1 /* 2 * Generic intermediate code generation. 3 * 4 * Copyright (C) 2016-2017 Lluís Vilanova <vilanova@ac.upc.edu> 5 * 6 * This work is licensed under the terms of the GNU GPL, version 2 or later. 7 * See the COPYING file in the top-level directory. 8 */ 9 10 #include "qemu/osdep.h" 11 #include "qemu/log.h" 12 #include "qemu/error-report.h" 13 #include "exec/exec-all.h" 14 #include "exec/translator.h" 15 #include "exec/plugin-gen.h" 16 #include "tcg/tcg-op-common.h" 17 #include "internal.h" 18 19 static void gen_io_start(void) 20 { 21 tcg_gen_st_i32(tcg_constant_i32(1), cpu_env, 22 offsetof(ArchCPU, parent_obj.can_do_io) - 23 offsetof(ArchCPU, env)); 24 } 25 26 bool translator_io_start(DisasContextBase *db) 27 { 28 uint32_t cflags = tb_cflags(db->tb); 29 30 if (!(cflags & CF_USE_ICOUNT)) { 31 return false; 32 } 33 if (db->num_insns == db->max_insns && (cflags & CF_LAST_IO)) { 34 /* Already started in translator_loop. */ 35 return true; 36 } 37 38 gen_io_start(); 39 40 /* 41 * Ensure that this instruction will be the last in the TB. 42 * The target may override this to something more forceful. 43 */ 44 if (db->is_jmp == DISAS_NEXT) { 45 db->is_jmp = DISAS_TOO_MANY; 46 } 47 return true; 48 } 49 50 static TCGOp *gen_tb_start(uint32_t cflags) 51 { 52 TCGv_i32 count = tcg_temp_new_i32(); 53 TCGOp *icount_start_insn = NULL; 54 55 tcg_gen_ld_i32(count, cpu_env, 56 offsetof(ArchCPU, neg.icount_decr.u32) - 57 offsetof(ArchCPU, env)); 58 59 if (cflags & CF_USE_ICOUNT) { 60 /* 61 * We emit a sub with a dummy immediate argument. Keep the insn index 62 * of the sub so that we later (when we know the actual insn count) 63 * can update the argument with the actual insn count. 64 */ 65 tcg_gen_sub_i32(count, count, tcg_constant_i32(0)); 66 icount_start_insn = tcg_last_op(); 67 } 68 69 /* 70 * Emit the check against icount_decr.u32 to see if we should exit 71 * unless we suppress the check with CF_NOIRQ. If we are using 72 * icount and have suppressed interruption the higher level code 73 * should have ensured we don't run more instructions than the 74 * budget. 75 */ 76 if (cflags & CF_NOIRQ) { 77 tcg_ctx->exitreq_label = NULL; 78 } else { 79 tcg_ctx->exitreq_label = gen_new_label(); 80 tcg_gen_brcondi_i32(TCG_COND_LT, count, 0, tcg_ctx->exitreq_label); 81 } 82 83 if (cflags & CF_USE_ICOUNT) { 84 tcg_gen_st16_i32(count, cpu_env, 85 offsetof(ArchCPU, neg.icount_decr.u16.low) - 86 offsetof(ArchCPU, env)); 87 /* 88 * cpu->can_do_io is cleared automatically here at the beginning of 89 * each translation block. The cost is minimal and only paid for 90 * -icount, plus it would be very easy to forget doing it in the 91 * translator. Doing it here means we don't need a gen_io_end() to 92 * go with gen_io_start(). 93 */ 94 tcg_gen_st_i32(tcg_constant_i32(0), cpu_env, 95 offsetof(ArchCPU, parent_obj.can_do_io) - 96 offsetof(ArchCPU, env)); 97 } 98 99 return icount_start_insn; 100 } 101 102 static void gen_tb_end(const TranslationBlock *tb, uint32_t cflags, 103 TCGOp *icount_start_insn, int num_insns) 104 { 105 if (cflags & CF_USE_ICOUNT) { 106 /* 107 * Update the num_insn immediate parameter now that we know 108 * the actual insn count. 109 */ 110 tcg_set_insn_param(icount_start_insn, 2, 111 tcgv_i32_arg(tcg_constant_i32(num_insns))); 112 } 113 114 if (tcg_ctx->exitreq_label) { 115 gen_set_label(tcg_ctx->exitreq_label); 116 tcg_gen_exit_tb(tb, TB_EXIT_REQUESTED); 117 } 118 } 119 120 bool translator_use_goto_tb(DisasContextBase *db, vaddr dest) 121 { 122 /* Suppress goto_tb if requested. */ 123 if (tb_cflags(db->tb) & CF_NO_GOTO_TB) { 124 return false; 125 } 126 127 /* Check for the dest on the same page as the start of the TB. */ 128 return ((db->pc_first ^ dest) & TARGET_PAGE_MASK) == 0; 129 } 130 131 void translator_loop(CPUState *cpu, TranslationBlock *tb, int *max_insns, 132 vaddr pc, void *host_pc, const TranslatorOps *ops, 133 DisasContextBase *db) 134 { 135 uint32_t cflags = tb_cflags(tb); 136 TCGOp *icount_start_insn; 137 bool plugin_enabled; 138 139 /* Initialize DisasContext */ 140 db->tb = tb; 141 db->pc_first = pc; 142 db->pc_next = pc; 143 db->is_jmp = DISAS_NEXT; 144 db->num_insns = 0; 145 db->max_insns = *max_insns; 146 db->singlestep_enabled = cflags & CF_SINGLE_STEP; 147 db->host_addr[0] = host_pc; 148 db->host_addr[1] = NULL; 149 150 ops->init_disas_context(db, cpu); 151 tcg_debug_assert(db->is_jmp == DISAS_NEXT); /* no early exit */ 152 153 /* Start translating. */ 154 icount_start_insn = gen_tb_start(cflags); 155 ops->tb_start(db, cpu); 156 tcg_debug_assert(db->is_jmp == DISAS_NEXT); /* no early exit */ 157 158 plugin_enabled = plugin_gen_tb_start(cpu, db, cflags & CF_MEMI_ONLY); 159 160 while (true) { 161 *max_insns = ++db->num_insns; 162 ops->insn_start(db, cpu); 163 tcg_debug_assert(db->is_jmp == DISAS_NEXT); /* no early exit */ 164 165 if (plugin_enabled) { 166 plugin_gen_insn_start(cpu, db); 167 } 168 169 /* Disassemble one instruction. The translate_insn hook should 170 update db->pc_next and db->is_jmp to indicate what should be 171 done next -- either exiting this loop or locate the start of 172 the next instruction. */ 173 if (db->num_insns == db->max_insns && (cflags & CF_LAST_IO)) { 174 /* Accept I/O on the last instruction. */ 175 gen_io_start(); 176 ops->translate_insn(db, cpu); 177 } else { 178 /* we should only see CF_MEMI_ONLY for io_recompile */ 179 tcg_debug_assert(!(cflags & CF_MEMI_ONLY)); 180 ops->translate_insn(db, cpu); 181 } 182 183 /* 184 * We can't instrument after instructions that change control 185 * flow although this only really affects post-load operations. 186 * 187 * Calling plugin_gen_insn_end() before we possibly stop translation 188 * is important. Even if this ends up as dead code, plugin generation 189 * needs to see a matching plugin_gen_insn_{start,end}() pair in order 190 * to accurately track instrumented helpers that might access memory. 191 */ 192 if (plugin_enabled) { 193 plugin_gen_insn_end(); 194 } 195 196 /* Stop translation if translate_insn so indicated. */ 197 if (db->is_jmp != DISAS_NEXT) { 198 break; 199 } 200 201 /* Stop translation if the output buffer is full, 202 or we have executed all of the allowed instructions. */ 203 if (tcg_op_buf_full() || db->num_insns >= db->max_insns) { 204 db->is_jmp = DISAS_TOO_MANY; 205 break; 206 } 207 } 208 209 /* Emit code to exit the TB, as indicated by db->is_jmp. */ 210 ops->tb_stop(db, cpu); 211 gen_tb_end(tb, cflags, icount_start_insn, db->num_insns); 212 213 if (plugin_enabled) { 214 plugin_gen_tb_end(cpu); 215 } 216 217 /* The disas_log hook may use these values rather than recompute. */ 218 tb->size = db->pc_next - db->pc_first; 219 tb->icount = db->num_insns; 220 221 if (qemu_loglevel_mask(CPU_LOG_TB_IN_ASM) 222 && qemu_log_in_addr_range(db->pc_first)) { 223 FILE *logfile = qemu_log_trylock(); 224 if (logfile) { 225 fprintf(logfile, "----------------\n"); 226 ops->disas_log(db, cpu, logfile); 227 fprintf(logfile, "\n"); 228 qemu_log_unlock(logfile); 229 } 230 } 231 } 232 233 static void *translator_access(CPUArchState *env, DisasContextBase *db, 234 vaddr pc, size_t len) 235 { 236 void *host; 237 vaddr base, end; 238 TranslationBlock *tb; 239 240 tb = db->tb; 241 242 /* Use slow path if first page is MMIO. */ 243 if (unlikely(tb_page_addr0(tb) == -1)) { 244 return NULL; 245 } 246 247 end = pc + len - 1; 248 if (likely(is_same_page(db, end))) { 249 host = db->host_addr[0]; 250 base = db->pc_first; 251 } else { 252 host = db->host_addr[1]; 253 base = TARGET_PAGE_ALIGN(db->pc_first); 254 if (host == NULL) { 255 tb_page_addr_t page0, old_page1, new_page1; 256 257 new_page1 = get_page_addr_code_hostp(env, base, &db->host_addr[1]); 258 259 /* 260 * If the second page is MMIO, treat as if the first page 261 * was MMIO as well, so that we do not cache the TB. 262 */ 263 if (unlikely(new_page1 == -1)) { 264 tb_unlock_pages(tb); 265 tb_set_page_addr0(tb, -1); 266 return NULL; 267 } 268 269 /* 270 * If this is not the first time around, and page1 matches, 271 * then we already have the page locked. Alternately, we're 272 * not doing anything to prevent the PTE from changing, so 273 * we might wind up with a different page, requiring us to 274 * re-do the locking. 275 */ 276 old_page1 = tb_page_addr1(tb); 277 if (likely(new_page1 != old_page1)) { 278 page0 = tb_page_addr0(tb); 279 if (unlikely(old_page1 != -1)) { 280 tb_unlock_page1(page0, old_page1); 281 } 282 tb_set_page_addr1(tb, new_page1); 283 tb_lock_page1(page0, new_page1); 284 } 285 host = db->host_addr[1]; 286 } 287 288 /* Use slow path when crossing pages. */ 289 if (is_same_page(db, pc)) { 290 return NULL; 291 } 292 } 293 294 tcg_debug_assert(pc >= base); 295 return host + (pc - base); 296 } 297 298 static void plugin_insn_append(abi_ptr pc, const void *from, size_t size) 299 { 300 #ifdef CONFIG_PLUGIN 301 struct qemu_plugin_insn *insn = tcg_ctx->plugin_insn; 302 abi_ptr off; 303 304 if (insn == NULL) { 305 return; 306 } 307 off = pc - insn->vaddr; 308 if (off < insn->data->len) { 309 g_byte_array_set_size(insn->data, off); 310 } else if (off > insn->data->len) { 311 /* we have an unexpected gap */ 312 g_assert_not_reached(); 313 } 314 315 insn->data = g_byte_array_append(insn->data, from, size); 316 #endif 317 } 318 319 uint8_t translator_ldub(CPUArchState *env, DisasContextBase *db, abi_ptr pc) 320 { 321 uint8_t ret; 322 void *p = translator_access(env, db, pc, sizeof(ret)); 323 324 if (p) { 325 plugin_insn_append(pc, p, sizeof(ret)); 326 return ldub_p(p); 327 } 328 ret = cpu_ldub_code(env, pc); 329 plugin_insn_append(pc, &ret, sizeof(ret)); 330 return ret; 331 } 332 333 uint16_t translator_lduw(CPUArchState *env, DisasContextBase *db, abi_ptr pc) 334 { 335 uint16_t ret, plug; 336 void *p = translator_access(env, db, pc, sizeof(ret)); 337 338 if (p) { 339 plugin_insn_append(pc, p, sizeof(ret)); 340 return lduw_p(p); 341 } 342 ret = cpu_lduw_code(env, pc); 343 plug = tswap16(ret); 344 plugin_insn_append(pc, &plug, sizeof(ret)); 345 return ret; 346 } 347 348 uint32_t translator_ldl(CPUArchState *env, DisasContextBase *db, abi_ptr pc) 349 { 350 uint32_t ret, plug; 351 void *p = translator_access(env, db, pc, sizeof(ret)); 352 353 if (p) { 354 plugin_insn_append(pc, p, sizeof(ret)); 355 return ldl_p(p); 356 } 357 ret = cpu_ldl_code(env, pc); 358 plug = tswap32(ret); 359 plugin_insn_append(pc, &plug, sizeof(ret)); 360 return ret; 361 } 362 363 uint64_t translator_ldq(CPUArchState *env, DisasContextBase *db, abi_ptr pc) 364 { 365 uint64_t ret, plug; 366 void *p = translator_access(env, db, pc, sizeof(ret)); 367 368 if (p) { 369 plugin_insn_append(pc, p, sizeof(ret)); 370 return ldq_p(p); 371 } 372 ret = cpu_ldq_code(env, pc); 373 plug = tswap64(ret); 374 plugin_insn_append(pc, &plug, sizeof(ret)); 375 return ret; 376 } 377 378 void translator_fake_ldb(uint8_t insn8, abi_ptr pc) 379 { 380 plugin_insn_append(pc, &insn8, sizeof(insn8)); 381 } 382