2 * Copyright (c) 2011 Google
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are
7 * met: redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer;
9 * redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution;
12 * neither the name of the copyright holders nor the names of its
13 * contributors may be used to endorse or promote products derived from
14 * this software without specific prior written permission.
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
18 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
19 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
20 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
26 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 #include "arch/x86/decoder.hh"
33 #include "arch/x86/regs/misc.hh"
34 #include "base/logging.hh"
35 #include "base/trace.hh"
36 #include "base/types.hh"
37 #include "debug/Decoder.hh"
43 Decoder::doResetState()
45 origPC
= basePC
+ offset
;
46 DPRINTF(Decoder
, "Setting origPC to %#x\n", origPC
);
47 instBytes
= &decodePages
->lookup(origPC
);
54 emi
.opcode
.type
= BadOpcode
;
57 immediateCollected
= 0;
66 return FromCacheState
;
68 instBytes
->chunks
.clear();
76 //This function drives the decoder state machine.
78 //Some sanity checks. You shouldn't try to process more bytes if
79 //there aren't any, and you shouldn't overwrite an already
80 //decoder ExtMachInst.
84 if (state
== ResetState
)
85 state
= doResetState();
86 if (state
== FromCacheState
) {
87 state
= doFromCacheState();
89 instBytes
->chunks
.push_back(fetchChunk
);
92 //While there's still something to do...
93 while (!instDone
&& !outOfBytes
) {
94 uint8_t nextByte
= getNextByte();
97 state
= doPrefixState(nextByte
);
100 state
= doVex2Of2State(nextByte
);
103 state
= doVex2Of3State(nextByte
);
106 state
= doVex3Of3State(nextByte
);
109 state
= doVexOpcodeState(nextByte
);
111 case OneByteOpcodeState
:
112 state
= doOneByteOpcodeState(nextByte
);
114 case TwoByteOpcodeState
:
115 state
= doTwoByteOpcodeState(nextByte
);
117 case ThreeByte0F38OpcodeState
:
118 state
= doThreeByte0F38OpcodeState(nextByte
);
120 case ThreeByte0F3AOpcodeState
:
121 state
= doThreeByte0F3AOpcodeState(nextByte
);
124 state
= doModRMState(nextByte
);
127 state
= doSIBState(nextByte
);
129 case DisplacementState
:
130 state
= doDisplacementState();
133 state
= doImmediateState();
136 panic("Went to the error state in the decoder.\n");
138 panic("Unrecognized state! %d\n", state
);
144 Decoder::doFromCacheState()
146 DPRINTF(Decoder
, "Looking at cache state.\n");
147 if ((fetchChunk
& instBytes
->masks
[chunkIdx
]) !=
148 instBytes
->chunks
[chunkIdx
]) {
149 DPRINTF(Decoder
, "Decode cache miss.\n");
150 // The chached chunks didn't match what was fetched. Fall back to the
152 instBytes
->chunks
[chunkIdx
] = fetchChunk
;
153 instBytes
->chunks
.resize(chunkIdx
+ 1);
154 instBytes
->si
= NULL
;
156 fetchChunk
= instBytes
->chunks
[0];
157 offset
= origPC
% sizeof(MachInst
);
158 basePC
= origPC
- offset
;
160 } else if (chunkIdx
== instBytes
->chunks
.size() - 1) {
161 // We matched the cache, so use its value.
163 offset
= instBytes
->lastOffset
;
164 if (offset
== sizeof(MachInst
))
168 // We matched so far, but need to check more chunks.
171 return FromCacheState
;
175 //Either get a prefix and record it in the ExtMachInst, or send the
176 //state machine on to get the opcode(s).
178 Decoder::doPrefixState(uint8_t nextByte
)
180 uint8_t prefix
= Prefixes
[nextByte
];
181 State nextState
= PrefixState
;
182 // REX prefixes are only recognized in 64 bit mode.
183 if (prefix
== RexPrefix
&& emi
.mode
.submode
!= SixtyFourBitMode
)
189 //Operand size override prefixes
190 case OperandSizeOverride
:
191 DPRINTF(Decoder
, "Found operand size override prefix.\n");
192 emi
.legacy
.op
= true;
194 case AddressSizeOverride
:
195 DPRINTF(Decoder
, "Found address size override prefix.\n");
196 emi
.legacy
.addr
= true;
198 //Segment override prefixes
205 DPRINTF(Decoder
, "Found segment override.\n");
206 emi
.legacy
.seg
= prefix
;
209 DPRINTF(Decoder
, "Found lock prefix.\n");
210 emi
.legacy
.lock
= true;
213 DPRINTF(Decoder
, "Found rep prefix.\n");
214 emi
.legacy
.rep
= true;
217 DPRINTF(Decoder
, "Found repne prefix.\n");
218 emi
.legacy
.repne
= true;
221 DPRINTF(Decoder
, "Found Rex prefix %#x.\n", nextByte
);
225 DPRINTF(Decoder
, "Found VEX two-byte prefix %#x.\n", nextByte
);
227 nextState
= Vex2Of2State
;
230 DPRINTF(Decoder
, "Found VEX three-byte prefix %#x.\n", nextByte
);
232 nextState
= Vex2Of3State
;
235 nextState
= OneByteOpcodeState
;
239 panic("Unrecognized prefix %#x\n", nextByte
);
245 Decoder::doVex2Of2State(uint8_t nextByte
)
248 Vex2Of2 vex
= nextByte
;
265 emi
.legacy
.repne
= 1;
269 emi
.opcode
.type
= TwoByteOpcode
;
271 return VexOpcodeState
;
275 Decoder::doVex2Of3State(uint8_t nextByte
)
277 if (emi
.mode
.submode
!= SixtyFourBitMode
&& bits(nextByte
, 7, 6) == 0x3) {
278 // This was actually an LDS instruction. Reroute to that path.
280 emi
.opcode
.type
= OneByteOpcode
;
281 emi
.opcode
.op
= 0xC4;
282 return processOpcode(ImmediateTypeOneByte
, UsesModRMOneByte
,
283 nextByte
>= 0xA0 && nextByte
<= 0xA3);
287 Vex2Of3 vex
= nextByte
;
295 emi
.opcode
.type
= TwoByteOpcode
;
298 emi
.opcode
.type
= ThreeByte0F38Opcode
;
301 emi
.opcode
.type
= ThreeByte0F3AOpcode
;
304 // These encodings are reserved. Pretend this was an undefined
305 // instruction so the main decoder will behave correctly, and stop
306 // trying to interpret bytes.
307 emi
.opcode
.type
= TwoByteOpcode
;
308 emi
.opcode
.op
= 0x0B;
316 Decoder::doVex3Of3State(uint8_t nextByte
)
318 if (emi
.mode
.submode
!= SixtyFourBitMode
&& bits(nextByte
, 7, 6) == 0x3) {
319 // This was actually an LES instruction. Reroute to that path.
321 emi
.opcode
.type
= OneByteOpcode
;
322 emi
.opcode
.op
= 0xC5;
323 return processOpcode(ImmediateTypeOneByte
, UsesModRMOneByte
,
324 nextByte
>= 0xA0 && nextByte
<= 0xA3);
328 Vex3Of3 vex
= nextByte
;
345 emi
.legacy
.repne
= 1;
349 return VexOpcodeState
;
353 Decoder::doVexOpcodeState(uint8_t nextByte
)
355 DPRINTF(Decoder
, "Found VEX opcode %#x.\n", nextByte
);
357 emi
.opcode
.op
= nextByte
;
360 switch (emi
.opcode
.type
) {
362 return processOpcode(ImmediateTypeTwoByte
, UsesModRMTwoByte
);
363 case ThreeByte0F38Opcode
:
364 return processOpcode(ImmediateTypeThreeByte0F38
,
365 UsesModRMThreeByte0F38
);
366 case ThreeByte0F3AOpcode
:
367 return processOpcode(ImmediateTypeThreeByte0F3A
,
368 UsesModRMThreeByte0F3A
);
370 panic("Unrecognized opcode type %d.\n", emi
.opcode
.type
);
374 // Load the first opcode byte. Determine if there are more opcode bytes, and
375 // if not, what immediate and/or ModRM is needed.
377 Decoder::doOneByteOpcodeState(uint8_t nextByte
)
379 State nextState
= ErrorState
;
382 if (nextByte
== 0x0f) {
383 DPRINTF(Decoder
, "Found opcode escape byte %#x.\n", nextByte
);
384 nextState
= TwoByteOpcodeState
;
386 DPRINTF(Decoder
, "Found one byte opcode %#x.\n", nextByte
);
387 emi
.opcode
.type
= OneByteOpcode
;
388 emi
.opcode
.op
= nextByte
;
390 nextState
= processOpcode(ImmediateTypeOneByte
, UsesModRMOneByte
,
391 nextByte
>= 0xA0 && nextByte
<= 0xA3);
396 // Load the second opcode byte. Determine if there are more opcode bytes, and
397 // if not, what immediate and/or ModRM is needed.
399 Decoder::doTwoByteOpcodeState(uint8_t nextByte
)
401 State nextState
= ErrorState
;
403 if (nextByte
== 0x38) {
404 nextState
= ThreeByte0F38OpcodeState
;
405 DPRINTF(Decoder
, "Found opcode escape byte %#x.\n", nextByte
);
406 } else if (nextByte
== 0x3a) {
407 nextState
= ThreeByte0F3AOpcodeState
;
408 DPRINTF(Decoder
, "Found opcode escape byte %#x.\n", nextByte
);
410 DPRINTF(Decoder
, "Found two byte opcode %#x.\n", nextByte
);
411 emi
.opcode
.type
= TwoByteOpcode
;
412 emi
.opcode
.op
= nextByte
;
414 nextState
= processOpcode(ImmediateTypeTwoByte
, UsesModRMTwoByte
);
419 // Load the third opcode byte and determine what immediate and/or ModRM is
422 Decoder::doThreeByte0F38OpcodeState(uint8_t nextByte
)
426 DPRINTF(Decoder
, "Found three byte 0F38 opcode %#x.\n", nextByte
);
427 emi
.opcode
.type
= ThreeByte0F38Opcode
;
428 emi
.opcode
.op
= nextByte
;
430 return processOpcode(ImmediateTypeThreeByte0F38
, UsesModRMThreeByte0F38
);
433 // Load the third opcode byte and determine what immediate and/or ModRM is
436 Decoder::doThreeByte0F3AOpcodeState(uint8_t nextByte
)
440 DPRINTF(Decoder
, "Found three byte 0F3A opcode %#x.\n", nextByte
);
441 emi
.opcode
.type
= ThreeByte0F3AOpcode
;
442 emi
.opcode
.op
= nextByte
;
444 return processOpcode(ImmediateTypeThreeByte0F3A
, UsesModRMThreeByte0F3A
);
447 // Generic opcode processing which determines the immediate size, and whether
448 // or not there's a modrm byte.
450 Decoder::processOpcode(ByteTable
&immTable
, ByteTable
&modrmTable
,
453 State nextState
= ErrorState
;
454 const uint8_t opcode
= emi
.opcode
.op
;
456 //Figure out the effective operand size. This can be overriden to
457 //a fixed value at the decoder level.
460 logOpSize
= 3; // 64 bit operand size
461 else if (emi
.legacy
.op
)
466 //Set the actual op size
467 emi
.opSize
= 1 << logOpSize
;
469 //Figure out the effective address size. This can be overriden to
470 //a fixed value at the decoder level.
473 logAddrSize
= altAddr
;
475 logAddrSize
= defAddr
;
477 //Set the actual address size
478 emi
.addrSize
= 1 << logAddrSize
;
480 //Figure out the effective stack width. This can be overriden to
481 //a fixed value at the decoder level.
482 emi
.stackSize
= 1 << stack
;
484 //Figure out how big of an immediate we'll retreive based
486 int immType
= immTable
[opcode
];
488 immediateSize
= SizeTypeToSize
[logAddrSize
- 1][immType
];
490 immediateSize
= SizeTypeToSize
[logOpSize
- 1][immType
];
492 //Determine what to expect next
493 if (modrmTable
[opcode
]) {
494 nextState
= ModRMState
;
497 nextState
= ImmediateState
;
500 nextState
= ResetState
;
506 //Get the ModRM byte and determine what displacement, if any, there is.
507 //Also determine whether or not to get the SIB byte, displacement, or
510 Decoder::doModRMState(uint8_t nextByte
)
512 State nextState
= ErrorState
;
513 ModRM modRM
= nextByte
;
514 DPRINTF(Decoder
, "Found modrm byte %#x.\n", nextByte
);
516 //figure out 16 bit displacement size
517 if ((modRM
.mod
== 0 && modRM
.rm
== 6) || modRM
.mod
== 2)
518 displacementSize
= 2;
519 else if (modRM
.mod
== 1)
520 displacementSize
= 1;
522 displacementSize
= 0;
524 //figure out 32/64 bit displacement size
525 if ((modRM
.mod
== 0 && modRM
.rm
== 5) || modRM
.mod
== 2)
526 displacementSize
= 4;
527 else if (modRM
.mod
== 1)
528 displacementSize
= 1;
530 displacementSize
= 0;
533 // The "test" instruction in group 3 needs an immediate, even though
534 // the other instructions with the same actual opcode don't.
535 if (emi
.opcode
.type
== OneByteOpcode
&& (modRM
.reg
& 0x6) == 0) {
536 if (emi
.opcode
.op
== 0xF6)
538 else if (emi
.opcode
.op
== 0xF7)
539 immediateSize
= (emi
.opSize
== 8) ? 4 : emi
.opSize
;
542 //If there's an SIB, get that next.
543 //There is no SIB in 16 bit mode.
544 if (modRM
.rm
== 4 && modRM
.mod
!= 3) {
545 // && in 32/64 bit mode)
546 nextState
= SIBState
;
547 } else if (displacementSize
) {
548 nextState
= DisplacementState
;
549 } else if (immediateSize
) {
550 nextState
= ImmediateState
;
553 nextState
= ResetState
;
555 //The ModRM byte is consumed no matter what
561 //Get the SIB byte. We don't do anything with it at this point, other
562 //than storing it in the ExtMachInst. Determine if we need to get a
563 //displacement or immediate next.
565 Decoder::doSIBState(uint8_t nextByte
)
567 State nextState
= ErrorState
;
569 DPRINTF(Decoder
, "Found SIB byte %#x.\n", nextByte
);
571 if (emi
.modRM
.mod
== 0 && emi
.sib
.base
== 5)
572 displacementSize
= 4;
573 if (displacementSize
) {
574 nextState
= DisplacementState
;
575 } else if (immediateSize
) {
576 nextState
= ImmediateState
;
579 nextState
= ResetState
;
584 //Gather up the displacement, or at least as much of it
587 Decoder::doDisplacementState()
589 State nextState
= ErrorState
;
591 getImmediate(immediateCollected
,
595 DPRINTF(Decoder
, "Collecting %d byte displacement, got %d bytes.\n",
596 displacementSize
, immediateCollected
);
598 if (displacementSize
== immediateCollected
) {
599 //Reset this for other immediates.
600 immediateCollected
= 0;
601 //Sign extend the displacement
602 switch(displacementSize
)
605 emi
.displacement
= sext
<8>(emi
.displacement
);
608 emi
.displacement
= sext
<16>(emi
.displacement
);
611 emi
.displacement
= sext
<32>(emi
.displacement
);
614 panic("Undefined displacement size!\n");
616 DPRINTF(Decoder
, "Collected displacement %#x.\n",
619 nextState
= ImmediateState
;
622 nextState
= ResetState
;
625 emi
.dispSize
= displacementSize
;
628 nextState
= DisplacementState
;
632 //Gather up the immediate, or at least as much of it
635 Decoder::doImmediateState()
637 State nextState
= ErrorState
;
639 getImmediate(immediateCollected
,
643 DPRINTF(Decoder
, "Collecting %d byte immediate, got %d bytes.\n",
644 immediateSize
, immediateCollected
);
646 if (immediateSize
== immediateCollected
)
648 //Reset this for other immediates.
649 immediateCollected
= 0;
651 //XXX Warning! The following is an observed pattern and might
652 //not always be true!
654 //Instructions which use 64 bit operands but 32 bit immediates
655 //need to have the immediate sign extended to 64 bits.
656 //Instructions which use true 64 bit immediates won't be
657 //affected, and instructions that use true 32 bit immediates
659 switch(immediateSize
)
662 emi
.immediate
= sext
<32>(emi
.immediate
);
665 emi
.immediate
= sext
<8>(emi
.immediate
);
668 DPRINTF(Decoder
, "Collected immediate %#x.\n",
671 nextState
= ResetState
;
674 nextState
= ImmediateState
;
678 Decoder::InstBytes
Decoder::dummy
;
679 Decoder::InstCacheMap
Decoder::instCacheMap
;
682 Decoder::decode(ExtMachInst mach_inst
, Addr addr
)
684 auto iter
= instMap
->find(mach_inst
);
685 if (iter
!= instMap
->end())
688 StaticInstPtr si
= decodeInst(mach_inst
);
689 (*instMap
)[mach_inst
] = si
;
694 Decoder::decode(PCState
&nextPC
)
701 StaticInstPtr
&si
= instBytes
->si
;
705 // We didn't match in the AddrMap, but we still populated an entry. Fix
706 // up its byte masks.
707 const int chunkSize
= sizeof(MachInst
);
709 instBytes
->lastOffset
= offset
;
711 Addr firstBasePC
= basePC
- (instBytes
->chunks
.size() - 1) * chunkSize
;
712 Addr firstOffset
= origPC
- firstBasePC
;
713 Addr totalSize
= instBytes
->lastOffset
- firstOffset
+
714 (instBytes
->chunks
.size() - 1) * chunkSize
;
715 int start
= firstOffset
;
716 instBytes
->masks
.clear();
719 int end
= start
+ totalSize
;
720 end
= (chunkSize
< end
) ? chunkSize
: end
;
721 int size
= end
- start
;
722 int idx
= instBytes
->masks
.size();
724 MachInst maskVal
= mask(size
* 8) << (start
* 8);
727 instBytes
->masks
.push_back(maskVal
);
728 instBytes
->chunks
[idx
] &= instBytes
->masks
[idx
];
733 si
= decode(emi
, origPC
);