From patchwork Fri Jun 15 19:43:54 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Richard Henderson X-Patchwork-Id: 138764 Delivered-To: patch@linaro.org Received: by 2002:a2e:970d:0:0:0:0:0 with SMTP id r13-v6csp1253660lji; Fri, 15 Jun 2018 12:55:08 -0700 (PDT) X-Google-Smtp-Source: ADUXVKIkoYBOsH5t/TZCYuPyBS5wppj0FPGenX6hlRlM8M17fnUMDKHWQ6uMXgEmySe4bm0uBr7f X-Received: by 2002:ac8:2372:: with SMTP id b47-v6mr2847290qtb.358.1529092508868; Fri, 15 Jun 2018 12:55:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529092508; cv=none; d=google.com; s=arc-20160816; b=QhiSjvdZ5aDhlVK+UXfq7pHsjIUROGpyBlUr8Ao22YApB6wF6h4hOuk19XBJr/ztWt RdYxpVLm0SqbdheJsf+6l+LWEnOxSHw7nq2uI6enx/lDGLDkGQRs0kUPgE36QZnSpVlH BBwmDu2DgB4KNt3JWGQZYmpq++ONzHG5/G0IUydovWdx3+4LdIRZU+NCPWeWVo4xUDEW 5z4xVf785SdEp8yVwpHCPcjWff1DxNKA7lwMdtvRjQBXXI65L9XO19kf+vCNRqOUjNPr r8Z7ilXaOWwQPUJi5nVEkjkKI6L0dJ/AkWpI5sqgOjPS5abRURyWCbde5zCz/6MUp/ei Hi2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:to:from:dkim-signature:arc-authentication-results; bh=uXTRBTDADa3Js0VPWdrswx2J3J4crajm5lnDYFt+lbA=; b=wSvFlVYE9Fd/CjPN3i1Xy0j1TIE9g76vksiKDZiQQAPo5xxvtZQwM/NEBBCYjRT5Yp h+6QPPWdyzeobuVyV0TjbiMgKsxonL224KkBaB4K6qjVNDCkNWWf/XjngNPOeOw9/JMx 9MrDfdlc2nBBAtPKHD4aUc3ydVCBucxWr2+5eG8ZiAU15M0XHSr2hCJN2vJsUew7qjTa uC1EVXt77tq5gWmGL4TOp/VugxjtdmpDZS6YMSpDoCQpakLnUTFvQqUMTmzhSVeCPGLv w5ZEGvRzR2msAZOs3lqz2gI0Nlr7uSuARbtqgQap8np0n49JOYeVIWNzFEXehRxMOPMw o5Mg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=UR+5bQi1; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id n44-v6si7970803qvd.126.2018.06.15.12.55.08 for (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 15 Jun 2018 12:55:08 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=UR+5bQi1; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:49007 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fTuoO-0008UV-8O for patch@linaro.org; Fri, 15 Jun 2018 15:55:08 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51729) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fTueL-0000iA-15 for qemu-devel@nongnu.org; Fri, 15 Jun 2018 15:44:46 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fTueH-0002oU-Ln for qemu-devel@nongnu.org; Fri, 15 Jun 2018 15:44:45 -0400 Received: from mail-pl0-x229.google.com ([2607:f8b0:400e:c01::229]:41005) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fTueH-0002ny-Dc for qemu-devel@nongnu.org; Fri, 15 Jun 2018 15:44:41 -0400 Received: by mail-pl0-x229.google.com with SMTP id w8-v6so4343069ply.8 for ; Fri, 15 Jun 2018 12:44:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=uXTRBTDADa3Js0VPWdrswx2J3J4crajm5lnDYFt+lbA=; b=UR+5bQi1Mn2zlfDu4LIo4RqcfP/+HDWqOgytIOpOnFhO0UmAhu7uxMHULQUwpgtvfY UV6PVxKCsL9duSLjvkpGFCv5h3GD+3d183w9MyIN6A5iFW7bK+vbvll1p9X5i7nv6Nk2 tdwuTu0DXpDBUX2QItgzxYa5k1namfgjP2KIQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=uXTRBTDADa3Js0VPWdrswx2J3J4crajm5lnDYFt+lbA=; b=AVIQtgeouSCI4aeVzj5kELpT+iWvSeJ/JukagE6t5dmqxaQsxSIc0qNoZtWYPUZv1a nkfMX9VxK9HFD35i8V6klZqIMJ10znh/q6KLG0bHjRK5OE/nwncNO/3BPQUa8XU/feU+ +uVkgSkVdjICBEf4FBtl2cOWUEI26dK2cJORIPTBPRWM9EK9ls27Jf5kX3JogxSjCypj 7W7yn6MvjsFg1MF6TukDKMfp9gdYIPRu/SQr2AEkLj5oAK2+5wEfp6Lv9dfk0F6hosfv /WUbmjj8FW+shJA84BcltiY8G1TLhnDp4cmVVcUCDvgta529x+Fo0XHtIlC2qucYgprJ 3sEg== X-Gm-Message-State: APt69E0EqNJjBrWW21dHDKLcYY+YU4V17Ve3nFt3s0h7sdtuf2qho0xx t26YES+8tMNRqAiksX78cc4cLYUY6A4= X-Received: by 2002:a17:902:d20c:: with SMTP id t12-v6mr3561059ply.63.1529091880141; Fri, 15 Jun 2018 12:44:40 -0700 (PDT) Received: from cloudburst.twiddle.net (rrcs-173-198-77-219.west.biz.rr.com. [173.198.77.219]) by smtp.gmail.com with ESMTPSA id 29-v6sm14038360pfj.14.2018.06.15.12.44.38 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 15 Jun 2018 12:44:39 -0700 (PDT) From: Richard Henderson To: qemu-devel@nongnu.org Date: Fri, 15 Jun 2018 09:43:54 -1000 Message-Id: <20180615194354.12489-20-richard.henderson@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180615194354.12489-1-richard.henderson@linaro.org> References: <20180615194354.12489-1-richard.henderson@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:400e:c01::229 Subject: [Qemu-devel] [PULL v2 19/19] tcg: Reduce max TB opcode count X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, qemu-stable@nongnu.org Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" Also, assert that we don't overflow any of two different offsets into the TB. Both unwind and goto_tb both record a uint16_t for later use. This fixes an arm-softmmu test case utilizing NEON in which there is a TB generated that runs to 7800 opcodes, and compiles to 96k on an x86_64 host. This overflows the 16-bit offset in which we record the goto_tb reset offset. Because of that overflow, we install a jump destination that goes to neverland. Boom. With this reduced op count, the same TB compiles to about 48k for aarch64, ppc64le, and x86_64 hosts, and neither assertion fires. Cc: qemu-stable@nongnu.org Reported-by: "Jason A. Donenfeld" Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Richard Henderson --- tcg/tcg.h | 6 ++++-- tcg/aarch64/tcg-target.inc.c | 2 +- tcg/arm/tcg-target.inc.c | 2 +- tcg/i386/tcg-target.inc.c | 2 +- tcg/mips/tcg-target.inc.c | 2 +- tcg/ppc/tcg-target.inc.c | 4 ++-- tcg/s390/tcg-target.inc.c | 2 +- tcg/sparc/tcg-target.inc.c | 4 ++-- tcg/tcg.c | 13 ++++++++++++- tcg/tci/tcg-target.inc.c | 2 +- 10 files changed, 26 insertions(+), 13 deletions(-) -- 2.17.1 diff --git a/tcg/tcg.h b/tcg/tcg.h index 532d2a0710..f9f12378e9 100644 --- a/tcg/tcg.h +++ b/tcg/tcg.h @@ -850,9 +850,11 @@ static inline bool tcg_op_buf_full(void) /* This is not a hard limit, it merely stops translation when * we have produced "enough" opcodes. We want to limit TB size * such that a RISC host can reasonably use a 16-bit signed - * branch within the TB. + * branch within the TB. We also need to be mindful of the + * 16-bit unsigned offsets, TranslationBlock.jmp_reset_offset[] + * and TCGContext.gen_insn_end_off[]. */ - return tcg_ctx->nb_ops >= 8000; + return tcg_ctx->nb_ops >= 4000; } /* pool based memory allocation */ diff --git a/tcg/aarch64/tcg-target.inc.c b/tcg/aarch64/tcg-target.inc.c index be3192078d..4562d36d1b 100644 --- a/tcg/aarch64/tcg-target.inc.c +++ b/tcg/aarch64/tcg-target.inc.c @@ -1733,7 +1733,7 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc, tcg_out_insn(s, 3305, LDR, offset, TCG_REG_TMP); } tcg_out_insn(s, 3207, BR, TCG_REG_TMP); - s->tb_jmp_reset_offset[a0] = tcg_current_code_size(s); + set_jmp_reset_offset(s, a0); break; case INDEX_op_goto_ptr: diff --git a/tcg/arm/tcg-target.inc.c b/tcg/arm/tcg-target.inc.c index 56a32a470f..e1fbf465cb 100644 --- a/tcg/arm/tcg-target.inc.c +++ b/tcg/arm/tcg-target.inc.c @@ -1822,7 +1822,7 @@ static inline void tcg_out_op(TCGContext *s, TCGOpcode opc, tcg_out_movi32(s, COND_AL, base, ptr - dil); } tcg_out_ld32_12(s, COND_AL, TCG_REG_PC, base, dil); - s->tb_jmp_reset_offset[args[0]] = tcg_current_code_size(s); + set_jmp_reset_offset(s, args[0]); } break; case INDEX_op_goto_ptr: diff --git a/tcg/i386/tcg-target.inc.c b/tcg/i386/tcg-target.inc.c index 0d0ff524b7..e87b0d445e 100644 --- a/tcg/i386/tcg-target.inc.c +++ b/tcg/i386/tcg-target.inc.c @@ -2245,7 +2245,7 @@ static inline void tcg_out_op(TCGContext *s, TCGOpcode opc, tcg_out_modrm_offset(s, OPC_GRP5, EXT5_JMPN_Ev, -1, (intptr_t)(s->tb_jmp_target_addr + a0)); } - s->tb_jmp_reset_offset[a0] = tcg_current_code_size(s); + set_jmp_reset_offset(s, a0); break; case INDEX_op_goto_ptr: /* jmp to the given host address (could be epilogue) */ diff --git a/tcg/mips/tcg-target.inc.c b/tcg/mips/tcg-target.inc.c index ca5f1d4894..cff525373b 100644 --- a/tcg/mips/tcg-target.inc.c +++ b/tcg/mips/tcg-target.inc.c @@ -1744,7 +1744,7 @@ static inline void tcg_out_op(TCGContext *s, TCGOpcode opc, tcg_out_opc_reg(s, OPC_JR, 0, TCG_TMP0, 0); } tcg_out_nop(s); - s->tb_jmp_reset_offset[a0] = tcg_current_code_size(s); + set_jmp_reset_offset(s, a0); break; case INDEX_op_goto_ptr: /* jmp to the given host address (could be epilogue) */ diff --git a/tcg/ppc/tcg-target.inc.c b/tcg/ppc/tcg-target.inc.c index 86f7de5f7e..c2f729ee8f 100644 --- a/tcg/ppc/tcg-target.inc.c +++ b/tcg/ppc/tcg-target.inc.c @@ -2025,10 +2025,10 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc, const TCGArg *args, } tcg_out32(s, MTSPR | RS(TCG_REG_TB) | CTR); tcg_out32(s, BCCTR | BO_ALWAYS); - s->tb_jmp_reset_offset[args[0]] = c = tcg_current_code_size(s); + set_jmp_reset_offset(s, args[0]); if (USE_REG_TB) { /* For the unlinked case, need to reset TCG_REG_TB. */ - c = -c; + c = -tcg_current_code_size(s); assert(c == (int16_t)c); tcg_out32(s, ADDI | TAI(TCG_REG_TB, TCG_REG_TB, c)); } diff --git a/tcg/s390/tcg-target.inc.c b/tcg/s390/tcg-target.inc.c index 9af6dcef05..17c435ade5 100644 --- a/tcg/s390/tcg-target.inc.c +++ b/tcg/s390/tcg-target.inc.c @@ -1783,7 +1783,7 @@ static inline void tcg_out_op(TCGContext *s, TCGOpcode opc, /* and go there */ tcg_out_insn(s, RR, BCR, S390_CC_ALWAYS, TCG_REG_TB); } - s->tb_jmp_reset_offset[a0] = tcg_current_code_size(s); + set_jmp_reset_offset(s, a0); /* For the unlinked path of goto_tb, we need to reset TCG_REG_TB to the beginning of this TB. */ diff --git a/tcg/sparc/tcg-target.inc.c b/tcg/sparc/tcg-target.inc.c index bc673bd8c6..04bdc3df5e 100644 --- a/tcg/sparc/tcg-target.inc.c +++ b/tcg/sparc/tcg-target.inc.c @@ -1388,12 +1388,12 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc, tcg_out_arithi(s, TCG_REG_G0, TCG_REG_TB, 0, JMPL); tcg_out_nop(s); } - s->tb_jmp_reset_offset[a0] = c = tcg_current_code_size(s); + set_jmp_reset_offset(s, a0); /* For the unlinked path of goto_tb, we need to reset TCG_REG_TB to the beginning of this TB. */ if (USE_REG_TB) { - c = -c; + c = -tcg_current_code_size(s); if (check_fit_i32(c, 13)) { tcg_out_arithi(s, TCG_REG_TB, TCG_REG_TB, c, ARITH_ADD); } else { diff --git a/tcg/tcg.c b/tcg/tcg.c index 1d1dfd7f7c..f27b22bd3c 100644 --- a/tcg/tcg.c +++ b/tcg/tcg.c @@ -306,6 +306,14 @@ TCGLabel *gen_new_label(void) return l; } +static void set_jmp_reset_offset(TCGContext *s, int which) +{ + size_t off = tcg_current_code_size(s); + s->tb_jmp_reset_offset[which] = off; + /* Make sure that we didn't overflow the stored offset. */ + assert(s->tb_jmp_reset_offset[which] == off); +} + #include "tcg-target.inc.c" /* compare a pointer @ptr and a tb_tc @s */ @@ -3532,7 +3540,10 @@ int tcg_gen_code(TCGContext *s, TranslationBlock *tb) break; case INDEX_op_insn_start: if (num_insns >= 0) { - s->gen_insn_end_off[num_insns] = tcg_current_code_size(s); + size_t off = tcg_current_code_size(s); + s->gen_insn_end_off[num_insns] = off; + /* Assert that we do not overflow our stored offset. */ + assert(s->gen_insn_end_off[num_insns] == off); } num_insns++; for (i = 0; i < TARGET_INSN_START_WORDS; ++i) { diff --git a/tcg/tci/tcg-target.inc.c b/tcg/tci/tcg-target.inc.c index cc949bea85..62ed097254 100644 --- a/tcg/tci/tcg-target.inc.c +++ b/tcg/tci/tcg-target.inc.c @@ -574,7 +574,7 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc, const TCGArg *args, /* Indirect jump method. */ TODO(); } - s->tb_jmp_reset_offset[args[0]] = tcg_current_code_size(s); + set_jmp_reset_offset(s, args[0]); break; case INDEX_op_br: tci_out_label(s, arg_label(args[0]));