From patchwork Wed Sep 30 05:09:45 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Henderson X-Patchwork-Id: 524738 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 11C76140D6B for ; Thu, 1 Oct 2015 14:56:04 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b=ickZd9B6; dkim-atps=neutral Received: from localhost ([::1]:37749 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZhVuT-0005dC-SK for incoming@patchwork.ozlabs.org; Thu, 01 Oct 2015 00:56:01 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56769) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Zh9gf-0002Ex-2p for qemu-devel@nongnu.org; Wed, 30 Sep 2015 01:12:18 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Zh9gd-0005OB-LI for qemu-devel@nongnu.org; Wed, 30 Sep 2015 01:12:17 -0400 Received: from mail-pa0-x22e.google.com ([2607:f8b0:400e:c03::22e]:36433) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Zh9gd-0005Nu-BD for qemu-devel@nongnu.org; Wed, 30 Sep 2015 01:12:15 -0400 Received: by pablk4 with SMTP id lk4so27900722pab.3 for ; Tue, 29 Sep 2015 22:12:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=2NzWYYuqjpweJYTCTEL1bcFYwALPIICybss7ODoVbsM=; b=ickZd9B6HVxLidc8B0cz+pur0Aey7uHW7CaKdUmoN8cQOXlfjtbUcAlm6XBqXsEbWQ Ye7jrM1jR+2lzkqtLlTXOo5OQFQ09WEFkHETzaGj0iw4acXCZ16aEGgWjvc8nSnSrpDl BQMcEIiX4I9TdkOMPmgthJoKsclPz21KcukZUkKg/+DWiv3E9EM3a6wVkZW1n9HUzjCB ZnF10bTRet6OqzfuSISH2+8KBAutcu3smxemTDTcj/f6MwzqxjtvKA8FI1BEWW194VQa 8m5k8IcaapuRsATFoDhm+nK12VdVBZlt4/UIihpOfFzLHoz46j1ZyDWcRV+F1ywPeqEQ t0vA== X-Received: by 10.68.253.65 with SMTP id zy1mr2412749pbc.159.1443589934844; Tue, 29 Sep 2015 22:12:14 -0700 (PDT) Received: from bigtime.com ([1.144.36.49]) by smtp.gmail.com with ESMTPSA id w9sm28763437pbt.29.2015.09.29.22.12.11 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 29 Sep 2015 22:12:14 -0700 (PDT) From: Richard Henderson To: qemu-devel@nongnu.org Date: Wed, 30 Sep 2015 15:09:45 +1000 Message-Id: <1443589786-26929-26-git-send-email-rth@twiddle.net> X-Mailer: git-send-email 2.4.3 In-Reply-To: <1443589786-26929-1-git-send-email-rth@twiddle.net> References: <1443589786-26929-1-git-send-email-rth@twiddle.net> X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2607:f8b0:400e:c03::22e Cc: peter.maydell@linaro.org, aurelien@aurel32.net Subject: [Qemu-devel] [PATCH v4 25/26] tcg: Check for overflow via highwater mark X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org We currently pre-compute an worst case code size for any TB, which works out to be 122kB. Since the average TB size is near 1kB, this wastes quite a lot of storage. Instead, check for overflow in between generating code for each opcode. The overhead of the check isn't measurable and wastage is minimized. Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson --- include/exec/exec-all.h | 6 ------ tcg/tcg.c | 14 +++++++++++--- tcg/tcg.h | 5 +++-- translate-all.c | 31 ++++++++++++++++++++++++++----- 4 files changed, 40 insertions(+), 16 deletions(-) diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h index 6871e78..71c9d85 100644 --- a/include/exec/exec-all.h +++ b/include/exec/exec-all.h @@ -62,12 +62,6 @@ typedef struct TranslationBlock TranslationBlock; #define OPC_BUF_SIZE 640 #define OPC_MAX_SIZE (OPC_BUF_SIZE - MAX_OP_PER_INSTR) -/* Maximum size a TCG op can expand to. This is complicated because a - single op may require several host instructions and register reloads. - For now take a wild guess at 192 bytes, which should allow at least - a couple of fixup instructions per argument. */ -#define TCG_MAX_OP_SIZE 192 - #define OPPARAM_BUF_SIZE (OPC_BUF_SIZE * MAX_OPC_PARAM) #include "qemu/log.h" diff --git a/tcg/tcg.c b/tcg/tcg.c index 5609108..682af8a 100644 --- a/tcg/tcg.c +++ b/tcg/tcg.c @@ -385,9 +385,10 @@ void tcg_prologue_init(TCGContext *s) total_size = s->code_gen_buffer_size - prologue_size; s->code_gen_buffer_size = total_size; - /* Compute a high-water mark, at which we voluntarily flush the - buffer and start over. */ - s->code_gen_buffer_max_size = total_size - TCG_MAX_OP_SIZE * OPC_BUF_SIZE; + /* Compute a high-water mark, at which we voluntarily flush the buffer + and start over. The size here is arbitrary, significantly larger + than we expect the code generation for any one opcode to require. */ + s->code_gen_highwater = s->code_gen_buffer + (total_size - 1024); tcg_register_jit(s->code_gen_buffer, total_size); @@ -2438,6 +2439,13 @@ int tcg_gen_code(TCGContext *s, tcg_insn_unit *gen_code_buf) #ifndef NDEBUG check_regs(s); #endif + /* Test for (pending) buffer overflow. The assumption is that any + one operation beginning below the high water mark cannot overrun + the buffer completely. Thus we can test for overflow after + generating code without having to check during generation. */ + if (unlikely(s->code_gen_ptr > s->code_gen_highwater)) { + return -1; + } } tcg_debug_assert(num_insns >= 0); s->gen_insn_end_off[num_insns] = tcg_current_code_size(s); diff --git a/tcg/tcg.h b/tcg/tcg.h index 5fbbd15..a696922 100644 --- a/tcg/tcg.h +++ b/tcg/tcg.h @@ -559,10 +559,11 @@ struct TCGContext { void *code_gen_prologue; void *code_gen_buffer; size_t code_gen_buffer_size; - /* threshold to flush the translated code buffer */ - size_t code_gen_buffer_max_size; void *code_gen_ptr; + /* Threshold to flush the translated code buffer. */ + void *code_gen_highwater; + TBContext tb_ctx; /* The TCGBackendData structure is private to tcg-target.c. */ diff --git a/translate-all.c b/translate-all.c index b43bd03..333eba4 100644 --- a/translate-all.c +++ b/translate-all.c @@ -223,6 +223,7 @@ static target_long decode_sleb128(uint8_t **pp) static int encode_search(TranslationBlock *tb, uint8_t *block) { + uint8_t *highwater = tcg_ctx.code_gen_highwater; uint8_t *p = block; int i, j, n; @@ -241,6 +242,14 @@ static int encode_search(TranslationBlock *tb, uint8_t *block) } prev = (i == 0 ? 0 : tcg_ctx.gen_insn_end_off[i - 1]); p = encode_sleb128(p, tcg_ctx.gen_insn_end_off[i] - prev); + + /* Test for (pending) buffer overflow. The assumption is that any + one row beginning below the high water mark cannot overrun + the buffer completely. Thus we can test for overflow after + encoding a row without having to check during encoding. */ + if (unlikely(p > highwater)) { + return -1; + } } return p - block; @@ -756,9 +765,7 @@ static TranslationBlock *tb_alloc(target_ulong pc) { TranslationBlock *tb; - if (tcg_ctx.tb_ctx.nb_tbs >= tcg_ctx.code_gen_max_blocks || - (tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer) >= - tcg_ctx.code_gen_buffer_max_size) { + if (tcg_ctx.tb_ctx.nb_tbs >= tcg_ctx.code_gen_max_blocks) { return NULL; } tb = &tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs++]; @@ -1063,12 +1070,15 @@ TranslationBlock *tb_gen_code(CPUState *cpu, if (use_icount) { cflags |= CF_USE_ICOUNT; } + tb = tb_alloc(pc); - if (!tb) { + if (unlikely(!tb)) { + buffer_overflow: /* flush must be done */ tb_flush(cpu); /* cannot fail at this point */ tb = tb_alloc(pc); + assert(tb != NULL); /* Don't forget to invalidate previous TB info. */ tcg_ctx.tb_ctx.tb_invalidated_flag = 1; } @@ -1109,8 +1119,19 @@ TranslationBlock *tb_gen_code(CPUState *cpu, tcg_ctx.code_time -= profile_getclock(); #endif + /* ??? Overflow could be handled better here. In particular, we + don't need to re-do gen_intermediate_code, nor should we re-do + the tcg optimization currently hidden inside tcg_gen_code. All + that should be required is to flush the TBs, allocate a new TB, + re-initialize it per above, and re-do the actual code generation. */ gen_code_size = tcg_gen_code(&tcg_ctx, gen_code_buf); + if (unlikely(gen_code_size < 0)) { + goto buffer_overflow; + } search_size = encode_search(tb, (void *)gen_code_buf + gen_code_size); + if (unlikely(search_size < 0)) { + goto buffer_overflow; + } #ifdef CONFIG_PROFILER tcg_ctx.code_time += profile_getclock(); @@ -1681,7 +1702,7 @@ void dump_exec_info(FILE *f, fprintf_function cpu_fprintf) cpu_fprintf(f, "Translation buffer state:\n"); cpu_fprintf(f, "gen code size %td/%zd\n", tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer, - tcg_ctx.code_gen_buffer_max_size); + tcg_ctx.code_gen_highwater - tcg_ctx.code_gen_buffer); cpu_fprintf(f, "TB count %d/%d\n", tcg_ctx.tb_ctx.nb_tbs, tcg_ctx.code_gen_max_blocks); cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",