i#2974 trace support for AArch64, part 2: added trace implementation (#…

…5045) This patch incorporated changes from PR #2442 that implemented the initial version of trace support for AArch64. This patch also fixed some corner cases not considered in PR #2442 where the assumption was incorrect and caused the program to crash. Trace support is not yet enabled by default, but can be enabled with "-enable_traces". This commit introduces internal control flow by adding a trace_exit_label in fixup_indirect_trace_exit, which might break code that assumes linear control flow (such as translate.c). Either special support is needed for this trace_exit_label or alternative schemes should be used that has a linear control. Some complexities in this commit can be removed once we have #5062 implemented and decode_fragment eliminated. Co-authored-by: Kevin Zhou <Kevin.Zhou@arm.com> Issues: #1569, #2974
DynamoRIO · Sep 1, 2021 · 8469b44 · 8469b44
1 parent 609a176
commit 8469b44
Show file tree

Hide file tree

Showing 9 changed files with 494 additions and 12 deletions.
diff --git a/core/arch/aarch64/emit_utils.c b/core/arch/aarch64/emit_utils.c
@@ -446,8 +446,14 @@ indirect_linkstub_stub_pc(dcontext_t *dcontext, fragment_t *f, linkstub_t *l)
     cache_pc cti = EXIT_CTI_PC(f, l);
     if (!EXIT_HAS_STUB(l->flags, f->flags))
         return NULL;
-    ASSERT(decode_raw_is_jmp(dcontext, cti));
-    return decode_raw_jmp_target(dcontext, cti);
+    if (decode_raw_is_jmp(dcontext, cti))
+        return decode_raw_jmp_target(dcontext, cti);
+    /* In trace, we might have cbz/cbnz to indirect linkstubs. */
+    if (decode_raw_is_cond_branch_zero(dcontext, cti))
+        return decode_raw_cond_branch_zero_target(dcontext, cti);
+    /* There should be no other types of branch to linkstubs. */
+    ASSERT_NOT_REACHED();
+    return NULL;
 }
 
 cache_pc
@@ -528,7 +534,7 @@ insert_fragment_prefix(dcontext_t *dcontext, fragment_t *f)
     /* ldp x0, x1, [x(stolen), #(off)] */
     *(uint *)pc = (0xa9400000 | (DR_REG_X0 - DR_REG_X0) | (DR_REG_X1 - DR_REG_X0) << 10 |
                    (dr_reg_stolen - DR_REG_X0) << 5 | TLS_REG0_SLOT >> 3 << 10);
-    pc += 4;
+    pc += AARCH64_INSTR_SIZE;
     f->prefix_size = (byte)(((cache_pc)pc) - write_start);
     ASSERT(f->prefix_size == fragment_prefix_size(f->flags));
 }

diff --git a/core/arch/arch_exports.h b/core/arch/arch_exports.h
@@ -2196,6 +2196,15 @@ int
 append_trace_speculate_last_ibl(dcontext_t *dcontext, instrlist_t *trace,
                                 app_pc speculate_next_tag, bool record_translation);
 
+/* XXX i#5062 In the long term we should have this only called in mangle_trace()
+ * and this function would be removed from end_and_emit_trace and
+ * recreate_fragment_ilist, which are where it is currently called.
+ */
+#ifdef AARCH64
+int
+fixup_indirect_trace_exit(dcontext_t *dcontext, instrlist_t *trace);
+#endif
+
 uint
 forward_eflags_analysis(dcontext_t *dcontext, instrlist_t *ilist, instr_t *instr);
 

diff --git a/core/arch/emit_utils_shared.c b/core/arch/emit_utils_shared.c
@@ -1294,6 +1294,11 @@ update_indirect_exit_stub(dcontext_t *dcontext, fragment_t *f, linkstub_t *l)
 int
 fragment_prefix_size(uint flags)
 {
+#ifdef AARCH64
+    /* For AArch64, there is no need to save the flags
+     * so we always have the same ibt prefix. */
+    return fragment_ibt_prefix_size(flags);
+#else
     if (use_ibt_prefix(flags)) {
         return fragment_ibt_prefix_size(flags);
     } else {
@@ -1302,6 +1307,7 @@ fragment_prefix_size(uint flags)
         else
             return 0;
     }
+#endif
 }
 
 #ifdef PROFILE_RDTSC