Skip to content

Upgraded libtcg to 10.2 #114

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
vitalych merged 6 commits into from
Feb 15, 2026
Merged

Upgraded libtcg to 10.2 #114

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
30c193b
tcg: upgrade to qemu 10.2
vitalych Feb 8, 2026
1666b41
libtcg/llvm: updated for tcg 10.2
vitalych Feb 15, 2026
d6dc680
libcpu: updated for tcg 10.2
vitalych Feb 15, 2026
09bec62
s2e: updated for tcg 10.2
vitalych Feb 15, 2026
d582c4d
klee/expr: added missing shift by 0 optimizations
vitalych Feb 15, 2026
ebf852c
testsuite/pov-demo0: stop s2e when enough povs are generated
vitalych Feb 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions klee/lib/Expr/Expr.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1162,6 +1162,11 @@ static ref<Expr> LShrExpr_create(const ref<Expr> &l, const ref<Expr> &r) {
if (l->getWidth() == Expr::Bool) { // l & !r
return AndExpr::create(l, Expr::createIsZero(r));
} else {
// Shifting by 0 is a no-op
ConstantExpr *ce = dyn_cast<ConstantExpr>(r);
if (ce && ce->getAPValue() == 0) {
return l;
}
return LShrExpr::alloc(l, r);
}
}
Expand All @@ -1170,6 +1175,11 @@ static ref<Expr> AShrExpr_create(const ref<Expr> &l, const ref<Expr> &r) {
if (l->getWidth() == Expr::Bool) { // l
return l;
} else {
// Shifting by 0 is a no-op
ConstantExpr *ce = dyn_cast<ConstantExpr>(r);
if (ce && ce->getAPValue() == 0) {
return l;
}
return AShrExpr::alloc(l, r);
}
}
Expand Down
24 changes: 1 addition & 23 deletions libcpu/include/cpu/exec.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,35 +26,13 @@
#include <cpu/softmmu_defs.h>
#include <cpu/tb.h>
#include <libcpu-compiler.h>
#include <tcg/accel/getpc.h>
#include <tcg/utils/log.h>

#ifdef __cplusplus
extern "C" {
#endif

/* The return address may point to the start of the next instruction.
Subtracting one gets us the call instruction itself. */
#if defined(CONFIG_TCG_INTERPRETER)
/* Alpha and SH4 user mode emulations and Softmmu call GETPC().
For all others, GETPC remains undefined (which makes TCI a little faster. */
#if defined(CONFIG_SOFTMMU) || defined(TARGET_ALPHA) || defined(TARGET_SH4)
extern void *tci_tb_ptr;
#define GETPC() tci_tb_ptr
#endif
#elif defined(__s390__) && !defined(__s390x__)
#define GETPC() ((void *) (((uintptr_t) __builtin_return_address(0) & 0x7fffffffUL) - 1))
#elif defined(__arm__)
/* Thumb return addresses have the low bit set, so we need to subtract two.
This is still safe in ARM mode because instructions are 4 bytes. */
#define GETPC() ((void *) ((uintptr_t) __builtin_return_address(0) - 2))
#else
#if defined(SYMBEX_LLVM_LIB)
#define GETPC() 0
#else
#define GETPC() (((uintptr_t) __builtin_return_address(0) - 1))
#endif
#endif

/* The true return address will often point to a host insn that is part of
the next translated guest insn. Adjust the address backward to point to
the middle of the call insn. Subtracting one would do the job except for
Expand Down
2 changes: 1 addition & 1 deletion libcpu/src/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ target_include_directories (cpu PUBLIC
${CMAKE_BINARY_DIR}/include
)

set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__STDC_FORMAT_MACROS -D_GNU_SOURCE -DNEED_CPU_H -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -DTARGET_PHYS_ADDR_BITS=64")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__STDC_FORMAT_MACROS -D_GNU_SOURCE -DNEED_CPU_H -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -DTARGET_PHYS_ADDR_BITS=64 -DCOMPILING_PER_TARGET")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -fPIC -Werror -fno-omit-frame-pointer")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fno-strict-aliasing -Wno-sign-compare -Wno-missing-field-initializers -Wno-mismatched-tags -Wno-deprecated-declarations -Wno-initializer-overrides -Wno-zero-length-array")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fexceptions -Wno-gnu-folding-constant")
Expand Down
18 changes: 9 additions & 9 deletions libcpu/src/precise-pc.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ static target_long decode_sleb128(uint8_t **pp) {
/* Encode the data collected about the instructions while compiling TB.
Place the data at BLOCK, and return the number of bytes consumed.

The logical table consists of TARGET_INSN_START_WORDS target_ulong's,
The logical table consists of INSN_START_WORDS uint64_t's,
which come from the target's insn_start data, followed by a uintptr_t
which comes from the host pc of the end of the code implementing the insn.

Expand All @@ -87,13 +87,13 @@ int encode_search(TCGContext *tcg_ctx, TranslationBlock *tb, uint8_t *block) {
for (i = 0, n = tb->icount; i < n; ++i) {
uint64_t prev, curr;

for (j = 0; j < TARGET_INSN_START_WORDS; ++j) {
for (j = 0; j < INSN_START_WORDS; ++j) {
if (i == 0) {
prev = (!(tb_cflags(tb) & CF_PCREL) && j == 0 ? tb->pc : 0);
} else {
prev = insn_data[(i - 1) * TARGET_INSN_START_WORDS + j];
prev = insn_data[(i - 1) * INSN_START_WORDS + j];
}
curr = insn_data[i * TARGET_INSN_START_WORDS + j];
curr = insn_data[i * INSN_START_WORDS + j];
p = encode_sleb128(p, curr - prev);
}
prev = (i == 0 ? 0 : insn_end_off[i - 1]);
Expand All @@ -113,7 +113,7 @@ int encode_search(TCGContext *tcg_ctx, TranslationBlock *tb, uint8_t *block) {
}

int tb_get_instruction_size(TranslationBlock *tb, uint64_t pc) {
target_ulong data[TARGET_INSN_START_WORDS] = {tb->pc};
target_ulong data[INSN_START_WORDS] = {tb->pc};
uint8_t *p = tb->tc.ptr + tb->tc.size;
int i, j, num_insns = tb->icount;

Expand All @@ -122,15 +122,15 @@ int tb_get_instruction_size(TranslationBlock *tb, uint64_t pc) {
}

for (i = 0; i < num_insns; ++i) {
for (j = 0; j < TARGET_INSN_START_WORDS; ++j) {
for (j = 0; j < INSN_START_WORDS; ++j) {
data[j] += decode_sleb128(&p);
}
decode_sleb128(&p);
if (data[0] == pc) {
if (i == num_insns - 1) {
return tb->size - (pc - tb->pc);
} else {
for (j = 0; j < TARGET_INSN_START_WORDS; ++j) {
for (j = 0; j < INSN_START_WORDS; ++j) {
data[j] += decode_sleb128(&p);
}
return data[0] - pc;
Expand All @@ -155,7 +155,7 @@ static int tb_find_guest_pc(TranslationBlock *tb, uintptr_t searched_host_pc, ta
// Reconstruct the stored insn data while looking for the point at
// which the end of the insn exceeds the searched_pc.
for (i = 0; i < num_insns; ++i) {
for (j = 0; j < TARGET_INSN_START_WORDS; ++j) {
for (j = 0; j < INSN_START_WORDS; ++j) {
data[j] += decode_sleb128(&p);
}
host_pc += decode_sleb128(&p);
Expand All @@ -171,7 +171,7 @@ static int tb_find_guest_pc(TranslationBlock *tb, uintptr_t searched_host_pc, ta
* icount should be recalculated.
*/
static int cpu_restore_state_from_tb(CPUArchState *env, TranslationBlock *tb, uintptr_t searched_pc) {
target_ulong data[TARGET_INSN_START_WORDS] = {tb->pc};
target_ulong data[INSN_START_WORDS] = {tb->pc};

if (tb_find_guest_pc(tb, searched_pc, data) < 0) {
return -1;
Expand Down
Loading