+ if (*op_i >= 0) {
+ if (*op_i == i || are_ops_same(&ops[*op_i], &ops[i]))
+ return ret | 1;
+
+ return -1;
+ }
+
+ *op_i = i;
+ return ret | 1;
+ }
+}
+
+// find an instruction that previously referenced opr
+// if multiple results are found - fail
+// *op_i must be set to -1 by the caller
+// returns 1 if found, *op_i is then set to referencer insn
+static int resolve_last_ref(int i, const struct parsed_opr *opr,
+ int magic, int *op_i)
+{
+ struct label_ref *lr;
+ int ret = 0;
+
+ while (1) {
+ if (g_labels[i] != NULL) {
+ lr = &g_label_refs[i];
+ for (; lr != NULL; lr = lr->next) {
+ check_i(&ops[i], lr->i);
+ ret |= resolve_last_ref(lr->i, opr, magic, op_i);
+ }
+ if (i > 0 && LAST_OP(i - 1))
+ return ret;
+ }
+
+ i--;
+ if (i < 0)
+ return -1;
+
+ if (ops[i].cc_scratch == magic)
+ return 0;
+ ops[i].cc_scratch = magic;
+
+ if (!is_opr_referenced(opr, &ops[i]))
+ continue;
+
+ if (*op_i >= 0)
+ return -1;
+
+ *op_i = i;
+ return 1;
+ }
+}
+
+// adjust datap of all reachable 'op' insns when moving back
+// returns 1 if at least 1 op was found
+// returns -1 if path without an op was found
+static int adjust_prev_op(int i, enum op_op op, int magic, void *datap)
+{
+ struct label_ref *lr;
+ int ret = 0;
+
+ if (ops[i].cc_scratch == magic)
+ return 0;
+ ops[i].cc_scratch = magic;
+
+ while (1) {
+ if (g_labels[i] != NULL) {
+ lr = &g_label_refs[i];
+ for (; lr != NULL; lr = lr->next) {
+ check_i(&ops[i], lr->i);
+ ret |= adjust_prev_op(lr->i, op, magic, datap);
+ }
+ if (i > 0 && LAST_OP(i - 1))
+ return ret;
+ }
+
+ i--;
+ if (i < 0)
+ return -1;
+
+ if (ops[i].cc_scratch == magic)
+ return 0;
+ ops[i].cc_scratch = magic;
+
+ if (ops[i].op != op)
+ continue;
+
+ ops[i].datap = datap;
+ return 1;
+ }
+}
+
+// find next instruction that reads opr
+// *op_i must be set to -1 by the caller
+// on return, *op_i is set to first referencer insn
+// returns 1 if exactly 1 referencer is found
+static int find_next_read(int i, int opcnt,
+ const struct parsed_opr *opr, int magic, int *op_i)
+{
+ struct parsed_op *po;
+ int j, ret = 0;
+
+ for (; i < opcnt; i++)
+ {
+ if (ops[i].cc_scratch == magic)
+ return ret;
+ ops[i].cc_scratch = magic;
+
+ po = &ops[i];
+ if ((po->flags & OPF_JMP) && po->op != OP_CALL) {
+ if (po->btj != NULL) {
+ // jumptable
+ for (j = 0; j < po->btj->count; j++) {
+ check_i(po, po->btj->d[j].bt_i);
+ ret |= find_next_read(po->btj->d[j].bt_i, opcnt, opr,
+ magic, op_i);
+ }
+ return ret;
+ }
+
+ if (po->flags & OPF_RMD)
+ continue;
+ check_i(po, po->bt_i);
+ if (po->flags & OPF_CJMP) {
+ ret |= find_next_read(po->bt_i, opcnt, opr, magic, op_i);
+ if (ret < 0)
+ return ret;
+ }
+ else
+ i = po->bt_i - 1;
+ continue;
+ }
+
+ if (!is_opr_read(opr, po)) {
+ int full_opr = 1;
+ if (opr->type == OPT_REG && po->operand[0].type == OPT_REG
+ && opr->reg == po->operand[0].reg && (po->flags & OPF_DATA))
+ {
+ full_opr = po->operand[0].lmod >= opr->lmod;
+ }
+ if (is_opr_modified(opr, po) && full_opr) {
+ // it's overwritten
+ return ret;
+ }
+ if (po->flags & OPF_TAIL)
+ return ret;
+ continue;
+ }
+
+ if (*op_i >= 0)
+ return -1;
+
+ *op_i = i;
+ return 1;
+ }
+
+ return 0;
+}
+
+// find next instruction that reads opr
+// *op_i must be set to -1 by the caller
+// on return, *op_i is set to first flag user insn
+// returns 1 if exactly 1 flag user is found
+static int find_next_flag_use(int i, int opcnt, int magic, int *op_i)
+{
+ struct parsed_op *po;
+ int j, ret = 0;
+
+ for (; i < opcnt; i++)
+ {
+ if (ops[i].cc_scratch == magic)
+ return ret;
+ ops[i].cc_scratch = magic;
+
+ po = &ops[i];
+ if (po->op == OP_CALL)
+ return -1;
+ if (po->flags & OPF_JMP) {
+ if (po->btj != NULL) {
+ // jumptable
+ for (j = 0; j < po->btj->count; j++) {
+ check_i(po, po->btj->d[j].bt_i);
+ ret |= find_next_flag_use(po->btj->d[j].bt_i, opcnt,
+ magic, op_i);
+ }
+ return ret;
+ }
+
+ if (po->flags & OPF_RMD)
+ continue;
+ check_i(po, po->bt_i);
+ if (po->flags & OPF_CJMP)
+ goto found;
+ else
+ i = po->bt_i - 1;
+ continue;
+ }
+
+ if (!(po->flags & OPF_CC)) {
+ if (po->flags & OPF_FLAGS)
+ // flags changed
+ return ret;
+ if (po->flags & OPF_TAIL)
+ return ret;
+ continue;
+ }
+
+found:
+ if (*op_i >= 0)
+ return -1;
+
+ *op_i = i;
+ return 1;
+ }
+
+ return 0;
+}
+
+static int try_resolve_const(int i, const struct parsed_opr *opr,
+ int magic, unsigned int *val)
+{
+ int s_i = -1;
+ int ret;
+
+ ret = resolve_origin(i, opr, magic, &s_i, NULL);
+ if (ret == 1) {
+ i = s_i;
+ if (ops[i].op != OP_MOV && ops[i].operand[1].type != OPT_CONST)
+ return -1;
+
+ *val = ops[i].operand[1].val;
+ return 1;
+ }
+
+ return -1;
+}
+
+static int resolve_used_bits(int i, int opcnt, int reg,
+ int *mask, int *is_z_check)
+{
+ struct parsed_opr opr = OPR_INIT(OPT_REG, OPLM_WORD, reg);
+ int j = -1, k = -1;
+ int ret;
+
+ ret = find_next_read(i, opcnt, &opr, i + opcnt * 20, &j);
+ if (ret != 1)
+ return -1;
+
+ find_next_read(j + 1, opcnt, &opr, i + opcnt * 20 + 1, &k);
+ if (k != -1) {
+ fnote(&ops[j], "(first read)\n");
+ ferr(&ops[k], "TODO: bit resolve: multiple readers\n");
+ }
+
+ if (ops[j].op != OP_TEST || ops[j].operand[1].type != OPT_CONST)
+ ferr(&ops[j], "TODO: bit resolve: not a const test\n");
+
+ ferr_assert(&ops[j], ops[j].operand[0].type == OPT_REG);
+ ferr_assert(&ops[j], ops[j].operand[0].reg == reg);
+
+ *mask = ops[j].operand[1].val;
+ if (ops[j].operand[0].lmod == OPLM_BYTE
+ && ops[j].operand[0].name[1] == 'h')
+ {
+ *mask <<= 8;
+ }
+ ferr_assert(&ops[j], (*mask & ~0xffff) == 0);
+
+ *is_z_check = 0;
+ ret = find_next_flag_use(j + 1, opcnt, i + opcnt * 20 + 2, &k);
+ if (ret == 1)
+ *is_z_check = ops[k].pfo == PFO_Z;
+
+ return 0;
+}
+
+static const struct parsed_proto *resolve_deref(int i, int magic,
+ struct parsed_opr *opr, int level)
+{
+ struct parsed_opr opr_s = OPR_INIT(OPT_REG, OPLM_DWORD, 0);
+ const struct parsed_proto *pp = NULL;
+ int from_caller = 0;
+ char s_reg[4];
+ int offset = 0;
+ int len = 0;
+ int j = -1;
+ int k = -1;
+ int reg;
+ int ret;
+
+ ret = sscanf(opr->name, "%3s+%x%n", s_reg, &offset, &len);
+ if (ret != 2 || len != strlen(opr->name)) {
+ ret = sscanf(opr->name, "%3s%n", s_reg, &len);
+ if (ret != 1 || len != strlen(opr->name))
+ return NULL;
+ }
+
+ reg = char_array_i(regs_r32, ARRAY_SIZE(regs_r32), s_reg);
+ if (reg < 0)
+ return NULL;
+
+ opr_s.reg = reg;
+ ret = resolve_origin(i, &opr_s, i + magic, &j, NULL);
+ if (ret != 1)
+ return NULL;
+
+ if (ops[j].op == OP_MOV && ops[j].operand[1].type == OPT_REGMEM
+ && strlen(ops[j].operand[1].name) == 3
+ && ops[j].operand[0].lmod == OPLM_DWORD
+ && ops[j].pp == NULL // no hint
+ && level == 0)
+ {
+ // allow one simple dereference (com/directx)
+ reg = char_array_i(regs_r32, ARRAY_SIZE(regs_r32),
+ ops[j].operand[1].name);
+ if (reg < 0)
+ return NULL;
+ opr_s.reg = reg;
+ ret = resolve_origin(j, &opr_s, j + magic, &k, NULL);
+ if (ret != 1)
+ return NULL;
+ j = k;
+ }
+ if (ops[j].op != OP_MOV || ops[j].operand[0].lmod != OPLM_DWORD)
+ return NULL;
+
+ if (ops[j].pp != NULL) {
+ // type hint in asm
+ pp = ops[j].pp;
+ }
+ else if (ops[j].operand[1].type == OPT_REGMEM) {
+ pp = try_recover_pp(&ops[j], &ops[j].operand[1], 0, NULL);
+ if (pp == NULL) {
+ // maybe structure ptr in structure
+ pp = resolve_deref(j, magic, &ops[j].operand[1], level + 1);
+ }
+ }
+ else if (ops[j].operand[1].type == OPT_LABEL)
+ pp = proto_parse(g_fhdr, ops[j].operand[1].name, g_quiet_pp);
+ else if (ops[j].operand[1].type == OPT_REG) {
+ // maybe arg reg?
+ k = -1;
+ ret = resolve_origin(j, &ops[j].operand[1], i + magic,
+ &k, &from_caller);
+ if (ret != 1 && from_caller && k == -1 && g_func_pp != NULL) {
+ for (k = 0; k < g_func_pp->argc; k++) {
+ if (g_func_pp->arg[k].reg == NULL)
+ continue;
+ if (IS(g_func_pp->arg[k].reg, ops[j].operand[1].name)) {
+ pp = g_func_pp->arg[k].pp;
+ break;
+ }
+ }
+ }
+ }
+
+ if (pp == NULL)
+ return NULL;
+ if (pp->is_func || pp->is_fptr || !pp->type.is_struct) {
+ if (offset != 0)
+ ferr(&ops[j], "expected struct, got '%s %s'\n",
+ pp->type.name, pp->name);
+ return NULL;
+ }
+
+ return proto_lookup_struct(g_fhdr, pp->type.name, offset);
+}
+
+static const struct parsed_proto *resolve_icall(int i, int opcnt,
+ int *pp_i, int *multi_src)
+{
+ const struct parsed_proto *pp = NULL;
+ int search_advice = 0;
+
+ *multi_src = 0;
+ *pp_i = -1;
+
+ switch (ops[i].operand[0].type) {
+ case OPT_REGMEM:
+ // try to resolve struct member calls
+ pp = resolve_deref(i, i + opcnt * 19, &ops[i].operand[0], 0);
+ if (pp != NULL)
+ break;
+ // fallthrough
+ case OPT_LABEL:
+ case OPT_OFFSET:
+ pp = try_recover_pp(&ops[i], &ops[i].operand[0],
+ 1, &search_advice);
+ if (!search_advice)
+ break;
+ // fallthrough
+ default:
+ scan_for_call_type(i, &ops[i].operand[0], i + opcnt * 9, &pp,
+ pp_i, multi_src);
+ break;
+ }
+
+ return pp;
+}
+
+static struct parsed_proto *process_call_early(int i, int opcnt,
+ int *adj_i)
+{
+ struct parsed_op *po = &ops[i];
+ struct parsed_proto *pp;
+ int multipath = 0;
+ int adj = 0;
+ int j, ret;
+
+ pp = po->pp;
+ if (pp == NULL || pp->is_vararg || pp->argc_reg != 0)
+ // leave for later
+ return NULL;
+
+ // look for and make use of esp adjust
+ *adj_i = ret = -1;
+ if (!pp->is_stdcall && pp->argc_stack > 0)
+ ret = scan_for_esp_adjust(i + 1, opcnt,
+ pp->argc_stack * 4, &adj, &multipath, 0);
+ if (ret >= 0) {
+ if (pp->argc_stack > adj / 4)
+ return NULL;
+ if (multipath)
+ return NULL;
+ if (ops[ret].op == OP_POP) {
+ for (j = 1; j < adj / 4; j++) {
+ if (ops[ret + j].op != OP_POP
+ || ops[ret + j].operand[0].reg != xCX)
+ {
+ return NULL;
+ }
+ }
+ }
+ }
+
+ *adj_i = ret;
+ return pp;
+}
+
+static struct parsed_proto *process_call(int i, int opcnt)
+{
+ struct parsed_op *po = &ops[i];
+ const struct parsed_proto *pp_c;
+ struct parsed_proto *pp;
+ const char *tmpname;
+ int call_i = -1, ref_i = -1;
+ int adj = 0, multipath = 0;
+ int ret, arg;
+
+ tmpname = opr_name(po, 0);
+ pp = po->pp;
+ if (pp == NULL)
+ {
+ // indirect call
+ pp_c = resolve_icall(i, opcnt, &call_i, &multipath);
+ if (pp_c != NULL) {
+ if (!pp_c->is_func && !pp_c->is_fptr)
+ ferr(po, "call to non-func: %s\n", pp_c->name);
+ pp = proto_clone(pp_c);
+ my_assert_not(pp, NULL);
+ if (multipath)
+ // not resolved just to single func
+ pp->is_fptr = 1;
+
+ switch (po->operand[0].type) {
+ case OPT_REG:
+ // we resolved this call and no longer need the register
+ po->regmask_src &= ~(1 << po->operand[0].reg);
+
+ if (!multipath && i != call_i && ops[call_i].op == OP_MOV
+ && ops[call_i].operand[1].type == OPT_LABEL)
+ {
+ // no other source users?
+ ret = resolve_last_ref(i, &po->operand[0], i + opcnt * 10,
+ &ref_i);
+ if (ret == 1 && call_i == ref_i) {
+ // and nothing uses it after us?
+ ref_i = -1;
+ find_next_read(i + 1, opcnt, &po->operand[0],
+ i + opcnt * 11, &ref_i);
+ if (ref_i == -1)
+ // then also don't need the source mov
+ ops[call_i].flags |= OPF_RMD | OPF_NOREGS;
+ }
+ }
+ break;
+ case OPT_REGMEM:
+ pp->is_fptr = 1;
+ break;
+ default:
+ break;
+ }
+ }
+ if (pp == NULL) {
+ pp = calloc(1, sizeof(*pp));
+ my_assert_not(pp, NULL);
+
+ pp->is_fptr = 1;
+ ret = scan_for_esp_adjust(i + 1, opcnt,
+ -1, &adj, &multipath, 0);
+ if (ret < 0 || adj < 0) {
+ if (!g_allow_regfunc)
+ ferr(po, "non-__cdecl indirect call unhandled yet\n");
+ pp->is_unresolved = 1;
+ adj = 0;
+ }
+ adj /= 4;
+ if (adj > ARRAY_SIZE(pp->arg))
+ ferr(po, "esp adjust too large: %d\n", adj);
+ pp->ret_type.name = strdup("int");
+ pp->argc = pp->argc_stack = adj;
+ for (arg = 0; arg < pp->argc; arg++)
+ pp->arg[arg].type.name = strdup("int");
+ }
+ po->pp = pp;
+ }
+
+ // look for and make use of esp adjust
+ multipath = 0;
+ ret = -1;
+ if (!pp->is_stdcall && pp->argc_stack > 0) {
+ int adj_expect = pp->is_vararg ? -1 : pp->argc_stack * 4;
+ ret = scan_for_esp_adjust(i + 1, opcnt,
+ adj_expect, &adj, &multipath, 0);
+ }
+ if (ret >= 0) {
+ if (pp->is_vararg) {
+ if (adj / 4 < pp->argc_stack) {
+ fnote(po, "(this call)\n");
+ ferr(&ops[ret], "esp adjust is too small: %x < %x\n",
+ adj, pp->argc_stack * 4);
+ }
+ // modify pp to make it have varargs as normal args
+ arg = pp->argc;
+ pp->argc += adj / 4 - pp->argc_stack;
+ for (; arg < pp->argc; arg++) {
+ pp->arg[arg].type.name = strdup("int");
+ pp->argc_stack++;
+ }
+ if (pp->argc > ARRAY_SIZE(pp->arg))
+ ferr(po, "too many args for '%s'\n", tmpname);
+ }
+ if (pp->argc_stack > adj / 4) {
+ if (pp->is_noreturn)
+ // assume no stack adjust was emited
+ goto out;
+ fnote(po, "(this call)\n");
+ ferr(&ops[ret], "stack tracking failed for '%s': %x %x\n",
+ tmpname, pp->argc_stack * 4, adj);
+ }
+
+ scan_for_esp_adjust(i + 1, opcnt,
+ pp->argc_stack * 4, &adj, &multipath, 1);
+ }
+ else if (pp->is_vararg)
+ ferr(po, "missing esp_adjust for vararg func '%s'\n",
+ pp->name);
+
+out:
+ return pp;
+}
+
+static void mark_float_arg(struct parsed_op *po,
+ struct parsed_proto *pp, int arg, int *regmask_ffca)
+{
+ po->p_argnext = -1;
+ po->p_argnum = arg + 1;
+ ferr_assert(po, pp->arg[arg].datap == NULL);
+ pp->arg[arg].datap = po;
+ po->flags |= OPF_DONE | OPF_FARGNR | OPF_FARG;
+ if (regmask_ffca != NULL)
+ *regmask_ffca |= 1 << arg;
+}
+
+static int check_for_stp(int i, int i_to)
+{
+ struct parsed_op *po;
+
+ for (; i < i_to; i++) {
+ po = &ops[i];
+ if (po->op == OP_FST)
+ return i;
+ if (g_labels[i] != NULL || (po->flags & OPF_JMP))
+ return -1;
+ if (po->op == OP_CALL || po->op == OP_PUSH || po->op == OP_POP)
+ return -1;
+ if (po->op == OP_ADD && po->operand[0].reg == xSP)
+ return -1;
+ }
+
+ return -1;
+}
+
+static int collect_call_args_no_push(int i, struct parsed_proto *pp,
+ int *regmask_ffca)
+{
+ struct parsed_op *po;
+ int offset = 0;
+ int base_arg;
+ int j, arg;
+ int ret;
+
+ for (base_arg = 0; base_arg < pp->argc; base_arg++)
+ if (pp->arg[base_arg].reg == NULL)
+ break;
+
+ for (j = i; j > 0; )
+ {
+ ferr_assert(&ops[j], g_labels[j] == NULL);
+ j--;
+
+ po = &ops[j];
+ ferr_assert(po, po->op != OP_PUSH);
+ if (po->op == OP_FST)
+ {
+ if (po->operand[0].type != OPT_REGMEM)
+ continue;
+ ret = parse_stack_esp_offset(po, po->operand[0].name, &offset);
+ if (ret != 0)
+ continue;
+ if (offset < 0 || offset >= pp->argc_stack * 4 || (offset & 3)) {
+ //ferr(po, "offset %d, %d args\n", offset, pp->argc_stack);
+ continue;
+ }
+
+ arg = base_arg + offset / 4;
+ mark_float_arg(po, pp, arg, regmask_ffca);
+ }
+ else if (po->op == OP_SUB && po->operand[0].reg == xSP
+ && po->operand[1].type == OPT_CONST)
+ {
+ po->flags |= OPF_RMD | OPF_DONE | OPF_FARGNR | OPF_FARG;
+ break;
+ }
+ }
+
+ for (arg = base_arg; arg < pp->argc; arg++) {
+ ferr_assert(&ops[i], pp->arg[arg].reg == NULL);
+ po = pp->arg[arg].datap;
+ if (po == NULL)
+ ferr(&ops[i], "arg %d/%d not found\n", arg, pp->argc);
+ if (po->operand[0].lmod == OPLM_QWORD)
+ arg++;
+ }
+
+ return 0;
+}
+
+static int collect_call_args_early(int i, struct parsed_proto *pp,
+ int *regmask, int *regmask_ffca)
+{
+ struct parsed_op *po;
+ int arg, ret;
+ int offset;
+ int j, k;
+
+ for (arg = 0; arg < pp->argc; arg++)
+ if (pp->arg[arg].reg == NULL)
+ break;
+
+ // first see if it can be easily done
+ for (j = i; j > 0 && arg < pp->argc; )
+ {
+ if (g_labels[j] != NULL)
+ return -1;
+ j--;
+
+ po = &ops[j];
+ if (po->op == OP_CALL)
+ return -1;
+ else if (po->op == OP_ADD && po->operand[0].reg == xSP)
+ return -1;
+ else if (po->op == OP_POP)
+ return -1;
+ else if (po->flags & OPF_CJMP)
+ return -1;
+ else if (po->op == OP_PUSH) {
+ if (po->flags & (OPF_FARG|OPF_FARGNR))
+ return -1;
+ if (!g_header_mode) {
+ ret = scan_for_mod(po, j + 1, i, 1);
+ if (ret >= 0)
+ return -1;
+ }
+
+ if (pp->arg[arg].type.is_va_list)
+ return -1;
+
+ // next arg
+ for (arg++; arg < pp->argc; arg++)
+ if (pp->arg[arg].reg == NULL)
+ break;
+ }
+ else if (po->op == OP_SUB && po->operand[0].reg == xSP
+ && po->operand[1].type == OPT_CONST)
+ {
+ if (po->flags & (OPF_RMD|OPF_DONE))
+ return -1;
+ if (po->operand[1].val != pp->argc_stack * 4)
+ ferr(po, "unexpected esp adjust: %d\n",
+ po->operand[1].val * 4);
+ ferr_assert(po, pp->argc - arg == pp->argc_stack);
+ return collect_call_args_no_push(i, pp, regmask_ffca);
+ }
+ }
+
+ if (arg < pp->argc)
+ return -1;
+
+ // now do it
+ for (arg = 0; arg < pp->argc; arg++)
+ if (pp->arg[arg].reg == NULL)
+ break;
+
+ for (j = i; j > 0 && arg < pp->argc; )
+ {
+ j--;
+
+ if (ops[j].op == OP_PUSH)
+ {
+ ops[j].p_argnext = -1;
+ ferr_assert(&ops[j], pp->arg[arg].datap == NULL);
+
+ k = check_for_stp(j + 1, i);
+ if (k != -1) {
+ // push ecx; fstp dword ptr [esp]
+ ret = parse_stack_esp_offset(&ops[k],
+ ops[k].operand[0].name, &offset);
+ if (ret == 0 && offset == 0) {
+ if (!pp->arg[arg].type.is_float)
+ ferr(&ops[i], "arg %d should be float\n", arg + 1);
+ mark_float_arg(&ops[k], pp, arg, regmask_ffca);
+ }
+ }
+
+ if (pp->arg[arg].datap == NULL) {
+ pp->arg[arg].datap = &ops[j];
+ if (regmask != NULL && ops[j].operand[0].type == OPT_REG)
+ *regmask |= 1 << ops[j].operand[0].reg;
+ }
+
+ ops[j].flags |= OPF_RMD | OPF_DONE | OPF_FARGNR | OPF_FARG;
+ ops[j].flags &= ~OPF_RSAVE;
+
+ // next arg
+ for (arg++; arg < pp->argc; arg++)
+ if (pp->arg[arg].reg == NULL)
+ break;
+ }
+ }
+
+ return 0;
+}
+
+static int sync_argnum(struct parsed_op *po, int argnum)
+{
+ struct parsed_op *po_tmp;
+
+ // see if other branches don't have higher argnum
+ for (po_tmp = po; po_tmp != NULL; ) {
+ if (argnum < po_tmp->p_argnum)
+ argnum = po_tmp->p_argnum;
+ // note: p_argnext is active on current collect_call_args only
+ po_tmp = po_tmp->p_argnext >= 0 ? &ops[po_tmp->p_argnext] : NULL;
+ }
+
+ // make all argnums consistent
+ for (po_tmp = po; po_tmp != NULL; ) {
+ if (po_tmp->p_argnum != 0)
+ po_tmp->p_argnum = argnum;
+ po_tmp = po_tmp->p_argnext >= 0 ? &ops[po_tmp->p_argnext] : NULL;
+ }
+
+ return argnum;
+}
+
+static int collect_call_args_r(struct parsed_op *po, int i,
+ struct parsed_proto *pp, int *regmask, int *arg_grp,
+ int arg, int argnum, int magic, int need_op_saving, int may_reuse)
+{
+ struct parsed_proto *pp_tmp;
+ struct parsed_op *po_tmp;
+ struct label_ref *lr;
+ int need_to_save_current;
+ int arg_grp_current = 0;
+ int save_args_seen = 0;
+ int ret = 0;
+ int reg;
+ char buf[32];
+ int j, k;
+
+ if (i < 0) {
+ ferr(po, "dead label encountered\n");
+ return -1;
+ }
+
+ for (; arg < pp->argc; arg++, argnum++)
+ if (pp->arg[arg].reg == NULL)
+ break;
+ magic = (magic & 0xffffff) | (arg << 24);
+
+ for (j = i; j >= 0 && (arg < pp->argc || pp->is_unresolved); )
+ {
+ if (((ops[j].cc_scratch ^ magic) & 0xffffff) == 0) {
+ if (ops[j].cc_scratch != magic) {
+ ferr(&ops[j], "arg collect hit same path with diff args for %s\n",
+ pp->name);
+ return -1;
+ }
+ // ok: have already been here
+ return 0;
+ }
+ ops[j].cc_scratch = magic;
+
+ if (g_labels[j] != NULL && g_label_refs[j].i != -1) {
+ lr = &g_label_refs[j];
+ if (lr->next != NULL)
+ need_op_saving = 1;
+ for (; lr->next; lr = lr->next) {
+ check_i(&ops[j], lr->i);
+ if ((ops[lr->i].flags & (OPF_JMP|OPF_CJMP)) != OPF_JMP)
+ may_reuse = 1;
+ ret = collect_call_args_r(po, lr->i, pp, regmask, arg_grp,
+ arg, argnum, magic, need_op_saving, may_reuse);
+ if (ret < 0)
+ return ret;
+ }
+
+ check_i(&ops[j], lr->i);
+ if ((ops[lr->i].flags & (OPF_JMP|OPF_CJMP)) != OPF_JMP)
+ may_reuse = 1;
+ if (j > 0 && LAST_OP(j - 1)) {
+ // follow last branch in reverse
+ j = lr->i;
+ continue;
+ }
+ need_op_saving = 1;
+ ret = collect_call_args_r(po, lr->i, pp, regmask, arg_grp,
+ arg, argnum, magic, need_op_saving, may_reuse);
+ if (ret < 0)
+ return ret;
+ }
+ j--;
+
+ if (ops[j].op == OP_CALL)
+ {
+ if (pp->is_unresolved)
+ break;
+
+ pp_tmp = ops[j].pp;
+ if (pp_tmp == NULL)
+ ferr(po, "arg collect %d/%d hit unparsed call '%s'\n",
+ arg, pp->argc, ops[j].operand[0].name);
+ if (may_reuse && pp_tmp->argc_stack > 0)
+ ferr(po, "arg collect %d/%d hit '%s' with %d stack args\n",
+ arg, pp->argc, opr_name(&ops[j], 0), pp_tmp->argc_stack);
+ }
+ // esp adjust of 0 means we collected it before
+ else if (ops[j].op == OP_ADD && ops[j].operand[0].reg == xSP
+ && (ops[j].operand[1].type != OPT_CONST
+ || ops[j].operand[1].val != 0))
+ {
+ if (pp->is_unresolved)
+ break;
+
+ fnote(po, "(this call)\n");
+ ferr(&ops[j], "arg collect %d/%d hit esp adjust of %d\n",
+ arg, pp->argc, ops[j].operand[1].val);
+ }
+ else if (ops[j].op == OP_POP && !(ops[j].flags & OPF_DONE))
+ {
+ if (pp->is_unresolved)
+ break;
+
+ fnote(po, "(this call)\n");
+ ferr(&ops[j], "arg collect %d/%d hit pop\n", arg, pp->argc);
+ }
+ else if (ops[j].flags & OPF_CJMP)
+ {
+ if (pp->is_unresolved)
+ break;
+
+ may_reuse = 1;
+ }
+ else if (ops[j].op == OP_PUSH
+ && !(ops[j].flags & (OPF_FARGNR|OPF_DONE)))
+ {
+ if (pp->is_unresolved && (ops[j].flags & OPF_RMD))
+ break;
+
+ ops[j].p_argnext = -1;
+ po_tmp = pp->arg[arg].datap;
+ if (po_tmp != NULL)
+ ops[j].p_argnext = po_tmp - ops;
+ pp->arg[arg].datap = &ops[j];
+
+ argnum = sync_argnum(&ops[j], argnum);
+
+ need_to_save_current = 0;
+ reg = -1;
+ if (ops[j].operand[0].type == OPT_REG)
+ reg = ops[j].operand[0].reg;
+
+ if (!need_op_saving) {
+ ret = scan_for_mod(&ops[j], j + 1, i, 1);
+ need_to_save_current = (ret >= 0);
+ }
+ if (need_op_saving || need_to_save_current) {
+ // mark this arg as one that needs operand saving
+ pp->arg[arg].is_saved = 1;
+
+ if (save_args_seen & (1 << (argnum - 1))) {
+ save_args_seen = 0;
+ arg_grp_current++;
+ if (arg_grp_current >= MAX_ARG_GRP)
+ ferr(&ops[j], "out of arg groups (arg%d), f %s\n",
+ argnum, pp->name);
+ }
+ }
+ else if (ops[j].p_argnum == 0)
+ ops[j].flags |= OPF_RMD;
+
+ // some PUSHes are reused by different calls on other branches,
+ // but that can't happen if we didn't branch, so they
+ // can be removed from future searches (handles nested calls)
+ if (!may_reuse)
+ ops[j].flags |= OPF_FARGNR;
+
+ ops[j].flags |= OPF_FARG;
+ ops[j].flags &= ~OPF_RSAVE;
+
+ // check for __VALIST
+ if (!pp->is_unresolved && g_func_pp != NULL
+ && pp->arg[arg].type.is_va_list)
+ {
+ k = -1;
+ ret = resolve_origin(j, &ops[j].operand[0],
+ magic + 1, &k, NULL);
+ if (ret == 1 && k >= 0)
+ {
+ if (ops[k].op == OP_LEA) {
+ if (!g_func_pp->is_vararg)
+ ferr(&ops[k], "lea <arg> used, but %s is not vararg?\n",
+ g_func_pp->name);
+
+ snprintf(buf, sizeof(buf), "arg_%X",
+ g_func_pp->argc_stack * 4);
+ if (strstr(ops[k].operand[1].name, buf)
+ || strstr(ops[k].operand[1].name, "arglist"))
+ {
+ ops[k].flags |= OPF_RMD | OPF_NOREGS | OPF_DONE;
+ ops[j].flags |= OPF_RMD | OPF_NOREGS | OPF_VAPUSH;
+ pp->arg[arg].is_saved = 0;
+ reg = -1;
+ }
+ else
+ ferr(&ops[k], "va_list arg detection failed\n");
+ }
+ // check for va_list from g_func_pp arg too
+ else if (ops[k].op == OP_MOV
+ && is_stack_access(&ops[k], &ops[k].operand[1]))
+ {
+ ret = stack_frame_access(&ops[k], &ops[k].operand[1],
+ buf, sizeof(buf), ops[k].operand[1].name, "", 1, 0);
+ if (ret >= 0) {
+ ops[k].flags |= OPF_RMD | OPF_DONE;
+ ops[j].flags |= OPF_RMD;
+ ops[j].p_argpass = ret + 1;
+ pp->arg[arg].is_saved = 0;
+ reg = -1;
+ }
+ }
+ }
+ }
+
+ if (pp->arg[arg].is_saved) {
+ ops[j].flags &= ~OPF_RMD;
+ ops[j].p_argnum = argnum;
+ }
+
+ // tracking reg usage
+ if (reg >= 0)
+ *regmask |= 1 << reg;
+
+ arg++;
+ argnum++;
+ if (!pp->is_unresolved) {
+ // next arg
+ for (; arg < pp->argc; arg++, argnum++)
+ if (pp->arg[arg].reg == NULL)
+ break;
+ }
+ magic = (magic & 0xffffff) | (arg << 24);
+ }
+
+ if (ops[j].p_arggrp > arg_grp_current) {
+ save_args_seen = 0;
+ arg_grp_current = ops[j].p_arggrp;
+ }
+ if (ops[j].p_argnum > 0)
+ save_args_seen |= 1 << (ops[j].p_argnum - 1);
+ }
+
+ if (arg < pp->argc) {
+ ferr(po, "arg collect failed for '%s': %d/%d\n",
+ pp->name, arg, pp->argc);
+ return -1;
+ }
+
+ if (arg_grp_current > *arg_grp)
+ *arg_grp = arg_grp_current;
+
+ return arg;
+}
+
+static int collect_call_args(struct parsed_op *po, int i,
+ struct parsed_proto *pp, int *regmask, int magic)
+{
+ // arg group is for cases when pushes for
+ // multiple funcs are going on
+ struct parsed_op *po_tmp;
+ int arg_grp = 0;
+ int ret;
+ int a;
+
+ ret = collect_call_args_r(po, i, pp, regmask, &arg_grp,
+ 0, 1, magic, 0, 0);
+ if (ret < 0)
+ return ret;
+
+ if (arg_grp != 0) {
+ // propagate arg_grp
+ for (a = 0; a < pp->argc; a++) {
+ if (pp->arg[a].reg != NULL)
+ continue;
+
+ po_tmp = pp->arg[a].datap;
+ while (po_tmp != NULL) {
+ po_tmp->p_arggrp = arg_grp;
+ po_tmp = po_tmp->p_argnext >= 0 ? &ops[po_tmp->p_argnext] : NULL;
+ }
+ }
+ }
+
+ if (pp->is_unresolved) {
+ pp->argc += ret;
+ pp->argc_stack += ret;
+ for (a = 0; a < pp->argc; a++)
+ if (pp->arg[a].type.name == NULL)
+ pp->arg[a].type.name = strdup("int");
+ }
+
+ return ret;
+}
+
+static void reg_use_pass(int i, int opcnt, unsigned char *cbits,
+ int regmask_now, int *regmask,
+ int regmask_save_now, int *regmask_save,
+ int *regmask_init, int regmask_arg)
+{
+ struct parsed_op *po;
+ int already_saved;
+ int regmask_new;
+ int regmask_op;
+ int flags_set;
+ int ret, reg;
+ int j;
+
+ for (; i < opcnt; i++)
+ {
+ po = &ops[i];
+ if (cbits[i >> 3] & (1 << (i & 7)))
+ return;
+ cbits[i >> 3] |= (1 << (i & 7));
+
+ if ((po->flags & OPF_JMP) && po->op != OP_CALL) {
+ if (po->flags & (OPF_RMD|OPF_DONE))
+ continue;
+ if (po->btj != NULL) {
+ for (j = 0; j < po->btj->count; j++) {
+ check_i(po, po->btj->d[j].bt_i);
+ reg_use_pass(po->btj->d[j].bt_i, opcnt, cbits,
+ regmask_now, regmask, regmask_save_now, regmask_save,
+ regmask_init, regmask_arg);
+ }
+ return;
+ }
+
+ check_i(po, po->bt_i);
+ if (po->flags & OPF_CJMP)
+ reg_use_pass(po->bt_i, opcnt, cbits,
+ regmask_now, regmask, regmask_save_now, regmask_save,
+ regmask_init, regmask_arg);
+ else
+ i = po->bt_i - 1;
+ continue;
+ }
+
+ if (po->op == OP_PUSH && !(po->flags & (OPF_FARG|OPF_DONE))
+ && !g_func_pp->is_userstack
+ && po->operand[0].type == OPT_REG)
+ {
+ reg = po->operand[0].reg;
+ ferr_assert(po, reg >= 0);
+
+ already_saved = 0;
+ flags_set = OPF_RSAVE | OPF_RMD | OPF_DONE;
+ if (regmask_now & (1 << reg)) {
+ already_saved = regmask_save_now & (1 << reg);
+ flags_set = OPF_RSAVE | OPF_DONE;
+ }
+
+ ret = scan_for_pop(i + 1, opcnt, i + opcnt * 3, reg, 0, 0, 0);
+ if (ret == 1) {
+ scan_for_pop(i + 1, opcnt, i + opcnt * 4,
+ reg, 0, 0, flags_set);
+ }
+ else {
+ ret = scan_for_pop_ret(i + 1, opcnt, po->operand[0].reg, 0);
+ if (ret == 1) {
+ scan_for_pop_ret(i + 1, opcnt, po->operand[0].reg,
+ flags_set);
+ }
+ }
+ if (ret == 1) {
+ ferr_assert(po, !already_saved);
+ po->flags |= flags_set;
+
+ if (regmask_now & (1 << reg)) {
+ regmask_save_now |= (1 << reg);
+ *regmask_save |= regmask_save_now;
+ }
+ continue;
+ }
+ }
+ else if (po->op == OP_POP && (po->flags & OPF_RSAVE)) {
+ reg = po->operand[0].reg;
+ ferr_assert(po, reg >= 0);
+
+ if (regmask_save_now & (1 << reg))
+ regmask_save_now &= ~(1 << reg);
+ else
+ regmask_now &= ~(1 << reg);
+ continue;
+ }
+ else if (po->op == OP_CALL) {
+ if ((po->regmask_dst & (1 << xAX))
+ && !(po->regmask_dst & (1 << xDX)))
+ {
+ if (po->flags & OPF_TAIL)
+ // don't need eax, will do "return f();" or "f(); return;"
+ po->regmask_dst &= ~(1 << xAX);
+ else {
+ struct parsed_opr opr = OPR_INIT(OPT_REG, OPLM_DWORD, xAX);
+ j = -1;
+ find_next_read(i + 1, opcnt, &opr, i + opcnt * 17, &j);
+ if (j == -1)
+ // not used
+ po->regmask_dst &= ~(1 << xAX);
+ }
+ }
+
+ // not "full stack" mode and have something in stack
+ if (!(regmask_now & mxST7_2) && (regmask_now & mxST1_0))
+ ferr(po, "float stack is not empty on func call\n");
+ }
+
+ if (po->flags & OPF_NOREGS)
+ continue;
+
+ // if incomplete register is used, clear it on init to avoid
+ // later use of uninitialized upper part in some situations
+ if ((po->flags & OPF_DATA) && po->operand[0].type == OPT_REG
+ && po->operand[0].lmod != OPLM_DWORD)
+ {
+ reg = po->operand[0].reg;
+ ferr_assert(po, reg >= 0);
+
+ if (!(regmask_now & (1 << reg)))
+ *regmask_init |= 1 << reg;
+ }
+
+ regmask_op = po->regmask_src | po->regmask_dst;
+
+ regmask_new = po->regmask_src & ~regmask_now & ~regmask_arg;
+ regmask_new &= ~(1 << xSP);
+ if (g_bp_frame && !(po->flags & OPF_EBP_S))
+ regmask_new &= ~(1 << xBP);
+
+ if (regmask_new != 0)
+ fnote(po, "uninitialized reg mask: %x\n", regmask_new);
+
+ if (regmask_op & (1 << xBP)) {
+ if (g_bp_frame && !(po->flags & OPF_EBP_S)) {
+ if (po->regmask_dst & (1 << xBP))
+ // compiler decided to drop bp frame and use ebp as scratch
+ scan_fwd_set_flags(i + 1, opcnt, i + opcnt * 5, OPF_EBP_S);
+ else
+ regmask_op &= ~(1 << xBP);
+ }
+ }
+
+ if (po->flags & OPF_FPUSH) {
+ if (regmask_now & mxST1)
+ regmask_now |= mxSTa; // switch to "full stack" mode
+ if (regmask_now & mxSTa)
+ po->flags |= OPF_FSHIFT;
+ if (!(regmask_now & mxST7_2)) {
+ regmask_now =
+ (regmask_now & ~mxST1_0) | ((regmask_now & mxST0) << 1);
+ }
+ }
+
+ regmask_now |= regmask_op;
+ *regmask |= regmask_now;
+
+ // released regs
+ if (po->flags & OPF_FPOPP) {
+ if ((regmask_now & mxSTa) == 0)
+ ferr(po, "float pop on empty stack?\n");
+ if (regmask_now & mxST7_2)
+ po->flags |= OPF_FSHIFT;
+ if (!(regmask_now & mxST7_2))
+ regmask_now &= ~mxST1_0;
+ }
+ else if (po->flags & OPF_FPOP) {
+ if ((regmask_now & mxSTa) == 0)
+ ferr(po, "float pop on empty stack?\n");
+ if (regmask_now & (mxST7_2 | mxST1))
+ po->flags |= OPF_FSHIFT;
+ if (!(regmask_now & mxST7_2)) {
+ regmask_now =
+ (regmask_now & ~mxST1_0) | ((regmask_now & mxST1) >> 1);
+ }
+ }
+
+ if (po->flags & OPF_TAIL) {
+ if (!(regmask_now & mxST7_2)) {
+ if (get_pp_arg_regmask_dst(g_func_pp) & mxST0) {
+ if (!(regmask_now & mxST0))
+ ferr(po, "no st0 on float return, mask: %x\n",
+ regmask_now);
+ }
+ else if (regmask_now & mxST1_0)
+ ferr(po, "float regs on tail: %x\n", regmask_now);
+ }
+
+ // there is support for "conditional tailcall", sort of
+ if (!(po->flags & OPF_CC))
+ return;
+ }
+ }
+}
+
+static void pp_insert_reg_arg(struct parsed_proto *pp, const char *reg)
+{
+ int i;
+
+ for (i = 0; i < pp->argc; i++)
+ if (pp->arg[i].reg == NULL)
+ break;
+
+ if (pp->argc_stack)
+ memmove(&pp->arg[i + 1], &pp->arg[i],
+ sizeof(pp->arg[0]) * pp->argc_stack);
+ memset(&pp->arg[i], 0, sizeof(pp->arg[i]));
+ pp->arg[i].reg = strdup(reg);
+ pp->arg[i].type.name = strdup("int");
+ pp->argc++;
+ pp->argc_reg++;
+}
+
+static void output_std_flag_z(FILE *fout, struct parsed_op *po,
+ int *pfomask, const char *dst_opr_text)
+{
+ if (*pfomask & (1 << PFO_Z)) {
+ fprintf(fout, "\n cond_z = (%s%s == 0);",
+ lmod_cast_u(po, po->operand[0].lmod), dst_opr_text);
+ *pfomask &= ~(1 << PFO_Z);
+ }
+}
+
+static void output_std_flag_s(FILE *fout, struct parsed_op *po,
+ int *pfomask, const char *dst_opr_text)
+{
+ if (*pfomask & (1 << PFO_S)) {
+ fprintf(fout, "\n cond_s = (%s%s < 0);",
+ lmod_cast_s(po, po->operand[0].lmod), dst_opr_text);
+ *pfomask &= ~(1 << PFO_S);
+ }
+}
+
+static void output_std_flags(FILE *fout, struct parsed_op *po,
+ int *pfomask, const char *dst_opr_text)
+{
+ output_std_flag_z(fout, po, pfomask, dst_opr_text);
+ output_std_flag_s(fout, po, pfomask, dst_opr_text);
+}
+
+enum {
+ OPP_FORCE_NORETURN = (1 << 0),
+ OPP_SIMPLE_ARGS = (1 << 1),
+ OPP_ALIGN = (1 << 2),
+};
+
+static void output_pp_attrs(FILE *fout, const struct parsed_proto *pp,
+ int flags)
+{
+ const char *cconv = "";
+
+ if (pp->is_fastcall)
+ cconv = "__fastcall ";
+ else if (pp->is_stdcall && pp->argc_reg == 0)
+ cconv = "__stdcall ";
+
+ fprintf(fout, (flags & OPP_ALIGN) ? "%-16s" : "%s", cconv);
+
+ if (pp->is_noreturn || (flags & OPP_FORCE_NORETURN))
+ fprintf(fout, "noreturn ");
+}
+
+static void output_pp(FILE *fout, const struct parsed_proto *pp,
+ int flags)
+{
+ int i;
+
+ fprintf(fout, (flags & OPP_ALIGN) ? "%-5s" : "%s ",
+ pp->ret_type.name);
+ if (pp->is_fptr)
+ fprintf(fout, "(");
+ output_pp_attrs(fout, pp, flags);
+ if (pp->is_fptr)
+ fprintf(fout, "*");
+ fprintf(fout, "%s", pp->name);
+ if (pp->is_fptr)
+ fprintf(fout, ")");
+
+ fprintf(fout, "(");
+ for (i = 0; i < pp->argc; i++) {
+ if (i > 0)
+ fprintf(fout, ", ");
+ if (pp->arg[i].pp != NULL && pp->arg[i].pp->is_func
+ && !(flags & OPP_SIMPLE_ARGS))
+ {
+ // func pointer
+ output_pp(fout, pp->arg[i].pp, 0);
+ }
+ else if (pp->arg[i].type.is_retreg) {
+ fprintf(fout, "u32 *r_%s", pp->arg[i].reg);
+ }
+ else {
+ fprintf(fout, "%s", pp->arg[i].type.name);
+ if (!pp->is_fptr)
+ fprintf(fout, " a%d", i + 1);
+ }