| blob | 0c15215b30c6896d3eba9eb5bb7992d4871b22c5 |
1 /* Common target dependent code for GDB on ARM systems.
3 Copyright (C) 1988-2024 Free Software Foundation, Inc.
5 This file is part of GDB.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>. */
21 #include <ctype.h>
63 #include <algorithm>
67 #if GDB_SELF_TEST
69 #endif
73 /* Print an "arm" debug statement. */
75 #define arm_debug_printf(fmt, ...) \
78 /* Macros for setting and testing a bit in a minimal symbol that marks
79 it as Thumb function. The MSB of the minimal symbol's "info" field
80 is used for this purpose.
82 MSYMBOL_SET_SPECIAL Actually sets the "special" bit.
83 MSYMBOL_IS_SPECIAL Tests the "special" bit in a minimal symbol. */
85 #define MSYMBOL_SET_SPECIAL(msym) \
86 (msym)->set_target_flag_1 (true)
88 #define MSYMBOL_IS_SPECIAL(msym) \
89 (msym)->target_flag_1 ()
91 struct arm_mapping_symbol
92 {
93 CORE_ADDR value;
98 };
102 struct arm_per_bfd
103 {
107 {}
111 /* Information about mapping symbols ($a, $d, $t) in the objfile.
113 The format is an array of vectors of arm_mapping_symbols, there is one
114 vector for each section of the objfile (the array is index by BFD section
115 index).
117 For each section, the vector of arm_mapping_symbol is sorted by
118 symbol value (address). */
121 /* For each corresponding element of section_maps above, is this vector
122 sorted. */
124 };
126 /* Per-bfd data used for mapping symbols. */
129 /* The list of available "set arm ..." and "show arm ..." commands. */
133 /* The type of floating-point to use. Keep this in sync with enum
134 arm_float_model, and the help string in _initialize_arm_tdep. */
136 {
142 NULL
143 };
145 /* A variable that can be configured by the user. */
149 /* The ABI to use. Keep this in sync with arm_abi_kind. */
151 {
155 NULL
156 };
158 /* A variable that can be configured by the user. */
162 /* The execution mode to assume. */
164 {
168 NULL
169 };
174 /* The standard register names, and all the valid aliases for them. Note
175 that `fp', `sp' and `pc' are not added in this alias list, because they
176 have been added as builtin user registers in
177 std-regs.c:_initialize_frame_reg. */
178 static const struct
179 {
183 /* Basic register numbers. */
200 /* Synonyms (argument and variable registers). */
213 /* Other platform-specific names for r9. */
216 /* Special names. */
219 /* Names used by GCC (not listed in the ARM EABI). */
221 /* A special name from the older ATPCS. */
223 };
234 /* Holds the current set of options to be passed to the disassembler. */
237 /* Valid register name styles. */
240 /* Disassembly style to use. Default to "std" register names. */
243 /* All possible arm target descriptors. */
247 /* This is used to keep the bfd arch_info in sync with the disassembly
248 style. */
262 static CORE_ADDR
266 /* get_next_pcs operations. */
268 arm_get_next_pcs_read_memory_unsigned_integer,
269 arm_get_next_pcs_syscall_next_pc,
270 arm_get_next_pcs_addr_bits_remove,
271 arm_get_next_pcs_is_thumb,
272 NULL,
273 };
275 struct arm_prologue_cache
276 {
277 /* The stack pointer at the time this frame was created; i.e. the
278 caller's stack pointer when this function was called. It is used
279 to identify this frame. */
280 CORE_ADDR sp;
282 /* Additional stack pointers used by M-profile with Security extension. */
283 /* Use msp_s / psp_s to hold the values of msp / psp when there is
284 no Security extension. */
285 CORE_ADDR msp_s;
286 CORE_ADDR msp_ns;
287 CORE_ADDR psp_s;
288 CORE_ADDR psp_ns;
290 /* Active stack pointer. */
295 /* The frame base for this frame is just prev_sp - frame size.
296 FRAMESIZE is the distance from the frame pointer to the
297 initial stack pointer. */
301 /* The register used to hold the frame pointer for this frame. */
304 /* True if the return address is signed, false otherwise. */
307 /* Saved register offsets. */
311 };
314 /* Reconstruct T bit in program status register from LR value. */
318 {
322 else
326 }
328 /* Initialize CACHE fields for which zero is not adequate (CACHE is
329 expected to have been ZALLOC'ed before calling this function). */
331 static void
333 {
337 }
339 /* Similar to the previous function, but extracts GDBARCH from FRAME. */
341 static void
343 {
351 {
352 const CORE_ADDR msp_val
354 const CORE_ADDR psp_val
357 cache->msp_s
359 cache->msp_ns
361 cache->psp_s
363 cache->psp_ns
366 /* Identify what msp is alias for (msp_s or msp_ns). */
371 else
372 {
376 }
378 /* Identify what psp is alias for (psp_s or psp_ns). */
383 else
384 {
388 }
390 /* Identify what sp is alias for (msp_s, msp_ns, psp_s or psp_ns). */
395 else
396 {
400 }
401 }
403 {
404 cache->msp_s
406 cache->psp_s
409 /* Identify what sp is alias for (msp or psp). */
414 else
415 {
419 }
420 }
421 else
422 {
423 cache->msp_s
427 }
428 }
430 /* Return the requested stack pointer value (in REGNUM), taking into
431 account whether we have a Security extension or an M-profile
432 CPU. */
434 static CORE_ADDR
437 {
439 {
454 }
456 {
463 }
468 }
470 /* Return the previous stack address, depending on which SP register
471 is active. */
473 static CORE_ADDR
475 {
478 }
480 /* Set the active stack pointer to VAL. */
482 static void
485 {
487 {
498 }
500 {
507 }
509 {
512 }
515 }
517 /* Return true if REGNUM is one of the alternative stack pointers. */
519 static bool
521 {
529 else
531 }
533 /* Set the active stack pointer to SP_REGNUM. */
535 static void
538 {
542 {
548 {
551 }
554 {
557 }
558 }
561 }
565 /* Abstract class to read ARM instructions from memory. */
567 class arm_instruction_reader
568 {
570 /* Read a 4 bytes instruction from memory using the BYTE_ORDER endianness. */
572 };
574 /* Read instructions from target memory. */
577 {
580 {
582 }
583 };
587 static CORE_ADDR arm_analyze_prologue
591 /* Architecture version for displaced stepping. This effects the behavior of
592 certain instructions, and really should not be hard-wired. */
594 #define DISPLACED_STEPPING_ARCH_VERSION 5
596 /* See arm-tdep.h. */
601 /* Return the bit mask in ARM_PS_REGNUM that indicates Thumb mode. */
603 int
605 {
610 else
612 }
614 /* Determine if the processor is currently executing in Thumb mode. */
616 int
618 {
619 ULONGEST cpsr;
625 }
627 /* Determine if FRAME is executing in Thumb mode. FRAME must be an ARM
628 frame. */
630 int
632 {
633 /* Check the architecture of FRAME. */
637 /* Every ARM frame unwinder can unwind the T bit of the CPSR, either
638 directly (from a signal frame or dummy frame) or by interpreting
639 the saved LR (from a prologue or DWARF frame). So consult it and
640 trust the unwinders. */
643 /* Find and extract the thumb bit. */
646 }
648 /* Search for the mapping symbol covering MEMADDR. If one is found,
649 return its type. Otherwise, return 0. If START is non-NULL,
650 set *START to the location of the mapping symbol. */
652 static char
654 {
657 /* If there are mapping symbols, consult them. */
660 {
663 {
665 arm_mapping_symbol_vec &map
668 /* Sort the vector on first use. */
670 {
673 }
679 /* std::lower_bound finds the earliest ordered insertion
680 point. If the symbol at this position starts at this exact
681 address, we use that; otherwise, the preceding
682 mapping symbol covers this address. */
684 {
686 {
690 }
691 }
694 {
701 }
702 }
703 }
706 }
708 /* Determine if the program counter specified in MEMADDR is in a Thumb
709 function. This function should be called for addresses unrelated to
710 any executing frame; otherwise, prefer arm_frame_is_thumb. */
712 int
714 {
721 gdbarch_displaced_step_copy_insn_closure_by_addr
724 /* If checking the mode of displaced instruction in copy area, the mode
725 should be determined by instruction on the original address. */
727 {
732 }
734 /* If bit 0 of the address is set, assume this is a Thumb address. */
738 /* If the user wants to override the symbol table, let him. */
744 /* ARM v6-M and v7-M are always in Thumb mode. */
748 /* If there are mapping symbols, consult them. */
753 /* Thumb functions have a "special" bit set in minimal symbols. */
758 /* If the user wants to override the fallback mode, let them. */
764 /* If we couldn't find any symbol, but we're talking to a running
765 target, then trust the current value of $cpsr. This lets
766 "display/i $pc" always show the correct mode (though if there is
767 a symbol table we will not reach here, so it still may not be
768 displayed in the mode it will be executed). */
772 /* Otherwise we're out of luck; we assume ARM. */
774 }
778 {
780 {
781 /* Values for lockup state.
782 For more details see "B1.5.15 Unrecoverable exception cases" in
783 both ARMv6-M and ARMv7-M Architecture Reference Manuals, or
784 see "B4.32 Lockup" in ARMv8-M Architecture Reference Manual. */
791 /* Address is not lockup. */
793 }
794 }
796 /* Determine if the address specified equals any of these magic return
797 values, called EXC_RETURN, defined by the ARM v6-M, v7-M and v8-M
798 architectures. Also include lockup magic PC value.
799 Check also for FNC_RETURN if we have the v8-M security extension.
801 From ARMv6-M Reference Manual B1.5.8
802 Table B1-5 Exception return behavior
804 EXC_RETURN Return To Return Stack
805 0xFFFFFFF1 Handler mode Main
806 0xFFFFFFF9 Thread mode Main
807 0xFFFFFFFD Thread mode Process
809 From ARMv7-M Reference Manual B1.5.8
810 Table B1-8 EXC_RETURN definition of exception return behavior, no FP
812 EXC_RETURN Return To Return Stack
813 0xFFFFFFF1 Handler mode Main
814 0xFFFFFFF9 Thread mode Main
815 0xFFFFFFFD Thread mode Process
817 Table B1-9 EXC_RETURN definition of exception return behavior, with
818 FP
820 EXC_RETURN Return To Return Stack Frame Type
821 0xFFFFFFE1 Handler mode Main Extended
822 0xFFFFFFE9 Thread mode Main Extended
823 0xFFFFFFED Thread mode Process Extended
824 0xFFFFFFF1 Handler mode Main Basic
825 0xFFFFFFF9 Thread mode Main Basic
826 0xFFFFFFFD Thread mode Process Basic
828 For more details see "B1.5.8 Exception return behavior"
829 in both ARMv6-M and ARMv7-M Architecture Reference Manuals.
831 From ARMv8-M Architecture Technical Reference, D1.2.95
832 FType, Mode and SPSEL bits are to be considered when the Security
833 Extension is not implemented.
835 EXC_RETURN Return To Return Stack Frame Type
836 0xFFFFFFA0 Handler mode Main Extended
837 0xFFFFFFA8 Thread mode Main Extended
838 0xFFFFFFAC Thread mode Process Extended
839 0xFFFFFFB0 Handler mode Main Standard
840 0xFFFFFFB8 Thread mode Main Standard
841 0xFFFFFFBC Thread mode Process Standard */
843 static int
845 {
851 {
853 {
859 }
860 }
861 else
862 {
864 {
865 /* Values from ARMv8-M Architecture Technical Reference. */
872 /* Values from Tables in B1.5.8 the EXC_RETURN definitions of
873 the exception return behavior. */
880 /* Address is magic. */
884 /* Address is not magic. */
886 }
887 }
888 }
890 /* Remove useless bits from addresses in a running program. */
891 static CORE_ADDR
893 {
896 /* On M-profile devices, do not strip the low bit from EXC_RETURN
897 (the magic exception return address). */
903 else
905 }
907 /* Return 1 if PC is the start of a compiler helper function which
908 can be safely ignored during prologue skipping. IS_THUMB is true
909 if the function is known to be a Thumb function due to the way it
910 is being called. */
911 static int
913 {
920 {
923 /* The GNU linker's Thumb call stub to foo is named
924 __foo_from_thumb. */
928 /* On soft-float targets, __truncdfsf2 is called to convert promoted
929 arguments to their argument types in non-prototyped
930 functions. */
936 /* Internal functions related to thread-local storage. */
941 }
942 else
943 {
944 /* If we run against a stripped glibc, we may be unable to identify
945 special functions by name. Check for one important case,
946 __aeabi_read_tp, by comparing the *code* against the default
947 implementation (this is hand-written ARM assembler in glibc). */
955 }
958 }
960 /* Extract the immediate from instruction movw/movt of encoding T. INSN1 is
961 the first 16-bit of instruction, and INSN2 is the second 16-bit of
962 instruction. */
963 #define EXTRACT_MOVW_MOVT_IMM_T(insn1, insn2) \
964 ((bits ((insn1), 0, 3) << 12) \
965 | (bits ((insn1), 10, 10) << 11) \
966 | (bits ((insn2), 12, 14) << 8) \
967 | bits ((insn2), 0, 7))
969 /* Extract the immediate from instruction movw/movt of encoding A. INSN is
970 the 32-bit instruction. */
971 #define EXTRACT_MOVW_MOVT_IMM_A(insn) \
972 ((bits ((insn), 16, 19) << 12) \
973 | bits ((insn), 0, 11))
975 /* Decode immediate value; implements ThumbExpandImmediate pseudo-op. */
977 static unsigned int
979 {
984 {
994 }
997 }
999 /* Return 1 if the 16-bit Thumb instruction INSN restores SP in
1000 epilogue, 0 otherwise. */
1002 static int
1004 {
1008 }
1010 /* Analyze a Thumb prologue, looking for a recognizable stack frame
1011 and frame pointer. Scan until we encounter a store that could
1012 clobber the stack frame unexpectedly, or an unknown instruction.
1013 Return the last address which is definitely safe to skip for an
1014 initial breakpoint. */
1016 static CORE_ADDR
1020 {
1026 CORE_ADDR offset;
1034 {
1041 {
1048 /* Bits 0-7 contain a mask for registers R0-R7. Bit 8 says
1049 whether to save LR (R14). */
1052 /* Calculate offsets of saved R0-R7 and LR. */
1055 {
1059 }
1060 }
1062 {
1066 }
1068 {
1069 /* Don't scan past the epilogue. */
1071 }
1090 {
1094 }
1096 {
1100 }
1102 {
1103 /* Handle stores to the stack. Normally pushes are used,
1104 but with GCC -mtpcs-frame, there may be other stores
1105 in the prologue to create the frame. */
1107 pv_t addr;
1116 }
1118 {
1121 pv_t addr;
1130 }
1134 /* Ignore stores of argument registers to the stack. */
1135 ;
1138 /* Ignore block loads from the stack, potentially copying
1139 parameters from memory. */
1140 ;
1144 /* Similarly ignore single loads from the stack. */
1145 ;
1148 /* Skip register copies, i.e. saves to another register
1149 instead of the stack. */
1150 ;
1152 /* Recognize constant loads; even with small stacks these are necessary
1153 on Thumb. */
1156 {
1157 /* Constant pool loads, for the same reason. */
1159 CORE_ADDR loc;
1164 }
1166 {
1170 byte_order_for_code);
1174 {
1175 /* BL, BLX. Allow some special function calls when
1176 skipping the prologue; GCC generates these before
1177 storing arguments to the stack. */
1178 CORE_ADDR nextpc;
1190 /* For BLX make sure to clear the low bits. */
1197 }
1200 { registers } */
1202 {
1209 /* Calculate offsets of saved registers. */
1212 {
1215 }
1219 }
1221 /* vstmdb Rn{!}, { D-registers } (aka vpush). */
1225 {
1226 /* Address SP points to. */
1229 /* Number of registers saved. */
1232 /* First register to save. */
1238 /* Calculate offsets of saved registers. */
1240 {
1244 }
1246 /* Writeback SP to account for the saved registers. */
1248 }
1251 [Rn, #+/-imm]{!} */
1253 {
1261 else
1273 }
1278 {
1285 else
1295 }
1299 {
1301 pv_t addr;
1310 }
1314 /* Ignore stores of argument registers to the stack. */
1315 ;
1320 /* Ignore stores of argument registers to the stack. */
1321 ;
1324 { registers } */
1327 /* Ignore block loads from the stack, potentially copying
1328 parameters from memory. */
1329 ;
1332 [Rn, #+/-imm] */
1334 /* Similarly ignore dual loads from the stack. */
1335 ;
1340 /* Similarly ignore single loads from the stack. */
1341 ;
1345 /* Similarly ignore single loads from the stack. */
1346 ;
1350 {
1358 }
1362 {
1369 }
1373 {
1381 }
1385 {
1392 }
1395 {
1402 }
1405 {
1406 unsigned int imm
1410 }
1414 {
1418 }
1421 {
1422 /* Constant pool loads. */
1424 CORE_ADDR loc;
1429 else
1434 }
1437 {
1438 /* Constant pool loads. */
1440 CORE_ADDR loc;
1445 else
1453 }
1454 /* Start of ARMv8.1-m PACBTI extension instructions. */
1456 {
1457 /* LR and SP are input registers. PAC is in R12. LR is
1458 signed from this point onwards. NOP space. */
1460 }
1462 {
1463 /* LR and SP are input registers. PAC is in R12 and PC is a
1464 valid BTI landing pad. LR is signed from this point onwards.
1465 NOP space. */
1467 }
1469 {
1470 /* Valid BTI landing pad. NOP space. */
1471 }
1473 {
1474 /* Sign Rn using Rm and store the PAC in Rd. Rd is signed from
1475 this point onwards. */
1477 }
1479 {
1480 /* These instructions appear close to the epilogue, when signed
1481 pointers are getting authenticated. */
1483 }
1484 /* End of ARMv8.1-m PACBTI extension instructions */
1486 {
1487 /* Don't scan past anything that might change control flow. */
1489 }
1490 else
1491 {
1492 /* The optimizer might shove anything into the prologue,
1493 so we just skip what we don't recognize. */
1495 }
1497 /* Make sure we are dealing with a target that supports ARMv8.1-m
1498 PACBTI. */
1501 {
1507 }
1510 }
1512 {
1513 /* Don't scan past anything that might change control flow. */
1515 }
1516 else
1517 {
1518 /* The optimizer might shove anything into the prologue,
1519 so we just skip what we don't recognize. */
1521 }
1524 }
1536 {
1537 /* Frame pointer is fp. Frame size is constant. */
1540 }
1542 {
1543 /* Frame pointer is r7. Frame size is constant. */
1546 }
1547 else
1548 {
1549 /* Try the stack pointer... this is a bit desperate. */
1552 }
1556 {
1560 }
1563 }
1566 /* Try to analyze the instructions starting from PC, which load symbol
1567 __stack_chk_guard. Return the address of instruction after loading this
1568 symbol, set the dest register number to *BASEREG, and set the size of
1569 instructions for loading symbol in OFFSET. Return 0 if instructions are
1570 not recognized. */
1572 static CORE_ADDR
1575 {
1582 {
1583 unsigned short insn1
1587 {
1592 byte_order_for_code);
1593 }
1595 {
1596 unsigned short insn2
1601 insn1
1603 insn2
1606 /* movt Rd, #const */
1608 {
1613 }
1614 }
1615 }
1616 else
1617 {
1618 unsigned int insn
1622 {
1625 byte_order_for_code);
1629 }
1631 {
1634 insn
1638 {
1643 }
1644 }
1645 }
1648 }
1650 /* Try to skip a sequence of instructions used for stack protector. If PC
1651 points to the first instruction of this sequence, return the address of
1652 first instruction after this sequence, otherwise, return original PC.
1654 On arm, this sequence of instructions is composed of mainly three steps,
1655 Step 1: load symbol __stack_chk_guard,
1656 Step 2: load from address of __stack_chk_guard,
1657 Step 3: store it to somewhere else.
1659 Usually, instructions on step 2 and step 3 are the same on various ARM
1660 architectures. On step 2, it is one instruction 'ldr Rx, [Rn, #0]', and
1661 on step 3, it is also one instruction 'str Rx, [r7, #immd]'. However,
1662 instructions in step 1 vary from different ARM architectures. On ARMv7,
1663 they are,
1665 movw Rn, #:lower16:__stack_chk_guard
1666 movt Rn, #:upper16:__stack_chk_guard
1668 On ARMv5t, it is,
1670 ldr Rn, .Label
1671 ....
1672 .Lable:
1673 .word __stack_chk_guard
1675 Since ldr/str is a very popular instruction, we can't use them as
1676 'fingerprint' or 'signature' of stack protector sequence. Here we choose
1677 sequence {movw/movt, ldr}/ldr/str plus symbol __stack_chk_guard, if not
1678 stripped, as the 'fingerprint' of a stack protector cdoe sequence. */
1680 static CORE_ADDR
1682 {
1687 CORE_ADDR addr;
1689 /* Try to parse the instructions in Step 1. */
1696 /* ADDR must correspond to a symbol whose name is __stack_chk_guard.
1697 Otherwise, this sequence cannot be for stack protector. */
1703 {
1705 unsigned short insn
1708 /* Step 2: ldr Rd, [Rn, #immed], encoding T1. */
1716 byte_order_for_code);
1717 /* Step 3: str Rd, [Rn, #immed], encoding T1. */
1722 }
1723 else
1724 {
1726 unsigned int insn
1729 /* Step 2: ldr Rd, [Rn, #immed], encoding A1. */
1735 /* Step 3: str Rd, [Rn, #immed], encoding A1. */
1742 }
1743 /* The size of total two instructions ldr/str is 4 on Thumb-2, while 8
1744 on arm. */
1747 else
1749 }
1751 /* Advance the PC across any function entry prologue instructions to
1752 reach some "real" code.
1754 The APCS (ARM Procedure Call Standard) defines the following
1755 prologue:
1757 mov ip, sp
1758 [stmfd sp!, {a1,a2,a3,a4}]
1759 stmfd sp!, {...,fp,ip,lr,pc}
1760 [stfe f7, [sp, #-12]!]
1761 [stfe f6, [sp, #-12]!]
1762 [stfe f5, [sp, #-12]!]
1763 [stfe f4, [sp, #-12]!]
1764 sub fp, ip, #nn @@ nn == 20 or 4 depending on second insn. */
1766 static CORE_ADDR
1768 {
1771 /* See if we can determine the end of the prologue via the symbol table.
1772 If so, then return either PC, or the PC after the prologue, whichever
1773 is greater. */
1774 bool func_addr_found
1777 /* Whether the function is thumb mode or not. */
1781 {
1782 CORE_ADDR post_prologue_pc
1787 post_prologue_pc
1791 /* GCC always emits a line note before the prologue and another
1792 one after, even if the two are at the same address or on the
1793 same line. Take advantage of this so that we do not need to
1794 know every instruction that might appear in the prologue. We
1795 will have producer information for most binaries; if it is
1796 missing (e.g. for -gstabs), assuming the GNU tools. */
1805 {
1806 CORE_ADDR analyzed_limit;
1808 /* For non-GCC compilers, make sure the entire line is an
1809 acceptable prologue; GDB will round this function's
1810 return value up to the end of the following line so we
1811 can not skip just part of a line (and we do not want to).
1813 RealView does not treat the prologue specially, but does
1814 associate prologue code with the opening brace; so this
1815 lets us skip the first line if we think it is the opening
1816 brace. */
1821 else
1822 analyzed_limit
1830 }
1831 }
1833 /* Can't determine prologue from the symbol table, need to examine
1834 instructions. */
1836 /* Find an upper limit on the function prologue using the debug
1837 information. If the debug information could not be used to provide
1838 that bound, then use an arbitrary large number as the upper bound. */
1839 /* Like arm_scan_prologue, stop no later than pc + 64. */
1844 /* Set the correct adjustment based on whether the function is thumb mode or
1845 not. We use it to get the address of the last instruction in the
1846 function (as opposed to the first address of the next function). */
1849 limit_pc
1853 /* Check if this is Thumb code. */
1856 else
1859 }
1861 /* Function: thumb_scan_prologue (helper function for arm_scan_prologue)
1862 This function decodes a Thumb function prologue to determine:
1863 1) the size of the stack frame
1864 2) which registers are saved on it
1865 3) the offsets of saved regs
1866 4) the offset from the stack pointer to the frame pointer
1868 A typical Thumb function prologue would create this stack frame
1869 (offsets relative to FP)
1870 old SP -> 24 stack parameters
1871 20 LR
1872 16 R7
1873 R7 -> 0 local variables (16 bytes)
1874 SP -> -12 additional stack space (12 bytes)
1875 The frame size would thus be 36 bytes, and the frame offset would be
1876 12 bytes. The frame register is R7.
1878 The comments for thumb_skip_prolog() describe the algorithm we use
1879 to detect the end of the prolog. */
1881 static void
1884 {
1885 CORE_ADDR prologue_start;
1886 CORE_ADDR prologue_end;
1890 {
1891 /* See comment in arm_scan_prologue for an explanation of
1892 this heuristics. */
1894 {
1896 }
1897 }
1898 else
1899 /* We're in the boondocks: we have no idea where the start of the
1900 function is. */
1906 }
1908 /* Return 1 if the ARM instruction INSN restores SP in epilogue, 0
1909 otherwise. */
1911 static int
1913 {
1915 {
1917 /* ADD SP (register or immediate). */
1919 /* SUB SP (register or immediate). */
1921 /* MOV SP. */
1923 /* POP (LDMIA). */
1925 /* POP of a single register. */
1927 }
1930 }
1932 /* Implement immediate value decoding, as described in section A5.2.4
1933 (Modified immediate constants in ARM instructions) of the ARM Architecture
1934 Reference Manual (ARMv7-A and ARMv7-R edition). */
1936 static uint32_t
1938 {
1939 /* Immediate values are 12 bits long. */
1950 }
1952 /* Analyze an ARM mode prologue starting at PROLOGUE_START and
1953 continuing no further than PROLOGUE_END. If CACHE is non-NULL,
1954 fill it in. Return the first address not recognized as a prologue
1955 instruction.
1957 We recognize all the instructions typically found in ARM prologues,
1958 plus harmless instructions which can be skipped (either for analysis
1959 purposes, or a more restrictive set that can be skipped when finding
1960 the end of the prologue). */
1962 static CORE_ADDR
1967 {
1975 /* Search the prologue looking for instructions that set up the
1976 frame pointer, adjust the stack pointer, and save registers.
1978 Be careful, however, and if it doesn't look like a prologue,
1979 don't try to scan it. If, for instance, a frameless function
1980 begins with stmfd sp!, then we will tell ourselves there is
1981 a frame, which will confuse stack traceback, as well as "finish"
1982 and other operations that rely on a knowledge of the stack
1983 traceback. */
1992 {
1996 {
1999 }
2002 {
2007 }
2010 {
2015 }
2017 [sp, #-4]! */
2018 {
2025 }
2027 /* stmfd sp!, {..., fp, ip, lr, pc}
2028 or
2029 stmfd sp!, {a1, a2, a3, a4} */
2030 {
2036 /* Calculate offsets of saved registers. */
2039 {
2043 }
2044 }
2048 {
2049 /* No need to add this to saved_regs -- it's just an arg reg. */
2051 }
2055 {
2056 /* No need to add this to saved_regs -- it's just an arg reg. */
2058 }
2060 { registers } */
2062 {
2063 /* No need to add this to saved_regs -- it's just arg regs. */
2065 }
2067 {
2070 }
2072 {
2075 }
2077 [sp, -#c]! */
2079 {
2086 }
2088 [sp!] */
2090 {
2098 {
2101 else
2103 }
2104 else
2105 {
2108 else
2110 }
2115 {
2119 }
2120 }
2122 {
2123 /* Allow some special function calls when skipping the
2124 prologue; GCC generates these before storing arguments to
2125 the stack. */
2130 else
2132 }
2136 /* Don't scan past anything that might change control flow. */
2139 {
2140 /* Don't scan past the epilogue. */
2142 }
2145 /* Ignore block loads from the stack, potentially copying
2146 parameters from memory. */
2150 /* Similarly ignore single loads from the stack. */
2153 /* MOV Rd, Rm. Skip register copies, i.e. saves to another
2154 register instead of the stack. */
2156 else
2157 {
2158 /* The optimizer might shove anything into the prologue, if
2159 we build up cache (cache != NULL) from scanning prologue,
2160 we just skip what we don't recognize and scan further to
2161 make cache as complete as possible. However, if we skip
2162 prologue, we'll stop immediately on unrecognized
2163 instruction. */
2167 else
2169 }
2170 }
2176 {
2179 /* The frame size is just the distance from the frame register
2180 to the original stack pointer. */
2182 {
2183 /* Frame pointer is fp. */
2186 }
2187 else
2188 {
2189 /* Try the stack pointer... this is a bit desperate. */
2192 }
2199 {
2203 }
2204 }
2210 }
2212 static void
2215 {
2223 /* Assume there is no frame until proven otherwise. */
2227 /* Check for Thumb prologue. */
2229 {
2232 }
2234 /* Find the function prologue. If we can't find the function in
2235 the symbol table, peek in the stack frame to find the PC. */
2238 {
2239 /* One way to find the end of the prologue (which works well
2240 for unoptimized code) is to do the following:
2242 struct symtab_and_line sal = find_pc_line (prologue_start, 0);
2244 if (sal.line == 0)
2245 prologue_end = prev_pc;
2246 else if (sal.end < prologue_end)
2247 prologue_end = sal.end;
2249 This mechanism is very accurate so long as the optimizer
2250 doesn't move any instructions from the function body into the
2251 prologue. If this happens, sal.end will be the last
2252 instruction in the first hunk of prologue code just before
2253 the first instruction that the scheduler has moved from
2254 the body to the prologue.
2256 In order to make sure that we scan all of the prologue
2257 instructions, we use a slightly less accurate mechanism which
2258 may scan more than necessary. To help compensate for this
2259 lack of accuracy, the prologue scanning loop below contains
2260 several clauses which'll cause the loop to terminate early if
2261 an implausible prologue instruction is encountered.
2263 The expression
2265 prologue_start + 64
2267 is a suitable endpoint since it accounts for the largest
2268 possible prologue plus up to five instructions inserted by
2269 the scheduler. */
2272 {
2274 }
2275 }
2276 else
2277 {
2278 /* We have no symbol information. Our only option is to assume this
2279 function has a standard stack frame and the normal frame register.
2280 Then, we can find the value of our frame pointer on entrance to
2281 the callee (or at the present moment if this is the innermost frame).
2282 The value stored there should be the address of the stmfd + 8. */
2283 CORE_ADDR frame_loc;
2284 ULONGEST return_value;
2286 /* AAPCS does not use a frame register, so we can abort here. */
2294 else
2295 {
2296 prologue_start = gdbarch_addr_bits_remove
2299 }
2300 }
2307 }
2311 {
2331 /* Calculate actual addresses of saved registers using offsets
2332 determined by arm_scan_prologue. */
2336 prev_sp);
2339 }
2341 /* Implementation of the stop_reason hook for arm_prologue frames. */
2343 static enum unwind_stop_reason
2346 {
2348 CORE_ADDR pc;
2354 /* This is meant to halt the backtrace at "_start". */
2361 /* If we've hit a wall, stop. */
2366 }
2368 /* Our frame ID for a normal frame is the current function's starting PC
2369 and the caller's SP when we were called. */
2371 static void
2375 {
2384 arm_gdbarch_tdep *tdep
2387 /* Use function start address as part of the frame ID. If we cannot
2388 identify the start address (due to missing symbol information),
2389 fall back to just using the current PC. */
2397 }
2403 {
2406 CORE_ADDR sp_value;
2414 /* If this frame has signed the return address, mark it as so. */
2419 /* If we are asked to unwind the PC, then we need to return the LR
2420 instead. The prologue may save PC, but it will point into this
2421 frame's prologue, not the next frame's resume location. Also
2422 strip the saved T bit. A valid LR may have the low bit set, but
2423 a valid PC never does. */
2425 {
2426 CORE_ADDR lr;
2431 }
2433 /* SP is generally not saved to the stack, but this frame is
2434 identified by the next frame's stack pointer at the time of the call.
2435 The value was already reconstructed into PREV_SP. */
2440 /* The value might be one of the alternative SP, if so, use the
2441 value already constructed. */
2443 {
2446 }
2448 /* The CPSR may have been changed by the call instruction and by the
2449 called function. The only bit we can reconstruct is the T bit,
2450 by checking the low bit of LR as of the call. This is a reliable
2451 indicator of Thumb-ness except for some ARM v4T pre-interworking
2452 Thumb code, which could get away with a clear low bit as long as
2453 the called function did not use bx. Guess that all other
2454 bits are unchanged; the condition flags are presumably lost,
2455 but the processor status is likely valid. */
2457 {
2463 }
2466 prev_regnum);
2467 }
2471 NORMAL_FRAME,
2472 FRAME_UNWIND_ARCH,
2473 arm_prologue_unwind_stop_reason,
2474 arm_prologue_this_id,
2475 arm_prologue_prev_register,
2476 NULL,
2477 default_frame_sniffer
2478 );
2480 /* Maintain a list of ARM exception table entries per objfile, similar to the
2481 list of mapping symbols. We only cache entries for standard ARM-defined
2482 personality routines; the cache will contain only the frame unwinding
2483 instructions associated with the entry (not the descriptors). */
2485 struct arm_exidx_entry
2486 {
2487 CORE_ADDR addr;
2491 {
2493 }
2494 };
2496 struct arm_exidx_data
2497 {
2499 };
2501 /* Per-BFD key to store exception handling information. */
2506 {
2509 {
2516 }
2519 }
2521 /* Parse contents of exception table and exception index sections
2522 of OBJFILE, and fill in the exception table entry cache.
2524 For each entry that refers to a standard ARM-defined personality
2525 routine, extract the frame unwinding instructions (from either
2526 the index or the table section). The unwinding instructions
2527 are normalized by:
2528 - extracting them from the rest of the table data
2529 - converting to host endianness
2530 - appending the implicit 0xb0 ("Finish") code
2532 The extracted and normalized instructions are stored for later
2533 retrieval by the arm_find_exidx_entry routine. */
2535 static void
2537 {
2541 LONGEST i;
2543 /* If we've already touched this file, do nothing. */
2547 /* Read contents of exception table and index. */
2549 ELF_STRING_ARM_unwind);
2552 {
2560 }
2565 {
2573 }
2575 /* Allocate exception table data structure. */
2579 /* Fill in exception table. */
2581 {
2591 /* Extract address of start of function. */
2595 /* Find section containing function and compute section offset. */
2601 /* Determine address of exception table entry. */
2603 {
2604 /* EXIDX_CANTUNWIND -- no exception table entry present. */
2605 }
2607 {
2608 /* Exception table entry embedded in .ARM.exidx
2609 -- must be short form. */
2612 }
2614 {
2615 /* Exception table entry in .ARM.extab. */
2620 {
2626 {
2627 /* Short form. */
2629 }
2632 {
2633 /* Long form. */
2636 }
2638 {
2639 bfd_vma pers;
2643 /* Custom personality routine. */
2647 /* Check whether we've got one of the variants of the
2648 GNU personality routines. */
2651 {
2653 {
2658 NULL
2659 };
2667 {
2670 }
2671 }
2673 /* If so, the next word contains a word count in the high
2674 byte, followed by the same unwind instructions as the
2675 pre-defined forms. */
2678 {
2685 }
2686 }
2687 }
2688 }
2690 /* Sanity check address. */
2696 /* The unwind instructions reside in WORD (only the N_BYTES least
2697 significant bytes are valid), followed by N_WORDS words in the
2698 extab section starting at ADDR. */
2700 {
2709 {
2718 }
2720 /* Implied "Finish" to terminate the list. */
2722 }
2724 /* Push entry onto vector. They are guaranteed to always
2725 appear in order of increasing addresses. */
2730 }
2731 }
2733 /* Search for the exception table entry covering MEMADDR. If one is found,
2734 return a pointer to its data. Otherwise, return 0. If START is non-NULL,
2735 set *START to the start of the region covered by this entry. */
2739 {
2744 {
2750 {
2754 {
2757 /* std::lower_bound finds the earliest ordered insertion
2758 point. If the following symbol starts at this exact
2759 address, we use that; otherwise, the preceding
2760 exception table entry covers this address. */
2762 {
2764 {
2768 }
2769 }
2772 {
2777 }
2778 }
2779 }
2780 }
2783 }
2785 /* Given the current frame THIS_FRAME, and its associated frame unwinding
2786 instruction list from the ARM exception table entry ENTRY, allocate and
2787 return a prologue cache structure describing how to unwind this frame.
2789 Return NULL if the unwinding instruction list contains a "spare",
2790 "reserved" or "refuse to unwind" instruction as defined in section
2791 "9.3 Frame unwinding instructions" of the "Exception Handling ABI
2792 for the ARM Architecture" document. */
2796 {
2805 {
2806 gdb_byte insn;
2808 /* Whenever we reload SP, we actually have to retrieve its
2809 actual value in the current frame. */
2811 {
2813 {
2816 }
2817 else
2818 {
2821 }
2824 }
2826 /* Decode next unwind instruction. */
2830 {
2833 }
2835 {
2838 }
2840 {
2844 /* The special case of an all-zero mask identifies
2845 "Refuse to unwind". We return NULL to fall back
2846 to the prologue analyzer. */
2850 /* Pop registers r4..r15 under mask. */
2853 {
2856 }
2858 /* Special-case popping SP -- we need to reload vsp. */
2861 }
2863 {
2866 /* Reserved cases. */
2870 /* Set SP from another register and mark VSP for reload. */
2873 }
2875 {
2880 /* Pop r4..r[4+count]. */
2882 {
2885 }
2887 /* If indicated by flag, pop LR as well. */
2889 {
2892 }
2893 }
2895 {
2896 /* We could only have updated PC by popping into it; if so, it
2897 will show up as address. Otherwise, copy LR into PC. */
2902 /* We're done. */
2904 }
2906 {
2910 /* All-zero mask and mask >= 16 is "spare". */
2914 /* Pop r0..r3 under mask. */
2917 {
2920 }
2921 }
2923 {
2927 do
2928 {
2931 }
2935 }
2937 {
2942 /* Only registers D0..D15 are valid here. */
2946 /* Pop VFP double-precision registers D[start]..D[start+count]. */
2948 {
2951 }
2953 /* Add an extra 4 bytes for FSTMFDX-style stack. */
2955 }
2957 {
2961 /* Pop VFP double-precision registers D[8]..D[8+count]. */
2963 {
2966 }
2968 /* Add an extra 4 bytes for FSTMFDX-style stack. */
2970 }
2972 {
2977 /* Only registers WR0..WR15 are valid. */
2981 /* Pop iwmmx registers WR[start]..WR[start+count]. */
2983 {
2986 }
2987 }
2989 {
2993 /* All-zero mask and mask >= 16 is "spare". */
2997 /* Pop iwmmx general-purpose registers WCGR0..WCGR3 under mask. */
3000 {
3003 }
3004 }
3006 {
3010 /* Pop iwmmx registers WR[10]..WR[10+count]. */
3012 {
3015 }
3016 }
3018 {
3023 /* Only registers D0..D31 are valid. */
3027 /* Pop VFP double-precision registers
3028 D[16+start]..D[16+start+count]. */
3030 {
3033 }
3034 }
3036 {
3041 /* Pop VFP double-precision registers D[start]..D[start+count]. */
3043 {
3046 }
3047 }
3049 {
3053 /* Pop VFP double-precision registers D[8]..D[8+count]. */
3055 {
3058 }
3059 }
3060 else
3061 {
3062 /* Everything else is "spare". */
3064 }
3065 }
3067 /* If we restore SP from a register, assume this was the frame register.
3068 Otherwise just fall back to SP as frame register. */
3071 else
3074 /* Determine offset to previous frame. */
3075 cache->framesize
3078 /* We already got the previous SP. */
3079 arm_gdbarch_tdep *tdep
3084 }
3086 /* Unwinding via ARM exception table entries. Note that the sniffer
3087 already computes a filled-in prologue cache, which is then used
3088 with the same arm_prologue_this_id and arm_prologue_prev_register
3089 routines also used for prologue-parsing based unwinding. */
3091 static int
3095 {
3102 /* See if we have an ARM exception table entry covering this address. */
3108 /* The ARM exception table does not describe unwind information
3109 for arbitrary PC values, but is guaranteed to be correct only
3110 at call sites. We have to decide here whether we want to use
3111 ARM exception table information for this frame, or fall back
3112 to using prologue parsing. (Note that if we have DWARF CFI,
3113 this sniffer isn't even called -- CFI is always preferred.)
3115 Before we make this decision, however, we check whether we
3116 actually have *symbol* information for the current frame.
3117 If not, prologue parsing would not work anyway, so we might
3118 as well use the exception table and hope for the best. */
3120 {
3123 /* If the next frame is "normal", we are at a call site in this
3124 frame, so exception information is guaranteed to be valid. */
3129 /* Some syscalls keep PC pointing to the SVC instruction itself. */
3131 {
3132 /* We also assume exception information is valid if we're currently
3133 blocked in a system call. The system library is supposed to
3134 ensure this, so that e.g. pthread cancellation works. */
3136 {
3137 ULONGEST insn;
3145 }
3146 else
3147 {
3148 ULONGEST insn;
3156 }
3157 }
3159 /* Bail out if we don't know that exception information is valid. */
3163 /* The ARM exception index does not mark the *end* of the region
3164 covered by the entry, and some functions will not have any entry.
3165 To correctly recognize the end of the covered region, the linker
3166 should have inserted dummy records with a CANTUNWIND marker.
3168 Unfortunately, current versions of GNU ld do not reliably do
3169 this, and thus we may have found an incorrect entry above.
3170 As a (temporary) sanity check, we only use the entry if it
3171 lies *within* the bounds of the function. Note that this check
3172 might reject perfectly valid entries that just happen to cover
3173 multiple functions; therefore this check ought to be removed
3174 once the linker is fixed. */
3177 }
3179 /* Decode the list of unwinding instructions into a prologue cache.
3180 Note that this may fail due to e.g. a "refuse to unwind" code. */
3187 }
3191 NORMAL_FRAME,
3192 FRAME_UNWIND_ARCH,
3193 default_frame_unwind_stop_reason,
3194 arm_prologue_this_id,
3195 arm_prologue_prev_register,
3196 NULL,
3197 arm_exidx_unwind_sniffer
3198 );
3202 {
3209 /* Still rely on the offset calculated from prologue. */
3212 /* Since we are in epilogue, the SP has been restored. */
3213 arm_gdbarch_tdep *tdep
3217 ARM_SP_REGNUM));
3219 /* Calculate actual addresses of saved registers using offsets
3220 determined by arm_scan_prologue. */
3227 }
3229 /* Implementation of function hook 'this_id' in
3230 'struct frame_uwnind' for epilogue unwinder. */
3232 static void
3236 {
3244 /* Use function start address as part of the frame ID. If we cannot
3245 identify the start address (due to missing symbol information),
3246 fall back to just using the current PC. */
3252 arm_gdbarch_tdep *tdep
3255 }
3257 /* Implementation of function hook 'prev_register' in
3258 'struct frame_uwnind' for epilogue unwinder. */
3263 {
3268 }
3271 CORE_ADDR pc);
3273 CORE_ADDR pc);
3275 /* Implementation of function hook 'sniffer' in
3276 'struct frame_uwnind' for epilogue unwinder. */
3278 static int
3282 {
3284 {
3290 else
3292 }
3293 else
3295 }
3297 /* Frame unwinder from epilogue. */
3301 NORMAL_FRAME,
3302 FRAME_UNWIND_ARCH,
3303 default_frame_unwind_stop_reason,
3304 arm_epilogue_frame_this_id,
3305 arm_epilogue_frame_prev_register,
3306 NULL,
3307 arm_epilogue_frame_sniffer
3308 );
3310 /* Recognize GCC's trampoline for thumb call-indirect. If we are in a
3311 trampoline, return the target PC. Otherwise return 0.
3313 void call0a (char c, short s, int i, long l) {}
3315 int main (void)
3316 {
3317 (*pointer_to_call0a) (c, s, i, l);
3318 }
3320 Instead of calling a stub library function _call_via_xx (xx is
3321 the register name), GCC may inline the trampoline in the object
3322 file as below (register r2 has the address of call0a).
3324 .global main
3325 .type main, %function
3326 ...
3327 bl .L1
3328 ...
3329 .size main, .-main
3331 .L1:
3332 bx r2
3334 The trampoline 'bx r2' doesn't belong to main. */
3336 static CORE_ADDR
3338 {
3339 /* The heuristics of recognizing such trampoline is that FRAME is
3340 executing in Thumb mode and the instruction on PC is 'bx Rm'. */
3342 {
3346 {
3348 enum bfd_endian byte_order_for_code
3350 uint16_t insn
3354 {
3355 CORE_ADDR dest
3358 /* Clear the LSB so that gdb core sets step-resume
3359 breakpoint at the right address. */
3361 }
3362 }
3363 }
3366 }
3370 {
3376 arm_gdbarch_tdep *tdep
3380 ARM_SP_REGNUM));
3383 }
3385 /* Our frame ID for a stub frame is the current SP and LR. */
3387 static void
3391 {
3398 arm_gdbarch_tdep *tdep
3402 }
3404 static int
3408 {
3409 CORE_ADDR addr_in_block;
3417 /* We also use the stub winder if the target memory is unreadable
3418 to avoid having the prologue unwinder trying to read it. */
3427 }
3431 NORMAL_FRAME,
3432 FRAME_UNWIND_ARCH,
3433 default_frame_unwind_stop_reason,
3434 arm_stub_this_id,
3435 arm_prologue_prev_register,
3436 NULL,
3437 arm_stub_unwind_sniffer
3438 );
3440 /* Put here the code to store, into CACHE->saved_regs, the addresses
3441 of the saved registers of frame described by THIS_FRAME. CACHE is
3442 returned. */
3446 {
3454 /* ARMv7-M Architecture Reference "B1.5.6 Exception entry behavior"
3455 describes which bits in LR that define which stack was used prior
3456 to the exception and if FPU is used (causing extended stack frame). */
3458 /* In the lockup state PC contains a lockup magic value.
3459 The PC value of the the next outer frame is irreversibly
3460 lost. The other registers are intact so LR likely contains
3461 PC of some frame next to the outer one, but we cannot analyze
3462 the next outer frame without knowing its PC
3463 therefore we do not know SP fixup for this frame.
3464 Some heuristics to resynchronize SP might be possible.
3465 For simplicity, just terminate the unwinding to prevent it going
3466 astray and attempting to read data/addresses it shouldn't,
3467 which may cause further issues due to side-effects. */
3470 {
3471 /* The lockup can be real just in the innermost frame
3472 as the CPU is stopped and cannot create more frames.
3473 If we hit lockup magic PC in the other frame, it is
3474 just a sentinel at the top of stack: do not warn then. */
3478 /* Terminate any further stack unwinding. */
3481 }
3485 /* ARMv7-M Architecture Reference "A2.3.1 Arm core registers"
3486 states that LR is set to 0xffffffff on reset. ARMv8-M Architecture
3487 Reference "B3.3 Registers" states that LR is set to 0xffffffff on warm
3488 reset if Main Extension is implemented, otherwise the value is unknown. */
3490 {
3491 /* Terminate any further stack unwinding. */
3494 }
3496 /* Check FNC_RETURN indicator bits (24-31). */
3499 {
3500 /* FNC_RETURN is only valid for targets with Security Extension. */
3502 {
3504 "Register value %s that requires the security extension, "
3505 "but the extension was not found or is disabled. This "
3506 "should not happen and may be caused by corrupt data or a "
3508 }
3511 {
3514 /* Terminate any further stack unwinding. */
3517 }
3521 /* Handler mode: This is the mode that exceptions are handled in. */
3523 else
3524 /* Thread mode: This is the normal mode that programs run in. */
3529 /* Stack layout for a function call from Secure to Non-Secure state
3530 (ARMv8-M section B3.16):
3532 SP Offset
3534 +-------------------+
3535 0x08 | |
3536 +-------------------+ <-- Original SP
3537 0x04 | Partial xPSR |
3538 +-------------------+
3539 0x00 | Return Address |
3540 +===================+ <-- New SP */
3549 }
3551 /* Check EXC_RETURN indicator bits (24-31). */
3554 {
3561 /* Check EXC_RETURN bit SPSEL if Main or Thread (process) stack used. */
3565 {
3570 /* Unwinding from non-secure to secure can trip security
3571 measures. In order to avoid the debugger being
3572 intrusive, rely on the user to configure the requested
3573 mode. */
3576 {
3579 /* Terminate any further stack unwinding. */
3582 }
3585 {
3587 /* Secure thread (process) stack used, use PSP_S as SP. */
3589 else
3590 /* Non-secure thread (process) stack used, use PSP_NS as SP. */
3592 }
3593 else
3594 {
3596 /* Secure main stack used, use MSP_S as SP. */
3598 else
3599 /* Non-secure main stack used, use MSP_NS as SP. */
3601 }
3602 }
3603 else
3604 {
3606 /* Thread (process) stack used, use PSP as SP. */
3608 else
3609 /* Main stack used, use MSP as SP. */
3611 }
3613 /* Set the active SP regnum. */
3616 /* Fetch the SP to use for this frame. */
3619 /* Exception entry context stacking are described in ARMv8-M (section
3620 B3.19) and ARMv7-M (sections B1.5.6 and B1.5.7) Architecture Reference
3621 Manuals.
3623 The following figure shows the structure of the stack frame when
3624 Security and Floating-point extensions are present.
3626 SP Offsets
3627 Without With
3628 Callee Regs Callee Regs
3629 (Secure -> Non-Secure)
3630 +-------------------+
3631 0xA8 | | 0xD0
3632 +===================+ --+ <-- Original SP
3633 0xA4 | S31 | 0xCC |
3634 +-------------------+ |
3635 ... | Additional FP context
3636 +-------------------+ |
3637 0x68 | S16 | 0x90 |
3638 +===================+ --+
3639 0x64 | Reserved | 0x8C |
3640 +-------------------+ |
3641 0x60 | FPSCR | 0x88 |
3642 +-------------------+ |
3643 0x5C | S15 | 0x84 | FP context
3644 +-------------------+ |
3645 ... |
3646 +-------------------+ |
3647 0x20 | S0 | 0x48 |
3648 +===================+ --+
3649 0x1C | xPSR | 0x44 |
3650 +-------------------+ |
3651 0x18 | Return address | 0x40 |
3652 +-------------------+ |
3653 0x14 | LR(R14) | 0x3C |
3654 +-------------------+ |
3655 0x10 | R12 | 0x38 | State context
3656 +-------------------+ |
3657 0x0C | R3 | 0x34 |
3658 +-------------------+ |
3659 ... |
3660 +-------------------+ |
3661 0x00 | R0 | 0x28 |
3662 +===================+ --+
3663 | R11 | 0x24 |
3664 +-------------------+ |
3665 ... |
3666 +-------------------+ | Additional state
3667 | R4 | 0x08 | context when
3668 +-------------------+ | transitioning from
3669 | Reserved | 0x04 | Secure to Non-Secure
3670 +-------------------+ |
3671 | Magic signature | 0x00 |
3672 +===================+ --+ <-- New SP */
3676 /* With the Security extension, the hardware saves R4..R11 too. */
3679 {
3680 /* Read R4..R11 from the integer callee registers. */
3690 }
3692 /* The hardware saves eight 32-bit words, comprising xPSR,
3693 ReturnAddress, LR (R14), R12, R3, R2, R1, R0. See details in
3694 "B1.5.6 Exception entry behavior" in
3695 "ARMv7-M Architecture Reference Manual". */
3709 /* Check EXC_RETURN bit FTYPE if extended stack frame (FPU regs stored)
3710 type used. */
3713 {
3714 ULONGEST fpccr;
3715 ULONGEST fpcar;
3717 /* Read FPCCR register. */
3720 {
3725 }
3727 /* Read FPCAR register. */
3730 {
3734 }
3741 /* The LSPEN and ASPEN bits indicate if the lazy state preservation
3742 for FP registers is enabled or disabled. The LSPACT bit indicate,
3743 together with FPCAR, if the lazy state preservation feature is
3744 active for the current frame or for another frame.
3745 See "Lazy context save of FP state", in B1.5.7, also ARM AN298,
3746 supported by Cortex-M4F architecture for details. */
3750 && fpccr_lspact
3753 /* Extended stack frame type used. */
3755 {
3758 {
3761 }
3762 }
3768 {
3769 /* Handle floating-point callee saved registers. */
3771 {
3774 {
3777 }
3778 }
3782 }
3783 else
3784 {
3785 /* Offset 0x64 is reserved. */
3788 }
3789 }
3790 else
3791 {
3792 /* Standard stack frame type used. */
3795 }
3797 /* If bit 9 of the saved xPSR is set, then there is a four-byte
3798 aligner between the top of the 32-byte stack frame and the
3799 previous context's stack pointer. */
3800 ULONGEST xpsr;
3804 {
3809 }
3812 {
3815 }
3818 }
3821 "found unexpected Link Register value "
3822 "%s. This should not happen and may "
3823 "be caused by corrupt data or a bug in"
3826 }
3828 /* Implementation of the stop_reason hook for arm_m_exception frames. */
3830 static enum unwind_stop_reason
3833 {
3835 arm_gdbarch_tdep *tdep
3842 /* If we've hit a wall, stop. */
3847 }
3849 /* Implementation of function hook 'this_id' in
3850 'struct frame_uwnind'. */
3852 static void
3856 {
3863 /* Our frame ID for a stub frame is the current SP and LR. */
3864 arm_gdbarch_tdep *tdep
3868 }
3870 /* Implementation of function hook 'prev_register' in
3871 'struct frame_uwnind'. */
3877 {
3879 CORE_ADDR sp_value;
3885 /* The value was already reconstructed into PREV_SP. */
3886 arm_gdbarch_tdep *tdep
3892 /* If we are asked to unwind the PC, strip the saved T bit. */
3894 {
3897 prev_regnum);
3901 }
3903 /* The value might be one of the alternative SP, if so, use the
3904 value already constructed. */
3906 {
3909 }
3911 /* If we are asked to unwind the xPSR, set T bit if PC is in thumb mode.
3912 LR register is unreliable as it contains FNC_RETURN or EXC_RETURN
3913 pattern. */
3915 {
3919 ARM_PC_REGNUM);
3922 ARM_PS_REGNUM);
3925 /* Reconstruct the T bit; see arm_prologue_prev_register for details. */
3928 }
3931 prev_regnum);
3932 }
3934 /* Implementation of function hook 'sniffer' in
3935 'struct frame_uwnind'. */
3937 static int
3941 {
3945 /* No need to check is_m; this sniffer is only registered for
3946 M-profile architectures. */
3948 /* Check if exception frame returns to a magic PC value. */
3950 }
3952 /* Frame unwinder for M-profile exceptions (EXC_RETURN on stack),
3953 lockup and secure/nonsecure interstate function calls (FNC_RETURN). */
3957 SIGTRAMP_FRAME,
3958 FRAME_UNWIND_ARCH,
3959 arm_m_exception_frame_unwind_stop_reason,
3960 arm_m_exception_this_id,
3961 arm_m_exception_prev_register,
3962 NULL,
3963 arm_m_exception_unwind_sniffer
3964 );
3966 static CORE_ADDR
3968 {
3975 arm_gdbarch_tdep *tdep
3978 }
3982 arm_normal_frame_base,
3983 arm_normal_frame_base,
3984 arm_normal_frame_base
3985 };
3987 struct arm_dwarf2_prev_register_cache
3988 {
3989 /* Cached value of the corresponding stack pointer for the inner frame. */
3990 CORE_ADDR sp;
3991 CORE_ADDR msp;
3992 CORE_ADDR msp_s;
3993 CORE_ADDR msp_ns;
3994 CORE_ADDR psp;
3995 CORE_ADDR psp_s;
3996 CORE_ADDR psp_ns;
3997 };
4002 {
4005 CORE_ADDR lr;
4006 ULONGEST cpsr;
4007 arm_dwarf2_prev_register_cache *cache
4010 arm_dwarf2_prev_register));
4013 {
4020 {
4021 cache->sp
4024 cache->msp_s
4027 cache->msp_ns
4030 cache->psp_s
4033 cache->psp_ns
4036 }
4038 {
4039 cache->sp
4042 cache->msp
4045 cache->psp
4048 }
4049 }
4052 {
4053 /* The PC is normally copied from the return column, which
4054 describes saves of LR. However, that version may have an
4055 extra bit set to indicate Thumb state. The bit is not
4056 part of the PC. */
4058 /* Record in the frame whether the return address was signed. */
4060 {
4061 CORE_ADDR ra_auth_code
4067 }
4072 }
4074 {
4075 /* Reconstruct the T bit; see arm_prologue_prev_register for details. */
4080 }
4082 {
4083 /* Handle the alternative SP registers on Cortex-M. */
4085 CORE_ADDR val;
4088 {
4105 }
4107 {
4114 }
4117 {
4118 /* Use value of SP from previous frame. */
4122 else
4124 }
4125 else
4126 /* Use value for the register from previous frame. */
4130 }
4133 }
4135 /* Implement the stack_frame_destroyed_p gdbarch method. */
4137 static int
4139 {
4144 CORE_ADDR scan_pc;
4150 /* The epilogue is a sequence of instructions along the following lines:
4152 - add stack frame size to SP or FP
4153 - [if frame pointer used] restore SP from FP
4154 - restore registers from SP [may include PC]
4155 - a return-type instruction [if PC wasn't already restored]
4157 In a first pass, we scan forward from the current PC and verify the
4158 instructions we find as compatible with this sequence, ending in a
4159 return instruction.
4161 However, this is not sufficient to distinguish indirect function calls
4162 within a function from indirect tail calls in the epilogue in some cases.
4163 Therefore, if we didn't already find any SP-changing instruction during
4164 forward scan, we add a backward scanning heuristic to ensure we actually
4165 are in the epilogue. */
4169 {
4181 {
4184 }
4186 {
4194 {
4197 }
4200 {
4203 }
4206 ;
4207 else
4209 }
4210 else
4212 }
4217 /* Since any instruction in the epilogue sequence, with the possible
4218 exception of return itself, updates the stack pointer, we need to
4219 scan backwards for at most one instruction. Try either a 16-bit or
4220 a 32-bit instruction. This is just a heuristic, so we do not worry
4221 too much about false positives. */
4243 }
4245 static int
4247 {
4256 /* We are in the epilogue if the previous instruction was a stack
4257 adjustment and the next instruction is a possible return (bx, mov
4258 pc, or pop). We could have to scan backwards to find the stack
4259 adjustment, or forwards to find the return, but this is a decent
4260 approximation. First scan forwards. */
4265 {
4267 /* BX. */
4270 /* MOV PC. */
4274 /* POP (LDMIA), including PC or LR. */
4276 }
4281 /* Scan backwards. This is just a heuristic, so do not worry about
4282 false positives from mode changes. */
4292 }
4294 /* Implement the stack_frame_destroyed_p gdbarch method. */
4296 static int
4298 {
4301 else
4303 }
4305 /* When arguments must be pushed onto the stack, they go on in reverse
4306 order. The code below implements a FILO (stack) to do this. */
4308 struct arm_stack_item
4309 {
4313 };
4318 {
4326 }
4330 {
4336 }
4338 /* Implement the gdbarch type alignment method, overrides the generic
4339 alignment algorithm for anything that is arm specific. */
4341 static ULONGEST
4343 {
4346 {
4347 /* Use the natural alignment for vector types (the same for
4348 scalar type), but the maximum alignment is 64-bit. */
4351 else
4353 }
4355 /* Allow the common code to calculate the alignment. */
4357 }
4359 /* Possible base types for a candidate for passing and returning in
4360 VFP registers. */
4362 enum arm_vfp_cprc_base_type
4363 {
4364 VFP_CPRC_UNKNOWN,
4365 VFP_CPRC_SINGLE,
4366 VFP_CPRC_DOUBLE,
4367 VFP_CPRC_VEC64,
4368 VFP_CPRC_VEC128
4369 };
4371 /* The length of one element of base type B. */
4373 static unsigned
4375 {
4377 {
4389 }
4390 }
4392 /* The character ('s', 'd' or 'q') for the type of VFP register used
4393 for passing base type B. */
4395 static int
4397 {
4399 {
4411 }
4412 }
4414 /* Determine whether T may be part of a candidate for passing and
4415 returning in VFP registers, ignoring the limit on the total number
4416 of components. If *BASE_TYPE is VFP_CPRC_UNKNOWN, set it to the
4417 classification of the first valid component found; if it is not
4418 VFP_CPRC_UNKNOWN, all components must have the same classification
4419 as *BASE_TYPE. If it is found that T contains a type not permitted
4420 for passing and returning in VFP registers, a type differently
4421 classified from *BASE_TYPE, or two types differently classified
4422 from each other, return -1, otherwise return the total number of
4423 base-type elements found (possibly 0 in an empty structure or
4424 array). Vector types are not currently supported, matching the
4425 generic AAPCS support. */
4427 static int
4430 {
4433 {
4436 {
4453 }
4457 /* Arguments of complex T where T is one of the types float or
4458 double get treated as if they are implemented as:
4460 struct complexT
4461 {
4462 T real;
4463 T imag;
4464 };
4466 */
4468 {
4485 }
4489 {
4491 {
4492 /* A 64-bit or 128-bit containerized vector type are VFP
4493 CPRCs. */
4495 {
4506 }
4507 }
4508 else
4509 {
4514 base_type);
4518 {
4521 }
4527 }
4528 }
4532 {
4537 {
4542 base_type);
4546 }
4548 {
4551 }
4558 }
4561 {
4566 {
4568 base_type);
4572 }
4574 {
4577 }
4584 }
4588 }
4591 }
4593 /* Determine whether T is a VFP co-processor register candidate (CPRC)
4594 if passed to or returned from a non-variadic function with the VFP
4595 ABI in effect. Return 1 if it is, 0 otherwise. If it is, set
4596 *BASE_TYPE to the base type for T and *COUNT to the number of
4597 elements of that base type before returning. */
4599 static int
4602 {
4610 }
4612 /* Return 1 if the VFP ABI should be used for passing arguments to and
4613 returning values from a function of type FUNC_TYPE, 0
4614 otherwise. */
4616 static int
4618 {
4621 /* Variadic functions always use the base ABI. Assume that functions
4622 without debug info are not variadic. */
4626 /* The VFP ABI is only supported as a variant of AAPCS. */
4631 }
4633 /* We currently only support passing parameters in integer registers, which
4634 conforms with GCC's default model, and VFP argument passing following
4635 the VFP variant of AAPCS. Several other variants exist and
4636 we should probably support some of them based on the selected ABI. */
4638 static CORE_ADDR
4642 function_call_return_method return_method,
4643 CORE_ADDR struct_addr)
4644 {
4655 /* Determine the type of this function and whether the VFP ABI
4656 applies. */
4662 /* Set the return address. For the ARM, the return breakpoint is
4663 always at BP_ADDR. */
4668 /* Walk through the list of args and determine how large a temporary
4669 stack is required. Need to take care here as structs may be
4670 passed on the stack, and we have to push them. */
4676 /* The struct_return pointer occupies the first parameter
4677 passing register. */
4679 {
4685 argreg++;
4686 }
4689 {
4707 /* Round alignment up to a whole number of words. */
4710 /* Different ABIs have different maximum alignments. */
4712 {
4713 /* The APCS ABI only requires word alignment. */
4715 }
4716 else
4717 {
4718 /* The AAPCS requires at most doubleword alignment. */
4721 }
4726 {
4732 /* Because this is a CPRC it cannot go in a core register or
4733 cause a core register to be skipped for alignment.
4734 Either it goes in VFP registers and the rest of this loop
4735 iteration is skipped for this argument, or it goes on the
4736 stack (and the stack alignment code is correct for this
4737 case). */
4748 {
4757 {
4763 else
4764 {
4770 }
4771 }
4773 }
4774 else
4775 {
4776 /* This CPRC could not go in VFP registers, so all VFP
4777 registers are now marked as used. */
4779 }
4780 }
4782 /* Push stack padding for doubleword alignment. */
4784 {
4787 }
4789 /* Doubleword aligned quantities must go in even register pairs. */
4794 argreg++;
4796 /* If the argument is a pointer to a function, and it is a
4797 Thumb function, create a LOCAL copy of the value and set
4798 the THUMB bit in it. */
4802 {
4805 {
4810 }
4811 }
4813 /* Copy the argument to general registers or the stack in
4814 register-sized pieces. Large arguments are split between
4815 registers and stack. */
4817 {
4820 CORE_ADDR regval
4824 {
4825 /* The argument is being passed in a general purpose
4826 register. */
4832 argreg++;
4833 }
4834 else
4835 {
4841 /* Push the arguments onto the stack. */
4845 }
4849 }
4850 }
4851 /* If we have an odd number of words to push, then decrement the stack
4852 by one word now, so first stack argument will be dword aligned. */
4857 {
4861 }
4863 /* Finally, update the SP register. */
4867 }
4870 /* Always align the frame to an 8-byte boundary. This is required on
4871 some platforms and harmless on the rest. */
4873 static CORE_ADDR
4875 {
4876 /* Align the stack to eight bytes. */
4878 }
4880 static void
4882 {
4894 }
4896 /* Print interesting information about the floating point processor
4897 (if present) or emulator. */
4898 static void
4901 {
4908 else
4910 /* i18n: [floating point unit] mask */
4913 /* i18n: [floating point unit] flags */
4916 }
4918 /* Construct the ARM extended floating point type. */
4921 {
4925 {
4927 tdep->arm_ext_type
4929 floatformats_arm_ext);
4930 }
4933 }
4937 {
4941 {
4945 TYPE_CODE_UNION);
4962 }
4965 }
4967 /* FIXME: The vector types are not correctly ordered on big-endian
4968 targets. Just as s0 is the low bits of d0, d0[0] is also the low
4969 bits of d0 - regardless of what unit size is being held in d0. So
4970 the offset of the first uint8 in d0 is 7, but the offset of the
4971 first float is 4. This code works as-is for little-endian
4972 targets. */
4976 {
4980 {
4984 TYPE_CODE_UNION);
5001 }
5004 }
5006 /* Return true if REGNUM is a Q pseudo register. Return false
5007 otherwise.
5009 REGNUM is the raw register number and not a pseudo-relative register
5010 number. */
5012 static bool
5014 {
5017 /* Q pseudo registers are available for both NEON (Q0~Q15) and
5018 MVE (Q0~Q7) features. */
5025 }
5027 /* Return true if REGNUM is a VFP S pseudo register. Return false
5028 otherwise.
5030 REGNUM is the raw register number and not a pseudo-relative register
5031 number. */
5033 static bool
5035 {
5044 }
5046 /* Return true if REGNUM is a MVE pseudo register (P0). Return false
5047 otherwise.
5049 REGNUM is the raw register number and not a pseudo-relative register
5050 number. */
5052 static bool
5054 {
5063 }
5065 /* Return true if REGNUM is a PACBTI pseudo register (ra_auth_code). Return
5066 false otherwise.
5068 REGNUM is the raw register number and not a pseudo-relative register
5069 number. */
5071 static bool
5073 {
5082 }
5084 /* Return the GDB type object for the "standard" data type of data in
5085 register N. */
5089 {
5104 /* If the target description has register information, we are only
5105 in this function so that we can override the types of
5106 double-precision registers for NEON. */
5108 {
5115 else
5117 }
5120 {
5125 }
5131 /* These registers are only supported on targets which supply
5132 an XML description. */
5134 else
5136 }
5138 /* Map a DWARF register REGNUM onto the appropriate GDB register
5139 number. */
5141 static int
5143 {
5144 /* Core integer regs. */
5148 /* Legacy FPA encoding. These were once used in a way which
5149 overlapped with VFP register numbering, so their use is
5150 discouraged, but GDB doesn't support the ARM toolchain
5151 which used them for VFP. */
5155 /* New assignments for the FPA registers. */
5159 /* WMMX register assignments. */
5166 /* PACBTI register containing the Pointer Authentication Code. */
5168 {
5175 }
5180 /* VFP v2 registers. A double precision value is actually
5181 in d1 rather than s2, but the ABI only defines numbering
5182 for the single precision registers. This will "just work"
5183 in GDB for little endian targets (we'll read eight bytes,
5184 starting in s0 and then progressing to s1), but will be
5185 reversed on big endian targets with VFP. This won't
5186 be a problem for the new Neon quad registers; you're supposed
5187 to use DW_OP_piece for those. */
5189 {
5195 }
5197 /* VFP v3 / Neon registers. This range is also used for VFP v2
5198 registers, except that it now describes d0 instead of s0. */
5200 {
5206 }
5209 }
5211 /* Map GDB internal REGNUM onto the Arm simulator register numbers. */
5212 static int
5214 {
5240 }
5244 static void
5248 {
5252 {
5253 /* Initialize RA_AUTH_CODE to zero. */
5258 }
5261 {
5264 }
5268 {
5269 /* Handle the alternative SP registers on Cortex-M. */
5272 }
5273 }
5275 /* Given BUF, which is OLD_LEN bytes ending at ENDADDR, expand
5276 the buffer to be NEW_LEN bytes ending at ENDADDR. Return
5277 NULL if an error occurs. BUF is freed. */
5282 {
5290 {
5293 }
5295 }
5297 /* An IT block is at most the 2-byte IT instruction followed by
5298 four 4-byte instructions. The furthest back we must search to
5299 find an IT block that affects the current instruction is thus
5300 2 + 3 * 4 == 14 bytes. */
5301 #define MAX_IT_BLOCK_PREFIX 14
5303 /* Use a quick scan if there are more than this many bytes of
5304 code. */
5305 #define IT_SCAN_THRESHOLD 32
5307 /* Adjust a breakpoint's address to move breakpoints out of IT blocks.
5308 A breakpoint in an IT block may not be hit, depending on the
5309 condition flags. */
5310 static CORE_ADDR
5312 {
5321 /* If we are using BKPT breakpoints, none of this is necessary. */
5325 /* ARM mode does not have this problem. */
5329 /* We are setting a breakpoint in Thumb code that could potentially
5330 contain an IT block. The first step is to find how much Thumb
5331 code there is; we do not need to read outside of known Thumb
5332 sequences. */
5335 /* Thumb-2 code must have mapping symbols to have a chance. */
5341 {
5345 }
5347 /* Search for a candidate IT instruction. We have to do some fancy
5348 footwork to distinguish a real IT instruction from the second
5349 half of a 32-bit instruction, but there is no need for that if
5350 there's no candidate. */
5353 /* No room for an IT instruction. */
5361 {
5364 {
5367 }
5368 }
5371 {
5374 }
5376 /* OK, the code bytes before this instruction contain at least one
5377 halfword which resembles an IT instruction. We know that it's
5378 Thumb code, but there are still two possibilities. Either the
5379 halfword really is an IT instruction, or it is the second half of
5380 a 32-bit Thumb instruction. The only way we can tell is to
5381 scan forwards from a known instruction boundary. */
5383 {
5386 /* There's a lot of code before this instruction. Start with an
5387 optimistic search; it's easy to recognize halfwords that can
5388 not be the start of a 32-bit instruction, and use that to
5389 lock on to the instruction boundaries. */
5397 {
5400 {
5403 }
5404 }
5406 /* At this point, if DEFINITE, BUF[I] is the first place we
5407 are sure that we know the instruction boundaries, and it is far
5408 enough from BPADDR that we could not miss an IT instruction
5409 affecting BPADDR. If ! DEFINITE, give up - start from a
5410 known boundary. */
5412 {
5419 }
5420 }
5421 else
5422 {
5428 }
5430 /* Scan forwards. Find the last IT instruction before BPADDR. */
5434 {
5436 last_it_count--;
5438 {
5446 else
5448 }
5450 }
5455 /* There wasn't really an IT instruction after all. */
5459 /* It was too far away. */
5462 /* This really is a trouble spot. Move the breakpoint to the IT
5463 instruction. */
5465 }
5467 /* ARM displaced stepping support.
5469 Generally ARM displaced stepping works as follows:
5471 1. When an instruction is to be single-stepped, it is first decoded by
5472 arm_process_displaced_insn. Depending on the type of instruction, it is
5473 then copied to a scratch location, possibly in a modified form. The
5474 copy_* set of functions performs such modification, as necessary. A
5475 breakpoint is placed after the modified instruction in the scratch space
5476 to return control to GDB. Note in particular that instructions which
5477 modify the PC will no longer do so after modification.
5479 2. The instruction is single-stepped, by setting the PC to the scratch
5480 location address, and resuming. Control returns to GDB when the
5481 breakpoint is hit.
5483 3. A cleanup function (cleanup_*) is called corresponding to the copy_*
5484 function used for the current instruction. This function's job is to
5485 put the CPU/memory state back to what it would have been if the
5486 instruction had been executed unmodified in its original location. */
5488 /* NOP instruction (mov r0, r0). */
5489 #define ARM_NOP 0xe1a00000
5490 #define THUMB_NOP 0x4600
5492 /* Helper for register reads for displaced stepping. In particular, this
5493 returns the PC as it would be seen by the instruction at its original
5494 location. */
5496 ULONGEST
5499 {
5500 ULONGEST ret;
5504 {
5505 /* Compute pipeline offset:
5506 - When executing an ARM instruction, PC reads as the address of the
5507 current instruction plus 8.
5508 - When executing a Thumb instruction, PC reads as the address of the
5509 current instruction plus 4. */
5513 else
5519 }
5520 else
5521 {
5528 }
5529 }
5531 static int
5533 {
5534 ULONGEST ps;
5540 }
5542 /* Write to the PC as from a branch instruction. */
5544 static void
5546 ULONGEST val)
5547 {
5549 /* Note: If bits 0/1 are set, this branch would be unpredictable for
5550 architecture versions < 6. */
5553 else
5556 }
5558 /* Write to the PC as from a branch-exchange instruction. */
5560 static void
5562 {
5563 ULONGEST ps;
5569 {
5572 }
5574 {
5577 }
5578 else
5579 {
5580 /* Unpredictable behavior. Try to do something sensible (switch to ARM
5581 mode, align dest to 4 bytes). */
5585 }
5586 }
5588 /* Write to the PC as if from a load instruction. */
5590 static void
5592 ULONGEST val)
5593 {
5596 else
5598 }
5600 /* Write to the PC as if from an ALU instruction. */
5602 static void
5604 ULONGEST val)
5605 {
5608 else
5610 }
5612 /* Helper for writing to registers for displaced stepping. Writing to the PC
5613 has a varying effects depending on the instruction which does the write:
5614 this is controlled by the WRITE_PC argument. */
5616 void
5619 {
5621 {
5625 {
5649 }
5652 }
5653 else
5654 {
5658 }
5659 }
5661 /* This function is used to concisely determine if an instruction INSN
5662 references PC. Register fields of interest in INSN should have the
5663 corresponding fields of BITMASK set to 0b1111. The function
5664 returns return 1 if any of these fields in INSN reference the PC
5665 (also 0b1111, r15), else it returns 0. */
5667 static int
5669 {
5673 {
5677 ;
5688 }
5691 }
5693 /* The simplest copy function. Many instructions have the same effect no
5694 matter what address they are executed at: in those cases, use this. */
5696 static int
5699 {
5706 }
5708 static int
5712 {
5721 }
5723 /* Copy 16-bit Thumb(Thumb and 16-bit Thumb-2) instruction without any
5724 modification. */
5725 static int
5729 {
5736 }
5738 /* Preload instructions with immediate offset. */
5740 static void
5743 {
5747 }
5749 static void
5752 {
5753 ULONGEST rn_val;
5754 /* Preload instructions:
5756 {pli/pld} [rn, #+/-imm]
5757 ->
5758 {pli/pld} [r0, #+/-imm]. */
5766 }
5768 static int
5771 {
5784 }
5786 static int
5789 {
5793 ULONGEST pc_val;
5798 /* PC is only allowed to use in PLI (immediate,literal) Encoding T3, and
5799 PLD (literal) Encoding T1. */
5802 imm12);
5807 /* Rewrite instruction {pli/pld} PC imm12 into:
5808 Prepare: tmp[0] <- r0, tmp[1] <- r1, r0 <- pc, r1 <- imm12
5810 {pli/pld} [r0, r1]
5812 Cleanup: r0 <- tmp[0], r1 <- tmp[1]. */
5823 /* {pli/pld} [r0, r1] */
5830 }
5832 /* Preload instructions with register offset. */
5834 static void
5838 {
5841 /* Preload register-offset instructions:
5843 {pli/pld} [rn, rm {, shift}]
5844 ->
5845 {pli/pld} [r0, r1 {, shift}]. */
5856 }
5858 static int
5862 {
5877 }
5879 /* Copy/cleanup coprocessor load and store instructions. */
5881 static void
5885 {
5892 }
5894 static void
5898 {
5899 ULONGEST rn_val;
5901 /* Coprocessor load/store instructions:
5903 {stc/stc2} [<Rn>, #+/-imm] (and other immediate addressing modes)
5904 ->
5905 {stc/stc2} [r0, #+/-imm].
5907 ldc/ldc2 are handled identically. */
5911 /* PC should be 4-byte aligned. */
5919 }
5921 static int
5925 {
5939 }
5941 static int
5945 {
5959 /* This function is called for copying instruction LDC/LDC2/VLDR, which
5960 doesn't support writeback, so pass 0. */
5964 }
5966 /* Clean up branch instructions (actually perform the branch, by setting
5967 PC). */
5969 static void
5972 {
5982 {
5983 /* The value of LR should be the next insn of current one. In order
5984 not to confuse logic handling later insn `bx lr', if current insn mode
5985 is Thumb, the bit 0 of LR value should be set to 1. */
5992 CANNOT_WRITE_PC);
5993 }
5996 }
5998 /* Copy B/BL/BLX instructions with immediate destinations. */
6000 static void
6004 {
6005 /* Implement "BL<cond> <label>" as:
6007 Preparation: cond <- instruction condition
6008 Insn: mov r0, r0 (nop)
6009 Cleanup: if (condition true) { r14 <- pc; pc <- label }.
6011 B<cond> similar, but don't set r14 in cleanup. */
6019 /* For BLX, offset is computed from the Align (PC, 4). */
6024 else
6028 }
6029 static int
6032 {
6042 /* For BLX, set bit 0 of the destination. The cleanup_branch function will
6043 then arrange the switch into Thumb mode. */
6045 else
6055 }
6057 static int
6061 {
6073 {
6076 {
6082 }
6084 {
6090 }
6091 }
6092 else
6093 {
6098 }
6108 }
6110 /* Copy B Thumb instructions. */
6111 static int
6114 {
6121 {
6122 /* offset = SignExtend (imm8:0, 32) */
6125 }
6127 {
6130 }
6145 }
6147 /* Copy BX/BLX with register-specified destinations. */
6149 static void
6153 {
6154 /* Implement {BX,BLX}<cond> <reg>" as:
6156 Preparation: cond <- instruction condition
6157 Insn: mov r0, r0 (nop)
6158 Cleanup: if (condition true) { r14 <- pc; pc <- dest; }.
6160 Don't set r14 in cleanup for BX. */
6170 }
6172 static int
6175 {
6177 /* BX: x12xxx1x
6178 BLX: x12xxx3x. */
6188 }
6190 static int
6194 {
6205 }
6208 /* Copy/cleanup arithmetic/logic instruction with immediate RHS. */
6210 static void
6213 {
6218 }
6220 static int
6223 {
6237 /* Instruction is of form:
6239 <op><cond> rd, [rn,] #imm
6241 Rewrite as:
6243 Preparation: tmp1, tmp2 <- r0, r1;
6244 r0, r1 <- rd, rn
6245 Insn: <op><cond> r0, r1, #imm
6246 Cleanup: rd <- r0; r0 <- tmp1; r1 <- tmp2
6247 */
6259 else
6265 }
6267 static int
6271 {
6280 /* This routine is only called for instruction MOV. */
6288 /* Instruction is of form:
6290 <op><cond> rd, [rn,] #imm
6292 Rewrite as:
6294 Preparation: tmp1, tmp2 <- r0, r1;
6295 r0, r1 <- rd, rn
6296 Insn: <op><cond> r0, r1, #imm
6297 Cleanup: rd <- r0; r0 <- tmp1; r1 <- tmp2
6298 */
6315 }
6317 /* Copy/cleanup arithmetic/logic insns with register RHS. */
6319 static void
6322 {
6323 ULONGEST rd_val;
6332 }
6334 static void
6338 {
6341 /* Instruction is of form:
6343 <op><cond> rd, [rn,] rm [, <shift>]
6345 Rewrite as:
6347 Preparation: tmp1, tmp2, tmp3 <- r0, r1, r2;
6348 r0, r1, r2 <- rd, rn, rm
6349 Insn: <op><cond> r0, [r1,] r2 [, <shift>]
6350 Cleanup: rd <- r0; r0, r1, r2 <- tmp1, tmp2, tmp3
6351 */
6365 }
6367 static int
6370 {
6382 else
6388 }
6390 static int
6394 {
6410 }
6412 /* Cleanup/copy arithmetic/logic insns with shifted register RHS. */
6414 static void
6418 {
6426 }
6428 static void
6433 {
6437 /* Instruction is of form:
6439 <op><cond> rd, [rn,] rm, <shift> rs
6441 Rewrite as:
6443 Preparation: tmp1, tmp2, tmp3, tmp4 <- r0, r1, r2, r3
6444 r0, r1, r2, r3 <- rd, rn, rm, rs
6445 Insn: <op><cond> r0, r1, r2, <shift> r3
6446 Cleanup: tmp5 <- r0
6447 r0, r1, r2, r3 <- tmp1, tmp2, tmp3, tmp4
6448 rd <- tmp5
6449 */
6464 }
6466 static int
6470 {
6489 else
6495 }
6497 /* Clean up load instructions. */
6499 static void
6502 {
6517 /* Handle register writeback. */
6520 /* Put result in right place. */
6524 }
6526 /* Clean up store instructions. */
6528 static void
6531 {
6543 /* Writeback. */
6546 }
6548 /* Copy "extra" load/store instructions. These are halfword/doubleword
6549 transfers, which have a different encoding to byte/word transfers. */
6551 static int
6554 {
6606 /* {ldr,str}<width><cond> rt, [rt2,] [rn, #imm]
6607 ->
6608 {ldr,str}<width><cond> r0, [r1,] [r2, #imm]. */
6610 else
6611 /* {ldr,str}<width><cond> rt, [rt2,] [rn, +/-rm]
6612 ->
6613 {ldr,str}<width><cond> r0, [r1,] [r2, +/-r3]. */
6619 }
6621 /* Copy byte/half word/word loads and stores. */
6623 static void
6628 {
6653 /* To write PC we can do:
6655 Before this sequence of instructions:
6656 r0 is the PC value got from displaced_read_reg, so r0 = from + 8;
6657 r2 is the Rn value got from displaced_read_reg.
6659 Insn1: push {pc} Write address of STR instruction + offset on stack
6660 Insn2: pop {r4} Read it back from stack, r4 = addr(Insn1) + offset
6661 Insn3: sub r4, r4, pc r4 = addr(Insn1) + offset - pc
6662 = addr(Insn1) + offset - addr(Insn3) - 8
6663 = offset - 16
6664 Insn4: add r4, r4, #8 r4 = offset - 8
6665 Insn5: add r0, r0, r4 r0 = from + 8 + offset - 8
6666 = from + offset
6667 Insn6: str r0, [r2, #imm] (or str r0, [r2, r3])
6669 Otherwise we don't know what value to write for PC, since the offset is
6670 architecture-dependent (sometimes PC+8, sometimes PC+12). More details
6671 of this can be found in Section "Saving from r15" in
6672 https://developer.arm.com/documentation/dui0204/g/ */
6675 }
6678 static int
6682 {
6686 ULONGEST pc_val;
6690 imm12);
6695 /* Rewrite instruction LDR Rt imm12 into:
6697 Prepare: tmp[0] <- r0, tmp[1] <- r2, tmp[2] <- r3, r2 <- pc, r3 <- imm12
6699 LDR R0, R2, R3,
6701 Cleanup: rt <- r0, r0 <- tmp[0], r2 <- tmp[1], r3 <- tmp[2]. */
6722 /* LDR R0, R2, R3 */
6730 }
6732 static int
6737 {
6741 /* In LDR (register), there is also a register Rm, which is not allowed to
6742 be PC, so we don't have to check it. */
6746 dsc);
6757 /* ldr[b]<cond> rt, [rn, #imm], etc.
6758 ->
6759 ldr[b]<cond> r0, [r2, #imm]. */
6760 {
6763 }
6764 else
6765 /* ldr[b]<cond> rt, [rn, rm], etc.
6766 ->
6767 ldr[b]<cond> r0, [r2, r3]. */
6768 {
6771 }
6776 }
6779 static int
6784 {
6805 {
6809 /* {ldr,str}[b]<cond> rt, [rn, #imm], etc.
6810 ->
6811 {ldr,str}[b]<cond> r0, [r2, #imm]. */
6813 else
6814 /* {ldr,str}[b]<cond> rt, [rn, rm], etc.
6815 ->
6816 {ldr,str}[b]<cond> r0, [r2, r3]. */
6818 }
6819 else
6820 {
6821 /* We need to use r4 as scratch. Make sure it's restored afterwards. */
6829 /* As above. */
6832 else
6836 }
6841 }
6843 /* Cleanup LDM instructions with fully-populated register list. This is an
6844 unfortunate corner case: it's impossible to implement correctly by modifying
6845 the instruction. The issue is as follows: we have an instruction,
6847 ldm rN, {r0-r15}
6849 which we must rewrite to avoid loading PC. A possible solution would be to
6850 do the load in two halves, something like (with suitable cleanup
6851 afterwards):
6853 mov r8, rN
6854 ldm[id][ab] r8!, {r0-r7}
6855 str r7, <temp>
6856 ldm[id][ab] r8, {r7-r14}
6857 <bkpt>
6859 but at present there's no suitable place for <temp>, since the scratch space
6860 is overwritten before the cleanup routine is called. For now, we simply
6861 emulate the instruction. */
6863 static void
6866 {
6882 /* If the instruction is ldm rN, {...pc}^, I don't think there's anything
6883 sensible we can do here. Complain loudly. */
6887 /* We don't handle any stores here for now. */
6896 {
6901 regno++;
6902 else
6904 regno--;
6914 }
6918 CANNOT_WRITE_PC);
6919 }
6921 /* Clean up an STM which included the PC in the register list. */
6923 static void
6926 {
6929 CORE_ADDR pc_stored_at, transferred_regs
6931 CORE_ADDR stm_insn_addr;
6936 /* If condition code fails, there's nothing else to do. */
6941 {
6946 }
6947 else
6948 {
6953 }
6960 offset);
6962 /* Rewrite the stored PC to the proper value for the non-displaced original
6963 instruction. */
6966 }
6968 /* Clean up an LDM which includes the PC in the register list. We clumped all
6969 the registers in the transferred list into a contiguous range r0...rX (to
6970 avoid loading PC directly and losing control of the debugged program), so we
6971 must undo that here. */
6973 static void
6977 {
6984 /* The method employed here will fail if the register list is fully populated
6985 (we need to avoid loading PC directly). */
6994 {
6996 {
7000 {
7005 }
7006 else
7012 num_to_shuffle--;
7013 }
7015 write_reg--;
7016 }
7018 /* Restore any registers we scribbled over. */
7020 {
7022 {
7024 CANNOT_WRITE_PC);
7026 write_reg);
7028 }
7029 }
7031 /* Perform register writeback manually. */
7033 {
7038 else
7042 CANNOT_WRITE_PC);
7043 }
7044 }
7046 /* Handle ldm/stm, apart from some tricky cases which are unlikely to occur
7047 in user-level code (in particular exception return, ldm rn, {...pc}^). */
7049 static int
7053 {
7061 /* Block transfers which don't mention PC can be run directly
7062 out-of-line. */
7067 {
7071 }
7089 {
7091 {
7092 /* LDM with a fully-populated register list. This case is
7093 particularly tricky. Implement for now by fully emulating the
7094 instruction (which might not behave perfectly in all cases, but
7095 these instructions should be rare enough for that not to matter
7096 too much). */
7100 }
7101 else
7102 {
7103 /* LDM of a list of registers which includes PC. Implement by
7104 rewriting the list of registers to be transferred into a
7105 contiguous chunk r0...rX before doing the transfer, then shuffling
7106 registers into the correct places in the cleanup routine. */
7114 /* Writeback makes things complicated. We need to avoid clobbering
7115 the base register with one of the registers in our modified
7116 register list, but just using a different register can't work in
7117 all cases, e.g.:
7119 ldm r14!, {r0-r13,pc}
7121 which would need to be rewritten as:
7123 ldm rN!, {r0-r14}
7125 but that can't work, because there's no free register for N.
7127 Solve this by turning off the writeback bit, and emulating
7128 writeback manually in the cleanup routine. */
7143 }
7144 }
7145 else
7146 {
7147 /* STM of a list of registers which includes PC. Run the instruction
7148 as-is, but out of line: this will store the wrong value for the PC,
7149 so we must manually fix up the memory in the cleanup routine.
7150 Doing things this way has the advantage that we can auto-detect
7151 the offset of the PC write (which is architecture-dependent) in
7152 the cleanup routine. */
7156 }
7159 }
7161 static int
7165 {
7170 /* Block transfers which don't mention PC can be run directly
7171 out-of-line. */
7176 {
7181 }
7186 /* Clear bit 13, since it should be always zero. */
7199 {
7201 {
7202 /* This branch is impossible to happen. */
7204 }
7205 else
7206 {
7229 }
7230 }
7231 else
7232 {
7237 }
7239 }
7241 /* Wrapper over read_memory_unsigned_integer for use in arm_get_next_pcs.
7242 This is used to avoid a dependency on BFD's bfd_endian enum. */
7244 ULONGEST
7247 {
7250 }
7252 /* Wrapper over gdbarch_addr_bits_remove for use in arm_get_next_pcs. */
7254 CORE_ADDR
7256 CORE_ADDR val)
7257 {
7258 return gdbarch_addr_bits_remove
7260 }
7262 /* Wrapper over syscall_next_pc for use in get_next_pcs. */
7264 static CORE_ADDR
7266 {
7268 }
7270 /* Wrapper over arm_is_thumb for use in arm_get_next_pcs. */
7272 int
7274 {
7276 }
7278 /* single_step() is called just before we want to resume the inferior,
7279 if we want to single-step it but there is no hardware or kernel
7280 single-step support. We find the target of the coming instructions
7281 and breakpoint them. */
7285 {
7294 regcache);
7302 }
7304 /* Cleanup/copy SVC (SWI) instructions. These two functions are overridden
7305 for Linux, where some SVC instructions must be treated specially. */
7307 static void
7310 {
7317 }
7320 /* Common copy routine for svc instruction. */
7322 static int
7325 {
7326 /* Preparation: none.
7327 Insn: unmodified svc.
7328 Cleanup: pc <- insn_addr + insn_size. */
7330 /* Pretend we wrote to the PC, so cleanup doesn't set PC to the next
7331 instruction. */
7334 /* Allow OS-specific code to override SVC handling. */
7337 else
7338 {
7341 }
7342 }
7344 static int
7347 {
7355 }
7357 static int
7360 {
7367 }
7369 /* Copy undefined instructions. */
7371 static int
7374 {
7381 }
7383 static int
7386 {
7396 }
7398 /* Copy unpredictable instructions. */
7400 static int
7403 {
7410 }
7412 /* The decode_* functions are instruction decoding helpers. They mostly follow
7413 the presentation in the ARM ARM. */
7415 static int
7419 {
7431 dsc);
7437 {
7440 else
7442 }
7447 {
7453 }
7458 {
7464 /* pld/pldw reg. */
7470 }
7471 else
7473 }
7475 static int
7479 {
7482 /* Switch on bits: 0bxxxxx321xxx0xxxxxxxxxxxxxxxxxxxx. */
7484 {
7496 {
7498 /* stc/stc2. */
7506 }
7509 {
7512 {
7514 /* ldc/ldc2 imm (undefined for rn == pc). */
7522 /* ldc/ldc2 lit (undefined for rn != pc). */
7528 }
7529 }
7536 /* ldc/ldc2 lit. */
7538 else
7544 else
7550 else
7555 }
7556 }
7558 /* Decode miscellaneous instructions in dp/misc encoding space. */
7560 static int
7564 {
7569 {
7578 else
7583 /* Not really supported. */
7585 else
7592 else
7602 /* Not really supported. */
7608 }
7609 }
7611 static int
7615 {
7618 {
7630 }
7631 else
7632 {
7648 /* 2nd arg means "unprivileged". */
7650 dsc);
7651 }
7653 /* Should be unreachable. */
7655 }
7657 static int
7661 {
7690 /* Should be unreachable. */
7692 }
7694 static int
7697 {
7699 {
7713 {
7716 else
7718 }
7719 else
7725 else
7730 {
7733 else
7735 }
7736 else
7742 else
7744 }
7746 /* Should be unreachable. */
7748 }
7750 static int
7754 {
7757 else
7759 }
7761 static int
7765 {
7769 {
7783 /* Note: no writeback for these instructions. Bit 25 will always be
7784 zero though (via caller), so the following works OK. */
7786 }
7788 /* Should be unreachable. */
7790 }
7792 /* Decode shifted register instructions. */
7794 static int
7798 {
7799 /* PC is only allowed to be used in instruction MOV. */
7806 else
7809 }
7812 /* Decode extension register load/store. Exactly the same as
7813 arm_decode_ext_reg_ld_st. */
7815 static int
7819 {
7823 {
7845 }
7847 /* Should be unreachable. */
7849 }
7851 static int
7854 {
7863 /* stc/stc2. */
7867 /* ldc/ldc2 imm/lit. */
7878 {
7881 else
7883 }
7892 else
7894 }
7896 static int
7900 {
7907 {
7911 dsc);
7914 else
7915 {
7916 /*coproc is 101x. SIMD/VFP, ext registers load/store. */
7919 dsc);
7921 {
7928 }
7929 }
7930 }
7931 else
7935 }
7937 static void
7940 {
7941 /* ADR Rd, #imm
7943 Rewrite as:
7945 Preparation: Rd <- PC
7946 Insn: ADD Rd, #imm
7947 Cleanup: Null.
7948 */
7950 /* Rd <- PC */
7953 }
7955 static int
7959 {
7961 /* Encoding T2: ADDS Rd, #imm */
7967 }
7969 static int
7973 {
7981 }
7983 static int
7987 {
7989 /* Since immediate has the same encoding in ADR ADD and SUB, so we simply
7990 extract raw immediate encoding rather than computing immediate. When
7991 generating ADD or SUB instruction, we can simply perform OR operation to
7992 set immediate into ADD. */
8000 {
8001 /* Encoding T3: SUB Rd, Rd, #imm */
8004 }
8006 {
8007 /* Encoding T3: ADD Rd, Rd, #imm */
8010 }
8016 }
8018 static int
8022 {
8027 /* LDR Rd, #imm8
8029 Rwrite as:
8031 Preparation: tmp0 <- R0, tmp2 <- R2, tmp3 <- R3, R2 <- PC, R3 <- #imm8;
8033 Insn: LDR R0, [R2, R3];
8034 Cleanup: R2 <- tmp2, R3 <- tmp3, Rd <- R0, R0 <- tmp0 */
8042 /* The assembler calculates the required value of the offset from the
8043 Align(PC,4) value of this instruction to the label. */
8061 }
8063 /* Copy Thumb cbnz/cbz instruction. */
8065 static int
8069 {
8077 /* CBNZ and CBZ do not affect the condition flags. If condition is true,
8078 set it INST_AL, so cleanup_branch will know branch is taken, otherwise,
8079 condition is false, let it be, cleanup_branch will do nothing. */
8081 {
8084 }
8085 else
8099 }
8101 /* Copy Table Branch Byte/Halfword */
8102 static int
8106 {
8116 {
8121 }
8122 else
8123 {
8128 }
8143 }
8145 static void
8148 {
8149 /* PC <- r7 */
8153 /* r7 <- r8 */
8157 /* r8 <- tmp[0] */
8160 }
8162 static int
8166 {
8169 /* Rewrite instruction: POP {rX, rY, ...,rZ, PC}
8170 to :
8172 (1) register list is full, that is, r0-r7 are used.
8173 Prepare: tmp[0] <- r8
8175 POP {r0, r1, ...., r6, r7}; remove PC from reglist
8176 MOV r8, r7; Move value of r7 to r8;
8177 POP {r7}; Store PC value into r7.
8179 Cleanup: PC <- r7, r7 <- r8, r8 <-tmp[0]
8181 (2) register list is not full, supposing there are N registers in
8182 register list (except PC, 0 <= N <= 7).
8183 Prepare: for each i, 0 - N, tmp[i] <- ri.
8185 POP {r0, r1, ...., rN};
8187 Cleanup: Set registers in original reglist from r0 - rN. Restore r0 - rN
8188 from tmp[] properly.
8189 */
8194 {
8203 }
8204 else
8205 {
8226 }
8229 }
8231 static void
8235 {
8240 /* 16-bit thumb instructions. */
8242 {
8243 /* Shift (imme), add, subtract, move and compare. */
8247 dsc);
8251 {
8255 dsc);
8258 {
8264 else
8266 dsc);
8267 }
8271 }
8283 {
8285 {
8292 else
8297 /* If-Then makes up to four following instructions conditional.
8298 IT instruction itself is not conditional, so handle it as a
8299 common unmodified instruction. */
8301 dsc);
8302 else
8307 }
8308 }
8319 else
8327 }
8331 }
8333 static int
8338 {
8344 {
8347 {
8349 /* PLD literal or Encoding T3 of PLI(immediate, literal). */
8351 else
8354 }
8355 else
8356 {
8360 else
8363 dsc);
8364 }
8371 else
8372 {
8376 else
8379 }
8382 {
8391 {
8393 /* LDR (immediate) */
8399 else
8400 /* LDR (register) */
8403 }
8405 }
8409 }
8411 }
8413 static void
8417 {
8423 {
8425 {
8427 {
8430 {
8431 /* Load/store {dual, exclusive}, table branch. */
8435 dsc);
8436 else
8437 /* PC is not allowed to use in load/store {dual, exclusive}
8438 instructions. */
8441 }
8443 {
8445 {
8453 }
8454 }
8458 /* Data-processing (shift register). */
8460 dsc);
8465 }
8467 }
8470 {
8475 else
8478 }
8479 else
8480 {
8482 {
8488 else
8491 }
8495 }
8499 {
8507 dsc);
8511 {
8524 }
8529 }
8533 }
8538 }
8540 static void
8544 {
8546 uint16_t insn1
8555 {
8556 uint16_t insn2
8559 }
8560 else
8562 }
8564 void
8568 {
8573 /* Most displaced instructions use a 1-instruction scratch space, so set this
8574 here and override below if/when necessary. */
8593 {
8613 }
8617 }
8619 /* Actually set up the scratch space for a displaced instruction. */
8621 void
8623 CORE_ADDR to,
8625 {
8633 /* Poke modified instruction(s). */
8635 {
8645 byte_order_for_code,
8648 }
8650 /* Choose the correct breakpoint instruction. */
8652 {
8655 }
8656 else
8657 {
8660 }
8662 /* Put breakpoint afterwards. */
8667 }
8669 /* Entry point for cleaning things up after a displaced instruction has been
8670 single-stepped. */
8672 void
8677 {
8678 /* The following block exists as a temporary measure while displaced
8679 stepping is fixed architecture at a time within GDB.
8681 In an earlier implementation of displaced stepping, if GDB thought the
8682 displaced instruction had not been executed then this fix up function
8683 was never called. As a consequence, things that should be fixed by
8684 this function were left in an unfixed state.
8686 However, it's not as simple as always calling this function; this
8687 function needs to be updated to decide what should be fixed up based
8688 on whether the displaced step executed or not, which requires each
8689 architecture to be considered individually.
8691 Until this architecture is updated, this block replicates the old
8692 behaviour; we just restore the program counter register, and leave
8693 everything else unfixed. */
8695 {
8700 }
8702 arm_displaced_step_copy_insn_closure *dsc
8712 }
8717 static int
8719 {
8720 gdb_disassemble_info *di
8725 {
8733 {
8734 /* Create a fake symbol vector containing a Thumb symbol.
8735 This is solely so that the code in print_insn_little_arm()
8736 and print_insn_big_arm() in opcodes/arm-dis.c will detect
8737 the presence of a Thumb symbol and switch to decoding
8738 Thumb instructions. */
8747 }
8751 }
8752 else
8755 /* GDB is able to get bfd_mach from the exe_bfd, info->mach is
8756 accurate, so mark USER_SPECIFIED_MACHINE_TYPE bit. Otherwise,
8757 opcodes/arm-dis.c:print_insn reset info->mach, and it will trigger
8758 the assert on the mismatch of info->mach and
8759 bfd_get_mach (current_program_space->exec_bfd ()) in
8760 default_print_insn. */
8767 }
8769 /* The following define instruction sequences that will cause ARM
8770 cpu's to take an undefined instruction trap. These are used to
8771 signal a breakpoint to GDB.
8773 The newer ARMv4T cpu's are capable of operating in ARM or Thumb
8774 modes. A different instruction is required for each mode. The ARM
8775 cpu's can also be big or little endian. Thus four different
8776 instructions are needed to support all cases.
8778 Note: ARMv4 defines several new instructions that will take the
8779 undefined instruction trap. ARM7TDMI is nominally ARMv4T, but does
8780 not in fact add the new instructions. The new undefined
8781 instructions in ARMv4 are all instructions that had no defined
8782 behavior in earlier chips. There is no guarantee that they will
8783 raise an exception, but may be treated as NOP's. In practice, it
8784 may only safe to rely on instructions matching:
8786 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
8787 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
8788 C C C C 0 1 1 x x x x x x x x x x x x x x x x x x x x 1 x x x x
8790 Even this may only true if the condition predicate is true. The
8791 following use a condition predicate of ALWAYS so it is always TRUE.
8793 There are other ways of forcing a breakpoint. GNU/Linux, RISC iX,
8794 and NetBSD all use a software interrupt rather than an undefined
8795 instruction to force a trap. This can be handled by by the
8796 abi-specific code during establishment of the gdbarch vector. */
8798 #define ARM_LE_BREAKPOINT {0xFE,0xDE,0xFF,0xE7}
8799 #define ARM_BE_BREAKPOINT {0xE7,0xFF,0xDE,0xFE}
8800 #define THUMB_LE_BREAKPOINT {0xbe,0xbe}
8801 #define THUMB_BE_BREAKPOINT {0xbe,0xbe}
8808 /* Implement the breakpoint_kind_from_pc gdbarch method. */
8810 static int
8812 {
8817 {
8820 /* If we have a separate 32-bit breakpoint instruction for Thumb-2,
8821 check whether we are replacing a 32-bit instruction. */
8823 {
8827 {
8833 }
8834 }
8837 }
8838 else
8841 }
8843 /* Implement the sw_breakpoint_from_kind gdbarch method. */
8847 {
8851 {
8863 }
8864 }
8866 /* Implement the breakpoint_kind_from_current_state gdbarch method. */
8868 static int
8872 {
8875 /* Check the memory pointed by PC is readable. */
8877 {
8885 regcache);
8889 /* If MEMADDR is the next instruction of current pc, do the
8890 software single step computation, and get the thumb mode by
8891 the destination address. */
8893 {
8895 {
8897 {
8900 }
8901 else
8903 }
8904 }
8905 }
8908 }
8910 /* Extract from an array REGBUF containing the (raw) register state a
8911 function return value of type TYPE, and copy that, in virtual
8912 format, into VALBUF. */
8914 static void
8917 {
8926 {
8928 {
8930 {
8931 /* The value is in register F0 in internal format. We need to
8932 extract the raw value and then convert it to the desired
8933 internal type. */
8939 }
8944 /* ARM_FLOAT_VFP can arise if this is a variadic function so
8945 not using the VFP ABI code. */
8957 }
8958 }
8966 {
8967 /* If the type is a plain integer, then the access is
8968 straight-forward. Otherwise we have to play around a bit
8969 more. */
8972 ULONGEST tmp;
8975 {
8976 /* By using store_unsigned_integer we avoid having to do
8977 anything special for small big-endian values. */
8985 }
8986 }
8987 else
8988 {
8989 /* For a structure or union the behavior is as if the value had
8990 been stored to word-aligned memory and then loaded into
8991 registers with 32-bit load instruction(s). */
8997 {
9003 }
9004 }
9005 }
9008 /* Will a function return an aggregate type in memory or in a
9009 register? Return 0 if an aggregate type can be returned in a
9010 register, 1 if it must be returned in memory. */
9012 static int
9014 {
9019 /* Simple, non-aggregate types (ie not including vectors and
9020 complex) are always returned in a register (or registers). */
9030 {
9031 /* Vector values should be returned using ARM registers if they
9032 are not over 16 bytes. */
9034 }
9038 {
9039 /* The AAPCS says all aggregates not larger than a word are returned
9040 in a register. */
9046 }
9047 else
9048 {
9051 /* All aggregate types that won't fit in a register must be returned
9052 in memory. */
9057 /* In the ARM ABI, "integer" like aggregate types are returned in
9058 registers. For an aggregate type to be integer like, its size
9059 must be less than or equal to ARM_INT_REGISTER_SIZE and the
9060 offset of each addressable subfield must be zero. Note that bit
9061 fields are not addressable, and all addressable subfields of
9062 unions always start at offset zero.
9064 This function is based on the behavior of GCC 2.95.1.
9065 See: gcc/arm.c: arm_return_in_memory() for details.
9067 Note: All versions of GCC before GCC 2.95.2 do not set up the
9068 parameters correctly for a function returning the following
9069 structure: struct { float f;}; This should be returned in memory,
9070 not a register. Richard Earnshaw sent me a patch, but I do not
9071 know of any way to detect if a function like the above has been
9072 compiled with the correct calling convention. */
9074 /* Assume all other aggregate types can be returned in a register.
9075 Run a check for structures, unions and arrays. */
9079 {
9081 /* Need to check if this struct/union is "integer" like. For
9082 this to be true, its size must be less than or equal to
9083 ARM_INT_REGISTER_SIZE and the offset of each addressable
9084 subfield must be zero. Note that bit fields are not
9085 addressable, and unions always start at offset zero. If any
9086 of the subfields is a floating point type, the struct/union
9087 cannot be an integer type. */
9089 /* For each field in the object, check:
9090 1) Is it FP? --> yes, nRc = 1;
9091 2) Is it addressable (bitpos != 0) and
9092 not packed (bitsize == 0)?
9093 --> yes, nRc = 1
9094 */
9097 {
9100 field_type_code
9103 /* Is it a floating point type field? */
9105 {
9108 }
9110 /* If bitpos != 0, then we have to care about it. */
9112 {
9113 /* Bitfields are not addressable. If the field bitsize is
9114 zero, then the field is not packed. Hence it cannot be
9115 a bitfield or any other packed type. */
9117 {
9120 }
9121 }
9122 }
9123 }
9126 }
9127 }
9129 /* Write into appropriate registers a function return value of type
9130 TYPE, given in virtual format. */
9132 static void
9135 {
9143 {
9148 {
9157 /* ARM_FLOAT_VFP can arise if this is a variadic function so
9158 not using the VFP ABI code. */
9170 }
9171 }
9179 {
9181 {
9182 /* Values of one word or less are zero/sign-extended and
9183 returned in r0. */
9187 {
9188 gdb_mpz unscaled;
9193 }
9194 else
9195 {
9198 }
9200 }
9201 else
9202 {
9203 /* Integral values greater than one word are stored in consecutive
9204 registers starting with r0. This will always be a multiple of
9205 the regiser size. */
9210 {
9214 }
9215 }
9216 }
9217 else
9218 {
9219 /* For a structure or union the behavior is as if the value had
9220 been stored to word-aligned memory and then loaded into
9221 registers with 32-bit load instruction(s). */
9227 {
9233 }
9234 }
9235 }
9238 /* Handle function return values. */
9240 static enum return_value_convention
9244 {
9252 {
9259 {
9262 }
9265 {
9267 {
9275 }
9276 else
9277 {
9288 }
9289 }
9291 }
9296 {
9297 /* From the AAPCS document:
9299 Result return:
9301 A Composite Type larger than 4 bytes, or whose size cannot be
9302 determined statically by both caller and callee, is stored in memory
9303 at an address passed as an extra argument when the function was
9304 called (Parameter Passing, rule A.4). The memory to be used for the
9305 result may be modified at any point during the function call.
9307 Parameter Passing:
9309 A.4: If the subroutine is a function that returns a result in memory,
9310 then the address for the result is placed in r0 and the NCRN is set
9311 to r1. */
9314 {
9316 {
9317 CORE_ADDR addr;
9321 }
9323 }
9324 }
9326 {
9329 }
9335 {
9339 }
9342 }
9345 static int
9347 {
9351 CORE_ADDR jb_addr;
9357 ARM_INT_REGISTER_SIZE))
9362 }
9363 /* A call to cmse secure entry function "foo" at "a" is modified by
9364 GNU ld as "b".
9365 a) bl xxxx <foo>
9367 <foo>
9368 xxxx:
9370 b) bl yyyy <__acle_se_foo>
9372 section .gnu.sgstubs:
9373 <foo>
9374 yyyy: sg // secure gateway
9375 b.w xxxx <__acle_se_foo> // original_branch_dest
9377 <__acle_se_foo>
9378 xxxx:
9380 When the control at "b", the pc contains "yyyy" (sg address) which is a
9381 trampoline and does not exist in source code. This function returns the
9382 target pc "xxxx". For more details please refer to section 5.4
9383 (Entry functions) and section 3.4.4 (C level development flow of secure code)
9384 of "armv8-m-security-extensions-requirements-on-development-tools-engineering-specification"
9385 document on www.developer.arm.com. */
9387 static CORE_ADDR
9389 {
9394 bound_minimal_symbol minsym
9400 }
9402 /* Return true when SEC points to ".gnu.sgstubs" section. */
9404 static bool
9406 {
9411 }
9413 /* Recognize GCC and GNU ld's trampolines. If we are in a trampoline,
9414 return the target PC. Otherwise return 0. */
9416 CORE_ADDR
9418 {
9421 CORE_ADDR start_addr;
9423 /* Find the starting address and name of the function containing the PC. */
9425 {
9426 /* Trampoline 'bx reg' doesn't belong to any functions. Do the
9427 check here. */
9433 }
9435 /* If PC is in a Thumb call or return stub, return the address of the
9436 target PC, which is in a register. The thunk functions are called
9437 _call_via_xx, where x is the register name. The possible names
9438 are r0-r9, sl, fp, ip, sp, and lr. ARM RealView has similar
9439 functions, named __ARM_call_via_r[0-7]. */
9442 {
9443 /* Use the name suffix to determine which register contains the
9444 target PC. */
9448 };
9455 }
9457 /* GNU ld generates __foo_from_arm or __foo_from_thumb for
9458 non-interworking calls to foo. We could decode the stubs
9459 to find the target but it's easier to use the symbol table. */
9466 {
9474 else
9483 bound_minimal_symbol minsym
9487 else
9489 }
9493 /* Check whether SECTION points to the ".gnu.sgstubs" section. */
9498 }
9500 static void
9502 {
9503 /* If the current architecture is not ARM, we have nothing to do. */
9508 /* Update the architecture. */
9509 gdbarch_info info;
9512 }
9514 static void
9517 {
9522 {
9525 }
9529 current_fp_model);
9532 }
9534 static void
9537 {
9541 {
9547 }
9548 else
9552 }
9554 static void
9557 {
9562 {
9565 }
9569 arm_abi_string);
9572 }
9574 static void
9577 {
9581 {
9587 }
9588 else
9590 arm_abi_string);
9591 }
9593 static void
9596 {
9600 arm_fallback_mode_string);
9601 }
9603 static void
9606 {
9610 arm_force_mode_string);
9611 }
9613 static void
9616 {
9620 }
9622 /* If the user changes the register disassembly style used for info
9623 register and other commands, we have to also switch the style used
9624 in opcodes for disassembly output. This function is run in the "set
9625 arm disassembly" command, and does that. */
9627 static void
9630 {
9631 /* Convert the short style name into the long style name (eg, reg-names-*)
9632 before calling the generic set_disassembler_options() function. */
9635 }
9637 static void
9640 {
9649 {
9652 }
9655 }
9656 \f
9657 /* Return the ARM register name corresponding to register I. */
9660 {
9664 {
9670 };
9673 }
9676 {
9680 };
9683 }
9688 /* RA_AUTH_CODE is used for unwinding only. Do not assign it a name. */
9693 /* These registers are only supported on targets which supply
9694 an XML description. */
9697 /* Non-pseudo registers. */
9699 }
9701 /* Test whether the coff symbol specific value corresponds to a Thumb
9702 function. */
9704 static int
9706 {
9712 }
9714 /* arm_coff_make_msymbol_special()
9715 arm_elf_make_msymbol_special()
9717 These functions test whether the COFF or ELF symbol corresponds to
9718 an address in thumb code, and set a "special" bit in a minimal
9719 symbol to indicate that it does. */
9721 static void
9723 {
9729 }
9731 static void
9733 {
9736 }
9738 static void
9741 {
9754 arm_mapping_symbol_vec &map
9760 /* Insert at the end, the vector will be sorted on first use. */
9762 }
9764 static void
9766 {
9770 /* If necessary, set the T bit. */
9772 {
9779 else
9782 }
9783 }
9785 /* Read the contents of a NEON quad register, by reading from two
9786 double registers. This is used to implement the quad pseudo
9787 registers, and for argument passing in case the quad registers are
9788 missing; vectors are passed in quad registers when using the VFP
9789 ABI, even if a NEON unit is not present. REGNUM is the index of
9790 the quad register, in [0, 15]. */
9792 static enum register_status
9795 {
9816 }
9818 /* Read the contents of a NEON quad register, by reading from two double
9819 registers, and return it as a value. QUAD_REG_INDEX is the index of the quad
9820 register, in [0, 15]. */
9825 {
9827 int double_regnum
9833 }
9835 /* Read the contents of the MVE pseudo register REGNUM and return it as a
9836 value. */
9840 {
9843 /* P0 is the first 16 bits of VPR. */
9846 }
9851 {
9857 {
9858 /* Quad-precision register. */
9861 }
9864 else
9865 {
9868 /* Single-precision register. */
9871 /* s0 is always the least significant half of d0. */
9875 else
9879 int double_regnum
9884 offset);
9885 }
9886 }
9888 /* Store the contents of BUF to a NEON quad register, by writing to
9889 two double registers. This is used to implement the quad pseudo
9890 registers, and for argument passing in case the quad registers are
9891 missing; vectors are passed in quad registers when using the VFP
9892 ABI, even if a NEON unit is not present. REGNUM is the index
9893 of the quad register, in [0, 15]. */
9895 static void
9898 {
9908 }
9910 static void
9913 {
9915 int double_regnum
9920 }
9922 /* Store the contents of BUF to the MVE pseudo register REGNUM. */
9924 static void
9927 {
9930 /* P0 is the first 16 bits of VPR. */
9932 }
9934 static void
9938 {
9944 {
9945 /* Quad-precision register. */
9948 }
9951 else
9952 {
9955 /* Single-precision register. */
9958 /* s0 is always the least significant half of d0. */
9962 else
9966 int double_regnum
9971 }
9972 }
9976 {
9979 }
9981 static enum gdb_osabi
9983 {
9990 /* GNU tools use this value. Check note sections in this case,
9991 as well. */
9992 {
9995 }
9997 /* Anything else will be handled by the generic ELF sniffer. */
9999 }
10001 static int
10004 {
10005 /* FPS register's type is INT, but belongs to float_reggroup. Beside
10006 this, FPS register belongs to save_regroup, restore_reggroup, and
10007 all_reggroup, of course. */
10013 else
10015 }
10017 /* For backward-compatibility we allow two 'g' packet lengths with
10018 the remote protocol depending on whether FPA registers are
10019 supplied. M-profile targets do not have FPA registers, but some
10020 stubs already exist in the wild which use a 'g' packet which
10021 supplies them albeit with dummy values. The packet format which
10022 includes FPA registers should be considered deprecated for
10023 M-profile targets. */
10025 static void
10027 {
10031 {
10034 /* If we know from the executable this is an M-profile target,
10035 cater for remote targets whose register set layout is the
10036 same as the FPA layout. */
10040 tdesc);
10042 /* The regular M-profile layout. */
10045 tdesc);
10047 /* M-profile plus M4F VFP. */
10051 tdesc);
10052 /* M-profile plus MVE. */
10055 + ARM_VFP2_REGS_SIZE
10058 /* M-profile system (stack pointers). */
10061 }
10063 /* Otherwise we don't have a useful guess. */
10064 }
10066 /* Implement the code_of_frame_writable gdbarch method. */
10068 static int
10070 {
10074 {
10075 /* M-profile exception frames return to some magic PCs, where
10076 isn't writable at all. */
10078 }
10079 else
10081 }
10083 /* Implement gdbarch_gnu_triplet_regexp. If the arch name is arm then allow it
10084 to be postfixed by a version (eg armv7hl). */
10088 {
10092 }
10094 /* Implement the "get_pc_address_flags" gdbarch method. */
10098 {
10103 }
10105 /* Initialize the current architecture based on INFO. If possible,
10106 re-use an architecture from ARCHES, which is a list of
10107 architectures already created during this debugging session.
10109 Called e.g. at program startup, when reading a core file, and when
10110 reading a binary file. */
10114 {
10118 tdesc_arch_data_up tdesc_data;
10142 /* If we have an object to base this architecture on, try to determine
10143 its ABI. */
10146 {
10150 {
10152 /* Assume it's an old APCS-style ABI. */
10153 /* XXX WinCE? */
10162 {
10163 /* GNU tools used to use this value, but do not for EABI
10164 objects. There's nowhere to tag an EABI version
10165 anyway, so assume APCS. */
10167 }
10169 {
10173 {
10175 /* Assume GNU tools. */
10182 /* EABI binaries default to VFP float ordering.
10183 They may also contain build attributes that can
10184 be used to identify if the VFP argument-passing
10185 ABI is in use. */
10187 {
10188 #ifdef HAVE_ELF
10190 OBJ_ATTR_PROC,
10191 Tag_ABI_VFP_args))
10192 {
10194 /* "The user intended FP parameter/result
10195 passing to conform to AAPCS, base
10196 variant". */
10200 /* "The user intended FP parameter/result
10201 passing to conform to AAPCS, VFP
10202 variant". */
10206 /* "The user intended FP parameter/result
10207 passing to conform to tool chain-specific
10208 conventions" - we don't know any such
10209 conventions, so leave it as "auto". */
10212 /* "Code is compatible with both the base
10213 and VFP variants; the user did not permit
10214 non-variadic functions to pass FP
10215 parameters/results" - leave it as
10216 "auto". */
10219 /* Attribute value not mentioned in the
10220 November 2012 ABI, so leave it as
10221 "auto". */
10223 }
10224 #else
10226 #endif
10227 }
10231 /* Leave it as "auto". */
10234 }
10236 #ifdef HAVE_ELF
10237 /* Detect M-profile programs. This only works if the
10238 executable file includes build attributes; GCC does
10239 copy them to the executable, but e.g. RealView does
10240 not. */
10241 int attr_arch
10243 Tag_CPU_arch);
10244 int attr_profile
10246 Tag_CPU_arch_profile);
10248 /* GCC specifies the profile for v6-M; RealView only
10249 specifies the profile for architectures starting with
10250 V7 (as opposed to architectures with a tag
10251 numerically greater than TAG_CPU_ARCH_V7). */
10262 /* Look for attributes that indicate support for ARMv8.1-m
10263 PACBTI. */
10265 {
10266 int attr_pac_extension
10268 Tag_PAC_extension);
10270 int attr_bti_extension
10272 Tag_BTI_extension);
10274 int attr_pacret_use
10276 Tag_PACRET_use);
10278 int attr_bti_use
10280 Tag_BTI_use);
10285 }
10286 #endif
10287 }
10290 {
10292 {
10294 /* Leave it as "auto". Strictly speaking this case
10295 means FPA, but almost nobody uses that now, and
10296 many toolchains fail to set the appropriate bits
10297 for the floating-point model they use. */
10308 }
10309 }
10317 /* Leave it as "auto". */
10319 }
10320 }
10322 /* Check any target description for validity. */
10324 {
10325 /* For most registers we require GDB's default names; but also allow
10326 the numeric names for sp / lr / pc, as a convenience. */
10337 {
10342 else
10344 }
10353 ARM_SP_REGNUM,
10354 arm_sp_names);
10356 ARM_LR_REGNUM,
10357 arm_lr_names);
10359 ARM_PC_REGNUM,
10360 arm_pc_names);
10364 else
10372 {
10376 {
10377 /* MSP */
10381 {
10384 }
10388 /* PSP */
10392 {
10395 }
10397 }
10398 }
10403 {
10410 }
10411 else
10417 {
10423 };
10427 valid_p
10431 /* Check for the control registers, but do not fail if they
10432 are missing. */
10438 valid_p
10446 }
10448 /* If we have a VFP unit, check whether the single precision registers
10449 are present. If not, then we will synthesize them as pseudo
10450 registers. */
10454 {
10460 };
10462 /* Require the double precision registers. There must be either
10463 16 or 32. */
10466 {
10472 }
10476 /* Also require FPSCR. */
10489 /* If we have VFP, also check for NEON. The architecture allows
10490 NEON without VFP (integer vector operations only), but GDB
10491 does not support that. */
10495 {
10496 /* NEON requires 32 double-precision registers. */
10500 /* If there are quad registers defined by the stub, use
10501 their type; otherwise (normally) provide them with
10502 the default type. */
10505 }
10506 }
10508 /* Check for the TLS register feature. */
10511 {
10518 register_count++;
10519 }
10521 /* Check for MVE after all the checks for GPR's, VFP and Neon.
10522 MVE (Helium) is an M-profile extension. */
10524 {
10525 /* Do we have the MVE feature? */
10529 {
10530 /* If we have MVE, we must always have the VPR register. */
10534 {
10537 }
10541 register_count++;
10543 /* We can't have Q pseudo registers available here, as that
10544 would mean we have NEON features, and that is only available
10545 on A and R profiles. */
10548 /* Given we have a M-profile target description, if MVE is
10549 enabled and there are VFP registers, we should have Q
10550 pseudo registers (Q0 ~ Q7). */
10553 }
10555 /* Do we have the ARMv8.1-m PACBTI feature? */
10559 {
10560 /* By advertising this feature, the target acknowledges the
10561 presence of the ARMv8.1-m PACBTI extensions.
10563 We don't care for any particular registers in this group, so
10564 the target is free to include whatever it deems appropriate.
10566 The expectation is for this feature to include the PAC
10567 keys. */
10569 }
10571 /* Do we have the Security extension? */
10575 {
10576 /* Secure/Non-secure stack pointers. */
10577 /* MSP_NS */
10581 {
10584 }
10587 /* PSP_NS */
10591 {
10594 }
10597 /* MSP_S */
10601 {
10604 }
10607 /* PSP_S */
10611 {
10614 }
10618 }
10620 }
10621 }
10623 /* If there is already a candidate, use it. */
10627 {
10628 arm_gdbarch_tdep *tdep
10637 /* There are various other properties in tdep that we do not
10638 need to check here: those derived from a target description,
10639 since gdbarches with a different target description are
10640 automatically disqualified. */
10642 /* Do check is_m, though, since it might come from the binary. */
10646 /* Also check for ARMv8.1-m PACBTI support, since it might come from
10647 the binary. */
10651 /* Found a match. */
10653 }
10658 gdbarch *gdbarch
10662 /* Record additional information about the architecture we are defining.
10663 These are gdbarch discriminators, like the OSABI. */
10679 /* Adjust the MVE feature settings. */
10681 {
10684 }
10686 /* Adjust the PACBTI feature settings. */
10689 /* Adjust the M-profile stack pointers settings. */
10691 {
10698 }
10702 /* Breakpoints. */
10704 {
10723 }
10725 /* On ARM targets char defaults to unsigned. */
10728 /* wchar_t is unsigned under the AAPCS. */
10731 else
10734 /* Compute type alignment. */
10737 /* Note: for displaced stepping, this includes the breakpoint, and one word
10738 of additional scratch space. This setting isn't used for anything beside
10739 displaced stepping at present. */
10740 set_gdbarch_displaced_step_buffer_length
10744 /* This should be low enough for everything. */
10748 /* The default, for both APCS and AAPCS, is to return small
10749 structures in registers. */
10762 /* Address manipulation. */
10765 /* Advance PC across function entry code. */
10768 /* Detect whether PC is at a point where the stack has been destroyed. */
10771 /* Skip trampolines. */
10774 /* The stack grows downward. */
10777 /* Breakpoint manipulation. */
10781 arm_breakpoint_kind_from_current_state);
10783 /* Information about registers, etc. */
10790 /* This "info float" is FPA-specific. Use the generic version if we
10791 do not have FPA. */
10795 /* Internal <-> external register number maps. */
10801 /* Returning results. */
10804 /* Disassembly. */
10807 /* Minsymbol frobbing. */
10810 arm_coff_make_msymbol_special);
10813 /* Thumb-2 IT block support. */
10815 arm_adjust_breakpoint_address);
10817 /* Virtual tables. */
10820 /* Hook in the ABI-specific overrides, if they have been registered. */
10825 /* Add some default predicates. */
10834 /* Now we have tuned the configuration, set a few final things,
10835 based on what the OS ABI has told us. */
10837 /* If the ABI is not otherwise marked, assume the old GNU APCS. EABI
10838 binaries are always marked. */
10842 /* Watchpoints are not steppable. */
10845 /* We used to default to FPA for generic ARM, but almost nobody
10846 uses that now, and we now provide a way for the user to force
10847 the model. So default to the most useful variant. */
10854 /* Floating point sizes and format. */
10857 {
10858 set_gdbarch_double_format
10860 set_gdbarch_long_double_format
10862 }
10863 else
10864 {
10867 }
10869 /* Hook used to decorate frames with signed return addresses, only available
10870 for ARMv8.1-m PACBTI. */
10875 {
10881 /* Override tdesc_register_type to adjust the types of VFP
10882 registers for NEON. */
10884 }
10886 /* Initialize the pseudo register data. */
10889 {
10890 /* VFP single precision pseudo registers (S0~S31). */
10896 {
10897 /* NEON quad precision pseudo registers (Q0~Q15). */
10906 }
10907 }
10909 /* Do we have any MVE pseudo registers? */
10911 {
10915 }
10917 /* Do we have any ARMv8.1-m PACBTI pseudo registers. */
10919 {
10923 }
10925 /* Set some pseudo register hooks, if we have pseudo registers. */
10927 {
10931 }
10933 /* Add standard register aliases. We add aliases even for those
10934 names which are used by the current architecture - it's simpler,
10935 and does no harm, since nothing ever lists user registers. */
10946 }
10948 static void
10950 {
11008 }
11010 #if GDB_SELF_TEST
11011 namespace selftests
11012 {
11015 }
11016 #endif
11019 void
11021 {
11029 /* Add ourselves to objfile event chain. */
11032 /* Register an ELF OS ABI sniffer for ARM binaries. */
11034 bfd_target_elf_flavour,
11035 arm_elf_osabi_sniffer);
11037 /* Add root prefix command for all "set arm"/"show arm" commands. */
11050 num_disassembly_styles++;
11052 /* Initialize the array that will be passed to add_setshow_enum_cmd(). */
11057 {
11067 }
11068 /* Mark the end of valid options. */
11071 /* Create the help text. */
11074 regdesc,
11082 set_disassembly_style_sfunc,
11083 show_disassembly_style_sfunc,
11090 NULL,
11092 mode is %s. */
11095 /* Add a command to allow the user to force the FPU model. */
11107 /* Add a command to allow the user to force the ABI. */
11114 /* Add two commands to allow the user to force the assumed
11115 execution mode. */
11129 /* Add a command to stop triggering security exceptions when
11130 unwinding exception stacks. */
11138 /* Debugging flag. */
11143 NULL,
11147 #if GDB_SELF_TEST
11150 #endif
11152 }
11154 /* ARM-reversible process record data structures. */
11156 #define ARM_INSN_SIZE_BYTES 4
11157 #define THUMB_INSN_SIZE_BYTES 2
11158 #define THUMB2_INSN_SIZE_BYTES 4
11161 /* Position of the bit within a 32-bit ARM instruction
11162 that defines whether the instruction is a load or store. */
11163 #define INSN_S_L_BIT_NUM 20
11165 #define REG_ALLOC(REGS, LENGTH, RECORD_BUF) \
11166 do \
11167 { \
11168 unsigned int reg_len = LENGTH; \
11169 if (reg_len) \
11170 { \
11171 REGS = XNEWVEC (uint32_t, reg_len); \
11172 memcpy(®S[0], &RECORD_BUF[0], sizeof(uint32_t)*LENGTH); \
11173 } \
11174 } \
11175 while (0)
11177 #define MEM_ALLOC(MEMS, LENGTH, RECORD_BUF) \
11178 do \
11179 { \
11180 unsigned int mem_len = LENGTH; \
11181 if (mem_len) \
11182 { \
11183 MEMS = XNEWVEC (struct arm_mem_r, mem_len); \
11184 memcpy(&MEMS->len, &RECORD_BUF[0], \
11185 sizeof(struct arm_mem_r) * LENGTH); \
11186 } \
11187 } \
11188 while (0)
11190 /* Checks whether insn is already recorded or yet to be decoded. (boolean expression). */
11191 #define INSN_RECORDED(ARM_RECORD) \
11192 (0 != (ARM_RECORD)->reg_rec_count || 0 != (ARM_RECORD)->mem_rec_count)
11194 /* ARM memory record structure. */
11195 struct arm_mem_r
11196 {
11199 };
11201 /* ARM instruction record contains opcode of current insn
11202 and execution state (before entry to decode_insn()),
11203 contains list of to-be-modified registers and
11204 memory blocks (on return from decode_insn()). */
11206 struct arm_insn_decode_record
11207 {
11219 };
11222 /* Checks ARM SBZ and SBO mandatory fields. */
11224 static int
11226 {
11236 {
11238 {
11240 }
11242 }
11244 }
11246 enum arm_record_result
11247 {
11250 };
11252 enum arm_record_strx_t
11253 {
11255 ARM_RECORD_STRD
11256 };
11258 enum record_type_t
11259 {
11261 THUMB_RECORD,
11262 THUMB2_RECORD
11263 };
11266 static int
11269 {
11281 {
11282 /* 1) Handle misc store, immediate offset. */
11289 {
11290 /* If R15 was used as Rn, hence current PC+8. */
11292 }
11294 /* Calculate target store address. */
11296 {
11298 }
11299 else
11300 {
11302 }
11304 {
11308 }
11310 {
11316 }
11317 }
11319 {
11320 /* 2) Store, register offset. */
11321 /* Get Rm. */
11323 /* Get Rn. */
11328 {
11329 /* If R15 was used as Rn, hence current PC+8. */
11331 }
11332 /* Calculate target store address, Rn +/- Rm, register offset. */
11334 {
11336 }
11337 else
11338 {
11340 }
11342 {
11346 }
11348 {
11354 }
11355 }
11358 {
11359 /* 3) Store, immediate pre-indexed. */
11360 /* 5) Store, immediate post-indexed. */
11366 /* Calculate target store address, Rn +/- Rm, register offset. */
11368 {
11370 }
11371 else
11372 {
11374 }
11376 {
11380 }
11382 {
11388 }
11389 /* Record Rn also as it changes. */
11392 }
11395 {
11396 /* 4) Store, register pre-indexed. */
11397 /* 6) Store, register post -indexed. */
11402 /* Calculate target store address, Rn +/- Rm, register offset. */
11404 {
11406 }
11407 else
11408 {
11410 }
11412 {
11416 }
11418 {
11424 }
11425 /* Record Rn also as it changes. */
11428 }
11430 }
11432 /* Handling ARM extension space insns. */
11434 static int
11436 {
11445 /* Handle unconditional insn extension space. */
11450 {
11451 /* PLD has no affect on architectural state, it just affects
11452 the caches. */
11454 {
11455 /* BLX(1) */
11459 }
11460 /* STC2, LDC2, MCR2, MRC2, CDP2: <TBD>, co-processor insn. */
11461 }
11466 {
11468 /* Undefined instruction on ARM V5; need to handle if later
11469 versions define it. */
11470 }
11476 /* Handle arithmetic insn extension space. */
11479 {
11480 /* Handle MLA(S) and MUL(S). */
11482 {
11486 }
11488 {
11489 /* Handle SMLAL(S), SMULL(S), UMLAL(S), UMULL(S). */
11494 }
11495 }
11501 /* Handle control insn extension space. */
11505 {
11507 {
11509 {
11511 {
11512 /* MRS. */
11515 }
11517 {
11518 /* CSPR is going to be changed. */
11521 }
11523 {
11524 /* SPSR is going to be changed. */
11525 /* We need to get SPSR value, which is yet to be done. */
11527 }
11528 }
11530 {
11532 {
11533 /* BX. */
11536 }
11538 {
11539 /* CLZ. */
11542 }
11543 }
11545 {
11546 /* BLX. */
11550 }
11552 {
11553 /* QADD, QSUB, QDADD, QDSUB */
11557 }
11559 {
11560 /* BKPT. */
11565 /* Save SPSR also;how? */
11567 }
11572 )
11573 {
11575 {
11576 /* SMLA<x><y>, SMLAW<y>, SMULW<y>. */
11577 /* We dont do optimization for SMULW<y> where we
11578 need only Rd. */
11582 }
11584 {
11585 /* SMLAL<x><y>. */
11589 }
11591 {
11592 /* SMUL<x><y>. */
11595 }
11596 }
11597 }
11598 else
11599 {
11600 /* MSR : immediate form. */
11602 {
11603 /* CSPR is going to be changed. */
11606 }
11608 {
11609 /* SPSR is going to be changed. */
11610 /* we need to get SPSR value, which is yet to be done */
11612 }
11613 }
11614 }
11620 /* Handle load/store insn extension space. */
11625 {
11626 /* SWP/SWPB. */
11628 {
11629 /* These insn, changes register and memory as well. */
11630 /* SWP or SWPB insn. */
11631 /* Get memory address given by Rn. */
11634 /* SWP insn ?, swaps word. */
11636 {
11638 }
11639 else
11640 {
11641 /* SWPB insn, swaps only byte. */
11643 }
11648 }
11650 {
11651 /* STRH. */
11653 ARM_RECORD_STRH);
11654 }
11656 {
11657 /* LDRD. */
11661 }
11663 {
11664 /* STRD. */
11666 ARM_RECORD_STRD);
11667 }
11669 {
11670 /* LDRH, LDRSB, LDRSH. */
11673 }
11675 }
11680 {
11682 /* Handle coprocessor insn extension space. */
11683 }
11685 /* To be done for ARMv5 and later; as of now we return -1. */
11693 }
11695 /* Handling opcode 000 insns. */
11697 static int
11699 {
11712 {
11713 /* Data-processing (register) and Data-processing (register-shifted
11714 register */
11715 /* Out of 11 shifter operands mode, all the insn modifies destination
11716 register, which is specified by 13-16 decode. */
11720 }
11722 {
11723 /* Miscellaneous instructions */
11727 {
11728 /* Handle BLX, branch and link/exchange. */
11730 {
11731 /* Branch is chosen by setting T bit of CSPR, bitp[0] of Rm,
11732 and R14 stores the return address. */
11736 }
11737 }
11739 {
11740 /* Handle enhanced software breakpoint insn, BKPT. */
11741 /* CPSR is changed to be executed in ARM state, disabling normal
11742 interrupts, entering abort mode. */
11743 /* According to high vector configuration PC is set. */
11744 /* user hit breakpoint and type reverse, in
11745 that case, we need to go back with previous CPSR and
11746 Program Counter. */
11751 /* Save SPSR also; how? */
11753 }
11756 {
11757 /* Handle BX, branch and link/exchange. */
11758 /* Branch is chosen by setting T bit of CSPR, bitp[0] of Rm. */
11761 }
11765 {
11766 /* Count leading zeros: CLZ. */
11769 }
11774 {
11775 /* Handle MRS insn. */
11778 }
11779 }
11781 {
11782 /* Multiply and multiply-accumulate */
11784 /* Handle multiply instructions. */
11785 /* MLA, MUL, SMLAL, SMULL, UMLAL, UMULL. */
11787 {
11788 /* Handle MLA and MUL. */
11792 }
11794 {
11795 /* Handle SMLAL, SMULL, UMLAL, UMULL. */
11800 }
11801 }
11803 {
11804 /* Synchronization primitives */
11806 /* Handling SWP, SWPB. */
11807 /* These insn, changes register and memory as well. */
11808 /* SWP or SWPB insn. */
11812 /* SWP insn ?, swaps word. */
11814 {
11816 }
11817 else
11818 {
11819 /* SWPB insn, swaps only byte. */
11821 }
11826 }
11829 {
11831 {
11832 /* Extra load/store (unprivileged) */
11834 }
11835 else
11836 {
11837 /* Extra load/store */
11839 {
11842 {
11843 /* STRH (register), STRH (immediate) */
11846 }
11848 {
11849 /* LDRH (register) */
11854 {
11855 /* Write back to Rn. */
11858 }
11859 }
11861 {
11862 /* LDRH (immediate), LDRH (literal) */
11869 {
11870 /*LDRH (immediate) */
11872 {
11873 /* Write back to Rn. */
11875 }
11876 }
11877 }
11878 else
11883 {
11884 /* LDRD (register) */
11890 {
11891 /* Write back to Rn. */
11894 }
11895 }
11897 {
11898 /* LDRSB (register) */
11903 {
11904 /* Write back to Rn. */
11907 }
11908 }
11910 {
11911 /* LDRD (immediate), LDRD (literal), LDRSB (immediate),
11912 LDRSB (literal) */
11919 {
11920 /*LDRD (immediate), LDRSB (immediate) */
11922 {
11923 /* Write back to Rn. */
11925 }
11926 }
11927 }
11928 else
11933 {
11934 /* STRD (register) */
11937 }
11939 {
11940 /* LDRSH (register) */
11945 {
11946 /* Write back to Rn. */
11949 }
11950 }
11952 {
11953 /* STRD (immediate) */
11956 }
11958 {
11959 /* LDRSH (immediate), LDRSH (literal) */
11964 {
11965 /* Write back to Rn. */
11968 }
11969 }
11970 else
11975 }
11976 }
11977 }
11978 else
11979 {
11981 }
11986 }
11988 /* Handling opcode 001 insns. */
11990 static int
11992 {
12001 )
12002 {
12003 /* Handle MSR insn. */
12005 {
12006 /* CSPR is going to be changed. */
12009 }
12010 else
12011 {
12012 /* SPSR is going to be changed. */
12013 }
12014 }
12016 {
12017 /* Normal data processing insns. */
12018 /* Out of 11 shifter operands mode, all the insn modifies destination
12019 register, which is specified by 13-16 decode. */
12023 }
12024 else
12025 {
12027 }
12032 }
12034 static int
12036 {
12040 {
12042 /* Parallel addition and subtraction, signed */
12044 /* Parallel addition and subtraction, unsigned */
12047 /* Packing, unpacking, saturation and reversal */
12048 {
12052 }
12057 /* Signed multiplies */
12058 {
12068 }
12072 {
12075 {
12076 /* SBFX */
12079 }
12082 {
12083 /* USAD8 and USADA8 */
12086 }
12087 }
12091 {
12094 {
12095 /* Permanently UNDEFINED */
12097 }
12098 else
12099 {
12100 /* BFC, BFI and UBFX */
12103 }
12104 }
12109 }
12114 }
12116 /* Handle ARM mode instructions with opcode 010. */
12118 static int
12120 {
12127 ULONGEST u_regval;
12129 /* Calculate wback. */
12137 {
12138 /* LDR (immediate), LDR (literal), LDRB (immediate), LDRB (literal), LDRBT
12139 and LDRT. */
12144 /* The LDR instruction is capable of doing branching. If MOV LR, PC
12145 precedes a LDR instruction having R15 as reg_base, it
12146 emulates a branch and link instruction, and hence we need to save
12147 CPSR and PC as well. */
12151 /* If wback is true, also save the base register, which is going to be
12152 written to. */
12155 }
12156 else
12157 {
12158 /* STR (immediate), STRB (immediate), STRBT and STRT. */
12163 /* Handle bit U. */
12165 {
12166 /* U == 1: Add the offset. */
12168 }
12169 else
12170 {
12171 /* U == 0: subtract the offset. */
12173 }
12175 /* Bit 22 tells us whether the store instruction writes 1 byte or 4
12176 bytes. */
12178 {
12179 /* STRB and STRBT: 1 byte. */
12181 }
12182 else
12183 {
12184 /* STR and STRT: 4 bytes. */
12186 }
12188 /* Handle bit P. */
12191 else
12196 /* If wback is true, also save the base register, which is going to be
12197 written to. */
12200 }
12205 }
12207 /* Handling opcode 011 insns. */
12209 static int
12211 {
12219 LONGEST s_word;
12228 /* Handle enhanced store insns and LDRD DSP insn,
12229 order begins according to addressing modes for store insns
12230 STRH insn. */
12232 /* LDR or STR? */
12234 {
12236 /* LDR insn has a capability to do branching, if
12237 MOV LR, PC is preceded by LDR insn having Rn as R15
12238 in that case, it emulates branch and link insn, and hence we
12239 need to save CSPR and PC as well. */
12241 {
12244 }
12245 else
12246 {
12250 }
12251 }
12252 else
12253 {
12255 {
12256 /* Store insn, register offset and register pre-indexed,
12257 register post-indexed. */
12258 /* Get Rm. */
12260 /* Get Rn. */
12267 {
12268 /* If R15 was used as Rn, hence current PC+8. */
12269 /* Pre-indexed mode doesn't reach here ; illegal insn. */
12271 }
12272 /* Calculate target store address, Rn +/- Rm, register offset. */
12273 /* U == 1. */
12275 {
12277 }
12278 else
12279 {
12281 }
12284 {
12285 /* STR. */
12288 /* STR. */
12291 /* STRT. */
12294 /* STR. */
12300 /* STRB. */
12303 /* STRB. */
12306 /* STRBT. */
12309 /* STRB. */
12318 }
12328 )
12329 {
12330 /* Rn is going to be changed in pre-indexed mode and
12331 post-indexed mode as well. */
12334 }
12335 }
12336 else
12337 {
12338 /* Store insn, scaled register offset; scaled pre-indexed. */
12340 /* Get Rm. */
12342 /* Get Rn. */
12344 /* Get shift_imm. */
12349 /* Offset_12 used as shift. */
12351 {
12353 /* Offset_12 used as index. */
12363 {
12365 {
12367 }
12368 else
12369 {
12371 }
12372 }
12373 else
12374 {
12375 /* This is arithmetic shift. */
12377 }
12382 {
12385 /* Get C flag value and shift it by 31. */
12388 }
12389 else
12390 {
12394 }
12400 }
12403 /* bit U set. */
12405 {
12407 }
12408 else
12409 {
12411 }
12414 {
12415 /* STR. */
12418 /* STR. */
12421 /* STRT. */
12424 /* STR. */
12430 /* STRB. */
12433 /* STRB. */
12436 /* STRBT. */
12439 /* STRB. */
12448 }
12458 )
12459 {
12460 /* Rn is going to be changed in register scaled pre-indexed
12461 mode,and scaled post indexed mode. */
12464 }
12465 }
12466 }
12471 }
12473 /* Handle ARM mode instructions with opcode 100. */
12475 static int
12477 {
12483 ULONGEST u_regval;
12485 /* Fetch the list of registers. */
12489 /* Fetch the base register that contains the address we are loading data
12490 to. */
12493 /* Calculate wback. */
12497 {
12498 /* LDM/LDMIA/LDMFD, LDMDA/LDMFA, LDMDB and LDMIB. */
12500 /* Find out which registers are going to be loaded from memory. */
12502 {
12506 register_count++;
12507 }
12510 /* If wback is true, also save the base register, which is going to be
12511 written to. */
12515 /* Save the CPSR register. */
12517 }
12518 else
12519 {
12520 /* STM (STMIA, STMEA), STMDA (STMED), STMDB (STMFD) and STMIB (STMFA). */
12526 /* Find out how many registers are going to be stored to memory. */
12528 {
12530 register_count++;
12532 }
12535 {
12536 /* STMDA (STMED): Decrement after. */
12541 /* STM (STMIA, STMEA): Increment after. */
12545 /* STMDB (STMFD): Decrement before. */
12550 /* STMIB (STMFA): Increment before. */
12557 }
12562 /* If wback is true, also save the base register, which is going to be
12563 written to. */
12566 }
12571 }
12573 /* Handling opcode 101 insns. */
12575 static int
12577 {
12580 /* Handle B, BL, BLX(1) insns. */
12581 /* B simply branches so we do nothing here. */
12582 /* Note: BLX(1) doesn't fall here but instead it falls into
12583 extension space. */
12585 {
12588 }
12593 }
12595 static int
12597 {
12604 }
12606 /* Record handler for vector data transfer instructions. */
12608 static int
12610 {
12620 /* Handle VMOV instruction. */
12622 {
12625 }
12627 {
12628 /* Handle VMOV instruction. */
12630 {
12633 }
12634 /* Handle VMRS instruction. */
12636 {
12642 }
12643 }
12645 {
12646 /* Handle VMOV instruction. */
12648 {
12652 }
12653 /* Handle VMSR instruction. */
12655 {
12658 }
12659 }
12661 {
12662 /* Handle VMOV instruction. */
12664 {
12668 }
12669 /* Handle VDUP instruction. */
12670 else
12671 {
12673 {
12678 }
12679 else
12680 {
12684 }
12685 }
12686 }
12690 }
12692 /* Record handler for extension register load/store instructions. */
12694 static int
12696 {
12708 /* Handle VMOV instructions. */
12710 {
12712 {
12716 }
12717 else
12718 {
12723 {
12724 /* The first S register number m is REG_M:M (M is bit 5),
12725 the corresponding D register number is REG_M:M / 2, which
12726 is REG_M. */
12728 /* The second S register number is REG_M:M + 1, the
12729 corresponding D register number is (REG_M:M + 1) / 2.
12730 IOW, if bit M is 1, the first and second S registers
12731 are mapped to different D registers, otherwise, they are
12732 in the same D register. */
12734 {
12737 }
12738 }
12739 else
12740 {
12743 }
12744 }
12745 }
12746 /* Handle VSTM and VPUSH instructions. */
12749 {
12761 else
12765 {
12768 }
12771 {
12773 {
12778 }
12779 else
12780 {
12787 }
12788 memory_count--;
12789 }
12791 }
12792 /* Handle VLDM instructions. */
12795 {
12803 /* REG_VD is the first D register number. If the instruction
12804 loads memory to S registers (SINGLE_REG is TRUE), the register
12805 number is (REG_VD << 1 | bit D), so the corresponding D
12806 register number is (REG_VD << 1 | bit D) / 2 = REG_VD. */
12813 /* If the instruction loads memory to D register, REG_COUNT should
12814 be divided by 2, according to the ARM Architecture Reference
12815 Manual. If the instruction loads memory to S register, divide by
12816 2 as well because two S registers are mapped to D register. */
12819 {
12820 /* Increase the register count if S register list starts from
12821 an odd number (bit d is one). */
12822 reg_count++;
12823 }
12826 {
12828 reg_count--;
12829 }
12831 }
12832 /* VSTR Vector store register. */
12834 {
12845 else
12849 {
12853 }
12854 else
12855 {
12861 }
12862 }
12863 /* VLDR Vector load register. */
12865 {
12869 {
12872 }
12873 else
12874 {
12876 /* Record register D rather than pseudo register S. */
12878 }
12880 }
12885 }
12887 /* Record handler for arm/thumb mode VFP data processing instructions. */
12889 static int
12891 {
12903 /* Mask off the "D" bit. */
12906 /* Handle VMLA, VMLS. */
12908 {
12910 {
12913 else
12915 }
12916 else
12917 {
12920 else
12922 }
12923 }
12924 /* Handle VNMLA, VNMLS, VNMUL. */
12926 {
12929 else
12931 }
12932 /* Handle VMUL. */
12934 {
12936 {
12939 else
12941 }
12942 else
12943 {
12946 else
12948 }
12949 }
12950 /* Handle VADD, VSUB. */
12952 {
12954 {
12957 else
12959 }
12960 else
12961 {
12964 else
12966 }
12967 }
12968 /* Handle VDIV. */
12970 {
12973 else
12975 }
12976 /* Handle all other vfp data processing instructions. */
12978 {
12979 /* Handle VMOV. */
12981 {
12983 {
12986 else
12988 }
12989 else
12990 {
12993 else
12995 }
12996 }
12997 /* Handle VNEG and VABS. */
13000 {
13002 {
13005 else
13007 }
13008 else
13009 {
13012 else
13014 }
13015 }
13016 /* Handle VSQRT. */
13018 {
13021 else
13023 }
13024 /* Handle VCVT. */
13026 {
13029 else
13031 }
13033 {
13034 /* Handle VCVT. */
13036 {
13039 else
13040 {
13043 else
13045 }
13046 }
13047 /* Handle VCVT. */
13049 {
13052 else
13054 }
13055 /* Handle VCVTB, VCVTT. */
13058 /* Handle VCMP, VCMPE. */
13061 }
13062 }
13065 {
13093 }
13097 }
13099 /* Handling opcode 110 insns. */
13101 static int
13103 {
13111 {
13112 /* Handle extension register ld/st instructions. */
13116 /* 64-bit transfers between arm core and extension registers. */
13119 }
13120 else
13121 {
13122 /* Handle coprocessor ld/st instructions. */
13124 {
13125 /* Store. */
13128 else
13129 /* Load. */
13131 }
13133 /* Move to coprocessor from two arm core registers. */
13137 /* Move to two arm core registers from coprocessor. */
13139 {
13148 }
13149 }
13151 }
13153 /* Handling opcode 111 insns. */
13155 static int
13157 {
13159 arm_gdbarch_tdep *tdep
13169 /* Handle arm SWI/SVC system call instructions. */
13171 {
13173 {
13184 }
13185 else
13186 {
13189 }
13190 }
13192 {
13194 {
13196 {
13197 /* 8, 16, and 32-bit transfer */
13199 }
13200 else
13201 {
13203 {
13204 /* MRC, MRC2 */
13213 record_buf);
13215 }
13216 else
13217 {
13218 /* MCR, MCR2 */
13220 }
13221 }
13222 }
13223 else
13224 {
13226 {
13227 /* VFP data-processing instructions. */
13229 }
13230 else
13231 {
13232 /* CDP, CDP2 */
13234 }
13235 }
13236 }
13237 else
13238 {
13242 {
13244 {
13245 /* MRRC, MRRC2 */
13247 }
13248 }
13250 {
13252 {
13253 /* 64-bit transfers between ARM core and extension */
13255 }
13257 {
13258 /* MCRR, MCRR2 */
13260 }
13261 }
13263 {
13264 /* UNDEFINED */
13266 }
13267 else
13268 {
13270 {
13271 /* Extension register load/store */
13272 }
13273 else
13274 {
13275 /* STC, STC2, LDC, LDC2 */
13276 }
13278 }
13279 }
13282 }
13284 /* Handling opcode 000 insns. */
13286 static int
13288 {
13301 }
13304 /* Handling opcode 001 insns. */
13306 static int
13308 {
13321 }
13323 /* Handling opcode 010 insns. */
13325 static int
13327 {
13339 {
13340 /* Handle load/store register offset. */
13344 {
13345 /* LDR(2), LDRB(2) , LDRH(2), LDRSB, LDRSH. */
13349 }
13351 {
13352 /* STR(2), STRB(2), STRH(2) . */
13365 }
13366 }
13368 {
13369 /* Handle load from literal pool. */
13370 /* LDR(3). */
13374 }
13376 {
13377 /* Special data instructions and branch and exchange */
13381 {
13382 /* Branch with exchange. */
13385 }
13386 else
13387 {
13388 /* Format 8; special data processing insns. */
13393 }
13394 }
13395 else
13396 {
13397 /* Format 5; data processing insns. */
13400 {
13402 }
13406 }
13410 record_buf_mem);
13413 }
13415 /* Handling opcode 001 insns. */
13417 static int
13419 {
13431 {
13432 /* LDR(1). */
13436 }
13437 else
13438 {
13439 /* STR(1). */
13446 }
13450 record_buf_mem);
13453 }
13455 /* Handling opcode 100 insns. */
13457 static int
13459 {
13471 {
13472 /* LDR(4). */
13476 }
13478 {
13479 /* LDRH(1). */
13483 }
13485 {
13486 /* STR(3). */
13492 }
13494 {
13495 /* STRH(1). */
13502 }
13506 record_buf_mem);
13509 }
13511 /* Handling opcode 101 insns. */
13513 static int
13515 {
13529 {
13530 /* ADR and ADD (SP plus immediate) */
13535 }
13536 else
13537 {
13538 /* Miscellaneous 16-bit instructions */
13542 {
13544 /* SETEND and CPS */
13547 /* ADD/SUB (SP plus immediate) */
13556 /* CBNZ, CBZ */
13559 /* SXTH, SXTB, UXTH, UXTB */
13564 /* PUSH with lr. */
13565 register_count++;
13568 /* PUSH without lr. */
13572 {
13574 register_count++;
13576 }
13580 {
13584 register_count--;
13585 }
13590 /* REV, REV16, REVSH */
13596 /* POP. */
13599 {
13603 register_count++;
13604 }
13610 /* BKPT insn. */
13611 /* Handle enhanced software breakpoint insn, BKPT. */
13612 /* CPSR is changed to be executed in ARM state, disabling normal
13613 interrupts, entering abort mode. */
13614 /* According to high vector configuration PC is set. */
13615 /* User hits breakpoint and type reverse, in that case, we need to go back with
13616 previous CPSR and Program Counter. */
13620 /* We need to save SPSR value, which is not yet done. */
13630 /* If-Then, and hints */
13634 };
13635 }
13639 record_buf_mem);
13642 }
13644 /* Handling opcode 110 insns. */
13646 static int
13648 {
13649 arm_gdbarch_tdep *tdep
13665 {
13667 /* LDMIA. */
13669 /* Get Rn. */
13672 {
13676 register_count++;
13677 }
13680 }
13682 {
13683 /* It handles both STMIA. */
13685 /* Get Rn. */
13689 {
13691 register_count++;
13693 }
13697 {
13701 register_count--;
13702 }
13703 }
13705 {
13706 /* Handle arm syscall insn. */
13708 {
13711 }
13712 else
13713 {
13716 }
13717 }
13719 /* B (1), conditional branch is automatically taken care in process_record,
13720 as PC is saved there. */
13724 record_buf_mem);
13727 }
13729 /* Handling opcode 111 insns. */
13731 static int
13733 {
13740 {
13741 /* BL */
13744 }
13746 {
13747 /* BLX(1). */
13751 }
13753 /* B(2) is automatically taken care in process_record, as PC is
13754 saved there. */
13759 }
13761 /* Handler for thumb2 load/store multiple instructions. */
13763 static int
13765 {
13779 {
13781 {
13782 /* Handle RFE instruction. */
13785 }
13786 else
13787 {
13788 /* Handle SRS instruction after reading banked SP. */
13790 }
13791 }
13793 {
13795 {
13796 /* Handle LDM/LDMIA/LDMFD and LDMDB/LDMEA instructions. */
13799 {
13803 register_count++;
13805 }
13809 }
13810 else
13811 {
13812 /* Handle STM/STMIA/STMEA and STMDB/STMFD. */
13816 {
13818 register_count++;
13821 }
13824 {
13825 /* Start address calculation for LDMDB/LDMEA. */
13827 }
13829 {
13830 /* Start address calculation for LDMDB/LDMEA. */
13832 }
13836 {
13840 register_count--;
13841 }
13845 }
13846 }
13849 record_buf_mem);
13851 record_buf);
13853 }
13855 /* Handler for thumb2 load/store (dual/exclusive) and table branch
13856 instructions. */
13858 static int
13860 {
13876 {
13878 {
13883 }
13886 {
13890 }
13891 }
13892 else
13893 {
13898 {
13899 /* Handle STREX. */
13908 }
13910 {
13918 {
13919 /* Handle STREXB. */
13922 }
13924 {
13925 /* Handle STREXH. */
13928 }
13930 {
13931 /* Handle STREXD. */
13937 }
13938 }
13939 else
13940 {
13944 {
13947 else
13951 }
13952 else
13962 }
13963 }
13966 record_buf);
13968 record_buf_mem);
13970 }
13972 /* Handler for thumb2 data processing (shift register and modified immediate)
13973 instructions. */
13975 static int
13977 {
13985 {
13988 }
13989 else
13990 {
13994 }
13997 record_buf);
13999 }
14001 /* Generic handler for thumb2 instructions which effect destination and PS
14002 registers. */
14004 static int
14006 {
14017 record_buf);
14019 }
14021 /* Handler for thumb2 branch and miscellaneous control instructions. */
14023 static int
14025 {
14033 /* Handle MSR insn. */
14035 {
14037 {
14038 /* CPSR is going to be changed. */
14041 }
14042 else
14043 {
14046 }
14047 }
14049 {
14050 /* BLX. */
14054 }
14057 record_buf);
14059 }
14061 /* Handler for thumb2 store single data item instructions. */
14063 static int
14065 {
14081 {
14082 /* T2 encoding. */
14086 }
14087 else
14088 {
14089 /* T3 encoding. */
14091 {
14092 /* Handle STRB (register). */
14098 }
14099 else
14100 {
14103 {
14106 else
14110 }
14111 else
14113 }
14114 }
14117 {
14118 /* Store byte instructions. */
14123 /* Store half word instructions. */
14128 /* Store word instructions. */
14137 }
14145 record_buf);
14147 record_buf_mem);
14149 }
14151 /* Handler for thumb2 load memory hints instructions. */
14153 static int
14155 {
14163 {
14170 record_buf);
14172 }
14175 }
14177 /* Handler for thumb2 load word instructions. */
14179 static int
14181 {
14189 {
14190 /* Detected LDR(immediate), T4, with write-back bit set. Record Rn
14191 update. */
14194 }
14197 record_buf);
14199 }
14201 /* Handler for thumb2 long multiply, long multiply accumulate, and
14202 divide instructions. */
14204 static int
14206 {
14214 {
14215 /* Handle SMULL, UMULL, SMULAL. */
14216 /* Handle SMLAL(S), SMULL(S), UMLAL(S), UMULL(S). */
14221 }
14223 {
14224 /* Handle SDIV and UDIV. */
14229 }
14230 else
14234 record_buf);
14236 }
14238 /* Record handler for thumb32 coprocessor instructions. */
14240 static int
14242 {
14245 else
14247 }
14249 /* Record handler for advance SIMD structure load/store instructions. */
14251 static int
14253 {
14271 {
14277 {
14278 /* Handle VST1. */
14280 {
14289 else
14293 {
14295 {
14300 }
14301 }
14302 }
14303 /* Handle VST2. */
14305 {
14310 else
14315 {
14317 {
14321 }
14323 }
14324 }
14325 /* Handle VST3. */
14327 {
14329 {
14331 {
14335 }
14337 }
14338 }
14339 /* Handle VST4. */
14341 {
14343 {
14345 {
14349 }
14351 }
14352 }
14353 }
14354 else
14355 {
14364 else
14367 /* Handle VST1. */
14370 /* Handle VST2. */
14373 /* Handle VST3. */
14376 /* Handle VST4. */
14381 {
14384 }
14385 }
14386 }
14387 else
14388 {
14390 {
14391 /* Handle VLD1. */
14394 /* Handle VLD2. */
14397 /* Handle VLD3. */
14400 /* Handle VLD4. */
14403 }
14404 else
14405 {
14406 /* Handle VLD1. */
14409 /* Handle VLD2. */
14412 /* Handle VLD3. */
14415 /* Handle VLD4. */
14421 }
14422 }
14425 {
14428 }
14431 record_buf);
14433 record_buf_mem);
14435 }
14437 /* Decodes thumb2 instruction type and invokes its record handler. */
14439 static unsigned int
14441 {
14449 {
14451 {
14452 /* Load/store multiple instruction. */
14454 }
14456 {
14457 /* Load/store (dual/exclusive) and table branch instruction. */
14459 }
14461 {
14462 /* Data-processing (shifted register). */
14464 }
14466 {
14467 /* Co-processor instructions. */
14469 }
14470 }
14472 {
14474 {
14475 /* Branches and miscellaneous control instructions. */
14477 }
14479 {
14480 /* Data-processing (plain binary immediate) instruction. */
14482 }
14483 else
14484 {
14485 /* Data-processing (modified immediate). */
14487 }
14488 }
14490 {
14492 {
14493 /* Store single data item. */
14495 }
14497 {
14498 /* Advanced SIMD or structure load/store instructions. */
14500 }
14502 {
14503 /* Load byte, memory hints instruction. */
14505 }
14507 {
14508 /* Load halfword, memory hints instruction. */
14510 }
14512 {
14513 /* Load word instruction. */
14515 }
14517 {
14518 /* Data-processing (register) instruction. */
14520 }
14522 {
14523 /* Multiply, multiply accumulate, abs diff instruction. */
14525 }
14527 {
14528 /* Long multiply, long multiply accumulate, and divide. */
14530 }
14532 {
14533 /* Co-processor instructions. */
14535 }
14536 }
14539 }
14542 /* Abstract instruction reader. */
14544 class abstract_instruction_reader
14545 {
14547 /* Read one instruction of size LEN from address MEMADDR and using
14548 BYTE_ORDER endianness. */
14552 };
14554 /* Instruction reader from real target. */
14557 {
14561 {
14563 }
14564 };
14570 /* Decode arm/thumb insn depending on condition cods and opcodes; and
14571 dispatch it. */
14573 static int
14577 {
14579 /* (Starting from numerical 0); bits 25, 26, 27 decodes type of arm
14580 instruction. */
14582 {
14590 arm_record_coproc_data_proc /* 111. */
14591 };
14593 /* (Starting from numerical 0); bits 13,14,15 decodes type of thumb
14594 instruction. */
14596 { \
14604 thumb_record_branch /* 111. */
14605 };
14609 enum bfd_endian code_endian
14611 arm_record->arm_insn
14615 {
14621 else
14622 {
14623 /* If this insn has fallen into extension space
14624 then we need not decode it anymore. */
14626 }
14628 {
14631 }
14632 }
14634 {
14635 /* As thumb does not have condition codes, we set negative. */
14640 {
14643 }
14644 }
14646 {
14647 /* As thumb does not have condition codes, we set negative. */
14650 /* Swap first half of 32bit thumb instruction with second half. */
14651 arm_record->arm_insn
14657 {
14660 }
14661 }
14662 else
14663 {
14664 /* Throw assertion. */
14666 }
14669 }
14671 #if GDB_SELF_TEST
14674 /* Instruction reader class for selftests.
14676 For 16-bit Thumb instructions, an array of uint16_t should be used.
14678 For 32-bit Thumb instructions and regular 32-bit Arm instructions, an array
14679 of uint32_t should be used. */
14683 {
14688 {}
14692 {
14698 }
14703 };
14705 static void
14707 {
14715 /* 16-bit Thumb instructions. */
14716 {
14717 arm_insn_decode_record arm_record;
14722 /* Use the endian-free representation of the instructions here. The test
14723 will handle endianness conversions. */
14725 /* db b2 uxtb r3, r3 */
14727 /* cd 58 ldr r5, [r1, r3] */
14729 };
14733 THUMB_INSN_SIZE_BYTES);
14742 THUMB_INSN_SIZE_BYTES);
14748 }
14750 /* 32-bit Thumb-2 instructions. */
14751 {
14752 arm_insn_decode_record arm_record;
14757 /* Use the endian-free representation of the instruction here. The test
14758 will handle endianness conversions. */
14760 /* mrc 15, 0, r7, cr13, cr0, {3} */
14762 };
14766 THUMB2_INSN_SIZE_BYTES);
14772 }
14774 /* 32-bit instructions. */
14775 {
14776 arm_insn_decode_record arm_record;
14781 /* Use the endian-free representation of the instruction here. The test
14782 will handle endianness conversions. */
14784 /* mov r5, r0 */
14786 };
14790 ARM_INSN_SIZE_BYTES);
14793 }
14794 }
14796 /* Instruction reader from manually cooked instruction sequences. */
14799 {
14803 {}
14806 {
14811 }
14815 };
14817 static void
14819 {
14821 {
14831 /* The "sub" instruction contains an immediate value rotate count of 0,
14832 which resulted in a 32-bit shift of a 32-bit value, caught by
14833 UBSan. */
14839 };
14842 arm_prologue_cache cache;
14846 }
14847 }
14852 /* Cleans up local record registers and memory allocations. */
14854 static void
14856 {
14859 }
14862 /* Parse the current instruction and record the values of the registers and
14863 memory that will be changed in current instruction to record_arch_list".
14864 Return -1 if something is wrong. */
14866 int
14868 CORE_ADDR insn_addr)
14869 {
14877 arm_insn_decode_record arm_record;
14886 {
14890 }
14892 instruction_reader reader;
14893 enum bfd_endian code_endian
14895 arm_record.arm_insn
14898 /* Check the insn, whether it is thumb or arm one. */
14905 {
14906 /* We are decoding arm insn. */
14908 }
14909 else
14910 {
14912 /* is it thumb2 insn? */
14914 {
14916 THUMB2_INSN_SIZE_BYTES);
14917 }
14918 else
14919 {
14920 /* We are decoding thumb insn. */
14922 THUMB_INSN_SIZE_BYTES);
14923 }
14924 }
14927 {
14928 /* Record registers. */
14931 {
14933 {
14937 }
14938 }
14939 /* Record memories. */
14941 {
14943 {
14948 }
14949 }
14953 }
14959 }
14961 /* See arm-tdep.h. */
14965 {
14969 {
14972 }
14975 }
14977 /* See arm-tdep.h. */
14981 {
14985 {
14988 }
14991 }