[Qemu-devel] [RFC PATCH 0/3] Remove code buffer size limitation on aarch64 hosts

[Qemu-devel] [RFC PATCH 0/3] Remove code buffer size limitation on aarch64 hosts

[Pranith Kumar]

Hi,

The following patches apply on top of tcg-next of rth's branch. These
patches make use of LDR (literal) on aarch64 and enable us to remove
the 128MB code buffer size limitation.

Pranith Kumar (3):
  tcg/aarch64: Introduce and use jump to register
  tcg/aarch64: Introdue LDR (literal) generation for aarch64
  tcg/aarch64: Remove code buffer size limitation

 include/exec/exec-all.h      |  6 +-----
 tcg/aarch64/tcg-target.inc.c | 42 +++++++++++++++++++++---------------------
 translate-all.c              |  2 --
 3 files changed, 22 insertions(+), 28 deletions(-)

-- 
2.13.0

[Qemu-devel] [RFC PATCH 1/3] tcg/aarch64: Introduce and use jump to register

[Pranith Kumar]

Signed-off-by: Pranith Kumar <bobby.prani@gmail.com>
---
 tcg/aarch64/tcg-target.inc.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/tcg/aarch64/tcg-target.inc.c b/tcg/aarch64/tcg-target.inc.c
index 1fa3bccc89..ab0a8caa03 100644
--- a/tcg/aarch64/tcg-target.inc.c
+++ b/tcg/aarch64/tcg-target.inc.c
@@ -819,6 +819,12 @@ static inline void tcg_out_goto(TCGContext *s, tcg_insn_unit *target)
     tcg_out_insn(s, 3206, B, offset);
 }
 
+static inline void tcg_out_goto_register(TCGContext *s, intptr_t target)
+{
+    tcg_out_movi(s, TCG_TYPE_I64, TCG_REG_TMP, target);
+    tcg_out_insn(s, 3207, BR, TCG_REG_TMP);
+}
+
 static inline void tcg_out_goto_noaddr(TCGContext *s)
 {
     /* We pay attention here to not modify the branch target by reading from
@@ -1364,10 +1370,10 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
     case INDEX_op_exit_tb:
         /* Reuse the zeroing that exists for goto_ptr.  */
         if (a0 == 0) {
-            tcg_out_goto(s, s->code_gen_epilogue);
+            tcg_out_goto_register(s, (intptr_t)(s->code_gen_epilogue));
         } else {
             tcg_out_movi(s, TCG_TYPE_I64, TCG_REG_X0, a0);
-            tcg_out_goto(s, tb_ret_addr);
+            tcg_out_goto_register(s, (intptr_t)(tb_ret_addr));
         }
         break;
 
-- 
2.13.0

[Qemu-devel] [RFC PATCH 2/3] tcg/aarch64: Introdue LDR (literal) for aarch64

[Pranith Kumar]

Signed-off-by: Pranith Kumar <bobby.prani@gmail.com>
---
 tcg/aarch64/tcg-target.inc.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/tcg/aarch64/tcg-target.inc.c b/tcg/aarch64/tcg-target.inc.c
index ab0a8caa03..e488aacadb 100644
--- a/tcg/aarch64/tcg-target.inc.c
+++ b/tcg/aarch64/tcg-target.inc.c
@@ -269,6 +269,8 @@ typedef enum {
     I3207_BLR       = 0xd63f0000,
     I3207_RET       = 0xd65f0000,
 
+    /* Load literal for loading the address at pc-relative offset */
+    I3305_LDR       = 0x58000000,
     /* Load/store register.  Described here as 3.3.12, but the helper
        that emits them can transform to 3.3.10 or 3.3.13.  */
     I3312_STRB      = 0x38000000 | LDST_ST << 22 | MO_8 << 30,
@@ -388,6 +390,11 @@ static inline uint32_t tcg_in32(TCGContext *s)
 #define tcg_out_insn(S, FMT, OP, ...) \
     glue(tcg_out_insn_,FMT)(S, glue(glue(glue(I,FMT),_),OP), ## __VA_ARGS__)
 
+static void tcg_out_insn_3305(TCGContext *s, AArch64Insn insn, int imm19, TCGReg rt)
+{
+    tcg_out32(s, insn | (imm19 & 0x7ffff) << 5 | rt);
+}
+
 static void tcg_out_insn_3201(TCGContext *s, AArch64Insn insn, TCGType ext,
                               TCGReg rt, int imm19)
 {
-- 
2.13.0

[Qemu-devel] [RFC PATCH 3/3] tcg/aarch64: Remove code buffer size limitation

[Pranith Kumar]

This enables indirect jump on aarch64 hosts. Tested by booting an x86 guest on aarch64 host.

Signed-off-by: Pranith Kumar <bobby.prani@gmail.com>
---
 include/exec/exec-all.h      |  6 +-----
 tcg/aarch64/tcg-target.inc.c | 25 ++++++-------------------
 translate-all.c              |  2 --
 3 files changed, 7 insertions(+), 26 deletions(-)

diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 724ec73dce..a6bd3c7d1e 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -301,9 +301,8 @@ static inline void tlb_flush_by_mmuidx_all_cpus_synced(CPUState *cpu,
 #define CODE_GEN_AVG_BLOCK_SIZE 150
 #endif
 
-#if defined(_ARCH_PPC) \
+#if defined(_ARCH_PPC) || defined(__sparc__)    \
     || defined(__x86_64__) || defined(__i386__) \
-    || defined(__sparc__) || defined(__aarch64__) \
     || defined(__s390x__) || defined(__mips__) \
     || defined(CONFIG_TCG_INTERPRETER)
 /* NOTE: Direct jump patching must be atomic to be thread-safe. */
@@ -398,9 +397,6 @@ static inline void tb_set_jmp_target1(uintptr_t jmp_addr, uintptr_t addr)
     atomic_set((int32_t *)jmp_addr, disp / 2);
     /* no need to flush icache explicitly */
 }
-#elif defined(__aarch64__)
-void aarch64_tb_set_jmp_target(uintptr_t jmp_addr, uintptr_t addr);
-#define tb_set_jmp_target1 aarch64_tb_set_jmp_target
 #elif defined(__sparc__) || defined(__mips__)
 void tb_set_jmp_target1(uintptr_t jmp_addr, uintptr_t addr);
 #else
diff --git a/tcg/aarch64/tcg-target.inc.c b/tcg/aarch64/tcg-target.inc.c
index e488aacadb..cc81a0d5ff 100644
--- a/tcg/aarch64/tcg-target.inc.c
+++ b/tcg/aarch64/tcg-target.inc.c
@@ -865,15 +865,6 @@ static inline void tcg_out_call(TCGContext *s, tcg_insn_unit *target)
     }
 }
 
-void aarch64_tb_set_jmp_target(uintptr_t jmp_addr, uintptr_t addr)
-{
-    tcg_insn_unit *code_ptr = (tcg_insn_unit *)jmp_addr;
-    tcg_insn_unit *target = (tcg_insn_unit *)addr;
-
-    reloc_pc26_atomic(code_ptr, target);
-    flush_icache_range(jmp_addr, jmp_addr + 4);
-}
-
 static inline void tcg_out_goto_label(TCGContext *s, TCGLabel *l)
 {
     if (!l->has_value) {
@@ -1385,16 +1376,12 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
         break;
 
     case INDEX_op_goto_tb:
-#ifndef USE_DIRECT_JUMP
-#error "USE_DIRECT_JUMP required for aarch64"
-#endif
-        /* consistency for USE_DIRECT_JUMP */
-        tcg_debug_assert(s->tb_jmp_insn_offset != NULL);
-        s->tb_jmp_insn_offset[a0] = tcg_current_code_size(s);
-        /* actual branch destination will be patched by
-           aarch64_tb_set_jmp_target later, beware retranslation. */
-        tcg_out_goto_noaddr(s);
-        s->tb_jmp_reset_offset[a0] = tcg_current_code_size(s);
+        {
+            intptr_t offset = tcg_pcrel_diff(s, (s->tb_jmp_target_addr + a0)) >> 2;
+            tcg_out_insn(s, 3305, LDR, offset, TCG_REG_TMP);
+            tcg_out_callr(s, TCG_REG_TMP);
+            s->tb_jmp_reset_offset[a0] = tcg_current_code_size(s);
+        }
         break;
 
     case INDEX_op_goto_ptr:
diff --git a/translate-all.c b/translate-all.c
index 966747ad60..e4cd849931 100644
--- a/translate-all.c
+++ b/translate-all.c
@@ -521,8 +521,6 @@ static inline PageDesc *page_find(tb_page_addr_t index)
 # define MAX_CODE_GEN_BUFFER_SIZE  (2ul * 1024 * 1024 * 1024)
 #elif defined(__powerpc__)
 # define MAX_CODE_GEN_BUFFER_SIZE  (32u * 1024 * 1024)
-#elif defined(__aarch64__)
-# define MAX_CODE_GEN_BUFFER_SIZE  (128ul * 1024 * 1024)
 #elif defined(__s390x__)
   /* We have a +- 4GB range on the branches; leave some slop.  */
 # define MAX_CODE_GEN_BUFFER_SIZE  (3ul * 1024 * 1024 * 1024)
-- 
2.13.0

Re: [Qemu-devel] [RFC PATCH 1/3] tcg/aarch64: Introduce and use jump to register

[Richard Henderson]

On 06/07/2017 03:52 PM, Pranith Kumar wrote:
> Signed-off-by: Pranith Kumar <bobby.prani@gmail.com>
> ---
>   tcg/aarch64/tcg-target.inc.c | 10 ++++++++--
>   1 file changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/tcg/aarch64/tcg-target.inc.c b/tcg/aarch64/tcg-target.inc.c
> index 1fa3bccc89..ab0a8caa03 100644
> --- a/tcg/aarch64/tcg-target.inc.c
> +++ b/tcg/aarch64/tcg-target.inc.c
> @@ -819,6 +819,12 @@ static inline void tcg_out_goto(TCGContext *s, tcg_insn_unit *target)
>       tcg_out_insn(s, 3206, B, offset);
>   }
>   
> +static inline void tcg_out_goto_register(TCGContext *s, intptr_t target)
> +{
> +    tcg_out_movi(s, TCG_TYPE_I64, TCG_REG_TMP, target);
> +    tcg_out_insn(s, 3207, BR, TCG_REG_TMP);
> +}
> +
>   static inline void tcg_out_goto_noaddr(TCGContext *s)
>   {
>       /* We pay attention here to not modify the branch target by reading from
> @@ -1364,10 +1370,10 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
>       case INDEX_op_exit_tb:
>           /* Reuse the zeroing that exists for goto_ptr.  */
>           if (a0 == 0) {
> -            tcg_out_goto(s, s->code_gen_epilogue);
> +            tcg_out_goto_register(s, (intptr_t)(s->code_gen_epilogue));

This pessimises the first 128MB of the buffer by not using a direct branch when 
it fits.  I think you should call the new function tcg_out_goto_long, and 
structure the function like tcg_out_call.


r~

Re: [Qemu-devel] [RFC PATCH 3/3] tcg/aarch64: Remove code buffer size limitation

[Richard Henderson]

On 06/07/2017 03:52 PM, Pranith Kumar wrote:
> This enables indirect jump on aarch64 hosts. Tested by booting an x86 guest on aarch64 host.

This patch is doing too many things.

One patch should be the switch to indirect chaining (which should also squash 
in the 2/3 patch, otherwise tcg_out_insn_3305 is unused and therefore provokes 
a Werror).

Second, you should consider merely softening the code buffer size limitation to 
2GB.  At that point, we still use just ADRP+ADD to form the return address for 
exit_tb.

Third, if you want to go beyond 2GB to no limit at all, then we need to 
consider reserving a register to contain the return address back to the epilogue.


r~