| blob | f28c3f338bffe6fbf0ab84d250cf9efa8b669383 |
2 /*--------------------------------------------------------------------*/
3 /*--- Management of the translation table and cache. ---*/
4 /*--- m_transtab.c ---*/
5 /*--------------------------------------------------------------------*/
7 /*
8 This file is part of Valgrind, a dynamic binary instrumentation
9 framework.
11 Copyright (C) 2000-2013 Julian Seward
12 jseward@acm.org
14 This program is free software; you can redistribute it and/or
15 modify it under the terms of the GNU General Public License as
16 published by the Free Software Foundation; either version 2 of the
17 License, or (at your option) any later version.
19 This program is distributed in the hope that it will be useful, but
20 WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22 General Public License for more details.
24 You should have received a copy of the GNU General Public License
25 along with this program; if not, write to the Free Software
26 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
27 02111-1307, USA.
29 The GNU General Public License is contained in the file COPYING.
30 */
49 #define DEBUG_TRANSTAB 0
52 /*-------------------------------------------------------------*/
53 /*--- Management of the FIFO-based translation table+cache. ---*/
54 /*-------------------------------------------------------------*/
56 /* Nr of sectors provided via command line parameter. */
58 /* Nr of sectors.
59 Will be set by VG_(init_tt_tc) to VG_(clo_num_transtab_sectors). */
62 /* Average size of a transtab code entry. 0 means to use the tool
63 provided default. */
66 /*------------------ CONSTANTS ------------------*/
67 /* Number of TC entries in each sector. This needs to be a prime
68 number to work properly, it must be <= 65535 (so that a TT index
69 fits in a UShort, leaving room for 0xFFFF(EC2TTE_DELETED) to denote
70 'deleted') and it is strongly recommended not to change this.
71 65521 is the largest prime <= 65535. */
74 /* Because each sector contains a hash table of TTEntries, we need to
75 specify the maximum allowable loading, after which the sector is
76 deemed full. */
77 #define SECTOR_TT_LIMIT_PERCENT 65
79 /* The sector is deemed full when this many entries are in it. */
80 #define N_TTES_PER_SECTOR_USABLE \
81 ((N_TTES_PER_SECTOR * SECTOR_TT_LIMIT_PERCENT) / 100)
83 /* Equivalence classes for fast address range deletion. There are 1 +
84 2^ECLASS_WIDTH bins. The highest one, ECLASS_MISC, describes an
85 address range which does not fall cleanly within any specific bin.
86 Note that ECLASS_SHIFT + ECLASS_WIDTH must be < 32. */
87 #define ECLASS_SHIFT 11
88 #define ECLASS_WIDTH 8
89 #define ECLASS_MISC (1 << ECLASS_WIDTH)
90 #define ECLASS_N (1 + ECLASS_MISC)
95 /*------------------ TYPES ------------------*/
97 /* In edges ("to-me") in the graph created by chaining. */
98 typedef
104 }
105 InEdge;
108 /* Out edges ("from-me") in the graph created by chaining. */
109 typedef
114 }
115 OutEdge;
118 #define N_FIXED_IN_EDGE_ARR 3
119 typedef
124 }
125 InEdgeArr;
127 #define N_FIXED_OUT_EDGE_ARR 2
128 typedef
133 }
134 OutEdgeArr;
137 /* A translation-table entry. This indicates precisely which areas of
138 guest code are included in the translation, and contains all other
139 auxiliary info too. */
140 typedef
142 /* Profiling only: the count and weight (arbitrary meaning) for
143 this translation. Weight is a property of the translation
144 itself and computed once when the translation is created.
145 Count is an entry count for the translation and is
146 incremented by 1 every time the translation is used, if we
147 are profiling. */
148 ULong count;
149 UShort weight;
151 /* Status of the slot. Note, we need to be able to do lazy
152 deletion, hence the Deleted state. */
155 /* 64-bit aligned pointer to one or more 64-bit words containing
156 the corresponding host code (must be in the same sector!)
157 This is a pointer into the sector's tc (code) area. */
160 /* This is the original guest address that purportedly is the
161 entry point of the translation. You might think that .entry
162 should be the same as .vge->base[0], and most of the time it
163 is. However, when doing redirections, that is not the case.
164 .vge must always correctly describe the guest code sections
165 from which this translation was made. However, .entry may or
166 may not be a lie, depending on whether or not we're doing
167 redirection. */
168 Addr entry;
170 /* This structure describes precisely what ranges of guest code
171 the translation covers, so we can decide whether or not to
172 delete it when translations of a given address range are
173 invalidated. */
174 VexGuestExtents vge;
176 /* Address range summary info: these are pointers back to
177 eclass[] entries in the containing Sector. Those entries in
178 turn point back here -- the two structures are mutually
179 redundant but both necessary to make fast deletions work.
180 The eclass info is similar to, and derived from, this entry's
181 'vge' field, but it is not the same */
185 // for i in 0 .. n_tte2ec-1
186 // sec->ec2tte[ tte2ec_ec[i] ][ tte2ec_ix[i] ]
187 // should be the index
188 // of this TTEntry in the containing Sector's tt array.
190 /* Admin information for chaining. 'in_edges' is a set of the
191 patch points which jump to this translation -- hence are
192 predecessors in the control flow graph. 'out_edges' points
193 to successors in the control flow graph -- translations to
194 which this one has a patched jump. In short these are just
195 backwards and forwards edges in the graph of patched-together
196 blocks. The 'in_edges' contain slightly more info, enough
197 that we can undo the chaining of each mentioned patch point.
198 The 'out_edges' list exists only so that we can visit the
199 'in_edges' entries of all blocks we're patched through to, in
200 order to remove ourselves from then when we're deleted. */
202 /* A translation can disappear for two reasons:
203 1. erased (as part of the oldest sector cleanup) when the
204 youngest sector is full.
205 2. discarded due to calls to VG_(discard_translations).
206 VG_(discard_translations) sets the status of the
207 translation to 'Deleted'.
208 A.o., the gdbserver discards one or more translations
209 when a breakpoint is inserted or removed at an Addr,
210 or when single stepping mode is enabled/disabled
211 or when a translation is instrumented for gdbserver
212 (all the target jumps of this translation are
213 invalidated).
215 So, it is possible that the translation A to be patched
216 (to obtain a patched jump from A to B) is invalidated
217 after B is translated and before A is patched.
218 In case a translation is erased or discarded, the patching
219 cannot be done. VG_(tt_tc_do_chaining) and find_TTEntry_from_hcode
220 are checking the 'from' translation still exists before
221 doing the patching.
223 Is it safe to erase or discard the current translation E being
224 executed ? Amazing, but yes, it is safe.
225 Here is the explanation:
227 The translation E being executed can only be erased if a new
228 translation N is being done. A new translation is done only
229 if the host addr is a not yet patched jump to another
230 translation. In such a case, the guest address of N is
231 assigned to the PC in the VEX state. Control is returned
232 to the scheduler. N will be translated. This can erase the
233 translation E (in case of sector full). VG_(tt_tc_do_chaining)
234 will not do the chaining to a non found translation E.
235 The execution will continue at the current guest PC
236 (i.e. the translation N).
237 => it is safe to erase the current translation being executed.
239 The current translation E being executed can also be discarded
240 (e.g. by gdbserver). VG_(discard_translations) will mark
241 this translation E as Deleted, but the translation itself
242 is not erased. In particular, its host code can only
243 be overwritten or erased in case a new translation is done.
244 A new translation will only be done if a not yet translated
245 jump is to be executed. The execution of the Deleted translation
246 E will continue till a non patched jump is encountered.
247 This situation is then similar to the 'erasing' case above :
248 the current translation E can be erased or overwritten, as the
249 execution will continue at the new translation N.
251 */
253 /* It is possible, although very unlikely, that a block A has
254 more than one patched jump to block B. This could happen if
255 (eg) A finishes "jcond B; jmp B".
257 This means in turn that B's in_edges set can list A more than
258 once (twice in this example). However, each such entry must
259 have a different from_offs, since a patched jump can only
260 jump to one place at once (it's meaningless for it to have
261 multiple destinations.) IOW, the successor and predecessor
262 edges in the graph are not uniquely determined by a
263 TTEntry --> TTEntry pair, but rather by a
264 (TTEntry,offset) --> TTEntry triple.
266 If A has multiple edges to B then B will mention A multiple
267 times in its in_edges. To make things simpler, we then
268 require that A mentions B exactly the same number of times in
269 its out_edges. Furthermore, a matching out-in pair must have
270 the same offset (from_offs). This facilitates sanity
271 checking, and it facilitates establishing the invariant that
272 a out_edges set may not have duplicates when using the
273 equality defined by (TTEntry,offset). Hence the out_edges
274 and in_edges sets really do have both have set semantics.
276 eg if A has been patched to B at offsets 42 and 87 (in A)
277 then A.out_edges = { (B,42), (B,87) } (in any order)
278 and B.in_edges = { (A,42), (A,87) } (in any order)
280 Hence for each node pair P->Q in the graph, there's a 1:1
281 mapping between P.out_edges and Q.in_edges.
282 */
283 InEdgeArr in_edges;
284 OutEdgeArr out_edges;
285 }
286 TTEntry;
289 /* A structure used for mapping host code addresses back to the
290 relevant TTEntry. Used when doing chaining, for finding the
291 TTEntry to which some arbitrary patch address belongs. */
292 typedef
295 UInt len;
296 UInt tteNo;
297 }
298 HostExtent;
300 /* Finally, a sector itself. Each sector contains an array of
301 TCEntries, which hold code, and an array of TTEntries, containing
302 all required administrative info. Profiling is supported using the
303 TTEntry .count and .weight fields, if required.
305 If the sector is not in use, all three pointers are NULL and
306 tt_n_inuse is zero.
307 */
308 typedef
310 /* The TCEntry area. Size of this depends on the average
311 translation size. We try and size it so it becomes full
312 precisely when this sector's translation table (tt) reaches
313 its load limit (SECTOR_TT_LIMIT_PERCENT). */
316 /* The TTEntry array. This is a fixed size, always containing
317 exactly N_TTES_PER_SECTOR entries. */
320 /* This points to the current allocation point in tc. */
323 /* The count of tt entries with state InUse. */
324 Int tt_n_inuse;
326 /* Expandable arrays of tt indices for each of the ECLASS_N
327 address range equivalence classes. These hold indices into
328 the containing sector's tt array, which in turn should point
329 back here. */
334 /* The host extents. The [start, +len) ranges are constructed
335 in strictly non-overlapping order, so we can binary search
336 them at any time. */
338 }
339 Sector;
342 /*------------------ DECLS ------------------*/
344 /* The root data structure is an array of sectors. The index of the
345 youngest sector is recorded, and new translations are put into that
346 sector. When it fills up, we move along to the next sector and
347 start to fill that up, wrapping around at the end of the array.
348 That way, once all N_TC_SECTORS have been bought into use for the
349 first time, and are full, we then re-use the oldest sector,
350 endlessly.
352 When running, youngest sector should be between >= 0 and <
353 N_TC_SECTORS. The initial -1 value indicates the TT/TC system is
354 not yet initialised.
355 */
359 /* The number of ULongs in each TCEntry area. This is computed once
360 at startup and does not change. */
364 /* A list of sector numbers, in the order which they should be
365 searched to find translations. This is an optimisation to be used
366 when searching for translations and should not affect
367 correctness. -1 denotes "no entry". */
371 /* Fast helper for the TC. A direct-mapped cache which holds a set of
372 recently used (guest address, host address) pairs. This array is
373 referred to directly from m_dispatch/dispatch-<platform>.S.
375 Entries in tt_fast may refer to any valid TC entry, regardless of
376 which sector it's in. Consequently we must be very careful to
377 invalidate this cache when TC entries are changed or disappear.
379 A special .guest address - TRANSTAB_BOGUS_GUEST_ADDR -- must be
380 pointed at to cause that cache entry to miss. This relies on the
381 assumption that no guest code actually has that address, hence a
382 value 0x1 seems good. m_translate gives the client a synthetic
383 segfault if it tries to execute at this address.
384 */
385 /*
386 typedef
387 struct {
388 Addr guest;
389 Addr host;
390 }
391 FastCacheEntry;
392 */
396 /* Make sure we're not used before initialisation. */
400 /*------------------ STATS DECLS ------------------*/
402 /* Number of fast-cache updates and flushes done. */
406 /* Number of full lookups done. */
410 /* Number/osize/tsize of translations entered; also the number of
411 those for which self-checking was requested. */
417 /* Number/osize of translations discarded due to lack of space. */
422 /* Number/osize of translations discarded due to requests to do so. */
427 /*-------------------------------------------------------------*/
428 /*--- Misc ---*/
429 /*-------------------------------------------------------------*/
432 {
434 }
437 {
439 }
442 /*-------------------------------------------------------------*/
443 /*--- Chaining support ---*/
444 /*-------------------------------------------------------------*/
447 {
455 }
458 {
463 }
466 {
470 }
473 {
475 }
478 {
485 }
486 }
489 {
497 }
498 }
500 static
502 {
509 }
510 }
512 static
514 {
522 }
524 }
525 }
527 static
529 {
536 /* The fixed array is full, so we have to initialise an
537 XArray and copy the fixed array into it. */
539 ttaux_free,
541 UWord i;
544 }
548 /* Just add to the fixed array. */
550 }
551 }
552 }
555 {
562 }
563 }
566 {
574 }
575 }
577 static
579 {
586 }
587 }
589 static
591 {
599 }
601 }
602 }
604 static
606 {
613 /* The fixed array is full, so we have to initialise an
614 XArray and copy the fixed array into it. */
616 ttaux_free,
618 UWord i;
621 }
625 /* Just add to the fixed array. */
627 }
628 }
629 }
631 static
633 {
639 }
641 /* True if hx is a dead host extent, i.e. corresponds to host code
642 of an entry that was invalidated. */
643 static
645 {
647 #define LDEBUG(m) if (DEBUG_TRANSTAB) \
648 VG_(printf) (m \
651 hx->start, hx->len, (int)(sec - sectors), \
652 hx->tteNo, \
653 sec->tt[tteNo].entry, sec->tt[tteNo].tcptr)
655 /* Entry might have been invalidated and not re-used yet.*/
659 }
660 /* Maybe we found this entry via a host_extents which was
661 inserted for an entry which was changed to Deleted then
662 re-used after. If this entry was re-used, then its tcptr
663 is >= to host_extents start (i.e. the previous tcptr) + len.
664 This is the case as there is no re-use of host code: a new
665 entry or re-used entry always gets "higher value" host code. */
669 }
672 #undef LDEBUG
673 }
679 {
680 Int i;
682 /* Search order logic copied from VG_(search_transtab). */
692 HostExtent key;
699 HostExtent__cmpOrd );
704 /* Do some additional sanity checks. */
707 /* if this hx entry corresponds to dead host code, we must
708 tell this code has not been found, as it cannot be patched. */
713 /* Can only half check that the found TTEntry contains hcode,
714 due to not having a length value for the hcode in the
715 TTEntry. */
717 /* Looks plausible */
721 }
722 }
724 }
727 /* Figure out whether or not hcode is jitted code present in the main
728 code cache (but not in the no-redir cache). Used for sanity
729 checking. */
731 {
741 }
743 }
746 /* Fulfill a chaining request, and record admin info so we
747 can undo it later, if required.
748 */
750 UInt to_sNo,
751 UInt to_tteNo,
752 Bool to_fastEP )
753 {
754 /* Get the CPU info established at startup. */
756 VexArchInfo archinfo_host;
761 // host_code is where we're patching to. So it needs to
762 // take into account, whether we're jumping to the slow
763 // or fast entry point. By definition, the fast entry point
764 // is exactly one event check's worth of code along from
765 // the slow (tcptr) entry point.
770 // stay sane -- the patch point (dst) is in this sector's code cache
775 /* Find the TTEntry for the from__ code. This isn't simple since
776 we only know the patch address, which is going to be somewhere
777 inside the from_ block. */
780 Bool from_found
782 from__patch_addr );
784 // The from code might have been discarded due to sector re-use
785 // or marked Deleted due to translation invalidation.
786 // In such a case, don't do the chaining.
788 "host code %p not found (discarded? sector recycled?)"
790 from__patch_addr);
792 }
796 /* Get VEX to do the patching itself. We have to hand it off
797 since it is host-dependent. */
798 VexInvalRange vir
801 from__patch_addr,
806 );
809 /* Now do the tricky bit -- update the ch_succs and ch_preds info
810 for the two translations involved, so we can undo the chaining
811 later, which we will have to do if the to_ block gets removed
812 for whatever reason. */
814 /* This is the new from_ -> to_ link to add. */
815 InEdge ie;
825 /* This is the new to_ -> from_ backlink to add. */
826 OutEdge oe;
832 /* Add .. */
835 }
838 /* Unchain one patch, as described by the specified InEdge. For
839 sanity check purposes only (to check that the patched location is
840 as expected) it also requires the fast and slow entry point
841 addresses of the destination block (that is, the block that owns
842 this InEdge). */
847 {
849 TTEntry* tte
851 UChar* place_to_patch
853 UChar* disp_cp_chain_me
857 );
858 UChar* place_to_jump_to_EXPECTED
861 // stay sane: both src and dst for this unchaining are
862 // in the main code cache
865 // dst check is ok because LibVEX_UnChain checks that
866 // place_to_jump_to_EXPECTED really is the current dst, and
867 // asserts if it isn't.
868 VexInvalRange vir
872 }
875 /* The specified block is about to be deleted. Update the preds and
876 succs of its associated blocks accordingly. This includes undoing
877 any chained jumps to this block. */
878 static
880 VexEndness endness_host,
882 {
893 /* Visit all InEdges owned by here_tte. */
897 // Undo the chaining.
901 // Find the corresponding entry in the "from" node's out_edges,
902 // and remove it.
911 }
914 }
916 /* Visit all OutEdges owned by here_tte. */
920 // Find the corresponding entry in the "to" node's in_edges,
921 // and remove it.
930 }
933 }
937 }
940 /*-------------------------------------------------------------*/
941 /*--- Address-range equivalence class stuff ---*/
942 /*-------------------------------------------------------------*/
944 /* Return equivalence class number for a range. */
947 {
958 }
959 }
962 /* Calculates the equivalence class numbers for any VexGuestExtent.
963 These are written in *eclasses, which must be big enough to hold 3
964 Ints. The number written, between 1 and 3, is returned. The
965 eclasses are presented in order, and any duplicates are removed.
966 */
968 static
971 {
973 # define SWAP(_lv1,_lv2) \
974 do { Int t = _lv1; _lv1 = _lv2; _lv2 = t; } while (0)
985 /* only add if we haven't already seen it */
991 }
997 /* sort */
1001 }
1004 /* sort */
1012 }
1014 /* NOTREACHED */
1017 bad:
1021 # undef SWAP
1022 }
1025 /* Add tteno to the set of entries listed for equivalence class ec in
1026 this sector. Returns used location in eclass array. */
1028 static
1030 {
1056 }
1058 /* Common case */
1063 }
1066 /* 'vge' is being added to 'sec' at TT entry 'tteno'. Add appropriate
1067 eclass entries to 'sec'. */
1069 static
1071 {
1085 }
1086 }
1089 /* Check the eclass info in 'sec' to ensure it is consistent. Returns
1090 True if OK, False if something's not right. Expensive. */
1093 {
1094 # define BAD(_str) do { whassup = (_str); goto bad; } while (0)
1099 UShort tteno;
1102 /* Basic checks on this sector */
1109 /* For each eclass ... */
1121 /* For each tt reference in each eclass .. ensure the reference
1122 is to a valid tt entry, and that the entry's address ranges
1123 really include this eclass. */
1136 /* Exactly least one of tte->eclasses[0 .. tte->n_eclasses-1]
1137 must equal i. Inspect tte's eclass info. */
1152 n++;
1153 }
1156 }
1157 }
1159 /* That establishes that for each forward pointer from TTEntrys
1160 there is a corresponding backward pointer from the eclass[]
1161 arrays. However, it doesn't rule out the possibility of other,
1162 bogus pointers in the eclass[] arrays. So do those similarly:
1163 scan through them and check the TTEntryies they point at point
1164 back. */
1173 }
1189 }
1190 }
1194 bad:
1198 # if 0
1205 }
1209 }
1210 # endif
1214 # undef BAD
1215 }
1218 /* Sanity check absolutely everything. True == check passed. */
1220 /* forwards */
1224 {
1226 /* assert the array is the right size */
1229 /* Check it's of the form valid_sector_numbers ++ [-1, -1, ..] */
1233 }
1238 }
1241 /* Check each sector number only appears once */
1248 }
1249 }
1250 /* Check that the number of listed sectors equals the number
1251 in use, by counting nListed back down. */
1254 nListed--;
1255 }
1259 }
1262 {
1263 Int sno;
1264 Bool sane;
1267 Int i;
1269 Int szhxa;
1280 nr_not_dead_hx++;
1281 }
1287 }
1288 }
1295 }
1299 /*-------------------------------------------------------------*/
1300 /*--- Add/find translations ---*/
1301 /*-------------------------------------------------------------*/
1304 {
1309 }
1312 {
1316 }
1319 {
1327 }
1330 {
1334 n_fast_updates++;
1335 /* This shouldn't fail. It should be assured by m_translate
1336 which should reject any attempt to make translation of code
1337 starting at TRANSTAB_BOGUS_GUEST_ADDR. */
1339 }
1341 /* Invalidate the fast cache VG_(tt_fast). */
1343 {
1344 UInt j;
1345 /* This loop is popular enough to make it worth unrolling a
1346 bit, at least on ppc32. */
1353 }
1356 n_fast_flushes++;
1357 }
1360 {
1361 Int i;
1362 SysRes sres;
1368 }
1373 /* Sector has never been used before. Need to allocate tt and
1374 tc. */
1382 }
1392 /*NOTREACHED*/
1393 }
1401 /*NOTREACHED*/
1402 }
1408 }
1410 /* Set up the host_extents array. */
1411 sec->host_extents
1413 ttaux_free,
1416 /* Add an entry in the sector_search_order */
1420 }
1429 /* Sector has been used before. Dump the old contents. */
1432 n_sectors_recycled++;
1439 VexArchInfo archinfo_host;
1444 /* Visit each just-about-to-be-abandoned translation. */
1446 sno);
1452 /* Tell the tool too. */
1457 }
1462 }
1465 }
1467 sno);
1469 /* Free up the eclass structures. */
1480 }
1481 }
1483 /* Empty out the host extents array. */
1488 /* Sanity check: ensure it is already in
1489 sector_search_order[]. */
1493 }
1498 }
1507 }
1508 }
1511 /* Add a translation of vge to TT/TC. The translation is temporarily
1512 in code[0 .. code_len-1].
1514 pre: youngest_sector points to a valid (although possibly full)
1515 sector.
1516 */
1518 Addr entry,
1519 Addr code,
1520 UInt code_len,
1521 Bool is_self_checking,
1522 Int offs_profInc,
1523 UInt n_guest_instrs )
1524 {
1533 /* 60000: should agree with N_TMPBUF in m_translate.c. */
1536 /* Generally stay sane */
1543 n_in_count++;
1547 n_in_sc_count++;
1555 /* Try putting the translation in this sector. */
1558 /* Will it fit in tc? */
1566 /* No. So move on to the next sector. Either it's never been
1567 used before, in which case it will get its tt/tc allocated
1568 now, or it has been used before, in which case it is set to be
1569 empty, hence throwing out the oldest sector. */
1577 "declare sector %d full "
1581 }
1582 youngest_sector++;
1587 }
1589 /* Be sure ... */
1598 /* Copy into tc. */
1609 /* more paranoia */
1614 /* Find an empty tt slot, and use it. There must be such a slot
1615 since tt is never allowed to get completely full. */
1622 i++;
1625 }
1635 /* Patch in the profile counter location, if necessary. */
1639 VexArchInfo archinfo_host;
1643 VexInvalRange vir
1648 }
1652 /* Add this entry to the host_extents map, checking that we're
1653 adding in order. */
1665 }
1670 }
1672 /* Update the fast-cache. */
1675 /* Note the eclass numbers for this translation. */
1677 }
1680 /* Search for the translation of the given guest address. If
1681 requested, a successful search can also cause the fast-caches to be
1682 updated.
1683 */
1687 Addr guest_addr,
1688 Bool upd_cache )
1689 {
1693 /* Find the initial probe point just once. It will be the same in
1694 all sectors and avoids multiple expensive % operations. */
1695 n_full_lookups++;
1700 /* Search in all the sectors,using sector_search_order[] as a
1701 heuristic guide as to what order to visit the sectors. */
1710 n_lookup_probes++;
1713 /* found it */
1723 /* pull this one one step closer to the front. For large
1724 apps this more or less halves the number of required
1725 probes. */
1730 }
1732 }
1735 k++;
1738 }
1740 /* If we fall off the end, all entries are InUse and not
1741 matching, or Deleted. In any case we did not find it in this
1742 sector. */
1743 }
1745 /* Not found in any sector. */
1747 }
1750 /*-------------------------------------------------------------*/
1751 /*--- Delete translations. ---*/
1752 /*-------------------------------------------------------------*/
1754 /* forward */
1757 /* Stuff for deleting translations which intersect with a given
1758 address range. Unfortunately, to make this run at a reasonable
1759 speed, it is complex. */
1763 {
1769 }
1773 {
1785 }
1788 /* Delete a tt entry, and update all the eclass data accordingly. */
1792 {
1796 /* sec and secNo are mutually redundant; cross-check. */
1804 /* Unchain .. */
1807 /* Deal with the ec-to-tte links first. */
1814 /* Assert that the two links point at each other. */
1816 /* "delete" the pointer back to here. */
1818 }
1820 /* Now fix up this TTEntry. */
1824 /* Stats .. */
1826 n_disc_count++;
1829 /* Tell the tool too. */
1834 }
1835 }
1838 /* Delete translations from sec which intersect specified range, but
1839 only consider translations in the specified eclass. */
1841 static
1844 Int ec,
1845 VexArch arch_host,
1846 VexEndness endness_host )
1847 {
1848 Int i;
1849 UShort tteno;
1859 /* already deleted */
1861 }
1871 }
1873 }
1876 }
1879 /* Delete translations from sec which intersect specified range, the
1880 slow way, by inspecting all translations in sec. */
1882 static
1885 VexArch arch_host,
1886 VexEndness endness_host )
1887 {
1888 Int i;
1896 }
1897 }
1900 }
1905 {
1916 /* Pre-deletion sanity check */
1920 }
1926 VexArchInfo archinfo_host;
1931 /* There are two different ways to do this.
1933 If the range fits within a single address-range equivalence
1934 class, as will be the case for a cache line sized invalidation,
1935 then we only have to inspect the set of translations listed in
1936 that equivalence class, and also in the "sin-bin" equivalence
1937 class ECLASS_MISC.
1939 Otherwise, the invalidation is of a larger range and probably
1940 results from munmap. In this case it's (probably!) faster just
1941 to inspect all translations, dump those we don't want, and
1942 regenerate the equivalence class information (since modifying it
1943 in-situ is even more expensive).
1944 */
1946 /* First off, figure out if the range falls within a single class,
1947 and if so which one. */
1953 /* if ec is ECLASS_MISC then we aren't looking at just a single
1954 class, so use the slow scheme. Else use the fast scheme,
1955 examining 'ec' and ECLASS_MISC. */
1962 /* Fast scheme */
1971 arch_host, endness_host
1972 );
1975 arch_host, endness_host
1976 );
1977 }
1981 /* slow scheme */
1992 arch_host, endness_host
1993 );
1994 }
1996 }
2001 /* don't forget the no-redir cache */
2004 /* Post-deletion sanity check */
2006 Int i;
2010 /* But now, also check the requested address range isn't
2011 present anywhere. */
2021 }
2022 }
2023 }
2024 }
2026 /* Whether or not tools may discard translations. */
2029 /* This function is exported to tools which can use it to discard
2030 translations, provided it is safe to do so. */
2033 {
2036 }
2038 /*------------------------------------------------------------*/
2039 /*--- AUXILIARY: the unredirected TT/TC ---*/
2040 /*------------------------------------------------------------*/
2042 /* A very simple translation cache which holds a small number of
2043 unredirected translations. This is completely independent of the
2044 main tt/tc structures. When unredir_tc or unredir_tt becomes full,
2045 both structures are simply dumped and we start over.
2047 Since these translations are unredirected, the search key is (by
2048 definition) the first address entry in the .vge field. */
2050 /* Sized to hold 500 translations of average size 1000 bytes. */
2052 #define UNREDIR_SZB 1000
2054 #define N_UNREDIR_TT 500
2055 #define N_UNREDIR_TCQ (N_UNREDIR_TT * UNREDIR_SZB / sizeof(ULong))
2057 typedef
2059 VexGuestExtents vge;
2060 Addr hcode;
2061 Bool inUse;
2062 }
2063 UTCEntry;
2065 /* We just allocate forwards in _tc, never deleting. */
2069 /* Slots in _tt can come into use and out again (.inUse).
2070 Nevertheless _tt_highwater is maintained so that invalidations
2071 don't have to scan all the slots when only a few are in use.
2072 _tt_highwater holds the index of the highest ever allocated
2073 slot. */
2079 {
2080 Int i;
2087 /*NOTREACHED*/
2088 }
2090 }
2095 }
2097 /* Do a sanity check; return False on failure. */
2099 {
2100 Int i;
2112 }
2115 /* Add an UNREDIRECTED translation of vge to TT/TC. The translation
2116 is temporarily in code[0 .. code_len-1].
2117 */
2119 Addr entry,
2120 Addr code,
2121 UInt code_len )
2122 {
2128 /* This is the whole point: it's not redirected! */
2131 /* How many unredir_tt slots are needed */
2134 /* Look for an empty unredir_tc slot */
2140 /* It's full; dump everything we currently have */
2143 }
2171 }
2174 Addr guest_addr )
2175 {
2176 Int i;
2183 }
2184 }
2186 }
2189 {
2190 Int i;
2198 }
2199 }
2202 /*------------------------------------------------------------*/
2203 /*--- Initialisation. ---*/
2204 /*------------------------------------------------------------*/
2207 {
2213 /* Otherwise lots of things go wrong... */
2215 /* check fast cache entries really are 2 words long */
2218 /* check fast cache entries are packed back-to-back with no spaces */
2220 /* check fast cache is aligned as we requested. Not fatal if it
2221 isn't, but we might as well make sure. */
2226 "TT/TC: VG_(init_tt_tc) "
2229 /* Figure out how big each tc area should be. */
2232 else
2236 /* Ensure the calculated value is not way crazy. */
2244 /* Initialise the sectors, even the ones we aren't going to use.
2245 Set all fields to zero. */
2250 /* Initialise the sector_search_order hint table, including the
2251 entries we aren't going to use. */
2255 /* Initialise the fast cache. */
2258 /* and the unredir tt/tc */
2264 "TT/TC: cache: %s--avg-transtab-entry-size=%d, "
2279 "TT/TC: table: %d entries each = %d total entries"
2281 N_TTES_PER_SECTOR,
2284 SECTOR_TT_LIMIT_PERCENT );
2285 }
2286 }
2289 /*------------------------------------------------------------*/
2290 /*--- Printing out statistics. ---*/
2291 /*------------------------------------------------------------*/
2294 {
2296 }
2299 {
2301 }
2304 {
2313 " transtab: new %'lld "
2314 "(%'llu -> %'llu; ratio %'llu:10) [%'llu scs] "
2318 n_in_sc_count,
2329 Int i;
2335 }
2337 }
2338 }
2340 /*------------------------------------------------------------*/
2341 /*--- Printing out of profiling results. ---*/
2342 /*------------------------------------------------------------*/
2345 {
2347 }
2350 {
2352 ULong score_total;
2354 /* First, compute the total weighted count, and find the top N
2355 ttes. tops contains pointers to the most-used n_tops blocks, in
2356 descending order (viz, tops[0] is the highest scorer). */
2360 }
2371 /* Find the rank for sectors[sno].tt[i]. */
2377 r--;
2379 }
2381 r--;
2383 }
2385 }
2386 r++;
2388 /* This bb should be placed at r, and bbs above it shifted
2389 upwards one slot. */
2395 }
2396 }
2397 }
2399 /* Now zero out all the counter fields, so that we can make
2400 multiple calls here and just get the values since the last call,
2401 each time, rather than values accumulated for the whole run. */
2409 }
2410 }
2413 }
2415 /*--------------------------------------------------------------------*/
2416 /*--- end ---*/
2417 /*--------------------------------------------------------------------*/