2 /*--------------------------------------------------------------------*/
3 /*--- Interface to LibVEX_Translate, and the SP-update pass ---*/
4 /*--- m_translate.c ---*/
5 /*--------------------------------------------------------------------*/
8 This file is part of Valgrind, a dynamic binary instrumentation
11 Copyright (C) 2000-2012 Julian Seward
14 This program is free software; you can redistribute it and/or
15 modify it under the terms of the GNU General Public License as
16 published by the Free Software Foundation; either version 2 of the
17 License, or (at your option) any later version.
19 This program is distributed in the hope that it will be useful, but
20 WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22 General Public License for more details.
24 You should have received a copy of the GNU General Public License
25 along with this program; if not, write to the Free Software
26 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
29 The GNU General Public License is contained in the file COPYING.
32 #include "pub_core_basics.h"
33 #include "pub_core_vki.h"
34 #include "pub_core_aspacemgr.h"
36 #include "pub_core_machine.h" // VG_(fnptr_to_fnentry)
38 // VG_(machine_get_VexArchInfo)
39 #include "pub_core_libcbase.h"
40 #include "pub_core_libcassert.h"
41 #include "pub_core_libcprint.h"
42 #include "pub_core_options.h"
44 #include "pub_core_debuginfo.h" // VG_(get_fnname_w_offset)
45 #include "pub_core_redir.h" // VG_(redir_do_lookup)
47 #include "pub_core_signals.h" // VG_(synth_fault_{perms,mapping}
48 #include "pub_core_stacks.h" // VG_(unknown_SP_update)()
49 #include "pub_core_tooliface.h" // VG_(tdict)
51 #include "pub_core_translate.h"
52 #include "pub_core_transtab.h"
53 #include "pub_core_dispatch.h" // VG_(run_innerloop__dispatch_{un}profiled)
54 // VG_(run_a_noredir_translation__return_point)
56 #include "pub_core_libcsetjmp.h" // to keep _threadstate.h happy
57 #include "pub_core_threadstate.h" // VexGuestArchState
58 #include "pub_core_trampoline.h" // VG_(ppctoc_magic_redirect_return_stub)
60 #include "pub_core_execontext.h" // VG_(make_depth_1_ExeContext_from_Addr)
62 #include "pub_core_gdbserver.h" // VG_(tool_instrument_then_gdbserver_if_needed)
64 #include "libvex_emnote.h" // For PPC, EmWarn_PPC64_redir_underflow
66 /*------------------------------------------------------------*/
68 /*------------------------------------------------------------*/
70 static UInt n_SP_updates_fast = 0;
71 static UInt n_SP_updates_generic_known = 0;
72 static UInt n_SP_updates_generic_unknown = 0;
74 void VG_(print_translation_stats) ( void )
77 UInt n_SP_updates = n_SP_updates_fast + n_SP_updates_generic_known
78 + n_SP_updates_generic_unknown;
79 VG_(percentify)(n_SP_updates_fast, n_SP_updates, 1, 6, buf);
80 VG_(message)(Vg_DebugMsg,
81 "translate: fast SP updates identified: %'u (%s)\n",
82 n_SP_updates_fast, buf );
84 VG_(percentify)(n_SP_updates_generic_known, n_SP_updates, 1, 6, buf);
85 VG_(message)(Vg_DebugMsg,
86 "translate: generic_known SP updates identified: %'u (%s)\n",
87 n_SP_updates_generic_known, buf );
89 VG_(percentify)(n_SP_updates_generic_unknown, n_SP_updates, 1, 6, buf);
90 VG_(message)(Vg_DebugMsg,
91 "translate: generic_unknown SP updates identified: %'u (%s)\n",
92 n_SP_updates_generic_unknown, buf );
95 /*------------------------------------------------------------*/
96 /*--- %SP-update pass ---*/
97 /*------------------------------------------------------------*/
99 static Bool need_to_handle_SP_assignment(void)
101 return ( VG_(tdict).track_new_mem_stack_4 ||
102 VG_(tdict).track_die_mem_stack_4 ||
103 VG_(tdict).track_new_mem_stack_8 ||
104 VG_(tdict).track_die_mem_stack_8 ||
105 VG_(tdict).track_new_mem_stack_12 ||
106 VG_(tdict).track_die_mem_stack_12 ||
107 VG_(tdict).track_new_mem_stack_16 ||
108 VG_(tdict).track_die_mem_stack_16 ||
109 VG_(tdict).track_new_mem_stack_32 ||
110 VG_(tdict).track_die_mem_stack_32 ||
111 VG_(tdict).track_new_mem_stack_112 ||
112 VG_(tdict).track_die_mem_stack_112 ||
113 VG_(tdict).track_new_mem_stack_128 ||
114 VG_(tdict).track_die_mem_stack_128 ||
115 VG_(tdict).track_new_mem_stack_144 ||
116 VG_(tdict).track_die_mem_stack_144 ||
117 VG_(tdict).track_new_mem_stack_160 ||
118 VG_(tdict).track_die_mem_stack_160 ||
119 VG_(tdict).track_new_mem_stack ||
120 VG_(tdict).track_die_mem_stack );
123 // - The SP aliases are held in an array which is used as a circular buffer.
124 // This misses very few constant updates of SP (ie. < 0.1%) while using a
125 // small, constant structure that will also never fill up and cause
126 // execution to abort.
127 // - Unused slots have a .temp value of 'IRTemp_INVALID'.
128 // - 'next_SP_alias_slot' is the index where the next alias will be stored.
129 // - If the buffer fills, we circle around and start over-writing
130 // non-IRTemp_INVALID values. This is rare, and the overwriting of a
131 // value that would have subsequently be used is even rarer.
132 // - Every slot below next_SP_alias_slot holds a non-IRTemp_INVALID value.
133 // The rest either all won't (if we haven't yet circled around) or all
134 // will (if we have circled around).
143 // With 32 slots the buffer fills very rarely -- eg. once in a run of GCC.
144 // And I've tested with smaller values and the wrap-around case works ok.
146 static SP_Alias SP_aliases[N_ALIASES];
147 static Int next_SP_alias_slot = 0;
149 static void clear_SP_aliases(void)
152 for (i = 0; i < N_ALIASES; i++) {
153 SP_aliases[i].temp = IRTemp_INVALID;
154 SP_aliases[i].delta = 0;
156 next_SP_alias_slot = 0;
159 static void add_SP_alias(IRTemp temp, Long delta)
161 vg_assert(temp != IRTemp_INVALID);
162 SP_aliases[ next_SP_alias_slot ].temp = temp;
163 SP_aliases[ next_SP_alias_slot ].delta = delta;
164 next_SP_alias_slot++;
165 if (N_ALIASES == next_SP_alias_slot) next_SP_alias_slot = 0;
168 static Bool get_SP_delta(IRTemp temp, ULong* delta)
170 Int i; // i must be signed!
171 vg_assert(IRTemp_INVALID != temp);
172 // Search backwards between current buffer position and the start.
173 for (i = next_SP_alias_slot-1; i >= 0; i--) {
174 if (temp == SP_aliases[i].temp) {
175 *delta = SP_aliases[i].delta;
179 // Search backwards between the end and the current buffer position.
180 for (i = N_ALIASES-1; i >= next_SP_alias_slot; i--) {
181 if (temp == SP_aliases[i].temp) {
182 *delta = SP_aliases[i].delta;
189 static void update_SP_aliases(Long delta)
192 for (i = 0; i < N_ALIASES; i++) {
193 if (SP_aliases[i].temp == IRTemp_INVALID) {
196 SP_aliases[i].delta += delta;
200 /* Given a guest IP, get an origin tag for a 1-element stack trace,
201 and wrap it up in an IR atom that can be passed as the origin-tag
202 value for a stack-adjustment helper function. */
203 static IRExpr* mk_ecu_Expr ( Addr64 guest_IP )
207 = VG_(make_depth_1_ExeContext_from_Addr)( (Addr)guest_IP );
209 ecu = VG_(get_ECU_from_ExeContext)( ec );
210 vg_assert(VG_(is_plausible_ECU)(ecu));
211 /* This is always safe to do, since ecu is only 32 bits, and
212 HWord is 32 or 64. */
213 return mkIRExpr_HWord( (HWord)ecu );
216 /* When gdbserver is activated, the translation of a block must
217 first be done by the tool function, then followed by a pass
218 which (if needed) instruments the code for gdbserver.
221 IRSB* tool_instrument_then_gdbserver_if_needed ( VgCallbackClosure* closureV,
223 VexGuestLayout* layout,
224 VexGuestExtents* vge,
229 return VG_(instrument_for_gdbserver_if_needed)
230 (VG_(tdict).tool_instrument (closureV,
243 /* For tools that want to know about SP changes, this pass adds
244 in the appropriate hooks. We have to do it after the tool's
245 instrumentation, so the tool doesn't have to worry about the C calls
246 it adds in, and we must do it before register allocation because
247 spilled temps make it much harder to work out the SP deltas.
248 This it is done with Vex's "second instrumentation" pass.
250 Basically, we look for GET(SP)/PUT(SP) pairs and track constant
251 increments/decrements of SP between them. (This requires tracking one or
252 more "aliases", which are not exact aliases but instead are tempregs
253 whose value is equal to the SP's plus or minus a known constant.)
254 If all the changes to SP leading up to a PUT(SP) are by known, small
255 constants, we can do a specific call to eg. new_mem_stack_4, otherwise
256 we fall back to the case that handles an unknown SP change.
258 There is some extra complexity to deal correctly with updates to
259 only parts of SP. Bizarre, but it has been known to happen.
262 IRSB* vg_SP_update_pass ( void* closureV,
264 VexGuestLayout* layout,
265 VexGuestExtents* vge,
270 Int i, j, k, minoff_ST, maxoff_ST, sizeof_SP, offset_SP;
271 Int first_SP, last_SP, first_Put, last_Put;
279 /* Set up stuff for tracking the guest IP */
280 Bool curr_IP_known = False;
284 IRSB* bb = emptyIRSB();
285 bb->tyenv = deepCopyIRTypeEnv(sb_in->tyenv);
286 bb->next = deepCopyIRExpr(sb_in->next);
287 bb->jumpkind = sb_in->jumpkind;
288 bb->offsIP = sb_in->offsIP;
292 sizeof_SP = layout->sizeof_SP;
293 offset_SP = layout->offset_SP;
294 typeof_SP = sizeof_SP==4 ? Ity_I32 : Ity_I64;
295 vg_assert(sizeof_SP == 4 || sizeof_SP == 8);
297 /* --- Start of #defines --- */
299 # define IS_ADD(op) (sizeof_SP==4 ? ((op)==Iop_Add32) : ((op)==Iop_Add64))
300 # define IS_SUB(op) (sizeof_SP==4 ? ((op)==Iop_Sub32) : ((op)==Iop_Sub64))
302 # define IS_ADD_OR_SUB(op) (IS_ADD(op) || IS_SUB(op))
304 # define GET_CONST(con) \
305 (sizeof_SP==4 ? (Long)(Int)(con->Ico.U32) \
306 : (Long)(con->Ico.U64))
308 # define DO_NEW(syze, tmpp) \
310 Bool vanilla, w_ecu; \
311 vg_assert(curr_IP_known); \
312 vanilla = NULL != VG_(tdict).track_new_mem_stack_##syze; \
313 w_ecu = NULL != VG_(tdict).track_new_mem_stack_##syze##_w_ECU; \
314 vg_assert(!(vanilla && w_ecu)); /* can't have both */ \
315 if (!(vanilla || w_ecu)) \
318 /* I don't know if it's really necessary to say that the */ \
319 /* call reads the stack pointer. But anyway, we do. */ \
321 dcall = unsafeIRDirty_0_N( \
323 "track_new_mem_stack_" #syze "_w_ECU", \
324 VG_(fnptr_to_fnentry)( \
325 VG_(tdict).track_new_mem_stack_##syze##_w_ECU ), \
326 mkIRExprVec_2(IRExpr_RdTmp(tmpp), \
327 mk_ecu_Expr(curr_IP)) \
330 dcall = unsafeIRDirty_0_N( \
332 "track_new_mem_stack_" #syze , \
333 VG_(fnptr_to_fnentry)( \
334 VG_(tdict).track_new_mem_stack_##syze ), \
335 mkIRExprVec_1(IRExpr_RdTmp(tmpp)) \
338 dcall->nFxState = 1; \
339 dcall->fxState[0].fx = Ifx_Read; \
340 dcall->fxState[0].offset = layout->offset_SP; \
341 dcall->fxState[0].size = layout->sizeof_SP; \
342 dcall->fxState[0].nRepeats = 0; \
343 dcall->fxState[0].repeatLen = 0; \
345 addStmtToIRSB( bb, IRStmt_Dirty(dcall) ); \
347 tl_assert(syze > 0); \
348 update_SP_aliases(syze); \
350 n_SP_updates_fast++; \
354 # define DO_DIE(syze, tmpp) \
356 if (!VG_(tdict).track_die_mem_stack_##syze) \
359 /* I don't know if it's really necessary to say that the */ \
360 /* call reads the stack pointer. But anyway, we do. */ \
361 dcall = unsafeIRDirty_0_N( \
363 "track_die_mem_stack_" #syze, \
364 VG_(fnptr_to_fnentry)( \
365 VG_(tdict).track_die_mem_stack_##syze ), \
366 mkIRExprVec_1(IRExpr_RdTmp(tmpp)) \
368 dcall->nFxState = 1; \
369 dcall->fxState[0].fx = Ifx_Read; \
370 dcall->fxState[0].offset = layout->offset_SP; \
371 dcall->fxState[0].size = layout->sizeof_SP; \
372 dcall->fxState[0].nRepeats = 0; \
373 dcall->fxState[0].repeatLen = 0; \
375 addStmtToIRSB( bb, IRStmt_Dirty(dcall) ); \
377 tl_assert(syze > 0); \
378 update_SP_aliases(-(syze)); \
380 n_SP_updates_fast++; \
384 /* --- End of #defines --- */
388 for (i = 0; i < sb_in->stmts_used; i++) {
390 st = sb_in->stmts[i];
392 if (st->tag == Ist_IMark) {
393 curr_IP_known = True;
394 curr_IP = st->Ist.IMark.addr;
397 /* t = Get(sp): curr = t, delta = 0 */
398 if (st->tag != Ist_WrTmp) goto case2;
399 e = st->Ist.WrTmp.data;
400 if (e->tag != Iex_Get) goto case2;
401 if (e->Iex.Get.offset != offset_SP) goto case2;
402 if (e->Iex.Get.ty != typeof_SP) goto case2;
403 vg_assert( typeOfIRTemp(bb->tyenv, st->Ist.WrTmp.tmp) == typeof_SP );
404 add_SP_alias(st->Ist.WrTmp.tmp, 0);
405 addStmtToIRSB( bb, st );
409 /* t' = curr +/- const: curr = t', delta +=/-= const */
410 if (st->tag != Ist_WrTmp) goto case3;
411 e = st->Ist.WrTmp.data;
412 if (e->tag != Iex_Binop) goto case3;
413 if (e->Iex.Binop.arg1->tag != Iex_RdTmp) goto case3;
414 if (!get_SP_delta(e->Iex.Binop.arg1->Iex.RdTmp.tmp, &delta)) goto case3;
415 if (e->Iex.Binop.arg2->tag != Iex_Const) goto case3;
416 if (!IS_ADD_OR_SUB(e->Iex.Binop.op)) goto case3;
417 con = GET_CONST(e->Iex.Binop.arg2->Iex.Const.con);
418 vg_assert( typeOfIRTemp(bb->tyenv, st->Ist.WrTmp.tmp) == typeof_SP );
419 if (IS_ADD(e->Iex.Binop.op)) {
420 add_SP_alias(st->Ist.WrTmp.tmp, delta + con);
422 add_SP_alias(st->Ist.WrTmp.tmp, delta - con);
424 addStmtToIRSB( bb, st );
428 /* t' = curr: curr = t' */
429 if (st->tag != Ist_WrTmp) goto case4;
430 e = st->Ist.WrTmp.data;
431 if (e->tag != Iex_RdTmp) goto case4;
432 if (!get_SP_delta(e->Iex.RdTmp.tmp, &delta)) goto case4;
433 vg_assert( typeOfIRTemp(bb->tyenv, st->Ist.WrTmp.tmp) == typeof_SP );
434 add_SP_alias(st->Ist.WrTmp.tmp, delta);
435 addStmtToIRSB( bb, st );
440 /* More generally, we must correctly handle a Put which writes
441 any part of SP, not just the case where all of SP is
443 if (st->tag != Ist_Put) goto case5;
444 first_SP = offset_SP;
445 last_SP = first_SP + sizeof_SP - 1;
446 first_Put = st->Ist.Put.offset;
448 + sizeofIRType( typeOfIRExpr( bb->tyenv, st->Ist.Put.data ))
450 vg_assert(first_SP <= last_SP);
451 vg_assert(first_Put <= last_Put);
453 if (last_Put < first_SP || last_SP < first_Put)
454 goto case5; /* no overlap */
456 if (st->Ist.Put.data->tag == Iex_RdTmp
457 && get_SP_delta(st->Ist.Put.data->Iex.RdTmp.tmp, &delta)) {
458 IRTemp tttmp = st->Ist.Put.data->Iex.RdTmp.tmp;
459 /* Why should the following assertion hold? Because any
460 alias added by put_SP_alias must be of a temporary which
461 has the same type as typeof_SP, and whose value is a Get
462 at exactly offset_SP of size typeof_SP. Each call to
463 put_SP_alias is immediately preceded by an assertion that
464 we are putting in a binding for a correctly-typed
466 vg_assert( typeOfIRTemp(bb->tyenv, tttmp) == typeof_SP );
467 /* From the same type-and-offset-correctness argument, if
468 we found a useable alias, it must for an "exact" write of SP. */
469 vg_assert(first_SP == first_Put);
470 vg_assert(last_SP == last_Put);
472 case 0: addStmtToIRSB(bb,st); continue;
473 case 4: DO_DIE( 4, tttmp); addStmtToIRSB(bb,st); continue;
474 case -4: DO_NEW( 4, tttmp); addStmtToIRSB(bb,st); continue;
475 case 8: DO_DIE( 8, tttmp); addStmtToIRSB(bb,st); continue;
476 case -8: DO_NEW( 8, tttmp); addStmtToIRSB(bb,st); continue;
477 case 12: DO_DIE( 12, tttmp); addStmtToIRSB(bb,st); continue;
478 case -12: DO_NEW( 12, tttmp); addStmtToIRSB(bb,st); continue;
479 case 16: DO_DIE( 16, tttmp); addStmtToIRSB(bb,st); continue;
480 case -16: DO_NEW( 16, tttmp); addStmtToIRSB(bb,st); continue;
481 case 32: DO_DIE( 32, tttmp); addStmtToIRSB(bb,st); continue;
482 case -32: DO_NEW( 32, tttmp); addStmtToIRSB(bb,st); continue;
483 case 112: DO_DIE( 112, tttmp); addStmtToIRSB(bb,st); continue;
484 case -112: DO_NEW( 112, tttmp); addStmtToIRSB(bb,st); continue;
485 case 128: DO_DIE( 128, tttmp); addStmtToIRSB(bb,st); continue;
486 case -128: DO_NEW( 128, tttmp); addStmtToIRSB(bb,st); continue;
487 case 144: DO_DIE( 144, tttmp); addStmtToIRSB(bb,st); continue;
488 case -144: DO_NEW( 144, tttmp); addStmtToIRSB(bb,st); continue;
489 case 160: DO_DIE( 160, tttmp); addStmtToIRSB(bb,st); continue;
490 case -160: DO_NEW( 160, tttmp); addStmtToIRSB(bb,st); continue;
492 /* common values for ppc64: 144 128 160 112 176 */
493 n_SP_updates_generic_known++;
497 /* Deal with an unknown update to SP. We're here because
499 (1) the Put does not exactly cover SP; it is a partial update.
500 Highly unlikely, but has been known to happen for 16-bit
501 Windows apps running on Wine, doing 16-bit adjustments to
503 (2) the Put does exactly cover SP, but we are unable to
504 determine how the value relates to the old SP. In any
505 case, we cannot assume that the Put.data value is a tmp;
506 we must assume it can be anything allowed in flat IR (tmp
510 n_SP_updates_generic_unknown++;
512 // Nb: if all is well, this generic case will typically be
513 // called something like every 1000th SP update. If it's more than
514 // that, the above code may be missing some cases.
516 /* Pass both the old and new SP values to this helper. Also,
517 pass an origin tag, even if it isn't needed. */
518 old_SP = newIRTemp(bb->tyenv, typeof_SP);
521 IRStmt_WrTmp( old_SP, IRExpr_Get(offset_SP, typeof_SP) )
524 /* Now we know what the old value of SP is. But knowing the new
525 value is a bit tricky if there is a partial write. */
526 if (first_Put == first_SP && last_Put == last_SP) {
527 /* The common case, an exact write to SP. So st->Ist.Put.data
528 does hold the new value; simple. */
529 vg_assert(curr_IP_known);
530 dcall = unsafeIRDirty_0_N(
532 "VG_(unknown_SP_update)",
533 VG_(fnptr_to_fnentry)( &VG_(unknown_SP_update) ),
534 mkIRExprVec_3( IRExpr_RdTmp(old_SP), st->Ist.Put.data,
535 mk_ecu_Expr(curr_IP) )
537 addStmtToIRSB( bb, IRStmt_Dirty(dcall) );
538 /* don't forget the original assignment */
539 addStmtToIRSB( bb, st );
541 /* We have a partial update to SP. We need to know what
542 the new SP will be, and hand that to the helper call,
543 but when the helper call happens, SP must hold the
544 value it had before the update. Tricky.
545 Therefore use the following kludge:
546 1. do the partial SP update (Put)
547 2. Get the new SP value into a tmp, new_SP
554 addStmtToIRSB( bb, st );
556 new_SP = newIRTemp(bb->tyenv, typeof_SP);
559 IRStmt_WrTmp( new_SP, IRExpr_Get(offset_SP, typeof_SP) )
562 addStmtToIRSB( bb, IRStmt_Put(offset_SP, IRExpr_RdTmp(old_SP) ));
564 vg_assert(curr_IP_known);
565 dcall = unsafeIRDirty_0_N(
567 "VG_(unknown_SP_update)",
568 VG_(fnptr_to_fnentry)( &VG_(unknown_SP_update) ),
569 mkIRExprVec_3( IRExpr_RdTmp(old_SP),
570 IRExpr_RdTmp(new_SP),
571 mk_ecu_Expr(curr_IP) )
573 addStmtToIRSB( bb, IRStmt_Dirty(dcall) );
575 addStmtToIRSB( bb, IRStmt_Put(offset_SP, IRExpr_RdTmp(new_SP) ));
578 /* Forget what we already know. */
581 /* If this is a Put of a tmp that exactly updates SP,
582 start tracking aliases against this tmp. */
584 if (first_Put == first_SP && last_Put == last_SP
585 && st->Ist.Put.data->tag == Iex_RdTmp) {
586 vg_assert( typeOfIRTemp(bb->tyenv, st->Ist.Put.data->Iex.RdTmp.tmp)
588 add_SP_alias(st->Ist.Put.data->Iex.RdTmp.tmp, 0);
594 /* PutI or Dirty call which overlaps SP: complain. We can't
595 deal with SP changing in weird ways (well, we can, but not at
596 this time of night). */
597 if (st->tag == Ist_PutI) {
598 descr = st->Ist.PutI.details->descr;
599 minoff_ST = descr->base;
600 maxoff_ST = descr->base
601 + descr->nElems * sizeofIRType(descr->elemTy) - 1;
602 if (!(offset_SP > maxoff_ST
603 || (offset_SP + sizeof_SP - 1) < minoff_ST))
606 if (st->tag == Ist_Dirty) {
607 d = st->Ist.Dirty.details;
608 for (j = 0; j < d->nFxState; j++) {
609 if (d->fxState[j].fx == Ifx_Read || d->fxState[j].fx == Ifx_None)
611 /* Enumerate the described state segments */
612 for (k = 0; k < 1 + d->fxState[j].nRepeats; k++) {
613 minoff_ST = d->fxState[j].offset + k * d->fxState[j].repeatLen;
614 maxoff_ST = minoff_ST + d->fxState[j].size - 1;
615 if (!(offset_SP > maxoff_ST
616 || (offset_SP + sizeof_SP - 1) < minoff_ST))
622 /* well, not interesting. Just copy and keep going. */
623 addStmtToIRSB( bb, st );
625 } /* for (i = 0; i < sb_in->stmts_used; i++) */
630 VG_(core_panic)("vg_SP_update_pass: PutI or Dirty which overlaps SP");
640 /*------------------------------------------------------------*/
641 /*--- Main entry point for the JITter. ---*/
642 /*------------------------------------------------------------*/
644 /* Extra comments re self-checking translations and self-modifying
645 code. (JRS 14 Oct 05).
648 (1) no checking: all code assumed to be not self-modifying
649 (2) partial: known-problematic situations get a self-check
650 (3) full checking: all translations get a self-check
652 As currently implemented, the default is (2). (3) is always safe,
653 but very slow. (1) works mostly, but fails for gcc nested-function
654 code which uses trampolines on the stack; this situation is
655 detected and handled by (2).
659 A more robust and transparent solution, which is not currently
660 implemented, is a variant of (2): if a translation is made from an
661 area which aspacem says does not have 'w' permission, then it can
662 be non-self-checking. Otherwise, it needs a self-check.
664 This is complicated by Vex's basic-block chasing. If a self-check
665 is requested, then Vex will not chase over basic block boundaries
666 (it's too complex). However there is still a problem if it chases
667 from a non-'w' area into a 'w' area.
669 I think the right thing to do is:
671 - if a translation request starts in a 'w' area, ask for a
672 self-checking translation, and do not allow any chasing (make
673 chase_into_ok return False). Note that the latter is redundant
674 in the sense that Vex won't chase anyway in this situation.
676 - if a translation request starts in a non-'w' area, do not ask for
677 a self-checking translation. However, do not allow chasing (as
678 determined by chase_into_ok) to go into a 'w' area.
680 The result of this is that all code inside 'w' areas is self
683 To complete the trick, there is a caveat: we must watch the
684 client's mprotect calls. If pages are changed from non-'w' to 'w'
685 then we should throw away all translations which intersect the
686 affected area, so as to force them to be redone with self-checks.
690 The above outlines the conditions under which bb chasing is allowed
691 from a self-modifying-code point of view. There are other
692 situations pertaining to function redirection in which it is
693 necessary to disallow chasing, but those fall outside the scope of
698 /* Vex dumps the final code in here. Then we can copy it off
700 /* 60000: should agree with assertion in VG_(add_to_transtab) in
702 #define N_TMPBUF 60000
703 static UChar tmpbuf[N_TMPBUF];
706 /* Function pointers we must supply to LibVEX in order that it
707 can bomb out and emit messages under Valgrind's control. */
708 __attribute__ ((noreturn))
710 void failure_exit ( void )
712 LibVEX_ShowAllocStats();
713 VG_(core_panic)("LibVEX called failure_exit().");
717 void log_bytes ( HChar* bytes, Int nbytes )
720 for (i = 0; i < nbytes-3; i += 4)
721 VG_(printf)("%c%c%c%c", bytes[i], bytes[i+1], bytes[i+2], bytes[i+3]);
722 for (; i < nbytes; i++)
723 VG_(printf)("%c", bytes[i]);
727 /* --------- Various helper functions for translation --------- */
729 /* Look for reasons to disallow making translations from the given
732 static Bool translations_allowable_from_seg ( NSegment const* seg )
734 # if defined(VGA_x86) || defined(VGA_s390x) || defined(VGA_mips32)
740 && (seg->kind == SkAnonC || seg->kind == SkFileC || seg->kind == SkShmC)
741 && (seg->hasX || (seg->hasR && allowR));
745 /* Produce a bitmask stating which of the supplied extents needs a
746 self-check. See documentation of
747 VexTranslateArgs::needs_self_check for more details about the
748 return convention. */
750 static UInt needs_self_check ( void* closureV,
751 VexGuestExtents* vge )
753 VgCallbackClosure* closure = (VgCallbackClosure*)closureV;
756 vg_assert(vge->n_used >= 1 && vge->n_used <= 3);
759 for (i = 0; i < vge->n_used; i++) {
761 Addr addr = (Addr)vge->base[i];
762 SizeT len = (SizeT)vge->len[i];
763 NSegment const* segA = NULL;
765 # if defined(VGO_darwin)
766 // GrP fixme hack - dyld i386 IMPORT gets rewritten.
767 // To really do this correctly, we'd need to flush the
768 // translation cache whenever a segment became +WX.
769 segA = VG_(am_find_nsegment)(addr);
770 if (segA && segA->hasX && segA->hasW)
775 switch (VG_(clo_smc_check)) {
777 /* never check (except as per Darwin hack above) */
784 /* check if the address is in the same segment as this
785 thread's stack pointer */
786 Addr sp = VG_(get_SP)(closure->tid);
788 segA = VG_(am_find_nsegment)(addr);
790 NSegment const* segSP = VG_(am_find_nsegment)(sp);
791 if (segA && segSP && segA == segSP)
795 case Vg_SmcAllNonFile: {
796 /* check if any part of the extent is not in a
797 file-mapped segment */
799 segA = VG_(am_find_nsegment)(addr);
801 if (segA && segA->kind == SkFileC && segA->start <= addr
802 && (len == 0 || addr + len <= segA->end + 1)) {
803 /* in a file-mapped segment; skip the check */
822 /* This is a callback passed to LibVEX_Translate. It stops Vex from
823 chasing into function entry points that we wish to redirect.
824 Chasing across them obviously defeats the redirect mechanism, with
825 bad effects for Memcheck, Helgrind, DRD, Massif, and possibly others.
827 static Bool chase_into_ok ( void* closureV, Addr64 addr64 )
829 Addr addr = (Addr)addr64;
830 NSegment const* seg = VG_(am_find_nsegment)(addr);
832 /* Work through a list of possibilities why we might not want to
835 /* Destination not in a plausible segment? */
836 if (!translations_allowable_from_seg(seg))
839 /* Destination is redirected? */
840 if (addr != VG_(redir_do_lookup)(addr, NULL))
843 # if defined(VG_PLAT_USES_PPCTOC)
844 /* This needs to be at the start of its own block. Don't chase. Re
845 ULong_to_Ptr, be careful to ensure we only compare 32 bits on a
847 if (ULong_to_Ptr(addr64)
848 == (void*)&VG_(ppctoc_magic_redirect_return_stub))
852 /* overly conservative, but .. don't chase into the distinguished
853 address that m_transtab uses as an empty-slot marker for
855 if (addr == TRANSTAB_BOGUS_GUEST_ADDR)
858 # if defined(VGA_s390x)
859 /* Never chase into an EX instruction. Generating IR for EX causes
860 a round-trip through the scheduler including VG_(discard_translations).
861 And that's expensive as shown by perf/tinycc.c:
862 Chasing into EX increases the number of EX translations from 21 to
863 102666 causing a 7x runtime increase for "none" and a 3.2x runtime
864 increase for memcheck. */
865 if (((UChar *)ULong_to_Ptr(addr))[0] == 0x44 || /* EX */
866 ((UChar *)ULong_to_Ptr(addr))[0] == 0xC6) /* EXRL */
870 /* well, ok then. go on and chase. */
877 if (0) VG_(printf)("not chasing into 0x%lx\n", addr);
882 /* --------------- helpers for with-TOC platforms --------------- */
884 /* NOTE: with-TOC platforms are: ppc64-linux. */
886 static IRExpr* mkU64 ( ULong n ) {
887 return IRExpr_Const(IRConst_U64(n));
889 static IRExpr* mkU32 ( UInt n ) {
890 return IRExpr_Const(IRConst_U32(n));
893 #if defined(VG_PLAT_USES_PPCTOC)
894 static IRExpr* mkU8 ( UChar n ) {
895 return IRExpr_Const(IRConst_U8(n));
897 static IRExpr* narrowTo32 ( IRTypeEnv* tyenv, IRExpr* e ) {
898 if (typeOfIRExpr(tyenv, e) == Ity_I32) {
901 vg_assert(typeOfIRExpr(tyenv, e) == Ity_I64);
902 return IRExpr_Unop(Iop_64to32, e);
906 /* Generate code to push word-typed expression 'e' onto this thread's
907 redir stack, checking for stack overflow and generating code to
910 static void gen_PUSH ( IRSB* bb, IRExpr* e )
916 # if defined(VGP_ppc64_linux)
917 Int stack_size = VEX_GUEST_PPC64_REDIR_STACK_SIZE;
918 Int offB_REDIR_SP = offsetof(VexGuestPPC64State,guest_REDIR_SP);
919 Int offB_REDIR_STACK = offsetof(VexGuestPPC64State,guest_REDIR_STACK);
920 Int offB_EMNOTE = offsetof(VexGuestPPC64State,guest_EMNOTE);
921 Int offB_CIA = offsetof(VexGuestPPC64State,guest_CIA);
923 IRType ty_Word = Ity_I64;
924 IROp op_CmpNE = Iop_CmpNE64;
925 IROp op_Sar = Iop_Sar64;
926 IROp op_Sub = Iop_Sub64;
927 IROp op_Add = Iop_Add64;
928 IRExpr*(*mkU)(ULong) = mkU64;
929 vg_assert(VG_WORDSIZE == 8);
931 Int stack_size = VEX_GUEST_PPC32_REDIR_STACK_SIZE;
932 Int offB_REDIR_SP = offsetof(VexGuestPPC32State,guest_REDIR_SP);
933 Int offB_REDIR_STACK = offsetof(VexGuestPPC32State,guest_REDIR_STACK);
934 Int offB_EMNOTE = offsetof(VexGuestPPC32State,guest_EMNOTE);
935 Int offB_CIA = offsetof(VexGuestPPC32State,guest_CIA);
937 IRType ty_Word = Ity_I32;
938 IROp op_CmpNE = Iop_CmpNE32;
939 IROp op_Sar = Iop_Sar32;
940 IROp op_Sub = Iop_Sub32;
941 IROp op_Add = Iop_Add32;
942 IRExpr*(*mkU)(UInt) = mkU32;
943 vg_assert(VG_WORDSIZE == 4);
946 vg_assert(sizeof(void*) == VG_WORDSIZE);
947 vg_assert(sizeof(Word) == VG_WORDSIZE);
948 vg_assert(sizeof(Addr) == VG_WORDSIZE);
950 descr = mkIRRegArray( offB_REDIR_STACK, ty_Word, stack_size );
951 t1 = newIRTemp( bb->tyenv, ty_Word );
954 vg_assert(typeOfIRExpr(bb->tyenv, e) == ty_Word);
956 /* t1 = guest_REDIR_SP + 1 */
961 IRExpr_Binop(op_Add, IRExpr_Get( offB_REDIR_SP, ty_Word ), one)
965 /* Bomb out if t1 >=s stack_size, that is, (stack_size-1)-t1 <s 0.
966 The destination (0) is a bit bogus but it doesn't matter since
967 this is an unrecoverable error and will lead to Valgrind
968 shutting down. _EMNOTE is set regardless - that's harmless
969 since is only has a meaning if the exit is taken. */
972 IRStmt_Put(offB_EMNOTE, mkU32(EmWarn_PPC64_redir_overflow))
981 IRExpr_Binop(op_Sub,mkU(stack_size-1),IRExpr_RdTmp(t1)),
982 mkU8(8 * VG_WORDSIZE - 1)
987 is64 ? IRConst_U64(0) : IRConst_U32(0),
992 /* guest_REDIR_SP = t1 */
993 addStmtToIRSB(bb, IRStmt_Put(offB_REDIR_SP, IRExpr_RdTmp(t1)));
995 /* guest_REDIR_STACK[t1+0] = e */
996 /* PutI/GetI have I32-typed indexes regardless of guest word size */
999 IRStmt_PutI(mkIRPutI(descr,
1000 narrowTo32(bb->tyenv,IRExpr_RdTmp(t1)), 0, e)));
1004 /* Generate code to pop a word-sized value from this thread's redir
1005 stack, binding it to a new temporary, which is returned. As with
1006 gen_PUSH, an overflow check is also performed. */
1008 static IRTemp gen_POP ( IRSB* bb )
1010 # if defined(VGP_ppc64_linux)
1011 Int stack_size = VEX_GUEST_PPC64_REDIR_STACK_SIZE;
1012 Int offB_REDIR_SP = offsetof(VexGuestPPC64State,guest_REDIR_SP);
1013 Int offB_REDIR_STACK = offsetof(VexGuestPPC64State,guest_REDIR_STACK);
1014 Int offB_EMNOTE = offsetof(VexGuestPPC64State,guest_EMNOTE);
1015 Int offB_CIA = offsetof(VexGuestPPC64State,guest_CIA);
1017 IRType ty_Word = Ity_I64;
1018 IROp op_CmpNE = Iop_CmpNE64;
1019 IROp op_Sar = Iop_Sar64;
1020 IROp op_Sub = Iop_Sub64;
1021 IRExpr*(*mkU)(ULong) = mkU64;
1023 Int stack_size = VEX_GUEST_PPC32_REDIR_STACK_SIZE;
1024 Int offB_REDIR_SP = offsetof(VexGuestPPC32State,guest_REDIR_SP);
1025 Int offB_REDIR_STACK = offsetof(VexGuestPPC32State,guest_REDIR_STACK);
1026 Int offB_EMNOTE = offsetof(VexGuestPPC32State,guest_EMNOTE);
1027 Int offB_CIA = offsetof(VexGuestPPC32State,guest_CIA);
1029 IRType ty_Word = Ity_I32;
1030 IROp op_CmpNE = Iop_CmpNE32;
1031 IROp op_Sar = Iop_Sar32;
1032 IROp op_Sub = Iop_Sub32;
1033 IRExpr*(*mkU)(UInt) = mkU32;
1036 IRRegArray* descr = mkIRRegArray( offB_REDIR_STACK, ty_Word, stack_size );
1037 IRTemp t1 = newIRTemp( bb->tyenv, ty_Word );
1038 IRTemp res = newIRTemp( bb->tyenv, ty_Word );
1039 IRExpr* one = mkU(1);
1041 vg_assert(sizeof(void*) == VG_WORDSIZE);
1042 vg_assert(sizeof(Word) == VG_WORDSIZE);
1043 vg_assert(sizeof(Addr) == VG_WORDSIZE);
1045 /* t1 = guest_REDIR_SP */
1048 IRStmt_WrTmp( t1, IRExpr_Get( offB_REDIR_SP, ty_Word ) )
1051 /* Bomb out if t1 < 0. Same comments as gen_PUSH apply. */
1054 IRStmt_Put(offB_EMNOTE, mkU32(EmWarn_PPC64_redir_underflow))
1064 mkU8(8 * VG_WORDSIZE - 1)
1069 is64 ? IRConst_U64(0) : IRConst_U32(0),
1074 /* res = guest_REDIR_STACK[t1+0] */
1075 /* PutI/GetI have I32-typed indexes regardless of guest word size */
1080 IRExpr_GetI(descr, narrowTo32(bb->tyenv,IRExpr_RdTmp(t1)), 0)
1084 /* guest_REDIR_SP = t1-1 */
1087 IRStmt_Put(offB_REDIR_SP, IRExpr_Binop(op_Sub, IRExpr_RdTmp(t1), one))
1093 /* Generate code to push LR and R2 onto this thread's redir stack,
1094 then set R2 to the new value (which is the TOC pointer to be used
1095 for the duration of the replacement function, as determined by
1096 m_debuginfo), and set LR to the magic return stub, so we get to
1097 intercept the return and restore R2 and L2 to the values saved
1100 static void gen_push_and_set_LR_R2 ( IRSB* bb, Addr64 new_R2_value )
1102 # if defined(VGP_ppc64_linux)
1103 Addr64 bogus_RA = (Addr64)&VG_(ppctoc_magic_redirect_return_stub);
1104 Int offB_GPR2 = offsetof(VexGuestPPC64State,guest_GPR2);
1105 Int offB_LR = offsetof(VexGuestPPC64State,guest_LR);
1106 gen_PUSH( bb, IRExpr_Get(offB_LR, Ity_I64) );
1107 gen_PUSH( bb, IRExpr_Get(offB_GPR2, Ity_I64) );
1108 addStmtToIRSB( bb, IRStmt_Put( offB_LR, mkU64( bogus_RA )) );
1109 addStmtToIRSB( bb, IRStmt_Put( offB_GPR2, mkU64( new_R2_value )) );
1112 # error Platform is not TOC-afflicted, fortunately
1116 static void gen_pop_R2_LR_then_bLR ( IRSB* bb )
1118 # if defined(VGP_ppc64_linux)
1119 Int offB_GPR2 = offsetof(VexGuestPPC64State,guest_GPR2);
1120 Int offB_LR = offsetof(VexGuestPPC64State,guest_LR);
1121 Int offB_CIA = offsetof(VexGuestPPC64State,guest_CIA);
1122 IRTemp old_R2 = newIRTemp( bb->tyenv, Ity_I64 );
1123 IRTemp old_LR = newIRTemp( bb->tyenv, Ity_I64 );
1125 old_R2 = gen_POP( bb );
1126 addStmtToIRSB( bb, IRStmt_Put( offB_GPR2, IRExpr_RdTmp(old_R2)) );
1128 old_LR = gen_POP( bb );
1129 addStmtToIRSB( bb, IRStmt_Put( offB_LR, IRExpr_RdTmp(old_LR)) );
1131 /* re boring, we arrived here precisely because a wrapped fn did a
1132 blr (hence Ijk_Ret); so we should just mark this jump as Boring,
1133 else one _Call will have resulted in two _Rets. */
1134 bb->jumpkind = Ijk_Boring;
1135 bb->next = IRExpr_Binop(Iop_And64, IRExpr_RdTmp(old_LR), mkU64(~(3ULL)));
1136 bb->offsIP = offB_CIA;
1138 # error Platform is not TOC-afflicted, fortunately
1143 Bool mk_preamble__ppctoc_magic_return_stub ( void* closureV, IRSB* bb )
1145 VgCallbackClosure* closure = (VgCallbackClosure*)closureV;
1146 /* Since we're creating the entire IRSB right here, give it a
1147 proper IMark, as it won't get one any other way, and cachegrind
1148 will barf if it doesn't have one (fair enough really). */
1149 addStmtToIRSB( bb, IRStmt_IMark( closure->readdr, 4, 0 ) );
1150 /* Generate the magic sequence:
1151 pop R2 from hidden stack
1152 pop LR from hidden stack
1155 gen_pop_R2_LR_then_bLR(bb);
1156 return True; /* True == this is the entire BB; don't disassemble any
1157 real insns into it - just hand it directly to
1158 optimiser/instrumenter/backend. */
1162 /* --------------- END helpers for with-TOC platforms --------------- */
1165 /* This is the IR preamble generator used for replacement
1166 functions. It adds code to set the guest_NRADDR{_GPR2} to zero
1167 (technically not necessary, but facilitates detecting mixups in
1168 which a replacement function has been erroneously declared using
1169 VG_REPLACE_FUNCTION_Z{U,Z} when instead it should have been written
1170 using VG_WRAP_FUNCTION_Z{U,Z}).
1172 On with-TOC platforms the follow hacks are also done: LR and R2 are
1173 pushed onto a hidden stack, R2 is set to the correct value for the
1174 replacement function, and LR is set to point at the magic
1175 return-stub address. Setting LR causes the return of the
1176 wrapped/redirected function to lead to our magic return stub, which
1177 restores LR and R2 from said stack and returns for real.
1179 VG_(get_StackTrace_wrk) understands that the LR value may point to
1180 the return stub address, and that in that case it can get the real
1181 LR value from the hidden stack instead. */
1183 Bool mk_preamble__set_NRADDR_to_zero ( void* closureV, IRSB* bb )
1186 = sizeof(((VexGuestArchState*)0)->guest_NRADDR);
1187 vg_assert(nraddr_szB == 4 || nraddr_szB == 8);
1188 vg_assert(nraddr_szB == VG_WORDSIZE);
1192 offsetof(VexGuestArchState,guest_NRADDR),
1193 nraddr_szB == 8 ? mkU64(0) : mkU32(0)
1196 # if defined(VGP_mips32_linux)
1197 // t9 needs to be set to point to the start of the redirected function.
1198 VgCallbackClosure* closure = (VgCallbackClosure*)closureV;
1199 Int offB_GPR25 = offsetof(VexGuestMIPS32State,guest_r25);
1200 addStmtToIRSB( bb, IRStmt_Put( offB_GPR25, mkU32( closure->readdr )) );
1202 # if defined(VG_PLAT_USES_PPCTOC)
1203 { VgCallbackClosure* closure = (VgCallbackClosure*)closureV;
1207 offsetof(VexGuestArchState,guest_NRADDR_GPR2),
1208 VG_WORDSIZE==8 ? mkU64(0) : mkU32(0)
1211 gen_push_and_set_LR_R2 ( bb, VG_(get_tocptr)( closure->readdr ) );
1217 /* Ditto, except set guest_NRADDR to nraddr (the un-redirected guest
1218 address). This is needed for function wrapping - so the wrapper
1219 can read _NRADDR and find the address of the function being
1220 wrapped. On toc-afflicted platforms we must also snarf r2. */
1222 Bool mk_preamble__set_NRADDR_to_nraddr ( void* closureV, IRSB* bb )
1224 VgCallbackClosure* closure = (VgCallbackClosure*)closureV;
1226 = sizeof(((VexGuestArchState*)0)->guest_NRADDR);
1227 vg_assert(nraddr_szB == 4 || nraddr_szB == 8);
1228 vg_assert(nraddr_szB == VG_WORDSIZE);
1232 offsetof(VexGuestArchState,guest_NRADDR),
1234 ? IRExpr_Const(IRConst_U64( closure->nraddr ))
1235 : IRExpr_Const(IRConst_U32( (UInt)closure->nraddr ))
1238 # if defined(VGP_mips32_linux)
1239 // t9 needs to be set to point to the start of the redirected function.
1240 Int offB_GPR25 = offsetof(VexGuestMIPS32State,guest_r25);
1241 addStmtToIRSB( bb, IRStmt_Put( offB_GPR25, mkU32( closure->readdr )) );
1243 # if defined(VGP_ppc64_linux)
1247 offsetof(VexGuestArchState,guest_NRADDR_GPR2),
1248 IRExpr_Get(offsetof(VexGuestArchState,guest_GPR2),
1249 VG_WORDSIZE==8 ? Ity_I64 : Ity_I32)
1252 gen_push_and_set_LR_R2 ( bb, VG_(get_tocptr)( closure->readdr ) );
1257 /* --- Helpers to do with PPC related stack redzones. --- */
1259 __attribute__((unused))
1260 static Bool const_True ( Addr64 guest_addr )
1265 /* --------------- main translation function --------------- */
1267 /* Note: see comments at top of m_redir.c for the Big Picture on how
1268 redirections are managed. */
1272 /* normal translation, redir neither requested nor inhibited */
1274 /* redir translation, function-wrap (set _NRADDR) style */
1276 /* redir translation, replacement (don't set _NRADDR) style */
1278 /* a translation in which redir is specifically disallowed */
1283 /* Translate the basic block beginning at NRADDR, and add it to the
1284 translation cache & translation table. Unless
1285 DEBUGGING_TRANSLATION is true, in which case the call is being done
1286 for debugging purposes, so (a) throw away the translation once it
1287 is made, and (b) produce a load of debugging output. If
1288 ALLOW_REDIRECTION is False, do not attempt redirection of NRADDR,
1289 and also, put the resulting translation into the no-redirect tt/tc
1290 instead of the normal one.
1292 TID is the identity of the thread requesting this translation.
1295 Bool VG_(translate) ( ThreadId tid,
1297 Bool debugging_translation,
1298 Int debugging_verbosity,
1300 Bool allow_redirection )
1304 Int tmpbuf_used, verbosity, i;
1305 Bool (*preamble_fn)(void*,IRSB*);
1307 VexArchInfo vex_archinfo;
1308 VexAbiInfo vex_abiinfo;
1309 VexGuestExtents vge;
1310 VexTranslateArgs vta;
1311 VexTranslateResult tres;
1312 VgCallbackClosure closure;
1314 /* Make sure Vex is initialised right. */
1316 static Bool vex_init_done = False;
1318 if (!vex_init_done) {
1319 LibVEX_Init ( &failure_exit, &log_bytes,
1320 1, /* debug_paranoia */
1321 False, /* valgrind support */
1322 &VG_(clo_vex_control) );
1323 vex_init_done = True;
1326 /* Establish the translation kind and actual guest address to
1327 start from. Sets (addr,kind). */
1328 if (allow_redirection) {
1330 Addr64 tmp = VG_(redir_do_lookup)( nraddr, &isWrap );
1331 if (tmp == nraddr) {
1332 /* no redirection found */
1336 /* found a redirect */
1338 kind = isWrap ? T_Redir_Wrap : T_Redir_Replace;
1345 /* Established: (nraddr, addr, kind) */
1347 /* Printing redirection info. */
1349 if ((kind == T_Redir_Wrap || kind == T_Redir_Replace)
1350 && (VG_(clo_verbosity) >= 2 || VG_(clo_trace_redir))) {
1352 Char name1[512] = "";
1353 Char name2[512] = "";
1354 name1[0] = name2[0] = 0;
1355 ok = VG_(get_fnname_w_offset)(nraddr, name1, 512);
1356 if (!ok) VG_(strcpy)(name1, "???");
1357 ok = VG_(get_fnname_w_offset)(addr, name2, 512);
1358 if (!ok) VG_(strcpy)(name2, "???");
1359 VG_(message)(Vg_DebugMsg,
1360 "REDIR: 0x%llx (%s) redirected to 0x%llx (%s)\n",
1365 if (!debugging_translation)
1366 VG_TRACK( pre_mem_read, Vg_CoreTranslate,
1367 tid, "(translator)", addr, 1 );
1369 /* If doing any code printing, print a basic block start marker */
1370 if (VG_(clo_trace_flags) || debugging_translation) {
1371 Char fnname[512] = "UNKNOWN_FUNCTION";
1372 VG_(get_fnname_w_offset)(addr, fnname, 512);
1373 const UChar* objname = "UNKNOWN_OBJECT";
1375 DebugInfo* di = VG_(find_DebugInfo)( addr );
1377 objname = VG_(DebugInfo_get_filename)(di);
1378 objoff = addr - VG_(DebugInfo_get_text_bias)(di);
1382 "==== SB %d (evchecks %lld) [tid %d] 0x%llx %s %s+0x%llx\n",
1383 VG_(get_bbs_translated)(), bbs_done, (Int)tid, addr,
1384 fnname, objname, (ULong)objoff
1388 /* Are we allowed to translate here? */
1390 { /* BEGIN new scope specially for 'seg' */
1391 NSegment const* seg = VG_(am_find_nsegment)(addr);
1393 if ( (!translations_allowable_from_seg(seg))
1394 || addr == TRANSTAB_BOGUS_GUEST_ADDR ) {
1395 if (VG_(clo_trace_signals))
1396 VG_(message)(Vg_DebugMsg, "translations not allowed here (0x%llx)"
1397 " - throwing SEGV\n", addr);
1398 /* U R busted, sonny. Place your hands on your head and step
1399 away from the orig_addr. */
1400 /* Code address is bad - deliver a signal instead */
1402 /* There's some kind of segment at the requested place, but we
1403 aren't allowed to execute code here. */
1404 if (debugging_translation)
1405 VG_(printf)("translations not allowed here (segment not executable)"
1406 "(0x%llx)\n", addr);
1408 VG_(synth_fault_perms)(tid, addr);
1410 /* There is no segment at all; we are attempting to execute in
1411 the middle of nowhere. */
1412 if (debugging_translation)
1413 VG_(printf)("translations not allowed here (no segment)"
1414 "(0x%llx)\n", addr);
1416 VG_(synth_fault_mapping)(tid, addr);
1421 /* True if a debug trans., or if bit N set in VG_(clo_trace_codegen). */
1423 if (debugging_translation) {
1424 verbosity = debugging_verbosity;
1427 if ( (VG_(clo_trace_flags) > 0
1428 && VG_(get_bbs_translated)() <= VG_(clo_trace_notabove)
1429 && VG_(get_bbs_translated)() >= VG_(clo_trace_notbelow) )) {
1430 verbosity = VG_(clo_trace_flags);
1433 /* Figure out which preamble-mangling callback to send. */
1435 if (kind == T_Redir_Replace)
1436 preamble_fn = mk_preamble__set_NRADDR_to_zero;
1438 if (kind == T_Redir_Wrap)
1439 preamble_fn = mk_preamble__set_NRADDR_to_nraddr;
1441 # if defined(VG_PLAT_USES_PPCTOC)
1442 if (ULong_to_Ptr(nraddr)
1443 == (void*)&VG_(ppctoc_magic_redirect_return_stub)) {
1444 /* If entering the special return stub, this means a wrapped or
1445 redirected function is returning. Make this translation one
1446 which restores R2 and LR from the thread's hidden redir
1447 stack, and branch to the (restored) link register, thereby
1448 really causing the function to return. */
1449 vg_assert(kind == T_Normal);
1450 vg_assert(nraddr == addr);
1451 preamble_fn = mk_preamble__ppctoc_magic_return_stub;
1455 /* ------ Actually do the translation. ------ */
1456 tl_assert2(VG_(tdict).tool_instrument,
1457 "you forgot to set VgToolInterface function 'tool_instrument'");
1459 /* Get the CPU info established at startup. */
1460 VG_(machine_get_VexArchInfo)( &vex_arch, &vex_archinfo );
1462 /* Set up 'abiinfo' structure with stuff Vex needs to know about
1463 the guest and host ABIs. */
1465 LibVEX_default_VexAbiInfo( &vex_abiinfo );
1466 vex_abiinfo.guest_stack_redzone_size = VG_STACK_REDZONE_SZB;
1468 # if defined(VGP_amd64_linux)
1469 vex_abiinfo.guest_amd64_assume_fs_is_zero = True;
1471 # if defined(VGP_amd64_darwin)
1472 vex_abiinfo.guest_amd64_assume_gs_is_0x60 = True;
1474 # if defined(VGP_ppc32_linux)
1475 vex_abiinfo.guest_ppc_zap_RZ_at_blr = False;
1476 vex_abiinfo.guest_ppc_zap_RZ_at_bl = NULL;
1477 vex_abiinfo.host_ppc32_regalign_int64_args = True;
1479 # if defined(VGP_ppc64_linux)
1480 vex_abiinfo.guest_ppc_zap_RZ_at_blr = True;
1481 vex_abiinfo.guest_ppc_zap_RZ_at_bl = const_True;
1482 vex_abiinfo.host_ppc_calls_use_fndescrs = True;
1485 /* Set up closure args. */
1487 closure.nraddr = nraddr;
1488 closure.readdr = addr;
1490 /* Set up args for LibVEX_Translate. */
1491 vta.arch_guest = vex_arch;
1492 vta.archinfo_guest = vex_archinfo;
1493 vta.arch_host = vex_arch;
1494 vta.archinfo_host = vex_archinfo;
1495 vta.abiinfo_both = vex_abiinfo;
1496 vta.callback_opaque = (void*)&closure;
1497 vta.guest_bytes = (UChar*)ULong_to_Ptr(addr);
1498 vta.guest_bytes_addr = (Addr64)addr;
1499 vta.chase_into_ok = chase_into_ok;
1500 vta.guest_extents = &vge;
1501 vta.host_bytes = tmpbuf;
1502 vta.host_bytes_size = N_TMPBUF;
1503 vta.host_bytes_used = &tmpbuf_used;
1504 { /* At this point we have to reconcile Vex's view of the
1505 instrumentation callback - which takes a void* first argument
1506 - with Valgrind's view, in which the first arg is a
1507 VgCallbackClosure*. Hence the following longwinded casts.
1508 They are entirely legal but longwinded so as to maximise the
1509 chance of the C typechecker picking up any type snafus. */
1510 IRSB*(*f)(VgCallbackClosure*,
1511 IRSB*,VexGuestLayout*,VexGuestExtents*, VexArchInfo*,
1513 = VG_(clo_vgdb) != Vg_VgdbNo
1514 ? tool_instrument_then_gdbserver_if_needed
1515 : VG_(tdict).tool_instrument;
1517 IRSB*,VexGuestLayout*,VexGuestExtents*,VexArchInfo*,
1519 = (IRSB*(*)(void*,IRSB*,VexGuestLayout*,VexGuestExtents*,
1520 VexArchInfo*,IRType,IRType))f;
1521 vta.instrument1 = g;
1523 /* No need for type kludgery here. */
1524 vta.instrument2 = need_to_handle_SP_assignment()
1527 vta.finaltidy = VG_(needs).final_IR_tidy_pass
1528 ? VG_(tdict).tool_final_IR_tidy_pass
1530 vta.needs_self_check = needs_self_check;
1531 vta.preamble_function = preamble_fn;
1532 vta.traceflags = verbosity;
1533 vta.addProfInc = VG_(clo_profile_flags) > 0
1534 && kind != T_NoRedir;
1536 /* Set up the dispatch continuation-point info. If this is a
1537 no-redir translation then it cannot be chained, and the chain-me
1538 points are set to NULL to indicate that. The indir point must
1539 also be NULL, since we can't allow this translation to do an
1540 indir transfer -- that would take it back into the main
1541 translation cache too.
1543 All this is because no-redir translations live outside the main
1544 translation cache (in a secondary one) and chaining them would
1545 involve more adminstrative complexity that isn't worth the
1546 hassle, because we don't expect them to get used often. So
1548 if (allow_redirection) {
1549 vta.disp_cp_chain_me_to_slowEP
1550 = VG_(fnptr_to_fnentry)( &VG_(disp_cp_chain_me_to_slowEP) );
1551 vta.disp_cp_chain_me_to_fastEP
1552 = VG_(fnptr_to_fnentry)( &VG_(disp_cp_chain_me_to_fastEP) );
1554 = VG_(fnptr_to_fnentry)( &VG_(disp_cp_xindir) );
1556 vta.disp_cp_chain_me_to_slowEP = NULL;
1557 vta.disp_cp_chain_me_to_fastEP = NULL;
1558 vta.disp_cp_xindir = NULL;
1560 /* This doesn't involve chaining and so is always allowable. */
1561 vta.disp_cp_xassisted
1562 = VG_(fnptr_to_fnentry)( &VG_(disp_cp_xassisted) );
1564 /* Sheesh. Finally, actually _do_ the translation! */
1565 tres = LibVEX_Translate ( &vta );
1567 vg_assert(tres.status == VexTransOK);
1568 vg_assert(tres.n_sc_extents >= 0 && tres.n_sc_extents <= 3);
1569 vg_assert(tmpbuf_used <= N_TMPBUF);
1570 vg_assert(tmpbuf_used > 0);
1572 /* Tell aspacem of all segments that have had translations taken
1573 from them. Optimisation: don't re-look up vge.base[0] since seg
1574 should already point to it. */
1576 vg_assert( vge.base[0] == (Addr64)addr );
1577 /* set 'translations taken from this segment' flag */
1578 VG_(am_set_segment_hasT_if_SkFileC_or_SkAnonC)( (NSegment*)seg );
1579 } /* END new scope specially for 'seg' */
1581 for (i = 1; i < vge.n_used; i++) {
1583 = VG_(am_find_nsegment)( vge.base[i] );
1584 /* set 'translations taken from this segment' flag */
1585 VG_(am_set_segment_hasT_if_SkFileC_or_SkAnonC)( (NSegment*)seg );
1588 /* Copy data at trans_addr into the translation cache. */
1589 vg_assert(tmpbuf_used > 0 && tmpbuf_used < 65536);
1591 // If debugging, don't do anything with the translated block; we
1592 // only did this for the debugging output produced along the way.
1593 if (!debugging_translation) {
1595 if (kind != T_NoRedir) {
1596 // Put it into the normal TT/TC structures. This is the
1599 // Note that we use nraddr (the non-redirected address), not
1600 // addr, which might have been changed by the redirection
1601 VG_(add_to_transtab)( &vge,
1605 tres.n_sc_extents > 0,
1607 tres.n_guest_instrs,
1610 vg_assert(tres.offs_profInc == -1); /* -1 == unset */
1611 VG_(add_to_unredir_transtab)( &vge,
1621 /*--------------------------------------------------------------------*/
1623 /*--------------------------------------------------------------------*/
git.samba.org / ambi / valgrind.git / blob