Series comparison

-[PULL 00/24] tcg patch queue
+[PULL v2 00/20] tcg patch queue
-The following changes since commit 6587b0c1331d427b0939c37e763842550ed581db:
+v2: Fix incorretly resolved rebase conflict in patch 16.
-  Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2021-10-15' into staging (2021-10-15 14:16:28 -0700)
 r~
 The following changes since commit 61fd710b8da8aedcea9b4f197283dc38638e4b60:
   Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging (2022-09-02 13:24:28 -0400)
 are available in the Git repository at:
-  https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20211016
+  https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20220904
-for you to fetch changes up to 995b87dedc78b0467f5f18bbc3546072ba97516a:
+for you to fetch changes up to cc64de1fdeb81bc1ab8bb6c7c24bfd4fc9b28ef2:
-  Revert "cpu: Move cpu_common_props to hw/core/cpu.c" (2021-10-15 16:39:15 -0700)
+  target/riscv: Make translator stop before the end of a page (2022-09-03 09:27:05 +0100)
 ----------------------------------------------------------------
-Move gdb singlestep to generic code
+Respect PROT_EXEC in user-only mode.
-Fix cpu_common_props
+Fix s390x, i386 and riscv for translations crossing a page.
 ----------------------------------------------------------------
-Richard Henderson (24):
+Ilya Leoshkevich (4):
-      accel/tcg: Handle gdb singlestep in cpu_tb_exec
+      linux-user: Clear translations on mprotect()
-      target/alpha: Drop checks for singlestep_enabled
+      accel/tcg: Introduce is_same_page()
-      target/avr: Drop checks for singlestep_enabled
+      target/s390x: Make translator stop before the end of a page
-      target/cris: Drop checks for singlestep_enabled
+      target/i386: Make translator stop before the end of a page
       target/hexagon: Drop checks for singlestep_enabled
       target/arm: Drop checks for singlestep_enabled
       target/hppa: Drop checks for singlestep_enabled
       target/i386: Check CF_NO_GOTO_TB for dc->jmp_opt
       target/i386: Drop check for singlestep_enabled
       target/m68k: Drop checks for singlestep_enabled
       target/microblaze: Check CF_NO_GOTO_TB for DISAS_JUMP
       target/microblaze: Drop checks for singlestep_enabled
       target/mips: Fix single stepping
       target/mips: Drop exit checks for singlestep_enabled
       target/openrisc: Drop checks for singlestep_enabled
       target/ppc: Drop exit checks for singlestep_enabled
       target/riscv: Remove dead code after exception
       target/riscv: Remove exit_tb and lookup_and_goto_ptr
       target/rx: Drop checks for singlestep_enabled
       target/s390x: Drop check for singlestep_enabled
       target/sh4: Drop check for singlestep_enabled
       target/tricore: Drop check for singlestep_enabled
       target/xtensa: Drop check for singlestep_enabled
       Revert "cpu: Move cpu_common_props to hw/core/cpu.c"
- include/hw/core/cpu.h                          |  1 +
+Richard Henderson (16):
- target/i386/helper.h                           |  1 -
+      linux-user/arm: Mark the commpage executable
- target/rx/helper.h                             |  1 -
+      linux-user/hppa: Allocate page zero as a commpage
- target/sh4/helper.h                            |  1 -
+      linux-user/x86_64: Allocate vsyscall page as a commpage
- target/tricore/helper.h                        |  1 -
+      linux-user: Honor PT_GNU_STACK
- accel/tcg/cpu-exec.c                           | 11 ++++
+      tests/tcg/i386: Move smc_code2 to an executable section
- cpu.c                                          | 21 ++++++++
+      accel/tcg: Properly implement get_page_addr_code for user-only
- hw/core/cpu-common.c                           | 17 +-----
+      accel/tcg: Unlock mmap_lock after longjmp
- target/alpha/translate.c                       | 13 ++---
+      accel/tcg: Make tb_htable_lookup static
- target/arm/translate-a64.c                     | 10 +---
+      accel/tcg: Move qemu_ram_addr_from_host_nofail to physmem.c
- target/arm/translate.c                         | 36 +++----------
+      accel/tcg: Use probe_access_internal for softmmu get_page_addr_code_hostp
- target/avr/translate.c                         | 19 ++-----
+      accel/tcg: Document the faulting lookup in tb_lookup_cmp
- target/cris/translate.c                        | 16 ------
+      accel/tcg: Remove translator_ldsw
- target/hexagon/translate.c                     | 12 +----
+      accel/tcg: Add pc and host_pc params to gen_intermediate_code
- target/hppa/translate.c                        | 17 ++----
+      accel/tcg: Add fast path for translator_ld*
- target/i386/tcg/misc_helper.c                  |  8 ---
+      target/riscv: Add MAX_INSN_LEN and insn_len
- target/i386/tcg/translate.c                    |  9 ++--
+      target/riscv: Make translator stop before the end of a page
  target/m68k/translate.c                        | 44 ++++-----------
  target/microblaze/translate.c                  | 18 ++-----
  target/mips/tcg/translate.c                    | 75 ++++++++++++--------------
  target/openrisc/translate.c                    | 18 ++-----
  target/ppc/translate.c                         | 38 +++----------
  target/riscv/translate.c                       | 27 +---------
  target/rx/op_helper.c                          |  8 ---
  target/rx/translate.c                          | 12 +----
  target/s390x/tcg/translate.c                   |  8 +--
  target/sh4/op_helper.c                         |  5 --
  target/sh4/translate.c                         | 14 ++---
  target/tricore/op_helper.c                     |  7 ---
  target/tricore/translate.c                     | 14 +----
  target/xtensa/translate.c                      | 25 +++------
  target/riscv/insn_trans/trans_privileged.c.inc | 10 ++--
  target/riscv/insn_trans/trans_rvi.c.inc        |  8 ++-
  target/riscv/insn_trans/trans_rvv.c.inc        |  2 +-
 files changed, 141 insertions(+), 386 deletions(-)
+ include/elf.h                     |   1 +
+ include/exec/cpu-common.h         |   1 +
+ include/exec/exec-all.h           |  89 ++++++++----------------
+ include/exec/translator.h         |  96 ++++++++++++++++---------
+ linux-user/arm/target_cpu.h       |   4 +-
+ linux-user/qemu.h                 |   1 +
+ accel/tcg/cpu-exec.c              | 143 ++++++++++++++++++++------------------
+ accel/tcg/cputlb.c                |  93 +++++++------------------
+ accel/tcg/translate-all.c         |  29 ++++----
+ accel/tcg/translator.c            | 135 ++++++++++++++++++++++++++---------
+ accel/tcg/user-exec.c             |  17 ++++-
+ linux-user/elfload.c              |  82 ++++++++++++++++++++--
+ linux-user/mmap.c                 |   6 +-
+ softmmu/physmem.c                 |  12 ++++
+ target/alpha/translate.c          |   5 +-
+ target/arm/translate.c            |   5 +-
+ target/avr/translate.c            |   5 +-
+ target/cris/translate.c           |   5 +-
+ target/hexagon/translate.c        |   6 +-
+ target/hppa/translate.c           |   5 +-
+ target/i386/tcg/translate.c       |  71 +++++++++++--------
+ target/loongarch/translate.c      |   6 +-
+ target/m68k/translate.c           |   5 +-
+ target/microblaze/translate.c     |   5 +-
+ target/mips/tcg/translate.c       |   5 +-
+ target/nios2/translate.c          |   5 +-
+ target/openrisc/translate.c       |   6 +-
+ target/ppc/translate.c            |   5 +-
+ target/riscv/translate.c          |  32 +++++++--
+ target/rx/translate.c             |   5 +-
+ target/s390x/tcg/translate.c      |  20 ++++--
+ target/sh4/translate.c            |   5 +-
+ target/sparc/translate.c          |   5 +-
+ target/tricore/translate.c        |   6 +-
+ target/xtensa/translate.c         |   6 +-
+ tests/tcg/i386/test-i386.c        |   2 +-
+ tests/tcg/riscv64/noexec.c        |  79 +++++++++++++++++++++
+ tests/tcg/s390x/noexec.c          | 106 ++++++++++++++++++++++++++++
+ tests/tcg/x86_64/noexec.c         |  75 ++++++++++++++++++++
+ tests/tcg/multiarch/noexec.c.inc  | 139 ++++++++++++++++++++++++++++++++++++
+ tests/tcg/riscv64/Makefile.target |   1 +
+ tests/tcg/s390x/Makefile.target   |   1 +
+ tests/tcg/x86_64/Makefile.target  |   3 +-
+files changed, 966 insertions(+), 367 deletions(-)
+ create mode 100644 tests/tcg/riscv64/noexec.c
+ create mode 100644 tests/tcg/s390x/noexec.c
+ create mode 100644 tests/tcg/x86_64/noexec.c
+ create mode 100644 tests/tcg/multiarch/noexec.c.inc

-[PULL 01/24] accel/tcg: Handle gdb singlestep in cpu_tb_exec
+Deleted patch
-Currently the change in cpu_tb_exec is masked by the debug exception
-being raised by the translators.  But this allows us to remove that code.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- accel/tcg/cpu-exec.c | 11 +++++++++++
-file changed, 11 insertions(+)
-diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/cpu-exec.c
-+++ b/accel/tcg/cpu-exec.c
-@@ -XXX,XX +XXX,XX @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit)
-             cc->set_pc(cpu, last_tb->pc);
-         }
-     }
-+
-+    /*
-+     * If gdb single-step, and we haven't raised another exception,
-+     * raise a debug exception.  Single-step with another exception
-+     * is handled in cpu_handle_exception.
-+     */
-+    if (unlikely(cpu->singlestep_enabled) && cpu->exception_index == -1) {
-+        cpu->exception_index = EXCP_DEBUG;
-+        cpu_loop_exit(cpu);
-+    }
-+
-     return last_tb;
- }
---
-.25.1

-[PULL 02/24] target/alpha: Drop checks for singlestep_enabled
+Deleted patch
-GDB single-stepping is now handled generically.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/alpha/translate.c | 13 +++----------
-file changed, 3 insertions(+), 10 deletions(-)
-diff --git a/target/alpha/translate.c b/target/alpha/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/alpha/translate.c
-+++ b/target/alpha/translate.c
-@@ -XXX,XX +XXX,XX @@ static void alpha_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
-         tcg_gen_movi_i64(cpu_pc, ctx->base.pc_next);
-         /* FALLTHRU */
-     case DISAS_PC_UPDATED:
--        if (!ctx->base.singlestep_enabled) {
--            tcg_gen_lookup_and_goto_ptr();
--            break;
--        }
--        /* FALLTHRU */
-+        tcg_gen_lookup_and_goto_ptr();
-+        break;
-     case DISAS_PC_UPDATED_NOCHAIN:
--        if (ctx->base.singlestep_enabled) {
--            gen_excp_1(EXCP_DEBUG, 0);
--        } else {
--            tcg_gen_exit_tb(NULL, 0);
--        }
-+        tcg_gen_exit_tb(NULL, 0);
-         break;
-     default:
-         g_assert_not_reached();
---
-.25.1

-[PULL 03/24] target/avr: Drop checks for singlestep_enabled
+Deleted patch
-GDB single-stepping is now handled generically.
-Tested-by: Michael Rolnik <mrolnik@gmail.com>
-Reviewed-by: Michael Rolnik <mrolnik@gmail.com>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/avr/translate.c | 19 ++++---------------
-file changed, 4 insertions(+), 15 deletions(-)
-diff --git a/target/avr/translate.c b/target/avr/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/avr/translate.c
-+++ b/target/avr/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
-         tcg_gen_exit_tb(tb, n);
-     } else {
-         tcg_gen_movi_i32(cpu_pc, dest);
--        if (ctx->base.singlestep_enabled) {
--            gen_helper_debug(cpu_env);
--        } else {
--            tcg_gen_lookup_and_goto_ptr();
--        }
-+        tcg_gen_lookup_and_goto_ptr();
-     }
-     ctx->base.is_jmp = DISAS_NORETURN;
- }
-@@ -XXX,XX +XXX,XX @@ static void avr_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
-         tcg_gen_movi_tl(cpu_pc, ctx->npc);
-         /* fall through */
-     case DISAS_LOOKUP:
--        if (!ctx->base.singlestep_enabled) {
--            tcg_gen_lookup_and_goto_ptr();
--            break;
--        }
--        /* fall through */
-+        tcg_gen_lookup_and_goto_ptr();
-+        break;
-     case DISAS_EXIT:
--        if (ctx->base.singlestep_enabled) {
--            gen_helper_debug(cpu_env);
--        } else {
--            tcg_gen_exit_tb(NULL, 0);
--        }
-+        tcg_gen_exit_tb(NULL, 0);
-         break;
-     default:
-         g_assert_not_reached();
---
-.25.1

-[PULL 04/24] target/cris: Drop checks for singlestep_enabled
+Deleted patch
-GDB single-stepping is now handled generically.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/cris/translate.c | 16 ----------------
-file changed, 16 deletions(-)
-diff --git a/target/cris/translate.c b/target/cris/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/cris/translate.c
-+++ b/target/cris/translate.c
-@@ -XXX,XX +XXX,XX @@ static void cris_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
-         }
-     }
--    if (unlikely(dc->base.singlestep_enabled)) {
--        switch (is_jmp) {
--        case DISAS_TOO_MANY:
--        case DISAS_UPDATE_NEXT:
--            tcg_gen_movi_tl(env_pc, npc);
--            /* fall through */
--        case DISAS_JUMP:
--        case DISAS_UPDATE:
--            t_gen_raise_exception(EXCP_DEBUG);
--            return;
--        default:
--            break;
--        }
--        g_assert_not_reached();
--    }
--
-     switch (is_jmp) {
-     case DISAS_TOO_MANY:
-         gen_goto_tb(dc, 0, npc);
---
-.25.1

-[PULL 05/24] target/hexagon: Drop checks for singlestep_enabled
+Deleted patch
-GDB single-stepping is now handled generically.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/hexagon/translate.c | 12 ++----------
-file changed, 2 insertions(+), 10 deletions(-)
-diff --git a/target/hexagon/translate.c b/target/hexagon/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/hexagon/translate.c
-+++ b/target/hexagon/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_end_tb(DisasContext *ctx)
- {
-     gen_exec_counters(ctx);
-     tcg_gen_mov_tl(hex_gpr[HEX_REG_PC], hex_next_PC);
--    if (ctx->base.singlestep_enabled) {
--        gen_exception_raw(EXCP_DEBUG);
--    } else {
--        tcg_gen_exit_tb(NULL, 0);
--    }
-+    tcg_gen_exit_tb(NULL, 0);
-     ctx->base.is_jmp = DISAS_NORETURN;
- }
-@@ -XXX,XX +XXX,XX @@ static void hexagon_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
-     case DISAS_TOO_MANY:
-         gen_exec_counters(ctx);
-         tcg_gen_movi_tl(hex_gpr[HEX_REG_PC], ctx->base.pc_next);
--        if (ctx->base.singlestep_enabled) {
--            gen_exception_raw(EXCP_DEBUG);
--        } else {
--            tcg_gen_exit_tb(NULL, 0);
--        }
-+        tcg_gen_exit_tb(NULL, 0);
-         break;
-     case DISAS_NORETURN:
-         break;
---
-.25.1

-[PULL 06/24] target/arm: Drop checks for singlestep_enabled
+Deleted patch
-GDB single-stepping is now handled generically.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/arm/translate-a64.c | 10 ++--------
- target/arm/translate.c     | 36 ++++++------------------------------
-files changed, 8 insertions(+), 38 deletions(-)
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.c
-+++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ static inline void gen_goto_tb(DisasContext *s, int n, uint64_t dest)
-         gen_a64_set_pc_im(dest);
-         if (s->ss_active) {
-             gen_step_complete_exception(s);
--        } else if (s->base.singlestep_enabled) {
--            gen_exception_internal(EXCP_DEBUG);
-         } else {
-             tcg_gen_lookup_and_goto_ptr();
-             s->base.is_jmp = DISAS_NORETURN;
-@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
- {
-     DisasContext *dc = container_of(dcbase, DisasContext, base);
--    if (unlikely(dc->base.singlestep_enabled || dc->ss_active)) {
-+    if (unlikely(dc->ss_active)) {
-         /* Note that this means single stepping WFI doesn't halt the CPU.
-          * For conditional branch insns this is harmless unreachable code as
-          * gen_goto_tb() has already handled emitting the debug exception
-@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
-             /* fall through */
-         case DISAS_EXIT:
-         case DISAS_JUMP:
--            if (dc->base.singlestep_enabled) {
--                gen_exception_internal(EXCP_DEBUG);
--            } else {
--                gen_step_complete_exception(dc);
--            }
-+            gen_step_complete_exception(dc);
-             break;
-         case DISAS_NORETURN:
-             break;
-diff --git a/target/arm/translate.c b/target/arm/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate.c
-+++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_exception_internal(int excp)
-     tcg_temp_free_i32(tcg_excp);
- }
--static void gen_step_complete_exception(DisasContext *s)
-+static void gen_singlestep_exception(DisasContext *s)
- {
-     /* We just completed step of an insn. Move from Active-not-pending
-      * to Active-pending, and then also take the swstep exception.
-@@ -XXX,XX +XXX,XX @@ static void gen_step_complete_exception(DisasContext *s)
-     s->base.is_jmp = DISAS_NORETURN;
- }
--static void gen_singlestep_exception(DisasContext *s)
--{
--    /* Generate the right kind of exception for singlestep, which is
--     * either the architectural singlestep or EXCP_DEBUG for QEMU's
--     * gdb singlestepping.
--     */
--    if (s->ss_active) {
--        gen_step_complete_exception(s);
--    } else {
--        gen_exception_internal(EXCP_DEBUG);
--    }
--}
--
--static inline bool is_singlestepping(DisasContext *s)
--{
--    /* Return true if we are singlestepping either because of
--     * architectural singlestep or QEMU gdbstub singlestep. This does
--     * not include the command line '-singlestep' mode which is rather
--     * misnamed as it only means "one instruction per TB" and doesn't
--     * affect the code we generate.
--     */
--    return s->base.singlestep_enabled || s->ss_active;
--}
--
- void clear_eci_state(DisasContext *s)
- {
-     /*
-@@ -XXX,XX +XXX,XX @@ static inline void gen_bx_excret_final_code(DisasContext *s)
-     /* Is the new PC value in the magic range indicating exception return? */
-     tcg_gen_brcondi_i32(TCG_COND_GEU, cpu_R[15], min_magic, excret_label);
-     /* No: end the TB as we would for a DISAS_JMP */
--    if (is_singlestepping(s)) {
-+    if (s->ss_active) {
-         gen_singlestep_exception(s);
-     } else {
-         tcg_gen_exit_tb(NULL, 0);
-@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *s, int n, target_ulong dest)
- /* Jump, specifying which TB number to use if we gen_goto_tb() */
- static inline void gen_jmp_tb(DisasContext *s, uint32_t dest, int tbno)
- {
--    if (unlikely(is_singlestepping(s))) {
-+    if (unlikely(s->ss_active)) {
-         /* An indirect jump so that we still trigger the debug exception.  */
-         gen_set_pc_im(s, dest);
-         s->base.is_jmp = DISAS_JUMP;
-@@ -XXX,XX +XXX,XX @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
-     dc->page_start = dc->base.pc_first & TARGET_PAGE_MASK;
-     /* If architectural single step active, limit to 1.  */
--    if (is_singlestepping(dc)) {
-+    if (dc->ss_active) {
-         dc->base.max_insns = 1;
-     }
-@@ -XXX,XX +XXX,XX @@ static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
-          * insn codepath itself.
-          */
-         gen_bx_excret_final_code(dc);
--    } else if (unlikely(is_singlestepping(dc))) {
-+    } else if (unlikely(dc->ss_active)) {
-         /* Unconditional and "condition passed" instruction codepath. */
-         switch (dc->base.is_jmp) {
-         case DISAS_SWI:
-@@ -XXX,XX +XXX,XX @@ static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
-         /* "Condition failed" instruction codepath for the branch/trap insn */
-         gen_set_label(dc->condlabel);
-         gen_set_condexec(dc);
--        if (unlikely(is_singlestepping(dc))) {
-+        if (unlikely(dc->ss_active)) {
-             gen_set_pc_im(dc, dc->base.pc_next);
-             gen_singlestep_exception(dc);
-         } else {
---
-.25.1

-[PULL 07/24] target/hppa: Drop checks for singlestep_enabled
+Deleted patch
-GDB single-stepping is now handled generically.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/hppa/translate.c | 17 ++++-------------
-file changed, 4 insertions(+), 13 deletions(-)
-diff --git a/target/hppa/translate.c b/target/hppa/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/hppa/translate.c
-+++ b/target/hppa/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *ctx, int which,
-     } else {
-         copy_iaoq_entry(cpu_iaoq_f, f, cpu_iaoq_b);
-         copy_iaoq_entry(cpu_iaoq_b, b, ctx->iaoq_n_var);
--        if (ctx->base.singlestep_enabled) {
--            gen_excp_1(EXCP_DEBUG);
--        } else {
--            tcg_gen_lookup_and_goto_ptr();
--        }
-+        tcg_gen_lookup_and_goto_ptr();
-     }
- }
-@@ -XXX,XX +XXX,XX @@ static bool do_rfi(DisasContext *ctx, bool rfi_r)
-         gen_helper_rfi(cpu_env);
-     }
-     /* Exit the TB to recognize new interrupts.  */
--    if (ctx->base.singlestep_enabled) {
--        gen_excp_1(EXCP_DEBUG);
--    } else {
--        tcg_gen_exit_tb(NULL, 0);
--    }
-+    tcg_gen_exit_tb(NULL, 0);
-     ctx->base.is_jmp = DISAS_NORETURN;
-     return nullify_end(ctx);
-@@ -XXX,XX +XXX,XX @@ static void hppa_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
-         nullify_save(ctx);
-         /* FALLTHRU */
-     case DISAS_IAQ_N_UPDATED:
--        if (ctx->base.singlestep_enabled) {
--            gen_excp_1(EXCP_DEBUG);
--        } else if (is_jmp != DISAS_IAQ_N_STALE_EXIT) {
-+        if (is_jmp != DISAS_IAQ_N_STALE_EXIT) {
-             tcg_gen_lookup_and_goto_ptr();
-+            break;
-         }
-         /* FALLTHRU */
-     case DISAS_EXIT:
---
-.25.1

-[PULL 08/24] target/i386: Check CF_NO_GOTO_TB for dc->jmp_opt
+Deleted patch
-We were using singlestep_enabled as a proxy for whether
-translator_use_goto_tb would always return false.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/i386/tcg/translate.c | 5 +++--
-file changed, 3 insertions(+), 2 deletions(-)
-diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/i386/tcg/translate.c
-+++ b/target/i386/tcg/translate.c
-@@ -XXX,XX +XXX,XX @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu)
-     DisasContext *dc = container_of(dcbase, DisasContext, base);
-     CPUX86State *env = cpu->env_ptr;
-     uint32_t flags = dc->base.tb->flags;
-+    uint32_t cflags = tb_cflags(dc->base.tb);
-     int cpl = (flags >> HF_CPL_SHIFT) & 3;
-     int iopl = (flags >> IOPL_SHIFT) & 3;
-@@ -XXX,XX +XXX,XX @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu)
-     dc->cpuid_ext3_features = env->features[FEAT_8000_0001_ECX];
-     dc->cpuid_7_0_ebx_features = env->features[FEAT_7_0_EBX];
-     dc->cpuid_xsave_features = env->features[FEAT_XSAVE];
--    dc->jmp_opt = !(dc->base.singlestep_enabled ||
-+    dc->jmp_opt = !((cflags & CF_NO_GOTO_TB) ||
-                     (flags & (HF_TF_MASK | HF_INHIBIT_IRQ_MASK)));
-     /*
-      * If jmp_opt, we want to handle each string instruction individually.
-      * For icount also disable repz optimization so that each iteration
-      * is accounted separately.
-      */
--    dc->repz_opt = !dc->jmp_opt && !(tb_cflags(dc->base.tb) & CF_USE_ICOUNT);
-+    dc->repz_opt = !dc->jmp_opt && !(cflags & CF_USE_ICOUNT);
-     dc->T0 = tcg_temp_new();
-     dc->T1 = tcg_temp_new();
---
-.25.1

-[PULL 09/24] target/i386: Drop check for singlestep_enabled
+Deleted patch
-GDB single-stepping is now handled generically.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/i386/helper.h          | 1 -
- target/i386/tcg/misc_helper.c | 8 --------
- target/i386/tcg/translate.c   | 4 +---
-files changed, 1 insertion(+), 12 deletions(-)
-diff --git a/target/i386/helper.h b/target/i386/helper.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/i386/helper.h
-+++ b/target/i386/helper.h
-@@ -XXX,XX +XXX,XX @@ DEF_HELPER_2(syscall, void, env, int)
- DEF_HELPER_2(sysret, void, env, int)
- #endif
- DEF_HELPER_FLAGS_2(pause, TCG_CALL_NO_WG, noreturn, env, int)
--DEF_HELPER_FLAGS_1(debug, TCG_CALL_NO_WG, noreturn, env)
- DEF_HELPER_1(reset_rf, void, env)
- DEF_HELPER_FLAGS_3(raise_interrupt, TCG_CALL_NO_WG, noreturn, env, int, int)
- DEF_HELPER_FLAGS_2(raise_exception, TCG_CALL_NO_WG, noreturn, env, int)
-diff --git a/target/i386/tcg/misc_helper.c b/target/i386/tcg/misc_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/i386/tcg/misc_helper.c
-+++ b/target/i386/tcg/misc_helper.c
-@@ -XXX,XX +XXX,XX @@ void QEMU_NORETURN helper_pause(CPUX86State *env, int next_eip_addend)
-     do_pause(env);
- }
--void QEMU_NORETURN helper_debug(CPUX86State *env)
--{
--    CPUState *cs = env_cpu(env);
--
--    cs->exception_index = EXCP_DEBUG;
--    cpu_loop_exit(cs);
--}
--
- uint64_t helper_rdpkru(CPUX86State *env, uint32_t ecx)
- {
-     if ((env->cr[4] & CR4_PKE_MASK) == 0) {
-diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/i386/tcg/translate.c
-+++ b/target/i386/tcg/translate.c
-@@ -XXX,XX +XXX,XX @@ do_gen_eob_worker(DisasContext *s, bool inhibit, bool recheck_tf, bool jr)
-     if (s->base.tb->flags & HF_RF_MASK) {
-         gen_helper_reset_rf(cpu_env);
-     }
--    if (s->base.singlestep_enabled) {
--        gen_helper_debug(cpu_env);
--    } else if (recheck_tf) {
-+    if (recheck_tf) {
-         gen_helper_rechecking_single_step(cpu_env);
-         tcg_gen_exit_tb(NULL, 0);
-     } else if (s->flags & HF_TF_MASK) {
---
-.25.1

-[PULL 10/24] target/m68k: Drop checks for singlestep_enabled
+Deleted patch
-GDB single-stepping is now handled generically.
-Acked-by: Laurent Vivier <laurent@vivier.eu>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/m68k/translate.c | 44 +++++++++--------------------------------
-file changed, 9 insertions(+), 35 deletions(-)
-diff --git a/target/m68k/translate.c b/target/m68k/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/m68k/translate.c
-+++ b/target/m68k/translate.c
-@@ -XXX,XX +XXX,XX @@ static void do_writebacks(DisasContext *s)
-     }
- }
--static bool is_singlestepping(DisasContext *s)
--{
--    /*
--     * Return true if we are singlestepping either because of
--     * architectural singlestep or QEMU gdbstub singlestep. This does
--     * not include the command line '-singlestep' mode which is rather
--     * misnamed as it only means "one instruction per TB" and doesn't
--     * affect the code we generate.
--     */
--    return s->base.singlestep_enabled || s->ss_active;
--}
--
- /* is_jmp field values */
- #define DISAS_JUMP      DISAS_TARGET_0 /* only pc was modified dynamically */
- #define DISAS_EXIT      DISAS_TARGET_1 /* cpu state was modified dynamically */
-@@ -XXX,XX +XXX,XX @@ static void gen_exception(DisasContext *s, uint32_t dest, int nr)
-     s->base.is_jmp = DISAS_NORETURN;
- }
--static void gen_singlestep_exception(DisasContext *s)
--{
--    /*
--     * Generate the right kind of exception for singlestep, which is
--     * either the architectural singlestep or EXCP_DEBUG for QEMU's
--     * gdb singlestepping.
--     */
--    if (s->ss_active) {
--        gen_raise_exception(EXCP_TRACE);
--    } else {
--        gen_raise_exception(EXCP_DEBUG);
--    }
--}
--
- static inline void gen_addr_fault(DisasContext *s)
- {
-     gen_exception(s, s->base.pc_next, EXCP_ADDRESS);
-@@ -XXX,XX +XXX,XX @@ static void gen_exit_tb(DisasContext *s)
- /* Generate a jump to an immediate address.  */
- static void gen_jmp_tb(DisasContext *s, int n, uint32_t dest)
- {
--    if (unlikely(is_singlestepping(s))) {
-+    if (unlikely(s->ss_active)) {
-         update_cc_op(s);
-         tcg_gen_movi_i32(QREG_PC, dest);
--        gen_singlestep_exception(s);
-+        gen_raise_exception(EXCP_TRACE);
-     } else if (translator_use_goto_tb(&s->base, dest)) {
-         tcg_gen_goto_tb(n);
-         tcg_gen_movi_i32(QREG_PC, dest);
-@@ -XXX,XX +XXX,XX @@ static void m68k_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu)
-     dc->ss_active = (M68K_SR_TRACE(env->sr) == M68K_SR_TRACE_ANY_INS);
-     /* If architectural single step active, limit to 1 */
--    if (is_singlestepping(dc)) {
-+    if (dc->ss_active) {
-         dc->base.max_insns = 1;
-     }
- }
-@@ -XXX,XX +XXX,XX @@ static void m68k_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
-         break;
-     case DISAS_TOO_MANY:
-         update_cc_op(dc);
--        if (is_singlestepping(dc)) {
-+        if (dc->ss_active) {
-             tcg_gen_movi_i32(QREG_PC, dc->pc);
--            gen_singlestep_exception(dc);
-+            gen_raise_exception(EXCP_TRACE);
-         } else {
-             gen_jmp_tb(dc, 0, dc->pc);
-         }
-         break;
-     case DISAS_JUMP:
-         /* We updated CC_OP and PC in gen_jmp/gen_jmp_im.  */
--        if (is_singlestepping(dc)) {
--            gen_singlestep_exception(dc);
-+        if (dc->ss_active) {
-+            gen_raise_exception(EXCP_TRACE);
-         } else {
-             tcg_gen_lookup_and_goto_ptr();
-         }
-@@ -XXX,XX +XXX,XX @@ static void m68k_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
-          * We updated CC_OP and PC in gen_exit_tb, but also modified
-          * other state that may require returning to the main loop.
-          */
--        if (is_singlestepping(dc)) {
--            gen_singlestep_exception(dc);
-+        if (dc->ss_active) {
-+            gen_raise_exception(EXCP_TRACE);
-         } else {
-             tcg_gen_exit_tb(NULL, 0);
-         }
---
-.25.1

-[PULL 11/24] target/microblaze: Check CF_NO_GOTO_TB for DISAS_JUMP
+Deleted patch
-We were using singlestep_enabled as a proxy for whether
-translator_use_goto_tb would always return false.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/microblaze/translate.c | 4 ++--
-file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/microblaze/translate.c
-+++ b/target/microblaze/translate.c
-@@ -XXX,XX +XXX,XX @@ static void mb_tr_tb_stop(DisasContextBase *dcb, CPUState *cs)
-         break;
-     case DISAS_JUMP:
--        if (dc->jmp_dest != -1 && !cs->singlestep_enabled) {
-+        if (dc->jmp_dest != -1 && !(tb_cflags(dc->base.tb) & CF_NO_GOTO_TB)) {
-             /* Direct jump. */
-             tcg_gen_discard_i32(cpu_btarget);
-@@ -XXX,XX +XXX,XX @@ static void mb_tr_tb_stop(DisasContextBase *dcb, CPUState *cs)
-             return;
-         }
--        /* Indirect jump (or direct jump w/ singlestep) */
-+        /* Indirect jump (or direct jump w/ goto_tb disabled) */
-         tcg_gen_mov_i32(cpu_pc, cpu_btarget);
-         tcg_gen_discard_i32(cpu_btarget);
---
-.25.1

-[PULL 12/24] target/microblaze: Drop checks for singlestep_enabled
+Deleted patch
-GDB single-stepping is now handled generically.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/microblaze/translate.c | 14 ++------------
-file changed, 2 insertions(+), 12 deletions(-)
-diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/microblaze/translate.c
-+++ b/target/microblaze/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_raise_hw_excp(DisasContext *dc, uint32_t esr_ec)
- static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
- {
--    if (dc->base.singlestep_enabled) {
--        TCGv_i32 tmp = tcg_const_i32(EXCP_DEBUG);
--        tcg_gen_movi_i32(cpu_pc, dest);
--        gen_helper_raise_exception(cpu_env, tmp);
--        tcg_temp_free_i32(tmp);
--    } else if (translator_use_goto_tb(&dc->base, dest)) {
-+    if (translator_use_goto_tb(&dc->base, dest)) {
-         tcg_gen_goto_tb(n);
-         tcg_gen_movi_i32(cpu_pc, dest);
-         tcg_gen_exit_tb(dc->base.tb, n);
-@@ -XXX,XX +XXX,XX @@ static void mb_tr_tb_stop(DisasContextBase *dcb, CPUState *cs)
-         /* Indirect jump (or direct jump w/ goto_tb disabled) */
-         tcg_gen_mov_i32(cpu_pc, cpu_btarget);
-         tcg_gen_discard_i32(cpu_btarget);
--
--        if (unlikely(cs->singlestep_enabled)) {
--            gen_raise_exception(dc, EXCP_DEBUG);
--        } else {
--            tcg_gen_lookup_and_goto_ptr();
--        }
-+        tcg_gen_lookup_and_goto_ptr();
-         return;
-     default:
---
-.25.1

-[PULL 13/24] target/mips: Fix single stepping
+Deleted patch
-As per an ancient comment in mips_tr_translate_insn about the
-expectations of gdb, when restarting the insn in a delay slot
-we also re-execute the branch.  Which means that we are
-expected to execute two insns in this case.
-This has been broken since 8b86d6d2580, where we forced max_insns
-to 1 while single-stepping.  This resulted in an exit from the
-translator loop after the branch but before the delay slot is
-translated.
-Increase the max_insns to 2 for this case.  In addition, bypass
-the end-of-page check, for when the branch itself ends the page.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/mips/tcg/translate.c | 25 ++++++++++++++++---------
-file changed, 16 insertions(+), 9 deletions(-)
-diff --git a/target/mips/tcg/translate.c b/target/mips/tcg/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/mips/tcg/translate.c
-+++ b/target/mips/tcg/translate.c
-@@ -XXX,XX +XXX,XX @@ static void mips_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
-     ctx->default_tcg_memop_mask = (ctx->insn_flags & (ISA_MIPS_R6 |
-                                   INSN_LOONGSON3A)) ? MO_UNALN : MO_ALIGN;
-+    /*
-+     * Execute a branch and its delay slot as a single instruction.
-+     * This is what GDB expects and is consistent with what the
-+     * hardware does (e.g. if a delay slot instruction faults, the
-+     * reported PC is the PC of the branch).
-+     */
-+    if (ctx->base.singlestep_enabled && (ctx->hflags & MIPS_HFLAG_BMASK)) {
-+        ctx->base.max_insns = 2;
-+    }
-+
-     LOG_DISAS("\ntb %p idx %d hflags %04x\n", ctx->base.tb, ctx->mem_idx,
-               ctx->hflags);
- }
-@@ -XXX,XX +XXX,XX @@ static void mips_tr_translate_insn(DisasContextBase *dcbase, CPUState *cs)
-     if (ctx->base.is_jmp != DISAS_NEXT) {
-         return;
-     }
-+
-     /*
--     * Execute a branch and its delay slot as a single instruction.
--     * This is what GDB expects and is consistent with what the
--     * hardware does (e.g. if a delay slot instruction faults, the
--     * reported PC is the PC of the branch).
-+     * End the TB on (most) page crossings.
-+     * See mips_tr_init_disas_context about single-stepping a branch
-+     * together with its delay slot.
-      */
--    if (ctx->base.singlestep_enabled &&
--        (ctx->hflags & MIPS_HFLAG_BMASK) == 0) {
--        ctx->base.is_jmp = DISAS_TOO_MANY;
--    }
--    if (ctx->base.pc_next - ctx->page_start >= TARGET_PAGE_SIZE) {
-+    if (ctx->base.pc_next - ctx->page_start >= TARGET_PAGE_SIZE
-+        && !ctx->base.singlestep_enabled) {
-         ctx->base.is_jmp = DISAS_TOO_MANY;
-     }
- }
---
-.25.1

-[PULL 14/24] target/mips: Drop exit checks for singlestep_enabled
+Deleted patch
-GDB single-stepping is now handled generically.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/mips/tcg/translate.c | 50 +++++++++++++------------------------
-file changed, 18 insertions(+), 32 deletions(-)
-diff --git a/target/mips/tcg/translate.c b/target/mips/tcg/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/mips/tcg/translate.c
-+++ b/target/mips/tcg/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
-         tcg_gen_exit_tb(ctx->base.tb, n);
-     } else {
-         gen_save_pc(dest);
--        if (ctx->base.singlestep_enabled) {
--            save_cpu_state(ctx, 0);
--            gen_helper_raise_exception_debug(cpu_env);
--        } else {
--            tcg_gen_lookup_and_goto_ptr();
--        }
-+        tcg_gen_lookup_and_goto_ptr();
-     }
- }
-@@ -XXX,XX +XXX,XX @@ static void gen_branch(DisasContext *ctx, int insn_bytes)
-             } else {
-                 tcg_gen_mov_tl(cpu_PC, btarget);
-             }
--            if (ctx->base.singlestep_enabled) {
--                save_cpu_state(ctx, 0);
--                gen_helper_raise_exception_debug(cpu_env);
--            }
-             tcg_gen_lookup_and_goto_ptr();
-             break;
-         default:
-@@ -XXX,XX +XXX,XX @@ static void mips_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
- {
-     DisasContext *ctx = container_of(dcbase, DisasContext, base);
--    if (ctx->base.singlestep_enabled && ctx->base.is_jmp != DISAS_NORETURN) {
--        save_cpu_state(ctx, ctx->base.is_jmp != DISAS_EXIT);
--        gen_helper_raise_exception_debug(cpu_env);
--    } else {
--        switch (ctx->base.is_jmp) {
--        case DISAS_STOP:
--            gen_save_pc(ctx->base.pc_next);
--            tcg_gen_lookup_and_goto_ptr();
--            break;
--        case DISAS_NEXT:
--        case DISAS_TOO_MANY:
--            save_cpu_state(ctx, 0);
--            gen_goto_tb(ctx, 0, ctx->base.pc_next);
--            break;
--        case DISAS_EXIT:
--            tcg_gen_exit_tb(NULL, 0);
--            break;
--        case DISAS_NORETURN:
--            break;
--        default:
--            g_assert_not_reached();
--        }
-+    switch (ctx->base.is_jmp) {
-+    case DISAS_STOP:
-+        gen_save_pc(ctx->base.pc_next);
-+        tcg_gen_lookup_and_goto_ptr();
-+        break;
-+    case DISAS_NEXT:
-+    case DISAS_TOO_MANY:
-+        save_cpu_state(ctx, 0);
-+        gen_goto_tb(ctx, 0, ctx->base.pc_next);
-+        break;
-+    case DISAS_EXIT:
-+        tcg_gen_exit_tb(NULL, 0);
-+        break;
-+    case DISAS_NORETURN:
-+        break;
-+    default:
-+        g_assert_not_reached();
-     }
- }
---
-.25.1

-[PULL 15/24] target/openrisc: Drop checks for singlestep_enabled
+Deleted patch
-GDB single-stepping is now handled generically.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/openrisc/translate.c | 18 +++---------------
-file changed, 3 insertions(+), 15 deletions(-)
-diff --git a/target/openrisc/translate.c b/target/openrisc/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/openrisc/translate.c
-+++ b/target/openrisc/translate.c
-@@ -XXX,XX +XXX,XX @@ static void openrisc_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
-             /* The jump destination is indirect/computed; use jmp_pc.  */
-             tcg_gen_mov_tl(cpu_pc, jmp_pc);
-             tcg_gen_discard_tl(jmp_pc);
--            if (unlikely(dc->base.singlestep_enabled)) {
--                gen_exception(dc, EXCP_DEBUG);
--            } else {
--                tcg_gen_lookup_and_goto_ptr();
--            }
-+            tcg_gen_lookup_and_goto_ptr();
-             break;
-         }
-         /* The jump destination is direct; use jmp_pc_imm.
-@@ -XXX,XX +XXX,XX @@ static void openrisc_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
-             break;
-         }
-         tcg_gen_movi_tl(cpu_pc, jmp_dest);
--        if (unlikely(dc->base.singlestep_enabled)) {
--            gen_exception(dc, EXCP_DEBUG);
--        } else {
--            tcg_gen_lookup_and_goto_ptr();
--        }
-+        tcg_gen_lookup_and_goto_ptr();
-         break;
-     case DISAS_EXIT:
--        if (unlikely(dc->base.singlestep_enabled)) {
--            gen_exception(dc, EXCP_DEBUG);
--        } else {
--            tcg_gen_exit_tb(NULL, 0);
--        }
-+        tcg_gen_exit_tb(NULL, 0);
-         break;
-     default:
-         g_assert_not_reached();
---
-.25.1

-[PULL 16/24] target/ppc: Drop exit checks for singlestep_enabled
+Deleted patch
-GDB single-stepping is now handled generically.
-Reuse gen_debug_exception to handle architectural debug exceptions.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/ppc/translate.c | 38 ++++++++------------------------------
-file changed, 8 insertions(+), 30 deletions(-)
-diff --git a/target/ppc/translate.c b/target/ppc/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/ppc/translate.c
-+++ b/target/ppc/translate.c
-@@ -XXX,XX +XXX,XX @@
- #define CPU_SINGLE_STEP 0x1
- #define CPU_BRANCH_STEP 0x2
--#define GDBSTUB_SINGLE_STEP 0x4
- /* Include definitions for instructions classes and implementations flags */
- /* #define PPC_DEBUG_DISAS */
-@@ -XXX,XX +XXX,XX @@ static uint32_t gen_prep_dbgex(DisasContext *ctx)
- static void gen_debug_exception(DisasContext *ctx)
- {
--    gen_helper_raise_exception(cpu_env, tcg_constant_i32(EXCP_DEBUG));
-+    gen_helper_raise_exception(cpu_env, tcg_constant_i32(gen_prep_dbgex(ctx)));
-     ctx->base.is_jmp = DISAS_NORETURN;
- }
-@@ -XXX,XX +XXX,XX @@ static inline bool use_goto_tb(DisasContext *ctx, target_ulong dest)
- static void gen_lookup_and_goto_ptr(DisasContext *ctx)
- {
--    int sse = ctx->singlestep_enabled;
--    if (unlikely(sse)) {
--        if (sse & GDBSTUB_SINGLE_STEP) {
--            gen_debug_exception(ctx);
--        } else if (sse & (CPU_SINGLE_STEP | CPU_BRANCH_STEP)) {
--            gen_helper_raise_exception(cpu_env, tcg_constant_i32(gen_prep_dbgex(ctx)));
--        } else {
--            tcg_gen_exit_tb(NULL, 0);
--        }
-+    if (unlikely(ctx->singlestep_enabled)) {
-+        gen_debug_exception(ctx);
-     } else {
-         tcg_gen_lookup_and_goto_ptr();
-     }
-@@ -XXX,XX +XXX,XX @@ static void ppc_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
-     ctx->singlestep_enabled = 0;
-     if ((hflags >> HFLAGS_SE) & 1) {
-         ctx->singlestep_enabled |= CPU_SINGLE_STEP;
-+        ctx->base.max_insns = 1;
-     }
-     if ((hflags >> HFLAGS_BE) & 1) {
-         ctx->singlestep_enabled |= CPU_BRANCH_STEP;
-     }
--    if (unlikely(ctx->base.singlestep_enabled)) {
--        ctx->singlestep_enabled |= GDBSTUB_SINGLE_STEP;
--    }
--
--    if (ctx->singlestep_enabled & (CPU_SINGLE_STEP | GDBSTUB_SINGLE_STEP)) {
--        ctx->base.max_insns = 1;
--    }
- }
- static void ppc_tr_tb_start(DisasContextBase *db, CPUState *cs)
-@@ -XXX,XX +XXX,XX @@ static void ppc_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
-     DisasContext *ctx = container_of(dcbase, DisasContext, base);
-     DisasJumpType is_jmp = ctx->base.is_jmp;
-     target_ulong nip = ctx->base.pc_next;
--    int sse;
-     if (is_jmp == DISAS_NORETURN) {
-         /* We have already exited the TB. */
-@@ -XXX,XX +XXX,XX @@ static void ppc_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
-     }
-     /* Honor single stepping. */
--    sse = ctx->singlestep_enabled & (CPU_SINGLE_STEP | GDBSTUB_SINGLE_STEP);
--    if (unlikely(sse)) {
-+    if (unlikely(ctx->singlestep_enabled & CPU_SINGLE_STEP)
-+        && (nip <= 0x100 || nip > 0xf00)) {
-         switch (is_jmp) {
-         case DISAS_TOO_MANY:
-         case DISAS_EXIT_UPDATE:
-@@ -XXX,XX +XXX,XX @@ static void ppc_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
-             g_assert_not_reached();
-         }
--        if (sse & GDBSTUB_SINGLE_STEP) {
--            gen_debug_exception(ctx);
--            return;
--        }
--        /* else CPU_SINGLE_STEP... */
--        if (nip <= 0x100 || nip > 0xf00) {
--            gen_helper_raise_exception(cpu_env, tcg_constant_i32(gen_prep_dbgex(ctx)));
--            return;
--        }
-+        gen_debug_exception(ctx);
-+        return;
-     }
-     switch (is_jmp) {
---
-.25.1

-[PULL 17/24] target/riscv: Remove dead code after exception
+Deleted patch
-We have already set DISAS_NORETURN in generate_exception,
-which makes the exit_tb unreachable.
-Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/riscv/insn_trans/trans_privileged.c.inc | 6 +-----
-file changed, 1 insertion(+), 5 deletions(-)
-diff --git a/target/riscv/insn_trans/trans_privileged.c.inc b/target/riscv/insn_trans/trans_privileged.c.inc
-index XXXXXXX..XXXXXXX 100644
---- a/target/riscv/insn_trans/trans_privileged.c.inc
-+++ b/target/riscv/insn_trans/trans_privileged.c.inc
-@@ -XXX,XX +XXX,XX @@ static bool trans_ecall(DisasContext *ctx, arg_ecall *a)
- {
-     /* always generates U-level ECALL, fixed in do_interrupt handler */
-     generate_exception(ctx, RISCV_EXCP_U_ECALL);
--    exit_tb(ctx); /* no chaining */
--    ctx->base.is_jmp = DISAS_NORETURN;
-     return true;
- }
-@@ -XXX,XX +XXX,XX @@ static bool trans_ebreak(DisasContext *ctx, arg_ebreak *a)
-         post   = opcode_at(&ctx->base, post_addr);
-     }
--    if  (pre == 0x01f01013 && ebreak == 0x00100073 && post == 0x40705013) {
-+    if (pre == 0x01f01013 && ebreak == 0x00100073 && post == 0x40705013) {
-         generate_exception(ctx, RISCV_EXCP_SEMIHOST);
-     } else {
-         generate_exception(ctx, RISCV_EXCP_BREAKPOINT);
-     }
--    exit_tb(ctx); /* no chaining */
--    ctx->base.is_jmp = DISAS_NORETURN;
-     return true;
- }
---
-.25.1

-[PULL 18/24] target/riscv: Remove exit_tb and lookup_and_goto_ptr
+Deleted patch
-GDB single-stepping is now handled generically, which means
-we don't need to do anything in the wrappers.
-Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/riscv/translate.c                      | 27 +------------------
- .../riscv/insn_trans/trans_privileged.c.inc   |  4 +--
- target/riscv/insn_trans/trans_rvi.c.inc       |  8 +++---
- target/riscv/insn_trans/trans_rvv.c.inc       |  2 +-
-files changed, 7 insertions(+), 34 deletions(-)
-diff --git a/target/riscv/translate.c b/target/riscv/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/riscv/translate.c
-+++ b/target/riscv/translate.c
-@@ -XXX,XX +XXX,XX @@ static void generate_exception_mtval(DisasContext *ctx, int excp)
-     ctx->base.is_jmp = DISAS_NORETURN;
- }
--static void gen_exception_debug(void)
--{
--    gen_helper_raise_exception(cpu_env, tcg_constant_i32(EXCP_DEBUG));
--}
--
--/* Wrapper around tcg_gen_exit_tb that handles single stepping */
--static void exit_tb(DisasContext *ctx)
--{
--    if (ctx->base.singlestep_enabled) {
--        gen_exception_debug();
--    } else {
--        tcg_gen_exit_tb(NULL, 0);
--    }
--}
--
--/* Wrapper around tcg_gen_lookup_and_goto_ptr that handles single stepping */
--static void lookup_and_goto_ptr(DisasContext *ctx)
--{
--    if (ctx->base.singlestep_enabled) {
--        gen_exception_debug();
--    } else {
--        tcg_gen_lookup_and_goto_ptr();
--    }
--}
--
- static void gen_exception_illegal(DisasContext *ctx)
- {
-     generate_exception(ctx, RISCV_EXCP_ILLEGAL_INST);
-@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
-         tcg_gen_exit_tb(ctx->base.tb, n);
-     } else {
-         tcg_gen_movi_tl(cpu_pc, dest);
--        lookup_and_goto_ptr(ctx);
-+        tcg_gen_lookup_and_goto_ptr();
-     }
- }
-diff --git a/target/riscv/insn_trans/trans_privileged.c.inc b/target/riscv/insn_trans/trans_privileged.c.inc
-index XXXXXXX..XXXXXXX 100644
---- a/target/riscv/insn_trans/trans_privileged.c.inc
-+++ b/target/riscv/insn_trans/trans_privileged.c.inc
-@@ -XXX,XX +XXX,XX @@ static bool trans_sret(DisasContext *ctx, arg_sret *a)
-     if (has_ext(ctx, RVS)) {
-         gen_helper_sret(cpu_pc, cpu_env, cpu_pc);
--        exit_tb(ctx); /* no chaining */
-+        tcg_gen_exit_tb(NULL, 0); /* no chaining */
-         ctx->base.is_jmp = DISAS_NORETURN;
-     } else {
-         return false;
-@@ -XXX,XX +XXX,XX @@ static bool trans_mret(DisasContext *ctx, arg_mret *a)
- #ifndef CONFIG_USER_ONLY
-     tcg_gen_movi_tl(cpu_pc, ctx->base.pc_next);
-     gen_helper_mret(cpu_pc, cpu_env, cpu_pc);
--    exit_tb(ctx); /* no chaining */
-+    tcg_gen_exit_tb(NULL, 0); /* no chaining */
-     ctx->base.is_jmp = DISAS_NORETURN;
-     return true;
- #else
-diff --git a/target/riscv/insn_trans/trans_rvi.c.inc b/target/riscv/insn_trans/trans_rvi.c.inc
-index XXXXXXX..XXXXXXX 100644
---- a/target/riscv/insn_trans/trans_rvi.c.inc
-+++ b/target/riscv/insn_trans/trans_rvi.c.inc
-@@ -XXX,XX +XXX,XX @@ static bool trans_jalr(DisasContext *ctx, arg_jalr *a)
-     if (a->rd != 0) {
-         tcg_gen_movi_tl(cpu_gpr[a->rd], ctx->pc_succ_insn);
-     }
--
--    /* No chaining with JALR. */
--    lookup_and_goto_ptr(ctx);
-+    tcg_gen_lookup_and_goto_ptr();
-     if (misaligned) {
-         gen_set_label(misaligned);
-@@ -XXX,XX +XXX,XX @@ static bool trans_fence_i(DisasContext *ctx, arg_fence_i *a)
-      * however we need to end the translation block
-      */
-     tcg_gen_movi_tl(cpu_pc, ctx->pc_succ_insn);
--    exit_tb(ctx);
-+    tcg_gen_exit_tb(NULL, 0);
-     ctx->base.is_jmp = DISAS_NORETURN;
-     return true;
- }
-@@ -XXX,XX +XXX,XX @@ static bool do_csr_post(DisasContext *ctx)
- {
-     /* We may have changed important cpu state -- exit to main loop. */
-     tcg_gen_movi_tl(cpu_pc, ctx->pc_succ_insn);
--    exit_tb(ctx);
-+    tcg_gen_exit_tb(NULL, 0);
-     ctx->base.is_jmp = DISAS_NORETURN;
-     return true;
- }
-diff --git a/target/riscv/insn_trans/trans_rvv.c.inc b/target/riscv/insn_trans/trans_rvv.c.inc
-index XXXXXXX..XXXXXXX 100644
---- a/target/riscv/insn_trans/trans_rvv.c.inc
-+++ b/target/riscv/insn_trans/trans_rvv.c.inc
-@@ -XXX,XX +XXX,XX @@ static bool trans_vsetvl(DisasContext *ctx, arg_vsetvl *a)
-     gen_set_gpr(ctx, a->rd, dst);
-     tcg_gen_movi_tl(cpu_pc, ctx->pc_succ_insn);
--    lookup_and_goto_ptr(ctx);
-+    tcg_gen_lookup_and_goto_ptr();
-     ctx->base.is_jmp = DISAS_NORETURN;
-     return true;
- }
---
-.25.1

-[PULL 19/24] target/rx: Drop checks for singlestep_enabled
+Deleted patch
-GDB single-stepping is now handled generically.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/rx/helper.h    |  1 -
- target/rx/op_helper.c |  8 --------
- target/rx/translate.c | 12 ++----------
-files changed, 2 insertions(+), 19 deletions(-)
-diff --git a/target/rx/helper.h b/target/rx/helper.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/rx/helper.h
-+++ b/target/rx/helper.h
-@@ -XXX,XX +XXX,XX @@ DEF_HELPER_1(raise_illegal_instruction, noreturn, env)
- DEF_HELPER_1(raise_access_fault, noreturn, env)
- DEF_HELPER_1(raise_privilege_violation, noreturn, env)
- DEF_HELPER_1(wait, noreturn, env)
--DEF_HELPER_1(debug, noreturn, env)
- DEF_HELPER_2(rxint, noreturn, env, i32)
- DEF_HELPER_1(rxbrk, noreturn, env)
- DEF_HELPER_FLAGS_3(fadd, TCG_CALL_NO_WG, f32, env, f32, f32)
-diff --git a/target/rx/op_helper.c b/target/rx/op_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/rx/op_helper.c
-+++ b/target/rx/op_helper.c
-@@ -XXX,XX +XXX,XX @@ void QEMU_NORETURN helper_wait(CPURXState *env)
-     raise_exception(env, EXCP_HLT, 0);
- }
--void QEMU_NORETURN helper_debug(CPURXState *env)
--{
--    CPUState *cs = env_cpu(env);
--
--    cs->exception_index = EXCP_DEBUG;
--    cpu_loop_exit(cs);
--}
--
- void QEMU_NORETURN helper_rxint(CPURXState *env, uint32_t vec)
- {
-     raise_exception(env, 0x100 + vec, 0);
-diff --git a/target/rx/translate.c b/target/rx/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/rx/translate.c
-+++ b/target/rx/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
-         tcg_gen_exit_tb(dc->base.tb, n);
-     } else {
-         tcg_gen_movi_i32(cpu_pc, dest);
--        if (dc->base.singlestep_enabled) {
--            gen_helper_debug(cpu_env);
--        } else {
--            tcg_gen_lookup_and_goto_ptr();
--        }
-+        tcg_gen_lookup_and_goto_ptr();
-     }
-     dc->base.is_jmp = DISAS_NORETURN;
- }
-@@ -XXX,XX +XXX,XX @@ static void rx_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
-         gen_goto_tb(ctx, 0, dcbase->pc_next);
-         break;
-     case DISAS_JUMP:
--        if (ctx->base.singlestep_enabled) {
--            gen_helper_debug(cpu_env);
--        } else {
--            tcg_gen_lookup_and_goto_ptr();
--        }
-+        tcg_gen_lookup_and_goto_ptr();
-         break;
-     case DISAS_UPDATE:
-         tcg_gen_movi_i32(cpu_pc, ctx->base.pc_next);
---
-.25.1

-[PULL 20/24] target/s390x: Drop check for singlestep_enabled
+Deleted patch
-GDB single-stepping is now handled generically.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/s390x/tcg/translate.c | 8 ++------
-file changed, 2 insertions(+), 6 deletions(-)
-diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/s390x/tcg/translate.c
-+++ b/target/s390x/tcg/translate.c
-@@ -XXX,XX +XXX,XX @@ struct DisasContext {
-     uint64_t pc_tmp;
-     uint32_t ilen;
-     enum cc_op cc_op;
--    bool do_debug;
- };
- /* Information carried about a condition to be evaluated.  */
-@@ -XXX,XX +XXX,XX @@ static void s390x_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
-     dc->cc_op = CC_OP_DYNAMIC;
-     dc->ex_value = dc->base.tb->cs_base;
--    dc->do_debug = dc->base.singlestep_enabled;
- }
- static void s390x_tr_tb_start(DisasContextBase *db, CPUState *cs)
-@@ -XXX,XX +XXX,XX @@ static void s390x_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
-         /* FALLTHRU */
-     case DISAS_PC_CC_UPDATED:
-         /* Exit the TB, either by raising a debug exception or by return.  */
--        if (dc->do_debug) {
--            gen_exception(EXCP_DEBUG);
--        } else if ((dc->base.tb->flags & FLAG_MASK_PER) ||
--                   dc->base.is_jmp == DISAS_PC_STALE_NOCHAIN) {
-+        if ((dc->base.tb->flags & FLAG_MASK_PER) ||
-+             dc->base.is_jmp == DISAS_PC_STALE_NOCHAIN) {
-             tcg_gen_exit_tb(NULL, 0);
-         } else {
-             tcg_gen_lookup_and_goto_ptr();
---
-.25.1

-[PULL 21/24] target/sh4: Drop check for singlestep_enabled
+Deleted patch
-GDB single-stepping is now handled generically.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/sh4/helper.h    |  1 -
- target/sh4/op_helper.c |  5 -----
- target/sh4/translate.c | 14 +++-----------
-files changed, 3 insertions(+), 17 deletions(-)
-diff --git a/target/sh4/helper.h b/target/sh4/helper.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/sh4/helper.h
-+++ b/target/sh4/helper.h
-@@ -XXX,XX +XXX,XX @@ DEF_HELPER_1(raise_illegal_instruction, noreturn, env)
- DEF_HELPER_1(raise_slot_illegal_instruction, noreturn, env)
- DEF_HELPER_1(raise_fpu_disable, noreturn, env)
- DEF_HELPER_1(raise_slot_fpu_disable, noreturn, env)
--DEF_HELPER_1(debug, noreturn, env)
- DEF_HELPER_1(sleep, noreturn, env)
- DEF_HELPER_2(trapa, noreturn, env, i32)
- DEF_HELPER_1(exclusive, noreturn, env)
-diff --git a/target/sh4/op_helper.c b/target/sh4/op_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/sh4/op_helper.c
-+++ b/target/sh4/op_helper.c
-@@ -XXX,XX +XXX,XX @@ void helper_raise_slot_fpu_disable(CPUSH4State *env)
-     raise_exception(env, 0x820, 0);
- }
--void helper_debug(CPUSH4State *env)
--{
--    raise_exception(env, EXCP_DEBUG, 0);
--}
--
- void helper_sleep(CPUSH4State *env)
- {
-     CPUState *cs = env_cpu(env);
-diff --git a/target/sh4/translate.c b/target/sh4/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/sh4/translate.c
-+++ b/target/sh4/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
-         tcg_gen_exit_tb(ctx->base.tb, n);
-     } else {
-         tcg_gen_movi_i32(cpu_pc, dest);
--        if (ctx->base.singlestep_enabled) {
--            gen_helper_debug(cpu_env);
--        } else if (use_exit_tb(ctx)) {
-+        if (use_exit_tb(ctx)) {
-             tcg_gen_exit_tb(NULL, 0);
-         } else {
-             tcg_gen_lookup_and_goto_ptr();
-@@ -XXX,XX +XXX,XX @@ static void gen_jump(DisasContext * ctx)
-        delayed jump as immediate jump are conditinal jumps */
-     tcg_gen_mov_i32(cpu_pc, cpu_delayed_pc);
-         tcg_gen_discard_i32(cpu_delayed_pc);
--        if (ctx->base.singlestep_enabled) {
--            gen_helper_debug(cpu_env);
--        } else if (use_exit_tb(ctx)) {
-+        if (use_exit_tb(ctx)) {
-             tcg_gen_exit_tb(NULL, 0);
-         } else {
-             tcg_gen_lookup_and_goto_ptr();
-@@ -XXX,XX +XXX,XX @@ static void sh4_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
-     switch (ctx->base.is_jmp) {
-     case DISAS_STOP:
-         gen_save_cpu_state(ctx, true);
--        if (ctx->base.singlestep_enabled) {
--            gen_helper_debug(cpu_env);
--        } else {
--            tcg_gen_exit_tb(NULL, 0);
--        }
-+        tcg_gen_exit_tb(NULL, 0);
-         break;
-     case DISAS_NEXT:
-     case DISAS_TOO_MANY:
---
-.25.1

-[PULL 22/24] target/tricore: Drop check for singlestep_enabled
+[PULL v2 16/20] accel/tcg: Add fast path for translator_ld*
-GDB single-stepping is now handled generically.
+Cache the translation from guest to host address, so we may
 use direct loads when we hit on the primary translation page.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
+Look up the second translation page only once, during translation.
 This obviates another lookup of the second page within tb_gen_code
 after translation.
 Fixes a bug in that plugin_insn_append should be passed the bytes
 in the original memory order, not bswapped by pieces.
 Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>
 Tested-by: Ilya Leoshkevich <iii@linux.ibm.com>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- target/tricore/helper.h    |  1 -
+ include/exec/translator.h |  63 +++++++++++--------
- target/tricore/op_helper.c |  7 -------
+ accel/tcg/translate-all.c |  23 +++----
- target/tricore/translate.c | 14 +-------------
+ accel/tcg/translator.c    | 126 +++++++++++++++++++++++++++++---------
-files changed, 1 insertion(+), 21 deletions(-)
+files changed, 141 insertions(+), 71 deletions(-)
-diff --git a/target/tricore/helper.h b/target/tricore/helper.h
+diff --git a/include/exec/translator.h b/include/exec/translator.h
 index XXXXXXX..XXXXXXX 100644
---- a/target/tricore/helper.h
+--- a/include/exec/translator.h
-+++ b/target/tricore/helper.h
++++ b/include/exec/translator.h
-@@ -XXX,XX +XXX,XX @@ DEF_HELPER_2(psw_write, void, env, i32)
+@@ -XXX,XX +XXX,XX @@ typedef enum DisasJumpType {
- DEF_HELPER_1(psw_read, i32, env)
+  * Architecture-agnostic disassembly context.
- /* Exceptions */
+  */
- DEF_HELPER_3(raise_exception_sync, noreturn, env, i32, i32)
+ typedef struct DisasContextBase {
--DEF_HELPER_2(qemu_excp, noreturn, env, i32)
+-    const TranslationBlock *tb;
-diff --git a/target/tricore/op_helper.c b/target/tricore/op_helper.c
++    TranslationBlock *tb;
      target_ulong pc_first;
      target_ulong pc_next;
      DisasJumpType is_jmp;
      int num_insns;
      int max_insns;
      bool singlestep_enabled;
 -#ifdef CONFIG_USER_ONLY
 -    /*
 -     * Guest address of the last byte of the last protected page.
 -     *
 -     * Pages containing the translated instructions are made non-writable in
 -     * order to achieve consistency in case another thread is modifying the
 -     * code while translate_insn() fetches the instruction bytes piecemeal.
 -     * Such writer threads are blocked on mmap_lock() in page_unprotect().
 -     */
 -    target_ulong page_protect_end;
 -#endif
 +    void *host_addr[2];
  } DisasContextBase;
  /**
@@ -XXX,XX +XXX,XX @@ bool translator_use_goto_tb(DisasContextBase *db, target_ulong dest);
   * the relevant information at translation time.
   */
 -#define GEN_TRANSLATOR_LD(fullname, type, load_fn, swap_fn)             \
 -    type fullname ## _swap(CPUArchState *env, DisasContextBase *dcbase, \
 -                           abi_ptr pc, bool do_swap);                   \
 -    static inline type fullname(CPUArchState *env,                      \
 -                                DisasContextBase *dcbase, abi_ptr pc)   \
 -    {                                                                   \
 -        return fullname ## _swap(env, dcbase, pc, false);               \
 +uint8_t translator_ldub(CPUArchState *env, DisasContextBase *db, abi_ptr pc);
 +uint16_t translator_lduw(CPUArchState *env, DisasContextBase *db, abi_ptr pc);
 +uint32_t translator_ldl(CPUArchState *env, DisasContextBase *db, abi_ptr pc);
 +uint64_t translator_ldq(CPUArchState *env, DisasContextBase *db, abi_ptr pc);
 +
 +static inline uint16_t
 +translator_lduw_swap(CPUArchState *env, DisasContextBase *db,
 +                     abi_ptr pc, bool do_swap)
 +{
 +    uint16_t ret = translator_lduw(env, db, pc);
 +    if (do_swap) {
 +        ret = bswap16(ret);
      }
 +    return ret;
 +}
 -#define FOR_EACH_TRANSLATOR_LD(F)                                       \
 -    F(translator_ldub, uint8_t, cpu_ldub_code, /* no swap */)           \
 -    F(translator_lduw, uint16_t, cpu_lduw_code, bswap16)                \
 -    F(translator_ldl, uint32_t, cpu_ldl_code, bswap32)                  \
 -    F(translator_ldq, uint64_t, cpu_ldq_code, bswap64)
 +static inline uint32_t
 +translator_ldl_swap(CPUArchState *env, DisasContextBase *db,
 +                    abi_ptr pc, bool do_swap)
 +{
 +    uint32_t ret = translator_ldl(env, db, pc);
 +    if (do_swap) {
 +        ret = bswap32(ret);
 +    }
 +    return ret;
 +}
 -FOR_EACH_TRANSLATOR_LD(GEN_TRANSLATOR_LD)
 -
 -#undef GEN_TRANSLATOR_LD
 +static inline uint64_t
 +translator_ldq_swap(CPUArchState *env, DisasContextBase *db,
 +                    abi_ptr pc, bool do_swap)
 +{
 +    uint64_t ret = translator_ldq(env, db, pc);
 +    if (do_swap) {
 +        ret = bswap64(ret);
 +    }
 +    return ret;
 +}
  /*
   * Return whether addr is on the same page as where disassembly started.
 diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/tricore/op_helper.c
+--- a/accel/tcg/translate-all.c
-+++ b/target/tricore/op_helper.c
++++ b/accel/tcg/translate-all.c
-@@ -XXX,XX +XXX,XX @@ static void raise_exception_sync_helper(CPUTriCoreState *env, uint32_t class,
+@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
-     raise_exception_sync_internal(env, class, tin, pc, 0);
+ {
      CPUArchState *env = cpu->env_ptr;
      TranslationBlock *tb, *existing_tb;
 -    tb_page_addr_t phys_pc, phys_page2;
 -    target_ulong virt_page2;
 +    tb_page_addr_t phys_pc;
      tcg_insn_unit *gen_code_buf;
      int gen_code_size, search_size, max_insns;
  #ifdef CONFIG_PROFILER
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
      tb->flags = flags;
      tb->cflags = cflags;
      tb->trace_vcpu_dstate = *cpu->trace_dstate;
 +    tb->page_addr[0] = phys_pc;
 +    tb->page_addr[1] = -1;
      tcg_ctx->tb_cflags = cflags;
   tb_overflow:
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
      }
      /*
 -     * If the TB is not associated with a physical RAM page then
 -     * it must be a temporary one-insn TB, and we have nothing to do
 -     * except fill in the page_addr[] fields. Return early before
 -     * attempting to link to other TBs or add to the lookup table.
 +     * If the TB is not associated with a physical RAM page then it must be
 +     * a temporary one-insn TB, and we have nothing left to do. Return early
 +     * before attempting to link to other TBs or add to the lookup table.
       */
 -    if (phys_pc == -1) {
 -        tb->page_addr[0] = tb->page_addr[1] = -1;
 +    if (tb->page_addr[0] == -1) {
          return tb;
      }
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
       */
      tcg_tb_insert(tb);
 -    /* check next page if needed */
 -    virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
 -    phys_page2 = -1;
 -    if ((pc & TARGET_PAGE_MASK) != virt_page2) {
 -        phys_page2 = get_page_addr_code(env, virt_page2);
 -    }
      /*
       * No explicit memory barrier is required -- tb_link_page() makes the
       * TB visible in a consistent state.
       */
 -    existing_tb = tb_link_page(tb, phys_pc, phys_page2);
 +    existing_tb = tb_link_page(tb, tb->page_addr[0], tb->page_addr[1]);
      /* if the TB already exists, discard what we just translated */
      if (unlikely(existing_tb != tb)) {
          uintptr_t orig_aligned = (uintptr_t)gen_code_buf;
 diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/translator.c
 +++ b/accel/tcg/translator.c
@@ -XXX,XX +XXX,XX @@ bool translator_use_goto_tb(DisasContextBase *db, target_ulong dest)
      return ((db->pc_first ^ dest) & TARGET_PAGE_MASK) == 0;
  }
--void helper_qemu_excp(CPUTriCoreState *env, uint32_t excp)
+-static inline void translator_page_protect(DisasContextBase *dcbase,
 -                                           target_ulong pc)
 -{
--    CPUState *cs = env_cpu(env);
+-#ifdef CONFIG_USER_ONLY
--    cs->exception_index = excp;
+-    dcbase->page_protect_end = pc | ~TARGET_PAGE_MASK;
--    cpu_loop_exit(cs);
+-    page_protect(pc);
 -#endif
 -}
 -
- /* Addressing mode helper */
+ void translator_loop(CPUState *cpu, TranslationBlock *tb, int max_insns,
+                      target_ulong pc, void *host_pc,
- static uint16_t reverse16(uint16_t val)
+                      const TranslatorOps *ops, DisasContextBase *db)
-diff --git a/target/tricore/translate.c b/target/tricore/translate.c
+@@ -XXX,XX +XXX,XX @@ void translator_loop(CPUState *cpu, TranslationBlock *tb, int max_insns,
-index XXXXXXX..XXXXXXX 100644
+     db->num_insns = 0;
---- a/target/tricore/translate.c
+     db->max_insns = max_insns;
-+++ b/target/tricore/translate.c
+     db->singlestep_enabled = cflags & CF_SINGLE_STEP;
-@@ -XXX,XX +XXX,XX @@ static inline void gen_save_pc(target_ulong pc)
+-    translator_page_protect(db, db->pc_next);
-     tcg_gen_movi_tl(cpu_PC, pc);
++    db->host_addr[0] = host_pc;
 +    db->host_addr[1] = NULL;
 +
 +#ifdef CONFIG_USER_ONLY
 +    page_protect(pc);
 +#endif
      ops->init_disas_context(db, cpu);
      tcg_debug_assert(db->is_jmp == DISAS_NEXT);  /* no early exit */
@@ -XXX,XX +XXX,XX @@ void translator_loop(CPUState *cpu, TranslationBlock *tb, int max_insns,
  #endif
  }
--static void generate_qemu_excp(DisasContext *ctx, int excp)
+-static inline void translator_maybe_page_protect(DisasContextBase *dcbase,
--{
+-                                                 target_ulong pc, size_t len)
--    TCGv_i32 tmp = tcg_const_i32(excp);
++static void *translator_access(CPUArchState *env, DisasContextBase *db,
--    gen_helper_qemu_excp(cpu_env, tmp);
++                               target_ulong pc, size_t len)
 -    ctx->base.is_jmp = DISAS_NORETURN;
 -    tcg_temp_free(tmp);
 -}
 -
  static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
  {
-     if (translator_use_goto_tb(&ctx->base, dest)) {
+-#ifdef CONFIG_USER_ONLY
-@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
+-    target_ulong end = pc + len - 1;
-         tcg_gen_exit_tb(ctx->base.tb, n);
++    void *host;
-     } else {
++    target_ulong base, end;
-         gen_save_pc(dest);
++    TranslationBlock *tb;
--        if (ctx->base.singlestep_enabled) {
--            generate_qemu_excp(ctx, EXCP_DEBUG);
+-    if (end > dcbase->page_protect_end) {
--        } else {
+-        translator_page_protect(dcbase, end);
--            tcg_gen_lookup_and_goto_ptr();
++    tb = db->tb;
--        }
++
-+        tcg_gen_lookup_and_goto_ptr();
++    /* Use slow path if first page is MMIO. */
-     }
++    if (unlikely(tb->page_addr[0] == -1)) {
 +        return NULL;
      }
 +
 +    end = pc + len - 1;
 +    if (likely(is_same_page(db, end))) {
 +        host = db->host_addr[0];
 +        base = db->pc_first;
 +    } else {
 +        host = db->host_addr[1];
 +        base = TARGET_PAGE_ALIGN(db->pc_first);
 +        if (host == NULL) {
 +            tb->page_addr[1] =
 +                get_page_addr_code_hostp(env, base, &db->host_addr[1]);
 +#ifdef CONFIG_USER_ONLY
 +            page_protect(end);
  #endif
 +            /* We cannot handle MMIO as second page. */
 +            assert(tb->page_addr[1] != -1);
 +            host = db->host_addr[1];
 +        }
 +
 +        /* Use slow path when crossing pages. */
 +        if (is_same_page(db, pc)) {
 +            return NULL;
 +        }
 +    }
 +
 +    tcg_debug_assert(pc >= base);
 +    return host + (pc - base);
  }
+-#define GEN_TRANSLATOR_LD(fullname, type, load_fn, swap_fn)             \
+-    type fullname ## _swap(CPUArchState *env, DisasContextBase *dcbase, \
+-                           abi_ptr pc, bool do_swap)                    \
+-    {                                                                   \
+-        translator_maybe_page_protect(dcbase, pc, sizeof(type));        \
+-        type ret = load_fn(env, pc);                                    \
+-        if (do_swap) {                                                  \
+-            ret = swap_fn(ret);                                         \
+-        }                                                               \
+-        plugin_insn_append(pc, &ret, sizeof(ret));                      \
+-        return ret;                                                     \
++uint8_t translator_ldub(CPUArchState *env, DisasContextBase *db, abi_ptr pc)
++{
++    uint8_t ret;
++    void *p = translator_access(env, db, pc, sizeof(ret));
++
++    if (p) {
++        plugin_insn_append(pc, p, sizeof(ret));
++        return ldub_p(p);
+     }
++    ret = cpu_ldub_code(env, pc);
++    plugin_insn_append(pc, &ret, sizeof(ret));
++    return ret;
++}
+-FOR_EACH_TRANSLATOR_LD(GEN_TRANSLATOR_LD)
++uint16_t translator_lduw(CPUArchState *env, DisasContextBase *db, abi_ptr pc)
++{
++    uint16_t ret, plug;
++    void *p = translator_access(env, db, pc, sizeof(ret));
+-#undef GEN_TRANSLATOR_LD
++    if (p) {
++        plugin_insn_append(pc, p, sizeof(ret));
++        return lduw_p(p);
++    }
++    ret = cpu_lduw_code(env, pc);
++    plug = tswap16(ret);
++    plugin_insn_append(pc, &plug, sizeof(ret));
++    return ret;
++}
++
++uint32_t translator_ldl(CPUArchState *env, DisasContextBase *db, abi_ptr pc)
++{
++    uint32_t ret, plug;
++    void *p = translator_access(env, db, pc, sizeof(ret));
++
++    if (p) {
++        plugin_insn_append(pc, p, sizeof(ret));
++        return ldl_p(p);
++    }
++    ret = cpu_ldl_code(env, pc);
++    plug = tswap32(ret);
++    plugin_insn_append(pc, &plug, sizeof(ret));
++    return ret;
++}
++
++uint64_t translator_ldq(CPUArchState *env, DisasContextBase *db, abi_ptr pc)
++{
++    uint64_t ret, plug;
++    void *p = translator_access(env, db, pc, sizeof(ret));
++
++    if (p) {
++        plugin_insn_append(pc, p, sizeof(ret));
++        return ldq_p(p);
++    }
++    ret = cpu_ldq_code(env, pc);
++    plug = tswap64(ret);
++    plugin_insn_append(pc, &plug, sizeof(ret));
++    return ret;
++}
 --
-.25.1
+.34.1

-[PULL 23/24] target/xtensa: Drop check for singlestep_enabled
+Deleted patch
-GDB single-stepping is now handled generically.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/xtensa/translate.c | 25 ++++++++-----------------
-file changed, 8 insertions(+), 17 deletions(-)
-diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/xtensa/translate.c
-+++ b/target/xtensa/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_jump_slot(DisasContext *dc, TCGv dest, int slot)
-     if (dc->icount) {
-         tcg_gen_mov_i32(cpu_SR[ICOUNT], dc->next_icount);
-     }
--    if (dc->base.singlestep_enabled) {
--        gen_exception(dc, EXCP_DEBUG);
-+    if (dc->op_flags & XTENSA_OP_POSTPROCESS) {
-+        slot = gen_postprocess(dc, slot);
-+    }
-+    if (slot >= 0) {
-+        tcg_gen_goto_tb(slot);
-+        tcg_gen_exit_tb(dc->base.tb, slot);
-     } else {
--        if (dc->op_flags & XTENSA_OP_POSTPROCESS) {
--            slot = gen_postprocess(dc, slot);
--        }
--        if (slot >= 0) {
--            tcg_gen_goto_tb(slot);
--            tcg_gen_exit_tb(dc->base.tb, slot);
--        } else {
--            tcg_gen_exit_tb(NULL, 0);
--        }
-+        tcg_gen_exit_tb(NULL, 0);
-     }
-     dc->base.is_jmp = DISAS_NORETURN;
- }
-@@ -XXX,XX +XXX,XX @@ static void xtensa_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
-     case DISAS_NORETURN:
-         break;
-     case DISAS_TOO_MANY:
--        if (dc->base.singlestep_enabled) {
--            tcg_gen_movi_i32(cpu_pc, dc->pc);
--            gen_exception(dc, EXCP_DEBUG);
--        } else {
--            gen_jumpi(dc, dc->pc, 0);
--        }
-+        gen_jumpi(dc, dc->pc, 0);
-         break;
-     default:
-         g_assert_not_reached();
---
-.25.1

-[PULL 24/24] Revert "cpu: Move cpu_common_props to hw/core/cpu.c"
+Deleted patch
-This reverts commit 1b36e4f5a5de585210ea95f2257839c2312be28f.
-Despite a comment saying why cpu_common_props cannot be placed in
-a file that is compiled once, it was moved anyway.  Revert that.
-Since then, Property is not defined in hw/core/cpu.h, so it is now
-easier to declare a function to install the properties rather than
-the Property array itself.
-Cc: Eduardo Habkost <ehabkost@redhat.com>
-Suggested-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/hw/core/cpu.h |  1 +
- cpu.c                 | 21 +++++++++++++++++++++
- hw/core/cpu-common.c  | 17 +----------------
-files changed, 23 insertions(+), 16 deletions(-)
-diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/core/cpu.h
-+++ b/include/hw/core/cpu.h
-@@ -XXX,XX +XXX,XX @@ void QEMU_NORETURN cpu_abort(CPUState *cpu, const char *fmt, ...)
-     GCC_FMT_ATTR(2, 3);
- /* $(top_srcdir)/cpu.c */
-+void cpu_class_init_props(DeviceClass *dc);
- void cpu_exec_initfn(CPUState *cpu);
- void cpu_exec_realizefn(CPUState *cpu, Error **errp);
- void cpu_exec_unrealizefn(CPUState *cpu);
-diff --git a/cpu.c b/cpu.c
-index XXXXXXX..XXXXXXX 100644
---- a/cpu.c
-+++ b/cpu.c
-@@ -XXX,XX +XXX,XX @@ void cpu_exec_unrealizefn(CPUState *cpu)
-     cpu_list_remove(cpu);
- }
-+static Property cpu_common_props[] = {
-+#ifndef CONFIG_USER_ONLY
-+    /*
-+     * Create a memory property for softmmu CPU object,
-+     * so users can wire up its memory. (This can't go in hw/core/cpu.c
-+     * because that file is compiled only once for both user-mode
-+     * and system builds.) The default if no link is set up is to use
-+     * the system address space.
-+     */
-+    DEFINE_PROP_LINK("memory", CPUState, memory, TYPE_MEMORY_REGION,
-+                     MemoryRegion *),
-+#endif
-+    DEFINE_PROP_BOOL("start-powered-off", CPUState, start_powered_off, false),
-+    DEFINE_PROP_END_OF_LIST(),
-+};
-+
-+void cpu_class_init_props(DeviceClass *dc)
-+{
-+    device_class_set_props(dc, cpu_common_props);
-+}
-+
- void cpu_exec_initfn(CPUState *cpu)
- {
-     cpu->as = NULL;
-diff --git a/hw/core/cpu-common.c b/hw/core/cpu-common.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/core/cpu-common.c
-+++ b/hw/core/cpu-common.c
-@@ -XXX,XX +XXX,XX @@ static int64_t cpu_common_get_arch_id(CPUState *cpu)
-     return cpu->cpu_index;
- }
--static Property cpu_common_props[] = {
--#ifndef CONFIG_USER_ONLY
--    /* Create a memory property for softmmu CPU object,
--     * so users can wire up its memory. (This can't go in hw/core/cpu.c
--     * because that file is compiled only once for both user-mode
--     * and system builds.) The default if no link is set up is to use
--     * the system address space.
--     */
--    DEFINE_PROP_LINK("memory", CPUState, memory, TYPE_MEMORY_REGION,
--                     MemoryRegion *),
--#endif
--    DEFINE_PROP_BOOL("start-powered-off", CPUState, start_powered_off, false),
--    DEFINE_PROP_END_OF_LIST(),
--};
--
- static void cpu_class_init(ObjectClass *klass, void *data)
- {
-     DeviceClass *dc = DEVICE_CLASS(klass);
-@@ -XXX,XX +XXX,XX @@ static void cpu_class_init(ObjectClass *klass, void *data)
-     dc->realize = cpu_common_realizefn;
-     dc->unrealize = cpu_common_unrealizefn;
-     dc->reset = cpu_common_reset;
--    device_class_set_props(dc, cpu_common_props);
-+    cpu_class_init_props(dc);
-     /*
-      * Reason: CPUs still need special care by board code: wiring up
-      * IRQs, adding reset handlers, halting non-first CPUs, ...
---
-.25.1

The following changes since commit 6587b0c1331d427b0939c37e763842550ed581db:

Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2021-10-15' into staging (2021-10-15 14:16:28 -0700)

are available in the Git repository at:

https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20211016

for you to fetch changes up to 995b87dedc78b0467f5f18bbc3546072ba97516a:

Revert "cpu: Move cpu_common_props to hw/core/cpu.c" (2021-10-15 16:39:15 -0700)

----------------------------------------------------------------
Move gdb singlestep to generic code
Fix cpu_common_props

----------------------------------------------------------------
Richard Henderson (24):
      accel/tcg: Handle gdb singlestep in cpu_tb_exec
      target/alpha: Drop checks for singlestep_enabled
      target/avr: Drop checks for singlestep_enabled
      target/cris: Drop checks for singlestep_enabled
      target/hexagon: Drop checks for singlestep_enabled
      target/arm: Drop checks for singlestep_enabled
      target/hppa: Drop checks for singlestep_enabled
      target/i386: Check CF_NO_GOTO_TB for dc->jmp_opt
      target/i386: Drop check for singlestep_enabled
      target/m68k: Drop checks for singlestep_enabled
      target/microblaze: Check CF_NO_GOTO_TB for DISAS_JUMP
      target/microblaze: Drop checks for singlestep_enabled
      target/mips: Fix single stepping
      target/mips: Drop exit checks for singlestep_enabled
      target/openrisc: Drop checks for singlestep_enabled
      target/ppc: Drop exit checks for singlestep_enabled
      target/riscv: Remove dead code after exception
      target/riscv: Remove exit_tb and lookup_and_goto_ptr
      target/rx: Drop checks for singlestep_enabled
      target/s390x: Drop check for singlestep_enabled
      target/sh4: Drop check for singlestep_enabled
      target/tricore: Drop check for singlestep_enabled
      target/xtensa: Drop check for singlestep_enabled
      Revert "cpu: Move cpu_common_props to hw/core/cpu.c"

GDB single-stepping is now handled generically.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/alpha/translate.c | 13 +++----------
 1 file changed, 3 insertions(+), 10 deletions(-)

diff --git a/target/alpha/translate.c b/target/alpha/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/alpha/translate.c
+++ b/target/alpha/translate.c
@@ -XXX,XX +XXX,XX @@ static void alpha_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
         tcg_gen_movi_i64(cpu_pc, ctx->base.pc_next);
         /* FALLTHRU */
     case DISAS_PC_UPDATED:
-        if (!ctx->base.singlestep_enabled) {
-            tcg_gen_lookup_and_goto_ptr();
-            break;
-        }
-        /* FALLTHRU */
+        tcg_gen_lookup_and_goto_ptr();
+        break;
     case DISAS_PC_UPDATED_NOCHAIN:
-        if (ctx->base.singlestep_enabled) {
-            gen_excp_1(EXCP_DEBUG, 0);
-        } else {
-            tcg_gen_exit_tb(NULL, 0);
-        }
+        tcg_gen_exit_tb(NULL, 0);
         break;
     default:
         g_assert_not_reached();
-- 
2.25.1

GDB single-stepping is now handled generically.

Tested-by: Michael Rolnik <mrolnik@gmail.com>
Reviewed-by: Michael Rolnik <mrolnik@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/avr/translate.c | 19 ++++---------------
 1 file changed, 4 insertions(+), 15 deletions(-)

diff --git a/target/avr/translate.c b/target/avr/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/avr/translate.c
+++ b/target/avr/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
         tcg_gen_exit_tb(tb, n);
     } else {
         tcg_gen_movi_i32(cpu_pc, dest);
-        if (ctx->base.singlestep_enabled) {
-            gen_helper_debug(cpu_env);
-        } else {
-            tcg_gen_lookup_and_goto_ptr();
-        }
+        tcg_gen_lookup_and_goto_ptr();
     }
     ctx->base.is_jmp = DISAS_NORETURN;
 }
@@ -XXX,XX +XXX,XX @@ static void avr_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
         tcg_gen_movi_tl(cpu_pc, ctx->npc);
         /* fall through */
     case DISAS_LOOKUP:
-        if (!ctx->base.singlestep_enabled) {
-            tcg_gen_lookup_and_goto_ptr();
-            break;
-        }
-        /* fall through */
+        tcg_gen_lookup_and_goto_ptr();
+        break;
     case DISAS_EXIT:
-        if (ctx->base.singlestep_enabled) {
-            gen_helper_debug(cpu_env);
-        } else {
-            tcg_gen_exit_tb(NULL, 0);
-        }
+        tcg_gen_exit_tb(NULL, 0);
         break;
     default:
         g_assert_not_reached();
-- 
2.25.1

GDB single-stepping is now handled generically.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/hexagon/translate.c | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/target/hexagon/translate.c b/target/hexagon/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/hexagon/translate.c
+++ b/target/hexagon/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_end_tb(DisasContext *ctx)
 {
     gen_exec_counters(ctx);
     tcg_gen_mov_tl(hex_gpr[HEX_REG_PC], hex_next_PC);
-    if (ctx->base.singlestep_enabled) {
-        gen_exception_raw(EXCP_DEBUG);
-    } else {
-        tcg_gen_exit_tb(NULL, 0);
-    }
+    tcg_gen_exit_tb(NULL, 0);
     ctx->base.is_jmp = DISAS_NORETURN;
 }
 
@@ -XXX,XX +XXX,XX @@ static void hexagon_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
     case DISAS_TOO_MANY:
         gen_exec_counters(ctx);
         tcg_gen_movi_tl(hex_gpr[HEX_REG_PC], ctx->base.pc_next);
-        if (ctx->base.singlestep_enabled) {
-            gen_exception_raw(EXCP_DEBUG);
-        } else {
-            tcg_gen_exit_tb(NULL, 0);
-        }
+        tcg_gen_exit_tb(NULL, 0);
         break;
     case DISAS_NORETURN:
         break;
-- 
2.25.1

GDB single-stepping is now handled generically.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/translate-a64.c | 10 ++--------
 target/arm/translate.c     | 36 ++++++------------------------------
 2 files changed, 8 insertions(+), 38 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static inline void gen_goto_tb(DisasContext *s, int n, uint64_t dest)
         gen_a64_set_pc_im(dest);
         if (s->ss_active) {
             gen_step_complete_exception(s);
-        } else if (s->base.singlestep_enabled) {
-            gen_exception_internal(EXCP_DEBUG);
         } else {
             tcg_gen_lookup_and_goto_ptr();
             s->base.is_jmp = DISAS_NORETURN;
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
 {
     DisasContext *dc = container_of(dcbase, DisasContext, base);
 
-    if (unlikely(dc->base.singlestep_enabled || dc->ss_active)) {
+    if (unlikely(dc->ss_active)) {
         /* Note that this means single stepping WFI doesn't halt the CPU.
          * For conditional branch insns this is harmless unreachable code as
          * gen_goto_tb() has already handled emitting the debug exception
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
             /* fall through */
         case DISAS_EXIT:
         case DISAS_JUMP:
-            if (dc->base.singlestep_enabled) {
-                gen_exception_internal(EXCP_DEBUG);
-            } else {
-                gen_step_complete_exception(dc);
-            }
+            gen_step_complete_exception(dc);
             break;
         case DISAS_NORETURN:
             break;
diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_exception_internal(int excp)
     tcg_temp_free_i32(tcg_excp);
 }
 
-static void gen_step_complete_exception(DisasContext *s)
+static void gen_singlestep_exception(DisasContext *s)
 {
     /* We just completed step of an insn. Move from Active-not-pending
      * to Active-pending, and then also take the swstep exception.
@@ -XXX,XX +XXX,XX @@ static void gen_step_complete_exception(DisasContext *s)
     s->base.is_jmp = DISAS_NORETURN;
 }
 
-static void gen_singlestep_exception(DisasContext *s)
-{
-    /* Generate the right kind of exception for singlestep, which is
-     * either the architectural singlestep or EXCP_DEBUG for QEMU's
-     * gdb singlestepping.
-     */
-    if (s->ss_active) {
-        gen_step_complete_exception(s);
-    } else {
-        gen_exception_internal(EXCP_DEBUG);
-    }
-}
-
-static inline bool is_singlestepping(DisasContext *s)
-{
-    /* Return true if we are singlestepping either because of
-     * architectural singlestep or QEMU gdbstub singlestep. This does
-     * not include the command line '-singlestep' mode which is rather
-     * misnamed as it only means "one instruction per TB" and doesn't
-     * affect the code we generate.
-     */
-    return s->base.singlestep_enabled || s->ss_active;
-}
-
 void clear_eci_state(DisasContext *s)
 {
     /*
@@ -XXX,XX +XXX,XX @@ static inline void gen_bx_excret_final_code(DisasContext *s)
     /* Is the new PC value in the magic range indicating exception return? */
     tcg_gen_brcondi_i32(TCG_COND_GEU, cpu_R[15], min_magic, excret_label);
     /* No: end the TB as we would for a DISAS_JMP */
-    if (is_singlestepping(s)) {
+    if (s->ss_active) {
         gen_singlestep_exception(s);
     } else {
         tcg_gen_exit_tb(NULL, 0);
@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *s, int n, target_ulong dest)
 /* Jump, specifying which TB number to use if we gen_goto_tb() */
 static inline void gen_jmp_tb(DisasContext *s, uint32_t dest, int tbno)
 {
-    if (unlikely(is_singlestepping(s))) {
+    if (unlikely(s->ss_active)) {
         /* An indirect jump so that we still trigger the debug exception.  */
         gen_set_pc_im(s, dest);
         s->base.is_jmp = DISAS_JUMP;
@@ -XXX,XX +XXX,XX @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
     dc->page_start = dc->base.pc_first & TARGET_PAGE_MASK;
 
     /* If architectural single step active, limit to 1.  */
-    if (is_singlestepping(dc)) {
+    if (dc->ss_active) {
         dc->base.max_insns = 1;
     }
 
@@ -XXX,XX +XXX,XX @@ static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
          * insn codepath itself.
          */
         gen_bx_excret_final_code(dc);
-    } else if (unlikely(is_singlestepping(dc))) {
+    } else if (unlikely(dc->ss_active)) {
         /* Unconditional and "condition passed" instruction codepath. */
         switch (dc->base.is_jmp) {
         case DISAS_SWI:
@@ -XXX,XX +XXX,XX @@ static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
         /* "Condition failed" instruction codepath for the branch/trap insn */
         gen_set_label(dc->condlabel);
         gen_set_condexec(dc);
-        if (unlikely(is_singlestepping(dc))) {
+        if (unlikely(dc->ss_active)) {
             gen_set_pc_im(dc, dc->base.pc_next);
             gen_singlestep_exception(dc);
         } else {
-- 
2.25.1

GDB single-stepping is now handled generically.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/hppa/translate.c | 17 ++++-------------
 1 file changed, 4 insertions(+), 13 deletions(-)

diff --git a/target/hppa/translate.c b/target/hppa/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/hppa/translate.c
+++ b/target/hppa/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *ctx, int which,
     } else {
         copy_iaoq_entry(cpu_iaoq_f, f, cpu_iaoq_b);
         copy_iaoq_entry(cpu_iaoq_b, b, ctx->iaoq_n_var);
-        if (ctx->base.singlestep_enabled) {
-            gen_excp_1(EXCP_DEBUG);
-        } else {
-            tcg_gen_lookup_and_goto_ptr();
-        }
+        tcg_gen_lookup_and_goto_ptr();
     }
 }
 
@@ -XXX,XX +XXX,XX @@ static bool do_rfi(DisasContext *ctx, bool rfi_r)
         gen_helper_rfi(cpu_env);
     }
     /* Exit the TB to recognize new interrupts.  */
-    if (ctx->base.singlestep_enabled) {
-        gen_excp_1(EXCP_DEBUG);
-    } else {
-        tcg_gen_exit_tb(NULL, 0);
-    }
+    tcg_gen_exit_tb(NULL, 0);
     ctx->base.is_jmp = DISAS_NORETURN;
 
     return nullify_end(ctx);
@@ -XXX,XX +XXX,XX @@ static void hppa_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
         nullify_save(ctx);
         /* FALLTHRU */
     case DISAS_IAQ_N_UPDATED:
-        if (ctx->base.singlestep_enabled) {
-            gen_excp_1(EXCP_DEBUG);
-        } else if (is_jmp != DISAS_IAQ_N_STALE_EXIT) {
+        if (is_jmp != DISAS_IAQ_N_STALE_EXIT) {
             tcg_gen_lookup_and_goto_ptr();
+            break;
         }
         /* FALLTHRU */
     case DISAS_EXIT:
-- 
2.25.1

We were using singlestep_enabled as a proxy for whether
translator_use_goto_tb would always return false.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/i386/tcg/translate.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -XXX,XX +XXX,XX @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu)
     DisasContext *dc = container_of(dcbase, DisasContext, base);
     CPUX86State *env = cpu->env_ptr;
     uint32_t flags = dc->base.tb->flags;
+    uint32_t cflags = tb_cflags(dc->base.tb);
     int cpl = (flags >> HF_CPL_SHIFT) & 3;
     int iopl = (flags >> IOPL_SHIFT) & 3;
 
@@ -XXX,XX +XXX,XX @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu)
     dc->cpuid_ext3_features = env->features[FEAT_8000_0001_ECX];
     dc->cpuid_7_0_ebx_features = env->features[FEAT_7_0_EBX];
     dc->cpuid_xsave_features = env->features[FEAT_XSAVE];
-    dc->jmp_opt = !(dc->base.singlestep_enabled ||
+    dc->jmp_opt = !((cflags & CF_NO_GOTO_TB) ||
                     (flags & (HF_TF_MASK | HF_INHIBIT_IRQ_MASK)));
     /*
      * If jmp_opt, we want to handle each string instruction individually.
      * For icount also disable repz optimization so that each iteration
      * is accounted separately.
      */
-    dc->repz_opt = !dc->jmp_opt && !(tb_cflags(dc->base.tb) & CF_USE_ICOUNT);
+    dc->repz_opt = !dc->jmp_opt && !(cflags & CF_USE_ICOUNT);
 
     dc->T0 = tcg_temp_new();
     dc->T1 = tcg_temp_new();
-- 
2.25.1

GDB single-stepping is now handled generically.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/i386/helper.h          | 1 -
 target/i386/tcg/misc_helper.c | 8 --------
 target/i386/tcg/translate.c   | 4 +---
 3 files changed, 1 insertion(+), 12 deletions(-)

diff --git a/target/i386/helper.h b/target/i386/helper.h
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/helper.h
+++ b/target/i386/helper.h
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_2(syscall, void, env, int)
 DEF_HELPER_2(sysret, void, env, int)
 #endif
 DEF_HELPER_FLAGS_2(pause, TCG_CALL_NO_WG, noreturn, env, int)
-DEF_HELPER_FLAGS_1(debug, TCG_CALL_NO_WG, noreturn, env)
 DEF_HELPER_1(reset_rf, void, env)
 DEF_HELPER_FLAGS_3(raise_interrupt, TCG_CALL_NO_WG, noreturn, env, int, int)
 DEF_HELPER_FLAGS_2(raise_exception, TCG_CALL_NO_WG, noreturn, env, int)
diff --git a/target/i386/tcg/misc_helper.c b/target/i386/tcg/misc_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/tcg/misc_helper.c
+++ b/target/i386/tcg/misc_helper.c
@@ -XXX,XX +XXX,XX @@ void QEMU_NORETURN helper_pause(CPUX86State *env, int next_eip_addend)
     do_pause(env);
 }
 
-void QEMU_NORETURN helper_debug(CPUX86State *env)
-{
-    CPUState *cs = env_cpu(env);
-
-    cs->exception_index = EXCP_DEBUG;
-    cpu_loop_exit(cs);
-}
-
 uint64_t helper_rdpkru(CPUX86State *env, uint32_t ecx)
 {
     if ((env->cr[4] & CR4_PKE_MASK) == 0) {
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -XXX,XX +XXX,XX @@ do_gen_eob_worker(DisasContext *s, bool inhibit, bool recheck_tf, bool jr)
     if (s->base.tb->flags & HF_RF_MASK) {
         gen_helper_reset_rf(cpu_env);
     }
-    if (s->base.singlestep_enabled) {
-        gen_helper_debug(cpu_env);
-    } else if (recheck_tf) {
+    if (recheck_tf) {
         gen_helper_rechecking_single_step(cpu_env);
         tcg_gen_exit_tb(NULL, 0);
     } else if (s->flags & HF_TF_MASK) {
-- 
2.25.1

GDB single-stepping is now handled generically.

Acked-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/m68k/translate.c | 44 +++++++++--------------------------------
 1 file changed, 9 insertions(+), 35 deletions(-)

diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -XXX,XX +XXX,XX @@ static void do_writebacks(DisasContext *s)
     }
 }
 
-static bool is_singlestepping(DisasContext *s)
-{
-    /*
-     * Return true if we are singlestepping either because of
-     * architectural singlestep or QEMU gdbstub singlestep. This does
-     * not include the command line '-singlestep' mode which is rather
-     * misnamed as it only means "one instruction per TB" and doesn't
-     * affect the code we generate.
-     */
-    return s->base.singlestep_enabled || s->ss_active;
-}
-
 /* is_jmp field values */
 #define DISAS_JUMP      DISAS_TARGET_0 /* only pc was modified dynamically */
 #define DISAS_EXIT      DISAS_TARGET_1 /* cpu state was modified dynamically */
@@ -XXX,XX +XXX,XX @@ static void gen_exception(DisasContext *s, uint32_t dest, int nr)
     s->base.is_jmp = DISAS_NORETURN;
 }
 
-static void gen_singlestep_exception(DisasContext *s)
-{
-    /*
-     * Generate the right kind of exception for singlestep, which is
-     * either the architectural singlestep or EXCP_DEBUG for QEMU's
-     * gdb singlestepping.
-     */
-    if (s->ss_active) {
-        gen_raise_exception(EXCP_TRACE);
-    } else {
-        gen_raise_exception(EXCP_DEBUG);
-    }
-}
-
 static inline void gen_addr_fault(DisasContext *s)
 {
     gen_exception(s, s->base.pc_next, EXCP_ADDRESS);
@@ -XXX,XX +XXX,XX @@ static void gen_exit_tb(DisasContext *s)
 /* Generate a jump to an immediate address.  */
 static void gen_jmp_tb(DisasContext *s, int n, uint32_t dest)
 {
-    if (unlikely(is_singlestepping(s))) {
+    if (unlikely(s->ss_active)) {
         update_cc_op(s);
         tcg_gen_movi_i32(QREG_PC, dest);
-        gen_singlestep_exception(s);
+        gen_raise_exception(EXCP_TRACE);
     } else if (translator_use_goto_tb(&s->base, dest)) {
         tcg_gen_goto_tb(n);
         tcg_gen_movi_i32(QREG_PC, dest);
@@ -XXX,XX +XXX,XX @@ static void m68k_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu)
 
     dc->ss_active = (M68K_SR_TRACE(env->sr) == M68K_SR_TRACE_ANY_INS);
     /* If architectural single step active, limit to 1 */
-    if (is_singlestepping(dc)) {
+    if (dc->ss_active) {
         dc->base.max_insns = 1;
     }
 }
@@ -XXX,XX +XXX,XX @@ static void m68k_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
         break;
     case DISAS_TOO_MANY:
         update_cc_op(dc);
-        if (is_singlestepping(dc)) {
+        if (dc->ss_active) {
             tcg_gen_movi_i32(QREG_PC, dc->pc);
-            gen_singlestep_exception(dc);
+            gen_raise_exception(EXCP_TRACE);
         } else {
             gen_jmp_tb(dc, 0, dc->pc);
         }
         break;
     case DISAS_JUMP:
         /* We updated CC_OP and PC in gen_jmp/gen_jmp_im.  */
-        if (is_singlestepping(dc)) {
-            gen_singlestep_exception(dc);
+        if (dc->ss_active) {
+            gen_raise_exception(EXCP_TRACE);
         } else {
             tcg_gen_lookup_and_goto_ptr();
         }
@@ -XXX,XX +XXX,XX @@ static void m68k_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
          * We updated CC_OP and PC in gen_exit_tb, but also modified
          * other state that may require returning to the main loop.
          */
-        if (is_singlestepping(dc)) {
-            gen_singlestep_exception(dc);
+        if (dc->ss_active) {
+            gen_raise_exception(EXCP_TRACE);
         } else {
             tcg_gen_exit_tb(NULL, 0);
         }
-- 
2.25.1

We were using singlestep_enabled as a proxy for whether
translator_use_goto_tb would always return false.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/microblaze/translate.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -XXX,XX +XXX,XX @@ static void mb_tr_tb_stop(DisasContextBase *dcb, CPUState *cs)
         break;
 
     case DISAS_JUMP:
-        if (dc->jmp_dest != -1 && !cs->singlestep_enabled) {
+        if (dc->jmp_dest != -1 && !(tb_cflags(dc->base.tb) & CF_NO_GOTO_TB)) {
             /* Direct jump. */
             tcg_gen_discard_i32(cpu_btarget);
 
@@ -XXX,XX +XXX,XX @@ static void mb_tr_tb_stop(DisasContextBase *dcb, CPUState *cs)
             return;
         }
 
-        /* Indirect jump (or direct jump w/ singlestep) */
+        /* Indirect jump (or direct jump w/ goto_tb disabled) */
         tcg_gen_mov_i32(cpu_pc, cpu_btarget);
         tcg_gen_discard_i32(cpu_btarget);
 
-- 
2.25.1

GDB single-stepping is now handled generically.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/microblaze/translate.c | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_raise_hw_excp(DisasContext *dc, uint32_t esr_ec)
 
 static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
 {
-    if (dc->base.singlestep_enabled) {
-        TCGv_i32 tmp = tcg_const_i32(EXCP_DEBUG);
-        tcg_gen_movi_i32(cpu_pc, dest);
-        gen_helper_raise_exception(cpu_env, tmp);
-        tcg_temp_free_i32(tmp);
-    } else if (translator_use_goto_tb(&dc->base, dest)) {
+    if (translator_use_goto_tb(&dc->base, dest)) {
         tcg_gen_goto_tb(n);
         tcg_gen_movi_i32(cpu_pc, dest);
         tcg_gen_exit_tb(dc->base.tb, n);
@@ -XXX,XX +XXX,XX @@ static void mb_tr_tb_stop(DisasContextBase *dcb, CPUState *cs)
         /* Indirect jump (or direct jump w/ goto_tb disabled) */
         tcg_gen_mov_i32(cpu_pc, cpu_btarget);
         tcg_gen_discard_i32(cpu_btarget);
-
-        if (unlikely(cs->singlestep_enabled)) {
-            gen_raise_exception(dc, EXCP_DEBUG);
-        } else {
-            tcg_gen_lookup_and_goto_ptr();
-        }
+        tcg_gen_lookup_and_goto_ptr();
         return;
 
     default:
-- 
2.25.1

As per an ancient comment in mips_tr_translate_insn about the
expectations of gdb, when restarting the insn in a delay slot
we also re-execute the branch.  Which means that we are
expected to execute two insns in this case.

This has been broken since 8b86d6d2580, where we forced max_insns
to 1 while single-stepping.  This resulted in an exit from the
translator loop after the branch but before the delay slot is
translated.

Increase the max_insns to 2 for this case.  In addition, bypass
the end-of-page check, for when the branch itself ends the page.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/mips/tcg/translate.c | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/target/mips/tcg/translate.c b/target/mips/tcg/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/mips/tcg/translate.c
+++ b/target/mips/tcg/translate.c
@@ -XXX,XX +XXX,XX @@ static void mips_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
     ctx->default_tcg_memop_mask = (ctx->insn_flags & (ISA_MIPS_R6 |
                                   INSN_LOONGSON3A)) ? MO_UNALN : MO_ALIGN;
 
+    /*
+     * Execute a branch and its delay slot as a single instruction.
+     * This is what GDB expects and is consistent with what the
+     * hardware does (e.g. if a delay slot instruction faults, the
+     * reported PC is the PC of the branch).
+     */
+    if (ctx->base.singlestep_enabled && (ctx->hflags & MIPS_HFLAG_BMASK)) {
+        ctx->base.max_insns = 2;
+    }
+
     LOG_DISAS("\ntb %p idx %d hflags %04x\n", ctx->base.tb, ctx->mem_idx,
               ctx->hflags);
 }
@@ -XXX,XX +XXX,XX @@ static void mips_tr_translate_insn(DisasContextBase *dcbase, CPUState *cs)
     if (ctx->base.is_jmp != DISAS_NEXT) {
         return;
     }
+
     /*
-     * Execute a branch and its delay slot as a single instruction.
-     * This is what GDB expects and is consistent with what the
-     * hardware does (e.g. if a delay slot instruction faults, the
-     * reported PC is the PC of the branch).
+     * End the TB on (most) page crossings.
+     * See mips_tr_init_disas_context about single-stepping a branch
+     * together with its delay slot.
      */
-    if (ctx->base.singlestep_enabled &&
-        (ctx->hflags & MIPS_HFLAG_BMASK) == 0) {
-        ctx->base.is_jmp = DISAS_TOO_MANY;
-    }
-    if (ctx->base.pc_next - ctx->page_start >= TARGET_PAGE_SIZE) {
+    if (ctx->base.pc_next - ctx->page_start >= TARGET_PAGE_SIZE
+        && !ctx->base.singlestep_enabled) {
         ctx->base.is_jmp = DISAS_TOO_MANY;
     }
 }
-- 
2.25.1

GDB single-stepping is now handled generically.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/mips/tcg/translate.c | 50 +++++++++++++------------------------
 1 file changed, 18 insertions(+), 32 deletions(-)

diff --git a/target/mips/tcg/translate.c b/target/mips/tcg/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/mips/tcg/translate.c
+++ b/target/mips/tcg/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
         tcg_gen_exit_tb(ctx->base.tb, n);
     } else {
         gen_save_pc(dest);
-        if (ctx->base.singlestep_enabled) {
-            save_cpu_state(ctx, 0);
-            gen_helper_raise_exception_debug(cpu_env);
-        } else {
-            tcg_gen_lookup_and_goto_ptr();
-        }
+        tcg_gen_lookup_and_goto_ptr();
     }
 }
 
@@ -XXX,XX +XXX,XX @@ static void gen_branch(DisasContext *ctx, int insn_bytes)
             } else {
                 tcg_gen_mov_tl(cpu_PC, btarget);
             }
-            if (ctx->base.singlestep_enabled) {
-                save_cpu_state(ctx, 0);
-                gen_helper_raise_exception_debug(cpu_env);
-            }
             tcg_gen_lookup_and_goto_ptr();
             break;
         default:
@@ -XXX,XX +XXX,XX @@ static void mips_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
 {
     DisasContext *ctx = container_of(dcbase, DisasContext, base);
 
-    if (ctx->base.singlestep_enabled && ctx->base.is_jmp != DISAS_NORETURN) {
-        save_cpu_state(ctx, ctx->base.is_jmp != DISAS_EXIT);
-        gen_helper_raise_exception_debug(cpu_env);
-    } else {
-        switch (ctx->base.is_jmp) {
-        case DISAS_STOP:
-            gen_save_pc(ctx->base.pc_next);
-            tcg_gen_lookup_and_goto_ptr();
-            break;
-        case DISAS_NEXT:
-        case DISAS_TOO_MANY:
-            save_cpu_state(ctx, 0);
-            gen_goto_tb(ctx, 0, ctx->base.pc_next);
-            break;
-        case DISAS_EXIT:
-            tcg_gen_exit_tb(NULL, 0);
-            break;
-        case DISAS_NORETURN:
-            break;
-        default:
-            g_assert_not_reached();
-        }
+    switch (ctx->base.is_jmp) {
+    case DISAS_STOP:
+        gen_save_pc(ctx->base.pc_next);
+        tcg_gen_lookup_and_goto_ptr();
+        break;
+    case DISAS_NEXT:
+    case DISAS_TOO_MANY:
+        save_cpu_state(ctx, 0);
+        gen_goto_tb(ctx, 0, ctx->base.pc_next);
+        break;
+    case DISAS_EXIT:
+        tcg_gen_exit_tb(NULL, 0);
+        break;
+    case DISAS_NORETURN:
+        break;
+    default:
+        g_assert_not_reached();
     }
 }
 
-- 
2.25.1

GDB single-stepping is now handled generically.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/openrisc/translate.c | 18 +++---------------
 1 file changed, 3 insertions(+), 15 deletions(-)

diff --git a/target/openrisc/translate.c b/target/openrisc/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/openrisc/translate.c
+++ b/target/openrisc/translate.c
@@ -XXX,XX +XXX,XX @@ static void openrisc_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
             /* The jump destination is indirect/computed; use jmp_pc.  */
             tcg_gen_mov_tl(cpu_pc, jmp_pc);
             tcg_gen_discard_tl(jmp_pc);
-            if (unlikely(dc->base.singlestep_enabled)) {
-                gen_exception(dc, EXCP_DEBUG);
-            } else {
-                tcg_gen_lookup_and_goto_ptr();
-            }
+            tcg_gen_lookup_and_goto_ptr();
             break;
         }
         /* The jump destination is direct; use jmp_pc_imm.
@@ -XXX,XX +XXX,XX @@ static void openrisc_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
             break;
         }
         tcg_gen_movi_tl(cpu_pc, jmp_dest);
-        if (unlikely(dc->base.singlestep_enabled)) {
-            gen_exception(dc, EXCP_DEBUG);
-        } else {
-            tcg_gen_lookup_and_goto_ptr();
-        }
+        tcg_gen_lookup_and_goto_ptr();
         break;
 
     case DISAS_EXIT:
-        if (unlikely(dc->base.singlestep_enabled)) {
-            gen_exception(dc, EXCP_DEBUG);
-        } else {
-            tcg_gen_exit_tb(NULL, 0);
-        }
+        tcg_gen_exit_tb(NULL, 0);
         break;
     default:
         g_assert_not_reached();
-- 
2.25.1

GDB single-stepping is now handled generically.
Reuse gen_debug_exception to handle architectural debug exceptions.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/ppc/translate.c | 38 ++++++++------------------------------
 1 file changed, 8 insertions(+), 30 deletions(-)

diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -XXX,XX +XXX,XX @@
 
 #define CPU_SINGLE_STEP 0x1
 #define CPU_BRANCH_STEP 0x2
-#define GDBSTUB_SINGLE_STEP 0x4
 
 /* Include definitions for instructions classes and implementations flags */
 /* #define PPC_DEBUG_DISAS */
@@ -XXX,XX +XXX,XX @@ static uint32_t gen_prep_dbgex(DisasContext *ctx)
 
 static void gen_debug_exception(DisasContext *ctx)
 {
-    gen_helper_raise_exception(cpu_env, tcg_constant_i32(EXCP_DEBUG));
+    gen_helper_raise_exception(cpu_env, tcg_constant_i32(gen_prep_dbgex(ctx)));
     ctx->base.is_jmp = DISAS_NORETURN;
 }
 
@@ -XXX,XX +XXX,XX @@ static inline bool use_goto_tb(DisasContext *ctx, target_ulong dest)
 
 static void gen_lookup_and_goto_ptr(DisasContext *ctx)
 {
-    int sse = ctx->singlestep_enabled;
-    if (unlikely(sse)) {
-        if (sse & GDBSTUB_SINGLE_STEP) {
-            gen_debug_exception(ctx);
-        } else if (sse & (CPU_SINGLE_STEP | CPU_BRANCH_STEP)) {
-            gen_helper_raise_exception(cpu_env, tcg_constant_i32(gen_prep_dbgex(ctx)));
-        } else {
-            tcg_gen_exit_tb(NULL, 0);
-        }
+    if (unlikely(ctx->singlestep_enabled)) {
+        gen_debug_exception(ctx);
     } else {
         tcg_gen_lookup_and_goto_ptr();
     }
@@ -XXX,XX +XXX,XX @@ static void ppc_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
     ctx->singlestep_enabled = 0;
     if ((hflags >> HFLAGS_SE) & 1) {
         ctx->singlestep_enabled |= CPU_SINGLE_STEP;
+        ctx->base.max_insns = 1;
     }
     if ((hflags >> HFLAGS_BE) & 1) {
         ctx->singlestep_enabled |= CPU_BRANCH_STEP;
     }
-    if (unlikely(ctx->base.singlestep_enabled)) {
-        ctx->singlestep_enabled |= GDBSTUB_SINGLE_STEP;
-    }
-
-    if (ctx->singlestep_enabled & (CPU_SINGLE_STEP | GDBSTUB_SINGLE_STEP)) {
-        ctx->base.max_insns = 1;
-    }
 }
 
 static void ppc_tr_tb_start(DisasContextBase *db, CPUState *cs)
@@ -XXX,XX +XXX,XX @@ static void ppc_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
     DisasContext *ctx = container_of(dcbase, DisasContext, base);
     DisasJumpType is_jmp = ctx->base.is_jmp;
     target_ulong nip = ctx->base.pc_next;
-    int sse;
 
     if (is_jmp == DISAS_NORETURN) {
         /* We have already exited the TB. */
@@ -XXX,XX +XXX,XX @@ static void ppc_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
     }
 
     /* Honor single stepping. */
-    sse = ctx->singlestep_enabled & (CPU_SINGLE_STEP | GDBSTUB_SINGLE_STEP);
-    if (unlikely(sse)) {
+    if (unlikely(ctx->singlestep_enabled & CPU_SINGLE_STEP)
+        && (nip <= 0x100 || nip > 0xf00)) {
         switch (is_jmp) {
         case DISAS_TOO_MANY:
         case DISAS_EXIT_UPDATE:
@@ -XXX,XX +XXX,XX @@ static void ppc_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
             g_assert_not_reached();
         }
 
-        if (sse & GDBSTUB_SINGLE_STEP) {
-            gen_debug_exception(ctx);
-            return;
-        }
-        /* else CPU_SINGLE_STEP... */
-        if (nip <= 0x100 || nip > 0xf00) {
-            gen_helper_raise_exception(cpu_env, tcg_constant_i32(gen_prep_dbgex(ctx)));
-            return;
-        }
+        gen_debug_exception(ctx);
+        return;
     }
 
     switch (is_jmp) {
-- 
2.25.1

We have already set DISAS_NORETURN in generate_exception,
which makes the exit_tb unreachable.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/riscv/insn_trans/trans_privileged.c.inc | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/target/riscv/insn_trans/trans_privileged.c.inc b/target/riscv/insn_trans/trans_privileged.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/target/riscv/insn_trans/trans_privileged.c.inc
+++ b/target/riscv/insn_trans/trans_privileged.c.inc
@@ -XXX,XX +XXX,XX @@ static bool trans_ecall(DisasContext *ctx, arg_ecall *a)
 {
     /* always generates U-level ECALL, fixed in do_interrupt handler */
     generate_exception(ctx, RISCV_EXCP_U_ECALL);
-    exit_tb(ctx); /* no chaining */
-    ctx->base.is_jmp = DISAS_NORETURN;
     return true;
 }
 
@@ -XXX,XX +XXX,XX @@ static bool trans_ebreak(DisasContext *ctx, arg_ebreak *a)
         post   = opcode_at(&ctx->base, post_addr);
     }
 
-    if  (pre == 0x01f01013 && ebreak == 0x00100073 && post == 0x40705013) {
+    if (pre == 0x01f01013 && ebreak == 0x00100073 && post == 0x40705013) {
         generate_exception(ctx, RISCV_EXCP_SEMIHOST);
     } else {
         generate_exception(ctx, RISCV_EXCP_BREAKPOINT);
     }
-    exit_tb(ctx); /* no chaining */
-    ctx->base.is_jmp = DISAS_NORETURN;
     return true;
 }
 
-- 
2.25.1

GDB single-stepping is now handled generically, which means
we don't need to do anything in the wrappers.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/riscv/translate.c                      | 27 +------------------
 .../riscv/insn_trans/trans_privileged.c.inc   |  4 +--
 target/riscv/insn_trans/trans_rvi.c.inc       |  8 +++---
 target/riscv/insn_trans/trans_rvv.c.inc       |  2 +-
 4 files changed, 7 insertions(+), 34 deletions(-)

diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -XXX,XX +XXX,XX @@ static void generate_exception_mtval(DisasContext *ctx, int excp)
     ctx->base.is_jmp = DISAS_NORETURN;
 }
 
-static void gen_exception_debug(void)
-{
-    gen_helper_raise_exception(cpu_env, tcg_constant_i32(EXCP_DEBUG));
-}
-
-/* Wrapper around tcg_gen_exit_tb that handles single stepping */
-static void exit_tb(DisasContext *ctx)
-{
-    if (ctx->base.singlestep_enabled) {
-        gen_exception_debug();
-    } else {
-        tcg_gen_exit_tb(NULL, 0);
-    }
-}
-
-/* Wrapper around tcg_gen_lookup_and_goto_ptr that handles single stepping */
-static void lookup_and_goto_ptr(DisasContext *ctx)
-{
-    if (ctx->base.singlestep_enabled) {
-        gen_exception_debug();
-    } else {
-        tcg_gen_lookup_and_goto_ptr();
-    }
-}
-
 static void gen_exception_illegal(DisasContext *ctx)
 {
     generate_exception(ctx, RISCV_EXCP_ILLEGAL_INST);
@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
         tcg_gen_exit_tb(ctx->base.tb, n);
     } else {
         tcg_gen_movi_tl(cpu_pc, dest);
-        lookup_and_goto_ptr(ctx);
+        tcg_gen_lookup_and_goto_ptr();
     }
 }
 
diff --git a/target/riscv/insn_trans/trans_privileged.c.inc b/target/riscv/insn_trans/trans_privileged.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/target/riscv/insn_trans/trans_privileged.c.inc
+++ b/target/riscv/insn_trans/trans_privileged.c.inc
@@ -XXX,XX +XXX,XX @@ static bool trans_sret(DisasContext *ctx, arg_sret *a)
 
     if (has_ext(ctx, RVS)) {
         gen_helper_sret(cpu_pc, cpu_env, cpu_pc);
-        exit_tb(ctx); /* no chaining */
+        tcg_gen_exit_tb(NULL, 0); /* no chaining */
         ctx->base.is_jmp = DISAS_NORETURN;
     } else {
         return false;
@@ -XXX,XX +XXX,XX @@ static bool trans_mret(DisasContext *ctx, arg_mret *a)
 #ifndef CONFIG_USER_ONLY
     tcg_gen_movi_tl(cpu_pc, ctx->base.pc_next);
     gen_helper_mret(cpu_pc, cpu_env, cpu_pc);
-    exit_tb(ctx); /* no chaining */
+    tcg_gen_exit_tb(NULL, 0); /* no chaining */
     ctx->base.is_jmp = DISAS_NORETURN;
     return true;
 #else
diff --git a/target/riscv/insn_trans/trans_rvi.c.inc b/target/riscv/insn_trans/trans_rvi.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/target/riscv/insn_trans/trans_rvi.c.inc
+++ b/target/riscv/insn_trans/trans_rvi.c.inc
@@ -XXX,XX +XXX,XX @@ static bool trans_jalr(DisasContext *ctx, arg_jalr *a)
     if (a->rd != 0) {
         tcg_gen_movi_tl(cpu_gpr[a->rd], ctx->pc_succ_insn);
     }
-
-    /* No chaining with JALR. */
-    lookup_and_goto_ptr(ctx);
+    tcg_gen_lookup_and_goto_ptr();
 
     if (misaligned) {
         gen_set_label(misaligned);
@@ -XXX,XX +XXX,XX @@ static bool trans_fence_i(DisasContext *ctx, arg_fence_i *a)
      * however we need to end the translation block
      */
     tcg_gen_movi_tl(cpu_pc, ctx->pc_succ_insn);
-    exit_tb(ctx);
+    tcg_gen_exit_tb(NULL, 0);
     ctx->base.is_jmp = DISAS_NORETURN;
     return true;
 }
@@ -XXX,XX +XXX,XX @@ static bool do_csr_post(DisasContext *ctx)
 {
     /* We may have changed important cpu state -- exit to main loop. */
     tcg_gen_movi_tl(cpu_pc, ctx->pc_succ_insn);
-    exit_tb(ctx);
+    tcg_gen_exit_tb(NULL, 0);
     ctx->base.is_jmp = DISAS_NORETURN;
     return true;
 }
diff --git a/target/riscv/insn_trans/trans_rvv.c.inc b/target/riscv/insn_trans/trans_rvv.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/target/riscv/insn_trans/trans_rvv.c.inc
+++ b/target/riscv/insn_trans/trans_rvv.c.inc
@@ -XXX,XX +XXX,XX @@ static bool trans_vsetvl(DisasContext *ctx, arg_vsetvl *a)
     gen_set_gpr(ctx, a->rd, dst);
 
     tcg_gen_movi_tl(cpu_pc, ctx->pc_succ_insn);
-    lookup_and_goto_ptr(ctx);
+    tcg_gen_lookup_and_goto_ptr();
     ctx->base.is_jmp = DISAS_NORETURN;
     return true;
 }
-- 
2.25.1

GDB single-stepping is now handled generically.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/rx/helper.h    |  1 -
 target/rx/op_helper.c |  8 --------
 target/rx/translate.c | 12 ++----------
 3 files changed, 2 insertions(+), 19 deletions(-)

diff --git a/target/rx/helper.h b/target/rx/helper.h
index XXXXXXX..XXXXXXX 100644
--- a/target/rx/helper.h
+++ b/target/rx/helper.h
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_1(raise_illegal_instruction, noreturn, env)
 DEF_HELPER_1(raise_access_fault, noreturn, env)
 DEF_HELPER_1(raise_privilege_violation, noreturn, env)
 DEF_HELPER_1(wait, noreturn, env)
-DEF_HELPER_1(debug, noreturn, env)
 DEF_HELPER_2(rxint, noreturn, env, i32)
 DEF_HELPER_1(rxbrk, noreturn, env)
 DEF_HELPER_FLAGS_3(fadd, TCG_CALL_NO_WG, f32, env, f32, f32)
diff --git a/target/rx/op_helper.c b/target/rx/op_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/rx/op_helper.c
+++ b/target/rx/op_helper.c
@@ -XXX,XX +XXX,XX @@ void QEMU_NORETURN helper_wait(CPURXState *env)
     raise_exception(env, EXCP_HLT, 0);
 }
 
-void QEMU_NORETURN helper_debug(CPURXState *env)
-{
-    CPUState *cs = env_cpu(env);
-
-    cs->exception_index = EXCP_DEBUG;
-    cpu_loop_exit(cs);
-}
-
 void QEMU_NORETURN helper_rxint(CPURXState *env, uint32_t vec)
 {
     raise_exception(env, 0x100 + vec, 0);
diff --git a/target/rx/translate.c b/target/rx/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/rx/translate.c
+++ b/target/rx/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
         tcg_gen_exit_tb(dc->base.tb, n);
     } else {
         tcg_gen_movi_i32(cpu_pc, dest);
-        if (dc->base.singlestep_enabled) {
-            gen_helper_debug(cpu_env);
-        } else {
-            tcg_gen_lookup_and_goto_ptr();
-        }
+        tcg_gen_lookup_and_goto_ptr();
     }
     dc->base.is_jmp = DISAS_NORETURN;
 }
@@ -XXX,XX +XXX,XX @@ static void rx_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
         gen_goto_tb(ctx, 0, dcbase->pc_next);
         break;
     case DISAS_JUMP:
-        if (ctx->base.singlestep_enabled) {
-            gen_helper_debug(cpu_env);
-        } else {
-            tcg_gen_lookup_and_goto_ptr();
-        }
+        tcg_gen_lookup_and_goto_ptr();
         break;
     case DISAS_UPDATE:
         tcg_gen_movi_i32(cpu_pc, ctx->base.pc_next);
-- 
2.25.1

GDB single-stepping is now handled generically.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/s390x/tcg/translate.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/tcg/translate.c
+++ b/target/s390x/tcg/translate.c
@@ -XXX,XX +XXX,XX @@ struct DisasContext {
     uint64_t pc_tmp;
     uint32_t ilen;
     enum cc_op cc_op;
-    bool do_debug;
 };
 
 /* Information carried about a condition to be evaluated.  */
@@ -XXX,XX +XXX,XX @@ static void s390x_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
 
     dc->cc_op = CC_OP_DYNAMIC;
     dc->ex_value = dc->base.tb->cs_base;
-    dc->do_debug = dc->base.singlestep_enabled;
 }
 
 static void s390x_tr_tb_start(DisasContextBase *db, CPUState *cs)
@@ -XXX,XX +XXX,XX @@ static void s390x_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
         /* FALLTHRU */
     case DISAS_PC_CC_UPDATED:
         /* Exit the TB, either by raising a debug exception or by return.  */
-        if (dc->do_debug) {
-            gen_exception(EXCP_DEBUG);
-        } else if ((dc->base.tb->flags & FLAG_MASK_PER) ||
-                   dc->base.is_jmp == DISAS_PC_STALE_NOCHAIN) {
+        if ((dc->base.tb->flags & FLAG_MASK_PER) ||
+             dc->base.is_jmp == DISAS_PC_STALE_NOCHAIN) {
             tcg_gen_exit_tb(NULL, 0);
         } else {
             tcg_gen_lookup_and_goto_ptr();
-- 
2.25.1

GDB single-stepping is now handled generically.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/sh4/helper.h    |  1 -
 target/sh4/op_helper.c |  5 -----
 target/sh4/translate.c | 14 +++-----------
 3 files changed, 3 insertions(+), 17 deletions(-)

diff --git a/target/sh4/helper.h b/target/sh4/helper.h
index XXXXXXX..XXXXXXX 100644
--- a/target/sh4/helper.h
+++ b/target/sh4/helper.h
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_1(raise_illegal_instruction, noreturn, env)
 DEF_HELPER_1(raise_slot_illegal_instruction, noreturn, env)
 DEF_HELPER_1(raise_fpu_disable, noreturn, env)
 DEF_HELPER_1(raise_slot_fpu_disable, noreturn, env)
-DEF_HELPER_1(debug, noreturn, env)
 DEF_HELPER_1(sleep, noreturn, env)
 DEF_HELPER_2(trapa, noreturn, env, i32)
 DEF_HELPER_1(exclusive, noreturn, env)
diff --git a/target/sh4/op_helper.c b/target/sh4/op_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sh4/op_helper.c
+++ b/target/sh4/op_helper.c
@@ -XXX,XX +XXX,XX @@ void helper_raise_slot_fpu_disable(CPUSH4State *env)
     raise_exception(env, 0x820, 0);
 }
 
-void helper_debug(CPUSH4State *env)
-{
-    raise_exception(env, EXCP_DEBUG, 0);
-}
-
 void helper_sleep(CPUSH4State *env)
 {
     CPUState *cs = env_cpu(env);
diff --git a/target/sh4/translate.c b/target/sh4/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sh4/translate.c
+++ b/target/sh4/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
         tcg_gen_exit_tb(ctx->base.tb, n);
     } else {
         tcg_gen_movi_i32(cpu_pc, dest);
-        if (ctx->base.singlestep_enabled) {
-            gen_helper_debug(cpu_env);
-        } else if (use_exit_tb(ctx)) {
+        if (use_exit_tb(ctx)) {
             tcg_gen_exit_tb(NULL, 0);
         } else {
             tcg_gen_lookup_and_goto_ptr();
@@ -XXX,XX +XXX,XX @@ static void gen_jump(DisasContext * ctx)
 	   delayed jump as immediate jump are conditinal jumps */
 	tcg_gen_mov_i32(cpu_pc, cpu_delayed_pc);
         tcg_gen_discard_i32(cpu_delayed_pc);
-        if (ctx->base.singlestep_enabled) {
-            gen_helper_debug(cpu_env);
-        } else if (use_exit_tb(ctx)) {
+        if (use_exit_tb(ctx)) {
             tcg_gen_exit_tb(NULL, 0);
         } else {
             tcg_gen_lookup_and_goto_ptr();
@@ -XXX,XX +XXX,XX @@ static void sh4_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
     switch (ctx->base.is_jmp) {
     case DISAS_STOP:
         gen_save_cpu_state(ctx, true);
-        if (ctx->base.singlestep_enabled) {
-            gen_helper_debug(cpu_env);
-        } else {
-            tcg_gen_exit_tb(NULL, 0);
-        }
+        tcg_gen_exit_tb(NULL, 0);
         break;
     case DISAS_NEXT:
     case DISAS_TOO_MANY:
-- 
2.25.1

GDB single-stepping is now handled generically.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/tricore/helper.h    |  1 -
 target/tricore/op_helper.c |  7 -------
 target/tricore/translate.c | 14 +-------------
 3 files changed, 1 insertion(+), 21 deletions(-)

diff --git a/target/tricore/helper.h b/target/tricore/helper.h
index XXXXXXX..XXXXXXX 100644
--- a/target/tricore/helper.h
+++ b/target/tricore/helper.h
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_2(psw_write, void, env, i32)
 DEF_HELPER_1(psw_read, i32, env)
 /* Exceptions */
 DEF_HELPER_3(raise_exception_sync, noreturn, env, i32, i32)
-DEF_HELPER_2(qemu_excp, noreturn, env, i32)
diff --git a/target/tricore/op_helper.c b/target/tricore/op_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/tricore/op_helper.c
+++ b/target/tricore/op_helper.c
@@ -XXX,XX +XXX,XX @@ static void raise_exception_sync_helper(CPUTriCoreState *env, uint32_t class,
     raise_exception_sync_internal(env, class, tin, pc, 0);
 }
 
-void helper_qemu_excp(CPUTriCoreState *env, uint32_t excp)
-{
-    CPUState *cs = env_cpu(env);
-    cs->exception_index = excp;
-    cpu_loop_exit(cs);
-}
-
 /* Addressing mode helper */
 
 static uint16_t reverse16(uint16_t val)
diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -XXX,XX +XXX,XX @@ static inline void gen_save_pc(target_ulong pc)
     tcg_gen_movi_tl(cpu_PC, pc);
 }
 
-static void generate_qemu_excp(DisasContext *ctx, int excp)
-{
-    TCGv_i32 tmp = tcg_const_i32(excp);
-    gen_helper_qemu_excp(cpu_env, tmp);
-    ctx->base.is_jmp = DISAS_NORETURN;
-    tcg_temp_free(tmp);
-}
-
 static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
 {
     if (translator_use_goto_tb(&ctx->base, dest)) {
@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
         tcg_gen_exit_tb(ctx->base.tb, n);
     } else {
         gen_save_pc(dest);
-        if (ctx->base.singlestep_enabled) {
-            generate_qemu_excp(ctx, EXCP_DEBUG);
-        } else {
-            tcg_gen_lookup_and_goto_ptr();
-        }
+        tcg_gen_lookup_and_goto_ptr();
     }
 }
 
-- 
2.25.1

GDB single-stepping is now handled generically.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/xtensa/translate.c | 25 ++++++++-----------------
 1 file changed, 8 insertions(+), 17 deletions(-)

diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/xtensa/translate.c
+++ b/target/xtensa/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_jump_slot(DisasContext *dc, TCGv dest, int slot)
     if (dc->icount) {
         tcg_gen_mov_i32(cpu_SR[ICOUNT], dc->next_icount);
     }
-    if (dc->base.singlestep_enabled) {
-        gen_exception(dc, EXCP_DEBUG);
+    if (dc->op_flags & XTENSA_OP_POSTPROCESS) {
+        slot = gen_postprocess(dc, slot);
+    }
+    if (slot >= 0) {
+        tcg_gen_goto_tb(slot);
+        tcg_gen_exit_tb(dc->base.tb, slot);
     } else {
-        if (dc->op_flags & XTENSA_OP_POSTPROCESS) {
-            slot = gen_postprocess(dc, slot);
-        }
-        if (slot >= 0) {
-            tcg_gen_goto_tb(slot);
-            tcg_gen_exit_tb(dc->base.tb, slot);
-        } else {
-            tcg_gen_exit_tb(NULL, 0);
-        }
+        tcg_gen_exit_tb(NULL, 0);
     }
     dc->base.is_jmp = DISAS_NORETURN;
 }
@@ -XXX,XX +XXX,XX @@ static void xtensa_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
     case DISAS_NORETURN:
         break;
     case DISAS_TOO_MANY:
-        if (dc->base.singlestep_enabled) {
-            tcg_gen_movi_i32(cpu_pc, dc->pc);
-            gen_exception(dc, EXCP_DEBUG);
-        } else {
-            gen_jumpi(dc, dc->pc, 0);
-        }
+        gen_jumpi(dc, dc->pc, 0);
         break;
     default:
         g_assert_not_reached();
-- 
2.25.1

This reverts commit 1b36e4f5a5de585210ea95f2257839c2312be28f.

Despite a comment saying why cpu_common_props cannot be placed in
a file that is compiled once, it was moved anyway.  Revert that.

Since then, Property is not defined in hw/core/cpu.h, so it is now
easier to declare a function to install the properties rather than
the Property array itself.

Cc: Eduardo Habkost <ehabkost@redhat.com>
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/hw/core/cpu.h |  1 +
 cpu.c                 | 21 +++++++++++++++++++++
 hw/core/cpu-common.c  | 17 +----------------
 3 files changed, 23 insertions(+), 16 deletions(-)

diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -XXX,XX +XXX,XX @@ void QEMU_NORETURN cpu_abort(CPUState *cpu, const char *fmt, ...)
     GCC_FMT_ATTR(2, 3);
 
 /* $(top_srcdir)/cpu.c */
+void cpu_class_init_props(DeviceClass *dc);
 void cpu_exec_initfn(CPUState *cpu);
 void cpu_exec_realizefn(CPUState *cpu, Error **errp);
 void cpu_exec_unrealizefn(CPUState *cpu);
diff --git a/cpu.c b/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/cpu.c
+++ b/cpu.c
@@ -XXX,XX +XXX,XX @@ void cpu_exec_unrealizefn(CPUState *cpu)
     cpu_list_remove(cpu);
 }
 
+static Property cpu_common_props[] = {
+#ifndef CONFIG_USER_ONLY
+    /*
+     * Create a memory property for softmmu CPU object,
+     * so users can wire up its memory. (This can't go in hw/core/cpu.c
+     * because that file is compiled only once for both user-mode
+     * and system builds.) The default if no link is set up is to use
+     * the system address space.
+     */
+    DEFINE_PROP_LINK("memory", CPUState, memory, TYPE_MEMORY_REGION,
+                     MemoryRegion *),
+#endif
+    DEFINE_PROP_BOOL("start-powered-off", CPUState, start_powered_off, false),
+    DEFINE_PROP_END_OF_LIST(),
+};
+
+void cpu_class_init_props(DeviceClass *dc)
+{
+    device_class_set_props(dc, cpu_common_props);
+}
+
 void cpu_exec_initfn(CPUState *cpu)
 {
     cpu->as = NULL;
diff --git a/hw/core/cpu-common.c b/hw/core/cpu-common.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/core/cpu-common.c
+++ b/hw/core/cpu-common.c
@@ -XXX,XX +XXX,XX @@ static int64_t cpu_common_get_arch_id(CPUState *cpu)
     return cpu->cpu_index;
 }
 
-static Property cpu_common_props[] = {
-#ifndef CONFIG_USER_ONLY
-    /* Create a memory property for softmmu CPU object,
-     * so users can wire up its memory. (This can't go in hw/core/cpu.c
-     * because that file is compiled only once for both user-mode
-     * and system builds.) The default if no link is set up is to use
-     * the system address space.
-     */
-    DEFINE_PROP_LINK("memory", CPUState, memory, TYPE_MEMORY_REGION,
-                     MemoryRegion *),
-#endif
-    DEFINE_PROP_BOOL("start-powered-off", CPUState, start_powered_off, false),
-    DEFINE_PROP_END_OF_LIST(),
-};
-
 static void cpu_class_init(ObjectClass *klass, void *data)
 {
     DeviceClass *dc = DEVICE_CLASS(klass);
@@ -XXX,XX +XXX,XX @@ static void cpu_class_init(ObjectClass *klass, void *data)
     dc->realize = cpu_common_realizefn;
     dc->unrealize = cpu_common_unrealizefn;
     dc->reset = cpu_common_reset;
-    device_class_set_props(dc, cpu_common_props);
+    cpu_class_init_props(dc);
     /*
      * Reason: CPUs still need special care by board code: wiring up
      * IRQs, adding reset handlers, halting non-first CPUs, ...
-- 
2.25.1

v2: Fix incorretly resolved rebase conflict in patch 16.

The following changes since commit 61fd710b8da8aedcea9b4f197283dc38638e4b60:

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging (2022-09-02 13:24:28 -0400)

are available in the Git repository at:

https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20220904

for you to fetch changes up to cc64de1fdeb81bc1ab8bb6c7c24bfd4fc9b28ef2:

target/riscv: Make translator stop before the end of a page (2022-09-03 09:27:05 +0100)

----------------------------------------------------------------
Respect PROT_EXEC in user-only mode.
Fix s390x, i386 and riscv for translations crossing a page.

----------------------------------------------------------------
Ilya Leoshkevich (4):
      linux-user: Clear translations on mprotect()
      accel/tcg: Introduce is_same_page()
      target/s390x: Make translator stop before the end of a page
      target/i386: Make translator stop before the end of a page

Richard Henderson (16):
      linux-user/arm: Mark the commpage executable
      linux-user/hppa: Allocate page zero as a commpage
      linux-user/x86_64: Allocate vsyscall page as a commpage
      linux-user: Honor PT_GNU_STACK
      tests/tcg/i386: Move smc_code2 to an executable section
      accel/tcg: Properly implement get_page_addr_code for user-only
      accel/tcg: Unlock mmap_lock after longjmp
      accel/tcg: Make tb_htable_lookup static
      accel/tcg: Move qemu_ram_addr_from_host_nofail to physmem.c
      accel/tcg: Use probe_access_internal for softmmu get_page_addr_code_hostp
      accel/tcg: Document the faulting lookup in tb_lookup_cmp
      accel/tcg: Remove translator_ldsw
      accel/tcg: Add pc and host_pc params to gen_intermediate_code
      accel/tcg: Add fast path for translator_ld*
      target/riscv: Add MAX_INSN_LEN and insn_len
      target/riscv: Make translator stop before the end of a page

include/elf.h                     |   1 +
 include/exec/cpu-common.h         |   1 +
 include/exec/exec-all.h           |  89 ++++++++----------------
 include/exec/translator.h         |  96 ++++++++++++++++---------
 linux-user/arm/target_cpu.h       |   4 +-
 linux-user/qemu.h                 |   1 +
 accel/tcg/cpu-exec.c              | 143 ++++++++++++++++++++------------------
 accel/tcg/cputlb.c                |  93 +++++++------------------
 accel/tcg/translate-all.c         |  29 ++++----
 accel/tcg/translator.c            | 135 ++++++++++++++++++++++++++---------
 accel/tcg/user-exec.c             |  17 ++++-
 linux-user/elfload.c              |  82 ++++++++++++++++++++--
 linux-user/mmap.c                 |   6 +-
 softmmu/physmem.c                 |  12 ++++
 target/alpha/translate.c          |   5 +-
 target/arm/translate.c            |   5 +-
 target/avr/translate.c            |   5 +-
 target/cris/translate.c           |   5 +-
 target/hexagon/translate.c        |   6 +-
 target/hppa/translate.c           |   5 +-
 target/i386/tcg/translate.c       |  71 +++++++++++--------
 target/loongarch/translate.c      |   6 +-
 target/m68k/translate.c           |   5 +-
 target/microblaze/translate.c     |   5 +-
 target/mips/tcg/translate.c       |   5 +-
 target/nios2/translate.c          |   5 +-
 target/openrisc/translate.c       |   6 +-
 target/ppc/translate.c            |   5 +-
 target/riscv/translate.c          |  32 +++++++--
 target/rx/translate.c             |   5 +-
 target/s390x/tcg/translate.c      |  20 ++++--
 target/sh4/translate.c            |   5 +-
 target/sparc/translate.c          |   5 +-
 target/tricore/translate.c        |   6 +-
 target/xtensa/translate.c         |   6 +-
 tests/tcg/i386/test-i386.c        |   2 +-
 tests/tcg/riscv64/noexec.c        |  79 +++++++++++++++++++++
 tests/tcg/s390x/noexec.c          | 106 ++++++++++++++++++++++++++++
 tests/tcg/x86_64/noexec.c         |  75 ++++++++++++++++++++
 tests/tcg/multiarch/noexec.c.inc  | 139 ++++++++++++++++++++++++++++++++++++
 tests/tcg/riscv64/Makefile.target |   1 +
 tests/tcg/s390x/Makefile.target   |   1 +
 tests/tcg/x86_64/Makefile.target  |   3 +-
 43 files changed, 966 insertions(+), 367 deletions(-)
 create mode 100644 tests/tcg/riscv64/noexec.c
 create mode 100644 tests/tcg/s390x/noexec.c
 create mode 100644 tests/tcg/x86_64/noexec.c
 create mode 100644 tests/tcg/multiarch/noexec.c.inc

Cache the translation from guest to host address, so we may
use direct loads when we hit on the primary translation page.

Look up the second translation page only once, during translation.
This obviates another lookup of the second page within tb_gen_code
after translation.

Fixes a bug in that plugin_insn_append should be passed the bytes
in the original memory order, not bswapped by pieces.

Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>
Tested-by: Ilya Leoshkevich <iii@linux.ibm.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/exec/translator.h |  63 +++++++++++--------
 accel/tcg/translate-all.c |  23 +++----
 accel/tcg/translator.c    | 126 +++++++++++++++++++++++++++++---------
 3 files changed, 141 insertions(+), 71 deletions(-)

diff --git a/include/exec/translator.h b/include/exec/translator.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/translator.h
+++ b/include/exec/translator.h
@@ -XXX,XX +XXX,XX @@ typedef enum DisasJumpType {
  * Architecture-agnostic disassembly context.
  */
 typedef struct DisasContextBase {
-    const TranslationBlock *tb;
+    TranslationBlock *tb;
     target_ulong pc_first;
     target_ulong pc_next;
     DisasJumpType is_jmp;
     int num_insns;
     int max_insns;
     bool singlestep_enabled;
-#ifdef CONFIG_USER_ONLY
-    /*
-     * Guest address of the last byte of the last protected page.
-     *
-     * Pages containing the translated instructions are made non-writable in
-     * order to achieve consistency in case another thread is modifying the
-     * code while translate_insn() fetches the instruction bytes piecemeal.
-     * Such writer threads are blocked on mmap_lock() in page_unprotect().
-     */
-    target_ulong page_protect_end;
-#endif
+    void *host_addr[2];
 } DisasContextBase;
 
 /**
@@ -XXX,XX +XXX,XX @@ bool translator_use_goto_tb(DisasContextBase *db, target_ulong dest);
  * the relevant information at translation time.
  */
 
-#define GEN_TRANSLATOR_LD(fullname, type, load_fn, swap_fn)             \
-    type fullname ## _swap(CPUArchState *env, DisasContextBase *dcbase, \
-                           abi_ptr pc, bool do_swap);                   \
-    static inline type fullname(CPUArchState *env,                      \
-                                DisasContextBase *dcbase, abi_ptr pc)   \
-    {                                                                   \
-        return fullname ## _swap(env, dcbase, pc, false);               \
+uint8_t translator_ldub(CPUArchState *env, DisasContextBase *db, abi_ptr pc);
+uint16_t translator_lduw(CPUArchState *env, DisasContextBase *db, abi_ptr pc);
+uint32_t translator_ldl(CPUArchState *env, DisasContextBase *db, abi_ptr pc);
+uint64_t translator_ldq(CPUArchState *env, DisasContextBase *db, abi_ptr pc);
+
+static inline uint16_t
+translator_lduw_swap(CPUArchState *env, DisasContextBase *db,
+                     abi_ptr pc, bool do_swap)
+{
+    uint16_t ret = translator_lduw(env, db, pc);
+    if (do_swap) {
+        ret = bswap16(ret);
     }
+    return ret;
+}
 
-#define FOR_EACH_TRANSLATOR_LD(F)                                       \
-    F(translator_ldub, uint8_t, cpu_ldub_code, /* no swap */)           \
-    F(translator_lduw, uint16_t, cpu_lduw_code, bswap16)                \
-    F(translator_ldl, uint32_t, cpu_ldl_code, bswap32)                  \
-    F(translator_ldq, uint64_t, cpu_ldq_code, bswap64)
+static inline uint32_t
+translator_ldl_swap(CPUArchState *env, DisasContextBase *db,
+                    abi_ptr pc, bool do_swap)
+{
+    uint32_t ret = translator_ldl(env, db, pc);
+    if (do_swap) {
+        ret = bswap32(ret);
+    }
+    return ret;
+}
 
-FOR_EACH_TRANSLATOR_LD(GEN_TRANSLATOR_LD)
-
-#undef GEN_TRANSLATOR_LD
+static inline uint64_t
+translator_ldq_swap(CPUArchState *env, DisasContextBase *db,
+                    abi_ptr pc, bool do_swap)
+{
+    uint64_t ret = translator_ldq(env, db, pc);
+    if (do_swap) {
+        ret = bswap64(ret);
+    }
+    return ret;
+}
 
 /*
  * Return whether addr is on the same page as where disassembly started.
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
 {
     CPUArchState *env = cpu->env_ptr;
     TranslationBlock *tb, *existing_tb;
-    tb_page_addr_t phys_pc, phys_page2;
-    target_ulong virt_page2;
+    tb_page_addr_t phys_pc;
     tcg_insn_unit *gen_code_buf;
     int gen_code_size, search_size, max_insns;
 #ifdef CONFIG_PROFILER
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
     tb->flags = flags;
     tb->cflags = cflags;
     tb->trace_vcpu_dstate = *cpu->trace_dstate;
+    tb->page_addr[0] = phys_pc;
+    tb->page_addr[1] = -1;
     tcg_ctx->tb_cflags = cflags;
  tb_overflow:
 
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
     }
 
     /*
-     * If the TB is not associated with a physical RAM page then
-     * it must be a temporary one-insn TB, and we have nothing to do
-     * except fill in the page_addr[] fields. Return early before
-     * attempting to link to other TBs or add to the lookup table.
+     * If the TB is not associated with a physical RAM page then it must be
+     * a temporary one-insn TB, and we have nothing left to do. Return early
+     * before attempting to link to other TBs or add to the lookup table.
      */
-    if (phys_pc == -1) {
-        tb->page_addr[0] = tb->page_addr[1] = -1;
+    if (tb->page_addr[0] == -1) {
         return tb;
     }
 
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
      */
     tcg_tb_insert(tb);
 
-    /* check next page if needed */
-    virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
-    phys_page2 = -1;
-    if ((pc & TARGET_PAGE_MASK) != virt_page2) {
-        phys_page2 = get_page_addr_code(env, virt_page2);
-    }
     /*
      * No explicit memory barrier is required -- tb_link_page() makes the
      * TB visible in a consistent state.
      */
-    existing_tb = tb_link_page(tb, phys_pc, phys_page2);
+    existing_tb = tb_link_page(tb, tb->page_addr[0], tb->page_addr[1]);
     /* if the TB already exists, discard what we just translated */
     if (unlikely(existing_tb != tb)) {
         uintptr_t orig_aligned = (uintptr_t)gen_code_buf;
diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translator.c
+++ b/accel/tcg/translator.c
@@ -XXX,XX +XXX,XX @@ bool translator_use_goto_tb(DisasContextBase *db, target_ulong dest)
     return ((db->pc_first ^ dest) & TARGET_PAGE_MASK) == 0;
 }
 
-static inline void translator_page_protect(DisasContextBase *dcbase,
-                                           target_ulong pc)
-{
-#ifdef CONFIG_USER_ONLY
-    dcbase->page_protect_end = pc | ~TARGET_PAGE_MASK;
-    page_protect(pc);
-#endif
-}
-
 void translator_loop(CPUState *cpu, TranslationBlock *tb, int max_insns,
                      target_ulong pc, void *host_pc,
                      const TranslatorOps *ops, DisasContextBase *db)
@@ -XXX,XX +XXX,XX @@ void translator_loop(CPUState *cpu, TranslationBlock *tb, int max_insns,
     db->num_insns = 0;
     db->max_insns = max_insns;
     db->singlestep_enabled = cflags & CF_SINGLE_STEP;
-    translator_page_protect(db, db->pc_next);
+    db->host_addr[0] = host_pc;
+    db->host_addr[1] = NULL;
+
+#ifdef CONFIG_USER_ONLY
+    page_protect(pc);
+#endif
 
     ops->init_disas_context(db, cpu);
     tcg_debug_assert(db->is_jmp == DISAS_NEXT);  /* no early exit */
@@ -XXX,XX +XXX,XX @@ void translator_loop(CPUState *cpu, TranslationBlock *tb, int max_insns,
 #endif
 }
 
-static inline void translator_maybe_page_protect(DisasContextBase *dcbase,
-                                                 target_ulong pc, size_t len)
+static void *translator_access(CPUArchState *env, DisasContextBase *db,
+                               target_ulong pc, size_t len)
 {
-#ifdef CONFIG_USER_ONLY
-    target_ulong end = pc + len - 1;
+    void *host;
+    target_ulong base, end;
+    TranslationBlock *tb;
 
-    if (end > dcbase->page_protect_end) {
-        translator_page_protect(dcbase, end);
+    tb = db->tb;
+
+    /* Use slow path if first page is MMIO. */
+    if (unlikely(tb->page_addr[0] == -1)) {
+        return NULL;
     }
+
+    end = pc + len - 1;
+    if (likely(is_same_page(db, end))) {
+        host = db->host_addr[0];
+        base = db->pc_first;
+    } else {
+        host = db->host_addr[1];
+        base = TARGET_PAGE_ALIGN(db->pc_first);
+        if (host == NULL) {
+            tb->page_addr[1] =
+                get_page_addr_code_hostp(env, base, &db->host_addr[1]);
+#ifdef CONFIG_USER_ONLY
+            page_protect(end);
 #endif
+            /* We cannot handle MMIO as second page. */
+            assert(tb->page_addr[1] != -1);
+            host = db->host_addr[1];
+        }
+
+        /* Use slow path when crossing pages. */
+        if (is_same_page(db, pc)) {
+            return NULL;
+        }
+    }
+
+    tcg_debug_assert(pc >= base);
+    return host + (pc - base);
 }
 
-#define GEN_TRANSLATOR_LD(fullname, type, load_fn, swap_fn)             \
-    type fullname ## _swap(CPUArchState *env, DisasContextBase *dcbase, \
-                           abi_ptr pc, bool do_swap)                    \
-    {                                                                   \
-        translator_maybe_page_protect(dcbase, pc, sizeof(type));        \
-        type ret = load_fn(env, pc);                                    \
-        if (do_swap) {                                                  \
-            ret = swap_fn(ret);                                         \
-        }                                                               \
-        plugin_insn_append(pc, &ret, sizeof(ret));                      \
-        return ret;                                                     \
+uint8_t translator_ldub(CPUArchState *env, DisasContextBase *db, abi_ptr pc)
+{
+    uint8_t ret;
+    void *p = translator_access(env, db, pc, sizeof(ret));
+
+    if (p) {
+        plugin_insn_append(pc, p, sizeof(ret));
+        return ldub_p(p);
     }
+    ret = cpu_ldub_code(env, pc);
+    plugin_insn_append(pc, &ret, sizeof(ret));
+    return ret;
+}
 
-FOR_EACH_TRANSLATOR_LD(GEN_TRANSLATOR_LD)
+uint16_t translator_lduw(CPUArchState *env, DisasContextBase *db, abi_ptr pc)
+{
+    uint16_t ret, plug;
+    void *p = translator_access(env, db, pc, sizeof(ret));
 
-#undef GEN_TRANSLATOR_LD
+    if (p) {
+        plugin_insn_append(pc, p, sizeof(ret));
+        return lduw_p(p);
+    }
+    ret = cpu_lduw_code(env, pc);
+    plug = tswap16(ret);
+    plugin_insn_append(pc, &plug, sizeof(ret));
+    return ret;
+}
+
+uint32_t translator_ldl(CPUArchState *env, DisasContextBase *db, abi_ptr pc)
+{
+    uint32_t ret, plug;
+    void *p = translator_access(env, db, pc, sizeof(ret));
+
+    if (p) {
+        plugin_insn_append(pc, p, sizeof(ret));
+        return ldl_p(p);
+    }
+    ret = cpu_ldl_code(env, pc);
+    plug = tswap32(ret);
+    plugin_insn_append(pc, &plug, sizeof(ret));
+    return ret;
+}
+
+uint64_t translator_ldq(CPUArchState *env, DisasContextBase *db, abi_ptr pc)
+{
+    uint64_t ret, plug;
+    void *p = translator_access(env, db, pc, sizeof(ret));
+
+    if (p) {
+        plugin_insn_append(pc, p, sizeof(ret));
+        return ldq_p(p);
+    }
+    ret = cpu_ldq_code(env, pc);
+    plug = tswap64(ret);
+    plugin_insn_append(pc, &plug, sizeof(ret));
+    return ret;
+}
-- 
2.34.1