The following changes since commit 3d48b6b687c558a042d91370633b91c6e29e0e05:

Merge tag 'pull-request-2024-05-14' of https://gitlab.com/thuth/qemu into staging (2024-05-14 17:24:04 +0200)

https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20240515

for you to fetch changes up to c9290dfebfdba5c13baa5e1f10e13a1c876b0643:

tcg/loongarch64: Fill out tcg_out_{ld,st} for vector regs (2024-05-15 08:57:39 +0200)

tcg/loongarch64: Fill out tcg_out_{ld,st} for vector regs

accel/tcg: Improve disassembly for target and plugin

accel/tcg: Remove cpu_ldsb_code / cpu_ldsw_code

Richard Henderson (33):

accel/tcg: Use vaddr in translator_ld*

accel/tcg: Hide in_same_page outside of a target-specific context

accel/tcg: Pass DisasContextBase to translator_fake_ldb

accel/tcg: Reorg translator_ld*

accel/tcg: Cap the translation block when we encounter mmio

accel/tcg: Record mmio bytes during translation

accel/tcg: Record when translator_fake_ldb is used

accel/tcg: Record DisasContextBase in tcg_ctx for plugins

plugins: Copy memory in qemu_plugin_insn_data

accel/tcg: Implement translator_st

plugins: Use translator_st for qemu_plugin_insn_data

plugins: Read mem_only directly from TB cflags

plugins: Use DisasContextBase for qemu_plugin_insn_haddr

plugins: Use DisasContextBase for qemu_plugin_tb_vaddr

plugins: Merge alloc_tcg_plugin_context into plugin_gen_tb_start

accel/tcg: Provide default implementation of disas_log

accel/tcg: Return bool from TranslatorOps.disas_log

disas: Split disas.c

disas: Use translator_st to get disassembly data

accel/tcg: Introduce translator_fake_ld

target/s390x: Fix translator_fake_ld length

target/s390x: Disassemble EXECUTEd instructions

target/hexagon: Use translator_ldl in pkt_crosses_page

target/microblaze: Use translator_ldl

target/i386: Use translator_ldub for everything

target/avr: Use translator_lduw

target/cris: Use translator_ld* in cris_fetch

target/cris: Use cris_fetch in translate_v10.c.inc

target/riscv: Use translator_ld* for everything

target/rx: Use translator_ld*

target/xtensa: Use translator_ldub in xtensa_insn_len

target/s390x: Use translator_lduw in get_next_pc

tcg/loongarch64: Fill out tcg_out_{ld,st} for vector regs

disas/disas-internal.h | 4 +

include/disas/disas.h | 9 +-

include/exec/cpu_ldst.h | 10 --

include/exec/plugin-gen.h | 7 +-

include/exec/translator.h | 74 ++++++---

include/qemu/plugin.h | 22 +--

include/qemu/qemu-plugin.h | 15 +-

include/qemu/typedefs.h | 1 +

include/tcg/tcg.h | 1 +

accel/tcg/plugin-gen.c | 63 +++-----

accel/tcg/translator.c | 331 ++++++++++++++++++++++++--------------

contrib/plugins/execlog.c | 5 +-

contrib/plugins/howvec.c | 4 +-

disas/disas-common.c | 104 ++++++++++++

disas/disas-host.c | 129 +++++++++++++++

disas/disas-mon.c | 15 ++

disas/disas-target.c | 99 ++++++++++++

disas/disas.c | 338 ---------------------------------------

disas/objdump.c | 37 +++++

plugins/api.c | 57 +++++--

target/alpha/translate.c | 9 --

target/arm/tcg/translate-a64.c | 11 --

target/arm/tcg/translate.c | 12 --

target/avr/translate.c | 11 +-

target/cris/translate.c | 37 +----

target/hexagon/translate.c | 11 +-

target/hppa/translate.c | 21 ++-

target/i386/tcg/translate.c | 19 +--

target/loongarch/tcg/translate.c | 8 -

target/m68k/translate.c | 9 --

target/microblaze/translate.c | 11 +-

target/mips/tcg/translate.c | 9 --

target/openrisc/translate.c | 11 --

target/ppc/translate.c | 9 --

target/riscv/translate.c | 24 +--

target/rx/translate.c | 35 ++--

target/s390x/tcg/translate.c | 26 ++-

target/sh4/translate.c | 9 --

target/sparc/translate.c | 9 --

target/tricore/translate.c | 9 --

target/xtensa/translate.c | 12 +-

tcg/tcg.c | 12 --

target/cris/translate_v10.c.inc | 30 ++--

tcg/loongarch64/tcg-target.c.inc | 103 +++++++++---

disas/meson.build | 8 +-

45 files changed, 899 insertions(+), 891 deletions(-)

create mode 100644 disas/disas-common.c

create mode 100644 disas/disas-host.c

create mode 100644 disas/disas-target.c

delete mode 100644 disas/disas.c

create mode 100644 disas/objdump.c

We don't need to allocate plugin context at startup,

we can wait until we actually use it.

accel/tcg/plugin-gen.c | 36 ++++++++++++++++++++----------------

tcg/tcg.c | 11 -----------

2 files changed, 20 insertions(+), 27 deletions(-)

bool plugin_gen_tb_start(CPUState *cpu, const DisasContextBase *db)

{

- bool ret = false;

+ struct qemu_plugin_tb *ptb;

- if (test_bit(QEMU_PLUGIN_EV_VCPU_TB_TRANS, cpu->plugin_state->event_mask)) {

- struct qemu_plugin_tb *ptb = tcg_ctx->plugin_tb;

-

- /* reset callbacks */

- if (ptb->cbs) {

- g_array_set_size(ptb->cbs, 0);

- }

- ptb->n = 0;

-

- ret = true;

-

- ptb->mem_helper = false;

-

- tcg_gen_plugin_cb(PLUGIN_GEN_FROM_TB);

+ if (!test_bit(QEMU_PLUGIN_EV_VCPU_TB_TRANS,

+ cpu->plugin_state->event_mask)) {

+ return false;

}

tcg_ctx->plugin_db = db;

tcg_ctx->plugin_insn = NULL;

+ ptb = tcg_ctx->plugin_tb;

- return ret;

+ if (ptb) {

+ /* Reset callbacks */

+ if (ptb->cbs) {

+ g_array_set_size(ptb->cbs, 0);

+ }

+ ptb->n = 0;

+ ptb->mem_helper = false;

+ } else {

+ ptb = g_new0(struct qemu_plugin_tb, 1);

+ tcg_ctx->plugin_tb = ptb;

+ ptb->insns = g_ptr_array_new();

+ }

+

+ tcg_gen_plugin_cb(PLUGIN_GEN_FROM_TB);

+ return true;

}

void plugin_gen_insn_start(CPUState *cpu, const DisasContextBase *db)

@@ -XXX,XX +XXX,XX @@ QEMU_BUILD_BUG_ON((int)(offsetof(CPUNegativeOffsetState, tlb.f[0]) -

< MIN_TLB_MASK_TABLE_OFS);

-static void alloc_tcg_plugin_context(TCGContext *s)

-{

-#ifdef CONFIG_PLUGIN

- s->plugin_tb = g_new0(struct qemu_plugin_tb, 1);

- s->plugin_tb->insns = g_ptr_array_new();

-#endif

-}

-

/*

* All TCG threads except the parent (i.e. the one that called tcg_context_init

* and registered the target's TCG globals) must register with this function

@@ -XXX,XX +XXX,XX @@ void tcg_register_thread(void)

qatomic_set(&tcg_ctxs[n], s);

if (n > 0) {

- alloc_tcg_plugin_context(s);

tcg_region_initial_alloc(s);

}

@@ -XXX,XX +XXX,XX @@ static void tcg_context_init(unsigned max_cpus)

indirect_reg_alloc_order[i] = tcg_target_reg_alloc_order[i];

}

- alloc_tcg_plugin_context(s);

-

tcg_ctx = s;

/*

* In user-mode we simply share the init context among threads, since we

2.34.1

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

target/s390x/tcg/translate.c | 3 +--

1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c

--- a/target/s390x/tcg/translate.c

+++ b/target/s390x/tcg/translate.c

@@ -XXX,XX +XXX,XX @@

#include "tcg/tcg-op-gvec.h"

#include "qemu/log.h"

#include "qemu/host-utils.h"

-#include "exec/cpu_ldst.h"

#include "exec/helper-proto.h"

#include "exec/helper-gen.h"

@@ -XXX,XX +XXX,XX @@ static void s390x_tr_insn_start(DisasContextBase *dcbase, CPUState *cs)

static target_ulong get_next_pc(CPUS390XState *env, DisasContext *s,

uint64_t pc)

{

- uint64_t insn = cpu_lduw_code(env, pc);

+ uint64_t insn = translator_lduw(env, &s->base, pc);

return pc + get_ilen((insn >> 8) & 0xff);

2.34.1

This will be able to replace plugin_insn_append, and will

be usable for disassembly.

include/exec/translator.h | 12 ++++++++++++

accel/tcg/translator.c | 41 +++++++++++++++++++++++++++++++++++++++

2 files changed, 53 insertions(+)

diff --git a/include/exec/translator.h b/include/exec/translator.h

--- a/include/exec/translator.h

+++ b/include/exec/translator.h

@@ -XXX,XX +XXX,XX @@ typedef struct DisasContextBase {

bool plugin_enabled;

struct TCGOp *insn_start;

void *host_addr[2];

+

+ /*

+ * Record insn data that we cannot read directly from host memory.

+ * There are only two reasons we cannot use host memory:

+ * (1) We are executing from I/O,

+ * (2) We are executing a synthetic instruction (s390x EX).

+ * In both cases we need record exactly one instruction,

+ * and thus the maximum amount of data we record is limited.

+ */

+ int record_start;

+ int record_len;

+ uint8_t record[32];

} DisasContextBase;

/**

diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c

index XXXXXXX..XXXXXXX 100644

--- a/accel/tcg/translator.c

+++ b/accel/tcg/translator.c

@@ -XXX,XX +XXX,XX @@ void translator_loop(CPUState *cpu, TranslationBlock *tb, int *max_insns,

db->insn_start = NULL;

db->host_addr[0] = host_pc;

db->host_addr[1] = NULL;

+ db->record_start = 0;

+ db->record_len = 0;

ops->init_disas_context(db, cpu);

tcg_debug_assert(db->is_jmp == DISAS_NEXT); /* no early exit */

@@ -XXX,XX +XXX,XX @@ static bool translator_ld(CPUArchState *env, DisasContextBase *db,

return true;

}

+static void record_save(DisasContextBase *db, vaddr pc,

+ const void *from, int size)

+{

+ int offset;

+

+ /* Do not record probes before the start of TB. */

+ if (pc < db->pc_first) {

+ return;

+ }

+

+ /*

+ * In translator_access, we verified that pc is within 2 pages

+ * of pc_first, thus this will never overflow.

+ */

+ offset = pc - db->pc_first;

+

+ /*

+ * Either the first or second page may be I/O. If it is the second,

+ * then the first byte we need to record will be at a non-zero offset.

+ * In either case, we should not need to record but a single insn.

+ */

+ if (db->record_len == 0) {

+ db->record_start = offset;

+ db->record_len = size;

+ } else {

+ assert(offset == db->record_start + db->record_len);

+ assert(db->record_len + size <= sizeof(db->record));

+ db->record_len += size;

+ }

+

+ memcpy(db->record + (offset - db->record_start), from, size);

+}

+

static void plugin_insn_append(vaddr pc, const void *from, size_t size)

{

#ifdef CONFIG_PLUGIN

@@ -XXX,XX +XXX,XX @@ uint8_t translator_ldub(CPUArchState *env, DisasContextBase *db, vaddr pc)

if (!translator_ld(env, db, &raw, pc, sizeof(raw))) {

raw = cpu_ldub_code(env, pc);

+ record_save(db, pc, &raw, sizeof(raw));

}

plugin_insn_append(pc, &raw, sizeof(raw));

return raw;

@@ -XXX,XX +XXX,XX @@ uint16_t translator_lduw(CPUArchState *env, DisasContextBase *db, vaddr pc)

} else {

tgt = cpu_lduw_code(env, pc);

raw = tswap16(tgt);

+ record_save(db, pc, &raw, sizeof(raw));

}

plugin_insn_append(pc, &raw, sizeof(raw));

return tgt;

@@ -XXX,XX +XXX,XX @@ uint32_t translator_ldl(CPUArchState *env, DisasContextBase *db, vaddr pc)

} else {

tgt = cpu_ldl_code(env, pc);

raw = tswap32(tgt);

+ record_save(db, pc, &raw, sizeof(raw));

}

plugin_insn_append(pc, &raw, sizeof(raw));

return tgt;

@@ -XXX,XX +XXX,XX @@ uint64_t translator_ldq(CPUArchState *env, DisasContextBase *db, vaddr pc)

} else {

tgt = cpu_ldq_code(env, pc);

raw = tswap64(tgt);

+ record_save(db, pc, &raw, sizeof(raw));

}

plugin_insn_append(pc, &raw, sizeof(raw));

return tgt;

@@ -XXX,XX +XXX,XX @@ uint64_t translator_ldq(CPUArchState *env, DisasContextBase *db, vaddr pc)

void translator_fake_ldb(DisasContextBase *db, vaddr pc, uint8_t insn8)

{

+ assert(pc >= db->pc_first);

+ record_save(db, pc, &insn8, sizeof(insn8));

plugin_insn_append(pc, &insn8, sizeof(insn8));

}

2.34.1