| Message ID | 20210311143958.562625-14-richard.henderson@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | TCI fixes and cleanups | expand |
On 3/11/21 3:39 PM, Richard Henderson wrote: > Convert to indirect jumps, as it's less complicated. > Then we just have a pointer to the tb address at which > the chain is stored, from which we read. > > Signed-off-by: Richard Henderson <richard.henderson@linaro.org> > --- > tcg/tci/tcg-target.h | 11 +++-------- > tcg/tci.c | 8 +++----- > tcg/tci/tcg-target.c.inc | 13 +++---------- > 3 files changed, 9 insertions(+), 23 deletions(-) > > diff --git a/tcg/tci/tcg-target.h b/tcg/tci/tcg-target.h > index 9c0021a26f..9285c930a2 100644 > --- a/tcg/tci/tcg-target.h > +++ b/tcg/tci/tcg-target.h > @@ -87,7 +87,7 @@ > #define TCG_TARGET_HAS_muluh_i32 0 > #define TCG_TARGET_HAS_mulsh_i32 0 > #define TCG_TARGET_HAS_goto_ptr 0 > -#define TCG_TARGET_HAS_direct_jump 1 > +#define TCG_TARGET_HAS_direct_jump 0 > #define TCG_TARGET_HAS_qemu_st8_i32 0 > > #if TCG_TARGET_REG_BITS == 64 > @@ -174,12 +174,7 @@ void tci_disas(uint8_t opc); > > #define TCG_TARGET_HAS_MEMORY_BSWAP 1 > > -static inline void tb_target_set_jmp_target(uintptr_t tc_ptr, uintptr_t jmp_rx, > - uintptr_t jmp_rw, uintptr_t addr) > -{ > - /* patch the branch destination */ > - qatomic_set((int32_t *)jmp_rw, addr - (jmp_rx + 4)); > - /* no need to flush icache explicitly */ > -} > +/* not defined -- call should be eliminated at compile time */ > +void tb_target_set_jmp_target(uintptr_t, uintptr_t, uintptr_t, uintptr_t); > > #endif /* TCG_TARGET_H */ > diff --git a/tcg/tci.c b/tcg/tci.c > index 6fbbc48ecf..3fe0831b33 100644 > --- a/tcg/tci.c > +++ b/tcg/tci.c > @@ -816,13 +816,11 @@ uintptr_t QEMU_DISABLE_CFI tcg_qemu_tb_exec(CPUArchState *env, > return (uintptr_t)ptr; > > case INDEX_op_goto_tb: > - /* Jump address is aligned */ > - tb_ptr = QEMU_ALIGN_PTR_UP(tb_ptr, 4); > - t0 = qatomic_read((int32_t *)tb_ptr); > - tb_ptr += sizeof(int32_t); > + tci_args_l(&tb_ptr, &ptr); > tci_assert(tb_ptr == old_code_ptr + op_size); > - tb_ptr += (int32_t)t0; > + tb_ptr = *(void **)ptr; > continue; > + > case INDEX_op_qemu_ld_i32: > t0 = *tb_ptr++; > taddr = tci_read_ulong(regs, &tb_ptr); > diff --git a/tcg/tci/tcg-target.c.inc b/tcg/tci/tcg-target.c.inc > index ff8040510f..2c64b4f617 100644 > --- a/tcg/tci/tcg-target.c.inc > +++ b/tcg/tci/tcg-target.c.inc > @@ -405,16 +405,9 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc, const TCGArg *args, > break; > > case INDEX_op_goto_tb: > - if (s->tb_jmp_insn_offset) { > - /* Direct jump method. */ > - /* Align for atomic patching and thread safety */ > - s->code_ptr = QEMU_ALIGN_PTR_UP(s->code_ptr, 4); > - s->tb_jmp_insn_offset[args[0]] = tcg_current_code_size(s); > - tcg_out32(s, 0); > - } else { > - /* Indirect jump method. */ > - TODO(); > - } > + tcg_debug_assert(s->tb_jmp_insn_offset == 0); > + /* indirect jump method. */ > + tcg_out_i(s, (uintptr_t)(s->tb_jmp_target_addr + args[0])); > set_jmp_reset_offset(s, args[0]); > break; > Lovely KISS! Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
diff --git a/tcg/tci/tcg-target.h b/tcg/tci/tcg-target.h index 9c0021a26f..9285c930a2 100644 --- a/tcg/tci/tcg-target.h +++ b/tcg/tci/tcg-target.h @@ -87,7 +87,7 @@ #define TCG_TARGET_HAS_muluh_i32 0 #define TCG_TARGET_HAS_mulsh_i32 0 #define TCG_TARGET_HAS_goto_ptr 0 -#define TCG_TARGET_HAS_direct_jump 1 +#define TCG_TARGET_HAS_direct_jump 0 #define TCG_TARGET_HAS_qemu_st8_i32 0 #if TCG_TARGET_REG_BITS == 64 @@ -174,12 +174,7 @@ void tci_disas(uint8_t opc); #define TCG_TARGET_HAS_MEMORY_BSWAP 1 -static inline void tb_target_set_jmp_target(uintptr_t tc_ptr, uintptr_t jmp_rx, - uintptr_t jmp_rw, uintptr_t addr) -{ - /* patch the branch destination */ - qatomic_set((int32_t *)jmp_rw, addr - (jmp_rx + 4)); - /* no need to flush icache explicitly */ -} +/* not defined -- call should be eliminated at compile time */ +void tb_target_set_jmp_target(uintptr_t, uintptr_t, uintptr_t, uintptr_t); #endif /* TCG_TARGET_H */ diff --git a/tcg/tci.c b/tcg/tci.c index 6fbbc48ecf..3fe0831b33 100644 --- a/tcg/tci.c +++ b/tcg/tci.c @@ -816,13 +816,11 @@ uintptr_t QEMU_DISABLE_CFI tcg_qemu_tb_exec(CPUArchState *env, return (uintptr_t)ptr; case INDEX_op_goto_tb: - /* Jump address is aligned */ - tb_ptr = QEMU_ALIGN_PTR_UP(tb_ptr, 4); - t0 = qatomic_read((int32_t *)tb_ptr); - tb_ptr += sizeof(int32_t); + tci_args_l(&tb_ptr, &ptr); tci_assert(tb_ptr == old_code_ptr + op_size); - tb_ptr += (int32_t)t0; + tb_ptr = *(void **)ptr; continue; + case INDEX_op_qemu_ld_i32: t0 = *tb_ptr++; taddr = tci_read_ulong(regs, &tb_ptr); diff --git a/tcg/tci/tcg-target.c.inc b/tcg/tci/tcg-target.c.inc index ff8040510f..2c64b4f617 100644 --- a/tcg/tci/tcg-target.c.inc +++ b/tcg/tci/tcg-target.c.inc @@ -405,16 +405,9 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc, const TCGArg *args, break; case INDEX_op_goto_tb: - if (s->tb_jmp_insn_offset) { - /* Direct jump method. */ - /* Align for atomic patching and thread safety */ - s->code_ptr = QEMU_ALIGN_PTR_UP(s->code_ptr, 4); - s->tb_jmp_insn_offset[args[0]] = tcg_current_code_size(s); - tcg_out32(s, 0); - } else { - /* Indirect jump method. */ - TODO(); - } + tcg_debug_assert(s->tb_jmp_insn_offset == 0); + /* indirect jump method. */ + tcg_out_i(s, (uintptr_t)(s->tb_jmp_target_addr + args[0])); set_jmp_reset_offset(s, args[0]); break;
Convert to indirect jumps, as it's less complicated. Then we just have a pointer to the tb address at which the chain is stored, from which we read. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> --- tcg/tci/tcg-target.h | 11 +++-------- tcg/tci.c | 8 +++----- tcg/tci/tcg-target.c.inc | 13 +++---------- 3 files changed, 9 insertions(+), 23 deletions(-) -- 2.25.1