arch/arm64_symbolization
ARM64 architecture-specific rules for symbolization
- split_load(ea:address, nextea:address, dest:address, type:symbol)
Compute an immediate load performed across two consecutive instructions
Uses:
arch.load_operation,arch.store_operation,instruction,instruction_get_dest_op,instruction_get_op,next,op_immediate,op_indirect_mapped,op_regdirect_contains_reg,symbolUsed by:
__agg_subclause8,base_addr_offset_operand_candidate,symbol_minus_symbol,symbolic_operand_attribute,symbolic_operand_mips_candidateRecursive:
indefinite_litpool_ref,__agg_single6,indexed_pc_relative_load,litpool_symbolic_operand,indexed_pc_relative_load_relative,data_block_candidate,wis_has_prior,unlikely_have_symbolic_immediate,relative_jump_table_entry_candidate,block_boundaries,def_used_for_address,block_instruction_next,reg_def_use.used_in_block,arm_jump_table_block_instruction,relocation_adjustment,reg_def_use.live_var_at_block_end,stack_def_use.ref_in_block,arm_jump_table_data_block,call_target_has_other_fallthrough_inter,__agg_subclause6,impossible_block,jump_table_element_access,gp_relative_operand,next_end,block_heuristic,stack_base_reg_move,stack_def_use.live_var_def,composite_data_access,unresolved_interval,block_limit,arm_jump_table_candidate,call_tls_get_addr_mips,symbol_minus_symbol_litpool_access_pattern,may_fallthrough,segment_target_range,arch.reg_relative_load,__agg_subclause2,candidate_block_is_not_padding,self_contained_segment,arch.extend_load,block_last_instruction,jump_table_prelude,stack_def_use.defined_in_block,arm_jump_table_candidate_start,split_load_candidate,split_load,data_access,cmp_defines,padding_block_candidate,split_load_point,tls_desc_call,reg_def_use.block_last_def,const_value_reg_used,value_reg_edge,is_padding,negative_block_heuristic,discarded_split_load,relative_address_start,base_relative_operation,simple_data_access_pattern,block,reg_has_base_image,jump_table_target,__agg_subclause4,init_ldr_add_pc,data_in_code_propagate,__agg_single2,relative_address,block_points,must_fallthrough,wis_prior,resolved_reaches,inferred_main_dispatch,code_in_block_candidate,last_value_reg_limit,nop_in_padding_candidate,value_reg_unsupported,reg_def_use.defined_in_block,correlated_live_reg,plt_entry,reg_def_use.live_var_used,adjusts_stack_in_block,__agg_subclause7,wis_schedule,initial_function_containing_return,next_function_entry_initial,discarded_block,possible_target,plt_block,fallthrough_over_padding,straight_line_last_def,block_implies_block,incomplete_block,wis_memo,value_reg_limit,inter_procedural_edge,reg_used_for,reg_def_use.live_var_def,known_block,arm_jump_table_block_start,reg_def_use.return_block_end,initialized_data_segment,data_segment,local_dynamic_tls_candidate,jump_table_candidate_refined,start_function,call_tls_get_addr,value_reg,got_relative_operand,adrp_used,unresolved_block_overlap,function_inference.function_entry_initial,arm_jump_table_skip_first_entry,split_load_total_points,next_type,no_return_call,jump_table_start,code_in_block_candidate_refined,basic_target,arch.simple_data_load,possible_target_from,overlapping_instruction,base_relative_jump,stack_def_use.live_var_used_in_block,invalid,compare_and_jump_indirect_op_valid,split_load_conflict,arm_jump_table_data_block_limit,call_may_fallthrough_inter,stack_def_use.used_in_block,compare_and_jump_indirect,no_return_call_propagated,after_end,__agg_subclause3,code_in_block,reg_def_use.return_val_used,transition_block_limit,no_value_reg_limit,block_candidate_dependency_edge,litpool_confidence,branch_to_calculated_pc_rel_addr,block_total_points,candidate_block_is_padding,stack_def_use.live_var_at_prior_used,litpool_boundaries,tls_relative_operand_mips,first_block_in_byte_interval,cmp_reg_to_reg,no_return_call_refined,split_load_for_symbolization,jump_table_candidate,reg_def_use.ambiguous_last_def_in_block,next_start,stack_def_use.def_used,block_next,reg_def_use.ref_in_block,reg_def_use.live_var_at_prior_used,data_in_code,hi_load_prop,reg_has_got,init_symbol_minus_symbol_candidate_arm,split_load_operand,unresolved_block,jump_table_max,common_tail,instruction_memory_access_size,likely_fallthrough,__agg_single10,compare_and_jump_immediate,wis_schedule_iter,block_candidate_boundaries,stack_def_use.live_var_at_block_end,contains_plausible_instr_seq,padding_block_limit,relocation_adjustment_total,arm_jump_table_cmp_limit,jump_table_signed,flags_and_jump_pair,next_block_in_byte_interval,reg_def_use.ambiguous_block_last_def,unresolved_interval_order,symbolic_expr_from_relocation,no_return_block,overlap_with_litpool,reg_def_use.def_used,stack_def_use.block_last_def,inferred_main_in_reg,contains_implausible_instr_seq,base_relative_operand,invalid_jump_table_candidate,tls_get_addr,reg_def_use.last_def_in_block,straight_line_def_used,data_block_limit,litpool_ref,cinf_ldr_add_pc,compare_and_jump_register,stack_def_use.live_var_used,block_overlap,__agg_single3,block_points_proportional,stack_def_use.last_def_in_block,reg_reg_arithmetic_operation_defs,reg_def_use.used,reg_def_use.flow_def
- adrp_used(EA:address, Reg:register, UsedEA:address, Dest:address)
A reference to a page-aligned value loaded by an adr or adrp instruction.
EA: Address of the adr/adrp instruction Reg: The register that holds the used value UsedEA: Address where the value is used Dest: The destination address
We care primarily about adrp, but sometimes if the target is close enough, the assembler will substitute an adr to the page-aligned address instead.
Reg is not necessarily the register loaded by adrp! It may be the result of:
adrp x0, label mov x1, x0
- UsedEA:
# x1 is used
and Reg would be
x1Uses:
arch.adr_dest,instructionRecursive:
indefinite_litpool_ref,__agg_single6,indexed_pc_relative_load,litpool_symbolic_operand,indexed_pc_relative_load_relative,data_block_candidate,wis_has_prior,unlikely_have_symbolic_immediate,relative_jump_table_entry_candidate,block_boundaries,def_used_for_address,block_instruction_next,reg_def_use.used_in_block,arm_jump_table_block_instruction,relocation_adjustment,reg_def_use.live_var_at_block_end,stack_def_use.ref_in_block,arm_jump_table_data_block,call_target_has_other_fallthrough_inter,__agg_subclause6,impossible_block,jump_table_element_access,gp_relative_operand,next_end,block_heuristic,stack_base_reg_move,stack_def_use.live_var_def,composite_data_access,unresolved_interval,block_limit,arm_jump_table_candidate,call_tls_get_addr_mips,symbol_minus_symbol_litpool_access_pattern,may_fallthrough,segment_target_range,arch.reg_relative_load,__agg_subclause2,candidate_block_is_not_padding,self_contained_segment,arch.extend_load,block_last_instruction,jump_table_prelude,stack_def_use.defined_in_block,arm_jump_table_candidate_start,split_load_candidate,split_load,data_access,cmp_defines,padding_block_candidate,split_load_point,tls_desc_call,reg_def_use.block_last_def,const_value_reg_used,value_reg_edge,is_padding,negative_block_heuristic,discarded_split_load,relative_address_start,base_relative_operation,simple_data_access_pattern,block,reg_has_base_image,jump_table_target,__agg_subclause4,init_ldr_add_pc,data_in_code_propagate,__agg_single2,relative_address,block_points,must_fallthrough,wis_prior,resolved_reaches,inferred_main_dispatch,code_in_block_candidate,last_value_reg_limit,nop_in_padding_candidate,value_reg_unsupported,reg_def_use.defined_in_block,correlated_live_reg,plt_entry,reg_def_use.live_var_used,adjusts_stack_in_block,__agg_subclause7,wis_schedule,initial_function_containing_return,next_function_entry_initial,discarded_block,possible_target,plt_block,fallthrough_over_padding,straight_line_last_def,block_implies_block,incomplete_block,wis_memo,value_reg_limit,inter_procedural_edge,reg_used_for,reg_def_use.live_var_def,known_block,arm_jump_table_block_start,reg_def_use.return_block_end,initialized_data_segment,data_segment,local_dynamic_tls_candidate,jump_table_candidate_refined,start_function,call_tls_get_addr,value_reg,got_relative_operand,adrp_used,unresolved_block_overlap,function_inference.function_entry_initial,arm_jump_table_skip_first_entry,split_load_total_points,next_type,no_return_call,jump_table_start,code_in_block_candidate_refined,basic_target,arch.simple_data_load,possible_target_from,overlapping_instruction,base_relative_jump,stack_def_use.live_var_used_in_block,invalid,compare_and_jump_indirect_op_valid,split_load_conflict,arm_jump_table_data_block_limit,call_may_fallthrough_inter,stack_def_use.used_in_block,compare_and_jump_indirect,no_return_call_propagated,after_end,__agg_subclause3,code_in_block,reg_def_use.return_val_used,transition_block_limit,no_value_reg_limit,block_candidate_dependency_edge,litpool_confidence,branch_to_calculated_pc_rel_addr,block_total_points,candidate_block_is_padding,stack_def_use.live_var_at_prior_used,litpool_boundaries,tls_relative_operand_mips,first_block_in_byte_interval,cmp_reg_to_reg,no_return_call_refined,split_load_for_symbolization,jump_table_candidate,reg_def_use.ambiguous_last_def_in_block,next_start,stack_def_use.def_used,block_next,reg_def_use.ref_in_block,reg_def_use.live_var_at_prior_used,data_in_code,hi_load_prop,reg_has_got,init_symbol_minus_symbol_candidate_arm,split_load_operand,unresolved_block,jump_table_max,common_tail,instruction_memory_access_size,likely_fallthrough,__agg_single10,compare_and_jump_immediate,wis_schedule_iter,block_candidate_boundaries,stack_def_use.live_var_at_block_end,contains_plausible_instr_seq,padding_block_limit,relocation_adjustment_total,arm_jump_table_cmp_limit,jump_table_signed,flags_and_jump_pair,next_block_in_byte_interval,reg_def_use.ambiguous_block_last_def,unresolved_interval_order,symbolic_expr_from_relocation,no_return_block,overlap_with_litpool,reg_def_use.def_used,stack_def_use.block_last_def,inferred_main_in_reg,contains_implausible_instr_seq,base_relative_operand,invalid_jump_table_candidate,tls_get_addr,reg_def_use.last_def_in_block,straight_line_def_used,data_block_limit,litpool_ref,cinf_ldr_add_pc,compare_and_jump_register,stack_def_use.live_var_used,block_overlap,__agg_single3,block_points_proportional,stack_def_use.last_def_in_block,reg_reg_arithmetic_operation_defs,reg_def_use.used,reg_def_use.flow_def
- split_load_tail(EA:address, Offset:number, Reg:register, Type:symbol)
An instruction which could be the second half of a split load.
- split_load_for_symbolization(ea:address, nextea:address, dest:address, type:symbol)
This version of split_load uses def_used, so this should not be used for the code inference step due to cyclic negation issue. Instead, this is for the symbolization step.
Uses:
split_load_tailUsed by:
symbolic_operand_attributeRecursive:
indefinite_litpool_ref,__agg_single6,indexed_pc_relative_load,litpool_symbolic_operand,indexed_pc_relative_load_relative,data_block_candidate,wis_has_prior,unlikely_have_symbolic_immediate,relative_jump_table_entry_candidate,block_boundaries,def_used_for_address,block_instruction_next,reg_def_use.used_in_block,arm_jump_table_block_instruction,relocation_adjustment,reg_def_use.live_var_at_block_end,stack_def_use.ref_in_block,arm_jump_table_data_block,call_target_has_other_fallthrough_inter,__agg_subclause6,impossible_block,jump_table_element_access,gp_relative_operand,next_end,block_heuristic,stack_base_reg_move,stack_def_use.live_var_def,composite_data_access,unresolved_interval,block_limit,arm_jump_table_candidate,call_tls_get_addr_mips,symbol_minus_symbol_litpool_access_pattern,may_fallthrough,segment_target_range,arch.reg_relative_load,__agg_subclause2,candidate_block_is_not_padding,self_contained_segment,arch.extend_load,block_last_instruction,jump_table_prelude,stack_def_use.defined_in_block,arm_jump_table_candidate_start,split_load_candidate,split_load,data_access,cmp_defines,padding_block_candidate,split_load_point,tls_desc_call,reg_def_use.block_last_def,const_value_reg_used,value_reg_edge,is_padding,negative_block_heuristic,discarded_split_load,relative_address_start,base_relative_operation,simple_data_access_pattern,block,reg_has_base_image,jump_table_target,__agg_subclause4,init_ldr_add_pc,data_in_code_propagate,__agg_single2,relative_address,block_points,must_fallthrough,wis_prior,resolved_reaches,inferred_main_dispatch,code_in_block_candidate,last_value_reg_limit,nop_in_padding_candidate,value_reg_unsupported,reg_def_use.defined_in_block,correlated_live_reg,plt_entry,reg_def_use.live_var_used,adjusts_stack_in_block,__agg_subclause7,wis_schedule,initial_function_containing_return,next_function_entry_initial,discarded_block,possible_target,plt_block,fallthrough_over_padding,straight_line_last_def,block_implies_block,incomplete_block,wis_memo,value_reg_limit,inter_procedural_edge,reg_used_for,reg_def_use.live_var_def,known_block,arm_jump_table_block_start,reg_def_use.return_block_end,initialized_data_segment,data_segment,local_dynamic_tls_candidate,jump_table_candidate_refined,start_function,call_tls_get_addr,value_reg,got_relative_operand,adrp_used,unresolved_block_overlap,function_inference.function_entry_initial,arm_jump_table_skip_first_entry,split_load_total_points,next_type,no_return_call,jump_table_start,code_in_block_candidate_refined,basic_target,arch.simple_data_load,possible_target_from,overlapping_instruction,base_relative_jump,stack_def_use.live_var_used_in_block,invalid,compare_and_jump_indirect_op_valid,split_load_conflict,arm_jump_table_data_block_limit,call_may_fallthrough_inter,stack_def_use.used_in_block,compare_and_jump_indirect,no_return_call_propagated,after_end,__agg_subclause3,code_in_block,reg_def_use.return_val_used,transition_block_limit,no_value_reg_limit,block_candidate_dependency_edge,litpool_confidence,branch_to_calculated_pc_rel_addr,block_total_points,candidate_block_is_padding,stack_def_use.live_var_at_prior_used,litpool_boundaries,tls_relative_operand_mips,first_block_in_byte_interval,cmp_reg_to_reg,no_return_call_refined,split_load_for_symbolization,jump_table_candidate,reg_def_use.ambiguous_last_def_in_block,next_start,stack_def_use.def_used,block_next,reg_def_use.ref_in_block,reg_def_use.live_var_at_prior_used,data_in_code,hi_load_prop,reg_has_got,init_symbol_minus_symbol_candidate_arm,split_load_operand,unresolved_block,jump_table_max,common_tail,instruction_memory_access_size,likely_fallthrough,__agg_single10,compare_and_jump_immediate,wis_schedule_iter,block_candidate_boundaries,stack_def_use.live_var_at_block_end,contains_plausible_instr_seq,padding_block_limit,relocation_adjustment_total,arm_jump_table_cmp_limit,jump_table_signed,flags_and_jump_pair,next_block_in_byte_interval,reg_def_use.ambiguous_block_last_def,unresolved_interval_order,symbolic_expr_from_relocation,no_return_block,overlap_with_litpool,reg_def_use.def_used,stack_def_use.block_last_def,inferred_main_in_reg,contains_implausible_instr_seq,base_relative_operand,invalid_jump_table_candidate,tls_get_addr,reg_def_use.last_def_in_block,straight_line_def_used,data_block_limit,litpool_ref,cinf_ldr_add_pc,compare_and_jump_register,stack_def_use.live_var_used,block_overlap,__agg_single3,block_points_proportional,stack_def_use.last_def_in_block,reg_reg_arithmetic_operation_defs,reg_def_use.used,reg_def_use.flow_def
- lo_reloc_index(RelocType:symbol, OpIndex:unsigned)
OpIndex: operand index for the corresponding relocation
- movz_movk_insn(EA:address, Reg:register, Val:number, ShiftMask:unsigned, Operation:symbol)
Individual MOVZ or MOVK instruction with its 16-bit immediate and shift.
- movz_movk_chain(EA_first:address, EA_last:address, Reg:register, Value:number, UsedShiftMask:unsigned, Count:unsigned)
A chain of MOVZ followed by one or more MOVKs to the same register. EA_first is always the MOVZ instruction. EA_last is the final instruction in the chain. Value is the accumulated 64-bit constant constructed from all instructions. UsedShiftMask tracks which 16-bit lanes have been written. Count is the number of instructions in the chain (1-4).
Uses:
movz_movk_insn,nextUsed by:
movz_movk_complete,movz_movk_memberRecursive:
movz_movk_chain
- movz_movk_complete(EA_first:address, EA_last:address, Value:number)
The longest complete MOVZ+MOVK chain: a chain that cannot be extended further. This is the one we use for symbolization.
- movz_movk_member(EA:address, EA_first:address, EA_last:address)
Helper: is EA part of a complete MOVZ+MOVK chain?
- movz_movk_shift_group(ShiftMask:unsigned, Group:symbol)
Helper: map a shift amount to the corresponding group attribute name.