/*++
Copyright (c) 1992-2000 Microsoft Corporation
Module Name:
analysis.c
Abstract:
This module contains the main file of the analysis
module.
Author:
Ori Gershony (t-orig) creation-date 6-July-1995
Revision History:
24-Aug-1999 [askhalid] copied from 32-bit wx86 directory and make work for 64bit.
--*/
#include <nt.h>
#include <ntrtl.h>
#include <nturtl.h>
#include <windows.h>
#include <wx86.h>
#include <wx86nt.h>
#include <wx86cpu.h>
#include <cpuassrt.h>
#include <threadst.h>
#include <instr.h>
#include <analysis.h>
#include <decoder.h>
#include <frag.h>
#include <config.h>
#include <compiler.h>
ASSERTNAME;
//
// Macro to determine when to stop looking ahead during compilation.
//
#define STOP_DECODING(inst) (Fragments[inst.Operation].Flags & OPFL_STOP_COMPILE)
//
// Map a REG_ constant (offset into cpu struct) into register bit map
// used by instruction data.
//
const DWORD MapRegNumToRegBits[0x1e] =
{REGEAX, REGECX, REGEDX, REGEBX, REGESP, REGEBP, REGESI, REGEDI,
0, 0, 0, 0, 0, 0,
REGAX, REGCX, REGDX, REGBX, REGSP, REGBP, REGSI, REGDI,
REGAL, REGCL, REGDL, REGBL, REGAH, REGCH, REGDH, REGBH };
ULONG
LocateEntryPoints(
PINSTRUCTION InstructionStream,
ULONG NumberOfInstructions
)
/*++
Routine Description:
This function scans the InstructionStream and marks instructions
which begin entrypoint. An instruction begins an entrypoint if its
EntryPoint field has a different value than the previous instruction's
value. No instruction will have a NULL pointer.
Note that in this pass, the EntryPoint field does *not* point to an
ENTRYPOINT structure... it is only a marker.
Arguments:
IntelStart -- The intel address of the first instruction in the stream
IntelStart -- The last byte of the last intel instruction in the stream
Return Value:
Count of EntryPoints located.
--*/
{
ULONG i, j, intelDest;
ULONG EntryPointCounter;
ULONG IntelStart;
ULONG IntelEnd;
if (CompilerFlags & COMPFL_SLOW) {
//
// The compiler is supposed to generate slowmode code. Each
// x86 instruction gets its own ENTRYPOINT
//
EntryPointCounter=1;
for (i=0; i<NumberOfInstructions; i++) {
//
// Mark all instructions which don't correspond to 0-byte NOPs
// following optimized instructions as starting EntryPoints.
//
if (InstructionStream[i].Size) {
EntryPointCounter++;
}
InstructionStream[i].EntryPoint = (PENTRYPOINT)EntryPointCounter;
}
} else {
//
// Find all instructions which need Entrypoints.
// Performance is O(n^2) in the worst case, although
// it will be typically much closer to O(n)
//
// Instructions which mark the starts of Entrypoints have
// their .EntryPoint pointer set to non-NULL. Instructions which
// don't require entrypoints have it set to NULL;
//
IntelStart = InstructionStream[0].IntelAddress;
IntelEnd = IntelStart +
InstructionStream[NumberOfInstructions-1].IntelAddress +
InstructionStream[NumberOfInstructions-1].Size;
//
// The first instruction always gets an entrypoint
//
InstructionStream[0].EntryPoint = (PENTRYPOINT)1;
//
// Visit each instruction in turn
//
for (i=0; i<NumberOfInstructions; i++) {
if (((i+1) < NumberOfInstructions) &&
(Fragments[InstructionStream[i].Operation].Flags & OPFL_END_NEXT_EP)) {
//
// This instruction marks the end of an Entrypoint. The next
// instruction gets a new Entrypoint.
//
CPUASSERT(i < CpuInstructionLookahead-1 && i < NumberOfInstructions-1);
InstructionStream[i+1].EntryPoint = (PENTRYPOINT)1;
}
// Now see if it is a direct control transfer instruction with a
// destination that lies within this instruction stream. If it is,
// we want to create an Entry Point at the destination so that the
// control transfer will be compiled directly to the patched form,
// and won't have to be patched later.
//
if (Fragments[InstructionStream[i].Operation].Flags & OPFL_CTRLTRNS) {
//
// The instruction is a direct control-transfer. If the
// destination is within the InstructionStream, create an
// Entrypoint at the destination.
//
if (InstructionStream[i].Operand1.Type == OPND_IMM ||
InstructionStream[i].Operand1.Type == OPND_NOCODEGEN) {
// Get the intel destination from the instruction structure.
intelDest = InstructionStream[i].Operand1.Immed;
} else {
CPUASSERT(InstructionStream[i].Operand1.Type == OPND_ADDRREF );
// A FAR instruction - Operand1 is a ptr to a SEL:OFFSET pair
intelDest = *(UNALIGNED PULONG)(InstructionStream[i].Operand1.Immed);
}
// Get the intel destination from the instruction structure.
// It is always an immediate with direct control transfers.
if ((intelDest >= IntelStart) && (intelDest <= IntelEnd)) {
//
// Destination of the control-transfer is within the
// instructionstream. Find the destination instruction.
//
if (intelDest > InstructionStream[i].IntelAddress) {
//
// The dest. address is at a higher address.
//
for (j=i+1; j<NumberOfInstructions; ++j) {
if (InstructionStream[j].IntelAddress == intelDest) {
break;
}
}
} else {
//
// The dest. address is at a lower address.
//
for (j=i; j>0; --j) {
if (InstructionStream[j].IntelAddress == intelDest) {
break;
}
}
}
//
// An exact match may not be found in the event that the
// app is punning (either a real pun or the app is jumping
// into the middle of an optimized instruction). In
// either of the cases, defer entrypoint creation until
// the branch is actually taken.
//
if (j >= 0 && j < NumberOfInstructions) {
//
// Exact match was found. Create an Entrypoint.
//
InstructionStream[j].EntryPoint = (PENTRYPOINT)1;
}
}
} // if OPFL_CTRLTRNS
} // for ()
//
// Convert the EntryPoint field from NULL/non-NULL to a unique
// value for each range of instructions.
//
EntryPointCounter=1;
i=0;
while (i<NumberOfInstructions) {
//
// This instruction marks the beginning of a basic block
//
InstructionStream[i].EntryPoint = (PENTRYPOINT)EntryPointCounter;
j=i+1;
while (j < NumberOfInstructions) {
if ((j >= NumberOfInstructions) ||
(InstructionStream[j].Size && InstructionStream[j].EntryPoint)) {
//
// Either ran out of instructions, or encountered an instruction
// which marks the start of the next basic block. Note that
// 0-byte NOP instructions are not allowed to start basic blocks
// as that violates the rules of OPT_ instructions.
//
break;
}
InstructionStream[j].EntryPoint = (PENTRYPOINT)EntryPointCounter;
j++;
}
EntryPointCounter++;
i = j;
}
} // if not COMPFL_SLOW
//
// At this point, EntryPointCounter holds the number of EntryPoints
// plus one, because we started the counter at 1, not 0. Correct
// that now.
//
EntryPointCounter--;
return EntryPointCounter;
}
VOID
UpdateRegs(
PINSTRUCTION pInstr,
POPERAND Operand
)
/*++
Routine Description:
Updates the list of registers referenced and/or modified based on the
Operand.
Arguments:
pInstr -- the instruction to examine
Operand -- the operand of the instruction to examine
Return Value:
return-value - none
--*/
{
switch (Operand->Type) {
case OPND_NOCODEGEN:
case OPND_REGREF:
if (Operand->Reg != NO_REG) {
pInstr->RegsSet |= MapRegNumToRegBits[Operand->Reg];
}
break;
case OPND_REGVALUE:
if (Operand->Reg != NO_REG) {
pInstr->RegsNeeded |= MapRegNumToRegBits[Operand->Reg];
}
break;
case OPND_ADDRREF:
case OPND_ADDRVALUE8:
case OPND_ADDRVALUE16:
case OPND_ADDRVALUE32:
if (Operand->Reg != NO_REG) {
pInstr->RegsNeeded |= MapRegNumToRegBits[Operand->Reg];
}
if (Operand->IndexReg != NO_REG) {
pInstr->RegsNeeded |= MapRegNumToRegBits[Operand->IndexReg];
}
break;
default:
break;
}
}
VOID
CacheIntelRegs(
PINSTRUCTION InstructionStream,
ULONG numInstr)
/*++
Routine Description:
This function deterimes what x86 registers, if any, can be cached in
RISC preserved registers.
Arguments:
InstructionStream -- The instruction stream returned by the decoder
numInstr -- The length of InstructionStream
Return Value:
return-value - none
--*/
{
PINSTRUCTION pInstr;
BYTE RegUsage[REGCOUNT];
DWORD RegsToCache;
int i;
PENTRYPOINT PrevEntryPoint;
//
// Calculate the RegsSet and RegsNeeded for the bottommost instruction
//
pInstr = &InstructionStream[numInstr-1];
pInstr->RegsSet = Fragments[pInstr->Operation].RegsSet;
PrevEntryPoint = pInstr->EntryPoint;
UpdateRegs(pInstr, &pInstr->Operand1);
UpdateRegs(pInstr, &pInstr->Operand2);
UpdateRegs(pInstr, &pInstr->Operand3);
//
// For each 32-bit register used as a parameter to this instruction,
// set the usage count to 1.
//
for (i=0; i<REGCOUNT; ++i) {
if (pInstr->RegsNeeded & (REGMASK<<(REGSHIFT*i))) {
RegUsage[i] = 1;
} else {
RegUsage[i] = 0;
}
}
//
// Loop over instruction stream from bottom to top, starting at the
// second-to-last instruction
//
for (pInstr--; pInstr >= InstructionStream; pInstr--) {
//
// Calculate the RegsSet and RegsNeeded values for this instruction
//
pInstr->RegsSet = Fragments[pInstr->Operation].RegsSet;
UpdateRegs(pInstr, &pInstr->Operand1);
UpdateRegs(pInstr, &pInstr->Operand2);
UpdateRegs(pInstr, &pInstr->Operand3);
RegsToCache = 0;
if (PrevEntryPoint != pInstr->EntryPoint) {
//
// The current instruction marks the end of an Entrypoint.
//
PrevEntryPoint = pInstr->EntryPoint;
//
// For all x86 registers which have been read more than once
// but not modified in the basic block, load them into the
// cache before executing the first instruction in the basic
// block.
//
for (i=0; i<REGCOUNT; ++i) {
if (RegUsage[i] > 1) {
RegsToCache |= (REGMASK<<(REGSHIFT*i));
}
}
//
// Reset the RegUsage[] array to indicate no registers are
// cached.
//
RtlZeroMemory(RegUsage, REGCOUNT);
} else {
//
// For each 32-bit x86 register modified by this instruction,
// update the caching info.
//
for (i=0; i<REGCOUNT; ++i) {
DWORD RegBits = pInstr->RegsSet & (REGMASK<<(REGSHIFT*i));
if (RegBits) {
//
// The ith 32-bit x86 register has been modified by this
// instruction
//
if (RegUsage[i] > 1) {
//
// There is more than one consumer of the modified
// value so it is worth caching.
//
RegsToCache |= RegBits;
}
//
// Since this x86 register was dirtied by this instruction,
// it usage count must be reset to 0.
//
RegUsage[i] = 0;
}
}
}
//
// Update the list of x86 registers which can be loaded into
// cache registers before the next instruction executes.
//
pInstr[1].RegsToCache |= RegsToCache;
//
// For each 32-bit register used as a parameter to this instruction,
// bump the usage count.
//
for (i=0; i<REGCOUNT; ++i) {
if (pInstr->RegsNeeded & (REGMASK<<(REGSHIFT*i))) {
RegUsage[i]++;
}
}
}
}
VOID
OptimizeInstructionStream(
PINSTRUCTION IS,
ULONG numInstr
)
/*++
Routine Description:
This function performs various optimization on the instruction stream
retured by the decoder.
Arguments:
IS -- The instruction stream returned by the decoder
numInstr -- The length of IS
Return Value:
return-value - none
--*/
{
ULONG i;
CPUASSERTMSG(numInstr, "Cannot optimize 0-length instruction stream");
//
// Pass 1: Optimize x86 instruction stream, replacing single x86
// instructions with special-case instructions, and replacing
// multiple x86 instructions with single special-case OPT_
// instructions
//
for (i=0; i<numInstr; ++i) {
switch (IS[i].Operation) {
case OP_Push32:
if (i < numInstr-2
&& IS[i].Operand1.Type == OPND_REGVALUE){
if (IS[i].Operand1.Reg == GP_EBP) {
// OP_OPT_SetupStack --
// push ebp
// mov ebp, esp
// sub esp, x
if ((IS[i+1].Operation == OP_Mov32) &&
(IS[i+1].Operand1.Type == OPND_REGREF) &&
(IS[i+1].Operand1.Reg == GP_EBP) &&
(IS[i+1].Operand2.Type == OPND_REGVALUE) &&
(IS[i+1].Operand2.Reg == GP_ESP) &&
(IS[i+2].Operation == OP_Sub32) &&
(IS[i+2].Operand1.Type == OPND_REGREF) &&
(IS[i+2].Operand1.Reg == GP_ESP) &&
(IS[i+2].Operand2.Type == OPND_IMM)){
IS[i].Operation = OP_OPT_SetupStack;
IS[i].Operand1.Type = OPND_IMM;
IS[i].Operand1.Immed = IS[i+2].Operand2.Immed;
IS[i].Size += IS[i+1].Size + IS[i+2].Size;
IS[i].Operand2.Type = OPND_NONE;
IS[i+1].Operation = OP_Nop;
IS[i+1].Operand1.Type = OPND_NONE;
IS[i+1].Operand2.Type = OPND_NONE;
IS[i+1].Size = 0;
IS[i+2].Operation = OP_Nop;
IS[i+2].Operand1.Type = OPND_NONE;
IS[i+2].Operand2.Type = OPND_NONE;
IS[i+2].Size = 0;
i+=2;
break;
}
} else if (IS[i].Operand1.Reg == GP_EBX) {
// OP_OPT_PushEbxEsiEdi --
// push ebx
// push esi
// push edi
if ((IS[i+1].Operation == OP_Push32) &&
(IS[i+1].Operand1.Type == OPND_REGVALUE) &&
(IS[i+1].Operand1.Reg == GP_ESI) &&
(IS[i+2].Operation == OP_Push32) &&
(IS[i+2].Operand1.Type == OPND_REGVALUE) &&
(IS[i+2].Operand1.Reg == GP_EDI)){
IS[i].Operation = OP_OPT_PushEbxEsiEdi;
IS[i].Size += IS[i+1].Size + IS[i+2].Size;
IS[i].Operand1.Type = OPND_NONE;
IS[i].Operand2.Type = OPND_NONE;
IS[i+1].Operation = OP_Nop;
IS[i+1].Operand1.Type = OPND_NONE;
IS[i+1].Operand2.Type = OPND_NONE;
IS[i+1].Size = 0;
IS[i+2].Operation = OP_Nop;
IS[i+2].Operand1.Type = OPND_NONE;
IS[i+2].Operand2.Type = OPND_NONE;
IS[i+2].Size = 0;
i+=2;
break;
}
}
}
//
// It is not one of the other special PUSH sequences, so see
// if there are two consecutive PUSHes to merge together. Note:
// If the second PUSH references ESP, the two cannot be merged
// because the value is computed before 4 is subtracted from ESP.
// ie. the following is disallowed:
// PUSH EAX
// PUSH ESP ; second operand to Push2 would have been
// ; built before the PUSH EAX was executed.
//
if (i < numInstr-1 &&
!IS[i].FsOverride &&
!IS[i+1].FsOverride &&
IS[i+1].Operation == OP_Push32 &&
IS[i+1].Operand1.Reg != GP_ESP &&
IS[i+1].Operand1.IndexReg != GP_ESP) {
IS[i].Operation = OP_OPT_Push232;
IS[i].Operand2 = IS[i+1].Operand1;
IS[i].Size += IS[i+1].Size;
IS[i+1].Operation = OP_Nop;
IS[i+1].Operand1.Type = OPND_NONE;
IS[i+1].Size = 0;
i++;
}
break;
case OP_Pop32:
// OP_OPT_PopEdiEsiEbx
// pop edi
// pop esi
// pop ebx
if (i < numInstr-2 &&
(IS[i].Operand1.Type == OPND_REGREF) &&
(IS[i].Operand1.Reg == GP_EDI) &&
(IS[i+1].Operation == OP_Pop32) &&
(IS[i+1].Operand1.Type == OPND_REGREF) &&
(IS[i+1].Operand1.Reg == GP_ESI) &&
(IS[i+2].Operation == OP_Pop32) &&
(IS[i+2].Operand1.Type == OPND_REGREF) &&
(IS[i+2].Operand1.Reg == GP_EBX)){
IS[i].Operation = OP_OPT_PopEdiEsiEbx;
IS[i].Size += IS[i+1].Size + IS[i+2].Size;
IS[i].Operand1.Type = OPND_NONE;
IS[i].Operand2.Type = OPND_NONE;
IS[i+1].Operation = OP_Nop;
IS[i+1].Operand1.Type = OPND_NONE;
IS[i+1].Operand2.Type = OPND_NONE;
IS[i+1].Size = 0;
IS[i+2].Operation = OP_Nop;
IS[i+2].Operand1.Type = OPND_NONE;
IS[i+2].Operand2.Type = OPND_NONE;
IS[i+2].Size = 0;
i+=2;
} else if (i < numInstr-1 &&
!IS[i].FsOverride &&
!IS[i].FsOverride &&
IS[i].Operand1.Type == OPND_REGREF &&
IS[i+1].Operation == OP_Pop32 &&
IS[i+1].Operand1.Type == OPND_REGREF) {
// Fold the two POPs together. Both operands are REGREF,
// so there is no problem with interdependencies between
// memory touched by the first POP modifying the address
// of the second POP. ie. the following is not merged:
// POP EAX
// POP [EAX] ; depends on results of first POP
IS[i].Operation = OP_OPT_Pop232;
IS[i].Operand2 = IS[i+1].Operand1;
IS[i].Size += IS[i+1].Size;
IS[i+1].Operation = OP_Nop;
IS[i+1].Operand1.Type = OPND_NONE;
IS[i+1].Size = 0;
i++;
}
break;
case OP_Xor32:
case OP_Sub32:
if (IS[i].Operand1.Type == OPND_REGREF &&
IS[i].Operand2.Type == OPND_REGVALUE &&
IS[i].Operand1.Reg == IS[i].Operand2.Reg) {
// Instruction is XOR samereg, samereg (ie. XOR EAX, EAX),
// or SUB samereg, samereg (ie. SUB ECX, ECX).
// Emit OP_OPT_ZERO32 samereg
IS[i].Operand2.Type = OPND_NONE;
IS[i].Operation = OP_OPT_ZERO32;
}
break;
case OP_Test8:
if (IS[i].Operand1.Type == OPND_REGVALUE &&
IS[i].Operand2.Type == OPND_REGVALUE &&
IS[i].Operand1.Reg == IS[i].Operand2.Reg) {
// Instruction is TEST samereg, samereg (ie. TEST EAX, EAX)
// Emit OP_OPT_FastTest8/16/32
IS[i].Operand1.Type = OPND_REGVALUE;
IS[i].Operand2.Type = OPND_NONE;
IS[i].Operation = OP_OPT_FastTest8;
}
break;
case OP_Test16:
if (IS[i].Operand1.Type == OPND_REGVALUE &&
IS[i].Operand2.Type == OPND_REGVALUE &&
IS[i].Operand1.Reg == IS[i].Operand2.Reg) {
// Instruction is TEST samereg, samereg (ie. TEST EAX, EAX)
// Emit OP_OPT_FastTest8/16/32
IS[i].Operand1.Type = OPND_REGVALUE;
IS[i].Operand2.Type = OPND_NONE;
IS[i].Operation = OP_OPT_FastTest16;
}
break;
case OP_Test32:
if (IS[i].Operand1.Type == OPND_REGVALUE &&
IS[i].Operand2.Type == OPND_REGVALUE &&
IS[i].Operand1.Reg == IS[i].Operand2.Reg) {
// Instruction is TEST samereg, samereg (ie. TEST EAX, EAX)
// Emit OP_OPT_FastTest8/16/32
IS[i].Operand1.Type = OPND_REGVALUE;
IS[i].Operand2.Type = OPND_NONE;
IS[i].Operation = OP_OPT_FastTest32;
}
break;
case OP_Cmp32:
if (i<numInstr+1 && IS[i+1].Operation == OP_Sbb32 &&
IS[i+1].Operand1.Type == OPND_REGREF &&
IS[i+1].Operand2.Type == OPND_REGVALUE &&
IS[i+1].Operand1.Reg == IS[i+1].Operand2.Reg) {
// The two instructions are:
// CMP anything1, anything2
// SBB samereg, samereg
// The optimized instruction is:
// Operation = either CmpSbb32 or CmpSbbNeg32
// Operand1 = &samereg (passed as REGREF)
// Operand2 = anything1 (passed as ADDRVAL32 or REGVAL)
// Operand3 = anything2 (passed as ADDRVAL32 or REGVAL)
IS[i].Operand3 = IS[i].Operand2;
IS[i].Operand2 = IS[i].Operand1;
IS[i].Operand1 = IS[i+1].Operand1;
if (i<numInstr+2 && IS[i+2].Operation == OP_Neg32 &&
IS[i+2].Operand1.Type == OPND_REGREF &&
IS[i+2].Operand1.Reg == IS[i+1].Operand1.Reg) {
// The third instruction is NEG samereg, samereg
IS[i].Operation = OP_OPT_CmpSbbNeg32;
IS[i+2].Operation = OP_Nop;
IS[i+2].Operand1.Type = OPND_NONE;
IS[i+2].Operand2.Type = OPND_NONE;
IS[i+2].Size = 0;
} else {
IS[i].Operation = OP_OPT_CmpSbb32;
}
IS[i+1].Operation = OP_Nop;
IS[i+1].Operand1.Type = OPND_NONE;
IS[i+1].Operand2.Type = OPND_NONE;
IS[i+1].Size = 0;
i++;
}
break;
case OP_Cwd16:
if (i<numInstr+1 && IS[i+1].Operation == OP_Idiv16) {
IS[i].Operation = OP_OPT_CwdIdiv16;
IS[i].Operand1 = IS[i+1].Operand1;
IS[i].Size += IS[i+1].Size;
IS[i+1].Operation = OP_Nop;
IS[i+1].Operand1.Type = OPND_NONE;
IS[i+1].Size = 0;
i++;
}
break;
case OP_Cwd32:
if (i<numInstr+1 && IS[i+1].Operation == OP_Idiv32) {
IS[i].Operation = OP_OPT_CwdIdiv32;
IS[i].Operand1 = IS[i+1].Operand1;
IS[i].Size += IS[i+1].Size;
IS[i+1].Operation = OP_Nop;
IS[i+1].Operand1.Type = OPND_NONE;
IS[i+1].Size = 0;
i++;
}
break;
case OP_FP_FNSTSW:
if (i<numInstr+1 && IS[i+1].Operation == OP_Sahf &&
IS[i].Operand1.Type == OPND_REGREF &&
IS[i].Operand1.Reg == GP_AX) {
// Replace FNSTSW AX / SAHF by one instruction
IS[i].Operation = OP_OPT_FNSTSWAxSahf;
IS[i].Operand1.Type = OPND_NONE;
IS[i].Size += IS[i+1].Size;
IS[i+1].Operation = OP_Nop;
IS[i+1].Size = 0;
i++;
}
break;
case OP_FP_FSTP_STi:
if (IS[i].Operand1.Immed == 0) {
IS[i].Operand1.Type = OPND_NONE;
IS[i].Operation = OP_OPT_FSTP_ST0;
}
break;
}
}
}
VOID
OptimizeIntelFlags(
PINSTRUCTION IS,
ULONG numInstr
)
/*++
Routine Description:
This function analysis x86 flag register usage and switches instructions
to use NoFlags versions if possible.
Arguments:
IS -- The instruction stream returned by the decoder
numInstr -- The length of IS
Return Value:
return-value - none
--*/
{
USHORT FlagsNeeded; // flags required to execute current x86 instr
USHORT FlagsToGenerate; // flags which current x86 instr must generate
PFRAGDESCR pFragDesc; // ptr to Fragments[] array for current instr
ULONG i; // instruction index
BOOL fPassNeeded = TRUE;// TRUE if the outer loop needs to loop once more
ULONG PassNumber = 0; // number of times outer loop has looped
PENTRYPOINT pEPDest; // Entrypoint for destination of a ctrl transfer
USHORT KnownFlagsNeeded[MAX_INSTR_COUNT]; // flags needed for each instr
while (fPassNeeded) {
//
// This loop is executed at most two times. The second pass is only
// required if there is a control-transfer instruction whose
// destination is within the Instruction Stream and at a lower
// Intel address (ie. a backwards JMP).
//
fPassNeeded = FALSE;
PassNumber++;
CPUASSERT(PassNumber <= 2);
//
// Iterate over all x86 instructions decoded, from bottom to top,
// propagating flags info up. Start off by assuming all x86 flags
// must be up-to-date at the end of the last basic block.
//
FlagsNeeded = ALLFLAGS;
i = numInstr;
do {
i--;
pFragDesc = &Fragments[IS[i].Operation];
//
// Calculate what flags will need to be computed by this
// instruction and ones before this.
//
KnownFlagsNeeded[i] = FlagsNeeded | pFragDesc->FlagsNeeded;
FlagsToGenerate = FlagsNeeded & pFragDesc->FlagsSet;
//
// Calculate what flags this instruction will need to have
// computed before it can be executed.
//
FlagsNeeded = (FlagsNeeded & ~FlagsToGenerate) |
pFragDesc->FlagsNeeded;
if (pFragDesc->Flags & OPFL_CTRLTRNS) {
ULONG IntelDest = IS[i].Operand1.Immed;
//
// For control-transfer instructions, FlagsNeeded also includes
// the flags required for the destination of the transfer.
//
if (IS[0].IntelAddress <= IntelDest &&
i > 0 && IS[i-1].IntelAddress >= IntelDest) {
//
// The destination of the control-transfer is at a lower
// address in the Instruction Stream.
//
if (PassNumber == 1) {
//
// Need to make a second pass over the flags
// optimizations in order to determine what flags are
// needed for the destination address.
//
fPassNeeded = TRUE;
FlagsNeeded = ALLFLAGS; // assume all flags are needed
} else {
ULONG j;
USHORT NewFlagsNeeded;
//
// Search for the IntelDest within the Instruction
// Stream. IntelDest may not be found if there is
// a pun.
//
NewFlagsNeeded = ALLFLAGS; // assume there is a pun
for (j=0; j < i; ++j) {
if (IS[j].IntelAddress == IntelDest) {
NewFlagsNeeded = KnownFlagsNeeded[j];
break;
}
}
FlagsNeeded |= NewFlagsNeeded;
}
} else if (IS[i+1].IntelAddress <= IntelDest &&
IntelDest <= IS[numInstr-1].IntelAddress) {
//
// The destination of the control-transfer is at a higher
// address in the Instruction Stream. Pick up the
// already-computed FlagsNeeded for the destination.
//
ULONG j;
USHORT NewFlagsNeeded = ALLFLAGS; // assume a pun
for (j=i+1; j < numInstr; ++j) {
if (IS[j].IntelAddress == IntelDest) {
NewFlagsNeeded = KnownFlagsNeeded[j];
break;
}
}
FlagsNeeded |= NewFlagsNeeded;
} else {
//
// Destination of the control-transfer is unknown. Assume
// the worst: all flags are required.
//
FlagsNeeded = ALLFLAGS;
}
}
if (!(FlagsToGenerate & pFragDesc->FlagsSet) &&
(pFragDesc->Flags & OPFL_HASNOFLAGS)) {
//
// This instruction is not required to generate any flags, and
// it has a NOFLAGS version. Update the flags that need to be
// computed by instructions before this one, and modify the
// Operation number to point at the NoFlags fragment.
//
FlagsToGenerate &= pFragDesc->FlagsSet;
if (pFragDesc->Flags & OPFL_ALIGN) {
IS[i].Operation += 2;
} else {
IS[i].Operation ++;
}
if (IS[i].Operation == OP_OPT_ZERONoFlags32) {
//
// Special-case this to be a "mov [value], zero" so it is
// inlined.
//
IS[i].Operation = OP_Mov32;
IS[i].Operand2.Type = OPND_IMM;
IS[i].Operand2.Immed = 0;
}
}
} while (i);
}
}
VOID
DetermineEbpAlignment(
PINSTRUCTION InstructionStream,
ULONG numInstr
)
/*++
Routine Description:
For each instruction in InstructionStream[], sets Instruction->EbpAligned
based on whether EBP is assumed to be DWORD-aligned or not. EBP is
assumed to be DWORD-aligned if a "MOV EBP, ESP" instruction is seen, and
it is assumed to become unaligned at the first instruction which is
flagged as modifying EBP.
Arguments:
InstructionStream -- The instruction stream returned by the decoder
numInstr -- The length of InstructionStream
Return Value:
return-value - none
--*/
{
ULONG i;
BOOL EbpAligned = FALSE;
for (i=0; i<numInstr; ++i) {
if (InstructionStream[i].RegsSet & REGEBP) {
//
// This instruction modified EBP
//
if (InstructionStream[i].Operation == OP_OPT_SetupStack ||
InstructionStream[i].Operation == OP_OPT_SetupStackNoFlags ||
(InstructionStream[i].Operation == OP_Mov32 &&
InstructionStream[i].Operand2.Type == OPND_REGVALUE &&
InstructionStream[i].Operand2.Reg == GP_ESP)) {
//
// The instruction is either "MOV EBP, ESP" or one of the
// SetupStack fragments (which contains a "MOV EBP, ESP")
// assume Ebp is aligned from now on.
//
EbpAligned = TRUE;
} else {
EbpAligned = FALSE;
}
}
InstructionStream[i].EbpAligned = EbpAligned;
}
}
ULONG
GetInstructionStream(
PINSTRUCTION InstructionStream,
PULONG NumberOfInstructions,
PVOID pIntelInstruction,
PVOID pLastIntelInstruction
)
/*++
Routine Description:
Returns an instruction stream to the compiler. The instruction
stream is terminated either when the buffer is full, or when
we reach a control transfer instruction.
Arguments:
InstructionStream -- A pointer to the buffer where the decoded
instructions are stored.
NumberOfInstructions -- Upon entry, this variable contains the
maximal number of instructions the buffer can hold. When
returning, it contains the actual number of instructions
decoded.
pIntelInstruction -- A pointer to the first real intel instruction
to be decoded.
pLastIntelInstruction -- A pointer to the last intel instruction to be
compiled, 0xffffffff if not used.
Return Value:
Number of entrypoints required to describe the decoded instruction
stream.
--*/
{
ULONG numInstr=0;
ULONG maxBufferSize;
ULONG cEntryPoints;
maxBufferSize = (*NumberOfInstructions);
//
// Zero-fill the InstructionStream. The decoder depends on this.
//
RtlZeroMemory(InstructionStream, maxBufferSize*sizeof(INSTRUCTION));
#if DBG
//
// Do a little analysis on the address we're about to decode. If
// the address is part of a non-x86 image, log that to the debugger.
// That probably indicates a thunking problem. If the address is not
// part of an image, warn that the app is running generated code.
//
try {
USHORT Instr;
//
// Try to read the instruction about to be executed. If we get
// an access violation, use 0 as the value of the instruction.
//
Instr = 0;
//
// Ignore BOP instructions - we assume we know what's going on with
// them.
//
if (Instr != 0xc4c4) {
NTSTATUS st;
MEMORY_BASIC_INFORMATION mbi;
st = NtQueryVirtualMemory(NtCurrentProcess(),
pIntelInstruction,
MemoryBasicInformation,
&mbi,
sizeof(mbi),
NULL);
if (NT_SUCCESS(st)) {
PIMAGE_NT_HEADERS Headers;
Headers = RtlImageNtHeader(mbi.AllocationBase);
if (!Headers || Headers->FileHeader.Machine != IMAGE_FILE_MACHINE_I386) {
LOGPRINT((TRACELOG, "CPU Analysis warning: jumping from Intel to non-intel code at 0x%X\r\n", pIntelInstruction));
}
} else {
// Eip isn't pointing anywhere???
}
}
} except(EXCEPTION_EXECUTE_HANDLER) {
;
}
#endif //DBG
while (numInstr < maxBufferSize) {
DecodeInstruction ((DWORD) (ULONGLONG)pIntelInstruction, InstructionStream+numInstr);
if ((STOP_DECODING(InstructionStream[numInstr])) ||
(pIntelInstruction >= pLastIntelInstruction)) {
// We reached a control transfer instruction
numInstr++;
(*NumberOfInstructions) = numInstr;
break; // SUCCESS
}
pIntelInstruction = (PVOID) ((ULONGLONG)pIntelInstruction + (InstructionStream+numInstr)->Size);
numInstr++;
}
//
// Optimize x86 code by merging x86 instructions into meta-instructions
// and cleaning up special x86 idioms.
//
if (!(CompilerFlags & COMPFL_SLOW)) {
OptimizeInstructionStream (InstructionStream, numInstr);
}
//
// Determine where all basic blocks are by filling in the EntryPoint
// field in each instruction. This must be done after
// OptimizeInstructionStream() runs so that EntryPoints don't fall
// into the middle of meta-instructions.
//
cEntryPoints = LocateEntryPoints(InstructionStream, numInstr);
//
// Perform optimizations which require knowledge of EntryPoints
//
if (numInstr > 2 && !(CompilerFlags & COMPFL_SLOW)) {
if (!CpuDisableNoFlags) {
OptimizeIntelFlags(InstructionStream, numInstr);
}
if (!CpuDisableRegCache) {
CacheIntelRegs(InstructionStream, numInstr);
}
if (!CpuDisableEbpAlign) {
DetermineEbpAlignment(InstructionStream, numInstr);
}
}
return cEntryPoints;
}