1 //===- ARMDisassembler.cpp - Disassembler for ARM/Thumb ISA -----*- C++ -*-===// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This file is part of the ARM Disassembler. 11 // It contains code to implement the public interfaces of ARMDisassembler and 12 // ThumbDisassembler, both of which are instances of MCDisassembler. 13 // 14 //===----------------------------------------------------------------------===// 15 16 #define DEBUG_TYPE "arm-disassembler" 17 18 #include "ARMDisassembler.h" 19 #include "ARMDisassemblerCore.h" 20 21 #include "llvm/MC/EDInstInfo.h" 22 #include "llvm/MC/MCInst.h" 23 #include "llvm/Target/TargetRegistry.h" 24 #include "llvm/Support/Debug.h" 25 #include "llvm/Support/MemoryObject.h" 26 #include "llvm/Support/ErrorHandling.h" 27 #include "llvm/Support/raw_ostream.h" 28 29 //#define DEBUG(X) do { X; } while (0) 30 31 /// ARMGenDecoderTables.inc - ARMDecoderTables.inc is tblgen'ed from 32 /// ARMDecoderEmitter.cpp TableGen backend. It contains: 33 /// 34 /// o Mappings from opcode to ARM/Thumb instruction format 35 /// 36 /// o static uint16_t decodeInstruction(uint32_t insn) - the decoding function 37 /// for an ARM instruction. 38 /// 39 /// o static uint16_t decodeThumbInstruction(field_t insn) - the decoding 40 /// function for a Thumb instruction. 41 /// 42 #include "../ARMGenDecoderTables.inc" 43 44 #include "../ARMGenEDInfo.inc" 45 46 using namespace llvm; 47 48 /// showBitVector - Use the raw_ostream to log a diagnostic message describing 49 /// the inidividual bits of the instruction. 50 /// 51 static inline void showBitVector(raw_ostream &os, const uint32_t &insn) { 52 // Split the bit position markers into more than one lines to fit 80 columns. 53 os << " 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11" 54 << " 10 9 8 7 6 5 4 3 2 1 0 \n"; 55 os << "---------------------------------------------------------------" 56 << "----------------------------------\n"; 57 os << '|'; 58 for (unsigned i = 32; i != 0; --i) { 59 if (insn >> (i - 1) & 0x01) 60 os << " 1"; 61 else 62 os << " 0"; 63 os << (i%4 == 1 ? '|' : ':'); 64 } 65 os << '\n'; 66 // Split the bit position markers into more than one lines to fit 80 columns. 67 os << "---------------------------------------------------------------" 68 << "----------------------------------\n"; 69 os << '\n'; 70 } 71 72 /// decodeARMInstruction is a decorator function which tries special cases of 73 /// instruction matching before calling the auto-generated decoder function. 74 static unsigned decodeARMInstruction(uint32_t &insn) { 75 if (slice(insn, 31, 28) == 15) 76 goto AutoGenedDecoder; 77 78 // Special case processing, if any, goes here.... 79 80 // LLVM combines the offset mode of A8.6.197 & A8.6.198 into STRB. 81 // The insufficient encoding information of the combined instruction confuses 82 // the decoder wrt BFC/BFI. Therefore, we try to recover here. 83 // For BFC, Inst{27-21} = 0b0111110 & Inst{6-0} = 0b0011111. 84 // For BFI, Inst{27-21} = 0b0111110 & Inst{6-4} = 0b001 & Inst{3-0} =! 0b1111. 85 if (slice(insn, 27, 21) == 0x3e && slice(insn, 6, 4) == 1) { 86 if (slice(insn, 3, 0) == 15) 87 return ARM::BFC; 88 else 89 return ARM::BFI; 90 } 91 92 // Ditto for STRBT, which is a super-instruction for A8.6.199 Encoding A1 & A2. 93 // As a result, the decoder fails to deocode USAT properly. 94 if (slice(insn, 27, 21) == 0x37 && slice(insn, 5, 4) == 1) 95 return ARM::USAT; 96 97 // Ditto for ADDSrs, which is a super-instruction for A8.6.7 & A8.6.8. 98 // As a result, the decoder fails to decode UMULL properly. 99 if (slice(insn, 27, 21) == 0x04 && slice(insn, 7, 4) == 9) { 100 return ARM::UMULL; 101 } 102 103 // Ditto for STR_PRE, which is a super-instruction for A8.6.194 & A8.6.195. 104 // As a result, the decoder fails to decode SBFX properly. 105 if (slice(insn, 27, 21) == 0x3d && slice(insn, 6, 4) == 5) 106 return ARM::SBFX; 107 108 // And STRB_PRE, which is a super-instruction for A8.6.197 & A8.6.198. 109 // As a result, the decoder fails to decode UBFX properly. 110 if (slice(insn, 27, 21) == 0x3f && slice(insn, 6, 4) == 5) 111 return ARM::UBFX; 112 113 // Ditto for STRT, which is a super-instruction for A8.6.210 Encoding A1 & A2. 114 // As a result, the decoder fails to deocode SSAT properly. 115 if (slice(insn, 27, 21) == 0x35 && slice(insn, 5, 4) == 1) 116 return ARM::SSAT; 117 118 // Ditto for RSCrs, which is a super-instruction for A8.6.146 & A8.6.147. 119 // As a result, the decoder fails to decode STRHT/LDRHT/LDRSHT/LDRSBT. 120 if (slice(insn, 27, 24) == 0) { 121 switch (slice(insn, 21, 20)) { 122 case 2: 123 switch (slice(insn, 7, 4)) { 124 case 11: 125 return ARM::STRHT; 126 default: 127 break; // fallthrough 128 } 129 break; 130 case 3: 131 switch (slice(insn, 7, 4)) { 132 case 11: 133 return ARM::LDRHT; 134 case 13: 135 return ARM::LDRSBT; 136 case 15: 137 return ARM::LDRSHT; 138 default: 139 break; // fallthrough 140 } 141 break; 142 default: 143 break; // fallthrough 144 } 145 } 146 147 // Ditto for SBCrs, which is a super-instruction for A8.6.152 & A8.6.153. 148 // As a result, the decoder fails to decode STRH_Post/LDRD_POST/STRD_POST 149 // properly. 150 if (slice(insn, 27, 25) == 0 && slice(insn, 20, 20) == 0) { 151 unsigned PW = slice(insn, 24, 24) << 1 | slice(insn, 21, 21); 152 switch (slice(insn, 7, 4)) { 153 case 11: 154 switch (PW) { 155 case 2: // Offset 156 return ARM::STRH; 157 case 3: // Pre-indexed 158 return ARM::STRH_PRE; 159 case 0: // Post-indexed 160 return ARM::STRH_POST; 161 default: 162 break; // fallthrough 163 } 164 break; 165 case 13: 166 switch (PW) { 167 case 2: // Offset 168 return ARM::LDRD; 169 case 3: // Pre-indexed 170 return ARM::LDRD_PRE; 171 case 0: // Post-indexed 172 return ARM::LDRD_POST; 173 default: 174 break; // fallthrough 175 } 176 break; 177 case 15: 178 switch (PW) { 179 case 2: // Offset 180 return ARM::STRD; 181 case 3: // Pre-indexed 182 return ARM::STRD_PRE; 183 case 0: // Post-indexed 184 return ARM::STRD_POST; 185 default: 186 break; // fallthrough 187 } 188 break; 189 default: 190 break; // fallthrough 191 } 192 } 193 194 // Ditto for SBCSSrs, which is a super-instruction for A8.6.152 & A8.6.153. 195 // As a result, the decoder fails to decode LDRH_POST/LDRSB_POST/LDRSH_POST 196 // properly. 197 if (slice(insn, 27, 25) == 0 && slice(insn, 20, 20) == 1) { 198 unsigned PW = slice(insn, 24, 24) << 1 | slice(insn, 21, 21); 199 switch (slice(insn, 7, 4)) { 200 case 11: 201 switch (PW) { 202 case 2: // Offset 203 return ARM::LDRH; 204 case 3: // Pre-indexed 205 return ARM::LDRH_PRE; 206 case 0: // Post-indexed 207 return ARM::LDRH_POST; 208 default: 209 break; // fallthrough 210 } 211 break; 212 case 13: 213 switch (PW) { 214 case 2: // Offset 215 return ARM::LDRSB; 216 case 3: // Pre-indexed 217 return ARM::LDRSB_PRE; 218 case 0: // Post-indexed 219 return ARM::LDRSB_POST; 220 default: 221 break; // fallthrough 222 } 223 break; 224 case 15: 225 switch (PW) { 226 case 2: // Offset 227 return ARM::LDRSH; 228 case 3: // Pre-indexed 229 return ARM::LDRSH_PRE; 230 case 0: // Post-indexed 231 return ARM::LDRSH_POST; 232 default: 233 break; // fallthrough 234 } 235 break; 236 default: 237 break; // fallthrough 238 } 239 } 240 241 AutoGenedDecoder: 242 // Calling the auto-generated decoder function. 243 return decodeInstruction(insn); 244 } 245 246 // Helper function for special case handling of LDR (literal) and friends. 247 // See, for example, A6.3.7 Load word: Table A6-18 Load word. 248 // See A8.6.57 T3, T4 & A8.6.60 T2 and friends for why we morphed the opcode 249 // before returning it. 250 static unsigned T2Morph2LoadLiteral(unsigned Opcode) { 251 switch (Opcode) { 252 default: 253 return Opcode; // Return unmorphed opcode. 254 255 case ARM::t2LDRDi8: 256 return ARM::t2LDRDpci; 257 258 case ARM::t2LDR_POST: case ARM::t2LDR_PRE: 259 case ARM::t2LDRi12: case ARM::t2LDRi8: 260 case ARM::t2LDRs: case ARM::t2LDRT: 261 return ARM::t2LDRpci; 262 263 case ARM::t2LDRB_POST: case ARM::t2LDRB_PRE: 264 case ARM::t2LDRBi12: case ARM::t2LDRBi8: 265 case ARM::t2LDRBs: case ARM::t2LDRBT: 266 return ARM::t2LDRBpci; 267 268 case ARM::t2LDRH_POST: case ARM::t2LDRH_PRE: 269 case ARM::t2LDRHi12: case ARM::t2LDRHi8: 270 case ARM::t2LDRHs: case ARM::t2LDRHT: 271 return ARM::t2LDRHpci; 272 273 case ARM::t2LDRSB_POST: case ARM::t2LDRSB_PRE: 274 case ARM::t2LDRSBi12: case ARM::t2LDRSBi8: 275 case ARM::t2LDRSBs: case ARM::t2LDRSBT: 276 return ARM::t2LDRSBpci; 277 278 case ARM::t2LDRSH_POST: case ARM::t2LDRSH_PRE: 279 case ARM::t2LDRSHi12: case ARM::t2LDRSHi8: 280 case ARM::t2LDRSHs: case ARM::t2LDRSHT: 281 return ARM::t2LDRSHpci; 282 } 283 } 284 285 /// decodeThumbSideEffect is a decorator function which can potentially twiddle 286 /// the instruction or morph the returned opcode under Thumb2. 287 /// 288 /// First it checks whether the insn is a NEON or VFP instr; if true, bit 289 /// twiddling could be performed on insn to turn it into an ARM NEON/VFP 290 /// equivalent instruction and decodeInstruction is called with the transformed 291 /// insn. 292 /// 293 /// Next, there is special handling for Load byte/halfword/word instruction by 294 /// checking whether Rn=0b1111 and call T2Morph2LoadLiteral() on the decoded 295 /// Thumb2 instruction. See comments below for further details. 296 /// 297 /// Finally, one last check is made to see whether the insn is a NEON/VFP and 298 /// decodeInstruction(insn) is invoked on the original insn. 299 /// 300 /// Otherwise, decodeThumbInstruction is called with the original insn. 301 static unsigned decodeThumbSideEffect(bool IsThumb2, unsigned &insn) { 302 if (IsThumb2) { 303 uint16_t op1 = slice(insn, 28, 27); 304 uint16_t op2 = slice(insn, 26, 20); 305 306 // A6.3 32-bit Thumb instruction encoding 307 // Table A6-9 32-bit Thumb instruction encoding 308 309 // The coprocessor instructions of interest are transformed to their ARM 310 // equivalents. 311 312 // --------- Transform Begin Marker --------- 313 if ((op1 == 1 || op1 == 3) && slice(op2, 6, 4) == 7) { 314 // A7.4 Advanced SIMD data-processing instructions 315 // U bit of Thumb corresponds to Inst{24} of ARM. 316 uint16_t U = slice(op1, 1, 1); 317 318 // Inst{28-24} of ARM = {1,0,0,1,U}; 319 uint16_t bits28_24 = 9 << 1 | U; 320 DEBUG(showBitVector(errs(), insn)); 321 setSlice(insn, 28, 24, bits28_24); 322 return decodeInstruction(insn); 323 } 324 325 if (op1 == 3 && slice(op2, 6, 4) == 1 && slice(op2, 0, 0) == 0) { 326 // A7.7 Advanced SIMD element or structure load/store instructions 327 // Inst{27-24} of Thumb = 0b1001 328 // Inst{27-24} of ARM = 0b0100 329 DEBUG(showBitVector(errs(), insn)); 330 setSlice(insn, 27, 24, 4); 331 return decodeInstruction(insn); 332 } 333 // --------- Transform End Marker --------- 334 335 // See, for example, A6.3.7 Load word: Table A6-18 Load word. 336 // See A8.6.57 T3, T4 & A8.6.60 T2 and friends for why we morphed the opcode 337 // before returning it to our caller. 338 if (op1 == 3 && slice(op2, 6, 5) == 0 && slice(op2, 0, 0) == 1 339 && slice(insn, 19, 16) == 15) 340 return T2Morph2LoadLiteral(decodeThumbInstruction(insn)); 341 342 // One last check for NEON/VFP instructions. 343 if ((op1 == 1 || op1 == 3) && slice(op2, 6, 6) == 1) 344 return decodeInstruction(insn); 345 346 // Fall through. 347 } 348 349 return decodeThumbInstruction(insn); 350 } 351 352 static inline bool Thumb2PreloadOpcodeNoPCI(unsigned Opcode) { 353 switch (Opcode) { 354 default: 355 return false; 356 case ARM::t2PLDi12: case ARM::t2PLDi8: 357 case ARM::t2PLDr: case ARM::t2PLDs: 358 case ARM::t2PLDWi12: case ARM::t2PLDWi8: 359 case ARM::t2PLDWr: case ARM::t2PLDWs: 360 case ARM::t2PLIi12: case ARM::t2PLIi8: 361 case ARM::t2PLIr: case ARM::t2PLIs: 362 return true; 363 } 364 } 365 366 static inline unsigned T2Morph2Preload2PCI(unsigned Opcode) { 367 switch (Opcode) { 368 default: 369 return 0; 370 case ARM::t2PLDi12: case ARM::t2PLDi8: 371 case ARM::t2PLDr: case ARM::t2PLDs: 372 return ARM::t2PLDpci; 373 case ARM::t2PLDWi12: case ARM::t2PLDWi8: 374 case ARM::t2PLDWr: case ARM::t2PLDWs: 375 return ARM::t2PLDWpci; 376 case ARM::t2PLIi12: case ARM::t2PLIi8: 377 case ARM::t2PLIr: case ARM::t2PLIs: 378 return ARM::t2PLIpci; 379 } 380 } 381 382 // 383 // Public interface for the disassembler 384 // 385 386 bool ARMDisassembler::getInstruction(MCInst &MI, 387 uint64_t &Size, 388 const MemoryObject &Region, 389 uint64_t Address, 390 raw_ostream &os) const { 391 // The machine instruction. 392 uint32_t insn; 393 uint8_t bytes[4]; 394 395 // We want to read exactly 4 bytes of data. 396 if (Region.readBytes(Address, 4, (uint8_t*)bytes, NULL) == -1) 397 return false; 398 399 // Encoded as a small-endian 32-bit word in the stream. 400 insn = (bytes[3] << 24) | 401 (bytes[2] << 16) | 402 (bytes[1] << 8) | 403 (bytes[0] << 0); 404 405 unsigned Opcode = decodeARMInstruction(insn); 406 ARMFormat Format = ARMFormats[Opcode]; 407 Size = 4; 408 409 DEBUG({ 410 errs() << "Opcode=" << Opcode << " Name=" << ARMUtils::OpcodeName(Opcode) 411 << " Format=" << stringForARMFormat(Format) << '(' << (int)Format 412 << ")\n"; 413 showBitVector(errs(), insn); 414 }); 415 416 ARMBasicMCBuilder *Builder = CreateMCBuilder(Opcode, Format); 417 if (!Builder) 418 return false; 419 420 if (!Builder->Build(MI, insn)) 421 return false; 422 423 delete Builder; 424 425 return true; 426 } 427 428 bool ThumbDisassembler::getInstruction(MCInst &MI, 429 uint64_t &Size, 430 const MemoryObject &Region, 431 uint64_t Address, 432 raw_ostream &os) const { 433 // The Thumb instruction stream is a sequence of halhwords. 434 435 // This represents the first halfword as well as the machine instruction 436 // passed to decodeThumbInstruction(). For 16-bit Thumb instruction, the top 437 // halfword of insn is 0x00 0x00; otherwise, the first halfword is moved to 438 // the top half followed by the second halfword. 439 unsigned insn = 0; 440 // Possible second halfword. 441 uint16_t insn1 = 0; 442 443 // A6.1 Thumb instruction set encoding 444 // 445 // If bits [15:11] of the halfword being decoded take any of the following 446 // values, the halfword is the first halfword of a 32-bit instruction: 447 // o 0b11101 448 // o 0b11110 449 // o 0b11111. 450 // 451 // Otherwise, the halfword is a 16-bit instruction. 452 453 // Read 2 bytes of data first. 454 uint8_t bytes[2]; 455 if (Region.readBytes(Address, 2, (uint8_t*)bytes, NULL) == -1) 456 return false; 457 458 // Encoded as a small-endian 16-bit halfword in the stream. 459 insn = (bytes[1] << 8) | bytes[0]; 460 unsigned bits15_11 = slice(insn, 15, 11); 461 bool IsThumb2 = false; 462 463 // 32-bit instructions if the bits [15:11] of the halfword matches 464 // { 0b11101 /* 0x1D */, 0b11110 /* 0x1E */, ob11111 /* 0x1F */ }. 465 if (bits15_11 == 0x1D || bits15_11 == 0x1E || bits15_11 == 0x1F) { 466 IsThumb2 = true; 467 if (Region.readBytes(Address + 2, 2, (uint8_t*)bytes, NULL) == -1) 468 return false; 469 // Encoded as a small-endian 16-bit halfword in the stream. 470 insn1 = (bytes[1] << 8) | bytes[0]; 471 insn = (insn << 16 | insn1); 472 } 473 474 // The insn could potentially be bit-twiddled in order to be decoded as an ARM 475 // NEON/VFP opcode. In such case, the modified insn is later disassembled as 476 // an ARM NEON/VFP instruction. 477 // 478 // This is a short term solution for lack of encoding bits specified for the 479 // Thumb2 NEON/VFP instructions. The long term solution could be adding some 480 // infrastructure to have each instruction support more than one encodings. 481 // Which encoding is used would be based on which subtarget the compiler/ 482 // disassembler is working with at the time. This would allow the sharing of 483 // the NEON patterns between ARM and Thumb2, as well as potential greater 484 // sharing between the regular ARM instructions and the 32-bit wide Thumb2 485 // instructions as well. 486 unsigned Opcode = decodeThumbSideEffect(IsThumb2, insn); 487 488 // A8.6.117/119/120/121. 489 // PLD/PLDW/PLI instructions with Rn==15 is transformed to the pci variant. 490 if (Thumb2PreloadOpcodeNoPCI(Opcode) && slice(insn, 19, 16) == 15) 491 Opcode = T2Morph2Preload2PCI(Opcode); 492 493 ARMFormat Format = ARMFormats[Opcode]; 494 Size = IsThumb2 ? 4 : 2; 495 496 DEBUG({ 497 errs() << "Opcode=" << Opcode << " Name=" << ARMUtils::OpcodeName(Opcode) 498 << " Format=" << stringForARMFormat(Format) << '(' << (int)Format 499 << ")\n"; 500 showBitVector(errs(), insn); 501 }); 502 503 ARMBasicMCBuilder *Builder = CreateMCBuilder(Opcode, Format); 504 if (!Builder) 505 return false; 506 507 Builder->SetSession(const_cast<Session *>(&SO)); 508 509 if (!Builder->Build(MI, insn)) 510 return false; 511 512 delete Builder; 513 514 return true; 515 } 516 517 // A8.6.50 518 // Valid return values are {1, 2, 3, 4}, with 0 signifying an error condition. 519 static unsigned short CountITSize(unsigned ITMask) { 520 // First count the trailing zeros of the IT mask. 521 unsigned TZ = CountTrailingZeros_32(ITMask); 522 if (TZ > 3) { 523 DEBUG(errs() << "Encoding error: IT Mask '0000'"); 524 return 0; 525 } 526 return (4 - TZ); 527 } 528 529 /// Init ITState. Note that at least one bit is always 1 in mask. 530 bool Session::InitIT(unsigned short bits7_0) { 531 ITCounter = CountITSize(slice(bits7_0, 3, 0)); 532 if (ITCounter == 0) 533 return false; 534 535 // A8.6.50 IT 536 unsigned short FirstCond = slice(bits7_0, 7, 4); 537 if (FirstCond == 0xF) { 538 DEBUG(errs() << "Encoding error: IT FirstCond '1111'"); 539 return false; 540 } 541 if (FirstCond == 0xE && ITCounter != 1) { 542 DEBUG(errs() << "Encoding error: IT FirstCond '1110' && Mask != '1000'"); 543 return false; 544 } 545 546 ITState = bits7_0; 547 548 return true; 549 } 550 551 /// Update ITState if necessary. 552 void Session::UpdateIT() { 553 assert(ITCounter); 554 --ITCounter; 555 if (ITCounter == 0) 556 ITState = 0; 557 else { 558 unsigned short NewITState4_0 = slice(ITState, 4, 0) << 1; 559 setSlice(ITState, 4, 0, NewITState4_0); 560 } 561 } 562 563 static MCDisassembler *createARMDisassembler(const Target &T) { 564 return new ARMDisassembler; 565 } 566 567 static MCDisassembler *createThumbDisassembler(const Target &T) { 568 return new ThumbDisassembler; 569 } 570 571 extern "C" void LLVMInitializeARMDisassembler() { 572 // Register the disassembler. 573 TargetRegistry::RegisterMCDisassembler(TheARMTarget, 574 createARMDisassembler); 575 TargetRegistry::RegisterMCDisassembler(TheThumbTarget, 576 createThumbDisassembler); 577 } 578 579 EDInstInfo *ARMDisassembler::getEDInfo() const { 580 return instInfoARM; 581 } 582 583 EDInstInfo *ThumbDisassembler::getEDInfo() const { 584 return instInfoARM; 585 } 586