| blob | cb6c5ad52ed0c87f9ec19be2160e1d57b2fff07b |
2 /*--------------------------------------------------------------------*/
3 /*--- Management of the translation table and cache. ---*/
4 /*--- m_transtab.c ---*/
5 /*--------------------------------------------------------------------*/
7 /*
8 This file is part of Valgrind, a dynamic binary instrumentation
9 framework.
11 Copyright (C) 2000-2017 Julian Seward
12 jseward@acm.org
14 This program is free software; you can redistribute it and/or
15 modify it under the terms of the GNU General Public License as
16 published by the Free Software Foundation; either version 2 of the
17 License, or (at your option) any later version.
19 This program is distributed in the hope that it will be useful, but
20 WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22 General Public License for more details.
24 You should have received a copy of the GNU General Public License
25 along with this program; if not, see <http://www.gnu.org/licenses/>.
27 The GNU General Public License is contained in the file COPYING.
28 */
47 #define DEBUG_TRANSTAB 0
50 /*-------------------------------------------------------------*/
51 /*--- Management of the FIFO-based translation table+cache. ---*/
52 /*-------------------------------------------------------------*/
54 /* Nr of sectors provided via command line parameter. */
56 /* Nr of sectors.
57 Will be set by VG_(init_tt_tc) to VG_(clo_num_transtab_sectors). */
60 /* Average size of a transtab code entry. 0 means to use the tool
61 provided default. */
64 /*------------------ CONSTANTS ------------------*/
65 /* Number of entries in hash table of each sector. This needs to be a prime
66 number to work properly, it must be <= 65535 (so that a TTE index
67 fits in a UShort, leaving room for 0xFFFF(EC2TTE_DELETED, HTT_DELETED)
68 to denote 'deleted') and 0xFFFE (HTT_EMPTY) to denote 'Empty' in the
69 hash table.
70 It is strongly recommended not to change this.
71 65521 is the largest prime <= 65535. */
75 #define HTT_DELETED EC2TTE_DELETED
76 #define HTT_EMPTY 0XFFFE
78 // HTTno is the Sector->htt hash table index. Must be the same type as TTEno.
81 /* Because each sector contains a hash table of TTEntries, we need to
82 specify the maximum allowable loading, after which the sector is
83 deemed full. */
84 #define SECTOR_TT_LIMIT_PERCENT 65
86 /* The sector is deemed full when this many entries are in it. */
87 #define N_TTES_PER_SECTOR \
88 ((N_HTTES_PER_SECTOR * SECTOR_TT_LIMIT_PERCENT) / 100)
90 /* Equivalence classes for fast address range deletion. There are 1 +
91 2^ECLASS_WIDTH bins. The highest one, ECLASS_MISC, describes an
92 address range which does not fall cleanly within any specific bin.
93 Note that ECLASS_SHIFT + ECLASS_WIDTH must be < 32.
94 ECLASS_N must fit in a EclassNo. */
95 #define ECLASS_SHIFT 13U
96 #define ECLASS_WIDTH 9U
97 #define ECLASS_MISC (1U << ECLASS_WIDTH)
98 #define ECLASS_N (1U + ECLASS_MISC)
103 /*------------------ TYPES ------------------*/
105 /* In edges ("to-me") in the graph created by chaining. */
106 typedef
111 where the patch is */
113 }
114 InEdge;
117 /* Out edges ("from-me") in the graph created by chaining. */
118 typedef
123 }
124 OutEdge;
127 #define N_FIXED_IN_EDGE_ARR 3
128 typedef
136 }
137 InEdgeArr;
139 #define N_FIXED_OUT_EDGE_ARR 2
140 typedef
148 }
149 OutEdgeArr;
152 /* A translation-table entry. This indicates precisely which areas of
153 guest code are included in the translation, and contains all other
154 auxiliary info too. These are split into hold and cold parts,
155 TTEntryH and TTEntryC, so as to be more cache-friendly
156 (a.k.a. "faster") when searching for translations that intersect
157 with a certain guest code address range, for deletion. In the
158 worst case this can involve a sequential scan through all the hot
159 parts, so they are packed as compactly as possible -- 32 bytes on a
160 64-bit platform, 20 bytes on a 32-bit platform.
162 Each TTEntry is logically a matching cold-and-hot pair, and in fact
163 it was originally one structure. First, the cold part.
164 */
165 typedef
169 /* Profiling only: the count and weight (arbitrary meaning) for
170 this translation. Weight is a property of the translation
171 itself and computed once when the translation is created.
172 Count is an entry count for the translation and is
173 incremented by 1 every time the translation is used, if we
174 are profiling. */
175 ULong count;
176 UShort weight;
181 /* 64-bit aligned pointer to one or more 64-bit words containing
182 the corresponding host code (must be in the same sector!)
183 This is a pointer into the sector's tc (code) area. */
186 /* This is the original guest address that purportedly is the
187 entry point of the translation. You might think that .entry
188 should be the same as .vge->base[0], and most of the time it
189 is. However, when doing redirections, that is not the case.
190 .vge must always correctly describe the guest code sections
191 from which this translation was made. However, .entry may or
192 may not be a lie, depending on whether or not we're doing
193 redirection. */
194 Addr entry;
196 /* Address range summary info: these are pointers back to
197 eclass[] entries in the containing Sector. Those entries in
198 turn point back here -- the two structures are mutually
199 redundant but both necessary to make fast deletions work.
200 The eclass info is similar to, and derived from, this entry's
201 'vge' field, but it is not the same */
205 // for i in 0 .. n_tte2ec-1
206 // sec->ec2tte[ tte2ec_ec[i] ][ tte2ec_ix[i] ]
207 // should be the index
208 // of this TTEntry in the containing Sector's tt array.
210 /* Admin information for chaining. 'in_edges' is a set of the
211 patch points which jump to this translation -- hence are
212 predecessors in the control flow graph. 'out_edges' points
213 to successors in the control flow graph -- translations to
214 which this one has a patched jump. In short these are just
215 backwards and forwards edges in the graph of patched-together
216 blocks. The 'in_edges' contain slightly more info, enough
217 that we can undo the chaining of each mentioned patch point.
218 The 'out_edges' list exists only so that we can visit the
219 'in_edges' entries of all blocks we're patched through to, in
220 order to remove ourselves from then when we're deleted. */
222 /* A translation can disappear for two reasons:
223 1. erased (as part of the oldest sector cleanup) when the
224 youngest sector is full.
225 2. discarded due to calls to VG_(discard_translations).
226 VG_(discard_translations) sets the status of the
227 translation to 'Deleted'.
228 A.o., the gdbserver discards one or more translations
229 when a breakpoint is inserted or removed at an Addr,
230 or when single stepping mode is enabled/disabled
231 or when a translation is instrumented for gdbserver
232 (all the target jumps of this translation are
233 invalidated).
235 So, it is possible that the translation A to be patched
236 (to obtain a patched jump from A to B) is invalidated
237 after B is translated and before A is patched.
238 In case a translation is erased or discarded, the patching
239 cannot be done. VG_(tt_tc_do_chaining) and find_TTEntry_from_hcode
240 are checking the 'from' translation still exists before
241 doing the patching.
243 Is it safe to erase or discard the current translation E being
244 executed ? Amazing, but yes, it is safe.
245 Here is the explanation:
247 The translation E being executed can only be erased if a new
248 translation N is being done. A new translation is done only
249 if the host addr is a not yet patched jump to another
250 translation. In such a case, the guest address of N is
251 assigned to the PC in the VEX state. Control is returned
252 to the scheduler. N will be translated. This can erase the
253 translation E (in case of sector full). VG_(tt_tc_do_chaining)
254 will not do the chaining to a non found translation E.
255 The execution will continue at the current guest PC
256 (i.e. the translation N).
257 => it is safe to erase the current translation being executed.
259 The current translation E being executed can also be discarded
260 (e.g. by gdbserver). VG_(discard_translations) will mark
261 this translation E as Deleted, but the translation itself
262 is not erased. In particular, its host code can only
263 be overwritten or erased in case a new translation is done.
264 A new translation will only be done if a not yet translated
265 jump is to be executed. The execution of the Deleted translation
266 E will continue till a non patched jump is encountered.
267 This situation is then similar to the 'erasing' case above :
268 the current translation E can be erased or overwritten, as the
269 execution will continue at the new translation N.
270 */
272 /* It is possible, although very unlikely, that a block A has
273 more than one patched jump to block B. This could happen if
274 (eg) A finishes "jcond B; jmp B".
276 This means in turn that B's in_edges set can list A more than
277 once (twice in this example). However, each such entry must
278 have a different from_offs, since a patched jump can only
279 jump to one place at once (it's meaningless for it to have
280 multiple destinations.) IOW, the successor and predecessor
281 edges in the graph are not uniquely determined by a
282 TTEntry --> TTEntry pair, but rather by a
283 (TTEntry,offset) --> TTEntry triple.
285 If A has multiple edges to B then B will mention A multiple
286 times in its in_edges. To make things simpler, we then
287 require that A mentions B exactly the same number of times in
288 its out_edges. Furthermore, a matching out-in pair must have
289 the same offset (from_offs). This facilitates sanity
290 checking, and it facilitates establishing the invariant that
291 a out_edges set may not have duplicates when using the
292 equality defined by (TTEntry,offset). Hence the out_edges
293 and in_edges sets really do have both have set semantics.
295 eg if A has been patched to B at offsets 42 and 87 (in A)
296 then A.out_edges = { (B,42), (B,87) } (in any order)
297 and B.in_edges = { (A,42), (A,87) } (in any order)
299 Hence for each node pair P->Q in the graph, there's a 1:1
300 mapping between P.out_edges and Q.in_edges.
301 */
302 InEdgeArr in_edges;
303 OutEdgeArr out_edges;
304 }
305 TTEntryC;
307 /* And this is the hot part. */
308 typedef
310 /* This structure describes precisely what ranges of guest code
311 the translation covers, so we can decide whether or not to
312 delete it when translations of a given address range are
313 invalidated. Originally this was a VexGuestExtents, but that
314 itself is 32 bytes on a 64-bit target, and we really want to
315 squeeze in an 8-bit |status| field into the 32 byte field, so
316 as to get 2 of them in a 64 byte LLC line. Hence the
317 VexGuestExtents fields are inlined, the _n_used field is
318 changed to a UChar (it only ever has the values 1, 2 or 3)
319 and the 8-bit status field is placed in byte 31 of the
320 structure. */
321 /* ORIGINALLY: VexGuestExtents vge; */
326 /* Status of the slot. Note, we need to be able to do lazy
327 deletion, hence the Deleted state. */
329 }
330 TTEntryH;
333 /* Impedance matchers, that convert between a VexGuestExtents and a
334 TTEntryH, ignoring TTEntryH::status, which doesn't exist in a
335 VexGuestExtents -- it is entirely unrelated. */
337 /* Takes a VexGuestExtents and pushes it into a TTEntryH. The
338 TTEntryH.status field is left unchanged. */
339 static
342 {
350 }
352 /* Takes a TTEntryH and pushes the vge_ components into a VexGuestExtents. */
353 static
356 {
364 }
367 /* A structure used for mapping host code addresses back to the
368 relevant TTEntry. Used when doing chaining, for finding the
369 TTEntry to which some arbitrary patch address belongs. */
370 typedef
373 UInt len;
374 TTEno tteNo;
375 }
376 HostExtent;
378 /* Finally, a sector itself. Each sector contains an array of
379 TCEntries, which hold code, and an array of TTEntries, containing
380 all required administrative info. Profiling is supported using the
381 TTEntry usage.prof.count and usage.prof.weight fields, if required.
383 If the sector is not in use, all three pointers are NULL and
384 tt_n_inuse is zero.
385 */
386 typedef
388 /* The TCEntry area. Size of this depends on the average
389 translation size. We try and size it so it becomes full
390 precisely when this sector's translation table (tt) reaches
391 its load limit (SECTOR_TT_LIMIT_PERCENT). */
394 /* An hash table, mapping guest address to an index in the tt array.
395 htt is a fixed size, always containing
396 exactly N_HTTES_PER_SECTOR entries. */
399 /* The TTEntry{C,H} arrays. These are a fixed size, always
400 containing exactly N_TTES_PER_SECTOR entries. */
404 /* This points to the current allocation point in tc. */
407 /* The count of tt entries with state InUse. */
408 Int tt_n_inuse;
410 /* A list of Empty/Deleted entries, chained by tte->next_empty_tte */
411 TTEno empty_tt_list;
413 /* Expandable arrays of tt indices for each of the ECLASS_N
414 address range equivalence classes. These hold indices into
415 the containing sector's tt array, which in turn should point
416 back here. */
421 /* The host extents. The [start, +len) ranges are constructed
422 in strictly non-overlapping order, so we can binary search
423 them at any time. */
425 }
426 Sector;
429 /*------------------ DECLS ------------------*/
431 /* The root data structure is an array of sectors. The index of the
432 youngest sector is recorded, and new translations are put into that
433 sector. When it fills up, we move along to the next sector and
434 start to fill that up, wrapping around at the end of the array.
435 That way, once all N_TC_SECTORS have been bought into use for the
436 first time, and are full, we then re-use the oldest sector,
437 endlessly.
439 When running, youngest sector should be between >= 0 and <
440 N_TC_SECTORS. The initial value indicates the TT/TC system is
441 not yet initialised.
442 */
446 /* The number of ULongs in each TCEntry area. This is computed once
447 at startup and does not change. */
451 /* A list of sector numbers, in the order which they should be
452 searched to find translations. This is an optimisation to be used
453 when searching for translations and should not affect
454 correctness. INV_SNO denotes "no entry". */
458 /* Fast helper for the TC. A 4-way set-associative cache, with more-or-less LRU
459 replacement. It holds a set of recently used (guest address, host address)
460 pairs. This array is referred to directly from
461 m_dispatch/dispatch-<platform>.S.
463 Entries in tt_fast may refer to any valid TC entry, regardless of
464 which sector it's in. Consequently we must be very careful to
465 invalidate this cache when TC entries are changed or disappear.
467 A special .guest address - TRANSTAB_BOGUS_GUEST_ADDR -- must be
468 pointed at to cause that cache entry to miss. This relies on the
469 assumption that no guest code actually has that address, hence a
470 value 0x1 seems good. m_translate gives the client a synthetic
471 segfault if it tries to execute at this address.
472 */
473 /*
474 typedef
475 struct {
476 Addr guest0;
477 Addr host0;
478 Addr guest1;
479 Addr host1;
480 Addr guest2;
481 Addr host2;
482 Addr guest3;
483 Addr host3;
484 }
485 FastCacheSet;
486 */
490 /* Make sure we're not used before initialisation. */
494 /*------------------ STATS DECLS ------------------*/
496 /* Number of fast-cache updates and flushes done. */
500 /* Number of full lookups done. */
504 /* Number/osize/tsize of translations entered; also the number of
505 those for which self-checking was requested. */
511 /* Number/osize of translations discarded due to lack of space. */
516 /* Number/osize of translations discarded due to requests to do so. */
521 /*-------------------------------------------------------------*/
522 /*--- Misc ---*/
523 /*-------------------------------------------------------------*/
526 {
528 }
531 {
533 }
536 /*-------------------------------------------------------------*/
537 /*--- Chaining support ---*/
538 /*-------------------------------------------------------------*/
541 {
550 }
553 {
561 }
564 {
569 }
572 {
576 }
579 {
581 }
584 {
586 }
589 {
596 }
597 }
600 {
609 }
610 }
612 static
614 {
621 }
622 }
624 static
626 {
634 }
636 }
637 }
639 static
641 {
648 /* The fixed array is full, so we have to initialise an
649 XArray and copy the fixed array into it. */
651 ttaux_free,
654 UWord i;
657 }
663 /* Just add to the fixed array. */
665 }
666 }
667 }
670 {
677 }
678 }
681 {
690 }
691 }
693 static
695 {
702 }
703 }
705 static
707 {
715 }
717 }
718 }
720 static
722 {
729 /* The fixed array is full, so we have to initialise an
730 XArray and copy the fixed array into it. */
732 ttaux_free,
735 UWord i;
738 }
744 /* Just add to the fixed array. */
746 }
747 }
748 }
750 static
752 {
758 }
760 /* True if hx is a dead host extent, i.e. corresponds to host code
761 of an entry that was invalidated. */
762 static
764 {
766 #define LDEBUG(m) if (DEBUG_TRANSTAB) \
767 VG_(printf) (m \
770 hx->start, hx->len, (int)(sec - sectors), \
771 hx->tteNo, \
772 sec->ttC[tteNo].entry, sec->ttC[tteNo].tcptr)
774 /* Entry might have been invalidated and not re-used yet.*/
778 }
779 /* Maybe we found this entry via a host_extents which was
780 inserted for an entry which was changed to Deleted then
781 re-used after. If this entry was re-used, then its tcptr
782 is >= to host_extents start (i.e. the previous tcptr) + len.
783 This is the case as there is no re-use of host code: a new
784 entry or re-used entry always gets "higher value" host code. */
788 }
791 #undef LDEBUG
792 }
798 {
799 SECno i;
801 /* Search order logic copied from VG_(search_transtab). */
811 HostExtent key;
818 HostExtent__cmpOrd );
823 /* Do some additional sanity checks. */
826 /* if this hx entry corresponds to dead host code, we must
827 tell this code has not been found, as it cannot be patched. */
832 /* Can only half check that the found TTEntry contains hcode,
833 due to not having a length value for the hcode in the
834 TTEntry. */
836 /* Looks plausible */
840 }
841 }
843 }
846 /* Figure out whether or not hcode is jitted code present in the main
847 code cache (but not in the no-redir cache). Used for sanity
848 checking. */
850 {
860 }
862 }
865 /* Fulfill a chaining request, and record admin info so we
866 can undo it later, if required.
867 */
869 SECno to_sNo,
870 TTEno to_tteNo,
871 Bool to_fastEP )
872 {
873 /* Get the CPU info established at startup. */
875 VexArchInfo archinfo_host;
880 // host_code is where we're patching to. So it needs to
881 // take into account, whether we're jumping to the slow
882 // or fast entry point. By definition, the fast entry point
883 // is exactly one event check's worth of code along from
884 // the slow (tcptr) entry point.
889 // stay sane -- the patch point (dst) is in this sector's code cache
894 /* Find the TTEntry for the from__ code. This isn't simple since
895 we only know the patch address, which is going to be somewhere
896 inside the from_ block. */
899 Bool from_found
901 from__patch_addr );
903 // The from code might have been discarded due to sector re-use
904 // or marked Deleted due to translation invalidation.
905 // In such a case, don't do the chaining.
907 "host code %p not found (discarded? sector recycled?)"
909 from__patch_addr);
911 }
915 /* Get VEX to do the patching itself. We have to hand it off
916 since it is host-dependent. */
917 VexInvalRange vir
920 from__patch_addr,
925 );
928 /* Now do the tricky bit -- update the ch_succs and ch_preds info
929 for the two translations involved, so we can undo the chaining
930 later, which we will have to do if the to_ block gets removed
931 for whatever reason. */
933 /* This is the new from_ -> to_ link to add. */
934 InEdge ie;
944 /* This is the new to_ -> from_ backlink to add. */
945 OutEdge oe;
951 /* Add .. */
954 }
957 /* Unchain one patch, as described by the specified InEdge. For
958 sanity check purposes only (to check that the patched location is
959 as expected) it also requires the fast and slow entry point
960 addresses of the destination block (that is, the block that owns
961 this InEdge). */
966 {
968 TTEntryC* tteC
970 UChar* place_to_patch
972 UChar* disp_cp_chain_me
976 );
977 UChar* place_to_jump_to_EXPECTED
980 // stay sane: both src and dst for this unchaining are
981 // in the main code cache
984 // dst check is ok because LibVEX_UnChain checks that
985 // place_to_jump_to_EXPECTED really is the current dst, and
986 // asserts if it isn't.
987 VexInvalRange vir
991 }
994 /* The specified block is about to be deleted. Update the preds and
995 succs of its associated blocks accordingly. This includes undoing
996 any chained jumps to this block. */
997 static
999 VexEndness endness_host,
1001 {
1013 /* Visit all InEdges owned by here_tte. */
1017 // Undo the chaining.
1021 // Find the corresponding entry in the "from" node's out_edges,
1022 // and remove it.
1031 }
1034 }
1036 /* Visit all OutEdges owned by here_tte. */
1040 // Find the corresponding entry in the "to" node's in_edges,
1041 // and remove it.
1050 }
1053 }
1057 }
1060 /*-------------------------------------------------------------*/
1061 /*--- Address-range equivalence class stuff ---*/
1062 /*-------------------------------------------------------------*/
1064 /* Return equivalence class number for a range. */
1067 {
1078 }
1079 }
1082 /* Calculates the equivalence class numbers for any VexGuestExtent.
1083 These are written in *eclasses, which must be big enough to hold 3
1084 Ints. The number written, between 1 and 3, is returned. The
1085 eclasses are presented in order, and any duplicates are removed.
1086 */
1088 static
1091 {
1093 # define SWAP(_lv1,_lv2) \
1094 do { Int t = _lv1; _lv1 = _lv2; _lv2 = t; } while (0)
1097 EClassNo r;
1106 /* only add if we haven't already seen it */
1112 }
1118 /* sort */
1122 }
1125 /* sort */
1133 }
1135 /* NOTREACHED */
1138 bad:
1142 # undef SWAP
1143 }
1146 /* Add tteno to the set of entries listed for equivalence class ec in
1147 this sector. Returns used location in eclass array. */
1149 static
1151 {
1177 }
1179 /* Common case */
1184 }
1187 /* 'vge' is being added to 'sec' at TT entry 'tteno'. Add appropriate
1188 eclass entries to 'sec'. */
1190 static
1192 {
1206 }
1207 }
1210 /* Check the eclass info in 'sec' to ensure it is consistent. Returns
1211 True if OK, False if something's not right. Expensive. */
1214 {
1215 # define BAD(_str) do { whassup = (_str); goto bad; } while (0)
1219 EClassNo i;
1220 EClassNo ec_num;
1221 TTEno tteno;
1224 /* Basic checks on this sector */
1231 /* For each eclass ... */
1243 /* For each tt reference in each eclass .. ensure the reference
1244 is to a valid tt entry, and that the entry's address ranges
1245 really include this eclass. */
1259 /* Exactly least one of tte->eclasses[0 .. tte->n_eclasses-1]
1260 must equal i. Inspect tte's eclass info. */
1275 n++;
1276 }
1279 }
1280 }
1282 /* That establishes that for each forward pointer from TTEntrys
1283 there is a corresponding backward pointer from the eclass[]
1284 arrays. However, it doesn't rule out the possibility of other,
1285 bogus pointers in the eclass[] arrays. So do those similarly:
1286 scan through them and check the TTEntryies they point at point
1287 back. */
1297 }
1313 }
1314 }
1318 bad:
1322 # if 0
1329 }
1333 }
1334 # endif
1338 # undef BAD
1339 }
1342 /* Sanity check absolutely everything. True == check passed. */
1344 /* forwards */
1348 {
1350 /* assert the array is the right size */
1353 /* Check it's of the form valid_sector_numbers ++ [INV_SNO, INV_SNO, ..] */
1358 }
1363 }
1366 /* Check each sector number only appears once */
1373 }
1374 }
1375 /* Check that the number of listed sectors equals the number
1376 in use, by counting nListed back down. */
1379 nListed--;
1380 }
1384 }
1387 {
1388 SECno sno;
1389 Bool sane;
1392 Int i;
1394 Int szhxa;
1405 nr_not_dead_hx++;
1406 }
1409 "nr_not_dead_hx %d sanity fail "
1413 }
1414 }
1421 }
1425 /*-------------------------------------------------------------*/
1426 /*--- Add/find translations ---*/
1427 /*-------------------------------------------------------------*/
1430 {
1435 }
1438 {
1443 }
1446 {
1450 }
1453 {
1461 }
1463 /* Invalidate the fast cache VG_(tt_fast). */
1465 {
1472 }
1473 n_fast_flushes++;
1474 }
1476 /* Invalidate a single fast cache entry. */
1478 {
1479 /* This shouldn't fail. It should be assured by m_translate
1480 which should reject any attempt to make translation of code
1481 starting at TRANSTAB_BOGUS_GUEST_ADDR. */
1483 /* If any entry in the line is the right one, just set it to
1484 TRANSTAB_BOGUS_GUEST_ADDR. Doing so ensure that the entry will never
1485 be used in future, so will eventually fall off the end of the line,
1486 due to LRU replacement, and be replaced with something that's actually
1487 useful. */
1492 }
1495 }
1498 }
1501 }
1502 }
1505 {
1506 /* This shouldn't fail. It should be assured by m_translate
1507 which should reject any attempt to make translation of code
1508 starting at TRANSTAB_BOGUS_GUEST_ADDR. */
1510 /* Shift all entries along one, so that the LRU one disappears, and put the
1511 new entry at the MRU position. */
1522 n_fast_updates++;
1523 }
1527 {
1528 TTEno i;
1536 }
1539 {
1542 }
1545 {
1546 UInt i;
1547 SysRes sres;
1553 }
1558 /* Sector has never been used before. Need to allocate tt and
1559 tc. */
1568 }
1578 /*NOTREACHED*/
1579 }
1588 /*NOTREACHED*/
1589 }
1598 /*NOTREACHED*/
1599 }
1607 }
1615 /*NOTREACHED*/
1616 }
1621 /* Set up the host_extents array. */
1622 sec->host_extents
1624 ttaux_free,
1627 /* Add an entry in the sector_search_order */
1631 }
1640 /* Sector has been used before. Dump the old contents. */
1643 n_sectors_recycled++;
1651 VexArchInfo archinfo_host;
1656 /* Visit each just-about-to-be-abandoned translation. */
1658 sno);
1665 /* Tell the tool too. */
1667 VexGuestExtents vge_tmp;
1671 }
1676 }
1680 }
1685 sno);
1687 /* Free up the eclass structures. */
1698 }
1699 }
1701 /* Empty out the host extents array. */
1706 /* Sanity check: ensure it is already in
1707 sector_search_order[]. */
1708 SECno ix;
1712 }
1717 }
1726 }
1727 }
1729 /* Add a translation of vge to TT/TC. The translation is temporarily
1730 in code[0 .. code_len-1].
1732 pre: youngest_sector points to a valid (although possibly full)
1733 sector.
1734 */
1736 Addr entry,
1737 Addr code,
1738 UInt code_len,
1739 Bool is_self_checking,
1740 Int offs_profInc,
1741 UInt n_guest_instrs )
1742 {
1751 /* 60000: should agree with N_TMPBUF in m_translate.c. */
1754 /* Generally stay sane */
1761 n_in_count++;
1765 n_in_sc_count++;
1773 /* Try putting the translation in this sector. */
1776 /* Will it fit in tc? */
1784 /* No. So move on to the next sector. Either it's never been
1785 used before, in which case it will get its tt/tc allocated
1786 now, or it has been used before, in which case it is set to be
1787 empty, hence throwing out the oldest sector. */
1795 "declare sector %d full "
1799 }
1800 youngest_sector++;
1805 }
1807 /* Be sure ... */
1816 /* Copy into tc. */
1827 /* more paranoia */
1832 /* Find an empty tt slot, and use it. There must be such a slot
1833 since tt is never allowed to get completely full. */
1841 = False
1851 // Point an htt entry to the tt slot
1858 htti++;
1861 }
1864 /* Patch in the profile counter location, if necessary. */
1868 VexArchInfo archinfo_host;
1872 VexInvalRange vir
1877 }
1881 /* Add this entry to the host_extents map, checking that we're
1882 adding in order. */
1894 }
1899 }
1901 /* Update the fast-cache. */
1904 /* Note the eclass numbers for this translation. */
1906 }
1909 /* Search for the translation of the given guest address. If
1910 requested, a successful search can also cause the fast-caches to be
1911 updated.
1912 */
1916 Addr guest_addr,
1917 Bool upd_cache )
1918 {
1921 TTEno tti;
1924 /* Find the initial probe point just once. It will be the same in
1925 all sectors and avoids multiple expensive % operations. */
1926 n_full_lookups++;
1930 /* Search in all the sectors,using sector_search_order[] as a
1931 heuristic guide as to what order to visit the sectors. */
1940 n_lookup_probes++;
1944 /* found it */
1954 /* pull this one one step closer to the front. For large
1955 apps this more or less halves the number of required
1956 probes. */
1961 }
1963 }
1964 // tti is HTT_EMPTY or HTT_DELETED or not the entry of guest_addr
1967 k++;
1970 }
1972 /* If we fall off the end, all entries are InUse and not
1973 matching, or Deleted. In any case we did not find it in this
1974 sector. */
1975 }
1977 /* Not found in any sector. */
1979 }
1982 /*-------------------------------------------------------------*/
1983 /*--- Delete translations. ---*/
1984 /*-------------------------------------------------------------*/
1986 /* forward */
1989 /* Stuff for deleting translations which intersect with a given
1990 address range. Unfortunately, to make this run at a reasonable
1991 speed, it is complex. */
1995 {
2001 }
2005 {
2017 }
2020 /* Delete a tt entry, and update all the eclass data accordingly. */
2025 {
2027 EClassNo ec_num;
2029 /* sec and secNo are mutually redundant; cross-check. */
2042 /* Unchain .. */
2045 /* Deal with the ec-to-tte links first. */
2052 /* Assert that the two links point at each other. */
2054 /* "delete" the pointer back to here. */
2056 }
2058 /* Now fix up this TTEntry. */
2059 /* Mark the entry as deleted in htt.
2060 Note: we could avoid the below hash table search by
2061 adding a reference from tte to its hash position in tt. */
2062 HTTno j;
2068 k++;
2071 }
2078 /* Stats .. */
2080 n_disc_count++;
2083 /* Tell the tool too. */
2085 VexGuestExtents vge_tmp;
2088 }
2089 }
2092 /* Delete translations from sec which intersect specified range, but
2093 only consider translations in the specified eclass. */
2095 static
2099 EClassNo ec,
2100 VexArch arch_host,
2101 VexEndness endness_host )
2102 {
2103 Int i;
2104 TTEno tteno;
2113 /* already deleted */
2115 }
2123 numDeld++;
2125 }
2127 }
2130 }
2133 /* Delete translations from sec which intersect specified range, the
2134 slow way, by inspecting all translations in sec. */
2136 static
2140 VexArch arch_host,
2141 VexEndness endness_host )
2142 {
2143 TTEno i;
2147 /* The entire and only purpose of splitting TTEntry into cold
2148 and hot parts (TTEntryC and TTEntryH) is to make this search
2149 loop run as fast as possible, by avoiding having to pull all
2150 of the cold data up the memory hierarchy. */
2153 numDeld++;
2155 }
2156 }
2159 }
2164 {
2166 SECno sno;
2167 EClassNo ec;
2169 /* It is very commonly the case that a call here results in discarding of
2170 exactly one superblock. As an optimisation only, use ga_deleted and
2171 numDeleted to detect this situation and to record the guest addr involved.
2172 That is then used to avoid calling invalidateFastCache in this case.
2173 Instead the individual entry in the fast cache is removed. This can reduce
2174 the overall VG_(fast_cache) miss rate significantly in applications that do
2175 a lot of short code discards (basically jit generated code that is
2176 subsequently patched).
2178 ga_deleted is made to hold the guest address of the last superblock deleted
2179 (in this call to VG_(discard_translations)). If more than one superblock
2180 is deleted (or none), then we ignore what is written to ga_deleted. If
2181 exactly one superblock is deleted then ga_deleted holds exactly what we
2182 want and will be used.
2183 */
2193 /* Pre-deletion sanity check */
2197 }
2203 VexArchInfo archinfo_host;
2208 /* There are two different ways to do this.
2210 If the range fits within a single address-range equivalence
2211 class, as will be the case for a cache line sized invalidation,
2212 then we only have to inspect the set of translations listed in
2213 that equivalence class, and also in the "sin-bin" equivalence
2214 class ECLASS_MISC.
2216 Otherwise, the invalidation is of a larger range and probably
2217 results from munmap. In this case it's (probably!) faster just
2218 to inspect all translations, dump those we don't want, and
2219 regenerate the equivalence class information (since modifying it
2220 in-situ is even more expensive).
2221 */
2223 /* First off, figure out if the range falls within a single class,
2224 and if so which one. */
2230 /* if ec is ECLASS_MISC then we aren't looking at just a single
2231 class, so use the slow scheme. Else use the fast scheme,
2232 examining 'ec' and ECLASS_MISC. */
2239 /* Fast scheme */
2249 );
2253 );
2254 }
2258 /* slow scheme */
2269 arch_host, endness_host
2270 );
2271 }
2273 }
2276 // "ga_deleted was never set"
2280 // "ga_deleted was set to something valid"
2282 // Just invalidate the individual VG_(tt_fast) cache entry \o/
2287 // "ga_deleted was set to something valid"
2289 // Nuke the entire VG_(tt_fast) cache. Sigh.
2291 }
2293 /* don't forget the no-redir cache */
2296 /* Post-deletion sanity check */
2298 TTEno i;
2301 /* But now, also check the requested address range isn't
2302 present anywhere. */
2312 }
2313 }
2314 }
2315 }
2317 /* Whether or not tools may discard translations. */
2320 /* This function is exported to tools which can use it to discard
2321 translations, provided it is safe to do so. */
2324 {
2327 }
2329 /*------------------------------------------------------------*/
2330 /*--- AUXILIARY: the unredirected TT/TC ---*/
2331 /*------------------------------------------------------------*/
2333 /* A very simple translation cache which holds a small number of
2334 unredirected translations. This is completely independent of the
2335 main tt/tc structures. When unredir_tc or unredir_tt becomes full,
2336 both structures are simply dumped and we start over.
2338 Since these translations are unredirected, the search key is (by
2339 definition) the first address entry in the .vge field. */
2341 /* Sized to hold 500 translations of average size 1000 bytes. */
2343 #define UNREDIR_SZB 1000
2345 #define N_UNREDIR_TT 500
2346 #define N_UNREDIR_TCQ (N_UNREDIR_TT * UNREDIR_SZB / (Int)sizeof(ULong))
2348 typedef
2350 VexGuestExtents vge;
2351 Addr hcode;
2352 Bool inUse;
2353 }
2354 UTCEntry;
2356 /* We just allocate forwards in _tc, never deleting. */
2360 /* Slots in _tt can come into use and out again (.inUse).
2361 Nevertheless _tt_highwater is maintained so that invalidations
2362 don't have to scan all the slots when only a few are in use.
2363 _tt_highwater holds the index of the highest ever allocated
2364 slot. */
2370 {
2371 Int i;
2378 /*NOTREACHED*/
2379 }
2381 }
2386 }
2388 /* Do a sanity check; return False on failure. */
2390 {
2391 Int i;
2403 }
2406 /* Add an UNREDIRECTED translation of vge to TT/TC. The translation
2407 is temporarily in code[0 .. code_len-1].
2408 */
2410 Addr entry,
2411 Addr code,
2412 UInt code_len )
2413 {
2419 /* This is the whole point: it's not redirected! */
2422 /* How many unredir_tt slots are needed */
2425 /* Look for an empty unredir_tc slot */
2431 /* It's full; dump everything we currently have */
2434 }
2462 }
2465 Addr guest_addr )
2466 {
2467 Int i;
2474 }
2475 }
2477 }
2480 {
2481 Int i;
2487 /* Fake up a TTEntryH just so we can pass it to overlaps()
2488 without having to make a new version of overlaps() just for
2489 this rare case. */
2490 TTEntryH tmp_tteH;
2495 }
2496 }
2497 }
2498 }
2501 /*------------------------------------------------------------*/
2502 /*--- Initialisation. ---*/
2503 /*------------------------------------------------------------*/
2506 {
2512 /* Otherwise lots of things go wrong... */
2521 /* check fast cache entries really are 8 words long */
2524 /* check fast cache entries are packed back-to-back with no spaces */
2527 /* check fast cache entries have the layout that the handwritten assembly
2528 fragments assume. */
2547 /* check fast cache is aligned as we requested. Not fatal if it
2548 isn't, but we might as well make sure. */
2551 /* The TTEntryH size is critical for keeping the LLC miss rate down
2552 when doing a lot of discarding. Hence check it here. We also
2553 have a lot of TTEntryCs so let's check that too. */
2557 }
2560 # if defined(VGP_ppc32_linux) || defined(VGP_mips32_linux) \
2561 || (defined(VGP_mips64_linux) && defined(VGABI_N32)) \
2562 || defined(VGP_nanomips_linux) || defined(VGP_arm_linux)
2563 /* On PPC32, MIPS32, ARM32 platforms, alignof(ULong) == 8, so the
2564 structure is larger than on other 32 bit targets. */
2566 # else
2568 # endif
2569 }
2572 }
2574 /* All the hassle about converting between TTEntryH and
2575 VexGuestExtents was so as to ensure the following. */
2580 "TT/TC: VG_(init_tt_tc) "
2583 /* Figure out how big each tc area should be. */
2586 else
2590 /* Ensure the calculated value is not way crazy. */
2598 /* Initialise the sectors, even the ones we aren't going to use.
2599 Set all fields to zero. */
2604 /* Initialise the sector_search_order hint table, including the
2605 entries we aren't going to use. */
2609 /* Initialise the fast cache. */
2612 /* and the unredir tt/tc */
2618 "TT/TC: cache: %s--avg-transtab-entry-size=%u, "
2629 "TT/TC: table: %'d tables[%d] of C %'d + H %'d bytes each "
2640 "TT/TC: table: %d htt[%d] of %'d bytes each = %'d total HTT"
2646 }
2657 }
2658 }
2661 /*------------------------------------------------------------*/
2662 /*--- Printing out statistics. ---*/
2663 /*------------------------------------------------------------*/
2666 {
2668 }
2671 {
2673 }
2676 {
2678 }
2681 {
2690 " transtab: new %'llu "
2691 "(%'llu -> %'llu; ratio %3.1f) [%'llu scs] "
2695 n_in_sc_count,
2711 }
2713 }
2714 }
2716 /*------------------------------------------------------------*/
2717 /*--- Printing out of profiling results. ---*/
2718 /*------------------------------------------------------------*/
2721 {
2723 }
2726 {
2727 SECno sno;
2729 ULong score_total;
2730 TTEno i;
2732 /* First, compute the total weighted count, and find the top N
2733 ttes. tops contains pointers to the most-used n_tops blocks, in
2734 descending order (viz, tops[0] is the highest scorer). */
2738 }
2749 /* Find the rank for sectors[sno].tt{C,H}[i]. */
2755 r--;
2757 }
2759 r--;
2761 }
2763 }
2764 r++;
2766 /* This bb should be placed at r, and bbs above it shifted
2767 upwards one slot. */
2773 }
2774 }
2775 }
2777 /* Now zero out all the counter fields, so that we can make
2778 multiple calls here and just get the values since the last call,
2779 each time, rather than values accumulated for the whole run. */
2787 }
2788 }
2791 }
2793 /*--------------------------------------------------------------------*/
2794 /*--- end ---*/
2795 /*--------------------------------------------------------------------*/