1 /* 2 * Generic intermediate code generation. 3 * 4 * Copyright (C) 2016-2017 Lluís Vilanova <vilanova@ac.upc.edu> 5 * 6 * This work is licensed under the terms of the GNU GPL, version 2 or later. 7 * See the COPYING file in the top-level directory. 8 */ 9 10 #include "qemu/osdep.h" 11 #include "qemu/log.h" 12 #include "qemu/error-report.h" 13 #include "exec/exec-all.h" 14 #include "exec/translator.h" 15 #include "exec/plugin-gen.h" 16 #include "tcg/tcg-op-common.h" 17 #include "internal-target.h" 18 19 static void set_can_do_io(DisasContextBase *db, bool val) 20 { 21 if (db->saved_can_do_io != val) { 22 db->saved_can_do_io = val; 23 24 QEMU_BUILD_BUG_ON(sizeof_field(CPUState, neg.can_do_io) != 1); 25 tcg_gen_st8_i32(tcg_constant_i32(val), tcg_env, 26 offsetof(ArchCPU, parent_obj.neg.can_do_io) - 27 offsetof(ArchCPU, env)); 28 } 29 } 30 31 bool translator_io_start(DisasContextBase *db) 32 { 33 set_can_do_io(db, true); 34 35 /* 36 * Ensure that this instruction will be the last in the TB. 37 * The target may override this to something more forceful. 38 */ 39 if (db->is_jmp == DISAS_NEXT) { 40 db->is_jmp = DISAS_TOO_MANY; 41 } 42 return true; 43 } 44 45 static TCGOp *gen_tb_start(DisasContextBase *db, uint32_t cflags) 46 { 47 TCGv_i32 count = NULL; 48 TCGOp *icount_start_insn = NULL; 49 50 if ((cflags & CF_USE_ICOUNT) || !(cflags & CF_NOIRQ)) { 51 count = tcg_temp_new_i32(); 52 tcg_gen_ld_i32(count, tcg_env, 53 offsetof(ArchCPU, parent_obj.neg.icount_decr.u32) 54 - offsetof(ArchCPU, env)); 55 } 56 57 if (cflags & CF_USE_ICOUNT) { 58 /* 59 * We emit a sub with a dummy immediate argument. Keep the insn index 60 * of the sub so that we later (when we know the actual insn count) 61 * can update the argument with the actual insn count. 62 */ 63 tcg_gen_sub_i32(count, count, tcg_constant_i32(0)); 64 icount_start_insn = tcg_last_op(); 65 } 66 67 /* 68 * Emit the check against icount_decr.u32 to see if we should exit 69 * unless we suppress the check with CF_NOIRQ. If we are using 70 * icount and have suppressed interruption the higher level code 71 * should have ensured we don't run more instructions than the 72 * budget. 73 */ 74 if (cflags & CF_NOIRQ) { 75 tcg_ctx->exitreq_label = NULL; 76 } else { 77 tcg_ctx->exitreq_label = gen_new_label(); 78 tcg_gen_brcondi_i32(TCG_COND_LT, count, 0, tcg_ctx->exitreq_label); 79 } 80 81 if (cflags & CF_USE_ICOUNT) { 82 tcg_gen_st16_i32(count, tcg_env, 83 offsetof(ArchCPU, parent_obj.neg.icount_decr.u16.low) 84 - offsetof(ArchCPU, env)); 85 } 86 87 /* 88 * cpu->neg.can_do_io is set automatically here at the beginning of 89 * each translation block. The cost is minimal, plus it would be 90 * very easy to forget doing it in the translator. 91 */ 92 set_can_do_io(db, db->max_insns == 1); 93 94 return icount_start_insn; 95 } 96 97 static void gen_tb_end(const TranslationBlock *tb, uint32_t cflags, 98 TCGOp *icount_start_insn, int num_insns) 99 { 100 if (cflags & CF_USE_ICOUNT) { 101 /* 102 * Update the num_insn immediate parameter now that we know 103 * the actual insn count. 104 */ 105 tcg_set_insn_param(icount_start_insn, 2, 106 tcgv_i32_arg(tcg_constant_i32(num_insns))); 107 } 108 109 if (tcg_ctx->exitreq_label) { 110 gen_set_label(tcg_ctx->exitreq_label); 111 tcg_gen_exit_tb(tb, TB_EXIT_REQUESTED); 112 } 113 } 114 115 bool translator_use_goto_tb(DisasContextBase *db, vaddr dest) 116 { 117 /* Suppress goto_tb if requested. */ 118 if (tb_cflags(db->tb) & CF_NO_GOTO_TB) { 119 return false; 120 } 121 122 /* Check for the dest on the same page as the start of the TB. */ 123 return ((db->pc_first ^ dest) & TARGET_PAGE_MASK) == 0; 124 } 125 126 void translator_loop(CPUState *cpu, TranslationBlock *tb, int *max_insns, 127 vaddr pc, void *host_pc, const TranslatorOps *ops, 128 DisasContextBase *db) 129 { 130 uint32_t cflags = tb_cflags(tb); 131 TCGOp *icount_start_insn; 132 bool plugin_enabled; 133 134 /* Initialize DisasContext */ 135 db->tb = tb; 136 db->pc_first = pc; 137 db->pc_next = pc; 138 db->is_jmp = DISAS_NEXT; 139 db->num_insns = 0; 140 db->max_insns = *max_insns; 141 db->singlestep_enabled = cflags & CF_SINGLE_STEP; 142 db->saved_can_do_io = -1; 143 db->insn_start = NULL; 144 db->host_addr[0] = host_pc; 145 db->host_addr[1] = NULL; 146 147 ops->init_disas_context(db, cpu); 148 tcg_debug_assert(db->is_jmp == DISAS_NEXT); /* no early exit */ 149 150 /* Start translating. */ 151 icount_start_insn = gen_tb_start(db, cflags); 152 ops->tb_start(db, cpu); 153 tcg_debug_assert(db->is_jmp == DISAS_NEXT); /* no early exit */ 154 155 plugin_enabled = plugin_gen_tb_start(cpu, db, cflags & CF_MEMI_ONLY); 156 db->plugin_enabled = plugin_enabled; 157 158 while (true) { 159 *max_insns = ++db->num_insns; 160 ops->insn_start(db, cpu); 161 db->insn_start = tcg_last_op(); 162 tcg_debug_assert(db->is_jmp == DISAS_NEXT); /* no early exit */ 163 164 if (plugin_enabled) { 165 plugin_gen_insn_start(cpu, db); 166 } 167 168 /* 169 * Disassemble one instruction. The translate_insn hook should 170 * update db->pc_next and db->is_jmp to indicate what should be 171 * done next -- either exiting this loop or locate the start of 172 * the next instruction. 173 */ 174 if (db->num_insns == db->max_insns) { 175 /* Accept I/O on the last instruction. */ 176 set_can_do_io(db, true); 177 } 178 ops->translate_insn(db, cpu); 179 180 /* 181 * We can't instrument after instructions that change control 182 * flow although this only really affects post-load operations. 183 * 184 * Calling plugin_gen_insn_end() before we possibly stop translation 185 * is important. Even if this ends up as dead code, plugin generation 186 * needs to see a matching plugin_gen_insn_{start,end}() pair in order 187 * to accurately track instrumented helpers that might access memory. 188 */ 189 if (plugin_enabled) { 190 plugin_gen_insn_end(); 191 } 192 193 /* Stop translation if translate_insn so indicated. */ 194 if (db->is_jmp != DISAS_NEXT) { 195 break; 196 } 197 198 /* Stop translation if the output buffer is full, 199 or we have executed all of the allowed instructions. */ 200 if (tcg_op_buf_full() || db->num_insns >= db->max_insns) { 201 db->is_jmp = DISAS_TOO_MANY; 202 break; 203 } 204 } 205 206 /* Emit code to exit the TB, as indicated by db->is_jmp. */ 207 ops->tb_stop(db, cpu); 208 gen_tb_end(tb, cflags, icount_start_insn, db->num_insns); 209 210 if (plugin_enabled) { 211 plugin_gen_tb_end(cpu, db->num_insns); 212 } 213 214 /* The disas_log hook may use these values rather than recompute. */ 215 tb->size = db->pc_next - db->pc_first; 216 tb->icount = db->num_insns; 217 218 if (qemu_loglevel_mask(CPU_LOG_TB_IN_ASM) 219 && qemu_log_in_addr_range(db->pc_first)) { 220 FILE *logfile = qemu_log_trylock(); 221 if (logfile) { 222 fprintf(logfile, "----------------\n"); 223 ops->disas_log(db, cpu, logfile); 224 fprintf(logfile, "\n"); 225 qemu_log_unlock(logfile); 226 } 227 } 228 } 229 230 static void *translator_access(CPUArchState *env, DisasContextBase *db, 231 vaddr pc, size_t len) 232 { 233 void *host; 234 vaddr base, end; 235 TranslationBlock *tb; 236 237 tb = db->tb; 238 239 /* Use slow path if first page is MMIO. */ 240 if (unlikely(tb_page_addr0(tb) == -1)) { 241 return NULL; 242 } 243 244 end = pc + len - 1; 245 if (likely(is_same_page(db, end))) { 246 host = db->host_addr[0]; 247 base = db->pc_first; 248 } else { 249 host = db->host_addr[1]; 250 base = TARGET_PAGE_ALIGN(db->pc_first); 251 if (host == NULL) { 252 tb_page_addr_t page0, old_page1, new_page1; 253 254 new_page1 = get_page_addr_code_hostp(env, base, &db->host_addr[1]); 255 256 /* 257 * If the second page is MMIO, treat as if the first page 258 * was MMIO as well, so that we do not cache the TB. 259 */ 260 if (unlikely(new_page1 == -1)) { 261 tb_unlock_pages(tb); 262 tb_set_page_addr0(tb, -1); 263 return NULL; 264 } 265 266 /* 267 * If this is not the first time around, and page1 matches, 268 * then we already have the page locked. Alternately, we're 269 * not doing anything to prevent the PTE from changing, so 270 * we might wind up with a different page, requiring us to 271 * re-do the locking. 272 */ 273 old_page1 = tb_page_addr1(tb); 274 if (likely(new_page1 != old_page1)) { 275 page0 = tb_page_addr0(tb); 276 if (unlikely(old_page1 != -1)) { 277 tb_unlock_page1(page0, old_page1); 278 } 279 tb_set_page_addr1(tb, new_page1); 280 tb_lock_page1(page0, new_page1); 281 } 282 host = db->host_addr[1]; 283 } 284 285 /* Use slow path when crossing pages. */ 286 if (is_same_page(db, pc)) { 287 return NULL; 288 } 289 } 290 291 tcg_debug_assert(pc >= base); 292 return host + (pc - base); 293 } 294 295 static void plugin_insn_append(abi_ptr pc, const void *from, size_t size) 296 { 297 #ifdef CONFIG_PLUGIN 298 struct qemu_plugin_insn *insn = tcg_ctx->plugin_insn; 299 abi_ptr off; 300 301 if (insn == NULL) { 302 return; 303 } 304 off = pc - insn->vaddr; 305 if (off < insn->data->len) { 306 g_byte_array_set_size(insn->data, off); 307 } else if (off > insn->data->len) { 308 /* we have an unexpected gap */ 309 g_assert_not_reached(); 310 } 311 312 insn->data = g_byte_array_append(insn->data, from, size); 313 #endif 314 } 315 316 uint8_t translator_ldub(CPUArchState *env, DisasContextBase *db, abi_ptr pc) 317 { 318 uint8_t ret; 319 void *p = translator_access(env, db, pc, sizeof(ret)); 320 321 if (p) { 322 plugin_insn_append(pc, p, sizeof(ret)); 323 return ldub_p(p); 324 } 325 ret = cpu_ldub_code(env, pc); 326 plugin_insn_append(pc, &ret, sizeof(ret)); 327 return ret; 328 } 329 330 uint16_t translator_lduw(CPUArchState *env, DisasContextBase *db, abi_ptr pc) 331 { 332 uint16_t ret, plug; 333 void *p = translator_access(env, db, pc, sizeof(ret)); 334 335 if (p) { 336 plugin_insn_append(pc, p, sizeof(ret)); 337 return lduw_p(p); 338 } 339 ret = cpu_lduw_code(env, pc); 340 plug = tswap16(ret); 341 plugin_insn_append(pc, &plug, sizeof(ret)); 342 return ret; 343 } 344 345 uint32_t translator_ldl(CPUArchState *env, DisasContextBase *db, abi_ptr pc) 346 { 347 uint32_t ret, plug; 348 void *p = translator_access(env, db, pc, sizeof(ret)); 349 350 if (p) { 351 plugin_insn_append(pc, p, sizeof(ret)); 352 return ldl_p(p); 353 } 354 ret = cpu_ldl_code(env, pc); 355 plug = tswap32(ret); 356 plugin_insn_append(pc, &plug, sizeof(ret)); 357 return ret; 358 } 359 360 uint64_t translator_ldq(CPUArchState *env, DisasContextBase *db, abi_ptr pc) 361 { 362 uint64_t ret, plug; 363 void *p = translator_access(env, db, pc, sizeof(ret)); 364 365 if (p) { 366 plugin_insn_append(pc, p, sizeof(ret)); 367 return ldq_p(p); 368 } 369 ret = cpu_ldq_code(env, pc); 370 plug = tswap64(ret); 371 plugin_insn_append(pc, &plug, sizeof(ret)); 372 return ret; 373 } 374 375 void translator_fake_ldb(uint8_t insn8, abi_ptr pc) 376 { 377 plugin_insn_append(pc, &insn8, sizeof(insn8)); 378 } 379