1 /* 2 * Generic intermediate code generation. 3 * 4 * Copyright (C) 2016-2017 Lluís Vilanova <vilanova@ac.upc.edu> 5 * 6 * This work is licensed under the terms of the GNU GPL, version 2 or later. 7 * See the COPYING file in the top-level directory. 8 */ 9 10 #include "qemu/osdep.h" 11 #include "qemu/log.h" 12 #include "qemu/error-report.h" 13 #include "exec/exec-all.h" 14 #include "exec/translator.h" 15 #include "exec/plugin-gen.h" 16 #include "tcg/tcg-op-common.h" 17 #include "internal-target.h" 18 19 static void set_can_do_io(DisasContextBase *db, bool val) 20 { 21 QEMU_BUILD_BUG_ON(sizeof_field(CPUState, neg.can_do_io) != 1); 22 tcg_gen_st8_i32(tcg_constant_i32(val), tcg_env, 23 offsetof(ArchCPU, parent_obj.neg.can_do_io) - 24 offsetof(ArchCPU, env)); 25 } 26 27 bool translator_io_start(DisasContextBase *db) 28 { 29 /* 30 * Ensure that this instruction will be the last in the TB. 31 * The target may override this to something more forceful. 32 */ 33 if (db->is_jmp == DISAS_NEXT) { 34 db->is_jmp = DISAS_TOO_MANY; 35 } 36 return true; 37 } 38 39 static TCGOp *gen_tb_start(DisasContextBase *db, uint32_t cflags) 40 { 41 TCGv_i32 count = NULL; 42 TCGOp *icount_start_insn = NULL; 43 44 if ((cflags & CF_USE_ICOUNT) || !(cflags & CF_NOIRQ)) { 45 count = tcg_temp_new_i32(); 46 tcg_gen_ld_i32(count, tcg_env, 47 offsetof(ArchCPU, parent_obj.neg.icount_decr.u32) 48 - offsetof(ArchCPU, env)); 49 } 50 51 if (cflags & CF_USE_ICOUNT) { 52 /* 53 * We emit a sub with a dummy immediate argument. Keep the insn index 54 * of the sub so that we later (when we know the actual insn count) 55 * can update the argument with the actual insn count. 56 */ 57 tcg_gen_sub_i32(count, count, tcg_constant_i32(0)); 58 icount_start_insn = tcg_last_op(); 59 } 60 61 /* 62 * Emit the check against icount_decr.u32 to see if we should exit 63 * unless we suppress the check with CF_NOIRQ. If we are using 64 * icount and have suppressed interruption the higher level code 65 * should have ensured we don't run more instructions than the 66 * budget. 67 */ 68 if (cflags & CF_NOIRQ) { 69 tcg_ctx->exitreq_label = NULL; 70 } else { 71 tcg_ctx->exitreq_label = gen_new_label(); 72 tcg_gen_brcondi_i32(TCG_COND_LT, count, 0, tcg_ctx->exitreq_label); 73 } 74 75 if (cflags & CF_USE_ICOUNT) { 76 tcg_gen_st16_i32(count, tcg_env, 77 offsetof(ArchCPU, parent_obj.neg.icount_decr.u16.low) 78 - offsetof(ArchCPU, env)); 79 } 80 81 return icount_start_insn; 82 } 83 84 static void gen_tb_end(const TranslationBlock *tb, uint32_t cflags, 85 TCGOp *icount_start_insn, int num_insns) 86 { 87 if (cflags & CF_USE_ICOUNT) { 88 /* 89 * Update the num_insn immediate parameter now that we know 90 * the actual insn count. 91 */ 92 tcg_set_insn_param(icount_start_insn, 2, 93 tcgv_i32_arg(tcg_constant_i32(num_insns))); 94 } 95 96 if (tcg_ctx->exitreq_label) { 97 gen_set_label(tcg_ctx->exitreq_label); 98 tcg_gen_exit_tb(tb, TB_EXIT_REQUESTED); 99 } 100 } 101 102 bool translator_use_goto_tb(DisasContextBase *db, vaddr dest) 103 { 104 /* Suppress goto_tb if requested. */ 105 if (tb_cflags(db->tb) & CF_NO_GOTO_TB) { 106 return false; 107 } 108 109 /* Check for the dest on the same page as the start of the TB. */ 110 return ((db->pc_first ^ dest) & TARGET_PAGE_MASK) == 0; 111 } 112 113 void translator_loop(CPUState *cpu, TranslationBlock *tb, int *max_insns, 114 vaddr pc, void *host_pc, const TranslatorOps *ops, 115 DisasContextBase *db) 116 { 117 uint32_t cflags = tb_cflags(tb); 118 TCGOp *icount_start_insn; 119 TCGOp *first_insn_start = NULL; 120 bool plugin_enabled; 121 122 /* Initialize DisasContext */ 123 db->tb = tb; 124 db->pc_first = pc; 125 db->pc_next = pc; 126 db->is_jmp = DISAS_NEXT; 127 db->num_insns = 0; 128 db->max_insns = *max_insns; 129 db->singlestep_enabled = cflags & CF_SINGLE_STEP; 130 db->insn_start = NULL; 131 db->host_addr[0] = host_pc; 132 db->host_addr[1] = NULL; 133 134 ops->init_disas_context(db, cpu); 135 tcg_debug_assert(db->is_jmp == DISAS_NEXT); /* no early exit */ 136 137 /* Start translating. */ 138 icount_start_insn = gen_tb_start(db, cflags); 139 ops->tb_start(db, cpu); 140 tcg_debug_assert(db->is_jmp == DISAS_NEXT); /* no early exit */ 141 142 plugin_enabled = plugin_gen_tb_start(cpu, db, cflags & CF_MEMI_ONLY); 143 db->plugin_enabled = plugin_enabled; 144 145 while (true) { 146 *max_insns = ++db->num_insns; 147 ops->insn_start(db, cpu); 148 db->insn_start = tcg_last_op(); 149 if (first_insn_start == NULL) { 150 first_insn_start = db->insn_start; 151 } 152 tcg_debug_assert(db->is_jmp == DISAS_NEXT); /* no early exit */ 153 154 if (plugin_enabled) { 155 plugin_gen_insn_start(cpu, db); 156 } 157 158 /* 159 * Disassemble one instruction. The translate_insn hook should 160 * update db->pc_next and db->is_jmp to indicate what should be 161 * done next -- either exiting this loop or locate the start of 162 * the next instruction. 163 */ 164 ops->translate_insn(db, cpu); 165 166 /* 167 * We can't instrument after instructions that change control 168 * flow although this only really affects post-load operations. 169 * 170 * Calling plugin_gen_insn_end() before we possibly stop translation 171 * is important. Even if this ends up as dead code, plugin generation 172 * needs to see a matching plugin_gen_insn_{start,end}() pair in order 173 * to accurately track instrumented helpers that might access memory. 174 */ 175 if (plugin_enabled) { 176 plugin_gen_insn_end(); 177 } 178 179 /* Stop translation if translate_insn so indicated. */ 180 if (db->is_jmp != DISAS_NEXT) { 181 break; 182 } 183 184 /* Stop translation if the output buffer is full, 185 or we have executed all of the allowed instructions. */ 186 if (tcg_op_buf_full() || db->num_insns >= db->max_insns) { 187 db->is_jmp = DISAS_TOO_MANY; 188 break; 189 } 190 } 191 192 /* Emit code to exit the TB, as indicated by db->is_jmp. */ 193 ops->tb_stop(db, cpu); 194 gen_tb_end(tb, cflags, icount_start_insn, db->num_insns); 195 196 /* 197 * Manage can_do_io for the translation block: set to false before 198 * the first insn and set to true before the last insn. 199 */ 200 if (db->num_insns == 1) { 201 tcg_debug_assert(first_insn_start == db->insn_start); 202 } else { 203 tcg_debug_assert(first_insn_start != db->insn_start); 204 tcg_ctx->emit_before_op = first_insn_start; 205 set_can_do_io(db, false); 206 } 207 tcg_ctx->emit_before_op = db->insn_start; 208 set_can_do_io(db, true); 209 tcg_ctx->emit_before_op = NULL; 210 211 if (plugin_enabled) { 212 plugin_gen_tb_end(cpu, db->num_insns); 213 } 214 215 /* The disas_log hook may use these values rather than recompute. */ 216 tb->size = db->pc_next - db->pc_first; 217 tb->icount = db->num_insns; 218 219 if (qemu_loglevel_mask(CPU_LOG_TB_IN_ASM) 220 && qemu_log_in_addr_range(db->pc_first)) { 221 FILE *logfile = qemu_log_trylock(); 222 if (logfile) { 223 fprintf(logfile, "----------------\n"); 224 ops->disas_log(db, cpu, logfile); 225 fprintf(logfile, "\n"); 226 qemu_log_unlock(logfile); 227 } 228 } 229 } 230 231 static void *translator_access(CPUArchState *env, DisasContextBase *db, 232 vaddr pc, size_t len) 233 { 234 void *host; 235 vaddr base, end; 236 TranslationBlock *tb; 237 238 tb = db->tb; 239 240 /* Use slow path if first page is MMIO. */ 241 if (unlikely(tb_page_addr0(tb) == -1)) { 242 return NULL; 243 } 244 245 end = pc + len - 1; 246 if (likely(is_same_page(db, end))) { 247 host = db->host_addr[0]; 248 base = db->pc_first; 249 } else { 250 host = db->host_addr[1]; 251 base = TARGET_PAGE_ALIGN(db->pc_first); 252 if (host == NULL) { 253 tb_page_addr_t page0, old_page1, new_page1; 254 255 new_page1 = get_page_addr_code_hostp(env, base, &db->host_addr[1]); 256 257 /* 258 * If the second page is MMIO, treat as if the first page 259 * was MMIO as well, so that we do not cache the TB. 260 */ 261 if (unlikely(new_page1 == -1)) { 262 tb_unlock_pages(tb); 263 tb_set_page_addr0(tb, -1); 264 return NULL; 265 } 266 267 /* 268 * If this is not the first time around, and page1 matches, 269 * then we already have the page locked. Alternately, we're 270 * not doing anything to prevent the PTE from changing, so 271 * we might wind up with a different page, requiring us to 272 * re-do the locking. 273 */ 274 old_page1 = tb_page_addr1(tb); 275 if (likely(new_page1 != old_page1)) { 276 page0 = tb_page_addr0(tb); 277 if (unlikely(old_page1 != -1)) { 278 tb_unlock_page1(page0, old_page1); 279 } 280 tb_set_page_addr1(tb, new_page1); 281 tb_lock_page1(page0, new_page1); 282 } 283 host = db->host_addr[1]; 284 } 285 286 /* Use slow path when crossing pages. */ 287 if (is_same_page(db, pc)) { 288 return NULL; 289 } 290 } 291 292 tcg_debug_assert(pc >= base); 293 return host + (pc - base); 294 } 295 296 static void plugin_insn_append(abi_ptr pc, const void *from, size_t size) 297 { 298 #ifdef CONFIG_PLUGIN 299 struct qemu_plugin_insn *insn = tcg_ctx->plugin_insn; 300 abi_ptr off; 301 302 if (insn == NULL) { 303 return; 304 } 305 off = pc - insn->vaddr; 306 if (off < insn->data->len) { 307 g_byte_array_set_size(insn->data, off); 308 } else if (off > insn->data->len) { 309 /* we have an unexpected gap */ 310 g_assert_not_reached(); 311 } 312 313 insn->data = g_byte_array_append(insn->data, from, size); 314 #endif 315 } 316 317 uint8_t translator_ldub(CPUArchState *env, DisasContextBase *db, abi_ptr pc) 318 { 319 uint8_t ret; 320 void *p = translator_access(env, db, pc, sizeof(ret)); 321 322 if (p) { 323 plugin_insn_append(pc, p, sizeof(ret)); 324 return ldub_p(p); 325 } 326 ret = cpu_ldub_code(env, pc); 327 plugin_insn_append(pc, &ret, sizeof(ret)); 328 return ret; 329 } 330 331 uint16_t translator_lduw(CPUArchState *env, DisasContextBase *db, abi_ptr pc) 332 { 333 uint16_t ret, plug; 334 void *p = translator_access(env, db, pc, sizeof(ret)); 335 336 if (p) { 337 plugin_insn_append(pc, p, sizeof(ret)); 338 return lduw_p(p); 339 } 340 ret = cpu_lduw_code(env, pc); 341 plug = tswap16(ret); 342 plugin_insn_append(pc, &plug, sizeof(ret)); 343 return ret; 344 } 345 346 uint32_t translator_ldl(CPUArchState *env, DisasContextBase *db, abi_ptr pc) 347 { 348 uint32_t ret, plug; 349 void *p = translator_access(env, db, pc, sizeof(ret)); 350 351 if (p) { 352 plugin_insn_append(pc, p, sizeof(ret)); 353 return ldl_p(p); 354 } 355 ret = cpu_ldl_code(env, pc); 356 plug = tswap32(ret); 357 plugin_insn_append(pc, &plug, sizeof(ret)); 358 return ret; 359 } 360 361 uint64_t translator_ldq(CPUArchState *env, DisasContextBase *db, abi_ptr pc) 362 { 363 uint64_t ret, plug; 364 void *p = translator_access(env, db, pc, sizeof(ret)); 365 366 if (p) { 367 plugin_insn_append(pc, p, sizeof(ret)); 368 return ldq_p(p); 369 } 370 ret = cpu_ldq_code(env, pc); 371 plug = tswap64(ret); 372 plugin_insn_append(pc, &plug, sizeof(ret)); 373 return ret; 374 } 375 376 void translator_fake_ldb(uint8_t insn8, abi_ptr pc) 377 { 378 plugin_insn_append(pc, &insn8, sizeof(insn8)); 379 } 380