Series comparison

-[PULL 00/11] tcg patch queue
+[PULL 0/4] tcg patch queue
-The following changes since commit 75d30fde55485b965a1168a21d016dd07b50ed32:
+Pretty small still, but there are two patches that ought
 to get backported to stable, so no point in delaying.
-  Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into staging (2022-10-30 15:07:25 -0400)
+r~
 The following changes since commit a5ba0a7e4e150d1350a041f0d0ef9ca6c8d7c307:
   Merge tag 'pull-aspeed-20241211' of https://github.com/legoater/qemu into staging (2024-12-11 15:16:47 +0000)
 are available in the Git repository at:
-  https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20221031
+  https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20241212
-for you to fetch changes up to cb375590983fc3d23600d02ba05a05d34fe44150:
+for you to fetch changes up to 7ac87b14a92234b6a89b701b4043ad6cf8bdcccf:
-  target/i386: Expand eflags updates inline (2022-10-31 11:39:10 +1100)
+  target/sparc: Use memcpy() and remove memcpy32() (2024-12-12 14:28:38 -0600)
 ----------------------------------------------------------------
-Remove sparc32plus support from tcg/sparc.
+tcg: Reset free_temps before tcg_optimize
-target/i386: Use cpu_unwind_state_data for tpr access.
+tcg/riscv: Fix StoreStore barrier generation
-target/i386: Expand eflags updates inline
+include/exec: Introduce fpst alias in helper-head.h.inc
 target/sparc: Use memcpy() and remove memcpy32()
 ----------------------------------------------------------------
-Icenowy Zheng (1):
+Philippe Mathieu-Daudé (1):
-      tcg/tci: fix logic error when registering helpers via FFI
+      target/sparc: Use memcpy() and remove memcpy32()
-Richard Henderson (10):
+Richard Henderson (2):
-      tcg/sparc: Remove support for sparc32plus
+      tcg: Reset free_temps before tcg_optimize
-      tcg/sparc64: Rename from tcg/sparc
+      include/exec: Introduce fpst alias in helper-head.h.inc
       tcg/sparc64: Remove sparc32plus constraints
       accel/tcg: Introduce cpu_unwind_state_data
       target/i386: Use cpu_unwind_state_data for tpr access
       target/openrisc: Always exit after mtspr npc
       target/openrisc: Use cpu_unwind_state_data for mfspr
       accel/tcg: Remove will_exit argument from cpu_restore_state
       accel/tcg: Remove reset_icount argument from cpu_restore_state_from_tb
       target/i386: Expand eflags updates inline
- meson.build                                 |   4 +-
+Roman Artemev (1):
- accel/tcg/internal.h                        |   4 +-
+      tcg/riscv: Fix StoreStore barrier generation
- include/exec/exec-all.h                     |  24 ++-
- target/i386/helper.h                        |   5 -
+ include/tcg/tcg-temp-internal.h |  6 ++++++
- tcg/{sparc => sparc64}/tcg-target-con-set.h |  16 +-
+ accel/tcg/plugin-gen.c          |  2 +-
- tcg/{sparc => sparc64}/tcg-target-con-str.h |   3 -
+ target/sparc/win_helper.c       | 26 ++++++++------------------
- tcg/{sparc => sparc64}/tcg-target.h         |  11 --
+ tcg/tcg.c                       |  5 ++++-
- accel/tcg/cpu-exec-common.c                 |   2 +-
+ include/exec/helper-head.h.inc  |  3 +++
- accel/tcg/tb-maint.c                        |   4 +-
+ tcg/riscv/tcg-target.c.inc      |  2 +-
- accel/tcg/translate-all.c                   |  91 +++++----
+files changed, 23 insertions(+), 21 deletions(-)
- target/alpha/helper.c                       |   2 +-
  target/alpha/mem_helper.c                   |   2 +-
  target/arm/op_helper.c                      |   2 +-
  target/arm/tlb_helper.c                     |   8 +-
  target/cris/helper.c                        |   2 +-
  target/i386/helper.c                        |  21 ++-
  target/i386/tcg/cc_helper.c                 |  41 -----
  target/i386/tcg/sysemu/svm_helper.c         |   2 +-
  target/i386/tcg/translate.c                 |  30 ++-
  target/m68k/op_helper.c                     |   4 +-
  target/microblaze/helper.c                  |   2 +-
  target/nios2/op_helper.c                    |   2 +-
  target/openrisc/sys_helper.c                |  17 +-
  target/ppc/excp_helper.c                    |   2 +-
  target/s390x/tcg/excp_helper.c              |   2 +-
  target/tricore/op_helper.c                  |   2 +-
  target/xtensa/helper.c                      |   6 +-
  tcg/tcg.c                                   |  81 +-------
  tcg/{sparc => sparc64}/tcg-target.c.inc     | 275 ++++++++--------------------
  MAINTAINERS                                 |   2 +-
 files changed, 232 insertions(+), 437 deletions(-)
  rename tcg/{sparc => sparc64}/tcg-target-con-set.h (69%)
  rename tcg/{sparc => sparc64}/tcg-target-con-str.h (77%)
  rename tcg/{sparc => sparc64}/tcg-target.h (95%)
  rename tcg/{sparc => sparc64}/tcg-target.c.inc (91%)

-[PULL 01/11] tcg/sparc: Remove support for sparc32plus
+[PULL 1/4] tcg: Reset free_temps before tcg_optimize
-Since 9b9c37c36439, we have only supported sparc64 cpus.
+When allocating new temps during tcg_optmize, do not re-use
-Debian and Gentoo now only support 64-bit sparc64 userland,
+any EBB temps that were used within the TB.  We do not have
-so it is time to drop the 32-bit sparc64 userland: sparc32plus.
+any idea what span of the TB in which the temp was live.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Introduce tcg_temp_ebb_reset_freed and use before tcg_optimize,
 as well as replacing the equivalent in plugin_gen_inject and
 tcg_func_start.
 Cc: qemu-stable@nongnu.org
 Fixes: fb04ab7ddd8 ("tcg/optimize: Lower TCG_COND_TST{EQ,NE} if unsupported")
 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2711
 Reported-by: wannacu <wannacu2049@gmail.com>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
 Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- tcg/sparc/tcg-target.h     |  11 ---
+ include/tcg/tcg-temp-internal.h | 6 ++++++
- tcg/tcg.c                  |  75 +----------------
+ accel/tcg/plugin-gen.c          | 2 +-
- tcg/sparc/tcg-target.c.inc | 166 +++++++------------------------------
+ tcg/tcg.c                       | 5 ++++-
-files changed, 33 insertions(+), 219 deletions(-)
+files changed, 11 insertions(+), 2 deletions(-)
-diff --git a/tcg/sparc/tcg-target.h b/tcg/sparc/tcg-target.h
+diff --git a/include/tcg/tcg-temp-internal.h b/include/tcg/tcg-temp-internal.h
 index XXXXXXX..XXXXXXX 100644
---- a/tcg/sparc/tcg-target.h
+--- a/include/tcg/tcg-temp-internal.h
-+++ b/tcg/sparc/tcg-target.h
++++ b/include/tcg/tcg-temp-internal.h
-@@ -XXX,XX +XXX,XX @@
+@@ -XXX,XX +XXX,XX @@ TCGv_i64 tcg_temp_ebb_new_i64(void);
- #ifndef SPARC_TCG_TARGET_H
+ TCGv_ptr tcg_temp_ebb_new_ptr(void);
- #define SPARC_TCG_TARGET_H
+ TCGv_i128 tcg_temp_ebb_new_i128(void);
--#define TCG_TARGET_REG_BITS 64
++/* Forget all freed EBB temps, so that new allocations produce new temps. */
--
++static inline void tcg_temp_ebb_reset_freed(TCGContext *s)
- #define TCG_TARGET_INSN_UNIT_SIZE 4
++{
- #define TCG_TARGET_TLB_DISPLACEMENT_BITS 32
++    memset(s->free_temps, 0, sizeof(s->free_temps));
- #define TCG_TARGET_NB_REGS 32
++}
-@@ -XXX,XX +XXX,XX @@ typedef enum {
++
- /* used for function call generation */
+ #endif /* TCG_TEMP_FREE_H */
- #define TCG_REG_CALL_STACK TCG_REG_O6
+diff --git a/accel/tcg/plugin-gen.c b/accel/tcg/plugin-gen.c
+index XXXXXXX..XXXXXXX 100644
--#ifdef __arch64__
+--- a/accel/tcg/plugin-gen.c
- #define TCG_TARGET_STACK_BIAS           2047
++++ b/accel/tcg/plugin-gen.c
- #define TCG_TARGET_STACK_ALIGN          16
+@@ -XXX,XX +XXX,XX @@ static void plugin_gen_inject(struct qemu_plugin_tb *plugin_tb)
- #define TCG_TARGET_CALL_STACK_OFFSET    (128 + 6*8 + TCG_TARGET_STACK_BIAS)
+      * that might be live within the existing opcode stream.
--#else
+      * The simplest solution is to release them all and create new.
--#define TCG_TARGET_STACK_BIAS           0
+      */
--#define TCG_TARGET_STACK_ALIGN          8
+-    memset(tcg_ctx->free_temps, 0, sizeof(tcg_ctx->free_temps));
--#define TCG_TARGET_CALL_STACK_OFFSET    (64 + 4 + 6*4)
++    tcg_temp_ebb_reset_freed(tcg_ctx);
--#endif
--
+     QTAILQ_FOREACH_SAFE(op, &tcg_ctx->ops, link, next) {
--#ifdef __arch64__
+         switch (op->opc) {
  #define TCG_TARGET_EXTEND_ARGS 1
 -#endif
  #if defined(__VIS__) && __VIS__ >= 0x300
  #define use_vis3_instructions  1
 diff --git a/tcg/tcg.c b/tcg/tcg.c
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/tcg.c
 +++ b/tcg/tcg.c
-@@ -XXX,XX +XXX,XX @@ void tcg_gen_callN(void *func, TCGTemp *ret, int nargs, TCGTemp **args)
+@@ -XXX,XX +XXX,XX @@ void tcg_func_start(TCGContext *s)
      s->nb_temps = s->nb_globals;
      /* No temps have been previously allocated for size or locality.  */
 -    memset(s->free_temps, 0, sizeof(s->free_temps));
 +    tcg_temp_ebb_reset_freed(s);
      /* No constant temps have been previously allocated. */
      for (int i = 0; i < TCG_TYPE_COUNT; ++i) {
@@ -XXX,XX +XXX,XX @@ int tcg_gen_code(TCGContext *s, TranslationBlock *tb, uint64_t pc_start)
      }
  #endif
--#if defined(__sparc__) && !defined(__arch64__) \
++    /* Do not reuse any EBB that may be allocated within the TB. */
--    && !defined(CONFIG_TCG_INTERPRETER)
++    tcg_temp_ebb_reset_freed(s);
 -    /* We have 64-bit values in one register, but need to pass as two
 -       separate parameters.  Split them.  */
 -    int orig_typemask = typemask;
 -    int orig_nargs = nargs;
 -    TCGv_i64 retl, reth;
 -    TCGTemp *split_args[MAX_OPC_PARAM];
 -
 -    retl = NULL;
 -    reth = NULL;
 -    typemask = 0;
 -    for (i = real_args = 0; i < nargs; ++i) {
 -        int argtype = extract32(orig_typemask, (i + 1) * 3, 3);
 -        bool is_64bit = (argtype & ~1) == dh_typecode_i64;
 -
 -        if (is_64bit) {
 -            TCGv_i64 orig = temp_tcgv_i64(args[i]);
 -            TCGv_i32 h = tcg_temp_new_i32();
 -            TCGv_i32 l = tcg_temp_new_i32();
 -            tcg_gen_extr_i64_i32(l, h, orig);
 -            split_args[real_args++] = tcgv_i32_temp(h);
 -            typemask |= dh_typecode_i32 << (real_args * 3);
 -            split_args[real_args++] = tcgv_i32_temp(l);
 -            typemask |= dh_typecode_i32 << (real_args * 3);
 -        } else {
 -            split_args[real_args++] = args[i];
 -            typemask |= argtype << (real_args * 3);
 -        }
 -    }
 -    nargs = real_args;
 -    args = split_args;
 -#elif defined(TCG_TARGET_EXTEND_ARGS) && TCG_TARGET_REG_BITS == 64
 +#if defined(TCG_TARGET_EXTEND_ARGS) && TCG_TARGET_REG_BITS == 64
      for (i = 0; i < nargs; ++i) {
          int argtype = extract32(typemask, (i + 1) * 3, 3);
          bool is_32bit = (argtype & ~1) == dh_typecode_i32;
@@ -XXX,XX +XXX,XX @@ void tcg_gen_callN(void *func, TCGTemp *ret, int nargs, TCGTemp **args)
      pi = 0;
      if (ret != NULL) {
 -#if defined(__sparc__) && !defined(__arch64__) \
 -    && !defined(CONFIG_TCG_INTERPRETER)
 -        if ((typemask & 6) == dh_typecode_i64) {
 -            /* The 32-bit ABI is going to return the 64-bit value in
 -               the %o0/%o1 register pair.  Prepare for this by using
 -               two return temporaries, and reassemble below.  */
 -            retl = tcg_temp_new_i64();
 -            reth = tcg_temp_new_i64();
 -            op->args[pi++] = tcgv_i64_arg(reth);
 -            op->args[pi++] = tcgv_i64_arg(retl);
 -            nb_rets = 2;
 -        } else {
 -            op->args[pi++] = temp_arg(ret);
 -            nb_rets = 1;
 -        }
 -#else
          if (TCG_TARGET_REG_BITS < 64 && (typemask & 6) == dh_typecode_i64) {
  #if HOST_BIG_ENDIAN
              op->args[pi++] = temp_arg(ret + 1);
@@ -XXX,XX +XXX,XX @@ void tcg_gen_callN(void *func, TCGTemp *ret, int nargs, TCGTemp **args)
              op->args[pi++] = temp_arg(ret);
              nb_rets = 1;
          }
 -#endif
      } else {
          nb_rets = 0;
      }
@@ -XXX,XX +XXX,XX @@ void tcg_gen_callN(void *func, TCGTemp *ret, int nargs, TCGTemp **args)
      tcg_debug_assert(TCGOP_CALLI(op) == real_args);
      tcg_debug_assert(pi <= ARRAY_SIZE(op->args));
 -#if defined(__sparc__) && !defined(__arch64__) \
 -    && !defined(CONFIG_TCG_INTERPRETER)
 -    /* Free all of the parts we allocated above.  */
 -    for (i = real_args = 0; i < orig_nargs; ++i) {
 -        int argtype = extract32(orig_typemask, (i + 1) * 3, 3);
 -        bool is_64bit = (argtype & ~1) == dh_typecode_i64;
 -
 -        if (is_64bit) {
 -            tcg_temp_free_internal(args[real_args++]);
 -            tcg_temp_free_internal(args[real_args++]);
 -        } else {
 -            real_args++;
 -        }
 -    }
 -    if ((orig_typemask & 6) == dh_typecode_i64) {
 -        /* The 32-bit ABI returned two 32-bit pieces.  Re-assemble them.
 -           Note that describing these as TCGv_i64 eliminates an unnecessary
 -           zero-extension that tcg_gen_concat_i32_i64 would create.  */
 -        tcg_gen_concat32_i64(temp_tcgv_i64(ret), retl, reth);
 -        tcg_temp_free_i64(retl);
 -        tcg_temp_free_i64(reth);
 -    }
 -#elif defined(TCG_TARGET_EXTEND_ARGS) && TCG_TARGET_REG_BITS == 64
 +#if defined(TCG_TARGET_EXTEND_ARGS) && TCG_TARGET_REG_BITS == 64
      for (i = 0; i < nargs; ++i) {
          int argtype = extract32(typemask, (i + 1) * 3, 3);
          bool is_32bit = (argtype & ~1) == dh_typecode_i32;
 diff --git a/tcg/sparc/tcg-target.c.inc b/tcg/sparc/tcg-target.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/sparc/tcg-target.c.inc
 +++ b/tcg/sparc/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@
   * THE SOFTWARE.
   */
 +/* We only support generating code for 64-bit mode.  */
 +#ifndef __arch64__
 +#error "unsupported code generation mode"
 +#endif
 +
- #include "../tcg-pool.c.inc"
+     tcg_optimize(s);
- #ifdef CONFIG_DEBUG_TCG
+     reachable_code_pass(s);
@@ -XXX,XX +XXX,XX @@ static const char * const tcg_target_reg_names[TCG_TARGET_NB_REGS] = {
  };
  #endif
 -#ifdef __arch64__
 -# define SPARC64 1
 -#else
 -# define SPARC64 0
 -#endif
 -
  #define TCG_CT_CONST_S11  0x100
  #define TCG_CT_CONST_S13  0x200
  #define TCG_CT_CONST_ZERO 0x400
@@ -XXX,XX +XXX,XX @@ static const char * const tcg_target_reg_names[TCG_TARGET_NB_REGS] = {
   * high bits of the %i and %l registers garbage at all times.
   */
  #define ALL_GENERAL_REGS     MAKE_64BIT_MASK(0, 32)
 -#if SPARC64
  # define ALL_GENERAL_REGS64  ALL_GENERAL_REGS
 -#else
 -# define ALL_GENERAL_REGS64  MAKE_64BIT_MASK(0, 16)
 -#endif
  #define ALL_QLDST_REGS       (ALL_GENERAL_REGS & ~SOFTMMU_RESERVE_REGS)
  #define ALL_QLDST_REGS64     (ALL_GENERAL_REGS64 & ~SOFTMMU_RESERVE_REGS)
@@ -XXX,XX +XXX,XX @@ static bool check_fit_i32(int32_t val, unsigned int bits)
  }
  #define check_fit_tl    check_fit_i64
 -#if SPARC64
 -# define check_fit_ptr  check_fit_i64
 -#else
 -# define check_fit_ptr  check_fit_i32
 -#endif
 +#define check_fit_ptr   check_fit_i64
  static bool patch_reloc(tcg_insn_unit *src_rw, int type,
                          intptr_t value, intptr_t addend)
@@ -XXX,XX +XXX,XX @@ static void tcg_out_sety(TCGContext *s, TCGReg rs)
      tcg_out32(s, WRY | INSN_RS1(TCG_REG_G0) | INSN_RS2(rs));
  }
 -static void tcg_out_rdy(TCGContext *s, TCGReg rd)
 -{
 -    tcg_out32(s, RDY | INSN_RD(rd));
 -}
 -
  static void tcg_out_div32(TCGContext *s, TCGReg rd, TCGReg rs1,
                            int32_t val2, int val2const, int uns)
  {
@@ -XXX,XX +XXX,XX @@ static void emit_extend(TCGContext *s, TCGReg r, int op)
          tcg_out_arithi(s, r, r, 16, SHIFT_SRL);
          break;
      case MO_32:
 -        if (SPARC64) {
 -            tcg_out_arith(s, r, r, 0, SHIFT_SRL);
 -        }
 +        tcg_out_arith(s, r, r, 0, SHIFT_SRL);
          break;
      case MO_64:
          break;
@@ -XXX,XX +XXX,XX @@ static void build_trampolines(TCGContext *s)
      };
      int i;
 -    TCGReg ra;
      for (i = 0; i < ARRAY_SIZE(qemu_ld_helpers); ++i) {
          if (qemu_ld_helpers[i] == NULL) {
@@ -XXX,XX +XXX,XX @@ static void build_trampolines(TCGContext *s)
          }
          qemu_ld_trampoline[i] = tcg_splitwx_to_rx(s->code_ptr);
 -        if (SPARC64 || TARGET_LONG_BITS == 32) {
 -            ra = TCG_REG_O3;
 -        } else {
 -            /* Install the high part of the address.  */
 -            tcg_out_arithi(s, TCG_REG_O1, TCG_REG_O2, 32, SHIFT_SRLX);
 -            ra = TCG_REG_O4;
 -        }
 -
          /* Set the retaddr operand.  */
 -        tcg_out_mov(s, TCG_TYPE_PTR, ra, TCG_REG_O7);
 +        tcg_out_mov(s, TCG_TYPE_PTR, TCG_REG_O3, TCG_REG_O7);
          /* Tail call.  */
          tcg_out_jmpl_const(s, qemu_ld_helpers[i], true, true);
          /* delay slot -- set the env argument */
@@ -XXX,XX +XXX,XX @@ static void build_trampolines(TCGContext *s)
          }
          qemu_st_trampoline[i] = tcg_splitwx_to_rx(s->code_ptr);
 -        if (SPARC64) {
 -            emit_extend(s, TCG_REG_O2, i);
 -            ra = TCG_REG_O4;
 -        } else {
 -            ra = TCG_REG_O1;
 -            if (TARGET_LONG_BITS == 64) {
 -                /* Install the high part of the address.  */
 -                tcg_out_arithi(s, ra, ra + 1, 32, SHIFT_SRLX);
 -                ra += 2;
 -            } else {
 -                ra += 1;
 -            }
 -            if ((i & MO_SIZE) == MO_64) {
 -                /* Install the high part of the data.  */
 -                tcg_out_arithi(s, ra, ra + 1, 32, SHIFT_SRLX);
 -                ra += 2;
 -            } else {
 -                emit_extend(s, ra, i);
 -                ra += 1;
 -            }
 -            /* Skip the oi argument.  */
 -            ra += 1;
 -        }
 -
 +        emit_extend(s, TCG_REG_O2, i);
 +
          /* Set the retaddr operand.  */
 -        if (ra >= TCG_REG_O6) {
 -            tcg_out_st(s, TCG_TYPE_PTR, TCG_REG_O7, TCG_REG_CALL_STACK,
 -                       TCG_TARGET_CALL_STACK_OFFSET);
 -        } else {
 -            tcg_out_mov(s, TCG_TYPE_PTR, ra, TCG_REG_O7);
 -        }
 +        tcg_out_mov(s, TCG_TYPE_PTR, TCG_REG_O4, TCG_REG_O7);
          /* Tail call.  */
          tcg_out_jmpl_const(s, qemu_st_helpers[i], true, true);
@@ -XXX,XX +XXX,XX @@ static void build_trampolines(TCGContext *s)
              qemu_unalign_st_trampoline = tcg_splitwx_to_rx(s->code_ptr);
          }
 -        if (!SPARC64 && TARGET_LONG_BITS == 64) {
 -            /* Install the high part of the address.  */
 -            tcg_out_arithi(s, TCG_REG_O1, TCG_REG_O2, 32, SHIFT_SRLX);
 -        }
 -
          /* Tail call.  */
          tcg_out_jmpl_const(s, helper, true, true);
          /* delay slot -- set the env argument */
@@ -XXX,XX +XXX,XX @@ static TCGReg tcg_out_tlb_load(TCGContext *s, TCGReg addr, int mem_index,
      tcg_out_cmp(s, r0, r2, 0);
      /* If the guest address must be zero-extended, do so now.  */
 -    if (SPARC64 && TARGET_LONG_BITS == 32) {
 +    if (TARGET_LONG_BITS == 32) {
          tcg_out_arithi(s, r0, addr, 0, SHIFT_SRL);
          return r0;
      }
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, TCGReg data, TCGReg addr,
  #ifdef CONFIG_SOFTMMU
      unsigned memi = get_mmuidx(oi);
 -    TCGReg addrz, param;
 +    TCGReg addrz;
      const tcg_insn_unit *func;
      addrz = tcg_out_tlb_load(s, addr, memi, memop,
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, TCGReg data, TCGReg addr,
      /* TLB Miss.  */
 -    param = TCG_REG_O1;
 -    if (!SPARC64 && TARGET_LONG_BITS == 64) {
 -        /* Skip the high-part; we'll perform the extract in the trampoline.  */
 -        param++;
 -    }
 -    tcg_out_mov(s, TCG_TYPE_REG, param++, addrz);
 +    tcg_out_mov(s, TCG_TYPE_REG, TCG_REG_O1, addrz);
      /* We use the helpers to extend SB and SW data, leaving the case
         of SL needing explicit extending below.  */
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, TCGReg data, TCGReg addr,
      tcg_debug_assert(func != NULL);
      tcg_out_call_nodelay(s, func, false);
      /* delay slot */
 -    tcg_out_movi(s, TCG_TYPE_I32, param, oi);
 +    tcg_out_movi(s, TCG_TYPE_I32, TCG_REG_O2, oi);
 -    /* Recall that all of the helpers return 64-bit results.
 -       Which complicates things for sparcv8plus.  */
 -    if (SPARC64) {
 -        /* We let the helper sign-extend SB and SW, but leave SL for here.  */
 -        if (is_64 && (memop & MO_SSIZE) == MO_SL) {
 -            tcg_out_arithi(s, data, TCG_REG_O0, 0, SHIFT_SRA);
 -        } else {
 -            tcg_out_mov(s, TCG_TYPE_REG, data, TCG_REG_O0);
 -        }
 +    /* We let the helper sign-extend SB and SW, but leave SL for here.  */
 +    if (is_64 && (memop & MO_SSIZE) == MO_SL) {
 +        tcg_out_arithi(s, data, TCG_REG_O0, 0, SHIFT_SRA);
      } else {
 -        if ((memop & MO_SIZE) == MO_64) {
 -            tcg_out_arithi(s, TCG_REG_O0, TCG_REG_O0, 32, SHIFT_SLLX);
 -            tcg_out_arithi(s, TCG_REG_O1, TCG_REG_O1, 0, SHIFT_SRL);
 -            tcg_out_arith(s, data, TCG_REG_O0, TCG_REG_O1, ARITH_OR);
 -        } else if (is_64) {
 -            /* Re-extend from 32-bit rather than reassembling when we
 -               know the high register must be an extension.  */
 -            tcg_out_arithi(s, data, TCG_REG_O1, 0,
 -                           memop & MO_SIGN ? SHIFT_SRA : SHIFT_SRL);
 -        } else {
 -            tcg_out_mov(s, TCG_TYPE_I32, data, TCG_REG_O1);
 -        }
 +        tcg_out_mov(s, TCG_TYPE_REG, data, TCG_REG_O0);
      }
      *label_ptr |= INSN_OFF19(tcg_ptr_byte_diff(s->code_ptr, label_ptr));
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, TCGReg data, TCGReg addr,
      unsigned s_bits = memop & MO_SIZE;
      unsigned t_bits;
 -    if (SPARC64 && TARGET_LONG_BITS == 32) {
 +    if (TARGET_LONG_BITS == 32) {
          tcg_out_arithi(s, TCG_REG_T1, addr, 0, SHIFT_SRL);
          addr = TCG_REG_T1;
      }
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, TCGReg data, TCGReg addr,
           * operation in the delay slot, and failure need only invoke the
           * handler for SIGBUS.
           */
 -        TCGReg arg_low = TCG_REG_O1 + (!SPARC64 && TARGET_LONG_BITS == 64);
          tcg_out_call_nodelay(s, qemu_unalign_ld_trampoline, false);
          /* delay slot -- move to low part of argument reg */
 -        tcg_out_mov_delay(s, arg_low, addr);
 +        tcg_out_mov_delay(s, TCG_REG_O1, addr);
      } else {
          /* Underalignment: load by pieces of minimum alignment. */
          int ld_opc, a_size, s_size, i;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, TCGReg data, TCGReg addr,
  #ifdef CONFIG_SOFTMMU
      unsigned memi = get_mmuidx(oi);
 -    TCGReg addrz, param;
 +    TCGReg addrz;
      const tcg_insn_unit *func;
      addrz = tcg_out_tlb_load(s, addr, memi, memop,
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, TCGReg data, TCGReg addr,
      /* TLB Miss.  */
 -    param = TCG_REG_O1;
 -    if (!SPARC64 && TARGET_LONG_BITS == 64) {
 -        /* Skip the high-part; we'll perform the extract in the trampoline.  */
 -        param++;
 -    }
 -    tcg_out_mov(s, TCG_TYPE_REG, param++, addrz);
 -    if (!SPARC64 && (memop & MO_SIZE) == MO_64) {
 -        /* Skip the high-part; we'll perform the extract in the trampoline.  */
 -        param++;
 -    }
 -    tcg_out_mov(s, TCG_TYPE_REG, param++, data);
 +    tcg_out_mov(s, TCG_TYPE_REG, TCG_REG_O1, addrz);
 +    tcg_out_mov(s, TCG_TYPE_REG, TCG_REG_O2, data);
      func = qemu_st_trampoline[memop & (MO_BSWAP | MO_SIZE)];
      tcg_debug_assert(func != NULL);
      tcg_out_call_nodelay(s, func, false);
      /* delay slot */
 -    tcg_out_movi(s, TCG_TYPE_I32, param, oi);
 +    tcg_out_movi(s, TCG_TYPE_I32, TCG_REG_O3, oi);
      *label_ptr |= INSN_OFF19(tcg_ptr_byte_diff(s->code_ptr, label_ptr));
  #else
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, TCGReg data, TCGReg addr,
      unsigned s_bits = memop & MO_SIZE;
      unsigned t_bits;
 -    if (SPARC64 && TARGET_LONG_BITS == 32) {
 +    if (TARGET_LONG_BITS == 32) {
          tcg_out_arithi(s, TCG_REG_T1, addr, 0, SHIFT_SRL);
          addr = TCG_REG_T1;
      }
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, TCGReg data, TCGReg addr,
           * operation in the delay slot, and failure need only invoke the
           * handler for SIGBUS.
           */
 -        TCGReg arg_low = TCG_REG_O1 + (!SPARC64 && TARGET_LONG_BITS == 64);
          tcg_out_call_nodelay(s, qemu_unalign_st_trampoline, false);
          /* delay slot -- move to low part of argument reg */
 -        tcg_out_mov_delay(s, arg_low, addr);
 +        tcg_out_mov_delay(s, TCG_REG_O1, addr);
      } else {
          /* Underalignment: store by pieces of minimum alignment. */
          int st_opc, a_size, s_size, i;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
      case INDEX_op_muls2_i32:
          c = ARITH_SMUL;
      do_mul2:
 -        /* The 32-bit multiply insns produce a full 64-bit result.  If the
 -           destination register can hold it, we can avoid the slower RDY.  */
 +        /* The 32-bit multiply insns produce a full 64-bit result. */
          tcg_out_arithc(s, a0, a2, args[3], const_args[3], c);
 -        if (SPARC64 || a0 <= TCG_REG_O7) {
 -            tcg_out_arithi(s, a1, a0, 32, SHIFT_SRLX);
 -        } else {
 -            tcg_out_rdy(s, a1);
 -        }
 +        tcg_out_arithi(s, a1, a0, 32, SHIFT_SRLX);
          break;
      case INDEX_op_qemu_ld_i32:
@@ -XXX,XX +XXX,XX @@ static void tcg_target_init(TCGContext *s)
      tcg_regset_set_reg(s->reserved_regs, TCG_REG_T2); /* for internal use */
  }
 -#if SPARC64
 -# define ELF_HOST_MACHINE  EM_SPARCV9
 -#else
 -# define ELF_HOST_MACHINE  EM_SPARC32PLUS
 -# define ELF_HOST_FLAGS    EF_SPARC_32PLUS
 -#endif
 +#define ELF_HOST_MACHINE  EM_SPARCV9
  typedef struct {
      DebugFrameHeader h;
 -    uint8_t fde_def_cfa[SPARC64 ? 4 : 2];
 +    uint8_t fde_def_cfa[4];
      uint8_t fde_win_save;
      uint8_t fde_ret_save[3];
  } DebugFrame;
@@ -XXX,XX +XXX,XX @@ static const DebugFrame debug_frame = {
      .h.fde.len = sizeof(DebugFrame) - offsetof(DebugFrame, h.fde.cie_offset),
      .fde_def_cfa = {
 -#if SPARC64
 , 30,                         /* DW_CFA_def_cfa i6, 2047 */
          (2047 & 0x7f) | 0x80, (2047 >> 7)
 -#else
 -        13, 30                          /* DW_CFA_def_cfa_register i6 */
 -#endif
      },
      .fde_win_save = 0x2d,               /* DW_CFA_GNU_window_save */
      .fde_ret_save = { 9, 15, 31 },      /* DW_CFA_register o7, i7 */
 --
-.34.1
+.43.0

-[PULL 02/11] tcg/sparc64: Rename from tcg/sparc
+Deleted patch
-Emphasize that we only support full 64-bit code generation.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- meson.build                                 | 4 +---
- tcg/{sparc => sparc64}/tcg-target-con-set.h | 0
- tcg/{sparc => sparc64}/tcg-target-con-str.h | 0
- tcg/{sparc => sparc64}/tcg-target.h         | 0
- tcg/{sparc => sparc64}/tcg-target.c.inc     | 0
- MAINTAINERS                                 | 2 +-
-files changed, 2 insertions(+), 4 deletions(-)
- rename tcg/{sparc => sparc64}/tcg-target-con-set.h (100%)
- rename tcg/{sparc => sparc64}/tcg-target-con-str.h (100%)
- rename tcg/{sparc => sparc64}/tcg-target.h (100%)
- rename tcg/{sparc => sparc64}/tcg-target.c.inc (100%)
-diff --git a/meson.build b/meson.build
-index XXXXXXX..XXXXXXX 100644
---- a/meson.build
-+++ b/meson.build
-@@ -XXX,XX +XXX,XX @@ qapi_trace_events = []
- bsd_oses = ['gnu/kfreebsd', 'freebsd', 'netbsd', 'openbsd', 'dragonfly', 'darwin']
- supported_oses = ['windows', 'freebsd', 'netbsd', 'openbsd', 'darwin', 'sunos', 'linux']
- supported_cpus = ['ppc', 'ppc64', 's390x', 'riscv', 'x86', 'x86_64',
--  'arm', 'aarch64', 'loongarch64', 'mips', 'mips64', 'sparc', 'sparc64']
-+  'arm', 'aarch64', 'loongarch64', 'mips', 'mips64', 'sparc64']
- cpu = host_machine.cpu_family()
-@@ -XXX,XX +XXX,XX @@ if get_option('tcg').allowed()
-   endif
-   if get_option('tcg_interpreter')
-     tcg_arch = 'tci'
--  elif host_arch == 'sparc64'
--    tcg_arch = 'sparc'
-   elif host_arch == 'x86_64'
-     tcg_arch = 'i386'
-   elif host_arch == 'ppc64'
-diff --git a/tcg/sparc/tcg-target-con-set.h b/tcg/sparc64/tcg-target-con-set.h
-similarity index 100%
-rename from tcg/sparc/tcg-target-con-set.h
-rename to tcg/sparc64/tcg-target-con-set.h
-diff --git a/tcg/sparc/tcg-target-con-str.h b/tcg/sparc64/tcg-target-con-str.h
-similarity index 100%
-rename from tcg/sparc/tcg-target-con-str.h
-rename to tcg/sparc64/tcg-target-con-str.h
-diff --git a/tcg/sparc/tcg-target.h b/tcg/sparc64/tcg-target.h
-similarity index 100%
-rename from tcg/sparc/tcg-target.h
-rename to tcg/sparc64/tcg-target.h
-diff --git a/tcg/sparc/tcg-target.c.inc b/tcg/sparc64/tcg-target.c.inc
-similarity index 100%
-rename from tcg/sparc/tcg-target.c.inc
-rename to tcg/sparc64/tcg-target.c.inc
-diff --git a/MAINTAINERS b/MAINTAINERS
-index XXXXXXX..XXXXXXX 100644
---- a/MAINTAINERS
-+++ b/MAINTAINERS
-@@ -XXX,XX +XXX,XX @@ L: qemu-s390x@nongnu.org
- SPARC TCG target
- S: Odd Fixes
--F: tcg/sparc/
-+F: tcg/sparc64/
- F: disas/sparc.c
- TCI TCG target
---
-.34.1

-[PULL 03/11] tcg/sparc64: Remove sparc32plus constraints
+Deleted patch
-With sparc64 we need not distinguish between registers that
-can hold 32-bit values and those that can hold 64-bit values.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- tcg/sparc64/tcg-target-con-set.h |  16 +----
- tcg/sparc64/tcg-target-con-str.h |   3 -
- tcg/sparc64/tcg-target.c.inc     | 109 ++++++++++++-------------------
-files changed, 44 insertions(+), 84 deletions(-)
-diff --git a/tcg/sparc64/tcg-target-con-set.h b/tcg/sparc64/tcg-target-con-set.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/sparc64/tcg-target-con-set.h
-+++ b/tcg/sparc64/tcg-target-con-set.h
-@@ -XXX,XX +XXX,XX @@
-  */
- C_O0_I1(r)
- C_O0_I2(rZ, r)
--C_O0_I2(RZ, r)
- C_O0_I2(rZ, rJ)
--C_O0_I2(RZ, RJ)
--C_O0_I2(sZ, A)
--C_O0_I2(SZ, A)
--C_O1_I1(r, A)
--C_O1_I1(R, A)
-+C_O0_I2(sZ, s)
-+C_O1_I1(r, s)
- C_O1_I1(r, r)
--C_O1_I1(r, R)
--C_O1_I1(R, r)
--C_O1_I1(R, R)
--C_O1_I2(R, R, R)
-+C_O1_I2(r, r, r)
- C_O1_I2(r, rZ, rJ)
--C_O1_I2(R, RZ, RJ)
- C_O1_I4(r, rZ, rJ, rI, 0)
--C_O1_I4(R, RZ, RJ, RI, 0)
- C_O2_I2(r, r, rZ, rJ)
--C_O2_I4(R, R, RZ, RZ, RJ, RI)
- C_O2_I4(r, r, rZ, rZ, rJ, rJ)
-diff --git a/tcg/sparc64/tcg-target-con-str.h b/tcg/sparc64/tcg-target-con-str.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/sparc64/tcg-target-con-str.h
-+++ b/tcg/sparc64/tcg-target-con-str.h
-@@ -XXX,XX +XXX,XX @@
-  * REGS(letter, register_mask)
-  */
- REGS('r', ALL_GENERAL_REGS)
--REGS('R', ALL_GENERAL_REGS64)
- REGS('s', ALL_QLDST_REGS)
--REGS('S', ALL_QLDST_REGS64)
--REGS('A', TARGET_LONG_BITS == 64 ? ALL_QLDST_REGS64 : ALL_QLDST_REGS)
- /*
-  * Define constraint letters for constants:
-diff --git a/tcg/sparc64/tcg-target.c.inc b/tcg/sparc64/tcg-target.c.inc
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/sparc64/tcg-target.c.inc
-+++ b/tcg/sparc64/tcg-target.c.inc
-@@ -XXX,XX +XXX,XX @@ static const char * const tcg_target_reg_names[TCG_TARGET_NB_REGS] = {
- #else
- #define SOFTMMU_RESERVE_REGS 0
- #endif
--
--/*
-- * Note that sparcv8plus can only hold 64 bit quantities in %g and %o
-- * registers.  These are saved manually by the kernel in full 64-bit
-- * slots.  The %i and %l registers are saved by the register window
-- * mechanism, which only allocates space for 32 bits.  Given that this
-- * window spill/fill can happen on any signal, we must consider the
-- * high bits of the %i and %l registers garbage at all times.
-- */
- #define ALL_GENERAL_REGS     MAKE_64BIT_MASK(0, 32)
--# define ALL_GENERAL_REGS64  ALL_GENERAL_REGS
- #define ALL_QLDST_REGS       (ALL_GENERAL_REGS & ~SOFTMMU_RESERVE_REGS)
--#define ALL_QLDST_REGS64     (ALL_GENERAL_REGS64 & ~SOFTMMU_RESERVE_REGS)
- /* Define some temporary registers.  T2 is used for constant generation.  */
- #define TCG_REG_T1  TCG_REG_G1
-@@ -XXX,XX +XXX,XX @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
-         return C_O0_I1(r);
-     case INDEX_op_ld8u_i32:
-+    case INDEX_op_ld8u_i64:
-     case INDEX_op_ld8s_i32:
-+    case INDEX_op_ld8s_i64:
-     case INDEX_op_ld16u_i32:
-+    case INDEX_op_ld16u_i64:
-     case INDEX_op_ld16s_i32:
-+    case INDEX_op_ld16s_i64:
-     case INDEX_op_ld_i32:
-+    case INDEX_op_ld32u_i64:
-+    case INDEX_op_ld32s_i64:
-+    case INDEX_op_ld_i64:
-     case INDEX_op_neg_i32:
-+    case INDEX_op_neg_i64:
-     case INDEX_op_not_i32:
-+    case INDEX_op_not_i64:
-+    case INDEX_op_ext32s_i64:
-+    case INDEX_op_ext32u_i64:
-+    case INDEX_op_ext_i32_i64:
-+    case INDEX_op_extu_i32_i64:
-+    case INDEX_op_extrl_i64_i32:
-+    case INDEX_op_extrh_i64_i32:
-         return C_O1_I1(r, r);
-     case INDEX_op_st8_i32:
-+    case INDEX_op_st8_i64:
-     case INDEX_op_st16_i32:
-+    case INDEX_op_st16_i64:
-     case INDEX_op_st_i32:
-+    case INDEX_op_st32_i64:
-+    case INDEX_op_st_i64:
-         return C_O0_I2(rZ, r);
-     case INDEX_op_add_i32:
-+    case INDEX_op_add_i64:
-     case INDEX_op_mul_i32:
-+    case INDEX_op_mul_i64:
-     case INDEX_op_div_i32:
-+    case INDEX_op_div_i64:
-     case INDEX_op_divu_i32:
-+    case INDEX_op_divu_i64:
-     case INDEX_op_sub_i32:
-+    case INDEX_op_sub_i64:
-     case INDEX_op_and_i32:
-+    case INDEX_op_and_i64:
-     case INDEX_op_andc_i32:
-+    case INDEX_op_andc_i64:
-     case INDEX_op_or_i32:
-+    case INDEX_op_or_i64:
-     case INDEX_op_orc_i32:
-+    case INDEX_op_orc_i64:
-     case INDEX_op_xor_i32:
-+    case INDEX_op_xor_i64:
-     case INDEX_op_shl_i32:
-+    case INDEX_op_shl_i64:
-     case INDEX_op_shr_i32:
-+    case INDEX_op_shr_i64:
-     case INDEX_op_sar_i32:
-+    case INDEX_op_sar_i64:
-     case INDEX_op_setcond_i32:
-+    case INDEX_op_setcond_i64:
-         return C_O1_I2(r, rZ, rJ);
-     case INDEX_op_brcond_i32:
-+    case INDEX_op_brcond_i64:
-         return C_O0_I2(rZ, rJ);
-     case INDEX_op_movcond_i32:
-+    case INDEX_op_movcond_i64:
-         return C_O1_I4(r, rZ, rJ, rI, 0);
-     case INDEX_op_add2_i32:
-+    case INDEX_op_add2_i64:
-     case INDEX_op_sub2_i32:
-+    case INDEX_op_sub2_i64:
-         return C_O2_I4(r, r, rZ, rZ, rJ, rJ);
-     case INDEX_op_mulu2_i32:
-     case INDEX_op_muls2_i32:
-         return C_O2_I2(r, r, rZ, rJ);
--
--    case INDEX_op_ld8u_i64:
--    case INDEX_op_ld8s_i64:
--    case INDEX_op_ld16u_i64:
--    case INDEX_op_ld16s_i64:
--    case INDEX_op_ld32u_i64:
--    case INDEX_op_ld32s_i64:
--    case INDEX_op_ld_i64:
--    case INDEX_op_ext_i32_i64:
--    case INDEX_op_extu_i32_i64:
--        return C_O1_I1(R, r);
--
--    case INDEX_op_st8_i64:
--    case INDEX_op_st16_i64:
--    case INDEX_op_st32_i64:
--    case INDEX_op_st_i64:
--        return C_O0_I2(RZ, r);
--
--    case INDEX_op_add_i64:
--    case INDEX_op_mul_i64:
--    case INDEX_op_div_i64:
--    case INDEX_op_divu_i64:
--    case INDEX_op_sub_i64:
--    case INDEX_op_and_i64:
--    case INDEX_op_andc_i64:
--    case INDEX_op_or_i64:
--    case INDEX_op_orc_i64:
--    case INDEX_op_xor_i64:
--    case INDEX_op_shl_i64:
--    case INDEX_op_shr_i64:
--    case INDEX_op_sar_i64:
--    case INDEX_op_setcond_i64:
--        return C_O1_I2(R, RZ, RJ);
--
--    case INDEX_op_neg_i64:
--    case INDEX_op_not_i64:
--    case INDEX_op_ext32s_i64:
--    case INDEX_op_ext32u_i64:
--        return C_O1_I1(R, R);
--
--    case INDEX_op_extrl_i64_i32:
--    case INDEX_op_extrh_i64_i32:
--        return C_O1_I1(r, R);
--
--    case INDEX_op_brcond_i64:
--        return C_O0_I2(RZ, RJ);
--    case INDEX_op_movcond_i64:
--        return C_O1_I4(R, RZ, RJ, RI, 0);
--    case INDEX_op_add2_i64:
--    case INDEX_op_sub2_i64:
--        return C_O2_I4(R, R, RZ, RZ, RJ, RI);
-     case INDEX_op_muluh_i64:
--        return C_O1_I2(R, R, R);
-+        return C_O1_I2(r, r, r);
-     case INDEX_op_qemu_ld_i32:
--        return C_O1_I1(r, A);
-     case INDEX_op_qemu_ld_i64:
--        return C_O1_I1(R, A);
-+        return C_O1_I1(r, s);
-     case INDEX_op_qemu_st_i32:
--        return C_O0_I2(sZ, A);
-     case INDEX_op_qemu_st_i64:
--        return C_O0_I2(SZ, A);
-+        return C_O0_I2(sZ, s);
-     default:
-         g_assert_not_reached();
-@@ -XXX,XX +XXX,XX @@ static void tcg_target_init(TCGContext *s)
- #endif
-     tcg_target_available_regs[TCG_TYPE_I32] = ALL_GENERAL_REGS;
--    tcg_target_available_regs[TCG_TYPE_I64] = ALL_GENERAL_REGS64;
-+    tcg_target_available_regs[TCG_TYPE_I64] = ALL_GENERAL_REGS;
-     tcg_target_call_clobber_regs = 0;
-     tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_G1);
---
-.34.1

-[PULL 04/11] tcg/tci: fix logic error when registering helpers via FFI
+Deleted patch
-From: Icenowy Zheng <uwu@icenowy.me>
-When registering helpers via FFI for TCI, the inner loop that iterates
-parameters of the helper reuses (and thus pollutes) the same variable
-used by the outer loop that iterates all helpers, thus made some helpers
-unregistered.
-Fix this logic error by using a dedicated temporary variable for the
-inner loop.
-Fixes: 22f15579fa ("tcg: Build ffi data structures for helpers")
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Signed-off-by: Icenowy Zheng <uwu@icenowy.me>
-Message-Id: <20221028072145.1593205-1-uwu@icenowy.me>
-[rth: Move declaration of j to the for loop itself]
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- tcg/tcg.c | 6 +++---
-file changed, 3 insertions(+), 3 deletions(-)
-diff --git a/tcg/tcg.c b/tcg/tcg.c
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/tcg.c
-+++ b/tcg/tcg.c
-@@ -XXX,XX +XXX,XX @@ static void tcg_context_init(unsigned max_cpus)
-         if (nargs != 0) {
-             ca->cif.arg_types = ca->args;
--            for (i = 0; i < nargs; ++i) {
--                int typecode = extract32(typemask, (i + 1) * 3, 3);
--                ca->args[i] = typecode_to_ffi[typecode];
-+            for (int j = 0; j < nargs; ++j) {
-+                int typecode = extract32(typemask, (j + 1) * 3, 3);
-+                ca->args[j] = typecode_to_ffi[typecode];
-             }
-         }
---
-.34.1

-[PULL 05/11] accel/tcg: Introduce cpu_unwind_state_data
+Deleted patch
-Add a way to examine the unwind data without actually
-restoring the data back into env.
-Reviewed-by: Claudio Fontana <cfontana@suse.de>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- accel/tcg/internal.h      |  4 +--
- include/exec/exec-all.h   | 21 ++++++++---
- accel/tcg/translate-all.c | 74 ++++++++++++++++++++++++++-------------
-files changed, 68 insertions(+), 31 deletions(-)
-diff --git a/accel/tcg/internal.h b/accel/tcg/internal.h
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/internal.h
-+++ b/accel/tcg/internal.h
-@@ -XXX,XX +XXX,XX @@ void tb_reset_jump(TranslationBlock *tb, int n);
- TranslationBlock *tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
-                                tb_page_addr_t phys_page2);
- bool tb_invalidate_phys_page_unwind(tb_page_addr_t addr, uintptr_t pc);
--int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
--                              uintptr_t searched_pc, bool reset_icount);
-+void cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
-+                               uintptr_t host_pc, bool reset_icount);
- /* Return the current PC from CPU, which may be cached in TB. */
- static inline target_ulong log_pc(CPUState *cpu, const TranslationBlock *tb)
-diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/exec/exec-all.h
-+++ b/include/exec/exec-all.h
-@@ -XXX,XX +XXX,XX @@ typedef ram_addr_t tb_page_addr_t;
- #define TB_PAGE_ADDR_FMT RAM_ADDR_FMT
- #endif
-+/**
-+ * cpu_unwind_state_data:
-+ * @cpu: the cpu context
-+ * @host_pc: the host pc within the translation
-+ * @data: output data
-+ *
-+ * Attempt to load the the unwind state for a host pc occurring in
-+ * translated code.  If @host_pc is not in translated code, the
-+ * function returns false; otherwise @data is loaded.
-+ * This is the same unwind info as given to restore_state_to_opc.
-+ */
-+bool cpu_unwind_state_data(CPUState *cpu, uintptr_t host_pc, uint64_t *data);
-+
- /**
-  * cpu_restore_state:
-- * @cpu: the vCPU state is to be restore to
-- * @searched_pc: the host PC the fault occurred at
-+ * @cpu: the cpu context
-+ * @host_pc: the host pc within the translation
-  * @will_exit: true if the TB executed will be interrupted after some
-                cpu adjustments. Required for maintaining the correct
-                icount valus
-  * @return: true if state was restored, false otherwise
-  *
-  * Attempt to restore the state for a fault occurring in translated
-- * code. If the searched_pc is not in translated code no state is
-+ * code. If @host_pc is not in translated code no state is
-  * restored and the function returns false.
-  */
--bool cpu_restore_state(CPUState *cpu, uintptr_t searched_pc, bool will_exit);
-+bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc, bool will_exit);
- G_NORETURN void cpu_loop_exit_noexc(CPUState *cpu);
- G_NORETURN void cpu_loop_exit(CPUState *cpu);
-diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/translate-all.c
-+++ b/accel/tcg/translate-all.c
-@@ -XXX,XX +XXX,XX @@ static int encode_search(TranslationBlock *tb, uint8_t *block)
-     return p - block;
- }
--/* The cpu state corresponding to 'searched_pc' is restored.
-- * When reset_icount is true, current TB will be interrupted and
-- * icount should be recalculated.
-- */
--int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
--                              uintptr_t searched_pc, bool reset_icount)
-+static int cpu_unwind_data_from_tb(TranslationBlock *tb, uintptr_t host_pc,
-+                                   uint64_t *data)
- {
--    uint64_t data[TARGET_INSN_START_WORDS];
--    uintptr_t host_pc = (uintptr_t)tb->tc.ptr;
-+    uintptr_t iter_pc = (uintptr_t)tb->tc.ptr;
-     const uint8_t *p = tb->tc.ptr + tb->tc.size;
-     int i, j, num_insns = tb->icount;
--#ifdef CONFIG_PROFILER
--    TCGProfile *prof = &tcg_ctx->prof;
--    int64_t ti = profile_getclock();
--#endif
--    searched_pc -= GETPC_ADJ;
-+    host_pc -= GETPC_ADJ;
--    if (searched_pc < host_pc) {
-+    if (host_pc < iter_pc) {
-         return -1;
-     }
--    memset(data, 0, sizeof(data));
-+    memset(data, 0, sizeof(uint64_t) * TARGET_INSN_START_WORDS);
-     if (!TARGET_TB_PCREL) {
-         data[0] = tb_pc(tb);
-     }
--    /* Reconstruct the stored insn data while looking for the point at
--       which the end of the insn exceeds the searched_pc.  */
-+    /*
-+     * Reconstruct the stored insn data while looking for the point
-+     * at which the end of the insn exceeds host_pc.
-+     */
-     for (i = 0; i < num_insns; ++i) {
-         for (j = 0; j < TARGET_INSN_START_WORDS; ++j) {
-             data[j] += decode_sleb128(&p);
-         }
--        host_pc += decode_sleb128(&p);
--        if (host_pc > searched_pc) {
--            goto found;
-+        iter_pc += decode_sleb128(&p);
-+        if (iter_pc > host_pc) {
-+            return num_insns - i;
-         }
-     }
-     return -1;
-+}
-+
-+/*
-+ * The cpu state corresponding to 'host_pc' is restored.
-+ * When reset_icount is true, current TB will be interrupted and
-+ * icount should be recalculated.
-+ */
-+void cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
-+                               uintptr_t host_pc, bool reset_icount)
-+{
-+    uint64_t data[TARGET_INSN_START_WORDS];
-+#ifdef CONFIG_PROFILER
-+    TCGProfile *prof = &tcg_ctx->prof;
-+    int64_t ti = profile_getclock();
-+#endif
-+    int insns_left = cpu_unwind_data_from_tb(tb, host_pc, data);
-+
-+    if (insns_left < 0) {
-+        return;
-+    }
-- found:
-     if (reset_icount && (tb_cflags(tb) & CF_USE_ICOUNT)) {
-         assert(icount_enabled());
--        /* Reset the cycle counter to the start of the block
--           and shift if to the number of actually executed instructions */
--        cpu_neg(cpu)->icount_decr.u16.low += num_insns - i;
-+        /*
-+         * Reset the cycle counter to the start of the block and
-+         * shift if to the number of actually executed instructions.
-+         */
-+        cpu_neg(cpu)->icount_decr.u16.low += insns_left;
-     }
-     cpu->cc->tcg_ops->restore_state_to_opc(cpu, tb, data);
-@@ -XXX,XX +XXX,XX @@ int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
-                 prof->restore_time + profile_getclock() - ti);
-     qatomic_set(&prof->restore_count, prof->restore_count + 1);
- #endif
--    return 0;
- }
- bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc, bool will_exit)
-@@ -XXX,XX +XXX,XX @@ bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc, bool will_exit)
-     return false;
- }
-+bool cpu_unwind_state_data(CPUState *cpu, uintptr_t host_pc, uint64_t *data)
-+{
-+    if (in_code_gen_buffer((const void *)(host_pc - tcg_splitwx_diff))) {
-+        TranslationBlock *tb = tcg_tb_lookup(host_pc);
-+        if (tb) {
-+            return cpu_unwind_data_from_tb(tb, host_pc, data) >= 0;
-+        }
-+    }
-+    return false;
-+}
-+
- void page_init(void)
- {
-     page_size_init();
---
-.34.1

-[PULL 06/11] target/i386: Use cpu_unwind_state_data for tpr access
+Deleted patch
-Avoid cpu_restore_state, and modifying env->eip out from
-underneath the translator with TARGET_TB_PCREL.  There is
-some slight duplication from x86_restore_state_to_opc,
-but it's just a few lines.
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1269
-Reviewed-by: Claudio Fontana <cfontana@suse.de>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/i386/helper.c | 21 +++++++++++++++++++--
-file changed, 19 insertions(+), 2 deletions(-)
-diff --git a/target/i386/helper.c b/target/i386/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/i386/helper.c
-+++ b/target/i386/helper.c
-@@ -XXX,XX +XXX,XX @@ void cpu_x86_inject_mce(Monitor *mon, X86CPU *cpu, int bank,
-     }
- }
-+static target_ulong get_memio_eip(CPUX86State *env)
-+{
-+    uint64_t data[TARGET_INSN_START_WORDS];
-+    CPUState *cs = env_cpu(env);
-+
-+    if (!cpu_unwind_state_data(cs, cs->mem_io_pc, data)) {
-+        return env->eip;
-+    }
-+
-+    /* Per x86_restore_state_to_opc. */
-+    if (TARGET_TB_PCREL) {
-+        return (env->eip & TARGET_PAGE_MASK) | data[0];
-+    } else {
-+        return data[0] - env->segs[R_CS].base;
-+    }
-+}
-+
- void cpu_report_tpr_access(CPUX86State *env, TPRAccess access)
- {
-     X86CPU *cpu = env_archcpu(env);
-@@ -XXX,XX +XXX,XX @@ void cpu_report_tpr_access(CPUX86State *env, TPRAccess access)
-         cpu_interrupt(cs, CPU_INTERRUPT_TPR);
-     } else if (tcg_enabled()) {
--        cpu_restore_state(cs, cs->mem_io_pc, false);
-+        target_ulong eip = get_memio_eip(env);
--        apic_handle_tpr_access_report(cpu->apic_state, env->eip, access);
-+        apic_handle_tpr_access_report(cpu->apic_state, eip, access);
-     }
- }
- #endif /* !CONFIG_USER_ONLY */
---
-.34.1

-[PULL 10/11] accel/tcg: Remove reset_icount argument from cpu_restore_state_from_tb
+[PULL 2/4] tcg/riscv: Fix StoreStore barrier generation
-The value passed is always true.
+From: Roman Artemev <roman.artemev@syntacore.com>
-Reviewed-by: Claudio Fontana <cfontana@suse.de>
+On RISC-V to StoreStore barrier corresponds
 `fence w, w` not `fence r, r`
 Cc: qemu-stable@nongnu.org
 Fixes: efbea94c76b ("tcg/riscv: Add slowpath load and store instructions")
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
 Signed-off-by: Denis Tomashev <denis.tomashev@syntacore.com>
 Signed-off-by: Roman Artemev <roman.artemev@syntacore.com>
 Message-ID: <e2f2131e294a49e79959d4fa9ec02cf4@syntacore.com>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- accel/tcg/internal.h      |  2 +-
+ tcg/riscv/tcg-target.c.inc | 2 +-
- accel/tcg/tb-maint.c      |  4 ++--
+file changed, 1 insertion(+), 1 deletion(-)
  accel/tcg/translate-all.c | 15 +++++++--------
 files changed, 10 insertions(+), 11 deletions(-)
-diff --git a/accel/tcg/internal.h b/accel/tcg/internal.h
+diff --git a/tcg/riscv/tcg-target.c.inc b/tcg/riscv/tcg-target.c.inc
 index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/internal.h
+--- a/tcg/riscv/tcg-target.c.inc
-+++ b/accel/tcg/internal.h
++++ b/tcg/riscv/tcg-target.c.inc
-@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
+@@ -XXX,XX +XXX,XX @@ static void tcg_out_mb(TCGContext *s, TCGArg a0)
-                                tb_page_addr_t phys_page2);
+         insn |= 0x02100000;
- bool tb_invalidate_phys_page_unwind(tb_page_addr_t addr, uintptr_t pc);
+     }
- void cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
+     if (a0 & TCG_MO_ST_ST) {
--                               uintptr_t host_pc, bool reset_icount);
+-        insn |= 0x02200000;
-+                               uintptr_t host_pc);
++        insn |= 0x01100000;
+     }
- /* Return the current PC from CPU, which may be cached in TB. */
+     tcg_out32(s, insn);
  static inline target_ulong log_pc(CPUState *cpu, const TranslationBlock *tb)
 diff --git a/accel/tcg/tb-maint.c b/accel/tcg/tb-maint.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/tb-maint.c
 +++ b/accel/tcg/tb-maint.c
@@ -XXX,XX +XXX,XX @@ tb_invalidate_phys_page_range__locked(struct page_collection *pages,
                   * restore the CPU state.
                   */
                  current_tb_modified = true;
 -                cpu_restore_state_from_tb(cpu, current_tb, retaddr, true);
 +                cpu_restore_state_from_tb(cpu, current_tb, retaddr);
              }
  #endif /* TARGET_HAS_PRECISE_SMC */
              tb_phys_invalidate__locked(tb);
@@ -XXX,XX +XXX,XX @@ bool tb_invalidate_phys_page_unwind(tb_page_addr_t addr, uintptr_t pc)
               * function to partially restore the CPU state.
               */
              current_tb_modified = true;
 -            cpu_restore_state_from_tb(cpu, current_tb, pc, true);
 +            cpu_restore_state_from_tb(cpu, current_tb, pc);
          }
  #endif /* TARGET_HAS_PRECISE_SMC */
          tb_phys_invalidate(tb, addr);
 diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/translate-all.c
 +++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ static int cpu_unwind_data_from_tb(TranslationBlock *tb, uintptr_t host_pc,
  }
- /*
-- * The cpu state corresponding to 'host_pc' is restored.
-- * When reset_icount is true, current TB will be interrupted and
-- * icount should be recalculated.
-+ * The cpu state corresponding to 'host_pc' is restored in
-+ * preparation for exiting the TB.
-  */
- void cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
--                               uintptr_t host_pc, bool reset_icount)
-+                               uintptr_t host_pc)
- {
-     uint64_t data[TARGET_INSN_START_WORDS];
- #ifdef CONFIG_PROFILER
-@@ -XXX,XX +XXX,XX @@ void cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
-         return;
-     }
--    if (reset_icount && (tb_cflags(tb) & CF_USE_ICOUNT)) {
-+    if (tb_cflags(tb) & CF_USE_ICOUNT) {
-         assert(icount_enabled());
-         /*
-          * Reset the cycle counter to the start of the block and
-@@ -XXX,XX +XXX,XX @@ bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc)
-     if (in_code_gen_buffer((const void *)(host_pc - tcg_splitwx_diff))) {
-         TranslationBlock *tb = tcg_tb_lookup(host_pc);
-         if (tb) {
--            cpu_restore_state_from_tb(cpu, tb, host_pc, true);
-+            cpu_restore_state_from_tb(cpu, tb, host_pc);
-             return true;
-         }
-     }
-@@ -XXX,XX +XXX,XX @@ void tb_check_watchpoint(CPUState *cpu, uintptr_t retaddr)
-     tb = tcg_tb_lookup(retaddr);
-     if (tb) {
-         /* We can use retranslation to find the PC.  */
--        cpu_restore_state_from_tb(cpu, tb, retaddr, true);
-+        cpu_restore_state_from_tb(cpu, tb, retaddr);
-         tb_phys_invalidate(tb, -1);
-     } else {
-         /* The exception probably happened in a helper.  The CPU state should
-@@ -XXX,XX +XXX,XX @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
-         cpu_abort(cpu, "cpu_io_recompile: could not find TB for pc=%p",
-                   (void *)retaddr);
-     }
--    cpu_restore_state_from_tb(cpu, tb, retaddr, true);
-+    cpu_restore_state_from_tb(cpu, tb, retaddr);
-     /*
-      * Some guests must re-execute the branch when re-executing a delay
 --
-.34.1
+.43.0

-[PULL 07/11] target/openrisc: Always exit after mtspr npc
+[PULL 3/4] include/exec: Introduce fpst alias in helper-head.h.inc
-We have called cpu_restore_state asserting will_exit.
+This allows targets to declare that the helper requires a
-Do not go back on that promise.  This affects icount.
+float_status pointer and instead of a generic void pointer.
 Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- target/openrisc/sys_helper.c | 2 +-
+ include/exec/helper-head.h.inc | 3 +++
-file changed, 1 insertion(+), 1 deletion(-)
+file changed, 3 insertions(+)
-diff --git a/target/openrisc/sys_helper.c b/target/openrisc/sys_helper.c
+diff --git a/include/exec/helper-head.h.inc b/include/exec/helper-head.h.inc
 index XXXXXXX..XXXXXXX 100644
---- a/target/openrisc/sys_helper.c
+--- a/include/exec/helper-head.h.inc
-+++ b/target/openrisc/sys_helper.c
++++ b/include/exec/helper-head.h.inc
-@@ -XXX,XX +XXX,XX @@ void HELPER(mtspr)(CPUOpenRISCState *env, target_ulong spr, target_ulong rb)
+@@ -XXX,XX +XXX,XX @@
-         if (env->pc != rb) {
+ #define dh_alias_ptr ptr
-             env->pc = rb;
+ #define dh_alias_cptr ptr
-             env->dflag = 0;
+ #define dh_alias_env ptr
--            cpu_loop_exit(cs);
++#define dh_alias_fpst ptr
-         }
+ #define dh_alias_void void
-+        cpu_loop_exit(cs);
+ #define dh_alias_noreturn noreturn
-         break;
+ #define dh_alias(t) glue(dh_alias_, t)
+@@ -XXX,XX +XXX,XX @@
-     case TO_SPR(0, 17): /* SR */
+ #define dh_ctype_ptr void *
  #define dh_ctype_cptr const void *
  #define dh_ctype_env CPUArchState *
 +#define dh_ctype_fpst float_status *
  #define dh_ctype_void void
  #define dh_ctype_noreturn G_NORETURN void
  #define dh_ctype(t) dh_ctype_##t
@@ -XXX,XX +XXX,XX @@
  #define dh_typecode_f64 dh_typecode_i64
  #define dh_typecode_cptr dh_typecode_ptr
  #define dh_typecode_env dh_typecode_ptr
 +#define dh_typecode_fpst dh_typecode_ptr
  #define dh_typecode(t) dh_typecode_##t
  #define dh_callflag_i32  0
 --
-.34.1
+.43.0

-[PULL 08/11] target/openrisc: Use cpu_unwind_state_data for mfspr
+Deleted patch
-Since we do not plan to exit, use cpu_unwind_state_data
-and extract exactly the data requested.
-This is a bug fix, in that we no longer clobber dflag.
-Consider:
-        l.j       L2         // branch
-        l.mfspr   r1, ppc    // delay
-L1:     boom
-L2:     l.lwa     r3, (r4)
-Here, dflag would be set by cpu_restore_state (because that is the current
-state of the cpu), but but not cleared by tb_stop on exiting the TB
-(because DisasContext has recorded the current value as zero).
-The next TB begins at L2 with dflag incorrectly set.  If the load has a
-tlb miss, then the exception will be delivered as per a delay slot:
-with DSX set in the status register and PC decremented (delay slots
-restart by re-executing the branch). This will cause the return from
-interrupt to go to L1, and boom!
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/openrisc/sys_helper.c | 11 +++++++++--
-file changed, 9 insertions(+), 2 deletions(-)
-diff --git a/target/openrisc/sys_helper.c b/target/openrisc/sys_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/openrisc/sys_helper.c
-+++ b/target/openrisc/sys_helper.c
-@@ -XXX,XX +XXX,XX @@ target_ulong HELPER(mfspr)(CPUOpenRISCState *env, target_ulong rd,
-                            target_ulong spr)
- {
- #ifndef CONFIG_USER_ONLY
-+    uint64_t data[TARGET_INSN_START_WORDS];
-     MachineState *ms = MACHINE(qdev_get_machine());
-     OpenRISCCPU *cpu = env_archcpu(env);
-     CPUState *cs = env_cpu(env);
-@@ -XXX,XX +XXX,XX @@ target_ulong HELPER(mfspr)(CPUOpenRISCState *env, target_ulong rd,
-         return env->evbar;
-     case TO_SPR(0, 16): /* NPC (equals PC) */
--        cpu_restore_state(cs, GETPC(), false);
-+        if (cpu_unwind_state_data(cs, GETPC(), data)) {
-+            return data[0];
-+        }
-         return env->pc;
-     case TO_SPR(0, 17): /* SR */
-         return cpu_get_sr(env);
-     case TO_SPR(0, 18): /* PPC */
--        cpu_restore_state(cs, GETPC(), false);
-+        if (cpu_unwind_state_data(cs, GETPC(), data)) {
-+            if (data[1] & 2) {
-+                return data[0] - 4;
-+            }
-+        }
-         return env->ppc;
-     case TO_SPR(0, 32): /* EPCR */
---
-.34.1

-[PULL 09/11] accel/tcg: Remove will_exit argument from cpu_restore_state
+Deleted patch
-The value passed is always true, and if the target's
-synchronize_from_tb hook is non-trivial, not exiting
-may be erroneous.
-Reviewed-by: Claudio Fontana <cfontana@suse.de>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/exec/exec-all.h             |  5 +----
- accel/tcg/cpu-exec-common.c         |  2 +-
- accel/tcg/translate-all.c           | 12 ++----------
- target/alpha/helper.c               |  2 +-
- target/alpha/mem_helper.c           |  2 +-
- target/arm/op_helper.c              |  2 +-
- target/arm/tlb_helper.c             |  8 ++++----
- target/cris/helper.c                |  2 +-
- target/i386/tcg/sysemu/svm_helper.c |  2 +-
- target/m68k/op_helper.c             |  4 ++--
- target/microblaze/helper.c          |  2 +-
- target/nios2/op_helper.c            |  2 +-
- target/openrisc/sys_helper.c        |  4 ++--
- target/ppc/excp_helper.c            |  2 +-
- target/s390x/tcg/excp_helper.c      |  2 +-
- target/tricore/op_helper.c          |  2 +-
- target/xtensa/helper.c              |  6 +++---
-files changed, 25 insertions(+), 36 deletions(-)
-diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/exec/exec-all.h
-+++ b/include/exec/exec-all.h
-@@ -XXX,XX +XXX,XX @@ bool cpu_unwind_state_data(CPUState *cpu, uintptr_t host_pc, uint64_t *data);
-  * cpu_restore_state:
-  * @cpu: the cpu context
-  * @host_pc: the host pc within the translation
-- * @will_exit: true if the TB executed will be interrupted after some
--               cpu adjustments. Required for maintaining the correct
--               icount valus
-  * @return: true if state was restored, false otherwise
-  *
-  * Attempt to restore the state for a fault occurring in translated
-  * code. If @host_pc is not in translated code no state is
-  * restored and the function returns false.
-  */
--bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc, bool will_exit);
-+bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc);
- G_NORETURN void cpu_loop_exit_noexc(CPUState *cpu);
- G_NORETURN void cpu_loop_exit(CPUState *cpu);
-diff --git a/accel/tcg/cpu-exec-common.c b/accel/tcg/cpu-exec-common.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/cpu-exec-common.c
-+++ b/accel/tcg/cpu-exec-common.c
-@@ -XXX,XX +XXX,XX @@ void cpu_loop_exit(CPUState *cpu)
- void cpu_loop_exit_restore(CPUState *cpu, uintptr_t pc)
- {
-     if (pc) {
--        cpu_restore_state(cpu, pc, true);
-+        cpu_restore_state(cpu, pc);
-     }
-     cpu_loop_exit(cpu);
- }
-diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/translate-all.c
-+++ b/accel/tcg/translate-all.c
-@@ -XXX,XX +XXX,XX @@ void cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
- #endif
- }
--bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc, bool will_exit)
-+bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc)
- {
--    /*
--     * The pc update associated with restore without exit will
--     * break the relative pc adjustments performed by TARGET_TB_PCREL.
--     */
--    if (TARGET_TB_PCREL) {
--        assert(will_exit);
--    }
--
-     /*
-      * The host_pc has to be in the rx region of the code buffer.
-      * If it is not we will not be able to resolve it here.
-@@ -XXX,XX +XXX,XX @@ bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc, bool will_exit)
-     if (in_code_gen_buffer((const void *)(host_pc - tcg_splitwx_diff))) {
-         TranslationBlock *tb = tcg_tb_lookup(host_pc);
-         if (tb) {
--            cpu_restore_state_from_tb(cpu, tb, host_pc, will_exit);
-+            cpu_restore_state_from_tb(cpu, tb, host_pc, true);
-             return true;
-         }
-     }
-diff --git a/target/alpha/helper.c b/target/alpha/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/alpha/helper.c
-+++ b/target/alpha/helper.c
-@@ -XXX,XX +XXX,XX @@ G_NORETURN void dynamic_excp(CPUAlphaState *env, uintptr_t retaddr,
-     cs->exception_index = excp;
-     env->error_code = error;
-     if (retaddr) {
--        cpu_restore_state(cs, retaddr, true);
-+        cpu_restore_state(cs, retaddr);
-         /* Floating-point exceptions (our only users) point to the next PC.  */
-         env->pc += 4;
-     }
-diff --git a/target/alpha/mem_helper.c b/target/alpha/mem_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/alpha/mem_helper.c
-+++ b/target/alpha/mem_helper.c
-@@ -XXX,XX +XXX,XX @@ static void do_unaligned_access(CPUAlphaState *env, vaddr addr, uintptr_t retadd
-     uint64_t pc;
-     uint32_t insn;
--    cpu_restore_state(env_cpu(env), retaddr, true);
-+    cpu_restore_state(env_cpu(env), retaddr);
-     pc = env->pc;
-     insn = cpu_ldl_code(env, pc);
-diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/op_helper.c
-+++ b/target/arm/op_helper.c
-@@ -XXX,XX +XXX,XX @@ void raise_exception_ra(CPUARMState *env, uint32_t excp, uint32_t syndrome,
-      * we must restore CPU state here before setting the syndrome
-      * the caller passed us, and cannot use cpu_loop_exit_restore().
-      */
--    cpu_restore_state(cs, ra, true);
-+    cpu_restore_state(cs, ra);
-     raise_exception(env, excp, syndrome, target_el);
- }
-diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/tlb_helper.c
-+++ b/target/arm/tlb_helper.c
-@@ -XXX,XX +XXX,XX @@ void arm_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr,
-     ARMMMUFaultInfo fi = {};
-     /* now we have a real cpu fault */
--    cpu_restore_state(cs, retaddr, true);
-+    cpu_restore_state(cs, retaddr);
-     fi.type = ARMFault_Alignment;
-     arm_deliver_fault(cpu, vaddr, access_type, mmu_idx, &fi);
-@@ -XXX,XX +XXX,XX @@ void arm_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr,
-     ARMMMUFaultInfo fi = {};
-     /* now we have a real cpu fault */
--    cpu_restore_state(cs, retaddr, true);
-+    cpu_restore_state(cs, retaddr);
-     fi.ea = arm_extabort_type(response);
-     fi.type = ARMFault_SyncExternal;
-@@ -XXX,XX +XXX,XX @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
-         return false;
-     } else {
-         /* now we have a real cpu fault */
--        cpu_restore_state(cs, retaddr, true);
-+        cpu_restore_state(cs, retaddr);
-         arm_deliver_fault(cpu, address, access_type, mmu_idx, fi);
-     }
- }
-@@ -XXX,XX +XXX,XX @@ void arm_cpu_record_sigsegv(CPUState *cs, vaddr addr,
-      * We report both ESR and FAR to signal handlers.
-      * For now, it's easiest to deliver the fault normally.
-      */
--    cpu_restore_state(cs, ra, true);
-+    cpu_restore_state(cs, ra);
-     arm_deliver_fault(cpu, addr, access_type, MMU_USER_IDX, &fi);
- }
-diff --git a/target/cris/helper.c b/target/cris/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/cris/helper.c
-+++ b/target/cris/helper.c
-@@ -XXX,XX +XXX,XX @@ bool cris_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
-     cs->exception_index = EXCP_BUSFAULT;
-     env->fault_vector = res.bf_vec;
-     if (retaddr) {
--        if (cpu_restore_state(cs, retaddr, true)) {
-+        if (cpu_restore_state(cs, retaddr)) {
-             /* Evaluate flags after retranslation. */
-             helper_top_evaluate_flags(env);
-         }
-diff --git a/target/i386/tcg/sysemu/svm_helper.c b/target/i386/tcg/sysemu/svm_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/i386/tcg/sysemu/svm_helper.c
-+++ b/target/i386/tcg/sysemu/svm_helper.c
-@@ -XXX,XX +XXX,XX @@ void cpu_vmexit(CPUX86State *env, uint32_t exit_code, uint64_t exit_info_1,
- {
-     CPUState *cs = env_cpu(env);
--    cpu_restore_state(cs, retaddr, true);
-+    cpu_restore_state(cs, retaddr);
-     qemu_log_mask(CPU_LOG_TB_IN_ASM, "vmexit(%08x, %016" PRIx64 ", %016"
-                   PRIx64 ", " TARGET_FMT_lx ")!\n",
-diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/m68k/op_helper.c
-+++ b/target/m68k/op_helper.c
-@@ -XXX,XX +XXX,XX @@ void m68k_cpu_transaction_failed(CPUState *cs, hwaddr physaddr, vaddr addr,
-     M68kCPU *cpu = M68K_CPU(cs);
-     CPUM68KState *env = &cpu->env;
--    cpu_restore_state(cs, retaddr, true);
-+    cpu_restore_state(cs, retaddr);
-     if (m68k_feature(env, M68K_FEATURE_M68040)) {
-         env->mmu.mmusr = 0;
-@@ -XXX,XX +XXX,XX @@ raise_exception_format2(CPUM68KState *env, int tt, int ilen, uintptr_t raddr)
-     cs->exception_index = tt;
-     /* Recover PC and CC_OP for the beginning of the insn.  */
--    cpu_restore_state(cs, raddr, true);
-+    cpu_restore_state(cs, raddr);
-     /* Flags are current in env->cc_*, or are undefined. */
-     env->cc_op = CC_OP_FLAGS;
-diff --git a/target/microblaze/helper.c b/target/microblaze/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/microblaze/helper.c
-+++ b/target/microblaze/helper.c
-@@ -XXX,XX +XXX,XX @@ void mb_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
-     uint32_t esr, iflags;
-     /* Recover the pc and iflags from the corresponding insn_start.  */
--    cpu_restore_state(cs, retaddr, true);
-+    cpu_restore_state(cs, retaddr);
-     iflags = cpu->env.iflags;
-     qemu_log_mask(CPU_LOG_INT,
-diff --git a/target/nios2/op_helper.c b/target/nios2/op_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/nios2/op_helper.c
-+++ b/target/nios2/op_helper.c
-@@ -XXX,XX +XXX,XX @@ void nios2_cpu_loop_exit_advance(CPUNios2State *env, uintptr_t retaddr)
-      * Do this here, rather than in restore_state_to_opc(),
-      * lest we affect QEMU internal exceptions, like EXCP_DEBUG.
-      */
--    cpu_restore_state(cs, retaddr, true);
-+    cpu_restore_state(cs, retaddr);
-     env->pc += 4;
-     cpu_loop_exit(cs);
- }
-diff --git a/target/openrisc/sys_helper.c b/target/openrisc/sys_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/openrisc/sys_helper.c
-+++ b/target/openrisc/sys_helper.c
-@@ -XXX,XX +XXX,XX @@ void HELPER(mtspr)(CPUOpenRISCState *env, target_ulong spr, target_ulong rb)
-         break;
-     case TO_SPR(0, 16): /* NPC */
--        cpu_restore_state(cs, GETPC(), true);
-+        cpu_restore_state(cs, GETPC());
-         /* ??? Mirror or1ksim in not trashing delayed branch state
-            when "jumping" to the current instruction.  */
-         if (env->pc != rb) {
-@@ -XXX,XX +XXX,XX @@ void HELPER(mtspr)(CPUOpenRISCState *env, target_ulong spr, target_ulong rb)
-     case TO_SPR(8, 0):  /* PMR */
-         env->pmr = rb;
-         if (env->pmr & PMR_DME || env->pmr & PMR_SME) {
--            cpu_restore_state(cs, GETPC(), true);
-+            cpu_restore_state(cs, GETPC());
-             env->pc += 4;
-             cs->halted = 1;
-             raise_exception(cpu, EXCP_HALTED);
-diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/ppc/excp_helper.c
-+++ b/target/ppc/excp_helper.c
-@@ -XXX,XX +XXX,XX @@ void ppc_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr,
-     uint32_t insn;
-     /* Restore state and reload the insn we executed, for filling in DSISR.  */
--    cpu_restore_state(cs, retaddr, true);
-+    cpu_restore_state(cs, retaddr);
-     insn = cpu_ldl_code(env, env->nip);
-     switch (env->mmu_model) {
-diff --git a/target/s390x/tcg/excp_helper.c b/target/s390x/tcg/excp_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/s390x/tcg/excp_helper.c
-+++ b/target/s390x/tcg/excp_helper.c
-@@ -XXX,XX +XXX,XX @@ G_NORETURN void tcg_s390_program_interrupt(CPUS390XState *env,
- {
-     CPUState *cs = env_cpu(env);
--    cpu_restore_state(cs, ra, true);
-+    cpu_restore_state(cs, ra);
-     qemu_log_mask(CPU_LOG_INT, "program interrupt at %#" PRIx64 "\n",
-                   env->psw.addr);
-     trigger_pgm_exception(env, code);
-diff --git a/target/tricore/op_helper.c b/target/tricore/op_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/tricore/op_helper.c
-+++ b/target/tricore/op_helper.c
-@@ -XXX,XX +XXX,XX @@ void raise_exception_sync_internal(CPUTriCoreState *env, uint32_t class, int tin
- {
-     CPUState *cs = env_cpu(env);
-     /* in case we come from a helper-call we need to restore the PC */
--    cpu_restore_state(cs, pc, true);
-+    cpu_restore_state(cs, pc);
-     /* Tin is loaded into d[15] */
-     env->gpr_d[15] = tin;
-diff --git a/target/xtensa/helper.c b/target/xtensa/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/xtensa/helper.c
-+++ b/target/xtensa/helper.c
-@@ -XXX,XX +XXX,XX @@ void xtensa_cpu_do_unaligned_access(CPUState *cs,
-     assert(xtensa_option_enabled(env->config,
-                                  XTENSA_OPTION_UNALIGNED_EXCEPTION));
--    cpu_restore_state(CPU(cpu), retaddr, true);
-+    cpu_restore_state(CPU(cpu), retaddr);
-     HELPER(exception_cause_vaddr)(env,
-                                   env->pc, LOAD_STORE_ALIGNMENT_CAUSE,
-                                   addr);
-@@ -XXX,XX +XXX,XX @@ bool xtensa_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
-     } else if (probe) {
-         return false;
-     } else {
--        cpu_restore_state(cs, retaddr, true);
-+        cpu_restore_state(cs, retaddr);
-         HELPER(exception_cause_vaddr)(env, env->pc, ret, address);
-     }
- }
-@@ -XXX,XX +XXX,XX @@ void xtensa_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr, vaddr addr,
-     XtensaCPU *cpu = XTENSA_CPU(cs);
-     CPUXtensaState *env = &cpu->env;
--    cpu_restore_state(cs, retaddr, true);
-+    cpu_restore_state(cs, retaddr);
-     HELPER(exception_cause_vaddr)(env, env->pc,
-                                   access_type == MMU_INST_FETCH ?
-                                   INSTR_PIF_ADDR_ERROR_CAUSE :
---
-.34.1

-[PULL 11/11] target/i386: Expand eflags updates inline
+[PULL 4/4] target/sparc: Use memcpy() and remove memcpy32()
-The helpers for reset_rf, cli, sti, clac, stac are
+From: Philippe Mathieu-Daudé <philmd@linaro.org>
 completely trivial; implement them inline.
-Drop some nearby #if 0 code.
+Rather than manually copying each register, use
 the libc memcpy(), which is well optimized nowadays.
-Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
+Suggested-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
 Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
 Message-ID: <20241205205418.67613-1-philmd@linaro.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- target/i386/helper.h        |  5 -----
+ target/sparc/win_helper.c | 26 ++++++++------------------
- target/i386/tcg/cc_helper.c | 41 -------------------------------------
+file changed, 8 insertions(+), 18 deletions(-)
  target/i386/tcg/translate.c | 30 ++++++++++++++++++++++-----
 files changed, 25 insertions(+), 51 deletions(-)
-diff --git a/target/i386/helper.h b/target/i386/helper.h
+diff --git a/target/sparc/win_helper.c b/target/sparc/win_helper.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/i386/helper.h
+--- a/target/sparc/win_helper.c
-+++ b/target/i386/helper.h
++++ b/target/sparc/win_helper.c
-@@ -XXX,XX +XXX,XX @@ DEF_HELPER_2(syscall, void, env, int)
+@@ -XXX,XX +XXX,XX @@
- DEF_HELPER_2(sysret, void, env, int)
+ #include "exec/helper-proto.h"
- #endif
+ #include "trace.h"
- DEF_HELPER_FLAGS_2(pause, TCG_CALL_NO_WG, noreturn, env, int)
--DEF_HELPER_1(reset_rf, void, env)
+-static inline void memcpy32(target_ulong *dst, const target_ulong *src)
  DEF_HELPER_FLAGS_3(raise_interrupt, TCG_CALL_NO_WG, noreturn, env, int, int)
  DEF_HELPER_FLAGS_2(raise_exception, TCG_CALL_NO_WG, noreturn, env, int)
 -DEF_HELPER_1(cli, void, env)
 -DEF_HELPER_1(sti, void, env)
 -DEF_HELPER_1(clac, void, env)
 -DEF_HELPER_1(stac, void, env)
  DEF_HELPER_3(boundw, void, env, tl, int)
  DEF_HELPER_3(boundl, void, env, tl, int)
 diff --git a/target/i386/tcg/cc_helper.c b/target/i386/tcg/cc_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/i386/tcg/cc_helper.c
 +++ b/target/i386/tcg/cc_helper.c
@@ -XXX,XX +XXX,XX @@ void helper_clts(CPUX86State *env)
      env->cr[0] &= ~CR0_TS_MASK;
      env->hflags &= ~HF_TS_MASK;
  }
 -
 -void helper_reset_rf(CPUX86State *env)
 -{
--    env->eflags &= ~RF_MASK;
+-    dst[0] = src[0];
 -    dst[1] = src[1];
 -    dst[2] = src[2];
 -    dst[3] = src[3];
 -    dst[4] = src[4];
 -    dst[5] = src[5];
 -    dst[6] = src[6];
 -    dst[7] = src[7];
 -}
 -
--void helper_cli(CPUX86State *env)
+ void cpu_set_cwp(CPUSPARCState *env, int new_cwp)
--{
+ {
--    env->eflags &= ~IF_MASK;
+     /* put the modified wrap registers at their proper location */
--}
+     if (env->cwp == env->nwindows - 1) {
--
+-        memcpy32(env->regbase, env->regbase + env->nwindows * 16);
--void helper_sti(CPUX86State *env)
++        memcpy(env->regbase, env->regbase + env->nwindows * 16,
--{
++               sizeof(env->gregs));
--    env->eflags |= IF_MASK;
+     }
--}
+     env->cwp = new_cwp;
--
--void helper_clac(CPUX86State *env)
+     /* put the wrap registers at their temporary location */
--{
+     if (new_cwp == env->nwindows - 1) {
--    env->eflags &= ~AC_MASK;
+-        memcpy32(env->regbase + env->nwindows * 16, env->regbase);
--}
++        memcpy(env->regbase + env->nwindows * 16, env->regbase,
--
++               sizeof(env->gregs));
--void helper_stac(CPUX86State *env)
+     }
--{
+     env->regwptr = env->regbase + (new_cwp * 16);
--    env->eflags |= AC_MASK;
+ }
--}
+@@ -XXX,XX +XXX,XX @@ void cpu_gl_switch_gregs(CPUSPARCState *env, uint32_t new_gl)
--
+     dst = get_gl_gregset(env, env->gl);
--#if 0
--/* vm86plus instructions */
+     if (src != dst) {
--void helper_cli_vm(CPUX86State *env)
+-        memcpy32(dst, env->gregs);
--{
+-        memcpy32(env->gregs, src);
--    env->eflags &= ~VIF_MASK;
++        memcpy(dst, env->gregs, sizeof(env->gregs));
--}
++        memcpy(env->gregs, src, sizeof(env->gregs));
 -
 -void helper_sti_vm(CPUX86State *env)
 -{
 -    env->eflags |= VIF_MASK;
 -    if (env->eflags & VIP_MASK) {
 -        raise_exception_ra(env, EXCP0D_GPF, GETPC());
 -    }
 -}
 -#endif
 diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/i386/tcg/translate.c
 +++ b/target/i386/tcg/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_reset_hflag(DisasContext *s, uint32_t mask)
      }
  }
-+static void gen_set_eflags(DisasContext *s, target_ulong mask)
+@@ -XXX,XX +XXX,XX @@ void cpu_change_pstate(CPUSPARCState *env, uint32_t new_pstate)
-+{
+         /* Switch global register bank */
-+    TCGv t = tcg_temp_new();
+         src = get_gregset(env, new_pstate_regs);
-+
+         dst = get_gregset(env, pstate_regs);
-+    tcg_gen_ld_tl(t, cpu_env, offsetof(CPUX86State, eflags));
+-        memcpy32(dst, env->gregs);
-+    tcg_gen_ori_tl(t, t, mask);
+-        memcpy32(env->gregs, src);
-+    tcg_gen_st_tl(t, cpu_env, offsetof(CPUX86State, eflags));
++        memcpy(dst, env->gregs, sizeof(env->gregs));
-+    tcg_temp_free(t);
++        memcpy(env->gregs, src, sizeof(env->gregs));
-+}
+     } else {
-+
+         trace_win_helper_no_switch_pstate(new_pstate_regs);
 +static void gen_reset_eflags(DisasContext *s, target_ulong mask)
 +{
 +    TCGv t = tcg_temp_new();
 +
 +    tcg_gen_ld_tl(t, cpu_env, offsetof(CPUX86State, eflags));
 +    tcg_gen_andi_tl(t, t, ~mask);
 +    tcg_gen_st_tl(t, cpu_env, offsetof(CPUX86State, eflags));
 +    tcg_temp_free(t);
 +}
 +
  /* Clear BND registers during legacy branches.  */
  static void gen_bnd_jmp(DisasContext *s)
  {
@@ -XXX,XX +XXX,XX @@ do_gen_eob_worker(DisasContext *s, bool inhibit, bool recheck_tf, bool jr)
      }
-     if (s->base.tb->flags & HF_RF_MASK) {
--        gen_helper_reset_rf(cpu_env);
-+        gen_reset_eflags(s, RF_MASK);
-     }
-     if (recheck_tf) {
-         gen_helper_rechecking_single_step(cpu_env);
-@@ -XXX,XX +XXX,XX @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
- #endif
-     case 0xfa: /* cli */
-         if (check_iopl(s)) {
--            gen_helper_cli(cpu_env);
-+            gen_reset_eflags(s, IF_MASK);
-         }
-         break;
-     case 0xfb: /* sti */
-         if (check_iopl(s)) {
--            gen_helper_sti(cpu_env);
-+            gen_set_eflags(s, IF_MASK);
-             /* interruptions are enabled only the first insn after sti */
-             gen_update_eip_next(s);
-             gen_eob_inhibit_irq(s, true);
-@@ -XXX,XX +XXX,XX @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
-                 || CPL(s) != 0) {
-                 goto illegal_op;
-             }
--            gen_helper_clac(cpu_env);
-+            gen_reset_eflags(s, AC_MASK);
-             s->base.is_jmp = DISAS_EOB_NEXT;
-             break;
-@@ -XXX,XX +XXX,XX @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
-                 || CPL(s) != 0) {
-                 goto illegal_op;
-             }
--            gen_helper_stac(cpu_env);
-+            gen_set_eflags(s, AC_MASK);
-             s->base.is_jmp = DISAS_EOB_NEXT;
-             break;
 --
-.34.1
+.43.0

The following changes since commit 75d30fde55485b965a1168a21d016dd07b50ed32:

Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into staging (2022-10-30 15:07:25 -0400)

are available in the Git repository at:

https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20221031

for you to fetch changes up to cb375590983fc3d23600d02ba05a05d34fe44150:

target/i386: Expand eflags updates inline (2022-10-31 11:39:10 +1100)

----------------------------------------------------------------
Remove sparc32plus support from tcg/sparc.
target/i386: Use cpu_unwind_state_data for tpr access.
target/i386: Expand eflags updates inline

----------------------------------------------------------------
Icenowy Zheng (1):
      tcg/tci: fix logic error when registering helpers via FFI

Richard Henderson (10):
      tcg/sparc: Remove support for sparc32plus
      tcg/sparc64: Rename from tcg/sparc
      tcg/sparc64: Remove sparc32plus constraints
      accel/tcg: Introduce cpu_unwind_state_data
      target/i386: Use cpu_unwind_state_data for tpr access
      target/openrisc: Always exit after mtspr npc
      target/openrisc: Use cpu_unwind_state_data for mfspr
      accel/tcg: Remove will_exit argument from cpu_restore_state
      accel/tcg: Remove reset_icount argument from cpu_restore_state_from_tb
      target/i386: Expand eflags updates inline

meson.build                                 |   4 +-
 accel/tcg/internal.h                        |   4 +-
 include/exec/exec-all.h                     |  24 ++-
 target/i386/helper.h                        |   5 -
 tcg/{sparc => sparc64}/tcg-target-con-set.h |  16 +-
 tcg/{sparc => sparc64}/tcg-target-con-str.h |   3 -
 tcg/{sparc => sparc64}/tcg-target.h         |  11 --
 accel/tcg/cpu-exec-common.c                 |   2 +-
 accel/tcg/tb-maint.c                        |   4 +-
 accel/tcg/translate-all.c                   |  91 +++++----
 target/alpha/helper.c                       |   2 +-
 target/alpha/mem_helper.c                   |   2 +-
 target/arm/op_helper.c                      |   2 +-
 target/arm/tlb_helper.c                     |   8 +-
 target/cris/helper.c                        |   2 +-
 target/i386/helper.c                        |  21 ++-
 target/i386/tcg/cc_helper.c                 |  41 -----
 target/i386/tcg/sysemu/svm_helper.c         |   2 +-
 target/i386/tcg/translate.c                 |  30 ++-
 target/m68k/op_helper.c                     |   4 +-
 target/microblaze/helper.c                  |   2 +-
 target/nios2/op_helper.c                    |   2 +-
 target/openrisc/sys_helper.c                |  17 +-
 target/ppc/excp_helper.c                    |   2 +-
 target/s390x/tcg/excp_helper.c              |   2 +-
 target/tricore/op_helper.c                  |   2 +-
 target/xtensa/helper.c                      |   6 +-
 tcg/tcg.c                                   |  81 +-------
 tcg/{sparc => sparc64}/tcg-target.c.inc     | 275 ++++++++--------------------
 MAINTAINERS                                 |   2 +-
 30 files changed, 232 insertions(+), 437 deletions(-)
 rename tcg/{sparc => sparc64}/tcg-target-con-set.h (69%)
 rename tcg/{sparc => sparc64}/tcg-target-con-str.h (77%)
 rename tcg/{sparc => sparc64}/tcg-target.h (95%)
 rename tcg/{sparc => sparc64}/tcg-target.c.inc (91%)

Since 9b9c37c36439, we have only supported sparc64 cpus.
Debian and Gentoo now only support 64-bit sparc64 userland,
so it is time to drop the 32-bit sparc64 userland: sparc32plus.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/sparc/tcg-target.h     |  11 ---
 tcg/tcg.c                  |  75 +----------------
 tcg/sparc/tcg-target.c.inc | 166 +++++++------------------------------
 3 files changed, 33 insertions(+), 219 deletions(-)

diff --git a/tcg/sparc/tcg-target.h b/tcg/sparc/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/sparc/tcg-target.h
+++ b/tcg/sparc/tcg-target.h
@@ -XXX,XX +XXX,XX @@
 #ifndef SPARC_TCG_TARGET_H
 #define SPARC_TCG_TARGET_H
 
-#define TCG_TARGET_REG_BITS 64
-
 #define TCG_TARGET_INSN_UNIT_SIZE 4
 #define TCG_TARGET_TLB_DISPLACEMENT_BITS 32
 #define TCG_TARGET_NB_REGS 32
@@ -XXX,XX +XXX,XX @@ typedef enum {
 /* used for function call generation */
 #define TCG_REG_CALL_STACK TCG_REG_O6
 
-#ifdef __arch64__
 #define TCG_TARGET_STACK_BIAS           2047
 #define TCG_TARGET_STACK_ALIGN          16
 #define TCG_TARGET_CALL_STACK_OFFSET    (128 + 6*8 + TCG_TARGET_STACK_BIAS)
-#else
-#define TCG_TARGET_STACK_BIAS           0
-#define TCG_TARGET_STACK_ALIGN          8
-#define TCG_TARGET_CALL_STACK_OFFSET    (64 + 4 + 6*4)
-#endif
-
-#ifdef __arch64__
 #define TCG_TARGET_EXTEND_ARGS 1
-#endif
 
 #if defined(__VIS__) && __VIS__ >= 0x300
 #define use_vis3_instructions  1
diff --git a/tcg/tcg.c b/tcg/tcg.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -XXX,XX +XXX,XX @@ void tcg_gen_callN(void *func, TCGTemp *ret, int nargs, TCGTemp **args)
     }
 #endif
 
-#if defined(__sparc__) && !defined(__arch64__) \
-    && !defined(CONFIG_TCG_INTERPRETER)
-    /* We have 64-bit values in one register, but need to pass as two
-       separate parameters.  Split them.  */
-    int orig_typemask = typemask;
-    int orig_nargs = nargs;
-    TCGv_i64 retl, reth;
-    TCGTemp *split_args[MAX_OPC_PARAM];
-
-    retl = NULL;
-    reth = NULL;
-    typemask = 0;
-    for (i = real_args = 0; i < nargs; ++i) {
-        int argtype = extract32(orig_typemask, (i + 1) * 3, 3);
-        bool is_64bit = (argtype & ~1) == dh_typecode_i64;
-
-        if (is_64bit) {
-            TCGv_i64 orig = temp_tcgv_i64(args[i]);
-            TCGv_i32 h = tcg_temp_new_i32();
-            TCGv_i32 l = tcg_temp_new_i32();
-            tcg_gen_extr_i64_i32(l, h, orig);
-            split_args[real_args++] = tcgv_i32_temp(h);
-            typemask |= dh_typecode_i32 << (real_args * 3);
-            split_args[real_args++] = tcgv_i32_temp(l);
-            typemask |= dh_typecode_i32 << (real_args * 3);
-        } else {
-            split_args[real_args++] = args[i];
-            typemask |= argtype << (real_args * 3);
-        }
-    }
-    nargs = real_args;
-    args = split_args;
-#elif defined(TCG_TARGET_EXTEND_ARGS) && TCG_TARGET_REG_BITS == 64
+#if defined(TCG_TARGET_EXTEND_ARGS) && TCG_TARGET_REG_BITS == 64
     for (i = 0; i < nargs; ++i) {
         int argtype = extract32(typemask, (i + 1) * 3, 3);
         bool is_32bit = (argtype & ~1) == dh_typecode_i32;
@@ -XXX,XX +XXX,XX @@ void tcg_gen_callN(void *func, TCGTemp *ret, int nargs, TCGTemp **args)
 
     pi = 0;
     if (ret != NULL) {
-#if defined(__sparc__) && !defined(__arch64__) \
-    && !defined(CONFIG_TCG_INTERPRETER)
-        if ((typemask & 6) == dh_typecode_i64) {
-            /* The 32-bit ABI is going to return the 64-bit value in
-               the %o0/%o1 register pair.  Prepare for this by using
-               two return temporaries, and reassemble below.  */
-            retl = tcg_temp_new_i64();
-            reth = tcg_temp_new_i64();
-            op->args[pi++] = tcgv_i64_arg(reth);
-            op->args[pi++] = tcgv_i64_arg(retl);
-            nb_rets = 2;
-        } else {
-            op->args[pi++] = temp_arg(ret);
-            nb_rets = 1;
-        }
-#else
         if (TCG_TARGET_REG_BITS < 64 && (typemask & 6) == dh_typecode_i64) {
 #if HOST_BIG_ENDIAN
             op->args[pi++] = temp_arg(ret + 1);
@@ -XXX,XX +XXX,XX @@ void tcg_gen_callN(void *func, TCGTemp *ret, int nargs, TCGTemp **args)
             op->args[pi++] = temp_arg(ret);
             nb_rets = 1;
         }
-#endif
     } else {
         nb_rets = 0;
     }
@@ -XXX,XX +XXX,XX @@ void tcg_gen_callN(void *func, TCGTemp *ret, int nargs, TCGTemp **args)
     tcg_debug_assert(TCGOP_CALLI(op) == real_args);
     tcg_debug_assert(pi <= ARRAY_SIZE(op->args));
 
-#if defined(__sparc__) && !defined(__arch64__) \
-    && !defined(CONFIG_TCG_INTERPRETER)
-    /* Free all of the parts we allocated above.  */
-    for (i = real_args = 0; i < orig_nargs; ++i) {
-        int argtype = extract32(orig_typemask, (i + 1) * 3, 3);
-        bool is_64bit = (argtype & ~1) == dh_typecode_i64;
-
-        if (is_64bit) {
-            tcg_temp_free_internal(args[real_args++]);
-            tcg_temp_free_internal(args[real_args++]);
-        } else {
-            real_args++;
-        }
-    }
-    if ((orig_typemask & 6) == dh_typecode_i64) {
-        /* The 32-bit ABI returned two 32-bit pieces.  Re-assemble them.
-           Note that describing these as TCGv_i64 eliminates an unnecessary
-           zero-extension that tcg_gen_concat_i32_i64 would create.  */
-        tcg_gen_concat32_i64(temp_tcgv_i64(ret), retl, reth);
-        tcg_temp_free_i64(retl);
-        tcg_temp_free_i64(reth);
-    }
-#elif defined(TCG_TARGET_EXTEND_ARGS) && TCG_TARGET_REG_BITS == 64
+#if defined(TCG_TARGET_EXTEND_ARGS) && TCG_TARGET_REG_BITS == 64
     for (i = 0; i < nargs; ++i) {
         int argtype = extract32(typemask, (i + 1) * 3, 3);
         bool is_32bit = (argtype & ~1) == dh_typecode_i32;
diff --git a/tcg/sparc/tcg-target.c.inc b/tcg/sparc/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/sparc/tcg-target.c.inc
+++ b/tcg/sparc/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@
  * THE SOFTWARE.
  */
 
+/* We only support generating code for 64-bit mode.  */
+#ifndef __arch64__
+#error "unsupported code generation mode"
+#endif
+
 #include "../tcg-pool.c.inc"
 
 #ifdef CONFIG_DEBUG_TCG
@@ -XXX,XX +XXX,XX @@ static const char * const tcg_target_reg_names[TCG_TARGET_NB_REGS] = {
 };
 #endif
 
-#ifdef __arch64__
-# define SPARC64 1
-#else
-# define SPARC64 0
-#endif
-
 #define TCG_CT_CONST_S11  0x100
 #define TCG_CT_CONST_S13  0x200
 #define TCG_CT_CONST_ZERO 0x400
@@ -XXX,XX +XXX,XX @@ static const char * const tcg_target_reg_names[TCG_TARGET_NB_REGS] = {
  * high bits of the %i and %l registers garbage at all times.
  */
 #define ALL_GENERAL_REGS     MAKE_64BIT_MASK(0, 32)
-#if SPARC64
 # define ALL_GENERAL_REGS64  ALL_GENERAL_REGS
-#else
-# define ALL_GENERAL_REGS64  MAKE_64BIT_MASK(0, 16)
-#endif
 #define ALL_QLDST_REGS       (ALL_GENERAL_REGS & ~SOFTMMU_RESERVE_REGS)
 #define ALL_QLDST_REGS64     (ALL_GENERAL_REGS64 & ~SOFTMMU_RESERVE_REGS)
 
@@ -XXX,XX +XXX,XX @@ static bool check_fit_i32(int32_t val, unsigned int bits)
 }
 
 #define check_fit_tl    check_fit_i64
-#if SPARC64
-# define check_fit_ptr  check_fit_i64
-#else
-# define check_fit_ptr  check_fit_i32
-#endif
+#define check_fit_ptr   check_fit_i64
 
 static bool patch_reloc(tcg_insn_unit *src_rw, int type,
                         intptr_t value, intptr_t addend)
@@ -XXX,XX +XXX,XX @@ static void tcg_out_sety(TCGContext *s, TCGReg rs)
     tcg_out32(s, WRY | INSN_RS1(TCG_REG_G0) | INSN_RS2(rs));
 }
 
-static void tcg_out_rdy(TCGContext *s, TCGReg rd)
-{
-    tcg_out32(s, RDY | INSN_RD(rd));
-}
-
 static void tcg_out_div32(TCGContext *s, TCGReg rd, TCGReg rs1,
                           int32_t val2, int val2const, int uns)
 {
@@ -XXX,XX +XXX,XX @@ static void emit_extend(TCGContext *s, TCGReg r, int op)
         tcg_out_arithi(s, r, r, 16, SHIFT_SRL);
         break;
     case MO_32:
-        if (SPARC64) {
-            tcg_out_arith(s, r, r, 0, SHIFT_SRL);
-        }
+        tcg_out_arith(s, r, r, 0, SHIFT_SRL);
         break;
     case MO_64:
         break;
@@ -XXX,XX +XXX,XX @@ static void build_trampolines(TCGContext *s)
     };
 
     int i;
-    TCGReg ra;
 
     for (i = 0; i < ARRAY_SIZE(qemu_ld_helpers); ++i) {
         if (qemu_ld_helpers[i] == NULL) {
@@ -XXX,XX +XXX,XX @@ static void build_trampolines(TCGContext *s)
         }
         qemu_ld_trampoline[i] = tcg_splitwx_to_rx(s->code_ptr);
 
-        if (SPARC64 || TARGET_LONG_BITS == 32) {
-            ra = TCG_REG_O3;
-        } else {
-            /* Install the high part of the address.  */
-            tcg_out_arithi(s, TCG_REG_O1, TCG_REG_O2, 32, SHIFT_SRLX);
-            ra = TCG_REG_O4;
-        }
-
         /* Set the retaddr operand.  */
-        tcg_out_mov(s, TCG_TYPE_PTR, ra, TCG_REG_O7);
+        tcg_out_mov(s, TCG_TYPE_PTR, TCG_REG_O3, TCG_REG_O7);
         /* Tail call.  */
         tcg_out_jmpl_const(s, qemu_ld_helpers[i], true, true);
         /* delay slot -- set the env argument */
@@ -XXX,XX +XXX,XX @@ static void build_trampolines(TCGContext *s)
         }
         qemu_st_trampoline[i] = tcg_splitwx_to_rx(s->code_ptr);
 
-        if (SPARC64) {
-            emit_extend(s, TCG_REG_O2, i);
-            ra = TCG_REG_O4;
-        } else {
-            ra = TCG_REG_O1;
-            if (TARGET_LONG_BITS == 64) {
-                /* Install the high part of the address.  */
-                tcg_out_arithi(s, ra, ra + 1, 32, SHIFT_SRLX);
-                ra += 2;
-            } else {
-                ra += 1;
-            }
-            if ((i & MO_SIZE) == MO_64) {
-                /* Install the high part of the data.  */
-                tcg_out_arithi(s, ra, ra + 1, 32, SHIFT_SRLX);
-                ra += 2;
-            } else {
-                emit_extend(s, ra, i);
-                ra += 1;
-            }
-            /* Skip the oi argument.  */
-            ra += 1;
-        }
-                
+        emit_extend(s, TCG_REG_O2, i);
+
         /* Set the retaddr operand.  */
-        if (ra >= TCG_REG_O6) {
-            tcg_out_st(s, TCG_TYPE_PTR, TCG_REG_O7, TCG_REG_CALL_STACK,
-                       TCG_TARGET_CALL_STACK_OFFSET);
-        } else {
-            tcg_out_mov(s, TCG_TYPE_PTR, ra, TCG_REG_O7);
-        }
+        tcg_out_mov(s, TCG_TYPE_PTR, TCG_REG_O4, TCG_REG_O7);
 
         /* Tail call.  */
         tcg_out_jmpl_const(s, qemu_st_helpers[i], true, true);
@@ -XXX,XX +XXX,XX @@ static void build_trampolines(TCGContext *s)
             qemu_unalign_st_trampoline = tcg_splitwx_to_rx(s->code_ptr);
         }
 
-        if (!SPARC64 && TARGET_LONG_BITS == 64) {
-            /* Install the high part of the address.  */
-            tcg_out_arithi(s, TCG_REG_O1, TCG_REG_O2, 32, SHIFT_SRLX);
-        }
-
         /* Tail call.  */
         tcg_out_jmpl_const(s, helper, true, true);
         /* delay slot -- set the env argument */
@@ -XXX,XX +XXX,XX @@ static TCGReg tcg_out_tlb_load(TCGContext *s, TCGReg addr, int mem_index,
     tcg_out_cmp(s, r0, r2, 0);
 
     /* If the guest address must be zero-extended, do so now.  */
-    if (SPARC64 && TARGET_LONG_BITS == 32) {
+    if (TARGET_LONG_BITS == 32) {
         tcg_out_arithi(s, r0, addr, 0, SHIFT_SRL);
         return r0;
     }
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, TCGReg data, TCGReg addr,
 
 #ifdef CONFIG_SOFTMMU
     unsigned memi = get_mmuidx(oi);
-    TCGReg addrz, param;
+    TCGReg addrz;
     const tcg_insn_unit *func;
 
     addrz = tcg_out_tlb_load(s, addr, memi, memop,
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, TCGReg data, TCGReg addr,
 
     /* TLB Miss.  */
 
-    param = TCG_REG_O1;
-    if (!SPARC64 && TARGET_LONG_BITS == 64) {
-        /* Skip the high-part; we'll perform the extract in the trampoline.  */
-        param++;
-    }
-    tcg_out_mov(s, TCG_TYPE_REG, param++, addrz);
+    tcg_out_mov(s, TCG_TYPE_REG, TCG_REG_O1, addrz);
 
     /* We use the helpers to extend SB and SW data, leaving the case
        of SL needing explicit extending below.  */
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, TCGReg data, TCGReg addr,
     tcg_debug_assert(func != NULL);
     tcg_out_call_nodelay(s, func, false);
     /* delay slot */
-    tcg_out_movi(s, TCG_TYPE_I32, param, oi);
+    tcg_out_movi(s, TCG_TYPE_I32, TCG_REG_O2, oi);
 
-    /* Recall that all of the helpers return 64-bit results.
-       Which complicates things for sparcv8plus.  */
-    if (SPARC64) {
-        /* We let the helper sign-extend SB and SW, but leave SL for here.  */
-        if (is_64 && (memop & MO_SSIZE) == MO_SL) {
-            tcg_out_arithi(s, data, TCG_REG_O0, 0, SHIFT_SRA);
-        } else {
-            tcg_out_mov(s, TCG_TYPE_REG, data, TCG_REG_O0);
-        }
+    /* We let the helper sign-extend SB and SW, but leave SL for here.  */
+    if (is_64 && (memop & MO_SSIZE) == MO_SL) {
+        tcg_out_arithi(s, data, TCG_REG_O0, 0, SHIFT_SRA);
     } else {
-        if ((memop & MO_SIZE) == MO_64) {
-            tcg_out_arithi(s, TCG_REG_O0, TCG_REG_O0, 32, SHIFT_SLLX);
-            tcg_out_arithi(s, TCG_REG_O1, TCG_REG_O1, 0, SHIFT_SRL);
-            tcg_out_arith(s, data, TCG_REG_O0, TCG_REG_O1, ARITH_OR);
-        } else if (is_64) {
-            /* Re-extend from 32-bit rather than reassembling when we
-               know the high register must be an extension.  */
-            tcg_out_arithi(s, data, TCG_REG_O1, 0,
-                           memop & MO_SIGN ? SHIFT_SRA : SHIFT_SRL);
-        } else {
-            tcg_out_mov(s, TCG_TYPE_I32, data, TCG_REG_O1);
-        }
+        tcg_out_mov(s, TCG_TYPE_REG, data, TCG_REG_O0);
     }
 
     *label_ptr |= INSN_OFF19(tcg_ptr_byte_diff(s->code_ptr, label_ptr));
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, TCGReg data, TCGReg addr,
     unsigned s_bits = memop & MO_SIZE;
     unsigned t_bits;
 
-    if (SPARC64 && TARGET_LONG_BITS == 32) {
+    if (TARGET_LONG_BITS == 32) {
         tcg_out_arithi(s, TCG_REG_T1, addr, 0, SHIFT_SRL);
         addr = TCG_REG_T1;
     }
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, TCGReg data, TCGReg addr,
          * operation in the delay slot, and failure need only invoke the
          * handler for SIGBUS.
          */
-        TCGReg arg_low = TCG_REG_O1 + (!SPARC64 && TARGET_LONG_BITS == 64);
         tcg_out_call_nodelay(s, qemu_unalign_ld_trampoline, false);
         /* delay slot -- move to low part of argument reg */
-        tcg_out_mov_delay(s, arg_low, addr);
+        tcg_out_mov_delay(s, TCG_REG_O1, addr);
     } else {
         /* Underalignment: load by pieces of minimum alignment. */
         int ld_opc, a_size, s_size, i;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, TCGReg data, TCGReg addr,
 
 #ifdef CONFIG_SOFTMMU
     unsigned memi = get_mmuidx(oi);
-    TCGReg addrz, param;
+    TCGReg addrz;
     const tcg_insn_unit *func;
 
     addrz = tcg_out_tlb_load(s, addr, memi, memop,
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, TCGReg data, TCGReg addr,
 
     /* TLB Miss.  */
 
-    param = TCG_REG_O1;
-    if (!SPARC64 && TARGET_LONG_BITS == 64) {
-        /* Skip the high-part; we'll perform the extract in the trampoline.  */
-        param++;
-    }
-    tcg_out_mov(s, TCG_TYPE_REG, param++, addrz);
-    if (!SPARC64 && (memop & MO_SIZE) == MO_64) {
-        /* Skip the high-part; we'll perform the extract in the trampoline.  */
-        param++;
-    }
-    tcg_out_mov(s, TCG_TYPE_REG, param++, data);
+    tcg_out_mov(s, TCG_TYPE_REG, TCG_REG_O1, addrz);
+    tcg_out_mov(s, TCG_TYPE_REG, TCG_REG_O2, data);
 
     func = qemu_st_trampoline[memop & (MO_BSWAP | MO_SIZE)];
     tcg_debug_assert(func != NULL);
     tcg_out_call_nodelay(s, func, false);
     /* delay slot */
-    tcg_out_movi(s, TCG_TYPE_I32, param, oi);
+    tcg_out_movi(s, TCG_TYPE_I32, TCG_REG_O3, oi);
 
     *label_ptr |= INSN_OFF19(tcg_ptr_byte_diff(s->code_ptr, label_ptr));
 #else
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, TCGReg data, TCGReg addr,
     unsigned s_bits = memop & MO_SIZE;
     unsigned t_bits;
 
-    if (SPARC64 && TARGET_LONG_BITS == 32) {
+    if (TARGET_LONG_BITS == 32) {
         tcg_out_arithi(s, TCG_REG_T1, addr, 0, SHIFT_SRL);
         addr = TCG_REG_T1;
     }
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, TCGReg data, TCGReg addr,
          * operation in the delay slot, and failure need only invoke the
          * handler for SIGBUS.
          */
-        TCGReg arg_low = TCG_REG_O1 + (!SPARC64 && TARGET_LONG_BITS == 64);
         tcg_out_call_nodelay(s, qemu_unalign_st_trampoline, false);
         /* delay slot -- move to low part of argument reg */
-        tcg_out_mov_delay(s, arg_low, addr);
+        tcg_out_mov_delay(s, TCG_REG_O1, addr);
     } else {
         /* Underalignment: store by pieces of minimum alignment. */
         int st_opc, a_size, s_size, i;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
     case INDEX_op_muls2_i32:
         c = ARITH_SMUL;
     do_mul2:
-        /* The 32-bit multiply insns produce a full 64-bit result.  If the
-           destination register can hold it, we can avoid the slower RDY.  */
+        /* The 32-bit multiply insns produce a full 64-bit result. */
         tcg_out_arithc(s, a0, a2, args[3], const_args[3], c);
-        if (SPARC64 || a0 <= TCG_REG_O7) {
-            tcg_out_arithi(s, a1, a0, 32, SHIFT_SRLX);
-        } else {
-            tcg_out_rdy(s, a1);
-        }
+        tcg_out_arithi(s, a1, a0, 32, SHIFT_SRLX);
         break;
 
     case INDEX_op_qemu_ld_i32:
@@ -XXX,XX +XXX,XX @@ static void tcg_target_init(TCGContext *s)
     tcg_regset_set_reg(s->reserved_regs, TCG_REG_T2); /* for internal use */
 }
 
-#if SPARC64
-# define ELF_HOST_MACHINE  EM_SPARCV9
-#else
-# define ELF_HOST_MACHINE  EM_SPARC32PLUS
-# define ELF_HOST_FLAGS    EF_SPARC_32PLUS
-#endif
+#define ELF_HOST_MACHINE  EM_SPARCV9
 
 typedef struct {
     DebugFrameHeader h;
-    uint8_t fde_def_cfa[SPARC64 ? 4 : 2];
+    uint8_t fde_def_cfa[4];
     uint8_t fde_win_save;
     uint8_t fde_ret_save[3];
 } DebugFrame;
@@ -XXX,XX +XXX,XX @@ static const DebugFrame debug_frame = {
     .h.fde.len = sizeof(DebugFrame) - offsetof(DebugFrame, h.fde.cie_offset),
 
     .fde_def_cfa = {
-#if SPARC64
         12, 30,                         /* DW_CFA_def_cfa i6, 2047 */
         (2047 & 0x7f) | 0x80, (2047 >> 7)
-#else
-        13, 30                          /* DW_CFA_def_cfa_register i6 */
-#endif
     },
     .fde_win_save = 0x2d,               /* DW_CFA_GNU_window_save */
     .fde_ret_save = { 9, 15, 31 },      /* DW_CFA_register o7, i7 */
-- 
2.34.1

Emphasize that we only support full 64-bit code generation.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 meson.build                                 | 4 +---
 tcg/{sparc => sparc64}/tcg-target-con-set.h | 0
 tcg/{sparc => sparc64}/tcg-target-con-str.h | 0
 tcg/{sparc => sparc64}/tcg-target.h         | 0
 tcg/{sparc => sparc64}/tcg-target.c.inc     | 0
 MAINTAINERS                                 | 2 +-
 6 files changed, 2 insertions(+), 4 deletions(-)
 rename tcg/{sparc => sparc64}/tcg-target-con-set.h (100%)
 rename tcg/{sparc => sparc64}/tcg-target-con-str.h (100%)
 rename tcg/{sparc => sparc64}/tcg-target.h (100%)
 rename tcg/{sparc => sparc64}/tcg-target.c.inc (100%)

diff --git a/meson.build b/meson.build
index XXXXXXX..XXXXXXX 100644
--- a/meson.build
+++ b/meson.build
@@ -XXX,XX +XXX,XX @@ qapi_trace_events = []
 bsd_oses = ['gnu/kfreebsd', 'freebsd', 'netbsd', 'openbsd', 'dragonfly', 'darwin']
 supported_oses = ['windows', 'freebsd', 'netbsd', 'openbsd', 'darwin', 'sunos', 'linux']
 supported_cpus = ['ppc', 'ppc64', 's390x', 'riscv', 'x86', 'x86_64',
-  'arm', 'aarch64', 'loongarch64', 'mips', 'mips64', 'sparc', 'sparc64']
+  'arm', 'aarch64', 'loongarch64', 'mips', 'mips64', 'sparc64']
 
 cpu = host_machine.cpu_family()
 
@@ -XXX,XX +XXX,XX @@ if get_option('tcg').allowed()
   endif
   if get_option('tcg_interpreter')
     tcg_arch = 'tci'
-  elif host_arch == 'sparc64'
-    tcg_arch = 'sparc'
   elif host_arch == 'x86_64'
     tcg_arch = 'i386'
   elif host_arch == 'ppc64'
diff --git a/tcg/sparc/tcg-target-con-set.h b/tcg/sparc64/tcg-target-con-set.h
similarity index 100%
rename from tcg/sparc/tcg-target-con-set.h
rename to tcg/sparc64/tcg-target-con-set.h
diff --git a/tcg/sparc/tcg-target-con-str.h b/tcg/sparc64/tcg-target-con-str.h
similarity index 100%
rename from tcg/sparc/tcg-target-con-str.h
rename to tcg/sparc64/tcg-target-con-str.h
diff --git a/tcg/sparc/tcg-target.h b/tcg/sparc64/tcg-target.h
similarity index 100%
rename from tcg/sparc/tcg-target.h
rename to tcg/sparc64/tcg-target.h
diff --git a/tcg/sparc/tcg-target.c.inc b/tcg/sparc64/tcg-target.c.inc
similarity index 100%
rename from tcg/sparc/tcg-target.c.inc
rename to tcg/sparc64/tcg-target.c.inc
diff --git a/MAINTAINERS b/MAINTAINERS
index XXXXXXX..XXXXXXX 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -XXX,XX +XXX,XX @@ L: qemu-s390x@nongnu.org
 
 SPARC TCG target
 S: Odd Fixes
-F: tcg/sparc/
+F: tcg/sparc64/
 F: disas/sparc.c
 
 TCI TCG target
-- 
2.34.1

With sparc64 we need not distinguish between registers that
can hold 32-bit values and those that can hold 64-bit values.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/sparc64/tcg-target-con-set.h |  16 +----
 tcg/sparc64/tcg-target-con-str.h |   3 -
 tcg/sparc64/tcg-target.c.inc     | 109 ++++++++++++-------------------
 3 files changed, 44 insertions(+), 84 deletions(-)

diff --git a/tcg/sparc64/tcg-target-con-set.h b/tcg/sparc64/tcg-target-con-set.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/sparc64/tcg-target-con-set.h
+++ b/tcg/sparc64/tcg-target-con-set.h
@@ -XXX,XX +XXX,XX @@
  */
 C_O0_I1(r)
 C_O0_I2(rZ, r)
-C_O0_I2(RZ, r)
 C_O0_I2(rZ, rJ)
-C_O0_I2(RZ, RJ)
-C_O0_I2(sZ, A)
-C_O0_I2(SZ, A)
-C_O1_I1(r, A)
-C_O1_I1(R, A)
+C_O0_I2(sZ, s)
+C_O1_I1(r, s)
 C_O1_I1(r, r)
-C_O1_I1(r, R)
-C_O1_I1(R, r)
-C_O1_I1(R, R)
-C_O1_I2(R, R, R)
+C_O1_I2(r, r, r)
 C_O1_I2(r, rZ, rJ)
-C_O1_I2(R, RZ, RJ)
 C_O1_I4(r, rZ, rJ, rI, 0)
-C_O1_I4(R, RZ, RJ, RI, 0)
 C_O2_I2(r, r, rZ, rJ)
-C_O2_I4(R, R, RZ, RZ, RJ, RI)
 C_O2_I4(r, r, rZ, rZ, rJ, rJ)
diff --git a/tcg/sparc64/tcg-target-con-str.h b/tcg/sparc64/tcg-target-con-str.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/sparc64/tcg-target-con-str.h
+++ b/tcg/sparc64/tcg-target-con-str.h
@@ -XXX,XX +XXX,XX @@
  * REGS(letter, register_mask)
  */
 REGS('r', ALL_GENERAL_REGS)
-REGS('R', ALL_GENERAL_REGS64)
 REGS('s', ALL_QLDST_REGS)
-REGS('S', ALL_QLDST_REGS64)
-REGS('A', TARGET_LONG_BITS == 64 ? ALL_QLDST_REGS64 : ALL_QLDST_REGS)
 
 /*
  * Define constraint letters for constants:
diff --git a/tcg/sparc64/tcg-target.c.inc b/tcg/sparc64/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/sparc64/tcg-target.c.inc
+++ b/tcg/sparc64/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static const char * const tcg_target_reg_names[TCG_TARGET_NB_REGS] = {
 #else
 #define SOFTMMU_RESERVE_REGS 0
 #endif
-
-/*
- * Note that sparcv8plus can only hold 64 bit quantities in %g and %o
- * registers.  These are saved manually by the kernel in full 64-bit
- * slots.  The %i and %l registers are saved by the register window
- * mechanism, which only allocates space for 32 bits.  Given that this
- * window spill/fill can happen on any signal, we must consider the
- * high bits of the %i and %l registers garbage at all times.
- */
 #define ALL_GENERAL_REGS     MAKE_64BIT_MASK(0, 32)
-# define ALL_GENERAL_REGS64  ALL_GENERAL_REGS
 #define ALL_QLDST_REGS       (ALL_GENERAL_REGS & ~SOFTMMU_RESERVE_REGS)
-#define ALL_QLDST_REGS64     (ALL_GENERAL_REGS64 & ~SOFTMMU_RESERVE_REGS)
 
 /* Define some temporary registers.  T2 is used for constant generation.  */
 #define TCG_REG_T1  TCG_REG_G1
@@ -XXX,XX +XXX,XX @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
         return C_O0_I1(r);
 
     case INDEX_op_ld8u_i32:
+    case INDEX_op_ld8u_i64:
     case INDEX_op_ld8s_i32:
+    case INDEX_op_ld8s_i64:
     case INDEX_op_ld16u_i32:
+    case INDEX_op_ld16u_i64:
     case INDEX_op_ld16s_i32:
+    case INDEX_op_ld16s_i64:
     case INDEX_op_ld_i32:
+    case INDEX_op_ld32u_i64:
+    case INDEX_op_ld32s_i64:
+    case INDEX_op_ld_i64:
     case INDEX_op_neg_i32:
+    case INDEX_op_neg_i64:
     case INDEX_op_not_i32:
+    case INDEX_op_not_i64:
+    case INDEX_op_ext32s_i64:
+    case INDEX_op_ext32u_i64:
+    case INDEX_op_ext_i32_i64:
+    case INDEX_op_extu_i32_i64:
+    case INDEX_op_extrl_i64_i32:
+    case INDEX_op_extrh_i64_i32:
         return C_O1_I1(r, r);
 
     case INDEX_op_st8_i32:
+    case INDEX_op_st8_i64:
     case INDEX_op_st16_i32:
+    case INDEX_op_st16_i64:
     case INDEX_op_st_i32:
+    case INDEX_op_st32_i64:
+    case INDEX_op_st_i64:
         return C_O0_I2(rZ, r);
 
     case INDEX_op_add_i32:
+    case INDEX_op_add_i64:
     case INDEX_op_mul_i32:
+    case INDEX_op_mul_i64:
     case INDEX_op_div_i32:
+    case INDEX_op_div_i64:
     case INDEX_op_divu_i32:
+    case INDEX_op_divu_i64:
     case INDEX_op_sub_i32:
+    case INDEX_op_sub_i64:
     case INDEX_op_and_i32:
+    case INDEX_op_and_i64:
     case INDEX_op_andc_i32:
+    case INDEX_op_andc_i64:
     case INDEX_op_or_i32:
+    case INDEX_op_or_i64:
     case INDEX_op_orc_i32:
+    case INDEX_op_orc_i64:
     case INDEX_op_xor_i32:
+    case INDEX_op_xor_i64:
     case INDEX_op_shl_i32:
+    case INDEX_op_shl_i64:
     case INDEX_op_shr_i32:
+    case INDEX_op_shr_i64:
     case INDEX_op_sar_i32:
+    case INDEX_op_sar_i64:
     case INDEX_op_setcond_i32:
+    case INDEX_op_setcond_i64:
         return C_O1_I2(r, rZ, rJ);
 
     case INDEX_op_brcond_i32:
+    case INDEX_op_brcond_i64:
         return C_O0_I2(rZ, rJ);
     case INDEX_op_movcond_i32:
+    case INDEX_op_movcond_i64:
         return C_O1_I4(r, rZ, rJ, rI, 0);
     case INDEX_op_add2_i32:
+    case INDEX_op_add2_i64:
     case INDEX_op_sub2_i32:
+    case INDEX_op_sub2_i64:
         return C_O2_I4(r, r, rZ, rZ, rJ, rJ);
     case INDEX_op_mulu2_i32:
     case INDEX_op_muls2_i32:
         return C_O2_I2(r, r, rZ, rJ);
-
-    case INDEX_op_ld8u_i64:
-    case INDEX_op_ld8s_i64:
-    case INDEX_op_ld16u_i64:
-    case INDEX_op_ld16s_i64:
-    case INDEX_op_ld32u_i64:
-    case INDEX_op_ld32s_i64:
-    case INDEX_op_ld_i64:
-    case INDEX_op_ext_i32_i64:
-    case INDEX_op_extu_i32_i64:
-        return C_O1_I1(R, r);
-
-    case INDEX_op_st8_i64:
-    case INDEX_op_st16_i64:
-    case INDEX_op_st32_i64:
-    case INDEX_op_st_i64:
-        return C_O0_I2(RZ, r);
-
-    case INDEX_op_add_i64:
-    case INDEX_op_mul_i64:
-    case INDEX_op_div_i64:
-    case INDEX_op_divu_i64:
-    case INDEX_op_sub_i64:
-    case INDEX_op_and_i64:
-    case INDEX_op_andc_i64:
-    case INDEX_op_or_i64:
-    case INDEX_op_orc_i64:
-    case INDEX_op_xor_i64:
-    case INDEX_op_shl_i64:
-    case INDEX_op_shr_i64:
-    case INDEX_op_sar_i64:
-    case INDEX_op_setcond_i64:
-        return C_O1_I2(R, RZ, RJ);
-
-    case INDEX_op_neg_i64:
-    case INDEX_op_not_i64:
-    case INDEX_op_ext32s_i64:
-    case INDEX_op_ext32u_i64:
-        return C_O1_I1(R, R);
-
-    case INDEX_op_extrl_i64_i32:
-    case INDEX_op_extrh_i64_i32:
-        return C_O1_I1(r, R);
-
-    case INDEX_op_brcond_i64:
-        return C_O0_I2(RZ, RJ);
-    case INDEX_op_movcond_i64:
-        return C_O1_I4(R, RZ, RJ, RI, 0);
-    case INDEX_op_add2_i64:
-    case INDEX_op_sub2_i64:
-        return C_O2_I4(R, R, RZ, RZ, RJ, RI);
     case INDEX_op_muluh_i64:
-        return C_O1_I2(R, R, R);
+        return C_O1_I2(r, r, r);
 
     case INDEX_op_qemu_ld_i32:
-        return C_O1_I1(r, A);
     case INDEX_op_qemu_ld_i64:
-        return C_O1_I1(R, A);
+        return C_O1_I1(r, s);
     case INDEX_op_qemu_st_i32:
-        return C_O0_I2(sZ, A);
     case INDEX_op_qemu_st_i64:
-        return C_O0_I2(SZ, A);
+        return C_O0_I2(sZ, s);
 
     default:
         g_assert_not_reached();
@@ -XXX,XX +XXX,XX @@ static void tcg_target_init(TCGContext *s)
 #endif
 
     tcg_target_available_regs[TCG_TYPE_I32] = ALL_GENERAL_REGS;
-    tcg_target_available_regs[TCG_TYPE_I64] = ALL_GENERAL_REGS64;
+    tcg_target_available_regs[TCG_TYPE_I64] = ALL_GENERAL_REGS;
 
     tcg_target_call_clobber_regs = 0;
     tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_G1);
-- 
2.34.1

From: Icenowy Zheng <uwu@icenowy.me>

When registering helpers via FFI for TCI, the inner loop that iterates
parameters of the helper reuses (and thus pollutes) the same variable
used by the outer loop that iterates all helpers, thus made some helpers
unregistered.

Fix this logic error by using a dedicated temporary variable for the
inner loop.

Fixes: 22f15579fa ("tcg: Build ffi data structures for helpers")
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Icenowy Zheng <uwu@icenowy.me>
Message-Id: <20221028072145.1593205-1-uwu@icenowy.me>
[rth: Move declaration of j to the for loop itself]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/tcg.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tcg/tcg.c b/tcg/tcg.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -XXX,XX +XXX,XX @@ static void tcg_context_init(unsigned max_cpus)
 
         if (nargs != 0) {
             ca->cif.arg_types = ca->args;
-            for (i = 0; i < nargs; ++i) {
-                int typecode = extract32(typemask, (i + 1) * 3, 3);
-                ca->args[i] = typecode_to_ffi[typecode];
+            for (int j = 0; j < nargs; ++j) {
+                int typecode = extract32(typemask, (j + 1) * 3, 3);
+                ca->args[j] = typecode_to_ffi[typecode];
             }
         }
 
-- 
2.34.1

Add a way to examine the unwind data without actually
restoring the data back into env.

Reviewed-by: Claudio Fontana <cfontana@suse.de>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/internal.h      |  4 +--
 include/exec/exec-all.h   | 21 ++++++++---
 accel/tcg/translate-all.c | 74 ++++++++++++++++++++++++++-------------
 3 files changed, 68 insertions(+), 31 deletions(-)

diff --git a/accel/tcg/internal.h b/accel/tcg/internal.h
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/internal.h
+++ b/accel/tcg/internal.h
@@ -XXX,XX +XXX,XX @@ void tb_reset_jump(TranslationBlock *tb, int n);
 TranslationBlock *tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
                                tb_page_addr_t phys_page2);
 bool tb_invalidate_phys_page_unwind(tb_page_addr_t addr, uintptr_t pc);
-int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
-                              uintptr_t searched_pc, bool reset_icount);
+void cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
+                               uintptr_t host_pc, bool reset_icount);
 
 /* Return the current PC from CPU, which may be cached in TB. */
 static inline target_ulong log_pc(CPUState *cpu, const TranslationBlock *tb)
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -XXX,XX +XXX,XX @@ typedef ram_addr_t tb_page_addr_t;
 #define TB_PAGE_ADDR_FMT RAM_ADDR_FMT
 #endif
 
+/**
+ * cpu_unwind_state_data:
+ * @cpu: the cpu context
+ * @host_pc: the host pc within the translation
+ * @data: output data
+ *
+ * Attempt to load the the unwind state for a host pc occurring in
+ * translated code.  If @host_pc is not in translated code, the
+ * function returns false; otherwise @data is loaded.
+ * This is the same unwind info as given to restore_state_to_opc.
+ */
+bool cpu_unwind_state_data(CPUState *cpu, uintptr_t host_pc, uint64_t *data);
+
 /**
  * cpu_restore_state:
- * @cpu: the vCPU state is to be restore to
- * @searched_pc: the host PC the fault occurred at
+ * @cpu: the cpu context
+ * @host_pc: the host pc within the translation
  * @will_exit: true if the TB executed will be interrupted after some
                cpu adjustments. Required for maintaining the correct
                icount valus
  * @return: true if state was restored, false otherwise
  *
  * Attempt to restore the state for a fault occurring in translated
- * code. If the searched_pc is not in translated code no state is
+ * code. If @host_pc is not in translated code no state is
  * restored and the function returns false.
  */
-bool cpu_restore_state(CPUState *cpu, uintptr_t searched_pc, bool will_exit);
+bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc, bool will_exit);
 
 G_NORETURN void cpu_loop_exit_noexc(CPUState *cpu);
 G_NORETURN void cpu_loop_exit(CPUState *cpu);
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ static int encode_search(TranslationBlock *tb, uint8_t *block)
     return p - block;
 }
 
-/* The cpu state corresponding to 'searched_pc' is restored.
- * When reset_icount is true, current TB will be interrupted and
- * icount should be recalculated.
- */
-int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
-                              uintptr_t searched_pc, bool reset_icount)
+static int cpu_unwind_data_from_tb(TranslationBlock *tb, uintptr_t host_pc,
+                                   uint64_t *data)
 {
-    uint64_t data[TARGET_INSN_START_WORDS];
-    uintptr_t host_pc = (uintptr_t)tb->tc.ptr;
+    uintptr_t iter_pc = (uintptr_t)tb->tc.ptr;
     const uint8_t *p = tb->tc.ptr + tb->tc.size;
     int i, j, num_insns = tb->icount;
-#ifdef CONFIG_PROFILER
-    TCGProfile *prof = &tcg_ctx->prof;
-    int64_t ti = profile_getclock();
-#endif
 
-    searched_pc -= GETPC_ADJ;
+    host_pc -= GETPC_ADJ;
 
-    if (searched_pc < host_pc) {
+    if (host_pc < iter_pc) {
         return -1;
     }
 
-    memset(data, 0, sizeof(data));
+    memset(data, 0, sizeof(uint64_t) * TARGET_INSN_START_WORDS);
     if (!TARGET_TB_PCREL) {
         data[0] = tb_pc(tb);
     }
 
-    /* Reconstruct the stored insn data while looking for the point at
-       which the end of the insn exceeds the searched_pc.  */
+    /*
+     * Reconstruct the stored insn data while looking for the point
+     * at which the end of the insn exceeds host_pc.
+     */
     for (i = 0; i < num_insns; ++i) {
         for (j = 0; j < TARGET_INSN_START_WORDS; ++j) {
             data[j] += decode_sleb128(&p);
         }
-        host_pc += decode_sleb128(&p);
-        if (host_pc > searched_pc) {
-            goto found;
+        iter_pc += decode_sleb128(&p);
+        if (iter_pc > host_pc) {
+            return num_insns - i;
         }
     }
     return -1;
+}
+
+/*
+ * The cpu state corresponding to 'host_pc' is restored.
+ * When reset_icount is true, current TB will be interrupted and
+ * icount should be recalculated.
+ */
+void cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
+                               uintptr_t host_pc, bool reset_icount)
+{
+    uint64_t data[TARGET_INSN_START_WORDS];
+#ifdef CONFIG_PROFILER
+    TCGProfile *prof = &tcg_ctx->prof;
+    int64_t ti = profile_getclock();
+#endif
+    int insns_left = cpu_unwind_data_from_tb(tb, host_pc, data);
+
+    if (insns_left < 0) {
+        return;
+    }
 
- found:
     if (reset_icount && (tb_cflags(tb) & CF_USE_ICOUNT)) {
         assert(icount_enabled());
-        /* Reset the cycle counter to the start of the block
-           and shift if to the number of actually executed instructions */
-        cpu_neg(cpu)->icount_decr.u16.low += num_insns - i;
+        /*
+         * Reset the cycle counter to the start of the block and
+         * shift if to the number of actually executed instructions.
+         */
+        cpu_neg(cpu)->icount_decr.u16.low += insns_left;
     }
 
     cpu->cc->tcg_ops->restore_state_to_opc(cpu, tb, data);
@@ -XXX,XX +XXX,XX @@ int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
                 prof->restore_time + profile_getclock() - ti);
     qatomic_set(&prof->restore_count, prof->restore_count + 1);
 #endif
-    return 0;
 }
 
 bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc, bool will_exit)
@@ -XXX,XX +XXX,XX @@ bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc, bool will_exit)
     return false;
 }
 
+bool cpu_unwind_state_data(CPUState *cpu, uintptr_t host_pc, uint64_t *data)
+{
+    if (in_code_gen_buffer((const void *)(host_pc - tcg_splitwx_diff))) {
+        TranslationBlock *tb = tcg_tb_lookup(host_pc);
+        if (tb) {
+            return cpu_unwind_data_from_tb(tb, host_pc, data) >= 0;
+        }
+    }
+    return false;
+}
+
 void page_init(void)
 {
     page_size_init();
-- 
2.34.1

Avoid cpu_restore_state, and modifying env->eip out from
underneath the translator with TARGET_TB_PCREL.  There is
some slight duplication from x86_restore_state_to_opc,
but it's just a few lines.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1269
Reviewed-by: Claudio Fontana <cfontana@suse.de>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/i386/helper.c | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/target/i386/helper.c b/target/i386/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/helper.c
+++ b/target/i386/helper.c
@@ -XXX,XX +XXX,XX @@ void cpu_x86_inject_mce(Monitor *mon, X86CPU *cpu, int bank,
     }
 }
 
+static target_ulong get_memio_eip(CPUX86State *env)
+{
+    uint64_t data[TARGET_INSN_START_WORDS];
+    CPUState *cs = env_cpu(env);
+
+    if (!cpu_unwind_state_data(cs, cs->mem_io_pc, data)) {
+        return env->eip;
+    }
+
+    /* Per x86_restore_state_to_opc. */
+    if (TARGET_TB_PCREL) {
+        return (env->eip & TARGET_PAGE_MASK) | data[0];
+    } else {
+        return data[0] - env->segs[R_CS].base;
+    }
+}
+
 void cpu_report_tpr_access(CPUX86State *env, TPRAccess access)
 {
     X86CPU *cpu = env_archcpu(env);
@@ -XXX,XX +XXX,XX @@ void cpu_report_tpr_access(CPUX86State *env, TPRAccess access)
 
         cpu_interrupt(cs, CPU_INTERRUPT_TPR);
     } else if (tcg_enabled()) {
-        cpu_restore_state(cs, cs->mem_io_pc, false);
+        target_ulong eip = get_memio_eip(env);
 
-        apic_handle_tpr_access_report(cpu->apic_state, env->eip, access);
+        apic_handle_tpr_access_report(cpu->apic_state, eip, access);
     }
 }
 #endif /* !CONFIG_USER_ONLY */
-- 
2.34.1

Since we do not plan to exit, use cpu_unwind_state_data
and extract exactly the data requested.

This is a bug fix, in that we no longer clobber dflag.

Consider:

l.j       L2         // branch
        l.mfspr   r1, ppc    // delay

L1:     boom
L2:     l.lwa     r3, (r4)

Here, dflag would be set by cpu_restore_state (because that is the current
state of the cpu), but but not cleared by tb_stop on exiting the TB
(because DisasContext has recorded the current value as zero).

The next TB begins at L2 with dflag incorrectly set.  If the load has a
tlb miss, then the exception will be delivered as per a delay slot:
with DSX set in the status register and PC decremented (delay slots
restart by re-executing the branch). This will cause the return from
interrupt to go to L1, and boom!

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/openrisc/sys_helper.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/target/openrisc/sys_helper.c b/target/openrisc/sys_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/openrisc/sys_helper.c
+++ b/target/openrisc/sys_helper.c
@@ -XXX,XX +XXX,XX @@ target_ulong HELPER(mfspr)(CPUOpenRISCState *env, target_ulong rd,
                            target_ulong spr)
 {
 #ifndef CONFIG_USER_ONLY
+    uint64_t data[TARGET_INSN_START_WORDS];
     MachineState *ms = MACHINE(qdev_get_machine());
     OpenRISCCPU *cpu = env_archcpu(env);
     CPUState *cs = env_cpu(env);
@@ -XXX,XX +XXX,XX @@ target_ulong HELPER(mfspr)(CPUOpenRISCState *env, target_ulong rd,
         return env->evbar;
 
     case TO_SPR(0, 16): /* NPC (equals PC) */
-        cpu_restore_state(cs, GETPC(), false);
+        if (cpu_unwind_state_data(cs, GETPC(), data)) {
+            return data[0];
+        }
         return env->pc;
 
     case TO_SPR(0, 17): /* SR */
         return cpu_get_sr(env);
 
     case TO_SPR(0, 18): /* PPC */
-        cpu_restore_state(cs, GETPC(), false);
+        if (cpu_unwind_state_data(cs, GETPC(), data)) {
+            if (data[1] & 2) {
+                return data[0] - 4;
+            }
+        }
         return env->ppc;
 
     case TO_SPR(0, 32): /* EPCR */
-- 
2.34.1

The value passed is always true, and if the target's
synchronize_from_tb hook is non-trivial, not exiting
may be erroneous.

diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -XXX,XX +XXX,XX @@ bool cpu_unwind_state_data(CPUState *cpu, uintptr_t host_pc, uint64_t *data);
  * cpu_restore_state:
  * @cpu: the cpu context
  * @host_pc: the host pc within the translation
- * @will_exit: true if the TB executed will be interrupted after some
-               cpu adjustments. Required for maintaining the correct
-               icount valus
  * @return: true if state was restored, false otherwise
  *
  * Attempt to restore the state for a fault occurring in translated
  * code. If @host_pc is not in translated code no state is
  * restored and the function returns false.
  */
-bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc, bool will_exit);
+bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc);
 
 G_NORETURN void cpu_loop_exit_noexc(CPUState *cpu);
 G_NORETURN void cpu_loop_exit(CPUState *cpu);
diff --git a/accel/tcg/cpu-exec-common.c b/accel/tcg/cpu-exec-common.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cpu-exec-common.c
+++ b/accel/tcg/cpu-exec-common.c
@@ -XXX,XX +XXX,XX @@ void cpu_loop_exit(CPUState *cpu)
 void cpu_loop_exit_restore(CPUState *cpu, uintptr_t pc)
 {
     if (pc) {
-        cpu_restore_state(cpu, pc, true);
+        cpu_restore_state(cpu, pc);
     }
     cpu_loop_exit(cpu);
 }
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ void cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
 #endif
 }
 
-bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc, bool will_exit)
+bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc)
 {
-    /*
-     * The pc update associated with restore without exit will
-     * break the relative pc adjustments performed by TARGET_TB_PCREL.
-     */
-    if (TARGET_TB_PCREL) {
-        assert(will_exit);
-    }
-
     /*
      * The host_pc has to be in the rx region of the code buffer.
      * If it is not we will not be able to resolve it here.
@@ -XXX,XX +XXX,XX @@ bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc, bool will_exit)
     if (in_code_gen_buffer((const void *)(host_pc - tcg_splitwx_diff))) {
         TranslationBlock *tb = tcg_tb_lookup(host_pc);
         if (tb) {
-            cpu_restore_state_from_tb(cpu, tb, host_pc, will_exit);
+            cpu_restore_state_from_tb(cpu, tb, host_pc, true);
             return true;
         }
     }
diff --git a/target/alpha/helper.c b/target/alpha/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/alpha/helper.c
+++ b/target/alpha/helper.c
@@ -XXX,XX +XXX,XX @@ G_NORETURN void dynamic_excp(CPUAlphaState *env, uintptr_t retaddr,
     cs->exception_index = excp;
     env->error_code = error;
     if (retaddr) {
-        cpu_restore_state(cs, retaddr, true);
+        cpu_restore_state(cs, retaddr);
         /* Floating-point exceptions (our only users) point to the next PC.  */
         env->pc += 4;
     }
diff --git a/target/alpha/mem_helper.c b/target/alpha/mem_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/alpha/mem_helper.c
+++ b/target/alpha/mem_helper.c
@@ -XXX,XX +XXX,XX @@ static void do_unaligned_access(CPUAlphaState *env, vaddr addr, uintptr_t retadd
     uint64_t pc;
     uint32_t insn;
 
-    cpu_restore_state(env_cpu(env), retaddr, true);
+    cpu_restore_state(env_cpu(env), retaddr);
 
     pc = env->pc;
     insn = cpu_ldl_code(env, pc);
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -XXX,XX +XXX,XX @@ void raise_exception_ra(CPUARMState *env, uint32_t excp, uint32_t syndrome,
      * we must restore CPU state here before setting the syndrome
      * the caller passed us, and cannot use cpu_loop_exit_restore().
      */
-    cpu_restore_state(cs, ra, true);
+    cpu_restore_state(cs, ra);
     raise_exception(env, excp, syndrome, target_el);
 }
 
diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/tlb_helper.c
+++ b/target/arm/tlb_helper.c
@@ -XXX,XX +XXX,XX @@ void arm_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr,
     ARMMMUFaultInfo fi = {};
 
     /* now we have a real cpu fault */
-    cpu_restore_state(cs, retaddr, true);
+    cpu_restore_state(cs, retaddr);
 
     fi.type = ARMFault_Alignment;
     arm_deliver_fault(cpu, vaddr, access_type, mmu_idx, &fi);
@@ -XXX,XX +XXX,XX @@ void arm_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr,
     ARMMMUFaultInfo fi = {};
 
     /* now we have a real cpu fault */
-    cpu_restore_state(cs, retaddr, true);
+    cpu_restore_state(cs, retaddr);
 
     fi.ea = arm_extabort_type(response);
     fi.type = ARMFault_SyncExternal;
@@ -XXX,XX +XXX,XX @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
         return false;
     } else {
         /* now we have a real cpu fault */
-        cpu_restore_state(cs, retaddr, true);
+        cpu_restore_state(cs, retaddr);
         arm_deliver_fault(cpu, address, access_type, mmu_idx, fi);
     }
 }
@@ -XXX,XX +XXX,XX @@ void arm_cpu_record_sigsegv(CPUState *cs, vaddr addr,
      * We report both ESR and FAR to signal handlers.
      * For now, it's easiest to deliver the fault normally.
      */
-    cpu_restore_state(cs, ra, true);
+    cpu_restore_state(cs, ra);
     arm_deliver_fault(cpu, addr, access_type, MMU_USER_IDX, &fi);
 }
 
diff --git a/target/cris/helper.c b/target/cris/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/cris/helper.c
+++ b/target/cris/helper.c
@@ -XXX,XX +XXX,XX @@ bool cris_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
     cs->exception_index = EXCP_BUSFAULT;
     env->fault_vector = res.bf_vec;
     if (retaddr) {
-        if (cpu_restore_state(cs, retaddr, true)) {
+        if (cpu_restore_state(cs, retaddr)) {
             /* Evaluate flags after retranslation. */
             helper_top_evaluate_flags(env);
         }
diff --git a/target/i386/tcg/sysemu/svm_helper.c b/target/i386/tcg/sysemu/svm_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/tcg/sysemu/svm_helper.c
+++ b/target/i386/tcg/sysemu/svm_helper.c
@@ -XXX,XX +XXX,XX @@ void cpu_vmexit(CPUX86State *env, uint32_t exit_code, uint64_t exit_info_1,
 {
     CPUState *cs = env_cpu(env);
 
-    cpu_restore_state(cs, retaddr, true);
+    cpu_restore_state(cs, retaddr);
 
     qemu_log_mask(CPU_LOG_TB_IN_ASM, "vmexit(%08x, %016" PRIx64 ", %016"
                   PRIx64 ", " TARGET_FMT_lx ")!\n",
diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/m68k/op_helper.c
+++ b/target/m68k/op_helper.c
@@ -XXX,XX +XXX,XX @@ void m68k_cpu_transaction_failed(CPUState *cs, hwaddr physaddr, vaddr addr,
     M68kCPU *cpu = M68K_CPU(cs);
     CPUM68KState *env = &cpu->env;
 
-    cpu_restore_state(cs, retaddr, true);
+    cpu_restore_state(cs, retaddr);
 
     if (m68k_feature(env, M68K_FEATURE_M68040)) {
         env->mmu.mmusr = 0;
@@ -XXX,XX +XXX,XX @@ raise_exception_format2(CPUM68KState *env, int tt, int ilen, uintptr_t raddr)
     cs->exception_index = tt;
 
     /* Recover PC and CC_OP for the beginning of the insn.  */
-    cpu_restore_state(cs, raddr, true);
+    cpu_restore_state(cs, raddr);
 
     /* Flags are current in env->cc_*, or are undefined. */
     env->cc_op = CC_OP_FLAGS;
diff --git a/target/microblaze/helper.c b/target/microblaze/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/microblaze/helper.c
+++ b/target/microblaze/helper.c
@@ -XXX,XX +XXX,XX @@ void mb_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
     uint32_t esr, iflags;
 
     /* Recover the pc and iflags from the corresponding insn_start.  */
-    cpu_restore_state(cs, retaddr, true);
+    cpu_restore_state(cs, retaddr);
     iflags = cpu->env.iflags;
 
     qemu_log_mask(CPU_LOG_INT,
diff --git a/target/nios2/op_helper.c b/target/nios2/op_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/nios2/op_helper.c
+++ b/target/nios2/op_helper.c
@@ -XXX,XX +XXX,XX @@ void nios2_cpu_loop_exit_advance(CPUNios2State *env, uintptr_t retaddr)
      * Do this here, rather than in restore_state_to_opc(),
      * lest we affect QEMU internal exceptions, like EXCP_DEBUG.
      */
-    cpu_restore_state(cs, retaddr, true);
+    cpu_restore_state(cs, retaddr);
     env->pc += 4;
     cpu_loop_exit(cs);
 }
diff --git a/target/openrisc/sys_helper.c b/target/openrisc/sys_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/openrisc/sys_helper.c
+++ b/target/openrisc/sys_helper.c
@@ -XXX,XX +XXX,XX @@ void HELPER(mtspr)(CPUOpenRISCState *env, target_ulong spr, target_ulong rb)
         break;
 
     case TO_SPR(0, 16): /* NPC */
-        cpu_restore_state(cs, GETPC(), true);
+        cpu_restore_state(cs, GETPC());
         /* ??? Mirror or1ksim in not trashing delayed branch state
            when "jumping" to the current instruction.  */
         if (env->pc != rb) {
@@ -XXX,XX +XXX,XX @@ void HELPER(mtspr)(CPUOpenRISCState *env, target_ulong spr, target_ulong rb)
     case TO_SPR(8, 0):  /* PMR */
         env->pmr = rb;
         if (env->pmr & PMR_DME || env->pmr & PMR_SME) {
-            cpu_restore_state(cs, GETPC(), true);
+            cpu_restore_state(cs, GETPC());
             env->pc += 4;
             cs->halted = 1;
             raise_exception(cpu, EXCP_HALTED);
diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/ppc/excp_helper.c
+++ b/target/ppc/excp_helper.c
@@ -XXX,XX +XXX,XX @@ void ppc_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr,
     uint32_t insn;
 
     /* Restore state and reload the insn we executed, for filling in DSISR.  */
-    cpu_restore_state(cs, retaddr, true);
+    cpu_restore_state(cs, retaddr);
     insn = cpu_ldl_code(env, env->nip);
 
     switch (env->mmu_model) {
diff --git a/target/s390x/tcg/excp_helper.c b/target/s390x/tcg/excp_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/tcg/excp_helper.c
+++ b/target/s390x/tcg/excp_helper.c
@@ -XXX,XX +XXX,XX @@ G_NORETURN void tcg_s390_program_interrupt(CPUS390XState *env,
 {
     CPUState *cs = env_cpu(env);
 
-    cpu_restore_state(cs, ra, true);
+    cpu_restore_state(cs, ra);
     qemu_log_mask(CPU_LOG_INT, "program interrupt at %#" PRIx64 "\n",
                   env->psw.addr);
     trigger_pgm_exception(env, code);
diff --git a/target/tricore/op_helper.c b/target/tricore/op_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/tricore/op_helper.c
+++ b/target/tricore/op_helper.c
@@ -XXX,XX +XXX,XX @@ void raise_exception_sync_internal(CPUTriCoreState *env, uint32_t class, int tin
 {
     CPUState *cs = env_cpu(env);
     /* in case we come from a helper-call we need to restore the PC */
-    cpu_restore_state(cs, pc, true);
+    cpu_restore_state(cs, pc);
 
     /* Tin is loaded into d[15] */
     env->gpr_d[15] = tin;
diff --git a/target/xtensa/helper.c b/target/xtensa/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/xtensa/helper.c
+++ b/target/xtensa/helper.c
@@ -XXX,XX +XXX,XX @@ void xtensa_cpu_do_unaligned_access(CPUState *cs,
 
     assert(xtensa_option_enabled(env->config,
                                  XTENSA_OPTION_UNALIGNED_EXCEPTION));
-    cpu_restore_state(CPU(cpu), retaddr, true);
+    cpu_restore_state(CPU(cpu), retaddr);
     HELPER(exception_cause_vaddr)(env,
                                   env->pc, LOAD_STORE_ALIGNMENT_CAUSE,
                                   addr);
@@ -XXX,XX +XXX,XX @@ bool xtensa_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
     } else if (probe) {
         return false;
     } else {
-        cpu_restore_state(cs, retaddr, true);
+        cpu_restore_state(cs, retaddr);
         HELPER(exception_cause_vaddr)(env, env->pc, ret, address);
     }
 }
@@ -XXX,XX +XXX,XX @@ void xtensa_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr, vaddr addr,
     XtensaCPU *cpu = XTENSA_CPU(cs);
     CPUXtensaState *env = &cpu->env;
 
-    cpu_restore_state(cs, retaddr, true);
+    cpu_restore_state(cs, retaddr);
     HELPER(exception_cause_vaddr)(env, env->pc,
                                   access_type == MMU_INST_FETCH ?
                                   INSTR_PIF_ADDR_ERROR_CAUSE :
-- 
2.34.1

The value passed is always true.

Reviewed-by: Claudio Fontana <cfontana@suse.de>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/internal.h      |  2 +-
 accel/tcg/tb-maint.c      |  4 ++--
 accel/tcg/translate-all.c | 15 +++++++--------
 3 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/accel/tcg/internal.h b/accel/tcg/internal.h
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/internal.h
+++ b/accel/tcg/internal.h
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
                                tb_page_addr_t phys_page2);
 bool tb_invalidate_phys_page_unwind(tb_page_addr_t addr, uintptr_t pc);
 void cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
-                               uintptr_t host_pc, bool reset_icount);
+                               uintptr_t host_pc);
 
 /* Return the current PC from CPU, which may be cached in TB. */
 static inline target_ulong log_pc(CPUState *cpu, const TranslationBlock *tb)
diff --git a/accel/tcg/tb-maint.c b/accel/tcg/tb-maint.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/tb-maint.c
+++ b/accel/tcg/tb-maint.c
@@ -XXX,XX +XXX,XX @@ tb_invalidate_phys_page_range__locked(struct page_collection *pages,
                  * restore the CPU state.
                  */
                 current_tb_modified = true;
-                cpu_restore_state_from_tb(cpu, current_tb, retaddr, true);
+                cpu_restore_state_from_tb(cpu, current_tb, retaddr);
             }
 #endif /* TARGET_HAS_PRECISE_SMC */
             tb_phys_invalidate__locked(tb);
@@ -XXX,XX +XXX,XX @@ bool tb_invalidate_phys_page_unwind(tb_page_addr_t addr, uintptr_t pc)
              * function to partially restore the CPU state.
              */
             current_tb_modified = true;
-            cpu_restore_state_from_tb(cpu, current_tb, pc, true);
+            cpu_restore_state_from_tb(cpu, current_tb, pc);
         }
 #endif /* TARGET_HAS_PRECISE_SMC */
         tb_phys_invalidate(tb, addr);
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ static int cpu_unwind_data_from_tb(TranslationBlock *tb, uintptr_t host_pc,
 }
 
 /*
- * The cpu state corresponding to 'host_pc' is restored.
- * When reset_icount is true, current TB will be interrupted and
- * icount should be recalculated.
+ * The cpu state corresponding to 'host_pc' is restored in
+ * preparation for exiting the TB.
  */
 void cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
-                               uintptr_t host_pc, bool reset_icount)
+                               uintptr_t host_pc)
 {
     uint64_t data[TARGET_INSN_START_WORDS];
 #ifdef CONFIG_PROFILER
@@ -XXX,XX +XXX,XX @@ void cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
         return;
     }
 
-    if (reset_icount && (tb_cflags(tb) & CF_USE_ICOUNT)) {
+    if (tb_cflags(tb) & CF_USE_ICOUNT) {
         assert(icount_enabled());
         /*
          * Reset the cycle counter to the start of the block and
@@ -XXX,XX +XXX,XX @@ bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc)
     if (in_code_gen_buffer((const void *)(host_pc - tcg_splitwx_diff))) {
         TranslationBlock *tb = tcg_tb_lookup(host_pc);
         if (tb) {
-            cpu_restore_state_from_tb(cpu, tb, host_pc, true);
+            cpu_restore_state_from_tb(cpu, tb, host_pc);
             return true;
         }
     }
@@ -XXX,XX +XXX,XX @@ void tb_check_watchpoint(CPUState *cpu, uintptr_t retaddr)
     tb = tcg_tb_lookup(retaddr);
     if (tb) {
         /* We can use retranslation to find the PC.  */
-        cpu_restore_state_from_tb(cpu, tb, retaddr, true);
+        cpu_restore_state_from_tb(cpu, tb, retaddr);
         tb_phys_invalidate(tb, -1);
     } else {
         /* The exception probably happened in a helper.  The CPU state should
@@ -XXX,XX +XXX,XX @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
         cpu_abort(cpu, "cpu_io_recompile: could not find TB for pc=%p",
                   (void *)retaddr);
     }
-    cpu_restore_state_from_tb(cpu, tb, retaddr, true);
+    cpu_restore_state_from_tb(cpu, tb, retaddr);
 
     /*
      * Some guests must re-execute the branch when re-executing a delay
-- 
2.34.1

The helpers for reset_rf, cli, sti, clac, stac are
completely trivial; implement them inline.

Drop some nearby #if 0 code.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/i386/helper.h        |  5 -----
 target/i386/tcg/cc_helper.c | 41 -------------------------------------
 target/i386/tcg/translate.c | 30 ++++++++++++++++++++++-----
 3 files changed, 25 insertions(+), 51 deletions(-)

diff --git a/target/i386/helper.h b/target/i386/helper.h
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/helper.h
+++ b/target/i386/helper.h
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_2(syscall, void, env, int)
 DEF_HELPER_2(sysret, void, env, int)
 #endif
 DEF_HELPER_FLAGS_2(pause, TCG_CALL_NO_WG, noreturn, env, int)
-DEF_HELPER_1(reset_rf, void, env)
 DEF_HELPER_FLAGS_3(raise_interrupt, TCG_CALL_NO_WG, noreturn, env, int, int)
 DEF_HELPER_FLAGS_2(raise_exception, TCG_CALL_NO_WG, noreturn, env, int)
-DEF_HELPER_1(cli, void, env)
-DEF_HELPER_1(sti, void, env)
-DEF_HELPER_1(clac, void, env)
-DEF_HELPER_1(stac, void, env)
 DEF_HELPER_3(boundw, void, env, tl, int)
 DEF_HELPER_3(boundl, void, env, tl, int)
 
diff --git a/target/i386/tcg/cc_helper.c b/target/i386/tcg/cc_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/tcg/cc_helper.c
+++ b/target/i386/tcg/cc_helper.c
@@ -XXX,XX +XXX,XX @@ void helper_clts(CPUX86State *env)
     env->cr[0] &= ~CR0_TS_MASK;
     env->hflags &= ~HF_TS_MASK;
 }
-
-void helper_reset_rf(CPUX86State *env)
-{
-    env->eflags &= ~RF_MASK;
-}
-
-void helper_cli(CPUX86State *env)
-{
-    env->eflags &= ~IF_MASK;
-}
-
-void helper_sti(CPUX86State *env)
-{
-    env->eflags |= IF_MASK;
-}
-
-void helper_clac(CPUX86State *env)
-{
-    env->eflags &= ~AC_MASK;
-}
-
-void helper_stac(CPUX86State *env)
-{
-    env->eflags |= AC_MASK;
-}
-
-#if 0
-/* vm86plus instructions */
-void helper_cli_vm(CPUX86State *env)
-{
-    env->eflags &= ~VIF_MASK;
-}
-
-void helper_sti_vm(CPUX86State *env)
-{
-    env->eflags |= VIF_MASK;
-    if (env->eflags & VIP_MASK) {
-        raise_exception_ra(env, EXCP0D_GPF, GETPC());
-    }
-}
-#endif
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_reset_hflag(DisasContext *s, uint32_t mask)
     }
 }
 
+static void gen_set_eflags(DisasContext *s, target_ulong mask)
+{
+    TCGv t = tcg_temp_new();
+
+    tcg_gen_ld_tl(t, cpu_env, offsetof(CPUX86State, eflags));
+    tcg_gen_ori_tl(t, t, mask);
+    tcg_gen_st_tl(t, cpu_env, offsetof(CPUX86State, eflags));
+    tcg_temp_free(t);
+}
+
+static void gen_reset_eflags(DisasContext *s, target_ulong mask)
+{
+    TCGv t = tcg_temp_new();
+
+    tcg_gen_ld_tl(t, cpu_env, offsetof(CPUX86State, eflags));
+    tcg_gen_andi_tl(t, t, ~mask);
+    tcg_gen_st_tl(t, cpu_env, offsetof(CPUX86State, eflags));
+    tcg_temp_free(t);
+}
+
 /* Clear BND registers during legacy branches.  */
 static void gen_bnd_jmp(DisasContext *s)
 {
@@ -XXX,XX +XXX,XX @@ do_gen_eob_worker(DisasContext *s, bool inhibit, bool recheck_tf, bool jr)
     }
 
     if (s->base.tb->flags & HF_RF_MASK) {
-        gen_helper_reset_rf(cpu_env);
+        gen_reset_eflags(s, RF_MASK);
     }
     if (recheck_tf) {
         gen_helper_rechecking_single_step(cpu_env);
@@ -XXX,XX +XXX,XX @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
 #endif
     case 0xfa: /* cli */
         if (check_iopl(s)) {
-            gen_helper_cli(cpu_env);
+            gen_reset_eflags(s, IF_MASK);
         }
         break;
     case 0xfb: /* sti */
         if (check_iopl(s)) {
-            gen_helper_sti(cpu_env);
+            gen_set_eflags(s, IF_MASK);
             /* interruptions are enabled only the first insn after sti */
             gen_update_eip_next(s);
             gen_eob_inhibit_irq(s, true);
@@ -XXX,XX +XXX,XX @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
                 || CPL(s) != 0) {
                 goto illegal_op;
             }
-            gen_helper_clac(cpu_env);
+            gen_reset_eflags(s, AC_MASK);
             s->base.is_jmp = DISAS_EOB_NEXT;
             break;
 
@@ -XXX,XX +XXX,XX @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
                 || CPL(s) != 0) {
                 goto illegal_op;
             }
-            gen_helper_stac(cpu_env);
+            gen_set_eflags(s, AC_MASK);
             s->base.is_jmp = DISAS_EOB_NEXT;
             break;
 
-- 
2.34.1

Pretty small still, but there are two patches that ought
to get backported to stable, so no point in delaying.

The following changes since commit a5ba0a7e4e150d1350a041f0d0ef9ca6c8d7c307:

Merge tag 'pull-aspeed-20241211' of https://github.com/legoater/qemu into staging (2024-12-11 15:16:47 +0000)

are available in the Git repository at:

https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20241212

for you to fetch changes up to 7ac87b14a92234b6a89b701b4043ad6cf8bdcccf:

target/sparc: Use memcpy() and remove memcpy32() (2024-12-12 14:28:38 -0600)

----------------------------------------------------------------
tcg: Reset free_temps before tcg_optimize
tcg/riscv: Fix StoreStore barrier generation
include/exec: Introduce fpst alias in helper-head.h.inc
target/sparc: Use memcpy() and remove memcpy32()

----------------------------------------------------------------
Philippe Mathieu-Daudé (1):
      target/sparc: Use memcpy() and remove memcpy32()

Richard Henderson (2):
      tcg: Reset free_temps before tcg_optimize
      include/exec: Introduce fpst alias in helper-head.h.inc

Roman Artemev (1):
      tcg/riscv: Fix StoreStore barrier generation

When allocating new temps during tcg_optmize, do not re-use
any EBB temps that were used within the TB.  We do not have
any idea what span of the TB in which the temp was live.

Introduce tcg_temp_ebb_reset_freed and use before tcg_optimize,
as well as replacing the equivalent in plugin_gen_inject and
tcg_func_start.

Cc: qemu-stable@nongnu.org
Fixes: fb04ab7ddd8 ("tcg/optimize: Lower TCG_COND_TST{EQ,NE} if unsupported")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2711
Reported-by: wannacu <wannacu2049@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 include/tcg/tcg-temp-internal.h | 6 ++++++
 accel/tcg/plugin-gen.c          | 2 +-
 tcg/tcg.c                       | 5 ++++-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/include/tcg/tcg-temp-internal.h b/include/tcg/tcg-temp-internal.h
index XXXXXXX..XXXXXXX 100644
--- a/include/tcg/tcg-temp-internal.h
+++ b/include/tcg/tcg-temp-internal.h
@@ -XXX,XX +XXX,XX @@ TCGv_i64 tcg_temp_ebb_new_i64(void);
 TCGv_ptr tcg_temp_ebb_new_ptr(void);
 TCGv_i128 tcg_temp_ebb_new_i128(void);
 
+/* Forget all freed EBB temps, so that new allocations produce new temps. */
+static inline void tcg_temp_ebb_reset_freed(TCGContext *s)
+{
+    memset(s->free_temps, 0, sizeof(s->free_temps));
+}
+
 #endif /* TCG_TEMP_FREE_H */
diff --git a/accel/tcg/plugin-gen.c b/accel/tcg/plugin-gen.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/plugin-gen.c
+++ b/accel/tcg/plugin-gen.c
@@ -XXX,XX +XXX,XX @@ static void plugin_gen_inject(struct qemu_plugin_tb *plugin_tb)
      * that might be live within the existing opcode stream.
      * The simplest solution is to release them all and create new.
      */
-    memset(tcg_ctx->free_temps, 0, sizeof(tcg_ctx->free_temps));
+    tcg_temp_ebb_reset_freed(tcg_ctx);
 
     QTAILQ_FOREACH_SAFE(op, &tcg_ctx->ops, link, next) {
         switch (op->opc) {
diff --git a/tcg/tcg.c b/tcg/tcg.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -XXX,XX +XXX,XX @@ void tcg_func_start(TCGContext *s)
     s->nb_temps = s->nb_globals;
 
     /* No temps have been previously allocated for size or locality.  */
-    memset(s->free_temps, 0, sizeof(s->free_temps));
+    tcg_temp_ebb_reset_freed(s);
 
     /* No constant temps have been previously allocated. */
     for (int i = 0; i < TCG_TYPE_COUNT; ++i) {
@@ -XXX,XX +XXX,XX @@ int tcg_gen_code(TCGContext *s, TranslationBlock *tb, uint64_t pc_start)
     }
 #endif
 
+    /* Do not reuse any EBB that may be allocated within the TB. */
+    tcg_temp_ebb_reset_freed(s);
+
     tcg_optimize(s);
 
     reachable_code_pass(s);
-- 
2.43.0

From: Roman Artemev <roman.artemev@syntacore.com>

On RISC-V to StoreStore barrier corresponds
`fence w, w` not `fence r, r`

Cc: qemu-stable@nongnu.org
Fixes: efbea94c76b ("tcg/riscv: Add slowpath load and store instructions")
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Denis Tomashev <denis.tomashev@syntacore.com>
Signed-off-by: Roman Artemev <roman.artemev@syntacore.com>
Message-ID: <e2f2131e294a49e79959d4fa9ec02cf4@syntacore.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/riscv/tcg-target.c.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tcg/riscv/tcg-target.c.inc b/tcg/riscv/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/riscv/tcg-target.c.inc
+++ b/tcg/riscv/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static void tcg_out_mb(TCGContext *s, TCGArg a0)
         insn |= 0x02100000;
     }
     if (a0 & TCG_MO_ST_ST) {
-        insn |= 0x02200000;
+        insn |= 0x01100000;
     }
     tcg_out32(s, insn);
 }
-- 
2.43.0

This allows targets to declare that the helper requires a
float_status pointer and instead of a generic void pointer.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/exec/helper-head.h.inc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/include/exec/helper-head.h.inc b/include/exec/helper-head.h.inc
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/helper-head.h.inc
+++ b/include/exec/helper-head.h.inc
@@ -XXX,XX +XXX,XX @@
 #define dh_alias_ptr ptr
 #define dh_alias_cptr ptr
 #define dh_alias_env ptr
+#define dh_alias_fpst ptr
 #define dh_alias_void void
 #define dh_alias_noreturn noreturn
 #define dh_alias(t) glue(dh_alias_, t)
@@ -XXX,XX +XXX,XX @@
 #define dh_ctype_ptr void *
 #define dh_ctype_cptr const void *
 #define dh_ctype_env CPUArchState *
+#define dh_ctype_fpst float_status *
 #define dh_ctype_void void
 #define dh_ctype_noreturn G_NORETURN void
 #define dh_ctype(t) dh_ctype_##t
@@ -XXX,XX +XXX,XX @@
 #define dh_typecode_f64 dh_typecode_i64
 #define dh_typecode_cptr dh_typecode_ptr
 #define dh_typecode_env dh_typecode_ptr
+#define dh_typecode_fpst dh_typecode_ptr
 #define dh_typecode(t) dh_typecode_##t
 
 #define dh_callflag_i32  0
-- 
2.43.0

From: Philippe Mathieu-Daudé <philmd@linaro.org>

Rather than manually copying each register, use
the libc memcpy(), which is well optimized nowadays.

Suggested-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20241205205418.67613-1-philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/sparc/win_helper.c | 26 ++++++++------------------
 1 file changed, 8 insertions(+), 18 deletions(-)

diff --git a/target/sparc/win_helper.c b/target/sparc/win_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sparc/win_helper.c
+++ b/target/sparc/win_helper.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-proto.h"
 #include "trace.h"
 
-static inline void memcpy32(target_ulong *dst, const target_ulong *src)
-{
-    dst[0] = src[0];
-    dst[1] = src[1];
-    dst[2] = src[2];
-    dst[3] = src[3];
-    dst[4] = src[4];
-    dst[5] = src[5];
-    dst[6] = src[6];
-    dst[7] = src[7];
-}
-
 void cpu_set_cwp(CPUSPARCState *env, int new_cwp)
 {
     /* put the modified wrap registers at their proper location */
     if (env->cwp == env->nwindows - 1) {
-        memcpy32(env->regbase, env->regbase + env->nwindows * 16);
+        memcpy(env->regbase, env->regbase + env->nwindows * 16,
+               sizeof(env->gregs));
     }
     env->cwp = new_cwp;
 
     /* put the wrap registers at their temporary location */
     if (new_cwp == env->nwindows - 1) {
-        memcpy32(env->regbase + env->nwindows * 16, env->regbase);
+        memcpy(env->regbase + env->nwindows * 16, env->regbase,
+               sizeof(env->gregs));
     }
     env->regwptr = env->regbase + (new_cwp * 16);
 }
@@ -XXX,XX +XXX,XX @@ void cpu_gl_switch_gregs(CPUSPARCState *env, uint32_t new_gl)
     dst = get_gl_gregset(env, env->gl);
 
     if (src != dst) {
-        memcpy32(dst, env->gregs);
-        memcpy32(env->gregs, src);
+        memcpy(dst, env->gregs, sizeof(env->gregs));
+        memcpy(env->gregs, src, sizeof(env->gregs));
     }
 }
 
@@ -XXX,XX +XXX,XX @@ void cpu_change_pstate(CPUSPARCState *env, uint32_t new_pstate)
         /* Switch global register bank */
         src = get_gregset(env, new_pstate_regs);
         dst = get_gregset(env, pstate_regs);
-        memcpy32(dst, env->gregs);
-        memcpy32(env->gregs, src);
+        memcpy(dst, env->gregs, sizeof(env->gregs));
+        memcpy(env->gregs, src, sizeof(env->gregs));
     } else {
         trace_win_helper_no_switch_pstate(new_pstate_regs);
     }
-- 
2.43.0