Archipelago » qemu

/*

 *  Host code generation

 *

 *  Copyright (c) 2003 Fabrice Bellard

 *

 * This library is free software; you can redistribute it and/or

 * modify it under the terms of the GNU Lesser General Public

 * License as published by the Free Software Foundation; either

 * version 2 of the License, or (at your option) any later version.

 *

 * This library is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

 * Lesser General Public License for more details.

 *

 * You should have received a copy of the GNU Lesser General Public

 * License along with this library; if not, see <http://www.gnu.org/licenses/>.

 */

#ifdef _WIN32

#include <windows.h>

#else

#include <sys/types.h>

#include <sys/mman.h>

#endif

#include <stdarg.h>

#include <stdlib.h>

#include <stdio.h>

#include <string.h>

#include <inttypes.h>

#include "config.h"

#include "qemu-common.h"

#define NO_CPU_IO_DEFS

#include "cpu.h"

#include "disas/disas.h"

#include "tcg.h"

#if defined(CONFIG_USER_ONLY)

#include "qemu.h"

#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)

#include <sys/param.h>

#if __FreeBSD_version >= 700104

#define HAVE_KINFO_GETVMMAP

#define sigqueue sigqueue_freebsd  /* avoid redefinition */

#include <sys/time.h>

#include <sys/proc.h>

#include <machine/profile.h>

#define _KERNEL

#include <sys/user.h>

#undef _KERNEL

#undef sigqueue

#include <libutil.h>

#endif

#endif

#else

#include "exec/address-spaces.h"

#endif

#include "exec/cputlb.h"

#include "translate-all.h"

#include "qemu/timer.h"

//#define DEBUG_TB_INVALIDATE

//#define DEBUG_FLUSH

/* make various TB consistency checks */

//#define DEBUG_TB_CHECK

#if !defined(CONFIG_USER_ONLY)

/* TB consistency checks only implemented for usermode emulation.  */

#undef DEBUG_TB_CHECK

#endif

#define SMC_BITMAP_USE_THRESHOLD 10

typedef struct PageDesc {

    /* list of TBs intersecting this ram page */

    TranslationBlock *first_tb;

    /* in order to optimize self modifying code, we count the number

       of lookups we do to a given page to use a bitmap */

    unsigned int code_write_count;

    uint8_t *code_bitmap;

#if defined(CONFIG_USER_ONLY)

    unsigned long flags;

#endif

} PageDesc;

/* In system mode we want L1_MAP to be based on ram offsets,

   while in user mode we want it to be based on virtual addresses.  */

#if !defined(CONFIG_USER_ONLY)

#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS

# define L1_MAP_ADDR_SPACE_BITS  HOST_LONG_BITS

#else

# define L1_MAP_ADDR_SPACE_BITS  TARGET_PHYS_ADDR_SPACE_BITS

#endif

#else

# define L1_MAP_ADDR_SPACE_BITS  TARGET_VIRT_ADDR_SPACE_BITS

#endif

/* Size of the L2 (and L3, etc) page tables.  */

#define V_L2_BITS 10

#define V_L2_SIZE (1 << V_L2_BITS)

/* The bits remaining after N lower levels of page tables.  */

#define V_L1_BITS_REM \

    ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % V_L2_BITS)

#if V_L1_BITS_REM < 4

#define V_L1_BITS  (V_L1_BITS_REM + V_L2_BITS)

#else

#define V_L1_BITS  V_L1_BITS_REM

#endif

#define V_L1_SIZE  ((target_ulong)1 << V_L1_BITS)

#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)

uintptr_t qemu_real_host_page_size;

uintptr_t qemu_host_page_size;

uintptr_t qemu_host_page_mask;

/* This is a multi-level map on the virtual address space.

   The bottom level has pointers to PageDesc.  */

static void *l1_map[V_L1_SIZE];

/* code generation context */

TCGContext tcg_ctx;

static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,

                         tb_page_addr_t phys_page2);

static TranslationBlock *tb_find_pc(uintptr_t tc_ptr);

void cpu_gen_init(void)

{

    tcg_context_init(&tcg_ctx); 

}

/* return non zero if the very first instruction is invalid so that

   the virtual CPU can trigger an exception.

   '*gen_code_size_ptr' contains the size of the generated code (host

   code).

*/

int cpu_gen_code(CPUArchState *env, TranslationBlock *tb, int *gen_code_size_ptr)

{

    TCGContext *s = &tcg_ctx;

    uint8_t *gen_code_buf;

    int gen_code_size;

#ifdef CONFIG_PROFILER

    int64_t ti;

#endif

#ifdef CONFIG_PROFILER

    s->tb_count1++; /* includes aborted translations because of

                       exceptions */

    ti = profile_getclock();

#endif

    tcg_func_start(s);

    gen_intermediate_code(env, tb);

    /* generate machine code */

    gen_code_buf = tb->tc_ptr;

    tb->tb_next_offset[0] = 0xffff;

    tb->tb_next_offset[1] = 0xffff;

    s->tb_next_offset = tb->tb_next_offset;

#ifdef USE_DIRECT_JUMP

    s->tb_jmp_offset = tb->tb_jmp_offset;

    s->tb_next = NULL;

#else

    s->tb_jmp_offset = NULL;

    s->tb_next = tb->tb_next;

#endif

#ifdef CONFIG_PROFILER

    s->tb_count++;

    s->interm_time += profile_getclock() - ti;

    s->code_time -= profile_getclock();

#endif

    gen_code_size = tcg_gen_code(s, gen_code_buf);

    *gen_code_size_ptr = gen_code_size;

#ifdef CONFIG_PROFILER

    s->code_time += profile_getclock();

    s->code_in_len += tb->size;

    s->code_out_len += gen_code_size;

#endif

#ifdef DEBUG_DISAS

    if (qemu_loglevel_mask(CPU_LOG_TB_OUT_ASM)) {

        qemu_log("OUT: [size=%d]\n", *gen_code_size_ptr);

        log_disas(tb->tc_ptr, *gen_code_size_ptr);

        qemu_log("\n");

        qemu_log_flush();

    }

#endif

    return 0;

}

/* The cpu state corresponding to 'searched_pc' is restored.

 */

static int cpu_restore_state_from_tb(TranslationBlock *tb, CPUArchState *env,

                                     uintptr_t searched_pc)

{

    TCGContext *s = &tcg_ctx;

    int j;

    uintptr_t tc_ptr;

#ifdef CONFIG_PROFILER

    int64_t ti;

#endif

#ifdef CONFIG_PROFILER

    ti = profile_getclock();

#endif

    tcg_func_start(s);

    gen_intermediate_code_pc(env, tb);

    if (use_icount) {

        /* Reset the cycle counter to the start of the block.  */

        env->icount_decr.u16.low += tb->icount;

        /* Clear the IO flag.  */

        env->can_do_io = 0;

    }

    /* find opc index corresponding to search_pc */

    tc_ptr = (uintptr_t)tb->tc_ptr;

    if (searched_pc < tc_ptr)

        return -1;

    s->tb_next_offset = tb->tb_next_offset;

#ifdef USE_DIRECT_JUMP

    s->tb_jmp_offset = tb->tb_jmp_offset;

    s->tb_next = NULL;

#else

    s->tb_jmp_offset = NULL;

    s->tb_next = tb->tb_next;

#endif

    j = tcg_gen_code_search_pc(s, (uint8_t *)tc_ptr, searched_pc - tc_ptr);

    if (j < 0)

        return -1;

    /* now find start of instruction before */

    while (s->gen_opc_instr_start[j] == 0) {

        j--;

    }

    env->icount_decr.u16.low -= s->gen_opc_icount[j];

    restore_state_to_opc(env, tb, j);

#ifdef CONFIG_PROFILER

    s->restore_time += profile_getclock() - ti;

    s->restore_count++;

#endif

    return 0;

}

bool cpu_restore_state(CPUArchState *env, uintptr_t retaddr)

{

    TranslationBlock *tb;

    tb = tb_find_pc(retaddr);

    if (tb) {

        cpu_restore_state_from_tb(tb, env, retaddr);

        return true;

    }

    return false;

}

#ifdef _WIN32

static inline void map_exec(void *addr, long size)

{

    DWORD old_protect;

    VirtualProtect(addr, size,

                   PAGE_EXECUTE_READWRITE, &old_protect);

}

#else

static inline void map_exec(void *addr, long size)

{

    unsigned long start, end, page_size;

    page_size = getpagesize();

    start = (unsigned long)addr;

    start &= ~(page_size - 1);

    end = (unsigned long)addr + size;

    end += page_size - 1;

    end &= ~(page_size - 1);

    mprotect((void *)start, end - start,

             PROT_READ | PROT_WRITE | PROT_EXEC);

}

#endif

void page_size_init(void)

{

    /* NOTE: we can always suppose that qemu_host_page_size >=

       TARGET_PAGE_SIZE */

#ifdef _WIN32

    SYSTEM_INFO system_info;

    GetSystemInfo(&system_info);

    qemu_real_host_page_size = system_info.dwPageSize;

#else

    qemu_real_host_page_size = getpagesize();

#endif

    if (qemu_host_page_size == 0) {

        qemu_host_page_size = qemu_real_host_page_size;

    }

    if (qemu_host_page_size < TARGET_PAGE_SIZE) {

        qemu_host_page_size = TARGET_PAGE_SIZE;

    }

    qemu_host_page_mask = ~(qemu_host_page_size - 1);

}

static void page_init(void)

{

    page_size_init();

#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)

    {

#ifdef HAVE_KINFO_GETVMMAP

        struct kinfo_vmentry *freep;

        int i, cnt;

        freep = kinfo_getvmmap(getpid(), &cnt);

        if (freep) {

            mmap_lock();

            for (i = 0; i < cnt; i++) {

                unsigned long startaddr, endaddr;

                startaddr = freep[i].kve_start;

                endaddr = freep[i].kve_end;

                if (h2g_valid(startaddr)) {

                    startaddr = h2g(startaddr) & TARGET_PAGE_MASK;

                    if (h2g_valid(endaddr)) {

                        endaddr = h2g(endaddr);

                        page_set_flags(startaddr, endaddr, PAGE_RESERVED);

                    } else {

#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS

                        endaddr = ~0ul;

                        page_set_flags(startaddr, endaddr, PAGE_RESERVED);

#endif

                    }

                }

            }

            free(freep);

            mmap_unlock();

        }

#else

        FILE *f;

        last_brk = (unsigned long)sbrk(0);

        f = fopen("/compat/linux/proc/self/maps", "r");

        if (f) {

            mmap_lock();

            do {

                unsigned long startaddr, endaddr;

                int n;

                n = fscanf(f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);

                if (n == 2 && h2g_valid(startaddr)) {

                    startaddr = h2g(startaddr) & TARGET_PAGE_MASK;

                    if (h2g_valid(endaddr)) {

                        endaddr = h2g(endaddr);

                    } else {

                        endaddr = ~0ul;

                    }

                    page_set_flags(startaddr, endaddr, PAGE_RESERVED);

                }

            } while (!feof(f));

            fclose(f);

            mmap_unlock();

        }

#endif

    }

#endif

}

static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)

{

    PageDesc *pd;

    void **lp;

    int i;

#if defined(CONFIG_USER_ONLY)

    /* We can't use g_malloc because it may recurse into a locked mutex. */

# define ALLOC(P, SIZE)                                 \

    do {                                                \

        P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE,    \

                 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);   \

    } while (0)

#else

# define ALLOC(P, SIZE) \

    do { P = g_malloc0(SIZE); } while (0)

#endif

    /* Level 1.  Always allocated.  */

    lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));

    /* Level 2..N-1.  */

    for (i = V_L1_SHIFT / V_L2_BITS - 1; i > 0; i--) {

        void **p = *lp;

        if (p == NULL) {

            if (!alloc) {

                return NULL;

            }

            ALLOC(p, sizeof(void *) * V_L2_SIZE);

            *lp = p;

        }

        lp = p + ((index >> (i * V_L2_BITS)) & (V_L2_SIZE - 1));

    }

    pd = *lp;

    if (pd == NULL) {

        if (!alloc) {

            return NULL;

        }

        ALLOC(pd, sizeof(PageDesc) * V_L2_SIZE);

        *lp = pd;

    }

#undef ALLOC

    return pd + (index & (V_L2_SIZE - 1));

}

static inline PageDesc *page_find(tb_page_addr_t index)

{

    return page_find_alloc(index, 0);

}

#if !defined(CONFIG_USER_ONLY)

#define mmap_lock() do { } while (0)

#define mmap_unlock() do { } while (0)

#endif

#if defined(CONFIG_USER_ONLY)

/* Currently it is not recommended to allocate big chunks of data in

   user mode. It will change when a dedicated libc will be used.  */

/* ??? 64-bit hosts ought to have no problem mmaping data outside the

   region in which the guest needs to run.  Revisit this.  */

#define USE_STATIC_CODE_GEN_BUFFER

#endif

/* ??? Should configure for this, not list operating systems here.  */

#if (defined(__linux__) \

    || defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \

    || defined(__DragonFly__) || defined(__OpenBSD__) \

    || defined(__NetBSD__))

# define USE_MMAP

#endif

/* Minimum size of the code gen buffer.  This number is randomly chosen,

   but not so small that we can't have a fair number of TB's live.  */

#define MIN_CODE_GEN_BUFFER_SIZE     (1024u * 1024)

/* Maximum size of the code gen buffer we'd like to use.  Unless otherwise

   indicated, this is constrained by the range of direct branches on the

   host cpu, as used by the TCG implementation of goto_tb.  */

#if defined(__x86_64__)

# define MAX_CODE_GEN_BUFFER_SIZE  (2ul * 1024 * 1024 * 1024)

#elif defined(__sparc__)

# define MAX_CODE_GEN_BUFFER_SIZE  (2ul * 1024 * 1024 * 1024)

#elif defined(__aarch64__)

# define MAX_CODE_GEN_BUFFER_SIZE  (128ul * 1024 * 1024)

#elif defined(__arm__)

# define MAX_CODE_GEN_BUFFER_SIZE  (16u * 1024 * 1024)

#elif defined(__s390x__)

  /* We have a +- 4GB range on the branches; leave some slop.  */

# define MAX_CODE_GEN_BUFFER_SIZE  (3ul * 1024 * 1024 * 1024)

#else

# define MAX_CODE_GEN_BUFFER_SIZE  ((size_t)-1)

#endif

#define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)

#define DEFAULT_CODE_GEN_BUFFER_SIZE \

  (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \

   ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)

static inline size_t size_code_gen_buffer(size_t tb_size)

{

    /* Size the buffer.  */

    if (tb_size == 0) {

#ifdef USE_STATIC_CODE_GEN_BUFFER

        tb_size = DEFAULT_CODE_GEN_BUFFER_SIZE;

#else

        /* ??? Needs adjustments.  */

        /* ??? If we relax the requirement that CONFIG_USER_ONLY use the

           static buffer, we could size this on RESERVED_VA, on the text

           segment size of the executable, or continue to use the default.  */

        tb_size = (unsigned long)(ram_size / 4);

#endif

    }

    if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) {

        tb_size = MIN_CODE_GEN_BUFFER_SIZE;

    }

    if (tb_size > MAX_CODE_GEN_BUFFER_SIZE) {

        tb_size = MAX_CODE_GEN_BUFFER_SIZE;

    }

    tcg_ctx.code_gen_buffer_size = tb_size;

    return tb_size;

}

#ifdef USE_STATIC_CODE_GEN_BUFFER

static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]

    __attribute__((aligned(CODE_GEN_ALIGN)));

static inline void *alloc_code_gen_buffer(void)

{

    map_exec(static_code_gen_buffer, tcg_ctx.code_gen_buffer_size);

    return static_code_gen_buffer;

}

#elif defined(USE_MMAP)

static inline void *alloc_code_gen_buffer(void)

{

    int flags = MAP_PRIVATE | MAP_ANONYMOUS;

    uintptr_t start = 0;

    void *buf;

    /* Constrain the position of the buffer based on the host cpu.

       Note that these addresses are chosen in concert with the

       addresses assigned in the relevant linker script file.  */

# if defined(__PIE__) || defined(__PIC__)

    /* Don't bother setting a preferred location if we're building

       a position-independent executable.  We're more likely to get

       an address near the main executable if we let the kernel

       choose the address.  */

# elif defined(__x86_64__) && defined(MAP_32BIT)

    /* Force the memory down into low memory with the executable.

       Leave the choice of exact location with the kernel.  */

    flags |= MAP_32BIT;

    /* Cannot expect to map more than 800MB in low memory.  */

    if (tcg_ctx.code_gen_buffer_size > 800u * 1024 * 1024) {

        tcg_ctx.code_gen_buffer_size = 800u * 1024 * 1024;

    }

# elif defined(__sparc__)

    start = 0x40000000ul;

# elif defined(__s390x__)

    start = 0x90000000ul;

# endif

    buf = mmap((void *)start, tcg_ctx.code_gen_buffer_size,

               PROT_WRITE | PROT_READ | PROT_EXEC, flags, -1, 0);

    return buf == MAP_FAILED ? NULL : buf;

}

#else

static inline void *alloc_code_gen_buffer(void)

{

    void *buf = g_malloc(tcg_ctx.code_gen_buffer_size);

    if (buf) {

        map_exec(buf, tcg_ctx.code_gen_buffer_size);

    }

    return buf;

}

#endif /* USE_STATIC_CODE_GEN_BUFFER, USE_MMAP */

static inline void code_gen_alloc(size_t tb_size)

{

    tcg_ctx.code_gen_buffer_size = size_code_gen_buffer(tb_size);

    tcg_ctx.code_gen_buffer = alloc_code_gen_buffer();

    if (tcg_ctx.code_gen_buffer == NULL) {

        fprintf(stderr, "Could not allocate dynamic translator buffer\n");

        exit(1);

    }

    qemu_madvise(tcg_ctx.code_gen_buffer, tcg_ctx.code_gen_buffer_size,

            QEMU_MADV_HUGEPAGE);

    /* Steal room for the prologue at the end of the buffer.  This ensures

       (via the MAX_CODE_GEN_BUFFER_SIZE limits above) that direct branches

       from TB's to the prologue are going to be in range.  It also means

       that we don't need to mark (additional) portions of the data segment

       as executable.  */

    tcg_ctx.code_gen_prologue = tcg_ctx.code_gen_buffer +

            tcg_ctx.code_gen_buffer_size - 1024;

    tcg_ctx.code_gen_buffer_size -= 1024;

    tcg_ctx.code_gen_buffer_max_size = tcg_ctx.code_gen_buffer_size -

        (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);

    tcg_ctx.code_gen_max_blocks = tcg_ctx.code_gen_buffer_size /

            CODE_GEN_AVG_BLOCK_SIZE;

    tcg_ctx.tb_ctx.tbs =

            g_malloc(tcg_ctx.code_gen_max_blocks * sizeof(TranslationBlock));

}

/* Must be called before using the QEMU cpus. 'tb_size' is the size

   (in bytes) allocated to the translation buffer. Zero means default

   size. */

void tcg_exec_init(unsigned long tb_size)

{

    cpu_gen_init();

    code_gen_alloc(tb_size);

    tcg_ctx.code_gen_ptr = tcg_ctx.code_gen_buffer;

    tcg_register_jit(tcg_ctx.code_gen_buffer, tcg_ctx.code_gen_buffer_size);

    page_init();

#if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)

    /* There's no guest base to take into account, so go ahead and

       initialize the prologue now.  */

    tcg_prologue_init(&tcg_ctx);

#endif

}

bool tcg_enabled(void)

{

    return tcg_ctx.code_gen_buffer != NULL;

}

/* Allocate a new translation block. Flush the translation buffer if

   too many translation blocks or too much generated code. */

static TranslationBlock *tb_alloc(target_ulong pc)

{

    TranslationBlock *tb;

    if (tcg_ctx.tb_ctx.nb_tbs >= tcg_ctx.code_gen_max_blocks ||

        (tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer) >=

         tcg_ctx.code_gen_buffer_max_size) {

        return NULL;

    }

    tb = &tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs++];

    tb->pc = pc;

    tb->cflags = 0;

    return tb;

}

void tb_free(TranslationBlock *tb)

{

    /* In practice this is mostly used for single use temporary TB

       Ignore the hard cases and just back up if this TB happens to

       be the last one generated.  */

    if (tcg_ctx.tb_ctx.nb_tbs > 0 &&

            tb == &tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs - 1]) {

        tcg_ctx.code_gen_ptr = tb->tc_ptr;

        tcg_ctx.tb_ctx.nb_tbs--;

    }

}

static inline void invalidate_page_bitmap(PageDesc *p)

{

    if (p->code_bitmap) {

        g_free(p->code_bitmap);

        p->code_bitmap = NULL;

    }

    p->code_write_count = 0;

}

/* Set to NULL all the 'first_tb' fields in all PageDescs. */

static void page_flush_tb_1(int level, void **lp)

{

    int i;

    if (*lp == NULL) {

        return;

    }

    if (level == 0) {

        PageDesc *pd = *lp;

        for (i = 0; i < V_L2_SIZE; ++i) {

            pd[i].first_tb = NULL;

            invalidate_page_bitmap(pd + i);

        }

    } else {

        void **pp = *lp;

        for (i = 0; i < V_L2_SIZE; ++i) {

            page_flush_tb_1(level - 1, pp + i);

        }

    }

}

static void page_flush_tb(void)

{

    int i;

    for (i = 0; i < V_L1_SIZE; i++) {

        page_flush_tb_1(V_L1_SHIFT / V_L2_BITS - 1, l1_map + i);

    }

}

/* flush all the translation blocks */

/* XXX: tb_flush is currently not thread safe */

void tb_flush(CPUArchState *env1)

{

    CPUState *cpu;

#if defined(DEBUG_FLUSH)

    printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",

           (unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer),

           tcg_ctx.tb_ctx.nb_tbs, tcg_ctx.tb_ctx.nb_tbs > 0 ?

           ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)) /

           tcg_ctx.tb_ctx.nb_tbs : 0);

#endif

    if ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)

        > tcg_ctx.code_gen_buffer_size) {

        cpu_abort(env1, "Internal error: code buffer overflow\n");

    }

    tcg_ctx.tb_ctx.nb_tbs = 0;

    CPU_FOREACH(cpu) {

        CPUArchState *env = cpu->env_ptr;

        memset(env->tb_jmp_cache, 0, sizeof(env->tb_jmp_cache));

    }

    memset(tcg_ctx.tb_ctx.tb_phys_hash, 0, sizeof(tcg_ctx.tb_ctx.tb_phys_hash));

    page_flush_tb();

    tcg_ctx.code_gen_ptr = tcg_ctx.code_gen_buffer;

    /* XXX: flush processor icache at this point if cache flush is

       expensive */

    tcg_ctx.tb_ctx.tb_flush_count++;

}

#ifdef DEBUG_TB_CHECK

static void tb_invalidate_check(target_ulong address)

{

    TranslationBlock *tb;

    int i;

    address &= TARGET_PAGE_MASK;

    for (i = 0; i < CODE_GEN_PHYS_HASH_SIZE; i++) {

        for (tb = tb_ctx.tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {

            if (!(address + TARGET_PAGE_SIZE <= tb->pc ||

                  address >= tb->pc + tb->size)) {

                printf("ERROR invalidate: address=" TARGET_FMT_lx

                       " PC=%08lx size=%04x\n",

                       address, (long)tb->pc, tb->size);

            }

        }

    }

}

/* verify that all the pages have correct rights for code */

static void tb_page_check(void)

{

    TranslationBlock *tb;

    int i, flags1, flags2;

    for (i = 0; i < CODE_GEN_PHYS_HASH_SIZE; i++) {

        for (tb = tcg_ctx.tb_ctx.tb_phys_hash[i]; tb != NULL;

                tb = tb->phys_hash_next) {

            flags1 = page_get_flags(tb->pc);

            flags2 = page_get_flags(tb->pc + tb->size - 1);

            if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {

                printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",

                       (long)tb->pc, tb->size, flags1, flags2);

            }

        }

    }

}

#endif

static inline void tb_hash_remove(TranslationBlock **ptb, TranslationBlock *tb)

{

    TranslationBlock *tb1;

    for (;;) {

        tb1 = *ptb;

        if (tb1 == tb) {

            *ptb = tb1->phys_hash_next;

            break;

        }

        ptb = &tb1->phys_hash_next;

    }

}

static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)

{

    TranslationBlock *tb1;

    unsigned int n1;

    for (;;) {

        tb1 = *ptb;

        n1 = (uintptr_t)tb1 & 3;

        tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);

        if (tb1 == tb) {

            *ptb = tb1->page_next[n1];

            break;

        }

        ptb = &tb1->page_next[n1];

    }

}

static inline void tb_jmp_remove(TranslationBlock *tb, int n)

{

    TranslationBlock *tb1, **ptb;

    unsigned int n1;

    ptb = &tb->jmp_next[n];

    tb1 = *ptb;

    if (tb1) {

        /* find tb(n) in circular list */

        for (;;) {

            tb1 = *ptb;

            n1 = (uintptr_t)tb1 & 3;

            tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);

            if (n1 == n && tb1 == tb) {

                break;

            }

            if (n1 == 2) {

                ptb = &tb1->jmp_first;

            } else {

                ptb = &tb1->jmp_next[n1];

            }

        }

        /* now we can suppress tb(n) from the list */

        *ptb = tb->jmp_next[n];

        tb->jmp_next[n] = NULL;

    }

}

/* reset the jump entry 'n' of a TB so that it is not chained to

   another TB */

static inline void tb_reset_jump(TranslationBlock *tb, int n)

{

    tb_set_jmp_target(tb, n, (uintptr_t)(tb->tc_ptr + tb->tb_next_offset[n]));

}

/* invalidate one TB */

void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)

{

    CPUState *cpu;

    PageDesc *p;

    unsigned int h, n1;

    tb_page_addr_t phys_pc;

    TranslationBlock *tb1, *tb2;

    /* remove the TB from the hash list */

    phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);

    h = tb_phys_hash_func(phys_pc);

    tb_hash_remove(&tcg_ctx.tb_ctx.tb_phys_hash[h], tb);

    /* remove the TB from the page list */

    if (tb->page_addr[0] != page_addr) {

        p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);

        tb_page_remove(&p->first_tb, tb);

        invalidate_page_bitmap(p);

    }

    if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {

        p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);

        tb_page_remove(&p->first_tb, tb);

        invalidate_page_bitmap(p);

    }

    tcg_ctx.tb_ctx.tb_invalidated_flag = 1;

    /* remove the TB from the hash list */

    h = tb_jmp_cache_hash_func(tb->pc);

    CPU_FOREACH(cpu) {

        CPUArchState *env = cpu->env_ptr;

        if (env->tb_jmp_cache[h] == tb) {

            env->tb_jmp_cache[h] = NULL;

        }

    }

    /* suppress this TB from the two jump lists */

    tb_jmp_remove(tb, 0);

    tb_jmp_remove(tb, 1);

    /* suppress any remaining jumps to this TB */

    tb1 = tb->jmp_first;

    for (;;) {

        n1 = (uintptr_t)tb1 & 3;

        if (n1 == 2) {

            break;

        }

        tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);

        tb2 = tb1->jmp_next[n1];

        tb_reset_jump(tb1, n1);

        tb1->jmp_next[n1] = NULL;

        tb1 = tb2;

    }

    tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */

    tcg_ctx.tb_ctx.tb_phys_invalidate_count++;

}

static inline void set_bits(uint8_t *tab, int start, int len)

{

    int end, mask, end1;

    end = start + len;

    tab += start >> 3;

    mask = 0xff << (start & 7);

    if ((start & ~7) == (end & ~7)) {

        if (start < end) {

            mask &= ~(0xff << (end & 7));

            *tab |= mask;

        }

    } else {