arch/arm64_symbolization

ARM64 architecture-specific rules for symbolization

split_load(ea:address, nextea:address, dest:address, type:symbol)

Compute an immediate load performed across two consecutive instructions

Uses: arch.load_operation, arch.store_operation, instruction, instruction_get_dest_op, instruction_get_op, next, op_immediate, op_indirect_mapped, op_regdirect_contains_reg, symbol

Used by: __agg_subclause8, base_addr_offset_operand_candidate, symbol_minus_symbol, symbolic_operand_attribute, symbolic_operand_mips_candidate

Recursive: block_points, flags_and_jump_pair, block_next, jump_table_element_access, jump_table_candidate_refined, relative_jump_table_entry_candidate, value_reg, reg_def_use.live_var_used, arm_jump_table_cmp_limit, arm_jump_table_block_start, unresolved_block, last_value_reg_limit, __agg_single2, reg_def_use.ref_in_block, arm_jump_table_candidate_start, relocation_adjustment_total, data_in_code_propagate, data_in_code, contains_implausible_instr_seq, code_in_block, stack_def_use.live_var_def, reg_def_use.live_var_def, wis_prior, simple_data_access_pattern, no_value_reg_limit, arm_jump_table_candidate, reg_def_use.used, arm_jump_table_skip_first_entry, reg_def_use.live_var_at_block_end, invalid, litpool_symbolic_operand, straight_line_def_used, jump_table_target, after_end, code_in_block_candidate_refined, stack_base_reg_move, initialized_data_segment, indefinite_litpool_ref, may_fallthrough, block_implies_block, reg_def_use.return_block_end, wis_has_prior, data_block_candidate, wis_memo, litpool_boundaries, inter_procedural_edge, candidate_block_is_not_padding, invalid_jump_table_candidate, stack_def_use.live_var_at_block_end, indexed_pc_relative_load_relative, unresolved_interval_order, compare_and_jump_register, tls_relative_operand_mips, reg_def_use.return_val_used, next_end, adjusts_stack_in_block, got_relative_operand, segment_target_range, tls_get_addr, stack_def_use.last_def_in_block, basic_target, symbolic_expr_from_relocation, unlikely_have_symbolic_immediate, next_start, block_overlap, compare_and_jump_indirect, def_used_for_address, overlapping_instruction, wis_schedule, __agg_single3, compare_and_jump_indirect_op_valid, cinf_ldr_add_pc, block_heuristic, stack_def_use.live_var_at_prior_used, symbol_minus_symbol_litpool_access_pattern, arm_jump_table_data_block, block_total_points, split_load_point, no_return_call_propagated, __agg_subclause6, discarded_split_load, init_symbol_minus_symbol_candidate_arm, __agg_subclause4, function_inference.function_entry_initial, next_type, stack_def_use.block_last_def, __agg_single6, reg_has_got, data_block_limit, base_relative_operation, init_ldr_add_pc, block_limit, unresolved_interval, stack_def_use.ref_in_block, reg_used_for, must_fallthrough, value_reg_edge, self_contained_segment, hi_load_prop, block, reg_def_use.def_used, relative_address, likely_fallthrough, composite_data_access, stack_def_use.defined_in_block, known_block, branch_to_calculated_pc_rel_addr, __agg_subclause7, no_return_call, split_load_operand, block_points_proportional, reg_has_base_image, relocation_adjustment, overlap_with_litpool, plt_block, instruction_memory_access_size, const_value_reg_used, __agg_single10, plt_entry, split_load_conflict, common_tail, correlated_live_reg, first_block_in_byte_interval, stack_def_use.def_used, reg_def_use.block_last_def, arm_jump_table_data_block_limit, possible_target_from, reg_reg_arithmetic_operation_defs, wis_schedule_iter, possible_target, stack_def_use.used_in_block, jump_table_prelude, padding_block_candidate, reg_def_use.ambiguous_last_def_in_block, block_candidate_boundaries, no_return_block, candidate_block_is_padding, indexed_pc_relative_load, block_boundaries, jump_table_candidate, discarded_block, reg_def_use.used_in_block, reg_def_use.flow_def, data_segment, transition_block_limit, inferred_main_dispatch, relative_address_start, padding_block_limit, data_access, local_dynamic_tls_candidate, negative_block_heuristic, gp_relative_operand, jump_table_signed, split_load_total_points, cmp_defines, start_function, no_return_call_refined, next_block_in_byte_interval, reg_def_use.live_var_at_prior_used, resolved_reaches, unresolved_block_overlap, arch.extend_load, block_instruction_next, inferred_main_in_reg, contains_plausible_instr_seq, value_reg_limit, tls_desc_call, base_relative_jump, straight_line_last_def, impossible_block, arm_jump_table_block_instruction, split_load_candidate, adrp_used, call_tls_get_addr_mips, cmp_reg_to_reg, split_load_for_symbolization, __agg_subclause2, incomplete_block, reg_def_use.defined_in_block, base_relative_operand, arch.reg_relative_load, stack_def_use.live_var_used_in_block, nop_in_padding_candidate, code_in_block_candidate, is_padding, value_reg_unsupported, reg_def_use.ambiguous_block_last_def, arch.simple_data_load, block_last_instruction, reg_def_use.last_def_in_block, call_tls_get_addr, litpool_ref, litpool_confidence, split_load, jump_table_start, block_candidate_dependency_edge, jump_table_max, compare_and_jump_immediate, stack_def_use.live_var_used, __agg_subclause3

adrp_used(EA:address, Reg:register, UsedEA:address, Dest:address)

A reference to a page-aligned value loaded by an adr or adrp instruction.

EA: Address of the adr/adrp instruction Reg: The register that holds the used value UsedEA: Address where the value is used Dest: The destination address

We care primarily about adrp, but sometimes if the target is close enough, the assembler will substitute an adr to the page-aligned address instead.

Reg is not necessarily the register loaded by adrp! It may be the result of:

adrp x0, label mov x1, x0

UsedEA:: # x1 is used

and Reg would be x1

Uses: arch.adr_dest, instruction

Recursive: block_points, flags_and_jump_pair, block_next, jump_table_element_access, jump_table_candidate_refined, relative_jump_table_entry_candidate, value_reg, reg_def_use.live_var_used, arm_jump_table_cmp_limit, arm_jump_table_block_start, unresolved_block, last_value_reg_limit, __agg_single2, reg_def_use.ref_in_block, arm_jump_table_candidate_start, relocation_adjustment_total, data_in_code_propagate, data_in_code, contains_implausible_instr_seq, code_in_block, stack_def_use.live_var_def, reg_def_use.live_var_def, wis_prior, simple_data_access_pattern, no_value_reg_limit, arm_jump_table_candidate, reg_def_use.used, arm_jump_table_skip_first_entry, reg_def_use.live_var_at_block_end, invalid, litpool_symbolic_operand, straight_line_def_used, jump_table_target, after_end, code_in_block_candidate_refined, stack_base_reg_move, initialized_data_segment, indefinite_litpool_ref, may_fallthrough, block_implies_block, reg_def_use.return_block_end, wis_has_prior, data_block_candidate, wis_memo, litpool_boundaries, inter_procedural_edge, candidate_block_is_not_padding, invalid_jump_table_candidate, stack_def_use.live_var_at_block_end, indexed_pc_relative_load_relative, unresolved_interval_order, compare_and_jump_register, tls_relative_operand_mips, reg_def_use.return_val_used, next_end, adjusts_stack_in_block, got_relative_operand, segment_target_range, tls_get_addr, stack_def_use.last_def_in_block, basic_target, symbolic_expr_from_relocation, unlikely_have_symbolic_immediate, next_start, block_overlap, compare_and_jump_indirect, def_used_for_address, overlapping_instruction, wis_schedule, __agg_single3, compare_and_jump_indirect_op_valid, cinf_ldr_add_pc, block_heuristic, stack_def_use.live_var_at_prior_used, symbol_minus_symbol_litpool_access_pattern, arm_jump_table_data_block, block_total_points, split_load_point, no_return_call_propagated, __agg_subclause6, discarded_split_load, init_symbol_minus_symbol_candidate_arm, __agg_subclause4, function_inference.function_entry_initial, next_type, stack_def_use.block_last_def, __agg_single6, reg_has_got, data_block_limit, base_relative_operation, init_ldr_add_pc, block_limit, unresolved_interval, stack_def_use.ref_in_block, reg_used_for, must_fallthrough, value_reg_edge, self_contained_segment, hi_load_prop, block, reg_def_use.def_used, relative_address, likely_fallthrough, composite_data_access, stack_def_use.defined_in_block, known_block, branch_to_calculated_pc_rel_addr, __agg_subclause7, no_return_call, split_load_operand, block_points_proportional, reg_has_base_image, relocation_adjustment, overlap_with_litpool, plt_block, instruction_memory_access_size, const_value_reg_used, __agg_single10, plt_entry, split_load_conflict, common_tail, correlated_live_reg, first_block_in_byte_interval, stack_def_use.def_used, reg_def_use.block_last_def, arm_jump_table_data_block_limit, possible_target_from, reg_reg_arithmetic_operation_defs, wis_schedule_iter, possible_target, stack_def_use.used_in_block, jump_table_prelude, padding_block_candidate, reg_def_use.ambiguous_last_def_in_block, block_candidate_boundaries, no_return_block, candidate_block_is_padding, indexed_pc_relative_load, block_boundaries, jump_table_candidate, discarded_block, reg_def_use.used_in_block, reg_def_use.flow_def, data_segment, transition_block_limit, inferred_main_dispatch, relative_address_start, padding_block_limit, data_access, local_dynamic_tls_candidate, negative_block_heuristic, gp_relative_operand, jump_table_signed, split_load_total_points, cmp_defines, start_function, no_return_call_refined, next_block_in_byte_interval, reg_def_use.live_var_at_prior_used, resolved_reaches, unresolved_block_overlap, arch.extend_load, block_instruction_next, inferred_main_in_reg, contains_plausible_instr_seq, value_reg_limit, tls_desc_call, base_relative_jump, straight_line_last_def, impossible_block, arm_jump_table_block_instruction, split_load_candidate, adrp_used, call_tls_get_addr_mips, cmp_reg_to_reg, split_load_for_symbolization, __agg_subclause2, incomplete_block, reg_def_use.defined_in_block, base_relative_operand, arch.reg_relative_load, stack_def_use.live_var_used_in_block, nop_in_padding_candidate, code_in_block_candidate, is_padding, value_reg_unsupported, reg_def_use.ambiguous_block_last_def, arch.simple_data_load, block_last_instruction, reg_def_use.last_def_in_block, call_tls_get_addr, litpool_ref, litpool_confidence, split_load, jump_table_start, block_candidate_dependency_edge, jump_table_max, compare_and_jump_immediate, stack_def_use.live_var_used, __agg_subclause3

split_load_tail(EA:address, Offset:number, Reg:register, Type:symbol)

An instruction which could be the second half of a split load.

Uses: arch.memory_access, arch.reg_arithmetic_operation, instruction, op_immediate

Used by: split_load_for_symbolization

split_load_for_symbolization(ea:address, nextea:address, dest:address, type:symbol)

This version of split_load uses def_used, so this should not be used for the code inference step due to cyclic negation issue. Instead, this is for the symbolization step.

Uses: split_load_tail

Used by: symbolic_operand_attribute

Recursive: block_points, flags_and_jump_pair, block_next, jump_table_element_access, jump_table_candidate_refined, relative_jump_table_entry_candidate, value_reg, reg_def_use.live_var_used, arm_jump_table_cmp_limit, arm_jump_table_block_start, unresolved_block, last_value_reg_limit, __agg_single2, reg_def_use.ref_in_block, arm_jump_table_candidate_start, relocation_adjustment_total, data_in_code_propagate, data_in_code, contains_implausible_instr_seq, code_in_block, stack_def_use.live_var_def, reg_def_use.live_var_def, wis_prior, simple_data_access_pattern, no_value_reg_limit, arm_jump_table_candidate, reg_def_use.used, arm_jump_table_skip_first_entry, reg_def_use.live_var_at_block_end, invalid, litpool_symbolic_operand, straight_line_def_used, jump_table_target, after_end, code_in_block_candidate_refined, stack_base_reg_move, initialized_data_segment, indefinite_litpool_ref, may_fallthrough, block_implies_block, reg_def_use.return_block_end, wis_has_prior, data_block_candidate, wis_memo, litpool_boundaries, inter_procedural_edge, candidate_block_is_not_padding, invalid_jump_table_candidate, stack_def_use.live_var_at_block_end, indexed_pc_relative_load_relative, unresolved_interval_order, compare_and_jump_register, tls_relative_operand_mips, reg_def_use.return_val_used, next_end, adjusts_stack_in_block, got_relative_operand, segment_target_range, tls_get_addr, stack_def_use.last_def_in_block, basic_target, symbolic_expr_from_relocation, unlikely_have_symbolic_immediate, next_start, block_overlap, compare_and_jump_indirect, def_used_for_address, overlapping_instruction, wis_schedule, __agg_single3, compare_and_jump_indirect_op_valid, cinf_ldr_add_pc, block_heuristic, stack_def_use.live_var_at_prior_used, symbol_minus_symbol_litpool_access_pattern, arm_jump_table_data_block, block_total_points, split_load_point, no_return_call_propagated, __agg_subclause6, discarded_split_load, init_symbol_minus_symbol_candidate_arm, __agg_subclause4, function_inference.function_entry_initial, next_type, stack_def_use.block_last_def, __agg_single6, reg_has_got, data_block_limit, base_relative_operation, init_ldr_add_pc, block_limit, unresolved_interval, stack_def_use.ref_in_block, reg_used_for, must_fallthrough, value_reg_edge, self_contained_segment, hi_load_prop, block, reg_def_use.def_used, relative_address, likely_fallthrough, composite_data_access, stack_def_use.defined_in_block, known_block, branch_to_calculated_pc_rel_addr, __agg_subclause7, no_return_call, split_load_operand, block_points_proportional, reg_has_base_image, relocation_adjustment, overlap_with_litpool, plt_block, instruction_memory_access_size, const_value_reg_used, __agg_single10, plt_entry, split_load_conflict, common_tail, correlated_live_reg, first_block_in_byte_interval, stack_def_use.def_used, reg_def_use.block_last_def, arm_jump_table_data_block_limit, possible_target_from, reg_reg_arithmetic_operation_defs, wis_schedule_iter, possible_target, stack_def_use.used_in_block, jump_table_prelude, padding_block_candidate, reg_def_use.ambiguous_last_def_in_block, block_candidate_boundaries, no_return_block, candidate_block_is_padding, indexed_pc_relative_load, block_boundaries, jump_table_candidate, discarded_block, reg_def_use.used_in_block, reg_def_use.flow_def, data_segment, transition_block_limit, inferred_main_dispatch, relative_address_start, padding_block_limit, data_access, local_dynamic_tls_candidate, negative_block_heuristic, gp_relative_operand, jump_table_signed, split_load_total_points, cmp_defines, start_function, no_return_call_refined, next_block_in_byte_interval, reg_def_use.live_var_at_prior_used, resolved_reaches, unresolved_block_overlap, arch.extend_load, block_instruction_next, inferred_main_in_reg, contains_plausible_instr_seq, value_reg_limit, tls_desc_call, base_relative_jump, straight_line_last_def, impossible_block, arm_jump_table_block_instruction, split_load_candidate, adrp_used, call_tls_get_addr_mips, cmp_reg_to_reg, split_load_for_symbolization, __agg_subclause2, incomplete_block, reg_def_use.defined_in_block, base_relative_operand, arch.reg_relative_load, stack_def_use.live_var_used_in_block, nop_in_padding_candidate, code_in_block_candidate, is_padding, value_reg_unsupported, reg_def_use.ambiguous_block_last_def, arch.simple_data_load, block_last_instruction, reg_def_use.last_def_in_block, call_tls_get_addr, litpool_ref, litpool_confidence, split_load, jump_table_start, block_candidate_dependency_edge, jump_table_max, compare_and_jump_immediate, stack_def_use.live_var_used, __agg_subclause3

lo_reloc_index(RelocType:symbol, OpIndex:unsigned)

OpIndex: operand index for the corresponding relocation

Used by: symbolic_expr_from_relocation, symbolic_operand_attribute