[Qemu-devel] [PATCH v2] configure: Improve help behavior

[Fam Zheng]

Old:
There are two paths to show help and exit 1, one is with "-h" or
"--help", one is with invalid options.

New:
Show help and exit 0 for --help.
On invalid option, don't show the long help and bury the early "ERROR:"
line, just give a message pointing to --help.

Signed-off-by: Fam Zheng 
---
 configure | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/configure b/configure
index 69b9f56..b1401c6 100755
--- a/configure
+++ b/configure
@@ -1087,7 +1087,10 @@ for opt do
   ;;
   --enable-quorum) quorum="yes"
   ;;
-  *) echo "ERROR: unknown option $opt"; show_help="yes"
+  *)
+  echo "ERROR: unknown option $opt"
+  echo "Try '$0 --help' for more information"
+  exit 1
   ;;
   esac
 done
@@ -1353,7 +1356,7 @@ Advanced options (experts only):
 
 NOTE: The object files are built at the place where configure is launched
 EOF
-exit 1
+exit 0
 fi
 
 # Now we have handled --enable-tcg-interpreter and know we're not just
-- 
1.9.2

Re: [Qemu-devel] [PATCH] timer: fix qemu_poll_ns early timeout on windows

[Stefan Weil]

Hi,

sorry, your patch was too late for QEMU 2.0. It remained unnoticed for
two reasons:

* Patches for some special version should show this in the subject line:
  [PATCH for 2.0] instead of [PATCH]

* CC'ing the maintainers helps a lot, as you see now :-)

More comments below.


Am 18.04.2014 04:11, schrieb Sangho Park:
> Hi, maintainers. 
> Could you check this patch?
> http://www.mail-archive.com/qemu-devel@nongnu.org/msg227161.html
> 
> Thanks
> 
> ps)
> We've checked the http://wiki.qemu.org/Contribute/SubmitAPatch. Yet, if we
> made any violation or mistake, let us know. We will appreciate your favor.
> 
> -Original Message-
> From: Stanislav Vorobiov [mailto:s.vorob...@samsung.com] 
> Sent: Thursday, April 17, 2014 6:08 PM
> To: qemu-devel@nongnu.org
> Cc: syeon.hw...@samsung.com; sangho1206.p...@samsung.com
> Subject: Re: [Qemu-devel] [PATCH] timer: fix qemu_poll_ns early timeout on
> windows
> 
> Hi, everyone
> 
> Any comments on this one ? This patch fixes pretty serious performance
> issues on windows, it would be great to have this in 2.0.0
> 
> On 04/15/2014 12:41 PM, Stanislav Vorobiov wrote:
>> From: Sangho Park 
>>
>> g_poll has a problem on windows when using timeouts < 10ms, in 
>> glib/gpoll.c:
>>
>> /* If not, and we have a significant timeout, poll again with
>>  * timeout then. Note that this will return indication for only
>>  * one event, or only for messages. We ignore timeouts less than
>>  * ten milliseconds as they are mostly pointless on Windows, the
>>  * MsgWaitForMultipleObjectsEx() call will timeout right away
>>  * anyway.
>>  */
>> if (retval == 0 && (timeout == INFINITE || timeout >= 10))
>>   retval = poll_rest (poll_msgs, handles, nhandles, fds, nfds, 
>> timeout);
>>
>> so whenever g_poll is called with timeout < 10ms it does a quick poll 
>> instead of wait, this causes significant performance degradation of 
>> qemu, thus we should use WaitForMultipleObjectsEx directly

Can you quantify this performance degradation and specify your test
scenario? Did you find the source of those small timeouts? Which timeout
values are used there?

Would it be sufficient to round any timeout > 0 and < 10 to 10 for
Windows hosts? Maybe this could be done in qemu_timeout_ns_to_ms. If
this does not work, we still can use g_poll for timeout >= 10 and call a
new Windows specific polling function for timeout < 10.

>>
>> Signed-off-by: Stanislav Vorobiov 
>> ---
>>  qemu-timer.c |   91
> ++
>>  1 file changed, 91 insertions(+)
>>
>> diff --git a/qemu-timer.c b/qemu-timer.c index e15ce47..9fb92cb 100644
>> --- a/qemu-timer.c
>> +++ b/qemu-timer.c
>> @@ -315,6 +315,97 @@ int qemu_poll_ns(GPollFD *fds, guint nfds, int64_t
> timeout)
>>  ts.tv_nsec = timeout % 10LL;
>>  return ppoll((struct pollfd *)fds, nfds, &ts, NULL);
>>  }
>> +#elif defined(_WIN32)
>> +guint i;
>> +HANDLE handles[MAXIMUM_WAIT_OBJECTS];
>> +gint nhandles = 0;
>> +int num_completed = 0;
>> +gint timeout_ms = qemu_timeout_ns_to_ms(timeout);
>> +
>> +for (i = 0; i < nfds; i++) {
>> +gint j;
>> +
>> +if (fds[i].fd <= 0) {
>> +continue;
>> +}
>> +
>> +/* don't add same handle several times
>> + */
>> +for (j = 0; j < nhandles; j++) {
>> +if (handles[j] == (HANDLE)fds[i].fd) {
>> +break;
>> +}
>> +}
>> +
>> +if (j == nhandles) {
>> +if (nhandles == MAXIMUM_WAIT_OBJECTS) {
>> +fprintf(stderr, "Too many handles to wait for!\n");
>> +break;
>> +} else {
>> +handles[nhandles++] = (HANDLE)fds[i].fd;
>> +}
>> +}
>> +}
>> +
>> +for (i = 0; i < nfds; ++i) {
>> +fds[i].revents = 0;
>> +}
>> +
>> +if (timeout_ms == -1) {
>> +timeout_ms = INFINITE;
>> +}
>> +
>> +if (nhandles == 0) {
>> +if (timeout_ms == INFINITE) {
>> +return -1;
>> +} else {
>> +SleepEx(timeout_ms, TRUE);
>> +return 0;
>> +}
>> +}
>> +
>> +while (1) {
>> +DWORD res;
>> +gint j;
>> +
>> +res = WaitForMultipleObjectsEx(nhandles, handles, FALSE,
>> +timeout_ms, TRUE);
>> +
>> +if (res == WAIT_FAILED) {
>> +for (i = 0; i < nfds; ++i) {
>> +fds[i].revents = 0;
>> +}
>> +
>> +return -1;
>> +} else if ((res == WAIT_TIMEOUT) || (res == WAIT_IO_COMPLETION)
> ||
>> +   ((int)res < WAIT_OBJECT_0) ||
>> +   (res >= (WAIT_OBJECT_0 + nhandles))) {
>> +break;
>> +}
>> +
>> +for (i = 0; i < nfds; ++i) {
>> +if (handles[res - WAIT_OBJECT_0] == (HANDLE)fds[i].fd) {
>> +fds[i].revents = fds[i].events;
>> +}
>> +}
>> +
>> +++num_completed;
>> +
>> 

Re: [Qemu-devel] [PATCH v2 1/4] vl.c: generalise qemu_get_machine_opts()

[Peter Crosthwaite]

On Fri, Apr 18, 2014 at 2:53 PM, Paolo Bonzini  wrote:
> Il 18/04/2014 00:25, Peter Crosthwaite ha scritto:
>
>> This "nofail" (i.e. does not return NULL) mechanism driving
>> qemu_get_machine_opts() does not need to be specific to machine opts
>> - its applicable to other types of opts. Generalise and re-implement
>> qemu_get_machine_opts() as a caller of the generalisation.
>>
>> Signed-off-by: Peter Crosthwaite 
>> ---
>>
>>  vl.c | 20 +---
>>  1 file changed, 13 insertions(+), 7 deletions(-)
>>
>> diff --git a/vl.c b/vl.c
>> index 9975e5a..bc12d0f 100644
>> --- a/vl.c
>> +++ b/vl.c
>> @@ -510,17 +510,12 @@ static QemuOptsList qemu_name_opts = {
>>  },
>>  };
>>
>> -/**
>> - * Get machine options
>> - *
>> - * Returns: machine options (never null).
>> - */
>> -QemuOpts *qemu_get_machine_opts(void)
>> +static QemuOpts *qemu_get_opts_nofail(const char *type)
>>  {
>>  QemuOptsList *list;
>>  QemuOpts *opts;
>>
>> -list = qemu_find_opts("machine");
>> +list = qemu_find_opts(type);
>>  assert(list);
>>  opts = qemu_opts_find(list, NULL);
>>  if (!opts) {
>> @@ -529,6 +524,17 @@ QemuOpts *qemu_get_machine_opts(void)
>>  return opts;
>>  }
>>
>> +/**
>> + * Get machine options
>> + *
>> + * Returns: machine options (never null).
>> + */
>> +
>> +QemuOpts *qemu_get_machine_opts(void)
>> +{
>> +return qemu_get_opts_nofail("machine");
>> +}
>> +
>>  const char *qemu_get_vm_name(void)
>>  {
>>  return qemu_name;
>>
>
> This is already planned for 2.1 as qemu_find_opts_singleton, which either
> Igor or Hu will send.
>

I see. Anything else in that work that you see conflicting with other
components of this series? AFAICT its just a trivial change to P2 to
back onto the qemu_find_opts_singleton work and the rest stands as-is.

Regards,
Peter

> Paolo
>

[Qemu-devel] [PULL] Trivial patches for 2014-04-18

[Michael Tokarev]

This is the same pull request as has been sent initially for 2.0
and which we didn't apply.  Except that this time, I fixed one more
"allows to" case which I overlooked in qemu-options.hx.

I'm not re-sending whole series again, as at has been sent previously,
will only re-send the changed patch as a reply to this message.

Please consider pulling.

The following changes since commit 2d03b49c3f225994c4b0b46146437d8c887d6774:

  Merge remote-tracking branch 
'remotes/pmaydell/tags/pull-target-arm-20140417-1' into staging (2014-04-17 
21:37:26 +0100)

are available in the git repository at:


  git://git.corpit.ru/qemu.git tags/trivial-patches-2014-04-18

for you to fetch changes up to b36dc67b95dedcece8757ec23bf42625a7ccda34:

  Fix grammar in comment (2014-04-18 10:33:36 +0400)


trivial patches for 2014-04-18


Amos Kong (1):
  qga: trivial fix for unclear documentation of guest-set-time

Chen Gang (1):
  vl: Report accelerator not supported for target more nicely

Hani Benhabiles (1):
  net: Report error when device / hub combo is not found.

Michael Tokarev (1):
  doc: grammify "allows to"

Paolo Bonzini (1):
  scripts: add sample model file for Coverity Scan

Peter Maydell (4):
  configure: Fix indentation of help for --enable/disable-debug-info
  hw/ide/ahci.c: Avoid shift left into sign bit
  int128.h: Avoid undefined behaviours involving signed arithmetic
  xbzrle.c: Avoid undefined behaviour with signed arithmetic

Stefan Weil (2):
  configure: Remove redundant message for -Werror
  Fix grammar in comment

 configure|5 +-
 hw/i2c/smbus_eeprom.c|2 +-
 hw/ide/ahci.c|4 +-
 include/qemu/int128.h|4 +-
 net/net.c|4 +-
 qemu-doc.texi|2 +-
 qemu-options.hx  |7 +-
 qga/commands-posix.c |2 +-
 qga/qapi-schema.json |   14 ++--
 scripts/coverity-model.c |  183 ++
 vl.c |2 +-
 xbzrle.c |8 +-
 12 files changed, 212 insertions(+), 25 deletions(-)
 create mode 100644 scripts/coverity-model.c

[Qemu-devel] [PATCH v3] doc: grammify "allows to"

[Michael Tokarev]

English language grammar does not allow usage
of the word "allows" directly followed by an
infinitive, declaring constructs like "something
allows to do somestuff" un-grammatical.  Often
it is possible to just insert "one" between "allows"
and "to" to make the construct grammatical, but
usually it is better to re-phrase the statement.

This patch tries to fix 4 examples of "allows to"
usage in qemu doc, but does not address comments
in the code with similar constructs.  It also adds
missing "the" in the same line.

Signed-off-by: Michael Tokarev 
---
 qemu-doc.texi   |2 +-
 qemu-options.hx |7 ---
 2 files changed, 5 insertions(+), 4 deletions(-)

v2: catch one more occurence of the same construct
in qemu-options.hx, in vnc encodings section.  This
statement may need rewriting which I don't provide
in this patch, which just fixes the grammar.

v3: one more case in qemu-options.hx

diff --git a/qemu-doc.texi b/qemu-doc.texi
index e6e20eb..88ec9bb 100644
--- a/qemu-doc.texi
+++ b/qemu-doc.texi
@@ -823,7 +823,7 @@ In this case, the block device must be exported using 
qemu-nbd:
 qemu-nbd --socket=/tmp/my_socket my_disk.qcow2
 @end example
 
-The use of qemu-nbd allows to share a disk between several guests:
+The use of qemu-nbd allows sharing of a disk between several guests:
 @example
 qemu-nbd --socket=/tmp/my_socket --share=2 my_disk.qcow2
 @end example
diff --git a/qemu-options.hx b/qemu-options.hx
index 2d33815..6457034 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -444,7 +444,8 @@ This option defines the type of the media: disk or cdrom.
 @item cyls=@var{c},heads=@var{h},secs=@var{s}[,trans=@var{t}]
 These options have the same definition as they have in @option{-hdachs}.
 @item snapshot=@var{snapshot}
-@var{snapshot} is "on" or "off" and allows to enable snapshot for given drive 
(see @option{-snapshot}).
+@var{snapshot} is "on" or "off" and controls snapshot mode for the given drive
+(see @option{-snapshot}).
 @item cache=@var{cache}
 @var{cache} is "none", "writeback", "unsafe", "directsync" or "writethrough" 
and controls how the host cache is used to access block data.
 @item aio=@var{aio}
@@ -1242,7 +1243,7 @@ Disable adaptive encodings. Adaptive encodings are 
enabled by default.
 An adaptive encoding will try to detect frequently updated screen regions,
 and send updates in these regions using a lossy encoding (like JPEG).
 This can be really helpful to save bandwidth when playing videos. Disabling
-adaptive encodings allows to restore the original static behavior of encodings
+adaptive encodings restores the original static behavior of encodings
 like Tight.
 
 @item share=[allow-exclusive|force-shared|ignore]
@@ -2805,7 +2806,7 @@ UTC or local time, respectively. @code{localtime} is 
required for correct date i
 MS-DOS or Windows. To start at a specific point in time, provide @var{date} in 
the
 format @code{2006-06-17T16:01:21} or @code{2006-06-17}. The default base is 
UTC.
 
-By default the RTC is driven by the host system time. This allows to use the
+By default the RTC is driven by the host system time. This allows using of the
 RTC as accurate reference clock inside the guest, specifically if the host
 time is smoothly following an accurate external reference clock, e.g. via NTP.
 If you want to isolate the guest time from the host, you can set @option{clock}
-- 
1.7.10.4

Re: [Qemu-devel] [PATCH] configure: Exit with code 0 with --help

[Michael Tokarev]

18.04.2014 10:25, Fam Zheng wrote:
> There are two paths to show help and exit, one is with "-h" or "--help",
> one is with invalid options.
> 
> Only "exit 1" with the latter case.

I'd rather put `exit 1' right in invalid option case, instead of jumping
to help.  Because help output is huge, and it is often difficult to see
the error message.   At max, at the error case, the script can output
something like, `for a list of valid options, run $0 --help'.

Here and for qemu-img case.

Do you not agree?

Thanks,

/mjt

Re: [Qemu-devel] [PATCH 08/35] qdev: hotplug for buss-less devices

[Igor Mammedov]

On Fri, 18 Apr 2014 00:03:57 +1000
Peter Crosthwaite  wrote:

> On Thu, Apr 17, 2014 at 7:40 PM, Igor Mammedov  wrote:
> > On Thu, 17 Apr 2014 09:46:28 +1000
> > Peter Crosthwaite  wrote:
> >
> >> On Fri, Apr 4, 2014 at 11:36 PM, Igor Mammedov  wrote:
> >> > Adds get_hotplug_handler() method to machine, and
> >> > makes bus-less device to use it during hotplug
> >> > as a means to discover hotplug handler controller.
> >> > Returned controller is used to permorm a hotplug
> >> > action.
> >> >
> >> > Signed-off-by: Igor Mammedov 
> >> > ---
> >> >  hw/core/qdev.c  | 13 +
> >> >  include/hw/boards.h |  8 
> >> >  2 files changed, 21 insertions(+)
> >> >
> >> > diff --git a/hw/core/qdev.c b/hw/core/qdev.c
> >> > index 60f9df1..50bb8f5 100644
> >> > --- a/hw/core/qdev.c
> >> > +++ b/hw/core/qdev.c
> >> > @@ -34,6 +34,7 @@
> >> >  #include "qapi/qmp/qjson.h"
> >> >  #include "monitor/monitor.h"
> >> >  #include "hw/hotplug.h"
> >> > +#include "hw/boards.h"
> >> >
> >> >  int qdev_hotplug = 0;
> >> >  static bool qdev_hot_added = false;
> >> > @@ -761,6 +762,18 @@ static void device_set_realized(Object *obj, bool 
> >> > value, Error **err)
> >> >  local_err == NULL) {
> >> >  hotplug_handler_plug(dev->parent_bus->hotplug_handler,
> >> >   dev, &local_err);
> >> > +} else if (local_err == NULL &&
> >> > +   object_dynamic_cast(qdev_get_machine(), 
> >> > TYPE_MACHINE)) {
> >>
> >> This doesn't look right - you are relying on global state to implement
> >> hotplug. Later in the series you then need to do RTTI at the machine
> >> level to properly determine if hotplug is really appropriate then do
> >> some machine specific attachment. This idea of "we dont need a bus
> >> just hotplug to the machine itself" doesnt seem generic at all. If you
> > It's rather "allow to define at board level" what should be hotplug-handler
> > than using hardcoded in bus implementation one.
> >
> 
> If different buses behave different on hotplug then they should be
> different busses.
> 
> > The issue here is to discover which hotplug handler should be used for
> > a bus-less device. Which MachineClass->get_hotplug_handler(machine, dev);
> > does. QEMU so far is using bus to solve it, but it by no means is
> > generic (i.e. applicable only bus-devices).
> > Proposed bus-less hotplug is a simplified solution that is result of
> > https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04184.html
> > discussion.
> >
> >> need to define hotplug socket-side functionality, then that seems to
> >> me to be a bus level problem - and you should use a bus - probably
> >> SYSBUS or an extension thereof. Then your hotplug work can be
> > Socket object + attached bus is rather workaround due to the lack of
> > bus-less hotplug than a generic solution.
> >
> >> generalized to sysbus and a range of devices rather than us having
> >> independent competing "embedded vs PC" hotplug implementations.
> > SYSBUS are definitely is no go for hotplug, there were numerous
> > attempts to make it hotpluggable during past years, which were immediately
> > rejected. Reasoning in gist was "Sysbus is legacy which shouldn't be used
> > for anything new".
> 
> Lets divide and conquer this - I agree Sysbus as a bus
> (TYPE_SYSTEM_BUS) sucks as we are trying to get rid of busses in favor
> of linkages etc.. So long term, SYSTEM_BUS should go away (along with
> TYPE_BUS itself).
> 
> But TYPE_SYS_BUS_DEVICE should live on. Its a highly useful
> abstraction which allows you to define devices with any number of
> memory mapped regions. And this device level API doesn't define any
> real busisms so it should be possible to convert SYS_BUS_DEVICE to
> this "bussless" regime you are proposing anyway. Infact I do wonder
> exactly how hard it would be to patch one of your handlers to just
> call into the sysbus API and grab the memory regions and attach as you
> already do for DIMMs. Then you work works for all of sysbus and we can
> continue doing our embedded thing which some decent code sharing.
It shouldn't be too hard to do globally if we initialize RAM address
space in common QEMUMachine and provide default handler in there, that
intercepts TYPE_SYS_BUS_DEVICE and does mapping of regions prepared by
device.

> Regards,
> Peter
> 
>  That's one of the reasons why x86 APIC is not
> > Sysbus device anymore and is attached to ICC bus.
> >
> >> How do you implement hotplugging to multiple completely independent
> >> DIMM slots? (i.e. two slots at completely different places in the bus
> >> heir-achy).
> > I probably do not understand what is a problem here.
> > Why plugging bus-less DIMM, one would need to care about buses?
> >
> >> Regarding DIMM, I think it is a bus. I'm not sure if it actually needs
> >> its own class yet (TBH I haven't gone line-line on this series looking
> >> for DIMMisms). It is ultimately a memory mapped bus if anything I
> >> think it should 

[Qemu-devel] [PATCH] configure: Exit with code 0 with --help

[Fam Zheng]

There are two paths to show help and exit, one is with "-h" or "--help",
one is with invalid options.

Only "exit 1" with the latter case.

Signed-off-by: Fam Zheng 
---
 configure | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/configure b/configure
index 69b9f56..b195efe 100755
--- a/configure
+++ b/configure
@@ -1087,7 +1087,10 @@ for opt do
   ;;
   --enable-quorum) quorum="yes"
   ;;
-  *) echo "ERROR: unknown option $opt"; show_help="yes"
+  *)
+  echo "ERROR: unknown option $opt"
+  show_help="yes"
+  exit_code=1
   ;;
   esac
 done
@@ -1353,7 +1356,7 @@ Advanced options (experts only):
 
 NOTE: The object files are built at the place where configure is launched
 EOF
-exit 1
+exit $exit_code
 fi
 
 # Now we have handled --enable-tcg-interpreter and know we're not just
-- 
1.9.2

[Qemu-devel] [PATCH] qemu-img: Exit with code 0 if there is no error

[Fam Zheng]

Signed-off-by: Fam Zheng 
---
 qemu-img.c | 68 +++---
 1 file changed, 34 insertions(+), 34 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index 8455994..756ccb1 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -58,7 +58,7 @@ static void format_print(void *opaque, const char *name)
 }
 
 /* Please keep in synch with qemu-img.texi */
-static void help(void)
+static void help(bool error)
 {
 const char *help_msg =
"qemu-img version " QEMU_VERSION ", Copyright (c) 2004-2008 Fabrice 
Bellard\n"
@@ -129,7 +129,7 @@ static void help(void)
 printf("%s\nSupported formats:", help_msg);
 bdrv_iterate_format(format_print, NULL);
 printf("\n");
-exit(1);
+exit(error ? 1 : 0);
 }
 
 static int GCC_FMT_ATTR(2, 3) qprintf(bool quiet, const char *fmt, ...)
@@ -352,7 +352,7 @@ static int img_create(int argc, char **argv)
 switch(c) {
 case '?':
 case 'h':
-help();
+help(false);
 break;
 case 'F':
 base_fmt = optarg;
@@ -398,7 +398,7 @@ static int img_create(int argc, char **argv)
 }
 
 if (optind >= argc) {
-help();
+help(true);
 }
 optind++;
 
@@ -421,7 +421,7 @@ static int img_create(int argc, char **argv)
 img_size = (uint64_t)sval;
 }
 if (optind != argc) {
-help();
+help(true);
 }
 
 bdrv_img_create(filename, fmt, base_filename, base_fmt,
@@ -577,7 +577,7 @@ static int img_check(int argc, char **argv)
 switch(c) {
 case '?':
 case 'h':
-help();
+help(false);
 break;
 case 'f':
 fmt = optarg;
@@ -590,7 +590,7 @@ static int img_check(int argc, char **argv)
 } else if (!strcmp(optarg, "all")) {
 fix = BDRV_FIX_LEAKS | BDRV_FIX_ERRORS;
 } else {
-help();
+help(true);
 }
 break;
 case OPTION_OUTPUT:
@@ -602,7 +602,7 @@ static int img_check(int argc, char **argv)
 }
 }
 if (optind != argc - 1) {
-help();
+help(true);
 }
 filename = argv[optind++];
 
@@ -699,7 +699,7 @@ static int img_commit(int argc, char **argv)
 switch(c) {
 case '?':
 case 'h':
-help();
+help(false);
 break;
 case 'f':
 fmt = optarg;
@@ -713,7 +713,7 @@ static int img_commit(int argc, char **argv)
 }
 }
 if (optind != argc - 1) {
-help();
+help(true);
 }
 filename = argv[optind++];
 
@@ -932,7 +932,7 @@ static int img_compare(int argc, char **argv)
 switch (c) {
 case '?':
 case 'h':
-help();
+help(false);
 break;
 case 'f':
 fmt1 = optarg;
@@ -959,7 +959,7 @@ static int img_compare(int argc, char **argv)
 
 
 if (optind != argc - 2) {
-help();
+help(true);
 }
 filename1 = argv[optind++];
 filename2 = argv[optind++];
@@ -1176,7 +1176,7 @@ static int img_convert(int argc, char **argv)
 switch(c) {
 case '?':
 case 'h':
-help();
+help(false);
 break;
 case 'f':
 fmt = optarg;
@@ -1275,7 +1275,7 @@ static int img_convert(int argc, char **argv)
 }
 
 if (bs_n < 1) {
-help();
+help(true);
 }
 
 
@@ -1868,7 +1868,7 @@ static int img_info(int argc, char **argv)
 switch(c) {
 case '?':
 case 'h':
-help();
+help(false);
 break;
 case 'f':
 fmt = optarg;
@@ -1882,7 +1882,7 @@ static int img_info(int argc, char **argv)
 }
 }
 if (optind != argc - 1) {
-help();
+help(true);
 }
 filename = argv[optind++];
 
@@ -2036,7 +2036,7 @@ static int img_map(int argc, char **argv)
 switch (c) {
 case '?':
 case 'h':
-help();
+help(false);
 break;
 case 'f':
 fmt = optarg;
@@ -2047,7 +2047,7 @@ static int img_map(int argc, char **argv)
 }
 }
 if (optind >= argc) {
-help();
+help(true);
 }
 filename = argv[optind++];
 
@@ -2134,11 +2134,11 @@ static int img_snapshot(int argc, char **argv)
 switch(c) {
 case '?':
 case 'h':
-help();
+help(false);
 return 0;
 case 'l':
 if (action) {
-help();
+help(true);
 return 0;
 }
 action = SNAPSHOT_LIST;
@@ -2146,7 +2146,7 @@ static int img_snapshot(int argc, char **argv)
 break;
 case 'a':
 if (action) {
-help();
+help(true);
 return 0;
 }
 action = SNAPSHOT_APPLY

[Qemu-devel] memory access trace from qemu

[Pete Stevenson]

Hi All -

I would like to generate a trace of all memory accesses (i.e. read or
write, physical address, and data content/payload).  The end goal is to use
this trace to drive a separate memory system simulator.  Ideally, the trace
would also provide core-id and a timestamp (but I am not as optimistic that
qemu will give me these).

I have noted that several previous threads address this topic, so perhaps
the question becomes can I get in contact with those who have successfully
done this before?  I'd like to do as little as possible here :) to get what
I want, and I'm hoping that either this has been rolled into the new qemu
release or that a previously existing patch does most of what I want (i.e.
which patch?).

I would be happy to hack the qemu source code if there is only one or two
places where I need to do invasive surgery.

Thank you,
Pete Stevenson

Re: [Qemu-devel] [PATCH v2 1/4] vl.c: generalise qemu_get_machine_opts()

[Paolo Bonzini]

Il 18/04/2014 00:25, Peter Crosthwaite ha scritto:

This "nofail" (i.e. does not return NULL) mechanism driving
qemu_get_machine_opts() does not need to be specific to machine opts
- its applicable to other types of opts. Generalise and re-implement
qemu_get_machine_opts() as a caller of the generalisation.

Signed-off-by: Peter Crosthwaite 
---

 vl.c | 20 +---
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/vl.c b/vl.c
index 9975e5a..bc12d0f 100644
--- a/vl.c
+++ b/vl.c
@@ -510,17 +510,12 @@ static QemuOptsList qemu_name_opts = {
 },
 };

-/**
- * Get machine options
- *
- * Returns: machine options (never null).
- */
-QemuOpts *qemu_get_machine_opts(void)
+static QemuOpts *qemu_get_opts_nofail(const char *type)
 {
 QemuOptsList *list;
 QemuOpts *opts;

-list = qemu_find_opts("machine");
+list = qemu_find_opts(type);
 assert(list);
 opts = qemu_opts_find(list, NULL);
 if (!opts) {
@@ -529,6 +524,17 @@ QemuOpts *qemu_get_machine_opts(void)
 return opts;
 }

+/**
+ * Get machine options
+ *
+ * Returns: machine options (never null).
+ */
+
+QemuOpts *qemu_get_machine_opts(void)
+{
+return qemu_get_opts_nofail("machine");
+}
+
 const char *qemu_get_vm_name(void)
 {
 return qemu_name;



This is already planned for 2.1 as qemu_find_opts_singleton, which 
either Igor or Hu will send.


Paolo

Re: [Qemu-devel] About SIG_IPI handler

[Paolo Bonzini]

Il 17/04/2014 01:51, Jan Kiszka ha scritto:

On 2014-04-17 07:46, Shiru Ren wrote:

Hi, all

I’m trying to figure out how do_savevm works in QEMU. But there is one
thing has bothered me quite a lot. I found that vm_stop invoke
qemu_cpu_kick_thread to send SIG_IPI to a vcpu thread, and I have
understand that in TCG mode, the cpu_signal() function will be invoked as
the SIG_IPI handler. But I don’t know what happens in KVM mode. Actually I
can’t find the signal handler function. I only find a function named
dummy_signal, and it doesn't do anything.


This signal is handled synchronously in KVM mode, see
qemu_kvm_eat_signals in cpus.c.


In addition to this, the signal is blocked in the VCPU thread always 
except during the KVM_RUN ioctl; see kvm_set_signal_mask which invokes 
the KVM_SET_SIGNAL_MASK ioctl and sets the different signal mask used 
for KVM_RUN.  So the signal indeed causes the CPU thread to exit the 
vcpu thread even in KVM mode, but this happens inside the kernel module. 
 QEMU doesn't have anything to do, it just "eats" the signal with 
sigwaitinfo.


Paolo

Re: [Qemu-devel] Should we have a 2.0-rc3 ?

[Paolo Bonzini]

Il 14/04/2014 09:25, Peter Maydell ha scritto:

(More generally it feels like either the code using this
needs to be able to cope with "might only get TARGET_PAGE_SIZE"
semantics, or we need to fix the Xen code paths so that
they provide the whole requested section as well. The
patch looks more like a bandaid than an actual fix :-()


Yeah, it is a band-aid for virtio-scsi but not so much for Alexey's 
KVM/VFIO usecase (which is not in yet, so until a week ago there was no 
reason to have the patch in 2.0).


I'll look at it when I'm back.

Paolo

Re: [Qemu-devel] Change of TEXT_OFFSET for multi_v7_defconfig

[Nicolas Pitre]

On Thu, 17 Apr 2014, Rob Herring wrote:

> Here's a simple test of what I was trying to point out. I took a
> working kernel with TEXT_OFFSET of 0x8000 and booted it on QEMU using
> the "virt" machine which RAM normally starts at 0x4000. Then
> varying the RAM base, I get these results:
> 
> 0x4000 - boots
> 0x4100 - no output because the decompressor will still put the
> Image at 0x40008000.

If you want this to work, you have to disable CONFIG_AUTO_ZRELADDR.

In practice there is no actual hardware with physical RAM not aligned to 
a 128MB boundary.  That's why this particular alignment was selected.

> 0x4800 - boots
> 
> So without changing TEXT_OFFSET, you can only vary the PHYS_OFFSET in
> 128MB steps. For anything in between you have to use TEXT_OFFSET. Is
> that really the right solution?

What "solution" are you looking for?  I'm under the impression you're 
getting confused about what TEXT_OFFSET is for.

> I'm not suggesting to break anything or changing existing platforms,
> but how do we improve the Image format in a compatible way. If
> bootloaders want to support booting Image files or vmlinux directly,
> then we should support that including any compatible changes to make
> things work better.

And why would bootloaders want that?  Just to create confusion with 
the established boot protocol?

There is really not much to share between ARM32 and ARM64 bootloader 
implementation wise given the major platform initialization differences, 
so trying to consolidate the very little code to actually boot the image 
is rather futile.


Nicolas

[Qemu-devel] [PATCH v2 4/4] nvram: fw_cfg: Fix -boot options in nvram/fw_cfg

[Peter Crosthwaite]

When accessing boot options, we query whatever options come first in
the boot opts list.  This is wrong.

Use qemu_get_boot_opts() to fix these bugs.

This change is similar to and based on 36ad0e9.

We also take to opportunity to remove the now unneeded null boot-opts
conditional, removing a level of indentation on usage code.

Signed-off-by: Peter Crosthwaite 
---

 hw/nvram/fw_cfg.c | 36 
 1 file changed, 16 insertions(+), 20 deletions(-)

diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 282341a..8537669 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -125,18 +125,16 @@ static void fw_cfg_bootsplash(FWCfgState *s)
 const char *temp;
 
 /* get user configuration */
-QemuOptsList *plist = qemu_find_opts("boot-opts");
-QemuOpts *opts = QTAILQ_FIRST(&plist->head);
-if (opts != NULL) {
-temp = qemu_opt_get(opts, "splash");
-if (temp != NULL) {
-boot_splash_filename = temp;
-}
-temp = qemu_opt_get(opts, "splash-time");
-if (temp != NULL) {
-p = (char *)temp;
-boot_splash_time = strtol(p, (char **)&p, 10);
-}
+QemuOpts *opts = qemu_get_boot_opts();
+
+temp = qemu_opt_get(opts, "splash");
+if (temp != NULL) {
+boot_splash_filename = temp;
+}
+temp = qemu_opt_get(opts, "splash-time");
+if (temp != NULL) {
+p = (char *)temp;
+boot_splash_time = strtol(p, (char **)&p, 10);
 }
 
 /* insert splash time if user configurated */
@@ -191,14 +189,12 @@ static void fw_cfg_reboot(FWCfgState *s)
 const char *temp;
 
 /* get user configuration */
-QemuOptsList *plist = qemu_find_opts("boot-opts");
-QemuOpts *opts = QTAILQ_FIRST(&plist->head);
-if (opts != NULL) {
-temp = qemu_opt_get(opts, "reboot-timeout");
-if (temp != NULL) {
-p = (char *)temp;
-reboot_timeout = strtol(p, (char **)&p, 10);
-}
+QemuOpts *opts = qemu_get_boot_opts();
+
+temp = qemu_opt_get(opts, "reboot-timeout");
+if (temp != NULL) {
+p = (char *)temp;
+reboot_timeout = strtol(p, (char **)&p, 10);
 }
 /* validate the input */
 if (reboot_timeout > 0x) {
-- 
1.9.2.1.g06c4abd

[Qemu-devel] [PATCH v2 3/4] vl.c: Use qemu_get_boot_opts

[Peter Crosthwaite]

To simplfiy and make consistent with surrounding code using
qemu_get_machine_opts(). Create a new local variable name boot_opts
for consistency as well.

Signed-off-by: Peter Crosthwaite 
---

 vl.c | 39 +++
 1 file changed, 19 insertions(+), 20 deletions(-)

diff --git a/vl.c b/vl.c
index d761211..5185537 100644
--- a/vl.c
+++ b/vl.c
@@ -2954,7 +2954,7 @@ int main(int argc, char **argv, char **envp)
 const char *boot_order;
 DisplayState *ds;
 int cyls, heads, secs, translation;
-QemuOpts *hda_opts = NULL, *opts, *machine_opts;
+QemuOpts *hda_opts = NULL, *opts, *machine_opts, *boot_opts;
 QemuOptsList *olist;
 int optind;
 const char *optarg;
@@ -2982,6 +2982,9 @@ int main(int argc, char **argv, char **envp)
 const char *trace_events = NULL;
 const char *trace_file = NULL;
 
+char *normal_boot_order;
+const char *order, *once;
+
 atexit(qemu_run_exit_notifiers);
 error_set_progname(argv[0]);
 qemu_init_exec_dir(argv[0]);
@@ -4200,29 +4203,25 @@ int main(int argc, char **argv, char **envp)
 bios_name = qemu_opt_get(machine_opts, "firmware");
 
 boot_order = machine->default_boot_order;
-opts = qemu_opts_find(qemu_find_opts("boot-opts"), NULL);
-if (opts) {
-char *normal_boot_order;
-const char *order, *once;
-
-order = qemu_opt_get(opts, "order");
-if (order) {
-validate_bootdevices(order);
-boot_order = order;
-}
+boot_opts = qemu_get_boot_opts();
 
-once = qemu_opt_get(opts, "once");
-if (once) {
-validate_bootdevices(once);
-normal_boot_order = g_strdup(boot_order);
-boot_order = once;
-qemu_register_reset(restore_boot_order, normal_boot_order);
-}
+order = qemu_opt_get(boot_opts, "order");
+if (order) {
+validate_bootdevices(order);
+boot_order = order;
+}
 
-boot_menu = qemu_opt_get_bool(opts, "menu", boot_menu);
-boot_strict = qemu_opt_get_bool(opts, "strict", false);
+once = qemu_opt_get(boot_opts, "once");
+if (once) {
+validate_bootdevices(once);
+normal_boot_order = g_strdup(boot_order);
+boot_order = once;
+qemu_register_reset(restore_boot_order, normal_boot_order);
 }
 
+boot_menu = qemu_opt_get_bool(boot_opts, "menu", boot_menu);
+boot_strict = qemu_opt_get_bool(boot_opts, "strict", false);
+
 if (!kernel_cmdline) {
 kernel_cmdline = "";
 }
-- 
1.9.2.1.g06c4abd

[Qemu-devel] [PATCH v2 2/4] vl.c: Add qemu_get_boot_opts()

[Peter Crosthwaite]

Same basic idea as qemu_get_machine_opts().

Signed-off-by: Peter Crosthwaite 
---

 include/sysemu/sysemu.h |  1 +
 vl.c| 11 +++
 2 files changed, 12 insertions(+)

diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
index ba5c7f8..d41748d 100644
--- a/include/sysemu/sysemu.h
+++ b/include/sysemu/sysemu.h
@@ -198,6 +198,7 @@ char *get_boot_devices_list(size_t *size, bool 
ignore_suffixes);
 DeviceState *get_boot_device(uint32_t position);
 
 QemuOpts *qemu_get_machine_opts(void);
+QemuOpts *qemu_get_boot_opts(void);
 
 bool usb_enabled(bool default_usb);
 
diff --git a/vl.c b/vl.c
index bc12d0f..d761211 100644
--- a/vl.c
+++ b/vl.c
@@ -535,6 +535,17 @@ QemuOpts *qemu_get_machine_opts(void)
 return qemu_get_opts_nofail("machine");
 }
 
+/**
+ * Get boot options
+ *
+ * Returns: boot options (never null).
+ */
+
+QemuOpts *qemu_get_boot_opts(void)
+{
+return qemu_get_opts_nofail("boot-opts");
+}
+
 const char *qemu_get_vm_name(void)
 {
 return qemu_name;
-- 
1.9.2.1.g06c4abd

[Qemu-devel] [PATCH v2 1/4] vl.c: generalise qemu_get_machine_opts()

[Peter Crosthwaite]

This "nofail" (i.e. does not return NULL) mechanism driving
qemu_get_machine_opts() does not need to be specific to machine opts
- its applicable to other types of opts. Generalise and re-implement
qemu_get_machine_opts() as a caller of the generalisation.

Signed-off-by: Peter Crosthwaite 
---

 vl.c | 20 +---
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/vl.c b/vl.c
index 9975e5a..bc12d0f 100644
--- a/vl.c
+++ b/vl.c
@@ -510,17 +510,12 @@ static QemuOptsList qemu_name_opts = {
 },
 };
 
-/**
- * Get machine options
- *
- * Returns: machine options (never null).
- */
-QemuOpts *qemu_get_machine_opts(void)
+static QemuOpts *qemu_get_opts_nofail(const char *type)
 {
 QemuOptsList *list;
 QemuOpts *opts;
 
-list = qemu_find_opts("machine");
+list = qemu_find_opts(type);
 assert(list);
 opts = qemu_opts_find(list, NULL);
 if (!opts) {
@@ -529,6 +524,17 @@ QemuOpts *qemu_get_machine_opts(void)
 return opts;
 }
 
+/**
+ * Get machine options
+ *
+ * Returns: machine options (never null).
+ */
+
+QemuOpts *qemu_get_machine_opts(void)
+{
+return qemu_get_opts_nofail("machine");
+}
+
 const char *qemu_get_vm_name(void)
 {
 return qemu_name;
-- 
1.9.2.1.g06c4abd

[Qemu-devel] [PATCH v2 0/4] Introduce qemu_get_boot_opts()

[Peter Crosthwaite]

Hi Markus,

This series introduces qemu_get_boot_opts(), in much the same way as
was done for qemu_get_machine_opts().

As usual, I have out-of-scope and out-of-tree usages :) But P3 does
clean up the three existing instances of the long-and-awkward form of
this query and makes the one in vl.c consistent with an immediately
surrounding qemu_get_machine_opts().

changed since v1:
Fix nvram usages as well (Markus review).

Regards,
Peter


Peter Crosthwaite (4):
  vl.c: generalise qemu_get_machine_opts()
  vl.c: Add qemu_get_boot_opts()
  vl.c: Use qemu_get_boot_opts
  nvram: fw_cfg: Fix -boot options in nvram/fw_cfg

 hw/nvram/fw_cfg.c   | 36 +++--
 include/sysemu/sysemu.h |  1 +
 vl.c| 70 ++---
 3 files changed, 60 insertions(+), 47 deletions(-)

-- 
1.9.2.1.g06c4abd

Re: [Qemu-devel] Change of TEXT_OFFSET for multi_v7_defconfig

[Rob Herring]

On Thu, Apr 17, 2014 at 4:35 PM, Russell King - ARM Linux
 wrote:
> On Thu, Apr 17, 2014 at 04:18:45PM -0500, Rob Herring wrote:
>> The problem here is more than just the TEXT_OFFSET changed. From what
>> I've heard, there are some QC chips which need much more reserved RAM
>> than the 2MB discussed here. Changing the TEXT_OFFSET is a hack that
>> doesn't scale.
>
> You may think it's a hack, but we really can't get around this.  There
> really are platforms out there where we must do this kind of stuff.  I
> invite you next time you meet up to talk to Michal Simek.  There's no
> way they can load the kernel at 32K into RAM.

In fact, I have discussed this with him. If we're having discussions
about it, then obviously some problems remain.

>> A simple issue is you are now wasting 2MB of low memory on every
>> platform. Not such a big deal I guess. But what if more is needed?
>
> Why do you think it's wasted in the general case?  Do you think the
> first 16K is ignored by Linux?  All memory will be freed to the Linux
> page allocator unless it has an explicit reservation in memblock.  So
> the 2MB won't be wasted - it will be freed as before to the page
> allocator.

Okay, my mistake.

>> The zImage requires that the kernel be placed at a 128M aligned
>> address plus TEXT_OFFSET. The v2p patching then requires the kernel to
>> be located within the first 16MB of RAM. So the Image can only ever be
>> placed at 0x8000 - 15.?MB from a 128MB aligned address. You can never
>> have the first 16-127MB of RAM reserved.
>
> Wrong.  You can have as much RAM as you want reserved, you just can't
> manage it with Linux memory allocators if you go over 16MB.
>
> Remember that the virtual address space PAGE_OFFSET...kernel corresponds
> with PHYS_OFFSET...kernel.  So, if you have 16MB between PHYS_OFFSET and
> the kernel, then you have 16MB between PAGE_OFFSET and the kernel.  Your
> modules are looking very distant, and PCREL24 relocations become
> troublesome.

For the reasons you give here, doesn't that mean you want to have
TEXT_OFFSET be as small as possible? And (ab)using TEXT_OFFSET to
reserve 16, 32, 64MB, etc, would be a bad idea. Also, that only gives
us a compile time memory reservation.

Here's a simple test of what I was trying to point out. I took a
working kernel with TEXT_OFFSET of 0x8000 and booted it on QEMU using
the "virt" machine which RAM normally starts at 0x4000. Then
varying the RAM base, I get these results:

0x4000 - boots
0x4100 - no output because the decompressor will still put the
Image at 0x40008000.
0x4800 - boots

So without changing TEXT_OFFSET, you can only vary the PHYS_OFFSET in
128MB steps. For anything in between you have to use TEXT_OFFSET. Is
that really the right solution?

BTW, a TEXT_OFFSET of 0x408000 or more doesn't work either due to the
limits in immediate values, but that problem could be easily fixed.

>> The only way to have reserved
>> memory (in chucks of 16MB) is by loading an Image file directly
>> instead. The bootloaders will know the start of RAM and any reserved
>> memory size because they can simply parse DT.
>>
>> Bootloaders are going to have to change for arm64 Image support
>> anyway, so we should have an aligned solution here.
>
> No.  You simply can't eliminate any of the above - each one has been
> negotiated through quite an amount of discussion with relevant parties
> and/or due to technical requirements and they just can't be magic'd
> away.
>
> Plus the ARM64 image format is different from our zImage format.  It
> would make far *more* sense to align our Image format with our zImage
> format so existing boot loaders which look for the zImage magic numbers
> can boot plain Image files too.
>
> Moreover, since we could *never* align zImage with the ARM64 format,
> why on earth would we want to start using the ARM64 format for the
> Image format?

I'm not talking about zImage. I'm talking about Image files only. The
arm64 Image header could be added to ARM Image files and that would
not hurt or change a thing for existing users. The cost is 64 bytes.

> If you say, we should just break the existing zImage format, my response
> will be: who the hell are you to decide to break 20 odd years of boot
> ABI in a way which *stops* platforms from booting on such a pathetic
> whim.

I'm not suggesting to break anything or changing existing platforms,
but how do we improve the Image format in a compatible way. If
bootloaders want to support booting Image files or vmlinux directly,
then we should support that including any compatible changes to make
things work better.

Rob

Re: [Qemu-devel] [PATCH] timer: fix qemu_poll_ns early timeout on windows

[Sangho Park]

Hi, maintainers. 
Could you check this patch?
http://www.mail-archive.com/qemu-devel@nongnu.org/msg227161.html

Thanks

ps)
We've checked the http://wiki.qemu.org/Contribute/SubmitAPatch. Yet, if we
made any violation or mistake, let us know. We will appreciate your favor.

-Original Message-
From: Stanislav Vorobiov [mailto:s.vorob...@samsung.com] 
Sent: Thursday, April 17, 2014 6:08 PM
To: qemu-devel@nongnu.org
Cc: syeon.hw...@samsung.com; sangho1206.p...@samsung.com
Subject: Re: [Qemu-devel] [PATCH] timer: fix qemu_poll_ns early timeout on
windows

Hi, everyone

Any comments on this one ? This patch fixes pretty serious performance
issues on windows, it would be great to have this in 2.0.0

On 04/15/2014 12:41 PM, Stanislav Vorobiov wrote:
> From: Sangho Park 
> 
> g_poll has a problem on windows when using timeouts < 10ms, in 
> glib/gpoll.c:
> 
> /* If not, and we have a significant timeout, poll again with
>  * timeout then. Note that this will return indication for only
>  * one event, or only for messages. We ignore timeouts less than
>  * ten milliseconds as they are mostly pointless on Windows, the
>  * MsgWaitForMultipleObjectsEx() call will timeout right away
>  * anyway.
>  */
> if (retval == 0 && (timeout == INFINITE || timeout >= 10))
>   retval = poll_rest (poll_msgs, handles, nhandles, fds, nfds, 
> timeout);
> 
> so whenever g_poll is called with timeout < 10ms it does a quick poll 
> instead of wait, this causes significant performance degradation of 
> qemu, thus we should use WaitForMultipleObjectsEx directly
> 
> Signed-off-by: Stanislav Vorobiov 
> ---
>  qemu-timer.c |   91
++
>  1 file changed, 91 insertions(+)
> 
> diff --git a/qemu-timer.c b/qemu-timer.c index e15ce47..9fb92cb 100644
> --- a/qemu-timer.c
> +++ b/qemu-timer.c
> @@ -315,6 +315,97 @@ int qemu_poll_ns(GPollFD *fds, guint nfds, int64_t
timeout)
>  ts.tv_nsec = timeout % 10LL;
>  return ppoll((struct pollfd *)fds, nfds, &ts, NULL);
>  }
> +#elif defined(_WIN32)
> +guint i;
> +HANDLE handles[MAXIMUM_WAIT_OBJECTS];
> +gint nhandles = 0;
> +int num_completed = 0;
> +gint timeout_ms = qemu_timeout_ns_to_ms(timeout);
> +
> +for (i = 0; i < nfds; i++) {
> +gint j;
> +
> +if (fds[i].fd <= 0) {
> +continue;
> +}
> +
> +/* don't add same handle several times
> + */
> +for (j = 0; j < nhandles; j++) {
> +if (handles[j] == (HANDLE)fds[i].fd) {
> +break;
> +}
> +}
> +
> +if (j == nhandles) {
> +if (nhandles == MAXIMUM_WAIT_OBJECTS) {
> +fprintf(stderr, "Too many handles to wait for!\n");
> +break;
> +} else {
> +handles[nhandles++] = (HANDLE)fds[i].fd;
> +}
> +}
> +}
> +
> +for (i = 0; i < nfds; ++i) {
> +fds[i].revents = 0;
> +}
> +
> +if (timeout_ms == -1) {
> +timeout_ms = INFINITE;
> +}
> +
> +if (nhandles == 0) {
> +if (timeout_ms == INFINITE) {
> +return -1;
> +} else {
> +SleepEx(timeout_ms, TRUE);
> +return 0;
> +}
> +}
> +
> +while (1) {
> +DWORD res;
> +gint j;
> +
> +res = WaitForMultipleObjectsEx(nhandles, handles, FALSE,
> +timeout_ms, TRUE);
> +
> +if (res == WAIT_FAILED) {
> +for (i = 0; i < nfds; ++i) {
> +fds[i].revents = 0;
> +}
> +
> +return -1;
> +} else if ((res == WAIT_TIMEOUT) || (res == WAIT_IO_COMPLETION)
||
> +   ((int)res < WAIT_OBJECT_0) ||
> +   (res >= (WAIT_OBJECT_0 + nhandles))) {
> +break;
> +}
> +
> +for (i = 0; i < nfds; ++i) {
> +if (handles[res - WAIT_OBJECT_0] == (HANDLE)fds[i].fd) {
> +fds[i].revents = fds[i].events;
> +}
> +}
> +
> +++num_completed;
> +
> +if (nhandles <= 1) {
> +break;
> +}
> +
> +/* poll the rest of the handles
> + */
> +for (j = res - WAIT_OBJECT_0 + 1; j < nhandles; j++) {
> +handles[j - 1] = handles[j];
> +}
> +--nhandles;
> +
> +timeout_ms = 0;
> +}
> +
> +return num_completed;
>  #else
>  return g_poll(fds, nfds, qemu_timeout_ns_to_ms(timeout));  #endif
> 

Re: [Qemu-devel] [PATCH v2] vmdk: Fix "%x" to PRIx32 in format strings for cid

[Fam Zheng]

On Thu, 04/17 06:00, Eric Blake wrote:
> On 04/17/2014 04:43 AM, Fam Zheng wrote:
> > Signed-off-by: Fam Zheng 
> > 
> > ---
> > v2: PRIx32 -> SCNx32. (Kevin)
> > 
> > Signed-off-by: Fam Zheng 
> > ---
> 
> > +++ b/block/vmdk.c
> > @@ -262,7 +262,7 @@ static uint32_t vmdk_read_cid(BlockDriverState *bs, int 
> > parent)
> >  p_name = strstr(desc, cid_str);
> >  if (p_name != NULL) {
> >  p_name += cid_str_size;
> > -sscanf(p_name, "%x", &cid);
> > +sscanf(p_name, "%" SCNx32, &cid);
> 
> sscanf() has undefined behavior on integer overflow.  This is not the
> only vulnerable site in the code base, but if you are ever reading from
> external input, and the ascii string being parsed does not fit in the
> variable requested by SCNx32, you risk silently parsing the wrong
> number.  It is always safer to use the strtol family (or a sane wrapper
> thereof that gets errno handling correct) for parsing strings into
> integers.  That said, I'm not going to reject this patch for using
> sscanf, so much as suggest that you look into a followup patch to avoid it.
> 

Good point, thanks for the explanation. The particular case of sscanf doesn't
matter too much because it's only a time stamp, and the only possible impact of
overflow is denial of using the image, where it is coincidentally appropriate.

I'm putting sscanf replacing on my list and leaving it for future.

Thanks,
Fam

[Qemu-devel] [Bug 1223467] Re: Unable to use USB as hda in Windows

[Will]

I found some newer Windows binaries at http://qemu.weilnetz.de/ and can
confirm I do not see the issue any more.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1223467

Title:
  Unable to use USB as hda in Windows

Status in QEMU:
  New

Bug description:
  I built qemu 1.6.0 from source in MinGW (and all dependents not available 
with mingw-get) 
  The command line:
  qemu-system-i386.exe -m 1024 -hda \\.\PhysicalDrive1 -L pc-bios
  or
  qemu-system-x86_64.exe -m 1024 -hda \\.\PhysicalDrive1 -L pc-bios
  (or the *w.exe equivalents)
  reports in stderr.txt:
  qemu-system-i386.exe: -hda \\.\PhysicalDrive1: Block protocol 'host_device' 
doesn't support the option 'filename'
  qemu-system-i386.exe: -hda \\.\PhysicalDrive1: could not open disk image 
\\.\PhysicalDrive1: Invalid argument

  I have also found this bug in 1.5 but not in 1.4

  Some Help:
  The code in Qemu is a bit beyond me at 1am, but I was able to determine the 
root cause seems to be that block.c is becoming confused about referring to a 
file but not having a file name. I have been able to work around this by 
changing line 860 of block.c from:  "if (qdict_size(options) != 0) {" to "if 
(qdict_size(options) != 0 && !is_windows_drive(filename)) {"

  But I don't think this is a good solution (it is assuming that nothing
  else could be wrong), and I can't be sure that I'm not masking some
  real issue.

  FWIW; Build is on XP, but execution is on Win7.

  Thanks.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1223467/+subscriptions

Re: [Qemu-devel] Regression (?) due to c4177479 ('spapr: make sure RMA is in first mode of first memory node')

[Nishanth Aravamudan]

On 18.04.2014 [08:46:55 +1000], Benjamin Herrenschmidt wrote:
> On Fri, 2014-04-18 at 08:43 +1000, Alexey Kardashevskiy wrote:
> > On 04/18/2014 06:25 AM, Nishanth Aravamudan wrote:
> > > Hi Alexey,
> > > 
> > > Prior to the $SUBJECT commit, we could present memoryless node0s to
> > > guests. Now, we indicate that we don't have the requisite 128M for the
> > > RMA if node 0 has no memory. Note that a memoryless node0 is possible
> > > under PowerVM (but not predictably present) so I was hoping to use KVM
> > > to test relevant fixes for memoryless nodes.
> > > 
> > > I think this change is a misinterpretation of the PAPR standard, though.
> > > Yes, the RMA must be in the first block of memory, but that isn't
> > > necessarily on node 0. The topology of a PAPR-compliant guest does not
> > > require a node 0 (and in fact, under PowerVM, Linux doesn't actually
> > > require node 0 either, but it would under KVM).
> > > 
> > > Thoughts? I suppose it's fine to say that node 0 must be sufficiently
> > > populated under KVM -- there's not really a reason to not have memory on
> > > a given node (except maybe ballooning). I can keep the commit reverted
> > > locally for testing purposes. Just wanted to see if the semantic change
> > > was intentional.
> > 
> > 
> > PAPR spec 2.7:
> > C.6.6 Memory Node
> > ===
> > This section defines the PAPR modifications to the OF /memory node. In
> > PAPR, the memory allocated to an OS image
> > may be divided into a number of allocation units called ???regions??? or
> > ???Logical Memory Blocks (LMB). An OS image
> > may be dynamically allocated additional regions or may be asked to release
> > regions. Each LMB is either represented in
> > the device tree by its own /memory node or by an entry in
> > /ibm,dynamic-reconfiguration-memory nodes
> > (see Section C.6.6.2??? ???ibm,dynamic-reconfiguration-memory?? on page 
> > 1089).
> > The /memory node that refers to the
> > storage starting at real address zero (???reg??? property starting at the 
> > value
> > zero) always remains allocated to an OS image.
> > 
> > The client program is initially loaded into this storage, called the RMA,
> > that is represented by the first value of the
> > ???reg??? property of this first /memory node.
> > ===
> > 
> > The last sentence is why the change was made. It does not say "first
> > populated" node. I am adding Ben as he had very strong opinion about this
> > thing.
> 
> You are confusing device-tree node with NUMA nodes.
> 
> Yes, it must be the LMB at address 0, which is the /memory node, but
> that doesn't have to be NUMA node 0.

Yeah, so I think the check that was added:

-if (spapr->rma_size > node0_size) {
-fprintf(stderr, "Error: Numa node 0 has to span the RMA (%#08"HWADDR_PR
-spapr->rma_size);
-exit(1);
-}

incorrectly is checking against node0_size? It should be checking
against the first LMB instead, right?

Thanks,
Nish

Re: [Qemu-devel] Regression (?) due to c4177479 ('spapr: make sure RMA is in first mode of first memory node')

[Benjamin Herrenschmidt]

On Fri, 2014-04-18 at 08:43 +1000, Alexey Kardashevskiy wrote:
> On 04/18/2014 06:25 AM, Nishanth Aravamudan wrote:
> > Hi Alexey,
> > 
> > Prior to the $SUBJECT commit, we could present memoryless node0s to
> > guests. Now, we indicate that we don't have the requisite 128M for the
> > RMA if node 0 has no memory. Note that a memoryless node0 is possible
> > under PowerVM (but not predictably present) so I was hoping to use KVM
> > to test relevant fixes for memoryless nodes.
> > 
> > I think this change is a misinterpretation of the PAPR standard, though.
> > Yes, the RMA must be in the first block of memory, but that isn't
> > necessarily on node 0. The topology of a PAPR-compliant guest does not
> > require a node 0 (and in fact, under PowerVM, Linux doesn't actually
> > require node 0 either, but it would under KVM).
> > 
> > Thoughts? I suppose it's fine to say that node 0 must be sufficiently
> > populated under KVM -- there's not really a reason to not have memory on
> > a given node (except maybe ballooning). I can keep the commit reverted
> > locally for testing purposes. Just wanted to see if the semantic change
> > was intentional.
> 
> 
> PAPR spec 2.7:
> C.6.6 Memory Node
> ===
> This section defines the PAPR modifications to the OF /memory node. In
> PAPR, the memory allocated to an OS image
> may be divided into a number of allocation units called “regions” or
> “Logical Memory Blocks (LMB). An OS image
> may be dynamically allocated additional regions or may be asked to release
> regions. Each LMB is either represented in
> the device tree by its own /memory node or by an entry in
> /ibm,dynamic-reconfiguration-memory nodes
> (see Section C.6.6.2‚ “ibm,dynamic-reconfiguration-memory‚” on page 1089).
> The /memory node that refers to the
> storage starting at real address zero (“reg” property starting at the value
> zero) always remains allocated to an OS image.
> 
> The client program is initially loaded into this storage, called the RMA,
> that is represented by the first value of the
> “reg” property of this first /memory node.
> ===
> 
> The last sentence is why the change was made. It does not say "first
> populated" node. I am adding Ben as he had very strong opinion about this
> thing.

You are confusing device-tree node with NUMA nodes.

Yes, it must be the LMB at address 0, which is the /memory node, but
that doesn't have to be NUMA node 0.

Cheers,
Ben.

Re: [Qemu-devel] Regression (?) due to c4177479 ('spapr: make sure RMA is in first mode of first memory node')

[Alexey Kardashevskiy]

On 04/18/2014 06:25 AM, Nishanth Aravamudan wrote:
> Hi Alexey,
> 
> Prior to the $SUBJECT commit, we could present memoryless node0s to
> guests. Now, we indicate that we don't have the requisite 128M for the
> RMA if node 0 has no memory. Note that a memoryless node0 is possible
> under PowerVM (but not predictably present) so I was hoping to use KVM
> to test relevant fixes for memoryless nodes.
> 
> I think this change is a misinterpretation of the PAPR standard, though.
> Yes, the RMA must be in the first block of memory, but that isn't
> necessarily on node 0. The topology of a PAPR-compliant guest does not
> require a node 0 (and in fact, under PowerVM, Linux doesn't actually
> require node 0 either, but it would under KVM).
> 
> Thoughts? I suppose it's fine to say that node 0 must be sufficiently
> populated under KVM -- there's not really a reason to not have memory on
> a given node (except maybe ballooning). I can keep the commit reverted
> locally for testing purposes. Just wanted to see if the semantic change
> was intentional.


PAPR spec 2.7:
C.6.6 Memory Node
===
This section defines the PAPR modifications to the OF /memory node. In
PAPR, the memory allocated to an OS image
may be divided into a number of allocation units called “regions” or
“Logical Memory Blocks (LMB). An OS image
may be dynamically allocated additional regions or may be asked to release
regions. Each LMB is either represented in
the device tree by its own /memory node or by an entry in
/ibm,dynamic-reconfiguration-memory nodes
(see Section C.6.6.2‚ “ibm,dynamic-reconfiguration-memory‚” on page 1089).
The /memory node that refers to the
storage starting at real address zero (“reg” property starting at the value
zero) always remains allocated to an OS image.

The client program is initially loaded into this storage, called the RMA,
that is represented by the first value of the
“reg” property of this first /memory node.
===

The last sentence is why the change was made. It does not say "first
populated" node. I am adding Ben as he had very strong opinion about this
thing.


-- 
Alexey

[Qemu-devel] [PATCH v5 02/12] qcow2: Implement bdrv_make_empty()

[Max Reitz]

Implement bdrv_make_empty() by making all clusters in the image fall
through to the backing file (via the now modified discard).

Signed-off-by: Max Reitz 
---
 block/qcow2.c | 22 ++
 1 file changed, 22 insertions(+)

diff --git a/block/qcow2.c b/block/qcow2.c
index 1e7b7d5..4d70665 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -2006,6 +2006,27 @@ fail:
 return ret;
 }
 
+static int qcow2_make_empty(BlockDriverState *bs)
+{
+ uint64_t start_sector;
+ int ret = 0;
+
+ /* The step taken here may not exceed INT_MAX when multiplied by
+  * BDRV_SECTOR_SIZE. 64k is arbitrary, but works well. */
+ for (start_sector = 0; start_sector < bs->total_sectors;
+  start_sector += 65536)
+ {
+ ret = qcow2_discard_clusters(bs, start_sector * BDRV_SECTOR_SIZE,
+ MIN(65536, bs->total_sectors - start_sector),
+ QCOW2_DISCARD_REQUEST, true);
+ if (ret < 0) {
+ break;
+ }
+ }
+
+ return ret;
+}
+
 static coroutine_fn int qcow2_co_flush_to_os(BlockDriverState *bs)
 {
 BDRVQcowState *s = bs->opaque;
@@ -2388,6 +2409,7 @@ static BlockDriver bdrv_qcow2 = {
 .bdrv_co_discard= qcow2_co_discard,
 .bdrv_truncate  = qcow2_truncate,
 .bdrv_write_compressed  = qcow2_write_compressed,
+.bdrv_make_empty= qcow2_make_empty,
 
 .bdrv_snapshot_create   = qcow2_snapshot_create,
 .bdrv_snapshot_goto = qcow2_snapshot_goto,
-- 
1.9.2

[Qemu-devel] [PATCH v5 10/12] iotests: Add _filter_qemu_img_map

[Max Reitz]

As different image formats most probably map guest addresses to
different host addresses, add a filter to filter the host addresses out;
also, the image filename should be filtered.

Signed-off-by: Max Reitz 
---
 tests/qemu-iotests/common.filter | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/tests/qemu-iotests/common.filter b/tests/qemu-iotests/common.filter
index 776985d..78ea9e5 100644
--- a/tests/qemu-iotests/common.filter
+++ b/tests/qemu-iotests/common.filter
@@ -169,5 +169,12 @@ _filter_qmp()
 -e 's#^{"QMP":.*}$#QMP_VERSION#'
 }
 
+# filter out offsets and file names from qemu-img map
+_filter_qemu_img_map()
+{
+sed -e 's/\([0-9a-fx]* *[0-9a-fx]* *\)[0-9a-fx]* */\1/g' \
+-e 's/Mapped to *//' | _filter_testdir | _filter_imgfmt
+}
+
 # make sure this script returns success
 /bin/true
-- 
1.9.2

Re: [Qemu-devel] [PATCH] xilinx: Fix typo in comment (Marvel -> Marvell)

[Peter Crosthwaite]

On Fri, Apr 18, 2014 at 3:32 AM, Stefan Weil  wrote:
> Signed-off-by: Stefan Weil 

Reviewed-by: Peter Crosthwaite 

> ---
>  hw/net/xilinx_axienet.c |2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/net/xilinx_axienet.c b/hw/net/xilinx_axienet.c
> index 839d97c..6dc665f 100644
> --- a/hw/net/xilinx_axienet.c
> +++ b/hw/net/xilinx_axienet.c
> @@ -98,7 +98,7 @@ static unsigned int tdk_read(struct PHY *phy, unsigned int 
> req)
>  r |= 1;
>  break;
>  case 17:
> -/* Marvel PHY on many xilinx boards.  */
> +/* Marvell PHY on many xilinx boards.  */
>  r = 0x8000; /* 1000Mb  */
>  break;
>  case 18:
> --
> 1.7.10.4
>
>

[Qemu-devel] [PATCH v5 04/12] blockjob: Add "ready" field

[Max Reitz]

When a block job signals readiness, this is currently reported only
through QMP. If qemu wants to use block jobs for internal tasks, there
needs to be another way to correctly detect when a block job may be
completed.

For this reason, introduce a bool "ready" which is set when the block
job may be completed.

Signed-off-by: Max Reitz 
---
 blockjob.c   | 7 ++-
 include/block/blockjob.h | 5 +
 qapi-schema.json | 4 +++-
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/blockjob.c b/blockjob.c
index e10c1f3..8cc2b5d 100644
--- a/blockjob.c
+++ b/blockjob.c
@@ -242,6 +242,7 @@ BlockJobInfo *block_job_query(BlockJob *job)
 info->offset= job->offset;
 info->speed = job->speed;
 info->io_status = job->iostatus;
+info->ready = job->ready;
 return info;
 }
 
@@ -270,7 +271,11 @@ QObject *qobject_from_block_job(BlockJob *job)
 
 void block_job_ready(BlockJob *job)
 {
-QObject *data = qobject_from_block_job(job);
+QObject *data;
+
+job->ready = true;
+
+data = qobject_from_block_job(job);
 monitor_protocol_event(QEVENT_BLOCK_JOB_READY, data);
 qobject_decref(data);
 }
diff --git a/include/block/blockjob.h b/include/block/blockjob.h
index 626ea42..4a920e7 100644
--- a/include/block/blockjob.h
+++ b/include/block/blockjob.h
@@ -91,6 +91,11 @@ struct BlockJob {
  */
 bool busy;
 
+/**
+ * Set to true when the job is ready to be completed.
+ */
+bool ready;
+
 /** Status that is published by the query-block-jobs QMP API */
 BlockDeviceIoStatus iostatus;
 
diff --git a/qapi-schema.json b/qapi-schema.json
index 391356f..1097090 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -1573,12 +1573,14 @@
 #
 # @io-status: the status of the job (since 1.3)
 #
+# @ready: true if the job may be completed (since 2.1)
+#
 # Since: 1.1
 ##
 { 'type': 'BlockJobInfo',
   'data': {'type': 'str', 'device': 'str', 'len': 'int',
'offset': 'int', 'busy': 'bool', 'paused': 'bool', 'speed': 'int',
-   'io-status': 'BlockDeviceIoStatus'} }
+   'io-status': 'BlockDeviceIoStatus', 'ready': 'bool'} }
 
 ##
 # @query-block-jobs:
-- 
1.9.2

[Qemu-devel] [PATCH v5 11/12] iotests: Add test for backing-chain commits

[Max Reitz]

Add a test for qemu-img commit on backing chains with more than two
images. This test also checks whether the images above the base image
are emptied and does therefore not work for qed and vmdk which requires
it to be separate from 020.

Signed-off-by: Max Reitz 
---
 tests/qemu-iotests/089 | 103 +
 tests/qemu-iotests/089.out |  56 
 tests/qemu-iotests/group   |   1 +
 3 files changed, 160 insertions(+)
 create mode 100755 tests/qemu-iotests/089
 create mode 100644 tests/qemu-iotests/089.out

diff --git a/tests/qemu-iotests/089 b/tests/qemu-iotests/089
new file mode 100755
index 000..4f31462
--- /dev/null
+++ b/tests/qemu-iotests/089
@@ -0,0 +1,103 @@
+#!/bin/bash
+#
+# Commit changes into backing chains and empty intermediate images
+#
+# Copyright (C) 2014 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+# creator
+owner=mre...@redhat.com
+
+seq="$(basename $0)"
+echo "QA output created by $seq"
+
+here="$PWD"
+tmp=/tmp/$$
+status=1   # failure is the default!
+
+_cleanup()
+{
+_cleanup_test_img
+_rm_test_img "$TEST_IMG.itmd"
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+. ./common.pattern
+
+# Any format supporting backing files and bdrv_make_empty
+_supported_fmt qcow qcow2
+_supported_proto file
+_supported_os Linux
+
+# Three passes:
+#  0: Two-layer backing chain, commit to upper backing file (default)
+#  1: Two-layer backing chain, commit to lower backing file
+#
+# 020 already tests committing, so this only tests whether image chains are
+# working properly and that all images above the base are emptied; therefore,
+# no complicated patterns are necessary
+for i in 0 1; do
+
+echo
+echo "=== Test pass $i ==="
+echo
+
+TEST_IMG="$TEST_IMG.base" _make_test_img 64M
+TEST_IMG="$TEST_IMG.itmd" _make_test_img -b "$TEST_IMG.base" 64M
+_make_test_img -b "$TEST_IMG.itmd" 64M
+
+$QEMU_IO -c 'write -P 1 0 192k' "$TEST_IMG.base" | _filter_qemu_io
+$QEMU_IO -c 'write -P 2 64k 128k' "$TEST_IMG.itmd" | _filter_qemu_io
+$QEMU_IO -c 'write -P 3 128k 64k' "$TEST_IMG" | _filter_qemu_io
+
+if [ $i == 0 ]; then
+# -b "$TEST_IMG.itmd" should be the default (that is, committing to the
+# first backing file in the chain)
+$QEMU_IMG commit "$TEST_IMG"
+
+# Bottom should be unchanged
+$QEMU_IO -c 'read -P 1 0 192k' "$TEST_IMG.base" | _filter_qemu_io
+
+# Intermediate should contain changes from top
+$QEMU_IO -c 'read -P 1 0 64k' "$TEST_IMG.itmd" | _filter_qemu_io
+$QEMU_IO -c 'read -P 2 64k 64k' "$TEST_IMG.itmd" | _filter_qemu_io
+$QEMU_IO -c 'read -P 3 128k 64k' "$TEST_IMG.itmd" | _filter_qemu_io
+
+# And the top image should be empty, which is checked by qemu-img map
+else
+$QEMU_IMG commit -b "$TEST_IMG.base" "$TEST_IMG"
+
+# Bottom should contain all changes
+$QEMU_IO -c 'read -P 1 0 64k' "$TEST_IMG.base" | _filter_qemu_io
+$QEMU_IO -c 'read -P 2 64k 64k' "$TEST_IMG.base" | _filter_qemu_io
+$QEMU_IO -c 'read -P 3 128k 64k' "$TEST_IMG.base" | _filter_qemu_io
+
+# Both top and intermediate should be empty
+fi
+
+$QEMU_IMG map "$TEST_IMG.base" | _filter_qemu_img_map
+$QEMU_IMG map "$TEST_IMG.itmd" | _filter_qemu_img_map
+$QEMU_IMG map "$TEST_IMG" | _filter_qemu_img_map
+
+done
+
+# success, all done
+echo "*** done"
+rm -f $seq.full
+status=0
diff --git a/tests/qemu-iotests/089.out b/tests/qemu-iotests/089.out
new file mode 100644
index 000..6818b11
--- /dev/null
+++ b/tests/qemu-iotests/089.out
@@ -0,0 +1,56 @@
+QA output created by 089
+
+=== Test pass 0 ===
+
+Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=67108864 
+Formatting 'TEST_DIR/t.IMGFMT.itmd', fmt=IMGFMT size=67108864 
backing_file='TEST_DIR/t.IMGFMT.base' 
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 
backing_file='TEST_DIR/t.IMGFMT.itmd' 
+wrote 196608/196608 bytes at offset 0
+192 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+wrote 131072/131072 bytes at offset 65536
+128 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+wrote 65536/65536 bytes at offset 131072
+64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+Image committed.
+read 196608/196608 bytes at offset 0
+192 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+read 65536/65536 bytes at offset 0
+64 KiB, X ops;

[Qemu-devel] [PATCH v5 09/12] qemu-img: Specify backing file for commit

[Max Reitz]

Introduce a new parameter for qemu-img commit which may be used to
explicitly specify the backing file into which an image should be
committed if the backing chain has more than a single layer.

Signed-off-by: Max Reitz 
Reviewed-by: Eric Blake 
Reviewed-by: Fam Zheng 
---
 qemu-img-cmds.hx |  4 ++--
 qemu-img.c   | 22 +++---
 qemu-img.texi|  8 +++-
 3 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/qemu-img-cmds.hx b/qemu-img-cmds.hx
index 8bc55cd..e8a5d34 100644
--- a/qemu-img-cmds.hx
+++ b/qemu-img-cmds.hx
@@ -22,9 +22,9 @@ STEXI
 ETEXI
 
 DEF("commit", img_commit,
-"commit [-q] [-f fmt] [-t cache] [-p] filename")
+"commit [-q] [-f fmt] [-t cache] [-b base] [-p] filename")
 STEXI
-@item commit [-q] [-f @var{fmt}] [-t @var{cache}] [-p] @var{filename}
+@item commit [-q] [-f @var{fmt}] [-t @var{cache}] [-b @var{base}] [-p] 
@var{filename}
 ETEXI
 
 DEF("compare", img_compare,
diff --git a/qemu-img.c b/qemu-img.c
index 0d65fed..d048453 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -727,7 +727,7 @@ static void run_block_job(BlockJob *job, Error **errp)
 static int img_commit(int argc, char **argv)
 {
 int c, ret, flags;
-const char *filename, *fmt, *cache;
+const char *filename, *fmt, *cache, *base;
 BlockDriverState *bs, *base_bs, *backing_bs;
 bool progress = false, quiet = false;
 Error *local_err = NULL;
@@ -738,8 +738,9 @@ static int img_commit(int argc, char **argv)
 
 fmt = NULL;
 cache = BDRV_DEFAULT_CACHE;
+base = NULL;
 for(;;) {
-c = getopt(argc, argv, "f:ht:qp");
+c = getopt(argc, argv, "f:ht:b:qp");
 if (c == -1) {
 break;
 }
@@ -754,6 +755,9 @@ static int img_commit(int argc, char **argv)
 case 't':
 cache = optarg;
 break;
+case 'b':
+base = optarg;
+break;
 case 'p':
 progress = true;
 break;
@@ -788,12 +792,16 @@ static int img_commit(int argc, char **argv)
 qemu_progress_init(progress, 1.f);
 qemu_progress_print(0.f, 100);
 
-/* This is different from QMP, which by default uses the deepest file in 
the
- * backing chain (i.e., the very base); however, the traditional behavior 
of
- * qemu-img commit is using the immediate backing file. */
-base_bs = bs->backing_hd;
+if (base) {
+base_bs = bdrv_find_backing_image(bs, base);
+} else {
+/* This is different from QMP, which by default uses the deepest file 
in
+ * the backing chain (i.e., the very base); however, the traditional
+ * behavior of qemu-img commit is using the immediate backing file. */
+base_bs = bs->backing_hd;
+}
 if (!base_bs) {
-error_set(&local_err, QERR_BASE_NOT_FOUND, "NULL");
+error_set(&local_err, QERR_BASE_NOT_FOUND, base ?: "NULL");
 goto done;
 }
 
diff --git a/qemu-img.texi b/qemu-img.texi
index 1a9c08f..27b65ae 100644
--- a/qemu-img.texi
+++ b/qemu-img.texi
@@ -140,7 +140,7 @@ this case. @var{backing_file} will never be modified unless 
you use the
 The size can also be specified using the @var{size} option with @code{-o},
 it doesn't need to be specified separately in this case.
 
-@item commit [-q] [-f @var{fmt}] [-t @var{cache}] [-p] @var{filename}
+@item commit [-q] [-f @var{fmt}] [-t @var{cache}] [-b @var{base}] [-p] 
@var{filename}
 
 Commit the changes recorded in @var{filename} in its base image or backing 
file.
 If the backing file is smaller than the snapshot, then the backing file will be
@@ -149,6 +149,12 @@ the backing file, the backing file will not be truncated.  
If you want the
 backing file to match the size of the smaller snapshot, you can safely truncate
 it yourself once the commit operation successfully completes.
 
+If the backing chain of the given image file @var{filename} has more than one
+layer, the backing file into which the changes will be committed may be
+specified as @var{base} (which has to be part of @var{filename}'s backing
+chain). If @var{base} is not specified, the immediate backing file of the top
+image (which is @var{filename}) will be used.
+
 @item compare [-f @var{fmt}] [-F @var{fmt}] [-p] [-s] [-q] @var{filename1} 
@var{filename2}
 
 Check if two images have the same content. You can compare images with
-- 
1.9.2

[Qemu-devel] [PATCH v5 07/12] qemu-img: Empty images after commit

[Max Reitz]

After the top image has been committed into an image in its backing
chain, all images above that base image should be emptied to restore the
old qemu-img commit behavior.

Signed-off-by: Max Reitz 
---
 qemu-img.c | 87 +++---
 1 file changed, 84 insertions(+), 3 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index 7ee791f..42616da 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -49,6 +49,11 @@ typedef enum OutputFormat {
 OFORMAT_HUMAN,
 } OutputFormat;
 
+typedef struct BackingList {
+BlockDriverState *bs;
+QSIMPLEQ_ENTRY(BackingList) list;
+} BackingList;
+
 /* Default to cache=writeback as data integrity is not important for qemu-tcg. 
*/
 #define BDRV_O_FLAGS BDRV_O_CACHE_WB
 #define BDRV_DEFAULT_CACHE "writeback"
@@ -717,10 +722,13 @@ static int img_commit(int argc, char **argv)
 {
 int c, ret, flags;
 const char *filename, *fmt, *cache;
-BlockDriverState *bs, *base_bs;
+BlockDriverState *bs, *base_bs, *backing_bs;
 bool quiet = false;
 Error *local_err = NULL;
 CommonBlockJobCBInfo cbi;
+BackingList *bl_element, *bl_next;
+QSIMPLEQ_HEAD(, BackingList) backing_list =
+QSIMPLEQ_HEAD_INITIALIZER(backing_list);
 
 fmt = NULL;
 cache = BDRV_DEFAULT_CACHE;
@@ -750,7 +758,7 @@ static int img_commit(int argc, char **argv)
 }
 filename = argv[optind++];
 
-flags = BDRV_O_RDWR;
+flags = BDRV_O_RDWR | BDRV_O_UNMAP;
 ret = bdrv_parse_cache_flags(cache, &flags);
 if (ret < 0) {
 error_report("Invalid cache option: %s", cache);
@@ -771,6 +779,32 @@ static int img_commit(int argc, char **argv)
 goto done;
 }
 
+/* Build a list of the intermediate backing images in order to be able to
+ * empty them later; note that base_bs is included in this list although we
+ * actually want to empty bs instead. As bdrv_swap() will be called on both
+ * by the commit block job, it is however correct to use the pointer to
+ * base_bs in order to clear bs. */
+backing_bs = bs;
+
+do {
+backing_bs = backing_bs->backing_hd;
+assert(backing_bs);
+
+bl_element = g_new(BackingList, 1);
+bl_element->bs = backing_bs;
+
+if (backing_bs != base_bs) {
+/* Generally, the images should be emptied from top to bottom in
+ * order to keep them consistent even if one make_empty operation
+ * fails because it could empty an image only partially */
+QSIMPLEQ_INSERT_TAIL(&backing_list, bl_element, list);
+} else {
+/* The final pointer in the backing chain will however later point
+ * to the image at the very top, so put it at the front instead */
+QSIMPLEQ_INSERT_HEAD(&backing_list, bl_element, list);
+}
+} while (backing_bs != base_bs);
+
 cbi = (CommonBlockJobCBInfo){
 .errp = &local_err,
 .bs   = bs,
@@ -779,10 +813,57 @@ static int img_commit(int argc, char **argv)
 commit_active_start(bs, base_bs, 0, BLOCKDEV_ON_ERROR_REPORT,
 common_block_job_cb, &cbi, &local_err);
 if (local_err) {
-goto done;
+goto free_backing_list;
+}
+
+/* The block job will swap base_bs and bs (which is not what we really want
+ * here, but okay) and unref bs (and subsequently all intermediate block
+ * devices). In order to be able to empty these images afterwards, 
increment
+ * the reference counter here preemptively. */
+QSIMPLEQ_FOREACH(bl_element, &backing_list, list) {
+bdrv_ref(bl_element->bs);
 }
 
 run_block_job(bs->job, &local_err);
+if (local_err) {
+goto unref_backing;
+}
+
+QSIMPLEQ_FOREACH(bl_element, &backing_list, list) {
+if (bl_element->bs->drv->bdrv_make_empty) {
+if (bl_element->bs->read_only) {
+/* If this is an intermediate file in the backing chain between
+ * the top and the bottom image, it has been opened implicitly
+ * read-only; reopen it R/W for emptying */
+ret = bdrv_reopen(bl_element->bs, flags, &local_err);
+if (ret < 0 || local_err) {
+if (!local_err) {
+error_setg_errno(&local_err, -ret,
+ "Could not write to %s",
+ bl_element->bs->filename);
+}
+goto unref_backing;
+}
+}
+
+ret = bl_element->bs->drv->bdrv_make_empty(bl_element->bs);
+if (ret) {
+error_setg_errno(&local_err, -ret, "Could not empty %s",
+ bl_element->bs->filename);
+goto unref_backing;
+}
+}
+}
+
+unref_backing:
+QSIMPLEQ_FOREACH(bl_element, &backing_list, list) {
+bdrv_unref(bl_element->bs);
+}
+
+free

[Qemu-devel] [PATCH v5 12/12] iotests: Omit length/offset test in 040 and 041

[Max Reitz]

As the length of a mirror block job no longer directly depends on the
size of the block device, drop the related checks from this test.

As 041 uses the wait_until_completed function from iotests.py, that
check has to be dropped there as well which in turn affects test 055. On
the other hand, a block job's length does not have to be related to the
length of the image file in the first place, so that check was
questionable anyway.

Signed-off-by: Max Reitz 
---
 tests/qemu-iotests/040| 3 ---
 tests/qemu-iotests/041| 2 --
 tests/qemu-iotests/iotests.py | 2 --
 3 files changed, 7 deletions(-)

diff --git a/tests/qemu-iotests/040 b/tests/qemu-iotests/040
index 734b6a6..437af2b 100755
--- a/tests/qemu-iotests/040
+++ b/tests/qemu-iotests/040
@@ -46,13 +46,10 @@ class ImageCommitTestCase(iotests.QMPTestCase):
 if event['event'] == 'BLOCK_JOB_COMPLETED':
 self.assert_qmp(event, 'data/type', 'commit')
 self.assert_qmp(event, 'data/device', 'drive0')
-self.assert_qmp(event, 'data/offset', self.image_len)
-self.assert_qmp(event, 'data/len', self.image_len)
 completed = True
 elif event['event'] == 'BLOCK_JOB_READY':
 self.assert_qmp(event, 'data/type', 'commit')
 self.assert_qmp(event, 'data/device', 'drive0')
-self.assert_qmp(event, 'data/len', self.image_len)
 self.vm.qmp('block-job-complete', device='drive0')
 
 self.assert_no_active_block_jobs()
diff --git a/tests/qemu-iotests/041 b/tests/qemu-iotests/041
index ec470b2..8bb7ec3 100755
--- a/tests/qemu-iotests/041
+++ b/tests/qemu-iotests/041
@@ -46,8 +46,6 @@ class ImageMirroringTestCase(iotests.QMPTestCase):
 event = self.cancel_and_wait()
 self.assertEquals(event['event'], 'BLOCK_JOB_COMPLETED')
 self.assert_qmp(event, 'data/type', 'mirror')
-self.assert_qmp(event, 'data/offset', self.image_len)
-self.assert_qmp(event, 'data/len', self.image_len)
 
 def complete_and_wait(self, drive='drive0', wait_ready=True):
 '''Complete a block job and wait for it to finish'''
diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index e4fa9af..0d3ff24 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -265,8 +265,6 @@ class QMPTestCase(unittest.TestCase):
 if event['event'] == 'BLOCK_JOB_COMPLETED':
 self.assert_qmp(event, 'data/device', drive)
 self.assert_qmp_absent(event, 'data/error')
-self.assert_qmp(event, 'data/offset', self.image_len)
-self.assert_qmp(event, 'data/len', self.image_len)
 completed = True
 
 self.assert_no_active_block_jobs()
-- 
1.9.2

[Qemu-devel] [PATCH v5 05/12] block/mirror: Improve progress report

[Max Reitz]

Instead of taking the total length of the block device as the block
job's length, use the number of dirty sectors. The progress is now the
number of sectors mirrored to the target block device. Note that this
may result in the job's length increasing during operation, which is
however in fact desirable.

Signed-off-by: Max Reitz 
---
 block/mirror.c | 32 +---
 1 file changed, 21 insertions(+), 11 deletions(-)

diff --git a/block/mirror.c b/block/mirror.c
index 2618c37..576b74e 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -39,6 +39,7 @@ typedef struct MirrorBlockJob {
 int64_t sector_num;
 int64_t granularity;
 size_t buf_size;
+int64_t bdev_length;
 unsigned long *cow_bitmap;
 BdrvDirtyBitmap *dirty_bitmap;
 HBitmapIter hbi;
@@ -48,6 +49,7 @@ typedef struct MirrorBlockJob {
 
 unsigned long *in_flight_bitmap;
 int in_flight;
+int sectors_in_flight;
 int ret;
 } MirrorBlockJob;
 
@@ -81,6 +83,7 @@ static void mirror_iteration_done(MirrorOp *op, int ret)
 trace_mirror_iteration_done(s, op->sector_num, op->nb_sectors, ret);
 
 s->in_flight--;
+s->sectors_in_flight -= op->nb_sectors;
 iov = op->qiov.iov;
 for (i = 0; i < op->qiov.niov; i++) {
 MirrorBuffer *buf = (MirrorBuffer *) iov[i].iov_base;
@@ -92,8 +95,11 @@ static void mirror_iteration_done(MirrorOp *op, int ret)
 chunk_num = op->sector_num / sectors_per_chunk;
 nb_chunks = op->nb_sectors / sectors_per_chunk;
 bitmap_clear(s->in_flight_bitmap, chunk_num, nb_chunks);
-if (s->cow_bitmap && ret >= 0) {
-bitmap_set(s->cow_bitmap, chunk_num, nb_chunks);
+if (ret >= 0) {
+if (s->cow_bitmap) {
+bitmap_set(s->cow_bitmap, chunk_num, nb_chunks);
+}
+s->common.offset += (uint64_t)op->nb_sectors * BDRV_SECTOR_SIZE;
 }
 
 qemu_iovec_destroy(&op->qiov);
@@ -166,7 +172,7 @@ static uint64_t coroutine_fn 
mirror_iteration(MirrorBlockJob *s)
 hbitmap_next_sector = s->sector_num;
 sector_num = s->sector_num;
 sectors_per_chunk = s->granularity >> BDRV_SECTOR_BITS;
-end = s->common.len >> BDRV_SECTOR_BITS;
+end = s->bdev_length / BDRV_SECTOR_SIZE;
 
 /* Extend the QEMUIOVector to include all adjacent blocks that will
  * be copied in this operation.
@@ -278,6 +284,7 @@ static uint64_t coroutine_fn 
mirror_iteration(MirrorBlockJob *s)
 
 /* Copy the dirty cluster.  */
 s->in_flight++;
+s->sectors_in_flight += nb_sectors;
 trace_mirror_one_iteration(s, sector_num, nb_sectors);
 bdrv_aio_readv(source, sector_num, &op->qiov, nb_sectors,
mirror_read_complete, op);
@@ -323,13 +330,13 @@ static void coroutine_fn mirror_run(void *opaque)
 goto immediate_exit;
 }
 
-s->common.len = bdrv_getlength(bs);
-if (s->common.len <= 0) {
-block_job_completed(&s->common, s->common.len);
+s->bdev_length = bdrv_getlength(bs);
+if (s->bdev_length <= 0) {
+block_job_completed(&s->common, s->bdev_length);
 return;
 }
 
-length = (bdrv_getlength(bs) + s->granularity - 1) / s->granularity;
+length = (s->bdev_length + s->granularity - 1) / s->granularity;
 s->in_flight_bitmap = bitmap_new(length);
 
 /* If we have no backing file yet in the destination, we cannot let
@@ -346,7 +353,7 @@ static void coroutine_fn mirror_run(void *opaque)
 }
 }
 
-end = s->common.len >> BDRV_SECTOR_BITS;
+end = s->bdev_length / BDRV_SECTOR_SIZE;
 s->buf = qemu_blockalign(bs, s->buf_size);
 sectors_per_chunk = s->granularity >> BDRV_SECTOR_BITS;
 mirror_free_init(s);
@@ -386,6 +393,12 @@ static void coroutine_fn mirror_run(void *opaque)
 }
 
 cnt = bdrv_get_dirty_count(bs, s->dirty_bitmap);
+/* s->common.offset contains the number of bytes already processed so
+ * far, cnt is the number of dirty sectors remaining and
+ * s->sectors_in_flight is the number of sectors currently being
+ * processed; together those are the current total operation length */
+s->common.len = s->common.offset +
+(cnt + s->sectors_in_flight) * BDRV_SECTOR_SIZE;
 
 /* Note that even when no rate limit is applied we need to yield
  * periodically with no pending I/O so that qemu_aio_flush() returns.
@@ -421,7 +434,6 @@ static void coroutine_fn mirror_run(void *opaque)
  * report completion.  This way, block-job-cancel will leave
  * the target in a consistent state.
  */
-s->common.offset = end * BDRV_SECTOR_SIZE;
 if (!s->synced) {
 block_job_ready(&s->common);
 s->synced = true;
@@ -450,8 +462,6 @@ static void coroutine_fn mirror_run(void *opaque)
 ret = 0;
 trace_mirror_before_sleep(s, cnt, s->synced, delay_ns);
 if (!s->synced) {
-/* Publish progress 

[Qemu-devel] [PATCH v5 08/12] qemu-img: Enable progress output for commit

[Max Reitz]

Implement progress output for the commit command by querying the
progress of the block job.

Signed-off-by: Max Reitz 
---
 qemu-img-cmds.hx |  4 ++--
 qemu-img.c   | 24 ++--
 qemu-img.texi|  2 +-
 3 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/qemu-img-cmds.hx b/qemu-img-cmds.hx
index d029609..8bc55cd 100644
--- a/qemu-img-cmds.hx
+++ b/qemu-img-cmds.hx
@@ -22,9 +22,9 @@ STEXI
 ETEXI
 
 DEF("commit", img_commit,
-"commit [-q] [-f fmt] [-t cache] filename")
+"commit [-q] [-f fmt] [-t cache] [-p] filename")
 STEXI
-@item commit [-q] [-f @var{fmt}] [-t @var{cache}] @var{filename}
+@item commit [-q] [-f @var{fmt}] [-t @var{cache}] [-p] @var{filename}
 ETEXI
 
 DEF("compare", img_compare,
diff --git a/qemu-img.c b/qemu-img.c
index 42616da..0d65fed 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -710,12 +710,18 @@ static void run_block_job(BlockJob *job, Error **errp)
 do {
 qemu_aio_wait();
 
+qemu_progress_print((float)job->offset / job->len * 100.f, 0);
+
 if (!job->busy && !job->ready) {
 block_job_resume(job);
 }
 } while (!job->ready);
 
 block_job_complete_sync(job, errp);
+
+/* A block job may finish instantanously without publishing any progress,
+ * so just signal completion here */
+qemu_progress_print(100.f, 0);
 }
 
 static int img_commit(int argc, char **argv)
@@ -723,7 +729,7 @@ static int img_commit(int argc, char **argv)
 int c, ret, flags;
 const char *filename, *fmt, *cache;
 BlockDriverState *bs, *base_bs, *backing_bs;
-bool quiet = false;
+bool progress = false, quiet = false;
 Error *local_err = NULL;
 CommonBlockJobCBInfo cbi;
 BackingList *bl_element, *bl_next;
@@ -733,7 +739,7 @@ static int img_commit(int argc, char **argv)
 fmt = NULL;
 cache = BDRV_DEFAULT_CACHE;
 for(;;) {
-c = getopt(argc, argv, "f:ht:q");
+c = getopt(argc, argv, "f:ht:qp");
 if (c == -1) {
 break;
 }
@@ -748,11 +754,20 @@ static int img_commit(int argc, char **argv)
 case 't':
 cache = optarg;
 break;
+case 'p':
+progress = true;
+break;
 case 'q':
 quiet = true;
 break;
 }
 }
+
+/* Progress is not shown in Quiet mode */
+if (quiet) {
+progress = false;
+}
+
 if (optind != argc - 1) {
 help();
 }
@@ -770,6 +785,9 @@ static int img_commit(int argc, char **argv)
 return 1;
 }
 
+qemu_progress_init(progress, 1.f);
+qemu_progress_print(0.f, 100);
+
 /* This is different from QMP, which by default uses the deepest file in 
the
  * backing chain (i.e., the very base); however, the traditional behavior 
of
  * qemu-img commit is using the immediate backing file. */
@@ -866,6 +884,8 @@ free_backing_list:
 }
 
 done:
+qemu_progress_end();
+
 bdrv_unref(bs);
 
 if (local_err) {
diff --git a/qemu-img.texi b/qemu-img.texi
index f84590e..1a9c08f 100644
--- a/qemu-img.texi
+++ b/qemu-img.texi
@@ -140,7 +140,7 @@ this case. @var{backing_file} will never be modified unless 
you use the
 The size can also be specified using the @var{size} option with @code{-o},
 it doesn't need to be specified separately in this case.
 
-@item commit [-f @var{fmt}] [-t @var{cache}] @var{filename}
+@item commit [-q] [-f @var{fmt}] [-t @var{cache}] [-p] @var{filename}
 
 Commit the changes recorded in @var{filename} in its base image or backing 
file.
 If the backing file is smaller than the snapshot, then the backing file will be
-- 
1.9.2

[Qemu-devel] [PATCH v5 06/12] qemu-img: Implement commit like QMP

[Max Reitz]

qemu-img should use QMP commands whenever possible in order to ensure
feature completeness of both online and offline image operations. As
qemu-img itself has no access to QMP (since this would basically require
just everything being linked into qemu-img), imitate QMP's
implementation of block-commit by using commit_active_start() and then
waiting for the block job to finish.

Signed-off-by: Max Reitz 
---
 block/Makefile.objs |  2 +-
 qemu-img.c  | 81 -
 2 files changed, 63 insertions(+), 20 deletions(-)

diff --git a/block/Makefile.objs b/block/Makefile.objs
index fd88c03..2c37e80 100644
--- a/block/Makefile.objs
+++ b/block/Makefile.objs
@@ -9,6 +9,7 @@ block-obj-y += snapshot.o qapi.o
 block-obj-$(CONFIG_WIN32) += raw-win32.o win32-aio.o
 block-obj-$(CONFIG_POSIX) += raw-posix.o
 block-obj-$(CONFIG_LINUX_AIO) += linux-aio.o
+block-obj-y += mirror.o
 
 ifeq ($(CONFIG_POSIX),y)
 block-obj-y += nbd.o nbd-client.o sheepdog.o
@@ -22,7 +23,6 @@ endif
 
 common-obj-y += stream.o
 common-obj-y += commit.o
-common-obj-y += mirror.o
 common-obj-y += backup.o
 
 iscsi.o-cflags := $(LIBISCSI_CFLAGS)
diff --git a/qemu-img.c b/qemu-img.c
index 8455994..7ee791f 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -30,6 +30,7 @@
 #include "qemu/osdep.h"
 #include "sysemu/sysemu.h"
 #include "block/block_int.h"
+#include "block/blockjob.h"
 #include "block/qapi.h"
 #include 
 
@@ -682,12 +683,44 @@ fail:
 return ret;
 }
 
+typedef struct CommonBlockJobCBInfo {
+BlockDriverState *bs;
+Error **errp;
+} CommonBlockJobCBInfo;
+
+static void common_block_job_cb(void *opaque, int ret)
+{
+CommonBlockJobCBInfo *cbi = opaque;
+
+if (ret < 0) {
+error_setg_errno(cbi->errp, -ret, "Block job failed");
+}
+
+/* Drop this block job's reference */
+bdrv_unref(cbi->bs);
+}
+
+static void run_block_job(BlockJob *job, Error **errp)
+{
+do {
+qemu_aio_wait();
+
+if (!job->busy && !job->ready) {
+block_job_resume(job);
+}
+} while (!job->ready);
+
+block_job_complete_sync(job, errp);
+}
+
 static int img_commit(int argc, char **argv)
 {
 int c, ret, flags;
 const char *filename, *fmt, *cache;
-BlockDriverState *bs;
+BlockDriverState *bs, *base_bs;
 bool quiet = false;
+Error *local_err = NULL;
+CommonBlockJobCBInfo cbi;
 
 fmt = NULL;
 cache = BDRV_DEFAULT_CACHE;
@@ -728,29 +761,39 @@ static int img_commit(int argc, char **argv)
 if (!bs) {
 return 1;
 }
-ret = bdrv_commit(bs);
-switch(ret) {
-case 0:
-qprintf(quiet, "Image committed.\n");
-break;
-case -ENOENT:
-error_report("No disk inserted");
-break;
-case -EACCES:
-error_report("Image is read-only");
-break;
-case -ENOTSUP:
-error_report("Image is already committed");
-break;
-default:
-error_report("Error while committing image");
-break;
+
+/* This is different from QMP, which by default uses the deepest file in 
the
+ * backing chain (i.e., the very base); however, the traditional behavior 
of
+ * qemu-img commit is using the immediate backing file. */
+base_bs = bs->backing_hd;
+if (!base_bs) {
+error_set(&local_err, QERR_BASE_NOT_FOUND, "NULL");
+goto done;
 }
 
+cbi = (CommonBlockJobCBInfo){
+.errp = &local_err,
+.bs   = bs,
+};
+
+commit_active_start(bs, base_bs, 0, BLOCKDEV_ON_ERROR_REPORT,
+common_block_job_cb, &cbi, &local_err);
+if (local_err) {
+goto done;
+}
+
+run_block_job(bs->job, &local_err);
+
+done:
 bdrv_unref(bs);
-if (ret) {
+
+if (local_err) {
+qerror_report_err(local_err);
+error_free(local_err);
 return 1;
 }
+
+qprintf(quiet, "Image committed.\n");
 return 0;
 }
 
-- 
1.9.2

[Qemu-devel] [PATCH v5 03/12] blockjob: Introduce block_job_complete_sync()

[Max Reitz]

Implement block_job_complete_sync() by doing the exact same thing as
block_job_cancel_sync() does, only with calling block_job_complete()
instead of block_job_cancel().

Signed-off-by: Max Reitz 
---
 blockjob.c   | 39 ---
 include/block/blockjob.h | 15 +++
 2 files changed, 47 insertions(+), 7 deletions(-)

diff --git a/blockjob.c b/blockjob.c
index b3ce14c..e10c1f3 100644
--- a/blockjob.c
+++ b/blockjob.c
@@ -148,7 +148,7 @@ void block_job_iostatus_reset(BlockJob *job)
 }
 }
 
-struct BlockCancelData {
+struct BlockFinishData {
 BlockJob *job;
 BlockDriverCompletionFunc *cb;
 void *opaque;
@@ -156,19 +156,22 @@ struct BlockCancelData {
 int ret;
 };
 
-static void block_job_cancel_cb(void *opaque, int ret)
+static void block_job_finish_cb(void *opaque, int ret)
 {
-struct BlockCancelData *data = opaque;
+struct BlockFinishData *data = opaque;
 
 data->cancelled = block_job_is_cancelled(data->job);
 data->ret = ret;
 data->cb(data->opaque, ret);
 }
 
-int block_job_cancel_sync(BlockJob *job)
+static int block_job_finish_sync(BlockJob *job,
+ void (*finish)(BlockJob *, Error **errp),
+ Error **errp)
 {
-struct BlockCancelData data;
+struct BlockFinishData data;
 BlockDriverState *bs = job->bs;
+Error *local_err = NULL;
 
 assert(bs->job == job);
 
@@ -179,15 +182,37 @@ int block_job_cancel_sync(BlockJob *job)
 data.cb = job->cb;
 data.opaque = job->opaque;
 data.ret = -EINPROGRESS;
-job->cb = block_job_cancel_cb;
+job->cb = block_job_finish_cb;
 job->opaque = &data;
-block_job_cancel(job);
+finish(job, &local_err);
+if (local_err) {
+error_propagate(errp, local_err);
+return -EBUSY;
+}
 while (data.ret == -EINPROGRESS) {
 qemu_aio_wait();
 }
 return (data.cancelled && data.ret == 0) ? -ECANCELED : data.ret;
 }
 
+/* A wrapper around block_job_cancel() taking an Error ** parameter so it may 
be
+ * used with block_job_finish_sync() without the need for (rather nasty)
+ * function pointer casts there. */
+static void block_job_cancel_err(BlockJob *job, Error **errp)
+{
+block_job_cancel(job);
+}
+
+int block_job_cancel_sync(BlockJob *job)
+{
+return block_job_finish_sync(job, &block_job_cancel_err, NULL);
+}
+
+int block_job_complete_sync(BlockJob *job, Error **errp)
+{
+return block_job_finish_sync(job, &block_job_complete, errp);
+}
+
 void block_job_sleep_ns(BlockJob *job, QEMUClockType type, int64_t ns)
 {
 assert(job->busy);
diff --git a/include/block/blockjob.h b/include/block/blockjob.h
index d76de62..626ea42 100644
--- a/include/block/blockjob.h
+++ b/include/block/blockjob.h
@@ -253,6 +253,21 @@ bool block_job_is_paused(BlockJob *job);
 int block_job_cancel_sync(BlockJob *job);
 
 /**
+ * block_job_complete_sync:
+ * @job: The job to be completed.
+ * @errp: Error object which may be set by block_job_complete(); this is not
+ *necessarily set on every error, the job return value has to be
+ *checked as well.
+ *
+ * Synchronously complete the job.  The completion callback is called before 
the
+ * function returns, unless it is NULL (which is permissible when using this
+ * function).
+ *
+ * Returns the return value from the job.
+ */
+int block_job_complete_sync(BlockJob *job, Error **errp);
+
+/**
  * block_job_iostatus_reset:
  * @job: The job whose I/O status should be reset.
  *
-- 
1.9.2

[Qemu-devel] [PATCH v5 01/12] qcow2: Allow "full" discard

[Max Reitz]

Normally, discarded sectors should read back as zero. However, there are
cases in which a sector (or rather cluster) should be discarded as if
they were never written in the first place, that is, reading them should
fall through to the backing file again.

Signed-off-by: Max Reitz 
---
 block/qcow2-cluster.c  | 26 --
 block/qcow2-snapshot.c |  2 +-
 block/qcow2.c  |  2 +-
 block/qcow2.h  |  2 +-
 4 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index 331ab08..9b73d97 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -1343,7 +1343,7 @@ int qcow2_decompress_cluster(BlockDriverState *bs, 
uint64_t cluster_offset)
  * clusters.
  */
 static int discard_single_l2(BlockDriverState *bs, uint64_t offset,
-unsigned int nb_clusters, enum qcow2_discard_type type)
+unsigned int nb_clusters, enum qcow2_discard_type type, bool full_discard)
 {
 BDRVQcowState *s = bs->opaque;
 uint64_t *l2_table;
@@ -1365,25 +1365,31 @@ static int discard_single_l2(BlockDriverState *bs, 
uint64_t offset,
 old_offset = be64_to_cpu(l2_table[l2_index + i]);
 
 /*
- * Make sure that a discarded area reads back as zeroes for v3 images
- * (we cannot do it for v2 without actually writing a zero-filled
- * buffer). We can skip the operation if the cluster is already marked
- * as zero, or if it's unallocated and we don't have a backing file.
+ * If full_discard is false, make sure that a discarded area reads back
+ * as zeroes for v3 images (we cannot do it for v2 without actually
+ * writing a zero-filled buffer). We can skip the operation if the
+ * cluster is already marked as zero, or if it's unallocated and we
+ * don't have a backing file.
  *
  * TODO We might want to use bdrv_get_block_status(bs) here, but we're
  * holding s->lock, so that doesn't work today.
+ *
+ * In case of full_discard being true, the sector should not be read
+ * back as zeroes, but rather fall through to the backing file.
  */
-if (old_offset & QCOW_OFLAG_ZERO) {
+if (!full_discard && (old_offset & QCOW_OFLAG_ZERO)) {
 continue;
 }
 
-if ((old_offset & L2E_OFFSET_MASK) == 0 && !bs->backing_hd) {
+if ((old_offset & L2E_OFFSET_MASK) == 0 &&
+(full_discard || !bs->backing_hd))
+{
 continue;
 }
 
 /* First remove L2 entries */
 qcow2_cache_entry_mark_dirty(s->l2_table_cache, l2_table);
-if (s->qcow_version >= 3) {
+if (!full_discard && s->qcow_version >= 3) {
 l2_table[l2_index + i] = cpu_to_be64(QCOW_OFLAG_ZERO);
 } else {
 l2_table[l2_index + i] = cpu_to_be64(0);
@@ -1402,7 +1408,7 @@ static int discard_single_l2(BlockDriverState *bs, 
uint64_t offset,
 }
 
 int qcow2_discard_clusters(BlockDriverState *bs, uint64_t offset,
-int nb_sectors, enum qcow2_discard_type type)
+int nb_sectors, enum qcow2_discard_type type, bool full_discard)
 {
 BDRVQcowState *s = bs->opaque;
 uint64_t end_offset;
@@ -1425,7 +1431,7 @@ int qcow2_discard_clusters(BlockDriverState *bs, uint64_t 
offset,
 
 /* Each L2 table is handled by its own loop iteration */
 while (nb_clusters > 0) {
-ret = discard_single_l2(bs, offset, nb_clusters, type);
+ret = discard_single_l2(bs, offset, nb_clusters, type, full_discard);
 if (ret < 0) {
 goto fail;
 }
diff --git a/block/qcow2-snapshot.c b/block/qcow2-snapshot.c
index 0aa9def..c5ea2cd 100644
--- a/block/qcow2-snapshot.c
+++ b/block/qcow2-snapshot.c
@@ -436,7 +436,7 @@ int qcow2_snapshot_create(BlockDriverState *bs, 
QEMUSnapshotInfo *sn_info)
 qcow2_discard_clusters(bs, qcow2_vm_state_offset(s),
align_offset(sn->vm_state_size, s->cluster_size)
 >> BDRV_SECTOR_BITS,
-   QCOW2_DISCARD_NEVER);
+   QCOW2_DISCARD_NEVER, false);
 
 #ifdef DEBUG_ALLOC
 {
diff --git a/block/qcow2.c b/block/qcow2.c
index e903d97..1e7b7d5 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -1864,7 +1864,7 @@ static coroutine_fn int qcow2_co_discard(BlockDriverState 
*bs,
 
 qemu_co_mutex_lock(&s->lock);
 ret = qcow2_discard_clusters(bs, sector_num << BDRV_SECTOR_BITS,
-nb_sectors, QCOW2_DISCARD_REQUEST);
+nb_sectors, QCOW2_DISCARD_REQUEST, false);
 qemu_co_mutex_unlock(&s->lock);
 return ret;
 }
diff --git a/block/qcow2.h b/block/qcow2.h
index b49424b..2332634 100644
--- a/block/qcow2.h
+++ b/block/qcow2.h
@@ -519,7 +519,7 @@ uint64_t 
qcow2_alloc_compressed_cluster_offset(BlockDriverState *bs,
 
 int qcow2_alloc_cluster_link_l2(BlockDriverState *bs, QCowL2Meta *m);
 int qcow2_discard_clusters(BlockDriverState *bs, uint64_t offset,
-in

[Qemu-devel] [PATCH v5 00/12] qemu-img: Implement commit like QMP

[Max Reitz]

qemu-img should use QMP commands whenever possible in order to ensure
feature completeness of both online and offline image operations. For
the "commit" command, this is relatively easy, so implement it first
(in the hope that indeed others will follow).

As qemu-img does not have access to QMP (due to QMP being intertwined
with basically everything in qemu), we cannot directly use QMP, but at
least use the functions the corresponding QMP commands are using (which
would be "block-commit", in this case).


Intra-series dependencies (to make clear why there are suddenly so many
patches in this version):
- Patches 1 and 2 in this series are required so that patch 7 actually
  does something for qcow2
- Patches 3 and 4 are required for patch 6 (to make it simpler and, in
  the case of patch 4, actually work in the first place)
- Patch 5 is required for patch 8
- Patch 10 is required for patch 11

Also note that patch 7 is ready for emptying multiple images in the
backing chain, although this case is impossible before patch 9. However,
I wanted to have 7 directly after 6 to restore the old functionality
(empty the top image) and instead of doing it bad then and fixing it up
after 9 again, patch 7 immediately includes everything needed.
Therefore, most of patch 7 may seem useless at first, but is necessary
after patch 9.


v5: Various fixes and support for emptying images after they have been
committed:
- Patches 1 and 2 have been introduced for patch 7; adding a general
  bdrv_make_empty() using bdrv_discard() did not work, as the latter
  tries to make discarded sectors read back as zero (which is not what
  bdrv_make_empty() should do). On the other hand, the bdrv_make_empty()
  implementation for qcow2 introduced here does reuse qcow2's discard
  functions.
- Patch 3 (previously 2):
  - Renamed BlockCancelData to BlockFinishData and block_job_cancel_cb
to block_job_finish_cb [Kevin]
  - also, if the function used to finish the block job fails,
block_job_finish_sync() should return and not go into an infinite loop
- Patch 4: Relying on the block job's progress offset to reach the block
  job's length as the readiness condition is wrong. This patch is the
  basis for fixing patch 6 in this regard.
- Patch 5: Added as proposed by Kevin (hopefully)
- Patch 6 (previously 3):
  - block_job_query() is actually useless here [Kevin]
  - use the new "ready" field from patch 5 to determine when the block
job may be completed
  - don't force any granularity and rather just use the default [Kevin]
  - drop the block job's reference in the common block job CB;
otherwise, test 039 will fail because the image is "leaked" and not
closed properly
  - don't define CommonBlockJobCBInfo cbi in the middle of the function
- Patch 7: Added, as it now makes sense with qcow2 supporting it
- Patch 8 (previously 4):
  - hugely simplified, thanks to patch 5 [Kevin]
  - force output of "100 %" after the block job has completed
- Patch 9 (previously 5): Unmodified
- Patch 10: Introduced, as using my local paths for everyone else to
  test against does not seem too clever
- Patch 11: Replaces the old patch 10 - as this test only works for
  images with support for bdrv_make_empty(), it may no longer be part of
  020
- Patch 12: Adjusts existing tests in regard to patch 5

The old patch 1 has been dropped as patch 5 has made it unnecessary,
concerning patch 8.


Max Reitz (12):
  qcow2: Allow "full" discard
  qcow2: Implement bdrv_make_empty()
  blockjob: Introduce block_job_complete_sync()
  blockjob: Add "ready" field
  block/mirror: Improve progress report
  qemu-img: Implement commit like QMP
  qemu-img: Empty images after commit
  qemu-img: Enable progress output for commit
  qemu-img: Specify backing file for commit
  iotests: Add _filter_qemu_img_map
  iotests: Add test for backing-chain commits
  iotests: Omit length/offset test in 040 and 041

 block/Makefile.objs  |   2 +-
 block/mirror.c   |  32 ---
 block/qcow2-cluster.c|  26 +++--
 block/qcow2-snapshot.c   |   2 +-
 block/qcow2.c|  24 -
 block/qcow2.h|   2 +-
 blockjob.c   |  46 +++--
 include/block/blockjob.h |  20 
 qapi-schema.json |   4 +-
 qemu-img-cmds.hx |   4 +-
 qemu-img.c   | 198 ++-
 qemu-img.texi|   8 +-
 tests/qemu-iotests/040   |   3 -
 tests/qemu-iotests/041   |   2 -
 tests/qemu-iotests/089   | 103 
 tests/qemu-iotests/089.out   |  56 +++
 tests/qemu-iotests/common.filter |   7 ++
 tests/qemu-iotests/group |   1 +
 tests/qemu-iotests/iotests.py|   2 -
 19 files changed, 475 insertions(+), 67 deletions(-)
 create mode 100755 tests/qemu-iotests/089
 create mode 100644 tests/qemu-iotests/089.out

-- 
1.9.2

Re: [Qemu-devel] [PATCHv2] block: introduce BDRV_O_SEQUENTIAL

[Peter Lieven]

Am 28.03.2014 um 11:02 schrieb Peter Lieven :

> On 21.03.2014 13:06, Paolo Bonzini wrote:
>> Il 21/03/2014 12:49, Peter Lieven ha scritto:
>>> A 10G logical volume was created and filled with random data.
>>> Then the logical volume was exported via qemu-img convert to an iscsi 
>>> target.
>>> Before the export was started all caches of the linux kernel where dropped.
>>> 
>>> Old behavior:
>>> - The convert process took 3m45s and the buffer cache grew up to 9.67 GB 
>>> close
>>>   to the end of the conversion. After qemu-img terminated all the buffers 
>>> were
>>>   freed by the kernel.
>>> 
>>> New behavior with the -N switch:
>>> - The convert process took 3m43s and the buffer cache grew up to 15.48 MB 
>>> close
>>>   to the end with some small peaks up to 30 MB durine the conversion.
>>> 
>>> Signed-off-by: Peter Lieven 
>>> ---
>>> v1->v2: - added test example to commit msg
>>>- added -N knob to qemu-img
>> 
>> I'm sorry, I cannot find the original discussion.  Why is the new knob 
>> needed?
> 

Is there any more info needed or modifications wanted?

Thanks,
Peter

Re: [Qemu-devel] Change of TEXT_OFFSET for multi_v7_defconfig

[Russell King - ARM Linux]

On Thu, Apr 17, 2014 at 04:18:45PM -0500, Rob Herring wrote:
> The problem here is more than just the TEXT_OFFSET changed. From what
> I've heard, there are some QC chips which need much more reserved RAM
> than the 2MB discussed here. Changing the TEXT_OFFSET is a hack that
> doesn't scale.

You may think it's a hack, but we really can't get around this.  There
really are platforms out there where we must do this kind of stuff.  I
invite you next time you meet up to talk to Michal Simek.  There's no
way they can load the kernel at 32K into RAM.

> A simple issue is you are now wasting 2MB of low memory on every
> platform. Not such a big deal I guess. But what if more is needed?

Why do you think it's wasted in the general case?  Do you think the
first 16K is ignored by Linux?  All memory will be freed to the Linux
page allocator unless it has an explicit reservation in memblock.  So
the 2MB won't be wasted - it will be freed as before to the page
allocator.

> The zImage requires that the kernel be placed at a 128M aligned
> address plus TEXT_OFFSET. The v2p patching then requires the kernel to
> be located within the first 16MB of RAM. So the Image can only ever be
> placed at 0x8000 - 15.?MB from a 128MB aligned address. You can never
> have the first 16-127MB of RAM reserved.

Wrong.  You can have as much RAM as you want reserved, you just can't
manage it with Linux memory allocators if you go over 16MB.

Remember that the virtual address space PAGE_OFFSET...kernel corresponds
with PHYS_OFFSET...kernel.  So, if you have 16MB between PHYS_OFFSET and
the kernel, then you have 16MB between PAGE_OFFSET and the kernel.  Your
modules are looking very distant, and PCREL24 relocations become
troublesome.

> The only way to have reserved
> memory (in chucks of 16MB) is by loading an Image file directly
> instead. The bootloaders will know the start of RAM and any reserved
> memory size because they can simply parse DT.
> 
> Bootloaders are going to have to change for arm64 Image support
> anyway, so we should have an aligned solution here.

No.  You simply can't eliminate any of the above - each one has been
negotiated through quite an amount of discussion with relevant parties
and/or due to technical requirements and they just can't be magic'd
away.

Plus the ARM64 image format is different from our zImage format.  It
would make far *more* sense to align our Image format with our zImage
format so existing boot loaders which look for the zImage magic numbers
can boot plain Image files too.

Moreover, since we could *never* align zImage with the ARM64 format,
why on earth would we want to start using the ARM64 format for the
Image format?

If you say, we should just break the existing zImage format, my response
will be: who the hell are you to decide to break 20 odd years of boot
ABI in a way which *stops* platforms from booting on such a pathetic
whim.

No, this is *not* going to happen.  It is either the zImage format or
no special format at all.

-- 
FTTC broadband for 0.8mile line: now at 9.7Mbps down 460kbps up... slowly
improving, and getting towards what was expected from it.

Re: [Qemu-devel] [QEMU v6 PATCH 00/17] SMBIOS: build full tables in QEMU

[Gabriel L. Somlo]

On Thu, Apr 17, 2014 at 10:31:15AM +0200, Gerd Hoffmann wrote:
> > OK, so right now I'm parsing the "version" argument to what is
> > currently smbios_set_type1_defaults() (and will become
> > smbios_set_defaults() after patching).
> 
> No, don't parse stuff please.  Have a look at pc_piix.c, how
> smbios_type1_defaults is handled there.  It's true by default, and
> pc_compat_1_7 (called for 1.7+older machine types) flips it to false.
> 
> We'll add a new variable here, say smbios_generate_table_blob, default
> it to true, then flip to false in the (to be added with the 2.1 machine
> type) pc_compat_2_0 function.  Same in pc_q35.c.
> 
> Then you can simply use the new global variable.

There's one problem I don't see a way around:

Command line options are processed before machine types are
initialized.

This means smbios_entry_add() runs *before* anyone has had a chance to
properly set any global variable regarding whether we're in smbios
legacy mode, or whether we're doing aggregate tables plus entry point.

This means smbios_entry_add() can't know whether a binary blob
received on the command line needs to be added with a table wrapper
for legacy mode, or without one to the aggregate blob for types 2.1
and later...


Guess I could add binary blobs from the command line to *both* legacy
"smbios_entries", and to a new "smbios_aggregate_table", with and
without a SMBIOS_TABLE_ENTRY wrapper, respectively. Then, once
smbios_set_defaults() runs, I can free the one I don't need...


Can anyone think of a less repugnant way to work around this, maybe
something not quite as far "beyond the environment" ?   ;) 

Thanks,
--Gabriel

Re: [Qemu-devel] [PULL 00/51] target-arm queue

[Peter Maydell]

On 17 April 2014 11:33, Peter Maydell  wrote:
> target-arm pull request for when trunk reopens for 2.1.
> This contains mostly the A64 system emulation patchset, and
> also some other things that have accumulated during freeze.
>
> thanks
> -- PMM
>
> The following changes since commit 851627352c52b5beebf119785885391fa05a44c5:
>
>   Update version for v2.0.0-rc3 release (2014-04-14 17:45:11 +0100)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git 
> tags/pull-target-arm-20140417
>
> for you to fetch changes up to 123218cff73573c646af89dfa36662713498fcd0:
>
>   target-arm: A64: fix unallocated test of scalar SQXTUN (2014-04-17 11:21:36 
> +0100)

(fixed up version of this) applied.

thanks
-- PMM

Re: [Qemu-devel] Change of TEXT_OFFSET for multi_v7_defconfig

[Rob Herring]

On Thu, Apr 17, 2014 at 3:16 PM, Russell King - ARM Linux
 wrote:
> On Thu, Apr 17, 2014 at 04:06:16PM -0400, Nicolas Pitre wrote:
>> On Thu, 17 Apr 2014, Rob Herring wrote:
>> > Better yet, we should adopt the arm64 Image header which has this and
>> > other fields for arm Image files. We're going to have to deal with raw
>> > Image (and Image.gz) in bootloaders for arm64, so we might as well
>> > align things.
>>
>> We could use the same header as ARM64 if we want to add more information
>> to the uncompressed kernel image.
>>
>> However I really don't want to encourage the proliferation of yet
>> another kernel image formats on ARM32.  We've had zImage for the last 20
>> years and that's what ARM32 bootloaders should support.  The
>> introduction of the uImage format caused enough pain already.
>>
>> Booting uncompressed kernel image on ARM32 may be useful for some
>> debugging setups.  I don't see other cases where it would be legitimate
>> to break existing practices.
>
> Me neither.  We even have good enough reasons (such as the issue in this
> thread to do with where the image should be placed) no longer support
> uncompressed images anymore.  (Yes, they'll still be generated because
> we need the input to compress them, but we should stop advertising them
> as a make target.)

The problem here is more than just the TEXT_OFFSET changed. From what
I've heard, there are some QC chips which need much more reserved RAM
than the 2MB discussed here. Changing the TEXT_OFFSET is a hack that
doesn't scale.

A simple issue is you are now wasting 2MB of low memory on every
platform. Not such a big deal I guess. But what if more is needed?

The zImage requires that the kernel be placed at a 128M aligned
address plus TEXT_OFFSET. The v2p patching then requires the kernel to
be located within the first 16MB of RAM. So the Image can only ever be
placed at 0x8000 - 15.?MB from a 128MB aligned address. You can never
have the first 16-127MB of RAM reserved. The only way to have reserved
memory (in chucks of 16MB) is by loading an Image file directly
instead. The bootloaders will know the start of RAM and any reserved
memory size because they can simply parse DT.

Bootloaders are going to have to change for arm64 Image support
anyway, so we should have an aligned solution here.

Rob

[Qemu-devel] Regression (?) due to c4177479 ('spapr: make sure RMA is in first mode of first memory node')

[Nishanth Aravamudan]

Hi Alexey,

Prior to the $SUBJECT commit, we could present memoryless node0s to
guests. Now, we indicate that we don't have the requisite 128M for the
RMA if node 0 has no memory. Note that a memoryless node0 is possible
under PowerVM (but not predictably present) so I was hoping to use KVM
to test relevant fixes for memoryless nodes.

I think this change is a misinterpretation of the PAPR standard, though.
Yes, the RMA must be in the first block of memory, but that isn't
necessarily on node 0. The topology of a PAPR-compliant guest does not
require a node 0 (and in fact, under PowerVM, Linux doesn't actually
require node 0 either, but it would under KVM).

Thoughts? I suppose it's fine to say that node 0 must be sufficiently
populated under KVM -- there's not really a reason to not have memory on
a given node (except maybe ballooning). I can keep the commit reverted
locally for testing purposes. Just wanted to see if the semantic change
was intentional.

Thanks,
Nish

[Qemu-devel] [PATCH 22/40] target-alpha: Convert gen_ext_h/l to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 66 +++-
 1 file changed, 26 insertions(+), 40 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 5c6db61..c606183 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -1202,50 +1202,36 @@ static inline void gen_zap(int ra, int rb, int rc, int 
islit, uint8_t lit)
 
 
 /* EXTWH, EXTLH, EXTQH */
-static void gen_ext_h(int ra, int rb, int rc, int islit,
+static void gen_ext_h(DisasContext *ctx, TCGv vc, TCGv va, int rb, bool islit,
   uint8_t lit, uint8_t byte_mask)
 {
-if (unlikely(rc == 31)) {
-return;
-} else if (unlikely(ra == 31)) {
-tcg_gen_movi_i64(cpu_ir[rc], 0);
+if (islit) {
+tcg_gen_shli_i64(vc, va, (64 - lit * 8) & 0x3f);
 } else {
-if (islit) {
-lit = (64 - (lit & 7) * 8) & 0x3f;
-tcg_gen_shli_i64(cpu_ir[rc], cpu_ir[ra], lit);
-} else {
-TCGv tmp1 = tcg_temp_new();
-tcg_gen_andi_i64(tmp1, cpu_ir[rb], 7);
-tcg_gen_shli_i64(tmp1, tmp1, 3);
-tcg_gen_neg_i64(tmp1, tmp1);
-tcg_gen_andi_i64(tmp1, tmp1, 0x3f);
-tcg_gen_shl_i64(cpu_ir[rc], cpu_ir[ra], tmp1);
-tcg_temp_free(tmp1);
-}
-gen_zapnoti(cpu_ir[rc], cpu_ir[rc], byte_mask);
+TCGv tmp = tcg_temp_new();
+tcg_gen_shli_i64(tmp, load_gpr(ctx, rb), 3);
+tcg_gen_neg_i64(tmp, tmp);
+tcg_gen_andi_i64(tmp, tmp, 0x3f);
+tcg_gen_shl_i64(vc, va, tmp);
+tcg_temp_free(tmp);
 }
+gen_zapnoti(vc, vc, byte_mask);
 }
 
 /* EXTBL, EXTWL, EXTLL, EXTQL */
-static void gen_ext_l(int ra, int rb, int rc, int islit,
+static void gen_ext_l(DisasContext *ctx, TCGv vc, TCGv va, int rb, bool islit,
   uint8_t lit, uint8_t byte_mask)
 {
-if (unlikely(rc == 31)) {
-return;
-} else if (unlikely(ra == 31)) {
-tcg_gen_movi_i64(cpu_ir[rc], 0);
+if (islit) {
+tcg_gen_shri_i64(vc, va, (lit & 7) * 8);
 } else {
-if (islit) {
-tcg_gen_shri_i64(cpu_ir[rc], cpu_ir[ra], (lit & 7) * 8);
-} else {
-TCGv tmp = tcg_temp_new();
-tcg_gen_andi_i64(tmp, cpu_ir[rb], 7);
-tcg_gen_shli_i64(tmp, tmp, 3);
-tcg_gen_shr_i64(cpu_ir[rc], cpu_ir[ra], tmp);
-tcg_temp_free(tmp);
-}
-gen_zapnoti(cpu_ir[rc], cpu_ir[rc], byte_mask);
+TCGv tmp = tcg_temp_new();
+tcg_gen_andi_i64(tmp, load_gpr(ctx, rb), 7);
+tcg_gen_shli_i64(tmp, tmp, 3);
+tcg_gen_shr_i64(vc, va, tmp);
+tcg_temp_free(tmp);
 }
+gen_zapnoti(vc, vc, byte_mask);
 }
 
 /* INSWH, INSLH, INSQH */
@@ -2104,7 +2090,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x06:
 /* EXTBL */
-gen_ext_l(ra, rb, rc, islit, lit, 0x01);
+gen_ext_l(ctx, vc, va, rb, islit, lit, 0x01);
 break;
 case 0x0B:
 /* INSBL */
@@ -2116,7 +2102,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x16:
 /* EXTWL */
-gen_ext_l(ra, rb, rc, islit, lit, 0x03);
+gen_ext_l(ctx, vc, va, rb, islit, lit, 0x03);
 break;
 case 0x1B:
 /* INSWL */
@@ -2128,7 +2114,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x26:
 /* EXTLL */
-gen_ext_l(ra, rb, rc, islit, lit, 0x0f);
+gen_ext_l(ctx, vc, va, rb, islit, lit, 0x0f);
 break;
 case 0x2B:
 /* INSLL */
@@ -2160,7 +2146,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x36:
 /* EXTQL */
-gen_ext_l(ra, rb, rc, islit, lit, 0xff);
+gen_ext_l(ctx, vc, va, rb, islit, lit, 0xff);
 break;
 case 0x39:
 /* SLL */
@@ -2200,7 +2186,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x5A:
 /* EXTWH */
-gen_ext_h(ra, rb, rc, islit, lit, 0x03);
+gen_ext_h(ctx, vc, va, rb, islit, lit, 0x03);
 break;
 case 0x62:
 /* MSKLH */
@@ -2212,7 +2198,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x6A:
 /* EXTLH */
-gen_ext_h(ra, rb, rc, islit, lit, 0x0f);
+gen_ext_h(ctx, vc, va, rb, islit, lit, 0x0f);
 break;
 case 0x72:
 /* MSKQH */
@@ -2224,7 +2210,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x7A:
 /* EXTQH */
-gen_ext_h(ra, rb, rc, isl

[Qemu-devel] [PATCH 00/40] target-alpha queue

[Richard Henderson]

These have been queued for 2.1.

The alpha translator was written before the tcg optimizer, and it
believed that it should constant fold everything by hand.  There
are a few idioms that are still worth special casing wrt the zero
register, but for the most part these all go away.  The result is
fantastically more readable.

r~


Paolo Bonzini (1):
  target-alpha: fix the braces

Richard Henderson (39):
  target-alpha: Introduce REQUIRE_TB_FLAG
  target-alpha: Introduce REQUIRE_REG_31
  target-alpha: Introduce functions for source/sink
  target-alpha: Convert opcode 0x11 to source/sink
  target-alpha: Convert opcode 0x12 to source/sink
  target-alpha: Convert opcode 0x13 to source/sink
  target-alpha: Convert opcode 0x14 to source/sink
  target-alpha: Convert opcode 0x17 to source/sink
  target-alpha: Convert opcode 0x18 to source/sink
  target-alpha: Convert opcode 0x1A to source/sink
  target-alpha: Convert opcode 0x1B to source/sink
  target-alpha: Convert opcode 0x1C to source/sink
  target-alpha: Convert opcode 0x1E to source/sink
  target-alpha: Convert opcode 0x1F to source/sink
  target-alpha: Convert gen_load/store_mem to source/sink
  target-alpha: Convert gen_store_conditional to source/sink
  target-alpha: Convert gen_cmp to source/sink
  target-alpha: Convert ARITH3_EX to source/sink
  target-alpha: Convert gen_cmov to source/sink
  target-alpha: Convert gen_msk_h/l to source/sink
  target-alpha: Convert gen_ext_h/l to source/sink
  target-alpha: Convert gen_ins_h/l to source/sink
  target-alpha: Convert gen_zap/not to source/sink
  target-alpha: Convert FARITH2 to source/sink
  target-alpha: Convert FARITH3 to source/sink
  target-alpha: Convert ARITH3 to source/sink
  target-alpha: Convert MVIOP2 to source/sink
  target-alpha: Convert gen_ieee_input to source/sink
  target-alpha: Convert most ieee insns to source/sink
  target-alpha: Convert gen_bcond to source/sink
  target-alpha: Convert gen_fcmov to source/sink
  target-alpha: Convert gen_fcvtlq/ql to source/sink
  target-alpha: Convert gen_cpys et al to source/sink
  target-alpha: Convert mfpr/mtpr to source/sink
  target-alpha: Use extract to get insn fields
  target-alpha: Use non-local temps for zero/sink
  target-alpha: Don't issue goto_tb under singlestep
  target-alpha: Tidy alpha_translate_init
  target-alpha: Remove cpu_unique, cpu_sysval, cpu_usp

 target-alpha/fpu_helper.c |7 +
 target-alpha/helper.h |1 +
 target-alpha/translate.c  | 2363 +
 3 files changed, 879 insertions(+), 1492 deletions(-)

-- 
1.9.0

[Qemu-devel] [PATCH 36/40] target-alpha: Use extract to get insn fields

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 49 ++--
 1 file changed, 22 insertions(+), 27 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 7947a1a..2c77136 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -1387,11 +1387,7 @@ static ExitStatus gen_mtpr(DisasContext *ctx, TCGv vb, 
int regno)
 
 static ExitStatus translate_one(DisasContext *ctx, uint32_t insn)
 {
-uint32_t palcode;
-int32_t disp21, disp16;
-#ifndef CONFIG_USER_ONLY
-int32_t disp12;
-#endif
+int32_t disp21, disp16, disp12 __attribute__((unused));
 uint16_t fn11;
 uint8_t opc, ra, rb, rc, fpfn, fn7, lit;
 bool islit;
@@ -1400,34 +1396,31 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 ExitStatus ret;
 
 /* Decode all instruction fields */
-opc = insn >> 26;
-ra = (insn >> 21) & 0x1F;
-rb = (insn >> 16) & 0x1F;
-rc = insn & 0x1F;
-islit = (insn >> 12) & 1;
+opc = extract32(insn, 26, 6);
+ra = extract32(insn, 21, 5);
+rb = extract32(insn, 16, 5);
+rc = extract32(insn, 0, 5);
+islit = extract32(insn, 12, 1);
+lit = extract32(insn, 13, 8);
+
+disp21 = sextract32(insn, 0, 21);
+disp16 = sextract32(insn, 0, 16);
+disp12 = sextract32(insn, 0, 12);
+
+fn11 = extract32(insn, 5, 11);
+fpfn = extract32(insn, 5, 6);
+fn7 = extract32(insn, 5, 7);
+
 if (rb == 31 && !islit) {
-islit = 1;
+islit = true;
 lit = 0;
-} else {
-lit = (insn >> 13) & 0xFF;
 }
-palcode = insn & 0x03FF;
-disp21 = ((int32_t)((insn & 0x001F) << 11)) >> 11;
-disp16 = (int16_t)(insn & 0x);
-#ifndef CONFIG_USER_ONLY
-disp12 = (int32_t)((insn & 0x0FFF) << 20) >> 20;
-#endif
-fn11 = (insn >> 5) & 0x07FF;
-fpfn = fn11 & 0x3F;
-fn7 = (insn >> 5) & 0x007F;
-LOG_DISAS("opc %02x ra %2d rb %2d rc %2d disp16 %6d\n",
-  opc, ra, rb, rc, disp16);
 
 ret = NO_EXIT;
 switch (opc) {
 case 0x00:
 /* CALL_PAL */
-ret = gen_call_pal(ctx, palcode);
+ret = gen_call_pal(ctx, insn & 0x03ff);
 break;
 case 0x01:
 /* OPC01 */
@@ -2313,7 +2306,8 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 #ifndef CONFIG_USER_ONLY
 REQUIRE_TB_FLAG(TB_FLAGS_PAL_MODE);
 va = dest_gpr(ctx, ra);
-return gen_mfpr(va, insn & 0x);
+ret = gen_mfpr(va, insn & 0x);
+break;
 #else
 goto invalid_opc;
 #endif
@@ -2548,7 +2542,8 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 #ifndef CONFIG_USER_ONLY
 REQUIRE_TB_FLAG(TB_FLAGS_PAL_MODE);
 vb = load_gpr(ctx, rb);
-return gen_mtpr(ctx, vb, insn & 0x);
+ret = gen_mtpr(ctx, vb, insn & 0x);
+break;
 #else
 goto invalid_opc;
 #endif
-- 
1.9.0

[Qemu-devel] [PATCH 37/40] target-alpha: Use non-local temps for zero/sink

[Richard Henderson]

These values are no longer live across branches.

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 2c77136..c5f2a8d 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -153,7 +153,7 @@ void alpha_translate_init(void)
 static TCGv load_zero(DisasContext *ctx)
 {
 if (TCGV_IS_UNUSED_I64(ctx->zero)) {
-ctx->zero = tcg_const_local_i64(0);
+ctx->zero = tcg_const_i64(0);
 }
 return ctx->zero;
 }
@@ -161,7 +161,7 @@ static TCGv load_zero(DisasContext *ctx)
 static TCGv dest_sink(DisasContext *ctx)
 {
 if (TCGV_IS_UNUSED_I64(ctx->sink)) {
-ctx->sink = tcg_temp_local_new();
+ctx->sink = tcg_temp_new();
 }
 return ctx->sink;
 }
-- 
1.9.0

[Qemu-devel] [PATCH 03/40] target-alpha: Introduce REQUIRE_REG_31

[Richard Henderson]

We were missing quite a few checks for Ra or Rb required to be 31.
Further, the one place we did check we also checked for no literal
operand and the Handbook says nothing about that.

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 70 ++--
 1 file changed, 44 insertions(+), 26 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 6ce4207..5c62244 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -1772,6 +1772,13 @@ static ExitStatus gen_mtpr(DisasContext *ctx, int rb, 
int regno)
 }   \
 } while (0)
 
+#define REQUIRE_REG_31(WHICH)   \
+do {\
+if (WHICH != 31) {  \
+goto invalid_opc;   \
+}   \
+} while (0)
+
 static ExitStatus translate_one(DisasContext *ctx, uint32_t insn)
 {
 uint32_t palcode;
@@ -1780,7 +1787,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 int32_t disp12;
 #endif
 uint16_t fn11;
-uint8_t opc, ra, rb, rc, fpfn, fn7, islit, real_islit;
+uint8_t opc, ra, rb, rc, fpfn, fn7, islit;
 uint8_t lit;
 ExitStatus ret;
 
@@ -1789,7 +1796,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 ra = (insn >> 21) & 0x1F;
 rb = (insn >> 16) & 0x1F;
 rc = insn & 0x1F;
-real_islit = islit = (insn >> 12) & 1;
+islit = (insn >> 12) & 1;
 if (rb == 31 && !islit) {
 islit = 1;
 lit = 0;
@@ -2303,6 +2310,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x61:
 /* AMASK */
+REQUIRE_REG_31(ra);
 if (likely(rc != 31)) {
 uint64_t amask = ctx->tb->flags >> TB_FLAGS_AMASK_SHIFT;
 
@@ -2323,6 +2331,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x6C:
 /* IMPLVER */
+REQUIRE_REG_31(ra);
 if (rc != 31) {
 tcg_gen_movi_i64(cpu_ir[rc], ctx->implver);
 }
@@ -2544,6 +2553,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 switch (fpfn) { /* fn11 & 0x3F */
 case 0x04:
 /* ITOFS */
+REQUIRE_REG_31(rb);
 if (likely(rc != 31)) {
 if (ra != 31) {
 TCGv_i32 tmp = tcg_temp_new_i32();
@@ -2556,14 +2566,17 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x0A:
 /* SQRTF */
+REQUIRE_REG_31(ra);
 gen_fsqrtf(rb, rc);
 break;
 case 0x0B:
 /* SQRTS */
+REQUIRE_REG_31(ra);
 gen_fsqrts(ctx, rb, rc, fn11);
 break;
 case 0x14:
 /* ITOFF */
+REQUIRE_REG_31(rb);
 if (likely(rc != 31)) {
 if (ra != 31) {
 TCGv_i32 tmp = tcg_temp_new_i32();
@@ -2576,6 +2589,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x24:
 /* ITOFT */
+REQUIRE_REG_31(rb);
 if (likely(rc != 31)) {
 if (ra != 31) {
 tcg_gen_mov_i64(cpu_fir[rc], cpu_ir[ra]);
@@ -2586,10 +2600,12 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x2A:
 /* SQRTG */
+REQUIRE_REG_31(ra);
 gen_fsqrtg(rb, rc);
 break;
 case 0x02B:
 /* SQRTT */
+REQUIRE_REG_31(ra);
 gen_fsqrtt(ctx, rb, rc, fn11);
 break;
 default:
@@ -2617,13 +2633,9 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 gen_fdivf(ra, rb, rc);
 break;
 case 0x1E:
-/* CVTDG */
-#if 0 // TODO
-gen_fcvtdg(rb, rc);
-#else
+/* CVTDG -- TODO */
+REQUIRE_REG_31(ra);
 goto invalid_opc;
-#endif
-break;
 case 0x20:
 /* ADDG */
 gen_faddg(ra, rb, rc);
@@ -2654,26 +2666,26 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x2C:
 /* CVTGF */
+REQUIRE_REG_31(ra);
 gen_fcvtgf(rb, rc);
 break;
 case 0x2D:
-/* CVTGD */
-#if 0 // TODO
-gen_fcvtgd(rb, rc);
-#else
+/* CVTGD -- TODO */
+REQUIRE_REG_31(ra);
 goto invalid_opc;
-#endif
-break;
 case 0x2F:
 /* CVTGQ */
+REQUIRE_REG_31(ra);
 gen_fcvtgq(rb, rc);
 break;
 case 0x3C:
 /* CVTQF */
+REQUIRE_

[Qemu-devel] [Bug 1309140] [NEW] Ctrl + Alt + 1/2 do not work when the GTK+ interface is used

[bugreport1]

Public bug reported:

.

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1309140

Title:
  Ctrl + Alt + 1/2 do not work when the GTK+ interface is used

Status in QEMU:
  New

Bug description:
  .

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1309140/+subscriptions

[Qemu-devel] [Bug 1309034] [NEW] A way not to grab keyboards or mice

[Yuuki Harano]

Public bug reported:

I set up the window manager to move windows with Alt-Btn1, and to
iconify windows with Shift-Btn1. But since qemu grabs keyboards and
mice, I can't move or iconify the qemu window.

I tried not to grab anything, by inserting return, just beginnig of
ui/sdl.c:sdl_grab_start() as follows:

static void sdl_grab_start(void)
{
return;
/*

It is comfortable. I'm glad if you make a way not to grab.
Environment variables, options, etc are welcome.

Current command line is:
QEMU_AUDIO_DRV=pa /usr/local/bin/qemu-system-x86_64 -enable-kvm -hda 
/dosc/win8_x64.img -soundhw hda -boot c -m 2G -cpu Nehalem,+sep -usb -usbdevice 
tablet -display sdl -rtc base=localtime

qemu version is:
luna:linux % qemu-system-x86_64 --version
QEMU emulator version 1.7.93, Copyright (c) 2003-2008 Fabrice Bellard
luna:linux % 

Host: slackware64 14.1
Host Environment: xfce4 / sawfish
Guest: Windows 8.1 x64

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1309034

Title:
  A way not to grab keyboards or mice

Status in QEMU:
  New

Bug description:
  I set up the window manager to move windows with Alt-Btn1, and to
  iconify windows with Shift-Btn1. But since qemu grabs keyboards and
  mice, I can't move or iconify the qemu window.

  I tried not to grab anything, by inserting return, just beginnig of
  ui/sdl.c:sdl_grab_start() as follows:

  static void sdl_grab_start(void)
  {
  return;
  /*

  It is comfortable. I'm glad if you make a way not to grab.
  Environment variables, options, etc are welcome.

  Current command line is:
  QEMU_AUDIO_DRV=pa /usr/local/bin/qemu-system-x86_64 -enable-kvm -hda 
/dosc/win8_x64.img -soundhw hda -boot c -m 2G -cpu Nehalem,+sep -usb -usbdevice 
tablet -display sdl -rtc base=localtime

  qemu version is:
  luna:linux % qemu-system-x86_64 --version
  QEMU emulator version 1.7.93, Copyright (c) 2003-2008 Fabrice Bellard
  luna:linux % 

  Host: slackware64 14.1
  Host Environment: xfce4 / sawfish
  Guest: Windows 8.1 x64

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1309034/+subscriptions

[Qemu-devel] [PATCH 05/40] target-alpha: Convert opcode 0x11 to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 126 ++-
 1 file changed, 37 insertions(+), 89 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 93bdc64..b378e90 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -2100,32 +2100,43 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 goto invalid_opc;
 }
 break;
+
 case 0x11:
-switch (fn7) {
-case 0x00:
-/* AND */
-if (likely(rc != 31)) {
-if (ra == 31) {
-tcg_gen_movi_i64(cpu_ir[rc], 0);
-} else if (islit) {
-tcg_gen_andi_i64(cpu_ir[rc], cpu_ir[ra], lit);
+if (fn7 == 0x20) {
+if (rc == 31) {
+/* Special case BIS as NOP.  */
+break;
+}
+if (ra == 31) {
+/* Special case BIS as MOV.  */
+vc = dest_gpr(ctx, rc);
+if (islit) {
+tcg_gen_movi_i64(vc, lit);
 } else {
-tcg_gen_and_i64(cpu_ir[rc], cpu_ir[ra], cpu_ir[rb]);
+tcg_gen_mov_i64(vc, load_gpr(ctx, rb));
 }
+break;
 }
+}
+
+vc = dest_gpr(ctx, rc);
+vb = load_gpr_lit(ctx, rb, lit, islit);
+
+if (fn7 == 0x28 && ra == 31) {
+/* Special case ORNOT as NOT.  */
+tcg_gen_not_i64(vc, vb);
+break;
+}
+
+va = load_gpr(ctx, ra);
+switch (fn7) {
+case 0x00:
+/* AND */
+tcg_gen_and_i64(vc, va, vb);
 break;
 case 0x08:
 /* BIC */
-if (likely(rc != 31)) {
-if (ra != 31) {
-if (islit) {
-tcg_gen_andi_i64(cpu_ir[rc], cpu_ir[ra], ~lit);
-} else {
-tcg_gen_andc_i64(cpu_ir[rc], cpu_ir[ra], cpu_ir[rb]);
-}
-} else
-tcg_gen_movi_i64(cpu_ir[rc], 0);
-}
+tcg_gen_andc_i64(vc, va, vb);
 break;
 case 0x14:
 /* CMOVLBS */
@@ -2137,21 +2148,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x20:
 /* BIS */
-if (likely(rc != 31)) {
-if (ra != 31) {
-if (islit) {
-tcg_gen_ori_i64(cpu_ir[rc], cpu_ir[ra], lit);
-} else {
-tcg_gen_or_i64(cpu_ir[rc], cpu_ir[ra], cpu_ir[rb]);
-}
-} else {
-if (islit) {
-tcg_gen_movi_i64(cpu_ir[rc], lit);
-} else {
-tcg_gen_mov_i64(cpu_ir[rc], cpu_ir[rb]);
-}
-}
-}
+tcg_gen_or_i64(vc, va, vb);
 break;
 case 0x24:
 /* CMOVEQ */
@@ -2163,39 +2160,11 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x28:
 /* ORNOT */
-if (likely(rc != 31)) {
-if (ra != 31) {
-if (islit) {
-tcg_gen_ori_i64(cpu_ir[rc], cpu_ir[ra], ~lit);
-} else {
-tcg_gen_orc_i64(cpu_ir[rc], cpu_ir[ra], cpu_ir[rb]);
-}
-} else {
-if (islit) {
-tcg_gen_movi_i64(cpu_ir[rc], ~lit);
-} else {
-tcg_gen_not_i64(cpu_ir[rc], cpu_ir[rb]);
-}
-}
-}
+tcg_gen_orc_i64(vc, va, vb);
 break;
 case 0x40:
 /* XOR */
-if (likely(rc != 31)) {
-if (ra != 31) {
-if (islit) {
-tcg_gen_xori_i64(cpu_ir[rc], cpu_ir[ra], lit);
-} else {
-tcg_gen_xor_i64(cpu_ir[rc], cpu_ir[ra], cpu_ir[rb]);
-}
-} else {
-if (islit) {
-tcg_gen_movi_i64(cpu_ir[rc], lit);
-} else {
-tcg_gen_mov_i64(cpu_ir[rc], cpu_ir[rb]);
-}
-}
-}
+tcg_gen_xor_i64(vc, va, vb);
 break;
 case 0x44:
 /* CMOVLT */
@@ -2207,33 +2176,14 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x48:
 /* EQV */
-if (likely(rc != 31)) {
-if (ra != 31) {
-if (islit) {
-tcg_gen_xori_i64(cpu_ir[r

Re: [Qemu-devel] Change of TEXT_OFFSET for multi_v7_defconfig

[Peter Maydell]

On 17 April 2014 21:49, Christopher Covington  wrote:
> In any case, when performing boot debugging I'm not as interested in
> traditional self-hosted bootloaders as I am external loaders, like those built
> into software models (QEMU, Fast Models, etc.) or available to JTAG scripts
> (OpenOCD, Trace32, etc.). These seem to generally have ELF support.

FWIW ARM QEMU won't boot an ELF kernel -- the assumption is
that an ELF file is not a kernel and should just be put into RAM
and run, whereas a non-ELF file is a kernel and gets the special
setup/handling of secondary CPUs/etc that the Booting document
requires.

thanks
-- PMM

Re: [Qemu-devel] Change of TEXT_OFFSET for multi_v7_defconfig

[Christopher Covington]

On 04/17/2014 03:48 PM, Nicolas Pitre wrote:
> On Thu, 17 Apr 2014, Christopher Covington wrote:
> 
>> On 04/16/2014 07:21 PM, Nicolas Pitre wrote:
>>> On Wed, 16 Apr 2014, Christopher Covington wrote:
>>
 Thank you for the suggestion. This approach also came to mind, but it would
 require new documentation and tooling in the JTAG scripts or simulator
 equivalent. That's another aspect of the ELF-based approaches that I
 like--hopefully existing documentation and tool support could be reused.
>>>
>>> The above is useful for loading the raw uncompressed Image without 
>>> carrying the full ELF baggage.
>>
>> What exactly is the full ELF baggage? Aren't there existing mechanisms to 
>> omit
>> debugging symbols, for example, if size is of concern?
> 
> Most existing bootloaders don't have the ability to parse ELF files.  
> This is therefore not the typical kernel image format.  The uncompressed 
> kernel image is not very typical either, but like zImage it doesn't rely 
> on any parser in the bootloader.

It's not obvious to me how you reached that conclusion.

http://en.wikipedia.org/wiki/Comparison_of_boot_loaders#Technical_information

(It looks like syslinux now supports ELF as well:
http://git.kernel.org/cgit/boot/syslinux/syslinux.git/plain/com32/modules/elf.c?id=HEAD)

In any case, when performing boot debugging I'm not as interested in
traditional self-hosted bootloaders as I am external loaders, like those built
into software models (QEMU, Fast Models, etc.) or available to JTAG scripts
(OpenOCD, Trace32, etc.). These seem to generally have ELF support.

I'll play around with Jason's patch (thanks!) and see how things look in 
practice.

Christopher

-- 
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
hosted by the Linux Foundation.

[Qemu-devel] [PATCH 07/40] target-alpha: Convert opcode 0x13 to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 49 ++--
 1 file changed, 10 insertions(+), 39 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 4299104..4a4876b 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -2340,55 +2340,26 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 goto invalid_opc;
 }
 break;
+
 case 0x13:
+vc = dest_gpr(ctx, rc);
+vb = load_gpr_lit(ctx, rb, lit, islit);
+va = load_gpr(ctx, ra);
 switch (fn7) {
 case 0x00:
 /* MULL */
-if (likely(rc != 31)) {
-if (ra == 31) {
-tcg_gen_movi_i64(cpu_ir[rc], 0);
-} else {
-if (islit) {
-tcg_gen_muli_i64(cpu_ir[rc], cpu_ir[ra], lit);
-} else {
-tcg_gen_mul_i64(cpu_ir[rc], cpu_ir[ra], cpu_ir[rb]);
-}
-tcg_gen_ext32s_i64(cpu_ir[rc], cpu_ir[rc]);
-}
-}
+tcg_gen_mul_i64(vc, va, vb);
+tcg_gen_ext32s_i64(vc, vc);
 break;
 case 0x20:
 /* MULQ */
-if (likely(rc != 31)) {
-if (ra == 31) {
-tcg_gen_movi_i64(cpu_ir[rc], 0);
-} else if (islit) {
-tcg_gen_muli_i64(cpu_ir[rc], cpu_ir[ra], lit);
-} else {
-tcg_gen_mul_i64(cpu_ir[rc], cpu_ir[ra], cpu_ir[rb]);
-}
-}
+tcg_gen_mul_i64(vc, va, vb);
 break;
 case 0x30:
 /* UMULH */
-{
-TCGv low;
-if (unlikely(rc == 31)){
-break;
-}
-if (ra == 31) {
-tcg_gen_movi_i64(cpu_ir[rc], 0);
-break;
-}
-low = tcg_temp_new();
-if (islit) {
-tcg_gen_movi_tl(low, lit);
-tcg_gen_mulu2_i64(low, cpu_ir[rc], cpu_ir[ra], low);
-} else {
-tcg_gen_mulu2_i64(low, cpu_ir[rc], cpu_ir[ra], cpu_ir[rb]);
-}
-tcg_temp_free(low);
-}
+tmp = tcg_temp_new();
+tcg_gen_mulu2_i64(tmp, vc, va, vb);
+tcg_temp_free(tmp);
 break;
 case 0x40:
 /* MULL/V */
-- 
1.9.0

Re: [Qemu-devel] [PULL 41/51] allwinner-a10-pit: avoid generation of spurious interrupts

[Peter Maydell]

On 17 April 2014 11:33, Peter Maydell  wrote:
> From: Beniamino Galvani 
> diff --git a/include/hw/timer/allwinner-a10-pit.h 
> b/include/hw/timer/allwinner-a10-pit.h
> index 15efab8..a48d3c7 100644
> --- a/include/hw/timer/allwinner-a10-pit.h
> +++ b/include/hw/timer/allwinner-a10-pit.h
> @@ -35,12 +35,20 @@
>
>  #define AW_A10_PIT_DEFAULT_CLOCK   0x4
>
> +typedef struct AwA10PITState AwA10PITState;
> +
> +typedef struct AwA10TimerContext {
> +AwA10PITState *container;
> +int index;
> +} AwA10TimerContext;
> +
>  typedef struct AwA10PITState {
>  /*< private >*/
>  SysBusDevice parent_obj;
>  /*< public >*/
>  qemu_irq irq[AW_A10_PIT_TIMER_NR];
>  ptimer_state * timer[AW_A10_PIT_TIMER_NR];
> +AwA10TimerContext timer_context[AW_A10_PIT_TIMER_NR];
>  MemoryRegion iomem;
>
>  uint32_t irq_enable;
> --

This turns out to not compile on the mingw32 compiler
(perhaps just because it's a newer gcc?) -- it's pickier
about the fact we've defined this typedef twice. I've applied
the following fixup to the patch and regenerated the
pull request:

cam-vm-266:precise:qemu$ git diff
diff --git a/include/hw/timer/allwinner-a10-pit.h
b/include/hw/timer/allwinner-a10-pit.h
index a48d3c7..2158fc0 100644
--- a/include/hw/timer/allwinner-a10-pit.h
+++ b/include/hw/timer/allwinner-a10-pit.h
@@ -42,7 +42,7 @@ typedef struct AwA10TimerContext {
 int index;
 } AwA10TimerContext;

-typedef struct AwA10PITState {
+struct AwA10PITState {
 /*< private >*/
 SysBusDevice parent_obj;
 /*< public >*/
@@ -61,6 +61,6 @@ typedef struct AwA10PITState {
 uint32_t count_lo;
 uint32_t count_hi;
 uint32_t count_ctl;
-} AwA10PITState;
+};

 #endif

(not resending in the interests of avoiding spamming
the list with 50 patches again...)

thanks
-- PMM

Re: [Qemu-devel] Change of TEXT_OFFSET for multi_v7_defconfig

[Jason Gunthorpe]

On Thu, Apr 17, 2014 at 02:33:43PM -0400, Christopher Covington wrote:
> On 04/16/2014 07:21 PM, Nicolas Pitre wrote:
> > On Wed, 16 Apr 2014, Christopher Covington wrote:
> 
> >> Thank you for the suggestion. This approach also came to mind, but it would
> >> require new documentation and tooling in the JTAG scripts or simulator
> >> equivalent. That's another aspect of the ELF-based approaches that I
> >> like--hopefully existing documentation and tool support could be reused.
> > 
> > The above is useful for loading the raw uncompressed Image without 
> > carrying the full ELF baggage.
> 
> What exactly is the full ELF baggage? Aren't there existing mechanisms to omit
> debugging symbols, for example, if size is of concern?

FWIW, it is a small non-intrusive change to produce ELFs with the
proper LMA, if it is useful for specialized tooling, here is the 3.14
version of the patch I created (I see it needs a bit of cleanup..)
You must also force PATCH_PHYS_VIRT off.

The ELF also has the correct entry point address, so ELF tooling can
just jump into it, after setting the proper register values according
to the boot protocol.

>From ca9763668eed2eaaf0c0c2640f1502c22b68a739 Mon Sep 17 00:00:00 2001
From: Jason Gunthorpe 
Date: Fri, 14 Sep 2012 11:27:17 -0600
Subject: [PATCH] [ARM] Use AT() in the linker script to create correct program
 headers

The standard linux asm-generic/vmlinux.lds.h already supports this,
and it seems other architectures do as well.

The goal is to create an ELF file that has correct program headers. We
want to see the VirtAddr be the runtime address of the kernel with the
MMU turned on, and PhysAddr be the physical load address for the section
with no MMU.

This allows ELF based boot loaders to properly load vmlinux:

$ readelf -l vmlinux
Entry point 0x8000
  Type   Offset   VirtAddr   PhysAddr   FileSiz MemSiz  Flg Align
  LOAD   0x008000 0xc0008000 0x8000 0x372244 0x3a4310 RWE 0x8000

Signed-off-by: Jason Gunthorpe 
---
 arch/arm/include/asm/memory.h |  2 +-
 arch/arm/kernel/vmlinux.lds.S | 51 +--
 2 files changed, 31 insertions(+), 22 deletions(-)

diff --git a/arch/arm/include/asm/memory.h b/arch/arm/include/asm/memory.h
index 8756e4b..551e971 100644
--- a/arch/arm/include/asm/memory.h
+++ b/arch/arm/include/asm/memory.h
@@ -350,7 +350,7 @@ static inline __deprecated void *bus_to_virt(unsigned long 
x)
 #define virt_addr_valid(kaddr) (((unsigned long)(kaddr) >= PAGE_OFFSET && 
(unsigned long)(kaddr) < (unsigned long)high_memory) \
&& pfn_valid(__pa(kaddr) >> PAGE_SHIFT) 
)
 
-#endif
+#endif /* __ASSEMBLY__ */
 
 #include 
 
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index 7bcee5c..15353d2 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -3,6 +3,13 @@
  * Written by Martin Mares 
  */
 
+/* If we have a known, fixed physical load address then set LOAD_OFFSET
+   and generate an ELF that has the physical load address in the program
+   headers. */
+#ifndef CONFIG_ARM_PATCH_PHYS_VIRT
+#define LOAD_OFFSET (PAGE_OFFSET - PLAT_PHYS_OFFSET)
+#endif
+
 #include 
 #include 
 #include 
@@ -43,7 +50,7 @@
 #endif
 
 OUTPUT_ARCH(arm)
-ENTRY(stext)
+ENTRY(phys_start)
 
 #ifndef __ARMEB__
 jiffies = jiffies_64;
@@ -86,11 +93,13 @@ SECTIONS
 #else
. = PAGE_OFFSET + TEXT_OFFSET;
 #endif
-   .head.text : {
+   .head.text : AT(ADDR(.head.text) - LOAD_OFFSET) {
_text = .;
+   phys_start = . - LOAD_OFFSET;
HEAD_TEXT
}
-   .text : {   /* Real text segment*/
+   /* Real text segment */
+   .text :  AT(ADDR(.text) - LOAD_OFFSET) {
_stext = .; /* Text and read-only data  */
__exception_text_start = .;
*(.exception.text)
@@ -128,12 +137,12 @@ SECTIONS
 * Stack unwinding tables
 */
. = ALIGN(8);
-   .ARM.unwind_idx : {
+   .ARM.unwind_idx : AT(ADDR(.ARM.unwind_idx) - LOAD_OFFSET) {
__start_unwind_idx = .;
*(.ARM.exidx*)
__stop_unwind_idx = .;
}
-   .ARM.unwind_tab : {
+   .ARM.unwind_tab : AT(ADDR(.ARM.unwind_tab) - LOAD_OFFSET) {
__start_unwind_tab = .;
*(.ARM.extab*)
__stop_unwind_tab = .;
@@ -153,49 +162,49 @@ SECTIONS
 * only thing that matters is their relative offsets
 */
__vectors_start = .;
-   .vectors 0 : AT(__vectors_start) {
+   .vectors 0 : AT(__vectors_start - LOAD_OFFSET) {
*(.vectors)
}
. = __vectors_start + SIZEOF(.vectors);
__vectors_end = .;
 
__stubs_start = .;
-   .stubs 0x1000 : AT(__stubs_start) {
+   .stubs 0x1000 : AT(__stubs_start - LOAD_OFFSET) {
*(.stubs)
}
. = __stubs

[Qemu-devel] [PATCH v2] Add QEMU logo (SVG file)

[Stefan Weil]

The "Q" of the logo is already included in pc-bios/qemu_logo_no_text.svg.

This file now adds the complete logo as it was designed by Benoît Canet.
Benoît licensed it under CC-BY 3.0, see
http://lists.gnu.org/archive/html/qemu-devel/2012-02/msg02865.html.

Unneeded borders from Benoît's original logo were removed,
and metadata (license, author, date) was added in this version.

Cc: Benoît Canet 
Signed-off-by: Stefan Weil 
---

v2:

* Added metadata (license CC-BY 3.0, author, date).

* Fixed a SVG syntax bug (introduced by myself when I stripped
  some unnecessary lines and removed a ">").

This version is now used on these pages:
https://de.wikipedia.org/wiki/QEMU
https://en.wikipedia.org/wiki/QEMU

Regards
Stefan


 pc-bios/qemu_logo.svg | 1010 +
 1 file changed, 1010 insertions(+)
 create mode 100644 pc-bios/qemu_logo.svg

diff --git a/pc-bios/qemu_logo.svg b/pc-bios/qemu_logo.svg
new file mode 100644
index 000..07b5b51
--- /dev/null
+++ b/pc-bios/qemu_logo.svg
@@ -0,0 +1,1010 @@
+
+
+
+http://purl.org/dc/elements/1.1/";
+   xmlns:cc="http://creativecommons.org/ns#";
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#";
+   xmlns:svg="http://www.w3.org/2000/svg";
+   xmlns="http://www.w3.org/2000/svg";
+   xmlns:xlink="http://www.w3.org/1999/xlink";
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd";
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape";
+   width="351.84259"
+   height="111.86757"
+   id="svg2"
+   version="1.1"
+   inkscape:version="0.48.3.1 r9886"
+   sodipodi:docname="qemu_logo.svg">
+  Kew the Angry Emu
+  
+
+  
+  
+  
+  
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+
+  
+  
+
+
+  
+  
+
+
+
+
+  
+  
+
+
+
+  
+  
+
+
+
+  
+  
+
+
+
+  
+  
+
+
+
+
+  
+  
+
+
+
+  
+  
+
+
+
+  
+  
+
+
+
+  
+  
+
+
+
+  
+  
+
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+
+
+
+  
+  
+
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+
+
+
+  
+  
+
+
+
+  
+  
+
+  
+  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+  
+  
+
+  
+image/svg+xml
+http://purl.org/dc/dcmitype/StillImage"; />
+Kew the Angry Emu
+
+  
+Benoît Canet
+  
+
+
+  
+CC BY 3.0
+  
+
+
+  
+QEMU Community
+  
+
+2012-02-15
+http://creativecommons.org/licenses/by/3.0/"; />
+
+  
+QEMU logo
+QEMU mascot
+  
+
+
http://lists.gnu.org/archive/html/qemu-devel/2012-02/msg01961.html
+  
+  http://creativecommons.org/licenses/by/3.0/";>
+http://creativecommons.org/ns#Reproduction"; />
+http://creativecommons.org/ns#Distribution"; />
+http://creativecommons.org/ns#Notice"; />
+http://creativecommons.org/ns#Attribution"; />
+http://creativecommons.org/ns#DerivativeWorks"; />
+  
+
+  
+  
+
+
+
+
+
+
+EMU
+  
+
-- 
1.7.10.4

[Qemu-devel] [PATCH 35/40] target-alpha: Convert mfpr/mtpr to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 52 ++--
 1 file changed, 19 insertions(+), 33 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index c57e606..7947a1a 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -1274,16 +1274,10 @@ static int cpu_pr_data(int pr)
 return 0;
 }
 
-static ExitStatus gen_mfpr(int ra, int regno)
+static ExitStatus gen_mfpr(TCGv va, int regno)
 {
 int data = cpu_pr_data(regno);
 
-/* In our emulated PALcode, these processor registers have no
-   side effects from reading.  */
-if (ra == 31) {
-return NO_EXIT;
-}
-
 /* Special help for VMTIME and WALLTIME.  */
 if (regno == 250 || regno == 249) {
void (*helper)(TCGv) = gen_helper_get_walltime;
@@ -1292,11 +1286,11 @@ static ExitStatus gen_mfpr(int ra, int regno)
}
 if (use_icount) {
 gen_io_start();
-helper(cpu_ir[ra]);
+helper(va);
 gen_io_end();
 return EXIT_PC_STALE;
 } else {
-helper(cpu_ir[ra]);
+helper(va);
 return NO_EXIT;
 }
 }
@@ -1304,28 +1298,22 @@ static ExitStatus gen_mfpr(int ra, int regno)
 /* The basic registers are data only, and unknown registers
are read-zero, write-ignore.  */
 if (data == 0) {
-tcg_gen_movi_i64(cpu_ir[ra], 0);
+tcg_gen_movi_i64(va, 0);
 } else if (data & PR_BYTE) {
-tcg_gen_ld8u_i64(cpu_ir[ra], cpu_env, data & ~PR_BYTE);
+tcg_gen_ld8u_i64(va, cpu_env, data & ~PR_BYTE);
 } else if (data & PR_LONG) {
-tcg_gen_ld32s_i64(cpu_ir[ra], cpu_env, data & ~PR_LONG);
+tcg_gen_ld32s_i64(va, cpu_env, data & ~PR_LONG);
 } else {
-tcg_gen_ld_i64(cpu_ir[ra], cpu_env, data);
+tcg_gen_ld_i64(va, cpu_env, data);
 }
 return NO_EXIT;
 }
 
-static ExitStatus gen_mtpr(DisasContext *ctx, int rb, int regno)
+static ExitStatus gen_mtpr(DisasContext *ctx, TCGv vb, int regno)
 {
 TCGv tmp;
 int data;
 
-if (rb == 31) {
-tmp = tcg_const_i64(0);
-} else {
-tmp = cpu_ir[rb];
-}
-
 switch (regno) {
 case 255:
 /* TBIA */
@@ -1334,7 +1322,7 @@ static ExitStatus gen_mtpr(DisasContext *ctx, int rb, int 
regno)
 
 case 254:
 /* TBIS */
-gen_helper_tbis(cpu_env, tmp);
+gen_helper_tbis(cpu_env, vb);
 break;
 
 case 253:
@@ -1346,17 +1334,17 @@ static ExitStatus gen_mtpr(DisasContext *ctx, int rb, 
int regno)
 
 case 252:
 /* HALT */
-gen_helper_halt(tmp);
+gen_helper_halt(vb);
 return EXIT_PC_STALE;
 
 case 251:
 /* ALARM */
-gen_helper_set_alarm(cpu_env, tmp);
+gen_helper_set_alarm(cpu_env, vb);
 break;
 
 case 7:
 /* PALBR */
-tcg_gen_st_i64(tmp, cpu_env, offsetof(CPUAlphaState, palbr));
+tcg_gen_st_i64(vb, cpu_env, offsetof(CPUAlphaState, palbr));
 /* Changing the PAL base register implies un-chaining all of the TBs
that ended with a CALL_PAL.  Since the base register usually only
changes during boot, flushing everything works well.  */
@@ -1369,20 +1357,16 @@ static ExitStatus gen_mtpr(DisasContext *ctx, int rb, 
int regno)
 data = cpu_pr_data(regno);
 if (data != 0) {
 if (data & PR_BYTE) {
-tcg_gen_st8_i64(tmp, cpu_env, data & ~PR_BYTE);
+tcg_gen_st8_i64(vb, cpu_env, data & ~PR_BYTE);
 } else if (data & PR_LONG) {
-tcg_gen_st32_i64(tmp, cpu_env, data & ~PR_LONG);
+tcg_gen_st32_i64(vb, cpu_env, data & ~PR_LONG);
 } else {
-tcg_gen_st_i64(tmp, cpu_env, data);
+tcg_gen_st_i64(vb, cpu_env, data);
 }
 }
 break;
 }
 
-if (rb == 31) {
-tcg_temp_free(tmp);
-}
-
 return NO_EXIT;
 }
 #endif /* !USER_ONLY*/
@@ -2328,7 +2312,8 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 /* HW_MFPR (PALcode) */
 #ifndef CONFIG_USER_ONLY
 REQUIRE_TB_FLAG(TB_FLAGS_PAL_MODE);
-return gen_mfpr(ra, insn & 0x);
+va = dest_gpr(ctx, ra);
+return gen_mfpr(va, insn & 0x);
 #else
 goto invalid_opc;
 #endif
@@ -2562,7 +2547,8 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 /* HW_MTPR (PALcode) */
 #ifndef CONFIG_USER_ONLY
 REQUIRE_TB_FLAG(TB_FLAGS_PAL_MODE);
-return gen_mtpr(ctx, rb, insn & 0x);
+vb = load_gpr(ctx, rb);
+return gen_mtpr(ctx, vb, insn & 0x);
 #else
 goto invalid_opc;
 #endif
-- 
1.9.0

Re: [Qemu-devel] Change of TEXT_OFFSET for multi_v7_defconfig

[Russell King - ARM Linux]

On Thu, Apr 17, 2014 at 04:06:16PM -0400, Nicolas Pitre wrote:
> On Thu, 17 Apr 2014, Rob Herring wrote:
> > Better yet, we should adopt the arm64 Image header which has this and
> > other fields for arm Image files. We're going to have to deal with raw
> > Image (and Image.gz) in bootloaders for arm64, so we might as well
> > align things.
> 
> We could use the same header as ARM64 if we want to add more information 
> to the uncompressed kernel image.
> 
> However I really don't want to encourage the proliferation of yet 
> another kernel image formats on ARM32.  We've had zImage for the last 20 
> years and that's what ARM32 bootloaders should support.  The 
> introduction of the uImage format caused enough pain already.
> 
> Booting uncompressed kernel image on ARM32 may be useful for some 
> debugging setups.  I don't see other cases where it would be legitimate 
> to break existing practices.

Me neither.  We even have good enough reasons (such as the issue in this
thread to do with where the image should be placed) no longer support
uncompressed images anymore.  (Yes, they'll still be generated because
we need the input to compress them, but we should stop advertising them
as a make target.)

-- 
FTTC broadband for 0.8mile line: now at 9.7Mbps down 460kbps up... slowly
improving, and getting towards what was expected from it.

Re: [Qemu-devel] [PULL for-2.1 00/25] tcg-aarch64 improvements

[Peter Maydell]

On 16 April 2014 17:17, Richard Henderson  wrote:
> Thanks for the patience during 5 iterations of this patch set,
> but it's all reviewed now awaiting the opening of version 2.1.
>
>
> r~
>
>
> The following changes since commit 851627352c52b5beebf119785885391fa05a44c5:
>
>   Update version for v2.0.0-rc3 release (2014-04-14 17:45:11 +0100)
>
> are available in the git repository at:
>
>   git://github.com/rth7680/qemu.git tcg-aarch-6-5
>
> for you to fetch changes up to b825025f08823453929ad02cb16dcfbab7eab327:
>
>   tcg-aarch64: Use tcg_out_mov in preference to tcg_out_movr (2014-04-16 
> 12:13:02 -0400)

Applied, thanks.

-- PMM

[Qemu-devel] [PATCH 24/40] target-alpha: Convert gen_zap/not to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 41 +++--
 1 file changed, 11 insertions(+), 30 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 5e52674..cdece84 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -1169,38 +1169,11 @@ static void gen_zapnoti(TCGv dest, TCGv src, uint8_t 
lit)
 tcg_gen_mov_i64(dest, src);
 break;
 default:
-tcg_gen_andi_i64 (dest, src, zapnot_mask (lit));
+tcg_gen_andi_i64(dest, src, zapnot_mask(lit));
 break;
 }
 }
 
-static inline void gen_zapnot(int ra, int rb, int rc, int islit, uint8_t lit)
-{
-if (unlikely(rc == 31)) {
-return;
-} else if (unlikely(ra == 31)) {
-tcg_gen_movi_i64(cpu_ir[rc], 0);
-} else if (islit) {
-gen_zapnoti(cpu_ir[rc], cpu_ir[ra], lit);
-} else {
-gen_helper_zapnot (cpu_ir[rc], cpu_ir[ra], cpu_ir[rb]);
-}
-}
-
-static inline void gen_zap(int ra, int rb, int rc, int islit, uint8_t lit)
-{
-if (unlikely(rc == 31)) {
-return;
-} else if (unlikely(ra == 31)) {
-tcg_gen_movi_i64(cpu_ir[rc], 0);
-} else if (islit) {
-gen_zapnoti(cpu_ir[rc], cpu_ir[ra], ~lit);
-} else {
-gen_helper_zap (cpu_ir[rc], cpu_ir[ra], cpu_ir[rb]);
-}
-}
-
-
 /* EXTWH, EXTLH, EXTQH */
 static void gen_ext_h(DisasContext *ctx, TCGv vc, TCGv va, int rb, bool islit,
   uint8_t lit, uint8_t byte_mask)
@@ -2111,11 +2084,19 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x30:
 /* ZAP */
-gen_zap(ra, rb, rc, islit, lit);
+if (islit) {
+gen_zapnoti(vc, va, ~lit);
+} else {
+gen_helper_zap(vc, va, load_gpr(ctx, rb));
+}
 break;
 case 0x31:
 /* ZAPNOT */
-gen_zapnot(ra, rb, rc, islit, lit);
+if (islit) {
+gen_zapnoti(vc, va, lit);
+} else {
+gen_helper_zapnot(vc, va, load_gpr(ctx, rb));
+}
 break;
 case 0x32:
 /* MSKQL */
-- 
1.9.0

Re: [Qemu-devel] Change of TEXT_OFFSET for multi_v7_defconfig

[Nicolas Pitre]

On Thu, 17 Apr 2014, Rob Herring wrote:

> On Wed, Apr 16, 2014 at 2:14 PM, Nicolas Pitre  
> wrote:
> > On Wed, 16 Apr 2014, Christopher Covington wrote:
> >
> >> On 04/15/2014 06:44 AM, Daniel Thompson wrote:
> >> > Hi Folks
> 
> [snip]
> 
> >> Or could we patch up the linker script to set zero-based ELF load
> >> memory addresses (LMAs) [4] so that the physical addresses are almost 
> >> right,
> >> you just might have to add a system-specific RAM offset, perhaps pulled 
> >> out of
> >> the device tree? If that won't work, we could generate some kind of
> >> vmlinux-phys with physical addresses. The latter two options might also
> >> simplify external debugging before __turn_mmu_on(). I like the sound of the
> >> LMA approach best, assuming it doesn't break existing stuff (I notice a 
> >> few AT
> >> directives in vmlinux.lds.S). Some of this might transfer to arm64 as well.
> >> What do you all think?
> >
> > If you really really want to get at the TEXT_OFFSET value in the
> > uncompressed image, the simplest way would be:
> >
> > diff --git a/arch/arm/kernel/head.S b/arch/arm/kernel/head.S
> > index f8c08839ed..de84d0635a 100644
> > --- a/arch/arm/kernel/head.S
> > +++ b/arch/arm/kernel/head.S
> > @@ -78,6 +78,11 @@
> >
> > __HEAD
> >  ENTRY(stext)
> > +
> > +   b   1f
> > +   .word   TEXT_OFFSET @ located at a 4-byte offset in 
> > Image
> > +1:
> > +
> >   ARM_BE8(setendbe )@ ensure we are in BE8 mode
> >
> >   THUMB(adr r9, BSYM(1f))   @ Kernel is always entered 
> > in ARM.
> >
> > This way the first word for Image would always be 0xea00 and the
> > second one would be TEXT_OFFSET.  No other kernel Image binaries ever
> > had 0xea00 as their first word so that also let you validate whether
> > or not the TEXT_OFFSET value is there.
> 
> Better yet, we should adopt the arm64 Image header which has this and
> other fields for arm Image files. We're going to have to deal with raw
> Image (and Image.gz) in bootloaders for arm64, so we might as well
> align things.

We could use the same header as ARM64 if we want to add more information 
to the uncompressed kernel image.

However I really don't want to encourage the proliferation of yet 
another kernel image formats on ARM32.  We've had zImage for the last 20 
years and that's what ARM32 bootloaders should support.  The 
introduction of the uImage format caused enough pain already.

Booting uncompressed kernel image on ARM32 may be useful for some 
debugging setups.  I don't see other cases where it would be legitimate 
to break existing practices.


Nicolas

[Qemu-devel] [PATCH 16/40] target-alpha: Convert gen_load/store_mem to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 67 +---
 1 file changed, 29 insertions(+), 38 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 519ccf3..a72f10f 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -279,10 +279,10 @@ static inline void gen_qemu_ldq_l(TCGv t0, TCGv t1, int 
flags)
 static inline void gen_load_mem(DisasContext *ctx,
 void (*tcg_gen_qemu_load)(TCGv t0, TCGv t1,
   int flags),
-int ra, int rb, int32_t disp16, int fp,
-int clear)
+int ra, int rb, int32_t disp16, bool fp,
+bool clear)
 {
-TCGv addr, va;
+TCGv tmp, addr, va;
 
 /* LDQ_U with ra $31 is UNOP.  Other various loads are forms of
prefetches, which we can treat as nops.  No worries about
@@ -291,23 +291,22 @@ static inline void gen_load_mem(DisasContext *ctx,
 return;
 }
 
-addr = tcg_temp_new();
-if (rb != 31) {
-tcg_gen_addi_i64(addr, cpu_ir[rb], disp16);
-if (clear) {
-tcg_gen_andi_i64(addr, addr, ~0x7);
-}
-} else {
-if (clear) {
-disp16 &= ~0x7;
-}
-tcg_gen_movi_i64(addr, disp16);
+tmp = tcg_temp_new();
+addr = load_gpr(ctx, rb);
+
+if (disp16) {
+tcg_gen_addi_i64(tmp, addr, disp16);
+addr = tmp;
+}
+if (clear) {
+tcg_gen_andi_i64(tmp, addr, ~0x7);
+addr = tmp;
 }
 
 va = (fp ? cpu_fir[ra] : cpu_ir[ra]);
 tcg_gen_qemu_load(va, addr, ctx->mem_idx);
 
-tcg_temp_free(addr);
+tcg_temp_free(tmp);
 }
 
 static inline void gen_qemu_stf(TCGv t0, TCGv t1, int flags)
@@ -337,35 +336,27 @@ static inline void gen_qemu_sts(TCGv t0, TCGv t1, int 
flags)
 static inline void gen_store_mem(DisasContext *ctx,
  void (*tcg_gen_qemu_store)(TCGv t0, TCGv t1,
 int flags),
- int ra, int rb, int32_t disp16, int fp,
- int clear)
+ int ra, int rb, int32_t disp16, bool fp,
+ bool clear)
 {
-TCGv addr, va;
+TCGv tmp, addr, va;
 
-addr = tcg_temp_new();
-if (rb != 31) {
-tcg_gen_addi_i64(addr, cpu_ir[rb], disp16);
-if (clear) {
-tcg_gen_andi_i64(addr, addr, ~0x7);
-}
-} else {
-if (clear) {
-disp16 &= ~0x7;
-}
-tcg_gen_movi_i64(addr, disp16);
-}
+tmp = tcg_temp_new();
+addr = load_gpr(ctx, rb);
 
-if (ra == 31) {
-va = tcg_const_i64(0);
-} else {
-va = (fp ? cpu_fir[ra] : cpu_ir[ra]);
+if (disp16) {
+tcg_gen_addi_i64(tmp, addr, disp16);
+addr = tmp;
 }
+if (clear) {
+tcg_gen_andi_i64(tmp, addr, ~0x7);
+addr = tmp;
+}
+
+va = (fp ? load_fpr(ctx, ra) : load_gpr(ctx, ra));
 tcg_gen_qemu_store(va, addr, ctx->mem_idx);
 
-tcg_temp_free(addr);
-if (ra == 31) {
-tcg_temp_free(va);
-}
+tcg_temp_free(tmp);
 }
 
 static ExitStatus gen_store_conditional(DisasContext *ctx, int ra, int rb,
-- 
1.9.0

Re: [Qemu-devel] [PULL 00/02] seccomp: adding new syscalls to the whitelist

[Peter Maydell]

On 14 April 2014 19:00, Eduardo Otubo  wrote:
> The following changes since commit 750036a848ea913ba6343718ffa70da98f7eef6b:
>
>   Merge remote-tracking branch 'remotes/afaerber/tags/prep-for-upstream' into 
> staging (2014-03-12 17:53:37 +)
>
> are available in the git repository at:
>
>   git://github.com/otubo/qemu.git seccomp
>
> for you to fetch changes up to 156e1fe648a4ac9391e974d430f2935a2911c512

This *still* doesn't have your signed-off-by line on the commits you're
asking me to pull. Please don't resubmit this pull request untill you're
sure you've fixed this.

thanks
-- PMM

[Qemu-devel] trunk reopened for 2.1 development

[Peter Maydell]

Thanks to everybody who helped in getting the 2.0 release
out of the door; I have reopened the trunk for 2.1 development
and am processing a few of the pull requests that we've got
lined up already.

-- PMM

[Qemu-devel] [PATCH 40/40] target-alpha: Remove cpu_unique, cpu_sysval, cpu_usp

[Richard Henderson]

Technically, these variables could have been referenced both via
offsets from env and as TCG registers, which would be illegal.
Of course, that could only be done from PALcode, and ours doesn't
do that.

But honestly, these are used infrequently enough that they don't
really need to be TCG registers.  We wind up with exactly the same
code if we follow the letter of the law and issue explicit ld/st.

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 37 ++---
 1 file changed, 18 insertions(+), 19 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 80a40d2..d0357ff 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -89,11 +89,6 @@ static TCGv cpu_pc;
 static TCGv cpu_lock_addr;
 static TCGv cpu_lock_st_addr;
 static TCGv cpu_lock_value;
-static TCGv cpu_unique;
-#ifndef CONFIG_USER_ONLY
-static TCGv cpu_sysval;
-static TCGv cpu_usp;
-#endif
 
 #include "exec/gen-icount.h"
 
@@ -107,11 +102,6 @@ void alpha_translate_init(void)
 DEF_VAR(lock_addr),
 DEF_VAR(lock_st_addr),
 DEF_VAR(lock_value),
-DEF_VAR(unique),
-#ifndef CONFIG_USER_ONLY
-DEF_VAR(sysval),
-DEF_VAR(usp),
-#endif
 };
 
 #undef DEF_VAR
@@ -1139,11 +1129,13 @@ static ExitStatus gen_call_pal(DisasContext *ctx, int 
palcode)
 break;
 case 0x9E:
 /* RDUNIQUE */
-tcg_gen_mov_i64(cpu_ir[IR_V0], cpu_unique);
+tcg_gen_ld_i64(cpu_ir[IR_V0], cpu_env,
+   offsetof(CPUAlphaState, unique));
 break;
 case 0x9F:
 /* WRUNIQUE */
-tcg_gen_mov_i64(cpu_unique, cpu_ir[IR_A0]);
+tcg_gen_st_i64(cpu_ir[IR_A0], cpu_env,
+   offsetof(CPUAlphaState, unique));
 break;
 default:
 palcode &= 0xbf;
@@ -1166,15 +1158,18 @@ static ExitStatus gen_call_pal(DisasContext *ctx, int 
palcode)
 break;
 case 0x2D:
 /* WRVPTPTR */
-tcg_gen_st_i64(cpu_ir[IR_A0], cpu_env, offsetof(CPUAlphaState, 
vptptr));
+tcg_gen_st_i64(cpu_ir[IR_A0], cpu_env,
+   offsetof(CPUAlphaState, vptptr));
 break;
 case 0x31:
 /* WRVAL */
-tcg_gen_mov_i64(cpu_sysval, cpu_ir[IR_A0]);
+tcg_gen_st_i64(cpu_ir[IR_A0], cpu_env,
+   offsetof(CPUAlphaState, sysval));
 break;
 case 0x32:
 /* RDVAL */
-tcg_gen_mov_i64(cpu_ir[IR_V0], cpu_sysval);
+tcg_gen_ld_i64(cpu_ir[IR_V0], cpu_env,
+   offsetof(CPUAlphaState, sysval));
 break;
 
 case 0x35: {
@@ -1183,7 +1178,8 @@ static ExitStatus gen_call_pal(DisasContext *ctx, int 
palcode)
 
 /* Note that we already know we're in kernel mode, so we know
that PS only contains the 3 IPL bits.  */
-tcg_gen_ld8u_i64(cpu_ir[IR_V0], cpu_env, offsetof(CPUAlphaState, 
ps));
+tcg_gen_ld8u_i64(cpu_ir[IR_V0], cpu_env,
+ offsetof(CPUAlphaState, ps));
 
 /* But make sure and store only the 3 IPL bits from the user.  */
 tmp = tcg_temp_new();
@@ -1195,15 +1191,18 @@ static ExitStatus gen_call_pal(DisasContext *ctx, int 
palcode)
 
 case 0x36:
 /* RDPS */
-tcg_gen_ld8u_i64(cpu_ir[IR_V0], cpu_env, offsetof(CPUAlphaState, 
ps));
+tcg_gen_ld8u_i64(cpu_ir[IR_V0], cpu_env,
+ offsetof(CPUAlphaState, ps));
 break;
 case 0x38:
 /* WRUSP */
-tcg_gen_mov_i64(cpu_usp, cpu_ir[IR_A0]);
+tcg_gen_st_i64(cpu_ir[IR_A0], cpu_env,
+   offsetof(CPUAlphaState, usp));
 break;
 case 0x3A:
 /* RDUSP */
-tcg_gen_mov_i64(cpu_ir[IR_V0], cpu_usp);
+tcg_gen_st_i64(cpu_ir[IR_V0], cpu_env,
+   offsetof(CPUAlphaState, usp));
 break;
 case 0x3C:
 /* WHAMI */
-- 
1.9.0

[Qemu-devel] [PATCH 39/40] target-alpha: Tidy alpha_translate_init

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 78 ++--
 1 file changed, 43 insertions(+), 35 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index d5de9bc..80a40d2 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -95,59 +95,67 @@ static TCGv cpu_sysval;
 static TCGv cpu_usp;
 #endif
 
-/* register names */
-static char cpu_reg_names[10*4+21*5 + 10*5+21*6];
-
 #include "exec/gen-icount.h"
 
 void alpha_translate_init(void)
 {
+#define DEF_VAR(V)  { &cpu_##V, #V, offsetof(CPUAlphaState, V) }
+
+typedef struct { TCGv *var; const char *name; int ofs; } GlobalVar;
+static const GlobalVar vars[] = {
+DEF_VAR(pc),
+DEF_VAR(lock_addr),
+DEF_VAR(lock_st_addr),
+DEF_VAR(lock_value),
+DEF_VAR(unique),
+#ifndef CONFIG_USER_ONLY
+DEF_VAR(sysval),
+DEF_VAR(usp),
+#endif
+};
+
+#undef DEF_VAR
+
+/* Use the symbolic register names that match the disassembler.  */
+static const char greg_names[31][4] = {
+"v0", "t0", "t1", "t2", "t3", "t4", "t5", "t6",
+"t7", "s0", "s1", "s2", "s3", "s4", "s5", "fp",
+"a0", "a1", "a2", "a3", "a4", "a5", "t8", "t9",
+"t10", "t11", "ra", "t12", "at", "gp", "sp"
+};
+static const char freg_names[31][4] = {
+"f0", "f1", "f2", "f3", "f4", "f5", "f6", "f7",
+"f8", "f9", "f10", "f11", "f12", "f13", "f14", "f15",
+"f16", "f17", "f18", "f19", "f20", "f21", "f22", "f23",
+"f24", "f25", "f26", "f27", "f28", "f29", "f30"
+};
+
+static bool done_init = 0;
 int i;
-char *p;
-static int done_init = 0;
 
 if (done_init) {
 return;
 }
+done_init = 1;
 
 cpu_env = tcg_global_reg_new_ptr(TCG_AREG0, "env");
 
-p = cpu_reg_names;
 for (i = 0; i < 31; i++) {
-sprintf(p, "ir%d", i);
 cpu_ir[i] = tcg_global_mem_new_i64(TCG_AREG0,
-   offsetof(CPUAlphaState, ir[i]), p);
-p += (i < 10) ? 4 : 5;
+   offsetof(CPUAlphaState, ir[i]),
+   greg_names[i]);
+}
 
-sprintf(p, "fir%d", i);
+for (i = 0; i < 31; i++) {
 cpu_fir[i] = tcg_global_mem_new_i64(TCG_AREG0,
-offsetof(CPUAlphaState, fir[i]), 
p);
-p += (i < 10) ? 5 : 6;
+offsetof(CPUAlphaState, fir[i]),
+freg_names[i]);
 }
 
-cpu_pc = tcg_global_mem_new_i64(TCG_AREG0,
-offsetof(CPUAlphaState, pc), "pc");
-
-cpu_lock_addr = tcg_global_mem_new_i64(TCG_AREG0,
-  offsetof(CPUAlphaState, lock_addr),
-  "lock_addr");
-cpu_lock_st_addr = tcg_global_mem_new_i64(TCG_AREG0,
- offsetof(CPUAlphaState, 
lock_st_addr),
- "lock_st_addr");
-cpu_lock_value = tcg_global_mem_new_i64(TCG_AREG0,
-   offsetof(CPUAlphaState, lock_value),
-   "lock_value");
-
-cpu_unique = tcg_global_mem_new_i64(TCG_AREG0,
-offsetof(CPUAlphaState, unique), 
"unique");
-#ifndef CONFIG_USER_ONLY
-cpu_sysval = tcg_global_mem_new_i64(TCG_AREG0,
-offsetof(CPUAlphaState, sysval), 
"sysval");
-cpu_usp = tcg_global_mem_new_i64(TCG_AREG0,
- offsetof(CPUAlphaState, usp), "usp");
-#endif
-
-done_init = 1;
+for (i = 0; i < ARRAY_SIZE(vars); ++i) {
+const GlobalVar *v = &vars[i];
+*v->var = tcg_global_mem_new_i64(TCG_AREG0, v->ofs, v->name);
+}
 }
 
 static TCGv load_zero(DisasContext *ctx)
-- 
1.9.0

[Qemu-devel] [PATCH 34/40] target-alpha: Convert gen_cpys et al to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 100 ---
 1 file changed, 24 insertions(+), 76 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 59ae23d..c57e606 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -836,79 +836,22 @@ static inline void glue(gen_f, name)(DisasContext *ctx,   
  \
 IEEE_INTCVT(cvtqs)
 IEEE_INTCVT(cvtqt)
 
-static void gen_cpys_internal(int ra, int rb, int rc, int inv_a, uint64_t mask)
+static void gen_cpy_mask(TCGv vc, TCGv va, TCGv vb, bool inv_a, uint64_t mask)
 {
-TCGv va, vb, vmask;
-int za = 0, zb = 0;
+TCGv vmask = tcg_const_i64(mask);
+TCGv tmp = tcg_temp_new_i64();
 
-if (unlikely(rc == 31)) {
-return;
-}
-
-vmask = tcg_const_i64(mask);
-
-TCGV_UNUSED_I64(va);
-if (ra == 31) {
-if (inv_a) {
-va = vmask;
-} else {
-za = 1;
-}
+if (inv_a) {
+tcg_gen_andc_i64(tmp, vmask, va);
 } else {
-va = tcg_temp_new_i64();
-tcg_gen_mov_i64(va, cpu_fir[ra]);
-if (inv_a) {
-tcg_gen_andc_i64(va, vmask, va);
-} else {
-tcg_gen_and_i64(va, va, vmask);
-}
+tcg_gen_and_i64(tmp, va, vmask);
 }
 
-TCGV_UNUSED_I64(vb);
-if (rb == 31) {
-zb = 1;
-} else {
-vb = tcg_temp_new_i64();
-tcg_gen_andc_i64(vb, cpu_fir[rb], vmask);
-}
-
-switch (za << 1 | zb) {
-case 0 | 0:
-tcg_gen_or_i64(cpu_fir[rc], va, vb);
-break;
-case 0 | 1:
-tcg_gen_mov_i64(cpu_fir[rc], va);
-break;
-case 2 | 0:
-tcg_gen_mov_i64(cpu_fir[rc], vb);
-break;
-case 2 | 1:
-tcg_gen_movi_i64(cpu_fir[rc], 0);
-break;
-}
+tcg_gen_andc_i64(vc, vb, vmask);
+tcg_gen_or_i64(vc, vc, tmp);
 
 tcg_temp_free(vmask);
-if (ra != 31) {
-tcg_temp_free(va);
-}
-if (rb != 31) {
-tcg_temp_free(vb);
-}
-}
-
-static inline void gen_fcpys(int ra, int rb, int rc)
-{
-gen_cpys_internal(ra, rb, rc, 0, 0x8000ULL);
-}
-
-static inline void gen_fcpysn(int ra, int rb, int rc)
-{
-gen_cpys_internal(ra, rb, rc, 1, 0x8000ULL);
-}
-
-static inline void gen_fcpyse(int ra, int rb, int rc)
-{
-gen_cpys_internal(ra, rb, rc, 0, 0xFFF0ULL);
+tcg_temp_free(tmp);
 }
 
 static void gen_ieee_arith3(DisasContext *ctx,
@@ -2238,26 +2181,31 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 /* CPYS */
 if (rc == 31) {
 /* Special case CPYS as FNOP.  */
-} else if (ra == rb) {
+} else {
 vc = dest_fpr(ctx, rc);
-/* Special case CPYS as FMOV.  */
-if (ra == 31) {
-tcg_gen_movi_i64(vc, 0);
-} else {
-va = load_fpr(ctx, ra);
+va = load_fpr(ctx, ra);
+if (ra == rb) {
+/* Special case CPYS as FMOV.  */
 tcg_gen_mov_i64(vc, va);
+} else {
+vb = load_fpr(ctx, rb);
+gen_cpy_mask(vc, va, vb, 0, 0x8000ULL);
 }
-} else {
-gen_fcpys(ra, rb, rc);
 }
 break;
 case 0x021:
 /* CPYSN */
-gen_fcpysn(ra, rb, rc);
+vc = dest_fpr(ctx, rc);
+vb = load_fpr(ctx, rb);
+va = load_fpr(ctx, ra);
+gen_cpy_mask(vc, va, vb, 1, 0x8000ULL);
 break;
 case 0x022:
 /* CPYSE */
-gen_fcpyse(ra, rb, rc);
+vc = dest_fpr(ctx, rc);
+vb = load_fpr(ctx, rb);
+va = load_fpr(ctx, ra);
+gen_cpy_mask(vc, va, vb, 0, 0xFFF0ULL);
 break;
 case 0x024:
 /* MT_FPCR */
-- 
1.9.0

[Qemu-devel] [PATCH 31/40] target-alpha: Convert gen_bcond to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 24 ++--
 1 file changed, 6 insertions(+), 18 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index ec5b523..31136f9 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -497,15 +497,11 @@ static ExitStatus gen_bcond(DisasContext *ctx, TCGCond 
cond, int ra,
 {
 TCGv cmp_tmp;
 
-if (unlikely(ra == 31)) {
-cmp_tmp = tcg_const_i64(0);
-} else {
+if (mask) {
 cmp_tmp = tcg_temp_new();
-if (mask) {
-tcg_gen_andi_i64(cmp_tmp, cpu_ir[ra], 1);
-} else {
-tcg_gen_mov_i64(cmp_tmp, cpu_ir[ra]);
-}
+tcg_gen_andi_i64(cmp_tmp, load_gpr(ctx, ra), 1);
+} else {
+cmp_tmp = load_gpr(ctx, ra);
 }
 
 return gen_bcond_internal(ctx, cond, cmp_tmp, disp);
@@ -546,16 +542,8 @@ static void gen_fold_mzero(TCGCond cond, TCGv dest, TCGv 
src)
 static ExitStatus gen_fbcond(DisasContext *ctx, TCGCond cond, int ra,
  int32_t disp)
 {
-TCGv cmp_tmp;
-
-if (unlikely(ra == 31)) {
-/* Very uncommon case, but easier to optimize it to an integer
-   comparison than continuing with the floating point comparison.  */
-return gen_bcond(ctx, cond, ra, disp, 0);
-}
-
-cmp_tmp = tcg_temp_new();
-gen_fold_mzero(cond, cmp_tmp, cpu_fir[ra]);
+TCGv cmp_tmp = tcg_temp_new();
+gen_fold_mzero(cond, cmp_tmp, load_fpr(ctx, ra));
 return gen_bcond_internal(ctx, cond, cmp_tmp, disp);
 }
 
-- 
1.9.0

[Qemu-devel] [PATCH 29/40] target-alpha: Convert gen_ieee_input to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 32 +---
 1 file changed, 13 insertions(+), 19 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index ef04872..f6ebf54 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -670,21 +670,21 @@ static void gen_qual_flushzero(DisasContext *ctx, int 
fn11)
 tcg_temp_free_i32(tmp);
 }
 
-static TCGv gen_ieee_input(int reg, int fn11, int is_cmp)
+static TCGv gen_ieee_input(DisasContext *ctx, int reg, int fn11, int is_cmp)
 {
 TCGv val;
-if (reg == 31) {
-val = tcg_const_i64(0);
+
+if (unlikely(reg == 31)) {
+val = load_zero(ctx);
 } else {
+val = cpu_fir[reg];
 if ((fn11 & QUAL_S) == 0) {
 if (is_cmp) {
-gen_helper_ieee_input_cmp(cpu_env, cpu_fir[reg]);
+gen_helper_ieee_input_cmp(cpu_env, val);
 } else {
-gen_helper_ieee_input(cpu_env, cpu_fir[reg]);
+gen_helper_ieee_input(cpu_env, val);
 }
 }
-val = tcg_temp_new();
-tcg_gen_mov_i64(val, cpu_fir[reg]);
 }
 return val;
 }
@@ -817,9 +817,8 @@ static void gen_ieee_arith2(DisasContext *ctx,
 gen_qual_flushzero(ctx, fn11);
 gen_fp_exc_clear();
 
-vb = gen_ieee_input(rb, fn11, 0);
+vb = gen_ieee_input(ctx, rb, fn11, 0);
 helper(cpu_fir[rc], cpu_env, vb);
-tcg_temp_free(vb);
 
 gen_fp_exc_raise(rc, fn11);
 }
@@ -848,7 +847,7 @@ static void gen_fcvttq(DisasContext *ctx, int rb, int rc, 
int fn11)
 
 /* No need to set flushzero, since we have an integer output.  */
 gen_fp_exc_clear();
-vb = gen_ieee_input(rb, fn11, 0);
+vb = gen_ieee_input(ctx, rb, fn11, 0);
 
 /* Almost all integer conversions use cropped rounding, and most
also do not have integer overflow enabled.  Special case that.  */
@@ -870,7 +869,6 @@ static void gen_fcvttq(DisasContext *ctx, int rb, int rc, 
int fn11)
 ignore |= (fn11 & QUAL_I ? 0 : float_flag_inexact);
 break;
 }
-tcg_temp_free(vb);
 
 gen_fp_exc_raise_ignore(rc, fn11, ignore);
 }
@@ -1011,11 +1009,9 @@ static void gen_ieee_arith3(DisasContext *ctx,
 gen_qual_flushzero(ctx, fn11);
 gen_fp_exc_clear();
 
-va = gen_ieee_input(ra, fn11, 0);
-vb = gen_ieee_input(rb, fn11, 0);
+va = gen_ieee_input(ctx, ra, fn11, 0);
+vb = gen_ieee_input(ctx, rb, fn11, 0);
 helper(cpu_fir[rc], cpu_env, va, vb);
-tcg_temp_free(va);
-tcg_temp_free(vb);
 
 gen_fp_exc_raise(rc, fn11);
 }
@@ -1049,11 +1045,9 @@ static void gen_ieee_compare(DisasContext *ctx,
 
 gen_fp_exc_clear();
 
-va = gen_ieee_input(ra, fn11, 1);
-vb = gen_ieee_input(rb, fn11, 1);
+va = gen_ieee_input(ctx, ra, fn11, 1);
+vb = gen_ieee_input(ctx, rb, fn11, 1);
 helper(cpu_fir[rc], cpu_env, va, vb);
-tcg_temp_free(va);
-tcg_temp_free(vb);
 
 gen_fp_exc_raise(rc, fn11);
 }
-- 
1.9.0

Re: [Qemu-devel] Change of TEXT_OFFSET for multi_v7_defconfig

[Nicolas Pitre]

On Thu, 17 Apr 2014, Christopher Covington wrote:

> On 04/16/2014 07:21 PM, Nicolas Pitre wrote:
> > On Wed, 16 Apr 2014, Christopher Covington wrote:
> 
> >> Thank you for the suggestion. This approach also came to mind, but it would
> >> require new documentation and tooling in the JTAG scripts or simulator
> >> equivalent. That's another aspect of the ELF-based approaches that I
> >> like--hopefully existing documentation and tool support could be reused.
> > 
> > The above is useful for loading the raw uncompressed Image without 
> > carrying the full ELF baggage.
> 
> What exactly is the full ELF baggage? Aren't there existing mechanisms to omit
> debugging symbols, for example, if size is of concern?

Most existing bootloaders don't have the ability to parse ELF files.  
This is therefore not the typical kernel image format.  The uncompressed 
kernel image is not very typical either, but like zImage it doesn't rely 
on any parser in the bootloader.


Nicolas

[Qemu-devel] [PATCH 38/40] target-alpha: Don't issue goto_tb under singlestep

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index c5f2a8d..d5de9bc 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -426,7 +426,8 @@ static bool in_superpage(DisasContext *ctx, int64_t addr)
 static bool use_goto_tb(DisasContext *ctx, uint64_t dest)
 {
 /* Suppress goto_tb in the case of single-steping and IO.  */
-if (ctx->singlestep_enabled || (ctx->tb->cflags & CF_LAST_IO)) {
+if ((ctx->tb->cflags & CF_LAST_IO)
+|| ctx->singlestep_enabled || singlestep) {
 return false;
 }
 /* If the destination is in the superpage, the page perms can't change.  */
-- 
1.9.0

[Qemu-devel] [PATCH 33/40] target-alpha: Convert gen_fcvtlq/ql to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/fpu_helper.c |  7 +
 target-alpha/helper.h |  1 +
 target-alpha/translate.c  | 78 +--
 3 files changed, 36 insertions(+), 50 deletions(-)

diff --git a/target-alpha/fpu_helper.c b/target-alpha/fpu_helper.c
index fad3575..ee73155 100644
--- a/target-alpha/fpu_helper.c
+++ b/target-alpha/fpu_helper.c
@@ -820,3 +820,10 @@ uint64_t helper_cvtqg(CPUAlphaState *env, uint64_t a)
 fr = int64_to_float64(a, &FP_STATUS);
 return float64_to_g(fr);
 }
+
+void helper_fcvtql_v_input(CPUAlphaState *env, uint64_t val)
+{
+if (val != (int32_t)val) {
+arith_excp(env, GETPC(), EXC_M_IOV, 0);
+}
+}
diff --git a/target-alpha/helper.h b/target-alpha/helper.h
index 4f127c4..2389e96 100644
--- a/target-alpha/helper.h
+++ b/target-alpha/helper.h
@@ -96,6 +96,7 @@ DEF_HELPER_FLAGS_3(fp_exc_raise_s, TCG_CALL_NO_WG, void, env, 
i32, i32)
 
 DEF_HELPER_FLAGS_2(ieee_input, TCG_CALL_NO_WG, void, env, i64)
 DEF_HELPER_FLAGS_2(ieee_input_cmp, TCG_CALL_NO_WG, void, env, i64)
+DEF_HELPER_FLAGS_2(fcvtql_v_input, TCG_CALL_NO_WG, void, env, i64)
 
 #if !defined (CONFIG_USER_ONLY)
 DEF_HELPER_2(hw_ret, void, env, i64)
diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 7515ed3..59ae23d 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -716,61 +716,32 @@ static inline void gen_fp_exc_raise(int rc, int fn11)
 gen_fp_exc_raise_ignore(rc, fn11, fn11 & QUAL_I ? 0 : float_flag_inexact);
 }
 
-static void gen_fcvtlq(int rb, int rc)
+static void gen_fcvtlq(TCGv vc, TCGv vb)
 {
-if (unlikely(rc == 31)) {
-return;
-}
-if (unlikely(rb == 31)) {
-tcg_gen_movi_i64(cpu_fir[rc], 0);
-} else {
-TCGv tmp = tcg_temp_new();
-
-/* The arithmetic right shift here, plus the sign-extended mask below
-   yields a sign-extended result without an explicit ext32s_i64.  */
-tcg_gen_sari_i64(tmp, cpu_fir[rb], 32);
-tcg_gen_shri_i64(cpu_fir[rc], cpu_fir[rb], 29);
-tcg_gen_andi_i64(tmp, tmp, (int32_t)0xc000);
-tcg_gen_andi_i64(cpu_fir[rc], cpu_fir[rc], 0x3fff);
-tcg_gen_or_i64(cpu_fir[rc], cpu_fir[rc], tmp);
-
-tcg_temp_free(tmp);
-}
-}
-
-static void gen_fcvtql(int rb, int rc)
-{
-if (unlikely(rc == 31)) {
-return;
-}
-if (unlikely(rb == 31)) {
-tcg_gen_movi_i64(cpu_fir[rc], 0);
-} else {
-TCGv tmp = tcg_temp_new();
+TCGv tmp = tcg_temp_new();
 
-tcg_gen_andi_i64(tmp, cpu_fir[rb], 0xC000);
-tcg_gen_andi_i64(cpu_fir[rc], cpu_fir[rb], 0x3FFF);
-tcg_gen_shli_i64(tmp, tmp, 32);
-tcg_gen_shli_i64(cpu_fir[rc], cpu_fir[rc], 29);
-tcg_gen_or_i64(cpu_fir[rc], cpu_fir[rc], tmp);
+/* The arithmetic right shift here, plus the sign-extended mask below
+   yields a sign-extended result without an explicit ext32s_i64.  */
+tcg_gen_sari_i64(tmp, vb, 32);
+tcg_gen_shri_i64(vc, vb, 29);
+tcg_gen_andi_i64(tmp, tmp, (int32_t)0xc000);
+tcg_gen_andi_i64(vc, vc, 0x3fff);
+tcg_gen_or_i64(vc, vc, tmp);
 
-tcg_temp_free(tmp);
-}
+tcg_temp_free(tmp);
 }
 
-static void gen_fcvtql_v(DisasContext *ctx, int rb, int rc)
+static void gen_fcvtql(TCGv vc, TCGv vb)
 {
-if (rb != 31) {
-int lab = gen_new_label();
-TCGv tmp = tcg_temp_new();
+TCGv tmp = tcg_temp_new();
 
-tcg_gen_ext32s_i64(tmp, cpu_fir[rb]);
-tcg_gen_brcond_i64(TCG_COND_EQ, tmp, cpu_fir[rb], lab);
-gen_excp(ctx, EXCP_ARITH, EXC_M_IOV);
+tcg_gen_andi_i64(tmp, vb, (int32_t)0xc000);
+tcg_gen_andi_i64(vc, vb, 0x3FFF);
+tcg_gen_shli_i64(tmp, tmp, 32);
+tcg_gen_shli_i64(vc, vc, 29);
+tcg_gen_or_i64(vc, vc, tmp);
 
-gen_set_label(lab);
-}
-gen_fcvtql(rb, rc);
+tcg_temp_free(tmp);
 }
 
 static void gen_ieee_arith2(DisasContext *ctx,
@@ -2259,7 +2230,9 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 case 0x010:
 /* CVTLQ */
 REQUIRE_REG_31(ra);
-gen_fcvtlq(rb, rc);
+vc = dest_fpr(ctx, rc);
+vb = load_fpr(ctx, rb);
+gen_fcvtlq(vc, vb);
 break;
 case 0x020:
 /* CPYS */
@@ -2323,7 +2296,9 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 case 0x030:
 /* CVTQL */
 REQUIRE_REG_31(ra);
-gen_fcvtql(rb, rc);
+vc = dest_fpr(ctx, rc);
+vb = load_fpr(ctx, rb);
+gen_fcvtql(vc, vb);
 break;
 case 0x130:
 /* CVTQL/V */
@@ -2333,7 +2308,10 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 /* ??? I'm pretty sure there's nothing that /sv needs to do that
/v doesn't do.  The only thing I can think is that /sv is a
valid instr

[Qemu-devel] [PATCH 28/40] target-alpha: Convert MVIOP2 to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 23 ---
 1 file changed, 4 insertions(+), 19 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index cff79ef..ef04872 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -1258,21 +1258,6 @@ static void gen_msk_l(DisasContext *ctx, TCGv vc, TCGv 
va, int rb, bool islit,
 }
 }
 
-#define MVIOP2(name)\
-static inline void glue(gen_, name)(int rb, int rc) \
-{   \
-if (unlikely(rc == 31)) \
-return; \
-if (unlikely(rb == 31)) \
-tcg_gen_movi_i64(cpu_ir[rc], 0);\
-else\
-gen_helper_ ## name (cpu_ir[rc], cpu_ir[rb]);   \
-}
-MVIOP2(pklb)
-MVIOP2(pkwb)
-MVIOP2(unpkbl)
-MVIOP2(unpkbw)
-
 static void gen_rx(int ra, int set)
 {
 TCGv_i32 tmp;
@@ -2643,25 +2628,25 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 /* UNPKBW */
 REQUIRE_TB_FLAG(TB_FLAGS_AMASK_MVI);
 REQUIRE_REG_31(ra);
-gen_unpkbw(rb, rc);
+gen_helper_unpkbw(vc, vb);
 break;
 case 0x35:
 /* UNPKBL */
 REQUIRE_TB_FLAG(TB_FLAGS_AMASK_MVI);
 REQUIRE_REG_31(ra);
-gen_unpkbl(rb, rc);
+gen_helper_unpkbl(vc, vb);
 break;
 case 0x36:
 /* PKWB */
 REQUIRE_TB_FLAG(TB_FLAGS_AMASK_MVI);
 REQUIRE_REG_31(ra);
-gen_pkwb(rb, rc);
+gen_helper_pkwb(vc, vb);
 break;
 case 0x37:
 /* PKLB */
 REQUIRE_TB_FLAG(TB_FLAGS_AMASK_MVI);
 REQUIRE_REG_31(ra);
-gen_pklb(rb, rc);
+gen_helper_pklb(vc, vb);
 break;
 case 0x38:
 /* MINSB8 */
-- 
1.9.0

[Qemu-devel] [PATCH 27/40] target-alpha: Convert ARITH3 to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 108 +--
 1 file changed, 39 insertions(+), 69 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index bb84d8c..cff79ef 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -1258,43 +1258,6 @@ static void gen_msk_l(DisasContext *ctx, TCGv vc, TCGv 
va, int rb, bool islit,
 }
 }
 
-/* Code to call arith3 helpers */
-#define ARITH3(name)  \
-static inline void glue(gen_, name)(int ra, int rb, int rc, int islit,\
-uint8_t lit)  \
-{ \
-if (unlikely(rc == 31))   \
-return;   \
-  \
-if (ra != 31) {   \
-if (islit) {  \
-TCGv tmp = tcg_const_i64(lit);\
-gen_helper_ ## name(cpu_ir[rc], cpu_ir[ra], tmp); \
-tcg_temp_free(tmp);   \
-} else\
-gen_helper_ ## name (cpu_ir[rc], cpu_ir[ra], cpu_ir[rb]); \
-} else {  \
-TCGv tmp1 = tcg_const_i64(0); \
-if (islit) {  \
-TCGv tmp2 = tcg_const_i64(lit);   \
-gen_helper_ ## name (cpu_ir[rc], tmp1, tmp2); \
-tcg_temp_free(tmp2);  \
-} else\
-gen_helper_ ## name (cpu_ir[rc], tmp1, cpu_ir[rb]);   \
-tcg_temp_free(tmp1);  \
-} \
-}
-ARITH3(cmpbge)
-ARITH3(minub8)
-ARITH3(minsb8)
-ARITH3(minuw4)
-ARITH3(minsw4)
-ARITH3(maxub8)
-ARITH3(maxsb8)
-ARITH3(maxuw4)
-ARITH3(maxsw4)
-ARITH3(perr)
-
 #define MVIOP2(name)\
 static inline void glue(gen_, name)(int rb, int rc) \
 {   \
@@ -1765,7 +1728,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x0F:
 /* CMPBGE */
-gen_cmpbge(ra, rb, rc, islit, lit);
+gen_helper_cmpbge(vc, va, vb);
 break;
 case 0x12:
 /* S8ADDL */
@@ -2619,45 +2582,61 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 
 case 0x1C:
 vc = dest_gpr(ctx, rc);
+if (fn7 == 0x70) {
+/* FTOIT */
+REQUIRE_TB_FLAG(TB_FLAGS_AMASK_FIX);
+REQUIRE_REG_31(rb);
+va = load_fpr(ctx, ra);
+tcg_gen_mov_i64(vc, va);
+break;
+} else if (fn7 == 0x78) {
+/* FTOIS */
+REQUIRE_TB_FLAG(TB_FLAGS_AMASK_FIX);
+REQUIRE_REG_31(rb);
+t32 = tcg_temp_new_i32();
+va = load_fpr(ctx, ra);
+gen_helper_s_to_memory(t32, va);
+tcg_gen_ext_i32_i64(vc, t32);
+tcg_temp_free_i32(t32);
+break;
+}
+
+vb = load_gpr_lit(ctx, rb, lit, islit);
 switch (fn7) {
 case 0x00:
 /* SEXTB */
 REQUIRE_TB_FLAG(TB_FLAGS_AMASK_BWX);
 REQUIRE_REG_31(ra);
-vb = load_gpr_lit(ctx, rb, lit, islit);
 tcg_gen_ext8s_i64(vc, vb);
 break;
 case 0x01:
 /* SEXTW */
 REQUIRE_TB_FLAG(TB_FLAGS_AMASK_BWX);
 REQUIRE_REG_31(ra);
-vb = load_gpr_lit(ctx, rb, lit, islit);
 tcg_gen_ext16s_i64(vc, vb);
 break;
 case 0x30:
 /* CTPOP */
 REQUIRE_TB_FLAG(TB_FLAGS_AMASK_CIX);
 REQUIRE_REG_31(ra);
-vb = load_gpr_lit(ctx, rb, lit, islit);
 gen_helper_ctpop(vc, vb);
 break;
 case 0x31:
 /* PERR */
 REQUIRE_TB_FLAG(TB_FLAGS_AMASK_MVI);
-gen_perr(ra, rb, rc, islit, lit);
+va = load_gpr(ctx, ra);
+gen_helper_perr(vc, va, vb);
 break;
 case 0x32:
 /* CTLZ */
 REQUIRE_TB_FLAG(TB_FLAGS_AMASK_CIX);
 REQUIRE_REG_31(ra);
-vb = load_gpr_lit(ctx, rb, lit, islit);
 gen_helper_ctlz(vc, vb);
 break;
 case 0x33:
 /* CTTZ */
 REQUIRE_TB_FLAG(TB_FLAGS_AMASK_CIX

[Qemu-devel] [PATCH 32/40] target-alpha: Convert gen_fcmov to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 44 ++--
 1 file changed, 14 insertions(+), 30 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 31136f9..7515ed3 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -547,34 +547,18 @@ static ExitStatus gen_fbcond(DisasContext *ctx, TCGCond 
cond, int ra,
 return gen_bcond_internal(ctx, cond, cmp_tmp, disp);
 }
 
-static void gen_fcmov(TCGCond cond, int ra, int rb, int rc)
+static void gen_fcmov(DisasContext *ctx, TCGCond cond, int ra, int rb, int rc)
 {
-TCGv_i64 c1, z, v1;
+TCGv_i64 va, vb, z;
 
-if (unlikely(rc == 31)) {
-return;
-}
-
-c1 = tcg_temp_new_i64();
-if (unlikely(ra == 31)) {
-tcg_gen_movi_i64(c1, 0);
-} else {
-gen_fold_mzero(cond, c1, cpu_fir[ra]);
-}
-if (rb == 31) {
-v1 = tcg_const_i64(0);
-} else {
-v1 = cpu_fir[rb];
-}
-z = tcg_const_i64(0);
+z = load_zero(ctx);
+vb = load_fpr(ctx, rb);
+va = tcg_temp_new();
+gen_fold_mzero(cond, va, load_fpr(ctx, ra));
 
-tcg_gen_movcond_i64(cond, cpu_fir[rc], c1, z, v1, cpu_fir[rc]);
+tcg_gen_movcond_i64(cond, dest_fpr(ctx, rc), va, z, vb, load_fpr(ctx, rc));
 
-tcg_temp_free_i64(z);
-tcg_temp_free_i64(c1);
-if (rb == 31) {
-tcg_temp_free_i64(v1);
-}
+tcg_temp_free(va);
 }
 
 #define QUAL_RM_N   0x080   /* Round mode nearest even */
@@ -2314,27 +2298,27 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x02A:
 /* FCMOVEQ */
-gen_fcmov(TCG_COND_EQ, ra, rb, rc);
+gen_fcmov(ctx, TCG_COND_EQ, ra, rb, rc);
 break;
 case 0x02B:
 /* FCMOVNE */
-gen_fcmov(TCG_COND_NE, ra, rb, rc);
+gen_fcmov(ctx, TCG_COND_NE, ra, rb, rc);
 break;
 case 0x02C:
 /* FCMOVLT */
-gen_fcmov(TCG_COND_LT, ra, rb, rc);
+gen_fcmov(ctx, TCG_COND_LT, ra, rb, rc);
 break;
 case 0x02D:
 /* FCMOVGE */
-gen_fcmov(TCG_COND_GE, ra, rb, rc);
+gen_fcmov(ctx, TCG_COND_GE, ra, rb, rc);
 break;
 case 0x02E:
 /* FCMOVLE */
-gen_fcmov(TCG_COND_LE, ra, rb, rc);
+gen_fcmov(ctx, TCG_COND_LE, ra, rb, rc);
 break;
 case 0x02F:
 /* FCMOVGT */
-gen_fcmov(TCG_COND_GT, ra, rb, rc);
+gen_fcmov(ctx, TCG_COND_GT, ra, rb, rc);
 break;
 case 0x030:
 /* CVTQL */
-- 
1.9.0

[Qemu-devel] [PATCH 26/40] target-alpha: Convert FARITH3 to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 65 +---
 1 file changed, 12 insertions(+), 53 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 858deb3..bb84d8c 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -995,48 +995,6 @@ static inline void gen_fcpyse(int ra, int rb, int rc)
 gen_cpys_internal(ra, rb, rc, 0, 0xFFF0ULL);
 }
 
-#define FARITH3(name)   \
-static inline void glue(gen_f, name)(int ra, int rb, int rc)\
-{   \
-TCGv va, vb;\
-\
-if (unlikely(rc == 31)) {   \
-return; \
-}   \
-if (ra == 31) { \
-va = tcg_const_i64(0);  \
-} else {\
-va = cpu_fir[ra];   \
-}   \
-if (rb == 31) { \
-vb = tcg_const_i64(0);  \
-} else {\
-vb = cpu_fir[rb];   \
-}   \
-\
-gen_helper_ ## name(cpu_fir[rc], cpu_env, va, vb);  \
-\
-if (ra == 31) { \
-tcg_temp_free(va);  \
-}   \
-if (rb == 31) { \
-tcg_temp_free(vb);  \
-}   \
-}
-
-/* ??? VAX instruction qualifiers ignored.  */
-FARITH3(addf)
-FARITH3(subf)
-FARITH3(mulf)
-FARITH3(divf)
-FARITH3(addg)
-FARITH3(subg)
-FARITH3(mulg)
-FARITH3(divg)
-FARITH3(cmpgeq)
-FARITH3(cmpglt)
-FARITH3(cmpgle)
-
 static void gen_ieee_arith3(DisasContext *ctx,
 void (*helper)(TCGv, TCGv_ptr, TCGv, TCGv),
 int ra, int rb, int rc, int fn11)
@@ -2257,22 +2215,23 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 /* XXX: rounding mode and trap are ignored (!) */
 vc = dest_fpr(ctx, rc);
 vb = load_fpr(ctx, rb);
+va = load_fpr(ctx, ra);
 switch (fpfn) { /* fn11 & 0x3F */
 case 0x00:
 /* ADDF */
-gen_faddf(ra, rb, rc);
+gen_helper_addf(vc, cpu_env, va, vb);
 break;
 case 0x01:
 /* SUBF */
-gen_fsubf(ra, rb, rc);
+gen_helper_subf(vc, cpu_env, va, vb);
 break;
 case 0x02:
 /* MULF */
-gen_fmulf(ra, rb, rc);
+gen_helper_mulf(vc, cpu_env, va, vb);
 break;
 case 0x03:
 /* DIVF */
-gen_fdivf(ra, rb, rc);
+gen_helper_divf(vc, cpu_env, va, vb);
 break;
 case 0x1E:
 /* CVTDG -- TODO */
@@ -2280,31 +2239,31 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 goto invalid_opc;
 case 0x20:
 /* ADDG */
-gen_faddg(ra, rb, rc);
+gen_helper_addg(vc, cpu_env, va, vb);
 break;
 case 0x21:
 /* SUBG */
-gen_fsubg(ra, rb, rc);
+gen_helper_subg(vc, cpu_env, va, vb);
 break;
 case 0x22:
 /* MULG */
-gen_fmulg(ra, rb, rc);
+gen_helper_mulg(vc, cpu_env, va, vb);
 break;
 case 0x23:
 /* DIVG */
-gen_fdivg(ra, rb, rc);
+gen_helper_divg(vc, cpu_env, va, vb);
 break;
 case 0x25:
 /* CMPGEQ */
-gen_fcmpgeq(ra, rb, rc);
+gen_helper_cmpgeq(vc, cpu_env, va, vb);
 break;
 case 0x26:
 /* CMPGLT */
-gen_fcmpglt(ra, rb, rc);
+gen_helper_cmpglt(vc, cpu_env, va, vb);
 break;
 case 0x27:
 /* CMPGLE */
-gen_fcmpgle(ra, rb, rc);
+gen_h

[Qemu-devel] [PATCH 30/40] target-alpha: Convert most ieee insns to source/sink

[Richard Henderson]

This one fixes a bug, previously noted as supressing exceptions
in the (unlikely) case the destination register was $f31.

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 69 
 1 file changed, 17 insertions(+), 52 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index f6ebf54..ec5b523 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -807,18 +807,12 @@ static void gen_ieee_arith2(DisasContext *ctx,
 {
 TCGv vb;
 
-/* ??? This is wrong: the instruction is not a nop, it still may
-   raise exceptions.  */
-if (unlikely(rc == 31)) {
-return;
-}
-
 gen_qual_roundmode(ctx, fn11);
 gen_qual_flushzero(ctx, fn11);
 gen_fp_exc_clear();
 
 vb = gen_ieee_input(ctx, rb, fn11, 0);
-helper(cpu_fir[rc], cpu_env, vb);
+helper(dest_fpr(ctx, rc), cpu_env, vb);
 
 gen_fp_exc_raise(rc, fn11);
 }
@@ -836,35 +830,30 @@ IEEE_ARITH2(cvtts)
 
 static void gen_fcvttq(DisasContext *ctx, int rb, int rc, int fn11)
 {
-TCGv vb;
+TCGv vb, vc;
 int ignore = 0;
 
-/* ??? This is wrong: the instruction is not a nop, it still may
-   raise exceptions.  */
-if (unlikely(rc == 31)) {
-return;
-}
-
 /* No need to set flushzero, since we have an integer output.  */
 gen_fp_exc_clear();
 vb = gen_ieee_input(ctx, rb, fn11, 0);
+vc = dest_fpr(ctx, rc);
 
 /* Almost all integer conversions use cropped rounding, and most
also do not have integer overflow enabled.  Special case that.  */
 switch (fn11) {
 case QUAL_RM_C:
-gen_helper_cvttq_c(cpu_fir[rc], cpu_env, vb);
+gen_helper_cvttq_c(vc, cpu_env, vb);
 break;
 case QUAL_V | QUAL_RM_C:
 case QUAL_S | QUAL_V | QUAL_RM_C:
 ignore = float_flag_inexact;
 /* FALLTHRU */
 case QUAL_S | QUAL_V | QUAL_I | QUAL_RM_C:
-gen_helper_cvttq_svic(cpu_fir[rc], cpu_env, vb);
+gen_helper_cvttq_svic(vc, cpu_env, vb);
 break;
 default:
 gen_qual_roundmode(ctx, fn11);
-gen_helper_cvttq(cpu_fir[rc], cpu_env, vb);
+gen_helper_cvttq(vc, cpu_env, vb);
 ignore |= (fn11 & QUAL_V ? 0 : float_flag_overflow);
 ignore |= (fn11 & QUAL_I ? 0 : float_flag_inexact);
 break;
@@ -877,35 +866,21 @@ static void gen_ieee_intcvt(DisasContext *ctx,
 void (*helper)(TCGv, TCGv_ptr, TCGv),
int rb, int rc, int fn11)
 {
-TCGv vb;
-
-/* ??? This is wrong: the instruction is not a nop, it still may
-   raise exceptions.  */
-if (unlikely(rc == 31)) {
-return;
-}
+TCGv vb, vc;
 
 gen_qual_roundmode(ctx, fn11);
-
-if (rb == 31) {
-vb = tcg_const_i64(0);
-} else {
-vb = cpu_fir[rb];
-}
+vb = load_fpr(ctx, rb);
+vc = dest_fpr(ctx, rc);
 
 /* The only exception that can be raised by integer conversion
is inexact.  Thus we only need to worry about exceptions when
inexact handling is requested.  */
 if (fn11 & QUAL_I) {
 gen_fp_exc_clear();
-helper(cpu_fir[rc], cpu_env, vb);
+helper(vc, cpu_env, vb);
 gen_fp_exc_raise(rc, fn11);
 } else {
-helper(cpu_fir[rc], cpu_env, vb);
-}
-
-if (rb == 31) {
-tcg_temp_free(vb);
+helper(vc, cpu_env, vb);
 }
 }
 
@@ -997,13 +972,7 @@ static void gen_ieee_arith3(DisasContext *ctx,
 void (*helper)(TCGv, TCGv_ptr, TCGv, TCGv),
 int ra, int rb, int rc, int fn11)
 {
-TCGv va, vb;
-
-/* ??? This is wrong: the instruction is not a nop, it still may
-   raise exceptions.  */
-if (unlikely(rc == 31)) {
-return;
-}
+TCGv va, vb, vc;
 
 gen_qual_roundmode(ctx, fn11);
 gen_qual_flushzero(ctx, fn11);
@@ -1011,7 +980,8 @@ static void gen_ieee_arith3(DisasContext *ctx,
 
 va = gen_ieee_input(ctx, ra, fn11, 0);
 vb = gen_ieee_input(ctx, rb, fn11, 0);
-helper(cpu_fir[rc], cpu_env, va, vb);
+vc = dest_fpr(ctx, rc);
+helper(vc, cpu_env, va, vb);
 
 gen_fp_exc_raise(rc, fn11);
 }
@@ -1035,19 +1005,14 @@ static void gen_ieee_compare(DisasContext *ctx,
  void (*helper)(TCGv, TCGv_ptr, TCGv, TCGv),
  int ra, int rb, int rc, int fn11)
 {
-TCGv va, vb;
-
-/* ??? This is wrong: the instruction is not a nop, it still may
-   raise exceptions.  */
-if (unlikely(rc == 31)) {
-return;
-}
+TCGv va, vb, vc;
 
 gen_fp_exc_clear();
 
 va = gen_ieee_input(ctx, ra, fn11, 1);
 vb = gen_ieee_input(ctx, rb, fn11, 1);
-helper(cpu_fir[rc], cpu_env, va, vb);
+vc = dest_fpr(ctx, rc);
+helper(vc, cpu_env, va, vb);
 
 gen_fp_exc_raise(rc, fn11);
 }
-- 
1.9.0

[Qemu-devel] [PATCH 18/40] target-alpha: Convert gen_cmp to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 40 +---
 1 file changed, 5 insertions(+), 35 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 289a703..026372d 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -1509,36 +1509,6 @@ MVIOP2(pkwb)
 MVIOP2(unpkbl)
 MVIOP2(unpkbw)
 
-static void gen_cmp(TCGCond cond, int ra, int rb, int rc,
-int islit, uint8_t lit)
-{
-TCGv va, vb;
-
-if (unlikely(rc == 31)) {
-return;
-}
-
-if (ra == 31) {
-va = tcg_const_i64(0);
-} else {
-va = cpu_ir[ra];
-}
-if (islit) {
-vb = tcg_const_i64(lit);
-} else {
-vb = cpu_ir[rb];
-}
-
-tcg_gen_setcond_i64(cond, cpu_ir[rc], va, vb);
-
-if (ra == 31) {
-tcg_temp_free(va);
-}
-if (islit) {
-tcg_temp_free(vb);
-}
-}
-
 static void gen_rx(int ra, int set)
 {
 TCGv_i32 tmp;
@@ -2014,7 +1984,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x1D:
 /* CMPULT */
-gen_cmp(TCG_COND_LTU, ra, rb, rc, islit, lit);
+tcg_gen_setcond_i64(TCG_COND_LTU, vc, va, vb);
 break;
 case 0x20:
 /* ADDQ */
@@ -2040,7 +2010,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x2D:
 /* CMPEQ */
-gen_cmp(TCG_COND_EQ, ra, rb, rc, islit, lit);
+tcg_gen_setcond_i64(TCG_COND_EQ, vc, va, vb);
 break;
 case 0x32:
 /* S8ADDQ */
@@ -2058,7 +2028,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x3D:
 /* CMPULE */
-gen_cmp(TCG_COND_LEU, ra, rb, rc, islit, lit);
+tcg_gen_setcond_i64(TCG_COND_LEU, vc, va, vb);
 break;
 case 0x40:
 /* ADDL/V */
@@ -2070,7 +2040,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x4D:
 /* CMPLT */
-gen_cmp(TCG_COND_LT, ra, rb, rc, islit, lit);
+tcg_gen_setcond_i64(TCG_COND_LT, vc, va, vb);
 break;
 case 0x60:
 /* ADDQ/V */
@@ -2082,7 +2052,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x6D:
 /* CMPLE */
-gen_cmp(TCG_COND_LE, ra, rb, rc, islit, lit);
+tcg_gen_setcond_i64(TCG_COND_LE, vc, va, vb);
 break;
 default:
 goto invalid_opc;
-- 
1.9.0

[Qemu-devel] [PATCH 25/40] target-alpha: Convert FARITH2 to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 43 +++
 1 file changed, 11 insertions(+), 32 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index cdece84..858deb3 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -801,29 +801,6 @@ static void gen_fcvtql_v(DisasContext *ctx, int rb, int rc)
 gen_fcvtql(rb, rc);
 }
 
-#define FARITH2(name)   \
-static inline void glue(gen_f, name)(int rb, int rc)\
-{   \
-if (unlikely(rc == 31)) {   \
-return; \
-}   \
-if (rb != 31) { \
-gen_helper_ ## name(cpu_fir[rc], cpu_env, cpu_fir[rb]); \
-} else {\
-TCGv tmp = tcg_const_i64(0);\
-gen_helper_ ## name(cpu_fir[rc], cpu_env, tmp); \
-tcg_temp_free(tmp); \
-}   \
-}
-
-/* ??? VAX instruction qualifiers ignored.  */
-FARITH2(sqrtf)
-FARITH2(sqrtg)
-FARITH2(cvtgf)
-FARITH2(cvtgq)
-FARITH2(cvtqf)
-FARITH2(cvtqg)
-
 static void gen_ieee_arith2(DisasContext *ctx,
 void (*helper)(TCGv, TCGv_ptr, TCGv),
 int rb, int rc, int fn11)
@@ -,13 +2199,13 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 
 case 0x14:
 REQUIRE_TB_FLAG(TB_FLAGS_AMASK_FIX);
+vc = dest_fpr(ctx, rc);
 switch (fpfn) { /* fn11 & 0x3F */
 case 0x04:
 /* ITOFS */
 REQUIRE_REG_31(rb);
 t32 = tcg_temp_new_i32();
 va = load_gpr(ctx, ra);
-vc = dest_fpr(ctx, rc);
 tcg_gen_trunc_i64_i32(t32, va);
 gen_helper_memory_to_s(vc, t32);
 tcg_temp_free_i32(t32);
@@ -2236,7 +2213,8 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 case 0x0A:
 /* SQRTF */
 REQUIRE_REG_31(ra);
-gen_fsqrtf(rb, rc);
+vb = load_fpr(ctx, rb);
+gen_helper_sqrtf(vc, cpu_env, vb);
 break;
 case 0x0B:
 /* SQRTS */
@@ -2248,7 +2226,6 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 REQUIRE_REG_31(rb);
 t32 = tcg_temp_new_i32();
 va = load_gpr(ctx, ra);
-vc = dest_fpr(ctx, rc);
 tcg_gen_trunc_i64_i32(t32, va);
 gen_helper_memory_to_f(vc, t32);
 tcg_temp_free_i32(t32);
@@ -2257,13 +2234,13 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 /* ITOFT */
 REQUIRE_REG_31(rb);
 va = load_gpr(ctx, ra);
-vc = dest_fpr(ctx, rc);
 tcg_gen_mov_i64(vc, va);
 break;
 case 0x2A:
 /* SQRTG */
 REQUIRE_REG_31(ra);
-gen_fsqrtg(rb, rc);
+vb = load_fpr(ctx, rb);
+gen_helper_sqrtg(vc, cpu_env, vb);
 break;
 case 0x02B:
 /* SQRTT */
@@ -2278,6 +2255,8 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 case 0x15:
 /* VAX floating point */
 /* XXX: rounding mode and trap are ignored (!) */
+vc = dest_fpr(ctx, rc);
+vb = load_fpr(ctx, rb);
 switch (fpfn) { /* fn11 & 0x3F */
 case 0x00:
 /* ADDF */
@@ -2330,7 +2309,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 case 0x2C:
 /* CVTGF */
 REQUIRE_REG_31(ra);
-gen_fcvtgf(rb, rc);
+gen_helper_cvtgf(vc, cpu_env, vb);
 break;
 case 0x2D:
 /* CVTGD -- TODO */
@@ -2339,17 +2318,17 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 case 0x2F:
 /* CVTGQ */
 REQUIRE_REG_31(ra);
-gen_fcvtgq(rb, rc);
+gen_helper_cvtgq(vc, cpu_env, vb);
 break;
 case 0x3C:
 /* CVTQF */
 REQUIRE_REG_31(ra);
-gen_fcvtqf(rb, rc);
+gen_helper_cvtqf(vc, cpu_env, vb);
 break;
 case 0x3E:
 /* CVTQG */
 REQUIRE_REG_31(ra);
-gen_fcvtqg(rb, rc);
+gen_helper_cvtqg(vc, cpu_env, vb);
 break;
 default:
 goto invalid_opc;
-- 
1.9.0

[Qemu-devel] [PATCH 20/40] target-alpha: Convert gen_cmov to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 66 
 1 file changed, 22 insertions(+), 44 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 0fbb1f2..23fb551 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -559,42 +559,6 @@ static ExitStatus gen_fbcond(DisasContext *ctx, TCGCond 
cond, int ra,
 return gen_bcond_internal(ctx, cond, cmp_tmp, disp);
 }
 
-static void gen_cmov(TCGCond cond, int ra, int rb, int rc,
- int islit, uint8_t lit, int mask)
-{
-TCGv_i64 c1, z, v1;
-
-if (unlikely(rc == 31)) {
-return;
-}
-
-if (ra == 31) {
-/* Very uncommon case - Do not bother to optimize.  */
-c1 = tcg_const_i64(0);
-} else if (mask) {
-c1 = tcg_const_i64(1);
-tcg_gen_and_i64(c1, c1, cpu_ir[ra]);
-} else {
-c1 = cpu_ir[ra];
-}
-if (islit) {
-v1 = tcg_const_i64(lit);
-} else {
-v1 = cpu_ir[rb];
-}
-z = tcg_const_i64(0);
-
-tcg_gen_movcond_i64(cond, cpu_ir[rc], c1, z, v1, cpu_ir[rc]);
-
-tcg_temp_free_i64(z);
-if (ra == 31 || mask) {
-tcg_temp_free_i64(c1);
-}
-if (islit) {
-tcg_temp_free_i64(v1);
-}
-}
-
 static void gen_fcmov(TCGCond cond, int ra, int rb, int rc)
 {
 TCGv_i64 c1, z, v1;
@@ -2061,11 +2025,19 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x14:
 /* CMOVLBS */
-gen_cmov(TCG_COND_NE, ra, rb, rc, islit, lit, 1);
+tmp = tcg_temp_new();
+tcg_gen_andi_i64(tmp, va, 1);
+tcg_gen_movcond_i64(TCG_COND_NE, vc, tmp, load_zero(ctx),
+vb, load_gpr(ctx, rc));
+tcg_temp_free(tmp);
 break;
 case 0x16:
 /* CMOVLBC */
-gen_cmov(TCG_COND_EQ, ra, rb, rc, islit, lit, 1);
+tmp = tcg_temp_new();
+tcg_gen_andi_i64(tmp, va, 1);
+tcg_gen_movcond_i64(TCG_COND_EQ, vc, tmp, load_zero(ctx),
+vb, load_gpr(ctx, rc));
+tcg_temp_free(tmp);
 break;
 case 0x20:
 /* BIS */
@@ -2073,11 +2045,13 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x24:
 /* CMOVEQ */
-gen_cmov(TCG_COND_EQ, ra, rb, rc, islit, lit, 0);
+tcg_gen_movcond_i64(TCG_COND_EQ, vc, va, load_zero(ctx),
+vb, load_gpr(ctx, rc));
 break;
 case 0x26:
 /* CMOVNE */
-gen_cmov(TCG_COND_NE, ra, rb, rc, islit, lit, 0);
+tcg_gen_movcond_i64(TCG_COND_NE, vc, va, load_zero(ctx),
+vb, load_gpr(ctx, rc));
 break;
 case 0x28:
 /* ORNOT */
@@ -2089,11 +2063,13 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x44:
 /* CMOVLT */
-gen_cmov(TCG_COND_LT, ra, rb, rc, islit, lit, 0);
+tcg_gen_movcond_i64(TCG_COND_LT, vc, va, load_zero(ctx),
+vb, load_gpr(ctx, rc));
 break;
 case 0x46:
 /* CMOVGE */
-gen_cmov(TCG_COND_GE, ra, rb, rc, islit, lit, 0);
+tcg_gen_movcond_i64(TCG_COND_GE, vc, va, load_zero(ctx),
+vb, load_gpr(ctx, rc));
 break;
 case 0x48:
 /* EQV */
@@ -2109,11 +2085,13 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x64:
 /* CMOVLE */
-gen_cmov(TCG_COND_LE, ra, rb, rc, islit, lit, 0);
+tcg_gen_movcond_i64(TCG_COND_LE, vc, va, load_zero(ctx),
+vb, load_gpr(ctx, rc));
 break;
 case 0x66:
 /* CMOVGT */
-gen_cmov(TCG_COND_GT, ra, rb, rc, islit, lit, 0);
+tcg_gen_movcond_i64(TCG_COND_GT, vc, va, load_zero(ctx),
+vb, load_gpr(ctx, rc));
 break;
 case 0x6C:
 /* IMPLVER */
-- 
1.9.0

[Qemu-devel] [PATCH 23/40] target-alpha: Convert gen_ins_h/l to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 111 +--
 1 file changed, 50 insertions(+), 61 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index c606183..5e52674 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -1235,75 +1235,64 @@ static void gen_ext_l(DisasContext *ctx, TCGv vc, TCGv 
va, int rb, bool islit,
 }
 
 /* INSWH, INSLH, INSQH */
-static void gen_ins_h(int ra, int rb, int rc, int islit,
+static void gen_ins_h(DisasContext *ctx, TCGv vc, TCGv va, int rb, bool islit,
   uint8_t lit, uint8_t byte_mask)
 {
-if (unlikely(rc == 31)) {
-return;
-} else if (unlikely(ra == 31) || (islit && (lit & 7) == 0)) {
-tcg_gen_movi_i64(cpu_ir[rc], 0);
-} else {
-TCGv tmp = tcg_temp_new();
+TCGv tmp = tcg_temp_new();
 
-/* The instruction description has us left-shift the byte mask
-   and extract bits <15:8> and apply that zap at the end.  This
-   is equivalent to simply performing the zap first and shifting
-   afterward.  */
-gen_zapnoti (tmp, cpu_ir[ra], byte_mask);
+/* The instruction description has us left-shift the byte mask and extract
+   bits <15:8> and apply that zap at the end.  This is equivalent to simply
+   performing the zap first and shifting afterward.  */
+gen_zapnoti(tmp, va, byte_mask);
 
-if (islit) {
-/* Note that we have handled the lit==0 case above.  */
-tcg_gen_shri_i64 (cpu_ir[rc], tmp, 64 - (lit & 7) * 8);
+if (islit) {
+lit &= 7;
+if (unlikely(lit == 0)) {
+tcg_gen_movi_i64(vc, 0);
 } else {
-TCGv shift = tcg_temp_new();
-
-/* If (B & 7) == 0, we need to shift by 64 and leave a zero.
-   Do this portably by splitting the shift into two parts:
-   shift_count-1 and 1.  Arrange for the -1 by using
-   ones-complement instead of twos-complement in the negation:
-   ~((B & 7) * 8) & 63.  */
-
-tcg_gen_andi_i64(shift, cpu_ir[rb], 7);
-tcg_gen_shli_i64(shift, shift, 3);
-tcg_gen_not_i64(shift, shift);
-tcg_gen_andi_i64(shift, shift, 0x3f);
-
-tcg_gen_shr_i64(cpu_ir[rc], tmp, shift);
-tcg_gen_shri_i64(cpu_ir[rc], cpu_ir[rc], 1);
-tcg_temp_free(shift);
+tcg_gen_shri_i64(vc, tmp, 64 - lit * 8);
 }
-tcg_temp_free(tmp);
+} else {
+TCGv shift = tcg_temp_new();
+
+/* If (B & 7) == 0, we need to shift by 64 and leave a zero.  Do this
+   portably by splitting the shift into two parts: shift_count-1 and 1.
+   Arrange for the -1 by using ones-complement instead of
+   twos-complement in the negation: ~(B * 8) & 63.  */
+
+tcg_gen_shli_i64(shift, load_gpr(ctx, rb), 3);
+tcg_gen_not_i64(shift, shift);
+tcg_gen_andi_i64(shift, shift, 0x3f);
+
+tcg_gen_shr_i64(vc, tmp, shift);
+tcg_gen_shri_i64(vc, vc, 1);
+tcg_temp_free(shift);
 }
+tcg_temp_free(tmp);
 }
 
 /* INSBL, INSWL, INSLL, INSQL */
-static void gen_ins_l(int ra, int rb, int rc, int islit,
+static void gen_ins_l(DisasContext *ctx, TCGv vc, TCGv va, int rb, bool islit,
   uint8_t lit, uint8_t byte_mask)
 {
-if (unlikely(rc == 31)) {
-return;
-} else if (unlikely(ra == 31)) {
-tcg_gen_movi_i64(cpu_ir[rc], 0);
-} else {
-TCGv tmp = tcg_temp_new();
+TCGv tmp = tcg_temp_new();
 
-/* The instruction description has us left-shift the byte mask
-   the same number of byte slots as the data and apply the zap
-   at the end.  This is equivalent to simply performing the zap
-   first and shifting afterward.  */
-gen_zapnoti (tmp, cpu_ir[ra], byte_mask);
+/* The instruction description has us left-shift the byte mask
+   the same number of byte slots as the data and apply the zap
+   at the end.  This is equivalent to simply performing the zap
+   first and shifting afterward.  */
+gen_zapnoti(tmp, va, byte_mask);
 
-if (islit) {
-tcg_gen_shli_i64(cpu_ir[rc], tmp, (lit & 7) * 8);
-} else {
-TCGv shift = tcg_temp_new();
-tcg_gen_andi_i64(shift, cpu_ir[rb], 7);
-tcg_gen_shli_i64(shift, shift, 3);
-tcg_gen_shl_i64(cpu_ir[rc], tmp, shift);
-tcg_temp_free(shift);
-}
-tcg_temp_free(tmp);
+if (islit) {
+tcg_gen_shli_i64(vc, tmp, (lit & 7) * 8);
+} else {
+TCGv shift = tcg_temp_new();
+tcg_gen_andi_i64(shift, load_gpr(ctx, rb), 7);
+tcg_gen_shli_i64(shift, shift, 3);
+tcg_gen_shl_i64(vc, tmp, shift);
+tcg_temp_free(shift);
 }
+tcg_temp_free(tmp);
 }
 
 /* MSKWH, MSKLH, MSKQH */
@@ -2094,7 +2083,7 @@ 

[Qemu-devel] [PATCH 19/40] target-alpha: Convert ARITH3_EX to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 49 ++--
 1 file changed, 6 insertions(+), 43 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 026372d..0fbb1f2 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -1457,43 +1457,6 @@ ARITH3(maxuw4)
 ARITH3(maxsw4)
 ARITH3(perr)
 
-/* Code to call arith3 helpers */
-#define ARITH3_EX(name) \
-static inline void glue(gen_, name)(int ra, int rb, int rc, \
-int islit, uint8_t lit) \
-{   \
-if (unlikely(rc == 31)) {   \
-return; \
-}   \
-if (ra != 31) { \
-if (islit) {\
-TCGv tmp = tcg_const_i64(lit);  \
-gen_helper_ ## name(cpu_ir[rc], cpu_env,\
-cpu_ir[ra], tmp);   \
-tcg_temp_free(tmp); \
-} else {\
-gen_helper_ ## name(cpu_ir[rc], cpu_env,\
-cpu_ir[ra], cpu_ir[rb]);\
-}   \
-} else {\
-TCGv tmp1 = tcg_const_i64(0);   \
-if (islit) {\
-TCGv tmp2 = tcg_const_i64(lit); \
-gen_helper_ ## name(cpu_ir[rc], cpu_env, tmp1, tmp2);   \
-tcg_temp_free(tmp2);\
-} else {\
-gen_helper_ ## name(cpu_ir[rc], cpu_env, tmp1, cpu_ir[rb]); \
-}   \
-tcg_temp_free(tmp1);\
-}   \
-}
-ARITH3_EX(addlv)
-ARITH3_EX(sublv)
-ARITH3_EX(addqv)
-ARITH3_EX(subqv)
-ARITH3_EX(mullv)
-ARITH3_EX(mulqv)
-
 #define MVIOP2(name)\
 static inline void glue(gen_, name)(int rb, int rc) \
 {   \
@@ -2032,11 +1995,11 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x40:
 /* ADDL/V */
-gen_addlv(ra, rb, rc, islit, lit);
+gen_helper_addlv(vc, cpu_env, va, vb);
 break;
 case 0x49:
 /* SUBL/V */
-gen_sublv(ra, rb, rc, islit, lit);
+gen_helper_sublv(vc, cpu_env, va, vb);
 break;
 case 0x4D:
 /* CMPLT */
@@ -2044,11 +2007,11 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x60:
 /* ADDQ/V */
-gen_addqv(ra, rb, rc, islit, lit);
+gen_helper_addqv(vc, cpu_env, va, vb);
 break;
 case 0x69:
 /* SUBQ/V */
-gen_subqv(ra, rb, rc, islit, lit);
+gen_helper_subqv(vc, cpu_env, va, vb);
 break;
 case 0x6D:
 /* CMPLE */
@@ -2321,11 +2284,11 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x40:
 /* MULL/V */
-gen_mullv(ra, rb, rc, islit, lit);
+gen_helper_mullv(vc, cpu_env, va, vb);
 break;
 case 0x60:
 /* MULQ/V */
-gen_mulqv(ra, rb, rc, islit, lit);
+gen_helper_mulqv(vc, cpu_env, va, vb);
 break;
 default:
 goto invalid_opc;
-- 
1.9.0

[Qemu-devel] [PATCH 17/40] target-alpha: Convert gen_store_conditional to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 6 +-
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index a72f10f..289a703 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -376,11 +376,7 @@ static ExitStatus gen_store_conditional(DisasContext *ctx, 
int ra, int rb,
 addr = tcg_temp_local_new();
 #endif
 
-if (rb != 31) {
-tcg_gen_addi_i64(addr, cpu_ir[rb], disp16);
-} else {
-tcg_gen_movi_i64(addr, disp16);
-}
+tcg_gen_addi_i64(addr, load_gpr(ctx, rb), disp16);
 
 #if defined(CONFIG_USER_ONLY)
 /* ??? This is handled via a complicated version of compare-and-swap
-- 
1.9.0

[Qemu-devel] [PATCH 21/40] target-alpha: Convert gen_msk_h/l to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 47 +++
 1 file changed, 19 insertions(+), 28 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 23fb551..5c6db61 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -1321,15 +1321,11 @@ static void gen_ins_l(int ra, int rb, int rc, int islit,
 }
 
 /* MSKWH, MSKLH, MSKQH */
-static void gen_msk_h(int ra, int rb, int rc, int islit,
+static void gen_msk_h(DisasContext *ctx, TCGv vc, TCGv va, int rb, bool islit,
   uint8_t lit, uint8_t byte_mask)
 {
-if (unlikely(rc == 31)) {
-return;
-} else if (unlikely(ra == 31)) {
-tcg_gen_movi_i64(cpu_ir[rc], 0);
-} else if (islit) {
-gen_zapnoti (cpu_ir[rc], cpu_ir[ra], ~((byte_mask << (lit & 7)) >> 8));
+if (islit) {
+gen_zapnoti(vc, va, ~((byte_mask << (lit & 7)) >> 8));
 } else {
 TCGv shift = tcg_temp_new();
 TCGv mask = tcg_temp_new();
@@ -1341,17 +1337,16 @@ static void gen_msk_h(int ra, int rb, int rc, int islit,
shift of 64 bits in order to generate a zero.  This is done by
splitting the shift into two parts, the variable shift - 1
followed by a constant 1 shift.  The code we expand below is
-   equivalent to ~((B & 7) * 8) & 63.  */
+   equivalent to ~(B * 8) & 63.  */
 
-tcg_gen_andi_i64(shift, cpu_ir[rb], 7);
-tcg_gen_shli_i64(shift, shift, 3);
+tcg_gen_shli_i64(shift, load_gpr(ctx, rb), 3);
 tcg_gen_not_i64(shift, shift);
 tcg_gen_andi_i64(shift, shift, 0x3f);
 tcg_gen_movi_i64(mask, zapnot_mask (byte_mask));
 tcg_gen_shr_i64(mask, mask, shift);
 tcg_gen_shri_i64(mask, mask, 1);
 
-tcg_gen_andc_i64(cpu_ir[rc], cpu_ir[ra], mask);
+tcg_gen_andc_i64(vc, va, mask);
 
 tcg_temp_free(mask);
 tcg_temp_free(shift);
@@ -1359,25 +1354,21 @@ static void gen_msk_h(int ra, int rb, int rc, int islit,
 }
 
 /* MSKBL, MSKWL, MSKLL, MSKQL */
-static void gen_msk_l(int ra, int rb, int rc, int islit,
+static void gen_msk_l(DisasContext *ctx, TCGv vc, TCGv va, int rb, bool islit,
   uint8_t lit, uint8_t byte_mask)
 {
-if (unlikely(rc == 31)) {
-return;
-} else if (unlikely(ra == 31)) {
-tcg_gen_movi_i64(cpu_ir[rc], 0);
-} else if (islit) {
-gen_zapnoti (cpu_ir[rc], cpu_ir[ra], ~(byte_mask << (lit & 7)));
+if (islit) {
+gen_zapnoti(vc, va, ~(byte_mask << (lit & 7)));
 } else {
 TCGv shift = tcg_temp_new();
 TCGv mask = tcg_temp_new();
 
-tcg_gen_andi_i64(shift, cpu_ir[rb], 7);
+tcg_gen_andi_i64(shift, load_gpr(ctx, rb), 7);
 tcg_gen_shli_i64(shift, shift, 3);
-tcg_gen_movi_i64(mask, zapnot_mask (byte_mask));
+tcg_gen_movi_i64(mask, zapnot_mask(byte_mask));
 tcg_gen_shl_i64(mask, mask, shift);
 
-tcg_gen_andc_i64(cpu_ir[rc], cpu_ir[ra], mask);
+tcg_gen_andc_i64(vc, va, mask);
 
 tcg_temp_free(mask);
 tcg_temp_free(shift);
@@ -2109,7 +2100,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 switch (fn7) {
 case 0x02:
 /* MSKBL */
-gen_msk_l(ra, rb, rc, islit, lit, 0x01);
+gen_msk_l(ctx, vc, va, rb, islit, lit, 0x01);
 break;
 case 0x06:
 /* EXTBL */
@@ -2121,7 +2112,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x12:
 /* MSKWL */
-gen_msk_l(ra, rb, rc, islit, lit, 0x03);
+gen_msk_l(ctx, vc, va, rb, islit, lit, 0x03);
 break;
 case 0x16:
 /* EXTWL */
@@ -2133,7 +2124,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x22:
 /* MSKLL */
-gen_msk_l(ra, rb, rc, islit, lit, 0x0f);
+gen_msk_l(ctx, vc, va, rb, islit, lit, 0x0f);
 break;
 case 0x26:
 /* EXTLL */
@@ -2153,7 +2144,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x32:
 /* MSKQL */
-gen_msk_l(ra, rb, rc, islit, lit, 0xff);
+gen_msk_l(ctx, vc, va, rb, islit, lit, 0xff);
 break;
 case 0x34:
 /* SRL */
@@ -2201,7 +2192,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x52:
 /* MSKWH */
-gen_msk_h(ra, rb, rc, islit, lit, 0x03);
+gen_msk_h(ctx, vc, va, rb, islit, lit, 0x03);
 break;
 case 0x57:
 /* INSWH */
@@ -2213,7 +2204,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x62:
 /* MSKLH */
-gen_msk

[Qemu-devel] [PATCH v2] mac99: Added FW_CFG_PPC_BUSFREQ to match CLOCKFREQ and TBFREQ already there

[BALATON Zoltan]

While there, also moved the hard coded value for CLOCKFREQ to a #define.

Signed-off-by: BALATON Zoltan 
---

 v2: Also include mac_oldworld that I missed in the first version and
 fix commit message
 
 hw/ppc/mac_newworld.c | 5 -
 hw/ppc/mac_oldworld.c | 5 -
 include/hw/ppc/ppc.h  | 2 ++
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
index a533ec7..c937ff1 100644
--- a/hw/ppc/mac_newworld.c
+++ b/hw/ppc/mac_newworld.c
@@ -72,6 +72,8 @@
 #define MAX_IDE_BUS 2
 #define CFG_ADDR 0xf510
 #define TBFREQ (100UL * 1000UL * 1000UL)
+#define CLOCKFREQ (266UL * 1000UL * 1000UL)
+#define BUSFREQ (100UL * 1000UL * 1000UL)
 
 /* debug UniNorth */
 //#define DEBUG_UNIN
@@ -469,7 +471,8 @@ static void ppc_core99_init(QEMUMachineInitArgs *args)
 fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_TBFREQ, TBFREQ);
 }
 /* Mac OS X requires a "known good" clock-frequency value; pass it one. */
-fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_CLOCKFREQ, 26600);
+fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_CLOCKFREQ, CLOCKFREQ);
+fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_BUSFREQ, BUSFREQ);
 
 qemu_register_boot_set(fw_cfg_boot_set, fw_cfg);
 }
diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
index 2f27754..5de9223 100644
--- a/hw/ppc/mac_oldworld.c
+++ b/hw/ppc/mac_oldworld.c
@@ -46,6 +46,8 @@
 #define MAX_IDE_BUS 2
 #define CFG_ADDR 0xf510
 #define TBFREQ 1660UL
+#define CLOCKFREQ 26600UL
+#define BUSFREQ 6600UL
 
 static int fw_cfg_boot_set(void *opaque, const char *boot_device)
 {
@@ -337,7 +339,8 @@ static void ppc_heathrow_init(QEMUMachineInitArgs *args)
 fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_TBFREQ, TBFREQ);
 }
 /* Mac OS X requires a "known good" clock-frequency value; pass it one. */
-fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_CLOCKFREQ, 26600);
+fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_CLOCKFREQ, CLOCKFREQ);
+fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_BUSFREQ, BUSFREQ);
 
 qemu_register_boot_set(fw_cfg_boot_set, fw_cfg);
 }
diff --git a/include/hw/ppc/ppc.h b/include/hw/ppc/ppc.h
index d71bd07..7e16e2e 100644
--- a/include/hw/ppc/ppc.h
+++ b/include/hw/ppc/ppc.h
@@ -92,6 +92,8 @@ enum {
 #define FW_CFG_PPC_IS_KVM   (FW_CFG_ARCH_LOCAL + 0x05)
 #define FW_CFG_PPC_KVM_HC   (FW_CFG_ARCH_LOCAL + 0x06)
 #define FW_CFG_PPC_KVM_PID  (FW_CFG_ARCH_LOCAL + 0x07)
+/* OpenBIOS has FW_CFG_PPC_NVRAM_ADDR as +0x08 */
+#define FW_CFG_PPC_BUSFREQ  (FW_CFG_ARCH_LOCAL + 0x09)
 
 #define PPC_SERIAL_MM_BAUDBASE 399193
 
-- 
1.8.1.5

[Qemu-devel] [PATCH 15/40] target-alpha: Convert opcode 0x1F to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 30 ++
 1 file changed, 10 insertions(+), 20 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 3c198eb..519ccf3 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -2992,40 +2992,33 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 #else
 goto invalid_opc;
 #endif
+
 case 0x1F:
 /* HW_ST (PALcode) */
 #ifndef CONFIG_USER_ONLY
 REQUIRE_TB_FLAG(TB_FLAGS_PAL_MODE);
 {
-TCGv addr, val;
-addr = tcg_temp_new();
-if (rb != 31) {
-tcg_gen_addi_i64(addr, cpu_ir[rb], disp12);
-} else {
-tcg_gen_movi_i64(addr, disp12);
-}
-if (ra != 31) {
-val = cpu_ir[ra];
-} else {
-val = tcg_temp_new();
-tcg_gen_movi_i64(val, 0);
-}
+TCGv addr = tcg_temp_new();
+va = load_gpr(ctx, ra);
+vb = load_gpr(ctx, rb);
+
+tcg_gen_addi_i64(addr, vb, disp12);
 switch ((insn >> 12) & 0xF) {
 case 0x0:
 /* Longword physical access */
-gen_helper_stl_phys(cpu_env, addr, val);
+gen_helper_stl_phys(cpu_env, addr, va);
 break;
 case 0x1:
 /* Quadword physical access */
-gen_helper_stq_phys(cpu_env, addr, val);
+gen_helper_stq_phys(cpu_env, addr, va);
 break;
 case 0x2:
 /* Longword physical access with lock */
-gen_helper_stl_c_phys(val, cpu_env, addr, val);
+gen_helper_stl_c_phys(dest_gpr(ctx, ra), cpu_env, addr, va);
 break;
 case 0x3:
 /* Quadword physical access with lock */
-gen_helper_stq_c_phys(val, cpu_env, addr, val);
+gen_helper_stq_c_phys(dest_gpr(ctx, ra), cpu_env, addr, va);
 break;
 case 0x4:
 /* Longword virtual access */
@@ -3064,9 +3057,6 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 /* Invalid */
 goto invalid_opc;
 }
-if (ra == 31) {
-tcg_temp_free(val);
-}
 tcg_temp_free(addr);
 break;
 }
-- 
1.9.0

[Qemu-devel] [PATCH 14/40] target-alpha: Convert opcode 0x1E to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 6664304..3c198eb 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -2962,6 +2962,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 goto invalid_opc;
 }
 break;
+
 case 0x1D:
 /* HW_MTPR (PALcode) */
 #ifndef CONFIG_USER_ONLY
@@ -2970,6 +2971,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 #else
 goto invalid_opc;
 #endif
+
 case 0x1E:
 /* HW_RET (PALcode) */
 #ifndef CONFIG_USER_ONLY
@@ -2978,12 +2980,12 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 /* Pre-EV6 CPUs interpreted this as HW_REI, loading the return
address from EXC_ADDR.  This turns out to be useful for our
emulation PALcode, so continue to accept it.  */
-TCGv tmp = tcg_temp_new();
+tmp = tcg_temp_new();
 tcg_gen_ld_i64(tmp, cpu_env, offsetof(CPUAlphaState, exc_addr));
 gen_helper_hw_ret(cpu_env, tmp);
 tcg_temp_free(tmp);
 } else {
-gen_helper_hw_ret(cpu_env, cpu_ir[rb]);
+gen_helper_hw_ret(cpu_env, load_gpr(ctx, rb));
 }
 ret = EXIT_PC_UPDATED;
 break;
-- 
1.9.0

[Qemu-devel] [PATCH 12/40] target-alpha: Convert opcode 0x1B to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 32 +---
 1 file changed, 13 insertions(+), 19 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index d3fbcb4..3a0cf6f 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -2755,39 +2755,33 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 }
 ret = EXIT_PC_UPDATED;
 break;
+
 case 0x1B:
 /* HW_LD (PALcode) */
 #ifndef CONFIG_USER_ONLY
 REQUIRE_TB_FLAG(TB_FLAGS_PAL_MODE);
 {
-TCGv addr;
-
-if (ra == 31) {
-break;
-}
+TCGv addr = tcg_temp_new();
+vb = load_gpr(ctx, rb);
+va = dest_gpr(ctx, ra);
 
-addr = tcg_temp_new();
-if (rb != 31) {
-tcg_gen_addi_i64(addr, cpu_ir[rb], disp12);
-} else {
-tcg_gen_movi_i64(addr, disp12);
-}
+tcg_gen_addi_i64(addr, vb, disp12);
 switch ((insn >> 12) & 0xF) {
 case 0x0:
 /* Longword physical access (hw_ldl/p) */
-gen_helper_ldl_phys(cpu_ir[ra], cpu_env, addr);
+gen_helper_ldl_phys(va, cpu_env, addr);
 break;
 case 0x1:
 /* Quadword physical access (hw_ldq/p) */
-gen_helper_ldq_phys(cpu_ir[ra], cpu_env, addr);
+gen_helper_ldq_phys(va, cpu_env, addr);
 break;
 case 0x2:
 /* Longword physical access with lock (hw_ldl_l/p) */
-gen_helper_ldl_l_phys(cpu_ir[ra], cpu_env, addr);
+gen_helper_ldl_l_phys(va, cpu_env, addr);
 break;
 case 0x3:
 /* Quadword physical access with lock (hw_ldq_l/p) */
-gen_helper_ldq_l_phys(cpu_ir[ra], cpu_env, addr);
+gen_helper_ldq_l_phys(va, cpu_env, addr);
 break;
 case 0x4:
 /* Longword virtual PTE fetch (hw_ldl/v) */
@@ -2810,11 +2804,11 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 goto invalid_opc;
 case 0xA:
 /* Longword virtual access with protection check (hw_ldl/w) */
-tcg_gen_qemu_ld_i64(cpu_ir[ra], addr, MMU_KERNEL_IDX, MO_LESL);
+tcg_gen_qemu_ld_i64(va, addr, MMU_KERNEL_IDX, MO_LESL);
 break;
 case 0xB:
 /* Quadword virtual access with protection check (hw_ldq/w) */
-tcg_gen_qemu_ld_i64(cpu_ir[ra], addr, MMU_KERNEL_IDX, MO_LEQ);
+tcg_gen_qemu_ld_i64(va, addr, MMU_KERNEL_IDX, MO_LEQ);
 break;
 case 0xC:
 /* Longword virtual access with alt access mode (hw_ldl/a)*/
@@ -2825,12 +2819,12 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 case 0xE:
 /* Longword virtual access with alternate access mode and
protection checks (hw_ldl/wa) */
-tcg_gen_qemu_ld_i64(cpu_ir[ra], addr, MMU_USER_IDX, MO_LESL);
+tcg_gen_qemu_ld_i64(va, addr, MMU_USER_IDX, MO_LESL);
 break;
 case 0xF:
 /* Quadword virtual access with alternate access mode and
protection checks (hw_ldq/wa) */
-tcg_gen_qemu_ld_i64(cpu_ir[ra], addr, MMU_USER_IDX, MO_LEQ);
+tcg_gen_qemu_ld_i64(va, addr, MMU_USER_IDX, MO_LEQ);
 break;
 }
 tcg_temp_free(addr);
-- 
1.9.0

[Qemu-devel] [PATCH 10/40] target-alpha: Convert opcode 0x18 to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 18 +-
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index e783e80..3340916 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -2677,6 +2677,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 goto invalid_opc;
 }
 break;
+
 case 0x18:
 switch ((uint16_t)disp16) {
 case 0x:
@@ -2705,15 +2706,14 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0xC000:
 /* RPCC */
-if (ra != 31) {
-if (use_icount) {
-gen_io_start();
-gen_helper_load_pcc(cpu_ir[ra], cpu_env);
-gen_io_end();
-ret = EXIT_PC_STALE;
-} else {
-gen_helper_load_pcc(cpu_ir[ra], cpu_env);
-}
+va = dest_gpr(ctx, ra);
+if (use_icount) {
+gen_io_start();
+gen_helper_load_pcc(va, cpu_env);
+gen_io_end();
+ret = EXIT_PC_STALE;
+} else {
+gen_helper_load_pcc(va, cpu_env);
 }
 break;
 case 0xE000:
-- 
1.9.0

[Qemu-devel] [PATCH 01/40] target-alpha: fix the braces

[Richard Henderson]

From: Paolo Bonzini 

Conform to coding style, and avoid further occurrences of bugs due to
misplaced braces.

Signed-off-by: Paolo Bonzini 
Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 313 +++
 1 file changed, 180 insertions(+), 133 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index e7e319b..29dffb7 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -100,8 +100,9 @@ void alpha_translate_init(void)
 char *p;
 static int done_init = 0;
 
-if (done_init)
+if (done_init) {
 return;
+}
 
 cpu_env = tcg_global_reg_new_ptr(TCG_AREG0, "env");
 
@@ -1117,8 +1118,9 @@ static inline uint64_t zapnot_mask(uint8_t lit)
 int i;
 
 for (i = 0; i < 8; ++i) {
-if ((lit >> i) & 1)
+if ((lit >> i) & 1) {
 mask |= 0xffull << (i * 8);
+}
 }
 return mask;
 }
@@ -1152,26 +1154,28 @@ static void gen_zapnoti(TCGv dest, TCGv src, uint8_t 
lit)
 
 static inline void gen_zapnot(int ra, int rb, int rc, int islit, uint8_t lit)
 {
-if (unlikely(rc == 31))
+if (unlikely(rc == 31)) {
 return;
-else if (unlikely(ra == 31))
+} else if (unlikely(ra == 31)) {
 tcg_gen_movi_i64(cpu_ir[rc], 0);
-else if (islit)
+} else if (islit) {
 gen_zapnoti(cpu_ir[rc], cpu_ir[ra], lit);
-else
+} else {
 gen_helper_zapnot (cpu_ir[rc], cpu_ir[ra], cpu_ir[rb]);
+}
 }
 
 static inline void gen_zap(int ra, int rb, int rc, int islit, uint8_t lit)
 {
-if (unlikely(rc == 31))
+if (unlikely(rc == 31)) {
 return;
-else if (unlikely(ra == 31))
+} else if (unlikely(ra == 31)) {
 tcg_gen_movi_i64(cpu_ir[rc], 0);
-else if (islit)
+} else if (islit) {
 gen_zapnoti(cpu_ir[rc], cpu_ir[ra], ~lit);
-else
+} else {
 gen_helper_zap (cpu_ir[rc], cpu_ir[ra], cpu_ir[rb]);
+}
 }
 
 
@@ -1179,11 +1183,11 @@ static inline void gen_zap(int ra, int rb, int rc, int 
islit, uint8_t lit)
 static void gen_ext_h(int ra, int rb, int rc, int islit,
   uint8_t lit, uint8_t byte_mask)
 {
-if (unlikely(rc == 31))
+if (unlikely(rc == 31)) {
 return;
-else if (unlikely(ra == 31))
+} else if (unlikely(ra == 31)) {
 tcg_gen_movi_i64(cpu_ir[rc], 0);
-else {
+} else {
 if (islit) {
 lit = (64 - (lit & 7) * 8) & 0x3f;
 tcg_gen_shli_i64(cpu_ir[rc], cpu_ir[ra], lit);
@@ -1204,11 +1208,11 @@ static void gen_ext_h(int ra, int rb, int rc, int islit,
 static void gen_ext_l(int ra, int rb, int rc, int islit,
   uint8_t lit, uint8_t byte_mask)
 {
-if (unlikely(rc == 31))
+if (unlikely(rc == 31)) {
 return;
-else if (unlikely(ra == 31))
+} else if (unlikely(ra == 31)) {
 tcg_gen_movi_i64(cpu_ir[rc], 0);
-else {
+} else {
 if (islit) {
 tcg_gen_shri_i64(cpu_ir[rc], cpu_ir[ra], (lit & 7) * 8);
 } else {
@@ -1226,11 +1230,11 @@ static void gen_ext_l(int ra, int rb, int rc, int islit,
 static void gen_ins_h(int ra, int rb, int rc, int islit,
   uint8_t lit, uint8_t byte_mask)
 {
-if (unlikely(rc == 31))
+if (unlikely(rc == 31)) {
 return;
-else if (unlikely(ra == 31) || (islit && (lit & 7) == 0))
+} else if (unlikely(ra == 31) || (islit && (lit & 7) == 0)) {
 tcg_gen_movi_i64(cpu_ir[rc], 0);
-else {
+} else {
 TCGv tmp = tcg_temp_new();
 
 /* The instruction description has us left-shift the byte mask
@@ -1268,11 +1272,11 @@ static void gen_ins_h(int ra, int rb, int rc, int islit,
 static void gen_ins_l(int ra, int rb, int rc, int islit,
   uint8_t lit, uint8_t byte_mask)
 {
-if (unlikely(rc == 31))
+if (unlikely(rc == 31)) {
 return;
-else if (unlikely(ra == 31))
+} else if (unlikely(ra == 31)) {
 tcg_gen_movi_i64(cpu_ir[rc], 0);
-else {
+} else {
 TCGv tmp = tcg_temp_new();
 
 /* The instruction description has us left-shift the byte mask
@@ -1298,11 +1302,11 @@ static void gen_ins_l(int ra, int rb, int rc, int islit,
 static void gen_msk_h(int ra, int rb, int rc, int islit,
   uint8_t lit, uint8_t byte_mask)
 {
-if (unlikely(rc == 31))
+if (unlikely(rc == 31)) {
 return;
-else if (unlikely(ra == 31))
+} else if (unlikely(ra == 31)) {
 tcg_gen_movi_i64(cpu_ir[rc], 0);
-else if (islit) {
+} else if (islit) {
 gen_zapnoti (cpu_ir[rc], cpu_ir[ra], ~((byte_mask << (lit & 7)) >> 8));
 } else {
 TCGv shift = tcg_temp_new();
@@ -1336,11 +1340,11 @@ static void gen_msk_h(int ra, int rb, int rc, int islit,
 static void gen_msk_l(int ra, int rb, int rc, int islit,
   uint8_t lit, uint8_t byte_mask)
 {
-if (unlikely(rc == 31))
+if (unlikely(rc == 31)) {
 

[Qemu-devel] [PATCH 09/40] target-alpha: Convert opcode 0x17 to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 41 -
 1 file changed, 20 insertions(+), 21 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 2afda77..e783e80 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -197,7 +197,7 @@ static TCGv dest_gpr(DisasContext *ctx, unsigned reg)
 }
 }
 
-static TCGv __attribute__((unused)) load_fpr(DisasContext *ctx, unsigned reg)
+static TCGv load_fpr(DisasContext *ctx, unsigned reg)
 {
 if (likely(reg < 31)) {
 return cpu_fir[reg];
@@ -2429,6 +2429,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 goto invalid_opc;
 }
 break;
+
 case 0x15:
 /* VAX floating point */
 /* XXX: rounding mode and trap are ignored (!) */
@@ -2509,6 +2510,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 goto invalid_opc;
 }
 break;
+
 case 0x16:
 /* IEEE floating-point */
 switch (fpfn) { /* fn11 & 0x3F */
@@ -2589,6 +2591,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 goto invalid_opc;
 }
 break;
+
 case 0x17:
 switch (fn11) {
 case 0x010:
@@ -2597,18 +2600,20 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 gen_fcvtlq(rb, rc);
 break;
 case 0x020:
-if (likely(rc != 31)) {
-if (ra == rb) {
-/* FMOV */
-if (ra == 31) {
-tcg_gen_movi_i64(cpu_fir[rc], 0);
-} else {
-tcg_gen_mov_i64(cpu_fir[rc], cpu_fir[ra]);
-}
+/* CPYS */
+if (rc == 31) {
+/* Special case CPYS as FNOP.  */
+} else if (ra == rb) {
+vc = dest_fpr(ctx, rc);
+/* Special case CPYS as FMOV.  */
+if (ra == 31) {
+tcg_gen_movi_i64(vc, 0);
 } else {
-/* CPYS */
-gen_fcpys(ra, rb, rc);
+va = load_fpr(ctx, ra);
+tcg_gen_mov_i64(vc, va);
 }
+} else {
+gen_fcpys(ra, rb, rc);
 }
 break;
 case 0x021:
@@ -2621,19 +2626,13 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x024:
 /* MT_FPCR */
-if (likely(ra != 31)) {
-gen_helper_store_fpcr(cpu_env, cpu_fir[ra]);
-} else {
-TCGv tmp = tcg_const_i64(0);
-gen_helper_store_fpcr(cpu_env, tmp);
-tcg_temp_free(tmp);
-}
+va = load_fpr(ctx, ra);
+gen_helper_store_fpcr(cpu_env, va);
 break;
 case 0x025:
 /* MF_FPCR */
-if (likely(ra != 31)) {
-gen_helper_load_fpcr(cpu_fir[ra], cpu_env);
-}
+va = dest_fpr(ctx, ra);
+gen_helper_load_fpcr(va, cpu_env);
 break;
 case 0x02A:
 /* FCMOVEQ */
-- 
1.9.0

[Qemu-devel] [PATCH 13/40] target-alpha: Convert opcode 0x1C to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 73 +---
 1 file changed, 19 insertions(+), 54 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 3a0cf6f..6664304 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -2833,43 +2833,30 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 #else
 goto invalid_opc;
 #endif
+
 case 0x1C:
+vc = dest_gpr(ctx, rc);
 switch (fn7) {
 case 0x00:
 /* SEXTB */
 REQUIRE_TB_FLAG(TB_FLAGS_AMASK_BWX);
 REQUIRE_REG_31(ra);
-if (likely(rc != 31)) {
-if (islit) {
-tcg_gen_movi_i64(cpu_ir[rc], (int64_t)((int8_t)lit));
-} else {
-tcg_gen_ext8s_i64(cpu_ir[rc], cpu_ir[rb]);
-}
-}
+vb = load_gpr_lit(ctx, rb, lit, islit);
+tcg_gen_ext8s_i64(vc, vb);
 break;
 case 0x01:
 /* SEXTW */
 REQUIRE_TB_FLAG(TB_FLAGS_AMASK_BWX);
 REQUIRE_REG_31(ra);
-if (likely(rc != 31)) {
-if (islit) {
-tcg_gen_movi_i64(cpu_ir[rc], (int64_t)((int16_t)lit));
-} else {
-tcg_gen_ext16s_i64(cpu_ir[rc], cpu_ir[rb]);
-}
-}
+vb = load_gpr_lit(ctx, rb, lit, islit);
+tcg_gen_ext16s_i64(vc, vb);
 break;
 case 0x30:
 /* CTPOP */
 REQUIRE_TB_FLAG(TB_FLAGS_AMASK_CIX);
 REQUIRE_REG_31(ra);
-if (likely(rc != 31)) {
-if (islit) {
-tcg_gen_movi_i64(cpu_ir[rc], ctpop64(lit));
-} else {
-gen_helper_ctpop(cpu_ir[rc], cpu_ir[rb]);
-}
-}
+vb = load_gpr_lit(ctx, rb, lit, islit);
+gen_helper_ctpop(vc, vb);
 break;
 case 0x31:
 /* PERR */
@@ -2880,25 +2867,15 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 /* CTLZ */
 REQUIRE_TB_FLAG(TB_FLAGS_AMASK_CIX);
 REQUIRE_REG_31(ra);
-if (likely(rc != 31)) {
-if (islit) {
-tcg_gen_movi_i64(cpu_ir[rc], clz64(lit));
-} else {
-gen_helper_ctlz(cpu_ir[rc], cpu_ir[rb]);
-}
-}
+vb = load_gpr_lit(ctx, rb, lit, islit);
+gen_helper_ctlz(vc, vb);
 break;
 case 0x33:
 /* CTTZ */
 REQUIRE_TB_FLAG(TB_FLAGS_AMASK_CIX);
 REQUIRE_REG_31(ra);
-if (likely(rc != 31)) {
-if (islit) {
-tcg_gen_movi_i64(cpu_ir[rc], ctz64(lit));
-} else {
-gen_helper_cttz(cpu_ir[rc], cpu_ir[rb]);
-}
-}
+vb = load_gpr_lit(ctx, rb, lit, islit);
+gen_helper_cttz(vc, vb);
 break;
 case 0x34:
 /* UNPKBW */
@@ -2968,30 +2945,18 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 /* FTOIT */
 REQUIRE_TB_FLAG(TB_FLAGS_AMASK_FIX);
 REQUIRE_REG_31(rb);
-if (likely(rc != 31)) {
-if (ra != 31) {
-tcg_gen_mov_i64(cpu_ir[rc], cpu_fir[ra]);
-} else {
-tcg_gen_movi_i64(cpu_ir[rc], 0);
-}
-}
+va = load_fpr(ctx, ra);
+tcg_gen_mov_i64(vc, va);
 break;
 case 0x78:
 /* FTOIS */
 REQUIRE_TB_FLAG(TB_FLAGS_AMASK_FIX);
 REQUIRE_REG_31(rb);
-if (rc != 31) {
-TCGv_i32 tmp1 = tcg_temp_new_i32();
-if (ra != 31) {
-gen_helper_s_to_memory(tmp1, cpu_fir[ra]);
-} else {
-TCGv tmp2 = tcg_const_i64(0);
-gen_helper_s_to_memory(tmp1, tmp2);
-tcg_temp_free(tmp2);
-}
-tcg_gen_ext_i32_i64(cpu_ir[rc], tmp1);
-tcg_temp_free_i32(tmp1);
-}
+t32 = tcg_temp_new_i32();
+va = load_fpr(ctx, ra);
+gen_helper_s_to_memory(t32, va);
+tcg_gen_ext_i32_i64(vc, t32);
+tcg_temp_free_i32(t32);
 break;
 default:
 goto invalid_opc;
-- 
1.9.0

[Qemu-devel] [PATCH 11/40] target-alpha: Convert opcode 0x1A to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 9 -
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 3340916..d3fbcb4 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -2735,6 +2735,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 goto invalid_opc;
 }
 break;
+
 case 0x19:
 /* HW_MFPR (PALcode) */
 #ifndef CONFIG_USER_ONLY
@@ -2743,14 +2744,12 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 #else
 goto invalid_opc;
 #endif
+
 case 0x1A:
 /* JMP, JSR, RET, JSR_COROUTINE.  These only differ by the branch
prediction stack action, which of course we don't implement.  */
-if (rb != 31) {
-tcg_gen_andi_i64(cpu_pc, cpu_ir[rb], ~3);
-} else {
-tcg_gen_movi_i64(cpu_pc, 0);
-}
+vb = load_gpr(ctx, rb);
+tcg_gen_andi_i64(cpu_pc, vb, ~3);
 if (ra != 31) {
 tcg_gen_movi_i64(cpu_ir[ra], ctx->pc);
 }
-- 
1.9.0

[Qemu-devel] [PATCH 02/40] target-alpha: Introduce REQUIRE_TB_FLAG

[Richard Henderson]

The methods by which we check for cpu features varied wildly
across the function.  Using a nice macro cleans this up.

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 317 ---
 1 file changed, 133 insertions(+), 184 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 29dffb7..6ce4207 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -1765,6 +1765,13 @@ static ExitStatus gen_mtpr(DisasContext *ctx, int rb, 
int regno)
 }
 #endif /* !USER_ONLY*/
 
+#define REQUIRE_TB_FLAG(FLAG)   \
+do {\
+if ((ctx->tb->flags & (FLAG)) == 0) {   \
+goto invalid_opc;   \
+}   \
+} while (0)
+
 static ExitStatus translate_one(DisasContext *ctx, uint32_t insn)
 {
 uint32_t palcode;
@@ -1849,28 +1856,26 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x0A:
 /* LDBU */
-if (ctx->tb->flags & TB_FLAGS_AMASK_BWX) {
-gen_load_mem(ctx, &tcg_gen_qemu_ld8u, ra, rb, disp16, 0, 0);
-break;
-}
-goto invalid_opc;
+REQUIRE_TB_FLAG(TB_FLAGS_AMASK_BWX);
+gen_load_mem(ctx, &tcg_gen_qemu_ld8u, ra, rb, disp16, 0, 0);
+break;
 case 0x0B:
 /* LDQ_U */
 gen_load_mem(ctx, &tcg_gen_qemu_ld64, ra, rb, disp16, 0, 1);
 break;
 case 0x0C:
 /* LDWU */
-if (ctx->tb->flags & TB_FLAGS_AMASK_BWX) {
-gen_load_mem(ctx, &tcg_gen_qemu_ld16u, ra, rb, disp16, 0, 0);
-break;
-}
-goto invalid_opc;
+REQUIRE_TB_FLAG(TB_FLAGS_AMASK_BWX);
+gen_load_mem(ctx, &tcg_gen_qemu_ld16u, ra, rb, disp16, 0, 0);
+break;
 case 0x0D:
 /* STW */
+REQUIRE_TB_FLAG(TB_FLAGS_AMASK_BWX);
 gen_store_mem(ctx, &tcg_gen_qemu_st16, ra, rb, disp16, 0, 0);
 break;
 case 0x0E:
 /* STB */
+REQUIRE_TB_FLAG(TB_FLAGS_AMASK_BWX);
 gen_store_mem(ctx, &tcg_gen_qemu_st8, ra, rb, disp16, 0, 0);
 break;
 case 0x0F:
@@ -2535,12 +2540,10 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 }
 break;
 case 0x14:
+REQUIRE_TB_FLAG(TB_FLAGS_AMASK_FIX);
 switch (fpfn) { /* fn11 & 0x3F */
 case 0x04:
 /* ITOFS */
-if ((ctx->tb->flags & TB_FLAGS_AMASK_FIX) == 0) {
-goto invalid_opc;
-}
 if (likely(rc != 31)) {
 if (ra != 31) {
 TCGv_i32 tmp = tcg_temp_new_i32();
@@ -2553,23 +2556,14 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x0A:
 /* SQRTF */
-if (ctx->tb->flags & TB_FLAGS_AMASK_FIX) {
-gen_fsqrtf(rb, rc);
-break;
-}
-goto invalid_opc;
+gen_fsqrtf(rb, rc);
+break;
 case 0x0B:
 /* SQRTS */
-if (ctx->tb->flags & TB_FLAGS_AMASK_FIX) {
-gen_fsqrts(ctx, rb, rc, fn11);
-break;
-}
-goto invalid_opc;
+gen_fsqrts(ctx, rb, rc, fn11);
+break;
 case 0x14:
 /* ITOFF */
-if ((ctx->tb->flags & TB_FLAGS_AMASK_FIX) == 0) {
-goto invalid_opc;
-}
 if (likely(rc != 31)) {
 if (ra != 31) {
 TCGv_i32 tmp = tcg_temp_new_i32();
@@ -2582,9 +2576,6 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x24:
 /* ITOFT */
-if ((ctx->tb->flags & TB_FLAGS_AMASK_FIX) == 0) {
-goto invalid_opc;
-}
 if (likely(rc != 31)) {
 if (ra != 31) {
 tcg_gen_mov_i64(cpu_fir[rc], cpu_ir[ra]);
@@ -2595,18 +2586,12 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x2A:
 /* SQRTG */
-if (ctx->tb->flags & TB_FLAGS_AMASK_FIX) {
-gen_fsqrtg(rb, rc);
-break;
-}
-goto invalid_opc;
+gen_fsqrtg(rb, rc);
+break;
 case 0x02B:
 /* SQRTT */
-if (ctx->tb->flags & TB_FLAGS_AMASK_FIX) {
-gen_fsqrtt(ctx, rb, rc, fn11);
-break;
-}
-goto invalid_opc;
+gen_fsqrtt(ctx, rb, rc, fn11);
+break;
 default:
 goto invalid_opc;
 }
@@ -2918,11 +2903,11 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 case 0x19:
 /* HW_MFPR (PALcode) */
 #ifndef CONFIG_USER_ONLY
-if (ctx->tb->flags & TB_FLAGS_PAL_MODE) {

[Qemu-devel] [PATCH 08/40] target-alpha: Convert opcode 0x14 to source/sink

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 44 ++--
 1 file changed, 18 insertions(+), 26 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 4a4876b..2afda77 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -206,7 +206,7 @@ static TCGv __attribute__((unused)) load_fpr(DisasContext 
*ctx, unsigned reg)
 }
 }
 
-static TCGv __attribute__((unused)) dest_fpr(DisasContext *ctx, unsigned reg)
+static TCGv dest_fpr(DisasContext *ctx, unsigned reg)
 {
 if (likely(reg < 31)) {
 return cpu_fir[reg];
@@ -1861,6 +1861,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 uint8_t opc, ra, rb, rc, fpfn, fn7, lit;
 bool islit;
 TCGv va, vb, vc, tmp;
+TCGv_i32 t32;
 ExitStatus ret;
 
 /* Decode all instruction fields */
@@ -2373,21 +2374,19 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 goto invalid_opc;
 }
 break;
+
 case 0x14:
 REQUIRE_TB_FLAG(TB_FLAGS_AMASK_FIX);
 switch (fpfn) { /* fn11 & 0x3F */
 case 0x04:
 /* ITOFS */
 REQUIRE_REG_31(rb);
-if (likely(rc != 31)) {
-if (ra != 31) {
-TCGv_i32 tmp = tcg_temp_new_i32();
-tcg_gen_trunc_i64_i32(tmp, cpu_ir[ra]);
-gen_helper_memory_to_s(cpu_fir[rc], tmp);
-tcg_temp_free_i32(tmp);
-} else
-tcg_gen_movi_i64(cpu_fir[rc], 0);
-}
+t32 = tcg_temp_new_i32();
+va = load_gpr(ctx, ra);
+vc = dest_fpr(ctx, rc);
+tcg_gen_trunc_i64_i32(t32, va);
+gen_helper_memory_to_s(vc, t32);
+tcg_temp_free_i32(t32);
 break;
 case 0x0A:
 /* SQRTF */
@@ -2402,26 +2401,19 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 case 0x14:
 /* ITOFF */
 REQUIRE_REG_31(rb);
-if (likely(rc != 31)) {
-if (ra != 31) {
-TCGv_i32 tmp = tcg_temp_new_i32();
-tcg_gen_trunc_i64_i32(tmp, cpu_ir[ra]);
-gen_helper_memory_to_f(cpu_fir[rc], tmp);
-tcg_temp_free_i32(tmp);
-} else
-tcg_gen_movi_i64(cpu_fir[rc], 0);
-}
+t32 = tcg_temp_new_i32();
+va = load_gpr(ctx, ra);
+vc = dest_fpr(ctx, rc);
+tcg_gen_trunc_i64_i32(t32, va);
+gen_helper_memory_to_f(vc, t32);
+tcg_temp_free_i32(t32);
 break;
 case 0x24:
 /* ITOFT */
 REQUIRE_REG_31(rb);
-if (likely(rc != 31)) {
-if (ra != 31) {
-tcg_gen_mov_i64(cpu_fir[rc], cpu_ir[ra]);
-} else {
-tcg_gen_movi_i64(cpu_fir[rc], 0);
-}
-}
+va = load_gpr(ctx, ra);
+vc = dest_fpr(ctx, rc);
+tcg_gen_mov_i64(vc, va);
 break;
 case 0x2A:
 /* SQRTG */
-- 
1.9.0

[Qemu-devel] [PATCH 04/40] target-alpha: Introduce functions for source/sink

[Richard Henderson]

This will allow cleaner handling of $31 and $f31.
Convert opcodes 0x08, 0x09, 0x10 as examples.

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c | 396 +++
 1 file changed, 163 insertions(+), 233 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 5c62244..93bdc64 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -49,6 +49,12 @@ struct DisasContext {
 /* implver value for this CPU.  */
 int implver;
 
+/* Temporaries for $31 and $f31 as source and destination.  */
+TCGv zero;
+TCGv sink;
+/* Temporary for immediate constants.  */
+TCGv lit;
+
 bool singlestep_enabled;
 };
 
@@ -144,6 +150,71 @@ void alpha_translate_init(void)
 done_init = 1;
 }
 
+static TCGv load_zero(DisasContext *ctx)
+{
+if (TCGV_IS_UNUSED_I64(ctx->zero)) {
+ctx->zero = tcg_const_local_i64(0);
+}
+return ctx->zero;
+}
+
+static TCGv dest_sink(DisasContext *ctx)
+{
+if (TCGV_IS_UNUSED_I64(ctx->sink)) {
+ctx->sink = tcg_temp_local_new();
+}
+return ctx->sink;
+}
+
+static TCGv load_gpr(DisasContext *ctx, unsigned reg)
+{
+if (likely(reg < 31)) {
+return cpu_ir[reg];
+} else {
+return load_zero(ctx);
+}
+}
+
+static TCGv load_gpr_lit(DisasContext *ctx, unsigned reg,
+ uint8_t lit, bool islit)
+{
+if (islit) {
+ctx->lit = tcg_const_i64(lit);
+return ctx->lit;
+} else if (likely(reg < 31)) {
+return cpu_ir[reg];
+} else {
+return load_zero(ctx);
+}
+}
+
+static TCGv dest_gpr(DisasContext *ctx, unsigned reg)
+{
+if (likely(reg < 31)) {
+return cpu_ir[reg];
+} else {
+return dest_sink(ctx);
+}
+}
+
+static TCGv __attribute__((unused)) load_fpr(DisasContext *ctx, unsigned reg)
+{
+if (likely(reg < 31)) {
+return cpu_fir[reg];
+} else {
+return load_zero(ctx);
+}
+}
+
+static TCGv __attribute__((unused)) dest_fpr(DisasContext *ctx, unsigned reg)
+{
+if (likely(reg < 31)) {
+return cpu_fir[reg];
+} else {
+return dest_sink(ctx);
+}
+}
+
 static void gen_excp_1(int exception, int error_code)
 {
 TCGv_i32 tmp1, tmp2;
@@ -1787,8 +1858,9 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 int32_t disp12;
 #endif
 uint16_t fn11;
-uint8_t opc, ra, rb, rc, fpfn, fn7, islit;
-uint8_t lit;
+uint8_t opc, ra, rb, rc, fpfn, fn7, lit;
+bool islit;
+TCGv va, vb, vc, tmp;
 ExitStatus ret;
 
 /* Decode all instruction fields */
@@ -1800,8 +1872,9 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 if (rb == 31 && !islit) {
 islit = 1;
 lit = 0;
-} else
+} else {
 lit = (insn >> 13) & 0xFF;
+}
 palcode = insn & 0x03FF;
 disp21 = ((int32_t)((insn & 0x001F) << 11)) >> 11;
 disp16 = (int16_t)(insn & 0x);
@@ -1841,26 +1914,22 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 case 0x07:
 /* OPC07 */
 goto invalid_opc;
-case 0x08:
-/* LDA */
-if (likely(ra != 31)) {
-if (rb != 31) {
-tcg_gen_addi_i64(cpu_ir[ra], cpu_ir[rb], disp16);
-} else {
-tcg_gen_movi_i64(cpu_ir[ra], disp16);
-}
-}
-break;
+
 case 0x09:
 /* LDAH */
-if (likely(ra != 31)) {
-if (rb != 31) {
-tcg_gen_addi_i64(cpu_ir[ra], cpu_ir[rb], disp16 << 16);
-} else {
-tcg_gen_movi_i64(cpu_ir[ra], disp16 << 16);
-}
+disp16 = (uint32_t)disp16 << 16;
+/* fall through */
+case 0x08:
+/* LDA */
+va = dest_gpr(ctx, ra);
+/* It's worth special-casing immediate loads.  */
+if (rb == 31) {
+tcg_gen_movi_i64(va, disp16);
+} else {
+tcg_gen_addi_i64(va, load_gpr(ctx, rb), disp16);
 }
 break;
+
 case 0x0A:
 /* LDBU */
 REQUIRE_TB_FLAG(TB_FLAGS_AMASK_BWX);
@@ -1889,92 +1958,51 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 /* STQ_U */
 gen_store_mem(ctx, &tcg_gen_qemu_st64, ra, rb, disp16, 0, 1);
 break;
+
 case 0x10:
+vc = dest_gpr(ctx, rc);
+vb = load_gpr_lit(ctx, rb, lit, islit);
+
+if (ra == 31) {
+if (fn7 == 0x00) {
+/* Special case ADDL as SEXTL.  */
+tcg_gen_ext32s_i64(vc, vb);
+break;
+}
+if (fn7 == 0x29) {
+/* Special case SUBQ as NEGQ.  */
+tcg_gen_neg_i64(vc, vb);
+break;
+}
+}
+
+va = load_gpr(ctx, ra);
 switch (fn7) {
 case 0x00:
 /* ADDL */
-if (likely(rc != 31)) {
-