tcg: Introduce goto_ptr opcode and tcg_gen_lookup_and_goto_ptr

Instead of exporting goto_ptr directly to TCG frontends, export
tcg_gen_lookup_and_goto_ptr(), which calls goto_ptr with the pointer
returned by the lookup_tb_ptr() helper. This is the only use case
we have for goto_ptr and lookup_tb_ptr, so having this function is
very convenient. Furthermore, it trivially allows us to avoid calling
the lookup helper if goto_ptr is not implemented by the backend.

Backports commit cedbcb01529cb6cf9a2289cdbebbc63f6149fc18 from qemu

qemu/aarch64.h

@@ -1729,6 +1729,7 @@
 #define helper_le_stl_mmu helper_le_stl_mmu_aarch64
 #define helper_le_stq_mmu helper_le_stq_mmu_aarch64
 #define helper_le_stw_mmu helper_le_stw_mmu_aarch64
+#define helper_lookup_tb_ptr helper_lookup_tb_ptr_aarch64
 #define helper_mulsh_i32 helper_mulsh_i32_aarch64
 #define helper_mulsh_i64 helper_mulsh_i64_aarch64
 #define helper_muluh_i32 helper_muluh_i32_aarch64
@@ -2939,6 +2940,7 @@
 #define tb_free tb_free_aarch64
 #define tb_gen_code tb_gen_code_aarch64
 #define tb_hash_remove tb_hash_remove_aarch64
+#define tb_htable_lookup tb_htable_lookup_aarch64
 #define tb_invalidate_phys_addr tb_invalidate_phys_addr_aarch64
 #define tb_invalidate_phys_page_fast tb_invalidate_phys_page_fast_aarch64
 #define tb_invalidate_phys_page_range tb_invalidate_phys_page_range_aarch64
@@ -3076,6 +3078,7 @@
 #define tcg_gen_ld_i64 tcg_gen_ld_i64_aarch64
 #define tcg_gen_ldst_op_i32 tcg_gen_ldst_op_i32_aarch64
 #define tcg_gen_ldst_op_i64 tcg_gen_ldst_op_i64_aarch64
+#define tcg_gen_lookup_and_goto_ptr tcg_gen_lookup_and_goto_ptr_aarch64
 #define tcg_gen_mb tcg_gen_mb_aarch64
 #define tcg_gen_mov_i32 tcg_gen_mov_i32_aarch64
 #define tcg_gen_mov_i64 tcg_gen_mov_i64_aarch64

qemu/aarch64eb.h

@@ -1729,6 +1729,7 @@
 #define helper_le_stl_mmu helper_le_stl_mmu_aarch64eb
 #define helper_le_stq_mmu helper_le_stq_mmu_aarch64eb
 #define helper_le_stw_mmu helper_le_stw_mmu_aarch64eb
+#define helper_lookup_tb_ptr helper_lookup_tb_ptr_aarch64eb
 #define helper_mulsh_i32 helper_mulsh_i32_aarch64eb
 #define helper_mulsh_i64 helper_mulsh_i64_aarch64eb
 #define helper_muluh_i32 helper_muluh_i32_aarch64eb
@@ -2939,6 +2940,7 @@
 #define tb_free tb_free_aarch64eb
 #define tb_gen_code tb_gen_code_aarch64eb
 #define tb_hash_remove tb_hash_remove_aarch64eb
+#define tb_htable_lookup tb_htable_lookup_aarch64eb
 #define tb_invalidate_phys_addr tb_invalidate_phys_addr_aarch64eb
 #define tb_invalidate_phys_page_fast tb_invalidate_phys_page_fast_aarch64eb
 #define tb_invalidate_phys_page_range tb_invalidate_phys_page_range_aarch64eb
@@ -3076,6 +3078,7 @@
 #define tcg_gen_ld_i64 tcg_gen_ld_i64_aarch64eb
 #define tcg_gen_ldst_op_i32 tcg_gen_ldst_op_i32_aarch64eb
 #define tcg_gen_ldst_op_i64 tcg_gen_ldst_op_i64_aarch64eb
+#define tcg_gen_lookup_and_goto_ptr tcg_gen_lookup_and_goto_ptr_aarch64eb
 #define tcg_gen_mb tcg_gen_mb_aarch64eb
 #define tcg_gen_mov_i32 tcg_gen_mov_i32_aarch64eb
 #define tcg_gen_mov_i64 tcg_gen_mov_i64_aarch64eb

qemu/arm.h

@@ -1729,6 +1729,7 @@
 #define helper_le_stl_mmu helper_le_stl_mmu_arm
 #define helper_le_stq_mmu helper_le_stq_mmu_arm
 #define helper_le_stw_mmu helper_le_stw_mmu_arm
+#define helper_lookup_tb_ptr helper_lookup_tb_ptr_arm
 #define helper_mulsh_i32 helper_mulsh_i32_arm
 #define helper_mulsh_i64 helper_mulsh_i64_arm
 #define helper_muluh_i32 helper_muluh_i32_arm
@@ -2939,6 +2940,7 @@
 #define tb_free tb_free_arm
 #define tb_gen_code tb_gen_code_arm
 #define tb_hash_remove tb_hash_remove_arm
+#define tb_htable_lookup tb_htable_lookup_arm
 #define tb_invalidate_phys_addr tb_invalidate_phys_addr_arm
 #define tb_invalidate_phys_page_fast tb_invalidate_phys_page_fast_arm
 #define tb_invalidate_phys_page_range tb_invalidate_phys_page_range_arm
@@ -3076,6 +3078,7 @@
 #define tcg_gen_ld_i64 tcg_gen_ld_i64_arm
 #define tcg_gen_ldst_op_i32 tcg_gen_ldst_op_i32_arm
 #define tcg_gen_ldst_op_i64 tcg_gen_ldst_op_i64_arm
+#define tcg_gen_lookup_and_goto_ptr tcg_gen_lookup_and_goto_ptr_arm
 #define tcg_gen_mb tcg_gen_mb_arm
 #define tcg_gen_mov_i32 tcg_gen_mov_i32_arm
 #define tcg_gen_mov_i64 tcg_gen_mov_i64_arm

qemu/armeb.h

@@ -1729,6 +1729,7 @@
 #define helper_le_stl_mmu helper_le_stl_mmu_armeb
 #define helper_le_stq_mmu helper_le_stq_mmu_armeb
 #define helper_le_stw_mmu helper_le_stw_mmu_armeb
+#define helper_lookup_tb_ptr helper_lookup_tb_ptr_armeb
 #define helper_mulsh_i32 helper_mulsh_i32_armeb
 #define helper_mulsh_i64 helper_mulsh_i64_armeb
 #define helper_muluh_i32 helper_muluh_i32_armeb
@@ -2939,6 +2940,7 @@
 #define tb_free tb_free_armeb
 #define tb_gen_code tb_gen_code_armeb
 #define tb_hash_remove tb_hash_remove_armeb
+#define tb_htable_lookup tb_htable_lookup_armeb
 #define tb_invalidate_phys_addr tb_invalidate_phys_addr_armeb
 #define tb_invalidate_phys_page_fast tb_invalidate_phys_page_fast_armeb
 #define tb_invalidate_phys_page_range tb_invalidate_phys_page_range_armeb
@@ -3076,6 +3078,7 @@
 #define tcg_gen_ld_i64 tcg_gen_ld_i64_armeb
 #define tcg_gen_ldst_op_i32 tcg_gen_ldst_op_i32_armeb
 #define tcg_gen_ldst_op_i64 tcg_gen_ldst_op_i64_armeb
+#define tcg_gen_lookup_and_goto_ptr tcg_gen_lookup_and_goto_ptr_armeb
 #define tcg_gen_mb tcg_gen_mb_armeb
 #define tcg_gen_mov_i32 tcg_gen_mov_i32_armeb
 #define tcg_gen_mov_i64 tcg_gen_mov_i64_armeb

qemu/cpu-exec.c

@@ -110,10 +110,8 @@ static void cpu_exec_nocache(CPUState *cpu, int max_cycles,
     tb_free(env->uc, tb);
 }
 
-static TranslationBlock *tb_htable_lookup(CPUState *cpu,
-                                          target_ulong pc,
-                                          target_ulong cs_base,
-                                          uint32_t flags)
+TranslationBlock *tb_htable_lookup(CPUState *cpu, target_ulong pc,
+                                   target_ulong cs_base, uint32_t flags)
 {
     TCGContext *tcg_ctx = cpu->uc->tcg_ctx;
     CPUArchState *env = (CPUArchState *)cpu->env_ptr;

qemu/header_gen.py

@@ -1735,6 +1735,7 @@ symbols = (
     'helper_le_stl_mmu',
     'helper_le_stq_mmu',
     'helper_le_stw_mmu',
+    'helper_lookup_tb_ptr',
     'helper_mulsh_i32',
     'helper_mulsh_i64',
     'helper_muluh_i32',
@@ -2945,6 +2946,7 @@ symbols = (
     'tb_free',
     'tb_gen_code',
     'tb_hash_remove',
+    'tb_htable_lookup',
     'tb_invalidate_phys_addr',
     'tb_invalidate_phys_page_fast',
     'tb_invalidate_phys_page_range',
@@ -3082,6 +3084,7 @@ symbols = (
     'tcg_gen_ld_i64',
     'tcg_gen_ldst_op_i32',
     'tcg_gen_ldst_op_i64',
+    'tcg_gen_lookup_and_goto_ptr',
     'tcg_gen_mb',
     'tcg_gen_mov_i32',
     'tcg_gen_mov_i64',

qemu/include/exec/exec-all.h

@@ -274,6 +274,8 @@ void tb_free(struct uc_struct *uc, TranslationBlock *tb);
 void tb_flush(CPUState *cpu);
 void tb_phys_invalidate(struct uc_struct *uc,
     TranslationBlock *tb, tb_page_addr_t page_addr);
+TranslationBlock *tb_htable_lookup(CPUState *cpu, target_ulong pc,
+                                   target_ulong cs_base, uint32_t flags);
 
 #if defined(USE_DIRECT_JUMP)
 

qemu/m68k.h

@@ -1729,6 +1729,7 @@
 #define helper_le_stl_mmu helper_le_stl_mmu_m68k
 #define helper_le_stq_mmu helper_le_stq_mmu_m68k
 #define helper_le_stw_mmu helper_le_stw_mmu_m68k
+#define helper_lookup_tb_ptr helper_lookup_tb_ptr_m68k
 #define helper_mulsh_i32 helper_mulsh_i32_m68k
 #define helper_mulsh_i64 helper_mulsh_i64_m68k
 #define helper_muluh_i32 helper_muluh_i32_m68k
@@ -2939,6 +2940,7 @@
 #define tb_free tb_free_m68k
 #define tb_gen_code tb_gen_code_m68k
 #define tb_hash_remove tb_hash_remove_m68k
+#define tb_htable_lookup tb_htable_lookup_m68k
 #define tb_invalidate_phys_addr tb_invalidate_phys_addr_m68k
 #define tb_invalidate_phys_page_fast tb_invalidate_phys_page_fast_m68k
 #define tb_invalidate_phys_page_range tb_invalidate_phys_page_range_m68k
@@ -3076,6 +3078,7 @@
 #define tcg_gen_ld_i64 tcg_gen_ld_i64_m68k
 #define tcg_gen_ldst_op_i32 tcg_gen_ldst_op_i32_m68k
 #define tcg_gen_ldst_op_i64 tcg_gen_ldst_op_i64_m68k
+#define tcg_gen_lookup_and_goto_ptr tcg_gen_lookup_and_goto_ptr_m68k
 #define tcg_gen_mb tcg_gen_mb_m68k
 #define tcg_gen_mov_i32 tcg_gen_mov_i32_m68k
 #define tcg_gen_mov_i64 tcg_gen_mov_i64_m68k

qemu/mips.h

@@ -1729,6 +1729,7 @@
 #define helper_le_stl_mmu helper_le_stl_mmu_mips
 #define helper_le_stq_mmu helper_le_stq_mmu_mips
 #define helper_le_stw_mmu helper_le_stw_mmu_mips
+#define helper_lookup_tb_ptr helper_lookup_tb_ptr_mips
 #define helper_mulsh_i32 helper_mulsh_i32_mips
 #define helper_mulsh_i64 helper_mulsh_i64_mips
 #define helper_muluh_i32 helper_muluh_i32_mips
@@ -2939,6 +2940,7 @@
 #define tb_free tb_free_mips
 #define tb_gen_code tb_gen_code_mips
 #define tb_hash_remove tb_hash_remove_mips
+#define tb_htable_lookup tb_htable_lookup_mips
 #define tb_invalidate_phys_addr tb_invalidate_phys_addr_mips
 #define tb_invalidate_phys_page_fast tb_invalidate_phys_page_fast_mips
 #define tb_invalidate_phys_page_range tb_invalidate_phys_page_range_mips
@@ -3076,6 +3078,7 @@
 #define tcg_gen_ld_i64 tcg_gen_ld_i64_mips
 #define tcg_gen_ldst_op_i32 tcg_gen_ldst_op_i32_mips
 #define tcg_gen_ldst_op_i64 tcg_gen_ldst_op_i64_mips
+#define tcg_gen_lookup_and_goto_ptr tcg_gen_lookup_and_goto_ptr_mips
 #define tcg_gen_mb tcg_gen_mb_mips
 #define tcg_gen_mov_i32 tcg_gen_mov_i32_mips
 #define tcg_gen_mov_i64 tcg_gen_mov_i64_mips

qemu/mips64.h

@@ -1729,6 +1729,7 @@
 #define helper_le_stl_mmu helper_le_stl_mmu_mips64
 #define helper_le_stq_mmu helper_le_stq_mmu_mips64
 #define helper_le_stw_mmu helper_le_stw_mmu_mips64
+#define helper_lookup_tb_ptr helper_lookup_tb_ptr_mips64
 #define helper_mulsh_i32 helper_mulsh_i32_mips64
 #define helper_mulsh_i64 helper_mulsh_i64_mips64
 #define helper_muluh_i32 helper_muluh_i32_mips64
@@ -2939,6 +2940,7 @@
 #define tb_free tb_free_mips64
 #define tb_gen_code tb_gen_code_mips64
 #define tb_hash_remove tb_hash_remove_mips64
+#define tb_htable_lookup tb_htable_lookup_mips64
 #define tb_invalidate_phys_addr tb_invalidate_phys_addr_mips64
 #define tb_invalidate_phys_page_fast tb_invalidate_phys_page_fast_mips64
 #define tb_invalidate_phys_page_range tb_invalidate_phys_page_range_mips64
@@ -3076,6 +3078,7 @@
 #define tcg_gen_ld_i64 tcg_gen_ld_i64_mips64
 #define tcg_gen_ldst_op_i32 tcg_gen_ldst_op_i32_mips64
 #define tcg_gen_ldst_op_i64 tcg_gen_ldst_op_i64_mips64
+#define tcg_gen_lookup_and_goto_ptr tcg_gen_lookup_and_goto_ptr_mips64
 #define tcg_gen_mb tcg_gen_mb_mips64
 #define tcg_gen_mov_i32 tcg_gen_mov_i32_mips64
 #define tcg_gen_mov_i64 tcg_gen_mov_i64_mips64

qemu/mips64el.h

@@ -1729,6 +1729,7 @@
 #define helper_le_stl_mmu helper_le_stl_mmu_mips64el
 #define helper_le_stq_mmu helper_le_stq_mmu_mips64el
 #define helper_le_stw_mmu helper_le_stw_mmu_mips64el
+#define helper_lookup_tb_ptr helper_lookup_tb_ptr_mips64el
 #define helper_mulsh_i32 helper_mulsh_i32_mips64el
 #define helper_mulsh_i64 helper_mulsh_i64_mips64el
 #define helper_muluh_i32 helper_muluh_i32_mips64el
@@ -2939,6 +2940,7 @@
 #define tb_free tb_free_mips64el
 #define tb_gen_code tb_gen_code_mips64el
 #define tb_hash_remove tb_hash_remove_mips64el
+#define tb_htable_lookup tb_htable_lookup_mips64el
 #define tb_invalidate_phys_addr tb_invalidate_phys_addr_mips64el
 #define tb_invalidate_phys_page_fast tb_invalidate_phys_page_fast_mips64el
 #define tb_invalidate_phys_page_range tb_invalidate_phys_page_range_mips64el
@@ -3076,6 +3078,7 @@
 #define tcg_gen_ld_i64 tcg_gen_ld_i64_mips64el
 #define tcg_gen_ldst_op_i32 tcg_gen_ldst_op_i32_mips64el
 #define tcg_gen_ldst_op_i64 tcg_gen_ldst_op_i64_mips64el
+#define tcg_gen_lookup_and_goto_ptr tcg_gen_lookup_and_goto_ptr_mips64el
 #define tcg_gen_mb tcg_gen_mb_mips64el
 #define tcg_gen_mov_i32 tcg_gen_mov_i32_mips64el
 #define tcg_gen_mov_i64 tcg_gen_mov_i64_mips64el

qemu/mipsel.h

@@ -1729,6 +1729,7 @@
 #define helper_le_stl_mmu helper_le_stl_mmu_mipsel
 #define helper_le_stq_mmu helper_le_stq_mmu_mipsel
 #define helper_le_stw_mmu helper_le_stw_mmu_mipsel
+#define helper_lookup_tb_ptr helper_lookup_tb_ptr_mipsel
 #define helper_mulsh_i32 helper_mulsh_i32_mipsel
 #define helper_mulsh_i64 helper_mulsh_i64_mipsel
 #define helper_muluh_i32 helper_muluh_i32_mipsel
@@ -2939,6 +2940,7 @@
 #define tb_free tb_free_mipsel
 #define tb_gen_code tb_gen_code_mipsel
 #define tb_hash_remove tb_hash_remove_mipsel
+#define tb_htable_lookup tb_htable_lookup_mipsel
 #define tb_invalidate_phys_addr tb_invalidate_phys_addr_mipsel
 #define tb_invalidate_phys_page_fast tb_invalidate_phys_page_fast_mipsel
 #define tb_invalidate_phys_page_range tb_invalidate_phys_page_range_mipsel
@@ -3076,6 +3078,7 @@
 #define tcg_gen_ld_i64 tcg_gen_ld_i64_mipsel
 #define tcg_gen_ldst_op_i32 tcg_gen_ldst_op_i32_mipsel
 #define tcg_gen_ldst_op_i64 tcg_gen_ldst_op_i64_mipsel
+#define tcg_gen_lookup_and_goto_ptr tcg_gen_lookup_and_goto_ptr_mipsel
 #define tcg_gen_mb tcg_gen_mb_mipsel
 #define tcg_gen_mov_i32 tcg_gen_mov_i32_mipsel
 #define tcg_gen_mov_i64 tcg_gen_mov_i64_mipsel

qemu/powerpc.h

@@ -1729,6 +1729,7 @@
 #define helper_le_stl_mmu helper_le_stl_mmu_powerpc
 #define helper_le_stq_mmu helper_le_stq_mmu_powerpc
 #define helper_le_stw_mmu helper_le_stw_mmu_powerpc
+#define helper_lookup_tb_ptr helper_lookup_tb_ptr_powerpc
 #define helper_mulsh_i32 helper_mulsh_i32_powerpc
 #define helper_mulsh_i64 helper_mulsh_i64_powerpc
 #define helper_muluh_i32 helper_muluh_i32_powerpc
@@ -2939,6 +2940,7 @@
 #define tb_free tb_free_powerpc
 #define tb_gen_code tb_gen_code_powerpc
 #define tb_hash_remove tb_hash_remove_powerpc
+#define tb_htable_lookup tb_htable_lookup_powerpc
 #define tb_invalidate_phys_addr tb_invalidate_phys_addr_powerpc
 #define tb_invalidate_phys_page_fast tb_invalidate_phys_page_fast_powerpc
 #define tb_invalidate_phys_page_range tb_invalidate_phys_page_range_powerpc
@@ -3076,6 +3078,7 @@
 #define tcg_gen_ld_i64 tcg_gen_ld_i64_powerpc
 #define tcg_gen_ldst_op_i32 tcg_gen_ldst_op_i32_powerpc
 #define tcg_gen_ldst_op_i64 tcg_gen_ldst_op_i64_powerpc
+#define tcg_gen_lookup_and_goto_ptr tcg_gen_lookup_and_goto_ptr_powerpc
 #define tcg_gen_mb tcg_gen_mb_powerpc
 #define tcg_gen_mov_i32 tcg_gen_mov_i32_powerpc
 #define tcg_gen_mov_i64 tcg_gen_mov_i64_powerpc

qemu/sparc.h

@@ -1729,6 +1729,7 @@
 #define helper_le_stl_mmu helper_le_stl_mmu_sparc
 #define helper_le_stq_mmu helper_le_stq_mmu_sparc
 #define helper_le_stw_mmu helper_le_stw_mmu_sparc
+#define helper_lookup_tb_ptr helper_lookup_tb_ptr_sparc
 #define helper_mulsh_i32 helper_mulsh_i32_sparc
 #define helper_mulsh_i64 helper_mulsh_i64_sparc
 #define helper_muluh_i32 helper_muluh_i32_sparc
@@ -2939,6 +2940,7 @@
 #define tb_free tb_free_sparc
 #define tb_gen_code tb_gen_code_sparc
 #define tb_hash_remove tb_hash_remove_sparc
+#define tb_htable_lookup tb_htable_lookup_sparc
 #define tb_invalidate_phys_addr tb_invalidate_phys_addr_sparc
 #define tb_invalidate_phys_page_fast tb_invalidate_phys_page_fast_sparc
 #define tb_invalidate_phys_page_range tb_invalidate_phys_page_range_sparc
@@ -3076,6 +3078,7 @@
 #define tcg_gen_ld_i64 tcg_gen_ld_i64_sparc
 #define tcg_gen_ldst_op_i32 tcg_gen_ldst_op_i32_sparc
 #define tcg_gen_ldst_op_i64 tcg_gen_ldst_op_i64_sparc
+#define tcg_gen_lookup_and_goto_ptr tcg_gen_lookup_and_goto_ptr_sparc
 #define tcg_gen_mb tcg_gen_mb_sparc
 #define tcg_gen_mov_i32 tcg_gen_mov_i32_sparc
 #define tcg_gen_mov_i64 tcg_gen_mov_i64_sparc

qemu/sparc64.h

@@ -1729,6 +1729,7 @@
 #define helper_le_stl_mmu helper_le_stl_mmu_sparc64
 #define helper_le_stq_mmu helper_le_stq_mmu_sparc64
 #define helper_le_stw_mmu helper_le_stw_mmu_sparc64
+#define helper_lookup_tb_ptr helper_lookup_tb_ptr_sparc64
 #define helper_mulsh_i32 helper_mulsh_i32_sparc64
 #define helper_mulsh_i64 helper_mulsh_i64_sparc64
 #define helper_muluh_i32 helper_muluh_i32_sparc64
@@ -2939,6 +2940,7 @@
 #define tb_free tb_free_sparc64
 #define tb_gen_code tb_gen_code_sparc64
 #define tb_hash_remove tb_hash_remove_sparc64
+#define tb_htable_lookup tb_htable_lookup_sparc64
 #define tb_invalidate_phys_addr tb_invalidate_phys_addr_sparc64
 #define tb_invalidate_phys_page_fast tb_invalidate_phys_page_fast_sparc64
 #define tb_invalidate_phys_page_range tb_invalidate_phys_page_range_sparc64
@@ -3076,6 +3078,7 @@
 #define tcg_gen_ld_i64 tcg_gen_ld_i64_sparc64
 #define tcg_gen_ldst_op_i32 tcg_gen_ldst_op_i32_sparc64
 #define tcg_gen_ldst_op_i64 tcg_gen_ldst_op_i64_sparc64
+#define tcg_gen_lookup_and_goto_ptr tcg_gen_lookup_and_goto_ptr_sparc64
 #define tcg_gen_mb tcg_gen_mb_sparc64
 #define tcg_gen_mov_i32 tcg_gen_mov_i32_sparc64
 #define tcg_gen_mov_i64 tcg_gen_mov_i64_sparc64

qemu/tcg-runtime.c

@@ -28,6 +28,7 @@
 #include "exec/helper-proto.h"
 #include "exec/cpu_ldst.h"
 #include "exec/exec-all.h"
+#include "exec/tb-hash.h"
 
 /* 32-bit helpers */
 
@@ -142,6 +143,37 @@ uint64_t HELPER(ctpop_i64)(uint64_t arg)
     return ctpop64(arg);
 }
 
+void *HELPER(lookup_tb_ptr)(CPUArchState *env, target_ulong addr)
+{
+    TCGContext *tcg_ctx = env->uc->tcg_ctx;
+    CPUState *cpu = ENV_GET_CPU(env);
+    TranslationBlock *tb;
+    target_ulong cs_base, pc;
+    uint32_t flags;
+
+    tb = atomic_rcu_read(&cpu->tb_jmp_cache[tb_jmp_cache_hash_func(addr)]);
+    if (likely(tb)) {
+        cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
+        if (likely(tb->pc == addr && tb->cs_base == cs_base &&
+                   tb->flags == flags)) {
+            goto found;
+        }
+        tb = tb_htable_lookup(cpu, addr, cs_base, flags);
+        if (likely(tb)) {
+            atomic_set(&cpu->tb_jmp_cache[tb_jmp_cache_hash_func(addr)], tb);
+            goto found;
+        }
+    }
+    return tcg_ctx->code_gen_epilogue;
+ found:
+    // Unicorn: commented out
+    //qemu_log_mask_and_addr(CPU_LOG_EXEC, addr,
+    //                       "Chain %p [%d: " TARGET_FMT_lx "] %s\n",
+    //                       tb->tc_ptr, cpu->cpu_index, addr,
+    //                       lookup_symbol(addr));
+    return tb->tc_ptr;
+}
+
 void HELPER(exit_atomic)(CPUArchState *env)
 {
     cpu_loop_exit_atomic(ENV_GET_CPU(env), GETPC());

qemu/tcg/README

@@ -472,6 +472,14 @@ current TB was linked to this TB. Otherwise execute the next
 instructions. Only indices 0 and 1 are valid and tcg_gen_goto_tb may be issued
 at most once with each slot index per TB.
 
+* lookup_and_goto_ptr tb_addr
+
+Look up a TB address ('tb_addr') and jump to it if valid. If not valid,
+jump to the TCG epilogue to go back to the exec loop.
+
+This operation is optional. If the TCG backend does not implement the
+goto_ptr opcode, emitting this op is equivalent to emitting exit_tb(0).
+
 * qemu_ld_i32/i64 t0, t1, flags, memidx
 * qemu_st_i32/i64 t0, t1, flags, memidx
 

qemu/tcg/aarch64/tcg-target.h

@@ -77,6 +77,7 @@ typedef enum {
 #define TCG_TARGET_HAS_mulsh_i32        0
 #define TCG_TARGET_HAS_extrl_i64_i32    0
 #define TCG_TARGET_HAS_extrh_i64_i32    0
+#define TCG_TARGET_HAS_goto_ptr         0
 
 #define TCG_TARGET_HAS_div_i64          1
 #define TCG_TARGET_HAS_rem_i64          1

qemu/tcg/arm/tcg-target.h

@@ -124,6 +124,7 @@ extern bool use_idiv_instructions_rt;
 #define TCG_TARGET_HAS_mulsh_i32        0
 #define TCG_TARGET_HAS_div_i32          use_idiv_instructions
 #define TCG_TARGET_HAS_rem_i32          0
+#define TCG_TARGET_HAS_goto_ptr         0
 
 enum {
     TCG_AREG0 = TCG_REG_R6,

qemu/tcg/i386/tcg-target.h

@@ -107,6 +107,7 @@ extern bool have_popcnt;
 #define TCG_TARGET_HAS_muls2_i32        1
 #define TCG_TARGET_HAS_muluh_i32        0
 #define TCG_TARGET_HAS_mulsh_i32        0
+#define TCG_TARGET_HAS_goto_ptr         0
 
 #if TCG_TARGET_REG_BITS == 64
 #define TCG_TARGET_HAS_extrl_i64_i32    0

qemu/tcg/mips/tcg-target.h

@@ -130,6 +130,7 @@ extern bool use_mips32r2_instructions;
 #define TCG_TARGET_HAS_muluh_i32        1
 #define TCG_TARGET_HAS_mulsh_i32        1
 #define TCG_TARGET_HAS_bswap32_i32      1
+#define TCG_TARGET_HAS_goto_ptr         0
 
 #if TCG_TARGET_REG_BITS == 64
 #define TCG_TARGET_HAS_add2_i32         0

qemu/tcg/ppc/tcg-target.h

@@ -82,6 +82,7 @@ extern bool have_isa_3_00;
 #define TCG_TARGET_HAS_muls2_i32        0
 #define TCG_TARGET_HAS_muluh_i32        1
 #define TCG_TARGET_HAS_mulsh_i32        1
+#define TCG_TARGET_HAS_goto_ptr         0
 
 #if TCG_TARGET_REG_BITS == 64
 #define TCG_TARGET_HAS_add2_i32         0

qemu/tcg/s390/tcg-target.h

@@ -92,6 +92,7 @@ extern uint64_t s390_facilities;
 #define TCG_TARGET_HAS_mulsh_i32      0
 #define TCG_TARGET_HAS_extrl_i64_i32  0
 #define TCG_TARGET_HAS_extrh_i64_i32  0
+#define TCG_TARGET_HAS_goto_ptr       0
 
 #define TCG_TARGET_HAS_div2_i64       1
 #define TCG_TARGET_HAS_rot_i64        1

qemu/tcg/sparc/tcg-target.h

@@ -123,6 +123,7 @@ extern bool use_vis3_instructions;
 #define TCG_TARGET_HAS_muls2_i32        1
 #define TCG_TARGET_HAS_muluh_i32        0
 #define TCG_TARGET_HAS_mulsh_i32        0
+#define TCG_TARGET_HAS_goto_ptr         0
 
 #define TCG_TARGET_HAS_extrl_i64_i32    1
 #define TCG_TARGET_HAS_extrh_i64_i32    1

qemu/tcg/tcg-op.c

@@ -2601,6 +2601,18 @@ void tcg_gen_goto_tb(TCGContext *s, unsigned idx)
     tcg_gen_op1i(s, INDEX_op_goto_tb, idx);
 }
 
+void tcg_gen_lookup_and_goto_ptr(TCGContext *s, TCGv addr)
+{
+    if (TCG_TARGET_HAS_goto_ptr && !qemu_loglevel_mask(CPU_LOG_TB_NOCHAIN)) {
+        TCGv_ptr ptr = tcg_temp_new_ptr(s);
+        gen_helper_lookup_tb_ptr(s, ptr, s->tcg_env, addr);
+        tcg_gen_op1i(s, INDEX_op_goto_ptr, GET_TCGV_PTR(ptr));
+        tcg_temp_free_ptr(s, ptr);
+    } else {
+        tcg_gen_exit_tb(s, 0);
+    }
+}
+
 static inline TCGMemOp tcg_canonicalize_memop(TCGMemOp op, bool is64, bool st)
 {
     /* Trigger the asserts within as early as possible.  */

qemu/tcg/tcg-op.h

@@ -796,6 +796,17 @@ static inline void tcg_gen_exit_tb(TCGContext *s, uintptr_t val)
  */
 void tcg_gen_goto_tb(TCGContext *s, unsigned idx);
 
+/**
+ * tcg_gen_lookup_and_goto_ptr() - look up a TB and jump to it if valid
+ * @addr: Guest address of the target TB
+ *
+ * If the TB is not valid, jump to the epilogue.
+ *
+ * This operation is optional. If the TCG backend does not implement goto_ptr,
+ * this op is equivalent to calling tcg_gen_exit_tb() with 0 as the argument.
+ */
+void tcg_gen_lookup_and_goto_ptr(TCGContext *s, TCGv addr);
+
 #if TARGET_LONG_BITS == 32
 #define tcg_temp_new(s) tcg_temp_new_i32(s)
 #define tcg_global_reg_new tcg_global_reg_new_i32

qemu/tcg/tcg-opc.h

@@ -199,6 +199,7 @@ DEF(insn_start, 0, 0, TLADDR_ARGS * TARGET_INSN_START_WORDS,
     TCG_OPF_NOT_PRESENT)
 DEF(exit_tb, 0, 0, 1, TCG_OPF_BB_END)
 DEF(goto_tb, 0, 0, 1, TCG_OPF_BB_END)
+DEF(goto_ptr, 0, 1, 0, TCG_OPF_BB_END | IMPL(TCG_TARGET_HAS_goto_ptr))
 
 DEF(qemu_ld_i32, 1, TLADDR_ARGS, 1,
     TCG_OPF_CALL_CLOBBER | TCG_OPF_SIDE_EFFECTS)

qemu/tcg/tcg-runtime.h

@@ -24,6 +24,8 @@ DEF_HELPER_FLAGS_1(clrsb_i64, TCG_CALL_NO_RWG_SE, i64, i64)
 DEF_HELPER_FLAGS_1(ctpop_i32, TCG_CALL_NO_RWG_SE, i32, i32)
 DEF_HELPER_FLAGS_1(ctpop_i64, TCG_CALL_NO_RWG_SE, i64, i64)
 
+DEF_HELPER_FLAGS_2(lookup_tb_ptr, TCG_CALL_NO_WG_SE, ptr, env, tl)
+
 DEF_HELPER_FLAGS_1(exit_atomic, TCG_CALL_NO_WG, noreturn, env)
 
 #ifdef CONFIG_SOFTMMU

qemu/tcg/tcg.c

@@ -417,6 +417,11 @@ void tcg_prologue_init(TCGContext *s)
         qemu_log_flush();
     }
 #endif
+
+    /* Assert that goto_ptr is implemented completely.  */
+    if (TCG_TARGET_HAS_goto_ptr) {
+        tcg_debug_assert(s->code_gen_epilogue != NULL);
+    }
 }
 
 void tcg_func_start(TCGContext *s)

qemu/tcg/tcg.h

@@ -828,6 +828,7 @@ struct TCGContext {
        extension that allows arithmetic on void*.  */
     int code_gen_max_blocks;
     void *code_gen_prologue;
+    void *code_gen_epilogue;
     void *code_gen_buffer;
     size_t code_gen_buffer_size;
     void *code_gen_ptr;
@@ -1008,7 +1009,7 @@ static inline bool tcg_op_buf_full(TCGContext *tcg_ctx)
 }
 
 // UNICORN: Added
-#define TCG_OP_DEFS_TABLE_SIZE 135
+#define TCG_OP_DEFS_TABLE_SIZE 136
 extern const TCGOpDef tcg_op_defs_org[TCG_OP_DEFS_TABLE_SIZE];
 
 typedef struct TCGTargetOpDef {

qemu/x86_64.h

@@ -1729,6 +1729,7 @@
 #define helper_le_stl_mmu helper_le_stl_mmu_x86_64
 #define helper_le_stq_mmu helper_le_stq_mmu_x86_64
 #define helper_le_stw_mmu helper_le_stw_mmu_x86_64
+#define helper_lookup_tb_ptr helper_lookup_tb_ptr_x86_64
 #define helper_mulsh_i32 helper_mulsh_i32_x86_64
 #define helper_mulsh_i64 helper_mulsh_i64_x86_64
 #define helper_muluh_i32 helper_muluh_i32_x86_64
@@ -2939,6 +2940,7 @@
 #define tb_free tb_free_x86_64
 #define tb_gen_code tb_gen_code_x86_64
 #define tb_hash_remove tb_hash_remove_x86_64
+#define tb_htable_lookup tb_htable_lookup_x86_64
 #define tb_invalidate_phys_addr tb_invalidate_phys_addr_x86_64
 #define tb_invalidate_phys_page_fast tb_invalidate_phys_page_fast_x86_64
 #define tb_invalidate_phys_page_range tb_invalidate_phys_page_range_x86_64
@@ -3076,6 +3078,7 @@
 #define tcg_gen_ld_i64 tcg_gen_ld_i64_x86_64
 #define tcg_gen_ldst_op_i32 tcg_gen_ldst_op_i32_x86_64
 #define tcg_gen_ldst_op_i64 tcg_gen_ldst_op_i64_x86_64
+#define tcg_gen_lookup_and_goto_ptr tcg_gen_lookup_and_goto_ptr_x86_64
 #define tcg_gen_mb tcg_gen_mb_x86_64
 #define tcg_gen_mov_i32 tcg_gen_mov_i32_x86_64
 #define tcg_gen_mov_i64 tcg_gen_mov_i64_x86_64