1 /* 2 * Generic intermediate code generation. 3 * 4 * Copyright (C) 2016-2017 Lluís Vilanova <vilanova@ac.upc.edu> 5 * 6 * This work is licensed under the terms of the GNU GPL, version 2 or later. 7 * See the COPYING file in the top-level directory. 8 */ 9 10 #include "qemu/osdep.h" 11 #include "qemu/log.h" 12 #include "qemu/error-report.h" 13 #include "exec/exec-all.h" 14 #include "exec/translator.h" 15 #include "exec/cpu_ldst.h" 16 #include "exec/plugin-gen.h" 17 #include "tcg/tcg-op-common.h" 18 #include "internal-target.h" 19 20 static void set_can_do_io(DisasContextBase *db, bool val) 21 { 22 QEMU_BUILD_BUG_ON(sizeof_field(CPUState, neg.can_do_io) != 1); 23 tcg_gen_st8_i32(tcg_constant_i32(val), tcg_env, 24 offsetof(ArchCPU, parent_obj.neg.can_do_io) - 25 offsetof(ArchCPU, env)); 26 } 27 28 bool translator_io_start(DisasContextBase *db) 29 { 30 /* 31 * Ensure that this instruction will be the last in the TB. 32 * The target may override this to something more forceful. 33 */ 34 if (db->is_jmp == DISAS_NEXT) { 35 db->is_jmp = DISAS_TOO_MANY; 36 } 37 return true; 38 } 39 40 static TCGOp *gen_tb_start(DisasContextBase *db, uint32_t cflags) 41 { 42 TCGv_i32 count = NULL; 43 TCGOp *icount_start_insn = NULL; 44 45 if ((cflags & CF_USE_ICOUNT) || !(cflags & CF_NOIRQ)) { 46 count = tcg_temp_new_i32(); 47 tcg_gen_ld_i32(count, tcg_env, 48 offsetof(ArchCPU, parent_obj.neg.icount_decr.u32) 49 - offsetof(ArchCPU, env)); 50 } 51 52 if (cflags & CF_USE_ICOUNT) { 53 /* 54 * We emit a sub with a dummy immediate argument. Keep the insn index 55 * of the sub so that we later (when we know the actual insn count) 56 * can update the argument with the actual insn count. 57 */ 58 tcg_gen_sub_i32(count, count, tcg_constant_i32(0)); 59 icount_start_insn = tcg_last_op(); 60 } 61 62 /* 63 * Emit the check against icount_decr.u32 to see if we should exit 64 * unless we suppress the check with CF_NOIRQ. If we are using 65 * icount and have suppressed interruption the higher level code 66 * should have ensured we don't run more instructions than the 67 * budget. 68 */ 69 if (cflags & CF_NOIRQ) { 70 tcg_ctx->exitreq_label = NULL; 71 } else { 72 tcg_ctx->exitreq_label = gen_new_label(); 73 tcg_gen_brcondi_i32(TCG_COND_LT, count, 0, tcg_ctx->exitreq_label); 74 } 75 76 if (cflags & CF_USE_ICOUNT) { 77 tcg_gen_st16_i32(count, tcg_env, 78 offsetof(ArchCPU, parent_obj.neg.icount_decr.u16.low) 79 - offsetof(ArchCPU, env)); 80 } 81 82 return icount_start_insn; 83 } 84 85 static void gen_tb_end(const TranslationBlock *tb, uint32_t cflags, 86 TCGOp *icount_start_insn, int num_insns) 87 { 88 if (cflags & CF_USE_ICOUNT) { 89 /* 90 * Update the num_insn immediate parameter now that we know 91 * the actual insn count. 92 */ 93 tcg_set_insn_param(icount_start_insn, 2, 94 tcgv_i32_arg(tcg_constant_i32(num_insns))); 95 } 96 97 if (tcg_ctx->exitreq_label) { 98 gen_set_label(tcg_ctx->exitreq_label); 99 tcg_gen_exit_tb(tb, TB_EXIT_REQUESTED); 100 } 101 } 102 103 bool translator_use_goto_tb(DisasContextBase *db, vaddr dest) 104 { 105 /* Suppress goto_tb if requested. */ 106 if (tb_cflags(db->tb) & CF_NO_GOTO_TB) { 107 return false; 108 } 109 110 /* Check for the dest on the same page as the start of the TB. */ 111 return ((db->pc_first ^ dest) & TARGET_PAGE_MASK) == 0; 112 } 113 114 void translator_loop(CPUState *cpu, TranslationBlock *tb, int *max_insns, 115 vaddr pc, void *host_pc, const TranslatorOps *ops, 116 DisasContextBase *db) 117 { 118 uint32_t cflags = tb_cflags(tb); 119 TCGOp *icount_start_insn; 120 TCGOp *first_insn_start = NULL; 121 bool plugin_enabled; 122 123 /* Initialize DisasContext */ 124 db->tb = tb; 125 db->pc_first = pc; 126 db->pc_next = pc; 127 db->is_jmp = DISAS_NEXT; 128 db->num_insns = 0; 129 db->max_insns = *max_insns; 130 db->singlestep_enabled = cflags & CF_SINGLE_STEP; 131 db->insn_start = NULL; 132 db->host_addr[0] = host_pc; 133 db->host_addr[1] = NULL; 134 135 ops->init_disas_context(db, cpu); 136 tcg_debug_assert(db->is_jmp == DISAS_NEXT); /* no early exit */ 137 138 /* Start translating. */ 139 icount_start_insn = gen_tb_start(db, cflags); 140 ops->tb_start(db, cpu); 141 tcg_debug_assert(db->is_jmp == DISAS_NEXT); /* no early exit */ 142 143 plugin_enabled = plugin_gen_tb_start(cpu, db, cflags & CF_MEMI_ONLY); 144 db->plugin_enabled = plugin_enabled; 145 146 while (true) { 147 *max_insns = ++db->num_insns; 148 ops->insn_start(db, cpu); 149 db->insn_start = tcg_last_op(); 150 if (first_insn_start == NULL) { 151 first_insn_start = db->insn_start; 152 } 153 tcg_debug_assert(db->is_jmp == DISAS_NEXT); /* no early exit */ 154 155 if (plugin_enabled) { 156 plugin_gen_insn_start(cpu, db); 157 } 158 159 /* 160 * Disassemble one instruction. The translate_insn hook should 161 * update db->pc_next and db->is_jmp to indicate what should be 162 * done next -- either exiting this loop or locate the start of 163 * the next instruction. 164 */ 165 ops->translate_insn(db, cpu); 166 167 /* 168 * We can't instrument after instructions that change control 169 * flow although this only really affects post-load operations. 170 * 171 * Calling plugin_gen_insn_end() before we possibly stop translation 172 * is important. Even if this ends up as dead code, plugin generation 173 * needs to see a matching plugin_gen_insn_{start,end}() pair in order 174 * to accurately track instrumented helpers that might access memory. 175 */ 176 if (plugin_enabled) { 177 plugin_gen_insn_end(); 178 } 179 180 /* Stop translation if translate_insn so indicated. */ 181 if (db->is_jmp != DISAS_NEXT) { 182 break; 183 } 184 185 /* Stop translation if the output buffer is full, 186 or we have executed all of the allowed instructions. */ 187 if (tcg_op_buf_full() || db->num_insns >= db->max_insns) { 188 db->is_jmp = DISAS_TOO_MANY; 189 break; 190 } 191 } 192 193 /* Emit code to exit the TB, as indicated by db->is_jmp. */ 194 ops->tb_stop(db, cpu); 195 gen_tb_end(tb, cflags, icount_start_insn, db->num_insns); 196 197 /* 198 * Manage can_do_io for the translation block: set to false before 199 * the first insn and set to true before the last insn. 200 */ 201 if (db->num_insns == 1) { 202 tcg_debug_assert(first_insn_start == db->insn_start); 203 } else { 204 tcg_debug_assert(first_insn_start != db->insn_start); 205 tcg_ctx->emit_before_op = first_insn_start; 206 set_can_do_io(db, false); 207 } 208 tcg_ctx->emit_before_op = db->insn_start; 209 set_can_do_io(db, true); 210 tcg_ctx->emit_before_op = NULL; 211 212 if (plugin_enabled) { 213 plugin_gen_tb_end(cpu, db->num_insns); 214 } 215 216 /* The disas_log hook may use these values rather than recompute. */ 217 tb->size = db->pc_next - db->pc_first; 218 tb->icount = db->num_insns; 219 220 if (qemu_loglevel_mask(CPU_LOG_TB_IN_ASM) 221 && qemu_log_in_addr_range(db->pc_first)) { 222 FILE *logfile = qemu_log_trylock(); 223 if (logfile) { 224 fprintf(logfile, "----------------\n"); 225 ops->disas_log(db, cpu, logfile); 226 fprintf(logfile, "\n"); 227 qemu_log_unlock(logfile); 228 } 229 } 230 } 231 232 static void *translator_access(CPUArchState *env, DisasContextBase *db, 233 vaddr pc, size_t len) 234 { 235 void *host; 236 vaddr base, end; 237 TranslationBlock *tb; 238 239 tb = db->tb; 240 241 /* Use slow path if first page is MMIO. */ 242 if (unlikely(tb_page_addr0(tb) == -1)) { 243 return NULL; 244 } 245 246 end = pc + len - 1; 247 if (likely(is_same_page(db, end))) { 248 host = db->host_addr[0]; 249 base = db->pc_first; 250 } else { 251 host = db->host_addr[1]; 252 base = TARGET_PAGE_ALIGN(db->pc_first); 253 if (host == NULL) { 254 tb_page_addr_t page0, old_page1, new_page1; 255 256 new_page1 = get_page_addr_code_hostp(env, base, &db->host_addr[1]); 257 258 /* 259 * If the second page is MMIO, treat as if the first page 260 * was MMIO as well, so that we do not cache the TB. 261 */ 262 if (unlikely(new_page1 == -1)) { 263 tb_unlock_pages(tb); 264 tb_set_page_addr0(tb, -1); 265 return NULL; 266 } 267 268 /* 269 * If this is not the first time around, and page1 matches, 270 * then we already have the page locked. Alternately, we're 271 * not doing anything to prevent the PTE from changing, so 272 * we might wind up with a different page, requiring us to 273 * re-do the locking. 274 */ 275 old_page1 = tb_page_addr1(tb); 276 if (likely(new_page1 != old_page1)) { 277 page0 = tb_page_addr0(tb); 278 if (unlikely(old_page1 != -1)) { 279 tb_unlock_page1(page0, old_page1); 280 } 281 tb_set_page_addr1(tb, new_page1); 282 tb_lock_page1(page0, new_page1); 283 } 284 host = db->host_addr[1]; 285 } 286 287 /* Use slow path when crossing pages. */ 288 if (is_same_page(db, pc)) { 289 return NULL; 290 } 291 } 292 293 tcg_debug_assert(pc >= base); 294 return host + (pc - base); 295 } 296 297 static void plugin_insn_append(abi_ptr pc, const void *from, size_t size) 298 { 299 #ifdef CONFIG_PLUGIN 300 struct qemu_plugin_insn *insn = tcg_ctx->plugin_insn; 301 abi_ptr off; 302 303 if (insn == NULL) { 304 return; 305 } 306 off = pc - insn->vaddr; 307 if (off < insn->data->len) { 308 g_byte_array_set_size(insn->data, off); 309 } else if (off > insn->data->len) { 310 /* we have an unexpected gap */ 311 g_assert_not_reached(); 312 } 313 314 insn->data = g_byte_array_append(insn->data, from, size); 315 #endif 316 } 317 318 uint8_t translator_ldub(CPUArchState *env, DisasContextBase *db, abi_ptr pc) 319 { 320 uint8_t ret; 321 void *p = translator_access(env, db, pc, sizeof(ret)); 322 323 if (p) { 324 plugin_insn_append(pc, p, sizeof(ret)); 325 return ldub_p(p); 326 } 327 ret = cpu_ldub_code(env, pc); 328 plugin_insn_append(pc, &ret, sizeof(ret)); 329 return ret; 330 } 331 332 uint16_t translator_lduw(CPUArchState *env, DisasContextBase *db, abi_ptr pc) 333 { 334 uint16_t ret, plug; 335 void *p = translator_access(env, db, pc, sizeof(ret)); 336 337 if (p) { 338 plugin_insn_append(pc, p, sizeof(ret)); 339 return lduw_p(p); 340 } 341 ret = cpu_lduw_code(env, pc); 342 plug = tswap16(ret); 343 plugin_insn_append(pc, &plug, sizeof(ret)); 344 return ret; 345 } 346 347 uint32_t translator_ldl(CPUArchState *env, DisasContextBase *db, abi_ptr pc) 348 { 349 uint32_t ret, plug; 350 void *p = translator_access(env, db, pc, sizeof(ret)); 351 352 if (p) { 353 plugin_insn_append(pc, p, sizeof(ret)); 354 return ldl_p(p); 355 } 356 ret = cpu_ldl_code(env, pc); 357 plug = tswap32(ret); 358 plugin_insn_append(pc, &plug, sizeof(ret)); 359 return ret; 360 } 361 362 uint64_t translator_ldq(CPUArchState *env, DisasContextBase *db, abi_ptr pc) 363 { 364 uint64_t ret, plug; 365 void *p = translator_access(env, db, pc, sizeof(ret)); 366 367 if (p) { 368 plugin_insn_append(pc, p, sizeof(ret)); 369 return ldq_p(p); 370 } 371 ret = cpu_ldq_code(env, pc); 372 plug = tswap64(ret); 373 plugin_insn_append(pc, &plug, sizeof(ret)); 374 return ret; 375 } 376 377 void translator_fake_ldb(uint8_t insn8, abi_ptr pc) 378 { 379 plugin_insn_append(pc, &insn8, sizeof(insn8)); 380 } 381