ARMDisassembler.cpp revision 208954 
1//===- ARMDisassembler.cpp - Disassembler for ARM/Thumb ISA -----*- C++ -*-===//
2//
3//                     The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9//
10// This file is part of the ARM Disassembler.
11// It contains code to implement the public interfaces of ARMDisassembler and
12// ThumbDisassembler, both of which are instances of MCDisassembler.
13//
14//===----------------------------------------------------------------------===//
15
16#define DEBUG_TYPE "arm-disassembler"
17
18#include "ARMDisassembler.h"
19#include "ARMDisassemblerCore.h"
20
21#include "llvm/MC/EDInstInfo.h"
22#include "llvm/MC/MCInst.h"
23#include "llvm/Target/TargetRegistry.h"
24#include "llvm/Support/Debug.h"
25#include "llvm/Support/MemoryObject.h"
26#include "llvm/Support/ErrorHandling.h"
27#include "llvm/Support/raw_ostream.h"
28
29/// ARMGenDecoderTables.inc - ARMDecoderTables.inc is tblgen'ed from
30/// ARMDecoderEmitter.cpp TableGen backend.  It contains:
31///
32/// o Mappings from opcode to ARM/Thumb instruction format
33///
34/// o static uint16_t decodeInstruction(uint32_t insn) - the decoding function
35/// for an ARM instruction.
36///
37/// o static uint16_t decodeThumbInstruction(field_t insn) - the decoding
38/// function for a Thumb instruction.
39///
40#include "../ARMGenDecoderTables.inc"
41
42#include "../ARMGenEDInfo.inc"
43
44using namespace llvm;
45
46/// showBitVector - Use the raw_ostream to log a diagnostic message describing
47/// the inidividual bits of the instruction.
48///
49static inline void showBitVector(raw_ostream &os, const uint32_t &insn) {
50  // Split the bit position markers into more than one lines to fit 80 columns.
51  os << " 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11"
52     << " 10  9  8  7  6  5  4  3  2  1  0 \n";
53  os << "---------------------------------------------------------------"
54     << "----------------------------------\n";
55  os << '|';
56  for (unsigned i = 32; i != 0; --i) {
57    if (insn >> (i - 1) & 0x01)
58      os << " 1";
59    else
60      os << " 0";
61    os << (i%4 == 1 ? '|' : ':');
62  }
63  os << '\n';
64  // Split the bit position markers into more than one lines to fit 80 columns.
65  os << "---------------------------------------------------------------"
66     << "----------------------------------\n";
67  os << '\n';
68}
69
70/// decodeARMInstruction is a decorator function which tries special cases of
71/// instruction matching before calling the auto-generated decoder function.
72static unsigned decodeARMInstruction(uint32_t &insn) {
73  if (slice(insn, 31, 28) == 15)
74    goto AutoGenedDecoder;
75
76  // Special case processing, if any, goes here....
77
78  // LLVM combines the offset mode of A8.6.197 & A8.6.198 into STRB.
79  // The insufficient encoding information of the combined instruction confuses
80  // the decoder wrt BFC/BFI.  Therefore, we try to recover here.
81  // For BFC, Inst{27-21} = 0b0111110 & Inst{6-0} = 0b0011111.
82  // For BFI, Inst{27-21} = 0b0111110 & Inst{6-4} = 0b001 & Inst{3-0} =! 0b1111.
83  if (slice(insn, 27, 21) == 0x3e && slice(insn, 6, 4) == 1) {
84    if (slice(insn, 3, 0) == 15)
85      return ARM::BFC;
86    else
87      return ARM::BFI;
88  }
89
90  // Ditto for ADDSrs, which is a super-instruction for A8.6.7 & A8.6.8.
91  // As a result, the decoder fails to decode UMULL properly.
92  if (slice(insn, 27, 21) == 0x04 && slice(insn, 7, 4) == 9) {
93    return ARM::UMULL;
94  }
95
96  // Ditto for STR_PRE, which is a super-instruction for A8.6.194 & A8.6.195.
97  // As a result, the decoder fails to decode SBFX properly.
98  if (slice(insn, 27, 21) == 0x3d && slice(insn, 6, 4) == 5)
99    return ARM::SBFX;
100
101  // And STRB_PRE, which is a super-instruction for A8.6.197 & A8.6.198.
102  // As a result, the decoder fails to decode UBFX properly.
103  if (slice(insn, 27, 21) == 0x3f && slice(insn, 6, 4) == 5)
104    return ARM::UBFX;
105
106  // Ditto for STRT, which is a super-instruction for A8.6.210 Encoding A1 & A2.
107  // As a result, the decoder fails to deocode SSAT properly.
108  if (slice(insn, 27, 21) == 0x35 && slice(insn, 5, 4) == 1)
109    return slice(insn, 6, 6) == 0 ? ARM::SSATlsl : ARM::SSATasr;
110
111  // Ditto for RSCrs, which is a super-instruction for A8.6.146 & A8.6.147.
112  // As a result, the decoder fails to decode STRHT/LDRHT/LDRSHT/LDRSBT.
113  if (slice(insn, 27, 24) == 0) {
114    switch (slice(insn, 21, 20)) {
115    case 2:
116      switch (slice(insn, 7, 4)) {
117      case 11:
118        return ARM::STRHT;
119      default:
120        break; // fallthrough
121      }
122      break;
123    case 3:
124      switch (slice(insn, 7, 4)) {
125      case 11:
126        return ARM::LDRHT;
127      case 13:
128        return ARM::LDRSBT;
129      case 15:
130        return ARM::LDRSHT;
131      default:
132        break; // fallthrough
133      }
134      break;
135    default:
136      break;   // fallthrough
137    }
138  }
139
140  // Ditto for SBCrs, which is a super-instruction for A8.6.152 & A8.6.153.
141  // As a result, the decoder fails to decode STRH_Post/LDRD_POST/STRD_POST
142  // properly.
143  if (slice(insn, 27, 25) == 0 && slice(insn, 20, 20) == 0) {
144    unsigned PW = slice(insn, 24, 24) << 1 | slice(insn, 21, 21);
145    switch (slice(insn, 7, 4)) {
146    case 11:
147      switch (PW) {
148      case 2: // Offset
149        return ARM::STRH;
150      case 3: // Pre-indexed
151        return ARM::STRH_PRE;
152      case 0: // Post-indexed
153        return ARM::STRH_POST;
154      default:
155        break; // fallthrough
156      }
157      break;
158    case 13:
159      switch (PW) {
160      case 2: // Offset
161        return ARM::LDRD;
162      case 3: // Pre-indexed
163        return ARM::LDRD_PRE;
164      case 0: // Post-indexed
165        return ARM::LDRD_POST;
166      default:
167        break; // fallthrough
168      }
169      break;
170    case 15:
171      switch (PW) {
172      case 2: // Offset
173        return ARM::STRD;
174      case 3: // Pre-indexed
175        return ARM::STRD_PRE;
176      case 0: // Post-indexed
177        return ARM::STRD_POST;
178      default:
179        break; // fallthrough
180      }
181      break;
182    default:
183      break; // fallthrough
184    }
185  }
186
187  // Ditto for SBCSSrs, which is a super-instruction for A8.6.152 & A8.6.153.
188  // As a result, the decoder fails to decode LDRH_POST/LDRSB_POST/LDRSH_POST
189  // properly.
190  if (slice(insn, 27, 25) == 0 && slice(insn, 20, 20) == 1) {
191    unsigned PW = slice(insn, 24, 24) << 1 | slice(insn, 21, 21);
192    switch (slice(insn, 7, 4)) {
193    case 11:
194      switch (PW) {
195      case 2: // Offset
196        return ARM::LDRH;
197      case 3: // Pre-indexed
198        return ARM::LDRH_PRE;
199      case 0: // Post-indexed
200        return ARM::LDRH_POST;
201      default:
202        break; // fallthrough
203      }
204      break;
205    case 13:
206      switch (PW) {
207      case 2: // Offset
208        return ARM::LDRSB;
209      case 3: // Pre-indexed
210        return ARM::LDRSB_PRE;
211      case 0: // Post-indexed
212        return ARM::LDRSB_POST;
213      default:
214        break; // fallthrough
215      }
216      break;
217    case 15:
218      switch (PW) {
219      case 2: // Offset
220        return ARM::LDRSH;
221      case 3: // Pre-indexed
222        return ARM::LDRSH_PRE;
223      case 0: // Post-indexed
224        return ARM::LDRSH_POST;
225      default:
226        break; // fallthrough
227      }
228      break;
229    default:
230      break; // fallthrough
231    }
232  }
233
234AutoGenedDecoder:
235  // Calling the auto-generated decoder function.
236  return decodeInstruction(insn);
237}
238
239// Helper function for special case handling of LDR (literal) and friends.
240// See, for example, A6.3.7 Load word: Table A6-18 Load word.
241// See A8.6.57 T3, T4 & A8.6.60 T2 and friends for why we morphed the opcode
242// before returning it.
243static unsigned T2Morph2LoadLiteral(unsigned Opcode) {
244  switch (Opcode) {
245  default:
246    return Opcode; // Return unmorphed opcode.
247
248  case ARM::t2LDRDi8:
249    return ARM::t2LDRDpci;
250
251  case ARM::t2LDR_POST:   case ARM::t2LDR_PRE:
252  case ARM::t2LDRi12:     case ARM::t2LDRi8:
253  case ARM::t2LDRs:       case ARM::t2LDRT:
254    return ARM::t2LDRpci;
255
256  case ARM::t2LDRB_POST:  case ARM::t2LDRB_PRE:
257  case ARM::t2LDRBi12:    case ARM::t2LDRBi8:
258  case ARM::t2LDRBs:      case ARM::t2LDRBT:
259    return ARM::t2LDRBpci;
260
261  case ARM::t2LDRH_POST:  case ARM::t2LDRH_PRE:
262  case ARM::t2LDRHi12:    case ARM::t2LDRHi8:
263  case ARM::t2LDRHs:      case ARM::t2LDRHT:
264    return ARM::t2LDRHpci;
265
266  case ARM::t2LDRSB_POST:  case ARM::t2LDRSB_PRE:
267  case ARM::t2LDRSBi12:    case ARM::t2LDRSBi8:
268  case ARM::t2LDRSBs:      case ARM::t2LDRSBT:
269    return ARM::t2LDRSBpci;
270
271  case ARM::t2LDRSH_POST:  case ARM::t2LDRSH_PRE:
272  case ARM::t2LDRSHi12:    case ARM::t2LDRSHi8:
273  case ARM::t2LDRSHs:      case ARM::t2LDRSHT:
274    return ARM::t2LDRSHpci;
275  }
276}
277
278/// decodeThumbSideEffect is a decorator function which can potentially twiddle
279/// the instruction or morph the returned opcode under Thumb2.
280///
281/// First it checks whether the insn is a NEON or VFP instr; if true, bit
282/// twiddling could be performed on insn to turn it into an ARM NEON/VFP
283/// equivalent instruction and decodeInstruction is called with the transformed
284/// insn.
285///
286/// Next, there is special handling for Load byte/halfword/word instruction by
287/// checking whether Rn=0b1111 and call T2Morph2LoadLiteral() on the decoded
288/// Thumb2 instruction.  See comments below for further details.
289///
290/// Finally, one last check is made to see whether the insn is a NEON/VFP and
291/// decodeInstruction(insn) is invoked on the original insn.
292///
293/// Otherwise, decodeThumbInstruction is called with the original insn.
294static unsigned decodeThumbSideEffect(bool IsThumb2, uint32_t &insn) {
295  if (IsThumb2) {
296    uint16_t op1 = slice(insn, 28, 27);
297    uint16_t op2 = slice(insn, 26, 20);
298
299    // A6.3 32-bit Thumb instruction encoding
300    // Table A6-9 32-bit Thumb instruction encoding
301
302    // The coprocessor instructions of interest are transformed to their ARM
303    // equivalents.
304
305    // --------- Transform Begin Marker ---------
306    if ((op1 == 1 || op1 == 3) && slice(op2, 6, 4) == 7) {
307      // A7.4 Advanced SIMD data-processing instructions
308      // U bit of Thumb corresponds to Inst{24} of ARM.
309      uint16_t U = slice(op1, 1, 1);
310
311      // Inst{28-24} of ARM = {1,0,0,1,U};
312      uint16_t bits28_24 = 9 << 1 | U;
313      DEBUG(showBitVector(errs(), insn));
314      setSlice(insn, 28, 24, bits28_24);
315      return decodeInstruction(insn);
316    }
317
318    if (op1 == 3 && slice(op2, 6, 4) == 1 && slice(op2, 0, 0) == 0) {
319      // A7.7 Advanced SIMD element or structure load/store instructions
320      // Inst{27-24} of Thumb = 0b1001
321      // Inst{27-24} of ARM   = 0b0100
322      DEBUG(showBitVector(errs(), insn));
323      setSlice(insn, 27, 24, 4);
324      return decodeInstruction(insn);
325    }
326    // --------- Transform End Marker ---------
327
328    // See, for example, A6.3.7 Load word: Table A6-18 Load word.
329    // See A8.6.57 T3, T4 & A8.6.60 T2 and friends for why we morphed the opcode
330    // before returning it to our caller.
331    if (op1 == 3 && slice(op2, 6, 5) == 0 && slice(op2, 0, 0) == 1
332        && slice(insn, 19, 16) == 15)
333      return T2Morph2LoadLiteral(decodeThumbInstruction(insn));
334
335    // One last check for NEON/VFP instructions.
336    if ((op1 == 1 || op1 == 3) && slice(op2, 6, 6) == 1)
337      return decodeInstruction(insn);
338
339    // Fall through.
340  }
341
342  return decodeThumbInstruction(insn);
343}
344
345static inline bool Thumb2PreloadOpcodeNoPCI(unsigned Opcode) {
346  switch (Opcode) {
347  default:
348    return false;
349  case ARM::t2PLDi12:   case ARM::t2PLDi8:
350  case ARM::t2PLDr:     case ARM::t2PLDs:
351  case ARM::t2PLDWi12:  case ARM::t2PLDWi8:
352  case ARM::t2PLDWr:    case ARM::t2PLDWs:
353  case ARM::t2PLIi12:   case ARM::t2PLIi8:
354  case ARM::t2PLIr:     case ARM::t2PLIs:
355    return true;
356  }
357}
358
359static inline unsigned T2Morph2Preload2PCI(unsigned Opcode) {
360  switch (Opcode) {
361  default:
362    return 0;
363  case ARM::t2PLDi12:   case ARM::t2PLDi8:
364  case ARM::t2PLDr:     case ARM::t2PLDs:
365    return ARM::t2PLDpci;
366  case ARM::t2PLDWi12:  case ARM::t2PLDWi8:
367  case ARM::t2PLDWr:    case ARM::t2PLDWs:
368    return ARM::t2PLDWpci;
369  case ARM::t2PLIi12:   case ARM::t2PLIi8:
370  case ARM::t2PLIr:     case ARM::t2PLIs:
371    return ARM::t2PLIpci;
372  }
373}
374
375//
376// Public interface for the disassembler
377//
378
379bool ARMDisassembler::getInstruction(MCInst &MI,
380                                     uint64_t &Size,
381                                     const MemoryObject &Region,
382                                     uint64_t Address,
383                                     raw_ostream &os) const {
384  // The machine instruction.
385  uint32_t insn;
386  uint8_t bytes[4];
387
388  // We want to read exactly 4 bytes of data.
389  if (Region.readBytes(Address, 4, (uint8_t*)bytes, NULL) == -1)
390    return false;
391
392  // Encoded as a small-endian 32-bit word in the stream.
393  insn = (bytes[3] << 24) |
394         (bytes[2] << 16) |
395         (bytes[1] <<  8) |
396         (bytes[0] <<  0);
397
398  unsigned Opcode = decodeARMInstruction(insn);
399  ARMFormat Format = ARMFormats[Opcode];
400  Size = 4;
401
402  DEBUG({
403      errs() << "Opcode=" << Opcode << " Name=" << ARMUtils::OpcodeName(Opcode)
404             << " Format=" << stringForARMFormat(Format) << '(' << (int)Format
405             << ")\n";
406      showBitVector(errs(), insn);
407    });
408
409  ARMBasicMCBuilder *Builder = CreateMCBuilder(Opcode, Format);
410  if (!Builder)
411    return false;
412
413  if (!Builder->Build(MI, insn))
414    return false;
415
416  delete Builder;
417
418  return true;
419}
420
421bool ThumbDisassembler::getInstruction(MCInst &MI,
422                                       uint64_t &Size,
423                                       const MemoryObject &Region,
424                                       uint64_t Address,
425                                       raw_ostream &os) const {
426  // The Thumb instruction stream is a sequence of halhwords.
427
428  // This represents the first halfword as well as the machine instruction
429  // passed to decodeThumbInstruction().  For 16-bit Thumb instruction, the top
430  // halfword of insn is 0x00 0x00; otherwise, the first halfword is moved to
431  // the top half followed by the second halfword.
432  uint32_t insn = 0;
433  // Possible second halfword.
434  uint16_t insn1 = 0;
435
436  // A6.1 Thumb instruction set encoding
437  //
438  // If bits [15:11] of the halfword being decoded take any of the following
439  // values, the halfword is the first halfword of a 32-bit instruction:
440  // o 0b11101
441  // o 0b11110
442  // o 0b11111.
443  //
444  // Otherwise, the halfword is a 16-bit instruction.
445
446  // Read 2 bytes of data first.
447  uint8_t bytes[2];
448  if (Region.readBytes(Address, 2, (uint8_t*)bytes, NULL) == -1)
449    return false;
450
451  // Encoded as a small-endian 16-bit halfword in the stream.
452  insn = (bytes[1] << 8) | bytes[0];
453  unsigned bits15_11 = slice(insn, 15, 11);
454  bool IsThumb2 = false;
455
456  // 32-bit instructions if the bits [15:11] of the halfword matches
457  // { 0b11101 /* 0x1D */, 0b11110 /* 0x1E */, ob11111 /* 0x1F */ }.
458  if (bits15_11 == 0x1D || bits15_11 == 0x1E || bits15_11 == 0x1F) {
459    IsThumb2 = true;
460    if (Region.readBytes(Address + 2, 2, (uint8_t*)bytes, NULL) == -1)
461      return false;
462    // Encoded as a small-endian 16-bit halfword in the stream.
463    insn1 = (bytes[1] << 8) | bytes[0];
464    insn = (insn << 16 | insn1);
465  }
466
467  // The insn could potentially be bit-twiddled in order to be decoded as an ARM
468  // NEON/VFP opcode.  In such case, the modified insn is later disassembled as
469  // an ARM NEON/VFP instruction.
470  //
471  // This is a short term solution for lack of encoding bits specified for the
472  // Thumb2 NEON/VFP instructions.  The long term solution could be adding some
473  // infrastructure to have each instruction support more than one encodings.
474  // Which encoding is used would be based on which subtarget the compiler/
475  // disassembler is working with at the time.  This would allow the sharing of
476  // the NEON patterns between ARM and Thumb2, as well as potential greater
477  // sharing between the regular ARM instructions and the 32-bit wide Thumb2
478  // instructions as well.
479  unsigned Opcode = decodeThumbSideEffect(IsThumb2, insn);
480
481  // A8.6.117/119/120/121.
482  // PLD/PLDW/PLI instructions with Rn==15 is transformed to the pci variant.
483  if (Thumb2PreloadOpcodeNoPCI(Opcode) && slice(insn, 19, 16) == 15)
484    Opcode = T2Morph2Preload2PCI(Opcode);
485
486  ARMFormat Format = ARMFormats[Opcode];
487  Size = IsThumb2 ? 4 : 2;
488
489  DEBUG({
490      errs() << "Opcode=" << Opcode << " Name=" << ARMUtils::OpcodeName(Opcode)
491             << " Format=" << stringForARMFormat(Format) << '(' << (int)Format
492             << ")\n";
493      showBitVector(errs(), insn);
494    });
495
496  ARMBasicMCBuilder *Builder = CreateMCBuilder(Opcode, Format);
497  if (!Builder)
498    return false;
499
500  Builder->SetSession(const_cast<Session *>(&SO));
501
502  if (!Builder->Build(MI, insn))
503    return false;
504
505  delete Builder;
506
507  return true;
508}
509
510// A8.6.50
511// Valid return values are {1, 2, 3, 4}, with 0 signifying an error condition.
512static unsigned short CountITSize(unsigned ITMask) {
513  // First count the trailing zeros of the IT mask.
514  unsigned TZ = CountTrailingZeros_32(ITMask);
515  if (TZ > 3) {
516    DEBUG(errs() << "Encoding error: IT Mask '0000'");
517    return 0;
518  }
519  return (4 - TZ);
520}
521
522/// Init ITState.  Note that at least one bit is always 1 in mask.
523bool Session::InitIT(unsigned short bits7_0) {
524  ITCounter = CountITSize(slice(bits7_0, 3, 0));
525  if (ITCounter == 0)
526    return false;
527
528  // A8.6.50 IT
529  unsigned short FirstCond = slice(bits7_0, 7, 4);
530  if (FirstCond == 0xF) {
531    DEBUG(errs() << "Encoding error: IT FirstCond '1111'");
532    return false;
533  }
534  if (FirstCond == 0xE && ITCounter != 1) {
535    DEBUG(errs() << "Encoding error: IT FirstCond '1110' && Mask != '1000'");
536    return false;
537  }
538
539  ITState = bits7_0;
540
541  return true;
542}
543
544/// Update ITState if necessary.
545void Session::UpdateIT() {
546  assert(ITCounter);
547  --ITCounter;
548  if (ITCounter == 0)
549    ITState = 0;
550  else {
551    unsigned short NewITState4_0 = slice(ITState, 4, 0) << 1;
552    setSlice(ITState, 4, 0, NewITState4_0);
553  }
554}
555
556static MCDisassembler *createARMDisassembler(const Target &T) {
557  return new ARMDisassembler;
558}
559
560static MCDisassembler *createThumbDisassembler(const Target &T) {
561  return new ThumbDisassembler;
562}
563
564extern "C" void LLVMInitializeARMDisassembler() {
565  // Register the disassembler.
566  TargetRegistry::RegisterMCDisassembler(TheARMTarget,
567                                         createARMDisassembler);
568  TargetRegistry::RegisterMCDisassembler(TheThumbTarget,
569                                         createThumbDisassembler);
570}
571
572EDInstInfo *ARMDisassembler::getEDInfo() const {
573  return instInfoARM;
574}
575
576EDInstInfo *ThumbDisassembler::getEDInfo() const {
577  return instInfoARM;
578}
579