Merge pull request #42 from Starforge-Atelier/trace-10-tricore

gdb-xml: add tricore.xml

Author: Rot127

.github/workflows/build.yaml

@@ -11,6 +11,10 @@ jobs:
       uses: actions/setup-python@v4
       with:
         python-version: '3.x'
+    - name: Install Python dependencies
+      run: |
+        pip install --upgrade pip
+        pip install distlib setuptools wheel
     - name: Install deps
       run: |
         sudo apt-get -y update
@@ -32,5 +36,5 @@ jobs:
         cd qemu
         mkdir build
         cd build
-        ../configure --enable-plugins --target-list=sparc-linux-user,sparc64-linux-user
+        ../configure --enable-plugins --target-list=sparc-linux-user,sparc64-linux-user,tricore-softmmu
         ninja

.gitmodules

@@ -45,4 +45,4 @@
 	url = https://gitlab.com/libvirt/libvirt-ci.git
 [submodule "contrib/plugins/bap-tracing/bap-frames"]
 	path = contrib/plugins/bap-tracing/bap-frames
-	url = git@github.com:BinaryAnalysisPlatform/bap-frames.git
+	url = https://github.com/BinaryAnalysisPlatform/bap-frames.git

README.md

@@ -11,6 +11,7 @@ Known to work:
 - Sparc
 - Hexagon
 - PPC
+- TriCore
 
 Needs fixes:
 

configs/targets/tricore-softmmu.mak

@@ -1,2 +1,3 @@
 TARGET_ARCH=tricore
 TARGET_LONG_BITS=32
+TARGET_XML_FILES=gdb-xml/tricore-core.xml

contrib/plugins/bap-tracing/bap-frames

@@ -31,7 +31,11 @@ frame_proto_src = custom_target(
 )
 
 libprotobuf = dependency('libprotobuf-c')
-frame_protobuf = static_library('protobuf', [frame_proto_src], pic: true)
+frame_protobuf = static_library(
+    'protobuf',
+    [frame_proto_src],
+    dependencies: [libprotobuf],
+    pic: true)
 dep_libprotobuf = declare_dependency(
     sources : [frame_proto_src, frame_arch_h],
     link_with : [frame_protobuf],

contrib/plugins/bap-tracing/meson.build

@@ -184,6 +184,7 @@ static void flush_and_write_toc_entry(FrameBuffer *fbuf) {
   g_rw_lock_writer_unlock(&state.file_lock);
 }
 
+static void flush_all_frame_bufs(void) __attribute__((unused));
 static void flush_all_frame_bufs(void) {
   g_rw_lock_writer_lock(&state.file_lock);
   g_rw_lock_writer_lock(&state.toc_entries_offsets_lock);
@@ -339,7 +340,37 @@ static void cb_trans(qemu_plugin_id_t id, struct qemu_plugin_tb *tb) {
 }
 
 static void plugin_exit(qemu_plugin_id_t id, void *udata) {
-  flush_all_frame_bufs();
+  qemu_plugin_outs("Exiting bap-tracing plugin\n");
+  /**
+   * FIXME: flush_all_frame_bufs() is currently commented out due to an
+   * assertion failure in qemu_plugin_get_registers when used in the plugin
+   * exit callback.
+   *
+   * Root cause: When the plugin exits, current_cpu has already been set to
+   * NULL by QEMU's shutdown sequence. However, flush_all_frame_bufs() calls
+   * qemu_plugin_get_registers() (via add_post_reg_state()) to capture the
+   * final register state, which internally asserts that current_cpu is
+   * non-NULL. This causes the assertion to fail.
+   *
+   * This issue is specific to the TriCore architecture tracing but may affect
+   * other architectures as well.
+   *
+   * Potential drawbacks of commenting out this call:
+   * 1. The last few instruction frames in each vCPU's buffer may not be
+   *    written to the trace file, resulting in incomplete traces.
+   * 2. Post-execution register states for the final instructions will not
+   *    be captured, potentially losing important state information.
+   * 3. If the frame buffers have accumulated data that hasn't reached the
+   *    flush threshold, that data will be lost entirely.
+   *
+   * Possible solutions:
+   * - Modify QEMU to allow qemu_plugin_get_registers() to gracefully handle
+   *   NULL current_cpu during shutdown
+   * - Add a pre-exit flush mechanism that runs before current_cpu is cleared
+   * - Skip register state capture in flush_all_frame_bufs() when called from
+   *   plugin_exit, flushing only the instruction frames without post-state
+   */
+  // flush_all_frame_bufs();
 
   g_rw_lock_writer_lock(&state.file_lock);
   g_rw_lock_reader_lock(&state.toc_entries_offsets_lock);

contrib/plugins/bap-tracing/tracing.c

@@ -104,6 +104,7 @@ static struct arch_enum_entry arch_map[] = {
     {.name = "8051", .arch = frame_arch_8051, .machine = 0},
     {.name = "sm83", .arch = frame_arch_sm83, .machine = 0},
     {.name = "hexagon", .arch = frame_arch_hexagon, .machine = 0},
+    {.name = "tricore", .arch = frame_arch_tricore, .machine = frame_mach_tricore_162},
     {.name = NULL, .arch = frame_arch_last, .machine = 0},
 };
 

contrib/plugins/bap-tracing/tracing.h

@@ -0,0 +1,83 @@
+<?xml version="1.0"?>
+
+<!-- Based on https://github.com/Gigallith/gdb-tricore/blob/main/gdb/features/tricore-core.xml
+     Modified according to rizin's TriCore plugin and QEMU's TriCore implementation.
+     Added several special registers (syscon, cpu_id, core_id, biv, btv, isp, fcx, lcx, compat,
+     pmucon0, cycles, instr, time). -->
+
+<!-- Copyright (C) 2019 Free Software Foundation, Inc.
+
+     Copying and distribution of this file, with or without modification,
+     are permitted in any medium without royalty provided the copyright
+     notice and this notice are preserved.  -->
+
+<!DOCTYPE feature SYSTEM "gdb-target.dtd">
+<feature name="org.gnu.gdb.tricore.core">
+  <reg name="a0" bitsize="32" type="data_ptr"/>
+  <reg name="a1" bitsize="32" type="uint32"/>
+  <reg name="a2" bitsize="32" type="uint32"/>
+  <reg name="a3" bitsize="32" type="uint32"/>
+  <reg name="a4" bitsize="32" type="uint32"/>
+  <reg name="a5" bitsize="32" type="uint32"/>
+  <reg name="a6" bitsize="32" type="uint32"/>
+  <reg name="a7" bitsize="32" type="uint32"/>
+  <reg name="a8" bitsize="32" type="uint32"/>
+  <reg name="a9" bitsize="32" type="uint32"/>
+  <reg name="a10" bitsize="32" type="uint32"/>
+  <reg name="a11" bitsize="32" type="uint32"/>
+  <reg name="a12" bitsize="32" type="uint32"/>
+  <reg name="a13" bitsize="32" type="uint32"/>
+  <reg name="a14" bitsize="32" type="uint32"/>
+  <reg name="a15" bitsize="32" type="uint32"/>
+
+  <reg name="d0" bitsize="32" type="data_ptr"/>
+  <reg name="d1" bitsize="32" type="uint32"/>
+  <reg name="d2" bitsize="32" type="uint32"/>
+  <reg name="d3" bitsize="32" type="uint32"/>
+  <reg name="d4" bitsize="32" type="uint32"/>
+  <reg name="d5" bitsize="32" type="uint32"/>
+  <reg name="d6" bitsize="32" type="uint32"/>
+  <reg name="d7" bitsize="32" type="uint32"/>
+  <reg name="d8" bitsize="32" type="uint32"/>
+  <reg name="d9" bitsize="32" type="uint32"/>
+  <reg name="d10" bitsize="32" type="uint32"/>
+  <reg name="d11" bitsize="32" type="uint32"/>
+  <reg name="d12" bitsize="32" type="uint32"/>
+  <reg name="d13" bitsize="32" type="uint32"/>
+  <reg name="d14" bitsize="32" type="uint32"/>
+  <reg name="d15" bitsize="32" type="uint32"/>
+
+  <flags id="psw_flags" size="4">
+    <field name="CDC" start="0" end="6"/>
+    <field name="CDE" start="7" end="8"/>
+    <field name="C" start="31" end="31"/>
+    <field name="V" start="30" end="30"/>
+    <field name="SV" start="29" end="29"/>
+    <field name="AV" start="28" end="28"/>
+    <field name="SAV" start="27" end="27"/>
+    <field name="RM" start="24" end="25"/>
+    <field name="PRS" start="12" end="13"/>
+    <field name="IO" start="10" end="11"/>
+    <field name="IS" start="9" end="9"/>
+    <field name="GW" start="8" end="8"/>
+  </flags>
+
+  <reg name="pcxi" bitsize="32" type="data_ptr"/>
+  <reg name="psw" bitsize="32" type="psw_flags"/>
+  <reg name="pc" bitsize="32" type="code_ptr"/>
+  <reg name="icr" bitsize="32" type="uint32"/>
+	<reg name="syscon" bitsize="32" type="uint32"/>
+	<reg name="cpu_id" bitsize="32" type="uint32"/>
+	<reg name="core_id" bitsize="32" type="uint32"/>
+	<reg name="biv" bitsize="32" type="uint32"/>
+	<reg name="btv" bitsize="32" type="uint32"/>
+	<reg name="isp" bitsize="32" type="uint32"/>
+	<reg name="icr" bitsize="32" type="uint32"/>
+	<reg name="fcx" bitsize="32" type="uint32"/>
+	<reg name="lcx" bitsize="32" type="uint32"/>
+	<reg name="compat" bitsize="32" type="uint32"/>
+  <reg name="pmucon0" bitsize="32"/>
+  <reg name="cycles" bitsize="32"/>
+  <reg name="instr" bitsize="32"/>
+  <reg name="time" bitsize="32"/>
+</feature>

gdb-xml/tricore-core.xml

@@ -0,0 +1,17 @@
+<?xml version="1.0"?>
+<!-- Copyright (C) 2007-2020 Free Software Foundation, Inc.
+
+     Copying and distribution of this file, with or without modification,
+     are permitted in any medium without royalty provided the copyright
+     notice and this notice are preserved.  -->
+
+<!DOCTYPE feature SYSTEM "gdb-target.dtd">
+<feature name="org.gnu.gdb.tricore.fpu">
+  <reg name="FPU_TRAP_CON" bitsize="32" type="ieee_single" regnum="0"/>
+  <reg name="FPU_TRAP_PC" bitsize="32" type="ieee_single"/>
+  <reg name="FPU_TRAP_OPC" bitsize="32" type="ieee_single"/>
+  <reg name="FPU_TRAP_SRC1" bitsize="32" type="ieee_single"/>
+  <reg name="FPU_TRAP_SRC2" bitsize="32" type="ieee_single"/>
+  <reg name="FPU_TRAP_SRC3" bitsize="32" type="ieee_single"/>
+  <reg name="FPU_ID" bitsize="32" type="ieee_single"/>
+</feature>