1 /* General "disassemble this chunk" code. Used for debugging. */
2 #include "qemu/osdep.h"
3 #include "disas/dis-asm.h"
5 #include "qemu/qemu-print.h"
8 #include "disas/disas.h"
9 #include "disas/capstone.h"
11 typedef struct CPUDebug {
12 struct disassemble_info info;
16 /* Filled in by elfload.c. Simplistic, but will do for now. */
17 struct syminfo *syminfos = NULL;
19 /* Get LENGTH bytes from info's buffer, at target address memaddr.
20 Transfer them to myaddr. */
22 buffer_read_memory(bfd_vma memaddr, bfd_byte *myaddr, int length,
23 struct disassemble_info *info)
25 if (memaddr < info->buffer_vma
26 || memaddr + length > info->buffer_vma + info->buffer_length)
27 /* Out of bounds. Use EIO because GDB uses it. */
29 memcpy (myaddr, info->buffer + (memaddr - info->buffer_vma), length);
33 /* Get LENGTH bytes from info's buffer, at target address memaddr.
34 Transfer them to myaddr. */
36 target_read_memory (bfd_vma memaddr,
39 struct disassemble_info *info)
41 CPUDebug *s = container_of(info, CPUDebug, info);
44 r = cpu_memory_rw_debug(s->cpu, memaddr, myaddr, length, 0);
49 /* Print an error message. We can assume that this is in response to
50 an error return from buffer_read_memory. */
52 perror_memory (int status, bfd_vma memaddr, struct disassemble_info *info)
56 (*info->fprintf_func) (info->stream, "Unknown error %d\n", status);
58 /* Actually, address between memaddr and memaddr + len was
60 (*info->fprintf_func) (info->stream,
61 "Address 0x%" PRIx64 " is out of bounds.\n", memaddr);
64 /* This could be in a separate file, to save minuscule amounts of space
65 in statically linked executables. */
67 /* Just print the address is hex. This is included for completeness even
68 though both GDB and objdump provide their own (to print symbolic
72 generic_print_address (bfd_vma addr, struct disassemble_info *info)
74 (*info->fprintf_func) (info->stream, "0x%" PRIx64, addr);
77 /* Print address in hex, truncated to the width of a host virtual address. */
79 generic_print_host_address(bfd_vma addr, struct disassemble_info *info)
81 uint64_t mask = ~0ULL >> (64 - (sizeof(void *) * 8));
82 generic_print_address(addr & mask, info);
85 /* Just return the given address. */
88 generic_symbol_at_address (bfd_vma addr, struct disassemble_info *info)
93 bfd_vma bfd_getl64 (const bfd_byte *addr)
97 v = (unsigned long long) addr[0];
98 v |= (unsigned long long) addr[1] << 8;
99 v |= (unsigned long long) addr[2] << 16;
100 v |= (unsigned long long) addr[3] << 24;
101 v |= (unsigned long long) addr[4] << 32;
102 v |= (unsigned long long) addr[5] << 40;
103 v |= (unsigned long long) addr[6] << 48;
104 v |= (unsigned long long) addr[7] << 56;
108 bfd_vma bfd_getl32 (const bfd_byte *addr)
112 v = (unsigned long) addr[0];
113 v |= (unsigned long) addr[1] << 8;
114 v |= (unsigned long) addr[2] << 16;
115 v |= (unsigned long) addr[3] << 24;
119 bfd_vma bfd_getb32 (const bfd_byte *addr)
123 v = (unsigned long) addr[0] << 24;
124 v |= (unsigned long) addr[1] << 16;
125 v |= (unsigned long) addr[2] << 8;
126 v |= (unsigned long) addr[3];
130 bfd_vma bfd_getl16 (const bfd_byte *addr)
134 v = (unsigned long) addr[0];
135 v |= (unsigned long) addr[1] << 8;
139 bfd_vma bfd_getb16 (const bfd_byte *addr)
143 v = (unsigned long) addr[0] << 24;
144 v |= (unsigned long) addr[1] << 16;
148 static int print_insn_objdump(bfd_vma pc, disassemble_info *info,
151 int i, n = info->buffer_length;
152 uint8_t *buf = g_malloc(n);
154 info->read_memory_func(pc, buf, n, info);
156 for (i = 0; i < n; ++i) {
158 info->fprintf_func(info->stream, "\n%s: ", prefix);
160 info->fprintf_func(info->stream, "%02x", buf[i]);
167 static int print_insn_od_host(bfd_vma pc, disassemble_info *info)
169 return print_insn_objdump(pc, info, "OBJD-H");
172 static int print_insn_od_target(bfd_vma pc, disassemble_info *info)
174 return print_insn_objdump(pc, info, "OBJD-T");
177 #ifdef CONFIG_CAPSTONE
178 /* Temporary storage for the capstone library. This will be alloced via
179 malloc with a size private to the library; thus there's no reason not
180 to share this across calls and across host vs target disassembly. */
181 static __thread cs_insn *cap_insn;
183 /* Initialize the Capstone library. */
184 /* ??? It would be nice to cache this. We would need one handle for the
185 host and one for the target. For most targets we can reset specific
186 parameters via cs_option(CS_OPT_MODE, new_mode), but we cannot change
187 CS_ARCH_* in this way. Thus we would need to be able to close and
188 re-open the target handle with a different arch for the target in order
189 to handle AArch64 vs AArch32 mode switching. */
190 static cs_err cap_disas_start(disassemble_info *info, csh *handle)
192 cs_mode cap_mode = info->cap_mode;
195 cap_mode += (info->endian == BFD_ENDIAN_BIG ? CS_MODE_BIG_ENDIAN
196 : CS_MODE_LITTLE_ENDIAN);
198 err = cs_open(info->cap_arch, cap_mode, handle);
199 if (err != CS_ERR_OK) {
203 /* ??? There probably ought to be a better place to put this. */
204 if (info->cap_arch == CS_ARCH_X86) {
205 /* We don't care about errors (if for some reason the library
206 is compiled without AT&T syntax); the user will just have
207 to deal with the Intel syntax. */
208 cs_option(*handle, CS_OPT_SYNTAX, CS_OPT_SYNTAX_ATT);
211 /* "Disassemble" unknown insns as ".byte W,X,Y,Z". */
212 cs_option(*handle, CS_OPT_SKIPDATA, CS_OPT_ON);
214 /* Allocate temp space for cs_disasm_iter. */
215 if (cap_insn == NULL) {
216 cap_insn = cs_malloc(*handle);
217 if (cap_insn == NULL) {
225 static void cap_dump_insn_units(disassemble_info *info, cs_insn *insn,
228 fprintf_function print = info->fprintf_func;
229 FILE *stream = info->stream;
231 switch (info->cap_insn_unit) {
233 if (info->endian == BFD_ENDIAN_BIG) {
234 for (; i < n; i += 4) {
235 print(stream, " %08x", ldl_be_p(insn->bytes + i));
239 for (; i < n; i += 4) {
240 print(stream, " %08x", ldl_le_p(insn->bytes + i));
246 if (info->endian == BFD_ENDIAN_BIG) {
247 for (; i < n; i += 2) {
248 print(stream, " %04x", lduw_be_p(insn->bytes + i));
251 for (; i < n; i += 2) {
252 print(stream, " %04x", lduw_le_p(insn->bytes + i));
259 print(stream, " %02x", insn->bytes[i]);
265 static void cap_dump_insn(disassemble_info *info, cs_insn *insn,
268 fprintf_function print = info->fprintf_func;
271 print(info->stream, "0x%08" PRIx64 ": ", insn->address);
274 split = info->cap_insn_split;
276 /* Dump the first SPLIT bytes of the instruction. */
277 cap_dump_insn_units(info, insn, 0, MIN(n, split));
279 /* Add padding up to SPLIT so that mnemonics line up. */
281 int width = (split - n) / info->cap_insn_unit;
282 width *= (2 * info->cap_insn_unit + 1);
283 print(info->stream, "%*s", width, "");
286 /* Print the actual instruction. */
287 print(info->stream, " %-8s %s", insn->mnemonic, insn->op_str);
289 print(info->stream, "\t\t%s", note);
291 print(info->stream, "\n");
293 /* Dump any remaining part of the insn on subsequent lines. */
294 for (i = split; i < n; i += split) {
295 print(info->stream, "0x%08" PRIx64 ": ", insn->address + i);
296 cap_dump_insn_units(info, insn, i, MIN(n, i + split));
297 print(info->stream, "\n");
301 /* Disassemble SIZE bytes at PC for the target. */
302 static bool cap_disas_target(disassemble_info *info, uint64_t pc, size_t size)
304 uint8_t cap_buf[1024];
309 if (cap_disas_start(info, &handle) != CS_ERR_OK) {
315 size_t tsize = MIN(sizeof(cap_buf) - csize, size);
316 const uint8_t *cbuf = cap_buf;
318 target_read_memory(pc + csize, cap_buf + csize, tsize, info);
322 while (cs_disasm_iter(handle, &cbuf, &csize, &pc, insn)) {
323 cap_dump_insn(info, insn, NULL);
326 /* If the target memory is not consumed, go back for more... */
328 /* ... taking care to move any remaining fractional insn
329 to the beginning of the buffer. */
331 memmove(cap_buf, cbuf, csize);
336 /* Since the target memory is consumed, we should not have
337 a remaining fractional insn. */
339 (*info->fprintf_func)(info->stream,
340 "Disassembler disagrees with translator "
341 "over instruction decoding\n"
351 /* Disassemble SIZE bytes at CODE for the host. */
352 static bool cap_disas_host(disassemble_info *info, void *code, size_t size,
360 if (cap_disas_start(info, &handle) != CS_ERR_OK) {
366 pc = (uintptr_t)code;
368 while (cs_disasm_iter(handle, &cbuf, &size, &pc, insn)) {
369 cap_dump_insn(info, insn, note);
373 (*info->fprintf_func)(info->stream,
374 "Disassembler disagrees with TCG over instruction encoding\n"
382 #if !defined(CONFIG_USER_ONLY)
383 /* Disassemble COUNT insns at PC for the target. */
384 static bool cap_disas_monitor(disassemble_info *info, uint64_t pc, int count)
391 if (cap_disas_start(info, &handle) != CS_ERR_OK) {
397 /* We want to read memory for one insn, but generically we do not
398 know how much memory that is. We have a small buffer which is
399 known to be sufficient for all supported targets. Try to not
400 read beyond the page, Just In Case. For even more simplicity,
401 ignore the actual target page size and use a 1k boundary. If
402 that turns out to be insufficient, we'll come back around the
403 loop and read more. */
404 uint64_t epc = QEMU_ALIGN_UP(pc + csize + 1, 1024);
405 size_t tsize = MIN(sizeof(cap_buf) - csize, epc - pc);
406 const uint8_t *cbuf = cap_buf;
408 /* Make certain that we can make progress. */
410 info->read_memory_func(pc, cap_buf + csize, tsize, info);
413 if (cs_disasm_iter(handle, &cbuf, &csize, &pc, insn)) {
414 cap_dump_insn(info, insn, NULL);
419 memmove(cap_buf, cbuf, csize);
425 #endif /* !CONFIG_USER_ONLY */
427 # define cap_disas_target(i, p, s) false
428 # define cap_disas_host(i, p, s, n) false
429 # define cap_disas_monitor(i, p, c) false
430 # define cap_disas_plugin(i, p, c) false
431 #endif /* CONFIG_CAPSTONE */
433 /* Disassemble this for me please... (debugging). */
434 void target_disas(FILE *out, CPUState *cpu, target_ulong code,
437 CPUClass *cc = CPU_GET_CLASS(cpu);
442 INIT_DISASSEMBLE_INFO(s.info, out, fprintf);
445 s.info.read_memory_func = target_read_memory;
446 s.info.buffer_vma = code;
447 s.info.buffer_length = size;
448 s.info.print_address_func = generic_print_address;
449 s.info.cap_arch = -1;
451 s.info.cap_insn_unit = 4;
452 s.info.cap_insn_split = 4;
454 #ifdef TARGET_WORDS_BIGENDIAN
455 s.info.endian = BFD_ENDIAN_BIG;
457 s.info.endian = BFD_ENDIAN_LITTLE;
460 if (cc->disas_set_info) {
461 cc->disas_set_info(cpu, &s.info);
464 if (s.info.cap_arch >= 0 && cap_disas_target(&s.info, code, size)) {
468 if (s.info.print_insn == NULL) {
469 s.info.print_insn = print_insn_od_target;
472 for (pc = code; size > 0; pc += count, size -= count) {
473 fprintf(out, "0x" TARGET_FMT_lx ": ", pc);
474 count = s.info.print_insn(pc, &s.info);
480 "Disassembler disagrees with translator over instruction "
488 static __thread GString plugin_disas_output;
490 static int plugin_printf(FILE *stream, const char *fmt, ...)
493 GString *s = &plugin_disas_output;
494 int initial_len = s->len;
497 g_string_append_vprintf(s, fmt, va);
500 return s->len - initial_len;
503 static void plugin_print_address(bfd_vma addr, struct disassemble_info *info)
509 #ifdef CONFIG_CAPSTONE
510 /* Disassemble a single instruction directly into plugin output */
512 bool cap_disas_plugin(disassemble_info *info, uint64_t pc, size_t size)
514 uint8_t cap_buf[1024];
519 GString *s = &plugin_disas_output;
521 if (cap_disas_start(info, &handle) != CS_ERR_OK) {
526 size_t tsize = MIN(sizeof(cap_buf) - csize, size);
527 const uint8_t *cbuf = cap_buf;
528 target_read_memory(pc, cap_buf, tsize, info);
530 count = cs_disasm(handle, cbuf, size, 0, 1, &insn);
533 g_string_printf(s, "%s %s", insn->mnemonic, insn->op_str);
535 g_string_printf(s, "cs_disasm failed");
544 * We should only be dissembling one instruction at a time here. If
545 * there is left over it usually indicates the front end has read more
546 * bytes than it needed.
548 char *plugin_disas(CPUState *cpu, uint64_t addr, size_t size)
550 CPUClass *cc = CPU_GET_CLASS(cpu);
553 GString *ds = g_string_set_size(&plugin_disas_output, 0);
555 g_assert(ds == &plugin_disas_output);
557 INIT_DISASSEMBLE_INFO(s.info, NULL, plugin_printf);
560 s.info.read_memory_func = target_read_memory;
561 s.info.buffer_vma = addr;
562 s.info.buffer_length = size;
563 s.info.print_address_func = plugin_print_address;
564 s.info.cap_arch = -1;
566 s.info.cap_insn_unit = 4;
567 s.info.cap_insn_split = 4;
569 #ifdef TARGET_WORDS_BIGENDIAN
570 s.info.endian = BFD_ENDIAN_BIG;
572 s.info.endian = BFD_ENDIAN_LITTLE;
575 if (cc->disas_set_info) {
576 cc->disas_set_info(cpu, &s.info);
579 if (s.info.cap_arch >= 0 && cap_disas_plugin(&s.info, addr, size)) {
580 return g_strdup(ds->str);
583 if (s.info.print_insn == NULL) {
584 s.info.print_insn = print_insn_od_target;
587 count = s.info.print_insn(addr, &s.info);
589 /* The decoder probably read more than it needed it's not critical */
591 warn_report("%s: %zu bytes left over", __func__, size - count);
594 return g_strdup(ds->str);
597 /* Disassemble this for me please... (debugging). */
598 void disas(FILE *out, void *code, unsigned long size, const char *note)
603 int (*print_insn)(bfd_vma pc, disassemble_info *info) = NULL;
605 INIT_DISASSEMBLE_INFO(s.info, out, fprintf);
606 s.info.print_address_func = generic_print_host_address;
608 s.info.buffer = code;
609 s.info.buffer_vma = (uintptr_t)code;
610 s.info.buffer_length = size;
611 s.info.cap_arch = -1;
613 s.info.cap_insn_unit = 4;
614 s.info.cap_insn_split = 4;
616 #ifdef HOST_WORDS_BIGENDIAN
617 s.info.endian = BFD_ENDIAN_BIG;
619 s.info.endian = BFD_ENDIAN_LITTLE;
621 #if defined(CONFIG_TCG_INTERPRETER)
622 print_insn = print_insn_tci;
623 #elif defined(__i386__)
624 s.info.mach = bfd_mach_i386_i386;
625 print_insn = print_insn_i386;
626 s.info.cap_arch = CS_ARCH_X86;
627 s.info.cap_mode = CS_MODE_32;
628 s.info.cap_insn_unit = 1;
629 s.info.cap_insn_split = 8;
630 #elif defined(__x86_64__)
631 s.info.mach = bfd_mach_x86_64;
632 print_insn = print_insn_i386;
633 s.info.cap_arch = CS_ARCH_X86;
634 s.info.cap_mode = CS_MODE_64;
635 s.info.cap_insn_unit = 1;
636 s.info.cap_insn_split = 8;
637 #elif defined(_ARCH_PPC)
638 s.info.disassembler_options = (char *)"any";
639 print_insn = print_insn_ppc;
640 s.info.cap_arch = CS_ARCH_PPC;
642 s.info.cap_mode = CS_MODE_64;
644 #elif defined(__riscv) && defined(CONFIG_RISCV_DIS)
645 #if defined(_ILP32) || (__riscv_xlen == 32)
646 print_insn = print_insn_riscv32;
648 print_insn = print_insn_riscv64;
650 #error unsupported RISC-V ABI
652 #elif defined(__aarch64__) && defined(CONFIG_ARM_A64_DIS)
653 print_insn = print_insn_arm_a64;
654 s.info.cap_arch = CS_ARCH_ARM64;
655 #elif defined(__alpha__)
656 print_insn = print_insn_alpha;
657 #elif defined(__sparc__)
658 print_insn = print_insn_sparc;
659 s.info.mach = bfd_mach_sparc_v9b;
660 #elif defined(__arm__)
661 print_insn = print_insn_arm;
662 s.info.cap_arch = CS_ARCH_ARM;
663 /* TCG only generates code for arm mode. */
664 #elif defined(__MIPSEB__)
665 print_insn = print_insn_big_mips;
666 #elif defined(__MIPSEL__)
667 print_insn = print_insn_little_mips;
668 #elif defined(__m68k__)
669 print_insn = print_insn_m68k;
670 #elif defined(__s390__)
671 print_insn = print_insn_s390;
672 #elif defined(__hppa__)
673 print_insn = print_insn_hppa;
676 if (s.info.cap_arch >= 0 && cap_disas_host(&s.info, code, size, note)) {
680 if (print_insn == NULL) {
681 print_insn = print_insn_od_host;
683 for (pc = (uintptr_t)code; size > 0; pc += count, size -= count) {
684 fprintf(out, "0x%08" PRIxPTR ": ", pc);
685 count = print_insn(pc, &s.info);
687 fprintf(out, "\t\t%s", note);
698 /* Look up symbol for debugging purpose. Returns "" if unknown. */
699 const char *lookup_symbol(target_ulong orig_addr)
701 const char *symbol = "";
704 for (s = syminfos; s; s = s->next) {
705 symbol = s->lookup_symbol(s, orig_addr);
706 if (symbol[0] != '\0') {
714 #if !defined(CONFIG_USER_ONLY)
716 #include "monitor/monitor.h"
719 physical_read_memory(bfd_vma memaddr, bfd_byte *myaddr, int length,
720 struct disassemble_info *info)
722 CPUDebug *s = container_of(info, CPUDebug, info);
725 res = address_space_read(s->cpu->as, memaddr, MEMTXATTRS_UNSPECIFIED,
727 return res == MEMTX_OK ? 0 : EIO;
730 /* Disassembler for the monitor. */
731 void monitor_disas(Monitor *mon, CPUState *cpu,
732 target_ulong pc, int nb_insn, int is_physical)
734 CPUClass *cc = CPU_GET_CLASS(cpu);
738 INIT_DISASSEMBLE_INFO(s.info, NULL, qemu_fprintf);
741 s.info.read_memory_func
742 = (is_physical ? physical_read_memory : target_read_memory);
743 s.info.print_address_func = generic_print_address;
744 s.info.buffer_vma = pc;
745 s.info.cap_arch = -1;
747 s.info.cap_insn_unit = 4;
748 s.info.cap_insn_split = 4;
750 #ifdef TARGET_WORDS_BIGENDIAN
751 s.info.endian = BFD_ENDIAN_BIG;
753 s.info.endian = BFD_ENDIAN_LITTLE;
756 if (cc->disas_set_info) {
757 cc->disas_set_info(cpu, &s.info);
760 if (s.info.cap_arch >= 0 && cap_disas_monitor(&s.info, pc, nb_insn)) {
764 if (!s.info.print_insn) {
765 monitor_printf(mon, "0x" TARGET_FMT_lx
766 ": Asm output not supported on this arch\n", pc);
770 for(i = 0; i < nb_insn; i++) {
771 monitor_printf(mon, "0x" TARGET_FMT_lx ": ", pc);
772 count = s.info.print_insn(pc, &s.info);
773 monitor_printf(mon, "\n");
projects / qemu.git / blob