| blob | f1aa730579bcd63bf04b8cf9b8f8fecce1d92b0e |
1 /* Common target dependent code for GDB on ARM systems.
3 Copyright (C) 1988-2024 Free Software Foundation, Inc.
5 This file is part of GDB.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>. */
22 #include <ctype.h>
63 #include <algorithm>
67 #if GDB_SELF_TEST
69 #endif
73 /* Print an "arm" debug statement. */
75 #define arm_debug_printf(fmt, ...) \
78 /* Macros for setting and testing a bit in a minimal symbol that marks
79 it as Thumb function. The MSB of the minimal symbol's "info" field
80 is used for this purpose.
82 MSYMBOL_SET_SPECIAL Actually sets the "special" bit.
83 MSYMBOL_IS_SPECIAL Tests the "special" bit in a minimal symbol. */
85 #define MSYMBOL_SET_SPECIAL(msym) \
86 (msym)->set_target_flag_1 (true)
88 #define MSYMBOL_IS_SPECIAL(msym) \
89 (msym)->target_flag_1 ()
91 struct arm_mapping_symbol
92 {
93 CORE_ADDR value;
98 };
102 struct arm_per_bfd
103 {
107 {}
111 /* Information about mapping symbols ($a, $d, $t) in the objfile.
113 The format is an array of vectors of arm_mapping_symbols, there is one
114 vector for each section of the objfile (the array is index by BFD section
115 index).
117 For each section, the vector of arm_mapping_symbol is sorted by
118 symbol value (address). */
121 /* For each corresponding element of section_maps above, is this vector
122 sorted. */
124 };
126 /* Per-bfd data used for mapping symbols. */
129 /* The list of available "set arm ..." and "show arm ..." commands. */
133 /* The type of floating-point to use. Keep this in sync with enum
134 arm_float_model, and the help string in _initialize_arm_tdep. */
136 {
142 NULL
143 };
145 /* A variable that can be configured by the user. */
149 /* The ABI to use. Keep this in sync with arm_abi_kind. */
151 {
155 NULL
156 };
158 /* A variable that can be configured by the user. */
162 /* The execution mode to assume. */
164 {
168 NULL
169 };
174 /* The standard register names, and all the valid aliases for them. Note
175 that `fp', `sp' and `pc' are not added in this alias list, because they
176 have been added as builtin user registers in
177 std-regs.c:_initialize_frame_reg. */
178 static const struct
179 {
183 /* Basic register numbers. */
200 /* Synonyms (argument and variable registers). */
213 /* Other platform-specific names for r9. */
216 /* Special names. */
219 /* Names used by GCC (not listed in the ARM EABI). */
221 /* A special name from the older ATPCS. */
223 };
234 /* Holds the current set of options to be passed to the disassembler. */
237 /* Valid register name styles. */
240 /* Disassembly style to use. Default to "std" register names. */
243 /* All possible arm target descriptors. */
247 /* This is used to keep the bfd arch_info in sync with the disassembly
248 style. */
262 static CORE_ADDR
266 /* get_next_pcs operations. */
268 arm_get_next_pcs_read_memory_unsigned_integer,
269 arm_get_next_pcs_syscall_next_pc,
270 arm_get_next_pcs_addr_bits_remove,
271 arm_get_next_pcs_is_thumb,
272 NULL,
273 };
275 struct arm_prologue_cache
276 {
277 /* The stack pointer at the time this frame was created; i.e. the
278 caller's stack pointer when this function was called. It is used
279 to identify this frame. */
280 CORE_ADDR sp;
282 /* Additional stack pointers used by M-profile with Security extension. */
283 /* Use msp_s / psp_s to hold the values of msp / psp when there is
284 no Security extension. */
285 CORE_ADDR msp_s;
286 CORE_ADDR msp_ns;
287 CORE_ADDR psp_s;
288 CORE_ADDR psp_ns;
290 /* Active stack pointer. */
295 /* The frame base for this frame is just prev_sp - frame size.
296 FRAMESIZE is the distance from the frame pointer to the
297 initial stack pointer. */
301 /* The register used to hold the frame pointer for this frame. */
304 /* True if the return address is signed, false otherwise. */
307 /* Saved register offsets. */
311 };
314 /* Reconstruct T bit in program status register from LR value. */
318 {
322 else
326 }
328 /* Initialize CACHE fields for which zero is not adequate (CACHE is
329 expected to have been ZALLOC'ed before calling this function). */
331 static void
333 {
337 }
339 /* Similar to the previous function, but extracts GDBARCH from FRAME. */
341 static void
343 {
351 {
352 const CORE_ADDR msp_val
354 const CORE_ADDR psp_val
357 cache->msp_s
359 cache->msp_ns
361 cache->psp_s
363 cache->psp_ns
366 /* Identify what msp is alias for (msp_s or msp_ns). */
371 else
372 {
376 }
378 /* Identify what psp is alias for (psp_s or psp_ns). */
383 else
384 {
388 }
390 /* Identify what sp is alias for (msp_s, msp_ns, psp_s or psp_ns). */
395 else
396 {
400 }
401 }
403 {
404 cache->msp_s
406 cache->psp_s
409 /* Identify what sp is alias for (msp or psp). */
414 else
415 {
419 }
420 }
421 else
422 {
423 cache->msp_s
427 }
428 }
430 /* Return the requested stack pointer value (in REGNUM), taking into
431 account whether we have a Security extension or an M-profile
432 CPU. */
434 static CORE_ADDR
437 {
439 {
454 }
456 {
463 }
468 }
470 /* Return the previous stack address, depending on which SP register
471 is active. */
473 static CORE_ADDR
475 {
478 }
480 /* Set the active stack pointer to VAL. */
482 static void
485 {
487 {
498 }
500 {
507 }
509 {
512 }
515 }
517 /* Return true if REGNUM is one of the alternative stack pointers. */
519 static bool
521 {
529 else
531 }
533 /* Set the active stack pointer to SP_REGNUM. */
535 static void
538 {
542 {
548 {
551 }
554 {
557 }
558 }
561 }
565 /* Abstract class to read ARM instructions from memory. */
567 class arm_instruction_reader
568 {
570 /* Read a 4 bytes instruction from memory using the BYTE_ORDER endianness. */
572 };
574 /* Read instructions from target memory. */
577 {
580 {
582 }
583 };
587 static CORE_ADDR arm_analyze_prologue
591 /* Architecture version for displaced stepping. This effects the behaviour of
592 certain instructions, and really should not be hard-wired. */
594 #define DISPLACED_STEPPING_ARCH_VERSION 5
596 /* See arm-tdep.h. */
601 /* Return the bit mask in ARM_PS_REGNUM that indicates Thumb mode. */
603 int
605 {
610 else
612 }
614 /* Determine if the processor is currently executing in Thumb mode. */
616 int
618 {
619 ULONGEST cpsr;
625 }
627 /* Determine if FRAME is executing in Thumb mode. FRAME must be an ARM
628 frame. */
630 int
632 {
633 /* Check the architecture of FRAME. */
637 /* Every ARM frame unwinder can unwind the T bit of the CPSR, either
638 directly (from a signal frame or dummy frame) or by interpreting
639 the saved LR (from a prologue or DWARF frame). So consult it and
640 trust the unwinders. */
643 /* Find and extract the thumb bit. */
646 }
648 /* Search for the mapping symbol covering MEMADDR. If one is found,
649 return its type. Otherwise, return 0. If START is non-NULL,
650 set *START to the location of the mapping symbol. */
652 static char
654 {
657 /* If there are mapping symbols, consult them. */
660 {
663 {
665 arm_mapping_symbol_vec &map
668 /* Sort the vector on first use. */
670 {
673 }
679 /* std::lower_bound finds the earliest ordered insertion
680 point. If the symbol at this position starts at this exact
681 address, we use that; otherwise, the preceding
682 mapping symbol covers this address. */
684 {
686 {
690 }
691 }
694 {
701 }
702 }
703 }
706 }
708 /* Determine if the program counter specified in MEMADDR is in a Thumb
709 function. This function should be called for addresses unrelated to
710 any executing frame; otherwise, prefer arm_frame_is_thumb. */
712 int
714 {
722 gdbarch_displaced_step_copy_insn_closure_by_addr
725 /* If checking the mode of displaced instruction in copy area, the mode
726 should be determined by instruction on the original address. */
728 {
733 }
735 /* If bit 0 of the address is set, assume this is a Thumb address. */
739 /* If the user wants to override the symbol table, let him. */
745 /* ARM v6-M and v7-M are always in Thumb mode. */
749 /* If there are mapping symbols, consult them. */
754 /* Thumb functions have a "special" bit set in minimal symbols. */
759 /* If the user wants to override the fallback mode, let them. */
765 /* If we couldn't find any symbol, but we're talking to a running
766 target, then trust the current value of $cpsr. This lets
767 "display/i $pc" always show the correct mode (though if there is
768 a symbol table we will not reach here, so it still may not be
769 displayed in the mode it will be executed). */
773 /* Otherwise we're out of luck; we assume ARM. */
775 }
779 {
781 {
782 /* Values for lockup state.
783 For more details see "B1.5.15 Unrecoverable exception cases" in
784 both ARMv6-M and ARMv7-M Architecture Reference Manuals, or
785 see "B4.32 Lockup" in ARMv8-M Architecture Reference Manual. */
792 /* Address is not lockup. */
794 }
795 }
797 /* Determine if the address specified equals any of these magic return
798 values, called EXC_RETURN, defined by the ARM v6-M, v7-M and v8-M
799 architectures. Also include lockup magic PC value.
800 Check also for FNC_RETURN if we have the v8-M security extension.
802 From ARMv6-M Reference Manual B1.5.8
803 Table B1-5 Exception return behavior
805 EXC_RETURN Return To Return Stack
806 0xFFFFFFF1 Handler mode Main
807 0xFFFFFFF9 Thread mode Main
808 0xFFFFFFFD Thread mode Process
810 From ARMv7-M Reference Manual B1.5.8
811 Table B1-8 EXC_RETURN definition of exception return behavior, no FP
813 EXC_RETURN Return To Return Stack
814 0xFFFFFFF1 Handler mode Main
815 0xFFFFFFF9 Thread mode Main
816 0xFFFFFFFD Thread mode Process
818 Table B1-9 EXC_RETURN definition of exception return behavior, with
819 FP
821 EXC_RETURN Return To Return Stack Frame Type
822 0xFFFFFFE1 Handler mode Main Extended
823 0xFFFFFFE9 Thread mode Main Extended
824 0xFFFFFFED Thread mode Process Extended
825 0xFFFFFFF1 Handler mode Main Basic
826 0xFFFFFFF9 Thread mode Main Basic
827 0xFFFFFFFD Thread mode Process Basic
829 For more details see "B1.5.8 Exception return behavior"
830 in both ARMv6-M and ARMv7-M Architecture Reference Manuals.
832 From ARMv8-M Architecture Technical Reference, D1.2.95
833 FType, Mode and SPSEL bits are to be considered when the Security
834 Extension is not implemented.
836 EXC_RETURN Return To Return Stack Frame Type
837 0xFFFFFFA0 Handler mode Main Extended
838 0xFFFFFFA8 Thread mode Main Extended
839 0xFFFFFFAC Thread mode Process Extended
840 0xFFFFFFB0 Handler mode Main Standard
841 0xFFFFFFB8 Thread mode Main Standard
842 0xFFFFFFBC Thread mode Process Standard */
844 static int
846 {
852 {
854 {
860 }
861 }
862 else
863 {
865 {
866 /* Values from ARMv8-M Architecture Technical Reference. */
873 /* Values from Tables in B1.5.8 the EXC_RETURN definitions of
874 the exception return behavior. */
881 /* Address is magic. */
885 /* Address is not magic. */
887 }
888 }
889 }
891 /* Remove useless bits from addresses in a running program. */
892 static CORE_ADDR
894 {
897 /* On M-profile devices, do not strip the low bit from EXC_RETURN
898 (the magic exception return address). */
904 else
906 }
908 /* Return 1 if PC is the start of a compiler helper function which
909 can be safely ignored during prologue skipping. IS_THUMB is true
910 if the function is known to be a Thumb function due to the way it
911 is being called. */
912 static int
914 {
922 {
925 /* The GNU linker's Thumb call stub to foo is named
926 __foo_from_thumb. */
930 /* On soft-float targets, __truncdfsf2 is called to convert promoted
931 arguments to their argument types in non-prototyped
932 functions. */
938 /* Internal functions related to thread-local storage. */
943 }
944 else
945 {
946 /* If we run against a stripped glibc, we may be unable to identify
947 special functions by name. Check for one important case,
948 __aeabi_read_tp, by comparing the *code* against the default
949 implementation (this is hand-written ARM assembler in glibc). */
957 }
960 }
962 /* Extract the immediate from instruction movw/movt of encoding T. INSN1 is
963 the first 16-bit of instruction, and INSN2 is the second 16-bit of
964 instruction. */
965 #define EXTRACT_MOVW_MOVT_IMM_T(insn1, insn2) \
966 ((bits ((insn1), 0, 3) << 12) \
967 | (bits ((insn1), 10, 10) << 11) \
968 | (bits ((insn2), 12, 14) << 8) \
969 | bits ((insn2), 0, 7))
971 /* Extract the immediate from instruction movw/movt of encoding A. INSN is
972 the 32-bit instruction. */
973 #define EXTRACT_MOVW_MOVT_IMM_A(insn) \
974 ((bits ((insn), 16, 19) << 12) \
975 | bits ((insn), 0, 11))
977 /* Decode immediate value; implements ThumbExpandImmediate pseudo-op. */
979 static unsigned int
981 {
986 {
996 }
999 }
1001 /* Return 1 if the 16-bit Thumb instruction INSN restores SP in
1002 epilogue, 0 otherwise. */
1004 static int
1006 {
1010 }
1012 /* Analyze a Thumb prologue, looking for a recognizable stack frame
1013 and frame pointer. Scan until we encounter a store that could
1014 clobber the stack frame unexpectedly, or an unknown instruction.
1015 Return the last address which is definitely safe to skip for an
1016 initial breakpoint. */
1018 static CORE_ADDR
1022 {
1028 CORE_ADDR offset;
1036 {
1043 {
1050 /* Bits 0-7 contain a mask for registers R0-R7. Bit 8 says
1051 whether to save LR (R14). */
1054 /* Calculate offsets of saved R0-R7 and LR. */
1057 {
1061 }
1062 }
1064 {
1068 }
1070 {
1071 /* Don't scan past the epilogue. */
1073 }
1092 {
1096 }
1098 {
1102 }
1104 {
1105 /* Handle stores to the stack. Normally pushes are used,
1106 but with GCC -mtpcs-frame, there may be other stores
1107 in the prologue to create the frame. */
1109 pv_t addr;
1118 }
1120 {
1123 pv_t addr;
1132 }
1136 /* Ignore stores of argument registers to the stack. */
1137 ;
1140 /* Ignore block loads from the stack, potentially copying
1141 parameters from memory. */
1142 ;
1146 /* Similarly ignore single loads from the stack. */
1147 ;
1150 /* Skip register copies, i.e. saves to another register
1151 instead of the stack. */
1152 ;
1154 /* Recognize constant loads; even with small stacks these are necessary
1155 on Thumb. */
1158 {
1159 /* Constant pool loads, for the same reason. */
1161 CORE_ADDR loc;
1166 }
1168 {
1172 byte_order_for_code);
1176 {
1177 /* BL, BLX. Allow some special function calls when
1178 skipping the prologue; GCC generates these before
1179 storing arguments to the stack. */
1180 CORE_ADDR nextpc;
1192 /* For BLX make sure to clear the low bits. */
1199 }
1202 { registers } */
1204 {
1211 /* Calculate offsets of saved registers. */
1214 {
1217 }
1221 }
1223 /* vstmdb Rn{!}, { D-registers } (aka vpush). */
1227 {
1228 /* Address SP points to. */
1231 /* Number of registers saved. */
1234 /* First register to save. */
1240 /* Calculate offsets of saved registers. */
1242 {
1246 }
1248 /* Writeback SP to account for the saved registers. */
1250 }
1253 [Rn, #+/-imm]{!} */
1255 {
1263 else
1275 }
1280 {
1287 else
1297 }
1301 {
1303 pv_t addr;
1312 }
1316 /* Ignore stores of argument registers to the stack. */
1317 ;
1322 /* Ignore stores of argument registers to the stack. */
1323 ;
1326 { registers } */
1329 /* Ignore block loads from the stack, potentially copying
1330 parameters from memory. */
1331 ;
1334 [Rn, #+/-imm] */
1336 /* Similarly ignore dual loads from the stack. */
1337 ;
1342 /* Similarly ignore single loads from the stack. */
1343 ;
1347 /* Similarly ignore single loads from the stack. */
1348 ;
1352 {
1360 }
1364 {
1371 }
1375 {
1383 }
1387 {
1394 }
1397 {
1404 }
1407 {
1408 unsigned int imm
1412 }
1416 {
1420 }
1423 {
1424 /* Constant pool loads. */
1426 CORE_ADDR loc;
1431 else
1436 }
1439 {
1440 /* Constant pool loads. */
1442 CORE_ADDR loc;
1447 else
1455 }
1456 /* Start of ARMv8.1-m PACBTI extension instructions. */
1458 {
1459 /* LR and SP are input registers. PAC is in R12. LR is
1460 signed from this point onwards. NOP space. */
1462 }
1464 {
1465 /* LR and SP are input registers. PAC is in R12 and PC is a
1466 valid BTI landing pad. LR is signed from this point onwards.
1467 NOP space. */
1469 }
1471 {
1472 /* Valid BTI landing pad. NOP space. */
1473 }
1475 {
1476 /* Sign Rn using Rm and store the PAC in Rd. Rd is signed from
1477 this point onwards. */
1479 }
1481 {
1482 /* These instructions appear close to the epilogue, when signed
1483 pointers are getting authenticated. */
1485 }
1486 /* End of ARMv8.1-m PACBTI extension instructions */
1488 {
1489 /* Don't scan past anything that might change control flow. */
1491 }
1492 else
1493 {
1494 /* The optimizer might shove anything into the prologue,
1495 so we just skip what we don't recognize. */
1497 }
1499 /* Make sure we are dealing with a target that supports ARMv8.1-m
1500 PACBTI. */
1503 {
1509 }
1512 }
1514 {
1515 /* Don't scan past anything that might change control flow. */
1517 }
1518 else
1519 {
1520 /* The optimizer might shove anything into the prologue,
1521 so we just skip what we don't recognize. */
1523 }
1526 }
1538 {
1539 /* Frame pointer is fp. Frame size is constant. */
1542 }
1544 {
1545 /* Frame pointer is r7. Frame size is constant. */
1548 }
1549 else
1550 {
1551 /* Try the stack pointer... this is a bit desperate. */
1554 }
1558 {
1562 }
1565 }
1568 /* Try to analyze the instructions starting from PC, which load symbol
1569 __stack_chk_guard. Return the address of instruction after loading this
1570 symbol, set the dest register number to *BASEREG, and set the size of
1571 instructions for loading symbol in OFFSET. Return 0 if instructions are
1572 not recognized. */
1574 static CORE_ADDR
1577 {
1584 {
1585 unsigned short insn1
1589 {
1594 byte_order_for_code);
1595 }
1597 {
1598 unsigned short insn2
1603 insn1
1605 insn2
1608 /* movt Rd, #const */
1610 {
1615 }
1616 }
1617 }
1618 else
1619 {
1620 unsigned int insn
1624 {
1627 byte_order_for_code);
1631 }
1633 {
1636 insn
1640 {
1645 }
1646 }
1647 }
1650 }
1652 /* Try to skip a sequence of instructions used for stack protector. If PC
1653 points to the first instruction of this sequence, return the address of
1654 first instruction after this sequence, otherwise, return original PC.
1656 On arm, this sequence of instructions is composed of mainly three steps,
1657 Step 1: load symbol __stack_chk_guard,
1658 Step 2: load from address of __stack_chk_guard,
1659 Step 3: store it to somewhere else.
1661 Usually, instructions on step 2 and step 3 are the same on various ARM
1662 architectures. On step 2, it is one instruction 'ldr Rx, [Rn, #0]', and
1663 on step 3, it is also one instruction 'str Rx, [r7, #immd]'. However,
1664 instructions in step 1 vary from different ARM architectures. On ARMv7,
1665 they are,
1667 movw Rn, #:lower16:__stack_chk_guard
1668 movt Rn, #:upper16:__stack_chk_guard
1670 On ARMv5t, it is,
1672 ldr Rn, .Label
1673 ....
1674 .Lable:
1675 .word __stack_chk_guard
1677 Since ldr/str is a very popular instruction, we can't use them as
1678 'fingerprint' or 'signature' of stack protector sequence. Here we choose
1679 sequence {movw/movt, ldr}/ldr/str plus symbol __stack_chk_guard, if not
1680 stripped, as the 'fingerprint' of a stack protector cdoe sequence. */
1682 static CORE_ADDR
1684 {
1690 CORE_ADDR addr;
1692 /* Try to parse the instructions in Step 1. */
1699 /* ADDR must correspond to a symbol whose name is __stack_chk_guard.
1700 Otherwise, this sequence cannot be for stack protector. */
1706 {
1708 unsigned short insn
1711 /* Step 2: ldr Rd, [Rn, #immed], encoding T1. */
1719 byte_order_for_code);
1720 /* Step 3: str Rd, [Rn, #immed], encoding T1. */
1725 }
1726 else
1727 {
1729 unsigned int insn
1732 /* Step 2: ldr Rd, [Rn, #immed], encoding A1. */
1738 /* Step 3: str Rd, [Rn, #immed], encoding A1. */
1745 }
1746 /* The size of total two instructions ldr/str is 4 on Thumb-2, while 8
1747 on arm. */
1750 else
1752 }
1754 /* Advance the PC across any function entry prologue instructions to
1755 reach some "real" code.
1757 The APCS (ARM Procedure Call Standard) defines the following
1758 prologue:
1760 mov ip, sp
1761 [stmfd sp!, {a1,a2,a3,a4}]
1762 stmfd sp!, {...,fp,ip,lr,pc}
1763 [stfe f7, [sp, #-12]!]
1764 [stfe f6, [sp, #-12]!]
1765 [stfe f5, [sp, #-12]!]
1766 [stfe f4, [sp, #-12]!]
1767 sub fp, ip, #nn @@ nn == 20 or 4 depending on second insn. */
1769 static CORE_ADDR
1771 {
1774 /* See if we can determine the end of the prologue via the symbol table.
1775 If so, then return either PC, or the PC after the prologue, whichever
1776 is greater. */
1777 bool func_addr_found
1780 /* Whether the function is thumb mode or not. */
1784 {
1785 CORE_ADDR post_prologue_pc
1790 post_prologue_pc
1794 /* GCC always emits a line note before the prologue and another
1795 one after, even if the two are at the same address or on the
1796 same line. Take advantage of this so that we do not need to
1797 know every instruction that might appear in the prologue. We
1798 will have producer information for most binaries; if it is
1799 missing (e.g. for -gstabs), assuming the GNU tools. */
1808 {
1809 CORE_ADDR analyzed_limit;
1811 /* For non-GCC compilers, make sure the entire line is an
1812 acceptable prologue; GDB will round this function's
1813 return value up to the end of the following line so we
1814 can not skip just part of a line (and we do not want to).
1816 RealView does not treat the prologue specially, but does
1817 associate prologue code with the opening brace; so this
1818 lets us skip the first line if we think it is the opening
1819 brace. */
1824 else
1825 analyzed_limit
1833 }
1834 }
1836 /* Can't determine prologue from the symbol table, need to examine
1837 instructions. */
1839 /* Find an upper limit on the function prologue using the debug
1840 information. If the debug information could not be used to provide
1841 that bound, then use an arbitrary large number as the upper bound. */
1842 /* Like arm_scan_prologue, stop no later than pc + 64. */
1847 /* Set the correct adjustment based on whether the function is thumb mode or
1848 not. We use it to get the address of the last instruction in the
1849 function (as opposed to the first address of the next function). */
1852 limit_pc
1856 /* Check if this is Thumb code. */
1859 else
1862 }
1864 /* Function: thumb_scan_prologue (helper function for arm_scan_prologue)
1865 This function decodes a Thumb function prologue to determine:
1866 1) the size of the stack frame
1867 2) which registers are saved on it
1868 3) the offsets of saved regs
1869 4) the offset from the stack pointer to the frame pointer
1871 A typical Thumb function prologue would create this stack frame
1872 (offsets relative to FP)
1873 old SP -> 24 stack parameters
1874 20 LR
1875 16 R7
1876 R7 -> 0 local variables (16 bytes)
1877 SP -> -12 additional stack space (12 bytes)
1878 The frame size would thus be 36 bytes, and the frame offset would be
1879 12 bytes. The frame register is R7.
1881 The comments for thumb_skip_prolog() describe the algorithm we use
1882 to detect the end of the prolog. */
1884 static void
1887 {
1888 CORE_ADDR prologue_start;
1889 CORE_ADDR prologue_end;
1893 {
1894 /* See comment in arm_scan_prologue for an explanation of
1895 this heuristics. */
1897 {
1899 }
1900 }
1901 else
1902 /* We're in the boondocks: we have no idea where the start of the
1903 function is. */
1909 }
1911 /* Return 1 if the ARM instruction INSN restores SP in epilogue, 0
1912 otherwise. */
1914 static int
1916 {
1918 {
1920 /* ADD SP (register or immediate). */
1922 /* SUB SP (register or immediate). */
1924 /* MOV SP. */
1926 /* POP (LDMIA). */
1928 /* POP of a single register. */
1930 }
1933 }
1935 /* Implement immediate value decoding, as described in section A5.2.4
1936 (Modified immediate constants in ARM instructions) of the ARM Architecture
1937 Reference Manual (ARMv7-A and ARMv7-R edition). */
1939 static uint32_t
1941 {
1942 /* Immediate values are 12 bits long. */
1953 }
1955 /* Analyze an ARM mode prologue starting at PROLOGUE_START and
1956 continuing no further than PROLOGUE_END. If CACHE is non-NULL,
1957 fill it in. Return the first address not recognized as a prologue
1958 instruction.
1960 We recognize all the instructions typically found in ARM prologues,
1961 plus harmless instructions which can be skipped (either for analysis
1962 purposes, or a more restrictive set that can be skipped when finding
1963 the end of the prologue). */
1965 static CORE_ADDR
1970 {
1978 /* Search the prologue looking for instructions that set up the
1979 frame pointer, adjust the stack pointer, and save registers.
1981 Be careful, however, and if it doesn't look like a prologue,
1982 don't try to scan it. If, for instance, a frameless function
1983 begins with stmfd sp!, then we will tell ourselves there is
1984 a frame, which will confuse stack traceback, as well as "finish"
1985 and other operations that rely on a knowledge of the stack
1986 traceback. */
1995 {
1999 {
2002 }
2005 {
2010 }
2013 {
2018 }
2020 [sp, #-4]! */
2021 {
2028 }
2030 /* stmfd sp!, {..., fp, ip, lr, pc}
2031 or
2032 stmfd sp!, {a1, a2, a3, a4} */
2033 {
2039 /* Calculate offsets of saved registers. */
2042 {
2046 }
2047 }
2051 {
2052 /* No need to add this to saved_regs -- it's just an arg reg. */
2054 }
2058 {
2059 /* No need to add this to saved_regs -- it's just an arg reg. */
2061 }
2063 { registers } */
2065 {
2066 /* No need to add this to saved_regs -- it's just arg regs. */
2068 }
2070 {
2073 }
2075 {
2078 }
2080 [sp, -#c]! */
2082 {
2089 }
2091 [sp!] */
2093 {
2101 {
2104 else
2106 }
2107 else
2108 {
2111 else
2113 }
2118 {
2122 }
2123 }
2125 {
2126 /* Allow some special function calls when skipping the
2127 prologue; GCC generates these before storing arguments to
2128 the stack. */
2133 else
2135 }
2139 /* Don't scan past anything that might change control flow. */
2142 {
2143 /* Don't scan past the epilogue. */
2145 }
2148 /* Ignore block loads from the stack, potentially copying
2149 parameters from memory. */
2153 /* Similarly ignore single loads from the stack. */
2156 /* MOV Rd, Rm. Skip register copies, i.e. saves to another
2157 register instead of the stack. */
2159 else
2160 {
2161 /* The optimizer might shove anything into the prologue, if
2162 we build up cache (cache != NULL) from scanning prologue,
2163 we just skip what we don't recognize and scan further to
2164 make cache as complete as possible. However, if we skip
2165 prologue, we'll stop immediately on unrecognized
2166 instruction. */
2170 else
2172 }
2173 }
2179 {
2182 /* The frame size is just the distance from the frame register
2183 to the original stack pointer. */
2185 {
2186 /* Frame pointer is fp. */
2189 }
2190 else
2191 {
2192 /* Try the stack pointer... this is a bit desperate. */
2195 }
2202 {
2206 }
2207 }
2213 }
2215 static void
2218 {
2226 /* Assume there is no frame until proven otherwise. */
2230 /* Check for Thumb prologue. */
2232 {
2235 }
2237 /* Find the function prologue. If we can't find the function in
2238 the symbol table, peek in the stack frame to find the PC. */
2241 {
2242 /* One way to find the end of the prologue (which works well
2243 for unoptimized code) is to do the following:
2245 struct symtab_and_line sal = find_pc_line (prologue_start, 0);
2247 if (sal.line == 0)
2248 prologue_end = prev_pc;
2249 else if (sal.end < prologue_end)
2250 prologue_end = sal.end;
2252 This mechanism is very accurate so long as the optimizer
2253 doesn't move any instructions from the function body into the
2254 prologue. If this happens, sal.end will be the last
2255 instruction in the first hunk of prologue code just before
2256 the first instruction that the scheduler has moved from
2257 the body to the prologue.
2259 In order to make sure that we scan all of the prologue
2260 instructions, we use a slightly less accurate mechanism which
2261 may scan more than necessary. To help compensate for this
2262 lack of accuracy, the prologue scanning loop below contains
2263 several clauses which'll cause the loop to terminate early if
2264 an implausible prologue instruction is encountered.
2266 The expression
2268 prologue_start + 64
2270 is a suitable endpoint since it accounts for the largest
2271 possible prologue plus up to five instructions inserted by
2272 the scheduler. */
2275 {
2277 }
2278 }
2279 else
2280 {
2281 /* We have no symbol information. Our only option is to assume this
2282 function has a standard stack frame and the normal frame register.
2283 Then, we can find the value of our frame pointer on entrance to
2284 the callee (or at the present moment if this is the innermost frame).
2285 The value stored there should be the address of the stmfd + 8. */
2286 CORE_ADDR frame_loc;
2287 ULONGEST return_value;
2289 /* AAPCS does not use a frame register, so we can abort here. */
2297 else
2298 {
2299 prologue_start = gdbarch_addr_bits_remove
2302 }
2303 }
2310 }
2314 {
2334 /* Calculate actual addresses of saved registers using offsets
2335 determined by arm_scan_prologue. */
2339 prev_sp);
2342 }
2344 /* Implementation of the stop_reason hook for arm_prologue frames. */
2346 static enum unwind_stop_reason
2349 {
2351 CORE_ADDR pc;
2357 /* This is meant to halt the backtrace at "_start". */
2364 /* If we've hit a wall, stop. */
2369 }
2371 /* Our frame ID for a normal frame is the current function's starting PC
2372 and the caller's SP when we were called. */
2374 static void
2378 {
2387 arm_gdbarch_tdep *tdep
2390 /* Use function start address as part of the frame ID. If we cannot
2391 identify the start address (due to missing symbol information),
2392 fall back to just using the current PC. */
2400 }
2406 {
2409 CORE_ADDR sp_value;
2417 /* If this frame has signed the return address, mark it as so. */
2422 /* If we are asked to unwind the PC, then we need to return the LR
2423 instead. The prologue may save PC, but it will point into this
2424 frame's prologue, not the next frame's resume location. Also
2425 strip the saved T bit. A valid LR may have the low bit set, but
2426 a valid PC never does. */
2428 {
2429 CORE_ADDR lr;
2434 }
2436 /* SP is generally not saved to the stack, but this frame is
2437 identified by the next frame's stack pointer at the time of the call.
2438 The value was already reconstructed into PREV_SP. */
2443 /* The value might be one of the alternative SP, if so, use the
2444 value already constructed. */
2446 {
2449 }
2451 /* The CPSR may have been changed by the call instruction and by the
2452 called function. The only bit we can reconstruct is the T bit,
2453 by checking the low bit of LR as of the call. This is a reliable
2454 indicator of Thumb-ness except for some ARM v4T pre-interworking
2455 Thumb code, which could get away with a clear low bit as long as
2456 the called function did not use bx. Guess that all other
2457 bits are unchanged; the condition flags are presumably lost,
2458 but the processor status is likely valid. */
2460 {
2466 }
2469 prev_regnum);
2470 }
2474 NORMAL_FRAME,
2475 arm_prologue_unwind_stop_reason,
2476 arm_prologue_this_id,
2477 arm_prologue_prev_register,
2478 NULL,
2479 default_frame_sniffer
2480 };
2482 /* Maintain a list of ARM exception table entries per objfile, similar to the
2483 list of mapping symbols. We only cache entries for standard ARM-defined
2484 personality routines; the cache will contain only the frame unwinding
2485 instructions associated with the entry (not the descriptors). */
2487 struct arm_exidx_entry
2488 {
2489 CORE_ADDR addr;
2493 {
2495 }
2496 };
2498 struct arm_exidx_data
2499 {
2501 };
2503 /* Per-BFD key to store exception handling information. */
2508 {
2511 {
2518 }
2521 }
2523 /* Parse contents of exception table and exception index sections
2524 of OBJFILE, and fill in the exception table entry cache.
2526 For each entry that refers to a standard ARM-defined personality
2527 routine, extract the frame unwinding instructions (from either
2528 the index or the table section). The unwinding instructions
2529 are normalized by:
2530 - extracting them from the rest of the table data
2531 - converting to host endianness
2532 - appending the implicit 0xb0 ("Finish") code
2534 The extracted and normalized instructions are stored for later
2535 retrieval by the arm_find_exidx_entry routine. */
2537 static void
2539 {
2543 LONGEST i;
2545 /* If we've already touched this file, do nothing. */
2549 /* Read contents of exception table and index. */
2551 ELF_STRING_ARM_unwind);
2554 {
2562 }
2567 {
2575 }
2577 /* Allocate exception table data structure. */
2581 /* Fill in exception table. */
2583 {
2593 /* Extract address of start of function. */
2597 /* Find section containing function and compute section offset. */
2603 /* Determine address of exception table entry. */
2605 {
2606 /* EXIDX_CANTUNWIND -- no exception table entry present. */
2607 }
2609 {
2610 /* Exception table entry embedded in .ARM.exidx
2611 -- must be short form. */
2614 }
2616 {
2617 /* Exception table entry in .ARM.extab. */
2622 {
2628 {
2629 /* Short form. */
2631 }
2634 {
2635 /* Long form. */
2638 }
2640 {
2641 bfd_vma pers;
2645 /* Custom personality routine. */
2649 /* Check whether we've got one of the variants of the
2650 GNU personality routines. */
2653 {
2655 {
2660 NULL
2661 };
2669 {
2672 }
2673 }
2675 /* If so, the next word contains a word count in the high
2676 byte, followed by the same unwind instructions as the
2677 pre-defined forms. */
2680 {
2687 }
2688 }
2689 }
2690 }
2692 /* Sanity check address. */
2698 /* The unwind instructions reside in WORD (only the N_BYTES least
2699 significant bytes are valid), followed by N_WORDS words in the
2700 extab section starting at ADDR. */
2702 {
2711 {
2720 }
2722 /* Implied "Finish" to terminate the list. */
2724 }
2726 /* Push entry onto vector. They are guaranteed to always
2727 appear in order of increasing addresses. */
2732 }
2733 }
2735 /* Search for the exception table entry covering MEMADDR. If one is found,
2736 return a pointer to its data. Otherwise, return 0. If START is non-NULL,
2737 set *START to the start of the region covered by this entry. */
2741 {
2746 {
2752 {
2756 {
2759 /* std::lower_bound finds the earliest ordered insertion
2760 point. If the following symbol starts at this exact
2761 address, we use that; otherwise, the preceding
2762 exception table entry covers this address. */
2764 {
2766 {
2770 }
2771 }
2774 {
2779 }
2780 }
2781 }
2782 }
2785 }
2787 /* Given the current frame THIS_FRAME, and its associated frame unwinding
2788 instruction list from the ARM exception table entry ENTRY, allocate and
2789 return a prologue cache structure describing how to unwind this frame.
2791 Return NULL if the unwinding instruction list contains a "spare",
2792 "reserved" or "refuse to unwind" instruction as defined in section
2793 "9.3 Frame unwinding instructions" of the "Exception Handling ABI
2794 for the ARM Architecture" document. */
2798 {
2807 {
2808 gdb_byte insn;
2810 /* Whenever we reload SP, we actually have to retrieve its
2811 actual value in the current frame. */
2813 {
2815 {
2818 }
2819 else
2820 {
2823 }
2826 }
2828 /* Decode next unwind instruction. */
2832 {
2835 }
2837 {
2840 }
2842 {
2846 /* The special case of an all-zero mask identifies
2847 "Refuse to unwind". We return NULL to fall back
2848 to the prologue analyzer. */
2852 /* Pop registers r4..r15 under mask. */
2855 {
2858 }
2860 /* Special-case popping SP -- we need to reload vsp. */
2863 }
2865 {
2868 /* Reserved cases. */
2872 /* Set SP from another register and mark VSP for reload. */
2875 }
2877 {
2882 /* Pop r4..r[4+count]. */
2884 {
2887 }
2889 /* If indicated by flag, pop LR as well. */
2891 {
2894 }
2895 }
2897 {
2898 /* We could only have updated PC by popping into it; if so, it
2899 will show up as address. Otherwise, copy LR into PC. */
2904 /* We're done. */
2906 }
2908 {
2912 /* All-zero mask and mask >= 16 is "spare". */
2916 /* Pop r0..r3 under mask. */
2919 {
2922 }
2923 }
2925 {
2929 do
2930 {
2933 }
2937 }
2939 {
2944 /* Only registers D0..D15 are valid here. */
2948 /* Pop VFP double-precision registers D[start]..D[start+count]. */
2950 {
2953 }
2955 /* Add an extra 4 bytes for FSTMFDX-style stack. */
2957 }
2959 {
2963 /* Pop VFP double-precision registers D[8]..D[8+count]. */
2965 {
2968 }
2970 /* Add an extra 4 bytes for FSTMFDX-style stack. */
2972 }
2974 {
2979 /* Only registers WR0..WR15 are valid. */
2983 /* Pop iwmmx registers WR[start]..WR[start+count]. */
2985 {
2988 }
2989 }
2991 {
2995 /* All-zero mask and mask >= 16 is "spare". */
2999 /* Pop iwmmx general-purpose registers WCGR0..WCGR3 under mask. */
3002 {
3005 }
3006 }
3008 {
3012 /* Pop iwmmx registers WR[10]..WR[10+count]. */
3014 {
3017 }
3018 }
3020 {
3025 /* Only registers D0..D31 are valid. */
3029 /* Pop VFP double-precision registers
3030 D[16+start]..D[16+start+count]. */
3032 {
3035 }
3036 }
3038 {
3043 /* Pop VFP double-precision registers D[start]..D[start+count]. */
3045 {
3048 }
3049 }
3051 {
3055 /* Pop VFP double-precision registers D[8]..D[8+count]. */
3057 {
3060 }
3061 }
3062 else
3063 {
3064 /* Everything else is "spare". */
3066 }
3067 }
3069 /* If we restore SP from a register, assume this was the frame register.
3070 Otherwise just fall back to SP as frame register. */
3073 else
3076 /* Determine offset to previous frame. */
3077 cache->framesize
3080 /* We already got the previous SP. */
3081 arm_gdbarch_tdep *tdep
3086 }
3088 /* Unwinding via ARM exception table entries. Note that the sniffer
3089 already computes a filled-in prologue cache, which is then used
3090 with the same arm_prologue_this_id and arm_prologue_prev_register
3091 routines also used for prologue-parsing based unwinding. */
3093 static int
3095 frame_info_ptr this_frame,
3097 {
3104 /* See if we have an ARM exception table entry covering this address. */
3110 /* The ARM exception table does not describe unwind information
3111 for arbitrary PC values, but is guaranteed to be correct only
3112 at call sites. We have to decide here whether we want to use
3113 ARM exception table information for this frame, or fall back
3114 to using prologue parsing. (Note that if we have DWARF CFI,
3115 this sniffer isn't even called -- CFI is always preferred.)
3117 Before we make this decision, however, we check whether we
3118 actually have *symbol* information for the current frame.
3119 If not, prologue parsing would not work anyway, so we might
3120 as well use the exception table and hope for the best. */
3122 {
3125 /* If the next frame is "normal", we are at a call site in this
3126 frame, so exception information is guaranteed to be valid. */
3131 /* Some syscalls keep PC pointing to the SVC instruction itself. */
3133 {
3134 /* We also assume exception information is valid if we're currently
3135 blocked in a system call. The system library is supposed to
3136 ensure this, so that e.g. pthread cancellation works. */
3138 {
3139 ULONGEST insn;
3147 }
3148 else
3149 {
3150 ULONGEST insn;
3158 }
3159 }
3161 /* Bail out if we don't know that exception information is valid. */
3165 /* The ARM exception index does not mark the *end* of the region
3166 covered by the entry, and some functions will not have any entry.
3167 To correctly recognize the end of the covered region, the linker
3168 should have inserted dummy records with a CANTUNWIND marker.
3170 Unfortunately, current versions of GNU ld do not reliably do
3171 this, and thus we may have found an incorrect entry above.
3172 As a (temporary) sanity check, we only use the entry if it
3173 lies *within* the bounds of the function. Note that this check
3174 might reject perfectly valid entries that just happen to cover
3175 multiple functions; therefore this check ought to be removed
3176 once the linker is fixed. */
3179 }
3181 /* Decode the list of unwinding instructions into a prologue cache.
3182 Note that this may fail due to e.g. a "refuse to unwind" code. */
3189 }
3193 NORMAL_FRAME,
3194 default_frame_unwind_stop_reason,
3195 arm_prologue_this_id,
3196 arm_prologue_prev_register,
3197 NULL,
3198 arm_exidx_unwind_sniffer
3199 };
3203 {
3210 /* Still rely on the offset calculated from prologue. */
3213 /* Since we are in epilogue, the SP has been restored. */
3214 arm_gdbarch_tdep *tdep
3218 ARM_SP_REGNUM));
3220 /* Calculate actual addresses of saved registers using offsets
3221 determined by arm_scan_prologue. */
3228 }
3230 /* Implementation of function hook 'this_id' in
3231 'struct frame_uwnind' for epilogue unwinder. */
3233 static void
3237 {
3245 /* Use function start address as part of the frame ID. If we cannot
3246 identify the start address (due to missing symbol information),
3247 fall back to just using the current PC. */
3253 arm_gdbarch_tdep *tdep
3256 }
3258 /* Implementation of function hook 'prev_register' in
3259 'struct frame_uwnind' for epilogue unwinder. */
3264 {
3269 }
3272 CORE_ADDR pc);
3274 CORE_ADDR pc);
3276 /* Implementation of function hook 'sniffer' in
3277 'struct frame_uwnind' for epilogue unwinder. */
3279 static int
3281 frame_info_ptr this_frame,
3283 {
3285 {
3291 else
3293 }
3294 else
3296 }
3298 /* Frame unwinder from epilogue. */
3301 {
3303 NORMAL_FRAME,
3304 default_frame_unwind_stop_reason,
3305 arm_epilogue_frame_this_id,
3306 arm_epilogue_frame_prev_register,
3307 NULL,
3308 arm_epilogue_frame_sniffer,
3309 };
3311 /* Recognize GCC's trampoline for thumb call-indirect. If we are in a
3312 trampoline, return the target PC. Otherwise return 0.
3314 void call0a (char c, short s, int i, long l) {}
3316 int main (void)
3317 {
3318 (*pointer_to_call0a) (c, s, i, l);
3319 }
3321 Instead of calling a stub library function _call_via_xx (xx is
3322 the register name), GCC may inline the trampoline in the object
3323 file as below (register r2 has the address of call0a).
3325 .global main
3326 .type main, %function
3327 ...
3328 bl .L1
3329 ...
3330 .size main, .-main
3332 .L1:
3333 bx r2
3335 The trampoline 'bx r2' doesn't belong to main. */
3337 static CORE_ADDR
3339 {
3340 /* The heuristics of recognizing such trampoline is that FRAME is
3341 executing in Thumb mode and the instruction on PC is 'bx Rm'. */
3343 {
3347 {
3349 enum bfd_endian byte_order_for_code
3351 uint16_t insn
3355 {
3356 CORE_ADDR dest
3359 /* Clear the LSB so that gdb core sets step-resume
3360 breakpoint at the right address. */
3362 }
3363 }
3364 }
3367 }
3371 {
3377 arm_gdbarch_tdep *tdep
3381 ARM_SP_REGNUM));
3384 }
3386 /* Our frame ID for a stub frame is the current SP and LR. */
3388 static void
3392 {
3399 arm_gdbarch_tdep *tdep
3403 }
3405 static int
3407 frame_info_ptr this_frame,
3409 {
3410 CORE_ADDR addr_in_block;
3418 /* We also use the stub winder if the target memory is unreadable
3419 to avoid having the prologue unwinder trying to read it. */
3428 }
3432 NORMAL_FRAME,
3433 default_frame_unwind_stop_reason,
3434 arm_stub_this_id,
3435 arm_prologue_prev_register,
3436 NULL,
3437 arm_stub_unwind_sniffer
3438 };
3440 /* Put here the code to store, into CACHE->saved_regs, the addresses
3441 of the saved registers of frame described by THIS_FRAME. CACHE is
3442 returned. */
3446 {
3454 /* ARMv7-M Architecture Reference "B1.5.6 Exception entry behavior"
3455 describes which bits in LR that define which stack was used prior
3456 to the exception and if FPU is used (causing extended stack frame). */
3458 /* In the lockup state PC contains a lockup magic value.
3459 The PC value of the the next outer frame is irreversibly
3460 lost. The other registers are intact so LR likely contains
3461 PC of some frame next to the outer one, but we cannot analyze
3462 the next outer frame without knowing its PC
3463 therefore we do not know SP fixup for this frame.
3464 Some heuristics to resynchronize SP might be possible.
3465 For simplicity, just terminate the unwinding to prevent it going
3466 astray and attempting to read data/addresses it shouldn't,
3467 which may cause further issues due to side-effects. */
3470 {
3471 /* The lockup can be real just in the innermost frame
3472 as the CPU is stopped and cannot create more frames.
3473 If we hit lockup magic PC in the other frame, it is
3474 just a sentinel at the top of stack: do not warn then. */
3478 /* Terminate any further stack unwinding. */
3481 }
3485 /* ARMv7-M Architecture Reference "A2.3.1 Arm core registers"
3486 states that LR is set to 0xffffffff on reset. ARMv8-M Architecture
3487 Reference "B3.3 Registers" states that LR is set to 0xffffffff on warm
3488 reset if Main Extension is implemented, otherwise the value is unknown. */
3490 {
3491 /* Terminate any further stack unwinding. */
3494 }
3496 /* Check FNC_RETURN indicator bits (24-31). */
3499 {
3500 /* FNC_RETURN is only valid for targets with Security Extension. */
3502 {
3504 "Register value %s that requires the security extension, "
3505 "but the extension was not found or is disabled. This "
3506 "should not happen and may be caused by corrupt data or a "
3508 }
3511 {
3514 /* Terminate any further stack unwinding. */
3517 }
3521 /* Handler mode: This is the mode that exceptions are handled in. */
3523 else
3524 /* Thread mode: This is the normal mode that programs run in. */
3529 /* Stack layout for a function call from Secure to Non-Secure state
3530 (ARMv8-M section B3.16):
3532 SP Offset
3534 +-------------------+
3535 0x08 | |
3536 +-------------------+ <-- Original SP
3537 0x04 | Partial xPSR |
3538 +-------------------+
3539 0x00 | Return Address |
3540 +===================+ <-- New SP */
3549 }
3551 /* Check EXC_RETURN indicator bits (24-31). */
3554 {
3561 /* Check EXC_RETURN bit SPSEL if Main or Thread (process) stack used. */
3565 {
3570 /* Unwinding from non-secure to secure can trip security
3571 measures. In order to avoid the debugger being
3572 intrusive, rely on the user to configure the requested
3573 mode. */
3576 {
3579 /* Terminate any further stack unwinding. */
3582 }
3585 {
3587 /* Secure thread (process) stack used, use PSP_S as SP. */
3589 else
3590 /* Non-secure thread (process) stack used, use PSP_NS as SP. */
3592 }
3593 else
3594 {
3596 /* Secure main stack used, use MSP_S as SP. */
3598 else
3599 /* Non-secure main stack used, use MSP_NS as SP. */
3601 }
3602 }
3603 else
3604 {
3606 /* Thread (process) stack used, use PSP as SP. */
3608 else
3609 /* Main stack used, use MSP as SP. */
3611 }
3613 /* Set the active SP regnum. */
3616 /* Fetch the SP to use for this frame. */
3619 /* Exception entry context stacking are described in ARMv8-M (section
3620 B3.19) and ARMv7-M (sections B1.5.6 and B1.5.7) Architecture Reference
3621 Manuals.
3623 The following figure shows the structure of the stack frame when
3624 Security and Floating-point extensions are present.
3626 SP Offsets
3627 Without With
3628 Callee Regs Callee Regs
3629 (Secure -> Non-Secure)
3630 +-------------------+
3631 0xA8 | | 0xD0
3632 +===================+ --+ <-- Original SP
3633 0xA4 | S31 | 0xCC |
3634 +-------------------+ |
3635 ... | Additional FP context
3636 +-------------------+ |
3637 0x68 | S16 | 0x90 |
3638 +===================+ --+
3639 0x64 | Reserved | 0x8C |
3640 +-------------------+ |
3641 0x60 | FPSCR | 0x88 |
3642 +-------------------+ |
3643 0x5C | S15 | 0x84 | FP context
3644 +-------------------+ |
3645 ... |
3646 +-------------------+ |
3647 0x20 | S0 | 0x48 |
3648 +===================+ --+
3649 0x1C | xPSR | 0x44 |
3650 +-------------------+ |
3651 0x18 | Return address | 0x40 |
3652 +-------------------+ |
3653 0x14 | LR(R14) | 0x3C |
3654 +-------------------+ |
3655 0x10 | R12 | 0x38 | State context
3656 +-------------------+ |
3657 0x0C | R3 | 0x34 |
3658 +-------------------+ |
3659 ... |
3660 +-------------------+ |
3661 0x00 | R0 | 0x28 |
3662 +===================+ --+
3663 | R11 | 0x24 |
3664 +-------------------+ |
3665 ... |
3666 +-------------------+ | Additional state
3667 | R4 | 0x08 | context when
3668 +-------------------+ | transitioning from
3669 | Reserved | 0x04 | Secure to Non-Secure
3670 +-------------------+ |
3671 | Magic signature | 0x00 |
3672 +===================+ --+ <-- New SP */
3676 /* With the Security extension, the hardware saves R4..R11 too. */
3679 {
3680 /* Read R4..R11 from the integer callee registers. */
3690 }
3692 /* The hardware saves eight 32-bit words, comprising xPSR,
3693 ReturnAddress, LR (R14), R12, R3, R2, R1, R0. See details in
3694 "B1.5.6 Exception entry behavior" in
3695 "ARMv7-M Architecture Reference Manual". */
3709 /* Check EXC_RETURN bit FTYPE if extended stack frame (FPU regs stored)
3710 type used. */
3713 {
3714 ULONGEST fpccr;
3715 ULONGEST fpcar;
3717 /* Read FPCCR register. */
3720 {
3725 }
3727 /* Read FPCAR register. */
3730 {
3734 }
3741 /* The LSPEN and ASPEN bits indicate if the lazy state preservation
3742 for FP registers is enabled or disabled. The LSPACT bit indicate,
3743 together with FPCAR, if the lazy state preservation feature is
3744 active for the current frame or for another frame.
3745 See "Lazy context save of FP state", in B1.5.7, also ARM AN298,
3746 supported by Cortex-M4F architecture for details. */
3750 && fpccr_lspact
3753 /* Extended stack frame type used. */
3755 {
3758 {
3761 }
3762 }
3768 {
3769 /* Handle floating-point callee saved registers. */
3771 {
3774 {
3777 }
3778 }
3782 }
3783 else
3784 {
3785 /* Offset 0x64 is reserved. */
3788 }
3789 }
3790 else
3791 {
3792 /* Standard stack frame type used. */
3795 }
3797 /* If bit 9 of the saved xPSR is set, then there is a four-byte
3798 aligner between the top of the 32-byte stack frame and the
3799 previous context's stack pointer. */
3800 ULONGEST xpsr;
3804 {
3809 }
3812 {
3815 }
3818 }
3821 "found unexpected Link Register value "
3822 "%s. This should not happen and may "
3823 "be caused by corrupt data or a bug in"
3826 }
3828 /* Implementation of the stop_reason hook for arm_m_exception frames. */
3830 static enum unwind_stop_reason
3833 {
3835 arm_gdbarch_tdep *tdep
3842 /* If we've hit a wall, stop. */
3847 }
3849 /* Implementation of function hook 'this_id' in
3850 'struct frame_uwnind'. */
3852 static void
3856 {
3863 /* Our frame ID for a stub frame is the current SP and LR. */
3864 arm_gdbarch_tdep *tdep
3868 }
3870 /* Implementation of function hook 'prev_register' in
3871 'struct frame_uwnind'. */
3877 {
3879 CORE_ADDR sp_value;
3885 /* The value was already reconstructed into PREV_SP. */
3886 arm_gdbarch_tdep *tdep
3892 /* If we are asked to unwind the PC, strip the saved T bit. */
3894 {
3897 prev_regnum);
3901 }
3903 /* The value might be one of the alternative SP, if so, use the
3904 value already constructed. */
3906 {
3909 }
3911 /* If we are asked to unwind the xPSR, set T bit if PC is in thumb mode.
3912 LR register is unreliable as it contains FNC_RETURN or EXC_RETURN
3913 pattern. */
3915 {
3919 ARM_PC_REGNUM);
3922 ARM_PS_REGNUM);
3925 /* Reconstruct the T bit; see arm_prologue_prev_register for details. */
3928 }
3931 prev_regnum);
3932 }
3934 /* Implementation of function hook 'sniffer' in
3935 'struct frame_uwnind'. */
3937 static int
3939 frame_info_ptr this_frame,
3941 {
3945 /* No need to check is_m; this sniffer is only registered for
3946 M-profile architectures. */
3948 /* Check if exception frame returns to a magic PC value. */
3950 }
3952 /* Frame unwinder for M-profile exceptions (EXC_RETURN on stack),
3953 lockup and secure/nonsecure interstate function calls (FNC_RETURN). */
3956 {
3958 SIGTRAMP_FRAME,
3959 arm_m_exception_frame_unwind_stop_reason,
3960 arm_m_exception_this_id,
3961 arm_m_exception_prev_register,
3962 NULL,
3963 arm_m_exception_unwind_sniffer
3964 };
3966 static CORE_ADDR
3968 {
3975 arm_gdbarch_tdep *tdep
3978 }
3982 arm_normal_frame_base,
3983 arm_normal_frame_base,
3984 arm_normal_frame_base
3985 };
3987 struct arm_dwarf2_prev_register_cache
3988 {
3989 /* Cached value of the corresponding stack pointer for the inner frame. */
3990 CORE_ADDR sp;
3991 CORE_ADDR msp;
3992 CORE_ADDR msp_s;
3993 CORE_ADDR msp_ns;
3994 CORE_ADDR psp;
3995 CORE_ADDR psp_s;
3996 CORE_ADDR psp_ns;
3997 };
4002 {
4005 CORE_ADDR lr;
4006 ULONGEST cpsr;
4007 arm_dwarf2_prev_register_cache *cache
4010 arm_dwarf2_prev_register));
4013 {
4020 {
4021 cache->sp
4024 cache->msp_s
4027 cache->msp_ns
4030 cache->psp_s
4033 cache->psp_ns
4036 }
4038 {
4039 cache->sp
4042 cache->msp
4045 cache->psp
4048 }
4049 }
4052 {
4053 /* The PC is normally copied from the return column, which
4054 describes saves of LR. However, that version may have an
4055 extra bit set to indicate Thumb state. The bit is not
4056 part of the PC. */
4058 /* Record in the frame whether the return address was signed. */
4060 {
4061 CORE_ADDR ra_auth_code
4067 }
4072 }
4074 {
4075 /* Reconstruct the T bit; see arm_prologue_prev_register for details. */
4080 }
4082 {
4083 /* Handle the alternative SP registers on Cortex-M. */
4085 CORE_ADDR val;
4088 {
4105 }
4107 {
4114 }
4117 {
4118 /* Use value of SP from previous frame. */
4122 else
4124 }
4125 else
4126 /* Use value for the register from previous frame. */
4130 }
4133 }
4135 /* Implement the stack_frame_destroyed_p gdbarch method. */
4137 static int
4139 {
4144 CORE_ADDR scan_pc;
4150 /* The epilogue is a sequence of instructions along the following lines:
4152 - add stack frame size to SP or FP
4153 - [if frame pointer used] restore SP from FP
4154 - restore registers from SP [may include PC]
4155 - a return-type instruction [if PC wasn't already restored]
4157 In a first pass, we scan forward from the current PC and verify the
4158 instructions we find as compatible with this sequence, ending in a
4159 return instruction.
4161 However, this is not sufficient to distinguish indirect function calls
4162 within a function from indirect tail calls in the epilogue in some cases.
4163 Therefore, if we didn't already find any SP-changing instruction during
4164 forward scan, we add a backward scanning heuristic to ensure we actually
4165 are in the epilogue. */
4169 {
4181 {
4184 }
4186 {
4194 {
4197 }
4200 {
4203 }
4206 ;
4207 else
4209 }
4210 else
4212 }
4217 /* Since any instruction in the epilogue sequence, with the possible
4218 exception of return itself, updates the stack pointer, we need to
4219 scan backwards for at most one instruction. Try either a 16-bit or
4220 a 32-bit instruction. This is just a heuristic, so we do not worry
4221 too much about false positives. */
4243 }
4245 static int
4247 {
4256 /* We are in the epilogue if the previous instruction was a stack
4257 adjustment and the next instruction is a possible return (bx, mov
4258 pc, or pop). We could have to scan backwards to find the stack
4259 adjustment, or forwards to find the return, but this is a decent
4260 approximation. First scan forwards. */
4265 {
4267 /* BX. */
4270 /* MOV PC. */
4274 /* POP (LDMIA), including PC or LR. */
4276 }
4281 /* Scan backwards. This is just a heuristic, so do not worry about
4282 false positives from mode changes. */
4292 }
4294 /* Implement the stack_frame_destroyed_p gdbarch method. */
4296 static int
4298 {
4301 else
4303 }
4305 /* When arguments must be pushed onto the stack, they go on in reverse
4306 order. The code below implements a FILO (stack) to do this. */
4308 struct arm_stack_item
4309 {
4313 };
4318 {
4326 }
4330 {
4336 }
4338 /* Implement the gdbarch type alignment method, overrides the generic
4339 alignment algorithm for anything that is arm specific. */
4341 static ULONGEST
4343 {
4346 {
4347 /* Use the natural alignment for vector types (the same for
4348 scalar type), but the maximum alignment is 64-bit. */
4351 else
4353 }
4355 /* Allow the common code to calculate the alignment. */
4357 }
4359 /* Possible base types for a candidate for passing and returning in
4360 VFP registers. */
4362 enum arm_vfp_cprc_base_type
4363 {
4364 VFP_CPRC_UNKNOWN,
4365 VFP_CPRC_SINGLE,
4366 VFP_CPRC_DOUBLE,
4367 VFP_CPRC_VEC64,
4368 VFP_CPRC_VEC128
4369 };
4371 /* The length of one element of base type B. */
4373 static unsigned
4375 {
4377 {
4389 }
4390 }
4392 /* The character ('s', 'd' or 'q') for the type of VFP register used
4393 for passing base type B. */
4395 static int
4397 {
4399 {
4411 }
4412 }
4414 /* Determine whether T may be part of a candidate for passing and
4415 returning in VFP registers, ignoring the limit on the total number
4416 of components. If *BASE_TYPE is VFP_CPRC_UNKNOWN, set it to the
4417 classification of the first valid component found; if it is not
4418 VFP_CPRC_UNKNOWN, all components must have the same classification
4419 as *BASE_TYPE. If it is found that T contains a type not permitted
4420 for passing and returning in VFP registers, a type differently
4421 classified from *BASE_TYPE, or two types differently classified
4422 from each other, return -1, otherwise return the total number of
4423 base-type elements found (possibly 0 in an empty structure or
4424 array). Vector types are not currently supported, matching the
4425 generic AAPCS support. */
4427 static int
4430 {
4433 {
4436 {
4453 }
4457 /* Arguments of complex T where T is one of the types float or
4458 double get treated as if they are implemented as:
4460 struct complexT
4461 {
4462 T real;
4463 T imag;
4464 };
4466 */
4468 {
4485 }
4489 {
4491 {
4492 /* A 64-bit or 128-bit containerized vector type are VFP
4493 CPRCs. */
4495 {
4506 }
4507 }
4508 else
4509 {
4514 base_type);
4518 {
4521 }
4527 }
4528 }
4532 {
4537 {
4542 base_type);
4546 }
4548 {
4551 }
4558 }
4561 {
4566 {
4568 base_type);
4572 }
4574 {
4577 }
4584 }
4588 }
4591 }
4593 /* Determine whether T is a VFP co-processor register candidate (CPRC)
4594 if passed to or returned from a non-variadic function with the VFP
4595 ABI in effect. Return 1 if it is, 0 otherwise. If it is, set
4596 *BASE_TYPE to the base type for T and *COUNT to the number of
4597 elements of that base type before returning. */
4599 static int
4602 {
4610 }
4612 /* Return 1 if the VFP ABI should be used for passing arguments to and
4613 returning values from a function of type FUNC_TYPE, 0
4614 otherwise. */
4616 static int
4618 {
4621 /* Variadic functions always use the base ABI. Assume that functions
4622 without debug info are not variadic. */
4626 /* The VFP ABI is only supported as a variant of AAPCS. */
4631 }
4633 /* We currently only support passing parameters in integer registers, which
4634 conforms with GCC's default model, and VFP argument passing following
4635 the VFP variant of AAPCS. Several other variants exist and
4636 we should probably support some of them based on the selected ABI. */
4638 static CORE_ADDR
4642 function_call_return_method return_method,
4643 CORE_ADDR struct_addr)
4644 {
4655 /* Determine the type of this function and whether the VFP ABI
4656 applies. */
4662 /* Set the return address. For the ARM, the return breakpoint is
4663 always at BP_ADDR. */
4668 /* Walk through the list of args and determine how large a temporary
4669 stack is required. Need to take care here as structs may be
4670 passed on the stack, and we have to push them. */
4676 /* The struct_return pointer occupies the first parameter
4677 passing register. */
4679 {
4685 argreg++;
4686 }
4689 {
4707 /* Round alignment up to a whole number of words. */
4710 /* Different ABIs have different maximum alignments. */
4712 {
4713 /* The APCS ABI only requires word alignment. */
4715 }
4716 else
4717 {
4718 /* The AAPCS requires at most doubleword alignment. */
4721 }
4726 {
4732 /* Because this is a CPRC it cannot go in a core register or
4733 cause a core register to be skipped for alignment.
4734 Either it goes in VFP registers and the rest of this loop
4735 iteration is skipped for this argument, or it goes on the
4736 stack (and the stack alignment code is correct for this
4737 case). */
4748 {
4757 {
4763 else
4764 {
4770 }
4771 }
4773 }
4774 else
4775 {
4776 /* This CPRC could not go in VFP registers, so all VFP
4777 registers are now marked as used. */
4779 }
4780 }
4782 /* Push stack padding for doubleword alignment. */
4784 {
4787 }
4789 /* Doubleword aligned quantities must go in even register pairs. */
4794 argreg++;
4796 /* If the argument is a pointer to a function, and it is a
4797 Thumb function, create a LOCAL copy of the value and set
4798 the THUMB bit in it. */
4802 {
4805 {
4810 }
4811 }
4813 /* Copy the argument to general registers or the stack in
4814 register-sized pieces. Large arguments are split between
4815 registers and stack. */
4817 {
4820 CORE_ADDR regval
4824 {
4825 /* The argument is being passed in a general purpose
4826 register. */
4832 argreg++;
4833 }
4834 else
4835 {
4841 /* Push the arguments onto the stack. */
4845 }
4849 }
4850 }
4851 /* If we have an odd number of words to push, then decrement the stack
4852 by one word now, so first stack argument will be dword aligned. */
4857 {
4861 }
4863 /* Finally, update teh SP register. */
4867 }
4870 /* Always align the frame to an 8-byte boundary. This is required on
4871 some platforms and harmless on the rest. */
4873 static CORE_ADDR
4875 {
4876 /* Align the stack to eight bytes. */
4878 }
4880 static void
4882 {
4894 }
4896 /* Print interesting information about the floating point processor
4897 (if present) or emulator. */
4898 static void
4901 {
4908 else
4910 /* i18n: [floating point unit] mask */
4913 /* i18n: [floating point unit] flags */
4916 }
4918 /* Construct the ARM extended floating point type. */
4921 {
4925 {
4927 tdep->arm_ext_type
4929 floatformats_arm_ext);
4930 }
4933 }
4937 {
4941 {
4945 TYPE_CODE_UNION);
4962 }
4965 }
4967 /* FIXME: The vector types are not correctly ordered on big-endian
4968 targets. Just as s0 is the low bits of d0, d0[0] is also the low
4969 bits of d0 - regardless of what unit size is being held in d0. So
4970 the offset of the first uint8 in d0 is 7, but the offset of the
4971 first float is 4. This code works as-is for little-endian
4972 targets. */
4976 {
4980 {
4984 TYPE_CODE_UNION);
5001 }
5004 }
5006 /* Return true if REGNUM is a Q pseudo register. Return false
5007 otherwise.
5009 REGNUM is the raw register number and not a pseudo-relative register
5010 number. */
5012 static bool
5014 {
5017 /* Q pseudo registers are available for both NEON (Q0~Q15) and
5018 MVE (Q0~Q7) features. */
5025 }
5027 /* Return true if REGNUM is a VFP S pseudo register. Return false
5028 otherwise.
5030 REGNUM is the raw register number and not a pseudo-relative register
5031 number. */
5033 static bool
5035 {
5044 }
5046 /* Return true if REGNUM is a MVE pseudo register (P0). Return false
5047 otherwise.
5049 REGNUM is the raw register number and not a pseudo-relative register
5050 number. */
5052 static bool
5054 {
5063 }
5065 /* Return true if REGNUM is a PACBTI pseudo register (ra_auth_code). Return
5066 false otherwise.
5068 REGNUM is the raw register number and not a pseudo-relative register
5069 number. */
5071 static bool
5073 {
5082 }
5084 /* Return the GDB type object for the "standard" data type of data in
5085 register N. */
5089 {
5104 /* If the target description has register information, we are only
5105 in this function so that we can override the types of
5106 double-precision registers for NEON. */
5108 {
5115 else
5117 }
5120 {
5125 }
5131 /* These registers are only supported on targets which supply
5132 an XML description. */
5134 else
5136 }
5138 /* Map a DWARF register REGNUM onto the appropriate GDB register
5139 number. */
5141 static int
5143 {
5144 /* Core integer regs. */
5148 /* Legacy FPA encoding. These were once used in a way which
5149 overlapped with VFP register numbering, so their use is
5150 discouraged, but GDB doesn't support the ARM toolchain
5151 which used them for VFP. */
5155 /* New assignments for the FPA registers. */
5159 /* WMMX register assignments. */
5166 /* PACBTI register containing the Pointer Authentication Code. */
5168 {
5175 }
5180 /* VFP v2 registers. A double precision value is actually
5181 in d1 rather than s2, but the ABI only defines numbering
5182 for the single precision registers. This will "just work"
5183 in GDB for little endian targets (we'll read eight bytes,
5184 starting in s0 and then progressing to s1), but will be
5185 reversed on big endian targets with VFP. This won't
5186 be a problem for the new Neon quad registers; you're supposed
5187 to use DW_OP_piece for those. */
5189 {
5195 }
5197 /* VFP v3 / Neon registers. This range is also used for VFP v2
5198 registers, except that it now describes d0 instead of s0. */
5200 {
5206 }
5209 }
5211 /* Map GDB internal REGNUM onto the Arm simulator register numbers. */
5212 static int
5214 {
5240 }
5244 static void
5247 frame_info_ptr this_frame)
5248 {
5252 {
5253 /* Initialize RA_AUTH_CODE to zero. */
5258 }
5261 {
5264 }
5268 {
5269 /* Handle the alternative SP registers on Cortex-M. */
5272 }
5273 }
5275 /* Given BUF, which is OLD_LEN bytes ending at ENDADDR, expand
5276 the buffer to be NEW_LEN bytes ending at ENDADDR. Return
5277 NULL if an error occurs. BUF is freed. */
5282 {
5290 {
5293 }
5295 }
5297 /* An IT block is at most the 2-byte IT instruction followed by
5298 four 4-byte instructions. The furthest back we must search to
5299 find an IT block that affects the current instruction is thus
5300 2 + 3 * 4 == 14 bytes. */
5301 #define MAX_IT_BLOCK_PREFIX 14
5303 /* Use a quick scan if there are more than this many bytes of
5304 code. */
5305 #define IT_SCAN_THRESHOLD 32
5307 /* Adjust a breakpoint's address to move breakpoints out of IT blocks.
5308 A breakpoint in an IT block may not be hit, depending on the
5309 condition flags. */
5310 static CORE_ADDR
5312 {
5321 /* If we are using BKPT breakpoints, none of this is necessary. */
5325 /* ARM mode does not have this problem. */
5329 /* We are setting a breakpoint in Thumb code that could potentially
5330 contain an IT block. The first step is to find how much Thumb
5331 code there is; we do not need to read outside of known Thumb
5332 sequences. */
5335 /* Thumb-2 code must have mapping symbols to have a chance. */
5341 {
5345 }
5347 /* Search for a candidate IT instruction. We have to do some fancy
5348 footwork to distinguish a real IT instruction from the second
5349 half of a 32-bit instruction, but there is no need for that if
5350 there's no candidate. */
5353 /* No room for an IT instruction. */
5361 {
5364 {
5367 }
5368 }
5371 {
5374 }
5376 /* OK, the code bytes before this instruction contain at least one
5377 halfword which resembles an IT instruction. We know that it's
5378 Thumb code, but there are still two possibilities. Either the
5379 halfword really is an IT instruction, or it is the second half of
5380 a 32-bit Thumb instruction. The only way we can tell is to
5381 scan forwards from a known instruction boundary. */
5383 {
5386 /* There's a lot of code before this instruction. Start with an
5387 optimistic search; it's easy to recognize halfwords that can
5388 not be the start of a 32-bit instruction, and use that to
5389 lock on to the instruction boundaries. */
5397 {
5400 {
5403 }
5404 }
5406 /* At this point, if DEFINITE, BUF[I] is the first place we
5407 are sure that we know the instruction boundaries, and it is far
5408 enough from BPADDR that we could not miss an IT instruction
5409 affecting BPADDR. If ! DEFINITE, give up - start from a
5410 known boundary. */
5412 {
5419 }
5420 }
5421 else
5422 {
5428 }
5430 /* Scan forwards. Find the last IT instruction before BPADDR. */
5434 {
5436 last_it_count--;
5438 {
5446 else
5448 }
5450 }
5455 /* There wasn't really an IT instruction after all. */
5459 /* It was too far away. */
5462 /* This really is a trouble spot. Move the breakpoint to the IT
5463 instruction. */
5465 }
5467 /* ARM displaced stepping support.
5469 Generally ARM displaced stepping works as follows:
5471 1. When an instruction is to be single-stepped, it is first decoded by
5472 arm_process_displaced_insn. Depending on the type of instruction, it is
5473 then copied to a scratch location, possibly in a modified form. The
5474 copy_* set of functions performs such modification, as necessary. A
5475 breakpoint is placed after the modified instruction in the scratch space
5476 to return control to GDB. Note in particular that instructions which
5477 modify the PC will no longer do so after modification.
5479 2. The instruction is single-stepped, by setting the PC to the scratch
5480 location address, and resuming. Control returns to GDB when the
5481 breakpoint is hit.
5483 3. A cleanup function (cleanup_*) is called corresponding to the copy_*
5484 function used for the current instruction. This function's job is to
5485 put the CPU/memory state back to what it would have been if the
5486 instruction had been executed unmodified in its original location. */
5488 /* NOP instruction (mov r0, r0). */
5489 #define ARM_NOP 0xe1a00000
5490 #define THUMB_NOP 0x4600
5492 /* Helper for register reads for displaced stepping. In particular, this
5493 returns the PC as it would be seen by the instruction at its original
5494 location. */
5496 ULONGEST
5499 {
5500 ULONGEST ret;
5504 {
5505 /* Compute pipeline offset:
5506 - When executing an ARM instruction, PC reads as the address of the
5507 current instruction plus 8.
5508 - When executing a Thumb instruction, PC reads as the address of the
5509 current instruction plus 4. */
5513 else
5519 }
5520 else
5521 {
5528 }
5529 }
5531 static int
5533 {
5534 ULONGEST ps;
5540 }
5542 /* Write to the PC as from a branch instruction. */
5544 static void
5546 ULONGEST val)
5547 {
5549 /* Note: If bits 0/1 are set, this branch would be unpredictable for
5550 architecture versions < 6. */
5553 else
5556 }
5558 /* Write to the PC as from a branch-exchange instruction. */
5560 static void
5562 {
5563 ULONGEST ps;
5569 {
5572 }
5574 {
5577 }
5578 else
5579 {
5580 /* Unpredictable behaviour. Try to do something sensible (switch to ARM
5581 mode, align dest to 4 bytes). */
5585 }
5586 }
5588 /* Write to the PC as if from a load instruction. */
5590 static void
5592 ULONGEST val)
5593 {
5596 else
5598 }
5600 /* Write to the PC as if from an ALU instruction. */
5602 static void
5604 ULONGEST val)
5605 {
5608 else
5610 }
5612 /* Helper for writing to registers for displaced stepping. Writing to the PC
5613 has a varying effects depending on the instruction which does the write:
5614 this is controlled by the WRITE_PC argument. */
5616 void
5619 {
5621 {
5625 {
5649 }
5652 }
5653 else
5654 {
5658 }
5659 }
5661 /* This function is used to concisely determine if an instruction INSN
5662 references PC. Register fields of interest in INSN should have the
5663 corresponding fields of BITMASK set to 0b1111. The function
5664 returns return 1 if any of these fields in INSN reference the PC
5665 (also 0b1111, r15), else it returns 0. */
5667 static int
5669 {
5673 {
5677 ;
5688 }
5691 }
5693 /* The simplest copy function. Many instructions have the same effect no
5694 matter what address they are executed at: in those cases, use this. */
5696 static int
5699 {
5706 }
5708 static int
5712 {
5721 }
5723 /* Copy 16-bit Thumb(Thumb and 16-bit Thumb-2) instruction without any
5724 modification. */
5725 static int
5729 {
5736 }
5738 /* Preload instructions with immediate offset. */
5740 static void
5743 {
5747 }
5749 static void
5752 {
5753 ULONGEST rn_val;
5754 /* Preload instructions:
5756 {pli/pld} [rn, #+/-imm]
5757 ->
5758 {pli/pld} [r0, #+/-imm]. */
5766 }
5768 static int
5771 {
5784 }
5786 static int
5789 {
5793 ULONGEST pc_val;
5798 /* PC is only allowed to use in PLI (immediate,literal) Encoding T3, and
5799 PLD (literal) Encoding T1. */
5802 imm12);
5807 /* Rewrite instruction {pli/pld} PC imm12 into:
5808 Prepare: tmp[0] <- r0, tmp[1] <- r1, r0 <- pc, r1 <- imm12
5810 {pli/pld} [r0, r1]
5812 Cleanup: r0 <- tmp[0], r1 <- tmp[1]. */
5823 /* {pli/pld} [r0, r1] */
5830 }
5832 /* Preload instructions with register offset. */
5834 static void
5838 {
5841 /* Preload register-offset instructions:
5843 {pli/pld} [rn, rm {, shift}]
5844 ->
5845 {pli/pld} [r0, r1 {, shift}]. */
5856 }
5858 static int
5862 {
5877 }
5879 /* Copy/cleanup coprocessor load and store instructions. */
5881 static void
5885 {
5892 }
5894 static void
5898 {
5899 ULONGEST rn_val;
5901 /* Coprocessor load/store instructions:
5903 {stc/stc2} [<Rn>, #+/-imm] (and other immediate addressing modes)
5904 ->
5905 {stc/stc2} [r0, #+/-imm].
5907 ldc/ldc2 are handled identically. */
5911 /* PC should be 4-byte aligned. */
5919 }
5921 static int
5925 {
5939 }
5941 static int
5945 {
5959 /* This function is called for copying instruction LDC/LDC2/VLDR, which
5960 doesn't support writeback, so pass 0. */
5964 }
5966 /* Clean up branch instructions (actually perform the branch, by setting
5967 PC). */
5969 static void
5972 {
5982 {
5983 /* The value of LR should be the next insn of current one. In order
5984 not to confuse logic handling later insn `bx lr', if current insn mode
5985 is Thumb, the bit 0 of LR value should be set to 1. */
5992 CANNOT_WRITE_PC);
5993 }
5996 }
5998 /* Copy B/BL/BLX instructions with immediate destinations. */
6000 static void
6004 {
6005 /* Implement "BL<cond> <label>" as:
6007 Preparation: cond <- instruction condition
6008 Insn: mov r0, r0 (nop)
6009 Cleanup: if (condition true) { r14 <- pc; pc <- label }.
6011 B<cond> similar, but don't set r14 in cleanup. */
6019 /* For BLX, offset is computed from the Align (PC, 4). */
6024 else
6028 }
6029 static int
6032 {
6042 /* For BLX, set bit 0 of the destination. The cleanup_branch function will
6043 then arrange the switch into Thumb mode. */
6045 else
6055 }
6057 static int
6061 {
6073 {
6076 {
6082 }
6084 {
6090 }
6091 }
6092 else
6093 {
6098 }
6108 }
6110 /* Copy B Thumb instructions. */
6111 static int
6114 {
6121 {
6122 /* offset = SignExtend (imm8:0, 32) */
6125 }
6127 {
6130 }
6145 }
6147 /* Copy BX/BLX with register-specified destinations. */
6149 static void
6153 {
6154 /* Implement {BX,BLX}<cond> <reg>" as:
6156 Preparation: cond <- instruction condition
6157 Insn: mov r0, r0 (nop)
6158 Cleanup: if (condition true) { r14 <- pc; pc <- dest; }.
6160 Don't set r14 in cleanup for BX. */
6170 }
6172 static int
6175 {
6177 /* BX: x12xxx1x
6178 BLX: x12xxx3x. */
6188 }
6190 static int
6194 {
6205 }
6208 /* Copy/cleanup arithmetic/logic instruction with immediate RHS. */
6210 static void
6213 {
6218 }
6220 static int
6223 {
6237 /* Instruction is of form:
6239 <op><cond> rd, [rn,] #imm
6241 Rewrite as:
6243 Preparation: tmp1, tmp2 <- r0, r1;
6244 r0, r1 <- rd, rn
6245 Insn: <op><cond> r0, r1, #imm
6246 Cleanup: rd <- r0; r0 <- tmp1; r1 <- tmp2
6247 */
6259 else
6265 }
6267 static int
6271 {
6280 /* This routine is only called for instruction MOV. */
6288 /* Instruction is of form:
6290 <op><cond> rd, [rn,] #imm
6292 Rewrite as:
6294 Preparation: tmp1, tmp2 <- r0, r1;
6295 r0, r1 <- rd, rn
6296 Insn: <op><cond> r0, r1, #imm
6297 Cleanup: rd <- r0; r0 <- tmp1; r1 <- tmp2
6298 */
6315 }
6317 /* Copy/cleanup arithmetic/logic insns with register RHS. */
6319 static void
6322 {
6323 ULONGEST rd_val;
6332 }
6334 static void
6338 {
6341 /* Instruction is of form:
6343 <op><cond> rd, [rn,] rm [, <shift>]
6345 Rewrite as:
6347 Preparation: tmp1, tmp2, tmp3 <- r0, r1, r2;
6348 r0, r1, r2 <- rd, rn, rm
6349 Insn: <op><cond> r0, [r1,] r2 [, <shift>]
6350 Cleanup: rd <- r0; r0, r1, r2 <- tmp1, tmp2, tmp3
6351 */
6365 }
6367 static int
6370 {
6382 else
6388 }
6390 static int
6394 {
6410 }
6412 /* Cleanup/copy arithmetic/logic insns with shifted register RHS. */
6414 static void
6418 {
6426 }
6428 static void
6433 {
6437 /* Instruction is of form:
6439 <op><cond> rd, [rn,] rm, <shift> rs
6441 Rewrite as:
6443 Preparation: tmp1, tmp2, tmp3, tmp4 <- r0, r1, r2, r3
6444 r0, r1, r2, r3 <- rd, rn, rm, rs
6445 Insn: <op><cond> r0, r1, r2, <shift> r3
6446 Cleanup: tmp5 <- r0
6447 r0, r1, r2, r3 <- tmp1, tmp2, tmp3, tmp4
6448 rd <- tmp5
6449 */
6464 }
6466 static int
6470 {
6489 else
6495 }
6497 /* Clean up load instructions. */
6499 static void
6502 {
6517 /* Handle register writeback. */
6520 /* Put result in right place. */
6524 }
6526 /* Clean up store instructions. */
6528 static void
6531 {
6543 /* Writeback. */
6546 }
6548 /* Copy "extra" load/store instructions. These are halfword/doubleword
6549 transfers, which have a different encoding to byte/word transfers. */
6551 static int
6554 {
6606 /* {ldr,str}<width><cond> rt, [rt2,] [rn, #imm]
6607 ->
6608 {ldr,str}<width><cond> r0, [r1,] [r2, #imm]. */
6610 else
6611 /* {ldr,str}<width><cond> rt, [rt2,] [rn, +/-rm]
6612 ->
6613 {ldr,str}<width><cond> r0, [r1,] [r2, +/-r3]. */
6619 }
6621 /* Copy byte/half word/word loads and stores. */
6623 static void
6628 {
6653 /* To write PC we can do:
6655 Before this sequence of instructions:
6656 r0 is the PC value got from displaced_read_reg, so r0 = from + 8;
6657 r2 is the Rn value got from displaced_read_reg.
6659 Insn1: push {pc} Write address of STR instruction + offset on stack
6660 Insn2: pop {r4} Read it back from stack, r4 = addr(Insn1) + offset
6661 Insn3: sub r4, r4, pc r4 = addr(Insn1) + offset - pc
6662 = addr(Insn1) + offset - addr(Insn3) - 8
6663 = offset - 16
6664 Insn4: add r4, r4, #8 r4 = offset - 8
6665 Insn5: add r0, r0, r4 r0 = from + 8 + offset - 8
6666 = from + offset
6667 Insn6: str r0, [r2, #imm] (or str r0, [r2, r3])
6669 Otherwise we don't know what value to write for PC, since the offset is
6670 architecture-dependent (sometimes PC+8, sometimes PC+12). More details
6671 of this can be found in Section "Saving from r15" in
6672 http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0204g/Cihbjifh.html */
6675 }
6678 static int
6682 {
6686 ULONGEST pc_val;
6690 imm12);
6695 /* Rewrite instruction LDR Rt imm12 into:
6697 Prepare: tmp[0] <- r0, tmp[1] <- r2, tmp[2] <- r3, r2 <- pc, r3 <- imm12
6699 LDR R0, R2, R3,
6701 Cleanup: rt <- r0, r0 <- tmp[0], r2 <- tmp[1], r3 <- tmp[2]. */
6722 /* LDR R0, R2, R3 */
6730 }
6732 static int
6737 {
6741 /* In LDR (register), there is also a register Rm, which is not allowed to
6742 be PC, so we don't have to check it. */
6746 dsc);
6757 /* ldr[b]<cond> rt, [rn, #imm], etc.
6758 ->
6759 ldr[b]<cond> r0, [r2, #imm]. */
6760 {
6763 }
6764 else
6765 /* ldr[b]<cond> rt, [rn, rm], etc.
6766 ->
6767 ldr[b]<cond> r0, [r2, r3]. */
6768 {
6771 }
6776 }
6779 static int
6784 {
6805 {
6809 /* {ldr,str}[b]<cond> rt, [rn, #imm], etc.
6810 ->
6811 {ldr,str}[b]<cond> r0, [r2, #imm]. */
6813 else
6814 /* {ldr,str}[b]<cond> rt, [rn, rm], etc.
6815 ->
6816 {ldr,str}[b]<cond> r0, [r2, r3]. */
6818 }
6819 else
6820 {
6821 /* We need to use r4 as scratch. Make sure it's restored afterwards. */
6829 /* As above. */
6832 else
6836 }
6841 }
6843 /* Cleanup LDM instructions with fully-populated register list. This is an
6844 unfortunate corner case: it's impossible to implement correctly by modifying
6845 the instruction. The issue is as follows: we have an instruction,
6847 ldm rN, {r0-r15}
6849 which we must rewrite to avoid loading PC. A possible solution would be to
6850 do the load in two halves, something like (with suitable cleanup
6851 afterwards):
6853 mov r8, rN
6854 ldm[id][ab] r8!, {r0-r7}
6855 str r7, <temp>
6856 ldm[id][ab] r8, {r7-r14}
6857 <bkpt>
6859 but at present there's no suitable place for <temp>, since the scratch space
6860 is overwritten before the cleanup routine is called. For now, we simply
6861 emulate the instruction. */
6863 static void
6866 {
6882 /* If the instruction is ldm rN, {...pc}^, I don't think there's anything
6883 sensible we can do here. Complain loudly. */
6887 /* We don't handle any stores here for now. */
6896 {
6901 regno++;
6902 else
6904 regno--;
6914 }
6918 CANNOT_WRITE_PC);
6919 }
6921 /* Clean up an STM which included the PC in the register list. */
6923 static void
6926 {
6929 CORE_ADDR pc_stored_at, transferred_regs
6931 CORE_ADDR stm_insn_addr;
6936 /* If condition code fails, there's nothing else to do. */
6941 {
6946 }
6947 else
6948 {
6953 }
6960 offset);
6962 /* Rewrite the stored PC to the proper value for the non-displaced original
6963 instruction. */
6966 }
6968 /* Clean up an LDM which includes the PC in the register list. We clumped all
6969 the registers in the transferred list into a contiguous range r0...rX (to
6970 avoid loading PC directly and losing control of the debugged program), so we
6971 must undo that here. */
6973 static void
6977 {
6984 /* The method employed here will fail if the register list is fully populated
6985 (we need to avoid loading PC directly). */
6994 {
6996 {
7000 {
7005 }
7006 else
7012 num_to_shuffle--;
7013 }
7015 write_reg--;
7016 }
7018 /* Restore any registers we scribbled over. */
7020 {
7022 {
7024 CANNOT_WRITE_PC);
7026 write_reg);
7028 }
7029 }
7031 /* Perform register writeback manually. */
7033 {
7038 else
7042 CANNOT_WRITE_PC);
7043 }
7044 }
7046 /* Handle ldm/stm, apart from some tricky cases which are unlikely to occur
7047 in user-level code (in particular exception return, ldm rn, {...pc}^). */
7049 static int
7053 {
7061 /* Block transfers which don't mention PC can be run directly
7062 out-of-line. */
7067 {
7071 }
7089 {
7091 {
7092 /* LDM with a fully-populated register list. This case is
7093 particularly tricky. Implement for now by fully emulating the
7094 instruction (which might not behave perfectly in all cases, but
7095 these instructions should be rare enough for that not to matter
7096 too much). */
7100 }
7101 else
7102 {
7103 /* LDM of a list of registers which includes PC. Implement by
7104 rewriting the list of registers to be transferred into a
7105 contiguous chunk r0...rX before doing the transfer, then shuffling
7106 registers into the correct places in the cleanup routine. */
7114 /* Writeback makes things complicated. We need to avoid clobbering
7115 the base register with one of the registers in our modified
7116 register list, but just using a different register can't work in
7117 all cases, e.g.:
7119 ldm r14!, {r0-r13,pc}
7121 which would need to be rewritten as:
7123 ldm rN!, {r0-r14}
7125 but that can't work, because there's no free register for N.
7127 Solve this by turning off the writeback bit, and emulating
7128 writeback manually in the cleanup routine. */
7143 }
7144 }
7145 else
7146 {
7147 /* STM of a list of registers which includes PC. Run the instruction
7148 as-is, but out of line: this will store the wrong value for the PC,
7149 so we must manually fix up the memory in the cleanup routine.
7150 Doing things this way has the advantage that we can auto-detect
7151 the offset of the PC write (which is architecture-dependent) in
7152 the cleanup routine. */
7156 }
7159 }
7161 static int
7165 {
7170 /* Block transfers which don't mention PC can be run directly
7171 out-of-line. */
7176 {
7181 }
7186 /* Clear bit 13, since it should be always zero. */
7199 {
7201 {
7202 /* This branch is impossible to happen. */
7204 }
7205 else
7206 {
7229 }
7230 }
7231 else
7232 {
7237 }
7239 }
7241 /* Wrapper over read_memory_unsigned_integer for use in arm_get_next_pcs.
7242 This is used to avoid a dependency on BFD's bfd_endian enum. */
7244 ULONGEST
7247 {
7250 }
7252 /* Wrapper over gdbarch_addr_bits_remove for use in arm_get_next_pcs. */
7254 CORE_ADDR
7256 CORE_ADDR val)
7257 {
7258 return gdbarch_addr_bits_remove
7260 }
7262 /* Wrapper over syscall_next_pc for use in get_next_pcs. */
7264 static CORE_ADDR
7266 {
7268 }
7270 /* Wrapper over arm_is_thumb for use in arm_get_next_pcs. */
7272 int
7274 {
7276 }
7278 /* single_step() is called just before we want to resume the inferior,
7279 if we want to single-step it but there is no hardware or kernel
7280 single-step support. We find the target of the coming instructions
7281 and breakpoint them. */
7285 {
7294 regcache);
7302 }
7304 /* Cleanup/copy SVC (SWI) instructions. These two functions are overridden
7305 for Linux, where some SVC instructions must be treated specially. */
7307 static void
7310 {
7317 }
7320 /* Common copy routine for svc instruction. */
7322 static int
7325 {
7326 /* Preparation: none.
7327 Insn: unmodified svc.
7328 Cleanup: pc <- insn_addr + insn_size. */
7330 /* Pretend we wrote to the PC, so cleanup doesn't set PC to the next
7331 instruction. */
7334 /* Allow OS-specific code to override SVC handling. */
7337 else
7338 {
7341 }
7342 }
7344 static int
7347 {
7355 }
7357 static int
7360 {
7367 }
7369 /* Copy undefined instructions. */
7371 static int
7374 {
7381 }
7383 static int
7386 {
7396 }
7398 /* Copy unpredictable instructions. */
7400 static int
7403 {
7410 }
7412 /* The decode_* functions are instruction decoding helpers. They mostly follow
7413 the presentation in the ARM ARM. */
7415 static int
7419 {
7431 dsc);
7437 {
7440 else
7442 }
7447 {
7453 }
7458 {
7464 /* pld/pldw reg. */
7470 }
7471 else
7473 }
7475 static int
7479 {
7482 /* Switch on bits: 0bxxxxx321xxx0xxxxxxxxxxxxxxxxxxxx. */
7484 {
7496 {
7498 /* stc/stc2. */
7506 }
7509 {
7512 {
7514 /* ldc/ldc2 imm (undefined for rn == pc). */
7522 /* ldc/ldc2 lit (undefined for rn != pc). */
7528 }
7529 }
7536 /* ldc/ldc2 lit. */
7538 else
7544 else
7550 else
7555 }
7556 }
7558 /* Decode miscellaneous instructions in dp/misc encoding space. */
7560 static int
7564 {
7569 {
7578 else
7583 /* Not really supported. */
7585 else
7592 else
7602 /* Not really supported. */
7608 }
7609 }
7611 static int
7615 {
7618 {
7630 }
7631 else
7632 {
7648 /* 2nd arg means "unprivileged". */
7650 dsc);
7651 }
7653 /* Should be unreachable. */
7655 }
7657 static int
7661 {
7690 /* Should be unreachable. */
7692 }
7694 static int
7697 {
7699 {
7713 {
7716 else
7718 }
7719 else
7725 else
7730 {
7733 else
7735 }
7736 else
7742 else
7744 }
7746 /* Should be unreachable. */
7748 }
7750 static int
7754 {
7757 else
7759 }
7761 static int
7765 {
7769 {
7783 /* Note: no writeback for these instructions. Bit 25 will always be
7784 zero though (via caller), so the following works OK. */
7786 }
7788 /* Should be unreachable. */
7790 }
7792 /* Decode shifted register instructions. */
7794 static int
7798 {
7799 /* PC is only allowed to be used in instruction MOV. */
7806 else
7809 }
7812 /* Decode extension register load/store. Exactly the same as
7813 arm_decode_ext_reg_ld_st. */
7815 static int
7819 {
7823 {
7845 }
7847 /* Should be unreachable. */
7849 }
7851 static int
7854 {
7863 /* stc/stc2. */
7867 /* ldc/ldc2 imm/lit. */
7878 {
7881 else
7883 }
7892 else
7894 }
7896 static int
7900 {
7907 {
7911 dsc);
7914 else
7915 {
7916 /*coproc is 101x. SIMD/VFP, ext registers load/store. */
7919 dsc);
7921 {
7928 }
7929 }
7930 }
7931 else
7935 }
7937 static void
7940 {
7941 /* ADR Rd, #imm
7943 Rewrite as:
7945 Preparation: Rd <- PC
7946 Insn: ADD Rd, #imm
7947 Cleanup: Null.
7948 */
7950 /* Rd <- PC */
7953 }
7955 static int
7959 {
7961 /* Encoding T2: ADDS Rd, #imm */
7967 }
7969 static int
7973 {
7981 }
7983 static int
7987 {
7989 /* Since immediate has the same encoding in ADR ADD and SUB, so we simply
7990 extract raw immediate encoding rather than computing immediate. When
7991 generating ADD or SUB instruction, we can simply perform OR operation to
7992 set immediate into ADD. */
8000 {
8001 /* Encoding T3: SUB Rd, Rd, #imm */
8004 }
8006 {
8007 /* Encoding T3: ADD Rd, Rd, #imm */
8010 }
8016 }
8018 static int
8022 {
8027 /* LDR Rd, #imm8
8029 Rwrite as:
8031 Preparation: tmp0 <- R0, tmp2 <- R2, tmp3 <- R3, R2 <- PC, R3 <- #imm8;
8033 Insn: LDR R0, [R2, R3];
8034 Cleanup: R2 <- tmp2, R3 <- tmp3, Rd <- R0, R0 <- tmp0 */
8042 /* The assembler calculates the required value of the offset from the
8043 Align(PC,4) value of this instruction to the label. */
8061 }
8063 /* Copy Thumb cbnz/cbz instruction. */
8065 static int
8069 {
8077 /* CBNZ and CBZ do not affect the condition flags. If condition is true,
8078 set it INST_AL, so cleanup_branch will know branch is taken, otherwise,
8079 condition is false, let it be, cleanup_branch will do nothing. */
8081 {
8084 }
8085 else
8099 }
8101 /* Copy Table Branch Byte/Halfword */
8102 static int
8106 {
8116 {
8121 }
8122 else
8123 {
8128 }
8143 }
8145 static void
8148 {
8149 /* PC <- r7 */
8153 /* r7 <- r8 */
8157 /* r8 <- tmp[0] */
8160 }
8162 static int
8166 {
8169 /* Rewrite instruction: POP {rX, rY, ...,rZ, PC}
8170 to :
8172 (1) register list is full, that is, r0-r7 are used.
8173 Prepare: tmp[0] <- r8
8175 POP {r0, r1, ...., r6, r7}; remove PC from reglist
8176 MOV r8, r7; Move value of r7 to r8;
8177 POP {r7}; Store PC value into r7.
8179 Cleanup: PC <- r7, r7 <- r8, r8 <-tmp[0]
8181 (2) register list is not full, supposing there are N registers in
8182 register list (except PC, 0 <= N <= 7).
8183 Prepare: for each i, 0 - N, tmp[i] <- ri.
8185 POP {r0, r1, ...., rN};
8187 Cleanup: Set registers in original reglist from r0 - rN. Restore r0 - rN
8188 from tmp[] properly.
8189 */
8194 {
8203 }
8204 else
8205 {
8226 }
8229 }
8231 static void
8235 {
8240 /* 16-bit thumb instructions. */
8242 {
8243 /* Shift (imme), add, subtract, move and compare. */
8247 dsc);
8251 {
8255 dsc);
8258 {
8264 else
8266 dsc);
8267 }
8271 }
8283 {
8285 {
8292 else
8297 /* If-Then makes up to four following instructions conditional.
8298 IT instruction itself is not conditional, so handle it as a
8299 common unmodified instruction. */
8301 dsc);
8302 else
8307 }
8308 }
8319 else
8327 }
8331 }
8333 static int
8338 {
8344 {
8347 {
8349 /* PLD literal or Encoding T3 of PLI(immediate, literal). */
8351 else
8354 }
8355 else
8356 {
8360 else
8363 dsc);
8364 }
8371 else
8372 {
8376 else
8379 }
8382 {
8391 {
8393 /* LDR (immediate) */
8399 else
8400 /* LDR (register) */
8403 }
8405 }
8409 }
8411 }
8413 static void
8417 {
8423 {
8425 {
8427 {
8430 {
8431 /* Load/store {dual, exclusive}, table branch. */
8435 dsc);
8436 else
8437 /* PC is not allowed to use in load/store {dual, exclusive}
8438 instructions. */
8441 }
8443 {
8445 {
8453 }
8454 }
8458 /* Data-processing (shift register). */
8460 dsc);
8465 }
8467 }
8470 {
8475 else
8478 }
8479 else
8480 {
8482 {
8488 else
8491 }
8495 }
8499 {
8507 dsc);
8511 {
8524 }
8529 }
8533 }
8538 }
8540 static void
8544 {
8546 uint16_t insn1
8555 {
8556 uint16_t insn2
8559 }
8560 else
8562 }
8564 void
8568 {
8573 /* Most displaced instructions use a 1-instruction scratch space, so set this
8574 here and override below if/when necessary. */
8593 {
8613 }
8617 }
8619 /* Actually set up the scratch space for a displaced instruction. */
8621 void
8623 CORE_ADDR to,
8625 {
8633 /* Poke modified instruction(s). */
8635 {
8645 byte_order_for_code,
8648 }
8650 /* Choose the correct breakpoint instruction. */
8652 {
8655 }
8656 else
8657 {
8660 }
8662 /* Put breakpoint afterwards. */
8667 }
8669 /* Entry point for cleaning things up after a displaced instruction has been
8670 single-stepped. */
8672 void
8677 {
8678 /* The following block exists as a temporary measure while displaced
8679 stepping is fixed architecture at a time within GDB.
8681 In an earlier implementation of displaced stepping, if GDB thought the
8682 displaced instruction had not been executed then this fix up function
8683 was never called. As a consequence, things that should be fixed by
8684 this function were left in an unfixed state.
8686 However, it's not as simple as always calling this function; this
8687 function needs to be updated to decide what should be fixed up based
8688 on whether the displaced step executed or not, which requires each
8689 architecture to be considered individually.
8691 Until this architecture is updated, this block replicates the old
8692 behaviour; we just restore the program counter register, and leave
8693 everything else unfixed. */
8695 {
8700 }
8702 arm_displaced_step_copy_insn_closure *dsc
8712 }
8717 static int
8719 {
8720 gdb_disassemble_info *di
8725 {
8733 {
8734 /* Create a fake symbol vector containing a Thumb symbol.
8735 This is solely so that the code in print_insn_little_arm()
8736 and print_insn_big_arm() in opcodes/arm-dis.c will detect
8737 the presence of a Thumb symbol and switch to decoding
8738 Thumb instructions. */
8747 }
8751 }
8752 else
8755 /* GDB is able to get bfd_mach from the exe_bfd, info->mach is
8756 accurate, so mark USER_SPECIFIED_MACHINE_TYPE bit. Otherwise,
8757 opcodes/arm-dis.c:print_insn reset info->mach, and it will trigger
8758 the assert on the mismatch of info->mach and
8759 bfd_get_mach (current_program_space->exec_bfd ()) in
8760 default_print_insn. */
8767 }
8769 /* The following define instruction sequences that will cause ARM
8770 cpu's to take an undefined instruction trap. These are used to
8771 signal a breakpoint to GDB.
8773 The newer ARMv4T cpu's are capable of operating in ARM or Thumb
8774 modes. A different instruction is required for each mode. The ARM
8775 cpu's can also be big or little endian. Thus four different
8776 instructions are needed to support all cases.
8778 Note: ARMv4 defines several new instructions that will take the
8779 undefined instruction trap. ARM7TDMI is nominally ARMv4T, but does
8780 not in fact add the new instructions. The new undefined
8781 instructions in ARMv4 are all instructions that had no defined
8782 behaviour in earlier chips. There is no guarantee that they will
8783 raise an exception, but may be treated as NOP's. In practice, it
8784 may only safe to rely on instructions matching:
8786 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
8787 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
8788 C C C C 0 1 1 x x x x x x x x x x x x x x x x x x x x 1 x x x x
8790 Even this may only true if the condition predicate is true. The
8791 following use a condition predicate of ALWAYS so it is always TRUE.
8793 There are other ways of forcing a breakpoint. GNU/Linux, RISC iX,
8794 and NetBSD all use a software interrupt rather than an undefined
8795 instruction to force a trap. This can be handled by by the
8796 abi-specific code during establishment of the gdbarch vector. */
8798 #define ARM_LE_BREAKPOINT {0xFE,0xDE,0xFF,0xE7}
8799 #define ARM_BE_BREAKPOINT {0xE7,0xFF,0xDE,0xFE}
8800 #define THUMB_LE_BREAKPOINT {0xbe,0xbe}
8801 #define THUMB_BE_BREAKPOINT {0xbe,0xbe}
8808 /* Implement the breakpoint_kind_from_pc gdbarch method. */
8810 static int
8812 {
8817 {
8820 /* If we have a separate 32-bit breakpoint instruction for Thumb-2,
8821 check whether we are replacing a 32-bit instruction. */
8823 {
8827 {
8833 }
8834 }
8837 }
8838 else
8841 }
8843 /* Implement the sw_breakpoint_from_kind gdbarch method. */
8847 {
8851 {
8863 }
8864 }
8866 /* Implement the breakpoint_kind_from_current_state gdbarch method. */
8868 static int
8872 {
8875 /* Check the memory pointed by PC is readable. */
8877 {
8885 regcache);
8889 /* If MEMADDR is the next instruction of current pc, do the
8890 software single step computation, and get the thumb mode by
8891 the destination address. */
8893 {
8895 {
8897 {
8900 }
8901 else
8903 }
8904 }
8905 }
8908 }
8910 /* Extract from an array REGBUF containing the (raw) register state a
8911 function return value of type TYPE, and copy that, in virtual
8912 format, into VALBUF. */
8914 static void
8917 {
8926 {
8928 {
8930 {
8931 /* The value is in register F0 in internal format. We need to
8932 extract the raw value and then convert it to the desired
8933 internal type. */
8939 }
8944 /* ARM_FLOAT_VFP can arise if this is a variadic function so
8945 not using the VFP ABI code. */
8957 }
8958 }
8966 {
8967 /* If the type is a plain integer, then the access is
8968 straight-forward. Otherwise we have to play around a bit
8969 more. */
8972 ULONGEST tmp;
8975 {
8976 /* By using store_unsigned_integer we avoid having to do
8977 anything special for small big-endian values. */
8985 }
8986 }
8987 else
8988 {
8989 /* For a structure or union the behaviour is as if the value had
8990 been stored to word-aligned memory and then loaded into
8991 registers with 32-bit load instruction(s). */
8997 {
9003 }
9004 }
9005 }
9008 /* Will a function return an aggregate type in memory or in a
9009 register? Return 0 if an aggregate type can be returned in a
9010 register, 1 if it must be returned in memory. */
9012 static int
9014 {
9019 /* Simple, non-aggregate types (ie not including vectors and
9020 complex) are always returned in a register (or registers). */
9030 {
9031 /* Vector values should be returned using ARM registers if they
9032 are not over 16 bytes. */
9034 }
9038 {
9039 /* The AAPCS says all aggregates not larger than a word are returned
9040 in a register. */
9046 }
9047 else
9048 {
9051 /* All aggregate types that won't fit in a register must be returned
9052 in memory. */
9057 /* In the ARM ABI, "integer" like aggregate types are returned in
9058 registers. For an aggregate type to be integer like, its size
9059 must be less than or equal to ARM_INT_REGISTER_SIZE and the
9060 offset of each addressable subfield must be zero. Note that bit
9061 fields are not addressable, and all addressable subfields of
9062 unions always start at offset zero.
9064 This function is based on the behaviour of GCC 2.95.1.
9065 See: gcc/arm.c: arm_return_in_memory() for details.
9067 Note: All versions of GCC before GCC 2.95.2 do not set up the
9068 parameters correctly for a function returning the following
9069 structure: struct { float f;}; This should be returned in memory,
9070 not a register. Richard Earnshaw sent me a patch, but I do not
9071 know of any way to detect if a function like the above has been
9072 compiled with the correct calling convention. */
9074 /* Assume all other aggregate types can be returned in a register.
9075 Run a check for structures, unions and arrays. */
9079 {
9081 /* Need to check if this struct/union is "integer" like. For
9082 this to be true, its size must be less than or equal to
9083 ARM_INT_REGISTER_SIZE and the offset of each addressable
9084 subfield must be zero. Note that bit fields are not
9085 addressable, and unions always start at offset zero. If any
9086 of the subfields is a floating point type, the struct/union
9087 cannot be an integer type. */
9089 /* For each field in the object, check:
9090 1) Is it FP? --> yes, nRc = 1;
9091 2) Is it addressable (bitpos != 0) and
9092 not packed (bitsize == 0)?
9093 --> yes, nRc = 1
9094 */
9097 {
9100 field_type_code
9103 /* Is it a floating point type field? */
9105 {
9108 }
9110 /* If bitpos != 0, then we have to care about it. */
9112 {
9113 /* Bitfields are not addressable. If the field bitsize is
9114 zero, then the field is not packed. Hence it cannot be
9115 a bitfield or any other packed type. */
9117 {
9120 }
9121 }
9122 }
9123 }
9126 }
9127 }
9129 /* Write into appropriate registers a function return value of type
9130 TYPE, given in virtual format. */
9132 static void
9135 {
9143 {
9148 {
9157 /* ARM_FLOAT_VFP can arise if this is a variadic function so
9158 not using the VFP ABI code. */
9170 }
9171 }
9179 {
9181 {
9182 /* Values of one word or less are zero/sign-extended and
9183 returned in r0. */
9187 {
9188 gdb_mpz unscaled;
9193 }
9194 else
9195 {
9198 }
9200 }
9201 else
9202 {
9203 /* Integral values greater than one word are stored in consecutive
9204 registers starting with r0. This will always be a multiple of
9205 the regiser size. */
9210 {
9214 }
9215 }
9216 }
9217 else
9218 {
9219 /* For a structure or union the behaviour is as if the value had
9220 been stored to word-aligned memory and then loaded into
9221 registers with 32-bit load instruction(s). */
9227 {
9233 }
9234 }
9235 }
9238 /* Handle function return values. */
9240 static enum return_value_convention
9244 {
9252 {
9259 {
9262 }
9265 {
9267 {
9275 }
9276 else
9277 {
9288 }
9289 }
9291 }
9296 {
9297 /* From the AAPCS document:
9299 Result return:
9301 A Composite Type larger than 4 bytes, or whose size cannot be
9302 determined statically by both caller and callee, is stored in memory
9303 at an address passed as an extra argument when the function was
9304 called (Parameter Passing, rule A.4). The memory to be used for the
9305 result may be modified at any point during the function call.
9307 Parameter Passing:
9309 A.4: If the subroutine is a function that returns a result in memory,
9310 then the address for the result is placed in r0 and the NCRN is set
9311 to r1. */
9314 {
9316 {
9317 CORE_ADDR addr;
9321 }
9323 }
9324 }
9326 {
9329 }
9335 {
9339 }
9342 }
9345 static int
9347 {
9351 CORE_ADDR jb_addr;
9357 ARM_INT_REGISTER_SIZE))
9362 }
9363 /* A call to cmse secure entry function "foo" at "a" is modified by
9364 GNU ld as "b".
9365 a) bl xxxx <foo>
9367 <foo>
9368 xxxx:
9370 b) bl yyyy <__acle_se_foo>
9372 section .gnu.sgstubs:
9373 <foo>
9374 yyyy: sg // secure gateway
9375 b.w xxxx <__acle_se_foo> // original_branch_dest
9377 <__acle_se_foo>
9378 xxxx:
9380 When the control at "b", the pc contains "yyyy" (sg address) which is a
9381 trampoline and does not exist in source code. This function returns the
9382 target pc "xxxx". For more details please refer to section 5.4
9383 (Entry functions) and section 3.4.4 (C level development flow of secure code)
9384 of "armv8-m-security-extensions-requirements-on-development-tools-engineering-specification"
9385 document on www.developer.arm.com. */
9387 static CORE_ADDR
9389 {
9394 struct bound_minimal_symbol minsym
9401 }
9403 /* Return true when SEC points to ".gnu.sgstubs" section. */
9405 static bool
9407 {
9412 }
9414 /* Recognize GCC and GNU ld's trampolines. If we are in a trampoline,
9415 return the target PC. Otherwise return 0. */
9417 CORE_ADDR
9419 {
9422 CORE_ADDR start_addr;
9424 /* Find the starting address and name of the function containing the PC. */
9426 {
9427 /* Trampoline 'bx reg' doesn't belong to any functions. Do the
9428 check here. */
9434 }
9436 /* If PC is in a Thumb call or return stub, return the address of the
9437 target PC, which is in a register. The thunk functions are called
9438 _call_via_xx, where x is the register name. The possible names
9439 are r0-r9, sl, fp, ip, sp, and lr. ARM RealView has similar
9440 functions, named __ARM_call_via_r[0-7]. */
9443 {
9444 /* Use the name suffix to determine which register contains the
9445 target PC. */
9449 };
9456 }
9458 /* GNU ld generates __foo_from_arm or __foo_from_thumb for
9459 non-interworking calls to foo. We could decode the stubs
9460 to find the target but it's easier to use the symbol table. */
9467 {
9476 else
9488 else
9490 }
9494 /* Check whether SECTION points to the ".gnu.sgstubs" section. */
9499 }
9501 static void
9503 {
9504 /* If the current architecture is not ARM, we have nothing to do. */
9509 /* Update the architecture. */
9510 gdbarch_info info;
9513 }
9515 static void
9518 {
9523 {
9526 }
9530 current_fp_model);
9533 }
9535 static void
9538 {
9542 {
9548 }
9549 else
9553 }
9555 static void
9558 {
9563 {
9566 }
9570 arm_abi_string);
9573 }
9575 static void
9578 {
9582 {
9588 }
9589 else
9591 arm_abi_string);
9592 }
9594 static void
9597 {
9601 arm_fallback_mode_string);
9602 }
9604 static void
9607 {
9611 arm_force_mode_string);
9612 }
9614 static void
9617 {
9621 }
9623 /* If the user changes the register disassembly style used for info
9624 register and other commands, we have to also switch the style used
9625 in opcodes for disassembly output. This function is run in the "set
9626 arm disassembly" command, and does that. */
9628 static void
9631 {
9632 /* Convert the short style name into the long style name (eg, reg-names-*)
9633 before calling the generic set_disassembler_options() function. */
9636 }
9638 static void
9641 {
9650 {
9653 }
9656 }
9657 \f
9658 /* Return the ARM register name corresponding to register I. */
9661 {
9665 {
9671 };
9674 }
9677 {
9681 };
9684 }
9689 /* RA_AUTH_CODE is used for unwinding only. Do not assign it a name. */
9694 /* These registers are only supported on targets which supply
9695 an XML description. */
9698 /* Non-pseudo registers. */
9700 }
9702 /* Test whether the coff symbol specific value corresponds to a Thumb
9703 function. */
9705 static int
9707 {
9713 }
9715 /* arm_coff_make_msymbol_special()
9716 arm_elf_make_msymbol_special()
9718 These functions test whether the COFF or ELF symbol corresponds to
9719 an address in thumb code, and set a "special" bit in a minimal
9720 symbol to indicate that it does. */
9722 static void
9724 {
9730 }
9732 static void
9734 {
9737 }
9739 static void
9742 {
9755 arm_mapping_symbol_vec &map
9761 /* Insert at the end, the vector will be sorted on first use. */
9763 }
9765 static void
9767 {
9771 /* If necessary, set the T bit. */
9773 {
9780 else
9783 }
9784 }
9786 /* Read the contents of a NEON quad register, by reading from two
9787 double registers. This is used to implement the quad pseudo
9788 registers, and for argument passing in case the quad registers are
9789 missing; vectors are passed in quad registers when using the VFP
9790 ABI, even if a NEON unit is not present. REGNUM is the index of
9791 the quad register, in [0, 15]. */
9793 static enum register_status
9796 {
9817 }
9819 /* Read the contents of a NEON quad register, by reading from two double
9820 registers, and return it as a value. QUAD_REG_INDEX is the index of the quad
9821 register, in [0, 15]. */
9826 {
9828 int double_regnum
9834 }
9836 /* Read the contents of the MVE pseudo register REGNUM and return it as a
9837 value. */
9841 {
9844 /* P0 is the first 16 bits of VPR. */
9847 }
9852 {
9858 {
9859 /* Quad-precision register. */
9862 }
9865 else
9866 {
9869 /* Single-precision register. */
9872 /* s0 is always the least significant half of d0. */
9876 else
9880 int double_regnum
9885 offset);
9886 }
9887 }
9889 /* Store the contents of BUF to a NEON quad register, by writing to
9890 two double registers. This is used to implement the quad pseudo
9891 registers, and for argument passing in case the quad registers are
9892 missing; vectors are passed in quad registers when using the VFP
9893 ABI, even if a NEON unit is not present. REGNUM is the index
9894 of the quad register, in [0, 15]. */
9896 static void
9899 {
9909 }
9911 static void
9914 {
9916 int double_regnum
9921 }
9923 /* Store the contents of BUF to the MVE pseudo register REGNUM. */
9925 static void
9928 {
9931 /* P0 is the first 16 bits of VPR. */
9933 }
9935 static void
9939 {
9945 {
9946 /* Quad-precision register. */
9949 }
9952 else
9953 {
9956 /* Single-precision register. */
9959 /* s0 is always the least significant half of d0. */
9963 else
9967 int double_regnum
9972 }
9973 }
9977 {
9980 }
9982 static enum gdb_osabi
9984 {
9991 /* GNU tools use this value. Check note sections in this case,
9992 as well. */
9993 {
9996 }
9998 /* Anything else will be handled by the generic ELF sniffer. */
10000 }
10002 static int
10005 {
10006 /* FPS register's type is INT, but belongs to float_reggroup. Beside
10007 this, FPS register belongs to save_regroup, restore_reggroup, and
10008 all_reggroup, of course. */
10014 else
10016 }
10018 /* For backward-compatibility we allow two 'g' packet lengths with
10019 the remote protocol depending on whether FPA registers are
10020 supplied. M-profile targets do not have FPA registers, but some
10021 stubs already exist in the wild which use a 'g' packet which
10022 supplies them albeit with dummy values. The packet format which
10023 includes FPA registers should be considered deprecated for
10024 M-profile targets. */
10026 static void
10028 {
10032 {
10035 /* If we know from the executable this is an M-profile target,
10036 cater for remote targets whose register set layout is the
10037 same as the FPA layout. */
10041 tdesc);
10043 /* The regular M-profile layout. */
10046 tdesc);
10048 /* M-profile plus M4F VFP. */
10052 tdesc);
10053 /* M-profile plus MVE. */
10056 + ARM_VFP2_REGS_SIZE
10059 /* M-profile system (stack pointers). */
10062 }
10064 /* Otherwise we don't have a useful guess. */
10065 }
10067 /* Implement the code_of_frame_writable gdbarch method. */
10069 static int
10071 {
10075 {
10076 /* M-profile exception frames return to some magic PCs, where
10077 isn't writable at all. */
10079 }
10080 else
10082 }
10084 /* Implement gdbarch_gnu_triplet_regexp. If the arch name is arm then allow it
10085 to be postfixed by a version (eg armv7hl). */
10089 {
10093 }
10095 /* Implement the "get_pc_address_flags" gdbarch method. */
10099 {
10104 }
10106 /* Initialize the current architecture based on INFO. If possible,
10107 re-use an architecture from ARCHES, which is a list of
10108 architectures already created during this debugging session.
10110 Called e.g. at program startup, when reading a core file, and when
10111 reading a binary file. */
10115 {
10119 tdesc_arch_data_up tdesc_data;
10143 /* If we have an object to base this architecture on, try to determine
10144 its ABI. */
10147 {
10151 {
10153 /* Assume it's an old APCS-style ABI. */
10154 /* XXX WinCE? */
10163 {
10164 /* GNU tools used to use this value, but do not for EABI
10165 objects. There's nowhere to tag an EABI version
10166 anyway, so assume APCS. */
10168 }
10170 {
10174 {
10176 /* Assume GNU tools. */
10183 /* EABI binaries default to VFP float ordering.
10184 They may also contain build attributes that can
10185 be used to identify if the VFP argument-passing
10186 ABI is in use. */
10188 {
10189 #ifdef HAVE_ELF
10191 OBJ_ATTR_PROC,
10192 Tag_ABI_VFP_args))
10193 {
10195 /* "The user intended FP parameter/result
10196 passing to conform to AAPCS, base
10197 variant". */
10201 /* "The user intended FP parameter/result
10202 passing to conform to AAPCS, VFP
10203 variant". */
10207 /* "The user intended FP parameter/result
10208 passing to conform to tool chain-specific
10209 conventions" - we don't know any such
10210 conventions, so leave it as "auto". */
10213 /* "Code is compatible with both the base
10214 and VFP variants; the user did not permit
10215 non-variadic functions to pass FP
10216 parameters/results" - leave it as
10217 "auto". */
10220 /* Attribute value not mentioned in the
10221 November 2012 ABI, so leave it as
10222 "auto". */
10224 }
10225 #else
10227 #endif
10228 }
10232 /* Leave it as "auto". */
10235 }
10237 #ifdef HAVE_ELF
10238 /* Detect M-profile programs. This only works if the
10239 executable file includes build attributes; GCC does
10240 copy them to the executable, but e.g. RealView does
10241 not. */
10242 int attr_arch
10244 Tag_CPU_arch);
10245 int attr_profile
10247 Tag_CPU_arch_profile);
10249 /* GCC specifies the profile for v6-M; RealView only
10250 specifies the profile for architectures starting with
10251 V7 (as opposed to architectures with a tag
10252 numerically greater than TAG_CPU_ARCH_V7). */
10263 /* Look for attributes that indicate support for ARMv8.1-m
10264 PACBTI. */
10266 {
10267 int attr_pac_extension
10269 Tag_PAC_extension);
10271 int attr_bti_extension
10273 Tag_BTI_extension);
10275 int attr_pacret_use
10277 Tag_PACRET_use);
10279 int attr_bti_use
10281 Tag_BTI_use);
10286 }
10287 #endif
10288 }
10291 {
10293 {
10295 /* Leave it as "auto". Strictly speaking this case
10296 means FPA, but almost nobody uses that now, and
10297 many toolchains fail to set the appropriate bits
10298 for the floating-point model they use. */
10309 }
10310 }
10318 /* Leave it as "auto". */
10320 }
10321 }
10323 /* Check any target description for validity. */
10325 {
10326 /* For most registers we require GDB's default names; but also allow
10327 the numeric names for sp / lr / pc, as a convenience. */
10338 {
10343 else
10345 }
10354 ARM_SP_REGNUM,
10355 arm_sp_names);
10357 ARM_LR_REGNUM,
10358 arm_lr_names);
10360 ARM_PC_REGNUM,
10361 arm_pc_names);
10365 else
10373 {
10377 {
10378 /* MSP */
10382 {
10385 }
10389 /* PSP */
10393 {
10396 }
10398 }
10399 }
10404 {
10411 }
10412 else
10418 {
10424 };
10428 valid_p
10432 /* Check for the control registers, but do not fail if they
10433 are missing. */
10439 valid_p
10447 }
10449 /* If we have a VFP unit, check whether the single precision registers
10450 are present. If not, then we will synthesize them as pseudo
10451 registers. */
10455 {
10461 };
10463 /* Require the double precision registers. There must be either
10464 16 or 32. */
10467 {
10473 }
10477 /* Also require FPSCR. */
10490 /* If we have VFP, also check for NEON. The architecture allows
10491 NEON without VFP (integer vector operations only), but GDB
10492 does not support that. */
10496 {
10497 /* NEON requires 32 double-precision registers. */
10501 /* If there are quad registers defined by the stub, use
10502 their type; otherwise (normally) provide them with
10503 the default type. */
10506 }
10507 }
10509 /* Check for the TLS register feature. */
10512 {
10519 register_count++;
10520 }
10522 /* Check for MVE after all the checks for GPR's, VFP and Neon.
10523 MVE (Helium) is an M-profile extension. */
10525 {
10526 /* Do we have the MVE feature? */
10530 {
10531 /* If we have MVE, we must always have the VPR register. */
10535 {
10538 }
10542 register_count++;
10544 /* We can't have Q pseudo registers available here, as that
10545 would mean we have NEON features, and that is only available
10546 on A and R profiles. */
10549 /* Given we have a M-profile target description, if MVE is
10550 enabled and there are VFP registers, we should have Q
10551 pseudo registers (Q0 ~ Q7). */
10554 }
10556 /* Do we have the ARMv8.1-m PACBTI feature? */
10560 {
10561 /* By advertising this feature, the target acknowledges the
10562 presence of the ARMv8.1-m PACBTI extensions.
10564 We don't care for any particular registers in this group, so
10565 the target is free to include whatever it deems appropriate.
10567 The expectation is for this feature to include the PAC
10568 keys. */
10570 }
10572 /* Do we have the Security extension? */
10576 {
10577 /* Secure/Non-secure stack pointers. */
10578 /* MSP_NS */
10582 {
10585 }
10588 /* PSP_NS */
10592 {
10595 }
10598 /* MSP_S */
10602 {
10605 }
10608 /* PSP_S */
10612 {
10615 }
10619 }
10621 }
10622 }
10624 /* If there is already a candidate, use it. */
10628 {
10629 arm_gdbarch_tdep *tdep
10638 /* There are various other properties in tdep that we do not
10639 need to check here: those derived from a target description,
10640 since gdbarches with a different target description are
10641 automatically disqualified. */
10643 /* Do check is_m, though, since it might come from the binary. */
10647 /* Also check for ARMv8.1-m PACBTI support, since it might come from
10648 the binary. */
10652 /* Found a match. */
10654 }
10659 gdbarch *gdbarch
10663 /* Record additional information about the architecture we are defining.
10664 These are gdbarch discriminators, like the OSABI. */
10680 /* Adjust the MVE feature settings. */
10682 {
10685 }
10687 /* Adjust the PACBTI feature settings. */
10690 /* Adjust the M-profile stack pointers settings. */
10692 {
10699 }
10703 /* Breakpoints. */
10705 {
10724 }
10726 /* On ARM targets char defaults to unsigned. */
10729 /* wchar_t is unsigned under the AAPCS. */
10732 else
10735 /* Compute type alignment. */
10738 /* Note: for displaced stepping, this includes the breakpoint, and one word
10739 of additional scratch space. This setting isn't used for anything beside
10740 displaced stepping at present. */
10741 set_gdbarch_displaced_step_buffer_length
10745 /* This should be low enough for everything. */
10749 /* The default, for both APCS and AAPCS, is to return small
10750 structures in registers. */
10763 /* Address manipulation. */
10766 /* Advance PC across function entry code. */
10769 /* Detect whether PC is at a point where the stack has been destroyed. */
10772 /* Skip trampolines. */
10775 /* The stack grows downward. */
10778 /* Breakpoint manipulation. */
10782 arm_breakpoint_kind_from_current_state);
10784 /* Information about registers, etc. */
10791 /* This "info float" is FPA-specific. Use the generic version if we
10792 do not have FPA. */
10796 /* Internal <-> external register number maps. */
10802 /* Returning results. */
10805 /* Disassembly. */
10808 /* Minsymbol frobbing. */
10811 arm_coff_make_msymbol_special);
10814 /* Thumb-2 IT block support. */
10816 arm_adjust_breakpoint_address);
10818 /* Virtual tables. */
10821 /* Hook in the ABI-specific overrides, if they have been registered. */
10826 /* Add some default predicates. */
10835 /* Now we have tuned the configuration, set a few final things,
10836 based on what the OS ABI has told us. */
10838 /* If the ABI is not otherwise marked, assume the old GNU APCS. EABI
10839 binaries are always marked. */
10843 /* Watchpoints are not steppable. */
10846 /* We used to default to FPA for generic ARM, but almost nobody
10847 uses that now, and we now provide a way for the user to force
10848 the model. So default to the most useful variant. */
10855 /* Floating point sizes and format. */
10858 {
10859 set_gdbarch_double_format
10861 set_gdbarch_long_double_format
10863 }
10864 else
10865 {
10868 }
10870 /* Hook used to decorate frames with signed return addresses, only available
10871 for ARMv8.1-m PACBTI. */
10876 {
10882 /* Override tdesc_register_type to adjust the types of VFP
10883 registers for NEON. */
10885 }
10887 /* Initialize the pseudo register data. */
10890 {
10891 /* VFP single precision pseudo registers (S0~S31). */
10897 {
10898 /* NEON quad precision pseudo registers (Q0~Q15). */
10907 }
10908 }
10910 /* Do we have any MVE pseudo registers? */
10912 {
10916 }
10918 /* Do we have any ARMv8.1-m PACBTI pseudo registers. */
10920 {
10924 }
10926 /* Set some pseudo register hooks, if we have pseudo registers. */
10928 {
10932 }
10934 /* Add standard register aliases. We add aliases even for those
10935 names which are used by the current architecture - it's simpler,
10936 and does no harm, since nothing ever lists user registers. */
10947 }
10949 static void
10951 {
11009 }
11011 #if GDB_SELF_TEST
11012 namespace selftests
11013 {
11016 }
11017 #endif
11020 void
11022 {
11030 /* Add ourselves to objfile event chain. */
11033 /* Register an ELF OS ABI sniffer for ARM binaries. */
11035 bfd_target_elf_flavour,
11036 arm_elf_osabi_sniffer);
11038 /* Add root prefix command for all "set arm"/"show arm" commands. */
11051 num_disassembly_styles++;
11053 /* Initialize the array that will be passed to add_setshow_enum_cmd(). */
11058 {
11068 }
11069 /* Mark the end of valid options. */
11072 /* Create the help text. */
11075 regdesc,
11083 set_disassembly_style_sfunc,
11084 show_disassembly_style_sfunc,
11091 NULL,
11093 mode is %s. */
11096 /* Add a command to allow the user to force the FPU model. */
11108 /* Add a command to allow the user to force the ABI. */
11115 /* Add two commands to allow the user to force the assumed
11116 execution mode. */
11130 /* Add a command to stop triggering security exceptions when
11131 unwinding exception stacks. */
11139 /* Debugging flag. */
11144 NULL,
11148 #if GDB_SELF_TEST
11151 #endif
11153 }
11155 /* ARM-reversible process record data structures. */
11157 #define ARM_INSN_SIZE_BYTES 4
11158 #define THUMB_INSN_SIZE_BYTES 2
11159 #define THUMB2_INSN_SIZE_BYTES 4
11162 /* Position of the bit within a 32-bit ARM instruction
11163 that defines whether the instruction is a load or store. */
11164 #define INSN_S_L_BIT_NUM 20
11166 #define REG_ALLOC(REGS, LENGTH, RECORD_BUF) \
11167 do \
11168 { \
11169 unsigned int reg_len = LENGTH; \
11170 if (reg_len) \
11171 { \
11172 REGS = XNEWVEC (uint32_t, reg_len); \
11173 memcpy(®S[0], &RECORD_BUF[0], sizeof(uint32_t)*LENGTH); \
11174 } \
11175 } \
11176 while (0)
11178 #define MEM_ALLOC(MEMS, LENGTH, RECORD_BUF) \
11179 do \
11180 { \
11181 unsigned int mem_len = LENGTH; \
11182 if (mem_len) \
11183 { \
11184 MEMS = XNEWVEC (struct arm_mem_r, mem_len); \
11185 memcpy(&MEMS->len, &RECORD_BUF[0], \
11186 sizeof(struct arm_mem_r) * LENGTH); \
11187 } \
11188 } \
11189 while (0)
11191 /* Checks whether insn is already recorded or yet to be decoded. (boolean expression). */
11192 #define INSN_RECORDED(ARM_RECORD) \
11193 (0 != (ARM_RECORD)->reg_rec_count || 0 != (ARM_RECORD)->mem_rec_count)
11195 /* ARM memory record structure. */
11196 struct arm_mem_r
11197 {
11200 };
11202 /* ARM instruction record contains opcode of current insn
11203 and execution state (before entry to decode_insn()),
11204 contains list of to-be-modified registers and
11205 memory blocks (on return from decode_insn()). */
11207 struct arm_insn_decode_record
11208 {
11220 };
11223 /* Checks ARM SBZ and SBO mandatory fields. */
11225 static int
11227 {
11237 {
11239 {
11241 }
11243 }
11245 }
11247 enum arm_record_result
11248 {
11251 };
11253 enum arm_record_strx_t
11254 {
11256 ARM_RECORD_STRD
11257 };
11259 enum record_type_t
11260 {
11262 THUMB_RECORD,
11263 THUMB2_RECORD
11264 };
11267 static int
11270 {
11282 {
11283 /* 1) Handle misc store, immediate offset. */
11290 {
11291 /* If R15 was used as Rn, hence current PC+8. */
11293 }
11295 /* Calculate target store address. */
11297 {
11299 }
11300 else
11301 {
11303 }
11305 {
11309 }
11311 {
11317 }
11318 }
11320 {
11321 /* 2) Store, register offset. */
11322 /* Get Rm. */
11324 /* Get Rn. */
11329 {
11330 /* If R15 was used as Rn, hence current PC+8. */
11332 }
11333 /* Calculate target store address, Rn +/- Rm, register offset. */
11335 {
11337 }
11338 else
11339 {
11341 }
11343 {
11347 }
11349 {
11355 }
11356 }
11359 {
11360 /* 3) Store, immediate pre-indexed. */
11361 /* 5) Store, immediate post-indexed. */
11367 /* Calculate target store address, Rn +/- Rm, register offset. */
11369 {
11371 }
11372 else
11373 {
11375 }
11377 {
11381 }
11383 {
11389 }
11390 /* Record Rn also as it changes. */
11393 }
11396 {
11397 /* 4) Store, register pre-indexed. */
11398 /* 6) Store, register post -indexed. */
11403 /* Calculate target store address, Rn +/- Rm, register offset. */
11405 {
11407 }
11408 else
11409 {
11411 }
11413 {
11417 }
11419 {
11425 }
11426 /* Record Rn also as it changes. */
11429 }
11431 }
11433 /* Handling ARM extension space insns. */
11435 static int
11437 {
11446 /* Handle unconditional insn extension space. */
11451 {
11452 /* PLD has no affect on architectural state, it just affects
11453 the caches. */
11455 {
11456 /* BLX(1) */
11460 }
11461 /* STC2, LDC2, MCR2, MRC2, CDP2: <TBD>, co-processor insn. */
11462 }
11467 {
11469 /* Undefined instruction on ARM V5; need to handle if later
11470 versions define it. */
11471 }
11477 /* Handle arithmetic insn extension space. */
11480 {
11481 /* Handle MLA(S) and MUL(S). */
11483 {
11487 }
11489 {
11490 /* Handle SMLAL(S), SMULL(S), UMLAL(S), UMULL(S). */
11495 }
11496 }
11502 /* Handle control insn extension space. */
11506 {
11508 {
11510 {
11512 {
11513 /* MRS. */
11516 }
11518 {
11519 /* CSPR is going to be changed. */
11522 }
11524 {
11525 /* SPSR is going to be changed. */
11526 /* We need to get SPSR value, which is yet to be done. */
11528 }
11529 }
11531 {
11533 {
11534 /* BX. */
11537 }
11539 {
11540 /* CLZ. */
11543 }
11544 }
11546 {
11547 /* BLX. */
11551 }
11553 {
11554 /* QADD, QSUB, QDADD, QDSUB */
11558 }
11560 {
11561 /* BKPT. */
11566 /* Save SPSR also;how? */
11568 }
11573 )
11574 {
11576 {
11577 /* SMLA<x><y>, SMLAW<y>, SMULW<y>. */
11578 /* We dont do optimization for SMULW<y> where we
11579 need only Rd. */
11583 }
11585 {
11586 /* SMLAL<x><y>. */
11590 }
11592 {
11593 /* SMUL<x><y>. */
11596 }
11597 }
11598 }
11599 else
11600 {
11601 /* MSR : immediate form. */
11603 {
11604 /* CSPR is going to be changed. */
11607 }
11609 {
11610 /* SPSR is going to be changed. */
11611 /* we need to get SPSR value, which is yet to be done */
11613 }
11614 }
11615 }
11621 /* Handle load/store insn extension space. */
11626 {
11627 /* SWP/SWPB. */
11629 {
11630 /* These insn, changes register and memory as well. */
11631 /* SWP or SWPB insn. */
11632 /* Get memory address given by Rn. */
11635 /* SWP insn ?, swaps word. */
11637 {
11639 }
11640 else
11641 {
11642 /* SWPB insn, swaps only byte. */
11644 }
11649 }
11651 {
11652 /* STRH. */
11654 ARM_RECORD_STRH);
11655 }
11657 {
11658 /* LDRD. */
11662 }
11664 {
11665 /* STRD. */
11667 ARM_RECORD_STRD);
11668 }
11670 {
11671 /* LDRH, LDRSB, LDRSH. */
11674 }
11676 }
11681 {
11683 /* Handle coprocessor insn extension space. */
11684 }
11686 /* To be done for ARMv5 and later; as of now we return -1. */
11694 }
11696 /* Handling opcode 000 insns. */
11698 static int
11700 {
11713 {
11714 /* Data-processing (register) and Data-processing (register-shifted
11715 register */
11716 /* Out of 11 shifter operands mode, all the insn modifies destination
11717 register, which is specified by 13-16 decode. */
11721 }
11723 {
11724 /* Miscellaneous instructions */
11728 {
11729 /* Handle BLX, branch and link/exchange. */
11731 {
11732 /* Branch is chosen by setting T bit of CSPR, bitp[0] of Rm,
11733 and R14 stores the return address. */
11737 }
11738 }
11740 {
11741 /* Handle enhanced software breakpoint insn, BKPT. */
11742 /* CPSR is changed to be executed in ARM state, disabling normal
11743 interrupts, entering abort mode. */
11744 /* According to high vector configuration PC is set. */
11745 /* user hit breakpoint and type reverse, in
11746 that case, we need to go back with previous CPSR and
11747 Program Counter. */
11752 /* Save SPSR also; how? */
11754 }
11757 {
11758 /* Handle BX, branch and link/exchange. */
11759 /* Branch is chosen by setting T bit of CSPR, bitp[0] of Rm. */
11762 }
11766 {
11767 /* Count leading zeros: CLZ. */
11770 }
11775 {
11776 /* Handle MRS insn. */
11779 }
11780 }
11782 {
11783 /* Multiply and multiply-accumulate */
11785 /* Handle multiply instructions. */
11786 /* MLA, MUL, SMLAL, SMULL, UMLAL, UMULL. */
11788 {
11789 /* Handle MLA and MUL. */
11793 }
11795 {
11796 /* Handle SMLAL, SMULL, UMLAL, UMULL. */
11801 }
11802 }
11804 {
11805 /* Synchronization primitives */
11807 /* Handling SWP, SWPB. */
11808 /* These insn, changes register and memory as well. */
11809 /* SWP or SWPB insn. */
11813 /* SWP insn ?, swaps word. */
11815 {
11817 }
11818 else
11819 {
11820 /* SWPB insn, swaps only byte. */
11822 }
11827 }
11830 {
11832 {
11833 /* Extra load/store (unprivileged) */
11835 }
11836 else
11837 {
11838 /* Extra load/store */
11840 {
11843 {
11844 /* STRH (register), STRH (immediate) */
11847 }
11849 {
11850 /* LDRH (register) */
11855 {
11856 /* Write back to Rn. */
11859 }
11860 }
11862 {
11863 /* LDRH (immediate), LDRH (literal) */
11870 {
11871 /*LDRH (immediate) */
11873 {
11874 /* Write back to Rn. */
11876 }
11877 }
11878 }
11879 else
11884 {
11885 /* LDRD (register) */
11891 {
11892 /* Write back to Rn. */
11895 }
11896 }
11898 {
11899 /* LDRSB (register) */
11904 {
11905 /* Write back to Rn. */
11908 }
11909 }
11911 {
11912 /* LDRD (immediate), LDRD (literal), LDRSB (immediate),
11913 LDRSB (literal) */
11920 {
11921 /*LDRD (immediate), LDRSB (immediate) */
11923 {
11924 /* Write back to Rn. */
11926 }
11927 }
11928 }
11929 else
11934 {
11935 /* STRD (register) */
11938 }
11940 {
11941 /* LDRSH (register) */
11946 {
11947 /* Write back to Rn. */
11950 }
11951 }
11953 {
11954 /* STRD (immediate) */
11957 }
11959 {
11960 /* LDRSH (immediate), LDRSH (literal) */
11965 {
11966 /* Write back to Rn. */
11969 }
11970 }
11971 else
11976 }
11977 }
11978 }
11979 else
11980 {
11982 }
11987 }
11989 /* Handling opcode 001 insns. */
11991 static int
11993 {
12002 )
12003 {
12004 /* Handle MSR insn. */
12006 {
12007 /* CSPR is going to be changed. */
12010 }
12011 else
12012 {
12013 /* SPSR is going to be changed. */
12014 }
12015 }
12017 {
12018 /* Normal data processing insns. */
12019 /* Out of 11 shifter operands mode, all the insn modifies destination
12020 register, which is specified by 13-16 decode. */
12024 }
12025 else
12026 {
12028 }
12033 }
12035 static int
12037 {
12041 {
12043 /* Parallel addition and subtraction, signed */
12045 /* Parallel addition and subtraction, unsigned */
12048 /* Packing, unpacking, saturation and reversal */
12049 {
12053 }
12058 /* Signed multiplies */
12059 {
12069 }
12073 {
12076 {
12077 /* SBFX */
12080 }
12083 {
12084 /* USAD8 and USADA8 */
12087 }
12088 }
12092 {
12095 {
12096 /* Permanently UNDEFINED */
12098 }
12099 else
12100 {
12101 /* BFC, BFI and UBFX */
12104 }
12105 }
12110 }
12115 }
12117 /* Handle ARM mode instructions with opcode 010. */
12119 static int
12121 {
12128 ULONGEST u_regval;
12130 /* Calculate wback. */
12138 {
12139 /* LDR (immediate), LDR (literal), LDRB (immediate), LDRB (literal), LDRBT
12140 and LDRT. */
12145 /* The LDR instruction is capable of doing branching. If MOV LR, PC
12146 preceeds a LDR instruction having R15 as reg_base, it
12147 emulates a branch and link instruction, and hence we need to save
12148 CPSR and PC as well. */
12152 /* If wback is true, also save the base register, which is going to be
12153 written to. */
12156 }
12157 else
12158 {
12159 /* STR (immediate), STRB (immediate), STRBT and STRT. */
12164 /* Handle bit U. */
12166 {
12167 /* U == 1: Add the offset. */
12169 }
12170 else
12171 {
12172 /* U == 0: subtract the offset. */
12174 }
12176 /* Bit 22 tells us whether the store instruction writes 1 byte or 4
12177 bytes. */
12179 {
12180 /* STRB and STRBT: 1 byte. */
12182 }
12183 else
12184 {
12185 /* STR and STRT: 4 bytes. */
12187 }
12189 /* Handle bit P. */
12192 else
12197 /* If wback is true, also save the base register, which is going to be
12198 written to. */
12201 }
12206 }
12208 /* Handling opcode 011 insns. */
12210 static int
12212 {
12220 LONGEST s_word;
12229 /* Handle enhanced store insns and LDRD DSP insn,
12230 order begins according to addressing modes for store insns
12231 STRH insn. */
12233 /* LDR or STR? */
12235 {
12237 /* LDR insn has a capability to do branching, if
12238 MOV LR, PC is preceded by LDR insn having Rn as R15
12239 in that case, it emulates branch and link insn, and hence we
12240 need to save CSPR and PC as well. */
12242 {
12245 }
12246 else
12247 {
12251 }
12252 }
12253 else
12254 {
12256 {
12257 /* Store insn, register offset and register pre-indexed,
12258 register post-indexed. */
12259 /* Get Rm. */
12261 /* Get Rn. */
12268 {
12269 /* If R15 was used as Rn, hence current PC+8. */
12270 /* Pre-indexed mode doesnt reach here ; illegal insn. */
12272 }
12273 /* Calculate target store address, Rn +/- Rm, register offset. */
12274 /* U == 1. */
12276 {
12278 }
12279 else
12280 {
12282 }
12285 {
12286 /* STR. */
12289 /* STR. */
12292 /* STRT. */
12295 /* STR. */
12301 /* STRB. */
12304 /* STRB. */
12307 /* STRBT. */
12310 /* STRB. */
12319 }
12329 )
12330 {
12331 /* Rn is going to be changed in pre-indexed mode and
12332 post-indexed mode as well. */
12335 }
12336 }
12337 else
12338 {
12339 /* Store insn, scaled register offset; scaled pre-indexed. */
12341 /* Get Rm. */
12343 /* Get Rn. */
12345 /* Get shift_imm. */
12350 /* Offset_12 used as shift. */
12352 {
12354 /* Offset_12 used as index. */
12364 {
12366 {
12368 }
12369 else
12370 {
12372 }
12373 }
12374 else
12375 {
12376 /* This is arithmetic shift. */
12378 }
12383 {
12386 /* Get C flag value and shift it by 31. */
12389 }
12390 else
12391 {
12395 }
12401 }
12404 /* bit U set. */
12406 {
12408 }
12409 else
12410 {
12412 }
12415 {
12416 /* STR. */
12419 /* STR. */
12422 /* STRT. */
12425 /* STR. */
12431 /* STRB. */
12434 /* STRB. */
12437 /* STRBT. */
12440 /* STRB. */
12449 }
12459 )
12460 {
12461 /* Rn is going to be changed in register scaled pre-indexed
12462 mode,and scaled post indexed mode. */
12465 }
12466 }
12467 }
12472 }
12474 /* Handle ARM mode instructions with opcode 100. */
12476 static int
12478 {
12484 ULONGEST u_regval;
12486 /* Fetch the list of registers. */
12490 /* Fetch the base register that contains the address we are loading data
12491 to. */
12494 /* Calculate wback. */
12498 {
12499 /* LDM/LDMIA/LDMFD, LDMDA/LDMFA, LDMDB and LDMIB. */
12501 /* Find out which registers are going to be loaded from memory. */
12503 {
12507 register_count++;
12508 }
12511 /* If wback is true, also save the base register, which is going to be
12512 written to. */
12516 /* Save the CPSR register. */
12518 }
12519 else
12520 {
12521 /* STM (STMIA, STMEA), STMDA (STMED), STMDB (STMFD) and STMIB (STMFA). */
12527 /* Find out how many registers are going to be stored to memory. */
12529 {
12531 register_count++;
12533 }
12536 {
12537 /* STMDA (STMED): Decrement after. */
12542 /* STM (STMIA, STMEA): Increment after. */
12546 /* STMDB (STMFD): Decrement before. */
12551 /* STMIB (STMFA): Increment before. */
12558 }
12563 /* If wback is true, also save the base register, which is going to be
12564 written to. */
12567 }
12572 }
12574 /* Handling opcode 101 insns. */
12576 static int
12578 {
12581 /* Handle B, BL, BLX(1) insns. */
12582 /* B simply branches so we do nothing here. */
12583 /* Note: BLX(1) doesnt fall here but instead it falls into
12584 extension space. */
12586 {
12589 }
12594 }
12596 static int
12598 {
12605 }
12607 /* Record handler for vector data transfer instructions. */
12609 static int
12611 {
12621 /* Handle VMOV instruction. */
12623 {
12626 }
12628 {
12629 /* Handle VMOV instruction. */
12631 {
12634 }
12635 /* Handle VMRS instruction. */
12637 {
12643 }
12644 }
12646 {
12647 /* Handle VMOV instruction. */
12649 {
12653 }
12654 /* Handle VMSR instruction. */
12656 {
12659 }
12660 }
12662 {
12663 /* Handle VMOV instruction. */
12665 {
12669 }
12670 /* Handle VDUP instruction. */
12671 else
12672 {
12674 {
12679 }
12680 else
12681 {
12685 }
12686 }
12687 }
12691 }
12693 /* Record handler for extension register load/store instructions. */
12695 static int
12697 {
12709 /* Handle VMOV instructions. */
12711 {
12713 {
12717 }
12718 else
12719 {
12724 {
12725 /* The first S register number m is REG_M:M (M is bit 5),
12726 the corresponding D register number is REG_M:M / 2, which
12727 is REG_M. */
12729 /* The second S register number is REG_M:M + 1, the
12730 corresponding D register number is (REG_M:M + 1) / 2.
12731 IOW, if bit M is 1, the first and second S registers
12732 are mapped to different D registers, otherwise, they are
12733 in the same D register. */
12735 {
12738 }
12739 }
12740 else
12741 {
12744 }
12745 }
12746 }
12747 /* Handle VSTM and VPUSH instructions. */
12750 {
12762 else
12766 {
12769 }
12772 {
12774 {
12779 }
12780 else
12781 {
12788 }
12789 memory_count--;
12790 }
12792 }
12793 /* Handle VLDM instructions. */
12796 {
12804 /* REG_VD is the first D register number. If the instruction
12805 loads memory to S registers (SINGLE_REG is TRUE), the register
12806 number is (REG_VD << 1 | bit D), so the corresponding D
12807 register number is (REG_VD << 1 | bit D) / 2 = REG_VD. */
12814 /* If the instruction loads memory to D register, REG_COUNT should
12815 be divided by 2, according to the ARM Architecture Reference
12816 Manual. If the instruction loads memory to S register, divide by
12817 2 as well because two S registers are mapped to D register. */
12820 {
12821 /* Increase the register count if S register list starts from
12822 an odd number (bit d is one). */
12823 reg_count++;
12824 }
12827 {
12829 reg_count--;
12830 }
12832 }
12833 /* VSTR Vector store register. */
12835 {
12846 else
12850 {
12854 }
12855 else
12856 {
12862 }
12863 }
12864 /* VLDR Vector load register. */
12866 {
12870 {
12873 }
12874 else
12875 {
12877 /* Record register D rather than pseudo register S. */
12879 }
12881 }
12886 }
12888 /* Record handler for arm/thumb mode VFP data processing instructions. */
12890 static int
12892 {
12904 /* Mask off the "D" bit. */
12907 /* Handle VMLA, VMLS. */
12909 {
12911 {
12914 else
12916 }
12917 else
12918 {
12921 else
12923 }
12924 }
12925 /* Handle VNMLA, VNMLS, VNMUL. */
12927 {
12930 else
12932 }
12933 /* Handle VMUL. */
12935 {
12937 {
12940 else
12942 }
12943 else
12944 {
12947 else
12949 }
12950 }
12951 /* Handle VADD, VSUB. */
12953 {
12955 {
12958 else
12960 }
12961 else
12962 {
12965 else
12967 }
12968 }
12969 /* Handle VDIV. */
12971 {
12974 else
12976 }
12977 /* Handle all other vfp data processing instructions. */
12979 {
12980 /* Handle VMOV. */
12982 {
12984 {
12987 else
12989 }
12990 else
12991 {
12994 else
12996 }
12997 }
12998 /* Handle VNEG and VABS. */
13001 {
13003 {
13006 else
13008 }
13009 else
13010 {
13013 else
13015 }
13016 }
13017 /* Handle VSQRT. */
13019 {
13022 else
13024 }
13025 /* Handle VCVT. */
13027 {
13030 else
13032 }
13034 {
13035 /* Handle VCVT. */
13037 {
13040 else
13041 {
13044 else
13046 }
13047 }
13048 /* Handle VCVT. */
13050 {
13053 else
13055 }
13056 /* Handle VCVTB, VCVTT. */
13059 /* Handle VCMP, VCMPE. */
13062 }
13063 }
13066 {
13094 }
13098 }
13100 /* Handling opcode 110 insns. */
13102 static int
13104 {
13112 {
13113 /* Handle extension register ld/st instructions. */
13117 /* 64-bit transfers between arm core and extension registers. */
13120 }
13121 else
13122 {
13123 /* Handle coprocessor ld/st instructions. */
13125 {
13126 /* Store. */
13129 else
13130 /* Load. */
13132 }
13134 /* Move to coprocessor from two arm core registers. */
13138 /* Move to two arm core registers from coprocessor. */
13140 {
13149 }
13150 }
13152 }
13154 /* Handling opcode 111 insns. */
13156 static int
13158 {
13160 arm_gdbarch_tdep *tdep
13170 /* Handle arm SWI/SVC system call instructions. */
13172 {
13174 {
13185 }
13186 else
13187 {
13190 }
13191 }
13193 {
13195 {
13197 {
13198 /* 8, 16, and 32-bit transfer */
13200 }
13201 else
13202 {
13204 {
13205 /* MRC, MRC2 */
13214 record_buf);
13216 }
13217 else
13218 {
13219 /* MCR, MCR2 */
13221 }
13222 }
13223 }
13224 else
13225 {
13227 {
13228 /* VFP data-processing instructions. */
13230 }
13231 else
13232 {
13233 /* CDP, CDP2 */
13235 }
13236 }
13237 }
13238 else
13239 {
13243 {
13245 {
13246 /* MRRC, MRRC2 */
13248 }
13249 }
13251 {
13253 {
13254 /* 64-bit transfers between ARM core and extension */
13256 }
13258 {
13259 /* MCRR, MCRR2 */
13261 }
13262 }
13264 {
13265 /* UNDEFINED */
13267 }
13268 else
13269 {
13271 {
13272 /* Extension register load/store */
13273 }
13274 else
13275 {
13276 /* STC, STC2, LDC, LDC2 */
13277 }
13279 }
13280 }
13283 }
13285 /* Handling opcode 000 insns. */
13287 static int
13289 {
13302 }
13305 /* Handling opcode 001 insns. */
13307 static int
13309 {
13322 }
13324 /* Handling opcode 010 insns. */
13326 static int
13328 {
13340 {
13341 /* Handle load/store register offset. */
13345 {
13346 /* LDR(2), LDRB(2) , LDRH(2), LDRSB, LDRSH. */
13350 }
13352 {
13353 /* STR(2), STRB(2), STRH(2) . */
13366 }
13367 }
13369 {
13370 /* Handle load from literal pool. */
13371 /* LDR(3). */
13375 }
13377 {
13378 /* Special data instructions and branch and exchange */
13382 {
13383 /* Branch with exchange. */
13386 }
13387 else
13388 {
13389 /* Format 8; special data processing insns. */
13394 }
13395 }
13396 else
13397 {
13398 /* Format 5; data processing insns. */
13401 {
13403 }
13407 }
13411 record_buf_mem);
13414 }
13416 /* Handling opcode 001 insns. */
13418 static int
13420 {
13432 {
13433 /* LDR(1). */
13437 }
13438 else
13439 {
13440 /* STR(1). */
13447 }
13451 record_buf_mem);
13454 }
13456 /* Handling opcode 100 insns. */
13458 static int
13460 {
13472 {
13473 /* LDR(4). */
13477 }
13479 {
13480 /* LDRH(1). */
13484 }
13486 {
13487 /* STR(3). */
13493 }
13495 {
13496 /* STRH(1). */
13503 }
13507 record_buf_mem);
13510 }
13512 /* Handling opcode 101 insns. */
13514 static int
13516 {
13530 {
13531 /* ADR and ADD (SP plus immediate) */
13536 }
13537 else
13538 {
13539 /* Miscellaneous 16-bit instructions */
13543 {
13545 /* SETEND and CPS */
13548 /* ADD/SUB (SP plus immediate) */
13557 /* CBNZ, CBZ */
13560 /* SXTH, SXTB, UXTH, UXTB */
13566 /* PUSH. */
13570 {
13572 register_count++;
13574 }
13579 {
13583 register_count--;
13584 }
13589 /* REV, REV16, REVSH */
13595 /* POP. */
13598 {
13602 register_count++;
13603 }
13609 /* BKPT insn. */
13610 /* Handle enhanced software breakpoint insn, BKPT. */
13611 /* CPSR is changed to be executed in ARM state, disabling normal
13612 interrupts, entering abort mode. */
13613 /* According to high vector configuration PC is set. */
13614 /* User hits breakpoint and type reverse, in that case, we need to go back with
13615 previous CPSR and Program Counter. */
13619 /* We need to save SPSR value, which is not yet done. */
13629 /* If-Then, and hints */
13633 };
13634 }
13638 record_buf_mem);
13641 }
13643 /* Handling opcode 110 insns. */
13645 static int
13647 {
13648 arm_gdbarch_tdep *tdep
13664 {
13666 /* LDMIA. */
13668 /* Get Rn. */
13671 {
13675 register_count++;
13676 }
13679 }
13681 {
13682 /* It handles both STMIA. */
13684 /* Get Rn. */
13688 {
13690 register_count++;
13692 }
13696 {
13700 register_count--;
13701 }
13702 }
13704 {
13705 /* Handle arm syscall insn. */
13707 {
13710 }
13711 else
13712 {
13715 }
13716 }
13718 /* B (1), conditional branch is automatically taken care in process_record,
13719 as PC is saved there. */
13723 record_buf_mem);
13726 }
13728 /* Handling opcode 111 insns. */
13730 static int
13732 {
13739 {
13740 /* BL */
13743 }
13745 {
13746 /* BLX(1). */
13750 }
13752 /* B(2) is automatically taken care in process_record, as PC is
13753 saved there. */
13758 }
13760 /* Handler for thumb2 load/store multiple instructions. */
13762 static int
13764 {
13778 {
13780 {
13781 /* Handle RFE instruction. */
13784 }
13785 else
13786 {
13787 /* Handle SRS instruction after reading banked SP. */
13789 }
13790 }
13792 {
13794 {
13795 /* Handle LDM/LDMIA/LDMFD and LDMDB/LDMEA instructions. */
13798 {
13802 register_count++;
13804 }
13808 }
13809 else
13810 {
13811 /* Handle STM/STMIA/STMEA and STMDB/STMFD. */
13815 {
13817 register_count++;
13820 }
13823 {
13824 /* Start address calculation for LDMDB/LDMEA. */
13826 }
13828 {
13829 /* Start address calculation for LDMDB/LDMEA. */
13831 }
13835 {
13839 register_count--;
13840 }
13844 }
13845 }
13848 record_buf_mem);
13850 record_buf);
13852 }
13854 /* Handler for thumb2 load/store (dual/exclusive) and table branch
13855 instructions. */
13857 static int
13859 {
13875 {
13877 {
13882 }
13885 {
13889 }
13890 }
13891 else
13892 {
13897 {
13898 /* Handle STREX. */
13907 }
13909 {
13917 {
13918 /* Handle STREXB. */
13921 }
13923 {
13924 /* Handle STREXH. */
13927 }
13929 {
13930 /* Handle STREXD. */
13936 }
13937 }
13938 else
13939 {
13943 {
13946 else
13950 }
13951 else
13961 }
13962 }
13965 record_buf);
13967 record_buf_mem);
13969 }
13971 /* Handler for thumb2 data processing (shift register and modified immediate)
13972 instructions. */
13974 static int
13976 {
13984 {
13987 }
13988 else
13989 {
13993 }
13996 record_buf);
13998 }
14000 /* Generic handler for thumb2 instructions which effect destination and PS
14001 registers. */
14003 static int
14005 {
14016 record_buf);
14018 }
14020 /* Handler for thumb2 branch and miscellaneous control instructions. */
14022 static int
14024 {
14032 /* Handle MSR insn. */
14034 {
14036 {
14037 /* CPSR is going to be changed. */
14040 }
14041 else
14042 {
14045 }
14046 }
14048 {
14049 /* BLX. */
14053 }
14056 record_buf);
14058 }
14060 /* Handler for thumb2 store single data item instructions. */
14062 static int
14064 {
14080 {
14081 /* T2 encoding. */
14085 }
14086 else
14087 {
14088 /* T3 encoding. */
14090 {
14091 /* Handle STRB (register). */
14097 }
14098 else
14099 {
14102 {
14105 else
14109 }
14110 else
14112 }
14113 }
14116 {
14117 /* Store byte instructions. */
14122 /* Store half word instructions. */
14127 /* Store word instructions. */
14136 }
14144 record_buf);
14146 record_buf_mem);
14148 }
14150 /* Handler for thumb2 load memory hints instructions. */
14152 static int
14154 {
14162 {
14169 record_buf);
14171 }
14174 }
14176 /* Handler for thumb2 load word instructions. */
14178 static int
14180 {
14188 record_buf);
14190 }
14192 /* Handler for thumb2 long multiply, long multiply accumulate, and
14193 divide instructions. */
14195 static int
14197 {
14205 {
14206 /* Handle SMULL, UMULL, SMULAL. */
14207 /* Handle SMLAL(S), SMULL(S), UMLAL(S), UMULL(S). */
14212 }
14214 {
14215 /* Handle SDIV and UDIV. */
14220 }
14221 else
14225 record_buf);
14227 }
14229 /* Record handler for thumb32 coprocessor instructions. */
14231 static int
14233 {
14236 else
14238 }
14240 /* Record handler for advance SIMD structure load/store instructions. */
14242 static int
14244 {
14262 {
14268 {
14269 /* Handle VST1. */
14271 {
14280 else
14284 {
14286 {
14291 }
14292 }
14293 }
14294 /* Handle VST2. */
14296 {
14301 else
14306 {
14308 {
14312 }
14314 }
14315 }
14316 /* Handle VST3. */
14318 {
14320 {
14322 {
14326 }
14328 }
14329 }
14330 /* Handle VST4. */
14332 {
14334 {
14336 {
14340 }
14342 }
14343 }
14344 }
14345 else
14346 {
14355 else
14358 /* Handle VST1. */
14361 /* Handle VST2. */
14364 /* Handle VST3. */
14367 /* Handle VST4. */
14372 {
14375 }
14376 }
14377 }
14378 else
14379 {
14381 {
14382 /* Handle VLD1. */
14385 /* Handle VLD2. */
14388 /* Handle VLD3. */
14391 /* Handle VLD4. */
14394 }
14395 else
14396 {
14397 /* Handle VLD1. */
14400 /* Handle VLD2. */
14403 /* Handle VLD3. */
14406 /* Handle VLD4. */
14412 }
14413 }
14416 {
14419 }
14422 record_buf);
14424 record_buf_mem);
14426 }
14428 /* Decodes thumb2 instruction type and invokes its record handler. */
14430 static unsigned int
14432 {
14440 {
14442 {
14443 /* Load/store multiple instruction. */
14445 }
14447 {
14448 /* Load/store (dual/exclusive) and table branch instruction. */
14450 }
14452 {
14453 /* Data-processing (shifted register). */
14455 }
14457 {
14458 /* Co-processor instructions. */
14460 }
14461 }
14463 {
14465 {
14466 /* Branches and miscellaneous control instructions. */
14468 }
14470 {
14471 /* Data-processing (plain binary immediate) instruction. */
14473 }
14474 else
14475 {
14476 /* Data-processing (modified immediate). */
14478 }
14479 }
14481 {
14483 {
14484 /* Store single data item. */
14486 }
14488 {
14489 /* Advanced SIMD or structure load/store instructions. */
14491 }
14493 {
14494 /* Load byte, memory hints instruction. */
14496 }
14498 {
14499 /* Load halfword, memory hints instruction. */
14501 }
14503 {
14504 /* Load word instruction. */
14506 }
14508 {
14509 /* Data-processing (register) instruction. */
14511 }
14513 {
14514 /* Multiply, multiply accumulate, abs diff instruction. */
14516 }
14518 {
14519 /* Long multiply, long multiply accumulate, and divide. */
14521 }
14523 {
14524 /* Co-processor instructions. */
14526 }
14527 }
14530 }
14533 /* Abstract instruction reader. */
14535 class abstract_instruction_reader
14536 {
14538 /* Read one instruction of size LEN from address MEMADDR and using
14539 BYTE_ORDER endianness. */
14543 };
14545 /* Instruction reader from real target. */
14548 {
14552 {
14554 }
14555 };
14561 /* Decode arm/thumb insn depending on condition cods and opcodes; and
14562 dispatch it. */
14564 static int
14568 {
14570 /* (Starting from numerical 0); bits 25, 26, 27 decodes type of arm
14571 instruction. */
14573 {
14581 arm_record_coproc_data_proc /* 111. */
14582 };
14584 /* (Starting from numerical 0); bits 13,14,15 decodes type of thumb
14585 instruction. */
14587 { \
14595 thumb_record_branch /* 111. */
14596 };
14600 enum bfd_endian code_endian
14602 arm_record->arm_insn
14606 {
14612 else
14613 {
14614 /* If this insn has fallen into extension space
14615 then we need not decode it anymore. */
14617 }
14619 {
14622 }
14623 }
14625 {
14626 /* As thumb does not have condition codes, we set negative. */
14631 {
14634 }
14635 }
14637 {
14638 /* As thumb does not have condition codes, we set negative. */
14641 /* Swap first half of 32bit thumb instruction with second half. */
14642 arm_record->arm_insn
14648 {
14651 }
14652 }
14653 else
14654 {
14655 /* Throw assertion. */
14657 }
14660 }
14662 #if GDB_SELF_TEST
14665 /* Instruction reader class for selftests.
14667 For 16-bit Thumb instructions, an array of uint16_t should be used.
14669 For 32-bit Thumb instructions and regular 32-bit Arm instructions, an array
14670 of uint32_t should be used. */
14674 {
14679 {}
14683 {
14689 }
14694 };
14696 static void
14698 {
14706 /* 16-bit Thumb instructions. */
14707 {
14708 arm_insn_decode_record arm_record;
14713 /* Use the endian-free representation of the instructions here. The test
14714 will handle endianness conversions. */
14716 /* db b2 uxtb r3, r3 */
14718 /* cd 58 ldr r5, [r1, r3] */
14720 };
14724 THUMB_INSN_SIZE_BYTES);
14733 THUMB_INSN_SIZE_BYTES);
14739 }
14741 /* 32-bit Thumb-2 instructions. */
14742 {
14743 arm_insn_decode_record arm_record;
14748 /* Use the endian-free representation of the instruction here. The test
14749 will handle endianness conversions. */
14751 /* mrc 15, 0, r7, cr13, cr0, {3} */
14753 };
14757 THUMB2_INSN_SIZE_BYTES);
14763 }
14765 /* 32-bit instructions. */
14766 {
14767 arm_insn_decode_record arm_record;
14772 /* Use the endian-free representation of the instruction here. The test
14773 will handle endianness conversions. */
14775 /* mov r5, r0 */
14777 };
14781 ARM_INSN_SIZE_BYTES);
14784 }
14785 }
14787 /* Instruction reader from manually cooked instruction sequences. */
14790 {
14794 {}
14797 {
14802 }
14806 };
14808 static void
14810 {
14812 {
14822 /* The "sub" instruction contains an immediate value rotate count of 0,
14823 which resulted in a 32-bit shift of a 32-bit value, caught by
14824 UBSan. */
14830 };
14833 arm_prologue_cache cache;
14837 }
14838 }
14843 /* Cleans up local record registers and memory allocations. */
14845 static void
14847 {
14850 }
14853 /* Parse the current instruction and record the values of the registers and
14854 memory that will be changed in current instruction to record_arch_list".
14855 Return -1 if something is wrong. */
14857 int
14859 CORE_ADDR insn_addr)
14860 {
14868 arm_insn_decode_record arm_record;
14877 {
14881 }
14883 instruction_reader reader;
14884 enum bfd_endian code_endian
14886 arm_record.arm_insn
14889 /* Check the insn, whether it is thumb or arm one. */
14896 {
14897 /* We are decoding arm insn. */
14899 }
14900 else
14901 {
14903 /* is it thumb2 insn? */
14905 {
14907 THUMB2_INSN_SIZE_BYTES);
14908 }
14909 else
14910 {
14911 /* We are decoding thumb insn. */
14913 THUMB_INSN_SIZE_BYTES);
14914 }
14915 }
14918 {
14919 /* Record registers. */
14922 {
14924 {
14928 }
14929 }
14930 /* Record memories. */
14932 {
14934 {
14939 }
14940 }
14944 }
14950 }
14952 /* See arm-tdep.h. */
14956 {
14960 {
14963 }
14966 }
14968 /* See arm-tdep.h. */
14972 {
14976 {
14979 }
14982 }