1 #ifdef USE_PRAGMA_IDENT_SRC 2 #pragma ident "@(#)nativeInst_x86.cpp 1.76 07/09/17 09:29:18 JVM" 3 #endif 4 /* 5 * Copyright 1997-2007 Sun Microsystems, Inc. All Rights Reserved. 6 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 7 * 8 * This code is free software; you can redistribute it and/or modify it 9 * under the terms of the GNU General Public License version 2 only, as 10 * published by the Free Software Foundation. 11 * 12 * This code is distributed in the hope that it will be useful, but WITHOUT 13 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 15 * version 2 for more details (a copy is included in the LICENSE file that 16 * accompanied this code). 17 * 18 * You should have received a copy of the GNU General Public License version 19 * 2 along with this work; if not, write to the Free Software Foundation, 20 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 21 * 22 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, 23 * CA 95054 USA or visit www.sun.com if you need additional information or 24 * have any questions. 25 * 26 */ 27 28 # include "incls/_precompiled.incl" 29 # include "incls/_nativeInst_x86.cpp.incl" 30 31 void NativeInstruction::wrote(int offset) { 32 ICache::invalidate_word(addr_at(offset)); 33 } 34 35 36 void NativeCall::verify() { 37 // Make sure code pattern is actually a call imm32 instruction. 38 int inst = ubyte_at(0); 39 if (inst != instruction_code) { 40 tty->print_cr("Addr: " INTPTR_FORMAT " Code: 0x%x", instruction_address(), 41 inst); 42 fatal("not a call disp32"); 43 } 44 } 45 46 address NativeCall::destination() const { 47 // Getting the destination of a call isn't safe because that call can 48 // be getting patched while you're calling this. There's only special 49 // places where this can be called but not automatically verifiable by 50 // checking which locks are held. The solution is true atomic patching 51 // on x86, nyi. 52 return return_address() + displacement(); 53 } 54 55 void NativeCall::print() { 56 tty->print_cr(PTR_FORMAT ": call " PTR_FORMAT, 57 instruction_address(), destination()); 58 } 59 60 // Inserts a native call instruction at a given pc 61 void NativeCall::insert(address code_pos, address entry) { 62 intptr_t disp = (intptr_t)entry - ((intptr_t)code_pos + 1 + 4); 63 #ifdef AMD64 64 guarantee(disp == (intptr_t)(jint)disp, "must be 32-bit offset"); 65 #endif // AMD64 66 *code_pos = instruction_code; 67 *((int32_t *)(code_pos+1)) = (int32_t) disp; 68 ICache::invalidate_range(code_pos, instruction_size); 69 } 70 71 // MT-safe patching of a call instruction. 72 // First patches first word of instruction to two jmp's that jmps to them 73 // selfs (spinlock). Then patches the last byte, and then atomicly replaces 74 // the jmp's with the first 4 byte of the new instruction. 75 void NativeCall::replace_mt_safe(address instr_addr, address code_buffer) { 76 assert(Patching_lock->is_locked() || 77 SafepointSynchronize::is_at_safepoint(), "concurrent code patching"); 78 assert (instr_addr != NULL, "illegal address for code patching"); 79 80 NativeCall* n_call = nativeCall_at (instr_addr); // checking that it is a call 81 if (os::is_MP()) { 82 guarantee((intptr_t)instr_addr % BytesPerWord == 0, "must be aligned"); 83 } 84 85 // First patch dummy jmp in place 86 unsigned char patch[4]; 87 assert(sizeof(patch)==sizeof(jint), "sanity check"); 88 patch[0] = 0xEB; // jmp rel8 89 patch[1] = 0xFE; // jmp to self 90 patch[2] = 0xEB; 91 patch[3] = 0xFE; 92 93 // First patch dummy jmp in place 94 *(jint*)instr_addr = *(jint *)patch; 95 96 // Invalidate. Opteron requires a flush after every write. 97 n_call->wrote(0); 98 99 // Patch 4th byte 100 instr_addr[4] = code_buffer[4]; 101 102 n_call->wrote(4); 103 104 // Patch bytes 0-3 105 *(jint*)instr_addr = *(jint *)code_buffer; 106 107 n_call->wrote(0); 108 109 #ifdef ASSERT 110 // verify patching 111 for ( int i = 0; i < instruction_size; i++) { 112 address ptr = (address)((intptr_t)code_buffer + i); 113 int a_byte = (*ptr) & 0xFF; 114 assert(*((address)((intptr_t)instr_addr + i)) == a_byte, "mt safe patching failed"); 115 } 116 #endif 117 118 } 119 120 121 // Similar to replace_mt_safe, but just changes the destination. The 122 // important thing is that free-running threads are able to execute this 123 // call instruction at all times. If the displacement field is aligned 124 // we can simply rely on atomicity of 32-bit writes to make sure other threads 125 // will see no intermediate states. Otherwise, the first two bytes of the 126 // call are guaranteed to be aligned, and can be atomically patched to a 127 // self-loop to guard the instruction while we change the other bytes. 128 129 // We cannot rely on locks here, since the free-running threads must run at 130 // full speed. 131 // 132 // Used in the runtime linkage of calls; see class CompiledIC. 133 // (Cf. 4506997 and 4479829, where threads witnessed garbage displacements.) 134 void NativeCall::set_destination_mt_safe(address dest) { 135 debug_only(verify()); 136 // Make sure patching code is locked. No two threads can patch at the same 137 // time but one may be executing this code. 138 assert(Patching_lock->is_locked() || 139 SafepointSynchronize::is_at_safepoint(), "concurrent code patching"); 140 // Both C1 and C2 should now be generating code which aligns the patched address 141 // to be within a single cache line except that C1 does not do the alignment on 142 // uniprocessor systems. 143 bool is_aligned = ((uintptr_t)displacement_address() + 0) / cache_line_size == 144 ((uintptr_t)displacement_address() + 3) / cache_line_size; 145 146 guarantee(!os::is_MP() || is_aligned, "destination must be aligned"); 147 148 if (is_aligned) { 149 // Simple case: The destination lies within a single cache line. 150 set_destination(dest); 151 } else if ((uintptr_t)instruction_address() / cache_line_size == 152 ((uintptr_t)instruction_address()+1) / cache_line_size) { 153 // Tricky case: The instruction prefix lies within a single cache line. 154 intptr_t disp = dest - return_address(); 155 #ifdef AMD64 156 guarantee(disp == (intptr_t)(jint)disp, "must be 32-bit offset"); 157 #endif // AMD64 158 159 int call_opcode = instruction_address()[0]; 160 161 // First patch dummy jump in place: 162 { 163 u_char patch_jump[2]; 164 patch_jump[0] = 0xEB; // jmp rel8 165 patch_jump[1] = 0xFE; // jmp to self 166 167 assert(sizeof(patch_jump)==sizeof(short), "sanity check"); 168 *(short*)instruction_address() = *(short*)patch_jump; 169 } 170 // Invalidate. Opteron requires a flush after every write. 171 wrote(0); 172 173 // (Note: We assume any reader which has already started to read 174 // the unpatched call will completely read the whole unpatched call 175 // without seeing the next writes we are about to make.) 176 177 // Next, patch the last three bytes: 178 u_char patch_disp[5]; 179 patch_disp[0] = call_opcode; 180 *(int32_t*)&patch_disp[1] = (int32_t)disp; 181 assert(sizeof(patch_disp)==instruction_size, "sanity check"); 182 for (int i = sizeof(short); i < instruction_size; i++) 183 instruction_address()[i] = patch_disp[i]; 184 185 // Invalidate. Opteron requires a flush after every write. 186 wrote(sizeof(short)); 187 188 // (Note: We assume that any reader which reads the opcode we are 189 // about to repatch will also read the writes we just made.) 190 191 // Finally, overwrite the jump: 192 *(short*)instruction_address() = *(short*)patch_disp; 193 // Invalidate. Opteron requires a flush after every write. 194 wrote(0); 195 196 debug_only(verify()); 197 guarantee(destination() == dest, "patch succeeded"); 198 } else { 199 // Impossible: One or the other must be atomically writable. 200 ShouldNotReachHere(); 201 } 202 } 203 204 205 void NativeMovConstReg::verify() { 206 #ifdef AMD64 207 // make sure code pattern is actually a mov reg64, imm64 instruction 208 if ((ubyte_at(0) != Assembler::REX_W && ubyte_at(0) != Assembler::REX_WB) || 209 (ubyte_at(1) & (0xff ^ register_mask)) != 0xB8) { 210 print(); 211 fatal("not a REX.W[B] mov reg64, imm64"); 212 } 213 #else 214 // make sure code pattern is actually a mov reg, imm32 instruction 215 u_char test_byte = *(u_char*)instruction_address(); 216 u_char test_byte_2 = test_byte & ( 0xff ^ register_mask); 217 if (test_byte_2 != instruction_code) fatal("not a mov reg, imm32"); 218 #endif // AMD64 219 } 220 221 222 void NativeMovConstReg::print() { 223 tty->print_cr(PTR_FORMAT ": mov reg, " INTPTR_FORMAT, 224 instruction_address(), data()); 225 } 226 227 //------------------------------------------------------------------- 228 229 #ifndef AMD64 230 231 void NativeMovRegMem::copy_instruction_to(address new_instruction_address) { 232 int inst_size = instruction_size; 233 234 // See if there's an instruction size prefix override. 235 if ( *(address(this)) == instruction_operandsize_prefix && 236 *(address(this)+1) != instruction_code_xmm_code ) { // Not SSE instr 237 inst_size += 1; 238 } 239 if ( *(address(this)) == instruction_extended_prefix ) inst_size += 1; 240 241 for (int i = 0; i < instruction_size; i++) { 242 *(new_instruction_address + i) = *(address(this) + i); 243 } 244 } 245 246 void NativeMovRegMem::verify() { 247 // make sure code pattern is actually a mov [reg+offset], reg instruction 248 u_char test_byte = *(u_char*)instruction_address(); 249 if ( ! ( (test_byte == instruction_code_reg2memb) 250 || (test_byte == instruction_code_mem2regb) 251 || (test_byte == instruction_code_mem2regl) 252 || (test_byte == instruction_code_reg2meml) 253 || (test_byte == instruction_code_mem2reg_movzxb ) 254 || (test_byte == instruction_code_mem2reg_movzxw ) 255 || (test_byte == instruction_code_mem2reg_movsxb ) 256 || (test_byte == instruction_code_mem2reg_movsxw ) 257 || (test_byte == instruction_code_float_s) 258 || (test_byte == instruction_code_float_d) 259 || (test_byte == instruction_code_long_volatile) ) ) 260 { 261 u_char byte1 = ((u_char*)instruction_address())[1]; 262 u_char byte2 = ((u_char*)instruction_address())[2]; 263 if ((test_byte != instruction_code_xmm_ss_prefix && 264 test_byte != instruction_code_xmm_sd_prefix && 265 test_byte != instruction_operandsize_prefix) || 266 byte1 != instruction_code_xmm_code || 267 (byte2 != instruction_code_xmm_load && 268 byte2 != instruction_code_xmm_lpd && 269 byte2 != instruction_code_xmm_store)) { 270 fatal ("not a mov [reg+offs], reg instruction"); 271 } 272 } 273 } 274 275 276 void NativeMovRegMem::print() { 277 tty->print_cr("0x%x: mov reg, [reg + %x]", instruction_address(), offset()); 278 } 279 280 //------------------------------------------------------------------- 281 282 void NativeLoadAddress::verify() { 283 // make sure code pattern is actually a mov [reg+offset], reg instruction 284 u_char test_byte = *(u_char*)instruction_address(); 285 if ( ! (test_byte == instruction_code) ) { 286 fatal ("not a lea reg, [reg+offs] instruction"); 287 } 288 } 289 290 291 void NativeLoadAddress::print() { 292 tty->print_cr("0x%x: lea [reg + %x], reg", instruction_address(), offset()); 293 } 294 295 #endif // !AMD64 296 297 //-------------------------------------------------------------------------------- 298 299 void NativeJump::verify() { 300 if (*(u_char*)instruction_address() != instruction_code) { 301 fatal("not a jump instruction"); 302 } 303 } 304 305 306 void NativeJump::insert(address code_pos, address entry) { 307 intptr_t disp = (intptr_t)entry - ((intptr_t)code_pos + 1 + 4); 308 #ifdef AMD64 309 guarantee(disp == (intptr_t)(int32_t)disp, "must be 32-bit offset"); 310 #endif // AMD64 311 312 *code_pos = instruction_code; 313 *((int32_t*)(code_pos + 1)) = (int32_t)disp; 314 315 ICache::invalidate_range(code_pos, instruction_size); 316 } 317 318 void NativeJump::check_verified_entry_alignment(address entry, address verified_entry) { 319 // Patching to not_entrant can happen while activations of the method are 320 // in use. The patching in that instance must happen only when certain 321 // alignment restrictions are true. These guarantees check those 322 // conditions. 323 #ifdef AMD64 324 const int linesize = 64; 325 #else 326 const int linesize = 32; 327 #endif // AMD64 328 329 // Must be wordSize aligned 330 guarantee(((uintptr_t) verified_entry & (wordSize -1)) == 0, 331 "illegal address for code patching 2"); 332 // First 5 bytes must be within the same cache line - 4827828 333 guarantee((uintptr_t) verified_entry / linesize == 334 ((uintptr_t) verified_entry + 4) / linesize, 335 "illegal address for code patching 3"); 336 } 337 338 339 // MT safe inserting of a jump over an unknown instruction sequence (used by nmethod::makeZombie) 340 // The problem: jmp <dest> is a 5-byte instruction. Atomical write can be only with 4 bytes. 341 // First patches the first word atomically to be a jump to itself. 342 // Then patches the last byte and then atomically patches the first word (4-bytes), 343 // thus inserting the desired jump 344 // This code is mt-safe with the following conditions: entry point is 4 byte aligned, 345 // entry point is in same cache line as unverified entry point, and the instruction being 346 // patched is >= 5 byte (size of patch). 347 // 348 // In C2 the 5+ byte sized instruction is enforced by code in MachPrologNode::emit. 349 // In C1 the restriction is enforced by CodeEmitter::method_entry 350 // 351 void NativeJump::patch_verified_entry(address entry, address verified_entry, address dest) { 352 // complete jump instruction (to be inserted) is in code_buffer; 353 unsigned char code_buffer[5]; 354 code_buffer[0] = instruction_code; 355 intptr_t disp = (intptr_t)dest - ((intptr_t)verified_entry + 1 + 4); 356 #ifdef AMD64 357 guarantee(disp == (intptr_t)(int32_t)disp, "must be 32-bit offset"); 358 #endif // AMD64 359 *(int32_t*)(code_buffer + 1) = (int32_t)disp; 360 361 check_verified_entry_alignment(entry, verified_entry); 362 363 // Can't call nativeJump_at() because it's asserts jump exists 364 NativeJump* n_jump = (NativeJump*) verified_entry; 365 366 //First patch dummy jmp in place 367 368 unsigned char patch[4]; 369 assert(sizeof(patch)==sizeof(int32_t), "sanity check"); 370 patch[0] = 0xEB; // jmp rel8 371 patch[1] = 0xFE; // jmp to self 372 patch[2] = 0xEB; 373 patch[3] = 0xFE; 374 375 // First patch dummy jmp in place 376 *(int32_t*)verified_entry = *(int32_t *)patch; 377 378 n_jump->wrote(0); 379 380 // Patch 5th byte (from jump instruction) 381 verified_entry[4] = code_buffer[4]; 382 383 n_jump->wrote(4); 384 385 // Patch bytes 0-3 (from jump instruction) 386 *(int32_t*)verified_entry = *(int32_t *)code_buffer; 387 // Invalidate. Opteron requires a flush after every write. 388 n_jump->wrote(0); 389 390 } 391 392 void NativePopReg::insert(address code_pos, Register reg) { 393 assert(reg->encoding() < 8, "no space for REX"); 394 assert(NativePopReg::instruction_size == sizeof(char), "right address unit for update"); 395 *code_pos = (u_char)(instruction_code | reg->encoding()); 396 ICache::invalidate_range(code_pos, instruction_size); 397 } 398 399 400 void NativeIllegalInstruction::insert(address code_pos) { 401 assert(NativeIllegalInstruction::instruction_size == sizeof(short), "right address unit for update"); 402 *(short *)code_pos = instruction_code; 403 ICache::invalidate_range(code_pos, instruction_size); 404 } 405 406 void NativeGeneralJump::verify() { 407 assert(((NativeInstruction *)this)->is_jump() || 408 ((NativeInstruction *)this)->is_cond_jump(), "not a general jump instruction"); 409 } 410 411 412 void NativeGeneralJump::insert_unconditional(address code_pos, address entry) { 413 intptr_t disp = (intptr_t)entry - ((intptr_t)code_pos + 1 + 4); 414 #ifdef AMD64 415 guarantee(disp == (intptr_t)(int32_t)disp, "must be 32-bit offset"); 416 #endif // AMD64 417 418 *code_pos = unconditional_long_jump; 419 *((int32_t *)(code_pos+1)) = (int32_t) disp; 420 ICache::invalidate_range(code_pos, instruction_size); 421 } 422 423 424 // MT-safe patching of a long jump instruction. 425 // First patches first word of instruction to two jmp's that jmps to them 426 // selfs (spinlock). Then patches the last byte, and then atomicly replaces 427 // the jmp's with the first 4 byte of the new instruction. 428 void NativeGeneralJump::replace_mt_safe(address instr_addr, address code_buffer) { 429 assert (instr_addr != NULL, "illegal address for code patching (4)"); 430 NativeGeneralJump* n_jump = nativeGeneralJump_at (instr_addr); // checking that it is a jump 431 432 // Temporary code 433 unsigned char patch[4]; 434 assert(sizeof(patch)==sizeof(int32_t), "sanity check"); 435 patch[0] = 0xEB; // jmp rel8 436 patch[1] = 0xFE; // jmp to self 437 patch[2] = 0xEB; 438 patch[3] = 0xFE; 439 440 // First patch dummy jmp in place 441 *(int32_t*)instr_addr = *(int32_t *)patch; 442 n_jump->wrote(0); 443 444 // Patch 4th byte 445 instr_addr[4] = code_buffer[4]; 446 447 n_jump->wrote(4); 448 449 // Patch bytes 0-3 450 *(jint*)instr_addr = *(jint *)code_buffer; 451 452 n_jump->wrote(0); 453 454 #ifdef ASSERT 455 // verify patching 456 for ( int i = 0; i < instruction_size; i++) { 457 address ptr = (address)((intptr_t)code_buffer + i); 458 int a_byte = (*ptr) & 0xFF; 459 assert(*((address)((intptr_t)instr_addr + i)) == a_byte, "mt safe patching failed"); 460 } 461 #endif 462 463 } 464 465 466 467 address NativeGeneralJump::jump_destination() const { 468 int op_code = ubyte_at(0); 469 bool is_rel32off = (op_code == 0xE9 || op_code == 0x0F); 470 int offset = (op_code == 0x0F) ? 2 : 1; 471 int length = offset + ((is_rel32off) ? 4 : 1); 472 473 if (is_rel32off) 474 return addr_at(0) + length + int_at(offset); 475 else 476 return addr_at(0) + length + sbyte_at(offset); 477 }