1 /*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "linker/arm/relative_patcher_thumb2.h"
18
19 #include <sstream>
20
21 #include "arch/arm/asm_support_arm.h"
22 #include "art_method.h"
23 #include "base/bit_utils.h"
24 #include "base/malloc_arena_pool.h"
25 #include "compiled_method.h"
26 #include "entrypoints/quick/quick_entrypoints_enum.h"
27 #include "linker/linker_patch.h"
28 #include "lock_word.h"
29 #include "mirror/array-inl.h"
30 #include "mirror/object.h"
31 #include "read_barrier.h"
32 #include "utils/arm/assembler_arm_vixl.h"
33
34 namespace art {
35 namespace linker {
36
37 // PC displacement from patch location; Thumb2 PC is always at instruction address + 4.
38 static constexpr int32_t kPcDisplacement = 4;
39
40 // Maximum positive and negative displacement for method call measured from the patch location.
41 // (Signed 25 bit displacement with the last bit 0 has range [-2^24, 2^24-2] measured from
42 // the Thumb2 PC pointing right after the BL, i.e. 4 bytes later than the patch location.)
43 constexpr uint32_t kMaxMethodCallPositiveDisplacement = (1u << 24) - 2 + kPcDisplacement;
44 constexpr uint32_t kMaxMethodCallNegativeDisplacement = (1u << 24) - kPcDisplacement;
45
46 // Maximum positive and negative displacement for a conditional branch measured from the patch
47 // location. (Signed 21 bit displacement with the last bit 0 has range [-2^20, 2^20-2] measured
48 // from the Thumb2 PC pointing right after the B.cond, i.e. 4 bytes later than the patch location.)
49 constexpr uint32_t kMaxBcondPositiveDisplacement = (1u << 20) - 2u + kPcDisplacement;
50 constexpr uint32_t kMaxBcondNegativeDisplacement = (1u << 20) - kPcDisplacement;
51
Thumb2RelativePatcher(RelativePatcherThunkProvider * thunk_provider,RelativePatcherTargetProvider * target_provider)52 Thumb2RelativePatcher::Thumb2RelativePatcher(RelativePatcherThunkProvider* thunk_provider,
53 RelativePatcherTargetProvider* target_provider)
54 : ArmBaseRelativePatcher(thunk_provider, target_provider, InstructionSet::kThumb2) {
55 }
56
PatchCall(std::vector<uint8_t> * code,uint32_t literal_offset,uint32_t patch_offset,uint32_t target_offset)57 void Thumb2RelativePatcher::PatchCall(std::vector<uint8_t>* code,
58 uint32_t literal_offset,
59 uint32_t patch_offset,
60 uint32_t target_offset) {
61 DCHECK_ALIGNED(patch_offset, 2u);
62 DCHECK_EQ(target_offset & 1u, 1u); // Thumb2 mode bit.
63 uint32_t displacement = CalculateMethodCallDisplacement(patch_offset, target_offset & ~1u);
64 PatchBl(code, literal_offset, displacement);
65 }
66
PatchPcRelativeReference(std::vector<uint8_t> * code,const LinkerPatch & patch,uint32_t patch_offset,uint32_t target_offset)67 void Thumb2RelativePatcher::PatchPcRelativeReference(std::vector<uint8_t>* code,
68 const LinkerPatch& patch,
69 uint32_t patch_offset,
70 uint32_t target_offset) {
71 uint32_t literal_offset = patch.LiteralOffset();
72 uint32_t pc_literal_offset = patch.PcInsnOffset();
73 uint32_t pc_base = patch_offset + (pc_literal_offset - literal_offset) + 4u /* PC adjustment */;
74 uint32_t diff = target_offset - pc_base;
75
76 uint32_t insn = GetInsn32(code, literal_offset);
77 DCHECK_EQ(insn & 0xff7ff0ffu, 0xf2400000u); // MOVW/MOVT, unpatched (imm16 == 0).
78 uint32_t diff16 = ((insn & 0x00800000u) != 0u) ? (diff >> 16) : (diff & 0xffffu);
79 uint32_t imm4 = (diff16 >> 12) & 0xfu;
80 uint32_t imm = (diff16 >> 11) & 0x1u;
81 uint32_t imm3 = (diff16 >> 8) & 0x7u;
82 uint32_t imm8 = diff16 & 0xffu;
83 insn = (insn & 0xfbf08f00u) | (imm << 26) | (imm4 << 16) | (imm3 << 12) | imm8;
84 SetInsn32(code, literal_offset, insn);
85 }
86
PatchEntrypointCall(std::vector<uint8_t> * code,const LinkerPatch & patch,uint32_t patch_offset)87 void Thumb2RelativePatcher::PatchEntrypointCall(std::vector<uint8_t>* code,
88 const LinkerPatch& patch,
89 uint32_t patch_offset) {
90 DCHECK_ALIGNED(patch_offset, 2u);
91 ThunkKey key = GetEntrypointCallKey(patch);
92 uint32_t target_offset = GetThunkTargetOffset(key, patch_offset);
93 DCHECK_ALIGNED(target_offset, 4u);
94 uint32_t displacement = target_offset - patch_offset;
95 PatchBl(code, patch.LiteralOffset(), displacement);
96 }
97
PatchBakerReadBarrierBranch(std::vector<uint8_t> * code,const LinkerPatch & patch,uint32_t patch_offset)98 void Thumb2RelativePatcher::PatchBakerReadBarrierBranch(std::vector<uint8_t>* code,
99 const LinkerPatch& patch,
100 uint32_t patch_offset) {
101 DCHECK_ALIGNED(patch_offset, 2u);
102 uint32_t literal_offset = patch.LiteralOffset();
103 DCHECK_ALIGNED(literal_offset, 2u);
104 DCHECK_LT(literal_offset, code->size());
105 uint32_t insn = GetInsn32(code, literal_offset);
106 DCHECK_EQ(insn, 0xf0408000); // BNE +0 (unpatched)
107 ThunkKey key = GetBakerThunkKey(patch);
108 uint32_t target_offset = GetThunkTargetOffset(key, patch_offset);
109 DCHECK_ALIGNED(target_offset, 4u);
110 uint32_t disp = target_offset - (patch_offset + kPcDisplacement);
111 DCHECK((disp >> 20) == 0u || (disp >> 20) == 0xfffu); // 21-bit signed.
112 insn |= ((disp << (26 - 20)) & 0x04000000u) | // Shift bit 20 to 26, "S".
113 ((disp >> (19 - 11)) & 0x00000800u) | // Shift bit 19 to 13, "J1".
114 ((disp >> (18 - 13)) & 0x00002000u) | // Shift bit 18 to 11, "J2".
115 ((disp << (16 - 12)) & 0x003f0000u) | // Shift bits 12-17 to 16-25, "imm6".
116 ((disp >> (1 - 0)) & 0x000007ffu); // Shift bits 1-12 to 0-11, "imm11".
117 SetInsn32(code, literal_offset, insn);
118 }
119
MaxPositiveDisplacement(const ThunkKey & key)120 uint32_t Thumb2RelativePatcher::MaxPositiveDisplacement(const ThunkKey& key) {
121 switch (key.GetType()) {
122 case ThunkType::kMethodCall:
123 case ThunkType::kEntrypointCall:
124 return kMaxMethodCallPositiveDisplacement;
125 case ThunkType::kBakerReadBarrier:
126 return kMaxBcondPositiveDisplacement;
127 }
128 }
129
MaxNegativeDisplacement(const ThunkKey & key)130 uint32_t Thumb2RelativePatcher::MaxNegativeDisplacement(const ThunkKey& key) {
131 switch (key.GetType()) {
132 case ThunkType::kMethodCall:
133 case ThunkType::kEntrypointCall:
134 return kMaxMethodCallNegativeDisplacement;
135 case ThunkType::kBakerReadBarrier:
136 return kMaxBcondNegativeDisplacement;
137 }
138 }
139
PatchBl(std::vector<uint8_t> * code,uint32_t literal_offset,uint32_t displacement)140 void Thumb2RelativePatcher::PatchBl(std::vector<uint8_t>* code,
141 uint32_t literal_offset,
142 uint32_t displacement) {
143 displacement -= kPcDisplacement; // The base PC is at the end of the 4-byte patch.
144 DCHECK_EQ(displacement & 1u, 0u);
145 DCHECK((displacement >> 24) == 0u || (displacement >> 24) == 255u); // 25-bit signed.
146 uint32_t signbit = (displacement >> 31) & 0x1;
147 uint32_t i1 = (displacement >> 23) & 0x1;
148 uint32_t i2 = (displacement >> 22) & 0x1;
149 uint32_t imm10 = (displacement >> 12) & 0x03ff;
150 uint32_t imm11 = (displacement >> 1) & 0x07ff;
151 uint32_t j1 = i1 ^ (signbit ^ 1);
152 uint32_t j2 = i2 ^ (signbit ^ 1);
153 uint32_t value = (signbit << 26) | (j1 << 13) | (j2 << 11) | (imm10 << 16) | imm11;
154 value |= 0xf000d000; // BL
155
156 // Check that we're just overwriting an existing BL.
157 DCHECK_EQ(GetInsn32(code, literal_offset) & 0xf800d000, 0xf000d000);
158 // Write the new BL.
159 SetInsn32(code, literal_offset, value);
160 }
161
SetInsn32(std::vector<uint8_t> * code,uint32_t offset,uint32_t value)162 void Thumb2RelativePatcher::SetInsn32(std::vector<uint8_t>* code, uint32_t offset, uint32_t value) {
163 DCHECK_LE(offset + 4u, code->size());
164 DCHECK_ALIGNED(offset, 2u);
165 uint8_t* addr = &(*code)[offset];
166 addr[0] = (value >> 16) & 0xff;
167 addr[1] = (value >> 24) & 0xff;
168 addr[2] = (value >> 0) & 0xff;
169 addr[3] = (value >> 8) & 0xff;
170 }
171
GetInsn32(ArrayRef<const uint8_t> code,uint32_t offset)172 uint32_t Thumb2RelativePatcher::GetInsn32(ArrayRef<const uint8_t> code, uint32_t offset) {
173 DCHECK_LE(offset + 4u, code.size());
174 DCHECK_ALIGNED(offset, 2u);
175 const uint8_t* addr = &code[offset];
176 return
177 (static_cast<uint32_t>(addr[0]) << 16) +
178 (static_cast<uint32_t>(addr[1]) << 24) +
179 (static_cast<uint32_t>(addr[2]) << 0)+
180 (static_cast<uint32_t>(addr[3]) << 8);
181 }
182
183 template <typename Vector>
GetInsn32(Vector * code,uint32_t offset)184 uint32_t Thumb2RelativePatcher::GetInsn32(Vector* code, uint32_t offset) {
185 static_assert(std::is_same<typename Vector::value_type, uint8_t>::value, "Invalid value type");
186 return GetInsn32(ArrayRef<const uint8_t>(*code), offset);
187 }
188
GetInsn16(ArrayRef<const uint8_t> code,uint32_t offset)189 uint32_t Thumb2RelativePatcher::GetInsn16(ArrayRef<const uint8_t> code, uint32_t offset) {
190 DCHECK_LE(offset + 2u, code.size());
191 DCHECK_ALIGNED(offset, 2u);
192 const uint8_t* addr = &code[offset];
193 return (static_cast<uint32_t>(addr[0]) << 0) + (static_cast<uint32_t>(addr[1]) << 8);
194 }
195
196 template <typename Vector>
GetInsn16(Vector * code,uint32_t offset)197 uint32_t Thumb2RelativePatcher::GetInsn16(Vector* code, uint32_t offset) {
198 static_assert(std::is_same<typename Vector::value_type, uint8_t>::value, "Invalid value type");
199 return GetInsn16(ArrayRef<const uint8_t>(*code), offset);
200 }
201
202 } // namespace linker
203 } // namespace art
204