Loading an qemu pointer as an immediate happens often. E.g.
- exit_tb $0x7fa8140013
+ exit_tb $0x7f81ee0013
...
- : d2800260 mov x0, #0x13
- : f2b50280 movk x0, #0xa814, lsl #16
- : f2c00fe0 movk x0, #0x7f, lsl #32
+ : 90ff1000 adrp x0, 0x7f81ee0000
+ : 91004c00 add x0, x0, #0x13
Signed-off-by: Richard Henderson <r...@twiddle.net>
---
tcg/aarch64/tcg-target.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/tcg/aarch64/tcg-target.c b/tcg/aarch64/tcg-target.c
index ddf1ece..be74d2b 100644
--- a/tcg/aarch64/tcg-target.c
+++ b/tcg/aarch64/tcg-target.c
@@ -318,6 +318,10 @@ typedef enum {
/* Conditional select instructions */
INSN_CSEL = 0x1a800000,
INSN_CSINC = 0x1a800400,
+
+ /* PC relative addressing instructions */
+ INSN_ADR = 0x10000000,
+ INSN_ADRP = 0x90000000,
} AArch64Insn;
static inline enum aarch64_ldst_op_data
@@ -489,6 +493,12 @@ static inline void tcg_fmt_Rd_uimm_s(TCGContext *s,
AArch64Insn insn, bool ext,
tcg_out32(s, insn | ext << 31 | shift << 17 | half << 5 | rd);
}
+static inline void tcg_fmt_Rd_disp21(TCGContext *s, AArch64Insn insn,
+ TCGReg rd, tcg_target_long disp)
+{
+ tcg_out32(s, insn | (disp & 3) << 29 | (disp & 0x1ffffc) << (5 - 2) | rd);
+}
+
static inline void tcg_out_ldst_9(TCGContext *s,
enum aarch64_ldst_op_data op_data,
enum aarch64_ldst_op_type op_type,
@@ -566,6 +576,17 @@ static void tcg_out_movi(TCGContext *s, TCGType type,
TCGReg rd,
return;
}
+ /* Look for host pointer values within 4G of the PC. This happens
+ often when loading pointers to QEMU's data structures. */
+ svalue = (value >> 12) - ((intptr_t)s->code_ptr >> 12);
+ if (svalue == sextract64(svalue, 0, 21)) {
+ tcg_fmt_Rd_disp21(s, INSN_ADRP, rd, svalue);
+ if (value & 0xfff) {
+ tcg_fmt_Rdn_aimm(s, INSN_ADDI, ext, rd, rd, value & 0xfff);
+ }
+ return;
+ }
+
/* Would it take fewer insns to begin with MOVN? */
insn = INSN_MOVZ;
wantinv = 0;
--
1.8.3.1
