#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
+#include <stddef.h>
#include <string.h>
#include <math.h>
#include <errno.h>
OP_MOVS,
OP_CMPS,
OP_SCAS,
+ OP_RDTSC,
+ OP_CPUID,
OP_STD,
OP_CLD,
OP_RET,
OP_FLDc,
OP_FST,
OP_FIST,
+ OP_FABS,
OP_FADD,
OP_FDIV,
OP_FMUL,
unsigned char pfo;
unsigned char pfo_inv;
unsigned char operand_cnt;
- unsigned char p_argnum; // arg push: altered before call arg #
+ unsigned char p_argnum; // arg push: call's saved arg #
unsigned char p_arggrp; // arg push: arg group # for above
unsigned char p_argpass;// arg push: arg of host func
- short p_argnext;// arg push: same arg pushed elsewhere or -1
+ short pad;
int regmask_src; // all referensed regs
int regmask_dst;
int pfomask; // flagop: parsed_flag_op that can't be delayed
enum sct_func_attr {
SCTFA_CLEAR_SF = (1 << 0), // clear stack frame
SCTFA_CLEAR_REGS = (1 << 1), // clear registers (mask)
- SCTFA_RM_REGS = (1 << 2), // don't emit regs
+ SCTFA_RM_REGS = (1 << 2), // don't emit regs (mask)
SCTFA_NOWARN = (1 << 3), // don't try to detect problems
+ SCTFA_ARGFRAME = (1 << 4), // copy all args to a struct, in order
+ SCTFA_UA_FLOAT = (1 << 5), // emit float i/o helpers for alignemnt
};
enum x87_const {
SEG_GS,
};
-// note: limited to 32k due to p_argnext
#define MAX_OPS 4096
#define MAX_ARG_GRP 2
static int g_skip_func;
static int g_allow_regfunc;
static int g_allow_user_icall;
+static int g_nowarn_reguse;
static int g_quiet_pp;
static int g_header_mode;
};
#define mxAX (1 << xAX)
+#define mxBX (1 << xBX)
#define mxCX (1 << xCX)
#define mxDX (1 << xDX)
#define mxSP (1 << xSP)
if (p == NULL)
aerr("%s IDA stackvar not set?\n", __func__);
}
- if (!('0' <= *s && *s <= '9')) {
- aerr("%s IDA stackvar offset not set?\n", __func__);
- return NULL;
- }
- if (s[0] == '0' && s[1] == 'x')
- s += 2;
- len = p - s;
- if (len < sizeof(buf) - 1) {
- strncpy(buf, s, len);
- buf[len] = 0;
- errno = 0;
- val = strtol(buf, &endp, 16);
- if (val == 0 || *endp != 0 || errno != 0) {
- aerr("%s num parse fail for '%s'\n", __func__, buf);
- return NULL;
+ if ('0' <= *s && *s <= '9') {
+ if (s[0] == '0' && s[1] == 'x')
+ s += 2;
+ len = p - s;
+ if (len < sizeof(buf) - 1) {
+ strncpy(buf, s, len);
+ buf[len] = 0;
+ errno = 0;
+ val = strtol(buf, &endp, 16);
+ if (val == 0 || *endp != 0 || errno != 0) {
+ aerr("%s num parse fail for '%s'\n", __func__, buf);
+ return NULL;
+ }
}
+ p++;
+ }
+ else {
+ // probably something like [esp+arg_4+2]
+ p = s;
+ val = 0;
}
- p++;
}
else
p = name + 4;
{ "repz", OPF_REP|OPF_REPZ },
{ "repne", OPF_REP|OPF_REPNZ },
{ "repnz", OPF_REP|OPF_REPNZ },
- { "lock", OPF_LOCK }, // ignored for now..
+ { "lock", OPF_LOCK },
};
#define OPF_CJMP_CC (OPF_JMP|OPF_CJMP|OPF_CC)
{ "scasb",OP_SCAS, 0, 0, OPF_DATA|OPF_FLAGS },
{ "scasw",OP_SCAS, 0, 0, OPF_DATA|OPF_FLAGS },
{ "scasd",OP_SCAS, 0, 0, OPF_DATA|OPF_FLAGS },
+ { "rdtsc",OP_RDTSC, 0, 0, OPF_DATA },
+ { "cpuid",OP_CPUID, 0, 0, OPF_DATA },
{ "std", OP_STD, 0, 0, OPF_DATA }, // special flag
{ "cld", OP_CLD, 0, 0, OPF_DATA },
{ "add", OP_ADD, 2, 2, OPF_DATA|OPF_FLAGS },
{ "fstp", OP_FST, 1, 1, OPF_FPOP },
{ "fist", OP_FIST, 1, 1, OPF_FINT },
{ "fistp", OP_FIST, 1, 1, OPF_FPOP|OPF_FINT },
+ { "fabs", OP_FABS, 0, 0, 0 },
{ "fadd", OP_FADD, 0, 2, 0 },
{ "faddp", OP_FADD, 0, 2, OPF_FPOP },
{ "fdiv", OP_FDIV, 0, 2, 0 },
op->regmask_dst = op->regmask_src;
break;
+ case OP_RDTSC:
+ op->regmask_dst = mxAX | mxDX;
+ break;
+
+ case OP_CPUID:
+ // for now, ignore ecx dep for eax={4,7,b,d}
+ op->regmask_src = mxAX;
+ op->regmask_dst = mxAX | mxBX | mxCX | mxDX;
+ break;
+
case OP_LOOP:
op->regmask_dst = 1 << xCX;
// fallthrough
case OP_CALL:
// needed because of OPF_DATA
- op->regmask_src = op->regmask_dst;
+ op->regmask_src |= op->regmask_dst;
// trashed regs must be explicitly detected later
op->regmask_dst = 0;
break;
case OP_FISUB:
case OP_FIDIVR:
case OP_FISUBR:
+ case OP_FABS:
case OP_FCHS:
case OP_FCOS:
case OP_FSIN:
return 0;
}
+// returns g_func_pp arg number if arg is accessed
+// -1 otherwise (stack vars, va_list)
+// note: 'popr' must be from 'po', not some other op
static int stack_frame_access(struct parsed_op *po,
struct parsed_opr *popr, char *buf, size_t buf_size,
const char *name, const char *cast, int is_src, int is_lea)
const char *prefix = "";
const char *bp_arg = NULL;
char ofs_reg[16] = { 0, };
+ char argname[8], buf2[32];
int i, arg_i, arg_s;
int unaligned = 0;
int stack_ra = 0;
arg_i = (offset - stack_ra - 4) / 4;
if (arg_i < 0 || arg_i >= g_func_pp->argc_stack)
{
- if (g_func_pp->is_vararg
- && arg_i == g_func_pp->argc_stack && is_lea)
- {
- // should be va_list
- if (cast[0] == 0)
- cast = "(u32)";
- snprintf(buf, buf_size, "%sap", cast);
+ if (g_func_pp->is_vararg && arg_i >= g_func_pp->argc_stack) {
+ // vararg access - messy and non-portable,
+ // but works with gcc on both x86 and ARM
+ if (arg_i == g_func_pp->argc_stack)
+ // should be va_list
+ snprintf(buf2, sizeof(buf2), "*(u32 *)&ap");
+ else
+ snprintf(buf2, sizeof(buf2), "(*(u32 *)&ap + %u)",
+ (arg_i - g_func_pp->argc_stack) * 4);
+
+ if (is_lea)
+ snprintf(buf, buf_size, "%s%s", cast, buf2);
+ else
+ snprintf(buf, buf_size, "%s*(u32 *)%s", cast, buf2);
return -1;
}
- ferr(po, "offset %d (%s,%d) doesn't map to any arg\n",
+ ferr(po, "offset 0x%x (%s,%d) doesn't map to any arg\n",
offset, bp_arg, arg_i);
}
if (ofs_reg[0] != 0)
popr->is_ptr = g_func_pp->arg[i].type.is_ptr;
retval = i;
+ snprintf(argname, sizeof(argname), "%sa%d",
+ g_sct_func_attr & SCTFA_ARGFRAME ? "af." : "", i + 1);
+
switch (popr->lmod)
{
case OPLM_BYTE:
if (is_lea)
ferr(po, "lea/byte to arg?\n");
if (is_src && (offset & 3) == 0)
- snprintf(buf, buf_size, "%sa%d",
- simplify_cast(cast, "(u8)"), i + 1);
+ snprintf(buf, buf_size, "%s%s",
+ simplify_cast(cast, "(u8)"), argname);
else
- snprintf(buf, buf_size, "%sBYTE%d(a%d)",
- cast, offset & 3, i + 1);
+ snprintf(buf, buf_size, "%sBYTE%d(%s)",
+ cast, offset & 3, argname);
break;
case OPLM_WORD:
if (!is_src) {
if (offset & 2)
ferr(po, "problematic arg store\n");
- snprintf(buf, buf_size, "%s((char *)&a%d + 1)",
- simplify_cast(cast, "*(u16 *)"), i + 1);
+ snprintf(buf, buf_size, "%s((char *)&%s + 1)",
+ simplify_cast(cast, "*(u16 *)"), argname);
}
else
ferr(po, "unaligned arg word load\n");
}
else if (is_src && (offset & 2) == 0)
- snprintf(buf, buf_size, "%sa%d",
- simplify_cast(cast, "(u16)"), i + 1);
+ snprintf(buf, buf_size, "%s%s",
+ simplify_cast(cast, "(u16)"), argname);
else
- snprintf(buf, buf_size, "%s%sWORD(a%d)",
- cast, (offset & 2) ? "HI" : "LO", i + 1);
+ snprintf(buf, buf_size, "%s%sWORD(%s)",
+ cast, (offset & 2) ? "HI" : "LO", argname);
break;
case OPLM_DWORD:
if (offset & 3) {
unaligned = 1;
if (is_lea)
- snprintf(buf, buf_size, "(u32)&a%d + %d",
- i + 1, offset & 3);
+ snprintf(buf, buf_size, "(u32)&%s + %d",
+ argname, offset & 3);
else if (!is_src)
ferr(po, "unaligned arg store\n");
else {
// mov edx, [ebp+arg_4+2]; movsx ecx, dx
- snprintf(buf, buf_size, "%s(a%d >> %d)",
- prefix, i + 1, (offset & 3) * 8);
+ snprintf(buf, buf_size, "%s(%s >> %d)",
+ prefix, argname, (offset & 3) * 8);
}
}
else {
- snprintf(buf, buf_size, "%s%sa%d",
- prefix, is_lea ? "&" : "", i + 1);
+ snprintf(buf, buf_size, "%s%s%s",
+ prefix, is_lea ? "&" : "", argname);
}
break;
ferr_assert(po, !(offset & 7));
if (cast[0])
prefix = cast;
- snprintf(buf, buf_size, "%s%sa%d",
- prefix, is_lea ? "&" : "", i + 1);
+ snprintf(buf, buf_size, "%s%s%s",
+ prefix, is_lea ? "&" : "", argname);
break;
default:
return out_src_opr(buf, buf_size, po, popr, NULL, 0);
}
+// do we need a helper func to perform a float i/o?
+static int float_opr_needs_helper(struct parsed_op *po,
+ struct parsed_opr *popr)
+{
+ if (!(g_sct_func_attr & SCTFA_UA_FLOAT))
+ return 0;
+ if (popr->type != OPT_REGMEM)
+ return 0;
+ if (is_stack_access(po, popr))
+ return 0;
+
+ return 1;
+}
+
static char *out_opr_float(char *buf, size_t buf_size,
struct parsed_op *po, struct parsed_opr *popr, int is_src,
int need_float_stack)
break;
}
out_src_opr(tmp, sizeof(tmp), po, popr, "", 1);
- snprintf(buf, buf_size, "*(%s *)(%s)", cast, tmp);
+ if (is_src && float_opr_needs_helper(po, popr))
+ snprintf(buf, buf_size, "%s_load(%s)", cast, tmp);
+ else
+ snprintf(buf, buf_size, "*(%s *)(%s)", cast, tmp);
break;
case OPT_CONST:
// note: this skips over calls and rm'd stuff assuming they're handled
// so it's intended to use at one of final passes
+// exception: doesn't skip OPF_RSAVE stuff
static int scan_for_pop(int i, int opcnt, int magic, int reg,
- int depth, int seen_noreturn, int flags_set)
+ int depth, int seen_noreturn, int save_level, int flags_set)
{
struct parsed_op *po;
int relevant;
po->cc_scratch = magic;
if (po->flags & OPF_TAIL) {
- if (po->op == OP_CALL) {
- if (po->pp != NULL && po->pp->is_noreturn)
- seen_noreturn = 1;
- else
+ if (po->op == OP_CALL && po->pp != NULL && po->pp->is_noreturn) {
+ // msvc sometimes generates stack cleanup code after
+ // noreturn, set a flag and continue
+ seen_noreturn = 1;
+
+ // ... but stop if there is another path to next insn -
+ // if msvc skipped something stack tracking may mess up
+ if (i + 1 < opcnt && g_labels[i + 1] != NULL)
goto out;
}
else
goto out;
}
- if (po->flags & (OPF_RMD|OPF_DONE|OPF_FARG))
+ if (po->flags & OPF_FARG)
continue;
+ if (po->flags & (OPF_RMD|OPF_DONE)) {
+ if (!(po->flags & OPF_RSAVE))
+ continue;
+ // reprocess, there might be another push in some "parallel"
+ // path that took a pop what we should also take
+ }
if ((po->flags & OPF_JMP) && po->op != OP_CALL) {
if (po->btj != NULL) {
for (j = 0; j < po->btj->count; j++) {
check_i(po, po->btj->d[j].bt_i);
ret |= scan_for_pop(po->btj->d[j].bt_i, opcnt, magic, reg,
- depth, seen_noreturn, flags_set);
+ depth, seen_noreturn, save_level, flags_set);
if (ret < 0)
return ret; // dead end
}
check_i(po, po->bt_i);
if (po->flags & OPF_CJMP) {
ret |= scan_for_pop(po->bt_i, opcnt, magic, reg,
- depth, seen_noreturn, flags_set);
+ depth, seen_noreturn, save_level, flags_set);
if (ret < 0)
return ret; // dead end
}
}
else if (po->op == OP_POP) {
if (relevant && depth == 0) {
+ if (flags_set == 0 && save_level > 0) {
+ ret = scan_for_pop(i + 1, opcnt, magic, reg,
+ depth, seen_noreturn, save_level - 1, flags_set);
+ if (ret != 1)
+ // no pop for other levels, current one must be false
+ return -1;
+ }
po->flags |= flags_set;
return 1;
}
char buf[256];
char *p;
+ if (po->pp != NULL && (po->flags & OPF_DATA)) {
+ // hint given in asm
+ return po->pp;
+ }
+
// maybe an arg of g_func?
if (opr->type == OPT_REGMEM && is_stack_access(po, opr))
{
}
static void scan_for_call_type(int i, const struct parsed_opr *opr,
- int magic, const struct parsed_proto **pp_found, int *pp_i,
- int *multi)
+ int magic, int is_call_op, const struct parsed_proto **pp_found,
+ int *pp_i, int *multi)
{
const struct parsed_proto *pp = NULL;
struct parsed_op *po;
lr = &g_label_refs[i];
for (; lr != NULL; lr = lr->next) {
check_i(&ops[i], lr->i);
- scan_for_call_type(lr->i, opr, magic, pp_found, pp_i, multi);
+ scan_for_call_type(lr->i, opr, magic, is_call_op,
+ pp_found, pp_i, multi);
}
if (i > 0 && LAST_OP(i - 1))
return;
if (i == g_func_pp->argc)
return;
pp = g_func_pp->arg[i].pp;
- if (pp == NULL)
- ferr(po, "icall: arg%d (%s) is not a fptr?\n",
- i + 1, g_func_pp->arg[i].reg);
+ if (pp == NULL) {
+ if (is_call_op)
+ ferr(po, "icall: arg%d (%s) is not a fptr?\n",
+ i + 1, g_func_pp->arg[i].reg);
+ return;
+ }
check_func_pp(po, pp, "icall reg-arg");
}
else
- pp = try_recover_pp(po, opr, 1, NULL);
+ pp = try_recover_pp(po, opr, is_call_op, NULL);
if (*pp_found != NULL && pp != NULL && *pp_found != pp) {
- if (!IS((*pp_found)->ret_type.name, pp->ret_type.name)
- || (*pp_found)->is_stdcall != pp->is_stdcall
- //|| (*pp_found)->is_fptr != pp->is_fptr
- || (*pp_found)->argc != pp->argc
- || (*pp_found)->argc_reg != pp->argc_reg
- || (*pp_found)->argc_stack != pp->argc_stack)
- {
+ if (pp_cmp_func(*pp_found, pp)) {
+ if (pp_i != NULL && *pp_i != -1)
+ fnote(&ops[*pp_i], "(other ref)\n");
ferr(po, "icall: parsed_proto mismatch\n");
}
- *multi = 1;
+ if (multi != NULL)
+ *multi = 1;
}
if (pp != NULL) {
*pp_found = pp;
- *pp_i = po - ops;
+ if (pp_i != NULL)
+ *pp_i = po - ops;
}
}
po->operand_cnt = 0;
po->regmask_src = pseudo_ops[l].regmask_src;
po->regmask_dst = pseudo_ops[l].regmask_dst;
- po->flags = pseudo_ops[l].flags;
+ po->flags &= OPF_TAIL;
+ po->flags |= pseudo_ops[l].flags;
po->flags |= po->regmask_dst ? OPF_DATA : 0;
break;
}
&& IS(po->operand[0].name, g_labels[l]))
{
if (l == i + 1 && po->op == OP_JMP) {
- // yet another alignment type..
- po->flags |= OPF_RMD|OPF_DONE;
+ // yet another alignment type...
+ po->flags |= OPF_RMD | OPF_DONE;
+ po->flags &= ~OPF_JMP;
+ po->op = OP_NOP;
break;
}
add_label_ref(&g_label_refs[l], i);
if (po->bt_i != -1 || (po->flags & OPF_RMD))
continue;
- if (po->operand[0].type == OPT_LABEL)
+ if (po->operand[0].type == OPT_LABEL
+ || po->operand[0].type == OPT_REG)
// assume tail call
goto tailcall;
eliminate_seh_finally(opcnt);
}
+// check for prologue of many pushes and epilogue with pops
+static void check_simple_sequence(int opcnt, int *fsz)
+{
+ int found = 0;
+ int seq_len;
+ int seq_p;
+ int seq[4];
+ int reg;
+ int i, j;
+
+ for (i = 0; i < opcnt && i < ARRAY_SIZE(seq); i++) {
+ if (ops[i].op != OP_PUSH || ops[i].operand[0].type != OPT_REG)
+ break;
+ reg = ops[i].operand[0].reg;
+ if (reg != xBX && reg != xSI && reg != xDI && reg != xBP)
+ break;
+ for (j = 0; j < i; j++)
+ if (seq[j] == reg)
+ break;
+ if (j != i)
+ // probably something else is going on here
+ break;
+ seq[i] = reg;
+ }
+ seq_len = i;
+ if (seq_len == 0)
+ return;
+
+ for (; i < opcnt && seq_len > 0; i++) {
+ if (!(ops[i].flags & OPF_TAIL))
+ continue;
+
+ for (j = i - 1, seq_p = 0; j >= 0 && seq_p < seq_len; j--) {
+ if (ops[j].op != OP_POP || ops[j].operand[0].type != OPT_REG)
+ break;
+ if (ops[j].operand[0].reg != seq[seq_p])
+ break;
+ seq_p++;
+ }
+ found = seq_len = seq_p;
+ }
+ if (!found)
+ return;
+
+ for (i = 0; i < seq_len; i++)
+ ops[i].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+
+ for (; i < opcnt && seq_len > 0; i++) {
+ if (!(ops[i].flags & OPF_TAIL))
+ continue;
+
+ for (j = i - 1, seq_p = 0; j >= 0 && seq_p < seq_len; j--) {
+ ops[j].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+ seq_p++;
+ }
+ }
+
+ // unlike pushes after sub esp,
+ // IDA treats pushes like this as part of var area
+ *fsz += seq_len * 4;
+}
+
+static int scan_prologue_ecx(int i, int opcnt, int flags_set,
+ int limit, int *ecx_push_out)
+{
+ const struct parsed_proto *pp;
+ int ecx_push = 0, other_push = 0;
+ int ret;
+
+ while (limit > 0 && ops[i].op == OP_PUSH
+ && IS(opr_name(&ops[i], 0), "ecx"))
+ {
+ ops[i].flags |= flags_set;
+ ecx_push++;
+ i++;
+ limit--;
+ }
+
+ ret = i;
+ if (ecx_push == 0 || flags_set != 0)
+ goto out;
+
+ // check if some of the pushes aren't really call args
+ for (; i < opcnt; i++) {
+ if (i > 0 && g_labels[i] != NULL)
+ break;
+ if (ops[i].flags & (OPF_JMP|OPF_TAIL))
+ break;
+ if (ops[i].op == OP_PUSH)
+ other_push++;
+ }
+
+ if (ops[i].op != OP_CALL)
+ goto out;
+
+ pp = ops[i].pp;
+ if (pp == NULL && ops[i].operand[0].type == OPT_LABEL)
+ pp = proto_parse(g_fhdr, opr_name(&ops[i], 0), 1);
+ if (pp == NULL)
+ goto out;
+
+ ferr_assert(&ops[i], ecx_push + other_push >= pp->argc_stack);
+ if (other_push < pp->argc_stack)
+ ecx_push -= pp->argc_stack - other_push;
+
+out:
+ if (ecx_push_out != NULL)
+ *ecx_push_out = ecx_push;
+ return ret;
+}
+
static int scan_prologue(int i, int opcnt, int *ecx_push, int *esp_sub)
{
- int j;
+ const char *name;
+ int j, len, ret;
+ int ecx_tmp = 0;
for (; i < opcnt; i++)
if (!(ops[i].flags & OPF_DONE))
break;
- while (ops[i].op == OP_PUSH && IS(opr_name(&ops[i], 0), "ecx")) {
- ops[i].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
- g_stack_fsz += 4;
- (*ecx_push)++;
- i++;
+ ret = scan_prologue_ecx(i, opcnt, 0, 4, &ecx_tmp);
+ if (ecx_tmp > 0) {
+ scan_prologue_ecx(i, opcnt, OPF_RMD | OPF_DONE | OPF_NOREGS,
+ ecx_tmp, NULL);
+ g_stack_fsz += 4 * ecx_tmp;
+ *ecx_push += ecx_tmp;
+ i = ret;
}
for (; i < opcnt; i++) {
if (i > 0 && g_labels[i] != NULL)
break;
- if (ops[i].op == OP_PUSH || (ops[i].flags & (OPF_JMP|OPF_TAIL)))
+ if (ops[i].flags & (OPF_JMP|OPF_TAIL))
+ break;
+ if (ops[i].flags & OPF_DONE)
+ continue;
+ if (ops[i].op == OP_PUSH)
break;
if (ops[i].op == OP_SUB && ops[i].operand[0].reg == xSP
&& ops[i].operand[1].type == OPT_CONST)
*esp_sub = 1;
break;
}
+ if (ops[i].op == OP_LEA && ops[i].operand[0].reg == xSP
+ && ops[i].operand[1].type == OPT_REGMEM
+ && IS_START(ops[i].operand[1].name, "esp-"))
+ {
+ name = ops[i].operand[1].name;
+ ret = sscanf(name, "esp-%x%n", &j, &len);
+ ferr_assert(&ops[i], ret == 1 && len == strlen(name));
+ g_stack_fsz += j;
+ ops[i].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+ i++;
+ *esp_sub = 1;
+ break;
+ }
if (ops[i].op == OP_MOV && ops[i].operand[0].reg == xAX
&& ops[i].operand[1].type == OPT_CONST)
{
ops[j].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
i = j + 1;
*esp_sub = 1;
+ break;
}
- break;
}
}
{
int ecx_push = 0, esp_sub = 0, pusha = 0;
int sandard_epilogue;
- int found;
+ int found, ret, len;
+ int push_fsz = 0;
int i, j, l;
if (g_seh_found == 2) {
}
// non-bp frame
+ check_simple_sequence(opcnt, &push_fsz);
i = scan_prologue(0, opcnt, &ecx_push, &esp_sub);
- if (ecx_push && !esp_sub) {
- // could actually be args for a call..
- for (; i < opcnt; i++)
- if (ops[i].op != OP_PUSH)
- break;
-
- if (ops[i].op == OP_CALL && ops[i].operand[0].type == OPT_LABEL) {
- const struct parsed_proto *pp;
- pp = proto_parse(g_fhdr, opr_name(&ops[i], 0), 1);
- j = pp ? pp->argc_stack : 0;
- while (i > 0 && j > 0) {
- i--;
- if (ops[i].op == OP_PUSH) {
- ops[i].flags &= ~(OPF_RMD | OPF_DONE | OPF_NOREGS);
- j--;
- }
- }
- if (j != 0)
- ferr(&ops[i], "unhandled prologue\n");
-
- // recheck
- i = ecx_push = 0;
- g_stack_fsz = g_seh_size;
- while (ops[i].op == OP_PUSH && IS(opr_name(&ops[i], 0), "ecx")) {
- if (!(ops[i].flags & OPF_RMD))
- break;
- g_stack_fsz += 4;
- ecx_push++;
- i++;
- }
- }
- }
-
found = 0;
if (ecx_push || esp_sub)
{
for (; j >= 0; j--) {
if (ops[j].op != OP_MOV)
break;
- if (ops[j].operand[0].type != OPT_REGMEM)
- break;
- if (strstr(ops[j].operand[0].name, "arg_") == NULL)
- break;
+ if (ops[j].operand[0].type == OPT_REGMEM
+ && strstr(ops[j].operand[0].name, "arg_") != NULL)
+ continue;
+ if (ops[j].operand[0].type == OPT_REG)
+ continue; // assume arg-reg mov
+ break;
}
}
+ for (; j >= 0; j--) {
+ if ((ops[j].flags & (OPF_RMD | OPF_DONE | OPF_NOREGS)) !=
+ (OPF_RMD | OPF_DONE | OPF_NOREGS))
+ break;
+ }
+
if (ecx_push > 0 && !esp_sub) {
for (l = 0; l < ecx_push && j >= 0; l++) {
if (ops[j].op == OP_POP && IS(opr_name(&ops[j], 0), "ecx"))
}
if (esp_sub) {
- if (ops[j].op != OP_ADD
- || !IS(opr_name(&ops[j], 0), "esp")
- || ops[j].operand[1].type != OPT_CONST)
+ if (ops[j].op == OP_ADD
+ && IS(opr_name(&ops[j], 0), "esp")
+ && ops[j].operand[1].type == OPT_CONST)
{
- if (i < opcnt && ops[i].op == OP_CALL
- && ops[i].pp != NULL && ops[i].pp->is_noreturn)
- {
- // noreturn tailcall with no epilogue
- i++;
- found = 1;
- continue;
- }
- ferr(&ops[j], "'add esp' expected\n");
- }
-
- if (ops[j].operand[1].val < g_stack_fsz)
- ferr(&ops[j], "esp adj is too low (need %d)\n", g_stack_fsz);
+ if (ops[j].operand[1].val < g_stack_fsz)
+ ferr(&ops[j], "esp adj is too low (need %d)\n", g_stack_fsz);
- ops[j].operand[1].val -= g_stack_fsz; // for stack arg scanner
- if (ops[j].operand[1].val == 0)
+ ops[j].operand[1].val -= g_stack_fsz; // for stack arg scanner
+ if (ops[j].operand[1].val == 0)
+ ops[j].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+ found = 1;
+ }
+ else if (ops[j].op == OP_LEA && ops[j].operand[0].reg == xSP
+ && ops[j].operand[1].type == OPT_REGMEM
+ && IS_START(ops[j].operand[1].name, "esp+"))
+ {
+ const char *name = ops[j].operand[1].name;
+ ret = sscanf(name, "esp+%x%n", &l, &len);
+ ferr_assert(&ops[j], ret == 1 && len == strlen(name));
+ ferr_assert(&ops[j], l <= g_stack_fsz);
ops[j].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
- found = 1;
+ found = 1;
+ }
+ else if (i < opcnt && ops[i].op == OP_CALL
+ && ops[i].pp != NULL && ops[i].pp->is_noreturn)
+ {
+ // noreturn tailcall with no epilogue
+ found = 1;
+ }
+ else
+ ferr(&ops[j], "'add esp' expected\n");
}
i++;
if (!found)
ferr(ops, "missing esp epilogue\n");
}
+
+ if (g_stack_fsz != 0)
+ // see check_simple_sequence
+ g_stack_fsz += push_fsz;
}
// find an instruction that changed opr before i op
}
}
+static int resolve_origin_reg(int i, int reg, int magic, int *op_i,
+ int *is_caller)
+{
+ struct parsed_opr opr = OPR_INIT(OPT_REG, OPLM_DWORD, reg);
+
+ *op_i = -1;
+ if (is_caller != NULL)
+ *is_caller = 0;
+ return resolve_origin(i, &opr, magic, op_i, is_caller);
+}
+
// find an instruction that previously referenced opr
// if multiple results are found - fail
// *op_i must be set to -1 by the caller
}
static const struct parsed_proto *resolve_deref(int i, int magic,
- struct parsed_opr *opr, int level)
+ const struct parsed_opr *opr, int level)
{
- struct parsed_opr opr_s = OPR_INIT(OPT_REG, OPLM_DWORD, 0);
const struct parsed_proto *pp = NULL;
int from_caller = 0;
char s_reg[4];
if (reg < 0)
return NULL;
- opr_s.reg = reg;
- ret = resolve_origin(i, &opr_s, i + magic, &j, NULL);
+ ret = resolve_origin_reg(i, reg, i + magic, &j, NULL);
if (ret != 1)
return NULL;
ops[j].operand[1].name);
if (reg < 0)
return NULL;
- opr_s.reg = reg;
- ret = resolve_origin(j, &opr_s, j + magic, &k, NULL);
+ ret = resolve_origin_reg(j, reg, j + magic, &k, NULL);
if (ret != 1)
return NULL;
j = k;
return proto_lookup_struct(g_fhdr, pp->type.name, offset);
}
-static const struct parsed_proto *resolve_icall(int i, int opcnt,
+static const struct parsed_proto *resolve_func_ptr(int i, int opcnt,
+ int is_call_op, const struct parsed_opr *opr,
int *pp_i, int *multi_src)
{
const struct parsed_proto *pp = NULL;
int search_advice = 0;
- *multi_src = 0;
- *pp_i = -1;
+ if (multi_src != NULL)
+ *multi_src = 0;
+ if (pp_i != NULL)
+ *pp_i = -1;
- switch (ops[i].operand[0].type) {
+ switch (opr->type) {
case OPT_REGMEM:
// try to resolve struct member calls
- pp = resolve_deref(i, i + opcnt * 19, &ops[i].operand[0], 0);
+ pp = resolve_deref(i, i + opcnt * 19, opr, 0);
if (pp != NULL)
break;
// fallthrough
case OPT_LABEL:
case OPT_OFFSET:
- pp = try_recover_pp(&ops[i], &ops[i].operand[0],
- 1, &search_advice);
+ pp = try_recover_pp(&ops[i], opr, is_call_op, &search_advice);
if (!search_advice)
break;
// fallthrough
default:
- scan_for_call_type(i, &ops[i].operand[0], i + opcnt * 9, &pp,
- pp_i, multi_src);
+ scan_for_call_type(i, opr, i + opcnt * 9, is_call_op,
+ &pp, pp_i, multi_src);
break;
}
if (pp == NULL)
{
// indirect call
- pp_c = resolve_icall(i, opcnt, &call_i, &multipath);
+ pp_c = resolve_func_ptr(i, opcnt, 1, &ops[i].operand[0],
+ &call_i, &multipath);
if (pp_c != NULL) {
if (!pp_c->is_func && !pp_c->is_fptr)
ferr(po, "call to non-func: %s\n", pp_c->name);
return pp;
}
+static void check_fptr_args(int i, int opcnt, struct parsed_proto *pp)
+{
+ struct parsed_opr s_opr = OPR_INIT(OPT_REG, OPLM_DWORD, 0);
+ const struct parsed_proto *pp_arg, *pp_cmp;
+ const struct parsed_op *po_a;
+ const char *s_reg;
+ int pp_cmp_i;
+ int arg, reg;
+ int bad = 0;
+ int j;
+
+ for (arg = 0; arg < pp->argc; arg++) {
+ pp_cmp = NULL;
+ pp_cmp_i = -1;
+
+ pp_arg = pp->arg[arg].pp;
+ if (pp_arg == NULL || !pp_arg->is_func)
+ continue;
+
+ s_reg = pp->arg[arg].reg;
+ if (s_reg != NULL) {
+ reg = char_array_i(regs_r32, ARRAY_SIZE(regs_r32), s_reg);
+ ferr_assert(&ops[i], reg >= 0);
+ s_opr.reg = reg;
+ scan_for_call_type(i, &s_opr, i + arg + opcnt * 28, 0,
+ &pp_cmp, &pp_cmp_i, NULL);
+ if (pp_cmp != NULL && !pp_compatible_func(pp_arg, pp_cmp)) {
+ bad = 1;
+ if (pp_cmp_i >= 0)
+ fnote(&ops[pp_cmp_i], "(referenced here)\n");
+ }
+ }
+ else {
+ for (j = 0; j < pp->arg[arg].push_ref_cnt; j++) {
+ po_a = pp->arg[arg].push_refs[j];
+ if (po_a == NULL || po_a->op != OP_PUSH)
+ continue;
+ pp_cmp = resolve_func_ptr(po_a - ops, opcnt, 0,
+ &po_a->operand[0], &pp_cmp_i, NULL);
+ if (pp_cmp != NULL && !pp_compatible_func(pp_arg, pp_cmp)) {
+ bad = 1;
+ if (pp_cmp_i < 0)
+ pp_cmp_i = po_a - ops;
+ if (pp_cmp_i >= 0)
+ fnote(&ops[pp_cmp_i], "(referenced here)\n");
+ }
+ }
+ }
+
+ if (bad)
+ ferr(&ops[i], "incompatible fptr arg %d\n", arg + 1);
+ }
+}
+
+static void pp_insert_reg_arg(struct parsed_proto *pp, const char *reg)
+{
+ int i;
+
+ for (i = 0; i < pp->argc; i++)
+ if (pp->arg[i].reg == NULL)
+ break;
+
+ if (pp->argc_stack)
+ memmove(&pp->arg[i + 1], &pp->arg[i],
+ sizeof(pp->arg[0]) * pp->argc_stack);
+ memset(&pp->arg[i], 0, sizeof(pp->arg[i]));
+ pp->arg[i].reg = strdup(reg);
+ pp->arg[i].type.name = strdup("int");
+ pp->argc++;
+ pp->argc_reg++;
+}
+
+static void pp_insert_stack_args(struct parsed_proto *pp, int count)
+{
+ int a;
+
+ pp->argc += count;
+ pp->argc_stack += count;
+
+ for (a = 0; a < pp->argc; a++)
+ if (pp->arg[a].type.name == NULL)
+ pp->arg[a].type.name = strdup("int");
+}
+
+static void pp_add_push_ref(struct parsed_proto *pp,
+ int arg, struct parsed_op *po)
+{
+ pp->arg[arg].push_refs = realloc(pp->arg[arg].push_refs,
+ (pp->arg[arg].push_ref_cnt + 1)
+ * sizeof(pp->arg[arg].push_refs[0]));
+ ferr_assert(po, pp->arg[arg].push_refs != NULL);
+ pp->arg[arg].push_refs[pp->arg[arg].push_ref_cnt++] = po;
+}
+
static void mark_float_arg(struct parsed_op *po,
struct parsed_proto *pp, int arg, int *regmask_ffca)
{
- po->p_argnext = -1;
+ ferr_assert(po, pp->arg[arg].push_ref_cnt == 0);
+ pp_add_push_ref(pp, arg, po);
+
po->p_argnum = arg + 1;
- ferr_assert(po, pp->arg[arg].datap == NULL);
- pp->arg[arg].datap = po;
po->flags |= OPF_DONE | OPF_FARGNR | OPF_FARG;
if (regmask_ffca != NULL)
*regmask_ffca |= 1 << arg;
for (arg = base_arg; arg < pp->argc; arg++) {
ferr_assert(&ops[i], pp->arg[arg].reg == NULL);
- po = pp->arg[arg].datap;
- if (po == NULL)
- ferr(&ops[i], "arg %d/%d not found\n", arg, pp->argc);
+ if (pp->arg[arg].push_ref_cnt != 1)
+ ferr(&ops[i], "arg %d/%d not found or bad\n", arg, pp->argc);
+ po = pp->arg[arg].push_refs[0];
if (po->operand[0].lmod == OPLM_QWORD)
arg++;
}
return 0;
}
-static int collect_call_args_early(int i, struct parsed_proto *pp,
- int *regmask, int *regmask_ffca)
+static int collect_call_args_early(int i, int opcnt,
+ struct parsed_proto *pp, int *regmask, int *regmask_ffca)
{
struct parsed_op *po;
int arg, ret;
if (ops[j].op == OP_PUSH)
{
- ops[j].p_argnext = -1;
- ferr_assert(&ops[j], pp->arg[arg].datap == NULL);
+ int ref_handled = 0;
k = check_for_stp(j + 1, i);
if (k != -1) {
if (!pp->arg[arg].type.is_float)
ferr(&ops[i], "arg %d should be float\n", arg + 1);
mark_float_arg(&ops[k], pp, arg, regmask_ffca);
+ ref_handled = 1;
}
}
- if (pp->arg[arg].datap == NULL) {
- pp->arg[arg].datap = &ops[j];
- if (regmask != NULL && ops[j].operand[0].type == OPT_REG)
- *regmask |= 1 << ops[j].operand[0].reg;
+ if (!ref_handled) {
+ ferr_assert(&ops[j], pp->arg[arg].push_ref_cnt == 0);
+ pp_add_push_ref(pp, arg, &ops[j]);
}
+ if (regmask != NULL && ops[j].operand[0].type == OPT_REG)
+ *regmask |= 1 << ops[j].operand[0].reg;
+
ops[j].flags |= OPF_RMD | OPF_DONE | OPF_FARGNR | OPF_FARG;
ops[j].flags &= ~OPF_RSAVE;
}
}
+ if (!g_header_mode)
+ check_fptr_args(i, opcnt, pp);
+
return 0;
}
-static int sync_argnum(struct parsed_op *po, int argnum)
+// ensure all s_a* numbers match for a given func arg in all branches
+// returns 1 if any changes were made, 0 if not
+static int sync_argnum(struct parsed_proto *pp, int arg,
+ int *argnum, int *arggrp)
{
struct parsed_op *po_tmp;
+ int changed = 0;
+ int i;
// see if other branches don't have higher argnum
- for (po_tmp = po; po_tmp != NULL; ) {
- if (argnum < po_tmp->p_argnum)
- argnum = po_tmp->p_argnum;
- // note: p_argnext is active on current collect_call_args only
- po_tmp = po_tmp->p_argnext >= 0 ? &ops[po_tmp->p_argnext] : NULL;
+ for (i = 0; i < pp->arg[arg].push_ref_cnt; i++) {
+ po_tmp = pp->arg[arg].push_refs[i];
+ if (*argnum < po_tmp->p_argnum)
+ *argnum = po_tmp->p_argnum;
+ if (*arggrp < po_tmp->p_arggrp)
+ *arggrp = po_tmp->p_arggrp;
}
// make all argnums consistent
- for (po_tmp = po; po_tmp != NULL; ) {
- if (po_tmp->p_argnum != 0)
- po_tmp->p_argnum = argnum;
- po_tmp = po_tmp->p_argnext >= 0 ? &ops[po_tmp->p_argnext] : NULL;
+ for (i = 0; i < pp->arg[arg].push_ref_cnt; i++) {
+ po_tmp = pp->arg[arg].push_refs[i];
+ if (po_tmp->p_argnum == 0)
+ continue;
+ if (po_tmp->p_argnum != *argnum || po_tmp->p_arggrp != *arggrp) {
+ po_tmp->p_argnum = *argnum;
+ po_tmp->p_arggrp = *arggrp;
+ changed = 1;
+ }
}
- return argnum;
+ return changed;
}
static int collect_call_args_r(struct parsed_op *po, int i,
- struct parsed_proto *pp, int *regmask, int *arg_grp,
- int arg, int argnum, int magic, int need_op_saving, int may_reuse)
+ struct parsed_proto *pp, int *regmask,
+ int arg, int argnum, int magic,
+ int skip, int need_op_saving, int may_reuse)
{
struct parsed_proto *pp_tmp;
- struct parsed_op *po_tmp;
struct label_ref *lr;
int need_to_save_current;
int arg_grp_current = 0;
int save_args_seen = 0;
+ int dummy = 0;
int ret = 0;
int reg;
char buf[32];
check_i(&ops[j], lr->i);
if ((ops[lr->i].flags & (OPF_JMP|OPF_CJMP)) != OPF_JMP)
may_reuse = 1;
- ret = collect_call_args_r(po, lr->i, pp, regmask, arg_grp,
- arg, argnum, magic, need_op_saving, may_reuse);
+ ret = collect_call_args_r(po, lr->i, pp, regmask,
+ arg, argnum, magic, skip, need_op_saving, may_reuse);
if (ret < 0)
return ret;
}
continue;
}
need_op_saving = 1;
- ret = collect_call_args_r(po, lr->i, pp, regmask, arg_grp,
- arg, argnum, magic, need_op_saving, may_reuse);
+ ret = collect_call_args_r(po, lr->i, pp, regmask,
+ arg, argnum, magic, skip, need_op_saving, may_reuse);
if (ret < 0)
return ret;
}
if (may_reuse && pp_tmp->argc_stack > 0)
ferr(po, "arg collect %d/%d hit '%s' with %d stack args\n",
arg, pp->argc, opr_name(&ops[j], 0), pp_tmp->argc_stack);
+ if (!pp_tmp->is_unresolved)
+ skip = pp_tmp->argc_stack;
}
// esp adjust of 0 means we collected it before
else if (ops[j].op == OP_ADD && ops[j].operand[0].reg == xSP
may_reuse = 1;
}
+ else if (ops[j].op == OP_PUSH && skip > 0) {
+ // XXX: might want to rm OPF_FARGNR and only use this
+ skip--;
+ }
else if (ops[j].op == OP_PUSH
&& !(ops[j].flags & (OPF_FARGNR|OPF_DONE)))
{
if (pp->is_unresolved && (ops[j].flags & OPF_RMD))
break;
- ops[j].p_argnext = -1;
- po_tmp = pp->arg[arg].datap;
- if (po_tmp != NULL)
- ops[j].p_argnext = po_tmp - ops;
- pp->arg[arg].datap = &ops[j];
+ pp_add_push_ref(pp, arg, &ops[j]);
- argnum = sync_argnum(&ops[j], argnum);
+ sync_argnum(pp, arg, &argnum, &dummy);
need_to_save_current = 0;
reg = -1;
if (pp->arg[arg].is_saved) {
ops[j].flags &= ~OPF_RMD;
ops[j].p_argnum = argnum;
+ ops[j].p_arggrp = arg_grp_current;
}
// tracking reg usage
return -1;
}
- if (arg_grp_current > *arg_grp)
- *arg_grp = arg_grp_current;
-
return arg;
}
-static int collect_call_args(struct parsed_op *po, int i,
+static int collect_call_args(struct parsed_op *po, int i, int opcnt,
struct parsed_proto *pp, int *regmask, int magic)
{
- // arg group is for cases when pushes for
- // multiple funcs are going on
- struct parsed_op *po_tmp;
- int arg_grp = 0;
int ret;
- int a;
- ret = collect_call_args_r(po, i, pp, regmask, &arg_grp,
- 0, 1, magic, 0, 0);
+ ret = collect_call_args_r(po, i, pp, regmask, 0, 1, magic,
+ 0, 0, 0);
if (ret < 0)
return ret;
- if (arg_grp != 0) {
- // propagate arg_grp
- for (a = 0; a < pp->argc; a++) {
- if (pp->arg[a].reg != NULL)
- continue;
+ if (pp->is_unresolved)
+ pp_insert_stack_args(pp, ret);
- po_tmp = pp->arg[a].datap;
- while (po_tmp != NULL) {
- po_tmp->p_arggrp = arg_grp;
- po_tmp = po_tmp->p_argnext >= 0 ? &ops[po_tmp->p_argnext] : NULL;
- }
- }
- }
+ // note: p_argnum, p_arggrp will be propagated in a later pass,
+ // look for sync_argnum() (p_arggrp is for cases when mixed pushes
+ // for multiple funcs are going on)
- if (pp->is_unresolved) {
- pp->argc += ret;
- pp->argc_stack += ret;
- for (a = 0; a < pp->argc; a++)
- if (pp->arg[a].type.name == NULL)
- pp->arg[a].type.name = strdup("int");
- }
+ if (!g_header_mode)
+ check_fptr_args(i, opcnt, pp);
return ret;
}
&& !g_func_pp->is_userstack
&& po->operand[0].type == OPT_REG)
{
+ int save_level = 0;
+
reg = po->operand[0].reg;
ferr_assert(po, reg >= 0);
if (regmask_now & (1 << reg)) {
already_saved = regmask_save_now & (1 << reg);
flags_set = OPF_RSAVE | OPF_DONE;
+ save_level++;
}
- ret = scan_for_pop(i + 1, opcnt, i + opcnt * 3, reg, 0, 0, 0);
+ ret = scan_for_pop(i + 1, opcnt, i + opcnt * 3,
+ reg, 0, 0, save_level, 0);
if (ret == 1) {
scan_for_pop(i + 1, opcnt, i + opcnt * 4,
- reg, 0, 0, flags_set);
+ reg, 0, 0, save_level, flags_set);
}
else {
ret = scan_for_pop_ret(i + 1, opcnt, po->operand[0].reg, 0);
}
}
-static void pp_insert_reg_arg(struct parsed_proto *pp, const char *reg)
-{
- int i;
-
- for (i = 0; i < pp->argc; i++)
- if (pp->arg[i].reg == NULL)
- break;
-
- if (pp->argc_stack)
- memmove(&pp->arg[i + 1], &pp->arg[i],
- sizeof(pp->arg[0]) * pp->argc_stack);
- memset(&pp->arg[i], 0, sizeof(pp->arg[i]));
- pp->arg[i].reg = strdup(reg);
- pp->arg[i].type.name = strdup("int");
- pp->argc++;
- pp->argc_reg++;
-}
-
static void output_std_flag_z(FILE *fout, struct parsed_op *po,
int *pfomask, const char *dst_opr_text)
{
int need_double = 0;
int stack_align = 0;
int stack_fsz_adj = 0;
+ int lock_handled = 0;
int regmask_save = 0; // used regs saved/restored in this func
int regmask_arg; // regs from this function args (fastcall, etc)
int regmask_ret; // regs needed on ret
if (pp != NULL) {
if (!(po->flags & OPF_ATAIL)) {
// since we know the args, try to collect them
- ret = collect_call_args_early(i, pp, ®mask, ®mask_ffca);
+ ret = collect_call_args_early(i, opcnt, pp,
+ ®mask, ®mask_ffca);
if (ret != 0)
pp = NULL;
}
if (!pp->is_unresolved && !(po->flags & OPF_ATAIL)) {
// since we know the args, collect them
- collect_call_args(po, i, pp, ®mask, i + opcnt * 2);
+ collect_call_args(po, i, opcnt, pp, ®mask, i + opcnt * 2);
}
// for unresolved, collect after other passes
}
if (pp->is_unresolved) {
int regmask_stack = 0;
- collect_call_args(po, i, pp, ®mask, i + opcnt * 2);
- // this is pretty rough guess:
- // see ecx and edx were pushed (and not their saved versions)
- for (arg = 0; arg < pp->argc; arg++) {
- if (pp->arg[arg].reg != NULL && !pp->arg[arg].is_saved)
- continue;
+ if ((po->flags & OPF_TAIL) && g_func_pp->is_stdcall)
+ pp_insert_stack_args(pp, g_func_pp->argc_stack);
+ else {
+ collect_call_args(po, i, opcnt, pp, ®mask, i + opcnt * 2);
+
+ // this is pretty rough guess:
+ // see ecx and edx were pushed (and not their saved versions)
+ for (arg = 0; arg < pp->argc; arg++) {
+ if (pp->arg[arg].reg != NULL && !pp->arg[arg].is_saved)
+ continue;
- tmp_op = pp->arg[arg].datap;
- if (tmp_op == NULL)
- ferr(po, "parsed_op missing for arg%d\n", arg);
- if (tmp_op->operand[0].type == OPT_REG)
- regmask_stack |= 1 << tmp_op->operand[0].reg;
+ if (pp->arg[arg].push_ref_cnt == 0)
+ ferr(po, "parsed_op missing for arg%d\n", arg);
+ tmp_op = pp->arg[arg].push_refs[0];
+ if (tmp_op->operand[0].type == OPT_REG)
+ regmask_stack |= 1 << tmp_op->operand[0].reg;
+ }
}
- if (!((regmask_stack & (1 << xCX))
- && (regmask_stack & (1 << xDX))))
+ // quick dumb check for potential reg-args
+ for (j = i - 1; j >= 0 && ops[j].op == OP_MOV; j--)
+ if (ops[j].operand[0].type == OPT_REG)
+ regmask_stack &= ~(1 << ops[j].operand[0].reg);
+
+ if ((regmask_stack & (mxCX|mxDX)) != (mxCX|mxDX)
+ && ((regmask | regmask_arg) & (mxCX|mxDX)))
{
if (pp->argc_stack != 0
- || ((regmask | regmask_arg) & ((1 << xCX)|(1 << xDX))))
+ || ((regmask | regmask_arg) & (mxCX|mxDX)))
{
pp_insert_reg_arg(pp, "ecx");
pp->is_fastcall = 1;
regmask |= 1 << xCX;
}
if (pp->argc_stack != 0
- || ((regmask | regmask_arg) & (1 << xDX)))
+ || ((regmask | regmask_arg) & mxDX))
{
pp_insert_reg_arg(pp, "edx");
regmask_init |= 1 << xDX;
pp->is_stdcall = 1;
}
if (!(po->flags & OPF_TAIL)
- && !(g_sct_func_attr & SCTFA_NOWARN))
+ && !(g_sct_func_attr & SCTFA_NOWARN) && !g_nowarn_reguse)
{
// treat al write as overwrite to avoid many false positives
if (IS(pp->ret_type.name, "void") || pp->ret_type.is_float) {
need_double = 1;
break;
+ case OP_RDTSC:
case OPP_ALLSHL:
case OPP_ALLSHR:
need_tmp64 = 1;
default:
break;
}
+ }
+
+ // pass8: sync all push arg numbers
+ // some calls share args and not all of them
+ // (there's only partial intersection)
+ do {
+ int changed, argnum, arggrp;
+
+ found = 0;
+ for (i = 0; i < opcnt; i++)
+ {
+ po = &ops[i];
+ if ((po->flags & (OPF_RMD|OPF_DONE)) || po->op != OP_CALL)
+ continue;
+
+ pp = po->pp;
+ arggrp = 0;
+ do {
+ changed = 0;
+ for (arg = argnum = 0; arg < pp->argc; arg++) {
+ if (pp->arg[arg].reg != NULL)
+ continue;
+ if (pp->arg[arg].is_saved)
+ changed |= sync_argnum(pp, arg, &argnum, &arggrp);
+ argnum++;
+ }
+ found |= changed;
+ }
+ while (changed);
+
+ if (argnum > 32)
+ ferr(po, "too many args or looping in graph\n");
+ }
+ }
+ while (found);
+
+ // pass9: final adjustments
+ for (i = 0; i < opcnt; i++)
+ {
+ po = &ops[i];
+ if (po->flags & (OPF_RMD|OPF_DONE))
+ continue;
- // this might need it's own pass...
if (po->op != OP_FST && po->p_argnum > 0)
save_arg_vars[po->p_arggrp] |= 1 << (po->p_argnum - 1);
had_decl = 1;
}
+ if ((g_sct_func_attr & SCTFA_ARGFRAME) && g_func_pp->argc_stack) {
+ fprintf(fout, " struct { u32 ");
+ for (i = j = 0; i < g_func_pp->argc; i++) {
+ if (g_func_pp->arg[i].reg != NULL)
+ continue;
+ if (j++ != 0)
+ fprintf(fout, ", ");
+ fprintf(fout, "a%d", i + 1);
+ }
+ fprintf(fout, "; } af = {\n ");
+ for (i = j = 0; i < g_func_pp->argc; i++) {
+ if (g_func_pp->arg[i].reg != NULL)
+ continue;
+ if (j++ != 0)
+ fprintf(fout, ", ");
+ if (g_func_pp->arg[i].type.is_ptr)
+ fprintf(fout, "(u32)");
+ fprintf(fout, "a%d", i + 1);
+ }
+ fprintf(fout, "\n };\n");
+ }
+
if (g_func_pp->is_userstack) {
fprintf(fout, " u32 fake_sf[US_SZ_%s / 4];\n", g_func_pp->name);
fprintf(fout, " u32 *esp = &fake_sf[sizeof(fake_sf) / 4];\n");
if (po->flags & OPF_RMD)
continue;
+ lock_handled = 0;
no_output = 0;
#define assert_operand_cnt(n_) \
|| (tmp_op && (tmp_op->op == OP_AND || tmp_op->op == OP_OR))
))
{
- out_src_opr_u32(buf3, sizeof(buf3), po, last_arith_dst);
+ struct parsed_op *po_arith = (void *)((char *)last_arith_dst
+ - offsetof(struct parsed_op, operand[0]));
+ ferr_assert(po, &ops[po_arith - ops] == po_arith);
+ out_src_opr_u32(buf3, sizeof(buf3), po_arith, last_arith_dst);
out_test_for_cc(buf1, sizeof(buf1), po, po->pfo, po->pfo_inv,
last_arith_dst->lmod, buf3);
is_delayed = 1;
fprintf(fout, " for (; ecx != 0; ecx--, edi %c= %d)\n",
(po->flags & OPF_DF) ? '-' : '+',
lmod_bytes(po, po->operand[1].lmod));
- fprintf(fout, " %sedi = eax;",
+ fprintf(fout, " %sedi = eax;\n",
lmod_cast_u_ptr(po, po->operand[1].lmod));
- strcpy(g_comment, "rep stos");
+ fprintf(fout, " barrier();");
+ strcpy(g_comment, "^ rep stos");
}
else {
assert_operand_cnt(2);
" for (; ecx != 0; ecx--, edi %c= %d, esi %c= %d)\n",
l, j, l, j);
fprintf(fout,
- " %sedi = %sesi;", buf1, buf1);
- strcpy(g_comment, "rep movs");
+ " %sedi = %sesi;\n", buf1, buf1);
+ // this can overwrite many variables
+ fprintf(fout, " barrier();");
+ strcpy(g_comment, "^ rep movs");
}
else {
assert_operand_cnt(2);
delayed_flag_op = NULL;
break;
+ case OP_RDTSC:
+ fprintf(fout, " tmp64 = ext_rdtsc();\n");
+ fprintf(fout, " edx = tmp64 >> 32;\n");
+ fprintf(fout, " eax = tmp64;");
+ break;
+
+ case OP_CPUID:
+ fprintf(fout, " ext_cpuid(&eax, &ebx, &ecx, &edx);");
+ break;
+
// arithmetic w/flags
case OP_AND:
if (po->operand[1].type == OPT_CONST && !po->operand[1].val)
out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]);
if (po->operand[0].type == OPT_REG) {
+ ferr_assert(po, !(po->flags & OPF_LOCK));
strcpy(buf2, po->op == OP_INC ? "++" : "--");
fprintf(fout, " %s%s;", buf1, buf2);
}
+ else if (po->flags & OPF_LOCK) {
+ out_src_opr(buf2, sizeof(buf2), po, &po->operand[0], "", 1);
+ fprintf(fout, " __sync_fetch_and_%s((%s *)(%s), 1);",
+ po->op == OP_INC ? "add" : "sub",
+ lmod_type_u(po, po->operand[0].lmod), buf2);
+ strcat(g_comment, " lock");
+ lock_handled = 1;
+ }
else {
strcpy(buf2, po->op == OP_INC ? "+" : "-");
fprintf(fout, " %s %s= 1;", buf1, buf2);
}
// stack arg
- tmp_op = pp->arg[arg].datap;
- if (tmp_op == NULL)
+ if (pp->arg[arg].push_ref_cnt == 0)
ferr(po, "parsed_op missing for arg%d\n", arg);
+ if (pp->arg[arg].push_ref_cnt > 1)
+ ferr_assert(po, pp->arg[arg].is_saved);
+ tmp_op = pp->arg[arg].push_refs[0];
+ ferr_assert(po, tmp_op != NULL);
if (tmp_op->flags & OPF_VAPUSH) {
fprintf(fout, "ap");
ferr_assert(po, cast[0] == 0);
out_src_opr(buf1, sizeof(buf1),
tmp_op, &tmp_op->operand[0], cast, 0);
- tmp_op = pp->arg[++arg].datap;
+ arg++;
+ ferr_assert(po, pp->arg[arg].push_ref_cnt == 1);
+ tmp_op = pp->arg[arg].push_refs[0];
ferr_assert(po, tmp_op != NULL);
out_src_opr(buf2, sizeof(buf2),
tmp_op, &tmp_op->operand[0], cast, 0);
break;
case OP_RET:
+ do_tail:
if (g_func_pp->is_vararg)
fprintf(fout, " va_end(ap);\n");
if (g_func_pp->has_retreg) {
break;
case OP_FST:
+ dead_dst = 0;
if (po->flags & OPF_FARG) {
// store to stack as func arg
- snprintf(buf1, sizeof(buf1), "fs_%d", po->p_argnum);
- dead_dst = 0;
+ fprintf(fout, " fs_%d = %s;", po->p_argnum, float_st0);
+ }
+ else if (po->operand[0].type == OPT_REG
+ && po->operand[0].reg == xST0)
+ {
+ dead_dst = 1;
+ }
+ else if (float_opr_needs_helper(po, &po->operand[0])) {
+ out_src_opr(buf1, sizeof(buf1), po, &po->operand[0], "", 1);
+ fprintf(fout, " %s_store(%s, %s);",
+ po->operand[0].lmod == OPLM_QWORD ? "double" : "float",
+ float_st0, buf1);
}
else {
out_dst_opr_float(buf1, sizeof(buf1), po, &po->operand[0],
need_float_stack);
- dead_dst = po->operand[0].type == OPT_REG
- && po->operand[0].reg == xST0;
- }
- if (!dead_dst)
fprintf(fout, " %s = %s;", buf1, float_st0);
+ }
if (po->flags & OPF_FSHIFT) {
if (need_float_stack)
fprintf(fout, " f_stp++;");
strcat(g_comment, " fist");
break;
+ case OP_FABS:
+ fprintf(fout, " %s = fabs%s(%s);", float_st0,
+ need_double ? "" : "f", float_st0);
+ break;
+
case OP_FADD:
case OP_FDIV:
case OP_FMUL:
fprintf(fout, " f_st0 = f_st1;");
}
strcat(g_comment, " ftol");
- break;
+ goto tail_check;
case OPP_CIPOW:
if (need_float_stack) {
need_double ? "" : "f");
}
strcat(g_comment, " CIpow");
- break;
+ goto tail_check;
case OPP_ABORT:
fprintf(fout, " do_skip_code_abort();");
fprintf(fout, " do_emms();");
break;
+ tail_check:
+ if (po->flags & OPF_TAIL) {
+ fprintf(fout, "\n");
+ strcat(g_comment, " tail");
+ goto do_tail;
+ }
+ break;
+
default:
no_output = 1;
ferr(po, "unhandled op type %d, flags %x\n",
if (pfomask != 0)
ferr(po, "missed flag calc, pfomask=%x\n", pfomask);
+ if ((po->flags & OPF_LOCK) && !lock_handled)
+ ferr(po, "unhandled lock\n");
+
// see is delayed flag stuff is still valid
if (delayed_flag_op != NULL && delayed_flag_op != po) {
if (is_any_opr_modified(delayed_flag_op, po, 0))
unsigned int dep_resolved:1;
unsigned int is_stdcall:1;
unsigned int eax_pass:1; // returns without touching eax
+ unsigned int ptr_taken:1; // pointer taken of this func
struct func_proto_dep *dep_func;
int dep_func_cnt;
const struct parsed_proto *pp; // seed pp, if any
unsigned int ret_dep:1; // return from this is caller's return
unsigned int has_ret:1; // found from eax use after return
unsigned int has_ret64:1;
+ unsigned int ptr_taken:1; // pointer taken, not a call
};
static struct func_prototype *hg_fp;
return NULL;
}
-static void hg_fp_add_dep(struct func_prototype *fp, const char *name)
+static void hg_fp_add_dep(struct func_prototype *fp, const char *name,
+ unsigned int ptr_taken)
{
+ struct func_proto_dep * dep;
+
// is it a dupe?
- if (hg_fp_find_dep(fp, name))
+ dep = hg_fp_find_dep(fp, name);
+ if (dep != NULL && dep->ptr_taken == ptr_taken)
return;
if ((fp->dep_func_cnt & 0xff) == 0) {
sizeof(fp->dep_func[0]) * 0x100);
}
fp->dep_func[fp->dep_func_cnt].name = strdup(name);
+ fp->dep_func[fp->dep_func_cnt].ptr_taken = ptr_taken;
fp->dep_func_cnt++;
}
if (po->flags & OPF_DONE)
continue;
- ret = scan_for_pop(i + 1, opcnt, i + opcnt * 2, reg, 0, 0, 0);
+ ret = scan_for_pop(i + 1, opcnt, i + opcnt * 2,
+ reg, 0, 0, 0, 0);
if (ret == 1) {
regmask_save |= 1 << reg;
po->flags |= OPF_RMD;
- scan_for_pop(i + 1, opcnt, i + opcnt * 3, reg, 0, 0, OPF_RMD);
+ scan_for_pop(i + 1, opcnt, i + opcnt * 3,
+ reg, 0, 0, 0, OPF_RMD);
continue;
}
}
if (g_bp_frame && !(po->flags & OPF_EBP_S))
dep->regmask_live |= 1 << xBP;
}
+ if ((po->flags & OPF_TAIL) && po->pp != NULL
+ && po->pp->is_stdcall)
+ fp->is_stdcall = 1;
}
else if (po->op == OP_RET) {
if (po->operand_cnt > 0) {
ret = 1;
}
else {
- struct parsed_opr opr = OPR_INIT(OPT_REG, OPLM_DWORD, xAX);
j = -1;
from_caller = 0;
- ret = resolve_origin(i, &opr, i + opcnt * 4, &j, &from_caller);
+ ret = resolve_origin_reg(i, xAX, i + opcnt * 4, &j, &from_caller);
}
if (ret != 1 && from_caller) {
& ~regmask_save;
regmask_dst |= po->regmask_dst;
- if (po->flags & OPF_TAIL)
- return;
+ if (po->flags & OPF_TAIL) {
+ if (!(po->flags & OPF_CC)) // not cond. tailcall
+ return;
+ }
}
}
struct func_prototype *fp;
struct func_proto_dep *dep;
struct parsed_op *po;
+ const char *tmpname;
int regmask_dummy = 0;
int regmask_dep;
int regmask_use;
// pass3:
// - remove dead labels
// - collect calls
+ // - collect function ptr refs
for (i = 0; i < opcnt; i++)
{
if (g_labels[i] != NULL && g_label_refs[i].i == -1) {
if (po->op == OP_CALL) {
if (po->operand[0].type == OPT_LABEL)
- hg_fp_add_dep(fp, opr_name(po, 0));
+ hg_fp_add_dep(fp, opr_name(po, 0), 0);
else if (po->pp != NULL)
- hg_fp_add_dep(fp, po->pp->name);
+ hg_fp_add_dep(fp, po->pp->name, 0);
+ }
+ else if (po->op == OP_MOV && po->operand[1].type == OPT_OFFSET) {
+ tmpname = opr_name(po, 1);
+ if (IS_START(tmpname, "p_") || IS_START(tmpname, "sub_"))
+ hg_fp_add_dep(fp, tmpname, 1);
+ }
+ else if (po->op == OP_PUSH && po->operand[0].type == OPT_OFFSET) {
+ tmpname = opr_name(po, 0);
+ if (IS_START(tmpname, "p_") || IS_START(tmpname, "sub_"))
+ hg_fp_add_dep(fp, tmpname, 1);
}
}
if (pp != NULL) {
if (!(po->flags & OPF_ATAIL))
// since we know the args, try to collect them
- if (collect_call_args_early(i, pp, NULL, NULL) != 0)
+ if (collect_call_args_early(i, opcnt, pp, NULL, NULL) != 0)
pp = NULL;
}
if (!pp->is_unresolved && !(po->flags & OPF_ATAIL)) {
// since we know the args, collect them
- ret = collect_call_args(po, i, pp, ®mask_dummy,
+ ret = collect_call_args(po, i, opcnt, pp, ®mask_dummy,
i + opcnt * 1);
}
if (!(po->flags & OPF_TAIL)
}
// pass7
- memset(cbits, 0, sizeof(cbits));
+ memset(cbits, 0, (opcnt + 7) / 8);
regmask_dep = regmask_use = 0;
has_ret = -1;
dep->proto = bsearch(&fp_s, hg_fp, hg_fp_cnt,
sizeof(hg_fp[0]), hg_fp_cmp_name);
if (dep->proto != NULL) {
+ if (dep->ptr_taken) {
+ dep->proto->ptr_taken = 1;
+ continue;
+ }
+
if (!dep->proto->dep_resolved)
hg_fp_resolve_deps(dep->proto);
strcpy(fp_s.name, hg_refs[i]);
fp = bsearch(&fp_s, hg_fp, hg_fp_cnt,
sizeof(hg_fp[0]), hg_fp_cmp_name);
- if (fp == NULL)
- continue;
-
- if (fp->argc_stack != 0 && (fp->regmask_dep & (mxCX | mxDX)))
- fp->regmask_dep |= mxCX | mxDX;
+ if (fp != NULL)
+ fp->ptr_taken = 1;
}
}
regmask_dep = fp->regmask_dep;
argc_normal = fp->argc_stack;
+ if (fp->ptr_taken && regmask_dep
+ && (regmask_dep & ~(mxCX|mxDX)) == 0)
+ {
+ if ((regmask_dep & mxDX) || fp->argc_stack > 0)
+ regmask_dep |= mxCX | mxDX;
+ }
fprintf(fout, "%-5s",
fp->pp ? fp->pp->ret_type.name :
fp->has_ret64 ? "__int64" :
fp->has_ret ? "int" : "void");
- if (regmask_dep && (fp->is_stdcall || fp->argc_stack > 0)
- && (regmask_dep & ~mxCX) == 0)
- {
+ if (regmask_dep == mxCX && fp->is_stdcall && fp->argc_stack > 0) {
fprintf(fout, "/*__thiscall*/ ");
argc_normal++;
regmask_dep = 0;
g_allow_regfunc = 1;
else if (IS(argv[arg], "-uc"))
g_allow_user_icall = 1;
+ else if (IS(argv[arg], "-wu"))
+ g_nowarn_reguse = 1;
else if (IS(argv[arg], "-m"))
multi_seg = 1;
else if (IS(argv[arg], "-hdr"))
}
if (argc < arg + 3) {
- printf("usage:\n%s [-v] [-rf] [-m] <.c> <.asm> <hdr.h> [rlist]*\n"
+ printf("usage:\n%s [options] <.c> <.asm> <hdr.h> [rlist]*\n"
"%s -hdr <out.h> <.asm> <seed.h> [rlist]*\n"
"options:\n"
" -hdr - header generation mode\n"
" -rf - allow unannotated indirect calls\n"
" -uc - allow ind. calls/refs to __usercall\n"
" -m - allow multiple .text sections\n"
+ " -wu - don't warn about bad reg use\n"
"[rlist] is a file with function names to skip,"
" one per line\n",
argv[0], argv[0]);
"clear_regmask",
"rm_regmask",
"nowarn",
+ "argframe",
+ "align_float",
};
// parse manual attribute-list comment
continue;
goto parse_words; // lame
}
- if (IS_START(p, "; sctproto:")) {
- sctproto = strdup(p + 11);
- }
else if (IS_START(p, "; sctend")) {
end = 1;
if (!pending_endp)
break;
}
+ else if (g_skip_func)
+ /* ignore remaining attrs */;
+ else if (IS_START(p, "; sctproto:")) {
+ sctproto = strdup(p + 11);
+ }
else if (IS_START(p, "; sctskip_start")) {
- if (in_func && !g_skip_func) {
+ if (in_func) {
if (!skip_code) {
ops[pi].op = OPP_ABORT;
ops[pi].asmln = asmln;