/*
* i386 emulator main execution loop
*
* Copyright (c) 2003-2005 Fabrice Bellard
*
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
*/
/*
* Oracle LGPL Disclaimer: For the avoidance of doubt, except that if any license choice
* other than GPL or LGPL is available it will apply instead, Oracle elects to use only
* the Lesser General Public License version 2.1 (LGPLv2) at this time for any software where
* a choice of LGPL license versions is made available with the language indicating
* that LGPLv2 or any later version may be used, or where a choice of which version
* of the LGPL is applied is otherwise unspecified.
*/
#include "config.h"
#include "exec.h"
#include "disas.h"
#include "tcg.h"
#include "kvm.h"
#include "qemu-barrier.h"
#if !defined(CONFIG_SOFTMMU)
#include <signal.h>
#ifdef __linux__
#include <sys/ucontext.h>
#endif
#endif
#if defined(__sparc__) && !defined(CONFIG_SOLARIS)
// Work around ugly bugs in glibc that mangle global register contents
#endif
int tb_invalidated_flag;
//#define CONFIG_DEBUG_EXEC
//#define DEBUG_SIGNAL
{
return cpu_has_work(env);
}
void cpu_loop_exit(void)
{
}
/* exit the current TB from a signal handler. The host registers are
restored in a state compatible with the CPU emulator
*/
{
#if !defined(CONFIG_SOFTMMU)
#ifdef __linux__
#elif defined(__OpenBSD__)
#endif
#endif
/* XXX: restore cpu registers saved in host registers */
#if !defined(CONFIG_SOFTMMU)
if (puc) {
/* XXX: use siglongjmp ? */
#ifdef __linux__
#ifdef __ia64
#else
#endif
#elif defined(__OpenBSD__)
#endif
}
#endif
}
/* Execute the code without caching the generated code. An interpreter
could be used if available. */
{
/* Should never happen.
We only end up here when an existing TB is too long. */
if (max_cycles > CF_COUNT_MASK)
/* execute the generated code */
#if defined(VBOX) && defined(GCC_WITH_BUGGY_REGPARM)
#else
#endif
/* Restore PC. This may happen if async event occurs before
the TB starts executing. */
}
}
{
unsigned int h;
tb_invalidated_flag = 0;
/* find translated block using physical mappings */
phys_page2 = -1;
h = tb_phys_hash_func(phys_pc);
ptb1 = &tb_phys_hash[h];
for(;;) {
if (!tb)
goto not_found;
/* check next page if needed */
goto found;
} else {
goto found;
}
}
}
/* if no translated code available, then translate it now */
/* we add the TB in the virtual pc hash table */
return tb;
}
{
int flags;
/* we record a subset of the CPU state. It will
always be the same before a given translated block
is executed. */
}
return tb;
}
{
return old_handler;
}
{
if (!env->watchpoint_hit)
if (debug_excp_handler)
}
/* main execution loop */
{
# ifndef VBOX
return EXCP_HALTED;
# endif /* !VBOX */
/* the access to env below is actually saving the global register's
value, so that files not including target-xyz/exec.h are free to
use it. */
barrier();
if (unlikely(exit_request)) {
}
#if defined(TARGET_I386)
if (!kvm_enabled()) {
/* put eflags in CPU temporary format */
}
#elif defined(TARGET_SPARC)
#elif defined(TARGET_M68K)
#elif defined(TARGET_ALPHA)
#elif defined(TARGET_ARM)
#elif defined(TARGET_PPC)
#elif defined(TARGET_MICROBLAZE)
#elif defined(TARGET_MIPS)
#elif defined(TARGET_SH4)
#elif defined(TARGET_CRIS)
#elif defined(TARGET_S390X)
/* XXXXX */
#else
#endif
#ifndef VBOX /* VBOX: We need to raise traps and suchlike from the outside. */
#endif /* !VBOX */
/* prepare setjmp context for exception handling */
for(;;) {
#if defined(__sparc__) && !defined(CONFIG_SOLARIS)
#endif
#ifdef VBOX
/*
* Check for fatal errors first
*/
}
#endif
/* if an exception is pending, we execute it here */
if (env->exception_index >= 0) {
/* exit request from the cpu execution loop */
#ifdef VBOX /* because of the above stuff */
#endif
if (ret == EXCP_DEBUG)
break;
} else {
#if defined(CONFIG_USER_ONLY)
/* if user mode only, we simulate a fake exception
which will be handled outside the cpu execution
loop */
#if defined(TARGET_I386)
/* successfully delivered */
#endif
break;
#else
#if defined(TARGET_I386)
/* simulate a real cpu exception. On i386, it can
trigger new exceptions, but we do not handle
double or triple faults yet. */
# ifdef VBOX
# endif /* VBOX */
# ifdef IEM_VERIFICATION_MODE /* Ugly hack*/
# else
env->exception_next_eip, 0);
# endif
/* successfully delivered */
# ifdef VBOX
# endif /* VBOX */
#elif defined(TARGET_PPC)
#elif defined(TARGET_MICROBLAZE)
#elif defined(TARGET_MIPS)
#elif defined(TARGET_SPARC)
#elif defined(TARGET_ARM)
#elif defined(TARGET_SH4)
#elif defined(TARGET_ALPHA)
#elif defined(TARGET_CRIS)
#elif defined(TARGET_M68K)
do_interrupt(0);
#endif
#endif
}
}
# ifndef VBOX
if (kvm_enabled()) {
}
# endif /* !VBOX */
next_tb = 0; /* force lookup of first TB */
for(;;) {
if (unlikely(interrupt_request)) {
/* Mask out external interrupts for this step. */
}
if (interrupt_request & CPU_INTERRUPT_DEBUG) {
}
defined(TARGET_MICROBLAZE)
if (interrupt_request & CPU_INTERRUPT_HALT) {
}
#endif
#if defined(TARGET_I386)
# ifdef VBOX
/* Memory registration may post a tlb flush request, process it ASAP. */
}
/* Single instruction exec request, we execute it and return (one way or the other).
The caller will always reschedule after doing this operation! */
{
/* not in flight are we? (if we are, we trapped) */
{
/* When we receive an external interrupt during execution of this single
instruction, then we should stay here. We will leave when we're ready
for raw-mode or when interrupted by pending EMT requests. */
if ( !(interrupt_request & CPU_INTERRUPT_HARD)
)
{
}
}
/* Clear CPU_INTERRUPT_SINGLE_INSTR and leave CPU_INTERRUPT_SINGLE_INSTR_IN_FLIGHT set. */
# ifdef IEM_VERIFICATION_MODE
# endif
}
# endif /* VBOX */
# ifndef VBOX /** @todo reconcile our code with the following... */
if (interrupt_request & CPU_INTERRUPT_INIT) {
} else if (interrupt_request & CPU_INTERRUPT_SIPI) {
if ((interrupt_request & CPU_INTERRUPT_SMI) &&
do_smm_enter();
next_tb = 0;
} else if ((interrupt_request & CPU_INTERRUPT_NMI) &&
next_tb = 0;
} else if (interrupt_request & CPU_INTERRUPT_MCE) {
do_interrupt(EXCP12_MCHK, 0, 0, 0, 0);
next_tb = 0;
} else if ((interrupt_request & CPU_INTERRUPT_HARD) &&
int intno;
#if defined(__sparc__) && !defined(CONFIG_SOLARIS)
#endif
/* ensure that no TB jump will be modified as
the program flow was changed */
next_tb = 0;
#if !defined(CONFIG_USER_ONLY)
} else if ((interrupt_request & CPU_INTERRUPT_VIRQ) &&
int intno;
/* FIXME: this should respect TPR */
next_tb = 0;
#endif
}
}
# else /* VBOX */
if ((interrupt_request & CPU_INTERRUPT_SMI) &&
do_smm_enter();
next_tb = 0;
}
else if ((interrupt_request & CPU_INTERRUPT_HARD) &&
{
/* if hardware interrupt pending, we execute it */
int intno;
if (intno >= 0)
{
}
/* ensure that no TB jump will be modified as
the program flow was changed */
next_tb = 0;
}
# endif /* VBOX */
#elif defined(TARGET_PPC)
#if 0
if ((interrupt_request & CPU_INTERRUPT_RESET)) {
}
#endif
if (interrupt_request & CPU_INTERRUPT_HARD) {
if (env->pending_interrupts == 0)
next_tb = 0;
}
#elif defined(TARGET_MICROBLAZE)
if ((interrupt_request & CPU_INTERRUPT_HARD)
next_tb = 0;
}
#elif defined(TARGET_MIPS)
if ((interrupt_request & CPU_INTERRUPT_HARD) &&
/* Raise it */
env->error_code = 0;
next_tb = 0;
}
#elif defined(TARGET_SPARC)
if (interrupt_request & CPU_INTERRUPT_HARD) {
if (cpu_interrupts_enabled(env) &&
env->interrupt_index > 0) {
next_tb = 0;
}
}
} else if (interrupt_request & CPU_INTERRUPT_TIMER) {
//do_interrupt(0, 0, 0, 0, 0);
}
#elif defined(TARGET_ARM)
next_tb = 0;
}
/* ARMv7-M interrupt return works by loading a magic value
into the PC. On real hardware the load causes the
return to occur. The qemu implementation performs the
jump normally, then does the exception return when the
CPU tries to execute code at the magic address.
This will cause the magic PC value to be pushed to
the stack if an interrupt occured at the wrong time.
We avoid this by disabling interrupts when
pc contains a magic address. */
next_tb = 0;
}
#elif defined(TARGET_SH4)
if (interrupt_request & CPU_INTERRUPT_HARD) {
next_tb = 0;
}
#elif defined(TARGET_ALPHA)
if (interrupt_request & CPU_INTERRUPT_HARD) {
next_tb = 0;
}
#elif defined(TARGET_CRIS)
&& !env->locked_irq) {
next_tb = 0;
}
next_tb = 0;
}
#elif defined(TARGET_M68K)
< env->pending_level) {
/* Real hardware gets the interrupt vector via an
IACK cycle at this point. Current emulated
hardware doesn't rely on this, so we
first signalled. */
do_interrupt(1);
next_tb = 0;
}
#endif
/* Don't use the cached interupt_request value,
do_interrupt may have updated the EXITTB flag. */
#ifndef VBOX
#else /* VBOX */
#endif /* VBOX */
/* ensure that no TB jump will be modified as
the program flow was changed */
next_tb = 0;
}
#ifdef VBOX
if (interrupt_request & CPU_INTERRUPT_RC) {
}
if (interrupt_request & (CPU_INTERRUPT_EXTERNAL_EXIT)) {
}
#endif
}
env->exit_request = 0;
}
#ifdef VBOX
/*
* Check if we the CPU state allows us to execute the code in raw-mode.
*/
if (remR3CanExecuteRaw(env,
&env->exception_index))
{
}
#endif /* VBOX */
#if defined(DEBUG_DISAS) || defined(CONFIG_DEBUG_EXEC)
if (qemu_loglevel_mask(CPU_LOG_TB_CPU)) {
/* restore flags in standard format */
#if defined(TARGET_I386)
#elif defined(TARGET_M68K)
log_cpu_state(env, 0);
#else
log_cpu_state(env, 0);
#endif
}
#endif /* DEBUG_DISAS || CONFIG_DEBUG_EXEC */
#ifdef VBOX
#endif /*VBOX*/
tb = tb_find_fast();
/* Note: we do it here to avoid a gcc bug on Mac OS X when
doing it in tb_find_slow */
if (tb_invalidated_flag) {
/* as some TB could have been invalidated because
of memory exceptions while generating the code, we
must recompute the hash index here */
next_tb = 0;
tb_invalidated_flag = 0;
}
#ifdef CONFIG_DEBUG_EXEC
#endif
/* see if we can patch the calling TB. When the TB
spans two pages, we cannot safely do a direct
jump. */
#ifndef VBOX
#else /* VBOX */
#endif /* VBOX */
}
#ifdef VBOX
#endif
/* cpu_interrupt might be called while translating the
TB, but before it is linked into a potentially
infinite loop and becomes env->current_tb. Avoid
starting execution if there is a pending interrupt. */
barrier();
/* execute the generated code */
#ifdef VBOX
#endif
#if defined(__sparc__) && !defined(CONFIG_SOLARIS)
#endif
Log5(("REM: tb=%p tc_ptr=%p %04x:%08RGv\n", tb, tc_ptr, env->segs[R_CS].selector, (RTGCPTR)env->eip));
#if defined(VBOX) && defined(GCC_WITH_BUGGY_REGPARM)
#else
#endif
if (next_tb)
#ifdef VBOX
#endif
/* Instruction counter expired. */
int insns_left;
/* Restore PC. */
/* Refill decrementer and continue execution. */
insns_left = 0xffff;
} else {
}
} else {
if (insns_left > 0) {
/* Execute remaining instructions. */
}
next_tb = 0;
}
}
}
/* reset soft MMU for next block (it can currently
only be set by a memory fault) */
} /* for(;;) */
}
#ifdef VBOX_HIGH_RES_TIMERS_HACK
/* NULL the current_tb here so cpu_interrupt() doesn't do anything
unnecessary (like crashing during emulate single instruction).
Note! Don't use env1->pVM here, the code wouldn't run with
if ( !(env->interrupt_request & ( CPU_INTERRUPT_DEBUG | CPU_INTERRUPT_EXTERNAL_EXIT | CPU_INTERRUPT_RC
}
#endif
} /* for(;;) */
#if defined(TARGET_I386)
/* restore flags in standard format */
#elif defined(TARGET_ARM)
#elif defined(TARGET_SPARC)
#elif defined(TARGET_PPC)
#elif defined(TARGET_M68K)
#elif defined(TARGET_MICROBLAZE)
#elif defined(TARGET_MIPS)
#elif defined(TARGET_SH4)
#elif defined(TARGET_ALPHA)
#elif defined(TARGET_CRIS)
#elif defined(TARGET_S390X)
/* XXXXX */
#else
#endif
/* restore global registers */
barrier();
env = (void *) saved_env_reg;
# ifndef VBOX /* we might be using elsewhere, we only have one. */
/* fail safe : never use cpu_single_env outside cpu_exec() */
# endif
return ret;
}
/* must only be called from the generated code as an exception can be
generated */
{
/* XXX: cannot enable it yet because it yields to MMU exception
where NIP != read address on PowerPC */
#if 0
#endif
}
#if defined(TARGET_I386) && defined(CONFIG_USER_ONLY)
{
env = s;
selector &= 0xffff;
} else {
}
}
{
env = s;
}
{
env = s;
}
#endif /* TARGET_I386 */
#if !defined(CONFIG_SOFTMMU)
#if defined(TARGET_I386)
#else
#endif
/* 'pc' is the host PC at which the exception was raised. 'address' is
the effective address of the memory exception. 'is_write' is 1 if a
write caused the exception and otherwise 0'. 'old_set' is the
signal set which should be restored */
void *puc)
{
int ret;
if (cpu_single_env)
#if defined(DEBUG_SIGNAL)
qemu_printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n",
#endif
/* XXX: locking issue */
return 1;
}
/* see if it is an MMU fault */
if (ret < 0)
return 0; /* not an MMU fault */
if (ret == 0)
return 1; /* the MMU fault was handled without causing real CPU fault */
/* now we have a real cpu fault */
if (tb) {
/* the PC is inside the translated code. It means that we have
a virtual CPU fault */
}
/* we restore the process signal mask as the sigreturn should
do it (XXX: use sigsetjmp) */
/* never comes here */
return 1;
}
#if defined(__i386__)
#if defined(__APPLE__)
# include <sys/ucontext.h>
#elif defined (__NetBSD__)
# include <ucontext.h>
# include <ucontext.h>
#elif defined(__OpenBSD__)
#else
#endif
void *puc)
{
#elif defined(__OpenBSD__)
#else
#endif
int trapno;
#ifndef REG_EIP
/* for glibc 2.1 */
#endif
trapno == 0xe ?
}
#elif defined(__x86_64__)
#ifdef __NetBSD__
#elif defined(__OpenBSD__)
#include <ucontext.h>
#else
#endif
void *puc)
{
#elif defined(__OpenBSD__)
#else
#endif
}
/***********************************************************************
* signal context platform-specific definitions
* From Wine
*/
#ifdef linux
/* All Registers access - only for local access */
/* Gpr Registers access */
/* Float Registers access */
# define FLOAT_sig(reg_num, context) (((double*)((char*)((context)->uc_mcontext.regs+48*4)))[reg_num])
/* Exception Registers access */
#endif /* linux */
#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
#include <ucontext.h>
/* Exception Registers access */
#endif /* __FreeBSD__|| __FreeBSD_kernel__ */
#ifdef __APPLE__
# include <sys/ucontext.h>
/* All Registers access - only for local access */
/* Gpr Registers access */
/* Float Registers access */
/* Exception Registers access */
#endif /* __APPLE__ */
void *puc)
{
#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
#else
#endif
int is_write;
is_write = 0;
#if 0
/* ppc 4xx case */
is_write = 1;
#else
is_write = 1;
#endif
}
void *puc)
{
int is_write = 0;
/* XXX: need kernel patch to get write flag faster */
switch (insn >> 26) {
case 0x0d: // stw
case 0x0e: // stb
case 0x0f: // stq_u
case 0x24: // stf
case 0x25: // stg
case 0x26: // sts
case 0x27: // stt
case 0x2c: // stl
case 0x2d: // stq
case 0x2e: // stl_c
case 0x2f: // stq_c
is_write = 1;
}
}
void *puc)
{
int is_write;
#if !defined(__arch64__) || defined(CONFIG_SOLARIS)
/* XXX: is there a standard glibc define ? */
#else
#ifdef __linux__
#elif defined(__OpenBSD__)
#endif
#endif
/* XXX: need kernel patch to get write flag faster */
is_write = 0;
case 0x05: // stb
case 0x15: // stba
case 0x06: // sth
case 0x16: // stha
case 0x04: // st
case 0x14: // sta
case 0x07: // std
case 0x17: // stda
case 0x0e: // stx
case 0x1e: // stxa
case 0x24: // stf
case 0x34: // stfa
case 0x27: // stdf
case 0x37: // stdfa
case 0x26: // stqf
case 0x36: // stqfa
case 0x25: // stfsr
case 0x3c: // casa
case 0x3e: // casxa
is_write = 1;
break;
}
}
}
void *puc)
{
int is_write;
#else
#endif
/* XXX: compute is_write */
is_write = 0;
}
void *puc)
{
int is_write;
/* XXX: compute is_write */
is_write = 0;
}
#ifndef __ISR_VALID
#endif
{
int is_write = 0;
switch (host_signum) {
case SIGILL:
case SIGFPE:
case SIGSEGV:
case SIGBUS:
case SIGTRAP:
/* ISR.W (write-access) is bit 33: */
break;
default:
break;
}
}
void *puc)
{
int is_write = 0;
/* ??? On linux, the non-rt signal handler has 4 (!) arguments instead
of the normal 2 arguments. The 3rd argument contains the "int_code"
from the hardware which does in fact contain the is_write value.
The rt signal handler, as far as I can tell, does not give this value
at all. Not that we could get to it from here even if it were. */
/* ??? This is not even close to complete, since it ignores all
of the read-modify-write instructions. */
switch (pinsn[0] >> 8) {
case 0x50: /* ST */
case 0x42: /* STC */
case 0x40: /* STH */
is_write = 1;
break;
case 0xc4: /* RIL format insns */
switch (pinsn[0] & 0xf) {
case 0xf: /* STRL */
case 0xb: /* STGRL */
case 0x7: /* STHRL */
is_write = 1;
}
break;
case 0xe3: /* RXY format insns */
case 0x50: /* STY */
case 0x24: /* STG */
case 0x72: /* STCY */
case 0x70: /* STHY */
case 0x8e: /* STPQ */
case 0x3f: /* STRVH */
case 0x3e: /* STRV */
case 0x2f: /* STRVG */
is_write = 1;
}
break;
}
}
void *puc)
{
int is_write;
/* XXX: compute is_write */
is_write = 0;
}
void *puc)
{
int is_write = 0;
/* XXX: need kernel patch to get write flag faster. */
switch (insn >> 26) {
case 0x1a: /* STW */
case 0x19: /* STH */
case 0x18: /* STB */
case 0x1b: /* STWM */
is_write = 1;
break;
case 0x09: /* CSTWX, FSTWX, FSTWS */
case 0x0b: /* CSTDX, FSTDX, FSTDS */
/* Distinguish from coprocessor load ... */
break;
case 0x03:
case 0xa: /* STWS */
case 0x9: /* STHS */
case 0x8: /* STBS */
case 0xe: /* STWAS */
case 0xc: /* STBYS */
is_write = 1;
}
break;
}
}
#else
#endif
#endif /* !defined(CONFIG_SOFTMMU) */