diff -ur qemu-0.9.1-stock/exec-all.h qemu-0.9.1-qemucount/exec-all.h --- qemu-0.9.1-stock/exec-all.h 2008-01-06 14:38:42.000000000 -0500 +++ qemu-0.9.1-qemucount/exec-all.h 2008-01-12 15:00:57.000000000 -0500 @@ -177,6 +177,7 @@ jmp_first */ struct TranslationBlock *jmp_next[2]; struct TranslationBlock *jmp_first; + int unique_id; } TranslationBlock; static inline unsigned int tb_jmp_cache_hash_page(target_ulong pc) diff -ur qemu-0.9.1-stock/exec.c qemu-0.9.1-qemucount/exec.c --- qemu-0.9.1-stock/exec.c 2008-01-06 14:38:42.000000000 -0500 +++ qemu-0.9.1-qemucount/exec.c 2008-01-12 15:04:47.000000000 -0500 @@ -927,6 +927,8 @@ #endif /* TARGET_HAS_SMC */ } +int tb_count=0; + /* Allocate a new translation block. Flush the translation buffer if too many translation blocks or too much generated code. */ TranslationBlock *tb_alloc(target_ulong pc) @@ -939,6 +941,8 @@ tb = &tbs[nb_tbs++]; tb->pc = pc; tb->cflags = 0; + tb->unique_id=tb_count; + tb_count++; return tb; } diff -ur qemu-0.9.1-stock/linux-user/main.c qemu-0.9.1-qemucount/linux-user/main.c --- qemu-0.9.1-stock/linux-user/main.c 2008-01-06 14:38:42.000000000 -0500 +++ qemu-0.9.1-qemucount/linux-user/main.c 2008-01-16 23:52:38.000000000 -0500 @@ -53,7 +53,8 @@ "__init_array_end:\n" "__fini_array_start:\n" "__fini_array_end:\n" - ".long 0\n"); + ".long 0\n" + ".previous\n"); #endif /* XXX: on x86 MAP_GROWSDOWN only works if ESP <= address + 32, so diff -ur qemu-0.9.1-stock/linux-user/mmap.c qemu-0.9.1-qemucount/linux-user/mmap.c --- qemu-0.9.1-stock/linux-user/mmap.c 2008-01-06 14:38:42.000000000 -0500 +++ qemu-0.9.1-qemucount/linux-user/mmap.c 2008-01-17 13:27:11.000000000 -0500 @@ -250,8 +250,8 @@ /* Note: we prefer to control the mapping address. It is especially important if qemu_host_page_size > qemu_real_host_page_size */ - p = mmap(g2h(mmap_start), - host_len, prot, flags | MAP_FIXED, fd, host_offset); + p = mmap(real_start ? g2h(real_start) : NULL, + host_len, prot, flags, fd, host_offset); if (p == MAP_FAILED) return -1; /* update start so that it points to the file position at 'offset' */ diff -ur qemu-0.9.1-stock/linux-user/signal.c qemu-0.9.1-qemucount/linux-user/signal.c --- qemu-0.9.1-stock/linux-user/signal.c 2008-01-06 14:38:42.000000000 -0500 +++ qemu-0.9.1-qemucount/linux-user/signal.c 2008-01-12 15:26:13.000000000 -0500 @@ -367,7 +367,9 @@ /* default handler : ignore some signal. The other are fatal */ if (sig != TARGET_SIGCHLD && sig != TARGET_SIGURG && - sig != TARGET_SIGWINCH) { + sig != TARGET_SIGWINCH && + sig != TARGET_SIGTSTP && + sig != TARGET_SIGCONT) { force_sig(sig); } else { return 0; /* indicate ignored */ diff -ur qemu-0.9.1-stock/linux-user/syscall.c qemu-0.9.1-qemucount/linux-user/syscall.c --- qemu-0.9.1-stock/linux-user/syscall.c 2008-01-06 14:38:42.000000000 -0500 +++ qemu-0.9.1-qemucount/linux-user/syscall.c 2008-02-27 21:08:07.000000000 -0500 @@ -3073,6 +3073,7 @@ _mcleanup(); #endif gdb_exit(cpu_env, arg1); + helper_dump_pc(0,0,0x8000); /* XXX: should free thread stack and CPU env */ _exit(arg1); ret = 0; /* avoid warning */ @@ -4483,6 +4484,7 @@ /* new thread calls */ case TARGET_NR_exit_group: gdb_exit(cpu_env, arg1); + helper_dump_pc(0,0,0x8000); ret = get_errno(exit_group(arg1)); break; #endif diff -ur qemu-0.9.1-stock/target-i386/helper.c qemu-0.9.1-qemucount/target-i386/helper.c --- qemu-0.9.1-stock/target-i386/helper.c 2008-01-06 14:38:45.000000000 -0500 +++ qemu-0.9.1-qemucount/target-i386/helper.c 2008-06-04 17:30:48.000000000 -0400 @@ -97,6 +97,49 @@ spinlock_t global_cpu_lock = SPIN_LOCK_UNLOCKED; + +void helper_dump_pc(unsigned long pc, unsigned long bb, + unsigned long rep) { + + static FILE *bbv_file=NULL; + static int rep_count=0; + static unsigned long long total_count=0; + + + + if (rep&0x8000) { + bbv_file=fopen("qemusim.bbv","w"); + if (bbv_file==NULL) { + printf("Error! Could not open file %s\n","qemusim.bbv"); + exit(-1); + } + + fprintf(bbv_file,"\n\n"); + fprintf(bbv_file,"Instructions: %lld\n",total_count); + if (bbv_file!=NULL) { + fclose(bbv_file); + } + + return; + } + + if (rep) { + rep_count++; + return; + } + + if ((rep_count) && (!rep)) { + rep_count=0; + /* count all reps as one instruction (as per docs) */ + /* this makes things match perf-ctr results */ + total_count++; + } + + total_count++; + +} + + void cpu_lock(void) { spin_lock(&global_cpu_lock); diff -ur qemu-0.9.1-stock/target-i386/op.c qemu-0.9.1-qemucount/target-i386/op.c --- qemu-0.9.1-stock/target-i386/op.c 2008-01-06 14:38:45.000000000 -0500 +++ qemu-0.9.1-qemucount/target-i386/op.c 2008-02-13 16:13:31.000000000 -0500 @@ -134,6 +134,12 @@ /* operations with flags */ +/* vmw */ +void OPPROTO op_dump_pc(void) { + helper_dump_pc(PARAM1,PARAM2,PARAM3); +} + + /* update flags with T0 and T1 (add/sub case) */ void OPPROTO op_update2_cc(void) { diff -ur qemu-0.9.1-stock/target-i386/translate.c qemu-0.9.1-qemucount/target-i386/translate.c --- qemu-0.9.1-stock/target-i386/translate.c 2008-01-06 14:38:45.000000000 -0500 +++ qemu-0.9.1-qemucount/target-i386/translate.c 2008-02-13 16:42:33.000000000 -0500 @@ -3238,7 +3238,8 @@ /* convert one instruction. s->is_jmp is set if the translation must be stopped. Return the next pc value */ -static target_ulong disas_insn(DisasContext *s, target_ulong pc_start) +static target_ulong disas_insn(DisasContext *s, target_ulong pc_start, + int unique_id, unsigned int start_pc) { int b, prefixes, aflag, dflag; int shift, ot; @@ -3369,6 +3370,9 @@ if (prefixes & PREFIX_LOCK) gen_op_lock(); + gen_op_dump_pc(start_pc,unique_id,prefixes &(PREFIX_REPZ | PREFIX_REPNZ)); + + /* now check op code */ reswitch: switch(b) { @@ -6775,7 +6779,7 @@ gen_opc_cc_op[lj] = dc->cc_op; gen_opc_instr_start[lj] = 1; } - pc_ptr = disas_insn(dc, pc_ptr); + pc_ptr = disas_insn(dc, pc_ptr,tb->unique_id, tb->pc); /* stop translation if indicated */ if (dc->is_jmp) break; diff -ur qemu-0.9.1-stock/target-mips/exec.h qemu-0.9.1-qemucount/target-mips/exec.h --- qemu-0.9.1-stock/target-mips/exec.h 2008-01-06 14:38:45.000000000 -0500 +++ qemu-0.9.1-qemucount/target-mips/exec.h 2008-01-12 18:19:50.000000000 -0500 @@ -258,7 +258,7 @@ if (env->CP0_Status & (1 << CP0St_FR)) env->hflags |= MIPS_HFLAG_F64; if (env->insn_flags & ISA_MIPS32R2) { - if (env->fpu->fcr0 & FCR0_F64) + if (env->fpu->fcr0 & (1<hflags |= MIPS_HFLAG_COP1X; } else if (env->insn_flags & ISA_MIPS32) { if (env->hflags & MIPS_HFLAG_64) diff -ur qemu-0.9.1-stock/target-mips/helper.c qemu-0.9.1-qemucount/target-mips/helper.c --- qemu-0.9.1-stock/target-mips/helper.c 2008-01-06 14:38:45.000000000 -0500 +++ qemu-0.9.1-qemucount/target-mips/helper.c 2008-04-23 12:02:04.000000000 -0400 @@ -36,6 +36,74 @@ TLBRET_MATCH = 0 }; +#define MAX_BBS 60000 +#define INTERVAL_SIZE 100000000 /* 100 million */ + +void helper_dump_pc(unsigned long pc, unsigned long bb, + unsigned long option) { + + static unsigned long total_count=0; + static int bbvs[MAX_BBS]; + int i; + static FILE *bbv_file=NULL; + static unsigned long long total_total_count=0; + + + + if (option&0x8000) { + + fprintf(bbv_file,"\n\n"); + total_total_count+=total_count; + fprintf(bbv_file,"# Total count: %lld\n",total_total_count); +// for(i=0;iMAX_BBS) { + printf("Error! Not enough BBS %ld\n",bb); + exit(-1); + } + total_count++; + bbvs[bb]++; + + if (total_count>=INTERVAL_SIZE) { + fprintf(bbv_file,"T"); + for(i=0;iunique_id); } int gen_intermediate_code_pc (CPUState *env, struct TranslationBlock *tb) { - return gen_intermediate_code_internal(env, tb, 1); + return gen_intermediate_code_internal(env, tb, 1, tb->unique_id); } void fpu_dump_state(CPUState *env, FILE *f, diff -ur qemu-0.9.1-stock/target-mips/translate_init.c qemu-0.9.1-qemucount/target-mips/translate_init.c --- qemu-0.9.1-stock/target-mips/translate_init.c 2008-01-06 14:38:45.000000000 -0500 +++ qemu-0.9.1-qemucount/target-mips/translate_init.c 2008-04-24 13:07:44.000000000 -0400 @@ -287,6 +287,51 @@ .insn_flags = CPU_MIPS32R2 | ASE_MIPS16 | ASE_DSP | ASE_MT, .mmu_type = MMU_TYPE_R4000, }, + { + .name = "R3000", + .CP0_PRid = 0x00019500, + .CP0_Config0 = MIPS_CONFIG0 | (0x1 << CP0C0_AR) | + (MMU_TYPE_R4000 << CP0C0_MT), + .CP0_Config1 = MIPS_CONFIG1 | (1 << CP0C1_FP) | (15 << CP0C1_MMU) | + (0 << CP0C1_IS) | (3 << CP0C1_IL) | (1 << CP0C1_IA) | + (0 << CP0C1_DS) | (3 << CP0C1_DL) | (1 << CP0C1_DA), + .CP0_Config2 = MIPS_CONFIG2, + .CP0_Config3 = MIPS_CONFIG3 | (0 << CP0C3_VInt) | (1 << CP0C3_MT), + .SYNCI_Step = 32, + .CCRes = 2, + /* No DSP implemented. */ + .CP0_Status_rw_bitmask = 0x3678FF1F, + /* No DSP implemented. */ + .CP0_TCStatus_rw_bitmask = (0 << CP0TCSt_TCU3) | (0 << CP0TCSt_TCU2) | + (1 << CP0TCSt_TCU1) | (1 << CP0TCSt_TCU0) | + (0 << CP0TCSt_TMX) | (1 << CP0TCSt_DT) | + (1 << CP0TCSt_DA) | (1 << CP0TCSt_A) | + (0x3 << CP0TCSt_TKSU) | (1 << CP0TCSt_IXMT) | + (0xff << CP0TCSt_TASID), + .CP1_fcr0 = //(1 << FCR0_F64) | + (1 << FCR0_L) | (1 << FCR0_W) | + (1 << FCR0_D) | (1 << FCR0_S) | (0x95 << FCR0_PRID), + .CP0_SRSCtl = (0xf << CP0SRSCtl_HSS), + .CP0_SRSConf0_rw_bitmask = 0x3fffffff, + .CP0_SRSConf0 = (1 << CP0SRSC0_M) | (0x3fe << CP0SRSC0_SRS3) | + (0x3fe << CP0SRSC0_SRS2) | (0x3fe << CP0SRSC0_SRS1), + .CP0_SRSConf1_rw_bitmask = 0x3fffffff, + .CP0_SRSConf1 = (1 << CP0SRSC1_M) | (0x3fe << CP0SRSC1_SRS6) | + (0x3fe << CP0SRSC1_SRS5) | (0x3fe << CP0SRSC1_SRS4), + .CP0_SRSConf2_rw_bitmask = 0x3fffffff, + .CP0_SRSConf2 = (1 << CP0SRSC2_M) | (0x3fe << CP0SRSC2_SRS9) | + (0x3fe << CP0SRSC2_SRS8) | (0x3fe << CP0SRSC2_SRS7), + .CP0_SRSConf3_rw_bitmask = 0x3fffffff, + .CP0_SRSConf3 = (1 << CP0SRSC3_M) | (0x3fe << CP0SRSC3_SRS12) | + (0x3fe << CP0SRSC3_SRS11) | (0x3fe << CP0SRSC3_SRS10), + .CP0_SRSConf4_rw_bitmask = 0x3fffffff, + .CP0_SRSConf4 = (0x3fe << CP0SRSC4_SRS15) | + (0x3fe << CP0SRSC4_SRS14) | (0x3fe << CP0SRSC4_SRS13), + .SEGBITS = 32, + .PABITS = 32, + .insn_flags = CPU_MIPS32R2 | ASE_MIPS16 | ASE_DSP | ASE_MT, + .mmu_type = MMU_TYPE_R4000, + }, #if defined(TARGET_MIPS64) { .name = "R4000",