From patchwork Tue May  8 19:36:45 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Richard Henderson <richard.henderson@linaro.org>
X-Patchwork-Id: 135189
Delivered-To: patch@linaro.org
Received: by 10.46.151.6 with SMTP id r6csp4784388lji;
 Tue, 8 May 2018 12:37:14 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZqmcw9MdkiYTwreNL2zINu+CW7oxK1qbBHR2Ijd4AoRTxRUem7V9n3I4M8svDIYk9cqf9ri
X-Received: by 2002:ac8:1ac5:: with SMTP id
 h5-v6mr38154768qtk.379.1525808234525; 
 Tue, 08 May 2018 12:37:14 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1525808234; cv=none;
 d=google.com; s=arc-20160816;
 b=w3VarOM1oYjuy8Ut+R7rj8EXH29oVh/pkWx7lUA1L7Ca8EwsXXKeeOIugEhdRRTVWw
 9moimuyz8RRuKiE6N20B8pQbwcwW7gX3pzfktRzCZZysxsUx4pZfGc7DALBRqC+NNKlQ
 /QEeueUtaev4JlYH3valJt2f4WkloftHq2IdsuudVTyOQlrCVcfvgRVmz1Rc9Yjt3RMF
 92lTCON51X7m8yc/NO1Vm+2BzqPIz9TeWySnwQB5tjw1KWiGDz1NFzPXb1KRgfEtnOdM
 WC7fmvtOBTZwh3tD1mEsENhTIw+JkGV6Zd1nOIDwkdVm6/Y/zAIkyi5aRP9mY+1u4rhd
 lyIw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:subject:message-id:date:to:from
 :dkim-signature:arc-authentication-results;
 bh=7VzYU3YyNu/Qt2FsALkjBcetQS2W7GQjeZtm4JHHom4=;
 b=OnQzWmBIamD3cjcR0oxfz52lS51lwbXCQtJaQ4tXZz+G2yU74st2od27oB7QI1DVf2
 ios6at+TDiXNqbbuUhuSrvcFppw2S8ItpmJmk/LKuaFvktpfNx8HTynH3IBCV5PkFYNP
 LHgs8tkOXb4dTEjTTrdnkxN/wG5oPhORzSFixVwMd9ot9HW4smQX0IQaG2zFBKYEEdY/
 49UWaSmTy+oL04DAWQtgN7laBInez0C+RMf4muXkIxvmr3QINCO4X2Q6MDeoFwROm81r
 Ml2PyXz2u16AlyU4PfXl08Z++IkhlDfF3LuJdbVuKRhhX950oeiJaHXhfhfeF7uoGkHe
 1/pQ==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=PY4abiw5;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 2001:4830:134:3::11 as permitted sender)
 smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11])
 by mx.google.com with ESMTPS id
 p4-v6si12768534qve.179.2018.05.08.12.37.14 for <patch@linaro.org>
 (version=TLS1 cipher=AES128-SHA bits=128/128);
 Tue, 08 May 2018 12:37:14 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 2001:4830:134:3::11 as permitted sender)
 client-ip=2001:4830:134:3::11; 
Authentication-Results: mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=PY4abiw5;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 2001:4830:134:3::11 as permitted sender)
 smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([::1]:53035 helo=lists.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <qemu-devel-bounces+patch=linaro.org@nongnu.org>)
 id 1fG8QE-0005UE-2x
 for patch@linaro.org; Tue, 08 May 2018 15:37:14 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:42477)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <richard.henderson@linaro.org>) id 1fG8Ps-0005U1-3q
 for qemu-devel@nongnu.org; Tue, 08 May 2018 15:36:53 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <richard.henderson@linaro.org>) id 1fG8Pp-0001Sv-5t
 for qemu-devel@nongnu.org; Tue, 08 May 2018 15:36:52 -0400
Received: from mail-pg0-x241.google.com ([2607:f8b0:400e:c05::241]:35461)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <richard.henderson@linaro.org>)
 id 1fG8Po-0001SK-Vx
 for qemu-devel@nongnu.org; Tue, 08 May 2018 15:36:49 -0400
Received: by mail-pg0-x241.google.com with SMTP id j11-v6so21597727pgf.2
 for <qemu-devel@nongnu.org>; Tue, 08 May 2018 12:36:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id;
 bh=7VzYU3YyNu/Qt2FsALkjBcetQS2W7GQjeZtm4JHHom4=;
 b=PY4abiw51E0doIv+saOfaamBiw9PIck5QCM9pwJ+bki4mEDo6b44yrFCWnMynXcFfU
 KI/ac0/rCPoX+8rUazggWBLiuYIzhGK+N4TniuqKa2ju08QZ8GE6bqEwsZBclBLdH2De
 ePf8NazHuNTerL5Mh45MlXYQd5dCVTul6Inoc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id;
 bh=7VzYU3YyNu/Qt2FsALkjBcetQS2W7GQjeZtm4JHHom4=;
 b=ABEcH8E2dqLUgM+hAb0N5KojtkBWPwVK2SpO0i0sgI4NLYnlnDOFY1P521dJJUj5pD
 e5RG8KE3lIvRMiuZYSBFBS6I4XiPW8vwYKSwO26dmEOK59ROoGKcXRS/DGAc/Hd3RHs8
 3uz4TBTm/opB1l1XcUdRbdcG5iu1BL7MaCv6+jywVMdxMlsLp9qkstttP2zS7eronFDx
 vznlS0KS0rq+ZVBR7+TVbCiuLOmrJByL1s5k1E2+lULmtD+McJH1dypjdeMPIg37ZG81
 f+Ghr3nlovx5mfPaWN8wcE2FgVIhXaMAet+kVEsnNYD7c1L+kHdcvY6f1be/3xWhqfV6
 xZ9Q==
X-Gm-Message-State: ALQs6tB/jrKEUjsI1wZlnOo31yCxTRDHTu2T8kYb1s5cTV6p7Kmklcc5
 E+CQl1+r06a3fMh64ll1QHE2Ogm9fDw=
X-Received: by 2002:a65:530a:: with SMTP id
 m10-v6mr15636348pgq.429.1525808207583; 
 Tue, 08 May 2018 12:36:47 -0700 (PDT)
Received: from cloudburst.twiddle.net (97-113-2-170.tukw.qwest.net.
 [97.113.2.170]) by smtp.gmail.com with ESMTPSA id
 n18sm70682131pfg.36.2018.05.08.12.36.46
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 08 May 2018 12:36:46 -0700 (PDT)
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Date: Tue,  8 May 2018 12:36:45 -0700
Message-Id: <20180508193645.3960-1-richard.henderson@linaro.org>
X-Mailer: git-send-email 2.17.0
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2607:f8b0:400e:c05::241
Subject: [Qemu-devel] [PATCH] tcg: Limit the number of ops in a TB
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: peter.maydell@linaro.org, laurent@vivier.eu, qemu-stable@nongnu.org
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>

In 6001f7729e12 we partially attempt to address the branch
displacement overflow caused by 15fa08f845.

However, gcc/testsuite/gcc.target/aarch64/advsimd-intrinsics/vqtbX.c
is a testcase that contains a TB so large as to overflow anyway.
The limit here of 8000 ops produces a maximum output TB size of
24112 bytes on a ppc64le host with that test case.  This is still
much less than the maximum forward branch distance of 32764 bytes.

Cc: qemu-stable@nongnu.org
Fixes: 15fa08f845 ("tcg: Dynamically allocate TCGOps")
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/tcg.h | 8 +++++++-
 tcg/tcg.c | 3 +++
 2 files changed, 10 insertions(+), 1 deletion(-)

-- 
2.17.0
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

diff --git a/tcg/tcg.h b/tcg/tcg.h
index 75fbad128b..88378be310 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -655,6 +655,7 @@ struct TCGContext {
     int nb_globals;
     int nb_temps;
     int nb_indirects;
+    int nb_ops;
 
     /* goto_tb support */
     tcg_insn_unit *code_buf;
@@ -844,7 +845,12 @@ static inline TCGOp *tcg_last_op(void)
 /* Test for whether to terminate the TB for using too many opcodes.  */
 static inline bool tcg_op_buf_full(void)
 {
-    return false;
+    /* This is not a hard limit, it merely stops translation when
+     * we have produced "enough" opcodes.  We want to limit TB size
+     * such that a RISC host can reasonably use a 16-bit signed
+     * branch within the TB.
+     */
+    return tcg_ctx->nb_ops >= 8000;
 }
 
 /* pool based memory allocation */
diff --git a/tcg/tcg.c b/tcg/tcg.c
index 551caf1c53..6eeebe0624 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -866,6 +866,7 @@ void tcg_func_start(TCGContext *s)
     /* No temps have been previously allocated for size or locality.  */
     memset(s->free_temps, 0, sizeof(s->free_temps));
 
+    s->nb_ops = 0;
     s->nb_labels = 0;
     s->current_frame_offset = s->frame_start;
 
@@ -1956,6 +1957,7 @@ void tcg_op_remove(TCGContext *s, TCGOp *op)
 {
     QTAILQ_REMOVE(&s->ops, op, link);
     QTAILQ_INSERT_TAIL(&s->free_ops, op, link);
+    s->nb_ops--;
 
 #ifdef CONFIG_PROFILER
     atomic_set(&s->prof.del_op_count, s->prof.del_op_count + 1);
@@ -1975,6 +1977,7 @@ static TCGOp *tcg_op_alloc(TCGOpcode opc)
     }
     memset(op, 0, offsetof(TCGOp, link));
     op->opc = opc;
+    s->nb_ops++;
 
     return op;
 }