1
// Copyright (c) 2012- PPSSPP Project.
2

3
// This program is free software: you can redistribute it and/or modify
4
// it under the terms of the GNU General Public License as published by
5
// the Free Software Foundation, version 2.0 or later versions.
6

7
// This program is distributed in the hope that it will be useful,
8
// but WITHOUT ANY WARRANTY; without even the implied warranty of
9
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
10
// GNU General Public License 2.0 for more details.
11

12
// A copy of the GPL 2.0 should have been included with the program.
13
// If not, see http://www.gnu.org/licenses/
14

15
// Official git repository and contact information can be found at
16
// https://github.com/hrydgard/ppsspp and http://www.ppsspp.org/.
17

18
#include "ppsspp_config.h"
19
#if PPSSPP_ARCH(X86) || PPSSPP_ARCH(AMD64)
20

21
#include <algorithm>
22
#include <iterator>
23

24
#include "Common/Math/math_util.h"
25
#include "Common/Profiler/Profiler.h"
26

27
#include "Common/Serialize/Serializer.h"
28
#include "Common/Serialize/SerializeFuncs.h"
29
#include "Core/Core.h"
30
#include "Core/MemMap.h"
31
#include "Core/System.h"
32
#include "Core/CoreTiming.h"
33
#include "Core/Config.h"
34
#include "Core/Reporting.h"
35
#include "Core/Debugger/SymbolMap.h"
36
#include "Core/MIPS/MIPS.h"
37
#include "Core/MIPS/MIPSAnalyst.h"
38
#include "Core/MIPS/MIPSCodeUtils.h"
39
#include "Core/MIPS/MIPSInt.h"
40
#include "Core/MIPS/MIPSTables.h"
41
#include "Core/HLE/ReplaceTables.h"
42

43
#include "RegCache.h"
44
#include "Jit.h"
45

46
#include "Core/Debugger/Breakpoints.h"
47

48
namespace MIPSComp
49
{
50
using namespace Gen;
51

52
const bool USE_JIT_MISSMAP = false;
53
static std::map<std::string, u32> notJitOps;
54

55
template<typename A, typename B>
56
std::pair<B,A> flip_pair(const std::pair<A,B> &p) {
57
	return std::pair<B, A>(p.second, p.first);
58
}
59

60
// This is called when Jit hits a breakpoint.  Returns 1 when hit.
61
u32 JitBreakpoint(uint32_t addr)
62
{
63
	// Should we skip this breakpoint?
64
	if (g_breakpoints.CheckSkipFirst() == currentMIPS->pc || g_breakpoints.CheckSkipFirst() == addr)
65
		return 0;
66

67
	BreakAction result = g_breakpoints.ExecBreakPoint(addr);
68
	if ((result & BREAK_ACTION_PAUSE) == 0)
69
		return 0;
70

71
	// There's probably a better place for this.
72
	if (USE_JIT_MISSMAP) {
73
		std::map<u32, std::string> notJitSorted;
74
		std::transform(notJitOps.begin(), notJitOps.end(), std::inserter(notJitSorted, notJitSorted.begin()), flip_pair<std::string, u32>);
75

76
		std::string message;
77
		char temp[256];
78
		int remaining = 15;
79
		for (auto it = notJitSorted.rbegin(), end = notJitSorted.rend(); it != end && --remaining >= 0; ++it)
80
		{
81
			snprintf(temp, 256, " (%d), ", it->first);
82
			message += it->second + temp;
83
		}
84

85
		if (message.size() > 2)
86
			message.resize(message.size() - 2);
87

88
		NOTICE_LOG(Log::JIT, "Top ops compiled to interpreter: %s", message.c_str());
89
	}
90

91
	return 1;
92
}
93

94
static u32 JitMemCheck(u32 addr, u32 pc) {
95
	// Should we skip this breakpoint?
96
	if (g_breakpoints.CheckSkipFirst() == currentMIPS->pc)
97
		return 0;
98

99
	// Did we already hit one?
100
	if (coreState != CORE_RUNNING_CPU && coreState != CORE_NEXTFRAME)
101
		return 1;
102

103
	// Note: pc may be the delay slot.
104
	g_breakpoints.ExecOpMemCheck(addr, pc);
105
	return coreState == CORE_RUNNING_CPU || coreState == CORE_NEXTFRAME ? 0 : 1;
106
}
107

108
static void JitLogMiss(MIPSOpcode op)
109
{
110
	if (USE_JIT_MISSMAP)
111
		notJitOps[MIPSGetName(op)]++;
112

113
	MIPSInterpretFunc func = MIPSGetInterpretFunc(op);
114
	func(op);
115
}
116

117
#ifdef _MSC_VER
118
// JitBlockCache doesn't use this, just stores it.
119
#pragma warning(disable:4355)
120
#endif
121
Jit::Jit(MIPSState *mipsState)
122
		: blocks(mipsState, this), mips_(mipsState) {
123
	blocks.Init();
124
	gpr.SetEmitter(this);
125
	fpr.SetEmitter(this);
126
	AllocCodeSpace(1024 * 1024 * 16);
127
	GenerateFixedCode(jo);
128

129
	safeMemFuncs.Init(&thunks);
130

131
	js.startDefaultPrefix = mips_->HasDefaultPrefix();
132

133
	// The debugger sets this so that "go" on a breakpoint will actually... go.
134
	// But if they reset, we can end up hitting it by mistake, since it's based on PC and ticks.
135
	g_breakpoints.SetSkipFirst(0);
136
}
137

138
Jit::~Jit() {
139
}
140

141
void Jit::DoState(PointerWrap &p) {
142
	auto s = p.Section("Jit", 1, 2);
143
	if (!s)
144
		return;
145

146
	Do(p, js.startDefaultPrefix);
147
	if (p.mode == PointerWrap::MODE_READ && !js.startDefaultPrefix) {
148
		WARN_LOG(Log::CPU, "Jit: An uneaten prefix was previously detected. Jitting in unknown-prefix mode.");
149
	}
150
	if (s >= 2) {
151
		Do(p, js.hasSetRounding);
152
		if (p.mode == PointerWrap::MODE_READ) {
153
			js.lastSetRounding = 0;
154
		}
155
	} else {
156
		js.hasSetRounding = 1;
157
	}
158

159
	// The debugger sets this so that "go" on a breakpoint will actually... go.
160
	// But if they load a state, we can end up hitting it by mistake, since it's based on PC and ticks.
161
	g_breakpoints.SetSkipFirst(0);
162
}
163

164
void Jit::UpdateFCR31() {
165
}
166

167
void Jit::GetStateAndFlushAll(RegCacheState &state) {
168
	gpr.GetState(state.gpr);
169
	fpr.GetState(state.fpr);
170
	FlushAll();
171
}
172

173
void Jit::RestoreState(const RegCacheState& state) {
174
	gpr.RestoreState(state.gpr);
175
	fpr.RestoreState(state.fpr);
176
}
177

178
void Jit::FlushAll() {
179
	gpr.Flush();
180
	fpr.Flush();
181
	FlushPrefixV();
182
}
183

184
void Jit::FlushPrefixV() {
185
	if (js.startDefaultPrefix && !js.blockWrotePrefixes && js.HasNoPrefix()) {
186
		// They started default, we never modified in memory, and they're default now.
187
		// No reason to modify memory.  This is common at end of blocks.  Just clear dirty.
188
		js.prefixSFlag = (JitState::PrefixState)(js.prefixSFlag & ~JitState::PREFIX_DIRTY);
189
		js.prefixTFlag = (JitState::PrefixState)(js.prefixTFlag & ~JitState::PREFIX_DIRTY);
190
		js.prefixDFlag = (JitState::PrefixState)(js.prefixDFlag & ~JitState::PREFIX_DIRTY);
191
		return;
192
	}
193

194
	if ((js.prefixSFlag & JitState::PREFIX_DIRTY) != 0) {
195
		MOV(32, MIPSSTATE_VAR(vfpuCtrl[VFPU_CTRL_SPREFIX]), Imm32(js.prefixS));
196
		js.prefixSFlag = (JitState::PrefixState) (js.prefixSFlag & ~JitState::PREFIX_DIRTY);
197
	}
198

199
	if ((js.prefixTFlag & JitState::PREFIX_DIRTY) != 0) {
200
		MOV(32, MIPSSTATE_VAR(vfpuCtrl[VFPU_CTRL_TPREFIX]), Imm32(js.prefixT));
201
		js.prefixTFlag = (JitState::PrefixState) (js.prefixTFlag & ~JitState::PREFIX_DIRTY);
202
	}
203

204
	if ((js.prefixDFlag & JitState::PREFIX_DIRTY) != 0) {
205
		MOV(32, MIPSSTATE_VAR(vfpuCtrl[VFPU_CTRL_DPREFIX]), Imm32(js.prefixD));
206
		js.prefixDFlag = (JitState::PrefixState) (js.prefixDFlag & ~JitState::PREFIX_DIRTY);
207
	}
208

209
	// If we got here, we must've written prefixes to memory in this block.
210
	js.blockWrotePrefixes = true;
211
}
212

213
void Jit::WriteDowncount(int offset) {
214
	const int downcount = js.downcountAmount + offset;
215
	SUB(32, MIPSSTATE_VAR(downcount), downcount > 127 ? Imm32(downcount) : Imm8(downcount));
216
}
217

218
void Jit::RestoreRoundingMode(bool force) {
219
	// If the game has never set an interesting rounding mode, we can safely skip this.
220
	if (force || js.hasSetRounding) {
221
		CALL(restoreRoundingMode);
222
	}
223
}
224

225
void Jit::ApplyRoundingMode(bool force) {
226
	// If the game has never set an interesting rounding mode, we can safely skip this.
227
	if (force || js.hasSetRounding) {
228
		CALL(applyRoundingMode);
229
	}
230
}
231

232
void Jit::UpdateRoundingMode(u32 fcr31) {
233
	// We must set js.hasSetRounding at compile time, or this block will use the wrong rounding mode.
234
	// The fcr31 parameter is -1 when not known at compile time, so we just assume it was changed.
235
	if (fcr31 & 0x01000003) {
236
		js.hasSetRounding = true;
237
	}
238
}
239

240
void Jit::ClearCache()
241
{
242
	blocks.Clear();
243
	ClearCodeSpace(0);
244
	GenerateFixedCode(jo);
245
}
246

247
void Jit::SaveFlags() {
248
	PUSHF();
249
#if PPSSPP_ARCH(AMD64)
250
	// On X64, the above misaligns the stack. However there might be a cheaper solution than this.
251
	POP(64, R(EAX));
252
	MOV(64, MIPSSTATE_VAR(saved_flags), R(EAX));
253
#endif
254
}
255

256
void Jit::LoadFlags() {
257
#if PPSSPP_ARCH(AMD64)
258
	MOV(64, R(EAX), MIPSSTATE_VAR(saved_flags));
259
	PUSH(64, R(EAX));
260
#endif
261
	POPF();
262
}
263

264
void Jit::CompileDelaySlot(int flags, RegCacheState *state) {
265
	// Need to offset the downcount which was already incremented for the branch + delay slot.
266
	CheckJitBreakpoint(GetCompilerPC() + 4, -2);
267

268
	if (flags & DELAYSLOT_SAFE)
269
		SaveFlags(); // preserve flag around the delay slot!
270

271
	js.inDelaySlot = true;
272
	MIPSOpcode op = GetOffsetInstruction(1);
273
	MIPSCompileOp(op, this);
274
	js.inDelaySlot = false;
275

276
	if (flags & DELAYSLOT_FLUSH) {
277
		if (state != NULL)
278
			GetStateAndFlushAll(*state);
279
		else
280
			FlushAll();
281
	}
282
	if (flags & DELAYSLOT_SAFE)
283
		LoadFlags(); // restore flag!
284
}
285

286
void Jit::EatInstruction(MIPSOpcode op) {
287
	MIPSInfo info = MIPSGetInfo(op);
288
	if (info & DELAYSLOT) {
289
		ERROR_LOG_REPORT_ONCE(ateDelaySlot, Log::JIT, "Ate a branch op.");
290
	}
291
	if (js.inDelaySlot) {
292
		ERROR_LOG_REPORT_ONCE(ateInDelaySlot, Log::JIT, "Ate an instruction inside a delay slot.");
293
	}
294

295
	CheckJitBreakpoint(GetCompilerPC() + 4, 0);
296
	js.numInstructions++;
297
	js.compilerPC += 4;
298
	js.downcountAmount += MIPSGetInstructionCycleEstimate(op);
299
}
300

301
void Jit::Compile(u32 em_address) {
302
	PROFILE_THIS_SCOPE("jitc");
303
	if (GetSpaceLeft() < 0x10000 || blocks.IsFull()) {
304
		ClearCache();
305
	}
306

307
	if (!Memory::IsValidAddress(em_address) || (em_address & 3) != 0) {
308
		Core_ExecException(em_address, em_address, ExecExceptionType::JUMP);
309
		return;
310
	}
311

312
	// Sometimes we compile fairly large blocks, although it's uncommon.
313
	BeginWrite(JitBlockCache::MAX_BLOCK_INSTRUCTIONS * 16);
314

315
	int block_num = blocks.AllocateBlock(em_address);
316
	JitBlock *b = blocks.GetBlock(block_num);
317
	DoJit(em_address, b);
318
	_assert_msg_(b->originalAddress == em_address, "original %08x != em_address %08x (block %d)", b->originalAddress, em_address, b->blockNum);
319
	blocks.FinalizeBlock(block_num, jo.enableBlocklink);
320

321
	EndWrite();
322

323
	bool cleanSlate = false;
324

325
	if (js.hasSetRounding && !js.lastSetRounding) {
326
		WARN_LOG(Log::JIT, "Detected rounding mode usage, rebuilding jit with checks");
327
		// Won't loop, since hasSetRounding is only ever set to 1.
328
		js.lastSetRounding = js.hasSetRounding;
329
		cleanSlate = true;
330
	}
331

332
	// Drat.  The VFPU hit an uneaten prefix at the end of a block.
333
	if (js.startDefaultPrefix && js.MayHavePrefix()) {
334
		WARN_LOG_REPORT(Log::JIT, "An uneaten prefix at end of block: %08x", GetCompilerPC() - 4);
335
		js.LogPrefix();
336

337
		// Let's try that one more time.  We won't get back here because we toggled the value.
338
		js.startDefaultPrefix = false;
339
		cleanSlate = true;
340
	}
341

342
	if (cleanSlate) {
343
		// Our assumptions are all wrong so it's clean-slate time.
344
		ClearCache();
345
		Compile(em_address);
346
	}
347
}
348

349
void Jit::RunLoopUntil(u64 globalticks) {
350
	PROFILE_THIS_SCOPE("jit");
351
	((void (*)())enterDispatcher)();
352
}
353

354
u32 Jit::GetCompilerPC() {
355
	return js.compilerPC;
356
}
357

358
MIPSOpcode Jit::GetOffsetInstruction(int offset) {
359
	return Memory::Read_Instruction(GetCompilerPC() + 4 * offset);
360
}
361

362
const u8 *Jit::DoJit(u32 em_address, JitBlock *b) {
363
	js.cancel = false;
364
	js.blockStart = em_address;
365
	js.compilerPC = em_address;
366
	js.lastContinuedPC = 0;
367
	js.initialBlockSize = 0;
368
	js.nextExit = 0;
369
	js.downcountAmount = 0;
370
	js.curBlock = b;
371
	js.compiling = true;
372
	js.inDelaySlot = false;
373
	js.blockWrotePrefixes = false;
374
	js.afterOp = JitState::AFTER_NONE;
375
	js.PrefixStart();
376

377
	// We add a check before the block, used when entering from a linked block.
378
	b->checkedEntry = GetCodePtr();
379
	// Downcount flag check. The last block decremented downcounter, and the flag should still be available.
380
	FixupBranch skip = J_CC(CC_NS);
381
	MOV(32, MIPSSTATE_VAR(pc), Imm32(js.blockStart));
382
	JMP(outerLoop, true);  // downcount hit zero - go advance.
383
	SetJumpTarget(skip);
384

385
	b->normalEntry = GetCodePtr();
386

387
	MIPSAnalyst::AnalysisResults analysis = MIPSAnalyst::Analyze(em_address);
388

389
	gpr.Start(mips_, &js, &jo, analysis);
390
	fpr.Start(mips_, &js, &jo, analysis, RipAccessible(&mips_->v[0]));
391

392
	js.numInstructions = 0;
393
	while (js.compiling) {
394
		// Jit breakpoints are quite fast, so let's do them in release too.
395
		CheckJitBreakpoint(GetCompilerPC(), 0);
396

397
		MIPSOpcode inst = Memory::Read_Opcode_JIT(GetCompilerPC());
398
		js.downcountAmount += MIPSGetInstructionCycleEstimate(inst);
399

400
		MIPSCompileOp(inst, this);
401

402
		if (js.afterOp & JitState::AFTER_CORE_STATE) {
403
			// CORE_RUNNING is <= CORE_NEXTFRAME.
404
			if (RipAccessible((const void *)&coreState)) {
405
				CMP(32, M(&coreState), Imm32(CORE_NEXTFRAME));  // rip accessible
406
			} else {
407
				MOV(PTRBITS, R(RAX), ImmPtr((const void *)&coreState));
408
				CMP(32, MatR(RAX), Imm32(CORE_NEXTFRAME));
409
			}
410
			FixupBranch skipCheck = J_CC(CC_LE, true);
411
			// All cases of AFTER_CORE_STATE should update PC.  We don't update here.
412
			RegCacheState state;
413
			GetStateAndFlushAll(state);
414
			WriteSyscallExit();
415

416
			SetJumpTarget(skipCheck);
417
			// If we didn't jump, we can keep our regs as they were.
418
			RestoreState(state);
419

420
			js.afterOp = JitState::AFTER_NONE;
421
		}
422

423
		js.compilerPC += 4;
424
		js.numInstructions++;
425

426
		if (jo.Disabled(JitDisable::REGALLOC_GPR)) {
427
			gpr.Flush();
428
		}
429
		if (jo.Disabled(JitDisable::REGALLOC_FPR)) {
430
			fpr.Flush();
431
			FlushPrefixV();
432
		}
433

434
		// Safety check, in case we get a bunch of really large jit ops without a lot of branching.
435
		if (GetSpaceLeft() < 0x800 || js.numInstructions >= JitBlockCache::MAX_BLOCK_INSTRUCTIONS) {
436
			FlushAll();
437
			WriteExit(GetCompilerPC(), js.nextExit++);
438
			js.compiling = false;
439
		}
440
	}
441

442
	b->codeSize = (u32)(GetCodePtr() - b->normalEntry);
443
	NOP();
444
	AlignCode4();
445
	if (js.lastContinuedPC == 0) {
446
		b->originalSize = js.numInstructions;
447
	} else {
448
		// We continued at least once.  Add the last proxy and set the originalSize correctly.
449
		blocks.ProxyBlock(js.blockStart, js.lastContinuedPC, (GetCompilerPC() - js.lastContinuedPC) / sizeof(u32), GetCodePtr());
450
		b->originalSize = js.initialBlockSize;
451
	}
452
	return b->normalEntry;
453
}
454

455
void Jit::AddContinuedBlock(u32 dest) {
456
	// The first block is the root block.  When we continue, we create proxy blocks after that.
457
	if (js.lastContinuedPC == 0)
458
		js.initialBlockSize = js.numInstructions;
459
	else
460
		blocks.ProxyBlock(js.blockStart, js.lastContinuedPC, (GetCompilerPC() - js.lastContinuedPC) / sizeof(u32), GetCodePtr());
461
	js.lastContinuedPC = dest;
462
}
463

464
bool Jit::DescribeCodePtr(const u8 *ptr, std::string &name) {
465
	if (ptr == applyRoundingMode)
466
		name = "applyRoundingMode";
467
	else if (ptr == dispatcher)
468
		name = "dispatcher";
469
	else if (ptr == dispatcherInEAXNoCheck)
470
		name = "dispatcher (PC in EAX)";
471
	else if (ptr == dispatcherNoCheck)
472
		name = "dispatcherNoCheck";
473
	else if (ptr == dispatcherCheckCoreState)
474
		name = "dispatcherCheckCoreState";
475
	else if (ptr == enterDispatcher)
476
		name = "enterDispatcher";
477
	else if (ptr == restoreRoundingMode)
478
		name = "restoreRoundingMode";
479
	else if (ptr == crashHandler)
480
		name = "crashHandler";
481
	else {
482
		u32 jitAddr = blocks.GetAddressFromBlockPtr(ptr);
483

484
		// Returns 0 when it's valid, but unknown.
485
		if (jitAddr == 0) {
486
			name = "UnknownOrDeletedBlock";
487
		} else if (jitAddr != (u32)-1) {
488
			char temp[1024];
489
			const std::string label = g_symbolMap ? g_symbolMap->GetDescription(jitAddr) : "";
490
			if (!label.empty())
491
				snprintf(temp, sizeof(temp), "%08x_%s", jitAddr, label.c_str());
492
			else
493
				snprintf(temp, sizeof(temp), "%08x", jitAddr);
494
			name = temp;
495
		} else if (IsInSpace(ptr)) {
496
			if (ptr < endOfPregeneratedCode) {
497
				name = "PreGenCode";
498
			} else {
499
				name = "Unknown";
500
			}
501
		} else if (thunks.IsInSpace(ptr)) {
502
			name = "Thunk";
503
		} else if (safeMemFuncs.IsInSpace(ptr)) {
504
			name = "JitSafeMem";
505
		} else {
506
			// Not anywhere in jit, then.
507
			return false;
508
		}
509
	}
510
	// If we got here, one of the above cases matched.
511
	return true;
512
}
513

514
void Jit::Comp_RunBlock(MIPSOpcode op) {
515
	// This shouldn't be necessary, the dispatcher should catch us before we get here.
516
	ERROR_LOG(Log::JIT, "Comp_RunBlock");
517
}
518

519
void Jit::LinkBlock(u8 *exitPoint, const u8 *checkedEntry) {
520
	if (PlatformIsWXExclusive()) {
521
		ProtectMemoryPages(exitPoint, 32, MEM_PROT_READ | MEM_PROT_WRITE);
522
	}
523
	XEmitter emit(exitPoint);
524
	// Okay, this is a bit ugly, but we check here if it already has a JMP.
525
	// That means it doesn't have a full exit to pad with INT 3.
526
	bool prelinked = *emit.GetCodePointer() == 0xE9;
527
	emit.JMP(checkedEntry, true);
528
	if (!prelinked) {
529
		ptrdiff_t actualSize = emit.GetWritableCodePtr() - exitPoint;
530
		int pad = JitBlockCache::GetBlockExitSize() - (int)actualSize;
531
		for (int i = 0; i < pad; ++i) {
532
			emit.INT3();
533
		}
534
	}
535
	if (PlatformIsWXExclusive()) {
536
		ProtectMemoryPages(exitPoint, 32, MEM_PROT_READ | MEM_PROT_EXEC);
537
	}
538
}
539

540
void Jit::UnlinkBlock(u8 *checkedEntry, u32 originalAddress) {
541
	if (PlatformIsWXExclusive()) {
542
		ProtectMemoryPages(checkedEntry, 16, MEM_PROT_READ | MEM_PROT_WRITE);
543
	}
544
	// Send anyone who tries to run this block back to the dispatcher.
545
	// Not entirely ideal, but .. pretty good.
546
	// Spurious entrances from previously linked blocks can only come through checkedEntry
547
	XEmitter emit(checkedEntry);
548
	emit.MOV(32, MIPSSTATE_VAR(pc), Imm32(originalAddress));
549
	emit.JMP(MIPSComp::jit->GetDispatcher(), true);
550
	if (PlatformIsWXExclusive()) {
551
		ProtectMemoryPages(checkedEntry, 16, MEM_PROT_READ | MEM_PROT_EXEC);
552
	}
553
}
554

555
bool Jit::ReplaceJalTo(u32 dest) {
556
	const ReplacementTableEntry *entry = nullptr;
557
	u32 funcSize = 0;
558
	if (!CanReplaceJalTo(dest, &entry, &funcSize)) {
559
		return false;
560
	}
561

562
	// Warning - this might be bad if the code at the destination changes...
563
	if (entry->flags & REPFLAG_ALLOWINLINE) {
564
		// Jackpot! Just do it, no flushing. The code will be entirely inlined.
565

566
		// First, compile the delay slot. It's unconditional so no issues.
567
		CompileDelaySlot(DELAYSLOT_NICE);
568
		// Technically, we should write the unused return address to RA, but meh.
569
		MIPSReplaceFunc repl = entry->jitReplaceFunc;
570
		int cycles = (this->*repl)();
571
		js.downcountAmount += cycles;
572
	} else {
573
		gpr.SetImm(MIPS_REG_RA, GetCompilerPC() + 8);
574
		CompileDelaySlot(DELAYSLOT_NICE);
575
		FlushAll();
576
		MOV(32, MIPSSTATE_VAR(pc), Imm32(GetCompilerPC()));
577
		RestoreRoundingMode();
578
		ABI_CallFunction(entry->replaceFunc);
579
		SUB(32, MIPSSTATE_VAR(downcount), R(EAX));
580
		ApplyRoundingMode();
581
	}
582

583
	js.compilerPC += 4;
584
	// No writing exits, keep going!
585

586
	if (g_breakpoints.HasMemChecks()) {
587
		// We could modify coreState, so we need to write PC and check.
588
		// Otherwise, PC may end up on the jal.  We add 4 to skip the delay slot.
589
		MOV(32, MIPSSTATE_VAR(pc), Imm32(GetCompilerPC() + 4));
590
		js.afterOp |= JitState::AFTER_CORE_STATE;
591
	}
592

593
	// Add a trigger so that if the inlined code changes, we invalidate this block.
594
	blocks.ProxyBlock(js.blockStart, dest, funcSize / sizeof(u32), GetCodePtr());
595
	return true;
596
}
597

598
void Jit::Comp_ReplacementFunc(MIPSOpcode op) {
599
	// We get here if we execute the first instruction of a replaced function. This means
600
	// that we do need to return to RA.
601

602
	// Inlined function calls (caught in jal) are handled differently.
603

604
	int index = op.encoding & MIPS_EMUHACK_VALUE_MASK;
605

606
	const ReplacementTableEntry *entry = GetReplacementFunc(index);
607
	if (!entry) {
608
		ERROR_LOG_REPORT_ONCE(replFunc, Log::HLE, "Invalid replacement op %08x at %08x", op.encoding, js.compilerPC);
609
		return;
610
	}
611

612
	u32 funcSize = g_symbolMap->GetFunctionSize(GetCompilerPC());
613
	bool disabled = (entry->flags & REPFLAG_DISABLED) != 0;
614
	if (!disabled && funcSize != SymbolMap::INVALID_ADDRESS && funcSize > sizeof(u32)) {
615
		// We don't need to disable hooks, the code will still run.
616
		if ((entry->flags & (REPFLAG_HOOKENTER | REPFLAG_HOOKEXIT)) == 0) {
617
			// Any breakpoint at the func entry was already tripped, so we can still run the replacement.
618
			// That's a common case - just to see how often the replacement hits.
619
			disabled = g_breakpoints.RangeContainsBreakPoint(GetCompilerPC() + sizeof(u32), funcSize - sizeof(u32));
620
		}
621
	}
622

623
	// Hack for old savestates: Avoid stack overflow (MIPSCompileOp/CompReplacementFunc)
624
	// Not sure about the cause.
625
	Memory::Opcode origInstruction = Memory::Read_Instruction(GetCompilerPC(), true);
626
	if (origInstruction.encoding == op.encoding) {
627
		ERROR_LOG(Log::HLE, "Replacement broken (savestate problem?): %08x at %08x", op.encoding, GetCompilerPC());
628
		return;
629
	}
630

631
	if (disabled) {
632
		MIPSCompileOp(origInstruction, this);
633
	} else if (entry->jitReplaceFunc) {
634
		MIPSReplaceFunc repl = entry->jitReplaceFunc;
635
		int cycles = (this->*repl)();
636

637
		if (entry->flags & (REPFLAG_HOOKENTER | REPFLAG_HOOKEXIT)) {
638
			// Compile the original instruction at this address.  We ignore cycles for hooks.
639
			MIPSCompileOp(origInstruction, this);
640
		} else {
641
			FlushAll();
642
			MOV(32, R(ECX), MIPSSTATE_VAR(r[MIPS_REG_RA]));
643
			js.downcountAmount += cycles;
644
			WriteExitDestInReg(ECX);
645
			js.compiling = false;
646
		}
647
	} else if (entry->replaceFunc) {
648
		FlushAll();
649

650
		// Standard function call, nothing fancy.
651
		// The function returns the number of cycles it took in EAX.
652
		MOV(32, MIPSSTATE_VAR(pc), Imm32(GetCompilerPC()));
653
		RestoreRoundingMode();
654
		ABI_CallFunction(entry->replaceFunc);
655

656
		if (entry->flags & (REPFLAG_HOOKENTER | REPFLAG_HOOKEXIT)) {
657
			// Compile the original instruction at this address.  We ignore cycles for hooks.
658
			ApplyRoundingMode();
659
			MIPSCompileOp(Memory::Read_Instruction(GetCompilerPC(), true), this);
660
		} else {
661
			CMP(32, R(EAX), Imm32(0));
662
			FixupBranch positive = J_CC(CC_GE);
663

664
			MOV(32, R(ECX), MIPSSTATE_VAR(pc));
665
			ADD(32, MIPSSTATE_VAR(downcount), R(EAX));
666
			FixupBranch done = J();
667

668
			SetJumpTarget(positive);
669
			MOV(32, R(ECX), MIPSSTATE_VAR(r[MIPS_REG_RA]));
670
			SUB(32, MIPSSTATE_VAR(downcount), R(EAX));
671

672
			SetJumpTarget(done);
673
			ApplyRoundingMode();
674
			// Need to set flags again, ApplyRoundingMode destroyed them (and EAX.)
675
			SUB(32, MIPSSTATE_VAR(downcount), Imm8(0));
676
			WriteExitDestInReg(ECX);
677
			js.compiling = false;
678
		}
679
	} else {
680
		ERROR_LOG(Log::HLE, "Replacement function %s has neither jit nor regular impl", entry->name);
681
	}
682
}
683

684
void Jit::Comp_Generic(MIPSOpcode op) {
685
	FlushAll();
686
	MIPSInterpretFunc func = MIPSGetInterpretFunc(op);
687
	_dbg_assert_msg_((MIPSGetInfo(op) & DELAYSLOT) == 0, "Cannot use interpreter for branch ops.");
688

689
	if (func)
690
	{
691
		// TODO: Maybe we'd be better off keeping the rounding mode within interp?
692
		RestoreRoundingMode();
693
		MOV(32, MIPSSTATE_VAR(pc), Imm32(GetCompilerPC()));
694
		if (USE_JIT_MISSMAP)
695
			ABI_CallFunctionC(&JitLogMiss, op.encoding);
696
		else
697
			ABI_CallFunctionC(func, op.encoding);
698
		ApplyRoundingMode();
699
	} else {
700
		// These are basically always due to some kind of crash or corruption now.
701
		ERROR_LOG(Log::JIT, "Trying to compile instruction %08x that can't be interpreted", op.encoding);
702
	}
703

704
	const MIPSInfo info = MIPSGetInfo(op);
705
	if ((info & IS_VFPU) != 0 && (info & VFPU_NO_PREFIX) == 0)
706
	{
707
		// If it does eat them, it'll happen in MIPSCompileOp().
708
		if ((info & OUT_EAT_PREFIX) == 0)
709
			js.PrefixUnknown();
710

711
		// Even if DISABLE'd, we want to set this flag so we overwrite.
712
		if ((info & OUT_VFPU_PREFIX) != 0)
713
			js.blockWrotePrefixes = true;
714
	}
715
}
716

717
static void HitInvalidBranch(uint32_t dest) {
718
	Core_ExecException(dest, currentMIPS->pc, ExecExceptionType::JUMP);
719
}
720

721
void Jit::WriteExit(u32 destination, int exit_num) {
722
	_assert_msg_(exit_num < MAX_JIT_BLOCK_EXITS, "Expected a valid exit_num. dest=%08x", destination);
723

724
	if (!Memory::IsValidAddress(destination) || (destination & 3) != 0) {
725
		ERROR_LOG_REPORT(Log::JIT, "Trying to write block exit to illegal destination %08x: pc = %08x", destination, currentMIPS->pc);
726
		MOV(32, MIPSSTATE_VAR(pc), Imm32(GetCompilerPC()));
727
		ABI_CallFunctionC(&HitInvalidBranch, destination);
728
		js.afterOp |= JitState::AFTER_CORE_STATE;
729
	}
730
	// If we need to verify coreState, we may not jump yet.
731
	if (js.afterOp & JitState::AFTER_CORE_STATE) {
732
		// CORE_RUNNING is <= CORE_NEXTFRAME.
733
		if (RipAccessible((const void *)&coreState)) {
734
			CMP(32, M(&coreState), Imm32(CORE_NEXTFRAME));  // rip accessible
735
		} else {
736
			MOV(PTRBITS, R(RAX), ImmPtr((const void *)&coreState));
737
			CMP(32, MatR(RAX), Imm32(CORE_NEXTFRAME));
738
		}
739
		FixupBranch skipCheck = J_CC(CC_LE);
740
		// All cases of AFTER_CORE_STATE should update PC.  We don't update here.
741
		WriteSyscallExit();
742
		SetJumpTarget(skipCheck);
743
	}
744

745
	WriteDowncount();
746

747
	//If nobody has taken care of this yet (this can be removed when all branches are done)
748
	JitBlock *b = js.curBlock;
749
	b->exitAddress[exit_num] = destination;
750
	b->exitPtrs[exit_num] = GetWritableCodePtr();
751

752
	// Link opportunity!
753
	int block = blocks.GetBlockNumberFromStartAddress(destination);
754
	if (block >= 0 && jo.enableBlocklink) {
755
		// It exists! Joy of joy!
756
		JMP(blocks.GetBlock(block)->checkedEntry, true);
757
		b->linkStatus[exit_num] = true;
758
	} else {
759
		// No blocklinking.
760
		MOV(32, MIPSSTATE_VAR(pc), Imm32(destination));
761
		JMP(dispatcher, true);
762

763
		// Normally, exits are 15 bytes (MOV + &pc + dest + JMP + dest) on 64 or 32 bit.
764
		// But just in case we somehow optimized, pad.
765
		ptrdiff_t actualSize = GetWritableCodePtr() - b->exitPtrs[exit_num];
766
		int pad = JitBlockCache::GetBlockExitSize() - (int)actualSize;
767
		for (int i = 0; i < pad; ++i) {
768
			INT3();
769
		}
770
	}
771
}
772

773
static u32 IsValidJumpTarget(uint32_t addr) {
774
	if (Memory::IsValidAddress(addr) && (addr & 3) == 0)
775
		return 1;
776
	return 0;
777
}
778

779
static void HitInvalidJumpReg(uint32_t source) {
780
	Core_ExecException(currentMIPS->pc, source, ExecExceptionType::JUMP);
781
	currentMIPS->pc = source + 8;
782
}
783

784
void Jit::WriteExitDestInReg(X64Reg reg) {
785
	// If we need to verify coreState, we may not jump yet.
786
	if (js.afterOp & JitState::AFTER_CORE_STATE) {
787
		// CORE_RUNNING is <= CORE_NEXTFRAME.
788
		if (RipAccessible((const void *)&coreState)) {
789
			CMP(32, M(&coreState), Imm32(CORE_NEXTFRAME));  // rip accessible
790
		} else {
791
			X64Reg temp = reg == RAX ? RDX : RAX;
792
			MOV(PTRBITS, R(temp), ImmPtr((const void *)&coreState));
793
			CMP(32, MatR(temp), Imm32(CORE_NEXTFRAME));
794
		}
795
		FixupBranch skipCheck = J_CC(CC_LE);
796
		// All cases of AFTER_CORE_STATE should update PC.  We don't update here.
797
		WriteSyscallExit();
798
		SetJumpTarget(skipCheck);
799
	}
800

801
	MOV(32, MIPSSTATE_VAR(pc), R(reg));
802
	WriteDowncount();
803

804
	// Validate the jump to avoid a crash?
805
	if (!g_Config.bFastMemory) {
806
		CMP(32, R(reg), Imm32(PSP_GetKernelMemoryBase()));
807
		FixupBranch tooLow = J_CC(CC_B);
808
		CMP(32, R(reg), Imm32(PSP_GetUserMemoryEnd()));
809
		FixupBranch tooHigh = J_CC(CC_AE);
810

811
		// Need to set neg flag again.
812
		SUB(32, MIPSSTATE_VAR(downcount), Imm8(0));
813
		if (reg == EAX)
814
			J_CC(CC_NS, dispatcherInEAXNoCheck, true);
815
		JMP(dispatcher, true);
816

817
		SetJumpTarget(tooLow);
818
		SetJumpTarget(tooHigh);
819

820
		ABI_CallFunctionA((const void *)&IsValidJumpTarget, R(reg));
821

822
		// If we're ignoring, coreState didn't trip - so trip it now.
823
		CMP(32, R(EAX), Imm32(0));
824
		FixupBranch skip = J_CC(CC_NE);
825
		ABI_CallFunctionC(&HitInvalidJumpReg, GetCompilerPC());
826
		SetJumpTarget(skip);
827

828
		SUB(32, MIPSSTATE_VAR(downcount), Imm8(0));
829
		JMP(dispatcherCheckCoreState, true);
830
	} else if (reg == EAX) {
831
		J_CC(CC_NS, dispatcherInEAXNoCheck, true);
832
		JMP(dispatcher, true);
833
	} else {
834
		JMP(dispatcher, true);
835
	}
836
}
837

838
void Jit::WriteSyscallExit() {
839
	WriteDowncount();
840
	JMP(dispatcherCheckCoreState, true);
841
}
842

843
bool Jit::CheckJitBreakpoint(u32 addr, int downcountOffset) {
844
	if (g_breakpoints.IsAddressBreakPoint(addr)) {
845
		SaveFlags();
846
		FlushAll();
847
		MOV(32, MIPSSTATE_VAR(pc), Imm32(GetCompilerPC()));
848
		RestoreRoundingMode();
849
		ABI_CallFunctionC(&JitBreakpoint, addr);
850

851
		// If 0, the conditional breakpoint wasn't taken.
852
		CMP(32, R(EAX), Imm32(0));
853
		FixupBranch skip = J_CC(CC_Z);
854
		WriteDowncount(downcountOffset);
855
		ApplyRoundingMode();
856
		// Just to fix the stack.
857
		LoadFlags();
858
		JMP(dispatcherCheckCoreState, true);
859
		SetJumpTarget(skip);
860

861
		ApplyRoundingMode();
862
		LoadFlags();
863
		return true;
864
	}
865

866
	return false;
867
}
868

869
void Jit::CheckMemoryBreakpoint(int instructionOffset, MIPSGPReg rs, int offset) {
870
	if (!g_breakpoints.HasMemChecks())
871
		return;
872

873
	int totalInstructionOffset = instructionOffset + (js.inDelaySlot ? 1 : 0);
874
	uint32_t checkedPC = GetCompilerPC() + totalInstructionOffset * 4;
875
	int size = MIPSAnalyst::OpMemoryAccessSize(checkedPC);
876
	bool isWrite = MIPSAnalyst::IsOpMemoryWrite(checkedPC);
877

878
	// 0 because we normally execute before increasing.
879
	int downcountOffset = js.inDelaySlot ? -2 : -1;
880
	// TODO: In likely branches, downcount will be incorrect.  This might make resume fail.
881
	if (js.downcountAmount + downcountOffset < 0) {
882
		downcountOffset = 0;
883
	}
884

885
	if (gpr.IsImm(rs)) {
886
		uint32_t iaddr = gpr.GetImm(rs) + offset;
887
		MemCheck check;
888
		if (g_breakpoints.GetMemCheckInRange(iaddr, size, &check)) {
889
			if (!(check.cond & MEMCHECK_READ) && !isWrite)
890
				return;
891
			if (!(check.cond & MEMCHECK_WRITE) && isWrite)
892
				return;
893

894
			// We need to flush, or conditions and log expressions will see old register values.
895
			FlushAll();
896

897
			MOV(32, MIPSSTATE_VAR(pc), Imm32(GetCompilerPC()));
898
			CallProtectedFunction(&JitMemCheck, iaddr, checkedPC);
899

900
			CMP(32, R(RAX), Imm32(0));
901
			FixupBranch skipCheck = J_CC(CC_E);
902
			WriteDowncount(downcountOffset);
903
			JMP(dispatcherCheckCoreState, true);
904

905
			SetJumpTarget(skipCheck);
906
		}
907
	} else {
908
		const auto memchecks = g_breakpoints.GetMemCheckRanges(isWrite);
909
		bool possible = !memchecks.empty();
910
		if (!possible)
911
			return;
912

913
		gpr.Lock(rs);
914
		gpr.MapReg(rs, true, false);
915
		LEA(32, RAX, MDisp(gpr.RX(rs), offset));
916
		gpr.UnlockAll();
917

918
		// We need to flush, or conditions and log expressions will see old register values.
919
		FlushAll();
920

921
		std::vector<FixupBranch> hitChecks;
922
		hitChecks.reserve(memchecks.size());
923
		for (auto it = memchecks.begin(), end = memchecks.end(); it != end; ++it) {
924
			if (it->end != 0) {
925
				CMP(32, R(RAX), Imm32(it->start - size));
926
				FixupBranch skipNext = J_CC(CC_BE);
927

928
				CMP(32, R(RAX), Imm32(it->end));
929
				hitChecks.push_back(J_CC(CC_B, true));
930

931
				SetJumpTarget(skipNext);
932
			} else {
933
				CMP(32, R(RAX), Imm32(it->start));
934
				hitChecks.push_back(J_CC(CC_E, true));
935
			}
936
		}
937

938
		FixupBranch noHits = J(true);
939

940
		// Okay, now land any hit here.
941
		for (auto &fixup : hitChecks)
942
			SetJumpTarget(fixup);
943
		hitChecks.clear();
944

945
		MOV(32, MIPSSTATE_VAR(pc), Imm32(GetCompilerPC()));
946
		CallProtectedFunction(&JitMemCheck, R(RAX), checkedPC);
947

948
		CMP(32, R(RAX), Imm32(0));
949
		FixupBranch skipCheck = J_CC(CC_E);
950
		WriteDowncount(downcountOffset);
951
		JMP(dispatcherCheckCoreState, true);
952

953
		SetJumpTarget(skipCheck);
954
		SetJumpTarget(noHits);
955
	}
956
}
957

958
void Jit::CallProtectedFunction(const void *func, const OpArg &arg1) {
959
	// We don't regcache RCX, so the below is safe (and also faster, maybe branch prediction?)
960
	ABI_CallFunctionA(thunks.ProtectFunction(func, 1), arg1);
961
}
962

963
void Jit::CallProtectedFunction(const void *func, const OpArg &arg1, const OpArg &arg2) {
964
	// We don't regcache RCX/RDX, so the below is safe (and also faster, maybe branch prediction?)
965
	ABI_CallFunctionAA(thunks.ProtectFunction(func, 2), arg1, arg2);
966
}
967

968
void Jit::CallProtectedFunction(const void *func, const u32 arg1, const u32 arg2) {
969
	// We don't regcache RCX/RDX, so the below is safe (and also faster, maybe branch prediction?)
970
	ABI_CallFunctionCC(thunks.ProtectFunction(func, 2), arg1, arg2);
971
}
972

973
void Jit::CallProtectedFunction(const void *func, const OpArg &arg1, const u32 arg2) {
974
	// We don't regcache RCX/RDX, so the below is safe (and also faster, maybe branch prediction?)
975
	ABI_CallFunctionAC(thunks.ProtectFunction(func, 2), arg1, arg2);
976
}
977

978
void Jit::Comp_DoNothing(MIPSOpcode op) { }
979

980
MIPSOpcode Jit::GetOriginalOp(MIPSOpcode op) {
981
	JitBlockCache *bc = GetBlockCache();
982
	int block_num = bc->GetBlockNumberFromEmuHackOp(op, true);
983
	if (block_num >= 0) {
984
		return bc->GetOriginalFirstOp(block_num);
985
	} else {
986
		return op;
987
	}
988
}
989

990
} // namespace
991

992
#endif // PPSSPP_ARCH(X86) || PPSSPP_ARCH(AMD64)
993

994