
 #include "tb-hash.h"
 #include "tb-context.h"
 #include "internal.h"
@@ -XXX,XX +XXX,XX @@ static inline TranslationBlock *tb_lookup(CPUState *cpu, target_ulong pc,
     tcg_debug_assert(!(cflags & CF_INVALID));
 
     hash = tb_jmp_cache_hash_func(pc);
-    tb = qatomic_rcu_read(&cpu->tb_jmp_cache[hash]);
+    tb = qatomic_rcu_read(&cpu->tb_jmp_cache->array[hash].tb);
 
     if (likely(tb &&
                tb->pc == pc &&
@@ -XXX,XX +XXX,XX @@ static inline TranslationBlock *tb_lookup(CPUState *cpu, target_ulong pc,
     if (tb == NULL) {
         return NULL;
     }
-    qatomic_set(&cpu->tb_jmp_cache[hash], tb);
+    qatomic_set(&cpu->tb_jmp_cache->array[hash].tb, tb);
     return tb;
 }
 
@@ -XXX,XX +XXX,XX @@ int cpu_exec(CPUState *cpu)
 
             tb = tb_lookup(cpu, pc, cs_base, flags, cflags);
             if (tb == NULL) {
+                uint32_t h;
+
                 mmap_lock();
                 tb = tb_gen_code(cpu, pc, cs_base, flags, cflags);
                 mmap_unlock();
@@ -XXX,XX +XXX,XX @@ int cpu_exec(CPUState *cpu)
                  * We add the TB in the virtual pc hash table
                  * for the fast lookup
                  */
-                qatomic_set(&cpu->tb_jmp_cache[tb_jmp_cache_hash_func(pc)], tb);
+                h = tb_jmp_cache_hash_func(pc);
+                qatomic_set(&cpu->tb_jmp_cache->array[h].tb, tb);
             }
 
 #ifndef CONFIG_USER_ONLY
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ static void tlb_window_reset(CPUTLBDesc *desc, int64_t ns,
 
 static void tb_jmp_cache_clear_page(CPUState *cpu, target_ulong page_addr)
 {
-    unsigned int i, i0 = tb_jmp_cache_hash_page(page_addr);
+    int i, i0 = tb_jmp_cache_hash_page(page_addr);
+    CPUJumpCache *jc = cpu->tb_jmp_cache;
 
     for (i = 0; i < TB_JMP_PAGE_SIZE; i++) {
-        qatomic_set(&cpu->tb_jmp_cache[i0 + i], NULL);
+        qatomic_set(&jc->array[i0 + i].tb, NULL);
     }
 }
 
@@ -XXX,XX +XXX,XX @@ static void tlb_flush_by_mmuidx_async_work(CPUState *cpu, run_on_cpu_data data)
 
     qemu_spin_unlock(&env_tlb(env)->c.lock);
 
-    cpu_tb_jmp_cache_clear(cpu);
+    tcg_flush_jmp_cache(cpu);
 
     if (to_clean == ALL_MMUIDX_BITS) {
         qatomic_set(&env_tlb(env)->c.full_flush_count,
@@ -XXX,XX +XXX,XX @@ static void tlb_flush_range_by_mmuidx_async_0(CPUState *cpu,
      * longer to clear each entry individually than it will to clear it all.
      */
     if (d.len >= (TARGET_PAGE_SIZE * TB_JMP_CACHE_SIZE)) {
-        cpu_tb_jmp_cache_clear(cpu);
+        tcg_flush_jmp_cache(cpu);
         return;
     }
 
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@
 #include "sysemu/tcg.h"
 #include "qapi/error.h"
 #include "hw/core/tcg-cpu-ops.h"
+#include "tb-jmp-cache.h"
 #include "tb-hash.h"
 #include "tb-context.h"
 #include "internal.h"
@@ -XXX,XX +XXX,XX @@ static void do_tb_flush(CPUState *cpu, run_on_cpu_data tb_flush_count)
     }
 
     CPU_FOREACH(cpu) {
-        cpu_tb_jmp_cache_clear(cpu);
+        tcg_flush_jmp_cache(cpu);
     }
 
     qht_reset_size(&tb_ctx.htable, CODE_GEN_HTABLE_SIZE);
@@ -XXX,XX +XXX,XX @@ static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list)
     /* remove the TB from the hash list */
     h = tb_jmp_cache_hash_func(tb->pc);
     CPU_FOREACH(cpu) {
-        if (qatomic_read(&cpu->tb_jmp_cache[h]) == tb) {
-            qatomic_set(&cpu->tb_jmp_cache[h], NULL);
+        CPUJumpCache *jc = cpu->tb_jmp_cache;
+        if (qatomic_read(&jc->array[h].tb) == tb) {
+            qatomic_set(&jc->array[h].tb, NULL);
         }
     }
 
@@ -XXX,XX +XXX,XX @@ int page_unprotect(target_ulong address, uintptr_t pc)
 }
 #endif /* CONFIG_USER_ONLY */
 
+/*
+ * Called by generic code at e.g. cpu reset after cpu creation,
+ * therefore we must be prepared to allocate the jump cache.
+ */
+void tcg_flush_jmp_cache(CPUState *cpu)
+{
+    CPUJumpCache *jc = cpu->tb_jmp_cache;
+
+    if (likely(jc)) {
+        for (int i = 0; i < TB_JMP_CACHE_SIZE; i++) {
+            qatomic_set(&jc->array[i].tb, NULL);
+        }
+    } else {
+        /* This should happen once during realize, and thus never race. */
+        jc = g_new0(CPUJumpCache, 1);
+        jc = qatomic_xchg(&cpu->tb_jmp_cache, jc);
+        assert(jc == NULL);
+    }
+}
+
 /* This is a wrapper for common code that can not use CONFIG_SOFTMMU */
 void tcg_flush_softmmu_tlb(CPUState *cs)
 {
diff --git a/hw/core/cpu-common.c b/hw/core/cpu-common.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/core/cpu-common.c
+++ b/hw/core/cpu-common.c
@@ -XXX,XX +XXX,XX @@ static void cpu_common_reset(DeviceState *dev)
     cpu->cflags_next_tb = -1;
 
     if (tcg_enabled()) {
-        cpu_tb_jmp_cache_clear(cpu);
-
+        tcg_flush_jmp_cache(cpu);
         tcg_flush_softmmu_tlb(cpu);
     }
 }
diff --git a/plugins/core.c b/plugins/core.c
index XXXXXXX..XXXXXXX 100644
--- a/plugins/core.c
+++ b/plugins/core.c
@@ -XXX,XX +XXX,XX @@ struct qemu_plugin_ctx *plugin_id_to_ctx_locked(qemu_plugin_id_t id)
 static void plugin_cpu_update__async(CPUState *cpu, run_on_cpu_data data)
 {
     bitmap_copy(cpu->plugin_mask, &data.host_ulong, QEMU_PLUGIN_EV_MAX);
-    cpu_tb_jmp_cache_clear(cpu);
+    tcg_flush_jmp_cache(cpu);
 }
 
 static void plugin_cpu_update__locked(gpointer k, gpointer v, gpointer udata)
diff --git a/trace/control-target.c b/trace/control-target.c
index XXXXXXX..XXXXXXX 100644
--- a/trace/control-target.c
+++ b/trace/control-target.c
@@ -XXX,XX +XXX,XX @@ static void trace_event_synchronize_vcpu_state_dynamic(
 {
     bitmap_copy(vcpu->trace_dstate, vcpu->trace_dstate_delayed,
                 CPU_TRACE_DSTATE_MAX_EVENTS);
-    cpu_tb_jmp_cache_clear(vcpu);
+    tcg_flush_jmp_cache(vcpu);
 }
 
 void trace_event_set_vcpu_state_dynamic(CPUState *vcpu,
-- 
2.34.1

Populate this new method for all targets.  Always match
the result that would be given by cpu_get_tb_cpu_state,
as we will want these values to correspond in the logs.

Reviewed-by: Taylor Simpson <tsimpson@quicinc.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> (target/sparc)
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
Cc: Eduardo Habkost <eduardo@habkost.net> (supporter:Machine core)
Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> (supporter:Machine core)
Cc: "Philippe Mathieu-Daudé" <f4bug@amsat.org> (reviewer:Machine core)
Cc: Yanan Wang <wangyanan55@huawei.com> (reviewer:Machine core)
Cc: Michael Rolnik <mrolnik@gmail.com> (maintainer:AVR TCG CPUs)
Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com> (maintainer:CRIS TCG CPUs)
Cc: Taylor Simpson <tsimpson@quicinc.com> (supporter:Hexagon TCG CPUs)
Cc: Song Gao <gaosong@loongson.cn> (maintainer:LoongArch TCG CPUs)
Cc: Xiaojuan Yang <yangxiaojuan@loongson.cn> (maintainer:LoongArch TCG CPUs)
Cc: Laurent Vivier <laurent@vivier.eu> (maintainer:M68K TCG CPUs)
Cc: Jiaxun Yang <jiaxun.yang@flygoat.com> (reviewer:MIPS TCG CPUs)
Cc: Aleksandar Rikalo <aleksandar.rikalo@syrmia.com> (reviewer:MIPS TCG CPUs)
Cc: Chris Wulff <crwulff@gmail.com> (maintainer:NiosII TCG CPUs)
Cc: Marek Vasut <marex@denx.de> (maintainer:NiosII TCG CPUs)
Cc: Stafford Horne <shorne@gmail.com> (odd fixer:OpenRISC TCG CPUs)
Cc: Yoshinori Sato <ysato@users.sourceforge.jp> (reviewer:RENESAS RX CPUs)
Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> (maintainer:SPARC TCG CPUs)
Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> (maintainer:TriCore TCG CPUs)
Cc: Max Filippov <jcmvbkbc@gmail.com> (maintainer:Xtensa TCG CPUs)
Cc: qemu-arm@nongnu.org (open list:ARM TCG CPUs)
Cc: qemu-ppc@nongnu.org (open list:PowerPC TCG CPUs)
Cc: qemu-riscv@nongnu.org (open list:RISC-V TCG CPUs)
Cc: qemu-s390x@nongnu.org (open list:S390 TCG CPUs)
---
 include/hw/core/cpu.h   |  3 +++
 target/alpha/cpu.c      |  9 +++++++++
 target/arm/cpu.c        | 13 +++++++++++++
 target/avr/cpu.c        |  8 ++++++++
 target/cris/cpu.c       |  8 ++++++++
 target/hexagon/cpu.c    |  8 ++++++++
 target/hppa/cpu.c       |  8 ++++++++
 target/i386/cpu.c       |  9 +++++++++
 target/loongarch/cpu.c  |  9 +++++++++
 target/m68k/cpu.c       |  8 ++++++++
 target/microblaze/cpu.c |  8 ++++++++
 target/mips/cpu.c       |  8 ++++++++
 target/nios2/cpu.c      |  9 +++++++++
 target/openrisc/cpu.c   |  8 ++++++++
 target/ppc/cpu_init.c   |  8 ++++++++
 target/riscv/cpu.c      | 13 +++++++++++++
 target/rx/cpu.c         |  8 ++++++++
 target/s390x/cpu.c      |  8 ++++++++
 target/sh4/cpu.c        |  8 ++++++++
 target/sparc/cpu.c      |  8 ++++++++
 target/tricore/cpu.c    |  9 +++++++++
 target/xtensa/cpu.c     |  8 ++++++++
 22 files changed, 186 insertions(+)

diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -XXX,XX +XXX,XX @@ struct SysemuCPUOps;
  *       If the target behaviour here is anything other than "set
  *       the PC register to the value passed in" then the target must
  *       also implement the synchronize_from_tb hook.
+ * @get_pc: Callback for getting the Program Counter register.
+ *       As above, with the semantics of the target architecture.
  * @gdb_read_register: Callback for letting GDB read a register.
  * @gdb_write_register: Callback for letting GDB write a register.
  * @gdb_adjust_breakpoint: Callback for adjusting the address of a
@@ -XXX,XX +XXX,XX @@ struct CPUClass {
     void (*dump_state)(CPUState *cpu, FILE *, int flags);
     int64_t (*get_arch_id)(CPUState *cpu);
     void (*set_pc)(CPUState *cpu, vaddr value);
+    vaddr (*get_pc)(CPUState *cpu);
     int (*gdb_read_register)(CPUState *cpu, GByteArray *buf, int reg);
     int (*gdb_write_register)(CPUState *cpu, uint8_t *buf, int reg);
     vaddr (*gdb_adjust_breakpoint)(CPUState *cpu, vaddr addr);
diff --git a/target/alpha/cpu.c b/target/alpha/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/alpha/cpu.c
+++ b/target/alpha/cpu.c
@@ -XXX,XX +XXX,XX @@ static void alpha_cpu_set_pc(CPUState *cs, vaddr value)
     cpu->env.pc = value;
 }
 
+static vaddr alpha_cpu_get_pc(CPUState *cs)
+{
+    AlphaCPU *cpu = ALPHA_CPU(cs);
+
+    return cpu->env.pc;
+}
+
+
 static bool alpha_cpu_has_work(CPUState *cs)
 {
     /* Here we are checking to see if the CPU should wake up from HALT.
@@ -XXX,XX +XXX,XX @@ static void alpha_cpu_class_init(ObjectClass *oc, void *data)
     cc->has_work = alpha_cpu_has_work;
     cc->dump_state = alpha_cpu_dump_state;
     cc->set_pc = alpha_cpu_set_pc;
+    cc->get_pc = alpha_cpu_get_pc;
     cc->gdb_read_register = alpha_cpu_gdb_read_register;
     cc->gdb_write_register = alpha_cpu_gdb_write_register;
 #ifndef CONFIG_USER_ONLY
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_set_pc(CPUState *cs, vaddr value)
     }
 }
 
+static vaddr arm_cpu_get_pc(CPUState *cs)
+{
+    ARMCPU *cpu = ARM_CPU(cs);
+    CPUARMState *env = &cpu->env;
+
+    if (is_a64(env)) {
+        return env->pc;
+    } else {
+        return env->regs[15];
+    }
+}
+
 #ifdef CONFIG_TCG
 void arm_cpu_synchronize_from_tb(CPUState *cs,
                                  const TranslationBlock *tb)
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_class_init(ObjectClass *oc, void *data)
     cc->has_work = arm_cpu_has_work;
     cc->dump_state = arm_cpu_dump_state;
     cc->set_pc = arm_cpu_set_pc;
+    cc->get_pc = arm_cpu_get_pc;
     cc->gdb_read_register = arm_cpu_gdb_read_register;
     cc->gdb_write_register = arm_cpu_gdb_write_register;
 #ifndef CONFIG_USER_ONLY
diff --git a/target/avr/cpu.c b/target/avr/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/avr/cpu.c
+++ b/target/avr/cpu.c
@@ -XXX,XX +XXX,XX @@ static void avr_cpu_set_pc(CPUState *cs, vaddr value)
     cpu->env.pc_w = value / 2; /* internally PC points to words */
 }
 
+static vaddr avr_cpu_get_pc(CPUState *cs)
+{
+    AVRCPU *cpu = AVR_CPU(cs);
+
+    return cpu->env.pc_w * 2;
+}
+
 static bool avr_cpu_has_work(CPUState *cs)
 {
     AVRCPU *cpu = AVR_CPU(cs);
@@ -XXX,XX +XXX,XX @@ static void avr_cpu_class_init(ObjectClass *oc, void *data)
     cc->has_work = avr_cpu_has_work;
     cc->dump_state = avr_cpu_dump_state;
     cc->set_pc = avr_cpu_set_pc;
+    cc->get_pc = avr_cpu_get_pc;
     dc->vmsd = &vms_avr_cpu;
     cc->sysemu_ops = &avr_sysemu_ops;
     cc->disas_set_info = avr_cpu_disas_set_info;
diff --git a/target/cris/cpu.c b/target/cris/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/cris/cpu.c
+++ b/target/cris/cpu.c
@@ -XXX,XX +XXX,XX @@ static void cris_cpu_set_pc(CPUState *cs, vaddr value)
     cpu->env.pc = value;
 }
 
+static vaddr cris_cpu_get_pc(CPUState *cs)
+{
+    CRISCPU *cpu = CRIS_CPU(cs);
+
+    return cpu->env.pc;
+}
+
 static bool cris_cpu_has_work(CPUState *cs)
 {
     return cs->interrupt_request & (CPU_INTERRUPT_HARD | CPU_INTERRUPT_NMI);
@@ -XXX,XX +XXX,XX @@ static void cris_cpu_class_init(ObjectClass *oc, void *data)
     cc->has_work = cris_cpu_has_work;
     cc->dump_state = cris_cpu_dump_state;
     cc->set_pc = cris_cpu_set_pc;
+    cc->get_pc = cris_cpu_get_pc;
     cc->gdb_read_register = cris_cpu_gdb_read_register;
     cc->gdb_write_register = cris_cpu_gdb_write_register;
 #ifndef CONFIG_USER_ONLY
diff --git a/target/hexagon/cpu.c b/target/hexagon/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/hexagon/cpu.c
+++ b/target/hexagon/cpu.c
@@ -XXX,XX +XXX,XX @@ static void hexagon_cpu_set_pc(CPUState *cs, vaddr value)
     env->gpr[HEX_REG_PC] = value;
 }
 
+static vaddr hexagon_cpu_get_pc(CPUState *cs)
+{
+    HexagonCPU *cpu = HEXAGON_CPU(cs);
+    CPUHexagonState *env = &cpu->env;
+    return env->gpr[HEX_REG_PC];
+}
+
 static void hexagon_cpu_synchronize_from_tb(CPUState *cs,
                                             const TranslationBlock *tb)
 {
@@ -XXX,XX +XXX,XX @@ static void hexagon_cpu_class_init(ObjectClass *c, void *data)
     cc->has_work = hexagon_cpu_has_work;
     cc->dump_state = hexagon_dump_state;
     cc->set_pc = hexagon_cpu_set_pc;
+    cc->get_pc = hexagon_cpu_get_pc;
     cc->gdb_read_register = hexagon_gdb_read_register;
     cc->gdb_write_register = hexagon_gdb_write_register;
     cc->gdb_num_core_regs = TOTAL_PER_THREAD_REGS + NUM_VREGS + NUM_QREGS;
diff --git a/target/hppa/cpu.c b/target/hppa/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/hppa/cpu.c
+++ b/target/hppa/cpu.c
@@ -XXX,XX +XXX,XX @@ static void hppa_cpu_set_pc(CPUState *cs, vaddr value)
     cpu->env.iaoq_b = value + 4;
 }
 
+static vaddr hppa_cpu_get_pc(CPUState *cs)
+{
+    HPPACPU *cpu = HPPA_CPU(cs);
+
+    return cpu->env.iaoq_f;
+}
+
 static void hppa_cpu_synchronize_from_tb(CPUState *cs,
                                          const TranslationBlock *tb)
 {
@@ -XXX,XX +XXX,XX @@ static void hppa_cpu_class_init(ObjectClass *oc, void *data)
     cc->has_work = hppa_cpu_has_work;
     cc->dump_state = hppa_cpu_dump_state;
     cc->set_pc = hppa_cpu_set_pc;
+    cc->get_pc = hppa_cpu_get_pc;
     cc->gdb_read_register = hppa_cpu_gdb_read_register;
     cc->gdb_write_register = hppa_cpu_gdb_write_register;
 #ifndef CONFIG_USER_ONLY
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -XXX,XX +XXX,XX @@ static void x86_cpu_set_pc(CPUState *cs, vaddr value)
     cpu->env.eip = value;
 }
 
+static vaddr x86_cpu_get_pc(CPUState *cs)
+{
+    X86CPU *cpu = X86_CPU(cs);
+
+    /* Match cpu_get_tb_cpu_state. */
+    return cpu->env.eip + cpu->env.segs[R_CS].base;
+}
+
 int x86_cpu_pending_interrupt(CPUState *cs, int interrupt_request)
 {
     X86CPU *cpu = X86_CPU(cs);
@@ -XXX,XX +XXX,XX @@ static void x86_cpu_common_class_init(ObjectClass *oc, void *data)
     cc->has_work = x86_cpu_has_work;
     cc->dump_state = x86_cpu_dump_state;
     cc->set_pc = x86_cpu_set_pc;
+    cc->get_pc = x86_cpu_get_pc;
     cc->gdb_read_register = x86_cpu_gdb_read_register;
     cc->gdb_write_register = x86_cpu_gdb_write_register;
     cc->get_arch_id = x86_cpu_get_arch_id;
diff --git a/target/loongarch/cpu.c b/target/loongarch/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/loongarch/cpu.c
+++ b/target/loongarch/cpu.c
@@ -XXX,XX +XXX,XX @@ static void loongarch_cpu_set_pc(CPUState *cs, vaddr value)
     env->pc = value;
 }
 
+static vaddr loongarch_cpu_get_pc(CPUState *cs)
+{
+    LoongArchCPU *cpu = LOONGARCH_CPU(cs);
+    CPULoongArchState *env = &cpu->env;
+
+    return env->pc;
+}
+
 #ifndef CONFIG_USER_ONLY
 #include "hw/loongarch/virt.h"
 
@@ -XXX,XX +XXX,XX @@ static void loongarch_cpu_class_init(ObjectClass *c, void *data)
     cc->has_work = loongarch_cpu_has_work;
     cc->dump_state = loongarch_cpu_dump_state;
     cc->set_pc = loongarch_cpu_set_pc;
+    cc->get_pc = loongarch_cpu_get_pc;
 #ifndef CONFIG_USER_ONLY
     dc->vmsd = &vmstate_loongarch_cpu;
     cc->sysemu_ops = &loongarch_sysemu_ops;
diff --git a/target/m68k/cpu.c b/target/m68k/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/m68k/cpu.c
+++ b/target/m68k/cpu.c
@@ -XXX,XX +XXX,XX @@ static void m68k_cpu_set_pc(CPUState *cs, vaddr value)
     cpu->env.pc = value;
 }
 
+static vaddr m68k_cpu_get_pc(CPUState *cs)
+{
+    M68kCPU *cpu = M68K_CPU(cs);
+
+    return cpu->env.pc;
+}
+
 static bool m68k_cpu_has_work(CPUState *cs)
 {
     return cs->interrupt_request & CPU_INTERRUPT_HARD;
@@ -XXX,XX +XXX,XX @@ static void m68k_cpu_class_init(ObjectClass *c, void *data)
     cc->has_work = m68k_cpu_has_work;
     cc->dump_state = m68k_cpu_dump_state;
     cc->set_pc = m68k_cpu_set_pc;
+    cc->get_pc = m68k_cpu_get_pc;
     cc->gdb_read_register = m68k_cpu_gdb_read_register;
     cc->gdb_write_register = m68k_cpu_gdb_write_register;
 #if defined(CONFIG_SOFTMMU)
diff --git a/target/microblaze/cpu.c b/target/microblaze/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/microblaze/cpu.c
+++ b/target/microblaze/cpu.c
@@ -XXX,XX +XXX,XX @@ static void mb_cpu_set_pc(CPUState *cs, vaddr value)
     cpu->env.iflags = 0;
 }
 
+static vaddr mb_cpu_get_pc(CPUState *cs)
+{
+    MicroBlazeCPU *cpu = MICROBLAZE_CPU(cs);
+
+    return cpu->env.pc;
+}
+
 static void mb_cpu_synchronize_from_tb(CPUState *cs,
                                        const TranslationBlock *tb)
 {
@@ -XXX,XX +XXX,XX @@ static void mb_cpu_class_init(ObjectClass *oc, void *data)
 
     cc->dump_state = mb_cpu_dump_state;
     cc->set_pc = mb_cpu_set_pc;
+    cc->get_pc = mb_cpu_get_pc;
     cc->gdb_read_register = mb_cpu_gdb_read_register;
     cc->gdb_write_register = mb_cpu_gdb_write_register;
 
diff --git a/target/mips/cpu.c b/target/mips/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/mips/cpu.c
+++ b/target/mips/cpu.c
@@ -XXX,XX +XXX,XX @@ static void mips_cpu_set_pc(CPUState *cs, vaddr value)
     mips_env_set_pc(&cpu->env, value);
 }
 
+static vaddr mips_cpu_get_pc(CPUState *cs)
+{
+    MIPSCPU *cpu = MIPS_CPU(cs);
+
+    return cpu->env.active_tc.PC;
+}
+
 static bool mips_cpu_has_work(CPUState *cs)
 {
     MIPSCPU *cpu = MIPS_CPU(cs);
@@ -XXX,XX +XXX,XX @@ static void mips_cpu_class_init(ObjectClass *c, void *data)
     cc->has_work = mips_cpu_has_work;
     cc->dump_state = mips_cpu_dump_state;
     cc->set_pc = mips_cpu_set_pc;
+    cc->get_pc = mips_cpu_get_pc;
     cc->gdb_read_register = mips_cpu_gdb_read_register;
     cc->gdb_write_register = mips_cpu_gdb_write_register;
 #ifndef CONFIG_USER_ONLY
diff --git a/target/nios2/cpu.c b/target/nios2/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/nios2/cpu.c
+++ b/target/nios2/cpu.c
@@ -XXX,XX +XXX,XX @@ static void nios2_cpu_set_pc(CPUState *cs, vaddr value)
     env->pc = value;
 }
 
+static vaddr nios2_cpu_get_pc(CPUState *cs)
+{
+    Nios2CPU *cpu = NIOS2_CPU(cs);
+    CPUNios2State *env = &cpu->env;
+
+    return env->pc;
+}
+
 static bool nios2_cpu_has_work(CPUState *cs)
 {
     return cs->interrupt_request & CPU_INTERRUPT_HARD;
@@ -XXX,XX +XXX,XX @@ static void nios2_cpu_class_init(ObjectClass *oc, void *data)
     cc->has_work = nios2_cpu_has_work;
     cc->dump_state = nios2_cpu_dump_state;
     cc->set_pc = nios2_cpu_set_pc;
+    cc->get_pc = nios2_cpu_get_pc;
     cc->disas_set_info = nios2_cpu_disas_set_info;
 #ifndef CONFIG_USER_ONLY
     cc->sysemu_ops = &nios2_sysemu_ops;
diff --git a/target/openrisc/cpu.c b/target/openrisc/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/openrisc/cpu.c
+++ b/target/openrisc/cpu.c
@@ -XXX,XX +XXX,XX @@ static void openrisc_cpu_set_pc(CPUState *cs, vaddr value)
     cpu->env.dflag = 0;
 }
 
+static vaddr openrisc_cpu_get_pc(CPUState *cs)
+{
+    OpenRISCCPU *cpu = OPENRISC_CPU(cs);
+
+    return cpu->env.pc;
+}
+
 static void openrisc_cpu_synchronize_from_tb(CPUState *cs,
                                              const TranslationBlock *tb)
 {
@@ -XXX,XX +XXX,XX @@ static void openrisc_cpu_class_init(ObjectClass *oc, void *data)
     cc->has_work = openrisc_cpu_has_work;
     cc->dump_state = openrisc_cpu_dump_state;
     cc->set_pc = openrisc_cpu_set_pc;
+    cc->get_pc = openrisc_cpu_get_pc;
     cc->gdb_read_register = openrisc_cpu_gdb_read_register;
     cc->gdb_write_register = openrisc_cpu_gdb_write_register;
 #ifndef CONFIG_USER_ONLY
diff --git a/target/ppc/cpu_init.c b/target/ppc/cpu_init.c
index XXXXXXX..XXXXXXX 100644
--- a/target/ppc/cpu_init.c
+++ b/target/ppc/cpu_init.c
@@ -XXX,XX +XXX,XX @@ static void ppc_cpu_set_pc(CPUState *cs, vaddr value)
     cpu->env.nip = value;
 }
 
+static vaddr ppc_cpu_get_pc(CPUState *cs)
+{
+    PowerPCCPU *cpu = POWERPC_CPU(cs);
+
+    return cpu->env.nip;
+}
+
 static bool ppc_cpu_has_work(CPUState *cs)
 {
     PowerPCCPU *cpu = POWERPC_CPU(cs);
@@ -XXX,XX +XXX,XX @@ static void ppc_cpu_class_init(ObjectClass *oc, void *data)
     cc->has_work = ppc_cpu_has_work;
     cc->dump_state = ppc_cpu_dump_state;
     cc->set_pc = ppc_cpu_set_pc;
+    cc->get_pc = ppc_cpu_get_pc;
     cc->gdb_read_register = ppc_cpu_gdb_read_register;
     cc->gdb_write_register = ppc_cpu_gdb_write_register;
 #ifndef CONFIG_USER_ONLY
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -XXX,XX +XXX,XX @@ static void riscv_cpu_set_pc(CPUState *cs, vaddr value)
     }
 }
 
+static vaddr riscv_cpu_get_pc(CPUState *cs)
+{
+    RISCVCPU *cpu = RISCV_CPU(cs);
+    CPURISCVState *env = &cpu->env;
+
+    /* Match cpu_get_tb_cpu_state. */
+    if (env->xl == MXL_RV32) {
+        return env->pc & UINT32_MAX;
+    }
+    return env->pc;
+}
+
 static void riscv_cpu_synchronize_from_tb(CPUState *cs,
                                           const TranslationBlock *tb)
 {
@@ -XXX,XX +XXX,XX @@ static void riscv_cpu_class_init(ObjectClass *c, void *data)
     cc->has_work = riscv_cpu_has_work;
     cc->dump_state = riscv_cpu_dump_state;
     cc->set_pc = riscv_cpu_set_pc;
+    cc->get_pc = riscv_cpu_get_pc;
     cc->gdb_read_register = riscv_cpu_gdb_read_register;
     cc->gdb_write_register = riscv_cpu_gdb_write_register;
     cc->gdb_num_core_regs = 33;
diff --git a/target/rx/cpu.c b/target/rx/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/rx/cpu.c
+++ b/target/rx/cpu.c
@@ -XXX,XX +XXX,XX @@ static void rx_cpu_set_pc(CPUState *cs, vaddr value)
     cpu->env.pc = value;
 }
 
+static vaddr rx_cpu_get_pc(CPUState *cs)
+{
+    RXCPU *cpu = RX_CPU(cs);
+
+    return cpu->env.pc;
+}
+
 static void rx_cpu_synchronize_from_tb(CPUState *cs,
                                        const TranslationBlock *tb)
 {
@@ -XXX,XX +XXX,XX @@ static void rx_cpu_class_init(ObjectClass *klass, void *data)
     cc->has_work = rx_cpu_has_work;
     cc->dump_state = rx_cpu_dump_state;
     cc->set_pc = rx_cpu_set_pc;
+    cc->get_pc = rx_cpu_get_pc;
 
 #ifndef CONFIG_USER_ONLY
     cc->sysemu_ops = &rx_sysemu_ops;
diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/cpu.c
+++ b/target/s390x/cpu.c
@@ -XXX,XX +XXX,XX @@ static void s390_cpu_set_pc(CPUState *cs, vaddr value)
     cpu->env.psw.addr = value;
 }
 
+static vaddr s390_cpu_get_pc(CPUState *cs)
+{
+    S390CPU *cpu = S390_CPU(cs);
+
+    return cpu->env.psw.addr;
+}
+
 static bool s390_cpu_has_work(CPUState *cs)
 {
     S390CPU *cpu = S390_CPU(cs);
@@ -XXX,XX +XXX,XX @@ static void s390_cpu_class_init(ObjectClass *oc, void *data)
     cc->has_work = s390_cpu_has_work;
     cc->dump_state = s390_cpu_dump_state;
     cc->set_pc = s390_cpu_set_pc;
+    cc->get_pc = s390_cpu_get_pc;
     cc->gdb_read_register = s390_cpu_gdb_read_register;
     cc->gdb_write_register = s390_cpu_gdb_write_register;
 #ifndef CONFIG_USER_ONLY
diff --git a/target/sh4/cpu.c b/target/sh4/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sh4/cpu.c
+++ b/target/sh4/cpu.c
@@ -XXX,XX +XXX,XX @@ static void superh_cpu_set_pc(CPUState *cs, vaddr value)
     cpu->env.pc = value;
 }
 
+static vaddr superh_cpu_get_pc(CPUState *cs)
+{
+    SuperHCPU *cpu = SUPERH_CPU(cs);
+
+    return cpu->env.pc;
+}
+
 static void superh_cpu_synchronize_from_tb(CPUState *cs,
                                            const TranslationBlock *tb)
 {
@@ -XXX,XX +XXX,XX @@ static void superh_cpu_class_init(ObjectClass *oc, void *data)
     cc->has_work = superh_cpu_has_work;
     cc->dump_state = superh_cpu_dump_state;
     cc->set_pc = superh_cpu_set_pc;
+    cc->get_pc = superh_cpu_get_pc;
     cc->gdb_read_register = superh_cpu_gdb_read_register;
     cc->gdb_write_register = superh_cpu_gdb_write_register;
 #ifndef CONFIG_USER_ONLY
diff --git a/target/sparc/cpu.c b/target/sparc/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sparc/cpu.c
+++ b/target/sparc/cpu.c
@@ -XXX,XX +XXX,XX @@ static void sparc_cpu_set_pc(CPUState *cs, vaddr value)
     cpu->env.npc = value + 4;
 }
 
+static vaddr sparc_cpu_get_pc(CPUState *cs)
+{
+    SPARCCPU *cpu = SPARC_CPU(cs);
+
+    return cpu->env.pc;
+}
+
 static void sparc_cpu_synchronize_from_tb(CPUState *cs,
                                           const TranslationBlock *tb)
 {
@@ -XXX,XX +XXX,XX @@ static void sparc_cpu_class_init(ObjectClass *oc, void *data)
     cc->memory_rw_debug = sparc_cpu_memory_rw_debug;
 #endif
     cc->set_pc = sparc_cpu_set_pc;
+    cc->get_pc = sparc_cpu_get_pc;
     cc->gdb_read_register = sparc_cpu_gdb_read_register;
     cc->gdb_write_register = sparc_cpu_gdb_write_register;
 #ifndef CONFIG_USER_ONLY
diff --git a/target/tricore/cpu.c b/target/tricore/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/tricore/cpu.c
+++ b/target/tricore/cpu.c
@@ -XXX,XX +XXX,XX @@ static void tricore_cpu_set_pc(CPUState *cs, vaddr value)
     env->PC = value & ~(target_ulong)1;
 }
 
+static vaddr tricore_cpu_get_pc(CPUState *cs)
+{
+    TriCoreCPU *cpu = TRICORE_CPU(cs);
+    CPUTriCoreState *env = &cpu->env;
+
+    return env->PC;
+}
+
 static void tricore_cpu_synchronize_from_tb(CPUState *cs,
                                             const TranslationBlock *tb)
 {
@@ -XXX,XX +XXX,XX @@ static void tricore_cpu_class_init(ObjectClass *c, void *data)
 
     cc->dump_state = tricore_cpu_dump_state;
     cc->set_pc = tricore_cpu_set_pc;
+    cc->get_pc = tricore_cpu_get_pc;
     cc->sysemu_ops = &tricore_sysemu_ops;
     cc->tcg_ops = &tricore_tcg_ops;
 }
diff --git a/target/xtensa/cpu.c b/target/xtensa/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/xtensa/cpu.c
+++ b/target/xtensa/cpu.c
@@ -XXX,XX +XXX,XX @@ static void xtensa_cpu_set_pc(CPUState *cs, vaddr value)
     cpu->env.pc = value;
 }
 
+static vaddr xtensa_cpu_get_pc(CPUState *cs)
+{
+    XtensaCPU *cpu = XTENSA_CPU(cs);
+
+    return cpu->env.pc;
+}
+
 static bool xtensa_cpu_has_work(CPUState *cs)
 {
 #ifndef CONFIG_USER_ONLY
@@ -XXX,XX +XXX,XX @@ static void xtensa_cpu_class_init(ObjectClass *oc, void *data)
     cc->has_work = xtensa_cpu_has_work;
     cc->dump_state = xtensa_cpu_dump_state;
     cc->set_pc = xtensa_cpu_set_pc;
+    cc->get_pc = xtensa_cpu_get_pc;
     cc->gdb_read_register = xtensa_cpu_gdb_read_register;
     cc->gdb_write_register = xtensa_cpu_gdb_write_register;
     cc->gdb_stop_before_watchpoint = true;
-- 
2.34.1

The availability of tb->pc will shortly be conditional.
Introduce accessor functions to minimize ifdefs.

Pass around a known pc to places like tcg_gen_code,
where the caller must already have the value.

diff --git a/accel/tcg/internal.h b/accel/tcg/internal.h
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/internal.h
+++ b/accel/tcg/internal.h
@@ -XXX,XX +XXX,XX @@ G_NORETURN void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr);
 void page_init(void);
 void tb_htable_init(void);
 
+/* Return the current PC from CPU, which may be cached in TB. */
+static inline target_ulong log_pc(CPUState *cpu, const TranslationBlock *tb)
+{
+    return tb_pc(tb);
+}
+
 #endif /* ACCEL_TCG_INTERNAL_H */
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -XXX,XX +XXX,XX @@ struct TranslationBlock {
     uintptr_t jmp_dest[2];
 };
 
+/* Hide the read to avoid ifdefs for TARGET_TB_PCREL. */
+static inline target_ulong tb_pc(const TranslationBlock *tb)
+{
+    return tb->pc;
+}
+
 /* Hide the qatomic_read to make code a little easier on the eyes */
 static inline uint32_t tb_cflags(const TranslationBlock *tb)
 {
diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
index XXXXXXX..XXXXXXX 100644
--- a/include/tcg/tcg.h
+++ b/include/tcg/tcg.h
@@ -XXX,XX +XXX,XX @@ void tcg_register_thread(void);
 void tcg_prologue_init(TCGContext *s);
 void tcg_func_start(TCGContext *s);
 
-int tcg_gen_code(TCGContext *s, TranslationBlock *tb);
+int tcg_gen_code(TCGContext *s, TranslationBlock *tb, target_ulong pc_start);
 
 void tcg_set_frame(TCGContext *s, TCGReg reg, intptr_t start, intptr_t size);
 
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -XXX,XX +XXX,XX @@ static bool tb_lookup_cmp(const void *p, const void *d)
     const TranslationBlock *tb = p;
     const struct tb_desc *desc = d;
 
-    if (tb->pc == desc->pc &&
+    if (tb_pc(tb) == desc->pc &&
         tb->page_addr[0] == desc->page_addr0 &&
         tb->cs_base == desc->cs_base &&
         tb->flags == desc->flags &&
@@ -XXX,XX +XXX,XX @@ static inline TranslationBlock *tb_lookup(CPUState *cpu, target_ulong pc,
     return tb;
 }
 
-static inline void log_cpu_exec(target_ulong pc, CPUState *cpu,
-                                const TranslationBlock *tb)
+static void log_cpu_exec(target_ulong pc, CPUState *cpu,
+                         const TranslationBlock *tb)
 {
-    if (unlikely(qemu_loglevel_mask(CPU_LOG_TB_CPU | CPU_LOG_EXEC))
-        && qemu_log_in_addr_range(pc)) {
-
+    if (qemu_log_in_addr_range(pc)) {
         qemu_log_mask(CPU_LOG_EXEC,
                       "Trace %d: %p [" TARGET_FMT_lx
                       "/" TARGET_FMT_lx "/%08x/%08x] %s\n",
@@ -XXX,XX +XXX,XX @@ const void *HELPER(lookup_tb_ptr)(CPUArchState *env)
         return tcg_code_gen_epilogue;
     }
 
-    log_cpu_exec(pc, cpu, tb);
+    if (qemu_loglevel_mask(CPU_LOG_TB_CPU | CPU_LOG_EXEC)) {
+        log_cpu_exec(pc, cpu, tb);
+    }
 
     return tb->tc.ptr;
 }
@@ -XXX,XX +XXX,XX @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit)
     TranslationBlock *last_tb;
     const void *tb_ptr = itb->tc.ptr;
 
-    log_cpu_exec(itb->pc, cpu, itb);
+    if (qemu_loglevel_mask(CPU_LOG_TB_CPU | CPU_LOG_EXEC)) {
+        log_cpu_exec(log_pc(cpu, itb), cpu, itb);
+    }
 
     qemu_thread_jit_execute();
     ret = tcg_qemu_tb_exec(env, tb_ptr);
@@ -XXX,XX +XXX,XX @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit)
          * of the start of the TB.
          */
         CPUClass *cc = CPU_GET_CLASS(cpu);
-        qemu_log_mask_and_addr(CPU_LOG_EXEC, last_tb->pc,
-                               "Stopped execution of TB chain before %p ["
-                               TARGET_FMT_lx "] %s\n",
-                               last_tb->tc.ptr, last_tb->pc,
-                               lookup_symbol(last_tb->pc));
+
         if (cc->tcg_ops->synchronize_from_tb) {
             cc->tcg_ops->synchronize_from_tb(cpu, last_tb);
         } else {
             assert(cc->set_pc);
-            cc->set_pc(cpu, last_tb->pc);
+            cc->set_pc(cpu, tb_pc(last_tb));
+        }
+        if (qemu_loglevel_mask(CPU_LOG_EXEC)) {
+            target_ulong pc = log_pc(cpu, last_tb);
+            if (qemu_log_in_addr_range(pc)) {
+                qemu_log("Stopped execution of TB chain before %p ["
+                         TARGET_FMT_lx "] %s\n",
+                         last_tb->tc.ptr, pc, lookup_symbol(pc));
+            }
         }
     }
 
@@ -XXX,XX +XXX,XX @@ static inline void tb_add_jump(TranslationBlock *tb, int n,
 
     qemu_spin_unlock(&tb_next->jmp_lock);
 
-    qemu_log_mask_and_addr(CPU_LOG_EXEC, tb->pc,
-                           "Linking TBs %p [" TARGET_FMT_lx
-                           "] index %d -> %p [" TARGET_FMT_lx "]\n",
-                           tb->tc.ptr, tb->pc, n,
-                           tb_next->tc.ptr, tb_next->pc);
+    qemu_log_mask(CPU_LOG_EXEC, "Linking TBs %p index %d -> %p\n",
+                  tb->tc.ptr, n, tb_next->tc.ptr);
     return;
 
  out_unlock_next:
@@ -XXX,XX +XXX,XX @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
 }
 
 static inline void cpu_loop_exec_tb(CPUState *cpu, TranslationBlock *tb,
+                                    target_ulong pc,
                                     TranslationBlock **last_tb, int *tb_exit)
 {
     int32_t insns_left;
 
-    trace_exec_tb(tb, tb->pc);
+    trace_exec_tb(tb, pc);
     tb = cpu_tb_exec(cpu, tb, tb_exit);
     if (*tb_exit != TB_EXIT_REQUESTED) {
         *last_tb = tb;
@@ -XXX,XX +XXX,XX @@ int cpu_exec(CPUState *cpu)
                 tb_add_jump(last_tb, tb_exit, tb);
             }
 
-            cpu_loop_exec_tb(cpu, tb, &last_tb, &tb_exit);
+            cpu_loop_exec_tb(cpu, tb, pc, &last_tb, &tb_exit);
 
             /* Try to align the host and virtual clocks
                if the guest is in advance */
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ static int encode_search(TranslationBlock *tb, uint8_t *block)
 
         for (j = 0; j < TARGET_INSN_START_WORDS; ++j) {
             if (i == 0) {
-                prev = (j == 0 ? tb->pc : 0);
+                prev = (j == 0 ? tb_pc(tb) : 0);
             } else {
                 prev = tcg_ctx->gen_insn_data[i - 1][j];
             }
@@ -XXX,XX +XXX,XX @@ static int encode_search(TranslationBlock *tb, uint8_t *block)
 static int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
                                      uintptr_t searched_pc, bool reset_icount)
 {
-    target_ulong data[TARGET_INSN_START_WORDS] = { tb->pc };
+    target_ulong data[TARGET_INSN_START_WORDS] = { tb_pc(tb) };
     uintptr_t host_pc = (uintptr_t)tb->tc.ptr;
     CPUArchState *env = cpu->env_ptr;
     const uint8_t *p = tb->tc.ptr + tb->tc.size;
@@ -XXX,XX +XXX,XX @@ static bool tb_cmp(const void *ap, const void *bp)
     const TranslationBlock *a = ap;
     const TranslationBlock *b = bp;
 
-    return a->pc == b->pc &&
+    return tb_pc(a) == tb_pc(b) &&
         a->cs_base == b->cs_base &&
         a->flags == b->flags &&
         (tb_cflags(a) & ~CF_INVALID) == (tb_cflags(b) & ~CF_INVALID) &&
@@ -XXX,XX +XXX,XX @@ static void do_tb_invalidate_check(void *p, uint32_t hash, void *userp)
     TranslationBlock *tb = p;
     target_ulong addr = *(target_ulong *)userp;
 
-    if (!(addr + TARGET_PAGE_SIZE <= tb->pc || addr >= tb->pc + tb->size)) {
+    if (!(addr + TARGET_PAGE_SIZE <= tb_pc(tb) ||
+          addr >= tb_pc(tb) + tb->size)) {
         printf("ERROR invalidate: address=" TARGET_FMT_lx
-               " PC=%08lx size=%04x\n", addr, (long)tb->pc, tb->size);
+               " PC=%08lx size=%04x\n", addr, (long)tb_pc(tb), tb->size);
     }
 }
 
@@ -XXX,XX +XXX,XX @@ static void do_tb_page_check(void *p, uint32_t hash, void *userp)
     TranslationBlock *tb = p;
     int flags1, flags2;
 
-    flags1 = page_get_flags(tb->pc);
-    flags2 = page_get_flags(tb->pc + tb->size - 1);
+    flags1 = page_get_flags(tb_pc(tb));
+    flags2 = page_get_flags(tb_pc(tb) + tb->size - 1);
     if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
         printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
-               (long)tb->pc, tb->size, flags1, flags2);
+               (long)tb_pc(tb), tb->size, flags1, flags2);
     }
 }
 
@@ -XXX,XX +XXX,XX @@ static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list)
 
     /* remove the TB from the hash list */
     phys_pc = tb->page_addr[0];
-    h = tb_hash_func(phys_pc, tb->pc, tb->flags, orig_cflags,
+    h = tb_hash_func(phys_pc, tb_pc(tb), tb->flags, orig_cflags,
                      tb->trace_vcpu_dstate);
     if (!qht_remove(&tb_ctx.htable, tb, h)) {
         return;
@@ -XXX,XX +XXX,XX @@ tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
     }
 
     /* add in the hash table */
-    h = tb_hash_func(phys_pc, tb->pc, tb->flags, tb->cflags,
+    h = tb_hash_func(phys_pc, tb_pc(tb), tb->flags, tb->cflags,
                      tb->trace_vcpu_dstate);
     qht_insert(&tb_ctx.htable, tb, h, &existing_tb);
 
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
     tcg_ctx->cpu = NULL;
     max_insns = tb->icount;
 
-    trace_translate_block(tb, tb->pc, tb->tc.ptr);
+    trace_translate_block(tb, pc, tb->tc.ptr);
 
     /* generate machine code */
     tb->jmp_reset_offset[0] = TB_JMP_RESET_OFFSET_INVALID;
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
     ti = profile_getclock();
 #endif
 
-    gen_code_size = tcg_gen_code(tcg_ctx, tb);
+    gen_code_size = tcg_gen_code(tcg_ctx, tb, pc);
     if (unlikely(gen_code_size < 0)) {
  error_return:
         switch (gen_code_size) {
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
 
 #ifdef DEBUG_DISAS
     if (qemu_loglevel_mask(CPU_LOG_TB_OUT_ASM) &&
-        qemu_log_in_addr_range(tb->pc)) {
+        qemu_log_in_addr_range(pc)) {
         FILE *logfile = qemu_log_trylock();
         if (logfile) {
             int code_size, data_size;
@@ -XXX,XX +XXX,XX @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
      */
     cpu->cflags_next_tb = curr_cflags(cpu) | CF_MEMI_ONLY | CF_LAST_IO | n;
 
-    qemu_log_mask_and_addr(CPU_LOG_EXEC, tb->pc,
-                           "cpu_io_recompile: rewound execution of TB to "
-                           TARGET_FMT_lx "\n", tb->pc);
+    if (qemu_loglevel_mask(CPU_LOG_EXEC)) {
+        target_ulong pc = log_pc(cpu, tb);
+        if (qemu_log_in_addr_range(pc)) {
+            qemu_log("cpu_io_recompile: rewound execution of TB to "
+                     TARGET_FMT_lx "\n", pc);
+        }
+    }
 
     cpu_loop_exit_noexc(cpu);
 }
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -XXX,XX +XXX,XX @@ void arm_cpu_synchronize_from_tb(CPUState *cs,
      * never possible for an AArch64 TB to chain to an AArch32 TB.
      */
     if (is_a64(env)) {
-        env->pc = tb->pc;
+        env->pc = tb_pc(tb);
     } else {
-        env->regs[15] = tb->pc;
+        env->regs[15] = tb_pc(tb);
     }
 }
 #endif /* CONFIG_TCG */
diff --git a/target/avr/cpu.c b/target/avr/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/avr/cpu.c
+++ b/target/avr/cpu.c
@@ -XXX,XX +XXX,XX @@ static void avr_cpu_synchronize_from_tb(CPUState *cs,
     AVRCPU *cpu = AVR_CPU(cs);
     CPUAVRState *env = &cpu->env;
 
-    env->pc_w = tb->pc / 2; /* internally PC points to words */
+    env->pc_w = tb_pc(tb) / 2; /* internally PC points to words */
 }
 
 static void avr_cpu_reset(DeviceState *ds)
diff --git a/target/hexagon/cpu.c b/target/hexagon/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/hexagon/cpu.c
+++ b/target/hexagon/cpu.c
@@ -XXX,XX +XXX,XX @@ static void hexagon_cpu_synchronize_from_tb(CPUState *cs,
 {
     HexagonCPU *cpu = HEXAGON_CPU(cs);
     CPUHexagonState *env = &cpu->env;
-    env->gpr[HEX_REG_PC] = tb->pc;
+    env->gpr[HEX_REG_PC] = tb_pc(tb);
 }
 
 static bool hexagon_cpu_has_work(CPUState *cs)
diff --git a/target/hppa/cpu.c b/target/hppa/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/hppa/cpu.c
+++ b/target/hppa/cpu.c
@@ -XXX,XX +XXX,XX @@ static void hppa_cpu_synchronize_from_tb(CPUState *cs,
     HPPACPU *cpu = HPPA_CPU(cs);
 
 #ifdef CONFIG_USER_ONLY
-    cpu->env.iaoq_f = tb->pc;
+    cpu->env.iaoq_f = tb_pc(tb);
     cpu->env.iaoq_b = tb->cs_base;
 #else
     /* Recover the IAOQ values from the GVA + PRIV.  */
@@ -XXX,XX +XXX,XX @@ static void hppa_cpu_synchronize_from_tb(CPUState *cs,
     int32_t diff = cs_base;
 
     cpu->env.iasq_f = iasq_f;
-    cpu->env.iaoq_f = (tb->pc & ~iasq_f) + priv;
+    cpu->env.iaoq_f = (tb_pc(tb) & ~iasq_f) + priv;
     if (diff) {
         cpu->env.iaoq_b = cpu->env.iaoq_f + diff;
     }
diff --git a/target/i386/tcg/tcg-cpu.c b/target/i386/tcg/tcg-cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/tcg/tcg-cpu.c
+++ b/target/i386/tcg/tcg-cpu.c
@@ -XXX,XX +XXX,XX @@ static void x86_cpu_synchronize_from_tb(CPUState *cs,
 {
     X86CPU *cpu = X86_CPU(cs);
 
-    cpu->env.eip = tb->pc - tb->cs_base;
+    cpu->env.eip = tb_pc(tb) - tb->cs_base;
 }
 
 #ifndef CONFIG_USER_ONLY
diff --git a/target/loongarch/cpu.c b/target/loongarch/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/loongarch/cpu.c
+++ b/target/loongarch/cpu.c
@@ -XXX,XX +XXX,XX @@ static void loongarch_cpu_synchronize_from_tb(CPUState *cs,
     LoongArchCPU *cpu = LOONGARCH_CPU(cs);
     CPULoongArchState *env = &cpu->env;
 
-    env->pc = tb->pc;
+    env->pc = tb_pc(tb);
 }
 #endif /* CONFIG_TCG */
 
diff --git a/target/microblaze/cpu.c b/target/microblaze/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/microblaze/cpu.c
+++ b/target/microblaze/cpu.c
@@ -XXX,XX +XXX,XX @@ static void mb_cpu_synchronize_from_tb(CPUState *cs,
 {
     MicroBlazeCPU *cpu = MICROBLAZE_CPU(cs);
 
-    cpu->env.pc = tb->pc;
+    cpu->env.pc = tb_pc(tb);
     cpu->env.iflags = tb->flags & IFLAGS_TB_MASK;
 }
 
diff --git a/target/mips/tcg/exception.c b/target/mips/tcg/exception.c
index XXXXXXX..XXXXXXX 100644
--- a/target/mips/tcg/exception.c
+++ b/target/mips/tcg/exception.c
@@ -XXX,XX +XXX,XX @@ void mips_cpu_synchronize_from_tb(CPUState *cs, const TranslationBlock *tb)
     MIPSCPU *cpu = MIPS_CPU(cs);
     CPUMIPSState *env = &cpu->env;
 
-    env->active_tc.PC = tb->pc;
+    env->active_tc.PC = tb_pc(tb);
     env->hflags &= ~MIPS_HFLAG_BMASK;
     env->hflags |= tb->flags & MIPS_HFLAG_BMASK;
 }
diff --git a/target/mips/tcg/sysemu/special_helper.c b/target/mips/tcg/sysemu/special_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/mips/tcg/sysemu/special_helper.c
+++ b/target/mips/tcg/sysemu/special_helper.c
@@ -XXX,XX +XXX,XX @@ bool mips_io_recompile_replay_branch(CPUState *cs, const TranslationBlock *tb)
     CPUMIPSState *env = &cpu->env;
 
     if ((env->hflags & MIPS_HFLAG_BMASK) != 0
-        && env->active_tc.PC != tb->pc) {
+        && env->active_tc.PC != tb_pc(tb)) {
         env->active_tc.PC -= (env->hflags & MIPS_HFLAG_B16 ? 2 : 4);
         env->hflags &= ~MIPS_HFLAG_BMASK;
         return true;
diff --git a/target/openrisc/cpu.c b/target/openrisc/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/openrisc/cpu.c
+++ b/target/openrisc/cpu.c
@@ -XXX,XX +XXX,XX @@ static void openrisc_cpu_synchronize_from_tb(CPUState *cs,
 {
     OpenRISCCPU *cpu = OPENRISC_CPU(cs);
 
-    cpu->env.pc = tb->pc;
+    cpu->env.pc = tb_pc(tb);
 }
 
 
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -XXX,XX +XXX,XX @@ static void riscv_cpu_synchronize_from_tb(CPUState *cs,
     RISCVMXL xl = FIELD_EX32(tb->flags, TB_FLAGS, XL);
 
     if (xl == MXL_RV32) {
-        env->pc = (int32_t)tb->pc;
+        env->pc = (int32_t)tb_pc(tb);
     } else {
-        env->pc = tb->pc;
+        env->pc = tb_pc(tb);
     }
 }
 
diff --git a/target/rx/cpu.c b/target/rx/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/rx/cpu.c
+++ b/target/rx/cpu.c
@@ -XXX,XX +XXX,XX @@ static void rx_cpu_synchronize_from_tb(CPUState *cs,
 {
     RXCPU *cpu = RX_CPU(cs);
 
-    cpu->env.pc = tb->pc;
+    cpu->env.pc = tb_pc(tb);
 }
 
 static bool rx_cpu_has_work(CPUState *cs)
diff --git a/target/sh4/cpu.c b/target/sh4/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sh4/cpu.c
+++ b/target/sh4/cpu.c
@@ -XXX,XX +XXX,XX @@ static void superh_cpu_synchronize_from_tb(CPUState *cs,
 {
     SuperHCPU *cpu = SUPERH_CPU(cs);
 
-    cpu->env.pc = tb->pc;
+    cpu->env.pc = tb_pc(tb);
     cpu->env.flags = tb->flags & TB_FLAG_ENVFLAGS_MASK;
 }
 
@@ -XXX,XX +XXX,XX @@ static bool superh_io_recompile_replay_branch(CPUState *cs,
     CPUSH4State *env = &cpu->env;
 
     if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
-        && env->pc != tb->pc) {
+        && env->pc != tb_pc(tb)) {
         env->pc -= 2;
         env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
         return true;
diff --git a/target/sparc/cpu.c b/target/sparc/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sparc/cpu.c
+++ b/target/sparc/cpu.c
@@ -XXX,XX +XXX,XX @@ static void sparc_cpu_synchronize_from_tb(CPUState *cs,
 {
     SPARCCPU *cpu = SPARC_CPU(cs);
 
-    cpu->env.pc = tb->pc;
+    cpu->env.pc = tb_pc(tb);
     cpu->env.npc = tb->cs_base;
 }
 
diff --git a/target/tricore/cpu.c b/target/tricore/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/tricore/cpu.c
+++ b/target/tricore/cpu.c
@@ -XXX,XX +XXX,XX @@ static void tricore_cpu_synchronize_from_tb(CPUState *cs,
     TriCoreCPU *cpu = TRICORE_CPU(cs);
     CPUTriCoreState *env = &cpu->env;
 
-    env->PC = tb->pc;
+    env->PC = tb_pc(tb);
 }
 
 static void tricore_cpu_reset(DeviceState *dev)
diff --git a/tcg/tcg.c b/tcg/tcg.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -XXX,XX +XXX,XX @@ int64_t tcg_cpu_exec_time(void)
 #endif
 
 
-int tcg_gen_code(TCGContext *s, TranslationBlock *tb)
+int tcg_gen_code(TCGContext *s, TranslationBlock *tb, target_ulong pc_start)
 {
 #ifdef CONFIG_PROFILER
     TCGProfile *prof = &s->prof;
@@ -XXX,XX +XXX,XX @@ int tcg_gen_code(TCGContext *s, TranslationBlock *tb)
 
 #ifdef DEBUG_DISAS
     if (unlikely(qemu_loglevel_mask(CPU_LOG_TB_OP)
-                 && qemu_log_in_addr_range(tb->pc))) {
+                 && qemu_log_in_addr_range(pc_start))) {
         FILE *logfile = qemu_log_trylock();
         if (logfile) {
             fprintf(logfile, "OP:\n");
@@ -XXX,XX +XXX,XX @@ int tcg_gen_code(TCGContext *s, TranslationBlock *tb)
     if (s->nb_indirects > 0) {
 #ifdef DEBUG_DISAS
         if (unlikely(qemu_loglevel_mask(CPU_LOG_TB_OP_IND)
-                     && qemu_log_in_addr_range(tb->pc))) {
+                     && qemu_log_in_addr_range(pc_start))) {
             FILE *logfile = qemu_log_trylock();
             if (logfile) {
                 fprintf(logfile, "OP before indirect lowering:\n");
@@ -XXX,XX +XXX,XX @@ int tcg_gen_code(TCGContext *s, TranslationBlock *tb)
 
 #ifdef DEBUG_DISAS
     if (unlikely(qemu_loglevel_mask(CPU_LOG_TB_OP_OPT)
-                 && qemu_log_in_addr_range(tb->pc))) {
+                 && qemu_log_in_addr_range(pc_start))) {
         FILE *logfile = qemu_log_trylock();
         if (logfile) {
             fprintf(logfile, "OP after optimization and liveness analysis:\n");
-- 
2.34.1

Prepare for targets to be able to produce TBs that can
run in more than one virtual context.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/internal.h      |  4 +++
 accel/tcg/tb-jmp-cache.h  | 41 +++++++++++++++++++++++++
 include/exec/cpu-defs.h   |  3 ++
 include/exec/exec-all.h   | 32 ++++++++++++++++++--
 accel/tcg/cpu-exec.c      | 16 ++++++----
 accel/tcg/translate-all.c | 64 ++++++++++++++++++++++++++-------------
 6 files changed, 131 insertions(+), 29 deletions(-)

diff --git a/accel/tcg/internal.h b/accel/tcg/internal.h
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/internal.h
+++ b/accel/tcg/internal.h
@@ -XXX,XX +XXX,XX @@ void tb_htable_init(void);
 /* Return the current PC from CPU, which may be cached in TB. */
 static inline target_ulong log_pc(CPUState *cpu, const TranslationBlock *tb)
 {
+#if TARGET_TB_PCREL
+    return cpu->cc->get_pc(cpu);
+#else
     return tb_pc(tb);
+#endif
 }
 
 #endif /* ACCEL_TCG_INTERNAL_H */
diff --git a/accel/tcg/tb-jmp-cache.h b/accel/tcg/tb-jmp-cache.h
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/tb-jmp-cache.h
+++ b/accel/tcg/tb-jmp-cache.h
@@ -XXX,XX +XXX,XX @@
 
 /*
  * Accessed in parallel; all accesses to 'tb' must be atomic.
+ * For TARGET_TB_PCREL, accesses to 'pc' must be protected by
+ * a load_acquire/store_release to 'tb'.
  */
 struct CPUJumpCache {
     struct {
         TranslationBlock *tb;
+#if TARGET_TB_PCREL
+        target_ulong pc;
+#endif
     } array[TB_JMP_CACHE_SIZE];
 };
 
+static inline TranslationBlock *
+tb_jmp_cache_get_tb(CPUJumpCache *jc, uint32_t hash)
+{
+#if TARGET_TB_PCREL
+    /* Use acquire to ensure current load of pc from jc. */
+    return qatomic_load_acquire(&jc->array[hash].tb);
+#else
+    /* Use rcu_read to ensure current load of pc from *tb. */
+    return qatomic_rcu_read(&jc->array[hash].tb);
+#endif
+}
+
+static inline target_ulong
+tb_jmp_cache_get_pc(CPUJumpCache *jc, uint32_t hash, TranslationBlock *tb)
+{
+#if TARGET_TB_PCREL
+    return jc->array[hash].pc;
+#else
+    return tb_pc(tb);
+#endif
+}
+
+static inline void
+tb_jmp_cache_set(CPUJumpCache *jc, uint32_t hash,
+                 TranslationBlock *tb, target_ulong pc)
+{
+#if TARGET_TB_PCREL
+    jc->array[hash].pc = pc;
+    /* Use store_release on tb to ensure pc is written first. */
+    qatomic_store_release(&jc->array[hash].tb, tb);
+#else
+    /* Use the pc value already stored in tb->pc. */
+    qatomic_set(&jc->array[hash].tb, tb);
+#endif
+}
+
 #endif /* ACCEL_TCG_TB_JMP_CACHE_H */
diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/cpu-defs.h
+++ b/include/exec/cpu-defs.h
@@ -XXX,XX +XXX,XX @@
 #  error TARGET_PAGE_BITS must be defined in cpu-param.h
 # endif
 #endif
+#ifndef TARGET_TB_PCREL
+# define TARGET_TB_PCREL 0
+#endif
 
 #define TARGET_LONG_SIZE (TARGET_LONG_BITS / 8)
 
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -XXX,XX +XXX,XX @@ struct tb_tc {
 };
 
 struct TranslationBlock {
-    target_ulong pc;   /* simulated PC corresponding to this block (EIP + CS base) */
-    target_ulong cs_base; /* CS base for this block */
+#if !TARGET_TB_PCREL
+    /*
+     * Guest PC corresponding to this block.  This must be the true
+     * virtual address.  Therefore e.g. x86 stores EIP + CS_BASE, and
+     * targets like Arm, MIPS, HP-PA, which reuse low bits for ISA or
+     * privilege, must store those bits elsewhere.
+     *
+     * If TARGET_TB_PCREL, the opcodes for the TranslationBlock are
+     * written such that the TB is associated only with the physical
+     * page and may be run in any virtual address context.  In this case,
+     * PC must always be taken from ENV in a target-specific manner.
+     * Unwind information is taken as offsets from the page, to be
+     * deposited into the "current" PC.
+     */
+    target_ulong pc;
+#endif
+
+    /*
+     * Target-specific data associated with the TranslationBlock, e.g.:
+     * x86: the original user, the Code Segment virtual base,
+     * arm: an extension of tb->flags,
+     * s390x: instruction data for EXECUTE,
+     * sparc: the next pc of the instruction queue (for delay slots).
+     */
+    target_ulong cs_base;
+
     uint32_t flags; /* flags defining in which context the code was generated */
     uint32_t cflags;    /* compile flags */
 
@@ -XXX,XX +XXX,XX @@ struct TranslationBlock {
 /* Hide the read to avoid ifdefs for TARGET_TB_PCREL. */
 static inline target_ulong tb_pc(const TranslationBlock *tb)
 {
+#if TARGET_TB_PCREL
+    qemu_build_not_reached();
+#else
     return tb->pc;
+#endif
 }
 
 /* Hide the qatomic_read to make code a little easier on the eyes */
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -XXX,XX +XXX,XX @@ static bool tb_lookup_cmp(const void *p, const void *d)
     const TranslationBlock *tb = p;
     const struct tb_desc *desc = d;
 
-    if (tb_pc(tb) == desc->pc &&
+    if ((TARGET_TB_PCREL || tb_pc(tb) == desc->pc) &&
         tb->page_addr[0] == desc->page_addr0 &&
         tb->cs_base == desc->cs_base &&
         tb->flags == desc->flags &&
@@ -XXX,XX +XXX,XX @@ static TranslationBlock *tb_htable_lookup(CPUState *cpu, target_ulong pc,
         return NULL;
     }
     desc.page_addr0 = phys_pc;
-    h = tb_hash_func(phys_pc, pc, flags, cflags, *cpu->trace_dstate);
+    h = tb_hash_func(phys_pc, (TARGET_TB_PCREL ? 0 : pc),
+                     flags, cflags, *cpu->trace_dstate);
     return qht_lookup_custom(&tb_ctx.htable, &desc, h, tb_lookup_cmp);
 }
 
@@ -XXX,XX +XXX,XX @@ static inline TranslationBlock *tb_lookup(CPUState *cpu, target_ulong pc,
                                           uint32_t flags, uint32_t cflags)
 {
     TranslationBlock *tb;
+    CPUJumpCache *jc;
     uint32_t hash;
 
     /* we should never be trying to look up an INVALID tb */
     tcg_debug_assert(!(cflags & CF_INVALID));
 
     hash = tb_jmp_cache_hash_func(pc);
-    tb = qatomic_rcu_read(&cpu->tb_jmp_cache->array[hash].tb);
+    jc = cpu->tb_jmp_cache;
+    tb = tb_jmp_cache_get_tb(jc, hash);
 
     if (likely(tb &&
-               tb->pc == pc &&
+               tb_jmp_cache_get_pc(jc, hash, tb) == pc &&
                tb->cs_base == cs_base &&
                tb->flags == flags &&
                tb->trace_vcpu_dstate == *cpu->trace_dstate &&
@@ -XXX,XX +XXX,XX @@ static inline TranslationBlock *tb_lookup(CPUState *cpu, target_ulong pc,
     if (tb == NULL) {
         return NULL;
     }
-    qatomic_set(&cpu->tb_jmp_cache->array[hash].tb, tb);
+    tb_jmp_cache_set(jc, hash, tb, pc);
     return tb;
 }
 
@@ -XXX,XX +XXX,XX @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit)
         if (cc->tcg_ops->synchronize_from_tb) {
             cc->tcg_ops->synchronize_from_tb(cpu, last_tb);
         } else {
+            assert(!TARGET_TB_PCREL);
             assert(cc->set_pc);
             cc->set_pc(cpu, tb_pc(last_tb));
         }
@@ -XXX,XX +XXX,XX @@ int cpu_exec(CPUState *cpu)
                  * for the fast lookup
                  */
                 h = tb_jmp_cache_hash_func(pc);
-                qatomic_set(&cpu->tb_jmp_cache->array[h].tb, tb);
+                tb_jmp_cache_set(cpu->tb_jmp_cache, h, tb, pc);
             }
 
 #ifndef CONFIG_USER_ONLY
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ static int encode_search(TranslationBlock *tb, uint8_t *block)
 
         for (j = 0; j < TARGET_INSN_START_WORDS; ++j) {
             if (i == 0) {
-                prev = (j == 0 ? tb_pc(tb) : 0);
+                prev = (!TARGET_TB_PCREL && j == 0 ? tb_pc(tb) : 0);
             } else {
                 prev = tcg_ctx->gen_insn_data[i - 1][j];
             }
@@ -XXX,XX +XXX,XX @@ static int encode_search(TranslationBlock *tb, uint8_t *block)
 static int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
                                      uintptr_t searched_pc, bool reset_icount)
 {
-    target_ulong data[TARGET_INSN_START_WORDS] = { tb_pc(tb) };
+    target_ulong data[TARGET_INSN_START_WORDS];
     uintptr_t host_pc = (uintptr_t)tb->tc.ptr;
     CPUArchState *env = cpu->env_ptr;
     const uint8_t *p = tb->tc.ptr + tb->tc.size;
@@ -XXX,XX +XXX,XX @@ static int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
         return -1;
     }
 
+    memset(data, 0, sizeof(data));
+    if (!TARGET_TB_PCREL) {
+        data[0] = tb_pc(tb);
+    }
+
     /* Reconstruct the stored insn data while looking for the point at
        which the end of the insn exceeds the searched_pc.  */
     for (i = 0; i < num_insns; ++i) {
@@ -XXX,XX +XXX,XX @@ static bool tb_cmp(const void *ap, const void *bp)
     const TranslationBlock *a = ap;
     const TranslationBlock *b = bp;
 
-    return tb_pc(a) == tb_pc(b) &&
-        a->cs_base == b->cs_base &&
-        a->flags == b->flags &&
-        (tb_cflags(a) & ~CF_INVALID) == (tb_cflags(b) & ~CF_INVALID) &&
-        a->trace_vcpu_dstate == b->trace_vcpu_dstate &&
-        a->page_addr[0] == b->page_addr[0] &&
-        a->page_addr[1] == b->page_addr[1];
+    return ((TARGET_TB_PCREL || tb_pc(a) == tb_pc(b)) &&
+            a->cs_base == b->cs_base &&
+            a->flags == b->flags &&
+            (tb_cflags(a) & ~CF_INVALID) == (tb_cflags(b) & ~CF_INVALID) &&
+            a->trace_vcpu_dstate == b->trace_vcpu_dstate &&
+            a->page_addr[0] == b->page_addr[0] &&
+            a->page_addr[1] == b->page_addr[1]);
 }
 
 void tb_htable_init(void)
@@ -XXX,XX +XXX,XX @@ static inline void tb_jmp_unlink(TranslationBlock *dest)
     qemu_spin_unlock(&dest->jmp_lock);
 }
 
+static void tb_jmp_cache_inval_tb(TranslationBlock *tb)
+{
+    CPUState *cpu;
+
+    if (TARGET_TB_PCREL) {
+        /* A TB may be at any virtual address */
+        CPU_FOREACH(cpu) {
+            tcg_flush_jmp_cache(cpu);
+        }
+    } else {
+        uint32_t h = tb_jmp_cache_hash_func(tb_pc(tb));
+
+        CPU_FOREACH(cpu) {
+            CPUJumpCache *jc = cpu->tb_jmp_cache;
+
+            if (qatomic_read(&jc->array[h].tb) == tb) {
+                qatomic_set(&jc->array[h].tb, NULL);
+            }
+        }
+    }
+}
+
 /*
  * In user-mode, call with mmap_lock held.
  * In !user-mode, if @rm_from_page_list is set, call with the TB's pages'
@@ -XXX,XX +XXX,XX @@ static inline void tb_jmp_unlink(TranslationBlock *dest)
  */
 static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list)
 {
-    CPUState *cpu;
     PageDesc *p;
     uint32_t h;
     tb_page_addr_t phys_pc;
@@ -XXX,XX +XXX,XX @@ static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list)
 
     /* remove the TB from the hash list */
     phys_pc = tb->page_addr[0];
-    h = tb_hash_func(phys_pc, tb_pc(tb), tb->flags, orig_cflags,
-                     tb->trace_vcpu_dstate);
+    h = tb_hash_func(phys_pc, (TARGET_TB_PCREL ? 0 : tb_pc(tb)),
+                     tb->flags, orig_cflags, tb->trace_vcpu_dstate);
     if (!qht_remove(&tb_ctx.htable, tb, h)) {
         return;
     }
@@ -XXX,XX +XXX,XX @@ static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list)
     }
 
     /* remove the TB from the hash list */
-    h = tb_jmp_cache_hash_func(tb->pc);
-    CPU_FOREACH(cpu) {
-        CPUJumpCache *jc = cpu->tb_jmp_cache;
-        if (qatomic_read(&jc->array[h].tb) == tb) {
-            qatomic_set(&jc->array[h].tb, NULL);
-        }
-    }
+    tb_jmp_cache_inval_tb(tb);
 
     /* suppress this TB from the two jump lists */
     tb_remove_from_jmp_list(tb, 0);
@@ -XXX,XX +XXX,XX @@ tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
     }
 
     /* add in the hash table */
-    h = tb_hash_func(phys_pc, tb_pc(tb), tb->flags, tb->cflags,
-                     tb->trace_vcpu_dstate);
+    h = tb_hash_func(phys_pc, (TARGET_TB_PCREL ? 0 : tb_pc(tb)),
+                     tb->flags, tb->cflags, tb->trace_vcpu_dstate);
     qht_insert(&tb_ctx.htable, tb, h, &existing_tb);
 
     /* remove TB from the page(s) if we couldn't insert it */
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
 
     gen_code_buf = tcg_ctx->code_gen_ptr;
     tb->tc.ptr = tcg_splitwx_to_rx(gen_code_buf);
+#if !TARGET_TB_PCREL
     tb->pc = pc;
+#endif
     tb->cs_base = cs_base;
     tb->flags = flags;
     tb->cflags = cflags;
-- 
2.34.1

From: Leandro Lupori <leandro.lupori@eldorado.org.br>

PowerPC64 processors handle direct branches better than indirect
ones, resulting in less stalled cycles and branch misses.

However, PPC's tb_target_set_jmp_target() was only using direct
branches for 16-bit jumps, while PowerPC64's unconditional branch
instructions are able to handle displacements of up to 26 bits.
To take advantage of this, now jumps whose displacements fit in
between 17 and 26 bits are also converted to direct branches.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
[rth: Expanded some commentary.]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/ppc/tcg-target.c.inc | 119 +++++++++++++++++++++++++++++----------
 1 file changed, 88 insertions(+), 31 deletions(-)

diff --git a/tcg/ppc/tcg-target.c.inc b/tcg/ppc/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/ppc/tcg-target.c.inc
+++ b/tcg/ppc/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static void tcg_out_mb(TCGContext *s, TCGArg a0)
     tcg_out32(s, insn);
 }
 
+static inline uint64_t make_pair(tcg_insn_unit i1, tcg_insn_unit i2)
+{
+    if (HOST_BIG_ENDIAN) {
+        return (uint64_t)i1 << 32 | i2;
+    }
+    return (uint64_t)i2 << 32 | i1;
+}
+
+static inline void ppc64_replace2(uintptr_t rx, uintptr_t rw,
+                                  tcg_insn_unit i0, tcg_insn_unit i1)
+{
+#if TCG_TARGET_REG_BITS == 64
+    qatomic_set((uint64_t *)rw, make_pair(i0, i1));
+    flush_idcache_range(rx, rw, 8);
+#else
+    qemu_build_not_reached();
+#endif
+}
+
+static inline void ppc64_replace4(uintptr_t rx, uintptr_t rw,
+                                  tcg_insn_unit i0, tcg_insn_unit i1,
+                                  tcg_insn_unit i2, tcg_insn_unit i3)
+{
+    uint64_t p[2];
+
+    p[!HOST_BIG_ENDIAN] = make_pair(i0, i1);
+    p[HOST_BIG_ENDIAN] = make_pair(i2, i3);
+
+    /*
+     * There's no convenient way to get the compiler to allocate a pair
+     * of registers at an even index, so copy into r6/r7 and clobber.
+     */
+    asm("mr  %%r6, %1\n\t"
+        "mr  %%r7, %2\n\t"
+        "stq %%r6, %0"
+        : "=Q"(*(__int128 *)rw) : "r"(p[0]), "r"(p[1]) : "r6", "r7");
+    flush_idcache_range(rx, rw, 16);
+}
+
 void tb_target_set_jmp_target(uintptr_t tc_ptr, uintptr_t jmp_rx,
                               uintptr_t jmp_rw, uintptr_t addr)
 {
-    if (TCG_TARGET_REG_BITS == 64) {
-        tcg_insn_unit i1, i2;
-        intptr_t tb_diff = addr - tc_ptr;
-        intptr_t br_diff = addr - (jmp_rx + 4);
-        uint64_t pair;
+    tcg_insn_unit i0, i1, i2, i3;
+    intptr_t tb_diff = addr - tc_ptr;
+    intptr_t br_diff = addr - (jmp_rx + 4);
+    intptr_t lo, hi;
 
-        /* This does not exercise the range of the branch, but we do
-           still need to be able to load the new value of TCG_REG_TB.
-           But this does still happen quite often.  */
-        if (tb_diff == (int16_t)tb_diff) {
-            i1 = ADDI | TAI(TCG_REG_TB, TCG_REG_TB, tb_diff);
-            i2 = B | (br_diff & 0x3fffffc);
-        } else {
-            intptr_t lo = (int16_t)tb_diff;
-            intptr_t hi = (int32_t)(tb_diff - lo);
-            assert(tb_diff == hi + lo);
-            i1 = ADDIS | TAI(TCG_REG_TB, TCG_REG_TB, hi >> 16);
-            i2 = ADDI | TAI(TCG_REG_TB, TCG_REG_TB, lo);
-        }
-#if HOST_BIG_ENDIAN
-        pair = (uint64_t)i1 << 32 | i2;
-#else
-        pair = (uint64_t)i2 << 32 | i1;
-#endif
-
-        /* As per the enclosing if, this is ppc64.  Avoid the _Static_assert
-           within qatomic_set that would fail to build a ppc32 host.  */
-        qatomic_set__nocheck((uint64_t *)jmp_rw, pair);
-        flush_idcache_range(jmp_rx, jmp_rw, 8);
-    } else {
+    if (TCG_TARGET_REG_BITS == 32) {
         intptr_t diff = addr - jmp_rx;
         tcg_debug_assert(in_range_b(diff));
         qatomic_set((uint32_t *)jmp_rw, B | (diff & 0x3fffffc));
         flush_idcache_range(jmp_rx, jmp_rw, 4);
+        return;
     }
+
+    /*
+     * For 16-bit displacements, we can use a single add + branch.
+     * This happens quite often.
+     */
+    if (tb_diff == (int16_t)tb_diff) {
+        i0 = ADDI | TAI(TCG_REG_TB, TCG_REG_TB, tb_diff);
+        i1 = B | (br_diff & 0x3fffffc);
+        ppc64_replace2(jmp_rx, jmp_rw, i0, i1);
+        return;
+    }
+
+    lo = (int16_t)tb_diff;
+    hi = (int32_t)(tb_diff - lo);
+    assert(tb_diff == hi + lo);
+    i0 = ADDIS | TAI(TCG_REG_TB, TCG_REG_TB, hi >> 16);
+    i1 = ADDI | TAI(TCG_REG_TB, TCG_REG_TB, lo);
+
+    /*
+     * Without stq from 2.07, we can only update two insns,
+     * and those must be the ones that load the target address.
+     */
+    if (!have_isa_2_07) {
+        ppc64_replace2(jmp_rx, jmp_rw, i0, i1);
+        return;
+    }
+
+    /*
+     * For 26-bit displacements, we can use a direct branch.
+     * Otherwise we still need the indirect branch, which we
+     * must restore after a potential direct branch write.
+     */
+    br_diff -= 4;
+    if (in_range_b(br_diff)) {
+        i2 = B | (br_diff & 0x3fffffc);
+        i3 = NOP;
+    } else {
+        i2 = MTSPR | RS(TCG_REG_TB) | CTR;
+        i3 = BCCTR | BO_ALWAYS;
+    }
+    ppc64_replace4(jmp_rx, jmp_rw, i0, i1, i2, i3);
 }
 
 static void tcg_out_call_int(TCGContext *s, int lk,
@@ -XXX,XX +XXX,XX @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
         if (s->tb_jmp_insn_offset) {
             /* Direct jump. */
             if (TCG_TARGET_REG_BITS == 64) {
-                /* Ensure the next insns are 8-byte aligned. */
-                if ((uintptr_t)s->code_ptr & 7) {
+                /* Ensure the next insns are 8 or 16-byte aligned. */
+                while ((uintptr_t)s->code_ptr & (have_isa_2_07 ? 15 : 7)) {
                     tcg_out32(s, NOP);
                 }
                 s->tb_jmp_insn_offset[args[0]] = tcg_current_code_size(s);
-- 
2.34.1

The value previously chosen overlaps GUSA_MASK.

Rename all DELAY_SLOT_* and GUSA_* defines to emphasize
that they are included in TB_FLAGs.  Add aliases for the
FPSCR and SR bits that are included in TB_FLAGS, so that
we don't accidentally reassign those bits.

Fixes: 4da06fb3062 ("target/sh4: Implement prctl_unalign_sigbus")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/856
Reviewed-by: Yoshinori Sato <ysato@users.sourceforge.jp>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/sh4/cpu.h        | 56 +++++++++++++------------
 linux-user/sh4/signal.c |  6 +--
 target/sh4/cpu.c        |  6 +--
 target/sh4/helper.c     |  6 +--
 target/sh4/translate.c  | 90 ++++++++++++++++++++++-------------------
 5 files changed, 88 insertions(+), 76 deletions(-)

diff --git a/target/sh4/cpu.h b/target/sh4/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/sh4/cpu.h
+++ b/target/sh4/cpu.h
@@ -XXX,XX +XXX,XX @@
 #define FPSCR_RM_NEAREST       (0 << 0)
 #define FPSCR_RM_ZERO          (1 << 0)
 
-#define DELAY_SLOT_MASK        0x7
-#define DELAY_SLOT             (1 << 0)
-#define DELAY_SLOT_CONDITIONAL (1 << 1)
-#define DELAY_SLOT_RTE         (1 << 2)
+#define TB_FLAG_DELAY_SLOT       (1 << 0)
+#define TB_FLAG_DELAY_SLOT_COND  (1 << 1)
+#define TB_FLAG_DELAY_SLOT_RTE   (1 << 2)
+#define TB_FLAG_PENDING_MOVCA    (1 << 3)
+#define TB_FLAG_GUSA_SHIFT       4                      /* [11:4] */
+#define TB_FLAG_GUSA_EXCLUSIVE   (1 << 12)
+#define TB_FLAG_UNALIGN          (1 << 13)
+#define TB_FLAG_SR_FD            (1 << SR_FD)           /* 15 */
+#define TB_FLAG_FPSCR_PR         FPSCR_PR               /* 19 */
+#define TB_FLAG_FPSCR_SZ         FPSCR_SZ               /* 20 */
+#define TB_FLAG_FPSCR_FR         FPSCR_FR               /* 21 */
+#define TB_FLAG_SR_RB            (1 << SR_RB)           /* 29 */
+#define TB_FLAG_SR_MD            (1 << SR_MD)           /* 30 */
 
-#define TB_FLAG_PENDING_MOVCA  (1 << 3)
-#define TB_FLAG_UNALIGN        (1 << 4)
-
-#define GUSA_SHIFT             4
-#ifdef CONFIG_USER_ONLY
-#define GUSA_EXCLUSIVE         (1 << 12)
-#define GUSA_MASK              ((0xff << GUSA_SHIFT) | GUSA_EXCLUSIVE)
-#else
-/* Provide dummy versions of the above to allow tests against tbflags
-   to be elided while avoiding ifdefs.  */
-#define GUSA_EXCLUSIVE         0
-#define GUSA_MASK              0
-#endif
-
-#define TB_FLAG_ENVFLAGS_MASK  (DELAY_SLOT_MASK | GUSA_MASK)
+#define TB_FLAG_DELAY_SLOT_MASK  (TB_FLAG_DELAY_SLOT |       \
+                                  TB_FLAG_DELAY_SLOT_COND |  \
+                                  TB_FLAG_DELAY_SLOT_RTE)
+#define TB_FLAG_GUSA_MASK        ((0xff << TB_FLAG_GUSA_SHIFT) | \
+                                  TB_FLAG_GUSA_EXCLUSIVE)
+#define TB_FLAG_FPSCR_MASK       (TB_FLAG_FPSCR_PR | \
+                                  TB_FLAG_FPSCR_SZ | \
+                                  TB_FLAG_FPSCR_FR)
+#define TB_FLAG_SR_MASK          (TB_FLAG_SR_FD | \
+                                  TB_FLAG_SR_RB | \
+                                  TB_FLAG_SR_MD)
+#define TB_FLAG_ENVFLAGS_MASK    (TB_FLAG_DELAY_SLOT_MASK | \
+                                  TB_FLAG_GUSA_MASK)
 
 typedef struct tlb_t {
     uint32_t vpn;		/* virtual page number */
@@ -XXX,XX +XXX,XX @@ static inline int cpu_mmu_index (CPUSH4State *env, bool ifetch)
 {
     /* The instruction in a RTE delay slot is fetched in privileged
        mode, but executed in user mode.  */
-    if (ifetch && (env->flags & DELAY_SLOT_RTE)) {
+    if (ifetch && (env->flags & TB_FLAG_DELAY_SLOT_RTE)) {
         return 0;
     } else {
         return (env->sr & (1u << SR_MD)) == 0 ? 1 : 0;
@@ -XXX,XX +XXX,XX @@ static inline void cpu_get_tb_cpu_state(CPUSH4State *env, target_ulong *pc,
 {
     *pc = env->pc;
     /* For a gUSA region, notice the end of the region.  */
-    *cs_base = env->flags & GUSA_MASK ? env->gregs[0] : 0;
-    *flags = env->flags /* TB_FLAG_ENVFLAGS_MASK: bits 0-2, 4-12 */
-            | (env->fpscr & (FPSCR_FR | FPSCR_SZ | FPSCR_PR))  /* Bits 19-21 */
-            | (env->sr & ((1u << SR_MD) | (1u << SR_RB)))      /* Bits 29-30 */
-            | (env->sr & (1u << SR_FD))                        /* Bit 15 */
+    *cs_base = env->flags & TB_FLAG_GUSA_MASK ? env->gregs[0] : 0;
+    *flags = env->flags
+            | (env->fpscr & TB_FLAG_FPSCR_MASK)
+            | (env->sr & TB_FLAG_SR_MASK)
             | (env->movcal_backup ? TB_FLAG_PENDING_MOVCA : 0); /* Bit 3 */
 #ifdef CONFIG_USER_ONLY
     *flags |= TB_FLAG_UNALIGN * !env_cpu(env)->prctl_unalign_sigbus;
diff --git a/linux-user/sh4/signal.c b/linux-user/sh4/signal.c
index XXXXXXX..XXXXXXX 100644
--- a/linux-user/sh4/signal.c
+++ b/linux-user/sh4/signal.c
@@ -XXX,XX +XXX,XX @@ static void restore_sigcontext(CPUSH4State *regs, struct target_sigcontext *sc)
     __get_user(regs->fpul, &sc->sc_fpul);
 
     regs->tra = -1;         /* disable syscall checks */
-    regs->flags &= ~(DELAY_SLOT_MASK | GUSA_MASK);
+    regs->flags = 0;
 }
 
 void setup_frame(int sig, struct target_sigaction *ka,
@@ -XXX,XX +XXX,XX @@ void setup_frame(int sig, struct target_sigaction *ka,
     regs->gregs[5] = 0;
     regs->gregs[6] = frame_addr += offsetof(typeof(*frame), sc);
     regs->pc = (unsigned long) ka->_sa_handler;
-    regs->flags &= ~(DELAY_SLOT_MASK | GUSA_MASK);
+    regs->flags &= ~(TB_FLAG_DELAY_SLOT_MASK | TB_FLAG_GUSA_MASK);
 
     unlock_user_struct(frame, frame_addr, 1);
     return;
@@ -XXX,XX +XXX,XX @@ void setup_rt_frame(int sig, struct target_sigaction *ka,
     regs->gregs[5] = frame_addr + offsetof(typeof(*frame), info);
     regs->gregs[6] = frame_addr + offsetof(typeof(*frame), uc);
     regs->pc = (unsigned long) ka->_sa_handler;
-    regs->flags &= ~(DELAY_SLOT_MASK | GUSA_MASK);
+    regs->flags &= ~(TB_FLAG_DELAY_SLOT_MASK | TB_FLAG_GUSA_MASK);
 
     unlock_user_struct(frame, frame_addr, 1);
     return;
diff --git a/target/sh4/cpu.c b/target/sh4/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sh4/cpu.c
+++ b/target/sh4/cpu.c
@@ -XXX,XX +XXX,XX @@ static void superh_cpu_synchronize_from_tb(CPUState *cs,
     SuperHCPU *cpu = SUPERH_CPU(cs);
 
     cpu->env.pc = tb_pc(tb);
-    cpu->env.flags = tb->flags & TB_FLAG_ENVFLAGS_MASK;
+    cpu->env.flags = tb->flags;
 }
 
 #ifndef CONFIG_USER_ONLY
@@ -XXX,XX +XXX,XX @@ static bool superh_io_recompile_replay_branch(CPUState *cs,
     SuperHCPU *cpu = SUPERH_CPU(cs);
     CPUSH4State *env = &cpu->env;
 
-    if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
+    if ((env->flags & (TB_FLAG_DELAY_SLOT | TB_FLAG_DELAY_SLOT_COND))
         && env->pc != tb_pc(tb)) {
         env->pc -= 2;
-        env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
+        env->flags &= ~(TB_FLAG_DELAY_SLOT | TB_FLAG_DELAY_SLOT_COND);
         return true;
     }
     return false;
diff --git a/target/sh4/helper.c b/target/sh4/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sh4/helper.c
+++ b/target/sh4/helper.c
@@ -XXX,XX +XXX,XX @@ void superh_cpu_do_interrupt(CPUState *cs)
     env->sr |= (1u << SR_BL) | (1u << SR_MD) | (1u << SR_RB);
     env->lock_addr = -1;
 
-    if (env->flags & DELAY_SLOT_MASK) {
+    if (env->flags & TB_FLAG_DELAY_SLOT_MASK) {
         /* Branch instruction should be executed again before delay slot. */
 	env->spc -= 2;
 	/* Clear flags for exception/interrupt routine. */
-        env->flags &= ~DELAY_SLOT_MASK;
+        env->flags &= ~TB_FLAG_DELAY_SLOT_MASK;
     }
 
     if (do_exp) {
@@ -XXX,XX +XXX,XX @@ bool superh_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
         CPUSH4State *env = &cpu->env;
 
         /* Delay slots are indivisible, ignore interrupts */
-        if (env->flags & DELAY_SLOT_MASK) {
+        if (env->flags & TB_FLAG_DELAY_SLOT_MASK) {
             return false;
         } else {
             superh_cpu_do_interrupt(cs);
diff --git a/target/sh4/translate.c b/target/sh4/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sh4/translate.c
+++ b/target/sh4/translate.c
@@ -XXX,XX +XXX,XX @@ void superh_cpu_dump_state(CPUState *cs, FILE *f, int flags)
 		    i, env->gregs[i], i + 1, env->gregs[i + 1],
 		    i + 2, env->gregs[i + 2], i + 3, env->gregs[i + 3]);
     }
-    if (env->flags & DELAY_SLOT) {
+    if (env->flags & TB_FLAG_DELAY_SLOT) {
         qemu_printf("in delay slot (delayed_pc=0x%08x)\n",
 		    env->delayed_pc);
-    } else if (env->flags & DELAY_SLOT_CONDITIONAL) {
+    } else if (env->flags & TB_FLAG_DELAY_SLOT_COND) {
         qemu_printf("in conditional delay slot (delayed_pc=0x%08x)\n",
 		    env->delayed_pc);
-    } else if (env->flags & DELAY_SLOT_RTE) {
+    } else if (env->flags & TB_FLAG_DELAY_SLOT_RTE) {
         qemu_fprintf(f, "in rte delay slot (delayed_pc=0x%08x)\n",
                      env->delayed_pc);
     }
@@ -XXX,XX +XXX,XX @@ static inline void gen_save_cpu_state(DisasContext *ctx, bool save_pc)
 
 static inline bool use_exit_tb(DisasContext *ctx)
 {
-    return (ctx->tbflags & GUSA_EXCLUSIVE) != 0;
+    return (ctx->tbflags & TB_FLAG_GUSA_EXCLUSIVE) != 0;
 }
 
 static bool use_goto_tb(DisasContext *ctx, target_ulong dest)
@@ -XXX,XX +XXX,XX @@ static void gen_conditional_jump(DisasContext *ctx, target_ulong dest,
     TCGLabel *l1 = gen_new_label();
     TCGCond cond_not_taken = jump_if_true ? TCG_COND_EQ : TCG_COND_NE;
 
-    if (ctx->tbflags & GUSA_EXCLUSIVE) {
+    if (ctx->tbflags & TB_FLAG_GUSA_EXCLUSIVE) {
         /* When in an exclusive region, we must continue to the end.
            Therefore, exit the region on a taken branch, but otherwise
            fall through to the next instruction.  */
         tcg_gen_brcondi_i32(cond_not_taken, cpu_sr_t, 0, l1);
-        tcg_gen_movi_i32(cpu_flags, ctx->envflags & ~GUSA_MASK);
+        tcg_gen_movi_i32(cpu_flags, ctx->envflags & ~TB_FLAG_GUSA_MASK);
         /* Note that this won't actually use a goto_tb opcode because we
            disallow it in use_goto_tb, but it handles exit + singlestep.  */
         gen_goto_tb(ctx, 0, dest);
@@ -XXX,XX +XXX,XX @@ static void gen_delayed_conditional_jump(DisasContext * ctx)
     tcg_gen_mov_i32(ds, cpu_delayed_cond);
     tcg_gen_discard_i32(cpu_delayed_cond);
 
-    if (ctx->tbflags & GUSA_EXCLUSIVE) {
+    if (ctx->tbflags & TB_FLAG_GUSA_EXCLUSIVE) {
         /* When in an exclusive region, we must continue to the end.
            Therefore, exit the region on a taken branch, but otherwise
            fall through to the next instruction.  */
         tcg_gen_brcondi_i32(TCG_COND_EQ, ds, 0, l1);
 
         /* Leave the gUSA region.  */
-        tcg_gen_movi_i32(cpu_flags, ctx->envflags & ~GUSA_MASK);
+        tcg_gen_movi_i32(cpu_flags, ctx->envflags & ~TB_FLAG_GUSA_MASK);
         gen_jump(ctx);
 
         gen_set_label(l1);
@@ -XXX,XX +XXX,XX @@ static inline void gen_store_fpr64(DisasContext *ctx, TCGv_i64 t, int reg)
 #define XHACK(x) ((((x) & 1 ) << 4) | ((x) & 0xe))
 
 #define CHECK_NOT_DELAY_SLOT \
-    if (ctx->envflags & DELAY_SLOT_MASK) {  \
-        goto do_illegal_slot;               \
+    if (ctx->envflags & TB_FLAG_DELAY_SLOT_MASK) {  \
+        goto do_illegal_slot;                       \
     }
 
 #define CHECK_PRIVILEGED \
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
     case 0x000b:		/* rts */
 	CHECK_NOT_DELAY_SLOT
 	tcg_gen_mov_i32(cpu_delayed_pc, cpu_pr);
-        ctx->envflags |= DELAY_SLOT;
+        ctx->envflags |= TB_FLAG_DELAY_SLOT;
 	ctx->delayed_pc = (uint32_t) - 1;
 	return;
     case 0x0028:		/* clrmac */
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
 	CHECK_NOT_DELAY_SLOT
         gen_write_sr(cpu_ssr);
 	tcg_gen_mov_i32(cpu_delayed_pc, cpu_spc);
-        ctx->envflags |= DELAY_SLOT_RTE;
+        ctx->envflags |= TB_FLAG_DELAY_SLOT_RTE;
 	ctx->delayed_pc = (uint32_t) - 1;
         ctx->base.is_jmp = DISAS_STOP;
 	return;
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
 	return;
     case 0xe000:		/* mov #imm,Rn */
 #ifdef CONFIG_USER_ONLY
-        /* Detect the start of a gUSA region.  If so, update envflags
-           and end the TB.  This will allow us to see the end of the
-           region (stored in R0) in the next TB.  */
+        /*
+         * Detect the start of a gUSA region (mov #-n, r15).
+         * If so, update envflags and end the TB.  This will allow us
+         * to see the end of the region (stored in R0) in the next TB.
+         */
         if (B11_8 == 15 && B7_0s < 0 &&
             (tb_cflags(ctx->base.tb) & CF_PARALLEL)) {
-            ctx->envflags = deposit32(ctx->envflags, GUSA_SHIFT, 8, B7_0s);
+            ctx->envflags =
+                deposit32(ctx->envflags, TB_FLAG_GUSA_SHIFT, 8, B7_0s);
             ctx->base.is_jmp = DISAS_STOP;
         }
 #endif
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
     case 0xa000:		/* bra disp */
 	CHECK_NOT_DELAY_SLOT
         ctx->delayed_pc = ctx->base.pc_next + 4 + B11_0s * 2;
-        ctx->envflags |= DELAY_SLOT;
+        ctx->envflags |= TB_FLAG_DELAY_SLOT;
 	return;
     case 0xb000:		/* bsr disp */
 	CHECK_NOT_DELAY_SLOT
         tcg_gen_movi_i32(cpu_pr, ctx->base.pc_next + 4);
         ctx->delayed_pc = ctx->base.pc_next + 4 + B11_0s * 2;
-        ctx->envflags |= DELAY_SLOT;
+        ctx->envflags |= TB_FLAG_DELAY_SLOT;
 	return;
     }
 
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
 	CHECK_NOT_DELAY_SLOT
         tcg_gen_xori_i32(cpu_delayed_cond, cpu_sr_t, 1);
         ctx->delayed_pc = ctx->base.pc_next + 4 + B7_0s * 2;
-        ctx->envflags |= DELAY_SLOT_CONDITIONAL;
+        ctx->envflags |= TB_FLAG_DELAY_SLOT_COND;
 	return;
     case 0x8900:		/* bt label */
 	CHECK_NOT_DELAY_SLOT
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
 	CHECK_NOT_DELAY_SLOT
         tcg_gen_mov_i32(cpu_delayed_cond, cpu_sr_t);
         ctx->delayed_pc = ctx->base.pc_next + 4 + B7_0s * 2;
-        ctx->envflags |= DELAY_SLOT_CONDITIONAL;
+        ctx->envflags |= TB_FLAG_DELAY_SLOT_COND;
 	return;
     case 0x8800:		/* cmp/eq #imm,R0 */
         tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, REG(0), B7_0s);
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
     case 0x0023:		/* braf Rn */
 	CHECK_NOT_DELAY_SLOT
         tcg_gen_addi_i32(cpu_delayed_pc, REG(B11_8), ctx->base.pc_next + 4);
-        ctx->envflags |= DELAY_SLOT;
+        ctx->envflags |= TB_FLAG_DELAY_SLOT;
 	ctx->delayed_pc = (uint32_t) - 1;
 	return;
     case 0x0003:		/* bsrf Rn */
 	CHECK_NOT_DELAY_SLOT
         tcg_gen_movi_i32(cpu_pr, ctx->base.pc_next + 4);
 	tcg_gen_add_i32(cpu_delayed_pc, REG(B11_8), cpu_pr);
-        ctx->envflags |= DELAY_SLOT;
+        ctx->envflags |= TB_FLAG_DELAY_SLOT;
 	ctx->delayed_pc = (uint32_t) - 1;
 	return;
     case 0x4015:		/* cmp/pl Rn */
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
     case 0x402b:		/* jmp @Rn */
 	CHECK_NOT_DELAY_SLOT
 	tcg_gen_mov_i32(cpu_delayed_pc, REG(B11_8));
-        ctx->envflags |= DELAY_SLOT;
+        ctx->envflags |= TB_FLAG_DELAY_SLOT;
 	ctx->delayed_pc = (uint32_t) - 1;
 	return;
     case 0x400b:		/* jsr @Rn */
 	CHECK_NOT_DELAY_SLOT
         tcg_gen_movi_i32(cpu_pr, ctx->base.pc_next + 4);
 	tcg_gen_mov_i32(cpu_delayed_pc, REG(B11_8));
-        ctx->envflags |= DELAY_SLOT;
+        ctx->envflags |= TB_FLAG_DELAY_SLOT;
 	ctx->delayed_pc = (uint32_t) - 1;
 	return;
     case 0x400e:		/* ldc Rm,SR */
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
     fflush(stderr);
 #endif
  do_illegal:
-    if (ctx->envflags & DELAY_SLOT_MASK) {
+    if (ctx->envflags & TB_FLAG_DELAY_SLOT_MASK) {
  do_illegal_slot:
         gen_save_cpu_state(ctx, true);
         gen_helper_raise_slot_illegal_instruction(cpu_env);
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
 
  do_fpu_disabled:
     gen_save_cpu_state(ctx, true);
-    if (ctx->envflags & DELAY_SLOT_MASK) {
+    if (ctx->envflags & TB_FLAG_DELAY_SLOT_MASK) {
         gen_helper_raise_slot_fpu_disable(cpu_env);
     } else {
         gen_helper_raise_fpu_disable(cpu_env);
@@ -XXX,XX +XXX,XX @@ static void decode_opc(DisasContext * ctx)
 
     _decode_opc(ctx);
 
-    if (old_flags & DELAY_SLOT_MASK) {
+    if (old_flags & TB_FLAG_DELAY_SLOT_MASK) {
         /* go out of the delay slot */
-        ctx->envflags &= ~DELAY_SLOT_MASK;
+        ctx->envflags &= ~TB_FLAG_DELAY_SLOT_MASK;
 
         /* When in an exclusive region, we must continue to the end
            for conditional branches.  */
-        if (ctx->tbflags & GUSA_EXCLUSIVE
-            && old_flags & DELAY_SLOT_CONDITIONAL) {
+        if (ctx->tbflags & TB_FLAG_GUSA_EXCLUSIVE
+            && old_flags & TB_FLAG_DELAY_SLOT_COND) {
             gen_delayed_conditional_jump(ctx);
             return;
         }
         /* Otherwise this is probably an invalid gUSA region.
            Drop the GUSA bits so the next TB doesn't see them.  */
-        ctx->envflags &= ~GUSA_MASK;
+        ctx->envflags &= ~TB_FLAG_GUSA_MASK;
 
         tcg_gen_movi_i32(cpu_flags, ctx->envflags);
-        if (old_flags & DELAY_SLOT_CONDITIONAL) {
+        if (old_flags & TB_FLAG_DELAY_SLOT_COND) {
 	    gen_delayed_conditional_jump(ctx);
         } else {
             gen_jump(ctx);
@@ -XXX,XX +XXX,XX @@ static void decode_gusa(DisasContext *ctx, CPUSH4State *env)
     }
 
     /* The entire region has been translated.  */
-    ctx->envflags &= ~GUSA_MASK;
+    ctx->envflags &= ~TB_FLAG_GUSA_MASK;
     ctx->base.pc_next = pc_end;
     ctx->base.num_insns += max_insns - 1;
     return;
@@ -XXX,XX +XXX,XX @@ static void decode_gusa(DisasContext *ctx, CPUSH4State *env)
 
     /* Restart with the EXCLUSIVE bit set, within a TB run via
        cpu_exec_step_atomic holding the exclusive lock.  */
-    ctx->envflags |= GUSA_EXCLUSIVE;
+    ctx->envflags |= TB_FLAG_GUSA_EXCLUSIVE;
     gen_save_cpu_state(ctx, false);
     gen_helper_exclusive(cpu_env);
     ctx->base.is_jmp = DISAS_NORETURN;
@@ -XXX,XX +XXX,XX @@ static void sh4_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
                   (tbflags & (1 << SR_RB))) * 0x10;
     ctx->fbank = tbflags & FPSCR_FR ? 0x10 : 0;
 
-    if (tbflags & GUSA_MASK) {
+#ifdef CONFIG_USER_ONLY
+    if (tbflags & TB_FLAG_GUSA_MASK) {
+        /* In gUSA exclusive region. */
         uint32_t pc = ctx->base.pc_next;
         uint32_t pc_end = ctx->base.tb->cs_base;
-        int backup = sextract32(ctx->tbflags, GUSA_SHIFT, 8);
+        int backup = sextract32(ctx->tbflags, TB_FLAG_GUSA_SHIFT, 8);
         int max_insns = (pc_end - pc) / 2;
 
         if (pc != pc_end + backup || max_insns < 2) {
             /* This is a malformed gUSA region.  Don't do anything special,
                since the interpreter is likely to get confused.  */
-            ctx->envflags &= ~GUSA_MASK;
-        } else if (tbflags & GUSA_EXCLUSIVE) {
+            ctx->envflags &= ~TB_FLAG_GUSA_MASK;
+        } else if (tbflags & TB_FLAG_GUSA_EXCLUSIVE) {
             /* Regardless of single-stepping or the end of the page,
                we must complete execution of the gUSA region while
                holding the exclusive lock.  */
@@ -XXX,XX +XXX,XX @@ static void sh4_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
             return;
         }
     }
+#endif
 
     /* Since the ISA is fixed-width, we can bound by the number
        of instructions remaining on the page.  */
@@ -XXX,XX +XXX,XX @@ static void sh4_tr_translate_insn(DisasContextBase *dcbase, CPUState *cs)
     DisasContext *ctx = container_of(dcbase, DisasContext, base);
 
 #ifdef CONFIG_USER_ONLY
-    if (unlikely(ctx->envflags & GUSA_MASK)
-        && !(ctx->envflags & GUSA_EXCLUSIVE)) {
+    if (unlikely(ctx->envflags & TB_FLAG_GUSA_MASK)
+        && !(ctx->envflags & TB_FLAG_GUSA_EXCLUSIVE)) {
         /* We're in an gUSA region, and we have not already fallen
            back on using an exclusive region.  Attempt to parse the
            region into a single supported atomic operation.  Failure
@@ -XXX,XX +XXX,XX @@ static void sh4_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
 {
     DisasContext *ctx = container_of(dcbase, DisasContext, base);
 
-    if (ctx->tbflags & GUSA_EXCLUSIVE) {
+    if (ctx->tbflags & TB_FLAG_GUSA_EXCLUSIVE) {
         /* Ending the region of exclusivity.  Clear the bits.  */
-        ctx->envflags &= ~GUSA_MASK;
+        ctx->envflags &= ~TB_FLAG_GUSA_MASK;
     }
 
     switch (ctx->base.is_jmp) {
-- 
2.34.1