/* This file must be included from target-arm/translate.c */
/*****
*****
*****
***** C O N F I G _ M E M C H E C K
*****
*****
*****/
#ifdef CONFIG_MEMCHECK
/*
* Memchecker addition in this module is intended to inject qemu callback into
* translated code for each BL/BLX, as well as BL/BLX returns. These callbacks
* are used to build calling stack of the thread in order to provide better
* reporting on memory access violations. Although this may seem as something
* that may gratly impact the performance, in reality it doesn't. Overhead that
* is added by setting up callbacks and by callbacks themselves is neglectable.
* On the other hand, maintaining calling stack can indeed add some perf.
* overhead (TODO: provide solid numbers here).
* One of the things to watch out with regards to injecting callbacks, is
* consistency between intermediate code generated for execution, and for guest
* PC address calculation. If code doesn't match, a segmentation fault is
* guaranteed.
*/
#include "memcheck/memcheck_proc_management.h"
#include "memcheck/memcheck_api.h"
/* Array of return addresses detected in gen_intermediate_code_internal. */
AddrArray ret_addresses = { 0 };
/* Checks if call stack collection is enabled for the given context.
* We collect call stack only for the user mode (both, code and CPU), and on
* condition that memory checking, and call collection are enabled. It also
* seems that collecting stack for the linker code is excessive, as it doesn't
* provide much useful info for the memory checker.
* Return:
* boolean: 1 if stack collection is enabled for the given context, or 0 if
* it's not enabled.
*/
static inline int
watch_call_stack(DisasContext *s)
{
if (!memcheck_enabled || !memcheck_watch_call_stack) {
return 0;
}
#ifndef CONFIG_USER_ONLY
if (!s->user) {
/* We're not interested in kernel mode CPU stack. */
return 0;
}
#endif // CONFIG_USER_ONLY
/* We're not interested in kernel code stack (pc >= 0xC0000000).
* Android specific: We're also not interested in android linker stack
* (0xB0000000 - 0xB00FFFFF) */
if (s->pc >= 0xC0000000 || (0xB0000000 <= s->pc && s->pc <= 0xB00FFFFF)) {
return 0;
}
return 1;
}
/* Checks if given ARM instruction is BL, or BLX.
* Return:
* boolean: 1 if ARM instruction is BL/BLX, or 0 if it's not.
*/
static inline int
is_arm_bl_or_blx(uint32_t insn)
{
/* ARM BL (immediate): xxxx 1011 xxxx xxxx xxxx xxxx xxxx xxxx
* ARM BLX (immediate): 1111 101x xxxx xxxx xxxx xxxx xxxx xxxx
* ARM BLX (register): xxxx 0001 0010 xxxx xxxx xxxx 0011 xxxx
*/
if ((insn & 0x0F000000) == 0x0B000000 || // ARM BL (imm)
(insn & 0xFE000000) == 0xFA000000 || // ARM BLX (imm)
(insn & 0x0FF000F0) == 0x12000030) { // ARM BLX (reg)
return 1;
}
return 0;
}
/* Checks if given THUMB instruction is BL, or BLX.
* Param:
* insn - THUMB instruction to check.
* pc - Emulated PC address for the instruction.
* ret_off - If insn is BL, or BLX, upon return ret_off contains
* instruction's byte size. If instruction is not BL, or BLX, content of
* this parameter is undefined on return.
* Return:
* boolean: 1 if THUMB instruction is BL/BLX, or 0 if it's not.
*/
static inline int
is_thumb_bl_or_blx(uint16_t insn, target_ulong pc, target_ulong* ret_off)
{
/* THUMB BLX(register): 0100 0111 1xxx xxxx
* THUMB BL(1-stimmediate): 1111 0xxx xxxx xxxx
* THUMB BLX(1-stimmediate): 1111 0xxx xxxx xxxx
*/
if ((insn & 0xFF80) == 0x4780) { // THUMB BLX(reg)
*ret_off = 2;
return 1;
} else if ((insn & 0xF800) == 0xF000) { // THUMB BL(X)(imm)
// This is a 32-bit THUMB. Get the second half of the instuction.
insn = lduw_code(pc + 2);
if ((insn & 0xC000) == 0xC000) {
*ret_off = 4;
return 1;
}
}
return 0;
}
/* Registers a return address detected in gen_intermediate_code_internal.
* NOTE: If return address has been registered as new in this routine, this will
* cause invalidation of all existing TBs that contain translated code for that
* address.
* NOTE: Before storing PC address in the array, we convert it from emulated
* address to a physical address. This way we deal with emulated addresses
* overlapping for different processes.
* Param:
* env - CPU state environment.
* addr - Return address to register.
* Return:
* 1 - Address has been registered in this routine.
* -1 - Address has been already registered before.
* 0 - Insufficient memory.
*/
static int
register_ret_address(CPUState* env, target_ulong addr)
{
int ret;
if ((0x90000000 <= addr && addr <= 0xBFFFFFFF)) {
/* Address belongs to a module that always loads at this fixed address.
* So, we can keep this address in the global array. */
ret = addrarray_add(&ret_addresses, get_phys_addr_code(env, addr));
} else {
ret = addrarray_add(&ret_addresses, get_phys_addr_code(env, addr));
}
assert(ret != 0);
if (ret == 1) {
/* If this ret address has been added to the array, we need to make sure
* that all TBs that contain translated code for that address are
* invalidated. This will force retranslation of that code, which will
* make sure that our ret callback is set. This is also important part
* in keeping consistency between translated code, and intermediate code
* generated for guest PC calculation. If we don't invalidate TBs, and
* PC calculation code is generated, there will be inconsistency due to
* the fact that TB code doesn't contain ret callback, while PC calc
* code contains it. This inconsistency will lead to an immanent
* segmentation fault.*/
TranslationBlock* tb;
const target_ulong phys_pc = get_phys_addr_code(env, addr);
const target_ulong phys_page1 = phys_pc & TARGET_PAGE_MASK;
for(tb = tb_phys_hash[tb_phys_hash_func(phys_pc)]; tb != NULL;
tb = tb->phys_hash_next) {
if (tb->pc == addr && tb->page_addr[0] == phys_page1) {
tb_phys_invalidate(tb, -1);
}
}
}
return ret;
}
/* Checks if given address is recognized as a return address.
* Return:
* boolean: 1 if if given address is recognized as a return address,
* or 0 if it's not.
*/
static inline int
is_ret_address(CPUState* env, target_ulong addr)
{
if ((0x90000000 <= addr && addr <= 0xBFFFFFFF)) {
return addrarray_check(&ret_addresses, get_phys_addr_code(env, addr));
} else {
return addrarray_check(&ret_addresses, get_phys_addr_code(env, addr));
}
}
/* Adds "on_call" callback into generated intermediate code. */
static inline void
set_on_call(target_ulong pc, target_ulong ret)
{
TCGv_ptr tmp_pc = tcg_const_ptr(pc & ~1);
TCGv_ptr tmp_ret = tcg_const_ptr(ret & ~1);
gen_helper_on_call(tmp_pc, tmp_ret);
tcg_temp_free_ptr(tmp_ret);
tcg_temp_free_ptr(tmp_pc);
}
/* Adds "on_ret" callback into generated intermediate code. */
static inline void
set_on_ret(target_ulong ret)
{
TCGv_ptr tmp_ret = tcg_const_ptr(ret & ~1);
gen_helper_on_ret(tmp_ret);
tcg_temp_free_ptr(tmp_ret);
}
# define ANDROID_WATCH_CALLSTACK_ARM(s) \
if (watch_call_stack(s)) { \
if (is_ret_address(env, s->pc)) { \
set_on_ret(s->pc); \
} \
if (is_arm_bl_or_blx(insn)) { \
set_on_call(s->pc, s->pc + 4); \
if (!s->search_pc) { \
register_ret_address(env, s->pc + 4); \
} \
} \
}
# define ANDROID_WATCH_CALLSTACK_THUMB(s) \
if (watch_call_stack(s)) { \
target_ulong ret_off; \
if (is_ret_address(env, s->pc)) { \
set_on_ret(s->pc); \
} \
if (is_thumb_bl_or_blx(insn, s->pc, &ret_off)) { \
set_on_call(s->pc, s->pc + ret_off); \
if (!s->search_pc) { \
register_ret_address(env, s->pc + ret_off); \
} \
} \
}
# define ANDROID_DISAS_CONTEXT_FIELDS \
int search_pc;
# define ANDROID_START_CODEGEN(search_pc) \
dc->search_pc = search_pc
/* When memchecker is enabled, we need to keep a match between
* translated PC and guest PCs, so memchecker can quickly covert
* one to another. Note that we do that only for user mode. */
# define ANDROID_CHECK_CODEGEN_PC(search_pc) \
((search_pc) || (memcheck_enabled && dc->user))
# define ANDROID_END_CODEGEN() \
do { \
if (memcheck_enabled && dc->user) { \
j = gen_opc_ptr - gen_opc_buf; \
lj++; \
while (lj <= j) \
gen_opc_instr_start[lj++] = 0; \
} \
} while (0)
#else /* !CONFIG_MEMCHECK */
# define ANDROID_WATCH_CALLSTACK_ARM ((void)0)
# define ANDROID_WATCH_CALLSTACK_THUMB ((void)0)
# define ANDROID_DISAS_CONTEXT_FIELDS /* nothing */
# define ANDROID_START_CODEGEN(s) ((void)(s))
# define ANDROID_CHECK_CODEGEN_PC(s) (s)
# define ANDROID_END_CODEGEN() ((void)0)
#endif /* !CONFIG_MEMCHECK */
/*****
*****
*****
***** C O N F I G _ T R A C E
*****
*****
*****/
#ifdef CONFIG_TRACE
#include "android-trace.h"
#define gen_traceInsn() gen_helper_traceInsn()
static void
gen_traceTicks( int count )
{
TCGv tmp = tcg_temp_new_i32();
tcg_gen_movi_i32(tmp, count);
gen_helper_traceTicks(tmp);
tcg_temp_free_i32(tmp);
}
static void
gen_traceBB( uint64_t bbNum, void* tb )
{
#if HOST_LONG_BITS == 32
TCGv_i64 tmpNum = tcg_temp_new_i64();
TCGv_i32 tmpTb = tcg_temp_new_i32();
tcg_gen_movi_i64(tmpNum, (int64_t)bbNum);
tcg_gen_movi_i32(tmpTb, (int32_t)tb);
gen_helper_traceBB32(tmpNum, tmpTb);
tcg_temp_free_i32(tmpTb);
tcg_temp_free_i64(tmpNum);
#elif HOST_LONG_BITS == 64
TCGv_i64 tmpNum = tcg_temp_new_i64();
TCGv_i64 tmpTb = tcg_temp_new_i64();
tcg_gen_movi_i64(tmpNum, (int64_t)bbNum);
tcg_gen_movi_i64(tmpTb, (int64_t)tb);
gen_helper_traceBB64(tmpNum, tmpTb);
tcg_temp_free_i64(tmpTb);
tcg_temp_free_i64(tmpNum);
#endif
}
# define ANDROID_TRACE_DECLS int ticks = 0;
# define ANDROID_TRACE_START_ARM() \
do { \
if (tracing) { \
trace_add_insn(insn, 0); \
ticks = get_insn_ticks_arm(insn); \
gen_traceInsn(); \
} \
} while (0)
# define ANDROID_TRACE_START_THUMB() \
do { \
if (tracing) { \
int ticks = get_insn_ticks_thumb(insn); \
trace_add_insn( insn_wrap_thumb(insn), 1 ); \
gen_traceInsn(); \
gen_traceTicks(ticks); \
} \
} while (0)
# define ANDROID_TRACE_GEN_TICKS() \
do { \
if (tracing) { \
} \
} while (0)
# define ANDROID_TRACE_GEN_SINGLE_TICK() \
do { \
if (tracing) { \
gen_traceTicks(1); \
ticks -= 1; \
} \
} while (0)
# define ANDROID_TRACE_GEN_OTHER_TICKS() \
do { \
if (tracing && ticks > 0) { \
gen_traceTicks(ticks); \
} \
} while (0)
# define ANDROID_TRACE_START_BB() \
do { \
if (tracing) { \
gen_traceBB(trace_static_bb_num(), tb); \
trace_bb_start(dc->pc); \
} \
} while (0)
# define ANDROID_TRACE_END_BB() \
do { \
if (tracing) { \
trace_bb_end(); \
} \
} while (0)
#else /* !CONFIG_TRACE */
# define ANDROID_TRACE_DECLS /* nothing */
# define ANDROID_TRACE_START_ARM() ((void)0)
# define ANDROID_TRACE_START_THUMB() ((void)0)
# define ANDROID_TRACE_GEN_TICKS() ((void)0)
# define ANDROID_TRACE_GEN_SINGLE_TICK() ((void)0)
# define ANDROID_TRACE_GEN_OTHER_TICKS() ((void)0)
# define ANDROID_TRACE_START_BB() ((void)0)
# define ANDROID_TRACE_END_BB() ((void)0)
#endif /* !CONFIG_TRACE */