From patchwork Mon Jul 23 20:17:15 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Michael Roth <mdroth@linux.vnet.ibm.com>
X-Patchwork-Id: 142637
Delivered-To: patch@linaro.org
Received: by 2002:a2e:9754:0:0:0:0:0 with SMTP id f20-v6csp6500441ljj;
 Mon, 23 Jul 2018 14:11:59 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpeoZwmEWMOGYpbFfYrmTAT0OC8DyMnhWfcjjwjeWQzLx7i/ugb93hwZRGcO27rpHmKPOjhC
X-Received: by 2002:a37:f44:: with SMTP id
 z65-v6mr12827904qkg.93.1532380319536; 
 Mon, 23 Jul 2018 14:11:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1532380319; cv=none;
 d=google.com; s=arc-20160816;
 b=tMKGIgmd1pXVhE6F7NDPlwZbp5wSH9eynF63uN8DO+GDI73xg+Suya+m58e5ASI6cf
 jWSdk+JI6GRMVeE+Ay7YUbAN+DJ5P0agiNE4hJoekiW/HGmEHsvhd+K2K7WSTgRS6Bmu
 Wfyzk6HPwk2SnuMcQhSc7mizfaCNnaXbmmNZBq67jmoKQdRl5OY/Rqi86paszPm8p+Fi
 1JbE9T9rXVAIZnXrCHgeIlFURHgUQZhm7uRKCIFfghmHVFrwtMdcupSPgoaKwrZyCKdX
 iu1nFhyv/6DcsiCfipZUtfnoL1x20XHyo02u/rB4D+IF/BfWeFB9KyzapjkS1amwNlkj
 cs4g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:subject
 :content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:to:from:dkim-signature:arc-authentication-results;
 bh=R567CLjPuLcmj/VmBI4Kxetfln6noYhEtAG8G2ZZXUI=;
 b=jr15QycImkBp2B6tKa9JiTiQsAk5UnivQdEmcCWPP4iC7waMSC1H0bqG4II2J52HJN
 mvbNkIt3ZK4Jn7sCS6gP9Y4yeGIjJyFwNjJAo0cId37XyuNlsFWTqs4xsmDrPwXdHGSK
 qR5RWupcrAal25DDlhAI9HPVNppdBA3IKrZumo4HWniXBHPMA/qKGf3hdxXjjQHztXc6
 MdKFP1FMTvlztdS4jkJwYMEyy8hCjXvqFPm0AANU841k1bovhBhWCJVlSXKBBZg/ewM1
 R2j+cI1qV4LVWaR4gC4N5dUyI2DEhfuDaCpBI8JV/L85THdqqzx3qbeN57qfwVmoeRUr
 g4tg==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=fail header.i=@gmail.com header.s=20161025 header.b=Q+X5h3MG;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 2001:4830:134:3::11 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11])
 by mx.google.com with ESMTPS id
 m30-v6si5895948qtf.182.2018.07.23.14.11.59 for <patch@linaro.org>
 (version=TLS1 cipher=AES128-SHA bits=128/128);
 Mon, 23 Jul 2018 14:11:59 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 2001:4830:134:3::11 as permitted sender)
 client-ip=2001:4830:134:3::11; 
Authentication-Results: mx.google.com;
 dkim=fail header.i=@gmail.com header.s=20161025 header.b=Q+X5h3MG;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 2001:4830:134:3::11 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Received: from localhost ([::1]:36658 helo=lists.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <qemu-devel-bounces+patch=linaro.org@nongnu.org>)
 id 1fhi7a-0006RA-TE
 for patch@linaro.org; Mon, 23 Jul 2018 17:11:59 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:42716)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <flukshun@gmail.com>) id 1fhhKE-0003SC-3h
 for qemu-devel@nongnu.org; Mon, 23 Jul 2018 16:20:59 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <flukshun@gmail.com>) id 1fhhKC-00058Z-Sf
 for qemu-devel@nongnu.org; Mon, 23 Jul 2018 16:20:58 -0400
Received: from mail-oi0-x242.google.com ([2607:f8b0:4003:c06::242]:37281)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <flukshun@gmail.com>)
 id 1fhhKC-00058L-NG; Mon, 23 Jul 2018 16:20:56 -0400
Received: by mail-oi0-x242.google.com with SMTP id k81-v6so3480648oib.4;
 Mon, 23 Jul 2018 13:20:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; 
 h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=R567CLjPuLcmj/VmBI4Kxetfln6noYhEtAG8G2ZZXUI=;
 b=Q+X5h3MGXiNclUucpwx+wTKNg7AinTo4CDBFlySZINKpoMs+cu6QdcSmuPF0FJpLMM
 8jf6GIJaaGvjSRQtBP8lsJmL6dWqG7eyCbAaAU4RDp/lD46gEUaCp2kteeFUXU1rcEjH
 9I5D/1TXoaG+FttQniQu8oSbL5gyAx/cRqSwF4NDLmM5MwaS+TeLuJAFp7lA2JbbYYwH
 HsGr034qGOVhN6J04RMZQ6ZhBDrf3b/TuC0ErZc/YQ3D7cY/SeY7AHsWiPNQK9hy3UV6
 4y5KNBZXe1s0DVL5I8v4hGrR7w540llH6uae4TRBsSTbiC12oCKc7GRuZ0NRZJMopAuI
 CBOQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
 :in-reply-to:references:mime-version:content-transfer-encoding;
 bh=R567CLjPuLcmj/VmBI4Kxetfln6noYhEtAG8G2ZZXUI=;
 b=YyV4z+Bm8TpitwsATSHhrQC2vcJw9xHIbsKOF7J5bXDy+6g6Y+xwkHhP0IDv3dqBx+
 KZz4dCkeHzP2is6gLN56F2kL/4y0l4W+15yHeHEYC1jLleDN1iH6fjjU7AYn+LonJRPl
 Cyvjnes9X6YVw5tfbw1BT1tC8vULJH48IyGKzhzLlzcYCKbVAUPr7GR9fLurjjJ6RnOm
 8nqFZnsWm8jIDlmBCM45S2ZSLBDePH6GOlaiMBYk2pVWNkuA5xxM41Tg7kwV7YYjxbxo
 TSHkAflEOxjUlgKo67B7KG0m9eOAlbI204tq0HVk0LgN7nBLryxHdGaXdlAkn63BD0mN
 4gvg==
X-Gm-Message-State: AOUpUlEFKawoKQ78LlpxEblxkXhVtWuGNCbVBWJM+gD0V7xgL2up5dcW
 T257D5sHHO+GTtJjijsdksWDc8JSMQv7+g==
X-Received: by 2002:aca:d015:: with SMTP id
 h21-v6mr345379oig.142.1532377255554; 
 Mon, 23 Jul 2018 13:20:55 -0700 (PDT)
Received: from localhost (76-251-165-188.lightspeed.austtx.sbcglobal.net.
 [76.251.165.188]) by smtp.gmail.com with ESMTPSA id
 m62-v6sm26388292oik.30.2018.07.23.13.20.54
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Mon, 23 Jul 2018 13:20:54 -0700 (PDT)
From: Michael Roth <mdroth@linux.vnet.ibm.com>
To: qemu-devel@nongnu.org
Date: Mon, 23 Jul 2018 15:17:15 -0500
Message-Id: <20180723201748.25573-67-mdroth@linux.vnet.ibm.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180723201748.25573-1-mdroth@linux.vnet.ibm.com>
References: <20180723201748.25573-1-mdroth@linux.vnet.ibm.com>
MIME-Version: 1.0
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2607:f8b0:4003:c06::242
Subject: [Qemu-devel] [PATCH 66/99] tcg: Limit the number of ops in a TB
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Richard Henderson <richard.henderson@linaro.org>, qemu-stable@nongnu.org
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>

From: Richard Henderson <richard.henderson@linaro.org>

In 6001f7729e12 we partially attempt to address the branch
displacement overflow caused by 15fa08f845.

However, gcc/testsuite/gcc.target/aarch64/advsimd-intrinsics/vqtbX.c
is a testcase that contains a TB so large as to overflow anyway.
The limit here of 8000 ops produces a maximum output TB size of
24112 bytes on a ppc64le host with that test case.  This is still
much less than the maximum forward branch distance of 32764 bytes.

Cc: qemu-stable@nongnu.org
Fixes: 15fa08f845 ("tcg: Dynamically allocate TCGOps")
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit abebf92597186be2bc48d487235da28b1127860f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 tcg/tcg.c | 3 +++
 tcg/tcg.h | 8 +++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

-- 
2.17.1

diff --git a/tcg/tcg.c b/tcg/tcg.c
index bb24526c93..66997cc653 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -866,6 +866,7 @@ void tcg_func_start(TCGContext *s)
     /* No temps have been previously allocated for size or locality.  */
     memset(s->free_temps, 0, sizeof(s->free_temps));
 
+    s->nb_ops = 0;
     s->nb_labels = 0;
     s->current_frame_offset = s->frame_start;
 
@@ -1983,6 +1984,7 @@ void tcg_op_remove(TCGContext *s, TCGOp *op)
 {
     QTAILQ_REMOVE(&s->ops, op, link);
     QTAILQ_INSERT_TAIL(&s->free_ops, op, link);
+    s->nb_ops--;
 
 #ifdef CONFIG_PROFILER
     atomic_set(&s->prof.del_op_count, s->prof.del_op_count + 1);
@@ -2002,6 +2004,7 @@ static TCGOp *tcg_op_alloc(TCGOpcode opc)
     }
     memset(op, 0, offsetof(TCGOp, link));
     op->opc = opc;
+    s->nb_ops++;
 
     return op;
 }
diff --git a/tcg/tcg.h b/tcg/tcg.h
index 30896ca304..17cf764565 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -655,6 +655,7 @@ struct TCGContext {
     int nb_globals;
     int nb_temps;
     int nb_indirects;
+    int nb_ops;
 
     /* goto_tb support */
     tcg_insn_unit *code_buf;
@@ -844,7 +845,12 @@ static inline TCGOp *tcg_last_op(void)
 /* Test for whether to terminate the TB for using too many opcodes.  */
 static inline bool tcg_op_buf_full(void)
 {
-    return false;
+    /* This is not a hard limit, it merely stops translation when
+     * we have produced "enough" opcodes.  We want to limit TB size
+     * such that a RISC host can reasonably use a 16-bit signed
+     * branch within the TB.
+     */
+    return tcg_ctx->nb_ops >= 8000;
 }
 
 /* pool based memory allocation */