1 /* assemble.c code generation for the Netwide Assembler
3 * The Netwide Assembler is copyright (C) 1996 Simon Tatham and
4 * Julian Hall. All rights reserved. The software is
5 * redistributable under the license given in the file "LICENSE"
6 * distributed in the NASM archive.
8 * the actual codes (C syntax, i.e. octal):
9 * \0 - terminates the code. (Unless it's a literal of course.)
10 * \1, \2, \3 - that many literal bytes follow in the code stream
11 * \4, \6 - the POP/PUSH (respectively) codes for CS, DS, ES, SS
12 * (POP is never used for CS) depending on operand 0
13 * \5, \7 - the second byte of POP/PUSH codes for FS, GS, depending
15 * \10..\13 - a literal byte follows in the code stream, to be added
16 * to the register value of operand 0..3
17 * \14..\17 - a signed byte immediate operand, from operand 0..3
18 * \20..\23 - a byte immediate operand, from operand 0..3
19 * \24..\27 - an unsigned byte immediate operand, from operand 0..3
20 * \30..\33 - a word immediate operand, from operand 0..3
21 * \34..\37 - select between \3[0-3] and \4[0-3] depending on 16/32 bit
22 * assembly mode or the operand-size override on the operand
23 * \40..\43 - a long immediate operand, from operand 0..3
24 * \44..\47 - select between \3[0-3], \4[0-3] and \5[4-7]
25 * depending on the address size of the instruction.
26 * \50..\53 - a byte relative operand, from operand 0..3
27 * \54..\57 - a qword immediate operand, from operand 0..3
28 * \60..\63 - a word relative operand, from operand 0..3
29 * \64..\67 - select between \6[0-3] and \7[0-3] depending on 16/32 bit
30 * assembly mode or the operand-size override on the operand
31 * \70..\73 - a long relative operand, from operand 0..3
32 * \74..\77 - a word constant, from the _segment_ part of operand 0..3
33 * \1ab - a ModRM, calculated on EA in operand a, with the spare
34 * field the register value of operand b.
35 * \140..\143 - an immediate word or signed byte for operand 0..3
36 * \144..\147 - or 2 (s-field) into opcode byte if operand 0..3
37 * is a signed byte rather than a word. Opcode byte follows.
38 * \150..\153 - an immediate dword or signed byte for operand 0..3
39 * \154..\157 - or 2 (s-field) into opcode byte if operand 0..3
40 * is a signed byte rather than a dword. Opcode byte follows.
41 * \160..\163 - this instruction uses DREX rather than REX, with the
42 * OC0 field set to 0, and the dest field taken from
44 * \164..\167 - this instruction uses DREX rather than REX, with the
45 * OC0 field set to 1, and the dest field taken from
47 * \170 - encodes the literal byte 0. (Some compilers don't take
48 * kindly to a zero byte in the _middle_ of a compile time
49 * string constant, so I had to put this hack in.)
50 * \171 - placement of DREX suffix in the absence of an EA
51 * \172\ab - the register number from operand a in bits 7..4, with
52 * the 4-bit immediate from operand b in bits 0..3.
53 * \2ab - a ModRM, calculated on EA in operand a, with the spare
54 * field equal to digit b.
55 * \250..\253 - same as \150..\153, except warn if the 64-bit operand
56 * is not equal to the truncated and sign-extended 32-bit
57 * operand; used for 32-bit immediates in 64-bit mode.
58 * \260..\263 - this instruction uses VEX rather than REX, with the
59 * V field taken from operand 0..3.
60 * \270 - this instruction uses VEX rather than REX, with the
61 * V field set to 1111b.
63 * VEX prefixes are followed by the sequence:
64 * \1mm\1wp where mm is the M field; and wp is:
68 * ww = 2 for W used as REX.W
70 * \310 - indicates fixed 16-bit address size, i.e. optional 0x67.
71 * \311 - indicates fixed 32-bit address size, i.e. optional 0x67.
72 * \312 - (disassembler only) marker on LOOP, LOOPxx instructions.
73 * \313 - indicates fixed 64-bit address size, 0x67 invalid.
74 * \314 - (disassembler only) invalid with REX.B
75 * \315 - (disassembler only) invalid with REX.X
76 * \316 - (disassembler only) invalid with REX.R
77 * \317 - (disassembler only) invalid with REX.W
78 * \320 - indicates fixed 16-bit operand size, i.e. optional 0x66.
79 * \321 - indicates fixed 32-bit operand size, i.e. optional 0x66.
80 * \322 - indicates that this instruction is only valid when the
81 * operand size is the default (instruction to disassembler,
82 * generates no code in the assembler)
83 * \323 - indicates fixed 64-bit operand size, REX on extensions only.
84 * \324 - indicates 64-bit operand size requiring REX prefix.
85 * \330 - a literal byte follows in the code stream, to be added
86 * to the condition code value of the instruction.
87 * \331 - instruction not valid with REP prefix. Hint for
88 * disassembler only; for SSE instructions.
89 * \332 - REP prefix (0xF2 byte) used as opcode extension.
90 * \333 - REP prefix (0xF3 byte) used as opcode extension.
91 * \334 - LOCK prefix used instead of REX.R
92 * \335 - disassemble a rep (0xF3 byte) prefix as repe not rep.
93 * \340 - reserve <operand 0> bytes of uninitialized storage.
94 * Operand 0 had better be a segmentless constant.
95 * \364 - operand-size prefix (0x66) not permitted
96 * \365 - address-size prefix (0x67) not permitted
97 * \366 - operand-size prefix (0x66) used as opcode extension
98 * \367 - address-size prefix (0x67) used as opcode extension
99 * \370,\371,\372 - match only if operand 0 meets byte jump criteria.
100 * 370 is used for Jcc, 371 is used for JMP.
101 * \373 - assemble 0x03 if bits==16, 0x05 if bits==32;
102 * used for conditional jump over longer jump
105 #include "compiler.h"
109 #include <inttypes.h>
113 #include "assemble.h"
116 #include "regflags.c"
120 int sib_present
; /* is a SIB byte necessary? */
121 int bytes
; /* # of bytes of offset needed */
122 int size
; /* lazy - this is sib+bytes+1 */
123 uint8_t modrm
, sib
, rex
, rip
; /* the bytes themselves */
126 static uint32_t cpu
; /* cpu level received from nasm.c */
127 static efunc errfunc
;
128 static struct ofmt
*outfmt
;
129 static ListGen
*list
;
131 static int64_t calcsize(int32_t, int64_t, int, insn
*, const char *);
132 static void gencode(int32_t, int64_t, int, insn
*, const char *, int64_t);
133 static int matches(const struct itemplate
*, insn
*, int bits
);
134 static int32_t regflag(const operand
*);
135 static int32_t regval(const operand
*);
136 static int rexflags(int, int32_t, int);
137 static int op_rexflags(const operand
*, int);
138 static ea
*process_ea(operand
*, ea
*, int, int, int, int32_t, int);
139 static void add_asp(insn
*, int);
141 static int has_prefix(insn
* ins
, enum prefix_pos pos
, enum prefixes prefix
)
143 return ins
->prefixes
[pos
] == prefix
;
146 static void assert_no_prefix(insn
* ins
, enum prefix_pos pos
)
148 if (ins
->prefixes
[pos
])
149 errfunc(ERR_NONFATAL
, "invalid %s prefix",
150 prefix_name(ins
->prefixes
[pos
]));
153 static const char *size_name(int size
)
173 static void warn_overflow(int size
, int64_t data
)
176 int64_t lim
= ((int64_t)1 << (size
*8))-1;
178 if (data
< ~lim
|| data
> lim
)
179 errfunc(ERR_WARNING
| ERR_WARN_NOV
,
180 "%s data exceeds bounds", size_name(size
));
184 * This routine wrappers the real output format's output routine,
185 * in order to pass a copy of the data off to the listing file
186 * generator at the same time.
188 static void out(int64_t offset
, int32_t segto
, const void *data
,
189 enum out_type type
, uint64_t size
,
190 int32_t segment
, int32_t wrt
)
192 static int32_t lineno
= 0; /* static!!! */
193 static char *lnfname
= NULL
;
196 if (type
== OUT_ADDRESS
&& segment
== NO_SEG
&& wrt
== NO_SEG
) {
198 * This is a non-relocated address, and we're going to
199 * convert it into RAWDATA format.
204 errfunc(ERR_PANIC
, "OUT_ADDRESS with size > 8");
208 WRITEADDR(q
, *(int64_t *)data
, size
);
213 list
->output(offset
, data
, type
, size
);
216 * this call to src_get determines when we call the
217 * debug-format-specific "linenum" function
218 * it updates lineno and lnfname to the current values
219 * returning 0 if "same as last time", -2 if lnfname
220 * changed, and the amount by which lineno changed,
221 * if it did. thus, these variables must be static
224 if (src_get(&lineno
, &lnfname
)) {
225 outfmt
->current_dfmt
->linenum(lnfname
, lineno
, segto
);
228 outfmt
->output(segto
, data
, type
, size
, segment
, wrt
);
231 static int jmp_match(int32_t segment
, int64_t offset
, int bits
,
232 insn
* ins
, const char *code
)
237 if (c
!= 0370 && c
!= 0371)
239 if (ins
->oprs
[0].opflags
& OPFLAG_FORWARD
) {
240 if ((optimizing
< 0 || (ins
->oprs
[0].type
& STRICT
))
244 return (pass0
== 0); /* match a forward reference */
246 isize
= calcsize(segment
, offset
, bits
, ins
, code
);
247 if (ins
->oprs
[0].segment
!= segment
)
249 isize
= ins
->oprs
[0].offset
- offset
- isize
; /* isize is now the delta */
250 if (isize
>= -128L && isize
<= 127L)
251 return 1; /* it is byte size */
256 int64_t assemble(int32_t segment
, int64_t offset
, int bits
, uint32_t cp
,
257 insn
* instruction
, struct ofmt
*output
, efunc error
,
260 const struct itemplate
*temp
;
265 int64_t start
= offset
;
266 int64_t wsize
= 0; /* size for DB etc. */
268 errfunc
= error
; /* to pass to other functions */
270 outfmt
= output
; /* likewise */
271 list
= listgen
; /* and again */
273 switch (instruction
->opcode
) {
300 int32_t t
= instruction
->times
;
303 "instruction->times < 0 (%ld) in assemble()", t
);
305 while (t
--) { /* repeat TIMES times */
306 for (e
= instruction
->eops
; e
; e
= e
->next
) {
307 if (e
->type
== EOT_DB_NUMBER
) {
309 if (e
->segment
!= NO_SEG
)
310 errfunc(ERR_NONFATAL
,
311 "one-byte relocation attempted");
313 uint8_t out_byte
= e
->offset
;
314 out(offset
, segment
, &out_byte
,
315 OUT_RAWDATA
, 1, NO_SEG
, NO_SEG
);
317 } else if (wsize
> 8) {
318 errfunc(ERR_NONFATAL
, "integer supplied to a DT or DO"
321 out(offset
, segment
, &e
->offset
,
322 OUT_ADDRESS
, wsize
, e
->segment
, e
->wrt
);
324 } else if (e
->type
== EOT_DB_STRING
) {
327 out(offset
, segment
, e
->stringval
,
328 OUT_RAWDATA
, e
->stringlen
, NO_SEG
, NO_SEG
);
329 align
= e
->stringlen
% wsize
;
332 align
= wsize
- align
;
334 "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0",
335 OUT_RAWDATA
, align
, NO_SEG
, NO_SEG
);
337 offset
+= e
->stringlen
+ align
;
340 if (t
> 0 && t
== instruction
->times
- 1) {
342 * Dummy call to list->output to give the offset to the
345 list
->output(offset
, NULL
, OUT_RAWDATA
, 0);
346 list
->uplevel(LIST_TIMES
);
349 if (instruction
->times
> 1)
350 list
->downlevel(LIST_TIMES
);
351 return offset
- start
;
354 if (instruction
->opcode
== I_INCBIN
) {
355 static char fname
[FILENAME_MAX
];
358 char *prefix
= "", *combine
;
359 char **pPrevPath
= NULL
;
361 len
= FILENAME_MAX
- 1;
362 if (len
> instruction
->eops
->stringlen
)
363 len
= instruction
->eops
->stringlen
;
364 strncpy(fname
, instruction
->eops
->stringval
, len
);
367 while (1) { /* added by alexfru: 'incbin' uses include paths */
368 combine
= nasm_malloc(strlen(prefix
) + len
+ 1);
369 strcpy(combine
, prefix
);
370 strcat(combine
, fname
);
372 if ((fp
= fopen(combine
, "rb")) != NULL
) {
378 pPrevPath
= pp_get_include_path_ptr(pPrevPath
);
379 if (pPrevPath
== NULL
)
385 error(ERR_NONFATAL
, "`incbin': unable to open file `%s'",
387 else if (fseek(fp
, 0L, SEEK_END
) < 0)
388 error(ERR_NONFATAL
, "`incbin': unable to seek on file `%s'",
391 static char buf
[2048];
392 int32_t t
= instruction
->times
;
396 if (instruction
->eops
->next
) {
397 base
= instruction
->eops
->next
->offset
;
399 if (instruction
->eops
->next
->next
&&
400 len
> instruction
->eops
->next
->next
->offset
)
401 len
= instruction
->eops
->next
->next
->offset
;
404 * Dummy call to list->output to give the offset to the
407 list
->output(offset
, NULL
, OUT_RAWDATA
, 0);
408 list
->uplevel(LIST_INCBIN
);
412 fseek(fp
, base
, SEEK_SET
);
416 fread(buf
, 1, (l
> (int32_t) sizeof(buf
) ? (int32_t) sizeof(buf
) : l
),
420 * This shouldn't happen unless the file
421 * actually changes while we are reading
425 "`incbin': unexpected EOF while"
426 " reading file `%s'", fname
);
427 t
= 0; /* Try to exit cleanly */
430 out(offset
, segment
, buf
, OUT_RAWDATA
, m
,
435 list
->downlevel(LIST_INCBIN
);
436 if (instruction
->times
> 1) {
438 * Dummy call to list->output to give the offset to the
441 list
->output(offset
, NULL
, OUT_RAWDATA
, 0);
442 list
->uplevel(LIST_TIMES
);
443 list
->downlevel(LIST_TIMES
);
446 return instruction
->times
* len
;
448 return 0; /* if we're here, there's an error */
451 /* Check to see if we need an address-size prefix */
452 add_asp(instruction
, bits
);
456 for (temp
= nasm_instructions
[instruction
->opcode
]; temp
->opcode
!= -1; temp
++){
457 int m
= matches(temp
, instruction
, bits
);
460 m
+= jmp_match(segment
, offset
, bits
, instruction
, temp
->code
);
462 if (m
== 100) { /* matches! */
463 const char *codes
= temp
->code
;
464 int64_t insn_size
= calcsize(segment
, offset
, bits
,
466 itimes
= instruction
->times
;
467 if (insn_size
< 0) /* shouldn't be, on pass two */
468 error(ERR_PANIC
, "errors made it through from pass one");
471 for (j
= 0; j
< MAXPREFIX
; j
++) {
473 switch (instruction
->prefixes
[j
]) {
489 "cs segment base generated, but will be ignored in 64-bit mode");
496 "ds segment base generated, but will be ignored in 64-bit mode");
503 "es segment base generated, but will be ignored in 64-bit mode");
516 "ss segment base generated, but will be ignored in 64-bit mode");
523 "segr6 and segr7 cannot be used as prefixes");
528 "16-bit addressing is not supported "
530 } else if (bits
!= 16)
540 "64-bit addressing is only supported "
564 error(ERR_PANIC
, "invalid instruction prefix");
567 out(offset
, segment
, &c
, OUT_RAWDATA
, 1,
572 insn_end
= offset
+ insn_size
;
573 gencode(segment
, offset
, bits
, instruction
, codes
,
576 if (itimes
> 0 && itimes
== instruction
->times
- 1) {
578 * Dummy call to list->output to give the offset to the
581 list
->output(offset
, NULL
, OUT_RAWDATA
, 0);
582 list
->uplevel(LIST_TIMES
);
585 if (instruction
->times
> 1)
586 list
->downlevel(LIST_TIMES
);
587 return offset
- start
;
588 } else if (m
> 0 && m
> size_prob
) {
594 if (temp
->opcode
== -1) { /* didn't match any instruction */
597 error(ERR_NONFATAL
, "operation size not specified");
600 error(ERR_NONFATAL
, "mismatch in operand sizes");
603 error(ERR_NONFATAL
, "no instruction for this cpu level");
606 error(ERR_NONFATAL
, "instruction not supported in 64-bit mode");
610 "invalid combination of opcode and operands");
617 int64_t insn_size(int32_t segment
, int64_t offset
, int bits
, uint32_t cp
,
618 insn
* instruction
, efunc error
)
620 const struct itemplate
*temp
;
622 errfunc
= error
; /* to pass to other functions */
625 if (instruction
->opcode
== -1)
628 if (instruction
->opcode
== I_DB
|| instruction
->opcode
== I_DW
||
629 instruction
->opcode
== I_DD
|| instruction
->opcode
== I_DQ
||
630 instruction
->opcode
== I_DT
|| instruction
->opcode
== I_DO
) {
632 int32_t isize
, osize
, wsize
= 0; /* placate gcc */
635 switch (instruction
->opcode
) {
658 for (e
= instruction
->eops
; e
; e
= e
->next
) {
662 if (e
->type
== EOT_DB_NUMBER
)
664 else if (e
->type
== EOT_DB_STRING
)
665 osize
= e
->stringlen
;
667 align
= (-osize
) % wsize
;
670 isize
+= osize
+ align
;
672 return isize
* instruction
->times
;
675 if (instruction
->opcode
== I_INCBIN
) {
676 char fname
[FILENAME_MAX
];
679 char *prefix
= "", *combine
;
680 char **pPrevPath
= NULL
;
682 len
= FILENAME_MAX
- 1;
683 if (len
> instruction
->eops
->stringlen
)
684 len
= instruction
->eops
->stringlen
;
685 strncpy(fname
, instruction
->eops
->stringval
, len
);
688 /* added by alexfru: 'incbin' uses include paths */
690 combine
= nasm_malloc(strlen(prefix
) + len
+ 1);
691 strcpy(combine
, prefix
);
692 strcat(combine
, fname
);
694 if ((fp
= fopen(combine
, "rb")) != NULL
) {
700 pPrevPath
= pp_get_include_path_ptr(pPrevPath
);
701 if (pPrevPath
== NULL
)
707 error(ERR_NONFATAL
, "`incbin': unable to open file `%s'",
709 else if (fseek(fp
, 0L, SEEK_END
) < 0)
710 error(ERR_NONFATAL
, "`incbin': unable to seek on file `%s'",
715 if (instruction
->eops
->next
) {
716 len
-= instruction
->eops
->next
->offset
;
717 if (instruction
->eops
->next
->next
&&
718 len
> instruction
->eops
->next
->next
->offset
) {
719 len
= instruction
->eops
->next
->next
->offset
;
722 return instruction
->times
* len
;
724 return 0; /* if we're here, there's an error */
727 /* Check to see if we need an address-size prefix */
728 add_asp(instruction
, bits
);
730 for (temp
= nasm_instructions
[instruction
->opcode
]; temp
->opcode
!= -1; temp
++) {
731 int m
= matches(temp
, instruction
, bits
);
733 m
+= jmp_match(segment
, offset
, bits
, instruction
, temp
->code
);
736 /* we've matched an instruction. */
738 const char *codes
= temp
->code
;
741 isize
= calcsize(segment
, offset
, bits
, instruction
, codes
);
744 for (j
= 0; j
< MAXPREFIX
; j
++) {
745 switch (instruction
->prefixes
[j
]) {
771 return isize
* instruction
->times
;
774 return -1; /* didn't match any instruction */
777 static bool possible_sbyte(insn
* ins
, int op
)
779 return !(ins
->forw_ref
&& ins
->oprs
[op
].opflags
) &&
781 !(ins
->oprs
[op
].type
& STRICT
) &&
782 ins
->oprs
[op
].wrt
== NO_SEG
&& ins
->oprs
[op
].segment
== NO_SEG
;
785 /* check that opn[op] is a signed byte of size 16 or 32 */
786 static bool is_sbyte16(insn
* ins
, int op
)
790 if (!possible_sbyte(ins
, op
))
793 v
= ins
->oprs
[op
].offset
;
794 return v
>= -128 && v
<= 127;
797 static bool is_sbyte32(insn
* ins
, int op
)
801 if (!possible_sbyte(ins
, op
))
804 v
= ins
->oprs
[op
].offset
;
805 return v
>= -128 && v
<= 127;
808 /* check that opn[op] is a signed byte of size 32; warn if this is not
809 the original value when extended to 64 bits */
810 static bool is_sbyte64(insn
* ins
, int op
)
815 /* dead in the water on forward reference or External */
816 if (!possible_sbyte(ins
, op
))
819 v64
= ins
->oprs
[op
].offset
;
822 warn_overflow(32, v64
);
824 return v32
>= -128 && v32
<= 127;
826 static int64_t calcsize(int32_t segment
, int64_t offset
, int bits
,
827 insn
* ins
, const char *codes
)
834 ins
->rex
= 0; /* Ensure REX is reset */
836 if (ins
->prefixes
[PPS_OSIZE
] == P_O64
)
839 (void)segment
; /* Don't warn that this parameter is unused */
840 (void)offset
; /* Don't warn that this parameter is unused */
844 opx
= &ins
->oprs
[c
& 3];
849 codes
+= c
, length
+= c
;
862 op_rexflags(opx
, REX_B
|REX_H
|REX_P
|REX_W
);
893 if (opx
->type
& (BITS16
| BITS32
| BITS64
))
894 length
+= (opx
->type
& BITS16
) ? 2 : 4;
896 length
+= (bits
== 16) ? 2 : 4;
908 length
+= ins
->addr_size
>> 3;
920 length
+= 8; /* MOV reg64/imm */
932 if (opx
->type
& (BITS16
| BITS32
| BITS64
))
933 length
+= (opx
->type
& BITS16
) ? 2 : 4;
935 length
+= (bits
== 16) ? 2 : 4;
953 length
+= is_sbyte16(ins
, c
& 3) ? 1 : 2;
966 length
+= is_sbyte32(ins
, c
& 3) ? 1 : 4;
981 ins
->drexdst
= regval(opx
);
988 ins
->rex
|= REX_D
|REX_OC
;
989 ins
->drexdst
= regval(opx
);
1004 length
+= is_sbyte64(ins
, c
& 3) ? 1 : 4;
1012 ins
->drexdst
= regval(opx
);
1013 ins
->vex_m
= *codes
++;
1014 ins
->vex_wlp
= *codes
++;
1020 ins
->vex_m
= *codes
++;
1021 ins
->vex_wlp
= *codes
++;
1031 length
+= (bits
!= 16) && !has_prefix(ins
, PPS_ASIZE
, P_A16
);
1034 length
+= (bits
!= 32) && !has_prefix(ins
, PPS_ASIZE
, P_A32
);
1039 if (bits
!= 64 || has_prefix(ins
, PPS_ASIZE
, P_A16
) ||
1040 has_prefix(ins
, PPS_ASIZE
, P_A32
))
1049 length
+= (bits
!= 16);
1052 length
+= (bits
== 16);
1077 if (ins
->oprs
[0].segment
!= NO_SEG
)
1078 errfunc(ERR_NONFATAL
, "attempt to reserve non-constant"
1079 " quantity of BSS space");
1081 length
+= ins
->oprs
[0].offset
;
1097 default: /* can't do it by 'case' statements */
1098 if (c
>= 0100 && c
<= 0277) { /* it's an EA */
1102 ea_data
.rex
= 0; /* Ensure ea.REX is initially 0 */
1105 /* pick rfield from operand b */
1106 rflags
= regflag(&ins
->oprs
[c
& 7]);
1107 rfield
= regvals
[ins
->oprs
[c
& 7].basereg
];
1114 (&ins
->oprs
[(c
>> 3) & 7], &ea_data
, bits
,
1115 ins
->addr_size
, rfield
, rflags
, ins
->forw_ref
)) {
1116 errfunc(ERR_NONFATAL
, "invalid effective address");
1119 ins
->rex
|= ea_data
.rex
;
1120 length
+= ea_data
.size
;
1123 errfunc(ERR_PANIC
, "internal instruction table corrupt"
1124 ": instruction code 0x%02X given", c
);
1129 ins
->rex
&= rex_mask
;
1131 if (ins
->rex
& REX_V
) {
1132 int bad32
= REX_R
|REX_W
|REX_X
|REX_B
;
1134 if (ins
->rex
& REX_H
) {
1135 errfunc(ERR_NONFATAL
, "cannot use high register in vex instruction");
1138 switch (ins
->vex_wlp
& 030) {
1151 if (bits
!= 64 && ((ins
->rex
& bad32
) || ins
->drexdst
> 7)) {
1152 errfunc(ERR_NONFATAL
, "invalid operands in non-64-bit mode");
1155 if (ins
->vex_m
!= 1 || (ins
->rex
& (REX_W
|REX_R
|REX_B
)))
1159 } else if (ins
->rex
& REX_D
) {
1160 if (ins
->rex
& REX_H
) {
1161 errfunc(ERR_NONFATAL
, "cannot use high register in drex instruction");
1164 if (bits
!= 64 && ((ins
->rex
& (REX_R
|REX_W
|REX_X
|REX_B
)) ||
1165 ins
->drexdst
> 7)) {
1166 errfunc(ERR_NONFATAL
, "invalid operands in non-64-bit mode");
1170 } else if (ins
->rex
& REX_REAL
) {
1171 if (ins
->rex
& REX_H
) {
1172 errfunc(ERR_NONFATAL
, "cannot use high register in rex instruction");
1174 } else if (bits
== 64) {
1176 } else if ((ins
->rex
& REX_L
) &&
1177 !(ins
->rex
& (REX_P
|REX_W
|REX_X
|REX_B
)) &&
1180 assert_no_prefix(ins
, PPS_LREP
);
1183 errfunc(ERR_NONFATAL
, "invalid operands in non-64-bit mode");
1191 #define EMIT_REX() \
1192 if (!(ins->rex & (REX_D|REX_V)) && (ins->rex & REX_REAL) && (bits == 64)) { \
1193 ins->rex = (ins->rex & REX_REAL)|REX_P; \
1194 out(offset, segment, &ins->rex, OUT_RAWDATA, 1, NO_SEG, NO_SEG); \
1199 static void gencode(int32_t segment
, int64_t offset
, int bits
,
1200 insn
* ins
, const char *codes
, int64_t insn_end
)
1202 static char condval
[] = { /* conditional opcodes */
1203 0x7, 0x3, 0x2, 0x6, 0x2, 0x4, 0xF, 0xD, 0xC, 0xE, 0x6, 0x2,
1204 0x3, 0x7, 0x3, 0x5, 0xE, 0xC, 0xD, 0xF, 0x1, 0xB, 0x9, 0x5,
1205 0x0, 0xA, 0xA, 0xB, 0x8, 0x4
1211 struct operand
*opx
;
1215 opx
= &ins
->oprs
[c
& 3];
1221 out(offset
, segment
, codes
, OUT_RAWDATA
, c
, NO_SEG
, NO_SEG
);
1228 switch (ins
->oprs
[0].basereg
) {
1230 bytes
[0] = 0x0E + (c
== 0x04 ? 1 : 0);
1233 bytes
[0] = 0x1E + (c
== 0x04 ? 1 : 0);
1236 bytes
[0] = 0x06 + (c
== 0x04 ? 1 : 0);
1239 bytes
[0] = 0x16 + (c
== 0x04 ? 1 : 0);
1243 "bizarre 8086 segment register received");
1245 out(offset
, segment
, bytes
, OUT_RAWDATA
, 1, NO_SEG
, NO_SEG
);
1251 switch (ins
->oprs
[0].basereg
) {
1253 bytes
[0] = 0xA0 + (c
== 0x05 ? 1 : 0);
1256 bytes
[0] = 0xA8 + (c
== 0x05 ? 1 : 0);
1260 "bizarre 386 segment register received");
1262 out(offset
, segment
, bytes
, OUT_RAWDATA
, 1, NO_SEG
, NO_SEG
);
1271 bytes
[0] = *codes
++ + ((regval(opx
)) & 7);
1272 out(offset
, segment
, bytes
, OUT_RAWDATA
, 1, NO_SEG
, NO_SEG
);
1280 /* XXX: warns for legitimate optimizer actions */
1281 if (opx
->offset
< -128 || opx
->offset
> 127) {
1282 errfunc(ERR_WARNING
| ERR_WARN_NOV
,
1283 "signed byte value exceeds bounds");
1286 if (opx
->segment
!= NO_SEG
) {
1288 out(offset
, segment
, &data
, OUT_ADDRESS
, 1,
1289 opx
->segment
, opx
->wrt
);
1291 bytes
[0] = opx
->offset
;
1292 out(offset
, segment
, bytes
, OUT_RAWDATA
, 1, NO_SEG
,
1302 if (opx
->offset
< -256 || opx
->offset
> 255) {
1303 errfunc(ERR_WARNING
| ERR_WARN_NOV
,
1304 "byte value exceeds bounds");
1306 if (opx
->segment
!= NO_SEG
) {
1308 out(offset
, segment
, &data
, OUT_ADDRESS
, 1,
1309 opx
->segment
, opx
->wrt
);
1311 bytes
[0] = opx
->offset
;
1312 out(offset
, segment
, bytes
, OUT_RAWDATA
, 1, NO_SEG
,
1322 if (opx
->offset
< 0 || opx
->offset
> 255)
1323 errfunc(ERR_WARNING
| ERR_WARN_NOV
,
1324 "unsigned byte value exceeds bounds");
1325 if (opx
->segment
!= NO_SEG
) {
1327 out(offset
, segment
, &data
, OUT_ADDRESS
, 1,
1328 opx
->segment
, opx
->wrt
);
1330 bytes
[0] = opx
->offset
;
1331 out(offset
, segment
, bytes
, OUT_RAWDATA
, 1, NO_SEG
,
1342 if (opx
->segment
== NO_SEG
&& opx
->wrt
== NO_SEG
)
1343 warn_overflow(2, data
);
1344 out(offset
, segment
, &data
, OUT_ADDRESS
, 2,
1345 opx
->segment
, opx
->wrt
);
1353 if (opx
->type
& (BITS16
| BITS32
))
1354 size
= (opx
->type
& BITS16
) ? 2 : 4;
1356 size
= (bits
== 16) ? 2 : 4;
1358 if (opx
->segment
== NO_SEG
&& opx
->wrt
== NO_SEG
)
1359 warn_overflow(size
, data
);
1360 out(offset
, segment
, &data
, OUT_ADDRESS
, size
,
1361 opx
->segment
, opx
->wrt
);
1370 if (opx
->segment
== NO_SEG
&& opx
->wrt
== NO_SEG
)
1371 warn_overflow(4, data
);
1372 out(offset
, segment
, &data
, OUT_ADDRESS
, 4,
1373 opx
->segment
, opx
->wrt
);
1382 size
= ins
->addr_size
>> 3;
1383 if (opx
->segment
== NO_SEG
&&
1385 warn_overflow(size
, data
);
1386 out(offset
, segment
, &data
, OUT_ADDRESS
, size
,
1387 opx
->segment
, opx
->wrt
);
1395 if (opx
->segment
!= segment
)
1396 errfunc(ERR_NONFATAL
,
1397 "short relative jump outside segment");
1398 data
= opx
->offset
- insn_end
;
1399 if (data
> 127 || data
< -128)
1400 errfunc(ERR_NONFATAL
, "short jump is out of range");
1402 out(offset
, segment
, bytes
, OUT_RAWDATA
, 1, NO_SEG
, NO_SEG
);
1410 data
= (int64_t)opx
->offset
;
1411 out(offset
, segment
, &data
, OUT_ADDRESS
, 8,
1412 opx
->segment
, opx
->wrt
);
1420 if (opx
->segment
!= segment
) {
1422 out(offset
, segment
, &data
,
1423 OUT_REL2ADR
, insn_end
- offset
,
1424 opx
->segment
, opx
->wrt
);
1426 data
= opx
->offset
- insn_end
;
1427 out(offset
, segment
, &data
,
1428 OUT_ADDRESS
, 2, NO_SEG
, NO_SEG
);
1437 if (opx
->type
& (BITS16
| BITS32
| BITS64
))
1438 size
= (opx
->type
& BITS16
) ? 2 : 4;
1440 size
= (bits
== 16) ? 2 : 4;
1441 if (opx
->segment
!= segment
) {
1443 out(offset
, segment
, &data
,
1444 size
== 2 ? OUT_REL2ADR
: OUT_REL4ADR
,
1445 insn_end
- offset
, opx
->segment
, opx
->wrt
);
1447 data
= opx
->offset
- insn_end
;
1448 out(offset
, segment
, &data
,
1449 OUT_ADDRESS
, size
, NO_SEG
, NO_SEG
);
1458 if (opx
->segment
!= segment
) {
1460 out(offset
, segment
, &data
,
1461 OUT_REL4ADR
, insn_end
- offset
,
1462 opx
->segment
, opx
->wrt
);
1464 data
= opx
->offset
- insn_end
;
1465 out(offset
, segment
, &data
,
1466 OUT_ADDRESS
, 4, NO_SEG
, NO_SEG
);
1475 if (opx
->segment
== NO_SEG
)
1476 errfunc(ERR_NONFATAL
, "value referenced by FAR is not"
1479 out(offset
, segment
, &data
, OUT_ADDRESS
, 2,
1480 outfmt
->segbase(1 + opx
->segment
),
1490 if (is_sbyte16(ins
, c
& 3)) {
1492 out(offset
, segment
, bytes
, OUT_RAWDATA
, 1, NO_SEG
,
1496 if (opx
->segment
== NO_SEG
&&
1498 warn_overflow(2, data
);
1499 out(offset
, segment
, &data
, OUT_ADDRESS
, 2,
1500 opx
->segment
, opx
->wrt
);
1510 bytes
[0] = *codes
++;
1511 if (is_sbyte16(ins
, c
& 3))
1512 bytes
[0] |= 2; /* s-bit */
1513 out(offset
, segment
, bytes
, OUT_RAWDATA
, 1, NO_SEG
, NO_SEG
);
1522 if (is_sbyte32(ins
, c
& 3)) {
1524 out(offset
, segment
, bytes
, OUT_RAWDATA
, 1, NO_SEG
,
1528 out(offset
, segment
, &data
, OUT_ADDRESS
, 4,
1529 opx
->segment
, opx
->wrt
);
1539 bytes
[0] = *codes
++;
1540 if (is_sbyte32(ins
, c
& 3))
1541 bytes
[0] |= 2; /* s-bit */
1542 out(offset
, segment
, bytes
, OUT_RAWDATA
, 1, NO_SEG
, NO_SEG
);
1559 out(offset
, segment
, bytes
, OUT_RAWDATA
, 1, NO_SEG
, NO_SEG
);
1565 (ins
->drexdst
<< 4) |
1566 (ins
->rex
& REX_OC
? 0x08 : 0) |
1567 (ins
->rex
& (REX_R
|REX_X
|REX_B
));
1569 out(offset
, segment
, bytes
, OUT_RAWDATA
, 1, NO_SEG
, NO_SEG
);
1575 opx
= &ins
->oprs
[c
>> 3];
1576 bytes
[0] = regvals
[opx
->basereg
] << 4;
1577 opx
= &ins
->oprs
[c
& 7];
1578 if (opx
->segment
!= NO_SEG
|| opx
->wrt
!= NO_SEG
) {
1579 errfunc(ERR_NONFATAL
,
1580 "non-absolute expression not permitted as argument %d",
1583 if (opx
->offset
& ~15) {
1584 errfunc(ERR_WARNING
| ERR_WARN_NOV
,
1585 "four-bit argument exceeds bounds");
1587 bytes
[0] |= opx
->offset
& 15;
1589 out(offset
, segment
, bytes
, OUT_RAWDATA
, 1, NO_SEG
, NO_SEG
);
1598 /* is_sbyte32() is right here, we have already warned */
1599 if (is_sbyte32(ins
, c
& 3)) {
1601 out(offset
, segment
, bytes
, OUT_RAWDATA
, 1, NO_SEG
,
1605 out(offset
, segment
, &data
, OUT_ADDRESS
, 4,
1606 opx
->segment
, opx
->wrt
);
1617 if (ins
->vex_m
!= 1 || (ins
->rex
& (REX_W
|REX_X
|REX_B
))) {
1619 bytes
[1] = ins
->vex_m
| ((ins
->rex
& 7) << 5);
1620 bytes
[2] = ((ins
->rex
& REX_W
) << (7-3)) |
1621 (ins
->drexdst
<< 3) | (ins
->vex_wlp
& 07);
1622 out(offset
, segment
, &bytes
, OUT_RAWDATA
, 3, NO_SEG
, NO_SEG
);
1626 bytes
[1] = ((ins
->rex
& REX_R
) << (7-2)) |
1627 (ins
->drexdst
<< 3) | (ins
->vex_wlp
& 07);
1628 out(offset
, segment
, &bytes
, OUT_RAWDATA
, 2, NO_SEG
, NO_SEG
);
1640 if (bits
== 32 && !has_prefix(ins
, PPS_ASIZE
, P_A16
)) {
1642 out(offset
, segment
, bytes
, OUT_RAWDATA
, 1, NO_SEG
, NO_SEG
);
1649 if (bits
!= 32 && !has_prefix(ins
, PPS_ASIZE
, P_A32
)) {
1651 out(offset
, segment
, bytes
, OUT_RAWDATA
, 1, NO_SEG
, NO_SEG
);
1673 out(offset
, segment
, bytes
, OUT_RAWDATA
, 1, NO_SEG
, NO_SEG
);
1682 out(offset
, segment
, bytes
, OUT_RAWDATA
, 1, NO_SEG
, NO_SEG
);
1697 *bytes
= *codes
++ ^ condval
[ins
->condition
];
1698 out(offset
, segment
, bytes
, OUT_RAWDATA
, 1, NO_SEG
, NO_SEG
);
1707 *bytes
= c
- 0332 + 0xF2;
1708 out(offset
, segment
, bytes
, OUT_RAWDATA
, 1, NO_SEG
, NO_SEG
);
1713 if (ins
->rex
& REX_R
) {
1715 out(offset
, segment
, bytes
, OUT_RAWDATA
, 1, NO_SEG
, NO_SEG
);
1718 ins
->rex
&= ~(REX_L
|REX_R
);
1725 if (ins
->oprs
[0].segment
!= NO_SEG
)
1726 errfunc(ERR_PANIC
, "non-constant BSS size in pass two");
1728 int64_t size
= ins
->oprs
[0].offset
;
1730 out(offset
, segment
, NULL
,
1731 OUT_RESERVE
, size
, NO_SEG
, NO_SEG
);
1742 *bytes
= c
- 0366 + 0x66;
1743 out(offset
, segment
, bytes
, OUT_RAWDATA
, 1, NO_SEG
, NO_SEG
);
1753 *bytes
= bits
== 16 ? 3 : 5;
1754 out(offset
, segment
, bytes
, OUT_RAWDATA
, 1, NO_SEG
, NO_SEG
);
1758 default: /* can't do it by 'case' statements */
1759 if (c
>= 0100 && c
<= 0277) { /* it's an EA */
1767 /* pick rfield from operand b */
1768 rflags
= regflag(&ins
->oprs
[c
& 7]);
1769 rfield
= regvals
[ins
->oprs
[c
& 7].basereg
];
1771 /* rfield is constant */
1777 (&ins
->oprs
[(c
>> 3) & 7], &ea_data
, bits
,
1778 ins
->addr_size
, rfield
, rflags
, ins
->forw_ref
)) {
1779 errfunc(ERR_NONFATAL
, "invalid effective address");
1784 *p
++ = ea_data
.modrm
;
1785 if (ea_data
.sib_present
)
1788 /* DREX suffixes come between the SIB and the displacement */
1789 if (ins
->rex
& REX_D
) {
1791 (ins
->drexdst
<< 4) |
1792 (ins
->rex
& REX_OC
? 0x08 : 0) |
1793 (ins
->rex
& (REX_R
|REX_X
|REX_B
));
1798 out(offset
, segment
, bytes
, OUT_RAWDATA
, s
, NO_SEG
, NO_SEG
);
1800 switch (ea_data
.bytes
) {
1804 if (ins
->oprs
[(c
>> 3) & 7].segment
!= NO_SEG
) {
1805 data
= ins
->oprs
[(c
>> 3) & 7].offset
;
1806 out(offset
, segment
, &data
, OUT_ADDRESS
, 1,
1807 ins
->oprs
[(c
>> 3) & 7].segment
,
1808 ins
->oprs
[(c
>> 3) & 7].wrt
);
1810 *bytes
= ins
->oprs
[(c
>> 3) & 7].offset
;
1811 out(offset
, segment
, bytes
, OUT_RAWDATA
, 1,
1819 data
= ins
->oprs
[(c
>> 3) & 7].offset
;
1820 warn_overflow(ea_data
.bytes
, data
);
1821 out(offset
, segment
, &data
,
1822 ea_data
.rip
? OUT_REL4ADR
: OUT_ADDRESS
,
1824 ins
->oprs
[(c
>> 3) & 7].segment
,
1825 ins
->oprs
[(c
>> 3) & 7].wrt
);
1831 errfunc(ERR_PANIC
, "internal instruction table corrupt"
1832 ": instruction code 0x%02X given", c
);
1838 static int32_t regflag(const operand
* o
)
1840 if (o
->basereg
< EXPR_REG_START
|| o
->basereg
>= REG_ENUM_LIMIT
) {
1841 errfunc(ERR_PANIC
, "invalid operand passed to regflag()");
1843 return reg_flags
[o
->basereg
];
1846 static int32_t regval(const operand
* o
)
1848 if (o
->basereg
< EXPR_REG_START
|| o
->basereg
>= REG_ENUM_LIMIT
) {
1849 errfunc(ERR_PANIC
, "invalid operand passed to regval()");
1851 return regvals
[o
->basereg
];
1854 static int op_rexflags(const operand
* o
, int mask
)
1859 if (o
->basereg
< EXPR_REG_START
|| o
->basereg
>= REG_ENUM_LIMIT
) {
1860 errfunc(ERR_PANIC
, "invalid operand passed to op_rexflags()");
1863 flags
= reg_flags
[o
->basereg
];
1864 val
= regvals
[o
->basereg
];
1866 return rexflags(val
, flags
, mask
);
1869 static int rexflags(int val
, int32_t flags
, int mask
)
1874 rex
|= REX_B
|REX_X
|REX_R
;
1877 if (!(REG_HIGH
& ~flags
)) /* AH, CH, DH, BH */
1879 else if (!(REG8
& ~flags
) && val
>= 4) /* SPL, BPL, SIL, DIL */
1885 static int matches(const struct itemplate
*itemp
, insn
* instruction
, int bits
)
1887 int i
, size
[MAX_OPERANDS
], asize
, oprs
, ret
;
1894 if (itemp
->opcode
!= instruction
->opcode
)
1898 * Count the operands
1900 if (itemp
->operands
!= instruction
->operands
)
1904 * Check that no spurious colons or TOs are present
1906 for (i
= 0; i
< itemp
->operands
; i
++)
1907 if (instruction
->oprs
[i
].type
& ~itemp
->opd
[i
] & (COLON
| TO
))
1911 * Process size flags
1913 if (itemp
->flags
& IF_ARMASK
) {
1914 memset(size
, 0, sizeof size
);
1916 i
= ((itemp
->flags
& IF_ARMASK
) >> IF_ARSHFT
) - 1;
1918 switch (itemp
->flags
& IF_SMASK
) {
1952 switch (itemp
->flags
& IF_SMASK
) {
1984 for (i
= 0; i
< MAX_OPERANDS
; i
++)
1989 * Check that the operand flags all match up
1991 for (i
= 0; i
< itemp
->operands
; i
++) {
1992 int32_t type
= instruction
->oprs
[i
].type
;
1993 if (!(type
& SIZE_MASK
))
1996 if (itemp
->opd
[i
] & SAME_AS
) {
1997 int j
= itemp
->opd
[i
] & ~SAME_AS
;
1998 if (type
!= instruction
->oprs
[j
].type
||
1999 instruction
->oprs
[i
].basereg
!= instruction
->oprs
[j
].basereg
)
2001 } else if (itemp
->opd
[i
] & ~type
||
2002 ((itemp
->opd
[i
] & SIZE_MASK
) &&
2003 ((itemp
->opd
[i
] ^ type
) & SIZE_MASK
))) {
2004 if ((itemp
->opd
[i
] & ~type
& ~SIZE_MASK
) ||
2013 * Check operand sizes
2015 if (itemp
->flags
& (IF_SM
| IF_SM2
)) {
2016 oprs
= (itemp
->flags
& IF_SM2
? 2 : itemp
->operands
);
2018 for (i
= 0; i
< oprs
; i
++) {
2019 if ((asize
= itemp
->opd
[i
] & SIZE_MASK
) != 0) {
2021 for (j
= 0; j
< oprs
; j
++)
2027 oprs
= itemp
->operands
;
2030 for (i
= 0; i
< itemp
->operands
; i
++) {
2031 if (!(itemp
->opd
[i
] & SIZE_MASK
) &&
2032 (instruction
->oprs
[i
].type
& SIZE_MASK
& ~size
[i
]))
2037 * Check template is okay at the set cpu level
2039 if (((itemp
->flags
& IF_PLEVEL
) > cpu
))
2043 * Check if instruction is available in long mode
2045 if ((itemp
->flags
& IF_NOLONG
) && (bits
== 64))
2049 * Check if special handling needed for Jumps
2051 if ((uint8_t)(itemp
->code
[0]) >= 0370)
2057 static ea
*process_ea(operand
* input
, ea
* output
, int bits
,
2058 int addrbits
, int rfield
, int32_t rflags
, int forw_ref
)
2060 output
->rip
= false;
2062 /* REX flags for the rfield operand */
2063 output
->rex
|= rexflags(rfield
, rflags
, REX_R
|REX_P
|REX_W
|REX_H
);
2065 if (!(REGISTER
& ~input
->type
)) { /* register direct */
2069 if (input
->basereg
< EXPR_REG_START
/* Verify as Register */
2070 || input
->basereg
>= REG_ENUM_LIMIT
)
2073 i
= regvals
[input
->basereg
];
2076 return NULL
; /* Invalid EA register */
2078 output
->rex
|= op_rexflags(input
, REX_B
|REX_P
|REX_W
|REX_H
);
2080 output
->sib_present
= false; /* no SIB necessary */
2081 output
->bytes
= 0; /* no offset necessary either */
2082 output
->modrm
= 0xC0 | ((rfield
& 7) << 3) | (i
& 7);
2083 } else { /* it's a memory reference */
2084 if (input
->basereg
== -1
2085 && (input
->indexreg
== -1 || input
->scale
== 0)) {
2086 /* it's a pure offset */
2087 if (bits
== 64 && (~input
->type
& IP_REL
)) {
2088 int scale
, index
, base
;
2089 output
->sib_present
= true;
2093 output
->sib
= (scale
<< 6) | (index
<< 3) | base
;
2095 output
->modrm
= 4 | ((rfield
& 7) << 3);
2096 output
->rip
= false;
2098 output
->sib_present
= false;
2099 output
->bytes
= (addrbits
!= 16 ? 4 : 2);
2100 output
->modrm
= (addrbits
!= 16 ? 5 : 6) | ((rfield
& 7) << 3);
2101 output
->rip
= bits
== 64;
2103 } else { /* it's an indirection */
2104 int i
= input
->indexreg
, b
= input
->basereg
, s
= input
->scale
;
2105 int32_t o
= input
->offset
, seg
= input
->segment
;
2106 int hb
= input
->hintbase
, ht
= input
->hinttype
;
2109 int32_t ix
, bx
; /* register flags */
2112 i
= -1; /* make this easy, at least */
2114 if (i
>= EXPR_REG_START
&& i
< REG_ENUM_LIMIT
) {
2122 if (b
>= EXPR_REG_START
&& b
< REG_ENUM_LIMIT
) {
2130 /* check for a 32/64-bit memory reference... */
2131 if ((ix
|bx
) & (BITS32
|BITS64
)) {
2132 /* it must be a 32/64-bit memory reference. Firstly we have
2133 * to check that all registers involved are type E/Rxx. */
2134 int32_t sok
= BITS32
|BITS64
;
2137 if (!(REG64
& ~ix
) || !(REG32
& ~ix
))
2145 return NULL
; /* Invalid register */
2146 if (~sok
& bx
& SIZE_MASK
)
2147 return NULL
; /* Invalid size */
2151 /* While we're here, ensure the user didn't specify
2153 if (input
->disp_size
== 16 || input
->disp_size
== 64)
2156 if (addrbits
== 16 ||
2157 (addrbits
== 32 && !(sok
& BITS32
)) ||
2158 (addrbits
== 64 && !(sok
& BITS64
)))
2161 /* now reorganize base/index */
2162 if (s
== 1 && bt
!= it
&& bt
!= -1 && it
!= -1 &&
2163 ((hb
== b
&& ht
== EAH_NOTBASE
)
2164 || (hb
== i
&& ht
== EAH_MAKEBASE
))) {
2165 /* swap if hints say so */
2166 t
= bt
, bt
= it
, it
= t
;
2167 t
= bx
, bx
= ix
, ix
= t
;
2169 if (bt
== it
) /* convert EAX+2*EAX to 3*EAX */
2170 bt
= -1, bx
= 0, s
++;
2171 if (bt
== -1 && s
== 1 && !(hb
== it
&& ht
== EAH_NOTBASE
)) {
2172 /* make single reg base, unless hint */
2173 bt
= it
, bx
= ix
, it
= -1, ix
= 0;
2175 if (((s
== 2 && it
!= REG_NUM_ESP
2176 && !(input
->eaflags
& EAF_TIMESTWO
)) || s
== 3
2177 || s
== 5 || s
== 9) && bt
== -1)
2178 bt
= it
, bx
= ix
, s
--; /* convert 3*EAX to EAX+2*EAX */
2179 if (it
== -1 && (bt
& 7) != REG_NUM_ESP
2180 && (input
->eaflags
& EAF_TIMESTWO
))
2181 it
= bt
, ix
= bx
, bt
= -1, bx
= 0, s
= 1;
2182 /* convert [NOSPLIT EAX] to sib format with 0x0 displacement */
2183 if (s
== 1 && it
== REG_NUM_ESP
) {
2184 /* swap ESP into base if scale is 1 */
2185 t
= it
, it
= bt
, bt
= t
;
2186 t
= ix
, ix
= bx
, bx
= t
;
2188 if (it
== REG_NUM_ESP
2189 || (s
!= 1 && s
!= 2 && s
!= 4 && s
!= 8 && it
!= -1))
2190 return NULL
; /* wrong, for various reasons */
2192 output
->rex
|= rexflags(it
, ix
, REX_X
);
2193 output
->rex
|= rexflags(bt
, bx
, REX_B
);
2195 if (it
== -1 && (bt
& 7) != REG_NUM_ESP
) {
2204 if (rm
!= REG_NUM_EBP
&& o
== 0 &&
2205 seg
== NO_SEG
&& !forw_ref
&&
2207 (EAF_BYTEOFFS
| EAF_WORDOFFS
)))
2209 else if (input
->eaflags
& EAF_BYTEOFFS
||
2210 (o
>= -128 && o
<= 127 && seg
== NO_SEG
2212 && !(input
->eaflags
& EAF_WORDOFFS
)))
2218 output
->sib_present
= false;
2219 output
->bytes
= (bt
== -1 || mod
== 2 ? 4 : mod
);
2220 output
->modrm
= (mod
<< 6) | ((rfield
& 7) << 3) | rm
;
2223 int mod
, scale
, index
, base
;
2243 default: /* then what the smeg is it? */
2244 return NULL
; /* panic */
2252 if (base
!= REG_NUM_EBP
&& o
== 0 &&
2253 seg
== NO_SEG
&& !forw_ref
&&
2255 (EAF_BYTEOFFS
| EAF_WORDOFFS
)))
2257 else if (input
->eaflags
& EAF_BYTEOFFS
||
2258 (o
>= -128 && o
<= 127 && seg
== NO_SEG
2260 && !(input
->eaflags
& EAF_WORDOFFS
)))
2266 output
->sib_present
= true;
2267 output
->bytes
= (bt
== -1 || mod
== 2 ? 4 : mod
);
2268 output
->modrm
= (mod
<< 6) | ((rfield
& 7) << 3) | 4;
2269 output
->sib
= (scale
<< 6) | (index
<< 3) | base
;
2271 } else { /* it's 16-bit */
2274 /* check for 64-bit long mode */
2278 /* check all registers are BX, BP, SI or DI */
2279 if ((b
!= -1 && b
!= R_BP
&& b
!= R_BX
&& b
!= R_SI
2280 && b
!= R_DI
) || (i
!= -1 && i
!= R_BP
&& i
!= R_BX
2281 && i
!= R_SI
&& i
!= R_DI
))
2284 /* ensure the user didn't specify DWORD/QWORD */
2285 if (input
->disp_size
== 32 || input
->disp_size
== 64)
2288 if (s
!= 1 && i
!= -1)
2289 return NULL
; /* no can do, in 16-bit EA */
2290 if (b
== -1 && i
!= -1) {
2295 if ((b
== R_SI
|| b
== R_DI
) && i
!= -1) {
2300 /* have BX/BP as base, SI/DI index */
2302 return NULL
; /* shouldn't ever happen, in theory */
2303 if (i
!= -1 && b
!= -1 &&
2304 (i
== R_BP
|| i
== R_BX
|| b
== R_SI
|| b
== R_DI
))
2305 return NULL
; /* invalid combinations */
2306 if (b
== -1) /* pure offset: handled above */
2307 return NULL
; /* so if it gets to here, panic! */
2311 switch (i
* 256 + b
) {
2312 case R_SI
* 256 + R_BX
:
2315 case R_DI
* 256 + R_BX
:
2318 case R_SI
* 256 + R_BP
:
2321 case R_DI
* 256 + R_BP
:
2339 if (rm
== -1) /* can't happen, in theory */
2340 return NULL
; /* so panic if it does */
2342 if (o
== 0 && seg
== NO_SEG
&& !forw_ref
&& rm
!= 6 &&
2343 !(input
->eaflags
& (EAF_BYTEOFFS
| EAF_WORDOFFS
)))
2345 else if (input
->eaflags
& EAF_BYTEOFFS
||
2346 (o
>= -128 && o
<= 127 && seg
== NO_SEG
2348 && !(input
->eaflags
& EAF_WORDOFFS
)))
2353 output
->sib_present
= false; /* no SIB - it's 16-bit */
2354 output
->bytes
= mod
; /* bytes of offset needed */
2355 output
->modrm
= (mod
<< 6) | ((rfield
& 7) << 3) | rm
;
2360 output
->size
= 1 + output
->sib_present
+ output
->bytes
;
2364 static void add_asp(insn
*ins
, int addrbits
)
2369 valid
= (addrbits
== 64) ? 64|32 : 32|16;
2371 switch (ins
->prefixes
[PPS_ASIZE
]) {
2382 valid
&= (addrbits
== 32) ? 16 : 32;
2388 for (j
= 0; j
< ins
->operands
; j
++) {
2389 if (!(MEMORY
& ~ins
->oprs
[j
].type
)) {
2392 /* Verify as Register */
2393 if (ins
->oprs
[j
].indexreg
< EXPR_REG_START
2394 || ins
->oprs
[j
].indexreg
>= REG_ENUM_LIMIT
)
2397 i
= reg_flags
[ins
->oprs
[j
].indexreg
];
2399 /* Verify as Register */
2400 if (ins
->oprs
[j
].basereg
< EXPR_REG_START
2401 || ins
->oprs
[j
].basereg
>= REG_ENUM_LIMIT
)
2404 b
= reg_flags
[ins
->oprs
[j
].basereg
];
2406 if (ins
->oprs
[j
].scale
== 0)
2410 int ds
= ins
->oprs
[j
].disp_size
;
2411 if ((addrbits
!= 64 && ds
> 8) ||
2412 (addrbits
== 64 && ds
== 16))
2432 if (valid
& addrbits
) {
2433 ins
->addr_size
= addrbits
;
2434 } else if (valid
& ((addrbits
== 32) ? 16 : 32)) {
2435 /* Add an address size prefix */
2436 enum prefixes pref
= (addrbits
== 32) ? P_A16
: P_A32
;
2437 ins
->prefixes
[PPS_ASIZE
] = pref
;
2438 ins
->addr_size
= (addrbits
== 32) ? 16 : 32;
2441 errfunc(ERR_NONFATAL
, "impossible combination of address sizes");
2442 ins
->addr_size
= addrbits
; /* Error recovery */
2445 defdisp
= ins
->addr_size
== 16 ? 16 : 32;
2447 for (j
= 0; j
< ins
->operands
; j
++) {
2448 if (!(MEM_OFFS
& ~ins
->oprs
[j
].type
) &&
2449 (ins
->oprs
[j
].disp_size
? ins
->oprs
[j
].disp_size
: defdisp
)
2450 != ins
->addr_size
) {
2451 /* mem_offs sizes must match the address size; if not,
2452 strip the MEM_OFFS bit and match only EA instructions */
2453 ins
->oprs
[j
].type
&= ~(MEM_OFFS
& ~MEMORY
);