tcg: Dynamically allocate TCGOps

With no fixed array allocation, we can't overflow a buffer.
This will be important as optimizations related to host vectors
may expand the number of ops used.

Use QTAILQ to link the ops together.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

include/exec/gen-icount.h

@@ -5,7 +5,7 @@
 
 /* Helpers for instruction counting code generation.  */
 
-static int icount_start_insn_idx;
+static TCGOp *icount_start_insn;
 
 static inline void gen_tb_start(TranslationBlock *tb)
 {
@@ -26,8 +26,8 @@ static inline void gen_tb_start(TranslationBlock *tb)
         /* We emit a movi with a dummy immediate argument. Keep the insn index
          * of the movi so that we later (when we know the actual insn count)
          * can update the immediate argument with the actual insn count.  */
-        icount_start_insn_idx = tcg_op_buf_count();
         tcg_gen_movi_i32(imm, 0xdeadbeef);
+        icount_start_insn = tcg_last_op();
 
         tcg_gen_sub_i32(count, count, imm);
         tcg_temp_free_i32(imm);
@@ -48,14 +48,11 @@ static inline void gen_tb_end(TranslationBlock *tb, int num_insns)
     if (tb_cflags(tb) & CF_USE_ICOUNT) {
         /* Update the num_insn immediate parameter now that we know
          * the actual insn count.  */
-        tcg_set_insn_param(icount_start_insn_idx, 1, num_insns);
+        tcg_set_insn_param(icount_start_insn, 1, num_insns);
     }
 
     gen_set_label(tcg_ctx->exitreq_label);
     tcg_gen_exit_tb((uintptr_t)tb + TB_EXIT_REQUESTED);
-
-    /* Terminate the linked list.  */
-    tcg_ctx->gen_op_buf[tcg_ctx->gen_op_buf[0].prev].next = 0;
 }
 
 static inline void gen_io_start(void)