Series comparison

-[PULL 0/4] tcg patch queue
+[PULL v2 00/34] tcg patch queue
-Pretty small still, but there are two patches that ought
+V2 fixes an error in patch 22 wrt MacOS.
-to get backported to stable, so no point in delaying.
+It's a shame we don't have public CI for that.
 r~
-The following changes since commit a5ba0a7e4e150d1350a041f0d0ef9ca6c8d7c307:
-  Merge tag 'pull-aspeed-20241211' of https://github.com/legoater/qemu into staging (2024-12-11 15:16:47 +0000)
+The following changes since commit 894fc4fd670aaf04a67dc7507739f914ff4bacf2:
   Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging (2021-06-11 09:21:48 +0100)
 are available in the Git repository at:
-  https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20241212
+  https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20210613
-for you to fetch changes up to 7ac87b14a92234b6a89b701b4043ad6cf8bdcccf:
+for you to fetch changes up to a5a8b84772e13066c6c45f480cc5b5312bbde08e:
-  target/sparc: Use memcpy() and remove memcpy32() (2024-12-12 14:28:38 -0600)
+  docs/devel: Explain in more detail the TB chaining mechanisms (2021-06-13 17:42:40 -0700)
 ----------------------------------------------------------------
-tcg: Reset free_temps before tcg_optimize
+Clean up code_gen_buffer allocation.
-tcg/riscv: Fix StoreStore barrier generation
+Add tcg_remove_ops_after.
-include/exec: Introduce fpst alias in helper-head.h.inc
+Fix tcg_constant_* documentation.
-target/sparc: Use memcpy() and remove memcpy32()
+Improve TB chaining documentation.
 Fix float32_exp2.
 Fix arm tcg_out_op function signature.
 ----------------------------------------------------------------
-Philippe Mathieu-Daudé (1):
+Jose R. Ziviani (1):
-      target/sparc: Use memcpy() and remove memcpy32()
+      tcg/arm: Fix tcg_out_op function signature
-Richard Henderson (2):
+Luis Pires (1):
-      tcg: Reset free_temps before tcg_optimize
+      docs/devel: Explain in more detail the TB chaining mechanisms
       include/exec: Introduce fpst alias in helper-head.h.inc
-Roman Artemev (1):
+Richard Henderson (32):
-      tcg/riscv: Fix StoreStore barrier generation
+      meson: Split out tcg/meson.build
       meson: Split out fpu/meson.build
       tcg: Re-order tcg_region_init vs tcg_prologue_init
       tcg: Remove error return from tcg_region_initial_alloc__locked
       tcg: Split out tcg_region_initial_alloc
       tcg: Split out tcg_region_prologue_set
       tcg: Split out region.c
       accel/tcg: Inline cpu_gen_init
       accel/tcg: Move alloc_code_gen_buffer to tcg/region.c
       accel/tcg: Rename tcg_init to tcg_init_machine
       tcg: Create tcg_init
       accel/tcg: Merge tcg_exec_init into tcg_init_machine
       accel/tcg: Use MiB in tcg_init_machine
       accel/tcg: Pass down max_cpus to tcg_init
       tcg: Introduce tcg_max_ctxs
       tcg: Move MAX_CODE_GEN_BUFFER_SIZE to tcg-target.h
       tcg: Replace region.end with region.total_size
       tcg: Rename region.start to region.after_prologue
       tcg: Tidy tcg_n_regions
       tcg: Tidy split_cross_256mb
       tcg: Move in_code_gen_buffer and tests to region.c
       tcg: Allocate code_gen_buffer into struct tcg_region_state
       tcg: Return the map protection from alloc_code_gen_buffer
       tcg: Sink qemu_madvise call to common code
       util/osdep: Add qemu_mprotect_rw
       tcg: Round the tb_size default from qemu_get_host_physmem
       tcg: Merge buffer protection and guard page protection
       tcg: When allocating for !splitwx, begin with PROT_NONE
       tcg: Move tcg_init_ctx and tcg_ctx from accel/tcg/
       tcg: Introduce tcg_remove_ops_after
       tcg: Fix documentation for tcg_constant_* vs tcg_temp_free_*
       softfloat: Fix tp init in float32_exp2
- include/tcg/tcg-temp-internal.h |  6 ++++++
+ docs/devel/tcg.rst        | 101 ++++-
- accel/tcg/plugin-gen.c          |  2 +-
+ meson.build               |  12 +-
- target/sparc/win_helper.c       | 26 ++++++++------------------
+ accel/tcg/internal.h      |   2 +
- tcg/tcg.c                       |  5 ++++-
+ include/qemu/osdep.h      |   1 +
- include/exec/helper-head.h.inc  |  3 +++
+ include/sysemu/tcg.h      |   2 -
- tcg/riscv/tcg-target.c.inc      |  2 +-
+ include/tcg/tcg.h         |  28 +-
-files changed, 23 insertions(+), 21 deletions(-)
+ tcg/aarch64/tcg-target.h  |   1 +
  tcg/arm/tcg-target.h      |   1 +
  tcg/i386/tcg-target.h     |   2 +
  tcg/mips/tcg-target.h     |   6 +
  tcg/ppc/tcg-target.h      |   2 +
  tcg/riscv/tcg-target.h    |   1 +
  tcg/s390/tcg-target.h     |   3 +
  tcg/sparc/tcg-target.h    |   1 +
  tcg/tcg-internal.h        |  40 ++
  tcg/tci/tcg-target.h      |   1 +
  accel/tcg/tcg-all.c       |  32 +-
  accel/tcg/translate-all.c | 439 +-------------------
  bsd-user/main.c           |   3 +-
  fpu/softfloat.c           |   2 +-
  linux-user/main.c         |   1 -
  tcg/region.c              | 999 ++++++++++++++++++++++++++++++++++++++++++++++
  tcg/tcg.c                 | 649 +++---------------------------
  util/osdep.c              |   9 +
  tcg/arm/tcg-target.c.inc  |   3 +-
  fpu/meson.build           |   1 +
  tcg/meson.build           |  14 +
 files changed, 1266 insertions(+), 1090 deletions(-)
  create mode 100644 tcg/tcg-internal.h
  create mode 100644 tcg/region.c
  create mode 100644 fpu/meson.build
  create mode 100644 tcg/meson.build

-[PULL 1/4] tcg: Reset free_temps before tcg_optimize
+Deleted patch
-When allocating new temps during tcg_optmize, do not re-use
-any EBB temps that were used within the TB.  We do not have
-any idea what span of the TB in which the temp was live.
-Introduce tcg_temp_ebb_reset_freed and use before tcg_optimize,
-as well as replacing the equivalent in plugin_gen_inject and
-tcg_func_start.
-Cc: qemu-stable@nongnu.org
-Fixes: fb04ab7ddd8 ("tcg/optimize: Lower TCG_COND_TST{EQ,NE} if unsupported")
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2711
-Reported-by: wannacu <wannacu2049@gmail.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
----
- include/tcg/tcg-temp-internal.h | 6 ++++++
- accel/tcg/plugin-gen.c          | 2 +-
- tcg/tcg.c                       | 5 ++++-
-files changed, 11 insertions(+), 2 deletions(-)
-diff --git a/include/tcg/tcg-temp-internal.h b/include/tcg/tcg-temp-internal.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/tcg/tcg-temp-internal.h
-+++ b/include/tcg/tcg-temp-internal.h
-@@ -XXX,XX +XXX,XX @@ TCGv_i64 tcg_temp_ebb_new_i64(void);
- TCGv_ptr tcg_temp_ebb_new_ptr(void);
- TCGv_i128 tcg_temp_ebb_new_i128(void);
-+/* Forget all freed EBB temps, so that new allocations produce new temps. */
-+static inline void tcg_temp_ebb_reset_freed(TCGContext *s)
-+{
-+    memset(s->free_temps, 0, sizeof(s->free_temps));
-+}
-+
- #endif /* TCG_TEMP_FREE_H */
-diff --git a/accel/tcg/plugin-gen.c b/accel/tcg/plugin-gen.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/plugin-gen.c
-+++ b/accel/tcg/plugin-gen.c
-@@ -XXX,XX +XXX,XX @@ static void plugin_gen_inject(struct qemu_plugin_tb *plugin_tb)
-      * that might be live within the existing opcode stream.
-      * The simplest solution is to release them all and create new.
-      */
--    memset(tcg_ctx->free_temps, 0, sizeof(tcg_ctx->free_temps));
-+    tcg_temp_ebb_reset_freed(tcg_ctx);
-     QTAILQ_FOREACH_SAFE(op, &tcg_ctx->ops, link, next) {
-         switch (op->opc) {
-diff --git a/tcg/tcg.c b/tcg/tcg.c
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/tcg.c
-+++ b/tcg/tcg.c
-@@ -XXX,XX +XXX,XX @@ void tcg_func_start(TCGContext *s)
-     s->nb_temps = s->nb_globals;
-     /* No temps have been previously allocated for size or locality.  */
--    memset(s->free_temps, 0, sizeof(s->free_temps));
-+    tcg_temp_ebb_reset_freed(s);
-     /* No constant temps have been previously allocated. */
-     for (int i = 0; i < TCG_TYPE_COUNT; ++i) {
-@@ -XXX,XX +XXX,XX @@ int tcg_gen_code(TCGContext *s, TranslationBlock *tb, uint64_t pc_start)
-     }
- #endif
-+    /* Do not reuse any EBB that may be allocated within the TB. */
-+    tcg_temp_ebb_reset_freed(s);
-+
-     tcg_optimize(s);
-     reachable_code_pass(s);
---
-.43.0

-[PULL 2/4] tcg/riscv: Fix StoreStore barrier generation
+Deleted patch
-From: Roman Artemev <roman.artemev@syntacore.com>
-On RISC-V to StoreStore barrier corresponds
-`fence w, w` not `fence r, r`
-Cc: qemu-stable@nongnu.org
-Fixes: efbea94c76b ("tcg/riscv: Add slowpath load and store instructions")
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Signed-off-by: Denis Tomashev <denis.tomashev@syntacore.com>
-Signed-off-by: Roman Artemev <roman.artemev@syntacore.com>
-Message-ID: <e2f2131e294a49e79959d4fa9ec02cf4@syntacore.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- tcg/riscv/tcg-target.c.inc | 2 +-
-file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/tcg/riscv/tcg-target.c.inc b/tcg/riscv/tcg-target.c.inc
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/riscv/tcg-target.c.inc
-+++ b/tcg/riscv/tcg-target.c.inc
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_mb(TCGContext *s, TCGArg a0)
-         insn |= 0x02100000;
-     }
-     if (a0 & TCG_MO_ST_ST) {
--        insn |= 0x02200000;
-+        insn |= 0x01100000;
-     }
-     tcg_out32(s, insn);
- }
---
-.43.0

-[PULL 3/4] include/exec: Introduce fpst alias in helper-head.h.inc
+Deleted patch
-This allows targets to declare that the helper requires a
-float_status pointer and instead of a generic void pointer.
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/exec/helper-head.h.inc | 3 +++
-file changed, 3 insertions(+)
-diff --git a/include/exec/helper-head.h.inc b/include/exec/helper-head.h.inc
-index XXXXXXX..XXXXXXX 100644
---- a/include/exec/helper-head.h.inc
-+++ b/include/exec/helper-head.h.inc
-@@ -XXX,XX +XXX,XX @@
- #define dh_alias_ptr ptr
- #define dh_alias_cptr ptr
- #define dh_alias_env ptr
-+#define dh_alias_fpst ptr
- #define dh_alias_void void
- #define dh_alias_noreturn noreturn
- #define dh_alias(t) glue(dh_alias_, t)
-@@ -XXX,XX +XXX,XX @@
- #define dh_ctype_ptr void *
- #define dh_ctype_cptr const void *
- #define dh_ctype_env CPUArchState *
-+#define dh_ctype_fpst float_status *
- #define dh_ctype_void void
- #define dh_ctype_noreturn G_NORETURN void
- #define dh_ctype(t) dh_ctype_##t
-@@ -XXX,XX +XXX,XX @@
- #define dh_typecode_f64 dh_typecode_i64
- #define dh_typecode_cptr dh_typecode_ptr
- #define dh_typecode_env dh_typecode_ptr
-+#define dh_typecode_fpst dh_typecode_ptr
- #define dh_typecode(t) dh_typecode_##t
- #define dh_callflag_i32  0
---
-.43.0

-[PULL 4/4] target/sparc: Use memcpy() and remove memcpy32()
+[PULL v2 22/34] tcg: Allocate code_gen_buffer into struct tcg_region_state
-From: Philippe Mathieu-Daudé <philmd@linaro.org>
+Do not mess around with setting values within tcg_init_ctx.
 Put the values into 'region' directly, which is where they
 will live for the lifetime of the program.
-Rather than manually copying each register, use
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-the libc memcpy(), which is well optimized nowadays.
+Reviewed-by: Luis Pires <luis.pires@eldorado.org.br>
 Suggested-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
 Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
 Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
 Message-ID: <20241205205418.67613-1-philmd@linaro.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- target/sparc/win_helper.c | 26 ++++++++------------------
+ tcg/region.c | 64 ++++++++++++++++++++++------------------------------
-file changed, 8 insertions(+), 18 deletions(-)
+file changed, 27 insertions(+), 37 deletions(-)
-diff --git a/target/sparc/win_helper.c b/target/sparc/win_helper.c
+diff --git a/tcg/region.c b/tcg/region.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/sparc/win_helper.c
+--- a/tcg/region.c
-+++ b/target/sparc/win_helper.c
++++ b/tcg/region.c
-@@ -XXX,XX +XXX,XX @@
+@@ -XXX,XX +XXX,XX @@ static size_t tree_size;
- #include "exec/helper-proto.h"
- #include "trace.h"
+ bool in_code_gen_buffer(const void *p)
+ {
--static inline void memcpy32(target_ulong *dst, const target_ulong *src)
+-    const TCGContext *s = &tcg_init_ctx;
--{
+     /*
--    dst[0] = src[0];
+      * Much like it is valid to have a pointer to the byte past the
--    dst[1] = src[1];
+      * end of an array (so long as you don't dereference it), allow
--    dst[2] = src[2];
+      * a pointer to the byte past the end of the code gen buffer.
--    dst[3] = src[3];
+      */
--    dst[4] = src[4];
+-    return (size_t)(p - s->code_gen_buffer) <= s->code_gen_buffer_size;
--    dst[5] = src[5];
++    return (size_t)(p - region.start_aligned) <= region.total_size;
--    dst[6] = src[6];
+ }
--    dst[7] = src[7];
--}
+ #ifdef CONFIG_DEBUG_TCG
@@ -XXX,XX +XXX,XX @@ static bool alloc_code_gen_buffer(size_t tb_size, int splitwx, Error **errp)
      }
      qemu_madvise(buf, size, QEMU_MADV_HUGEPAGE);
 -    tcg_ctx->code_gen_buffer = buf;
 -    tcg_ctx->code_gen_buffer_size = size;
 +    region.start_aligned = buf;
 +    region.total_size = size;
      return true;
  }
  #elif defined(_WIN32)
@@ -XXX,XX +XXX,XX @@ static bool alloc_code_gen_buffer(size_t size, int splitwx, Error **errp)
          return false;
      }
 -    tcg_ctx->code_gen_buffer = buf;
 -    tcg_ctx->code_gen_buffer_size = size;
 +    region.start_aligned = buf;
 +    region.total_size = size;
      return true;
  }
  #else
@@ -XXX,XX +XXX,XX @@ static bool alloc_code_gen_buffer_anon(size_t size, int prot,
      /* Request large pages for the buffer.  */
      qemu_madvise(buf, size, QEMU_MADV_HUGEPAGE);
 -    tcg_ctx->code_gen_buffer = buf;
 -    tcg_ctx->code_gen_buffer_size = size;
 +    region.start_aligned = buf;
 +    region.total_size = size;
      return true;
  }
@@ -XXX,XX +XXX,XX @@ static bool alloc_code_gen_buffer_splitwx_memfd(size_t size, Error **errp)
          return false;
      }
      /* The size of the mapping may have been adjusted. */
 -    size = tcg_ctx->code_gen_buffer_size;
 -    buf_rx = tcg_ctx->code_gen_buffer;
 +    buf_rx = region.start_aligned;
 +    size = region.total_size;
  #endif
      buf_rw = qemu_memfd_alloc("tcg-jit", size, 0, &fd, errp);
@@ -XXX,XX +XXX,XX @@ static bool alloc_code_gen_buffer_splitwx_memfd(size_t size, Error **errp)
  #endif
      close(fd);
 -    tcg_ctx->code_gen_buffer = buf_rw;
 -    tcg_ctx->code_gen_buffer_size = size;
 +    region.start_aligned = buf_rw;
 +    region.total_size = size;
      tcg_splitwx_diff = buf_rx - buf_rw;
      /* Request large pages for the buffer and the splitwx.  */
@@ -XXX,XX +XXX,XX @@ static bool alloc_code_gen_buffer_splitwx_vmremap(size_t size, Error **errp)
          return false;
      }
 -    buf_rw = (mach_vm_address_t)tcg_ctx->code_gen_buffer;
 +    buf_rw = (mach_vm_address_t)region.start_aligned;
      buf_rx = 0;
      ret = mach_vm_remap(mach_task_self(),
                          &buf_rx,
@@ -XXX,XX +XXX,XX @@ static bool alloc_code_gen_buffer(size_t size, int splitwx, Error **errp)
   */
  void tcg_region_init(size_t tb_size, int splitwx, unsigned max_cpus)
  {
 -    void *buf, *aligned, *end;
 -    size_t total_size;
      size_t page_size;
      size_t region_size;
 -    size_t n_regions;
      size_t i;
      bool ok;
@@ -XXX,XX +XXX,XX @@ void tcg_region_init(size_t tb_size, int splitwx, unsigned max_cpus)
                                 splitwx, &error_fatal);
      assert(ok);
 -    buf = tcg_init_ctx.code_gen_buffer;
 -    total_size = tcg_init_ctx.code_gen_buffer_size;
 -    page_size = qemu_real_host_page_size;
 -    n_regions = tcg_n_regions(total_size, max_cpus);
 -
- void cpu_set_cwp(CPUSPARCState *env, int new_cwp)
+-    /* The first region will be 'aligned - buf' bytes larger than the others */
- {
+-    aligned = QEMU_ALIGN_PTR_UP(buf, page_size);
-     /* put the modified wrap registers at their proper location */
+-    g_assert(aligned < tcg_init_ctx.code_gen_buffer + total_size);
-     if (env->cwp == env->nwindows - 1) {
+-
--        memcpy32(env->regbase, env->regbase + env->nwindows * 16);
+     /*
-+        memcpy(env->regbase, env->regbase + env->nwindows * 16,
+      * Make region_size a multiple of page_size, using aligned as the start.
-+               sizeof(env->gregs));
+      * As a result of this we might end up with a few extra pages at the end of
-     }
+      * the buffer; we will assign those to the last region.
-     env->cwp = new_cwp;
+      */
+-    region_size = (total_size - (aligned - buf)) / n_regions;
-     /* put the wrap registers at their temporary location */
++    region.n = tcg_n_regions(region.total_size, max_cpus);
-     if (new_cwp == env->nwindows - 1) {
++    page_size = qemu_real_host_page_size;
--        memcpy32(env->regbase + env->nwindows * 16, env->regbase);
++    region_size = region.total_size / region.n;
-+        memcpy(env->regbase + env->nwindows * 16, env->regbase,
+     region_size = QEMU_ALIGN_DOWN(region_size, page_size);
-+               sizeof(env->gregs));
-     }
+     /* A region must have at least 2 pages; one code, one guard */
-     env->regwptr = env->regbase + (new_cwp * 16);
+     g_assert(region_size >= 2 * page_size);
- }
++    region.stride = region_size;
-@@ -XXX,XX +XXX,XX @@ void cpu_gl_switch_gregs(CPUSPARCState *env, uint32_t new_gl)
++
-     dst = get_gl_gregset(env, env->gl);
++    /* Reserve space for guard pages. */
++    region.size = region_size - page_size;
-     if (src != dst) {
++    region.total_size -= page_size;
--        memcpy32(dst, env->gregs);
++
--        memcpy32(env->gregs, src);
++    /*
-+        memcpy(dst, env->gregs, sizeof(env->gregs));
++     * The first region will be smaller than the others, via the prologue,
-+        memcpy(env->gregs, src, sizeof(env->gregs));
++     * which has yet to be allocated.  For now, the first region begins at
-     }
++     * the page boundary.
- }
++     */
++    region.after_prologue = region.start_aligned;
-@@ -XXX,XX +XXX,XX @@ void cpu_change_pstate(CPUSPARCState *env, uint32_t new_pstate)
-         /* Switch global register bank */
+     /* init the region struct */
-         src = get_gregset(env, new_pstate_regs);
+     qemu_mutex_init(&region.lock);
-         dst = get_gregset(env, pstate_regs);
+-    region.n = n_regions;
--        memcpy32(dst, env->gregs);
+-    region.size = region_size - page_size;
--        memcpy32(env->gregs, src);
+-    region.stride = region_size;
-+        memcpy(dst, env->gregs, sizeof(env->gregs));
+-    region.after_prologue = buf;
-+        memcpy(env->gregs, src, sizeof(env->gregs));
+-    region.start_aligned = aligned;
-     } else {
+-    /* page-align the end, since its last page will be a guard page */
-         trace_win_helper_no_switch_pstate(new_pstate_regs);
+-    end = QEMU_ALIGN_PTR_DOWN(buf + total_size, page_size);
-     }
+-    /* account for that last guard page */
 -    end -= page_size;
 -    total_size = end - aligned;
 -    region.total_size = total_size;
      /*
       * Set guard pages in the rw buffer, as that's the one into which
 --
-.43.0
+.25.1

Pretty small still, but there are two patches that ought
to get backported to stable, so no point in delaying.

The following changes since commit a5ba0a7e4e150d1350a041f0d0ef9ca6c8d7c307:

Merge tag 'pull-aspeed-20241211' of https://github.com/legoater/qemu into staging (2024-12-11 15:16:47 +0000)

are available in the Git repository at:

https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20241212

for you to fetch changes up to 7ac87b14a92234b6a89b701b4043ad6cf8bdcccf:

target/sparc: Use memcpy() and remove memcpy32() (2024-12-12 14:28:38 -0600)

----------------------------------------------------------------
tcg: Reset free_temps before tcg_optimize
tcg/riscv: Fix StoreStore barrier generation
include/exec: Introduce fpst alias in helper-head.h.inc
target/sparc: Use memcpy() and remove memcpy32()

----------------------------------------------------------------
Philippe Mathieu-Daudé (1):
      target/sparc: Use memcpy() and remove memcpy32()

Richard Henderson (2):
      tcg: Reset free_temps before tcg_optimize
      include/exec: Introduce fpst alias in helper-head.h.inc

Roman Artemev (1):
      tcg/riscv: Fix StoreStore barrier generation

When allocating new temps during tcg_optmize, do not re-use
any EBB temps that were used within the TB.  We do not have
any idea what span of the TB in which the temp was live.

Introduce tcg_temp_ebb_reset_freed and use before tcg_optimize,
as well as replacing the equivalent in plugin_gen_inject and
tcg_func_start.

Cc: qemu-stable@nongnu.org
Fixes: fb04ab7ddd8 ("tcg/optimize: Lower TCG_COND_TST{EQ,NE} if unsupported")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2711
Reported-by: wannacu <wannacu2049@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 include/tcg/tcg-temp-internal.h | 6 ++++++
 accel/tcg/plugin-gen.c          | 2 +-
 tcg/tcg.c                       | 5 ++++-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/include/tcg/tcg-temp-internal.h b/include/tcg/tcg-temp-internal.h
index XXXXXXX..XXXXXXX 100644
--- a/include/tcg/tcg-temp-internal.h
+++ b/include/tcg/tcg-temp-internal.h
@@ -XXX,XX +XXX,XX @@ TCGv_i64 tcg_temp_ebb_new_i64(void);
 TCGv_ptr tcg_temp_ebb_new_ptr(void);
 TCGv_i128 tcg_temp_ebb_new_i128(void);
 
+/* Forget all freed EBB temps, so that new allocations produce new temps. */
+static inline void tcg_temp_ebb_reset_freed(TCGContext *s)
+{
+    memset(s->free_temps, 0, sizeof(s->free_temps));
+}
+
 #endif /* TCG_TEMP_FREE_H */
diff --git a/accel/tcg/plugin-gen.c b/accel/tcg/plugin-gen.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/plugin-gen.c
+++ b/accel/tcg/plugin-gen.c
@@ -XXX,XX +XXX,XX @@ static void plugin_gen_inject(struct qemu_plugin_tb *plugin_tb)
      * that might be live within the existing opcode stream.
      * The simplest solution is to release them all and create new.
      */
-    memset(tcg_ctx->free_temps, 0, sizeof(tcg_ctx->free_temps));
+    tcg_temp_ebb_reset_freed(tcg_ctx);
 
     QTAILQ_FOREACH_SAFE(op, &tcg_ctx->ops, link, next) {
         switch (op->opc) {
diff --git a/tcg/tcg.c b/tcg/tcg.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -XXX,XX +XXX,XX @@ void tcg_func_start(TCGContext *s)
     s->nb_temps = s->nb_globals;
 
     /* No temps have been previously allocated for size or locality.  */
-    memset(s->free_temps, 0, sizeof(s->free_temps));
+    tcg_temp_ebb_reset_freed(s);
 
     /* No constant temps have been previously allocated. */
     for (int i = 0; i < TCG_TYPE_COUNT; ++i) {
@@ -XXX,XX +XXX,XX @@ int tcg_gen_code(TCGContext *s, TranslationBlock *tb, uint64_t pc_start)
     }
 #endif
 
+    /* Do not reuse any EBB that may be allocated within the TB. */
+    tcg_temp_ebb_reset_freed(s);
+
     tcg_optimize(s);
 
     reachable_code_pass(s);
-- 
2.43.0

From: Roman Artemev <roman.artemev@syntacore.com>

On RISC-V to StoreStore barrier corresponds
`fence w, w` not `fence r, r`

Cc: qemu-stable@nongnu.org
Fixes: efbea94c76b ("tcg/riscv: Add slowpath load and store instructions")
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Denis Tomashev <denis.tomashev@syntacore.com>
Signed-off-by: Roman Artemev <roman.artemev@syntacore.com>
Message-ID: <e2f2131e294a49e79959d4fa9ec02cf4@syntacore.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/riscv/tcg-target.c.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tcg/riscv/tcg-target.c.inc b/tcg/riscv/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/riscv/tcg-target.c.inc
+++ b/tcg/riscv/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@ static void tcg_out_mb(TCGContext *s, TCGArg a0)
         insn |= 0x02100000;
     }
     if (a0 & TCG_MO_ST_ST) {
-        insn |= 0x02200000;
+        insn |= 0x01100000;
     }
     tcg_out32(s, insn);
 }
-- 
2.43.0

This allows targets to declare that the helper requires a
float_status pointer and instead of a generic void pointer.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/exec/helper-head.h.inc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/include/exec/helper-head.h.inc b/include/exec/helper-head.h.inc
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/helper-head.h.inc
+++ b/include/exec/helper-head.h.inc
@@ -XXX,XX +XXX,XX @@
 #define dh_alias_ptr ptr
 #define dh_alias_cptr ptr
 #define dh_alias_env ptr
+#define dh_alias_fpst ptr
 #define dh_alias_void void
 #define dh_alias_noreturn noreturn
 #define dh_alias(t) glue(dh_alias_, t)
@@ -XXX,XX +XXX,XX @@
 #define dh_ctype_ptr void *
 #define dh_ctype_cptr const void *
 #define dh_ctype_env CPUArchState *
+#define dh_ctype_fpst float_status *
 #define dh_ctype_void void
 #define dh_ctype_noreturn G_NORETURN void
 #define dh_ctype(t) dh_ctype_##t
@@ -XXX,XX +XXX,XX @@
 #define dh_typecode_f64 dh_typecode_i64
 #define dh_typecode_cptr dh_typecode_ptr
 #define dh_typecode_env dh_typecode_ptr
+#define dh_typecode_fpst dh_typecode_ptr
 #define dh_typecode(t) dh_typecode_##t
 
 #define dh_callflag_i32  0
-- 
2.43.0

From: Philippe Mathieu-Daudé <philmd@linaro.org>

Rather than manually copying each register, use
the libc memcpy(), which is well optimized nowadays.

Suggested-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20241205205418.67613-1-philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/sparc/win_helper.c | 26 ++++++++------------------
 1 file changed, 8 insertions(+), 18 deletions(-)

diff --git a/target/sparc/win_helper.c b/target/sparc/win_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sparc/win_helper.c
+++ b/target/sparc/win_helper.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-proto.h"
 #include "trace.h"
 
-static inline void memcpy32(target_ulong *dst, const target_ulong *src)
-{
-    dst[0] = src[0];
-    dst[1] = src[1];
-    dst[2] = src[2];
-    dst[3] = src[3];
-    dst[4] = src[4];
-    dst[5] = src[5];
-    dst[6] = src[6];
-    dst[7] = src[7];
-}
-
 void cpu_set_cwp(CPUSPARCState *env, int new_cwp)
 {
     /* put the modified wrap registers at their proper location */
     if (env->cwp == env->nwindows - 1) {
-        memcpy32(env->regbase, env->regbase + env->nwindows * 16);
+        memcpy(env->regbase, env->regbase + env->nwindows * 16,
+               sizeof(env->gregs));
     }
     env->cwp = new_cwp;
 
     /* put the wrap registers at their temporary location */
     if (new_cwp == env->nwindows - 1) {
-        memcpy32(env->regbase + env->nwindows * 16, env->regbase);
+        memcpy(env->regbase + env->nwindows * 16, env->regbase,
+               sizeof(env->gregs));
     }
     env->regwptr = env->regbase + (new_cwp * 16);
 }
@@ -XXX,XX +XXX,XX @@ void cpu_gl_switch_gregs(CPUSPARCState *env, uint32_t new_gl)
     dst = get_gl_gregset(env, env->gl);
 
     if (src != dst) {
-        memcpy32(dst, env->gregs);
-        memcpy32(env->gregs, src);
+        memcpy(dst, env->gregs, sizeof(env->gregs));
+        memcpy(env->gregs, src, sizeof(env->gregs));
     }
 }
 
@@ -XXX,XX +XXX,XX @@ void cpu_change_pstate(CPUSPARCState *env, uint32_t new_pstate)
         /* Switch global register bank */
         src = get_gregset(env, new_pstate_regs);
         dst = get_gregset(env, pstate_regs);
-        memcpy32(dst, env->gregs);
-        memcpy32(env->gregs, src);
+        memcpy(dst, env->gregs, sizeof(env->gregs));
+        memcpy(env->gregs, src, sizeof(env->gregs));
     } else {
         trace_win_helper_no_switch_pstate(new_pstate_regs);
     }
-- 
2.43.0

V2 fixes an error in patch 22 wrt MacOS.
It's a shame we don't have public CI for that.

The following changes since commit 894fc4fd670aaf04a67dc7507739f914ff4bacf2:

Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging (2021-06-11 09:21:48 +0100)

are available in the Git repository at:

https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20210613

for you to fetch changes up to a5a8b84772e13066c6c45f480cc5b5312bbde08e:

docs/devel: Explain in more detail the TB chaining mechanisms (2021-06-13 17:42:40 -0700)

----------------------------------------------------------------
Clean up code_gen_buffer allocation.
Add tcg_remove_ops_after.
Fix tcg_constant_* documentation.
Improve TB chaining documentation.
Fix float32_exp2.
Fix arm tcg_out_op function signature.

----------------------------------------------------------------
Jose R. Ziviani (1):
      tcg/arm: Fix tcg_out_op function signature

Luis Pires (1):
      docs/devel: Explain in more detail the TB chaining mechanisms

Richard Henderson (32):
      meson: Split out tcg/meson.build
      meson: Split out fpu/meson.build
      tcg: Re-order tcg_region_init vs tcg_prologue_init
      tcg: Remove error return from tcg_region_initial_alloc__locked
      tcg: Split out tcg_region_initial_alloc
      tcg: Split out tcg_region_prologue_set
      tcg: Split out region.c
      accel/tcg: Inline cpu_gen_init
      accel/tcg: Move alloc_code_gen_buffer to tcg/region.c
      accel/tcg: Rename tcg_init to tcg_init_machine
      tcg: Create tcg_init
      accel/tcg: Merge tcg_exec_init into tcg_init_machine
      accel/tcg: Use MiB in tcg_init_machine
      accel/tcg: Pass down max_cpus to tcg_init
      tcg: Introduce tcg_max_ctxs
      tcg: Move MAX_CODE_GEN_BUFFER_SIZE to tcg-target.h
      tcg: Replace region.end with region.total_size
      tcg: Rename region.start to region.after_prologue
      tcg: Tidy tcg_n_regions
      tcg: Tidy split_cross_256mb
      tcg: Move in_code_gen_buffer and tests to region.c
      tcg: Allocate code_gen_buffer into struct tcg_region_state
      tcg: Return the map protection from alloc_code_gen_buffer
      tcg: Sink qemu_madvise call to common code
      util/osdep: Add qemu_mprotect_rw
      tcg: Round the tb_size default from qemu_get_host_physmem
      tcg: Merge buffer protection and guard page protection
      tcg: When allocating for !splitwx, begin with PROT_NONE
      tcg: Move tcg_init_ctx and tcg_ctx from accel/tcg/
      tcg: Introduce tcg_remove_ops_after
      tcg: Fix documentation for tcg_constant_* vs tcg_temp_free_*
      softfloat: Fix tp init in float32_exp2

Do not mess around with setting values within tcg_init_ctx.
Put the values into 'region' directly, which is where they
will live for the lifetime of the program.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Luis Pires <luis.pires@eldorado.org.br>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/region.c | 64 ++++++++++++++++++++++------------------------------
 1 file changed, 27 insertions(+), 37 deletions(-)

diff --git a/tcg/region.c b/tcg/region.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/region.c
+++ b/tcg/region.c
@@ -XXX,XX +XXX,XX @@ static size_t tree_size;
 
 bool in_code_gen_buffer(const void *p)
 {
-    const TCGContext *s = &tcg_init_ctx;
     /*
      * Much like it is valid to have a pointer to the byte past the
      * end of an array (so long as you don't dereference it), allow
      * a pointer to the byte past the end of the code gen buffer.
      */
-    return (size_t)(p - s->code_gen_buffer) <= s->code_gen_buffer_size;
+    return (size_t)(p - region.start_aligned) <= region.total_size;
 }
 
 #ifdef CONFIG_DEBUG_TCG
@@ -XXX,XX +XXX,XX @@ static bool alloc_code_gen_buffer(size_t tb_size, int splitwx, Error **errp)
     }
     qemu_madvise(buf, size, QEMU_MADV_HUGEPAGE);
 
-    tcg_ctx->code_gen_buffer = buf;
-    tcg_ctx->code_gen_buffer_size = size;
+    region.start_aligned = buf;
+    region.total_size = size;
     return true;
 }
 #elif defined(_WIN32)
@@ -XXX,XX +XXX,XX @@ static bool alloc_code_gen_buffer(size_t size, int splitwx, Error **errp)
         return false;
     }
 
-    tcg_ctx->code_gen_buffer = buf;
-    tcg_ctx->code_gen_buffer_size = size;
+    region.start_aligned = buf;
+    region.total_size = size;
     return true;
 }
 #else
@@ -XXX,XX +XXX,XX @@ static bool alloc_code_gen_buffer_anon(size_t size, int prot,
     /* Request large pages for the buffer.  */
     qemu_madvise(buf, size, QEMU_MADV_HUGEPAGE);
 
-    tcg_ctx->code_gen_buffer = buf;
-    tcg_ctx->code_gen_buffer_size = size;
+    region.start_aligned = buf;
+    region.total_size = size;
     return true;
 }
 
@@ -XXX,XX +XXX,XX @@ static bool alloc_code_gen_buffer_splitwx_memfd(size_t size, Error **errp)
         return false;
     }
     /* The size of the mapping may have been adjusted. */
-    size = tcg_ctx->code_gen_buffer_size;
-    buf_rx = tcg_ctx->code_gen_buffer;
+    buf_rx = region.start_aligned;
+    size = region.total_size;
 #endif
 
     buf_rw = qemu_memfd_alloc("tcg-jit", size, 0, &fd, errp);
@@ -XXX,XX +XXX,XX @@ static bool alloc_code_gen_buffer_splitwx_memfd(size_t size, Error **errp)
 #endif
 
     close(fd);
-    tcg_ctx->code_gen_buffer = buf_rw;
-    tcg_ctx->code_gen_buffer_size = size;
+    region.start_aligned = buf_rw;
+    region.total_size = size;
     tcg_splitwx_diff = buf_rx - buf_rw;
 
     /* Request large pages for the buffer and the splitwx.  */
@@ -XXX,XX +XXX,XX @@ static bool alloc_code_gen_buffer_splitwx_vmremap(size_t size, Error **errp)
         return false;
     }
 
-    buf_rw = (mach_vm_address_t)tcg_ctx->code_gen_buffer;
+    buf_rw = (mach_vm_address_t)region.start_aligned;
     buf_rx = 0;
     ret = mach_vm_remap(mach_task_self(),
                         &buf_rx,
@@ -XXX,XX +XXX,XX @@ static bool alloc_code_gen_buffer(size_t size, int splitwx, Error **errp)
  */
 void tcg_region_init(size_t tb_size, int splitwx, unsigned max_cpus)
 {
-    void *buf, *aligned, *end;
-    size_t total_size;
     size_t page_size;
     size_t region_size;
-    size_t n_regions;
     size_t i;
     bool ok;
 
@@ -XXX,XX +XXX,XX @@ void tcg_region_init(size_t tb_size, int splitwx, unsigned max_cpus)
                                splitwx, &error_fatal);
     assert(ok);
 
-    buf = tcg_init_ctx.code_gen_buffer;
-    total_size = tcg_init_ctx.code_gen_buffer_size;
-    page_size = qemu_real_host_page_size;
-    n_regions = tcg_n_regions(total_size, max_cpus);
-
-    /* The first region will be 'aligned - buf' bytes larger than the others */
-    aligned = QEMU_ALIGN_PTR_UP(buf, page_size);
-    g_assert(aligned < tcg_init_ctx.code_gen_buffer + total_size);
-
     /*
      * Make region_size a multiple of page_size, using aligned as the start.
      * As a result of this we might end up with a few extra pages at the end of
      * the buffer; we will assign those to the last region.
      */
-    region_size = (total_size - (aligned - buf)) / n_regions;
+    region.n = tcg_n_regions(region.total_size, max_cpus);
+    page_size = qemu_real_host_page_size;
+    region_size = region.total_size / region.n;
     region_size = QEMU_ALIGN_DOWN(region_size, page_size);
 
     /* A region must have at least 2 pages; one code, one guard */
     g_assert(region_size >= 2 * page_size);
+    region.stride = region_size;
+
+    /* Reserve space for guard pages. */
+    region.size = region_size - page_size;
+    region.total_size -= page_size;
+
+    /*
+     * The first region will be smaller than the others, via the prologue,
+     * which has yet to be allocated.  For now, the first region begins at
+     * the page boundary.
+     */
+    region.after_prologue = region.start_aligned;
 
     /* init the region struct */
     qemu_mutex_init(&region.lock);
-    region.n = n_regions;
-    region.size = region_size - page_size;
-    region.stride = region_size;
-    region.after_prologue = buf;
-    region.start_aligned = aligned;
-    /* page-align the end, since its last page will be a guard page */
-    end = QEMU_ALIGN_PTR_DOWN(buf + total_size, page_size);
-    /* account for that last guard page */
-    end -= page_size;
-    total_size = end - aligned;
-    region.total_size = total_size;
 
     /*
      * Set guard pages in the rw buffer, as that's the one into which
-- 
2.25.1