Changeset 2422 for trunk/src – Oracle VirtualBox

trunk/src/Makefile

-              r1697
+              r2422
 endif
+SUBDIRS += bldprogs libs VBox
+#ifeq ($(filter linux.x86 l4.x86 win.x86 os2.x86,$(BUILD_TARGET).$(BUILD_TARGET_ARCH)),)
+ SUBDIRS += recompiler/new
+#else
+# SUBDIRS += recompiler
+#endif
+SUBDIRS += bldprogs libs VBox recompiler
 ifneq ($(wildcard apps),)
  SUBDIRS += apps

trunk/src/recompiler/InnoTek/Makefile.kmk

r1	r2422
18	18	DEPTH = ../../..
19	19	include $(PATH_KBUILD)/up.kmk
20

trunk/src/recompiler/InnoTek/config-host.h

-              r1
+              r2422
+/* $Id$ */
 /** @file
  * Innotek Host Config - Maintained by hand
 …
  */
+#define HOST_I386 1
+#ifdef __WIN32__
+# define CONFIG_WIN32 1
+#elif defined(__OS2__)
+# define CONFIG_OS2
+#elif defined(__DARWIN__)
+# define CONFIG_DARWIN
+#if defined(__amd64__) || defined(HOST_X86_64) /* latter, for dyngen on win64. */
+# define HOST_X86_64 1
+# define HOST_LONG_BITS 64
 #else
+# define HAVE_BYTESWAP_H 1
+# define HOST_I386 1
+# define HOST_LONG_BITS 32
+# ifdef __WIN32__
+#  define CONFIG_WIN32 1
+# elif defined(__OS2__)
+#  define CONFIG_OS2
+# elif defined(__DARWIN__)
+#  define CONFIG_DARWIN
+# elif defined(__FREEBSD__) || defined(__NETBSD__) || defined(__OPENBSD__)
+/*#  define CONFIG_BSD*/
+# elif defined(__SOLARIS__)
+/*#  define CONFIG_SUN*/
+# elif !defined(IPRT_NO_CRT)
+#  define HAVE_BYTESWAP_H 1
+# endif
 #endif
+#define CONFIG_SOFTMMU 1
+#define QEMU_VERSION "0.8.1"
+#define CONFIG_UNAME_RELEASE ""
+#define CONFIG_QEMU_SHAREDIR "."
-#define CONFIG_SDL 1
-#define CONFIG_SLIRP 1
-#ifdef __LINUX__
-#define CONFIG_GDBSTUB 1
-#endif
-/* #define HAVE_GPROF 1 */
-/* #define CONFIG_STATIC 1 */
-#define QEMU_VERSION "0.6.1"
-#define CONFIG_QEMU_SHAREDIR "."

trunk/src/recompiler/InnoTek/config.h

-              r1
+              r2422
+/* $Id$ */
 /** @file
  * Innotek Config - Maintained by hand
 …
 #define TARGET_I386 1
 #define CONFIG_SOFTMMU 1

trunk/src/recompiler/Makefile.kmk

-              r1
+              r2422
+# $Id$
 ## @file
+#
+# !GNU MAKE!
+# The Recompiler Makefile.
+#
+# There are a few of complicating factors here, esp. on AMD64 systems:
+#
+#   * op.c doesn't compile work correctly with gcc 4. For this we've
+#     checked in op.S, which is the reason why we don't compile op.c
+#     directly but always compile via the assembly file.s
+#   * On 64-bit Windows we lack a compiler and have to resort to a
+#     linux cross compiler building an ELF relocatable module which
+#     we then load using a wrapper module. Thus the REM_MOD mess.
+#   * On platforms using the 64-bit GCC ABI, we're not allowed to
+#     generate non-PIC shared objects, and op.c requires the code
+#     to be non-PIC. We apply the same trick as we developed for
+#     64-bit windows.
+#
+#
 # Copyright (C) 2006 InnoTek Systemberatung GmbH
 …
 include $(PATH_KBUILD)/header.kmk
 # todo this is a BUILD_PLATFORM binary, to a target binary!
+ifeq ($(filter darwin,$(BUILD_TARGET)),)
+ ifeq ($(VBOX_USING_GCC4),)
+  BLDPROGS            = dyngen
+ endif
+ DLLS                 = VBoxREM
+ ifeq ($(BUILD_TARGET_ARCH),amd64)
+  SYSMODS             = VBoxREM2
+  REM_MOD             = VBoxREM2
+ else
+  REM_MOD             = VBoxREM
+ endif
+endif # !darwin
+BLDPROGS              = dyngen
+ifeq ($(BUILD_TARGET_ARCH),amd64)
+ SYSMODS              = VBoxREM2
+ REM_MOD              = VBoxREM2
+else
+ REM_MOD              = VBoxREM
+endif
+DLLS                  = VBoxREM
 IMPORT_LIBS           = VBoxREMImp
-GPLEXPORTS            = qemu-source-drop
 OTHER_CLEAN           = \
 …
         $(PATH_$(REM_MOD))/opc.h \
         $(PATH_$(REM_MOD))/gen-op.h \
+        $(PATH_$(REM_MOD))/opc.h \
+        $(PATH_TARGET)/VBoxREMImp.c
+#DEFS += DEBUG_DISAS
+# private hack for gcc 4.1
+ifeq ($(USERNAME).$(BUILD_TARGET),bird.linux)
+ TOOL_GCC3_CC = gcc-3.4.6
+ override VBOX_GCC_Wno-variadic-macros=
+ override VBOX_USING_GCC4=
+endif
+        $(PATH_$(REM_MOD))/opc.h
+DEFS.amd64 += REM_PHYS_ADDR_IN_TLB
+#
+# L4 must use the no-crt path because it's lacking math stuff it seems...
+# Darwin must use the non-crt path because it can't compile op.c nativly.
+# All the AMD64 target must use the no-crt path because ELF doesn't like op.c
+# when stuffed into a shared library and windows doesn't have 64-bit gcc (yet).
+#
+ifeq ($(filter-out l4 darwin freebsd,$(BUILD_TARGET)),)
+ REM_USE_NOCRT := 1
+endif
+ifeq ($(BUILD_TARGET_ARCH),amd64)
+ REM_USE_NOCRT := 1
+endif
+#
+# The dyngen build tool.
+#
 ifeq ($(BUILD_PLATFORM),win)
  dyngen_TOOL          = MINGW32
 …
  dyngen_BLD_TRG_ARCH  = x86
  dyngen_BLD_TRG_CPU   = i386
+ dyngen_CFLAGS        = -Wall -g -fno-strict-aliasing
+ dyngen_CFLAGS        = -Wall -g -fno-strict-aliasing
+ ifeq ($(BUILD_TARGET_ARCH),amd64)
+  dyngen_DEFS        += HOST_X86_64=1
+ endif
 else
+ dyngen_TEMPLATE      = VBOXBLDPRO
+endif
+ dyngen_TEMPLATE      = VBOXBLDPROG
+endif
+dyngen_CFLAGS        += -Wno-missing-prototypes -Wno-missing-declarations
 dyngen_INCS           = \
         InnoTek \
         target-i386 \
+        fpu \
+        $(PATH_ROOT)/ ## @todo what is $(PATH_ROOT) doing here?
+        fpu
 dyngen_SOURCES        = dyngen.c
+#
+# The VBoxREM or VBoxREM2 DLL/SO.
+#
+$(REM_MOD)_TOOL          = GCC3
+$(REM_MOD)_TOOL.win.x86  = MINGW32
+$(REM_MOD)_TOOL.win.amd64= XGCCAMD64LINUX
+$(REM_MOD)_SDKS.win.x86  = W32API                                                       ## @todo do we really need this now?
+$(REM_MOD)_ASFLAGS       = -x assembler-with-cpp                        ## @todo didn't I make this default already?
+$(REM_MOD)_SYSSUFF       = .rel                             # amd64
+$(REM_MOD)_CFLAGS        = -Wall -g
+ifdef ($(BUILD_TARGET),win64) # with -O1 and higher, it generates incorrect code for double and long double constants. ## @todo didn't I fix this yet?
+ REMNoCRT_CFLAGS.release  = -O0
+ $(REM_MOD)_CFLAGS.amd64  = -mcmodel=medium -fno-common -O0 -fno-strict-aliasing -fno-math-errno -fno-peephole2
+else
+$(REM_MOD)_CFLAGS.amd64  = -mcmodel=medium -fno-common -O2 -fno-strict-aliasing
+endif
+$(REM_MOD)_CFLAGS.debug  = -O0
+ifdef ($(BUILD_TARGET_ARCH),x86)
+$(REM_MOD)_CFLAGS.release += -fomit-frame-pointer -fno-gcse
+endif
+$(REM_MOD)_CFLAGS.profile = $($(REM_MOD)_CFLAGS.release)
+$(REM_MOD)_CFLAGS.kprofile = $($(REM_MOD)_CFLAGS.release)
+$(REM_MOD)_CFLAGS.l4     = -nostdinc
+$(REM_MOD)_INCS          = \
+# The VBoxREM.[dll|so|..] or VBoxREM2.rel.
+#
+$(REM_MOD)_DEFS             = IN_REM_R3 REM_INCLUDE_CPU_H
+#$(REM_MOD)_DEFS          += DEBUG_ALL_LOGGING DEBUG_DISAS DEBUG_PCALL DEBUG_EXEC DEBUG_FLUSH DEBUG_IOPORT DEBUG_SIGNAL DEBUG_TLB_CHECK DEBUG_TB_INVALIDATE DEBUG_TLB  # Enables huge amounts of debug logging.
+$(REM_MOD)_INCS             = \
         InnoTek \
         InnoTek/crt \
+        InnoTek/crt\
         target-i386 \
         fpu \
         $(PATH_$(REM_MOD)) \
         $(PATH_ROOT)/src/VBox/VMM
+ifeq ($(BUILD_TARGET),l4)
+$(REM_MOD)_INCS         += $(VBOX_L4_GCC3_INCS) $(L4_INCDIR)
+endif
+$(REM_MOD)_DEFS          = IN_RING3 IN_REM_R3 REM_INCLUDE_CPU_H #LOG_USE_C99
+#$(REM_MOD)_DEFS          += DEBUG_PCALL DEBUG_EXEC DEBUG_FLUSH DEBUG_IOPORT DEBUG_SIGNAL DEBUG_TLB_CHECK DEBUG_TB_INVALIDATE DEBUG_TLB  # Enables huge amounts of debug logging.
+# these defines are probably all irrelevant now:
+$(REM_MOD)_DEFS         += _GNU_SOURCE _FILE_OFFSET_BITS=64 _LARGEFILE_SOURCE _REENTRANT
+ifeq ($(VBOX_USING_GCC4),)
+ $(REM_MOD)_SOURCES      = \
+$(REM_MOD)_SOURCES          = \
         VBoxRecompiler.c \
         cpu-exec.c \
         exec.c \
         translate-all.c \
+        translate-op.c \
+        fpu/softfloat-native.c \
         target-i386/helper.c \
         target-i386/helper2.c \
+        target-i386/translate.c
+#       translate-op.c \
+#       fpu/softfloat-native.c \
+#       InnoTek/testmath.c
+# ***hacking***
+# ifeq ($(filter-out win os2,$(BUILD_TARGET)),)
+  $(REM_MOD)_SOURCES    += target-i386/op.c
+  FILE_OP_OBJ            = $(PATH_$(REM_MOD)_target-i386/op.c)/op.o
+# else # The remaining targets can be using gcc-4 and needs checking.
+#  $(REM_MOD)_SOURCES    += $(PATH_$(REM_MOD))/op.S
+#  FILE_OP_OBJ            = $(PATH_$(REM_MOD)_$(PATH_$(REM_MOD))/op.S)/op.o
+#  $(REM_MOD)_CLEAN       = $(FILE_OP_OBJ)
+# endif
+ $(REM_MOD)_SOURCES     += InnoTek/loghack.c                                                            # this will be obsoleted soon.
+else
+ $(REM_MOD)_SOURCES      = \
+        precompiled/VBoxRecompiler.o \
+        precompiled/cpu-exec.o \
+        precompiled/exec.o \
+        precompiled/translate-all.o \
+        precompiled/op.o \
+        precompiled/helper.o \
+        precompiled/helper2.o \
+        precompiled/translate.o \
+        precompiled/loghack.o
+ FILE_OP_OBJ             = precompiled/op.o
+endif
+$(REM_MOD)_DEFS         += fprintf=hacked_fprintf printf=hacked_printf      # ditto
+ifneq ($(BUILD_TYPE),debug)
+$(REM_MOD)_SOURCES.win.x86 = $(REM_MOD).def
+else
+$(REM_MOD)_LDFLAGS.win.x86 = --export-all-symbols --output-def $(PATH_TARGET)/$(REM_MOD)-new.def \
+        --exclude-symbols=console_main --exclude-symbols=WinMain@16
+endif
+$(REM_MOD)_SOURCES.os2   = $(PATH_TARGET)/VBoxREMOS2.def
+$(REM_MOD)_LDFLAGS.linux = -Wl,--no-undefined
+$(REM_MOD)_LDFLAGS.l4    = -T$(L4_LIBDIR)/../main_rel.ld -nostdlib -Wl,--no-undefined
+ifeq ($(BUILD_TARGET_ARCH),amd64)
+$(REM_MOD)_LIBS           = \
+        $(LIB_RUNTIME_NOCRT_GCC64) # !create this!
+#       $(VBOX_GCC_LIBGCC)  - fix this
+else # x86
+$(REM_MOD)_LIBS           = \
+        $(LIB_VMM) \
+        $(LIB_RUNTIME)
+$(REM_MOD)_LIBS.win       = \
+        mingw32 \
+        user32 gdi32 winmm ws2_32 iphlpapi dxguid
+$(REM_MOD)_LIBS.linux     = \
+        $(LIB_UUID) \
+        m \
+        util \
+        rt \
+        $(LIB_PTHREAD)
+$(REM_MOD)_LIBS.l4        = \
+        gcc \
+        $(L4_LIBDIR)/libvboxserver.s.so \
+        $(L4_LIBDIR)/libdl.s.so \
+        $(L4_LIBDIR)/libuc.0.s.so
+endif # x86
+        target-i386/translate.c \
+        InnoTek/testmath.c
+ifeq ($(filter-out win os2,$(BUILD_TARGET)),)
+ $(REM_MOD)_SOURCES        += target-i386/op.c
+ FILE_OP_OBJ                = $(PATH_$(REM_MOD)_target-i386/op.c)/op.o
+else # The remaining targets can be using gcc-4 and needs checking.
+ $(REM_MOD)_SOURCES        += $(PATH_$(REM_MOD))/op.S
+ FILE_OP_OBJ                = $(PATH_$(REM_MOD)_$(PATH_$(REM_MOD))/op.S)/op.o
+ $(REM_MOD)_CLEAN           = $(FILE_OP_OBJ) $(PATH_$(REM_MOD))/op.S.dep
+endif
+#$(REM_MOD)_SOURCES.os2      = $(PATH_TARGET)/$(REM_MOD).def
+$(REM_MOD)_SOURCES.win.x86  = $(REM_MOD).def
+ifdef REM_USE_NOCRT
+ $(REM_MOD)_TEMPLATE        = VBOXNOCRTGAS
+ $(REM_MOD)_DEFS           += LOG_USE_C99
+ $(REM_MOD)_CFLAGS.amd64    = -O2
+ $(REM_MOD)_CFLAGS.debug    = -O0
+ $(REM_MOD)_CFLAGS.darwin   = -fno-common -mdynamic-no-pic
+ ifdef ($(BUILD_TARGET_ARCH),x86)
+  $(REM_MOD)_CFLAGS.release+= -fomit-frame-pointer -fno-gcse
+ endif
+ # This doesn't fit in IPRT because it requires GAS and is LGPL.
+ $(REM_MOD)_SOURCES        += \
+        InnoTek/e_powl-$(BUILD_TARGET_ARCH).S
+ ifeq ($(REM_MOD),VBoxREM)
+  $(REM_MOD)_LIBS           = \
+        $(PATH_LIB)/RuntimeR3NoCRTGCC$(VBOX_SUFF_LIB) \
+        $(LIB_VMM) \
+        $(LIB_RUNTIME)
+  $(REM_MOD)_LIBS.darwin    = \
+        $(TARGET_VBoxREMImp)
+#       $(PATH_BIN)/VBoxREMImp.dylib
+  $(REM_MOD)_LDFLAGS.darwin  = -read_only_relocs suppress -multiply_defined warning  #-install_name @executable_path/$(REM_MOD).dylib#
+ else
+  $(REM_MOD)_LIBS           = \
+        $(PATH_LIB)/RuntimeR3NoCRTGCC$(VBOX_SUFF_LIB)
+  $(REM_MOD)_SYSSUFF        = .rel
+ endif
+else # !REM_USE_NOCRT
+ $(REM_MOD)_TOOL            = GCC3
+ $(REM_MOD)_TOOL.win.x86    = MINGW32
+ $(REM_MOD)_TOOL.win.amd64  = XGCCAMD64LINUX
+ $(REM_MOD)_SDKS.win.x86    = W32API                                                    ## @todo do we really need this now?
+ $(REM_MOD)_ASFLAGS         = -x assembler-with-cpp                     ## @todo didn't I make this default already?
+ $(REM_MOD)_CFLAGS          = -Wall -g
+ $(REM_MOD)_CFLAGS.debug    = -O0
+ $(REM_MOD)_CFLAGS.release += -fomit-frame-pointer -fno-gcse
+ $(REM_MOD)_CFLAGS.profile  = $($(REM_MOD)_CFLAGS.release)
+ $(REM_MOD)_CFLAGS.kprofile = $($(REM_MOD)_CFLAGS.release)
+ $(REM_MOD)_CFLAGS.l4       = -nostdinc
+ ifeq ($(BUILD_TARGET),l4)
+  $(REM_MOD)_INCS          += $(VBOX_L4_GCC3_INCS) $(L4_INCDIR)
+ endif
+ $(REM_MOD)_DEFS           += IN_RING3 LOG_USE_C99
+ #$(REM_MOD)_DEFS          += DEBUG_DISAS DEBUG_PCALL DEBUG_EXEC DEBUG_FLUSH DEBUG_IOPORT DEBUG_SIGNAL DEBUG_TLB_CHECK DEBUG_TB_INVALIDATE DEBUG_TLB  # Enables huge amounts of debug logging.
+ # these defines are probably all irrelevant now:
+ $(REM_MOD)_DEFS           += _GNU_SOURCE _FILE_OFFSET_BITS=64 _LARGEFILE_SOURCE _REENTRANT
+ $(REM_MOD)_LDFLAGS.darwin  = -read_only_relocs suppress -install_name @executable_path/$(REM_MOD).dylib -multiple_defined warning
+ $(REM_MOD)_LDFLAGS.l4      = -T$(L4_LIBDIR)/../main_rel.ld -nostdlib -Wl,--no-undefined
+ $(REM_MOD)_LDFLAGS.os2     = -Zomf
+ $(REM_MOD)_LDFLAGS.debug   = -g
+ ifeq ($(BUILD_TARGET_ARCH),amd64)
+  $(REM_MOD)_LIBS           = $(FILE_TOOL_GCC3_LIBGCC)
+ else # x86
+  $(REM_MOD)_LIBS           = \
+        $(LIB_VMM) \
+        $(LIB_RUNTIME)
+  $(REM_MOD)_LIBS.win.x86   = \
+        mingw32 \
+        user32 gdi32 winmm ws2_32 iphlpapi dxguid
+  $(REM_MOD)_LIBS.linux     = \
+        $(LIB_UUID) \
+        m \
+        util \
+        rt \
+        $(LIB_PTHREAD)
+  $(REM_MOD)_LIBS.l4        = \
+        gcc \
+        $(L4_LIBDIR)/libvboxserver.s.so \
+        $(L4_LIBDIR)/libdl.s.so \
+        $(L4_LIBDIR)/libuc.0.s.so
+ endif # x86
+endif # !REM_USE_NOCRT
 # Extra flags for these source modules.
 target-i386/op.c_CFLAGS         = -O2 -fno-strict-aliasing -fomit-frame-pointer -falign-functions=0 -fno-reorder-blocks -fno-optimize-sibling-calls
 target-i386/op.c_CFLAGS.x86     = -fno-gcse -fno-instrument-functions -mpreferred-stack-boundary=2
+target-i386/op.c_CFLAGS.darwin.x86 = -m128bit-long-double -mpreferred-stack-boundary=4 ## @todo This means we can't use staged/op-elf-x86.s...
 target-i386/helper.c_CFLAGS.x86 = -O2 -fomit-frame-pointer -fno-strict-aliasing -fno-gcse
 cpu-exec.c_CFLAGS.x86           = -O2 -fomit-frame-pointer -fno-strict-aliasing -fno-gcse
+#
+# The math testcase as a standalone program for testing and debugging purposes.
+#
+## @todo This is a bit messy because of MINGW32.
+#BLDPROGS += testmath
+testmath_TOOL           = GCC3
+testmath_TOOL.win.x86   = MINGW32
+testmath_SDKS.win.x86   = W32API
+ifeq ($(BUILD_PLATFORM).$(BUILD_PLATFORM_ARCH),win.amd64)
+ # 64-bit windows: Pretend to be 32-bit.
+ testmath_BLD_TRG       = win32
+ testmath_BLD_TRG_ARCH  = x86
+ testmath_BLD_TRG_CPU   = i386
+endif
+testmath_ASTOOL         = $(VBOX_ASTOOL)
+ifeq ($(filter-out win32 win64,$(BUILD_PLATFORM)),)
+ testmath_ASFLAGS        = -f win32 -DNASM_FORMAT_PE $(VBOX_ASFLAGS) -w+orphan-labels
+else
+ testmath_ASFLAGS        = -f elf -DNASM_FORMAT_ELF $(VBOX_ASFLAGS) -w+orphan-labels
+endif
+testmath_ASFLAGS.amd64  = -m amd64
+testmath_CFLAGS         = -Wall -g
+testmath_CFLAGS.release = -O3
+testmath_LDFLAGS        = -g
+testmath_DEFS           = MATHTEST_STANDALONE
+testmath_SOURCES        = InnoTek/testmath.c
+#testmath_SOURCES        += $(PATH_LIB)/RuntimeR3NoCRTGCC$(VBOX_SUFF_LIB)
 …
         VBoxREMWrapper.cpp \
         VBoxREMWrapperA.asm
+VBoxREM_LDFLAGS.darwin = -install_name @executable_path/VBoxREM.dylib
 VBoxREM_LIBS           = \
         $(LIB_VMM) \
 …
+#
 VBoxREMImp_TEMPLATE         = VBOXR3
+ifeq ($(BUILD_TARGET),darwin)
+VBoxREMImp_INST             = $(INST_LIB)
+endif
 VBoxREMImp_SOURCES.win      = VBoxREM.def
 VBoxREMImp_SOURCES.os2      = $(PATH_TARGET)/VBoxREMOS2.def
 ifeq ($(filter win os2,$(BUILD_TARGET)),)
 VBoxREMImp_SOURCES          = $(PATH_TARGET)/VBoxREMImp.c
+VBoxREMImp_CLEAN            = $(PATH_TARGET)/VBoxREMImp.c
 endif
 VBoxREMImp_SONAME.linux     = VBoxREM.so
 VBoxREMImp_SONAME.l4        = VBoxREM.s.so
+VBoxREMImp_LDFLAGS.darwin   = -install_name VBoxREM.dylib
+VBoxREMImp_LDFLAGS.darwin   = -install_name @executable_path/VBoxREM.dylib
+#VBoxREMImp_LDFLAGS.darwin   = -install_name VBoxREM.dylib
 VBoxREMImp_LDFLAGS.l4       = -T$(L4_LIBDIR)/../main_rel.ld -nostdlib
 …
 # Generate the op.S file somehow...
+#
 # Gathering the flags, defines and include dirs for the command is a lot
 # of work. Unfortunately, there is only a highly specialized kBuild function
+# Gathering the flags, defines and include dirs for the command is a lot
+# of work. Unfortunately, there is only a highly specialized kBuild function
 # for doing this, so we're currently left to our own devices here.
+#
+# Add something like VBOX_RECOMPILER_OP_GCC = gcc-3.4.6 to LocalConfig.kmk
+# to be 100% sure that you get a working op.S. My gcc 4.1.1 seems to work
+# fine, so feel free to try VBOX_RECOMPILER_OP_GCC = gcc.
+#
+# The op-undefined.lst is generated by finding all the undefined symbols
+# in one (or more) ELF op.o files using nm.
+#
 ifndef VBOX_RECOMPILER_OP_GCC
  ifeq ($(BUILD_TARGET).$(BUILD_TARGET_ARCH),darwin.x86)
+  VBOX_RECOMPILER_OP_GCC ?= gcc-elf-something
+ endif
+ ifeq ($(USERNAME).$(BUILD_TARGET),bird.linux)
+  VBOX_RECOMPILER_OP_GCC ?= gcc-3.4.6
+ endif
+ VBOX_RECOMPILER_OP_GCC ?= $(TOOL_$(VBOX_GCC_TOOL)_CC)
+ VBOX_RECOMPILER_OP_GCC ?= false
+endif
+## @todo Check gcc version if plain gcc, gcc32 or gcc64.
+## @todo minimal dependencies.
+$(PATH_$(REM_MOD))/op.S: target-i386/op.c staged/op-elf-$(BUILD_TARGET_ARCH).S | $(call DIRDEP,$(PATH_$(REM_MOD)))
+        $(RM) -f $@ [email protected] [email protected]
+        $(VBOX_RECOMPILER_OP_GCC) $(addsuffix $(SP)\$(NL)$(TAB),\
+                -S -s \
+                $(filter-out -g -O0, \
+                        $($(REM_MOD)_CFLAGS) $($(REM_MOD)_CFLAGS.$(BUILD_TYPE)) $($(REM_MOD)_CFLAGS.$(BUILD_TARGET_ARCH)) \
+                        $(target-i386/op.c_CFLAGS) $(target-i386/op.c_CFLAGS.$(BUILD_TARGET_ARCH)) \
+                        ) \
+                $(addprefix -I, \
+                        $($(REM_MOD)_CINCS.$(BUILD_TARGET_ARCH)) $($(REM_MOD)_CINCS.$(BUILD_TARGET)) $($(REM_MOD)_CINCS) $(CINCS) \
+                        $($(REM_MOD)_INCS.$(BUILD_TARGET_ARCH))  $($(REM_MOD)_INCS.$(BUILD_TARGET))  $($(REM_MOD)_INCS) $(INCS) \
+                        ) \
+                $(addprefix -D, \
+                        $($(REM_MOD)_CDEFS.$(BUILD_TARGET_ARCH)) $($(REM_MOD)_CDEFS.$(BUILD_TARGET)) $($(REM_MOD)_CDEFS) $(CDEFS.$(BUILD_TARGET)) $(CDEFS.release) $(CDEFS) \
+                        $($(REM_MOD)_DEFS.$(BUILD_TARGET_ARCH))  $($(REM_MOD)_DEFS.$(BUILD_TARGET))  $($(REM_MOD)_DEFS)  $(DEFS.$(BUILD_TARGET))  $(DEFS.release)  $(DEFS) \
+                        ) \
+  VBOX_RECOMPILER_OP_GCC ?= i386-elf-gcc-3.4.3 # (port install i386-gcc-elf)
+  VBOX_RECOMPILER_OP_GCC_OK := yes
+  VBOX_RECOMPILER_OP_GCC_INCS ?= $(abspath $(dir $(shell LC_ALL=C $(VBOX_RECOMPILER_OP_GCC) -print-libgcc-file-name)))/include
+ endif
+ ifndef VBOX_RECOMPILER_OP_GCC
+  VBOX_RECOMPILER_OP_GCC := $(TOOL_$(VBOX_GCC_TOOL)_CC)
+  VBOX_RECOMPILER_OP_GCC_OK := dunno
+ endif
+else
+ # If set, assume it's an OK compiler.
+ VBOX_RECOMPILER_OP_GCC_OK := yes
+endif
+# The command sans -o op.S.tmp.
+COMPILE_OP_CMDS = $(VBOX_RECOMPILER_OP_GCC) \
+        -S -s \
+        $(filter-out -g -O0, \
+                $($(REM_MOD)_CFLAGS) $($(REM_MOD)_CFLAGS.$(BUILD_TYPE)) $($(REM_MOD)_CFLAGS.$(BUILD_TARGET)) $($(REM_MOD)_CFLAGS.$(BUILD_TARGET_ARCH)) $($(REM_MOD)_CFLAGS.$(BUILD_TARGET).$(BUILD_TARGET_ARCH)) \
+                $(target-i386/op.c_CFLAGS) $(target-i386/op.c_CFLAGS.$(BUILD_TARGET)) $(target-i386/op.c_CFLAGS.$(BUILD_TARGET_ARCH)) $(target-i386/op.c_CFLAGS.$(BUILD_TARGET).$(BUILD_TARGET_ARCH)) \
+                ) \
+        $(addprefix -I, \
+                $($(REM_MOD)_CINCS.$(BUILD_TARGET_ARCH)) $($(REM_MOD)_CINCS.$(BUILD_TARGET)) $($(REM_MOD)_CINCS) $(CINCS) \
+                $($(REM_MOD)_INCS.$(BUILD_TARGET_ARCH))  $($(REM_MOD)_INCS.$(BUILD_TARGET))  $($(REM_MOD)_INCS) $(INCS) \
+                ) \
+        $(addprefix -D, \
+                $($(REM_MOD)_CDEFS.$(BUILD_TARGET_ARCH)) $($(REM_MOD)_CDEFS.$(BUILD_TARGET)) $($(REM_MOD)_CDEFS) $(CDEFS.$(BUILD_TARGET)) $(CDEFS.$(BUILD_TARGET_ARCH)) $(CDEFS.$(BUILD_TYPE)) $(CDEFS) \
+                $($(REM_MOD)_DEFS.$(BUILD_TARGET_ARCH))  $($(REM_MOD)_DEFS.$(BUILD_TARGET))  $($(REM_MOD)_DEFS)  $(DEFS.$(BUILD_TARGET))  $(DEFS.$(BUILD_TARGET_ARCH))  $(DEFS.$(BUILD_TYPE))  $(DEFS) \
+                ) \
+        -Wp,-MD,$(PATH_$(REM_MOD))/op.S.dep \
+        -Wp,-MT,$(PATH_$(REM_MOD))/op.S \
+        -Wp,-MP \
+        target-i386/op.c
+# Use the right GCC includes.
+ifdef VBOX_RECOMPILER_OP_GCC_INCS
+COMPILE_OP_CMDS := $(subst $(VBOX_PATH_GCC_INCS),$(VBOX_RECOMPILER_OP_GCC_INCS),$(COMPILE_OP_CMDS))
+endif
+# Drop incompatible options when using the cross-compiler on darwin.
+ifeq ($(BUILD_TARGET),darwin)
+ ifeq ($(filter-out i386-elf-gcc%, $(VBOX_RECOMPILER_OP_GCC)),)
+  COMPILE_OP_CMDS := $(filter-out -mdynamic-no-pic, $(COMPILE_OP_CMDS))
+ endif
+endif
+# include the dependencies
+-include $(PATH_$(REM_MOD))/op.S.dep
+# The rule.
+$(PATH_$(REM_MOD))/op.S: \
                 target-i386/op.c \
+                ) -o [email protected] \
+                || $(CP) staged/op-elf-$(BUILD_TARGET_ARCH).S [email protected] # @todo only do this with gcc-4.
+        $(SED) -f op-validate.sed [email protected] || $(CP) staged/op-elf-$(BUILD_TARGET_ARCH).S [email protected] # This isn't good enough yet.
+                staged/op-elf-$(BUILD_TARGET_ARCH).S \
+                op-validate.sed \
+                op-darwin.sed \
+                op-undefined.lst \
+                Makefile.kmk \
+                $(comp-cmds COMPILE_OP_CMDS,COMPILE_OP_CMDS_PREV,FORCE) \
+                | $(call DIRDEP,$(PATH_$(REM_MOD)))
+        $(RM) -f $@ [email protected] [email protected] [email protected]
+ifeq ($(VBOX_RECOMPILER_OP_GCC_OK),yes)
+        $(call MSG_COMPILE,VBoxREM,$<,$@,AS)
+        $(addsuffix $(SP)\$(NL)$(TAB)  ,$(COMPILE_OP_CMDS)) -o [email protected]
+else ifeq ($(VBOX_RECOMPILER_OP_GCC_OK),dunno) # (permit 3.x.x and 4.1.x+ for now)
+        major_ver=`$(VBOX_RECOMPILER_OP_GCC) -dumpversion | $(SED) -e 's/^\([2-9]\)\..*$$/\1/'`; \
+        minor_ver=`$(VBOX_RECOMPILER_OP_GCC) -dumpversion | $(SED) -e 's/^[2-9]\.\([0-9]\)\..*$$/\1/'`; \
+        bugfix_ver=`$(VBOX_RECOMPILER_OP_GCC) -dumpversion | $(SED) -e 's/^[2-9]\.[0-9]\.\([0-9]\).*$$/\1/'`; \
+        if test "$$major_ver" = "3" -o "(" "$$major_ver" = "4" -a "$$minor_ver" != "0" ")"; then \
+                $(ECHO_EXT) "Compiling $< => $@ [gcc v$${major_ver}.$${minor_ver}.$${bugfix_ver}]" && \
+                $(addsuffix $(SP)\$(NL)$(TAB)$(TAB)  ,$(COMPILE_OP_CMDS)) -o [email protected]; \
+        else \
+                $(ECHO_EXT) "Using staged op.S [gcc v$${major_ver}.$${minor_ver}.$${bugfix_ver}]" && \
+                $(CP_EXT) -f staged/op-elf-$(BUILD_TARGET_ARCH).S [email protected]; \
+        fi
+else
+        $(CP) staged/op-elf-$(BUILD_TARGET_ARCH).S [email protected]
+endif
+        $(SED) -f op-validate.sed [email protected]
 ifeq ($(BUILD_TARGET),darwin)
         $(SED) -f op-darwin.sed [email protected] > [email protected]
+        $(MV) -f [email protected] [email protected]
+        $(SED) -e 's/^\(.*\)$$/#define \1 _\1/' op-undefined.lst > [email protected]
+        $(CAT_EXT) [email protected] >> [email protected]
 endif
         $(MV) -f [email protected] $@
+# predefined dependencies to the headers are generated.
+translate-all.c:             $(PATH_$(REM_MOD))/op.h     $(PATH_$(REM_MOD))/opc.h
+target-i386/translate.c:     $(PATH_$(REM_MOD))/gen-op.h $(PATH_$(REM_MOD))/opc.h
 # atm this will be build because of the direct dependency.
+        $(QUIET2)$(APPEND) "[email protected]"
+        $(QUIET2)$(APPEND) "[email protected]" 'define COMPILE_OP_CMDS_PREV'
+        $(QUIET2)$(APPEND) "[email protected]" '$(subst $(NL),'$(NL)$(TAB)@$(APPEND) "[email protected]" ',$(COMPILE_OP_CMDS))'
+        $(QUIET2)$(APPEND) "[email protected]" 'endef'
+# Hack for crosscompiling.
 DYNGEN = $(PATH_dyngen)/dyngen$(HOSTSUFF_EXE)
 DYNGEN_EXEC = $(DYNGEN)
 …
 endif
+# The dyngen rules.
 $(PATH_$(REM_MOD))/op.h:     $(FILE_OP_OBJ) $(DYNGEN)
         $(call MSG_L1,dyngen => $@)
 …
         $(QUIET)$(DYNGEN_EXEC) -g -o $@ $<
+# Dyngen dependants (sp?).
+translate-all.c \
+translate-op.c \
+target-i386/translate.c \
+        : $(PATH_$(REM_MOD))/op.h $(PATH_$(REM_MOD))/opc.h $(PATH_$(REM_MOD))/gen-op.h
+# Some aliases
+do_dyngen: $(PATH_$(REM_MOD))/gen-op.h $(PATH_$(REM_MOD))/opc.h $(PATH_$(REM_MOD))/op.h
 importlib: $(LIB_REM)
+#
+# Phony rule for making the qemu source drop.
+# This is just an incomplete EXAMPLE. It does NOT include all we have to ship!
+#
+.PHONY: qemu-source-drop
+qemu-source-drop:
+        $(RM) -f $(PATH_BIN)/qemu-source.zip
+        zip -9 $(PATH_BIN)/qemu-source.zip \
+                target-i386/op.c \
+                target-i386/helper.c \
+                target-i386/ops_template_mem.h \
+                target-i386/ops_sse.h \
+                target-i386/helper2.c \
+                target-i386/ops_template.h \
+                target-i386/ops_mem.h \
+                target-i386/translate-copy.c \
+                target-i386/exec.h \
+                target-i386/cpu.h \
+                target-i386/opreg_template.h \
+                target-i386/translate.c \
+                \
+                a.out.h \
+                COPYING.LIB \
+                cpu-defs.h \
+                dyngen.c \
+                dyngen.h \
+                elf.h \
+                exec.c \
+                softmmu_header.h \
+                translate-all.c \
+                bswap.h \
+                cpu-all.h \
+                cpu-exec.c \
+                disas.h \
+                dyngen-exec.h \
+                dyngen-op.h \
+                exec-all.h \
+                osdep.h \
+                softmmu_template.h \
+                vl.h \
+                \
+                tests/hello-arm.c \
+                tests/hello-i386.c \
+                tests/linux-test.c \
+                tests/Makefile \
+                tests/pi_10.com \
+                tests/qruncom.c \
+                tests/runcom.c \
+                tests/sha1.c \
+                tests/test-i386.c \
+                tests/test-i386-code16.S \
+                tests/test-i386.h \
+                tests/test-i386-muldiv.h \
+                tests/test-i386-shift.h \
+                tests/test-i386-vm86.S \
+                tests/test_path.c \
+                tests/testthread.c
+op.S: $(PATH_$(REM_MOD))/op.S

trunk/src/recompiler/VBoxREM.def

r1	r2422
	1	; $Id$
1	2	;; @file
2	3	;

trunk/src/recompiler/VBoxRecompiler.c

-              r2223
+              r2422
+/* $Id$ */
 /** @file
+ *
  * VBox Recompiler - QEMU.
  */
 …
 *   Header Files                                                               *
 *******************************************************************************/
+#define LOG_GROUP LOG_GROUP_REM
 #include "vl.h"
 #include "exec-all.h"
 …
 #include <VBox/err.h>
-#define LOG_GROUP LOG_GROUP_REM
 #include <VBox/log.h>
 #include <iprt/semaphore.h>
 …
 #include <iprt/thread.h>
 #include <iprt/string.h>
 /* Don't wanna include everything. */
 …
 static DECLCALLBACK(int) remR3Load(PVM pVM, PSSMHANDLE pSSM, uint32_t u32Version);
 static void     remR3StateUpdate(PVM pVM);
+#if defined(PGM_DYNAMIC_RAM_ALLOC) && !defined(REM_PHYS_ADDR_IN_TLB)
+DECLINLINE(target_ulong) remR3HCVirt2GCPhysInlined(PVM pVM, void *addr);
+DECLINLINE(void *) remR3GCPhys2HCVirtInlined(PVM pVM, target_ulong addr);
+#endif
 static uint32_t remR3MMIOReadU8(void *pvVM, target_phys_addr_t GCPhys);
 static uint32_t remR3MMIOReadU16(void *pvVM, target_phys_addr_t GCPhys);
 …
 *   Global Variables                                                           *
 *******************************************************************************/
-/** The log level of the recompiler. */
-#if 1
-extern int loglevel;
-#else
-int loglevel = ~0;
-FILE *logfile = NULL;
-#endif
 /** @todo Move stats to REM::s some rainy day we have nothing do to. */
 …
 static STAMPROFILEADV gStatMemRead;
 static STAMPROFILEADV gStatMemWrite;
+#ifndef REM_PHYS_ADDR_IN_TLB
+static STAMPROFILEADV gStatMemReadHCPtr;
+static STAMPROFILEADV gStatMemWriteHCPtr;
+#endif
+#ifdef PGM_DYNAMIC_RAM_ALLOC
+static STAMPROFILE    gStatGCPhys2HCVirt;
+static STAMPROFILE    gStatHCVirt2GCPhys;
+#endif
+static STAMCOUNTER    gStatCpuGetTSC;
 static STAMCOUNTER    gStatRefuseTFInhibit;
 static STAMCOUNTER    gStatRefuseVM86;
 …
 };
-#ifndef PGM_DYNAMIC_RAM_ALLOC
-/* Guest physical RAM base. Not to be used in external code. */
-static uint8_t *phys_ram_base;
-#endif
-/*
- * Instance stuff.
- */
-/** Pointer to the cpu state. */
-CPUState       *cpu_single_env;
 #ifdef VBOX_WITH_DEBUGGER
 …
+/* Instantiate the structure signatures. */
+#define REM_STRUCT_OP 0
+#include "InnoTek/structs.h"
 /*******************************************************************************
 *   Internal Functions                                                         *
 *******************************************************************************/
 static void remAbort(int rc, const char *pszTip);
+extern int testmath(void);
 /* Put them here to avoid unused variable warning. */
 AssertCompile(RT_SIZEOFMEMB(VM, rem.padding) >= RT_SIZEOFMEMB(VM, rem.s));
+//AssertCompileMemberSize(REM, Env, REM_ENV_SIZE);
+//AssertCompile(RT_SIZEOFMEMB(REM, Env) <= REM_ENV_SIZE);
+#if !defined(IPRT_NO_CRT) && (defined(__LINUX__) || defined(__DARWIN__) || defined(__WIN__))
+AssertCompileMemberSize(REM, Env, REM_ENV_SIZE);
+#else
+AssertCompile(RT_SIZEOFMEMB(REM, Env) <= REM_ENV_SIZE);
+#endif
 /**
 …
+{
     uint32_t u32Dummy;
+    unsigned i;
+    /*
+     * Assert sanity.
+     */
     AssertReleaseMsg(sizeof(pVM->rem.padding) >= sizeof(pVM->rem.s), ("%#x >= %#x; sizeof(Env)=%#x\n", sizeof(pVM->rem.padding), sizeof(pVM->rem.s), sizeof(pVM->rem.s.Env)));
     //AssertReleaseMsg(sizeof(pVM->rem.s.Env) <= REM_ENV_SIZE, ("%#x == %#x\n", sizeof(pVM->rem.s.Env), REM_ENV_SIZE));
+    AssertReleaseMsg(sizeof(pVM->rem.s.Env) <= REM_ENV_SIZE, ("%#x == %#x\n", sizeof(pVM->rem.s.Env), REM_ENV_SIZE));
     AssertReleaseMsg(!(RT_OFFSETOF(VM, rem) & 31), ("off=%#x\n", RT_OFFSETOF(VM, rem)));
-#if 0 /* not merged yet */
     Assert(!testmath());
+#endif
+    ASSERT_STRUCT_TABLE(Misc);
+    ASSERT_STRUCT_TABLE(TLB);
+    ASSERT_STRUCT_TABLE(SegmentCache);
+    ASSERT_STRUCT_TABLE(XMMReg);
+    ASSERT_STRUCT_TABLE(MMXReg);
+    ASSERT_STRUCT_TABLE(float_status);
+    ASSERT_STRUCT_TABLE(float32u);
+    ASSERT_STRUCT_TABLE(float64u);
+    ASSERT_STRUCT_TABLE(floatx80u);
+    ASSERT_STRUCT_TABLE(CPUState);
     /*
 …
     AssertMsg(MMR3PhysGetRamSize(pVM) == 0, ("Init order have changed! REM depends on notification about ALL physical memory registrations\n"));
+    /* ignore all notifications */
+    pVM->rem.s.fIgnoreAll = true;
     /*
      * Init the recompiler.
 …
         return VERR_GENERAL_FAILURE;
+    }
+    CPUMGetGuestCpuId(pVM, 1, &u32Dummy, &u32Dummy, &pVM->rem.s.Env.cpuid_ext_features, &pVM->rem.s.Env.cpuid_features);
+    CPUMGetGuestCpuId(pVM,          1, &u32Dummy, &u32Dummy, &pVM->rem.s.Env.cpuid_ext_features, &pVM->rem.s.Env.cpuid_features);
+    CPUMGetGuestCpuId(pVM, 0x80000001, &u32Dummy, &u32Dummy, &u32Dummy, &pVM->rem.s.Env.cpuid_ext2_features);
     /* allocate code buffer for single instruction emulation. */
 …
     pVM->rem.s.u32PendingInterrupt = REM_NO_PENDING_IRQ;
-#ifdef DEBUG_bird
-    //cpu_breakpoint_insert(&pVM->rem.s.Env, some-address);
-#endif
     /*
      * Register ram types.
      */
     pVM->rem.s.iMMIOMemType    = cpu_register_io_memory(0, g_apfnMMIORead, g_apfnMMIOWrite, pVM);
     AssertReleaseMsg(pVM->rem.s.iMMIOMemType > 0, ("pVM->rem.s.iMMIOMemType=%d\n", pVM->rem.s.iMMIOMemType));
     pVM->rem.s.iHandlerMemType = cpu_register_io_memory(0, g_apfnHandlerRead, g_apfnHandlerWrite, pVM);
     AssertReleaseMsg(pVM->rem.s.iHandlerMemType > 0, ("pVM->rem.s.iHandlerMemType=%d\n", pVM->rem.s.iHandlerMemType));
+    pVM->rem.s.iMMIOMemType    = cpu_register_io_memory(-1, g_apfnMMIORead, g_apfnMMIOWrite, pVM);
+    AssertReleaseMsg(pVM->rem.s.iMMIOMemType >= 0, ("pVM->rem.s.iMMIOMemType=%d\n", pVM->rem.s.iMMIOMemType));
+    pVM->rem.s.iHandlerMemType = cpu_register_io_memory(-1, g_apfnHandlerRead, g_apfnHandlerWrite, pVM);
+    AssertReleaseMsg(pVM->rem.s.iHandlerMemType >= 0, ("pVM->rem.s.iHandlerMemType=%d\n", pVM->rem.s.iHandlerMemType));
     Log2(("REM: iMMIOMemType=%d iHandlerMemType=%d\n", pVM->rem.s.iMMIOMemType, pVM->rem.s.iHandlerMemType));
+    /* stop ignoring. */
+    pVM->rem.s.fIgnoreAll = false;
     /*
 …
     STAM_REG(pVM, &gStatMemRead,            STAMTYPE_PROFILE, "/PROF/REM/MemRead",    STAMUNIT_TICKS_PER_CALL, "Profiling memory access.");
     STAM_REG(pVM, &gStatMemWrite,           STAMTYPE_PROFILE, "/PROF/REM/MemWrite",   STAMUNIT_TICKS_PER_CALL, "Profiling memory access.");
+#ifndef REM_PHYS_ADDR_IN_TLB
+    STAM_REG(pVM, &gStatMemReadHCPtr,       STAMTYPE_PROFILE, "/PROF/REM/MemReadHCPtr", STAMUNIT_TICKS_PER_CALL, "Profiling memory access.");
+    STAM_REG(pVM, &gStatMemWriteHCPtr,      STAMTYPE_PROFILE, "/PROF/REM/MemWriteHCPtr", STAMUNIT_TICKS_PER_CALL, "Profiling memory access.");
+#endif
+#ifdef PGM_DYNAMIC_RAM_ALLOC
+    STAM_REG(pVM, &gStatHCVirt2GCPhys,      STAMTYPE_PROFILE, "/PROF/REM/HCVirt2GCPhys", STAMUNIT_TICKS_PER_CALL, "Profiling memory convertion.");
+    STAM_REG(pVM, &gStatGCPhys2HCVirt,      STAMTYPE_PROFILE, "/PROF/REM/GCPhys2HCVirt", STAMUNIT_TICKS_PER_CALL, "Profiling memory convertion.");
+#endif
+    STAM_REG(pVM, &gStatCpuGetTSC,          STAMTYPE_COUNTER, "/REM/CpuGetTSC",         STAMUNIT_OCCURENCES,     "cpu_get_tsc calls");
     STAM_REG(pVM, &gStatRefuseTFInhibit,    STAMTYPE_COUNTER, "/REM/Refuse/TFInibit", STAMUNIT_OCCURENCES,     "Raw mode refused because of TF or irq inhibit");
 …
     STAM_REG(pVM, &gStatSelOutOfSyncStateBack[5],    STAMTYPE_COUNTER, "/REM/StateBack/SelOutOfSync/GS",        STAMUNIT_OCCURENCES,     "GS out of sync");
 #endif
+#ifdef DEBUG_ALL_LOGGING
+    loglevel = ~0;
+#endif
     return rc;
+}
 …
 REMR3DECL(void) REMR3Reset(PVM pVM)
+{
-    pVM->rem.s.fIgnoreCR3Load = true;
-    pVM->rem.s.fIgnoreInvlPg = true;
-    pVM->rem.s.fIgnoreCpuMode = true;
     /*
      * Reset the REM cpu.
      */
+    pVM->rem.s.fIgnoreAll = true;
     cpu_reset(&pVM->rem.s.Env);
     pVM->rem.s.cInvalidatedPages = 0;
+    pVM->rem.s.fIgnoreCR3Load = false;
+    pVM->rem.s.fIgnoreInvlPg = false;
+    pVM->rem.s.fIgnoreCpuMode = false;
+    pVM->rem.s.fIgnoreAll = false;
+}
 …
     /* Remember if we've entered raw mode (vital for ring 1 checks in e.g. iret emulation). */
     SSMR3PutUInt(pSSM, !!(pRem->Env.state & CPU_RAW_RING0));
+    SSMR3PutU32(pSSM, !!(pRem->Env.state & CPU_RAW_RING0));
     /*
 …
     uint32_t u32Dummy;
     uint32_t fRawRing0 = false;
     LogFlow(("remR3Load:\n"));
 …
     /*
      * Ignore all ignorable notifications.
+     * Not doing this will cause big trouble.
+     */
+    pVM->rem.s.fIgnoreCR3Load = true;
+    pVM->rem.s.fIgnoreInvlPg = true;
+    pVM->rem.s.fIgnoreCpuMode = true;
+     * (Not doing this will cause serious trouble.)
+     */
+    pVM->rem.s.fIgnoreAll = true;
     /*
 …
      * Get the CPUID features.
      */
+    CPUMGetGuestCpuId(pVM, 1, &u32Dummy, &u32Dummy, &pVM->rem.s.Env.cpuid_ext_features, &pVM->rem.s.Env.cpuid_features);
+    CPUMGetGuestCpuId(pVM,          1, &u32Dummy, &u32Dummy, &pVM->rem.s.Env.cpuid_ext_features, &pVM->rem.s.Env.cpuid_features);
+    CPUMGetGuestCpuId(pVM, 0x80000001, &u32Dummy, &u32Dummy, &u32Dummy, &pVM->rem.s.Env.cpuid_ext2_features);
     /*
 …
      * Stop ignoring ignornable notifications.
      */
+    pVM->rem.s.fIgnoreCpuMode = false;
+    pVM->rem.s.fIgnoreInvlPg = false;
+    pVM->rem.s.fIgnoreCR3Load = false;
+    pVM->rem.s.fIgnoreAll = false;
     return VINF_SUCCESS;
 …
+        {
             case EXCP_INTERRUPT:    rc = VINF_SUCCESS; break;
+            case EXCP_HLT:          rc = VINF_EM_HALT; break;
+            case EXCP_HLT:
+            case EXCP_HALTED:       rc = VINF_EM_HALT; break;
             case EXCP_RC:
                 rc = pVM->rem.s.rc;
 …
 REMR3DECL(int) REMR3EmulateInstruction(PVM pVM)
+{
     Log2(("REMR3EmulateInstruction: (cs:eip=%04x:%08x)\n", pVM->rem.s.Env.segs[R_CS].selector, pVM->rem.s.Env.eip));
+    Log2(("REMR3EmulateInstruction: (cs:eip=%04x:%08x)\n", pVM->rem.s.pCtx->cs, pVM->rem.s.pCtx->eip));
     /*
 …
             /*
+             * The VM has halted.
+             */
+            case EXCP_HALTED:
+                Log2(("REMR3EmulateInstruction: cpu_exec -> EXCP_HALTED\n"));
+                rc = VINF_EM_HALT;
+                break;
+            /*
              * Switch to RAW-mode.
              */
 …
          * right way in will cause serious trouble if a longjmp was attempted.)
          */
         #ifdef DEBUG_bird
+# ifdef DEBUG_bird
         remR3DisasInstr(&pVM->rem.s.Env, 1, "REMR3EmulateInstruction");
         #endif
+# endif
         int cTimesMax = 16384;
         uint32_t eip = pVM->rem.s.Env.eip;
 …
+        {
             rc = cpu_exec(&pVM->rem.s.Env);
         } while (   eip == pVM->rem.s.Env.eip
                  && (rc == EXCP_DEBUG || rc == EXCP_EXECUTE_RAW)
 …
             case EXCP_HLT:
                 Log2(("REMR3EmulateInstruction: cpu_exec -> EXCP_HLT\n"));
+                rc = VINF_EM_HALT;
+                break;
+            /*
+             * The VM has halted.
+             */
+            case EXCP_HALTED:
+                Log2(("REMR3EmulateInstruction: cpu_exec -> EXCP_HALTED\n"));
                 rc = VINF_EM_HALT;
                 break;
 …
         case EXCP_HLT:
             Log2(("REMR3Run: cpu_exec -> EXCP_HLT\n"));
+            rc = VINF_EM_HALT;
+            break;
+        /*
+         * The VM has halted.
+         */
+        case EXCP_HALTED:
+            Log2(("REMR3Run: cpu_exec -> EXCP_HALTED\n"));
             rc = VINF_EM_HALT;
             break;
 …
          */
         case EXCP_EXECUTE_HWACC:
             Log2(("REMR3EmulateInstruction: cpu_exec -> EXCP_EXECUTE_HWACC\n"));
+            Log2(("REMR3Run: cpu_exec -> EXCP_EXECUTE_HWACC\n"));
             rc = VINF_EM_RESCHEDULE_HWACC;
             break;
 …
      * state we disable this path.
      */
     if (pVM->rem.s.fIgnoreInvlPg)
+    if (pVM->rem.s.fIgnoreInvlPg || pVM->rem.s.fIgnoreAll)
         return;
     Log(("remR3FlushPage: GCPtr=%VGv\n", GCPtr));
+    Assert(pVM->rem.s.fInREM);
     //RAWEx_ProfileStop(env, STATS_QEMU_TOTAL);
 …
  * @param   env         Pointer to cpu environment.
  */
+void remR3SetPage(CPUState *env, CPUTLBEntry *pRead,  CPUTLBEntry *pWrite, int prot, int is_user)
+{
+    uint32_t virt_addr, addend;
+    Log2(("tlb_set_page_raw read (%x-%x) write (%x-%x) prot %x is_user %d\n", pRead->address, pRead->addend, pWrite->address, pWrite->addend, prot, is_user));
+void remR3SetPage(CPUState *env, CPUTLBEntry *pTLBEntry,  CPUTLBEntry *pTLBEntryIgnored, int prot, int is_user)
+{
+    target_ulong virt_addr;
+    if (env->pVM->rem.s.fIgnoreSetPage || env->pVM->rem.s.fIgnoreAll)
+        return;
+    Assert(env->pVM->rem.s.fInREM || env->pVM->rem.s.fInStateSync);
+#ifndef PGM_DYNAMIC_RAM_ALLOC
+    if(!is_user && !(env->state & CPU_RAW_RING0))
+        return; /* We are currently not interested in kernel pages */
+#endif
+#if !defined(PGM_DYNAMIC_RAM_ALLOC) && !defined(REM_PHYS_ADDR_IN_TLB)
+    Log2(("tlb_set_page_raw (r=%x|w=%x)-%x prot %x is_user %d phys base %x\n",
+          pTLBEntry->addr_read, pTLBEntry->addr_write, pTLBEntry->addend, prot, is_user, phys_ram_base));
+#else /* PGM_DYNAMIC_RAM_ALLOC */
+    Log2(("tlb_set_page_raw (r=%x|w=%x)-%x prot %x is_user %d\n",
+          pTLBEntry->addr_read, pTLBEntry->addr_write, pTLBEntry->addend, prot, is_user));
+#endif/* PGM_DYNAMIC_RAM_ALLOC */
+    /*
+     * Extract the virtual address.
+     */
     if (prot & PAGE_WRITE)
+    {
+        addend = pWrite->addend;
+        virt_addr = pWrite->address;
+    }
+        virt_addr = pTLBEntry->addr_write;
+    else if (prot & PAGE_READ)
+        virt_addr = pTLBEntry->addr_read;
     else
+    if (prot & PAGE_READ)
+    {
+        addend = pRead->addend;
+        virt_addr = pRead->address;
+    }
+    else
+    {
+        // Should never happen!
+        AssertMsgFailed(("tlb_set_page_raw unexpected protection flags %x\n", prot));
+        return;
+    }
+    // Clear IO_* flags (TODO: are they actually useful for us??)
+    virt_addr &= ~0xFFF;
+        AssertMsgFailedReturnVoid(("tlb_set_page_raw unexpected protection flags %x\n", prot));
+    virt_addr &= TARGET_PAGE_MASK;
     /*
 …
     if (VBOX_FAILURE(rc))
+    {
+        AssertMsgFailed(("RAWEx_SetPageEntry %x %x %d failed!!\n", virt_addr, prot, is_user));
+#ifdef VBOX_STRICT
+        target_ulong addend = pTLBEntry->addend;
+        target_ulong phys_addr;
+        if (!(addend & IO_MEM_ROM))
+# ifdef REM_PHYS_ADDR_IN_TLB
+            phys_addr = virt_addr + addend;
+# elif defined(PGM_DYNAMIC_RAM_ALLOC)
+            phys_addr = remR3HCVirt2GCPhysInlined(env->pVM, (void *)(virt_addr + addend));
+# else
+            phys_addr = virt_addr - (uintptr_t)phys_ram_base + addend;
+# endif
+        else
+            phys_addr = addend;
+        AssertMsgFailed(("RAWEx_SetPageEntry %x %x %x %d failed!!\n", virt_addr, phys_addr, prot, is_user));
+#endif /* VBOX_STRICT */
         VM_FF_SET(env->pVM, VM_FF_PGM_SYNC_CR3);
+    }
 …
 void remR3ProtectCode(CPUState *env, RTGCPTR GCPtr)
+{
+    Assert(env->pVM->rem.s.fInREM);
     if (     (env->cr[0] & X86_CR0_PG)                      /* paging must be enabled */
         &&  !(env->state & CPU_EMULATE_SINGLE_INSTR)        /* ignore during single instruction execution */
 …
      * state we disable this path.
      */
     if (pVM->rem.s.fIgnoreCR3Load)
+    if (pVM->rem.s.fIgnoreCR3Load || pVM->rem.s.fIgnoreAll)
         return;
+    Assert(pVM->rem.s.fInREM);
     /*
 …
      * state this path is disabled.
      */
     if (pVM->rem.s.fIgnoreCpuMode)
+    if (pVM->rem.s.fIgnoreCpuMode || pVM->rem.s.fIgnoreAll)
         return;
+    Assert(pVM->rem.s.fInREM);
     /*
 …
     if(uTrap < 0x20)
+    {
+#ifdef DEBUG
         remR3DisasInstr(env, 1, "remR3NotifyTrap: ");
+#endif
         if(pVM->rem.s.uPendingException == uTrap && ++pVM->rem.s.cPendingExceptions > 128)
+        {
 …
 REMR3DECL(int) REMR3State(PVM pVM)
+{
-    Assert(!pVM->rem.s.fInREM);
     Log2(("REMR3State:\n"));
     STAM_PROFILE_START(&pVM->rem.s.StatsState, a);
 …
     register unsigned       fFlags;
     bool                    fHiddenSelRegsValid = CPUMAreHiddenSelRegsValid(pVM);
+    Assert(!pVM->rem.s.fInREM);
+    pVM->rem.s.fInStateSync = true;
     /*
 …
     /*
+     * Clear the halted hidden flag (the interrupt waking up the CPU can
+     * have been dispatched in raw mode).
+     */
+    pVM->rem.s.Env.hflags      &= ~HF_HALTED_MASK;
+    /*
      * Replay invlpg?
      */
 …
     /*
      * Registers which are seldomly changed and require special handling / order when changed.
+     * Registers which are rarely changed and require special handling / order when changed.
      */
     fFlags = CPUMGetAndClearChangedFlagsREM(pVM);
 …
      */
     pVM->rem.s.fInREM = true;
+    pVM->rem.s.fInStateSync = false;
     pVM->rem.s.cCanExecuteRaw = 0;
     STAM_PROFILE_STOP(&pVM->rem.s.StatsState, a);
 …
 REMR3DECL(void) REMR3NotifyPhysRamRegister(PVM pVM, RTGCPHYS GCPhys, RTUINT cb, void *pvRam, unsigned fFlags)
+{
     Log(("REMR3NotifyPhysRamRegister: GCPhys=%VGp cb=%d pvRam=%p fFlags=%d\n", GCPhys, cb, pvRam, fFlags));
+    LogFlow(("REMR3NotifyPhysRamRegister: GCPhys=%VGp cb=%d pvRam=%p fFlags=%d\n", GCPhys, cb, pvRam, fFlags));
     VM_ASSERT_EMT(pVM);
 …
     if (!GCPhys)
+    {
 #ifndef PGM_DYNAMIC_RAM_ALLOC
+#if !defined(PGM_DYNAMIC_RAM_ALLOC) && !defined(REM_PHYS_ADDR_IN_TLB)
         AssertRelease(!phys_ram_base);
         phys_ram_base = pvRam;
 #endif
         phys_ram_size = cb;
+        phys_ram_dirty = MMR3HeapAllocZ(pVM, MM_TAG_REM, cb >> PAGE_SHIFT);
+        AssertReleaseMsg(phys_ram_dirty, ("failed to allocate %d bytes of dirty bytes\n", cb >> PAGE_SHIFT));
+    }
+#ifndef PGM_DYNAMIC_RAM_ALLOC
+    AssertRelease(phys_ram_base);
+        phys_ram_dirty_size = cb >> PAGE_SHIFT;
+#ifndef VBOX_STRICT
+        phys_ram_dirty = MMR3HeapAlloc(pVM, MM_TAG_REM, phys_ram_dirty_size);
+        AssertReleaseMsg(phys_ram_dirty, ("failed to allocate %d bytes of dirty bytes\n", phys_ram_dirty_size));
+#else /* VBOX_STRICT: allocate a full map and make the out of bounds pages invalid. */
+        phys_ram_dirty = RTMemPageAlloc(_4G >> PAGE_SHIFT);
+        AssertReleaseMsg(phys_ram_dirty, ("failed to allocate %d bytes of dirty bytes\n", _4G >> PAGE_SHIFT));
+        uint32_t cbBitmap = RT_ALIGN_32(phys_ram_dirty_size, PAGE_SIZE);
+        int rc = RTMemProtect(phys_ram_dirty + cbBitmap, (_4G >> PAGE_SHIFT) - cbBitmap, RTMEM_PROT_NONE);
+        AssertRC(rc);
+        phys_ram_dirty += cbBitmap - phys_ram_dirty_size;
 #endif
+        memset(phys_ram_dirty, 0xff, phys_ram_dirty_size);
+    }
     /*
      * Register the ram.
      */
+    Assert(!pVM->rem.s.fIgnoreAll);
+    pVM->rem.s.fIgnoreAll = true;
 #ifdef PGM_DYNAMIC_RAM_ALLOC
     if (!GCPhys)
 …
     else
+    {
+# ifndef REM_PHYS_ADDR_IN_TLB
         uint32_t i;
+# endif
         cpu_register_physical_memory(GCPhys, cb, GCPhys | (fFlags & MM_RAM_FLAGS_RESERVED ? IO_MEM_UNASSIGNED : 0));
+# ifndef REM_PHYS_ADDR_IN_TLB
         AssertRelease(pVM->rem.s.cPhysRegistrations < REM_MAX_PHYS_REGISTRATIONS);
         for (i=0;i<pVM->rem.s.cPhysRegistrations;i++)
+        for (i = 0; i < pVM->rem.s.cPhysRegistrations; i++)
+        {
             if (pVM->rem.s.aPhysReg[i].GCPhys == GCPhys)
 …
             pVM->rem.s.cPhysRegistrations++;
+        }
+    }
+# endif /* !REM_PHYS_ADDR_IN_TLB */
+    }
+#elif defined(REM_PHYS_ADDR_IN_TLB)
+    cpu_register_physical_memory(GCPhys, cb, GCPhys | (fFlags & MM_RAM_FLAGS_RESERVED ? IO_MEM_UNASSIGNED : 0));
 #else
+    AssertRelease(phys_ram_base);
     cpu_register_physical_memory(GCPhys, cb, ((uintptr_t)pvRam - (uintptr_t)phys_ram_base)
                                              | (fFlags & MM_RAM_FLAGS_RESERVED ? IO_MEM_UNASSIGNED : 0));
 #endif
+    Assert(pVM->rem.s.fIgnoreAll);
+    pVM->rem.s.fIgnoreAll = false;
+}
 …
 REMR3DECL(void) REMR3NotifyPhysRamChunkRegister(PVM pVM, RTGCPHYS GCPhys, RTUINT cb, RTHCUINTPTR pvRam, unsigned fFlags)
+{
+#ifdef PGM_DYNAMIC_RAM_ALLOC
+# ifndef REM_PHYS_ADDR_IN_TLB
     uint32_t idx;
+#endif
     Log(("REMR3NotifyPhysRamChunkRegister: GCPhys=%VGp cb=%d pvRam=%p fFlags=%d\n", GCPhys, cb, pvRam, fFlags));
 …
     Assert(fFlags == 0 /* normal RAM */);
+# ifndef REM_PHYS_ADDR_IN_TLB
     if (!pVM->rem.s.paHCVirtToGCPhys)
+    {
 …
+        }
+    }
+# endif /* !REM_PHYS_ADDR_IN_TLB */
+    Assert(!pVM->rem.s.fIgnoreAll);
+    pVM->rem.s.fIgnoreAll = true;
     cpu_register_physical_memory(GCPhys, cb, GCPhys);
+}
+    Assert(pVM->rem.s.fIgnoreAll);
+    pVM->rem.s.fIgnoreAll = false;
+#else
+    AssertReleaseFailed();
+#endif
+}
+#ifdef PGM_DYNAMIC_RAM_ALLOC
+# ifndef REM_PHYS_ADDR_IN_TLB
+#if 0
+static const uint8_t gabZeroPage[PAGE_SIZE];
+#endif
 /**
 …
  * @param   addr        The physical address.
  */
+void *remR3GCPhys2HCVirt(void *env, target_ulong addr)
+{
+#ifdef PGM_DYNAMIC_RAM_ALLOC
+    PVM      pVM = ((CPUState *)env)->pVM;
+DECLINLINE(void *) remR3GCPhys2HCVirtInlined(PVM pVM, target_ulong addr)
+{
     uint32_t i;
+    void    *pv;
+    STAM_PROFILE_START(&gStatGCPhys2HCVirt, a);
+#if 1
     /* lookup in pVM->rem.s.aPhysReg array first (for ROM range(s) inside the guest's RAM) */
     for (i=0;i<pVM->rem.s.cPhysRegistrations;i++)
+    {
         uint32_t off = addr - pVM->rem.s.aPhysReg[i].GCPhys;
+    for (i = 0; i < pVM->rem.s.cPhysRegistrations; i++)
+    {
+        RTGCPHYS off = addr - pVM->rem.s.aPhysReg[i].GCPhys;
         if (off < pVM->rem.s.aPhysReg[i].cb)
+        {
+            Log2(("remR3GCPhys2HCVirt: %x -> %x\n", addr, pVM->rem.s.aPhysReg[i].HCVirt + off));
+            return (void *)(pVM->rem.s.aPhysReg[i].HCVirt + off);
+            pv = (void *)(pVM->rem.s.aPhysReg[i].HCVirt + off);
+            Log2(("remR3GCPhys2HCVirt: %x -> %x\n", addr, pv));
+            STAM_PROFILE_STOP(&gStatGCPhys2HCVirt, a);
+            return pv;
+        }
+    }
     AssertMsg(addr < phys_ram_size, ("remR3GCPhys2HCVirt: unknown physical address %x\n", addr));
     Log2(("remR3GCPhys2HCVirt: %x -> %x\n", addr, pVM->rem.s.paGCPhysToHCVirt[addr >> PGM_DYNAMIC_CHUNK_SHIFT] + (addr & PGM_DYNAMIC_CHUNK_OFFSET_MASK)));
     return (void *)(pVM->rem.s.paGCPhysToHCVirt[addr >> PGM_DYNAMIC_CHUNK_SHIFT] + (addr & PGM_DYNAMIC_CHUNK_OFFSET_MASK));
+    pv = (void *)(pVM->rem.s.paGCPhysToHCVirt[addr >> PGM_DYNAMIC_CHUNK_SHIFT] + (addr & PGM_DYNAMIC_CHUNK_OFFSET_MASK));
+    Log2(("remR3GCPhys2HCVirt: %x -> %x\n", addr, pv));
 #else
+    return phys_ram_base + addr;
+#endif
+}
+    /** @todo figure out why this is faster than the above code. */
+    int rc = PGMPhysGCPhys2HCPtr(pVM, addr & X86_PTE_PAE_PG_MASK, PAGE_SIZE, &pv);
+    if (RT_FAILURE(rc))
+    {
+        AssertMsgFailed(("remR3GCPhys2HCVirt: unknown physical address %x\n", addr));
+        pv = gabZeroPage;
+    }
+    pv = (void *)((uintptr_t)pv | (addr & PAGE_OFFSET_MASK));
+#endif
+    return pv;
+}
 /**
 …
  * @param   addr        The physical address.
  */
+target_ulong remR3HCVirt2GCPhys(void *env, void *addr)
+{
+#ifdef PGM_DYNAMIC_RAM_ALLOC
+    PVM         pVM    = ((CPUState *)env)->pVM;
+DECLINLINE(target_ulong) remR3HCVirt2GCPhysInlined(PVM pVM, void *addr)
+{
     RTHCUINTPTR HCVirt = (RTHCUINTPTR)addr;
     uint32_t    idx    = (HCVirt >> PGM_DYNAMIC_CHUNK_SHIFT);
     RTHCUINTPTR off;
     RTUINT      i;
+    target_ulong GCPhys;
     off = HCVirt - pVM->rem.s.paHCVirtToGCPhys[idx].pChunk1;
     if (    pVM->rem.s.paHCVirtToGCPhys[idx].pChunk1
+    if (    pVM->rem.s.paHCVirtToGCPhys[idx].pChunk1
         &&  off < PGM_DYNAMIC_CHUNK_SIZE)
+    {
+        Log2(("remR3HCVirt2GCPhys %x -> %x\n", addr, pVM->rem.s.paHCVirtToGCPhys[idx].GCPhys1 + off));
+        return pVM->rem.s.paHCVirtToGCPhys[idx].GCPhys1 + off;
+    }
+        GCPhys = pVM->rem.s.paHCVirtToGCPhys[idx].GCPhys1 + off;
+        Log2(("remR3HCVirt2GCPhys %x -> %x\n", addr, GCPhys));
+        return GCPhys;
+    }
     off = HCVirt - pVM->rem.s.paHCVirtToGCPhys[idx].pChunk2;
     if (    pVM->rem.s.paHCVirtToGCPhys[idx].pChunk2
+    if (    pVM->rem.s.paHCVirtToGCPhys[idx].pChunk2
         &&  off < PGM_DYNAMIC_CHUNK_SIZE)
+    {
+        Log2(("remR3HCVirt2GCPhys %x -> %x\n", addr, pVM->rem.s.paHCVirtToGCPhys[idx].GCPhys2 + off));
+        return pVM->rem.s.paHCVirtToGCPhys[idx].GCPhys2 + off;
+        GCPhys = pVM->rem.s.paHCVirtToGCPhys[idx].GCPhys2 + off;
+        Log2(("remR3HCVirt2GCPhys %x -> %x\n", addr, GCPhys));
+        return GCPhys;
+    }
     /* Must be externally registered RAM/ROM range */
     for (i=0;i<pVM->rem.s.cPhysRegistrations;i++)
+    for (i = 0; i < pVM->rem.s.cPhysRegistrations; i++)
+    {
         uint32_t off = HCVirt - pVM->rem.s.aPhysReg[i].HCVirt;
         if (off < pVM->rem.s.aPhysReg[i].cb)
+        {
+            Log2(("remR3HCVirt2GCPhys %x -> %x\n", addr, pVM->rem.s.aPhysReg[i].GCPhys + off));
+            return pVM->rem.s.aPhysReg[i].GCPhys + off;
+            GCPhys = pVM->rem.s.aPhysReg[i].GCPhys + off;
+            Log2(("remR3HCVirt2GCPhys %x -> %x\n", addr, GCPhys));
+            return GCPhys;
+        }
+    }
     AssertReleaseMsgFailed(("No translation for physical address %VHv???\n", addr));
     return 0;
+#else
+    return (target_ulong)addr - (target_ulong)phys_ram_base;
+#endif
+}
+}
+/**
+ *  Convert GC physical address to HC virt
+ *
+ * @returns The HC virt address corresponding to addr.
+ * @param   env         The cpu environment.
+ * @param   addr        The physical address.
+ */
+void *remR3GCPhys2HCVirt(void *env, target_ulong addr)
+{
+    PVM     pVM = ((CPUState *)env)->pVM;
+    void   *pv;
+    STAM_PROFILE_START(&gStatGCPhys2HCVirt, a);
+    pv = remR3GCPhys2HCVirtInlined(pVM, addr);
+    STAM_PROFILE_STOP(&gStatGCPhys2HCVirt, a);
+    return pv;
+}
+/**
+ *  Convert GC physical address to HC virt
+ *
+ * @returns The HC virt address corresponding to addr.
+ * @param   env         The cpu environment.
+ * @param   addr        The physical address.
+ */
+target_ulong remR3HCVirt2GCPhys(void *env, void *addr)
+{
+    PVM pVM = ((CPUState *)env)->pVM;
+    target_ulong GCPhys;
+    STAM_PROFILE_START(&gStatHCVirt2GCPhys, a);
+    GCPhys = remR3HCVirt2GCPhysInlined(pVM, addr);
+    STAM_PROFILE_STOP(&gStatHCVirt2GCPhys, a);
+    return GCPhys;
+}
+# endif /* !REM_PHYS_ADDR_IN_TLB */
 /**
 …
+}
+#endif /* PGM_DYNAMIC_RAM_ALLOC */
 /**
  * Notification about a successful MMR3PhysRomRegister() call.
 …
 REMR3DECL(void) REMR3NotifyPhysRomRegister(PVM pVM, RTGCPHYS GCPhys, RTUINT cb, void *pvCopy)
+{
 #ifdef PGM_DYNAMIC_RAM_ALLOC
+#if defined(PGM_DYNAMIC_RAM_ALLOC) && !defined(REM_PHYS_ADDR_IN_TLB)
     uint32_t i;
 #endif
     Log(("REMR3NotifyPhysRomRegister: GCPhys=%VGp cb=%d pvCopy=%p\n", GCPhys, cb, pvCopy));
+    LogFlow(("REMR3NotifyPhysRomRegister: GCPhys=%VGp cb=%d pvCopy=%p\n", GCPhys, cb, pvCopy));
     VM_ASSERT_EMT(pVM);
 …
      * Register the rom.
      */
+#ifdef PGM_DYNAMIC_RAM_ALLOC
+    Assert(!pVM->rem.s.fIgnoreAll);
+    pVM->rem.s.fIgnoreAll = true;
+#ifdef REM_PHYS_ADDR_IN_TLB
+    cpu_register_physical_memory(GCPhys, cb, GCPhys | IO_MEM_ROM);
+#elif defined(PGM_DYNAMIC_RAM_ALLOC)
     cpu_register_physical_memory(GCPhys, cb, GCPhys | IO_MEM_ROM);
     AssertRelease(pVM->rem.s.cPhysRegistrations < REM_MAX_PHYS_REGISTRATIONS);
     for (i=0;i<pVM->rem.s.cPhysRegistrations;i++)
+    for (i = 0; i < pVM->rem.s.cPhysRegistrations; i++)
+    {
         if (pVM->rem.s.aPhysReg[i].GCPhys == GCPhys)
 …
     cpu_register_physical_memory(GCPhys, cb, ((uintptr_t)pvCopy - (uintptr_t)phys_ram_base) | IO_MEM_ROM);
 #endif
     Log2(("%.64Vhxd\n", (char *)pvCopy + cb - 64));
+    Assert(pVM->rem.s.fIgnoreAll);
+    pVM->rem.s.fIgnoreAll = false;
+}
 …
      * Unassigning the memory.
      */
+    Assert(!pVM->rem.s.fIgnoreAll);
+    pVM->rem.s.fIgnoreAll = true;
     cpu_register_physical_memory(GCPhys, cb, IO_MEM_UNASSIGNED);
+    Assert(pVM->rem.s.fIgnoreAll);
+    pVM->rem.s.fIgnoreAll = false;
+}
 …
         REMR3ReplayHandlerNotifications(pVM);
+    Assert(!pVM->rem.s.fIgnoreAll);
+    pVM->rem.s.fIgnoreAll = true;
     if (enmType == PGMPHYSHANDLERTYPE_MMIO)
         cpu_register_physical_memory(GCPhys, cb, pVM->rem.s.iMMIOMemType);
     else if (fHasHCHandler)
         cpu_register_physical_memory(GCPhys, cb, pVM->rem.s.iHandlerMemType);
+    Assert(pVM->rem.s.fIgnoreAll);
+    pVM->rem.s.fIgnoreAll = false;
+}
 …
     if (pVM->rem.s.cHandlerNotifications)
         REMR3ReplayHandlerNotifications(pVM);
+    Assert(!pVM->rem.s.fIgnoreAll);
+    pVM->rem.s.fIgnoreAll = true;
     if (enmType == PGMPHYSHANDLERTYPE_MMIO)
 …
         else
+        {
             /* This is not prefect, but it'll do for PD monitoring... */
+            /* This is not perfect, but it'll do for PD monitoring... */
             Assert(cb == PAGE_SIZE);
             Assert(RT_ALIGN_T(GCPhys, PAGE_SIZE, RTGCPHYS) == GCPhys);
+            Assert(remR3HCVirt2GCPhys(cpu_single_env, pvHCPtr) < MMR3PhysGetRamSize(pVM));
+#ifdef PGM_DYNAMIC_RAM_ALLOC
+#ifdef REM_PHYS_ADDR_IN_TLB
+            cpu_register_physical_memory(GCPhys, cb, GCPhys);
+#elif defined(PGM_DYNAMIC_RAM_ALLOC)
+            Assert(remR3HCVirt2GCPhysInlined(pVM, pvHCPtr) < MMR3PhysGetRamSize(pVM));
             cpu_register_physical_memory(GCPhys, cb, GCPhys);
 #else
+            cpu_register_physical_memory(GCPhys, cb, remR3HCVirt2GCPhys(cpu_single_env, pvHCPtr));
+            Assert((uintptr_t)pvHCPtr - (uintptr_t)phys_ram_base < MMR3PhysGetRamSize(pVM));
+            cpu_register_physical_memory(GCPhys, cb, (uintptr_t)pvHCPtr - (uintptr_t)phys_ram_base);
 #endif
+        }
+    }
+    Assert(pVM->rem.s.fIgnoreAll);
+    pVM->rem.s.fIgnoreAll = false;
+}
 …
     if (fHasHCHandler)
+    {
+        Assert(!pVM->rem.s.fIgnoreAll);
+        pVM->rem.s.fIgnoreAll = true;
         /*
          * Reset the old page.
 …
         else
+        {
             /* This is not prefect, but it'll do for PD monitoring... */
+            /* This is not perfect, but it'll do for PD monitoring... */
             Assert(cb == PAGE_SIZE);
             Assert(RT_ALIGN_T(GCPhysOld, PAGE_SIZE, RTGCPHYS) == GCPhysOld);
+            Assert(remR3HCVirt2GCPhys(cpu_single_env, pvHCPtr) < MMR3PhysGetRamSize(pVM));
+#ifdef PGM_DYNAMIC_RAM_ALLOC
+#ifdef REM_PHYS_ADDR_IN_TLB
+            cpu_register_physical_memory(GCPhysOld, cb, GCPhysOld);
+#elif defined(PGM_DYNAMIC_RAM_ALLOC)
+            Assert(remR3HCVirt2GCPhysInlined(pVM, pvHCPtr) < MMR3PhysGetRamSize(pVM));
             cpu_register_physical_memory(GCPhysOld, cb, GCPhysOld);
 #else
+            cpu_register_physical_memory(GCPhysOld, cb, remR3HCVirt2GCPhys(cpu_single_env, pvHCPtr));
+            AssertMsg((uintptr_t)pvHCPtr - (uintptr_t)phys_ram_base < MMR3PhysGetRamSize(pVM),
+                      ("pvHCPtr=%p phys_ram_base=%p size=%RX64 cb=%RGp\n", pvHCPtr, phys_ram_base, MMR3PhysGetRamSize(pVM), cb));
+            cpu_register_physical_memory(GCPhysOld, cb, (uintptr_t)pvHCPtr - (uintptr_t)phys_ram_base);
 #endif
+        }
 …
         Assert(RT_ALIGN_T(cb, PAGE_SIZE, RTGCPHYS) == cb);
         cpu_register_physical_memory(GCPhysNew, cb, pVM->rem.s.iHandlerMemType);
+        Assert(pVM->rem.s.fIgnoreAll);
+        pVM->rem.s.fIgnoreAll = false;
+    }
+}
 …
+{
     PVM pVM = env->pVM;
     if ((pTLBEntry->address & ~TARGET_PAGE_MASK) == pVM->rem.s.iHandlerMemType)
+    if ((pTLBEntry->addr_code & ~TARGET_PAGE_MASK) == pVM->rem.s.iHandlerMemType)
+    {
         target_ulong ret = pTLBEntry->addend + addr;
         AssertMsg2("remR3PhysGetPhysicalAddressCode: addr=%VGv address=%VGv addend=%VGp ret=%VGp\n",
                 (RTGCPTR)addr, (RTGCPTR)pTLBEntry->address, (RTGCPHYS)pTLBEntry->addend, ret);
+        AssertMsg2("remR3PhysGetPhysicalAddressCode: addr=%VGv addr_code=%VGv addend=%VGp ret=%VGp\n",
+                   (RTGCPTR)addr, (RTGCPTR)pTLBEntry->addr_code, (RTGCPHYS)pTLBEntry->addend, ret);
         return ret;
+    }
     LogRel(("\nTrying to execute code with memory type address=%VGv addend=%VGp at %VGv! (iHandlerMemType=%#x iMMIOMemType=%#x)\n"
+    LogRel(("\nTrying to execute code with memory type addr_code=%VGv addend=%VGp at %VGv! (iHandlerMemType=%#x iMMIOMemType=%#x)\n"
             "*** handlers\n",
             (RTGCPTR)pTLBEntry->address, (RTGCPHYS)pTLBEntry->addend, (RTGCPTR)addr, pVM->rem.s.iHandlerMemType, pVM->rem.s.iMMIOMemType));
+            (RTGCPTR)pTLBEntry->addr_code, (RTGCPHYS)pTLBEntry->addend, (RTGCPTR)addr, pVM->rem.s.iHandlerMemType, pVM->rem.s.iMMIOMemType));
     DBGFR3Info(pVM, "handlers", NULL, DBGFR3InfoLogRelHlp());
     LogRel(("*** mmio\n"));
 …
     LogRel(("*** phys\n"));
     DBGFR3Info(pVM, "phys", NULL, DBGFR3InfoLogRelHlp());
     cpu_abort(env, "Trying to execute code with memory type address=%VGv addend=%VGp at %VGv. (iHandlerMemType=%#x iMMIOMemType=%#x)\n",
               (RTGCPTR)pTLBEntry->address, (RTGCPHYS)pTLBEntry->addend, (RTGCPTR)addr, pVM->rem.s.iHandlerMemType, pVM->rem.s.iMMIOMemType);
+    cpu_abort(env, "Trying to execute code with memory type addr_code=%VGv addend=%VGp at %VGv. (iHandlerMemType=%#x iMMIOMemType=%#x)\n",
+              (RTGCPTR)pTLBEntry->addr_code, (RTGCPHYS)pTLBEntry->addend, (RTGCPTR)addr, pVM->rem.s.iHandlerMemType, pVM->rem.s.iMMIOMemType);
     AssertFatalFailed();
+}
+/** Validate the physical address passed to the read functions.
+ * Useful for finding non-guest-ram reads/writes.  */
+#if 1 /* disable if it becomes bothersome... */
+# define VBOX_CHECK_ADDR(GCPhys) AssertMsg(PGMPhysIsGCPhysValid(cpu_single_env->pVM, (GCPhys)), ("%VGp\n", (GCPhys)))
+#else
+# define VBOX_CHECK_ADDR(GCPhys) do { } while (0)
+#endif
+/**
+ * Read guest RAM and ROM.
+ *
+ * @param   SrcGCPhys       The source address (guest physical).
+ * @param   pvDst           The destination address.
+ * @param   cb              Number of bytes
+ */
+void remR3PhysRead(RTGCPHYS SrcGCPhys, void *pvDst, unsigned cb)
+{
+    STAM_PROFILE_ADV_START(&gStatMemRead, a);
+    VBOX_CHECK_ADDR(SrcGCPhys);
+    PGMPhysRead(cpu_single_env->pVM, SrcGCPhys, pvDst, cb);
+    STAM_PROFILE_ADV_STOP(&gStatMemRead, a);
+}
+/**
+ * Read guest RAM and ROM, unsigned 8-bit.
+ *
+ * @param   SrcGCPhys       The source address (guest physical).
+ */
+uint8_t remR3PhysReadU8(RTGCPHYS SrcGCPhys)
+{
+    uint8_t val;
+    STAM_PROFILE_ADV_START(&gStatMemRead, a);
+    VBOX_CHECK_ADDR(SrcGCPhys);
+    val = PGMR3PhysReadByte(cpu_single_env->pVM, SrcGCPhys);
+    STAM_PROFILE_ADV_STOP(&gStatMemRead, a);
+    return val;
+}
+/**
+ * Read guest RAM and ROM, signed 8-bit.
+ *
+ * @param   SrcGCPhys       The source address (guest physical).
+ */
+int8_t remR3PhysReadS8(RTGCPHYS SrcGCPhys)
+{
+    int8_t val;
+    STAM_PROFILE_ADV_START(&gStatMemRead, a);
+    VBOX_CHECK_ADDR(SrcGCPhys);
+    val = PGMR3PhysReadByte(cpu_single_env->pVM, SrcGCPhys);
+    STAM_PROFILE_ADV_STOP(&gStatMemRead, a);
+    return val;
+}
+/**
+ * Read guest RAM and ROM, unsigned 16-bit.
+ *
+ * @param   SrcGCPhys       The source address (guest physical).
+ */
+uint16_t remR3PhysReadU16(RTGCPHYS SrcGCPhys)
+{
+    uint16_t val;
+    STAM_PROFILE_ADV_START(&gStatMemRead, a);
+    VBOX_CHECK_ADDR(SrcGCPhys);
+    val = PGMR3PhysReadWord(cpu_single_env->pVM, SrcGCPhys);
+    STAM_PROFILE_ADV_STOP(&gStatMemRead, a);
+    return val;
+}
+/**
+ * Read guest RAM and ROM, signed 16-bit.
+ *
+ * @param   SrcGCPhys       The source address (guest physical).
+ */
+int16_t remR3PhysReadS16(RTGCPHYS SrcGCPhys)
+{
+    uint16_t val;
+    STAM_PROFILE_ADV_START(&gStatMemRead, a);
+    VBOX_CHECK_ADDR(SrcGCPhys);
+    val = PGMR3PhysReadWord(cpu_single_env->pVM, SrcGCPhys);
+    STAM_PROFILE_ADV_STOP(&gStatMemRead, a);
+    return val;
+}
+/**
+ * Read guest RAM and ROM, unsigned 32-bit.
+ *
+ * @param   SrcGCPhys       The source address (guest physical).
+ */
+uint32_t remR3PhysReadU32(RTGCPHYS SrcGCPhys)
+{
+    uint32_t val;
+    STAM_PROFILE_ADV_START(&gStatMemRead, a);
+    VBOX_CHECK_ADDR(SrcGCPhys);
+    val = PGMR3PhysReadDword(cpu_single_env->pVM, SrcGCPhys);
+    STAM_PROFILE_ADV_STOP(&gStatMemRead, a);
+    return val;
+}
+/**
+ * Read guest RAM and ROM, signed 32-bit.
+ *
+ * @param   SrcGCPhys       The source address (guest physical).
+ */
+int32_t remR3PhysReadS32(RTGCPHYS SrcGCPhys)
+{
+    int32_t val;
+    STAM_PROFILE_ADV_START(&gStatMemRead, a);
+    VBOX_CHECK_ADDR(SrcGCPhys);
+    val = PGMR3PhysReadDword(cpu_single_env->pVM, SrcGCPhys);
+    STAM_PROFILE_ADV_STOP(&gStatMemRead, a);
+    return val;
+}
+/**
+ * Read guest RAM and ROM, unsigned 64-bit.
+ *
+ * @param   SrcGCPhys       The source address (guest physical).
+ */
+uint64_t remR3PhysReadU64(RTGCPHYS SrcGCPhys)
+{
+    uint64_t val;
+    STAM_PROFILE_ADV_START(&gStatMemRead, a);
+    VBOX_CHECK_ADDR(SrcGCPhys);
+    val =            PGMR3PhysReadDword(cpu_single_env->pVM, SrcGCPhys)
+        | ((uint64_t)PGMR3PhysReadDword(cpu_single_env->pVM, SrcGCPhys + 4) << 32); /** @todo fix me! */
+    STAM_PROFILE_ADV_STOP(&gStatMemRead, a);
+    return val;
+}
+/**
+ * Write guest RAM.
+ *
+ * @param   DstGCPhys       The destination address (guest physical).
+ * @param   pvSrc           The source address.
+ * @param   cb              Number of bytes to write
+ */
+void remR3PhysWrite(RTGCPHYS DstGCPhys, const void *pvSrc, unsigned cb)
+{
+    STAM_PROFILE_ADV_START(&gStatMemWrite, a);
+    VBOX_CHECK_ADDR(DstGCPhys);
+    PGMPhysWrite(cpu_single_env->pVM, DstGCPhys, pvSrc, cb);
+    STAM_PROFILE_ADV_STOP(&gStatMemWrite, a);
+}
+/**
+ * Write guest RAM, unsigned 8-bit.
+ *
+ * @param   DstGCPhys       The destination address (guest physical).
+ * @param   val             Value
+ */
+void remR3PhysWriteU8(RTGCPHYS DstGCPhys, uint8_t val)
+{
+    STAM_PROFILE_ADV_START(&gStatMemWrite, a);
+    VBOX_CHECK_ADDR(DstGCPhys);
+    PGMR3PhysWriteByte(cpu_single_env->pVM, DstGCPhys, val);
+    STAM_PROFILE_ADV_STOP(&gStatMemWrite, a);
+}
+/**
+ * Write guest RAM, unsigned 8-bit.
+ *
+ * @param   DstGCPhys       The destination address (guest physical).
+ * @param   val             Value
+ */
+void remR3PhysWriteU16(RTGCPHYS DstGCPhys, uint16_t val)
+{
+    STAM_PROFILE_ADV_START(&gStatMemWrite, a);
+    VBOX_CHECK_ADDR(DstGCPhys);
+    PGMR3PhysWriteWord(cpu_single_env->pVM, DstGCPhys, val);
+    STAM_PROFILE_ADV_STOP(&gStatMemWrite, a);
+}
+/**
+ * Write guest RAM, unsigned 32-bit.
+ *
+ * @param   DstGCPhys       The destination address (guest physical).
+ * @param   val             Value
+ */
+void remR3PhysWriteU32(RTGCPHYS DstGCPhys, uint32_t val)
+{
+    STAM_PROFILE_ADV_START(&gStatMemWrite, a);
+    VBOX_CHECK_ADDR(DstGCPhys);
+    PGMR3PhysWriteDword(cpu_single_env->pVM, DstGCPhys, val);
+    STAM_PROFILE_ADV_STOP(&gStatMemWrite, a);
+}
+/**
+ * Write guest RAM, unsigned 64-bit.
+ *
+ * @param   DstGCPhys       The destination address (guest physical).
+ * @param   val             Value
+ */
+void remR3PhysWriteU64(RTGCPHYS DstGCPhys, uint64_t val)
+{
+    STAM_PROFILE_ADV_START(&gStatMemWrite, a);
+    VBOX_CHECK_ADDR(DstGCPhys);
+    PGMR3PhysWriteDword(cpu_single_env->pVM, DstGCPhys, (uint32_t)val); /** @todo add U64 interface. */
+    PGMR3PhysWriteDword(cpu_single_env->pVM, DstGCPhys + 4, val >> 32);
+    STAM_PROFILE_ADV_STOP(&gStatMemWrite, a);
+}
+#ifndef REM_PHYS_ADDR_IN_TLB
 /**
 …
  * @param   cb              Number of bytes
  */
 void remR3PhysReadBytes(uint8_t *pbSrcPhys, void *pvDst, unsigned cb)
+{
     STAM_PROFILE_ADV_START(&gStatMemRead, a);
+void remR3PhysReadHCPtr(uint8_t *pbSrcPhys, void *pvDst, unsigned cb)
+{
+    STAM_PROFILE_ADV_START(&gStatMemReadHCPtr, a);
     /*
 …
      * ROM is accessed this way, even if it's not part of the RAM.
      */
+    /** @todo This is rather ugly, but there's no other way when we don't wish to touch *many* other files. */
+    uintptr_t off = remR3HCVirt2GCPhys(cpu_single_env, pbSrcPhys);
+    if (off < (uintptr_t)phys_ram_size)
+        PGMPhysRead(cpu_single_env->pVM, (RTGCPHYS)off, pvDst, cb);
+    else
+    {
+        /* ROM range outside physical RAM, HC address passed directly */
+        Log4(("remR3PhysReadBytes ROM: %p\n", pbSrcPhys));
+        memcpy(pvDst, pbSrcPhys, cb);
+    }
+    STAM_PROFILE_ADV_STOP(&gStatMemRead, a);
+}
+/** @todo r=bird: s/Byte/U8/ s/Word/U16/ s/Dword/U32/, see MMIO and other functions.
+ * It could be an idea to inline these wrapper functions... */
+/**
+ * Read guest RAM and ROM.
+#ifdef PGM_DYNAMIC_RAM_ALLOC
+    uintptr_t off = remR3HCVirt2GCPhysInlined(cpu_single_env->pVM, pbSrcPhys);
+#else
+    uintptr_t off = pbSrcPhys - phys_ram_base;
+#endif
+    PGMPhysRead(cpu_single_env->pVM, (RTGCPHYS)off, pvDst, cb);
+    STAM_PROFILE_ADV_STOP(&gStatMemReadHCPtr, a);
+}
+/**
+ * Read guest RAM and ROM, unsigned 8-bit.
+ *
  * @param   pbSrcPhys       The source address. Relative to guest RAM.
  */
 uint8_t remR3PhysReadUByte(uint8_t *pbSrcPhys)
+uint8_t remR3PhysReadHCPtrU8(uint8_t *pbSrcPhys)
+{
     uint8_t val;
     STAM_PROFILE_ADV_START(&gStatMemRead, a);
+    STAM_PROFILE_ADV_START(&gStatMemReadHCPtr, a);
     /*
 …
      * ROM is accessed this way, even if it's not part of the RAM.
      */
+    /** @todo This is rather ugly, but there's no other way when we don't wish to touch *many* other files. */
+    uintptr_t off = remR3HCVirt2GCPhys(cpu_single_env, pbSrcPhys);
+    if (off < (uintptr_t)phys_ram_size)
+        val = PGMR3PhysReadByte(cpu_single_env->pVM, (RTGCPHYS)off);
+    else
+    {
+        /* ROM range outside physical RAM, HC address passed directly */
+        Log4(("remR3PhysReadBytes ROM: %p\n", pbSrcPhys));
+        val = *pbSrcPhys;
+    }
+    STAM_PROFILE_ADV_STOP(&gStatMemRead, a);
+#ifdef PGM_DYNAMIC_RAM_ALLOC
+    uintptr_t off = remR3HCVirt2GCPhysInlined(cpu_single_env->pVM, pbSrcPhys);
+#else
+    uintptr_t off = pbSrcPhys - phys_ram_base;
+#endif
+    val = PGMR3PhysReadByte(cpu_single_env->pVM, (RTGCPHYS)off);
+    STAM_PROFILE_ADV_STOP(&gStatMemReadHCPtr, a);
     return val;
+}
+/**
+ * Read guest RAM and ROM.
+/**
+ * Read guest RAM and ROM, signed 8-bit.
+ *
  * @param   pbSrcPhys       The source address. Relative to guest RAM.
  */
 int8_t remR3PhysReadSByte(uint8_t *pbSrcPhys)
+int8_t remR3PhysReadHCPtrS8(uint8_t *pbSrcPhys)
+{
     int8_t val;
     STAM_PROFILE_ADV_START(&gStatMemRead, a);
+    STAM_PROFILE_ADV_START(&gStatMemReadHCPtr, a);
     /*
 …
      * ROM is accessed this way, even if it's not part of the RAM.
      */
+    /** @todo This is rather ugly, but there's no other way when we don't wish to touch *many* other files. */
+    uintptr_t off = remR3HCVirt2GCPhys(cpu_single_env, pbSrcPhys);
+    if (off < (uintptr_t)phys_ram_size)
+        val = PGMR3PhysReadByte(cpu_single_env->pVM, (RTGCPHYS)off);
+    else
+    {
+        /* ROM range outside physical RAM, HC address passed directly */
+        Log4(("remR3PhysReadBytes ROM: %p\n", pbSrcPhys));
+        val = *(int8_t *)pbSrcPhys;
+    }
+    STAM_PROFILE_ADV_STOP(&gStatMemRead, a);
+#ifdef PGM_DYNAMIC_RAM_ALLOC
+    uintptr_t off = remR3HCVirt2GCPhysInlined(cpu_single_env->pVM, pbSrcPhys);
+#else
+    uintptr_t off = pbSrcPhys - phys_ram_base;
+#endif
+    val = PGMR3PhysReadByte(cpu_single_env->pVM, (RTGCPHYS)off);
+    STAM_PROFILE_ADV_STOP(&gStatMemReadHCPtr, a);
     return val;
+}
+/**
+ * Read guest RAM and ROM.
+/**
+ * Read guest RAM and ROM, unsigned 16-bit.
+ *
  * @param   pbSrcPhys       The source address. Relative to guest RAM.
  */
 uint16_t remR3PhysReadUWord(uint8_t *pbSrcPhys)
+uint16_t remR3PhysReadHCPtrU16(uint8_t *pbSrcPhys)
+{
     uint16_t val;
     STAM_PROFILE_ADV_START(&gStatMemRead, a);
+    STAM_PROFILE_ADV_START(&gStatMemReadHCPtr, a);
     /*
 …
      * ROM is accessed this way, even if it's not part of the RAM.
      */
+    /** @todo This is rather ugly, but there's no other way when we don't wish to touch *many* other files. */
+    uintptr_t off = remR3HCVirt2GCPhys(cpu_single_env, pbSrcPhys);
+    if (off < (uintptr_t)phys_ram_size)
+        val = PGMR3PhysReadWord(cpu_single_env->pVM, (RTGCPHYS)off);
+    else
+    {
+        /* ROM range outside physical RAM, HC address passed directly */
+        Log4(("remR3PhysReadBytes ROM: %p\n", pbSrcPhys));
+        val = *(uint16_t *)pbSrcPhys;
+    }
+    STAM_PROFILE_ADV_STOP(&gStatMemRead, a);
+#ifdef PGM_DYNAMIC_RAM_ALLOC
+    uintptr_t off = remR3HCVirt2GCPhysInlined(cpu_single_env->pVM, pbSrcPhys);
+#else
+    uintptr_t off = pbSrcPhys - phys_ram_base;
+#endif
+    val = PGMR3PhysReadWord(cpu_single_env->pVM, (RTGCPHYS)off);
+    STAM_PROFILE_ADV_STOP(&gStatMemReadHCPtr, a);
     return val;
+}
+/**
+ * Read guest RAM and ROM.
+/**
+ * Read guest RAM and ROM, signed 16-bit.
+ *
  * @param   pbSrcPhys       The source address. Relative to guest RAM.
  */
 int16_t remR3PhysReadSWord(uint8_t *pbSrcPhys)
+int16_t remR3PhysReadHCPtrS16(uint8_t *pbSrcPhys)
+{
     int16_t val;
     STAM_PROFILE_ADV_START(&gStatMemRead, a);
+    STAM_PROFILE_ADV_START(&gStatMemReadHCPtr, a);
     /*
 …
      */
     /** @todo This is rather ugly, but there's no other way when we don't wish to touch *many* other files. */
+    uintptr_t off = remR3HCVirt2GCPhys(cpu_single_env, pbSrcPhys);
+    if (off < (uintptr_t)phys_ram_size)
+        val = PGMR3PhysReadWord(cpu_single_env->pVM, (RTGCPHYS)off);
+    else
+    {
+        /* ROM range outside physical RAM, HC address passed directly */
+        Log4(("remR3PhysReadBytes ROM: %p\n", pbSrcPhys));
+        val = *(int16_t *)pbSrcPhys;
+    }
+    STAM_PROFILE_ADV_STOP(&gStatMemRead, a);
+#ifdef PGM_DYNAMIC_RAM_ALLOC
+    uintptr_t off = remR3HCVirt2GCPhysInlined(cpu_single_env->pVM, pbSrcPhys);
+#else
+    uintptr_t off = pbSrcPhys - phys_ram_base;
+#endif
+    val = PGMR3PhysReadWord(cpu_single_env->pVM, (RTGCPHYS)off);
+    STAM_PROFILE_ADV_STOP(&gStatMemReadHCPtr, a);
     return val;
+}
+/**
+ * Read guest RAM and ROM.
+/**
+ * Read guest RAM and ROM, unsigned 32-bit.
+ *
  * @param   pbSrcPhys       The source address. Relative to guest RAM.
  */
 uint32_t remR3PhysReadULong(uint8_t *pbSrcPhys)
+uint32_t remR3PhysReadHCPtrU32(uint8_t *pbSrcPhys)
+{
     uint32_t val;
     STAM_PROFILE_ADV_START(&gStatMemRead, a);
+    STAM_PROFILE_ADV_START(&gStatMemReadHCPtr, a);
     /*
 …
      * ROM is accessed this way, even if it's not part of the RAM.
      */
+    /** @todo This is rather ugly, but there's no other way when we don't wish to touch *many* other files. */
+    uintptr_t off = remR3HCVirt2GCPhys(cpu_single_env, pbSrcPhys);
+    if (off < (uintptr_t)phys_ram_size)
+        val = PGMR3PhysReadDword(cpu_single_env->pVM, (RTGCPHYS)off);
+    else
+    {
+        /* ROM range outside physical RAM, HC address passed directly */
+        Log4(("remR3PhysReadBytes ROM: %p\n", pbSrcPhys));
+        val = *(uint32_t *)pbSrcPhys;
+    }
+    STAM_PROFILE_ADV_STOP(&gStatMemRead, a);
+#ifdef PGM_DYNAMIC_RAM_ALLOC
+    uintptr_t off = remR3HCVirt2GCPhysInlined(cpu_single_env->pVM, pbSrcPhys);
+#else
+    uintptr_t off = pbSrcPhys - phys_ram_base;
+#endif
+    val = PGMR3PhysReadDword(cpu_single_env->pVM, (RTGCPHYS)off);
+    STAM_PROFILE_ADV_STOP(&gStatMemReadHCPtr, a);
     return val;
+}
+/**
+ * Read guest RAM and ROM.
+/**
+ * Read guest RAM and ROM, signed 32-bit.
+ *
  * @param   pbSrcPhys       The source address. Relative to guest RAM.
  */
 int32_t remR3PhysReadSLong(uint8_t *pbSrcPhys)
+int32_t remR3PhysReadHCPtrS32(uint8_t *pbSrcPhys)
+{
     int32_t val;
     STAM_PROFILE_ADV_START(&gStatMemRead, a);
+    STAM_PROFILE_ADV_START(&gStatMemReadHCPtr, a);
     /*
 …
      * ROM is accessed this way, even if it's not part of the RAM.
      */
+    /** @todo This is rather ugly, but there's no other way when we don't wish to touch *many* other files. */
+    uintptr_t off = remR3HCVirt2GCPhys(cpu_single_env, pbSrcPhys);
+    if (off < (uintptr_t)phys_ram_size)
+        val = PGMR3PhysReadDword(cpu_single_env->pVM, (RTGCPHYS)off);
+    else
+    {
+        /* ROM range outside physical RAM, HC address passed directly */
+        Log4(("remR3PhysReadBytes ROM: %p\n", pbSrcPhys));
+        val = *(int32_t *)pbSrcPhys;
+    }
+    STAM_PROFILE_ADV_STOP(&gStatMemRead, a);
+#ifdef PGM_DYNAMIC_RAM_ALLOC
+    uintptr_t off = remR3HCVirt2GCPhysInlined(cpu_single_env->pVM, pbSrcPhys);
+#else
+    uintptr_t off = pbSrcPhys - phys_ram_base;
+#endif
+    val = PGMR3PhysReadDword(cpu_single_env->pVM, (RTGCPHYS)off);
+    STAM_PROFILE_ADV_STOP(&gStatMemReadHCPtr, a);
     return val;
+}
+/**
+ * Read guest RAM and ROM, unsigned 64-bit.
+ *
+ * @param   pbSrcPhys       The source address. Relative to guest RAM.
+ */
+uint64_t remR3PhysReadHCPtrU64(uint8_t *pbSrcPhys)
+{
+    uint64_t val;
+    STAM_PROFILE_ADV_START(&gStatMemReadHCPtr, a);
+    /*
+     * Calc the physical address ('off') and check that it's within the RAM.
+     * ROM is accessed this way, even if it's not part of the RAM.
+     */
+#ifdef PGM_DYNAMIC_RAM_ALLOC
+    uintptr_t off = remR3HCVirt2GCPhysInlined(cpu_single_env->pVM, pbSrcPhys);
+#else
+    uintptr_t off = pbSrcPhys - phys_ram_base;
+#endif
+    val =            PGMR3PhysReadDword(cpu_single_env->pVM, (RTGCPHYS)off)
+        | ((uint64_t)PGMR3PhysReadDword(cpu_single_env->pVM, (RTGCPHYS)off + 4) << 32); /** @todo fix me! */
+    STAM_PROFILE_ADV_STOP(&gStatMemReadHCPtr, a);
+    return val;
+}
 /**
 …
  * @param   cb              Number of bytes to write
  */
 void remR3PhysWriteBytes(uint8_t *pbDstPhys, const void *pvSrc, unsigned cb)
+{
     STAM_PROFILE_ADV_START(&gStatMemWrite, a);
+void remR3PhysWriteHCPtr(uint8_t *pbDstPhys, const void *pvSrc, unsigned cb)
+{
+    STAM_PROFILE_ADV_START(&gStatMemWriteHCPtr, a);
     /*
      * Calc the physical address ('off') and check that it's within the RAM.
      */
+    uintptr_t off = remR3HCVirt2GCPhys(cpu_single_env, pbDstPhys);
+    if (off < (uintptr_t)phys_ram_size)
+        PGMPhysWrite(cpu_single_env->pVM, (RTGCPHYS)off, pvSrc, cb);
+    else
+        AssertMsgFailed(("pbDstPhys=%p off=%p cb=%d\n", pbDstPhys, off, cb));
+    STAM_PROFILE_ADV_STOP(&gStatMemWrite, a);
+}
+/**
+ * Write guest RAM.
+#ifdef PGM_DYNAMIC_RAM_ALLOC
+    uintptr_t off = remR3HCVirt2GCPhysInlined(cpu_single_env->pVM, pbDstPhys);
+#else
+    uintptr_t off = pbDstPhys - phys_ram_base;
+#endif
+    PGMPhysWrite(cpu_single_env->pVM, (RTGCPHYS)off, pvSrc, cb);
+    STAM_PROFILE_ADV_STOP(&gStatMemWriteHCPtr, a);
+}
+/**
+ * Write guest RAM, unsigned 8-bit.
+ *
  * @param   pbDstPhys       The destination address. Relative to guest RAM.
  * @param   val             Value
  */
 void remR3PhysWriteByte(uint8_t *pbDstPhys, uint8_t val)
+{
     STAM_PROFILE_ADV_START(&gStatMemWrite, a);
+void remR3PhysWriteHCPtrU8(uint8_t *pbDstPhys, uint8_t val)
+{
+    STAM_PROFILE_ADV_START(&gStatMemWriteHCPtr, a);
     /*
      * Calc the physical address ('off') and check that it's within the RAM.
      */
+    uintptr_t off = remR3HCVirt2GCPhys(cpu_single_env, pbDstPhys);
+    if (off < (uintptr_t)phys_ram_size)
+        PGMR3PhysWriteByte(cpu_single_env->pVM, (RTGCPHYS)off, val);
+    else
+        AssertMsgFailed(("pbDstPhys=%p off=%p cb=%d\n", pbDstPhys, off, 1));
+    STAM_PROFILE_ADV_STOP(&gStatMemWrite, a);
+}
+/**
+ * Write guest RAM.
+#ifdef PGM_DYNAMIC_RAM_ALLOC
+    uintptr_t off = remR3HCVirt2GCPhysInlined(cpu_single_env->pVM, pbDstPhys);
+#else
+    uintptr_t off = pbDstPhys - phys_ram_base;
+#endif
+    PGMR3PhysWriteByte(cpu_single_env->pVM, (RTGCPHYS)off, val);
+    STAM_PROFILE_ADV_STOP(&gStatMemWriteHCPtr, a);
+}
+/**
+ * Write guest RAM, unsigned 16-bit.
+ *
  * @param   pbDstPhys       The destination address. Relative to guest RAM.
  * @param   val             Value
  */
 void remR3PhysWriteWord(uint8_t *pbDstPhys, uint16_t val)
+{
     STAM_PROFILE_ADV_START(&gStatMemWrite, a);
+void remR3PhysWriteHCPtrU16(uint8_t *pbDstPhys, uint16_t val)
+{
+    STAM_PROFILE_ADV_START(&gStatMemWriteHCPtr, a);
     /*
      * Calc the physical address ('off') and check that it's within the RAM.
      */
+    uintptr_t off = remR3HCVirt2GCPhys(cpu_single_env, pbDstPhys);
+    if (off < (uintptr_t)phys_ram_size)
+        PGMR3PhysWriteWord(cpu_single_env->pVM, (RTGCPHYS)off, val);
+    else
+        AssertMsgFailed(("pbDstPhys=%p off=%p cb=%d\n", pbDstPhys, off, 2));
+    STAM_PROFILE_ADV_STOP(&gStatMemWrite, a);
+}
+/**
+ * Write guest RAM.
+#ifdef PGM_DYNAMIC_RAM_ALLOC
+    uintptr_t off = remR3HCVirt2GCPhysInlined(cpu_single_env->pVM, pbDstPhys);
+#else
+    uintptr_t off = pbDstPhys - phys_ram_base;
+#endif
+    PGMR3PhysWriteWord(cpu_single_env->pVM, (RTGCPHYS)off, val);
+    STAM_PROFILE_ADV_STOP(&gStatMemWriteHCPtr, a);
+}
+/**
+ * Write guest RAM, unsigned 32-bit.
+ *
  * @param   pbDstPhys       The destination address. Relative to guest RAM.
  * @param   val             Value
  */
 void remR3PhysWriteDword(uint8_t *pbDstPhys, uint32_t val)
+{
     STAM_PROFILE_ADV_START(&gStatMemWrite, a);
+void remR3PhysWriteHCPtrU32(uint8_t *pbDstPhys, uint32_t val)
+{
+    STAM_PROFILE_ADV_START(&gStatMemWriteHCPtr, a);
     /*
      * Calc the physical address ('off') and check that it's within the RAM.
      */
+    uintptr_t off = remR3HCVirt2GCPhys(cpu_single_env, pbDstPhys);
+    if (off < (uintptr_t)phys_ram_size)
+        PGMR3PhysWriteDword(cpu_single_env->pVM, (RTGCPHYS)off, val);
+    else
+        AssertMsgFailed(("pbDstPhys=%p off=%p cb=%d\n", pbDstPhys, off, 4));
+    STAM_PROFILE_ADV_STOP(&gStatMemWrite, a);
+}
+#ifdef PGM_DYNAMIC_RAM_ALLOC
+    uintptr_t off = remR3HCVirt2GCPhysInlined(cpu_single_env->pVM, pbDstPhys);
+#else
+    uintptr_t off = pbDstPhys - phys_ram_base;
+#endif
+    PGMR3PhysWriteDword(cpu_single_env->pVM, (RTGCPHYS)off, val);
+    STAM_PROFILE_ADV_STOP(&gStatMemWriteHCPtr, a);
+}
+/**
+ * Write guest RAM, unsigned 64-bit.
+ *
+ * @param   pbDstPhys       The destination address. Relative to guest RAM.
+ * @param   val             Value
+ */
+void remR3PhysWriteHCPtrU64(uint8_t *pbDstPhys, uint64_t val)
+{
+    STAM_PROFILE_ADV_START(&gStatMemWriteHCPtr, a);
+    /*
+     * Calc the physical address ('off') and check that it's within the RAM.
+     */
+#ifdef PGM_DYNAMIC_RAM_ALLOC
+    uintptr_t off = remR3HCVirt2GCPhysInlined(cpu_single_env->pVM, pbDstPhys);
+#else
+    uintptr_t off = pbDstPhys - phys_ram_base;
+#endif
+    PGMR3PhysWriteDword(cpu_single_env->pVM, (RTGCPHYS)off, (uint32_t)val); /** @todo add U64 interface. */
+    PGMR3PhysWriteDword(cpu_single_env->pVM, (RTGCPHYS)off + 4, val >> 32);
+    STAM_PROFILE_ADV_STOP(&gStatMemWriteHCPtr, a);
+}
+#endif /* !REM_PHYS_ADDR_IN_TLB */
 …
+    {
         /* physical address */
         int rc = PGMPhysGCPhys2HCPtr(env->pVM, (RTGCPHYS)GCPtrPC, nrInstructions*16, &pvPC);
+        int rc = PGMPhysGCPhys2HCPtr(env->pVM, (RTGCPHYS)GCPtrPC, nrInstructions * 16, &pvPC);
         if (VBOX_FAILURE(rc))
             return false;
 …
         for (;;)
+        {
             char    szBuf[256];
             size_t  cbInstr;
+            char        szBuf[256];
+            uint32_t    cbInstr;
             int rc = DBGFR3DisasInstrEx(pVM,
                                         cs,
 …
 uint64_t cpu_get_tsc(CPUX86State *env)
+{
+    STAM_COUNTER_INC(&gStatCpuGetTSC);
     return TMCpuTickGet(env->pVM);
+}
 …
     };
     uint32_t    uEAX;
-#ifndef DEBUG_bird
     if (!LogIsEnabled())
         return;
-#endif
     uEAX = CPUMGetGuestEAX(pVM);
     switch (uEAX)
 …
+    }
+}
+#if defined(IPRT_NO_CRT) && defined(__WIN__) && defined(__X86__)
+/**
+ * The Dll main entry point (stub).
+ */
+bool __stdcall _DllMainCRTStartup(void *hModule, uint32_t dwReason, void *pvReserved)
+{
+    return true;
+}
+void *memcpy(void *dst, const void *src, size_t size)
+{
+    uint8_t*pbDst = dst, *pbSrc = src;
+    while (size-- > 0)
+        *pbDst++ = *pbSrc++;
+    return dst;
+}
+#endif

trunk/src/recompiler/a.out.h

-              r1
+              r2422
 #define E_DIMNUM        4       /* # array dimensions in auxiliary entry */
+#pragma pack(1)
+struct external_syment
+struct __attribute__((packed)) external_syment
+{
   union {
 …
   char e_numaux[1];
 };
-#pragma pack()
 #define N_BTMASK        (0xf)

trunk/src/recompiler/bswap.h

-              r1
+              r2422
 #else
 #define bswap_16(x) \
+#define bswap_16(x) __extension__ /* <- VBOX */ \
 ({ \
         uint16_t __x = (x); \
 …
 })
 #define bswap_32(x) \
+#define bswap_32(x) __extension__ /* <- VBOX */ \
 ({ \
         uint32_t __x = (x); \
 …
 })
 #define bswap_64(x) \
+#define bswap_64(x) __extension__ /* <- VBOX */ \
 ({ \
         uint64_t __x = (x); \

trunk/src/recompiler/cpu-all.h

-              r55
+              r2422
 #define CPU_ALL_H
+#ifdef VBOX
+# ifndef LOG_GROUP
+#  include <VBox/log.h>
+#  define LOG_GROUP LOG_GROUP_REM
+# endif
+# include <VBox/pgm.h> /* PGM_DYNAMIC_RAM_ALLOC */
+#endif
 #if defined(__arm__) || defined(__sparc__)
 #define WORDS_ALIGNED
 …
 #define tswapl(s) tswap32(s)
 #define tswapls(s) tswap32s((uint32_t *)(s))
+#define bswaptls(s) bswap32s(s)
 #else
 #define tswapl(s) tswap64(s)
 #define tswapls(s) tswap64s((uint64_t *)(s))
+#define bswaptls(s) bswap64s(s)
 #endif
 …
    endian ! */
 typedef union {
+    double d;
+#if defined(WORDS_BIGENDIAN) || (defined(__arm__) && !defined(__VFP_FP__))
+    float64 d;
+#if defined(WORDS_BIGENDIAN) \
+    || (defined(__arm__) && !defined(__VFP_FP__) && !defined(CONFIG_SOFTFLOAT))
     struct {
         uint32_t upper;
 …
 #ifdef VBOX
+#if !defined(REMR3PHYSREADWRITE_DEFINED)
+#define REMR3PHYSREADWRITE_DEFINED
+/* Header sharing between vbox & qemu is rather ugly. */
+void     remR3PhysReadBytes(uint8_t *pbSrcPhys, void *pvDst, unsigned cb);
+uint8_t  remR3PhysReadUByte(uint8_t *pbSrcPhys);
+int8_t   remR3PhysReadSByte(uint8_t *pbSrcPhys);
+uint16_t remR3PhysReadUWord(uint8_t *pbSrcPhys);
+int16_t  remR3PhysReadSWord(uint8_t *pbSrcPhys);
+uint32_t remR3PhysReadULong(uint8_t *pbSrcPhys);
+int32_t  remR3PhysReadSLong(uint8_t *pbSrcPhys);
+void     remR3PhysWriteBytes(uint8_t *pbDstPhys, const void *pvSrc, unsigned cb);
+void     remR3PhysWriteByte(uint8_t *pbDstPhys, uint8_t val);
+void     remR3PhysWriteWord(uint8_t *pbDstPhys, uint16_t val);
+void     remR3PhysWriteDword(uint8_t *pbDstPhys, uint32_t val);
+void     remR3PhysRead(RTGCPHYS SrcGCPhys, void *pvDst, unsigned cb);
+uint8_t  remR3PhysReadU8(RTGCPHYS SrcGCPhys);
+int8_t   remR3PhysReadS8(RTGCPHYS SrcGCPhys);
+uint16_t remR3PhysReadU16(RTGCPHYS SrcGCPhys);
+int16_t  remR3PhysReadS16(RTGCPHYS SrcGCPhys);
+uint32_t remR3PhysReadU32(RTGCPHYS SrcGCPhys);
+int32_t  remR3PhysReadS32(RTGCPHYS SrcGCPhys);
+uint64_t remR3PhysReadU64(RTGCPHYS SrcGCPhys);
+int64_t  remR3PhysReadS64(RTGCPHYS SrcGCPhys);
+void     remR3PhysWrite(RTGCPHYS DstGCPhys, const void *pvSrc, unsigned cb);
+void     remR3PhysWriteU8(RTGCPHYS DstGCPhys, uint8_t val);
+void     remR3PhysWriteU16(RTGCPHYS DstGCPhys, uint16_t val);
+void     remR3PhysWriteU32(RTGCPHYS DstGCPhys, uint32_t val);
+void     remR3PhysWriteU64(RTGCPHYS DstGCPhys, uint64_t val);
+#ifndef REM_PHYS_ADDR_IN_TLB
+void     remR3PhysReadHCPtr(uint8_t *pbSrcPhys, void *pvDst, unsigned cb);
+uint8_t  remR3PhysReadHCPtrU8(uint8_t *pbSrcPhys);
+int8_t   remR3PhysReadHCPtrS8(uint8_t *pbSrcPhys);
+uint16_t remR3PhysReadHCPtrU16(uint8_t *pbSrcPhys);
+int16_t  remR3PhysReadHCPtrS16(uint8_t *pbSrcPhys);
+uint32_t remR3PhysReadHCPtrU32(uint8_t *pbSrcPhys);
+int32_t  remR3PhysReadHCPtrS32(uint8_t *pbSrcPhys);
+uint64_t remR3PhysReadHCPtrU64(uint8_t *pbSrcPhys);
+int64_t  remR3PhysReadHCPtrS64(uint8_t *pbSrcPhys);
+void     remR3PhysWriteHCPtr(uint8_t *pbDstPhys, const void *pvSrc, unsigned cb);
+void     remR3PhysWriteHCPtrU8(uint8_t *pbDstPhys, uint8_t val);
+void     remR3PhysWriteHCPtrU16(uint8_t *pbDstPhys, uint16_t val);
+void     remR3PhysWriteHCPtrU32(uint8_t *pbDstPhys, uint32_t val);
+void     remR3PhysWriteHCPtrU64(uint8_t *pbDstPhys, uint64_t val);
+#endif
+#ifdef PGM_DYNAMIC_RAM_ALLOC
+# ifndef REM_PHYS_ADDR_IN_TLB
 void    *remR3GCPhys2HCVirt(void *env, target_ulong addr);
 target_ulong remR3HCVirt2GCPhys(void *env, void *addr);
+# endif
 void     remR3GrowDynRange(unsigned long physaddr);
 #endif
+#if 0 /*defined(__AMD64__) && defined(VBOX_STRICT)*/
+# define VBOX_CHECK_ADDR(ptr) do { if ((uintptr_t)(ptr) >= _4G) __asm__("int3"); } while (0)
+#else
+# define VBOX_CHECK_ADDR(ptr) do { } while (0)
+#endif
 static inline int ldub_p(void *ptr)
+{
+    return remR3PhysReadUByte(ptr);
+#ifdef REM_PHYS_ADDR_IN_TLB
+    VBOX_CHECK_ADDR(ptr);
+    return remR3PhysReadU8((uintptr_t)ptr);
+#else
+    return remR3PhysReadHCPtrU8(ptr);
+#endif
+}
 static inline int ldsb_p(void *ptr)
+{
+    return remR3PhysReadSByte(ptr);
+#ifdef REM_PHYS_ADDR_IN_TLB
+    VBOX_CHECK_ADDR(ptr);
+    return remR3PhysReadS8((uintptr_t)ptr);
+#else
+    return remR3PhysReadHCPtrS8(ptr);
+#endif
+}
 static inline void stb_p(void *ptr, int v)
+{
+    remR3PhysWriteByte(ptr, v);
+}
+#else
+#ifdef REM_PHYS_ADDR_IN_TLB
+    VBOX_CHECK_ADDR(ptr);
+    remR3PhysWriteU8((uintptr_t)ptr, v);
+#else
+    remR3PhysWriteHCPtrU8(ptr, v);
+#endif
+}
+static inline int lduw_le_p(void *ptr)
+{
+#ifdef REM_PHYS_ADDR_IN_TLB
+    VBOX_CHECK_ADDR(ptr);
+    return remR3PhysReadU16((uintptr_t)ptr);
+#else
+    return remR3PhysReadHCPtrU16(ptr);
+#endif
+}
+static inline int ldsw_le_p(void *ptr)
+{
+#ifdef REM_PHYS_ADDR_IN_TLB
+    VBOX_CHECK_ADDR(ptr);
+    return remR3PhysReadS16((uintptr_t)ptr);
+#else
+    return remR3PhysReadHCPtrS16(ptr);
+#endif
+}
+static inline void stw_le_p(void *ptr, int v)
+{
+#ifdef REM_PHYS_ADDR_IN_TLB
+    VBOX_CHECK_ADDR(ptr);
+    remR3PhysWriteU16((uintptr_t)ptr, v);
+#else
+    remR3PhysWriteHCPtrU16(ptr, v);
+#endif
+}
+static inline int ldl_le_p(void *ptr)
+{
+#ifdef REM_PHYS_ADDR_IN_TLB
+    VBOX_CHECK_ADDR(ptr);
+    return remR3PhysReadU32((uintptr_t)ptr);
+#else
+    return remR3PhysReadHCPtrU32(ptr);
+#endif
+}
+static inline void stl_le_p(void *ptr, int v)
+{
+#ifdef REM_PHYS_ADDR_IN_TLB
+    VBOX_CHECK_ADDR(ptr);
+    remR3PhysWriteU32((uintptr_t)ptr, v);
+#else
+    remR3PhysWriteHCPtrU32(ptr, v);
+#endif
+}
+static inline void stq_le_p(void *ptr, uint64_t v)
+{
+#ifdef REM_PHYS_ADDR_IN_TLB
+    VBOX_CHECK_ADDR(ptr);
+    remR3PhysWriteU64((uintptr_t)ptr, v);
+#else
+    remR3PhysWriteHCPtrU64(ptr, v);
+#endif
+}
+static inline uint64_t ldq_le_p(void *ptr)
+{
+#ifdef REM_PHYS_ADDR_IN_TLB
+    VBOX_CHECK_ADDR(ptr);
+    return remR3PhysReadU64((uintptr_t)ptr);
+#else
+    return remR3PhysReadHCPtrU64(ptr);
+#endif
+}
+#undef VBOX_CHECK_ADDR
+/* float access */
+static inline float32 ldfl_le_p(void *ptr)
+{
+    union {
+        float32 f;
+        uint32_t i;
+    } u;
+    u.i = ldl_le_p(ptr);
+    return u.f;
+}
+static inline void stfl_le_p(void *ptr, float32 v)
+{
+    union {
+        float32 f;
+        uint32_t i;
+    } u;
+    u.f = v;
+    stl_le_p(ptr, u.i);
+}
+static inline float64 ldfq_le_p(void *ptr)
+{
+    CPU_DoubleU u;
+    u.l.lower = ldl_le_p(ptr);
+    u.l.upper = ldl_le_p(ptr + 4);
+    return u.d;
+}
+static inline void stfq_le_p(void *ptr, float64 v)
+{
+    CPU_DoubleU u;
+    u.d = v;
+    stl_le_p(ptr, u.l.lower);
+    stl_le_p(ptr + 4, u.l.upper);
+}
+#else  /* !VBOX */
 static inline int ldub_p(void *ptr)
+{
 …
     *(uint8_t *)ptr = v;
+}
-#endif
 /* NOTE: on arm, putting 2 in /proc/sys/debug/alignment so that the
    kernel handles unaligned load/stores may give better results, but
    it is a system wide setting : bad */
+#if !defined(TARGET_WORDS_BIGENDIAN) && (defined(WORDS_BIGENDIAN) || defined(WORDS_ALIGNED))
+#if defined(WORDS_BIGENDIAN) || defined(WORDS_ALIGNED)
 /* conservative code for little endian unaligned accesses */
 static inline int lduw_p(void *ptr)
+static inline int lduw_le_p(void *ptr)
+{
 #ifdef __powerpc__
 …
+}
 static inline int ldsw_p(void *ptr)
+static inline int ldsw_le_p(void *ptr)
+{
 #ifdef __powerpc__
 …
+}
 static inline int ldl_p(void *ptr)
+static inline int ldl_le_p(void *ptr)
+{
 #ifdef __powerpc__
 …
+}
 static inline uint64_t ldq_p(void *ptr)
+static inline uint64_t ldq_le_p(void *ptr)
+{
     uint8_t *p = ptr;
     uint32_t v1, v2;
     v1 = ldl_p(p);
     v2 = ldl_p(p + 4);
+    v1 = ldl_le_p(p);
+    v2 = ldl_le_p(p + 4);
     return v1 | ((uint64_t)v2 << 32);
+}
 static inline void stw_p(void *ptr, int v)
+static inline void stw_le_p(void *ptr, int v)
+{
 #ifdef __powerpc__
 …
+}
 static inline void stl_p(void *ptr, int v)
+static inline void stl_le_p(void *ptr, int v)
+{
 #ifdef __powerpc__
 …
+}
 static inline void stq_p(void *ptr, uint64_t v)
+static inline void stq_le_p(void *ptr, uint64_t v)
+{
     uint8_t *p = ptr;
     stl_p(p, (uint32_t)v);
     stl_p(p + 4, v >> 32);
+    stl_le_p(p, (uint32_t)v);
+    stl_le_p(p + 4, v >> 32);
+}
 /* float access */
 static inline float ldfl_p(void *ptr)
+static inline float32 ldfl_le_p(void *ptr)
+{
     union {
         float f;
+        float32 f;
         uint32_t i;
     } u;
     u.i = ldl_p(ptr);
+    u.i = ldl_le_p(ptr);
     return u.f;
+}
 static inline void stfl_p(void *ptr, float v)
+static inline void stfl_le_p(void *ptr, float32 v)
+{
     union {
         float f;
+        float32 f;
         uint32_t i;
     } u;
     u.f = v;
     stl_p(ptr, u.i);
+}
 static inline double ldfq_p(void *ptr)
+    stl_le_p(ptr, u.i);
+}
+static inline float64 ldfq_le_p(void *ptr)
+{
     CPU_DoubleU u;
     u.l.lower = ldl_p(ptr);
     u.l.upper = ldl_p(ptr + 4);
+    u.l.lower = ldl_le_p(ptr);
+    u.l.upper = ldl_le_p(ptr + 4);
     return u.d;
+}
 static inline void stfq_p(void *ptr, double v)
+static inline void stfq_le_p(void *ptr, float64 v)
+{
     CPU_DoubleU u;
     u.d = v;
+    stl_p(ptr, u.l.lower);
+    stl_p(ptr + 4, u.l.upper);
+}
+#elif defined(TARGET_WORDS_BIGENDIAN) && (!defined(WORDS_BIGENDIAN) || defined(WORDS_ALIGNED))
+static inline int lduw_p(void *ptr)
+    stl_le_p(ptr, u.l.lower);
+    stl_le_p(ptr + 4, u.l.upper);
+}
+#else
+static inline int lduw_le_p(void *ptr)
+{
+    return *(uint16_t *)ptr;
+}
+static inline int ldsw_le_p(void *ptr)
+{
+    return *(int16_t *)ptr;
+}
+static inline int ldl_le_p(void *ptr)
+{
+    return *(uint32_t *)ptr;
+}
+static inline uint64_t ldq_le_p(void *ptr)
+{
+    return *(uint64_t *)ptr;
+}
+static inline void stw_le_p(void *ptr, int v)
+{
+    *(uint16_t *)ptr = v;
+}
+static inline void stl_le_p(void *ptr, int v)
+{
+    *(uint32_t *)ptr = v;
+}
+static inline void stq_le_p(void *ptr, uint64_t v)
+{
+    *(uint64_t *)ptr = v;
+}
+/* float access */
+static inline float32 ldfl_le_p(void *ptr)
+{
+    return *(float32 *)ptr;
+}
+static inline float64 ldfq_le_p(void *ptr)
+{
+    return *(float64 *)ptr;
+}
+static inline void stfl_le_p(void *ptr, float32 v)
+{
+    *(float32 *)ptr = v;
+}
+static inline void stfq_le_p(void *ptr, float64 v)
+{
+    *(float64 *)ptr = v;
+}
+#endif
+#endif /* !VBOX */
+#if !defined(WORDS_BIGENDIAN) || defined(WORDS_ALIGNED)
+static inline int lduw_be_p(void *ptr)
+{
 #if defined(__i386__)
 …
+}
 static inline int ldsw_p(void *ptr)
+static inline int ldsw_be_p(void *ptr)
+{
 #if defined(__i386__)
 …
+}
 static inline int ldl_p(void *ptr)
+static inline int ldl_be_p(void *ptr)
+{
 #if defined(__i386__) || defined(__x86_64__)
 …
+}
 static inline uint64_t ldq_p(void *ptr)
+static inline uint64_t ldq_be_p(void *ptr)
+{
     uint32_t a,b;
     a = ldl_p(ptr);
     b = ldl_p(ptr+4);
+    a = ldl_be_p(ptr);
+    b = ldl_be_p(ptr+4);
     return (((uint64_t)a<<32)|b);
+}
 static inline void stw_p(void *ptr, int v)
+static inline void stw_be_p(void *ptr, int v)
+{
 #if defined(__i386__)
 …
+}
 static inline void stl_p(void *ptr, int v)
+static inline void stl_be_p(void *ptr, int v)
+{
 #if defined(__i386__) || defined(__x86_64__)
 …
+}
 static inline void stq_p(void *ptr, uint64_t v)
+{
     stl_p(ptr, v >> 32);
     stl_p(ptr + 4, v);
+static inline void stq_be_p(void *ptr, uint64_t v)
+{
+    stl_be_p(ptr, v >> 32);
+    stl_be_p(ptr + 4, v);
+}
 /* float access */
 static inline float ldfl_p(void *ptr)
+static inline float32 ldfl_be_p(void *ptr)
+{
     union {
         float f;
+        float32 f;
         uint32_t i;
     } u;
     u.i = ldl_p(ptr);
+    u.i = ldl_be_p(ptr);
     return u.f;
+}
 static inline void stfl_p(void *ptr, float v)
+static inline void stfl_be_p(void *ptr, float32 v)
+{
     union {
         float f;
+        float32 f;
         uint32_t i;
     } u;
     u.f = v;
     stl_p(ptr, u.i);
+}
 static inline double ldfq_p(void *ptr)
+    stl_be_p(ptr, u.i);
+}
+static inline float64 ldfq_be_p(void *ptr)
+{
     CPU_DoubleU u;
     u.l.upper = ldl_p(ptr);
     u.l.lower = ldl_p(ptr + 4);
+    u.l.upper = ldl_be_p(ptr);
+    u.l.lower = ldl_be_p(ptr + 4);
     return u.d;
+}
 static inline void stfq_p(void *ptr, double v)
+static inline void stfq_be_p(void *ptr, float64 v)
+{
     CPU_DoubleU u;
     u.d = v;
+    stl_p(ptr, u.l.upper);
+    stl_p(ptr + 4, u.l.lower);
+}
+#else
+#ifdef VBOX
+static inline int lduw_p(void *ptr)
+{
+    return remR3PhysReadUWord(ptr);
+}
+static inline int ldsw_p(void *ptr)
+{
+    return remR3PhysReadSWord(ptr);
+}
+static inline int ldl_p(void *ptr)
+{
+    return remR3PhysReadULong(ptr);
+}
+static inline uint64_t ldq_p(void *ptr)
+{
+    uint64_t val;
+    remR3PhysReadBytes(ptr, &val, sizeof(val));
+    return val;
+}
+static inline void stw_p(void *ptr, int v)
+{
+    remR3PhysWriteWord(ptr, (uint16_t)v);
+}
+static inline void stl_p(void *ptr, int v)
+{
+    remR3PhysWriteDword(ptr, (uint32_t)v);
+}
+static inline void stq_p(void *ptr, uint64_t v)
+{
+    remR3PhysWriteBytes(ptr, &v, sizeof(v));
+    stl_be_p(ptr, u.l.upper);
+    stl_be_p(ptr + 4, u.l.lower);
+}
+#else
+static inline int lduw_be_p(void *ptr)
+{
+    return *(uint16_t *)ptr;
+}
+static inline int ldsw_be_p(void *ptr)
+{
+    return *(int16_t *)ptr;
+}
+static inline int ldl_be_p(void *ptr)
+{
+    return *(uint32_t *)ptr;
+}
+static inline uint64_t ldq_be_p(void *ptr)
+{
+    return *(uint64_t *)ptr;
+}
+static inline void stw_be_p(void *ptr, int v)
+{
+    *(uint16_t *)ptr = v;
+}
+static inline void stl_be_p(void *ptr, int v)
+{
+    *(uint32_t *)ptr = v;
+}
+static inline void stq_be_p(void *ptr, uint64_t v)
+{
+    *(uint64_t *)ptr = v;
+}
 /* float access */
+static inline float ldfl_p(void *ptr)
+{
+    float val;
+    remR3PhysReadBytes(ptr, &val, sizeof(val));
+    return val;
+}
+static inline double ldfq_p(void *ptr)
+{
+    double val;
+    remR3PhysReadBytes(ptr, &val, sizeof(val));
+    return val;
+}
+static inline void stfl_p(void *ptr, float v)
+{
+    remR3PhysWriteBytes(ptr, &v, sizeof(v));
+}
+static inline void stfq_p(void *ptr, double v)
+{
+    remR3PhysWriteBytes(ptr, &v, sizeof(v));
+}
+#else
+static inline int lduw_p(void *ptr)
+{
+    return *(uint16_t *)ptr;
+}
+static inline int ldsw_p(void *ptr)
+{
+    return *(int16_t *)ptr;
+}
+static inline int ldl_p(void *ptr)
+{
+    return *(uint32_t *)ptr;
+}
+static inline uint64_t ldq_p(void *ptr)
+{
+    return *(uint64_t *)ptr;
+}
+static inline void stw_p(void *ptr, int v)
+{
+    *(uint16_t *)ptr = v;
+}
+static inline void stl_p(void *ptr, int v)
+{
+    *(uint32_t *)ptr = v;
+}
+static inline void stq_p(void *ptr, uint64_t v)
+{
+    *(uint64_t *)ptr = v;
+}
+/* float access */
+static inline float ldfl_p(void *ptr)
+{
+    return *(float *)ptr;
+}
+static inline double ldfq_p(void *ptr)
+{
+    return *(double *)ptr;
+}
+static inline void stfl_p(void *ptr, float v)
+{
+    *(float *)ptr = v;
+}
+static inline void stfq_p(void *ptr, double v)
+{
+    *(double *)ptr = v;
+}
+#endif /* VBOX */
+static inline float32 ldfl_be_p(void *ptr)
+{
+    return *(float32 *)ptr;
+}
+static inline float64 ldfq_be_p(void *ptr)
+{
+    return *(float64 *)ptr;
+}
+static inline void stfl_be_p(void *ptr, float32 v)
+{
+    *(float32 *)ptr = v;
+}
+static inline void stfq_be_p(void *ptr, float64 v)
+{
+    *(float64 *)ptr = v;
+}
+#endif
+/* target CPU memory access functions */
+#if defined(TARGET_WORDS_BIGENDIAN)
+#define lduw_p(p) lduw_be_p(p)
+#define ldsw_p(p) ldsw_be_p(p)
+#define ldl_p(p) ldl_be_p(p)
+#define ldq_p(p) ldq_be_p(p)
+#define ldfl_p(p) ldfl_be_p(p)
+#define ldfq_p(p) ldfq_be_p(p)
+#define stw_p(p, v) stw_be_p(p, v)
+#define stl_p(p, v) stl_be_p(p, v)
+#define stq_p(p, v) stq_be_p(p, v)
+#define stfl_p(p, v) stfl_be_p(p, v)
+#define stfq_p(p, v) stfq_be_p(p, v)
+#else
+#define lduw_p(p) lduw_le_p(p)
+#define ldsw_p(p) ldsw_le_p(p)
+#define ldl_p(p) ldl_le_p(p)
+#define ldq_p(p) ldq_le_p(p)
+#define ldfl_p(p) ldfl_le_p(p)
+#define ldfq_p(p) ldfq_le_p(p)
+#define stw_p(p, v) stw_le_p(p, v)
+#define stl_p(p, v) stl_le_p(p, v)
+#define stq_p(p, v) stq_le_p(p, v)
+#define stfl_p(p, v) stfl_le_p(p, v)
+#define stfq_p(p, v) stfq_le_p(p, v)
 #endif
 /* MMU memory access macros */
+#if defined(CONFIG_USER_ONLY)
+/* On some host systems the guest address space is reserved on the host.
+ * This allows the guest address space to be offset to a convenient location.
+ */
+//#define GUEST_BASE 0x20000000
+#define GUEST_BASE 0
+/* All direct uses of g2h and h2g need to go away for usermode softmmu.  */
+#define g2h(x) ((void *)((unsigned long)(x) + GUEST_BASE))
+#define h2g(x) ((target_ulong)(x - GUEST_BASE))
+#define saddr(x) g2h(x)
+#define laddr(x) g2h(x)
+#else /* !CONFIG_USER_ONLY */
 /* NOTE: we use double casts if pointers and target_ulong have
    different sizes */
+#define ldub_raw(p) ldub_p((uint8_t *)(long)(p))
+#define ldsb_raw(p) ldsb_p((uint8_t *)(long)(p))
+#define lduw_raw(p) lduw_p((uint8_t *)(long)(p))
+#define ldsw_raw(p) ldsw_p((uint8_t *)(long)(p))
+#define ldl_raw(p) ldl_p((uint8_t *)(long)(p))
+#define ldq_raw(p) ldq_p((uint8_t *)(long)(p))
+#define ldfl_raw(p) ldfl_p((uint8_t *)(long)(p))
+#define ldfq_raw(p) ldfq_p((uint8_t *)(long)(p))
+#define stb_raw(p, v) stb_p((uint8_t *)(long)(p), v)
+#define stw_raw(p, v) stw_p((uint8_t *)(long)(p), v)
+#define stl_raw(p, v) stl_p((uint8_t *)(long)(p), v)
+#define stq_raw(p, v) stq_p((uint8_t *)(long)(p), v)
+#define stfl_raw(p, v) stfl_p((uint8_t *)(long)(p), v)
+#define stfq_raw(p, v) stfq_p((uint8_t *)(long)(p), v)
+#define saddr(x) (uint8_t *)(long)(x)
+#define laddr(x) (uint8_t *)(long)(x)
+#endif
+#define ldub_raw(p) ldub_p(laddr((p)))
+#define ldsb_raw(p) ldsb_p(laddr((p)))
+#define lduw_raw(p) lduw_p(laddr((p)))
+#define ldsw_raw(p) ldsw_p(laddr((p)))
+#define ldl_raw(p) ldl_p(laddr((p)))
+#define ldq_raw(p) ldq_p(laddr((p)))
+#define ldfl_raw(p) ldfl_p(laddr((p)))
+#define ldfq_raw(p) ldfq_p(laddr((p)))
+#define stb_raw(p, v) stb_p(saddr((p)), v)
+#define stw_raw(p, v) stw_p(saddr((p)), v)
+#define stl_raw(p, v) stl_p(saddr((p)), v)
+#define stq_raw(p, v) stq_p(saddr((p)), v)
+#define stfl_raw(p, v) stfl_p(saddr((p)), v)
+#define stfq_raw(p, v) stfq_p(saddr((p)), v)
 …
 #define TARGET_PAGE_ALIGN(addr) (((addr) + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK)
+/* ??? These should be the larger of unsigned long and target_ulong.  */
 extern unsigned long qemu_real_host_page_size;
 extern unsigned long qemu_host_page_bits;
 …
 void page_dump(FILE *f);
 int page_get_flags(unsigned long address);
 void page_set_flags(unsigned long start, unsigned long end, int flags);
 void page_unprotect_range(uint8_t *data, unsigned long data_size);
+int page_get_flags(target_ulong address);
+void page_set_flags(target_ulong start, target_ulong end, int flags);
+void page_unprotect_range(target_ulong data, target_ulong data_size);
 #define SINGLE_CPU_DEFINES
 …
 #define cpu_signal_handler cpu_ppc_signal_handler
+#elif defined(TARGET_M68K)
+#define CPUState CPUM68KState
+#define cpu_init cpu_m68k_init
+#define cpu_exec cpu_m68k_exec
+#define cpu_gen_code cpu_m68k_gen_code
+#define cpu_signal_handler cpu_m68k_signal_handler
+#elif defined(TARGET_MIPS)
+#define CPUState CPUMIPSState
+#define cpu_init cpu_mips_init
+#define cpu_exec cpu_mips_exec
+#define cpu_gen_code cpu_mips_gen_code
+#define cpu_signal_handler cpu_mips_signal_handler
+#elif defined(TARGET_SH4)
+#define CPUState CPUSH4State
+#define cpu_init cpu_sh4_init
+#define cpu_exec cpu_sh4_exec
+#define cpu_gen_code cpu_sh4_gen_code
+#define cpu_signal_handler cpu_sh4_signal_handler
 #else
 …
 void cpu_abort(CPUState *env, const char *fmt, ...);
+extern CPUState *first_cpu;
 extern CPUState *cpu_single_env;
 extern int code_copy_enabled;
 …
 #define CPU_INTERRUPT_EXITTB 0x04 /* exit the current TB (use for x86 a20 case) */
 #define CPU_INTERRUPT_TIMER  0x08 /* internal timer exception pending */
+#define CPU_INTERRUPT_FIQ    0x10 /* Fast interrupt pending.  */
+#define CPU_INTERRUPT_HALT   0x20 /* CPU halt wanted */
+#define CPU_INTERRUPT_SMI    0x40 /* (x86 only) SMI interrupt pending */
 #ifdef VBOX
 /** Executes a single instruction. cpu_exec() will normally return EXCP_SINGLE_INSTR. */
 #define CPU_INTERRUPT_SINGLE_INSTR              0x0040
+#define CPU_INTERRUPT_SINGLE_INSTR              0x0200
 /** Executing a CPU_INTERRUPT_SINGLE_INSTR request, quit the cpu_loop. (for exceptions and suchlike) */
 #define CPU_INTERRUPT_SINGLE_INSTR_IN_FLIGHT    0x0080
+#define CPU_INTERRUPT_SINGLE_INSTR_IN_FLIGHT    0x0400
 /** VM execution was interrupted by VMR3Reset, VMR3Suspend or VMR3PowerOff. */
 #define CPU_INTERRUPT_RC                        0x0100
+#define CPU_INTERRUPT_RC                        0x0800
 /** Exit current TB to process an external interrupt request (also in op.c!!) */
 #define CPU_INTERRUPT_EXTERNAL_EXIT             0x0200
+#define CPU_INTERRUPT_EXTERNAL_EXIT             0x1000
 /** Exit current TB to process an external interrupt request (also in op.c!!) */
 #define CPU_INTERRUPT_EXTERNAL_HARD             0x0400
+#define CPU_INTERRUPT_EXTERNAL_HARD             0x2000
 /** Exit current TB to process an external interrupt request (also in op.c!!) */
 #define CPU_INTERRUPT_EXTERNAL_TIMER            0x0800
+#define CPU_INTERRUPT_EXTERNAL_TIMER            0x4000
 /** Exit current TB to process an external interrupt request (also in op.c!!) */
 #define CPU_INTERRUPT_EXTERNAL_DMA              0x1000
+#define CPU_INTERRUPT_EXTERNAL_DMA              0x8000
 #endif /* VBOX */
 void cpu_interrupt(CPUState *s, int mask);
 …
 /* memory API */
+extern uint32_t phys_ram_size;
 #ifndef VBOX
+extern int phys_ram_size;
 extern int phys_ram_fd;
 extern int phys_ram_size;
+#else /* VBOX */
+extern RTGCPHYS phys_ram_size;
+/** This is required for bounds checking the phys_ram_dirty accesses. */
+extern uint32_t phys_ram_dirty_size;
+#endif /* VBOX */
+#if !defined(VBOX) || !(defined(PGM_DYNAMIC_RAM_ALLOC) || defined(REM_PHYS_ADDR_IN_TLB))
 extern uint8_t *phys_ram_base;
 #endif
 …
 /* physical memory access */
-#define IO_MEM_NB_ENTRIES  256
 #define TLB_INVALID_MASK   (1 << 3)
 #define IO_MEM_SHIFT       4
+#define IO_MEM_NB_ENTRIES  (1 << (TARGET_PAGE_BITS  - IO_MEM_SHIFT))
 #define IO_MEM_RAM         (0 << IO_MEM_SHIFT) /* hardcoded offset */
 #define IO_MEM_ROM         (1 << IO_MEM_SHIFT) /* hardcoded offset */
 #define IO_MEM_UNASSIGNED  (2 << IO_MEM_SHIFT)
-#define IO_MEM_CODE        (3 << IO_MEM_SHIFT) /* used internally, never use directly */
 #define IO_MEM_NOTDIRTY    (4 << IO_MEM_SHIFT) /* used internally, never use directly */
 #ifdef VBOX
+#if defined(VBOX) && defined(PGM_DYNAMIC_RAM_ALLOC)
 #define IO_MEM_RAM_MISSING (5 << IO_MEM_SHIFT) /* used internally, never use directly */
 #endif
+/* acts like a ROM when read and like a device when written. As an
+   exception, the write memory callback gets the ram offset instead of
+   the physical address */
+#define IO_MEM_ROMD        (1)
 typedef void CPUWriteMemoryFunc(void *opaque, target_phys_addr_t addr, uint32_t value);
 …
                                   unsigned long size,
                                   unsigned long phys_offset);
+uint32_t cpu_get_physical_page_desc(target_phys_addr_t addr);
 int cpu_register_io_memory(int io_index,
                            CPUReadMemoryFunc **mem_read,
 …
     cpu_physical_memory_rw(addr, (uint8_t *)buf, len, 1);
+}
+uint32_t ldub_phys(target_phys_addr_t addr);
+uint32_t lduw_phys(target_phys_addr_t addr);
 uint32_t ldl_phys(target_phys_addr_t addr);
+uint64_t ldq_phys(target_phys_addr_t addr);
 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val);
+void stb_phys(target_phys_addr_t addr, uint32_t val);
+void stw_phys(target_phys_addr_t addr, uint32_t val);
 void stl_phys(target_phys_addr_t addr, uint32_t val);
+void stq_phys(target_phys_addr_t addr, uint64_t val);
+void cpu_physical_memory_write_rom(target_phys_addr_t addr,
+                                   const uint8_t *buf, int len);
 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
                         uint8_t *buf, int len, int is_write);
+#define VGA_DIRTY_FLAG  0x01
+#define CODE_DIRTY_FLAG 0x02
 /* read dirty bit (return 0 or 1) */
+static inline int cpu_physical_memory_is_dirty(target_ulong addr)
+{
+    return phys_ram_dirty[addr >> TARGET_PAGE_BITS];
+}
+static inline void cpu_physical_memory_set_dirty(target_ulong addr)
+{
+    phys_ram_dirty[addr >> TARGET_PAGE_BITS] = 1;
+}
+void cpu_physical_memory_reset_dirty(target_ulong start, target_ulong end);
+static inline int cpu_physical_memory_is_dirty(ram_addr_t addr)
+{
+#ifdef VBOX
+    if (RT_UNLIKELY((addr >> TARGET_PAGE_BITS) >= phys_ram_dirty_size))
+    {
+        Log(("cpu_physical_memory_is_dirty: %VGp\n", (RTGCPHYS)addr));
+        /*AssertMsgFailed(("cpu_physical_memory_is_dirty: %VGp\n", (RTGCPHYS)addr));*/
+        return 0;
+    }
+#endif
+    return phys_ram_dirty[addr >> TARGET_PAGE_BITS] == 0xff;
+}
+static inline int cpu_physical_memory_get_dirty(ram_addr_t addr,
+                                                int dirty_flags)
+{
+#ifdef VBOX
+    if (RT_UNLIKELY((addr >> TARGET_PAGE_BITS) >= phys_ram_dirty_size))
+    {
+        Log(("cpu_physical_memory_is_dirty: %VGp\n", (RTGCPHYS)addr));
+        /*AssertMsgFailed(("cpu_physical_memory_is_dirty: %VGp\n", (RTGCPHYS)addr));*/
+        return 0xff & dirty_flags; /** @todo I don't think this is the right thing to return, fix! */
+    }
+#endif
+    return phys_ram_dirty[addr >> TARGET_PAGE_BITS] & dirty_flags;
+}
+static inline void cpu_physical_memory_set_dirty(ram_addr_t addr)
+{
+#ifdef VBOX
+    if (RT_UNLIKELY((addr >> TARGET_PAGE_BITS) >= phys_ram_dirty_size))
+    {
+        Log(("cpu_physical_memory_is_dirty: %VGp\n", (RTGCPHYS)addr));
+        /*AssertMsgFailed(("cpu_physical_memory_is_dirty: %VGp\n", (RTGCPHYS)addr));*/
+        return;
+    }
+#endif
+    phys_ram_dirty[addr >> TARGET_PAGE_BITS] = 0xff;
+}
+void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
+                                     int dirty_flags);
+void cpu_tlb_update_dirty(CPUState *env);
 void dump_exec_info(FILE *f,
                     int (*cpu_fprintf)(FILE *f, const char *fmt, ...));
+/*******************************************/
+/* host CPU ticks (if available) */
+#if defined(__powerpc__)
+static inline uint32_t get_tbl(void)
+{
+    uint32_t tbl;
+    asm volatile("mftb %0" : "=r" (tbl));
+    return tbl;
+}
+static inline uint32_t get_tbu(void)
+{
+        uint32_t tbl;
+        asm volatile("mftbu %0" : "=r" (tbl));
+        return tbl;
+}
+static inline int64_t cpu_get_real_ticks(void)
+{
+    uint32_t l, h, h1;
+    /* NOTE: we test if wrapping has occurred */
+    do {
+        h = get_tbu();
+        l = get_tbl();
+        h1 = get_tbu();
+    } while (h != h1);
+    return ((int64_t)h << 32) | l;
+}
+#elif defined(__i386__)
+static inline int64_t cpu_get_real_ticks(void)
+{
+    int64_t val;
+    asm volatile ("rdtsc" : "=A" (val));
+    return val;
+}
+#elif defined(__x86_64__)
+static inline int64_t cpu_get_real_ticks(void)
+{
+    uint32_t low,high;
+    int64_t val;
+    asm volatile("rdtsc" : "=a" (low), "=d" (high));
+    val = high;
+    val <<= 32;
+    val |= low;
+    return val;
+}
+#elif defined(__ia64)
+static inline int64_t cpu_get_real_ticks(void)
+{
+        int64_t val;
+        asm volatile ("mov %0 = ar.itc" : "=r"(val) :: "memory");
+        return val;
+}
+#elif defined(__s390__)
+static inline int64_t cpu_get_real_ticks(void)
+{
+    int64_t val;
+    asm volatile("stck 0(%1)" : "=m" (val) : "a" (&val) : "cc");
+    return val;
+}
+#elif defined(__sparc_v9__)
+static inline int64_t cpu_get_real_ticks (void)
+{
+#if     defined(_LP64)
+        uint64_t        rval;
+        asm volatile("rd %%tick,%0" : "=r"(rval));
+        return rval;
+#else
+        union {
+                uint64_t i64;
+                struct {
+                        uint32_t high;
+                        uint32_t low;
+                }       i32;
+        } rval;
+        asm volatile("rd %%tick,%1; srlx %1,32,%0"
+                : "=r"(rval.i32.high), "=r"(rval.i32.low));
+        return rval.i64;
+#endif
+}
+#else
+/* The host CPU doesn't have an easily accessible cycle counter.
+   Just return a monotonically increasing vlue.  This will be totally wrong,
+   but hopefully better than nothing.  */
+static inline int64_t cpu_get_real_ticks (void)
+{
+    static int64_t ticks = 0;
+    return ticks++;
+}
+#endif
+/* profiling */
+#ifdef CONFIG_PROFILER
+static inline int64_t profile_getclock(void)
+{
+    return cpu_get_real_ticks();
+}
+extern int64_t kqemu_time, kqemu_time_start;
+extern int64_t qemu_time, qemu_time_start;
+extern int64_t tlb_flush_time;
+extern int64_t kqemu_exec_count;
+extern int64_t dev_time;
+extern int64_t kqemu_ret_int_count;
+extern int64_t kqemu_ret_excp_count;
+extern int64_t kqemu_ret_intr_count;
+#endif
 #ifdef VBOX
 void tb_invalidate_virt(CPUState *env, uint32_t eip);
 #endif
+#endif /* VBOX */
 #endif /* CPU_ALL_H */

trunk/src/recompiler/cpu-defs.h

-              r1
+              r2422
 #endif
-#if defined(__alpha__) || defined (__ia64__) || defined(__x86_64__)
-#define HOST_LONG_BITS 64
-#else
-#define HOST_LONG_BITS 32
-#endif
 #ifndef TARGET_PHYS_ADDR_BITS
 #if TARGET_LONG_BITS >= HOST_LONG_BITS
 …
 typedef int64_t target_long;
 typedef uint64_t target_ulong;
 #define TARGET_FMT_lx "%016llx"
+#define TARGET_FMT_lx "%016" PRIx64
 #else
 #error TARGET_LONG_SIZE undefined
 …
 #endif
+/* address in the RAM (different from a physical address) */
+typedef unsigned long ram_addr_t;
 #define HOST_LONG_SIZE (HOST_LONG_BITS / 8)
+#define EXCP_INTERRUPT  256 /* async interruption */
+#define EXCP_HLT        257 /* hlt instruction reached */
+#define EXCP_DEBUG      258 /* cpu stopped after a breakpoint or singlestep */
+#define EXCP_INTERRUPT  0x10000 /* async interruption */
+#define EXCP_HLT        0x10001 /* hlt instruction reached */
+#define EXCP_DEBUG      0x10002 /* cpu stopped after a breakpoint or singlestep */
+#define EXCP_HALTED     0x10003 /* cpu is halted (waiting for external event) */
 #if defined(VBOX)
 #define EXCP_EXECUTE_RAW    1024 /* execute raw mode. */
 #define EXCP_EXECUTE_HWACC  1025 /* execute hardware accelerated raw mode. */
 #define EXCP_SINGLE_INSTR   1026 /* executed single instruction. */
 #define EXCP_RC             1027 /* a EM rc was raised (VMR3Reset/Suspend/PowerOff). */
+#define EXCP_EXECUTE_RAW    0x11024 /* execute raw mode. */
+#define EXCP_EXECUTE_HWACC  0x11025 /* execute hardware accelerated raw mode. */
+#define EXCP_SINGLE_INSTR   0x11026 /* executed single instruction. */
+#define EXCP_RC             0x11027 /* a EM rc was raised (VMR3Reset/Suspend/PowerOff). */
 #endif /* VBOX */
 #define MAX_BREAKPOINTS 32
+#define CPU_TLB_SIZE 256
+#define TB_JMP_CACHE_BITS 12
+#define TB_JMP_CACHE_SIZE (1 << TB_JMP_CACHE_BITS)
+/* Only the bottom TB_JMP_PAGE_BITS of the jump cache hash bits vary for
+   addresses on the same page.  The top bits are the same.  This allows
+   TLB invalidation to quickly clear a subset of the hash table.  */
+#define TB_JMP_PAGE_BITS (TB_JMP_CACHE_BITS / 2)
+#define TB_JMP_PAGE_SIZE (1 << TB_JMP_PAGE_BITS)
+#define TB_JMP_ADDR_MASK (TB_JMP_PAGE_SIZE - 1)
+#define TB_JMP_PAGE_MASK (TB_JMP_CACHE_SIZE - TB_JMP_PAGE_SIZE)
+#define CPU_TLB_BITS 8
+#define CPU_TLB_SIZE (1 << CPU_TLB_BITS)
 typedef struct CPUTLBEntry {
 …
        bit 2..0                   : zero
     */
+    target_ulong address;
+    target_ulong addr_read;
+    target_ulong addr_write;
+    target_ulong addr_code;
     /* addend to virtual address to get physical address */
     target_phys_addr_t addend;
 } CPUTLBEntry;
+#define CPU_COMMON                                                      \
+    struct TranslationBlock *current_tb; /* currently executing TB  */  \
+    /* soft mmu support */                                              \
+    /* in order to avoid passing too many arguments to the memory       \
+       write helpers, we store some rarely used information in the CPU  \
+       context) */                                                      \
+    unsigned long mem_write_pc; /* host pc at which the memory was      \
+                                   written */                           \
+    target_ulong mem_write_vaddr; /* target virtual addr at which the   \
+                                     memory was written */              \
+    /* 0 = kernel, 1 = user */                                          \
+    CPUTLBEntry tlb_table[2][CPU_TLB_SIZE];                             \
+    struct TranslationBlock *tb_jmp_cache[TB_JMP_CACHE_SIZE];           \
+                                                                        \
+    /* from this point: preserved by CPU reset */                       \
+    /* ice debug support */                                             \
+    target_ulong breakpoints[MAX_BREAKPOINTS];                          \
+    int nb_breakpoints;                                                 \
+    int singlestep_enabled;                                             \
+                                                                        \
+    void *next_cpu; /* next CPU sharing TB cache */                     \
+    int cpu_index; /* CPU index (informative) */                        \
+    /* user data */                                                     \
+    void *opaque;
 #endif

trunk/src/recompiler/cpu-exec.c

-              r1147
+              r2422
 /*
  *  i386 emulator main execution loop
+ *
  *  Copyright (c) 2003 Fabrice Bellard
+ *
+ *  Copyright (c) 2003-2005 Fabrice Bellard
+ *
  * This library is free software; you can redistribute it and/or
 …
 //#define DEBUG_SIGNAL
 #if defined(TARGET_ARM) || defined(TARGET_SPARC)
+#if defined(TARGET_ARM) || defined(TARGET_SPARC) || defined(TARGET_M68K)
 /* XXX: unify with i386 target */
 void cpu_loop_exit(void)
 …
     longjmp(env->jmp_env, 1);
+}
+#endif
+#if !(defined(TARGET_SPARC) || defined(TARGET_SH4) || defined(TARGET_M68K))
+#define reg_T2
 #endif
 …
    restored in a state compatible with the CPU emulator
  */
 void cpu_resume_from_signal(CPUState *env1, void *puc)
+void cpu_resume_from_signal(CPUState *env1, void *puc)
+{
 #if !defined(CONFIG_SOFTMMU)
 …
+}
+static TranslationBlock *tb_find_slow(target_ulong pc,
+                                      target_ulong cs_base,
+                                      unsigned int flags)
+{
+    TranslationBlock *tb, **ptb1;
+    int code_gen_size;
+    unsigned int h;
+    target_ulong phys_pc, phys_page1, phys_page2, virt_page2;
+    uint8_t *tc_ptr;
+    spin_lock(&tb_lock);
+    tb_invalidated_flag = 0;
+    regs_to_env(); /* XXX: do it just before cpu_gen_code() */
+    /* find translated block using physical mappings */
+    phys_pc = get_phys_addr_code(env, pc);
+    phys_page1 = phys_pc & TARGET_PAGE_MASK;
+    phys_page2 = -1;
+    h = tb_phys_hash_func(phys_pc);
+    ptb1 = &tb_phys_hash[h];
+    for(;;) {
+        tb = *ptb1;
+        if (!tb)
+            goto not_found;
+        if (tb->pc == pc &&
+            tb->page_addr[0] == phys_page1 &&
+            tb->cs_base == cs_base &&
+            tb->flags == flags) {
+            /* check next page if needed */
+            if (tb->page_addr[1] != -1) {
+                virt_page2 = (pc & TARGET_PAGE_MASK) +
+                    TARGET_PAGE_SIZE;
+                phys_page2 = get_phys_addr_code(env, virt_page2);
+                if (tb->page_addr[1] == phys_page2)
+                    goto found;
+            } else {
+                goto found;
+            }
+        }
+        ptb1 = &tb->phys_hash_next;
+    }
+ not_found:
+    /* if no translated code available, then translate it now */
+    tb = tb_alloc(pc);
+    if (!tb) {
+        /* flush must be done */
+        tb_flush(env);
+        /* cannot fail at this point */
+        tb = tb_alloc(pc);
+        /* don't forget to invalidate previous TB info */
+        tb_invalidated_flag = 1;
+    }
+    tc_ptr = code_gen_ptr;
+    tb->tc_ptr = tc_ptr;
+    tb->cs_base = cs_base;
+    tb->flags = flags;
+    cpu_gen_code(env, tb, CODE_GEN_MAX_SIZE, &code_gen_size);
+    code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
+    /* check next page if needed */
+    virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
+    phys_page2 = -1;
+    if ((pc & TARGET_PAGE_MASK) != virt_page2) {
+        phys_page2 = get_phys_addr_code(env, virt_page2);
+    }
+    tb_link_phys(tb, phys_pc, phys_page2);
+ found:
+    /* we add the TB in the virtual pc hash table */
+    env->tb_jmp_cache[tb_jmp_cache_hash_func(pc)] = tb;
+    spin_unlock(&tb_lock);
+    return tb;
+}
+static inline TranslationBlock *tb_find_fast(void)
+{
+    TranslationBlock *tb;
+    target_ulong cs_base, pc;
+    unsigned int flags;
+    /* we record a subset of the CPU state. It will
+       always be the same before a given translated block
+       is executed. */
+#if defined(TARGET_I386)
+    flags = env->hflags;
+    flags |= (env->eflags & (IOPL_MASK | TF_MASK | VM_MASK));
+    cs_base = env->segs[R_CS].base;
+    pc = cs_base + env->eip;
+#elif defined(TARGET_ARM)
+    flags = env->thumb | (env->vfp.vec_len << 1)
+            | (env->vfp.vec_stride << 4);
+    if ((env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR)
+        flags |= (1 << 6);
+    if (env->vfp.xregs[ARM_VFP_FPEXC] & (1 << 30))
+        flags |= (1 << 7);
+    cs_base = 0;
+    pc = env->regs[15];
+#elif defined(TARGET_SPARC)
+#ifdef TARGET_SPARC64
+    // Combined FPU enable bits . PRIV . DMMU enabled . IMMU enabled
+    flags = (((env->pstate & PS_PEF) >> 1) | ((env->fprs & FPRS_FEF) << 2))
+        | (env->pstate & PS_PRIV) | ((env->lsu & (DMMU_E | IMMU_E)) >> 2);
+#else
+    // FPU enable . MMU enabled . MMU no-fault . Supervisor
+    flags = (env->psref << 3) | ((env->mmuregs[0] & (MMU_E | MMU_NF)) << 1)
+        | env->psrs;
+#endif
+    cs_base = env->npc;
+    pc = env->pc;
+#elif defined(TARGET_PPC)
+    flags = (msr_pr << MSR_PR) | (msr_fp << MSR_FP) |
+        (msr_se << MSR_SE) | (msr_le << MSR_LE);
+    cs_base = 0;
+    pc = env->nip;
+#elif defined(TARGET_MIPS)
+    flags = env->hflags & (MIPS_HFLAG_TMASK | MIPS_HFLAG_BMASK);
+    cs_base = 0;
+    pc = env->PC;
+#elif defined(TARGET_M68K)
+    flags = env->fpcr & M68K_FPCR_PREC;
+    cs_base = 0;
+    pc = env->pc;
+#elif defined(TARGET_SH4)
+    flags = env->sr & (SR_MD | SR_RB);
+    cs_base = 0;         /* XXXXX */
+    pc = env->pc;
+#else
+#error unsupported CPU
+#endif
+    tb = env->tb_jmp_cache[tb_jmp_cache_hash_func(pc)];
+    if (__builtin_expect(!tb || tb->pc != pc || tb->cs_base != cs_base ||
+                         tb->flags != flags, 0)) {
+        tb = tb_find_slow(pc, cs_base, flags);
+        /* Note: we do it here to avoid a gcc bug on Mac OS X when
+           doing it in tb_find_slow */
+        if (tb_invalidated_flag) {
+            /* as some TB could have been invalidated because
+               of memory exceptions while generating the code, we
+               must recompute the hash index here */
+            T0 = 0;
+        }
+    }
+    return tb;
+}
 /* main execution loop */
 …
 int cpu_exec(CPUState *env1)
+{
+    int saved_T0, saved_T1, saved_T2;
+    CPUState *saved_env;
+#ifdef reg_EAX
+    int saved_EAX;
+#endif
+#ifdef reg_ECX
+    int saved_ECX;
+#endif
+#ifdef reg_EDX
+    int saved_EDX;
+#endif
+#ifdef reg_EBX
+    int saved_EBX;
+#endif
+#ifdef reg_ESP
+    int saved_ESP;
+#endif
+#ifdef reg_EBP
+    int saved_EBP;
+#endif
+#ifdef reg_ESI
+    int saved_ESI;
+#endif
+#ifdef reg_EDI
+    int saved_EDI;
+#endif
+    int code_gen_size, ret, interrupt_request;
+#define DECLARE_HOST_REGS 1
+#include "hostregs_helper.h"
+    int ret, interrupt_request;
     void (*gen_func)(void);
+    TranslationBlock *tb, **ptb;
+    target_ulong cs_base, pc;
+    TranslationBlock *tb;
     uint8_t *tc_ptr;
+    unsigned int flags;
+#if defined(TARGET_I386)
+    /* handle exit of HALTED state */
+    if (env1->hflags & HF_HALTED_MASK) {
+        /* disable halt condition */
+        if ((env1->interrupt_request & CPU_INTERRUPT_HARD) &&
+            (env1->eflags & IF_MASK)) {
+            env1->hflags &= ~HF_HALTED_MASK;
+        } else {
+            return EXCP_HALTED;
+        }
+    }
+#elif defined(TARGET_PPC)
+    if (env1->halted) {
+        if (env1->msr[MSR_EE] &&
+            (env1->interrupt_request &
+             (CPU_INTERRUPT_HARD | CPU_INTERRUPT_TIMER))) {
+            env1->halted = 0;
+        } else {
+            return EXCP_HALTED;
+        }
+    }
+#elif defined(TARGET_SPARC)
+    if (env1->halted) {
+        if ((env1->interrupt_request & CPU_INTERRUPT_HARD) &&
+            (env1->psret != 0)) {
+            env1->halted = 0;
+        } else {
+            return EXCP_HALTED;
+        }
+    }
+#elif defined(TARGET_ARM)
+    if (env1->halted) {
+        /* An interrupt wakes the CPU even if the I and F CPSR bits are
+           set.  */
+        if (env1->interrupt_request
+            & (CPU_INTERRUPT_FIQ | CPU_INTERRUPT_HARD)) {
+            env1->halted = 0;
+        } else {
+            return EXCP_HALTED;
+        }
+    }
+#elif defined(TARGET_MIPS)
+    if (env1->halted) {
+        if (env1->interrupt_request &
+            (CPU_INTERRUPT_HARD | CPU_INTERRUPT_TIMER)) {
+            env1->halted = 0;
+        } else {
+            return EXCP_HALTED;
+        }
+    }
+#endif
+    cpu_single_env = env1;
     /* first we save global registers */
+    saved_env = env;
+#define SAVE_HOST_REGS 1
+#include "hostregs_helper.h"
     env = env1;
+    saved_T0 = T0;
+    saved_T1 = T1;
+    saved_T2 = T2;
+#ifdef reg_EAX
+    saved_EAX = EAX;
+#endif
+#ifdef reg_ECX
+    saved_ECX = ECX;
+#endif
+#ifdef reg_EDX
+    saved_EDX = EDX;
+#endif
+#ifdef reg_EBX
+    saved_EBX = EBX;
+#endif
+#ifdef reg_ESP
+    saved_ESP = ESP;
+#endif
+#ifdef reg_EBP
+    saved_EBP = EBP;
+#endif
+#ifdef reg_ESI
+    saved_ESI = ESI;
+#endif
+#ifdef reg_EDI
+    saved_EDI = EDI;
+#endif
+#if defined(__sparc__) && !defined(HOST_SOLARIS)
+    /* we also save i7 because longjmp may not restore it */
+    asm volatile ("mov %%i7, %0" : "=r" (saved_i7));
+#endif
+#if defined(TARGET_I386)
     env_to_regs();
 …
     CC_OP = CC_OP_EFLAGS;
     env->eflags &= ~(DF_MASK | CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
+#elif defined(TARGET_ARM)
+#elif defined(TARGET_SPARC)
+#if defined(reg_REGWPTR)
+    saved_regwptr = REGWPTR;
+#endif
+#elif defined(TARGET_PPC)
+#elif defined(TARGET_MIPS)
+#elif defined(TARGET_SH4)
+    /* XXXXX */
+#else
+#error unsupported target CPU
+#endif
 #ifndef VBOX /* VBOX: We need to raise traps and suchlike from the outside. */
     env->exception_index = -1;
 #endif
+#endif
     /* prepare setjmp context for exception handling */
     for(;;) {
         if (setjmp(env->jmp_env) == 0)
+        if (setjmp(env->jmp_env) == 0)
+        {
             env->current_tb = NULL;
 …
              * Check for fatal errors first
              */
+            if (env->interrupt_request & CPU_INTERRUPT_RC)
+            {
+            if (env->interrupt_request & CPU_INTERRUPT_RC) {
                 env->exception_index = EXCP_RC;
                 ASMAtomicAndS32(&env->interrupt_request, ~CPU_INTERRUPT_RC);
 …
             /* if an exception is pending, we execute it here */
+            if (env->exception_index >= 0)
+            {
+            if (env->exception_index >= 0) {
                 Assert(!env->user_mode_only);
+                if (env->exception_index >= EXCP_INTERRUPT)
+                {
+                if (env->exception_index >= EXCP_INTERRUPT) {
                     /* exit request from the cpu execution loop */
                     ret = env->exception_index;
                     break;
+                }
+                else
+                {
+                } else {
                     /* simulate a real cpu exception. On i386, it can
                        trigger new exceptions, but we do not handle
 …
                     RAWEx_ProfileStart(env, STATS_IRQ_HANDLING);
                     Log(("do_interrupt %d %d %08x\n", env->exception_index, env->exception_is_int, env->exception_next_eip));
                     do_interrupt(env->exception_index,
                                  env->exception_is_int,
                                  env->error_code,
+                    do_interrupt(env->exception_index,
+                                 env->exception_is_int,
+                                 env->error_code,
                                  env->exception_next_eip, 0);
                     RAWEx_ProfileStop(env, STATS_IRQ_HANDLING);
 …
                     RAWEx_ProfileStart(env, STATS_IRQ_HANDLING);
+                    /* if hardware interrupt pending, we execute it */
+                    if ((interrupt_request & CPU_INTERRUPT_HARD) &&
+                        (env->eflags & IF_MASK) &&
+                        !(env->hflags & HF_INHIBIT_IRQ_MASK))
+                    if ((interrupt_request & CPU_INTERRUPT_SMI) &&
+                        !(env->hflags & HF_SMM_MASK)) {
+                        env->interrupt_request &= ~CPU_INTERRUPT_SMI;
+                        do_smm_enter();
+                        T0 = 0;
+                    }
+                    else if ((interrupt_request & CPU_INTERRUPT_HARD) &&
+                             (env->eflags & IF_MASK) &&
+                             !(env->hflags & HF_INHIBIT_IRQ_MASK))
+                    {
+                        /* if hardware interrupt pending, we execute it */
                         int intno;
                         ASMAtomicAndS32(&env->interrupt_request, ~CPU_INTERRUPT_HARD);
 …
                         T0 = 0;
+                    }
                     if (interrupt_request & CPU_INTERRUPT_EXITTB)
+                    if (env->interrupt_request & CPU_INTERRUPT_EXITTB)
+                    {
                         ASMAtomicAndS32(&env->interrupt_request, ~CPU_INTERRUPT_EXITTB);
 …
+                    }
                     RAWEx_ProfileStop(env, STATS_IRQ_HANDLING);
                     if (interrupt_request & CPU_INTERRUPT_EXIT)
+                    if (interrupt_request & CPU_INTERRUPT_EXIT)
+                    {
                         env->exception_index = EXCP_INTERRUPT;
 …
                         cpu_loop_exit();
+                    }
                     if (interrupt_request & CPU_INTERRUPT_RC)
+                    if (interrupt_request & CPU_INTERRUPT_RC)
+                    {
                         env->exception_index = EXCP_RC;
 …
+                    }
+                }
+                /* we record a subset of the CPU state. It will
+                   always be the same before a given translated block
+                   is executed. */
+                flags = env->hflags;
+                flags |= (env->eflags & (IOPL_MASK | TF_MASK | VM_MASK));
+                cs_base = env->segs[R_CS].base;
+                pc = cs_base + env->eip;
+                /*
+                 * Check if we the CPU state allows us to execute the code in raw-mode.
+                 */
                 RAWEx_ProfileStart(env, STATS_RAW_CHECK);
+                if (remR3CanExecuteRaw(env, pc, flags, &env->exception_index))
+                if (remR3CanExecuteRaw(env,
+                                       env->eip + env->segs[R_CS].base,
+                                       env->hflags | (env->eflags & (IOPL_MASK | TF_MASK | VM_MASK)),
+                                       &env->exception_index))
+                {
                     RAWEx_ProfileStop(env, STATS_RAW_CHECK);
 …
                 RAWEx_ProfileStart(env, STATS_TLB_LOOKUP);
+                tb = tb_find(&ptb, pc, cs_base,
+                             flags);
+                if (!tb)
+                tb = tb_find_fast();
+                /* see if we can patch the calling TB. When the TB
+                   spans two pages, we cannot safely do a direct
+                   jump. */
+                if (T0 != 0
+                    && !(tb->cflags & CF_RAW_MODE)
+                    && tb->page_addr[1] == -1)
+                {
-                    TranslationBlock **ptb1;
-                    unsigned int h;
-                    target_ulong phys_pc, phys_page1, phys_page2, virt_page2;
-                    spin_lock(&tb_lock);
-                    tb_invalidated_flag = 0;
-                    regs_to_env(); /* XXX: do it just before cpu_gen_code() */
-                    /* find translated block using physical mappings */
-                    phys_pc = get_phys_addr_code(env, pc);
-                    phys_page1 = phys_pc & TARGET_PAGE_MASK;
-                    phys_page2 = -1;
-                    h = tb_phys_hash_func(phys_pc);
-                    ptb1 = &tb_phys_hash[h];
-                    for(;;) {
-                        tb = *ptb1;
-                        if (!tb)
-                            goto not_found;
-                        if (tb->pc == pc &&
-                            tb->page_addr[0] == phys_page1 &&
-                            tb->cs_base == cs_base &&
-                            tb->flags == flags) {
-                            /* check next page if needed */
-                            if (tb->page_addr[1] != -1) {
-                                virt_page2 = (pc & TARGET_PAGE_MASK) +
-                                    TARGET_PAGE_SIZE;
-                                phys_page2 = get_phys_addr_code(env, virt_page2);
-                                if (tb->page_addr[1] == phys_page2)
-                                    goto found;
-                            } else {
-                                goto found;
+                            }
+                        }
-                        ptb1 = &tb->phys_hash_next;
+                    }
-                not_found:
-                    /* if no translated code available, then translate it now */
-                    tb = tb_alloc(pc);
-                    if (!tb) {
-                        /* flush must be done */
-                        tb_flush(env);
-                        /* cannot fail at this point */
-                        tb = tb_alloc(pc);
-                        /* don't forget to invalidate previous TB info */
-                        ptb = &tb_hash[tb_hash_func(pc)];
-                        T0 = 0;
+                    }
-                    tc_ptr = code_gen_ptr;
-                    tb->tc_ptr = tc_ptr;
-                    tb->cs_base = cs_base;
-                    tb->flags = flags;
-                    RAWEx_ProfileStop(env, STATS_TLB_LOOKUP);
-                    cpu_gen_code(env, tb, CODE_GEN_MAX_SIZE, &code_gen_size);
-                    RAWEx_ProfileStart(env, STATS_TLB_LOOKUP);
-                    code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
-                    /* check next page if needed */
-                    virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
-                    phys_page2 = -1;
-                    if ((pc & TARGET_PAGE_MASK) != virt_page2) {
-                        phys_page2 = get_phys_addr_code(env, virt_page2);
+                    }
-                    tb_link_phys(tb, phys_pc, phys_page2);
-                found:
-                    if (tb_invalidated_flag) {
-                        /* as some TB could have been invalidated because
-                           of memory exceptions while generating the code, we
-                           must recompute the hash index here */
-                        ptb = &tb_hash[tb_hash_func(pc)];
-                        while (*ptb != NULL)
-                            ptb = &(*ptb)->hash_next;
-                        T0 = 0;
+                    }
-                    /* we add the TB in the virtual pc hash table */
-                    *ptb = tb;
-                    tb->hash_next = NULL;
-                    tb_link(tb);
-                    spin_unlock(&tb_lock);
+                }
-                /* see if we can patch the calling TB. */
+                {
-                    if (T0 != 0
-                    && !(tb->cflags & CF_RAW_MODE)
-                    ) {
                     spin_lock(&tb_lock);
                     tb_add_jump((TranslationBlock *)(long)(T0 & ~3), T0 & 3, tb);
                     spin_unlock(&tb_lock);
+                }
+                }
                 tc_ptr = tb->tc_ptr;
 …
 #if defined(DEBUG) && defined(VBOX) && !defined(DEBUG_dmik)
 #if !defined(DEBUG_bird)
                 if (((env->hflags >> HF_CPL_SHIFT) & 3) == 0 && (env->hflags & HF_PE_MASK) && (env->cr[0] & CR0_PG_MASK))
+                if (((env->hflags >> HF_CPL_SHIFT) & 3) == 0 && (env->hflags & HF_PE_MASK) && (env->cr[0] & CR0_PG_MASK))
+                {
                     if(!(env->state & CPU_EMULATE_SINGLE_STEP))
 …
+                }
                 else
                 if (((env->hflags >> HF_CPL_SHIFT) & 3) == 3 && (env->hflags & HF_PE_MASK) && (env->cr[0] & CR0_PG_MASK))
+                if (((env->hflags >> HF_CPL_SHIFT) & 3) == 3 && (env->hflags & HF_PE_MASK) && (env->cr[0] & CR0_PG_MASK))
+                {
                     if(!(env->state & CPU_EMULATE_SINGLE_STEP))
 …
                         if(env->eflags & VM_MASK)
+                        {
                             Log(("EMV86: %04X:%04X IF=%d TF=%d CPL=%d flags=%08X CR0=%08X\n", env->segs[R_CS].selector, env->eip, (env->eflags & IF_MASK) ? 1 : 0, (env->eflags & TF_MASK) ? 1 : 0, (env->hflags >> HF_CPL_SHIFT) & 3, flags, env->cr[0]));
+                            Log(("EMV86: %04X:%04X IF=%d TF=%d CPL=%d CR0=%08X\n", env->segs[R_CS].selector, env->eip, (env->eflags & IF_MASK) ? 1 : 0, (env->eflags & TF_MASK) ? 1 : 0, (env->hflags >> HF_CPL_SHIFT) & 3, env->cr[0]));
+                        }
                         else
+                        {
                             Log(("EMR3: %08X ESP=%08X IF=%d TF=%d CPL=%d IOPL=%d flags=%08X CR0=%08X\n", env->eip, ESP, (env->eflags & IF_MASK) ? 1 : 0, (env->eflags & TF_MASK) ? 1 : 0, (env->hflags >> HF_CPL_SHIFT) & 3, ((env->eflags >> IOPL_SHIFT) & 3), flags, env->cr[0]));
+                            Log(("EMR3: %08X ESP=%08X IF=%d TF=%d CPL=%d IOPL=%d CR0=%08X\n", env->eip, ESP, (env->eflags & IF_MASK) ? 1 : 0, (env->eflags & TF_MASK) ? 1 : 0, (env->hflags >> HF_CPL_SHIFT) & 3, ((env->eflags >> IOPL_SHIFT) & 3), env->cr[0]));
+                        }
+                    }
+                }
                 else
+                else
+                {
                     Log(("EMRM: %04X:%08X SS:ESP=%04X:%08X IF=%d TF=%d CPL=%d PE=%d PG=%d\n", env->segs[R_CS].selector, env->eip, env->segs[R_SS].selector, ESP, (env->eflags & IF_MASK) ? 1 : 0, (env->eflags & TF_MASK) ? 1 : 0, (env->hflags >> HF_CPL_SHIFT) & 3, env->cr[0] & X86_CR0_PE, env->cr[0] & X86_CR0_PG));
 …
                         #else
                         env->state &= ~CPU_EMULATE_SINGLE_STEP;
+                        #endif
+                    }
+#endif
+                        #endif
+                    }
+#endif
                     TMCpuTickPause(env->pVM);
                     remR3DisasInstr(env, -1, NULL);
 …
+                    }
+                }
                 else
+                else
+                {
                     RAWEx_ProfileStart(env, STATS_QEMU_RUN_EMULATED_CODE);
 …
+        }
 #ifdef VBOX_HIGH_RES_TIMERS_HACK
         /* NULL the current_tb here so cpu_interrupt() doesn't do
+        /* NULL the current_tb here so cpu_interrupt() doesn't do
            anything unnecessary (like crashing during emulate single instruction). */
         env->current_tb = NULL;
 …
     /* restore flags in standard format */
     env->eflags = env->eflags | cc_table[CC_OP].compute_all() | (DF & DF_MASK);
-    /* restore global registers */
-#ifdef reg_EAX
-    EAX = saved_EAX;
-#endif
-#ifdef reg_ECX
-    ECX = saved_ECX;
-#endif
-#ifdef reg_EDX
-    EDX = saved_EDX;
-#endif
-#ifdef reg_EBX
-    EBX = saved_EBX;
-#endif
-#ifdef reg_ESP
-    ESP = saved_ESP;
-#endif
-#ifdef reg_EBP
-    EBP = saved_EBP;
-#endif
-#ifdef reg_ESI
-    ESI = saved_ESI;
-#endif
-#ifdef reg_EDI
-    EDI = saved_EDI;
-#endif
 #else
 #error unsupported target CPU
 #endif
+    T0 = saved_T0;
+    T1 = saved_T1;
+    T2 = saved_T2;
+    env = saved_env;
+#include "hostregs_helper.h"
     return ret;
+}
 …
 int cpu_exec(CPUState *env1)
+{
+    int saved_T0, saved_T1, saved_T2;
+    CPUState *saved_env;
+#ifdef reg_EAX
+    int saved_EAX;
+#endif
+#ifdef reg_ECX
+    int saved_ECX;
+#endif
+#ifdef reg_EDX
+    int saved_EDX;
+#endif
+#ifdef reg_EBX
+    int saved_EBX;
+#endif
+#ifdef reg_ESP
+    int saved_ESP;
+#endif
+#ifdef reg_EBP
+    int saved_EBP;
+#endif
+#ifdef reg_ESI
+    int saved_ESI;
+#endif
+#ifdef reg_EDI
+    int saved_EDI;
+#endif
+#ifdef __sparc__
+    int saved_i7, tmp_T0;
+#endif
+    int code_gen_size, ret, interrupt_request;
+#define DECLARE_HOST_REGS 1
+#include "hostregs_helper.h"
+#if defined(__sparc__) && !defined(HOST_SOLARIS)
+    int saved_i7;
+    target_ulong tmp_T0;
+#endif
+    int ret, interrupt_request;
     void (*gen_func)(void);
+    TranslationBlock *tb, **ptb;
+    target_ulong cs_base, pc;
+    TranslationBlock *tb;
     uint8_t *tc_ptr;
+    unsigned int flags;
+#if defined(TARGET_I386)
+    /* handle exit of HALTED state */
+    if (env1->hflags & HF_HALTED_MASK) {
+        /* disable halt condition */
+        if ((env1->interrupt_request & CPU_INTERRUPT_HARD) &&
+            (env1->eflags & IF_MASK)) {
+            env1->hflags &= ~HF_HALTED_MASK;
+        } else {
+            return EXCP_HALTED;
+        }
+    }
+#elif defined(TARGET_PPC)
+    if (env1->halted) {
+        if (env1->msr[MSR_EE] &&
+            (env1->interrupt_request &
+             (CPU_INTERRUPT_HARD | CPU_INTERRUPT_TIMER))) {
+            env1->halted = 0;
+        } else {
+            return EXCP_HALTED;
+        }
+    }
+#elif defined(TARGET_SPARC)
+    if (env1->halted) {
+        if ((env1->interrupt_request & CPU_INTERRUPT_HARD) &&
+            (env1->psret != 0)) {
+            env1->halted = 0;
+        } else {
+            return EXCP_HALTED;
+        }
+    }
+#elif defined(TARGET_ARM)
+    if (env1->halted) {
+        /* An interrupt wakes the CPU even if the I and F CPSR bits are
+           set.  */
+        if (env1->interrupt_request
+            & (CPU_INTERRUPT_FIQ | CPU_INTERRUPT_HARD)) {
+            env1->halted = 0;
+        } else {
+            return EXCP_HALTED;
+        }
+    }
+#elif defined(TARGET_MIPS)
+    if (env1->halted) {
+        if (env1->interrupt_request &
+            (CPU_INTERRUPT_HARD | CPU_INTERRUPT_TIMER)) {
+            env1->halted = 0;
+        } else {
+            return EXCP_HALTED;
+        }
+    }
+#endif
+    cpu_single_env = env1;
     /* first we save global registers */
+    saved_env = env;
+#define SAVE_HOST_REGS 1
+#include "hostregs_helper.h"
     env = env1;
+    saved_T0 = T0;
+    saved_T1 = T1;
+    saved_T2 = T2;
+#ifdef __sparc__
+#if defined(__sparc__) && !defined(HOST_SOLARIS)
     /* we also save i7 because longjmp may not restore it */
     asm volatile ("mov %%i7, %0" : "=r" (saved_i7));
 …
 #if defined(TARGET_I386)
-#ifdef reg_EAX
-    saved_EAX = EAX;
-#endif
-#ifdef reg_ECX
-    saved_ECX = ECX;
-#endif
-#ifdef reg_EDX
-    saved_EDX = EDX;
-#endif
-#ifdef reg_EBX
-    saved_EBX = EBX;
-#endif
-#ifdef reg_ESP
-    saved_ESP = ESP;
-#endif
-#ifdef reg_EBP
-    saved_EBP = EBP;
-#endif
-#ifdef reg_ESI
-    saved_ESI = ESI;
-#endif
-#ifdef reg_EDI
-    saved_EDI = EDI;
-#endif
     env_to_regs();
     /* put eflags in CPU temporary format */
 …
     env->eflags &= ~(DF_MASK | CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
 #elif defined(TARGET_ARM)
+    {
-        unsigned int psr;
-        psr = env->cpsr;
-        env->CF = (psr >> 29) & 1;
-        env->NZF = (psr & 0xc0000000) ^ 0x40000000;
-        env->VF = (psr << 3) & 0x80000000;
-        env->QF = (psr >> 27) & 1;
-        env->cpsr = psr & ~CACHED_CPSR_BITS;
+    }
 #elif defined(TARGET_SPARC)
+#if defined(reg_REGWPTR)
+    saved_regwptr = REGWPTR;
+#endif
 #elif defined(TARGET_PPC)
+#elif defined(TARGET_M68K)
+    env->cc_op = CC_OP_FLAGS;
+    env->cc_dest = env->sr & 0xf;
+    env->cc_x = (env->sr >> 4) & 1;
+#elif defined(TARGET_MIPS)
+#elif defined(TARGET_SH4)
+    /* XXXXX */
 #else
 #error unsupported target CPU
 …
 #ifndef VBOX /* VBOX: We need to raise traps and suchlike from the outside. */
     env->exception_index = -1;
 #endif
+#endif
     /* prepare setjmp context for exception handling */
 …
         if (setjmp(env->jmp_env) == 0) {
             env->current_tb = NULL;
 #ifdef VBOX
+#ifdef VBOX
             VMMR3Unlock(env->pVM);
             VMMR3Lock(env->pVM);
             /* Check for high priority requests first (like fatal
+            /* Check for high priority requests first (like fatal
                errors). */
             if (env->interrupt_request & CPU_INTERRUPT_RC) {
                 env->exception_index = EXCP_RC;
                 ASMAtomicAndS32(&env->interrupt_request, ~CPU_INTERRUPT_RC);
+                ret = env->exception_index;
                 cpu_loop_exit();
+            }
 …
                 } else if (env->user_mode_only) {
                     /* if user mode only, we simulate a fake exception
                        which will be hanlded outside the cpu execution
+                       which will be handled outside the cpu execution
                        loop */
 #if defined(TARGET_I386)
                     do_interrupt_user(env->exception_index,
                                       env->exception_is_int,
                                       env->error_code,
+                    do_interrupt_user(env->exception_index,
+                                      env->exception_is_int,
+                                      env->error_code,
                                       env->exception_next_eip);
 #endif
 …
                        trigger new exceptions, but we do not handle
                        double or triple faults yet. */
                     do_interrupt(env->exception_index,
                                  env->exception_is_int,
                                  env->error_code,
+                    do_interrupt(env->exception_index,
+                                 env->exception_is_int,
+                                 env->error_code,
                                  env->exception_next_eip, 0);
 #elif defined(TARGET_PPC)
                     do_interrupt(env);
+#elif defined(TARGET_MIPS)
+                    do_interrupt(env);
 #elif defined(TARGET_SPARC)
+                    do_interrupt(env->exception_index,
+                                 env->error_code);
+                    do_interrupt(env->exception_index);
+#elif defined(TARGET_ARM)
+                    do_interrupt(env);
+#elif defined(TARGET_SH4)
+                    do_interrupt(env);
 #endif
+                }
                 env->exception_index = -1;
+            }
+#ifdef USE_KQEMU
+            if (kqemu_is_ok(env) && env->interrupt_request == 0) {
+                int ret;
+                env->eflags = env->eflags | cc_table[CC_OP].compute_all() | (DF & DF_MASK);
+                ret = kqemu_cpu_exec(env);
+                /* put eflags in CPU temporary format */
+                CC_SRC = env->eflags & (CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
+                DF = 1 - (2 * ((env->eflags >> 10) & 1));
+                CC_OP = CC_OP_EFLAGS;
+                env->eflags &= ~(DF_MASK | CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
+                if (ret == 1) {
+                    /* exception */
+                    longjmp(env->jmp_env, 1);
+                } else if (ret == 2) {
+                    /* softmmu execution needed */
+                } else {
+                    if (env->interrupt_request != 0) {
+                        /* hardware interrupt will be executed just after */
+                    } else {
+                        /* otherwise, we restart */
+                        longjmp(env->jmp_env, 1);
+                    }
+                }
+            }
+#endif
             T0 = 0; /* force lookup of first TB */
             for(;;) {
 #ifdef __sparc__
                 /* g1 can be modified by some libc? functions */
+#if defined(__sparc__) && !defined(HOST_SOLARIS)
+                /* g1 can be modified by some libc? functions */
                 tmp_T0 = T0;
 #endif
+#endif
                 interrupt_request = env->interrupt_request;
                 if (__builtin_expect(interrupt_request, 0)) {
 #ifdef VBOX
                     /* Single instruction exec request, we execute it and return (one way or the other).
                        The caller will cleans the request if it's one of the other ways...  the caller
                        also locks everything so no atomic and/or required. */
                     if (interrupt_request & CPU_INTERRUPT_SINGLE_INSTR) {
+                       The caller will always reschedule after doing this operation! */
+                    if (interrupt_request & CPU_INTERRUPT_SINGLE_INSTR)
+                    {
                         /* not in flight are we? */
+                        if (!(env->interrupt_request & CPU_INTERRUPT_SINGLE_INSTR_IN_FLIGHT)) {
+                            env->interrupt_request |= CPU_INTERRUPT_SINGLE_INSTR_IN_FLIGHT;
+                        if (!(env->interrupt_request & CPU_INTERRUPT_SINGLE_INSTR_IN_FLIGHT))
+                        {
+                            ASMAtomicOrS32(&env->interrupt_request, CPU_INTERRUPT_SINGLE_INSTR_IN_FLIGHT);
                             env->exception_index = EXCP_SINGLE_INSTR;
                             if (emulate_single_instr(env) == -1)
                                 AssertMsgFailed(("REM: emulate_single_instr failed for EIP=%08x!!\n", env->eip));
+                            /* When we receive an external interrupt during execution of this single
+                               instruction, then we should stay here. We will leave when we're ready
+                               for raw-mode or when interrupted by pending EMT requests.  */
+                            interrupt_request = env->interrupt_request; /* reload this! */
+                            if (   !(interrupt_request & CPU_INTERRUPT_HARD)
+                                || !(env->eflags & IF_MASK)
+                                ||  (env->hflags & HF_INHIBIT_IRQ_MASK)
+                               )
+                            {
+                                env->exception_index = ret = EXCP_SINGLE_INSTR;
+                                cpu_loop_exit();
+                            }
+                        }
                         env->exception_index = EXCP_SINGLE_INSTR;
                         cpu_loop_exit();
+                    }
+                    RAWEx_ProfileStart(env, STATS_IRQ_HANDLING);
 #endif /* VBOX */
 #if defined(TARGET_I386)
+                    /* if hardware interrupt pending, we execute it */
+                    if ((interrupt_request & CPU_INTERRUPT_HARD) &&
+                        (env->eflags & IF_MASK) &&
+                    if ((interrupt_request & CPU_INTERRUPT_SMI) &&
+                        !(env->hflags & HF_SMM_MASK)) {
+                        env->interrupt_request &= ~CPU_INTERRUPT_SMI;
+                        do_smm_enter();
+#if defined(__sparc__) && !defined(HOST_SOLARIS)
+                        tmp_T0 = 0;
+#else
+                        T0 = 0;
+#endif
+                    } else if ((interrupt_request & CPU_INTERRUPT_HARD) &&
+                        (env->eflags & IF_MASK) &&
                         !(env->hflags & HF_INHIBIT_IRQ_MASK)) {
                         int intno;
 …
 #else
                         env->interrupt_request &= ~CPU_INTERRUPT_HARD;
 #endif
+#endif
                         intno = cpu_get_pic_interrupt(env);
                         if (loglevel & CPU_LOG_TB_IN_ASM) {
 …
                         /* ensure that no TB jump will be modified as
                            the program flow was changed */
 #ifdef __sparc__
+#if defined(__sparc__) && !defined(HOST_SOLARIS)
                         tmp_T0 = 0;
 #else
 …
 #endif
                     if (msr_ee != 0) {
                     if ((interrupt_request & CPU_INTERRUPT_HARD)) {
+                        if ((interrupt_request & CPU_INTERRUPT_HARD)) {
                             /* Raise it */
                             env->exception_index = EXCP_EXTERNAL;
                             env->error_code = 0;
                             do_interrupt(env);
+                        env->interrupt_request &= ~CPU_INTERRUPT_HARD;
+                        } else if ((interrupt_request & CPU_INTERRUPT_TIMER)) {
+                            /* Raise it */
+                            env->exception_index = EXCP_DECR;
+                            env->error_code = 0;
+                            do_interrupt(env);
+                            env->interrupt_request &= ~CPU_INTERRUPT_HARD;
+#if defined(__sparc__) && !defined(HOST_SOLARIS)
+                            tmp_T0 = 0;
+#else
+                            T0 = 0;
+#endif
+                        } else if ((interrupt_request & CPU_INTERRUPT_TIMER)) {
+                            /* Raise it */
+                            env->exception_index = EXCP_DECR;
+                            env->error_code = 0;
+                            do_interrupt(env);
                             env->interrupt_request &= ~CPU_INTERRUPT_TIMER;
+#if defined(__sparc__) && !defined(HOST_SOLARIS)
+                            tmp_T0 = 0;
+#else
+                            T0 = 0;
+#endif
+                        }
+                    }
+#elif defined(TARGET_MIPS)
+                    if ((interrupt_request & CPU_INTERRUPT_HARD) &&
+                        (env->CP0_Status & (1 << CP0St_IE)) &&
+                        (env->CP0_Status & env->CP0_Cause & 0x0000FF00) &&
+                        !(env->hflags & MIPS_HFLAG_EXL) &&
+                        !(env->hflags & MIPS_HFLAG_ERL) &&
+                        !(env->hflags & MIPS_HFLAG_DM)) {
+                        /* Raise it */
+                        env->exception_index = EXCP_EXT_INTERRUPT;
+                        env->error_code = 0;
+                        do_interrupt(env);
+#if defined(__sparc__) && !defined(HOST_SOLARIS)
+                        tmp_T0 = 0;
+#else
+                        T0 = 0;
+#endif
+                    }
+#elif defined(TARGET_SPARC)
+                    if ((interrupt_request & CPU_INTERRUPT_HARD) &&
+                        (env->psret != 0)) {
+                        int pil = env->interrupt_index & 15;
+                        int type = env->interrupt_index & 0xf0;
+                        if (((type == TT_EXTINT) &&
+                             (pil == 15 || pil > env->psrpil)) ||
+                            type != TT_EXTINT) {
+                            env->interrupt_request &= ~CPU_INTERRUPT_HARD;
+                            do_interrupt(env->interrupt_index);
+                            env->interrupt_index = 0;
+#if defined(__sparc__) && !defined(HOST_SOLARIS)
+                            tmp_T0 = 0;
+#else
+                            T0 = 0;
+#endif
+                        }
+                    }
-#elif defined(TARGET_SPARC)
-                    if (interrupt_request & CPU_INTERRUPT_HARD) {
-                        do_interrupt(env->interrupt_index, 0);
-                        env->interrupt_request &= ~CPU_INTERRUPT_HARD;
                     } else if (interrupt_request & CPU_INTERRUPT_TIMER) {
                         //do_interrupt(0, 0, 0, 0, 0);
                         env->interrupt_request &= ~CPU_INTERRUPT_TIMER;
+                    }
+#endif
+                    if (interrupt_request & CPU_INTERRUPT_EXITTB) {
+                    } else if (interrupt_request & CPU_INTERRUPT_HALT) {
+                        env->interrupt_request &= ~CPU_INTERRUPT_HALT;
+                        env->halted = 1;
+                        env->exception_index = EXCP_HLT;
+                        cpu_loop_exit();
+                    }
+#elif defined(TARGET_ARM)
+                    if (interrupt_request & CPU_INTERRUPT_FIQ
+                        && !(env->uncached_cpsr & CPSR_F)) {
+                        env->exception_index = EXCP_FIQ;
+                        do_interrupt(env);
+                    }
+                    if (interrupt_request & CPU_INTERRUPT_HARD
+                        && !(env->uncached_cpsr & CPSR_I)) {
+                        env->exception_index = EXCP_IRQ;
+                        do_interrupt(env);
+                    }
+#elif defined(TARGET_SH4)
+                    /* XXXXX */
+#endif
+                   /* Don't use the cached interupt_request value,
+                      do_interrupt may have updated the EXITTB flag. */
+                    if (env->interrupt_request & CPU_INTERRUPT_EXITTB) {
 #if defined(VBOX)
                         ASMAtomicAndS32(&env->interrupt_request, ~CPU_INTERRUPT_EXITTB);
 #else
                         env->interrupt_request &= ~CPU_INTERRUPT_EXITTB;
 #endif
+#endif
                         /* ensure that no TB jump will be modified as
                            the program flow was changed */
 #ifdef __sparc__
+#if defined(__sparc__) && !defined(HOST_SOLARIS)
                         tmp_T0 = 0;
 #else
 …
 #endif
+                    }
+#ifdef VBOX
+                    RAWEx_ProfileStop(env, STATS_IRQ_HANDLING);
+#endif
                     if (interrupt_request & CPU_INTERRUPT_EXIT) {
 #if defined(VBOX)
 …
                         env->interrupt_request &= ~CPU_INTERRUPT_EXIT;
                         env->exception_index = EXCP_INTERRUPT;
 #endif
+#endif
                         cpu_loop_exit();
+                    }
 …
+                }
 #ifdef DEBUG_EXEC
                 if ((loglevel & CPU_LOG_EXEC)) {
+                if ((loglevel & CPU_LOG_TB_CPU)) {
 #if defined(TARGET_I386)
                     /* restore flags in standard format */
+#ifdef reg_EAX
                     env->regs[R_EAX] = EAX;
+#endif
+#ifdef reg_EBX
                     env->regs[R_EBX] = EBX;
+#endif
+#ifdef reg_ECX
                     env->regs[R_ECX] = ECX;
+#endif
+#ifdef reg_EDX
                     env->regs[R_EDX] = EDX;
+#endif
+#ifdef reg_ESI
                     env->regs[R_ESI] = ESI;
+#endif
+#ifdef reg_EDI
                     env->regs[R_EDI] = EDI;
+#endif
+#ifdef reg_EBP
                     env->regs[R_EBP] = EBP;
+#endif
+#ifdef reg_ESP
                     env->regs[R_ESP] = ESP;
+#endif
                     env->eflags = env->eflags | cc_table[CC_OP].compute_all() | (DF & DF_MASK);
                     cpu_dump_state(env, logfile, fprintf, X86_DUMP_CCOP);
                     env->eflags &= ~(DF_MASK | CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
 #elif defined(TARGET_ARM)
-                    env->cpsr = compute_cpsr();
                     cpu_dump_state(env, logfile, fprintf, 0);
-                    env->cpsr &= ~CACHED_CPSR_BITS;
 #elif defined(TARGET_SPARC)
+                    cpu_dump_state (env, logfile, fprintf, 0);
+                    REGWPTR = env->regbase + (env->cwp * 16);
+                    env->regwptr = REGWPTR;
+                    cpu_dump_state(env, logfile, fprintf, 0);
 #elif defined(TARGET_PPC)
                     cpu_dump_state(env, logfile, fprintf, 0);
+#else
+#error unsupported target CPU
+#endif
+                }
+#endif
+                /* we record a subset of the CPU state. It will
+                   always be the same before a given translated block
+                   is executed. */
+#if defined(TARGET_I386)
+                flags = env->hflags;
+                flags |= (env->eflags & (IOPL_MASK | TF_MASK | VM_MASK));
+                cs_base = env->segs[R_CS].base;
+                pc = cs_base + env->eip;
+#elif defined(TARGET_ARM)
+                flags = env->thumb;
+                cs_base = 0;
+                pc = env->regs[15];
+#elif defined(TARGET_SPARC)
+                flags = 0;
+                cs_base = env->npc;
+                pc = env->pc;
+#elif defined(TARGET_PPC)
+                flags = 0;
+                cs_base = 0;
+                pc = env->nip;
+#else
+#error unsupported CPU
+#endif
+#elif defined(TARGET_M68K)
+                    cpu_m68k_flush_flags(env, env->cc_op);
+                    env->cc_op = CC_OP_FLAGS;
+                    env->sr = (env->sr & 0xffe0)
+                              | env->cc_dest | (env->cc_x << 4);
+                    cpu_dump_state(env, logfile, fprintf, 0);
+#elif defined(TARGET_MIPS)
+                    cpu_dump_state(env, logfile, fprintf, 0);
+#elif defined(TARGET_SH4)
+                    cpu_dump_state(env, logfile, fprintf, 0);
+#else
+#error unsupported target CPU
+#endif
+                }
+#endif
 #ifdef VBOX
+                if (remR3CanExecuteRaw(env, pc, flags, &env->exception_index))
+                /*
+                 * Check if we the CPU state allows us to execute the code in raw-mode.
+                 */
+                RAWEx_ProfileStart(env, STATS_RAW_CHECK);
+                if (remR3CanExecuteRaw(env,
+                                       env->eip + env->segs[R_CS].base,
+                                       env->hflags | (env->eflags & (IOPL_MASK | TF_MASK | VM_MASK))
+                                       flags, &env->exception_index))
+                {
+                    RAWEx_ProfileStop(env, STATS_RAW_CHECK);
+                    ret = env->exception_index;
                     cpu_loop_exit();
+                }
+                RAWEx_ProfileStop(env, STATS_RAW_CHECK);
 #endif /* VBOX */
+                tb = tb_find(&ptb, pc, cs_base,
+                             flags);
+                if (!tb) {
+                    TranslationBlock **ptb1;
+                    unsigned int h;
+                    target_ulong phys_pc, phys_page1, phys_page2, virt_page2;
+                    spin_lock(&tb_lock);
+                    tb_invalidated_flag = 0;
+                    regs_to_env(); /* XXX: do it just before cpu_gen_code() */
+                    /* find translated block using physical mappings */
+                    phys_pc = get_phys_addr_code(env, pc);
+                    phys_page1 = phys_pc & TARGET_PAGE_MASK;
+                    phys_page2 = -1;
+                    h = tb_phys_hash_func(phys_pc);
+                    ptb1 = &tb_phys_hash[h];
+                    for(;;) {
+                        tb = *ptb1;
+                        if (!tb)
+                            goto not_found;
+                        if (tb->pc == pc &&
+                            tb->page_addr[0] == phys_page1 &&
+                            tb->cs_base == cs_base &&
+                            tb->flags == flags) {
+                            /* check next page if needed */
+                            if (tb->page_addr[1] != -1) {
+                                virt_page2 = (pc & TARGET_PAGE_MASK) +
+                                    TARGET_PAGE_SIZE;
+                                phys_page2 = get_phys_addr_code(env, virt_page2);
+                                if (tb->page_addr[1] == phys_page2)
+                                    goto found;
+                            } else {
+                                goto found;
+                            }
+                        }
+                        ptb1 = &tb->phys_hash_next;
+                    }
+                not_found:
+                    /* if no translated code available, then translate it now */
+                    tb = tb_alloc(pc);
+                    if (!tb) {
+                        /* flush must be done */
+                        tb_flush(env);
+                        /* cannot fail at this point */
+                        tb = tb_alloc(pc);
+                        /* don't forget to invalidate previous TB info */
+                        ptb = &tb_hash[tb_hash_func(pc)];
+                        T0 = 0;
+                    }
+                    tc_ptr = code_gen_ptr;
+                    tb->tc_ptr = tc_ptr;
+                    tb->cs_base = cs_base;
+                    tb->flags = flags;
+                    cpu_gen_code(env, tb, CODE_GEN_MAX_SIZE, &code_gen_size);
+                    code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
+                    /* check next page if needed */
+                    virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
+                    phys_page2 = -1;
+                    if ((pc & TARGET_PAGE_MASK) != virt_page2) {
+                        phys_page2 = get_phys_addr_code(env, virt_page2);
+                    }
+                    tb_link_phys(tb, phys_pc, phys_page2);
+                found:
+                    if (tb_invalidated_flag) {
+                        /* as some TB could have been invalidated because
+                           of memory exceptions while generating the code, we
+                           must recompute the hash index here */
+                        ptb = &tb_hash[tb_hash_func(pc)];
+                        while (*ptb != NULL)
+                            ptb = &(*ptb)->hash_next;
+                        T0 = 0;
+                    }
+                    /* we add the TB in the virtual pc hash table */
+                    *ptb = tb;
+                    tb->hash_next = NULL;
+                    tb_link(tb);
+                    spin_unlock(&tb_lock);
+                }
+                tb = tb_find_fast();
 #ifdef DEBUG_EXEC
                 if ((loglevel & CPU_LOG_EXEC)) {
 …
+                }
 #endif
 #ifdef __sparc__
+#if defined(__sparc__) && !defined(HOST_SOLARIS)
                 T0 = tmp_T0;
+#endif
+                /* see if we can patch the calling TB. */
+#endif
+                /* see if we can patch the calling TB. When the TB
+                   spans two pages, we cannot safely do a direct
+                   jump. */
+                {
+                    if (T0 != 0
+                    if (T0 != 0 &&
+#if USE_KQEMU
+                        (env->kqemu_enabled != 2) &&
+#endif
 #ifdef VBOX
+                    && !(tb->cflags & CF_RAW_MODE)
+#endif
+                        !(tb->cflags & CF_RAW_MODE) &&
+#endif
+                        tb->page_addr[1] == -1
 #if defined(TARGET_I386) && defined(USE_CODE_COPY)
                     && (tb->cflags & CF_CODE_COPY) ==
+                    && (tb->cflags & CF_CODE_COPY) ==
                     (((TranslationBlock *)(T0 & ~3))->cflags & CF_CODE_COPY)
 #endif
 …
 #if defined(USE_CODE_COPY)
                     /* propagates the FP use info */
                     ((TranslationBlock *)(T0 & ~3))->cflags |=
+                    ((TranslationBlock *)(T0 & ~3))->cflags |=
                         (tb->cflags & CF_FP_USED);
 #endif
 …
                                      "mov       %%o7,%%i0"
                                      : /* no outputs */
+                                     : "r" (gen_func)
+                                     : "i0", "i1", "i2", "i3", "i4", "i5");
+                                     : "r" (gen_func)
+                                     : "i0", "i1", "i2", "i3", "i4", "i5",
+                                       "l0", "l1", "l2", "l3", "l4", "l5",
+                                       "l6", "l7");
 #elif defined(__arm__)
                 asm volatile ("mov pc, %0\n\t"
 …
+    }
+}
+#elif defined(__ia64)
+                struct fptr {
+                        void *ip;
+                        void *gp;
+                } fp;
+                fp.ip = tc_ptr;
+                fp.gp = code_gen_buffer + 2 * (1 << 20);
+                (*(void (*)(void)) &fp)();
 #else
 #if defined(DEBUG) && defined(VBOX) && !defined(DEBUG_dmik)
 #if !defined(DEBUG_bird)
                 if (((env->hflags >> HF_CPL_SHIFT) & 3) == 0 && (env->hflags & HF_PE_MASK) && (env->cr[0] & CR0_PG_MASK))
+                if (((env->hflags >> HF_CPL_SHIFT) & 3) == 0 && (env->hflags & HF_PE_MASK) && (env->cr[0] & CR0_PG_MASK))
+                {
                     if(!(env->state & CPU_EMULATE_SINGLE_STEP))
 …
+                }
                 else
                 if (((env->hflags >> HF_CPL_SHIFT) & 3) == 3 && (env->hflags & HF_PE_MASK) && (env->cr[0] & CR0_PG_MASK))
+                if (((env->hflags >> HF_CPL_SHIFT) & 3) == 3 && (env->hflags & HF_PE_MASK) && (env->cr[0] & CR0_PG_MASK))
+                {
                     if(!(env->state & CPU_EMULATE_SINGLE_STEP))
 …
                         #else
                         env->state &= ~CPU_EMULATE_SINGLE_STEP;
                         #endif
+                    }
 #endif
+                        #endif
+                    }
+#endif
                     TMCpuTickPause(env->pVM);
                     remR3DisasInstr(env, -1, NULL);
 …
+                    }
+                }
                 else
+                else
+                {
                     RAWEx_ProfileStart(env, STATS_QEMU_RUN_EMULATED_CODE);
 …
+                }
 #endif
+#if defined(USE_KQEMU)
+#define MIN_CYCLE_BEFORE_SWITCH (100 * 1000)
+                if (kqemu_is_ok(env) &&
+                    (cpu_get_time_fast() - env->last_io_time) >= MIN_CYCLE_BEFORE_SWITCH) {
+                    cpu_loop_exit();
+                }
+#endif
+            }
         } else {
 …
     /* restore flags in standard format */
     env->eflags = env->eflags | cc_table[CC_OP].compute_all() | (DF & DF_MASK);
-    /* restore global registers */
-#ifdef reg_EAX
-    EAX = saved_EAX;
-#endif
-#ifdef reg_ECX
-    ECX = saved_ECX;
-#endif
-#ifdef reg_EDX
-    EDX = saved_EDX;
-#endif
-#ifdef reg_EBX
-    EBX = saved_EBX;
-#endif
-#ifdef reg_ESP
-    ESP = saved_ESP;
-#endif
-#ifdef reg_EBP
-    EBP = saved_EBP;
-#endif
-#ifdef reg_ESI
-    ESI = saved_ESI;
-#endif
-#ifdef reg_EDI
-    EDI = saved_EDI;
-#endif
 #elif defined(TARGET_ARM)
     env->cpsr = compute_cpsr();
+    /* XXX: Save/restore host fpu exception state?.  */
 #elif defined(TARGET_SPARC)
+#if defined(reg_REGWPTR)
+    REGWPTR = saved_regwptr;
+#endif
 #elif defined(TARGET_PPC)
+#elif defined(TARGET_M68K)
+    cpu_m68k_flush_flags(env, env->cc_op);
+    env->cc_op = CC_OP_FLAGS;
+    env->sr = (env->sr & 0xffe0)
+              | env->cc_dest | (env->cc_x << 4);
+#elif defined(TARGET_MIPS)
+#elif defined(TARGET_SH4)
+    /* XXXXX */
 #else
 #error unsupported target CPU
 #endif
 #ifdef __sparc__
+#if defined(__sparc__) && !defined(HOST_SOLARIS)
     asm volatile ("mov %0, %%i7" : : "r" (saved_i7));
 #endif
+    T0 = saved_T0;
+    T1 = saved_T1;
     T2 = saved_T2;
     env = saved_env;
+#include "hostregs_helper.h"
+    /* fail safe : never use cpu_single_env outside cpu_exec() */
+    cpu_single_env = NULL;
     return ret;
+}
 …
     if (!(env->cr[0] & CR0_PE_MASK) || (env->eflags & VM_MASK)) {
         selector &= 0xffff;
         cpu_x86_load_seg_cache(env, seg_reg, selector,
+        cpu_x86_load_seg_cache(env, seg_reg, selector,
                                (selector << 4), 0xffff, 0);
     } else {
 …
     saved_env = env;
     env = s;
     helper_fsave((target_ulong)ptr, data32);
 …
     saved_env = env;
     env = s;
     helper_frstor((target_ulong)ptr, data32);
 …
    signal set which should be restored */
 static inline int handle_cpu_signal(unsigned long pc, unsigned long address,
                                     int is_write, sigset_t *old_set,
+                                    int is_write, sigset_t *old_set,
                                     void *puc)
+{
 …
         env = cpu_single_env; /* XXX: find a correct solution for multithread */
 #if defined(DEBUG_SIGNAL)
     qemu_printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n",
+    qemu_printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n",
                 pc, address, is_write, *(unsigned long *)old_set);
 #endif
     /* XXX: locking issue */
     if (is_write && page_unprotect(address, pc, puc)) {
+    if (is_write && page_unprotect(h2g(address), pc, puc)) {
         return 1;
+    }
     /* see if it is an MMU fault */
     ret = cpu_x86_handle_mmu_fault(env, address, is_write,
+    ret = cpu_x86_handle_mmu_fault(env, address, is_write,
                                    ((env->hflags & HF_CPL_MASK) == 3), 0);
     if (ret < 0)
 …
     if (ret == 1) {
 #if 0
         printf("PF exception: EIP=0x%08x CR2=0x%08x error=0x%x\n",
+        printf("PF exception: EIP=0x%08x CR2=0x%08x error=0x%x\n",
                env->eip, env->cr[2], env->error_code);
 #endif
 …
            do it (XXX: use sigsetjmp) */
         sigprocmask(SIG_SETMASK, old_set, NULL);
         raise_exception_err(EXCP0E_PAGE, env->error_code);
+        raise_exception_err(env->exception_index, env->error_code);
     } else {
         /* activate soft MMU for this block */
 …
         env = cpu_single_env; /* XXX: find a correct solution for multithread */
 #if defined(DEBUG_SIGNAL)
     printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n",
+    printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n",
            pc, address, is_write, *(unsigned long *)old_set);
 #endif
     /* XXX: locking issue */
     if (is_write && page_unprotect(address, pc, puc)) {
+    if (is_write && page_unprotect(h2g(address), pc, puc)) {
         return 1;
+    }
 …
         env = cpu_single_env; /* XXX: find a correct solution for multithread */
 #if defined(DEBUG_SIGNAL)
     printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n",
+    printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n",
            pc, address, is_write, *(unsigned long *)old_set);
 #endif
     /* XXX: locking issue */
     if (is_write && page_unprotect(address, pc, puc)) {
+    if (is_write && page_unprotect(h2g(address), pc, puc)) {
         return 1;
+    }
 …
     TranslationBlock *tb;
     int ret;
     if (cpu_single_env)
         env = cpu_single_env; /* XXX: find a correct solution for multithread */
 #if defined(DEBUG_SIGNAL)
     printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n",
+    printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n",
            pc, address, is_write, *(unsigned long *)old_set);
 #endif
     /* XXX: locking issue */
     if (is_write && page_unprotect(address, pc, puc)) {
+    if (is_write && page_unprotect(h2g(address), pc, puc)) {
         return 1;
+    }
 …
     if (ret == 1) {
 #if 0
         printf("PF exception: NIP=0x%08x error=0x%x %p\n",
+        printf("PF exception: NIP=0x%08x error=0x%x %p\n",
                env->nip, env->error_code, tb);
 #endif
 …
     return 1;
+}
+#elif defined(TARGET_M68K)
+static inline int handle_cpu_signal(unsigned long pc, unsigned long address,
+                                    int is_write, sigset_t *old_set,
+                                    void *puc)
+{
+    TranslationBlock *tb;
+    int ret;
+    if (cpu_single_env)
+        env = cpu_single_env; /* XXX: find a correct solution for multithread */
+#if defined(DEBUG_SIGNAL)
+    printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n",
+           pc, address, is_write, *(unsigned long *)old_set);
+#endif
+    /* XXX: locking issue */
+    if (is_write && page_unprotect(address, pc, puc)) {
+        return 1;
+    }
+    /* see if it is an MMU fault */
+    ret = cpu_m68k_handle_mmu_fault(env, address, is_write, 1, 0);
+    if (ret < 0)
+        return 0; /* not an MMU fault */
+    if (ret == 0)
+        return 1; /* the MMU fault was handled without causing real CPU fault */
+    /* now we have a real cpu fault */
+    tb = tb_find_pc(pc);
+    if (tb) {
+        /* the PC is inside the translated code. It means that we have
+           a virtual CPU fault */
+        cpu_restore_state(tb, env, pc, puc);
+    }
+    /* we restore the process signal mask as the sigreturn should
+       do it (XXX: use sigsetjmp) */
+    sigprocmask(SIG_SETMASK, old_set, NULL);
+    cpu_loop_exit();
+    /* never comes here */
+    return 1;
+}
+#elif defined (TARGET_MIPS)
+static inline int handle_cpu_signal(unsigned long pc, unsigned long address,
+                                    int is_write, sigset_t *old_set,
+                                    void *puc)
+{
+    TranslationBlock *tb;
+    int ret;
+    if (cpu_single_env)
+        env = cpu_single_env; /* XXX: find a correct solution for multithread */
+#if defined(DEBUG_SIGNAL)
+    printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n",
+           pc, address, is_write, *(unsigned long *)old_set);
+#endif
+    /* XXX: locking issue */
+    if (is_write && page_unprotect(h2g(address), pc, puc)) {
+        return 1;
+    }
+    /* see if it is an MMU fault */
+    ret = cpu_mips_handle_mmu_fault(env, address, is_write, 1, 0);
+    if (ret < 0)
+        return 0; /* not an MMU fault */
+    if (ret == 0)
+        return 1; /* the MMU fault was handled without causing real CPU fault */
+    /* now we have a real cpu fault */
+    tb = tb_find_pc(pc);
+    if (tb) {
+        /* the PC is inside the translated code. It means that we have
+           a virtual CPU fault */
+        cpu_restore_state(tb, env, pc, puc);
+    }
+    if (ret == 1) {
+#if 0
+        printf("PF exception: NIP=0x%08x error=0x%x %p\n",
+               env->nip, env->error_code, tb);
+#endif
+    /* we restore the process signal mask as the sigreturn should
+       do it (XXX: use sigsetjmp) */
+        sigprocmask(SIG_SETMASK, old_set, NULL);
+        do_raise_exception_err(env->exception_index, env->error_code);
+    } else {
+        /* activate soft MMU for this block */
+        cpu_resume_from_signal(env, puc);
+    }
+    /* never comes here */
+    return 1;
+}
+#elif defined (TARGET_SH4)
+static inline int handle_cpu_signal(unsigned long pc, unsigned long address,
+                                    int is_write, sigset_t *old_set,
+                                    void *puc)
+{
+    TranslationBlock *tb;
+    int ret;
+    if (cpu_single_env)
+        env = cpu_single_env; /* XXX: find a correct solution for multithread */
+#if defined(DEBUG_SIGNAL)
+    printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n",
+           pc, address, is_write, *(unsigned long *)old_set);
+#endif
+    /* XXX: locking issue */
+    if (is_write && page_unprotect(h2g(address), pc, puc)) {
+        return 1;
+    }
+    /* see if it is an MMU fault */
+    ret = cpu_sh4_handle_mmu_fault(env, address, is_write, 1, 0);
+    if (ret < 0)
+        return 0; /* not an MMU fault */
+    if (ret == 0)
+        return 1; /* the MMU fault was handled without causing real CPU fault */
+    /* now we have a real cpu fault */
+    tb = tb_find_pc(pc);
+    if (tb) {
+        /* the PC is inside the translated code. It means that we have
+           a virtual CPU fault */
+        cpu_restore_state(tb, env, pc, puc);
+    }
+#if 0
+        printf("PF exception: NIP=0x%08x error=0x%x %p\n",
+               env->nip, env->error_code, tb);
+#endif
+    /* we restore the process signal mask as the sigreturn should
+       do it (XXX: use sigsetjmp) */
+    sigprocmask(SIG_SETMASK, old_set, NULL);
+    cpu_loop_exit();
+    /* never comes here */
+    return 1;
+}
 #else
 #error unsupported target CPU
 …
 #if defined(USE_CODE_COPY)
 static void cpu_send_trap(unsigned long pc, int trap,
+static void cpu_send_trap(unsigned long pc, int trap,
                           struct ucontext *uc)
+{
 …
 #endif
 int cpu_signal_handler(int host_signum, struct siginfo *info,
+int cpu_signal_handler(int host_signum, void *pinfo,
                        void *puc)
+{
+    siginfo_t *info = pinfo;
     struct ucontext *uc = puc;
     unsigned long pc;
 …
     } else
 #endif
         return handle_cpu_signal(pc, (unsigned long)info->si_addr,
                                  trapno == 0xe ?
+        return handle_cpu_signal(pc, (unsigned long)info->si_addr,
+                                 trapno == 0xe ?
                                  (uc->uc_mcontext.gregs[REG_ERR] >> 1) & 1 : 0,
                                  &uc->uc_sigmask, puc);
 …
 #elif defined(__x86_64__)
 int cpu_signal_handler(int host_signum, struct siginfo *info,
+int cpu_signal_handler(int host_signum, void *pinfo,
                        void *puc)
+{
+    siginfo_t *info = pinfo;
     struct ucontext *uc = puc;
     unsigned long pc;
     pc = uc->uc_mcontext.gregs[REG_RIP];
     return handle_cpu_signal(pc, (unsigned long)info->si_addr,
                              uc->uc_mcontext.gregs[REG_TRAPNO] == 0xe ?
+    return handle_cpu_signal(pc, (unsigned long)info->si_addr,
+                             uc->uc_mcontext.gregs[REG_TRAPNO] == 0xe ?
                              (uc->uc_mcontext.gregs[REG_ERR] >> 1) & 1 : 0,
                              &uc->uc_sigmask, puc);
 …
 #endif /* __APPLE__ */
 int cpu_signal_handler(int host_signum, struct siginfo *info,
+int cpu_signal_handler(int host_signum, void *pinfo,
                        void *puc)
+{
+    siginfo_t *info = pinfo;
     struct ucontext *uc = puc;
     unsigned long pc;
 …
         is_write = 1;
 #endif
     return handle_cpu_signal(pc, (unsigned long)info->si_addr,
+    return handle_cpu_signal(pc, (unsigned long)info->si_addr,
                              is_write, &uc->uc_sigmask, puc);
+}
 …
 #elif defined(__alpha__)
 int cpu_signal_handler(int host_signum, struct siginfo *info,
+int cpu_signal_handler(int host_signum, void *pinfo,
                            void *puc)
+{
+    siginfo_t *info = pinfo;
     struct ucontext *uc = puc;
     uint32_t *pc = uc->uc_mcontext.sc_pc;
 …
+    }
     return handle_cpu_signal(pc, (unsigned long)info->si_addr,
+    return handle_cpu_signal(pc, (unsigned long)info->si_addr,
                              is_write, &uc->uc_sigmask, puc);
+}
 #elif defined(__sparc__)
 int cpu_signal_handler(int host_signum, struct siginfo *info,
+int cpu_signal_handler(int host_signum, void *pinfo,
                        void *puc)
+{
+    siginfo_t *info = pinfo;
     uint32_t *regs = (uint32_t *)(info + 1);
     void *sigmask = (regs + 20);
 …
     int is_write;
     uint32_t insn;
     /* XXX: is there a standard glibc define ? */
     pc = regs[1];
 …
+      }
+    }
     return handle_cpu_signal(pc, (unsigned long)info->si_addr,
+    return handle_cpu_signal(pc, (unsigned long)info->si_addr,
                              is_write, sigmask, NULL);
+}
 …
 #elif defined(__arm__)
 int cpu_signal_handler(int host_signum, struct siginfo *info,
+int cpu_signal_handler(int host_signum, void *pinfo,
                        void *puc)
+{
+    siginfo_t *info = pinfo;
     struct ucontext *uc = puc;
     unsigned long pc;
     int is_write;
     pc = uc->uc_mcontext.gregs[R15];
     /* XXX: compute is_write */
     is_write = 0;
     return handle_cpu_signal(pc, (unsigned long)info->si_addr,
+    return handle_cpu_signal(pc, (unsigned long)info->si_addr,
                              is_write,
                              &uc->uc_sigmask);
+                             &uc->uc_sigmask, puc);
+}
 #elif defined(__mc68000)
 int cpu_signal_handler(int host_signum, struct siginfo *info,
+int cpu_signal_handler(int host_signum, void *pinfo,
                        void *puc)
+{
+    siginfo_t *info = pinfo;
     struct ucontext *uc = puc;
     unsigned long pc;
     int is_write;
     pc = uc->uc_mcontext.gregs[16];
     /* XXX: compute is_write */
     is_write = 0;
     return handle_cpu_signal(pc, (unsigned long)info->si_addr,
+    return handle_cpu_signal(pc, (unsigned long)info->si_addr,
                              is_write,
                              &uc->uc_sigmask, puc);
+}
+#elif defined(__ia64)
+#ifndef __ISR_VALID
+  /* This ought to be in <bits/siginfo.h>... */
+# define __ISR_VALID    1
+#endif
+int cpu_signal_handler(int host_signum, void *pinfo, void *puc)
+{
+    siginfo_t *info = pinfo;
+    struct ucontext *uc = puc;
+    unsigned long ip;
+    int is_write = 0;
+    ip = uc->uc_mcontext.sc_ip;
+    switch (host_signum) {
+      case SIGILL:
+      case SIGFPE:
+      case SIGSEGV:
+      case SIGBUS:
+      case SIGTRAP:
+          if (info->si_code && (info->si_segvflags & __ISR_VALID))
+              /* ISR.W (write-access) is bit 33:  */
+              is_write = (info->si_isr >> 33) & 1;
+          break;
+      default:
+          break;
+    }
+    return handle_cpu_signal(ip, (unsigned long)info->si_addr,
+                             is_write,
+                             &uc->uc_sigmask, puc);
+}
+#elif defined(__s390__)
+int cpu_signal_handler(int host_signum, void *pinfo,
+                       void *puc)
+{
+    siginfo_t *info = pinfo;
+    struct ucontext *uc = puc;
+    unsigned long pc;
+    int is_write;
+    pc = uc->uc_mcontext.psw.addr;
+    /* XXX: compute is_write */
+    is_write = 0;
+    return handle_cpu_signal(pc, (unsigned long)info->si_addr,
+                             is_write,
+                             &uc->uc_sigmask, puc);
+}
 #else

trunk/src/recompiler/disas.h

-              r1
+              r2422
 void disas(FILE *out, void *code, unsigned long size);
 void target_disas(FILE *out, target_ulong code, target_ulong size, int flags);
+void monitor_disas(target_ulong pc, int nb_insn, int is_physical, int flags);
+void monitor_disas(CPUState *env,
+                   target_ulong pc, int nb_insn, int is_physical, int flags);
 /* Look up symbol for debugging purpose.  Returns "" if unknown. */

trunk/src/recompiler/dyngen-exec.h

-              r1
+              r2422
 #define __DYNGEN_EXEC_H__
+/* prevent Solaris from trying to typedef FILE in gcc's
+   include/floatingpoint.h which will conflict with the
+   definition down below */
+#ifdef __sun__
+#define _FILEDEFED
+#endif
 /* NOTE: standard headers should be used with special care at this
    point because host CPU registers are used as global variables. Some
 …
 #include <stddef.h>
+/* There are some conflicts with the uClibc headers. I'm _very_ amazed
+   that we don't get the same conflicts when compiling against glibc ... */
+#if !defined(__L4ENV__) && !defined(__MINGW32__) /* VBOX: mingw 3.4.x got into trouble here. */
+#ifndef VBOX
 typedef unsigned char uint8_t;
 typedef unsigned short uint16_t;
 typedef unsigned int uint32_t;
+// Linux/Sparc64 defines uint64_t
+#if !(defined (__sparc_v9__) && defined(__linux__))
 /* XXX may be done for all 64 bits targets ? */
 #if defined (__x86_64__)
+#if defined (__x86_64__) || defined(__ia64)
 typedef unsigned long uint64_t;
 #else
 typedef unsigned long long uint64_t;
 #endif
+#endif
+/* if Solaris/__sun__, don't typedef int8_t, as it will be typedef'd
+   prior to this and will cause an error in compliation, conflicting
+   with /usr/include/sys/int_types.h, line 75 */
+#ifndef __sun__
 typedef signed char int8_t;
+#endif
 typedef signed short int16_t;
 typedef signed int int32_t;
+#if defined (__x86_64__)
+// Linux/Sparc64 defines int64_t
+#if !(defined (__sparc_v9__) && defined(__linux__))
+#if defined (__x86_64__) || defined(__ia64)
 typedef signed long int64_t;
 #else
 typedef signed long long int64_t;
 #endif
+#endif
+/* XXX: This may be wrong for 64-bit ILP32 hosts.  */
+typedef void * host_reg_t;
 #define INT8_MIN                (-128)
 …
 #define UINT64_MAX              ((uint64_t)(18446744073709551615))
-#else /* __L4ENV__ */
-#include <stdint.h>
-#endif  /* __L4ENV__ */
 typedef struct FILE FILE;
 extern int fprintf(FILE *, const char *, ...);
 …
 #undef NULL
 #define NULL 0
+#if defined(_BSD) && !defined(__APPLE__)
+#include <ieeefp.h>
+#define FE_TONEAREST   FP_RN
+#define FE_DOWNWARD    FP_RM
+#define FE_UPWARD      FP_RP
+#define FE_TOWARDZERO  FP_RZ
+#define fesetround(x)  fpsetround(x)
+#else
+#include <fenv.h>
+#endif
+#else  /* VBOX */
+/* XXX: This may be wrong for 64-bit ILP32 hosts.  */
+typedef void * host_reg_t;
+#include <iprt/stdint.h>
+#include <stdio.h>
+#endif /* VBOX */
 #ifdef __i386__
 …
 #define AREG2 "r12"
 #define AREG3 "r13"
 #define AREG4 "r14"
 #define AREG5 "r15"
+//#define AREG4 "r14"
+//#define AREG5 "r15"
 #endif
 #ifdef __powerpc__
 …
 #endif
 #ifdef __sparc__
+#ifdef HOST_SOLARIS
+#define AREG0 "g2"
+#define AREG1 "g3"
+#define AREG2 "g4"
+#define AREG3 "g5"
+#define AREG4 "g6"
+#else
+#ifdef __sparc_v9__
+#define AREG0 "g1"
+#define AREG1 "g4"
+#define AREG2 "g5"
+#define AREG3 "g7"
+#else
 #define AREG0 "g6"
 #define AREG1 "g1"
 …
 #define AREG10 "l6"
 #define AREG11 "l7"
+#endif
+#endif
 #define USE_FP_CONVERT
 #endif
 …
 #endif
 #ifdef __ia64__
 #define AREG0 "r27"
 #define AREG1 "r24"
 #define AREG2 "r25"
 #define AREG3 "r26"
+#define AREG0 "r7"
+#define AREG1 "r4"
+#define AREG2 "r5"
+#define AREG3 "r6"
 #endif
 /* force GCC to generate only one epilog at the end of the function */
 #define FORCE_RET() asm volatile ("");
+#define FORCE_RET() __asm__ __volatile__("" : : : "memory");
 #ifndef OPPROTO
 …
 #define __hidden __attribute__((visibility("hidden")))
 #else
 #define __hidden
+#define __hidden
 #endif
 …
 #ifdef __x86_64__
 #define EXIT_TB() asm volatile ("ret")
+#define GOTO_LABEL_PARAM(n) asm volatile ("jmp " ASM_NAME(__op_gen_label) #n)
 #endif
 #ifdef __powerpc__
 …
 #ifdef __s390__
 #define EXIT_TB() asm volatile ("br %r14")
+#define GOTO_LABEL_PARAM(n) asm volatile ("b " ASM_NAME(__op_gen_label) #n)
 #endif
 #ifdef __alpha__
 …
 #ifdef __ia64__
 #define EXIT_TB() asm volatile ("br.ret.sptk.many b0;;")
+#define GOTO_LABEL_PARAM(n) asm volatile ("br.sptk.many " \
+                                          ASM_NAME(__op_gen_label) #n)
 #endif
 #ifdef __sparc__
 #define EXIT_TB() asm volatile ("jmpl %i0 + 8, %g0\n" \
                                 "nop")
+#define EXIT_TB() asm volatile ("jmpl %i0 + 8, %g0; nop")
+#define GOTO_LABEL_PARAM(n) asm volatile ("ba " ASM_NAME(__op_gen_label) #n ";nop")
 #endif
 #ifdef __arm__
 #define EXIT_TB() asm volatile ("b exec_loop")
+#define GOTO_LABEL_PARAM(n) asm volatile ("b " ASM_NAME(__op_gen_label) #n)
 #endif
 #ifdef __mc68000

trunk/src/recompiler/dyngen.c

-              r1
+              r2422
 typedef uint32_t host_ulong;
 #define swabls(x) swab32s(x)
+#define swablss(x) swab32ss(x)
 #else
 typedef int64_t host_long;
 typedef uint64_t host_ulong;
 #define swabls(x) swab64s(x)
+#define swablss(x) swab64ss(x)
 #endif
 …
 #include <mach-o/nlist.h>
 #include <mach-o/reloc.h>
+#if !defined(HOST_I386)
 #include <mach-o/ppc/reloc.h>
+#endif
 # define check_mach_header(x) (x.magic == MH_MAGIC)
 …
 #define EXE_RELOC struct relocation_info
 #define EXE_SYM struct nlist_extended
+#if defined(HOST_I386)
+# define r_offset r_address
+#endif
 #endif /* CONFIG_FORMAT_MACH */
 …
     char n_other;
     short n_desc;
     unsigned long st_value; // n_value -> st_value
     unsigned long st_size;  // added
+    unsigned long st_value; /* n_value -> st_value */
+    unsigned long st_size;  /* added */
 };
 …
     OUT_GEN_OP,
     OUT_CODE,
     OUT_INDEX_OP,
+    OUT_INDEX_OP
 };
 …
+}
+void swab32ss(int32_t *p)
+{
+    *p = bswap32(*p);
+}
 void swab64s(uint64_t *p)
+{
+    *p = bswap64(*p);
+}
+void swab64ss(int64_t *p)
+{
     *p = bswap64(*p);
 …
     swabls(&rel->r_info);
 #ifdef ELF_USES_RELOCA
     swabls(&rel->r_addend);
+    swablss(&rel->r_addend);
 #endif
+}
 …
     ELF_RELOC *rel;
+    fd = open(filename, O_RDONLY);
+    fd = open(filename, O_RDONLY
+#ifdef O_BINARY
+              | O_BINARY
+#endif
+              );
     if (fd < 0)
         error("can't open file '%s'", filename);
 …
         elf_swap_ehdr(&ehdr);
     if (ehdr.e_ident[EI_CLASS] != ELF_CLASS)
         error("Unsupported ELF class");
+        error("Unsupported ELF class (%#x)", ehdr.e_ident[EI_CLASS]);
     if (ehdr.e_type != ET_REL)
         error("ELF object file expected");
 …
     sec = &shdr[ehdr.e_shstrndx];
     shstr = sdata[ehdr.e_shstrndx];
+    shstr = (char *)sdata[ehdr.e_shstrndx];
     /* swap relocations */
 …
     symtab = (ElfW(Sym) *)sdata[symtab_sec - shdr];
     strtab = sdata[symtab_sec->sh_link];
+    strtab = (char *)sdata[symtab_sec->sh_link];
     nb_syms = symtab_sec->sh_size / sizeof(ElfW(Sym));
 …
     if (!strcmp(name, ".data"))
         name = name_for_dotdata(rel);
+    if (name[0] == '.')
+        return NULL;
     return name;
+}
 …
     fd = open(filename, O_RDONLY
 #ifdef _WIN32
+#ifdef O_BINARY
               | O_BINARY
 #endif
 …
+#if defined(HOST_PPC)
 static inline void fetch_next_pair_value(struct relocation_info * rel, unsigned int *value)
+{
 …
+        }
+}
+#endif
 /* find a sym name given its value, in a section number */
 …
+        }
+#if defined(HOST_I386)
+        /* ignore internal pc relative fixups where both ends are in the text section. */
+        if (rel->r_pcrel && !rel->r_extern && rel->r_symbolnum == 1 /* ASSUMES text */)
+                return NULL;
+#endif
         /* Intruction contains an offset to the symbols pointed to, in the rel->r_symbolnum section */
         sectoffset = *(uint32_t *)(text + rel->r_address) & 0xffff;
 …
                 error("sectnum > segment->nsects");
+#if defined(HOST_PPC)
         switch(rel->r_type)
+        {
                 case PPC_RELOC_LO16: fetch_next_pair_value(rel+1, &other_half); sectoffset = (sectoffset & 0xffff);
+                case PPC_RELOC_LO16: fetch_next_pair_value(rel+1, &other_half); sectoffset |= (other_half << 16);
                         break;
                 case PPC_RELOC_HI16: fetch_next_pair_value(rel+1, &other_half); sectoffset = (other_half & 0xffff);
+                case PPC_RELOC_HI16: fetch_next_pair_value(rel+1, &other_half); sectoffset = (sectoffset << 16) | (uint16_t)(other_half & 0xffff);
                         break;
                 case PPC_RELOC_HA16: fetch_next_pair_value(rel+1, &other_half); sectoffset = (other_half & 0xffff);
+                case PPC_RELOC_HA16: fetch_next_pair_value(rel+1, &other_half); sectoffset = (sectoffset << 16) + (int16_t)(other_half & 0xffff);
                         break;
                 case PPC_RELOC_BR24:
 …
                         error("switch(rel->type) not found");
+        }
+#elif defined(HOST_I386)
+        /* The intruction contains the addend. */
+        sectoffset = *(uint32_t *)(text + rel->r_address);
+#else
+#error unsupported mach-o host
+#endif
         if(rel->r_pcrel)
                 sectoffset += rel->r_address;
+#if defined(HOST_PPC)
         if (rel->r_type == PPC_RELOC_BR24)
                 name = (char *)find_reloc_name_in_sec_ptr((int)sectoffset, &section_hdr[sectnum-1]);
+#endif
         /* search it in the full symbol list, if not found */
 …
+}
+#if defined(HOST_I386)
+static const char *get_rel_sym_name_and_addend(EXE_RELOC *rel, int *addend)
+{
+        const char *name = NULL;
+    if (R_SCATTERED & rel->r_address) {
+                unsigned int i;
+                struct scattered_relocation_info * sca_rel = (struct scattered_relocation_info*)rel;
+                if (sca_rel->r_length != 2 || rel->r_pcrel) {
+                        error("Fully implement R_SCATTERED! r_address=%#x r_type=%#x r_length=%d r_pcrel=%d r_value=%#x\n",
+                                  (int)sca_rel->r_address, sca_rel->r_type, sca_rel->r_length, sca_rel->r_pcrel, sca_rel->r_value);
+                }
+                /* this seems to be the way to calc the addend. */
+                *addend = *(int32_t *)(text + sca_rel->r_address) - sca_rel->r_value;
+                /* todo: do we need to ignore internal relocations? */
+#if 0
+                if (sca_rel->r_pcrel ...)
+                        return NULL;
+#endif
+                /* find_reloc_name_given_its_address doesn't do the right thing here, so
+                   we locate the section and use find_sym_with_value_and_sec_number  */
+                for (i = 0; i < segment->nsects ; i++) {
+                        if ((uintptr_t)sca_rel->r_value - section_hdr[i].addr < section_hdr[i].size) {
+                                int off = 0;
+                                name = find_sym_with_value_and_sec_number(sca_rel->r_value, i + 1, &off);
+                                if (name) {
+                                        *addend += off;
+                                         break;
+                                }
+                        }
+                }
+                if (!name)
+                        error("Fully implement R_SCATTERED! r_address=%#x r_type=%#x r_length=%d r_pcrel=%d r_value=%#x\n",
+                                  (int)sca_rel->r_address, sca_rel->r_type, sca_rel->r_length, sca_rel->r_pcrel, sca_rel->r_value);
+        }
+        else
+        {
+                /* ignore debug syms (paranoia). */
+                if (symtab[rel->r_symbolnum].n_type & N_STAB)
+                        return NULL;
+                /* ignore internal pc relative fixups where both ends are in the text section. */
+                if (rel->r_pcrel && !rel->r_extern && rel->r_symbolnum == 1 /* ASSUMES text */)
+                        return NULL;
+                /* get the addend, it is in the instruction stream. */
+                *addend = *(int32_t *)(text + rel->r_address);
+                if (rel->r_pcrel)
+                        *addend += rel->r_address;
+                /* external fixups are easy. */
+                if (rel->r_extern)
+                {
+                        if (rel->r_symbolnum >= nb_syms)
+                                error("rel->r_symbolnum (%d) >= nb_syms (%d)", rel->r_symbolnum, nb_syms);
+                        name = get_sym_name(&symtab[rel->r_symbolnum]);
+                }
+                else
+                {
+                        /* sanity checks. */
+                        if (rel->r_symbolnum == 0xffffff)
+                                return NULL;
+                        if (rel->r_symbolnum > segment->nsects)
+                                error("sectnum (%d) > segment->nsects (%d)", rel->r_symbolnum, segment->nsects);
+                        if (rel->r_pcrel)
+                                error("internal pcrel fixups not implemented");
+                        /* search for the symbol. */
+                        name = find_sym_with_value_and_sec_number(*addend, rel->r_symbolnum, addend);
+                }
+        }
+    return name;
+}
+#endif /* HOST_I386 */
 /* Used by dyngen common code */
 static const char * get_rel_sym_name(EXE_RELOC * rel)
+{
         int sslide;
+#if defined(HOST_I386)
+        return get_rel_sym_name_and_addend(rel, &sslide);
+#else
         return get_reloc_name( rel, &sslide);
+#endif
+}
 …
         struct nlist *syment;
+        fd = open(filename, O_RDONLY);
+        fd = open(filename, O_RDONLY
+#ifdef O_BINARY
+                  | O_BINARY
+#endif
+                  );
     if (fd < 0)
         error("can't open file '%s'", filename);
 …
         error("bad Mach header");
+    }
+#if defined(HOST_PPC)
     if (mach_hdr.cputype != CPU_TYPE_POWERPC)
+#elif defined(HOST_I386)
+    if (mach_hdr.cputype != CPU_TYPE_X86)
+#else
+#error unsupported host
+#endif
         error("Unsupported CPU");
 …
         /* Now transform the symtab, to an extended version, with the sym size, and the C name */
         for(i = 0, sym = symtab, syment = symtab_std; i < nb_syms; i++, sym++, syment++) {
+        const char *name;
+        struct nlist *sym_follow, *sym_next = 0;
+        struct nlist *sym_cur, *sym_next = 0;
         unsigned int j;
-        name = find_str_by_index(sym->n_un.n_strx);
                 memset(sym, 0, sizeof(*sym));
                 if ( sym->n_type & N_STAB ) /* Debug symbols are skipped */
+                if ( syment->n_type & N_STAB ) /* Debug symbols are skipped */
             continue;
                 memcpy(sym, syment, sizeof(*syment));
+#if defined(VBOX)
+        /* don't bother calcing size of internal symbol local symbols. */
+        if (strstart(find_str_by_index(sym->n_un.n_strx), ".L", NULL)) {
+            sym->st_size = 0;
+            continue;
+        }
+#endif
                 /* Find the following symbol in order to get the current symbol size */
+        for(j = 0, sym_follow = symtab_std; j < nb_syms; j++, sym_follow++) {
+            if ( sym_follow->n_sect != 1 || sym_follow->n_type & N_STAB || !(sym_follow->n_value > sym->st_value))
+        for (j = 0, sym_cur = symtab_std; j < nb_syms; j++, sym_cur++) {
+            if (    sym_cur->n_sect != /*syment->n_sect*/ 1
+                ||  (sym_cur->n_type & N_STAB)
+                ||  sym_cur->n_value <= syment->n_value)
                 continue;
             if(!sym_next) {
                 sym_next = sym_follow;
+            if (     sym_next
+                &&   sym_next->n_value <= sym_cur->n_value)
                 continue;
+            }
+            if(!(sym_next->n_value > sym_follow->n_value))
+#if defined(HOST_I386)
+            /* Ignore local labels (.Lxxx). */
+            if (strstart(find_str_by_index(sym_cur->n_un.n_strx), ".L", NULL))
                 continue;
+            sym_next = sym_follow;
+#endif
+            /* a good one */
+            sym_next = sym_cur;
+        }
                 if(sym_next)
 …
+}
 /* load a a.out object file */
+/* load an a.out object file */
 int load_object(const char *filename)
+{
 …
 #ifdef HOST_SPARC
         if (sym_name[0] == '.')
             snprintf(name, sizeof(name),
+            snprintf(name, name_size,
                      "(long)(&__dot_%s)",
                      sym_name + 1);
 …
+}
+#ifdef HOST_IA64
+#define PLT_ENTRY_SIZE  16      /* 1 bundle containing "brl" */
+struct plt_entry {
+    struct plt_entry *next;
+    const char *name;
+    unsigned long addend;
+} *plt_list;
+static int
+get_plt_index (const char *name, unsigned long addend)
+{
+    struct plt_entry *plt, *prev= NULL;
+    int index = 0;
+    /* see if we already have an entry for this target: */
+    for (plt = plt_list; plt; ++index, prev = plt, plt = plt->next)
+        if (strcmp(plt->name, name) == 0 && plt->addend == addend)
+            return index;
+    /* nope; create a new PLT entry: */
+    plt = malloc(sizeof(*plt));
+    if (!plt) {
+        perror("malloc");
+        exit(1);
+    }
+    memset(plt, 0, sizeof(*plt));
+    plt->name = strdup(name);
+    plt->addend = addend;
+    /* append to plt-list: */
+    if (prev)
+        prev->next = plt;
+    else
+        plt_list = plt;
+    return index;
+}
+#endif
 #ifdef HOST_ARM
 …
     uint8_t *p;
     uint32_t insn;
     int offset, min_offset, pc_offset, data_size;
+    int offset, min_offset, pc_offset, data_size, spare, max_pool;
     uint8_t data_allocated[1024];
     unsigned int data_index;
+    int type;
     memset(data_allocated, 0, sizeof(data_allocated));
 …
     p = p_start;
     min_offset = p_end - p_start;
+    spare = 0x7fffffff;
     while (p < p_start + min_offset) {
         insn = get32((uint32_t *)p);
+        /* TODO: Armv5e ldrd.  */
+        /* TODO: VFP load.  */
         if ((insn & 0x0d5f0000) == 0x051f0000) {
             /* ldr reg, [pc, #im] */
             offset = insn & 0xfff;
             if (!(insn & 0x00800000))
+                        offset = -offset;
+                offset = -offset;
+            max_pool = 4096;
+            type = 0;
+        } else if ((insn & 0x0e5f0f00) == 0x0c1f0100) {
+            /* FPA ldf.  */
+            offset = (insn & 0xff) << 2;
+            if (!(insn & 0x00800000))
+                offset = -offset;
+            max_pool = 1024;
+            type = 1;
+        } else if ((insn & 0x0fff0000) == 0x028f0000) {
+            /* Some gcc load a doubleword immediate with
+               add regN, pc, #imm
+               ldmia regN, {regN, regM}
+               Hope and pray the compiler never generates somethin like
+               add reg, pc, #imm1; ldr reg, [reg, #-imm2]; */
+            int r;
+            r = (insn & 0xf00) >> 7;
+            offset = ((insn & 0xff) >> r) | ((insn & 0xff) << (32 - r));
+            max_pool = 1024;
+            type = 2;
+        } else {
+            max_pool = 0;
+            type = -1;
+        }
+        if (type >= 0) {
+            /* PC-relative load needs fixing up.  */
+            if (spare > max_pool - offset)
+                spare = max_pool - offset;
             if ((offset & 3) !=0)
+                error("%s:%04x: ldr pc offset must be 32 bit aligned",
+                error("%s:%04x: pc offset must be 32 bit aligned",
+                      name, start_offset + p - p_start);
+            if (offset < 0)
+                error("%s:%04x: Embedded literal value",
                       name, start_offset + p - p_start);
             pc_offset = p - p_start + offset + 8;
             if (pc_offset <= (p - p_start) ||
                 pc_offset >= (p_end - p_start))
                 error("%s:%04x: ldr pc offset must point inside the function code",
+                error("%s:%04x: pc offset must point inside the function code",
                       name, start_offset + p - p_start);
             if (pc_offset < min_offset)
                 min_offset = pc_offset;
             if (outfile) {
                 /* ldr position */
+                /* The intruction position */
                 fprintf(outfile, "    arm_ldr_ptr->ptr = gen_code_ptr + %d;\n",
                         p - p_start);
                 /* ldr data index */
                 data_index = ((p_end - p_start) - pc_offset - 4) >> 2;
                 fprintf(outfile, "    arm_ldr_ptr->data_ptr = arm_data_ptr + %d;\n",
+                /* The position of the constant pool data.  */
+                data_index = ((p_end - p_start) - pc_offset) >> 2;
+                fprintf(outfile, "    arm_ldr_ptr->data_ptr = arm_data_ptr - %d;\n",
                         data_index);
+                fprintf(outfile, "    arm_ldr_ptr->type = %d;\n", type);
                 fprintf(outfile, "    arm_ldr_ptr++;\n");
-                if (data_index >= sizeof(data_allocated))
-                    error("%s: too many data", name);
-                if (!data_allocated[data_index]) {
-                    ELF_RELOC *rel;
-                    int i, addend, type;
-                    const char *sym_name, *p;
-                    char relname[1024];
-                    data_allocated[data_index] = 1;
-                    /* data value */
-                    addend = get32((uint32_t *)(p_start + pc_offset));
-                    relname[0] = '\0';
-                    for(i = 0, rel = relocs;i < nb_relocs; i++, rel++) {
-                        if (rel->r_offset == (pc_offset + start_offset)) {
-                            sym_name = get_rel_sym_name(rel);
-                            /* the compiler leave some unnecessary references to the code */
-                            get_reloc_expr(relname, sizeof(relname), sym_name);
-                            type = ELF32_R_TYPE(rel->r_info);
-                            if (type != R_ARM_ABS32)
-                                error("%s: unsupported data relocation", name);
-                            break;
+                        }
+                    }
-                    fprintf(outfile, "    arm_data_ptr[%d] = 0x%x",
-                            data_index, addend);
-                    if (relname[0] != '\0')
-                        fprintf(outfile, " + %s", relname);
-                    fprintf(outfile, ";\n");
+                }
+            }
+        }
         p += 4;
+    }
+    /* Copy and relocate the constant pool data.  */
     data_size = (p_end - p_start) - min_offset;
     if (data_size > 0 && outfile) {
+        fprintf(outfile, "    arm_data_ptr += %d;\n", data_size >> 2);
+    }
+    /* the last instruction must be a mov pc, lr */
+        spare += min_offset;
+        fprintf(outfile, "    arm_data_ptr -= %d;\n", data_size >> 2);
+        fprintf(outfile, "    arm_pool_ptr -= %d;\n", data_size);
+        fprintf(outfile, "    if (arm_pool_ptr > gen_code_ptr + %d)\n"
+                         "        arm_pool_ptr = gen_code_ptr + %d;\n",
+                         spare, spare);
+        data_index = 0;
+        for (pc_offset = min_offset;
+             pc_offset < p_end - p_start;
+             pc_offset += 4) {
+            ELF_RELOC *rel;
+            int i, addend, type;
+            const char *sym_name;
+            char relname[1024];
+            /* data value */
+            addend = get32((uint32_t *)(p_start + pc_offset));
+            relname[0] = '\0';
+            for(i = 0, rel = relocs;i < nb_relocs; i++, rel++) {
+                if (rel->r_offset == (pc_offset + start_offset)) {
+                    sym_name = get_rel_sym_name(rel);
+                    /* the compiler leave some unnecessary references to the code */
+                    get_reloc_expr(relname, sizeof(relname), sym_name);
+                    type = ELF32_R_TYPE(rel->r_info);
+                    if (type != R_ARM_ABS32)
+                        error("%s: unsupported data relocation", name);
+                    break;
+                }
+            }
+            fprintf(outfile, "    arm_data_ptr[%d] = 0x%x",
+                    data_index, addend);
+            if (relname[0] != '\0')
+                fprintf(outfile, " + %s", relname);
+            fprintf(outfile, ";\n");
+            data_index++;
+        }
+    }
     if (p == p_start)
         goto arm_ret_error;
     p -= 4;
     insn = get32((uint32_t *)p);
+    if ((insn & 0xffff0000) != 0xe91b0000) {
+    /* The last instruction must be an ldm instruction.  There are several
+       forms generated by gcc:
+        ldmib sp, {..., pc}  (implies a sp adjustment of +4)
+        ldmia sp, {..., pc}
+        ldmea fp, {..., pc} */
+    if ((insn & 0xffff8000) == 0xe99d8000) {
+        if (outfile) {
+            fprintf(outfile,
+                    "    *(uint32_t *)(gen_code_ptr + %d) = 0xe28dd004;\n",
+                    p - p_start);
+        }
+        p += 4;
+    } else if ((insn & 0xffff8000) != 0xe89d8000
+        && (insn & 0xffff8000) != 0xe91b8000) {
     arm_ret_error:
         if (!outfile)
             printf("%s: invalid epilog\n", name);
+    }
     return p - p_start;
+    return p - p_start;
+}
 #endif
 …
     start_offset = offset;
 #if defined(HOST_I386) || defined(HOST_X86_64)
 #if defined(CONFIG_FORMAT_COFF) || defined(CONFIG_FORMAT_AOUT)
+#if defined(CONFIG_FORMAT_COFF) || defined(CONFIG_FORMAT_AOUT) || defined(CONFIG_FORMAT_MACH)
+    {
         uint8_t *p;
 …
         if (get32((uint32_t *)p) != 0x00840008)
             error("br.ret.sptk.many b0;; expected at the end of %s", name);
         copy_size = p - p_start;
+        copy_size = p_end - p_start;
+    }
 #elif defined(HOST_SPARC)
+    {
+#define INSN_SAVE       0x9de3a000
+#define INSN_RET        0x81c7e008
+#define INSN_RETL       0x81c3e008
+#define INSN_RESTORE    0x81e80000
+#define INSN_RETURN     0x81cfe008
+#define INSN_NOP        0x01000000
+#define INSN_ADD_SP     0x9c03a000 /* add %sp, nn, %sp */
+#define INSN_SUB_SP     0x9c23a000 /* sub %sp, nn, %sp */
         uint32_t start_insn, end_insn1, end_insn2;
         uint8_t *p;
 …
         end_insn1 = get32((uint32_t *)(p + 0x0));
         end_insn2 = get32((uint32_t *)(p + 0x4));
+        if ((start_insn & ~0x1fff) == 0x9de3a000) {
+        if (((start_insn & ~0x1fff) == INSN_SAVE) ||
+            (start_insn & ~0x1fff) == INSN_ADD_SP) {
             p_start += 0x4;
             start_offset += 0x4;
+            if ((int)(start_insn | ~0x1fff) < -128)
+                error("Found bogus save at the start of %s", name);
+            if (end_insn1 != 0x81c7e008 || end_insn2 != 0x81e80000)
+            if (end_insn1 == INSN_RET && end_insn2 == INSN_RESTORE)
+                /* SPARC v7: ret; restore; */ ;
+            else if (end_insn1 == INSN_RETURN && end_insn2 == INSN_NOP)
+                /* SPARC v9: return; nop; */ ;
+            else if (end_insn1 == INSN_RETL && (end_insn2 & ~0x1fff) == INSN_SUB_SP)
+                /* SPARC v7: retl; sub %sp, nn, %sp; */ ;
+            else
                 error("ret; restore; not found at end of %s", name);
+        } else if (end_insn1 == INSN_RETL && end_insn2 == INSN_NOP) {
+            ;
         } else {
             error("No save at the beginning of %s", name);
 …
         if (p > p_start) {
             skip_insn = get32((uint32_t *)(p - 0x4));
             if (skip_insn == 0x01000000)
+            if (skip_insn == INSN_NOP)
                 p -= 4;
+        }
 …
 #elif defined(HOST_SPARC64)
+    {
+#define INSN_SAVE       0x9de3a000
+#define INSN_RET        0x81c7e008
+#define INSN_RETL       0x81c3e008
+#define INSN_RESTORE    0x81e80000
+#define INSN_RETURN     0x81cfe008
+#define INSN_NOP        0x01000000
+#define INSN_ADD_SP     0x9c03a000 /* add %sp, nn, %sp */
+#define INSN_SUB_SP     0x9c23a000 /* sub %sp, nn, %sp */
         uint32_t start_insn, end_insn1, end_insn2, skip_insn;
         uint8_t *p;
         p = (void *)(p_end - 8);
+#if 0
+        /* XXX: check why it occurs */
         if (p <= p_start)
             error("empty code for %s", name);
+#endif
         start_insn = get32((uint32_t *)(p_start + 0x0));
         end_insn1 = get32((uint32_t *)(p + 0x0));
         end_insn2 = get32((uint32_t *)(p + 0x4));
+        if ((start_insn & ~0x1fff) == 0x9de3a000) {
+        if (((start_insn & ~0x1fff) == INSN_SAVE) ||
+            (start_insn & ~0x1fff) == INSN_ADD_SP) {
             p_start += 0x4;
             start_offset += 0x4;
+            if ((int)(start_insn | ~0x1fff) < -256)
+                error("Found bogus save at the start of %s", name);
+            if (end_insn1 != 0x81c7e008 || end_insn2 != 0x81e80000)
+            if (end_insn1 == INSN_RET && end_insn2 == INSN_RESTORE)
+                /* SPARC v7: ret; restore; */ ;
+            else if (end_insn1 == INSN_RETURN && end_insn2 == INSN_NOP)
+                /* SPARC v9: return; nop; */ ;
+            else if (end_insn1 == INSN_RETL && (end_insn2 & ~0x1fff) == INSN_SUB_SP)
+                /* SPARC v7: retl; sub %sp, nn, %sp; */ ;
+            else
                 error("ret; restore; not found at end of %s", name);
+        } else if (end_insn1 == INSN_RETL && end_insn2 == INSN_NOP) {
+            ;
         } else {
             error("No save at the beginning of %s", name);
 …
 #elif defined(HOST_ARM)
+    {
+        uint32_t insn;
         if ((p_end - p_start) <= 16)
             error("%s: function too small", name);
 …
         p_start += 12;
         start_offset += 12;
+        insn = get32((uint32_t *)p_start);
+        if ((insn & 0xffffff00) == 0xe24dd000) {
+            /* Stack adjustment.  Assume op uses the frame pointer.  */
+            p_start -= 4;
+            start_offset -= 4;
+        }
         copy_size = arm_emit_ldr_info(name, start_offset, NULL, p_start, p_end,
                                       relocs, nb_relocs);
 …
         if (p == p_start)
             error("empty code for %s", name);
         // remove NOP's, probably added for alignment
+        /* remove NOP's, probably added for alignment */
         while ((get16((uint16_t *)p) == 0x4e71) &&
                (p>p_start))
 …
             fprintf(outfile, ";\n");
+        }
+#if defined(HOST_IA64)
+        fprintf(outfile, "    extern char %s;\n", name);
+#else
         fprintf(outfile, "    extern void %s();\n", name);
+#endif
         for(i = 0, rel = relocs;i < nb_relocs; i++, rel++) {
 …
                     continue;
                 if (*sym_name &&
+#ifdef VBOX
+                    !strstart(sym_name, "remR3PhysWrite", NULL) &&
+                    !strstart(sym_name, "remR3PhysRead", NULL) &&
+#endif
                     !strstart(sym_name, "__op_param", NULL) &&
                     !strstart(sym_name, "__op_jmp", NULL) &&
 …
+                    }
 #endif
+#ifdef VBOX
+                    if (   strcmp(sym_name, "remR3PhysWriteBytes")
+                        && strcmp(sym_name, "remR3PhysReadBytes")
+                        && strcmp(sym_name, "remR3PhysReadUByte")
+                        && strcmp(sym_name, "remR3PhysReadSByte")
+                        && strcmp(sym_name, "remR3PhysReadUWord")
+                        && strcmp(sym_name, "remR3PhysReadSWord")
+                        && strcmp(sym_name, "remR3PhysReadULong")
+                        && strcmp(sym_name, "remR3PhysReadSLong")
+                        && strcmp(sym_name, "remR3PhysWriteByte")
+                        && strcmp(sym_name, "remR3PhysWriteWord")
+                        && strcmp(sym_name, "remR3PhysWriteDword"))
+#endif /* VBOX */
+#ifdef __APPLE__
+#if defined(__APPLE__)
 /* set __attribute((unused)) on darwin because we wan't to avoid warning when we don't use the symbol */
                     fprintf(outfile, "extern char %s __attribute__((unused));\n", sym_name);
+#elif defined(HOST_IA64)
+                        if (ELF64_R_TYPE(rel->r_info) != R_IA64_PCREL21B)
+                                /*
+                                 * PCREL21 br.call targets generally
+                                 * are out of range and need to go
+                                 * through an "import stub".
+                                 */
+                                fprintf(outfile, "    extern char %s;\n",
+                                        sym_name);
 #else
                     fprintf(outfile, "extern char %s;\n", sym_name);
 …
                     if (val >= start_offset && val <= start_offset + copy_size) {
                         n = strtol(p, NULL, 10);
                         fprintf(outfile, "    label_offsets[%d] = %ld + (gen_code_ptr - gen_code_buf);\n", n, val - start_offset);
+                        fprintf(outfile, "    label_offsets[%d] = %ld + (gen_code_ptr - gen_code_buf);\n", n, (long)(val - start_offset));
+                    }
+                }
 …
         /* patch relocations */
 #if defined(HOST_I386)
+#if defined(HOST_I386)
+            {
                 char name[256];
                 int type;
                 int addend;
+                int reloc_offset;
                 for(i = 0, rel = relocs;i < nb_relocs; i++, rel++) {
+                if (rel->r_offset >= start_offset &&
+                    rel->r_offset < start_offset + copy_size) {
+#ifdef CONFIG_FORMAT_AOUT
+                host_ulong offset = get_rel_offset(rel);
+                if (offset >= start_offset &&
+                    offset < start_offset + copy_size) {
+#if defined(CONFIG_FORMAT_AOUT) || defined(CONFIG_FORMAT_MACH)
                     sym_name = get_rel_sym_name_and_addend(rel, &addend);
 #else
                     sym_name = get_rel_sym_name(rel);
 #endif
+                    if (!sym_name)
+                        continue;
+                    reloc_offset = offset - start_offset;
                     if (strstart(sym_name, "__op_jmp", &p)) {
                         int n;
 …
                            needs to be stored */
                         fprintf(outfile, "    jmp_offsets[%d] = %d + (gen_code_ptr - gen_code_buf);\n",
                                 n, rel->r_offset - start_offset);
+                                n, reloc_offset);
                         continue;
+                    }
                     get_reloc_expr(name, sizeof(name), sym_name);
 #ifndef CONFIG_FORMAT_AOUT
                     addend = get32((uint32_t *)(text + rel->r_offset));
+#if !defined(CONFIG_FORMAT_AOUT) && !defined(CONFIG_FORMAT_MACH)
+                    addend = get32((uint32_t *)(text + offset));
 #endif
 #ifdef CONFIG_FORMAT_ELF
 …
                     case R_386_32:
                         fprintf(outfile, "    *(uint32_t *)(gen_code_ptr + %d) = %s + %d;\n",
                                 rel->r_offset - start_offset, name, addend);
+                                reloc_offset, name, addend);
                         break;
                     case R_386_PC32:
                         fprintf(outfile, "    *(uint32_t *)(gen_code_ptr + %d) = %s - (long)(gen_code_ptr + %d) + %d;\n",
                                 rel->r_offset - start_offset, name, rel->r_offset - start_offset, addend);
+                                reloc_offset, name, reloc_offset, addend);
                         break;
                     default:
 …
                     case DIR32:
                         fprintf(outfile, "    *(uint32_t *)(gen_code_ptr + %d) = %s + %d;\n",
                                 rel->r_offset - start_offset, name, addend);
+                                reloc_offset, name, addend);
                         break;
                     case DISP32:
                         fprintf(outfile, "    *(uint32_t *)(gen_code_ptr + %d) = %s - (long)(gen_code_ptr + %d) + %d -4;\n",
                                 rel->r_offset - start_offset, name, rel->r_offset - start_offset, addend);
+                                reloc_offset, name, reloc_offset, addend);
                         break;
                     default:
                         error("unsupported i386 relocation (%d)", type);
+                    }
 #elif defined(CONFIG_FORMAT_AOUT)
+#elif defined(CONFIG_FORMAT_AOUT) || defined(CONFIG_FORMAT_MACH)
                     if (rel->r_pcrel) {
                         fprintf(outfile, "    *(uint32_t *)(gen_code_ptr + %d) = %s - (long)(gen_code_ptr + %d) + %d;\n",
                                 rel->r_offset - start_offset, name, rel->r_offset - start_offset, addend);
+                                offset - start_offset, name, offset - start_offset, addend);
                     } else {
                         fprintf(outfile, "    *(uint32_t *)(gen_code_ptr + %d) = %s + %d;\n",
                                 rel->r_offset - start_offset, name, addend);
+                                offset - start_offset, name, addend);
+                    }
                     (void)type;
 …
                 int type;
                 int addend;
+                int reloc_offset;
                 for(i = 0, rel = relocs;i < nb_relocs; i++, rel++) {
                 if (rel->r_offset >= start_offset &&
 …
                     type = ELF32_R_TYPE(rel->r_info);
                     addend = rel->r_addend;
+                    reloc_offset = rel->r_offset - start_offset;
                     switch(type) {
                     case R_X86_64_32:
                         fprintf(outfile, "    *(uint32_t *)(gen_code_ptr + %d) = (uint32_t)%s + %d;\n",
                                 rel->r_offset - start_offset, name, addend);
+                                reloc_offset, name, addend);
                         break;
                     case R_X86_64_32S:
                         fprintf(outfile, "    *(uint32_t *)(gen_code_ptr + %d) = (int32_t)%s + %d;\n",
                                 rel->r_offset - start_offset, name, addend);
+                                reloc_offset, name, addend);
                         break;
                     case R_X86_64_PC32:
                         fprintf(outfile, "    *(uint32_t *)(gen_code_ptr + %d) = %s - (long)(gen_code_ptr + %d) + %d;\n",
                                 rel->r_offset - start_offset, name, rel->r_offset - start_offset, addend);
+                                reloc_offset, name, reloc_offset, addend);
                         break;
+#ifdef VBOX /** @todo Re-check the sanity of this */
+                    case R_X86_64_64:
+                        fprintf(outfile, "    *(uint64_t *)(gen_code_ptr + %d) = (uint64_t)%s + %d;\n",
+                                reloc_offset, name, addend);
+                        break;
+#endif
                     default:
                         error("unsupported X86_64 relocation (%d)", type);
 …
                 int type;
                 int addend;
+                int reloc_offset;
                 for(i = 0, rel = relocs;i < nb_relocs; i++, rel++) {
                     if (rel->r_offset >= start_offset &&
                         rel->r_offset < start_offset + copy_size) {
                         sym_name = strtab + symtab[ELFW(R_SYM)(rel->r_info)].st_name;
+                        reloc_offset = rel->r_offset - start_offset;
                         if (strstart(sym_name, "__op_jmp", &p)) {
                             int n;
 …
                                needs to be stored */
                             fprintf(outfile, "    jmp_offsets[%d] = %d + (gen_code_ptr - gen_code_buf);\n",
                                     n, rel->r_offset - start_offset);
+                                    n, reloc_offset);
                             continue;
+                        }
 …
                         case R_PPC_ADDR32:
                             fprintf(outfile, "    *(uint32_t *)(gen_code_ptr + %d) = %s + %d;\n",
                                     rel->r_offset - start_offset, name, addend);
+                                    reloc_offset, name, addend);
                             break;
                         case R_PPC_ADDR16_LO:
                             fprintf(outfile, "    *(uint16_t *)(gen_code_ptr + %d) = (%s + %d);\n",
                                     rel->r_offset - start_offset, name, addend);
+                                    reloc_offset, name, addend);
                             break;
                         case R_PPC_ADDR16_HI:
                             fprintf(outfile, "    *(uint16_t *)(gen_code_ptr + %d) = (%s + %d) >> 16;\n",
                                     rel->r_offset - start_offset, name, addend);
+                                    reloc_offset, name, addend);
                             break;
                         case R_PPC_ADDR16_HA:
                             fprintf(outfile, "    *(uint16_t *)(gen_code_ptr + %d) = (%s + %d + 0x8000) >> 16;\n",
                                     rel->r_offset - start_offset, name, addend);
+                                    reloc_offset, name, addend);
                             break;
                         case R_PPC_REL24:
                             /* warning: must be at 32 MB distancy */
                             fprintf(outfile, "    *(uint32_t *)(gen_code_ptr + %d) = (*(uint32_t *)(gen_code_ptr + %d) & ~0x03fffffc) | ((%s - (long)(gen_code_ptr + %d) + %d) & 0x03fffffc);\n",
                                     rel->r_offset - start_offset, rel->r_offset - start_offset, name, rel->r_offset - start_offset, addend);
+                                    reloc_offset, reloc_offset, name, reloc_offset, addend);
                             break;
                         default:
 …
                                         switch(type) {
                                         case PPC_RELOC_BR24:
+                                                fprintf(outfile, "{\n");
+                                                fprintf(outfile, "    uint32_t imm = *(uint32_t *)(gen_code_ptr + %d) & 0x3fffffc;\n", slide);
+                                                fprintf(outfile, "    *(uint32_t *)(gen_code_ptr + %d) = (*(uint32_t *)(gen_code_ptr + %d) & ~0x03fffffc) | ((imm + ((long)%s - (long)gen_code_ptr) + %d) & 0x03fffffc);\n",
+                                            if (!strstart(sym_name,"__op_gen_label",&p)) {
+                                                fprintf(outfile, "{\n");
+                                                fprintf(outfile, "    uint32_t imm = *(uint32_t *)(gen_code_ptr + %d) & 0x3fffffc;\n", slide);
+                                                fprintf(outfile, "    *(uint32_t *)(gen_code_ptr + %d) = (*(uint32_t *)(gen_code_ptr + %d) & ~0x03fffffc) | ((imm + ((long)%s - (long)gen_code_ptr) + %d) & 0x03fffffc);\n",
                                                                                         slide, slide, name, sslide );
+                                                fprintf(outfile, "}\n");
+                                                fprintf(outfile, "}\n");
+                                        } else {
+                                                        fprintf(outfile, "    *(uint32_t *)(gen_code_ptr + %d) = (*(uint32_t *)(gen_code_ptr + %d) & ~0x03fffffc) | (((long)%s - (long)gen_code_ptr - %d) & 0x03fffffc);\n",
+                                                                                        slide, slide, final_sym_name, slide);
+                                        }
                                                 break;
                                         case PPC_RELOC_HI16:
 …
                 int type;
                 int addend;
+                int reloc_offset;
                 for(i = 0, rel = relocs;i < nb_relocs; i++, rel++) {
                     if (rel->r_offset >= start_offset &&
 …
                         type = ELF32_R_TYPE(rel->r_info);
                         addend = rel->r_addend;
+                        reloc_offset = rel->r_offset - start_offset;
                         switch(type) {
                         case R_390_32:
                             fprintf(outfile, "    *(uint32_t *)(gen_code_ptr + %d) = %s + %d;\n",
                                     rel->r_offset - start_offset, name, addend);
+                                    reloc_offset, name, addend);
                             break;
                         case R_390_16:
                             fprintf(outfile, "    *(uint16_t *)(gen_code_ptr + %d) = %s + %d;\n",
                                     rel->r_offset - start_offset, name, addend);
+                                    reloc_offset, name, addend);
                             break;
                         case R_390_8:
                             fprintf(outfile, "    *(uint8_t *)(gen_code_ptr + %d) = %s + %d;\n",
                                     rel->r_offset - start_offset, name, addend);
+                                    reloc_offset, name, addend);
                             break;
                         default:
 …
                     if (rel->r_offset >= start_offset && rel->r_offset < start_offset + copy_size) {
                         int type;
+                        long reloc_offset;
                         type = ELF64_R_TYPE(rel->r_info);
                         sym_name = strtab + symtab[ELF64_R_SYM(rel->r_info)].st_name;
+                        reloc_offset = rel->r_offset - start_offset;
                         switch (type) {
                         case R_ALPHA_GPDISP:
 …
                                as an immediate instead of constructing it from the pv or ra.  */
                             fprintf(outfile, "    immediate_ldah(gen_code_ptr + %ld, gp);\n",
                                     rel->r_offset - start_offset);
+                                    reloc_offset);
                             fprintf(outfile, "    immediate_lda(gen_code_ptr + %ld, gp);\n",
                                     rel->r_offset - start_offset + rel->r_addend);
+                                    reloc_offset + (int)rel->r_addend);
                             break;
                         case R_ALPHA_LITUSE:
 …
                             if (strstart(sym_name, "__op_param", &p))
                                 fprintf(outfile, "    immediate_ldah(gen_code_ptr + %ld, param%s);\n",
                                         rel->r_offset - start_offset, p);
+                                        reloc_offset, p);
                             break;
                         case R_ALPHA_GPRELLOW:
                             if (strstart(sym_name, "__op_param", &p))
                                 fprintf(outfile, "    immediate_lda(gen_code_ptr + %ld, param%s);\n",
                                         rel->r_offset - start_offset, p);
+                                        reloc_offset, p);
                             break;
                         case R_ALPHA_BRSGP:
 …
                                set up the gp from the pv.  */
                             fprintf(outfile, "    fix_bsr(gen_code_ptr + %ld, (uint8_t *) &%s - (gen_code_ptr + %ld + 4) + 8);\n",
                                     rel->r_offset - start_offset, sym_name, rel->r_offset - start_offset);
+                                    reloc_offset, sym_name, reloc_offset);
                             break;
                         default:
 …
 #elif defined(HOST_IA64)
+            {
+                unsigned long sym_idx;
+                long code_offset;
                 char name[256];
                 int type;
+                int addend;
+                long addend;
                 for(i = 0, rel = relocs;i < nb_relocs; i++, rel++) {
+                    if (rel->r_offset >= start_offset && rel->r_offset < start_offset + copy_size) {
+                        sym_name = strtab + symtab[ELF64_R_SYM(rel->r_info)].st_name;
+                        get_reloc_expr(name, sizeof(name), sym_name);
+                        type = ELF64_R_TYPE(rel->r_info);
+                        addend = rel->r_addend;
+                        switch(type) {
+                        case R_IA64_LTOFF22:
+                            error("must implemnt R_IA64_LTOFF22 relocation");
+                        case R_IA64_PCREL21B:
+                            error("must implemnt R_IA64_PCREL21B relocation");
+                        default:
+                            error("unsupported ia64 relocation (%d)", type);
+                        }
+                    }
+                    sym_idx = ELF64_R_SYM(rel->r_info);
+                    if (rel->r_offset < start_offset
+                        || rel->r_offset >= start_offset + copy_size)
+                        continue;
+                    sym_name = (strtab + symtab[sym_idx].st_name);
+                    code_offset = rel->r_offset - start_offset;
+                    if (strstart(sym_name, "__op_jmp", &p)) {
+                        int n;
+                        n = strtol(p, NULL, 10);
+                        /* __op_jmp relocations are done at
+                           runtime to do translated block
+                           chaining: the offset of the instruction
+                           needs to be stored */
+                        fprintf(outfile, "    jmp_offsets[%d] ="
+                                "%ld + (gen_code_ptr - gen_code_buf);\n",
+                                n, code_offset);
+                        continue;
+                    }
+                    get_reloc_expr(name, sizeof(name), sym_name);
+                    type = ELF64_R_TYPE(rel->r_info);
+                    addend = rel->r_addend;
+                    switch(type) {
+                      case R_IA64_IMM64:
+                          fprintf(outfile,
+                                  "    ia64_imm64(gen_code_ptr + %ld, "
+                                  "%s + %ld);\n",
+                                  code_offset, name, addend);
+                          break;
+                      case R_IA64_LTOFF22X:
+                      case R_IA64_LTOFF22:
+                          fprintf(outfile, "    IA64_LTOFF(gen_code_ptr + %ld,"
+                                  " %s + %ld, %d);\n",
+                                  code_offset, name, addend,
+                                  (type == R_IA64_LTOFF22X));
+                          break;
+                      case R_IA64_LDXMOV:
+                          fprintf(outfile,
+                                  "    ia64_ldxmov(gen_code_ptr + %ld,"
+                                  " %s + %ld);\n", code_offset, name, addend);
+                          break;
+                      case R_IA64_PCREL21B:
+                          if (strstart(sym_name, "__op_gen_label", NULL)) {
+                              fprintf(outfile,
+                                      "    ia64_imm21b(gen_code_ptr + %ld,"
+                                      " (long) (%s + %ld -\n\t\t"
+                                      "((long) gen_code_ptr + %ld)) >> 4);\n",
+                                      code_offset, name, addend,
+                                      code_offset & ~0xfUL);
+                          } else {
+                              fprintf(outfile,
+                                      "    IA64_PLT(gen_code_ptr + %ld, "
+                                      "%d);\t/* %s + %ld */\n",
+                                      code_offset,
+                                      get_plt_index(sym_name, addend),
+                                      sym_name, addend);
+                          }
+                          break;
+                      default:
+                          error("unsupported ia64 relocation (0x%x)",
+                                type);
+                    }
+                }
+                fprintf(outfile, "    ia64_nop_b(gen_code_ptr + %d);\n",
+                        copy_size - 16 + 2);
+            }
 #elif defined(HOST_SPARC)
 …
                 int type;
                 int addend;
+                int reloc_offset;
                 for(i = 0, rel = relocs;i < nb_relocs; i++, rel++) {
                     if (rel->r_offset >= start_offset &&
 …
                         type = ELF32_R_TYPE(rel->r_info);
                         addend = rel->r_addend;
+                        reloc_offset = rel->r_offset - start_offset;
                         switch(type) {
                         case R_SPARC_32:
                             fprintf(outfile, "    *(uint32_t *)(gen_code_ptr + %d) = %s + %d;\n",
                                     rel->r_offset - start_offset, name, addend);
+                                    reloc_offset, name, addend);
                             break;
                         case R_SPARC_HI22:
 …
                                     " & ~0x3fffff) "
                                     " | (((%s + %d) >> 10) & 0x3fffff);\n",
+                                    rel->r_offset - start_offset,
+                                    rel->r_offset - start_offset,
+                                    name, addend);
+                                    reloc_offset, reloc_offset, name, addend);
                             break;
                         case R_SPARC_LO10:
 …
                                     " & ~0x3ff) "
                                     " | ((%s + %d) & 0x3ff);\n",
+                                    rel->r_offset - start_offset,
+                                    rel->r_offset - start_offset,
+                                    name, addend);
+                                    reloc_offset, reloc_offset, name, addend);
                             break;
                         case R_SPARC_WDISP30:
 …
                                     " | ((((%s + %d) - (long)(gen_code_ptr + %d))>>2) "
                                     "    & 0x3fffffff);\n",
+                                    rel->r_offset - start_offset,
+                                    rel->r_offset - start_offset,
+                                    name, addend,
+                                    rel->r_offset - start_offset);
+                                    reloc_offset, reloc_offset, name, addend,
+                                    reloc_offset);
                             break;
+                        case R_SPARC_WDISP22:
+                            fprintf(outfile,
+                                    "    *(uint32_t *)(gen_code_ptr + %d) = "
+                                    "((*(uint32_t *)(gen_code_ptr + %d)) "
+                                    " & ~0x3fffff) "
+                                    " | ((((%s + %d) - (long)(gen_code_ptr + %d))>>2) "
+                                    "    & 0x3fffff);\n",
+                                    rel->r_offset - start_offset,
+                                    rel->r_offset - start_offset,
+                                    name, addend,
+                                    rel->r_offset - start_offset);
+                            break;
                         default:
                             error("unsupported sparc relocation (%d)", type);
 …
                 int type;
                 int addend;
+                int reloc_offset;
                 for(i = 0, rel = relocs;i < nb_relocs; i++, rel++) {
                     if (rel->r_offset >= start_offset &&
 …
                         sym_name = strtab + symtab[ELF64_R_SYM(rel->r_info)].st_name;
                         get_reloc_expr(name, sizeof(name), sym_name);
                         type = ELF64_R_TYPE(rel->r_info);
+                        type = ELF32_R_TYPE(rel->r_info);
                         addend = rel->r_addend;
+                        reloc_offset = rel->r_offset - start_offset;
                         switch(type) {
                         case R_SPARC_32:
                             fprintf(outfile, "    *(uint32_t *)(gen_code_ptr + %d) = %s + %d;\n",
                                     rel->r_offset - start_offset, name, addend);
+                                    reloc_offset, name, addend);
                             break;
                         case R_SPARC_HI22:
 …
                                     " & ~0x3fffff) "
                                     " | (((%s + %d) >> 10) & 0x3fffff);\n",
+                                    rel->r_offset - start_offset,
+                                    rel->r_offset - start_offset,
+                                    name, addend);
+                                    reloc_offset, reloc_offset, name, addend);
                             break;
                         case R_SPARC_LO10:
 …
                                     " & ~0x3ff) "
                                     " | ((%s + %d) & 0x3ff);\n",
+                                    rel->r_offset - start_offset,
+                                    rel->r_offset - start_offset,
+                                    name, addend);
+                                    reloc_offset, reloc_offset, name, addend);
+                            break;
+                        case R_SPARC_OLO10:
+                            addend += ELF64_R_TYPE_DATA (rel->r_info);
+                            fprintf(outfile,
+                                    "    *(uint32_t *)(gen_code_ptr + %d) = "
+                                    "((*(uint32_t *)(gen_code_ptr + %d)) "
+                                    " & ~0x3ff) "
+                                    " | ((%s + %d) & 0x3ff);\n",
+                                    reloc_offset, reloc_offset, name, addend);
                             break;
                         case R_SPARC_WDISP30:
 …
                                     " | ((((%s + %d) - (long)(gen_code_ptr + %d))>>2) "
                                     "    & 0x3fffffff);\n",
+                                    rel->r_offset - start_offset,
+                                    rel->r_offset - start_offset,
+                                    name, addend,
+                                    rel->r_offset - start_offset);
+                                    reloc_offset, reloc_offset, name, addend,
+                                    reloc_offset);
                             break;
+                        case R_SPARC_WDISP22:
+                            fprintf(outfile,
+                                    "    *(uint32_t *)(gen_code_ptr + %d) = "
+                                    "((*(uint32_t *)(gen_code_ptr + %d)) "
+                                    " & ~0x3fffff) "
+                                    " | ((((%s + %d) - (long)(gen_code_ptr + %d))>>2) "
+                                    "    & 0x3fffff);\n",
+                                    reloc_offset, reloc_offset, name, addend,
+                                    reloc_offset);
+                            break;
                         default:
                             error("unsupported sparc64 relocation (%d)", type);
+                            error("unsupported sparc64 relocation (%d) for symbol %s", type, name);
+                        }
+                    }
 …
                 int type;
                 int addend;
+                int reloc_offset;
+                uint32_t insn;
+                insn = get32((uint32_t *)(p_start + 4));
+                /* If prologue ends in sub sp, sp, #const then assume
+                   op has a stack frame and needs the frame pointer.  */
+                if ((insn & 0xffffff00) == 0xe24dd000) {
+                    int i;
+                    uint32_t opcode;
+                    opcode = 0xe28db000; /* add fp, sp, #0.  */
+#if 0
+/* ??? Need to undo the extra stack adjustment at the end of the op.
+   For now just leave the stack misaligned and hope it doesn't break anything
+   too important.  */
+                    if ((insn & 4) != 0) {
+                        /* Preserve doubleword stack alignment.  */
+                        fprintf(outfile,
+                                "    *(uint32_t *)(gen_code_ptr + 4)= 0x%x;\n",
+                                insn + 4);
+                        opcode -= 4;
+                    }
+#endif
+                    insn = get32((uint32_t *)(p_start - 4));
+                    /* Calculate the size of the saved registers,
+                       excluding pc.  */
+                    for (i = 0; i < 15; i++) {
+                        if (insn & (1 << i))
+                            opcode += 4;
+                    }
+                    fprintf(outfile,
+                            "    *(uint32_t *)gen_code_ptr = 0x%x;\n", opcode);
+                }
                 arm_emit_ldr_info(name, start_offset, outfile, p_start, p_end,
                                   relocs, nb_relocs);
 …
                     type = ELF32_R_TYPE(rel->r_info);
                     addend = get32((uint32_t *)(text + rel->r_offset));
+                    reloc_offset = rel->r_offset - start_offset;
                     switch(type) {
                     case R_ARM_ABS32:
                         fprintf(outfile, "    *(uint32_t *)(gen_code_ptr + %d) = %s + %d;\n",
                                 rel->r_offset - start_offset, name, addend);
+                                reloc_offset, name, addend);
                         break;
                     case R_ARM_PC24:
+                    case R_ARM_JUMP24:
+                    case R_ARM_CALL:
                         fprintf(outfile, "    arm_reloc_pc24((uint32_t *)(gen_code_ptr + %d), 0x%x, %s);\n",
                                 rel->r_offset - start_offset, addend, name);
+                                reloc_offset, addend, name);
                         break;
                     default:
 …
                 int type;
                 int addend;
+                int reloc_offset;
                 Elf32_Sym *sym;
                 for(i = 0, rel = relocs;i < nb_relocs; i++, rel++) {
 …
                     type = ELF32_R_TYPE(rel->r_info);
                     addend = get32((uint32_t *)(text + rel->r_offset)) + rel->r_addend;
+                    reloc_offset = rel->r_offset - start_offset;
                     switch(type) {
                     case R_68K_32:
                         fprintf(outfile, "    /* R_68K_32 RELOC, offset %x */\n", rel->r_offset) ;
                         fprintf(outfile, "    *(uint32_t *)(gen_code_ptr + %d) = %s + %#x;\n",
                                 rel->r_offset - start_offset, name, addend );
+                                reloc_offset, name, addend );
                         break;
                     case R_68K_PC32:
                         fprintf(outfile, "    /* R_68K_PC32 RELOC, offset %x */\n", rel->r_offset);
                         fprintf(outfile, "    *(uint32_t *)(gen_code_ptr + %d) = %s - (long)(gen_code_ptr + %#x) + %#x;\n",
                                 rel->r_offset - start_offset, name, rel->r_offset - start_offset, /*sym->st_value+*/ addend);
+                                reloc_offset, name, reloc_offset, /*sym->st_value+*/ addend);
                         break;
                     default:
 …
     } else {
         /* generate big code generation switch */
+#ifdef HOST_ARM
+        /* We need to know the size of all the ops so we can figure out when
+           to emit constant pools.  This must be consistent with opc.h.  */
+fprintf(outfile,
+"static const uint32_t arm_opc_size[] = {\n"
+"  0,\n" /* end */
+"  0,\n" /* nop */
+"  0,\n" /* nop1 */
+"  0,\n" /* nop2 */
+"  0,\n"); /* nop3 */
+        for(i = 0, sym = symtab; i < nb_syms; i++, sym++) {
+            const char *name;
+            name = get_sym_name(sym);
+            if (strstart(name, OP_PREFIX, NULL)) {
+                fprintf(outfile, "  %d,\n", sym->st_size);
+            }
+        }
+fprintf(outfile,
+"};\n");
+#endif
 fprintf(outfile,
 "int dyngen_code(uint8_t *gen_code_buf,\n"
 …
 #ifdef HOST_ARM
+/* Arm is tricky because it uses constant pools for loading immediate values.
+   We assume (and require) each function is code followed by a constant pool.
+   All the ops are small so this should be ok.  For each op we figure
+   out how much "spare" range we have in the load instructions.  This allows
+   us to insert subsequent ops in between the op and the constant pool,
+   eliminating the neeed to jump around the pool.
+   We currently generate:
+   [ For this example we assume merging would move op1_pool out of range.
+     In practice we should be able to combine many ops before the offset
+     limits are reached. ]
+   op1_code;
+   op2_code;
+   goto op3;
+   op2_pool;
+   op1_pool;
+op3:
+   op3_code;
+   ret;
+   op3_pool;
+   Ideally we'd put op1_pool before op2_pool, but that requires two passes.
+ */
 fprintf(outfile,
 "    uint8_t *last_gen_code_ptr = gen_code_buf;\n"
 "    LDREntry *arm_ldr_ptr = arm_ldr_table;\n"
+"    uint32_t *arm_data_ptr = arm_data_table;\n");
+"    uint32_t *arm_data_ptr = arm_data_table + ARM_LDR_TABLE_SIZE;\n"
+/* Initialise the parmissible pool offset to an arbitary large value.  */
+"    uint8_t *arm_pool_ptr = gen_code_buf + 0x1000000;\n");
+#endif
+#ifdef HOST_IA64
+    {
+        long addend, not_first = 0;
+        unsigned long sym_idx;
+        int index, max_index;
+        const char *sym_name;
+        EXE_RELOC *rel;
+        max_index = -1;
+        for (i = 0, rel = relocs;i < nb_relocs; i++, rel++) {
+            sym_idx = ELF64_R_SYM(rel->r_info);
+            sym_name = (strtab + symtab[sym_idx].st_name);
+            if (strstart(sym_name, "__op_gen_label", NULL))
+                continue;
+            if (ELF64_R_TYPE(rel->r_info) != R_IA64_PCREL21B)
+                continue;
+            addend = rel->r_addend;
+            index = get_plt_index(sym_name, addend);
+            if (index <= max_index)
+                continue;
+            max_index = index;
+            fprintf(outfile, "    extern void %s(void);\n", sym_name);
+        }
+        fprintf(outfile,
+                "    struct ia64_fixup *plt_fixes = NULL, "
+                "*ltoff_fixes = NULL;\n"
+                "    static long plt_target[] = {\n\t");
+        max_index = -1;
+        for (i = 0, rel = relocs;i < nb_relocs; i++, rel++) {
+            sym_idx = ELF64_R_SYM(rel->r_info);
+            sym_name = (strtab + symtab[sym_idx].st_name);
+            if (strstart(sym_name, "__op_gen_label", NULL))
+                continue;
+            if (ELF64_R_TYPE(rel->r_info) != R_IA64_PCREL21B)
+                continue;
+            addend = rel->r_addend;
+            index = get_plt_index(sym_name, addend);
+            if (index <= max_index)
+                continue;
+            max_index = index;
+            if (not_first)
+                fprintf(outfile, ",\n\t");
+            not_first = 1;
+            if (addend)
+                fprintf(outfile, "(long) &%s + %ld", sym_name, addend);
+            else
+                fprintf(outfile, "(long) &%s", sym_name);
+        }
+        fprintf(outfile, "\n    };\n"
+            "    unsigned int plt_offset[%u] = { 0 };\n", max_index + 1);
+    }
 #endif
 …
 fprintf(outfile,
+"    for(;;) {\n"
+"        switch(*opc_ptr++) {\n"
+);
+"    for(;;) {\n");
+#ifdef HOST_ARM
+/* Generate constant pool if needed */
+fprintf(outfile,
+"            if (gen_code_ptr + arm_opc_size[*opc_ptr] >= arm_pool_ptr) {\n"
+"                gen_code_ptr = arm_flush_ldr(gen_code_ptr, arm_ldr_table, "
+"arm_ldr_ptr, arm_data_ptr, arm_data_table + ARM_LDR_TABLE_SIZE, 1);\n"
+"                last_gen_code_ptr = gen_code_ptr;\n"
+"                arm_ldr_ptr = arm_ldr_table;\n"
+"                arm_data_ptr = arm_data_table + ARM_LDR_TABLE_SIZE;\n"
+"                arm_pool_ptr = gen_code_ptr + 0x1000000;\n"
+"            }\n");
+#endif
+fprintf(outfile,
+"        switch(*opc_ptr++) {\n");
         for(i = 0, sym = symtab; i < nb_syms; i++, sym++) {
 …
 "        }\n");
-#ifdef HOST_ARM
-/* generate constant table if needed */
-fprintf(outfile,
-"        if ((gen_code_ptr - last_gen_code_ptr) >= (MAX_FRAG_SIZE - MAX_OP_SIZE)) {\n"
-"            gen_code_ptr = arm_flush_ldr(gen_code_ptr, arm_ldr_table, arm_ldr_ptr, arm_data_table, arm_data_ptr, 1);\n"
-"            last_gen_code_ptr = gen_code_ptr;\n"
-"            arm_ldr_ptr = arm_ldr_table;\n"
-"            arm_data_ptr = arm_data_table;\n"
-"        }\n");
-#endif
 fprintf(outfile,
 …
 " the_end:\n"
 );
+#ifdef HOST_IA64
+    fprintf(outfile,
+            "    {\n"
+            "      extern char code_gen_buffer[];\n"
+            "      ia64_apply_fixes(&gen_code_ptr, ltoff_fixes, "
+            "(uint64_t) code_gen_buffer + 2*(1<<20), plt_fixes,\n\t\t\t"
+            "sizeof(plt_target)/sizeof(plt_target[0]),\n\t\t\t"
+            "plt_target, plt_offset);\n    }\n");
+#endif
 /* generate some code patching */
 #ifdef HOST_ARM
+fprintf(outfile, "gen_code_ptr = arm_flush_ldr(gen_code_ptr, arm_ldr_table, arm_ldr_ptr, arm_data_table, arm_data_ptr, 0);\n");
+fprintf(outfile,
+"if (arm_data_ptr != arm_data_table + ARM_LDR_TABLE_SIZE)\n"
+"    gen_code_ptr = arm_flush_ldr(gen_code_ptr, arm_ldr_table, "
+"arm_ldr_ptr, arm_data_ptr, arm_data_table + ARM_LDR_TABLE_SIZE, 0);\n");
 #endif
     /* flush instruction cache */
 …
     return 0;
+}
+/* bird added: */
+/*
+ * Local Variables:
+ *  mode: c
+ *  c-file-style: k&r
+ *  c-basic-offset: 4
+ *  tab-width: 4
+ *  indent-tabs-mode: t
+ * End:
+ */

trunk/src/recompiler/dyngen.h

-              r1
+              r2422
 int __op_param1, __op_param2, __op_param3;
+int __op_gen_label1, __op_gen_label2, __op_gen_label3;
+#if defined(__sparc__) || defined(__arm__)
+  void __op_gen_label1(){}
+  void __op_gen_label2(){}
+  void __op_gen_label3(){}
+#else
+  int __op_gen_label1, __op_gen_label2, __op_gen_label3;
+#endif
 int __op_jmp0, __op_jmp1, __op_jmp2, __op_jmp3;
 …
 static inline void flush_icache_range(unsigned long start, unsigned long stop)
+{
+    while (start < stop) {
+        asm volatile ("fc %0" :: "r"(start));
+        start += 32;
+    }
+    asm volatile (";;sync.i;;srlz.i;;");
+}
 #endif
 …
     unsigned long p;
     p = start & ~(MIN_CACHE_LINE_SIZE - 1);
+    start &= ~(MIN_CACHE_LINE_SIZE - 1);
     stop = (stop + MIN_CACHE_LINE_SIZE - 1) & ~(MIN_CACHE_LINE_SIZE - 1);
 …
 #ifdef __arm__
+#define MAX_OP_SIZE    (128 * 4) /* in bytes */
+/* max size of the code that can be generated without calling arm_flush_ldr */
+#define MAX_FRAG_SIZE  (1024 * 4)
+//#define MAX_FRAG_SIZE  (135 * 4) /* for testing */
+#define ARM_LDR_TABLE_SIZE 1024
 typedef struct LDREntry {
     uint8_t *ptr;
     uint32_t *data_ptr;
+    unsigned type:2;
 } LDREntry;
 static LDREntry arm_ldr_table[1024];
 static uint32_t arm_data_table[1024];
+static uint32_t arm_data_table[ARM_LDR_TABLE_SIZE];
 extern char exec_loop;
 …
     uint8_t *data_ptr;
     uint32_t insn;
+    uint32_t mask;
     data_size = (uint8_t *)data_end - (uint8_t *)data_start;
+    data_size = (data_end - data_start) << 2;
     if (gen_jmp) {
 …
             (unsigned long)data_ptr -
             (unsigned long)ptr - 8;
-        insn = *ptr & ~(0xfff | 0x00800000);
         if (offset < 0) {
+            offset = - offset;
+        } else {
+            insn |= 0x00800000;
+        }
+        if (offset > 0xfff) {
+            fprintf(stderr, "Error ldr offset\n");
+            fprintf(stderr, "Negative constant pool offset\n");
             abort();
+        }
+        insn |= offset;
+        switch (le->type) {
+          case 0: /* ldr */
+            mask = ~0x00800fff;
+            if (offset >= 4096) {
+                fprintf(stderr, "Bad ldr offset\n");
+                abort();
+            }
+            break;
+          case 1: /* ldc */
+            mask = ~0x008000ff;
+            if (offset >= 1024 ) {
+                fprintf(stderr, "Bad ldc offset\n");
+                abort();
+            }
+            break;
+          case 2: /* add */
+            mask = ~0xfff;
+            if (offset >= 1024 ) {
+                fprintf(stderr, "Bad add offset\n");
+                abort();
+            }
+            break;
+          default:
+            fprintf(stderr, "Bad pc relative fixup\n");
+            abort();
+          }
+        insn = *ptr & mask;
+        switch (le->type) {
+          case 0: /* ldr */
+            insn |= offset | 0x00800000;
+            break;
+          case 1: /* ldc */
+            insn |= (offset >> 2) | 0x00800000;
+            break;
+          case 2: /* add */
+            insn |= (offset >> 2) | 0xf00;
+            break;
+          }
         *ptr = insn;
+    }
 …
 #endif /* __arm__ */
+#ifdef __ia64
+/* Patch instruction with "val" where "mask" has 1 bits. */
+static inline void ia64_patch (uint64_t insn_addr, uint64_t mask, uint64_t val)
+{
+    uint64_t m0, m1, v0, v1, b0, b1, *b = (uint64_t *) (insn_addr & -16);
+#   define insn_mask ((1UL << 41) - 1)
+    unsigned long shift;
+    b0 = b[0]; b1 = b[1];
+    shift = 5 + 41 * (insn_addr % 16); /* 5 template, 3 x 41-bit insns */
+    if (shift >= 64) {
+        m1 = mask << (shift - 64);
+        v1 = val << (shift - 64);
+    } else {
+        m0 = mask << shift; m1 = mask >> (64 - shift);
+        v0 = val  << shift; v1 = val >> (64 - shift);
+        b[0] = (b0 & ~m0) | (v0 & m0);
+    }
+    b[1] = (b1 & ~m1) | (v1 & m1);
+}
+static inline void ia64_patch_imm60 (uint64_t insn_addr, uint64_t val)
+{
+        ia64_patch(insn_addr,
+x011ffffe000UL,
+                   (  ((val & 0x0800000000000000UL) >> 23) /* bit 59 -> 36 */
+                    | ((val & 0x00000000000fffffUL) << 13) /* bit 0 -> 13 */));
+        ia64_patch(insn_addr - 1, 0x1fffffffffcUL, val >> 18);
+}
+static inline void ia64_imm64 (void *insn, uint64_t val)
+{
+    /* Ignore the slot number of the relocation; GCC and Intel
+       toolchains differed for some time on whether IMM64 relocs are
+       against slot 1 (Intel) or slot 2 (GCC).  */
+    uint64_t insn_addr = (uint64_t) insn & ~3UL;
+    ia64_patch(insn_addr + 2,
+x01fffefe000UL,
+               (  ((val & 0x8000000000000000UL) >> 27) /* bit 63 -> 36 */
+                | ((val & 0x0000000000200000UL) <<  0) /* bit 21 -> 21 */
+                | ((val & 0x00000000001f0000UL) <<  6) /* bit 16 -> 22 */
+                | ((val & 0x000000000000ff80UL) << 20) /* bit  7 -> 27 */
+                | ((val & 0x000000000000007fUL) << 13) /* bit  0 -> 13 */)
+            );
+    ia64_patch(insn_addr + 1, 0x1ffffffffffUL, val >> 22);
+}
+static inline void ia64_imm60b (void *insn, uint64_t val)
+{
+    /* Ignore the slot number of the relocation; GCC and Intel
+       toolchains differed for some time on whether IMM64 relocs are
+       against slot 1 (Intel) or slot 2 (GCC).  */
+    uint64_t insn_addr = (uint64_t) insn & ~3UL;
+    if (val + ((uint64_t) 1 << 59) >= (1UL << 60))
+        fprintf(stderr, "%s: value %ld out of IMM60 range\n",
+                __FUNCTION__, (int64_t) val);
+    ia64_patch_imm60(insn_addr + 2, val);
+}
+static inline void ia64_imm22 (void *insn, uint64_t val)
+{
+    if (val + (1 << 21) >= (1 << 22))
+        fprintf(stderr, "%s: value %li out of IMM22 range\n",
+                __FUNCTION__, (int64_t)val);
+    ia64_patch((uint64_t) insn, 0x01fffcfe000UL,
+               (  ((val & 0x200000UL) << 15) /* bit 21 -> 36 */
+                | ((val & 0x1f0000UL) <<  6) /* bit 16 -> 22 */
+                | ((val & 0x00ff80UL) << 20) /* bit  7 -> 27 */
+                | ((val & 0x00007fUL) << 13) /* bit  0 -> 13 */));
+}
+/* Like ia64_imm22(), but also clear bits 20-21.  For addl, this has
+   the effect of turning "addl rX=imm22,rY" into "addl
+   rX=imm22,r0".  */
+static inline void ia64_imm22_r0 (void *insn, uint64_t val)
+{
+    if (val + (1 << 21) >= (1 << 22))
+        fprintf(stderr, "%s: value %li out of IMM22 range\n",
+                __FUNCTION__, (int64_t)val);
+    ia64_patch((uint64_t) insn, 0x01fffcfe000UL | (0x3UL << 20),
+               (  ((val & 0x200000UL) << 15) /* bit 21 -> 36 */
+                | ((val & 0x1f0000UL) <<  6) /* bit 16 -> 22 */
+                | ((val & 0x00ff80UL) << 20) /* bit  7 -> 27 */
+                | ((val & 0x00007fUL) << 13) /* bit  0 -> 13 */));
+}
+static inline void ia64_imm21b (void *insn, uint64_t val)
+{
+    if (val + (1 << 20) >= (1 << 21))
+        fprintf(stderr, "%s: value %li out of IMM21b range\n",
+                __FUNCTION__, (int64_t)val);
+    ia64_patch((uint64_t) insn, 0x11ffffe000UL,
+               (  ((val & 0x100000UL) << 16) /* bit 20 -> 36 */
+                | ((val & 0x0fffffUL) << 13) /* bit  0 -> 13 */));
+}
+static inline void ia64_nop_b (void *insn)
+{
+    ia64_patch((uint64_t) insn, (1UL << 41) - 1, 2UL << 37);
+}
+static inline void ia64_ldxmov(void *insn, uint64_t val)
+{
+    if (val + (1 << 21) < (1 << 22))
+        ia64_patch((uint64_t) insn, 0x1fff80fe000UL, 8UL << 37);
+}
+static inline int ia64_patch_ltoff(void *insn, uint64_t val,
+                                   int relaxable)
+{
+    if (relaxable && (val + (1 << 21) < (1 << 22))) {
+        ia64_imm22_r0(insn, val);
+        return 0;
+    }
+    return 1;
+}
+struct ia64_fixup {
+    struct ia64_fixup *next;
+    void *addr;                 /* address that needs to be patched */
+    long value;
+};
+#define IA64_PLT(insn, plt_index)                       \
+do {                                                    \
+    struct ia64_fixup *fixup = alloca(sizeof(*fixup));  \
+    fixup->next = plt_fixes;                            \
+    plt_fixes = fixup;                                  \
+    fixup->addr = (insn);                               \
+    fixup->value = (plt_index);                         \
+    plt_offset[(plt_index)] = 1;                        \
+} while (0)
+#define IA64_LTOFF(insn, val, relaxable)                        \
+do {                                                            \
+    if (ia64_patch_ltoff(insn, val, relaxable)) {               \
+        struct ia64_fixup *fixup = alloca(sizeof(*fixup));      \
+        fixup->next = ltoff_fixes;                              \
+        ltoff_fixes = fixup;                                    \
+        fixup->addr = (insn);                                   \
+        fixup->value = (val);                                   \
+    }                                                           \
+} while (0)
+static inline void ia64_apply_fixes (uint8_t **gen_code_pp,
+                                     struct ia64_fixup *ltoff_fixes,
+                                     uint64_t gp,
+                                     struct ia64_fixup *plt_fixes,
+                                     int num_plts,
+                                     unsigned long *plt_target,
+                                     unsigned int *plt_offset)
+{
+    static const uint8_t plt_bundle[] = {
+x04, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, /* nop 0; movl r1=GP */
+x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x60,
+x05, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, /* nop 0; brl IP */
+x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0
+    };
+    uint8_t *gen_code_ptr = *gen_code_pp, *plt_start, *got_start, *vp;
+    struct ia64_fixup *fixup;
+    unsigned int offset = 0;
+    struct fdesc {
+        long ip;
+        long gp;
+    } *fdesc;
+    int i;
+    if (plt_fixes) {
+        plt_start = gen_code_ptr;
+        for (i = 0; i < num_plts; ++i) {
+            if (plt_offset[i]) {
+                plt_offset[i] = offset;
+                offset += sizeof(plt_bundle);
+                fdesc = (struct fdesc *) plt_target[i];
+                memcpy(gen_code_ptr, plt_bundle, sizeof(plt_bundle));
+                ia64_imm64 (gen_code_ptr + 0x02, fdesc->gp);
+                ia64_imm60b(gen_code_ptr + 0x12,
+                            (fdesc->ip - (long) (gen_code_ptr + 0x10)) >> 4);
+                gen_code_ptr += sizeof(plt_bundle);
+            }
+        }
+        for (fixup = plt_fixes; fixup; fixup = fixup->next)
+            ia64_imm21b(fixup->addr,
+                        ((long) plt_start + plt_offset[fixup->value]
+                         - ((long) fixup->addr & ~0xf)) >> 4);
+    }
+    got_start = gen_code_ptr;
+    /* First, create the GOT: */
+    for (fixup = ltoff_fixes; fixup; fixup = fixup->next) {
+        /* first check if we already have this value in the GOT: */
+        for (vp = got_start; vp < gen_code_ptr; ++vp)
+            if (*(uint64_t *) vp == fixup->value)
+                break;
+        if (vp == gen_code_ptr) {
+            /* Nope, we need to put the value in the GOT: */
+            *(uint64_t *) vp = fixup->value;
+            gen_code_ptr += 8;
+        }
+        ia64_imm22(fixup->addr, (long) vp - gp);
+    }
+    /* Keep code ptr aligned. */
+    if ((long) gen_code_ptr & 15)
+        gen_code_ptr += 8;
+    *gen_code_pp = gen_code_ptr;
+}
+#endif

trunk/src/recompiler/elf.h

-              r1
+              r2422
 #define PT_HIPROC  0x7fffffff
 #define PT_MIPS_REGINFO         0x70000000
+#define PT_MIPS_OPTIONS         0x70000001
 /* Flags in the e_flags field of the header */
+/* MIPS architecture level. */
+#define EF_MIPS_ARCH_1          0x00000000      /* -mips1 code.  */
+#define EF_MIPS_ARCH_2          0x10000000      /* -mips2 code.  */
+#define EF_MIPS_ARCH_3          0x20000000      /* -mips3 code.  */
+#define EF_MIPS_ARCH_4          0x30000000      /* -mips4 code.  */
+#define EF_MIPS_ARCH_5          0x40000000      /* -mips5 code.  */
+#define EF_MIPS_ARCH_32         0x50000000      /* MIPS32 code.  */
+#define EF_MIPS_ARCH_64         0x60000000      /* MIPS64 code.  */
+/* The ABI of a file. */
+#define EF_MIPS_ABI_O32         0x00001000      /* O32 ABI.  */
+#define EF_MIPS_ABI_O64         0x00002000      /* O32 extended for 64 bit.  */
 #define EF_MIPS_NOREORDER 0x00000001
 #define EF_MIPS_PIC       0x00000002
 #define EF_MIPS_CPIC      0x00000004
+#define EF_MIPS_ABI2            0x00000020
+#define EF_MIPS_OPTIONS_FIRST   0x00000080
+#define EF_MIPS_32BITMODE       0x00000100
+#define EF_MIPS_ABI             0x0000f000
 #define EF_MIPS_ARCH      0xf0000000
 …
 #define ELF64_R_SYM(i)                  ((i) >> 32)
 #define ELF64_R_TYPE(i)                 ((i) & 0xffffffff)
+#define ELF64_R_TYPE_DATA(i)            (((ELF64_R_TYPE(i) >> 8) ^ 0x00800000) - 0x00800000)
 #define R_386_NONE      0
 …
 #define R_SPARC_11              31
 #define R_SPARC_64              32
+#define R_SPARC_OLO10           33
 #define R_SPARC_WDISP16         40
 #define R_SPARC_WDISP19         41
 …
 #define R_ARM_GOT32             26      /* 32 bit GOT entry */
 #define R_ARM_PLT32             27      /* 32 bit PLT address */
+#define R_ARM_CALL              28
+#define R_ARM_JUMP24            29
 #define R_ARM_GNU_VTENTRY       100
 #define R_ARM_GNU_VTINHERIT     101

trunk/src/recompiler/exec-all.h

-              r1
+              r2422
 #ifdef VBOX
+#include <VBox/tm.h>
+#ifndef LOG_GROUP
+#define LOG_GROUP LOG_GROUP_REM
+#endif
+#include <VBox/log.h>
+#include "REMInternal.h"
+# include <VBox/tm.h>
+# include <VBox/pgm.h> /* PGM_DYNAMIC_RAM_ALLOC */
+# ifndef LOG_GROUP
+#  define LOG_GROUP LOG_GROUP_REM
+# endif
+# include <VBox/log.h>
+# include "REMInternal.h"
+# include <VBox/vm.h>
 #endif /* VBOX */
 …
 #endif
 #if GCC_MAJOR < 3
+#if __GNUC__ < 3
 #define __builtin_expect(x, n) (x)
 #endif
 …
 extern uint8_t gen_opc_cc_op[OPC_BUF_SIZE];
 extern uint8_t gen_opc_instr_start[OPC_BUF_SIZE];
+extern target_ulong gen_opc_jump_pc[2];
+extern uint32_t gen_opc_hflags[OPC_BUF_SIZE];
 typedef void (GenOpFunc)(void);
 …
                            void *puc);
 void cpu_resume_from_signal(CPUState *env1, void *puc);
 void cpu_exec_init(void);
 int page_unprotect(unsigned long address, unsigned long pc, void *puc);
+void cpu_exec_init(CPUState *env);
+int page_unprotect(target_ulong address, unsigned long pc, void *puc);
 void tb_invalidate_phys_page_range(target_ulong start, target_ulong end,
                                    int is_cpu_write_access);
 …
 void tlb_flush_page(CPUState *env, target_ulong addr);
 void tlb_flush(CPUState *env, int flush_global);
+int tlb_set_page(CPUState *env, target_ulong vaddr,
+                 target_phys_addr_t paddr, int prot,
+                 int is_user, int is_softmmu);
+int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
+                      target_phys_addr_t paddr, int prot,
+                      int is_user, int is_softmmu);
+static inline int tlb_set_page(CPUState *env, target_ulong vaddr,
+                               target_phys_addr_t paddr, int prot,
+                               int is_user, int is_softmmu)
+{
+    if (prot & PAGE_READ)
+        prot |= PAGE_EXEC;
+    return tlb_set_page_exec(env, vaddr, paddr, prot, is_user, is_softmmu);
+}
 #define CODE_GEN_MAX_SIZE        65536
 #define CODE_GEN_ALIGN           16 /* must be >= of the size of a icache line */
-#define CODE_GEN_HASH_BITS     15
-#define CODE_GEN_HASH_SIZE     (1 << CODE_GEN_HASH_BITS)
 #define CODE_GEN_PHYS_HASH_BITS     15
 …
 #if defined(__alpha__)
 #define CODE_GEN_BUFFER_SIZE     (2 * 1024 * 1024)
+#elif defined(__ia64)
+#define CODE_GEN_BUFFER_SIZE     (4 * 1024 * 1024)      /* range of addl */
 #elif defined(__powerpc__)
 #define CODE_GEN_BUFFER_SIZE     (6 * 1024 * 1024)
 #else
 #define CODE_GEN_BUFFER_SIZE     (8 * 1024 * 1024)
+#define CODE_GEN_BUFFER_SIZE     (16 * 1024 * 1024)
 #endif
 …
     uint8_t *tc_ptr;    /* pointer to the translated code */
-    struct TranslationBlock *hash_next; /* next matching tb for virtual address */
     /* next matching tb for physical address. */
     struct TranslationBlock *phys_hash_next;
 …
     uint16_t tb_jmp_offset[4]; /* offset of jump instruction */
 #else
+# if defined(VBOX) && defined(__DARWIN__) && defined(__AMD64__)
+#  error "First 4GB aren't reachable. jmp dword [tb_next] wont work."
+# endif
     uint32_t tb_next[2]; /* address of jump generated code */
 #endif
 …
 } TranslationBlock;
+static inline unsigned int tb_hash_func(target_ulong pc)
+{
+    return pc & (CODE_GEN_HASH_SIZE - 1);
+static inline unsigned int tb_jmp_cache_hash_page(target_ulong pc)
+{
+    target_ulong tmp;
+    tmp = pc ^ (pc >> (TARGET_PAGE_BITS - TB_JMP_PAGE_BITS));
+    return (tmp >> TB_JMP_PAGE_BITS) & TB_JMP_PAGE_MASK;
+}
+static inline unsigned int tb_jmp_cache_hash_func(target_ulong pc)
+{
+    target_ulong tmp;
+    tmp = pc ^ (pc >> (TARGET_PAGE_BITS - TB_JMP_PAGE_BITS));
+    return (((tmp >> TB_JMP_PAGE_BITS) & TB_JMP_PAGE_MASK) |
+            (tmp & TB_JMP_ADDR_MASK));
+}
 …
 TranslationBlock *tb_alloc(target_ulong pc);
 void tb_flush(CPUState *env);
-void tb_link(TranslationBlock *tb);
 void tb_link_phys(TranslationBlock *tb,
                   target_ulong phys_pc, target_ulong phys_page2);
-extern TranslationBlock *tb_hash[CODE_GEN_HASH_SIZE];
 extern TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
 extern uint8_t code_gen_buffer[CODE_GEN_BUFFER_SIZE];
 extern uint8_t *code_gen_ptr;
-/* find a translation block in the translation cache. If not found,
-   return NULL and the pointer to the last element of the list in pptb */
-static inline TranslationBlock *tb_find(TranslationBlock ***pptb,
-                                        target_ulong pc,
-                                        target_ulong cs_base,
-                                        unsigned int flags)
+{
-    TranslationBlock **ptb, *tb;
-    unsigned int h;
-    h = tb_hash_func(pc);
-    ptb = &tb_hash[h];
-    for(;;) {
-        tb = *ptb;
-        if (!tb)
-            break;
-        if (tb->pc == pc && tb->cs_base == cs_base && tb->flags == flags)
-            return tb;
-        ptb = &tb->hash_next;
+    }
-    *pptb = ptb;
-    return NULL;
+}
 #if defined(USE_DIRECT_JUMP)
 …
 #endif
+#define ASM_OP_LABEL_NAME(n, opname) \
+    ASM_NAME(__op_label) #n "." ASM_NAME(opname)
 #if defined(__powerpc__)
 …
 do {\
     asm volatile (ASM_DATA_SECTION\
                   ASM_NAME(__op_label) #n "." ASM_NAME(opname) ":\n"\
+                  ASM_OP_LABEL_NAME(n, opname) ":\n"\
                   ".long 1f\n"\
                   ASM_PREVIOUS_SECTION \
 …
 do {\
     asm volatile (".section .data\n"\
                   ASM_NAME(__op_label) #n "." ASM_NAME(opname) ":\n"\
+                  ASM_OP_LABEL_NAME(n, opname) ":\n"\
                   ".long 1f\n"\
                   ASM_PREVIOUS_SECTION \
 …
 /* jump to next block operations (more portable code, does not need
    cache flushing, but slower because of indirect jump) */
+# ifdef VBOX /* bird: GCC4 (and Ming 3.4.x?) will remove the two unused static
+                variables. I've added a dummy __asm__ statement which reference
+                the two variables to prevent this. */
+#  if __GNUC__ >= 4
+#   define GOTO_TB(opname, tbparam, n)\
+    do {\
+        static void __attribute__((unused)) *dummy ## n = &&dummy_label ## n;\
+        static void __attribute__((unused)) *__op_label ## n \
+            __asm__(ASM_OP_LABEL_NAME(n, opname)) = &&label ## n;\
+        __asm__ ("" : : "m" (__op_label ## n), "m" (dummy ## n));\
+        goto *(void *)(uintptr_t)(((TranslationBlock *)tbparam)->tb_next[n]);\
+    label ## n: ;\
+    dummy_label ## n: ;\
+    } while (0)
+#  else
+#   define GOTO_TB(opname, tbparam, n)\
+    do {\
+        static void __attribute__((unused)) *dummy ## n = &&dummy_label ## n;\
+        static void __attribute__((unused)) *__op_label ## n \
+            __asm__(ASM_OP_LABEL_NAME(n, opname)) = &&label ## n;\
+        goto *(void *)(uintptr_t)(((TranslationBlock *)tbparam)->tb_next[n]);\
+    label ## n: ;\
+    dummy_label ## n: ;\
+    } while (0)
+#  endif
+# else /* !VBOX */
 #define GOTO_TB(opname, tbparam, n)\
 do {\
     static void __attribute__((unused)) *dummy ## n = &&dummy_label ## n;\
+    static void __attribute__((unused)) *__op_label ## n = &&label ## n;\
+    static void __attribute__((unused)) *__op_label ## n \
+        __asm__(ASM_OP_LABEL_NAME(n, opname)) = &&label ## n;\
     goto *(void *)(((TranslationBlock *)tbparam)->tb_next[n]);\
 label ## n: ;\
 dummy_label ## n: ;\
 } while (0)
+#endif
+/* XXX: will be suppressed */
+#define JUMP_TB(opname, tbparam, n, eip)\
+do {\
+    GOTO_TB(opname, tbparam, n);\
+    T0 = (long)(tbparam) + (n);\
+    EIP = (int32_t)eip;\
+    EXIT_TB();\
+} while (0)
+# endif /* !VBOX */
+#endif
 extern CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4];
 …
 #endif
+#ifdef __ia64
+#include <ia64intrin.h>
+static inline int testandset (int *p)
+{
+    return __sync_lock_test_and_set (p, 1);
+}
+#endif
 typedef int spinlock_t;
 …
 # ifdef VBOX
 target_ulong remR3PhysGetPhysicalAddressCode(CPUState *env, target_ulong addr, CPUTLBEntry *pTLBEntry);
+#  if defined(PGM_DYNAMIC_RAM_ALLOC) && !defined(REM_PHYS_ADDR_IN_TLB)
 target_ulong remR3HCVirt2GCPhys(void *env, void *addr);
+# endif
+#  endif
+# endif
 /* NOTE: this function can trigger an exception */
 /* NOTE2: the returned address is not exactly the physical address: it
    is the offset relative to phys_ram_base */
-/* XXX: i386 target specific */
 static inline target_ulong get_phys_addr_code(CPUState *env, target_ulong addr)
+{
 …
 #elif defined (TARGET_PPC)
     is_user = msr_pr;
+#elif defined (TARGET_MIPS)
+    is_user = ((env->hflags & MIPS_HFLAG_MODE) == MIPS_HFLAG_UM);
 #elif defined (TARGET_SPARC)
     is_user = (env->psrs == 0);
+#else
+#error "Unimplemented !"
+#endif
+    if (__builtin_expect(env->tlb_read[is_user][index].address !=
+#elif defined (TARGET_ARM)
+    is_user = ((env->uncached_cpsr & CPSR_M) == ARM_CPU_MODE_USR);
+#elif defined (TARGET_SH4)
+    is_user = ((env->sr & SR_MD) == 0);
+#else
+#error unimplemented CPU
+#endif
+    if (__builtin_expect(env->tlb_table[is_user][index].addr_code !=
                          (addr & TARGET_PAGE_MASK), 0)) {
         ldub_code(addr);
+    }
     pd = env->tlb_read[is_user][index].address & ~TARGET_PAGE_MASK;
     if (pd > IO_MEM_ROM) {
 #ifdef VBOX
+    pd = env->tlb_table[is_user][index].addr_code & ~TARGET_PAGE_MASK;
+    if (pd > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
+# ifdef VBOX
         /* deal with non-MMIO access handlers. */
         return remR3PhysGetPhysicalAddressCode(env, addr, &env->tlb_read[is_user][index]);
 #else
+        return remR3PhysGetPhysicalAddressCode(env, addr, &env->tlb_table[is_user][index]);
+# else
         cpu_abort(env, "Trying to execute code outside RAM or ROM at 0x%08lx\n", addr);
 #endif
+# endif
+    }
+#ifdef VBOX
+    return remR3HCVirt2GCPhys(env, (void *)(addr + env->tlb_read[is_user][index].addend));
+#else
+    return addr + env->tlb_read[is_user][index].addend - (unsigned long)phys_ram_base;
+#endif
+}
+#endif
+# if defined(VBOX) && defined(REM_PHYS_ADDR_IN_TLB)
+    return addr + env->tlb_table[is_user][index].addend;
+# elif defined(VBOX) && defined(PGM_DYNAMIC_RAM_ALLOC)
+    return remR3HCVirt2GCPhys(env, (void *)(addr + env->tlb_table[is_user][index].addend));
+# else
+    return addr + env->tlb_table[is_user][index].addend - (unsigned long)phys_ram_base;
+# endif
+}
+#endif
+#ifdef USE_KQEMU
+#define KQEMU_MODIFY_PAGE_MASK (0xff & ~(VGA_DIRTY_FLAG | CODE_DIRTY_FLAG))
+int kqemu_init(CPUState *env);
+int kqemu_cpu_exec(CPUState *env);
+void kqemu_flush_page(CPUState *env, target_ulong addr);
+void kqemu_flush(CPUState *env, int global);
+void kqemu_set_notdirty(CPUState *env, ram_addr_t ram_addr);
+void kqemu_modify_page(CPUState *env, ram_addr_t ram_addr);
+void kqemu_cpu_interrupt(CPUState *env);
+void kqemu_record_dump(void);
+static inline int kqemu_is_ok(CPUState *env)
+{
+    return(env->kqemu_enabled &&
+           (env->cr[0] & CR0_PE_MASK) &&
+           !(env->hflags & HF_INHIBIT_IRQ_MASK) &&
+           (env->eflags & IF_MASK) &&
+           !(env->eflags & VM_MASK) &&
+           (env->kqemu_enabled == 2 ||
+            ((env->hflags & HF_CPL_MASK) == 3 &&
+             (env->eflags & IOPL_MASK) != IOPL_MASK)));
+}
+#endif

trunk/src/recompiler/exec.c

-              r55
+              r2422
  */
 #include "config.h"
+#ifndef VBOX
 #ifdef _WIN32
 #include <windows.h>
 …
 #include <unistd.h>
 #include <inttypes.h>
+#else /* VBOX */
+# include <stdlib.h>
+# include <stdio.h>
+# include <inttypes.h>
+# include <iprt/alloc.h>
+# include <iprt/string.h>
+# include <iprt/param.h>
+# include <VBox/pgm.h> /* PGM_DYNAMIC_RAM_ALLOC */
+#endif /* VBOX */
 #include "cpu.h"
 #include "exec-all.h"
+#ifdef VBOX
+#include <VBox/vm.h>
+#if defined(CONFIG_USER_ONLY)
+#include <qemu.h>
 #endif
 …
 //#define DEBUG_FLUSH
 //#define DEBUG_TLB
+//#define DEBUG_UNASSIGNED
 /* make various TB consistency checks */
 …
 //#define DEBUG_TLB_CHECK
+#if !defined(CONFIG_USER_ONLY)
+/* TB consistency checks only implemented for usermode emulation.  */
+#undef DEBUG_TB_CHECK
+#endif
 /* threshold to flush the translated code buffer */
 #define CODE_GEN_BUFFER_MAX_SIZE (CODE_GEN_BUFFER_SIZE - CODE_GEN_MAX_SIZE)
 …
 #define MMAP_AREA_END          0xa8000000
+#if defined(TARGET_SPARC64)
+#define TARGET_PHYS_ADDR_SPACE_BITS 41
+#elif defined(TARGET_PPC64)
+#define TARGET_PHYS_ADDR_SPACE_BITS 42
+#else
+/* Note: for compatibility with kqemu, we use 32 bits for x86_64 */
+#define TARGET_PHYS_ADDR_SPACE_BITS 32
+#endif
 TranslationBlock tbs[CODE_GEN_MAX_BLOCKS];
-TranslationBlock *tb_hash[CODE_GEN_HASH_SIZE];
 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
 int nb_tbs;
 …
 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
+uint8_t code_gen_buffer[CODE_GEN_BUFFER_SIZE];
+uint8_t code_gen_buffer[CODE_GEN_BUFFER_SIZE]
+#if defined(__MINGW32__)
+    __attribute__((aligned (16)));
+#else
+    __attribute__((aligned (32)));
+#endif
 uint8_t *code_gen_ptr;
+#if !defined(VBOX)
+#ifndef VBOX
+int phys_ram_size;
 int phys_ram_fd;
+#endif /* !VBOX */
+uint32_t phys_ram_size;
+int phys_ram_size;
+#else /* VBOX */
+RTGCPHYS phys_ram_size;
+/* we have memory ranges (the high PC-BIOS mapping) which
+   causes some pages to fall outside the dirty map here. */
+uint32_t phys_ram_dirty_size;
+#endif /* VBOX */
+#if !defined(VBOX) || !(defined(PGM_DYNAMIC_RAM_ALLOC) || defined(REM_PHYS_ADDR_IN_TLB))
 uint8_t *phys_ram_base;
+#endif
 uint8_t *phys_ram_dirty;
+CPUState *first_cpu;
+/* current CPU in the current thread. It is only valid inside
+   cpu_exec() */
+CPUState *cpu_single_env;
 typedef struct PageDesc {
 …
 typedef struct PhysPageDesc {
     /* offset in host memory of the page + io_index in the low 12 bits */
     unsigned long phys_offset;
+    uint32_t phys_offset;
 } PhysPageDesc;
-typedef struct VirtPageDesc {
-    /* physical address of code page. It is valid only if 'valid_tag'
-       matches 'virt_valid_tag' */
-    target_ulong phys_addr;
-    unsigned int valid_tag;
-#if !defined(CONFIG_SOFTMMU)
-    /* original page access rights. It is valid only if 'valid_tag'
-       matches 'virt_valid_tag' */
-    unsigned int prot;
-#endif
-} VirtPageDesc;
 #define L2_BITS 10
 …
 /* XXX: for system emulation, it could just be an array */
 static PageDesc *l1_map[L1_SIZE];
+static PhysPageDesc *l1_phys_map[L1_SIZE];
+#if !defined(CONFIG_USER_ONLY)
+static VirtPageDesc *l1_virt_map[L1_SIZE];
+static unsigned int virt_valid_tag;
+#endif
+PhysPageDesc **l1_phys_map;
 /* io memory support */
 …
 /* log support */
 char *logfilename = "/tmp/qemu.log";
+#endif /* !VBOX */
 FILE *logfile;
 int loglevel;
-#endif
 /* statistics */
 static int tlb_flush_count;
 static int tb_flush_count;
+#ifndef VBOX
 static int tb_phys_invalidate_count;
+#endif /* !VBOX */
 static void page_init(void)
 …
     /* NOTE: we can always suppose that qemu_host_page_size >=
        TARGET_PAGE_SIZE */
+#ifdef VBOX
+    RTMemProtect(code_gen_buffer, sizeof(code_gen_buffer),
+                 RTMEM_PROT_EXEC | RTMEM_PROT_READ | RTMEM_PROT_WRITE);
+    qemu_real_host_page_size = PAGE_SIZE;
+#else /* !VBOX */
 #ifdef _WIN32
+    {
 …
+    }
 #endif
+#endif /* !VBOX */
     if (qemu_host_page_size == 0)
 …
         qemu_host_page_bits++;
     qemu_host_page_mask = ~(qemu_host_page_size - 1);
+#if !defined(CONFIG_USER_ONLY)
+    virt_valid_tag = 1;
+#endif
+    l1_phys_map = qemu_vmalloc(L1_SIZE * sizeof(void *));
+    memset(l1_phys_map, 0, L1_SIZE * sizeof(void *));
+}
 …
+}
+static inline PhysPageDesc *phys_page_find_alloc(unsigned int index)
+{
+    PhysPageDesc **lp, *p;
+    lp = &l1_phys_map[index >> L2_BITS];
+static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
+{
+    void **lp, **p;
+    PhysPageDesc *pd;
+    p = (void **)l1_phys_map;
+#if TARGET_PHYS_ADDR_SPACE_BITS > 32
+#if TARGET_PHYS_ADDR_SPACE_BITS > (32 + L1_BITS)
+#error unsupported TARGET_PHYS_ADDR_SPACE_BITS
+#endif
+    lp = p + ((index >> (L1_BITS + L2_BITS)) & (L1_SIZE - 1));
     p = *lp;
     if (!p) {
         /* allocate if not found */
+        p = qemu_malloc(sizeof(PhysPageDesc) * L2_SIZE);
+        memset(p, 0, sizeof(PhysPageDesc) * L2_SIZE);
+        if (!alloc)
+            return NULL;
+        p = qemu_vmalloc(sizeof(void *) * L1_SIZE);
+        memset(p, 0, sizeof(void *) * L1_SIZE);
         *lp = p;
+    }
+    return p + (index & (L2_SIZE - 1));
+}
+static inline PhysPageDesc *phys_page_find(unsigned int index)
+{
+    PhysPageDesc *p;
+    p = l1_phys_map[index >> L2_BITS];
+    if (!p)
+        return 0;
+#ifdef VBOX
+    p = p + (index & (L2_SIZE - 1));
+    if ((p->phys_offset & ~TARGET_PAGE_MASK) == IO_MEM_RAM_MISSING)
+        remR3GrowDynRange(p->phys_offset & TARGET_PAGE_MASK);
+    return p;
+#else
+    return p + (index & (L2_SIZE - 1));
+#endif
+#endif
+    lp = p + ((index >> L2_BITS) & (L1_SIZE - 1));
+    pd = *lp;
+    if (!pd) {
+        int i;
+        /* allocate if not found */
+        if (!alloc)
+            return NULL;
+        pd = qemu_vmalloc(sizeof(PhysPageDesc) * L2_SIZE);
+        *lp = pd;
+        for (i = 0; i < L2_SIZE; i++)
+          pd[i].phys_offset = IO_MEM_UNASSIGNED;
+    }
+#if defined(VBOX) && defined(PGM_DYNAMIC_RAM_ALLOC)
+    pd = ((PhysPageDesc *)pd) + (index & (L2_SIZE - 1));
+    if (RT_UNLIKELY((pd->phys_offset & ~TARGET_PAGE_MASK) == IO_MEM_RAM_MISSING))
+        remR3GrowDynRange(pd->phys_offset & TARGET_PAGE_MASK);
+    return pd;
+#else
+    return ((PhysPageDesc *)pd) + (index & (L2_SIZE - 1));
+#endif
+}
+static inline PhysPageDesc *phys_page_find(target_phys_addr_t index)
+{
+    return phys_page_find_alloc(index, 0);
+}
 #if !defined(CONFIG_USER_ONLY)
+static void tlb_protect_code(CPUState *env, target_ulong addr);
+static void tlb_unprotect_code_phys(CPUState *env, unsigned long phys_addr, target_ulong vaddr);
+static inline VirtPageDesc *virt_page_find_alloc(unsigned int index)
+{
+    VirtPageDesc **lp, *p;
+    /* XXX: should not truncate for 64 bit addresses */
+#if TARGET_LONG_BITS > 32
+    index &= (L1_SIZE - 1);
+#endif
+    lp = &l1_virt_map[index >> L2_BITS];
+    p = *lp;
+    if (!p) {
+        /* allocate if not found */
+        p = qemu_malloc(sizeof(VirtPageDesc) * L2_SIZE);
+        memset(p, 0, sizeof(VirtPageDesc) * L2_SIZE);
+        *lp = p;
+    }
+    return p + (index & (L2_SIZE - 1));
+}
+static inline VirtPageDesc *virt_page_find(unsigned int index)
+{
+    VirtPageDesc *p;
+    p = l1_virt_map[index >> L2_BITS];
+    if (!p)
+        return 0;
+    return p + (index & (L2_SIZE - 1));
+}
+static void virt_page_flush(void)
+{
+    int i, j;
+    VirtPageDesc *p;
+    virt_valid_tag++;
+    if (virt_valid_tag == 0) {
+        virt_valid_tag = 1;
+        for(i = 0; i < L1_SIZE; i++) {
+            p = l1_virt_map[i];
+            if (p) {
+                for(j = 0; j < L2_SIZE; j++)
+                    p[j].valid_tag = 0;
+            }
+        }
+    }
+}
+#else
+static void virt_page_flush(void)
+{
+}
+#endif
+void cpu_exec_init(void)
+{
+static void tlb_protect_code(ram_addr_t ram_addr);
+static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
+                                    target_ulong vaddr);
+#endif
+void cpu_exec_init(CPUState *env)
+{
+    CPUState **penv;
+    int cpu_index;
     if (!code_gen_ptr) {
         code_gen_ptr = code_gen_buffer;
 …
         io_mem_init();
+    }
+    env->next_cpu = NULL;
+    penv = &first_cpu;
+    cpu_index = 0;
+    while (*penv != NULL) {
+        penv = (CPUState **)&(*penv)->next_cpu;
+        cpu_index++;
+    }
+    env->cpu_index = cpu_index;
+    *penv = env;
+}
 …
 /* flush all the translation blocks */
 /* XXX: tb_flush is currently not thread safe */
+void tb_flush(CPUState *env)
+{
+void tb_flush(CPUState *env1)
+{
+    CPUState *env;
 #if defined(DEBUG_FLUSH)
     printf("qemu: flush code_size=%d nb_tbs=%d avg_tb_size=%d\n",
 …
 #endif
     nb_tbs = 0;
+    memset (tb_hash, 0, CODE_GEN_HASH_SIZE * sizeof (void *));
+    virt_page_flush();
+    for(env = first_cpu; env != NULL; env = env->next_cpu) {
+        memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
+    }
     memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
 …
     int i;
     address &= TARGET_PAGE_MASK;
     for(i = 0;i < CODE_GEN_HASH_SIZE; i++) {
         for(tb = tb_hash[i]; tb != NULL; tb = tb->hash_next) {
+    for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
+        for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
             if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
                   address >= tb->pc + tb->size)) {
                 printf("ERROR invalidate: address=%08lx PC=%08lx size=%04x\n",
                        address, tb->pc, tb->size);
+                       address, (long)tb->pc, tb->size);
+            }
+        }
 …
     int i, flags1, flags2;
     for(i = 0;i < CODE_GEN_HASH_SIZE; i++) {
         for(tb = tb_hash[i]; tb != NULL; tb = tb->hash_next) {
+    for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
+        for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
             flags1 = page_get_flags(tb->pc);
             flags2 = page_get_flags(tb->pc + tb->size - 1);
             if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
                 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
                        tb->pc, tb->size, flags1, flags2);
+                       (long)tb->pc, tb->size, flags1, flags2);
+            }
+        }
 …
+}
+static inline void tb_invalidate(TranslationBlock *tb)
+{
+static inline void tb_phys_invalidate(TranslationBlock *tb, unsigned int page_addr)
+{
+    CPUState *env;
+    PageDesc *p;
     unsigned int h, n1;
+    TranslationBlock *tb1, *tb2, **ptb;
+    target_ulong phys_pc;
+    TranslationBlock *tb1, *tb2;
+    /* remove the TB from the hash list */
+    phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
+    h = tb_phys_hash_func(phys_pc);
+    tb_remove(&tb_phys_hash[h], tb,
+              offsetof(TranslationBlock, phys_hash_next));
+    /* remove the TB from the page list */
+    if (tb->page_addr[0] != page_addr) {
+        p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
+        tb_page_remove(&p->first_tb, tb);
+        invalidate_page_bitmap(p);
+    }
+    if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
+        p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
+        tb_page_remove(&p->first_tb, tb);
+        invalidate_page_bitmap(p);
+    }
     tb_invalidated_flag = 1;
     /* remove the TB from the hash list */
+    h = tb_hash_func(tb->pc);
+    ptb = &tb_hash[h];
+    for(;;) {
+        tb1 = *ptb;
+        /* NOTE: the TB is not necessarily linked in the hash. It
+           indicates that it is not currently used */
+        if (tb1 == NULL)
+            return;
+        if (tb1 == tb) {
+            *ptb = tb1->hash_next;
+            break;
+        }
+        ptb = &tb1->hash_next;
+    h = tb_jmp_cache_hash_func(tb->pc);
+    for(env = first_cpu; env != NULL; env = env->next_cpu) {
+        if (env->tb_jmp_cache[h] == tb)
+            env->tb_jmp_cache[h] = NULL;
+    }
 …
+    }
     tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
+#ifndef VBOX
+    tb_phys_invalidate_count++;
+#endif /* !VBOX */
+}
 …
 void tb_invalidate_virt(CPUState *env, uint32_t eip)
+{
 #if 1
+# if 1
     tb_flush(env);
 #else
+# else
     uint8_t *cs_base, *pc;
     unsigned int flags, h, phys_pc;
 …
     if(tb)
+    {
 #ifdef DEBUG
+#  ifdef DEBUG
         printf("invalidating TB (%08X) at %08X\n", tb, eip);
 #endif
+#  endif
         tb_invalidate(tb);
         //Note: this will leak TBs, but the whole cache will be flushed
 …
         tb->flags = 0;
+    }
 #endif
+# endif
+}
 …
 # endif /* VBOX_STRICT */
 #endif /* VBOX */
-static inline void tb_phys_invalidate(TranslationBlock *tb, unsigned int page_addr)
+{
-    PageDesc *p;
-    unsigned int h;
-    target_ulong phys_pc;
-    /* remove the TB from the hash list */
-    phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
-    h = tb_phys_hash_func(phys_pc);
-    tb_remove(&tb_phys_hash[h], tb,
-              offsetof(TranslationBlock, phys_hash_next));
-    /* remove the TB from the page list */
-    if (tb->page_addr[0] != page_addr) {
-        p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
-        tb_page_remove(&p->first_tb, tb);
-        invalidate_page_bitmap(p);
+    }
-    if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
-        p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
-        tb_page_remove(&p->first_tb, tb);
-        invalidate_page_bitmap(p);
+    }
-    tb_invalidate(tb);
-    tb_phys_invalidate_count++;
+}
 static inline void set_bits(uint8_t *tab, int start, int len)
 …
+            }
 #endif /* TARGET_HAS_PRECISE_SMC */
+            saved_tb = env->current_tb;
+            env->current_tb = NULL;
+            /* we need to do that to handle the case where a signal
+               occurs while doing tb_phys_invalidate() */
+            saved_tb = NULL;
+            if (env) {
+                saved_tb = env->current_tb;
+                env->current_tb = NULL;
+            }
             tb_phys_invalidate(tb, -1);
+            env->current_tb = saved_tb;
+            if (env->interrupt_request && env->current_tb)
+                cpu_interrupt(env, env->interrupt_request);
+            if (env) {
+                env->current_tb = saved_tb;
+                if (env->interrupt_request && env->current_tb)
+                    cpu_interrupt(env, env->interrupt_request);
+            }
+        }
         tb = tb_next;
 …
 /* add the tb in the target page and protect it if necessary */
 static inline void tb_alloc_page(TranslationBlock *tb,
                                  unsigned int n, unsigned int page_addr)
+                                 unsigned int n, target_ulong page_addr)
+{
     PageDesc *p;
 …
     tb->page_addr[n] = page_addr;
     p = page_find(page_addr >> TARGET_PAGE_BITS);
+    p = page_find_alloc(page_addr >> TARGET_PAGE_BITS);
     tb->page_next[n] = p->first_tb;
     last_first_tb = p->first_tb;
 …
 #if defined(CONFIG_USER_ONLY)
     if (p->flags & PAGE_WRITE) {
+        unsigned long host_start, host_end, addr;
+        target_ulong addr;
+        PageDesc *p2;
         int prot;
         /* force the host page as non writable (writes will have a
            page fault + mprotect overhead) */
+        host_start = page_addr & qemu_host_page_mask;
+        host_end = host_start + qemu_host_page_size;
+        page_addr &= qemu_host_page_mask;
         prot = 0;
+        for(addr = host_start; addr < host_end; addr += TARGET_PAGE_SIZE)
+            prot |= page_get_flags(addr);
+        mprotect((void *)host_start, qemu_host_page_size,
+        for(addr = page_addr; addr < page_addr + qemu_host_page_size;
+            addr += TARGET_PAGE_SIZE) {
+            p2 = page_find (addr >> TARGET_PAGE_BITS);
+            if (!p2)
+                continue;
+            prot |= p2->flags;
+            p2->flags &= ~PAGE_WRITE;
+            page_get_flags(addr);
+          }
+        mprotect(g2h(page_addr), qemu_host_page_size,
                  (prot & PAGE_BITS) & ~PAGE_WRITE);
 #ifdef DEBUG_TB_INVALIDATE
         printf("protecting code page: 0x%08lx\n",
+               host_start);
+#endif
+        p->flags &= ~PAGE_WRITE;
+               page_addr);
+#endif
+    }
 #else
 …
        allocated in a physical page */
     if (!last_first_tb) {
+        target_ulong virt_addr;
+        virt_addr = (tb->pc & TARGET_PAGE_MASK) + (n << TARGET_PAGE_BITS);
+        tlb_protect_code(cpu_single_env, virt_addr);
+        tlb_protect_code(page_addr);
+    }
 #endif
 …
     else
         tb->page_addr[1] = -1;
-#ifdef DEBUG_TB_CHECK
-    tb_page_check();
-#endif
+}
-/* link the tb with the other TBs */
-void tb_link(TranslationBlock *tb)
+{
-#if !defined(CONFIG_USER_ONLY)
+    {
-        VirtPageDesc *vp;
-        target_ulong addr;
-        /* save the code memory mappings (needed to invalidate the code) */
-        addr = tb->pc & TARGET_PAGE_MASK;
-        vp = virt_page_find_alloc(addr >> TARGET_PAGE_BITS);
-#ifdef DEBUG_TLB_CHECK
-        if (vp->valid_tag == virt_valid_tag &&
-            vp->phys_addr != tb->page_addr[0]) {
-            printf("Error tb addr=0x%x phys=0x%x vp->phys_addr=0x%x\n",
-                   addr, tb->page_addr[0], vp->phys_addr);
+        }
-#endif
-        vp->phys_addr = tb->page_addr[0];
-        if (vp->valid_tag != virt_valid_tag) {
-            vp->valid_tag = virt_valid_tag;
-#if !defined(CONFIG_SOFTMMU)
-            vp->prot = 0;
-#endif
+        }
-        if (tb->page_addr[1] != -1) {
-            addr += TARGET_PAGE_SIZE;
-            vp = virt_page_find_alloc(addr >> TARGET_PAGE_BITS);
-#ifdef DEBUG_TLB_CHECK
-            if (vp->valid_tag == virt_valid_tag &&
-                vp->phys_addr != tb->page_addr[1]) {
-                printf("Error tb addr=0x%x phys=0x%x vp->phys_addr=0x%x\n",
-                       addr, tb->page_addr[1], vp->phys_addr);
+            }
-#endif
-            vp->phys_addr = tb->page_addr[1];
-            if (vp->valid_tag != virt_valid_tag) {
-                vp->valid_tag = virt_valid_tag;
-#if !defined(CONFIG_SOFTMMU)
-                vp->prot = 0;
-#endif
+            }
+        }
+    }
-#endif
     tb->jmp_first = (TranslationBlock *)((long)tb | 2);
 …
     if (tb->tb_next_offset[1] != 0xffff)
         tb_reset_jump(tb, 1);
+#ifdef DEBUG_TB_CHECK
+    tb_page_check();
+#endif
+}
 …
+}
 #if defined(TARGET_I386) || defined(TARGET_PPC) || defined(TARGET_SPARC)
+#if defined(TARGET_HAS_ICE)
 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
+{
+    target_ulong phys_addr;
+    phys_addr = cpu_get_phys_page_debug(env, pc);
+    tb_invalidate_phys_page_range(phys_addr, phys_addr + 1, 0);
+    target_ulong addr, pd;
+    ram_addr_t ram_addr;
+    PhysPageDesc *p;
+    addr = cpu_get_phys_page_debug(env, pc);
+    p = phys_page_find(addr >> TARGET_PAGE_BITS);
+    if (!p) {
+        pd = IO_MEM_UNASSIGNED;
+    } else {
+        pd = p->phys_offset;
+    }
+    ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
+    tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
+}
 #endif
 …
 int cpu_breakpoint_insert(CPUState *env, target_ulong pc)
+{
 #if defined(TARGET_I386) || defined(TARGET_PPC) || defined(TARGET_SPARC)
+#if defined(TARGET_HAS_ICE)
     int i;
 …
 int cpu_breakpoint_remove(CPUState *env, target_ulong pc)
+{
 #if defined(TARGET_I386) || defined(TARGET_PPC) || defined(TARGET_SPARC)
+#if defined(TARGET_HAS_ICE)
     int i;
     for(i = 0; i < env->nb_breakpoints; i++) {
 …
     return -1;
  found:
-    memmove(&env->breakpoints[i], &env->breakpoints[i + 1],
-            (env->nb_breakpoints - (i + 1)) * sizeof(env->breakpoints[0]));
     env->nb_breakpoints--;
+    if (i < env->nb_breakpoints)
+      env->breakpoints[i] = env->breakpoints[env->nb_breakpoints];
     breakpoint_invalidate(env, pc);
 …
 void cpu_single_step(CPUState *env, int enabled)
+{
 #if defined(TARGET_I386) || defined(TARGET_PPC) || defined(TARGET_SPARC)
+#if defined(TARGET_HAS_ICE)
     if (env->singlestep_enabled != enabled) {
         env->singlestep_enabled = enabled;
 …
     logfilename = strdup(filename);
+}
 #endif
+#endif /* !VBOX */
 /* mask must never be zero, except for A20 change call */
 …
     static int interrupt_lock;
 #if defined(VBOX)
+#ifdef VBOX
     VM_ASSERT_EMT(env->pVM);
     ASMAtomicOrS32(&env->interrupt_request, mask);
 #else /* VBOX */
+#else /* !VBOX */
     env->interrupt_request |= mask;
 #endif /* VBOX */
+#endif /* !VBOX */
     /* if the cpu is currently executing code, we must unlink it and
        all the potentially executing TB */
 …
 void cpu_reset_interrupt(CPUState *env, int mask)
+{
 #if defined(VBOX)
+#ifdef VBOX
     /*
      * Note: the current implementation can be executed by another thread without problems; make sure this remains true
 …
 #endif /* !VBOX */
 #if !defined(VBOX) /* VBOX: we have our own routine. */
+#ifndef VBOX /* VBOX: we have our own routine. */
 void cpu_abort(CPUState *env, const char *fmt, ...)
+{
 …
     for(i = 0; i < CPU_TLB_SIZE; i++) {
+        env->tlb_read[0][i].address = -1;
+        env->tlb_write[0][i].address = -1;
+        env->tlb_read[1][i].address = -1;
+        env->tlb_write[1][i].address = -1;
+    }
+    virt_page_flush();
+    memset (tb_hash, 0, CODE_GEN_HASH_SIZE * sizeof (void *));
+        env->tlb_table[0][i].addr_read = -1;
+        env->tlb_table[0][i].addr_write = -1;
+        env->tlb_table[0][i].addr_code = -1;
+        env->tlb_table[1][i].addr_read = -1;
+        env->tlb_table[1][i].addr_write = -1;
+        env->tlb_table[1][i].addr_code = -1;
+    }
+    memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
 #if !defined(CONFIG_SOFTMMU)
     munmap((void *)MMAP_AREA_START, MMAP_AREA_END - MMAP_AREA_START);
+#elif defined(VBOX)
+#endif
+#ifdef VBOX
     /* inform raw mode about TLB flush */
     remR3FlushTLB(env, flush_global);
 #endif
+#ifdef USE_KQEMU
+    if (env->kqemu_enabled) {
+        kqemu_flush(env, flush_global);
+    }
+#endif
     tlb_flush_count++;
+}
 …
 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
+{
+    if (addr == (tlb_entry->address &
+                 (TARGET_PAGE_MASK | TLB_INVALID_MASK)))
+        tlb_entry->address = -1;
+    if (addr == (tlb_entry->addr_read &
+                 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
+        addr == (tlb_entry->addr_write &
+                 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
+        addr == (tlb_entry->addr_code &
+                 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
+        tlb_entry->addr_read = -1;
+        tlb_entry->addr_write = -1;
+        tlb_entry->addr_code = -1;
+    }
+}
 void tlb_flush_page(CPUState *env, target_ulong addr)
+{
+    int i, n;
+    VirtPageDesc *vp;
+    PageDesc *p;
+    int i;
     TranslationBlock *tb;
 #if defined(DEBUG_TLB)
     printf("tlb_flush_page: 0x%08x\n", addr);
+    printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
 #endif
     /* must reset current TB so that interrupts cannot modify the
 …
     addr &= TARGET_PAGE_MASK;
     i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
+    tlb_flush_entry(&env->tlb_read[0][i], addr);
+    tlb_flush_entry(&env->tlb_write[0][i], addr);
+    tlb_flush_entry(&env->tlb_read[1][i], addr);
+    tlb_flush_entry(&env->tlb_write[1][i], addr);
+    /* remove from the virtual pc hash table all the TB at this
+       virtual address */
+    vp = virt_page_find(addr >> TARGET_PAGE_BITS);
+    if (vp && vp->valid_tag == virt_valid_tag) {
+        p = page_find(vp->phys_addr >> TARGET_PAGE_BITS);
+        if (p) {
+            /* we remove all the links to the TBs in this virtual page */
+            tb = p->first_tb;
+            while (tb != NULL) {
+                n = (long)tb & 3;
+                tb = (TranslationBlock *)((long)tb & ~3);
+                if ((tb->pc & TARGET_PAGE_MASK) == addr ||
+                    ((tb->pc + tb->size - 1) & TARGET_PAGE_MASK) == addr) {
+                    tb_invalidate(tb);
+                }
+                tb = tb->page_next[n];
+            }
+        }
+        vp->valid_tag = 0;
+    }
+    tlb_flush_entry(&env->tlb_table[0][i], addr);
+    tlb_flush_entry(&env->tlb_table[1][i], addr);
+    /* Discard jump cache entries for any tb which might potentially
+       overlap the flushed page.  */
+    i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
+    memset (&env->tb_jmp_cache[i], 0, TB_JMP_PAGE_SIZE * sizeof(tb));
+    i = tb_jmp_cache_hash_page(addr);
+    memset (&env->tb_jmp_cache[i], 0, TB_JMP_PAGE_SIZE * sizeof(tb));
 #if !defined(CONFIG_SOFTMMU)
     if (addr < MMAP_AREA_END)
         munmap((void *)addr, TARGET_PAGE_SIZE);
+#elif defined(VBOX)
+#endif
+#ifdef VBOX
     /* inform raw mode about TLB page flush */
     remR3FlushPage(env, addr);
+#endif
+}
+static inline void tlb_protect_code1(CPUTLBEntry *tlb_entry, target_ulong addr)
+{
+    if (addr == (tlb_entry->address &
+                 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) &&
+        (tlb_entry->address & ~TARGET_PAGE_MASK) != IO_MEM_CODE &&
+        (tlb_entry->address & ~TARGET_PAGE_MASK) != IO_MEM_ROM) {
+        tlb_entry->address = (tlb_entry->address & TARGET_PAGE_MASK) | IO_MEM_CODE;
+    }
+#endif /* VBOX */
+#ifdef USE_KQEMU
+    if (env->kqemu_enabled) {
+        kqemu_flush_page(env, addr);
+    }
+#endif
+}
 /* update the TLBs so that writes to code in the virtual page 'addr'
    can be detected */
+static void tlb_protect_code(CPUState *env, target_ulong addr)
+{
+    int i;
+    addr &= TARGET_PAGE_MASK;
+    i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
+    tlb_protect_code1(&env->tlb_write[0][i], addr);
+    tlb_protect_code1(&env->tlb_write[1][i], addr);
+#if !defined(CONFIG_SOFTMMU)
+    /* NOTE: as we generated the code for this page, it is already at
+       least readable */
+    if (addr < MMAP_AREA_END)
+        mprotect((void *)addr, TARGET_PAGE_SIZE, PROT_READ);
+#endif
+static void tlb_protect_code(ram_addr_t ram_addr)
+{
+    cpu_physical_memory_reset_dirty(ram_addr,
+                                    ram_addr + TARGET_PAGE_SIZE,
+                                    CODE_DIRTY_FLAG);
 #if defined(VBOX) && defined(REM_MONITOR_CODE_PAGES)
+    remR3ProtectCode(env, addr);
+#endif
+}
+static inline void tlb_unprotect_code2(CPUTLBEntry *tlb_entry,
+                                       unsigned long phys_addr)
+{
+    if ((tlb_entry->address & ~TARGET_PAGE_MASK) == IO_MEM_CODE &&
+        ((tlb_entry->address & TARGET_PAGE_MASK) + tlb_entry->addend) == phys_addr) {
+        tlb_entry->address = (tlb_entry->address & TARGET_PAGE_MASK) | IO_MEM_NOTDIRTY;
+    }
+    /** @todo Retest this? This function has changed... */
+    remR3ProtectCode(cpu_single_env, ram_addr);
+#endif
+}
 /* update the TLB so that writes in physical page 'phys_addr' are no longer
+   tested self modifying code */
+static void tlb_unprotect_code_phys(CPUState *env, unsigned long phys_addr, target_ulong vaddr)
+{
+    int i;
+    phys_addr &= TARGET_PAGE_MASK;
+   tested for self modifying code */
+static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
+                                    target_ulong vaddr)
+{
 #ifdef VBOX
+    phys_addr = (unsigned long)remR3GCPhys2HCVirt(env, phys_addr);
+#else
+    phys_addr += (long)phys_ram_base;
+#endif
+    i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
+    tlb_unprotect_code2(&env->tlb_write[0][i], phys_addr);
+    tlb_unprotect_code2(&env->tlb_write[1][i], phys_addr);
+    if (RT_LIKELY((ram_addr >> TARGET_PAGE_BITS) < phys_ram_dirty_size))
+#endif
+    phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] |= CODE_DIRTY_FLAG;
+}
 …
+{
     unsigned long addr;
     if ((tlb_entry->address & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
         addr = (tlb_entry->address & TARGET_PAGE_MASK) + tlb_entry->addend;
+    if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
+        addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
         if ((addr - start) < length) {
+            tlb_entry->address = (tlb_entry->address & TARGET_PAGE_MASK) | IO_MEM_NOTDIRTY;
+        }
+    }
+}
+void cpu_physical_memory_reset_dirty(target_ulong start, target_ulong end)
+            tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | IO_MEM_NOTDIRTY;
+        }
+    }
+}
+void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
+                                     int dirty_flags)
+{
     CPUState *env;
     unsigned long length, start1;
+    int i;
+    int i, mask, len;
+    uint8_t *p;
     start &= TARGET_PAGE_MASK;
 …
     if (length == 0)
         return;
+    memset(phys_ram_dirty + (start >> TARGET_PAGE_BITS), 0, length >> TARGET_PAGE_BITS);
+    env = cpu_single_env;
+    len = length >> TARGET_PAGE_BITS;
+#ifdef USE_KQEMU
+    /* XXX: should not depend on cpu context */
+    env = first_cpu;
+    if (env->kqemu_enabled) {
+        ram_addr_t addr;
+        addr = start;
+        for(i = 0; i < len; i++) {
+            kqemu_set_notdirty(env, addr);
+            addr += TARGET_PAGE_SIZE;
+        }
+    }
+#endif
+    mask = ~dirty_flags;
+    p = phys_ram_dirty + (start >> TARGET_PAGE_BITS);
+#ifdef VBOX
+    if (RT_LIKELY((start >> TARGET_PAGE_BITS) < phys_ram_dirty_size))
+#endif
+    for(i = 0; i < len; i++)
+        p[i] &= mask;
     /* we modify the TLB cache so that the dirty bit will be set again
        when accessing the range */
 #ifdef VBOX
     start1 = (unsigned long)remR3GCPhys2HCVirt(env, start);
 #else
+#if defined(VBOX) && defined(REM_PHYS_ADDR_IN_TLB)
+    start1 = start;
+#elif !defined(VBOX) || !defined(PGM_DYNAMIC_RAM_ALLOC)
     start1 = start + (unsigned long)phys_ram_base;
+#endif
+    for(i = 0; i < CPU_TLB_SIZE; i++)
+        tlb_reset_dirty_range(&env->tlb_write[0][i], start1, length);
+    for(i = 0; i < CPU_TLB_SIZE; i++)
+        tlb_reset_dirty_range(&env->tlb_write[1][i], start1, length);
+#if !defined(CONFIG_SOFTMMU) && !defined(VBOX)
+#else
+    start1 = (unsigned long)remR3GCPhys2HCVirt(first_cpu, start);
+#endif
+    for(env = first_cpu; env != NULL; env = env->next_cpu) {
+        for(i = 0; i < CPU_TLB_SIZE; i++)
+            tlb_reset_dirty_range(&env->tlb_table[0][i], start1, length);
+        for(i = 0; i < CPU_TLB_SIZE; i++)
+            tlb_reset_dirty_range(&env->tlb_table[1][i], start1, length);
+    }
+#if !defined(CONFIG_SOFTMMU)
+#ifdef VBOX /**@todo remove this check */
+# error "We shouldn't get here..."
+#endif
     /* XXX: this is expensive */
+    {
 …
+}
+static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
+{
+    ram_addr_t ram_addr;
+    if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
+        /* RAM case */
+#if defined(VBOX) && defined(REM_PHYS_ADDR_IN_TLB)
+        ram_addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
+#elif !defined(VBOX) || !defined(PGM_DYNAMIC_RAM_ALLOC)
+        ram_addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) +
+            tlb_entry->addend - (unsigned long)phys_ram_base;
+#else
+        ram_addr = remR3HCVirt2GCPhys(first_cpu, (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend);
+#endif
+        if (!cpu_physical_memory_is_dirty(ram_addr)) {
+            tlb_entry->addr_write |= IO_MEM_NOTDIRTY;
+        }
+    }
+}
+/* update the TLB according to the current state of the dirty bits */
+void cpu_tlb_update_dirty(CPUState *env)
+{
+    int i;
+    for(i = 0; i < CPU_TLB_SIZE; i++)
+        tlb_update_dirty(&env->tlb_table[0][i]);
+    for(i = 0; i < CPU_TLB_SIZE; i++)
+        tlb_update_dirty(&env->tlb_table[1][i]);
+}
 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry,
                                     unsigned long start)
+                                  unsigned long start)
+{
     unsigned long addr;
     if ((tlb_entry->address & ~TARGET_PAGE_MASK) == IO_MEM_NOTDIRTY) {
         addr = (tlb_entry->address & TARGET_PAGE_MASK) + tlb_entry->addend;
+    if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_NOTDIRTY) {
+        addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
         if (addr == start) {
             tlb_entry->address = (tlb_entry->address & TARGET_PAGE_MASK) | IO_MEM_RAM;
+            tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | IO_MEM_RAM;
+        }
+    }
 …
 /* update the TLB corresponding to virtual page vaddr and phys addr
    addr so that it is no longer dirty */
 static inline void tlb_set_dirty(unsigned long addr, target_ulong vaddr)
+{
+    CPUState *env = cpu_single_env;
+static inline void tlb_set_dirty(CPUState *env,
+                                 unsigned long addr, target_ulong vaddr)
+{
     int i;
-#ifdef VBOX
-    if (remR3HCVirt2GCPhys(env, (void *)addr) > phys_ram_size)
+    {
-        Log(("phys_ram_dirty exceeded at address %VGp, ignoring\n",
-             (RTGCPHYS)(addr - (uintptr_t)phys_ram_base)));
-        return;
+    }
-    phys_ram_dirty[(unsigned long)remR3HCVirt2GCPhys(env, (void *)addr) >> TARGET_PAGE_BITS] = 1;
-#else
-    phys_ram_dirty[(addr - (unsigned long)phys_ram_base) >> TARGET_PAGE_BITS] = 1;
-#endif
     addr &= TARGET_PAGE_MASK;
     i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
     tlb_set_dirty1(&env->tlb_write[0][i], addr);
     tlb_set_dirty1(&env->tlb_write[1][i], addr);
+    tlb_set_dirty1(&env->tlb_table[0][i], addr);
+    tlb_set_dirty1(&env->tlb_table[1][i], addr);
+}
 …
    (can only happen in non SOFTMMU mode for I/O pages or pages
    conflicting with the host address space). */
 int tlb_set_page(CPUState *env, target_ulong vaddr,
                  target_phys_addr_t paddr, int prot,
                  int is_user, int is_softmmu)
+int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
+                      target_phys_addr_t paddr, int prot,
+                      int is_user, int is_softmmu)
+{
     PhysPageDesc *p;
     unsigned long pd;
-    TranslationBlock *first_tb;
     unsigned int index;
     target_ulong address;
     unsigned long addend;
+    target_phys_addr_t addend;
     int ret;
+    CPUTLBEntry *te;
     p = phys_page_find(paddr >> TARGET_PAGE_BITS);
-    first_tb = NULL;
     if (!p) {
         pd = IO_MEM_UNASSIGNED;
     } else {
-        PageDesc *p1;
         pd = p->phys_offset;
-        if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM) {
-            /* NOTE: we also allocate the page at this stage */
-            p1 = page_find_alloc(pd >> TARGET_PAGE_BITS);
-            first_tb = p1->first_tb;
+        }
+    }
 #if defined(DEBUG_TLB)
     printf("tlb_set_page: vaddr=0x%08x paddr=0x%08x prot=%x u=%d c=%d smmu=%d pd=0x%08x\n",
            vaddr, paddr, prot, is_user, (first_tb != NULL), is_softmmu, pd);
+    printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x%08x prot=%x u=%d smmu=%d pd=0x%08lx\n",
+           vaddr, (int)paddr, prot, is_user, is_softmmu, pd);
 #endif
 …
 #endif
+    {
         if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM) {
+        if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
             /* IO memory case */
             address = vaddr | pd;
 …
             /* standard memory */
             address = vaddr;
+#ifdef VBOX
+#if defined(VBOX) && defined(REM_PHYS_ADDR_IN_TLB)
+            addend = pd & TARGET_PAGE_MASK;
+#elif !defined(VBOX) || !defined(PGM_DYNAMIC_RAM_ALLOC)
+            addend = (unsigned long)phys_ram_base + (pd & TARGET_PAGE_MASK);
+#else
             addend = (unsigned long)remR3GCPhys2HCVirt(env, pd & TARGET_PAGE_MASK);
+#else
+            addend = (unsigned long)phys_ram_base + (pd & TARGET_PAGE_MASK);
+#endif
+#endif
+        }
         index = (vaddr >> 12) & (CPU_TLB_SIZE - 1);
+        index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
         addend -= vaddr;
+        te = &env->tlb_table[is_user][index];
+        te->addend = addend;
         if (prot & PAGE_READ) {
+            env->tlb_read[is_user][index].address = address;
+            env->tlb_read[is_user][index].addend = addend;
+            te->addr_read = address;
         } else {
+            env->tlb_read[is_user][index].address = -1;
+            env->tlb_read[is_user][index].addend = -1;
+            te->addr_read = -1;
+        }
+        if (prot & PAGE_EXEC) {
+            te->addr_code = address;
+        } else {
+            te->addr_code = -1;
+        }
         if (prot & PAGE_WRITE) {
+            if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM) {
+                /* ROM: access is ignored (same as unassigned) */
+                env->tlb_write[is_user][index].address = vaddr | IO_MEM_ROM;
+                env->tlb_write[is_user][index].addend = addend;
+            } else
+                /* XXX: the PowerPC code seems not ready to handle
+                   self modifying code with DCBI */
+#if defined(TARGET_HAS_SMC) || 1
+            if (first_tb) {
+                /* if code is present, we use a specific memory
+                   handler. It works only for physical memory access */
+                env->tlb_write[is_user][index].address = vaddr | IO_MEM_CODE;
+                env->tlb_write[is_user][index].addend = addend;
+            } else
+#endif
+            if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
+            if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM ||
+                (pd & IO_MEM_ROMD)) {
+                /* write access calls the I/O callback */
+                te->addr_write = vaddr |
+                    (pd & ~(TARGET_PAGE_MASK | IO_MEM_ROMD));
+            } else if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
                        !cpu_physical_memory_is_dirty(pd)) {
+                env->tlb_write[is_user][index].address = vaddr | IO_MEM_NOTDIRTY;
+                env->tlb_write[is_user][index].addend = addend;
+                te->addr_write = vaddr | IO_MEM_NOTDIRTY;
             } else {
+                env->tlb_write[is_user][index].address = address;
+                env->tlb_write[is_user][index].addend = addend;
+                te->addr_write = address;
+            }
         } else {
+            env->tlb_write[is_user][index].address = -1;
+            env->tlb_write[is_user][index].addend = -1;
+            te->addr_write = -1;
+        }
 #ifdef VBOX
         /* inform raw mode about TLB page change */
+        remR3SetPage(env, &env->tlb_read[is_user][index], &env->tlb_write[is_user][index], prot, is_user);
+        /** @todo double check and fix this interface. OLD: remR3SetPage(env, &env->tlb_read[is_user][index], &env->tlb_write[is_user][index], prot, is_user); */
+        remR3SetPage(env, te, te, prot, is_user);
 #endif
+    }
 …
                         VirtPageDesc *vp;
                         vp = virt_page_find_alloc(vaddr >> TARGET_PAGE_BITS);
+                        vp = virt_page_find_alloc(vaddr >> TARGET_PAGE_BITS, 1);
                         vp->phys_addr = pd;
                         vp->prot = prot;
 …
 /* called from signal handler: invalidate the code and unprotect the
    page. Return TRUE if the fault was succesfully handled. */
 int page_unprotect(unsigned long addr, unsigned long pc, void *puc)
+int page_unprotect(target_ulong addr, unsigned long pc, void *puc)
+{
 #if !defined(CONFIG_SOFTMMU)
 …
                   (unsigned long)addr, vp->prot);
     /* set the dirty bit */
     phys_ram_dirty[vp->phys_addr >> TARGET_PAGE_BITS] = 1;
+    phys_ram_dirty[vp->phys_addr >> TARGET_PAGE_BITS] = 0xff;
     /* flush the code inside */
     tb_invalidate_phys_page(vp->phys_addr, pc, puc);
 …
+}
 int tlb_set_page(CPUState *env, target_ulong vaddr,
                  target_phys_addr_t paddr, int prot,
                  int is_user, int is_softmmu)
+int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
+                      target_phys_addr_t paddr, int prot,
+                      int is_user, int is_softmmu)
+{
     return 0;
 …
 #endif /* !VBOX */
 int page_get_flags(unsigned long address)
+int page_get_flags(target_ulong address)
+{
     PageDesc *p;
 …
    necessary. The flag PAGE_WRITE_ORG is positionned automatically
    depending on PAGE_WRITE */
 void page_set_flags(unsigned long start, unsigned long end, int flags)
+void page_set_flags(target_ulong start, target_ulong end, int flags)
+{
     PageDesc *p;
     unsigned long addr;
+    target_ulong addr;
     start = start & TARGET_PAGE_MASK;
 …
     if (flags & PAGE_WRITE)
         flags |= PAGE_WRITE_ORG;
 #if defined(VBOX)
+#ifdef VBOX
     AssertMsgFailed(("We shouldn't be here, and if we should, we must have an env to do the proper locking!\n"));
 #endif
 …
 /* called from signal handler: invalidate the code and unprotect the
    page. Return TRUE if the fault was succesfully handled. */
 int page_unprotect(unsigned long address, unsigned long pc, void *puc)
+int page_unprotect(target_ulong address, unsigned long pc, void *puc)
+{
     unsigned int page_index, prot, pindex;
     PageDesc *p, *p1;
     unsigned long host_start, host_end, addr;
+    target_ulong host_start, host_end, addr;
     host_start = address & qemu_host_page_mask;
 …
         pindex = (address - host_start) >> TARGET_PAGE_BITS;
         if (!(p1[pindex].flags & PAGE_WRITE)) {
             mprotect((void *)host_start, qemu_host_page_size,
+            mprotect((void *)g2h(host_start), qemu_host_page_size,
                      (prot & PAGE_BITS) | PAGE_WRITE);
             p1[pindex].flags |= PAGE_WRITE;
 …
 /* call this function when system calls directly modify a memory area */
+void page_unprotect_range(uint8_t *data, unsigned long data_size)
+{
+    unsigned long start, end, addr;
+    start = (unsigned long)data;
+/* ??? This should be redundant now we have lock_user.  */
+void page_unprotect_range(target_ulong data, target_ulong data_size)
+{
+    target_ulong start, end, addr;
+    start = data;
     end = start + data_size;
     start &= TARGET_PAGE_MASK;
 …
+}
+static inline void tlb_set_dirty(unsigned long addr, target_ulong vaddr)
+static inline void tlb_set_dirty(CPUState *env,
+                                 unsigned long addr, target_ulong vaddr)
+{
+}
 …
                                   unsigned long phys_offset)
+{
     unsigned long addr, end_addr;
+    target_phys_addr_t addr, end_addr;
     PhysPageDesc *p;
+    CPUState *env;
     size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
     end_addr = start_addr + size;
     for(addr = start_addr; addr != end_addr; addr += TARGET_PAGE_SIZE) {
         p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS);
+        p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
         p->phys_offset = phys_offset;
+#ifdef VBOX
+#if !defined(VBOX) || !defined(PGM_DYNAMIC_RAM_ALLOC)
+        if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
+            (phys_offset & IO_MEM_ROMD))
+#else
         if (   (phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM
+            || (phys_offset & IO_MEM_ROMD)
             || (phys_offset & ~TARGET_PAGE_MASK) == IO_MEM_RAM_MISSING)
+#else
+        if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM)
+#endif
+#endif
             phys_offset += TARGET_PAGE_SIZE;
+    }
+    /* since each CPU stores ram addresses in its TLB cache, we must
+       reset the modified entries */
+    /* XXX: slow ! */
+    for(env = first_cpu; env != NULL; env = env->next_cpu) {
+        tlb_flush(env, 1);
+    }
+}
+/* XXX: temporary until new memory mapping API */
+uint32_t cpu_get_physical_page_desc(target_phys_addr_t addr)
+{
+    PhysPageDesc *p;
+    p = phys_page_find(addr >> TARGET_PAGE_BITS);
+    if (!p)
+        return IO_MEM_UNASSIGNED;
+    return p->phys_offset;
+}
 static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
+{
+#ifdef DEBUG_UNASSIGNED
+    printf("Unassigned mem read  0x%08x\n", (int)addr);
+#endif
     return 0;
+}
 …
 static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
+{
+#ifdef DEBUG_UNASSIGNED
+    printf("Unassigned mem write 0x%08x = 0x%x\n", (int)addr, val);
+#endif
+}
 …
 };
+/* self modifying code support in soft mmu mode : writing to a page
+   containing code comes to these functions */
+static void code_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
+{
+    unsigned long phys_addr;
+static void notdirty_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
+{
+    unsigned long ram_addr;
+    int dirty_flags;
+#if defined(VBOX) && defined(REM_PHYS_ADDR_IN_TLB)
+    ram_addr = addr;
+#elif !defined(VBOX) || !defined(PGM_DYNAMIC_RAM_ALLOC)
+    ram_addr = addr - (unsigned long)phys_ram_base;
+#else
+    ram_addr = remR3HCVirt2GCPhys(first_cpu, (void *)addr);
+#endif
 #ifdef VBOX
+    phys_addr = remR3HCVirt2GCPhys(cpu_single_env, (void *)addr);
+#else
+    phys_addr = addr - (unsigned long)phys_ram_base;
+#endif
+    if (RT_UNLIKELY((ram_addr >> TARGET_PAGE_BITS) >= phys_ram_dirty_size))
+        dirty_flags = 0xff;
+    else
+#endif /* VBOX */
+    dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
+    if (!(dirty_flags & CODE_DIRTY_FLAG)) {
 #if !defined(CONFIG_USER_ONLY)
+    tb_invalidate_phys_page_fast(phys_addr, 1);
+#endif
+        tb_invalidate_phys_page_fast(ram_addr, 1);
+# ifdef VBOX
+        if (RT_UNLIKELY((ram_addr >> TARGET_PAGE_BITS) >= phys_ram_dirty_size))
+            dirty_flags = 0xff;
+        else
+# endif /* VBOX */
+        dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
+#endif
+    }
     stb_p((uint8_t *)(long)addr, val);
+    phys_ram_dirty[phys_addr >> TARGET_PAGE_BITS] = 1;
+}
+static void code_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
+{
+    unsigned long phys_addr;
+#ifdef USE_KQEMU
+    if (cpu_single_env->kqemu_enabled &&
+        (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
+        kqemu_modify_page(cpu_single_env, ram_addr);
+#endif
+    dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
 #ifdef VBOX
+    phys_addr = remR3HCVirt2GCPhys(cpu_single_env, (void *)addr);
+#else
+    phys_addr = addr - (unsigned long)phys_ram_base;
+#endif
+    if (RT_LIKELY((ram_addr >> TARGET_PAGE_BITS) < phys_ram_dirty_size))
+#endif /* !VBOX */
+    phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
+    /* we remove the notdirty callback only if the code has been
+       flushed */
+    if (dirty_flags == 0xff)
+        tlb_set_dirty(cpu_single_env, addr, cpu_single_env->mem_write_vaddr);
+}
+static void notdirty_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
+{
+    unsigned long ram_addr;
+    int dirty_flags;
+#if defined(VBOX) && defined(REM_PHYS_ADDR_IN_TLB)
+    ram_addr = addr;
+#elif !defined(VBOX) || !defined(PGM_DYNAMIC_RAM_ALLOC)
+    ram_addr = addr - (unsigned long)phys_ram_base;
+#else
+    ram_addr = remR3HCVirt2GCPhys(first_cpu, (void *)addr);
+#endif
+#ifdef VBOX
+    if (RT_UNLIKELY((ram_addr >> TARGET_PAGE_BITS) >= phys_ram_dirty_size))
+        dirty_flags = 0xff;
+    else
+#endif /* VBOX */
+    dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
+    if (!(dirty_flags & CODE_DIRTY_FLAG)) {
 #if !defined(CONFIG_USER_ONLY)
+    tb_invalidate_phys_page_fast(phys_addr, 2);
+#endif
+        tb_invalidate_phys_page_fast(ram_addr, 2);
+# ifdef VBOX
+        if (RT_UNLIKELY((ram_addr >> TARGET_PAGE_BITS) >= phys_ram_dirty_size))
+            dirty_flags = 0xff;
+        else
+# endif /* VBOX */
+        dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
+#endif
+    }
     stw_p((uint8_t *)(long)addr, val);
+    phys_ram_dirty[phys_addr >> TARGET_PAGE_BITS] = 1;
+}
+static void code_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
+{
+    unsigned long phys_addr;
+#ifdef USE_KQEMU
+    if (cpu_single_env->kqemu_enabled &&
+        (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
+        kqemu_modify_page(cpu_single_env, ram_addr);
+#endif
+    dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
 #ifdef VBOX
+    phys_addr = remR3HCVirt2GCPhys(cpu_single_env, (void *)addr);
+#else
+    phys_addr = addr - (unsigned long)phys_ram_base;
+#endif
+    if (RT_LIKELY((ram_addr >> TARGET_PAGE_BITS) < phys_ram_dirty_size))
+#endif
+    phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
+    /* we remove the notdirty callback only if the code has been
+       flushed */
+    if (dirty_flags == 0xff)
+        tlb_set_dirty(cpu_single_env, addr, cpu_single_env->mem_write_vaddr);
+}
+static void notdirty_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
+{
+    unsigned long ram_addr;
+    int dirty_flags;
+#if defined(VBOX) && defined(REM_PHYS_ADDR_IN_TLB)
+    ram_addr = addr;
+#elif !defined(VBOX) || !defined(PGM_DYNAMIC_RAM_ALLOC)
+    ram_addr = addr - (unsigned long)phys_ram_base;
+#else
+    ram_addr = remR3HCVirt2GCPhys(first_cpu, (void *)addr);
+#endif
+#ifdef VBOX
+    if (RT_UNLIKELY((ram_addr >> TARGET_PAGE_BITS) >= phys_ram_dirty_size))
+        dirty_flags = 0xff;
+    else
+#endif /* VBOX */
+    dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
+    if (!(dirty_flags & CODE_DIRTY_FLAG)) {
 #if !defined(CONFIG_USER_ONLY)
+    tb_invalidate_phys_page_fast(phys_addr, 4);
+#endif
+        tb_invalidate_phys_page_fast(ram_addr, 4);
+# ifdef VBOX
+        if (RT_UNLIKELY((ram_addr >> TARGET_PAGE_BITS) >= phys_ram_dirty_size))
+            dirty_flags = 0xff;
+        else
+# endif /* VBOX */
+        dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
+#endif
+    }
     stl_p((uint8_t *)(long)addr, val);
+    phys_ram_dirty[phys_addr >> TARGET_PAGE_BITS] = 1;
+}
+static CPUReadMemoryFunc *code_mem_read[3] = {
+#ifdef USE_KQEMU
+    if (cpu_single_env->kqemu_enabled &&
+        (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
+        kqemu_modify_page(cpu_single_env, ram_addr);
+#endif
+    dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
+#ifdef VBOX
+    if (RT_LIKELY((ram_addr >> TARGET_PAGE_BITS) < phys_ram_dirty_size))
+#endif
+    phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
+    /* we remove the notdirty callback only if the code has been
+       flushed */
+    if (dirty_flags == 0xff)
+        tlb_set_dirty(cpu_single_env, addr, cpu_single_env->mem_write_vaddr);
+}
+static CPUReadMemoryFunc *error_mem_read[3] = {
     NULL, /* never used */
     NULL, /* never used */
     NULL, /* never used */
 };
-static CPUWriteMemoryFunc *code_mem_write[3] = {
-    code_mem_writeb,
-    code_mem_writew,
-    code_mem_writel,
-};
-static void notdirty_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
+{
-    stb_p((uint8_t *)(long)addr, val);
-    tlb_set_dirty(addr, cpu_single_env->mem_write_vaddr);
+}
-static void notdirty_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
+{
-    stw_p((uint8_t *)(long)addr, val);
-    tlb_set_dirty(addr, cpu_single_env->mem_write_vaddr);
+}
-static void notdirty_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
+{
-    stl_p((uint8_t *)(long)addr, val);
-    tlb_set_dirty(addr, cpu_single_env->mem_write_vaddr);
+}
 static CPUWriteMemoryFunc *notdirty_mem_write[3] = {
 …
 static void io_mem_init(void)
+{
     cpu_register_io_memory(IO_MEM_ROM >> IO_MEM_SHIFT, code_mem_read, unassigned_mem_write, NULL);
+    cpu_register_io_memory(IO_MEM_ROM >> IO_MEM_SHIFT, error_mem_read, unassigned_mem_write, NULL);
     cpu_register_io_memory(IO_MEM_UNASSIGNED >> IO_MEM_SHIFT, unassigned_mem_read, unassigned_mem_write, NULL);
+    cpu_register_io_memory(IO_MEM_CODE >> IO_MEM_SHIFT, code_mem_read, code_mem_write, NULL);
+    cpu_register_io_memory(IO_MEM_NOTDIRTY >> IO_MEM_SHIFT, code_mem_read, notdirty_mem_write, NULL);
+#ifdef VBOX
+    cpu_register_io_memory(IO_MEM_NOTDIRTY >> IO_MEM_SHIFT, error_mem_read, notdirty_mem_write, NULL);
+#if defined(VBOX) && defined(PGM_DYNAMIC_RAM_ALLOC)
     cpu_register_io_memory(IO_MEM_RAM_MISSING >> IO_MEM_SHIFT, unassigned_mem_read, unassigned_mem_write, NULL);
     io_mem_nb = 6;
 …
 #endif
 #if !defined(VBOX) /* VBOX: we do this later when the RAM is allocated. */
+#ifndef VBOX /* VBOX: we do this later when the RAM is allocated. */
     /* alloc dirty bits array */
+    phys_ram_dirty = qemu_malloc(phys_ram_size >> TARGET_PAGE_BITS);
+    phys_ram_dirty = qemu_vmalloc(phys_ram_size >> TARGET_PAGE_BITS);
+    memset(phys_ram_dirty, 0xff, phys_ram_size >> TARGET_PAGE_BITS);
 #endif /* !VBOX */
+}
 …
     if (io_index <= 0) {
         if (io_index >= IO_MEM_NB_ENTRIES)
+        if (io_mem_nb >= IO_MEM_NB_ENTRIES)
             return -1;
         io_index = io_mem_nb++;
 …
             return -1;
+    }
     for(i = 0;i < 3; i++) {
         io_mem_read[io_index][i] = mem_read[i];
 …
     int l, flags;
     target_ulong page;
+    void * p;
     while (len > 0) {
 …
             if (!(flags & PAGE_WRITE))
                 return;
+            memcpy((uint8_t *)addr, buf, len);
+            p = lock_user(addr, len, 0);
+            memcpy(p, buf, len);
+            unlock_user(p, addr, len);
         } else {
             if (!(flags & PAGE_READ))
                 return;
+            memcpy(buf, (uint8_t *)addr, len);
+            p = lock_user(addr, len, 1);
+            memcpy(buf, p, len);
+            unlock_user(p, addr, 0);
+        }
         len -= l;
 …
         addr += l;
+    }
+}
-/* never used */
-uint32_t ldl_phys(target_phys_addr_t addr)
+{
-    return 0;
+}
-void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
+{
+}
-void stl_phys(target_phys_addr_t addr, uint32_t val)
+{
+}
 …
         if (is_write) {
             if ((pd & ~TARGET_PAGE_MASK) != 0) {
+            if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
                 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
+                /* XXX: could force cpu_single_env to NULL to avoid
+                   potential bugs */
                 if (l >= 4 && ((addr & 3) == 0)) {
+                    /* 32 bit read access */
+                    /* 32 bit write access */
+#if !defined(VBOX) || !defined(REM_PHYS_ADDR_IN_TLB)
                     val = ldl_p(buf);
+#else
+                    val = *(const uint32_t *)buf;
+#endif
                     io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
                     l = 4;
                 } else if (l >= 2 && ((addr & 1) == 0)) {
+                    /* 16 bit read access */
+                    /* 16 bit write access */
+#if !defined(VBOX) || !defined(REM_PHYS_ADDR_IN_TLB)
                     val = lduw_p(buf);
+#else
+                    val = *(const uint16_t *)buf;
+#endif
                     io_mem_write[io_index][1](io_mem_opaque[io_index], addr, val);
                     l = 2;
                 } else {
+                    /* 8 bit access */
+                    /* 8 bit write access */
+#if !defined(VBOX) || !defined(REM_PHYS_ADDR_IN_TLB)
                     val = ldub_p(buf);
+#else
+                    val = *(const uint8_t *)buf;
+#endif
                     io_mem_write[io_index][0](io_mem_opaque[io_index], addr, val);
                     l = 1;
 …
                 /* RAM case */
 #ifdef VBOX
+                ptr = remR3GCPhys2HCVirt(cpu_single_env, addr1);;
+                remR3PhysWriteBytes(ptr, buf, l);
+                remR3PhysWrite(addr1, buf, l); NOREF(ptr);
 #else
                 ptr = phys_ram_base + addr1;
                 memcpy(ptr, buf, l);
 #endif
+                /* invalidate code */
+                tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
+                /* set dirty bit */
+                phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] = 1;
+                if (!cpu_physical_memory_is_dirty(addr1)) {
+                    /* invalidate code */
+                    tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
+                    /* set dirty bit */
+#ifdef VBOX
+                    if (RT_LIKELY((addr1 >> TARGET_PAGE_BITS) < phys_ram_dirty_size))
+#endif
+                    phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
+                        (0xff & ~CODE_DIRTY_FLAG);
+                }
+            }
         } else {
             if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
                 (pd & ~TARGET_PAGE_MASK) != IO_MEM_CODE) {
+            if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
+                !(pd & IO_MEM_ROMD)) {
                 /* I/O case */
                 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
 …
                     /* 32 bit read access */
                     val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
+#if !defined(VBOX) || !defined(REM_PHYS_ADDR_IN_TLB)
                     stl_p(buf, val);
+#else
+                    *(uint32_t *)buf = val;
+#endif
                     l = 4;
                 } else if (l >= 2 && ((addr & 1) == 0)) {
                     /* 16 bit read access */
                     val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr);
+#if !defined(VBOX) || !defined(REM_PHYS_ADDR_IN_TLB)
                     stw_p(buf, val);
+#else
+                    *(uint16_t *)buf = val;
+#endif
                     l = 2;
                 } else {
                     /* 8 bit access */
+                    /* 8 bit read access */
                     val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr);
+#if !defined(VBOX) || !defined(REM_PHYS_ADDR_IN_TLB)
                     stb_p(buf, val);
+#else
+                    *(uint8_t *)buf = val;
+#endif
                     l = 1;
+                }
 …
                 /* RAM case */
 #ifdef VBOX
+                ptr = remR3GCPhys2HCVirt(cpu_single_env, (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK));
+                remR3PhysReadBytes(ptr, buf, l);
+                remR3PhysRead((pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK), buf, l); NOREF(ptr);
 #else
                 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
 …
+    }
+}
+#ifndef VBOX
+/* used for ROM loading : can write in RAM and ROM */
+void cpu_physical_memory_write_rom(target_phys_addr_t addr,
+                                   const uint8_t *buf, int len)
+{
+    int l;
+    uint8_t *ptr;
+    target_phys_addr_t page;
+    unsigned long pd;
+    PhysPageDesc *p;
+    while (len > 0) {
+        page = addr & TARGET_PAGE_MASK;
+        l = (page + TARGET_PAGE_SIZE) - addr;
+        if (l > len)
+            l = len;
+        p = phys_page_find(page >> TARGET_PAGE_BITS);
+        if (!p) {
+            pd = IO_MEM_UNASSIGNED;
+        } else {
+            pd = p->phys_offset;
+        }
+        if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM &&
+            (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM &&
+            !(pd & IO_MEM_ROMD)) {
+            /* do nothing */
+        } else {
+            unsigned long addr1;
+            addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
+            /* ROM/RAM case */
+            ptr = phys_ram_base + addr1;
+            memcpy(ptr, buf, l);
+        }
+        len -= l;
+        buf += l;
+        addr += l;
+    }
+}
+#endif /* !VBOX */
 /* warning: addr must be aligned */
 …
+    }
     if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
         (pd & ~TARGET_PAGE_MASK) != IO_MEM_CODE) {
+    if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
+        !(pd & IO_MEM_ROMD)) {
         /* I/O case */
         io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
 …
     } else {
         /* RAM case */
+#ifdef VBOX
+        ptr = remR3GCPhys2HCVirt(cpu_single_env, (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK));
+#else
+#ifndef VBOX
         ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
             (addr & ~TARGET_PAGE_MASK);
-#endif
         val = ldl_p(ptr);
+#else
+        val = remR3PhysReadU32((pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK)); NOREF(ptr);
+#endif
+    }
     return val;
+}
+/* warning: addr must be aligned. The ram page is not masked as dirty
+   and the code inside is not invalidated. It is useful if the dirty
+   bits are used to track modified PTEs */
+void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
+/* warning: addr must be aligned */
+uint64_t ldq_phys(target_phys_addr_t addr)
+{
     int io_index;
     uint8_t *ptr;
+    uint64_t val;
     unsigned long pd;
     PhysPageDesc *p;
 …
+    }
+    if ((pd & ~TARGET_PAGE_MASK) != 0) {
+    if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
+        !(pd & IO_MEM_ROMD)) {
+        /* I/O case */
         io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
+        io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
+#ifdef TARGET_WORDS_BIGENDIAN
+        val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32;
+        val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4);
+#else
+        val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
+        val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32;
+#endif
     } else {
+#ifdef VBOX
+        ptr = remR3GCPhys2HCVirt(cpu_single_env, (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK));
+#else
+        /* RAM case */
+#ifndef VBOX
         ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
             (addr & ~TARGET_PAGE_MASK);
+#endif
+        stl_p(ptr, val);
+    }
+}
+/* warning: addr must be aligned */
+/* XXX: optimize code invalidation test */
+void stl_phys(target_phys_addr_t addr, uint32_t val)
+        val = ldq_p(ptr);
+#else
+        val = remR3PhysReadU64((pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK)); NOREF(ptr);
+#endif
+    }
+    return val;
+}
+/* XXX: optimize */
+uint32_t ldub_phys(target_phys_addr_t addr)
+{
+    uint8_t val;
+    cpu_physical_memory_read(addr, &val, 1);
+    return val;
+}
+/* XXX: optimize */
+uint32_t lduw_phys(target_phys_addr_t addr)
+{
+    uint16_t val;
+    cpu_physical_memory_read(addr, (uint8_t *)&val, 2);
+    return tswap16(val);
+}
+/* warning: addr must be aligned. The ram page is not masked as dirty
+   and the code inside is not invalidated. It is useful if the dirty
+   bits are used to track modified PTEs */
+void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
+{
     int io_index;
 …
+    }
+    if ((pd & ~TARGET_PAGE_MASK) != 0) {
+    if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
+        io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
+        io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
+    } else {
+#ifndef VBOX
+        ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
+            (addr & ~TARGET_PAGE_MASK);
+        stl_p(ptr, val);
+#else
+        remR3PhysWriteU32((pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK), val); NOREF(ptr);
+#endif
+    }
+}
+/* warning: addr must be aligned */
+void stl_phys(target_phys_addr_t addr, uint32_t val)
+{
+    int io_index;
+    uint8_t *ptr;
+    unsigned long pd;
+    PhysPageDesc *p;
+    p = phys_page_find(addr >> TARGET_PAGE_BITS);
+    if (!p) {
+        pd = IO_MEM_UNASSIGNED;
+    } else {
+        pd = p->phys_offset;
+    }
+    if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
         io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
         io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
 …
         addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
         /* RAM case */
+#ifndef VBOX
+        ptr = phys_ram_base + addr1;
+        stl_p(ptr, val);
+#else
+        remR3PhysWriteU32((pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK), val); NOREF(ptr);
+#endif
+        if (!cpu_physical_memory_is_dirty(addr1)) {
+            /* invalidate code */
+            tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
+            /* set dirty bit */
 #ifdef VBOX
+        ptr = remR3GCPhys2HCVirt(cpu_single_env, addr1);
+#else
+        ptr = phys_ram_base + addr1;
+#endif
+        stl_p(ptr, val);
+        /* invalidate code */
+        tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
+        /* set dirty bit */
+        phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] = 1;
+    }
+}
+#endif
+            if (RT_LIKELY((addr1 >> TARGET_PAGE_BITS) < phys_ram_dirty_size))
+#endif
+            phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
+                (0xff & ~CODE_DIRTY_FLAG);
+        }
+    }
+}
+/* XXX: optimize */
+void stb_phys(target_phys_addr_t addr, uint32_t val)
+{
+    uint8_t v = val;
+    cpu_physical_memory_write(addr, &v, 1);
+}
+/* XXX: optimize */
+void stw_phys(target_phys_addr_t addr, uint32_t val)
+{
+    uint16_t v = tswap16(val);
+    cpu_physical_memory_write(addr, (const uint8_t *)&v, 2);
+}
+/* XXX: optimize */
+void stq_phys(target_phys_addr_t addr, uint64_t val)
+{
+    val = tswap64(val);
+    cpu_physical_memory_write(addr, (const uint8_t *)&val, 8);
+}
+#endif
+#ifndef VBOX
 /* virtual memory access for debug */
 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
 …
+}
-#ifndef VBOX
 void dump_exec_info(FILE *f,
                     int (*cpu_fprintf)(FILE *f, const char *fmt, ...))

trunk/src/recompiler/osdep.h

-              r1
+              r2422
 #define QEMU_OSDEP_H
 #if defined(VBOX)
+#ifdef VBOX
 #include <iprt/alloc.h>
+#include <iprt/stdarg.h>
 #include <iprt/string.h>
+#define qemu_vsnprintf(pszBuf, cchBuf, pszFormat, args) \
+                            RTStrPrintfV((pszBuf), (cchBuf), (pszFormat), (args))
+#define qemu_snprintf(pszBuf, cbBuf, ...) RTStrPrintf((pszBuf), (cbBuf), __VA_ARGS__)
+#define qemu_vsnprintf(pszBuf, cbBuf, pszFormat, args) \
+                            RTStrPrintfV((pszBuf), (cbBuf), (pszFormat), (args))
 #define qemu_vprintf(pszFormat, args) \
                             RTLogPrintfV((pszFormat), (args))
 …
 #define qemu_strdup(psz)    RTStrDup(psz)
+#define qemu_vmalloc(cb)    RTMemPageAlloc(cb)
+#define qemu_vfree(pv)      RTMemPageFree(pv)
+#ifndef NULL
+# define NULL 0
+#endif
 #else /* !VBOX */
 …
 #include <stdarg.h>
+int qemu_vsnprintf(char *buf, int buflen, const char *fmt, va_list args);
+void qemu_vprintf(const char *fmt, va_list ap);
+void qemu_printf(const char *fmt, ...);
+#define qemu_snprintf snprintf   /* bird */
+#define qemu_vsnprintf vsnprintf /* bird */
+#define qemu_vprintf vprintf     /* bird */
+#define qemu_printf printf
 void *qemu_malloc(size_t size);
 …
 char *qemu_strdup(const char *str);
+void *qemu_vmalloc(size_t size);
+void qemu_vfree(void *ptr);
 void *get_mmap_addr(unsigned long size);
-/* specific kludges for OS compatibility (should be moved elsewhere) */
-#if defined(__i386__) && !defined(CONFIG_SOFTMMU) && !defined(CONFIG_USER_ONLY)
-/* disabled pthread version of longjmp which prevent us from using an
-   alternative signal stack */
-extern void __longjmp(jmp_buf env, int val);
-#define longjmp __longjmp
-#include <signal.h>
-/* NOTE: it works only because the glibc sigset_t is >= kernel sigset_t */
-struct qemu_sigaction {
-    union {
-        void (*_sa_handler)(int);
-        void (*_sa_sigaction)(int, struct siginfo *, void *);
-    } _u;
-    unsigned long sa_flags;
-    void (*sa_restorer)(void);
-    sigset_t sa_mask;           /* mask last for extensibility */
-};
-int qemu_sigaction(int signum, const struct qemu_sigaction *act,
-                   struct qemu_sigaction *oldact);
-#undef sigaction
-#undef sa_handler
-#undef sa_sigaction
-#define sigaction qemu_sigaction
-#define sa_handler      _u._sa_handler
-#define sa_sigaction    _u._sa_sigaction
-#endif
 #endif /* !VBOX */

trunk/src/recompiler/softmmu_header.h

-              r1
+              r2422
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 #if DATA_SIZE == 8
 #define SUFFIX q
 …
 #elif defined (TARGET_PPC)
 #define CPU_MEM_INDEX (msr_pr)
+#elif defined (TARGET_MIPS)
+#define CPU_MEM_INDEX ((env->hflags & MIPS_HFLAG_MODE) == MIPS_HFLAG_UM)
 #elif defined (TARGET_SPARC)
 #define CPU_MEM_INDEX ((env->psrs) == 0)
+#elif defined (TARGET_ARM)
+#define CPU_MEM_INDEX ((env->uncached_cpsr & CPSR_M) == ARM_CPU_MODE_USR)
+#elif defined (TARGET_SH4)
+#define CPU_MEM_INDEX ((env->sr & SR_MD) == 0)
+#else
+#error unsupported CPU
 #endif
 #define MMUSUFFIX _mmu
 …
 #elif defined (TARGET_PPC)
 #define CPU_MEM_INDEX (msr_pr)
+#elif defined (TARGET_MIPS)
+#define CPU_MEM_INDEX ((env->hflags & MIPS_HFLAG_MODE) == MIPS_HFLAG_UM)
 #elif defined (TARGET_SPARC)
 #define CPU_MEM_INDEX ((env->psrs) == 0)
+#elif defined (TARGET_ARM)
+#define CPU_MEM_INDEX ((env->uncached_cpsr & CPSR_M) == ARM_CPU_MODE_USR)
+#elif defined (TARGET_SH4)
+#define CPU_MEM_INDEX ((env->sr & SR_MD) == 0)
+#else
+#error unsupported CPU
 #endif
 #define MMUSUFFIX _cmmu
 …
 #endif
+#if ACCESS_TYPE == 3
+#define ADDR_READ addr_code
+#else
+#define ADDR_READ addr_read
+#endif
 DATA_TYPE REGPARM(1) glue(glue(__ld, SUFFIX), MMUSUFFIX)(target_ulong addr,
 …
 #if (DATA_SIZE <= 4) && (TARGET_LONG_BITS == 32) && defined(__i386__) && \
+    (ACCESS_TYPE <= 1) && defined(ASM_SOFTMMU)
+    (ACCESS_TYPE <= 1) && defined(ASM_SOFTMMU) && (!defined(VBOX) || !defined(REM_PHYS_ADDR_IN_TLB))
+#define CPU_TLB_ENTRY_BITS 4
 static inline RES_TYPE glue(glue(ld, USUFFIX), MEMSUFFIX)(target_ulong ptr)
 …
                   "jmp 2f\n"
                   "1:\n"
                   "addl 4(%%edx), %%eax\n"
+                  "addl 12(%%edx), %%eax\n"
 #if DATA_SIZE == 1
                   "movzbl (%%eax), %0\n"
 …
                   : "=r" (res)
                   : "r" (ptr),
                   "i" ((CPU_TLB_SIZE - 1) << 3),
                   "i" (TARGET_PAGE_BITS - 3),
+                  "i" ((CPU_TLB_SIZE - 1) << CPU_TLB_ENTRY_BITS),
+                  "i" (TARGET_PAGE_BITS - CPU_TLB_ENTRY_BITS),
                   "i" (TARGET_PAGE_MASK | (DATA_SIZE - 1)),
                   "m" (*(uint32_t *)offsetof(CPUState, tlb_read[CPU_MEM_INDEX][0].address)),
+                  "m" (*(uint32_t *)offsetof(CPUState, tlb_table[CPU_MEM_INDEX][0].addr_read)),
                   "i" (CPU_MEM_INDEX),
                   "m" (*(uint8_t *)&glue(glue(__ld, SUFFIX), MMUSUFFIX))
 …
                   "jmp 2f\n"
                   "1:\n"
                   "addl 4(%%edx), %%eax\n"
+                  "addl 12(%%edx), %%eax\n"
 #if DATA_SIZE == 1
                   "movsbl (%%eax), %0\n"
 …
                   : "=r" (res)
                   : "r" (ptr),
                   "i" ((CPU_TLB_SIZE - 1) << 3),
                   "i" (TARGET_PAGE_BITS - 3),
+                  "i" ((CPU_TLB_SIZE - 1) << CPU_TLB_ENTRY_BITS),
+                  "i" (TARGET_PAGE_BITS - CPU_TLB_ENTRY_BITS),
                   "i" (TARGET_PAGE_MASK | (DATA_SIZE - 1)),
                   "m" (*(uint32_t *)offsetof(CPUState, tlb_read[CPU_MEM_INDEX][0].address)),
+                  "m" (*(uint32_t *)offsetof(CPUState, tlb_table[CPU_MEM_INDEX][0].addr_read)),
                   "i" (CPU_MEM_INDEX),
                   "m" (*(uint8_t *)&glue(glue(__ld, SUFFIX), MMUSUFFIX))
 …
     index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
     is_user = CPU_MEM_INDEX;
     if (__builtin_expect(env->tlb_write[is_user][index].address !=
+    if (__builtin_expect(env->tlb_table[is_user][index].addr_write !=
                          (addr & (TARGET_PAGE_MASK | (DATA_SIZE - 1))), 0)) {
         glue(glue(__st, SUFFIX), MMUSUFFIX)(addr, v, is_user);
     } else {
         physaddr = addr + env->tlb_write[is_user][index].addend;
+        physaddr = addr + env->tlb_table[is_user][index].addend;
         glue(glue(st, SUFFIX), _raw)((uint8_t *)physaddr, v);
+    }
+}
 #else
+#else /* !VBOX */
 static inline void glue(glue(st, SUFFIX), MEMSUFFIX)(target_ulong ptr, RES_TYPE v)
 …
                   "jmp 2f\n"
                   "1:\n"
                   "addl 4(%%edx), %%eax\n"
+                  "addl 8(%%edx), %%eax\n"
 #if DATA_SIZE == 1
                   "movb %b1, (%%eax)\n"
 …
    with T1 ! */
                   "r" (v),
                   "i" ((CPU_TLB_SIZE - 1) << 3),
                   "i" (TARGET_PAGE_BITS - 3),
+                  "i" ((CPU_TLB_SIZE - 1) << CPU_TLB_ENTRY_BITS),
+                  "i" (TARGET_PAGE_BITS - CPU_TLB_ENTRY_BITS),
                   "i" (TARGET_PAGE_MASK | (DATA_SIZE - 1)),
                   "m" (*(uint32_t *)offsetof(CPUState, tlb_write[CPU_MEM_INDEX][0].address)),
+                  "m" (*(uint32_t *)offsetof(CPUState, tlb_table[CPU_MEM_INDEX][0].addr_write)),
                   "i" (CPU_MEM_INDEX),
                   "m" (*(uint8_t *)&glue(glue(__st, SUFFIX), MMUSUFFIX))
                   : "%eax", "%ecx", "%edx", "memory", "cc");
+}
 #endif /* VBOX */
+#endif /* !VBOX */
 #else
 …
     index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
     is_user = CPU_MEM_INDEX;
     if (__builtin_expect(env->tlb_read[is_user][index].address !=
+    if (__builtin_expect(env->tlb_table[is_user][index].ADDR_READ !=
                          (addr & (TARGET_PAGE_MASK | (DATA_SIZE - 1))), 0)) {
         res = glue(glue(__ld, SUFFIX), MMUSUFFIX)(addr, is_user);
     } else {
         physaddr = addr + env->tlb_read[is_user][index].addend;
+        physaddr = addr + env->tlb_table[is_user][index].addend;
         res = glue(glue(ld, USUFFIX), _raw)((uint8_t *)physaddr);
+    }
 …
     index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
     is_user = CPU_MEM_INDEX;
     if (__builtin_expect(env->tlb_read[is_user][index].address !=
+    if (__builtin_expect(env->tlb_table[is_user][index].ADDR_READ !=
                          (addr & (TARGET_PAGE_MASK | (DATA_SIZE - 1))), 0)) {
         res = (DATA_STYPE)glue(glue(__ld, SUFFIX), MMUSUFFIX)(addr, is_user);
     } else {
         physaddr = addr + env->tlb_read[is_user][index].addend;
+        physaddr = addr + env->tlb_table[is_user][index].addend;
         res = glue(glue(lds, SUFFIX), _raw)((uint8_t *)physaddr);
+    }
 …
+}
 #endif
+#if ACCESS_TYPE != 3
 /* generic store macro */
 …
     index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
     is_user = CPU_MEM_INDEX;
     if (__builtin_expect(env->tlb_write[is_user][index].address !=
+    if (__builtin_expect(env->tlb_table[is_user][index].addr_write !=
                          (addr & (TARGET_PAGE_MASK | (DATA_SIZE - 1))), 0)) {
         glue(glue(__st, SUFFIX), MMUSUFFIX)(addr, v, is_user);
     } else {
         physaddr = addr + env->tlb_write[is_user][index].addend;
+        physaddr = addr + env->tlb_table[is_user][index].addend;
         glue(glue(st, SUFFIX), _raw)((uint8_t *)physaddr, v);
+    }
+}
+#endif
+#endif /* ACCESS_TYPE != 3 */
+#endif /* !asm */
+#if ACCESS_TYPE != 3
 #if DATA_SIZE == 8
 static inline double glue(ldfq, MEMSUFFIX)(target_ulong ptr)
+static inline float64 glue(ldfq, MEMSUFFIX)(target_ulong ptr)
+{
     union {
         double d;
+        float64 d;
         uint64_t i;
     } u;
 …
+}
 static inline void glue(stfq, MEMSUFFIX)(target_ulong ptr, double v)
+static inline void glue(stfq, MEMSUFFIX)(target_ulong ptr, float64 v)
+{
     union {
         double d;
+        float64 d;
         uint64_t i;
     } u;
 …
 #if DATA_SIZE == 4
 static inline float glue(ldfl, MEMSUFFIX)(target_ulong ptr)
+static inline float32 glue(ldfl, MEMSUFFIX)(target_ulong ptr)
+{
     union {
         float f;
+        float32 f;
         uint32_t i;
     } u;
 …
+}
 static inline void glue(stfl, MEMSUFFIX)(target_ulong ptr, float v)
+static inline void glue(stfl, MEMSUFFIX)(target_ulong ptr, float32 v)
+{
     union {
         float f;
+        float32 f;
         uint32_t i;
     } u;
 …
+}
 #endif /* DATA_SIZE == 4 */
+#endif /* ACCESS_TYPE != 3 */
 #undef RES_TYPE
 …
 #undef CPU_MEM_INDEX
 #undef MMUSUFFIX
+#undef ADDR_READ

trunk/src/recompiler/softmmu_template.h

-              r1
+              r2422
 #ifdef SOFTMMU_CODE_ACCESS
 #define READ_ACCESS_TYPE 2
+#define ADDR_READ addr_code
 #else
 #define READ_ACCESS_TYPE 0
+#define ADDR_READ addr_read
 #endif
 …
                                                         int is_user,
                                                         void *retaddr);
 static inline DATA_TYPE glue(io_read, SUFFIX)(unsigned long physaddr,
+static inline DATA_TYPE glue(io_read, SUFFIX)(target_phys_addr_t physaddr,
                                               target_ulong tlb_addr)
+{
 …
 #endif
 #endif /* SHIFT > 2 */
+#ifdef USE_KQEMU
+    env->last_io_time = cpu_get_time_fast();
+#endif
     return res;
+}
 …
     int index;
     target_ulong tlb_addr;
     unsigned long physaddr;
+    target_phys_addr_t physaddr;
     void *retaddr;
 …
     index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
  redo:
     tlb_addr = env->tlb_read[is_user][index].address;
+    tlb_addr = env->tlb_table[is_user][index].ADDR_READ;
     if ((addr & TARGET_PAGE_MASK) == (tlb_addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
         physaddr = addr + env->tlb_read[is_user][index].addend;
+        physaddr = addr + env->tlb_table[is_user][index].addend;
         if (tlb_addr & ~TARGET_PAGE_MASK) {
             /* IO access */
 …
                 goto do_unaligned_access;
             res = glue(io_read, SUFFIX)(physaddr, tlb_addr);
         } else if (((addr & 0xfff) + DATA_SIZE - 1) >= TARGET_PAGE_SIZE) {
+        } else if (((addr & ~TARGET_PAGE_MASK) + DATA_SIZE - 1) >= TARGET_PAGE_SIZE) {
             /* slow unaligned access (it spans two pages or IO) */
         do_unaligned_access:
             retaddr = GETPC();
+#ifdef ALIGNED_ONLY
+            do_unaligned_access(addr, READ_ACCESS_TYPE, is_user, retaddr);
+#endif
             res = glue(glue(slow_ld, SUFFIX), MMUSUFFIX)(addr,
                                                          is_user, retaddr);
         } else {
+            /* unaligned access in the same page */
+            res = glue(glue(ld, USUFFIX), _raw)((uint8_t *)physaddr);
+            /* unaligned/aligned access in the same page */
+#ifdef ALIGNED_ONLY
+            if ((addr & (DATA_SIZE - 1)) != 0) {
+                retaddr = GETPC();
+                do_unaligned_access(addr, READ_ACCESS_TYPE, is_user, retaddr);
+            }
+#endif
+            res = glue(glue(ld, USUFFIX), _raw)((uint8_t *)(long)physaddr);
+        }
     } else {
         /* the page is not in the TLB : fill it */
         retaddr = GETPC();
+#ifdef ALIGNED_ONLY
+        if ((addr & (DATA_SIZE - 1)) != 0)
+            do_unaligned_access(addr, READ_ACCESS_TYPE, is_user, retaddr);
+#endif
         tlb_fill(addr, READ_ACCESS_TYPE, is_user, retaddr);
         goto redo;
 …
     DATA_TYPE res, res1, res2;
     int index, shift;
     unsigned long physaddr;
+    target_phys_addr_t physaddr;
     target_ulong tlb_addr, addr1, addr2;
     index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
  redo:
     tlb_addr = env->tlb_read[is_user][index].address;
+    tlb_addr = env->tlb_table[is_user][index].ADDR_READ;
     if ((addr & TARGET_PAGE_MASK) == (tlb_addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
         physaddr = addr + env->tlb_read[is_user][index].addend;
+        physaddr = addr + env->tlb_table[is_user][index].addend;
         if (tlb_addr & ~TARGET_PAGE_MASK) {
             /* IO access */
 …
                 goto do_unaligned_access;
             res = glue(io_read, SUFFIX)(physaddr, tlb_addr);
         } else if (((addr & 0xfff) + DATA_SIZE - 1) >= TARGET_PAGE_SIZE) {
+        } else if (((addr & ~TARGET_PAGE_MASK) + DATA_SIZE - 1) >= TARGET_PAGE_SIZE) {
         do_unaligned_access:
             /* slow unaligned access (it spans two pages) */
 …
         } else {
             /* unaligned/aligned access in the same page */
             res = glue(glue(ld, USUFFIX), _raw)((uint8_t *)physaddr);
+            res = glue(glue(ld, USUFFIX), _raw)((uint8_t *)(long)physaddr);
+        }
     } else {
 …
                                                    void *retaddr);
 static inline void glue(io_write, SUFFIX)(unsigned long physaddr,
+static inline void glue(io_write, SUFFIX)(target_phys_addr_t physaddr,
                                           DATA_TYPE val,
                                           target_ulong tlb_addr,
 …
 #endif
 #endif /* SHIFT > 2 */
+#ifdef USE_KQEMU
+    env->last_io_time = cpu_get_time_fast();
+#endif
+}
 …
                                                     int is_user)
+{
     unsigned long physaddr;
+    target_phys_addr_t physaddr;
     target_ulong tlb_addr;
     void *retaddr;
 …
     index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
  redo:
     tlb_addr = env->tlb_write[is_user][index].address;
+    tlb_addr = env->tlb_table[is_user][index].addr_write;
     if ((addr & TARGET_PAGE_MASK) == (tlb_addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
         physaddr = addr + env->tlb_write[is_user][index].addend;
+        physaddr = addr + env->tlb_table[is_user][index].addend;
         if (tlb_addr & ~TARGET_PAGE_MASK) {
             /* IO access */
 …
             retaddr = GETPC();
             glue(io_write, SUFFIX)(physaddr, val, tlb_addr, retaddr);
         } else if (((addr & 0xfff) + DATA_SIZE - 1) >= TARGET_PAGE_SIZE) {
+        } else if (((addr & ~TARGET_PAGE_MASK) + DATA_SIZE - 1) >= TARGET_PAGE_SIZE) {
         do_unaligned_access:
             retaddr = GETPC();
+#ifdef ALIGNED_ONLY
+            do_unaligned_access(addr, 1, is_user, retaddr);
+#endif
             glue(glue(slow_st, SUFFIX), MMUSUFFIX)(addr, val,
                                                    is_user, retaddr);
         } else {
             /* aligned/unaligned access in the same page */
+            glue(glue(st, SUFFIX), _raw)((uint8_t *)physaddr, val);
+#ifdef ALIGNED_ONLY
+            if ((addr & (DATA_SIZE - 1)) != 0) {
+                retaddr = GETPC();
+                do_unaligned_access(addr, 1, is_user, retaddr);
+            }
+#endif
+            glue(glue(st, SUFFIX), _raw)((uint8_t *)(long)physaddr, val);
+        }
     } else {
         /* the page is not in the TLB : fill it */
         retaddr = GETPC();
+#ifdef ALIGNED_ONLY
+        if ((addr & (DATA_SIZE - 1)) != 0)
+            do_unaligned_access(addr, 1, is_user, retaddr);
+#endif
         tlb_fill(addr, 1, is_user, retaddr);
         goto redo;
 …
                                                    void *retaddr)
+{
     unsigned long physaddr;
+    target_phys_addr_t physaddr;
     target_ulong tlb_addr;
     int index, i;
 …
     index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
  redo:
     tlb_addr = env->tlb_write[is_user][index].address;
+    tlb_addr = env->tlb_table[is_user][index].addr_write;
     if ((addr & TARGET_PAGE_MASK) == (tlb_addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
         physaddr = addr + env->tlb_write[is_user][index].addend;
+        physaddr = addr + env->tlb_table[is_user][index].addend;
         if (tlb_addr & ~TARGET_PAGE_MASK) {
             /* IO access */
 …
                 goto do_unaligned_access;
             glue(io_write, SUFFIX)(physaddr, val, tlb_addr, retaddr);
         } else if (((addr & 0xfff) + DATA_SIZE - 1) >= TARGET_PAGE_SIZE) {
+        } else if (((addr & ~TARGET_PAGE_MASK) + DATA_SIZE - 1) >= TARGET_PAGE_SIZE) {
         do_unaligned_access:
             /* XXX: not efficient, but simple */
 …
         } else {
             /* aligned/unaligned access in the same page */
             glue(glue(st, SUFFIX), _raw)((uint8_t *)physaddr, val);
+            glue(glue(st, SUFFIX), _raw)((uint8_t *)(long)physaddr, val);
+        }
     } else {
 …
 #undef USUFFIX
 #undef DATA_SIZE
+#undef ADDR_READ

trunk/src/recompiler/target-i386/cpu.h

-              r1
+              r2422
 #define TARGET_HAS_PRECISE_SMC
+#define TARGET_HAS_ICE 1
+#ifdef TARGET_X86_64
+#define ELF_MACHINE     EM_X86_64
+#else
+#define ELF_MACHINE     EM_386
+#endif
 #include "cpu-defs.h"
+#include "softfloat.h"
 #if defined(VBOX)
 #include <iprt/critsect.h>
 #include <iprt/thread.h>
 #include <iprt/assert.h>
 #include <iprt/asm.h>
 #include <VBox/vmm.h>
+# include <iprt/critsect.h>
+# include <iprt/thread.h>
+# include <iprt/assert.h>
+# include <iprt/asm.h>
+# include <VBox/vmm.h>
 #endif /* VBOX */
 …
 /* hidden flags - used internally by qemu to represent additionnal cpu
    states. Only the CPL and INHIBIT_IRQ are not redundant. We avoid
+   states. Only the CPL, INHIBIT_IRQ and HALTED are not redundant. We avoid
    using the IOPL_MASK, TF_MASK and VM_MASK bit position to ease oring
    with eflags. */
 …
 #define HF_OSFXSR_SHIFT     16 /* CR4.OSFXSR */
 #define HF_VM_SHIFT         17 /* must be same as eflags */
+#define HF_HALTED_SHIFT     18 /* CPU halted */
+#define HF_SMM_SHIFT        19 /* CPU in SMM mode */
 #define HF_CPL_MASK          (3 << HF_CPL_SHIFT)
 …
 #define HF_CS64_MASK         (1 << HF_CS64_SHIFT)
 #define HF_OSFXSR_MASK       (1 << HF_OSFXSR_SHIFT)
+#define HF_HALTED_MASK       (1 << HF_HALTED_SHIFT)
+#define HF_SMM_MASK          (1 << HF_SMM_SHIFT)
 #define CR0_PE_MASK  (1 << 0)
 …
 #define PG_PSE_BIT      7
 #define PG_GLOBAL_BIT   8
+#define PG_NX_BIT       63
 #define PG_PRESENT_MASK  (1 << PG_PRESENT_BIT)
 …
 #define PG_PSE_MASK      (1 << PG_PSE_BIT)
 #define PG_GLOBAL_MASK   (1 << PG_GLOBAL_BIT)
+#define PG_NX_MASK       (1LL << PG_NX_BIT)
 #define PG_ERROR_W_BIT     1
 …
 #define PG_ERROR_U_MASK    0x04
 #define PG_ERROR_RSVD_MASK 0x08
+#define PG_ERROR_I_D_MASK  0x10
 #define MSR_IA32_APICBASE               0x1b
 …
 #define MSR_IA32_SYSENTER_EIP           0x176
 #endif
+#define MSR_MCG_CAP                     0x179
+#define MSR_MCG_STATUS                  0x17a
+#define MSR_MCG_CTL                     0x17b
+#define MSR_PAT                         0x277
 #define MSR_EFER                        0xc0000080
 …
 #define CPUID_CMOV (1 << 15)
 #define CPUID_PAT  (1 << 16)
+#define CPUID_PSE36   (1 << 17)
 #define CPUID_CLFLUSH (1 << 19)
 /* ... */
 …
 #ifdef VBOX
-#define CPUID_PSE36 (1 << 17)
 #define CPUID_HTT  (1 << 28)
 #endif
 #define CPUID_EXT_SS3      (1 << 0)
+#define CPUID_EXT_SSE3     (1 << 0)
 #define CPUID_EXT_MONITOR  (1 << 3)
 #define CPUID_EXT_CX16     (1 << 13)
 …
 #define CPUID_EXT2_SYSCALL (1 << 11)
 #define CPUID_EXT2_NX      (1 << 20)
+#define CPUID_EXT2_FFXSR   (1 << 25)
 #define CPUID_EXT2_LM      (1 << 29)
 …
 };
 #if (defined(__i386__) || defined(__x86_64__)) && !defined(_BSD)
+#ifdef FLOATX80
 #define USE_X86LDOUBLE
 #endif
 #ifdef USE_X86LDOUBLE
 typedef long double CPU86_LDouble;
+typedef floatx80 CPU86_LDouble;
 #else
 typedef double CPU86_LDouble;
+typedef float64 CPU86_LDouble;
 #endif
 …
     uint32_t _l[4];
     uint64_t _q[2];
     float _s[4];
     double _d[2];
+    float32 _s[4];
+    float64 _d[2];
 } XMMReg;
 …
     /* emulator internal variables */
+    float_status fp_status;
+#ifdef VBOX
+    uint32_t alignment3[3]; /* force the long double to start a 16 byte line. */
+#endif
     CPU86_LDouble ft0;
+#if defined(VBOX) && defined(__X86__) && !defined(__DARWIN__)
+    uint32_t alignment4; /* long double is 12 byte, pad it to 16. */
+#endif
     union {
         float f;
 …
     } fp_convert;
+    float_status sse_status;
     uint32_t mxcsr;
     XMMReg xmm_regs[CPU_NB_REGS];
 …
     uint32_t sysenter_esp;
     uint32_t sysenter_eip;
+#ifdef VBOX
+    uint32_t alignment0;
+#endif
     uint64_t efer;
     uint64_t star;
 …
 #endif
+    uint64_t pat;
     /* temporary data for USE_CODE_COPY mode */
 #ifdef USE_CODE_COPY
 …
     /* exception/interrupt handling */
     jmp_buf jmp_env;
+#if defined(VBOX) && defined(__WIN__) && defined(__X86__)
+    /* This will be removed when switching to the no-crt code everywhere. */
+    uint32_t alignment1[23];
+#endif
     int exception_index;
     int error_code;
     int exception_is_int;
     target_ulong exception_next_eip;
-#if defined(VBOX)
-    struct TranslationBlock * volatile current_tb; /* currently executing TB */
-#else
-    struct TranslationBlock *current_tb; /* currently executing TB */
-#endif
     target_ulong dr[8]; /* debug registers */
+#if defined(VBOX)
+    volatile int32_t interrupt_request;
+#else
+    uint32_t smbase;
     int interrupt_request;
-#endif
     int user_mode_only; /* user mode only simulation */
+    /* soft mmu support */
+    /* in order to avoid passing too many arguments to the memory
+       write helpers, we store some rarely used information in the CPU
+       context) */
+    unsigned long mem_write_pc; /* host pc at which the memory was
+                                   written */
+    target_ulong mem_write_vaddr; /* target virtual addr at which the
+                                     memory was written */
+    /* 0 = kernel, 1 = user */
+    CPUTLBEntry tlb_read[2][CPU_TLB_SIZE];
+    CPUTLBEntry tlb_write[2][CPU_TLB_SIZE];
+    /* from this point: preserved by CPU reset */
+    /* ice debug support */
+    target_ulong breakpoints[MAX_BREAKPOINTS];
+    int nb_breakpoints;
+    int singlestep_enabled;
+    CPU_COMMON
 #ifdef VBOX
 …
     /* processor features (e.g. for CPUID insn) */
 #ifndef VBOX /* remR3CpuId deals with these */
+    uint32_t cpuid_level;
     uint32_t cpuid_vendor1;
     uint32_t cpuid_vendor2;
 …
     uint32_t cpuid_version;
 #endif /* !VBOX */
+    uint32_t cpuid_features;
     uint32_t cpuid_ext_features;
-    uint32_t cpuid_features;
 #ifndef VBOX
+    uint32_t cpuid_xlevel;
+    uint32_t cpuid_model[12];
+#endif /* !VBOX */
+    uint32_t cpuid_ext2_features;
+#ifndef VBOX
+#ifdef USE_KQEMU
+    int kqemu_enabled;
+    int last_io_time;
+#endif
     /* in order to simplify APIC support, we leave this pointer to the
        user */
     struct APICState *apic_state;
+    /* user data */
     void *opaque;
+#else
+    uint32_t alignment2[3];
 #endif
 } CPUX86State;
 …
 static inline void cpu_x86_load_seg_cache(CPUX86State *env,
                                           int seg_reg, unsigned int selector,
+                                          uint32_t base, unsigned int limit,
+                                          target_ulong base,
+                                          unsigned int limit,
                                           unsigned int flags)
+{
 …
    signal handlers to inform the virtual CPU of exceptions. non zero
    is returned if the signal was handled by the virtual CPU.  */
+struct siginfo;
+int cpu_x86_signal_handler(int host_signum, struct siginfo *info,
+int cpu_x86_signal_handler(int host_signum, void *pinfo,
                            void *puc);
 void cpu_x86_set_a20(CPUX86State *env, int a20_state);
 …
 uint8_t cpu_get_apic_tpr(CPUX86State *env);
 #endif
+void cpu_smm_update(CPUX86State *env);
 /* will be suppressed */
 …
 #define X86_DUMP_FPU  0x0001 /* dump FPU state too */
 #define X86_DUMP_CCOP 0x0002 /* dump qemu flag cache */
+#ifdef USE_KQEMU
+static inline int cpu_get_time_fast(void)
+{
+    int low, high;
+    asm volatile("rdtsc" : "=a" (low), "=d" (high));
+    return low;
+}
+#endif
 #ifdef VBOX

trunk/src/recompiler/target-i386/exec.h

-              r1478
+              r2422
 /*
  *  i386 execution defines
+ *  i386 execution defines
+ *
  *  Copyright (c) 2003 Fabrice Bellard
 …
 /* XXX: factorize this mess */
-#if defined(__alpha__) || defined (__ia64__) || defined(__x86_64__)
-#define HOST_LONG_BITS 64
-#else
-#define HOST_LONG_BITS 32
-#endif
 #ifdef TARGET_X86_64
 #define TARGET_LONG_BITS 64
 …
 #endif
+#include "cpu-defs.h"
 /* at least 4 register variables are defined */
 register struct CPUX86State *env asm(AREG0);
+/* XXX: use 64 bit regs if HOST_LONG_BITS == 64 */
+#if TARGET_LONG_BITS == 32
+register uint32_t T0 asm(AREG1);
+register uint32_t T1 asm(AREG2);
+register uint32_t T2 asm(AREG3);
+/* if more registers are available, we define some registers too */
+#ifdef AREG4
+register uint32_t EAX asm(AREG4);
+#define reg_EAX
+#endif
+#ifdef AREG5
+register uint32_t ESP asm(AREG5);
+#define reg_ESP
+#endif
+#ifdef AREG6
+register uint32_t EBP asm(AREG6);
+#define reg_EBP
+#endif
+#ifdef AREG7
+register uint32_t ECX asm(AREG7);
+#define reg_ECX
+#endif
+#ifdef AREG8
+register uint32_t EDX asm(AREG8);
+#define reg_EDX
+#endif
+#ifdef AREG9
+register uint32_t EBX asm(AREG9);
+#define reg_EBX
+#endif
+#ifdef AREG10
+register uint32_t ESI asm(AREG10);
+#define reg_ESI
+#endif
+#ifdef AREG11
+register uint32_t EDI asm(AREG11);
+#define reg_EDI
+#endif
+#else
+#if TARGET_LONG_BITS > HOST_LONG_BITS
 /* no registers can be used */
 …
 #define T2 (env->t2)
+#endif
+#else
+/* XXX: use unsigned long instead of target_ulong - better code will
+   be generated for 64 bit CPUs */
+register target_ulong T0 asm(AREG1);
+register target_ulong T1 asm(AREG2);
+register target_ulong T2 asm(AREG3);
+/* if more registers are available, we define some registers too */
+#ifdef AREG4
+register target_ulong EAX asm(AREG4);
+#define reg_EAX
+#endif
+#ifdef AREG5
+register target_ulong ESP asm(AREG5);
+#define reg_ESP
+#endif
+#ifdef AREG6
+register target_ulong EBP asm(AREG6);
+#define reg_EBP
+#endif
+#ifdef AREG7
+register target_ulong ECX asm(AREG7);
+#define reg_ECX
+#endif
+#ifdef AREG8
+register target_ulong EDX asm(AREG8);
+#define reg_EDX
+#endif
+#ifdef AREG9
+register target_ulong EBX asm(AREG9);
+#define reg_EBX
+#endif
+#ifdef AREG10
+register target_ulong ESI asm(AREG10);
+#define reg_ESI
+#endif
+#ifdef AREG11
+register target_ulong EDI asm(AREG11);
+#define reg_EDI
+#endif
+#endif /* ! (TARGET_LONG_BITS > HOST_LONG_BITS) */
 #define A0 T2
 …
 #endif
-#if defined(VBOX) && !defined(REMR3PHYSREADWRITE_DEFINED)
-#define REMR3PHYSREADWRITE_DEFINED
-/* Header sharing between vbox & qemu is rather ugly. */
-void     remR3PhysReadBytes(uint8_t *pbSrcPhys, void *pvDst, unsigned cb);
-uint8_t  remR3PhysReadUByte(uint8_t *pbSrcPhys);
-uint8_t  remR3PhysReadSByte(uint8_t *pbSrcPhys);
-uint16_t remR3PhysReadUWord(uint8_t *pbSrcPhys);
-int16_t  remR3PhysReadSWord(uint8_t *pbSrcPhys);
-uint32_t remR3PhysReadULong(uint8_t *pbSrcPhys);
-uint32_t remR3PhysReadSLong(uint8_t *pbSrcPhys);
-void     remR3PhysWriteBytes(uint8_t *pbDstPhys, const void *pvSrc, unsigned cb);
-void     remR3PhysWriteByte(uint8_t *pbDstPhys, uint8_t val);
-void     remR3PhysWriteWord(uint8_t *pbDstPhys, uint16_t val);
-void     remR3PhysWriteDword(uint8_t *pbDstPhys, uint32_t val);
-#endif
 #include "cpu.h"
 #include "exec-all.h"
-/* XXX: add a generic FPU library */
-static inline double float32_to_float64(float a)
+{
-    return a;
+}
-static inline float float64_to_float32(double a)
+{
-    return a;
+}
-#if defined(__powerpc__)
-/* better to call an helper on ppc */
-float int32_to_float32(int32_t a);
-double int32_to_float64(int32_t a);
-#else
-static inline float int32_to_float32(int32_t a)
+{
-    return (float)a;
+}
-static inline double int32_to_float64(int32_t a)
+{
-    return (double)a;
+}
-#endif
-static inline float int64_to_float32(int64_t a)
+{
-    return (float)a;
+}
-static inline double int64_to_float64(int64_t a)
+{
-    return (double)a;
+}
 typedef struct CCTable {
 …
 void helper_movl_crN_T0(int reg);
 void helper_movl_drN_T0(int reg);
 void helper_invlpg(unsigned int addr);
+void helper_invlpg(target_ulong addr);
 void cpu_x86_update_cr0(CPUX86State *env, uint32_t new_cr0);
 void cpu_x86_update_cr3(CPUX86State *env, target_ulong new_cr3);
 void cpu_x86_update_cr4(CPUX86State *env, uint32_t new_cr4);
 void cpu_x86_flush_tlb(CPUX86State *env, uint32_t addr);
+void cpu_x86_flush_tlb(CPUX86State *env, target_ulong addr);
 int cpu_x86_handle_mmu_fault(CPUX86State *env, target_ulong addr,
                              int is_write, int is_user, int is_softmmu);
 …
 void raise_exception_err(int exception_index, int error_code);
 void raise_exception(int exception_index);
+void do_smm_enter(void);
 void __hidden cpu_loop_exit(void);
 …
 void helper_divq_EAX_T0(void);
 void helper_idivq_EAX_T0(void);
+void helper_bswapq_T0(void);
 void helper_cmpxchg8b(void);
 void helper_cpuid(void);
 void helper_enter_level(int level, int data32);
+void helper_enter64_level(int level, int data64);
 void helper_sysenter(void);
 void helper_sysexit(void);
 …
 void helper_verr(void);
 void helper_verw(void);
+void helper_rsm(void);
 #ifdef VBOX
 void helper_external_event(void);
-void helper_hlt(void);
-void helper_monitor(void);
-void helper_mwait(void);
 /* in helper.c */
 …
 void check_iol_DX(void);
-/* XXX: move that to a generic header */
 #if !defined(CONFIG_USER_ONLY)
+#define ldul_user ldl_user
+#define ldul_kernel ldl_kernel
+#define ACCESS_TYPE 0
+#define MEMSUFFIX _kernel
+#define DATA_SIZE 1
+#include "softmmu_header.h"
+#define DATA_SIZE 2
+#include "softmmu_header.h"
+#define DATA_SIZE 4
+#include "softmmu_header.h"
+#define DATA_SIZE 8
+#include "softmmu_header.h"
+#undef ACCESS_TYPE
+#undef MEMSUFFIX
+#define ACCESS_TYPE 1
+#define MEMSUFFIX _user
+#define DATA_SIZE 1
+#include "softmmu_header.h"
+#define DATA_SIZE 2
+#include "softmmu_header.h"
+#define DATA_SIZE 4
+#include "softmmu_header.h"
+#define DATA_SIZE 8
+#include "softmmu_header.h"
+#undef ACCESS_TYPE
+#undef MEMSUFFIX
+/* these access are slower, they must be as rare as possible */
+#define ACCESS_TYPE 2
+#define MEMSUFFIX _data
+#define DATA_SIZE 1
+#include "softmmu_header.h"
+#define DATA_SIZE 2
+#include "softmmu_header.h"
+#define DATA_SIZE 4
+#include "softmmu_header.h"
+#define DATA_SIZE 8
+#include "softmmu_header.h"
+#undef ACCESS_TYPE
+#undef MEMSUFFIX
+#define ldub(p) ldub_data(p)
+#define ldsb(p) ldsb_data(p)
+#define lduw(p) lduw_data(p)
+#define ldsw(p) ldsw_data(p)
+#define ldl(p) ldl_data(p)
+#define ldq(p) ldq_data(p)
+#define stb(p, v) stb_data(p, v)
+#define stw(p, v) stw_data(p, v)
+#define stl(p, v) stl_data(p, v)
+#define stq(p, v) stq_data(p, v)
+#include "softmmu_exec.h"
 static inline double ldfq(target_ulong ptr)
 …
 #ifdef USE_X86LDOUBLE
 /* use long double functions */
+#define lrint lrintl
+#define llrint llrintl
+#define fabs fabsl
+#define floatx_to_int32 floatx80_to_int32
+#define floatx_to_int64 floatx80_to_int64
+#define floatx_to_int32_round_to_zero floatx80_to_int32_round_to_zero
+#define floatx_to_int64_round_to_zero floatx80_to_int64_round_to_zero
+#define floatx_abs floatx80_abs
+#define floatx_chs floatx80_chs
+#define floatx_round_to_int floatx80_round_to_int
+#define floatx_compare floatx80_compare
+#define floatx_compare_quiet floatx80_compare_quiet
+#ifdef VBOX
+#undef sin
+#undef cos
+#undef sqrt
+#undef pow
+#undef log
+#undef tan
+#undef atan2
+#undef floor
+#undef ceil
+#undef ldexp
+#endif /* !VBOX */
 #define sin sinl
 #define cos cosl
 …
 #define floor floorl
 #define ceil ceill
+#define rint rintl
+#endif
+#if !defined(_BSD)
+extern int lrint(CPU86_LDouble x);
+extern int64_t llrint(CPU86_LDouble x);
+#else
+#define lrint(d)                ((int)rint(d))
+#define llrint(d)               ((int)rint(d))
+#endif
+extern CPU86_LDouble fabs(CPU86_LDouble x);
+#define ldexp ldexpl
+#else
+#define floatx_to_int32 float64_to_int32
+#define floatx_to_int64 float64_to_int64
+#define floatx_to_int32_round_to_zero float64_to_int32_round_to_zero
+#define floatx_to_int64_round_to_zero float64_to_int64_round_to_zero
+#define floatx_abs float64_abs
+#define floatx_chs float64_chs
+#define floatx_round_to_int float64_round_to_int
+#define floatx_compare float64_compare
+#define floatx_compare_quiet float64_compare_quiet
+#endif
 extern CPU86_LDouble sin(CPU86_LDouble x);
 extern CPU86_LDouble cos(CPU86_LDouble x);
 …
 extern CPU86_LDouble floor(CPU86_LDouble x);
 extern CPU86_LDouble ceil(CPU86_LDouble x);
-extern CPU86_LDouble rint(CPU86_LDouble x);
 #define RC_MASK         0xc00
 …
 #define MAXTAN 9223372036854775808.0
-#ifdef __arm__
-/* we have no way to do correct rounding - a FPU emulator is needed */
-#define FE_DOWNWARD   FE_TONEAREST
-#define FE_UPWARD     FE_TONEAREST
-#define FE_TOWARDZERO FE_TONEAREST
-#endif
 #ifdef USE_X86LDOUBLE
 …
 float approx_rsqrt(float a);
 float approx_rcp(float a);
+double helper_sqrt(double a);
+int fpu_isnan(double a);
+void update_fp_status(void);
+void helper_hlt(void);
+void helper_monitor(void);
+void helper_mwait(void);
 extern const uint8_t parity_table[256];

trunk/src/recompiler/target-i386/helper2.c

-              r1
+              r2422
 #include <string.h>
 #include <inttypes.h>
+#ifndef VBOX
 #include <signal.h>
 #include <assert.h>
+#else
+# include <VBox/pgm.h> /* PGM_DYNAMIC_RAM_ALLOC */
+#endif
 #include "cpu.h"
 …
 #include <linux/version.h>
+_syscall3(int, modify_ldt, int, func, void *, ptr, unsigned long, bytecount)
+int modify_ldt(int func, void *ptr, unsigned long bytecount)
+{
+        return syscall(__NR_modify_ldt, func, ptr, bytecount);
+}
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 5, 66)
 …
     static int inited;
-    cpu_exec_init();
 #ifndef VBOX
     env = malloc(sizeof(CPUX86State));
+    env = qemu_mallocz(sizeof(CPUX86State));
     if (!env)
         return NULL;
-    memset(env, 0, sizeof(CPUX86State));
 #endif /* !VBOX */
+    cpu_exec_init(env);
     /* init various static tables */
     if (!inited) {
 …
 #endif
 #endif
+        env->cpuid_level = 2;
         env->cpuid_version = (family << 8) | (model << 4) | stepping;
         env->cpuid_features = (CPUID_FP87 | CPUID_DE | CPUID_PSE |
                                CPUID_TSC | CPUID_MSR | CPUID_MCE |
+                               CPUID_CX8 | CPUID_PGE | CPUID_CMOV);
+        env->cpuid_ext_features = 0;
+                               CPUID_CX8 | CPUID_PGE | CPUID_CMOV |
+                               CPUID_PAT);
+        env->pat = 0x0007040600070406ULL;
+        env->cpuid_ext_features = CPUID_EXT_SSE3;
         env->cpuid_features |= CPUID_FXSR | CPUID_MMX | CPUID_SSE | CPUID_SSE2 | CPUID_PAE | CPUID_SEP;
+        env->cpuid_features |= CPUID_APIC;
+        env->cpuid_xlevel = 0;
+        {
+            const char *model_id = "QEMU Virtual CPU version " QEMU_VERSION;
+            int c, len, i;
+            len = strlen(model_id);
+            for(i = 0; i < 48; i++) {
+                if (i >= len)
+                    c = '\0';
+                else
+                    c = model_id[i];
+                env->cpuid_model[i >> 2] |= c << (8 * (i & 3));
+            }
+        }
 #ifdef TARGET_X86_64
         /* currently not enabled for std i386 because not fully tested */
+        env->cpuid_features |= CPUID_APIC;
+        env->cpuid_ext2_features = (env->cpuid_features & 0x0183F3FF);
+        env->cpuid_ext2_features |= CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX;
+        env->cpuid_xlevel = 0x80000008;
+        /* these features are needed for Win64 and aren't fully implemented */
+        env->cpuid_features |= CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA;
+        /* this feature is needed for Solaris and isn't fully implemented */
+        env->cpuid_features |= CPUID_PSE36;
 #endif
+    }
 #endif /* VBOX */
-    cpu_single_env = env;
     cpu_reset(env);
+#ifdef USE_KQEMU
+    kqemu_init(env);
+#endif
     return env;
+}
 …
     cpu_x86_update_cr0(env, 0x60000010);
     env->a20_mask = 0xffffffff;
+    env->smbase = 0x30000;
     env->idt.limit = 0xffff;
     env->gdt.limit = 0xffff;
 …
                     int flags)
+{
     int eflags, i;
+    int eflags, i, nb;
     char cc_op_name[32];
     static const char *seg_name[6] = { "ES", "CS", "SS", "DS", "FS", "GS" };
 …
     if (env->hflags & HF_CS64_MASK) {
         cpu_fprintf(f,
                     "RAX=%016llx RBX=%016llx RCX=%016llx RDX=%016llx\n"
                     "RSI=%016llx RDI=%016llx RBP=%016llx RSP=%016llx\n"
                     "R8 =%016llx R9 =%016llx R10=%016llx R11=%016llx\n"
                     "R12=%016llx R13=%016llx R14=%016llx R15=%016llx\n"
                     "RIP=%016llx RFL=%08x [%c%c%c%c%c%c%c]    CPL=%d II=%d A20=%d\n",
+                    "RAX=%016" PRIx64 " RBX=%016" PRIx64 " RCX=%016" PRIx64 " RDX=%016" PRIx64 "\n"
+                    "RSI=%016" PRIx64 " RDI=%016" PRIx64 " RBP=%016" PRIx64 " RSP=%016" PRIx64 "\n"
+                    "R8 =%016" PRIx64 " R9 =%016" PRIx64 " R10=%016" PRIx64 " R11=%016" PRIx64 "\n"
+                    "R12=%016" PRIx64 " R13=%016" PRIx64 " R14=%016" PRIx64 " R15=%016" PRIx64 "\n"
+                    "RIP=%016" PRIx64 " RFL=%08x [%c%c%c%c%c%c%c] CPL=%d II=%d A20=%d SMM=%d HLT=%d\n",
                     env->regs[R_EAX],
                     env->regs[R_EBX],
 …
                     env->hflags & HF_CPL_MASK,
                     (env->hflags >> HF_INHIBIT_IRQ_SHIFT) & 1,
+                    (env->a20_mask >> 20) & 1);
+                    (env->a20_mask >> 20) & 1,
+                    (env->hflags >> HF_SMM_SHIFT) & 1,
+                    (env->hflags >> HF_HALTED_SHIFT) & 1);
     } else
 #endif
 …
         cpu_fprintf(f, "EAX=%08x EBX=%08x ECX=%08x EDX=%08x\n"
                     "ESI=%08x EDI=%08x EBP=%08x ESP=%08x\n"
                     "EIP=%08x EFL=%08x [%c%c%c%c%c%c%c]    CPL=%d II=%d A20=%d\n",
+                    "EIP=%08x EFL=%08x [%c%c%c%c%c%c%c] CPL=%d II=%d A20=%d SMM=%d HLT=%d\n",
                     (uint32_t)env->regs[R_EAX],
                     (uint32_t)env->regs[R_EBX],
 …
                     env->hflags & HF_CPL_MASK,
                     (env->hflags >> HF_INHIBIT_IRQ_SHIFT) & 1,
+                    (env->a20_mask >> 20) & 1);
+                    (env->a20_mask >> 20) & 1,
+                    (env->hflags >> HF_SMM_SHIFT) & 1,
+                    (env->hflags >> HF_HALTED_SHIFT) & 1);
+    }
 …
         for(i = 0; i < 6; i++) {
             SegmentCache *sc = &env->segs[i];
             cpu_fprintf(f, "%s =%04x %016llx %08x %08x\n",
+            cpu_fprintf(f, "%s =%04x %016" PRIx64 " %08x %08x\n",
                         seg_name[i],
                         sc->selector,
 …
                         sc->flags);
+        }
         cpu_fprintf(f, "LDT=%04x %016llx %08x %08x\n",
+        cpu_fprintf(f, "LDT=%04x %016" PRIx64 " %08x %08x\n",
                     env->ldt.selector,
                     env->ldt.base,
                     env->ldt.limit,
                     env->ldt.flags);
         cpu_fprintf(f, "TR =%04x %016llx %08x %08x\n",
+        cpu_fprintf(f, "TR =%04x %016" PRIx64 " %08x %08x\n",
                     env->tr.selector,
                     env->tr.base,
                     env->tr.limit,
                     env->tr.flags);
         cpu_fprintf(f, "GDT=     %016llx %08x\n",
+        cpu_fprintf(f, "GDT=     %016" PRIx64 " %08x\n",
                     env->gdt.base, env->gdt.limit);
         cpu_fprintf(f, "IDT=     %016llx %08x\n",
+        cpu_fprintf(f, "IDT=     %016" PRIx64 " %08x\n",
                     env->idt.base, env->idt.limit);
         cpu_fprintf(f, "CR0=%08x CR2=%016llx CR3=%016llx CR4=%08x\n",
+        cpu_fprintf(f, "CR0=%08x CR2=%016" PRIx64 " CR3=%016" PRIx64 " CR4=%08x\n",
                     (uint32_t)env->cr[0],
                     env->cr[2],
 …
     if (flags & X86_DUMP_CCOP) {
         if ((unsigned)env->cc_op < CC_OP_NB)
             snprintf(cc_op_name, sizeof(cc_op_name), "%s", cc_op_str[env->cc_op]);
+            qemu_snprintf(cc_op_name, sizeof(cc_op_name), "%s", cc_op_str[env->cc_op]);
         else
             snprintf(cc_op_name, sizeof(cc_op_name), "[%d]", env->cc_op);
+            qemu_snprintf(cc_op_name, sizeof(cc_op_name), "[%d]", env->cc_op);
 #ifdef TARGET_X86_64
         if (env->hflags & HF_CS64_MASK) {
             cpu_fprintf(f, "CCS=%016llx CCD=%016llx CCO=%-8s\n",
+            cpu_fprintf(f, "CCS=%016" PRIx64 " CCD=%016" PRIx64 " CCO=%-8s\n",
                         env->cc_src, env->cc_dst,
                         cc_op_name);
 …
+    }
     if (flags & X86_DUMP_FPU) {
+        cpu_fprintf(f, "ST0=%f ST1=%f ST2=%f ST3=%f\n",
+                (double)env->fpregs[0].d,
+                (double)env->fpregs[1].d,
+                (double)env->fpregs[2].d,
+                (double)env->fpregs[3].d);
+        cpu_fprintf(f, "ST4=%f ST5=%f ST6=%f ST7=%f\n",
+                (double)env->fpregs[4].d,
+                (double)env->fpregs[5].d,
+                (double)env->fpregs[7].d,
+                (double)env->fpregs[8].d);
+        int fptag;
+        fptag = 0;
+        for(i = 0; i < 8; i++) {
+            fptag |= ((!env->fptags[i]) << i);
+        }
+        cpu_fprintf(f, "FCW=%04x FSW=%04x [ST=%d] FTW=%02x MXCSR=%08x\n",
+                    env->fpuc,
+                    (env->fpus & ~0x3800) | (env->fpstt & 0x7) << 11,
+                    env->fpstt,
+                    fptag,
+                    env->mxcsr);
+        for(i=0;i<8;i++) {
+#if defined(USE_X86LDOUBLE)
+            union {
+                long double d;
+                struct {
+                    uint64_t lower;
+                    uint16_t upper;
+                } l;
+            } tmp;
+            tmp.d = env->fpregs[i].d;
+            cpu_fprintf(f, "FPR%d=%016" PRIx64 " %04x",
+                        i, tmp.l.lower, tmp.l.upper);
+#else
+            cpu_fprintf(f, "FPR%d=%016" PRIx64,
+                        i, env->fpregs[i].mmx.q);
+#endif
+            if ((i & 1) == 1)
+                cpu_fprintf(f, "\n");
+            else
+                cpu_fprintf(f, " ");
+        }
+        if (env->hflags & HF_CS64_MASK)
+            nb = 16;
+        else
+            nb = 8;
+        for(i=0;i<nb;i++) {
+            cpu_fprintf(f, "XMM%02d=%08x%08x%08x%08x",
+                        i,
+                        env->xmm_regs[i].XMM_L(3),
+                        env->xmm_regs[i].XMM_L(2),
+                        env->xmm_regs[i].XMM_L(1),
+                        env->xmm_regs[i].XMM_L(0));
+            if ((i & 1) == 1)
+                cpu_fprintf(f, "\n");
+            else
+                cpu_fprintf(f, " ");
+        }
+    }
+}
 …
 #ifdef VBOX
     remR3ChangeCpuMode(env);
 #endif
+#endif
+}
 …
 #ifdef VBOX
     remR3ChangeCpuMode(env);
 #endif
+#endif
+}
 /* XXX: also flush 4MB pages */
 void cpu_x86_flush_tlb(CPUX86State *env, uint32_t addr)
+void cpu_x86_flush_tlb(CPUX86State *env, target_ulong addr)
+{
 #if defined(DEBUG) && defined(VBOX)
     uint32_t pde;
-    uint8_t *pde_ptr;
     /* page directory entry */
     pde_ptr = remR3GCPhys2HCVirt(env, (((env->cr[3] & ~0xfff) + ((addr >> 20) & ~3)) & env->a20_mask));
+    pde = ldl_raw(pde_ptr);
+    pde = remR3PhysReadU32(((env->cr[3] & ~0xfff) + ((addr >> 20) & ~3)) & env->a20_mask);
     /* if PSE bit is set, then we use a 4MB page */
     if ((pde & PG_PSE_MASK) && (env->cr[4] & CR4_PSE_MASK)) {
 …
     env->error_code = (is_write << PG_ERROR_W_BIT);
     env->error_code |= PG_ERROR_U_MASK;
+    env->exception_index = EXCP0E_PAGE;
     return 1;
+}
 …
 #else
+#define PHYS_ADDR_MASK 0xfffff000
 /* return value:
 …
 */
 int cpu_x86_handle_mmu_fault(CPUX86State *env, target_ulong addr,
+                             int is_write, int is_user, int is_softmmu)
+{
+                             int is_write1, int is_user, int is_softmmu)
+{
+    uint64_t ptep, pte;
     uint32_t pdpe_addr, pde_addr, pte_addr;
+    uint32_t pde, pte, ptep, pdpe;
+    int error_code, is_dirty, prot, page_size, ret;
+    int error_code, is_dirty, prot, page_size, ret, is_write;
     unsigned long paddr, page_offset;
     target_ulong vaddr, virt_addr;
 …
 #if defined(DEBUG_MMU)
     printf("MMU fault: addr=" TARGET_FMT_lx " w=%d u=%d eip=" TARGET_FMT_lx "\n",
            addr, is_write, is_user, env->eip);
 #endif
     is_write &= 1;
+           addr, is_write1, is_user, env->eip);
+#endif
+    is_write = is_write1 & 1;
     if (!(env->cr[0] & CR0_PG_MASK)) {
         pte = addr;
         virt_addr = addr & TARGET_PAGE_MASK;
         prot = PAGE_READ | PAGE_WRITE;
+        prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
         page_size = 4096;
         goto do_mapping;
 …
     if (env->cr[4] & CR4_PAE_MASK) {
+        uint64_t pde, pdpe;
         /* XXX: we only use 32 bit physical addresses */
 #ifdef TARGET_X86_64
         if (env->hflags & HF_LMA_MASK) {
+            uint32_t pml4e_addr, pml4e;
+            uint32_t pml4e_addr;
+            uint64_t pml4e;
             int32_t sext;
-            /* XXX: handle user + rw rights */
-            /* XXX: handle NX flag */
             /* test virtual address sign extension */
             sext = (int64_t)addr >> 47;
             if (sext != 0 && sext != -1) {
+                error_code = 0;
+                goto do_fault;
+                env->error_code = 0;
+                env->exception_index = EXCP0D_GPF;
+                return 1;
+            }
             pml4e_addr = ((env->cr[3] & ~0xfff) + (((addr >> 39) & 0x1ff) << 3)) &
                 env->a20_mask;
             pml4e = ldl_phys(pml4e_addr);
+            pml4e = ldq_phys(pml4e_addr);
             if (!(pml4e & PG_PRESENT_MASK)) {
                 error_code = 0;
                 goto do_fault;
+            }
+            if (!(env->efer & MSR_EFER_NXE) && (pml4e & PG_NX_MASK)) {
+                error_code = PG_ERROR_RSVD_MASK;
+                goto do_fault;
+            }
             if (!(pml4e & PG_ACCESSED_MASK)) {
                 pml4e |= PG_ACCESSED_MASK;
                 stl_phys_notdirty(pml4e_addr, pml4e);
+            }
             pdpe_addr = ((pml4e & ~0xfff) + (((addr >> 30) & 0x1ff) << 3)) &
+            ptep = pml4e ^ PG_NX_MASK;
+            pdpe_addr = ((pml4e & PHYS_ADDR_MASK) + (((addr >> 30) & 0x1ff) << 3)) &
                 env->a20_mask;
             pdpe = ldl_phys(pdpe_addr);
+            pdpe = ldq_phys(pdpe_addr);
             if (!(pdpe & PG_PRESENT_MASK)) {
                 error_code = 0;
                 goto do_fault;
+            }
+            if (!(env->efer & MSR_EFER_NXE) && (pdpe & PG_NX_MASK)) {
+                error_code = PG_ERROR_RSVD_MASK;
+                goto do_fault;
+            }
+            ptep &= pdpe ^ PG_NX_MASK;
             if (!(pdpe & PG_ACCESSED_MASK)) {
                 pdpe |= PG_ACCESSED_MASK;
                 stl_phys_notdirty(pdpe_addr, pdpe);
+            }
         } else
+        } else
 #endif
+        {
+            /* XXX: load them when cr3 is loaded ? */
             pdpe_addr = ((env->cr[3] & ~0x1f) + ((addr >> 30) << 3)) &
                 env->a20_mask;
             pdpe = ldl_phys(pdpe_addr);
+            pdpe = ldq_phys(pdpe_addr);
             if (!(pdpe & PG_PRESENT_MASK)) {
                 error_code = 0;
                 goto do_fault;
+            }
+        }
+        pde_addr = ((pdpe & ~0xfff) + (((addr >> 21) & 0x1ff) << 3)) &
+            ptep = PG_NX_MASK | PG_USER_MASK | PG_RW_MASK;
+        }
+        pde_addr = ((pdpe & PHYS_ADDR_MASK) + (((addr >> 21) & 0x1ff) << 3)) &
             env->a20_mask;
         pde = ldl_phys(pde_addr);
+        pde = ldq_phys(pde_addr);
         if (!(pde & PG_PRESENT_MASK)) {
             error_code = 0;
             goto do_fault;
+        }
+        if (!(env->efer & MSR_EFER_NXE) && (pde & PG_NX_MASK)) {
+            error_code = PG_ERROR_RSVD_MASK;
+            goto do_fault;
+        }
+        ptep &= pde ^ PG_NX_MASK;
         if (pde & PG_PSE_MASK) {
             /* 2 MB page */
             page_size = 2048 * 1024;
+            goto handle_big_page;
+            ptep ^= PG_NX_MASK;
+            if ((ptep & PG_NX_MASK) && is_write1 == 2)
+                goto do_fault_protect;
+            if (is_user) {
+                if (!(ptep & PG_USER_MASK))
+                    goto do_fault_protect;
+                if (is_write && !(ptep & PG_RW_MASK))
+                    goto do_fault_protect;
+            } else {
+                if ((env->cr[0] & CR0_WP_MASK) &&
+                    is_write && !(ptep & PG_RW_MASK))
+                    goto do_fault_protect;
+            }
+            is_dirty = is_write && !(pde & PG_DIRTY_MASK);
+            if (!(pde & PG_ACCESSED_MASK) || is_dirty) {
+                pde |= PG_ACCESSED_MASK;
+                if (is_dirty)
+                    pde |= PG_DIRTY_MASK;
+                stl_phys_notdirty(pde_addr, pde);
+            }
+            /* align to page_size */
+            pte = pde & ((PHYS_ADDR_MASK & ~(page_size - 1)) | 0xfff);
+            virt_addr = addr & ~(page_size - 1);
         } else {
             /* 4 KB page */
 …
                 stl_phys_notdirty(pde_addr, pde);
+            }
             pte_addr = ((pde & ~0xfff) + (((addr >> 12) & 0x1ff) << 3)) &
+            pte_addr = ((pde & PHYS_ADDR_MASK) + (((addr >> 12) & 0x1ff) << 3)) &
                 env->a20_mask;
+            goto handle_4k_page;
+            pte = ldq_phys(pte_addr);
+            if (!(pte & PG_PRESENT_MASK)) {
+                error_code = 0;
+                goto do_fault;
+            }
+            if (!(env->efer & MSR_EFER_NXE) && (pte & PG_NX_MASK)) {
+                error_code = PG_ERROR_RSVD_MASK;
+                goto do_fault;
+            }
+            /* combine pde and pte nx, user and rw protections */
+            ptep &= pte ^ PG_NX_MASK;
+            ptep ^= PG_NX_MASK;
+            if ((ptep & PG_NX_MASK) && is_write1 == 2)
+                goto do_fault_protect;
+            if (is_user) {
+                if (!(ptep & PG_USER_MASK))
+                    goto do_fault_protect;
+                if (is_write && !(ptep & PG_RW_MASK))
+                    goto do_fault_protect;
+            } else {
+                if ((env->cr[0] & CR0_WP_MASK) &&
+                    is_write && !(ptep & PG_RW_MASK))
+                    goto do_fault_protect;
+            }
+            is_dirty = is_write && !(pte & PG_DIRTY_MASK);
+            if (!(pte & PG_ACCESSED_MASK) || is_dirty) {
+                pte |= PG_ACCESSED_MASK;
+                if (is_dirty)
+                    pte |= PG_DIRTY_MASK;
+                stl_phys_notdirty(pte_addr, pte);
+            }
+            page_size = 4096;
+            virt_addr = addr & ~0xfff;
+            pte = pte & (PHYS_ADDR_MASK | 0xfff);
+        }
     } else {
+        uint32_t pde;
         /* page directory entry */
         pde_addr = ((env->cr[3] & ~0xfff) + ((addr >> 20) & ~3)) &
 …
         if ((pde & PG_PSE_MASK) && (env->cr[4] & CR4_PSE_MASK)) {
             page_size = 4096 * 1024;
-        handle_big_page:
             if (is_user) {
                 if (!(pde & PG_USER_MASK))
 …
             pte_addr = ((pde & ~0xfff) + ((addr >> 10) & 0xffc)) &
                 env->a20_mask;
-        handle_4k_page:
             pte = ldl_phys(pte_addr);
             if (!(pte & PG_PRESENT_MASK)) {
 …
             virt_addr = addr & ~0xfff;
+        }
+        /* the page can be put in the TLB */
+        prot = PAGE_READ;
+        if (pte & PG_DIRTY_MASK) {
+            /* only set write access if already dirty... otherwise wait
+               for dirty access */
+            if (is_user) {
+                if (ptep & PG_RW_MASK)
+                    prot |= PAGE_WRITE;
+            } else {
+                if (!(env->cr[0] & CR0_WP_MASK) ||
+                    (ptep & PG_RW_MASK))
+                    prot |= PAGE_WRITE;
+            }
+    }
+    /* the page can be put in the TLB */
+    prot = PAGE_READ;
+    if (!(ptep & PG_NX_MASK))
+        prot |= PAGE_EXEC;
+    if (pte & PG_DIRTY_MASK) {
+        /* only set write access if already dirty... otherwise wait
+           for dirty access */
+        if (is_user) {
+            if (ptep & PG_RW_MASK)
+                prot |= PAGE_WRITE;
+        } else {
+            if (!(env->cr[0] & CR0_WP_MASK) ||
+                (ptep & PG_RW_MASK))
+                prot |= PAGE_WRITE;
+        }
+    }
 …
     vaddr = virt_addr + page_offset;
     ret = tlb_set_page(env, vaddr, paddr, prot, is_user, is_softmmu);
+    ret = tlb_set_page_exec(env, vaddr, paddr, prot, is_user, is_softmmu);
     return ret;
  do_fault_protect:
 …
  do_fault:
     env->cr[2] = addr;
     env->error_code = (is_write << PG_ERROR_W_BIT) | error_code;
+    error_code |= (is_write << PG_ERROR_W_BIT);
     if (is_user)
+        env->error_code |= PG_ERROR_U_MASK;
+        error_code |= PG_ERROR_U_MASK;
+    if (is_write1 == 2 &&
+        (env->efer & MSR_EFER_NXE) &&
+        (env->cr[4] & CR4_PAE_MASK))
+        error_code |= PG_ERROR_I_D_MASK;
+    env->error_code = error_code;
+    env->exception_index = EXCP0E_PAGE;
     return 1;
+}

trunk/src/recompiler/target-i386/op.c

-              r1514
+              r2422
 void OPPROTO op_bswapq_T0(void)
+{
     T0 = bswap64(T0);
+    helper_bswapq_T0();
+}
 #endif
 …
     uint32_t idx = (PARAM1 - offsetof(CPUX86State,segs[0].base)) / sizeof(SegmentCache);
+    if (env->segs[idx].newselector && !(env->eflags & VM_MASK))
+    {
+    if (env->segs[idx].newselector && !(env->eflags & VM_MASK)) {
         sync_seg(env, idx, env->segs[idx].newselector);
+    }
 …
     if (    (env->cr[0] & (CR0_PE_MASK|CR0_PG_MASK)) == (CR0_PE_MASK|CR0_PG_MASK)
         &&  !(env->eflags & VM_MASK)
+        &&  env->segs[idx].selector == 0
+       )
+    {
+        &&  env->segs[idx].selector == 0) {
         raise_exception(EXCP0D_GPF);
+    }
     A0 = (uint32_t)env->segs[idx].base;
     FORCE_RET();
 #else
+#else  /* !VBOX */
     A0 = (uint32_t)*(target_ulong *)((char *)env + PARAM1);
 #endif
+#endif /* !VBOX */
+}
 …
     uint32_t idx = (PARAM1 - offsetof(CPUX86State,segs[0].base)) / sizeof(SegmentCache);
+    if (env->segs[idx].newselector && !(env->eflags & VM_MASK))
+    {
+    if (env->segs[idx].newselector && !(env->eflags & VM_MASK)) {
         sync_seg(env, idx, env->segs[idx].newselector);
+    }
 …
     if (    (env->cr[0] & (CR0_PE_MASK|CR0_PG_MASK)) == (CR0_PE_MASK|CR0_PG_MASK)
         &&  !(env->eflags & VM_MASK)
+        &&  env->segs[idx].selector == 0
+       )
+    {
+        &&  env->segs[idx].selector == 0) {
         raise_exception(EXCP0D_GPF);
+    }
     A0 = (uint32_t)(A0 + env->segs[idx].base);
     FORCE_RET();
 #else
+#else  /* !VBOX */
     A0 = (uint32_t)(A0 + *(target_ulong *)((char *)env + PARAM1));
 #endif
+#endif /* !VBOX */
+}
 …
     if (env->segs[idx].newselector && !(env->eflags & VM_MASK))
+    {
         sync_seg(env, idx, env->segs[idx].newselector);
+    }
     A0 = (target_ulong)env->segs[idx].base;
 #else
+#else  /* !VBOX */
     A0 = *(target_ulong *)((char *)env + PARAM1);
 #endif
+#endif /* !VBOX */
+}
 …
     if (env->segs[idx].newselector && !(env->eflags & VM_MASK))
+    {
         sync_seg(env, idx, env->segs[idx].newselector);
+    }
     A0 += (target_ulong)env->segs[idx].base;
 #else
+#else  /* !VBOX */
     A0 += *(target_ulong *)((char *)env + PARAM1);
 #endif
+#endif /* !VBOX */
+}
 …
+}
+#ifdef VBOX
+void OPPROTO op_rsm(void)
+{
+    helper_rsm();
+}
+#ifndef VBOX
+#if 0
 /* vm86plus instructions */
+void OPPROTO op_cli_vm(void)
+{
+    env->eflags &= ~VIF_MASK;
+}
+void OPPROTO op_sti_vm(void)
+{
+    env->eflags |= VIF_MASK;
+    if (env->eflags & VIP_MASK) {
+        EIP = PARAM1;
+        raise_exception(EXCP0D_GPF);
+    }
+    FORCE_RET();
+}
+#endif
+#else /* VBOX */
 void OPPROTO op_cli_vme(void)
+{
 …
     FORCE_RET();
+}
 #endif
+#endif /* VBOX */
 void OPPROTO op_boundw(void)
 …
 #ifdef VBOX
-/** @todo Ugly: Exit current TB to process an external interrupt request */
-#define CPU_INTERRUPT_EXTERNAL_EXIT  0x0200 /* also defined in cpu-all.h!! */
-#define CPU_INTERRUPT_EXTERNAL_HARD  0x0400 /* also defined in cpu-all.h!! */
-#define CPU_INTERRUPT_EXTERNAL_TIMER 0x0800 /* also defined in cpu-all.h!! */
-#define CPU_INTERRUPT_EXTERNAL_DMA   0x1000 /* also defined in cpu-all.h!! */
 void OPPROTO op_check_external_event(void)
+{
 …
 void OPPROTO op_movswl_EAX_AX(void)
+{
     EAX = (int16_t)EAX;
+    EAX = (uint32_t)((int16_t)EAX);
+}
 …
 void OPPROTO op_movslq_EDX_EAX(void)
+{
     EDX = (int32_t)EAX >> 31;
+    EDX = (uint32_t)((int32_t)EAX >> 31);
+}
 …
 void op_addl_A0_SS(void)
+{
     A0 += (long)env->segs[R_SS].base;
+    A0 = (uint32_t)(A0 + env->segs[R_SS].base);
+}
 …
 #ifdef TARGET_X86_64
+void op_subq_A0_2(void)
+{
+    A0 -= 2;
+}
 void op_subq_A0_8(void)
+{
 …
     helper_enter_level(PARAM1, PARAM2);
+}
+#ifdef TARGET_X86_64
+void OPPROTO op_enter64_level(void)
+{
+    helper_enter64_level(PARAM1, PARAM2);
+}
+#endif
 void OPPROTO op_sysenter(void)
 …
+}
+#ifndef VBOX
+#if 0
 /* vm86plus version */
+#ifdef VBOX
+/* IOPL != 3, CR4.VME=1 */
+void OPPROTO op_movw_eflags_T0_vme(void)
+{
+    unsigned int new_eflags = T0;
+    /* if virtual interrupt pending and (virtual) interrupts will be enabled -> #GP */
+    /* if TF will be set -> #GP */
+    if (    ((new_eflags & IF_MASK) && (env->eflags & VIP_MASK))
+        ||  (new_eflags & TF_MASK))
+    {
+        raise_exception(EXCP0D_GPF);
+void OPPROTO op_movw_eflags_T0_vm(void)
+{
+    int eflags;
+    eflags = T0;
+    CC_SRC = eflags & (CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
+    DF = 1 - (2 * ((eflags >> 10) & 1));
+    /* we also update some system flags as in user mode */
+    env->eflags = (env->eflags & ~(FL_UPDATE_MASK16 | VIF_MASK)) |
+        (eflags & FL_UPDATE_MASK16);
+    if (eflags & IF_MASK) {
+        env->eflags |= VIF_MASK;
+        if (env->eflags & VIP_MASK) {
+            EIP = PARAM1;
+            raise_exception(EXCP0D_GPF);
+        }
+    }
+    else
+    {
+        load_eflags(new_eflags, (TF_MASK | AC_MASK | ID_MASK | NT_MASK) & 0xffff);
+        if (new_eflags & IF_MASK)
+            env->eflags |= VIF_MASK;
+        else
+            env->eflags &= ~VIF_MASK;
+    }
+    FORCE_RET();
+}
+#endif
+#if 0
+    FORCE_RET();
+}
 void OPPROTO op_movl_eflags_T0_vm(void)
+{
 …
 #endif
+#else /* VBOX */
+/* IOPL != 3, CR4.VME=1 */
+void OPPROTO op_movw_eflags_T0_vme(void)
+{
+    unsigned int new_eflags = T0;
+    /* if virtual interrupt pending and (virtual) interrupts will be enabled -> #GP */
+    /* if TF will be set -> #GP */
+    if (    ((new_eflags & IF_MASK) && (env->eflags & VIP_MASK))
+        ||  (new_eflags & TF_MASK)) {
+        raise_exception(EXCP0D_GPF);
+    } else {
+        load_eflags(new_eflags, (TF_MASK | AC_MASK | ID_MASK | NT_MASK) & 0xffff);
+        if (new_eflags & IF_MASK) {
+            env->eflags |= VIF_MASK;
+        } else {
+            env->eflags &= ~VIF_MASK;
+        }
+    }
+    FORCE_RET();
+}
+#endif /* VBOX */
 /* XXX: compute only O flag */
 void OPPROTO op_movb_eflags_T0(void)
 …
 /* vm86plus version */
 #ifdef VBOX
+#ifdef VBOX /* #if 0 */
 void OPPROTO op_movl_T0_eflags_vme(void)
+{
 …
     T0 = eflags;
+}
 #endif
+#endif /* VBOX / 0 */
 void OPPROTO op_cld(void)
 …
     d = ST0;
     val = lrint(d);
+    val = floatx_to_int32(d, &env->fp_status);
     if (val != (int16_t)val)
         val = -32768;
 …
     d = ST0;
     val = lrint(d);
+    val = floatx_to_int32(d, &env->fp_status);
     stl(A0, val);
     FORCE_RET();
 …
     d = ST0;
+    val = llrint(d);
+    val = floatx_to_int64(d, &env->fp_status);
+    stq(A0, val);
+    FORCE_RET();
+}
+void OPPROTO op_fistt_ST0_A0(void)
+{
+#if defined(__sparc__) && !defined(__sparc_v9__)
+    register CPU86_LDouble d asm("o0");
+#else
+    CPU86_LDouble d;
+#endif
+    int val;
+    d = ST0;
+    val = floatx_to_int32_round_to_zero(d, &env->fp_status);
+    if (val != (int16_t)val)
+        val = -32768;
+    stw(A0, val);
+    FORCE_RET();
+}
+void OPPROTO op_fisttl_ST0_A0(void)
+{
+#if defined(__sparc__) && !defined(__sparc_v9__)
+    register CPU86_LDouble d asm("o0");
+#else
+    CPU86_LDouble d;
+#endif
+    int val;
+    d = ST0;
+    val = floatx_to_int32_round_to_zero(d, &env->fp_status);
+    stl(A0, val);
+    FORCE_RET();
+}
+void OPPROTO op_fisttll_ST0_A0(void)
+{
+#if defined(__sparc__) && !defined(__sparc_v9__)
+    register CPU86_LDouble d asm("o0");
+#else
+    CPU86_LDouble d;
+#endif
+    int64_t val;
+    d = ST0;
+    val = floatx_to_int64_round_to_zero(d, &env->fp_status);
     stq(A0, val);
     FORCE_RET();
 …
 /* FPU operations */
+/* XXX: handle nans */
+const int fcom_ccval[4] = {0x0100, 0x4000, 0x0000, 0x4500};
 void OPPROTO op_fcom_ST0_FT0(void)
+{
+    env->fpus &= (~0x4500);     /* (C3,C2,C0) <-- 000 */
+    if (ST0 < FT0)
+        env->fpus |= 0x100;     /* (C3,C2,C0) <-- 001 */
+    else if (ST0 == FT0)
+        env->fpus |= 0x4000; /* (C3,C2,C0) <-- 100 */
+    FORCE_RET();
+}
+/* XXX: handle nans */
+    int ret;
+    ret = floatx_compare(ST0, FT0, &env->fp_status);
+    env->fpus = (env->fpus & ~0x4500) | fcom_ccval[ret + 1];
+    FORCE_RET();
+}
 void OPPROTO op_fucom_ST0_FT0(void)
+{
     env->fpus &= (~0x4500);     /* (C3,C2,C0) <-- 000 */
+    if (ST0 < FT0)
         env->fpus |= 0x100;     /* (C3,C2,C0) <-- 001 */
     else if (ST0 == FT0)
         env->fpus |= 0x4000; /* (C3,C2,C0) <-- 100 */
+    FORCE_RET();
+}
+/* XXX: handle nans */
+    int ret;
+    ret = floatx_compare_quiet(ST0, FT0, &env->fp_status);
+    env->fpus = (env->fpus & ~0x4500) | fcom_ccval[ret+ 1];
+    FORCE_RET();
+}
+const int fcomi_ccval[4] = {CC_C, CC_Z, 0, CC_Z | CC_P | CC_C};
 void OPPROTO op_fcomi_ST0_FT0(void)
+{
     int eflags;
+    int ret;
+    ret = floatx_compare(ST0, FT0, &env->fp_status);
     eflags = cc_table[CC_OP].compute_all();
+    eflags &= ~(CC_Z | CC_P | CC_C);
+    if (ST0 < FT0)
+        eflags |= CC_C;
+    else if (ST0 == FT0)
+        eflags |= CC_Z;
+    eflags = (eflags & ~(CC_Z | CC_P | CC_C)) | fcomi_ccval[ret + 1];
     CC_SRC = eflags;
     FORCE_RET();
+}
-/* XXX: handle nans */
 void OPPROTO op_fucomi_ST0_FT0(void)
+{
     int eflags;
+    int ret;
+    ret = floatx_compare_quiet(ST0, FT0, &env->fp_status);
     eflags = cc_table[CC_OP].compute_all();
+    eflags &= ~(CC_Z | CC_P | CC_C);
+    if (ST0 < FT0)
+        eflags |= CC_C;
+    else if (ST0 == FT0)
+        eflags |= CC_Z;
+    eflags = (eflags & ~(CC_Z | CC_P | CC_C)) | fcomi_ccval[ret + 1];
     CC_SRC = eflags;
     FORCE_RET();
 …
 void OPPROTO op_fchs_ST0(void)
+{
     ST0 = -ST0;
+    ST0 = floatx_chs(ST0);
+}
 void OPPROTO op_fabs_ST0(void)
+{
     ST0 = fabs(ST0);
+    ST0 = floatx_abs(ST0);
+}
 …
 void OPPROTO op_fldcw_A0(void)
+{
-    int rnd_type;
     env->fpuc = lduw(A0);
+    /* set rounding mode */
+    switch(env->fpuc & RC_MASK) {
+    default:
+    case RC_NEAR:
+        rnd_type = FE_TONEAREST;
+        break;
+    case RC_DOWN:
+        rnd_type = FE_DOWNWARD;
+        break;
+    case RC_UP:
+        rnd_type = FE_UPWARD;
+        break;
+    case RC_CHOP:
+        rnd_type = FE_TOWARDZERO;
+        break;
+    }
+    fesetround(rnd_type);
+    update_fp_status();
+}
 …
 #define SHIFT 1
 #include "ops_sse.h"
+#ifdef VBOX
+/* Instantiate the structure signatures. */
+# define REM_STRUCT_OP 1
+# include "../InnoTek/structs.h"
+#endif

trunk/src/recompiler/target-i386/ops_sse.h

-              r1
+              r2422
+}
+#ifdef TARGET_X86_64
+void OPPROTO glue(op_movq_mm_T0, SUFFIX) (void)
+{
+    Reg *d;
+    d = (Reg *)((char *)env + PARAM1);
+    d->Q(0) = T0;
+#if SHIFT == 1
+    d->Q(1) = 0;
+#endif
+}
+void OPPROTO glue(op_movq_T0_mm, SUFFIX) (void)
+{
+    Reg *s;
+    s = (Reg *)((char *)env + PARAM1);
+    T0 = s->Q(0);
+}
+#endif
 #if SHIFT == 0
 void OPPROTO glue(op_pshufw, SUFFIX) (void)
+{
+#if __GCC__ == 3 || defined(__AMD64__)
     Reg r, *d, *s;
     int order;
 …
     r.W(3) = s->W((order >> 6) & 3);
     *d = r;
+#else
+    Reg *s;
+    int order;
+    uint32_t l0, l1;
+    s = (Reg *)((char *)env + PARAM2);
+    order = PARAM3;
+    l0 = s->W(order & 3);
+    l0 |= (uint32_t)s->W((order >> 2) & 3) << 16;
+    l1 = s->W((order >> 4) & 3);
+    l1 |= (uint32_t)s->W((order >> 6) & 3) << 16;
+    s = (Reg *)((char *)env + PARAM1);
+    s->_l[0] = l0;
+    s->_l[1] = l1;
+#endif
+}
 #else
 …
     d = (Reg *)((char *)env + PARAM1);\
     s = (Reg *)((char *)env + PARAM2);\
     d->XMM_S(0) = F(d->XMM_S(0), s->XMM_S(0));\
     d->XMM_S(1) = F(d->XMM_S(1), s->XMM_S(1));\
     d->XMM_S(2) = F(d->XMM_S(2), s->XMM_S(2));\
     d->XMM_S(3) = F(d->XMM_S(3), s->XMM_S(3));\
+    d->XMM_S(0) = F(32, d->XMM_S(0), s->XMM_S(0));\
+    d->XMM_S(1) = F(32, d->XMM_S(1), s->XMM_S(1));\
+    d->XMM_S(2) = F(32, d->XMM_S(2), s->XMM_S(2));\
+    d->XMM_S(3) = F(32, d->XMM_S(3), s->XMM_S(3));\
 }\
+\
 …
     d = (Reg *)((char *)env + PARAM1);\
     s = (Reg *)((char *)env + PARAM2);\
     d->XMM_S(0) = F(d->XMM_S(0), s->XMM_S(0));\
+    d->XMM_S(0) = F(32, d->XMM_S(0), s->XMM_S(0));\
 }\
 void OPPROTO op_ ## name ## pd (void)\
 …
     d = (Reg *)((char *)env + PARAM1);\
     s = (Reg *)((char *)env + PARAM2);\
     d->XMM_D(0) = F(d->XMM_D(0), s->XMM_D(0));\
     d->XMM_D(1) = F(d->XMM_D(1), s->XMM_D(1));\
+    d->XMM_D(0) = F(64, d->XMM_D(0), s->XMM_D(0));\
+    d->XMM_D(1) = F(64, d->XMM_D(1), s->XMM_D(1));\
 }\
+\
 …
     d = (Reg *)((char *)env + PARAM1);\
     s = (Reg *)((char *)env + PARAM2);\
     d->XMM_D(0) = F(d->XMM_D(0), s->XMM_D(0));\
+}
 #define FPU_ADD(a, b) (a) + (b)
 #define FPU_SUB(a, b) (a) - (b)
 #define FPU_MUL(a, b) (a) * (b)
 #define FPU_DIV(a, b) (a) / (b)
 #define FPU_MIN(a, b) (a) < (b) ? (a) : (b)
 #define FPU_MAX(a, b) (a) > (b) ? (a) : (b)
 #define FPU_SQRT(a, b) helper_sqrt(b)
+    d->XMM_D(0) = F(64, d->XMM_D(0), s->XMM_D(0));\
+}
+#define FPU_ADD(size, a, b) float ## size ## _add(a, b, &env->sse_status)
+#define FPU_SUB(size, a, b) float ## size ## _sub(a, b, &env->sse_status)
+#define FPU_MUL(size, a, b) float ## size ## _mul(a, b, &env->sse_status)
+#define FPU_DIV(size, a, b) float ## size ## _div(a, b, &env->sse_status)
+#define FPU_MIN(size, a, b) (a) < (b) ? (a) : (b)
+#define FPU_MAX(size, a, b) (a) > (b) ? (a) : (b)
+#define FPU_SQRT(size, a, b) float ## size ## _sqrt(b, &env->sse_status)
 SSE_OP_S(add, FPU_ADD)
 …
 void OPPROTO op_cvtps2pd(void)
+{
     float s0, s1;
+    float32 s0, s1;
     Reg *d, *s;
     d = (Reg *)((char *)env + PARAM1);
 …
     s0 = s->XMM_S(0);
     s1 = s->XMM_S(1);
     d->XMM_D(0) = float32_to_float64(s0);
     d->XMM_D(1) = float32_to_float64(s1);
+    d->XMM_D(0) = float32_to_float64(s0, &env->sse_status);
+    d->XMM_D(1) = float32_to_float64(s1, &env->sse_status);
+}
 …
     d = (Reg *)((char *)env + PARAM1);
     s = (Reg *)((char *)env + PARAM2);
     d->XMM_S(0) = float64_to_float32(s->XMM_D(0));
     d->XMM_S(1) = float64_to_float32(s->XMM_D(1));
+    d->XMM_S(0) = float64_to_float32(s->XMM_D(0), &env->sse_status);
+    d->XMM_S(1) = float64_to_float32(s->XMM_D(1), &env->sse_status);
     d->Q(1) = 0;
+}
 …
     d = (Reg *)((char *)env + PARAM1);
     s = (Reg *)((char *)env + PARAM2);
     d->XMM_D(0) = float32_to_float64(s->XMM_S(0));
+    d->XMM_D(0) = float32_to_float64(s->XMM_S(0), &env->sse_status);
+}
 …
     d = (Reg *)((char *)env + PARAM1);
     s = (Reg *)((char *)env + PARAM2);
     d->XMM_S(0) = float64_to_float32(s->XMM_D(0));
+    d->XMM_S(0) = float64_to_float32(s->XMM_D(0), &env->sse_status);
+}
 …
     XMMReg *d = (XMMReg *)((char *)env + PARAM1);
     XMMReg *s = (XMMReg *)((char *)env + PARAM2);
     d->XMM_S(0) = int32_to_float32(s->XMM_L(0));
     d->XMM_S(1) = int32_to_float32(s->XMM_L(1));
     d->XMM_S(2) = int32_to_float32(s->XMM_L(2));
     d->XMM_S(3) = int32_to_float32(s->XMM_L(3));
+    d->XMM_S(0) = int32_to_float32(s->XMM_L(0), &env->sse_status);
+    d->XMM_S(1) = int32_to_float32(s->XMM_L(1), &env->sse_status);
+    d->XMM_S(2) = int32_to_float32(s->XMM_L(2), &env->sse_status);
+    d->XMM_S(3) = int32_to_float32(s->XMM_L(3), &env->sse_status);
+}
 …
     l0 = (int32_t)s->XMM_L(0);
     l1 = (int32_t)s->XMM_L(1);
     d->XMM_D(0) = int32_to_float64(l0);
     d->XMM_D(1) = int32_to_float64(l1);
+    d->XMM_D(0) = int32_to_float64(l0, &env->sse_status);
+    d->XMM_D(1) = int32_to_float64(l1, &env->sse_status);
+}
 …
     XMMReg *d = (Reg *)((char *)env + PARAM1);
     MMXReg *s = (MMXReg *)((char *)env + PARAM2);
     d->XMM_S(0) = int32_to_float32(s->MMX_L(0));
     d->XMM_S(1) = int32_to_float32(s->MMX_L(1));
+    d->XMM_S(0) = int32_to_float32(s->MMX_L(0), &env->sse_status);
+    d->XMM_S(1) = int32_to_float32(s->MMX_L(1), &env->sse_status);
+}
 …
     XMMReg *d = (Reg *)((char *)env + PARAM1);
     MMXReg *s = (MMXReg *)((char *)env + PARAM2);
     d->XMM_D(0) = int32_to_float64(s->MMX_L(0));
     d->XMM_D(1) = int32_to_float64(s->MMX_L(1));
+    d->XMM_D(0) = int32_to_float64(s->MMX_L(0), &env->sse_status);
+    d->XMM_D(1) = int32_to_float64(s->MMX_L(1), &env->sse_status);
+}
 …
+{
     XMMReg *d = (Reg *)((char *)env + PARAM1);
     d->XMM_S(0) = int32_to_float32(T0);
+    d->XMM_S(0) = int32_to_float32(T0, &env->sse_status);
+}
 …
+{
     XMMReg *d = (Reg *)((char *)env + PARAM1);
     d->XMM_D(0) = int32_to_float64(T0);
+    d->XMM_D(0) = int32_to_float64(T0, &env->sse_status);
+}
 …
+{
     XMMReg *d = (Reg *)((char *)env + PARAM1);
     d->XMM_S(0) = int64_to_float32(T0);
+    d->XMM_S(0) = int64_to_float32(T0, &env->sse_status);
+}
 …
+{
     XMMReg *d = (Reg *)((char *)env + PARAM1);
     d->XMM_D(0) = int64_to_float64(T0);
+    d->XMM_D(0) = int64_to_float64(T0, &env->sse_status);
+}
 #endif
 …
     XMMReg *d = (XMMReg *)((char *)env + PARAM1);
     XMMReg *s = (XMMReg *)((char *)env + PARAM2);
     d->XMM_L(0) = lrint(s->XMM_S(0));
     d->XMM_L(1) = lrint(s->XMM_S(1));
     d->XMM_L(2) = lrint(s->XMM_S(2));
     d->XMM_L(3) = lrint(s->XMM_S(3));
+    d->XMM_L(0) = float32_to_int32(s->XMM_S(0), &env->sse_status);
+    d->XMM_L(1) = float32_to_int32(s->XMM_S(1), &env->sse_status);
+    d->XMM_L(2) = float32_to_int32(s->XMM_S(2), &env->sse_status);
+    d->XMM_L(3) = float32_to_int32(s->XMM_S(3), &env->sse_status);
+}
 …
     XMMReg *d = (XMMReg *)((char *)env + PARAM1);
     XMMReg *s = (XMMReg *)((char *)env + PARAM2);
     d->XMM_L(0) = lrint(s->XMM_D(0));
     d->XMM_L(1) = lrint(s->XMM_D(1));
+    d->XMM_L(0) = float64_to_int32(s->XMM_D(0), &env->sse_status);
+    d->XMM_L(1) = float64_to_int32(s->XMM_D(1), &env->sse_status);
     d->XMM_Q(1) = 0;
+}
 …
     MMXReg *d = (MMXReg *)((char *)env + PARAM1);
     XMMReg *s = (XMMReg *)((char *)env + PARAM2);
     d->MMX_L(0) = lrint(s->XMM_S(0));
     d->MMX_L(1) = lrint(s->XMM_S(1));
+    d->MMX_L(0) = float32_to_int32(s->XMM_S(0), &env->sse_status);
+    d->MMX_L(1) = float32_to_int32(s->XMM_S(1), &env->sse_status);
+}
 …
     MMXReg *d = (MMXReg *)((char *)env + PARAM1);
     XMMReg *s = (XMMReg *)((char *)env + PARAM2);
     d->MMX_L(0) = lrint(s->XMM_D(0));
     d->MMX_L(1) = lrint(s->XMM_D(1));
+    d->MMX_L(0) = float64_to_int32(s->XMM_D(0), &env->sse_status);
+    d->MMX_L(1) = float64_to_int32(s->XMM_D(1), &env->sse_status);
+}
 …
+{
     XMMReg *s = (XMMReg *)((char *)env + PARAM1);
     T0 = (int32_t)lrint(s->XMM_S(0));
+    T0 = float32_to_int32(s->XMM_S(0), &env->sse_status);
+}
 …
+{
     XMMReg *s = (XMMReg *)((char *)env + PARAM1);
     T0 = (int32_t)lrint(s->XMM_D(0));
+    T0 = float64_to_int32(s->XMM_D(0), &env->sse_status);
+}
 …
+{
     XMMReg *s = (XMMReg *)((char *)env + PARAM1);
     T0 = llrint(s->XMM_S(0));
+    T0 = float32_to_int64(s->XMM_S(0), &env->sse_status);
+}
 …
+{
     XMMReg *s = (XMMReg *)((char *)env + PARAM1);
     T0 = llrint(s->XMM_D(0));
+    T0 = float64_to_int64(s->XMM_D(0), &env->sse_status);
+}
 #endif
 …
     XMMReg *d = (XMMReg *)((char *)env + PARAM1);
     XMMReg *s = (XMMReg *)((char *)env + PARAM2);
     d->XMM_L(0) = (int32_t)s->XMM_S(0);
     d->XMM_L(1) = (int32_t)s->XMM_S(1);
     d->XMM_L(2) = (int32_t)s->XMM_S(2);
     d->XMM_L(3) = (int32_t)s->XMM_S(3);
+    d->XMM_L(0) = float32_to_int32_round_to_zero(s->XMM_S(0), &env->sse_status);
+    d->XMM_L(1) = float32_to_int32_round_to_zero(s->XMM_S(1), &env->sse_status);
+    d->XMM_L(2) = float32_to_int32_round_to_zero(s->XMM_S(2), &env->sse_status);
+    d->XMM_L(3) = float32_to_int32_round_to_zero(s->XMM_S(3), &env->sse_status);
+}
 …
     XMMReg *d = (XMMReg *)((char *)env + PARAM1);
     XMMReg *s = (XMMReg *)((char *)env + PARAM2);
     d->XMM_L(0) = (int32_t)s->XMM_D(0);
     d->XMM_L(1) = (int32_t)s->XMM_D(1);
+    d->XMM_L(0) = float64_to_int32_round_to_zero(s->XMM_D(0), &env->sse_status);
+    d->XMM_L(1) = float64_to_int32_round_to_zero(s->XMM_D(1), &env->sse_status);
     d->XMM_Q(1) = 0;
+}
 …
     MMXReg *d = (MMXReg *)((char *)env + PARAM1);
     XMMReg *s = (XMMReg *)((char *)env + PARAM2);
     d->MMX_L(0) = (int32_t)(s->XMM_S(0));
     d->MMX_L(1) = (int32_t)(s->XMM_S(1));
+    d->MMX_L(0) = float32_to_int32_round_to_zero(s->XMM_S(0), &env->sse_status);
+    d->MMX_L(1) = float32_to_int32_round_to_zero(s->XMM_S(1), &env->sse_status);
+}
 …
     MMXReg *d = (MMXReg *)((char *)env + PARAM1);
     XMMReg *s = (XMMReg *)((char *)env + PARAM2);
     d->MMX_L(0) = (int32_t)(s->XMM_D(0));
     d->MMX_L(1) = (int32_t)(s->XMM_D(1));
+    d->MMX_L(0) = float64_to_int32_round_to_zero(s->XMM_D(0), &env->sse_status);
+    d->MMX_L(1) = float64_to_int32_round_to_zero(s->XMM_D(1), &env->sse_status);
+}
 …
+{
     XMMReg *s = (XMMReg *)((char *)env + PARAM1);
     T0 = (int32_t)(s->XMM_S(0));
+    T0 = float32_to_int32_round_to_zero(s->XMM_S(0), &env->sse_status);
+}
 …
+{
     XMMReg *s = (XMMReg *)((char *)env + PARAM1);
     T0 = (int32_t)(s->XMM_D(0));
+    T0 = float64_to_int32_round_to_zero(s->XMM_D(0), &env->sse_status);
+}
 …
+{
     XMMReg *s = (XMMReg *)((char *)env + PARAM1);
     T0 = (int64_t)(s->XMM_S(0));
+    T0 = float32_to_int64_round_to_zero(s->XMM_S(0), &env->sse_status);
+}
 …
+{
     XMMReg *s = (XMMReg *)((char *)env + PARAM1);
     T0 = (int64_t)(s->XMM_D(0));
+    T0 = float64_to_int64_round_to_zero(s->XMM_D(0), &env->sse_status);
+}
 #endif
 …
     d = (Reg *)((char *)env + PARAM1);\
     s = (Reg *)((char *)env + PARAM2);\
     d->XMM_L(0) = F(d->XMM_S(0), s->XMM_S(0));\
     d->XMM_L(1) = F(d->XMM_S(1), s->XMM_S(1));\
     d->XMM_L(2) = F(d->XMM_S(2), s->XMM_S(2));\
     d->XMM_L(3) = F(d->XMM_S(3), s->XMM_S(3));\
+    d->XMM_L(0) = F(32, d->XMM_S(0), s->XMM_S(0));\
+    d->XMM_L(1) = F(32, d->XMM_S(1), s->XMM_S(1));\
+    d->XMM_L(2) = F(32, d->XMM_S(2), s->XMM_S(2));\
+    d->XMM_L(3) = F(32, d->XMM_S(3), s->XMM_S(3));\
 }\
+\
 …
     d = (Reg *)((char *)env + PARAM1);\
     s = (Reg *)((char *)env + PARAM2);\
     d->XMM_L(0) = F(d->XMM_S(0), s->XMM_S(0));\
+    d->XMM_L(0) = F(32, d->XMM_S(0), s->XMM_S(0));\
 }\
 void OPPROTO op_ ## name ## pd (void)\
 …
     d = (Reg *)((char *)env + PARAM1);\
     s = (Reg *)((char *)env + PARAM2);\
     d->XMM_Q(0) = F(d->XMM_D(0), s->XMM_D(0));\
     d->XMM_Q(1) = F(d->XMM_D(1), s->XMM_D(1));\
+    d->XMM_Q(0) = F(64, d->XMM_D(0), s->XMM_D(0));\
+    d->XMM_Q(1) = F(64, d->XMM_D(1), s->XMM_D(1));\
 }\
+\
 …
     d = (Reg *)((char *)env + PARAM1);\
     s = (Reg *)((char *)env + PARAM2);\
     d->XMM_Q(0) = F(d->XMM_D(0), s->XMM_D(0));\
+}
 #define FPU_CMPEQ(a, b) (a) == (b) ? -1 : 0
 #define FPU_CMPLT(a, b) (a) < (b) ? -1 : 0
 #define FPU_CMPLE(a, b) (a) <= (b) ? -1 : 0
 #define FPU_CMPUNORD(a, b) (fpu_isnan(a) || fpu_isnan(b)) ? - 1 : 0
 #define FPU_CMPNEQ(a, b) (a) == (b) ? 0 : -1
 #define FPU_CMPNLT(a, b) (a) < (b) ? 0 : -1
 #define FPU_CMPNLE(a, b) (a) <= (b) ? 0 : -1
 #define FPU_CMPORD(a, b) (!fpu_isnan(a) && !fpu_isnan(b)) ? - 1 : 0
+    d->XMM_Q(0) = F(64, d->XMM_D(0), s->XMM_D(0));\
+}
+#define FPU_CMPEQ(size, a, b) float ## size ## _eq(a, b, &env->sse_status) ? -1 : 0
+#define FPU_CMPLT(size, a, b) float ## size ## _lt(a, b, &env->sse_status) ? -1 : 0
+#define FPU_CMPLE(size, a, b) float ## size ## _le(a, b, &env->sse_status) ? -1 : 0
+#define FPU_CMPUNORD(size, a, b) float ## size ## _unordered(a, b, &env->sse_status) ? - 1 : 0
+#define FPU_CMPNEQ(size, a, b) float ## size ## _eq(a, b, &env->sse_status) ? 0 : -1
+#define FPU_CMPNLT(size, a, b) float ## size ## _lt(a, b, &env->sse_status) ? 0 : -1
+#define FPU_CMPNLE(size, a, b) float ## size ## _le(a, b, &env->sse_status) ? 0 : -1
+#define FPU_CMPORD(size, a, b) float ## size ## _unordered(a, b, &env->sse_status) ? 0 : -1
 SSE_OP_CMP(cmpeq, FPU_CMPEQ)
 …
 SSE_OP_CMP(cmpord, FPU_CMPORD)
+const int comis_eflags[4] = {CC_C, CC_Z, 0, CC_Z | CC_P | CC_C};
 void OPPROTO op_ucomiss(void)
+{
     int eflags;
     float s0, s1;
+    int ret;
+    float32 s0, s1;
     Reg *d, *s;
     d = (Reg *)((char *)env + PARAM1);
 …
     s0 = d->XMM_S(0);
     s1 = s->XMM_S(0);
+    if (s0 < s1)
+        eflags = CC_C;
+    else if (s0 == s1)
+        eflags = CC_Z;
+    else
+        eflags = 0;
+    CC_SRC = eflags;
+    ret = float32_compare_quiet(s0, s1, &env->sse_status);
+    CC_SRC = comis_eflags[ret + 1];
     FORCE_RET();
+}
 …
 void OPPROTO op_comiss(void)
+{
     int eflags;
     float s0, s1;
+    int ret;
+    float32 s0, s1;
     Reg *d, *s;
     d = (Reg *)((char *)env + PARAM1);
 …
     s0 = d->XMM_S(0);
     s1 = s->XMM_S(0);
+    if (s0 < s1)
+        eflags = CC_C;
+    else if (s0 == s1)
+        eflags = CC_Z;
+    else
+        eflags = 0;
+    CC_SRC = eflags;
+    ret = float32_compare(s0, s1, &env->sse_status);
+    CC_SRC = comis_eflags[ret + 1];
     FORCE_RET();
+}
 …
 void OPPROTO op_ucomisd(void)
+{
     int eflags;
     double d0, d1;
+    int ret;
+    float64 d0, d1;
     Reg *d, *s;
     d = (Reg *)((char *)env + PARAM1);
 …
     d0 = d->XMM_D(0);
     d1 = s->XMM_D(0);
+    if (d0 < d1)
+        eflags = CC_C;
+    else if (d0 == d1)
+        eflags = CC_Z;
+    else
+        eflags = 0;
+    CC_SRC = eflags;
+    ret = float64_compare_quiet(d0, d1, &env->sse_status);
+    CC_SRC = comis_eflags[ret + 1];
     FORCE_RET();
+}
 …
 void OPPROTO op_comisd(void)
+{
     int eflags;
     double d0, d1;
+    int ret;
+    float64 d0, d1;
     Reg *d, *s;
     d = (Reg *)((char *)env + PARAM1);
 …
     d0 = d->XMM_D(0);
     d1 = s->XMM_D(0);
+    if (d0 < d1)
+        eflags = CC_C;
+    else if (d0 == d1)
+        eflags = CC_Z;
+    else
+        eflags = 0;
+    CC_SRC = eflags;
+    ret = float64_compare(d0, d1, &env->sse_status);
+    CC_SRC = comis_eflags[ret + 1];
     FORCE_RET();
+}

trunk/src/recompiler/target-i386/ops_template_mem.h

r1	r2422
75	75
76	76	if (T1 & SHIFT1_MASK) {
77		count = T1 & SHIFT_MASK;
	77	count = T1 & SHIFT_MASK;
78	78	src = T0;
79	79	T0 &= DATA_MASK;

trunk/src/recompiler/target-i386/translate.c

-              r1514
+              r2422
 #include <string.h>
 #include <inttypes.h>
+#ifndef VBOX
 #include <signal.h>
 #include <assert.h>
+#endif /* !VBOX */
 #include "cpu.h"
 …
         gen_op_shldw ## SUFFIX ## _T0_T1_ ## op ## _cc,\
         gen_op_shrdw ## SUFFIX ## _T0_T1_ ## op ## _cc,\
     },\
+     },\
     {\
         gen_op_shldl ## SUFFIX ## _T0_T1_ ## op ## _cc,\
 …
 #ifdef VBOX
     gen_check_external_event();
 #endif
+#endif /* VBOX */
 #ifdef TARGET_X86_64
     if (pc == (uint32_t)pc) {
 …
     *reg_ptr = opreg;
     *offset_ptr = disp;
+}
+static void gen_nop_modrm(DisasContext *s, int modrm)
+{
+    int mod, rm, base, code;
+    mod = (modrm >> 6) & 3;
+    if (mod == 3)
+        return;
+    rm = modrm & 7;
+    if (s->aflag) {
+        base = rm;
+        if (base == 4) {
+            code = ldub_code(s->pc++);
+            base = (code & 7);
+        }
+        switch (mod) {
+        case 0:
+            if (base == 5) {
+                s->pc += 4;
+            }
+            break;
+        case 1:
+            s->pc++;
+            break;
+        default:
+        case 2:
+            s->pc += 4;
+            break;
+        }
+    } else {
+        switch (mod) {
+        case 0:
+            if (rm == 6) {
+                s->pc += 2;
+            }
+            break;
+        case 1:
+            s->pc++;
+            break;
+        default:
+        case 2:
+            s->pc += 2;
+            break;
+        }
+    }
+}
 …
         case 0x12b: /* movntps */
         case 0x3f0: /* lddqu */
             if (mod == 3)
+            if (mod == 3)
                 goto illegal_op;
             gen_lea_modrm(s, modrm, &reg_addr, &offset_addr);
 …
             break;
         case 0x6e: /* movd mm, ea */
+            gen_ldst_modrm(s, modrm, OT_LONG, OR_TMP0, 0);
+            gen_op_movl_mm_T0_mmx(offsetof(CPUX86State,fpregs[reg].mmx));
+#ifdef TARGET_X86_64
+            if (s->dflag == 2) {
+                gen_ldst_modrm(s, modrm, OT_QUAD, OR_TMP0, 0);
+                gen_op_movq_mm_T0_mmx(offsetof(CPUX86State,fpregs[reg].mmx));
+            } else
+#endif
+            {
+                gen_ldst_modrm(s, modrm, OT_LONG, OR_TMP0, 0);
+                gen_op_movl_mm_T0_mmx(offsetof(CPUX86State,fpregs[reg].mmx));
+            }
             break;
         case 0x16e: /* movd xmm, ea */
+            gen_ldst_modrm(s, modrm, OT_LONG, OR_TMP0, 0);
+            gen_op_movl_mm_T0_xmm(offsetof(CPUX86State,xmm_regs[reg]));
+#ifdef TARGET_X86_64
+            if (s->dflag == 2) {
+                gen_ldst_modrm(s, modrm, OT_QUAD, OR_TMP0, 0);
+                gen_op_movq_mm_T0_xmm(offsetof(CPUX86State,xmm_regs[reg]));
+            } else
+#endif
+            {
+                gen_ldst_modrm(s, modrm, OT_LONG, OR_TMP0, 0);
+                gen_op_movl_mm_T0_xmm(offsetof(CPUX86State,xmm_regs[reg]));
+            }
             break;
         case 0x6f: /* movq mm, ea */
 …
             break;
         case 0x7e: /* movd ea, mm */
+            gen_op_movl_T0_mm_mmx(offsetof(CPUX86State,fpregs[reg].mmx));
+            gen_ldst_modrm(s, modrm, OT_LONG, OR_TMP0, 1);
+#ifdef TARGET_X86_64
+            if (s->dflag == 2) {
+                gen_op_movq_T0_mm_mmx(offsetof(CPUX86State,fpregs[reg].mmx));
+                gen_ldst_modrm(s, modrm, OT_QUAD, OR_TMP0, 1);
+            } else
+#endif
+            {
+                gen_op_movl_T0_mm_mmx(offsetof(CPUX86State,fpregs[reg].mmx));
+                gen_ldst_modrm(s, modrm, OT_LONG, OR_TMP0, 1);
+            }
             break;
         case 0x17e: /* movd ea, xmm */
+            gen_op_movl_T0_mm_xmm(offsetof(CPUX86State,xmm_regs[reg]));
+            gen_ldst_modrm(s, modrm, OT_LONG, OR_TMP0, 1);
+#ifdef TARGET_X86_64
+            if (s->dflag == 2) {
+                gen_op_movq_T0_mm_xmm(offsetof(CPUX86State,xmm_regs[reg]));
+                gen_ldst_modrm(s, modrm, OT_QUAD, OR_TMP0, 1);
+            } else
+#endif
+            {
+                gen_op_movl_T0_mm_xmm(offsetof(CPUX86State,xmm_regs[reg]));
+                gen_ldst_modrm(s, modrm, OT_LONG, OR_TMP0, 1);
+            }
             break;
         case 0x27e: /* movq xmm, ea */
 …
         case 0x2d6: /* movq2dq */
             gen_op_enter_mmx();
             rm = (modrm & 7) | REX_B(s);
             gen_op_movq(offsetof(CPUX86State,xmm_regs[rm].XMM_Q(0)),
                         offsetof(CPUX86State,fpregs[reg & 7].mmx));
             gen_op_movq_env_0(offsetof(CPUX86State,xmm_regs[rm].XMM_Q(1)));
+            rm = (modrm & 7);
+            gen_op_movq(offsetof(CPUX86State,xmm_regs[reg].XMM_Q(0)),
+                        offsetof(CPUX86State,fpregs[rm].mmx));
+            gen_op_movq_env_0(offsetof(CPUX86State,xmm_regs[reg].XMM_Q(1)));
             break;
         case 0x3d6: /* movdq2q */
             gen_op_enter_mmx();
             rm = (modrm & 7);
             gen_op_movq(offsetof(CPUX86State,fpregs[rm].mmx),
                         offsetof(CPUX86State,xmm_regs[reg].XMM_Q(0)));
+            rm = (modrm & 7) | REX_B(s);
+            gen_op_movq(offsetof(CPUX86State,fpregs[reg & 7].mmx),
+                        offsetof(CPUX86State,xmm_regs[rm].XMM_Q(0)));
             break;
         case 0xd7: /* pmovmskb */
 …
                 gen_lea_modrm(s, modrm, &reg_addr, &offset_addr);
                 op2_offset = offsetof(CPUX86State,xmm_t0);
                 if (b1 >= 2 && ((b >= 0x50 && b <= 0x5f) ||
+                if (b1 >= 2 && ((b >= 0x50 && b <= 0x5f && b != 0x5b) ||
                                 b == 0xc2)) {
                     /* specific case for SSE single instructions */
 …
             case 0x0a: /* fsts */
             case 0x0b: /* fstps */
+            case 0x18: /* fildl */
+            case 0x1a: /* fistl */
+            case 0x1b: /* fistpl */
+            case 0x28: /* fldl */
+            case 0x2a: /* fstl */
+            case 0x2b: /* fstpl */
+            case 0x38: /* filds */
+            case 0x3a: /* fists */
+            case 0x3b: /* fistps */
+            case 0x18 ... 0x1b: /* fildl, fisttpl, fistl, fistpl */
+            case 0x28 ... 0x2b: /* fldl, fisttpll, fstl, fstpl */
+            case 0x38 ... 0x3b: /* filds, fisttps, fists, fistps */
                 switch(op & 7) {
                 case 0:
 …
                         break;
+                    }
+                    break;
+                case 1:
+                    switch(op >> 4) {
+                    case 1:
+                        gen_op_fisttl_ST0_A0();
+                        break;
+                    case 2:
+                        gen_op_fisttll_ST0_A0();
+                        break;
+                    case 3:
+                    default:
+                        gen_op_fistt_ST0_A0();
+                    }
+                    gen_op_fpop();
                     break;
                 default:
 …
         if (s->vm86 && s->iopl != 3 && !s->vme) {
             gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
+        }
+        else
+        } else
 #endif
             gen_interrupt(s, EXCP03_INT3, pc_start - s->cs_base, s->pc - s->cs_base);
 …
         break;
     case 0xf1: /* icebp (undocumented, exits to external debugger) */
+#if 1
         gen_debug(s, pc_start - s->cs_base);
+#else
+        /* start debug */
+        tb_flush(cpu_single_env);
+        cpu_set_log(CPU_LOG_INT | CPU_LOG_TB_IN_ASM);
+#endif
         break;
     case 0xfa: /* cli */
 …
                 gen_op_cli();
 #ifdef VBOX
+            } else
+            if (s->iopl != 3 && s->vme) {
+            } else if (s->iopl != 3 && s->vme) {
                 gen_op_cli_vme();
 #endif
 …
                 goto gen_sti;
 #ifdef VBOX
+            } else
+            if (s->iopl != 3 && s->vme) {
+            } else if (s->iopl != 3 && s->vme) {
                 gen_op_sti_vme();
                 /* give a chance to handle pending irqs */
 …
                 if (mod == 3) {
 #ifdef TARGET_X86_64
                     if (CODE64(s) && (modrm & 7) == 0) {
+                    if (CODE64(s) && rm == 0) {
                         /* swapgs */
                         gen_op_movtl_T0_env(offsetof(CPUX86State,segs[R_GS].base));
 …
             /* nothing more to do */
             break;
+        default:
+            goto illegal_op;
+        }
+        default: /* nop (multi byte) */
+            gen_nop_modrm(s, modrm);
+            break;
+        }
+        break;
+    case 0x119 ... 0x11f: /* nop (multi byte) */
+        modrm = ldub_code(s->pc++);
+        gen_nop_modrm(s, modrm);
         break;
     case 0x120: /* mov reg, crN */
 …
         gen_lea_modrm(s, modrm, &reg_addr, &offset_addr);
         /* ignore for now */
+        break;
+    case 0x1aa: /* rsm */
+        if (!(s->flags & HF_SMM_MASK))
+            goto illegal_op;
+        if (s->cc_op != CC_OP_DYNAMIC) {
+            gen_op_set_cc_op(s->cc_op);
+            s->cc_op = CC_OP_DYNAMIC;
+        }
+        gen_jmp_im(s->pc - s->cs_base);
+        gen_op_rsm();
+        gen_eob(s);
         break;
     case 0x110 ... 0x117:
 …
             break;
+        }
 #endif
+#endif /* VBOX */
         /* if single step mode, we generate only one instruction and

trunk/src/recompiler/translate-all.c

-              r1
+              r2422
 #include "disas.h"
+extern int dyngen_code(uint8_t *gen_code_buf,
+                       uint16_t *label_offsets, uint16_t *jmp_offsets,
+                       const uint16_t *opc_buf, const uint32_t *opparam_buf, const long *gen_labels);
 enum {
 #define DEF(s, n, copy_size) INDEX_op_ ## s,
 …
 };
-#include "dyngen.h"
-#include "op.h"
 uint16_t gen_opc_buf[OPC_BUF_SIZE];
 uint32_t gen_opparam_buf[OPPARAM_BUF_SIZE];
 …
 #elif defined(TARGET_SPARC)
 target_ulong gen_opc_npc[OPC_BUF_SIZE];
+target_ulong gen_opc_jump_pc[2];
+#elif defined(TARGET_MIPS)
+uint32_t gen_opc_hflags[OPC_BUF_SIZE];
 #endif
 …
             return -1;
+        }
 #else
+#else /* !VBOX */
         if (gen_intermediate_code(env, tb) < 0)
             return -1;
+#endif
+#endif /* !VBOX */
         /* generate machine code */
         tb->tb_next_offset[0] = 0xffff;
 …
 #endif
                                     gen_opc_buf, gen_opparam_buf, gen_labels);
 #ifdef VBOX
         RAWEx_ProfileStop(env, STATS_QEMU_COMPILATION);
 …
     env->regs[15] = gen_opc_pc[j];
 #elif defined(TARGET_SPARC)
+    /* XXX: restore npc too */
+    env->pc = gen_opc_pc[j];
+    env->npc = gen_opc_npc[j];
+    {
+        target_ulong npc;
+        env->pc = gen_opc_pc[j];
+        npc = gen_opc_npc[j];
+        if (npc == 1) {
+            /* dynamic NPC: already stored */
+        } else if (npc == 2) {
+            target_ulong t2 = (target_ulong)puc;
+            /* jump PC: use T2 and the jump targets of the translation */
+            if (t2)
+                env->npc = gen_opc_jump_pc[0];
+            else
+                env->npc = gen_opc_jump_pc[1];
+        } else {
+            env->npc = npc;
+        }
+    }
 #elif defined(TARGET_PPC)
+    {
 …
         env->access_type = type;
+    }
+#elif defined(TARGET_M68K)
+    env->pc = gen_opc_pc[j];
+#elif defined(TARGET_MIPS)
+    env->PC = gen_opc_pc[j];
+    env->hflags &= ~MIPS_HFLAG_BMASK;
+    env->hflags |= gen_opc_hflags[j];
 #endif
     return 0;

trunk/src/recompiler/vl.h

-              r1
+              r2422
 #include <string.h>
 #include <inttypes.h>
+#ifndef VBOX
 #include <limits.h>
 #include <time.h>
 …
 #include <fcntl.h>
 #include <sys/stat.h>
-#ifndef VBOX
 #include "audio/audio.h"
 #endif
+#endif /* !VBOX */
 #ifndef O_LARGEFILE
 …
 #endif
+#ifndef ENOMEDIUM
+#define ENOMEDIUM ENODEV
+#endif
 #ifdef _WIN32
+#ifndef VBOX
+#include <windows.h>
+#define fsync _commit
 #define lseek _lseeki64
 #define ENOTSUP 4096
+/* XXX: find 64 bit version */
+#define ftruncate chsize
+extern int qemu_ftruncate64(int, int64_t);
+#define ftruncate qemu_ftruncate64
 static inline char *realpath(const char *path, char *resolved_path)
 …
     return resolved_path;
+}
+#define PRId64 "I64d"
+#define PRIx64 "I64x"
+#define PRIu64 "I64u"
+#define PRIo64 "I64o"
+#endif /* !VBOX */
 #endif
 …
 #else
+#ifndef VBOX
+#include "audio/audio.h"
+#endif /* !VBOX */
 #include "cpu.h"
 …
 # include <VBox/types.h>
 # include "REMInternal.h"
-# undef MIN
-# undef MAX
 #endif /* VBOX */
 …
 #endif
+/* vl.c */
+uint64_t muldiv64(uint64_t a, uint32_t b, uint32_t c);
+void hw_error(const char *fmt, ...);
+int get_image_size(const char *filename);
+int load_image(const char *filename, uint8_t *addr);
+extern const char *bios_dir;
+#ifndef MIN
+#define MIN(a, b) (((a) < (b)) ? (a) : (b))
+#endif
+#ifndef MAX
+#define MAX(a, b) (((a) > (b)) ? (a) : (b))
+#endif
+/* cutils.c */
 void pstrcpy(char *buf, int buf_size, const char *str);
 char *pstrcat(char *buf, int buf_size, const char *s);
 int strstart(const char *str, const char *val, const char **ptr);
+int stristart(const char *str, const char *val, const char **ptr);
+/* vl.c */
+uint64_t muldiv64(uint64_t a, uint32_t b, uint32_t c);
+void hw_error(const char *fmt, ...);
+extern const char *bios_dir;
 extern int vm_running;
+typedef struct vm_change_state_entry VMChangeStateEntry;
+typedef void VMChangeStateHandler(void *opaque, int running);
 typedef void VMStopHandler(void *opaque, int reason);
+VMChangeStateEntry *qemu_add_vm_change_state_handler(VMChangeStateHandler *cb,
+                                                     void *opaque);
+void qemu_del_vm_change_state_handler(VMChangeStateEntry *e);
 int qemu_add_vm_stop_handler(VMStopHandler *cb, void *opaque);
 …
 void qemu_system_reset_request(void);
 void qemu_system_shutdown_request(void);
+void qemu_system_powerdown_request(void);
+#if !defined(TARGET_SPARC)
+// Please implement a power failure function to signal the OS
+#define qemu_system_powerdown() do{}while(0)
+#else
+void qemu_system_powerdown(void);
+#endif
 void main_loop_wait(int timeout);
-extern int audio_enabled;
-extern int sb16_enabled;
-extern int adlib_enabled;
-extern int gus_enabled;
 extern int ram_size;
 extern int bios_size;
 extern int rtc_utc;
-#ifndef VBOX
 extern int cirrus_vga_enabled;
-#endif
 extern int graphic_width;
 extern int graphic_height;
 extern int graphic_depth;
 extern const char *keyboard_layout;
+extern int kqemu_allowed;
+extern int win2k_install_hack;
+extern int usb_enabled;
+extern int smp_cpus;
+extern int no_quit;
+extern int semihosting_enabled;
+extern int autostart;
+#ifndef VBOX
+#define MAX_OPTION_ROMS 16
+extern const char *option_rom[MAX_OPTION_ROMS];
+extern int nb_option_roms;
 /* XXX: make it dynamic */
+#if defined (TARGET_PPC)
+#define BIOS_SIZE (512 * 1024)
+#if defined (TARGET_PPC) || defined (TARGET_SPARC64)
+#define BIOS_SIZE ((512 + 32) * 1024)
+#elif defined(TARGET_MIPS)
+#define BIOS_SIZE (4 * 1024 * 1024)
 #else
 #define BIOS_SIZE ((256 + 64) * 1024)
 …
 typedef void QEMUPutMouseEvent(void *opaque, int dx, int dy, int dz, int buttons_state);
+typedef struct QEMUPutMouseEntry {
+    QEMUPutMouseEvent *qemu_put_mouse_event;
+    void *qemu_put_mouse_event_opaque;
+    int qemu_put_mouse_event_absolute;
+    char *qemu_put_mouse_event_name;
+    /* used internally by qemu for handling mice */
+    struct QEMUPutMouseEntry *next;
+} QEMUPutMouseEntry;
 void qemu_add_kbd_event_handler(QEMUPutKBDEvent *func, void *opaque);
+void qemu_add_mouse_event_handler(QEMUPutMouseEvent *func, void *opaque);
+QEMUPutMouseEntry *qemu_add_mouse_event_handler(QEMUPutMouseEvent *func,
+                                                void *opaque, int absolute,
+                                                const char *name);
+void qemu_remove_mouse_event_handler(QEMUPutMouseEntry *entry);
 void kbd_put_keycode(int keycode);
 void kbd_mouse_event(int dx, int dy, int dz, int buttons_state);
+int kbd_mouse_is_absolute(void);
+void do_info_mice(void);
+void do_mouse_set(int index);
 /* keysym is a unicode code except for special keys (see QEMU_KEY_xxx
 …
 typedef void IOReadHandler(void *opaque, const uint8_t *buf, int size);
 typedef int IOCanRWHandler(void *opaque);
+int qemu_add_fd_read_handler(int fd, IOCanRWHandler *fd_can_read,
+                             IOReadHandler *fd_read, void *opaque);
+void qemu_del_fd_read_handler(int fd);
+typedef void IOHandler(void *opaque);
+int qemu_set_fd_handler2(int fd,
+                         IOCanRWHandler *fd_read_poll,
+                         IOHandler *fd_read,
+                         IOHandler *fd_write,
+                         void *opaque);
+int qemu_set_fd_handler(int fd,
+                        IOHandler *fd_read,
+                        IOHandler *fd_write,
+                        void *opaque);
+/* Polling handling */
+/* return TRUE if no sleep should be done afterwards */
+typedef int PollingFunc(void *opaque);
+int qemu_add_polling_cb(PollingFunc *func, void *opaque);
+void qemu_del_polling_cb(PollingFunc *func, void *opaque);
+#ifdef _WIN32
+/* Wait objects handling */
+typedef void WaitObjectFunc(void *opaque);
+int qemu_add_wait_object(HANDLE handle, WaitObjectFunc *func, void *opaque);
+void qemu_del_wait_object(HANDLE handle, WaitObjectFunc *func, void *opaque);
+#endif
+typedef struct QEMUBH QEMUBH;
 /* character device */
 …
 #define CHR_EVENT_BREAK 0 /* serial break char */
 #define CHR_EVENT_FOCUS 1 /* focus to this terminal (modal input needed) */
+#define CHR_EVENT_RESET 2 /* new connection established */
+#define CHR_IOCTL_SERIAL_SET_PARAMS   1
+typedef struct {
+    int speed;
+    int parity;
+    int data_bits;
+    int stop_bits;
+} QEMUSerialSetParams;
+#define CHR_IOCTL_SERIAL_SET_BREAK    2
+#define CHR_IOCTL_PP_READ_DATA        3
+#define CHR_IOCTL_PP_WRITE_DATA       4
+#define CHR_IOCTL_PP_READ_CONTROL     5
+#define CHR_IOCTL_PP_WRITE_CONTROL    6
+#define CHR_IOCTL_PP_READ_STATUS      7
 typedef void IOEventHandler(void *opaque, int event);
 …
 typedef struct CharDriverState {
     int (*chr_write)(struct CharDriverState *s, const uint8_t *buf, int len);
+    void (*chr_add_read_handler)(struct CharDriverState *s,
+                                 IOCanRWHandler *fd_can_read,
+                                 IOReadHandler *fd_read, void *opaque);
+    void (*chr_update_read_handler)(struct CharDriverState *s);
+    int (*chr_ioctl)(struct CharDriverState *s, int cmd, void *arg);
     IOEventHandler *chr_event;
+    IOCanRWHandler *chr_can_read;
+    IOReadHandler *chr_read;
+    void *handler_opaque;
     void (*chr_send_event)(struct CharDriverState *chr, int event);
+    void (*chr_close)(struct CharDriverState *chr);
     void *opaque;
+    QEMUBH *bh;
 } CharDriverState;
+CharDriverState *qemu_chr_open(const char *filename);
 void qemu_chr_printf(CharDriverState *s, const char *fmt, ...);
 int qemu_chr_write(CharDriverState *s, const uint8_t *buf, int len);
 void qemu_chr_send_event(CharDriverState *s, int event);
+void qemu_chr_add_read_handler(CharDriverState *s,
+                               IOCanRWHandler *fd_can_read,
+                               IOReadHandler *fd_read, void *opaque);
+void qemu_chr_add_event_handler(CharDriverState *s, IOEventHandler *chr_event);
+void qemu_chr_add_handlers(CharDriverState *s,
+                           IOCanRWHandler *fd_can_read,
+                           IOReadHandler *fd_read,
+                           IOEventHandler *fd_event,
+                           void *opaque);
+int qemu_chr_ioctl(CharDriverState *s, int cmd, void *arg);
+void qemu_chr_reset(CharDriverState *s);
+int qemu_chr_can_read(CharDriverState *s);
+void qemu_chr_read(CharDriverState *s, uint8_t *buf, int len);
 /* consoles */
 …
 typedef struct TextConsole TextConsole;
+extern TextConsole *vga_console;
+TextConsole *graphic_console_init(DisplayState *ds);
+int is_active_console(TextConsole *s);
+typedef void (*vga_hw_update_ptr)(void *);
+typedef void (*vga_hw_invalidate_ptr)(void *);
+typedef void (*vga_hw_screen_dump_ptr)(void *, const char *);
+TextConsole *graphic_console_init(DisplayState *ds, vga_hw_update_ptr update,
+                                  vga_hw_invalidate_ptr invalidate,
+                                  vga_hw_screen_dump_ptr screen_dump,
+                                  void *opaque);
+void vga_hw_update(void);
+void vga_hw_invalidate(void);
+void vga_hw_screen_dump(const char *filename);
+int is_graphic_console(void);
 CharDriverState *text_console_init(DisplayState *ds);
 void console_select(unsigned int index);
-#ifdef VBOX
-void console_init(void);
-#endif
 /* serial ports */
 …
 extern CharDriverState *parallel_hds[MAX_PARALLEL_PORTS];
+/* network redirectors support */
+/* VLANs support */
+typedef struct VLANClientState VLANClientState;
+struct VLANClientState {
+    IOReadHandler *fd_read;
+    /* Packets may still be sent if this returns zero.  It's used to
+       rate-limit the slirp code.  */
+    IOCanRWHandler *fd_can_read;
+    void *opaque;
+    struct VLANClientState *next;
+    struct VLANState *vlan;
+    char info_str[256];
+};
+typedef struct VLANState {
+    int id;
+    VLANClientState *first_client;
+    struct VLANState *next;
+} VLANState;
+VLANState *qemu_find_vlan(int id);
+VLANClientState *qemu_new_vlan_client(VLANState *vlan,
+                                      IOReadHandler *fd_read,
+                                      IOCanRWHandler *fd_can_read,
+                                      void *opaque);
+int qemu_can_send_packet(VLANClientState *vc);
+void qemu_send_packet(VLANClientState *vc, const uint8_t *buf, int size);
+void qemu_handler_true(void *opaque);
+void do_info_network(void);
+/* TAP win32 */
+int tap_win32_init(VLANState *vlan, const char *ifname);
+/* NIC info */
 #define MAX_NICS 8
+typedef struct NetDriverState {
+    int index; /* index number in QEMU */
+typedef struct NICInfo {
     uint8_t macaddr[6];
+    char ifname[16];
+    void (*send_packet)(struct NetDriverState *nd,
+                        const uint8_t *buf, int size);
+    void (*add_read_packet)(struct NetDriverState *nd,
+                            IOCanRWHandler *fd_can_read,
+                            IOReadHandler *fd_read, void *opaque);
+    /* tun specific data */
+    int fd;
+    /* slirp specific data */
+} NetDriverState;
+    const char *model;
+    VLANState *vlan;
+} NICInfo;
 extern int nb_nics;
+extern NetDriverState nd_table[MAX_NICS];
+void qemu_send_packet(NetDriverState *nd, const uint8_t *buf, int size);
+void qemu_add_read_packet(NetDriverState *nd, IOCanRWHandler *fd_can_read,
+                          IOReadHandler *fd_read, void *opaque);
+extern NICInfo nd_table[MAX_NICS];
 /* timers */
-#if defined(VBOX)
-#include <VBox/tm.h>
-/* VBox wrappers */
-#define QEMUTimerCB                             FNTMTIMERQEMU
-typedef struct TMTIMER QEMUTimer;
-#define rt_clock                                THIS_SHALL_NOT_BE_USED//TMCLOCK_REAL
-#define vm_clock                                THIS_SHALL_NOT_BE_USED//TMCLOCK_VIRTUAL
-#define ticks_per_sec                           THIS_SHALL_NOT_BE_USED//TMCpuTicksPerSecond((PVM)cpu_single_env->pVM)
-#define qemu_get_clock(enmClock)                THIS_SHALL_NOT_BE_USED//TMR3Clock((PVM)cpu_single_env->pVM, enmClock)
-#define qemu_new_timer(clock, callback, user)   THIS_SHALL_NOT_BE_USED//(QEMUTimer *)TMR3TimerCreateExternal((PVM)cpu_single_env->pVM, clock, callback, user, __FUNCTION__ )
-#define qemu_free_timer(timer)                  THIS_SHALL_NOT_BE_USED//TMTimerDestroy(timer)
-#define qemu_del_timer(timer)                   THIS_SHALL_NOT_BE_USED//TMTimerStop(timer)
-#define qemu_mod_timer(timer, expire)           THIS_SHALL_NOT_BE_USED//TMTimerSet(timer, (uint64_t)expire)
-#define qemu_timer_pending(timer)               THIS_SHALL_NOT_BE_USED//TMTimerIsActive(timer)
-#define cpu_disable_ticks()                     THIS_SHALL_NOT_BE_USED//TMCpuTickPause((PVM)cpu_single_env->pVM)
-#define cpu_enable_ticks()                      THIS_SHALL_NOT_BE_USED//TMCpuTickResume((PVM)cpu_single_env->pVM)
-#define cpu_calibrate_ticks()                   THIS_SHALL_NOT_BE_USED//do {} while (0)
-#define init_timers()                           THIS_SHALL_NOT_BE_USED//do {} while (0)
-#define quit_timers()                           THIS_SHALL_NOT_BE_USED//do {} while (0)
-#else /* !VBOX */
 typedef struct QEMUClock QEMUClock;
 …
 extern int pit_min_timer_count;
+int64_t cpu_get_ticks(void);
 void cpu_enable_ticks(void);
 void cpu_disable_ticks(void);
-#endif /* !VBOX */
 /* VM Load/Save */
+#if defined(VBOX)
+#include <VBox/ssm.h>
+#include <VBox/err.h>
+typedef struct SSMHANDLE QEMUFile;
+#define qemu_put_buffer(f, pv, cb)                  THIS_SHALL_NOT_BE_USED//SSMR3PutMem((f), (pv), (cb))
+#define qemu_put_byte(f, u8)                        THIS_SHALL_NOT_BE_USED//SSMR3PutU8((f), (uint8_t)(u8))
+#define qemu_put_8s(f, pu8)                         THIS_SHALL_NOT_BE_USED//SSMR3PutU8((f), *(pu8))
+#define qemu_put_be16s(f, pu16)                     THIS_SHALL_NOT_BE_USED//SSMR3PutU32((f), *(pu16))
+#define qemu_put_be32s(f, pu32)                     THIS_SHALL_NOT_BE_USED//SSMR3PutU32((f), *(pu32))
+#define qemu_put_be64s(f, pu64)                     THIS_SHALL_NOT_BE_USED//SSMR3PutU64((f), *(pu64))
+#define qemu_put_be16(f, u16)                       THIS_SHALL_NOT_BE_USED//SSMR3PutU16((f), (uint16_t)(u16))
+#define qemu_put_be32(f, u32)                       THIS_SHALL_NOT_BE_USED//SSMR3PutU32((f), (uint32_t)(u32))
+#define qemu_put_be64(f, u64)                       THIS_SHALL_NOT_BE_USED//SSMR3PutU64((f), (uint64_t)(u64))
+#define qemu_get_8s(f, pu8)                         THIS_SHALL_NOT_BE_USED//SSMR3GetU8((f), (pu8))
+#define qemu_get_be16s(f, pu16)                     THIS_SHALL_NOT_BE_USED//SSMR3GetU16((f), (pu16))
+#define qemu_get_be32s(f, pu32)                     THIS_SHALL_NOT_BE_USED//SSMR3GetU32((f), (pu32))
+#define qemu_get_be64s(f, pu64)                     THIS_SHALL_NOT_BE_USED//SSMR3GetU64((f), (pu64))
+#if 0
+static inline int qemu_get_buffer(QEMUFile *f, uint8_t *buf, int size)
+{
+    int rc = SSMR3GetMem(f, buf, size);
+    return VBOX_SUCCESS(rc) ? size : 0;
+}
+static inline int qemu_get_byte(QEMUFile *f)
+{
+    uint8_t u8;
+    int rc = SSMR3GetU8(f, &u8);
+    return VBOX_SUCCESS(rc) ? (int)u8 : -1;
+}
+static inline unsigned int qemu_get_be16(QEMUFile *f)
+{
+    uint16_t u16;
+    int rc = SSMR3GetU16(f, &u16);
+    return VBOX_SUCCESS(rc) ? u16 : ~0;
+}
+static inline unsigned int qemu_get_be32(QEMUFile *f)
+{
+    uint32_t u32;
+    int rc = SSMR3GetU32(f, &u32);
+    return VBOX_SUCCESS(rc) ? u32 : ~0;
+}
+static inline uint64_t qemu_get_be64(QEMUFile *f)
+{
+    uint64_t u64;
+    int rc = SSMR3GetU64(f, &u64);
+    return VBOX_SUCCESS(rc) ? u64 : ~0;
+}
+#define qemu_put_timer(f, ts)   TMR3TimerSave((ts), (f))
+#define qemu_get_timer(f, ts)   TMR3TimerLoad((ts), (f))
+typedef void SaveStateHandler(QEMUFile *f, void *opaque);
+typedef int LoadStateHandler(QEMUFile *f, void *opaque, int version_id);
+int register_savevm(const char *idstr,
+                    int instance_id,
+                    int version_id,
+                    SaveStateHandler *save_state,
+                    LoadStateHandler *load_state,
+                    void *opaque);
+#endif /* not used */
+#else /* !VBOX */
+typedef FILE QEMUFile;
+typedef struct QEMUFile QEMUFile;
+QEMUFile *qemu_fopen(const char *filename, const char *mode);
+void qemu_fflush(QEMUFile *f);
+void qemu_fclose(QEMUFile *f);
 void qemu_put_buffer(QEMUFile *f, const uint8_t *buf, int size);
 void qemu_put_byte(QEMUFile *f, int v);
 …
 typedef int LoadStateHandler(QEMUFile *f, void *opaque, int version_id);
-int qemu_loadvm(const char *filename);
-int qemu_savevm(const char *filename);
 int register_savevm(const char *idstr,
                     int instance_id,
 …
 void qemu_get_timer(QEMUFile *f, QEMUTimer *ts);
 void qemu_put_timer(QEMUFile *f, QEMUTimer *ts);
+#endif /* !VBOX */
+void cpu_save(QEMUFile *f, void *opaque);
+int cpu_load(QEMUFile *f, void *opaque, int version_id);
+void do_savevm(const char *name);
+void do_loadvm(const char *name);
+void do_delvm(const char *name);
+void do_info_snapshots(void);
+/* bottom halves */
+typedef void QEMUBHFunc(void *opaque);
+QEMUBH *qemu_bh_new(QEMUBHFunc *cb, void *opaque);
+void qemu_bh_schedule(QEMUBH *bh);
+void qemu_bh_cancel(QEMUBH *bh);
+void qemu_bh_delete(QEMUBH *bh);
+int qemu_bh_poll(void);
 /* block.c */
 …
 typedef struct BlockDriver BlockDriver;
-#ifdef VBOX
-extern BlockDriver bdrv_vbox;
-/* @@@AH remove later */
-extern BlockDriver bdrv_qcow;
 extern BlockDriver bdrv_raw;
+#else /* !VBOX */
+extern BlockDriver bdrv_raw;
+extern BlockDriver bdrv_host_device;
 extern BlockDriver bdrv_cow;
 extern BlockDriver bdrv_qcow;
 …
 extern BlockDriver bdrv_cloop;
 extern BlockDriver bdrv_dmg;
+#endif /* !VBOX */
+extern BlockDriver bdrv_bochs;
+extern BlockDriver bdrv_vpc;
+extern BlockDriver bdrv_vvfat;
+extern BlockDriver bdrv_qcow2;
+typedef struct BlockDriverInfo {
+    /* in bytes, 0 if irrelevant */
+    int cluster_size;
+    /* offset at which the VM state can be saved (0 if not possible) */
+    int64_t vm_state_offset;
+} BlockDriverInfo;
+typedef struct QEMUSnapshotInfo {
+    char id_str[128]; /* unique snapshot id */
+    /* the following fields are informative. They are not needed for
+       the consistency of the snapshot */
+    char name[256]; /* user choosen name */
+    uint32_t vm_state_size; /* VM state info size */
+    uint32_t date_sec; /* UTC date of the snapshot */
+    uint32_t date_nsec;
+    uint64_t vm_clock_nsec; /* VM clock relative to boot */
+} QEMUSnapshotInfo;
+#define BDRV_O_RDONLY      0x0000
+#define BDRV_O_RDWR        0x0002
+#define BDRV_O_ACCESS      0x0003
+#define BDRV_O_CREAT       0x0004 /* create an empty file */
+#define BDRV_O_SNAPSHOT    0x0008 /* open the file read only and save writes in a snapshot */
+#define BDRV_O_FILE        0x0010 /* open as a raw file (do not try to
+                                     use a disk image format on top of
+                                     it (default for
+                                     bdrv_file_open()) */
 void bdrv_init(void);
 …
 BlockDriverState *bdrv_new(const char *device_name);
 void bdrv_delete(BlockDriverState *bs);
+int bdrv_open(BlockDriverState *bs, const char *filename, int snapshot);
+int bdrv_open2(BlockDriverState *bs, const char *filename, int snapshot,
+int bdrv_file_open(BlockDriverState **pbs, const char *filename, int flags);
+int bdrv_open(BlockDriverState *bs, const char *filename, int flags);
+int bdrv_open2(BlockDriverState *bs, const char *filename, int flags,
                BlockDriver *drv);
 void bdrv_close(BlockDriverState *bs);
 …
 int bdrv_write(BlockDriverState *bs, int64_t sector_num,
                const uint8_t *buf, int nb_sectors);
+int bdrv_pread(BlockDriverState *bs, int64_t offset,
+               void *buf, int count);
+int bdrv_pwrite(BlockDriverState *bs, int64_t offset,
+                const void *buf, int count);
+int bdrv_truncate(BlockDriverState *bs, int64_t offset);
+int64_t bdrv_getlength(BlockDriverState *bs);
 void bdrv_get_geometry(BlockDriverState *bs, int64_t *nb_sectors_ptr);
 int bdrv_commit(BlockDriverState *bs);
 void bdrv_set_boot_sector(BlockDriverState *bs, const uint8_t *data, int size);
+/* async block I/O */
+typedef struct BlockDriverAIOCB BlockDriverAIOCB;
+typedef void BlockDriverCompletionFunc(void *opaque, int ret);
+BlockDriverAIOCB *bdrv_aio_read(BlockDriverState *bs, int64_t sector_num,
+                                uint8_t *buf, int nb_sectors,
+                                BlockDriverCompletionFunc *cb, void *opaque);
+BlockDriverAIOCB *bdrv_aio_write(BlockDriverState *bs, int64_t sector_num,
+                                 const uint8_t *buf, int nb_sectors,
+                                 BlockDriverCompletionFunc *cb, void *opaque);
+void bdrv_aio_cancel(BlockDriverAIOCB *acb);
+void qemu_aio_init(void);
+void qemu_aio_poll(void);
+void qemu_aio_flush(void);
+void qemu_aio_wait_start(void);
+void qemu_aio_wait(void);
+void qemu_aio_wait_end(void);
+/* Ensure contents are flushed to disk.  */
+void bdrv_flush(BlockDriverState *bs);
 #define BDRV_TYPE_HD     0
 #define BDRV_TYPE_CDROM  1
 #define BDRV_TYPE_FLOPPY 2
+#define BIOS_ATA_TRANSLATION_AUTO 0
+#define BIOS_ATA_TRANSLATION_NONE 1
+#define BIOS_ATA_TRANSLATION_LBA  2
+#define BIOS_ATA_TRANSLATION_AUTO   0
+#define BIOS_ATA_TRANSLATION_NONE   1
+#define BIOS_ATA_TRANSLATION_LBA    2
+#define BIOS_ATA_TRANSLATION_LARGE  3
+#define BIOS_ATA_TRANSLATION_RECHS  4
 void bdrv_set_geometry_hint(BlockDriverState *bs,
 …
 int bdrv_is_read_only(BlockDriverState *bs);
 int bdrv_is_inserted(BlockDriverState *bs);
+int bdrv_media_changed(BlockDriverState *bs);
 int bdrv_is_locked(BlockDriverState *bs);
 void bdrv_set_locked(BlockDriverState *bs, int locked);
+void bdrv_eject(BlockDriverState *bs, int eject_flag);
 void bdrv_set_change_cb(BlockDriverState *bs,
                         void (*change_cb)(void *opaque), void *opaque);
 …
                          void *opaque);
 const char *bdrv_get_device_name(BlockDriverState *bs);
+int qcow_get_cluster_size(BlockDriverState *bs);
+int qcow_compress_cluster(BlockDriverState *bs, int64_t sector_num,
+                          const uint8_t *buf);
+int bdrv_write_compressed(BlockDriverState *bs, int64_t sector_num,
+                          const uint8_t *buf, int nb_sectors);
+int bdrv_get_info(BlockDriverState *bs, BlockDriverInfo *bdi);
+void bdrv_get_backing_filename(BlockDriverState *bs,
+                               char *filename, int filename_size);
+int bdrv_snapshot_create(BlockDriverState *bs,
+                         QEMUSnapshotInfo *sn_info);
+int bdrv_snapshot_goto(BlockDriverState *bs,
+                       const char *snapshot_id);
+int bdrv_snapshot_delete(BlockDriverState *bs, const char *snapshot_id);
+int bdrv_snapshot_list(BlockDriverState *bs,
+                       QEMUSnapshotInfo **psn_info);
+char *bdrv_snapshot_dump(char *buf, int buf_size, QEMUSnapshotInfo *sn);
+char *get_human_readable_size(char *buf, int buf_size, int64_t size);
+int path_is_absolute(const char *path);
+void path_combine(char *dest, int dest_size,
+                  const char *base_path,
+                  const char *filename);
 #ifndef QEMU_TOOL
+typedef void QEMUMachineInitFunc(int ram_size, int vga_ram_size,
+                                 int boot_device,
+             DisplayState *ds, const char **fd_filename, int snapshot,
+             const char *kernel_filename, const char *kernel_cmdline,
+             const char *initrd_filename);
+typedef struct QEMUMachine {
+    const char *name;
+    const char *desc;
+    QEMUMachineInitFunc *init;
+    struct QEMUMachine *next;
+} QEMUMachine;
+int qemu_register_machine(QEMUMachine *m);
+typedef void SetIRQFunc(void *opaque, int irq_num, int level);
+typedef void IRQRequestFunc(void *opaque, int level);
 /* ISA bus */
-#if defined(VBOX)
-#define isa_mem_base    THIS_SHALL_NOT_BE_USED//0
-#else /* !VBOX */
 extern target_phys_addr_t isa_mem_base;
 …
                           IOPortWriteFunc *func, void *opaque);
 void isa_unassign_ioport(int start, int length);
+#endif /* !VBOX */
+void isa_mmio_init(target_phys_addr_t base, target_phys_addr_t size);
 /* PCI bus */
-#if defined(VBOX)
-typedef struct PCIBus PCIBus;
-typedef struct PCIDevice PCIDevice;
-typedef struct openpic_t openpic_t;
-#else /* !VBOX */
-extern int pci_enabled;
 extern target_phys_addr_t pci_mem_base;
 …
 #define PCI_ROM_SLOT 6
 #define PCI_NUM_REGIONS 7
+#define PCI_DEVICES_MAX 64
+#define PCI_VENDOR_ID           0x00    /* 16 bits */
+#define PCI_DEVICE_ID           0x02    /* 16 bits */
+#define PCI_COMMAND             0x04    /* 16 bits */
+#define  PCI_COMMAND_IO         0x1     /* Enable response in I/O space */
+#define  PCI_COMMAND_MEMORY     0x2     /* Enable response in Memory space */
+#define PCI_CLASS_DEVICE        0x0a    /* Device class */
+#define PCI_INTERRUPT_LINE      0x3c    /* 8 bits */
+#define PCI_INTERRUPT_PIN       0x3d    /* 8 bits */
+#define PCI_MIN_GNT             0x3e    /* 8 bits */
+#define PCI_MAX_LAT             0x3f    /* 8 bits */
 struct PCIDevice {
     /* PCI config space */
 …
     PCIConfigReadFunc *config_read;
     PCIConfigWriteFunc *config_write;
+    /* ??? This is a PC-specific hack, and should be removed.  */
     int irq_index;
+    /* Current IRQ levels.  Used internally by the generic PCI code.  */
+    int irq_state[4];
 };
 …
 void pci_default_write_config(PCIDevice *d,
                               uint32_t address, uint32_t val, int len);
+void generic_pci_save(QEMUFile* f, void *opaque);
+int generic_pci_load(QEMUFile* f, void *opaque, int version_id);
+extern struct PIIX3State *piix3_state;
+PCIBus *i440fx_init(void);
+void piix3_init(PCIBus *bus);
+void pci_bios_init(void);
+void pci_device_save(PCIDevice *s, QEMUFile *f);
+int pci_device_load(PCIDevice *s, QEMUFile *f);
+typedef void (*pci_set_irq_fn)(void *pic, int irq_num, int level);
+typedef int (*pci_map_irq_fn)(PCIDevice *pci_dev, int irq_num);
+PCIBus *pci_register_bus(pci_set_irq_fn set_irq, pci_map_irq_fn map_irq,
+                         void *pic, int devfn_min, int nirq);
+void pci_nic_init(PCIBus *bus, NICInfo *nd, int devfn);
+void pci_data_write(void *opaque, uint32_t addr, uint32_t val, int len);
+uint32_t pci_data_read(void *opaque, uint32_t addr, int len);
+int pci_bus_num(PCIBus *s);
+void pci_for_each_device(int bus_num, void (*fn)(PCIDevice *d));
 void pci_info(void);
+/* temporary: will be moved in platform specific file */
+PCIBus *pci_bridge_init(PCIBus *bus, int devfn, uint32_t id,
+                        pci_map_irq_fn map_irq, const char *name);
+/* prep_pci.c */
 PCIBus *pci_prep_init(void);
+struct openpic_t;
+void pci_pmac_set_openpic(PCIBus *bus, struct openpic_t *openpic);
+PCIBus *pci_pmac_init(void);
+/* grackle_pci.c */
+PCIBus *pci_grackle_init(uint32_t base, void *pic);
+/* unin_pci.c */
+PCIBus *pci_pmac_init(void *pic);
+/* apb_pci.c */
+PCIBus *pci_apb_init(target_ulong special_base, target_ulong mem_base,
+                     void *pic);
+PCIBus *pci_vpb_init(void *pic, int irq, int realview);
+/* piix_pci.c */
+PCIBus *i440fx_init(PCIDevice **pi440fx_state);
+void i440fx_set_smm(PCIDevice *d, int val);
+int piix3_init(PCIBus *bus, int devfn);
+void i440fx_init_memory_mappings(PCIDevice *d);
+int piix4_init(PCIBus *bus, int devfn);
 /* openpic.c */
 typedef struct openpic_t openpic_t;
+void openpic_set_irq (openpic_t *opp, int n_IRQ, int level);
+openpic_t *openpic_init (PCIBus *bus, int *pmem_index, int nb_cpus);
+#endif /* !VBOX */
+void openpic_set_irq(void *opaque, int n_IRQ, int level);
+openpic_t *openpic_init (PCIBus *bus, int *pmem_index, int nb_cpus,
+                         CPUState **envp);
+/* heathrow_pic.c */
+typedef struct HeathrowPICS HeathrowPICS;
+void heathrow_pic_set_irq(void *opaque, int num, int level);
+HeathrowPICS *heathrow_pic_init(int *pmem_index);
+/* gt64xxx.c */
+PCIBus *pci_gt64120_init(void *pic);
+#ifdef HAS_AUDIO
+struct soundhw {
+    const char *name;
+    const char *descr;
+    int enabled;
+    int isa;
+    union {
+        int (*init_isa) (AudioState *s);
+        int (*init_pci) (PCIBus *bus, AudioState *s);
+    } init;
+};
+extern struct soundhw soundhw[];
+#endif
 /* vga.c */
 #define VGA_RAM_SIZE (4096 * 1024)
+#define VGA_RAM_SIZE (8192 * 1024)
 struct DisplayState {
 …
     int linesize;
     int depth;
+    int bgr; /* BGR color order instead of RGB. Only valid for depth == 32 */
     int width;
     int height;
+    void *opaque;
     void (*dpy_update)(struct DisplayState *s, int x, int y, int w, int h);
     void (*dpy_resize)(struct DisplayState *s, int w, int h);
     void (*dpy_refresh)(struct DisplayState *s);
+    void (*dpy_copy)(struct DisplayState *s, int src_x, int src_y, int dst_x, int dst_y, int w, int h);
 };
 …
+}
 int vga_initialize(PCIBus *bus, DisplayState *ds, uint8_t *vga_ram_base,
                    unsigned long vga_ram_offset, int vga_ram_size);
+void vga_update_display(void);
+void vga_invalidate_display(void);
 void vga_screen_dump(const char *filename);
+int isa_vga_init(DisplayState *ds, uint8_t *vga_ram_base,
+                 unsigned long vga_ram_offset, int vga_ram_size);
+int pci_vga_init(PCIBus *bus, DisplayState *ds, uint8_t *vga_ram_base,
+                 unsigned long vga_ram_offset, int vga_ram_size,
+                 unsigned long vga_bios_offset, int vga_bios_size);
 /* cirrus_vga.c */
 …
 void sdl_display_init(DisplayState *ds, int full_screen);
+/* cocoa.m */
+void cocoa_display_init(DisplayState *ds, int full_screen);
+/* vnc.c */
+void vnc_display_init(DisplayState *ds, const char *display);
+/* x_keymap.c */
+extern uint8_t _translate_keycode(const int key);
 /* ide.c */
 #define MAX_DISKS 4
 extern BlockDriverState *bs_table[MAX_DISKS];
+extern BlockDriverState *bs_table[MAX_DISKS + 1];
 void isa_ide_init(int iobase, int iobase2, int irq,
                   BlockDriverState *hd0, BlockDriverState *hd1);
+void pci_ide_init(PCIBus *bus, BlockDriverState **hd_table);
+void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table);
+void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
+                         int secondary_ide_enabled);
+void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn);
 int pmac_ide_init (BlockDriverState **hd_table,
+                   openpic_t *openpic, int irq);
+                   SetIRQFunc *set_irq, void *irq_opaque, int irq);
+/* cdrom.c */
+int cdrom_read_toc(int nb_sectors, uint8_t *buf, int msf, int start_track);
+int cdrom_read_toc_raw(int nb_sectors, uint8_t *buf, int msf, int session_num);
+/* es1370.c */
+int es1370_init (PCIBus *bus, AudioState *s);
 /* sb16.c */
 void SB16_init (void);
+int SB16_init (AudioState *s);
 /* adlib.c */
 void Adlib_init (void);
+int Adlib_init (AudioState *s);
 /* gus.c */
 void GUS_init (void);
+int GUS_init (AudioState *s);
 /* dma.c */
 …
 /* ne2000.c */
+void isa_ne2000_init(int base, int irq, NetDriverState *nd);
+void pci_ne2000_init(PCIBus *bus, NetDriverState *nd);
+void isa_ne2000_init(int base, int irq, NICInfo *nd);
+void pci_ne2000_init(PCIBus *bus, NICInfo *nd, int devfn);
+/* rtl8139.c */
+void pci_rtl8139_init(PCIBus *bus, NICInfo *nd, int devfn);
+/* pcnet.c */
+void pci_pcnet_init(PCIBus *bus, NICInfo *nd, int devfn);
+void pcnet_h_reset(void *opaque);
+void *lance_init(NICInfo *nd, uint32_t leaddr, void *dma_opaque);
 /* pckbd.c */
 …
 typedef struct SerialState SerialState;
+SerialState *serial_init(int base, int irq, CharDriverState *chr);
+SerialState *serial_init(SetIRQFunc *set_irq, void *opaque,
+                         int base, int irq, CharDriverState *chr);
+SerialState *serial_mm_init (SetIRQFunc *set_irq, void *opaque,
+                             target_ulong base, int it_shift,
+                             int irq, CharDriverState *chr);
 /* parallel.c */
 …
 /* i8259.c */
+typedef struct PicState2 PicState2;
+extern PicState2 *isa_pic;
 void pic_set_irq(int irq, int level);
+void pic_init(void);
+uint32_t pic_intack_read(CPUState *env);
+void pic_set_irq_new(void *opaque, int irq, int level);
+PicState2 *pic_init(IRQRequestFunc *irq_request, void *irq_request_opaque);
+void pic_set_alt_irq_func(PicState2 *s, SetIRQFunc *alt_irq_func,
+                          void *alt_irq_opaque);
+int pic_read_irq(PicState2 *s);
+void pic_update_irq(PicState2 *s);
+uint32_t pic_intack_read(PicState2 *s);
 void pic_info(void);
 void irq_info(void);
 /* APIC */
+typedef struct IOAPICState IOAPICState;
 int apic_init(CPUState *env);
 int apic_get_interrupt(CPUState *env);
+IOAPICState *ioapic_init(void);
+void ioapic_set_irq(void *opaque, int vector, int level);
 /* i8254.c */
 …
 void pit_set_gate(PITState *pit, int channel, int val);
 int pit_get_gate(PITState *pit, int channel);
+int pit_get_initial_count(PITState *pit, int channel);
+int pit_get_mode(PITState *pit, int channel);
 int pit_get_out(PITState *pit, int channel, int64_t current_time);
+/* pcspk.c */
+void pcspk_init(PITState *);
+int pcspk_audio_init(AudioState *);
+#include "hw/smbus.h"
+/* acpi.c */
+extern int acpi_enabled;
+void piix4_pm_init(PCIBus *bus, int devfn);
+void piix4_smbus_register_device(SMBusDevice *dev, uint8_t addr);
+void acpi_bios_init(void);
+/* smbus_eeprom.c */
+SMBusDevice *smbus_eeprom_device_init(uint8_t addr, uint8_t *buf);
 /* pc.c */
+void pc_init(int ram_size, int vga_ram_size, int boot_device,
+             DisplayState *ds, const char **fd_filename, int snapshot,
+             const char *kernel_filename, const char *kernel_cmdline,
+             const char *initrd_filename);
+extern QEMUMachine pc_machine;
+extern QEMUMachine isapc_machine;
+extern int fd_bootchk;
+void ioport_set_a20(int enable);
+int ioport_get_a20(void);
 /* ppc.c */
+void ppc_init (int ram_size, int vga_ram_size, int boot_device,
+               DisplayState *ds, const char **fd_filename, int snapshot,
+               const char *kernel_filename, const char *kernel_cmdline,
+               const char *initrd_filename);
+void ppc_prep_init (int ram_size, int vga_ram_size, int boot_device,
+                    DisplayState *ds, const char **fd_filename, int snapshot,
+                    const char *kernel_filename, const char *kernel_cmdline,
+                    const char *initrd_filename);
+void ppc_chrp_init(int ram_size, int vga_ram_size, int boot_device,
+                   DisplayState *ds, const char **fd_filename, int snapshot,
+                   const char *kernel_filename, const char *kernel_cmdline,
+                   const char *initrd_filename);
+extern QEMUMachine prep_machine;
+extern QEMUMachine core99_machine;
+extern QEMUMachine heathrow_machine;
+/* mips_r4k.c */
+extern QEMUMachine mips_machine;
+/* mips_malta.c */
+extern QEMUMachine mips_malta_machine;
+/* mips_int */
+extern void cpu_mips_irq_request(void *opaque, int irq, int level);
+/* mips_timer.c */
+extern void cpu_mips_clock_init(CPUState *);
+extern void cpu_mips_irqctrl_init (void);
+/* shix.c */
+extern QEMUMachine shix_machine;
 #ifdef TARGET_PPC
 ppc_tb_t *cpu_ppc_tb_init (CPUState *env, uint32_t freq);
 …
 extern CPUWriteMemoryFunc *PPC_io_write[];
 extern CPUReadMemoryFunc *PPC_io_read[];
+extern int prep_enabled;
+#ifndef VBOX
+void PPC_debug_write (void *opaque, uint32_t addr, uint32_t val);
 /* sun4m.c */
+void sun4m_init(int ram_size, int vga_ram_size, int boot_device,
+             DisplayState *ds, const char **fd_filename, int snapshot,
+             const char *kernel_filename, const char *kernel_cmdline,
+             const char *initrd_filename);
+uint32_t iommu_translate(uint32_t addr);
+extern QEMUMachine sun4m_machine;
+void pic_set_irq_cpu(int irq, int level, unsigned int cpu);
 /* iommu.c */
 void *iommu_init(uint32_t addr);
+uint32_t iommu_translate_local(void *opaque, uint32_t addr);
+/* lance.c */
+void lance_init(NetDriverState *nd, int irq, uint32_t leaddr, uint32_t ledaddr);
+void sparc_iommu_memory_rw(void *opaque, target_phys_addr_t addr,
+                                 uint8_t *buf, int len, int is_write);
+static inline void sparc_iommu_memory_read(void *opaque,
+                                           target_phys_addr_t addr,
+                                           uint8_t *buf, int len)
+{
+    sparc_iommu_memory_rw(opaque, addr, buf, len, 0);
+}
+static inline void sparc_iommu_memory_write(void *opaque,
+                                            target_phys_addr_t addr,
+                                            uint8_t *buf, int len)
+{
+    sparc_iommu_memory_rw(opaque, addr, buf, len, 1);
+}
 /* tcx.c */
+void *tcx_init(DisplayState *ds, uint32_t addr, uint8_t *vram_base,
+              unsigned long vram_offset, int vram_size);
+void tcx_update_display(void *opaque);
+void tcx_invalidate_display(void *opaque);
+void tcx_screen_dump(void *opaque, const char *filename);
+void tcx_init(DisplayState *ds, uint32_t addr, uint8_t *vram_base,
+               unsigned long vram_offset, int vram_size, int width, int height);
 /* slavio_intctl.c */
 void *slavio_intctl_init();
+void slavio_intctl_set_cpu(void *opaque, unsigned int cpu, CPUState *env);
 void slavio_pic_info(void *opaque);
 void slavio_irq_info(void *opaque);
 void slavio_pic_set_irq(void *opaque, int irq, int level);
+/* magic-load.c */
+int load_elf(const char *filename, uint8_t *addr);
+void slavio_pic_set_irq_cpu(void *opaque, int irq, int level, unsigned int cpu);
+/* loader.c */
+int get_image_size(const char *filename);
+int load_image(const char *filename, uint8_t *addr);
+int load_elf(const char *filename, int64_t virt_to_phys_addend, uint64_t *pentry);
 int load_aout(const char *filename, uint8_t *addr);
 /* slavio_timer.c */
 void slavio_timer_init(uint32_t addr1, int irq1, uint32_t addr2, int irq2);
+void slavio_timer_init(uint32_t addr, int irq, int mode, unsigned int cpu);
 /* slavio_serial.c */
 SerialState *slavio_serial_init(int base, int irq, CharDriverState *chr1, CharDriverState *chr2);
 void slavio_serial_ms_kbd_init(int base, int irq);
+/* slavio_misc.c */
+void *slavio_misc_init(uint32_t base, int irq);
+void slavio_set_power_fail(void *opaque, int power_failing);
+/* esp.c */
+void esp_scsi_attach(void *opaque, BlockDriverState *bd, int id);
+void *esp_init(BlockDriverState **bd, uint32_t espaddr, void *dma_opaque);
+void esp_reset(void *opaque);
+/* sparc32_dma.c */
+void *sparc32_dma_init(uint32_t daddr, int espirq, int leirq, void *iommu,
+                       void *intctl);
+void ledma_set_irq(void *opaque, int isr);
+void ledma_memory_read(void *opaque, target_phys_addr_t addr,
+                       uint8_t *buf, int len, int do_bswap);
+void ledma_memory_write(void *opaque, target_phys_addr_t addr,
+                        uint8_t *buf, int len, int do_bswap);
+void espdma_raise_irq(void *opaque);
+void espdma_clear_irq(void *opaque);
+void espdma_memory_read(void *opaque, uint8_t *buf, int len);
+void espdma_memory_write(void *opaque, uint8_t *buf, int len);
+void sparc32_dma_set_reset_data(void *opaque, void *esp_opaque,
+                                void *lance_opaque);
+/* cs4231.c */
+void cs_init(target_phys_addr_t base, int irq, void *intctl);
+/* sun4u.c */
+extern QEMUMachine sun4u_machine;
 /* NVRAM helpers */
 …
                           uint32_t NVRAM_image,
                           int width, int height, int depth);
-#endif
 /* adb.c */
 …
 extern ADBBusState adb_bus;
+int cuda_init(openpic_t *openpic, int irq);
+int cuda_init(SetIRQFunc *set_irq, void *irq_opaque, int irq);
+#include "hw/usb.h"
+/* usb ports of the VM */
+void qemu_register_usb_port(USBPort *port, void *opaque, int index,
+                            usb_attachfn attach);
+#define VM_USB_HUB_SIZE 8
+void do_usb_add(const char *devname);
+void do_usb_del(const char *devname);
+void usb_info(void);
+/* scsi-disk.c */
+enum scsi_reason {
+    SCSI_REASON_DONE, /* Command complete.  */
+    SCSI_REASON_DATA  /* Transfer complete, more data required.  */
+};
+typedef struct SCSIDevice SCSIDevice;
+typedef void (*scsi_completionfn)(void *opaque, int reason, uint32_t tag,
+                                  uint32_t arg);
+SCSIDevice *scsi_disk_init(BlockDriverState *bdrv,
+                           int tcq,
+                           scsi_completionfn completion,
+                           void *opaque);
+void scsi_disk_destroy(SCSIDevice *s);
+int32_t scsi_send_command(SCSIDevice *s, uint32_t tag, uint8_t *buf, int lun);
+/* SCSI data transfers are asynchrnonous.  However, unlike the block IO
+   layer the completion routine may be called directly by
+   scsi_{read,write}_data.  */
+void scsi_read_data(SCSIDevice *s, uint32_t tag);
+int scsi_write_data(SCSIDevice *s, uint32_t tag);
+void scsi_cancel_io(SCSIDevice *s, uint32_t tag);
+uint8_t *scsi_get_buf(SCSIDevice *s, uint32_t tag);
+/* lsi53c895a.c */
+void lsi_scsi_attach(void *opaque, BlockDriverState *bd, int id);
+void *lsi_scsi_init(PCIBus *bus, int devfn);
+/* integratorcp.c */
+extern QEMUMachine integratorcp926_machine;
+extern QEMUMachine integratorcp1026_machine;
+/* versatilepb.c */
+extern QEMUMachine versatilepb_machine;
+extern QEMUMachine versatileab_machine;
+/* realview.c */
+extern QEMUMachine realview_machine;
+/* ps2.c */
+void *ps2_kbd_init(void (*update_irq)(void *, int), void *update_arg);
+void *ps2_mouse_init(void (*update_irq)(void *, int), void *update_arg);
+void ps2_write_mouse(void *, int val);
+void ps2_write_keyboard(void *, int val);
+uint32_t ps2_read_data(void *);
+void ps2_queue(void *, int b);
+void ps2_keyboard_set_translation(void *opaque, int mode);
+/* smc91c111.c */
+void smc91c111_init(NICInfo *, uint32_t, void *, int);
+/* pl110.c */
+void *pl110_init(DisplayState *ds, uint32_t base, void *pic, int irq, int);
+/* pl011.c */
+void pl011_init(uint32_t base, void *pic, int irq, CharDriverState *chr);
+/* pl050.c */
+void pl050_init(uint32_t base, void *pic, int irq, int is_mouse);
+/* pl080.c */
+void *pl080_init(uint32_t base, void *pic, int irq, int nchannels);
+/* pl190.c */
+void *pl190_init(uint32_t base, void *parent, int irq, int fiq);
+/* arm-timer.c */
+void sp804_init(uint32_t base, void *pic, int irq);
+void icp_pit_init(uint32_t base, void *pic, int irq);
+/* arm_sysctl.c */
+void arm_sysctl_init(uint32_t base, uint32_t sys_id);
+/* arm_gic.c */
+void *arm_gic_init(uint32_t base, void *parent, int parent_irq);
+/* arm_boot.c */
+void arm_load_kernel(CPUState *env, int ram_size, const char *kernel_filename,
+                     const char *kernel_cmdline, const char *initrd_filename,
+                     int board_id);
+/* sh7750.c */
+struct SH7750State;
+struct SH7750State *sh7750_init(CPUState * cpu);
+typedef struct {
+    /* The callback will be triggered if any of the designated lines change */
+    uint16_t portamask_trigger;
+    uint16_t portbmask_trigger;
+    /* Return 0 if no action was taken */
+    int (*port_change_cb) (uint16_t porta, uint16_t portb,
+                           uint16_t * periph_pdtra,
+                           uint16_t * periph_portdira,
+                           uint16_t * periph_pdtrb,
+                           uint16_t * periph_portdirb);
+} sh7750_io_device;
+int sh7750_register_io_device(struct SH7750State *s,
+                              sh7750_io_device * device);
+/* tc58128.c */
+int tc58128_init(struct SH7750State *s, char *zone1, char *zone2);
+/* NOR flash devices */
+typedef struct pflash_t pflash_t;
+pflash_t *pflash_register (target_ulong base, ram_addr_t off,
+                           BlockDriverState *bs,
+                           target_ulong sector_len, int nb_blocs, int width,
+                           uint16_t id0, uint16_t id1,
+                           uint16_t id2, uint16_t id3);
+#include "gdbstub.h"
 #endif /* defined(QEMU_TOOL) */
-#ifndef VBOX
 /* monitor.c */
 void monitor_init(CharDriverState *hd, int show_banner);
 …
 void term_vprintf(const char *fmt, va_list ap);
 void term_printf(const char *fmt, ...) __attribute__ ((__format__ (__printf__, 1, 2)));
+void term_print_filename(const char *filename);
 void term_flush(void);
 void term_print_help(void);
 …
                     ReadLineFunc *readline_func, void *opaque);
+void kqemu_record_dump(void);
 #endif /* !VBOX */
-/* gdbstub.c */
-#define DEFAULT_GDBSTUB_PORT 1234
-int gdbserver_start(int port);
 #endif /* VL_H */

Changeset 2422 in vbox for trunk/src

Legend:

trunk/src/Makefile

trunk/src/recompiler/InnoTek/Makefile.kmk

trunk/src/recompiler/InnoTek/config-host.h

trunk/src/recompiler/InnoTek/config.h

trunk/src/recompiler/Makefile.kmk

trunk/src/recompiler/VBoxREM.def

trunk/src/recompiler/VBoxRecompiler.c

trunk/src/recompiler/a.out.h

trunk/src/recompiler/bswap.h

trunk/src/recompiler/cpu-all.h

trunk/src/recompiler/cpu-defs.h

trunk/src/recompiler/cpu-exec.c

trunk/src/recompiler/disas.h

trunk/src/recompiler/dyngen-exec.h

trunk/src/recompiler/dyngen.c

trunk/src/recompiler/dyngen.h

trunk/src/recompiler/elf.h

trunk/src/recompiler/exec-all.h

trunk/src/recompiler/exec.c

trunk/src/recompiler/osdep.h

trunk/src/recompiler/softmmu_header.h

trunk/src/recompiler/softmmu_template.h

trunk/src/recompiler/target-i386/cpu.h

trunk/src/recompiler/target-i386/exec.h

trunk/src/recompiler/target-i386/helper2.c

trunk/src/recompiler/target-i386/op.c

trunk/src/recompiler/target-i386/ops_sse.h

trunk/src/recompiler/target-i386/ops_template_mem.h

trunk/src/recompiler/target-i386/translate.c

trunk/src/recompiler/translate-all.c

trunk/src/recompiler/vl.h

Download in other formats: