| blob | e9cfd0260ff8f2ee45d2bfcd2899f435aab2d91d |
2 /*--------------------------------------------------------------------*/
3 /*--- Management of the translation table and cache. ---*/
4 /*--- m_transtab.c ---*/
5 /*--------------------------------------------------------------------*/
7 /*
8 This file is part of Valgrind, a dynamic binary instrumentation
9 framework.
11 Copyright (C) 2000-2013 Julian Seward
12 jseward@acm.org
14 This program is free software; you can redistribute it and/or
15 modify it under the terms of the GNU General Public License as
16 published by the Free Software Foundation; either version 2 of the
17 License, or (at your option) any later version.
19 This program is distributed in the hope that it will be useful, but
20 WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22 General Public License for more details.
24 You should have received a copy of the GNU General Public License
25 along with this program; if not, write to the Free Software
26 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
27 02111-1307, USA.
29 The GNU General Public License is contained in the file COPYING.
30 */
49 #define DEBUG_TRANSTAB 0
52 /*-------------------------------------------------------------*/
53 /*--- Management of the FIFO-based translation table+cache. ---*/
54 /*-------------------------------------------------------------*/
56 /* Nr of sectors provided via command line parameter. */
58 /* Nr of sectors.
59 Will be set by VG_(init_tt_tc) to VG_(clo_num_transtab_sectors). */
62 /*------------------ CONSTANTS ------------------*/
63 /* Number of TC entries in each sector. This needs to be a prime
64 number to work properly, it must be <= 65535 (so that a TT index
65 fits in a UShort, leaving room for 0xFFFF(EC2TTE_DELETED) to denote
66 'deleted') and it is strongly recommended not to change this.
67 65521 is the largest prime <= 65535. */
70 /* Because each sector contains a hash table of TTEntries, we need to
71 specify the maximum allowable loading, after which the sector is
72 deemed full. */
73 #define SECTOR_TT_LIMIT_PERCENT 65
75 /* The sector is deemed full when this many entries are in it. */
76 #define N_TTES_PER_SECTOR_USABLE \
77 ((N_TTES_PER_SECTOR * SECTOR_TT_LIMIT_PERCENT) / 100)
79 /* Equivalence classes for fast address range deletion. There are 1 +
80 2^ECLASS_WIDTH bins. The highest one, ECLASS_MISC, describes an
81 address range which does not fall cleanly within any specific bin.
82 Note that ECLASS_SHIFT + ECLASS_WIDTH must be < 32. */
83 #define ECLASS_SHIFT 11
84 #define ECLASS_WIDTH 8
85 #define ECLASS_MISC (1 << ECLASS_WIDTH)
86 #define ECLASS_N (1 + ECLASS_MISC)
91 /*------------------ TYPES ------------------*/
93 /* In edges ("to-me") in the graph created by chaining. */
94 typedef
100 }
101 InEdge;
104 /* Out edges ("from-me") in the graph created by chaining. */
105 typedef
110 }
111 OutEdge;
114 #define N_FIXED_IN_EDGE_ARR 3
115 typedef
120 }
121 InEdgeArr;
123 #define N_FIXED_OUT_EDGE_ARR 2
124 typedef
129 }
130 OutEdgeArr;
133 /* A translation-table entry. This indicates precisely which areas of
134 guest code are included in the translation, and contains all other
135 auxiliary info too. */
136 typedef
138 /* Profiling only: the count and weight (arbitrary meaning) for
139 this translation. Weight is a property of the translation
140 itself and computed once when the translation is created.
141 Count is an entry count for the translation and is
142 incremented by 1 every time the translation is used, if we
143 are profiling. */
144 ULong count;
145 UShort weight;
147 /* Status of the slot. Note, we need to be able to do lazy
148 deletion, hence the Deleted state. */
151 /* 64-bit aligned pointer to one or more 64-bit words containing
152 the corresponding host code (must be in the same sector!)
153 This is a pointer into the sector's tc (code) area. */
156 /* This is the original guest address that purportedly is the
157 entry point of the translation. You might think that .entry
158 should be the same as .vge->base[0], and most of the time it
159 is. However, when doing redirections, that is not the case.
160 .vge must always correctly describe the guest code sections
161 from which this translation was made. However, .entry may or
162 may not be a lie, depending on whether or not we're doing
163 redirection. */
164 Addr64 entry;
166 /* This structure describes precisely what ranges of guest code
167 the translation covers, so we can decide whether or not to
168 delete it when translations of a given address range are
169 invalidated. */
170 VexGuestExtents vge;
172 /* Address range summary info: these are pointers back to
173 eclass[] entries in the containing Sector. Those entries in
174 turn point back here -- the two structures are mutually
175 redundant but both necessary to make fast deletions work.
176 The eclass info is similar to, and derived from, this entry's
177 'vge' field, but it is not the same */
181 // for i in 0 .. n_tte2ec-1
182 // sec->ec2tte[ tte2ec_ec[i] ][ tte2ec_ix[i] ]
183 // should be the index
184 // of this TTEntry in the containing Sector's tt array.
186 /* Admin information for chaining. 'in_edges' is a set of the
187 patch points which jump to this translation -- hence are
188 predecessors in the control flow graph. 'out_edges' points
189 to successors in the control flow graph -- translations to
190 which this one has a patched jump. In short these are just
191 backwards and forwards edges in the graph of patched-together
192 blocks. The 'in_edges' contain slightly more info, enough
193 that we can undo the chaining of each mentioned patch point.
194 The 'out_edges' list exists only so that we can visit the
195 'in_edges' entries of all blocks we're patched through to, in
196 order to remove ourselves from then when we're deleted. */
198 /* A translation can disappear for two reasons:
199 1. erased (as part of the oldest sector cleanup) when the
200 youngest sector is full.
201 2. discarded due to calls to VG_(discard_translations).
202 VG_(discard_translations) sets the status of the
203 translation to 'Deleted'.
204 A.o., the gdbserver discards one or more translations
205 when a breakpoint is inserted or removed at an Addr,
206 or when single stepping mode is enabled/disabled
207 or when a translation is instrumented for gdbserver
208 (all the target jumps of this translation are
209 invalidated).
211 So, it is possible that the translation A to be patched
212 (to obtain a patched jump from A to B) is invalidated
213 after B is translated and before A is patched.
214 In case a translation is erased or discarded, the patching
215 cannot be done. VG_(tt_tc_do_chaining) and find_TTEntry_from_hcode
216 are checking the 'from' translation still exists before
217 doing the patching.
219 Is it safe to erase or discard the current translation E being
220 executed ? Amazing, but yes, it is safe.
221 Here is the explanation:
223 The translation E being executed can only be erased if a new
224 translation N is being done. A new translation is done only
225 if the host addr is a not yet patched jump to another
226 translation. In such a case, the guest address of N is
227 assigned to the PC in the VEX state. Control is returned
228 to the scheduler. N will be translated. This can erase the
229 translation E (in case of sector full). VG_(tt_tc_do_chaining)
230 will not do the chaining to a non found translation E.
231 The execution will continue at the current guest PC
232 (i.e. the translation N).
233 => it is safe to erase the current translation being executed.
235 The current translation E being executed can also be discarded
236 (e.g. by gdbserver). VG_(discard_translations) will mark
237 this translation E as Deleted, but the translation itself
238 is not erased. In particular, its host code can only
239 be overwritten or erased in case a new translation is done.
240 A new translation will only be done if a not yet translated
241 jump is to be executed. The execution of the Deleted translation
242 E will continue till a non patched jump is encountered.
243 This situation is then similar to the 'erasing' case above :
244 the current translation E can be erased or overwritten, as the
245 execution will continue at the new translation N.
247 */
249 /* It is possible, although very unlikely, that a block A has
250 more than one patched jump to block B. This could happen if
251 (eg) A finishes "jcond B; jmp B".
253 This means in turn that B's in_edges set can list A more than
254 once (twice in this example). However, each such entry must
255 have a different from_offs, since a patched jump can only
256 jump to one place at once (it's meaningless for it to have
257 multiple destinations.) IOW, the successor and predecessor
258 edges in the graph are not uniquely determined by a
259 TTEntry --> TTEntry pair, but rather by a
260 (TTEntry,offset) --> TTEntry triple.
262 If A has multiple edges to B then B will mention A multiple
263 times in its in_edges. To make things simpler, we then
264 require that A mentions B exactly the same number of times in
265 its out_edges. Furthermore, a matching out-in pair must have
266 the same offset (from_offs). This facilitates sanity
267 checking, and it facilitates establishing the invariant that
268 a out_edges set may not have duplicates when using the
269 equality defined by (TTEntry,offset). Hence the out_edges
270 and in_edges sets really do have both have set semantics.
272 eg if A has been patched to B at offsets 42 and 87 (in A)
273 then A.out_edges = { (B,42), (B,87) } (in any order)
274 and B.in_edges = { (A,42), (A,87) } (in any order)
276 Hence for each node pair P->Q in the graph, there's a 1:1
277 mapping between P.out_edges and Q.in_edges.
278 */
279 InEdgeArr in_edges;
280 OutEdgeArr out_edges;
281 }
282 TTEntry;
285 /* A structure used for mapping host code addresses back to the
286 relevant TTEntry. Used when doing chaining, for finding the
287 TTEntry to which some arbitrary patch address belongs. */
288 typedef
291 UInt len;
292 UInt tteNo;
293 }
294 HostExtent;
296 /* Finally, a sector itself. Each sector contains an array of
297 TCEntries, which hold code, and an array of TTEntries, containing
298 all required administrative info. Profiling is supported using the
299 TTEntry .count and .weight fields, if required.
301 If the sector is not in use, all three pointers are NULL and
302 tt_n_inuse is zero.
303 */
304 typedef
306 /* The TCEntry area. Size of this depends on the average
307 translation size. We try and size it so it becomes full
308 precisely when this sector's translation table (tt) reaches
309 its load limit (SECTOR_TT_LIMIT_PERCENT). */
312 /* The TTEntry array. This is a fixed size, always containing
313 exactly N_TTES_PER_SECTOR entries. */
316 /* This points to the current allocation point in tc. */
319 /* The count of tt entries with state InUse. */
320 Int tt_n_inuse;
322 /* Expandable arrays of tt indices for each of the ECLASS_N
323 address range equivalence classes. These hold indices into
324 the containing sector's tt array, which in turn should point
325 back here. */
330 /* The host extents. The [start, +len) ranges are constructed
331 in strictly non-overlapping order, so we can binary search
332 them at any time. */
334 }
335 Sector;
338 /*------------------ DECLS ------------------*/
340 /* The root data structure is an array of sectors. The index of the
341 youngest sector is recorded, and new translations are put into that
342 sector. When it fills up, we move along to the next sector and
343 start to fill that up, wrapping around at the end of the array.
344 That way, once all N_TC_SECTORS have been bought into use for the
345 first time, and are full, we then re-use the oldest sector,
346 endlessly.
348 When running, youngest sector should be between >= 0 and <
349 N_TC_SECTORS. The initial -1 value indicates the TT/TC system is
350 not yet initialised.
351 */
355 /* The number of ULongs in each TCEntry area. This is computed once
356 at startup and does not change. */
360 /* A list of sector numbers, in the order which they should be
361 searched to find translations. This is an optimisation to be used
362 when searching for translations and should not affect
363 correctness. -1 denotes "no entry". */
367 /* Fast helper for the TC. A direct-mapped cache which holds a set of
368 recently used (guest address, host address) pairs. This array is
369 referred to directly from m_dispatch/dispatch-<platform>.S.
371 Entries in tt_fast may refer to any valid TC entry, regardless of
372 which sector it's in. Consequently we must be very careful to
373 invalidate this cache when TC entries are changed or disappear.
375 A special .guest address - TRANSTAB_BOGUS_GUEST_ADDR -- must be
376 pointed at to cause that cache entry to miss. This relies on the
377 assumption that no guest code actually has that address, hence a
378 value 0x1 seems good. m_translate gives the client a synthetic
379 segfault if it tries to execute at this address.
380 */
381 /*
382 typedef
383 struct {
384 Addr guest;
385 Addr host;
386 }
387 FastCacheEntry;
388 */
392 /* Make sure we're not used before initialisation. */
396 /*------------------ STATS DECLS ------------------*/
398 /* Number of fast-cache updates and flushes done. */
402 /* Number of full lookups done. */
406 /* Number/osize/tsize of translations entered; also the number of
407 those for which self-checking was requested. */
413 /* Number/osize of translations discarded due to lack of space. */
417 /* Number/osize of translations discarded due to requests to do so. */
422 /*-------------------------------------------------------------*/
423 /*--- Misc ---*/
424 /*-------------------------------------------------------------*/
427 {
429 }
432 {
434 }
437 /*-------------------------------------------------------------*/
438 /*--- Chaining support ---*/
439 /*-------------------------------------------------------------*/
442 {
450 }
453 {
458 }
461 {
465 }
468 {
470 }
473 {
480 }
481 }
484 {
492 }
493 }
495 static
497 {
504 }
505 }
507 static
509 {
517 }
519 }
520 }
522 static
524 {
531 /* The fixed array is full, so we have to initialise an
532 XArray and copy the fixed array into it. */
534 ttaux_free,
536 UWord i;
539 }
543 /* Just add to the fixed array. */
545 }
546 }
547 }
550 {
557 }
558 }
561 {
569 }
570 }
572 static
574 {
581 }
582 }
584 static
586 {
594 }
596 }
597 }
599 static
601 {
608 /* The fixed array is full, so we have to initialise an
609 XArray and copy the fixed array into it. */
611 ttaux_free,
613 UWord i;
616 }
620 /* Just add to the fixed array. */
622 }
623 }
624 }
626 static
628 {
634 }
636 /* True if hx is a dead host extent, i.e. corresponds to host code
637 of an entry that was invalidated. */
638 static
640 {
642 #define LDEBUG(m) if (DEBUG_TRANSTAB) \
643 VG_(printf) (m \
646 hx->start, hx->len, (int)(sec - sectors), \
647 hx->tteNo, \
648 sec->tt[tteNo].entry, sec->tt[tteNo].tcptr)
650 /* Entry might have been invalidated and not re-used yet.*/
654 }
655 /* Maybe we found this entry via a host_extents which was
656 inserted for an entry which was changed to Deleted then
657 re-used after. If this entry was re-used, then its tcptr
658 is >= to host_extents start (i.e. the previous tcptr) + len.
659 This is the case as there is no re-use of host code: a new
660 entry or re-used entry always gets "higher value" host code. */
664 }
667 #undef LDEBUG
668 }
674 {
675 Int i;
677 /* Search order logic copied from VG_(search_transtab). */
687 HostExtent key;
694 HostExtent__cmpOrd );
699 /* Do some additional sanity checks. */
702 /* if this hx entry corresponds to dead host code, we must
703 tell this code has not been found, as it cannot be patched. */
708 /* Can only half check that the found TTEntry contains hcode,
709 due to not having a length value for the hcode in the
710 TTEntry. */
712 /* Looks plausible */
716 }
717 }
719 }
722 /* Figure out whether or not hcode is jitted code present in the main
723 code cache (but not in the no-redir cache). Used for sanity
724 checking. */
726 {
736 }
738 }
741 /* Fulfill a chaining request, and record admin info so we
742 can undo it later, if required.
743 */
745 UInt to_sNo,
746 UInt to_tteNo,
747 Bool to_fastEP )
748 {
749 /* Get the CPU info established at startup. */
751 VexArchInfo archinfo_host;
756 // host_code is where we're patching to. So it needs to
757 // take into account, whether we're jumping to the slow
758 // or fast entry point. By definition, the fast entry point
759 // is exactly one event check's worth of code along from
760 // the slow (tcptr) entry point.
766 // stay sane -- the patch point (dst) is in this sector's code cache
771 /* Find the TTEntry for the from__ code. This isn't simple since
772 we only know the patch address, which is going to be somewhere
773 inside the from_ block. */
776 Bool from_found
778 from__patch_addr );
780 // The from code might have been discarded due to sector re-use
781 // or marked Deleted due to translation invalidation.
782 // In such a case, don't do the chaining.
784 "host code %p not found (discarded? sector recycled?)"
786 from__patch_addr);
788 }
792 /* Get VEX to do the patching itself. We have to hand it off
793 since it is host-dependent. */
794 VexInvalRange vir
797 from__patch_addr,
802 );
805 /* Now do the tricky bit -- update the ch_succs and ch_preds info
806 for the two translations involved, so we can undo the chaining
807 later, which we will have to do if the to_ block gets removed
808 for whatever reason. */
810 /* This is the new from_ -> to_ link to add. */
811 InEdge ie;
821 /* This is the new to_ -> from_ backlink to add. */
822 OutEdge oe;
828 /* Add .. */
831 }
834 /* Unchain one patch, as described by the specified InEdge. For
835 sanity check purposes only (to check that the patched location is
836 as expected) it also requires the fast and slow entry point
837 addresses of the destination block (that is, the block that owns
838 this InEdge). */
843 {
845 TTEntry* tte
847 UChar* place_to_patch
849 UChar* disp_cp_chain_me
853 );
854 UChar* place_to_jump_to_EXPECTED
857 // stay sane: both src and dst for this unchaining are
858 // in the main code cache
861 // dst check is ok because LibVEX_UnChain checks that
862 // place_to_jump_to_EXPECTED really is the current dst, and
863 // asserts if it isn't.
864 VexInvalRange vir
868 }
871 /* The specified block is about to be deleted. Update the preds and
872 succs of its associated blocks accordingly. This includes undoing
873 any chained jumps to this block. */
874 static
876 VexEndness endness_host,
878 {
889 /* Visit all InEdges owned by here_tte. */
893 // Undo the chaining.
897 // Find the corresponding entry in the "from" node's out_edges,
898 // and remove it.
907 }
910 }
912 /* Visit all OutEdges owned by here_tte. */
916 // Find the corresponding entry in the "to" node's in_edges,
917 // and remove it.
926 }
929 }
933 }
936 /*-------------------------------------------------------------*/
937 /*--- Address-range equivalence class stuff ---*/
938 /*-------------------------------------------------------------*/
940 /* Return equivalence class number for a range. */
943 {
954 }
955 }
958 /* Calculates the equivalence class numbers for any VexGuestExtent.
959 These are written in *eclasses, which must be big enough to hold 3
960 Ints. The number written, between 1 and 3, is returned. The
961 eclasses are presented in order, and any duplicates are removed.
962 */
964 static
967 {
969 # define SWAP(_lv1,_lv2) \
970 do { Int t = _lv1; _lv1 = _lv2; _lv2 = t; } while (0)
981 /* only add if we haven't already seen it */
987 }
993 /* sort */
997 }
1000 /* sort */
1008 }
1010 /* NOTREACHED */
1013 bad:
1017 # undef SWAP
1018 }
1021 /* Add tteno to the set of entries listed for equivalence class ec in
1022 this sector. Returns used location in eclass array. */
1024 static
1026 {
1052 }
1054 /* Common case */
1059 }
1062 /* 'vge' is being added to 'sec' at TT entry 'tteno'. Add appropriate
1063 eclass entries to 'sec'. */
1065 static
1067 {
1081 }
1082 }
1085 /* Check the eclass info in 'sec' to ensure it is consistent. Returns
1086 True if OK, False if something's not right. Expensive. */
1089 {
1090 # define BAD(_str) do { whassup = (_str); goto bad; } while (0)
1095 UShort tteno;
1098 /* Basic checks on this sector */
1105 /* For each eclass ... */
1117 /* For each tt reference in each eclass .. ensure the reference
1118 is to a valid tt entry, and that the entry's address ranges
1119 really include this eclass. */
1132 /* Exactly least one of tte->eclasses[0 .. tte->n_eclasses-1]
1133 must equal i. Inspect tte's eclass info. */
1148 n++;
1149 }
1152 }
1153 }
1155 /* That establishes that for each forward pointer from TTEntrys
1156 there is a corresponding backward pointer from the eclass[]
1157 arrays. However, it doesn't rule out the possibility of other,
1158 bogus pointers in the eclass[] arrays. So do those similarly:
1159 scan through them and check the TTEntryies they point at point
1160 back. */
1169 }
1185 }
1186 }
1190 bad:
1194 # if 0
1201 }
1206 }
1207 # endif
1211 # undef BAD
1212 }
1215 /* Sanity check absolutely everything. True == check passed. */
1217 /* forwards */
1221 {
1223 /* assert the array is the right size */
1226 /* Check it's of the form valid_sector_numbers ++ [-1, -1, ..] */
1230 }
1235 }
1238 /* Check each sector number only appears once */
1245 }
1246 }
1247 /* Check that the number of listed sectors equals the number
1248 in use, by counting nListed back down. */
1251 nListed--;
1252 }
1256 }
1259 {
1260 Int sno;
1261 Bool sane;
1264 Int i;
1266 Int szhxa;
1277 nr_not_dead_hx++;
1278 }
1284 }
1285 }
1292 }
1296 /*-------------------------------------------------------------*/
1297 /*--- Add/find translations ---*/
1298 /*-------------------------------------------------------------*/
1301 {
1306 }
1309 {
1313 }
1316 {
1324 }
1327 {
1331 n_fast_updates++;
1332 /* This shouldn't fail. It should be assured by m_translate
1333 which should reject any attempt to make translation of code
1334 starting at TRANSTAB_BOGUS_GUEST_ADDR. */
1336 }
1338 /* Invalidate the fast cache VG_(tt_fast). */
1340 {
1341 UInt j;
1342 /* This loop is popular enough to make it worth unrolling a
1343 bit, at least on ppc32. */
1350 }
1353 n_fast_flushes++;
1354 }
1357 {
1358 Int i;
1359 SysRes sres;
1365 }
1370 /* Sector has never been used before. Need to allocate tt and
1371 tc. */
1379 }
1390 /*NOTREACHED*/
1391 }
1399 /*NOTREACHED*/
1400 }
1406 }
1408 /* Set up the host_extents array. */
1409 sec->host_extents
1411 ttaux_free,
1414 /* Add an entry in the sector_search_order */
1418 }
1427 /* Sector has been used before. Dump the old contents. */
1437 VexArchInfo archinfo_host;
1442 /* Visit each just-about-to-be-abandoned translation. */
1444 sno);
1450 /* Tell the tool too. */
1455 }
1460 }
1463 }
1465 sno);
1467 /* Free up the eclass structures. */
1478 }
1479 }
1481 /* Empty out the host extents array. */
1486 /* Sanity check: ensure it is already in
1487 sector_search_order[]. */
1491 }
1496 }
1505 }
1506 }
1509 /* Add a translation of vge to TT/TC. The translation is temporarily
1510 in code[0 .. code_len-1].
1512 pre: youngest_sector points to a valid (although possibly full)
1513 sector.
1514 */
1516 Addr64 entry,
1517 AddrH code,
1518 UInt code_len,
1519 Bool is_self_checking,
1520 Int offs_profInc,
1521 UInt n_guest_instrs )
1522 {
1531 /* 60000: should agree with N_TMPBUF in m_translate.c. */
1534 /* Generally stay sane */
1541 n_in_count++;
1545 n_in_sc_count++;
1553 /* Try putting the translation in this sector. */
1556 /* Will it fit in tc? */
1564 /* No. So move on to the next sector. Either it's never been
1565 used before, in which case it will get its tt/tc allocated
1566 now, or it has been used before, in which case it is set to be
1567 empty, hence throwing out the oldest sector. */
1574 "declare sector %d full "
1579 "declare sector %d full "
1582 }
1583 youngest_sector++;
1588 }
1590 /* Be sure ... */
1599 /* Copy into tc. */
1610 /* more paranoia */
1615 /* Find an empty tt slot, and use it. There must be such a slot
1616 since tt is never allowed to get completely full. */
1623 i++;
1626 }
1636 /* Patch in the profile counter location, if necessary. */
1640 VexArchInfo archinfo_host;
1644 VexInvalRange vir
1649 }
1653 /* Add this entry to the host_extents map, checking that we're
1654 adding in order. */
1666 }
1671 }
1673 /* Update the fast-cache. */
1676 /* Note the eclass numbers for this translation. */
1678 }
1681 /* Search for the translation of the given guest address. If
1682 requested, a successful search can also cause the fast-caches to be
1683 updated.
1684 */
1688 Addr64 guest_addr,
1689 Bool upd_cache )
1690 {
1694 /* Find the initial probe point just once. It will be the same in
1695 all sectors and avoids multiple expensive % operations. */
1696 n_full_lookups++;
1701 /* Search in all the sectors,using sector_search_order[] as a
1702 heuristic guide as to what order to visit the sectors. */
1711 n_lookup_probes++;
1714 /* found it */
1724 /* pull this one one step closer to the front. For large
1725 apps this more or less halves the number of required
1726 probes. */
1731 }
1733 }
1736 k++;
1739 }
1741 /* If we fall off the end, all entries are InUse and not
1742 matching, or Deleted. In any case we did not find it in this
1743 sector. */
1744 }
1746 /* Not found in any sector. */
1748 }
1751 /*-------------------------------------------------------------*/
1752 /*--- Delete translations. ---*/
1753 /*-------------------------------------------------------------*/
1755 /* forward */
1758 /* Stuff for deleting translations which intersect with a given
1759 address range. Unfortunately, to make this run at a reasonable
1760 speed, it is complex. */
1764 {
1770 }
1774 {
1786 }
1789 /* Delete a tt entry, and update all the eclass data accordingly. */
1793 {
1797 /* sec and secNo are mutually redundant; cross-check. */
1805 /* Unchain .. */
1808 /* Deal with the ec-to-tte links first. */
1815 /* Assert that the two links point at each other. */
1817 /* "delete" the pointer back to here. */
1819 }
1821 /* Now fix up this TTEntry. */
1825 /* Stats .. */
1827 n_disc_count++;
1830 /* Tell the tool too. */
1835 }
1836 }
1839 /* Delete translations from sec which intersect specified range, but
1840 only consider translations in the specified eclass. */
1842 static
1845 Int ec,
1846 VexArch arch_host,
1847 VexEndness endness_host )
1848 {
1849 Int i;
1850 UShort tteno;
1860 /* already deleted */
1862 }
1872 }
1874 }
1877 }
1880 /* Delete translations from sec which intersect specified range, the
1881 slow way, by inspecting all translations in sec. */
1883 static
1886 VexArch arch_host,
1887 VexEndness endness_host )
1888 {
1889 Int i;
1897 }
1898 }
1901 }
1906 {
1917 /* Pre-deletion sanity check */
1921 }
1927 VexArchInfo archinfo_host;
1932 /* There are two different ways to do this.
1934 If the range fits within a single address-range equivalence
1935 class, as will be the case for a cache line sized invalidation,
1936 then we only have to inspect the set of translations listed in
1937 that equivalence class, and also in the "sin-bin" equivalence
1938 class ECLASS_MISC.
1940 Otherwise, the invalidation is of a larger range and probably
1941 results from munmap. In this case it's (probably!) faster just
1942 to inspect all translations, dump those we don't want, and
1943 regenerate the equivalence class information (since modifying it
1944 in-situ is even more expensive).
1945 */
1947 /* First off, figure out if the range falls within a single class,
1948 and if so which one. */
1954 /* if ec is ECLASS_MISC then we aren't looking at just a single
1955 class, so use the slow scheme. Else use the fast scheme,
1956 examining 'ec' and ECLASS_MISC. */
1963 /* Fast scheme */
1972 arch_host, endness_host
1973 );
1976 arch_host, endness_host
1977 );
1978 }
1982 /* slow scheme */
1993 arch_host, endness_host
1994 );
1995 }
1997 }
2002 /* don't forget the no-redir cache */
2005 /* Post-deletion sanity check */
2007 Int i;
2011 /* But now, also check the requested address range isn't
2012 present anywhere. */
2022 }
2023 }
2024 }
2025 }
2028 /*------------------------------------------------------------*/
2029 /*--- AUXILIARY: the unredirected TT/TC ---*/
2030 /*------------------------------------------------------------*/
2032 /* A very simple translation cache which holds a small number of
2033 unredirected translations. This is completely independent of the
2034 main tt/tc structures. When unredir_tc or unredir_tt becomes full,
2035 both structures are simply dumped and we start over.
2037 Since these translations are unredirected, the search key is (by
2038 definition) the first address entry in the .vge field. */
2040 /* Sized to hold 500 translations of average size 1000 bytes. */
2042 #define UNREDIR_SZB 1000
2044 #define N_UNREDIR_TT 500
2045 #define N_UNREDIR_TCQ (N_UNREDIR_TT * UNREDIR_SZB / sizeof(ULong))
2047 typedef
2049 VexGuestExtents vge;
2050 Addr hcode;
2051 Bool inUse;
2052 }
2053 UTCEntry;
2055 /* We just allocate forwards in _tc, never deleting. */
2059 /* Slots in _tt can come into use and out again (.inUse).
2060 Nevertheless _tt_highwater is maintained so that invalidations
2061 don't have to scan all the slots when only a few are in use.
2062 _tt_highwater holds the index of the highest ever allocated
2063 slot. */
2069 {
2070 Int i;
2077 /*NOTREACHED*/
2078 }
2080 }
2085 }
2087 /* Do a sanity check; return False on failure. */
2089 {
2090 Int i;
2102 }
2105 /* Add an UNREDIRECTED translation of vge to TT/TC. The translation
2106 is temporarily in code[0 .. code_len-1].
2107 */
2109 Addr64 entry,
2110 AddrH code,
2111 UInt code_len )
2112 {
2118 /* This is the whole point: it's not redirected! */
2121 /* How many unredir_tt slots are needed */
2124 /* Look for an empty unredir_tc slot */
2130 /* It's full; dump everything we currently have */
2133 }
2161 }
2164 Addr64 guest_addr )
2165 {
2166 Int i;
2173 }
2174 }
2176 }
2179 {
2180 Int i;
2188 }
2189 }
2192 /*------------------------------------------------------------*/
2193 /*--- Initialisation. ---*/
2194 /*------------------------------------------------------------*/
2197 {
2203 /* Otherwise lots of things go wrong... */
2206 /* check fast cache entries really are 2 words long */
2209 /* check fast cache entries are packed back-to-back with no spaces */
2211 /* check fast cache is aligned as we requested. Not fatal if it
2212 isn't, but we might as well make sure. */
2217 "TT/TC: VG_(init_tt_tc) "
2220 /* Figure out how big each tc area should be. */
2224 /* Ensure the calculated value is not way crazy. */
2232 /* Initialise the sectors, even the ones we aren't going to use.
2233 Set all fields to zero. */
2238 /* Initialise the sector_search_order hint table, including the
2239 entries we aren't going to use. */
2243 /* Initialise the fast cache. */
2246 /* and the unredir tt/tc */
2260 "TT/TC: table: %d entries each = %d total entries"
2262 N_TTES_PER_SECTOR,
2265 SECTOR_TT_LIMIT_PERCENT );
2266 }
2267 }
2270 /*------------------------------------------------------------*/
2271 /*--- Printing out statistics. ---*/
2272 /*------------------------------------------------------------*/
2275 {
2277 }
2280 {
2282 }
2285 {
2294 " transtab: new %'lld "
2298 n_in_sc_count);
2307 Int i;
2313 }
2315 }
2316 }
2318 /*------------------------------------------------------------*/
2319 /*--- Printing out of profiling results. ---*/
2320 /*------------------------------------------------------------*/
2323 {
2325 }
2328 {
2330 ULong score_total;
2332 /* First, compute the total weighted count, and find the top N
2333 ttes. tops contains pointers to the most-used n_tops blocks, in
2334 descending order (viz, tops[0] is the highest scorer). */
2338 }
2349 /* Find the rank for sectors[sno].tt[i]. */
2355 r--;
2357 }
2359 r--;
2361 }
2363 }
2364 r++;
2366 /* This bb should be placed at r, and bbs above it shifted
2367 upwards one slot. */
2373 }
2374 }
2375 }
2377 /* Now zero out all the counter fields, so that we can make
2378 multiple calls here and just get the values since the last call,
2379 each time, rather than values accumulated for the whole run. */
2387 }
2388 }
2391 }
2393 /*--------------------------------------------------------------------*/
2394 /*--- end ---*/
2395 /*--------------------------------------------------------------------*/