1 /* 2 * Generic intermediate code generation. 3 * 4 * Copyright (C) 2016-2017 Lluís Vilanova <vilanova@ac.upc.edu> 5 * 6 * This work is licensed under the terms of the GNU GPL, version 2 or later. 7 * See the COPYING file in the top-level directory. 8 */ 9 10 #include "qemu/osdep.h" 11 #include "qemu/log.h" 12 #include "qemu/error-report.h" 13 #include "exec/exec-all.h" 14 #include "exec/translator.h" 15 #include "exec/plugin-gen.h" 16 #include "tcg/tcg-op-common.h" 17 #include "internal.h" 18 19 static void set_can_do_io(DisasContextBase *db, bool val) 20 { 21 if (db->saved_can_do_io != val) { 22 db->saved_can_do_io = val; 23 tcg_gen_st_i32(tcg_constant_i32(val), cpu_env, 24 offsetof(ArchCPU, parent_obj.can_do_io) - 25 offsetof(ArchCPU, env)); 26 } 27 } 28 29 bool translator_io_start(DisasContextBase *db) 30 { 31 set_can_do_io(db, true); 32 33 /* 34 * Ensure that this instruction will be the last in the TB. 35 * The target may override this to something more forceful. 36 */ 37 if (db->is_jmp == DISAS_NEXT) { 38 db->is_jmp = DISAS_TOO_MANY; 39 } 40 return true; 41 } 42 43 static TCGOp *gen_tb_start(DisasContextBase *db, uint32_t cflags) 44 { 45 TCGv_i32 count = NULL; 46 TCGOp *icount_start_insn = NULL; 47 48 if ((cflags & CF_USE_ICOUNT) || !(cflags & CF_NOIRQ)) { 49 count = tcg_temp_new_i32(); 50 tcg_gen_ld_i32(count, cpu_env, 51 offsetof(ArchCPU, neg.icount_decr.u32) - 52 offsetof(ArchCPU, env)); 53 } 54 55 if (cflags & CF_USE_ICOUNT) { 56 /* 57 * We emit a sub with a dummy immediate argument. Keep the insn index 58 * of the sub so that we later (when we know the actual insn count) 59 * can update the argument with the actual insn count. 60 */ 61 tcg_gen_sub_i32(count, count, tcg_constant_i32(0)); 62 icount_start_insn = tcg_last_op(); 63 } 64 65 /* 66 * Emit the check against icount_decr.u32 to see if we should exit 67 * unless we suppress the check with CF_NOIRQ. If we are using 68 * icount and have suppressed interruption the higher level code 69 * should have ensured we don't run more instructions than the 70 * budget. 71 */ 72 if (cflags & CF_NOIRQ) { 73 tcg_ctx->exitreq_label = NULL; 74 } else { 75 tcg_ctx->exitreq_label = gen_new_label(); 76 tcg_gen_brcondi_i32(TCG_COND_LT, count, 0, tcg_ctx->exitreq_label); 77 } 78 79 if (cflags & CF_USE_ICOUNT) { 80 tcg_gen_st16_i32(count, cpu_env, 81 offsetof(ArchCPU, neg.icount_decr.u16.low) - 82 offsetof(ArchCPU, env)); 83 } 84 85 /* 86 * cpu->can_do_io is set automatically here at the beginning of 87 * each translation block. The cost is minimal, plus it would be 88 * very easy to forget doing it in the translator. 89 */ 90 set_can_do_io(db, db->max_insns == 1 && (cflags & CF_LAST_IO)); 91 92 return icount_start_insn; 93 } 94 95 static void gen_tb_end(const TranslationBlock *tb, uint32_t cflags, 96 TCGOp *icount_start_insn, int num_insns) 97 { 98 if (cflags & CF_USE_ICOUNT) { 99 /* 100 * Update the num_insn immediate parameter now that we know 101 * the actual insn count. 102 */ 103 tcg_set_insn_param(icount_start_insn, 2, 104 tcgv_i32_arg(tcg_constant_i32(num_insns))); 105 } 106 107 if (tcg_ctx->exitreq_label) { 108 gen_set_label(tcg_ctx->exitreq_label); 109 tcg_gen_exit_tb(tb, TB_EXIT_REQUESTED); 110 } 111 } 112 113 bool translator_use_goto_tb(DisasContextBase *db, vaddr dest) 114 { 115 /* Suppress goto_tb if requested. */ 116 if (tb_cflags(db->tb) & CF_NO_GOTO_TB) { 117 return false; 118 } 119 120 /* Check for the dest on the same page as the start of the TB. */ 121 return ((db->pc_first ^ dest) & TARGET_PAGE_MASK) == 0; 122 } 123 124 void translator_loop(CPUState *cpu, TranslationBlock *tb, int *max_insns, 125 vaddr pc, void *host_pc, const TranslatorOps *ops, 126 DisasContextBase *db) 127 { 128 uint32_t cflags = tb_cflags(tb); 129 TCGOp *icount_start_insn; 130 bool plugin_enabled; 131 132 /* Initialize DisasContext */ 133 db->tb = tb; 134 db->pc_first = pc; 135 db->pc_next = pc; 136 db->is_jmp = DISAS_NEXT; 137 db->num_insns = 0; 138 db->max_insns = *max_insns; 139 db->singlestep_enabled = cflags & CF_SINGLE_STEP; 140 db->saved_can_do_io = -1; 141 db->host_addr[0] = host_pc; 142 db->host_addr[1] = NULL; 143 144 ops->init_disas_context(db, cpu); 145 tcg_debug_assert(db->is_jmp == DISAS_NEXT); /* no early exit */ 146 147 /* Start translating. */ 148 icount_start_insn = gen_tb_start(db, cflags); 149 ops->tb_start(db, cpu); 150 tcg_debug_assert(db->is_jmp == DISAS_NEXT); /* no early exit */ 151 152 if (cflags & CF_MEMI_ONLY) { 153 /* We should only see CF_MEMI_ONLY for io_recompile. */ 154 assert(cflags & CF_LAST_IO); 155 plugin_enabled = plugin_gen_tb_start(cpu, db, true); 156 } else { 157 plugin_enabled = plugin_gen_tb_start(cpu, db, false); 158 } 159 160 while (true) { 161 *max_insns = ++db->num_insns; 162 ops->insn_start(db, cpu); 163 tcg_debug_assert(db->is_jmp == DISAS_NEXT); /* no early exit */ 164 165 if (plugin_enabled) { 166 plugin_gen_insn_start(cpu, db); 167 } 168 169 /* Disassemble one instruction. The translate_insn hook should 170 update db->pc_next and db->is_jmp to indicate what should be 171 done next -- either exiting this loop or locate the start of 172 the next instruction. */ 173 if (db->num_insns == db->max_insns && (cflags & CF_LAST_IO)) { 174 /* Accept I/O on the last instruction. */ 175 set_can_do_io(db, true); 176 } 177 ops->translate_insn(db, cpu); 178 179 /* 180 * We can't instrument after instructions that change control 181 * flow although this only really affects post-load operations. 182 * 183 * Calling plugin_gen_insn_end() before we possibly stop translation 184 * is important. Even if this ends up as dead code, plugin generation 185 * needs to see a matching plugin_gen_insn_{start,end}() pair in order 186 * to accurately track instrumented helpers that might access memory. 187 */ 188 if (plugin_enabled) { 189 plugin_gen_insn_end(); 190 } 191 192 /* Stop translation if translate_insn so indicated. */ 193 if (db->is_jmp != DISAS_NEXT) { 194 break; 195 } 196 197 /* Stop translation if the output buffer is full, 198 or we have executed all of the allowed instructions. */ 199 if (tcg_op_buf_full() || db->num_insns >= db->max_insns) { 200 db->is_jmp = DISAS_TOO_MANY; 201 break; 202 } 203 } 204 205 /* Emit code to exit the TB, as indicated by db->is_jmp. */ 206 ops->tb_stop(db, cpu); 207 gen_tb_end(tb, cflags, icount_start_insn, db->num_insns); 208 209 if (plugin_enabled) { 210 plugin_gen_tb_end(cpu); 211 } 212 213 /* The disas_log hook may use these values rather than recompute. */ 214 tb->size = db->pc_next - db->pc_first; 215 tb->icount = db->num_insns; 216 217 if (qemu_loglevel_mask(CPU_LOG_TB_IN_ASM) 218 && qemu_log_in_addr_range(db->pc_first)) { 219 FILE *logfile = qemu_log_trylock(); 220 if (logfile) { 221 fprintf(logfile, "----------------\n"); 222 ops->disas_log(db, cpu, logfile); 223 fprintf(logfile, "\n"); 224 qemu_log_unlock(logfile); 225 } 226 } 227 } 228 229 static void *translator_access(CPUArchState *env, DisasContextBase *db, 230 vaddr pc, size_t len) 231 { 232 void *host; 233 vaddr base, end; 234 TranslationBlock *tb; 235 236 tb = db->tb; 237 238 /* Use slow path if first page is MMIO. */ 239 if (unlikely(tb_page_addr0(tb) == -1)) { 240 return NULL; 241 } 242 243 end = pc + len - 1; 244 if (likely(is_same_page(db, end))) { 245 host = db->host_addr[0]; 246 base = db->pc_first; 247 } else { 248 host = db->host_addr[1]; 249 base = TARGET_PAGE_ALIGN(db->pc_first); 250 if (host == NULL) { 251 tb_page_addr_t page0, old_page1, new_page1; 252 253 new_page1 = get_page_addr_code_hostp(env, base, &db->host_addr[1]); 254 255 /* 256 * If the second page is MMIO, treat as if the first page 257 * was MMIO as well, so that we do not cache the TB. 258 */ 259 if (unlikely(new_page1 == -1)) { 260 tb_unlock_pages(tb); 261 tb_set_page_addr0(tb, -1); 262 return NULL; 263 } 264 265 /* 266 * If this is not the first time around, and page1 matches, 267 * then we already have the page locked. Alternately, we're 268 * not doing anything to prevent the PTE from changing, so 269 * we might wind up with a different page, requiring us to 270 * re-do the locking. 271 */ 272 old_page1 = tb_page_addr1(tb); 273 if (likely(new_page1 != old_page1)) { 274 page0 = tb_page_addr0(tb); 275 if (unlikely(old_page1 != -1)) { 276 tb_unlock_page1(page0, old_page1); 277 } 278 tb_set_page_addr1(tb, new_page1); 279 tb_lock_page1(page0, new_page1); 280 } 281 host = db->host_addr[1]; 282 } 283 284 /* Use slow path when crossing pages. */ 285 if (is_same_page(db, pc)) { 286 return NULL; 287 } 288 } 289 290 tcg_debug_assert(pc >= base); 291 return host + (pc - base); 292 } 293 294 static void plugin_insn_append(abi_ptr pc, const void *from, size_t size) 295 { 296 #ifdef CONFIG_PLUGIN 297 struct qemu_plugin_insn *insn = tcg_ctx->plugin_insn; 298 abi_ptr off; 299 300 if (insn == NULL) { 301 return; 302 } 303 off = pc - insn->vaddr; 304 if (off < insn->data->len) { 305 g_byte_array_set_size(insn->data, off); 306 } else if (off > insn->data->len) { 307 /* we have an unexpected gap */ 308 g_assert_not_reached(); 309 } 310 311 insn->data = g_byte_array_append(insn->data, from, size); 312 #endif 313 } 314 315 uint8_t translator_ldub(CPUArchState *env, DisasContextBase *db, abi_ptr pc) 316 { 317 uint8_t ret; 318 void *p = translator_access(env, db, pc, sizeof(ret)); 319 320 if (p) { 321 plugin_insn_append(pc, p, sizeof(ret)); 322 return ldub_p(p); 323 } 324 ret = cpu_ldub_code(env, pc); 325 plugin_insn_append(pc, &ret, sizeof(ret)); 326 return ret; 327 } 328 329 uint16_t translator_lduw(CPUArchState *env, DisasContextBase *db, abi_ptr pc) 330 { 331 uint16_t ret, plug; 332 void *p = translator_access(env, db, pc, sizeof(ret)); 333 334 if (p) { 335 plugin_insn_append(pc, p, sizeof(ret)); 336 return lduw_p(p); 337 } 338 ret = cpu_lduw_code(env, pc); 339 plug = tswap16(ret); 340 plugin_insn_append(pc, &plug, sizeof(ret)); 341 return ret; 342 } 343 344 uint32_t translator_ldl(CPUArchState *env, DisasContextBase *db, abi_ptr pc) 345 { 346 uint32_t ret, plug; 347 void *p = translator_access(env, db, pc, sizeof(ret)); 348 349 if (p) { 350 plugin_insn_append(pc, p, sizeof(ret)); 351 return ldl_p(p); 352 } 353 ret = cpu_ldl_code(env, pc); 354 plug = tswap32(ret); 355 plugin_insn_append(pc, &plug, sizeof(ret)); 356 return ret; 357 } 358 359 uint64_t translator_ldq(CPUArchState *env, DisasContextBase *db, abi_ptr pc) 360 { 361 uint64_t ret, plug; 362 void *p = translator_access(env, db, pc, sizeof(ret)); 363 364 if (p) { 365 plugin_insn_append(pc, p, sizeof(ret)); 366 return ldq_p(p); 367 } 368 ret = cpu_ldq_code(env, pc); 369 plug = tswap64(ret); 370 plugin_insn_append(pc, &plug, sizeof(ret)); 371 return ret; 372 } 373 374 void translator_fake_ldb(uint8_t insn8, abi_ptr pc) 375 { 376 plugin_insn_append(pc, &insn8, sizeof(insn8)); 377 } 378