| blob | 332202a915252926308030dc4156be568777df22 |
2 /*--------------------------------------------------------------------*/
3 /*--- Interface to LibVEX_Translate, and the SP-update pass ---*/
4 /*--- m_translate.c ---*/
5 /*--------------------------------------------------------------------*/
7 /*
8 This file is part of Valgrind, a dynamic binary instrumentation
9 framework.
11 Copyright (C) 2000-2017 Julian Seward
12 jseward@acm.org
14 This program is free software; you can redistribute it and/or
15 modify it under the terms of the GNU General Public License as
16 published by the Free Software Foundation; either version 2 of the
17 License, or (at your option) any later version.
19 This program is distributed in the hope that it will be useful, but
20 WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22 General Public License for more details.
24 You should have received a copy of the GNU General Public License
25 along with this program; if not, see <http://www.gnu.org/licenses/>.
27 The GNU General Public License is contained in the file COPYING.
28 */
35 // VG_(get_SP)
36 // VG_(machine_get_VexArchInfo)
52 // VG_(run_a_noredir_translation__return_point)
63 /*------------------------------------------------------------*/
64 /*--- Stats ---*/
65 /*------------------------------------------------------------*/
84 {
87 "translate: %'llu guest insns, %'llu traces, "
90 n_TRACE_total_uncond_branches_followed,
91 n_TRACE_total_cond_branches_followed);
99 "translate: fast new/die SP updates identified: "
105 "translate: generic_known new/die SP updates identified: "
107 n_SP_updates_new_generic_known,
109 n_SP_updates_die_generic_known,
114 n_SP_updates_generic_unknown,
116 }
120 "translate: PX: SPonly %'llu, UnwRegs %'llu,"
124 }
126 /*------------------------------------------------------------*/
127 /*--- %SP-update pass ---*/
128 /*------------------------------------------------------------*/
131 {
133 }
135 // - The SP aliases are held in an array which is used as a circular buffer.
136 // This misses very few constant updates of SP (ie. < 0.1%) while using a
137 // small, constant structure that will also never fill up and cause
138 // execution to abort.
139 // - Unused slots have a .temp value of 'IRTemp_INVALID'.
140 // - 'next_SP_alias_slot' is the index where the next alias will be stored.
141 // - If the buffer fills, we circle around and start over-writing
142 // non-IRTemp_INVALID values. This is rare, and the overwriting of a
143 // value that would have subsequently be used is even rarer.
144 // - Every slot below next_SP_alias_slot holds a non-IRTemp_INVALID value.
145 // The rest either all won't (if we haven't yet circled around) or all
146 // will (if we have circled around).
148 typedef
150 IRTemp temp;
151 Long delta;
152 }
153 SP_Alias;
155 // With 32 slots the buffer fills very rarely -- eg. once in a run of GCC.
156 // And I've tested with smaller values and the wrap-around case works ok.
157 #define N_ALIASES 32
162 {
163 Int i;
167 }
169 }
172 {
176 next_SP_alias_slot++;
178 }
181 {
184 // Search backwards between current buffer position and the start.
189 }
190 }
191 // Search backwards between the end and the current buffer position.
196 }
197 }
199 }
202 {
203 Int i;
207 }
209 }
210 }
212 /* Given a guest IP, get an origin tag for a 1-element stack trace,
213 and wrap it up in an IR atom that can be passed as the origin-tag
214 value for a stack-adjustment helper function. */
216 {
217 UInt ecu;
218 ExeContext* ec
223 /* This is always safe to do, since ecu is only 32 bits, and
224 HWord is 32 or 64. */
226 }
228 /* When gdbserver is activated, the translation of a block must
229 first be done by the tool function, then followed by a pass
230 which (if needed) instruments the code for gdbserver.
231 */
232 static
238 IRType gWordTy,
239 IRType hWordTy )
240 {
243 sb_in,
244 layout,
245 vge,
246 vai,
247 gWordTy,
248 hWordTy),
249 layout,
250 vge,
251 gWordTy,
252 hWordTy);
253 }
255 /* For tools that want to know about SP changes, this pass adds
256 in the appropriate hooks. We have to do it after the tool's
257 instrumentation, so the tool doesn't have to worry about the C calls
258 it adds in, and we must do it before register allocation because
259 spilled temps make it much harder to work out the SP deltas.
260 This it is done with Vex's "second instrumentation" pass.
262 Basically, we look for GET(SP)/PUT(SP) pairs and track constant
263 increments/decrements of SP between them. (This requires tracking one or
264 more "aliases", which are not exact aliases but instead are tempregs
265 whose value is equal to the SP's plus or minus a known constant.)
266 If all the changes to SP leading up to a PUT(SP) are by known, small
267 constants, we can do a specific call to eg. new_mem_stack_4, otherwise
268 we fall back to the case that handles an unknown SP change.
270 There is some extra complexity to deal correctly with updates to
271 only parts of SP. Bizarre, but it has been known to happen.
272 */
273 static
279 IRType gWordTy,
280 IRType hWordTy )
281 {
288 IRType typeof_SP;
291 /* Set up stuff for tracking the guest IP */
295 /* Set up BB */
309 /* --- Start of #defines --- */
311 # define IS_ADD(op) (sizeof_SP==4 ? ((op)==Iop_Add32) : ((op)==Iop_Add64))
312 # define IS_SUB(op) (sizeof_SP==4 ? ((op)==Iop_Sub32) : ((op)==Iop_Sub64))
314 # define IS_ADD_OR_SUB(op) (IS_ADD(op) || IS_SUB(op))
316 # define GET_CONST(con) \
317 (sizeof_SP==4 ? (Long)(Int)(con->Ico.U32) \
318 : (Long)(con->Ico.U64))
320 # define DO_NEW(syze, tmpp) \
321 do { \
322 Bool vanilla, w_ecu; \
323 vg_assert(curr_IP_known); \
324 vanilla = NULL != VG_(tdict).track_new_mem_stack_##syze; \
325 w_ecu = NULL != VG_(tdict).track_new_mem_stack_##syze##_w_ECU; \
327 if (VG_(tdict).any_new_mem_stack \
328 && !vanilla && !w_ecu) { \
329 n_SP_updates_new_generic_known++; \
330 goto generic; \
331 } \
332 \
333 if (VG_(tdict).any_new_mem_stack) { \
336 if (w_ecu) { \
337 dcall = unsafeIRDirty_0_N( \
340 VG_(fnptr_to_fnentry)( \
341 VG_(tdict).track_new_mem_stack_##syze##_w_ECU ), \
342 mkIRExprVec_2(IRExpr_RdTmp(tmpp), \
343 mk_ecu_Expr(curr_IP)) \
344 ); \
345 } else { \
346 dcall = unsafeIRDirty_0_N( \
349 VG_(fnptr_to_fnentry)( \
350 VG_(tdict).track_new_mem_stack_##syze ), \
351 mkIRExprVec_1(IRExpr_RdTmp(tmpp)) \
352 ); \
353 } \
354 dcall->nFxState = 1; \
355 dcall->fxState[0].fx = Ifx_Read; \
356 dcall->fxState[0].offset = layout->offset_SP; \
357 dcall->fxState[0].size = layout->sizeof_SP; \
358 dcall->fxState[0].nRepeats = 0; \
359 dcall->fxState[0].repeatLen = 0; \
360 \
361 addStmtToIRSB( bb, IRStmt_Dirty(dcall) ); \
362 } \
363 \
364 vg_assert(syze > 0); \
365 update_SP_aliases(syze); \
366 \
367 n_SP_updates_new_fast++; \
368 \
369 } while (0)
371 # define DO_DIE(syze, tmpp) \
372 do { \
373 if (VG_(tdict).any_die_mem_stack \
374 && !VG_(tdict).track_die_mem_stack_##syze) { \
375 n_SP_updates_die_generic_known++; \
376 goto generic; \
377 } \
378 \
379 if (VG_(tdict).any_die_mem_stack) { \
382 dcall = unsafeIRDirty_0_N( \
385 VG_(fnptr_to_fnentry)( \
386 VG_(tdict).track_die_mem_stack_##syze ), \
387 mkIRExprVec_1(IRExpr_RdTmp(tmpp)) \
388 ); \
389 dcall->nFxState = 1; \
390 dcall->fxState[0].fx = Ifx_Read; \
391 dcall->fxState[0].offset = layout->offset_SP; \
392 dcall->fxState[0].size = layout->sizeof_SP; \
393 dcall->fxState[0].nRepeats = 0; \
394 dcall->fxState[0].repeatLen = 0; \
395 \
396 addStmtToIRSB( bb, IRStmt_Dirty(dcall) ); \
397 } \
398 \
399 vg_assert(syze > 0); \
400 update_SP_aliases(-(syze)); \
401 \
402 n_SP_updates_die_fast++; \
403 \
404 } while (0)
406 /* --- End of #defines --- */
417 }
419 /* t = Get(sp): curr = t, delta = 0 */
430 case2:
431 /* t' = curr +/- const: curr = t', delta +=/-= const */
445 }
449 case3:
450 /* t' = curr: curr = t' */
460 case4:
461 /* Put(sp) = curr */
462 /* More generally, we must correctly handle a Put which writes
463 any part of SP, not just the case where all of SP is
464 written. */
469 last_Put = first_Put
481 /* Why should the following assertion hold? Because any
482 alias added by put_SP_alias must be of a temporary which
483 has the same type as typeof_SP, and whose value is a Get
484 at exactly offset_SP of size typeof_SP. Each call to
485 put_SP_alias is immediately preceded by an assertion that
486 we are putting in a binding for a correctly-typed
487 temporary. */
489 /* From the same type-and-offset-correctness argument, if
490 we found a useable alias, it must for an "exact" write of SP. */
515 n_SP_updates_die_generic_known++;
519 n_SP_updates_new_generic_known++;
522 }
523 /* No tracking for delta. Just add the original statement. */
525 }
527 /* Deal with an unknown update to SP. We're here because
528 either:
529 (1) the Put does not exactly cover SP; it is a partial update.
530 Highly unlikely, but has been known to happen for 16-bit
531 Windows apps running on Wine, doing 16-bit adjustments to
532 %sp.
533 (2) the Put does exactly cover SP, but we are unable to
534 determine how the value relates to the old SP. In any
535 case, we cannot assume that the Put.data value is a tmp;
536 we must assume it can be anything allowed in flat IR (tmp
537 or const).
538 */
539 IRTemp old_SP;
540 n_SP_updates_generic_unknown++;
542 // Nb: if all is well, this generic case will typically be
543 // called something like every 1000th SP update. If it's more than
544 // that, the above code may be missing some cases.
545 generic:
546 /* Pass both the old and new SP values to this helper. Also,
547 pass an origin tag, even if it isn't needed. */
550 bb,
552 );
554 /* Now we know what the old value of SP is. But knowing the new
555 value is a bit tricky if there is a partial write. */
557 /* The common case, an exact write to SP. So st->Ist.Put.data
558 does hold the new value; simple. */
567 );
568 else
574 );
577 /* don't forget the original assignment */
580 /* We have a partial update to SP. We need to know what
581 the new SP will be, and hand that to the helper call,
582 but when the helper call happens, SP must hold the
583 value it had before the update. Tricky.
584 Therefore use the following kludge:
585 1. do the partial SP update (Put)
586 2. Get the new SP value into a tmp, new_SP
587 3. Put old_SP
588 4. Call the helper
589 5. Put new_SP
590 */
591 IRTemp new_SP;
592 /* 1 */
594 /* 2 */
597 bb,
599 );
600 /* 3 */
602 /* 4 */
612 );
613 else
620 );
622 /* 5 */
624 }
626 /* Forget what we already know. */
629 /* If this is a Put of a tmp that exactly updates SP,
630 start tracking aliases against this tmp. */
637 }
639 }
641 case5:
642 /* PutI or Dirty call which overlaps SP: complain. We can't
643 deal with SP changing in weird ways (well, we can, but not at
644 this time of night). */
653 }
659 /* Enumerate the described state segments */
666 }
667 }
668 }
670 /* well, not interesting. Just copy and keep going. */
677 complain:
680 #undef IS_ADD
681 #undef IS_SUB
682 #undef IS_ADD_OR_SUB
683 #undef GET_CONST
684 #undef DO_NEW
685 #undef DO_DIE
686 }
688 /*------------------------------------------------------------*/
689 /*--- Main entry point for the JITter. ---*/
690 /*------------------------------------------------------------*/
692 /* Extra comments re self-checking translations and self-modifying
693 code. (JRS 14 Oct 05).
695 There are 3 modes:
696 (1) no checking: all code assumed to be not self-modifying
697 (2) partial: known-problematic situations get a self-check
698 (3) full checking: all translations get a self-check
700 As currently implemented, the default is (2). (3) is always safe,
701 but very slow. (1) works mostly, but fails for gcc nested-function
702 code which uses trampolines on the stack; this situation is
703 detected and handled by (2).
705 ----------
707 A more robust and transparent solution, which is not currently
708 implemented, is a variant of (2): if a translation is made from an
709 area which aspacem says does not have 'w' permission, then it can
710 be non-self-checking. Otherwise, it needs a self-check.
712 This is complicated by Vex's basic-block chasing. If a self-check
713 is requested, then Vex will not chase over basic block boundaries
714 (it's too complex). However there is still a problem if it chases
715 from a non-'w' area into a 'w' area.
717 I think the right thing to do is:
719 - if a translation request starts in a 'w' area, ask for a
720 self-checking translation, and do not allow any chasing (make
721 chase_into_ok return False). Note that the latter is redundant
722 in the sense that Vex won't chase anyway in this situation.
724 - if a translation request starts in a non-'w' area, do not ask for
725 a self-checking translation. However, do not allow chasing (as
726 determined by chase_into_ok) to go into a 'w' area.
728 The result of this is that all code inside 'w' areas is self
729 checking.
731 To complete the trick, there is a caveat: we must watch the
732 client's mprotect calls. If pages are changed from non-'w' to 'w'
733 then we should throw away all translations which intersect the
734 affected area, so as to force them to be redone with self-checks.
736 ----------
738 The above outlines the conditions under which bb chasing is allowed
739 from a self-modifying-code point of view. There are other
740 situations pertaining to function redirection in which it is
741 necessary to disallow chasing, but those fall outside the scope of
742 this comment.
743 */
746 /* Vex dumps the final code in here. Then we can copy it off
747 wherever we like. */
748 /* 60000: should agree with assertion in VG_(add_to_transtab) in
749 m_transtab.c. */
750 #define N_TMPBUF 60000
754 /* Function pointers we must supply to LibVEX in order that it
755 can bomb out and emit messages under Valgrind's control. */
757 static
759 {
762 }
764 static
766 {
773 }
776 /* --------- Various helper functions for translation --------- */
778 /* Look for reasons to disallow making translations from the given
779 segment/addr. */
782 {
783 # if defined(VGA_x86) || defined(VGA_s390x) || defined(VGA_mips32) \
784 || defined(VGA_mips64) || defined(VGA_nanomips)
786 # else
788 # endif
794 /* If GDB/gdbsrv has inserted a breakpoint at addr, assume this is a valid
795 location to translate if seg is not executable but is readable.
796 This is needed for inferior function calls from GDB: GDB inserts a
797 breakpoint on the stack, and expects to regain control before the
798 breakpoint instruction at the breakpoint address is really
799 executed. For this, the breakpoint instruction must be translated
800 so as to have the call to gdbserver executed. */
801 }
804 /* Produce a bitmask stating which of the supplied extents needs a
805 self-check. See documentation of
806 VexTranslateArgs::needs_self_check for more details about the
807 return convention. */
812 {
819 /* Will we need to do a second pass in order to compute a
820 revised *pxControl value? */
821 Bool pxStatusMightChange
824 /* "and they set it to something other than the default. */
827 /* First, compute |bitset|, which specifies which extent(s) need a
828 self check. Whilst we're at it, note any NSegments that we get,
829 so as to reduce the number of calls required to
830 VG_(am_find_nsegment) in a possible second pass. */
839 # if defined(VGO_darwin)
840 // GrP fixme hack - dyld i386 IMPORT gets rewritten.
841 // To really do this correctly, we'd need to flush the
842 // translation cache whenever a segment became +WX.
846 # endif
851 /* never check (except as per Darwin hack above) */
854 /* always check */
858 /* check if the address is in the same segment as this
859 thread's stack pointer */
863 }
868 }
870 /* check if any part of the extent is not in a
871 file-mapped segment */
874 }
877 /* in a file-mapped segment; skip the check */
880 }
882 }
885 }
886 }
894 }
895 }
897 /* Now, possibly do a second pass, to see if the PX status might
898 change. This can happen if the user specified value via
899 --px-file-backed= which is different from the default PX value
900 specified via --vex-iropt-register-updates (also known by the
901 shorter alias --px-default). */
910 /* If we don't have a cached value for |segA|, compute it now. */
912 }
916 /* in a file-mapped segment */
918 /* not in a file-mapped segment, or we can't figure out
919 where it is */
922 }
923 }
925 /* So, finally, if all the extents are in file backed segments, perform
926 the user-specified PX change. */
929 }
931 }
933 /* Update running PX stats, as it is difficult without these to
934 check that the system is behaving as expected. */
946 }
949 }
952 /* This is a callback passed to LibVEX_Translate. It stops Vex from
953 chasing into function entry points that we wish to redirect.
954 Chasing across them obviously defeats the redirect mechanism, with
955 bad effects for Memcheck, Helgrind, DRD, Massif, and possibly others.
956 */
958 {
961 /* Work through a list of possibilities why we might not want to
962 allow a chase. */
964 /* Destination not in a plausible segment? */
968 /* Destination is redirected? */
972 # if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
973 /* This needs to be at the start of its own block. Don't chase. */
976 # endif
978 /* overly conservative, but .. don't chase into the distinguished
979 address that m_transtab uses as an empty-slot marker for
980 VG_(tt_fast). */
984 # if defined(VGA_s390x)
985 /* Never chase into an EX instruction. Generating IR for EX causes
986 a round-trip through the scheduler including VG_(discard_translations).
987 And that's expensive as shown by perf/tinycc.c:
988 Chasing into EX increases the number of EX translations from 21 to
989 102666 causing a 7x runtime increase for "none" and a 3.2x runtime
990 increase for memcheck. */
994 # endif
996 /* well, ok then. go on and chase. */
1000 /*NOTREACHED*/
1002 dontchase:
1005 }
1008 /* --------------- helpers for with-TOC platforms --------------- */
1010 /* NOTE: with-TOC platforms are: ppc64-linux. */
1014 }
1017 }
1019 #if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
1022 }
1029 }
1030 }
1032 /* Generate code to push word-typed expression 'e' onto this thread's
1033 redir stack, checking for stack overflow and generating code to
1034 bomb out if so. */
1037 {
1039 IRTemp t1;
1042 # if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
1056 # else
1070 # endif
1082 /* t1 = guest_REDIR_SP + 1 */
1084 bb,
1086 t1,
1088 )
1089 );
1091 /* Bomb out if t1 >=s stack_size, that is, (stack_size-1)-t1 <s 0.
1092 The destination (0) is a bit bogus but it doesn't matter since
1093 this is an unrecoverable error and will lead to Valgrind
1094 shutting down. _EMNOTE is set regardless - that's harmless
1095 since is only has a meaning if the exit is taken. */
1097 bb,
1099 );
1101 bb,
1104 op_CmpNE,
1106 op_Sar,
1109 ),
1111 ),
1112 Ijk_EmFail,
1114 offB_CIA
1115 )
1116 );
1118 /* guest_REDIR_SP = t1 */
1121 /* guest_REDIR_STACK[t1+0] = e */
1122 /* PutI/GetI have I32-typed indexes regardless of guest word size */
1124 bb,
1127 }
1130 /* Generate code to pop a word-sized value from this thread's redir
1131 stack, binding it to a new temporary, which is returned. As with
1132 gen_PUSH, an overflow check is also performed. */
1135 {
1136 # if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
1148 # else
1160 # endif
1171 /* t1 = guest_REDIR_SP */
1173 bb,
1175 );
1177 /* Bomb out if t1 < 0. Same comments as gen_PUSH apply. */
1179 bb,
1181 );
1183 bb,
1186 op_CmpNE,
1188 op_Sar,
1191 ),
1193 ),
1194 Ijk_EmFail,
1196 offB_CIA
1197 )
1198 );
1200 /* res = guest_REDIR_STACK[t1+0] */
1201 /* PutI/GetI have I32-typed indexes regardless of guest word size */
1203 bb,
1205 res,
1207 )
1208 );
1210 /* guest_REDIR_SP = t1-1 */
1212 bb,
1214 );
1217 }
1219 #endif
1221 #if defined(VG_PLAT_USES_PPCTOC)
1223 /* Generate code to push LR and R2 onto this thread's redir stack,
1224 then set R2 to the new value (which is the TOC pointer to be used
1225 for the duration of the replacement function, as determined by
1226 m_debuginfo), and set LR to the magic return stub, so we get to
1227 intercept the return and restore R2 and L2 to the values saved
1228 here. */
1231 {
1232 # if defined(VGP_ppc64be_linux)
1241 # else
1242 # error Platform is not TOC-afflicted, fortunately
1243 # endif
1244 }
1245 #endif
1247 #if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
1250 {
1251 # if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
1257 /* Restore R2 */
1260 /* Restore LR */
1263 /* Branch to LR */
1264 /* re boring, we arrived here precisely because a wrapped fn did a
1265 blr (hence Ijk_Ret); so we should just mark this jump as Boring,
1266 else one _Call will have resulted in two _Rets. */
1270 # else
1271 # error Platform is not TOC-afflicted, fortunately
1272 # endif
1273 }
1274 #endif
1276 #if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
1278 static
1280 {
1282 /* Since we're creating the entire IRSB right here, give it a
1283 proper IMark, as it won't get one any other way, and cachegrind
1284 will barf if it doesn't have one (fair enough really). */
1286 /* Generate the magic sequence:
1287 pop R2 from hidden stack
1288 pop LR from hidden stack
1289 goto LR
1290 */
1293 real insns into it - just hand it directly to
1294 optimiser/instrumenter/backend. */
1295 }
1296 #endif
1298 #if defined(VGP_ppc64le_linux)
1299 /* Generate code to push LR and R2 onto this thread's redir stack.
1300 Need to save R2 in case we redirect to a global entry point. The
1301 value of R2 is not preserved when entering the global entry point.
1302 Need to make sure R2 gets restored on return. Set LR to the magic
1303 return stub, so we get to intercept the return and restore R2 and
1304 L2 to the values saved here.
1306 The existing infrastruture for the TOC enabled architectures is
1307 being exploited here. So, we need to enable a number of the
1308 code sections used by VG_PLAT_USES_PPCTOC.
1309 */
1312 {
1319 }
1320 # endif
1322 /* --------------- END helpers for with-TOC platforms --------------- */
1325 /* This is the IR preamble generator used for replacement
1326 functions. It adds code to set the guest_NRADDR{_GPR2} to zero
1327 (technically not necessary, but facilitates detecting mixups in
1328 which a replacement function has been erroneously declared using
1329 VG_REPLACE_FUNCTION_Z{U,Z} when instead it should have been written
1330 using VG_WRAP_FUNCTION_Z{U,Z}).
1332 On with-TOC platforms the follow hacks are also done: LR and R2 are
1333 pushed onto a hidden stack, R2 is set to the correct value for the
1334 replacement function, and LR is set to point at the magic
1335 return-stub address. Setting LR causes the return of the
1336 wrapped/redirected function to lead to our magic return stub, which
1337 restores LR and R2 from said stack and returns for real.
1339 VG_(get_StackTrace_wrk) understands that the LR value may point to
1340 the return stub address, and that in that case it can get the real
1341 LR value from the hidden stack instead. */
1342 static
1344 {
1345 Int nraddr_szB
1350 bb,
1354 )
1355 );
1356 // t9 needs to be set to point to the start of the redirected function.
1357 # if defined(VGP_mips32_linux) || defined(VGP_nanomips_linux)
1361 # endif
1362 # if defined(VGP_mips64_linux)
1366 # endif
1367 # if defined(VG_PLAT_USES_PPCTOC)
1370 bb,
1374 )
1375 );
1378 }
1379 # endif
1381 #if defined(VGP_ppc64le_linux)
1389 )
1390 );
1392 #endif
1394 }
1396 /* Ditto, except set guest_NRADDR to nraddr (the un-redirected guest
1397 address). This is needed for function wrapping - so the wrapper
1398 can read _NRADDR and find the address of the function being
1399 wrapped. On toc-afflicted platforms we must also snarf r2. */
1400 static
1402 {
1404 Int nraddr_szB
1409 bb,
1415 )
1416 );
1417 // t9 needs to be set to point to the start of the redirected function.
1418 # if defined(VGP_mips32_linux) || defined(VGP_nanomips_linux)
1421 # endif
1422 # if defined(VGP_mips64_linux)
1425 # endif
1426 # if defined(VG_PLAT_USES_PPCTOC)
1428 bb,
1433 )
1434 );
1437 # endif
1438 #if defined(VGP_ppc64le_linux)
1439 /* This saves the r2 before leaving the function. We need to move
1440 * guest_NRADDR_GPR2 back to R2 on return.
1441 */
1444 bb,
1449 )
1450 );
1453 #endif
1455 }
1457 /* --- Helpers to do with PPC related stack redzones. --- */
1461 {
1463 }
1465 /* --------------- main translation function --------------- */
1467 /* Note: see comments at top of m_redir.c for the Big Picture on how
1468 redirections are managed. */
1470 typedef
1472 /* normal translation, redir neither requested nor inhibited */
1473 T_Normal,
1474 /* redir translation, function-wrap (set _NRADDR) style */
1475 T_Redir_Wrap,
1476 /* redir translation, replacement (don't set _NRADDR) style */
1477 T_Redir_Replace,
1478 /* a translation in which redir is specifically disallowed */
1479 T_NoRedir
1480 }
1481 T_Kind;
1483 /* Translate the basic block beginning at NRADDR, and add it to the
1484 translation cache & translation table. Unless
1485 DEBUGGING_TRANSLATION is true, in which case the call is being done
1486 for debugging purposes, so (a) throw away the translation once it
1487 is made, and (b) produce a load of debugging output. If
1488 ALLOW_REDIRECTION is False, do not attempt redirection of NRADDR,
1489 and also, put the resulting translation into the no-redirect tt/tc
1490 instead of the normal one.
1492 TID is the identity of the thread requesting this translation.
1493 */
1496 Addr nraddr,
1497 Bool debugging_translation,
1498 Int debugging_verbosity,
1499 ULong bbs_done,
1500 Bool allow_redirection )
1501 {
1502 Addr addr;
1503 T_Kind kind;
1506 VexArch vex_arch;
1507 VexArchInfo vex_archinfo;
1508 VexAbiInfo vex_abiinfo;
1509 VexGuestExtents vge;
1510 VexTranslateArgs vta;
1511 VexTranslateResult tres;
1512 VgCallbackClosure closure;
1514 /* Make sure Vex is initialised right. */
1523 }
1525 /* Establish the translation kind and actual guest address to
1526 start from. Sets (addr,kind). */
1528 Bool isWrap;
1531 /* no redirection found */
1535 /* found a redirect */
1538 }
1542 }
1544 /* Established: (nraddr, addr, kind) */
1546 /* Printing redirection info. */
1550 Bool ok;
1555 /* Try also to get the soname (not the filename) of the "from"
1556 object. This makes it much easier to debug redirection
1557 problems. */
1564 }
1568 // Stash away name1
1578 }
1584 /* If doing any code printing, print a basic block start marker */
1593 }
1604 );
1605 }
1607 /* Are we allowed to translate here? */
1617 /* U R busted, sonny. Place your hands on your head and step
1618 away from the orig_addr. */
1619 /* Code address is bad - deliver a signal instead */
1621 /* There's some kind of segment at the requested place, but we
1622 aren't allowed to execute code here. */
1626 else
1629 /* There is no segment at all; we are attempting to execute in
1630 the middle of nowhere. */
1634 else
1636 }
1638 }
1640 /* True if a debug trans., or if bit N set in VG_(clo_trace_codegen). */
1644 }
1645 else
1650 }
1652 /* Figure out which preamble-mangling callback to send. */
1656 else
1660 /* LE we setup the LR */
1661 # if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
1663 /* If entering the special return stub, this means a wrapped or
1664 redirected function is returning. Make this translation one
1665 which restores R2 and LR from the thread's hidden redir
1666 stack, and branch to the (restored) link register, thereby
1667 really causing the function to return. */
1671 }
1672 # endif
1674 /* ------ Actually do the translation. ------ */
1678 /* Get the CPU info established at startup. */
1681 /* Set up 'abiinfo' structure with stuff Vex needs to know about
1682 the guest and host ABIs. */
1687 # if defined(VGP_amd64_linux)
1690 # endif
1692 # if defined(VGP_amd64_darwin)
1694 # endif
1696 # if defined(VGP_amd64_solaris)
1698 # endif
1700 # if defined(VGP_ppc32_linux)
1703 # endif
1705 # if defined(VGP_ppc64be_linux)
1709 # endif
1711 # if defined(VGP_ppc64le_linux)
1715 # endif
1717 # if defined(VGP_mips32_linux) || defined(VGP_mips64_linux)
1721 # if defined(VGP_mips32_linux)
1724 # endif
1725 /* Compute guest__use_fallback_LLSC, overiding any settings of
1726 VG_(clo_fallback_llsc) that we know would cause the guest to
1727 fail (loop). */
1729 /* We must use the fallback scheme. */
1732 vex_abiinfo.guest__use_fallback_LLSC
1734 }
1735 # endif
1737 #if defined(VGP_nanomips_linux)
1738 vex_abiinfo.guest__use_fallback_LLSC
1740 #endif
1742 # if defined(VGP_arm64_linux)
1743 vex_abiinfo.guest__use_fallback_LLSC
1748 # endif
1750 /* Set up closure args. */
1755 /* Set up args for LibVEX_Translate. */
1770 instrumentation callback - which takes a void* first argument
1771 - with Valgrind's view, in which the first arg is a
1772 VgCallbackClosure*. Hence the following longwinded casts.
1773 They are entirely legal but longwinded so as to maximise the
1774 chance of the C typechecker picking up any type snafus. */
1779 ? tool_instrument_then_gdbserver_if_needed
1785 }
1786 /* No need for type kludgery here. */
1788 ? vg_SP_update_pass
1799 /* Set up the dispatch continuation-point info. If this is a
1800 no-redir translation then it cannot be chained, and the chain-me
1801 points are set to NULL to indicate that. The indir point must
1802 also be NULL, since we can't allow this translation to do an
1803 indir transfer -- that would take it back into the main
1804 translation cache too.
1806 All this is because no-redir translations live outside the main
1807 translation cache (in a secondary one) and chaining them would
1808 involve more adminstrative complexity that isn't worth the
1809 hassle, because we don't expect them to get used often. So
1810 don't bother. */
1812 vta.disp_cp_chain_me_to_slowEP
1814 vta.disp_cp_chain_me_to_fastEP
1816 vta.disp_cp_xindir
1822 }
1823 /* This doesn't involve chaining and so is always allowable. */
1824 vta.disp_cp_xassisted
1827 /* Sheesh. Finally, actually _do_ the translation! */
1841 /* Tell aspacem of all segments that have had translations taken
1842 from them. */
1845 }
1847 /* Copy data at trans_addr into the translation cache. */
1850 // If debugging, don't do anything with the translated block; we
1851 // only did this for the debugging output produced along the way.
1855 // Put it into the normal TT/TC structures. This is the
1856 // normal case.
1858 // Note that we use nraddr (the non-redirected address), not
1859 // addr, which might have been changed by the redirection
1861 nraddr,
1863 tmpbuf_used,
1870 nraddr,
1872 tmpbuf_used );
1873 }
1874 }
1877 }
1879 /*--------------------------------------------------------------------*/
1880 /*--- end ---*/
1881 /*--------------------------------------------------------------------*/