thirdparty/ppsspp
2
0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ppsspp/Core/MemFault.cpp
Henrik Rydgård aa80659530 Memory exception: Add facility to track size 
Might theoretically help in tracking some things down.

Not fully utilized yet, the fault handler needs to extract the
information from the faulting instruction. But we can use it for
GetPointerRange etc.
2023-01-01 20:30:29 +01:00

313 lines
9.1 KiB
C++
Raw Blame History

// Copyright (C) 2020 PPSSPP Project
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, version 2.0 or later versions.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License 2.0 for more details.
// A copy of the GPL 2.0 should have been included with the program.
// If not, see http://www.gnu.org/licenses/
// Official git repository and contact information can be found at
// https://github.com/hrydgard/ppsspp and http://www.ppsspp.org/.
#include "ppsspp_config.h"
#include <cstdint>
#include <unordered_set>
#include <mutex>
#include "Common/MachineContext.h"
#if PPSSPP_ARCH(AMD64) || PPSSPP_ARCH(X86)
#include "Common/x64Analyzer.h"
#elif PPSSPP_ARCH(ARM64)
#include "Core/Util/DisArm64.h"
#elif PPSSPP_ARCH(ARM)
#include "ext/disarm.h"
#endif
#include "Common/Log.h"
#include "Core/Config.h"
#include "Core/Core.h"
#include "Core/MemFault.h"
#include "Core/MemMap.h"
#include "Core/MIPS/JitCommon/JitCommon.h"
namespace Memory {
static int64_t g_numReportedBadAccesses = 0;
const uint8_t *g_lastCrashAddress;
MemoryExceptionType g_lastMemoryExceptionType;
static bool inCrashHandler = false;
std::unordered_set<const uint8_t *> g_ignoredAddresses;
void MemFault_Init() {
g_numReportedBadAccesses = 0;
g_lastCrashAddress = nullptr;
g_lastMemoryExceptionType = MemoryExceptionType::NONE;
g_ignoredAddresses.clear();
}
bool MemFault_MayBeResumable() {
return g_lastCrashAddress != nullptr;
}
void MemFault_IgnoreLastCrash() {
g_ignoredAddresses.insert(g_lastCrashAddress);
}
#ifdef MACHINE_CONTEXT_SUPPORTED
static bool DisassembleNativeAt(const uint8_t *codePtr, int instructionSize, std::string *dest) {
#if PPSSPP_ARCH(AMD64) || PPSSPP_ARCH(X86)
auto lines = DisassembleX86(codePtr, instructionSize);
if (!lines.empty()) {
*dest = lines[0];
return true;
}
#elif PPSSPP_ARCH(ARM64)
auto lines = DisassembleArm64(codePtr, instructionSize);
if (!lines.empty()) {
*dest = lines[0];
return true;
}
#elif PPSSPP_ARCH(ARM)
auto lines = DisassembleArm2(codePtr, instructionSize);
if (!lines.empty()) {
*dest = lines[0];
return true;
}
#endif
return false;
}
bool HandleFault(uintptr_t hostAddress, void *ctx) {
if (inCrashHandler)
return false;
inCrashHandler = true;
SContext *context = (SContext *)ctx;
const uint8_t *codePtr = (uint8_t *)(context->CTX_PC);
std::lock_guard<std::recursive_mutex> guard(MIPSComp::jitLock);
// We set this later if we think it can be resumed from.
g_lastCrashAddress = nullptr;
// TODO: Check that codePtr is within the current JIT space.
bool inJitSpace = MIPSComp::jit && MIPSComp::jit->CodeInRange(codePtr);
if (!inJitSpace) {
// This is a crash in non-jitted code. Not something we want to handle here, ignore.
inCrashHandler = false;
return false;
}
uintptr_t baseAddress = (uintptr_t)base;
#ifdef MASKED_PSP_MEMORY
const uintptr_t addressSpaceSize = 0x40000000ULL;
#else
const uintptr_t addressSpaceSize = 0x100000000ULL;
#endif
// Check whether hostAddress is within the PSP memory space, which (likely) means it was a guest executable that did the bad access.
bool invalidHostAddress = hostAddress == (uintptr_t)0xFFFFFFFFFFFFFFFFULL;
if (hostAddress < baseAddress || hostAddress >= baseAddress + addressSpaceSize) {
// Host address outside - this was a different kind of crash.
if (!invalidHostAddress) {
inCrashHandler = false;
return false;
}
}
// OK, a guest executable did a bad access. Take care of it.
uint32_t guestAddress = invalidHostAddress ? 0xFFFFFFFFUL : (uint32_t)(hostAddress - baseAddress);
// TODO: Share the struct between the various analyzers, that will allow us to share most of
// the implementations here.
bool success = false;
MemoryExceptionType type = MemoryExceptionType::NONE;
std::string infoString = "";
bool isAtDispatch = false;
if (MIPSComp::jit) {
std::string desc;
if (MIPSComp::jit->DescribeCodePtr(codePtr, desc)) {
infoString += desc + "\n";
}
if (MIPSComp::jit->IsAtDispatchFetch(codePtr)) {
isAtDispatch = true;
}
}
int instructionSize = 4;
#if PPSSPP_ARCH(AMD64) || PPSSPP_ARCH(X86)
// X86, X86-64. Variable instruction size so need to analyze the mov instruction in detail.
instructionSize = 15;
// To ignore the access, we need to disassemble the instruction and modify context->CTX_PC
LSInstructionInfo info{};
success = X86AnalyzeMOV(codePtr, info);
if (success)
instructionSize = info.instructionSize;
#elif PPSSPP_ARCH(ARM64)
uint32_t word;
memcpy(&word, codePtr, 4);
// To ignore the access, we need to disassemble the instruction and modify context->CTX_PC
Arm64LSInstructionInfo info{};
success = Arm64AnalyzeLoadStore((uint64_t)codePtr, word, &info);
#elif PPSSPP_ARCH(ARM)
uint32_t word;
memcpy(&word, codePtr, 4);
// To ignore the access, we need to disassemble the instruction and modify context->CTX_PC
ArmLSInstructionInfo info{};
success = ArmAnalyzeLoadStore((uint32_t)codePtr, word, &info);
#elif PPSSPP_ARCH(RISCV64)
// TODO: Put in a disassembler.
struct RiscVLSInstructionInfo {
int instructionSize;
bool isIntegerLoadStore;
bool isFPLoadStore;
int size;
bool isMemoryWrite;
};
uint32_t word;
memcpy(&word, codePtr, 4);
RiscVLSInstructionInfo info{};
// Compressed instructions have low bits 00, 01, or 10.
info.instructionSize = (word & 3) == 3 ? 4 : 2;
instructionSize = info.instructionSize;
success = true;
switch (word & 0x7F) {
case 3:
info.isIntegerLoadStore = true;
info.size = 1 << ((word >> 12) & 3);
break;
case 7:
info.isFPLoadStore = true;
info.size = 1 << ((word >> 12) & 3);
break;
case 35:
info.isIntegerLoadStore = true;
info.isMemoryWrite = true;
info.size = 1 << ((word >> 12) & 3);
break;
case 39:
info.isFPLoadStore = true;
info.isMemoryWrite = true;
info.size = 1 << ((word >> 12) & 3);
break;
default:
// Compressed instruction.
switch (word & 0x6003) {
case 0x4000:
case 0x4002:
case 0x6000:
case 0x6002:
info.isIntegerLoadStore = true;
info.size = (word & 0x2000) != 0 ? 8 : 4;
info.isMemoryWrite = (word & 0x8000) != 0;
break;
case 0x2000:
case 0x2002:
info.isFPLoadStore = true;
info.size = 8;
info.isMemoryWrite = (word & 0x8000) != 0;
break;
default:
// Not a read or a write.
success = false;
break;
}
break;
}
#endif
std::string disassembly;
if (DisassembleNativeAt(codePtr, instructionSize, &disassembly)) {
infoString += disassembly + "\n";
}
if (isAtDispatch) {
u32 targetAddr = currentMIPS->pc; // bad approximation
// TODO: Do the other archs and platforms.
#if PPSSPP_ARCH(AMD64) && PPSSPP_PLATFORM(WINDOWS)
// We know which register the address is in, look in Asm.cpp.
targetAddr = (uint32_t)context->Rax;
#endif
Core_ExecException(targetAddr, currentMIPS->pc, ExecExceptionType::JUMP);
// Redirect execution to a crash handler that will switch to CoreState::CORE_RUNTIME_ERROR immediately.
context->CTX_PC = (uintptr_t)MIPSComp::jit->GetCrashHandler();
ERROR_LOG(MEMMAP, "Bad execution access detected, halting: %08x (last known pc %08x, host: %p)", targetAddr, currentMIPS->pc, (void *)hostAddress);
inCrashHandler = false;
return true;
} else if (success) {
if (info.isMemoryWrite) {
type = MemoryExceptionType::WRITE_WORD;
} else {
type = MemoryExceptionType::READ_WORD;
}
} else {
type = MemoryExceptionType::UNKNOWN;
}
g_lastMemoryExceptionType = type;
bool handled = true;
if (success && (g_Config.bIgnoreBadMemAccess || g_ignoredAddresses.find(codePtr) != g_ignoredAddresses.end())) {
if (!info.isMemoryWrite) {
// It was a read. Fill the destination register with 0.
// TODO
}
// Move on to the next instruction. Note that handling bad accesses like this is pretty slow.
context->CTX_PC += info.instructionSize;
g_numReportedBadAccesses++;
if (g_numReportedBadAccesses < 100) {
ERROR_LOG(MEMMAP, "Bad memory access detected and ignored: %08x (%p)", guestAddress, (void *)hostAddress);
}
} else {
// Either bIgnoreBadMemAccess is off, or we failed recovery analysis.
// We can't ignore this memory access.
uint32_t approximatePC = currentMIPS->pc;
// TODO: Determine access size from the disassembled native instruction. We have some partial info already,
// just need to clean it up.
Core_MemoryExceptionInfo(guestAddress, 0, approximatePC, type, infoString, true);
// There's a small chance we can resume from this type of crash.
g_lastCrashAddress = codePtr;
// Redirect execution to a crash handler that will switch to CoreState::CORE_RUNTIME_ERROR immediately.
if (MIPSComp::jit)
context->CTX_PC = (uintptr_t)MIPSComp::jit->GetCrashHandler();
else
handled = false;
ERROR_LOG(MEMMAP, "Bad memory access detected! %08x (%p) Stopping emulation. Info:\n%s", guestAddress, (void *)hostAddress, infoString.c_str());
}
inCrashHandler = false;
return handled;
}
#else
bool HandleFault(uintptr_t hostAddress, void *ctx) {
ERROR_LOG(MEMMAP, "Exception handling not supported");
return false;
}
#endif
} // namespace Memory
Reference in a new issue View git blame Copy permalink