zenithsiz/ftmemsim-valgrind
1
0
Fork 0
mirror of https://github.com/Zenithsiz/ftmemsim-valgrind.git synced 2026-02-03 18:13:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
ftmemsim-valgrind/coregrind/m_translate.c
Julian Seward ad67fd79fe Update copyright dates. 
git-svn-id: svn://svn.valgrind.org/valgrind/trunk@5954
2006-06-05 23:21:15 +00:00

1150 lines
41 KiB
C
Raw Blame History

/*--------------------------------------------------------------------*/
/*--- Interface to LibVEX_Translate, and the SP-update pass ---*/
/*--- m_translate.c ---*/
/*--------------------------------------------------------------------*/
/*
This file is part of Valgrind, a dynamic binary instrumentation
framework.
Copyright (C) 2000-2006 Julian Seward
jseward@acm.org
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307, USA.
The GNU General Public License is contained in the file COPYING.
*/
#include "pub_core_basics.h"
#include "pub_core_aspacemgr.h"
#include "pub_core_machine.h" // VG_(fnptr_to_fnentry)
// VG_(get_SP)
// VG_(machine_get_VexArchInfo)
#include "pub_core_libcbase.h"
#include "pub_core_libcassert.h"
#include "pub_core_libcprint.h"
#include "pub_core_options.h"
#include "pub_core_debuginfo.h" // VG_(get_fnname_w_offset)
#include "pub_core_redir.h" // VG_(redir_do_lookup)
#include "pub_core_signals.h" // VG_(synth_fault_{perms,mapping}
#include "pub_core_stacks.h" // VG_(unknown_SP_update)()
#include "pub_core_tooliface.h" // VG_(tdict)
#include "pub_core_translate.h"
#include "pub_core_transtab.h"
#include "pub_core_dispatch.h" // VG_(run_innerloop__dispatch_{un}profiled)
// VG_(run_a_noredir_translation__return_point)
#include "pub_core_threadstate.h" // VexGuestArchState
#include "pub_core_trampoline.h" // VG_(ppc64_linux_magic_redirect_return_stub)
/*------------------------------------------------------------*/
/*--- Stats ---*/
/*------------------------------------------------------------*/
static UInt n_SP_updates_fast = 0;
static UInt n_SP_updates_generic_known = 0;
static UInt n_SP_updates_generic_unknown = 0;
void VG_(print_translation_stats) ( void )
{
Char buf[6];
UInt n_SP_updates = n_SP_updates_fast + n_SP_updates_generic_known
+ n_SP_updates_generic_unknown;
VG_(percentify)(n_SP_updates_fast, n_SP_updates, 1, 6, buf);
VG_(message)(Vg_DebugMsg,
"translate: fast SP updates identified: %,u (%s)",
n_SP_updates_fast, buf );
VG_(percentify)(n_SP_updates_generic_known, n_SP_updates, 1, 6, buf);
VG_(message)(Vg_DebugMsg,
"translate: generic_known SP updates identified: %,u (%s)",
n_SP_updates_generic_known, buf );
VG_(percentify)(n_SP_updates_generic_unknown, n_SP_updates, 1, 6, buf);
VG_(message)(Vg_DebugMsg,
"translate: generic_unknown SP updates identified: %,u (%s)",
n_SP_updates_generic_unknown, buf );
}
/*------------------------------------------------------------*/
/*--- %SP-update pass ---*/
/*------------------------------------------------------------*/
static Bool need_to_handle_SP_assignment(void)
{
return ( VG_(tdict).track_new_mem_stack_4 ||
VG_(tdict).track_die_mem_stack_4 ||
VG_(tdict).track_new_mem_stack_8 ||
VG_(tdict).track_die_mem_stack_8 ||
VG_(tdict).track_new_mem_stack_12 ||
VG_(tdict).track_die_mem_stack_12 ||
VG_(tdict).track_new_mem_stack_16 ||
VG_(tdict).track_die_mem_stack_16 ||
VG_(tdict).track_new_mem_stack_32 ||
VG_(tdict).track_die_mem_stack_32 ||
VG_(tdict).track_new_mem_stack_112 ||
VG_(tdict).track_die_mem_stack_112 ||
VG_(tdict).track_new_mem_stack_128 ||
VG_(tdict).track_die_mem_stack_128 ||
VG_(tdict).track_new_mem_stack_144 ||
VG_(tdict).track_die_mem_stack_144 ||
VG_(tdict).track_new_mem_stack_160 ||
VG_(tdict).track_die_mem_stack_160 ||
VG_(tdict).track_new_mem_stack ||
VG_(tdict).track_die_mem_stack );
}
// - The SP aliases are held in an array which is used as a circular buffer.
// This misses very few constant updates of SP (ie. < 0.1%) while using a
// small, constant structure that will also never fill up and cause
// execution to abort.
// - Unused slots have a .temp value of 'IRTemp_INVALID'.
// - 'next_SP_alias_slot' is the index where the next alias will be stored.
// - If the buffer fills, we circle around and start over-writing
// non-IRTemp_INVALID values. This is rare, and the overwriting of a
// value that would have subsequently be used is even rarer.
// - Every slot below next_SP_alias_slot holds a non-IRTemp_INVALID value.
// The rest either all won't (if we haven't yet circled around) or all
// will (if we have circled around).
typedef
struct {
IRTemp temp;
Long delta;
}
SP_Alias;
// With 32 slots the buffer fills very rarely -- eg. once in a run of GCC.
// And I've tested with smaller values and the wrap-around case works ok.
#define N_ALIASES 32
static SP_Alias SP_aliases[N_ALIASES];
static Int next_SP_alias_slot = 0;
static void clear_SP_aliases(void)
{
Int i;
for (i = 0; i < N_ALIASES; i++) {
SP_aliases[i].temp = IRTemp_INVALID;
SP_aliases[i].delta = 0;
}
next_SP_alias_slot = 0;
}
static void add_SP_alias(IRTemp temp, Long delta)
{
vg_assert(temp != IRTemp_INVALID);
SP_aliases[ next_SP_alias_slot ].temp = temp;
SP_aliases[ next_SP_alias_slot ].delta = delta;
next_SP_alias_slot++;
if (N_ALIASES == next_SP_alias_slot) next_SP_alias_slot = 0;
}
static Bool get_SP_delta(IRTemp temp, ULong* delta)
{
Int i; // i must be signed!
vg_assert(IRTemp_INVALID != temp);
// Search backwards between current buffer position and the start.
for (i = next_SP_alias_slot-1; i >= 0; i--) {
if (temp == SP_aliases[i].temp) {
*delta = SP_aliases[i].delta;
return True;
}
}
// Search backwards between the end and the current buffer position.
for (i = N_ALIASES-1; i >= next_SP_alias_slot; i--) {
if (temp == SP_aliases[i].temp) {
*delta = SP_aliases[i].delta;
return True;
}
}
return False;
}
static void update_SP_aliases(Long delta)
{
Int i;
for (i = 0; i < N_ALIASES; i++) {
if (SP_aliases[i].temp == IRTemp_INVALID) {
return;
}
SP_aliases[i].delta += delta;
}
}
/* For tools that want to know about SP changes, this pass adds
in the appropriate hooks. We have to do it after the tool's
instrumentation, so the tool doesn't have to worry about the C calls
it adds in, and we must do it before register allocation because
spilled temps make it much harder to work out the SP deltas.
This it is done with Vex's "second instrumentation" pass.
Basically, we look for GET(SP)/PUT(SP) pairs and track constant
increments/decrements of SP between them. (This requires tracking one or
more "aliases", which are not exact aliases but instead are tempregs
whose value is equal to the SP's plus or minus a known constant.)
If all the changes to SP leading up to a PUT(SP) are by known, small
constants, we can do a specific call to eg. new_mem_stack_4, otherwise
we fall back to the case that handles an unknown SP change.
*/
static
IRBB* vg_SP_update_pass ( void* closureV,
IRBB* bb_in,
VexGuestLayout* layout,
VexGuestExtents* vge,
IRType gWordTy,
IRType hWordTy )
{
Int i, j, minoff_ST, maxoff_ST, sizeof_SP, offset_SP;
IRDirty *dcall, *d;
IRStmt* st;
IRExpr* e;
IRArray* descr;
IRType typeof_SP;
Long delta, con;
/* Set up BB */
IRBB* bb = emptyIRBB();
bb->tyenv = dopyIRTypeEnv(bb_in->tyenv);
bb->next = dopyIRExpr(bb_in->next);
bb->jumpkind = bb_in->jumpkind;
delta = 0;
sizeof_SP = layout->sizeof_SP;
offset_SP = layout->offset_SP;
typeof_SP = sizeof_SP==4 ? Ity_I32 : Ity_I64;
vg_assert(sizeof_SP == 4 || sizeof_SP == 8);
# define IS_ADD(op) (sizeof_SP==4 ? ((op)==Iop_Add32) : ((op)==Iop_Add64))
# define IS_SUB(op) (sizeof_SP==4 ? ((op)==Iop_Sub32) : ((op)==Iop_Sub64))
# define IS_ADD_OR_SUB(op) (IS_ADD(op) || IS_SUB(op))
# define GET_CONST(con) \
(sizeof_SP==4 ? (Long)(Int)(con->Ico.U32) \
: (Long)(con->Ico.U64))
// XXX: convert this to a function
# define DO(kind, syze, tmpp) \
do { \
if (!VG_(tdict).track_##kind##_mem_stack_##syze) \
goto generic; \
\
/* I don't know if it's really necessary to say that the */ \
/* call reads the stack pointer. But anyway, we do. */ \
dcall = unsafeIRDirty_0_N( \
1/*regparms*/, \
"track_" #kind "_mem_stack_" #syze, \
VG_(fnptr_to_fnentry)( \
VG_(tdict).track_##kind##_mem_stack_##syze ), \
mkIRExprVec_1(IRExpr_Tmp(tmpp)) \
); \
dcall->nFxState = 1; \
dcall->fxState[0].fx = Ifx_Read; \
dcall->fxState[0].offset = layout->offset_SP; \
dcall->fxState[0].size = layout->sizeof_SP; \
\
addStmtToIRBB( bb, IRStmt_Dirty(dcall) ); \
\
update_SP_aliases(-delta); \
\
n_SP_updates_fast++; \
\
} while (0)
clear_SP_aliases();
for (i = 0; i < bb_in->stmts_used; i++) {
st = bb_in->stmts[i];
/* t = Get(sp): curr = t, delta = 0 */
if (st->tag != Ist_Tmp) goto case2;
e = st->Ist.Tmp.data;
if (e->tag != Iex_Get) goto case2;
if (e->Iex.Get.offset != offset_SP) goto case2;
if (e->Iex.Get.ty != typeof_SP) goto case2;
add_SP_alias(st->Ist.Tmp.tmp, 0);
addStmtToIRBB( bb, st );
continue;
case2:
/* t' = curr +/- const: curr = t', delta +=/-= const */
if (st->tag != Ist_Tmp) goto case3;
e = st->Ist.Tmp.data;
if (e->tag != Iex_Binop) goto case3;
if (e->Iex.Binop.arg1->tag != Iex_Tmp) goto case3;
if (!get_SP_delta(e->Iex.Binop.arg1->Iex.Tmp.tmp, &delta)) goto case3;
if (e->Iex.Binop.arg2->tag != Iex_Const) goto case3;
if (!IS_ADD_OR_SUB(e->Iex.Binop.op)) goto case3;
con = GET_CONST(e->Iex.Binop.arg2->Iex.Const.con);
if (IS_ADD(e->Iex.Binop.op)) {
add_SP_alias(st->Ist.Tmp.tmp, delta + con);
} else {
add_SP_alias(st->Ist.Tmp.tmp, delta - con);
}
addStmtToIRBB( bb, st );
continue;
case3:
/* t' = curr: curr = t' */
if (st->tag != Ist_Tmp) goto case4;
e = st->Ist.Tmp.data;
if (e->tag != Iex_Tmp) goto case4;
if (!get_SP_delta(e->Iex.Tmp.tmp, &delta)) goto case4;
add_SP_alias(st->Ist.Tmp.tmp, delta);
addStmtToIRBB( bb, st );
continue;
case4:
/* Put(sp) = curr */
if (st->tag != Ist_Put) goto case5;
if (st->Ist.Put.offset != offset_SP) goto case5;
if (st->Ist.Put.data->tag != Iex_Tmp) goto case5;
if (get_SP_delta(st->Ist.Put.data->Iex.Tmp.tmp, &delta)) {
IRTemp tttmp = st->Ist.Put.data->Iex.Tmp.tmp;
switch (delta) {
case 0: addStmtToIRBB(bb,st); continue;
case 4: DO(die, 4, tttmp); addStmtToIRBB(bb,st); continue;
case -4: DO(new, 4, tttmp); addStmtToIRBB(bb,st); continue;
case 8: DO(die, 8, tttmp); addStmtToIRBB(bb,st); continue;
case -8: DO(new, 8, tttmp); addStmtToIRBB(bb,st); continue;
case 12: DO(die, 12, tttmp); addStmtToIRBB(bb,st); continue;
case -12: DO(new, 12, tttmp); addStmtToIRBB(bb,st); continue;
case 16: DO(die, 16, tttmp); addStmtToIRBB(bb,st); continue;
case -16: DO(new, 16, tttmp); addStmtToIRBB(bb,st); continue;
case 32: DO(die, 32, tttmp); addStmtToIRBB(bb,st); continue;
case -32: DO(new, 32, tttmp); addStmtToIRBB(bb,st); continue;
case 112: DO(die, 112, tttmp); addStmtToIRBB(bb,st); continue;
case -112: DO(new, 112, tttmp); addStmtToIRBB(bb,st); continue;
case 128: DO(die, 128, tttmp); addStmtToIRBB(bb,st); continue;
case -128: DO(new, 128, tttmp); addStmtToIRBB(bb,st); continue;
case 144: DO(die, 144, tttmp); addStmtToIRBB(bb,st); continue;
case -144: DO(new, 144, tttmp); addStmtToIRBB(bb,st); continue;
case 160: DO(die, 160, tttmp); addStmtToIRBB(bb,st); continue;
case -160: DO(new, 160, tttmp); addStmtToIRBB(bb,st); continue;
default:
/* common values for ppc64: 144 128 160 112 176 */
n_SP_updates_generic_known++;
goto generic;
}
} else {
IRTemp old_SP;
n_SP_updates_generic_unknown++;
// Nb: if all is well, this generic case will typically be
// called something like every 1000th SP update. If it's more than
// that, the above code may be missing some cases.
generic:
/* Pass both the old and new SP values to this helper. */
old_SP = newIRTemp(bb->tyenv, typeof_SP);
addStmtToIRBB(
bb,
IRStmt_Tmp( old_SP, IRExpr_Get(offset_SP, typeof_SP) )
);
dcall = unsafeIRDirty_0_N(
2/*regparms*/,
"VG_(unknown_SP_update)",
VG_(fnptr_to_fnentry)( &VG_(unknown_SP_update) ),
mkIRExprVec_2( IRExpr_Tmp(old_SP), st->Ist.Put.data )
);
addStmtToIRBB( bb, IRStmt_Dirty(dcall) );
addStmtToIRBB( bb, st );
clear_SP_aliases();
add_SP_alias(st->Ist.Put.data->Iex.Tmp.tmp, 0);
continue;
}
case5:
/* PutI or Dirty call which overlaps SP: complain. We can't
deal with SP changing in weird ways (well, we can, but not at
this time of night). */
if (st->tag == Ist_PutI) {
descr = st->Ist.PutI.descr;
minoff_ST = descr->base;
maxoff_ST = descr->base + descr->nElems * sizeofIRType(descr->elemTy) - 1;
if (!(offset_SP > maxoff_ST || (offset_SP + sizeof_SP - 1) < minoff_ST))
goto complain;
}
if (st->tag == Ist_Dirty) {
d = st->Ist.Dirty.details;
for (j = 0; j < d->nFxState; j++) {
minoff_ST = d->fxState[j].offset;
maxoff_ST = d->fxState[j].offset + d->fxState[j].size - 1;
if (d->fxState[j].fx == Ifx_Read || d->fxState[j].fx == Ifx_None)
continue;
if (!(offset_SP > maxoff_ST || (offset_SP + sizeof_SP - 1) < minoff_ST))
goto complain;
}
}
/* well, not interesting. Just copy and keep going. */
addStmtToIRBB( bb, st );
} /* for (i = 0; i < bb_in->stmts_used; i++) */
return bb;
complain:
VG_(core_panic)("vg_SP_update_pass: PutI or Dirty which overlaps SP");
}
/*------------------------------------------------------------*/
/*--- Main entry point for the JITter. ---*/
/*------------------------------------------------------------*/
/* Extra comments re self-checking translations and self-modifying
code. (JRS 14 Oct 05).
There are 3 modes:
(1) no checking: all code assumed to be not self-modifying
(2) partial: known-problematic situations get a self-check
(3) full checking: all translations get a self-check
As currently implemented, the default is (2). (3) is always safe,
but very slow. (1) works mostly, but fails for gcc nested-function
code which uses trampolines on the stack; this situation is
detected and handled by (2).
----------
A more robust and transparent solution, which is not currently
implemented, is a variant of (2): if a translation is made from an
area which aspacem says does not have 'w' permission, then it can
be non-self-checking. Otherwise, it needs a self-check.
This is complicated by Vex's basic-block chasing. If a self-check
is requested, then Vex will not chase over basic block boundaries
(it's too complex). However there is still a problem if it chases
from a non-'w' area into a 'w' area.
I think the right thing to do is:
- if a translation request starts in a 'w' area, ask for a
self-checking translation, and do not allow any chasing (make
chase_into_ok return False). Note that the latter is redundant
in the sense that Vex won't chase anyway in this situation.
- if a translation request starts in a non-'w' area, do not ask for
a self-checking translation. However, do not allow chasing (as
determined by chase_into_ok) to go into a 'w' area.
The result of this is that all code inside 'w' areas is self
checking.
To complete the trick, there is a caveat: we must watch the
client's mprotect calls. If pages are changed from non-'w' to 'w'
then we should throw away all translations which intersect the
affected area, so as to force them to be redone with self-checks.
----------
The above outlines the conditions under which bb chasing is allowed
from a self-modifying-code point of view. There are other
situations pertaining to function redirection in which it is
necessary to disallow chasing, but those fall outside the scope of
this comment.
*/
/* Vex dumps the final code in here. Then we can copy it off
wherever we like. */
#define N_TMPBUF 20000
static UChar tmpbuf[N_TMPBUF];
/* Function pointers we must supply to LibVEX in order that it
can bomb out and emit messages under Valgrind's control. */
__attribute__ ((noreturn))
static
void failure_exit ( void )
{
LibVEX_ShowAllocStats();
VG_(core_panic)("LibVEX called failure_exit().");
}
static
void log_bytes ( HChar* bytes, Int nbytes )
{
Int i;
for (i = 0; i < nbytes-3; i += 4)
VG_(printf)("%c%c%c%c", bytes[i], bytes[i+1], bytes[i+2], bytes[i+3]);
for (; i < nbytes; i++)
VG_(printf)("%c", bytes[i]);
}
/* --------- Various helper functions for translation --------- */
/* Look for reasons to disallow making translations from the given
segment. */
static Bool translations_allowable_from_seg ( NSegment* seg )
{
# if defined(VGA_x86)
Bool allowR = True;
# else
Bool allowR = False;
# endif
return seg != NULL
&& (seg->kind == SkAnonC || seg->kind == SkFileC)
&& (seg->hasX || (seg->hasR && allowR));
}
/* Is a self-check required for a translation of a guest address
inside segment SEG when requested by thread TID ? */
static Bool self_check_required ( NSegment* seg, ThreadId tid )
{
switch (VG_(clo_smc_check)) {
case Vg_SmcNone: return False;
case Vg_SmcAll: return True;
case Vg_SmcStack:
return seg
? (seg->start <= VG_(get_SP)(tid)
&& VG_(get_SP)(tid)+sizeof(Word)-1 <= seg->end)
: False;
break;
default:
vg_assert2(0, "unknown VG_(clo_smc_check) value");
}
}
/* This is a callback passed to LibVEX_Translate. It stops Vex from
chasing into function entry points that we wish to redirect.
Chasing across them obviously defeats the redirect mechanism, with
bad effects for Memcheck, Addrcheck, and possibly others.
Also, we must stop Vex chasing into blocks for which we might want
to self checking.
*/
static Bool chase_into_ok ( void* closureV, Addr64 addr64 )
{
Addr addr = (Addr)addr64;
NSegment* seg = VG_(am_find_nsegment)(addr);
VgCallbackClosure* closure = (VgCallbackClosure*)closureV;
/* Work through a list of possibilities why we might not want to
allow a chase. */
/* Destination not in a plausible segment? */
if (!translations_allowable_from_seg(seg))
goto dontchase;
/* Destination requires a self-check? */
if (self_check_required(seg, closure->tid))
goto dontchase;
/* Destination is redirected? */
if (addr != VG_(redir_do_lookup)(addr, NULL))
goto dontchase;
# if defined(VGP_ppc64_linux)
/* This needs to be at the start of its own block. Don't chase. */
if (addr64 == (Addr64)&VG_(ppc64_linux_magic_redirect_return_stub))
goto dontchase;
# endif
/* well, ok then. go on and chase. */
return True;
vg_assert(0);
/*NOTREACHED*/
dontchase:
if (0) VG_(printf)("not chasing into 0x%x\n", addr);
return False;
}
/* --------------- ppc64-linux specific helpers --------------- */
static IRExpr* mkU64 ( ULong n ) {
return IRExpr_Const(IRConst_U64(n));
}
static IRExpr* mkU32 ( UInt n ) {
return IRExpr_Const(IRConst_U32(n));
}
#if defined(VGP_ppc64_linux)
static IRExpr* mkU8 ( UChar n ) {
return IRExpr_Const(IRConst_U8(n));
}
static void gen_PUSH ( IRBB* bb, IRExpr* e )
{
Int stack_size = VEX_GUEST_PPC64_REDIR_STACK_SIZE;
Int offB_REDIR_SP = offsetof(VexGuestPPC64State,guest_REDIR_SP);
Int offB_REDIR_STACK = offsetof(VexGuestPPC64State,guest_REDIR_STACK);
Int offB_EMWARN = offsetof(VexGuestPPC64State,guest_EMWARN);
IRArray* descr = mkIRArray( offB_REDIR_STACK, Ity_I64, stack_size );
IRTemp t1 = newIRTemp( bb->tyenv, Ity_I64 );
IRExpr* one = mkU64(1);
/* t1 = guest_REDIR_SP + 1 */
addStmtToIRBB(
bb,
IRStmt_Tmp(
t1,
IRExpr_Binop(Iop_Add64, IRExpr_Get( offB_REDIR_SP, Ity_I64 ), one)
)
);
/* Bomb out if t1 >=s stack_size, that is, (stack_size-1)-t1 <s 0.
The destination (0) is a bit bogus but it doesn't matter since
this is an unrecoverable error and will lead to Valgrind
shutting down. _EMWARN is set regardless - that's harmless
since is only has a meaning if the exit is taken. */
addStmtToIRBB(
bb,
IRStmt_Put(offB_EMWARN, mkU32(EmWarn_PPC64_redir_overflow))
);
addStmtToIRBB(
bb,
IRStmt_Exit(
IRExpr_Binop(
Iop_CmpNE64,
IRExpr_Binop(
Iop_Sar64,
IRExpr_Binop(Iop_Sub64,mkU64(stack_size-1),IRExpr_Tmp(t1)),
mkU8(63)
),
mkU64(0)
),
Ijk_EmFail,
IRConst_U64(0)
)
);
/* guest_REDIR_SP = t1 */
addStmtToIRBB(bb, IRStmt_Put(offB_REDIR_SP, IRExpr_Tmp(t1)));
/* guest_REDIR_STACK[t1+0] = e */
addStmtToIRBB(
bb,
IRStmt_PutI(descr, IRExpr_Unop(Iop_64to32,IRExpr_Tmp(t1)), 0, e)
);
}
static IRTemp gen_POP ( IRBB* bb )
{
Int stack_size = VEX_GUEST_PPC64_REDIR_STACK_SIZE;
Int offB_REDIR_SP = offsetof(VexGuestPPC64State,guest_REDIR_SP);
Int offB_REDIR_STACK = offsetof(VexGuestPPC64State,guest_REDIR_STACK);
Int offB_EMWARN = offsetof(VexGuestPPC64State,guest_EMWARN);
IRArray* descr = mkIRArray( offB_REDIR_STACK, Ity_I64, stack_size );
IRTemp t1 = newIRTemp( bb->tyenv, Ity_I64 );
IRTemp res = newIRTemp( bb->tyenv, Ity_I64 );
IRExpr* one = mkU64(1);
/* t1 = guest_REDIR_SP */
addStmtToIRBB(
bb,
IRStmt_Tmp( t1, IRExpr_Get( offB_REDIR_SP, Ity_I64 ) )
);
/* Bomb out if t1 < 0. Same comments as gen_PUSH apply. */
addStmtToIRBB(
bb,
IRStmt_Put(offB_EMWARN, mkU32(EmWarn_PPC64_redir_underflow))
);
addStmtToIRBB(
bb,
IRStmt_Exit(
IRExpr_Binop(
Iop_CmpNE64,
IRExpr_Binop(
Iop_Sar64,
IRExpr_Tmp(t1),
mkU8(63)
),
mkU64(0)
),
Ijk_EmFail,
IRConst_U64(0)
)
);
/* res = guest_REDIR_STACK[t1+0] */
addStmtToIRBB(
bb,
IRStmt_Tmp(
res,
IRExpr_GetI(descr, IRExpr_Unop(Iop_64to32,IRExpr_Tmp(t1)), 0)
)
);
/* guest_REDIR_SP = t1-1 */
addStmtToIRBB(
bb,
IRStmt_Put(offB_REDIR_SP, IRExpr_Binop(Iop_Sub64, IRExpr_Tmp(t1), one))
);
return res;
}
static void gen_push_and_set_LR_R2 ( IRBB* bb, Addr64 new_R2_value )
{
Addr64 bogus_RA = (Addr64)&VG_(ppc64_linux_magic_redirect_return_stub);
Int offB_GPR2 = offsetof(VexGuestPPC64State,guest_GPR2);
Int offB_LR = offsetof(VexGuestPPC64State,guest_LR);
gen_PUSH( bb, IRExpr_Get(offB_LR, Ity_I64) );
gen_PUSH( bb, IRExpr_Get(offB_GPR2, Ity_I64) );
addStmtToIRBB( bb, IRStmt_Put( offB_LR, mkU64( bogus_RA )) );
addStmtToIRBB( bb, IRStmt_Put( offB_GPR2, mkU64( new_R2_value )) );
}
static void gen_pop_R2_LR_then_bLR ( IRBB* bb )
{
Int offB_GPR2 = offsetof(VexGuestPPC64State,guest_GPR2);
Int offB_LR = offsetof(VexGuestPPC64State,guest_LR);
IRTemp old_R2 = newIRTemp( bb->tyenv, Ity_I64 );
IRTemp old_LR = newIRTemp( bb->tyenv, Ity_I64 );
/* Restore R2 */
old_R2 = gen_POP( bb );
addStmtToIRBB( bb, IRStmt_Put( offB_GPR2, IRExpr_Tmp(old_R2)) );
/* Restore LR */
old_LR = gen_POP( bb );
addStmtToIRBB( bb, IRStmt_Put( offB_LR, IRExpr_Tmp(old_LR)) );
/* Branch to LR */
/* re boring, we arrived here precisely because a wrapped fn did a
blr (hence Ijk_Ret); so we should just mark this jump as Boring,
else one _Call will have resulted in to _Rets. */
bb->jumpkind = Ijk_Boring;
bb->next = IRExpr_Binop(Iop_And64, IRExpr_Tmp(old_LR), mkU64(~(3ULL)));
}
static
Bool mk_preamble__ppc64_magic_return_stub ( void* closureV, IRBB* bb )
{
VgCallbackClosure* closure = (VgCallbackClosure*)closureV;
/* Since we're creating the entire IRBB right here, give it a
proper IMark, as it won't get one any other way, and cachegrind
will barf if it doesn't have one (fair enough really). */
addStmtToIRBB( bb, IRStmt_IMark( closure->readdr, 4 ) );
/* Generate the magic sequence:
pop R2 from hidden stack
pop LR from hidden stack
goto LR
*/
gen_pop_R2_LR_then_bLR(bb);
return True; /* True == this is the entire BB; don't disassemble any
real insns into it - just hand it directly to
optimiser/instrumenter/backend. */
}
#endif
/* --------------- END ppc64-linux specific helpers --------------- */
/* This is an the IR preamble generators used for replacement
functions. It adds code to set the guest_NRADDR{_GPR2} to zero
(technically not necessary, but facilitates detecting mixups in
which a replacement function has been erroneously declared using
VG_REPLACE_FUNCTION_Z{U,Z} when instead it should have been written
using VG_WRAP_FUNCTION_Z{U,Z}).
On ppc64-linux the follow hacks are also done: LR and R2 are pushed
onto a hidden stack, sets R2 to the correct value for the
replacement function, and sets LR to point at the magic return-stub
address. Setting LR causes the return of the wrapped/redirected
function to lead to our magic return stub, which restores LR and R2
from said stack and returns for real.
VG_(get_StackTrace2) understands that the LR value may point to the
return stub address, and that in that case it can get the real LR
value from the hidden stack instead. */
static
Bool mk_preamble__set_NRADDR_to_zero ( void* closureV, IRBB* bb )
{
Int nraddr_szB
= sizeof(((VexGuestArchState*)0)->guest_NRADDR);
vg_assert(nraddr_szB == 4 || nraddr_szB == 8);
addStmtToIRBB(
bb,
IRStmt_Put(
offsetof(VexGuestArchState,guest_NRADDR),
nraddr_szB == 8 ? mkU64(0) : mkU32(0)
)
);
# if defined(VGP_ppc64_linux)
{ VgCallbackClosure* closure = (VgCallbackClosure*)closureV;
addStmtToIRBB(
bb,
IRStmt_Put(
offsetof(VexGuestArchState,guest_NRADDR_GPR2),
mkU64(0)
)
);
gen_push_and_set_LR_R2 ( bb, VG_(get_tocptr)( closure->readdr ) );
}
# endif
return False;
}
/* Ditto, except set guest_NRADDR to nraddr (the un-redirected guest
address). This is needed for function wrapping - so the wrapper
can read _NRADDR and find the address of the function being
wrapped. */
static
Bool mk_preamble__set_NRADDR_to_nraddr ( void* closureV, IRBB* bb )
{
VgCallbackClosure* closure = (VgCallbackClosure*)closureV;
Int nraddr_szB
= sizeof(((VexGuestArchState*)0)->guest_NRADDR);
vg_assert(nraddr_szB == 4 || nraddr_szB == 8);
addStmtToIRBB(
bb,
IRStmt_Put(
offsetof(VexGuestArchState,guest_NRADDR),
nraddr_szB == 8
? IRExpr_Const(IRConst_U64( closure->nraddr ))
: IRExpr_Const(IRConst_U32( (UInt)closure->nraddr ))
)
);
# if defined(VGP_ppc64_linux)
addStmtToIRBB(
bb,
IRStmt_Put(
offsetof(VexGuestArchState,guest_NRADDR_GPR2),
IRExpr_Get(offsetof(VexGuestArchState,guest_GPR2),
Ity_I64)
)
);
gen_push_and_set_LR_R2 ( bb, VG_(get_tocptr)( closure->readdr ) );
# endif
return False;
}
/* --------------- main translation function --------------- */
/* Note: see comments at top of m_redir.c for the Big Picture on how
redirections are managed. */
typedef
enum {
/* normal translation, redir neither requested nor inhibited */
T_Normal,
/* redir translation, function-wrap (set _NRADDR) style */
T_Redir_Wrap,
/* redir translation, replacement (don't set _NRADDR) style */
T_Redir_Replace,
/* a translation in which redir is specifically disallowed */
T_NoRedir
}
T_Kind;
/* Translate the basic block beginning at NRADDR, and add it to the
translation cache & translation table. Unless
DEBUGGING_TRANSLATION is true, in which case the call is being done
for debugging purposes, so (a) throw away the translation once it
is made, and (b) produce a load of debugging output. If
ALLOW_REDIRECTION is False, do not attempt redirection of NRADDR,
and also, put the resulting translation into the no-redirect tt/tc
instead of the normal one.
TID is the identity of the thread requesting this translation.
*/
Bool VG_(translate) ( ThreadId tid,
Addr64 nraddr,
Bool debugging_translation,
Int debugging_verbosity,
ULong bbs_done,
Bool allow_redirection )
{
Addr64 addr;
T_Kind kind;
Int tmpbuf_used, verbosity, i;
Bool notrace_until_done, do_self_check;
UInt notrace_until_limit = 0;
NSegment* seg;
Bool (*preamble_fn)(void*,IRBB*);
VexArch vex_arch;
VexArchInfo vex_archinfo;
VexGuestExtents vge;
VexTranslateArgs vta;
VexTranslateResult tres;
VgCallbackClosure closure;
/* Make sure Vex is initialised right. */
static Bool vex_init_done = False;
if (!vex_init_done) {
LibVEX_Init ( &failure_exit, &log_bytes,
1, /* debug_paranoia */
False, /* valgrind support */
&VG_(clo_vex_control) );
vex_init_done = True;
}
/* Establish the translation kind and actual guest address to
start from. Sets (addr,kind). */
if (allow_redirection) {
Bool isWrap;
Addr64 tmp = VG_(redir_do_lookup)( nraddr, &isWrap );
if (tmp == nraddr) {
/* no redirection found */
addr = nraddr;
kind = T_Normal;
} else {
/* found a redirect */
addr = tmp;
kind = isWrap ? T_Redir_Wrap : T_Redir_Replace;
}
} else {
addr = nraddr;
kind = T_NoRedir;
}
/* Established: (nraddr, addr, kind) */
/* Printing redirection info. */
if ((kind == T_Redir_Wrap || kind == T_Redir_Replace)
&& (VG_(clo_verbosity) >= 2 || VG_(clo_trace_redir))) {
Bool ok;
Char name1[64] = "";
Char name2[64] = "";
name1[0] = name2[0] = 0;
ok = VG_(get_fnname_w_offset)(nraddr, name1, 64);
if (!ok) VG_(strcpy)(name1, "???");
ok = VG_(get_fnname_w_offset)(addr, name2, 64);
if (!ok) VG_(strcpy)(name2, "???");
VG_(message)(Vg_DebugMsg,
"REDIR: 0x%llx (%s) redirected to 0x%llx (%s)",
nraddr, name1,
addr, name2 );
}
/* If codegen tracing, don't start tracing until
notrace_until_limit blocks have gone by. This avoids printing
huge amounts of useless junk when all we want to see is the last
few blocks translated prior to a failure. Set
notrace_until_limit to be the number of translations to be made
before --trace-codegen= style printing takes effect. */
notrace_until_done
= VG_(get_bbs_translated)() >= notrace_until_limit;
if (!debugging_translation)
VG_TRACK( pre_mem_read, Vg_CoreTranslate,
tid, "(translator)", addr, 1 );
/* If doing any code printing, print a basic block start marker */
if (VG_(clo_trace_flags) || debugging_translation) {
Char fnname[64] = "";
VG_(get_fnname_w_offset)(addr, fnname, 64);
VG_(printf)(
"==== BB %d %s(0x%llx) BBs exec'd %lld ====\n",
VG_(get_bbs_translated)(), fnname, addr,
bbs_done);
}
/* Are we allowed to translate here? */
seg = VG_(am_find_nsegment)(addr);
if (!translations_allowable_from_seg(seg)) {
/* U R busted, sonny. Place your hands on your head and step
away from the orig_addr. */
/* Code address is bad - deliver a signal instead */
if (seg != NULL) {
/* There's some kind of segment at the requested place, but we
aren't allowed to execute code here. */
VG_(synth_fault_perms)(tid, addr);
} else {
/* There is no segment at all; we are attempting to execute in
the middle of nowhere. */
VG_(synth_fault_mapping)(tid, addr);
}
return False;
}
/* Do we want a self-checking translation? */
do_self_check = self_check_required( seg, tid );
/* True if a debug trans., or if bit N set in VG_(clo_trace_codegen). */
verbosity = 0;
if (debugging_translation) {
verbosity = debugging_verbosity;
}
else
if ( (VG_(clo_trace_flags) > 0
&& VG_(get_bbs_translated)() >= VG_(clo_trace_notbelow) )) {
verbosity = VG_(clo_trace_flags);
}
/* Figure out which preamble-mangling callback to send. */
preamble_fn = NULL;
if (kind == T_Redir_Replace)
preamble_fn = mk_preamble__set_NRADDR_to_zero;
else
if (kind == T_Redir_Wrap)
preamble_fn = mk_preamble__set_NRADDR_to_nraddr;
# if defined(VGP_ppc64_linux)
if (nraddr == (Addr64)&VG_(ppc64_linux_magic_redirect_return_stub)) {
/* If entering the special return stub, this means a wrapped or
redirected function is returning. Make this translation one
which restores R2 and LR from the thread's hidden redir
stack, and branch to the (restored) link register, thereby
really causing the function to return. */
vg_assert(kind == T_Normal);
vg_assert(nraddr == addr);
preamble_fn = mk_preamble__ppc64_magic_return_stub;
}
# endif
/* ------ Actually do the translation. ------ */
tl_assert2(VG_(tdict).tool_instrument,
"you forgot to set VgToolInterface function 'tool_instrument'");
/* Get the CPU info established at startup. */
VG_(machine_get_VexArchInfo)( &vex_arch, &vex_archinfo );
/* Set up closure args. */
closure.tid = tid;
closure.nraddr = nraddr;
closure.readdr = addr;
/* Set up args for LibVEX_Translate. */
vta.arch_guest = vex_arch;
vta.archinfo_guest = vex_archinfo;
vta.arch_host = vex_arch;
vta.archinfo_host = vex_archinfo;
vta.guest_bytes = (UChar*)ULong_to_Ptr(addr);
vta.guest_bytes_addr = (Addr64)addr;
vta.callback_opaque = (void*)&closure;
vta.chase_into_ok = chase_into_ok;
vta.preamble_function = preamble_fn;
vta.guest_extents = &vge;
vta.host_bytes = tmpbuf;
vta.host_bytes_size = N_TMPBUF;
vta.host_bytes_used = &tmpbuf_used;
{ /* At this point we have to reconcile Vex's view of the
instrumentation callback - which takes a void* first argument
- with Valgrind's view, in which the first arg is a
VgCallbackClosure*. Hence the following longwinded casts.
They are entirely legal but longwinded so as to maximise the
chance of the C typechecker picking up any type snafus. */
IRBB*(*f)(VgCallbackClosure*,
IRBB*,VexGuestLayout*,VexGuestExtents*,
IRType,IRType)
= VG_(tdict).tool_instrument;
IRBB*(*g)(void*,
IRBB*,VexGuestLayout*,VexGuestExtents*,
IRType,IRType)
= (IRBB*(*)(void*,IRBB*,VexGuestLayout*,VexGuestExtents*,IRType,IRType))f;
vta.instrument1 = g;
}
/* No need for type kludgery here. */
vta.instrument2 = need_to_handle_SP_assignment()
? vg_SP_update_pass
: NULL;
vta.do_self_check = do_self_check;
vta.traceflags = verbosity;
/* Set up the dispatch-return info. For archs without a link
register, vex generates a jump back to the specified dispatch
address. Else, it just generates a branch-to-LR. */
# if defined(VGA_x86) || defined(VGA_amd64)
vta.dispatch
= (!allow_redirection)
? /* It's a no-redir translation. Will be run with the nonstandard
dispatcher VG_(run_a_noredir_translation)
and so needs a nonstandard return point. */
(void*) &VG_(run_a_noredir_translation__return_point)
: /* normal translation. Uses VG_(run_innerloop). Return
point depends on whether we're profiling bbs or not. */
VG_(clo_profile_flags) > 0
? (void*) &VG_(run_innerloop__dispatch_profiled)
: (void*) &VG_(run_innerloop__dispatch_unprofiled);
# elif defined(VGA_ppc32) || defined(VGA_ppc64)
vta.dispatch = NULL;
# else
# error "Unknown arch"
# endif
/* Sheesh. Finally, actually _do_ the translation! */
tres = LibVEX_Translate ( &vta );
vg_assert(tres == VexTransOK);
vg_assert(tmpbuf_used <= N_TMPBUF);
vg_assert(tmpbuf_used > 0);
/* Tell aspacem of all segments that have had translations taken
from them. Optimisation: don't re-look up vge.base[0] since seg
should already point to it. */
vg_assert( vge.base[0] == (Addr64)addr );
if (seg->kind == SkFileC || seg->kind == SkAnonC)
seg->hasT = True; /* has cached code */
for (i = 1; i < vge.n_used; i++) {
seg = VG_(am_find_nsegment)( vge.base[i] );
if (seg->kind == SkFileC || seg->kind == SkAnonC)
seg->hasT = True; /* has cached code */
}
/* Copy data at trans_addr into the translation cache. */
vg_assert(tmpbuf_used > 0 && tmpbuf_used < 65536);
// If debugging, don't do anything with the translated block; we
// only did this for the debugging output produced along the way.
if (!debugging_translation) {
if (kind != T_NoRedir) {
// Put it into the normal TT/TC structures. This is the
// normal case.
// Note that we use nraddr (the non-redirected address), not
// addr, which might have been changed by the redirection
VG_(add_to_transtab)( &vge,
nraddr,
(Addr)(&tmpbuf[0]),
tmpbuf_used,
do_self_check );
} else {
VG_(add_to_unredir_transtab)( &vge,
nraddr,
(Addr)(&tmpbuf[0]),
tmpbuf_used,
do_self_check );
}
}
return True;
}
/*--------------------------------------------------------------------*/
/*--- end ---*/
/*--------------------------------------------------------------------*/
Reference in New Issue View Git Blame Copy Permalink