| blob | 2d6d3bad4bc16aad00bca497a6b290980b85cc6b |
2 /*--------------------------------------------------------------------*/
3 /*--- Interface to LibVEX_Translate, and the SP-update pass ---*/
4 /*--- m_translate.c ---*/
5 /*--------------------------------------------------------------------*/
7 /*
8 This file is part of Valgrind, a dynamic binary instrumentation
9 framework.
11 Copyright (C) 2000-2015 Julian Seward
12 jseward@acm.org
14 This program is free software; you can redistribute it and/or
15 modify it under the terms of the GNU General Public License as
16 published by the Free Software Foundation; either version 2 of the
17 License, or (at your option) any later version.
19 This program is distributed in the hope that it will be useful, but
20 WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22 General Public License for more details.
24 You should have received a copy of the GNU General Public License
25 along with this program; if not, write to the Free Software
26 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
27 02111-1307, USA.
29 The GNU General Public License is contained in the file COPYING.
30 */
37 // VG_(get_SP)
38 // VG_(machine_get_VexArchInfo)
54 // VG_(run_a_noredir_translation__return_point)
65 /*------------------------------------------------------------*/
66 /*--- Stats ---*/
67 /*------------------------------------------------------------*/
79 {
91 n_SP_updates_generic_known,
96 n_SP_updates_generic_unknown,
98 }
101 "translate: PX: SPonly %'llu, UnwRegs %'llu, AllRegs %'llu, AllRegsAllInsns %'llu\n", n_PX_VexRegUpdSpAtMemAccess, n_PX_VexRegUpdUnwindregsAtMemAccess, n_PX_VexRegUpdAllregsAtMemAccess, n_PX_VexRegUpdAllregsAtEachInsn);
102 }
104 /*------------------------------------------------------------*/
105 /*--- %SP-update pass ---*/
106 /*------------------------------------------------------------*/
109 {
130 }
132 // - The SP aliases are held in an array which is used as a circular buffer.
133 // This misses very few constant updates of SP (ie. < 0.1%) while using a
134 // small, constant structure that will also never fill up and cause
135 // execution to abort.
136 // - Unused slots have a .temp value of 'IRTemp_INVALID'.
137 // - 'next_SP_alias_slot' is the index where the next alias will be stored.
138 // - If the buffer fills, we circle around and start over-writing
139 // non-IRTemp_INVALID values. This is rare, and the overwriting of a
140 // value that would have subsequently be used is even rarer.
141 // - Every slot below next_SP_alias_slot holds a non-IRTemp_INVALID value.
142 // The rest either all won't (if we haven't yet circled around) or all
143 // will (if we have circled around).
145 typedef
147 IRTemp temp;
148 Long delta;
149 }
150 SP_Alias;
152 // With 32 slots the buffer fills very rarely -- eg. once in a run of GCC.
153 // And I've tested with smaller values and the wrap-around case works ok.
154 #define N_ALIASES 32
159 {
160 Int i;
164 }
166 }
169 {
173 next_SP_alias_slot++;
175 }
178 {
181 // Search backwards between current buffer position and the start.
186 }
187 }
188 // Search backwards between the end and the current buffer position.
193 }
194 }
196 }
199 {
200 Int i;
204 }
206 }
207 }
209 /* Given a guest IP, get an origin tag for a 1-element stack trace,
210 and wrap it up in an IR atom that can be passed as the origin-tag
211 value for a stack-adjustment helper function. */
213 {
214 UInt ecu;
215 ExeContext* ec
220 /* This is always safe to do, since ecu is only 32 bits, and
221 HWord is 32 or 64. */
223 }
225 /* When gdbserver is activated, the translation of a block must
226 first be done by the tool function, then followed by a pass
227 which (if needed) instruments the code for gdbserver.
228 */
229 static
235 IRType gWordTy,
236 IRType hWordTy )
237 {
240 sb_in,
241 layout,
242 vge,
243 vai,
244 gWordTy,
245 hWordTy),
246 layout,
247 vge,
248 gWordTy,
249 hWordTy);
250 }
252 /* For tools that want to know about SP changes, this pass adds
253 in the appropriate hooks. We have to do it after the tool's
254 instrumentation, so the tool doesn't have to worry about the C calls
255 it adds in, and we must do it before register allocation because
256 spilled temps make it much harder to work out the SP deltas.
257 This it is done with Vex's "second instrumentation" pass.
259 Basically, we look for GET(SP)/PUT(SP) pairs and track constant
260 increments/decrements of SP between them. (This requires tracking one or
261 more "aliases", which are not exact aliases but instead are tempregs
262 whose value is equal to the SP's plus or minus a known constant.)
263 If all the changes to SP leading up to a PUT(SP) are by known, small
264 constants, we can do a specific call to eg. new_mem_stack_4, otherwise
265 we fall back to the case that handles an unknown SP change.
267 There is some extra complexity to deal correctly with updates to
268 only parts of SP. Bizarre, but it has been known to happen.
269 */
270 static
276 IRType gWordTy,
277 IRType hWordTy )
278 {
285 IRType typeof_SP;
288 /* Set up stuff for tracking the guest IP */
292 /* Set up BB */
306 /* --- Start of #defines --- */
308 # define IS_ADD(op) (sizeof_SP==4 ? ((op)==Iop_Add32) : ((op)==Iop_Add64))
309 # define IS_SUB(op) (sizeof_SP==4 ? ((op)==Iop_Sub32) : ((op)==Iop_Sub64))
311 # define IS_ADD_OR_SUB(op) (IS_ADD(op) || IS_SUB(op))
313 # define GET_CONST(con) \
314 (sizeof_SP==4 ? (Long)(Int)(con->Ico.U32) \
315 : (Long)(con->Ico.U64))
317 # define DO_NEW(syze, tmpp) \
318 do { \
319 Bool vanilla, w_ecu; \
320 vg_assert(curr_IP_known); \
321 vanilla = NULL != VG_(tdict).track_new_mem_stack_##syze; \
322 w_ecu = NULL != VG_(tdict).track_new_mem_stack_##syze##_w_ECU; \
324 if (!(vanilla || w_ecu)) \
325 goto generic; \
326 \
329 if (w_ecu) { \
330 dcall = unsafeIRDirty_0_N( \
333 VG_(fnptr_to_fnentry)( \
334 VG_(tdict).track_new_mem_stack_##syze##_w_ECU ), \
335 mkIRExprVec_2(IRExpr_RdTmp(tmpp), \
336 mk_ecu_Expr(curr_IP)) \
337 ); \
338 } else { \
339 dcall = unsafeIRDirty_0_N( \
342 VG_(fnptr_to_fnentry)( \
343 VG_(tdict).track_new_mem_stack_##syze ), \
344 mkIRExprVec_1(IRExpr_RdTmp(tmpp)) \
345 ); \
346 } \
347 dcall->nFxState = 1; \
348 dcall->fxState[0].fx = Ifx_Read; \
349 dcall->fxState[0].offset = layout->offset_SP; \
350 dcall->fxState[0].size = layout->sizeof_SP; \
351 dcall->fxState[0].nRepeats = 0; \
352 dcall->fxState[0].repeatLen = 0; \
353 \
354 addStmtToIRSB( bb, IRStmt_Dirty(dcall) ); \
355 \
356 vg_assert(syze > 0); \
357 update_SP_aliases(syze); \
358 \
359 n_SP_updates_fast++; \
360 \
361 } while (0)
363 # define DO_DIE(syze, tmpp) \
364 do { \
365 if (!VG_(tdict).track_die_mem_stack_##syze) \
366 goto generic; \
367 \
370 dcall = unsafeIRDirty_0_N( \
373 VG_(fnptr_to_fnentry)( \
374 VG_(tdict).track_die_mem_stack_##syze ), \
375 mkIRExprVec_1(IRExpr_RdTmp(tmpp)) \
376 ); \
377 dcall->nFxState = 1; \
378 dcall->fxState[0].fx = Ifx_Read; \
379 dcall->fxState[0].offset = layout->offset_SP; \
380 dcall->fxState[0].size = layout->sizeof_SP; \
381 dcall->fxState[0].nRepeats = 0; \
382 dcall->fxState[0].repeatLen = 0; \
383 \
384 addStmtToIRSB( bb, IRStmt_Dirty(dcall) ); \
385 \
386 vg_assert(syze > 0); \
387 update_SP_aliases(-(syze)); \
388 \
389 n_SP_updates_fast++; \
390 \
391 } while (0)
393 /* --- End of #defines --- */
404 }
406 /* t = Get(sp): curr = t, delta = 0 */
417 case2:
418 /* t' = curr +/- const: curr = t', delta +=/-= const */
432 }
436 case3:
437 /* t' = curr: curr = t' */
447 case4:
448 /* Put(sp) = curr */
449 /* More generally, we must correctly handle a Put which writes
450 any part of SP, not just the case where all of SP is
451 written. */
456 last_Put = first_Put
468 /* Why should the following assertion hold? Because any
469 alias added by put_SP_alias must be of a temporary which
470 has the same type as typeof_SP, and whose value is a Get
471 at exactly offset_SP of size typeof_SP. Each call to
472 put_SP_alias is immediately preceded by an assertion that
473 we are putting in a binding for a correctly-typed
474 temporary. */
476 /* From the same type-and-offset-correctness argument, if
477 we found a useable alias, it must for an "exact" write of SP. */
501 /* common values for ppc64: 144 128 160 112 176 */
502 n_SP_updates_generic_known++;
504 }
506 /* Deal with an unknown update to SP. We're here because
507 either:
508 (1) the Put does not exactly cover SP; it is a partial update.
509 Highly unlikely, but has been known to happen for 16-bit
510 Windows apps running on Wine, doing 16-bit adjustments to
511 %sp.
512 (2) the Put does exactly cover SP, but we are unable to
513 determine how the value relates to the old SP. In any
514 case, we cannot assume that the Put.data value is a tmp;
515 we must assume it can be anything allowed in flat IR (tmp
516 or const).
517 */
518 IRTemp old_SP;
519 n_SP_updates_generic_unknown++;
521 // Nb: if all is well, this generic case will typically be
522 // called something like every 1000th SP update. If it's more than
523 // that, the above code may be missing some cases.
524 generic:
525 /* Pass both the old and new SP values to this helper. Also,
526 pass an origin tag, even if it isn't needed. */
529 bb,
531 );
533 /* Now we know what the old value of SP is. But knowing the new
534 value is a bit tricky if there is a partial write. */
536 /* The common case, an exact write to SP. So st->Ist.Put.data
537 does hold the new value; simple. */
546 );
547 else
553 );
556 /* don't forget the original assignment */
559 /* We have a partial update to SP. We need to know what
560 the new SP will be, and hand that to the helper call,
561 but when the helper call happens, SP must hold the
562 value it had before the update. Tricky.
563 Therefore use the following kludge:
564 1. do the partial SP update (Put)
565 2. Get the new SP value into a tmp, new_SP
566 3. Put old_SP
567 4. Call the helper
568 5. Put new_SP
569 */
570 IRTemp new_SP;
571 /* 1 */
573 /* 2 */
576 bb,
578 );
579 /* 3 */
581 /* 4 */
591 );
592 else
599 );
601 /* 5 */
603 }
605 /* Forget what we already know. */
608 /* If this is a Put of a tmp that exactly updates SP,
609 start tracking aliases against this tmp. */
616 }
618 }
620 case5:
621 /* PutI or Dirty call which overlaps SP: complain. We can't
622 deal with SP changing in weird ways (well, we can, but not at
623 this time of night). */
632 }
638 /* Enumerate the described state segments */
645 }
646 }
647 }
649 /* well, not interesting. Just copy and keep going. */
656 complain:
659 #undef IS_ADD
660 #undef IS_SUB
661 #undef IS_ADD_OR_SUB
662 #undef GET_CONST
663 #undef DO_NEW
664 #undef DO_DIE
665 }
667 /*------------------------------------------------------------*/
668 /*--- Main entry point for the JITter. ---*/
669 /*------------------------------------------------------------*/
671 /* Extra comments re self-checking translations and self-modifying
672 code. (JRS 14 Oct 05).
674 There are 3 modes:
675 (1) no checking: all code assumed to be not self-modifying
676 (2) partial: known-problematic situations get a self-check
677 (3) full checking: all translations get a self-check
679 As currently implemented, the default is (2). (3) is always safe,
680 but very slow. (1) works mostly, but fails for gcc nested-function
681 code which uses trampolines on the stack; this situation is
682 detected and handled by (2).
684 ----------
686 A more robust and transparent solution, which is not currently
687 implemented, is a variant of (2): if a translation is made from an
688 area which aspacem says does not have 'w' permission, then it can
689 be non-self-checking. Otherwise, it needs a self-check.
691 This is complicated by Vex's basic-block chasing. If a self-check
692 is requested, then Vex will not chase over basic block boundaries
693 (it's too complex). However there is still a problem if it chases
694 from a non-'w' area into a 'w' area.
696 I think the right thing to do is:
698 - if a translation request starts in a 'w' area, ask for a
699 self-checking translation, and do not allow any chasing (make
700 chase_into_ok return False). Note that the latter is redundant
701 in the sense that Vex won't chase anyway in this situation.
703 - if a translation request starts in a non-'w' area, do not ask for
704 a self-checking translation. However, do not allow chasing (as
705 determined by chase_into_ok) to go into a 'w' area.
707 The result of this is that all code inside 'w' areas is self
708 checking.
710 To complete the trick, there is a caveat: we must watch the
711 client's mprotect calls. If pages are changed from non-'w' to 'w'
712 then we should throw away all translations which intersect the
713 affected area, so as to force them to be redone with self-checks.
715 ----------
717 The above outlines the conditions under which bb chasing is allowed
718 from a self-modifying-code point of view. There are other
719 situations pertaining to function redirection in which it is
720 necessary to disallow chasing, but those fall outside the scope of
721 this comment.
722 */
725 /* Vex dumps the final code in here. Then we can copy it off
726 wherever we like. */
727 /* 60000: should agree with assertion in VG_(add_to_transtab) in
728 m_transtab.c. */
729 #define N_TMPBUF 60000
733 /* Function pointers we must supply to LibVEX in order that it
734 can bomb out and emit messages under Valgrind's control. */
736 static
738 {
741 }
743 static
745 {
752 }
755 /* --------- Various helper functions for translation --------- */
757 /* Look for reasons to disallow making translations from the given
758 segment/addr. */
761 {
762 # if defined(VGA_x86) || defined(VGA_s390x) || defined(VGA_mips32) \
763 || defined(VGA_mips64) || defined(VGA_tilegx)
765 # else
767 # endif
773 /* If GDB/gdbsrv has inserted a breakpoint at addr, assume this is a valid
774 location to translate if seg is not executable but is readable.
775 This is needed for inferior function calls from GDB: GDB inserts a
776 breakpoint on the stack, and expects to regain control before the
777 breakpoint instruction at the breakpoint address is really
778 executed. For this, the breakpoint instruction must be translated
779 so as to have the call to gdbserver executed. */
780 }
783 /* Produce a bitmask stating which of the supplied extents needs a
784 self-check. See documentation of
785 VexTranslateArgs::needs_self_check for more details about the
786 return convention. */
791 {
798 /* Will we need to do a second pass in order to compute a
799 revised *pxControl value? */
800 Bool pxStatusMightChange
803 /* "and they set it to something other than the default. */
806 /* First, compute |bitset|, which specifies which extent(s) need a
807 self check. Whilst we're at it, note any NSegments that we get,
808 so as to reduce the number of calls required to
809 VG_(am_find_nsegment) in a possible second pass. */
818 # if defined(VGO_darwin)
819 // GrP fixme hack - dyld i386 IMPORT gets rewritten.
820 // To really do this correctly, we'd need to flush the
821 // translation cache whenever a segment became +WX.
825 # endif
830 /* never check (except as per Darwin hack above) */
833 /* always check */
837 /* check if the address is in the same segment as this
838 thread's stack pointer */
842 }
847 }
849 /* check if any part of the extent is not in a
850 file-mapped segment */
853 }
856 /* in a file-mapped segment; skip the check */
859 }
861 }
864 }
865 }
873 }
874 }
876 /* Now, possibly do a second pass, to see if the PX status might
877 change. This can happen if the user specified value via
878 --px-file-backed= which is different from the default PX value
879 specified via --vex-iropt-register-updates (also known by the
880 shorter alias --px-default). */
889 /* If we don't have a cached value for |segA|, compute it now. */
891 }
895 /* in a file-mapped segment */
897 /* not in a file-mapped segment, or we can't figure out
898 where it is */
901 }
902 }
904 /* So, finally, if all the extents are in file backed segments, perform
905 the user-specified PX change. */
908 }
910 }
912 /* Update running PX stats, as it is difficult without these to
913 check that the system is behaving as expected. */
925 }
928 }
931 /* This is a callback passed to LibVEX_Translate. It stops Vex from
932 chasing into function entry points that we wish to redirect.
933 Chasing across them obviously defeats the redirect mechanism, with
934 bad effects for Memcheck, Helgrind, DRD, Massif, and possibly others.
935 */
937 {
940 /* Work through a list of possibilities why we might not want to
941 allow a chase. */
943 /* Destination not in a plausible segment? */
947 /* Destination is redirected? */
951 # if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
952 /* This needs to be at the start of its own block. Don't chase. */
955 # endif
957 /* overly conservative, but .. don't chase into the distinguished
958 address that m_transtab uses as an empty-slot marker for
959 VG_(tt_fast). */
963 # if defined(VGA_s390x)
964 /* Never chase into an EX instruction. Generating IR for EX causes
965 a round-trip through the scheduler including VG_(discard_translations).
966 And that's expensive as shown by perf/tinycc.c:
967 Chasing into EX increases the number of EX translations from 21 to
968 102666 causing a 7x runtime increase for "none" and a 3.2x runtime
969 increase for memcheck. */
973 # endif
975 /* well, ok then. go on and chase. */
979 /*NOTREACHED*/
981 dontchase:
984 }
987 /* --------------- helpers for with-TOC platforms --------------- */
989 /* NOTE: with-TOC platforms are: ppc64-linux. */
993 }
996 }
998 #if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
1001 }
1008 }
1009 }
1011 /* Generate code to push word-typed expression 'e' onto this thread's
1012 redir stack, checking for stack overflow and generating code to
1013 bomb out if so. */
1016 {
1018 IRTemp t1;
1021 # if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
1035 # else
1049 # endif
1061 /* t1 = guest_REDIR_SP + 1 */
1063 bb,
1065 t1,
1067 )
1068 );
1070 /* Bomb out if t1 >=s stack_size, that is, (stack_size-1)-t1 <s 0.
1071 The destination (0) is a bit bogus but it doesn't matter since
1072 this is an unrecoverable error and will lead to Valgrind
1073 shutting down. _EMNOTE is set regardless - that's harmless
1074 since is only has a meaning if the exit is taken. */
1076 bb,
1078 );
1080 bb,
1083 op_CmpNE,
1085 op_Sar,
1088 ),
1090 ),
1091 Ijk_EmFail,
1093 offB_CIA
1094 )
1095 );
1097 /* guest_REDIR_SP = t1 */
1100 /* guest_REDIR_STACK[t1+0] = e */
1101 /* PutI/GetI have I32-typed indexes regardless of guest word size */
1103 bb,
1106 }
1109 /* Generate code to pop a word-sized value from this thread's redir
1110 stack, binding it to a new temporary, which is returned. As with
1111 gen_PUSH, an overflow check is also performed. */
1114 {
1115 # if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
1127 # else
1139 # endif
1150 /* t1 = guest_REDIR_SP */
1152 bb,
1154 );
1156 /* Bomb out if t1 < 0. Same comments as gen_PUSH apply. */
1158 bb,
1160 );
1162 bb,
1165 op_CmpNE,
1167 op_Sar,
1170 ),
1172 ),
1173 Ijk_EmFail,
1175 offB_CIA
1176 )
1177 );
1179 /* res = guest_REDIR_STACK[t1+0] */
1180 /* PutI/GetI have I32-typed indexes regardless of guest word size */
1182 bb,
1184 res,
1186 )
1187 );
1189 /* guest_REDIR_SP = t1-1 */
1191 bb,
1193 );
1196 }
1198 #endif
1200 #if defined(VG_PLAT_USES_PPCTOC)
1202 /* Generate code to push LR and R2 onto this thread's redir stack,
1203 then set R2 to the new value (which is the TOC pointer to be used
1204 for the duration of the replacement function, as determined by
1205 m_debuginfo), and set LR to the magic return stub, so we get to
1206 intercept the return and restore R2 and L2 to the values saved
1207 here. */
1210 {
1211 # if defined(VGP_ppc64be_linux)
1220 # else
1221 # error Platform is not TOC-afflicted, fortunately
1222 # endif
1223 }
1224 #endif
1226 #if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
1229 {
1230 # if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
1236 /* Restore R2 */
1239 /* Restore LR */
1242 /* Branch to LR */
1243 /* re boring, we arrived here precisely because a wrapped fn did a
1244 blr (hence Ijk_Ret); so we should just mark this jump as Boring,
1245 else one _Call will have resulted in two _Rets. */
1249 # else
1250 # error Platform is not TOC-afflicted, fortunately
1251 # endif
1252 }
1253 #endif
1255 #if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
1257 static
1259 {
1261 /* Since we're creating the entire IRSB right here, give it a
1262 proper IMark, as it won't get one any other way, and cachegrind
1263 will barf if it doesn't have one (fair enough really). */
1265 /* Generate the magic sequence:
1266 pop R2 from hidden stack
1267 pop LR from hidden stack
1268 goto LR
1269 */
1272 real insns into it - just hand it directly to
1273 optimiser/instrumenter/backend. */
1274 }
1275 #endif
1277 #if defined(VGP_ppc64le_linux)
1278 /* Generate code to push LR and R2 onto this thread's redir stack.
1279 Need to save R2 in case we redirect to a global entry point. The
1280 value of R2 is not preserved when entering the global entry point.
1281 Need to make sure R2 gets restored on return. Set LR to the magic
1282 return stub, so we get to intercept the return and restore R2 and
1283 L2 to the values saved here.
1285 The existing infrastruture for the TOC enabled architectures is
1286 being exploited here. So, we need to enable a number of the
1287 code sections used by VG_PLAT_USES_PPCTOC.
1288 */
1291 {
1298 }
1299 # endif
1301 /* --------------- END helpers for with-TOC platforms --------------- */
1304 /* This is the IR preamble generator used for replacement
1305 functions. It adds code to set the guest_NRADDR{_GPR2} to zero
1306 (technically not necessary, but facilitates detecting mixups in
1307 which a replacement function has been erroneously declared using
1308 VG_REPLACE_FUNCTION_Z{U,Z} when instead it should have been written
1309 using VG_WRAP_FUNCTION_Z{U,Z}).
1311 On with-TOC platforms the follow hacks are also done: LR and R2 are
1312 pushed onto a hidden stack, R2 is set to the correct value for the
1313 replacement function, and LR is set to point at the magic
1314 return-stub address. Setting LR causes the return of the
1315 wrapped/redirected function to lead to our magic return stub, which
1316 restores LR and R2 from said stack and returns for real.
1318 VG_(get_StackTrace_wrk) understands that the LR value may point to
1319 the return stub address, and that in that case it can get the real
1320 LR value from the hidden stack instead. */
1321 static
1323 {
1324 Int nraddr_szB
1329 bb,
1333 )
1334 );
1335 // t9 needs to be set to point to the start of the redirected function.
1336 # if defined(VGP_mips32_linux)
1340 # endif
1341 # if defined(VGP_mips64_linux)
1345 # endif
1346 # if defined(VG_PLAT_USES_PPCTOC)
1349 bb,
1353 )
1354 );
1356 }
1357 # endif
1359 #if defined(VGP_ppc64le_linux)
1367 )
1368 );
1370 #endif
1372 }
1374 /* Ditto, except set guest_NRADDR to nraddr (the un-redirected guest
1375 address). This is needed for function wrapping - so the wrapper
1376 can read _NRADDR and find the address of the function being
1377 wrapped. On toc-afflicted platforms we must also snarf r2. */
1378 static
1380 {
1382 Int nraddr_szB
1387 bb,
1393 )
1394 );
1395 // t9 needs to be set to point to the start of the redirected function.
1396 # if defined(VGP_mips32_linux)
1399 # endif
1400 # if defined(VGP_mips64_linux)
1403 # endif
1404 # if defined(VG_PLAT_USES_PPCTOC)
1406 bb,
1411 )
1412 );
1414 # endif
1415 #if defined(VGP_ppc64le_linux)
1416 /* This saves the r2 before leaving the function. We need to move
1417 * guest_NRADDR_GPR2 back to R2 on return.
1418 */
1421 bb,
1426 )
1427 );
1430 #endif
1432 }
1434 /* --- Helpers to do with PPC related stack redzones. --- */
1438 {
1440 }
1442 /* --------------- main translation function --------------- */
1444 /* Note: see comments at top of m_redir.c for the Big Picture on how
1445 redirections are managed. */
1447 typedef
1449 /* normal translation, redir neither requested nor inhibited */
1450 T_Normal,
1451 /* redir translation, function-wrap (set _NRADDR) style */
1452 T_Redir_Wrap,
1453 /* redir translation, replacement (don't set _NRADDR) style */
1454 T_Redir_Replace,
1455 /* a translation in which redir is specifically disallowed */
1456 T_NoRedir
1457 }
1458 T_Kind;
1460 /* Translate the basic block beginning at NRADDR, and add it to the
1461 translation cache & translation table. Unless
1462 DEBUGGING_TRANSLATION is true, in which case the call is being done
1463 for debugging purposes, so (a) throw away the translation once it
1464 is made, and (b) produce a load of debugging output. If
1465 ALLOW_REDIRECTION is False, do not attempt redirection of NRADDR,
1466 and also, put the resulting translation into the no-redirect tt/tc
1467 instead of the normal one.
1469 TID is the identity of the thread requesting this translation.
1470 */
1473 Addr nraddr,
1474 Bool debugging_translation,
1475 Int debugging_verbosity,
1476 ULong bbs_done,
1477 Bool allow_redirection )
1478 {
1479 Addr addr;
1480 T_Kind kind;
1483 VexArch vex_arch;
1484 VexArchInfo vex_archinfo;
1485 VexAbiInfo vex_abiinfo;
1486 VexGuestExtents vge;
1487 VexTranslateArgs vta;
1488 VexTranslateResult tres;
1489 VgCallbackClosure closure;
1491 /* Make sure Vex is initialised right. */
1500 }
1502 /* Establish the translation kind and actual guest address to
1503 start from. Sets (addr,kind). */
1505 Bool isWrap;
1508 /* no redirection found */
1512 /* found a redirect */
1515 }
1519 }
1521 /* Established: (nraddr, addr, kind) */
1523 /* Printing redirection info. */
1527 Bool ok;
1531 /* Try also to get the soname (not the filename) of the "from"
1532 object. This makes it much easier to debug redirection
1533 problems. */
1540 }
1544 // Stash away name1
1554 }
1560 /* If doing any code printing, print a basic block start marker */
1568 }
1579 );
1580 }
1582 /* Are we allowed to translate here? */
1592 /* U R busted, sonny. Place your hands on your head and step
1593 away from the orig_addr. */
1594 /* Code address is bad - deliver a signal instead */
1596 /* There's some kind of segment at the requested place, but we
1597 aren't allowed to execute code here. */
1601 else
1604 /* There is no segment at all; we are attempting to execute in
1605 the middle of nowhere. */
1609 else
1611 }
1613 }
1615 /* True if a debug trans., or if bit N set in VG_(clo_trace_codegen). */
1619 }
1620 else
1625 }
1627 /* Figure out which preamble-mangling callback to send. */
1631 else
1635 /* LE we setup the LR */
1636 # if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
1638 /* If entering the special return stub, this means a wrapped or
1639 redirected function is returning. Make this translation one
1640 which restores R2 and LR from the thread's hidden redir
1641 stack, and branch to the (restored) link register, thereby
1642 really causing the function to return. */
1646 }
1647 # endif
1649 /* ------ Actually do the translation. ------ */
1653 /* Get the CPU info established at startup. */
1656 /* Set up 'abiinfo' structure with stuff Vex needs to know about
1657 the guest and host ABIs. */
1662 # if defined(VGP_amd64_linux)
1665 # endif
1666 # if defined(VGP_amd64_darwin)
1668 # endif
1669 # if defined(VGP_ppc32_linux)
1672 # endif
1673 # if defined(VGP_ppc64be_linux)
1677 # endif
1678 # if defined(VGP_ppc64le_linux)
1682 # endif
1683 # if defined(VGP_amd64_solaris)
1685 # endif
1686 # if defined(VGP_mips32_linux) || defined(VGP_mips64_linux)
1690 # endif
1692 /* Set up closure args. */
1697 /* Set up args for LibVEX_Translate. */
1712 instrumentation callback - which takes a void* first argument
1713 - with Valgrind's view, in which the first arg is a
1714 VgCallbackClosure*. Hence the following longwinded casts.
1715 They are entirely legal but longwinded so as to maximise the
1716 chance of the C typechecker picking up any type snafus. */
1721 ? tool_instrument_then_gdbserver_if_needed
1727 }
1728 /* No need for type kludgery here. */
1730 ? vg_SP_update_pass
1741 /* Set up the dispatch continuation-point info. If this is a
1742 no-redir translation then it cannot be chained, and the chain-me
1743 points are set to NULL to indicate that. The indir point must
1744 also be NULL, since we can't allow this translation to do an
1745 indir transfer -- that would take it back into the main
1746 translation cache too.
1748 All this is because no-redir translations live outside the main
1749 translation cache (in a secondary one) and chaining them would
1750 involve more adminstrative complexity that isn't worth the
1751 hassle, because we don't expect them to get used often. So
1752 don't bother. */
1754 vta.disp_cp_chain_me_to_slowEP
1756 vta.disp_cp_chain_me_to_fastEP
1758 vta.disp_cp_xindir
1764 }
1765 /* This doesn't involve chaining and so is always allowable. */
1766 vta.disp_cp_xassisted
1769 /* Sheesh. Finally, actually _do_ the translation! */
1778 /* Tell aspacem of all segments that have had translations taken
1779 from them. */
1782 }
1784 /* Copy data at trans_addr into the translation cache. */
1787 // If debugging, don't do anything with the translated block; we
1788 // only did this for the debugging output produced along the way.
1792 // Put it into the normal TT/TC structures. This is the
1793 // normal case.
1795 // Note that we use nraddr (the non-redirected address), not
1796 // addr, which might have been changed by the redirection
1798 nraddr,
1800 tmpbuf_used,
1807 nraddr,
1809 tmpbuf_used );
1810 }
1811 }
1814 }
1816 /*--------------------------------------------------------------------*/
1817 /*--- end ---*/
1818 /*--------------------------------------------------------------------*/