arch/arm32_jump_tables

Define a set predicates to detect jump-tables for ARM32

arm_jump_table_block_instruction(EA:address, EA_jump:address)

Instructions in the same block as the jumptable’s jump instruction.

• Recursive: data_block_limit, litpool_confidence, initialized_data_segment, possible_target, __agg_single2, arch.simple_data_load, wis_has_prior, padding_block_candidate, arm_jump_table_candidate, arm_jump_table_block_instruction, straight_line_def_used, init_ldr_add_pc, next_block_in_byte_interval, __agg_single6, contains_plausible_instr_seq, arm_jump_table_data_block, relocation_adjustment_total, arm_jump_table_cmp_limit, no_return_call_propagated, unresolved_interval_order, tls_desc_call, next_type, flags_and_jump_pair, split_load_point, plt_block, base_relative_operand, reg_def_use.last_def_in_block, value_reg_unsupported, gp_relative_operand, stack_def_use.live_var_used_in_block, reg_def_use.live_var_def, last_value_reg_limit, reg_def_use.live_var_at_prior_used, may_fallthrough, known_block, reg_def_use.used, stack_def_use.used_in_block, self_contained_segment, straight_line_last_def, no_return_block, unresolved_block_overlap, reg_def_use.ref_in_block, reg_has_got, block_heuristic, stack_def_use.live_var_used, cmp_defines, hi_load_prop, compare_and_jump_immediate, correlated_live_reg, litpool_symbolic_operand, unlikely_have_symbolic_immediate, jump_table_signed, candidate_block_is_padding, wis_schedule, indexed_pc_relative_load, arm_jump_table_skip_first_entry, __agg_single3, arch.reg_relative_load, jump_table_start, function_inference.function_entry_initial, no_return_call_refined, const_value_reg_used, reg_def_use.defined_in_block, block_points, block_total_points, common_tail, next_end, basic_target, reg_def_use.block_last_def, relative_address, arch.extend_load, relative_jump_table_entry_candidate, data_block_candidate, plt_entry, incomplete_block, split_load, simple_data_access_pattern, stack_def_use.live_var_def, symbol_minus_symbol_litpool_access_pattern, __agg_subclause7, stack_def_use.live_var_at_block_end, arm_jump_table_block_start, negative_block_heuristic, candidate_block_is_not_padding, data_access, reg_def_use.ambiguous_block_last_def, compare_and_jump_indirect_op_valid, unresolved_block, compare_and_jump_indirect, composite_data_access, litpool_ref, branch_to_calculated_pc_rel_addr, jump_table_candidate_refined, __agg_subclause3, contains_implausible_instr_seq, data_in_code_propagate, adrp_used, wis_prior, after_end, jump_table_candidate, instruction_memory_access_size, block_candidate_dependency_edge, block_limit, discarded_block, next_start, init_symbol_minus_symbol_candidate_arm, block_instruction_next, reg_def_use.live_var_used, first_block_in_byte_interval, tls_get_addr, inferred_main_in_reg, code_in_block_candidate, split_load_total_points, segment_target_range, reg_has_base_image, overlap_with_litpool, no_return_call, stack_def_use.last_def_in_block, jump_table_target, litpool_boundaries, inferred_main_dispatch, invalid_jump_table_candidate, reg_used_for, def_used_for_address, must_fallthrough, impossible_block, unresolved_interval, arm_jump_table_data_block_limit, split_load_operand, data_in_code, stack_def_use.live_var_at_prior_used, base_relative_jump, __agg_subclause2, arm_jump_table_candidate_start, wis_schedule_iter, wis_memo, block_next, jump_table_prelude, value_reg, nop_in_padding_candidate, inter_procedural_edge, got_relative_operand, relocation_adjustment, code_in_block, reg_def_use.used_in_block, symbolic_expr_from_relocation, stack_def_use.defined_in_block, value_reg_limit, value_reg_edge, possible_target_from, split_load_for_symbolization, block_boundaries, reg_def_use.return_val_used, split_load_candidate, is_padding, reg_def_use.def_used, block_implies_block, discarded_split_load, reg_def_use.ambiguous_last_def_in_block, block, jump_table_element_access, data_segment, invalid, indefinite_litpool_ref, block_candidate_boundaries, reg_reg_arithmetic_operation_defs, cmp_reg_to_reg, stack_def_use.block_last_def, jump_table_max, reg_def_use.return_block_end, call_tls_get_addr, cinf_ldr_add_pc, block_overlap, adjusts_stack_in_block, relative_address_start, reg_def_use.flow_def, likely_fallthrough, overlapping_instruction, compare_and_jump_register, transition_block_limit, stack_def_use.def_used, split_load_conflict, __agg_subclause6, padding_block_limit, reg_def_use.live_var_at_block_end, start_function, block_points_proportional, code_in_block_candidate_refined, resolved_reaches, no_value_reg_limit, base_relative_operation, stack_def_use.ref_in_block, stack_base_reg_move, block_last_instruction, indexed_pc_relative_load_relative

arm_jump_table_block_start(Block:address, EA_jump:address)

The start of the block containing the jumptable’s jump instruction.

Can be used before code_in_block_candidate.

• Uses: next

• Recursive: data_block_limit, litpool_confidence, initialized_data_segment, possible_target, __agg_single2, arch.simple_data_load, wis_has_prior, padding_block_candidate, arm_jump_table_candidate, arm_jump_table_block_instruction, straight_line_def_used, init_ldr_add_pc, next_block_in_byte_interval, __agg_single6, contains_plausible_instr_seq, arm_jump_table_data_block, relocation_adjustment_total, arm_jump_table_cmp_limit, no_return_call_propagated, unresolved_interval_order, tls_desc_call, next_type, flags_and_jump_pair, split_load_point, plt_block, base_relative_operand, reg_def_use.last_def_in_block, value_reg_unsupported, gp_relative_operand, stack_def_use.live_var_used_in_block, reg_def_use.live_var_def, last_value_reg_limit, reg_def_use.live_var_at_prior_used, may_fallthrough, known_block, reg_def_use.used, stack_def_use.used_in_block, self_contained_segment, straight_line_last_def, no_return_block, unresolved_block_overlap, reg_def_use.ref_in_block, reg_has_got, block_heuristic, stack_def_use.live_var_used, cmp_defines, hi_load_prop, compare_and_jump_immediate, correlated_live_reg, litpool_symbolic_operand, unlikely_have_symbolic_immediate, jump_table_signed, candidate_block_is_padding, wis_schedule, indexed_pc_relative_load, arm_jump_table_skip_first_entry, __agg_single3, arch.reg_relative_load, jump_table_start, function_inference.function_entry_initial, no_return_call_refined, const_value_reg_used, reg_def_use.defined_in_block, block_points, block_total_points, common_tail, next_end, basic_target, reg_def_use.block_last_def, relative_address, arch.extend_load, relative_jump_table_entry_candidate, data_block_candidate, plt_entry, incomplete_block, split_load, simple_data_access_pattern, stack_def_use.live_var_def, symbol_minus_symbol_litpool_access_pattern, __agg_subclause7, stack_def_use.live_var_at_block_end, arm_jump_table_block_start, negative_block_heuristic, candidate_block_is_not_padding, data_access, reg_def_use.ambiguous_block_last_def, compare_and_jump_indirect_op_valid, unresolved_block, compare_and_jump_indirect, composite_data_access, litpool_ref, branch_to_calculated_pc_rel_addr, jump_table_candidate_refined, __agg_subclause3, contains_implausible_instr_seq, data_in_code_propagate, adrp_used, wis_prior, after_end, jump_table_candidate, instruction_memory_access_size, block_candidate_dependency_edge, block_limit, discarded_block, next_start, init_symbol_minus_symbol_candidate_arm, block_instruction_next, reg_def_use.live_var_used, first_block_in_byte_interval, tls_get_addr, inferred_main_in_reg, code_in_block_candidate, split_load_total_points, segment_target_range, reg_has_base_image, overlap_with_litpool, no_return_call, stack_def_use.last_def_in_block, jump_table_target, litpool_boundaries, inferred_main_dispatch, invalid_jump_table_candidate, reg_used_for, def_used_for_address, must_fallthrough, impossible_block, unresolved_interval, arm_jump_table_data_block_limit, split_load_operand, data_in_code, stack_def_use.live_var_at_prior_used, base_relative_jump, __agg_subclause2, arm_jump_table_candidate_start, wis_schedule_iter, wis_memo, block_next, jump_table_prelude, value_reg, nop_in_padding_candidate, inter_procedural_edge, got_relative_operand, relocation_adjustment, code_in_block, reg_def_use.used_in_block, symbolic_expr_from_relocation, stack_def_use.defined_in_block, value_reg_limit, value_reg_edge, possible_target_from, split_load_for_symbolization, block_boundaries, reg_def_use.return_val_used, split_load_candidate, is_padding, reg_def_use.def_used, block_implies_block, discarded_split_load, reg_def_use.ambiguous_last_def_in_block, block, jump_table_element_access, data_segment, invalid, indefinite_litpool_ref, block_candidate_boundaries, reg_reg_arithmetic_operation_defs, cmp_reg_to_reg, stack_def_use.block_last_def, jump_table_max, reg_def_use.return_block_end, call_tls_get_addr, cinf_ldr_add_pc, block_overlap, adjusts_stack_in_block, relative_address_start, reg_def_use.flow_def, likely_fallthrough, overlapping_instruction, compare_and_jump_register, transition_block_limit, stack_def_use.def_used, split_load_conflict, __agg_subclause6, padding_block_limit, reg_def_use.live_var_at_block_end, start_function, block_points_proportional, code_in_block_candidate_refined, resolved_reaches, no_value_reg_limit, base_relative_operation, stack_def_use.ref_in_block, stack_base_reg_move, block_last_instruction, indexed_pc_relative_load_relative

indexed_pc_relative_load(EA:address, DstReg:register, LoadFrom:address, IndexReg:reg_nullable, Size:unsigned)

PC-relative loads using an index register

• Uses: arch.memory_access, arch.pc_relative_addr

• Recursive: data_block_limit, litpool_confidence, initialized_data_segment, possible_target, __agg_single2, arch.simple_data_load, wis_has_prior, padding_block_candidate, arm_jump_table_candidate, arm_jump_table_block_instruction, straight_line_def_used, init_ldr_add_pc, next_block_in_byte_interval, __agg_single6, contains_plausible_instr_seq, arm_jump_table_data_block, relocation_adjustment_total, arm_jump_table_cmp_limit, no_return_call_propagated, unresolved_interval_order, tls_desc_call, next_type, flags_and_jump_pair, split_load_point, plt_block, base_relative_operand, reg_def_use.last_def_in_block, value_reg_unsupported, gp_relative_operand, stack_def_use.live_var_used_in_block, reg_def_use.live_var_def, last_value_reg_limit, reg_def_use.live_var_at_prior_used, may_fallthrough, known_block, reg_def_use.used, stack_def_use.used_in_block, self_contained_segment, straight_line_last_def, no_return_block, unresolved_block_overlap, reg_def_use.ref_in_block, reg_has_got, block_heuristic, stack_def_use.live_var_used, cmp_defines, hi_load_prop, compare_and_jump_immediate, correlated_live_reg, litpool_symbolic_operand, unlikely_have_symbolic_immediate, jump_table_signed, candidate_block_is_padding, wis_schedule, indexed_pc_relative_load, arm_jump_table_skip_first_entry, __agg_single3, arch.reg_relative_load, jump_table_start, function_inference.function_entry_initial, no_return_call_refined, const_value_reg_used, reg_def_use.defined_in_block, block_points, block_total_points, common_tail, next_end, basic_target, reg_def_use.block_last_def, relative_address, arch.extend_load, relative_jump_table_entry_candidate, data_block_candidate, plt_entry, incomplete_block, split_load, simple_data_access_pattern, stack_def_use.live_var_def, symbol_minus_symbol_litpool_access_pattern, __agg_subclause7, stack_def_use.live_var_at_block_end, arm_jump_table_block_start, negative_block_heuristic, candidate_block_is_not_padding, data_access, reg_def_use.ambiguous_block_last_def, compare_and_jump_indirect_op_valid, unresolved_block, compare_and_jump_indirect, composite_data_access, litpool_ref, branch_to_calculated_pc_rel_addr, jump_table_candidate_refined, __agg_subclause3, contains_implausible_instr_seq, data_in_code_propagate, adrp_used, wis_prior, after_end, jump_table_candidate, instruction_memory_access_size, block_candidate_dependency_edge, block_limit, discarded_block, next_start, init_symbol_minus_symbol_candidate_arm, block_instruction_next, reg_def_use.live_var_used, first_block_in_byte_interval, tls_get_addr, inferred_main_in_reg, code_in_block_candidate, split_load_total_points, segment_target_range, reg_has_base_image, overlap_with_litpool, no_return_call, stack_def_use.last_def_in_block, jump_table_target, litpool_boundaries, inferred_main_dispatch, invalid_jump_table_candidate, reg_used_for, def_used_for_address, must_fallthrough, impossible_block, unresolved_interval, arm_jump_table_data_block_limit, split_load_operand, data_in_code, stack_def_use.live_var_at_prior_used, base_relative_jump, __agg_subclause2, arm_jump_table_candidate_start, wis_schedule_iter, wis_memo, block_next, jump_table_prelude, value_reg, nop_in_padding_candidate, inter_procedural_edge, got_relative_operand, relocation_adjustment, code_in_block, reg_def_use.used_in_block, symbolic_expr_from_relocation, stack_def_use.defined_in_block, value_reg_limit, value_reg_edge, possible_target_from, split_load_for_symbolization, block_boundaries, reg_def_use.return_val_used, split_load_candidate, is_padding, reg_def_use.def_used, block_implies_block, discarded_split_load, reg_def_use.ambiguous_last_def_in_block, block, jump_table_element_access, data_segment, invalid, indefinite_litpool_ref, block_candidate_boundaries, reg_reg_arithmetic_operation_defs, cmp_reg_to_reg, stack_def_use.block_last_def, jump_table_max, reg_def_use.return_block_end, call_tls_get_addr, cinf_ldr_add_pc, block_overlap, adjusts_stack_in_block, relative_address_start, reg_def_use.flow_def, likely_fallthrough, overlapping_instruction, compare_and_jump_register, transition_block_limit, stack_def_use.def_used, split_load_conflict, __agg_subclause6, padding_block_limit, reg_def_use.live_var_at_block_end, start_function, block_points_proportional, code_in_block_candidate_refined, resolved_reaches, no_value_reg_limit, base_relative_operation, stack_def_use.ref_in_block, stack_base_reg_move, block_last_instruction, indexed_pc_relative_load_relative

indexed_pc_relative_load_relative(EA:address, DstReg:register, LoadFrom:address, IndexReg:reg_nullable, Size:unsigned, EA_add:address, Reference:address)

Specialization of indexed_pc_relative_load, where the result in an arithmetic operation indicating a relative jump table.

• Uses: arch.pc_relative_addr, arch.reg_reg_arithmetic_operation

• Recursive: data_block_limit, litpool_confidence, initialized_data_segment, possible_target, __agg_single2, arch.simple_data_load, wis_has_prior, padding_block_candidate, arm_jump_table_candidate, arm_jump_table_block_instruction, straight_line_def_used, init_ldr_add_pc, next_block_in_byte_interval, __agg_single6, contains_plausible_instr_seq, arm_jump_table_data_block, relocation_adjustment_total, arm_jump_table_cmp_limit, no_return_call_propagated, unresolved_interval_order, tls_desc_call, next_type, flags_and_jump_pair, split_load_point, plt_block, base_relative_operand, reg_def_use.last_def_in_block, value_reg_unsupported, gp_relative_operand, stack_def_use.live_var_used_in_block, reg_def_use.live_var_def, last_value_reg_limit, reg_def_use.live_var_at_prior_used, may_fallthrough, known_block, reg_def_use.used, stack_def_use.used_in_block, self_contained_segment, straight_line_last_def, no_return_block, unresolved_block_overlap, reg_def_use.ref_in_block, reg_has_got, block_heuristic, stack_def_use.live_var_used, cmp_defines, hi_load_prop, compare_and_jump_immediate, correlated_live_reg, litpool_symbolic_operand, unlikely_have_symbolic_immediate, jump_table_signed, candidate_block_is_padding, wis_schedule, indexed_pc_relative_load, arm_jump_table_skip_first_entry, __agg_single3, arch.reg_relative_load, jump_table_start, function_inference.function_entry_initial, no_return_call_refined, const_value_reg_used, reg_def_use.defined_in_block, block_points, block_total_points, common_tail, next_end, basic_target, reg_def_use.block_last_def, relative_address, arch.extend_load, relative_jump_table_entry_candidate, data_block_candidate, plt_entry, incomplete_block, split_load, simple_data_access_pattern, stack_def_use.live_var_def, symbol_minus_symbol_litpool_access_pattern, __agg_subclause7, stack_def_use.live_var_at_block_end, arm_jump_table_block_start, negative_block_heuristic, candidate_block_is_not_padding, data_access, reg_def_use.ambiguous_block_last_def, compare_and_jump_indirect_op_valid, unresolved_block, compare_and_jump_indirect, composite_data_access, litpool_ref, branch_to_calculated_pc_rel_addr, jump_table_candidate_refined, __agg_subclause3, contains_implausible_instr_seq, data_in_code_propagate, adrp_used, wis_prior, after_end, jump_table_candidate, instruction_memory_access_size, block_candidate_dependency_edge, block_limit, discarded_block, next_start, init_symbol_minus_symbol_candidate_arm, block_instruction_next, reg_def_use.live_var_used, first_block_in_byte_interval, tls_get_addr, inferred_main_in_reg, code_in_block_candidate, split_load_total_points, segment_target_range, reg_has_base_image, overlap_with_litpool, no_return_call, stack_def_use.last_def_in_block, jump_table_target, litpool_boundaries, inferred_main_dispatch, invalid_jump_table_candidate, reg_used_for, def_used_for_address, must_fallthrough, impossible_block, unresolved_interval, arm_jump_table_data_block_limit, split_load_operand, data_in_code, stack_def_use.live_var_at_prior_used, base_relative_jump, __agg_subclause2, arm_jump_table_candidate_start, wis_schedule_iter, wis_memo, block_next, jump_table_prelude, value_reg, nop_in_padding_candidate, inter_procedural_edge, got_relative_operand, relocation_adjustment, code_in_block, reg_def_use.used_in_block, symbolic_expr_from_relocation, stack_def_use.defined_in_block, value_reg_limit, value_reg_edge, possible_target_from, split_load_for_symbolization, block_boundaries, reg_def_use.return_val_used, split_load_candidate, is_padding, reg_def_use.def_used, block_implies_block, discarded_split_load, reg_def_use.ambiguous_last_def_in_block, block, jump_table_element_access, data_segment, invalid, indefinite_litpool_ref, block_candidate_boundaries, reg_reg_arithmetic_operation_defs, cmp_reg_to_reg, stack_def_use.block_last_def, jump_table_max, reg_def_use.return_block_end, call_tls_get_addr, cinf_ldr_add_pc, block_overlap, adjusts_stack_in_block, relative_address_start, reg_def_use.flow_def, likely_fallthrough, overlapping_instruction, compare_and_jump_register, transition_block_limit, stack_def_use.def_used, split_load_conflict, __agg_subclause6, padding_block_limit, reg_def_use.live_var_at_block_end, start_function, block_points_proportional, code_in_block_candidate_refined, resolved_reaches, no_value_reg_limit, base_relative_operation, stack_def_use.ref_in_block, stack_base_reg_move, block_last_instruction, indexed_pc_relative_load_relative

thumb_jumptable_instruction(Operation:symbol, Size:unsigned)

Thumb jump table instructions “TBB” and “TBH” and their entry sizes.

• Used by: arm_jump_table_candidate_start

arm_jump_table_candidate_target(Type:symbol, Thumb:unsigned, EA:address, Reference:address, Size:unsigned, Scale:unsigned, TargetAddr:address)

Compute the target address for the given unsigned relative jump-table entry.

Type: Target type (“rel_unsigned”, “rel_signed”, or “absolute”) EA: An entry of a relative jump-table Thumb: lowest address bit of the jumping instruction Reference: The Base from which offsets are relative Size: The size of the entry Scale: The scale amount is multiplied to the entry value AlignedTargetAddr: The computed target address is aligned

WARNING: Predicate not present in compiled Datalog program (Dead Code)

arm_jump_table_skip_first_entry(EA_jump:address)

Indicates the jump table used be EA_jump is allowed to skip the first entry in the table.

Sometimes the compiler knows the index is non-zero, and puts padding in the starting entry. We have observed a couple of cases where this is necessary:

• zero padding in a tbb jump table

• ”bpkt #0” as padding in ARM ldr/add in libRSCpuRef.so

• Uses: address_in_data, arch.instruction_at, instruction

• Recursive: data_block_limit, litpool_confidence, initialized_data_segment, possible_target, __agg_single2, arch.simple_data_load, wis_has_prior, padding_block_candidate, arm_jump_table_candidate, arm_jump_table_block_instruction, straight_line_def_used, init_ldr_add_pc, next_block_in_byte_interval, __agg_single6, contains_plausible_instr_seq, arm_jump_table_data_block, relocation_adjustment_total, arm_jump_table_cmp_limit, no_return_call_propagated, unresolved_interval_order, tls_desc_call, next_type, flags_and_jump_pair, split_load_point, plt_block, base_relative_operand, reg_def_use.last_def_in_block, value_reg_unsupported, gp_relative_operand, stack_def_use.live_var_used_in_block, reg_def_use.live_var_def, last_value_reg_limit, reg_def_use.live_var_at_prior_used, may_fallthrough, known_block, reg_def_use.used, stack_def_use.used_in_block, self_contained_segment, straight_line_last_def, no_return_block, unresolved_block_overlap, reg_def_use.ref_in_block, reg_has_got, block_heuristic, stack_def_use.live_var_used, cmp_defines, hi_load_prop, compare_and_jump_immediate, correlated_live_reg, litpool_symbolic_operand, unlikely_have_symbolic_immediate, jump_table_signed, candidate_block_is_padding, wis_schedule, indexed_pc_relative_load, arm_jump_table_skip_first_entry, __agg_single3, arch.reg_relative_load, jump_table_start, function_inference.function_entry_initial, no_return_call_refined, const_value_reg_used, reg_def_use.defined_in_block, block_points, block_total_points, common_tail, next_end, basic_target, reg_def_use.block_last_def, relative_address, arch.extend_load, relative_jump_table_entry_candidate, data_block_candidate, plt_entry, incomplete_block, split_load, simple_data_access_pattern, stack_def_use.live_var_def, symbol_minus_symbol_litpool_access_pattern, __agg_subclause7, stack_def_use.live_var_at_block_end, arm_jump_table_block_start, negative_block_heuristic, candidate_block_is_not_padding, data_access, reg_def_use.ambiguous_block_last_def, compare_and_jump_indirect_op_valid, unresolved_block, compare_and_jump_indirect, composite_data_access, litpool_ref, branch_to_calculated_pc_rel_addr, jump_table_candidate_refined, __agg_subclause3, contains_implausible_instr_seq, data_in_code_propagate, adrp_used, wis_prior, after_end, jump_table_candidate, instruction_memory_access_size, block_candidate_dependency_edge, block_limit, discarded_block, next_start, init_symbol_minus_symbol_candidate_arm, block_instruction_next, reg_def_use.live_var_used, first_block_in_byte_interval, tls_get_addr, inferred_main_in_reg, code_in_block_candidate, split_load_total_points, segment_target_range, reg_has_base_image, overlap_with_litpool, no_return_call, stack_def_use.last_def_in_block, jump_table_target, litpool_boundaries, inferred_main_dispatch, invalid_jump_table_candidate, reg_used_for, def_used_for_address, must_fallthrough, impossible_block, unresolved_interval, arm_jump_table_data_block_limit, split_load_operand, data_in_code, stack_def_use.live_var_at_prior_used, base_relative_jump, __agg_subclause2, arm_jump_table_candidate_start, wis_schedule_iter, wis_memo, block_next, jump_table_prelude, value_reg, nop_in_padding_candidate, inter_procedural_edge, got_relative_operand, relocation_adjustment, code_in_block, reg_def_use.used_in_block, symbolic_expr_from_relocation, stack_def_use.defined_in_block, value_reg_limit, value_reg_edge, possible_target_from, split_load_for_symbolization, block_boundaries, reg_def_use.return_val_used, split_load_candidate, is_padding, reg_def_use.def_used, block_implies_block, discarded_split_load, reg_def_use.ambiguous_last_def_in_block, block, jump_table_element_access, data_segment, invalid, indefinite_litpool_ref, block_candidate_boundaries, reg_reg_arithmetic_operation_defs, cmp_reg_to_reg, stack_def_use.block_last_def, jump_table_max, reg_def_use.return_block_end, call_tls_get_addr, cinf_ldr_add_pc, block_overlap, adjusts_stack_in_block, relative_address_start, reg_def_use.flow_def, likely_fallthrough, overlapping_instruction, compare_and_jump_register, transition_block_limit, stack_def_use.def_used, split_load_conflict, __agg_subclause6, padding_block_limit, reg_def_use.live_var_at_block_end, start_function, block_points_proportional, code_in_block_candidate_refined, resolved_reaches, no_value_reg_limit, base_relative_operation, stack_def_use.ref_in_block, stack_base_reg_move, block_last_instruction, indexed_pc_relative_load_relative

arm_jump_table_cmp_limit(Jmp:address, TableStart:address, Count:number)

The value compared against just before entering the jumptable’s block.

This is typically the number of jumptable entries, so we use it to create one big data block instead of smaller ones. We prefer this if we can identify the comparison, because it’s a definitive limit on the jumptable size.

• Uses: arch.conditional, arch.jump, arch.memory_access, arch.stack_pointer, cmp_immediate_to_reg, limit_type_map

• Recursive: data_block_limit, litpool_confidence, initialized_data_segment, possible_target, __agg_single2, arch.simple_data_load, wis_has_prior, padding_block_candidate, arm_jump_table_candidate, arm_jump_table_block_instruction, straight_line_def_used, init_ldr_add_pc, next_block_in_byte_interval, __agg_single6, contains_plausible_instr_seq, arm_jump_table_data_block, relocation_adjustment_total, arm_jump_table_cmp_limit, no_return_call_propagated, unresolved_interval_order, tls_desc_call, next_type, flags_and_jump_pair, split_load_point, plt_block, base_relative_operand, reg_def_use.last_def_in_block, value_reg_unsupported, gp_relative_operand, stack_def_use.live_var_used_in_block, reg_def_use.live_var_def, last_value_reg_limit, reg_def_use.live_var_at_prior_used, may_fallthrough, known_block, reg_def_use.used, stack_def_use.used_in_block, self_contained_segment, straight_line_last_def, no_return_block, unresolved_block_overlap, reg_def_use.ref_in_block, reg_has_got, block_heuristic, stack_def_use.live_var_used, cmp_defines, hi_load_prop, compare_and_jump_immediate, correlated_live_reg, litpool_symbolic_operand, unlikely_have_symbolic_immediate, jump_table_signed, candidate_block_is_padding, wis_schedule, indexed_pc_relative_load, arm_jump_table_skip_first_entry, __agg_single3, arch.reg_relative_load, jump_table_start, function_inference.function_entry_initial, no_return_call_refined, const_value_reg_used, reg_def_use.defined_in_block, block_points, block_total_points, common_tail, next_end, basic_target, reg_def_use.block_last_def, relative_address, arch.extend_load, relative_jump_table_entry_candidate, data_block_candidate, plt_entry, incomplete_block, split_load, simple_data_access_pattern, stack_def_use.live_var_def, symbol_minus_symbol_litpool_access_pattern, __agg_subclause7, stack_def_use.live_var_at_block_end, arm_jump_table_block_start, negative_block_heuristic, candidate_block_is_not_padding, data_access, reg_def_use.ambiguous_block_last_def, compare_and_jump_indirect_op_valid, unresolved_block, compare_and_jump_indirect, composite_data_access, litpool_ref, branch_to_calculated_pc_rel_addr, jump_table_candidate_refined, __agg_subclause3, contains_implausible_instr_seq, data_in_code_propagate, adrp_used, wis_prior, after_end, jump_table_candidate, instruction_memory_access_size, block_candidate_dependency_edge, block_limit, discarded_block, next_start, init_symbol_minus_symbol_candidate_arm, block_instruction_next, reg_def_use.live_var_used, first_block_in_byte_interval, tls_get_addr, inferred_main_in_reg, code_in_block_candidate, split_load_total_points, segment_target_range, reg_has_base_image, overlap_with_litpool, no_return_call, stack_def_use.last_def_in_block, jump_table_target, litpool_boundaries, inferred_main_dispatch, invalid_jump_table_candidate, reg_used_for, def_used_for_address, must_fallthrough, impossible_block, unresolved_interval, arm_jump_table_data_block_limit, split_load_operand, data_in_code, stack_def_use.live_var_at_prior_used, base_relative_jump, __agg_subclause2, arm_jump_table_candidate_start, wis_schedule_iter, wis_memo, block_next, jump_table_prelude, value_reg, nop_in_padding_candidate, inter_procedural_edge, got_relative_operand, relocation_adjustment, code_in_block, reg_def_use.used_in_block, symbolic_expr_from_relocation, stack_def_use.defined_in_block, value_reg_limit, value_reg_edge, possible_target_from, split_load_for_symbolization, block_boundaries, reg_def_use.return_val_used, split_load_candidate, is_padding, reg_def_use.def_used, block_implies_block, discarded_split_load, reg_def_use.ambiguous_last_def_in_block, block, jump_table_element_access, data_segment, invalid, indefinite_litpool_ref, block_candidate_boundaries, reg_reg_arithmetic_operation_defs, cmp_reg_to_reg, stack_def_use.block_last_def, jump_table_max, reg_def_use.return_block_end, call_tls_get_addr, cinf_ldr_add_pc, block_overlap, adjusts_stack_in_block, relative_address_start, reg_def_use.flow_def, likely_fallthrough, overlapping_instruction, compare_and_jump_register, transition_block_limit, stack_def_use.def_used, split_load_conflict, __agg_subclause6, padding_block_limit, reg_def_use.live_var_at_block_end, start_function, block_points_proportional, code_in_block_candidate_refined, resolved_reaches, no_value_reg_limit, base_relative_operation, stack_def_use.ref_in_block, stack_base_reg_move, block_last_instruction, indexed_pc_relative_load_relative

arm_jump_table_data_block(EA_jmp:address, TableStart:address, Block:address, Size:address)

Generate data block candidates for the jump table entries. We try to generate one big block, but split it at any possible jump target. This allows the block_points rules to decide whether the conflicts are data or code.

• Used by: data_object_candidate, data_object_point

• Recursive: data_block_limit, litpool_confidence, initialized_data_segment, possible_target, __agg_single2, arch.simple_data_load, wis_has_prior, padding_block_candidate, arm_jump_table_candidate, arm_jump_table_block_instruction, straight_line_def_used, init_ldr_add_pc, next_block_in_byte_interval, __agg_single6, contains_plausible_instr_seq, arm_jump_table_data_block, relocation_adjustment_total, arm_jump_table_cmp_limit, no_return_call_propagated, unresolved_interval_order, tls_desc_call, next_type, flags_and_jump_pair, split_load_point, plt_block, base_relative_operand, reg_def_use.last_def_in_block, value_reg_unsupported, gp_relative_operand, stack_def_use.live_var_used_in_block, reg_def_use.live_var_def, last_value_reg_limit, reg_def_use.live_var_at_prior_used, may_fallthrough, known_block, reg_def_use.used, stack_def_use.used_in_block, self_contained_segment, straight_line_last_def, no_return_block, unresolved_block_overlap, reg_def_use.ref_in_block, reg_has_got, block_heuristic, stack_def_use.live_var_used, cmp_defines, hi_load_prop, compare_and_jump_immediate, correlated_live_reg, litpool_symbolic_operand, unlikely_have_symbolic_immediate, jump_table_signed, candidate_block_is_padding, wis_schedule, indexed_pc_relative_load, arm_jump_table_skip_first_entry, __agg_single3, arch.reg_relative_load, jump_table_start, function_inference.function_entry_initial, no_return_call_refined, const_value_reg_used, reg_def_use.defined_in_block, block_points, block_total_points, common_tail, next_end, basic_target, reg_def_use.block_last_def, relative_address, arch.extend_load, relative_jump_table_entry_candidate, data_block_candidate, plt_entry, incomplete_block, split_load, simple_data_access_pattern, stack_def_use.live_var_def, symbol_minus_symbol_litpool_access_pattern, __agg_subclause7, stack_def_use.live_var_at_block_end, arm_jump_table_block_start, negative_block_heuristic, candidate_block_is_not_padding, data_access, reg_def_use.ambiguous_block_last_def, compare_and_jump_indirect_op_valid, unresolved_block, compare_and_jump_indirect, composite_data_access, litpool_ref, branch_to_calculated_pc_rel_addr, jump_table_candidate_refined, __agg_subclause3, contains_implausible_instr_seq, data_in_code_propagate, adrp_used, wis_prior, after_end, jump_table_candidate, instruction_memory_access_size, block_candidate_dependency_edge, block_limit, discarded_block, next_start, init_symbol_minus_symbol_candidate_arm, block_instruction_next, reg_def_use.live_var_used, first_block_in_byte_interval, tls_get_addr, inferred_main_in_reg, code_in_block_candidate, split_load_total_points, segment_target_range, reg_has_base_image, overlap_with_litpool, no_return_call, stack_def_use.last_def_in_block, jump_table_target, litpool_boundaries, inferred_main_dispatch, invalid_jump_table_candidate, reg_used_for, def_used_for_address, must_fallthrough, impossible_block, unresolved_interval, arm_jump_table_data_block_limit, split_load_operand, data_in_code, stack_def_use.live_var_at_prior_used, base_relative_jump, __agg_subclause2, arm_jump_table_candidate_start, wis_schedule_iter, wis_memo, block_next, jump_table_prelude, value_reg, nop_in_padding_candidate, inter_procedural_edge, got_relative_operand, relocation_adjustment, code_in_block, reg_def_use.used_in_block, symbolic_expr_from_relocation, stack_def_use.defined_in_block, value_reg_limit, value_reg_edge, possible_target_from, split_load_for_symbolization, block_boundaries, reg_def_use.return_val_used, split_load_candidate, is_padding, reg_def_use.def_used, block_implies_block, discarded_split_load, reg_def_use.ambiguous_last_def_in_block, block, jump_table_element_access, data_segment, invalid, indefinite_litpool_ref, block_candidate_boundaries, reg_reg_arithmetic_operation_defs, cmp_reg_to_reg, stack_def_use.block_last_def, jump_table_max, reg_def_use.return_block_end, call_tls_get_addr, cinf_ldr_add_pc, block_overlap, adjusts_stack_in_block, relative_address_start, reg_def_use.flow_def, likely_fallthrough, overlapping_instruction, compare_and_jump_register, transition_block_limit, stack_def_use.def_used, split_load_conflict, __agg_subclause6, padding_block_limit, reg_def_use.live_var_at_block_end, start_function, block_points_proportional, code_in_block_candidate_refined, resolved_reaches, no_value_reg_limit, base_relative_operation, stack_def_use.ref_in_block, stack_base_reg_move, block_last_instruction, indexed_pc_relative_load_relative