arch/arm64_symbolization
ARM64 architecture-specific rules for symbolization
- split_load(ea:address, nextea:address, dest:address, type:symbol)
Compute an immediate load performed across two consecutive instructions
Uses:
arch.load_operation,arch.store_operation,instruction,instruction_get_dest_op,instruction_get_op,next,op_immediate,op_indirect_mapped,op_regdirect_contains_reg,symbolUsed by:
__agg_subclause8,base_addr_offset_operand_candidate,symbol_minus_symbol,symbolic_operand_attribute,symbolic_operand_mips_candidateRecursive:
stack_base_reg_move,jump_table_candidate,padding_block_limit,adrp_used,inferred_main_dispatch,block_next,wis_schedule,base_relative_operation,reg_def_use.live_var_used,stack_def_use.last_def_in_block,correlated_live_reg,no_return_call_refined,inter_procedural_edge,next_end,compare_and_jump_immediate,relocation_adjustment,cinf_ldr_add_pc,unresolved_interval,possible_target_from,block_candidate_dependency_edge,compare_and_jump_indirect,cmp_defines,local_dynamic_tls_candidate,basic_target,block_points,wis_has_prior,contains_implausible_instr_seq,stack_def_use.defined_in_block,known_block,common_tail,call_tls_get_addr,__agg_subclause6,overlapping_instruction,may_fallthrough,jump_table_target,impossible_block,block_last_instruction,unresolved_block,reg_has_got,reg_reg_arithmetic_operation_defs,__agg_subclause7,next_type,data_block_limit,reg_def_use.flow_def,data_segment,split_load_total_points,call_target_has_other_fallthrough_inter,next_function_entry_initial,got_relative_operand,discarded_split_load,reg_def_use.def_used,reg_has_base_image,gp_relative_operand,__agg_single6,must_fallthrough,candidate_block_is_not_padding,code_in_block_candidate,cmp_reg_to_reg,next_block_in_byte_interval,stack_def_use.live_var_used,segment_target_range,reg_def_use.return_val_used,jump_table_max,composite_data_access,plt_block,block_limit,reg_used_for,split_load_candidate,adjusts_stack_in_block,const_value_reg_used,is_padding,jump_table_element_access,reg_def_use.ambiguous_last_def_in_block,reg_def_use.ref_in_block,init_symbol_minus_symbol_candidate_arm,call_may_fallthrough_inter,reg_def_use.live_var_at_prior_used,reg_def_use.used,negative_block_heuristic,block_heuristic,split_load,reg_def_use.return_block_end,straight_line_def_used,start_function,split_load_conflict,symbol_minus_symbol_litpool_access_pattern,invalid,function_inference.function_entry_initial,compare_and_jump_register,hi_load_prop,__agg_subclause3,wis_prior,value_reg_unsupported,jump_table_prelude,wis_schedule_iter,init_ldr_add_pc,discarded_block,likely_fallthrough,initialized_data_segment,__agg_single3,call_tls_get_addr_mips,data_in_code,stack_def_use.def_used,data_in_code_propagate,compare_and_jump_indirect_op_valid,branch_to_calculated_pc_rel_addr,reg_def_use.last_def_in_block,data_access,split_load_point,unlikely_have_symbolic_immediate,stack_def_use.used_in_block,arch.extend_load,relative_address,block_boundaries,arm_jump_table_data_block,stack_def_use.ref_in_block,self_contained_segment,inferred_main_in_reg,code_in_block,stack_def_use.block_last_def,relative_jump_table_entry_candidate,indexed_pc_relative_load_relative,litpool_boundaries,arm_jump_table_candidate_start,code_in_block_candidate_refined,fallthrough_over_padding,jump_table_candidate_refined,reg_def_use.used_in_block,no_value_reg_limit,reg_def_use.ambiguous_block_last_def,padding_block_candidate,resolved_reaches,__agg_single2,relocation_adjustment_total,invalid_jump_table_candidate,no_return_call,nop_in_padding_candidate,arm_jump_table_cmp_limit,arch.simple_data_load,initial_function_containing_return,reg_def_use.live_var_at_block_end,base_relative_jump,reg_def_use.block_last_def,tls_relative_operand_mips,simple_data_access_pattern,__agg_single10,arch.reg_relative_load,stack_def_use.live_var_def,block_total_points,overlap_with_litpool,straight_line_last_def,arm_jump_table_skip_first_entry,arm_jump_table_data_block_limit,__agg_subclause2,after_end,value_reg_limit,flags_and_jump_pair,instruction_memory_access_size,data_block_candidate,block_overlap,next_start,unresolved_interval_order,value_reg,indexed_pc_relative_load,split_load_operand,unresolved_block_overlap,no_return_call_propagated,__agg_subclause4,split_load_for_symbolization,litpool_ref,tls_get_addr,block_implies_block,wis_memo,jump_table_start,stack_def_use.live_var_at_block_end,contains_plausible_instr_seq,transition_block_limit,litpool_symbolic_operand,arm_jump_table_block_start,tls_desc_call,stack_def_use.live_var_at_prior_used,plt_entry,relative_address_start,value_reg_edge,block,reg_def_use.defined_in_block,block_points_proportional,indefinite_litpool_ref,litpool_confidence,jump_table_signed,arm_jump_table_candidate,incomplete_block,symbolic_expr_from_relocation,block_instruction_next,def_used_for_address,block_candidate_boundaries,reg_def_use.live_var_def,no_return_block,base_relative_operand,arm_jump_table_block_instruction,possible_target,candidate_block_is_padding,first_block_in_byte_interval,stack_def_use.live_var_used_in_block,last_value_reg_limit
- adrp_used(EA:address, Reg:register, UsedEA:address, Dest:address)
A reference to a page-aligned value loaded by an adr or adrp instruction.
EA: Address of the adr/adrp instruction Reg: The register that holds the used value UsedEA: Address where the value is used Dest: The destination address
We care primarily about adrp, but sometimes if the target is close enough, the assembler will substitute an adr to the page-aligned address instead.
Reg is not necessarily the register loaded by adrp! It may be the result of:
adrp x0, label mov x1, x0
- UsedEA:
# x1 is used
and Reg would be
x1Uses:
arch.adr_dest,instructionRecursive:
stack_base_reg_move,jump_table_candidate,padding_block_limit,adrp_used,inferred_main_dispatch,block_next,wis_schedule,base_relative_operation,reg_def_use.live_var_used,stack_def_use.last_def_in_block,correlated_live_reg,no_return_call_refined,inter_procedural_edge,next_end,compare_and_jump_immediate,relocation_adjustment,cinf_ldr_add_pc,unresolved_interval,possible_target_from,block_candidate_dependency_edge,compare_and_jump_indirect,cmp_defines,local_dynamic_tls_candidate,basic_target,block_points,wis_has_prior,contains_implausible_instr_seq,stack_def_use.defined_in_block,known_block,common_tail,call_tls_get_addr,__agg_subclause6,overlapping_instruction,may_fallthrough,jump_table_target,impossible_block,block_last_instruction,unresolved_block,reg_has_got,reg_reg_arithmetic_operation_defs,__agg_subclause7,next_type,data_block_limit,reg_def_use.flow_def,data_segment,split_load_total_points,call_target_has_other_fallthrough_inter,next_function_entry_initial,got_relative_operand,discarded_split_load,reg_def_use.def_used,reg_has_base_image,gp_relative_operand,__agg_single6,must_fallthrough,candidate_block_is_not_padding,code_in_block_candidate,cmp_reg_to_reg,next_block_in_byte_interval,stack_def_use.live_var_used,segment_target_range,reg_def_use.return_val_used,jump_table_max,composite_data_access,plt_block,block_limit,reg_used_for,split_load_candidate,adjusts_stack_in_block,const_value_reg_used,is_padding,jump_table_element_access,reg_def_use.ambiguous_last_def_in_block,reg_def_use.ref_in_block,init_symbol_minus_symbol_candidate_arm,call_may_fallthrough_inter,reg_def_use.live_var_at_prior_used,reg_def_use.used,negative_block_heuristic,block_heuristic,split_load,reg_def_use.return_block_end,straight_line_def_used,start_function,split_load_conflict,symbol_minus_symbol_litpool_access_pattern,invalid,function_inference.function_entry_initial,compare_and_jump_register,hi_load_prop,__agg_subclause3,wis_prior,value_reg_unsupported,jump_table_prelude,wis_schedule_iter,init_ldr_add_pc,discarded_block,likely_fallthrough,initialized_data_segment,__agg_single3,call_tls_get_addr_mips,data_in_code,stack_def_use.def_used,data_in_code_propagate,compare_and_jump_indirect_op_valid,branch_to_calculated_pc_rel_addr,reg_def_use.last_def_in_block,data_access,split_load_point,unlikely_have_symbolic_immediate,stack_def_use.used_in_block,arch.extend_load,relative_address,block_boundaries,arm_jump_table_data_block,stack_def_use.ref_in_block,self_contained_segment,inferred_main_in_reg,code_in_block,stack_def_use.block_last_def,relative_jump_table_entry_candidate,indexed_pc_relative_load_relative,litpool_boundaries,arm_jump_table_candidate_start,code_in_block_candidate_refined,fallthrough_over_padding,jump_table_candidate_refined,reg_def_use.used_in_block,no_value_reg_limit,reg_def_use.ambiguous_block_last_def,padding_block_candidate,resolved_reaches,__agg_single2,relocation_adjustment_total,invalid_jump_table_candidate,no_return_call,nop_in_padding_candidate,arm_jump_table_cmp_limit,arch.simple_data_load,initial_function_containing_return,reg_def_use.live_var_at_block_end,base_relative_jump,reg_def_use.block_last_def,tls_relative_operand_mips,simple_data_access_pattern,__agg_single10,arch.reg_relative_load,stack_def_use.live_var_def,block_total_points,overlap_with_litpool,straight_line_last_def,arm_jump_table_skip_first_entry,arm_jump_table_data_block_limit,__agg_subclause2,after_end,value_reg_limit,flags_and_jump_pair,instruction_memory_access_size,data_block_candidate,block_overlap,next_start,unresolved_interval_order,value_reg,indexed_pc_relative_load,split_load_operand,unresolved_block_overlap,no_return_call_propagated,__agg_subclause4,split_load_for_symbolization,litpool_ref,tls_get_addr,block_implies_block,wis_memo,jump_table_start,stack_def_use.live_var_at_block_end,contains_plausible_instr_seq,transition_block_limit,litpool_symbolic_operand,arm_jump_table_block_start,tls_desc_call,stack_def_use.live_var_at_prior_used,plt_entry,relative_address_start,value_reg_edge,block,reg_def_use.defined_in_block,block_points_proportional,indefinite_litpool_ref,litpool_confidence,jump_table_signed,arm_jump_table_candidate,incomplete_block,symbolic_expr_from_relocation,block_instruction_next,def_used_for_address,block_candidate_boundaries,reg_def_use.live_var_def,no_return_block,base_relative_operand,arm_jump_table_block_instruction,possible_target,candidate_block_is_padding,first_block_in_byte_interval,stack_def_use.live_var_used_in_block,last_value_reg_limit
- split_load_tail(EA:address, Offset:number, Reg:register, Type:symbol)
An instruction which could be the second half of a split load.
- split_load_for_symbolization(ea:address, nextea:address, dest:address, type:symbol)
This version of split_load uses def_used, so this should not be used for the code inference step due to cyclic negation issue. Instead, this is for the symbolization step.
Uses:
split_load_tailUsed by:
symbolic_operand_attributeRecursive:
stack_base_reg_move,jump_table_candidate,padding_block_limit,adrp_used,inferred_main_dispatch,block_next,wis_schedule,base_relative_operation,reg_def_use.live_var_used,stack_def_use.last_def_in_block,correlated_live_reg,no_return_call_refined,inter_procedural_edge,next_end,compare_and_jump_immediate,relocation_adjustment,cinf_ldr_add_pc,unresolved_interval,possible_target_from,block_candidate_dependency_edge,compare_and_jump_indirect,cmp_defines,local_dynamic_tls_candidate,basic_target,block_points,wis_has_prior,contains_implausible_instr_seq,stack_def_use.defined_in_block,known_block,common_tail,call_tls_get_addr,__agg_subclause6,overlapping_instruction,may_fallthrough,jump_table_target,impossible_block,block_last_instruction,unresolved_block,reg_has_got,reg_reg_arithmetic_operation_defs,__agg_subclause7,next_type,data_block_limit,reg_def_use.flow_def,data_segment,split_load_total_points,call_target_has_other_fallthrough_inter,next_function_entry_initial,got_relative_operand,discarded_split_load,reg_def_use.def_used,reg_has_base_image,gp_relative_operand,__agg_single6,must_fallthrough,candidate_block_is_not_padding,code_in_block_candidate,cmp_reg_to_reg,next_block_in_byte_interval,stack_def_use.live_var_used,segment_target_range,reg_def_use.return_val_used,jump_table_max,composite_data_access,plt_block,block_limit,reg_used_for,split_load_candidate,adjusts_stack_in_block,const_value_reg_used,is_padding,jump_table_element_access,reg_def_use.ambiguous_last_def_in_block,reg_def_use.ref_in_block,init_symbol_minus_symbol_candidate_arm,call_may_fallthrough_inter,reg_def_use.live_var_at_prior_used,reg_def_use.used,negative_block_heuristic,block_heuristic,split_load,reg_def_use.return_block_end,straight_line_def_used,start_function,split_load_conflict,symbol_minus_symbol_litpool_access_pattern,invalid,function_inference.function_entry_initial,compare_and_jump_register,hi_load_prop,__agg_subclause3,wis_prior,value_reg_unsupported,jump_table_prelude,wis_schedule_iter,init_ldr_add_pc,discarded_block,likely_fallthrough,initialized_data_segment,__agg_single3,call_tls_get_addr_mips,data_in_code,stack_def_use.def_used,data_in_code_propagate,compare_and_jump_indirect_op_valid,branch_to_calculated_pc_rel_addr,reg_def_use.last_def_in_block,data_access,split_load_point,unlikely_have_symbolic_immediate,stack_def_use.used_in_block,arch.extend_load,relative_address,block_boundaries,arm_jump_table_data_block,stack_def_use.ref_in_block,self_contained_segment,inferred_main_in_reg,code_in_block,stack_def_use.block_last_def,relative_jump_table_entry_candidate,indexed_pc_relative_load_relative,litpool_boundaries,arm_jump_table_candidate_start,code_in_block_candidate_refined,fallthrough_over_padding,jump_table_candidate_refined,reg_def_use.used_in_block,no_value_reg_limit,reg_def_use.ambiguous_block_last_def,padding_block_candidate,resolved_reaches,__agg_single2,relocation_adjustment_total,invalid_jump_table_candidate,no_return_call,nop_in_padding_candidate,arm_jump_table_cmp_limit,arch.simple_data_load,initial_function_containing_return,reg_def_use.live_var_at_block_end,base_relative_jump,reg_def_use.block_last_def,tls_relative_operand_mips,simple_data_access_pattern,__agg_single10,arch.reg_relative_load,stack_def_use.live_var_def,block_total_points,overlap_with_litpool,straight_line_last_def,arm_jump_table_skip_first_entry,arm_jump_table_data_block_limit,__agg_subclause2,after_end,value_reg_limit,flags_and_jump_pair,instruction_memory_access_size,data_block_candidate,block_overlap,next_start,unresolved_interval_order,value_reg,indexed_pc_relative_load,split_load_operand,unresolved_block_overlap,no_return_call_propagated,__agg_subclause4,split_load_for_symbolization,litpool_ref,tls_get_addr,block_implies_block,wis_memo,jump_table_start,stack_def_use.live_var_at_block_end,contains_plausible_instr_seq,transition_block_limit,litpool_symbolic_operand,arm_jump_table_block_start,tls_desc_call,stack_def_use.live_var_at_prior_used,plt_entry,relative_address_start,value_reg_edge,block,reg_def_use.defined_in_block,block_points_proportional,indefinite_litpool_ref,litpool_confidence,jump_table_signed,arm_jump_table_candidate,incomplete_block,symbolic_expr_from_relocation,block_instruction_next,def_used_for_address,block_candidate_boundaries,reg_def_use.live_var_def,no_return_block,base_relative_operand,arm_jump_table_block_instruction,possible_target,candidate_block_is_padding,first_block_in_byte_interval,stack_def_use.live_var_used_in_block,last_value_reg_limit
- lo_reloc_index(RelocType:symbol, OpIndex:unsigned)
OpIndex: operand index for the corresponding relocation
- movz_movk_insn(EA:address, Reg:register, Val:number, ShiftMask:unsigned, Operation:symbol)
Individual MOVZ or MOVK instruction with its 16-bit immediate and shift.
- movz_movk_chain(EA_first:address, EA_last:address, Reg:register, Value:number, UsedShiftMask:unsigned, Count:unsigned)
A chain of MOVZ followed by one or more MOVKs to the same register. EA_first is always the MOVZ instruction. EA_last is the final instruction in the chain. Value is the accumulated 64-bit constant constructed from all instructions. UsedShiftMask tracks which 16-bit lanes have been written. Count is the number of instructions in the chain (1-4).
Uses:
movz_movk_insn,nextUsed by:
movz_movk_complete,movz_movk_memberRecursive:
movz_movk_chain
- movz_movk_complete(EA_first:address, EA_last:address, Value:number)
The longest complete MOVZ+MOVK chain: a chain that cannot be extended further. This is the one we use for symbolization.
- movz_movk_member(EA:address, EA_first:address, EA_last:address)
Helper: is EA part of a complete MOVZ+MOVK chain?
- movz_movk_shift_group(ShiftMask:unsigned, Group:symbol)
Helper: map a shift amount to the corresponding group attribute name.