Hi, Tim It's weird why I didn't meet your issue?
VariableDxe.c.patch is what I modified to emulate your case. The pcd definition is updated to: ## 64-bit Base address of the NV variable range in flash device gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0xFFE00008|UINT64|0x80000001 The CC flag is: DEBUG_VS2008x86_X64_CC_FLAGS = /nologo /c /WX /GS- /X /W4 /Gs32768 /D UNICODE /O1ib2s /GL /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Gm The Link flag is: DEBUG_VS2008x86_X64_DLINK_FLAGS = /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:32 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG [From above build flag, we can know LTO feature is enabled as /GL and /LTCG has been used] The output.txt is the disassembly file of "dmpbin.exe", in which line 26 ~28, I don't see the assembly code segment like you shown. (due to 512k mail size limitation, I have to trim some output in output.txt) The disassembly code is: 0000000000000A12: B8 08 01 E0 FF mov eax,0FFE00108h 0000000000000A17: B9 08 00 E0 FF mov ecx,0FFE00008h 0000000000000A1C: 80 38 00 cmp byte ptr [rax],0 So what build flag are you using? Thanks Feng From: Tim Lewis [mailto:tim.le...@insyde.com] Sent: Thursday, May 23, 2013 09:30 To: edk2-devel@lists.sourceforge.net<mailto:edk2-devel@lists.sourceforge.net> Subject: Re: [edk2] LTCG and fixed address pointers. To follow up further, the problem appears to be an encoding error: The bytes for the encoding are below. The value of the PCD was 0x00000000ffe8b00e 0000000000063B24: 44 38 B0 0E B0 E8 FF cmp byte ptr [rax-174FF2h],r14b 44 = extend the R field in the mod R/M byte. 38 = compare B0 = modrm = [rax+disp32], and r = r14 Disp32 = ffe8b0038 Notice that the PCD value is encoded directly as a displacement. But, in 64-bit modes, displacements are sign-extended (see 2.2.1.3 in Vol 2 of the Intel Ref) to 64-bits, which means it acts, -effectively, like a subtraction. For an unsigned integer, it must be encoded with a register. In fact, a few instructions before, you can see: 0000000000063B14: BA 0E B0 E8 FF mov edx,0FFE8B00Eh So this would have been better encoded as cmp byte ptr [rax + rdx], r14b Tim From: Tim Lewis [mailto:tim.le...@insyde.com] Sent: Tuesday, May 21, 2013 9:41 PM To: edk2-devel@lists.sourceforge.net<mailto:edk2-devel@lists.sourceforge.net> Subject: Re: [edk2] LTCG and fixed address pointers. We tried as a UINT64. Same result. Tim From: Tian, Feng [mailto:feng.t...@intel.com] Sent: Tuesday, May 21, 2013 8:26 PM To: edk2-devel@lists.sourceforge.net<mailto:edk2-devel@lists.sourceforge.net> Subject: Re: [edk2] LTCG and fixed address pointers. How about defining this Pcd as UINT64? We defined PcdPciExpressBaseAddress like this way. So your code should be: In Dec file: gXxxTokenSpaceGuid.PcdXxxAddress|0xFFe8B00E|UINT64|0x12345678 In C code: StrPtr = PcdGet64 (PcdXXX) + 0x100; From: Tim Lewis [mailto:tim.le...@insyde.com] Sent: Wednesday, May 22, 2013 01:16 To: edk2-devel@lists.sourceforge.net<mailto:edk2-devel@lists.sourceforge.net> Subject: [edk2] LTCG and fixed address pointers. We are having trouble with link-time code generation under Visual Studio when using PCDs to specify a specific address and convert it to a pointer, when accessed from a library. In a library, the FixedAtBuild PCDs (on x64) are defned as extern const UINT32 PcdXXXX; and PcdXXXX contains 0xffe8b00e. The code generated by VS2008/2010/2012 linker shows: xor r12d,r12d // r12d = 0 mov eax,r12d // eax = r12d == 0 rax = ? cmp byte ptr [rax-174FF2h],r12b Notice LTCG is trying to optimize by using a relative offset from 0. "0 - 174ff2" is FFFFFFFFFFE8B00E (not FFe8B00e). The code in question is in the form: CHAR8 *StrPtr; StrPtr = (CHAR8 *)(UINTN) (PcdGet(PcdXXXX) + 0x100)) while (*StrPtr != '\0') { ... } We have tried nearly everything we can think of, other than turning off LTCG for the module or even the specific lines. I am worried about what happens with MMIO and other "fixed" addresses. I have tried (CHAR8 *)(UINTN) (UINT32) and almost every possible combination of typecases on the PCD result and the 0x100, etc. Even did & 0xffffffff. No effect. If I turn off LTCG, it correctly creates a 32-bit address. I haven't been able to get any response on the MS forums. Anyone have any experience with this? Tim
Microsoft (R) COFF/PE Dumper Version 9.00.30729.01
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file VariableRuntimeDxe.efi
File Type: DLL
FtwNotificationEvent:
00000000000009DC: 48 8B C4 mov rax,rsp
00000000000009DF: 48 89 58 08 mov qword ptr [rax+8],rbx
00000000000009E3: 48 89 70 10 mov qword ptr [rax+10h],rsi
00000000000009E7: 57 push rdi
00000000000009E8: 48 83 EC 70 sub rsp,70h
00000000000009EC: 4C 8D 40 20 lea r8,[rax+20h]
00000000000009F0: 48 8B 05 D9 62 00 mov rax,qword ptr [gBS]
00
00000000000009F7: 48 8B F1 mov rsi,rcx
00000000000009FA: 48 8D 0D 9F 61 00 lea
rcx,[gEfiFaultTolerantWriteProtocolGuid]
00
0000000000000A01: 33 D2 xor edx,edx
0000000000000A03: FF 90 40 01 00 00 call qword ptr [rax+140h]
0000000000000A09: 48 85 C0 test rax,rax
0000000000000A0C: 0F 88 9E 01 00 00 js 0000000000000BB0
0000000000000A12: B8 08 01 E0 FF mov eax,0FFE00108h
0000000000000A17: B9 08 00 E0 FF mov ecx,0FFE00008h
0000000000000A1C: 80 38 00 cmp byte ptr [rax],0
0000000000000A1F: 74 05 je 0000000000000A26
0000000000000A21: 48 FF C1 inc rcx
0000000000000A24: EB FB jmp 0000000000000A21
0000000000000A26: 4C 8D 84 24 90 00 lea r8,[rsp+90h]
00 00
0000000000000A2E: 33 D2 xor edx,edx
0000000000000A30: E8 4F 2B 00 00 call GetFvbInfoByAddress
0000000000000A35: 48 85 C0 test rax,rax
0000000000000A38: 0F 88 72 01 00 00 js 0000000000000BB0
0000000000000A3E: 48 8B 05 CB 62 00 mov rax,qword ptr
[mVariableModuleGlobal]
00
0000000000000A45: 48 8B 8C 24 90 00 mov rcx,qword ptr [rsp+90h]
00 00
0000000000000A4D: 48 C7 C2 00 F0 FF mov rdx,0FFFFFFFFFFFFF000h
FF
0000000000000A54: 48 89 48 78 mov qword ptr [rax+78h],rcx
0000000000000A58: 48 8B 05 B1 62 00 mov rax,qword ptr
[mVariableModuleGlobal]
00
0000000000000A5F: 48 8B 48 10 mov rcx,qword ptr [rax+10h]
0000000000000A63: 48 8B D9 mov rbx,rcx
0000000000000A66: 8B 41 10 mov eax,dword ptr [rcx+10h]
0000000000000A69: 48 23 DA and rbx,rdx
0000000000000A6C: 48 2B C3 sub rax,rbx
0000000000000A6F: 48 8D BC 08 FF 0F lea rdi,[rax+rcx+0FFFh]
00 00
0000000000000A77: 48 8B 05 6A 62 00 mov rax,qword ptr [gDS]
00
0000000000000A7E: 48 8B CB mov rcx,rbx
0000000000000A81: 48 23 FA and rdi,rdx
0000000000000A84: 48 8D 54 24 30 lea rdx,[rsp+30h]
0000000000000A89: FF 50 38 call qword ptr [rax+38h]
0000000000000A8C: 48 85 C0 test rax,rax
0000000000000A8F: 78 27 js 0000000000000AB8
0000000000000A91: 4C 8B 44 24 48 mov r8,qword ptr [rsp+48h]
0000000000000A96: 48 B8 00 00 00 00 mov rax,8000000000000000h
00 00 00 80
0000000000000AA0: 48 8B D7 mov rdx,rdi
0000000000000AA3: 4C 0B C0 or r8,rax
0000000000000AA6: 48 8B 05 3B 62 00 mov rax,qword ptr [gDS]
00
0000000000000AAD: 48 8B CB mov rcx,rbx
0000000000000AB0: FF 50 40 call qword ptr [rax+40h]
0000000000000AB3: 48 85 C0 test rax,rax
0000000000000AB6: 79 11 jns 0000000000000AC9
0000000000000AB8: 48 8D 15 A1 4A 00 lea
rdx,[??_C@_0EG@EILDOFIE@Variable?5driver?5failed?5to?5add?5EF@]
00
0000000000000ABF: B9 02 00 00 00 mov ecx,2
0000000000000AC4: E8 E7 2D 00 00 call DebugPrint
0000000000000AC9: 48 8B 05 40 62 00 mov rax,qword ptr
[mVariableModuleGlobal]
00
0000000000000AD0: 4C 8B 50 10 mov r10,qword ptr [rax+10h]
0000000000000AD4: 48 8D 50 40 lea rdx,[rax+40h]
0000000000000AD8: 41 8B 4A 10 mov ecx,dword ptr [r10+10h]
0000000000000ADC: 48 8B 02 mov rax,qword ptr [rdx]
0000000000000ADF: 48 3B C1 cmp rax,rcx
0000000000000AE2: 73 30 jae 0000000000000B14
0000000000000AE4: 4C 8B 05 C5 61 00 mov r8,qword ptr
[mNvVariableCache]
00
0000000000000AEB: 41 80 3C 00 FF cmp byte ptr [r8+rax],0FFh
0000000000000AF0: 75 0A jne 0000000000000AFC
0000000000000AF2: 48 FF C0 inc rax
0000000000000AF5: 48 3B C1 cmp rax,rcx
0000000000000AF8: 72 F1 jb 0000000000000AEB
0000000000000AFA: EB 18 jmp 0000000000000B14
0000000000000AFC: 45 33 C9 xor r9d,r9d
0000000000000AFF: 45 33 C0 xor r8d,r8d
0000000000000B02: 49 8B CA mov rcx,r10
0000000000000B05: C6 44 24 20 01 mov byte ptr [rsp+20h],1
0000000000000B0A: E8 9D 05 00 00 call Reclaim
0000000000000B0F: 48 85 C0 test rax,rax
0000000000000B12: 78 0B js 0000000000000B1F
0000000000000B14: 33 D2 xor edx,edx
0000000000000B16: 33 C9 xor ecx,ecx
0000000000000B18: E8 4F 25 00 00 call FlushHobVariableToFlash
0000000000000B1D: 33 C0 xor eax,eax
0000000000000B1F: BB 00 00 00 80 mov ebx,80000000h
0000000000000B24: 48 85 C0 test rax,rax
0000000000000B27: 79 2A jns 0000000000000B53
0000000000000B29: 48 8D 15 70 49 00 lea
rdx,[??_C@_0CB@DMEJJJHA@?6ASSERT_EFI_ERROR?5?$CIStatus?5?$DN?5?$CFr?$CJ?6@]
00
0000000000000B30: 4C 8B C0 mov r8,rax
0000000000000B33: 48 8B CB mov rcx,rbx
0000000000000B36: E8 75 2D 00 00 call DebugPrint
0000000000000B3B: 4C 8D 05 86 49 00 lea
r8,[??_C@_0BE@DCHLEIGN@?$CBEFI_ERROR?5?$CIStatus?$CJ?$AA@]
00
0000000000000B42: 48 8D 0D 5F 4A 00 lea
rcx,[??_C@_0DP@PADHDKNA@m?3?2tm?2MdeModulePkg?2Universal?2Var@]
00
0000000000000B49: BA 59 01 00 00 mov edx,159h
0000000000000B4E: E8 E9 2D 00 00 call DebugAssert
0000000000000B53: 48 8B 05 76 61 00 mov rax,qword ptr [gBS]
00
0000000000000B5A: 48 8D 15 1F 60 00 lea
rdx,[gEfiVariableWriteArchProtocolGuid]
00
0000000000000B61: 48 8D 0D 30 61 00 lea rcx,[mHandle]
00
0000000000000B68: 45 33 C9 xor r9d,r9d
0000000000000B6B: 45 33 C0 xor r8d,r8d
0000000000000B6E: FF 90 80 00 00 00 call qword ptr [rax+80h]
0000000000000B74: 48 85 C0 test rax,rax
0000000000000B77: 79 2A jns 0000000000000BA3
0000000000000B79: 48 8D 15 20 49 00 lea
rdx,[??_C@_0CB@DMEJJJHA@?6ASSERT_EFI_ERROR?5?$CIStatus?5?$DN?5?$CFr?$CJ?6@]
00
0000000000000B80: 4C 8B C0 mov r8,rax
0000000000000B83: 48 8B CB mov rcx,rbx
0000000000000B86: E8 25 2D 00 00 call DebugPrint
0000000000000B8B: 4C 8D 05 36 49 00 lea
r8,[??_C@_0BE@DCHLEIGN@?$CBEFI_ERROR?5?$CIStatus?$CJ?$AA@]
00
0000000000000B92: 48 8D 0D 0F 4A 00 lea
rcx,[??_C@_0DP@PADHDKNA@m?3?2tm?2MdeModulePkg?2Universal?2Var@]
00
0000000000000B99: BA 64 01 00 00 mov edx,164h
0000000000000B9E: E8 99 2D 00 00 call DebugAssert
0000000000000BA3: 48 8B 05 26 61 00 mov rax,qword ptr [gBS]
00
0000000000000BAA: 48 8B CE mov rcx,rsi
0000000000000BAD: FF 50 70 call qword ptr [rax+70h]
0000000000000BB0: 4C 8D 5C 24 70 lea r11,[rsp+70h]
0000000000000BB5: 49 8B 5B 10 mov rbx,qword ptr [r11+10h]
0000000000000BB9: 49 8B 73 18 mov rsi,qword ptr [r11+18h]
0000000000000BBD: 49 8B E3 mov rsp,r11
0000000000000BC0: 5F pop rdi
0000000000000BC1: C3 ret
0000000000000BC2: CC CC ÌÌ
VariableDxe.c.patch
Description: VariableDxe.c.patch
------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel
