| blob | f7717f6377651ae8cfb5f24e1a17c30c7986d4f2 |
2 /*--------------------------------------------------------------------*/
3 /*--- Management of the translation table and cache. ---*/
4 /*--- m_transtab.c ---*/
5 /*--------------------------------------------------------------------*/
7 /*
8 This file is part of Valgrind, a dynamic binary instrumentation
9 framework.
11 Copyright (C) 2000-2017 Julian Seward
12 jseward@acm.org
14 This program is free software; you can redistribute it and/or
15 modify it under the terms of the GNU General Public License as
16 published by the Free Software Foundation; either version 2 of the
17 License, or (at your option) any later version.
19 This program is distributed in the hope that it will be useful, but
20 WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22 General Public License for more details.
24 You should have received a copy of the GNU General Public License
25 along with this program; if not, write to the Free Software
26 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
27 02111-1307, USA.
29 The GNU General Public License is contained in the file COPYING.
30 */
49 #define DEBUG_TRANSTAB 0
52 /*-------------------------------------------------------------*/
53 /*--- Management of the FIFO-based translation table+cache. ---*/
54 /*-------------------------------------------------------------*/
56 /* Nr of sectors provided via command line parameter. */
58 /* Nr of sectors.
59 Will be set by VG_(init_tt_tc) to VG_(clo_num_transtab_sectors). */
62 /* Average size of a transtab code entry. 0 means to use the tool
63 provided default. */
66 /*------------------ CONSTANTS ------------------*/
67 /* Number of entries in hash table of each sector. This needs to be a prime
68 number to work properly, it must be <= 65535 (so that a TTE index
69 fits in a UShort, leaving room for 0xFFFF(EC2TTE_DELETED, HTT_DELETED)
70 to denote 'deleted') and 0xFFFE (HTT_EMPTY) to denote 'Empty' in the
71 hash table.
72 It is strongly recommended not to change this.
73 65521 is the largest prime <= 65535. */
77 #define HTT_DELETED EC2TTE_DELETED
78 #define HTT_EMPTY 0XFFFE
80 // HTTno is the Sector->htt hash table index. Must be the same type as TTEno.
83 /* Because each sector contains a hash table of TTEntries, we need to
84 specify the maximum allowable loading, after which the sector is
85 deemed full. */
86 #define SECTOR_TT_LIMIT_PERCENT 65
88 /* The sector is deemed full when this many entries are in it. */
89 #define N_TTES_PER_SECTOR \
90 ((N_HTTES_PER_SECTOR * SECTOR_TT_LIMIT_PERCENT) / 100)
92 /* Equivalence classes for fast address range deletion. There are 1 +
93 2^ECLASS_WIDTH bins. The highest one, ECLASS_MISC, describes an
94 address range which does not fall cleanly within any specific bin.
95 Note that ECLASS_SHIFT + ECLASS_WIDTH must be < 32.
96 ECLASS_N must fit in a EclassNo. */
97 #define ECLASS_SHIFT 13
98 #define ECLASS_WIDTH 9
99 #define ECLASS_MISC (1 << ECLASS_WIDTH)
100 #define ECLASS_N (1 + ECLASS_MISC)
105 /*------------------ TYPES ------------------*/
107 /* In edges ("to-me") in the graph created by chaining. */
108 typedef
113 where the patch is */
115 }
116 InEdge;
119 /* Out edges ("from-me") in the graph created by chaining. */
120 typedef
125 }
126 OutEdge;
129 #define N_FIXED_IN_EDGE_ARR 3
130 typedef
138 }
139 InEdgeArr;
141 #define N_FIXED_OUT_EDGE_ARR 2
142 typedef
150 }
151 OutEdgeArr;
154 /* A translation-table entry. This indicates precisely which areas of
155 guest code are included in the translation, and contains all other
156 auxiliary info too. These are split into hold and cold parts,
157 TTEntryH and TTEntryC, so as to be more cache-friendly
158 (a.k.a. "faster") when searching for translations that intersect
159 with a certain guest code address range, for deletion. In the
160 worst case this can involve a sequential scan through all the hot
161 parts, so they are packed as compactly as possible -- 32 bytes on a
162 64-bit platform, 20 bytes on a 32-bit platform.
164 Each TTEntry is logically a matching cold-and-hot pair, and in fact
165 it was originally one structure. First, the cold part.
166 */
167 typedef
171 /* Profiling only: the count and weight (arbitrary meaning) for
172 this translation. Weight is a property of the translation
173 itself and computed once when the translation is created.
174 Count is an entry count for the translation and is
175 incremented by 1 every time the translation is used, if we
176 are profiling. */
177 ULong count;
178 UShort weight;
183 /* 64-bit aligned pointer to one or more 64-bit words containing
184 the corresponding host code (must be in the same sector!)
185 This is a pointer into the sector's tc (code) area. */
188 /* This is the original guest address that purportedly is the
189 entry point of the translation. You might think that .entry
190 should be the same as .vge->base[0], and most of the time it
191 is. However, when doing redirections, that is not the case.
192 .vge must always correctly describe the guest code sections
193 from which this translation was made. However, .entry may or
194 may not be a lie, depending on whether or not we're doing
195 redirection. */
196 Addr entry;
198 /* Address range summary info: these are pointers back to
199 eclass[] entries in the containing Sector. Those entries in
200 turn point back here -- the two structures are mutually
201 redundant but both necessary to make fast deletions work.
202 The eclass info is similar to, and derived from, this entry's
203 'vge' field, but it is not the same */
207 // for i in 0 .. n_tte2ec-1
208 // sec->ec2tte[ tte2ec_ec[i] ][ tte2ec_ix[i] ]
209 // should be the index
210 // of this TTEntry in the containing Sector's tt array.
212 /* Admin information for chaining. 'in_edges' is a set of the
213 patch points which jump to this translation -- hence are
214 predecessors in the control flow graph. 'out_edges' points
215 to successors in the control flow graph -- translations to
216 which this one has a patched jump. In short these are just
217 backwards and forwards edges in the graph of patched-together
218 blocks. The 'in_edges' contain slightly more info, enough
219 that we can undo the chaining of each mentioned patch point.
220 The 'out_edges' list exists only so that we can visit the
221 'in_edges' entries of all blocks we're patched through to, in
222 order to remove ourselves from then when we're deleted. */
224 /* A translation can disappear for two reasons:
225 1. erased (as part of the oldest sector cleanup) when the
226 youngest sector is full.
227 2. discarded due to calls to VG_(discard_translations).
228 VG_(discard_translations) sets the status of the
229 translation to 'Deleted'.
230 A.o., the gdbserver discards one or more translations
231 when a breakpoint is inserted or removed at an Addr,
232 or when single stepping mode is enabled/disabled
233 or when a translation is instrumented for gdbserver
234 (all the target jumps of this translation are
235 invalidated).
237 So, it is possible that the translation A to be patched
238 (to obtain a patched jump from A to B) is invalidated
239 after B is translated and before A is patched.
240 In case a translation is erased or discarded, the patching
241 cannot be done. VG_(tt_tc_do_chaining) and find_TTEntry_from_hcode
242 are checking the 'from' translation still exists before
243 doing the patching.
245 Is it safe to erase or discard the current translation E being
246 executed ? Amazing, but yes, it is safe.
247 Here is the explanation:
249 The translation E being executed can only be erased if a new
250 translation N is being done. A new translation is done only
251 if the host addr is a not yet patched jump to another
252 translation. In such a case, the guest address of N is
253 assigned to the PC in the VEX state. Control is returned
254 to the scheduler. N will be translated. This can erase the
255 translation E (in case of sector full). VG_(tt_tc_do_chaining)
256 will not do the chaining to a non found translation E.
257 The execution will continue at the current guest PC
258 (i.e. the translation N).
259 => it is safe to erase the current translation being executed.
261 The current translation E being executed can also be discarded
262 (e.g. by gdbserver). VG_(discard_translations) will mark
263 this translation E as Deleted, but the translation itself
264 is not erased. In particular, its host code can only
265 be overwritten or erased in case a new translation is done.
266 A new translation will only be done if a not yet translated
267 jump is to be executed. The execution of the Deleted translation
268 E will continue till a non patched jump is encountered.
269 This situation is then similar to the 'erasing' case above :
270 the current translation E can be erased or overwritten, as the
271 execution will continue at the new translation N.
272 */
274 /* It is possible, although very unlikely, that a block A has
275 more than one patched jump to block B. This could happen if
276 (eg) A finishes "jcond B; jmp B".
278 This means in turn that B's in_edges set can list A more than
279 once (twice in this example). However, each such entry must
280 have a different from_offs, since a patched jump can only
281 jump to one place at once (it's meaningless for it to have
282 multiple destinations.) IOW, the successor and predecessor
283 edges in the graph are not uniquely determined by a
284 TTEntry --> TTEntry pair, but rather by a
285 (TTEntry,offset) --> TTEntry triple.
287 If A has multiple edges to B then B will mention A multiple
288 times in its in_edges. To make things simpler, we then
289 require that A mentions B exactly the same number of times in
290 its out_edges. Furthermore, a matching out-in pair must have
291 the same offset (from_offs). This facilitates sanity
292 checking, and it facilitates establishing the invariant that
293 a out_edges set may not have duplicates when using the
294 equality defined by (TTEntry,offset). Hence the out_edges
295 and in_edges sets really do have both have set semantics.
297 eg if A has been patched to B at offsets 42 and 87 (in A)
298 then A.out_edges = { (B,42), (B,87) } (in any order)
299 and B.in_edges = { (A,42), (A,87) } (in any order)
301 Hence for each node pair P->Q in the graph, there's a 1:1
302 mapping between P.out_edges and Q.in_edges.
303 */
304 InEdgeArr in_edges;
305 OutEdgeArr out_edges;
306 }
307 TTEntryC;
309 /* And this is the hot part. */
310 typedef
312 /* This structure describes precisely what ranges of guest code
313 the translation covers, so we can decide whether or not to
314 delete it when translations of a given address range are
315 invalidated. Originally this was a VexGuestExtents, but that
316 itself is 32 bytes on a 64-bit target, and we really want to
317 squeeze in an 8-bit |status| field into the 32 byte field, so
318 as to get 2 of them in a 64 byte LLC line. Hence the
319 VexGuestExtents fields are inlined, the _n_used field is
320 changed to a UChar (it only ever has the values 1, 2 or 3)
321 and the 8-bit status field is placed in byte 31 of the
322 structure. */
323 /* ORIGINALLY: VexGuestExtents vge; */
328 /* Status of the slot. Note, we need to be able to do lazy
329 deletion, hence the Deleted state. */
331 }
332 TTEntryH;
335 /* Impedance matchers, that convert between a VexGuestExtents and a
336 TTEntryH, ignoring TTEntryH::status, which doesn't exist in a
337 VexGuestExtents -- it is entirely unrelated. */
339 /* Takes a VexGuestExtents and pushes it into a TTEntryH. The
340 TTEntryH.status field is left unchanged. */
341 static
344 {
352 }
354 /* Takes a TTEntryH and pushes the vge_ components into a VexGuestExtents. */
355 static
358 {
366 }
369 /* A structure used for mapping host code addresses back to the
370 relevant TTEntry. Used when doing chaining, for finding the
371 TTEntry to which some arbitrary patch address belongs. */
372 typedef
375 UInt len;
376 TTEno tteNo;
377 }
378 HostExtent;
380 /* Finally, a sector itself. Each sector contains an array of
381 TCEntries, which hold code, and an array of TTEntries, containing
382 all required administrative info. Profiling is supported using the
383 TTEntry usage.prof.count and usage.prof.weight fields, if required.
385 If the sector is not in use, all three pointers are NULL and
386 tt_n_inuse is zero.
387 */
388 typedef
390 /* The TCEntry area. Size of this depends on the average
391 translation size. We try and size it so it becomes full
392 precisely when this sector's translation table (tt) reaches
393 its load limit (SECTOR_TT_LIMIT_PERCENT). */
396 /* An hash table, mapping guest address to an index in the tt array.
397 htt is a fixed size, always containing
398 exactly N_HTTES_PER_SECTOR entries. */
401 /* The TTEntry{C,H} arrays. These are a fixed size, always
402 containing exactly N_TTES_PER_SECTOR entries. */
406 /* This points to the current allocation point in tc. */
409 /* The count of tt entries with state InUse. */
410 Int tt_n_inuse;
412 /* A list of Empty/Deleted entries, chained by tte->next_empty_tte */
413 TTEno empty_tt_list;
415 /* Expandable arrays of tt indices for each of the ECLASS_N
416 address range equivalence classes. These hold indices into
417 the containing sector's tt array, which in turn should point
418 back here. */
423 /* The host extents. The [start, +len) ranges are constructed
424 in strictly non-overlapping order, so we can binary search
425 them at any time. */
427 }
428 Sector;
431 /*------------------ DECLS ------------------*/
433 /* The root data structure is an array of sectors. The index of the
434 youngest sector is recorded, and new translations are put into that
435 sector. When it fills up, we move along to the next sector and
436 start to fill that up, wrapping around at the end of the array.
437 That way, once all N_TC_SECTORS have been bought into use for the
438 first time, and are full, we then re-use the oldest sector,
439 endlessly.
441 When running, youngest sector should be between >= 0 and <
442 N_TC_SECTORS. The initial value indicates the TT/TC system is
443 not yet initialised.
444 */
448 /* The number of ULongs in each TCEntry area. This is computed once
449 at startup and does not change. */
453 /* A list of sector numbers, in the order which they should be
454 searched to find translations. This is an optimisation to be used
455 when searching for translations and should not affect
456 correctness. INV_SNO denotes "no entry". */
460 /* Fast helper for the TC. A 4-way set-associative cache, with more-or-less LRU
461 replacement. It holds a set of recently used (guest address, host address)
462 pairs. This array is referred to directly from
463 m_dispatch/dispatch-<platform>.S.
465 Entries in tt_fast may refer to any valid TC entry, regardless of
466 which sector it's in. Consequently we must be very careful to
467 invalidate this cache when TC entries are changed or disappear.
469 A special .guest address - TRANSTAB_BOGUS_GUEST_ADDR -- must be
470 pointed at to cause that cache entry to miss. This relies on the
471 assumption that no guest code actually has that address, hence a
472 value 0x1 seems good. m_translate gives the client a synthetic
473 segfault if it tries to execute at this address.
474 */
475 /*
476 typedef
477 struct {
478 Addr guest0;
479 Addr host0;
480 Addr guest1;
481 Addr host1;
482 Addr guest2;
483 Addr host2;
484 Addr guest3;
485 Addr host3;
486 }
487 FastCacheSet;
488 */
492 /* Make sure we're not used before initialisation. */
496 /*------------------ STATS DECLS ------------------*/
498 /* Number of fast-cache updates and flushes done. */
502 /* Number of full lookups done. */
506 /* Number/osize/tsize of translations entered; also the number of
507 those for which self-checking was requested. */
513 /* Number/osize of translations discarded due to lack of space. */
518 /* Number/osize of translations discarded due to requests to do so. */
523 /*-------------------------------------------------------------*/
524 /*--- Misc ---*/
525 /*-------------------------------------------------------------*/
528 {
530 }
533 {
535 }
538 /*-------------------------------------------------------------*/
539 /*--- Chaining support ---*/
540 /*-------------------------------------------------------------*/
543 {
552 }
555 {
563 }
566 {
571 }
574 {
578 }
581 {
583 }
586 {
588 }
591 {
598 }
599 }
602 {
611 }
612 }
614 static
616 {
623 }
624 }
626 static
628 {
636 }
638 }
639 }
641 static
643 {
650 /* The fixed array is full, so we have to initialise an
651 XArray and copy the fixed array into it. */
653 ttaux_free,
656 UWord i;
659 }
665 /* Just add to the fixed array. */
667 }
668 }
669 }
672 {
679 }
680 }
683 {
692 }
693 }
695 static
697 {
704 }
705 }
707 static
709 {
717 }
719 }
720 }
722 static
724 {
731 /* The fixed array is full, so we have to initialise an
732 XArray and copy the fixed array into it. */
734 ttaux_free,
737 UWord i;
740 }
746 /* Just add to the fixed array. */
748 }
749 }
750 }
752 static
754 {
760 }
762 /* True if hx is a dead host extent, i.e. corresponds to host code
763 of an entry that was invalidated. */
764 static
766 {
768 #define LDEBUG(m) if (DEBUG_TRANSTAB) \
769 VG_(printf) (m \
772 hx->start, hx->len, (int)(sec - sectors), \
773 hx->tteNo, \
774 sec->ttC[tteNo].entry, sec->ttC[tteNo].tcptr)
776 /* Entry might have been invalidated and not re-used yet.*/
780 }
781 /* Maybe we found this entry via a host_extents which was
782 inserted for an entry which was changed to Deleted then
783 re-used after. If this entry was re-used, then its tcptr
784 is >= to host_extents start (i.e. the previous tcptr) + len.
785 This is the case as there is no re-use of host code: a new
786 entry or re-used entry always gets "higher value" host code. */
790 }
793 #undef LDEBUG
794 }
800 {
801 SECno i;
803 /* Search order logic copied from VG_(search_transtab). */
813 HostExtent key;
820 HostExtent__cmpOrd );
825 /* Do some additional sanity checks. */
828 /* if this hx entry corresponds to dead host code, we must
829 tell this code has not been found, as it cannot be patched. */
834 /* Can only half check that the found TTEntry contains hcode,
835 due to not having a length value for the hcode in the
836 TTEntry. */
838 /* Looks plausible */
842 }
843 }
845 }
848 /* Figure out whether or not hcode is jitted code present in the main
849 code cache (but not in the no-redir cache). Used for sanity
850 checking. */
852 {
862 }
864 }
867 /* Fulfill a chaining request, and record admin info so we
868 can undo it later, if required.
869 */
871 SECno to_sNo,
872 TTEno to_tteNo,
873 Bool to_fastEP )
874 {
875 /* Get the CPU info established at startup. */
877 VexArchInfo archinfo_host;
882 // host_code is where we're patching to. So it needs to
883 // take into account, whether we're jumping to the slow
884 // or fast entry point. By definition, the fast entry point
885 // is exactly one event check's worth of code along from
886 // the slow (tcptr) entry point.
891 // stay sane -- the patch point (dst) is in this sector's code cache
896 /* Find the TTEntry for the from__ code. This isn't simple since
897 we only know the patch address, which is going to be somewhere
898 inside the from_ block. */
901 Bool from_found
903 from__patch_addr );
905 // The from code might have been discarded due to sector re-use
906 // or marked Deleted due to translation invalidation.
907 // In such a case, don't do the chaining.
909 "host code %p not found (discarded? sector recycled?)"
911 from__patch_addr);
913 }
917 /* Get VEX to do the patching itself. We have to hand it off
918 since it is host-dependent. */
919 VexInvalRange vir
922 from__patch_addr,
927 );
930 /* Now do the tricky bit -- update the ch_succs and ch_preds info
931 for the two translations involved, so we can undo the chaining
932 later, which we will have to do if the to_ block gets removed
933 for whatever reason. */
935 /* This is the new from_ -> to_ link to add. */
936 InEdge ie;
946 /* This is the new to_ -> from_ backlink to add. */
947 OutEdge oe;
953 /* Add .. */
956 }
959 /* Unchain one patch, as described by the specified InEdge. For
960 sanity check purposes only (to check that the patched location is
961 as expected) it also requires the fast and slow entry point
962 addresses of the destination block (that is, the block that owns
963 this InEdge). */
968 {
970 TTEntryC* tteC
972 UChar* place_to_patch
974 UChar* disp_cp_chain_me
978 );
979 UChar* place_to_jump_to_EXPECTED
982 // stay sane: both src and dst for this unchaining are
983 // in the main code cache
986 // dst check is ok because LibVEX_UnChain checks that
987 // place_to_jump_to_EXPECTED really is the current dst, and
988 // asserts if it isn't.
989 VexInvalRange vir
993 }
996 /* The specified block is about to be deleted. Update the preds and
997 succs of its associated blocks accordingly. This includes undoing
998 any chained jumps to this block. */
999 static
1001 VexEndness endness_host,
1003 {
1015 /* Visit all InEdges owned by here_tte. */
1019 // Undo the chaining.
1023 // Find the corresponding entry in the "from" node's out_edges,
1024 // and remove it.
1033 }
1036 }
1038 /* Visit all OutEdges owned by here_tte. */
1042 // Find the corresponding entry in the "to" node's in_edges,
1043 // and remove it.
1052 }
1055 }
1059 }
1062 /*-------------------------------------------------------------*/
1063 /*--- Address-range equivalence class stuff ---*/
1064 /*-------------------------------------------------------------*/
1066 /* Return equivalence class number for a range. */
1069 {
1080 }
1081 }
1084 /* Calculates the equivalence class numbers for any VexGuestExtent.
1085 These are written in *eclasses, which must be big enough to hold 3
1086 Ints. The number written, between 1 and 3, is returned. The
1087 eclasses are presented in order, and any duplicates are removed.
1088 */
1090 static
1093 {
1095 # define SWAP(_lv1,_lv2) \
1096 do { Int t = _lv1; _lv1 = _lv2; _lv2 = t; } while (0)
1099 EClassNo r;
1108 /* only add if we haven't already seen it */
1114 }
1120 /* sort */
1124 }
1127 /* sort */
1135 }
1137 /* NOTREACHED */
1140 bad:
1144 # undef SWAP
1145 }
1148 /* Add tteno to the set of entries listed for equivalence class ec in
1149 this sector. Returns used location in eclass array. */
1151 static
1153 {
1179 }
1181 /* Common case */
1186 }
1189 /* 'vge' is being added to 'sec' at TT entry 'tteno'. Add appropriate
1190 eclass entries to 'sec'. */
1192 static
1194 {
1208 }
1209 }
1212 /* Check the eclass info in 'sec' to ensure it is consistent. Returns
1213 True if OK, False if something's not right. Expensive. */
1216 {
1217 # define BAD(_str) do { whassup = (_str); goto bad; } while (0)
1221 EClassNo i;
1222 EClassNo ec_num;
1223 TTEno tteno;
1226 /* Basic checks on this sector */
1233 /* For each eclass ... */
1245 /* For each tt reference in each eclass .. ensure the reference
1246 is to a valid tt entry, and that the entry's address ranges
1247 really include this eclass. */
1261 /* Exactly least one of tte->eclasses[0 .. tte->n_eclasses-1]
1262 must equal i. Inspect tte's eclass info. */
1277 n++;
1278 }
1281 }
1282 }
1284 /* That establishes that for each forward pointer from TTEntrys
1285 there is a corresponding backward pointer from the eclass[]
1286 arrays. However, it doesn't rule out the possibility of other,
1287 bogus pointers in the eclass[] arrays. So do those similarly:
1288 scan through them and check the TTEntryies they point at point
1289 back. */
1299 }
1315 }
1316 }
1320 bad:
1324 # if 0
1331 }
1335 }
1336 # endif
1340 # undef BAD
1341 }
1344 /* Sanity check absolutely everything. True == check passed. */
1346 /* forwards */
1350 {
1352 /* assert the array is the right size */
1355 /* Check it's of the form valid_sector_numbers ++ [INV_SNO, INV_SNO, ..] */
1360 }
1365 }
1368 /* Check each sector number only appears once */
1375 }
1376 }
1377 /* Check that the number of listed sectors equals the number
1378 in use, by counting nListed back down. */
1381 nListed--;
1382 }
1386 }
1389 {
1390 SECno sno;
1391 Bool sane;
1394 Int i;
1396 Int szhxa;
1407 nr_not_dead_hx++;
1408 }
1411 "nr_not_dead_hx %d sanity fail "
1415 }
1416 }
1423 }
1427 /*-------------------------------------------------------------*/
1428 /*--- Add/find translations ---*/
1429 /*-------------------------------------------------------------*/
1432 {
1437 }
1440 {
1445 }
1448 {
1452 }
1455 {
1463 }
1465 /* Invalidate the fast cache VG_(tt_fast). */
1467 {
1474 }
1475 n_fast_flushes++;
1476 }
1478 /* Invalidate a single fast cache entry. */
1480 {
1481 /* This shouldn't fail. It should be assured by m_translate
1482 which should reject any attempt to make translation of code
1483 starting at TRANSTAB_BOGUS_GUEST_ADDR. */
1485 /* If any entry in the line is the right one, just set it to
1486 TRANSTAB_BOGUS_GUEST_ADDR. Doing so ensure that the entry will never
1487 be used in future, so will eventually fall off the end of the line,
1488 due to LRU replacement, and be replaced with something that's actually
1489 useful. */
1494 }
1497 }
1500 }
1503 }
1504 }
1507 {
1508 /* This shouldn't fail. It should be assured by m_translate
1509 which should reject any attempt to make translation of code
1510 starting at TRANSTAB_BOGUS_GUEST_ADDR. */
1512 /* Shift all entries along one, so that the LRU one disappears, and put the
1513 new entry at the MRU position. */
1524 n_fast_updates++;
1525 }
1529 {
1530 TTEno i;
1538 }
1541 {
1544 }
1547 {
1548 UInt i;
1549 SysRes sres;
1555 }
1560 /* Sector has never been used before. Need to allocate tt and
1561 tc. */
1570 }
1580 /*NOTREACHED*/
1581 }
1589 /*NOTREACHED*/
1590 }
1598 /*NOTREACHED*/
1599 }
1607 }
1614 /*NOTREACHED*/
1615 }
1620 /* Set up the host_extents array. */
1621 sec->host_extents
1623 ttaux_free,
1626 /* Add an entry in the sector_search_order */
1630 }
1639 /* Sector has been used before. Dump the old contents. */
1642 n_sectors_recycled++;
1650 VexArchInfo archinfo_host;
1655 /* Visit each just-about-to-be-abandoned translation. */
1657 sno);
1664 /* Tell the tool too. */
1666 VexGuestExtents vge_tmp;
1670 }
1675 }
1679 }
1684 sno);
1686 /* Free up the eclass structures. */
1697 }
1698 }
1700 /* Empty out the host extents array. */
1705 /* Sanity check: ensure it is already in
1706 sector_search_order[]. */
1707 SECno ix;
1711 }
1716 }
1725 }
1726 }
1728 /* Add a translation of vge to TT/TC. The translation is temporarily
1729 in code[0 .. code_len-1].
1731 pre: youngest_sector points to a valid (although possibly full)
1732 sector.
1733 */
1735 Addr entry,
1736 Addr code,
1737 UInt code_len,
1738 Bool is_self_checking,
1739 Int offs_profInc,
1740 UInt n_guest_instrs )
1741 {
1750 /* 60000: should agree with N_TMPBUF in m_translate.c. */
1753 /* Generally stay sane */
1760 n_in_count++;
1764 n_in_sc_count++;
1772 /* Try putting the translation in this sector. */
1775 /* Will it fit in tc? */
1783 /* No. So move on to the next sector. Either it's never been
1784 used before, in which case it will get its tt/tc allocated
1785 now, or it has been used before, in which case it is set to be
1786 empty, hence throwing out the oldest sector. */
1794 "declare sector %d full "
1798 }
1799 youngest_sector++;
1804 }
1806 /* Be sure ... */
1815 /* Copy into tc. */
1826 /* more paranoia */
1831 /* Find an empty tt slot, and use it. There must be such a slot
1832 since tt is never allowed to get completely full. */
1844 // Point an htt entry to the tt slot
1851 htti++;
1854 }
1857 /* Patch in the profile counter location, if necessary. */
1861 VexArchInfo archinfo_host;
1865 VexInvalRange vir
1870 }
1874 /* Add this entry to the host_extents map, checking that we're
1875 adding in order. */
1887 }
1892 }
1894 /* Update the fast-cache. */
1897 /* Note the eclass numbers for this translation. */
1899 }
1902 /* Search for the translation of the given guest address. If
1903 requested, a successful search can also cause the fast-caches to be
1904 updated.
1905 */
1909 Addr guest_addr,
1910 Bool upd_cache )
1911 {
1914 TTEno tti;
1917 /* Find the initial probe point just once. It will be the same in
1918 all sectors and avoids multiple expensive % operations. */
1919 n_full_lookups++;
1923 /* Search in all the sectors,using sector_search_order[] as a
1924 heuristic guide as to what order to visit the sectors. */
1933 n_lookup_probes++;
1937 /* found it */
1947 /* pull this one one step closer to the front. For large
1948 apps this more or less halves the number of required
1949 probes. */
1954 }
1956 }
1957 // tti is HTT_EMPTY or HTT_DELETED or not the entry of guest_addr
1960 k++;
1963 }
1965 /* If we fall off the end, all entries are InUse and not
1966 matching, or Deleted. In any case we did not find it in this
1967 sector. */
1968 }
1970 /* Not found in any sector. */
1972 }
1975 /*-------------------------------------------------------------*/
1976 /*--- Delete translations. ---*/
1977 /*-------------------------------------------------------------*/
1979 /* forward */
1982 /* Stuff for deleting translations which intersect with a given
1983 address range. Unfortunately, to make this run at a reasonable
1984 speed, it is complex. */
1988 {
1994 }
1998 {
2010 }
2013 /* Delete a tt entry, and update all the eclass data accordingly. */
2018 {
2020 EClassNo ec_num;
2022 /* sec and secNo are mutually redundant; cross-check. */
2035 /* Unchain .. */
2038 /* Deal with the ec-to-tte links first. */
2045 /* Assert that the two links point at each other. */
2047 /* "delete" the pointer back to here. */
2049 }
2051 /* Now fix up this TTEntry. */
2052 /* Mark the entry as deleted in htt.
2053 Note: we could avoid the below hash table search by
2054 adding a reference from tte to its hash position in tt. */
2055 HTTno j;
2061 k++;
2064 }
2071 /* Stats .. */
2073 n_disc_count++;
2076 /* Tell the tool too. */
2078 VexGuestExtents vge_tmp;
2081 }
2082 }
2085 /* Delete translations from sec which intersect specified range, but
2086 only consider translations in the specified eclass. */
2088 static
2092 EClassNo ec,
2093 VexArch arch_host,
2094 VexEndness endness_host )
2095 {
2096 Int i;
2097 TTEno tteno;
2106 /* already deleted */
2108 }
2116 numDeld++;
2118 }
2120 }
2123 }
2126 /* Delete translations from sec which intersect specified range, the
2127 slow way, by inspecting all translations in sec. */
2129 static
2133 VexArch arch_host,
2134 VexEndness endness_host )
2135 {
2136 TTEno i;
2140 /* The entire and only purpose of splitting TTEntry into cold
2141 and hot parts (TTEntryC and TTEntryH) is to make this search
2142 loop run as fast as possible, by avoiding having to pull all
2143 of the cold data up the memory hierarchy. */
2146 numDeld++;
2148 }
2149 }
2152 }
2157 {
2159 SECno sno;
2160 EClassNo ec;
2162 /* It is very commonly the case that a call here results in discarding of
2163 exactly one superblock. As an optimisation only, use ga_deleted and
2164 numDeleted to detect this situation and to record the guest addr involved.
2165 That is then used to avoid calling invalidateFastCache in this case.
2166 Instead the individual entry in the fast cache is removed. This can reduce
2167 the overall VG_(fast_cache) miss rate significantly in applications that do
2168 a lot of short code discards (basically jit generated code that is
2169 subsequently patched).
2171 ga_deleted is made to hold the guest address of the last superblock deleted
2172 (in this call to VG_(discard_translations)). If more than one superblock
2173 is deleted (or none), then we ignore what is written to ga_deleted. If
2174 exactly one superblock is deleted then ga_deleted holds exactly what we
2175 want and will be used.
2176 */
2186 /* Pre-deletion sanity check */
2190 }
2196 VexArchInfo archinfo_host;
2201 /* There are two different ways to do this.
2203 If the range fits within a single address-range equivalence
2204 class, as will be the case for a cache line sized invalidation,
2205 then we only have to inspect the set of translations listed in
2206 that equivalence class, and also in the "sin-bin" equivalence
2207 class ECLASS_MISC.
2209 Otherwise, the invalidation is of a larger range and probably
2210 results from munmap. In this case it's (probably!) faster just
2211 to inspect all translations, dump those we don't want, and
2212 regenerate the equivalence class information (since modifying it
2213 in-situ is even more expensive).
2214 */
2216 /* First off, figure out if the range falls within a single class,
2217 and if so which one. */
2223 /* if ec is ECLASS_MISC then we aren't looking at just a single
2224 class, so use the slow scheme. Else use the fast scheme,
2225 examining 'ec' and ECLASS_MISC. */
2232 /* Fast scheme */
2242 );
2246 );
2247 }
2251 /* slow scheme */
2262 arch_host, endness_host
2263 );
2264 }
2266 }
2269 // "ga_deleted was never set"
2273 // "ga_deleted was set to something valid"
2275 // Just invalidate the individual VG_(tt_fast) cache entry \o/
2280 // "ga_deleted was set to something valid"
2282 // Nuke the entire VG_(tt_fast) cache. Sigh.
2284 }
2286 /* don't forget the no-redir cache */
2289 /* Post-deletion sanity check */
2291 TTEno i;
2294 /* But now, also check the requested address range isn't
2295 present anywhere. */
2305 }
2306 }
2307 }
2308 }
2310 /* Whether or not tools may discard translations. */
2313 /* This function is exported to tools which can use it to discard
2314 translations, provided it is safe to do so. */
2317 {
2320 }
2322 /*------------------------------------------------------------*/
2323 /*--- AUXILIARY: the unredirected TT/TC ---*/
2324 /*------------------------------------------------------------*/
2326 /* A very simple translation cache which holds a small number of
2327 unredirected translations. This is completely independent of the
2328 main tt/tc structures. When unredir_tc or unredir_tt becomes full,
2329 both structures are simply dumped and we start over.
2331 Since these translations are unredirected, the search key is (by
2332 definition) the first address entry in the .vge field. */
2334 /* Sized to hold 500 translations of average size 1000 bytes. */
2336 #define UNREDIR_SZB 1000
2338 #define N_UNREDIR_TT 500
2339 #define N_UNREDIR_TCQ (N_UNREDIR_TT * UNREDIR_SZB / sizeof(ULong))
2341 typedef
2343 VexGuestExtents vge;
2344 Addr hcode;
2345 Bool inUse;
2346 }
2347 UTCEntry;
2349 /* We just allocate forwards in _tc, never deleting. */
2353 /* Slots in _tt can come into use and out again (.inUse).
2354 Nevertheless _tt_highwater is maintained so that invalidations
2355 don't have to scan all the slots when only a few are in use.
2356 _tt_highwater holds the index of the highest ever allocated
2357 slot. */
2363 {
2364 Int i;
2371 /*NOTREACHED*/
2372 }
2374 }
2379 }
2381 /* Do a sanity check; return False on failure. */
2383 {
2384 Int i;
2396 }
2399 /* Add an UNREDIRECTED translation of vge to TT/TC. The translation
2400 is temporarily in code[0 .. code_len-1].
2401 */
2403 Addr entry,
2404 Addr code,
2405 UInt code_len )
2406 {
2412 /* This is the whole point: it's not redirected! */
2415 /* How many unredir_tt slots are needed */
2418 /* Look for an empty unredir_tc slot */
2424 /* It's full; dump everything we currently have */
2427 }
2455 }
2458 Addr guest_addr )
2459 {
2460 Int i;
2467 }
2468 }
2470 }
2473 {
2474 Int i;
2480 /* Fake up a TTEntryH just so we can pass it to overlaps()
2481 without having to make a new version of overlaps() just for
2482 this rare case. */
2483 TTEntryH tmp_tteH;
2488 }
2489 }
2490 }
2491 }
2494 /*------------------------------------------------------------*/
2495 /*--- Initialisation. ---*/
2496 /*------------------------------------------------------------*/
2499 {
2505 /* Otherwise lots of things go wrong... */
2514 /* check fast cache entries really are 8 words long */
2517 /* check fast cache entries are packed back-to-back with no spaces */
2520 /* check fast cache entries have the layout that the handwritten assembly
2521 fragments assume. */
2540 /* check fast cache is aligned as we requested. Not fatal if it
2541 isn't, but we might as well make sure. */
2544 /* The TTEntryH size is critical for keeping the LLC miss rate down
2545 when doing a lot of discarding. Hence check it here. We also
2546 have a lot of TTEntryCs so let's check that too. */
2550 }
2553 # if defined(VGP_ppc32_linux) || defined(VGP_mips32_linux) \
2554 || (defined(VGP_mips64_linux) && defined(VGABI_N32)) \
2555 || defined(VGP_arm_linux)
2556 /* On PPC32, MIPS32, ARM32 platforms, alignof(ULong) == 8, so the
2557 structure is larger than on other 32 bit targets. */
2559 # else
2561 # endif
2562 }
2565 }
2567 /* All the hassle about converting between TTEntryH and
2568 VexGuestExtents was so as to ensure the following. */
2573 "TT/TC: VG_(init_tt_tc) "
2576 /* Figure out how big each tc area should be. */
2579 else
2583 /* Ensure the calculated value is not way crazy. */
2591 /* Initialise the sectors, even the ones we aren't going to use.
2592 Set all fields to zero. */
2597 /* Initialise the sector_search_order hint table, including the
2598 entries we aren't going to use. */
2602 /* Initialise the fast cache. */
2605 /* and the unredir tt/tc */
2611 "TT/TC: cache: %s--avg-transtab-entry-size=%u, "
2622 "TT/TC: table: %'d tables[%d] of C %'d + H %'d bytes each "
2633 "TT/TC: table: %d htt[%d] of %'d bytes each = %'d total HTT"
2639 }
2650 }
2651 }
2654 /*------------------------------------------------------------*/
2655 /*--- Printing out statistics. ---*/
2656 /*------------------------------------------------------------*/
2659 {
2661 }
2664 {
2666 }
2669 {
2671 }
2674 {
2683 " transtab: new %'llu "
2684 "(%'llu -> %'llu; ratio %3.1f) [%'llu scs] "
2688 n_in_sc_count,
2704 }
2706 }
2707 }
2709 /*------------------------------------------------------------*/
2710 /*--- Printing out of profiling results. ---*/
2711 /*------------------------------------------------------------*/
2714 {
2716 }
2719 {
2720 SECno sno;
2722 ULong score_total;
2723 TTEno i;
2725 /* First, compute the total weighted count, and find the top N
2726 ttes. tops contains pointers to the most-used n_tops blocks, in
2727 descending order (viz, tops[0] is the highest scorer). */
2731 }
2742 /* Find the rank for sectors[sno].tt{C,H}[i]. */
2748 r--;
2750 }
2752 r--;
2754 }
2756 }
2757 r++;
2759 /* This bb should be placed at r, and bbs above it shifted
2760 upwards one slot. */
2766 }
2767 }
2768 }
2770 /* Now zero out all the counter fields, so that we can make
2771 multiple calls here and just get the values since the last call,
2772 each time, rather than values accumulated for the whole run. */
2780 }
2781 }
2784 }
2786 /*--------------------------------------------------------------------*/
2787 /*--- end ---*/
2788 /*--------------------------------------------------------------------*/