| blob | b4062a8f92254edb259e3ab3d739000537fbad4c |
1 /* Common target dependent code for GDB on ARM systems.
3 Copyright (C) 1988-2024 Free Software Foundation, Inc.
5 This file is part of GDB.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>. */
21 #include <ctype.h>
62 #include <algorithm>
66 #if GDB_SELF_TEST
68 #endif
72 /* Print an "arm" debug statement. */
74 #define arm_debug_printf(fmt, ...) \
77 /* Macros for setting and testing a bit in a minimal symbol that marks
78 it as Thumb function. The MSB of the minimal symbol's "info" field
79 is used for this purpose.
81 MSYMBOL_SET_SPECIAL Actually sets the "special" bit.
82 MSYMBOL_IS_SPECIAL Tests the "special" bit in a minimal symbol. */
84 #define MSYMBOL_SET_SPECIAL(msym) \
85 (msym)->set_target_flag_1 (true)
87 #define MSYMBOL_IS_SPECIAL(msym) \
88 (msym)->target_flag_1 ()
90 struct arm_mapping_symbol
91 {
92 CORE_ADDR value;
97 };
101 struct arm_per_bfd
102 {
106 {}
110 /* Information about mapping symbols ($a, $d, $t) in the objfile.
112 The format is an array of vectors of arm_mapping_symbols, there is one
113 vector for each section of the objfile (the array is index by BFD section
114 index).
116 For each section, the vector of arm_mapping_symbol is sorted by
117 symbol value (address). */
120 /* For each corresponding element of section_maps above, is this vector
121 sorted. */
123 };
125 /* Per-bfd data used for mapping symbols. */
128 /* The list of available "set arm ..." and "show arm ..." commands. */
132 /* The type of floating-point to use. Keep this in sync with enum
133 arm_float_model, and the help string in _initialize_arm_tdep. */
135 {
141 NULL
142 };
144 /* A variable that can be configured by the user. */
148 /* The ABI to use. Keep this in sync with arm_abi_kind. */
150 {
154 NULL
155 };
157 /* A variable that can be configured by the user. */
161 /* The execution mode to assume. */
163 {
167 NULL
168 };
173 /* The standard register names, and all the valid aliases for them. Note
174 that `fp', `sp' and `pc' are not added in this alias list, because they
175 have been added as builtin user registers in
176 std-regs.c:_initialize_frame_reg. */
177 static const struct
178 {
182 /* Basic register numbers. */
199 /* Synonyms (argument and variable registers). */
212 /* Other platform-specific names for r9. */
215 /* Special names. */
218 /* Names used by GCC (not listed in the ARM EABI). */
220 /* A special name from the older ATPCS. */
222 };
233 /* Holds the current set of options to be passed to the disassembler. */
236 /* Valid register name styles. */
239 /* Disassembly style to use. Default to "std" register names. */
242 /* All possible arm target descriptors. */
246 /* This is used to keep the bfd arch_info in sync with the disassembly
247 style. */
261 static CORE_ADDR
265 /* get_next_pcs operations. */
267 arm_get_next_pcs_read_memory_unsigned_integer,
268 arm_get_next_pcs_syscall_next_pc,
269 arm_get_next_pcs_addr_bits_remove,
270 arm_get_next_pcs_is_thumb,
271 NULL,
272 };
274 struct arm_prologue_cache
275 {
276 /* The stack pointer at the time this frame was created; i.e. the
277 caller's stack pointer when this function was called. It is used
278 to identify this frame. */
279 CORE_ADDR sp;
281 /* Additional stack pointers used by M-profile with Security extension. */
282 /* Use msp_s / psp_s to hold the values of msp / psp when there is
283 no Security extension. */
284 CORE_ADDR msp_s;
285 CORE_ADDR msp_ns;
286 CORE_ADDR psp_s;
287 CORE_ADDR psp_ns;
289 /* Active stack pointer. */
294 /* The frame base for this frame is just prev_sp - frame size.
295 FRAMESIZE is the distance from the frame pointer to the
296 initial stack pointer. */
300 /* The register used to hold the frame pointer for this frame. */
303 /* True if the return address is signed, false otherwise. */
306 /* Saved register offsets. */
310 };
313 /* Reconstruct T bit in program status register from LR value. */
317 {
321 else
325 }
327 /* Initialize CACHE fields for which zero is not adequate (CACHE is
328 expected to have been ZALLOC'ed before calling this function). */
330 static void
332 {
336 }
338 /* Similar to the previous function, but extracts GDBARCH from FRAME. */
340 static void
342 {
350 {
351 const CORE_ADDR msp_val
353 const CORE_ADDR psp_val
356 cache->msp_s
358 cache->msp_ns
360 cache->psp_s
362 cache->psp_ns
365 /* Identify what msp is alias for (msp_s or msp_ns). */
370 else
371 {
375 }
377 /* Identify what psp is alias for (psp_s or psp_ns). */
382 else
383 {
387 }
389 /* Identify what sp is alias for (msp_s, msp_ns, psp_s or psp_ns). */
394 else
395 {
399 }
400 }
402 {
403 cache->msp_s
405 cache->psp_s
408 /* Identify what sp is alias for (msp or psp). */
413 else
414 {
418 }
419 }
420 else
421 {
422 cache->msp_s
426 }
427 }
429 /* Return the requested stack pointer value (in REGNUM), taking into
430 account whether we have a Security extension or an M-profile
431 CPU. */
433 static CORE_ADDR
436 {
438 {
453 }
455 {
462 }
467 }
469 /* Return the previous stack address, depending on which SP register
470 is active. */
472 static CORE_ADDR
474 {
477 }
479 /* Set the active stack pointer to VAL. */
481 static void
484 {
486 {
497 }
499 {
506 }
508 {
511 }
514 }
516 /* Return true if REGNUM is one of the alternative stack pointers. */
518 static bool
520 {
528 else
530 }
532 /* Set the active stack pointer to SP_REGNUM. */
534 static void
537 {
541 {
547 {
550 }
553 {
556 }
557 }
560 }
564 /* Abstract class to read ARM instructions from memory. */
566 class arm_instruction_reader
567 {
569 /* Read a 4 bytes instruction from memory using the BYTE_ORDER endianness. */
571 };
573 /* Read instructions from target memory. */
576 {
579 {
581 }
582 };
586 static CORE_ADDR arm_analyze_prologue
590 /* Architecture version for displaced stepping. This effects the behaviour of
591 certain instructions, and really should not be hard-wired. */
593 #define DISPLACED_STEPPING_ARCH_VERSION 5
595 /* See arm-tdep.h. */
600 /* Return the bit mask in ARM_PS_REGNUM that indicates Thumb mode. */
602 int
604 {
609 else
611 }
613 /* Determine if the processor is currently executing in Thumb mode. */
615 int
617 {
618 ULONGEST cpsr;
624 }
626 /* Determine if FRAME is executing in Thumb mode. FRAME must be an ARM
627 frame. */
629 int
631 {
632 /* Check the architecture of FRAME. */
636 /* Every ARM frame unwinder can unwind the T bit of the CPSR, either
637 directly (from a signal frame or dummy frame) or by interpreting
638 the saved LR (from a prologue or DWARF frame). So consult it and
639 trust the unwinders. */
642 /* Find and extract the thumb bit. */
645 }
647 /* Search for the mapping symbol covering MEMADDR. If one is found,
648 return its type. Otherwise, return 0. If START is non-NULL,
649 set *START to the location of the mapping symbol. */
651 static char
653 {
656 /* If there are mapping symbols, consult them. */
659 {
662 {
664 arm_mapping_symbol_vec &map
667 /* Sort the vector on first use. */
669 {
672 }
678 /* std::lower_bound finds the earliest ordered insertion
679 point. If the symbol at this position starts at this exact
680 address, we use that; otherwise, the preceding
681 mapping symbol covers this address. */
683 {
685 {
689 }
690 }
693 {
700 }
701 }
702 }
705 }
707 /* Determine if the program counter specified in MEMADDR is in a Thumb
708 function. This function should be called for addresses unrelated to
709 any executing frame; otherwise, prefer arm_frame_is_thumb. */
711 int
713 {
721 gdbarch_displaced_step_copy_insn_closure_by_addr
724 /* If checking the mode of displaced instruction in copy area, the mode
725 should be determined by instruction on the original address. */
727 {
732 }
734 /* If bit 0 of the address is set, assume this is a Thumb address. */
738 /* If the user wants to override the symbol table, let him. */
744 /* ARM v6-M and v7-M are always in Thumb mode. */
748 /* If there are mapping symbols, consult them. */
753 /* Thumb functions have a "special" bit set in minimal symbols. */
758 /* If the user wants to override the fallback mode, let them. */
764 /* If we couldn't find any symbol, but we're talking to a running
765 target, then trust the current value of $cpsr. This lets
766 "display/i $pc" always show the correct mode (though if there is
767 a symbol table we will not reach here, so it still may not be
768 displayed in the mode it will be executed). */
772 /* Otherwise we're out of luck; we assume ARM. */
774 }
778 {
780 {
781 /* Values for lockup state.
782 For more details see "B1.5.15 Unrecoverable exception cases" in
783 both ARMv6-M and ARMv7-M Architecture Reference Manuals, or
784 see "B4.32 Lockup" in ARMv8-M Architecture Reference Manual. */
791 /* Address is not lockup. */
793 }
794 }
796 /* Determine if the address specified equals any of these magic return
797 values, called EXC_RETURN, defined by the ARM v6-M, v7-M and v8-M
798 architectures. Also include lockup magic PC value.
799 Check also for FNC_RETURN if we have the v8-M security extension.
801 From ARMv6-M Reference Manual B1.5.8
802 Table B1-5 Exception return behavior
804 EXC_RETURN Return To Return Stack
805 0xFFFFFFF1 Handler mode Main
806 0xFFFFFFF9 Thread mode Main
807 0xFFFFFFFD Thread mode Process
809 From ARMv7-M Reference Manual B1.5.8
810 Table B1-8 EXC_RETURN definition of exception return behavior, no FP
812 EXC_RETURN Return To Return Stack
813 0xFFFFFFF1 Handler mode Main
814 0xFFFFFFF9 Thread mode Main
815 0xFFFFFFFD Thread mode Process
817 Table B1-9 EXC_RETURN definition of exception return behavior, with
818 FP
820 EXC_RETURN Return To Return Stack Frame Type
821 0xFFFFFFE1 Handler mode Main Extended
822 0xFFFFFFE9 Thread mode Main Extended
823 0xFFFFFFED Thread mode Process Extended
824 0xFFFFFFF1 Handler mode Main Basic
825 0xFFFFFFF9 Thread mode Main Basic
826 0xFFFFFFFD Thread mode Process Basic
828 For more details see "B1.5.8 Exception return behavior"
829 in both ARMv6-M and ARMv7-M Architecture Reference Manuals.
831 From ARMv8-M Architecture Technical Reference, D1.2.95
832 FType, Mode and SPSEL bits are to be considered when the Security
833 Extension is not implemented.
835 EXC_RETURN Return To Return Stack Frame Type
836 0xFFFFFFA0 Handler mode Main Extended
837 0xFFFFFFA8 Thread mode Main Extended
838 0xFFFFFFAC Thread mode Process Extended
839 0xFFFFFFB0 Handler mode Main Standard
840 0xFFFFFFB8 Thread mode Main Standard
841 0xFFFFFFBC Thread mode Process Standard */
843 static int
845 {
851 {
853 {
859 }
860 }
861 else
862 {
864 {
865 /* Values from ARMv8-M Architecture Technical Reference. */
872 /* Values from Tables in B1.5.8 the EXC_RETURN definitions of
873 the exception return behavior. */
880 /* Address is magic. */
884 /* Address is not magic. */
886 }
887 }
888 }
890 /* Remove useless bits from addresses in a running program. */
891 static CORE_ADDR
893 {
896 /* On M-profile devices, do not strip the low bit from EXC_RETURN
897 (the magic exception return address). */
903 else
905 }
907 /* Return 1 if PC is the start of a compiler helper function which
908 can be safely ignored during prologue skipping. IS_THUMB is true
909 if the function is known to be a Thumb function due to the way it
910 is being called. */
911 static int
913 {
921 {
924 /* The GNU linker's Thumb call stub to foo is named
925 __foo_from_thumb. */
929 /* On soft-float targets, __truncdfsf2 is called to convert promoted
930 arguments to their argument types in non-prototyped
931 functions. */
937 /* Internal functions related to thread-local storage. */
942 }
943 else
944 {
945 /* If we run against a stripped glibc, we may be unable to identify
946 special functions by name. Check for one important case,
947 __aeabi_read_tp, by comparing the *code* against the default
948 implementation (this is hand-written ARM assembler in glibc). */
956 }
959 }
961 /* Extract the immediate from instruction movw/movt of encoding T. INSN1 is
962 the first 16-bit of instruction, and INSN2 is the second 16-bit of
963 instruction. */
964 #define EXTRACT_MOVW_MOVT_IMM_T(insn1, insn2) \
965 ((bits ((insn1), 0, 3) << 12) \
966 | (bits ((insn1), 10, 10) << 11) \
967 | (bits ((insn2), 12, 14) << 8) \
968 | bits ((insn2), 0, 7))
970 /* Extract the immediate from instruction movw/movt of encoding A. INSN is
971 the 32-bit instruction. */
972 #define EXTRACT_MOVW_MOVT_IMM_A(insn) \
973 ((bits ((insn), 16, 19) << 12) \
974 | bits ((insn), 0, 11))
976 /* Decode immediate value; implements ThumbExpandImmediate pseudo-op. */
978 static unsigned int
980 {
985 {
995 }
998 }
1000 /* Return 1 if the 16-bit Thumb instruction INSN restores SP in
1001 epilogue, 0 otherwise. */
1003 static int
1005 {
1009 }
1011 /* Analyze a Thumb prologue, looking for a recognizable stack frame
1012 and frame pointer. Scan until we encounter a store that could
1013 clobber the stack frame unexpectedly, or an unknown instruction.
1014 Return the last address which is definitely safe to skip for an
1015 initial breakpoint. */
1017 static CORE_ADDR
1021 {
1027 CORE_ADDR offset;
1035 {
1042 {
1049 /* Bits 0-7 contain a mask for registers R0-R7. Bit 8 says
1050 whether to save LR (R14). */
1053 /* Calculate offsets of saved R0-R7 and LR. */
1056 {
1060 }
1061 }
1063 {
1067 }
1069 {
1070 /* Don't scan past the epilogue. */
1072 }
1091 {
1095 }
1097 {
1101 }
1103 {
1104 /* Handle stores to the stack. Normally pushes are used,
1105 but with GCC -mtpcs-frame, there may be other stores
1106 in the prologue to create the frame. */
1108 pv_t addr;
1117 }
1119 {
1122 pv_t addr;
1131 }
1135 /* Ignore stores of argument registers to the stack. */
1136 ;
1139 /* Ignore block loads from the stack, potentially copying
1140 parameters from memory. */
1141 ;
1145 /* Similarly ignore single loads from the stack. */
1146 ;
1149 /* Skip register copies, i.e. saves to another register
1150 instead of the stack. */
1151 ;
1153 /* Recognize constant loads; even with small stacks these are necessary
1154 on Thumb. */
1157 {
1158 /* Constant pool loads, for the same reason. */
1160 CORE_ADDR loc;
1165 }
1167 {
1171 byte_order_for_code);
1175 {
1176 /* BL, BLX. Allow some special function calls when
1177 skipping the prologue; GCC generates these before
1178 storing arguments to the stack. */
1179 CORE_ADDR nextpc;
1191 /* For BLX make sure to clear the low bits. */
1198 }
1201 { registers } */
1203 {
1210 /* Calculate offsets of saved registers. */
1213 {
1216 }
1220 }
1222 /* vstmdb Rn{!}, { D-registers } (aka vpush). */
1226 {
1227 /* Address SP points to. */
1230 /* Number of registers saved. */
1233 /* First register to save. */
1239 /* Calculate offsets of saved registers. */
1241 {
1245 }
1247 /* Writeback SP to account for the saved registers. */
1249 }
1252 [Rn, #+/-imm]{!} */
1254 {
1262 else
1274 }
1279 {
1286 else
1296 }
1300 {
1302 pv_t addr;
1311 }
1315 /* Ignore stores of argument registers to the stack. */
1316 ;
1321 /* Ignore stores of argument registers to the stack. */
1322 ;
1325 { registers } */
1328 /* Ignore block loads from the stack, potentially copying
1329 parameters from memory. */
1330 ;
1333 [Rn, #+/-imm] */
1335 /* Similarly ignore dual loads from the stack. */
1336 ;
1341 /* Similarly ignore single loads from the stack. */
1342 ;
1346 /* Similarly ignore single loads from the stack. */
1347 ;
1351 {
1359 }
1363 {
1370 }
1374 {
1382 }
1386 {
1393 }
1396 {
1403 }
1406 {
1407 unsigned int imm
1411 }
1415 {
1419 }
1422 {
1423 /* Constant pool loads. */
1425 CORE_ADDR loc;
1430 else
1435 }
1438 {
1439 /* Constant pool loads. */
1441 CORE_ADDR loc;
1446 else
1454 }
1455 /* Start of ARMv8.1-m PACBTI extension instructions. */
1457 {
1458 /* LR and SP are input registers. PAC is in R12. LR is
1459 signed from this point onwards. NOP space. */
1461 }
1463 {
1464 /* LR and SP are input registers. PAC is in R12 and PC is a
1465 valid BTI landing pad. LR is signed from this point onwards.
1466 NOP space. */
1468 }
1470 {
1471 /* Valid BTI landing pad. NOP space. */
1472 }
1474 {
1475 /* Sign Rn using Rm and store the PAC in Rd. Rd is signed from
1476 this point onwards. */
1478 }
1480 {
1481 /* These instructions appear close to the epilogue, when signed
1482 pointers are getting authenticated. */
1484 }
1485 /* End of ARMv8.1-m PACBTI extension instructions */
1487 {
1488 /* Don't scan past anything that might change control flow. */
1490 }
1491 else
1492 {
1493 /* The optimizer might shove anything into the prologue,
1494 so we just skip what we don't recognize. */
1496 }
1498 /* Make sure we are dealing with a target that supports ARMv8.1-m
1499 PACBTI. */
1502 {
1508 }
1511 }
1513 {
1514 /* Don't scan past anything that might change control flow. */
1516 }
1517 else
1518 {
1519 /* The optimizer might shove anything into the prologue,
1520 so we just skip what we don't recognize. */
1522 }
1525 }
1537 {
1538 /* Frame pointer is fp. Frame size is constant. */
1541 }
1543 {
1544 /* Frame pointer is r7. Frame size is constant. */
1547 }
1548 else
1549 {
1550 /* Try the stack pointer... this is a bit desperate. */
1553 }
1557 {
1561 }
1564 }
1567 /* Try to analyze the instructions starting from PC, which load symbol
1568 __stack_chk_guard. Return the address of instruction after loading this
1569 symbol, set the dest register number to *BASEREG, and set the size of
1570 instructions for loading symbol in OFFSET. Return 0 if instructions are
1571 not recognized. */
1573 static CORE_ADDR
1576 {
1583 {
1584 unsigned short insn1
1588 {
1593 byte_order_for_code);
1594 }
1596 {
1597 unsigned short insn2
1602 insn1
1604 insn2
1607 /* movt Rd, #const */
1609 {
1614 }
1615 }
1616 }
1617 else
1618 {
1619 unsigned int insn
1623 {
1626 byte_order_for_code);
1630 }
1632 {
1635 insn
1639 {
1644 }
1645 }
1646 }
1649 }
1651 /* Try to skip a sequence of instructions used for stack protector. If PC
1652 points to the first instruction of this sequence, return the address of
1653 first instruction after this sequence, otherwise, return original PC.
1655 On arm, this sequence of instructions is composed of mainly three steps,
1656 Step 1: load symbol __stack_chk_guard,
1657 Step 2: load from address of __stack_chk_guard,
1658 Step 3: store it to somewhere else.
1660 Usually, instructions on step 2 and step 3 are the same on various ARM
1661 architectures. On step 2, it is one instruction 'ldr Rx, [Rn, #0]', and
1662 on step 3, it is also one instruction 'str Rx, [r7, #immd]'. However,
1663 instructions in step 1 vary from different ARM architectures. On ARMv7,
1664 they are,
1666 movw Rn, #:lower16:__stack_chk_guard
1667 movt Rn, #:upper16:__stack_chk_guard
1669 On ARMv5t, it is,
1671 ldr Rn, .Label
1672 ....
1673 .Lable:
1674 .word __stack_chk_guard
1676 Since ldr/str is a very popular instruction, we can't use them as
1677 'fingerprint' or 'signature' of stack protector sequence. Here we choose
1678 sequence {movw/movt, ldr}/ldr/str plus symbol __stack_chk_guard, if not
1679 stripped, as the 'fingerprint' of a stack protector cdoe sequence. */
1681 static CORE_ADDR
1683 {
1689 CORE_ADDR addr;
1691 /* Try to parse the instructions in Step 1. */
1698 /* ADDR must correspond to a symbol whose name is __stack_chk_guard.
1699 Otherwise, this sequence cannot be for stack protector. */
1705 {
1707 unsigned short insn
1710 /* Step 2: ldr Rd, [Rn, #immed], encoding T1. */
1718 byte_order_for_code);
1719 /* Step 3: str Rd, [Rn, #immed], encoding T1. */
1724 }
1725 else
1726 {
1728 unsigned int insn
1731 /* Step 2: ldr Rd, [Rn, #immed], encoding A1. */
1737 /* Step 3: str Rd, [Rn, #immed], encoding A1. */
1744 }
1745 /* The size of total two instructions ldr/str is 4 on Thumb-2, while 8
1746 on arm. */
1749 else
1751 }
1753 /* Advance the PC across any function entry prologue instructions to
1754 reach some "real" code.
1756 The APCS (ARM Procedure Call Standard) defines the following
1757 prologue:
1759 mov ip, sp
1760 [stmfd sp!, {a1,a2,a3,a4}]
1761 stmfd sp!, {...,fp,ip,lr,pc}
1762 [stfe f7, [sp, #-12]!]
1763 [stfe f6, [sp, #-12]!]
1764 [stfe f5, [sp, #-12]!]
1765 [stfe f4, [sp, #-12]!]
1766 sub fp, ip, #nn @@ nn == 20 or 4 depending on second insn. */
1768 static CORE_ADDR
1770 {
1773 /* See if we can determine the end of the prologue via the symbol table.
1774 If so, then return either PC, or the PC after the prologue, whichever
1775 is greater. */
1776 bool func_addr_found
1779 /* Whether the function is thumb mode or not. */
1783 {
1784 CORE_ADDR post_prologue_pc
1789 post_prologue_pc
1793 /* GCC always emits a line note before the prologue and another
1794 one after, even if the two are at the same address or on the
1795 same line. Take advantage of this so that we do not need to
1796 know every instruction that might appear in the prologue. We
1797 will have producer information for most binaries; if it is
1798 missing (e.g. for -gstabs), assuming the GNU tools. */
1807 {
1808 CORE_ADDR analyzed_limit;
1810 /* For non-GCC compilers, make sure the entire line is an
1811 acceptable prologue; GDB will round this function's
1812 return value up to the end of the following line so we
1813 can not skip just part of a line (and we do not want to).
1815 RealView does not treat the prologue specially, but does
1816 associate prologue code with the opening brace; so this
1817 lets us skip the first line if we think it is the opening
1818 brace. */
1823 else
1824 analyzed_limit
1832 }
1833 }
1835 /* Can't determine prologue from the symbol table, need to examine
1836 instructions. */
1838 /* Find an upper limit on the function prologue using the debug
1839 information. If the debug information could not be used to provide
1840 that bound, then use an arbitrary large number as the upper bound. */
1841 /* Like arm_scan_prologue, stop no later than pc + 64. */
1846 /* Set the correct adjustment based on whether the function is thumb mode or
1847 not. We use it to get the address of the last instruction in the
1848 function (as opposed to the first address of the next function). */
1851 limit_pc
1855 /* Check if this is Thumb code. */
1858 else
1861 }
1863 /* Function: thumb_scan_prologue (helper function for arm_scan_prologue)
1864 This function decodes a Thumb function prologue to determine:
1865 1) the size of the stack frame
1866 2) which registers are saved on it
1867 3) the offsets of saved regs
1868 4) the offset from the stack pointer to the frame pointer
1870 A typical Thumb function prologue would create this stack frame
1871 (offsets relative to FP)
1872 old SP -> 24 stack parameters
1873 20 LR
1874 16 R7
1875 R7 -> 0 local variables (16 bytes)
1876 SP -> -12 additional stack space (12 bytes)
1877 The frame size would thus be 36 bytes, and the frame offset would be
1878 12 bytes. The frame register is R7.
1880 The comments for thumb_skip_prolog() describe the algorithm we use
1881 to detect the end of the prolog. */
1883 static void
1886 {
1887 CORE_ADDR prologue_start;
1888 CORE_ADDR prologue_end;
1892 {
1893 /* See comment in arm_scan_prologue for an explanation of
1894 this heuristics. */
1896 {
1898 }
1899 }
1900 else
1901 /* We're in the boondocks: we have no idea where the start of the
1902 function is. */
1908 }
1910 /* Return 1 if the ARM instruction INSN restores SP in epilogue, 0
1911 otherwise. */
1913 static int
1915 {
1917 {
1919 /* ADD SP (register or immediate). */
1921 /* SUB SP (register or immediate). */
1923 /* MOV SP. */
1925 /* POP (LDMIA). */
1927 /* POP of a single register. */
1929 }
1932 }
1934 /* Implement immediate value decoding, as described in section A5.2.4
1935 (Modified immediate constants in ARM instructions) of the ARM Architecture
1936 Reference Manual (ARMv7-A and ARMv7-R edition). */
1938 static uint32_t
1940 {
1941 /* Immediate values are 12 bits long. */
1952 }
1954 /* Analyze an ARM mode prologue starting at PROLOGUE_START and
1955 continuing no further than PROLOGUE_END. If CACHE is non-NULL,
1956 fill it in. Return the first address not recognized as a prologue
1957 instruction.
1959 We recognize all the instructions typically found in ARM prologues,
1960 plus harmless instructions which can be skipped (either for analysis
1961 purposes, or a more restrictive set that can be skipped when finding
1962 the end of the prologue). */
1964 static CORE_ADDR
1969 {
1977 /* Search the prologue looking for instructions that set up the
1978 frame pointer, adjust the stack pointer, and save registers.
1980 Be careful, however, and if it doesn't look like a prologue,
1981 don't try to scan it. If, for instance, a frameless function
1982 begins with stmfd sp!, then we will tell ourselves there is
1983 a frame, which will confuse stack traceback, as well as "finish"
1984 and other operations that rely on a knowledge of the stack
1985 traceback. */
1994 {
1998 {
2001 }
2004 {
2009 }
2012 {
2017 }
2019 [sp, #-4]! */
2020 {
2027 }
2029 /* stmfd sp!, {..., fp, ip, lr, pc}
2030 or
2031 stmfd sp!, {a1, a2, a3, a4} */
2032 {
2038 /* Calculate offsets of saved registers. */
2041 {
2045 }
2046 }
2050 {
2051 /* No need to add this to saved_regs -- it's just an arg reg. */
2053 }
2057 {
2058 /* No need to add this to saved_regs -- it's just an arg reg. */
2060 }
2062 { registers } */
2064 {
2065 /* No need to add this to saved_regs -- it's just arg regs. */
2067 }
2069 {
2072 }
2074 {
2077 }
2079 [sp, -#c]! */
2081 {
2088 }
2090 [sp!] */
2092 {
2100 {
2103 else
2105 }
2106 else
2107 {
2110 else
2112 }
2117 {
2121 }
2122 }
2124 {
2125 /* Allow some special function calls when skipping the
2126 prologue; GCC generates these before storing arguments to
2127 the stack. */
2132 else
2134 }
2138 /* Don't scan past anything that might change control flow. */
2141 {
2142 /* Don't scan past the epilogue. */
2144 }
2147 /* Ignore block loads from the stack, potentially copying
2148 parameters from memory. */
2152 /* Similarly ignore single loads from the stack. */
2155 /* MOV Rd, Rm. Skip register copies, i.e. saves to another
2156 register instead of the stack. */
2158 else
2159 {
2160 /* The optimizer might shove anything into the prologue, if
2161 we build up cache (cache != NULL) from scanning prologue,
2162 we just skip what we don't recognize and scan further to
2163 make cache as complete as possible. However, if we skip
2164 prologue, we'll stop immediately on unrecognized
2165 instruction. */
2169 else
2171 }
2172 }
2178 {
2181 /* The frame size is just the distance from the frame register
2182 to the original stack pointer. */
2184 {
2185 /* Frame pointer is fp. */
2188 }
2189 else
2190 {
2191 /* Try the stack pointer... this is a bit desperate. */
2194 }
2201 {
2205 }
2206 }
2212 }
2214 static void
2217 {
2225 /* Assume there is no frame until proven otherwise. */
2229 /* Check for Thumb prologue. */
2231 {
2234 }
2236 /* Find the function prologue. If we can't find the function in
2237 the symbol table, peek in the stack frame to find the PC. */
2240 {
2241 /* One way to find the end of the prologue (which works well
2242 for unoptimized code) is to do the following:
2244 struct symtab_and_line sal = find_pc_line (prologue_start, 0);
2246 if (sal.line == 0)
2247 prologue_end = prev_pc;
2248 else if (sal.end < prologue_end)
2249 prologue_end = sal.end;
2251 This mechanism is very accurate so long as the optimizer
2252 doesn't move any instructions from the function body into the
2253 prologue. If this happens, sal.end will be the last
2254 instruction in the first hunk of prologue code just before
2255 the first instruction that the scheduler has moved from
2256 the body to the prologue.
2258 In order to make sure that we scan all of the prologue
2259 instructions, we use a slightly less accurate mechanism which
2260 may scan more than necessary. To help compensate for this
2261 lack of accuracy, the prologue scanning loop below contains
2262 several clauses which'll cause the loop to terminate early if
2263 an implausible prologue instruction is encountered.
2265 The expression
2267 prologue_start + 64
2269 is a suitable endpoint since it accounts for the largest
2270 possible prologue plus up to five instructions inserted by
2271 the scheduler. */
2274 {
2276 }
2277 }
2278 else
2279 {
2280 /* We have no symbol information. Our only option is to assume this
2281 function has a standard stack frame and the normal frame register.
2282 Then, we can find the value of our frame pointer on entrance to
2283 the callee (or at the present moment if this is the innermost frame).
2284 The value stored there should be the address of the stmfd + 8. */
2285 CORE_ADDR frame_loc;
2286 ULONGEST return_value;
2288 /* AAPCS does not use a frame register, so we can abort here. */
2296 else
2297 {
2298 prologue_start = gdbarch_addr_bits_remove
2301 }
2302 }
2309 }
2313 {
2333 /* Calculate actual addresses of saved registers using offsets
2334 determined by arm_scan_prologue. */
2338 prev_sp);
2341 }
2343 /* Implementation of the stop_reason hook for arm_prologue frames. */
2345 static enum unwind_stop_reason
2348 {
2350 CORE_ADDR pc;
2356 /* This is meant to halt the backtrace at "_start". */
2363 /* If we've hit a wall, stop. */
2368 }
2370 /* Our frame ID for a normal frame is the current function's starting PC
2371 and the caller's SP when we were called. */
2373 static void
2377 {
2386 arm_gdbarch_tdep *tdep
2389 /* Use function start address as part of the frame ID. If we cannot
2390 identify the start address (due to missing symbol information),
2391 fall back to just using the current PC. */
2399 }
2405 {
2408 CORE_ADDR sp_value;
2416 /* If this frame has signed the return address, mark it as so. */
2421 /* If we are asked to unwind the PC, then we need to return the LR
2422 instead. The prologue may save PC, but it will point into this
2423 frame's prologue, not the next frame's resume location. Also
2424 strip the saved T bit. A valid LR may have the low bit set, but
2425 a valid PC never does. */
2427 {
2428 CORE_ADDR lr;
2433 }
2435 /* SP is generally not saved to the stack, but this frame is
2436 identified by the next frame's stack pointer at the time of the call.
2437 The value was already reconstructed into PREV_SP. */
2442 /* The value might be one of the alternative SP, if so, use the
2443 value already constructed. */
2445 {
2448 }
2450 /* The CPSR may have been changed by the call instruction and by the
2451 called function. The only bit we can reconstruct is the T bit,
2452 by checking the low bit of LR as of the call. This is a reliable
2453 indicator of Thumb-ness except for some ARM v4T pre-interworking
2454 Thumb code, which could get away with a clear low bit as long as
2455 the called function did not use bx. Guess that all other
2456 bits are unchanged; the condition flags are presumably lost,
2457 but the processor status is likely valid. */
2459 {
2465 }
2468 prev_regnum);
2469 }
2473 NORMAL_FRAME,
2474 arm_prologue_unwind_stop_reason,
2475 arm_prologue_this_id,
2476 arm_prologue_prev_register,
2477 NULL,
2478 default_frame_sniffer
2479 };
2481 /* Maintain a list of ARM exception table entries per objfile, similar to the
2482 list of mapping symbols. We only cache entries for standard ARM-defined
2483 personality routines; the cache will contain only the frame unwinding
2484 instructions associated with the entry (not the descriptors). */
2486 struct arm_exidx_entry
2487 {
2488 CORE_ADDR addr;
2492 {
2494 }
2495 };
2497 struct arm_exidx_data
2498 {
2500 };
2502 /* Per-BFD key to store exception handling information. */
2507 {
2510 {
2517 }
2520 }
2522 /* Parse contents of exception table and exception index sections
2523 of OBJFILE, and fill in the exception table entry cache.
2525 For each entry that refers to a standard ARM-defined personality
2526 routine, extract the frame unwinding instructions (from either
2527 the index or the table section). The unwinding instructions
2528 are normalized by:
2529 - extracting them from the rest of the table data
2530 - converting to host endianness
2531 - appending the implicit 0xb0 ("Finish") code
2533 The extracted and normalized instructions are stored for later
2534 retrieval by the arm_find_exidx_entry routine. */
2536 static void
2538 {
2542 LONGEST i;
2544 /* If we've already touched this file, do nothing. */
2548 /* Read contents of exception table and index. */
2550 ELF_STRING_ARM_unwind);
2553 {
2561 }
2566 {
2574 }
2576 /* Allocate exception table data structure. */
2580 /* Fill in exception table. */
2582 {
2592 /* Extract address of start of function. */
2596 /* Find section containing function and compute section offset. */
2602 /* Determine address of exception table entry. */
2604 {
2605 /* EXIDX_CANTUNWIND -- no exception table entry present. */
2606 }
2608 {
2609 /* Exception table entry embedded in .ARM.exidx
2610 -- must be short form. */
2613 }
2615 {
2616 /* Exception table entry in .ARM.extab. */
2621 {
2627 {
2628 /* Short form. */
2630 }
2633 {
2634 /* Long form. */
2637 }
2639 {
2640 bfd_vma pers;
2644 /* Custom personality routine. */
2648 /* Check whether we've got one of the variants of the
2649 GNU personality routines. */
2652 {
2654 {
2659 NULL
2660 };
2668 {
2671 }
2672 }
2674 /* If so, the next word contains a word count in the high
2675 byte, followed by the same unwind instructions as the
2676 pre-defined forms. */
2679 {
2686 }
2687 }
2688 }
2689 }
2691 /* Sanity check address. */
2697 /* The unwind instructions reside in WORD (only the N_BYTES least
2698 significant bytes are valid), followed by N_WORDS words in the
2699 extab section starting at ADDR. */
2701 {
2710 {
2719 }
2721 /* Implied "Finish" to terminate the list. */
2723 }
2725 /* Push entry onto vector. They are guaranteed to always
2726 appear in order of increasing addresses. */
2731 }
2732 }
2734 /* Search for the exception table entry covering MEMADDR. If one is found,
2735 return a pointer to its data. Otherwise, return 0. If START is non-NULL,
2736 set *START to the start of the region covered by this entry. */
2740 {
2745 {
2751 {
2755 {
2758 /* std::lower_bound finds the earliest ordered insertion
2759 point. If the following symbol starts at this exact
2760 address, we use that; otherwise, the preceding
2761 exception table entry covers this address. */
2763 {
2765 {
2769 }
2770 }
2773 {
2778 }
2779 }
2780 }
2781 }
2784 }
2786 /* Given the current frame THIS_FRAME, and its associated frame unwinding
2787 instruction list from the ARM exception table entry ENTRY, allocate and
2788 return a prologue cache structure describing how to unwind this frame.
2790 Return NULL if the unwinding instruction list contains a "spare",
2791 "reserved" or "refuse to unwind" instruction as defined in section
2792 "9.3 Frame unwinding instructions" of the "Exception Handling ABI
2793 for the ARM Architecture" document. */
2797 {
2806 {
2807 gdb_byte insn;
2809 /* Whenever we reload SP, we actually have to retrieve its
2810 actual value in the current frame. */
2812 {
2814 {
2817 }
2818 else
2819 {
2822 }
2825 }
2827 /* Decode next unwind instruction. */
2831 {
2834 }
2836 {
2839 }
2841 {
2845 /* The special case of an all-zero mask identifies
2846 "Refuse to unwind". We return NULL to fall back
2847 to the prologue analyzer. */
2851 /* Pop registers r4..r15 under mask. */
2854 {
2857 }
2859 /* Special-case popping SP -- we need to reload vsp. */
2862 }
2864 {
2867 /* Reserved cases. */
2871 /* Set SP from another register and mark VSP for reload. */
2874 }
2876 {
2881 /* Pop r4..r[4+count]. */
2883 {
2886 }
2888 /* If indicated by flag, pop LR as well. */
2890 {
2893 }
2894 }
2896 {
2897 /* We could only have updated PC by popping into it; if so, it
2898 will show up as address. Otherwise, copy LR into PC. */
2903 /* We're done. */
2905 }
2907 {
2911 /* All-zero mask and mask >= 16 is "spare". */
2915 /* Pop r0..r3 under mask. */
2918 {
2921 }
2922 }
2924 {
2928 do
2929 {
2932 }
2936 }
2938 {
2943 /* Only registers D0..D15 are valid here. */
2947 /* Pop VFP double-precision registers D[start]..D[start+count]. */
2949 {
2952 }
2954 /* Add an extra 4 bytes for FSTMFDX-style stack. */
2956 }
2958 {
2962 /* Pop VFP double-precision registers D[8]..D[8+count]. */
2964 {
2967 }
2969 /* Add an extra 4 bytes for FSTMFDX-style stack. */
2971 }
2973 {
2978 /* Only registers WR0..WR15 are valid. */
2982 /* Pop iwmmx registers WR[start]..WR[start+count]. */
2984 {
2987 }
2988 }
2990 {
2994 /* All-zero mask and mask >= 16 is "spare". */
2998 /* Pop iwmmx general-purpose registers WCGR0..WCGR3 under mask. */
3001 {
3004 }
3005 }
3007 {
3011 /* Pop iwmmx registers WR[10]..WR[10+count]. */
3013 {
3016 }
3017 }
3019 {
3024 /* Only registers D0..D31 are valid. */
3028 /* Pop VFP double-precision registers
3029 D[16+start]..D[16+start+count]. */
3031 {
3034 }
3035 }
3037 {
3042 /* Pop VFP double-precision registers D[start]..D[start+count]. */
3044 {
3047 }
3048 }
3050 {
3054 /* Pop VFP double-precision registers D[8]..D[8+count]. */
3056 {
3059 }
3060 }
3061 else
3062 {
3063 /* Everything else is "spare". */
3065 }
3066 }
3068 /* If we restore SP from a register, assume this was the frame register.
3069 Otherwise just fall back to SP as frame register. */
3072 else
3075 /* Determine offset to previous frame. */
3076 cache->framesize
3079 /* We already got the previous SP. */
3080 arm_gdbarch_tdep *tdep
3085 }
3087 /* Unwinding via ARM exception table entries. Note that the sniffer
3088 already computes a filled-in prologue cache, which is then used
3089 with the same arm_prologue_this_id and arm_prologue_prev_register
3090 routines also used for prologue-parsing based unwinding. */
3092 static int
3096 {
3103 /* See if we have an ARM exception table entry covering this address. */
3109 /* The ARM exception table does not describe unwind information
3110 for arbitrary PC values, but is guaranteed to be correct only
3111 at call sites. We have to decide here whether we want to use
3112 ARM exception table information for this frame, or fall back
3113 to using prologue parsing. (Note that if we have DWARF CFI,
3114 this sniffer isn't even called -- CFI is always preferred.)
3116 Before we make this decision, however, we check whether we
3117 actually have *symbol* information for the current frame.
3118 If not, prologue parsing would not work anyway, so we might
3119 as well use the exception table and hope for the best. */
3121 {
3124 /* If the next frame is "normal", we are at a call site in this
3125 frame, so exception information is guaranteed to be valid. */
3130 /* Some syscalls keep PC pointing to the SVC instruction itself. */
3132 {
3133 /* We also assume exception information is valid if we're currently
3134 blocked in a system call. The system library is supposed to
3135 ensure this, so that e.g. pthread cancellation works. */
3137 {
3138 ULONGEST insn;
3146 }
3147 else
3148 {
3149 ULONGEST insn;
3157 }
3158 }
3160 /* Bail out if we don't know that exception information is valid. */
3164 /* The ARM exception index does not mark the *end* of the region
3165 covered by the entry, and some functions will not have any entry.
3166 To correctly recognize the end of the covered region, the linker
3167 should have inserted dummy records with a CANTUNWIND marker.
3169 Unfortunately, current versions of GNU ld do not reliably do
3170 this, and thus we may have found an incorrect entry above.
3171 As a (temporary) sanity check, we only use the entry if it
3172 lies *within* the bounds of the function. Note that this check
3173 might reject perfectly valid entries that just happen to cover
3174 multiple functions; therefore this check ought to be removed
3175 once the linker is fixed. */
3178 }
3180 /* Decode the list of unwinding instructions into a prologue cache.
3181 Note that this may fail due to e.g. a "refuse to unwind" code. */
3188 }
3192 NORMAL_FRAME,
3193 default_frame_unwind_stop_reason,
3194 arm_prologue_this_id,
3195 arm_prologue_prev_register,
3196 NULL,
3197 arm_exidx_unwind_sniffer
3198 };
3202 {
3209 /* Still rely on the offset calculated from prologue. */
3212 /* Since we are in epilogue, the SP has been restored. */
3213 arm_gdbarch_tdep *tdep
3217 ARM_SP_REGNUM));
3219 /* Calculate actual addresses of saved registers using offsets
3220 determined by arm_scan_prologue. */
3227 }
3229 /* Implementation of function hook 'this_id' in
3230 'struct frame_uwnind' for epilogue unwinder. */
3232 static void
3236 {
3244 /* Use function start address as part of the frame ID. If we cannot
3245 identify the start address (due to missing symbol information),
3246 fall back to just using the current PC. */
3252 arm_gdbarch_tdep *tdep
3255 }
3257 /* Implementation of function hook 'prev_register' in
3258 'struct frame_uwnind' for epilogue unwinder. */
3263 {
3268 }
3271 CORE_ADDR pc);
3273 CORE_ADDR pc);
3275 /* Implementation of function hook 'sniffer' in
3276 'struct frame_uwnind' for epilogue unwinder. */
3278 static int
3282 {
3284 {
3290 else
3292 }
3293 else
3295 }
3297 /* Frame unwinder from epilogue. */
3300 {
3302 NORMAL_FRAME,
3303 default_frame_unwind_stop_reason,
3304 arm_epilogue_frame_this_id,
3305 arm_epilogue_frame_prev_register,
3306 NULL,
3307 arm_epilogue_frame_sniffer,
3308 };
3310 /* Recognize GCC's trampoline for thumb call-indirect. If we are in a
3311 trampoline, return the target PC. Otherwise return 0.
3313 void call0a (char c, short s, int i, long l) {}
3315 int main (void)
3316 {
3317 (*pointer_to_call0a) (c, s, i, l);
3318 }
3320 Instead of calling a stub library function _call_via_xx (xx is
3321 the register name), GCC may inline the trampoline in the object
3322 file as below (register r2 has the address of call0a).
3324 .global main
3325 .type main, %function
3326 ...
3327 bl .L1
3328 ...
3329 .size main, .-main
3331 .L1:
3332 bx r2
3334 The trampoline 'bx r2' doesn't belong to main. */
3336 static CORE_ADDR
3338 {
3339 /* The heuristics of recognizing such trampoline is that FRAME is
3340 executing in Thumb mode and the instruction on PC is 'bx Rm'. */
3342 {
3346 {
3348 enum bfd_endian byte_order_for_code
3350 uint16_t insn
3354 {
3355 CORE_ADDR dest
3358 /* Clear the LSB so that gdb core sets step-resume
3359 breakpoint at the right address. */
3361 }
3362 }
3363 }
3366 }
3370 {
3376 arm_gdbarch_tdep *tdep
3380 ARM_SP_REGNUM));
3383 }
3385 /* Our frame ID for a stub frame is the current SP and LR. */
3387 static void
3391 {
3398 arm_gdbarch_tdep *tdep
3402 }
3404 static int
3408 {
3409 CORE_ADDR addr_in_block;
3417 /* We also use the stub winder if the target memory is unreadable
3418 to avoid having the prologue unwinder trying to read it. */
3427 }
3431 NORMAL_FRAME,
3432 default_frame_unwind_stop_reason,
3433 arm_stub_this_id,
3434 arm_prologue_prev_register,
3435 NULL,
3436 arm_stub_unwind_sniffer
3437 };
3439 /* Put here the code to store, into CACHE->saved_regs, the addresses
3440 of the saved registers of frame described by THIS_FRAME. CACHE is
3441 returned. */
3445 {
3453 /* ARMv7-M Architecture Reference "B1.5.6 Exception entry behavior"
3454 describes which bits in LR that define which stack was used prior
3455 to the exception and if FPU is used (causing extended stack frame). */
3457 /* In the lockup state PC contains a lockup magic value.
3458 The PC value of the the next outer frame is irreversibly
3459 lost. The other registers are intact so LR likely contains
3460 PC of some frame next to the outer one, but we cannot analyze
3461 the next outer frame without knowing its PC
3462 therefore we do not know SP fixup for this frame.
3463 Some heuristics to resynchronize SP might be possible.
3464 For simplicity, just terminate the unwinding to prevent it going
3465 astray and attempting to read data/addresses it shouldn't,
3466 which may cause further issues due to side-effects. */
3469 {
3470 /* The lockup can be real just in the innermost frame
3471 as the CPU is stopped and cannot create more frames.
3472 If we hit lockup magic PC in the other frame, it is
3473 just a sentinel at the top of stack: do not warn then. */
3477 /* Terminate any further stack unwinding. */
3480 }
3484 /* ARMv7-M Architecture Reference "A2.3.1 Arm core registers"
3485 states that LR is set to 0xffffffff on reset. ARMv8-M Architecture
3486 Reference "B3.3 Registers" states that LR is set to 0xffffffff on warm
3487 reset if Main Extension is implemented, otherwise the value is unknown. */
3489 {
3490 /* Terminate any further stack unwinding. */
3493 }
3495 /* Check FNC_RETURN indicator bits (24-31). */
3498 {
3499 /* FNC_RETURN is only valid for targets with Security Extension. */
3501 {
3503 "Register value %s that requires the security extension, "
3504 "but the extension was not found or is disabled. This "
3505 "should not happen and may be caused by corrupt data or a "
3507 }
3510 {
3513 /* Terminate any further stack unwinding. */
3516 }
3520 /* Handler mode: This is the mode that exceptions are handled in. */
3522 else
3523 /* Thread mode: This is the normal mode that programs run in. */
3528 /* Stack layout for a function call from Secure to Non-Secure state
3529 (ARMv8-M section B3.16):
3531 SP Offset
3533 +-------------------+
3534 0x08 | |
3535 +-------------------+ <-- Original SP
3536 0x04 | Partial xPSR |
3537 +-------------------+
3538 0x00 | Return Address |
3539 +===================+ <-- New SP */
3548 }
3550 /* Check EXC_RETURN indicator bits (24-31). */
3553 {
3560 /* Check EXC_RETURN bit SPSEL if Main or Thread (process) stack used. */
3564 {
3569 /* Unwinding from non-secure to secure can trip security
3570 measures. In order to avoid the debugger being
3571 intrusive, rely on the user to configure the requested
3572 mode. */
3575 {
3578 /* Terminate any further stack unwinding. */
3581 }
3584 {
3586 /* Secure thread (process) stack used, use PSP_S as SP. */
3588 else
3589 /* Non-secure thread (process) stack used, use PSP_NS as SP. */
3591 }
3592 else
3593 {
3595 /* Secure main stack used, use MSP_S as SP. */
3597 else
3598 /* Non-secure main stack used, use MSP_NS as SP. */
3600 }
3601 }
3602 else
3603 {
3605 /* Thread (process) stack used, use PSP as SP. */
3607 else
3608 /* Main stack used, use MSP as SP. */
3610 }
3612 /* Set the active SP regnum. */
3615 /* Fetch the SP to use for this frame. */
3618 /* Exception entry context stacking are described in ARMv8-M (section
3619 B3.19) and ARMv7-M (sections B1.5.6 and B1.5.7) Architecture Reference
3620 Manuals.
3622 The following figure shows the structure of the stack frame when
3623 Security and Floating-point extensions are present.
3625 SP Offsets
3626 Without With
3627 Callee Regs Callee Regs
3628 (Secure -> Non-Secure)
3629 +-------------------+
3630 0xA8 | | 0xD0
3631 +===================+ --+ <-- Original SP
3632 0xA4 | S31 | 0xCC |
3633 +-------------------+ |
3634 ... | Additional FP context
3635 +-------------------+ |
3636 0x68 | S16 | 0x90 |
3637 +===================+ --+
3638 0x64 | Reserved | 0x8C |
3639 +-------------------+ |
3640 0x60 | FPSCR | 0x88 |
3641 +-------------------+ |
3642 0x5C | S15 | 0x84 | FP context
3643 +-------------------+ |
3644 ... |
3645 +-------------------+ |
3646 0x20 | S0 | 0x48 |
3647 +===================+ --+
3648 0x1C | xPSR | 0x44 |
3649 +-------------------+ |
3650 0x18 | Return address | 0x40 |
3651 +-------------------+ |
3652 0x14 | LR(R14) | 0x3C |
3653 +-------------------+ |
3654 0x10 | R12 | 0x38 | State context
3655 +-------------------+ |
3656 0x0C | R3 | 0x34 |
3657 +-------------------+ |
3658 ... |
3659 +-------------------+ |
3660 0x00 | R0 | 0x28 |
3661 +===================+ --+
3662 | R11 | 0x24 |
3663 +-------------------+ |
3664 ... |
3665 +-------------------+ | Additional state
3666 | R4 | 0x08 | context when
3667 +-------------------+ | transitioning from
3668 | Reserved | 0x04 | Secure to Non-Secure
3669 +-------------------+ |
3670 | Magic signature | 0x00 |
3671 +===================+ --+ <-- New SP */
3675 /* With the Security extension, the hardware saves R4..R11 too. */
3678 {
3679 /* Read R4..R11 from the integer callee registers. */
3689 }
3691 /* The hardware saves eight 32-bit words, comprising xPSR,
3692 ReturnAddress, LR (R14), R12, R3, R2, R1, R0. See details in
3693 "B1.5.6 Exception entry behavior" in
3694 "ARMv7-M Architecture Reference Manual". */
3708 /* Check EXC_RETURN bit FTYPE if extended stack frame (FPU regs stored)
3709 type used. */
3712 {
3713 ULONGEST fpccr;
3714 ULONGEST fpcar;
3716 /* Read FPCCR register. */
3719 {
3724 }
3726 /* Read FPCAR register. */
3729 {
3733 }
3740 /* The LSPEN and ASPEN bits indicate if the lazy state preservation
3741 for FP registers is enabled or disabled. The LSPACT bit indicate,
3742 together with FPCAR, if the lazy state preservation feature is
3743 active for the current frame or for another frame.
3744 See "Lazy context save of FP state", in B1.5.7, also ARM AN298,
3745 supported by Cortex-M4F architecture for details. */
3749 && fpccr_lspact
3752 /* Extended stack frame type used. */
3754 {
3757 {
3760 }
3761 }
3767 {
3768 /* Handle floating-point callee saved registers. */
3770 {
3773 {
3776 }
3777 }
3781 }
3782 else
3783 {
3784 /* Offset 0x64 is reserved. */
3787 }
3788 }
3789 else
3790 {
3791 /* Standard stack frame type used. */
3794 }
3796 /* If bit 9 of the saved xPSR is set, then there is a four-byte
3797 aligner between the top of the 32-byte stack frame and the
3798 previous context's stack pointer. */
3799 ULONGEST xpsr;
3803 {
3808 }
3811 {
3814 }
3817 }
3820 "found unexpected Link Register value "
3821 "%s. This should not happen and may "
3822 "be caused by corrupt data or a bug in"
3825 }
3827 /* Implementation of the stop_reason hook for arm_m_exception frames. */
3829 static enum unwind_stop_reason
3832 {
3834 arm_gdbarch_tdep *tdep
3841 /* If we've hit a wall, stop. */
3846 }
3848 /* Implementation of function hook 'this_id' in
3849 'struct frame_uwnind'. */
3851 static void
3855 {
3862 /* Our frame ID for a stub frame is the current SP and LR. */
3863 arm_gdbarch_tdep *tdep
3867 }
3869 /* Implementation of function hook 'prev_register' in
3870 'struct frame_uwnind'. */
3876 {
3878 CORE_ADDR sp_value;
3884 /* The value was already reconstructed into PREV_SP. */
3885 arm_gdbarch_tdep *tdep
3891 /* If we are asked to unwind the PC, strip the saved T bit. */
3893 {
3896 prev_regnum);
3900 }
3902 /* The value might be one of the alternative SP, if so, use the
3903 value already constructed. */
3905 {
3908 }
3910 /* If we are asked to unwind the xPSR, set T bit if PC is in thumb mode.
3911 LR register is unreliable as it contains FNC_RETURN or EXC_RETURN
3912 pattern. */
3914 {
3918 ARM_PC_REGNUM);
3921 ARM_PS_REGNUM);
3924 /* Reconstruct the T bit; see arm_prologue_prev_register for details. */
3927 }
3930 prev_regnum);
3931 }
3933 /* Implementation of function hook 'sniffer' in
3934 'struct frame_uwnind'. */
3936 static int
3940 {
3944 /* No need to check is_m; this sniffer is only registered for
3945 M-profile architectures. */
3947 /* Check if exception frame returns to a magic PC value. */
3949 }
3951 /* Frame unwinder for M-profile exceptions (EXC_RETURN on stack),
3952 lockup and secure/nonsecure interstate function calls (FNC_RETURN). */
3955 {
3957 SIGTRAMP_FRAME,
3958 arm_m_exception_frame_unwind_stop_reason,
3959 arm_m_exception_this_id,
3960 arm_m_exception_prev_register,
3961 NULL,
3962 arm_m_exception_unwind_sniffer
3963 };
3965 static CORE_ADDR
3967 {
3974 arm_gdbarch_tdep *tdep
3977 }
3981 arm_normal_frame_base,
3982 arm_normal_frame_base,
3983 arm_normal_frame_base
3984 };
3986 struct arm_dwarf2_prev_register_cache
3987 {
3988 /* Cached value of the corresponding stack pointer for the inner frame. */
3989 CORE_ADDR sp;
3990 CORE_ADDR msp;
3991 CORE_ADDR msp_s;
3992 CORE_ADDR msp_ns;
3993 CORE_ADDR psp;
3994 CORE_ADDR psp_s;
3995 CORE_ADDR psp_ns;
3996 };
4001 {
4004 CORE_ADDR lr;
4005 ULONGEST cpsr;
4006 arm_dwarf2_prev_register_cache *cache
4009 arm_dwarf2_prev_register));
4012 {
4019 {
4020 cache->sp
4023 cache->msp_s
4026 cache->msp_ns
4029 cache->psp_s
4032 cache->psp_ns
4035 }
4037 {
4038 cache->sp
4041 cache->msp
4044 cache->psp
4047 }
4048 }
4051 {
4052 /* The PC is normally copied from the return column, which
4053 describes saves of LR. However, that version may have an
4054 extra bit set to indicate Thumb state. The bit is not
4055 part of the PC. */
4057 /* Record in the frame whether the return address was signed. */
4059 {
4060 CORE_ADDR ra_auth_code
4066 }
4071 }
4073 {
4074 /* Reconstruct the T bit; see arm_prologue_prev_register for details. */
4079 }
4081 {
4082 /* Handle the alternative SP registers on Cortex-M. */
4084 CORE_ADDR val;
4087 {
4104 }
4106 {
4113 }
4116 {
4117 /* Use value of SP from previous frame. */
4121 else
4123 }
4124 else
4125 /* Use value for the register from previous frame. */
4129 }
4132 }
4134 /* Implement the stack_frame_destroyed_p gdbarch method. */
4136 static int
4138 {
4143 CORE_ADDR scan_pc;
4149 /* The epilogue is a sequence of instructions along the following lines:
4151 - add stack frame size to SP or FP
4152 - [if frame pointer used] restore SP from FP
4153 - restore registers from SP [may include PC]
4154 - a return-type instruction [if PC wasn't already restored]
4156 In a first pass, we scan forward from the current PC and verify the
4157 instructions we find as compatible with this sequence, ending in a
4158 return instruction.
4160 However, this is not sufficient to distinguish indirect function calls
4161 within a function from indirect tail calls in the epilogue in some cases.
4162 Therefore, if we didn't already find any SP-changing instruction during
4163 forward scan, we add a backward scanning heuristic to ensure we actually
4164 are in the epilogue. */
4168 {
4180 {
4183 }
4185 {
4193 {
4196 }
4199 {
4202 }
4205 ;
4206 else
4208 }
4209 else
4211 }
4216 /* Since any instruction in the epilogue sequence, with the possible
4217 exception of return itself, updates the stack pointer, we need to
4218 scan backwards for at most one instruction. Try either a 16-bit or
4219 a 32-bit instruction. This is just a heuristic, so we do not worry
4220 too much about false positives. */
4242 }
4244 static int
4246 {
4255 /* We are in the epilogue if the previous instruction was a stack
4256 adjustment and the next instruction is a possible return (bx, mov
4257 pc, or pop). We could have to scan backwards to find the stack
4258 adjustment, or forwards to find the return, but this is a decent
4259 approximation. First scan forwards. */
4264 {
4266 /* BX. */
4269 /* MOV PC. */
4273 /* POP (LDMIA), including PC or LR. */
4275 }
4280 /* Scan backwards. This is just a heuristic, so do not worry about
4281 false positives from mode changes. */
4291 }
4293 /* Implement the stack_frame_destroyed_p gdbarch method. */
4295 static int
4297 {
4300 else
4302 }
4304 /* When arguments must be pushed onto the stack, they go on in reverse
4305 order. The code below implements a FILO (stack) to do this. */
4307 struct arm_stack_item
4308 {
4312 };
4317 {
4325 }
4329 {
4335 }
4337 /* Implement the gdbarch type alignment method, overrides the generic
4338 alignment algorithm for anything that is arm specific. */
4340 static ULONGEST
4342 {
4345 {
4346 /* Use the natural alignment for vector types (the same for
4347 scalar type), but the maximum alignment is 64-bit. */
4350 else
4352 }
4354 /* Allow the common code to calculate the alignment. */
4356 }
4358 /* Possible base types for a candidate for passing and returning in
4359 VFP registers. */
4361 enum arm_vfp_cprc_base_type
4362 {
4363 VFP_CPRC_UNKNOWN,
4364 VFP_CPRC_SINGLE,
4365 VFP_CPRC_DOUBLE,
4366 VFP_CPRC_VEC64,
4367 VFP_CPRC_VEC128
4368 };
4370 /* The length of one element of base type B. */
4372 static unsigned
4374 {
4376 {
4388 }
4389 }
4391 /* The character ('s', 'd' or 'q') for the type of VFP register used
4392 for passing base type B. */
4394 static int
4396 {
4398 {
4410 }
4411 }
4413 /* Determine whether T may be part of a candidate for passing and
4414 returning in VFP registers, ignoring the limit on the total number
4415 of components. If *BASE_TYPE is VFP_CPRC_UNKNOWN, set it to the
4416 classification of the first valid component found; if it is not
4417 VFP_CPRC_UNKNOWN, all components must have the same classification
4418 as *BASE_TYPE. If it is found that T contains a type not permitted
4419 for passing and returning in VFP registers, a type differently
4420 classified from *BASE_TYPE, or two types differently classified
4421 from each other, return -1, otherwise return the total number of
4422 base-type elements found (possibly 0 in an empty structure or
4423 array). Vector types are not currently supported, matching the
4424 generic AAPCS support. */
4426 static int
4429 {
4432 {
4435 {
4452 }
4456 /* Arguments of complex T where T is one of the types float or
4457 double get treated as if they are implemented as:
4459 struct complexT
4460 {
4461 T real;
4462 T imag;
4463 };
4465 */
4467 {
4484 }
4488 {
4490 {
4491 /* A 64-bit or 128-bit containerized vector type are VFP
4492 CPRCs. */
4494 {
4505 }
4506 }
4507 else
4508 {
4513 base_type);
4517 {
4520 }
4526 }
4527 }
4531 {
4536 {
4541 base_type);
4545 }
4547 {
4550 }
4557 }
4560 {
4565 {
4567 base_type);
4571 }
4573 {
4576 }
4583 }
4587 }
4590 }
4592 /* Determine whether T is a VFP co-processor register candidate (CPRC)
4593 if passed to or returned from a non-variadic function with the VFP
4594 ABI in effect. Return 1 if it is, 0 otherwise. If it is, set
4595 *BASE_TYPE to the base type for T and *COUNT to the number of
4596 elements of that base type before returning. */
4598 static int
4601 {
4609 }
4611 /* Return 1 if the VFP ABI should be used for passing arguments to and
4612 returning values from a function of type FUNC_TYPE, 0
4613 otherwise. */
4615 static int
4617 {
4620 /* Variadic functions always use the base ABI. Assume that functions
4621 without debug info are not variadic. */
4625 /* The VFP ABI is only supported as a variant of AAPCS. */
4630 }
4632 /* We currently only support passing parameters in integer registers, which
4633 conforms with GCC's default model, and VFP argument passing following
4634 the VFP variant of AAPCS. Several other variants exist and
4635 we should probably support some of them based on the selected ABI. */
4637 static CORE_ADDR
4641 function_call_return_method return_method,
4642 CORE_ADDR struct_addr)
4643 {
4654 /* Determine the type of this function and whether the VFP ABI
4655 applies. */
4661 /* Set the return address. For the ARM, the return breakpoint is
4662 always at BP_ADDR. */
4667 /* Walk through the list of args and determine how large a temporary
4668 stack is required. Need to take care here as structs may be
4669 passed on the stack, and we have to push them. */
4675 /* The struct_return pointer occupies the first parameter
4676 passing register. */
4678 {
4684 argreg++;
4685 }
4688 {
4706 /* Round alignment up to a whole number of words. */
4709 /* Different ABIs have different maximum alignments. */
4711 {
4712 /* The APCS ABI only requires word alignment. */
4714 }
4715 else
4716 {
4717 /* The AAPCS requires at most doubleword alignment. */
4720 }
4725 {
4731 /* Because this is a CPRC it cannot go in a core register or
4732 cause a core register to be skipped for alignment.
4733 Either it goes in VFP registers and the rest of this loop
4734 iteration is skipped for this argument, or it goes on the
4735 stack (and the stack alignment code is correct for this
4736 case). */
4747 {
4756 {
4762 else
4763 {
4769 }
4770 }
4772 }
4773 else
4774 {
4775 /* This CPRC could not go in VFP registers, so all VFP
4776 registers are now marked as used. */
4778 }
4779 }
4781 /* Push stack padding for doubleword alignment. */
4783 {
4786 }
4788 /* Doubleword aligned quantities must go in even register pairs. */
4793 argreg++;
4795 /* If the argument is a pointer to a function, and it is a
4796 Thumb function, create a LOCAL copy of the value and set
4797 the THUMB bit in it. */
4801 {
4804 {
4809 }
4810 }
4812 /* Copy the argument to general registers or the stack in
4813 register-sized pieces. Large arguments are split between
4814 registers and stack. */
4816 {
4819 CORE_ADDR regval
4823 {
4824 /* The argument is being passed in a general purpose
4825 register. */
4831 argreg++;
4832 }
4833 else
4834 {
4840 /* Push the arguments onto the stack. */
4844 }
4848 }
4849 }
4850 /* If we have an odd number of words to push, then decrement the stack
4851 by one word now, so first stack argument will be dword aligned. */
4856 {
4860 }
4862 /* Finally, update teh SP register. */
4866 }
4869 /* Always align the frame to an 8-byte boundary. This is required on
4870 some platforms and harmless on the rest. */
4872 static CORE_ADDR
4874 {
4875 /* Align the stack to eight bytes. */
4877 }
4879 static void
4881 {
4893 }
4895 /* Print interesting information about the floating point processor
4896 (if present) or emulator. */
4897 static void
4900 {
4907 else
4909 /* i18n: [floating point unit] mask */
4912 /* i18n: [floating point unit] flags */
4915 }
4917 /* Construct the ARM extended floating point type. */
4920 {
4924 {
4926 tdep->arm_ext_type
4928 floatformats_arm_ext);
4929 }
4932 }
4936 {
4940 {
4944 TYPE_CODE_UNION);
4961 }
4964 }
4966 /* FIXME: The vector types are not correctly ordered on big-endian
4967 targets. Just as s0 is the low bits of d0, d0[0] is also the low
4968 bits of d0 - regardless of what unit size is being held in d0. So
4969 the offset of the first uint8 in d0 is 7, but the offset of the
4970 first float is 4. This code works as-is for little-endian
4971 targets. */
4975 {
4979 {
4983 TYPE_CODE_UNION);
5000 }
5003 }
5005 /* Return true if REGNUM is a Q pseudo register. Return false
5006 otherwise.
5008 REGNUM is the raw register number and not a pseudo-relative register
5009 number. */
5011 static bool
5013 {
5016 /* Q pseudo registers are available for both NEON (Q0~Q15) and
5017 MVE (Q0~Q7) features. */
5024 }
5026 /* Return true if REGNUM is a VFP S pseudo register. Return false
5027 otherwise.
5029 REGNUM is the raw register number and not a pseudo-relative register
5030 number. */
5032 static bool
5034 {
5043 }
5045 /* Return true if REGNUM is a MVE pseudo register (P0). Return false
5046 otherwise.
5048 REGNUM is the raw register number and not a pseudo-relative register
5049 number. */
5051 static bool
5053 {
5062 }
5064 /* Return true if REGNUM is a PACBTI pseudo register (ra_auth_code). Return
5065 false otherwise.
5067 REGNUM is the raw register number and not a pseudo-relative register
5068 number. */
5070 static bool
5072 {
5081 }
5083 /* Return the GDB type object for the "standard" data type of data in
5084 register N. */
5088 {
5103 /* If the target description has register information, we are only
5104 in this function so that we can override the types of
5105 double-precision registers for NEON. */
5107 {
5114 else
5116 }
5119 {
5124 }
5130 /* These registers are only supported on targets which supply
5131 an XML description. */
5133 else
5135 }
5137 /* Map a DWARF register REGNUM onto the appropriate GDB register
5138 number. */
5140 static int
5142 {
5143 /* Core integer regs. */
5147 /* Legacy FPA encoding. These were once used in a way which
5148 overlapped with VFP register numbering, so their use is
5149 discouraged, but GDB doesn't support the ARM toolchain
5150 which used them for VFP. */
5154 /* New assignments for the FPA registers. */
5158 /* WMMX register assignments. */
5165 /* PACBTI register containing the Pointer Authentication Code. */
5167 {
5174 }
5179 /* VFP v2 registers. A double precision value is actually
5180 in d1 rather than s2, but the ABI only defines numbering
5181 for the single precision registers. This will "just work"
5182 in GDB for little endian targets (we'll read eight bytes,
5183 starting in s0 and then progressing to s1), but will be
5184 reversed on big endian targets with VFP. This won't
5185 be a problem for the new Neon quad registers; you're supposed
5186 to use DW_OP_piece for those. */
5188 {
5194 }
5196 /* VFP v3 / Neon registers. This range is also used for VFP v2
5197 registers, except that it now describes d0 instead of s0. */
5199 {
5205 }
5208 }
5210 /* Map GDB internal REGNUM onto the Arm simulator register numbers. */
5211 static int
5213 {
5239 }
5243 static void
5247 {
5251 {
5252 /* Initialize RA_AUTH_CODE to zero. */
5257 }
5260 {
5263 }
5267 {
5268 /* Handle the alternative SP registers on Cortex-M. */
5271 }
5272 }
5274 /* Given BUF, which is OLD_LEN bytes ending at ENDADDR, expand
5275 the buffer to be NEW_LEN bytes ending at ENDADDR. Return
5276 NULL if an error occurs. BUF is freed. */
5281 {
5289 {
5292 }
5294 }
5296 /* An IT block is at most the 2-byte IT instruction followed by
5297 four 4-byte instructions. The furthest back we must search to
5298 find an IT block that affects the current instruction is thus
5299 2 + 3 * 4 == 14 bytes. */
5300 #define MAX_IT_BLOCK_PREFIX 14
5302 /* Use a quick scan if there are more than this many bytes of
5303 code. */
5304 #define IT_SCAN_THRESHOLD 32
5306 /* Adjust a breakpoint's address to move breakpoints out of IT blocks.
5307 A breakpoint in an IT block may not be hit, depending on the
5308 condition flags. */
5309 static CORE_ADDR
5311 {
5320 /* If we are using BKPT breakpoints, none of this is necessary. */
5324 /* ARM mode does not have this problem. */
5328 /* We are setting a breakpoint in Thumb code that could potentially
5329 contain an IT block. The first step is to find how much Thumb
5330 code there is; we do not need to read outside of known Thumb
5331 sequences. */
5334 /* Thumb-2 code must have mapping symbols to have a chance. */
5340 {
5344 }
5346 /* Search for a candidate IT instruction. We have to do some fancy
5347 footwork to distinguish a real IT instruction from the second
5348 half of a 32-bit instruction, but there is no need for that if
5349 there's no candidate. */
5352 /* No room for an IT instruction. */
5360 {
5363 {
5366 }
5367 }
5370 {
5373 }
5375 /* OK, the code bytes before this instruction contain at least one
5376 halfword which resembles an IT instruction. We know that it's
5377 Thumb code, but there are still two possibilities. Either the
5378 halfword really is an IT instruction, or it is the second half of
5379 a 32-bit Thumb instruction. The only way we can tell is to
5380 scan forwards from a known instruction boundary. */
5382 {
5385 /* There's a lot of code before this instruction. Start with an
5386 optimistic search; it's easy to recognize halfwords that can
5387 not be the start of a 32-bit instruction, and use that to
5388 lock on to the instruction boundaries. */
5396 {
5399 {
5402 }
5403 }
5405 /* At this point, if DEFINITE, BUF[I] is the first place we
5406 are sure that we know the instruction boundaries, and it is far
5407 enough from BPADDR that we could not miss an IT instruction
5408 affecting BPADDR. If ! DEFINITE, give up - start from a
5409 known boundary. */
5411 {
5418 }
5419 }
5420 else
5421 {
5427 }
5429 /* Scan forwards. Find the last IT instruction before BPADDR. */
5433 {
5435 last_it_count--;
5437 {
5445 else
5447 }
5449 }
5454 /* There wasn't really an IT instruction after all. */
5458 /* It was too far away. */
5461 /* This really is a trouble spot. Move the breakpoint to the IT
5462 instruction. */
5464 }
5466 /* ARM displaced stepping support.
5468 Generally ARM displaced stepping works as follows:
5470 1. When an instruction is to be single-stepped, it is first decoded by
5471 arm_process_displaced_insn. Depending on the type of instruction, it is
5472 then copied to a scratch location, possibly in a modified form. The
5473 copy_* set of functions performs such modification, as necessary. A
5474 breakpoint is placed after the modified instruction in the scratch space
5475 to return control to GDB. Note in particular that instructions which
5476 modify the PC will no longer do so after modification.
5478 2. The instruction is single-stepped, by setting the PC to the scratch
5479 location address, and resuming. Control returns to GDB when the
5480 breakpoint is hit.
5482 3. A cleanup function (cleanup_*) is called corresponding to the copy_*
5483 function used for the current instruction. This function's job is to
5484 put the CPU/memory state back to what it would have been if the
5485 instruction had been executed unmodified in its original location. */
5487 /* NOP instruction (mov r0, r0). */
5488 #define ARM_NOP 0xe1a00000
5489 #define THUMB_NOP 0x4600
5491 /* Helper for register reads for displaced stepping. In particular, this
5492 returns the PC as it would be seen by the instruction at its original
5493 location. */
5495 ULONGEST
5498 {
5499 ULONGEST ret;
5503 {
5504 /* Compute pipeline offset:
5505 - When executing an ARM instruction, PC reads as the address of the
5506 current instruction plus 8.
5507 - When executing a Thumb instruction, PC reads as the address of the
5508 current instruction plus 4. */
5512 else
5518 }
5519 else
5520 {
5527 }
5528 }
5530 static int
5532 {
5533 ULONGEST ps;
5539 }
5541 /* Write to the PC as from a branch instruction. */
5543 static void
5545 ULONGEST val)
5546 {
5548 /* Note: If bits 0/1 are set, this branch would be unpredictable for
5549 architecture versions < 6. */
5552 else
5555 }
5557 /* Write to the PC as from a branch-exchange instruction. */
5559 static void
5561 {
5562 ULONGEST ps;
5568 {
5571 }
5573 {
5576 }
5577 else
5578 {
5579 /* Unpredictable behaviour. Try to do something sensible (switch to ARM
5580 mode, align dest to 4 bytes). */
5584 }
5585 }
5587 /* Write to the PC as if from a load instruction. */
5589 static void
5591 ULONGEST val)
5592 {
5595 else
5597 }
5599 /* Write to the PC as if from an ALU instruction. */
5601 static void
5603 ULONGEST val)
5604 {
5607 else
5609 }
5611 /* Helper for writing to registers for displaced stepping. Writing to the PC
5612 has a varying effects depending on the instruction which does the write:
5613 this is controlled by the WRITE_PC argument. */
5615 void
5618 {
5620 {
5624 {
5648 }
5651 }
5652 else
5653 {
5657 }
5658 }
5660 /* This function is used to concisely determine if an instruction INSN
5661 references PC. Register fields of interest in INSN should have the
5662 corresponding fields of BITMASK set to 0b1111. The function
5663 returns return 1 if any of these fields in INSN reference the PC
5664 (also 0b1111, r15), else it returns 0. */
5666 static int
5668 {
5672 {
5676 ;
5687 }
5690 }
5692 /* The simplest copy function. Many instructions have the same effect no
5693 matter what address they are executed at: in those cases, use this. */
5695 static int
5698 {
5705 }
5707 static int
5711 {
5720 }
5722 /* Copy 16-bit Thumb(Thumb and 16-bit Thumb-2) instruction without any
5723 modification. */
5724 static int
5728 {
5735 }
5737 /* Preload instructions with immediate offset. */
5739 static void
5742 {
5746 }
5748 static void
5751 {
5752 ULONGEST rn_val;
5753 /* Preload instructions:
5755 {pli/pld} [rn, #+/-imm]
5756 ->
5757 {pli/pld} [r0, #+/-imm]. */
5765 }
5767 static int
5770 {
5783 }
5785 static int
5788 {
5792 ULONGEST pc_val;
5797 /* PC is only allowed to use in PLI (immediate,literal) Encoding T3, and
5798 PLD (literal) Encoding T1. */
5801 imm12);
5806 /* Rewrite instruction {pli/pld} PC imm12 into:
5807 Prepare: tmp[0] <- r0, tmp[1] <- r1, r0 <- pc, r1 <- imm12
5809 {pli/pld} [r0, r1]
5811 Cleanup: r0 <- tmp[0], r1 <- tmp[1]. */
5822 /* {pli/pld} [r0, r1] */
5829 }
5831 /* Preload instructions with register offset. */
5833 static void
5837 {
5840 /* Preload register-offset instructions:
5842 {pli/pld} [rn, rm {, shift}]
5843 ->
5844 {pli/pld} [r0, r1 {, shift}]. */
5855 }
5857 static int
5861 {
5876 }
5878 /* Copy/cleanup coprocessor load and store instructions. */
5880 static void
5884 {
5891 }
5893 static void
5897 {
5898 ULONGEST rn_val;
5900 /* Coprocessor load/store instructions:
5902 {stc/stc2} [<Rn>, #+/-imm] (and other immediate addressing modes)
5903 ->
5904 {stc/stc2} [r0, #+/-imm].
5906 ldc/ldc2 are handled identically. */
5910 /* PC should be 4-byte aligned. */
5918 }
5920 static int
5924 {
5938 }
5940 static int
5944 {
5958 /* This function is called for copying instruction LDC/LDC2/VLDR, which
5959 doesn't support writeback, so pass 0. */
5963 }
5965 /* Clean up branch instructions (actually perform the branch, by setting
5966 PC). */
5968 static void
5971 {
5981 {
5982 /* The value of LR should be the next insn of current one. In order
5983 not to confuse logic handling later insn `bx lr', if current insn mode
5984 is Thumb, the bit 0 of LR value should be set to 1. */
5991 CANNOT_WRITE_PC);
5992 }
5995 }
5997 /* Copy B/BL/BLX instructions with immediate destinations. */
5999 static void
6003 {
6004 /* Implement "BL<cond> <label>" as:
6006 Preparation: cond <- instruction condition
6007 Insn: mov r0, r0 (nop)
6008 Cleanup: if (condition true) { r14 <- pc; pc <- label }.
6010 B<cond> similar, but don't set r14 in cleanup. */
6018 /* For BLX, offset is computed from the Align (PC, 4). */
6023 else
6027 }
6028 static int
6031 {
6041 /* For BLX, set bit 0 of the destination. The cleanup_branch function will
6042 then arrange the switch into Thumb mode. */
6044 else
6054 }
6056 static int
6060 {
6072 {
6075 {
6081 }
6083 {
6089 }
6090 }
6091 else
6092 {
6097 }
6107 }
6109 /* Copy B Thumb instructions. */
6110 static int
6113 {
6120 {
6121 /* offset = SignExtend (imm8:0, 32) */
6124 }
6126 {
6129 }
6144 }
6146 /* Copy BX/BLX with register-specified destinations. */
6148 static void
6152 {
6153 /* Implement {BX,BLX}<cond> <reg>" as:
6155 Preparation: cond <- instruction condition
6156 Insn: mov r0, r0 (nop)
6157 Cleanup: if (condition true) { r14 <- pc; pc <- dest; }.
6159 Don't set r14 in cleanup for BX. */
6169 }
6171 static int
6174 {
6176 /* BX: x12xxx1x
6177 BLX: x12xxx3x. */
6187 }
6189 static int
6193 {
6204 }
6207 /* Copy/cleanup arithmetic/logic instruction with immediate RHS. */
6209 static void
6212 {
6217 }
6219 static int
6222 {
6236 /* Instruction is of form:
6238 <op><cond> rd, [rn,] #imm
6240 Rewrite as:
6242 Preparation: tmp1, tmp2 <- r0, r1;
6243 r0, r1 <- rd, rn
6244 Insn: <op><cond> r0, r1, #imm
6245 Cleanup: rd <- r0; r0 <- tmp1; r1 <- tmp2
6246 */
6258 else
6264 }
6266 static int
6270 {
6279 /* This routine is only called for instruction MOV. */
6287 /* Instruction is of form:
6289 <op><cond> rd, [rn,] #imm
6291 Rewrite as:
6293 Preparation: tmp1, tmp2 <- r0, r1;
6294 r0, r1 <- rd, rn
6295 Insn: <op><cond> r0, r1, #imm
6296 Cleanup: rd <- r0; r0 <- tmp1; r1 <- tmp2
6297 */
6314 }
6316 /* Copy/cleanup arithmetic/logic insns with register RHS. */
6318 static void
6321 {
6322 ULONGEST rd_val;
6331 }
6333 static void
6337 {
6340 /* Instruction is of form:
6342 <op><cond> rd, [rn,] rm [, <shift>]
6344 Rewrite as:
6346 Preparation: tmp1, tmp2, tmp3 <- r0, r1, r2;
6347 r0, r1, r2 <- rd, rn, rm
6348 Insn: <op><cond> r0, [r1,] r2 [, <shift>]
6349 Cleanup: rd <- r0; r0, r1, r2 <- tmp1, tmp2, tmp3
6350 */
6364 }
6366 static int
6369 {
6381 else
6387 }
6389 static int
6393 {
6409 }
6411 /* Cleanup/copy arithmetic/logic insns with shifted register RHS. */
6413 static void
6417 {
6425 }
6427 static void
6432 {
6436 /* Instruction is of form:
6438 <op><cond> rd, [rn,] rm, <shift> rs
6440 Rewrite as:
6442 Preparation: tmp1, tmp2, tmp3, tmp4 <- r0, r1, r2, r3
6443 r0, r1, r2, r3 <- rd, rn, rm, rs
6444 Insn: <op><cond> r0, r1, r2, <shift> r3
6445 Cleanup: tmp5 <- r0
6446 r0, r1, r2, r3 <- tmp1, tmp2, tmp3, tmp4
6447 rd <- tmp5
6448 */
6463 }
6465 static int
6469 {
6488 else
6494 }
6496 /* Clean up load instructions. */
6498 static void
6501 {
6516 /* Handle register writeback. */
6519 /* Put result in right place. */
6523 }
6525 /* Clean up store instructions. */
6527 static void
6530 {
6542 /* Writeback. */
6545 }
6547 /* Copy "extra" load/store instructions. These are halfword/doubleword
6548 transfers, which have a different encoding to byte/word transfers. */
6550 static int
6553 {
6605 /* {ldr,str}<width><cond> rt, [rt2,] [rn, #imm]
6606 ->
6607 {ldr,str}<width><cond> r0, [r1,] [r2, #imm]. */
6609 else
6610 /* {ldr,str}<width><cond> rt, [rt2,] [rn, +/-rm]
6611 ->
6612 {ldr,str}<width><cond> r0, [r1,] [r2, +/-r3]. */
6618 }
6620 /* Copy byte/half word/word loads and stores. */
6622 static void
6627 {
6652 /* To write PC we can do:
6654 Before this sequence of instructions:
6655 r0 is the PC value got from displaced_read_reg, so r0 = from + 8;
6656 r2 is the Rn value got from displaced_read_reg.
6658 Insn1: push {pc} Write address of STR instruction + offset on stack
6659 Insn2: pop {r4} Read it back from stack, r4 = addr(Insn1) + offset
6660 Insn3: sub r4, r4, pc r4 = addr(Insn1) + offset - pc
6661 = addr(Insn1) + offset - addr(Insn3) - 8
6662 = offset - 16
6663 Insn4: add r4, r4, #8 r4 = offset - 8
6664 Insn5: add r0, r0, r4 r0 = from + 8 + offset - 8
6665 = from + offset
6666 Insn6: str r0, [r2, #imm] (or str r0, [r2, r3])
6668 Otherwise we don't know what value to write for PC, since the offset is
6669 architecture-dependent (sometimes PC+8, sometimes PC+12). More details
6670 of this can be found in Section "Saving from r15" in
6671 http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0204g/Cihbjifh.html */
6674 }
6677 static int
6681 {
6685 ULONGEST pc_val;
6689 imm12);
6694 /* Rewrite instruction LDR Rt imm12 into:
6696 Prepare: tmp[0] <- r0, tmp[1] <- r2, tmp[2] <- r3, r2 <- pc, r3 <- imm12
6698 LDR R0, R2, R3,
6700 Cleanup: rt <- r0, r0 <- tmp[0], r2 <- tmp[1], r3 <- tmp[2]. */
6721 /* LDR R0, R2, R3 */
6729 }
6731 static int
6736 {
6740 /* In LDR (register), there is also a register Rm, which is not allowed to
6741 be PC, so we don't have to check it. */
6745 dsc);
6756 /* ldr[b]<cond> rt, [rn, #imm], etc.
6757 ->
6758 ldr[b]<cond> r0, [r2, #imm]. */
6759 {
6762 }
6763 else
6764 /* ldr[b]<cond> rt, [rn, rm], etc.
6765 ->
6766 ldr[b]<cond> r0, [r2, r3]. */
6767 {
6770 }
6775 }
6778 static int
6783 {
6804 {
6808 /* {ldr,str}[b]<cond> rt, [rn, #imm], etc.
6809 ->
6810 {ldr,str}[b]<cond> r0, [r2, #imm]. */
6812 else
6813 /* {ldr,str}[b]<cond> rt, [rn, rm], etc.
6814 ->
6815 {ldr,str}[b]<cond> r0, [r2, r3]. */
6817 }
6818 else
6819 {
6820 /* We need to use r4 as scratch. Make sure it's restored afterwards. */
6828 /* As above. */
6831 else
6835 }
6840 }
6842 /* Cleanup LDM instructions with fully-populated register list. This is an
6843 unfortunate corner case: it's impossible to implement correctly by modifying
6844 the instruction. The issue is as follows: we have an instruction,
6846 ldm rN, {r0-r15}
6848 which we must rewrite to avoid loading PC. A possible solution would be to
6849 do the load in two halves, something like (with suitable cleanup
6850 afterwards):
6852 mov r8, rN
6853 ldm[id][ab] r8!, {r0-r7}
6854 str r7, <temp>
6855 ldm[id][ab] r8, {r7-r14}
6856 <bkpt>
6858 but at present there's no suitable place for <temp>, since the scratch space
6859 is overwritten before the cleanup routine is called. For now, we simply
6860 emulate the instruction. */
6862 static void
6865 {
6881 /* If the instruction is ldm rN, {...pc}^, I don't think there's anything
6882 sensible we can do here. Complain loudly. */
6886 /* We don't handle any stores here for now. */
6895 {
6900 regno++;
6901 else
6903 regno--;
6913 }
6917 CANNOT_WRITE_PC);
6918 }
6920 /* Clean up an STM which included the PC in the register list. */
6922 static void
6925 {
6928 CORE_ADDR pc_stored_at, transferred_regs
6930 CORE_ADDR stm_insn_addr;
6935 /* If condition code fails, there's nothing else to do. */
6940 {
6945 }
6946 else
6947 {
6952 }
6959 offset);
6961 /* Rewrite the stored PC to the proper value for the non-displaced original
6962 instruction. */
6965 }
6967 /* Clean up an LDM which includes the PC in the register list. We clumped all
6968 the registers in the transferred list into a contiguous range r0...rX (to
6969 avoid loading PC directly and losing control of the debugged program), so we
6970 must undo that here. */
6972 static void
6976 {
6983 /* The method employed here will fail if the register list is fully populated
6984 (we need to avoid loading PC directly). */
6993 {
6995 {
6999 {
7004 }
7005 else
7011 num_to_shuffle--;
7012 }
7014 write_reg--;
7015 }
7017 /* Restore any registers we scribbled over. */
7019 {
7021 {
7023 CANNOT_WRITE_PC);
7025 write_reg);
7027 }
7028 }
7030 /* Perform register writeback manually. */
7032 {
7037 else
7041 CANNOT_WRITE_PC);
7042 }
7043 }
7045 /* Handle ldm/stm, apart from some tricky cases which are unlikely to occur
7046 in user-level code (in particular exception return, ldm rn, {...pc}^). */
7048 static int
7052 {
7060 /* Block transfers which don't mention PC can be run directly
7061 out-of-line. */
7066 {
7070 }
7088 {
7090 {
7091 /* LDM with a fully-populated register list. This case is
7092 particularly tricky. Implement for now by fully emulating the
7093 instruction (which might not behave perfectly in all cases, but
7094 these instructions should be rare enough for that not to matter
7095 too much). */
7099 }
7100 else
7101 {
7102 /* LDM of a list of registers which includes PC. Implement by
7103 rewriting the list of registers to be transferred into a
7104 contiguous chunk r0...rX before doing the transfer, then shuffling
7105 registers into the correct places in the cleanup routine. */
7113 /* Writeback makes things complicated. We need to avoid clobbering
7114 the base register with one of the registers in our modified
7115 register list, but just using a different register can't work in
7116 all cases, e.g.:
7118 ldm r14!, {r0-r13,pc}
7120 which would need to be rewritten as:
7122 ldm rN!, {r0-r14}
7124 but that can't work, because there's no free register for N.
7126 Solve this by turning off the writeback bit, and emulating
7127 writeback manually in the cleanup routine. */
7142 }
7143 }
7144 else
7145 {
7146 /* STM of a list of registers which includes PC. Run the instruction
7147 as-is, but out of line: this will store the wrong value for the PC,
7148 so we must manually fix up the memory in the cleanup routine.
7149 Doing things this way has the advantage that we can auto-detect
7150 the offset of the PC write (which is architecture-dependent) in
7151 the cleanup routine. */
7155 }
7158 }
7160 static int
7164 {
7169 /* Block transfers which don't mention PC can be run directly
7170 out-of-line. */
7175 {
7180 }
7185 /* Clear bit 13, since it should be always zero. */
7198 {
7200 {
7201 /* This branch is impossible to happen. */
7203 }
7204 else
7205 {
7228 }
7229 }
7230 else
7231 {
7236 }
7238 }
7240 /* Wrapper over read_memory_unsigned_integer for use in arm_get_next_pcs.
7241 This is used to avoid a dependency on BFD's bfd_endian enum. */
7243 ULONGEST
7246 {
7249 }
7251 /* Wrapper over gdbarch_addr_bits_remove for use in arm_get_next_pcs. */
7253 CORE_ADDR
7255 CORE_ADDR val)
7256 {
7257 return gdbarch_addr_bits_remove
7259 }
7261 /* Wrapper over syscall_next_pc for use in get_next_pcs. */
7263 static CORE_ADDR
7265 {
7267 }
7269 /* Wrapper over arm_is_thumb for use in arm_get_next_pcs. */
7271 int
7273 {
7275 }
7277 /* single_step() is called just before we want to resume the inferior,
7278 if we want to single-step it but there is no hardware or kernel
7279 single-step support. We find the target of the coming instructions
7280 and breakpoint them. */
7284 {
7293 regcache);
7301 }
7303 /* Cleanup/copy SVC (SWI) instructions. These two functions are overridden
7304 for Linux, where some SVC instructions must be treated specially. */
7306 static void
7309 {
7316 }
7319 /* Common copy routine for svc instruction. */
7321 static int
7324 {
7325 /* Preparation: none.
7326 Insn: unmodified svc.
7327 Cleanup: pc <- insn_addr + insn_size. */
7329 /* Pretend we wrote to the PC, so cleanup doesn't set PC to the next
7330 instruction. */
7333 /* Allow OS-specific code to override SVC handling. */
7336 else
7337 {
7340 }
7341 }
7343 static int
7346 {
7354 }
7356 static int
7359 {
7366 }
7368 /* Copy undefined instructions. */
7370 static int
7373 {
7380 }
7382 static int
7385 {
7395 }
7397 /* Copy unpredictable instructions. */
7399 static int
7402 {
7409 }
7411 /* The decode_* functions are instruction decoding helpers. They mostly follow
7412 the presentation in the ARM ARM. */
7414 static int
7418 {
7430 dsc);
7436 {
7439 else
7441 }
7446 {
7452 }
7457 {
7463 /* pld/pldw reg. */
7469 }
7470 else
7472 }
7474 static int
7478 {
7481 /* Switch on bits: 0bxxxxx321xxx0xxxxxxxxxxxxxxxxxxxx. */
7483 {
7495 {
7497 /* stc/stc2. */
7505 }
7508 {
7511 {
7513 /* ldc/ldc2 imm (undefined for rn == pc). */
7521 /* ldc/ldc2 lit (undefined for rn != pc). */
7527 }
7528 }
7535 /* ldc/ldc2 lit. */
7537 else
7543 else
7549 else
7554 }
7555 }
7557 /* Decode miscellaneous instructions in dp/misc encoding space. */
7559 static int
7563 {
7568 {
7577 else
7582 /* Not really supported. */
7584 else
7591 else
7601 /* Not really supported. */
7607 }
7608 }
7610 static int
7614 {
7617 {
7629 }
7630 else
7631 {
7647 /* 2nd arg means "unprivileged". */
7649 dsc);
7650 }
7652 /* Should be unreachable. */
7654 }
7656 static int
7660 {
7689 /* Should be unreachable. */
7691 }
7693 static int
7696 {
7698 {
7712 {
7715 else
7717 }
7718 else
7724 else
7729 {
7732 else
7734 }
7735 else
7741 else
7743 }
7745 /* Should be unreachable. */
7747 }
7749 static int
7753 {
7756 else
7758 }
7760 static int
7764 {
7768 {
7782 /* Note: no writeback for these instructions. Bit 25 will always be
7783 zero though (via caller), so the following works OK. */
7785 }
7787 /* Should be unreachable. */
7789 }
7791 /* Decode shifted register instructions. */
7793 static int
7797 {
7798 /* PC is only allowed to be used in instruction MOV. */
7805 else
7808 }
7811 /* Decode extension register load/store. Exactly the same as
7812 arm_decode_ext_reg_ld_st. */
7814 static int
7818 {
7822 {
7844 }
7846 /* Should be unreachable. */
7848 }
7850 static int
7853 {
7862 /* stc/stc2. */
7866 /* ldc/ldc2 imm/lit. */
7877 {
7880 else
7882 }
7891 else
7893 }
7895 static int
7899 {
7906 {
7910 dsc);
7913 else
7914 {
7915 /*coproc is 101x. SIMD/VFP, ext registers load/store. */
7918 dsc);
7920 {
7927 }
7928 }
7929 }
7930 else
7934 }
7936 static void
7939 {
7940 /* ADR Rd, #imm
7942 Rewrite as:
7944 Preparation: Rd <- PC
7945 Insn: ADD Rd, #imm
7946 Cleanup: Null.
7947 */
7949 /* Rd <- PC */
7952 }
7954 static int
7958 {
7960 /* Encoding T2: ADDS Rd, #imm */
7966 }
7968 static int
7972 {
7980 }
7982 static int
7986 {
7988 /* Since immediate has the same encoding in ADR ADD and SUB, so we simply
7989 extract raw immediate encoding rather than computing immediate. When
7990 generating ADD or SUB instruction, we can simply perform OR operation to
7991 set immediate into ADD. */
7999 {
8000 /* Encoding T3: SUB Rd, Rd, #imm */
8003 }
8005 {
8006 /* Encoding T3: ADD Rd, Rd, #imm */
8009 }
8015 }
8017 static int
8021 {
8026 /* LDR Rd, #imm8
8028 Rwrite as:
8030 Preparation: tmp0 <- R0, tmp2 <- R2, tmp3 <- R3, R2 <- PC, R3 <- #imm8;
8032 Insn: LDR R0, [R2, R3];
8033 Cleanup: R2 <- tmp2, R3 <- tmp3, Rd <- R0, R0 <- tmp0 */
8041 /* The assembler calculates the required value of the offset from the
8042 Align(PC,4) value of this instruction to the label. */
8060 }
8062 /* Copy Thumb cbnz/cbz instruction. */
8064 static int
8068 {
8076 /* CBNZ and CBZ do not affect the condition flags. If condition is true,
8077 set it INST_AL, so cleanup_branch will know branch is taken, otherwise,
8078 condition is false, let it be, cleanup_branch will do nothing. */
8080 {
8083 }
8084 else
8098 }
8100 /* Copy Table Branch Byte/Halfword */
8101 static int
8105 {
8115 {
8120 }
8121 else
8122 {
8127 }
8142 }
8144 static void
8147 {
8148 /* PC <- r7 */
8152 /* r7 <- r8 */
8156 /* r8 <- tmp[0] */
8159 }
8161 static int
8165 {
8168 /* Rewrite instruction: POP {rX, rY, ...,rZ, PC}
8169 to :
8171 (1) register list is full, that is, r0-r7 are used.
8172 Prepare: tmp[0] <- r8
8174 POP {r0, r1, ...., r6, r7}; remove PC from reglist
8175 MOV r8, r7; Move value of r7 to r8;
8176 POP {r7}; Store PC value into r7.
8178 Cleanup: PC <- r7, r7 <- r8, r8 <-tmp[0]
8180 (2) register list is not full, supposing there are N registers in
8181 register list (except PC, 0 <= N <= 7).
8182 Prepare: for each i, 0 - N, tmp[i] <- ri.
8184 POP {r0, r1, ...., rN};
8186 Cleanup: Set registers in original reglist from r0 - rN. Restore r0 - rN
8187 from tmp[] properly.
8188 */
8193 {
8202 }
8203 else
8204 {
8225 }
8228 }
8230 static void
8234 {
8239 /* 16-bit thumb instructions. */
8241 {
8242 /* Shift (imme), add, subtract, move and compare. */
8246 dsc);
8250 {
8254 dsc);
8257 {
8263 else
8265 dsc);
8266 }
8270 }
8282 {
8284 {
8291 else
8296 /* If-Then makes up to four following instructions conditional.
8297 IT instruction itself is not conditional, so handle it as a
8298 common unmodified instruction. */
8300 dsc);
8301 else
8306 }
8307 }
8318 else
8326 }
8330 }
8332 static int
8337 {
8343 {
8346 {
8348 /* PLD literal or Encoding T3 of PLI(immediate, literal). */
8350 else
8353 }
8354 else
8355 {
8359 else
8362 dsc);
8363 }
8370 else
8371 {
8375 else
8378 }
8381 {
8390 {
8392 /* LDR (immediate) */
8398 else
8399 /* LDR (register) */
8402 }
8404 }
8408 }
8410 }
8412 static void
8416 {
8422 {
8424 {
8426 {
8429 {
8430 /* Load/store {dual, exclusive}, table branch. */
8434 dsc);
8435 else
8436 /* PC is not allowed to use in load/store {dual, exclusive}
8437 instructions. */
8440 }
8442 {
8444 {
8452 }
8453 }
8457 /* Data-processing (shift register). */
8459 dsc);
8464 }
8466 }
8469 {
8474 else
8477 }
8478 else
8479 {
8481 {
8487 else
8490 }
8494 }
8498 {
8506 dsc);
8510 {
8523 }
8528 }
8532 }
8537 }
8539 static void
8543 {
8545 uint16_t insn1
8554 {
8555 uint16_t insn2
8558 }
8559 else
8561 }
8563 void
8567 {
8572 /* Most displaced instructions use a 1-instruction scratch space, so set this
8573 here and override below if/when necessary. */
8592 {
8612 }
8616 }
8618 /* Actually set up the scratch space for a displaced instruction. */
8620 void
8622 CORE_ADDR to,
8624 {
8632 /* Poke modified instruction(s). */
8634 {
8644 byte_order_for_code,
8647 }
8649 /* Choose the correct breakpoint instruction. */
8651 {
8654 }
8655 else
8656 {
8659 }
8661 /* Put breakpoint afterwards. */
8666 }
8668 /* Entry point for cleaning things up after a displaced instruction has been
8669 single-stepped. */
8671 void
8676 {
8677 /* The following block exists as a temporary measure while displaced
8678 stepping is fixed architecture at a time within GDB.
8680 In an earlier implementation of displaced stepping, if GDB thought the
8681 displaced instruction had not been executed then this fix up function
8682 was never called. As a consequence, things that should be fixed by
8683 this function were left in an unfixed state.
8685 However, it's not as simple as always calling this function; this
8686 function needs to be updated to decide what should be fixed up based
8687 on whether the displaced step executed or not, which requires each
8688 architecture to be considered individually.
8690 Until this architecture is updated, this block replicates the old
8691 behaviour; we just restore the program counter register, and leave
8692 everything else unfixed. */
8694 {
8699 }
8701 arm_displaced_step_copy_insn_closure *dsc
8711 }
8716 static int
8718 {
8719 gdb_disassemble_info *di
8724 {
8732 {
8733 /* Create a fake symbol vector containing a Thumb symbol.
8734 This is solely so that the code in print_insn_little_arm()
8735 and print_insn_big_arm() in opcodes/arm-dis.c will detect
8736 the presence of a Thumb symbol and switch to decoding
8737 Thumb instructions. */
8746 }
8750 }
8751 else
8754 /* GDB is able to get bfd_mach from the exe_bfd, info->mach is
8755 accurate, so mark USER_SPECIFIED_MACHINE_TYPE bit. Otherwise,
8756 opcodes/arm-dis.c:print_insn reset info->mach, and it will trigger
8757 the assert on the mismatch of info->mach and
8758 bfd_get_mach (current_program_space->exec_bfd ()) in
8759 default_print_insn. */
8766 }
8768 /* The following define instruction sequences that will cause ARM
8769 cpu's to take an undefined instruction trap. These are used to
8770 signal a breakpoint to GDB.
8772 The newer ARMv4T cpu's are capable of operating in ARM or Thumb
8773 modes. A different instruction is required for each mode. The ARM
8774 cpu's can also be big or little endian. Thus four different
8775 instructions are needed to support all cases.
8777 Note: ARMv4 defines several new instructions that will take the
8778 undefined instruction trap. ARM7TDMI is nominally ARMv4T, but does
8779 not in fact add the new instructions. The new undefined
8780 instructions in ARMv4 are all instructions that had no defined
8781 behaviour in earlier chips. There is no guarantee that they will
8782 raise an exception, but may be treated as NOP's. In practice, it
8783 may only safe to rely on instructions matching:
8785 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
8786 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
8787 C C C C 0 1 1 x x x x x x x x x x x x x x x x x x x x 1 x x x x
8789 Even this may only true if the condition predicate is true. The
8790 following use a condition predicate of ALWAYS so it is always TRUE.
8792 There are other ways of forcing a breakpoint. GNU/Linux, RISC iX,
8793 and NetBSD all use a software interrupt rather than an undefined
8794 instruction to force a trap. This can be handled by by the
8795 abi-specific code during establishment of the gdbarch vector. */
8797 #define ARM_LE_BREAKPOINT {0xFE,0xDE,0xFF,0xE7}
8798 #define ARM_BE_BREAKPOINT {0xE7,0xFF,0xDE,0xFE}
8799 #define THUMB_LE_BREAKPOINT {0xbe,0xbe}
8800 #define THUMB_BE_BREAKPOINT {0xbe,0xbe}
8807 /* Implement the breakpoint_kind_from_pc gdbarch method. */
8809 static int
8811 {
8816 {
8819 /* If we have a separate 32-bit breakpoint instruction for Thumb-2,
8820 check whether we are replacing a 32-bit instruction. */
8822 {
8826 {
8832 }
8833 }
8836 }
8837 else
8840 }
8842 /* Implement the sw_breakpoint_from_kind gdbarch method. */
8846 {
8850 {
8862 }
8863 }
8865 /* Implement the breakpoint_kind_from_current_state gdbarch method. */
8867 static int
8871 {
8874 /* Check the memory pointed by PC is readable. */
8876 {
8884 regcache);
8888 /* If MEMADDR is the next instruction of current pc, do the
8889 software single step computation, and get the thumb mode by
8890 the destination address. */
8892 {
8894 {
8896 {
8899 }
8900 else
8902 }
8903 }
8904 }
8907 }
8909 /* Extract from an array REGBUF containing the (raw) register state a
8910 function return value of type TYPE, and copy that, in virtual
8911 format, into VALBUF. */
8913 static void
8916 {
8925 {
8927 {
8929 {
8930 /* The value is in register F0 in internal format. We need to
8931 extract the raw value and then convert it to the desired
8932 internal type. */
8938 }
8943 /* ARM_FLOAT_VFP can arise if this is a variadic function so
8944 not using the VFP ABI code. */
8956 }
8957 }
8965 {
8966 /* If the type is a plain integer, then the access is
8967 straight-forward. Otherwise we have to play around a bit
8968 more. */
8971 ULONGEST tmp;
8974 {
8975 /* By using store_unsigned_integer we avoid having to do
8976 anything special for small big-endian values. */
8984 }
8985 }
8986 else
8987 {
8988 /* For a structure or union the behaviour is as if the value had
8989 been stored to word-aligned memory and then loaded into
8990 registers with 32-bit load instruction(s). */
8996 {
9002 }
9003 }
9004 }
9007 /* Will a function return an aggregate type in memory or in a
9008 register? Return 0 if an aggregate type can be returned in a
9009 register, 1 if it must be returned in memory. */
9011 static int
9013 {
9018 /* Simple, non-aggregate types (ie not including vectors and
9019 complex) are always returned in a register (or registers). */
9029 {
9030 /* Vector values should be returned using ARM registers if they
9031 are not over 16 bytes. */
9033 }
9037 {
9038 /* The AAPCS says all aggregates not larger than a word are returned
9039 in a register. */
9045 }
9046 else
9047 {
9050 /* All aggregate types that won't fit in a register must be returned
9051 in memory. */
9056 /* In the ARM ABI, "integer" like aggregate types are returned in
9057 registers. For an aggregate type to be integer like, its size
9058 must be less than or equal to ARM_INT_REGISTER_SIZE and the
9059 offset of each addressable subfield must be zero. Note that bit
9060 fields are not addressable, and all addressable subfields of
9061 unions always start at offset zero.
9063 This function is based on the behaviour of GCC 2.95.1.
9064 See: gcc/arm.c: arm_return_in_memory() for details.
9066 Note: All versions of GCC before GCC 2.95.2 do not set up the
9067 parameters correctly for a function returning the following
9068 structure: struct { float f;}; This should be returned in memory,
9069 not a register. Richard Earnshaw sent me a patch, but I do not
9070 know of any way to detect if a function like the above has been
9071 compiled with the correct calling convention. */
9073 /* Assume all other aggregate types can be returned in a register.
9074 Run a check for structures, unions and arrays. */
9078 {
9080 /* Need to check if this struct/union is "integer" like. For
9081 this to be true, its size must be less than or equal to
9082 ARM_INT_REGISTER_SIZE and the offset of each addressable
9083 subfield must be zero. Note that bit fields are not
9084 addressable, and unions always start at offset zero. If any
9085 of the subfields is a floating point type, the struct/union
9086 cannot be an integer type. */
9088 /* For each field in the object, check:
9089 1) Is it FP? --> yes, nRc = 1;
9090 2) Is it addressable (bitpos != 0) and
9091 not packed (bitsize == 0)?
9092 --> yes, nRc = 1
9093 */
9096 {
9099 field_type_code
9102 /* Is it a floating point type field? */
9104 {
9107 }
9109 /* If bitpos != 0, then we have to care about it. */
9111 {
9112 /* Bitfields are not addressable. If the field bitsize is
9113 zero, then the field is not packed. Hence it cannot be
9114 a bitfield or any other packed type. */
9116 {
9119 }
9120 }
9121 }
9122 }
9125 }
9126 }
9128 /* Write into appropriate registers a function return value of type
9129 TYPE, given in virtual format. */
9131 static void
9134 {
9142 {
9147 {
9156 /* ARM_FLOAT_VFP can arise if this is a variadic function so
9157 not using the VFP ABI code. */
9169 }
9170 }
9178 {
9180 {
9181 /* Values of one word or less are zero/sign-extended and
9182 returned in r0. */
9186 {
9187 gdb_mpz unscaled;
9192 }
9193 else
9194 {
9197 }
9199 }
9200 else
9201 {
9202 /* Integral values greater than one word are stored in consecutive
9203 registers starting with r0. This will always be a multiple of
9204 the regiser size. */
9209 {
9213 }
9214 }
9215 }
9216 else
9217 {
9218 /* For a structure or union the behaviour is as if the value had
9219 been stored to word-aligned memory and then loaded into
9220 registers with 32-bit load instruction(s). */
9226 {
9232 }
9233 }
9234 }
9237 /* Handle function return values. */
9239 static enum return_value_convention
9243 {
9251 {
9258 {
9261 }
9264 {
9266 {
9274 }
9275 else
9276 {
9287 }
9288 }
9290 }
9295 {
9296 /* From the AAPCS document:
9298 Result return:
9300 A Composite Type larger than 4 bytes, or whose size cannot be
9301 determined statically by both caller and callee, is stored in memory
9302 at an address passed as an extra argument when the function was
9303 called (Parameter Passing, rule A.4). The memory to be used for the
9304 result may be modified at any point during the function call.
9306 Parameter Passing:
9308 A.4: If the subroutine is a function that returns a result in memory,
9309 then the address for the result is placed in r0 and the NCRN is set
9310 to r1. */
9313 {
9315 {
9316 CORE_ADDR addr;
9320 }
9322 }
9323 }
9325 {
9328 }
9334 {
9338 }
9341 }
9344 static int
9346 {
9350 CORE_ADDR jb_addr;
9356 ARM_INT_REGISTER_SIZE))
9361 }
9362 /* A call to cmse secure entry function "foo" at "a" is modified by
9363 GNU ld as "b".
9364 a) bl xxxx <foo>
9366 <foo>
9367 xxxx:
9369 b) bl yyyy <__acle_se_foo>
9371 section .gnu.sgstubs:
9372 <foo>
9373 yyyy: sg // secure gateway
9374 b.w xxxx <__acle_se_foo> // original_branch_dest
9376 <__acle_se_foo>
9377 xxxx:
9379 When the control at "b", the pc contains "yyyy" (sg address) which is a
9380 trampoline and does not exist in source code. This function returns the
9381 target pc "xxxx". For more details please refer to section 5.4
9382 (Entry functions) and section 3.4.4 (C level development flow of secure code)
9383 of "armv8-m-security-extensions-requirements-on-development-tools-engineering-specification"
9384 document on www.developer.arm.com. */
9386 static CORE_ADDR
9388 {
9393 struct bound_minimal_symbol minsym
9400 }
9402 /* Return true when SEC points to ".gnu.sgstubs" section. */
9404 static bool
9406 {
9411 }
9413 /* Recognize GCC and GNU ld's trampolines. If we are in a trampoline,
9414 return the target PC. Otherwise return 0. */
9416 CORE_ADDR
9418 {
9421 CORE_ADDR start_addr;
9423 /* Find the starting address and name of the function containing the PC. */
9425 {
9426 /* Trampoline 'bx reg' doesn't belong to any functions. Do the
9427 check here. */
9433 }
9435 /* If PC is in a Thumb call or return stub, return the address of the
9436 target PC, which is in a register. The thunk functions are called
9437 _call_via_xx, where x is the register name. The possible names
9438 are r0-r9, sl, fp, ip, sp, and lr. ARM RealView has similar
9439 functions, named __ARM_call_via_r[0-7]. */
9442 {
9443 /* Use the name suffix to determine which register contains the
9444 target PC. */
9448 };
9455 }
9457 /* GNU ld generates __foo_from_arm or __foo_from_thumb for
9458 non-interworking calls to foo. We could decode the stubs
9459 to find the target but it's easier to use the symbol table. */
9466 {
9475 else
9487 else
9489 }
9493 /* Check whether SECTION points to the ".gnu.sgstubs" section. */
9498 }
9500 static void
9502 {
9503 /* If the current architecture is not ARM, we have nothing to do. */
9508 /* Update the architecture. */
9509 gdbarch_info info;
9512 }
9514 static void
9517 {
9522 {
9525 }
9529 current_fp_model);
9532 }
9534 static void
9537 {
9541 {
9547 }
9548 else
9552 }
9554 static void
9557 {
9562 {
9565 }
9569 arm_abi_string);
9572 }
9574 static void
9577 {
9581 {
9587 }
9588 else
9590 arm_abi_string);
9591 }
9593 static void
9596 {
9600 arm_fallback_mode_string);
9601 }
9603 static void
9606 {
9610 arm_force_mode_string);
9611 }
9613 static void
9616 {
9620 }
9622 /* If the user changes the register disassembly style used for info
9623 register and other commands, we have to also switch the style used
9624 in opcodes for disassembly output. This function is run in the "set
9625 arm disassembly" command, and does that. */
9627 static void
9630 {
9631 /* Convert the short style name into the long style name (eg, reg-names-*)
9632 before calling the generic set_disassembler_options() function. */
9635 }
9637 static void
9640 {
9649 {
9652 }
9655 }
9656 \f
9657 /* Return the ARM register name corresponding to register I. */
9660 {
9664 {
9670 };
9673 }
9676 {
9680 };
9683 }
9688 /* RA_AUTH_CODE is used for unwinding only. Do not assign it a name. */
9693 /* These registers are only supported on targets which supply
9694 an XML description. */
9697 /* Non-pseudo registers. */
9699 }
9701 /* Test whether the coff symbol specific value corresponds to a Thumb
9702 function. */
9704 static int
9706 {
9712 }
9714 /* arm_coff_make_msymbol_special()
9715 arm_elf_make_msymbol_special()
9717 These functions test whether the COFF or ELF symbol corresponds to
9718 an address in thumb code, and set a "special" bit in a minimal
9719 symbol to indicate that it does. */
9721 static void
9723 {
9729 }
9731 static void
9733 {
9736 }
9738 static void
9741 {
9754 arm_mapping_symbol_vec &map
9760 /* Insert at the end, the vector will be sorted on first use. */
9762 }
9764 static void
9766 {
9770 /* If necessary, set the T bit. */
9772 {
9779 else
9782 }
9783 }
9785 /* Read the contents of a NEON quad register, by reading from two
9786 double registers. This is used to implement the quad pseudo
9787 registers, and for argument passing in case the quad registers are
9788 missing; vectors are passed in quad registers when using the VFP
9789 ABI, even if a NEON unit is not present. REGNUM is the index of
9790 the quad register, in [0, 15]. */
9792 static enum register_status
9795 {
9816 }
9818 /* Read the contents of a NEON quad register, by reading from two double
9819 registers, and return it as a value. QUAD_REG_INDEX is the index of the quad
9820 register, in [0, 15]. */
9825 {
9827 int double_regnum
9833 }
9835 /* Read the contents of the MVE pseudo register REGNUM and return it as a
9836 value. */
9840 {
9843 /* P0 is the first 16 bits of VPR. */
9846 }
9851 {
9857 {
9858 /* Quad-precision register. */
9861 }
9864 else
9865 {
9868 /* Single-precision register. */
9871 /* s0 is always the least significant half of d0. */
9875 else
9879 int double_regnum
9884 offset);
9885 }
9886 }
9888 /* Store the contents of BUF to a NEON quad register, by writing to
9889 two double registers. This is used to implement the quad pseudo
9890 registers, and for argument passing in case the quad registers are
9891 missing; vectors are passed in quad registers when using the VFP
9892 ABI, even if a NEON unit is not present. REGNUM is the index
9893 of the quad register, in [0, 15]. */
9895 static void
9898 {
9908 }
9910 static void
9913 {
9915 int double_regnum
9920 }
9922 /* Store the contents of BUF to the MVE pseudo register REGNUM. */
9924 static void
9927 {
9930 /* P0 is the first 16 bits of VPR. */
9932 }
9934 static void
9938 {
9944 {
9945 /* Quad-precision register. */
9948 }
9951 else
9952 {
9955 /* Single-precision register. */
9958 /* s0 is always the least significant half of d0. */
9962 else
9966 int double_regnum
9971 }
9972 }
9976 {
9979 }
9981 static enum gdb_osabi
9983 {
9990 /* GNU tools use this value. Check note sections in this case,
9991 as well. */
9992 {
9995 }
9997 /* Anything else will be handled by the generic ELF sniffer. */
9999 }
10001 static int
10004 {
10005 /* FPS register's type is INT, but belongs to float_reggroup. Beside
10006 this, FPS register belongs to save_regroup, restore_reggroup, and
10007 all_reggroup, of course. */
10013 else
10015 }
10017 /* For backward-compatibility we allow two 'g' packet lengths with
10018 the remote protocol depending on whether FPA registers are
10019 supplied. M-profile targets do not have FPA registers, but some
10020 stubs already exist in the wild which use a 'g' packet which
10021 supplies them albeit with dummy values. The packet format which
10022 includes FPA registers should be considered deprecated for
10023 M-profile targets. */
10025 static void
10027 {
10031 {
10034 /* If we know from the executable this is an M-profile target,
10035 cater for remote targets whose register set layout is the
10036 same as the FPA layout. */
10040 tdesc);
10042 /* The regular M-profile layout. */
10045 tdesc);
10047 /* M-profile plus M4F VFP. */
10051 tdesc);
10052 /* M-profile plus MVE. */
10055 + ARM_VFP2_REGS_SIZE
10058 /* M-profile system (stack pointers). */
10061 }
10063 /* Otherwise we don't have a useful guess. */
10064 }
10066 /* Implement the code_of_frame_writable gdbarch method. */
10068 static int
10070 {
10074 {
10075 /* M-profile exception frames return to some magic PCs, where
10076 isn't writable at all. */
10078 }
10079 else
10081 }
10083 /* Implement gdbarch_gnu_triplet_regexp. If the arch name is arm then allow it
10084 to be postfixed by a version (eg armv7hl). */
10088 {
10092 }
10094 /* Implement the "get_pc_address_flags" gdbarch method. */
10098 {
10103 }
10105 /* Initialize the current architecture based on INFO. If possible,
10106 re-use an architecture from ARCHES, which is a list of
10107 architectures already created during this debugging session.
10109 Called e.g. at program startup, when reading a core file, and when
10110 reading a binary file. */
10114 {
10118 tdesc_arch_data_up tdesc_data;
10142 /* If we have an object to base this architecture on, try to determine
10143 its ABI. */
10146 {
10150 {
10152 /* Assume it's an old APCS-style ABI. */
10153 /* XXX WinCE? */
10162 {
10163 /* GNU tools used to use this value, but do not for EABI
10164 objects. There's nowhere to tag an EABI version
10165 anyway, so assume APCS. */
10167 }
10169 {
10173 {
10175 /* Assume GNU tools. */
10182 /* EABI binaries default to VFP float ordering.
10183 They may also contain build attributes that can
10184 be used to identify if the VFP argument-passing
10185 ABI is in use. */
10187 {
10188 #ifdef HAVE_ELF
10190 OBJ_ATTR_PROC,
10191 Tag_ABI_VFP_args))
10192 {
10194 /* "The user intended FP parameter/result
10195 passing to conform to AAPCS, base
10196 variant". */
10200 /* "The user intended FP parameter/result
10201 passing to conform to AAPCS, VFP
10202 variant". */
10206 /* "The user intended FP parameter/result
10207 passing to conform to tool chain-specific
10208 conventions" - we don't know any such
10209 conventions, so leave it as "auto". */
10212 /* "Code is compatible with both the base
10213 and VFP variants; the user did not permit
10214 non-variadic functions to pass FP
10215 parameters/results" - leave it as
10216 "auto". */
10219 /* Attribute value not mentioned in the
10220 November 2012 ABI, so leave it as
10221 "auto". */
10223 }
10224 #else
10226 #endif
10227 }
10231 /* Leave it as "auto". */
10234 }
10236 #ifdef HAVE_ELF
10237 /* Detect M-profile programs. This only works if the
10238 executable file includes build attributes; GCC does
10239 copy them to the executable, but e.g. RealView does
10240 not. */
10241 int attr_arch
10243 Tag_CPU_arch);
10244 int attr_profile
10246 Tag_CPU_arch_profile);
10248 /* GCC specifies the profile for v6-M; RealView only
10249 specifies the profile for architectures starting with
10250 V7 (as opposed to architectures with a tag
10251 numerically greater than TAG_CPU_ARCH_V7). */
10262 /* Look for attributes that indicate support for ARMv8.1-m
10263 PACBTI. */
10265 {
10266 int attr_pac_extension
10268 Tag_PAC_extension);
10270 int attr_bti_extension
10272 Tag_BTI_extension);
10274 int attr_pacret_use
10276 Tag_PACRET_use);
10278 int attr_bti_use
10280 Tag_BTI_use);
10285 }
10286 #endif
10287 }
10290 {
10292 {
10294 /* Leave it as "auto". Strictly speaking this case
10295 means FPA, but almost nobody uses that now, and
10296 many toolchains fail to set the appropriate bits
10297 for the floating-point model they use. */
10308 }
10309 }
10317 /* Leave it as "auto". */
10319 }
10320 }
10322 /* Check any target description for validity. */
10324 {
10325 /* For most registers we require GDB's default names; but also allow
10326 the numeric names for sp / lr / pc, as a convenience. */
10337 {
10342 else
10344 }
10353 ARM_SP_REGNUM,
10354 arm_sp_names);
10356 ARM_LR_REGNUM,
10357 arm_lr_names);
10359 ARM_PC_REGNUM,
10360 arm_pc_names);
10364 else
10372 {
10376 {
10377 /* MSP */
10381 {
10384 }
10388 /* PSP */
10392 {
10395 }
10397 }
10398 }
10403 {
10410 }
10411 else
10417 {
10423 };
10427 valid_p
10431 /* Check for the control registers, but do not fail if they
10432 are missing. */
10438 valid_p
10446 }
10448 /* If we have a VFP unit, check whether the single precision registers
10449 are present. If not, then we will synthesize them as pseudo
10450 registers. */
10454 {
10460 };
10462 /* Require the double precision registers. There must be either
10463 16 or 32. */
10466 {
10472 }
10476 /* Also require FPSCR. */
10489 /* If we have VFP, also check for NEON. The architecture allows
10490 NEON without VFP (integer vector operations only), but GDB
10491 does not support that. */
10495 {
10496 /* NEON requires 32 double-precision registers. */
10500 /* If there are quad registers defined by the stub, use
10501 their type; otherwise (normally) provide them with
10502 the default type. */
10505 }
10506 }
10508 /* Check for the TLS register feature. */
10511 {
10518 register_count++;
10519 }
10521 /* Check for MVE after all the checks for GPR's, VFP and Neon.
10522 MVE (Helium) is an M-profile extension. */
10524 {
10525 /* Do we have the MVE feature? */
10529 {
10530 /* If we have MVE, we must always have the VPR register. */
10534 {
10537 }
10541 register_count++;
10543 /* We can't have Q pseudo registers available here, as that
10544 would mean we have NEON features, and that is only available
10545 on A and R profiles. */
10548 /* Given we have a M-profile target description, if MVE is
10549 enabled and there are VFP registers, we should have Q
10550 pseudo registers (Q0 ~ Q7). */
10553 }
10555 /* Do we have the ARMv8.1-m PACBTI feature? */
10559 {
10560 /* By advertising this feature, the target acknowledges the
10561 presence of the ARMv8.1-m PACBTI extensions.
10563 We don't care for any particular registers in this group, so
10564 the target is free to include whatever it deems appropriate.
10566 The expectation is for this feature to include the PAC
10567 keys. */
10569 }
10571 /* Do we have the Security extension? */
10575 {
10576 /* Secure/Non-secure stack pointers. */
10577 /* MSP_NS */
10581 {
10584 }
10587 /* PSP_NS */
10591 {
10594 }
10597 /* MSP_S */
10601 {
10604 }
10607 /* PSP_S */
10611 {
10614 }
10618 }
10620 }
10621 }
10623 /* If there is already a candidate, use it. */
10627 {
10628 arm_gdbarch_tdep *tdep
10637 /* There are various other properties in tdep that we do not
10638 need to check here: those derived from a target description,
10639 since gdbarches with a different target description are
10640 automatically disqualified. */
10642 /* Do check is_m, though, since it might come from the binary. */
10646 /* Also check for ARMv8.1-m PACBTI support, since it might come from
10647 the binary. */
10651 /* Found a match. */
10653 }
10658 gdbarch *gdbarch
10662 /* Record additional information about the architecture we are defining.
10663 These are gdbarch discriminators, like the OSABI. */
10679 /* Adjust the MVE feature settings. */
10681 {
10684 }
10686 /* Adjust the PACBTI feature settings. */
10689 /* Adjust the M-profile stack pointers settings. */
10691 {
10698 }
10702 /* Breakpoints. */
10704 {
10723 }
10725 /* On ARM targets char defaults to unsigned. */
10728 /* wchar_t is unsigned under the AAPCS. */
10731 else
10734 /* Compute type alignment. */
10737 /* Note: for displaced stepping, this includes the breakpoint, and one word
10738 of additional scratch space. This setting isn't used for anything beside
10739 displaced stepping at present. */
10740 set_gdbarch_displaced_step_buffer_length
10744 /* This should be low enough for everything. */
10748 /* The default, for both APCS and AAPCS, is to return small
10749 structures in registers. */
10762 /* Address manipulation. */
10765 /* Advance PC across function entry code. */
10768 /* Detect whether PC is at a point where the stack has been destroyed. */
10771 /* Skip trampolines. */
10774 /* The stack grows downward. */
10777 /* Breakpoint manipulation. */
10781 arm_breakpoint_kind_from_current_state);
10783 /* Information about registers, etc. */
10790 /* This "info float" is FPA-specific. Use the generic version if we
10791 do not have FPA. */
10795 /* Internal <-> external register number maps. */
10801 /* Returning results. */
10804 /* Disassembly. */
10807 /* Minsymbol frobbing. */
10810 arm_coff_make_msymbol_special);
10813 /* Thumb-2 IT block support. */
10815 arm_adjust_breakpoint_address);
10817 /* Virtual tables. */
10820 /* Hook in the ABI-specific overrides, if they have been registered. */
10825 /* Add some default predicates. */
10834 /* Now we have tuned the configuration, set a few final things,
10835 based on what the OS ABI has told us. */
10837 /* If the ABI is not otherwise marked, assume the old GNU APCS. EABI
10838 binaries are always marked. */
10842 /* Watchpoints are not steppable. */
10845 /* We used to default to FPA for generic ARM, but almost nobody
10846 uses that now, and we now provide a way for the user to force
10847 the model. So default to the most useful variant. */
10854 /* Floating point sizes and format. */
10857 {
10858 set_gdbarch_double_format
10860 set_gdbarch_long_double_format
10862 }
10863 else
10864 {
10867 }
10869 /* Hook used to decorate frames with signed return addresses, only available
10870 for ARMv8.1-m PACBTI. */
10875 {
10881 /* Override tdesc_register_type to adjust the types of VFP
10882 registers for NEON. */
10884 }
10886 /* Initialize the pseudo register data. */
10889 {
10890 /* VFP single precision pseudo registers (S0~S31). */
10896 {
10897 /* NEON quad precision pseudo registers (Q0~Q15). */
10906 }
10907 }
10909 /* Do we have any MVE pseudo registers? */
10911 {
10915 }
10917 /* Do we have any ARMv8.1-m PACBTI pseudo registers. */
10919 {
10923 }
10925 /* Set some pseudo register hooks, if we have pseudo registers. */
10927 {
10931 }
10933 /* Add standard register aliases. We add aliases even for those
10934 names which are used by the current architecture - it's simpler,
10935 and does no harm, since nothing ever lists user registers. */
10946 }
10948 static void
10950 {
11008 }
11010 #if GDB_SELF_TEST
11011 namespace selftests
11012 {
11015 }
11016 #endif
11019 void
11021 {
11029 /* Add ourselves to objfile event chain. */
11032 /* Register an ELF OS ABI sniffer for ARM binaries. */
11034 bfd_target_elf_flavour,
11035 arm_elf_osabi_sniffer);
11037 /* Add root prefix command for all "set arm"/"show arm" commands. */
11050 num_disassembly_styles++;
11052 /* Initialize the array that will be passed to add_setshow_enum_cmd(). */
11057 {
11067 }
11068 /* Mark the end of valid options. */
11071 /* Create the help text. */
11074 regdesc,
11082 set_disassembly_style_sfunc,
11083 show_disassembly_style_sfunc,
11090 NULL,
11092 mode is %s. */
11095 /* Add a command to allow the user to force the FPU model. */
11107 /* Add a command to allow the user to force the ABI. */
11114 /* Add two commands to allow the user to force the assumed
11115 execution mode. */
11129 /* Add a command to stop triggering security exceptions when
11130 unwinding exception stacks. */
11138 /* Debugging flag. */
11143 NULL,
11147 #if GDB_SELF_TEST
11150 #endif
11152 }
11154 /* ARM-reversible process record data structures. */
11156 #define ARM_INSN_SIZE_BYTES 4
11157 #define THUMB_INSN_SIZE_BYTES 2
11158 #define THUMB2_INSN_SIZE_BYTES 4
11161 /* Position of the bit within a 32-bit ARM instruction
11162 that defines whether the instruction is a load or store. */
11163 #define INSN_S_L_BIT_NUM 20
11165 #define REG_ALLOC(REGS, LENGTH, RECORD_BUF) \
11166 do \
11167 { \
11168 unsigned int reg_len = LENGTH; \
11169 if (reg_len) \
11170 { \
11171 REGS = XNEWVEC (uint32_t, reg_len); \
11172 memcpy(®S[0], &RECORD_BUF[0], sizeof(uint32_t)*LENGTH); \
11173 } \
11174 } \
11175 while (0)
11177 #define MEM_ALLOC(MEMS, LENGTH, RECORD_BUF) \
11178 do \
11179 { \
11180 unsigned int mem_len = LENGTH; \
11181 if (mem_len) \
11182 { \
11183 MEMS = XNEWVEC (struct arm_mem_r, mem_len); \
11184 memcpy(&MEMS->len, &RECORD_BUF[0], \
11185 sizeof(struct arm_mem_r) * LENGTH); \
11186 } \
11187 } \
11188 while (0)
11190 /* Checks whether insn is already recorded or yet to be decoded. (boolean expression). */
11191 #define INSN_RECORDED(ARM_RECORD) \
11192 (0 != (ARM_RECORD)->reg_rec_count || 0 != (ARM_RECORD)->mem_rec_count)
11194 /* ARM memory record structure. */
11195 struct arm_mem_r
11196 {
11199 };
11201 /* ARM instruction record contains opcode of current insn
11202 and execution state (before entry to decode_insn()),
11203 contains list of to-be-modified registers and
11204 memory blocks (on return from decode_insn()). */
11206 struct arm_insn_decode_record
11207 {
11219 };
11222 /* Checks ARM SBZ and SBO mandatory fields. */
11224 static int
11226 {
11236 {
11238 {
11240 }
11242 }
11244 }
11246 enum arm_record_result
11247 {
11250 };
11252 enum arm_record_strx_t
11253 {
11255 ARM_RECORD_STRD
11256 };
11258 enum record_type_t
11259 {
11261 THUMB_RECORD,
11262 THUMB2_RECORD
11263 };
11266 static int
11269 {
11281 {
11282 /* 1) Handle misc store, immediate offset. */
11289 {
11290 /* If R15 was used as Rn, hence current PC+8. */
11292 }
11294 /* Calculate target store address. */
11296 {
11298 }
11299 else
11300 {
11302 }
11304 {
11308 }
11310 {
11316 }
11317 }
11319 {
11320 /* 2) Store, register offset. */
11321 /* Get Rm. */
11323 /* Get Rn. */
11328 {
11329 /* If R15 was used as Rn, hence current PC+8. */
11331 }
11332 /* Calculate target store address, Rn +/- Rm, register offset. */
11334 {
11336 }
11337 else
11338 {
11340 }
11342 {
11346 }
11348 {
11354 }
11355 }
11358 {
11359 /* 3) Store, immediate pre-indexed. */
11360 /* 5) Store, immediate post-indexed. */
11366 /* Calculate target store address, Rn +/- Rm, register offset. */
11368 {
11370 }
11371 else
11372 {
11374 }
11376 {
11380 }
11382 {
11388 }
11389 /* Record Rn also as it changes. */
11392 }
11395 {
11396 /* 4) Store, register pre-indexed. */
11397 /* 6) Store, register post -indexed. */
11402 /* Calculate target store address, Rn +/- Rm, register offset. */
11404 {
11406 }
11407 else
11408 {
11410 }
11412 {
11416 }
11418 {
11424 }
11425 /* Record Rn also as it changes. */
11428 }
11430 }
11432 /* Handling ARM extension space insns. */
11434 static int
11436 {
11445 /* Handle unconditional insn extension space. */
11450 {
11451 /* PLD has no affect on architectural state, it just affects
11452 the caches. */
11454 {
11455 /* BLX(1) */
11459 }
11460 /* STC2, LDC2, MCR2, MRC2, CDP2: <TBD>, co-processor insn. */
11461 }
11466 {
11468 /* Undefined instruction on ARM V5; need to handle if later
11469 versions define it. */
11470 }
11476 /* Handle arithmetic insn extension space. */
11479 {
11480 /* Handle MLA(S) and MUL(S). */
11482 {
11486 }
11488 {
11489 /* Handle SMLAL(S), SMULL(S), UMLAL(S), UMULL(S). */
11494 }
11495 }
11501 /* Handle control insn extension space. */
11505 {
11507 {
11509 {
11511 {
11512 /* MRS. */
11515 }
11517 {
11518 /* CSPR is going to be changed. */
11521 }
11523 {
11524 /* SPSR is going to be changed. */
11525 /* We need to get SPSR value, which is yet to be done. */
11527 }
11528 }
11530 {
11532 {
11533 /* BX. */
11536 }
11538 {
11539 /* CLZ. */
11542 }
11543 }
11545 {
11546 /* BLX. */
11550 }
11552 {
11553 /* QADD, QSUB, QDADD, QDSUB */
11557 }
11559 {
11560 /* BKPT. */
11565 /* Save SPSR also;how? */
11567 }
11572 )
11573 {
11575 {
11576 /* SMLA<x><y>, SMLAW<y>, SMULW<y>. */
11577 /* We dont do optimization for SMULW<y> where we
11578 need only Rd. */
11582 }
11584 {
11585 /* SMLAL<x><y>. */
11589 }
11591 {
11592 /* SMUL<x><y>. */
11595 }
11596 }
11597 }
11598 else
11599 {
11600 /* MSR : immediate form. */
11602 {
11603 /* CSPR is going to be changed. */
11606 }
11608 {
11609 /* SPSR is going to be changed. */
11610 /* we need to get SPSR value, which is yet to be done */
11612 }
11613 }
11614 }
11620 /* Handle load/store insn extension space. */
11625 {
11626 /* SWP/SWPB. */
11628 {
11629 /* These insn, changes register and memory as well. */
11630 /* SWP or SWPB insn. */
11631 /* Get memory address given by Rn. */
11634 /* SWP insn ?, swaps word. */
11636 {
11638 }
11639 else
11640 {
11641 /* SWPB insn, swaps only byte. */
11643 }
11648 }
11650 {
11651 /* STRH. */
11653 ARM_RECORD_STRH);
11654 }
11656 {
11657 /* LDRD. */
11661 }
11663 {
11664 /* STRD. */
11666 ARM_RECORD_STRD);
11667 }
11669 {
11670 /* LDRH, LDRSB, LDRSH. */
11673 }
11675 }
11680 {
11682 /* Handle coprocessor insn extension space. */
11683 }
11685 /* To be done for ARMv5 and later; as of now we return -1. */
11693 }
11695 /* Handling opcode 000 insns. */
11697 static int
11699 {
11712 {
11713 /* Data-processing (register) and Data-processing (register-shifted
11714 register */
11715 /* Out of 11 shifter operands mode, all the insn modifies destination
11716 register, which is specified by 13-16 decode. */
11720 }
11722 {
11723 /* Miscellaneous instructions */
11727 {
11728 /* Handle BLX, branch and link/exchange. */
11730 {
11731 /* Branch is chosen by setting T bit of CSPR, bitp[0] of Rm,
11732 and R14 stores the return address. */
11736 }
11737 }
11739 {
11740 /* Handle enhanced software breakpoint insn, BKPT. */
11741 /* CPSR is changed to be executed in ARM state, disabling normal
11742 interrupts, entering abort mode. */
11743 /* According to high vector configuration PC is set. */
11744 /* user hit breakpoint and type reverse, in
11745 that case, we need to go back with previous CPSR and
11746 Program Counter. */
11751 /* Save SPSR also; how? */
11753 }
11756 {
11757 /* Handle BX, branch and link/exchange. */
11758 /* Branch is chosen by setting T bit of CSPR, bitp[0] of Rm. */
11761 }
11765 {
11766 /* Count leading zeros: CLZ. */
11769 }
11774 {
11775 /* Handle MRS insn. */
11778 }
11779 }
11781 {
11782 /* Multiply and multiply-accumulate */
11784 /* Handle multiply instructions. */
11785 /* MLA, MUL, SMLAL, SMULL, UMLAL, UMULL. */
11787 {
11788 /* Handle MLA and MUL. */
11792 }
11794 {
11795 /* Handle SMLAL, SMULL, UMLAL, UMULL. */
11800 }
11801 }
11803 {
11804 /* Synchronization primitives */
11806 /* Handling SWP, SWPB. */
11807 /* These insn, changes register and memory as well. */
11808 /* SWP or SWPB insn. */
11812 /* SWP insn ?, swaps word. */
11814 {
11816 }
11817 else
11818 {
11819 /* SWPB insn, swaps only byte. */
11821 }
11826 }
11829 {
11831 {
11832 /* Extra load/store (unprivileged) */
11834 }
11835 else
11836 {
11837 /* Extra load/store */
11839 {
11842 {
11843 /* STRH (register), STRH (immediate) */
11846 }
11848 {
11849 /* LDRH (register) */
11854 {
11855 /* Write back to Rn. */
11858 }
11859 }
11861 {
11862 /* LDRH (immediate), LDRH (literal) */
11869 {
11870 /*LDRH (immediate) */
11872 {
11873 /* Write back to Rn. */
11875 }
11876 }
11877 }
11878 else
11883 {
11884 /* LDRD (register) */
11890 {
11891 /* Write back to Rn. */
11894 }
11895 }
11897 {
11898 /* LDRSB (register) */
11903 {
11904 /* Write back to Rn. */
11907 }
11908 }
11910 {
11911 /* LDRD (immediate), LDRD (literal), LDRSB (immediate),
11912 LDRSB (literal) */
11919 {
11920 /*LDRD (immediate), LDRSB (immediate) */
11922 {
11923 /* Write back to Rn. */
11925 }
11926 }
11927 }
11928 else
11933 {
11934 /* STRD (register) */
11937 }
11939 {
11940 /* LDRSH (register) */
11945 {
11946 /* Write back to Rn. */
11949 }
11950 }
11952 {
11953 /* STRD (immediate) */
11956 }
11958 {
11959 /* LDRSH (immediate), LDRSH (literal) */
11964 {
11965 /* Write back to Rn. */
11968 }
11969 }
11970 else
11975 }
11976 }
11977 }
11978 else
11979 {
11981 }
11986 }
11988 /* Handling opcode 001 insns. */
11990 static int
11992 {
12001 )
12002 {
12003 /* Handle MSR insn. */
12005 {
12006 /* CSPR is going to be changed. */
12009 }
12010 else
12011 {
12012 /* SPSR is going to be changed. */
12013 }
12014 }
12016 {
12017 /* Normal data processing insns. */
12018 /* Out of 11 shifter operands mode, all the insn modifies destination
12019 register, which is specified by 13-16 decode. */
12023 }
12024 else
12025 {
12027 }
12032 }
12034 static int
12036 {
12040 {
12042 /* Parallel addition and subtraction, signed */
12044 /* Parallel addition and subtraction, unsigned */
12047 /* Packing, unpacking, saturation and reversal */
12048 {
12052 }
12057 /* Signed multiplies */
12058 {
12068 }
12072 {
12075 {
12076 /* SBFX */
12079 }
12082 {
12083 /* USAD8 and USADA8 */
12086 }
12087 }
12091 {
12094 {
12095 /* Permanently UNDEFINED */
12097 }
12098 else
12099 {
12100 /* BFC, BFI and UBFX */
12103 }
12104 }
12109 }
12114 }
12116 /* Handle ARM mode instructions with opcode 010. */
12118 static int
12120 {
12127 ULONGEST u_regval;
12129 /* Calculate wback. */
12137 {
12138 /* LDR (immediate), LDR (literal), LDRB (immediate), LDRB (literal), LDRBT
12139 and LDRT. */
12144 /* The LDR instruction is capable of doing branching. If MOV LR, PC
12145 preceeds a LDR instruction having R15 as reg_base, it
12146 emulates a branch and link instruction, and hence we need to save
12147 CPSR and PC as well. */
12151 /* If wback is true, also save the base register, which is going to be
12152 written to. */
12155 }
12156 else
12157 {
12158 /* STR (immediate), STRB (immediate), STRBT and STRT. */
12163 /* Handle bit U. */
12165 {
12166 /* U == 1: Add the offset. */
12168 }
12169 else
12170 {
12171 /* U == 0: subtract the offset. */
12173 }
12175 /* Bit 22 tells us whether the store instruction writes 1 byte or 4
12176 bytes. */
12178 {
12179 /* STRB and STRBT: 1 byte. */
12181 }
12182 else
12183 {
12184 /* STR and STRT: 4 bytes. */
12186 }
12188 /* Handle bit P. */
12191 else
12196 /* If wback is true, also save the base register, which is going to be
12197 written to. */
12200 }
12205 }
12207 /* Handling opcode 011 insns. */
12209 static int
12211 {
12219 LONGEST s_word;
12228 /* Handle enhanced store insns and LDRD DSP insn,
12229 order begins according to addressing modes for store insns
12230 STRH insn. */
12232 /* LDR or STR? */
12234 {
12236 /* LDR insn has a capability to do branching, if
12237 MOV LR, PC is preceded by LDR insn having Rn as R15
12238 in that case, it emulates branch and link insn, and hence we
12239 need to save CSPR and PC as well. */
12241 {
12244 }
12245 else
12246 {
12250 }
12251 }
12252 else
12253 {
12255 {
12256 /* Store insn, register offset and register pre-indexed,
12257 register post-indexed. */
12258 /* Get Rm. */
12260 /* Get Rn. */
12267 {
12268 /* If R15 was used as Rn, hence current PC+8. */
12269 /* Pre-indexed mode doesnt reach here ; illegal insn. */
12271 }
12272 /* Calculate target store address, Rn +/- Rm, register offset. */
12273 /* U == 1. */
12275 {
12277 }
12278 else
12279 {
12281 }
12284 {
12285 /* STR. */
12288 /* STR. */
12291 /* STRT. */
12294 /* STR. */
12300 /* STRB. */
12303 /* STRB. */
12306 /* STRBT. */
12309 /* STRB. */
12318 }
12328 )
12329 {
12330 /* Rn is going to be changed in pre-indexed mode and
12331 post-indexed mode as well. */
12334 }
12335 }
12336 else
12337 {
12338 /* Store insn, scaled register offset; scaled pre-indexed. */
12340 /* Get Rm. */
12342 /* Get Rn. */
12344 /* Get shift_imm. */
12349 /* Offset_12 used as shift. */
12351 {
12353 /* Offset_12 used as index. */
12363 {
12365 {
12367 }
12368 else
12369 {
12371 }
12372 }
12373 else
12374 {
12375 /* This is arithmetic shift. */
12377 }
12382 {
12385 /* Get C flag value and shift it by 31. */
12388 }
12389 else
12390 {
12394 }
12400 }
12403 /* bit U set. */
12405 {
12407 }
12408 else
12409 {
12411 }
12414 {
12415 /* STR. */
12418 /* STR. */
12421 /* STRT. */
12424 /* STR. */
12430 /* STRB. */
12433 /* STRB. */
12436 /* STRBT. */
12439 /* STRB. */
12448 }
12458 )
12459 {
12460 /* Rn is going to be changed in register scaled pre-indexed
12461 mode,and scaled post indexed mode. */
12464 }
12465 }
12466 }
12471 }
12473 /* Handle ARM mode instructions with opcode 100. */
12475 static int
12477 {
12483 ULONGEST u_regval;
12485 /* Fetch the list of registers. */
12489 /* Fetch the base register that contains the address we are loading data
12490 to. */
12493 /* Calculate wback. */
12497 {
12498 /* LDM/LDMIA/LDMFD, LDMDA/LDMFA, LDMDB and LDMIB. */
12500 /* Find out which registers are going to be loaded from memory. */
12502 {
12506 register_count++;
12507 }
12510 /* If wback is true, also save the base register, which is going to be
12511 written to. */
12515 /* Save the CPSR register. */
12517 }
12518 else
12519 {
12520 /* STM (STMIA, STMEA), STMDA (STMED), STMDB (STMFD) and STMIB (STMFA). */
12526 /* Find out how many registers are going to be stored to memory. */
12528 {
12530 register_count++;
12532 }
12535 {
12536 /* STMDA (STMED): Decrement after. */
12541 /* STM (STMIA, STMEA): Increment after. */
12545 /* STMDB (STMFD): Decrement before. */
12550 /* STMIB (STMFA): Increment before. */
12557 }
12562 /* If wback is true, also save the base register, which is going to be
12563 written to. */
12566 }
12571 }
12573 /* Handling opcode 101 insns. */
12575 static int
12577 {
12580 /* Handle B, BL, BLX(1) insns. */
12581 /* B simply branches so we do nothing here. */
12582 /* Note: BLX(1) doesnt fall here but instead it falls into
12583 extension space. */
12585 {
12588 }
12593 }
12595 static int
12597 {
12604 }
12606 /* Record handler for vector data transfer instructions. */
12608 static int
12610 {
12620 /* Handle VMOV instruction. */
12622 {
12625 }
12627 {
12628 /* Handle VMOV instruction. */
12630 {
12633 }
12634 /* Handle VMRS instruction. */
12636 {
12642 }
12643 }
12645 {
12646 /* Handle VMOV instruction. */
12648 {
12652 }
12653 /* Handle VMSR instruction. */
12655 {
12658 }
12659 }
12661 {
12662 /* Handle VMOV instruction. */
12664 {
12668 }
12669 /* Handle VDUP instruction. */
12670 else
12671 {
12673 {
12678 }
12679 else
12680 {
12684 }
12685 }
12686 }
12690 }
12692 /* Record handler for extension register load/store instructions. */
12694 static int
12696 {
12708 /* Handle VMOV instructions. */
12710 {
12712 {
12716 }
12717 else
12718 {
12723 {
12724 /* The first S register number m is REG_M:M (M is bit 5),
12725 the corresponding D register number is REG_M:M / 2, which
12726 is REG_M. */
12728 /* The second S register number is REG_M:M + 1, the
12729 corresponding D register number is (REG_M:M + 1) / 2.
12730 IOW, if bit M is 1, the first and second S registers
12731 are mapped to different D registers, otherwise, they are
12732 in the same D register. */
12734 {
12737 }
12738 }
12739 else
12740 {
12743 }
12744 }
12745 }
12746 /* Handle VSTM and VPUSH instructions. */
12749 {
12761 else
12765 {
12768 }
12771 {
12773 {
12778 }
12779 else
12780 {
12787 }
12788 memory_count--;
12789 }
12791 }
12792 /* Handle VLDM instructions. */
12795 {
12803 /* REG_VD is the first D register number. If the instruction
12804 loads memory to S registers (SINGLE_REG is TRUE), the register
12805 number is (REG_VD << 1 | bit D), so the corresponding D
12806 register number is (REG_VD << 1 | bit D) / 2 = REG_VD. */
12813 /* If the instruction loads memory to D register, REG_COUNT should
12814 be divided by 2, according to the ARM Architecture Reference
12815 Manual. If the instruction loads memory to S register, divide by
12816 2 as well because two S registers are mapped to D register. */
12819 {
12820 /* Increase the register count if S register list starts from
12821 an odd number (bit d is one). */
12822 reg_count++;
12823 }
12826 {
12828 reg_count--;
12829 }
12831 }
12832 /* VSTR Vector store register. */
12834 {
12845 else
12849 {
12853 }
12854 else
12855 {
12861 }
12862 }
12863 /* VLDR Vector load register. */
12865 {
12869 {
12872 }
12873 else
12874 {
12876 /* Record register D rather than pseudo register S. */
12878 }
12880 }
12885 }
12887 /* Record handler for arm/thumb mode VFP data processing instructions. */
12889 static int
12891 {
12903 /* Mask off the "D" bit. */
12906 /* Handle VMLA, VMLS. */
12908 {
12910 {
12913 else
12915 }
12916 else
12917 {
12920 else
12922 }
12923 }
12924 /* Handle VNMLA, VNMLS, VNMUL. */
12926 {
12929 else
12931 }
12932 /* Handle VMUL. */
12934 {
12936 {
12939 else
12941 }
12942 else
12943 {
12946 else
12948 }
12949 }
12950 /* Handle VADD, VSUB. */
12952 {
12954 {
12957 else
12959 }
12960 else
12961 {
12964 else
12966 }
12967 }
12968 /* Handle VDIV. */
12970 {
12973 else
12975 }
12976 /* Handle all other vfp data processing instructions. */
12978 {
12979 /* Handle VMOV. */
12981 {
12983 {
12986 else
12988 }
12989 else
12990 {
12993 else
12995 }
12996 }
12997 /* Handle VNEG and VABS. */
13000 {
13002 {
13005 else
13007 }
13008 else
13009 {
13012 else
13014 }
13015 }
13016 /* Handle VSQRT. */
13018 {
13021 else
13023 }
13024 /* Handle VCVT. */
13026 {
13029 else
13031 }
13033 {
13034 /* Handle VCVT. */
13036 {
13039 else
13040 {
13043 else
13045 }
13046 }
13047 /* Handle VCVT. */
13049 {
13052 else
13054 }
13055 /* Handle VCVTB, VCVTT. */
13058 /* Handle VCMP, VCMPE. */
13061 }
13062 }
13065 {
13093 }
13097 }
13099 /* Handling opcode 110 insns. */
13101 static int
13103 {
13111 {
13112 /* Handle extension register ld/st instructions. */
13116 /* 64-bit transfers between arm core and extension registers. */
13119 }
13120 else
13121 {
13122 /* Handle coprocessor ld/st instructions. */
13124 {
13125 /* Store. */
13128 else
13129 /* Load. */
13131 }
13133 /* Move to coprocessor from two arm core registers. */
13137 /* Move to two arm core registers from coprocessor. */
13139 {
13148 }
13149 }
13151 }
13153 /* Handling opcode 111 insns. */
13155 static int
13157 {
13159 arm_gdbarch_tdep *tdep
13169 /* Handle arm SWI/SVC system call instructions. */
13171 {
13173 {
13184 }
13185 else
13186 {
13189 }
13190 }
13192 {
13194 {
13196 {
13197 /* 8, 16, and 32-bit transfer */
13199 }
13200 else
13201 {
13203 {
13204 /* MRC, MRC2 */
13213 record_buf);
13215 }
13216 else
13217 {
13218 /* MCR, MCR2 */
13220 }
13221 }
13222 }
13223 else
13224 {
13226 {
13227 /* VFP data-processing instructions. */
13229 }
13230 else
13231 {
13232 /* CDP, CDP2 */
13234 }
13235 }
13236 }
13237 else
13238 {
13242 {
13244 {
13245 /* MRRC, MRRC2 */
13247 }
13248 }
13250 {
13252 {
13253 /* 64-bit transfers between ARM core and extension */
13255 }
13257 {
13258 /* MCRR, MCRR2 */
13260 }
13261 }
13263 {
13264 /* UNDEFINED */
13266 }
13267 else
13268 {
13270 {
13271 /* Extension register load/store */
13272 }
13273 else
13274 {
13275 /* STC, STC2, LDC, LDC2 */
13276 }
13278 }
13279 }
13282 }
13284 /* Handling opcode 000 insns. */
13286 static int
13288 {
13301 }
13304 /* Handling opcode 001 insns. */
13306 static int
13308 {
13321 }
13323 /* Handling opcode 010 insns. */
13325 static int
13327 {
13339 {
13340 /* Handle load/store register offset. */
13344 {
13345 /* LDR(2), LDRB(2) , LDRH(2), LDRSB, LDRSH. */
13349 }
13351 {
13352 /* STR(2), STRB(2), STRH(2) . */
13365 }
13366 }
13368 {
13369 /* Handle load from literal pool. */
13370 /* LDR(3). */
13374 }
13376 {
13377 /* Special data instructions and branch and exchange */
13381 {
13382 /* Branch with exchange. */
13385 }
13386 else
13387 {
13388 /* Format 8; special data processing insns. */
13393 }
13394 }
13395 else
13396 {
13397 /* Format 5; data processing insns. */
13400 {
13402 }
13406 }
13410 record_buf_mem);
13413 }
13415 /* Handling opcode 001 insns. */
13417 static int
13419 {
13431 {
13432 /* LDR(1). */
13436 }
13437 else
13438 {
13439 /* STR(1). */
13446 }
13450 record_buf_mem);
13453 }
13455 /* Handling opcode 100 insns. */
13457 static int
13459 {
13471 {
13472 /* LDR(4). */
13476 }
13478 {
13479 /* LDRH(1). */
13483 }
13485 {
13486 /* STR(3). */
13492 }
13494 {
13495 /* STRH(1). */
13502 }
13506 record_buf_mem);
13509 }
13511 /* Handling opcode 101 insns. */
13513 static int
13515 {
13529 {
13530 /* ADR and ADD (SP plus immediate) */
13535 }
13536 else
13537 {
13538 /* Miscellaneous 16-bit instructions */
13542 {
13544 /* SETEND and CPS */
13547 /* ADD/SUB (SP plus immediate) */
13556 /* CBNZ, CBZ */
13559 /* SXTH, SXTB, UXTH, UXTB */
13565 /* PUSH. */
13569 {
13571 register_count++;
13573 }
13578 {
13582 register_count--;
13583 }
13588 /* REV, REV16, REVSH */
13594 /* POP. */
13597 {
13601 register_count++;
13602 }
13608 /* BKPT insn. */
13609 /* Handle enhanced software breakpoint insn, BKPT. */
13610 /* CPSR is changed to be executed in ARM state, disabling normal
13611 interrupts, entering abort mode. */
13612 /* According to high vector configuration PC is set. */
13613 /* User hits breakpoint and type reverse, in that case, we need to go back with
13614 previous CPSR and Program Counter. */
13618 /* We need to save SPSR value, which is not yet done. */
13628 /* If-Then, and hints */
13632 };
13633 }
13637 record_buf_mem);
13640 }
13642 /* Handling opcode 110 insns. */
13644 static int
13646 {
13647 arm_gdbarch_tdep *tdep
13663 {
13665 /* LDMIA. */
13667 /* Get Rn. */
13670 {
13674 register_count++;
13675 }
13678 }
13680 {
13681 /* It handles both STMIA. */
13683 /* Get Rn. */
13687 {
13689 register_count++;
13691 }
13695 {
13699 register_count--;
13700 }
13701 }
13703 {
13704 /* Handle arm syscall insn. */
13706 {
13709 }
13710 else
13711 {
13714 }
13715 }
13717 /* B (1), conditional branch is automatically taken care in process_record,
13718 as PC is saved there. */
13722 record_buf_mem);
13725 }
13727 /* Handling opcode 111 insns. */
13729 static int
13731 {
13738 {
13739 /* BL */
13742 }
13744 {
13745 /* BLX(1). */
13749 }
13751 /* B(2) is automatically taken care in process_record, as PC is
13752 saved there. */
13757 }
13759 /* Handler for thumb2 load/store multiple instructions. */
13761 static int
13763 {
13777 {
13779 {
13780 /* Handle RFE instruction. */
13783 }
13784 else
13785 {
13786 /* Handle SRS instruction after reading banked SP. */
13788 }
13789 }
13791 {
13793 {
13794 /* Handle LDM/LDMIA/LDMFD and LDMDB/LDMEA instructions. */
13797 {
13801 register_count++;
13803 }
13807 }
13808 else
13809 {
13810 /* Handle STM/STMIA/STMEA and STMDB/STMFD. */
13814 {
13816 register_count++;
13819 }
13822 {
13823 /* Start address calculation for LDMDB/LDMEA. */
13825 }
13827 {
13828 /* Start address calculation for LDMDB/LDMEA. */
13830 }
13834 {
13838 register_count--;
13839 }
13843 }
13844 }
13847 record_buf_mem);
13849 record_buf);
13851 }
13853 /* Handler for thumb2 load/store (dual/exclusive) and table branch
13854 instructions. */
13856 static int
13858 {
13874 {
13876 {
13881 }
13884 {
13888 }
13889 }
13890 else
13891 {
13896 {
13897 /* Handle STREX. */
13906 }
13908 {
13916 {
13917 /* Handle STREXB. */
13920 }
13922 {
13923 /* Handle STREXH. */
13926 }
13928 {
13929 /* Handle STREXD. */
13935 }
13936 }
13937 else
13938 {
13942 {
13945 else
13949 }
13950 else
13960 }
13961 }
13964 record_buf);
13966 record_buf_mem);
13968 }
13970 /* Handler for thumb2 data processing (shift register and modified immediate)
13971 instructions. */
13973 static int
13975 {
13983 {
13986 }
13987 else
13988 {
13992 }
13995 record_buf);
13997 }
13999 /* Generic handler for thumb2 instructions which effect destination and PS
14000 registers. */
14002 static int
14004 {
14015 record_buf);
14017 }
14019 /* Handler for thumb2 branch and miscellaneous control instructions. */
14021 static int
14023 {
14031 /* Handle MSR insn. */
14033 {
14035 {
14036 /* CPSR is going to be changed. */
14039 }
14040 else
14041 {
14044 }
14045 }
14047 {
14048 /* BLX. */
14052 }
14055 record_buf);
14057 }
14059 /* Handler for thumb2 store single data item instructions. */
14061 static int
14063 {
14079 {
14080 /* T2 encoding. */
14084 }
14085 else
14086 {
14087 /* T3 encoding. */
14089 {
14090 /* Handle STRB (register). */
14096 }
14097 else
14098 {
14101 {
14104 else
14108 }
14109 else
14111 }
14112 }
14115 {
14116 /* Store byte instructions. */
14121 /* Store half word instructions. */
14126 /* Store word instructions. */
14135 }
14143 record_buf);
14145 record_buf_mem);
14147 }
14149 /* Handler for thumb2 load memory hints instructions. */
14151 static int
14153 {
14161 {
14168 record_buf);
14170 }
14173 }
14175 /* Handler for thumb2 load word instructions. */
14177 static int
14179 {
14187 {
14188 /* Detected LDR(immediate), T4, with write-back bit set. Record Rn
14189 update. */
14192 }
14195 record_buf);
14197 }
14199 /* Handler for thumb2 long multiply, long multiply accumulate, and
14200 divide instructions. */
14202 static int
14204 {
14212 {
14213 /* Handle SMULL, UMULL, SMULAL. */
14214 /* Handle SMLAL(S), SMULL(S), UMLAL(S), UMULL(S). */
14219 }
14221 {
14222 /* Handle SDIV and UDIV. */
14227 }
14228 else
14232 record_buf);
14234 }
14236 /* Record handler for thumb32 coprocessor instructions. */
14238 static int
14240 {
14243 else
14245 }
14247 /* Record handler for advance SIMD structure load/store instructions. */
14249 static int
14251 {
14269 {
14275 {
14276 /* Handle VST1. */
14278 {
14287 else
14291 {
14293 {
14298 }
14299 }
14300 }
14301 /* Handle VST2. */
14303 {
14308 else
14313 {
14315 {
14319 }
14321 }
14322 }
14323 /* Handle VST3. */
14325 {
14327 {
14329 {
14333 }
14335 }
14336 }
14337 /* Handle VST4. */
14339 {
14341 {
14343 {
14347 }
14349 }
14350 }
14351 }
14352 else
14353 {
14362 else
14365 /* Handle VST1. */
14368 /* Handle VST2. */
14371 /* Handle VST3. */
14374 /* Handle VST4. */
14379 {
14382 }
14383 }
14384 }
14385 else
14386 {
14388 {
14389 /* Handle VLD1. */
14392 /* Handle VLD2. */
14395 /* Handle VLD3. */
14398 /* Handle VLD4. */
14401 }
14402 else
14403 {
14404 /* Handle VLD1. */
14407 /* Handle VLD2. */
14410 /* Handle VLD3. */
14413 /* Handle VLD4. */
14419 }
14420 }
14423 {
14426 }
14429 record_buf);
14431 record_buf_mem);
14433 }
14435 /* Decodes thumb2 instruction type and invokes its record handler. */
14437 static unsigned int
14439 {
14447 {
14449 {
14450 /* Load/store multiple instruction. */
14452 }
14454 {
14455 /* Load/store (dual/exclusive) and table branch instruction. */
14457 }
14459 {
14460 /* Data-processing (shifted register). */
14462 }
14464 {
14465 /* Co-processor instructions. */
14467 }
14468 }
14470 {
14472 {
14473 /* Branches and miscellaneous control instructions. */
14475 }
14477 {
14478 /* Data-processing (plain binary immediate) instruction. */
14480 }
14481 else
14482 {
14483 /* Data-processing (modified immediate). */
14485 }
14486 }
14488 {
14490 {
14491 /* Store single data item. */
14493 }
14495 {
14496 /* Advanced SIMD or structure load/store instructions. */
14498 }
14500 {
14501 /* Load byte, memory hints instruction. */
14503 }
14505 {
14506 /* Load halfword, memory hints instruction. */
14508 }
14510 {
14511 /* Load word instruction. */
14513 }
14515 {
14516 /* Data-processing (register) instruction. */
14518 }
14520 {
14521 /* Multiply, multiply accumulate, abs diff instruction. */
14523 }
14525 {
14526 /* Long multiply, long multiply accumulate, and divide. */
14528 }
14530 {
14531 /* Co-processor instructions. */
14533 }
14534 }
14537 }
14540 /* Abstract instruction reader. */
14542 class abstract_instruction_reader
14543 {
14545 /* Read one instruction of size LEN from address MEMADDR and using
14546 BYTE_ORDER endianness. */
14550 };
14552 /* Instruction reader from real target. */
14555 {
14559 {
14561 }
14562 };
14568 /* Decode arm/thumb insn depending on condition cods and opcodes; and
14569 dispatch it. */
14571 static int
14575 {
14577 /* (Starting from numerical 0); bits 25, 26, 27 decodes type of arm
14578 instruction. */
14580 {
14588 arm_record_coproc_data_proc /* 111. */
14589 };
14591 /* (Starting from numerical 0); bits 13,14,15 decodes type of thumb
14592 instruction. */
14594 { \
14602 thumb_record_branch /* 111. */
14603 };
14607 enum bfd_endian code_endian
14609 arm_record->arm_insn
14613 {
14619 else
14620 {
14621 /* If this insn has fallen into extension space
14622 then we need not decode it anymore. */
14624 }
14626 {
14629 }
14630 }
14632 {
14633 /* As thumb does not have condition codes, we set negative. */
14638 {
14641 }
14642 }
14644 {
14645 /* As thumb does not have condition codes, we set negative. */
14648 /* Swap first half of 32bit thumb instruction with second half. */
14649 arm_record->arm_insn
14655 {
14658 }
14659 }
14660 else
14661 {
14662 /* Throw assertion. */
14664 }
14667 }
14669 #if GDB_SELF_TEST
14672 /* Instruction reader class for selftests.
14674 For 16-bit Thumb instructions, an array of uint16_t should be used.
14676 For 32-bit Thumb instructions and regular 32-bit Arm instructions, an array
14677 of uint32_t should be used. */
14681 {
14686 {}
14690 {
14696 }
14701 };
14703 static void
14705 {
14713 /* 16-bit Thumb instructions. */
14714 {
14715 arm_insn_decode_record arm_record;
14720 /* Use the endian-free representation of the instructions here. The test
14721 will handle endianness conversions. */
14723 /* db b2 uxtb r3, r3 */
14725 /* cd 58 ldr r5, [r1, r3] */
14727 };
14731 THUMB_INSN_SIZE_BYTES);
14740 THUMB_INSN_SIZE_BYTES);
14746 }
14748 /* 32-bit Thumb-2 instructions. */
14749 {
14750 arm_insn_decode_record arm_record;
14755 /* Use the endian-free representation of the instruction here. The test
14756 will handle endianness conversions. */
14758 /* mrc 15, 0, r7, cr13, cr0, {3} */
14760 };
14764 THUMB2_INSN_SIZE_BYTES);
14770 }
14772 /* 32-bit instructions. */
14773 {
14774 arm_insn_decode_record arm_record;
14779 /* Use the endian-free representation of the instruction here. The test
14780 will handle endianness conversions. */
14782 /* mov r5, r0 */
14784 };
14788 ARM_INSN_SIZE_BYTES);
14791 }
14792 }
14794 /* Instruction reader from manually cooked instruction sequences. */
14797 {
14801 {}
14804 {
14809 }
14813 };
14815 static void
14817 {
14819 {
14829 /* The "sub" instruction contains an immediate value rotate count of 0,
14830 which resulted in a 32-bit shift of a 32-bit value, caught by
14831 UBSan. */
14837 };
14840 arm_prologue_cache cache;
14844 }
14845 }
14850 /* Cleans up local record registers and memory allocations. */
14852 static void
14854 {
14857 }
14860 /* Parse the current instruction and record the values of the registers and
14861 memory that will be changed in current instruction to record_arch_list".
14862 Return -1 if something is wrong. */
14864 int
14866 CORE_ADDR insn_addr)
14867 {
14875 arm_insn_decode_record arm_record;
14884 {
14888 }
14890 instruction_reader reader;
14891 enum bfd_endian code_endian
14893 arm_record.arm_insn
14896 /* Check the insn, whether it is thumb or arm one. */
14903 {
14904 /* We are decoding arm insn. */
14906 }
14907 else
14908 {
14910 /* is it thumb2 insn? */
14912 {
14914 THUMB2_INSN_SIZE_BYTES);
14915 }
14916 else
14917 {
14918 /* We are decoding thumb insn. */
14920 THUMB_INSN_SIZE_BYTES);
14921 }
14922 }
14925 {
14926 /* Record registers. */
14929 {
14931 {
14935 }
14936 }
14937 /* Record memories. */
14939 {
14941 {
14946 }
14947 }
14951 }
14957 }
14959 /* See arm-tdep.h. */
14963 {
14967 {
14970 }
14973 }
14975 /* See arm-tdep.h. */
14979 {
14983 {
14986 }
14989 }