arch/arm32_symbolization

ARM32 architecture-specific rules for symbolization

cinf_ldr_add_pc(EA_ldr:address, Size:unsigned, Reg1:register, LitPoolAddr:address, EA_add_pc:address, Reg2:register)

ldr Reg1, .L0 add add Reg2, Reg1, pc

Uses def_used

• Uses: arch.load_operation, arch.reg_reg_arithmetic_operation, instruction

• Used by: block_needs_splitting_at, cinf_symbol_minus_symbol_candidate_arm, moved_data_label

• Recursive: const_value_reg_used, function_inference.function_entry_initial, no_return_call_propagated, next_end, may_fallthrough, jump_table_candidate, block_candidate_boundaries, unresolved_interval_order, inferred_main_in_reg, reg_def_use.return_val_used, inter_procedural_edge, compare_and_jump_immediate, block_limit, value_reg_edge, block_next, reg_has_base_image, stack_def_use.block_last_def, possible_target_from, no_return_block, indefinite_litpool_ref, stack_def_use.used_in_block, adjusts_stack_in_block, split_load_total_points, jump_table_candidate_refined, overlap_with_litpool, value_reg_limit, code_in_block_candidate, candidate_block_is_not_padding, likely_fallthrough, arch.reg_relative_load, arm_jump_table_cmp_limit, value_reg_unsupported, nop_in_padding_candidate, arm_jump_table_block_start, __agg_subclause2, transition_block_limit, block_overlap, no_return_call, data_segment, jump_table_element_access, reg_def_use.flow_def, arm_jump_table_skip_first_entry, block_total_points, stack_def_use.defined_in_block, reg_def_use.ambiguous_last_def_in_block, straight_line_def_used, basic_target, symbol_minus_symbol_litpool_access_pattern, value_reg, reg_def_use.live_var_used, compare_and_jump_indirect_op_valid, litpool_ref, padding_block_candidate, self_contained_segment, data_in_code_propagate, unresolved_interval, unlikely_have_symbolic_immediate, symbolic_expr_from_relocation, hi_load_prop, block_points, wis_memo, split_load_for_symbolization, arm_jump_table_data_block_limit, adrp_used, known_block, wis_has_prior, candidate_block_is_padding, no_return_call_refined, data_in_code, reg_def_use.used, is_padding, reg_def_use.ref_in_block, base_relative_operand, def_used_for_address, reg_def_use.live_var_at_prior_used, block_heuristic, relative_address_start, tls_get_addr, __agg_subclause6, instruction_memory_access_size, start_function, arm_jump_table_candidate, first_block_in_byte_interval, stack_base_reg_move, __agg_subclause3, jump_table_target, base_relative_operation, resolved_reaches, next_start, reg_def_use.live_var_def, must_fallthrough, next_type, arm_jump_table_candidate_start, next_block_in_byte_interval, __agg_single3, split_load, indexed_pc_relative_load_relative, block_instruction_next, stack_def_use.live_var_used_in_block, cmp_defines, block, reg_def_use.block_last_def, overlapping_instruction, code_in_block, no_value_reg_limit, jump_table_signed, impossible_block, block_boundaries, wis_prior, composite_data_access, relocation_adjustment_total, discarded_block, stack_def_use.last_def_in_block, indexed_pc_relative_load, __agg_single6, stack_def_use.live_var_at_block_end, after_end, split_load_candidate, incomplete_block, straight_line_last_def, jump_table_max, block_points_proportional, wis_schedule, arm_jump_table_data_block, compare_and_jump_register, block_candidate_dependency_edge, reg_has_got, data_block_candidate, got_relative_operand, contains_plausible_instr_seq, reg_def_use.ambiguous_block_last_def, invalid_jump_table_candidate, possible_target, relative_address, cmp_reg_to_reg, reg_def_use.def_used, cinf_ldr_add_pc, block_implies_block, contains_implausible_instr_seq, split_load_point, call_tls_get_addr, unresolved_block, split_load_operand, inferred_main_dispatch, gp_relative_operand, code_in_block_candidate_refined, reg_reg_arithmetic_operation_defs, litpool_symbolic_operand, data_access, init_symbol_minus_symbol_candidate_arm, plt_block, invalid, litpool_boundaries, segment_target_range, correlated_live_reg, arm_jump_table_block_instruction, simple_data_access_pattern, reg_def_use.live_var_at_block_end, reg_def_use.defined_in_block, block_last_instruction, flags_and_jump_pair, split_load_conflict, data_block_limit, last_value_reg_limit, reg_used_for, initialized_data_segment, __agg_subclause7, stack_def_use.live_var_at_prior_used, jump_table_start, unresolved_block_overlap, arch.extend_load, stack_def_use.def_used, init_ldr_add_pc, litpool_confidence, tls_desc_call, common_tail, stack_def_use.ref_in_block, arch.simple_data_load, reg_def_use.used_in_block, base_relative_jump, branch_to_calculated_pc_rel_addr, stack_def_use.live_var_def, wis_schedule_iter, jump_table_prelude, negative_block_heuristic, relocation_adjustment, compare_and_jump_indirect, reg_def_use.last_def_in_block, relative_jump_table_entry_candidate, discarded_split_load, __agg_single2, padding_block_limit, reg_def_use.return_block_end, plt_entry, stack_def_use.live_var_used

cinf_symbol_minus_symbol_candidate_arm(EA:address, Size:unsigned, Symbol1:address, Symbol2:address, Scale:unsigned, Offset:number)

• Uses: cinf_ldr_add_pc, relocation, symbol

• Used by: labeled_data_candidate, symbol_minus_symbol_candidate

symbol_minus_symbol_litpool_access_pattern(EA:address, Size:unsigned, Symbol1:address, Symbol2:address, Scale:unsigned, EA_litpool_ref:address, EA_def:address, Reg:register, Type:symbol)

Matches instruction patterns that access a symbol-symbol from the literal pool.

(Symbol2-Symbol1)*Scale

EA: The address of the literal pool with the symbol_minus_symbol expression Size: The size of the symbolic expression EA_litpool_ref: The EA referencing the literal pool (EA) EA_def: The address associated with Symbol1 Reg: The register containing Symbol2 Type: Either “LDR” or “AddPC”

• Uses: arch.pc_relative_addr, arch.reg_reg_arithmetic_operation

• Used by: data_object_candidate, data_object_point, labeled_data_candidate, symbol_minus_symbol_from_relocation

• Recursive: const_value_reg_used, function_inference.function_entry_initial, no_return_call_propagated, next_end, may_fallthrough, jump_table_candidate, block_candidate_boundaries, unresolved_interval_order, inferred_main_in_reg, reg_def_use.return_val_used, inter_procedural_edge, compare_and_jump_immediate, block_limit, value_reg_edge, block_next, reg_has_base_image, stack_def_use.block_last_def, possible_target_from, no_return_block, indefinite_litpool_ref, stack_def_use.used_in_block, adjusts_stack_in_block, split_load_total_points, jump_table_candidate_refined, overlap_with_litpool, value_reg_limit, code_in_block_candidate, candidate_block_is_not_padding, likely_fallthrough, arch.reg_relative_load, arm_jump_table_cmp_limit, value_reg_unsupported, nop_in_padding_candidate, arm_jump_table_block_start, __agg_subclause2, transition_block_limit, block_overlap, no_return_call, data_segment, jump_table_element_access, reg_def_use.flow_def, arm_jump_table_skip_first_entry, block_total_points, stack_def_use.defined_in_block, reg_def_use.ambiguous_last_def_in_block, straight_line_def_used, basic_target, symbol_minus_symbol_litpool_access_pattern, value_reg, reg_def_use.live_var_used, compare_and_jump_indirect_op_valid, litpool_ref, padding_block_candidate, self_contained_segment, data_in_code_propagate, unresolved_interval, unlikely_have_symbolic_immediate, symbolic_expr_from_relocation, hi_load_prop, block_points, wis_memo, split_load_for_symbolization, arm_jump_table_data_block_limit, adrp_used, known_block, wis_has_prior, candidate_block_is_padding, no_return_call_refined, data_in_code, reg_def_use.used, is_padding, reg_def_use.ref_in_block, base_relative_operand, def_used_for_address, reg_def_use.live_var_at_prior_used, block_heuristic, relative_address_start, tls_get_addr, __agg_subclause6, instruction_memory_access_size, start_function, arm_jump_table_candidate, first_block_in_byte_interval, stack_base_reg_move, __agg_subclause3, jump_table_target, base_relative_operation, resolved_reaches, next_start, reg_def_use.live_var_def, must_fallthrough, next_type, arm_jump_table_candidate_start, next_block_in_byte_interval, __agg_single3, split_load, indexed_pc_relative_load_relative, block_instruction_next, stack_def_use.live_var_used_in_block, cmp_defines, block, reg_def_use.block_last_def, overlapping_instruction, code_in_block, no_value_reg_limit, jump_table_signed, impossible_block, block_boundaries, wis_prior, composite_data_access, relocation_adjustment_total, discarded_block, stack_def_use.last_def_in_block, indexed_pc_relative_load, __agg_single6, stack_def_use.live_var_at_block_end, after_end, split_load_candidate, incomplete_block, straight_line_last_def, jump_table_max, block_points_proportional, wis_schedule, arm_jump_table_data_block, compare_and_jump_register, block_candidate_dependency_edge, reg_has_got, data_block_candidate, got_relative_operand, contains_plausible_instr_seq, reg_def_use.ambiguous_block_last_def, invalid_jump_table_candidate, possible_target, relative_address, cmp_reg_to_reg, reg_def_use.def_used, cinf_ldr_add_pc, block_implies_block, contains_implausible_instr_seq, split_load_point, call_tls_get_addr, unresolved_block, split_load_operand, inferred_main_dispatch, gp_relative_operand, code_in_block_candidate_refined, reg_reg_arithmetic_operation_defs, litpool_symbolic_operand, data_access, init_symbol_minus_symbol_candidate_arm, plt_block, invalid, litpool_boundaries, segment_target_range, correlated_live_reg, arm_jump_table_block_instruction, simple_data_access_pattern, reg_def_use.live_var_at_block_end, reg_def_use.defined_in_block, block_last_instruction, flags_and_jump_pair, split_load_conflict, data_block_limit, last_value_reg_limit, reg_used_for, initialized_data_segment, __agg_subclause7, stack_def_use.live_var_at_prior_used, jump_table_start, unresolved_block_overlap, arch.extend_load, stack_def_use.def_used, init_ldr_add_pc, litpool_confidence, tls_desc_call, common_tail, stack_def_use.ref_in_block, arch.simple_data_load, reg_def_use.used_in_block, base_relative_jump, branch_to_calculated_pc_rel_addr, stack_def_use.live_var_def, wis_schedule_iter, jump_table_prelude, negative_block_heuristic, relocation_adjustment, compare_and_jump_indirect, reg_def_use.last_def_in_block, relative_jump_table_entry_candidate, discarded_split_load, __agg_single2, padding_block_limit, reg_def_use.return_block_end, plt_entry, stack_def_use.live_var_used

litpool_symbolic_operand(ea_litpool:address, data_access_size:unsigned, symbol1:address, symbol2:address, ea_def:address, reg_def:register, sym2_size:unsigned)

litpool_symbolic_operand

PC-relative symbolic operand

• Uses: arch.load_operation, instruction, instruction_get_dest_op, instruction_get_src_op, op_indirect_mapped, op_regdirect_contains_reg

• Used by: symbol_minus_symbol, symbolic_data, symbolic_expr_attribute

• Recursive: const_value_reg_used, function_inference.function_entry_initial, no_return_call_propagated, next_end, may_fallthrough, jump_table_candidate, block_candidate_boundaries, unresolved_interval_order, inferred_main_in_reg, reg_def_use.return_val_used, inter_procedural_edge, compare_and_jump_immediate, block_limit, value_reg_edge, block_next, reg_has_base_image, stack_def_use.block_last_def, possible_target_from, no_return_block, indefinite_litpool_ref, stack_def_use.used_in_block, adjusts_stack_in_block, split_load_total_points, jump_table_candidate_refined, overlap_with_litpool, value_reg_limit, code_in_block_candidate, candidate_block_is_not_padding, likely_fallthrough, arch.reg_relative_load, arm_jump_table_cmp_limit, value_reg_unsupported, nop_in_padding_candidate, arm_jump_table_block_start, __agg_subclause2, transition_block_limit, block_overlap, no_return_call, data_segment, jump_table_element_access, reg_def_use.flow_def, arm_jump_table_skip_first_entry, block_total_points, stack_def_use.defined_in_block, reg_def_use.ambiguous_last_def_in_block, straight_line_def_used, basic_target, symbol_minus_symbol_litpool_access_pattern, value_reg, reg_def_use.live_var_used, compare_and_jump_indirect_op_valid, litpool_ref, padding_block_candidate, self_contained_segment, data_in_code_propagate, unresolved_interval, unlikely_have_symbolic_immediate, symbolic_expr_from_relocation, hi_load_prop, block_points, wis_memo, split_load_for_symbolization, arm_jump_table_data_block_limit, adrp_used, known_block, wis_has_prior, candidate_block_is_padding, no_return_call_refined, data_in_code, reg_def_use.used, is_padding, reg_def_use.ref_in_block, base_relative_operand, def_used_for_address, reg_def_use.live_var_at_prior_used, block_heuristic, relative_address_start, tls_get_addr, __agg_subclause6, instruction_memory_access_size, start_function, arm_jump_table_candidate, first_block_in_byte_interval, stack_base_reg_move, __agg_subclause3, jump_table_target, base_relative_operation, resolved_reaches, next_start, reg_def_use.live_var_def, must_fallthrough, next_type, arm_jump_table_candidate_start, next_block_in_byte_interval, __agg_single3, split_load, indexed_pc_relative_load_relative, block_instruction_next, stack_def_use.live_var_used_in_block, cmp_defines, block, reg_def_use.block_last_def, overlapping_instruction, code_in_block, no_value_reg_limit, jump_table_signed, impossible_block, block_boundaries, wis_prior, composite_data_access, relocation_adjustment_total, discarded_block, stack_def_use.last_def_in_block, indexed_pc_relative_load, __agg_single6, stack_def_use.live_var_at_block_end, after_end, split_load_candidate, incomplete_block, straight_line_last_def, jump_table_max, block_points_proportional, wis_schedule, arm_jump_table_data_block, compare_and_jump_register, block_candidate_dependency_edge, reg_has_got, data_block_candidate, got_relative_operand, contains_plausible_instr_seq, reg_def_use.ambiguous_block_last_def, invalid_jump_table_candidate, possible_target, relative_address, cmp_reg_to_reg, reg_def_use.def_used, cinf_ldr_add_pc, block_implies_block, contains_implausible_instr_seq, split_load_point, call_tls_get_addr, unresolved_block, split_load_operand, inferred_main_dispatch, gp_relative_operand, code_in_block_candidate_refined, reg_reg_arithmetic_operation_defs, litpool_symbolic_operand, data_access, init_symbol_minus_symbol_candidate_arm, plt_block, invalid, litpool_boundaries, segment_target_range, correlated_live_reg, arm_jump_table_block_instruction, simple_data_access_pattern, reg_def_use.live_var_at_block_end, reg_def_use.defined_in_block, block_last_instruction, flags_and_jump_pair, split_load_conflict, data_block_limit, last_value_reg_limit, reg_used_for, initialized_data_segment, __agg_subclause7, stack_def_use.live_var_at_prior_used, jump_table_start, unresolved_block_overlap, arch.extend_load, stack_def_use.def_used, init_ldr_add_pc, litpool_confidence, tls_desc_call, common_tail, stack_def_use.ref_in_block, arch.simple_data_load, reg_def_use.used_in_block, base_relative_jump, branch_to_calculated_pc_rel_addr, stack_def_use.live_var_def, wis_schedule_iter, jump_table_prelude, negative_block_heuristic, relocation_adjustment, compare_and_jump_indirect, reg_def_use.last_def_in_block, relative_jump_table_entry_candidate, discarded_split_load, __agg_single2, padding_block_limit, reg_def_use.return_block_end, plt_entry, stack_def_use.live_var_used

inferred_arch_info(Key:symbol, Value:symbol)

ArchInfo auxdata inferred by the presence of specific instructions or patterns.

• Uses: +disconnected1, +disconnected2, +disconnected3, +disconnected4, +disconnected5, arch_info