standardize uc exits at tb_trans to call EXCP_HLT at tb_stop by getting it to call a helper if is_jmp = DISAS_UC_STOP

qemu/aarch64.h

@@ -1294,6 +1294,7 @@
 #define tlb_reset_dirty_by_vaddr tlb_reset_dirty_by_vaddr_aarch64
 #define helper_stqcx_le_parallel helper_stqcx_le_parallel_aarch64
 #define helper_stqcx_be_parallel helper_stqcx_be_parallel_aarch64
+#define helper_uc_exit helper_uc_exit_aarch64
 #define cpu_aarch64_init cpu_aarch64_init_aarch64
 #define arm_cpu_exec_interrupt arm_cpu_exec_interrupt_aarch64
 #define arm_cpu_update_virq arm_cpu_update_virq_aarch64

qemu/arm.h

@@ -1294,6 +1294,7 @@
 #define tlb_reset_dirty_by_vaddr tlb_reset_dirty_by_vaddr_arm
 #define helper_stqcx_le_parallel helper_stqcx_le_parallel_arm
 #define helper_stqcx_be_parallel helper_stqcx_be_parallel_arm
+#define helper_uc_exit helper_uc_exit_arm
 #define arm_cpu_exec_interrupt arm_cpu_exec_interrupt_arm
 #define arm_cpu_update_virq arm_cpu_update_virq_arm
 #define arm_cpu_update_vfiq arm_cpu_update_vfiq_arm

qemu/include/exec/translator.h

@@ -37,6 +37,7 @@
 typedef enum DisasJumpType {
     DISAS_NEXT,
     DISAS_TOO_MANY,
+    DISAS_UC_EXIT, // Unicorn: Special disas state for exiting in the middle of tb.
     DISAS_NORETURN,
     DISAS_TARGET_0,
     DISAS_TARGET_1,

qemu/m68k.h

@@ -1294,6 +1294,7 @@
 #define tlb_reset_dirty_by_vaddr tlb_reset_dirty_by_vaddr_m68k
 #define helper_stqcx_le_parallel helper_stqcx_le_parallel_m68k
 #define helper_stqcx_be_parallel helper_stqcx_be_parallel_m68k
+#define helper_uc_exit helper_uc_exit_m68k
 #define cpu_m68k_init cpu_m68k_init_m68k
 #define helper_reds32 helper_reds32_m68k
 #define helper_redf32 helper_redf32_m68k

qemu/mips.h

@@ -1294,6 +1294,7 @@
 #define tlb_reset_dirty_by_vaddr tlb_reset_dirty_by_vaddr_mips
 #define helper_stqcx_le_parallel helper_stqcx_le_parallel_mips
 #define helper_stqcx_be_parallel helper_stqcx_be_parallel_mips
+#define helper_uc_exit helper_uc_exit_mips
 #define helper_mfc0_mvpcontrol helper_mfc0_mvpcontrol_mips
 #define helper_mfc0_mvpconf0 helper_mfc0_mvpconf0_mips
 #define helper_mfc0_mvpconf1 helper_mfc0_mvpconf1_mips

qemu/mips64.h

@@ -1294,6 +1294,7 @@
 #define tlb_reset_dirty_by_vaddr tlb_reset_dirty_by_vaddr_mips64
 #define helper_stqcx_le_parallel helper_stqcx_le_parallel_mips64
 #define helper_stqcx_be_parallel helper_stqcx_be_parallel_mips64
+#define helper_uc_exit helper_uc_exit_mips64
 #define helper_mfc0_mvpcontrol helper_mfc0_mvpcontrol_mips64
 #define helper_mfc0_mvpconf0 helper_mfc0_mvpconf0_mips64
 #define helper_mfc0_mvpconf1 helper_mfc0_mvpconf1_mips64

qemu/mips64el.h

@@ -1294,6 +1294,7 @@
 #define tlb_reset_dirty_by_vaddr tlb_reset_dirty_by_vaddr_mips64el
 #define helper_stqcx_le_parallel helper_stqcx_le_parallel_mips64el
 #define helper_stqcx_be_parallel helper_stqcx_be_parallel_mips64el
+#define helper_uc_exit helper_uc_exit_mips64el
 #define helper_mfc0_mvpcontrol helper_mfc0_mvpcontrol_mips64el
 #define helper_mfc0_mvpconf0 helper_mfc0_mvpconf0_mips64el
 #define helper_mfc0_mvpconf1 helper_mfc0_mvpconf1_mips64el

qemu/mipsel.h

@@ -1294,6 +1294,7 @@
 #define tlb_reset_dirty_by_vaddr tlb_reset_dirty_by_vaddr_mipsel
 #define helper_stqcx_le_parallel helper_stqcx_le_parallel_mipsel
 #define helper_stqcx_be_parallel helper_stqcx_be_parallel_mipsel
+#define helper_uc_exit helper_uc_exit_mipsel
 #define helper_mfc0_mvpcontrol helper_mfc0_mvpcontrol_mipsel
 #define helper_mfc0_mvpconf0 helper_mfc0_mvpconf0_mipsel
 #define helper_mfc0_mvpconf1 helper_mfc0_mvpconf1_mipsel

qemu/ppc.h

@@ -1294,6 +1294,7 @@
 #define tlb_reset_dirty_by_vaddr tlb_reset_dirty_by_vaddr_ppc
 #define helper_stqcx_le_parallel helper_stqcx_le_parallel_ppc
 #define helper_stqcx_be_parallel helper_stqcx_be_parallel_ppc
+#define helper_uc_exit helper_uc_exit_ppc
 #define ppc_cpu_unrealize ppc_cpu_unrealize_ppc
 #define ppc_cpu_instance_finalize ppc_cpu_instance_finalize_ppc
 #define ppc_cpu_do_interrupt ppc_cpu_do_interrupt_ppc

qemu/ppc64.h

@@ -1294,6 +1294,7 @@
 #define tlb_reset_dirty_by_vaddr tlb_reset_dirty_by_vaddr_ppc64
 #define helper_stqcx_le_parallel helper_stqcx_le_parallel_ppc64
 #define helper_stqcx_be_parallel helper_stqcx_be_parallel_ppc64
+#define helper_uc_exit helper_uc_exit_ppc64
 #define ppc_cpu_unrealize ppc_cpu_unrealize_ppc64
 #define ppc_cpu_instance_finalize ppc_cpu_instance_finalize_ppc64
 #define ppc_cpu_do_interrupt ppc_cpu_do_interrupt_ppc64

qemu/riscv32.h

@@ -1294,6 +1294,7 @@
 #define tlb_reset_dirty_by_vaddr tlb_reset_dirty_by_vaddr_riscv32
 #define helper_stqcx_le_parallel helper_stqcx_le_parallel_riscv32
 #define helper_stqcx_be_parallel helper_stqcx_be_parallel_riscv32
+#define helper_uc_exit helper_uc_exit_riscv32
 #define riscv_cpu_mmu_index riscv_cpu_mmu_index_riscv32
 #define riscv_cpu_exec_interrupt riscv_cpu_exec_interrupt_riscv32
 #define riscv_cpu_fp_enabled riscv_cpu_fp_enabled_riscv32
@@ -1360,7 +1361,6 @@
 #define helper_fclass_d helper_fclass_d_riscv32
 #define riscv_raise_exception riscv_raise_exception_riscv32
 #define helper_raise_exception helper_raise_exception_riscv32
-#define helper_uc_riscv_exit helper_uc_riscv_exit_riscv32
 #define helper_csrrw helper_csrrw_riscv32
 #define helper_csrrs helper_csrrs_riscv32
 #define helper_csrrc helper_csrrc_riscv32

qemu/riscv64.h

@@ -1294,6 +1294,7 @@
 #define tlb_reset_dirty_by_vaddr tlb_reset_dirty_by_vaddr_riscv64
 #define helper_stqcx_le_parallel helper_stqcx_le_parallel_riscv64
 #define helper_stqcx_be_parallel helper_stqcx_be_parallel_riscv64
+#define helper_uc_exit helper_uc_exit_riscv64
 #define riscv_cpu_mmu_index riscv_cpu_mmu_index_riscv64
 #define riscv_cpu_exec_interrupt riscv_cpu_exec_interrupt_riscv64
 #define riscv_cpu_fp_enabled riscv_cpu_fp_enabled_riscv64
@@ -1360,7 +1361,6 @@
 #define helper_fclass_d helper_fclass_d_riscv64
 #define riscv_raise_exception riscv_raise_exception_riscv64
 #define helper_raise_exception helper_raise_exception_riscv64
-#define helper_uc_riscv_exit helper_uc_riscv_exit_riscv64
 #define helper_csrrw helper_csrrw_riscv64
 #define helper_csrrs helper_csrrs_riscv64
 #define helper_csrrc helper_csrrc_riscv64

qemu/s390x.h

@@ -1294,7 +1294,7 @@
 #define tlb_reset_dirty_by_vaddr tlb_reset_dirty_by_vaddr_s390x
 #define helper_stqcx_le_parallel helper_stqcx_le_parallel_s390x
 #define helper_stqcx_be_parallel helper_stqcx_be_parallel_s390x
-#define helper_uc_s390x_exit helper_uc_s390x_exit_s390x
+#define helper_uc_exit helper_uc_exit_s390x
 #define tcg_s390_tod_updated tcg_s390_tod_updated_s390x
 #define tcg_s390_program_interrupt tcg_s390_program_interrupt_s390x
 #define tcg_s390_data_exception tcg_s390_data_exception_s390x

qemu/sparc.h

@@ -1294,6 +1294,7 @@
 #define tlb_reset_dirty_by_vaddr tlb_reset_dirty_by_vaddr_sparc
 #define helper_stqcx_le_parallel helper_stqcx_le_parallel_sparc
 #define helper_stqcx_be_parallel helper_stqcx_be_parallel_sparc
+#define helper_uc_exit helper_uc_exit_sparc
 #define helper_compute_psr helper_compute_psr_sparc
 #define helper_compute_C_icc helper_compute_C_icc_sparc
 #define cpu_sparc_set_id cpu_sparc_set_id_sparc

qemu/sparc64.h

@@ -1294,6 +1294,7 @@
 #define tlb_reset_dirty_by_vaddr tlb_reset_dirty_by_vaddr_sparc64
 #define helper_stqcx_le_parallel helper_stqcx_le_parallel_sparc64
 #define helper_stqcx_be_parallel helper_stqcx_be_parallel_sparc64
+#define helper_uc_exit helper_uc_exit_sparc64
 #define helper_compute_psr helper_compute_psr_sparc64
 #define helper_compute_C_icc helper_compute_C_icc_sparc64
 #define cpu_sparc_set_id cpu_sparc_set_id_sparc64

qemu/target/arm/helper.h

@@ -1,5 +1,6 @@
 DEF_HELPER_4(uc_tracecode, void, i32, i32, ptr, i64)
 DEF_HELPER_6(uc_traceopcode, void, ptr, i64, i64, i32, ptr, i64)
+DEF_HELPER_1(uc_exit, void, env)
 
 DEF_HELPER_FLAGS_1(sxtb16, TCG_CALL_NO_RWG_SE, i32, i32)
 DEF_HELPER_FLAGS_1(uxtb16, TCG_CALL_NO_RWG_SE, i32, i32)

qemu/target/arm/op_helper.c

@@ -998,3 +998,12 @@ uint32_t HELPER(uc_hooksys64)(CPUARMState *env, uint32_t insn, void *hk)
     JIT_CALLBACK_GUARD_VAR(ret, ((uc_cb_insn_sys_t)(hook->callback))(uc, uc_rt, &cp_reg, hook->user_data));
     return ret;
 }
+
+void HELPER(uc_exit)(CPUARMState *env)
+{
+    CPUState *cs = env_cpu(env);
+
+    cs->exception_index = EXCP_HLT;
+    cs->halted = 1;
+    cpu_loop_exit(cs);
+}

qemu/target/arm/translate-a64.c

@@ -14737,7 +14737,7 @@ static void aarch64_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
     // Unicorn: end address tells us to stop emulation
     if (uc_addr_is_exit(dc->uc, dcbase->pc_next)) {
         // imitate WFI instruction to halt emulation
-        dcbase->is_jmp = DISAS_WFI;
+        dcbase->is_jmp = DISAS_UC_EXIT;
     } else {
         if (dc->ss_active && !dc->pstate_ss) {
             /* Singlestep state is Active-pending.
@@ -14830,6 +14830,12 @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
             tcg_gen_exit_tb(tcg_ctx, NULL, 0);
             break;
         }
+        case DISAS_UC_EXIT:
+        {
+            gen_a64_set_pc_im(tcg_ctx, dc->base.pc_next);
+            gen_helper_uc_exit(tcg_ctx, tcg_ctx->cpu_env);
+            break;
+        }
         }
     }
 }

qemu/target/arm/translate.c

@@ -11462,34 +11462,35 @@ static void arm_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
     // Unicorn: end address tells us to stop emulation
     if (uc_addr_is_exit(dc->uc, dcbase->pc_next)) {
         // imitate WFI instruction to halt emulation
-        dcbase->is_jmp = DISAS_WFI;
-    } else {
-        dc->pc_curr = dc->base.pc_next;
-        insn = arm_ldl_code(env, dc->base.pc_next, dc->sctlr_b);
-        dc->insn = insn;
-
-        // Unicorn:
-        //
-        // If we get an error during fetching code, we have to skip the instruction decoding
-        // to ensure the PC remains unchanged.
-        //
-        // This is to keep the same behavior with Unicorn1, though, it's inconsistent with
-        // official arm documents.
-        //
-        // See discussion here: https://github.com/unicorn-engine/unicorn/issues/1536
-        if (dc->uc->invalid_error) {
-            dcbase->is_jmp = DISAS_WFI;
-            return;
-        }
+        dcbase->is_jmp = DISAS_UC_EXIT;
+        return;
+    }
+
+    dc->pc_curr = dc->base.pc_next;
+    insn = arm_ldl_code(env, dc->base.pc_next, dc->sctlr_b);
+    dc->insn = insn;
+
+    // Unicorn:
+    //
+    // If we get an error during fetching code, we have to skip the instruction decoding
+    // to ensure the PC remains unchanged.
+    //
+    // This is to keep the same behavior with Unicorn1, though, it's inconsistent with
+    // official arm documents.
+    //
+    // See discussion here: https://github.com/unicorn-engine/unicorn/issues/1536
+    if (dc->uc->invalid_error) {
+        dcbase->is_jmp = DISAS_UC_EXIT;
+        return;
+    }
 
-        dc->base.pc_next += 4;
-        disas_arm_insn(dc, insn);
+    dc->base.pc_next += 4;
+    disas_arm_insn(dc, insn);
 
-        arm_post_translate_insn(dc);
+    arm_post_translate_insn(dc);
 
-        /* ARM is a fixed-length ISA.  We performed the cross-page check
-           in init_disas_context by adjusting max_insns.  */
-    }
+    /* ARM is a fixed-length ISA.  We performed the cross-page check
+        in init_disas_context by adjusting max_insns.  */
 }
 
 static bool thumb_insn_is_unconditional(DisasContext *s, uint32_t insn)
@@ -11555,7 +11556,7 @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
     // Unicorn: end address tells us to stop emulation
     if (uc_addr_is_exit(uc, dcbase->pc_next)) {
         // imitate WFI instruction to halt emulation
-        dcbase->is_jmp = DISAS_WFI;
+        dcbase->is_jmp = DISAS_UC_EXIT;
         return;
     }
 
@@ -11753,6 +11754,12 @@ static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
         case DISAS_SMC:
             gen_exception(tcg_ctx, EXCP_SMC, syn_aa32_smc(), 3);
             break;
+        case DISAS_UC_EXIT:
+        {
+            gen_set_pc_im(dc, dc->base.pc_next);
+            gen_helper_uc_exit(tcg_ctx, tcg_ctx->cpu_env);
+            break;
+        }
         }
     }
 

qemu/target/i386/helper.h

@@ -1,5 +1,6 @@
 DEF_HELPER_4(uc_tracecode, void, i32, i32, ptr, i64)
 DEF_HELPER_6(uc_traceopcode, void, ptr, i64, i64, i32, ptr, i64)
+DEF_HELPER_1(uc_exit, void, env)
 
 DEF_HELPER_FLAGS_4(cc_compute_all, TCG_CALL_NO_RWG_SE, tl, tl, tl, tl, int)
 DEF_HELPER_FLAGS_4(cc_compute_c, TCG_CALL_NO_RWG_SE, tl, tl, tl, tl, int)

qemu/target/i386/misc_helper.c

@@ -732,3 +732,12 @@ void helper_wrpkru(CPUX86State *env, uint32_t ecx, uint64_t val)
     env->pkru = val;
     tlb_flush(cs);
 }
+
+void helper_uc_exit(CPUX86State *env)
+{
+    X86CPU *cpu = env_archcpu(env);
+
+    cpu_svm_check_intercept_param(env, SVM_EXIT_HLT, 0, GETPC());
+
+    do_hlt(cpu);
+}

qemu/target/i386/translate.c

@@ -4803,16 +4803,6 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu)
 
     s->uc = env->uc;
 
-    // Unicorn: end address tells us to stop emulation
-    if (uc_addr_is_exit(env->uc, s->pc)) {
-        // imitate the HLT instruction
-        gen_update_cc_op(s);
-        gen_sync_pc(tcg_ctx, pc_start - s->cs_base);
-        gen_helper_hlt(tcg_ctx, tcg_ctx->cpu_env, tcg_const_i32(tcg_ctx, s->pc - pc_start));
-        s->base.is_jmp = DISAS_NORETURN;
-        return s->pc;
-    }
-
     // Unicorn: callback might need to access to EFLAGS,
     // or want to stop emulation immediately
     if (HOOK_EXISTS_BOUNDED(env->uc, UC_HOOK_CODE, pc_start)) {
@@ -9385,6 +9375,12 @@ static void i386_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
     DisasContext *dc = container_of(dcbase, DisasContext, base);
     target_ulong pc_next;
 
+    // Unicorn: end address tells us to stop emulation
+    if (uc_addr_is_exit(((CPUX86State *)cpu->env_ptr)->uc, dcbase->pc_next)) {
+        dc->base.is_jmp = DISAS_UC_EXIT;
+        return;
+    }
+
     pc_next = disas_insn(dc, cpu);
 
     if (dc->tf || (dc->base.tb->flags & HF_INHIBIT_IRQ_MASK)) {
@@ -9416,10 +9412,21 @@ static void i386_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
 static void i386_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
 {
     DisasContext *dc = container_of(dcbase, DisasContext, base);
+    TCGContext *tcg_ctx = dc->uc->tcg_ctx;
 
-    if (dc->base.is_jmp == DISAS_TOO_MANY) {
+    switch (dc->base.is_jmp) {
+    case DISAS_TOO_MANY:
         gen_jmp_im(dc, dc->base.pc_next - dc->cs_base);
         gen_eob(dc);
+        break;
+    case DISAS_UC_EXIT:
+        // imitate the HLT instruction
+        gen_update_cc_op(dc);
+        gen_jmp_im(dc, dc->base.pc_next - dc->cs_base);
+        gen_helper_uc_exit(tcg_ctx, tcg_ctx->cpu_env);
+        break;
+    default:
+        break; // suppress compiler warnings
     }
 }
 

qemu/target/m68k/translate.c

@@ -6325,7 +6325,7 @@ static void m68k_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
 
     // Unicorn: end address tells us to stop emulation
     if (uc_addr_is_exit(uc, dc->pc)) {
-        gen_exception(dc, dc->pc, EXCP_HLT);
+        dc->base.is_jmp = DISAS_UC_EXIT;
         return;
     }
 
@@ -6407,6 +6407,9 @@ static void m68k_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
             tcg_gen_exit_tb(tcg_ctx, NULL, 0);
         }
         break;
+    case DISAS_UC_EXIT:
+        gen_exception(dc, dc->pc, EXCP_HLT);
+        break;
     default:
         g_assert_not_reached();
     }

qemu/target/mips/helper.h

@@ -1,5 +1,6 @@
 DEF_HELPER_4(uc_tracecode, void, i32, i32, ptr, i64)
 DEF_HELPER_6(uc_traceopcode, void, ptr, i64, i64, i32, ptr, i64)
+DEF_HELPER_1(uc_exit, void, env)
 
 DEF_HELPER_3(raise_exception_err, noreturn, env, i32, int)
 DEF_HELPER_2(raise_exception, noreturn, env, i32)

qemu/target/mips/op_helper.c

@@ -1076,6 +1076,19 @@ void helper_wait(CPUMIPSState *env)
     raise_exception(env, EXCP_HLT);
 }
 
+void helper_uc_exit(CPUMIPSState *env)
+{
+    CPUState *cs = env_cpu(env);
+
+    cs->halted = 1;
+    cpu_reset_interrupt(cs, CPU_INTERRUPT_WAKE);
+    /*
+     * Last instruction in the block, PC was updated before
+     * - no need to recover PC and icount.
+     */
+    raise_exception(env, EXCP_HLT);
+}
+
 void mips_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
                                   MMUAccessType access_type,
                                   int mmu_idx, uintptr_t retaddr)