]>
Commit | Line | Data |
---|---|---|
bc38ecd0 MT |
1 | 2008-01-12 Mike Kronenberg <mike.kronenberg@kronenberg.org> |
2 | ||
3 | * dyngen-exec.h: Fix for QEMU 0.9.1. | |
4 | * dyngen-c.h: Fix for QEMU 0.9.1. | |
5 | ||
6 | 2007-02-01 Mike Kronenberg <mike.kronenberg@kronenberg.org> | |
7 | ||
8 | * target-ppc/exec.h: Fix for QEMU 0.9.0. | |
9 | * dyngen-exec.h: Fix for QEMU 0.9.0. | |
10 | ||
11 | 2005-06-02 Gwenole Beauchesne <gbeauchesne@mandriva.com> | |
12 | ||
13 | * dyngen.c (trace_i386_insn): Fix push/imul case with 8-bit | |
14 | immediate. | |
15 | ||
16 | 2005-05-11 Paul Brook <paul@codesourcery.com> | |
17 | ||
18 | * gcc4 host support. | |
19 | ||
20 | --- qemu-0.7.0/target-ppc/exec.h.gcc4 2005-04-27 22:52:05.000000000 +0200 | |
21 | +++ qemu-0.7.0/target-ppc/exec.h 2005-06-02 21:41:51.000000000 +0200 | |
22 | @@ -64,11 +64,7 @@ #define FT0 (env->ft0) | |
23 | #define FT1 (env->ft1) | |
24 | #define FT2 (env->ft2) | |
25 | ||
26 | -#if defined (DEBUG_OP) | |
27 | -# define RETURN() __asm__ __volatile__("nop" : : : "memory"); | |
28 | -#else | |
29 | -# define RETURN() __asm__ __volatile__("" : : : "memory"); | |
30 | -#endif | |
31 | +#define RETURN() FORCE_RET() | |
32 | ||
33 | #include "cpu.h" | |
34 | #include "exec-all.h" | |
35 | --- qemu-0.7.0/dyngen-exec.h.gcc4 2005-04-27 22:52:05.000000000 +0200 | |
36 | +++ qemu-0.7.0/dyngen-exec.h 2005-06-02 21:41:51.000000000 +0200 | |
37 | @@ -194,7 +194,12 @@ extern int printf(const char *, ...); | |
38 | #endif | |
39 | ||
40 | /* force GCC to generate only one epilog at the end of the function */ | |
41 | +#if defined(__i386__) || defined(__x86_64__) | |
42 | +/* Also add 4 bytes of padding so that we can replace the ret with a jmp. */ | |
43 | +#define FORCE_RET() asm volatile ("nop;nop;nop;nop"); | |
44 | +#else | |
45 | #define FORCE_RET() __asm__ __volatile__("" : : : "memory"); | |
46 | +#endif | |
47 | ||
48 | #ifndef OPPROTO | |
49 | #define OPPROTO | |
50 | @@ -251,10 +256,17 @@ extern int __op_jmp0, __op_jmp1, __op_jm | |
51 | #endif | |
52 | ||
53 | #if defined(__i386__) | |
54 | -#define EXIT_TB() asm volatile ("ret") | |
55 | -#define GOTO_LABEL_PARAM(n) asm volatile ("jmp " ASM_NAME(__op_gen_label) #n) | |
56 | +/* Dyngen will replace hlt instructions with a ret instruction. Inserting a | |
57 | + ret directly would confuse dyngen. */ | |
58 | +#define EXIT_TB() asm volatile ("hlt") | |
59 | +/* Dyngen will replace cli with 0x9e (jmp). | |
60 | + We generate the offset manually. */ | |
61 | +#define GOTO_LABEL_PARAM(n) \ | |
62 | + asm volatile ("cli;.long " ASM_NAME(__op_gen_label) #n " - 1f;1:") | |
63 | #elif defined(__x86_64__) | |
64 | -#define EXIT_TB() asm volatile ("ret") | |
65 | -#define GOTO_LABEL_PARAM(n) asm volatile ("jmp " ASM_NAME(__op_gen_label) #n) | |
66 | +/* The same as i386. */ | |
67 | +#define EXIT_TB() asm volatile ("hlt") | |
68 | +#define GOTO_LABEL_PARAM(n) \ | |
69 | + asm volatile ("cli;.long " ASM_NAME(__op_gen_label) #n " - 1f;1:") | |
70 | #elif defined(__powerpc__) | |
71 | #define EXIT_TB() asm volatile ("blr") | |
72 | --- qemu-0.7.0/dyngen.c.gcc4 2005-04-27 22:52:05.000000000 +0200 | |
73 | +++ qemu-0.7.0/dyngen.c 2005-06-02 22:25:06.000000000 +0200 | |
74 | @@ -32,6 +32,8 @@ | |
75 | ||
76 | #include "config-host.h" | |
77 | ||
78 | +//#define DEBUG_OP | |
79 | + | |
80 | /* NOTE: we test CONFIG_WIN32 instead of _WIN32 to enabled cross | |
81 | compilation */ | |
82 | #if defined(CONFIG_WIN32) | |
83 | @@ -1343,6 +1345,644 @@ int arm_emit_ldr_info(const char *name, | |
84 | #endif | |
85 | ||
86 | ||
87 | +#if defined(HOST_I386) || defined(HOST_X86_64) | |
88 | + | |
89 | +/* This byte is the first byte of an instruction. */ | |
90 | +#define FLAG_INSN (1 << 0) | |
91 | +/* This byte has been processed as part of an instruction. */ | |
92 | +#define FLAG_SCANNED (1 << 1) | |
93 | +/* This instruction is a return instruction. Gcc cometimes generates prefix | |
94 | + bytes, so may be more than one byte long. */ | |
95 | +#define FLAG_RET (1 << 2) | |
96 | +/* This is either the target of a jump, or the preceeding instruction uses | |
97 | + a pc-relative offset. */ | |
98 | +#define FLAG_TARGET (1 << 3) | |
99 | +/* This is a magic instruction that needs fixing up. */ | |
100 | +#define FLAG_EXIT (1 << 4) | |
101 | +#define MAX_EXITS 5 | |
102 | + | |
103 | +static void | |
104 | +bad_opcode(const char *name, uint32_t op) | |
105 | +{ | |
106 | + error("Unsupported opcode %0*x in %s", (op > 0xff) ? 4 : 2, op, name); | |
107 | +} | |
108 | + | |
109 | +/* Mark len bytes as scanned, Returns insn_size + len. Reports an error | |
110 | + if these bytes have already been scanned. */ | |
111 | +static int | |
112 | +eat_bytes(const char *name, char *flags, int insn, int insn_size, int len) | |
113 | +{ | |
114 | + while (len > 0) { | |
115 | + /* This should never occur in sane code. */ | |
116 | + if (flags[insn + insn_size] & FLAG_SCANNED) | |
117 | + error ("Overlapping instructions in %s", name); | |
118 | + flags[insn + insn_size] |= FLAG_SCANNED; | |
119 | + insn_size++; | |
120 | + len--; | |
121 | + } | |
122 | + return insn_size; | |
123 | +} | |
124 | + | |
125 | +static void | |
126 | +trace_i386_insn (const char *name, uint8_t *start_p, char *flags, int insn, | |
127 | + int len) | |
128 | +{ | |
129 | + uint8_t *ptr; | |
130 | + uint8_t op; | |
131 | + int modrm; | |
132 | + int is_prefix; | |
133 | + int op_size; | |
134 | + int addr_size; | |
135 | + int insn_size; | |
136 | + int is_ret; | |
137 | + int is_condjmp; | |
138 | + int is_jmp; | |
139 | + int is_exit; | |
140 | + int is_pcrel; | |
141 | + int immed; | |
142 | + int seen_rexw; | |
143 | + int32_t disp; | |
144 | + | |
145 | + ptr = start_p + insn; | |
146 | + /* nonzero if this insn has a ModR/M byte. */ | |
147 | + modrm = 1; | |
148 | + /* The size of the immediate value in this instruction. */ | |
149 | + immed = 0; | |
150 | + /* The operand size. */ | |
151 | + op_size = 4; | |
152 | + /* The address size */ | |
153 | + addr_size = 4; | |
154 | + /* The total length of this instruction. */ | |
155 | + insn_size = 0; | |
156 | + is_prefix = 1; | |
157 | + is_ret = 0; | |
158 | + is_condjmp = 0; | |
159 | + is_jmp = 0; | |
160 | + is_exit = 0; | |
161 | + seen_rexw = 0; | |
162 | + is_pcrel = 0; | |
163 | + | |
164 | + while (is_prefix) { | |
165 | + op = ptr[insn_size]; | |
166 | + insn_size = eat_bytes(name, flags, insn, insn_size, 1); | |
167 | + is_prefix = 0; | |
168 | + switch (op >> 4) { | |
169 | + case 0: | |
170 | + case 1: | |
171 | + case 2: | |
172 | + case 3: | |
173 | + if (op == 0x0f) { | |
174 | + /* two-byte opcode. */ | |
175 | + op = ptr[insn_size]; | |
176 | + insn_size = eat_bytes(name, flags, insn, insn_size, 1); | |
177 | + switch (op >> 4) { | |
178 | + case 0: | |
179 | + if ((op & 0xf) > 3) | |
180 | + modrm = 0; | |
181 | + break; | |
182 | + case 1: /* vector move or prefetch */ | |
183 | + case 2: /* various moves and vector compares. */ | |
184 | + case 4: /* cmov */ | |
185 | + case 5: /* vector instructions */ | |
186 | + case 6: | |
187 | + case 13: | |
188 | + case 14: | |
189 | + case 15: | |
190 | + break; | |
191 | + case 7: /* mmx */ | |
192 | + if (op & 0x77) /* emms */ | |
193 | + modrm = 0; | |
194 | + break; | |
195 | + case 3: /* wrmsr, rdtsc, rdmsr, rdpmc, sysenter, sysexit */ | |
196 | + modrm = 0; | |
197 | + break; | |
198 | + case 8: /* long conditional jump */ | |
199 | + is_condjmp = 1; | |
200 | + immed = op_size; | |
201 | + modrm = 0; | |
202 | + break; | |
203 | + case 9: /* setcc */ | |
204 | + break; | |
205 | + case 10: | |
206 | + switch (op & 0x7) { | |
207 | + case 0: /* push fs/gs */ | |
208 | + case 1: /* pop fs/gs */ | |
209 | + case 2: /* cpuid/rsm */ | |
210 | + modrm = 0; | |
211 | + break; | |
212 | + case 4: /* shld/shrd immediate */ | |
213 | + immed = 1; | |
214 | + break; | |
215 | + default: /* Normal instructions with a ModR/M byte. */ | |
216 | + break; | |
217 | + } | |
218 | + break; | |
219 | + case 11: | |
220 | + switch (op & 0xf) { | |
221 | + case 10: /* bt, bts, btr, btc */ | |
222 | + immed = 1; | |
223 | + break; | |
224 | + default: | |
225 | + /* cmpxchg, lss, btr, lfs, lgs, movzx, btc, bsf, bsr | |
226 | + undefined, and movsx */ | |
227 | + break; | |
228 | + } | |
229 | + break; | |
230 | + case 12: | |
231 | + if (op & 8) { | |
232 | + /* bswap */ | |
233 | + modrm = 0; | |
234 | + } else { | |
235 | + switch (op & 0x7) { | |
236 | + case 2: | |
237 | + case 4: | |
238 | + case 5: | |
239 | + case 6: | |
240 | + immed = 1; | |
241 | + break; | |
242 | + default: | |
243 | + break; | |
244 | + } | |
245 | + } | |
246 | + break; | |
247 | + } | |
248 | + } else if ((op & 0x07) <= 0x3) { | |
249 | + /* General arithmentic ax. */ | |
250 | + } else if ((op & 0x07) <= 0x5) { | |
251 | + /* General arithmetic ax, immediate. */ | |
252 | + if (op & 0x01) | |
253 | + immed = op_size; | |
254 | + else | |
255 | + immed = 1; | |
256 | + modrm = 0; | |
257 | + } else if ((op & 0x23) == 0x22) { | |
258 | + /* Segment prefix. */ | |
259 | + is_prefix = 1; | |
260 | + } else { | |
261 | + /* Segment register push/pop or DAA/AAA/DAS/AAS. */ | |
262 | + modrm = 0; | |
263 | + } | |
264 | + break; | |
265 | + | |
266 | +#if defined(HOST_X86_64) | |
267 | + case 4: /* rex prefix. */ | |
268 | + is_prefix = 1; | |
269 | + /* The address/operand size is actually 64-bit, but the immediate | |
270 | + values in the instruction are still 32-bit. */ | |
271 | + op_size = 4; | |
272 | + addr_size = 4; | |
273 | + if (op & 8) | |
274 | + seen_rexw = 1; | |
275 | + break; | |
276 | +#else | |
277 | + case 4: /* inc/dec register. */ | |
278 | +#endif | |
279 | + case 5: /* push/pop general register. */ | |
280 | + modrm = 0; | |
281 | + break; | |
282 | + | |
283 | + case 6: | |
284 | + switch (op & 0x0f) { | |
285 | + case 0: /* pusha */ | |
286 | + case 1: /* popa */ | |
287 | + modrm = 0; | |
288 | + break; | |
289 | + case 2: /* bound */ | |
290 | + case 3: /* arpl */ | |
291 | + break; | |
292 | + case 4: /* FS */ | |
293 | + case 5: /* GS */ | |
294 | + is_prefix = 1; | |
295 | + break; | |
296 | + case 6: /* opcode size prefix. */ | |
297 | + op_size = 2; | |
298 | + is_prefix = 1; | |
299 | + break; | |
300 | + case 7: /* Address size prefix. */ | |
301 | + addr_size = 2; | |
302 | + is_prefix = 1; | |
303 | + break; | |
304 | + case 8: /* push immediate */ | |
305 | + immed = op_size; | |
306 | + modrm = 0; | |
307 | + break; | |
308 | + case 10: /* push 8-bit immediate */ | |
309 | + immed = 1; | |
310 | + modrm = 0; | |
311 | + break; | |
312 | + case 9: /* imul immediate */ | |
313 | + immed = op_size; | |
314 | + break; | |
315 | + case 11: /* imul 8-bit immediate */ | |
316 | + immed = 1; | |
317 | + break; | |
318 | + case 12: /* insb */ | |
319 | + case 13: /* insw */ | |
320 | + case 14: /* outsb */ | |
321 | + case 15: /* outsw */ | |
322 | + modrm = 0; | |
323 | + break; | |
324 | + } | |
325 | + break; | |
326 | + | |
327 | + case 7: /* Short conditional jump. */ | |
328 | + is_condjmp = 1; | |
329 | + immed = 1; | |
330 | + modrm = 0; | |
331 | + break; | |
332 | + | |
333 | + case 8: | |
334 | + if ((op & 0xf) <= 3) { | |
335 | + /* arithmetic immediate. */ | |
336 | + if ((op & 3) == 1) | |
337 | + immed = op_size; | |
338 | + else | |
339 | + immed = 1; | |
340 | + } | |
341 | + /* else test, xchg, mov, lea or pop general. */ | |
342 | + break; | |
343 | + | |
344 | + case 9: | |
345 | + /* Various single-byte opcodes with no modrm byte. */ | |
346 | + modrm = 0; | |
347 | + if (op == 10) { | |
348 | + /* Call */ | |
349 | + immed = 4; | |
350 | + } | |
351 | + break; | |
352 | + | |
353 | + case 10: | |
354 | + switch ((op & 0xe) >> 1) { | |
355 | + case 0: /* mov absoliute immediate. */ | |
356 | + case 1: | |
357 | + if (seen_rexw) | |
358 | + immed = 8; | |
359 | + else | |
360 | + immed = addr_size; | |
361 | + break; | |
362 | + case 4: /* test immediate. */ | |
363 | + if (op & 1) | |
364 | + immed = op_size; | |
365 | + else | |
366 | + immed = 1; | |
367 | + break; | |
368 | + default: /* Various string ops. */ | |
369 | + break; | |
370 | + } | |
371 | + modrm = 0; | |
372 | + break; | |
373 | + | |
374 | + case 11: /* move immediate to register */ | |
375 | + if (op & 8) { | |
376 | + if (seen_rexw) | |
377 | + immed = 8; | |
378 | + else | |
379 | + immed = op_size; | |
380 | + } else { | |
381 | + immed = 1; | |
382 | + } | |
383 | + modrm = 0; | |
384 | + break; | |
385 | + | |
386 | + case 12: | |
387 | + switch (op & 0xf) { | |
388 | + case 0: /* shift immediate */ | |
389 | + case 1: | |
390 | + immed = 1; | |
391 | + break; | |
392 | + case 2: /* ret immediate */ | |
393 | + immed = 2; | |
394 | + modrm = 0; | |
395 | + bad_opcode(name, op); | |
396 | + break; | |
397 | + case 3: /* ret */ | |
398 | + modrm = 0; | |
399 | + is_ret = 1; | |
400 | + case 4: /* les */ | |
401 | + case 5: /* lds */ | |
402 | + break; | |
403 | + case 6: /* mov immediate byte */ | |
404 | + immed = 1; | |
405 | + break; | |
406 | + case 7: /* mov immediate */ | |
407 | + immed = op_size; | |
408 | + break; | |
409 | + case 8: /* enter */ | |
410 | + /* TODO: Is this right? */ | |
411 | + immed = 3; | |
412 | + modrm = 0; | |
413 | + break; | |
414 | + case 10: /* retf immediate */ | |
415 | + immed = 2; | |
416 | + modrm = 0; | |
417 | + bad_opcode(name, op); | |
418 | + break; | |
419 | + case 13: /* int */ | |
420 | + immed = 1; | |
421 | + modrm = 0; | |
422 | + break; | |
423 | + case 11: /* retf */ | |
424 | + case 15: /* iret */ | |
425 | + modrm = 0; | |
426 | + bad_opcode(name, op); | |
427 | + break; | |
428 | + default: /* leave, int3 or into */ | |
429 | + modrm = 0; | |
430 | + break; | |
431 | + } | |
432 | + break; | |
433 | + | |
434 | + case 13: | |
435 | + if ((op & 0xf) >= 8) { | |
436 | + /* Coprocessor escape. For our purposes this is just a normal | |
437 | + instruction with a ModR/M byte. */ | |
438 | + } else if ((op & 0xf) >= 4) { | |
439 | + /* AAM, AAD or XLAT */ | |
440 | + modrm = 0; | |
441 | + } | |
442 | + /* else shift instruction */ | |
443 | + break; | |
444 | + | |
445 | + case 14: | |
446 | + switch ((op & 0xc) >> 2) { | |
447 | + case 0: /* loop or jcxz */ | |
448 | + is_condjmp = 1; | |
449 | + immed = 1; | |
450 | + break; | |
451 | + case 1: /* in/out immed */ | |
452 | + immed = 1; | |
453 | + break; | |
454 | + case 2: /* call or jmp */ | |
455 | + switch (op & 3) { | |
456 | + case 0: /* call */ | |
457 | + immed = op_size; | |
458 | + break; | |
459 | + case 1: /* long jump */ | |
460 | + immed = 4; | |
461 | + is_jmp = 1; | |
462 | + break; | |
463 | + case 2: /* far jmp */ | |
464 | + bad_opcode(name, op); | |
465 | + break; | |
466 | + case 3: /* short jmp */ | |
467 | + immed = 1; | |
468 | + is_jmp = 1; | |
469 | + break; | |
470 | + } | |
471 | + break; | |
472 | + case 3: /* in/out register */ | |
473 | + break; | |
474 | + } | |
475 | + modrm = 0; | |
476 | + break; | |
477 | + | |
478 | + case 15: | |
479 | + switch ((op & 0xe) >> 1) { | |
480 | + case 0: | |
481 | + case 1: | |
482 | + is_prefix = 1; | |
483 | + break; | |
484 | + case 2: | |
485 | + case 4: | |
486 | + case 5: | |
487 | + case 6: | |
488 | + modrm = 0; | |
489 | + /* Some privileged insns are used as markers. */ | |
490 | + switch (op) { | |
491 | + case 0xf4: /* hlt: Exit translation block. */ | |
492 | + is_exit = 1; | |
493 | + break; | |
494 | + case 0xfa: /* cli: Jump to label. */ | |
495 | + is_exit = 1; | |
496 | + immed = 4; | |
497 | + break; | |
498 | + case 0xfb: /* sti: TB patch jump. */ | |
499 | + /* Mark the insn for patching, but continue sscanning. */ | |
500 | + flags[insn] |= FLAG_EXIT; | |
501 | + immed = 4; | |
502 | + break; | |
503 | + } | |
504 | + break; | |
505 | + case 3: /* unary grp3 */ | |
506 | + if ((ptr[insn_size] & 0x38) == 0) { | |
507 | + if (op == 0xf7) | |
508 | + immed = op_size; | |
509 | + else | |
510 | + immed = 1; /* test immediate */ | |
511 | + } | |
512 | + break; | |
513 | + case 7: /* inc/dec grp4/5 */ | |
514 | + /* TODO: This includes indirect jumps. We should fail if we | |
515 | + encounter one of these. */ | |
516 | + break; | |
517 | + } | |
518 | + break; | |
519 | + } | |
520 | + } | |
521 | + | |
522 | + if (modrm) { | |
523 | + if (addr_size != 4) | |
524 | + error("16-bit addressing mode used in %s", name); | |
525 | + | |
526 | + disp = 0; | |
527 | + modrm = ptr[insn_size]; | |
528 | + insn_size = eat_bytes(name, flags, insn, insn_size, 1); | |
529 | + modrm &= 0xc7; | |
530 | + switch ((modrm & 0xc0) >> 6) { | |
531 | + case 0: | |
532 | + if (modrm == 5) | |
533 | + disp = 4; | |
534 | + break; | |
535 | + case 1: | |
536 | + disp = 1; | |
537 | + break; | |
538 | + case 2: | |
539 | + disp = 4; | |
540 | + break; | |
541 | + } | |
542 | + if ((modrm & 0xc0) != 0xc0 && (modrm & 0x7) == 4) { | |
543 | + /* SIB byte */ | |
544 | + if (modrm == 4 && (ptr[insn_size] & 0x7) == 5) { | |
545 | + disp = 4; | |
546 | + is_pcrel = 1; | |
547 | + } | |
548 | + insn_size = eat_bytes(name, flags, insn, insn_size, 1); | |
549 | + } | |
550 | + insn_size = eat_bytes(name, flags, insn, insn_size, disp); | |
551 | + } | |
552 | + insn_size = eat_bytes(name, flags, insn, insn_size, immed); | |
553 | + if (is_condjmp || is_jmp) { | |
554 | + if (immed == 1) { | |
555 | + disp = (int8_t)*(ptr + insn_size - 1); | |
556 | + } else { | |
557 | + disp = (((int32_t)*(ptr + insn_size - 1)) << 24) | |
558 | + | (((int32_t)*(ptr + insn_size - 2)) << 16) | |
559 | + | (((int32_t)*(ptr + insn_size - 3)) << 8) | |
560 | + | *(ptr + insn_size - 4); | |
561 | + } | |
562 | + disp += insn_size; | |
563 | + /* Jumps to external symbols point to the address of the offset | |
564 | + before relocation. */ | |
565 | + /* ??? These are probably a tailcall. We could fix them up by | |
566 | + replacing them with jmp to EOB + call, but it's easier to just | |
567 | + prevent the compiler generating them. */ | |
568 | + if (disp == 1) | |
569 | + error("Unconditional jump (sibcall?) in %s", name); | |
570 | + disp += insn; | |
571 | + if (disp < 0 || disp > len) | |
572 | + error("Jump outside instruction in %s", name); | |
573 | + | |
574 | + if ((flags[disp] & (FLAG_INSN | FLAG_SCANNED)) == FLAG_SCANNED) | |
575 | + error("Overlapping instructions in %s", name); | |
576 | + | |
577 | + flags[disp] |= (FLAG_INSN | FLAG_TARGET); | |
578 | + is_pcrel = 1; | |
579 | + } | |
580 | + if (is_pcrel) { | |
581 | + /* Mark the following insn as a jump target. This will stop | |
582 | + this instruction being moved. */ | |
583 | + flags[insn + insn_size] |= FLAG_TARGET; | |
584 | + } | |
585 | + if (is_ret) | |
586 | + flags[insn] |= FLAG_RET; | |
587 | + | |
588 | + if (is_exit) | |
589 | + flags[insn] |= FLAG_EXIT; | |
590 | + | |
591 | + if (!(is_jmp || is_ret || is_exit)) | |
592 | + flags[insn + insn_size] |= FLAG_INSN; | |
593 | +} | |
594 | + | |
595 | +/* Scan a function body. Returns the position of the return sequence. | |
596 | + Sets *patch_bytes to the number of bytes that need to be copied from that | |
597 | + location. If no patching is required (ie. the return is the last insn) | |
598 | + *patch_bytes will be set to -1. *plen is the number of code bytes to copy. | |
599 | + */ | |
600 | +static int trace_i386_op(const char * name, uint8_t *start_p, int *plen, | |
601 | + int *patch_bytes, int *exit_addrs) | |
602 | +{ | |
603 | + char *flags; | |
604 | + int more; | |
605 | + int insn; | |
606 | + int retpos; | |
607 | + int bytes; | |
608 | + int num_exits; | |
609 | + int len; | |
610 | + int last_insn; | |
611 | + | |
612 | + len = *plen; | |
613 | + flags = malloc(len + 1); | |
614 | + memset(flags, 0, len + 1); | |
615 | + flags[0] |= FLAG_INSN; | |
616 | + more = 1; | |
617 | + while (more) { | |
618 | + more = 0; | |
619 | + for (insn = 0; insn < len; insn++) { | |
620 | + if ((flags[insn] & (FLAG_INSN | FLAG_SCANNED)) == FLAG_INSN) { | |
621 | + trace_i386_insn(name, start_p, flags, insn, len); | |
622 | + more = 1; | |
623 | + } | |
624 | + } | |
625 | + } | |
626 | + | |
627 | + /* Strip any unused code at the end of the function. */ | |
628 | + while (len > 0 && flags[len - 1] == 0) | |
629 | + len--; | |
630 | + | |
631 | + retpos = -1; | |
632 | + num_exits = 0; | |
633 | + last_insn = 0; | |
634 | + for (insn = 0; insn < len; insn++) { | |
635 | + if (flags[insn] & FLAG_RET) { | |
636 | + /* ??? In theory it should be possible to handle multiple return | |
637 | + points. In practice it's not worth the effort. */ | |
638 | + if (retpos != -1) | |
639 | + error("Multiple return instructions in %s", name); | |
640 | + retpos = insn; | |
641 | + } | |
642 | + if (flags[insn] & FLAG_EXIT) { | |
643 | + if (num_exits == MAX_EXITS) | |
644 | + error("Too many block exits in %s", name); | |
645 | + exit_addrs[num_exits] = insn; | |
646 | + num_exits++; | |
647 | + } | |
648 | + if (flags[insn] & FLAG_INSN) | |
649 | + last_insn = insn; | |
650 | + } | |
651 | + | |
652 | + exit_addrs[num_exits] = -1; | |
653 | + if (retpos == -1) { | |
654 | + if (num_exits == 0) { | |
655 | + error ("No return instruction found in %s", name); | |
656 | + } else { | |
657 | + retpos = len; | |
658 | + last_insn = len; | |
659 | + } | |
660 | + } | |
661 | + | |
662 | + /* If the return instruction is the last instruction we can just | |
663 | + remove it. */ | |
664 | + if (retpos == last_insn) | |
665 | + *patch_bytes = -1; | |
666 | + else | |
667 | + *patch_bytes = 0; | |
668 | + | |
669 | + /* Back up over any nop instructions. */ | |
670 | + while (retpos > 0 | |
671 | + && (flags[retpos] & FLAG_TARGET) == 0 | |
672 | + && (flags[retpos - 1] & FLAG_INSN) != 0 | |
673 | + && start_p[retpos - 1] == 0x90) { | |
674 | + retpos--; | |
675 | + } | |
676 | + | |
677 | + if (*patch_bytes == -1) { | |
678 | + *plen = retpos; | |
679 | + free (flags); | |
680 | + return retpos; | |
681 | + } | |
682 | + *plen = len; | |
683 | + | |
684 | + /* The ret is in the middle of the function. Find four more bytes that | |
685 | + so the ret can be replaced by a jmp. */ | |
686 | + /* ??? Use a short jump where possible. */ | |
687 | + bytes = 4; | |
688 | + insn = retpos + 1; | |
689 | + /* We can clobber everything up to the next jump target. */ | |
690 | + while (insn < len && bytes > 0 && (flags[insn] & FLAG_TARGET) == 0) { | |
691 | + insn++; | |
692 | + bytes--; | |
693 | + } | |
694 | + if (bytes > 0) { | |
695 | + /* ???: Strip out nop blocks. */ | |
696 | + /* We can't do the replacement without clobbering anything important. | |
697 | + Copy preceeding instructions(s) to give us some space. */ | |
698 | + while (retpos > 0) { | |
699 | + /* If this byte is the target of a jmp we can't move it. */ | |
700 | + if (flags[retpos] & FLAG_TARGET) | |
701 | + break; | |
702 | + | |
703 | + (*patch_bytes)++; | |
704 | + bytes--; | |
705 | + retpos--; | |
706 | + | |
707 | + /* Break out of the loop if we have enough space and this is either | |
708 | + the first byte of an instruction or a pad byte. */ | |
709 | + if ((flags[retpos] & (FLAG_INSN | FLAG_SCANNED)) != FLAG_SCANNED | |
710 | + && bytes <= 0) { | |
711 | + break; | |
712 | + } | |
713 | + } | |
714 | + } | |
715 | + | |
716 | + if (bytes > 0) | |
717 | + error("Unable to replace ret with jmp in %s\n", name); | |
718 | + | |
719 | + free(flags); | |
720 | + return retpos; | |
721 | +} | |
722 | + | |
723 | +#endif | |
724 | + | |
725 | #define MAX_ARGS 3 | |
726 | ||
727 | /* generate op code */ | |
728 | @@ -1356,6 +1996,11 @@ void gen_code(const char *name, host_ulo | |
729 | uint8_t args_present[MAX_ARGS]; | |
730 | const char *sym_name, *p; | |
731 | EXE_RELOC *rel; | |
732 | +#if defined(HOST_I386) || defined(HOST_X86_64) | |
733 | + int patch_bytes; | |
734 | + int retpos; | |
735 | + int exit_addrs[MAX_EXITS]; | |
736 | +#endif | |
737 | ||
738 | /* Compute exact size excluding prologue and epilogue instructions. | |
739 | * Increment start_offset to skip epilogue instructions, then compute | |
740 | @@ -1366,33 +2011,12 @@ void gen_code(const char *name, host_ulo | |
741 | p_end = p_start + size; | |
742 | start_offset = offset; | |
743 | #if defined(HOST_I386) || defined(HOST_X86_64) | |
744 | -#ifdef CONFIG_FORMAT_COFF | |
745 | - { | |
746 | - uint8_t *p; | |
747 | - p = p_end - 1; | |
748 | - if (p == p_start) | |
749 | - error("empty code for %s", name); | |
750 | - while (*p != 0xc3) { | |
751 | - p--; | |
752 | - if (p <= p_start) | |
753 | - error("ret or jmp expected at the end of %s", name); | |
754 | - } | |
755 | - copy_size = p - p_start; | |
756 | - } | |
757 | -#else | |
758 | { | |
759 | int len; | |
760 | len = p_end - p_start; | |
761 | - if (len == 0) | |
762 | - error("empty code for %s", name); | |
763 | - if (p_end[-1] == 0xc3) { | |
764 | - len--; | |
765 | - } else { | |
766 | - error("ret or jmp expected at the end of %s", name); | |
767 | - } | |
768 | + retpos = trace_i386_op(name, p_start, &len, &patch_bytes, exit_addrs); | |
769 | copy_size = len; | |
770 | } | |
771 | -#endif | |
772 | #elif defined(HOST_PPC) | |
773 | { | |
774 | uint8_t *p; | |
775 | @@ -1559,6 +2183,13 @@ void gen_code(const char *name, host_ulo | |
776 | } | |
777 | ||
778 | if (gen_switch == 2) { | |
779 | +#if defined(HOST_I386) || defined(HOST_X86_64) | |
780 | + if (patch_bytes != -1) | |
781 | + copy_size += patch_bytes; | |
782 | +#ifdef DEBUG_OP | |
783 | + copy_size += 2; | |
784 | +#endif | |
785 | +#endif | |
786 | fprintf(outfile, "DEF(%s, %d, %d)\n", name + 3, nb_args, copy_size); | |
787 | } else if (gen_switch == 1) { | |
788 | ||
789 | @@ -1761,7 +2392,43 @@ void gen_code(const char *name, host_ulo | |
790 | #error unsupport object format | |
791 | #endif | |
792 | } | |
793 | + } | |
794 | + /* Replace the marker instructions with the actual opcodes. */ | |
795 | + for (i = 0; exit_addrs[i] != -1; i++) { | |
796 | + int op; | |
797 | + switch (p_start[exit_addrs[i]]) | |
798 | + { | |
799 | + case 0xf4: op = 0xc3; break; /* hlt -> ret */ | |
800 | + case 0xfa: op = 0xe9; break; /* cli -> jmp */ | |
801 | + case 0xfb: op = 0xe9; break; /* sti -> jmp */ | |
802 | + default: error("Internal error"); | |
803 | + } | |
804 | + fprintf(outfile, | |
805 | + " *(uint8_t *)(gen_code_ptr + %d) = 0x%x;\n", | |
806 | + exit_addrs[i], op); | |
807 | } | |
808 | + /* Fix up the return instruction. */ | |
809 | + if (patch_bytes != -1) { | |
810 | + if (patch_bytes) { | |
811 | + fprintf(outfile, " memcpy(gen_code_ptr + %d," | |
812 | + "gen_code_ptr + %d, %d);\n", | |
813 | + copy_size, retpos, patch_bytes); | |
814 | + } | |
815 | + fprintf(outfile, | |
816 | + " *(uint8_t *)(gen_code_ptr + %d) = 0xe9;\n", | |
817 | + retpos); | |
818 | + fprintf(outfile, | |
819 | + " *(uint32_t *)(gen_code_ptr + %d) = 0x%x;\n", | |
820 | + retpos + 1, copy_size - (retpos + 5)); | |
821 | + | |
822 | + copy_size += patch_bytes; | |
823 | + } | |
824 | +#ifdef DEBUG_OP | |
825 | + fprintf(outfile, | |
826 | + " *(uint16_t *)(gen_code_ptr + %d) = 0x9090;\n", | |
827 | + copy_size); | |
828 | + copy_size += 2; | |
829 | +#endif | |
830 | } | |
831 | #elif defined(HOST_X86_64) | |
832 | { | |
833 | @@ -1793,6 +2460,42 @@ void gen_code(const char *name, host_ulo | |
834 | } | |
835 | } | |
836 | } | |
837 | + /* Replace the marker instructions with the actual opcodes. */ | |
838 | + for (i = 0; exit_addrs[i] != -1; i++) { | |
839 | + int op; | |
840 | + switch (p_start[exit_addrs[i]]) | |
841 | + { | |
842 | + case 0xf4: op = 0xc3; break; /* hlt -> ret */ | |
843 | + case 0xfa: op = 0xe9; break; /* cli -> jmp */ | |
844 | + case 0xfb: op = 0xe9; break; /* sti -> jmp */ | |
845 | + default: error("Internal error"); | |
846 | + } | |
847 | + fprintf(outfile, | |
848 | + " *(uint8_t *)(gen_code_ptr + %d) = 0x%x;\n", | |
849 | + exit_addrs[i], op); | |
850 | + } | |
851 | + /* Fix up the return instruction. */ | |
852 | + if (patch_bytes != -1) { | |
853 | + if (patch_bytes) { | |
854 | + fprintf(outfile, " memcpy(gen_code_ptr + %d," | |
855 | + "gen_code_ptr + %d, %d);\n", | |
856 | + copy_size, retpos, patch_bytes); | |
857 | + } | |
858 | + fprintf(outfile, | |
859 | + " *(uint8_t *)(gen_code_ptr + %d) = 0xe9;\n", | |
860 | + retpos); | |
861 | + fprintf(outfile, | |
862 | + " *(uint32_t *)(gen_code_ptr + %d) = 0x%x;\n", | |
863 | + retpos + 1, copy_size - (retpos + 5)); | |
864 | + | |
865 | + copy_size += patch_bytes; | |
866 | + } | |
867 | +#ifdef DEBUG_OP | |
868 | + fprintf(outfile, | |
869 | + " *(uint16_t *)(gen_code_ptr + %d) = 0x9090;\n", | |
870 | + copy_size); | |
871 | + copy_size += 2; | |
872 | +#endif | |
873 | } | |
874 | #elif defined(HOST_PPC) | |
875 | { | |
876 | --- qemu-0.7.0/exec-all.h.gcc4 2005-04-27 22:52:05.000000000 +0200 | |
877 | +++ qemu-0.7.0/exec-all.h 2005-06-02 21:41:51.000000000 +0200 | |
878 | @@ -335,14 +335,15 @@ do {\ | |
879 | ||
880 | #elif defined(__i386__) && defined(USE_DIRECT_JUMP) | |
881 | ||
882 | -/* we patch the jump instruction directly */ | |
883 | +/* we patch the jump instruction directly. Use sti in place of the actual | |
884 | + jmp instruction so that dyngen can patch in the correct result. */ | |
885 | #define GOTO_TB(opname, tbparam, n)\ | |
886 | do {\ | |
887 | asm volatile (".section .data\n"\ | |
888 | ASM_OP_LABEL_NAME(n, opname) ":\n"\ | |
889 | ".long 1f\n"\ | |
890 | ASM_PREVIOUS_SECTION \ | |
891 | - "jmp " ASM_NAME(__op_jmp) #n "\n"\ | |
892 | + "sti;.long " ASM_NAME(__op_jmp) #n " - 1f\n"\ | |
893 | "1:\n");\ | |
894 | } while (0) | |
895 |