Blame - courgette/disassembler_elf_32_arm.cc - chromium/src.git

[email protected]

39ed973

2013-06-20 10:17:53

[diff] [blame]

1

2

// Use of this source code is governed by a BSD-style license that can be

3

// found in the LICENSE file.

4

5

#include "courgette/disassembler_elf_32_arm.h"

6

mostynb

1007a4a

2016-04-11 23:18:06

[diff] [blame]

7

#include <memory>

etiennep

7d4e8ee

2016-05-11 20:13:36

[diff] [blame]

8

#include <utility>

[email protected]

39ed973

2013-06-20 10:17:53

[diff] [blame]

#include <vector>

2013-06-20 10:17:53

[diff] [blame]

11

#include "base/logging.h"

[email protected]

39ed973

2013-06-20 10:17:53

[diff] [blame]

12

#include "courgette/assembly_program.h"

13

#include "courgette/courgette.h"

[email protected]

39ed973

2013-06-20 10:17:53

[diff] [blame]

14

15

namespace courgette {

16

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

17

CheckBool DisassemblerElf32ARM::Compress(ARM_RVA type,

uint32_t arm_op,

RVA rva,

uint16_t* c_op,

uint32_t* addr) {

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

22

// Notation for bit ranges in comments:

23

// - Listing bits from highest to lowest.

24

// - A-Z or (j1), (j2), etc.: single bit in source.

25

// - a-z: multiple, consecutive bits in source.

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

26

switch (type) {

27

case ARM_OFF8: {

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

28

// Encoding T1.

29

// The offset is given by lower 8 bits of the op. It is a 9-bit offset,

30

// shifted right 1 bit, and signed extended.

31

// arm_op = aaaaaaaa Snnnnnnn

32

// *addr := SSSSSSSS SSSSSSSS SSSSSSSS nnnnnnn0 + 100

33

// *c_op := 00010000 aaaaaaaa

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

34

uint32_t temp = (arm_op & 0x00FF) << 1;

[email protected]

144c8e9

2013-07-23 21:18:19

[diff] [blame]

35

if (temp & 0x0100)

36

temp |= 0xFFFFFE00;

37

temp += 4; // Offset from _next_ PC.

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

38

39

(*addr) = temp;

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

40

(*c_op) = static_cast<uint16_t>(arm_op >> 8) | 0x1000;

[email protected]

144c8e9

2013-07-23 21:18:19

[diff] [blame]

41

break;

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

42

}

43

case ARM_OFF11: {

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

44

// Encoding T2.

45

// The offset is given by lower 11 bits of the op, and is a 12-bit offset,

46

// shifted right 1 bit, and sign extended.

47

// arm_op = aaaaaSnn nnnnnnnn

48

// *addr := SSSSSSSS SSSSSSSS SSSSSnnn nnnnnnn0 + 100

49

// *c_op := 00100000 000aaaaa

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

50

uint32_t temp = (arm_op & 0x07FF) << 1;

[email protected]

144c8e9

2013-07-23 21:18:19

[diff] [blame]

51

if (temp & 0x00000800)

52

temp |= 0xFFFFF000;

53

temp += 4; // Offset from _next_ PC.

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

54

55

(*addr) = temp;

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

56

(*c_op) = static_cast<uint16_t>(arm_op >> 11) | 0x2000;

[email protected]

144c8e9

2013-07-23 21:18:19

[diff] [blame]

57

break;

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

58

}

59

case ARM_OFF24: {

60

// The offset is given by the lower 24-bits of the op, shifted

61

// left 2 bits, and sign extended.

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

62

// arm_op = aaaaaaaa Snnnnnnn nnnnnnnn nnnnnnnn

63

// *addr := SSSSSSSn nnnnnnnn nnnnnnnn nnnnnn00 + 1000

64

// *c_op := 00110000 aaaaaaaa

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

65

uint32_t temp = (arm_op & 0x00FFFFFF) << 2;

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

66

if (temp & 0x02000000)

temp |= 0xFC000000;

temp += 8;

(*addr) = temp;

(*c_op) = (arm_op >> 24) | 0x3000;

72

break;

73

}

74

case ARM_OFF25: {

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

75

// Encoding T4.

76

// arm_op = aaaaaSmm mmmmmmmm BC(j1)D(j2)nnn nnnnnnnn

77

// where CD is in {01, 10, 11}

// i1 := ~(j1 ^ S)

// i2 := ~(j2 ^ S)

// If CD == 10:

// pppp := (rva % 4 == 0) ? 0100 : 0010

82

// Else:

83

// pppp := 0100

84

// *addr := SSSSSSSS (i1)(i2)mmmmmm mmmmnnnn nnnnnnn0 + pppp

85

// *c_op := 0100pppp aaaaaBCD

86

// TODO(huangs): aaaaa = 11110 and B = 1 always? Investigate and fix.

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

87

uint32_t temp = 0;

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

88

temp |= (arm_op & 0x000007FF) << 1; // imm11

89

temp |= (arm_op & 0x03FF0000) >> 4; // imm10

90

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

91

uint32_t S = (arm_op & (1 << 26)) >> 26;

92

uint32_t j2 = (arm_op & (1 << 11)) >> 11;

93

uint32_t j1 = (arm_op & (1 << 13)) >> 13;

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

94

bool bit12 = ((arm_op & (1 << 12)) >> 12) != 0; // D

95

bool bit14 = ((arm_op & (1 << 14)) >> 14) != 0; // C

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

96

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

97

uint32_t i2 = ~(j2 ^ S) & 1;

98

uint32_t i1 = ~(j1 ^ S) & 1;

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

99

bool toARM = bit14 && !bit12;

100

101

temp |= (S << 24) | (i1 << 23) | (i2 << 22);

102

huangs

7b221a5

2016-11-09 22:28:23

[diff] [blame]

103

if (temp & 0x01000000) // sign extension

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

104

temp |= 0xFE000000;

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

105

uint32_t prefetch;

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

106

if (toARM) {

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

107

// Align PC on 4-byte boundary.

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

108

uint32_t align4byte = (rva % 4) ? 2 : 4;

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

109

prefetch = align4byte;

} else {

prefetch = 4;

}

temp += prefetch;

(*addr) = temp;

avi

2015-12-21 19:35:33

[diff] [blame]

116

uint32_t temp2 = 0x4000;

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

117

temp2 |= (arm_op & (1 << 12)) >> 12; // .......D

118

temp2 |= (arm_op & (1 << 14)) >> 13; // ......C.

119

temp2 |= (arm_op & (1 << 15)) >> 13; // .....B..

120

temp2 |= (arm_op & 0xF8000000) >> 24; // aaaaa...

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

121

temp2 |= (prefetch & 0x0000000F) << 8;

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

122

(*c_op) = static_cast<uint16_t>(temp2);

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

123

break;

124

}

125

case ARM_OFF21: {

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

126

// Encoding T3.

127

// arm_op = 11110Scc ccmmmmmm 10(j1)0(j2)nnn nnnnnnnn

128

// *addr := SSSSSSSS SSSS(j1)(j2)mm mmmmnnnn nnnnnnn0 + 100

129

// *c_op := 01010000 0000cccc

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

130

uint32_t temp = 0;

[email protected]

11336c0

2013-09-25 19:05:51

[diff] [blame]

131

temp |= (arm_op & 0x000007FF) << 1; // imm11

132

temp |= (arm_op & 0x003F0000) >> 4; // imm6

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

133

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

134

uint32_t S = (arm_op & (1 << 26)) >> 26;

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

135

// TODO(huangs): Check with docs: Perhaps j1, j2 should swap?

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

136

uint32_t j2 = (arm_op & (1 << 11)) >> 11;

137

uint32_t j1 = (arm_op & (1 << 13)) >> 13;

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

138

139

temp |= (S << 20) | (j1 << 19) | (j2 << 18);

140

[email protected]

11336c0

2013-09-25 19:05:51

[diff] [blame]

141

if (temp & 0x00100000) // sign extension

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

temp |= 0xFFE00000;

temp += 4;

(*addr) = temp;

avi

2015-12-21 19:35:33

[diff] [blame]

146

uint32_t temp2 = 0x5000;

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

147

temp2 |= (arm_op & 0x03C00000) >> 22; // just save the cond

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

148

(*c_op) = static_cast<uint16_t>(temp2);

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

break;

}

2013-07-23 21:18:19

[diff] [blame]

default:

return false;

}

2013-07-23 21:18:19

[diff] [blame]

return true;

}

avi

2015-12-21 19:35:33

[diff] [blame]

157

CheckBool DisassemblerElf32ARM::Decompress(ARM_RVA type,

uint16_t c_op,

uint32_t addr,

uint32_t* arm_op) {

2013-08-01 00:11:24

[diff] [blame]

161

switch (type) {

162

case ARM_OFF8:

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

163

// addr = SSSSSSSS SSSSSSSS SSSSSSSS nnnnnnn0 + 100

164

// c_op = 00010000 aaaaaaaa

165

// *arm_op := aaaaaaaa Snnnnnnn

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

166

(*arm_op) = ((c_op & 0x0FFF) << 8) | (((addr - 4) >> 1) & 0x000000FF);

167

break;

168

case ARM_OFF11:

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

169

// addr = SSSSSSSS SSSSSSSS SSSSSnnn nnnnnnn0 + 100

170

// c_op = 00100000 000aaaaa

171

// *arm_op := aaaaaSnn nnnnnnnn

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

172

(*arm_op) = ((c_op & 0x0FFF) << 11) | (((addr - 4) >> 1) & 0x000007FF);

173

break;

174

case ARM_OFF24:

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

175

// addr = SSSSSSSn nnnnnnnn nnnnnnnn nnnnnn00 + 1000

176

// c_op = 00110000 aaaaaaaa

177

// *arm_op := aaaaaaaa Snnnnnnn nnnnnnnn nnnnnnnn

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

178

(*arm_op) = ((c_op & 0x0FFF) << 24) | (((addr - 8) >> 2) & 0x00FFFFFF);

179

break;

180

case ARM_OFF25: {

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

181

// addr = SSSSSSSS (i1)(i2)mmmmmm mmmmnnnn nnnnnnn0 + pppp

182

// c_op = 0100pppp aaaaaBCD

183

// j1 := ~i1 ^ S

184

// j2 := ~i2 ^ S

185

// *arm_op := aaaaaSmm mmmmmmmm BC(j1)D(j2)nnn nnnnnnnn

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

186

uint32_t temp = 0;

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

187

temp |= (c_op & (1 << 0)) << 12;

188

temp |= (c_op & (1 << 1)) << 13;

189

temp |= (c_op & (1 << 2)) << 13;

190

temp |= (c_op & (0xF8000000 >> 24)) << 24;

191

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

192

uint32_t prefetch = (c_op & 0x0F00) >> 8;

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

addr -= prefetch;

addr &= 0x01FFFFFF;

avi

2015-12-21 19:35:33

[diff] [blame]

197

uint32_t S = (addr & (1 << 24)) >> 24;

198

uint32_t i1 = (addr & (1 << 23)) >> 23;

199

uint32_t i2 = (addr & (1 << 22)) >> 22;

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

200

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

201

uint32_t j1 = ((~i1) ^ S) & 1;

202

uint32_t j2 = ((~i2) ^ S) & 1;

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

temp |= S << 26;

temp |= j2 << 11;

temp |= j1 << 13;

temp |= (addr & (0x000007FF << 1)) >> 1;

209

temp |= (addr & (0x03FF0000 >> 4)) << 4;

(*arm_op) = temp;

break;

}

case ARM_OFF21: {

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

215

// addr = SSSSSSSS SSSS(j1)(j2)mm mmmmnnnn nnnnnnn0 + 100

216

// c_op = 01010000 0000cccc

217

// *arm_op := 11110Scc ccmmmmmm 10(j1)0(j2)nnn nnnnnnnn

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

218

uint32_t temp = 0xF0008000;

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

219

temp |= (c_op & (0x03C00000 >> 22)) << 22;

addr -= 4;

addr &= 0x001FFFFF;

avi

2015-12-21 19:35:33

[diff] [blame]

224

uint32_t S = (addr & (1 << 20)) >> 20;

225

uint32_t j1 = (addr & (1 << 19)) >> 19;

226

uint32_t j2 = (addr & (1 << 18)) >> 18;

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

temp |= S << 26;

temp |= j2 << 11;

temp |= j1 << 13;

temp |= (addr & (0x000007FF << 1)) >> 1;

233

temp |= (addr & (0x003F0000 >> 4)) << 4;

(*arm_op) = temp;

break;

}

default:

return false;

}

return true;

}

avi

2015-12-21 19:35:33

[diff] [blame]

244

uint16_t DisassemblerElf32ARM::TypedRVAARM::op_size() const {

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

switch (type_) {

case ARM_OFF8:

return 2;

case ARM_OFF11:

return 2;

case ARM_OFF24:

return 4;

case ARM_OFF25:

return 4;

case ARM_OFF21:

return 4;

default:

2014-07-08 08:40:56

[diff] [blame]

257

return 0xFFFF;

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

}

}

CheckBool DisassemblerElf32ARM::TypedRVAARM::ComputeRelativeTarget(

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

262

const uint8_t* op_pointer) {

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

263

arm_op_ = op_pointer;

264

switch (type_) {

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

265

case ARM_OFF8: // Falls through.

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

266

case ARM_OFF11: {

267

RVA relative_target;

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

268

CheckBool ret = Compress(type_,

269

Read16LittleEndian(op_pointer),

rva(),

&c_op_,

&relative_target);

2013-08-01 00:11:24

[diff] [blame]

273

set_relative_target(relative_target);

return ret;

}

case ARM_OFF24: {

RVA relative_target;

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

278

CheckBool ret = Compress(type_,

279

Read32LittleEndian(op_pointer),

rva(),

&c_op_,

&relative_target);

2013-08-01 00:11:24

[diff] [blame]

283

set_relative_target(relative_target);

284

return ret;

285

}

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

286

case ARM_OFF25: // Falls through.

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

287

case ARM_OFF21: {

288

// A thumb-2 op is 32 bits stored as two 16-bit words

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

289

uint32_t pval = (Read16LittleEndian(op_pointer) << 16) |

290

Read16LittleEndian(op_pointer + 2);

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

291

RVA relative_target;

292

CheckBool ret = Compress(type_, pval, rva(), &c_op_, &relative_target);

293

set_relative_target(relative_target);

return ret;

}

default:

return false;

}

}

CheckBool DisassemblerElf32ARM::TypedRVAARM::EmitInstruction(

huangs

7b221a5

2016-11-09 22:28:23

[diff] [blame]

302

Label* label,

303

InstructionReceptor* receptor) {

304

return receptor->EmitRel32ARM(c_op(), label, arm_op_, op_size());

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

305

}

306

etiennep

5059bca

2016-07-08 17:55:20

[diff] [blame]

307

DisassemblerElf32ARM::DisassemblerElf32ARM(const uint8_t* start, size_t length)

308

: DisassemblerElf32(start, length) {}

[email protected]

39ed973

2013-06-20 10:17:53

[diff] [blame]

309

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

310

// Convert an ELF relocation struction into an RVA.

[email protected]

39ed973

2013-06-20 10:17:53

[diff] [blame]

311

CheckBool DisassemblerElf32ARM::RelToRVA(Elf32_Rel rel, RVA* result) const {

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

312

// The rightmost byte of r_info is the type.

scottmg

4a95ca5

2016-03-12 23:54:56

[diff] [blame]

313

elf32_rel_arm_type_values type =

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

314

static_cast<elf32_rel_arm_type_values>(rel.r_info & 0xFF);

scottmg

4a95ca5

2016-03-12 23:54:56

[diff] [blame]

315

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

316

// The other 3 bytes of r_info are the symbol.

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

317

uint32_t symbol = rel.r_info >> 8;

[email protected]

39ed973

2013-06-20 10:17:53

[diff] [blame]

318

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

319

switch (type) {

[email protected]

39ed973

2013-06-20 10:17:53

[diff] [blame]

case R_ARM_RELATIVE:

if (symbol != 0)

return false;

huangs

2016-03-14 16:35:39

[diff] [blame]

324

// This is a basic ABS32 relocation address.

[email protected]

39ed973

2013-06-20 10:17:53

[diff] [blame]

325

*result = rel.r_offset;

return true;

default:

return false;

}

2013-06-20 10:17:53

[diff] [blame]

331

}

332

333

CheckBool DisassemblerElf32ARM::ParseRelocationSection(

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

334

const Elf32_Shdr* section_header,

huangs

7b221a5

2016-11-09 22:28:23

[diff] [blame]

335

InstructionReceptor* receptor) const {

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

336

// This method compresses a contiguous stretch of R_ARM_RELATIVE entries in

337

// the relocation table with a Courgette relocation table instruction.

338

// It skips any entries at the beginning that appear in a section that

339

// Courgette doesn't support, e.g. INIT.

340

//

[email protected]

a8e8041

2013-07-18 22:07:53

[diff] [blame]

341

// Specifically, the entries should be

342

// (1) In the same relocation table

343

// (2) Are consecutive

344

// (3) Are sorted in memory address order

[email protected]

39ed973

2013-06-20 10:17:53

[diff] [blame]

345

//

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

346

// Happily, this is normally the case, but it's not required by spec so we

347

// check, and just don't do it if we don't match up.

[email protected]

a8e8041

2013-07-18 22:07:53

[diff] [blame]

348

//

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

349

// The expectation is that one relocation section will contain all of our

350

// R_ARM_RELATIVE entries in the expected order followed by assorted other

351

// entries we can't use special handling for.

[email protected]

39ed973

2013-06-20 10:17:53

[diff] [blame]

bool match = true;

huangs

2016-03-14 16:35:39

[diff] [blame]

355

// Walk all the bytes in the section, matching relocation table or not.

356

FileOffset file_offset = section_header->sh_offset;

357

FileOffset section_end = section_header->sh_offset + section_header->sh_size;

[email protected]

39ed973

2013-06-20 10:17:53

[diff] [blame]

358

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

359

const Elf32_Rel* section_relocs_iter = reinterpret_cast<const Elf32_Rel*>(

360

FileOffsetToPointer(section_header->sh_offset));

[email protected]

39ed973

2013-06-20 10:17:53

[diff] [blame]

361

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

362

uint32_t section_relocs_count =

363

section_header->sh_size / section_header->sh_entsize;

[email protected]

39ed973

2013-06-20 10:17:53

[diff] [blame]

364

365

if (abs32_locations_.size() > section_relocs_count)

match = false;

2013-07-18 22:07:53

[diff] [blame]

368

if (!abs32_locations_.empty()) {

huangs

257f9fb0

2017-03-23 23:17:50

[diff] [blame]

369

std::vector<RVA>::const_iterator reloc_iter = abs32_locations_.begin();

[email protected]

39ed973

2013-06-20 10:17:53

[diff] [blame]

370

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

371

for (uint32_t i = 0; i < section_relocs_count; ++i) {

[email protected]

a8e8041

2013-07-18 22:07:53

[diff] [blame]

372

if (section_relocs_iter->r_offset == *reloc_iter)

373

break;

[email protected]

39ed973

2013-06-20 10:17:53

[diff] [blame]

374

huangs

7b221a5

2016-11-09 22:28:23

[diff] [blame]

375

if (!ParseSimpleRegion(file_offset, file_offset + sizeof(Elf32_Rel),

376

receptor)) {

[email protected]

a8e8041

2013-07-18 22:07:53

[diff] [blame]

377

return false;

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

378

}

[email protected]

a8e8041

2013-07-18 22:07:53

[diff] [blame]

379

380

file_offset += sizeof(Elf32_Rel);

381

++section_relocs_iter;

382

}

383

384

while (match && (reloc_iter != abs32_locations_.end())) {

385

if (section_relocs_iter->r_info != R_ARM_RELATIVE ||

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

386

section_relocs_iter->r_offset != *reloc_iter) {

[email protected]

a8e8041

2013-07-18 22:07:53

[diff] [blame]

387

match = false;

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

388

}

[email protected]

a8e8041

2013-07-18 22:07:53

[diff] [blame]

389

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

390

++section_relocs_iter;

391

++reloc_iter;

[email protected]

a8e8041

2013-07-18 22:07:53

[diff] [blame]

392

file_offset += sizeof(Elf32_Rel);

}

if (match) {

// Skip over relocation tables

huangs

7b221a5

2016-11-09 22:28:23

[diff] [blame]

397

if (!receptor->EmitElfARMRelocation())

[email protected]

a8e8041

2013-07-18 22:07:53

[diff] [blame]

return false;

}

2013-06-20 10:17:53

[diff] [blame]

400

}

401

huangs

7b221a5

2016-11-09 22:28:23

[diff] [blame]

402

return ParseSimpleRegion(file_offset, section_end, receptor);

[email protected]

39ed973

2013-06-20 10:17:53

[diff] [blame]

403

}

404

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

405

// TODO(huangs): Detect and avoid overlap with abs32 addresses.

[email protected]

39ed973

2013-06-20 10:17:53

[diff] [blame]

406

CheckBool DisassemblerElf32ARM::ParseRel32RelocsFromSection(

407

const Elf32_Shdr* section_header) {

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

408

FileOffset start_file_offset = section_header->sh_offset;

409

FileOffset end_file_offset = start_file_offset + section_header->sh_size;

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

410

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

411

const uint8_t* start_pointer = FileOffsetToPointer(start_file_offset);

412

const uint8_t* end_pointer = FileOffsetToPointer(end_file_offset);

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

413

414

// Quick way to convert from Pointer to RVA within a single Section is to

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

415

// subtract |pointer_to_rva|.

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

416

const uint8_t* const adjust_pointer_to_rva =

417

start_pointer - section_header->sh_addr;

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

418

419

// Find the rel32 relocations.

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

420

const uint8_t* p = start_pointer;

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

421

bool on_32bit = 1; // 32-bit ARM ops appear on 32-bit boundaries, so track it

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

422

while (p < end_pointer) {

423

// Heuristic discovery of rel32 locations in instruction stream: are the

424

// next few bytes the start of an instruction containing a rel32

425

// addressing mode?

mostynb

1007a4a

2016-04-11 23:18:06

[diff] [blame]

426

std::unique_ptr<TypedRVAARM> rel32_rva;

[email protected]

09368899

2014-04-03 11:35:46

[diff] [blame]

427

RVA target_rva = 0;

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

428

bool found = false;

429

430

// 16-bit thumb ops

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

431

if (!found && p + 3 <= end_pointer) {

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

432

uint16_t pval = Read16LittleEndian(p);

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

433

if ((pval & 0xF000) == 0xD000) {

434

RVA rva = static_cast<RVA>(p - adjust_pointer_to_rva);

435

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

436

rel32_rva.reset(new TypedRVAARM(ARM_OFF8, rva));

437

if (!rel32_rva->ComputeRelativeTarget(p))

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

438

return false;

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

439

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

440

target_rva = rel32_rva->rva() + rel32_rva->relative_target();

441

found = true;

442

} else if ((pval & 0xF800) == 0xE000) {

443

RVA rva = static_cast<RVA>(p - adjust_pointer_to_rva);

444

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

445

rel32_rva.reset(new TypedRVAARM(ARM_OFF11, rva));

446

if (!rel32_rva->ComputeRelativeTarget(p))

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

447

return false;

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

448

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

449

target_rva = rel32_rva->rva() + rel32_rva->relative_target();

found = true;

}

}

huangs

2016-03-14 16:35:39

[diff] [blame]

454

// thumb-2 ops comprised of two 16-bit words.

455

if (!found && p + 5 <= end_pointer) {

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

456

// This is really two 16-bit words, not one 32-bit word.

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

457

uint32_t pval = (Read16LittleEndian(p) << 16) | Read16LittleEndian(p + 2);

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

458

if ((pval & 0xF8008000) == 0xF0008000) {

459

// Covers thumb-2's 32-bit conditional/unconditional branches

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

460

if ((pval & (1 << 14)) || (pval & (1 << 12))) {

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

461

// A branch, with link, or with link and exchange.

462

RVA rva = static_cast<RVA>(p - adjust_pointer_to_rva);

463

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

464

rel32_rva.reset(new TypedRVAARM(ARM_OFF25, rva));

465

if (!rel32_rva->ComputeRelativeTarget(p))

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

466

return false;

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

467

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

468

target_rva = rel32_rva->rva() + rel32_rva->relative_target();

469

found = true;

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

470

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

471

} else {

472

// TODO(paulgazz) make sure cond is not 111

473

// A conditional branch instruction

474

RVA rva = static_cast<RVA>(p - adjust_pointer_to_rva);

475

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

476

rel32_rva.reset(new TypedRVAARM(ARM_OFF21, rva));

477

if (!rel32_rva->ComputeRelativeTarget(p))

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

478

return false;

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

479

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

480

target_rva = rel32_rva->rva() + rel32_rva->relative_target();

found = true;

}

}

}

huangs

2016-03-14 16:35:39

[diff] [blame]

486

// 32-bit ARM ops.

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

487

if (!found && on_32bit && (p + 5) <= end_pointer) {

avi

ab98dcc9

2015-12-21 19:35:33

[diff] [blame]

488

uint32_t pval = Read32LittleEndian(p);

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

489

if ((pval & 0x0E000000) == 0x0A000000) {

490

// Covers both 0x0A 0x0B ARM relative branches

491

RVA rva = static_cast<RVA>(p - adjust_pointer_to_rva);

492

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

493

rel32_rva.reset(new TypedRVAARM(ARM_OFF24, rva));

494

if (!rel32_rva->ComputeRelativeTarget(p))

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

495

return false;

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

496

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

497

target_rva = rel32_rva->rva() + rel32_rva->relative_target();

found = true;

}

}

huangs

2016-03-14 16:35:39

[diff] [blame]

502

if (found && IsValidTargetRVA(target_rva)) {

503

uint16_t op_size = rel32_rva->op_size();

etiennep

7d4e8ee

2016-05-11 20:13:36

[diff] [blame]

504

rel32_locations_.push_back(std::move(rel32_rva));

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

505

#if COURGETTE_HISTOGRAM_TARGETS

506

++rel32_target_rvas_[target_rva];

507

#endif

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

508

p += op_size;

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

509

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

510

// A tricky way to update the on_32bit flag. Here is the truth table:

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

511

// on_32bit | on_32bit size is 4

512

// ---------+---------------------

// 1 | 0 0

// 0 | 0 1

// 0 | 1 0

// 1 | 1 1

huangs

dda11d06

2016-03-14 16:35:39

[diff] [blame]

517

on_32bit = (~(on_32bit ^ (op_size == 4))) != 0;

[email protected]

2b637b6

2013-08-01 00:11:24

[diff] [blame]

518

} else {

519

// Move 2 bytes at a time, but track 32-bit boundaries

520

p += 2;

521

on_32bit = ((on_32bit + 1) % 2) != 0;

}

}

2013-06-20 10:17:53

[diff] [blame]

return true;

}

} // namespace courgette