ARMDisassembler.cpp revision 206124 
1//===- ARMDisassembler.cpp - Disassembler for ARM/Thumb ISA -----*- C++ -*-===//
2//
3//                     The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9//
10// This file is part of the ARM Disassembler.
11// It contains code to implement the public interfaces of ARMDisassembler and
12// ThumbDisassembler, both of which are instances of MCDisassembler.
13//
14//===----------------------------------------------------------------------===//
15
16#define DEBUG_TYPE "arm-disassembler"
17
18#include "ARMDisassembler.h"
19#include "ARMDisassemblerCore.h"
20
21#include "llvm/MC/MCInst.h"
22#include "llvm/Target/TargetRegistry.h"
23#include "llvm/Support/Debug.h"
24#include "llvm/Support/MemoryObject.h"
25#include "llvm/Support/ErrorHandling.h"
26#include "llvm/Support/raw_ostream.h"
27
28/// ARMGenDecoderTables.inc - ARMDecoderTables.inc is tblgen'ed from
29/// ARMDecoderEmitter.cpp TableGen backend.  It contains:
30///
31/// o Mappings from opcode to ARM/Thumb instruction format
32///
33/// o static uint16_t decodeInstruction(uint32_t insn) - the decoding function
34/// for an ARM instruction.
35///
36/// o static uint16_t decodeThumbInstruction(field_t insn) - the decoding
37/// function for a Thumb instruction.
38///
39#include "../ARMGenDecoderTables.inc"
40
41namespace llvm {
42
43/// showBitVector - Use the raw_ostream to log a diagnostic message describing
44/// the inidividual bits of the instruction.
45///
46static inline void showBitVector(raw_ostream &os, const uint32_t &insn) {
47  // Split the bit position markers into more than one lines to fit 80 columns.
48  os << " 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11"
49     << " 10  9  8  7  6  5  4  3  2  1  0 \n";
50  os << "---------------------------------------------------------------"
51     << "----------------------------------\n";
52  os << '|';
53  for (unsigned i = 32; i != 0; --i) {
54    if (insn >> (i - 1) & 0x01)
55      os << " 1";
56    else
57      os << " 0";
58    os << (i%4 == 1 ? '|' : ':');
59  }
60  os << '\n';
61  // Split the bit position markers into more than one lines to fit 80 columns.
62  os << "---------------------------------------------------------------"
63     << "----------------------------------\n";
64  os << '\n';
65}
66
67/// decodeARMInstruction is a decorator function which tries special cases of
68/// instruction matching before calling the auto-generated decoder function.
69static unsigned decodeARMInstruction(uint32_t &insn) {
70  if (slice(insn, 31, 28) == 15)
71    goto AutoGenedDecoder;
72
73  // Special case processing, if any, goes here....
74
75  // LLVM combines the offset mode of A8.6.197 & A8.6.198 into STRB.
76  // The insufficient encoding information of the combined instruction confuses
77  // the decoder wrt BFC/BFI.  Therefore, we try to recover here.
78  // For BFC, Inst{27-21} = 0b0111110 & Inst{6-0} = 0b0011111.
79  // For BFI, Inst{27-21} = 0b0111110 & Inst{6-4} = 0b001 & Inst{3-0} =! 0b1111.
80  if (slice(insn, 27, 21) == 0x3e && slice(insn, 6, 4) == 1) {
81    if (slice(insn, 3, 0) == 15)
82      return ARM::BFC;
83    else
84      return ARM::BFI;
85  }
86
87  // Ditto for ADDSrs, which is a super-instruction for A8.6.7 & A8.6.8.
88  // As a result, the decoder fails to decode UMULL properly.
89  if (slice(insn, 27, 21) == 0x04 && slice(insn, 7, 4) == 9) {
90    return ARM::UMULL;
91  }
92
93  // Ditto for STR_PRE, which is a super-instruction for A8.6.194 & A8.6.195.
94  // As a result, the decoder fails to decode SBFX properly.
95  if (slice(insn, 27, 21) == 0x3d && slice(insn, 6, 4) == 5)
96    return ARM::SBFX;
97
98  // And STRB_PRE, which is a super-instruction for A8.6.197 & A8.6.198.
99  // As a result, the decoder fails to decode UBFX properly.
100  if (slice(insn, 27, 21) == 0x3f && slice(insn, 6, 4) == 5)
101    return ARM::UBFX;
102
103  // Ditto for STRT, which is a super-instruction for A8.6.210 Encoding A1 & A2.
104  // As a result, the decoder fails to deocode SSAT properly.
105  if (slice(insn, 27, 21) == 0x35 && slice(insn, 5, 4) == 1)
106    return slice(insn, 6, 6) == 0 ? ARM::SSATlsl : ARM::SSATasr;
107
108  // Ditto for RSCrs, which is a super-instruction for A8.6.146 & A8.6.147.
109  // As a result, the decoder fails to decode STRHT/LDRHT/LDRSHT/LDRSBT.
110  if (slice(insn, 27, 24) == 0) {
111    switch (slice(insn, 21, 20)) {
112    case 2:
113      switch (slice(insn, 7, 4)) {
114      case 11:
115        return ARM::STRHT;
116      default:
117        break; // fallthrough
118      }
119      break;
120    case 3:
121      switch (slice(insn, 7, 4)) {
122      case 11:
123        return ARM::LDRHT;
124      case 13:
125        return ARM::LDRSBT;
126      case 15:
127        return ARM::LDRSHT;
128      default:
129        break; // fallthrough
130      }
131      break;
132    default:
133      break;   // fallthrough
134    }
135  }
136
137  // Ditto for SBCrs, which is a super-instruction for A8.6.152 & A8.6.153.
138  // As a result, the decoder fails to decode STRH_Post/LDRD_POST/STRD_POST
139  // properly.
140  if (slice(insn, 27, 25) == 0 && slice(insn, 20, 20) == 0) {
141    unsigned PW = slice(insn, 24, 24) << 1 | slice(insn, 21, 21);
142    switch (slice(insn, 7, 4)) {
143    case 11:
144      switch (PW) {
145      case 2: // Offset
146        return ARM::STRH;
147      case 3: // Pre-indexed
148        return ARM::STRH_PRE;
149      case 0: // Post-indexed
150        return ARM::STRH_POST;
151      default:
152        break; // fallthrough
153      }
154      break;
155    case 13:
156      switch (PW) {
157      case 2: // Offset
158        return ARM::LDRD;
159      case 3: // Pre-indexed
160        return ARM::LDRD_PRE;
161      case 0: // Post-indexed
162        return ARM::LDRD_POST;
163      default:
164        break; // fallthrough
165      }
166      break;
167    case 15:
168      switch (PW) {
169      case 2: // Offset
170        return ARM::STRD;
171      case 3: // Pre-indexed
172        return ARM::STRD_PRE;
173      case 0: // Post-indexed
174        return ARM::STRD_POST;
175      default:
176        break; // fallthrough
177      }
178      break;
179    default:
180      break; // fallthrough
181    }
182  }
183
184  // Ditto for SBCSSrs, which is a super-instruction for A8.6.152 & A8.6.153.
185  // As a result, the decoder fails to decode LDRH_POST/LDRSB_POST/LDRSH_POST
186  // properly.
187  if (slice(insn, 27, 25) == 0 && slice(insn, 20, 20) == 1) {
188    unsigned PW = slice(insn, 24, 24) << 1 | slice(insn, 21, 21);
189    switch (slice(insn, 7, 4)) {
190    case 11:
191      switch (PW) {
192      case 2: // Offset
193        return ARM::LDRH;
194      case 3: // Pre-indexed
195        return ARM::LDRH_PRE;
196      case 0: // Post-indexed
197        return ARM::LDRH_POST;
198      default:
199        break; // fallthrough
200      }
201      break;
202    case 13:
203      switch (PW) {
204      case 2: // Offset
205        return ARM::LDRSB;
206      case 3: // Pre-indexed
207        return ARM::LDRSB_PRE;
208      case 0: // Post-indexed
209        return ARM::LDRSB_POST;
210      default:
211        break; // fallthrough
212      }
213      break;
214    case 15:
215      switch (PW) {
216      case 2: // Offset
217        return ARM::LDRSH;
218      case 3: // Pre-indexed
219        return ARM::LDRSH_PRE;
220      case 0: // Post-indexed
221        return ARM::LDRSH_POST;
222      default:
223        break; // fallthrough
224      }
225      break;
226    default:
227      break; // fallthrough
228    }
229  }
230
231AutoGenedDecoder:
232  // Calling the auto-generated decoder function.
233  return decodeInstruction(insn);
234}
235
236// Helper function for special case handling of LDR (literal) and friends.
237// See, for example, A6.3.7 Load word: Table A6-18 Load word.
238// See A8.6.57 T3, T4 & A8.6.60 T2 and friends for why we morphed the opcode
239// before returning it.
240static unsigned T2Morph2LoadLiteral(unsigned Opcode) {
241  switch (Opcode) {
242  default:
243    return Opcode; // Return unmorphed opcode.
244
245  case ARM::t2LDRDi8:
246    return ARM::t2LDRDpci;
247
248  case ARM::t2LDR_POST:   case ARM::t2LDR_PRE:
249  case ARM::t2LDRi12:     case ARM::t2LDRi8:
250  case ARM::t2LDRs:
251    return ARM::t2LDRpci;
252
253  case ARM::t2LDRB_POST:  case ARM::t2LDRB_PRE:
254  case ARM::t2LDRBi12:    case ARM::t2LDRBi8:
255  case ARM::t2LDRBs:
256    return ARM::t2LDRBpci;
257
258  case ARM::t2LDRH_POST:  case ARM::t2LDRH_PRE:
259  case ARM::t2LDRHi12:    case ARM::t2LDRHi8:
260  case ARM::t2LDRHs:
261    return ARM::t2LDRHpci;
262
263  case ARM::t2LDRSB_POST:  case ARM::t2LDRSB_PRE:
264  case ARM::t2LDRSBi12:    case ARM::t2LDRSBi8:
265  case ARM::t2LDRSBs:
266    return ARM::t2LDRSBpci;
267
268  case ARM::t2LDRSH_POST:  case ARM::t2LDRSH_PRE:
269  case ARM::t2LDRSHi12:    case ARM::t2LDRSHi8:
270  case ARM::t2LDRSHs:
271    return ARM::t2LDRSHpci;
272  }
273}
274
275/// decodeThumbSideEffect is a decorator function which can potentially twiddle
276/// the instruction or morph the returned opcode under Thumb2.
277///
278/// First it checks whether the insn is a NEON or VFP instr; if true, bit
279/// twiddling could be performed on insn to turn it into an ARM NEON/VFP
280/// equivalent instruction and decodeInstruction is called with the transformed
281/// insn.
282///
283/// Next, there is special handling for Load byte/halfword/word instruction by
284/// checking whether Rn=0b1111 and call T2Morph2LoadLiteral() on the decoded
285/// Thumb2 instruction.  See comments below for further details.
286///
287/// Finally, one last check is made to see whether the insn is a NEON/VFP and
288/// decodeInstruction(insn) is invoked on the original insn.
289///
290/// Otherwise, decodeThumbInstruction is called with the original insn.
291static unsigned decodeThumbSideEffect(bool IsThumb2, uint32_t &insn) {
292  if (IsThumb2) {
293    uint16_t op1 = slice(insn, 28, 27);
294    uint16_t op2 = slice(insn, 26, 20);
295
296    // A6.3 32-bit Thumb instruction encoding
297    // Table A6-9 32-bit Thumb instruction encoding
298
299    // The coprocessor instructions of interest are transformed to their ARM
300    // equivalents.
301
302    // --------- Transform Begin Marker ---------
303    if ((op1 == 1 || op1 == 3) && slice(op2, 6, 4) == 7) {
304      // A7.4 Advanced SIMD data-processing instructions
305      // U bit of Thumb corresponds to Inst{24} of ARM.
306      uint16_t U = slice(op1, 1, 1);
307
308      // Inst{28-24} of ARM = {1,0,0,1,U};
309      uint16_t bits28_24 = 9 << 1 | U;
310      DEBUG(showBitVector(errs(), insn));
311      setSlice(insn, 28, 24, bits28_24);
312      return decodeInstruction(insn);
313    }
314
315    if (op1 == 3 && slice(op2, 6, 4) == 1 && slice(op2, 0, 0) == 0) {
316      // A7.7 Advanced SIMD element or structure load/store instructions
317      // Inst{27-24} of Thumb = 0b1001
318      // Inst{27-24} of ARM   = 0b0100
319      DEBUG(showBitVector(errs(), insn));
320      setSlice(insn, 27, 24, 4);
321      return decodeInstruction(insn);
322    }
323    // --------- Transform End Marker ---------
324
325    // See, for example, A6.3.7 Load word: Table A6-18 Load word.
326    // See A8.6.57 T3, T4 & A8.6.60 T2 and friends for why we morphed the opcode
327    // before returning it to our caller.
328    if (op1 == 3 && slice(op2, 6, 5) == 0 && slice(op2, 0, 0) == 1
329        && slice(insn, 19, 16) == 15)
330      return T2Morph2LoadLiteral(decodeThumbInstruction(insn));
331
332    // One last check for NEON/VFP instructions.
333    if ((op1 == 1 || op1 == 3) && slice(op2, 6, 6) == 1)
334      return decodeInstruction(insn);
335
336    // Fall through.
337  }
338
339  return decodeThumbInstruction(insn);
340}
341
342static inline bool Thumb2PreloadOpcodeNoPCI(unsigned Opcode) {
343  switch (Opcode) {
344  default:
345    return false;
346  case ARM::t2PLDi12:   case ARM::t2PLDi8:
347  case ARM::t2PLDr:     case ARM::t2PLDs:
348  case ARM::t2PLDWi12:  case ARM::t2PLDWi8:
349  case ARM::t2PLDWr:    case ARM::t2PLDWs:
350  case ARM::t2PLIi12:   case ARM::t2PLIi8:
351  case ARM::t2PLIr:     case ARM::t2PLIs:
352    return true;
353  }
354}
355
356static inline unsigned T2Morph2Preload2PCI(unsigned Opcode) {
357  switch (Opcode) {
358  default:
359    return 0;
360  case ARM::t2PLDi12:   case ARM::t2PLDi8:
361  case ARM::t2PLDr:     case ARM::t2PLDs:
362    return ARM::t2PLDpci;
363  case ARM::t2PLDWi12:  case ARM::t2PLDWi8:
364  case ARM::t2PLDWr:    case ARM::t2PLDWs:
365    return ARM::t2PLDWpci;
366  case ARM::t2PLIi12:   case ARM::t2PLIi8:
367  case ARM::t2PLIr:     case ARM::t2PLIs:
368    return ARM::t2PLIpci;
369  }
370}
371
372//
373// Public interface for the disassembler
374//
375
376bool ARMDisassembler::getInstruction(MCInst &MI,
377                                     uint64_t &Size,
378                                     const MemoryObject &Region,
379                                     uint64_t Address,
380                                     raw_ostream &os) const {
381  // The machine instruction.
382  uint32_t insn;
383
384  // We want to read exactly 4 bytes of data.
385  if (Region.readBytes(Address, 4, (uint8_t*)&insn, NULL) == -1)
386    return false;
387
388  unsigned Opcode = decodeARMInstruction(insn);
389  ARMFormat Format = ARMFormats[Opcode];
390  Size = 4;
391
392  DEBUG({
393      errs() << "Opcode=" << Opcode << " Name=" << ARMUtils::OpcodeName(Opcode)
394             << " Format=" << stringForARMFormat(Format) << '(' << (int)Format
395             << ")\n";
396      showBitVector(errs(), insn);
397    });
398
399  ARMBasicMCBuilder *Builder = CreateMCBuilder(Opcode, Format);
400
401  if (!Builder)
402    return false;
403
404  if (!Builder->Build(MI, insn))
405    return false;
406
407  delete Builder;
408
409  return true;
410}
411
412bool ThumbDisassembler::getInstruction(MCInst &MI,
413                                       uint64_t &Size,
414                                       const MemoryObject &Region,
415                                       uint64_t Address,
416                                       raw_ostream &os) const {
417  // The machine instruction.
418  uint32_t insn = 0;
419  uint32_t insn1 = 0;
420
421  // A6.1 Thumb instruction set encoding
422  //
423  // If bits [15:11] of the halfword being decoded take any of the following
424  // values, the halfword is the first halfword of a 32-bit instruction:
425  // o 0b11101
426  // o 0b11110
427  // o 0b11111.
428  //
429  // Otherwise, the halfword is a 16-bit instruction.
430
431  // Read 2 bytes of data first.
432  if (Region.readBytes(Address, 2, (uint8_t*)&insn, NULL) == -1)
433    return false;
434
435  unsigned bits15_11 = slice(insn, 15, 11);
436  bool IsThumb2 = false;
437
438  // 32-bit instructions if the bits [15:11] of the halfword matches
439  // { 0b11101 /* 0x1D */, 0b11110 /* 0x1E */, ob11111 /* 0x1F */ }.
440  if (bits15_11 == 0x1D || bits15_11 == 0x1E || bits15_11 == 0x1F) {
441    IsThumb2 = true;
442    if (Region.readBytes(Address + 2, 2, (uint8_t*)&insn1, NULL) == -1)
443      return false;
444    insn = (insn << 16 | insn1);
445  }
446
447  // The insn could potentially be bit-twiddled in order to be decoded as an ARM
448  // NEON/VFP opcode.  In such case, the modified insn is later disassembled as
449  // an ARM NEON/VFP instruction.
450  //
451  // This is a short term solution for lack of encoding bits specified for the
452  // Thumb2 NEON/VFP instructions.  The long term solution could be adding some
453  // infrastructure to have each instruction support more than one encodings.
454  // Which encoding is used would be based on which subtarget the compiler/
455  // disassembler is working with at the time.  This would allow the sharing of
456  // the NEON patterns between ARM and Thumb2, as well as potential greater
457  // sharing between the regular ARM instructions and the 32-bit wide Thumb2
458  // instructions as well.
459  unsigned Opcode = decodeThumbSideEffect(IsThumb2, insn);
460
461  // A8.6.117/119/120/121.
462  // PLD/PLDW/PLI instructions with Rn==15 is transformed to the pci variant.
463  if (Thumb2PreloadOpcodeNoPCI(Opcode) && slice(insn, 19, 16) == 15)
464    Opcode = T2Morph2Preload2PCI(Opcode);
465
466  ARMFormat Format = ARMFormats[Opcode];
467  Size = IsThumb2 ? 4 : 2;
468
469  DEBUG({
470      errs() << "Opcode=" << Opcode << " Name=" << ARMUtils::OpcodeName(Opcode)
471             << " Format=" << stringForARMFormat(Format) << '(' << (int)Format
472             << ")\n";
473      showBitVector(errs(), insn);
474    });
475
476  ARMBasicMCBuilder *Builder = CreateMCBuilder(Opcode, Format);
477  Builder->setSession(const_cast<Session *>(&SO));
478
479  if (!Builder)
480    return false;
481
482  if (!Builder->Build(MI, insn))
483    return false;
484
485  delete Builder;
486
487  return true;
488}
489
490// A8.6.50
491static unsigned short CountITSize(unsigned ITMask) {
492  // First count the trailing zeros of the IT mask.
493  unsigned TZ = CountTrailingZeros_32(ITMask);
494  assert(TZ <= 3 && "Encoding error");
495  return (4 - TZ);
496}
497
498/// Init ITState.
499void Session::InitIT(unsigned short bits7_0) {
500  ITCounter = CountITSize(slice(bits7_0, 3, 0));
501  ITState = bits7_0;
502}
503
504/// Update ITState if necessary.
505void Session::UpdateIT() {
506  assert(ITCounter);
507  --ITCounter;
508  if (ITCounter == 0)
509    ITState = 0;
510  else {
511    unsigned short NewITState4_0 = slice(ITState, 4, 0) << 1;
512    setSlice(ITState, 4, 0, NewITState4_0);
513  }
514}
515
516static MCDisassembler *createARMDisassembler(const Target &T) {
517  return new ARMDisassembler;
518}
519
520static MCDisassembler *createThumbDisassembler(const Target &T) {
521  return new ThumbDisassembler;
522}
523
524extern "C" void LLVMInitializeARMDisassembler() {
525  // Register the disassembler.
526  TargetRegistry::RegisterMCDisassembler(TheARMTarget,
527                                         createARMDisassembler);
528  TargetRegistry::RegisterMCDisassembler(TheThumbTarget,
529                                         createThumbDisassembler);
530}
531
532} // namespace llvm
533