| blob | 34507615975ad0ff61c240ed68ec31a8ec827521 |
1 /* Common target dependent code for GDB on ARM systems.
3 Copyright (C) 1988-2024 Free Software Foundation, Inc.
5 This file is part of GDB.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>. */
21 #include <ctype.h>
63 #include <algorithm>
67 #if GDB_SELF_TEST
69 #endif
73 /* Print an "arm" debug statement. */
75 #define arm_debug_printf(fmt, ...) \
78 /* Macros for setting and testing a bit in a minimal symbol that marks
79 it as Thumb function. The MSB of the minimal symbol's "info" field
80 is used for this purpose.
82 MSYMBOL_SET_SPECIAL Actually sets the "special" bit.
83 MSYMBOL_IS_SPECIAL Tests the "special" bit in a minimal symbol. */
85 #define MSYMBOL_SET_SPECIAL(msym) \
86 (msym)->set_target_flag_1 (true)
88 #define MSYMBOL_IS_SPECIAL(msym) \
89 (msym)->target_flag_1 ()
91 struct arm_mapping_symbol
92 {
93 CORE_ADDR value;
98 };
102 struct arm_per_bfd
103 {
107 {}
111 /* Information about mapping symbols ($a, $d, $t) in the objfile.
113 The format is an array of vectors of arm_mapping_symbols, there is one
114 vector for each section of the objfile (the array is index by BFD section
115 index).
117 For each section, the vector of arm_mapping_symbol is sorted by
118 symbol value (address). */
121 /* For each corresponding element of section_maps above, is this vector
122 sorted. */
124 };
126 /* Per-bfd data used for mapping symbols. */
129 /* The list of available "set arm ..." and "show arm ..." commands. */
133 /* The type of floating-point to use. Keep this in sync with enum
134 arm_float_model, and the help string in _initialize_arm_tdep. */
136 {
142 NULL
143 };
145 /* A variable that can be configured by the user. */
149 /* The ABI to use. Keep this in sync with arm_abi_kind. */
151 {
155 NULL
156 };
158 /* A variable that can be configured by the user. */
162 /* The execution mode to assume. */
164 {
168 NULL
169 };
174 /* The standard register names, and all the valid aliases for them. Note
175 that `fp', `sp' and `pc' are not added in this alias list, because they
176 have been added as builtin user registers in
177 std-regs.c:_initialize_frame_reg. */
178 static const struct
179 {
183 /* Basic register numbers. */
200 /* Synonyms (argument and variable registers). */
213 /* Other platform-specific names for r9. */
216 /* Special names. */
219 /* Names used by GCC (not listed in the ARM EABI). */
221 /* A special name from the older ATPCS. */
223 };
234 /* Holds the current set of options to be passed to the disassembler. */
237 /* Valid register name styles. */
240 /* Disassembly style to use. Default to "std" register names. */
243 /* All possible arm target descriptors. */
247 /* This is used to keep the bfd arch_info in sync with the disassembly
248 style. */
262 static CORE_ADDR
266 /* get_next_pcs operations. */
268 arm_get_next_pcs_read_memory_unsigned_integer,
269 arm_get_next_pcs_syscall_next_pc,
270 arm_get_next_pcs_addr_bits_remove,
271 arm_get_next_pcs_is_thumb,
272 NULL,
273 };
275 struct arm_prologue_cache
276 {
277 /* The stack pointer at the time this frame was created; i.e. the
278 caller's stack pointer when this function was called. It is used
279 to identify this frame. */
280 CORE_ADDR sp;
282 /* Additional stack pointers used by M-profile with Security extension. */
283 /* Use msp_s / psp_s to hold the values of msp / psp when there is
284 no Security extension. */
285 CORE_ADDR msp_s;
286 CORE_ADDR msp_ns;
287 CORE_ADDR psp_s;
288 CORE_ADDR psp_ns;
290 /* Active stack pointer. */
295 /* The frame base for this frame is just prev_sp - frame size.
296 FRAMESIZE is the distance from the frame pointer to the
297 initial stack pointer. */
301 /* The register used to hold the frame pointer for this frame. */
304 /* True if the return address is signed, false otherwise. */
307 /* Saved register offsets. */
311 };
314 /* Reconstruct T bit in program status register from LR value. */
318 {
322 else
326 }
328 /* Initialize CACHE fields for which zero is not adequate (CACHE is
329 expected to have been ZALLOC'ed before calling this function). */
331 static void
333 {
337 }
339 /* Similar to the previous function, but extracts GDBARCH from FRAME. */
341 static void
343 {
351 {
352 const CORE_ADDR msp_val
354 const CORE_ADDR psp_val
357 cache->msp_s
359 cache->msp_ns
361 cache->psp_s
363 cache->psp_ns
366 /* Identify what msp is alias for (msp_s or msp_ns). */
371 else
372 {
376 }
378 /* Identify what psp is alias for (psp_s or psp_ns). */
383 else
384 {
388 }
390 /* Identify what sp is alias for (msp_s, msp_ns, psp_s or psp_ns). */
395 else
396 {
400 }
401 }
403 {
404 cache->msp_s
406 cache->psp_s
409 /* Identify what sp is alias for (msp or psp). */
414 else
415 {
419 }
420 }
421 else
422 {
423 cache->msp_s
427 }
428 }
430 /* Return the requested stack pointer value (in REGNUM), taking into
431 account whether we have a Security extension or an M-profile
432 CPU. */
434 static CORE_ADDR
437 {
439 {
454 }
456 {
463 }
468 }
470 /* Return the previous stack address, depending on which SP register
471 is active. */
473 static CORE_ADDR
475 {
478 }
480 /* Set the active stack pointer to VAL. */
482 static void
485 {
487 {
498 }
500 {
507 }
509 {
512 }
515 }
517 /* Return true if REGNUM is one of the alternative stack pointers. */
519 static bool
521 {
529 else
531 }
533 /* Set the active stack pointer to SP_REGNUM. */
535 static void
538 {
542 {
548 {
551 }
554 {
557 }
558 }
561 }
565 /* Abstract class to read ARM instructions from memory. */
567 class arm_instruction_reader
568 {
570 /* Read a 4 bytes instruction from memory using the BYTE_ORDER endianness. */
572 };
574 /* Read instructions from target memory. */
577 {
580 {
582 }
583 };
587 static CORE_ADDR arm_analyze_prologue
591 /* Architecture version for displaced stepping. This effects the behaviour of
592 certain instructions, and really should not be hard-wired. */
594 #define DISPLACED_STEPPING_ARCH_VERSION 5
596 /* See arm-tdep.h. */
601 /* Return the bit mask in ARM_PS_REGNUM that indicates Thumb mode. */
603 int
605 {
610 else
612 }
614 /* Determine if the processor is currently executing in Thumb mode. */
616 int
618 {
619 ULONGEST cpsr;
625 }
627 /* Determine if FRAME is executing in Thumb mode. FRAME must be an ARM
628 frame. */
630 int
632 {
633 /* Check the architecture of FRAME. */
637 /* Every ARM frame unwinder can unwind the T bit of the CPSR, either
638 directly (from a signal frame or dummy frame) or by interpreting
639 the saved LR (from a prologue or DWARF frame). So consult it and
640 trust the unwinders. */
643 /* Find and extract the thumb bit. */
646 }
648 /* Search for the mapping symbol covering MEMADDR. If one is found,
649 return its type. Otherwise, return 0. If START is non-NULL,
650 set *START to the location of the mapping symbol. */
652 static char
654 {
657 /* If there are mapping symbols, consult them. */
660 {
663 {
665 arm_mapping_symbol_vec &map
668 /* Sort the vector on first use. */
670 {
673 }
679 /* std::lower_bound finds the earliest ordered insertion
680 point. If the symbol at this position starts at this exact
681 address, we use that; otherwise, the preceding
682 mapping symbol covers this address. */
684 {
686 {
690 }
691 }
694 {
701 }
702 }
703 }
706 }
708 /* Determine if the program counter specified in MEMADDR is in a Thumb
709 function. This function should be called for addresses unrelated to
710 any executing frame; otherwise, prefer arm_frame_is_thumb. */
712 int
714 {
721 gdbarch_displaced_step_copy_insn_closure_by_addr
724 /* If checking the mode of displaced instruction in copy area, the mode
725 should be determined by instruction on the original address. */
727 {
732 }
734 /* If bit 0 of the address is set, assume this is a Thumb address. */
738 /* If the user wants to override the symbol table, let him. */
744 /* ARM v6-M and v7-M are always in Thumb mode. */
748 /* If there are mapping symbols, consult them. */
753 /* Thumb functions have a "special" bit set in minimal symbols. */
758 /* If the user wants to override the fallback mode, let them. */
764 /* If we couldn't find any symbol, but we're talking to a running
765 target, then trust the current value of $cpsr. This lets
766 "display/i $pc" always show the correct mode (though if there is
767 a symbol table we will not reach here, so it still may not be
768 displayed in the mode it will be executed). */
772 /* Otherwise we're out of luck; we assume ARM. */
774 }
778 {
780 {
781 /* Values for lockup state.
782 For more details see "B1.5.15 Unrecoverable exception cases" in
783 both ARMv6-M and ARMv7-M Architecture Reference Manuals, or
784 see "B4.32 Lockup" in ARMv8-M Architecture Reference Manual. */
791 /* Address is not lockup. */
793 }
794 }
796 /* Determine if the address specified equals any of these magic return
797 values, called EXC_RETURN, defined by the ARM v6-M, v7-M and v8-M
798 architectures. Also include lockup magic PC value.
799 Check also for FNC_RETURN if we have the v8-M security extension.
801 From ARMv6-M Reference Manual B1.5.8
802 Table B1-5 Exception return behavior
804 EXC_RETURN Return To Return Stack
805 0xFFFFFFF1 Handler mode Main
806 0xFFFFFFF9 Thread mode Main
807 0xFFFFFFFD Thread mode Process
809 From ARMv7-M Reference Manual B1.5.8
810 Table B1-8 EXC_RETURN definition of exception return behavior, no FP
812 EXC_RETURN Return To Return Stack
813 0xFFFFFFF1 Handler mode Main
814 0xFFFFFFF9 Thread mode Main
815 0xFFFFFFFD Thread mode Process
817 Table B1-9 EXC_RETURN definition of exception return behavior, with
818 FP
820 EXC_RETURN Return To Return Stack Frame Type
821 0xFFFFFFE1 Handler mode Main Extended
822 0xFFFFFFE9 Thread mode Main Extended
823 0xFFFFFFED Thread mode Process Extended
824 0xFFFFFFF1 Handler mode Main Basic
825 0xFFFFFFF9 Thread mode Main Basic
826 0xFFFFFFFD Thread mode Process Basic
828 For more details see "B1.5.8 Exception return behavior"
829 in both ARMv6-M and ARMv7-M Architecture Reference Manuals.
831 From ARMv8-M Architecture Technical Reference, D1.2.95
832 FType, Mode and SPSEL bits are to be considered when the Security
833 Extension is not implemented.
835 EXC_RETURN Return To Return Stack Frame Type
836 0xFFFFFFA0 Handler mode Main Extended
837 0xFFFFFFA8 Thread mode Main Extended
838 0xFFFFFFAC Thread mode Process Extended
839 0xFFFFFFB0 Handler mode Main Standard
840 0xFFFFFFB8 Thread mode Main Standard
841 0xFFFFFFBC Thread mode Process Standard */
843 static int
845 {
851 {
853 {
859 }
860 }
861 else
862 {
864 {
865 /* Values from ARMv8-M Architecture Technical Reference. */
872 /* Values from Tables in B1.5.8 the EXC_RETURN definitions of
873 the exception return behavior. */
880 /* Address is magic. */
884 /* Address is not magic. */
886 }
887 }
888 }
890 /* Remove useless bits from addresses in a running program. */
891 static CORE_ADDR
893 {
896 /* On M-profile devices, do not strip the low bit from EXC_RETURN
897 (the magic exception return address). */
903 else
905 }
907 /* Return 1 if PC is the start of a compiler helper function which
908 can be safely ignored during prologue skipping. IS_THUMB is true
909 if the function is known to be a Thumb function due to the way it
910 is being called. */
911 static int
913 {
920 {
923 /* The GNU linker's Thumb call stub to foo is named
924 __foo_from_thumb. */
928 /* On soft-float targets, __truncdfsf2 is called to convert promoted
929 arguments to their argument types in non-prototyped
930 functions. */
936 /* Internal functions related to thread-local storage. */
941 }
942 else
943 {
944 /* If we run against a stripped glibc, we may be unable to identify
945 special functions by name. Check for one important case,
946 __aeabi_read_tp, by comparing the *code* against the default
947 implementation (this is hand-written ARM assembler in glibc). */
955 }
958 }
960 /* Extract the immediate from instruction movw/movt of encoding T. INSN1 is
961 the first 16-bit of instruction, and INSN2 is the second 16-bit of
962 instruction. */
963 #define EXTRACT_MOVW_MOVT_IMM_T(insn1, insn2) \
964 ((bits ((insn1), 0, 3) << 12) \
965 | (bits ((insn1), 10, 10) << 11) \
966 | (bits ((insn2), 12, 14) << 8) \
967 | bits ((insn2), 0, 7))
969 /* Extract the immediate from instruction movw/movt of encoding A. INSN is
970 the 32-bit instruction. */
971 #define EXTRACT_MOVW_MOVT_IMM_A(insn) \
972 ((bits ((insn), 16, 19) << 12) \
973 | bits ((insn), 0, 11))
975 /* Decode immediate value; implements ThumbExpandImmediate pseudo-op. */
977 static unsigned int
979 {
984 {
994 }
997 }
999 /* Return 1 if the 16-bit Thumb instruction INSN restores SP in
1000 epilogue, 0 otherwise. */
1002 static int
1004 {
1008 }
1010 /* Analyze a Thumb prologue, looking for a recognizable stack frame
1011 and frame pointer. Scan until we encounter a store that could
1012 clobber the stack frame unexpectedly, or an unknown instruction.
1013 Return the last address which is definitely safe to skip for an
1014 initial breakpoint. */
1016 static CORE_ADDR
1020 {
1026 CORE_ADDR offset;
1034 {
1041 {
1048 /* Bits 0-7 contain a mask for registers R0-R7. Bit 8 says
1049 whether to save LR (R14). */
1052 /* Calculate offsets of saved R0-R7 and LR. */
1055 {
1059 }
1060 }
1062 {
1066 }
1068 {
1069 /* Don't scan past the epilogue. */
1071 }
1090 {
1094 }
1096 {
1100 }
1102 {
1103 /* Handle stores to the stack. Normally pushes are used,
1104 but with GCC -mtpcs-frame, there may be other stores
1105 in the prologue to create the frame. */
1107 pv_t addr;
1116 }
1118 {
1121 pv_t addr;
1130 }
1134 /* Ignore stores of argument registers to the stack. */
1135 ;
1138 /* Ignore block loads from the stack, potentially copying
1139 parameters from memory. */
1140 ;
1144 /* Similarly ignore single loads from the stack. */
1145 ;
1148 /* Skip register copies, i.e. saves to another register
1149 instead of the stack. */
1150 ;
1152 /* Recognize constant loads; even with small stacks these are necessary
1153 on Thumb. */
1156 {
1157 /* Constant pool loads, for the same reason. */
1159 CORE_ADDR loc;
1164 }
1166 {
1170 byte_order_for_code);
1174 {
1175 /* BL, BLX. Allow some special function calls when
1176 skipping the prologue; GCC generates these before
1177 storing arguments to the stack. */
1178 CORE_ADDR nextpc;
1190 /* For BLX make sure to clear the low bits. */
1197 }
1200 { registers } */
1202 {
1209 /* Calculate offsets of saved registers. */
1212 {
1215 }
1219 }
1221 /* vstmdb Rn{!}, { D-registers } (aka vpush). */
1225 {
1226 /* Address SP points to. */
1229 /* Number of registers saved. */
1232 /* First register to save. */
1238 /* Calculate offsets of saved registers. */
1240 {
1244 }
1246 /* Writeback SP to account for the saved registers. */
1248 }
1251 [Rn, #+/-imm]{!} */
1253 {
1261 else
1273 }
1278 {
1285 else
1295 }
1299 {
1301 pv_t addr;
1310 }
1314 /* Ignore stores of argument registers to the stack. */
1315 ;
1320 /* Ignore stores of argument registers to the stack. */
1321 ;
1324 { registers } */
1327 /* Ignore block loads from the stack, potentially copying
1328 parameters from memory. */
1329 ;
1332 [Rn, #+/-imm] */
1334 /* Similarly ignore dual loads from the stack. */
1335 ;
1340 /* Similarly ignore single loads from the stack. */
1341 ;
1345 /* Similarly ignore single loads from the stack. */
1346 ;
1350 {
1358 }
1362 {
1369 }
1373 {
1381 }
1385 {
1392 }
1395 {
1402 }
1405 {
1406 unsigned int imm
1410 }
1414 {
1418 }
1421 {
1422 /* Constant pool loads. */
1424 CORE_ADDR loc;
1429 else
1434 }
1437 {
1438 /* Constant pool loads. */
1440 CORE_ADDR loc;
1445 else
1453 }
1454 /* Start of ARMv8.1-m PACBTI extension instructions. */
1456 {
1457 /* LR and SP are input registers. PAC is in R12. LR is
1458 signed from this point onwards. NOP space. */
1460 }
1462 {
1463 /* LR and SP are input registers. PAC is in R12 and PC is a
1464 valid BTI landing pad. LR is signed from this point onwards.
1465 NOP space. */
1467 }
1469 {
1470 /* Valid BTI landing pad. NOP space. */
1471 }
1473 {
1474 /* Sign Rn using Rm and store the PAC in Rd. Rd is signed from
1475 this point onwards. */
1477 }
1479 {
1480 /* These instructions appear close to the epilogue, when signed
1481 pointers are getting authenticated. */
1483 }
1484 /* End of ARMv8.1-m PACBTI extension instructions */
1486 {
1487 /* Don't scan past anything that might change control flow. */
1489 }
1490 else
1491 {
1492 /* The optimizer might shove anything into the prologue,
1493 so we just skip what we don't recognize. */
1495 }
1497 /* Make sure we are dealing with a target that supports ARMv8.1-m
1498 PACBTI. */
1501 {
1507 }
1510 }
1512 {
1513 /* Don't scan past anything that might change control flow. */
1515 }
1516 else
1517 {
1518 /* The optimizer might shove anything into the prologue,
1519 so we just skip what we don't recognize. */
1521 }
1524 }
1536 {
1537 /* Frame pointer is fp. Frame size is constant. */
1540 }
1542 {
1543 /* Frame pointer is r7. Frame size is constant. */
1546 }
1547 else
1548 {
1549 /* Try the stack pointer... this is a bit desperate. */
1552 }
1556 {
1560 }
1563 }
1566 /* Try to analyze the instructions starting from PC, which load symbol
1567 __stack_chk_guard. Return the address of instruction after loading this
1568 symbol, set the dest register number to *BASEREG, and set the size of
1569 instructions for loading symbol in OFFSET. Return 0 if instructions are
1570 not recognized. */
1572 static CORE_ADDR
1575 {
1582 {
1583 unsigned short insn1
1587 {
1592 byte_order_for_code);
1593 }
1595 {
1596 unsigned short insn2
1601 insn1
1603 insn2
1606 /* movt Rd, #const */
1608 {
1613 }
1614 }
1615 }
1616 else
1617 {
1618 unsigned int insn
1622 {
1625 byte_order_for_code);
1629 }
1631 {
1634 insn
1638 {
1643 }
1644 }
1645 }
1648 }
1650 /* Try to skip a sequence of instructions used for stack protector. If PC
1651 points to the first instruction of this sequence, return the address of
1652 first instruction after this sequence, otherwise, return original PC.
1654 On arm, this sequence of instructions is composed of mainly three steps,
1655 Step 1: load symbol __stack_chk_guard,
1656 Step 2: load from address of __stack_chk_guard,
1657 Step 3: store it to somewhere else.
1659 Usually, instructions on step 2 and step 3 are the same on various ARM
1660 architectures. On step 2, it is one instruction 'ldr Rx, [Rn, #0]', and
1661 on step 3, it is also one instruction 'str Rx, [r7, #immd]'. However,
1662 instructions in step 1 vary from different ARM architectures. On ARMv7,
1663 they are,
1665 movw Rn, #:lower16:__stack_chk_guard
1666 movt Rn, #:upper16:__stack_chk_guard
1668 On ARMv5t, it is,
1670 ldr Rn, .Label
1671 ....
1672 .Lable:
1673 .word __stack_chk_guard
1675 Since ldr/str is a very popular instruction, we can't use them as
1676 'fingerprint' or 'signature' of stack protector sequence. Here we choose
1677 sequence {movw/movt, ldr}/ldr/str plus symbol __stack_chk_guard, if not
1678 stripped, as the 'fingerprint' of a stack protector cdoe sequence. */
1680 static CORE_ADDR
1682 {
1687 CORE_ADDR addr;
1689 /* Try to parse the instructions in Step 1. */
1696 /* ADDR must correspond to a symbol whose name is __stack_chk_guard.
1697 Otherwise, this sequence cannot be for stack protector. */
1703 {
1705 unsigned short insn
1708 /* Step 2: ldr Rd, [Rn, #immed], encoding T1. */
1716 byte_order_for_code);
1717 /* Step 3: str Rd, [Rn, #immed], encoding T1. */
1722 }
1723 else
1724 {
1726 unsigned int insn
1729 /* Step 2: ldr Rd, [Rn, #immed], encoding A1. */
1735 /* Step 3: str Rd, [Rn, #immed], encoding A1. */
1742 }
1743 /* The size of total two instructions ldr/str is 4 on Thumb-2, while 8
1744 on arm. */
1747 else
1749 }
1751 /* Advance the PC across any function entry prologue instructions to
1752 reach some "real" code.
1754 The APCS (ARM Procedure Call Standard) defines the following
1755 prologue:
1757 mov ip, sp
1758 [stmfd sp!, {a1,a2,a3,a4}]
1759 stmfd sp!, {...,fp,ip,lr,pc}
1760 [stfe f7, [sp, #-12]!]
1761 [stfe f6, [sp, #-12]!]
1762 [stfe f5, [sp, #-12]!]
1763 [stfe f4, [sp, #-12]!]
1764 sub fp, ip, #nn @@ nn == 20 or 4 depending on second insn. */
1766 static CORE_ADDR
1768 {
1771 /* See if we can determine the end of the prologue via the symbol table.
1772 If so, then return either PC, or the PC after the prologue, whichever
1773 is greater. */
1774 bool func_addr_found
1777 /* Whether the function is thumb mode or not. */
1781 {
1782 CORE_ADDR post_prologue_pc
1787 post_prologue_pc
1791 /* GCC always emits a line note before the prologue and another
1792 one after, even if the two are at the same address or on the
1793 same line. Take advantage of this so that we do not need to
1794 know every instruction that might appear in the prologue. We
1795 will have producer information for most binaries; if it is
1796 missing (e.g. for -gstabs), assuming the GNU tools. */
1805 {
1806 CORE_ADDR analyzed_limit;
1808 /* For non-GCC compilers, make sure the entire line is an
1809 acceptable prologue; GDB will round this function's
1810 return value up to the end of the following line so we
1811 can not skip just part of a line (and we do not want to).
1813 RealView does not treat the prologue specially, but does
1814 associate prologue code with the opening brace; so this
1815 lets us skip the first line if we think it is the opening
1816 brace. */
1821 else
1822 analyzed_limit
1830 }
1831 }
1833 /* Can't determine prologue from the symbol table, need to examine
1834 instructions. */
1836 /* Find an upper limit on the function prologue using the debug
1837 information. If the debug information could not be used to provide
1838 that bound, then use an arbitrary large number as the upper bound. */
1839 /* Like arm_scan_prologue, stop no later than pc + 64. */
1844 /* Set the correct adjustment based on whether the function is thumb mode or
1845 not. We use it to get the address of the last instruction in the
1846 function (as opposed to the first address of the next function). */
1849 limit_pc
1853 /* Check if this is Thumb code. */
1856 else
1859 }
1861 /* Function: thumb_scan_prologue (helper function for arm_scan_prologue)
1862 This function decodes a Thumb function prologue to determine:
1863 1) the size of the stack frame
1864 2) which registers are saved on it
1865 3) the offsets of saved regs
1866 4) the offset from the stack pointer to the frame pointer
1868 A typical Thumb function prologue would create this stack frame
1869 (offsets relative to FP)
1870 old SP -> 24 stack parameters
1871 20 LR
1872 16 R7
1873 R7 -> 0 local variables (16 bytes)
1874 SP -> -12 additional stack space (12 bytes)
1875 The frame size would thus be 36 bytes, and the frame offset would be
1876 12 bytes. The frame register is R7.
1878 The comments for thumb_skip_prolog() describe the algorithm we use
1879 to detect the end of the prolog. */
1881 static void
1884 {
1885 CORE_ADDR prologue_start;
1886 CORE_ADDR prologue_end;
1890 {
1891 /* See comment in arm_scan_prologue for an explanation of
1892 this heuristics. */
1894 {
1896 }
1897 }
1898 else
1899 /* We're in the boondocks: we have no idea where the start of the
1900 function is. */
1906 }
1908 /* Return 1 if the ARM instruction INSN restores SP in epilogue, 0
1909 otherwise. */
1911 static int
1913 {
1915 {
1917 /* ADD SP (register or immediate). */
1919 /* SUB SP (register or immediate). */
1921 /* MOV SP. */
1923 /* POP (LDMIA). */
1925 /* POP of a single register. */
1927 }
1930 }
1932 /* Implement immediate value decoding, as described in section A5.2.4
1933 (Modified immediate constants in ARM instructions) of the ARM Architecture
1934 Reference Manual (ARMv7-A and ARMv7-R edition). */
1936 static uint32_t
1938 {
1939 /* Immediate values are 12 bits long. */
1950 }
1952 /* Analyze an ARM mode prologue starting at PROLOGUE_START and
1953 continuing no further than PROLOGUE_END. If CACHE is non-NULL,
1954 fill it in. Return the first address not recognized as a prologue
1955 instruction.
1957 We recognize all the instructions typically found in ARM prologues,
1958 plus harmless instructions which can be skipped (either for analysis
1959 purposes, or a more restrictive set that can be skipped when finding
1960 the end of the prologue). */
1962 static CORE_ADDR
1967 {
1975 /* Search the prologue looking for instructions that set up the
1976 frame pointer, adjust the stack pointer, and save registers.
1978 Be careful, however, and if it doesn't look like a prologue,
1979 don't try to scan it. If, for instance, a frameless function
1980 begins with stmfd sp!, then we will tell ourselves there is
1981 a frame, which will confuse stack traceback, as well as "finish"
1982 and other operations that rely on a knowledge of the stack
1983 traceback. */
1992 {
1996 {
1999 }
2002 {
2007 }
2010 {
2015 }
2017 [sp, #-4]! */
2018 {
2025 }
2027 /* stmfd sp!, {..., fp, ip, lr, pc}
2028 or
2029 stmfd sp!, {a1, a2, a3, a4} */
2030 {
2036 /* Calculate offsets of saved registers. */
2039 {
2043 }
2044 }
2048 {
2049 /* No need to add this to saved_regs -- it's just an arg reg. */
2051 }
2055 {
2056 /* No need to add this to saved_regs -- it's just an arg reg. */
2058 }
2060 { registers } */
2062 {
2063 /* No need to add this to saved_regs -- it's just arg regs. */
2065 }
2067 {
2070 }
2072 {
2075 }
2077 [sp, -#c]! */
2079 {
2086 }
2088 [sp!] */
2090 {
2098 {
2101 else
2103 }
2104 else
2105 {
2108 else
2110 }
2115 {
2119 }
2120 }
2122 {
2123 /* Allow some special function calls when skipping the
2124 prologue; GCC generates these before storing arguments to
2125 the stack. */
2130 else
2132 }
2136 /* Don't scan past anything that might change control flow. */
2139 {
2140 /* Don't scan past the epilogue. */
2142 }
2145 /* Ignore block loads from the stack, potentially copying
2146 parameters from memory. */
2150 /* Similarly ignore single loads from the stack. */
2153 /* MOV Rd, Rm. Skip register copies, i.e. saves to another
2154 register instead of the stack. */
2156 else
2157 {
2158 /* The optimizer might shove anything into the prologue, if
2159 we build up cache (cache != NULL) from scanning prologue,
2160 we just skip what we don't recognize and scan further to
2161 make cache as complete as possible. However, if we skip
2162 prologue, we'll stop immediately on unrecognized
2163 instruction. */
2167 else
2169 }
2170 }
2176 {
2179 /* The frame size is just the distance from the frame register
2180 to the original stack pointer. */
2182 {
2183 /* Frame pointer is fp. */
2186 }
2187 else
2188 {
2189 /* Try the stack pointer... this is a bit desperate. */
2192 }
2199 {
2203 }
2204 }
2210 }
2212 static void
2215 {
2223 /* Assume there is no frame until proven otherwise. */
2227 /* Check for Thumb prologue. */
2229 {
2232 }
2234 /* Find the function prologue. If we can't find the function in
2235 the symbol table, peek in the stack frame to find the PC. */
2238 {
2239 /* One way to find the end of the prologue (which works well
2240 for unoptimized code) is to do the following:
2242 struct symtab_and_line sal = find_pc_line (prologue_start, 0);
2244 if (sal.line == 0)
2245 prologue_end = prev_pc;
2246 else if (sal.end < prologue_end)
2247 prologue_end = sal.end;
2249 This mechanism is very accurate so long as the optimizer
2250 doesn't move any instructions from the function body into the
2251 prologue. If this happens, sal.end will be the last
2252 instruction in the first hunk of prologue code just before
2253 the first instruction that the scheduler has moved from
2254 the body to the prologue.
2256 In order to make sure that we scan all of the prologue
2257 instructions, we use a slightly less accurate mechanism which
2258 may scan more than necessary. To help compensate for this
2259 lack of accuracy, the prologue scanning loop below contains
2260 several clauses which'll cause the loop to terminate early if
2261 an implausible prologue instruction is encountered.
2263 The expression
2265 prologue_start + 64
2267 is a suitable endpoint since it accounts for the largest
2268 possible prologue plus up to five instructions inserted by
2269 the scheduler. */
2272 {
2274 }
2275 }
2276 else
2277 {
2278 /* We have no symbol information. Our only option is to assume this
2279 function has a standard stack frame and the normal frame register.
2280 Then, we can find the value of our frame pointer on entrance to
2281 the callee (or at the present moment if this is the innermost frame).
2282 The value stored there should be the address of the stmfd + 8. */
2283 CORE_ADDR frame_loc;
2284 ULONGEST return_value;
2286 /* AAPCS does not use a frame register, so we can abort here. */
2294 else
2295 {
2296 prologue_start = gdbarch_addr_bits_remove
2299 }
2300 }
2307 }
2311 {
2331 /* Calculate actual addresses of saved registers using offsets
2332 determined by arm_scan_prologue. */
2336 prev_sp);
2339 }
2341 /* Implementation of the stop_reason hook for arm_prologue frames. */
2343 static enum unwind_stop_reason
2346 {
2348 CORE_ADDR pc;
2354 /* This is meant to halt the backtrace at "_start". */
2361 /* If we've hit a wall, stop. */
2366 }
2368 /* Our frame ID for a normal frame is the current function's starting PC
2369 and the caller's SP when we were called. */
2371 static void
2375 {
2384 arm_gdbarch_tdep *tdep
2387 /* Use function start address as part of the frame ID. If we cannot
2388 identify the start address (due to missing symbol information),
2389 fall back to just using the current PC. */
2397 }
2403 {
2406 CORE_ADDR sp_value;
2414 /* If this frame has signed the return address, mark it as so. */
2419 /* If we are asked to unwind the PC, then we need to return the LR
2420 instead. The prologue may save PC, but it will point into this
2421 frame's prologue, not the next frame's resume location. Also
2422 strip the saved T bit. A valid LR may have the low bit set, but
2423 a valid PC never does. */
2425 {
2426 CORE_ADDR lr;
2431 }
2433 /* SP is generally not saved to the stack, but this frame is
2434 identified by the next frame's stack pointer at the time of the call.
2435 The value was already reconstructed into PREV_SP. */
2440 /* The value might be one of the alternative SP, if so, use the
2441 value already constructed. */
2443 {
2446 }
2448 /* The CPSR may have been changed by the call instruction and by the
2449 called function. The only bit we can reconstruct is the T bit,
2450 by checking the low bit of LR as of the call. This is a reliable
2451 indicator of Thumb-ness except for some ARM v4T pre-interworking
2452 Thumb code, which could get away with a clear low bit as long as
2453 the called function did not use bx. Guess that all other
2454 bits are unchanged; the condition flags are presumably lost,
2455 but the processor status is likely valid. */
2457 {
2463 }
2466 prev_regnum);
2467 }
2471 NORMAL_FRAME,
2472 arm_prologue_unwind_stop_reason,
2473 arm_prologue_this_id,
2474 arm_prologue_prev_register,
2475 NULL,
2476 default_frame_sniffer
2477 };
2479 /* Maintain a list of ARM exception table entries per objfile, similar to the
2480 list of mapping symbols. We only cache entries for standard ARM-defined
2481 personality routines; the cache will contain only the frame unwinding
2482 instructions associated with the entry (not the descriptors). */
2484 struct arm_exidx_entry
2485 {
2486 CORE_ADDR addr;
2490 {
2492 }
2493 };
2495 struct arm_exidx_data
2496 {
2498 };
2500 /* Per-BFD key to store exception handling information. */
2505 {
2508 {
2515 }
2518 }
2520 /* Parse contents of exception table and exception index sections
2521 of OBJFILE, and fill in the exception table entry cache.
2523 For each entry that refers to a standard ARM-defined personality
2524 routine, extract the frame unwinding instructions (from either
2525 the index or the table section). The unwinding instructions
2526 are normalized by:
2527 - extracting them from the rest of the table data
2528 - converting to host endianness
2529 - appending the implicit 0xb0 ("Finish") code
2531 The extracted and normalized instructions are stored for later
2532 retrieval by the arm_find_exidx_entry routine. */
2534 static void
2536 {
2540 LONGEST i;
2542 /* If we've already touched this file, do nothing. */
2546 /* Read contents of exception table and index. */
2548 ELF_STRING_ARM_unwind);
2551 {
2559 }
2564 {
2572 }
2574 /* Allocate exception table data structure. */
2578 /* Fill in exception table. */
2580 {
2590 /* Extract address of start of function. */
2594 /* Find section containing function and compute section offset. */
2600 /* Determine address of exception table entry. */
2602 {
2603 /* EXIDX_CANTUNWIND -- no exception table entry present. */
2604 }
2606 {
2607 /* Exception table entry embedded in .ARM.exidx
2608 -- must be short form. */
2611 }
2613 {
2614 /* Exception table entry in .ARM.extab. */
2619 {
2625 {
2626 /* Short form. */
2628 }
2631 {
2632 /* Long form. */
2635 }
2637 {
2638 bfd_vma pers;
2642 /* Custom personality routine. */
2646 /* Check whether we've got one of the variants of the
2647 GNU personality routines. */
2650 {
2652 {
2657 NULL
2658 };
2666 {
2669 }
2670 }
2672 /* If so, the next word contains a word count in the high
2673 byte, followed by the same unwind instructions as the
2674 pre-defined forms. */
2677 {
2684 }
2685 }
2686 }
2687 }
2689 /* Sanity check address. */
2695 /* The unwind instructions reside in WORD (only the N_BYTES least
2696 significant bytes are valid), followed by N_WORDS words in the
2697 extab section starting at ADDR. */
2699 {
2708 {
2717 }
2719 /* Implied "Finish" to terminate the list. */
2721 }
2723 /* Push entry onto vector. They are guaranteed to always
2724 appear in order of increasing addresses. */
2729 }
2730 }
2732 /* Search for the exception table entry covering MEMADDR. If one is found,
2733 return a pointer to its data. Otherwise, return 0. If START is non-NULL,
2734 set *START to the start of the region covered by this entry. */
2738 {
2743 {
2749 {
2753 {
2756 /* std::lower_bound finds the earliest ordered insertion
2757 point. If the following symbol starts at this exact
2758 address, we use that; otherwise, the preceding
2759 exception table entry covers this address. */
2761 {
2763 {
2767 }
2768 }
2771 {
2776 }
2777 }
2778 }
2779 }
2782 }
2784 /* Given the current frame THIS_FRAME, and its associated frame unwinding
2785 instruction list from the ARM exception table entry ENTRY, allocate and
2786 return a prologue cache structure describing how to unwind this frame.
2788 Return NULL if the unwinding instruction list contains a "spare",
2789 "reserved" or "refuse to unwind" instruction as defined in section
2790 "9.3 Frame unwinding instructions" of the "Exception Handling ABI
2791 for the ARM Architecture" document. */
2795 {
2804 {
2805 gdb_byte insn;
2807 /* Whenever we reload SP, we actually have to retrieve its
2808 actual value in the current frame. */
2810 {
2812 {
2815 }
2816 else
2817 {
2820 }
2823 }
2825 /* Decode next unwind instruction. */
2829 {
2832 }
2834 {
2837 }
2839 {
2843 /* The special case of an all-zero mask identifies
2844 "Refuse to unwind". We return NULL to fall back
2845 to the prologue analyzer. */
2849 /* Pop registers r4..r15 under mask. */
2852 {
2855 }
2857 /* Special-case popping SP -- we need to reload vsp. */
2860 }
2862 {
2865 /* Reserved cases. */
2869 /* Set SP from another register and mark VSP for reload. */
2872 }
2874 {
2879 /* Pop r4..r[4+count]. */
2881 {
2884 }
2886 /* If indicated by flag, pop LR as well. */
2888 {
2891 }
2892 }
2894 {
2895 /* We could only have updated PC by popping into it; if so, it
2896 will show up as address. Otherwise, copy LR into PC. */
2901 /* We're done. */
2903 }
2905 {
2909 /* All-zero mask and mask >= 16 is "spare". */
2913 /* Pop r0..r3 under mask. */
2916 {
2919 }
2920 }
2922 {
2926 do
2927 {
2930 }
2934 }
2936 {
2941 /* Only registers D0..D15 are valid here. */
2945 /* Pop VFP double-precision registers D[start]..D[start+count]. */
2947 {
2950 }
2952 /* Add an extra 4 bytes for FSTMFDX-style stack. */
2954 }
2956 {
2960 /* Pop VFP double-precision registers D[8]..D[8+count]. */
2962 {
2965 }
2967 /* Add an extra 4 bytes for FSTMFDX-style stack. */
2969 }
2971 {
2976 /* Only registers WR0..WR15 are valid. */
2980 /* Pop iwmmx registers WR[start]..WR[start+count]. */
2982 {
2985 }
2986 }
2988 {
2992 /* All-zero mask and mask >= 16 is "spare". */
2996 /* Pop iwmmx general-purpose registers WCGR0..WCGR3 under mask. */
2999 {
3002 }
3003 }
3005 {
3009 /* Pop iwmmx registers WR[10]..WR[10+count]. */
3011 {
3014 }
3015 }
3017 {
3022 /* Only registers D0..D31 are valid. */
3026 /* Pop VFP double-precision registers
3027 D[16+start]..D[16+start+count]. */
3029 {
3032 }
3033 }
3035 {
3040 /* Pop VFP double-precision registers D[start]..D[start+count]. */
3042 {
3045 }
3046 }
3048 {
3052 /* Pop VFP double-precision registers D[8]..D[8+count]. */
3054 {
3057 }
3058 }
3059 else
3060 {
3061 /* Everything else is "spare". */
3063 }
3064 }
3066 /* If we restore SP from a register, assume this was the frame register.
3067 Otherwise just fall back to SP as frame register. */
3070 else
3073 /* Determine offset to previous frame. */
3074 cache->framesize
3077 /* We already got the previous SP. */
3078 arm_gdbarch_tdep *tdep
3083 }
3085 /* Unwinding via ARM exception table entries. Note that the sniffer
3086 already computes a filled-in prologue cache, which is then used
3087 with the same arm_prologue_this_id and arm_prologue_prev_register
3088 routines also used for prologue-parsing based unwinding. */
3090 static int
3094 {
3101 /* See if we have an ARM exception table entry covering this address. */
3107 /* The ARM exception table does not describe unwind information
3108 for arbitrary PC values, but is guaranteed to be correct only
3109 at call sites. We have to decide here whether we want to use
3110 ARM exception table information for this frame, or fall back
3111 to using prologue parsing. (Note that if we have DWARF CFI,
3112 this sniffer isn't even called -- CFI is always preferred.)
3114 Before we make this decision, however, we check whether we
3115 actually have *symbol* information for the current frame.
3116 If not, prologue parsing would not work anyway, so we might
3117 as well use the exception table and hope for the best. */
3119 {
3122 /* If the next frame is "normal", we are at a call site in this
3123 frame, so exception information is guaranteed to be valid. */
3128 /* Some syscalls keep PC pointing to the SVC instruction itself. */
3130 {
3131 /* We also assume exception information is valid if we're currently
3132 blocked in a system call. The system library is supposed to
3133 ensure this, so that e.g. pthread cancellation works. */
3135 {
3136 ULONGEST insn;
3144 }
3145 else
3146 {
3147 ULONGEST insn;
3155 }
3156 }
3158 /* Bail out if we don't know that exception information is valid. */
3162 /* The ARM exception index does not mark the *end* of the region
3163 covered by the entry, and some functions will not have any entry.
3164 To correctly recognize the end of the covered region, the linker
3165 should have inserted dummy records with a CANTUNWIND marker.
3167 Unfortunately, current versions of GNU ld do not reliably do
3168 this, and thus we may have found an incorrect entry above.
3169 As a (temporary) sanity check, we only use the entry if it
3170 lies *within* the bounds of the function. Note that this check
3171 might reject perfectly valid entries that just happen to cover
3172 multiple functions; therefore this check ought to be removed
3173 once the linker is fixed. */
3176 }
3178 /* Decode the list of unwinding instructions into a prologue cache.
3179 Note that this may fail due to e.g. a "refuse to unwind" code. */
3186 }
3190 NORMAL_FRAME,
3191 default_frame_unwind_stop_reason,
3192 arm_prologue_this_id,
3193 arm_prologue_prev_register,
3194 NULL,
3195 arm_exidx_unwind_sniffer
3196 };
3200 {
3207 /* Still rely on the offset calculated from prologue. */
3210 /* Since we are in epilogue, the SP has been restored. */
3211 arm_gdbarch_tdep *tdep
3215 ARM_SP_REGNUM));
3217 /* Calculate actual addresses of saved registers using offsets
3218 determined by arm_scan_prologue. */
3225 }
3227 /* Implementation of function hook 'this_id' in
3228 'struct frame_uwnind' for epilogue unwinder. */
3230 static void
3234 {
3242 /* Use function start address as part of the frame ID. If we cannot
3243 identify the start address (due to missing symbol information),
3244 fall back to just using the current PC. */
3250 arm_gdbarch_tdep *tdep
3253 }
3255 /* Implementation of function hook 'prev_register' in
3256 'struct frame_uwnind' for epilogue unwinder. */
3261 {
3266 }
3269 CORE_ADDR pc);
3271 CORE_ADDR pc);
3273 /* Implementation of function hook 'sniffer' in
3274 'struct frame_uwnind' for epilogue unwinder. */
3276 static int
3280 {
3282 {
3288 else
3290 }
3291 else
3293 }
3295 /* Frame unwinder from epilogue. */
3298 {
3300 NORMAL_FRAME,
3301 default_frame_unwind_stop_reason,
3302 arm_epilogue_frame_this_id,
3303 arm_epilogue_frame_prev_register,
3304 NULL,
3305 arm_epilogue_frame_sniffer,
3306 };
3308 /* Recognize GCC's trampoline for thumb call-indirect. If we are in a
3309 trampoline, return the target PC. Otherwise return 0.
3311 void call0a (char c, short s, int i, long l) {}
3313 int main (void)
3314 {
3315 (*pointer_to_call0a) (c, s, i, l);
3316 }
3318 Instead of calling a stub library function _call_via_xx (xx is
3319 the register name), GCC may inline the trampoline in the object
3320 file as below (register r2 has the address of call0a).
3322 .global main
3323 .type main, %function
3324 ...
3325 bl .L1
3326 ...
3327 .size main, .-main
3329 .L1:
3330 bx r2
3332 The trampoline 'bx r2' doesn't belong to main. */
3334 static CORE_ADDR
3336 {
3337 /* The heuristics of recognizing such trampoline is that FRAME is
3338 executing in Thumb mode and the instruction on PC is 'bx Rm'. */
3340 {
3344 {
3346 enum bfd_endian byte_order_for_code
3348 uint16_t insn
3352 {
3353 CORE_ADDR dest
3356 /* Clear the LSB so that gdb core sets step-resume
3357 breakpoint at the right address. */
3359 }
3360 }
3361 }
3364 }
3368 {
3374 arm_gdbarch_tdep *tdep
3378 ARM_SP_REGNUM));
3381 }
3383 /* Our frame ID for a stub frame is the current SP and LR. */
3385 static void
3389 {
3396 arm_gdbarch_tdep *tdep
3400 }
3402 static int
3406 {
3407 CORE_ADDR addr_in_block;
3415 /* We also use the stub winder if the target memory is unreadable
3416 to avoid having the prologue unwinder trying to read it. */
3425 }
3429 NORMAL_FRAME,
3430 default_frame_unwind_stop_reason,
3431 arm_stub_this_id,
3432 arm_prologue_prev_register,
3433 NULL,
3434 arm_stub_unwind_sniffer
3435 };
3437 /* Put here the code to store, into CACHE->saved_regs, the addresses
3438 of the saved registers of frame described by THIS_FRAME. CACHE is
3439 returned. */
3443 {
3451 /* ARMv7-M Architecture Reference "B1.5.6 Exception entry behavior"
3452 describes which bits in LR that define which stack was used prior
3453 to the exception and if FPU is used (causing extended stack frame). */
3455 /* In the lockup state PC contains a lockup magic value.
3456 The PC value of the the next outer frame is irreversibly
3457 lost. The other registers are intact so LR likely contains
3458 PC of some frame next to the outer one, but we cannot analyze
3459 the next outer frame without knowing its PC
3460 therefore we do not know SP fixup for this frame.
3461 Some heuristics to resynchronize SP might be possible.
3462 For simplicity, just terminate the unwinding to prevent it going
3463 astray and attempting to read data/addresses it shouldn't,
3464 which may cause further issues due to side-effects. */
3467 {
3468 /* The lockup can be real just in the innermost frame
3469 as the CPU is stopped and cannot create more frames.
3470 If we hit lockup magic PC in the other frame, it is
3471 just a sentinel at the top of stack: do not warn then. */
3475 /* Terminate any further stack unwinding. */
3478 }
3482 /* ARMv7-M Architecture Reference "A2.3.1 Arm core registers"
3483 states that LR is set to 0xffffffff on reset. ARMv8-M Architecture
3484 Reference "B3.3 Registers" states that LR is set to 0xffffffff on warm
3485 reset if Main Extension is implemented, otherwise the value is unknown. */
3487 {
3488 /* Terminate any further stack unwinding. */
3491 }
3493 /* Check FNC_RETURN indicator bits (24-31). */
3496 {
3497 /* FNC_RETURN is only valid for targets with Security Extension. */
3499 {
3501 "Register value %s that requires the security extension, "
3502 "but the extension was not found or is disabled. This "
3503 "should not happen and may be caused by corrupt data or a "
3505 }
3508 {
3511 /* Terminate any further stack unwinding. */
3514 }
3518 /* Handler mode: This is the mode that exceptions are handled in. */
3520 else
3521 /* Thread mode: This is the normal mode that programs run in. */
3526 /* Stack layout for a function call from Secure to Non-Secure state
3527 (ARMv8-M section B3.16):
3529 SP Offset
3531 +-------------------+
3532 0x08 | |
3533 +-------------------+ <-- Original SP
3534 0x04 | Partial xPSR |
3535 +-------------------+
3536 0x00 | Return Address |
3537 +===================+ <-- New SP */
3546 }
3548 /* Check EXC_RETURN indicator bits (24-31). */
3551 {
3558 /* Check EXC_RETURN bit SPSEL if Main or Thread (process) stack used. */
3562 {
3567 /* Unwinding from non-secure to secure can trip security
3568 measures. In order to avoid the debugger being
3569 intrusive, rely on the user to configure the requested
3570 mode. */
3573 {
3576 /* Terminate any further stack unwinding. */
3579 }
3582 {
3584 /* Secure thread (process) stack used, use PSP_S as SP. */
3586 else
3587 /* Non-secure thread (process) stack used, use PSP_NS as SP. */
3589 }
3590 else
3591 {
3593 /* Secure main stack used, use MSP_S as SP. */
3595 else
3596 /* Non-secure main stack used, use MSP_NS as SP. */
3598 }
3599 }
3600 else
3601 {
3603 /* Thread (process) stack used, use PSP as SP. */
3605 else
3606 /* Main stack used, use MSP as SP. */
3608 }
3610 /* Set the active SP regnum. */
3613 /* Fetch the SP to use for this frame. */
3616 /* Exception entry context stacking are described in ARMv8-M (section
3617 B3.19) and ARMv7-M (sections B1.5.6 and B1.5.7) Architecture Reference
3618 Manuals.
3620 The following figure shows the structure of the stack frame when
3621 Security and Floating-point extensions are present.
3623 SP Offsets
3624 Without With
3625 Callee Regs Callee Regs
3626 (Secure -> Non-Secure)
3627 +-------------------+
3628 0xA8 | | 0xD0
3629 +===================+ --+ <-- Original SP
3630 0xA4 | S31 | 0xCC |
3631 +-------------------+ |
3632 ... | Additional FP context
3633 +-------------------+ |
3634 0x68 | S16 | 0x90 |
3635 +===================+ --+
3636 0x64 | Reserved | 0x8C |
3637 +-------------------+ |
3638 0x60 | FPSCR | 0x88 |
3639 +-------------------+ |
3640 0x5C | S15 | 0x84 | FP context
3641 +-------------------+ |
3642 ... |
3643 +-------------------+ |
3644 0x20 | S0 | 0x48 |
3645 +===================+ --+
3646 0x1C | xPSR | 0x44 |
3647 +-------------------+ |
3648 0x18 | Return address | 0x40 |
3649 +-------------------+ |
3650 0x14 | LR(R14) | 0x3C |
3651 +-------------------+ |
3652 0x10 | R12 | 0x38 | State context
3653 +-------------------+ |
3654 0x0C | R3 | 0x34 |
3655 +-------------------+ |
3656 ... |
3657 +-------------------+ |
3658 0x00 | R0 | 0x28 |
3659 +===================+ --+
3660 | R11 | 0x24 |
3661 +-------------------+ |
3662 ... |
3663 +-------------------+ | Additional state
3664 | R4 | 0x08 | context when
3665 +-------------------+ | transitioning from
3666 | Reserved | 0x04 | Secure to Non-Secure
3667 +-------------------+ |
3668 | Magic signature | 0x00 |
3669 +===================+ --+ <-- New SP */
3673 /* With the Security extension, the hardware saves R4..R11 too. */
3676 {
3677 /* Read R4..R11 from the integer callee registers. */
3687 }
3689 /* The hardware saves eight 32-bit words, comprising xPSR,
3690 ReturnAddress, LR (R14), R12, R3, R2, R1, R0. See details in
3691 "B1.5.6 Exception entry behavior" in
3692 "ARMv7-M Architecture Reference Manual". */
3706 /* Check EXC_RETURN bit FTYPE if extended stack frame (FPU regs stored)
3707 type used. */
3710 {
3711 ULONGEST fpccr;
3712 ULONGEST fpcar;
3714 /* Read FPCCR register. */
3717 {
3722 }
3724 /* Read FPCAR register. */
3727 {
3731 }
3738 /* The LSPEN and ASPEN bits indicate if the lazy state preservation
3739 for FP registers is enabled or disabled. The LSPACT bit indicate,
3740 together with FPCAR, if the lazy state preservation feature is
3741 active for the current frame or for another frame.
3742 See "Lazy context save of FP state", in B1.5.7, also ARM AN298,
3743 supported by Cortex-M4F architecture for details. */
3747 && fpccr_lspact
3750 /* Extended stack frame type used. */
3752 {
3755 {
3758 }
3759 }
3765 {
3766 /* Handle floating-point callee saved registers. */
3768 {
3771 {
3774 }
3775 }
3779 }
3780 else
3781 {
3782 /* Offset 0x64 is reserved. */
3785 }
3786 }
3787 else
3788 {
3789 /* Standard stack frame type used. */
3792 }
3794 /* If bit 9 of the saved xPSR is set, then there is a four-byte
3795 aligner between the top of the 32-byte stack frame and the
3796 previous context's stack pointer. */
3797 ULONGEST xpsr;
3801 {
3806 }
3809 {
3812 }
3815 }
3818 "found unexpected Link Register value "
3819 "%s. This should not happen and may "
3820 "be caused by corrupt data or a bug in"
3823 }
3825 /* Implementation of the stop_reason hook for arm_m_exception frames. */
3827 static enum unwind_stop_reason
3830 {
3832 arm_gdbarch_tdep *tdep
3839 /* If we've hit a wall, stop. */
3844 }
3846 /* Implementation of function hook 'this_id' in
3847 'struct frame_uwnind'. */
3849 static void
3853 {
3860 /* Our frame ID for a stub frame is the current SP and LR. */
3861 arm_gdbarch_tdep *tdep
3865 }
3867 /* Implementation of function hook 'prev_register' in
3868 'struct frame_uwnind'. */
3874 {
3876 CORE_ADDR sp_value;
3882 /* The value was already reconstructed into PREV_SP. */
3883 arm_gdbarch_tdep *tdep
3889 /* If we are asked to unwind the PC, strip the saved T bit. */
3891 {
3894 prev_regnum);
3898 }
3900 /* The value might be one of the alternative SP, if so, use the
3901 value already constructed. */
3903 {
3906 }
3908 /* If we are asked to unwind the xPSR, set T bit if PC is in thumb mode.
3909 LR register is unreliable as it contains FNC_RETURN or EXC_RETURN
3910 pattern. */
3912 {
3916 ARM_PC_REGNUM);
3919 ARM_PS_REGNUM);
3922 /* Reconstruct the T bit; see arm_prologue_prev_register for details. */
3925 }
3928 prev_regnum);
3929 }
3931 /* Implementation of function hook 'sniffer' in
3932 'struct frame_uwnind'. */
3934 static int
3938 {
3942 /* No need to check is_m; this sniffer is only registered for
3943 M-profile architectures. */
3945 /* Check if exception frame returns to a magic PC value. */
3947 }
3949 /* Frame unwinder for M-profile exceptions (EXC_RETURN on stack),
3950 lockup and secure/nonsecure interstate function calls (FNC_RETURN). */
3953 {
3955 SIGTRAMP_FRAME,
3956 arm_m_exception_frame_unwind_stop_reason,
3957 arm_m_exception_this_id,
3958 arm_m_exception_prev_register,
3959 NULL,
3960 arm_m_exception_unwind_sniffer
3961 };
3963 static CORE_ADDR
3965 {
3972 arm_gdbarch_tdep *tdep
3975 }
3979 arm_normal_frame_base,
3980 arm_normal_frame_base,
3981 arm_normal_frame_base
3982 };
3984 struct arm_dwarf2_prev_register_cache
3985 {
3986 /* Cached value of the corresponding stack pointer for the inner frame. */
3987 CORE_ADDR sp;
3988 CORE_ADDR msp;
3989 CORE_ADDR msp_s;
3990 CORE_ADDR msp_ns;
3991 CORE_ADDR psp;
3992 CORE_ADDR psp_s;
3993 CORE_ADDR psp_ns;
3994 };
3999 {
4002 CORE_ADDR lr;
4003 ULONGEST cpsr;
4004 arm_dwarf2_prev_register_cache *cache
4007 arm_dwarf2_prev_register));
4010 {
4017 {
4018 cache->sp
4021 cache->msp_s
4024 cache->msp_ns
4027 cache->psp_s
4030 cache->psp_ns
4033 }
4035 {
4036 cache->sp
4039 cache->msp
4042 cache->psp
4045 }
4046 }
4049 {
4050 /* The PC is normally copied from the return column, which
4051 describes saves of LR. However, that version may have an
4052 extra bit set to indicate Thumb state. The bit is not
4053 part of the PC. */
4055 /* Record in the frame whether the return address was signed. */
4057 {
4058 CORE_ADDR ra_auth_code
4064 }
4069 }
4071 {
4072 /* Reconstruct the T bit; see arm_prologue_prev_register for details. */
4077 }
4079 {
4080 /* Handle the alternative SP registers on Cortex-M. */
4082 CORE_ADDR val;
4085 {
4102 }
4104 {
4111 }
4114 {
4115 /* Use value of SP from previous frame. */
4119 else
4121 }
4122 else
4123 /* Use value for the register from previous frame. */
4127 }
4130 }
4132 /* Implement the stack_frame_destroyed_p gdbarch method. */
4134 static int
4136 {
4141 CORE_ADDR scan_pc;
4147 /* The epilogue is a sequence of instructions along the following lines:
4149 - add stack frame size to SP or FP
4150 - [if frame pointer used] restore SP from FP
4151 - restore registers from SP [may include PC]
4152 - a return-type instruction [if PC wasn't already restored]
4154 In a first pass, we scan forward from the current PC and verify the
4155 instructions we find as compatible with this sequence, ending in a
4156 return instruction.
4158 However, this is not sufficient to distinguish indirect function calls
4159 within a function from indirect tail calls in the epilogue in some cases.
4160 Therefore, if we didn't already find any SP-changing instruction during
4161 forward scan, we add a backward scanning heuristic to ensure we actually
4162 are in the epilogue. */
4166 {
4178 {
4181 }
4183 {
4191 {
4194 }
4197 {
4200 }
4203 ;
4204 else
4206 }
4207 else
4209 }
4214 /* Since any instruction in the epilogue sequence, with the possible
4215 exception of return itself, updates the stack pointer, we need to
4216 scan backwards for at most one instruction. Try either a 16-bit or
4217 a 32-bit instruction. This is just a heuristic, so we do not worry
4218 too much about false positives. */
4240 }
4242 static int
4244 {
4253 /* We are in the epilogue if the previous instruction was a stack
4254 adjustment and the next instruction is a possible return (bx, mov
4255 pc, or pop). We could have to scan backwards to find the stack
4256 adjustment, or forwards to find the return, but this is a decent
4257 approximation. First scan forwards. */
4262 {
4264 /* BX. */
4267 /* MOV PC. */
4271 /* POP (LDMIA), including PC or LR. */
4273 }
4278 /* Scan backwards. This is just a heuristic, so do not worry about
4279 false positives from mode changes. */
4289 }
4291 /* Implement the stack_frame_destroyed_p gdbarch method. */
4293 static int
4295 {
4298 else
4300 }
4302 /* When arguments must be pushed onto the stack, they go on in reverse
4303 order. The code below implements a FILO (stack) to do this. */
4305 struct arm_stack_item
4306 {
4310 };
4315 {
4323 }
4327 {
4333 }
4335 /* Implement the gdbarch type alignment method, overrides the generic
4336 alignment algorithm for anything that is arm specific. */
4338 static ULONGEST
4340 {
4343 {
4344 /* Use the natural alignment for vector types (the same for
4345 scalar type), but the maximum alignment is 64-bit. */
4348 else
4350 }
4352 /* Allow the common code to calculate the alignment. */
4354 }
4356 /* Possible base types for a candidate for passing and returning in
4357 VFP registers. */
4359 enum arm_vfp_cprc_base_type
4360 {
4361 VFP_CPRC_UNKNOWN,
4362 VFP_CPRC_SINGLE,
4363 VFP_CPRC_DOUBLE,
4364 VFP_CPRC_VEC64,
4365 VFP_CPRC_VEC128
4366 };
4368 /* The length of one element of base type B. */
4370 static unsigned
4372 {
4374 {
4386 }
4387 }
4389 /* The character ('s', 'd' or 'q') for the type of VFP register used
4390 for passing base type B. */
4392 static int
4394 {
4396 {
4408 }
4409 }
4411 /* Determine whether T may be part of a candidate for passing and
4412 returning in VFP registers, ignoring the limit on the total number
4413 of components. If *BASE_TYPE is VFP_CPRC_UNKNOWN, set it to the
4414 classification of the first valid component found; if it is not
4415 VFP_CPRC_UNKNOWN, all components must have the same classification
4416 as *BASE_TYPE. If it is found that T contains a type not permitted
4417 for passing and returning in VFP registers, a type differently
4418 classified from *BASE_TYPE, or two types differently classified
4419 from each other, return -1, otherwise return the total number of
4420 base-type elements found (possibly 0 in an empty structure or
4421 array). Vector types are not currently supported, matching the
4422 generic AAPCS support. */
4424 static int
4427 {
4430 {
4433 {
4450 }
4454 /* Arguments of complex T where T is one of the types float or
4455 double get treated as if they are implemented as:
4457 struct complexT
4458 {
4459 T real;
4460 T imag;
4461 };
4463 */
4465 {
4482 }
4486 {
4488 {
4489 /* A 64-bit or 128-bit containerized vector type are VFP
4490 CPRCs. */
4492 {
4503 }
4504 }
4505 else
4506 {
4511 base_type);
4515 {
4518 }
4524 }
4525 }
4529 {
4534 {
4539 base_type);
4543 }
4545 {
4548 }
4555 }
4558 {
4563 {
4565 base_type);
4569 }
4571 {
4574 }
4581 }
4585 }
4588 }
4590 /* Determine whether T is a VFP co-processor register candidate (CPRC)
4591 if passed to or returned from a non-variadic function with the VFP
4592 ABI in effect. Return 1 if it is, 0 otherwise. If it is, set
4593 *BASE_TYPE to the base type for T and *COUNT to the number of
4594 elements of that base type before returning. */
4596 static int
4599 {
4607 }
4609 /* Return 1 if the VFP ABI should be used for passing arguments to and
4610 returning values from a function of type FUNC_TYPE, 0
4611 otherwise. */
4613 static int
4615 {
4618 /* Variadic functions always use the base ABI. Assume that functions
4619 without debug info are not variadic. */
4623 /* The VFP ABI is only supported as a variant of AAPCS. */
4628 }
4630 /* We currently only support passing parameters in integer registers, which
4631 conforms with GCC's default model, and VFP argument passing following
4632 the VFP variant of AAPCS. Several other variants exist and
4633 we should probably support some of them based on the selected ABI. */
4635 static CORE_ADDR
4639 function_call_return_method return_method,
4640 CORE_ADDR struct_addr)
4641 {
4652 /* Determine the type of this function and whether the VFP ABI
4653 applies. */
4659 /* Set the return address. For the ARM, the return breakpoint is
4660 always at BP_ADDR. */
4665 /* Walk through the list of args and determine how large a temporary
4666 stack is required. Need to take care here as structs may be
4667 passed on the stack, and we have to push them. */
4673 /* The struct_return pointer occupies the first parameter
4674 passing register. */
4676 {
4682 argreg++;
4683 }
4686 {
4704 /* Round alignment up to a whole number of words. */
4707 /* Different ABIs have different maximum alignments. */
4709 {
4710 /* The APCS ABI only requires word alignment. */
4712 }
4713 else
4714 {
4715 /* The AAPCS requires at most doubleword alignment. */
4718 }
4723 {
4729 /* Because this is a CPRC it cannot go in a core register or
4730 cause a core register to be skipped for alignment.
4731 Either it goes in VFP registers and the rest of this loop
4732 iteration is skipped for this argument, or it goes on the
4733 stack (and the stack alignment code is correct for this
4734 case). */
4745 {
4754 {
4760 else
4761 {
4767 }
4768 }
4770 }
4771 else
4772 {
4773 /* This CPRC could not go in VFP registers, so all VFP
4774 registers are now marked as used. */
4776 }
4777 }
4779 /* Push stack padding for doubleword alignment. */
4781 {
4784 }
4786 /* Doubleword aligned quantities must go in even register pairs. */
4791 argreg++;
4793 /* If the argument is a pointer to a function, and it is a
4794 Thumb function, create a LOCAL copy of the value and set
4795 the THUMB bit in it. */
4799 {
4802 {
4807 }
4808 }
4810 /* Copy the argument to general registers or the stack in
4811 register-sized pieces. Large arguments are split between
4812 registers and stack. */
4814 {
4817 CORE_ADDR regval
4821 {
4822 /* The argument is being passed in a general purpose
4823 register. */
4829 argreg++;
4830 }
4831 else
4832 {
4838 /* Push the arguments onto the stack. */
4842 }
4846 }
4847 }
4848 /* If we have an odd number of words to push, then decrement the stack
4849 by one word now, so first stack argument will be dword aligned. */
4854 {
4858 }
4860 /* Finally, update the SP register. */
4864 }
4867 /* Always align the frame to an 8-byte boundary. This is required on
4868 some platforms and harmless on the rest. */
4870 static CORE_ADDR
4872 {
4873 /* Align the stack to eight bytes. */
4875 }
4877 static void
4879 {
4891 }
4893 /* Print interesting information about the floating point processor
4894 (if present) or emulator. */
4895 static void
4898 {
4905 else
4907 /* i18n: [floating point unit] mask */
4910 /* i18n: [floating point unit] flags */
4913 }
4915 /* Construct the ARM extended floating point type. */
4918 {
4922 {
4924 tdep->arm_ext_type
4926 floatformats_arm_ext);
4927 }
4930 }
4934 {
4938 {
4942 TYPE_CODE_UNION);
4959 }
4962 }
4964 /* FIXME: The vector types are not correctly ordered on big-endian
4965 targets. Just as s0 is the low bits of d0, d0[0] is also the low
4966 bits of d0 - regardless of what unit size is being held in d0. So
4967 the offset of the first uint8 in d0 is 7, but the offset of the
4968 first float is 4. This code works as-is for little-endian
4969 targets. */
4973 {
4977 {
4981 TYPE_CODE_UNION);
4998 }
5001 }
5003 /* Return true if REGNUM is a Q pseudo register. Return false
5004 otherwise.
5006 REGNUM is the raw register number and not a pseudo-relative register
5007 number. */
5009 static bool
5011 {
5014 /* Q pseudo registers are available for both NEON (Q0~Q15) and
5015 MVE (Q0~Q7) features. */
5022 }
5024 /* Return true if REGNUM is a VFP S pseudo register. Return false
5025 otherwise.
5027 REGNUM is the raw register number and not a pseudo-relative register
5028 number. */
5030 static bool
5032 {
5041 }
5043 /* Return true if REGNUM is a MVE pseudo register (P0). Return false
5044 otherwise.
5046 REGNUM is the raw register number and not a pseudo-relative register
5047 number. */
5049 static bool
5051 {
5060 }
5062 /* Return true if REGNUM is a PACBTI pseudo register (ra_auth_code). Return
5063 false otherwise.
5065 REGNUM is the raw register number and not a pseudo-relative register
5066 number. */
5068 static bool
5070 {
5079 }
5081 /* Return the GDB type object for the "standard" data type of data in
5082 register N. */
5086 {
5101 /* If the target description has register information, we are only
5102 in this function so that we can override the types of
5103 double-precision registers for NEON. */
5105 {
5112 else
5114 }
5117 {
5122 }
5128 /* These registers are only supported on targets which supply
5129 an XML description. */
5131 else
5133 }
5135 /* Map a DWARF register REGNUM onto the appropriate GDB register
5136 number. */
5138 static int
5140 {
5141 /* Core integer regs. */
5145 /* Legacy FPA encoding. These were once used in a way which
5146 overlapped with VFP register numbering, so their use is
5147 discouraged, but GDB doesn't support the ARM toolchain
5148 which used them for VFP. */
5152 /* New assignments for the FPA registers. */
5156 /* WMMX register assignments. */
5163 /* PACBTI register containing the Pointer Authentication Code. */
5165 {
5172 }
5177 /* VFP v2 registers. A double precision value is actually
5178 in d1 rather than s2, but the ABI only defines numbering
5179 for the single precision registers. This will "just work"
5180 in GDB for little endian targets (we'll read eight bytes,
5181 starting in s0 and then progressing to s1), but will be
5182 reversed on big endian targets with VFP. This won't
5183 be a problem for the new Neon quad registers; you're supposed
5184 to use DW_OP_piece for those. */
5186 {
5192 }
5194 /* VFP v3 / Neon registers. This range is also used for VFP v2
5195 registers, except that it now describes d0 instead of s0. */
5197 {
5203 }
5206 }
5208 /* Map GDB internal REGNUM onto the Arm simulator register numbers. */
5209 static int
5211 {
5237 }
5241 static void
5245 {
5249 {
5250 /* Initialize RA_AUTH_CODE to zero. */
5255 }
5258 {
5261 }
5265 {
5266 /* Handle the alternative SP registers on Cortex-M. */
5269 }
5270 }
5272 /* Given BUF, which is OLD_LEN bytes ending at ENDADDR, expand
5273 the buffer to be NEW_LEN bytes ending at ENDADDR. Return
5274 NULL if an error occurs. BUF is freed. */
5279 {
5287 {
5290 }
5292 }
5294 /* An IT block is at most the 2-byte IT instruction followed by
5295 four 4-byte instructions. The furthest back we must search to
5296 find an IT block that affects the current instruction is thus
5297 2 + 3 * 4 == 14 bytes. */
5298 #define MAX_IT_BLOCK_PREFIX 14
5300 /* Use a quick scan if there are more than this many bytes of
5301 code. */
5302 #define IT_SCAN_THRESHOLD 32
5304 /* Adjust a breakpoint's address to move breakpoints out of IT blocks.
5305 A breakpoint in an IT block may not be hit, depending on the
5306 condition flags. */
5307 static CORE_ADDR
5309 {
5318 /* If we are using BKPT breakpoints, none of this is necessary. */
5322 /* ARM mode does not have this problem. */
5326 /* We are setting a breakpoint in Thumb code that could potentially
5327 contain an IT block. The first step is to find how much Thumb
5328 code there is; we do not need to read outside of known Thumb
5329 sequences. */
5332 /* Thumb-2 code must have mapping symbols to have a chance. */
5338 {
5342 }
5344 /* Search for a candidate IT instruction. We have to do some fancy
5345 footwork to distinguish a real IT instruction from the second
5346 half of a 32-bit instruction, but there is no need for that if
5347 there's no candidate. */
5350 /* No room for an IT instruction. */
5358 {
5361 {
5364 }
5365 }
5368 {
5371 }
5373 /* OK, the code bytes before this instruction contain at least one
5374 halfword which resembles an IT instruction. We know that it's
5375 Thumb code, but there are still two possibilities. Either the
5376 halfword really is an IT instruction, or it is the second half of
5377 a 32-bit Thumb instruction. The only way we can tell is to
5378 scan forwards from a known instruction boundary. */
5380 {
5383 /* There's a lot of code before this instruction. Start with an
5384 optimistic search; it's easy to recognize halfwords that can
5385 not be the start of a 32-bit instruction, and use that to
5386 lock on to the instruction boundaries. */
5394 {
5397 {
5400 }
5401 }
5403 /* At this point, if DEFINITE, BUF[I] is the first place we
5404 are sure that we know the instruction boundaries, and it is far
5405 enough from BPADDR that we could not miss an IT instruction
5406 affecting BPADDR. If ! DEFINITE, give up - start from a
5407 known boundary. */
5409 {
5416 }
5417 }
5418 else
5419 {
5425 }
5427 /* Scan forwards. Find the last IT instruction before BPADDR. */
5431 {
5433 last_it_count--;
5435 {
5443 else
5445 }
5447 }
5452 /* There wasn't really an IT instruction after all. */
5456 /* It was too far away. */
5459 /* This really is a trouble spot. Move the breakpoint to the IT
5460 instruction. */
5462 }
5464 /* ARM displaced stepping support.
5466 Generally ARM displaced stepping works as follows:
5468 1. When an instruction is to be single-stepped, it is first decoded by
5469 arm_process_displaced_insn. Depending on the type of instruction, it is
5470 then copied to a scratch location, possibly in a modified form. The
5471 copy_* set of functions performs such modification, as necessary. A
5472 breakpoint is placed after the modified instruction in the scratch space
5473 to return control to GDB. Note in particular that instructions which
5474 modify the PC will no longer do so after modification.
5476 2. The instruction is single-stepped, by setting the PC to the scratch
5477 location address, and resuming. Control returns to GDB when the
5478 breakpoint is hit.
5480 3. A cleanup function (cleanup_*) is called corresponding to the copy_*
5481 function used for the current instruction. This function's job is to
5482 put the CPU/memory state back to what it would have been if the
5483 instruction had been executed unmodified in its original location. */
5485 /* NOP instruction (mov r0, r0). */
5486 #define ARM_NOP 0xe1a00000
5487 #define THUMB_NOP 0x4600
5489 /* Helper for register reads for displaced stepping. In particular, this
5490 returns the PC as it would be seen by the instruction at its original
5491 location. */
5493 ULONGEST
5496 {
5497 ULONGEST ret;
5501 {
5502 /* Compute pipeline offset:
5503 - When executing an ARM instruction, PC reads as the address of the
5504 current instruction plus 8.
5505 - When executing a Thumb instruction, PC reads as the address of the
5506 current instruction plus 4. */
5510 else
5516 }
5517 else
5518 {
5525 }
5526 }
5528 static int
5530 {
5531 ULONGEST ps;
5537 }
5539 /* Write to the PC as from a branch instruction. */
5541 static void
5543 ULONGEST val)
5544 {
5546 /* Note: If bits 0/1 are set, this branch would be unpredictable for
5547 architecture versions < 6. */
5550 else
5553 }
5555 /* Write to the PC as from a branch-exchange instruction. */
5557 static void
5559 {
5560 ULONGEST ps;
5566 {
5569 }
5571 {
5574 }
5575 else
5576 {
5577 /* Unpredictable behaviour. Try to do something sensible (switch to ARM
5578 mode, align dest to 4 bytes). */
5582 }
5583 }
5585 /* Write to the PC as if from a load instruction. */
5587 static void
5589 ULONGEST val)
5590 {
5593 else
5595 }
5597 /* Write to the PC as if from an ALU instruction. */
5599 static void
5601 ULONGEST val)
5602 {
5605 else
5607 }
5609 /* Helper for writing to registers for displaced stepping. Writing to the PC
5610 has a varying effects depending on the instruction which does the write:
5611 this is controlled by the WRITE_PC argument. */
5613 void
5616 {
5618 {
5622 {
5646 }
5649 }
5650 else
5651 {
5655 }
5656 }
5658 /* This function is used to concisely determine if an instruction INSN
5659 references PC. Register fields of interest in INSN should have the
5660 corresponding fields of BITMASK set to 0b1111. The function
5661 returns return 1 if any of these fields in INSN reference the PC
5662 (also 0b1111, r15), else it returns 0. */
5664 static int
5666 {
5670 {
5674 ;
5685 }
5688 }
5690 /* The simplest copy function. Many instructions have the same effect no
5691 matter what address they are executed at: in those cases, use this. */
5693 static int
5696 {
5703 }
5705 static int
5709 {
5718 }
5720 /* Copy 16-bit Thumb(Thumb and 16-bit Thumb-2) instruction without any
5721 modification. */
5722 static int
5726 {
5733 }
5735 /* Preload instructions with immediate offset. */
5737 static void
5740 {
5744 }
5746 static void
5749 {
5750 ULONGEST rn_val;
5751 /* Preload instructions:
5753 {pli/pld} [rn, #+/-imm]
5754 ->
5755 {pli/pld} [r0, #+/-imm]. */
5763 }
5765 static int
5768 {
5781 }
5783 static int
5786 {
5790 ULONGEST pc_val;
5795 /* PC is only allowed to use in PLI (immediate,literal) Encoding T3, and
5796 PLD (literal) Encoding T1. */
5799 imm12);
5804 /* Rewrite instruction {pli/pld} PC imm12 into:
5805 Prepare: tmp[0] <- r0, tmp[1] <- r1, r0 <- pc, r1 <- imm12
5807 {pli/pld} [r0, r1]
5809 Cleanup: r0 <- tmp[0], r1 <- tmp[1]. */
5820 /* {pli/pld} [r0, r1] */
5827 }
5829 /* Preload instructions with register offset. */
5831 static void
5835 {
5838 /* Preload register-offset instructions:
5840 {pli/pld} [rn, rm {, shift}]
5841 ->
5842 {pli/pld} [r0, r1 {, shift}]. */
5853 }
5855 static int
5859 {
5874 }
5876 /* Copy/cleanup coprocessor load and store instructions. */
5878 static void
5882 {
5889 }
5891 static void
5895 {
5896 ULONGEST rn_val;
5898 /* Coprocessor load/store instructions:
5900 {stc/stc2} [<Rn>, #+/-imm] (and other immediate addressing modes)
5901 ->
5902 {stc/stc2} [r0, #+/-imm].
5904 ldc/ldc2 are handled identically. */
5908 /* PC should be 4-byte aligned. */
5916 }
5918 static int
5922 {
5936 }
5938 static int
5942 {
5956 /* This function is called for copying instruction LDC/LDC2/VLDR, which
5957 doesn't support writeback, so pass 0. */
5961 }
5963 /* Clean up branch instructions (actually perform the branch, by setting
5964 PC). */
5966 static void
5969 {
5979 {
5980 /* The value of LR should be the next insn of current one. In order
5981 not to confuse logic handling later insn `bx lr', if current insn mode
5982 is Thumb, the bit 0 of LR value should be set to 1. */
5989 CANNOT_WRITE_PC);
5990 }
5993 }
5995 /* Copy B/BL/BLX instructions with immediate destinations. */
5997 static void
6001 {
6002 /* Implement "BL<cond> <label>" as:
6004 Preparation: cond <- instruction condition
6005 Insn: mov r0, r0 (nop)
6006 Cleanup: if (condition true) { r14 <- pc; pc <- label }.
6008 B<cond> similar, but don't set r14 in cleanup. */
6016 /* For BLX, offset is computed from the Align (PC, 4). */
6021 else
6025 }
6026 static int
6029 {
6039 /* For BLX, set bit 0 of the destination. The cleanup_branch function will
6040 then arrange the switch into Thumb mode. */
6042 else
6052 }
6054 static int
6058 {
6070 {
6073 {
6079 }
6081 {
6087 }
6088 }
6089 else
6090 {
6095 }
6105 }
6107 /* Copy B Thumb instructions. */
6108 static int
6111 {
6118 {
6119 /* offset = SignExtend (imm8:0, 32) */
6122 }
6124 {
6127 }
6142 }
6144 /* Copy BX/BLX with register-specified destinations. */
6146 static void
6150 {
6151 /* Implement {BX,BLX}<cond> <reg>" as:
6153 Preparation: cond <- instruction condition
6154 Insn: mov r0, r0 (nop)
6155 Cleanup: if (condition true) { r14 <- pc; pc <- dest; }.
6157 Don't set r14 in cleanup for BX. */
6167 }
6169 static int
6172 {
6174 /* BX: x12xxx1x
6175 BLX: x12xxx3x. */
6185 }
6187 static int
6191 {
6202 }
6205 /* Copy/cleanup arithmetic/logic instruction with immediate RHS. */
6207 static void
6210 {
6215 }
6217 static int
6220 {
6234 /* Instruction is of form:
6236 <op><cond> rd, [rn,] #imm
6238 Rewrite as:
6240 Preparation: tmp1, tmp2 <- r0, r1;
6241 r0, r1 <- rd, rn
6242 Insn: <op><cond> r0, r1, #imm
6243 Cleanup: rd <- r0; r0 <- tmp1; r1 <- tmp2
6244 */
6256 else
6262 }
6264 static int
6268 {
6277 /* This routine is only called for instruction MOV. */
6285 /* Instruction is of form:
6287 <op><cond> rd, [rn,] #imm
6289 Rewrite as:
6291 Preparation: tmp1, tmp2 <- r0, r1;
6292 r0, r1 <- rd, rn
6293 Insn: <op><cond> r0, r1, #imm
6294 Cleanup: rd <- r0; r0 <- tmp1; r1 <- tmp2
6295 */
6312 }
6314 /* Copy/cleanup arithmetic/logic insns with register RHS. */
6316 static void
6319 {
6320 ULONGEST rd_val;
6329 }
6331 static void
6335 {
6338 /* Instruction is of form:
6340 <op><cond> rd, [rn,] rm [, <shift>]
6342 Rewrite as:
6344 Preparation: tmp1, tmp2, tmp3 <- r0, r1, r2;
6345 r0, r1, r2 <- rd, rn, rm
6346 Insn: <op><cond> r0, [r1,] r2 [, <shift>]
6347 Cleanup: rd <- r0; r0, r1, r2 <- tmp1, tmp2, tmp3
6348 */
6362 }
6364 static int
6367 {
6379 else
6385 }
6387 static int
6391 {
6407 }
6409 /* Cleanup/copy arithmetic/logic insns with shifted register RHS. */
6411 static void
6415 {
6423 }
6425 static void
6430 {
6434 /* Instruction is of form:
6436 <op><cond> rd, [rn,] rm, <shift> rs
6438 Rewrite as:
6440 Preparation: tmp1, tmp2, tmp3, tmp4 <- r0, r1, r2, r3
6441 r0, r1, r2, r3 <- rd, rn, rm, rs
6442 Insn: <op><cond> r0, r1, r2, <shift> r3
6443 Cleanup: tmp5 <- r0
6444 r0, r1, r2, r3 <- tmp1, tmp2, tmp3, tmp4
6445 rd <- tmp5
6446 */
6461 }
6463 static int
6467 {
6486 else
6492 }
6494 /* Clean up load instructions. */
6496 static void
6499 {
6514 /* Handle register writeback. */
6517 /* Put result in right place. */
6521 }
6523 /* Clean up store instructions. */
6525 static void
6528 {
6540 /* Writeback. */
6543 }
6545 /* Copy "extra" load/store instructions. These are halfword/doubleword
6546 transfers, which have a different encoding to byte/word transfers. */
6548 static int
6551 {
6603 /* {ldr,str}<width><cond> rt, [rt2,] [rn, #imm]
6604 ->
6605 {ldr,str}<width><cond> r0, [r1,] [r2, #imm]. */
6607 else
6608 /* {ldr,str}<width><cond> rt, [rt2,] [rn, +/-rm]
6609 ->
6610 {ldr,str}<width><cond> r0, [r1,] [r2, +/-r3]. */
6616 }
6618 /* Copy byte/half word/word loads and stores. */
6620 static void
6625 {
6650 /* To write PC we can do:
6652 Before this sequence of instructions:
6653 r0 is the PC value got from displaced_read_reg, so r0 = from + 8;
6654 r2 is the Rn value got from displaced_read_reg.
6656 Insn1: push {pc} Write address of STR instruction + offset on stack
6657 Insn2: pop {r4} Read it back from stack, r4 = addr(Insn1) + offset
6658 Insn3: sub r4, r4, pc r4 = addr(Insn1) + offset - pc
6659 = addr(Insn1) + offset - addr(Insn3) - 8
6660 = offset - 16
6661 Insn4: add r4, r4, #8 r4 = offset - 8
6662 Insn5: add r0, r0, r4 r0 = from + 8 + offset - 8
6663 = from + offset
6664 Insn6: str r0, [r2, #imm] (or str r0, [r2, r3])
6666 Otherwise we don't know what value to write for PC, since the offset is
6667 architecture-dependent (sometimes PC+8, sometimes PC+12). More details
6668 of this can be found in Section "Saving from r15" in
6669 http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0204g/Cihbjifh.html */
6672 }
6675 static int
6679 {
6683 ULONGEST pc_val;
6687 imm12);
6692 /* Rewrite instruction LDR Rt imm12 into:
6694 Prepare: tmp[0] <- r0, tmp[1] <- r2, tmp[2] <- r3, r2 <- pc, r3 <- imm12
6696 LDR R0, R2, R3,
6698 Cleanup: rt <- r0, r0 <- tmp[0], r2 <- tmp[1], r3 <- tmp[2]. */
6719 /* LDR R0, R2, R3 */
6727 }
6729 static int
6734 {
6738 /* In LDR (register), there is also a register Rm, which is not allowed to
6739 be PC, so we don't have to check it. */
6743 dsc);
6754 /* ldr[b]<cond> rt, [rn, #imm], etc.
6755 ->
6756 ldr[b]<cond> r0, [r2, #imm]. */
6757 {
6760 }
6761 else
6762 /* ldr[b]<cond> rt, [rn, rm], etc.
6763 ->
6764 ldr[b]<cond> r0, [r2, r3]. */
6765 {
6768 }
6773 }
6776 static int
6781 {
6802 {
6806 /* {ldr,str}[b]<cond> rt, [rn, #imm], etc.
6807 ->
6808 {ldr,str}[b]<cond> r0, [r2, #imm]. */
6810 else
6811 /* {ldr,str}[b]<cond> rt, [rn, rm], etc.
6812 ->
6813 {ldr,str}[b]<cond> r0, [r2, r3]. */
6815 }
6816 else
6817 {
6818 /* We need to use r4 as scratch. Make sure it's restored afterwards. */
6826 /* As above. */
6829 else
6833 }
6838 }
6840 /* Cleanup LDM instructions with fully-populated register list. This is an
6841 unfortunate corner case: it's impossible to implement correctly by modifying
6842 the instruction. The issue is as follows: we have an instruction,
6844 ldm rN, {r0-r15}
6846 which we must rewrite to avoid loading PC. A possible solution would be to
6847 do the load in two halves, something like (with suitable cleanup
6848 afterwards):
6850 mov r8, rN
6851 ldm[id][ab] r8!, {r0-r7}
6852 str r7, <temp>
6853 ldm[id][ab] r8, {r7-r14}
6854 <bkpt>
6856 but at present there's no suitable place for <temp>, since the scratch space
6857 is overwritten before the cleanup routine is called. For now, we simply
6858 emulate the instruction. */
6860 static void
6863 {
6879 /* If the instruction is ldm rN, {...pc}^, I don't think there's anything
6880 sensible we can do here. Complain loudly. */
6884 /* We don't handle any stores here for now. */
6893 {
6898 regno++;
6899 else
6901 regno--;
6911 }
6915 CANNOT_WRITE_PC);
6916 }
6918 /* Clean up an STM which included the PC in the register list. */
6920 static void
6923 {
6926 CORE_ADDR pc_stored_at, transferred_regs
6928 CORE_ADDR stm_insn_addr;
6933 /* If condition code fails, there's nothing else to do. */
6938 {
6943 }
6944 else
6945 {
6950 }
6957 offset);
6959 /* Rewrite the stored PC to the proper value for the non-displaced original
6960 instruction. */
6963 }
6965 /* Clean up an LDM which includes the PC in the register list. We clumped all
6966 the registers in the transferred list into a contiguous range r0...rX (to
6967 avoid loading PC directly and losing control of the debugged program), so we
6968 must undo that here. */
6970 static void
6974 {
6981 /* The method employed here will fail if the register list is fully populated
6982 (we need to avoid loading PC directly). */
6991 {
6993 {
6997 {
7002 }
7003 else
7009 num_to_shuffle--;
7010 }
7012 write_reg--;
7013 }
7015 /* Restore any registers we scribbled over. */
7017 {
7019 {
7021 CANNOT_WRITE_PC);
7023 write_reg);
7025 }
7026 }
7028 /* Perform register writeback manually. */
7030 {
7035 else
7039 CANNOT_WRITE_PC);
7040 }
7041 }
7043 /* Handle ldm/stm, apart from some tricky cases which are unlikely to occur
7044 in user-level code (in particular exception return, ldm rn, {...pc}^). */
7046 static int
7050 {
7058 /* Block transfers which don't mention PC can be run directly
7059 out-of-line. */
7064 {
7068 }
7086 {
7088 {
7089 /* LDM with a fully-populated register list. This case is
7090 particularly tricky. Implement for now by fully emulating the
7091 instruction (which might not behave perfectly in all cases, but
7092 these instructions should be rare enough for that not to matter
7093 too much). */
7097 }
7098 else
7099 {
7100 /* LDM of a list of registers which includes PC. Implement by
7101 rewriting the list of registers to be transferred into a
7102 contiguous chunk r0...rX before doing the transfer, then shuffling
7103 registers into the correct places in the cleanup routine. */
7111 /* Writeback makes things complicated. We need to avoid clobbering
7112 the base register with one of the registers in our modified
7113 register list, but just using a different register can't work in
7114 all cases, e.g.:
7116 ldm r14!, {r0-r13,pc}
7118 which would need to be rewritten as:
7120 ldm rN!, {r0-r14}
7122 but that can't work, because there's no free register for N.
7124 Solve this by turning off the writeback bit, and emulating
7125 writeback manually in the cleanup routine. */
7140 }
7141 }
7142 else
7143 {
7144 /* STM of a list of registers which includes PC. Run the instruction
7145 as-is, but out of line: this will store the wrong value for the PC,
7146 so we must manually fix up the memory in the cleanup routine.
7147 Doing things this way has the advantage that we can auto-detect
7148 the offset of the PC write (which is architecture-dependent) in
7149 the cleanup routine. */
7153 }
7156 }
7158 static int
7162 {
7167 /* Block transfers which don't mention PC can be run directly
7168 out-of-line. */
7173 {
7178 }
7183 /* Clear bit 13, since it should be always zero. */
7196 {
7198 {
7199 /* This branch is impossible to happen. */
7201 }
7202 else
7203 {
7226 }
7227 }
7228 else
7229 {
7234 }
7236 }
7238 /* Wrapper over read_memory_unsigned_integer for use in arm_get_next_pcs.
7239 This is used to avoid a dependency on BFD's bfd_endian enum. */
7241 ULONGEST
7244 {
7247 }
7249 /* Wrapper over gdbarch_addr_bits_remove for use in arm_get_next_pcs. */
7251 CORE_ADDR
7253 CORE_ADDR val)
7254 {
7255 return gdbarch_addr_bits_remove
7257 }
7259 /* Wrapper over syscall_next_pc for use in get_next_pcs. */
7261 static CORE_ADDR
7263 {
7265 }
7267 /* Wrapper over arm_is_thumb for use in arm_get_next_pcs. */
7269 int
7271 {
7273 }
7275 /* single_step() is called just before we want to resume the inferior,
7276 if we want to single-step it but there is no hardware or kernel
7277 single-step support. We find the target of the coming instructions
7278 and breakpoint them. */
7282 {
7291 regcache);
7299 }
7301 /* Cleanup/copy SVC (SWI) instructions. These two functions are overridden
7302 for Linux, where some SVC instructions must be treated specially. */
7304 static void
7307 {
7314 }
7317 /* Common copy routine for svc instruction. */
7319 static int
7322 {
7323 /* Preparation: none.
7324 Insn: unmodified svc.
7325 Cleanup: pc <- insn_addr + insn_size. */
7327 /* Pretend we wrote to the PC, so cleanup doesn't set PC to the next
7328 instruction. */
7331 /* Allow OS-specific code to override SVC handling. */
7334 else
7335 {
7338 }
7339 }
7341 static int
7344 {
7352 }
7354 static int
7357 {
7364 }
7366 /* Copy undefined instructions. */
7368 static int
7371 {
7378 }
7380 static int
7383 {
7393 }
7395 /* Copy unpredictable instructions. */
7397 static int
7400 {
7407 }
7409 /* The decode_* functions are instruction decoding helpers. They mostly follow
7410 the presentation in the ARM ARM. */
7412 static int
7416 {
7428 dsc);
7434 {
7437 else
7439 }
7444 {
7450 }
7455 {
7461 /* pld/pldw reg. */
7467 }
7468 else
7470 }
7472 static int
7476 {
7479 /* Switch on bits: 0bxxxxx321xxx0xxxxxxxxxxxxxxxxxxxx. */
7481 {
7493 {
7495 /* stc/stc2. */
7503 }
7506 {
7509 {
7511 /* ldc/ldc2 imm (undefined for rn == pc). */
7519 /* ldc/ldc2 lit (undefined for rn != pc). */
7525 }
7526 }
7533 /* ldc/ldc2 lit. */
7535 else
7541 else
7547 else
7552 }
7553 }
7555 /* Decode miscellaneous instructions in dp/misc encoding space. */
7557 static int
7561 {
7566 {
7575 else
7580 /* Not really supported. */
7582 else
7589 else
7599 /* Not really supported. */
7605 }
7606 }
7608 static int
7612 {
7615 {
7627 }
7628 else
7629 {
7645 /* 2nd arg means "unprivileged". */
7647 dsc);
7648 }
7650 /* Should be unreachable. */
7652 }
7654 static int
7658 {
7687 /* Should be unreachable. */
7689 }
7691 static int
7694 {
7696 {
7710 {
7713 else
7715 }
7716 else
7722 else
7727 {
7730 else
7732 }
7733 else
7739 else
7741 }
7743 /* Should be unreachable. */
7745 }
7747 static int
7751 {
7754 else
7756 }
7758 static int
7762 {
7766 {
7780 /* Note: no writeback for these instructions. Bit 25 will always be
7781 zero though (via caller), so the following works OK. */
7783 }
7785 /* Should be unreachable. */
7787 }
7789 /* Decode shifted register instructions. */
7791 static int
7795 {
7796 /* PC is only allowed to be used in instruction MOV. */
7803 else
7806 }
7809 /* Decode extension register load/store. Exactly the same as
7810 arm_decode_ext_reg_ld_st. */
7812 static int
7816 {
7820 {
7842 }
7844 /* Should be unreachable. */
7846 }
7848 static int
7851 {
7860 /* stc/stc2. */
7864 /* ldc/ldc2 imm/lit. */
7875 {
7878 else
7880 }
7889 else
7891 }
7893 static int
7897 {
7904 {
7908 dsc);
7911 else
7912 {
7913 /*coproc is 101x. SIMD/VFP, ext registers load/store. */
7916 dsc);
7918 {
7925 }
7926 }
7927 }
7928 else
7932 }
7934 static void
7937 {
7938 /* ADR Rd, #imm
7940 Rewrite as:
7942 Preparation: Rd <- PC
7943 Insn: ADD Rd, #imm
7944 Cleanup: Null.
7945 */
7947 /* Rd <- PC */
7950 }
7952 static int
7956 {
7958 /* Encoding T2: ADDS Rd, #imm */
7964 }
7966 static int
7970 {
7978 }
7980 static int
7984 {
7986 /* Since immediate has the same encoding in ADR ADD and SUB, so we simply
7987 extract raw immediate encoding rather than computing immediate. When
7988 generating ADD or SUB instruction, we can simply perform OR operation to
7989 set immediate into ADD. */
7997 {
7998 /* Encoding T3: SUB Rd, Rd, #imm */
8001 }
8003 {
8004 /* Encoding T3: ADD Rd, Rd, #imm */
8007 }
8013 }
8015 static int
8019 {
8024 /* LDR Rd, #imm8
8026 Rwrite as:
8028 Preparation: tmp0 <- R0, tmp2 <- R2, tmp3 <- R3, R2 <- PC, R3 <- #imm8;
8030 Insn: LDR R0, [R2, R3];
8031 Cleanup: R2 <- tmp2, R3 <- tmp3, Rd <- R0, R0 <- tmp0 */
8039 /* The assembler calculates the required value of the offset from the
8040 Align(PC,4) value of this instruction to the label. */
8058 }
8060 /* Copy Thumb cbnz/cbz instruction. */
8062 static int
8066 {
8074 /* CBNZ and CBZ do not affect the condition flags. If condition is true,
8075 set it INST_AL, so cleanup_branch will know branch is taken, otherwise,
8076 condition is false, let it be, cleanup_branch will do nothing. */
8078 {
8081 }
8082 else
8096 }
8098 /* Copy Table Branch Byte/Halfword */
8099 static int
8103 {
8113 {
8118 }
8119 else
8120 {
8125 }
8140 }
8142 static void
8145 {
8146 /* PC <- r7 */
8150 /* r7 <- r8 */
8154 /* r8 <- tmp[0] */
8157 }
8159 static int
8163 {
8166 /* Rewrite instruction: POP {rX, rY, ...,rZ, PC}
8167 to :
8169 (1) register list is full, that is, r0-r7 are used.
8170 Prepare: tmp[0] <- r8
8172 POP {r0, r1, ...., r6, r7}; remove PC from reglist
8173 MOV r8, r7; Move value of r7 to r8;
8174 POP {r7}; Store PC value into r7.
8176 Cleanup: PC <- r7, r7 <- r8, r8 <-tmp[0]
8178 (2) register list is not full, supposing there are N registers in
8179 register list (except PC, 0 <= N <= 7).
8180 Prepare: for each i, 0 - N, tmp[i] <- ri.
8182 POP {r0, r1, ...., rN};
8184 Cleanup: Set registers in original reglist from r0 - rN. Restore r0 - rN
8185 from tmp[] properly.
8186 */
8191 {
8200 }
8201 else
8202 {
8223 }
8226 }
8228 static void
8232 {
8237 /* 16-bit thumb instructions. */
8239 {
8240 /* Shift (imme), add, subtract, move and compare. */
8244 dsc);
8248 {
8252 dsc);
8255 {
8261 else
8263 dsc);
8264 }
8268 }
8280 {
8282 {
8289 else
8294 /* If-Then makes up to four following instructions conditional.
8295 IT instruction itself is not conditional, so handle it as a
8296 common unmodified instruction. */
8298 dsc);
8299 else
8304 }
8305 }
8316 else
8324 }
8328 }
8330 static int
8335 {
8341 {
8344 {
8346 /* PLD literal or Encoding T3 of PLI(immediate, literal). */
8348 else
8351 }
8352 else
8353 {
8357 else
8360 dsc);
8361 }
8368 else
8369 {
8373 else
8376 }
8379 {
8388 {
8390 /* LDR (immediate) */
8396 else
8397 /* LDR (register) */
8400 }
8402 }
8406 }
8408 }
8410 static void
8414 {
8420 {
8422 {
8424 {
8427 {
8428 /* Load/store {dual, exclusive}, table branch. */
8432 dsc);
8433 else
8434 /* PC is not allowed to use in load/store {dual, exclusive}
8435 instructions. */
8438 }
8440 {
8442 {
8450 }
8451 }
8455 /* Data-processing (shift register). */
8457 dsc);
8462 }
8464 }
8467 {
8472 else
8475 }
8476 else
8477 {
8479 {
8485 else
8488 }
8492 }
8496 {
8504 dsc);
8508 {
8521 }
8526 }
8530 }
8535 }
8537 static void
8541 {
8543 uint16_t insn1
8552 {
8553 uint16_t insn2
8556 }
8557 else
8559 }
8561 void
8565 {
8570 /* Most displaced instructions use a 1-instruction scratch space, so set this
8571 here and override below if/when necessary. */
8590 {
8610 }
8614 }
8616 /* Actually set up the scratch space for a displaced instruction. */
8618 void
8620 CORE_ADDR to,
8622 {
8630 /* Poke modified instruction(s). */
8632 {
8642 byte_order_for_code,
8645 }
8647 /* Choose the correct breakpoint instruction. */
8649 {
8652 }
8653 else
8654 {
8657 }
8659 /* Put breakpoint afterwards. */
8664 }
8666 /* Entry point for cleaning things up after a displaced instruction has been
8667 single-stepped. */
8669 void
8674 {
8675 /* The following block exists as a temporary measure while displaced
8676 stepping is fixed architecture at a time within GDB.
8678 In an earlier implementation of displaced stepping, if GDB thought the
8679 displaced instruction had not been executed then this fix up function
8680 was never called. As a consequence, things that should be fixed by
8681 this function were left in an unfixed state.
8683 However, it's not as simple as always calling this function; this
8684 function needs to be updated to decide what should be fixed up based
8685 on whether the displaced step executed or not, which requires each
8686 architecture to be considered individually.
8688 Until this architecture is updated, this block replicates the old
8689 behaviour; we just restore the program counter register, and leave
8690 everything else unfixed. */
8692 {
8697 }
8699 arm_displaced_step_copy_insn_closure *dsc
8709 }
8714 static int
8716 {
8717 gdb_disassemble_info *di
8722 {
8730 {
8731 /* Create a fake symbol vector containing a Thumb symbol.
8732 This is solely so that the code in print_insn_little_arm()
8733 and print_insn_big_arm() in opcodes/arm-dis.c will detect
8734 the presence of a Thumb symbol and switch to decoding
8735 Thumb instructions. */
8744 }
8748 }
8749 else
8752 /* GDB is able to get bfd_mach from the exe_bfd, info->mach is
8753 accurate, so mark USER_SPECIFIED_MACHINE_TYPE bit. Otherwise,
8754 opcodes/arm-dis.c:print_insn reset info->mach, and it will trigger
8755 the assert on the mismatch of info->mach and
8756 bfd_get_mach (current_program_space->exec_bfd ()) in
8757 default_print_insn. */
8764 }
8766 /* The following define instruction sequences that will cause ARM
8767 cpu's to take an undefined instruction trap. These are used to
8768 signal a breakpoint to GDB.
8770 The newer ARMv4T cpu's are capable of operating in ARM or Thumb
8771 modes. A different instruction is required for each mode. The ARM
8772 cpu's can also be big or little endian. Thus four different
8773 instructions are needed to support all cases.
8775 Note: ARMv4 defines several new instructions that will take the
8776 undefined instruction trap. ARM7TDMI is nominally ARMv4T, but does
8777 not in fact add the new instructions. The new undefined
8778 instructions in ARMv4 are all instructions that had no defined
8779 behaviour in earlier chips. There is no guarantee that they will
8780 raise an exception, but may be treated as NOP's. In practice, it
8781 may only safe to rely on instructions matching:
8783 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
8784 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
8785 C C C C 0 1 1 x x x x x x x x x x x x x x x x x x x x 1 x x x x
8787 Even this may only true if the condition predicate is true. The
8788 following use a condition predicate of ALWAYS so it is always TRUE.
8790 There are other ways of forcing a breakpoint. GNU/Linux, RISC iX,
8791 and NetBSD all use a software interrupt rather than an undefined
8792 instruction to force a trap. This can be handled by by the
8793 abi-specific code during establishment of the gdbarch vector. */
8795 #define ARM_LE_BREAKPOINT {0xFE,0xDE,0xFF,0xE7}
8796 #define ARM_BE_BREAKPOINT {0xE7,0xFF,0xDE,0xFE}
8797 #define THUMB_LE_BREAKPOINT {0xbe,0xbe}
8798 #define THUMB_BE_BREAKPOINT {0xbe,0xbe}
8805 /* Implement the breakpoint_kind_from_pc gdbarch method. */
8807 static int
8809 {
8814 {
8817 /* If we have a separate 32-bit breakpoint instruction for Thumb-2,
8818 check whether we are replacing a 32-bit instruction. */
8820 {
8824 {
8830 }
8831 }
8834 }
8835 else
8838 }
8840 /* Implement the sw_breakpoint_from_kind gdbarch method. */
8844 {
8848 {
8860 }
8861 }
8863 /* Implement the breakpoint_kind_from_current_state gdbarch method. */
8865 static int
8869 {
8872 /* Check the memory pointed by PC is readable. */
8874 {
8882 regcache);
8886 /* If MEMADDR is the next instruction of current pc, do the
8887 software single step computation, and get the thumb mode by
8888 the destination address. */
8890 {
8892 {
8894 {
8897 }
8898 else
8900 }
8901 }
8902 }
8905 }
8907 /* Extract from an array REGBUF containing the (raw) register state a
8908 function return value of type TYPE, and copy that, in virtual
8909 format, into VALBUF. */
8911 static void
8914 {
8923 {
8925 {
8927 {
8928 /* The value is in register F0 in internal format. We need to
8929 extract the raw value and then convert it to the desired
8930 internal type. */
8936 }
8941 /* ARM_FLOAT_VFP can arise if this is a variadic function so
8942 not using the VFP ABI code. */
8954 }
8955 }
8963 {
8964 /* If the type is a plain integer, then the access is
8965 straight-forward. Otherwise we have to play around a bit
8966 more. */
8969 ULONGEST tmp;
8972 {
8973 /* By using store_unsigned_integer we avoid having to do
8974 anything special for small big-endian values. */
8982 }
8983 }
8984 else
8985 {
8986 /* For a structure or union the behaviour is as if the value had
8987 been stored to word-aligned memory and then loaded into
8988 registers with 32-bit load instruction(s). */
8994 {
9000 }
9001 }
9002 }
9005 /* Will a function return an aggregate type in memory or in a
9006 register? Return 0 if an aggregate type can be returned in a
9007 register, 1 if it must be returned in memory. */
9009 static int
9011 {
9016 /* Simple, non-aggregate types (ie not including vectors and
9017 complex) are always returned in a register (or registers). */
9027 {
9028 /* Vector values should be returned using ARM registers if they
9029 are not over 16 bytes. */
9031 }
9035 {
9036 /* The AAPCS says all aggregates not larger than a word are returned
9037 in a register. */
9043 }
9044 else
9045 {
9048 /* All aggregate types that won't fit in a register must be returned
9049 in memory. */
9054 /* In the ARM ABI, "integer" like aggregate types are returned in
9055 registers. For an aggregate type to be integer like, its size
9056 must be less than or equal to ARM_INT_REGISTER_SIZE and the
9057 offset of each addressable subfield must be zero. Note that bit
9058 fields are not addressable, and all addressable subfields of
9059 unions always start at offset zero.
9061 This function is based on the behaviour of GCC 2.95.1.
9062 See: gcc/arm.c: arm_return_in_memory() for details.
9064 Note: All versions of GCC before GCC 2.95.2 do not set up the
9065 parameters correctly for a function returning the following
9066 structure: struct { float f;}; This should be returned in memory,
9067 not a register. Richard Earnshaw sent me a patch, but I do not
9068 know of any way to detect if a function like the above has been
9069 compiled with the correct calling convention. */
9071 /* Assume all other aggregate types can be returned in a register.
9072 Run a check for structures, unions and arrays. */
9076 {
9078 /* Need to check if this struct/union is "integer" like. For
9079 this to be true, its size must be less than or equal to
9080 ARM_INT_REGISTER_SIZE and the offset of each addressable
9081 subfield must be zero. Note that bit fields are not
9082 addressable, and unions always start at offset zero. If any
9083 of the subfields is a floating point type, the struct/union
9084 cannot be an integer type. */
9086 /* For each field in the object, check:
9087 1) Is it FP? --> yes, nRc = 1;
9088 2) Is it addressable (bitpos != 0) and
9089 not packed (bitsize == 0)?
9090 --> yes, nRc = 1
9091 */
9094 {
9097 field_type_code
9100 /* Is it a floating point type field? */
9102 {
9105 }
9107 /* If bitpos != 0, then we have to care about it. */
9109 {
9110 /* Bitfields are not addressable. If the field bitsize is
9111 zero, then the field is not packed. Hence it cannot be
9112 a bitfield or any other packed type. */
9114 {
9117 }
9118 }
9119 }
9120 }
9123 }
9124 }
9126 /* Write into appropriate registers a function return value of type
9127 TYPE, given in virtual format. */
9129 static void
9132 {
9140 {
9145 {
9154 /* ARM_FLOAT_VFP can arise if this is a variadic function so
9155 not using the VFP ABI code. */
9167 }
9168 }
9176 {
9178 {
9179 /* Values of one word or less are zero/sign-extended and
9180 returned in r0. */
9184 {
9185 gdb_mpz unscaled;
9190 }
9191 else
9192 {
9195 }
9197 }
9198 else
9199 {
9200 /* Integral values greater than one word are stored in consecutive
9201 registers starting with r0. This will always be a multiple of
9202 the regiser size. */
9207 {
9211 }
9212 }
9213 }
9214 else
9215 {
9216 /* For a structure or union the behaviour is as if the value had
9217 been stored to word-aligned memory and then loaded into
9218 registers with 32-bit load instruction(s). */
9224 {
9230 }
9231 }
9232 }
9235 /* Handle function return values. */
9237 static enum return_value_convention
9241 {
9249 {
9256 {
9259 }
9262 {
9264 {
9272 }
9273 else
9274 {
9285 }
9286 }
9288 }
9293 {
9294 /* From the AAPCS document:
9296 Result return:
9298 A Composite Type larger than 4 bytes, or whose size cannot be
9299 determined statically by both caller and callee, is stored in memory
9300 at an address passed as an extra argument when the function was
9301 called (Parameter Passing, rule A.4). The memory to be used for the
9302 result may be modified at any point during the function call.
9304 Parameter Passing:
9306 A.4: If the subroutine is a function that returns a result in memory,
9307 then the address for the result is placed in r0 and the NCRN is set
9308 to r1. */
9311 {
9313 {
9314 CORE_ADDR addr;
9318 }
9320 }
9321 }
9323 {
9326 }
9332 {
9336 }
9339 }
9342 static int
9344 {
9348 CORE_ADDR jb_addr;
9354 ARM_INT_REGISTER_SIZE))
9359 }
9360 /* A call to cmse secure entry function "foo" at "a" is modified by
9361 GNU ld as "b".
9362 a) bl xxxx <foo>
9364 <foo>
9365 xxxx:
9367 b) bl yyyy <__acle_se_foo>
9369 section .gnu.sgstubs:
9370 <foo>
9371 yyyy: sg // secure gateway
9372 b.w xxxx <__acle_se_foo> // original_branch_dest
9374 <__acle_se_foo>
9375 xxxx:
9377 When the control at "b", the pc contains "yyyy" (sg address) which is a
9378 trampoline and does not exist in source code. This function returns the
9379 target pc "xxxx". For more details please refer to section 5.4
9380 (Entry functions) and section 3.4.4 (C level development flow of secure code)
9381 of "armv8-m-security-extensions-requirements-on-development-tools-engineering-specification"
9382 document on www.developer.arm.com. */
9384 static CORE_ADDR
9386 {
9391 bound_minimal_symbol minsym
9397 }
9399 /* Return true when SEC points to ".gnu.sgstubs" section. */
9401 static bool
9403 {
9408 }
9410 /* Recognize GCC and GNU ld's trampolines. If we are in a trampoline,
9411 return the target PC. Otherwise return 0. */
9413 CORE_ADDR
9415 {
9418 CORE_ADDR start_addr;
9420 /* Find the starting address and name of the function containing the PC. */
9422 {
9423 /* Trampoline 'bx reg' doesn't belong to any functions. Do the
9424 check here. */
9430 }
9432 /* If PC is in a Thumb call or return stub, return the address of the
9433 target PC, which is in a register. The thunk functions are called
9434 _call_via_xx, where x is the register name. The possible names
9435 are r0-r9, sl, fp, ip, sp, and lr. ARM RealView has similar
9436 functions, named __ARM_call_via_r[0-7]. */
9439 {
9440 /* Use the name suffix to determine which register contains the
9441 target PC. */
9445 };
9452 }
9454 /* GNU ld generates __foo_from_arm or __foo_from_thumb for
9455 non-interworking calls to foo. We could decode the stubs
9456 to find the target but it's easier to use the symbol table. */
9463 {
9471 else
9480 bound_minimal_symbol minsym
9484 else
9486 }
9490 /* Check whether SECTION points to the ".gnu.sgstubs" section. */
9495 }
9497 static void
9499 {
9500 /* If the current architecture is not ARM, we have nothing to do. */
9505 /* Update the architecture. */
9506 gdbarch_info info;
9509 }
9511 static void
9514 {
9519 {
9522 }
9526 current_fp_model);
9529 }
9531 static void
9534 {
9538 {
9544 }
9545 else
9549 }
9551 static void
9554 {
9559 {
9562 }
9566 arm_abi_string);
9569 }
9571 static void
9574 {
9578 {
9584 }
9585 else
9587 arm_abi_string);
9588 }
9590 static void
9593 {
9597 arm_fallback_mode_string);
9598 }
9600 static void
9603 {
9607 arm_force_mode_string);
9608 }
9610 static void
9613 {
9617 }
9619 /* If the user changes the register disassembly style used for info
9620 register and other commands, we have to also switch the style used
9621 in opcodes for disassembly output. This function is run in the "set
9622 arm disassembly" command, and does that. */
9624 static void
9627 {
9628 /* Convert the short style name into the long style name (eg, reg-names-*)
9629 before calling the generic set_disassembler_options() function. */
9632 }
9634 static void
9637 {
9646 {
9649 }
9652 }
9653 \f
9654 /* Return the ARM register name corresponding to register I. */
9657 {
9661 {
9667 };
9670 }
9673 {
9677 };
9680 }
9685 /* RA_AUTH_CODE is used for unwinding only. Do not assign it a name. */
9690 /* These registers are only supported on targets which supply
9691 an XML description. */
9694 /* Non-pseudo registers. */
9696 }
9698 /* Test whether the coff symbol specific value corresponds to a Thumb
9699 function. */
9701 static int
9703 {
9709 }
9711 /* arm_coff_make_msymbol_special()
9712 arm_elf_make_msymbol_special()
9714 These functions test whether the COFF or ELF symbol corresponds to
9715 an address in thumb code, and set a "special" bit in a minimal
9716 symbol to indicate that it does. */
9718 static void
9720 {
9726 }
9728 static void
9730 {
9733 }
9735 static void
9738 {
9751 arm_mapping_symbol_vec &map
9757 /* Insert at the end, the vector will be sorted on first use. */
9759 }
9761 static void
9763 {
9767 /* If necessary, set the T bit. */
9769 {
9776 else
9779 }
9780 }
9782 /* Read the contents of a NEON quad register, by reading from two
9783 double registers. This is used to implement the quad pseudo
9784 registers, and for argument passing in case the quad registers are
9785 missing; vectors are passed in quad registers when using the VFP
9786 ABI, even if a NEON unit is not present. REGNUM is the index of
9787 the quad register, in [0, 15]. */
9789 static enum register_status
9792 {
9813 }
9815 /* Read the contents of a NEON quad register, by reading from two double
9816 registers, and return it as a value. QUAD_REG_INDEX is the index of the quad
9817 register, in [0, 15]. */
9822 {
9824 int double_regnum
9830 }
9832 /* Read the contents of the MVE pseudo register REGNUM and return it as a
9833 value. */
9837 {
9840 /* P0 is the first 16 bits of VPR. */
9843 }
9848 {
9854 {
9855 /* Quad-precision register. */
9858 }
9861 else
9862 {
9865 /* Single-precision register. */
9868 /* s0 is always the least significant half of d0. */
9872 else
9876 int double_regnum
9881 offset);
9882 }
9883 }
9885 /* Store the contents of BUF to a NEON quad register, by writing to
9886 two double registers. This is used to implement the quad pseudo
9887 registers, and for argument passing in case the quad registers are
9888 missing; vectors are passed in quad registers when using the VFP
9889 ABI, even if a NEON unit is not present. REGNUM is the index
9890 of the quad register, in [0, 15]. */
9892 static void
9895 {
9905 }
9907 static void
9910 {
9912 int double_regnum
9917 }
9919 /* Store the contents of BUF to the MVE pseudo register REGNUM. */
9921 static void
9924 {
9927 /* P0 is the first 16 bits of VPR. */
9929 }
9931 static void
9935 {
9941 {
9942 /* Quad-precision register. */
9945 }
9948 else
9949 {
9952 /* Single-precision register. */
9955 /* s0 is always the least significant half of d0. */
9959 else
9963 int double_regnum
9968 }
9969 }
9973 {
9976 }
9978 static enum gdb_osabi
9980 {
9987 /* GNU tools use this value. Check note sections in this case,
9988 as well. */
9989 {
9992 }
9994 /* Anything else will be handled by the generic ELF sniffer. */
9996 }
9998 static int
10001 {
10002 /* FPS register's type is INT, but belongs to float_reggroup. Beside
10003 this, FPS register belongs to save_regroup, restore_reggroup, and
10004 all_reggroup, of course. */
10010 else
10012 }
10014 /* For backward-compatibility we allow two 'g' packet lengths with
10015 the remote protocol depending on whether FPA registers are
10016 supplied. M-profile targets do not have FPA registers, but some
10017 stubs already exist in the wild which use a 'g' packet which
10018 supplies them albeit with dummy values. The packet format which
10019 includes FPA registers should be considered deprecated for
10020 M-profile targets. */
10022 static void
10024 {
10028 {
10031 /* If we know from the executable this is an M-profile target,
10032 cater for remote targets whose register set layout is the
10033 same as the FPA layout. */
10037 tdesc);
10039 /* The regular M-profile layout. */
10042 tdesc);
10044 /* M-profile plus M4F VFP. */
10048 tdesc);
10049 /* M-profile plus MVE. */
10052 + ARM_VFP2_REGS_SIZE
10055 /* M-profile system (stack pointers). */
10058 }
10060 /* Otherwise we don't have a useful guess. */
10061 }
10063 /* Implement the code_of_frame_writable gdbarch method. */
10065 static int
10067 {
10071 {
10072 /* M-profile exception frames return to some magic PCs, where
10073 isn't writable at all. */
10075 }
10076 else
10078 }
10080 /* Implement gdbarch_gnu_triplet_regexp. If the arch name is arm then allow it
10081 to be postfixed by a version (eg armv7hl). */
10085 {
10089 }
10091 /* Implement the "get_pc_address_flags" gdbarch method. */
10095 {
10100 }
10102 /* Initialize the current architecture based on INFO. If possible,
10103 re-use an architecture from ARCHES, which is a list of
10104 architectures already created during this debugging session.
10106 Called e.g. at program startup, when reading a core file, and when
10107 reading a binary file. */
10111 {
10115 tdesc_arch_data_up tdesc_data;
10139 /* If we have an object to base this architecture on, try to determine
10140 its ABI. */
10143 {
10147 {
10149 /* Assume it's an old APCS-style ABI. */
10150 /* XXX WinCE? */
10159 {
10160 /* GNU tools used to use this value, but do not for EABI
10161 objects. There's nowhere to tag an EABI version
10162 anyway, so assume APCS. */
10164 }
10166 {
10170 {
10172 /* Assume GNU tools. */
10179 /* EABI binaries default to VFP float ordering.
10180 They may also contain build attributes that can
10181 be used to identify if the VFP argument-passing
10182 ABI is in use. */
10184 {
10185 #ifdef HAVE_ELF
10187 OBJ_ATTR_PROC,
10188 Tag_ABI_VFP_args))
10189 {
10191 /* "The user intended FP parameter/result
10192 passing to conform to AAPCS, base
10193 variant". */
10197 /* "The user intended FP parameter/result
10198 passing to conform to AAPCS, VFP
10199 variant". */
10203 /* "The user intended FP parameter/result
10204 passing to conform to tool chain-specific
10205 conventions" - we don't know any such
10206 conventions, so leave it as "auto". */
10209 /* "Code is compatible with both the base
10210 and VFP variants; the user did not permit
10211 non-variadic functions to pass FP
10212 parameters/results" - leave it as
10213 "auto". */
10216 /* Attribute value not mentioned in the
10217 November 2012 ABI, so leave it as
10218 "auto". */
10220 }
10221 #else
10223 #endif
10224 }
10228 /* Leave it as "auto". */
10231 }
10233 #ifdef HAVE_ELF
10234 /* Detect M-profile programs. This only works if the
10235 executable file includes build attributes; GCC does
10236 copy them to the executable, but e.g. RealView does
10237 not. */
10238 int attr_arch
10240 Tag_CPU_arch);
10241 int attr_profile
10243 Tag_CPU_arch_profile);
10245 /* GCC specifies the profile for v6-M; RealView only
10246 specifies the profile for architectures starting with
10247 V7 (as opposed to architectures with a tag
10248 numerically greater than TAG_CPU_ARCH_V7). */
10259 /* Look for attributes that indicate support for ARMv8.1-m
10260 PACBTI. */
10262 {
10263 int attr_pac_extension
10265 Tag_PAC_extension);
10267 int attr_bti_extension
10269 Tag_BTI_extension);
10271 int attr_pacret_use
10273 Tag_PACRET_use);
10275 int attr_bti_use
10277 Tag_BTI_use);
10282 }
10283 #endif
10284 }
10287 {
10289 {
10291 /* Leave it as "auto". Strictly speaking this case
10292 means FPA, but almost nobody uses that now, and
10293 many toolchains fail to set the appropriate bits
10294 for the floating-point model they use. */
10305 }
10306 }
10314 /* Leave it as "auto". */
10316 }
10317 }
10319 /* Check any target description for validity. */
10321 {
10322 /* For most registers we require GDB's default names; but also allow
10323 the numeric names for sp / lr / pc, as a convenience. */
10334 {
10339 else
10341 }
10350 ARM_SP_REGNUM,
10351 arm_sp_names);
10353 ARM_LR_REGNUM,
10354 arm_lr_names);
10356 ARM_PC_REGNUM,
10357 arm_pc_names);
10361 else
10369 {
10373 {
10374 /* MSP */
10378 {
10381 }
10385 /* PSP */
10389 {
10392 }
10394 }
10395 }
10400 {
10407 }
10408 else
10414 {
10420 };
10424 valid_p
10428 /* Check for the control registers, but do not fail if they
10429 are missing. */
10435 valid_p
10443 }
10445 /* If we have a VFP unit, check whether the single precision registers
10446 are present. If not, then we will synthesize them as pseudo
10447 registers. */
10451 {
10457 };
10459 /* Require the double precision registers. There must be either
10460 16 or 32. */
10463 {
10469 }
10473 /* Also require FPSCR. */
10486 /* If we have VFP, also check for NEON. The architecture allows
10487 NEON without VFP (integer vector operations only), but GDB
10488 does not support that. */
10492 {
10493 /* NEON requires 32 double-precision registers. */
10497 /* If there are quad registers defined by the stub, use
10498 their type; otherwise (normally) provide them with
10499 the default type. */
10502 }
10503 }
10505 /* Check for the TLS register feature. */
10508 {
10515 register_count++;
10516 }
10518 /* Check for MVE after all the checks for GPR's, VFP and Neon.
10519 MVE (Helium) is an M-profile extension. */
10521 {
10522 /* Do we have the MVE feature? */
10526 {
10527 /* If we have MVE, we must always have the VPR register. */
10531 {
10534 }
10538 register_count++;
10540 /* We can't have Q pseudo registers available here, as that
10541 would mean we have NEON features, and that is only available
10542 on A and R profiles. */
10545 /* Given we have a M-profile target description, if MVE is
10546 enabled and there are VFP registers, we should have Q
10547 pseudo registers (Q0 ~ Q7). */
10550 }
10552 /* Do we have the ARMv8.1-m PACBTI feature? */
10556 {
10557 /* By advertising this feature, the target acknowledges the
10558 presence of the ARMv8.1-m PACBTI extensions.
10560 We don't care for any particular registers in this group, so
10561 the target is free to include whatever it deems appropriate.
10563 The expectation is for this feature to include the PAC
10564 keys. */
10566 }
10568 /* Do we have the Security extension? */
10572 {
10573 /* Secure/Non-secure stack pointers. */
10574 /* MSP_NS */
10578 {
10581 }
10584 /* PSP_NS */
10588 {
10591 }
10594 /* MSP_S */
10598 {
10601 }
10604 /* PSP_S */
10608 {
10611 }
10615 }
10617 }
10618 }
10620 /* If there is already a candidate, use it. */
10624 {
10625 arm_gdbarch_tdep *tdep
10634 /* There are various other properties in tdep that we do not
10635 need to check here: those derived from a target description,
10636 since gdbarches with a different target description are
10637 automatically disqualified. */
10639 /* Do check is_m, though, since it might come from the binary. */
10643 /* Also check for ARMv8.1-m PACBTI support, since it might come from
10644 the binary. */
10648 /* Found a match. */
10650 }
10655 gdbarch *gdbarch
10659 /* Record additional information about the architecture we are defining.
10660 These are gdbarch discriminators, like the OSABI. */
10676 /* Adjust the MVE feature settings. */
10678 {
10681 }
10683 /* Adjust the PACBTI feature settings. */
10686 /* Adjust the M-profile stack pointers settings. */
10688 {
10695 }
10699 /* Breakpoints. */
10701 {
10720 }
10722 /* On ARM targets char defaults to unsigned. */
10725 /* wchar_t is unsigned under the AAPCS. */
10728 else
10731 /* Compute type alignment. */
10734 /* Note: for displaced stepping, this includes the breakpoint, and one word
10735 of additional scratch space. This setting isn't used for anything beside
10736 displaced stepping at present. */
10737 set_gdbarch_displaced_step_buffer_length
10741 /* This should be low enough for everything. */
10745 /* The default, for both APCS and AAPCS, is to return small
10746 structures in registers. */
10759 /* Address manipulation. */
10762 /* Advance PC across function entry code. */
10765 /* Detect whether PC is at a point where the stack has been destroyed. */
10768 /* Skip trampolines. */
10771 /* The stack grows downward. */
10774 /* Breakpoint manipulation. */
10778 arm_breakpoint_kind_from_current_state);
10780 /* Information about registers, etc. */
10787 /* This "info float" is FPA-specific. Use the generic version if we
10788 do not have FPA. */
10792 /* Internal <-> external register number maps. */
10798 /* Returning results. */
10801 /* Disassembly. */
10804 /* Minsymbol frobbing. */
10807 arm_coff_make_msymbol_special);
10810 /* Thumb-2 IT block support. */
10812 arm_adjust_breakpoint_address);
10814 /* Virtual tables. */
10817 /* Hook in the ABI-specific overrides, if they have been registered. */
10822 /* Add some default predicates. */
10831 /* Now we have tuned the configuration, set a few final things,
10832 based on what the OS ABI has told us. */
10834 /* If the ABI is not otherwise marked, assume the old GNU APCS. EABI
10835 binaries are always marked. */
10839 /* Watchpoints are not steppable. */
10842 /* We used to default to FPA for generic ARM, but almost nobody
10843 uses that now, and we now provide a way for the user to force
10844 the model. So default to the most useful variant. */
10851 /* Floating point sizes and format. */
10854 {
10855 set_gdbarch_double_format
10857 set_gdbarch_long_double_format
10859 }
10860 else
10861 {
10864 }
10866 /* Hook used to decorate frames with signed return addresses, only available
10867 for ARMv8.1-m PACBTI. */
10872 {
10878 /* Override tdesc_register_type to adjust the types of VFP
10879 registers for NEON. */
10881 }
10883 /* Initialize the pseudo register data. */
10886 {
10887 /* VFP single precision pseudo registers (S0~S31). */
10893 {
10894 /* NEON quad precision pseudo registers (Q0~Q15). */
10903 }
10904 }
10906 /* Do we have any MVE pseudo registers? */
10908 {
10912 }
10914 /* Do we have any ARMv8.1-m PACBTI pseudo registers. */
10916 {
10920 }
10922 /* Set some pseudo register hooks, if we have pseudo registers. */
10924 {
10928 }
10930 /* Add standard register aliases. We add aliases even for those
10931 names which are used by the current architecture - it's simpler,
10932 and does no harm, since nothing ever lists user registers. */
10943 }
10945 static void
10947 {
11005 }
11007 #if GDB_SELF_TEST
11008 namespace selftests
11009 {
11012 }
11013 #endif
11016 void
11018 {
11026 /* Add ourselves to objfile event chain. */
11029 /* Register an ELF OS ABI sniffer for ARM binaries. */
11031 bfd_target_elf_flavour,
11032 arm_elf_osabi_sniffer);
11034 /* Add root prefix command for all "set arm"/"show arm" commands. */
11047 num_disassembly_styles++;
11049 /* Initialize the array that will be passed to add_setshow_enum_cmd(). */
11054 {
11064 }
11065 /* Mark the end of valid options. */
11068 /* Create the help text. */
11071 regdesc,
11079 set_disassembly_style_sfunc,
11080 show_disassembly_style_sfunc,
11087 NULL,
11089 mode is %s. */
11092 /* Add a command to allow the user to force the FPU model. */
11104 /* Add a command to allow the user to force the ABI. */
11111 /* Add two commands to allow the user to force the assumed
11112 execution mode. */
11126 /* Add a command to stop triggering security exceptions when
11127 unwinding exception stacks. */
11135 /* Debugging flag. */
11140 NULL,
11144 #if GDB_SELF_TEST
11147 #endif
11149 }
11151 /* ARM-reversible process record data structures. */
11153 #define ARM_INSN_SIZE_BYTES 4
11154 #define THUMB_INSN_SIZE_BYTES 2
11155 #define THUMB2_INSN_SIZE_BYTES 4
11158 /* Position of the bit within a 32-bit ARM instruction
11159 that defines whether the instruction is a load or store. */
11160 #define INSN_S_L_BIT_NUM 20
11162 #define REG_ALLOC(REGS, LENGTH, RECORD_BUF) \
11163 do \
11164 { \
11165 unsigned int reg_len = LENGTH; \
11166 if (reg_len) \
11167 { \
11168 REGS = XNEWVEC (uint32_t, reg_len); \
11169 memcpy(®S[0], &RECORD_BUF[0], sizeof(uint32_t)*LENGTH); \
11170 } \
11171 } \
11172 while (0)
11174 #define MEM_ALLOC(MEMS, LENGTH, RECORD_BUF) \
11175 do \
11176 { \
11177 unsigned int mem_len = LENGTH; \
11178 if (mem_len) \
11179 { \
11180 MEMS = XNEWVEC (struct arm_mem_r, mem_len); \
11181 memcpy(&MEMS->len, &RECORD_BUF[0], \
11182 sizeof(struct arm_mem_r) * LENGTH); \
11183 } \
11184 } \
11185 while (0)
11187 /* Checks whether insn is already recorded or yet to be decoded. (boolean expression). */
11188 #define INSN_RECORDED(ARM_RECORD) \
11189 (0 != (ARM_RECORD)->reg_rec_count || 0 != (ARM_RECORD)->mem_rec_count)
11191 /* ARM memory record structure. */
11192 struct arm_mem_r
11193 {
11196 };
11198 /* ARM instruction record contains opcode of current insn
11199 and execution state (before entry to decode_insn()),
11200 contains list of to-be-modified registers and
11201 memory blocks (on return from decode_insn()). */
11203 struct arm_insn_decode_record
11204 {
11216 };
11219 /* Checks ARM SBZ and SBO mandatory fields. */
11221 static int
11223 {
11233 {
11235 {
11237 }
11239 }
11241 }
11243 enum arm_record_result
11244 {
11247 };
11249 enum arm_record_strx_t
11250 {
11252 ARM_RECORD_STRD
11253 };
11255 enum record_type_t
11256 {
11258 THUMB_RECORD,
11259 THUMB2_RECORD
11260 };
11263 static int
11266 {
11278 {
11279 /* 1) Handle misc store, immediate offset. */
11286 {
11287 /* If R15 was used as Rn, hence current PC+8. */
11289 }
11291 /* Calculate target store address. */
11293 {
11295 }
11296 else
11297 {
11299 }
11301 {
11305 }
11307 {
11313 }
11314 }
11316 {
11317 /* 2) Store, register offset. */
11318 /* Get Rm. */
11320 /* Get Rn. */
11325 {
11326 /* If R15 was used as Rn, hence current PC+8. */
11328 }
11329 /* Calculate target store address, Rn +/- Rm, register offset. */
11331 {
11333 }
11334 else
11335 {
11337 }
11339 {
11343 }
11345 {
11351 }
11352 }
11355 {
11356 /* 3) Store, immediate pre-indexed. */
11357 /* 5) Store, immediate post-indexed. */
11363 /* Calculate target store address, Rn +/- Rm, register offset. */
11365 {
11367 }
11368 else
11369 {
11371 }
11373 {
11377 }
11379 {
11385 }
11386 /* Record Rn also as it changes. */
11389 }
11392 {
11393 /* 4) Store, register pre-indexed. */
11394 /* 6) Store, register post -indexed. */
11399 /* Calculate target store address, Rn +/- Rm, register offset. */
11401 {
11403 }
11404 else
11405 {
11407 }
11409 {
11413 }
11415 {
11421 }
11422 /* Record Rn also as it changes. */
11425 }
11427 }
11429 /* Handling ARM extension space insns. */
11431 static int
11433 {
11442 /* Handle unconditional insn extension space. */
11447 {
11448 /* PLD has no affect on architectural state, it just affects
11449 the caches. */
11451 {
11452 /* BLX(1) */
11456 }
11457 /* STC2, LDC2, MCR2, MRC2, CDP2: <TBD>, co-processor insn. */
11458 }
11463 {
11465 /* Undefined instruction on ARM V5; need to handle if later
11466 versions define it. */
11467 }
11473 /* Handle arithmetic insn extension space. */
11476 {
11477 /* Handle MLA(S) and MUL(S). */
11479 {
11483 }
11485 {
11486 /* Handle SMLAL(S), SMULL(S), UMLAL(S), UMULL(S). */
11491 }
11492 }
11498 /* Handle control insn extension space. */
11502 {
11504 {
11506 {
11508 {
11509 /* MRS. */
11512 }
11514 {
11515 /* CSPR is going to be changed. */
11518 }
11520 {
11521 /* SPSR is going to be changed. */
11522 /* We need to get SPSR value, which is yet to be done. */
11524 }
11525 }
11527 {
11529 {
11530 /* BX. */
11533 }
11535 {
11536 /* CLZ. */
11539 }
11540 }
11542 {
11543 /* BLX. */
11547 }
11549 {
11550 /* QADD, QSUB, QDADD, QDSUB */
11554 }
11556 {
11557 /* BKPT. */
11562 /* Save SPSR also;how? */
11564 }
11569 )
11570 {
11572 {
11573 /* SMLA<x><y>, SMLAW<y>, SMULW<y>. */
11574 /* We dont do optimization for SMULW<y> where we
11575 need only Rd. */
11579 }
11581 {
11582 /* SMLAL<x><y>. */
11586 }
11588 {
11589 /* SMUL<x><y>. */
11592 }
11593 }
11594 }
11595 else
11596 {
11597 /* MSR : immediate form. */
11599 {
11600 /* CSPR is going to be changed. */
11603 }
11605 {
11606 /* SPSR is going to be changed. */
11607 /* we need to get SPSR value, which is yet to be done */
11609 }
11610 }
11611 }
11617 /* Handle load/store insn extension space. */
11622 {
11623 /* SWP/SWPB. */
11625 {
11626 /* These insn, changes register and memory as well. */
11627 /* SWP or SWPB insn. */
11628 /* Get memory address given by Rn. */
11631 /* SWP insn ?, swaps word. */
11633 {
11635 }
11636 else
11637 {
11638 /* SWPB insn, swaps only byte. */
11640 }
11645 }
11647 {
11648 /* STRH. */
11650 ARM_RECORD_STRH);
11651 }
11653 {
11654 /* LDRD. */
11658 }
11660 {
11661 /* STRD. */
11663 ARM_RECORD_STRD);
11664 }
11666 {
11667 /* LDRH, LDRSB, LDRSH. */
11670 }
11672 }
11677 {
11679 /* Handle coprocessor insn extension space. */
11680 }
11682 /* To be done for ARMv5 and later; as of now we return -1. */
11690 }
11692 /* Handling opcode 000 insns. */
11694 static int
11696 {
11709 {
11710 /* Data-processing (register) and Data-processing (register-shifted
11711 register */
11712 /* Out of 11 shifter operands mode, all the insn modifies destination
11713 register, which is specified by 13-16 decode. */
11717 }
11719 {
11720 /* Miscellaneous instructions */
11724 {
11725 /* Handle BLX, branch and link/exchange. */
11727 {
11728 /* Branch is chosen by setting T bit of CSPR, bitp[0] of Rm,
11729 and R14 stores the return address. */
11733 }
11734 }
11736 {
11737 /* Handle enhanced software breakpoint insn, BKPT. */
11738 /* CPSR is changed to be executed in ARM state, disabling normal
11739 interrupts, entering abort mode. */
11740 /* According to high vector configuration PC is set. */
11741 /* user hit breakpoint and type reverse, in
11742 that case, we need to go back with previous CPSR and
11743 Program Counter. */
11748 /* Save SPSR also; how? */
11750 }
11753 {
11754 /* Handle BX, branch and link/exchange. */
11755 /* Branch is chosen by setting T bit of CSPR, bitp[0] of Rm. */
11758 }
11762 {
11763 /* Count leading zeros: CLZ. */
11766 }
11771 {
11772 /* Handle MRS insn. */
11775 }
11776 }
11778 {
11779 /* Multiply and multiply-accumulate */
11781 /* Handle multiply instructions. */
11782 /* MLA, MUL, SMLAL, SMULL, UMLAL, UMULL. */
11784 {
11785 /* Handle MLA and MUL. */
11789 }
11791 {
11792 /* Handle SMLAL, SMULL, UMLAL, UMULL. */
11797 }
11798 }
11800 {
11801 /* Synchronization primitives */
11803 /* Handling SWP, SWPB. */
11804 /* These insn, changes register and memory as well. */
11805 /* SWP or SWPB insn. */
11809 /* SWP insn ?, swaps word. */
11811 {
11813 }
11814 else
11815 {
11816 /* SWPB insn, swaps only byte. */
11818 }
11823 }
11826 {
11828 {
11829 /* Extra load/store (unprivileged) */
11831 }
11832 else
11833 {
11834 /* Extra load/store */
11836 {
11839 {
11840 /* STRH (register), STRH (immediate) */
11843 }
11845 {
11846 /* LDRH (register) */
11851 {
11852 /* Write back to Rn. */
11855 }
11856 }
11858 {
11859 /* LDRH (immediate), LDRH (literal) */
11866 {
11867 /*LDRH (immediate) */
11869 {
11870 /* Write back to Rn. */
11872 }
11873 }
11874 }
11875 else
11880 {
11881 /* LDRD (register) */
11887 {
11888 /* Write back to Rn. */
11891 }
11892 }
11894 {
11895 /* LDRSB (register) */
11900 {
11901 /* Write back to Rn. */
11904 }
11905 }
11907 {
11908 /* LDRD (immediate), LDRD (literal), LDRSB (immediate),
11909 LDRSB (literal) */
11916 {
11917 /*LDRD (immediate), LDRSB (immediate) */
11919 {
11920 /* Write back to Rn. */
11922 }
11923 }
11924 }
11925 else
11930 {
11931 /* STRD (register) */
11934 }
11936 {
11937 /* LDRSH (register) */
11942 {
11943 /* Write back to Rn. */
11946 }
11947 }
11949 {
11950 /* STRD (immediate) */
11953 }
11955 {
11956 /* LDRSH (immediate), LDRSH (literal) */
11961 {
11962 /* Write back to Rn. */
11965 }
11966 }
11967 else
11972 }
11973 }
11974 }
11975 else
11976 {
11978 }
11983 }
11985 /* Handling opcode 001 insns. */
11987 static int
11989 {
11998 )
11999 {
12000 /* Handle MSR insn. */
12002 {
12003 /* CSPR is going to be changed. */
12006 }
12007 else
12008 {
12009 /* SPSR is going to be changed. */
12010 }
12011 }
12013 {
12014 /* Normal data processing insns. */
12015 /* Out of 11 shifter operands mode, all the insn modifies destination
12016 register, which is specified by 13-16 decode. */
12020 }
12021 else
12022 {
12024 }
12029 }
12031 static int
12033 {
12037 {
12039 /* Parallel addition and subtraction, signed */
12041 /* Parallel addition and subtraction, unsigned */
12044 /* Packing, unpacking, saturation and reversal */
12045 {
12049 }
12054 /* Signed multiplies */
12055 {
12065 }
12069 {
12072 {
12073 /* SBFX */
12076 }
12079 {
12080 /* USAD8 and USADA8 */
12083 }
12084 }
12088 {
12091 {
12092 /* Permanently UNDEFINED */
12094 }
12095 else
12096 {
12097 /* BFC, BFI and UBFX */
12100 }
12101 }
12106 }
12111 }
12113 /* Handle ARM mode instructions with opcode 010. */
12115 static int
12117 {
12124 ULONGEST u_regval;
12126 /* Calculate wback. */
12134 {
12135 /* LDR (immediate), LDR (literal), LDRB (immediate), LDRB (literal), LDRBT
12136 and LDRT. */
12141 /* The LDR instruction is capable of doing branching. If MOV LR, PC
12142 precedes a LDR instruction having R15 as reg_base, it
12143 emulates a branch and link instruction, and hence we need to save
12144 CPSR and PC as well. */
12148 /* If wback is true, also save the base register, which is going to be
12149 written to. */
12152 }
12153 else
12154 {
12155 /* STR (immediate), STRB (immediate), STRBT and STRT. */
12160 /* Handle bit U. */
12162 {
12163 /* U == 1: Add the offset. */
12165 }
12166 else
12167 {
12168 /* U == 0: subtract the offset. */
12170 }
12172 /* Bit 22 tells us whether the store instruction writes 1 byte or 4
12173 bytes. */
12175 {
12176 /* STRB and STRBT: 1 byte. */
12178 }
12179 else
12180 {
12181 /* STR and STRT: 4 bytes. */
12183 }
12185 /* Handle bit P. */
12188 else
12193 /* If wback is true, also save the base register, which is going to be
12194 written to. */
12197 }
12202 }
12204 /* Handling opcode 011 insns. */
12206 static int
12208 {
12216 LONGEST s_word;
12225 /* Handle enhanced store insns and LDRD DSP insn,
12226 order begins according to addressing modes for store insns
12227 STRH insn. */
12229 /* LDR or STR? */
12231 {
12233 /* LDR insn has a capability to do branching, if
12234 MOV LR, PC is preceded by LDR insn having Rn as R15
12235 in that case, it emulates branch and link insn, and hence we
12236 need to save CSPR and PC as well. */
12238 {
12241 }
12242 else
12243 {
12247 }
12248 }
12249 else
12250 {
12252 {
12253 /* Store insn, register offset and register pre-indexed,
12254 register post-indexed. */
12255 /* Get Rm. */
12257 /* Get Rn. */
12264 {
12265 /* If R15 was used as Rn, hence current PC+8. */
12266 /* Pre-indexed mode doesn't reach here ; illegal insn. */
12268 }
12269 /* Calculate target store address, Rn +/- Rm, register offset. */
12270 /* U == 1. */
12272 {
12274 }
12275 else
12276 {
12278 }
12281 {
12282 /* STR. */
12285 /* STR. */
12288 /* STRT. */
12291 /* STR. */
12297 /* STRB. */
12300 /* STRB. */
12303 /* STRBT. */
12306 /* STRB. */
12315 }
12325 )
12326 {
12327 /* Rn is going to be changed in pre-indexed mode and
12328 post-indexed mode as well. */
12331 }
12332 }
12333 else
12334 {
12335 /* Store insn, scaled register offset; scaled pre-indexed. */
12337 /* Get Rm. */
12339 /* Get Rn. */
12341 /* Get shift_imm. */
12346 /* Offset_12 used as shift. */
12348 {
12350 /* Offset_12 used as index. */
12360 {
12362 {
12364 }
12365 else
12366 {
12368 }
12369 }
12370 else
12371 {
12372 /* This is arithmetic shift. */
12374 }
12379 {
12382 /* Get C flag value and shift it by 31. */
12385 }
12386 else
12387 {
12391 }
12397 }
12400 /* bit U set. */
12402 {
12404 }
12405 else
12406 {
12408 }
12411 {
12412 /* STR. */
12415 /* STR. */
12418 /* STRT. */
12421 /* STR. */
12427 /* STRB. */
12430 /* STRB. */
12433 /* STRBT. */
12436 /* STRB. */
12445 }
12455 )
12456 {
12457 /* Rn is going to be changed in register scaled pre-indexed
12458 mode,and scaled post indexed mode. */
12461 }
12462 }
12463 }
12468 }
12470 /* Handle ARM mode instructions with opcode 100. */
12472 static int
12474 {
12480 ULONGEST u_regval;
12482 /* Fetch the list of registers. */
12486 /* Fetch the base register that contains the address we are loading data
12487 to. */
12490 /* Calculate wback. */
12494 {
12495 /* LDM/LDMIA/LDMFD, LDMDA/LDMFA, LDMDB and LDMIB. */
12497 /* Find out which registers are going to be loaded from memory. */
12499 {
12503 register_count++;
12504 }
12507 /* If wback is true, also save the base register, which is going to be
12508 written to. */
12512 /* Save the CPSR register. */
12514 }
12515 else
12516 {
12517 /* STM (STMIA, STMEA), STMDA (STMED), STMDB (STMFD) and STMIB (STMFA). */
12523 /* Find out how many registers are going to be stored to memory. */
12525 {
12527 register_count++;
12529 }
12532 {
12533 /* STMDA (STMED): Decrement after. */
12538 /* STM (STMIA, STMEA): Increment after. */
12542 /* STMDB (STMFD): Decrement before. */
12547 /* STMIB (STMFA): Increment before. */
12554 }
12559 /* If wback is true, also save the base register, which is going to be
12560 written to. */
12563 }
12568 }
12570 /* Handling opcode 101 insns. */
12572 static int
12574 {
12577 /* Handle B, BL, BLX(1) insns. */
12578 /* B simply branches so we do nothing here. */
12579 /* Note: BLX(1) doesn't fall here but instead it falls into
12580 extension space. */
12582 {
12585 }
12590 }
12592 static int
12594 {
12601 }
12603 /* Record handler for vector data transfer instructions. */
12605 static int
12607 {
12617 /* Handle VMOV instruction. */
12619 {
12622 }
12624 {
12625 /* Handle VMOV instruction. */
12627 {
12630 }
12631 /* Handle VMRS instruction. */
12633 {
12639 }
12640 }
12642 {
12643 /* Handle VMOV instruction. */
12645 {
12649 }
12650 /* Handle VMSR instruction. */
12652 {
12655 }
12656 }
12658 {
12659 /* Handle VMOV instruction. */
12661 {
12665 }
12666 /* Handle VDUP instruction. */
12667 else
12668 {
12670 {
12675 }
12676 else
12677 {
12681 }
12682 }
12683 }
12687 }
12689 /* Record handler for extension register load/store instructions. */
12691 static int
12693 {
12705 /* Handle VMOV instructions. */
12707 {
12709 {
12713 }
12714 else
12715 {
12720 {
12721 /* The first S register number m is REG_M:M (M is bit 5),
12722 the corresponding D register number is REG_M:M / 2, which
12723 is REG_M. */
12725 /* The second S register number is REG_M:M + 1, the
12726 corresponding D register number is (REG_M:M + 1) / 2.
12727 IOW, if bit M is 1, the first and second S registers
12728 are mapped to different D registers, otherwise, they are
12729 in the same D register. */
12731 {
12734 }
12735 }
12736 else
12737 {
12740 }
12741 }
12742 }
12743 /* Handle VSTM and VPUSH instructions. */
12746 {
12758 else
12762 {
12765 }
12768 {
12770 {
12775 }
12776 else
12777 {
12784 }
12785 memory_count--;
12786 }
12788 }
12789 /* Handle VLDM instructions. */
12792 {
12800 /* REG_VD is the first D register number. If the instruction
12801 loads memory to S registers (SINGLE_REG is TRUE), the register
12802 number is (REG_VD << 1 | bit D), so the corresponding D
12803 register number is (REG_VD << 1 | bit D) / 2 = REG_VD. */
12810 /* If the instruction loads memory to D register, REG_COUNT should
12811 be divided by 2, according to the ARM Architecture Reference
12812 Manual. If the instruction loads memory to S register, divide by
12813 2 as well because two S registers are mapped to D register. */
12816 {
12817 /* Increase the register count if S register list starts from
12818 an odd number (bit d is one). */
12819 reg_count++;
12820 }
12823 {
12825 reg_count--;
12826 }
12828 }
12829 /* VSTR Vector store register. */
12831 {
12842 else
12846 {
12850 }
12851 else
12852 {
12858 }
12859 }
12860 /* VLDR Vector load register. */
12862 {
12866 {
12869 }
12870 else
12871 {
12873 /* Record register D rather than pseudo register S. */
12875 }
12877 }
12882 }
12884 /* Record handler for arm/thumb mode VFP data processing instructions. */
12886 static int
12888 {
12900 /* Mask off the "D" bit. */
12903 /* Handle VMLA, VMLS. */
12905 {
12907 {
12910 else
12912 }
12913 else
12914 {
12917 else
12919 }
12920 }
12921 /* Handle VNMLA, VNMLS, VNMUL. */
12923 {
12926 else
12928 }
12929 /* Handle VMUL. */
12931 {
12933 {
12936 else
12938 }
12939 else
12940 {
12943 else
12945 }
12946 }
12947 /* Handle VADD, VSUB. */
12949 {
12951 {
12954 else
12956 }
12957 else
12958 {
12961 else
12963 }
12964 }
12965 /* Handle VDIV. */
12967 {
12970 else
12972 }
12973 /* Handle all other vfp data processing instructions. */
12975 {
12976 /* Handle VMOV. */
12978 {
12980 {
12983 else
12985 }
12986 else
12987 {
12990 else
12992 }
12993 }
12994 /* Handle VNEG and VABS. */
12997 {
12999 {
13002 else
13004 }
13005 else
13006 {
13009 else
13011 }
13012 }
13013 /* Handle VSQRT. */
13015 {
13018 else
13020 }
13021 /* Handle VCVT. */
13023 {
13026 else
13028 }
13030 {
13031 /* Handle VCVT. */
13033 {
13036 else
13037 {
13040 else
13042 }
13043 }
13044 /* Handle VCVT. */
13046 {
13049 else
13051 }
13052 /* Handle VCVTB, VCVTT. */
13055 /* Handle VCMP, VCMPE. */
13058 }
13059 }
13062 {
13090 }
13094 }
13096 /* Handling opcode 110 insns. */
13098 static int
13100 {
13108 {
13109 /* Handle extension register ld/st instructions. */
13113 /* 64-bit transfers between arm core and extension registers. */
13116 }
13117 else
13118 {
13119 /* Handle coprocessor ld/st instructions. */
13121 {
13122 /* Store. */
13125 else
13126 /* Load. */
13128 }
13130 /* Move to coprocessor from two arm core registers. */
13134 /* Move to two arm core registers from coprocessor. */
13136 {
13145 }
13146 }
13148 }
13150 /* Handling opcode 111 insns. */
13152 static int
13154 {
13156 arm_gdbarch_tdep *tdep
13166 /* Handle arm SWI/SVC system call instructions. */
13168 {
13170 {
13181 }
13182 else
13183 {
13186 }
13187 }
13189 {
13191 {
13193 {
13194 /* 8, 16, and 32-bit transfer */
13196 }
13197 else
13198 {
13200 {
13201 /* MRC, MRC2 */
13210 record_buf);
13212 }
13213 else
13214 {
13215 /* MCR, MCR2 */
13217 }
13218 }
13219 }
13220 else
13221 {
13223 {
13224 /* VFP data-processing instructions. */
13226 }
13227 else
13228 {
13229 /* CDP, CDP2 */
13231 }
13232 }
13233 }
13234 else
13235 {
13239 {
13241 {
13242 /* MRRC, MRRC2 */
13244 }
13245 }
13247 {
13249 {
13250 /* 64-bit transfers between ARM core and extension */
13252 }
13254 {
13255 /* MCRR, MCRR2 */
13257 }
13258 }
13260 {
13261 /* UNDEFINED */
13263 }
13264 else
13265 {
13267 {
13268 /* Extension register load/store */
13269 }
13270 else
13271 {
13272 /* STC, STC2, LDC, LDC2 */
13273 }
13275 }
13276 }
13279 }
13281 /* Handling opcode 000 insns. */
13283 static int
13285 {
13298 }
13301 /* Handling opcode 001 insns. */
13303 static int
13305 {
13318 }
13320 /* Handling opcode 010 insns. */
13322 static int
13324 {
13336 {
13337 /* Handle load/store register offset. */
13341 {
13342 /* LDR(2), LDRB(2) , LDRH(2), LDRSB, LDRSH. */
13346 }
13348 {
13349 /* STR(2), STRB(2), STRH(2) . */
13362 }
13363 }
13365 {
13366 /* Handle load from literal pool. */
13367 /* LDR(3). */
13371 }
13373 {
13374 /* Special data instructions and branch and exchange */
13378 {
13379 /* Branch with exchange. */
13382 }
13383 else
13384 {
13385 /* Format 8; special data processing insns. */
13390 }
13391 }
13392 else
13393 {
13394 /* Format 5; data processing insns. */
13397 {
13399 }
13403 }
13407 record_buf_mem);
13410 }
13412 /* Handling opcode 001 insns. */
13414 static int
13416 {
13428 {
13429 /* LDR(1). */
13433 }
13434 else
13435 {
13436 /* STR(1). */
13443 }
13447 record_buf_mem);
13450 }
13452 /* Handling opcode 100 insns. */
13454 static int
13456 {
13468 {
13469 /* LDR(4). */
13473 }
13475 {
13476 /* LDRH(1). */
13480 }
13482 {
13483 /* STR(3). */
13489 }
13491 {
13492 /* STRH(1). */
13499 }
13503 record_buf_mem);
13506 }
13508 /* Handling opcode 101 insns. */
13510 static int
13512 {
13526 {
13527 /* ADR and ADD (SP plus immediate) */
13532 }
13533 else
13534 {
13535 /* Miscellaneous 16-bit instructions */
13539 {
13541 /* SETEND and CPS */
13544 /* ADD/SUB (SP plus immediate) */
13553 /* CBNZ, CBZ */
13556 /* SXTH, SXTB, UXTH, UXTB */
13561 /* PUSH with lr. */
13562 register_count++;
13565 /* PUSH without lr. */
13569 {
13571 register_count++;
13573 }
13577 {
13581 register_count--;
13582 }
13587 /* REV, REV16, REVSH */
13593 /* POP. */
13596 {
13600 register_count++;
13601 }
13607 /* BKPT insn. */
13608 /* Handle enhanced software breakpoint insn, BKPT. */
13609 /* CPSR is changed to be executed in ARM state, disabling normal
13610 interrupts, entering abort mode. */
13611 /* According to high vector configuration PC is set. */
13612 /* User hits breakpoint and type reverse, in that case, we need to go back with
13613 previous CPSR and Program Counter. */
13617 /* We need to save SPSR value, which is not yet done. */
13627 /* If-Then, and hints */
13631 };
13632 }
13636 record_buf_mem);
13639 }
13641 /* Handling opcode 110 insns. */
13643 static int
13645 {
13646 arm_gdbarch_tdep *tdep
13662 {
13664 /* LDMIA. */
13666 /* Get Rn. */
13669 {
13673 register_count++;
13674 }
13677 }
13679 {
13680 /* It handles both STMIA. */
13682 /* Get Rn. */
13686 {
13688 register_count++;
13690 }
13694 {
13698 register_count--;
13699 }
13700 }
13702 {
13703 /* Handle arm syscall insn. */
13705 {
13708 }
13709 else
13710 {
13713 }
13714 }
13716 /* B (1), conditional branch is automatically taken care in process_record,
13717 as PC is saved there. */
13721 record_buf_mem);
13724 }
13726 /* Handling opcode 111 insns. */
13728 static int
13730 {
13737 {
13738 /* BL */
13741 }
13743 {
13744 /* BLX(1). */
13748 }
13750 /* B(2) is automatically taken care in process_record, as PC is
13751 saved there. */
13756 }
13758 /* Handler for thumb2 load/store multiple instructions. */
13760 static int
13762 {
13776 {
13778 {
13779 /* Handle RFE instruction. */
13782 }
13783 else
13784 {
13785 /* Handle SRS instruction after reading banked SP. */
13787 }
13788 }
13790 {
13792 {
13793 /* Handle LDM/LDMIA/LDMFD and LDMDB/LDMEA instructions. */
13796 {
13800 register_count++;
13802 }
13806 }
13807 else
13808 {
13809 /* Handle STM/STMIA/STMEA and STMDB/STMFD. */
13813 {
13815 register_count++;
13818 }
13821 {
13822 /* Start address calculation for LDMDB/LDMEA. */
13824 }
13826 {
13827 /* Start address calculation for LDMDB/LDMEA. */
13829 }
13833 {
13837 register_count--;
13838 }
13842 }
13843 }
13846 record_buf_mem);
13848 record_buf);
13850 }
13852 /* Handler for thumb2 load/store (dual/exclusive) and table branch
13853 instructions. */
13855 static int
13857 {
13873 {
13875 {
13880 }
13883 {
13887 }
13888 }
13889 else
13890 {
13895 {
13896 /* Handle STREX. */
13905 }
13907 {
13915 {
13916 /* Handle STREXB. */
13919 }
13921 {
13922 /* Handle STREXH. */
13925 }
13927 {
13928 /* Handle STREXD. */
13934 }
13935 }
13936 else
13937 {
13941 {
13944 else
13948 }
13949 else
13959 }
13960 }
13963 record_buf);
13965 record_buf_mem);
13967 }
13969 /* Handler for thumb2 data processing (shift register and modified immediate)
13970 instructions. */
13972 static int
13974 {
13982 {
13985 }
13986 else
13987 {
13991 }
13994 record_buf);
13996 }
13998 /* Generic handler for thumb2 instructions which effect destination and PS
13999 registers. */
14001 static int
14003 {
14014 record_buf);
14016 }
14018 /* Handler for thumb2 branch and miscellaneous control instructions. */
14020 static int
14022 {
14030 /* Handle MSR insn. */
14032 {
14034 {
14035 /* CPSR is going to be changed. */
14038 }
14039 else
14040 {
14043 }
14044 }
14046 {
14047 /* BLX. */
14051 }
14054 record_buf);
14056 }
14058 /* Handler for thumb2 store single data item instructions. */
14060 static int
14062 {
14078 {
14079 /* T2 encoding. */
14083 }
14084 else
14085 {
14086 /* T3 encoding. */
14088 {
14089 /* Handle STRB (register). */
14095 }
14096 else
14097 {
14100 {
14103 else
14107 }
14108 else
14110 }
14111 }
14114 {
14115 /* Store byte instructions. */
14120 /* Store half word instructions. */
14125 /* Store word instructions. */
14134 }
14142 record_buf);
14144 record_buf_mem);
14146 }
14148 /* Handler for thumb2 load memory hints instructions. */
14150 static int
14152 {
14160 {
14167 record_buf);
14169 }
14172 }
14174 /* Handler for thumb2 load word instructions. */
14176 static int
14178 {
14186 {
14187 /* Detected LDR(immediate), T4, with write-back bit set. Record Rn
14188 update. */
14191 }
14194 record_buf);
14196 }
14198 /* Handler for thumb2 long multiply, long multiply accumulate, and
14199 divide instructions. */
14201 static int
14203 {
14211 {
14212 /* Handle SMULL, UMULL, SMULAL. */
14213 /* Handle SMLAL(S), SMULL(S), UMLAL(S), UMULL(S). */
14218 }
14220 {
14221 /* Handle SDIV and UDIV. */
14226 }
14227 else
14231 record_buf);
14233 }
14235 /* Record handler for thumb32 coprocessor instructions. */
14237 static int
14239 {
14242 else
14244 }
14246 /* Record handler for advance SIMD structure load/store instructions. */
14248 static int
14250 {
14268 {
14274 {
14275 /* Handle VST1. */
14277 {
14286 else
14290 {
14292 {
14297 }
14298 }
14299 }
14300 /* Handle VST2. */
14302 {
14307 else
14312 {
14314 {
14318 }
14320 }
14321 }
14322 /* Handle VST3. */
14324 {
14326 {
14328 {
14332 }
14334 }
14335 }
14336 /* Handle VST4. */
14338 {
14340 {
14342 {
14346 }
14348 }
14349 }
14350 }
14351 else
14352 {
14361 else
14364 /* Handle VST1. */
14367 /* Handle VST2. */
14370 /* Handle VST3. */
14373 /* Handle VST4. */
14378 {
14381 }
14382 }
14383 }
14384 else
14385 {
14387 {
14388 /* Handle VLD1. */
14391 /* Handle VLD2. */
14394 /* Handle VLD3. */
14397 /* Handle VLD4. */
14400 }
14401 else
14402 {
14403 /* Handle VLD1. */
14406 /* Handle VLD2. */
14409 /* Handle VLD3. */
14412 /* Handle VLD4. */
14418 }
14419 }
14422 {
14425 }
14428 record_buf);
14430 record_buf_mem);
14432 }
14434 /* Decodes thumb2 instruction type and invokes its record handler. */
14436 static unsigned int
14438 {
14446 {
14448 {
14449 /* Load/store multiple instruction. */
14451 }
14453 {
14454 /* Load/store (dual/exclusive) and table branch instruction. */
14456 }
14458 {
14459 /* Data-processing (shifted register). */
14461 }
14463 {
14464 /* Co-processor instructions. */
14466 }
14467 }
14469 {
14471 {
14472 /* Branches and miscellaneous control instructions. */
14474 }
14476 {
14477 /* Data-processing (plain binary immediate) instruction. */
14479 }
14480 else
14481 {
14482 /* Data-processing (modified immediate). */
14484 }
14485 }
14487 {
14489 {
14490 /* Store single data item. */
14492 }
14494 {
14495 /* Advanced SIMD or structure load/store instructions. */
14497 }
14499 {
14500 /* Load byte, memory hints instruction. */
14502 }
14504 {
14505 /* Load halfword, memory hints instruction. */
14507 }
14509 {
14510 /* Load word instruction. */
14512 }
14514 {
14515 /* Data-processing (register) instruction. */
14517 }
14519 {
14520 /* Multiply, multiply accumulate, abs diff instruction. */
14522 }
14524 {
14525 /* Long multiply, long multiply accumulate, and divide. */
14527 }
14529 {
14530 /* Co-processor instructions. */
14532 }
14533 }
14536 }
14539 /* Abstract instruction reader. */
14541 class abstract_instruction_reader
14542 {
14544 /* Read one instruction of size LEN from address MEMADDR and using
14545 BYTE_ORDER endianness. */
14549 };
14551 /* Instruction reader from real target. */
14554 {
14558 {
14560 }
14561 };
14567 /* Decode arm/thumb insn depending on condition cods and opcodes; and
14568 dispatch it. */
14570 static int
14574 {
14576 /* (Starting from numerical 0); bits 25, 26, 27 decodes type of arm
14577 instruction. */
14579 {
14587 arm_record_coproc_data_proc /* 111. */
14588 };
14590 /* (Starting from numerical 0); bits 13,14,15 decodes type of thumb
14591 instruction. */
14593 { \
14601 thumb_record_branch /* 111. */
14602 };
14606 enum bfd_endian code_endian
14608 arm_record->arm_insn
14612 {
14618 else
14619 {
14620 /* If this insn has fallen into extension space
14621 then we need not decode it anymore. */
14623 }
14625 {
14628 }
14629 }
14631 {
14632 /* As thumb does not have condition codes, we set negative. */
14637 {
14640 }
14641 }
14643 {
14644 /* As thumb does not have condition codes, we set negative. */
14647 /* Swap first half of 32bit thumb instruction with second half. */
14648 arm_record->arm_insn
14654 {
14657 }
14658 }
14659 else
14660 {
14661 /* Throw assertion. */
14663 }
14666 }
14668 #if GDB_SELF_TEST
14671 /* Instruction reader class for selftests.
14673 For 16-bit Thumb instructions, an array of uint16_t should be used.
14675 For 32-bit Thumb instructions and regular 32-bit Arm instructions, an array
14676 of uint32_t should be used. */
14680 {
14685 {}
14689 {
14695 }
14700 };
14702 static void
14704 {
14712 /* 16-bit Thumb instructions. */
14713 {
14714 arm_insn_decode_record arm_record;
14719 /* Use the endian-free representation of the instructions here. The test
14720 will handle endianness conversions. */
14722 /* db b2 uxtb r3, r3 */
14724 /* cd 58 ldr r5, [r1, r3] */
14726 };
14730 THUMB_INSN_SIZE_BYTES);
14739 THUMB_INSN_SIZE_BYTES);
14745 }
14747 /* 32-bit Thumb-2 instructions. */
14748 {
14749 arm_insn_decode_record arm_record;
14754 /* Use the endian-free representation of the instruction here. The test
14755 will handle endianness conversions. */
14757 /* mrc 15, 0, r7, cr13, cr0, {3} */
14759 };
14763 THUMB2_INSN_SIZE_BYTES);
14769 }
14771 /* 32-bit instructions. */
14772 {
14773 arm_insn_decode_record arm_record;
14778 /* Use the endian-free representation of the instruction here. The test
14779 will handle endianness conversions. */
14781 /* mov r5, r0 */
14783 };
14787 ARM_INSN_SIZE_BYTES);
14790 }
14791 }
14793 /* Instruction reader from manually cooked instruction sequences. */
14796 {
14800 {}
14803 {
14808 }
14812 };
14814 static void
14816 {
14818 {
14828 /* The "sub" instruction contains an immediate value rotate count of 0,
14829 which resulted in a 32-bit shift of a 32-bit value, caught by
14830 UBSan. */
14836 };
14839 arm_prologue_cache cache;
14843 }
14844 }
14849 /* Cleans up local record registers and memory allocations. */
14851 static void
14853 {
14856 }
14859 /* Parse the current instruction and record the values of the registers and
14860 memory that will be changed in current instruction to record_arch_list".
14861 Return -1 if something is wrong. */
14863 int
14865 CORE_ADDR insn_addr)
14866 {
14874 arm_insn_decode_record arm_record;
14883 {
14887 }
14889 instruction_reader reader;
14890 enum bfd_endian code_endian
14892 arm_record.arm_insn
14895 /* Check the insn, whether it is thumb or arm one. */
14902 {
14903 /* We are decoding arm insn. */
14905 }
14906 else
14907 {
14909 /* is it thumb2 insn? */
14911 {
14913 THUMB2_INSN_SIZE_BYTES);
14914 }
14915 else
14916 {
14917 /* We are decoding thumb insn. */
14919 THUMB_INSN_SIZE_BYTES);
14920 }
14921 }
14924 {
14925 /* Record registers. */
14928 {
14930 {
14934 }
14935 }
14936 /* Record memories. */
14938 {
14940 {
14945 }
14946 }
14950 }
14956 }
14958 /* See arm-tdep.h. */
14962 {
14966 {
14969 }
14972 }
14974 /* See arm-tdep.h. */
14978 {
14982 {
14985 }
14988 }