arch/arm32_code_inference

ARM32 architecture-specific rules for code inference.

arm_ver_order(Name:symbol, VersionID:unsigned)

Assign ARM version names to their generation number

e.g., “v7E_M” -> 7

• Used by: +disconnected7

init_ldr_add_pc(EA_ldr:address, Size:unsigned, Reg1:register, LitPoolAddr:address, EA_add_pc:address, Reg2:register)

ldr Reg1, .L0 add Reg2, Reg1, pc

Uses straight_line_def_used, which is a weaker version of def_used that can be used before code inference.

• Uses: arch.load_operation, arch.reg_reg_arithmetic_operation, instruction

• Recursive: indefinite_litpool_ref, __agg_single6, indexed_pc_relative_load, litpool_symbolic_operand, indexed_pc_relative_load_relative, data_block_candidate, wis_has_prior, unlikely_have_symbolic_immediate, relative_jump_table_entry_candidate, block_boundaries, def_used_for_address, block_instruction_next, reg_def_use.used_in_block, arm_jump_table_block_instruction, relocation_adjustment, reg_def_use.live_var_at_block_end, stack_def_use.ref_in_block, arm_jump_table_data_block, call_target_has_other_fallthrough_inter, __agg_subclause6, impossible_block, jump_table_element_access, gp_relative_operand, next_end, block_heuristic, stack_base_reg_move, stack_def_use.live_var_def, composite_data_access, unresolved_interval, block_limit, arm_jump_table_candidate, call_tls_get_addr_mips, symbol_minus_symbol_litpool_access_pattern, may_fallthrough, segment_target_range, arch.reg_relative_load, __agg_subclause2, candidate_block_is_not_padding, self_contained_segment, arch.extend_load, block_last_instruction, jump_table_prelude, stack_def_use.defined_in_block, arm_jump_table_candidate_start, split_load_candidate, split_load, data_access, cmp_defines, padding_block_candidate, split_load_point, tls_desc_call, reg_def_use.block_last_def, const_value_reg_used, value_reg_edge, is_padding, negative_block_heuristic, discarded_split_load, relative_address_start, base_relative_operation, simple_data_access_pattern, block, reg_has_base_image, jump_table_target, __agg_subclause4, init_ldr_add_pc, data_in_code_propagate, __agg_single2, relative_address, block_points, must_fallthrough, wis_prior, resolved_reaches, inferred_main_dispatch, code_in_block_candidate, last_value_reg_limit, nop_in_padding_candidate, value_reg_unsupported, reg_def_use.defined_in_block, correlated_live_reg, plt_entry, reg_def_use.live_var_used, adjusts_stack_in_block, __agg_subclause7, wis_schedule, initial_function_containing_return, next_function_entry_initial, discarded_block, possible_target, plt_block, fallthrough_over_padding, straight_line_last_def, block_implies_block, incomplete_block, wis_memo, value_reg_limit, inter_procedural_edge, reg_used_for, reg_def_use.live_var_def, known_block, arm_jump_table_block_start, reg_def_use.return_block_end, initialized_data_segment, data_segment, local_dynamic_tls_candidate, jump_table_candidate_refined, start_function, call_tls_get_addr, value_reg, got_relative_operand, adrp_used, unresolved_block_overlap, function_inference.function_entry_initial, arm_jump_table_skip_first_entry, split_load_total_points, next_type, no_return_call, jump_table_start, code_in_block_candidate_refined, basic_target, arch.simple_data_load, possible_target_from, overlapping_instruction, base_relative_jump, stack_def_use.live_var_used_in_block, invalid, compare_and_jump_indirect_op_valid, split_load_conflict, arm_jump_table_data_block_limit, call_may_fallthrough_inter, stack_def_use.used_in_block, compare_and_jump_indirect, no_return_call_propagated, after_end, __agg_subclause3, code_in_block, reg_def_use.return_val_used, transition_block_limit, no_value_reg_limit, block_candidate_dependency_edge, litpool_confidence, branch_to_calculated_pc_rel_addr, block_total_points, candidate_block_is_padding, stack_def_use.live_var_at_prior_used, litpool_boundaries, tls_relative_operand_mips, first_block_in_byte_interval, cmp_reg_to_reg, no_return_call_refined, split_load_for_symbolization, jump_table_candidate, reg_def_use.ambiguous_last_def_in_block, next_start, stack_def_use.def_used, block_next, reg_def_use.ref_in_block, reg_def_use.live_var_at_prior_used, data_in_code, hi_load_prop, reg_has_got, init_symbol_minus_symbol_candidate_arm, split_load_operand, unresolved_block, jump_table_max, common_tail, instruction_memory_access_size, likely_fallthrough, __agg_single10, compare_and_jump_immediate, wis_schedule_iter, block_candidate_boundaries, stack_def_use.live_var_at_block_end, contains_plausible_instr_seq, padding_block_limit, relocation_adjustment_total, arm_jump_table_cmp_limit, jump_table_signed, flags_and_jump_pair, next_block_in_byte_interval, reg_def_use.ambiguous_block_last_def, unresolved_interval_order, symbolic_expr_from_relocation, no_return_block, overlap_with_litpool, reg_def_use.def_used, stack_def_use.block_last_def, inferred_main_in_reg, contains_implausible_instr_seq, base_relative_operand, invalid_jump_table_candidate, tls_get_addr, reg_def_use.last_def_in_block, straight_line_def_used, data_block_limit, litpool_ref, cinf_ldr_add_pc, compare_and_jump_register, stack_def_use.live_var_used, block_overlap, __agg_single3, block_points_proportional, stack_def_use.last_def_in_block, reg_reg_arithmetic_operation_defs, reg_def_use.used, reg_def_use.flow_def

init_symbol_minus_symbol_candidate_arm(EA:address, Size:unsigned, Symbol1:address, Symbol2:address, Scale:unsigned, Offset:number)

A weaker version of cinf_symbol_minus_symbol_candidate_arm that can be used before code inference. see the comment of cinf_symbol_minus_symbol_candidate_arm.

• Uses: relocation, symbol

• Recursive: indefinite_litpool_ref, __agg_single6, indexed_pc_relative_load, litpool_symbolic_operand, indexed_pc_relative_load_relative, data_block_candidate, wis_has_prior, unlikely_have_symbolic_immediate, relative_jump_table_entry_candidate, block_boundaries, def_used_for_address, block_instruction_next, reg_def_use.used_in_block, arm_jump_table_block_instruction, relocation_adjustment, reg_def_use.live_var_at_block_end, stack_def_use.ref_in_block, arm_jump_table_data_block, call_target_has_other_fallthrough_inter, __agg_subclause6, impossible_block, jump_table_element_access, gp_relative_operand, next_end, block_heuristic, stack_base_reg_move, stack_def_use.live_var_def, composite_data_access, unresolved_interval, block_limit, arm_jump_table_candidate, call_tls_get_addr_mips, symbol_minus_symbol_litpool_access_pattern, may_fallthrough, segment_target_range, arch.reg_relative_load, __agg_subclause2, candidate_block_is_not_padding, self_contained_segment, arch.extend_load, block_last_instruction, jump_table_prelude, stack_def_use.defined_in_block, arm_jump_table_candidate_start, split_load_candidate, split_load, data_access, cmp_defines, padding_block_candidate, split_load_point, tls_desc_call, reg_def_use.block_last_def, const_value_reg_used, value_reg_edge, is_padding, negative_block_heuristic, discarded_split_load, relative_address_start, base_relative_operation, simple_data_access_pattern, block, reg_has_base_image, jump_table_target, __agg_subclause4, init_ldr_add_pc, data_in_code_propagate, __agg_single2, relative_address, block_points, must_fallthrough, wis_prior, resolved_reaches, inferred_main_dispatch, code_in_block_candidate, last_value_reg_limit, nop_in_padding_candidate, value_reg_unsupported, reg_def_use.defined_in_block, correlated_live_reg, plt_entry, reg_def_use.live_var_used, adjusts_stack_in_block, __agg_subclause7, wis_schedule, initial_function_containing_return, next_function_entry_initial, discarded_block, possible_target, plt_block, fallthrough_over_padding, straight_line_last_def, block_implies_block, incomplete_block, wis_memo, value_reg_limit, inter_procedural_edge, reg_used_for, reg_def_use.live_var_def, known_block, arm_jump_table_block_start, reg_def_use.return_block_end, initialized_data_segment, data_segment, local_dynamic_tls_candidate, jump_table_candidate_refined, start_function, call_tls_get_addr, value_reg, got_relative_operand, adrp_used, unresolved_block_overlap, function_inference.function_entry_initial, arm_jump_table_skip_first_entry, split_load_total_points, next_type, no_return_call, jump_table_start, code_in_block_candidate_refined, basic_target, arch.simple_data_load, possible_target_from, overlapping_instruction, base_relative_jump, stack_def_use.live_var_used_in_block, invalid, compare_and_jump_indirect_op_valid, split_load_conflict, arm_jump_table_data_block_limit, call_may_fallthrough_inter, stack_def_use.used_in_block, compare_and_jump_indirect, no_return_call_propagated, after_end, __agg_subclause3, code_in_block, reg_def_use.return_val_used, transition_block_limit, no_value_reg_limit, block_candidate_dependency_edge, litpool_confidence, branch_to_calculated_pc_rel_addr, block_total_points, candidate_block_is_padding, stack_def_use.live_var_at_prior_used, litpool_boundaries, tls_relative_operand_mips, first_block_in_byte_interval, cmp_reg_to_reg, no_return_call_refined, split_load_for_symbolization, jump_table_candidate, reg_def_use.ambiguous_last_def_in_block, next_start, stack_def_use.def_used, block_next, reg_def_use.ref_in_block, reg_def_use.live_var_at_prior_used, data_in_code, hi_load_prop, reg_has_got, init_symbol_minus_symbol_candidate_arm, split_load_operand, unresolved_block, jump_table_max, common_tail, instruction_memory_access_size, likely_fallthrough, __agg_single10, compare_and_jump_immediate, wis_schedule_iter, block_candidate_boundaries, stack_def_use.live_var_at_block_end, contains_plausible_instr_seq, padding_block_limit, relocation_adjustment_total, arm_jump_table_cmp_limit, jump_table_signed, flags_and_jump_pair, next_block_in_byte_interval, reg_def_use.ambiguous_block_last_def, unresolved_interval_order, symbolic_expr_from_relocation, no_return_block, overlap_with_litpool, reg_def_use.def_used, stack_def_use.block_last_def, inferred_main_in_reg, contains_implausible_instr_seq, base_relative_operand, invalid_jump_table_candidate, tls_get_addr, reg_def_use.last_def_in_block, straight_line_def_used, data_block_limit, litpool_ref, cinf_ldr_add_pc, compare_and_jump_register, stack_def_use.live_var_used, block_overlap, __agg_single3, block_points_proportional, stack_def_use.last_def_in_block, reg_reg_arithmetic_operation_defs, reg_def_use.used, reg_def_use.flow_def

data_block_limit(Limit:address)

Addresses where the propagation of indefinite data blocks should be limited.

Similar to (and a superset of) block_limit for code blocks.

• Uses: arch.instruction_at

• Recursive: indefinite_litpool_ref, __agg_single6, indexed_pc_relative_load, litpool_symbolic_operand, indexed_pc_relative_load_relative, data_block_candidate, wis_has_prior, unlikely_have_symbolic_immediate, relative_jump_table_entry_candidate, block_boundaries, def_used_for_address, block_instruction_next, reg_def_use.used_in_block, arm_jump_table_block_instruction, relocation_adjustment, reg_def_use.live_var_at_block_end, stack_def_use.ref_in_block, arm_jump_table_data_block, call_target_has_other_fallthrough_inter, __agg_subclause6, impossible_block, jump_table_element_access, gp_relative_operand, next_end, block_heuristic, stack_base_reg_move, stack_def_use.live_var_def, composite_data_access, unresolved_interval, block_limit, arm_jump_table_candidate, call_tls_get_addr_mips, symbol_minus_symbol_litpool_access_pattern, may_fallthrough, segment_target_range, arch.reg_relative_load, __agg_subclause2, candidate_block_is_not_padding, self_contained_segment, arch.extend_load, block_last_instruction, jump_table_prelude, stack_def_use.defined_in_block, arm_jump_table_candidate_start, split_load_candidate, split_load, data_access, cmp_defines, padding_block_candidate, split_load_point, tls_desc_call, reg_def_use.block_last_def, const_value_reg_used, value_reg_edge, is_padding, negative_block_heuristic, discarded_split_load, relative_address_start, base_relative_operation, simple_data_access_pattern, block, reg_has_base_image, jump_table_target, __agg_subclause4, init_ldr_add_pc, data_in_code_propagate, __agg_single2, relative_address, block_points, must_fallthrough, wis_prior, resolved_reaches, inferred_main_dispatch, code_in_block_candidate, last_value_reg_limit, nop_in_padding_candidate, value_reg_unsupported, reg_def_use.defined_in_block, correlated_live_reg, plt_entry, reg_def_use.live_var_used, adjusts_stack_in_block, __agg_subclause7, wis_schedule, initial_function_containing_return, next_function_entry_initial, discarded_block, possible_target, plt_block, fallthrough_over_padding, straight_line_last_def, block_implies_block, incomplete_block, wis_memo, value_reg_limit, inter_procedural_edge, reg_used_for, reg_def_use.live_var_def, known_block, arm_jump_table_block_start, reg_def_use.return_block_end, initialized_data_segment, data_segment, local_dynamic_tls_candidate, jump_table_candidate_refined, start_function, call_tls_get_addr, value_reg, got_relative_operand, adrp_used, unresolved_block_overlap, function_inference.function_entry_initial, arm_jump_table_skip_first_entry, split_load_total_points, next_type, no_return_call, jump_table_start, code_in_block_candidate_refined, basic_target, arch.simple_data_load, possible_target_from, overlapping_instruction, base_relative_jump, stack_def_use.live_var_used_in_block, invalid, compare_and_jump_indirect_op_valid, split_load_conflict, arm_jump_table_data_block_limit, call_may_fallthrough_inter, stack_def_use.used_in_block, compare_and_jump_indirect, no_return_call_propagated, after_end, __agg_subclause3, code_in_block, reg_def_use.return_val_used, transition_block_limit, no_value_reg_limit, block_candidate_dependency_edge, litpool_confidence, branch_to_calculated_pc_rel_addr, block_total_points, candidate_block_is_padding, stack_def_use.live_var_at_prior_used, litpool_boundaries, tls_relative_operand_mips, first_block_in_byte_interval, cmp_reg_to_reg, no_return_call_refined, split_load_for_symbolization, jump_table_candidate, reg_def_use.ambiguous_last_def_in_block, next_start, stack_def_use.def_used, block_next, reg_def_use.ref_in_block, reg_def_use.live_var_at_prior_used, data_in_code, hi_load_prop, reg_has_got, init_symbol_minus_symbol_candidate_arm, split_load_operand, unresolved_block, jump_table_max, common_tail, instruction_memory_access_size, likely_fallthrough, __agg_single10, compare_and_jump_immediate, wis_schedule_iter, block_candidate_boundaries, stack_def_use.live_var_at_block_end, contains_plausible_instr_seq, padding_block_limit, relocation_adjustment_total, arm_jump_table_cmp_limit, jump_table_signed, flags_and_jump_pair, next_block_in_byte_interval, reg_def_use.ambiguous_block_last_def, unresolved_interval_order, symbolic_expr_from_relocation, no_return_block, overlap_with_litpool, reg_def_use.def_used, stack_def_use.block_last_def, inferred_main_in_reg, contains_implausible_instr_seq, base_relative_operand, invalid_jump_table_candidate, tls_get_addr, reg_def_use.last_def_in_block, straight_line_def_used, data_block_limit, litpool_ref, cinf_ldr_add_pc, compare_and_jump_register, stack_def_use.live_var_used, block_overlap, __agg_single3, block_points_proportional, stack_def_use.last_def_in_block, reg_reg_arithmetic_operation_defs, reg_def_use.used, reg_def_use.flow_def

indefinite_litpool_ref(Start:address, Size:unsigned)

References to potential litpools with indeterminate sizes.

• Uses: arch.pc_relative_addr, ascii_string

• Recursive: indefinite_litpool_ref, __agg_single6, indexed_pc_relative_load, litpool_symbolic_operand, indexed_pc_relative_load_relative, data_block_candidate, wis_has_prior, unlikely_have_symbolic_immediate, relative_jump_table_entry_candidate, block_boundaries, def_used_for_address, block_instruction_next, reg_def_use.used_in_block, arm_jump_table_block_instruction, relocation_adjustment, reg_def_use.live_var_at_block_end, stack_def_use.ref_in_block, arm_jump_table_data_block, call_target_has_other_fallthrough_inter, __agg_subclause6, impossible_block, jump_table_element_access, gp_relative_operand, next_end, block_heuristic, stack_base_reg_move, stack_def_use.live_var_def, composite_data_access, unresolved_interval, block_limit, arm_jump_table_candidate, call_tls_get_addr_mips, symbol_minus_symbol_litpool_access_pattern, may_fallthrough, segment_target_range, arch.reg_relative_load, __agg_subclause2, candidate_block_is_not_padding, self_contained_segment, arch.extend_load, block_last_instruction, jump_table_prelude, stack_def_use.defined_in_block, arm_jump_table_candidate_start, split_load_candidate, split_load, data_access, cmp_defines, padding_block_candidate, split_load_point, tls_desc_call, reg_def_use.block_last_def, const_value_reg_used, value_reg_edge, is_padding, negative_block_heuristic, discarded_split_load, relative_address_start, base_relative_operation, simple_data_access_pattern, block, reg_has_base_image, jump_table_target, __agg_subclause4, init_ldr_add_pc, data_in_code_propagate, __agg_single2, relative_address, block_points, must_fallthrough, wis_prior, resolved_reaches, inferred_main_dispatch, code_in_block_candidate, last_value_reg_limit, nop_in_padding_candidate, value_reg_unsupported, reg_def_use.defined_in_block, correlated_live_reg, plt_entry, reg_def_use.live_var_used, adjusts_stack_in_block, __agg_subclause7, wis_schedule, initial_function_containing_return, next_function_entry_initial, discarded_block, possible_target, plt_block, fallthrough_over_padding, straight_line_last_def, block_implies_block, incomplete_block, wis_memo, value_reg_limit, inter_procedural_edge, reg_used_for, reg_def_use.live_var_def, known_block, arm_jump_table_block_start, reg_def_use.return_block_end, initialized_data_segment, data_segment, local_dynamic_tls_candidate, jump_table_candidate_refined, start_function, call_tls_get_addr, value_reg, got_relative_operand, adrp_used, unresolved_block_overlap, function_inference.function_entry_initial, arm_jump_table_skip_first_entry, split_load_total_points, next_type, no_return_call, jump_table_start, code_in_block_candidate_refined, basic_target, arch.simple_data_load, possible_target_from, overlapping_instruction, base_relative_jump, stack_def_use.live_var_used_in_block, invalid, compare_and_jump_indirect_op_valid, split_load_conflict, arm_jump_table_data_block_limit, call_may_fallthrough_inter, stack_def_use.used_in_block, compare_and_jump_indirect, no_return_call_propagated, after_end, __agg_subclause3, code_in_block, reg_def_use.return_val_used, transition_block_limit, no_value_reg_limit, block_candidate_dependency_edge, litpool_confidence, branch_to_calculated_pc_rel_addr, block_total_points, candidate_block_is_padding, stack_def_use.live_var_at_prior_used, litpool_boundaries, tls_relative_operand_mips, first_block_in_byte_interval, cmp_reg_to_reg, no_return_call_refined, split_load_for_symbolization, jump_table_candidate, reg_def_use.ambiguous_last_def_in_block, next_start, stack_def_use.def_used, block_next, reg_def_use.ref_in_block, reg_def_use.live_var_at_prior_used, data_in_code, hi_load_prop, reg_has_got, init_symbol_minus_symbol_candidate_arm, split_load_operand, unresolved_block, jump_table_max, common_tail, instruction_memory_access_size, likely_fallthrough, __agg_single10, compare_and_jump_immediate, wis_schedule_iter, block_candidate_boundaries, stack_def_use.live_var_at_block_end, contains_plausible_instr_seq, padding_block_limit, relocation_adjustment_total, arm_jump_table_cmp_limit, jump_table_signed, flags_and_jump_pair, next_block_in_byte_interval, reg_def_use.ambiguous_block_last_def, unresolved_interval_order, symbolic_expr_from_relocation, no_return_block, overlap_with_litpool, reg_def_use.def_used, stack_def_use.block_last_def, inferred_main_in_reg, contains_implausible_instr_seq, base_relative_operand, invalid_jump_table_candidate, tls_get_addr, reg_def_use.last_def_in_block, straight_line_def_used, data_block_limit, litpool_ref, cinf_ldr_add_pc, compare_and_jump_register, stack_def_use.live_var_used, block_overlap, __agg_single3, block_points_proportional, stack_def_use.last_def_in_block, reg_reg_arithmetic_operation_defs, reg_def_use.used, reg_def_use.flow_def

litpool_boundaries(BegAddr:address, EndAddr:address)

• Used by: function_inference.function_entry

• Recursive: indefinite_litpool_ref, __agg_single6, indexed_pc_relative_load, litpool_symbolic_operand, indexed_pc_relative_load_relative, data_block_candidate, wis_has_prior, unlikely_have_symbolic_immediate, relative_jump_table_entry_candidate, block_boundaries, def_used_for_address, block_instruction_next, reg_def_use.used_in_block, arm_jump_table_block_instruction, relocation_adjustment, reg_def_use.live_var_at_block_end, stack_def_use.ref_in_block, arm_jump_table_data_block, call_target_has_other_fallthrough_inter, __agg_subclause6, impossible_block, jump_table_element_access, gp_relative_operand, next_end, block_heuristic, stack_base_reg_move, stack_def_use.live_var_def, composite_data_access, unresolved_interval, block_limit, arm_jump_table_candidate, call_tls_get_addr_mips, symbol_minus_symbol_litpool_access_pattern, may_fallthrough, segment_target_range, arch.reg_relative_load, __agg_subclause2, candidate_block_is_not_padding, self_contained_segment, arch.extend_load, block_last_instruction, jump_table_prelude, stack_def_use.defined_in_block, arm_jump_table_candidate_start, split_load_candidate, split_load, data_access, cmp_defines, padding_block_candidate, split_load_point, tls_desc_call, reg_def_use.block_last_def, const_value_reg_used, value_reg_edge, is_padding, negative_block_heuristic, discarded_split_load, relative_address_start, base_relative_operation, simple_data_access_pattern, block, reg_has_base_image, jump_table_target, __agg_subclause4, init_ldr_add_pc, data_in_code_propagate, __agg_single2, relative_address, block_points, must_fallthrough, wis_prior, resolved_reaches, inferred_main_dispatch, code_in_block_candidate, last_value_reg_limit, nop_in_padding_candidate, value_reg_unsupported, reg_def_use.defined_in_block, correlated_live_reg, plt_entry, reg_def_use.live_var_used, adjusts_stack_in_block, __agg_subclause7, wis_schedule, initial_function_containing_return, next_function_entry_initial, discarded_block, possible_target, plt_block, fallthrough_over_padding, straight_line_last_def, block_implies_block, incomplete_block, wis_memo, value_reg_limit, inter_procedural_edge, reg_used_for, reg_def_use.live_var_def, known_block, arm_jump_table_block_start, reg_def_use.return_block_end, initialized_data_segment, data_segment, local_dynamic_tls_candidate, jump_table_candidate_refined, start_function, call_tls_get_addr, value_reg, got_relative_operand, adrp_used, unresolved_block_overlap, function_inference.function_entry_initial, arm_jump_table_skip_first_entry, split_load_total_points, next_type, no_return_call, jump_table_start, code_in_block_candidate_refined, basic_target, arch.simple_data_load, possible_target_from, overlapping_instruction, base_relative_jump, stack_def_use.live_var_used_in_block, invalid, compare_and_jump_indirect_op_valid, split_load_conflict, arm_jump_table_data_block_limit, call_may_fallthrough_inter, stack_def_use.used_in_block, compare_and_jump_indirect, no_return_call_propagated, after_end, __agg_subclause3, code_in_block, reg_def_use.return_val_used, transition_block_limit, no_value_reg_limit, block_candidate_dependency_edge, litpool_confidence, branch_to_calculated_pc_rel_addr, block_total_points, candidate_block_is_padding, stack_def_use.live_var_at_prior_used, litpool_boundaries, tls_relative_operand_mips, first_block_in_byte_interval, cmp_reg_to_reg, no_return_call_refined, split_load_for_symbolization, jump_table_candidate, reg_def_use.ambiguous_last_def_in_block, next_start, stack_def_use.def_used, block_next, reg_def_use.ref_in_block, reg_def_use.live_var_at_prior_used, data_in_code, hi_load_prop, reg_has_got, init_symbol_minus_symbol_candidate_arm, split_load_operand, unresolved_block, jump_table_max, common_tail, instruction_memory_access_size, likely_fallthrough, __agg_single10, compare_and_jump_immediate, wis_schedule_iter, block_candidate_boundaries, stack_def_use.live_var_at_block_end, contains_plausible_instr_seq, padding_block_limit, relocation_adjustment_total, arm_jump_table_cmp_limit, jump_table_signed, flags_and_jump_pair, next_block_in_byte_interval, reg_def_use.ambiguous_block_last_def, unresolved_interval_order, symbolic_expr_from_relocation, no_return_block, overlap_with_litpool, reg_def_use.def_used, stack_def_use.block_last_def, inferred_main_in_reg, contains_implausible_instr_seq, base_relative_operand, invalid_jump_table_candidate, tls_get_addr, reg_def_use.last_def_in_block, straight_line_def_used, data_block_limit, litpool_ref, cinf_ldr_add_pc, compare_and_jump_register, stack_def_use.live_var_used, block_overlap, __agg_single3, block_points_proportional, stack_def_use.last_def_in_block, reg_reg_arithmetic_operation_defs, reg_def_use.used, reg_def_use.flow_def

overlap_with_litpool(Block:address)

Check if the given block overlaps with a possible literal pool.

• Recursive: indefinite_litpool_ref, __agg_single6, indexed_pc_relative_load, litpool_symbolic_operand, indexed_pc_relative_load_relative, data_block_candidate, wis_has_prior, unlikely_have_symbolic_immediate, relative_jump_table_entry_candidate, block_boundaries, def_used_for_address, block_instruction_next, reg_def_use.used_in_block, arm_jump_table_block_instruction, relocation_adjustment, reg_def_use.live_var_at_block_end, stack_def_use.ref_in_block, arm_jump_table_data_block, call_target_has_other_fallthrough_inter, __agg_subclause6, impossible_block, jump_table_element_access, gp_relative_operand, next_end, block_heuristic, stack_base_reg_move, stack_def_use.live_var_def, composite_data_access, unresolved_interval, block_limit, arm_jump_table_candidate, call_tls_get_addr_mips, symbol_minus_symbol_litpool_access_pattern, may_fallthrough, segment_target_range, arch.reg_relative_load, __agg_subclause2, candidate_block_is_not_padding, self_contained_segment, arch.extend_load, block_last_instruction, jump_table_prelude, stack_def_use.defined_in_block, arm_jump_table_candidate_start, split_load_candidate, split_load, data_access, cmp_defines, padding_block_candidate, split_load_point, tls_desc_call, reg_def_use.block_last_def, const_value_reg_used, value_reg_edge, is_padding, negative_block_heuristic, discarded_split_load, relative_address_start, base_relative_operation, simple_data_access_pattern, block, reg_has_base_image, jump_table_target, __agg_subclause4, init_ldr_add_pc, data_in_code_propagate, __agg_single2, relative_address, block_points, must_fallthrough, wis_prior, resolved_reaches, inferred_main_dispatch, code_in_block_candidate, last_value_reg_limit, nop_in_padding_candidate, value_reg_unsupported, reg_def_use.defined_in_block, correlated_live_reg, plt_entry, reg_def_use.live_var_used, adjusts_stack_in_block, __agg_subclause7, wis_schedule, initial_function_containing_return, next_function_entry_initial, discarded_block, possible_target, plt_block, fallthrough_over_padding, straight_line_last_def, block_implies_block, incomplete_block, wis_memo, value_reg_limit, inter_procedural_edge, reg_used_for, reg_def_use.live_var_def, known_block, arm_jump_table_block_start, reg_def_use.return_block_end, initialized_data_segment, data_segment, local_dynamic_tls_candidate, jump_table_candidate_refined, start_function, call_tls_get_addr, value_reg, got_relative_operand, adrp_used, unresolved_block_overlap, function_inference.function_entry_initial, arm_jump_table_skip_first_entry, split_load_total_points, next_type, no_return_call, jump_table_start, code_in_block_candidate_refined, basic_target, arch.simple_data_load, possible_target_from, overlapping_instruction, base_relative_jump, stack_def_use.live_var_used_in_block, invalid, compare_and_jump_indirect_op_valid, split_load_conflict, arm_jump_table_data_block_limit, call_may_fallthrough_inter, stack_def_use.used_in_block, compare_and_jump_indirect, no_return_call_propagated, after_end, __agg_subclause3, code_in_block, reg_def_use.return_val_used, transition_block_limit, no_value_reg_limit, block_candidate_dependency_edge, litpool_confidence, branch_to_calculated_pc_rel_addr, block_total_points, candidate_block_is_padding, stack_def_use.live_var_at_prior_used, litpool_boundaries, tls_relative_operand_mips, first_block_in_byte_interval, cmp_reg_to_reg, no_return_call_refined, split_load_for_symbolization, jump_table_candidate, reg_def_use.ambiguous_last_def_in_block, next_start, stack_def_use.def_used, block_next, reg_def_use.ref_in_block, reg_def_use.live_var_at_prior_used, data_in_code, hi_load_prop, reg_has_got, init_symbol_minus_symbol_candidate_arm, split_load_operand, unresolved_block, jump_table_max, common_tail, instruction_memory_access_size, likely_fallthrough, __agg_single10, compare_and_jump_immediate, wis_schedule_iter, block_candidate_boundaries, stack_def_use.live_var_at_block_end, contains_plausible_instr_seq, padding_block_limit, relocation_adjustment_total, arm_jump_table_cmp_limit, jump_table_signed, flags_and_jump_pair, next_block_in_byte_interval, reg_def_use.ambiguous_block_last_def, unresolved_interval_order, symbolic_expr_from_relocation, no_return_block, overlap_with_litpool, reg_def_use.def_used, stack_def_use.block_last_def, inferred_main_in_reg, contains_implausible_instr_seq, base_relative_operand, invalid_jump_table_candidate, tls_get_addr, reg_def_use.last_def_in_block, straight_line_def_used, data_block_limit, litpool_ref, cinf_ldr_add_pc, compare_and_jump_register, stack_def_use.live_var_used, block_overlap, __agg_single3, block_points_proportional, stack_def_use.last_def_in_block, reg_reg_arithmetic_operation_defs, reg_def_use.used, reg_def_use.flow_def

litpool_confidence(EARef:address, LitPoolAddr:address, Reason:symbol)

Confidence level for each literal pool

• Uses: arch.call, arch.dangling_thumb_instr, arch.float_reg, arch.integer_reg_param, arch.memory_access, arch.pc_relative_addr, instruction, instruction_get_dest_op, op_regdirect_contains_reg

• Recursive: indefinite_litpool_ref, __agg_single6, indexed_pc_relative_load, litpool_symbolic_operand, indexed_pc_relative_load_relative, data_block_candidate, wis_has_prior, unlikely_have_symbolic_immediate, relative_jump_table_entry_candidate, block_boundaries, def_used_for_address, block_instruction_next, reg_def_use.used_in_block, arm_jump_table_block_instruction, relocation_adjustment, reg_def_use.live_var_at_block_end, stack_def_use.ref_in_block, arm_jump_table_data_block, call_target_has_other_fallthrough_inter, __agg_subclause6, impossible_block, jump_table_element_access, gp_relative_operand, next_end, block_heuristic, stack_base_reg_move, stack_def_use.live_var_def, composite_data_access, unresolved_interval, block_limit, arm_jump_table_candidate, call_tls_get_addr_mips, symbol_minus_symbol_litpool_access_pattern, may_fallthrough, segment_target_range, arch.reg_relative_load, __agg_subclause2, candidate_block_is_not_padding, self_contained_segment, arch.extend_load, block_last_instruction, jump_table_prelude, stack_def_use.defined_in_block, arm_jump_table_candidate_start, split_load_candidate, split_load, data_access, cmp_defines, padding_block_candidate, split_load_point, tls_desc_call, reg_def_use.block_last_def, const_value_reg_used, value_reg_edge, is_padding, negative_block_heuristic, discarded_split_load, relative_address_start, base_relative_operation, simple_data_access_pattern, block, reg_has_base_image, jump_table_target, __agg_subclause4, init_ldr_add_pc, data_in_code_propagate, __agg_single2, relative_address, block_points, must_fallthrough, wis_prior, resolved_reaches, inferred_main_dispatch, code_in_block_candidate, last_value_reg_limit, nop_in_padding_candidate, value_reg_unsupported, reg_def_use.defined_in_block, correlated_live_reg, plt_entry, reg_def_use.live_var_used, adjusts_stack_in_block, __agg_subclause7, wis_schedule, initial_function_containing_return, next_function_entry_initial, discarded_block, possible_target, plt_block, fallthrough_over_padding, straight_line_last_def, block_implies_block, incomplete_block, wis_memo, value_reg_limit, inter_procedural_edge, reg_used_for, reg_def_use.live_var_def, known_block, arm_jump_table_block_start, reg_def_use.return_block_end, initialized_data_segment, data_segment, local_dynamic_tls_candidate, jump_table_candidate_refined, start_function, call_tls_get_addr, value_reg, got_relative_operand, adrp_used, unresolved_block_overlap, function_inference.function_entry_initial, arm_jump_table_skip_first_entry, split_load_total_points, next_type, no_return_call, jump_table_start, code_in_block_candidate_refined, basic_target, arch.simple_data_load, possible_target_from, overlapping_instruction, base_relative_jump, stack_def_use.live_var_used_in_block, invalid, compare_and_jump_indirect_op_valid, split_load_conflict, arm_jump_table_data_block_limit, call_may_fallthrough_inter, stack_def_use.used_in_block, compare_and_jump_indirect, no_return_call_propagated, after_end, __agg_subclause3, code_in_block, reg_def_use.return_val_used, transition_block_limit, no_value_reg_limit, block_candidate_dependency_edge, litpool_confidence, branch_to_calculated_pc_rel_addr, block_total_points, candidate_block_is_padding, stack_def_use.live_var_at_prior_used, litpool_boundaries, tls_relative_operand_mips, first_block_in_byte_interval, cmp_reg_to_reg, no_return_call_refined, split_load_for_symbolization, jump_table_candidate, reg_def_use.ambiguous_last_def_in_block, next_start, stack_def_use.def_used, block_next, reg_def_use.ref_in_block, reg_def_use.live_var_at_prior_used, data_in_code, hi_load_prop, reg_has_got, init_symbol_minus_symbol_candidate_arm, split_load_operand, unresolved_block, jump_table_max, common_tail, instruction_memory_access_size, likely_fallthrough, __agg_single10, compare_and_jump_immediate, wis_schedule_iter, block_candidate_boundaries, stack_def_use.live_var_at_block_end, contains_plausible_instr_seq, padding_block_limit, relocation_adjustment_total, arm_jump_table_cmp_limit, jump_table_signed, flags_and_jump_pair, next_block_in_byte_interval, reg_def_use.ambiguous_block_last_def, unresolved_interval_order, symbolic_expr_from_relocation, no_return_block, overlap_with_litpool, reg_def_use.def_used, stack_def_use.block_last_def, inferred_main_in_reg, contains_implausible_instr_seq, base_relative_operand, invalid_jump_table_candidate, tls_get_addr, reg_def_use.last_def_in_block, straight_line_def_used, data_block_limit, litpool_ref, cinf_ldr_add_pc, compare_and_jump_register, stack_def_use.live_var_used, block_overlap, __agg_single3, block_points_proportional, stack_def_use.last_def_in_block, reg_reg_arithmetic_operation_defs, reg_def_use.used, reg_def_use.flow_def

code_to_litpool_ref_point_transfer(Reason:symbol)

• Used by: block_heuristic

mode_min_instruction_size(Mode:unsigned, Size:unsigned)

Minimum instruction size for each execution mode.

Mode can be 0 (ARM) or 1 (Thumb)

• Used by: branch_to_calculated_pc_rel_addr

branch_to_calculated_pc_rel_addr(EA:address, Dest:address)

A computed PC-relative address that isn’t a jump table.

This example was generated in zlib with gcc 9.4. -Os:

adr r1, Label add r2, r1, r2, lsl #4 mov pc, r2

.Label:

cmp r3, r1, lsl #31 nop adc r0, r0, r0 it hs subhs r3, r3, r1, lsl #31

.Label+16:

cmp r3, r1, lsl #30 nop adc r0, r0, r0 it hs subhs r3, r3, r1, lsl #30

.Label+32:

…

In the above pattern, Label is supposed to be code rather than data (literal pools).

• Uses: arch.instruction_at, arch.jump_operation_op_index, arch.pc_relative_addr, arch.reg_reg_arithmetic_operation, instruction, instruction_get_op, mode_min_instruction_size, op_regdirect_contains_reg

• Recursive: indefinite_litpool_ref, __agg_single6, indexed_pc_relative_load, litpool_symbolic_operand, indexed_pc_relative_load_relative, data_block_candidate, wis_has_prior, unlikely_have_symbolic_immediate, relative_jump_table_entry_candidate, block_boundaries, def_used_for_address, block_instruction_next, reg_def_use.used_in_block, arm_jump_table_block_instruction, relocation_adjustment, reg_def_use.live_var_at_block_end, stack_def_use.ref_in_block, arm_jump_table_data_block, call_target_has_other_fallthrough_inter, __agg_subclause6, impossible_block, jump_table_element_access, gp_relative_operand, next_end, block_heuristic, stack_base_reg_move, stack_def_use.live_var_def, composite_data_access, unresolved_interval, block_limit, arm_jump_table_candidate, call_tls_get_addr_mips, symbol_minus_symbol_litpool_access_pattern, may_fallthrough, segment_target_range, arch.reg_relative_load, __agg_subclause2, candidate_block_is_not_padding, self_contained_segment, arch.extend_load, block_last_instruction, jump_table_prelude, stack_def_use.defined_in_block, arm_jump_table_candidate_start, split_load_candidate, split_load, data_access, cmp_defines, padding_block_candidate, split_load_point, tls_desc_call, reg_def_use.block_last_def, const_value_reg_used, value_reg_edge, is_padding, negative_block_heuristic, discarded_split_load, relative_address_start, base_relative_operation, simple_data_access_pattern, block, reg_has_base_image, jump_table_target, __agg_subclause4, init_ldr_add_pc, data_in_code_propagate, __agg_single2, relative_address, block_points, must_fallthrough, wis_prior, resolved_reaches, inferred_main_dispatch, code_in_block_candidate, last_value_reg_limit, nop_in_padding_candidate, value_reg_unsupported, reg_def_use.defined_in_block, correlated_live_reg, plt_entry, reg_def_use.live_var_used, adjusts_stack_in_block, __agg_subclause7, wis_schedule, initial_function_containing_return, next_function_entry_initial, discarded_block, possible_target, plt_block, fallthrough_over_padding, straight_line_last_def, block_implies_block, incomplete_block, wis_memo, value_reg_limit, inter_procedural_edge, reg_used_for, reg_def_use.live_var_def, known_block, arm_jump_table_block_start, reg_def_use.return_block_end, initialized_data_segment, data_segment, local_dynamic_tls_candidate, jump_table_candidate_refined, start_function, call_tls_get_addr, value_reg, got_relative_operand, adrp_used, unresolved_block_overlap, function_inference.function_entry_initial, arm_jump_table_skip_first_entry, split_load_total_points, next_type, no_return_call, jump_table_start, code_in_block_candidate_refined, basic_target, arch.simple_data_load, possible_target_from, overlapping_instruction, base_relative_jump, stack_def_use.live_var_used_in_block, invalid, compare_and_jump_indirect_op_valid, split_load_conflict, arm_jump_table_data_block_limit, call_may_fallthrough_inter, stack_def_use.used_in_block, compare_and_jump_indirect, no_return_call_propagated, after_end, __agg_subclause3, code_in_block, reg_def_use.return_val_used, transition_block_limit, no_value_reg_limit, block_candidate_dependency_edge, litpool_confidence, branch_to_calculated_pc_rel_addr, block_total_points, candidate_block_is_padding, stack_def_use.live_var_at_prior_used, litpool_boundaries, tls_relative_operand_mips, first_block_in_byte_interval, cmp_reg_to_reg, no_return_call_refined, split_load_for_symbolization, jump_table_candidate, reg_def_use.ambiguous_last_def_in_block, next_start, stack_def_use.def_used, block_next, reg_def_use.ref_in_block, reg_def_use.live_var_at_prior_used, data_in_code, hi_load_prop, reg_has_got, init_symbol_minus_symbol_candidate_arm, split_load_operand, unresolved_block, jump_table_max, common_tail, instruction_memory_access_size, likely_fallthrough, __agg_single10, compare_and_jump_immediate, wis_schedule_iter, block_candidate_boundaries, stack_def_use.live_var_at_block_end, contains_plausible_instr_seq, padding_block_limit, relocation_adjustment_total, arm_jump_table_cmp_limit, jump_table_signed, flags_and_jump_pair, next_block_in_byte_interval, reg_def_use.ambiguous_block_last_def, unresolved_interval_order, symbolic_expr_from_relocation, no_return_block, overlap_with_litpool, reg_def_use.def_used, stack_def_use.block_last_def, inferred_main_in_reg, contains_implausible_instr_seq, base_relative_operand, invalid_jump_table_candidate, tls_get_addr, reg_def_use.last_def_in_block, straight_line_def_used, data_block_limit, litpool_ref, cinf_ldr_add_pc, compare_and_jump_register, stack_def_use.live_var_used, block_overlap, __agg_single3, block_points_proportional, stack_def_use.last_def_in_block, reg_reg_arithmetic_operation_defs, reg_def_use.used, reg_def_use.flow_def