function call on MIPS (newbie question)

function call on MIPS (newbie question)

[Harald Krapfenbauer]

Hi!

I'm a newbie to the MIPS architecture and I want to port some program to
MIPS.
I must call a function within the .text segment with 2 simple
parameters. So I figured out the following code which
*) loads arg1 into register $4
*) loads arg2 into register $5
*) loads the address into $15
*) executes a jalr
*) breaks afterwards


	*((guint32 *)(code)) = ((method_argument1 >> 16) & 0xffff) |
0x3c040000;    /* arg 1 upper half word */
	*((guint32 *)(code+4)) = (method_argument1 & 0xffff) | 0x24040000;
     /* arg 1 lower half word */
	*((guint32 *)(code+8)) = ((method_argument2 >> 16) & 0xffff) |
0x3c050000;  /* arg 2 upper half word */
	*((guint32 *)(code+12)) = (method_argument2 & 0xffff) | 0x24050000;
     /* arg 2 lower half word */
	*((guint32 *)(code+16)) = ((method_address >> 16) & 0xffff) |
0x3c0f0000;   /* address upper half word */
	*((guint32 *)(code+20)) = (method_address & 0xffff) | 0x240f0000;
     /* address lower half word */
	*((guint32 *)(code+24)) = 0x01e0f809;
     /* jalr */
	*((guint32 *)(code+28)) = 0x0;
     /* branch delay slot */
	*((guint32 *)(code+32)) = 0x0d;
     /* breakpoint */



The code is written to the stack, the SP and the PC are then set to the
beginning of the code on the stack.

Something must be going wrong because after the program stops again, the
PC is 0xffffcb38 (The method address is 0x53cb38) and my program
receives signal 10.

Did I miss something or is my code wrong?
Any help appreciated!

Best regards,
Harald Krapfenbauer

Re: function call on MIPS (newbie question)

[David VomLehn]

Harald Krapfenbauer wrote:
> Hi!
> 
> I'm a newbie to the MIPS architecture and I want to port some program to
> MIPS.
> I must call a function within the .text segment with 2 simple
> parameters. So I figured out the following code
...
> 
> The code is written to the stack, the SP and the PC are then set to the
> beginning of the code on the stack.

Unlike x86 architectures, the MIPS architecture generally does not have hardware 
to synchronize data and instructions caches. When writing code for execution on 
the MIPS processor, you need to be sure that you flush the data cache and 
invalidate the instruction cache before trying to execute the code. On most MIPS 
processors, you can use the SYNCI instruction to do this. Take a look at the 
documentation for this instruction in "MIPS32® Architecture for Programmers 
Volume II: The MIPS32® Instruction Set". It has sample code on how to properly do 
this in an unprivileged application. You can get to this manual, as well as other 
MIPS manuals, at:

      http://www.mips.com/products/product-materials/processor/mips-architecture/

You will need to register for a free account to download this.

You can also use the cacheflush system call to synchronize the data and 
instruction caches.
-- 
David VomLehn, dvomlehn@cisco.com
The opinions expressed herein are likely mine, but might not be my employer's...




     - - - - -                              Cisco                            - - - - -         
This e-mail and any attachments may contain information which is confidential, 
proprietary, privileged or otherwise protected by law. The information is solely 
intended for the named addressee (or a person responsible for delivering it to 
the addressee). If you are not the intended recipient of this message, you are 
not authorized to read, print, retain, copy or disseminate this message or any 
part of it. If you have received this e-mail in error, please notify the sender 
immediately by return e-mail and delete it from your computer.

Re: function call on MIPS (newbie question)

[Chris Dearman]

Harald Krapfenbauer wrote:
> Hi!
> 
> I'm a newbie to the MIPS architecture and I want to port some program to
> MIPS.
> I must call a function within the .text segment with 2 simple
> parameters. So I figured out the following code which
> *) loads arg1 into register $4
> *) loads arg2 into register $5
> *) loads the address into $15
> *) executes a jalr
> *) breaks afterwards
> 
> 
> 	*((guint32 *)(code)) = ((method_argument1 >> 16) & 0xffff) |
> 0x3c040000;    /* arg 1 upper half word */
> 	*((guint32 *)(code+4)) = (method_argument1 & 0xffff) | 0x24040000;
>      /* arg 1 lower half word */
> 	*((guint32 *)(code+8)) = ((method_argument2 >> 16) & 0xffff) |
> 0x3c050000;  /* arg 2 upper half word */
> 	*((guint32 *)(code+12)) = (method_argument2 & 0xffff) | 0x24050000;
>      /* arg 2 lower half word */
> 	*((guint32 *)(code+16)) = ((method_address >> 16) & 0xffff) |
> 0x3c0f0000;   /* address upper half word */
> 	*((guint32 *)(code+20)) = (method_address & 0xffff) | 0x240f0000;
>      /* address lower half word */
> 	*((guint32 *)(code+24)) = 0x01e0f809;
>      /* jalr */
> 	*((guint32 *)(code+28)) = 0x0;
>      /* branch delay slot */
> 	edit *((guint32 *)(code+32)) = 0x0d;
>      /* breakpoint */
> 
> 
> 
> The code is written to the stack, the SP and the PC are then set to the
> beginning of the code on the stack.
> 
> Something must be going wrong because after the program stops again, the
> PC is 0xffffcb38 (The method address is 0x53cb38) and my program
> receives signal 10.
> 
> Did I miss something or is my code wrong?
> Any help appreciated!

The code you generate for the function address is
3C0F0053  lui         t7,0x53
240FCB38  addiu       t7,zero,-13512

   There are 2 problems here... the second instruction should be "addiu 
t7,t7,-13512" and addiu sign-extends the immediate value so you have to 
deal with this by adjusting the lui if bit 15 of the address is set. 
It's simpler to use ori which does not sign-extend the immediate value:

3C0F0053  lui         t7,0x53
35EFEB37  ori         t7,t7,0xeb37

   You will need to modify the instructions that load a0 and a1 in the 
same way.

   The next issue will be cache maintenance which you have to do 
explicitly. Most MIPS CPUs use writeback caches, so you need to flush 
this data from the dcache into memory and then invalidate the icache to 
make sure the CPU does not execute stale data. MIPS32 processors support 
synci to accomplish this.  If the processor you're using doesn't have 
synci, there is a cachectl syscall which does the required cache 
writeback/invalidation

   One final point is calling conventions. If you are calling other JIT 
code you will know what assumptions it makes about register/stack usage, 
but if you are calling normal code (eg a library function) then you have 
to use the normal calling conventions.  The caller is required to 
allocate 4 words at $sp where the callee can store $a0..$a3. PIC code 
requires that the call is made using "jalr $t9" etc.

If you're new to the MIPS world I'd strongly recommend "See MIPS Run 
Linux" by Dominic Sweetman which covers a lot of this stuff and is very 
readable.

Chris

-- 
Chris Dearman                 Desk:+1 650 567 5092  Cell:+1 650 224 8603
MIPS Technologies Inc         1225 Charleston Rd, Mountain View CA 94043

Re: function call on MIPS (newbie question)

[Harald Krapfenbauer]

Thanks for your detailed answer!
While I am waiting for the suggested book, I have another question
regarding cache maintenance:

If I read and write memory via ptrace() calls in MIPS Linux, is it
required to care about the cache? That would mean that I must flush (and
invalidate) the cache everytime before I access a process' memory via
ptrace()...

Best regards,
Harald


Chris Dearman wrote:
> Harald Krapfenbauer wrote:
>> Hi!
>>
>> I'm a newbie to the MIPS architecture and I want to port some program to
>> MIPS.
>> I must call a function within the .text segment with 2 simple
>> parameters. So I figured out the following code which
>> *) loads arg1 into register $4
>> *) loads arg2 into register $5
>> *) loads the address into $15
>> *) executes a jalr
>> *) breaks afterwards
>>
>>
>>       *((guint32 *)(code)) = ((method_argument1 >> 16) & 0xffff) |
>> 0x3c040000;    /* arg 1 upper half word */
>>       *((guint32 *)(code+4)) = (method_argument1 & 0xffff) | 0x24040000;
>>      /* arg 1 lower half word */
>>       *((guint32 *)(code+8)) = ((method_argument2 >> 16) & 0xffff) |
>> 0x3c050000;  /* arg 2 upper half word */
>>       *((guint32 *)(code+12)) = (method_argument2 & 0xffff) | 0x24050000;
>>      /* arg 2 lower half word */
>>       *((guint32 *)(code+16)) = ((method_address >> 16) & 0xffff) |
>> 0x3c0f0000;   /* address upper half word */
>>       *((guint32 *)(code+20)) = (method_address & 0xffff) | 0x240f0000;
>>      /* address lower half word */
>>       *((guint32 *)(code+24)) = 0x01e0f809;
>>      /* jalr */
>>       *((guint32 *)(code+28)) = 0x0;
>>      /* branch delay slot */
>>       edit *((guint32 *)(code+32)) = 0x0d;
>>      /* breakpoint */
>>
>>
>>
>> The code is written to the stack, the SP and the PC are then set to the
>> beginning of the code on the stack.
>>
>> Something must be going wrong because after the program stops again, the
>> PC is 0xffffcb38 (The method address is 0x53cb38) and my program
>> receives signal 10.
>>
>> Did I miss something or is my code wrong?
>> Any help appreciated!
> 
> The code you generate for the function address is
> 3C0F0053  lui         t7,0x53
> 240FCB38  addiu       t7,zero,-13512
> 
>    There are 2 problems here... the second instruction should be "addiu
> t7,t7,-13512" and addiu sign-extends the immediate value so you have to
> deal with this by adjusting the lui if bit 15 of the address is set.
> It's simpler to use ori which does not sign-extend the immediate value:
> 
> 3C0F0053  lui         t7,0x53
> 35EFEB37  ori         t7,t7,0xeb37
> 
>    You will need to modify the instructions that load a0 and a1 in the
> same way.
> 
>    The next issue will be cache maintenance which you have to do
> explicitly. Most MIPS CPUs use writeback caches, so you need to flush
> this data from the dcache into memory and then invalidate the icache to
> make sure the CPU does not execute stale data. MIPS32 processors support
> synci to accomplish this.  If the processor you're using doesn't have
> synci, there is a cachectl syscall which does the required cache
> writeback/invalidation
> 
>    One final point is calling conventions. If you are calling other JIT
> code you will know what assumptions it makes about register/stack usage,
> but if you are calling normal code (eg a library function) then you have
> to use the normal calling conventions.  The caller is required to
> allocate 4 words at $sp where the callee can store $a0..$a3. PIC code
> requires that the call is made using "jalr $t9" etc.
> 
> If you're new to the MIPS world I'd strongly recommend "See MIPS Run
> Linux" by Dominic Sweetman which covers a lot of this stuff and is very
> readable.
> 
> Chris
> 
> --
> Chris Dearman                 Desk:+1 650 567 5092  Cell:+1 650 224 8603
> MIPS Technologies Inc         1225 Charleston Rd, Mountain View CA 94043

-- 
Harald Krapfenbauer
Project assistant

Vienna University of Technology, Institute of Computer Technology
Gusshausstraße 27-29, 1040 Vienna, Austria
Phone: +43-1-58801-38472, Fax: +43-1-58801-38499
Email: krapfenbauer@ict.tuwien.ac.at, WWW: http://www.ict.tuwien.ac.at
Skype: harald.krapfenbauer