Re: [PATCH v5 13/57] tcg/tci: Reuse tci_args_l for goto_tb

["Philippe Mathieu-Daudé" <f4bug@amsat.org>]

On 3/11/21 3:39 PM, Richard Henderson wrote:
> Convert to indirect jumps, as it's less complicated.
> Then we just have a pointer to the tb address at which
> the chain is stored, from which we read.
> 
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>  tcg/tci/tcg-target.h     | 11 +++--------
>  tcg/tci.c                |  8 +++-----
>  tcg/tci/tcg-target.c.inc | 13 +++----------
>  3 files changed, 9 insertions(+), 23 deletions(-)
> 
> diff --git a/tcg/tci/tcg-target.h b/tcg/tci/tcg-target.h
> index 9c0021a26f..9285c930a2 100644
> --- a/tcg/tci/tcg-target.h
> +++ b/tcg/tci/tcg-target.h
> @@ -87,7 +87,7 @@
>  #define TCG_TARGET_HAS_muluh_i32        0
>  #define TCG_TARGET_HAS_mulsh_i32        0
>  #define TCG_TARGET_HAS_goto_ptr         0
> -#define TCG_TARGET_HAS_direct_jump      1
> +#define TCG_TARGET_HAS_direct_jump      0
>  #define TCG_TARGET_HAS_qemu_st8_i32     0
>  
>  #if TCG_TARGET_REG_BITS == 64
> @@ -174,12 +174,7 @@ void tci_disas(uint8_t opc);
>  
>  #define TCG_TARGET_HAS_MEMORY_BSWAP     1
>  
> -static inline void tb_target_set_jmp_target(uintptr_t tc_ptr, uintptr_t jmp_rx,
> -                                            uintptr_t jmp_rw, uintptr_t addr)
> -{
> -    /* patch the branch destination */
> -    qatomic_set((int32_t *)jmp_rw, addr - (jmp_rx + 4));
> -    /* no need to flush icache explicitly */
> -}
> +/* not defined -- call should be eliminated at compile time */
> +void tb_target_set_jmp_target(uintptr_t, uintptr_t, uintptr_t, uintptr_t);
>  
>  #endif /* TCG_TARGET_H */
> diff --git a/tcg/tci.c b/tcg/tci.c
> index 6fbbc48ecf..3fe0831b33 100644
> --- a/tcg/tci.c
> +++ b/tcg/tci.c
> @@ -816,13 +816,11 @@ uintptr_t QEMU_DISABLE_CFI tcg_qemu_tb_exec(CPUArchState *env,
>              return (uintptr_t)ptr;
>  
>          case INDEX_op_goto_tb:
> -            /* Jump address is aligned */
> -            tb_ptr = QEMU_ALIGN_PTR_UP(tb_ptr, 4);
> -            t0 = qatomic_read((int32_t *)tb_ptr);
> -            tb_ptr += sizeof(int32_t);
> +            tci_args_l(&tb_ptr, &ptr);
>              tci_assert(tb_ptr == old_code_ptr + op_size);
> -            tb_ptr += (int32_t)t0;
> +            tb_ptr = *(void **)ptr;
>              continue;
> +
>          case INDEX_op_qemu_ld_i32:
>              t0 = *tb_ptr++;
>              taddr = tci_read_ulong(regs, &tb_ptr);
> diff --git a/tcg/tci/tcg-target.c.inc b/tcg/tci/tcg-target.c.inc
> index ff8040510f..2c64b4f617 100644
> --- a/tcg/tci/tcg-target.c.inc
> +++ b/tcg/tci/tcg-target.c.inc
> @@ -405,16 +405,9 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc, const TCGArg *args,
>          break;
>  
>      case INDEX_op_goto_tb:
> -        if (s->tb_jmp_insn_offset) {
> -            /* Direct jump method. */
> -            /* Align for atomic patching and thread safety */
> -            s->code_ptr = QEMU_ALIGN_PTR_UP(s->code_ptr, 4);
> -            s->tb_jmp_insn_offset[args[0]] = tcg_current_code_size(s);
> -            tcg_out32(s, 0);
> -        } else {
> -            /* Indirect jump method. */
> -            TODO();
> -        }
> +        tcg_debug_assert(s->tb_jmp_insn_offset == 0);
> +        /* indirect jump method. */
> +        tcg_out_i(s, (uintptr_t)(s->tb_jmp_target_addr + args[0]));
>          set_jmp_reset_offset(s, args[0]);
>          break;
> 

Lovely KISS!

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>