1
2 /*---------------------------------------------------------------*/
3 /*--- begin guest_arm_helpers.c ---*/
4 /*---------------------------------------------------------------*/
5
6 /*
7 This file is part of Valgrind, a dynamic binary instrumentation
8 framework.
9
10 Copyright (C) 2004-2011 OpenWorks LLP
11 info@open-works.net
12
13 This program is free software; you can redistribute it and/or
14 modify it under the terms of the GNU General Public License as
15 published by the Free Software Foundation; either version 2 of the
16 License, or (at your option) any later version.
17
18 This program is distributed in the hope that it will be useful, but
19 WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 General Public License for more details.
22
23 You should have received a copy of the GNU General Public License
24 along with this program; if not, write to the Free Software
25 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
26 02110-1301, USA.
27
28 The GNU General Public License is contained in the file COPYING.
29 */
30
31 #include "libvex_basictypes.h"
32 #include "libvex_emwarn.h"
33 #include "libvex_guest_arm.h"
34 #include "libvex_ir.h"
35 #include "libvex.h"
36
37 #include "main_util.h"
38 #include "guest_generic_bb_to_IR.h"
39 #include "guest_arm_defs.h"
40
41
42 /* This file contains helper functions for arm guest code. Calls to
43 these functions are generated by the back end. These calls are of
44 course in the host machine code and this file will be compiled to
45 host machine code, so that all makes sense.
46
47 Only change the signatures of these helper functions very
48 carefully. If you change the signature here, you'll have to change
49 the parameters passed to it in the IR calls constructed by
50 guest-arm/toIR.c.
51 */
52
53
54 /* Set to 1 to get detailed profiling info about individual N, Z, C
55 and V flag evaluation. */
56 #define PROFILE_NZCV_FLAGS 0
57
58 #if PROFILE_NZCV_FLAGS
59
60 static UInt tab_n_eval[ARMG_CC_OP_NUMBER];
61 static UInt tab_z_eval[ARMG_CC_OP_NUMBER];
62 static UInt tab_c_eval[ARMG_CC_OP_NUMBER];
63 static UInt tab_v_eval[ARMG_CC_OP_NUMBER];
64 static UInt initted = 0;
65 static UInt tot_evals = 0;
66
initCounts(void)67 static void initCounts ( void )
68 {
69 UInt i;
70 for (i = 0; i < ARMG_CC_OP_NUMBER; i++) {
71 tab_n_eval[i] = tab_z_eval[i] = tab_c_eval[i] = tab_v_eval[i] = 0;
72 }
73 initted = 1;
74 }
75
showCounts(void)76 static void showCounts ( void )
77 {
78 UInt i;
79 vex_printf("\n N Z C V\n");
80 vex_printf( "---------------------------------------------------\n");
81 for (i = 0; i < ARMG_CC_OP_NUMBER; i++) {
82 vex_printf("CC_OP=%d %9d %9d %9d %9d\n",
83 i,
84 tab_n_eval[i], tab_z_eval[i],
85 tab_c_eval[i], tab_v_eval[i] );
86 }
87 }
88
89 #define NOTE_N_EVAL(_cc_op) NOTE_EVAL(_cc_op, tab_n_eval)
90 #define NOTE_Z_EVAL(_cc_op) NOTE_EVAL(_cc_op, tab_z_eval)
91 #define NOTE_C_EVAL(_cc_op) NOTE_EVAL(_cc_op, tab_c_eval)
92 #define NOTE_V_EVAL(_cc_op) NOTE_EVAL(_cc_op, tab_v_eval)
93
94 #define NOTE_EVAL(_cc_op, _tab) \
95 do { \
96 if (!initted) initCounts(); \
97 vassert( ((UInt)(_cc_op)) < ARMG_CC_OP_NUMBER); \
98 _tab[(UInt)(_cc_op)]++; \
99 tot_evals++; \
100 if (0 == (tot_evals & 0xFFFFF)) \
101 showCounts(); \
102 } while (0)
103
104 #endif /* PROFILE_NZCV_FLAGS */
105
106
107 /* Calculate the N flag from the supplied thunk components, in the
108 least significant bit of the word. Returned bits 31:1 are zero. */
109 static
armg_calculate_flag_n(UInt cc_op,UInt cc_dep1,UInt cc_dep2,UInt cc_dep3)110 UInt armg_calculate_flag_n ( UInt cc_op, UInt cc_dep1,
111 UInt cc_dep2, UInt cc_dep3 )
112 {
113 # if PROFILE_NZCV_FLAGS
114 NOTE_N_EVAL(cc_op);
115 # endif
116
117 switch (cc_op) {
118 case ARMG_CC_OP_COPY: {
119 /* (nzcv:28x0, unused, unused) */
120 UInt nf = (cc_dep1 >> ARMG_CC_SHIFT_N) & 1;
121 return nf;
122 }
123 case ARMG_CC_OP_ADD: {
124 /* (argL, argR, unused) */
125 UInt argL = cc_dep1;
126 UInt argR = cc_dep2;
127 UInt res = argL + argR;
128 UInt nf = res >> 31;
129 return nf;
130 }
131 case ARMG_CC_OP_SUB: {
132 /* (argL, argR, unused) */
133 UInt argL = cc_dep1;
134 UInt argR = cc_dep2;
135 UInt res = argL - argR;
136 UInt nf = res >> 31;
137 return nf;
138 }
139 case ARMG_CC_OP_ADC: {
140 /* (argL, argR, oldC) */
141 UInt argL = cc_dep1;
142 UInt argR = cc_dep2;
143 UInt oldC = cc_dep3;
144 vassert((oldC & ~1) == 0);
145 UInt res = argL + argR + oldC;
146 UInt nf = res >> 31;
147 return nf;
148 }
149 case ARMG_CC_OP_SBB: {
150 /* (argL, argR, oldC) */
151 UInt argL = cc_dep1;
152 UInt argR = cc_dep2;
153 UInt oldC = cc_dep3;
154 vassert((oldC & ~1) == 0);
155 UInt res = argL - argR - (oldC ^ 1);
156 UInt nf = res >> 31;
157 return nf;
158 }
159 case ARMG_CC_OP_LOGIC: {
160 /* (res, shco, oldV) */
161 UInt res = cc_dep1;
162 UInt nf = res >> 31;
163 return nf;
164 }
165 case ARMG_CC_OP_MUL: {
166 /* (res, unused, oldC:oldV) */
167 UInt res = cc_dep1;
168 UInt nf = res >> 31;
169 return nf;
170 }
171 case ARMG_CC_OP_MULL: {
172 /* (resLo32, resHi32, oldC:oldV) */
173 UInt resHi32 = cc_dep2;
174 UInt nf = resHi32 >> 31;
175 return nf;
176 }
177 default:
178 /* shouldn't really make these calls from generated code */
179 vex_printf("armg_calculate_flag_n"
180 "( op=%u, dep1=0x%x, dep2=0x%x, dep3=0x%x )\n",
181 cc_op, cc_dep1, cc_dep2, cc_dep3 );
182 vpanic("armg_calculate_flags_n");
183 }
184 }
185
186
187 /* Calculate the Z flag from the supplied thunk components, in the
188 least significant bit of the word. Returned bits 31:1 are zero. */
189 static
armg_calculate_flag_z(UInt cc_op,UInt cc_dep1,UInt cc_dep2,UInt cc_dep3)190 UInt armg_calculate_flag_z ( UInt cc_op, UInt cc_dep1,
191 UInt cc_dep2, UInt cc_dep3 )
192 {
193 # if PROFILE_NZCV_FLAGS
194 NOTE_Z_EVAL(cc_op);
195 # endif
196
197 switch (cc_op) {
198 case ARMG_CC_OP_COPY: {
199 /* (nzcv:28x0, unused, unused) */
200 UInt zf = (cc_dep1 >> ARMG_CC_SHIFT_Z) & 1;
201 return zf;
202 }
203 case ARMG_CC_OP_ADD: {
204 /* (argL, argR, unused) */
205 UInt argL = cc_dep1;
206 UInt argR = cc_dep2;
207 UInt res = argL + argR;
208 UInt zf = res == 0;
209 return zf;
210 }
211 case ARMG_CC_OP_SUB: {
212 /* (argL, argR, unused) */
213 UInt argL = cc_dep1;
214 UInt argR = cc_dep2;
215 UInt res = argL - argR;
216 UInt zf = res == 0;
217 return zf;
218 }
219 case ARMG_CC_OP_ADC: {
220 /* (argL, argR, oldC) */
221 UInt argL = cc_dep1;
222 UInt argR = cc_dep2;
223 UInt oldC = cc_dep3;
224 vassert((oldC & ~1) == 0);
225 UInt res = argL + argR + oldC;
226 UInt zf = res == 0;
227 return zf;
228 }
229 case ARMG_CC_OP_SBB: {
230 /* (argL, argR, oldC) */
231 UInt argL = cc_dep1;
232 UInt argR = cc_dep2;
233 UInt oldC = cc_dep3;
234 vassert((oldC & ~1) == 0);
235 UInt res = argL - argR - (oldC ^ 1);
236 UInt zf = res == 0;
237 return zf;
238 }
239 case ARMG_CC_OP_LOGIC: {
240 /* (res, shco, oldV) */
241 UInt res = cc_dep1;
242 UInt zf = res == 0;
243 return zf;
244 }
245 case ARMG_CC_OP_MUL: {
246 /* (res, unused, oldC:oldV) */
247 UInt res = cc_dep1;
248 UInt zf = res == 0;
249 return zf;
250 }
251 case ARMG_CC_OP_MULL: {
252 /* (resLo32, resHi32, oldC:oldV) */
253 UInt resLo32 = cc_dep1;
254 UInt resHi32 = cc_dep2;
255 UInt zf = (resHi32|resLo32) == 0;
256 return zf;
257 }
258 default:
259 /* shouldn't really make these calls from generated code */
260 vex_printf("armg_calculate_flags_z"
261 "( op=%u, dep1=0x%x, dep2=0x%x, dep3=0x%x )\n",
262 cc_op, cc_dep1, cc_dep2, cc_dep3 );
263 vpanic("armg_calculate_flags_z");
264 }
265 }
266
267
268 /* CALLED FROM GENERATED CODE: CLEAN HELPER */
269 /* Calculate the C flag from the supplied thunk components, in the
270 least significant bit of the word. Returned bits 31:1 are zero. */
armg_calculate_flag_c(UInt cc_op,UInt cc_dep1,UInt cc_dep2,UInt cc_dep3)271 UInt armg_calculate_flag_c ( UInt cc_op, UInt cc_dep1,
272 UInt cc_dep2, UInt cc_dep3 )
273 {
274 # if PROFILE_NZCV_FLAGS
275 NOTE_C_EVAL(cc_op);
276 # endif
277
278 switch (cc_op) {
279 case ARMG_CC_OP_COPY: {
280 /* (nzcv:28x0, unused, unused) */
281 UInt cf = (cc_dep1 >> ARMG_CC_SHIFT_C) & 1;
282 return cf;
283 }
284 case ARMG_CC_OP_ADD: {
285 /* (argL, argR, unused) */
286 UInt argL = cc_dep1;
287 UInt argR = cc_dep2;
288 UInt res = argL + argR;
289 UInt cf = res < argL;
290 return cf;
291 }
292 case ARMG_CC_OP_SUB: {
293 /* (argL, argR, unused) */
294 UInt argL = cc_dep1;
295 UInt argR = cc_dep2;
296 UInt cf = argL >= argR;
297 return cf;
298 }
299 case ARMG_CC_OP_ADC: {
300 /* (argL, argR, oldC) */
301 UInt argL = cc_dep1;
302 UInt argR = cc_dep2;
303 UInt oldC = cc_dep3;
304 vassert((oldC & ~1) == 0);
305 UInt res = argL + argR + oldC;
306 UInt cf = oldC ? (res <= argL) : (res < argL);
307 return cf;
308 }
309 case ARMG_CC_OP_SBB: {
310 /* (argL, argR, oldC) */
311 UInt argL = cc_dep1;
312 UInt argR = cc_dep2;
313 UInt oldC = cc_dep3;
314 vassert((oldC & ~1) == 0);
315 UInt cf = oldC ? (argL >= argR) : (argL > argR);
316 return cf;
317 }
318 case ARMG_CC_OP_LOGIC: {
319 /* (res, shco, oldV) */
320 UInt shco = cc_dep2;
321 vassert((shco & ~1) == 0);
322 UInt cf = shco;
323 return cf;
324 }
325 case ARMG_CC_OP_MUL: {
326 /* (res, unused, oldC:oldV) */
327 UInt oldC = (cc_dep3 >> 1) & 1;
328 vassert((cc_dep3 & ~3) == 0);
329 UInt cf = oldC;
330 return cf;
331 }
332 case ARMG_CC_OP_MULL: {
333 /* (resLo32, resHi32, oldC:oldV) */
334 UInt oldC = (cc_dep3 >> 1) & 1;
335 vassert((cc_dep3 & ~3) == 0);
336 UInt cf = oldC;
337 return cf;
338 }
339 default:
340 /* shouldn't really make these calls from generated code */
341 vex_printf("armg_calculate_flag_c"
342 "( op=%u, dep1=0x%x, dep2=0x%x, dep3=0x%x )\n",
343 cc_op, cc_dep1, cc_dep2, cc_dep3 );
344 vpanic("armg_calculate_flag_c");
345 }
346 }
347
348
349 /* CALLED FROM GENERATED CODE: CLEAN HELPER */
350 /* Calculate the V flag from the supplied thunk components, in the
351 least significant bit of the word. Returned bits 31:1 are zero. */
armg_calculate_flag_v(UInt cc_op,UInt cc_dep1,UInt cc_dep2,UInt cc_dep3)352 UInt armg_calculate_flag_v ( UInt cc_op, UInt cc_dep1,
353 UInt cc_dep2, UInt cc_dep3 )
354 {
355 # if PROFILE_NZCV_FLAGS
356 NOTE_V_EVAL(cc_op);
357 # endif
358
359 switch (cc_op) {
360 case ARMG_CC_OP_COPY: {
361 /* (nzcv:28x0, unused, unused) */
362 UInt vf = (cc_dep1 >> ARMG_CC_SHIFT_V) & 1;
363 return vf;
364 }
365 case ARMG_CC_OP_ADD: {
366 /* (argL, argR, unused) */
367 UInt argL = cc_dep1;
368 UInt argR = cc_dep2;
369 UInt res = argL + argR;
370 UInt vf = ((res ^ argL) & (res ^ argR)) >> 31;
371 return vf;
372 }
373 case ARMG_CC_OP_SUB: {
374 /* (argL, argR, unused) */
375 UInt argL = cc_dep1;
376 UInt argR = cc_dep2;
377 UInt res = argL - argR;
378 UInt vf = ((argL ^ argR) & (argL ^ res)) >> 31;
379 return vf;
380 }
381 case ARMG_CC_OP_ADC: {
382 /* (argL, argR, oldC) */
383 UInt argL = cc_dep1;
384 UInt argR = cc_dep2;
385 UInt oldC = cc_dep3;
386 vassert((oldC & ~1) == 0);
387 UInt res = argL + argR + oldC;
388 UInt vf = ((res ^ argL) & (res ^ argR)) >> 31;
389 return vf;
390 }
391 case ARMG_CC_OP_SBB: {
392 /* (argL, argR, oldC) */
393 UInt argL = cc_dep1;
394 UInt argR = cc_dep2;
395 UInt oldC = cc_dep3;
396 vassert((oldC & ~1) == 0);
397 UInt res = argL - argR - (oldC ^ 1);
398 UInt vf = ((argL ^ argR) & (argL ^ res)) >> 31;
399 return vf;
400 }
401 case ARMG_CC_OP_LOGIC: {
402 /* (res, shco, oldV) */
403 UInt oldV = cc_dep3;
404 vassert((oldV & ~1) == 0);
405 UInt vf = oldV;
406 return vf;
407 }
408 case ARMG_CC_OP_MUL: {
409 /* (res, unused, oldC:oldV) */
410 UInt oldV = (cc_dep3 >> 0) & 1;
411 vassert((cc_dep3 & ~3) == 0);
412 UInt vf = oldV;
413 return vf;
414 }
415 case ARMG_CC_OP_MULL: {
416 /* (resLo32, resHi32, oldC:oldV) */
417 UInt oldV = (cc_dep3 >> 0) & 1;
418 vassert((cc_dep3 & ~3) == 0);
419 UInt vf = oldV;
420 return vf;
421 }
422 default:
423 /* shouldn't really make these calls from generated code */
424 vex_printf("armg_calculate_flag_v"
425 "( op=%u, dep1=0x%x, dep2=0x%x, dep3=0x%x )\n",
426 cc_op, cc_dep1, cc_dep2, cc_dep3 );
427 vpanic("armg_calculate_flag_v");
428 }
429 }
430
431
432 /* CALLED FROM GENERATED CODE: CLEAN HELPER */
433 /* Calculate NZCV from the supplied thunk components, in the positions
434 they appear in the CPSR, viz bits 31:28 for N Z C V respectively.
435 Returned bits 27:0 are zero. */
armg_calculate_flags_nzcv(UInt cc_op,UInt cc_dep1,UInt cc_dep2,UInt cc_dep3)436 UInt armg_calculate_flags_nzcv ( UInt cc_op, UInt cc_dep1,
437 UInt cc_dep2, UInt cc_dep3 )
438 {
439 UInt f;
440 UInt res = 0;
441 f = armg_calculate_flag_n(cc_op, cc_dep1, cc_dep2, cc_dep3);
442 res |= (f << ARMG_CC_SHIFT_N);
443 f = armg_calculate_flag_z(cc_op, cc_dep1, cc_dep2, cc_dep3);
444 res |= (f << ARMG_CC_SHIFT_Z);
445 f = armg_calculate_flag_c(cc_op, cc_dep1, cc_dep2, cc_dep3);
446 res |= (f << ARMG_CC_SHIFT_C);
447 f = armg_calculate_flag_v(cc_op, cc_dep1, cc_dep2, cc_dep3);
448 res |= (f << ARMG_CC_SHIFT_V);
449 return res;
450 }
451
452
453 /* CALLED FROM GENERATED CODE: CLEAN HELPER */
454 /* Calculate the QC flag from the arguments, in the lowest bit
455 of the word (bit 0). Urr, having this out of line is bizarre.
456 Push back inline. */
armg_calculate_flag_qc(UInt resL1,UInt resL2,UInt resR1,UInt resR2)457 UInt armg_calculate_flag_qc ( UInt resL1, UInt resL2,
458 UInt resR1, UInt resR2 )
459 {
460 if (resL1 != resR1 || resL2 != resR2)
461 return 1;
462 else
463 return 0;
464 }
465
466 /* CALLED FROM GENERATED CODE: CLEAN HELPER */
467 /* Calculate the specified condition from the thunk components, in the
468 lowest bit of the word (bit 0). Returned bits 31:1 are zero. */
armg_calculate_condition(UInt cond_n_op,UInt cc_dep1,UInt cc_dep2,UInt cc_dep3)469 UInt armg_calculate_condition ( UInt cond_n_op /* (ARMCondcode << 4) | cc_op */,
470 UInt cc_dep1,
471 UInt cc_dep2, UInt cc_dep3 )
472 {
473 UInt cond = cond_n_op >> 4;
474 UInt cc_op = cond_n_op & 0xF;
475 UInt nf, zf, vf, cf, inv;
476 // vex_printf("XXXXXXXX %x %x %x %x\n",
477 // cond_n_op, cc_dep1, cc_dep2, cc_dep3);
478
479 // skip flags computation in this case
480 if (cond == ARMCondAL) return 1;
481
482 inv = cond & 1;
483
484 switch (cond) {
485 case ARMCondEQ: // Z=1 => z
486 case ARMCondNE: // Z=0
487 zf = armg_calculate_flag_z(cc_op, cc_dep1, cc_dep2, cc_dep3);
488 return inv ^ zf;
489
490 case ARMCondHS: // C=1 => c
491 case ARMCondLO: // C=0
492 cf = armg_calculate_flag_c(cc_op, cc_dep1, cc_dep2, cc_dep3);
493 return inv ^ cf;
494
495 case ARMCondMI: // N=1 => n
496 case ARMCondPL: // N=0
497 nf = armg_calculate_flag_n(cc_op, cc_dep1, cc_dep2, cc_dep3);
498 return inv ^ nf;
499
500 case ARMCondVS: // V=1 => v
501 case ARMCondVC: // V=0
502 vf = armg_calculate_flag_v(cc_op, cc_dep1, cc_dep2, cc_dep3);
503 return inv ^ vf;
504
505 case ARMCondHI: // C=1 && Z=0 => c & ~z
506 case ARMCondLS: // C=0 || Z=1
507 cf = armg_calculate_flag_c(cc_op, cc_dep1, cc_dep2, cc_dep3);
508 zf = armg_calculate_flag_z(cc_op, cc_dep1, cc_dep2, cc_dep3);
509 return inv ^ (cf & ~zf);
510
511 case ARMCondGE: // N=V => ~(n^v)
512 case ARMCondLT: // N!=V
513 nf = armg_calculate_flag_n(cc_op, cc_dep1, cc_dep2, cc_dep3);
514 vf = armg_calculate_flag_v(cc_op, cc_dep1, cc_dep2, cc_dep3);
515 return inv ^ (1 & ~(nf ^ vf));
516
517 case ARMCondGT: // Z=0 && N=V => ~z & ~(n^v) => ~(z | (n^v))
518 case ARMCondLE: // Z=1 || N!=V
519 nf = armg_calculate_flag_n(cc_op, cc_dep1, cc_dep2, cc_dep3);
520 vf = armg_calculate_flag_v(cc_op, cc_dep1, cc_dep2, cc_dep3);
521 zf = armg_calculate_flag_z(cc_op, cc_dep1, cc_dep2, cc_dep3);
522 return inv ^ (1 & ~(zf | (nf ^ vf)));
523
524 case ARMCondAL: // handled above
525 case ARMCondNV: // should never get here: Illegal instr
526 default:
527 /* shouldn't really make these calls from generated code */
528 vex_printf("armg_calculate_condition(ARM)"
529 "( %u, %u, 0x%x, 0x%x, 0x%x )\n",
530 cond, cc_op, cc_dep1, cc_dep2, cc_dep3 );
531 vpanic("armg_calculate_condition(ARM)");
532 }
533 }
534
535
536 /*---------------------------------------------------------------*/
537 /*--- Flag-helpers translation-time function specialisers. ---*/
538 /*--- These help iropt specialise calls the above run-time ---*/
539 /*--- flags functions. ---*/
540 /*---------------------------------------------------------------*/
541
542 /* Used by the optimiser to try specialisations. Returns an
543 equivalent expression, or NULL if none. */
544
isU32(IRExpr * e,UInt n)545 static Bool isU32 ( IRExpr* e, UInt n )
546 {
547 return
548 toBool( e->tag == Iex_Const
549 && e->Iex.Const.con->tag == Ico_U32
550 && e->Iex.Const.con->Ico.U32 == n );
551 }
552
guest_arm_spechelper(HChar * function_name,IRExpr ** args,IRStmt ** precedingStmts,Int n_precedingStmts)553 IRExpr* guest_arm_spechelper ( HChar* function_name,
554 IRExpr** args,
555 IRStmt** precedingStmts,
556 Int n_precedingStmts )
557 {
558 # define unop(_op,_a1) IRExpr_Unop((_op),(_a1))
559 # define binop(_op,_a1,_a2) IRExpr_Binop((_op),(_a1),(_a2))
560 # define mkU32(_n) IRExpr_Const(IRConst_U32(_n))
561 # define mkU8(_n) IRExpr_Const(IRConst_U8(_n))
562
563 Int i, arity = 0;
564 for (i = 0; args[i]; i++)
565 arity++;
566 # if 0
567 vex_printf("spec request:\n");
568 vex_printf(" %s ", function_name);
569 for (i = 0; i < arity; i++) {
570 vex_printf(" ");
571 ppIRExpr(args[i]);
572 }
573 vex_printf("\n");
574 # endif
575
576 /* --------- specialising "armg_calculate_condition" --------- */
577
578 if (vex_streq(function_name, "armg_calculate_condition")) {
579
580 /* specialise calls to the "armg_calculate_condition" function.
581 Not sure whether this is strictly necessary, but: the
582 replacement IR must produce only the values 0 or 1. Bits
583 31:1 are required to be zero. */
584 IRExpr *cond_n_op, *cc_dep1, *cc_dep2, *cc_ndep;
585 vassert(arity == 4);
586 cond_n_op = args[0]; /* (ARMCondcode << 4) | ARMG_CC_OP_* */
587 cc_dep1 = args[1];
588 cc_dep2 = args[2];
589 cc_ndep = args[3];
590
591 /*---------------- SUB ----------------*/
592
593 if (isU32(cond_n_op, (ARMCondEQ << 4) | ARMG_CC_OP_SUB)) {
594 /* EQ after SUB --> test argL == argR */
595 return unop(Iop_1Uto32,
596 binop(Iop_CmpEQ32, cc_dep1, cc_dep2));
597 }
598 if (isU32(cond_n_op, (ARMCondNE << 4) | ARMG_CC_OP_SUB)) {
599 /* NE after SUB --> test argL != argR */
600 return unop(Iop_1Uto32,
601 binop(Iop_CmpNE32, cc_dep1, cc_dep2));
602 }
603
604 if (isU32(cond_n_op, (ARMCondGT << 4) | ARMG_CC_OP_SUB)) {
605 /* GT after SUB --> test argL >s argR
606 --> test argR <s argL */
607 return unop(Iop_1Uto32,
608 binop(Iop_CmpLT32S, cc_dep2, cc_dep1));
609 }
610 if (isU32(cond_n_op, (ARMCondLE << 4) | ARMG_CC_OP_SUB)) {
611 /* LE after SUB --> test argL <=s argR */
612 return unop(Iop_1Uto32,
613 binop(Iop_CmpLE32S, cc_dep1, cc_dep2));
614 }
615
616 if (isU32(cond_n_op, (ARMCondLT << 4) | ARMG_CC_OP_SUB)) {
617 /* LT after SUB --> test argL <s argR */
618 return unop(Iop_1Uto32,
619 binop(Iop_CmpLT32S, cc_dep1, cc_dep2));
620 }
621
622 if (isU32(cond_n_op, (ARMCondGE << 4) | ARMG_CC_OP_SUB)) {
623 /* GE after SUB --> test argL >=s argR
624 --> test argR <=s argL */
625 return unop(Iop_1Uto32,
626 binop(Iop_CmpLE32S, cc_dep2, cc_dep1));
627 }
628
629 if (isU32(cond_n_op, (ARMCondHS << 4) | ARMG_CC_OP_SUB)) {
630 /* HS after SUB --> test argL >=u argR
631 --> test argR <=u argL */
632 return unop(Iop_1Uto32,
633 binop(Iop_CmpLE32U, cc_dep2, cc_dep1));
634 }
635 if (isU32(cond_n_op, (ARMCondLO << 4) | ARMG_CC_OP_SUB)) {
636 /* LO after SUB --> test argL <u argR */
637 return unop(Iop_1Uto32,
638 binop(Iop_CmpLT32U, cc_dep1, cc_dep2));
639 }
640
641 if (isU32(cond_n_op, (ARMCondLS << 4) | ARMG_CC_OP_SUB)) {
642 /* LS after SUB --> test argL <=u argR */
643 return unop(Iop_1Uto32,
644 binop(Iop_CmpLE32U, cc_dep1, cc_dep2));
645 }
646
647 /*---------------- SBB ----------------*/
648
649 if (isU32(cond_n_op, (ARMCondHS << 4) | ARMG_CC_OP_SBB)) {
650 /* This seems to happen a lot in softfloat code, eg __divdf3+140 */
651 /* thunk is: (dep1=argL, dep2=argR, ndep=oldC) */
652 /* HS after SBB (same as C after SBB below)
653 --> oldC ? (argL >=u argR) : (argL >u argR)
654 --> oldC ? (argR <=u argL) : (argR <u argL)
655 */
656 return
657 IRExpr_Mux0X(
658 unop(Iop_32to8, cc_ndep),
659 /* case oldC == 0 */
660 unop(Iop_1Uto32, binop(Iop_CmpLT32U, cc_dep2, cc_dep1)),
661 /* case oldC != 0 */
662 unop(Iop_1Uto32, binop(Iop_CmpLE32U, cc_dep2, cc_dep1))
663 );
664 }
665
666 /*---------------- LOGIC ----------------*/
667
668 if (isU32(cond_n_op, (ARMCondEQ << 4) | ARMG_CC_OP_LOGIC)) {
669 /* EQ after LOGIC --> test res == 0 */
670 return unop(Iop_1Uto32,
671 binop(Iop_CmpEQ32, cc_dep1, mkU32(0)));
672 }
673 if (isU32(cond_n_op, (ARMCondNE << 4) | ARMG_CC_OP_LOGIC)) {
674 /* NE after LOGIC --> test res != 0 */
675 return unop(Iop_1Uto32,
676 binop(Iop_CmpNE32, cc_dep1, mkU32(0)));
677 }
678
679 if (isU32(cond_n_op, (ARMCondPL << 4) | ARMG_CC_OP_LOGIC)) {
680 /* PL after LOGIC --> test (res >> 31) == 0 */
681 return unop(Iop_1Uto32,
682 binop(Iop_CmpEQ32,
683 binop(Iop_Shr32, cc_dep1, mkU8(31)),
684 mkU32(0)));
685 }
686 if (isU32(cond_n_op, (ARMCondMI << 4) | ARMG_CC_OP_LOGIC)) {
687 /* MI after LOGIC --> test (res >> 31) == 1 */
688 return unop(Iop_1Uto32,
689 binop(Iop_CmpEQ32,
690 binop(Iop_Shr32, cc_dep1, mkU8(31)),
691 mkU32(1)));
692 }
693
694 /*----------------- AL -----------------*/
695
696 /* A critically important case for Thumb code.
697
698 What we're trying to spot is the case where cond_n_op is an
699 expression of the form Or32(..., 0xE0) since that means the
700 caller is asking for CondAL and we can simply return 1
701 without caring what the ... part is. This is a potentially
702 dodgy kludge in that it assumes that the ... part has zeroes
703 in bits 7:4, so that the result of the Or32 is guaranteed to
704 be 0xE in bits 7:4. Given that the places where this first
705 arg are constructed (in guest_arm_toIR.c) are very
706 constrained, we can get away with this. To make this
707 guaranteed safe would require to have a new primop, Slice44
708 or some such, thusly
709
710 Slice44(arg1, arg2) = 0--(24)--0 arg1[7:4] arg2[3:0]
711
712 and we would then look for Slice44(0xE0, ...)
713 which would give the required safety property.
714
715 It would be infeasibly expensive to scan backwards through
716 the entire block looking for an assignment to the temp, so
717 just look at the previous 16 statements. That should find it
718 if it is an interesting case, as a result of how the
719 boilerplate guff at the start of each Thumb insn translation
720 is made.
721 */
722 if (cond_n_op->tag == Iex_RdTmp) {
723 Int j;
724 IRTemp look_for = cond_n_op->Iex.RdTmp.tmp;
725 Int limit = n_precedingStmts - 16;
726 if (limit < 0) limit = 0;
727 if (0) vex_printf("scanning %d .. %d\n", n_precedingStmts-1, limit);
728 for (j = n_precedingStmts - 1; j >= limit; j--) {
729 IRStmt* st = precedingStmts[j];
730 if (st->tag == Ist_WrTmp
731 && st->Ist.WrTmp.tmp == look_for
732 && st->Ist.WrTmp.data->tag == Iex_Binop
733 && st->Ist.WrTmp.data->Iex.Binop.op == Iop_Or32
734 && isU32(st->Ist.WrTmp.data->Iex.Binop.arg2, (ARMCondAL << 4)))
735 return mkU32(1);
736 }
737 /* Didn't find any useful binding to the first arg
738 in the previous 16 stmts. */
739 }
740 }
741
742 /* --------- specialising "armg_calculate_flag_c" --------- */
743
744 else
745 if (vex_streq(function_name, "armg_calculate_flag_c")) {
746
747 /* specialise calls to the "armg_calculate_flag_c" function.
748 Note that the returned value must be either 0 or 1; nonzero
749 bits 31:1 are not allowed. In turn, incoming oldV and oldC
750 values (from the thunk) are assumed to have bits 31:1
751 clear. */
752 IRExpr *cc_op, *cc_dep1, *cc_dep2, *cc_ndep;
753 vassert(arity == 4);
754 cc_op = args[0]; /* ARMG_CC_OP_* */
755 cc_dep1 = args[1];
756 cc_dep2 = args[2];
757 cc_ndep = args[3];
758
759 if (isU32(cc_op, ARMG_CC_OP_LOGIC)) {
760 /* Thunk args are (result, shco, oldV) */
761 /* C after LOGIC --> shco */
762 return cc_dep2;
763 }
764
765 if (isU32(cc_op, ARMG_CC_OP_SUB)) {
766 /* Thunk args are (argL, argR, unused) */
767 /* C after SUB --> argL >=u argR
768 --> argR <=u argL */
769 return unop(Iop_1Uto32,
770 binop(Iop_CmpLE32U, cc_dep2, cc_dep1));
771 }
772
773 if (isU32(cc_op, ARMG_CC_OP_SBB)) {
774 /* This happens occasionally in softfloat code, eg __divdf3+140 */
775 /* thunk is: (dep1=argL, dep2=argR, ndep=oldC) */
776 /* C after SBB (same as HS after SBB above)
777 --> oldC ? (argL >=u argR) : (argL >u argR)
778 --> oldC ? (argR <=u argL) : (argR <u argL)
779 */
780 return
781 IRExpr_Mux0X(
782 unop(Iop_32to8, cc_ndep),
783 /* case oldC == 0 */
784 unop(Iop_1Uto32, binop(Iop_CmpLT32U, cc_dep2, cc_dep1)),
785 /* case oldC != 0 */
786 unop(Iop_1Uto32, binop(Iop_CmpLE32U, cc_dep2, cc_dep1))
787 );
788 }
789
790 }
791
792 /* --------- specialising "armg_calculate_flag_v" --------- */
793
794 else
795 if (vex_streq(function_name, "armg_calculate_flag_v")) {
796
797 /* specialise calls to the "armg_calculate_flag_v" function.
798 Note that the returned value must be either 0 or 1; nonzero
799 bits 31:1 are not allowed. In turn, incoming oldV and oldC
800 values (from the thunk) are assumed to have bits 31:1
801 clear. */
802 IRExpr *cc_op, *cc_dep1, *cc_dep2, *cc_ndep;
803 vassert(arity == 4);
804 cc_op = args[0]; /* ARMG_CC_OP_* */
805 cc_dep1 = args[1];
806 cc_dep2 = args[2];
807 cc_ndep = args[3];
808
809 if (isU32(cc_op, ARMG_CC_OP_LOGIC)) {
810 /* Thunk args are (result, shco, oldV) */
811 /* V after LOGIC --> oldV */
812 return cc_ndep;
813 }
814
815 if (isU32(cc_op, ARMG_CC_OP_SUB)) {
816 /* Thunk args are (argL, argR, unused) */
817 /* V after SUB
818 --> let res = argL - argR
819 in ((argL ^ argR) & (argL ^ res)) >> 31
820 --> ((argL ^ argR) & (argL ^ (argL - argR))) >> 31
821 */
822 IRExpr* argL = cc_dep1;
823 IRExpr* argR = cc_dep2;
824 return
825 binop(Iop_Shr32,
826 binop(Iop_And32,
827 binop(Iop_Xor32, argL, argR),
828 binop(Iop_Xor32, argL, binop(Iop_Sub32, argL, argR))
829 ),
830 mkU8(31)
831 );
832 }
833
834 if (isU32(cc_op, ARMG_CC_OP_SBB)) {
835 /* This happens occasionally in softfloat code, eg __divdf3+140 */
836 /* thunk is: (dep1=argL, dep2=argR, ndep=oldC) */
837 /* V after SBB
838 --> let res = argL - argR - (oldC ^ 1)
839 in (argL ^ argR) & (argL ^ res) & 1
840 */
841 return
842 binop(
843 Iop_And32,
844 binop(
845 Iop_And32,
846 // argL ^ argR
847 binop(Iop_Xor32, cc_dep1, cc_dep2),
848 // argL ^ (argL - argR - (oldC ^ 1))
849 binop(Iop_Xor32,
850 cc_dep1,
851 binop(Iop_Sub32,
852 binop(Iop_Sub32, cc_dep1, cc_dep2),
853 binop(Iop_Xor32, cc_ndep, mkU32(1)))
854 )
855 ),
856 mkU32(1)
857 );
858 }
859
860 }
861
862 # undef unop
863 # undef binop
864 # undef mkU32
865 # undef mkU8
866
867 return NULL;
868 }
869
870
871 /*----------------------------------------------*/
872 /*--- The exported fns .. ---*/
873 /*----------------------------------------------*/
874
875 /* VISIBLE TO LIBVEX CLIENT */
876 #if 0
877 void LibVEX_GuestARM_put_flags ( UInt flags_native,
878 /*OUT*/VexGuestARMState* vex_state )
879 {
880 vassert(0); // FIXME
881
882 /* Mask out everything except N Z V C. */
883 flags_native
884 &= (ARMG_CC_MASK_N | ARMG_CC_MASK_Z | ARMG_CC_MASK_V | ARMG_CC_MASK_C);
885
886 vex_state->guest_CC_OP = ARMG_CC_OP_COPY;
887 vex_state->guest_CC_DEP1 = flags_native;
888 vex_state->guest_CC_DEP2 = 0;
889 vex_state->guest_CC_NDEP = 0;
890 }
891 #endif
892
893 /* VISIBLE TO LIBVEX CLIENT */
LibVEX_GuestARM_get_cpsr(VexGuestARMState * vex_state)894 UInt LibVEX_GuestARM_get_cpsr ( /*IN*/VexGuestARMState* vex_state )
895 {
896 UInt cpsr = 0;
897 // NZCV
898 cpsr |= armg_calculate_flags_nzcv(
899 vex_state->guest_CC_OP,
900 vex_state->guest_CC_DEP1,
901 vex_state->guest_CC_DEP2,
902 vex_state->guest_CC_NDEP
903 );
904 vassert(0 == (cpsr & 0x0FFFFFFF));
905 // Q
906 if (vex_state->guest_QFLAG32 > 0)
907 cpsr |= (1 << 27);
908 // GE
909 if (vex_state->guest_GEFLAG0 > 0)
910 cpsr |= (1 << 16);
911 if (vex_state->guest_GEFLAG1 > 0)
912 cpsr |= (1 << 17);
913 if (vex_state->guest_GEFLAG2 > 0)
914 cpsr |= (1 << 18);
915 if (vex_state->guest_GEFLAG3 > 0)
916 cpsr |= (1 << 19);
917 // M
918 cpsr |= (1 << 4); // 0b10000 means user-mode
919 // J,T J (bit 24) is zero by initialisation above
920 // T we copy from R15T[0]
921 if (vex_state->guest_R15T & 1)
922 cpsr |= (1 << 5);
923 // ITSTATE we punt on for the time being. Could compute it
924 // if needed though.
925 // E, endianness, 0 (littleendian) from initialisation above
926 // A,I,F disable some async exceptions. Not sure about these.
927 // Leave as zero for the time being.
928 return cpsr;
929 }
930
931 /* VISIBLE TO LIBVEX CLIENT */
LibVEX_GuestARM_initialise(VexGuestARMState * vex_state)932 void LibVEX_GuestARM_initialise ( /*OUT*/VexGuestARMState* vex_state )
933 {
934 vex_state->guest_R0 = 0;
935 vex_state->guest_R1 = 0;
936 vex_state->guest_R2 = 0;
937 vex_state->guest_R3 = 0;
938 vex_state->guest_R4 = 0;
939 vex_state->guest_R5 = 0;
940 vex_state->guest_R6 = 0;
941 vex_state->guest_R7 = 0;
942 vex_state->guest_R8 = 0;
943 vex_state->guest_R9 = 0;
944 vex_state->guest_R10 = 0;
945 vex_state->guest_R11 = 0;
946 vex_state->guest_R12 = 0;
947 vex_state->guest_R13 = 0;
948 vex_state->guest_R14 = 0;
949 vex_state->guest_R15T = 0; /* NB: implies ARM mode */
950
951 vex_state->guest_CC_OP = ARMG_CC_OP_COPY;
952 vex_state->guest_CC_DEP1 = 0;
953 vex_state->guest_CC_DEP2 = 0;
954 vex_state->guest_CC_NDEP = 0;
955 vex_state->guest_QFLAG32 = 0;
956 vex_state->guest_GEFLAG0 = 0;
957 vex_state->guest_GEFLAG1 = 0;
958 vex_state->guest_GEFLAG2 = 0;
959 vex_state->guest_GEFLAG3 = 0;
960
961 vex_state->guest_EMWARN = 0;
962 vex_state->guest_TISTART = 0;
963 vex_state->guest_TILEN = 0;
964 vex_state->guest_NRADDR = 0;
965 vex_state->guest_IP_AT_SYSCALL = 0;
966
967 vex_state->guest_D0 = 0;
968 vex_state->guest_D1 = 0;
969 vex_state->guest_D2 = 0;
970 vex_state->guest_D3 = 0;
971 vex_state->guest_D4 = 0;
972 vex_state->guest_D5 = 0;
973 vex_state->guest_D6 = 0;
974 vex_state->guest_D7 = 0;
975 vex_state->guest_D8 = 0;
976 vex_state->guest_D9 = 0;
977 vex_state->guest_D10 = 0;
978 vex_state->guest_D11 = 0;
979 vex_state->guest_D12 = 0;
980 vex_state->guest_D13 = 0;
981 vex_state->guest_D14 = 0;
982 vex_state->guest_D15 = 0;
983 vex_state->guest_D16 = 0;
984 vex_state->guest_D17 = 0;
985 vex_state->guest_D18 = 0;
986 vex_state->guest_D19 = 0;
987 vex_state->guest_D20 = 0;
988 vex_state->guest_D21 = 0;
989 vex_state->guest_D22 = 0;
990 vex_state->guest_D23 = 0;
991 vex_state->guest_D24 = 0;
992 vex_state->guest_D25 = 0;
993 vex_state->guest_D26 = 0;
994 vex_state->guest_D27 = 0;
995 vex_state->guest_D28 = 0;
996 vex_state->guest_D29 = 0;
997 vex_state->guest_D30 = 0;
998 vex_state->guest_D31 = 0;
999
1000 /* ARM encoded; zero is the default as it happens (result flags
1001 (NZCV) cleared, FZ disabled, round to nearest, non-vector mode,
1002 all exns masked, all exn sticky bits cleared). */
1003 vex_state->guest_FPSCR = 0;
1004
1005 vex_state->guest_TPIDRURO = 0;
1006
1007 /* Not in a Thumb IT block. */
1008 vex_state->guest_ITSTATE = 0;
1009
1010 vex_state->padding1 = 0;
1011 vex_state->padding2 = 0;
1012 vex_state->padding3 = 0;
1013 }
1014
1015
1016 /*-----------------------------------------------------------*/
1017 /*--- Describing the arm guest state, for the benefit ---*/
1018 /*--- of iropt and instrumenters. ---*/
1019 /*-----------------------------------------------------------*/
1020
1021 /* Figure out if any part of the guest state contained in minoff
1022 .. maxoff requires precise memory exceptions. If in doubt return
1023 True (but this is generates significantly slower code).
1024
1025 We enforce precise exns for guest R13(sp), R15T(pc).
1026 */
guest_arm_state_requires_precise_mem_exns(Int minoff,Int maxoff)1027 Bool guest_arm_state_requires_precise_mem_exns ( Int minoff,
1028 Int maxoff)
1029 {
1030 Int sp_min = offsetof(VexGuestARMState, guest_R13);
1031 Int sp_max = sp_min + 4 - 1;
1032 Int pc_min = offsetof(VexGuestARMState, guest_R15T);
1033 Int pc_max = pc_min + 4 - 1;
1034
1035 if (maxoff < sp_min || minoff > sp_max) {
1036 /* no overlap with sp */
1037 } else {
1038 return True;
1039 }
1040
1041 if (maxoff < pc_min || minoff > pc_max) {
1042 /* no overlap with pc */
1043 } else {
1044 return True;
1045 }
1046
1047 /* We appear to need precise updates of R11 in order to get proper
1048 stacktraces from non-optimised code. */
1049 Int r11_min = offsetof(VexGuestARMState, guest_R11);
1050 Int r11_max = r11_min + 4 - 1;
1051
1052 if (maxoff < r11_min || minoff > r11_max) {
1053 /* no overlap with r11 */
1054 } else {
1055 return True;
1056 }
1057
1058 /* Ditto R7, particularly needed for proper stacktraces in Thumb
1059 code. */
1060 Int r7_min = offsetof(VexGuestARMState, guest_R7);
1061 Int r7_max = r7_min + 4 - 1;
1062
1063 if (maxoff < r7_min || minoff > r7_max) {
1064 /* no overlap with r7 */
1065 } else {
1066 return True;
1067 }
1068
1069 return False;
1070 }
1071
1072
1073
1074 #define ALWAYSDEFD(field) \
1075 { offsetof(VexGuestARMState, field), \
1076 (sizeof ((VexGuestARMState*)0)->field) }
1077
1078 VexGuestLayout
1079 armGuest_layout
1080 = {
1081 /* Total size of the guest state, in bytes. */
1082 .total_sizeB = sizeof(VexGuestARMState),
1083
1084 /* Describe the stack pointer. */
1085 .offset_SP = offsetof(VexGuestARMState,guest_R13),
1086 .sizeof_SP = 4,
1087
1088 /* Describe the instruction pointer. */
1089 .offset_IP = offsetof(VexGuestARMState,guest_R15T),
1090 .sizeof_IP = 4,
1091
1092 /* Describe any sections to be regarded by Memcheck as
1093 'always-defined'. */
1094 .n_alwaysDefd = 10,
1095
1096 /* flags thunk: OP is always defd, whereas DEP1 and DEP2
1097 have to be tracked. See detailed comment in gdefs.h on
1098 meaning of thunk fields. */
1099 .alwaysDefd
1100 = { /* 0 */ ALWAYSDEFD(guest_R15T),
1101 /* 1 */ ALWAYSDEFD(guest_CC_OP),
1102 /* 2 */ ALWAYSDEFD(guest_CC_NDEP),
1103 /* 3 */ ALWAYSDEFD(guest_EMWARN),
1104 /* 4 */ ALWAYSDEFD(guest_TISTART),
1105 /* 5 */ ALWAYSDEFD(guest_TILEN),
1106 /* 6 */ ALWAYSDEFD(guest_NRADDR),
1107 /* 7 */ ALWAYSDEFD(guest_IP_AT_SYSCALL),
1108 /* 8 */ ALWAYSDEFD(guest_TPIDRURO),
1109 /* 9 */ ALWAYSDEFD(guest_ITSTATE)
1110 }
1111 };
1112
1113
1114 /*---------------------------------------------------------------*/
1115 /*--- end guest_arm_helpers.c ---*/
1116 /*---------------------------------------------------------------*/
1117