5 * This work is licensed under the terms of 3-clause BSD license.
6 * See COPYING file in the top-level directory.
14 #include "my_assert.h"
18 #define ARRAY_SIZE(x) (sizeof(x) / sizeof(x[0]))
19 #define IS(w, y) !strcmp(w, y)
20 #define IS_START(w, y) !strncmp(w, y, strlen(y))
22 #include "protoparse.h"
24 static const char *asmfn;
28 #define anote(fmt, ...) \
29 printf("%s:%d: note: " fmt, asmfn, asmln, ##__VA_ARGS__)
30 #define awarn(fmt, ...) \
31 printf("%s:%d: warning: " fmt, asmfn, asmln, ##__VA_ARGS__)
32 #define aerr(fmt, ...) do { \
33 printf("%s:%d: error: " fmt, asmfn, asmln, ##__VA_ARGS__); \
38 #include "masm_tools.h"
41 OPF_RMD = (1 << 0), /* removed from code generation */
42 OPF_DATA = (1 << 1), /* data processing - writes to dst opr */
43 OPF_FLAGS = (1 << 2), /* sets flags */
44 OPF_JMP = (1 << 3), /* branch, call */
45 OPF_CJMP = (1 << 4), /* cond. branch (cc or jecxz) */
46 OPF_CC = (1 << 5), /* uses flags */
47 OPF_TAIL = (1 << 6), /* ret or tail call */
48 OPF_RSAVE = (1 << 7), /* push/pop is local reg save/load */
49 OPF_REP = (1 << 8), /* prefixed by rep */
50 OPF_REPZ = (1 << 9), /* rep is repe/repz */
51 OPF_REPNZ = (1 << 10), /* rep is repne/repnz */
52 OPF_FARG = (1 << 11), /* push collected as func arg */
53 OPF_FARGNR = (1 << 12), /* push collected as func arg (no reuse) */
54 OPF_EBP_S = (1 << 13), /* ebp used as scratch here, not BP */
55 OPF_DF = (1 << 14), /* DF flag set */
56 OPF_ATAIL = (1 << 15), /* tail call with reused arg frame */
57 OPF_32BIT = (1 << 16), /* 32bit division */
58 OPF_LOCK = (1 << 17), /* op has lock prefix */
59 OPF_VAPUSH = (1 << 18), /* vararg ptr push (as call arg) */
60 OPF_DONE = (1 << 19), /* already fully handled by analysis */
61 OPF_PPUSH = (1 << 20), /* part of complex push-pop graph */
131 // must be sorted (larger len must be further in enum)
140 #define MAX_OPERANDS 3
145 enum opr_lenmod lmod;
146 unsigned int is_ptr:1; // pointer in C
147 unsigned int is_array:1; // array in C
148 unsigned int type_from_var:1; // .. in header, sometimes wrong
149 unsigned int size_mismatch:1; // type override differs from C
150 unsigned int size_lt:1; // type override is larger than C
151 unsigned int had_ds:1; // had ds: prefix
152 const struct parsed_proto *pp; // for OPT_LABEL
160 struct parsed_opr operand[MAX_OPERANDS];
163 unsigned char pfo_inv;
164 unsigned char operand_cnt;
165 unsigned char p_argnum; // arg push: altered before call arg #
166 unsigned char p_arggrp; // arg push: arg group # for above
167 unsigned char p_argpass;// arg push: arg of host func
168 short p_argnext;// arg push: same arg pushed elsewhere or -1
169 int regmask_src; // all referensed regs
171 int pfomask; // flagop: parsed_flag_op that can't be delayed
172 int cc_scratch; // scratch storage during analysis
173 int bt_i; // branch target for branches
174 struct parsed_data *btj;// branch targets for jumptables
175 struct parsed_proto *pp;// parsed_proto for OP_CALL
181 // OP_CALL - parser proto hint (str)
182 // (OPF_CC) - points to one of (OPF_FLAGS) that affects cc op
183 // OP_PUSH - points to OP_POP in complex push/pop graph
184 // OP_POP - points to OP_PUSH in simple push/pop pair
188 enum opr_lenmod lmod;
195 enum opr_lenmod lmod;
209 struct label_ref *next;
213 IDAFA_BP_FRAME = (1 << 0),
214 IDAFA_LIB_FUNC = (1 << 1),
215 IDAFA_STATIC = (1 << 2),
216 IDAFA_NORETURN = (1 << 3),
217 IDAFA_THUNK = (1 << 4),
218 IDAFA_FPD = (1 << 5),
221 // note: limited to 32k due to p_argnext
223 #define MAX_ARG_GRP 2
225 static struct parsed_op ops[MAX_OPS];
226 static struct parsed_equ *g_eqs;
228 static char *g_labels[MAX_OPS];
229 static struct label_ref g_label_refs[MAX_OPS];
230 static const struct parsed_proto *g_func_pp;
231 static struct parsed_data *g_func_pd;
232 static int g_func_pd_cnt;
233 static char g_func[256];
234 static char g_comment[256];
235 static int g_bp_frame;
236 static int g_sp_frame;
237 static int g_stack_frame_used;
238 static int g_stack_fsz;
239 static int g_ida_func_attr;
240 static int g_skip_func;
241 static int g_allow_regfunc;
242 static int g_quiet_pp;
243 static int g_header_mode;
245 #define ferr(op_, fmt, ...) do { \
246 printf("%s:%d: error %u: [%s] '%s': " fmt, asmfn, (op_)->asmln, \
247 __LINE__, g_func, dump_op(op_), ##__VA_ARGS__); \
251 #define fnote(op_, fmt, ...) \
252 printf("%s:%d: note: [%s] '%s': " fmt, asmfn, (op_)->asmln, g_func, \
253 dump_op(op_), ##__VA_ARGS__)
255 #define ferr_assert(op_, cond) do { \
256 if (!(cond)) ferr(op_, "assertion '%s' failed on ln :%d\n", #cond, \
260 const char *regs_r32[] = {
261 "eax", "ebx", "ecx", "edx", "esi", "edi", "ebp", "esp",
262 // not r32, but list here for easy parsing and printing
263 "mm0", "mm1", "mm2", "mm3", "mm4", "mm5", "mm6", "mm7",
265 const char *regs_r16[] = { "ax", "bx", "cx", "dx", "si", "di", "bp", "sp" };
266 const char *regs_r8l[] = { "al", "bl", "cl", "dl" };
267 const char *regs_r8h[] = { "ah", "bh", "ch", "dh" };
269 enum x86_regs { xUNSPEC = -1, xAX, xBX, xCX, xDX, xSI, xDI, xBP, xSP };
271 // possible basic comparison types (without inversion)
272 enum parsed_flag_op {
276 PFO_BE, // 6 CF=1||ZF=1
280 PFO_LE, // e ZF=1||SF!=OF
283 #define PFOB_O (1 << PFO_O)
284 #define PFOB_C (1 << PFO_C)
285 #define PFOB_Z (1 << PFO_Z)
286 #define PFOB_S (1 << PFO_S)
288 static const char *parsed_flag_op_names[] = {
289 "o", "c", "z", "be", "s", "p", "l", "le"
292 static int char_array_i(const char *array[], size_t len, const char *s)
296 for (i = 0; i < len; i++)
303 static void printf_number(char *buf, size_t buf_size,
304 unsigned long number)
306 // output in C-friendly form
307 snprintf(buf, buf_size, number < 10 ? "%lu" : "0x%02lx", number);
310 static int check_segment_prefix(const char *s)
312 if (s[0] == 0 || s[1] != 's' || s[2] != ':')
326 static int parse_reg(enum opr_lenmod *reg_lmod, const char *s)
330 reg = char_array_i(regs_r32, ARRAY_SIZE(regs_r32), s);
332 *reg_lmod = OPLM_QWORD;
336 *reg_lmod = OPLM_DWORD;
339 reg = char_array_i(regs_r16, ARRAY_SIZE(regs_r16), s);
341 *reg_lmod = OPLM_WORD;
344 reg = char_array_i(regs_r8h, ARRAY_SIZE(regs_r8h), s);
346 *reg_lmod = OPLM_BYTE;
349 reg = char_array_i(regs_r8l, ARRAY_SIZE(regs_r8l), s);
351 *reg_lmod = OPLM_BYTE;
358 static int parse_indmode(char *name, int *regmask, int need_c_cvt)
360 enum opr_lenmod lmod;
373 while (my_isblank(*s))
375 for (; my_issep(*s); d++, s++)
377 while (my_isblank(*s))
381 // skip '?s:' prefixes
382 if (check_segment_prefix(s))
385 s = next_idt(w, sizeof(w), s);
390 reg = parse_reg(&lmod, w);
392 *regmask |= 1 << reg;
396 if ('0' <= w[0] && w[0] <= '9') {
397 number = parse_number(w);
398 printf_number(d, sizeof(cvtbuf) - (d - cvtbuf), number);
402 // probably some label/identifier - pass
405 snprintf(d, sizeof(cvtbuf) - (d - cvtbuf), "%s", w);
409 strcpy(name, cvtbuf);
414 static int is_reg_in_str(const char *s)
418 if (strlen(s) < 3 || (s[3] && !my_issep(s[3]) && !my_isblank(s[3])))
421 for (i = 0; i < ARRAY_SIZE(regs_r32); i++)
422 if (!strncmp(s, regs_r32[i], 3))
428 static const char *parse_stack_el(const char *name, char *extra_reg,
431 const char *p, *p2, *s;
437 if (g_bp_frame || early_try)
440 if (IS_START(p + 3, "+ebp+") && is_reg_in_str(p)) {
442 if (extra_reg != NULL) {
443 strncpy(extra_reg, name, 3);
448 if (IS_START(p, "ebp+")) {
452 if (p2 != NULL && is_reg_in_str(p)) {
453 if (extra_reg != NULL) {
454 strncpy(extra_reg, p, p2 - p);
455 extra_reg[p2 - p] = 0;
460 if (!('0' <= *p && *p <= '9'))
467 if (!IS_START(name, "esp+"))
473 if (is_reg_in_str(s)) {
474 if (extra_reg != NULL) {
475 strncpy(extra_reg, s, p - s);
476 extra_reg[p - s] = 0;
481 aerr("%s IDA stackvar not set?\n", __func__);
483 if (!('0' <= *s && *s <= '9')) {
484 aerr("%s IDA stackvar offset not set?\n", __func__);
487 if (s[0] == '0' && s[1] == 'x')
490 if (len < sizeof(buf) - 1) {
491 strncpy(buf, s, len);
493 val = strtol(buf, &endp, 16);
494 if (val == 0 || *endp != 0) {
495 aerr("%s num parse fail for '%s'\n", __func__, buf);
504 if ('0' <= *p && *p <= '9')
510 static int guess_lmod_from_name(struct parsed_opr *opr)
512 if (!strncmp(opr->name, "dword_", 6)) {
513 opr->lmod = OPLM_DWORD;
516 if (!strncmp(opr->name, "word_", 5)) {
517 opr->lmod = OPLM_WORD;
520 if (!strncmp(opr->name, "byte_", 5)) {
521 opr->lmod = OPLM_BYTE;
524 if (!strncmp(opr->name, "qword_", 6)) {
525 opr->lmod = OPLM_QWORD;
531 static int guess_lmod_from_c_type(enum opr_lenmod *lmod,
532 const struct parsed_type *c_type)
534 static const char *dword_types[] = {
535 "uint32_t", "int", "_DWORD", "UINT_PTR", "DWORD",
536 "WPARAM", "LPARAM", "UINT", "__int32",
537 "LONG", "HIMC", "BOOL", "size_t",
540 static const char *word_types[] = {
541 "uint16_t", "int16_t", "_WORD", "WORD",
542 "unsigned __int16", "__int16",
544 static const char *byte_types[] = {
545 "uint8_t", "int8_t", "char",
546 "unsigned __int8", "__int8", "BYTE", "_BYTE",
548 // structures.. deal the same as with _UNKNOWN for now
554 if (c_type->is_ptr) {
559 n = skip_type_mod(c_type->name);
561 for (i = 0; i < ARRAY_SIZE(dword_types); i++) {
562 if (IS(n, dword_types[i])) {
568 for (i = 0; i < ARRAY_SIZE(word_types); i++) {
569 if (IS(n, word_types[i])) {
575 for (i = 0; i < ARRAY_SIZE(byte_types); i++) {
576 if (IS(n, byte_types[i])) {
585 static char *default_cast_to(char *buf, size_t buf_size,
586 struct parsed_opr *opr)
592 if (opr->pp == NULL || opr->pp->type.name == NULL
595 snprintf(buf, buf_size, "%s", "(void *)");
599 snprintf(buf, buf_size, "(%s)", opr->pp->type.name);
603 static enum opr_type lmod_from_directive(const char *d)
607 else if (IS(d, "dw"))
609 else if (IS(d, "db"))
612 aerr("unhandled directive: '%s'\n", d);
616 static void setup_reg_opr(struct parsed_opr *opr, int reg, enum opr_lenmod lmod,
622 *regmask |= 1 << reg;
625 static struct parsed_equ *equ_find(struct parsed_op *po, const char *name,
628 static int parse_operand(struct parsed_opr *opr,
629 int *regmask, int *regmask_indirect,
630 char words[16][256], int wordc, int w, unsigned int op_flags)
632 const struct parsed_proto *pp = NULL;
633 enum opr_lenmod tmplmod;
634 unsigned long number;
642 aerr("parse_operand w %d, wordc %d\n", w, wordc);
646 for (i = w; i < wordc; i++) {
647 len = strlen(words[i]);
648 if (words[i][len - 1] == ',') {
649 words[i][len - 1] = 0;
655 wordc_in = wordc - w;
657 if ((op_flags & OPF_JMP) && wordc_in > 0
658 && !('0' <= words[w][0] && words[w][0] <= '9'))
660 const char *label = NULL;
662 if (wordc_in == 3 && !strncmp(words[w], "near", 4)
663 && IS(words[w + 1], "ptr"))
664 label = words[w + 2];
665 else if (wordc_in == 2 && IS(words[w], "short"))
666 label = words[w + 1];
667 else if (wordc_in == 1
668 && strchr(words[w], '[') == NULL
669 && parse_reg(&tmplmod, words[w]) < 0)
673 opr->type = OPT_LABEL;
674 ret = check_segment_prefix(label);
677 aerr("fs/gs used\n");
681 strcpy(opr->name, label);
687 if (IS(words[w + 1], "ptr")) {
688 if (IS(words[w], "dword"))
689 opr->lmod = OPLM_DWORD;
690 else if (IS(words[w], "word"))
691 opr->lmod = OPLM_WORD;
692 else if (IS(words[w], "byte"))
693 opr->lmod = OPLM_BYTE;
694 else if (IS(words[w], "qword"))
695 opr->lmod = OPLM_QWORD;
697 aerr("type parsing failed\n");
699 wordc_in = wordc - w;
704 if (IS(words[w], "offset")) {
705 opr->type = OPT_OFFSET;
706 opr->lmod = OPLM_DWORD;
707 strcpy(opr->name, words[w + 1]);
708 pp = proto_parse(g_fhdr, opr->name, 1);
711 if (IS(words[w], "(offset")) {
712 p = strchr(words[w + 1], ')');
714 aerr("parse of bracketed offset failed\n");
716 opr->type = OPT_OFFSET;
717 strcpy(opr->name, words[w + 1]);
723 aerr("parse_operand 1 word expected\n");
725 ret = check_segment_prefix(words[w]);
728 aerr("fs/gs used\n");
730 memmove(words[w], words[w] + 3, strlen(words[w]) - 2);
732 strcpy(opr->name, words[w]);
734 if (words[w][0] == '[') {
735 opr->type = OPT_REGMEM;
736 ret = sscanf(words[w], "[%[^]]]", opr->name);
738 aerr("[] parse failure\n");
740 parse_indmode(opr->name, regmask_indirect, 1);
741 if (opr->lmod == OPLM_UNSPEC && parse_stack_el(opr->name, NULL, 1))
744 struct parsed_equ *eq =
745 equ_find(NULL, parse_stack_el(opr->name, NULL, 1), &i);
747 opr->lmod = eq->lmod;
751 else if (strchr(words[w], '[')) {
753 p = strchr(words[w], '[');
754 opr->type = OPT_REGMEM;
755 parse_indmode(p, regmask_indirect, 0);
756 strncpy(buf, words[w], p - words[w]);
757 buf[p - words[w]] = 0;
758 pp = proto_parse(g_fhdr, buf, 1);
761 else if (('0' <= words[w][0] && words[w][0] <= '9')
762 || words[w][0] == '-')
764 number = parse_number(words[w]);
765 opr->type = OPT_CONST;
767 printf_number(opr->name, sizeof(opr->name), number);
771 ret = parse_reg(&tmplmod, opr->name);
773 setup_reg_opr(opr, ret, tmplmod, regmask);
777 // most likely var in data segment
778 opr->type = OPT_LABEL;
779 pp = proto_parse(g_fhdr, opr->name, g_quiet_pp);
783 if (pp->is_fptr || pp->is_func) {
784 opr->lmod = OPLM_DWORD;
788 tmplmod = OPLM_UNSPEC;
789 if (!guess_lmod_from_c_type(&tmplmod, &pp->type))
790 anote("unhandled C type '%s' for '%s'\n",
791 pp->type.name, opr->name);
793 if (opr->lmod == OPLM_UNSPEC) {
795 opr->type_from_var = 1;
797 else if (opr->lmod != tmplmod) {
798 opr->size_mismatch = 1;
799 if (tmplmod < opr->lmod)
802 opr->is_ptr = pp->type.is_ptr;
804 opr->is_array = pp->type.is_array;
808 if (opr->lmod == OPLM_UNSPEC)
809 guess_lmod_from_name(opr);
813 static const struct {
818 { "repe", OPF_REP|OPF_REPZ },
819 { "repz", OPF_REP|OPF_REPZ },
820 { "repne", OPF_REP|OPF_REPNZ },
821 { "repnz", OPF_REP|OPF_REPNZ },
822 { "lock", OPF_LOCK }, // ignored for now..
825 #define OPF_CJMP_CC (OPF_JMP|OPF_CJMP|OPF_CC)
827 static const struct {
830 unsigned short minopr;
831 unsigned short maxopr;
834 unsigned char pfo_inv;
836 { "nop", OP_NOP, 0, 0, 0 },
837 { "push", OP_PUSH, 1, 1, 0 },
838 { "pop", OP_POP, 1, 1, OPF_DATA },
839 { "leave",OP_LEAVE, 0, 0, OPF_DATA },
840 { "mov" , OP_MOV, 2, 2, OPF_DATA },
841 { "lea", OP_LEA, 2, 2, OPF_DATA },
842 { "movzx",OP_MOVZX, 2, 2, OPF_DATA },
843 { "movsx",OP_MOVSX, 2, 2, OPF_DATA },
844 { "xchg", OP_XCHG, 2, 2, OPF_DATA },
845 { "not", OP_NOT, 1, 1, OPF_DATA },
846 { "cdq", OP_CDQ, 0, 0, OPF_DATA },
847 { "lodsb",OP_LODS, 0, 0, OPF_DATA },
848 { "lodsw",OP_LODS, 0, 0, OPF_DATA },
849 { "lodsd",OP_LODS, 0, 0, OPF_DATA },
850 { "stosb",OP_STOS, 0, 0, OPF_DATA },
851 { "stosw",OP_STOS, 0, 0, OPF_DATA },
852 { "stosd",OP_STOS, 0, 0, OPF_DATA },
853 { "movsb",OP_MOVS, 0, 0, OPF_DATA },
854 { "movsw",OP_MOVS, 0, 0, OPF_DATA },
855 { "movsd",OP_MOVS, 0, 0, OPF_DATA },
856 { "cmpsb",OP_CMPS, 0, 0, OPF_DATA|OPF_FLAGS },
857 { "cmpsw",OP_CMPS, 0, 0, OPF_DATA|OPF_FLAGS },
858 { "cmpsd",OP_CMPS, 0, 0, OPF_DATA|OPF_FLAGS },
859 { "scasb",OP_SCAS, 0, 0, OPF_DATA|OPF_FLAGS },
860 { "scasw",OP_SCAS, 0, 0, OPF_DATA|OPF_FLAGS },
861 { "scasd",OP_SCAS, 0, 0, OPF_DATA|OPF_FLAGS },
862 { "std", OP_STD, 0, 0, OPF_DATA }, // special flag
863 { "cld", OP_CLD, 0, 0, OPF_DATA },
864 { "add", OP_ADD, 2, 2, OPF_DATA|OPF_FLAGS },
865 { "sub", OP_SUB, 2, 2, OPF_DATA|OPF_FLAGS },
866 { "and", OP_AND, 2, 2, OPF_DATA|OPF_FLAGS },
867 { "or", OP_OR, 2, 2, OPF_DATA|OPF_FLAGS },
868 { "xor", OP_XOR, 2, 2, OPF_DATA|OPF_FLAGS },
869 { "shl", OP_SHL, 2, 2, OPF_DATA|OPF_FLAGS },
870 { "shr", OP_SHR, 2, 2, OPF_DATA|OPF_FLAGS },
871 { "sal", OP_SHL, 2, 2, OPF_DATA|OPF_FLAGS },
872 { "sar", OP_SAR, 2, 2, OPF_DATA|OPF_FLAGS },
873 { "shrd", OP_SHRD, 3, 3, OPF_DATA|OPF_FLAGS },
874 { "rol", OP_ROL, 2, 2, OPF_DATA|OPF_FLAGS },
875 { "ror", OP_ROR, 2, 2, OPF_DATA|OPF_FLAGS },
876 { "rcl", OP_RCL, 2, 2, OPF_DATA|OPF_FLAGS|OPF_CC, PFO_C },
877 { "rcr", OP_RCR, 2, 2, OPF_DATA|OPF_FLAGS|OPF_CC, PFO_C },
878 { "adc", OP_ADC, 2, 2, OPF_DATA|OPF_FLAGS|OPF_CC, PFO_C },
879 { "sbb", OP_SBB, 2, 2, OPF_DATA|OPF_FLAGS|OPF_CC, PFO_C },
880 { "bsf", OP_BSF, 2, 2, OPF_DATA|OPF_FLAGS },
881 { "inc", OP_INC, 1, 1, OPF_DATA|OPF_FLAGS },
882 { "dec", OP_DEC, 1, 1, OPF_DATA|OPF_FLAGS },
883 { "neg", OP_NEG, 1, 1, OPF_DATA|OPF_FLAGS },
884 { "mul", OP_MUL, 1, 1, OPF_DATA|OPF_FLAGS },
885 { "imul", OP_IMUL, 1, 3, OPF_DATA|OPF_FLAGS },
886 { "div", OP_DIV, 1, 1, OPF_DATA|OPF_FLAGS },
887 { "idiv", OP_IDIV, 1, 1, OPF_DATA|OPF_FLAGS },
888 { "test", OP_TEST, 2, 2, OPF_FLAGS },
889 { "cmp", OP_CMP, 2, 2, OPF_FLAGS },
890 { "retn", OP_RET, 0, 1, OPF_TAIL },
891 { "call", OP_CALL, 1, 1, OPF_JMP|OPF_DATA|OPF_FLAGS },
892 { "jmp", OP_JMP, 1, 1, OPF_JMP },
893 { "jecxz",OP_JECXZ, 1, 1, OPF_JMP|OPF_CJMP },
894 { "jo", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_O, 0 }, // 70 OF=1
895 { "jno", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_O, 1 }, // 71 OF=0
896 { "jc", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_C, 0 }, // 72 CF=1
897 { "jb", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_C, 0 }, // 72
898 { "jnc", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_C, 1 }, // 73 CF=0
899 { "jnb", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_C, 1 }, // 73
900 { "jae", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_C, 1 }, // 73
901 { "jz", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_Z, 0 }, // 74 ZF=1
902 { "je", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_Z, 0 }, // 74
903 { "jnz", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_Z, 1 }, // 75 ZF=0
904 { "jne", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_Z, 1 }, // 75
905 { "jbe", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_BE, 0 }, // 76 CF=1||ZF=1
906 { "jna", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_BE, 0 }, // 76
907 { "ja", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_BE, 1 }, // 77 CF=0&&ZF=0
908 { "jnbe", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_BE, 1 }, // 77
909 { "js", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_S, 0 }, // 78 SF=1
910 { "jns", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_S, 1 }, // 79 SF=0
911 { "jp", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_P, 0 }, // 7a PF=1
912 { "jpe", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_P, 0 }, // 7a
913 { "jnp", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_P, 1 }, // 7b PF=0
914 { "jpo", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_P, 1 }, // 7b
915 { "jl", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_L, 0 }, // 7c SF!=OF
916 { "jnge", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_L, 0 }, // 7c
917 { "jge", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_L, 1 }, // 7d SF=OF
918 { "jnl", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_L, 1 }, // 7d
919 { "jle", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_LE, 0 }, // 7e ZF=1||SF!=OF
920 { "jng", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_LE, 0 }, // 7e
921 { "jg", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_LE, 1 }, // 7f ZF=0&&SF=OF
922 { "jnle", OP_JCC, 1, 1, OPF_CJMP_CC, PFO_LE, 1 }, // 7f
923 { "seto", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_O, 0 },
924 { "setno", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_O, 1 },
925 { "setc", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_C, 0 },
926 { "setb", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_C, 0 },
927 { "setnc", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_C, 1 },
928 { "setae", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_C, 1 },
929 { "setnb", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_C, 1 },
930 { "setz", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_Z, 0 },
931 { "sete", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_Z, 0 },
932 { "setnz", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_Z, 1 },
933 { "setne", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_Z, 1 },
934 { "setbe", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_BE, 0 },
935 { "setna", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_BE, 0 },
936 { "seta", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_BE, 1 },
937 { "setnbe", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_BE, 1 },
938 { "sets", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_S, 0 },
939 { "setns", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_S, 1 },
940 { "setp", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_P, 0 },
941 { "setpe", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_P, 0 },
942 { "setnp", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_P, 1 },
943 { "setpo", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_P, 1 },
944 { "setl", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_L, 0 },
945 { "setnge", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_L, 0 },
946 { "setge", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_L, 1 },
947 { "setnl", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_L, 1 },
948 { "setle", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_LE, 0 },
949 { "setng", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_LE, 0 },
950 { "setg", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_LE, 1 },
951 { "setnle", OP_SCC, 1, 1, OPF_DATA|OPF_CC, PFO_LE, 1 },
954 { "emms", OP_EMMS, 0, 0, OPF_DATA },
955 { "movq", OP_MOV, 2, 2, OPF_DATA },
960 static void parse_op(struct parsed_op *op, char words[16][256], int wordc)
962 enum opr_lenmod lmod = OPLM_UNSPEC;
963 int prefix_flags = 0;
971 for (i = 0; i < ARRAY_SIZE(pref_table); i++) {
972 if (IS(words[w], pref_table[i].name)) {
973 prefix_flags = pref_table[i].flags;
980 aerr("lone prefix: '%s'\n", words[0]);
985 for (i = 0; i < ARRAY_SIZE(op_table); i++) {
986 if (IS(words[w], op_table[i].name))
990 if (i == ARRAY_SIZE(op_table)) {
992 aerr("unhandled op: '%s'\n", words[0]);
997 op->op = op_table[i].op;
998 op->flags = op_table[i].flags | prefix_flags;
999 op->pfo = op_table[i].pfo;
1000 op->pfo_inv = op_table[i].pfo_inv;
1001 op->regmask_src = op->regmask_dst = 0;
1004 if (op->op == OP_UD2)
1007 for (opr = 0; opr < op_table[i].maxopr; opr++) {
1008 if (opr >= op_table[i].minopr && w >= wordc)
1011 regmask = regmask_ind = 0;
1012 w = parse_operand(&op->operand[opr], ®mask, ®mask_ind,
1013 words, wordc, w, op->flags);
1015 if (opr == 0 && (op->flags & OPF_DATA))
1016 op->regmask_dst = regmask;
1018 op->regmask_src |= regmask;
1019 op->regmask_src |= regmask_ind;
1023 aerr("parse_op %s incomplete: %d/%d\n",
1024 words[0], w, wordc);
1027 op->operand_cnt = opr;
1028 if (!strncmp(op_table[i].name, "set", 3))
1029 op->operand[0].lmod = OPLM_BYTE;
1032 // first operand is not dst
1035 op->regmask_src |= op->regmask_dst;
1036 op->regmask_dst = 0;
1039 // first operand is src too
1051 op->regmask_src |= op->regmask_dst;
1056 op->regmask_src |= op->regmask_dst;
1057 op->regmask_dst |= op->regmask_src;
1063 if (op->operand[0].type == OPT_REG && op->operand[1].type == OPT_REG
1064 && op->operand[0].lmod == op->operand[1].lmod
1065 && op->operand[0].reg == op->operand[1].reg
1066 && IS(op->operand[0].name, op->operand[1].name)) // ! ah, al..
1068 op->regmask_src = 0;
1071 op->regmask_src |= op->regmask_dst;
1074 // ops with implicit argumets
1076 op->operand_cnt = 2;
1077 setup_reg_opr(&op->operand[0], xDX, OPLM_DWORD, &op->regmask_dst);
1078 setup_reg_opr(&op->operand[1], xAX, OPLM_DWORD, &op->regmask_src);
1084 if (op->operand_cnt != 0)
1086 if (words[op_w][4] == 'b')
1088 else if (words[op_w][4] == 'w')
1090 else if (words[op_w][4] == 'd')
1092 op->operand_cnt = 3;
1093 setup_reg_opr(&op->operand[0], op->op == OP_LODS ? xSI : xDI,
1094 lmod, &op->regmask_src);
1095 setup_reg_opr(&op->operand[1], xCX, OPLM_DWORD, &op->regmask_src);
1096 op->regmask_dst = op->regmask_src;
1097 setup_reg_opr(&op->operand[2], xAX, OPLM_DWORD,
1098 op->op == OP_LODS ? &op->regmask_dst : &op->regmask_src);
1103 if (op->operand_cnt != 0)
1105 if (words[op_w][4] == 'b')
1107 else if (words[op_w][4] == 'w')
1109 else if (words[op_w][4] == 'd')
1111 op->operand_cnt = 3;
1112 setup_reg_opr(&op->operand[0], xDI, lmod, &op->regmask_src);
1113 setup_reg_opr(&op->operand[1], xSI, OPLM_DWORD, &op->regmask_src);
1114 setup_reg_opr(&op->operand[2], xCX, OPLM_DWORD, &op->regmask_src);
1115 op->regmask_dst = op->regmask_src;
1119 op->operand_cnt = 1;
1120 op->regmask_src = 1 << xCX;
1121 op->operand[0].type = OPT_REG;
1122 op->operand[0].reg = xCX;
1123 op->operand[0].lmod = OPLM_DWORD;
1127 if (op->operand_cnt != 1)
1132 op->regmask_src |= op->regmask_dst;
1133 op->regmask_dst = (1 << xDX) | (1 << xAX);
1134 if (op->operand[0].lmod == OPLM_UNSPEC)
1135 op->operand[0].lmod = OPLM_DWORD;
1140 // we could set up operands for edx:eax, but there is no real need to
1141 // (see is_opr_modified())
1142 op->regmask_src |= op->regmask_dst;
1143 op->regmask_dst = (1 << xDX) | (1 << xAX);
1144 if (op->operand[0].lmod == OPLM_UNSPEC)
1145 op->operand[0].lmod = OPLM_DWORD;
1153 op->regmask_src |= op->regmask_dst;
1154 if (op->operand[1].lmod == OPLM_UNSPEC)
1155 op->operand[1].lmod = OPLM_BYTE;
1159 op->regmask_src |= op->regmask_dst;
1160 if (op->operand[2].lmod == OPLM_UNSPEC)
1161 op->operand[2].lmod = OPLM_BYTE;
1165 op->regmask_src |= op->regmask_dst;
1166 op->regmask_dst = 0;
1167 if (op->operand[0].lmod == OPLM_UNSPEC
1168 && (op->operand[0].type == OPT_CONST
1169 || op->operand[0].type == OPT_OFFSET
1170 || op->operand[0].type == OPT_LABEL))
1171 op->operand[0].lmod = OPLM_DWORD;
1177 if (op->operand[0].type == OPT_REG && op->operand[1].type == OPT_REG
1178 && op->operand[0].lmod == op->operand[1].lmod
1179 && op->operand[0].reg == op->operand[1].reg
1180 && IS(op->operand[0].name, op->operand[1].name)) // ! ah, al..
1182 op->flags |= OPF_RMD | OPF_DONE;
1183 op->regmask_src = op->regmask_dst = 0;
1188 if (op->operand[0].type == OPT_REG
1189 && op->operand[1].type == OPT_REGMEM)
1192 snprintf(buf, sizeof(buf), "%s+0", op->operand[0].name);
1193 if (IS(buf, op->operand[1].name))
1194 op->flags |= OPF_RMD | OPF_DONE;
1199 // trashed regs must be explicitly detected later
1200 op->regmask_dst = 0;
1204 op->regmask_dst = (1 << xBP) | (1 << xSP);
1205 op->regmask_src = 1 << xBP;
1213 static const char *op_name(struct parsed_op *po)
1215 static char buf[16];
1219 if (po->op == OP_JCC || po->op == OP_SCC) {
1221 *p++ = (po->op == OP_JCC) ? 'j' : 's';
1224 strcpy(p, parsed_flag_op_names[po->pfo]);
1228 for (i = 0; i < ARRAY_SIZE(op_table); i++)
1229 if (op_table[i].op == po->op)
1230 return op_table[i].name;
1236 static const char *dump_op(struct parsed_op *po)
1238 static char out[128];
1245 snprintf(out, sizeof(out), "%s", op_name(po));
1246 for (i = 0; i < po->operand_cnt; i++) {
1250 snprintf(p, sizeof(out) - (p - out),
1251 po->operand[i].type == OPT_REGMEM ? " [%s]" : " %s",
1252 po->operand[i].name);
1258 static const char *lmod_type_u(struct parsed_op *po,
1259 enum opr_lenmod lmod)
1271 ferr(po, "invalid lmod: %d\n", lmod);
1272 return "(_invalid_)";
1276 static const char *lmod_cast_u(struct parsed_op *po,
1277 enum opr_lenmod lmod)
1289 ferr(po, "invalid lmod: %d\n", lmod);
1290 return "(_invalid_)";
1294 static const char *lmod_cast_u_ptr(struct parsed_op *po,
1295 enum opr_lenmod lmod)
1307 ferr(po, "invalid lmod: %d\n", lmod);
1308 return "(_invalid_)";
1312 static const char *lmod_cast_s(struct parsed_op *po,
1313 enum opr_lenmod lmod)
1325 ferr(po, "%s: invalid lmod: %d\n", __func__, lmod);
1326 return "(_invalid_)";
1330 static const char *lmod_cast(struct parsed_op *po,
1331 enum opr_lenmod lmod, int is_signed)
1334 lmod_cast_s(po, lmod) :
1335 lmod_cast_u(po, lmod);
1338 static int lmod_bytes(struct parsed_op *po, enum opr_lenmod lmod)
1350 ferr(po, "%s: invalid lmod: %d\n", __func__, lmod);
1355 static const char *opr_name(struct parsed_op *po, int opr_num)
1357 if (opr_num >= po->operand_cnt)
1358 ferr(po, "opr OOR: %d/%d\n", opr_num, po->operand_cnt);
1359 return po->operand[opr_num].name;
1362 static unsigned int opr_const(struct parsed_op *po, int opr_num)
1364 if (opr_num >= po->operand_cnt)
1365 ferr(po, "opr OOR: %d/%d\n", opr_num, po->operand_cnt);
1366 if (po->operand[opr_num].type != OPT_CONST)
1367 ferr(po, "opr %d: const expected\n", opr_num);
1368 return po->operand[opr_num].val;
1371 static const char *opr_reg_p(struct parsed_op *po, struct parsed_opr *popr)
1373 if ((unsigned int)popr->reg >= ARRAY_SIZE(regs_r32))
1374 ferr(po, "invalid reg: %d\n", popr->reg);
1375 return regs_r32[popr->reg];
1378 // cast1 is the "final" cast
1379 static const char *simplify_cast(const char *cast1, const char *cast2)
1381 static char buf[256];
1387 if (IS(cast1, cast2))
1389 if (IS(cast1, "(s8)") && IS(cast2, "(u8)"))
1391 if (IS(cast1, "(s16)") && IS(cast2, "(u16)"))
1393 if (IS(cast1, "(u8)") && IS_START(cast2, "*(u8 *)"))
1395 if (IS(cast1, "(u16)") && IS_START(cast2, "*(u16 *)"))
1397 if (strchr(cast1, '*') && IS_START(cast2, "(u32)"))
1400 snprintf(buf, sizeof(buf), "%s%s", cast1, cast2);
1404 static const char *simplify_cast_num(const char *cast, unsigned int val)
1406 if (IS(cast, "(u8)") && val < 0x100)
1408 if (IS(cast, "(s8)") && val < 0x80)
1410 if (IS(cast, "(u16)") && val < 0x10000)
1412 if (IS(cast, "(s16)") && val < 0x8000)
1414 if (IS(cast, "(s32)") && val < 0x80000000)
1420 static struct parsed_equ *equ_find(struct parsed_op *po, const char *name,
1429 namelen = strlen(name);
1431 p = strchr(name, '+');
1435 ferr(po, "equ parse failed for '%s'\n", name);
1437 if (IS_START(p, "0x"))
1439 *extra_offs = strtol(p, &endp, 16);
1441 ferr(po, "equ parse failed for '%s'\n", name);
1444 for (i = 0; i < g_eqcnt; i++)
1445 if (strncmp(g_eqs[i].name, name, namelen) == 0
1446 && g_eqs[i].name[namelen] == 0)
1450 ferr(po, "unresolved equ name: '%s'\n", name);
1457 static int is_stack_access(struct parsed_op *po,
1458 const struct parsed_opr *popr)
1460 return (parse_stack_el(popr->name, NULL, 0)
1461 || (g_bp_frame && !(po->flags & OPF_EBP_S)
1462 && IS_START(popr->name, "ebp")));
1465 static void parse_stack_access(struct parsed_op *po,
1466 const char *name, char *ofs_reg, int *offset_out,
1467 int *stack_ra_out, const char **bp_arg_out, int is_lea)
1469 const char *bp_arg = "";
1470 const char *p = NULL;
1471 struct parsed_equ *eq;
1478 if (IS_START(name, "ebp-")
1479 || (IS_START(name, "ebp+") && '0' <= name[4] && name[4] <= '9'))
1482 if (IS_START(p, "0x"))
1484 offset = strtoul(p, &endp, 16);
1488 ferr(po, "ebp- parse of '%s' failed\n", name);
1491 bp_arg = parse_stack_el(name, ofs_reg, 0);
1492 snprintf(g_comment, sizeof(g_comment), "%s", bp_arg);
1493 eq = equ_find(po, bp_arg, &offset);
1495 ferr(po, "detected but missing eq\n");
1496 offset += eq->offset;
1499 if (!strncmp(name, "ebp", 3))
1502 // yes it sometimes LEAs ra for compares..
1503 if (!is_lea && ofs_reg[0] == 0
1504 && stack_ra <= offset && offset < stack_ra + 4)
1506 ferr(po, "reference to ra? %d %d\n", offset, stack_ra);
1509 *offset_out = offset;
1510 *stack_ra_out = stack_ra;
1512 *bp_arg_out = bp_arg;
1515 static int stack_frame_access(struct parsed_op *po,
1516 struct parsed_opr *popr, char *buf, size_t buf_size,
1517 const char *name, const char *cast, int is_src, int is_lea)
1519 enum opr_lenmod tmp_lmod = OPLM_UNSPEC;
1520 const char *prefix = "";
1521 const char *bp_arg = NULL;
1522 char ofs_reg[16] = { 0, };
1523 int i, arg_i, arg_s;
1531 if (po->flags & OPF_EBP_S)
1532 ferr(po, "stack_frame_access while ebp is scratch\n");
1534 parse_stack_access(po, name, ofs_reg, &offset,
1535 &stack_ra, &bp_arg, is_lea);
1537 if (offset > stack_ra)
1539 arg_i = (offset - stack_ra - 4) / 4;
1540 if (arg_i < 0 || arg_i >= g_func_pp->argc_stack)
1542 if (g_func_pp->is_vararg
1543 && arg_i == g_func_pp->argc_stack && is_lea)
1545 // should be va_list
1548 snprintf(buf, buf_size, "%sap", cast);
1551 ferr(po, "offset %d (%s,%d) doesn't map to any arg\n",
1552 offset, bp_arg, arg_i);
1554 if (ofs_reg[0] != 0)
1555 ferr(po, "offset reg on arg access?\n");
1557 for (i = arg_s = 0; i < g_func_pp->argc; i++) {
1558 if (g_func_pp->arg[i].reg != NULL)
1564 if (i == g_func_pp->argc)
1565 ferr(po, "arg %d not in prototype?\n", arg_i);
1567 popr->is_ptr = g_func_pp->arg[i].type.is_ptr;
1574 ferr(po, "lea/byte to arg?\n");
1575 if (is_src && (offset & 3) == 0)
1576 snprintf(buf, buf_size, "%sa%d",
1577 simplify_cast(cast, "(u8)"), i + 1);
1579 snprintf(buf, buf_size, "%sBYTE%d(a%d)",
1580 cast, offset & 3, i + 1);
1585 ferr(po, "lea/word to arg?\n");
1590 ferr(po, "problematic arg store\n");
1591 snprintf(buf, buf_size, "%s((char *)&a%d + 1)",
1592 simplify_cast(cast, "*(u16 *)"), i + 1);
1595 ferr(po, "unaligned arg word load\n");
1597 else if (is_src && (offset & 2) == 0)
1598 snprintf(buf, buf_size, "%sa%d",
1599 simplify_cast(cast, "(u16)"), i + 1);
1601 snprintf(buf, buf_size, "%s%sWORD(a%d)",
1602 cast, (offset & 2) ? "HI" : "LO", i + 1);
1614 snprintf(buf, buf_size, "(u32)&a%d + %d",
1617 ferr(po, "unaligned arg store\n");
1619 // mov edx, [ebp+arg_4+2]; movsx ecx, dx
1620 snprintf(buf, buf_size, "%s(a%d >> %d)",
1621 prefix, i + 1, (offset & 3) * 8);
1625 snprintf(buf, buf_size, "%s%sa%d",
1626 prefix, is_lea ? "&" : "", i + 1);
1631 ferr(po, "bp_arg bad lmod: %d\n", popr->lmod);
1635 snprintf(g_comment, sizeof(g_comment), "%s unaligned", bp_arg);
1638 guess_lmod_from_c_type(&tmp_lmod, &g_func_pp->arg[i].type);
1639 if (tmp_lmod != OPLM_DWORD
1640 && (unaligned || (!is_src && lmod_bytes(po, tmp_lmod)
1641 < lmod_bytes(po, popr->lmod) + (offset & 3))))
1643 ferr(po, "bp_arg arg%d/w offset %d and type '%s' is too small\n",
1644 i + 1, offset, g_func_pp->arg[i].type.name);
1646 // can't check this because msvc likes to reuse
1647 // arg space for scratch..
1648 //if (popr->is_ptr && popr->lmod != OPLM_DWORD)
1649 // ferr(po, "bp_arg arg%d: non-dword ptr access\n", i + 1);
1653 if (g_stack_fsz == 0)
1654 ferr(po, "stack var access without stackframe\n");
1655 g_stack_frame_used = 1;
1657 sf_ofs = g_stack_fsz + offset;
1658 lim = (ofs_reg[0] != 0) ? -4 : 0;
1659 if (offset > 0 || sf_ofs < lim)
1660 ferr(po, "bp_stack offset %d/%d\n", offset, g_stack_fsz);
1670 snprintf(buf, buf_size, "%ssf.b[%d%s%s]",
1671 prefix, sf_ofs, ofs_reg[0] ? "+" : "", ofs_reg);
1675 if ((sf_ofs & 1) || ofs_reg[0] != 0) {
1676 // known unaligned or possibly unaligned
1677 strcat(g_comment, " unaligned");
1679 prefix = "*(u16 *)&";
1680 snprintf(buf, buf_size, "%ssf.b[%d%s%s]",
1681 prefix, sf_ofs, ofs_reg[0] ? "+" : "", ofs_reg);
1684 snprintf(buf, buf_size, "%ssf.w[%d]", prefix, sf_ofs / 2);
1688 if ((sf_ofs & 3) || ofs_reg[0] != 0) {
1689 // known unaligned or possibly unaligned
1690 strcat(g_comment, " unaligned");
1692 prefix = "*(u32 *)&";
1693 snprintf(buf, buf_size, "%ssf.b[%d%s%s]",
1694 prefix, sf_ofs, ofs_reg[0] ? "+" : "", ofs_reg);
1697 snprintf(buf, buf_size, "%ssf.d[%d]", prefix, sf_ofs / 4);
1701 ferr(po, "bp_stack bad lmod: %d\n", popr->lmod);
1708 static void check_func_pp(struct parsed_op *po,
1709 const struct parsed_proto *pp, const char *pfx)
1711 enum opr_lenmod tmp_lmod;
1715 if (pp->argc_reg != 0) {
1716 if (/*!g_allow_regfunc &&*/ !pp->is_fastcall) {
1717 pp_print(buf, sizeof(buf), pp);
1718 ferr(po, "%s: unexpected reg arg in icall: %s\n", pfx, buf);
1720 if (pp->argc_stack > 0 && pp->argc_reg != 2)
1721 ferr(po, "%s: %d reg arg(s) with %d stack arg(s)\n",
1722 pfx, pp->argc_reg, pp->argc_stack);
1725 // fptrs must use 32bit args, callsite might have no information and
1726 // lack a cast to smaller types, which results in incorrectly masked
1727 // args passed (callee may assume masked args, it does on ARM)
1728 if (!pp->is_osinc) {
1729 for (i = 0; i < pp->argc; i++) {
1730 ret = guess_lmod_from_c_type(&tmp_lmod, &pp->arg[i].type);
1731 if (ret && tmp_lmod != OPLM_DWORD)
1732 ferr(po, "reference to %s with arg%d '%s'\n", pp->name,
1733 i + 1, pp->arg[i].type.name);
1738 static const char *check_label_read_ref(struct parsed_op *po,
1741 const struct parsed_proto *pp;
1743 pp = proto_parse(g_fhdr, name, 0);
1745 ferr(po, "proto_parse failed for ref '%s'\n", name);
1748 check_func_pp(po, pp, "ref");
1753 static char *out_src_opr(char *buf, size_t buf_size,
1754 struct parsed_op *po, struct parsed_opr *popr, const char *cast,
1757 char tmp1[256], tmp2[256];
1766 switch (popr->type) {
1769 ferr(po, "lea from reg?\n");
1771 switch (popr->lmod) {
1773 snprintf(buf, buf_size, "%s%s.q", cast, opr_reg_p(po, popr));
1776 snprintf(buf, buf_size, "%s%s", cast, opr_reg_p(po, popr));
1779 snprintf(buf, buf_size, "%s%s",
1780 simplify_cast(cast, "(u16)"), opr_reg_p(po, popr));
1783 if (popr->name[1] == 'h') // XXX..
1784 snprintf(buf, buf_size, "%s(%s >> 8)",
1785 simplify_cast(cast, "(u8)"), opr_reg_p(po, popr));
1787 snprintf(buf, buf_size, "%s%s",
1788 simplify_cast(cast, "(u8)"), opr_reg_p(po, popr));
1791 ferr(po, "invalid src lmod: %d\n", popr->lmod);
1796 if (is_stack_access(po, popr)) {
1797 stack_frame_access(po, popr, buf, buf_size,
1798 popr->name, cast, 1, is_lea);
1802 strcpy(expr, popr->name);
1803 if (strchr(expr, '[')) {
1804 // special case: '[' can only be left for label[reg] form
1805 ret = sscanf(expr, "%[^[][%[^]]]", tmp1, tmp2);
1807 ferr(po, "parse failure for '%s'\n", expr);
1808 if (tmp1[0] == '(') {
1809 // (off_4FFF50+3)[eax]
1810 p = strchr(tmp1 + 1, ')');
1811 if (p == NULL || p[1] != 0)
1812 ferr(po, "parse failure (2) for '%s'\n", expr);
1814 memmove(tmp1, tmp1 + 1, strlen(tmp1));
1816 snprintf(expr, sizeof(expr), "(u32)&%s + %s", tmp1, tmp2);
1819 // XXX: do we need more parsing?
1821 snprintf(buf, buf_size, "%s", expr);
1825 snprintf(buf, buf_size, "%s(%s)",
1826 simplify_cast(cast, lmod_cast_u_ptr(po, popr->lmod)), expr);
1830 name = check_label_read_ref(po, popr->name);
1831 if (cast[0] == 0 && popr->is_ptr)
1835 snprintf(buf, buf_size, "(u32)&%s", name);
1836 else if (popr->size_lt)
1837 snprintf(buf, buf_size, "%s%s%s%s", cast,
1838 lmod_cast_u_ptr(po, popr->lmod),
1839 popr->is_array ? "" : "&", name);
1841 snprintf(buf, buf_size, "%s%s%s", cast, name,
1842 popr->is_array ? "[0]" : "");
1846 name = check_label_read_ref(po, popr->name);
1850 ferr(po, "lea an offset?\n");
1851 snprintf(buf, buf_size, "%s&%s", cast, name);
1856 ferr(po, "lea from const?\n");
1858 printf_number(tmp1, sizeof(tmp1), popr->val);
1859 if (popr->val == 0 && strchr(cast, '*'))
1860 snprintf(buf, buf_size, "NULL");
1862 snprintf(buf, buf_size, "%s%s",
1863 simplify_cast_num(cast, popr->val), tmp1);
1867 ferr(po, "invalid src type: %d\n", popr->type);
1873 // note: may set is_ptr (we find that out late for ebp frame..)
1874 static char *out_dst_opr(char *buf, size_t buf_size,
1875 struct parsed_op *po, struct parsed_opr *popr)
1877 switch (popr->type) {
1879 switch (popr->lmod) {
1881 snprintf(buf, buf_size, "%s.q", opr_reg_p(po, popr));
1884 snprintf(buf, buf_size, "%s", opr_reg_p(po, popr));
1888 snprintf(buf, buf_size, "LOWORD(%s)", opr_reg_p(po, popr));
1892 if (popr->name[1] == 'h') // XXX..
1893 snprintf(buf, buf_size, "BYTE1(%s)", opr_reg_p(po, popr));
1895 snprintf(buf, buf_size, "LOBYTE(%s)", opr_reg_p(po, popr));
1898 ferr(po, "invalid dst lmod: %d\n", popr->lmod);
1903 if (is_stack_access(po, popr)) {
1904 stack_frame_access(po, popr, buf, buf_size,
1905 popr->name, "", 0, 0);
1909 return out_src_opr(buf, buf_size, po, popr, NULL, 0);
1912 if (popr->size_mismatch)
1913 snprintf(buf, buf_size, "%s%s%s",
1914 lmod_cast_u_ptr(po, popr->lmod),
1915 popr->is_array ? "" : "&", popr->name);
1917 snprintf(buf, buf_size, "%s%s", popr->name,
1918 popr->is_array ? "[0]" : "");
1922 ferr(po, "invalid dst type: %d\n", popr->type);
1928 static char *out_src_opr_u32(char *buf, size_t buf_size,
1929 struct parsed_op *po, struct parsed_opr *popr)
1931 return out_src_opr(buf, buf_size, po, popr, NULL, 0);
1934 static void out_test_for_cc(char *buf, size_t buf_size,
1935 struct parsed_op *po, enum parsed_flag_op pfo, int is_inv,
1936 enum opr_lenmod lmod, const char *expr)
1938 const char *cast, *scast;
1940 cast = lmod_cast_u(po, lmod);
1941 scast = lmod_cast_s(po, lmod);
1945 case PFO_BE: // CF=1||ZF=1; CF=0
1946 snprintf(buf, buf_size, "(%s%s %s 0)",
1947 cast, expr, is_inv ? "!=" : "==");
1951 case PFO_L: // SF!=OF; OF=0
1952 snprintf(buf, buf_size, "(%s%s %s 0)",
1953 scast, expr, is_inv ? ">=" : "<");
1956 case PFO_LE: // ZF=1||SF!=OF; OF=0
1957 snprintf(buf, buf_size, "(%s%s %s 0)",
1958 scast, expr, is_inv ? ">" : "<=");
1962 ferr(po, "%s: unhandled parsed_flag_op: %d\n", __func__, pfo);
1966 static void out_cmp_for_cc(char *buf, size_t buf_size,
1967 struct parsed_op *po, enum parsed_flag_op pfo, int is_inv)
1969 const char *cast, *scast, *cast_use;
1970 char buf1[256], buf2[256];
1971 enum opr_lenmod lmod;
1973 if (po->op != OP_DEC && po->operand[0].lmod != po->operand[1].lmod)
1974 ferr(po, "%s: lmod mismatch: %d %d\n", __func__,
1975 po->operand[0].lmod, po->operand[1].lmod);
1976 lmod = po->operand[0].lmod;
1978 cast = lmod_cast_u(po, lmod);
1979 scast = lmod_cast_s(po, lmod);
1995 ferr(po, "%s: unhandled parsed_flag_op: %d\n", __func__, pfo);
1998 out_src_opr(buf1, sizeof(buf1), po, &po->operand[0], cast_use, 0);
1999 if (po->op == OP_DEC)
2000 snprintf(buf2, sizeof(buf2), "1");
2002 out_src_opr(buf2, sizeof(buf2), po, &po->operand[1], cast_use, 0);
2006 // note: must be unsigned compare
2007 snprintf(buf, buf_size, "(%s %s %s)",
2008 buf1, is_inv ? ">=" : "<", buf2);
2012 snprintf(buf, buf_size, "(%s %s %s)",
2013 buf1, is_inv ? "!=" : "==", buf2);
2017 // note: must be unsigned compare
2018 snprintf(buf, buf_size, "(%s %s %s)",
2019 buf1, is_inv ? ">" : "<=", buf2);
2022 if (is_inv && lmod == OPLM_BYTE
2023 && po->operand[1].type == OPT_CONST
2024 && po->operand[1].val == 0xff)
2026 snprintf(g_comment, sizeof(g_comment), "if %s", buf);
2027 snprintf(buf, buf_size, "(0)");
2031 // note: must be signed compare
2033 snprintf(buf, buf_size, "(%s(%s - %s) %s 0)",
2034 scast, buf1, buf2, is_inv ? ">=" : "<");
2038 snprintf(buf, buf_size, "(%s %s %s)",
2039 buf1, is_inv ? ">=" : "<", buf2);
2043 snprintf(buf, buf_size, "(%s %s %s)",
2044 buf1, is_inv ? ">" : "<=", buf2);
2052 static void out_cmp_test(char *buf, size_t buf_size,
2053 struct parsed_op *po, enum parsed_flag_op pfo, int is_inv)
2055 char buf1[256], buf2[256], buf3[256];
2057 if (po->op == OP_TEST) {
2058 if (IS(opr_name(po, 0), opr_name(po, 1))) {
2059 out_src_opr_u32(buf3, sizeof(buf3), po, &po->operand[0]);
2062 out_src_opr_u32(buf1, sizeof(buf1), po, &po->operand[0]);
2063 out_src_opr_u32(buf2, sizeof(buf2), po, &po->operand[1]);
2064 snprintf(buf3, sizeof(buf3), "(%s & %s)", buf1, buf2);
2066 out_test_for_cc(buf, buf_size, po, pfo, is_inv,
2067 po->operand[0].lmod, buf3);
2069 else if (po->op == OP_CMP) {
2070 out_cmp_for_cc(buf, buf_size, po, pfo, is_inv);
2073 ferr(po, "%s: unhandled op: %d\n", __func__, po->op);
2076 static void propagate_lmod(struct parsed_op *po, struct parsed_opr *popr1,
2077 struct parsed_opr *popr2)
2079 if (popr1->lmod == OPLM_UNSPEC && popr2->lmod == OPLM_UNSPEC)
2080 ferr(po, "missing lmod for both operands\n");
2082 if (popr1->lmod == OPLM_UNSPEC)
2083 popr1->lmod = popr2->lmod;
2084 else if (popr2->lmod == OPLM_UNSPEC)
2085 popr2->lmod = popr1->lmod;
2086 else if (popr1->lmod != popr2->lmod) {
2087 if (popr1->type_from_var) {
2088 popr1->size_mismatch = 1;
2089 if (popr1->lmod < popr2->lmod)
2091 popr1->lmod = popr2->lmod;
2093 else if (popr2->type_from_var) {
2094 popr2->size_mismatch = 1;
2095 if (popr2->lmod < popr1->lmod)
2097 popr2->lmod = popr1->lmod;
2100 ferr(po, "conflicting lmods: %d vs %d\n",
2101 popr1->lmod, popr2->lmod);
2105 static const char *op_to_c(struct parsed_op *po)
2129 ferr(po, "op_to_c was supplied with %d\n", po->op);
2133 static void op_set_clear_flag(struct parsed_op *po,
2134 enum op_flags flag_set, enum op_flags flag_clear)
2136 po->flags |= flag_set;
2137 po->flags &= ~flag_clear;
2140 // last op in stream - unconditional branch or ret
2141 #define LAST_OP(_i) ((ops[_i].flags & OPF_TAIL) \
2142 || ((ops[_i].flags & (OPF_JMP|OPF_CJMP|OPF_RMD)) == OPF_JMP \
2143 && ops[_i].op != OP_CALL))
2145 #define check_i(po, i) \
2147 ferr(po, "bad " #i ": %d\n", i)
2149 static int scan_for_pop(int i, int opcnt, const char *reg,
2150 int magic, int depth, int *maxdepth, int do_flags)
2152 const struct parsed_proto *pp;
2153 struct parsed_op *po;
2157 for (; i < opcnt; i++) {
2159 if (po->cc_scratch == magic)
2160 break; // already checked
2161 po->cc_scratch = magic;
2163 if (po->flags & OPF_TAIL) {
2164 if (po->op == OP_CALL) {
2165 pp = proto_parse(g_fhdr, po->operand[0].name, g_quiet_pp);
2166 if (pp != NULL && pp->is_noreturn)
2167 // no stack cleanup for noreturn
2170 return -1; // deadend
2173 if ((po->flags & (OPF_RMD|OPF_DONE))
2174 || (po->op == OP_PUSH && po->p_argnum != 0)) // arg push
2177 if ((po->flags & OPF_JMP) && po->op != OP_CALL) {
2178 if (po->btj != NULL) {
2180 for (j = 0; j < po->btj->count; j++) {
2181 check_i(po, po->btj->d[j].bt_i);
2182 ret |= scan_for_pop(po->btj->d[j].bt_i, opcnt, reg, magic,
2183 depth, maxdepth, do_flags);
2185 return ret; // dead end
2190 check_i(po, po->bt_i);
2191 if (po->flags & OPF_CJMP) {
2192 ret |= scan_for_pop(po->bt_i, opcnt, reg, magic,
2193 depth, maxdepth, do_flags);
2195 return ret; // dead end
2203 if ((po->op == OP_POP || po->op == OP_PUSH)
2204 && po->operand[0].type == OPT_REG
2205 && IS(po->operand[0].name, reg))
2207 if (po->op == OP_PUSH && !(po->flags & OPF_FARGNR)) {
2209 if (depth > *maxdepth)
2212 op_set_clear_flag(po, OPF_RSAVE, OPF_RMD);
2214 else if (po->op == OP_POP) {
2217 op_set_clear_flag(po, OPF_RMD, OPF_RSAVE);
2222 if (depth < 0) // should not happen
2223 ferr(po, "fail with depth\n");
2225 op_set_clear_flag(po, OPF_RSAVE, OPF_RMD);
2234 // scan for pop starting from 'ret' op (all paths)
2235 static int scan_for_pop_ret(int i, int opcnt, const char *reg,
2241 for (; i < opcnt; i++) {
2242 if (!(ops[i].flags & OPF_TAIL))
2245 for (j = i - 1; j >= 0; j--) {
2246 if (ops[j].flags & (OPF_RMD|OPF_DONE))
2248 if (ops[j].flags & OPF_JMP)
2251 if (ops[j].op == OP_POP && ops[j].datap == NULL
2252 && ops[j].operand[0].type == OPT_REG
2253 && IS(ops[j].operand[0].name, reg))
2256 ops[j].flags |= flag_set;
2260 if (g_labels[j] != NULL)
2265 return found ? 0 : -1;
2268 static void scan_for_pop_const(int i, int opcnt, int *regmask_pp)
2270 struct parsed_op *po;
2271 int is_multipath = 0;
2274 for (j = i + 1; j < opcnt; j++) {
2277 if (po->op == OP_JMP && po->btj == NULL) {
2278 ferr_assert(po, po->bt_i >= 0);
2283 if ((po->flags & (OPF_JMP|OPF_TAIL|OPF_RSAVE))
2284 || po->op == OP_PUSH)
2289 if (g_labels[j] != NULL)
2292 if (po->op == OP_POP && !(po->flags & OPF_RMD))
2294 is_multipath |= !!(po->flags & OPF_PPUSH);
2296 ops[i].flags |= OPF_PPUSH | OPF_DONE;
2298 po->flags |= OPF_PPUSH | OPF_DONE;
2299 *regmask_pp |= 1 << po->operand[0].reg;
2302 ops[i].flags |= OPF_RMD | OPF_DONE;
2303 po->flags |= OPF_DONE;
2304 po->datap = &ops[i];
2311 static void scan_propagate_df(int i, int opcnt)
2313 struct parsed_op *po = &ops[i];
2316 for (; i < opcnt; i++) {
2318 if (po->flags & OPF_DF)
2319 return; // already resolved
2320 po->flags |= OPF_DF;
2322 if (po->op == OP_CALL)
2323 ferr(po, "call with DF set?\n");
2325 if (po->flags & OPF_JMP) {
2326 if (po->btj != NULL) {
2328 for (j = 0; j < po->btj->count; j++) {
2329 check_i(po, po->btj->d[j].bt_i);
2330 scan_propagate_df(po->btj->d[j].bt_i, opcnt);
2335 check_i(po, po->bt_i);
2336 if (po->flags & OPF_CJMP)
2337 scan_propagate_df(po->bt_i, opcnt);
2343 if (po->flags & OPF_TAIL)
2346 if (po->op == OP_CLD) {
2347 po->flags |= OPF_RMD | OPF_DONE;
2352 ferr(po, "missing DF clear?\n");
2355 // is operand 'opr' referenced by parsed_op 'po'?
2356 static int is_opr_referenced(const struct parsed_opr *opr,
2357 const struct parsed_op *po)
2361 if (opr->type == OPT_REG) {
2362 mask = po->regmask_dst | po->regmask_src;
2363 if (po->op == OP_CALL)
2364 mask |= (1 << xAX) | (1 << xCX) | (1 << xDX);
2365 if ((1 << opr->reg) & mask)
2371 for (i = 0; i < po->operand_cnt; i++)
2372 if (IS(po->operand[0].name, opr->name))
2378 // is operand 'opr' read by parsed_op 'po'?
2379 static int is_opr_read(const struct parsed_opr *opr,
2380 const struct parsed_op *po)
2384 if (opr->type == OPT_REG) {
2385 mask = po->regmask_src;
2386 if (po->op == OP_CALL)
2387 // assume worst case
2388 mask |= (1 << xAX) | (1 << xCX) | (1 << xDX);
2389 if ((1 << opr->reg) & mask)
2399 // is operand 'opr' modified by parsed_op 'po'?
2400 static int is_opr_modified(const struct parsed_opr *opr,
2401 const struct parsed_op *po)
2405 if (!(po->flags & OPF_DATA))
2408 if (opr->type == OPT_REG) {
2409 if (po->op == OP_CALL) {
2410 mask = (1 << xAX) | (1 << xCX) | (1 << xDX);
2411 if ((1 << opr->reg) & mask)
2417 if (po->operand[0].type == OPT_REG) {
2418 if (po->regmask_dst & (1 << opr->reg))
2425 return IS(po->operand[0].name, opr->name);
2428 // is any operand of parsed_op 'po_test' modified by parsed_op 'po'?
2429 static int is_any_opr_modified(const struct parsed_op *po_test,
2430 const struct parsed_op *po, int c_mode)
2435 if ((po->flags & OPF_RMD) || !(po->flags & OPF_DATA))
2438 if (po_test->operand_cnt == 1 && po_test->operand[0].type == OPT_CONST)
2441 if ((po_test->regmask_src | po_test->regmask_dst) & po->regmask_dst)
2444 // in reality, it can wreck any register, but in decompiled C
2445 // version it can only overwrite eax or edx:eax
2446 mask = (1 << xAX) | (1 << xDX);
2450 if (po->op == OP_CALL
2451 && ((po_test->regmask_src | po_test->regmask_dst) & mask))
2454 for (i = 0; i < po_test->operand_cnt; i++)
2455 if (IS(po_test->operand[i].name, po->operand[0].name))
2461 // scan for any po_test operand modification in range given
2462 static int scan_for_mod(struct parsed_op *po_test, int i, int opcnt,
2465 if (po_test->operand_cnt == 1 && po_test->operand[0].type == OPT_CONST)
2468 for (; i < opcnt; i++) {
2469 if (is_any_opr_modified(po_test, &ops[i], c_mode))
2476 // scan for po_test operand[0] modification in range given
2477 static int scan_for_mod_opr0(struct parsed_op *po_test,
2480 for (; i < opcnt; i++) {
2481 if (is_opr_modified(&po_test->operand[0], &ops[i]))
2488 static int scan_for_flag_set(int i, int magic, int *branched,
2489 int *setters, int *setter_cnt)
2491 struct label_ref *lr;
2495 if (ops[i].cc_scratch == magic) {
2496 ferr(&ops[i], "%s looped\n", __func__);
2499 ops[i].cc_scratch = magic;
2501 if (g_labels[i] != NULL) {
2504 lr = &g_label_refs[i];
2505 for (; lr->next; lr = lr->next) {
2506 check_i(&ops[i], lr->i);
2507 ret = scan_for_flag_set(lr->i, magic,
2508 branched, setters, setter_cnt);
2513 check_i(&ops[i], lr->i);
2514 if (i > 0 && LAST_OP(i - 1)) {
2518 ret = scan_for_flag_set(lr->i, magic,
2519 branched, setters, setter_cnt);
2525 if (ops[i].flags & OPF_FLAGS) {
2526 setters[*setter_cnt] = i;
2531 if ((ops[i].flags & (OPF_JMP|OPF_CJMP)) == OPF_JMP)
2538 // scan back for cdq, if anything modifies edx, fail
2539 static int scan_for_cdq_edx(int i)
2542 if (g_labels[i] != NULL) {
2543 if (g_label_refs[i].next != NULL)
2545 if (i > 0 && LAST_OP(i - 1)) {
2546 i = g_label_refs[i].i;
2553 if (ops[i].op == OP_CDQ)
2556 if (ops[i].regmask_dst & (1 << xDX))
2563 static int scan_for_reg_clear(int i, int reg)
2566 if (g_labels[i] != NULL) {
2567 if (g_label_refs[i].next != NULL)
2569 if (i > 0 && LAST_OP(i - 1)) {
2570 i = g_label_refs[i].i;
2577 if (ops[i].op == OP_XOR
2578 && ops[i].operand[0].lmod == OPLM_DWORD
2579 && ops[i].operand[0].reg == ops[i].operand[1].reg
2580 && ops[i].operand[0].reg == reg)
2583 if (ops[i].regmask_dst & (1 << reg))
2590 static void patch_esp_adjust(struct parsed_op *po, int adj)
2592 ferr_assert(po, po->op == OP_ADD);
2593 ferr_assert(po, IS(opr_name(po, 0), "esp"));
2594 ferr_assert(po, po->operand[1].type == OPT_CONST);
2596 // this is a bit of a hack, but deals with use of
2597 // single adj for multiple calls
2598 po->operand[1].val -= adj;
2599 po->flags |= OPF_RMD;
2600 if (po->operand[1].val == 0)
2601 po->flags |= OPF_DONE;
2602 ferr_assert(po, (int)po->operand[1].val >= 0);
2605 // scan for positive, constant esp adjust
2606 // multipath case is preliminary
2607 static int scan_for_esp_adjust(int i, int opcnt,
2608 int adj_expect, int *adj, int *is_multipath, int do_update)
2610 int adj_expect_unknown = 0;
2611 struct parsed_op *po;
2615 *adj = *is_multipath = 0;
2616 if (adj_expect < 0) {
2617 adj_expect_unknown = 1;
2618 adj_expect = 32 * 4; // enough?
2621 for (; i < opcnt && *adj < adj_expect; i++) {
2622 if (g_labels[i] != NULL)
2626 if (po->flags & OPF_DONE)
2629 if (po->op == OP_ADD && po->operand[0].reg == xSP) {
2630 if (po->operand[1].type != OPT_CONST)
2631 ferr(&ops[i], "non-const esp adjust?\n");
2632 *adj += po->operand[1].val;
2634 ferr(&ops[i], "unaligned esp adjust: %x\n", *adj);
2637 patch_esp_adjust(po, adj_expect);
2639 po->flags |= OPF_RMD;
2643 else if (po->op == OP_PUSH) {
2644 //if (first_pop == -1)
2645 // first_pop = -2; // none
2646 *adj -= lmod_bytes(po, po->operand[0].lmod);
2648 else if (po->op == OP_POP) {
2649 if (!(po->flags & OPF_DONE)) {
2650 // seems like msvc only uses 'pop ecx' for stack realignment..
2651 if (po->operand[0].type != OPT_REG || po->operand[0].reg != xCX)
2653 if (first_pop == -1 && *adj >= 0)
2656 if (do_update && *adj >= 0) {
2657 po->flags |= OPF_RMD;
2659 po->flags |= OPF_DONE;
2662 *adj += lmod_bytes(po, po->operand[0].lmod);
2663 if (*adj > adj_best)
2666 else if (po->flags & (OPF_JMP|OPF_TAIL)) {
2667 if (po->op == OP_JMP && po->btj == NULL) {
2673 if (po->op != OP_CALL)
2675 if (po->operand[0].type != OPT_LABEL)
2677 if (po->pp != NULL && po->pp->is_stdcall)
2679 if (adj_expect_unknown && first_pop >= 0)
2681 // assume it's another cdecl call
2685 if (first_pop >= 0) {
2686 // probably only 'pop ecx' was used
2694 static void scan_fwd_set_flags(int i, int opcnt, int magic, int flags)
2696 struct parsed_op *po;
2700 ferr(ops, "%s: followed bad branch?\n", __func__);
2702 for (; i < opcnt; i++) {
2704 if (po->cc_scratch == magic)
2706 po->cc_scratch = magic;
2709 if ((po->flags & OPF_JMP) && po->op != OP_CALL) {
2710 if (po->btj != NULL) {
2712 for (j = 0; j < po->btj->count; j++)
2713 scan_fwd_set_flags(po->btj->d[j].bt_i, opcnt, magic, flags);
2717 scan_fwd_set_flags(po->bt_i, opcnt, magic, flags);
2718 if (!(po->flags & OPF_CJMP))
2721 if (po->flags & OPF_TAIL)
2726 static const struct parsed_proto *try_recover_pp(
2727 struct parsed_op *po, const struct parsed_opr *opr, int *search_instead)
2729 const struct parsed_proto *pp = NULL;
2733 // maybe an arg of g_func?
2734 if (opr->type == OPT_REGMEM && is_stack_access(po, opr))
2736 char ofs_reg[16] = { 0, };
2737 int arg, arg_s, arg_i;
2744 parse_stack_access(po, opr->name, ofs_reg,
2745 &offset, &stack_ra, NULL, 0);
2746 if (ofs_reg[0] != 0)
2747 ferr(po, "offset reg on arg access?\n");
2748 if (offset <= stack_ra) {
2749 // search who set the stack var instead
2750 if (search_instead != NULL)
2751 *search_instead = 1;
2755 arg_i = (offset - stack_ra - 4) / 4;
2756 for (arg = arg_s = 0; arg < g_func_pp->argc; arg++) {
2757 if (g_func_pp->arg[arg].reg != NULL)
2763 if (arg == g_func_pp->argc)
2764 ferr(po, "stack arg %d not in prototype?\n", arg_i);
2766 pp = g_func_pp->arg[arg].fptr;
2768 ferr(po, "icall sa: arg%d is not a fptr?\n", arg + 1);
2769 check_func_pp(po, pp, "icall arg");
2771 else if (opr->type == OPT_REGMEM && strchr(opr->name + 1, '[')) {
2773 p = strchr(opr->name + 1, '[');
2774 memcpy(buf, opr->name, p - opr->name);
2775 buf[p - opr->name] = 0;
2776 pp = proto_parse(g_fhdr, buf, g_quiet_pp);
2778 else if (opr->type == OPT_OFFSET || opr->type == OPT_LABEL) {
2779 pp = proto_parse(g_fhdr, opr->name, g_quiet_pp);
2782 ferr(po, "proto_parse failed for icall to '%s'\n", opr->name);
2785 check_func_pp(po, pp, "reg-fptr ref");
2791 static void scan_for_call_type(int i, const struct parsed_opr *opr,
2792 int magic, const struct parsed_proto **pp_found, int *pp_i,
2795 const struct parsed_proto *pp = NULL;
2796 struct parsed_op *po;
2797 struct label_ref *lr;
2799 ops[i].cc_scratch = magic;
2802 if (g_labels[i] != NULL) {
2803 lr = &g_label_refs[i];
2804 for (; lr != NULL; lr = lr->next) {
2805 check_i(&ops[i], lr->i);
2806 scan_for_call_type(lr->i, opr, magic, pp_found, pp_i, multi);
2808 if (i > 0 && LAST_OP(i - 1))
2816 if (ops[i].cc_scratch == magic)
2818 ops[i].cc_scratch = magic;
2820 if (!(ops[i].flags & OPF_DATA))
2822 if (!is_opr_modified(opr, &ops[i]))
2824 if (ops[i].op != OP_MOV && ops[i].op != OP_LEA) {
2825 // most probably trashed by some processing
2830 opr = &ops[i].operand[1];
2831 if (opr->type != OPT_REG)
2835 po = (i >= 0) ? &ops[i] : ops;
2838 // reached the top - can only be an arg-reg
2839 if (opr->type != OPT_REG)
2842 for (i = 0; i < g_func_pp->argc; i++) {
2843 if (g_func_pp->arg[i].reg == NULL)
2845 if (IS(opr->name, g_func_pp->arg[i].reg))
2848 if (i == g_func_pp->argc)
2850 pp = g_func_pp->arg[i].fptr;
2852 ferr(po, "icall: arg%d (%s) is not a fptr?\n",
2853 i + 1, g_func_pp->arg[i].reg);
2854 check_func_pp(po, pp, "icall reg-arg");
2857 pp = try_recover_pp(po, opr, NULL);
2859 if (*pp_found != NULL && pp != NULL && *pp_found != pp) {
2860 if (!IS((*pp_found)->ret_type.name, pp->ret_type.name)
2861 || (*pp_found)->is_stdcall != pp->is_stdcall
2862 || (*pp_found)->is_fptr != pp->is_fptr
2863 || (*pp_found)->argc != pp->argc
2864 || (*pp_found)->argc_reg != pp->argc_reg
2865 || (*pp_found)->argc_stack != pp->argc_stack)
2867 ferr(po, "icall: parsed_proto mismatch\n");
2877 static void add_label_ref(struct label_ref *lr, int op_i)
2879 struct label_ref *lr_new;
2886 lr_new = calloc(1, sizeof(*lr_new));
2888 lr_new->next = lr->next;
2892 static struct parsed_data *try_resolve_jumptab(int i, int opcnt)
2894 struct parsed_op *po = &ops[i];
2895 struct parsed_data *pd;
2896 char label[NAMELEN], *p;
2899 p = strchr(po->operand[0].name, '[');
2903 len = p - po->operand[0].name;
2904 strncpy(label, po->operand[0].name, len);
2907 for (j = 0, pd = NULL; j < g_func_pd_cnt; j++) {
2908 if (IS(g_func_pd[j].label, label)) {
2914 //ferr(po, "label '%s' not parsed?\n", label);
2917 if (pd->type != OPT_OFFSET)
2918 ferr(po, "label '%s' with non-offset data?\n", label);
2920 // find all labels, link
2921 for (j = 0; j < pd->count; j++) {
2922 for (l = 0; l < opcnt; l++) {
2923 if (g_labels[l] != NULL && IS(g_labels[l], pd->d[j].u.label)) {
2924 add_label_ref(&g_label_refs[l], i);
2934 static void clear_labels(int count)
2938 for (i = 0; i < count; i++) {
2939 if (g_labels[i] != NULL) {
2946 static void resolve_branches_parse_calls(int opcnt)
2948 const struct parsed_proto *pp_c;
2949 struct parsed_proto *pp;
2950 struct parsed_data *pd;
2951 struct parsed_op *po;
2952 const char *tmpname;
2955 for (i = 0; i < opcnt; i++)
2961 if (po->op == OP_CALL) {
2964 if (po->operand[0].type == OPT_LABEL) {
2965 tmpname = opr_name(po, 0);
2966 if (IS_START(tmpname, "loc_"))
2967 ferr(po, "call to loc_*\n");
2968 pp_c = proto_parse(g_fhdr, tmpname, g_header_mode);
2969 if (!g_header_mode && pp_c == NULL)
2970 ferr(po, "proto_parse failed for call '%s'\n", tmpname);
2973 pp = proto_clone(pp_c);
2974 my_assert_not(pp, NULL);
2977 else if (po->datap != NULL) {
2978 pp = calloc(1, sizeof(*pp));
2979 my_assert_not(pp, NULL);
2981 ret = parse_protostr(po->datap, pp);
2983 ferr(po, "bad protostr supplied: %s\n", (char *)po->datap);
2990 check_func_pp(po, pp, "fptr var call");
2991 if (pp->is_noreturn)
2992 po->flags |= OPF_TAIL;
2998 if (!(po->flags & OPF_JMP) || po->op == OP_RET)
3001 if (po->operand[0].type == OPT_REGMEM) {
3002 pd = try_resolve_jumptab(i, opcnt);
3010 for (l = 0; l < opcnt; l++) {
3011 if (g_labels[l] != NULL
3012 && IS(po->operand[0].name, g_labels[l]))
3014 if (l == i + 1 && po->op == OP_JMP) {
3015 // yet another alignment type..
3016 po->flags |= OPF_RMD|OPF_DONE;
3019 add_label_ref(&g_label_refs[l], i);
3025 if (po->bt_i != -1 || (po->flags & OPF_RMD))
3028 if (po->operand[0].type == OPT_LABEL)
3032 ferr(po, "unhandled branch\n");
3036 po->flags |= OPF_TAIL;
3037 if (i > 0 && ops[i - 1].op == OP_POP)
3038 po->flags |= OPF_ATAIL;
3043 static void scan_prologue_epilogue(int opcnt)
3045 int ecx_push = 0, esp_sub = 0;
3049 if (ops[0].op == OP_PUSH && IS(opr_name(&ops[0], 0), "ebp")
3050 && ops[1].op == OP_MOV
3051 && IS(opr_name(&ops[1], 0), "ebp")
3052 && IS(opr_name(&ops[1], 1), "esp"))
3055 ops[0].flags |= OPF_RMD | OPF_DONE;
3056 ops[1].flags |= OPF_RMD | OPF_DONE;
3059 if (ops[2].op == OP_SUB && IS(opr_name(&ops[2], 0), "esp")) {
3060 g_stack_fsz = opr_const(&ops[2], 1);
3061 ops[2].flags |= OPF_RMD | OPF_DONE;
3065 // another way msvc builds stack frame..
3067 while (ops[i].op == OP_PUSH && IS(opr_name(&ops[i], 0), "ecx")) {
3069 ops[i].flags |= OPF_RMD | OPF_DONE;
3073 // and another way..
3074 if (i == 2 && ops[i].op == OP_MOV && ops[i].operand[0].reg == xAX
3075 && ops[i].operand[1].type == OPT_CONST
3076 && ops[i + 1].op == OP_CALL
3077 && IS(opr_name(&ops[i + 1], 0), "__alloca_probe"))
3079 g_stack_fsz += ops[i].operand[1].val;
3080 ops[i].flags |= OPF_RMD | OPF_DONE;
3082 ops[i].flags |= OPF_RMD | OPF_DONE;
3089 for (; i < opcnt; i++)
3090 if (ops[i].flags & OPF_TAIL)
3093 if (i == opcnt && (ops[j].flags & OPF_JMP)) {
3094 if (ops[j].bt_i != -1 || ops[j].btj != NULL)
3100 if ((ops[j].op == OP_POP && IS(opr_name(&ops[j], 0), "ebp"))
3101 || ops[j].op == OP_LEAVE)
3103 ops[j].flags |= OPF_RMD | OPF_DONE;
3105 else if (ops[i].op == OP_CALL && ops[i].pp != NULL
3106 && ops[i].pp->is_noreturn)
3108 // on noreturn, msvc sometimes cleans stack, sometimes not
3113 else if (!(g_ida_func_attr & IDAFA_NORETURN))
3114 ferr(&ops[j], "'pop ebp' expected\n");
3116 if (g_stack_fsz != 0) {
3117 if (ops[j].op == OP_LEAVE)
3119 else if (ops[j].op == OP_POP
3120 && ops[j - 1].op == OP_MOV
3121 && IS(opr_name(&ops[j - 1], 0), "esp")
3122 && IS(opr_name(&ops[j - 1], 1), "ebp"))
3124 ops[j - 1].flags |= OPF_RMD | OPF_DONE;
3127 else if (!(g_ida_func_attr & IDAFA_NORETURN))
3129 ferr(&ops[j], "esp restore expected\n");
3132 if (ecx_push && j >= 0 && ops[j].op == OP_POP
3133 && IS(opr_name(&ops[j], 0), "ecx"))
3135 ferr(&ops[j], "unexpected ecx pop\n");
3141 } while (i < opcnt);
3144 ferr(ops, "missing ebp epilogue\n");
3150 while (ops[i].op == OP_PUSH && IS(opr_name(&ops[i], 0), "ecx")) {
3151 ops[i].flags |= OPF_RMD | OPF_DONE;
3157 for (; i < opcnt; i++) {
3158 if (ops[i].op == OP_PUSH || (ops[i].flags & (OPF_JMP|OPF_TAIL)))
3160 if (ops[i].op == OP_SUB && ops[i].operand[0].reg == xSP
3161 && ops[i].operand[1].type == OPT_CONST)
3163 g_stack_fsz = ops[i].operand[1].val;
3164 ops[i].flags |= OPF_RMD | OPF_DONE;
3170 if (ecx_push && !esp_sub) {
3171 // could actually be args for a call..
3172 for (; i < opcnt; i++)
3173 if (ops[i].op != OP_PUSH)
3176 if (ops[i].op == OP_CALL && ops[i].operand[0].type == OPT_LABEL) {
3177 const struct parsed_proto *pp;
3178 pp = proto_parse(g_fhdr, opr_name(&ops[i], 0), 1);
3179 j = pp ? pp->argc_stack : 0;
3180 while (i > 0 && j > 0) {
3182 if (ops[i].op == OP_PUSH) {
3183 ops[i].flags &= ~(OPF_RMD | OPF_DONE);
3188 ferr(&ops[i], "unhandled prologue\n");
3191 i = g_stack_fsz = ecx_push = 0;
3192 while (ops[i].op == OP_PUSH && IS(opr_name(&ops[i], 0), "ecx")) {
3193 if (!(ops[i].flags & OPF_RMD))
3203 if (ecx_push || esp_sub)
3209 for (; i < opcnt; i++)
3210 if (ops[i].flags & OPF_TAIL)
3213 if (i == opcnt && (ops[j].flags & OPF_JMP)) {
3214 if (ops[j].bt_i != -1 || ops[j].btj != NULL)
3221 for (l = 0; l < ecx_push; l++) {
3222 if (ops[j].op == OP_POP && IS(opr_name(&ops[j], 0), "ecx"))
3224 else if (ops[j].op == OP_ADD
3225 && IS(opr_name(&ops[j], 0), "esp")
3226 && ops[j].operand[1].type == OPT_CONST)
3229 l += ops[j].operand[1].val / 4 - 1;
3232 ferr(&ops[j], "'pop ecx' expected\n");
3234 ops[j].flags |= OPF_RMD | OPF_DONE;
3238 ferr(&ops[j], "epilogue scan failed\n");
3244 if (ops[j].op != OP_ADD
3245 || !IS(opr_name(&ops[j], 0), "esp")
3246 || ops[j].operand[1].type != OPT_CONST
3247 || ops[j].operand[1].val != g_stack_fsz)
3248 ferr(&ops[j], "'add esp' expected\n");
3250 ops[j].flags |= OPF_RMD | OPF_DONE;
3251 ops[j].operand[1].val = 0; // hack for stack arg scanner
3256 } while (i < opcnt);
3259 ferr(ops, "missing esp epilogue\n");
3263 static const struct parsed_proto *resolve_icall(int i, int opcnt,
3264 int *pp_i, int *multi_src)
3266 const struct parsed_proto *pp = NULL;
3267 int search_advice = 0;
3272 switch (ops[i].operand[0].type) {
3276 pp = try_recover_pp(&ops[i], &ops[i].operand[0], &search_advice);
3281 scan_for_call_type(i, &ops[i].operand[0], i + opcnt * 9, &pp,
3289 // find an instruction that changed opr before i op
3290 // *op_i must be set to -1 by the caller
3291 // *entry is set to 1 if one source is determined to be the caller
3292 // returns 1 if found, *op_i is then set to origin
3293 static int resolve_origin(int i, const struct parsed_opr *opr,
3294 int magic, int *op_i, int *is_caller)
3296 struct label_ref *lr;
3299 if (ops[i].cc_scratch == magic)
3301 ops[i].cc_scratch = magic;
3304 if (g_labels[i] != NULL) {
3305 lr = &g_label_refs[i];
3306 for (; lr != NULL; lr = lr->next) {
3307 check_i(&ops[i], lr->i);
3308 ret |= resolve_origin(lr->i, opr, magic, op_i, is_caller);
3310 if (i > 0 && LAST_OP(i - 1))
3316 if (is_caller != NULL)
3321 if (ops[i].cc_scratch == magic)
3323 ops[i].cc_scratch = magic;
3325 if (!(ops[i].flags & OPF_DATA))
3327 if (!is_opr_modified(opr, &ops[i]))
3334 // XXX: could check if the other op does the same
3343 // find an instruction that previously referenced opr
3344 // if multiple results are found - fail
3345 // *op_i must be set to -1 by the caller
3346 // returns 1 if found, *op_i is then set to referencer insn
3347 static int resolve_last_ref(int i, const struct parsed_opr *opr,
3348 int magic, int *op_i)
3350 struct label_ref *lr;
3353 if (ops[i].cc_scratch == magic)
3355 ops[i].cc_scratch = magic;
3358 if (g_labels[i] != NULL) {
3359 lr = &g_label_refs[i];
3360 for (; lr != NULL; lr = lr->next) {
3361 check_i(&ops[i], lr->i);
3362 ret |= resolve_last_ref(lr->i, opr, magic, op_i);
3364 if (i > 0 && LAST_OP(i - 1))
3372 if (ops[i].cc_scratch == magic)
3374 ops[i].cc_scratch = magic;
3376 if (!is_opr_referenced(opr, &ops[i]))
3387 // find next instruction that reads opr
3388 // if multiple results are found - fail
3389 // *op_i must be set to -1 by the caller
3390 // returns 1 if found, *op_i is then set to referencer insn
3391 static int find_next_read(int i, int opcnt,
3392 const struct parsed_opr *opr, int magic, int *op_i)
3394 struct parsed_op *po;
3397 for (; i < opcnt; i++)
3399 if (ops[i].cc_scratch == magic)
3401 ops[i].cc_scratch = magic;
3404 if ((po->flags & OPF_JMP) && po->op != OP_CALL) {
3405 if (po->btj != NULL) {
3407 for (j = 0; j < po->btj->count; j++) {
3408 check_i(po, po->btj->d[j].bt_i);
3409 ret |= find_next_read(po->btj->d[j].bt_i, opcnt, opr,
3415 if (po->flags & OPF_RMD)
3417 check_i(po, po->bt_i);
3418 if (po->flags & OPF_CJMP) {
3419 ret = find_next_read(po->bt_i, opcnt, opr, magic, op_i);
3428 if (!is_opr_read(opr, po)) {
3429 if (is_opr_modified(opr, po))
3432 if (po->flags & OPF_TAIL)
3447 static int try_resolve_const(int i, const struct parsed_opr *opr,
3448 int magic, unsigned int *val)
3453 ret = resolve_origin(i, opr, magic, &s_i, NULL);
3456 if (ops[i].op != OP_MOV && ops[i].operand[1].type != OPT_CONST)
3459 *val = ops[i].operand[1].val;
3466 static struct parsed_proto *process_call_early(int i, int opcnt,
3469 struct parsed_op *po = &ops[i];
3470 struct parsed_proto *pp;
3476 if (pp == NULL || pp->is_vararg || pp->argc_reg != 0)
3480 // look for and make use of esp adjust
3482 if (!pp->is_stdcall && pp->argc_stack > 0)
3483 ret = scan_for_esp_adjust(i + 1, opcnt,
3484 pp->argc_stack * 4, &adj, &multipath, 0);
3486 if (pp->argc_stack > adj / 4)
3490 if (ops[ret].op == OP_POP) {
3491 for (j = 1; j < adj / 4; j++) {
3492 if (ops[ret + j].op != OP_POP
3493 || ops[ret + j].operand[0].reg != xCX)
3505 static struct parsed_proto *process_call(int i, int opcnt)
3507 struct parsed_op *po = &ops[i];
3508 const struct parsed_proto *pp_c;
3509 struct parsed_proto *pp;
3510 const char *tmpname;
3511 int call_i = -1, ref_i = -1;
3512 int adj = 0, multipath = 0;
3515 tmpname = opr_name(po, 0);
3520 pp_c = resolve_icall(i, opcnt, &call_i, &multipath);
3522 if (!pp_c->is_func && !pp_c->is_fptr)
3523 ferr(po, "call to non-func: %s\n", pp_c->name);
3524 pp = proto_clone(pp_c);
3525 my_assert_not(pp, NULL);
3527 // not resolved just to single func
3530 switch (po->operand[0].type) {
3532 // we resolved this call and no longer need the register
3533 po->regmask_src &= ~(1 << po->operand[0].reg);
3535 if (!multipath && i != call_i && ops[call_i].op == OP_MOV
3536 && ops[call_i].operand[1].type == OPT_LABEL)
3538 // no other source users?
3539 ret = resolve_last_ref(i, &po->operand[0], opcnt * 10,
3541 if (ret == 1 && call_i == ref_i) {
3542 // and nothing uses it after us?
3544 ret = find_next_read(i + 1, opcnt, &po->operand[0],
3545 opcnt * 11, &ref_i);
3547 // then also don't need the source mov
3548 ops[call_i].flags |= OPF_RMD;
3560 pp = calloc(1, sizeof(*pp));
3561 my_assert_not(pp, NULL);
3564 ret = scan_for_esp_adjust(i + 1, opcnt,
3565 -1, &adj, &multipath, 0);
3566 if (ret < 0 || adj < 0) {
3567 if (!g_allow_regfunc)
3568 ferr(po, "non-__cdecl indirect call unhandled yet\n");
3569 pp->is_unresolved = 1;
3573 if (adj > ARRAY_SIZE(pp->arg))
3574 ferr(po, "esp adjust too large: %d\n", adj);
3575 pp->ret_type.name = strdup("int");
3576 pp->argc = pp->argc_stack = adj;
3577 for (arg = 0; arg < pp->argc; arg++)
3578 pp->arg[arg].type.name = strdup("int");
3583 // look for and make use of esp adjust
3586 if (!pp->is_stdcall && pp->argc_stack > 0) {
3587 int adj_expect = pp->is_vararg ? -1 : pp->argc_stack * 4;
3588 ret = scan_for_esp_adjust(i + 1, opcnt,
3589 adj_expect, &adj, &multipath, 0);
3592 if (pp->is_vararg) {
3593 if (adj / 4 < pp->argc_stack) {
3594 fnote(po, "(this call)\n");
3595 ferr(&ops[ret], "esp adjust is too small: %x < %x\n",
3596 adj, pp->argc_stack * 4);
3598 // modify pp to make it have varargs as normal args
3600 pp->argc += adj / 4 - pp->argc_stack;
3601 for (; arg < pp->argc; arg++) {
3602 pp->arg[arg].type.name = strdup("int");
3605 if (pp->argc > ARRAY_SIZE(pp->arg))
3606 ferr(po, "too many args for '%s'\n", tmpname);
3608 if (pp->argc_stack > adj / 4) {
3609 fnote(po, "(this call)\n");
3610 ferr(&ops[ret], "stack tracking failed for '%s': %x %x\n",
3611 tmpname, pp->argc_stack * 4, adj);
3614 scan_for_esp_adjust(i + 1, opcnt,
3615 pp->argc_stack * 4, &adj, &multipath, 1);
3617 else if (pp->is_vararg)
3618 ferr(po, "missing esp_adjust for vararg func '%s'\n",
3624 static int collect_call_args_early(struct parsed_op *po, int i,
3625 struct parsed_proto *pp, int *regmask)
3630 for (arg = 0; arg < pp->argc; arg++)
3631 if (pp->arg[arg].reg == NULL)
3634 // first see if it can be easily done
3635 for (j = i; j > 0 && arg < pp->argc; )
3637 if (g_labels[j] != NULL)
3641 if (ops[j].op == OP_CALL)
3643 else if (ops[j].op == OP_ADD && ops[j].operand[0].reg == xSP)
3645 else if (ops[j].op == OP_POP)
3647 else if (ops[j].flags & OPF_CJMP)
3649 else if (ops[j].op == OP_PUSH) {
3650 if (ops[j].flags & (OPF_FARG|OPF_FARGNR))
3652 ret = scan_for_mod(&ops[j], j + 1, i, 1);
3656 if (pp->arg[arg].type.is_va_list)
3660 for (arg++; arg < pp->argc; arg++)
3661 if (pp->arg[arg].reg == NULL)
3670 for (arg = 0; arg < pp->argc; arg++)
3671 if (pp->arg[arg].reg == NULL)
3674 for (j = i; j > 0 && arg < pp->argc; )
3678 if (ops[j].op == OP_PUSH)
3680 ops[j].p_argnext = -1;
3681 ferr_assert(&ops[j], pp->arg[arg].datap == NULL);
3682 pp->arg[arg].datap = &ops[j];
3684 if (ops[j].operand[0].type == OPT_REG)
3685 *regmask |= 1 << ops[j].operand[0].reg;
3687 ops[j].flags |= OPF_RMD | OPF_DONE | OPF_FARGNR | OPF_FARG;
3688 ops[j].flags &= ~OPF_RSAVE;
3691 for (arg++; arg < pp->argc; arg++)
3692 if (pp->arg[arg].reg == NULL)
3700 static int collect_call_args_r(struct parsed_op *po, int i,
3701 struct parsed_proto *pp, int *regmask, int *save_arg_vars,
3702 int *arg_grp, int arg, int magic, int need_op_saving, int may_reuse)
3704 struct parsed_proto *pp_tmp;
3705 struct parsed_op *po_tmp;
3706 struct label_ref *lr;
3707 int need_to_save_current;
3708 int arg_grp_current = 0;
3709 int save_args_seen = 0;
3717 ferr(po, "dead label encountered\n");
3721 for (; arg < pp->argc; arg++)
3722 if (pp->arg[arg].reg == NULL)
3724 magic = (magic & 0xffffff) | (arg << 24);
3726 for (j = i; j >= 0 && (arg < pp->argc || pp->is_unresolved); )
3728 if (((ops[j].cc_scratch ^ magic) & 0xffffff) == 0) {
3729 if (ops[j].cc_scratch != magic) {
3730 ferr(&ops[j], "arg collect hit same path with diff args for %s\n",
3734 // ok: have already been here
3737 ops[j].cc_scratch = magic;
3739 if (g_labels[j] != NULL && g_label_refs[j].i != -1) {
3740 lr = &g_label_refs[j];
3741 if (lr->next != NULL)
3743 for (; lr->next; lr = lr->next) {
3744 check_i(&ops[j], lr->i);
3745 if ((ops[lr->i].flags & (OPF_JMP|OPF_CJMP)) != OPF_JMP)
3747 ret = collect_call_args_r(po, lr->i, pp, regmask, save_arg_vars,
3748 arg_grp, arg, magic, need_op_saving, may_reuse);
3753 check_i(&ops[j], lr->i);
3754 if ((ops[lr->i].flags & (OPF_JMP|OPF_CJMP)) != OPF_JMP)
3756 if (j > 0 && LAST_OP(j - 1)) {
3757 // follow last branch in reverse
3762 ret = collect_call_args_r(po, lr->i, pp, regmask, save_arg_vars,
3763 arg_grp, arg, magic, need_op_saving, may_reuse);
3769 if (ops[j].op == OP_CALL)
3771 if (pp->is_unresolved)
3776 ferr(po, "arg collect hit unparsed call '%s'\n",
3777 ops[j].operand[0].name);
3778 if (may_reuse && pp_tmp->argc_stack > 0)
3779 ferr(po, "arg collect %d/%d hit '%s' with %d stack args\n",
3780 arg, pp->argc, opr_name(&ops[j], 0), pp_tmp->argc_stack);
3782 // esp adjust of 0 means we collected it before
3783 else if (ops[j].op == OP_ADD && ops[j].operand[0].reg == xSP
3784 && (ops[j].operand[1].type != OPT_CONST
3785 || ops[j].operand[1].val != 0))
3787 if (pp->is_unresolved)
3790 ferr(po, "arg collect %d/%d hit esp adjust of %d\n",
3791 arg, pp->argc, ops[j].operand[1].val);
3793 else if (ops[j].op == OP_POP && !(ops[j].flags & OPF_DONE))
3795 if (pp->is_unresolved)
3798 ferr(po, "arg collect %d/%d hit pop\n", arg, pp->argc);
3800 else if (ops[j].flags & OPF_CJMP)
3802 if (pp->is_unresolved)
3807 else if (ops[j].op == OP_PUSH
3808 && !(ops[j].flags & (OPF_FARGNR|OPF_DONE)))
3810 if (pp->is_unresolved && (ops[j].flags & OPF_RMD))
3813 ops[j].p_argnext = -1;
3814 po_tmp = pp->arg[arg].datap;
3816 ops[j].p_argnext = po_tmp - ops;
3817 pp->arg[arg].datap = &ops[j];
3819 need_to_save_current = 0;
3822 if (ops[j].operand[0].type == OPT_REG)
3823 reg = ops[j].operand[0].reg;
3825 if (!need_op_saving) {
3826 ret = scan_for_mod(&ops[j], j + 1, i, 1);
3827 need_to_save_current = (ret >= 0);
3829 if (need_op_saving || need_to_save_current) {
3830 // mark this push as one that needs operand saving
3831 ops[j].flags &= ~OPF_RMD;
3832 if (ops[j].p_argnum == 0) {
3833 ops[j].p_argnum = arg + 1;
3834 save_args |= 1 << arg;
3836 else if (ops[j].p_argnum < arg + 1) {
3837 // XXX: might kill valid var..
3838 //*save_arg_vars &= ~(1 << (ops[j].p_argnum - 1));
3839 ops[j].p_argnum = arg + 1;
3840 save_args |= 1 << arg;
3843 if (save_args_seen & (1 << (ops[j].p_argnum - 1))) {
3846 if (arg_grp_current >= MAX_ARG_GRP)
3847 ferr(&ops[j], "out of arg groups (arg%d), f %s\n",
3848 ops[j].p_argnum, pp->name);
3851 else if (ops[j].p_argnum == 0)
3852 ops[j].flags |= OPF_RMD;
3854 // some PUSHes are reused by different calls on other branches,
3855 // but that can't happen if we didn't branch, so they
3856 // can be removed from future searches (handles nested calls)
3858 ops[j].flags |= OPF_FARGNR;
3860 ops[j].flags |= OPF_FARG;
3861 ops[j].flags &= ~OPF_RSAVE;
3863 // check for __VALIST
3864 if (!pp->is_unresolved && pp->arg[arg].type.is_va_list) {
3866 ret = resolve_origin(j, &ops[j].operand[0],
3867 magic + 1, &k, NULL);
3868 if (ret == 1 && k >= 0)
3870 if (ops[k].op == OP_LEA) {
3871 snprintf(buf, sizeof(buf), "arg_%X",
3872 g_func_pp->argc_stack * 4);
3873 if (!g_func_pp->is_vararg
3874 || strstr(ops[k].operand[1].name, buf))
3876 ops[k].flags |= OPF_RMD | OPF_DONE;
3877 ops[j].flags |= OPF_RMD | OPF_VAPUSH;
3878 save_args &= ~(1 << arg);
3882 ferr(&ops[j], "lea va_list used, but no vararg?\n");
3884 // check for va_list from g_func_pp arg too
3885 else if (ops[k].op == OP_MOV
3886 && is_stack_access(&ops[k], &ops[k].operand[1]))
3888 ret = stack_frame_access(&ops[k], &ops[k].operand[1],
3889 buf, sizeof(buf), ops[k].operand[1].name, "", 1, 0);
3891 ops[k].flags |= OPF_RMD | OPF_DONE;
3892 ops[j].flags |= OPF_RMD;
3893 ops[j].p_argpass = ret + 1;
3894 save_args &= ~(1 << arg);
3901 *save_arg_vars |= save_args;
3903 // tracking reg usage
3905 *regmask |= 1 << reg;
3908 if (!pp->is_unresolved) {
3910 for (; arg < pp->argc; arg++)
3911 if (pp->arg[arg].reg == NULL)
3914 magic = (magic & 0xffffff) | (arg << 24);
3917 if (ops[j].p_arggrp > arg_grp_current) {
3919 arg_grp_current = ops[j].p_arggrp;
3921 if (ops[j].p_argnum > 0)
3922 save_args_seen |= 1 << (ops[j].p_argnum - 1);
3925 if (arg < pp->argc) {
3926 ferr(po, "arg collect failed for '%s': %d/%d\n",
3927 pp->name, arg, pp->argc);
3931 if (arg_grp_current > *arg_grp)
3932 *arg_grp = arg_grp_current;
3937 static int collect_call_args(struct parsed_op *po, int i,
3938 struct parsed_proto *pp, int *regmask, int *save_arg_vars,
3941 // arg group is for cases when pushes for
3942 // multiple funcs are going on
3943 struct parsed_op *po_tmp;
3944 int save_arg_vars_current = 0;
3949 ret = collect_call_args_r(po, i, pp, regmask,
3950 &save_arg_vars_current, &arg_grp, 0, magic, 0, 0);
3955 // propagate arg_grp
3956 for (a = 0; a < pp->argc; a++) {
3957 if (pp->arg[a].reg != NULL)
3960 po_tmp = pp->arg[a].datap;
3961 while (po_tmp != NULL) {
3962 po_tmp->p_arggrp = arg_grp;
3963 if (po_tmp->p_argnext > 0)
3964 po_tmp = &ops[po_tmp->p_argnext];
3970 save_arg_vars[arg_grp] |= save_arg_vars_current;
3972 if (pp->is_unresolved) {
3974 pp->argc_stack += ret;
3975 for (a = 0; a < pp->argc; a++)
3976 if (pp->arg[a].type.name == NULL)
3977 pp->arg[a].type.name = strdup("int");
3983 static void pp_insert_reg_arg(struct parsed_proto *pp, const char *reg)
3987 for (i = 0; i < pp->argc; i++)
3988 if (pp->arg[i].reg == NULL)
3992 memmove(&pp->arg[i + 1], &pp->arg[i],
3993 sizeof(pp->arg[0]) * pp->argc_stack);
3994 memset(&pp->arg[i], 0, sizeof(pp->arg[i]));
3995 pp->arg[i].reg = strdup(reg);
3996 pp->arg[i].type.name = strdup("int");
4001 static void output_std_flags(FILE *fout, struct parsed_op *po,
4002 int *pfomask, const char *dst_opr_text)
4004 if (*pfomask & (1 << PFO_Z)) {
4005 fprintf(fout, "\n cond_z = (%s%s == 0);",
4006 lmod_cast_u(po, po->operand[0].lmod), dst_opr_text);
4007 *pfomask &= ~(1 << PFO_Z);
4009 if (*pfomask & (1 << PFO_S)) {
4010 fprintf(fout, "\n cond_s = (%s%s < 0);",
4011 lmod_cast_s(po, po->operand[0].lmod), dst_opr_text);
4012 *pfomask &= ~(1 << PFO_S);
4017 OPP_FORCE_NORETURN = (1 << 0),
4018 OPP_SIMPLE_ARGS = (1 << 1),
4019 OPP_ALIGN = (1 << 2),
4022 static void output_pp_attrs(FILE *fout, const struct parsed_proto *pp,
4025 const char *cconv = "";
4027 if (pp->is_fastcall)
4028 cconv = "__fastcall ";
4029 else if (pp->is_stdcall && pp->argc_reg == 0)
4030 cconv = "__stdcall ";
4032 fprintf(fout, (flags & OPP_ALIGN) ? "%-16s" : "%s", cconv);
4034 if (pp->is_noreturn || (flags & OPP_FORCE_NORETURN))
4035 fprintf(fout, "noreturn ");
4038 static void output_pp(FILE *fout, const struct parsed_proto *pp,
4043 fprintf(fout, (flags & OPP_ALIGN) ? "%-5s" : "%s ",
4047 output_pp_attrs(fout, pp, flags);
4050 fprintf(fout, "%s", pp->name);
4055 for (i = 0; i < pp->argc; i++) {
4057 fprintf(fout, ", ");
4058 if (pp->arg[i].fptr != NULL && !(flags & OPP_SIMPLE_ARGS)) {
4060 output_pp(fout, pp->arg[i].fptr, 0);
4062 else if (pp->arg[i].type.is_retreg) {
4063 fprintf(fout, "u32 *r_%s", pp->arg[i].reg);
4066 fprintf(fout, "%s", pp->arg[i].type.name);
4068 fprintf(fout, " a%d", i + 1);
4071 if (pp->is_vararg) {
4073 fprintf(fout, ", ");
4074 fprintf(fout, "...");
4079 static int get_pp_arg_regmask(const struct parsed_proto *pp)
4084 for (i = 0; i < pp->argc; i++) {
4085 if (pp->arg[i].reg != NULL) {
4086 reg = char_array_i(regs_r32,
4087 ARRAY_SIZE(regs_r32), pp->arg[i].reg);
4089 ferr(ops, "arg '%s' of func '%s' is not a reg?\n",
4090 pp->arg[i].reg, pp->name);
4091 regmask |= 1 << reg;
4098 static char *saved_arg_name(char *buf, size_t buf_size, int grp, int num)
4104 snprintf(buf1, sizeof(buf1), "%d", grp);
4105 snprintf(buf, buf_size, "s%s_a%d", buf1, num);
4110 static void gen_x_cleanup(int opcnt);
4112 static void gen_func(FILE *fout, FILE *fhdr, const char *funcn, int opcnt)
4114 struct parsed_op *po, *delayed_flag_op = NULL, *tmp_op;
4115 struct parsed_opr *last_arith_dst = NULL;
4116 char buf1[256], buf2[256], buf3[256], cast[64];
4117 struct parsed_proto *pp, *pp_tmp;
4118 struct parsed_data *pd;
4120 int save_arg_vars[MAX_ARG_GRP] = { 0, };
4122 int need_tmp_var = 0;
4125 int label_pending = 0;
4126 int regmask_save = 0; // regs saved/restored in this func
4127 int regmask_arg = 0; // regs carrying function args (fastcall, etc)
4128 int regmask_now; // temp
4129 int regmask_init = 0; // regs that need zero initialization
4130 int regmask_pp = 0; // regs used in complex push-pop graph
4131 int regmask = 0; // used regs
4141 g_bp_frame = g_sp_frame = g_stack_fsz = 0;
4142 g_stack_frame_used = 0;
4144 g_func_pp = proto_parse(fhdr, funcn, 0);
4145 if (g_func_pp == NULL)
4146 ferr(ops, "proto_parse failed for '%s'\n", funcn);
4148 regmask_arg = get_pp_arg_regmask(g_func_pp);
4151 // - resolve all branches
4152 // - parse calls with labels
4153 resolve_branches_parse_calls(opcnt);
4156 // - handle ebp/esp frame, remove ops related to it
4157 scan_prologue_epilogue(opcnt);
4160 // - remove dead labels
4161 for (i = 0; i < opcnt; i++)
4163 if (g_labels[i] != NULL && g_label_refs[i].i == -1) {
4170 // - process trivial calls
4171 for (i = 0; i < opcnt; i++)
4174 if (po->flags & (OPF_RMD|OPF_DONE))
4177 if (po->op == OP_CALL)
4179 pp = process_call_early(i, opcnt, &j);
4181 if (!(po->flags & OPF_ATAIL))
4182 // since we know the args, try to collect them
4183 if (collect_call_args_early(po, i, pp, ®mask) != 0)
4189 // commit esp adjust
4190 if (ops[j].op != OP_POP)
4191 patch_esp_adjust(&ops[j], pp->argc_stack * 4);
4193 for (l = 0; l < pp->argc_stack; l++)
4194 ops[j + l].flags |= OPF_DONE | OPF_RMD;
4198 if (strstr(pp->ret_type.name, "int64"))
4201 po->flags |= OPF_DONE;
4208 // - handle push <const>/pop pairs
4209 for (i = 0; i < opcnt; i++)
4212 if (po->flags & (OPF_RMD|OPF_DONE))
4215 if (po->op == OP_CALL && !(po->flags & OPF_DONE))
4217 pp = process_call(i, opcnt);
4219 if (!pp->is_unresolved && !(po->flags & OPF_ATAIL)) {
4220 // since we know the args, collect them
4221 collect_call_args(po, i, pp, ®mask, save_arg_vars,
4225 if (strstr(pp->ret_type.name, "int64"))
4228 else if (po->op == OP_PUSH && !(po->flags & OPF_FARG)
4229 && !(po->flags & OPF_RSAVE) && po->operand[0].type == OPT_CONST)
4230 scan_for_pop_const(i, opcnt, ®mask_pp);
4234 // - find POPs for PUSHes, rm both
4235 // - scan for STD/CLD, propagate DF
4236 // - scan for all used registers
4237 // - find flag set ops for their users
4238 // - do unreselved calls
4239 // - declare indirect functions
4240 for (i = 0; i < opcnt; i++)
4243 if (po->flags & (OPF_RMD|OPF_DONE))
4246 if (po->op == OP_PUSH && (po->flags & OPF_RSAVE)) {
4247 reg = po->operand[0].reg;
4248 if (!(regmask & (1 << reg)))
4249 // not a reg save after all, rerun scan_for_pop
4250 po->flags &= ~OPF_RSAVE;
4252 regmask_save |= 1 << reg;
4255 if (po->op == OP_PUSH && !(po->flags & OPF_FARG)
4256 && !(po->flags & OPF_RSAVE) && !g_func_pp->is_userstack)
4258 if (po->operand[0].type == OPT_REG)
4260 reg = po->operand[0].reg;
4262 ferr(po, "reg not set for push?\n");
4265 ret = scan_for_pop(i + 1, opcnt,
4266 po->operand[0].name, i + opcnt * 3, 0, &depth, 0);
4269 ferr(po, "too much depth: %d\n", depth);
4271 po->flags |= OPF_RMD;
4272 scan_for_pop(i + 1, opcnt, po->operand[0].name,
4273 i + opcnt * 4, 0, &depth, 1);
4276 ret = scan_for_pop_ret(i + 1, opcnt, po->operand[0].name, 0);
4279 if (regmask & (1 << reg)) {
4280 if (regmask_save & (1 << reg))
4281 ferr(po, "%s already saved?\n", po->operand[0].name);
4285 scan_for_pop_ret(i + 1, opcnt, po->operand[0].name, arg);
4291 if (po->op == OP_STD) {
4292 po->flags |= OPF_DF | OPF_RMD | OPF_DONE;
4293 scan_propagate_df(i + 1, opcnt);
4296 regmask_now = po->regmask_src | po->regmask_dst;
4297 if (regmask_now & (1 << xBP)) {
4298 if (g_bp_frame && !(po->flags & OPF_EBP_S)) {
4299 if (po->regmask_dst & (1 << xBP))
4300 // compiler decided to drop bp frame and use ebp as scratch
4301 scan_fwd_set_flags(i + 1, opcnt, i + opcnt * 5, OPF_EBP_S);
4303 regmask_now &= ~(1 << xBP);
4307 regmask |= regmask_now;
4309 if (po->flags & OPF_CC)
4311 int setters[16], cnt = 0, branched = 0;
4313 ret = scan_for_flag_set(i, i + opcnt * 6,
4314 &branched, setters, &cnt);
4315 if (ret < 0 || cnt <= 0)
4316 ferr(po, "unable to trace flag setter(s)\n");
4317 if (cnt > ARRAY_SIZE(setters))
4318 ferr(po, "too many flag setters\n");
4320 for (j = 0; j < cnt; j++)
4322 tmp_op = &ops[setters[j]]; // flag setter
4325 // to get nicer code, we try to delay test and cmp;
4326 // if we can't because of operand modification, or if we
4327 // have arith op, or branch, make it calculate flags explicitly
4328 if (tmp_op->op == OP_TEST || tmp_op->op == OP_CMP)
4330 if (branched || scan_for_mod(tmp_op, setters[j] + 1, i, 0) >= 0)
4331 pfomask = 1 << po->pfo;
4333 else if (tmp_op->op == OP_CMPS || tmp_op->op == OP_SCAS) {
4334 pfomask = 1 << po->pfo;
4337 // see if we'll be able to handle based on op result
4338 if ((tmp_op->op != OP_AND && tmp_op->op != OP_OR
4339 && po->pfo != PFO_Z && po->pfo != PFO_S
4340 && po->pfo != PFO_P)
4342 || scan_for_mod_opr0(tmp_op, setters[j] + 1, i) >= 0)
4344 pfomask = 1 << po->pfo;
4347 if (tmp_op->op == OP_ADD && po->pfo == PFO_C) {
4348 propagate_lmod(tmp_op, &tmp_op->operand[0],
4349 &tmp_op->operand[1]);
4350 if (tmp_op->operand[0].lmod == OPLM_DWORD)
4355 tmp_op->pfomask |= pfomask;
4356 cond_vars |= pfomask;
4358 // note: may overwrite, currently not a problem
4362 if (po->op == OP_RCL || po->op == OP_RCR
4363 || po->op == OP_ADC || po->op == OP_SBB)
4364 cond_vars |= 1 << PFO_C;
4367 if (po->op == OP_CMPS || po->op == OP_SCAS) {
4368 cond_vars |= 1 << PFO_Z;
4370 else if (po->op == OP_MUL
4371 || (po->op == OP_IMUL && po->operand_cnt == 1))
4373 if (po->operand[0].lmod == OPLM_DWORD)
4376 else if (po->op == OP_CALL) {
4377 // note: resolved non-reg calls are OPF_DONE already
4380 ferr(po, "NULL pp\n");
4382 if (pp->is_unresolved) {
4383 int regmask_stack = 0;
4384 collect_call_args(po, i, pp, ®mask, save_arg_vars,
4387 // this is pretty rough guess:
4388 // see ecx and edx were pushed (and not their saved versions)
4389 for (arg = 0; arg < pp->argc; arg++) {
4390 if (pp->arg[arg].reg != NULL)
4393 tmp_op = pp->arg[arg].datap;
4395 ferr(po, "parsed_op missing for arg%d\n", arg);
4396 if (tmp_op->p_argnum == 0 && tmp_op->operand[0].type == OPT_REG)
4397 regmask_stack |= 1 << tmp_op->operand[0].reg;
4400 if (!((regmask_stack & (1 << xCX))
4401 && (regmask_stack & (1 << xDX))))
4403 if (pp->argc_stack != 0
4404 || ((regmask | regmask_arg) & ((1 << xCX)|(1 << xDX))))
4406 pp_insert_reg_arg(pp, "ecx");
4407 pp->is_fastcall = 1;
4408 regmask_init |= 1 << xCX;
4409 regmask |= 1 << xCX;
4411 if (pp->argc_stack != 0
4412 || ((regmask | regmask_arg) & (1 << xDX)))
4414 pp_insert_reg_arg(pp, "edx");
4415 regmask_init |= 1 << xDX;
4416 regmask |= 1 << xDX;
4420 // note: __cdecl doesn't fall into is_unresolved category
4421 if (pp->argc_stack > 0)
4425 for (arg = 0; arg < pp->argc; arg++) {
4426 if (pp->arg[arg].reg != NULL) {
4427 reg = char_array_i(regs_r32,
4428 ARRAY_SIZE(regs_r32), pp->arg[arg].reg);
4430 ferr(ops, "arg '%s' is not a reg?\n", pp->arg[arg].reg);
4431 if (!(regmask & (1 << reg))) {
4432 regmask_init |= 1 << reg;
4433 regmask |= 1 << reg;
4438 else if (po->op == OP_MOV && po->operand[0].pp != NULL
4439 && po->operand[1].pp != NULL)
4441 // <var> = offset <something>
4442 if ((po->operand[1].pp->is_func || po->operand[1].pp->is_fptr)
4443 && !IS_START(po->operand[1].name, "off_"))
4445 if (!po->operand[0].pp->is_fptr)
4446 ferr(po, "%s not declared as fptr when it should be\n",
4447 po->operand[0].name);
4448 if (pp_cmp_func(po->operand[0].pp, po->operand[1].pp)) {
4449 pp_print(buf1, sizeof(buf1), po->operand[0].pp);
4450 pp_print(buf2, sizeof(buf2), po->operand[1].pp);
4451 fnote(po, "var: %s\n", buf1);
4452 fnote(po, "func: %s\n", buf2);
4453 ferr(po, "^ mismatch\n");
4457 else if (po->op == OP_RET && !IS(g_func_pp->ret_type.name, "void"))
4458 regmask |= 1 << xAX;
4459 else if (po->op == OP_DIV || po->op == OP_IDIV) {
4460 // 32bit division is common, look for it
4461 if (po->op == OP_DIV)
4462 ret = scan_for_reg_clear(i, xDX);
4464 ret = scan_for_cdq_edx(i);
4466 po->flags |= OPF_32BIT;
4470 else if (po->op == OP_CLD)
4471 po->flags |= OPF_RMD | OPF_DONE;
4473 if (po->op == OP_RCL || po->op == OP_RCR || po->op == OP_XCHG) {
4479 // - confirm regmask_save, it might have been reduced
4480 if (regmask_save != 0)
4483 for (i = 0; i < opcnt; i++) {
4485 if (po->flags & OPF_RMD)
4488 if (po->op == OP_PUSH && (po->flags & OPF_RSAVE))
4489 regmask_save |= 1 << po->operand[0].reg;
4493 // output starts here
4495 // define userstack size
4496 if (g_func_pp->is_userstack) {
4497 fprintf(fout, "#ifndef US_SZ_%s\n", g_func_pp->name);
4498 fprintf(fout, "#define US_SZ_%s USERSTACK_SIZE\n", g_func_pp->name);
4499 fprintf(fout, "#endif\n");
4502 // the function itself
4503 ferr_assert(ops, !g_func_pp->is_fptr);
4504 output_pp(fout, g_func_pp,
4505 (g_ida_func_attr & IDAFA_NORETURN) ? OPP_FORCE_NORETURN : 0);
4506 fprintf(fout, "\n{\n");
4508 // declare indirect functions
4509 for (i = 0; i < opcnt; i++) {
4511 if (po->flags & OPF_RMD)
4514 if (po->op == OP_CALL) {
4517 ferr(po, "NULL pp\n");
4519 if (pp->is_fptr && !(pp->name[0] != 0 && pp->is_arg)) {
4520 if (pp->name[0] != 0) {
4521 memmove(pp->name + 2, pp->name, strlen(pp->name) + 1);
4522 memcpy(pp->name, "i_", 2);
4524 // might be declared already
4526 for (j = 0; j < i; j++) {
4527 if (ops[j].op == OP_CALL && (pp_tmp = ops[j].pp)) {
4528 if (pp_tmp->is_fptr && IS(pp->name, pp_tmp->name)) {
4538 snprintf(pp->name, sizeof(pp->name), "icall%d", i);
4541 output_pp(fout, pp, OPP_SIMPLE_ARGS);
4542 fprintf(fout, ";\n");
4547 // output LUTs/jumptables
4548 for (i = 0; i < g_func_pd_cnt; i++) {
4550 fprintf(fout, " static const ");
4551 if (pd->type == OPT_OFFSET) {
4552 fprintf(fout, "void *jt_%s[] =\n { ", pd->label);
4554 for (j = 0; j < pd->count; j++) {
4556 fprintf(fout, ", ");
4557 fprintf(fout, "&&%s", pd->d[j].u.label);
4561 fprintf(fout, "%s %s[] =\n { ",
4562 lmod_type_u(ops, pd->lmod), pd->label);
4564 for (j = 0; j < pd->count; j++) {
4566 fprintf(fout, ", ");
4567 fprintf(fout, "%u", pd->d[j].u.val);
4570 fprintf(fout, " };\n");
4574 // declare stack frame, va_arg
4576 fprintf(fout, " union { u32 d[%d]; u16 w[%d]; u8 b[%d]; } sf;\n",
4577 (g_stack_fsz + 3) / 4, (g_stack_fsz + 1) / 2, g_stack_fsz);
4581 if (g_func_pp->is_userstack) {
4582 fprintf(fout, " u32 fake_sf[US_SZ_%s / 4];\n", g_func_pp->name);
4583 fprintf(fout, " u32 *esp = &fake_sf[sizeof(fake_sf) / 4];\n");
4587 if (g_func_pp->is_vararg) {
4588 fprintf(fout, " va_list ap;\n");
4592 // declare arg-registers
4593 for (i = 0; i < g_func_pp->argc; i++) {
4594 if (g_func_pp->arg[i].reg != NULL) {
4595 reg = char_array_i(regs_r32,
4596 ARRAY_SIZE(regs_r32), g_func_pp->arg[i].reg);
4597 if (regmask & (1 << reg)) {
4598 if (g_func_pp->arg[i].type.is_retreg)
4599 fprintf(fout, " u32 %s = *r_%s;\n",
4600 g_func_pp->arg[i].reg, g_func_pp->arg[i].reg);
4602 fprintf(fout, " u32 %s = (u32)a%d;\n",
4603 g_func_pp->arg[i].reg, i + 1);
4606 if (g_func_pp->arg[i].type.is_retreg)
4607 ferr(ops, "retreg '%s' is unused?\n",
4608 g_func_pp->arg[i].reg);
4609 fprintf(fout, " // %s = a%d; // unused\n",
4610 g_func_pp->arg[i].reg, i + 1);
4616 // declare normal registers
4617 regmask_now = regmask & ~regmask_arg;
4618 regmask_now &= ~(1 << xSP);
4619 if (regmask_now & 0x00ff) {
4620 for (reg = 0; reg < 8; reg++) {
4621 if (regmask_now & (1 << reg)) {
4622 fprintf(fout, " u32 %s", regs_r32[reg]);
4623 if (regmask_init & (1 << reg))
4624 fprintf(fout, " = 0");
4625 fprintf(fout, ";\n");
4630 if (regmask_now & 0xff00) {
4631 for (reg = 8; reg < 16; reg++) {
4632 if (regmask_now & (1 << reg)) {
4633 fprintf(fout, " mmxr %s", regs_r32[reg]);
4634 if (regmask_init & (1 << reg))
4635 fprintf(fout, " = { 0, }");
4636 fprintf(fout, ";\n");
4643 for (reg = 0; reg < 8; reg++) {
4644 if (regmask_save & (1 << reg)) {
4645 fprintf(fout, " u32 s_%s;\n", regs_r32[reg]);
4651 for (i = 0; i < ARRAY_SIZE(save_arg_vars); i++) {
4652 if (save_arg_vars[i] == 0)
4654 for (reg = 0; reg < 32; reg++) {
4655 if (save_arg_vars[i] & (1 << reg)) {
4656 fprintf(fout, " u32 %s;\n",
4657 saved_arg_name(buf1, sizeof(buf1), i, reg + 1));
4663 // declare push-pop temporaries
4665 for (reg = 0; reg < 8; reg++) {
4666 if (regmask_pp & (1 << reg)) {
4667 fprintf(fout, " u32 pp_%s;\n", regs_r32[reg]);
4674 for (i = 0; i < 8; i++) {
4675 if (cond_vars & (1 << i)) {
4676 fprintf(fout, " u32 cond_%s;\n", parsed_flag_op_names[i]);
4683 fprintf(fout, " u32 tmp;\n");
4688 fprintf(fout, " u64 tmp64;\n");
4693 fprintf(fout, "\n");
4695 if (g_func_pp->is_vararg) {
4696 if (g_func_pp->argc_stack == 0)
4697 ferr(ops, "vararg func without stack args?\n");
4698 fprintf(fout, " va_start(ap, a%d);\n", g_func_pp->argc);
4702 for (i = 0; i < opcnt; i++)
4704 if (g_labels[i] != NULL) {
4705 fprintf(fout, "\n%s:\n", g_labels[i]);
4708 delayed_flag_op = NULL;
4709 last_arith_dst = NULL;
4713 if (po->flags & OPF_RMD)
4718 #define assert_operand_cnt(n_) \
4719 if (po->operand_cnt != n_) \
4720 ferr(po, "operand_cnt is %d/%d\n", po->operand_cnt, n_)
4722 // conditional/flag using op?
4723 if (po->flags & OPF_CC)
4729 // we go through all this trouble to avoid using parsed_flag_op,
4730 // which makes generated code much nicer
4731 if (delayed_flag_op != NULL)
4733 out_cmp_test(buf1, sizeof(buf1), delayed_flag_op,
4734 po->pfo, po->pfo_inv);
4737 else if (last_arith_dst != NULL
4738 && (po->pfo == PFO_Z || po->pfo == PFO_S || po->pfo == PFO_P
4739 || (tmp_op && (tmp_op->op == OP_AND || tmp_op->op == OP_OR))
4742 out_src_opr_u32(buf3, sizeof(buf3), po, last_arith_dst);
4743 out_test_for_cc(buf1, sizeof(buf1), po, po->pfo, po->pfo_inv,
4744 last_arith_dst->lmod, buf3);
4747 else if (tmp_op != NULL) {
4748 // use preprocessed flag calc results
4749 if (!(tmp_op->pfomask & (1 << po->pfo)))
4750 ferr(po, "not prepared for pfo %d\n", po->pfo);
4752 // note: pfo_inv was not yet applied
4753 snprintf(buf1, sizeof(buf1), "(%scond_%s)",
4754 po->pfo_inv ? "!" : "", parsed_flag_op_names[po->pfo]);
4757 ferr(po, "all methods of finding comparison failed\n");
4760 if (po->flags & OPF_JMP) {
4761 fprintf(fout, " if %s", buf1);
4763 else if (po->op == OP_RCL || po->op == OP_RCR
4764 || po->op == OP_ADC || po->op == OP_SBB)
4767 fprintf(fout, " cond_%s = %s;\n",
4768 parsed_flag_op_names[po->pfo], buf1);
4770 else if (po->flags & OPF_DATA) { // SETcc
4771 out_dst_opr(buf2, sizeof(buf2), po, &po->operand[0]);
4772 fprintf(fout, " %s = %s;", buf2, buf1);
4775 ferr(po, "unhandled conditional op\n");
4779 pfomask = po->pfomask;
4781 if (po->flags & (OPF_REPZ|OPF_REPNZ)) {
4782 struct parsed_opr opr = {0,};
4785 opr.lmod = OPLM_DWORD;
4786 ret = try_resolve_const(i, &opr, opcnt * 7 + i, &uval);
4788 if (ret != 1 || uval == 0) {
4789 // we need initial flags for ecx=0 case..
4790 if (i > 0 && ops[i - 1].op == OP_XOR
4791 && IS(ops[i - 1].operand[0].name,
4792 ops[i - 1].operand[1].name))
4794 fprintf(fout, " cond_z = ");
4795 if (pfomask & (1 << PFO_C))
4796 fprintf(fout, "cond_c = ");
4797 fprintf(fout, "0;\n");
4799 else if (last_arith_dst != NULL) {
4800 out_src_opr_u32(buf3, sizeof(buf3), po, last_arith_dst);
4801 out_test_for_cc(buf1, sizeof(buf1), po, PFO_Z, 0,
4802 last_arith_dst->lmod, buf3);
4803 fprintf(fout, " cond_z = %s;\n", buf1);
4806 ferr(po, "missing initial ZF\n");
4813 assert_operand_cnt(2);
4814 propagate_lmod(po, &po->operand[0], &po->operand[1]);
4815 out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]);
4816 default_cast_to(buf3, sizeof(buf3), &po->operand[0]);
4817 fprintf(fout, " %s = %s;", buf1,
4818 out_src_opr(buf2, sizeof(buf2), po, &po->operand[1],
4823 assert_operand_cnt(2);
4824 po->operand[1].lmod = OPLM_DWORD; // always
4825 fprintf(fout, " %s = %s;",
4826 out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]),
4827 out_src_opr(buf2, sizeof(buf2), po, &po->operand[1],
4832 assert_operand_cnt(2);
4833 fprintf(fout, " %s = %s;",
4834 out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]),
4835 out_src_opr_u32(buf2, sizeof(buf2), po, &po->operand[1]));
4839 assert_operand_cnt(2);
4840 switch (po->operand[1].lmod) {
4842 strcpy(buf3, "(s8)");
4845 strcpy(buf3, "(s16)");
4848 ferr(po, "invalid src lmod: %d\n", po->operand[1].lmod);
4850 fprintf(fout, " %s = %s;",
4851 out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]),
4852 out_src_opr(buf2, sizeof(buf2), po, &po->operand[1],
4857 assert_operand_cnt(2);
4858 propagate_lmod(po, &po->operand[0], &po->operand[1]);
4859 fprintf(fout, " tmp = %s;",
4860 out_src_opr(buf1, sizeof(buf1), po, &po->operand[0], "", 0));
4861 fprintf(fout, " %s = %s;",
4862 out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]),
4863 out_src_opr(buf2, sizeof(buf2), po, &po->operand[1],
4864 default_cast_to(buf3, sizeof(buf3), &po->operand[0]), 0));
4865 fprintf(fout, " %s = %stmp;",
4866 out_dst_opr(buf1, sizeof(buf1), po, &po->operand[1]),
4867 default_cast_to(buf3, sizeof(buf3), &po->operand[1]));
4868 snprintf(g_comment, sizeof(g_comment), "xchg");
4872 assert_operand_cnt(1);
4873 out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]);
4874 fprintf(fout, " %s = ~%s;", buf1, buf1);
4878 assert_operand_cnt(2);
4879 fprintf(fout, " %s = (s32)%s >> 31;",
4880 out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]),
4881 out_src_opr_u32(buf2, sizeof(buf2), po, &po->operand[1]));
4882 strcpy(g_comment, "cdq");
4886 assert_operand_cnt(3);
4887 if (po->flags & OPF_REP) {
4892 fprintf(fout, " eax = %sesi; esi %c= %d;",
4893 lmod_cast_u_ptr(po, po->operand[0].lmod),
4894 (po->flags & OPF_DF) ? '-' : '+',
4895 lmod_bytes(po, po->operand[0].lmod));
4896 strcpy(g_comment, "lods");
4901 assert_operand_cnt(3);
4902 if (po->flags & OPF_REP) {
4903 fprintf(fout, " for (; ecx != 0; ecx--, edi %c= %d)\n",
4904 (po->flags & OPF_DF) ? '-' : '+',
4905 lmod_bytes(po, po->operand[0].lmod));
4906 fprintf(fout, " %sedi = eax;",
4907 lmod_cast_u_ptr(po, po->operand[0].lmod));
4908 strcpy(g_comment, "rep stos");
4911 fprintf(fout, " %sedi = eax; edi %c= %d;",
4912 lmod_cast_u_ptr(po, po->operand[0].lmod),
4913 (po->flags & OPF_DF) ? '-' : '+',
4914 lmod_bytes(po, po->operand[0].lmod));
4915 strcpy(g_comment, "stos");
4920 assert_operand_cnt(3);
4921 j = lmod_bytes(po, po->operand[0].lmod);
4922 strcpy(buf1, lmod_cast_u_ptr(po, po->operand[0].lmod));
4923 l = (po->flags & OPF_DF) ? '-' : '+';
4924 if (po->flags & OPF_REP) {
4926 " for (; ecx != 0; ecx--, edi %c= %d, esi %c= %d)\n",
4929 " %sedi = %sesi;", buf1, buf1);
4930 strcpy(g_comment, "rep movs");
4933 fprintf(fout, " %sedi = %sesi; edi %c= %d; esi %c= %d;",
4934 buf1, buf1, l, j, l, j);
4935 strcpy(g_comment, "movs");
4940 // repe ~ repeat while ZF=1
4941 assert_operand_cnt(3);
4942 j = lmod_bytes(po, po->operand[0].lmod);
4943 strcpy(buf1, lmod_cast_u_ptr(po, po->operand[0].lmod));
4944 l = (po->flags & OPF_DF) ? '-' : '+';
4945 if (po->flags & OPF_REP) {
4947 " for (; ecx != 0; ecx--) {\n");
4948 if (pfomask & (1 << PFO_C)) {
4951 " cond_c = %sesi < %sedi;\n", buf1, buf1);
4952 pfomask &= ~(1 << PFO_C);
4955 " cond_z = (%sesi == %sedi); esi %c= %d, edi %c= %d;\n",
4956 buf1, buf1, l, j, l, j);
4958 " if (cond_z %s 0) break;\n",
4959 (po->flags & OPF_REPZ) ? "==" : "!=");
4962 snprintf(g_comment, sizeof(g_comment), "rep%s cmps",
4963 (po->flags & OPF_REPZ) ? "e" : "ne");
4967 " cond_z = (%sesi == %sedi); esi %c= %d; edi %c= %d;",
4968 buf1, buf1, l, j, l, j);
4969 strcpy(g_comment, "cmps");
4971 pfomask &= ~(1 << PFO_Z);
4972 last_arith_dst = NULL;
4973 delayed_flag_op = NULL;
4977 // only does ZF (for now)
4978 // repe ~ repeat while ZF=1
4979 assert_operand_cnt(3);
4980 j = lmod_bytes(po, po->operand[0].lmod);
4981 l = (po->flags & OPF_DF) ? '-' : '+';
4982 if (po->flags & OPF_REP) {
4984 " for (; ecx != 0; ecx--) {\n");
4986 " cond_z = (%seax == %sedi); edi %c= %d;\n",
4987 lmod_cast_u(po, po->operand[0].lmod),
4988 lmod_cast_u_ptr(po, po->operand[0].lmod), l, j);
4990 " if (cond_z %s 0) break;\n",
4991 (po->flags & OPF_REPZ) ? "==" : "!=");
4994 snprintf(g_comment, sizeof(g_comment), "rep%s scas",
4995 (po->flags & OPF_REPZ) ? "e" : "ne");
4998 fprintf(fout, " cond_z = (%seax == %sedi); edi %c= %d;",
4999 lmod_cast_u(po, po->operand[0].lmod),
5000 lmod_cast_u_ptr(po, po->operand[0].lmod), l, j);
5001 strcpy(g_comment, "scas");
5003 pfomask &= ~(1 << PFO_Z);
5004 last_arith_dst = NULL;
5005 delayed_flag_op = NULL;
5008 // arithmetic w/flags
5010 if (po->operand[1].type == OPT_CONST && !po->operand[1].val) {
5011 // deal with complex dst clear
5012 assert_operand_cnt(2);
5013 fprintf(fout, " %s = %s;",
5014 out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]),
5015 out_src_opr(buf2, sizeof(buf2), po, &po->operand[1],
5016 default_cast_to(buf3, sizeof(buf3), &po->operand[0]), 0));
5017 output_std_flags(fout, po, &pfomask, buf1);
5018 last_arith_dst = &po->operand[0];
5019 delayed_flag_op = NULL;
5024 propagate_lmod(po, &po->operand[0], &po->operand[1]);
5027 assert_operand_cnt(2);
5028 fprintf(fout, " %s %s= %s;",
5029 out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]),
5031 out_src_opr_u32(buf2, sizeof(buf2), po, &po->operand[1]));
5032 output_std_flags(fout, po, &pfomask, buf1);
5033 last_arith_dst = &po->operand[0];
5034 delayed_flag_op = NULL;
5039 assert_operand_cnt(2);
5040 out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]);
5041 if (pfomask & (1 << PFO_C)) {
5042 if (po->operand[1].type == OPT_CONST) {
5043 l = lmod_bytes(po, po->operand[0].lmod) * 8;
5044 j = po->operand[1].val;
5047 if (po->op == OP_SHL)
5051 fprintf(fout, " cond_c = (%s >> %d) & 1;\n",
5055 ferr(po, "zero shift?\n");
5059 pfomask &= ~(1 << PFO_C);
5061 fprintf(fout, " %s %s= %s;", buf1, op_to_c(po),
5062 out_src_opr_u32(buf2, sizeof(buf2), po, &po->operand[1]));
5063 output_std_flags(fout, po, &pfomask, buf1);
5064 last_arith_dst = &po->operand[0];
5065 delayed_flag_op = NULL;
5069 assert_operand_cnt(2);
5070 out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]);
5071 fprintf(fout, " %s = %s%s >> %s;", buf1,
5072 lmod_cast_s(po, po->operand[0].lmod), buf1,
5073 out_src_opr_u32(buf2, sizeof(buf2), po, &po->operand[1]));
5074 output_std_flags(fout, po, &pfomask, buf1);
5075 last_arith_dst = &po->operand[0];
5076 delayed_flag_op = NULL;
5080 assert_operand_cnt(3);
5081 propagate_lmod(po, &po->operand[0], &po->operand[1]);
5082 l = lmod_bytes(po, po->operand[0].lmod) * 8;
5083 out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]);
5084 out_src_opr_u32(buf2, sizeof(buf2), po, &po->operand[1]);
5085 out_src_opr_u32(buf3, sizeof(buf3), po, &po->operand[2]);
5086 fprintf(fout, " %s >>= %s; %s |= %s << (%d - %s);",
5087 buf1, buf3, buf1, buf2, l, buf3);
5088 strcpy(g_comment, "shrd");
5089 output_std_flags(fout, po, &pfomask, buf1);
5090 last_arith_dst = &po->operand[0];
5091 delayed_flag_op = NULL;
5096 assert_operand_cnt(2);
5097 out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]);
5098 if (po->operand[1].type == OPT_CONST) {
5099 j = po->operand[1].val;
5100 j %= lmod_bytes(po, po->operand[0].lmod) * 8;
5101 fprintf(fout, po->op == OP_ROL ?
5102 " %s = (%s << %d) | (%s >> %d);" :
5103 " %s = (%s >> %d) | (%s << %d);",
5104 buf1, buf1, j, buf1,
5105 lmod_bytes(po, po->operand[0].lmod) * 8 - j);
5109 output_std_flags(fout, po, &pfomask, buf1);
5110 last_arith_dst = &po->operand[0];
5111 delayed_flag_op = NULL;
5116 assert_operand_cnt(2);
5117 out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]);
5118 l = lmod_bytes(po, po->operand[0].lmod) * 8;
5119 if (po->operand[1].type == OPT_CONST) {
5120 j = po->operand[1].val % l;
5122 ferr(po, "zero rotate\n");
5123 fprintf(fout, " tmp = (%s >> %d) & 1;\n",
5124 buf1, (po->op == OP_RCL) ? (l - j) : (j - 1));
5125 if (po->op == OP_RCL) {
5127 " %s = (%s << %d) | (cond_c << %d)",
5128 buf1, buf1, j, j - 1);
5130 fprintf(fout, " | (%s >> %d)", buf1, l + 1 - j);
5134 " %s = (%s >> %d) | (cond_c << %d)",
5135 buf1, buf1, j, l - j);
5137 fprintf(fout, " | (%s << %d)", buf1, l + 1 - j);
5139 fprintf(fout, ";\n");
5140 fprintf(fout, " cond_c = tmp;");
5144 strcpy(g_comment, (po->op == OP_RCL) ? "rcl" : "rcr");
5145 output_std_flags(fout, po, &pfomask, buf1);
5146 last_arith_dst = &po->operand[0];
5147 delayed_flag_op = NULL;
5151 assert_operand_cnt(2);
5152 propagate_lmod(po, &po->operand[0], &po->operand[1]);
5153 if (IS(opr_name(po, 0), opr_name(po, 1))) {
5154 // special case for XOR
5155 if (pfomask & (1 << PFO_BE)) { // weird, but it happens..
5156 fprintf(fout, " cond_be = 1;\n");
5157 pfomask &= ~(1 << PFO_BE);
5159 fprintf(fout, " %s = 0;",
5160 out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]));
5161 last_arith_dst = &po->operand[0];
5162 delayed_flag_op = NULL;
5168 assert_operand_cnt(2);
5169 propagate_lmod(po, &po->operand[0], &po->operand[1]);
5170 if (pfomask & (1 << PFO_C)) {
5171 out_src_opr_u32(buf1, sizeof(buf1), po, &po->operand[0]);
5172 out_src_opr_u32(buf2, sizeof(buf2), po, &po->operand[1]);
5173 if (po->operand[0].lmod == OPLM_DWORD) {
5174 fprintf(fout, " tmp64 = (u64)%s + %s;\n", buf1, buf2);
5175 fprintf(fout, " cond_c = tmp64 >> 32;\n");
5176 fprintf(fout, " %s = (u32)tmp64;",
5177 out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]));
5178 strcat(g_comment, "add64");
5181 fprintf(fout, " cond_c = ((u32)%s + %s) >> %d;\n",
5182 buf1, buf2, lmod_bytes(po, po->operand[0].lmod) * 8);
5183 fprintf(fout, " %s += %s;",
5184 out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]),
5187 pfomask &= ~(1 << PFO_C);
5188 output_std_flags(fout, po, &pfomask, buf1);
5189 last_arith_dst = &po->operand[0];
5190 delayed_flag_op = NULL;
5196 assert_operand_cnt(2);
5197 propagate_lmod(po, &po->operand[0], &po->operand[1]);
5198 if (pfomask & ~((1 << PFO_Z) | (1 << PFO_S))) {
5199 for (j = 0; j <= PFO_LE; j++) {
5200 if (!(pfomask & (1 << j)))
5202 if (j == PFO_Z || j == PFO_S)
5205 out_cmp_for_cc(buf1, sizeof(buf1), po, j, 0);
5206 fprintf(fout, " cond_%s = %s;\n",
5207 parsed_flag_op_names[j], buf1);
5208 pfomask &= ~(1 << j);
5215 assert_operand_cnt(2);
5216 propagate_lmod(po, &po->operand[0], &po->operand[1]);
5217 out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]);
5218 if (po->op == OP_SBB
5219 && IS(po->operand[0].name, po->operand[1].name))
5221 // avoid use of unitialized var
5222 fprintf(fout, " %s = -cond_c;", buf1);
5223 // carry remains what it was
5224 pfomask &= ~(1 << PFO_C);
5227 fprintf(fout, " %s %s= %s + cond_c;", buf1, op_to_c(po),
5228 out_src_opr_u32(buf2, sizeof(buf2), po, &po->operand[1]));
5230 output_std_flags(fout, po, &pfomask, buf1);
5231 last_arith_dst = &po->operand[0];
5232 delayed_flag_op = NULL;
5236 assert_operand_cnt(2);
5237 out_src_opr_u32(buf2, sizeof(buf2), po, &po->operand[1]);
5238 fprintf(fout, " %s = %s ? __builtin_ffs(%s) - 1 : 0;",
5239 out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]),
5241 output_std_flags(fout, po, &pfomask, buf1);
5242 last_arith_dst = &po->operand[0];
5243 delayed_flag_op = NULL;
5244 strcat(g_comment, "bsf");
5248 if (pfomask & ~(PFOB_S | PFOB_S | PFOB_C)) {
5249 for (j = 0; j <= PFO_LE; j++) {
5250 if (!(pfomask & (1 << j)))
5252 if (j == PFO_Z || j == PFO_S || j == PFO_C)
5255 out_cmp_for_cc(buf1, sizeof(buf1), po, j, 0);
5256 fprintf(fout, " cond_%s = %s;\n",
5257 parsed_flag_op_names[j], buf1);
5258 pfomask &= ~(1 << j);
5264 if (pfomask & (1 << PFO_C))
5265 // carry is unaffected by inc/dec.. wtf?
5266 ferr(po, "carry propagation needed\n");
5268 out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]);
5269 if (po->operand[0].type == OPT_REG) {
5270 strcpy(buf2, po->op == OP_INC ? "++" : "--");
5271 fprintf(fout, " %s%s;", buf1, buf2);
5274 strcpy(buf2, po->op == OP_INC ? "+" : "-");
5275 fprintf(fout, " %s %s= 1;", buf1, buf2);
5277 output_std_flags(fout, po, &pfomask, buf1);
5278 last_arith_dst = &po->operand[0];
5279 delayed_flag_op = NULL;
5283 out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]);
5284 out_src_opr_u32(buf2, sizeof(buf2), po, &po->operand[0]);
5285 fprintf(fout, " %s = -%s%s;", buf1,
5286 lmod_cast_s(po, po->operand[0].lmod), buf2);
5287 last_arith_dst = &po->operand[0];
5288 delayed_flag_op = NULL;
5289 if (pfomask & (1 << PFO_C)) {
5290 fprintf(fout, "\n cond_c = (%s != 0);", buf1);
5291 pfomask &= ~(1 << PFO_C);
5296 if (po->operand_cnt == 2) {
5297 propagate_lmod(po, &po->operand[0], &po->operand[1]);
5300 if (po->operand_cnt == 3)
5301 ferr(po, "TODO imul3\n");
5304 assert_operand_cnt(1);
5305 switch (po->operand[0].lmod) {
5307 strcpy(buf1, po->op == OP_IMUL ? "(s64)(s32)" : "(u64)");
5308 fprintf(fout, " tmp64 = %seax * %s%s;\n", buf1, buf1,
5309 out_src_opr_u32(buf2, sizeof(buf2), po, &po->operand[0]));
5310 fprintf(fout, " edx = tmp64 >> 32;\n");
5311 fprintf(fout, " eax = tmp64;");
5314 strcpy(buf1, po->op == OP_IMUL ? "(s16)(s8)" : "(u16)(u8)");
5315 fprintf(fout, " LOWORD(eax) = %seax * %s;", buf1,
5316 out_src_opr(buf2, sizeof(buf2), po, &po->operand[0],
5320 ferr(po, "TODO: unhandled mul type\n");
5323 last_arith_dst = NULL;
5324 delayed_flag_op = NULL;
5329 assert_operand_cnt(1);
5330 if (po->operand[0].lmod != OPLM_DWORD)
5331 ferr(po, "unhandled lmod %d\n", po->operand[0].lmod);
5333 out_src_opr_u32(buf1, sizeof(buf1), po, &po->operand[0]);
5334 strcpy(buf2, lmod_cast(po, po->operand[0].lmod,
5335 po->op == OP_IDIV));
5336 switch (po->operand[0].lmod) {
5338 if (po->flags & OPF_32BIT)
5339 snprintf(buf3, sizeof(buf3), "%seax", buf2);
5341 fprintf(fout, " tmp64 = ((u64)edx << 32) | eax;\n");
5342 snprintf(buf3, sizeof(buf3), "%stmp64",
5343 (po->op == OP_IDIV) ? "(s64)" : "");
5345 if (po->operand[0].type == OPT_REG
5346 && po->operand[0].reg == xDX)
5348 fprintf(fout, " eax = %s / %s%s;", buf3, buf2, buf1);
5349 fprintf(fout, " edx = %s %% %s%s;\n", buf3, buf2, buf1);
5352 fprintf(fout, " edx = %s %% %s%s;\n", buf3, buf2, buf1);
5353 fprintf(fout, " eax = %s / %s%s;", buf3, buf2, buf1);
5357 ferr(po, "unhandled division type\n");
5359 last_arith_dst = NULL;
5360 delayed_flag_op = NULL;
5365 propagate_lmod(po, &po->operand[0], &po->operand[1]);
5367 for (j = 0; j < 8; j++) {
5368 if (pfomask & (1 << j)) {
5369 out_cmp_test(buf1, sizeof(buf1), po, j, 0);
5370 fprintf(fout, " cond_%s = %s;",
5371 parsed_flag_op_names[j], buf1);
5378 last_arith_dst = NULL;
5379 delayed_flag_op = po;
5383 // SETcc - should already be handled
5386 // note: we reuse OP_Jcc for SETcc, only flags differ
5388 fprintf(fout, "\n goto %s;", po->operand[0].name);
5392 fprintf(fout, " if (ecx == 0)\n");
5393 fprintf(fout, " goto %s;", po->operand[0].name);
5394 strcat(g_comment, "jecxz");
5398 assert_operand_cnt(1);
5399 last_arith_dst = NULL;
5400 delayed_flag_op = NULL;
5402 if (po->operand[0].type == OPT_REGMEM) {
5403 ret = sscanf(po->operand[0].name, "%[^[][%[^*]*4]",
5406 ferr(po, "parse failure for jmp '%s'\n",
5407 po->operand[0].name);
5408 fprintf(fout, " goto *jt_%s[%s];", buf1, buf2);
5411 else if (po->operand[0].type != OPT_LABEL)
5412 ferr(po, "unhandled jmp type\n");
5414 fprintf(fout, " goto %s;", po->operand[0].name);
5418 assert_operand_cnt(1);
5420 my_assert_not(pp, NULL);
5423 if (po->flags & OPF_CC) {
5424 // we treat conditional branch to another func
5425 // (yes such code exists..) as conditional tailcall
5427 fprintf(fout, " {\n");
5430 if (pp->is_fptr && !pp->is_arg) {
5431 fprintf(fout, "%s%s = %s;\n", buf3, pp->name,
5432 out_src_opr(buf1, sizeof(buf1), po, &po->operand[0],
5434 if (pp->is_unresolved)
5435 fprintf(fout, "%sunresolved_call(\"%s:%d\", %s);\n",
5436 buf3, asmfn, po->asmln, pp->name);
5439 fprintf(fout, "%s", buf3);
5440 if (strstr(pp->ret_type.name, "int64")) {
5441 if (po->flags & OPF_TAIL)
5442 ferr(po, "int64 and tail?\n");
5443 fprintf(fout, "tmp64 = ");
5445 else if (!IS(pp->ret_type.name, "void")) {
5446 if (po->flags & OPF_TAIL) {
5447 if (!IS(g_func_pp->ret_type.name, "void")) {
5448 fprintf(fout, "return ");
5449 if (g_func_pp->ret_type.is_ptr != pp->ret_type.is_ptr)
5450 fprintf(fout, "(%s)", g_func_pp->ret_type.name);
5453 else if (regmask & (1 << xAX)) {
5454 fprintf(fout, "eax = ");
5455 if (pp->ret_type.is_ptr)
5456 fprintf(fout, "(u32)");
5460 if (pp->name[0] == 0)
5461 ferr(po, "missing pp->name\n");
5462 fprintf(fout, "%s%s(", pp->name,
5463 pp->has_structarg ? "_sa" : "");
5465 if (po->flags & OPF_ATAIL) {
5466 if (pp->argc_stack != g_func_pp->argc_stack
5467 || (pp->argc_stack > 0
5468 && pp->is_stdcall != g_func_pp->is_stdcall))
5469 ferr(po, "incompatible tailcall\n");
5470 if (g_func_pp->has_retreg)
5471 ferr(po, "TODO: retreg+tailcall\n");
5473 for (arg = j = 0; arg < pp->argc; arg++) {
5475 fprintf(fout, ", ");
5478 if (pp->arg[arg].type.is_ptr)
5479 snprintf(cast, sizeof(cast), "(%s)",
5480 pp->arg[arg].type.name);
5482 if (pp->arg[arg].reg != NULL) {
5483 fprintf(fout, "%s%s", cast, pp->arg[arg].reg);
5487 for (; j < g_func_pp->argc; j++)
5488 if (g_func_pp->arg[j].reg == NULL)
5490 fprintf(fout, "%sa%d", cast, j + 1);
5495 for (arg = 0; arg < pp->argc; arg++) {
5497 fprintf(fout, ", ");
5500 if (pp->arg[arg].type.is_ptr)
5501 snprintf(cast, sizeof(cast), "(%s)",
5502 pp->arg[arg].type.name);
5504 if (pp->arg[arg].reg != NULL) {
5505 if (pp->arg[arg].type.is_retreg)
5506 fprintf(fout, "&%s", pp->arg[arg].reg);
5508 fprintf(fout, "%s%s", cast, pp->arg[arg].reg);
5513 tmp_op = pp->arg[arg].datap;
5515 ferr(po, "parsed_op missing for arg%d\n", arg);
5517 if (tmp_op->flags & OPF_VAPUSH) {
5518 fprintf(fout, "ap");
5520 else if (tmp_op->p_argpass != 0) {
5521 fprintf(fout, "a%d", tmp_op->p_argpass);
5523 else if (tmp_op->p_argnum != 0) {
5524 fprintf(fout, "%s%s", cast,
5525 saved_arg_name(buf1, sizeof(buf1),
5526 tmp_op->p_arggrp, tmp_op->p_argnum));
5530 out_src_opr(buf1, sizeof(buf1),
5531 tmp_op, &tmp_op->operand[0], cast, 0));
5535 fprintf(fout, ");");
5537 if (strstr(pp->ret_type.name, "int64")) {
5538 fprintf(fout, "\n");
5539 fprintf(fout, "%sedx = tmp64 >> 32;\n", buf3);
5540 fprintf(fout, "%seax = tmp64;", buf3);
5543 if (pp->is_unresolved) {
5544 snprintf(buf2, sizeof(buf2), " unresolved %dreg",
5546 strcat(g_comment, buf2);
5549 if (po->flags & OPF_TAIL) {
5551 if (i == opcnt - 1 || pp->is_noreturn)
5553 else if (IS(pp->ret_type.name, "void"))
5555 else if (IS(g_func_pp->ret_type.name, "void"))
5557 // else already handled as 'return f()'
5560 if (!IS(g_func_pp->ret_type.name, "void")) {
5561 ferr(po, "int func -> void func tailcall?\n");
5564 fprintf(fout, "\n%sreturn;", buf3);
5565 strcat(g_comment, " ^ tailcall");
5569 strcat(g_comment, " tailcall");
5571 if (pp->is_noreturn)
5572 strcat(g_comment, " noreturn");
5573 if ((po->flags & OPF_ATAIL) && pp->argc_stack > 0)
5574 strcat(g_comment, " argframe");
5575 if (po->flags & OPF_CC)
5576 strcat(g_comment, " cond");
5578 if (po->flags & OPF_CC)
5579 fprintf(fout, "\n }");
5581 delayed_flag_op = NULL;
5582 last_arith_dst = NULL;
5586 if (g_func_pp->is_vararg)
5587 fprintf(fout, " va_end(ap);\n");
5588 if (g_func_pp->has_retreg) {
5589 for (arg = 0; arg < g_func_pp->argc; arg++)
5590 if (g_func_pp->arg[arg].type.is_retreg)
5591 fprintf(fout, " *r_%s = %s;\n",
5592 g_func_pp->arg[arg].reg, g_func_pp->arg[arg].reg);
5595 if (IS(g_func_pp->ret_type.name, "void")) {
5596 if (i != opcnt - 1 || label_pending)
5597 fprintf(fout, " return;");
5599 else if (g_func_pp->ret_type.is_ptr) {
5600 fprintf(fout, " return (%s)eax;",
5601 g_func_pp->ret_type.name);
5603 else if (IS(g_func_pp->ret_type.name, "__int64"))
5604 fprintf(fout, " return ((u64)edx << 32) | eax;");
5606 fprintf(fout, " return eax;");
5608 last_arith_dst = NULL;
5609 delayed_flag_op = NULL;
5613 out_src_opr_u32(buf1, sizeof(buf1), po, &po->operand[0]);
5614 if (po->p_argnum != 0) {
5615 // special case - saved func arg
5616 fprintf(fout, " %s = %s;",
5617 saved_arg_name(buf2, sizeof(buf2),
5618 po->p_arggrp, po->p_argnum), buf1);
5621 else if (po->flags & OPF_RSAVE) {
5622 fprintf(fout, " s_%s = %s;", buf1, buf1);
5625 else if (po->flags & OPF_PPUSH) {
5627 ferr_assert(po, tmp_op != NULL);
5628 out_dst_opr(buf2, sizeof(buf2), po, &tmp_op->operand[0]);
5629 fprintf(fout, " pp_%s = %s;", buf2, buf1);
5632 else if (g_func_pp->is_userstack) {
5633 fprintf(fout, " *(--esp) = %s;", buf1);
5636 if (!(g_ida_func_attr & IDAFA_NORETURN))
5637 ferr(po, "stray push encountered\n");
5642 out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]);
5643 if (po->flags & OPF_RSAVE) {
5644 fprintf(fout, " %s = s_%s;", buf1, buf1);
5647 else if (po->flags & OPF_PPUSH) {
5649 ferr_assert(po, po->datap == NULL);
5650 fprintf(fout, " %s = pp_%s;", buf1, buf1);
5653 else if (po->datap != NULL) {
5656 fprintf(fout, " %s = %s;", buf1,
5657 out_src_opr(buf2, sizeof(buf2),
5658 tmp_op, &tmp_op->operand[0],
5659 default_cast_to(buf3, sizeof(buf3), &po->operand[0]), 0));
5662 else if (g_func_pp->is_userstack) {
5663 fprintf(fout, " %s = *esp++;", buf1);
5667 ferr(po, "stray pop encountered\n");
5676 strcpy(g_comment, "(emms)");
5681 ferr(po, "unhandled op type %d, flags %x\n",
5686 if (g_comment[0] != 0) {
5687 char *p = g_comment;
5688 while (my_isblank(*p))
5690 fprintf(fout, " // %s", p);
5695 fprintf(fout, "\n");
5697 // some sanity checking
5698 if (po->flags & OPF_REP) {
5699 if (po->op != OP_STOS && po->op != OP_MOVS
5700 && po->op != OP_CMPS && po->op != OP_SCAS)
5701 ferr(po, "unexpected rep\n");
5702 if (!(po->flags & (OPF_REPZ|OPF_REPNZ))
5703 && (po->op == OP_CMPS || po->op == OP_SCAS))
5704 ferr(po, "cmps/scas with plain rep\n");
5706 if ((po->flags & (OPF_REPZ|OPF_REPNZ))
5707 && po->op != OP_CMPS && po->op != OP_SCAS)
5708 ferr(po, "unexpected repz/repnz\n");
5711 ferr(po, "missed flag calc, pfomask=%x\n", pfomask);
5713 // see is delayed flag stuff is still valid
5714 if (delayed_flag_op != NULL && delayed_flag_op != po) {
5715 if (is_any_opr_modified(delayed_flag_op, po, 0))
5716 delayed_flag_op = NULL;
5719 if (last_arith_dst != NULL && last_arith_dst != &po->operand[0]) {
5720 if (is_opr_modified(last_arith_dst, po))
5721 last_arith_dst = NULL;
5727 if (g_stack_fsz && !g_stack_frame_used)
5728 fprintf(fout, " (void)sf;\n");
5730 fprintf(fout, "}\n\n");
5732 gen_x_cleanup(opcnt);
5735 static void gen_x_cleanup(int opcnt)
5739 for (i = 0; i < opcnt; i++) {
5740 struct label_ref *lr, *lr_del;
5742 lr = g_label_refs[i].next;
5743 while (lr != NULL) {
5748 g_label_refs[i].i = -1;
5749 g_label_refs[i].next = NULL;
5751 if (ops[i].op == OP_CALL) {
5753 proto_release(ops[i].pp);
5759 struct func_proto_dep;
5761 struct func_prototype {
5766 int has_ret:3; // -1, 0, 1: unresolved, no, yes
5767 unsigned int dep_resolved:1;
5768 unsigned int is_stdcall:1;
5769 struct func_proto_dep *dep_func;
5771 const struct parsed_proto *pp; // seed pp, if any
5774 struct func_proto_dep {
5776 struct func_prototype *proto;
5777 int regmask_live; // .. at the time of call
5778 unsigned int ret_dep:1; // return from this is caller's return
5781 static struct func_prototype *hg_fp;
5782 static int hg_fp_cnt;
5784 static struct scanned_var {
5786 enum opr_lenmod lmod;
5787 unsigned int is_seeded:1;
5788 unsigned int is_c_str:1;
5789 const struct parsed_proto *pp; // seed pp, if any
5791 static int hg_var_cnt;
5793 static void output_hdr_fp(FILE *fout, const struct func_prototype *fp,
5796 struct func_prototype *hg_fp_add(const char *funcn)
5798 struct func_prototype *fp;
5800 if ((hg_fp_cnt & 0xff) == 0) {
5801 hg_fp = realloc(hg_fp, sizeof(hg_fp[0]) * (hg_fp_cnt + 0x100));
5802 my_assert_not(hg_fp, NULL);
5803 memset(hg_fp + hg_fp_cnt, 0, sizeof(hg_fp[0]) * 0x100);
5806 fp = &hg_fp[hg_fp_cnt];
5807 snprintf(fp->name, sizeof(fp->name), "%s", funcn);
5809 fp->argc_stack = -1;
5815 static struct func_proto_dep *hg_fp_find_dep(struct func_prototype *fp,
5820 for (i = 0; i < fp->dep_func_cnt; i++)
5821 if (IS(fp->dep_func[i].name, name))
5822 return &fp->dep_func[i];
5827 static void hg_fp_add_dep(struct func_prototype *fp, const char *name)
5830 if (hg_fp_find_dep(fp, name))
5833 if ((fp->dep_func_cnt & 0xff) == 0) {
5834 fp->dep_func = realloc(fp->dep_func,
5835 sizeof(fp->dep_func[0]) * (fp->dep_func_cnt + 0x100));
5836 my_assert_not(fp->dep_func, NULL);
5837 memset(&fp->dep_func[fp->dep_func_cnt], 0,
5838 sizeof(fp->dep_func[0]) * 0x100);
5840 fp->dep_func[fp->dep_func_cnt].name = strdup(name);
5844 static int hg_fp_cmp_name(const void *p1_, const void *p2_)
5846 const struct func_prototype *p1 = p1_, *p2 = p2_;
5847 return strcmp(p1->name, p2->name);
5851 static int hg_fp_cmp_id(const void *p1_, const void *p2_)
5853 const struct func_prototype *p1 = p1_, *p2 = p2_;
5854 return p1->id - p2->id;
5858 // recursive register dep pass
5859 // - track saved regs (part 2)
5860 // - try to figure out arg-regs
5861 // - calculate reg deps
5862 static void gen_hdr_dep_pass(int i, int opcnt, unsigned char *cbits,
5863 struct func_prototype *fp, int regmask_save, int regmask_dst,
5864 int *regmask_dep, int *has_ret)
5866 struct func_proto_dep *dep;
5867 struct parsed_op *po;
5868 int from_caller = 0;
5874 for (; i < opcnt; i++)
5876 if (cbits[i >> 3] & (1 << (i & 7)))
5878 cbits[i >> 3] |= (1 << (i & 7));
5882 if ((po->flags & OPF_JMP) && po->op != OP_CALL) {
5883 if (po->btj != NULL) {
5885 for (j = 0; j < po->btj->count; j++) {
5886 check_i(po, po->btj->d[j].bt_i);
5887 gen_hdr_dep_pass(po->btj->d[j].bt_i, opcnt, cbits, fp,
5888 regmask_save, regmask_dst, regmask_dep, has_ret);
5893 check_i(po, po->bt_i);
5894 if (po->flags & OPF_CJMP) {
5895 gen_hdr_dep_pass(po->bt_i, opcnt, cbits, fp,
5896 regmask_save, regmask_dst, regmask_dep, has_ret);
5904 if (po->flags & OPF_FARG)
5905 /* (just calculate register deps) */;
5906 else if (po->op == OP_PUSH && po->operand[0].type == OPT_REG)
5908 reg = po->operand[0].reg;
5910 ferr(po, "reg not set for push?\n");
5912 if (po->flags & OPF_RSAVE) {
5913 regmask_save |= 1 << reg;
5916 if (po->flags & OPF_DONE)
5920 ret = scan_for_pop(i + 1, opcnt,
5921 po->operand[0].name, i + opcnt * 2, 0, &depth, 0);
5923 regmask_save |= 1 << reg;
5924 po->flags |= OPF_RMD;
5925 scan_for_pop(i + 1, opcnt,
5926 po->operand[0].name, i + opcnt * 3, 0, &depth, 1);
5930 else if (po->flags & OPF_RMD)
5932 else if (po->op == OP_CALL) {
5933 po->regmask_dst |= 1 << xAX;
5935 dep = hg_fp_find_dep(fp, po->operand[0].name);
5937 dep->regmask_live = regmask_save | regmask_dst;
5939 else if (po->op == OP_RET) {
5940 if (po->operand_cnt > 0) {
5942 if (fp->argc_stack >= 0
5943 && fp->argc_stack != po->operand[0].val / 4)
5944 ferr(po, "ret mismatch? (%d)\n", fp->argc_stack * 4);
5945 fp->argc_stack = po->operand[0].val / 4;
5949 // if has_ret is 0, there is uninitialized eax path,
5950 // which means it's most likely void func
5951 if (*has_ret != 0 && (po->flags & OPF_TAIL)) {
5952 if (po->op == OP_CALL) {
5957 struct parsed_opr opr = { 0, };
5962 ret = resolve_origin(i, &opr, i + opcnt * 4, &j, &from_caller);
5965 if (ret != 1 && from_caller) {
5966 // unresolved eax - probably void func
5970 if (j >= 0 && ops[j].op == OP_CALL) {
5971 dep = hg_fp_find_dep(fp, ops[j].operand[0].name);
5982 l = regmask_save | regmask_dst;
5983 if (g_bp_frame && !(po->flags & OPF_EBP_S))
5986 l = po->regmask_src & ~l;
5989 fnote(po, "dep |= %04x, dst %04x, save %04x (f %x)\n",
5990 l, regmask_dst, regmask_save, po->flags);
5993 regmask_dst |= po->regmask_dst;
5995 if (po->flags & OPF_TAIL)
6000 static void gen_hdr(const char *funcn, int opcnt)
6002 int save_arg_vars[MAX_ARG_GRP] = { 0, };
6003 unsigned char cbits[MAX_OPS / 8];
6004 const struct parsed_proto *pp_c;
6005 struct parsed_proto *pp;
6006 struct func_prototype *fp;
6007 struct parsed_op *po;
6008 int regmask_dummy = 0;
6010 int max_bp_offset = 0;
6015 pp_c = proto_parse(g_fhdr, funcn, 1);
6017 // already in seed, will add to hg_fp later
6020 fp = hg_fp_add(funcn);
6022 g_bp_frame = g_sp_frame = g_stack_fsz = 0;
6023 g_stack_frame_used = 0;
6026 // - resolve all branches
6027 // - parse calls with labels
6028 resolve_branches_parse_calls(opcnt);
6031 // - handle ebp/esp frame, remove ops related to it
6032 scan_prologue_epilogue(opcnt);
6035 // - remove dead labels
6037 for (i = 0; i < opcnt; i++)
6039 if (g_labels[i] != NULL && g_label_refs[i].i == -1) {
6045 if (po->flags & (OPF_RMD|OPF_DONE))
6048 if (po->op == OP_CALL) {
6049 if (po->operand[0].type == OPT_LABEL)
6050 hg_fp_add_dep(fp, opr_name(po, 0));
6051 else if (po->pp != NULL)
6052 hg_fp_add_dep(fp, po->pp->name);
6057 // - remove dead labels
6058 // - handle push <const>/pop pairs
6059 for (i = 0; i < opcnt; i++)
6061 if (g_labels[i] != NULL && g_label_refs[i].i == -1) {
6067 if (po->flags & (OPF_RMD|OPF_DONE))
6070 if (po->op == OP_PUSH && po->operand[0].type == OPT_CONST)
6071 scan_for_pop_const(i, opcnt, ®mask_dummy);
6075 // - process trivial calls
6076 for (i = 0; i < opcnt; i++)
6079 if (po->flags & (OPF_RMD|OPF_DONE))
6082 if (po->op == OP_CALL)
6084 pp = process_call_early(i, opcnt, &j);
6086 if (!(po->flags & OPF_ATAIL))
6087 // since we know the args, try to collect them
6088 if (collect_call_args_early(po, i, pp, ®mask_dummy) != 0)
6094 // commit esp adjust
6095 if (ops[j].op != OP_POP)
6096 patch_esp_adjust(&ops[j], pp->argc_stack * 4);
6098 for (l = 0; l < pp->argc_stack; l++)
6099 ops[j + l].flags |= OPF_DONE | OPF_RMD;
6103 po->flags |= OPF_DONE;
6109 // - track saved regs (simple)
6111 for (i = 0; i < opcnt; i++)
6114 if (po->flags & (OPF_RMD|OPF_DONE))
6117 if (po->op == OP_PUSH && po->operand[0].type == OPT_REG)
6119 ret = scan_for_pop_ret(i + 1, opcnt, po->operand[0].name, 0);
6121 // regmask_save |= 1 << po->operand[0].reg; // do it later
6122 po->flags |= OPF_RSAVE | OPF_RMD | OPF_DONE;
6123 scan_for_pop_ret(i + 1, opcnt, po->operand[0].name, OPF_RMD);
6126 else if (po->op == OP_CALL && !(po->flags & OPF_DONE))
6128 pp = process_call(i, opcnt);
6130 if (!pp->is_unresolved && !(po->flags & OPF_ATAIL)) {
6131 // since we know the args, collect them
6132 ret = collect_call_args(po, i, pp, ®mask_dummy, save_arg_vars,
6139 memset(cbits, 0, sizeof(cbits));
6143 gen_hdr_dep_pass(0, opcnt, cbits, fp, 0, 0, ®mask_dep, &has_ret);
6145 // find unreachable code - must be fixed in IDA
6146 for (i = 0; i < opcnt; i++)
6148 if (cbits[i >> 3] & (1 << (i & 7)))
6151 if (ops[i].op != OP_NOP)
6152 ferr(&ops[i], "unreachable code\n");
6155 for (i = 0; i < g_eqcnt; i++) {
6156 if (g_eqs[i].offset > max_bp_offset && g_eqs[i].offset < 4*32)
6157 max_bp_offset = g_eqs[i].offset;
6160 if (fp->argc_stack < 0) {
6161 max_bp_offset = (max_bp_offset + 3) & ~3;
6162 fp->argc_stack = max_bp_offset / 4;
6163 if ((g_ida_func_attr & IDAFA_BP_FRAME) && fp->argc_stack > 0)
6167 fp->regmask_dep = regmask_dep & ~(1 << xSP);
6168 fp->has_ret = has_ret;
6170 printf("// has_ret %d, regmask_dep %x\n",
6171 fp->has_ret, fp->regmask_dep);
6172 output_hdr_fp(stdout, fp, 1);
6173 if (IS(funcn, "sub_10007F72")) exit(1);
6176 gen_x_cleanup(opcnt);
6179 static void hg_fp_resolve_deps(struct func_prototype *fp)
6181 struct func_prototype fp_s;
6185 // this thing is recursive, so mark first..
6186 fp->dep_resolved = 1;
6188 for (i = 0; i < fp->dep_func_cnt; i++) {
6189 strcpy(fp_s.name, fp->dep_func[i].name);
6190 fp->dep_func[i].proto = bsearch(&fp_s, hg_fp, hg_fp_cnt,
6191 sizeof(hg_fp[0]), hg_fp_cmp_name);
6192 if (fp->dep_func[i].proto != NULL) {
6193 if (!fp->dep_func[i].proto->dep_resolved)
6194 hg_fp_resolve_deps(fp->dep_func[i].proto);
6196 dep = ~fp->dep_func[i].regmask_live
6197 & fp->dep_func[i].proto->regmask_dep;
6198 fp->regmask_dep |= dep;
6199 // printf("dep %s %s |= %x\n", fp->name,
6200 // fp->dep_func[i].name, dep);
6202 if (fp->has_ret == -1 && fp->dep_func[i].ret_dep)
6203 fp->has_ret = fp->dep_func[i].proto->has_ret;
6208 static void output_hdr_fp(FILE *fout, const struct func_prototype *fp,
6211 const struct parsed_proto *pp;
6212 char *p, namebuf[NAMELEN];
6218 for (; count > 0; count--, fp++) {
6219 if (fp->has_ret == -1)
6220 fprintf(fout, "// ret unresolved\n");
6222 fprintf(fout, "// dep:");
6223 for (j = 0; j < fp->dep_func_cnt; j++) {
6224 fprintf(fout, " %s/", fp->dep_func[j].name);
6225 if (fp->dep_func[j].proto != NULL)
6226 fprintf(fout, "%04x/%d", fp->dep_func[j].proto->regmask_dep,
6227 fp->dep_func[j].proto->has_ret);
6229 fprintf(fout, "\n");
6232 p = strchr(fp->name, '@');
6234 memcpy(namebuf, fp->name, p - fp->name);
6235 namebuf[p - fp->name] = 0;
6243 pp = proto_parse(g_fhdr, name, 1);
6244 if (pp != NULL && pp->is_include)
6247 if (fp->pp != NULL) {
6248 // part of seed, output later
6252 regmask_dep = fp->regmask_dep;
6253 argc_stack = fp->argc_stack;
6255 fprintf(fout, "%-5s", fp->pp ? fp->pp->ret_type.name :
6256 (fp->has_ret ? "int" : "void"));
6257 if (regmask_dep && (fp->is_stdcall || argc_stack == 0)
6258 && (regmask_dep & ~((1 << xCX) | (1 << xDX))) == 0)
6260 fprintf(fout, " __fastcall ");
6261 if (!(regmask_dep & (1 << xDX)) && argc_stack == 0)
6267 else if (regmask_dep && !fp->is_stdcall) {
6268 fprintf(fout, "/*__usercall*/ ");
6270 else if (regmask_dep) {
6271 fprintf(fout, "/*__userpurge*/ ");
6273 else if (fp->is_stdcall)
6274 fprintf(fout, " __stdcall ");
6276 fprintf(fout, " __cdecl ");
6278 fprintf(fout, "%s(", name);
6281 for (j = 0; j < xSP; j++) {
6282 if (regmask_dep & (1 << j)) {
6285 fprintf(fout, ", ");
6287 fprintf(fout, "%s", fp->pp->arg[arg - 1].type.name);
6289 fprintf(fout, "int");
6290 fprintf(fout, " a%d/*<%s>*/", arg, regs_r32[j]);
6294 for (j = 0; j < argc_stack; j++) {
6297 fprintf(fout, ", ");
6298 if (fp->pp != NULL) {
6299 fprintf(fout, "%s", fp->pp->arg[arg - 1].type.name);
6300 if (!fp->pp->arg[arg - 1].type.is_ptr)
6304 fprintf(fout, "int ");
6305 fprintf(fout, "a%d", arg);
6308 fprintf(fout, ");\n");
6312 static void output_hdr(FILE *fout)
6314 static const char *lmod_c_names[] = {
6315 [OPLM_UNSPEC] = "???",
6316 [OPLM_BYTE] = "uint8_t",
6317 [OPLM_WORD] = "uint16_t",
6318 [OPLM_DWORD] = "uint32_t",
6319 [OPLM_QWORD] = "uint64_t",
6321 const struct scanned_var *var;
6322 struct func_prototype *fp;
6323 char line[256] = { 0, };
6327 // add stuff from headers
6328 for (i = 0; i < pp_cache_size; i++) {
6329 if (pp_cache[i].is_cinc && !pp_cache[i].is_stdcall)
6330 snprintf(name, sizeof(name), "_%s", pp_cache[i].name);
6332 snprintf(name, sizeof(name), "%s", pp_cache[i].name);
6333 fp = hg_fp_add(name);
6334 fp->pp = &pp_cache[i];
6335 fp->argc_stack = fp->pp->argc_stack;
6336 fp->is_stdcall = fp->pp->is_stdcall;
6337 fp->regmask_dep = get_pp_arg_regmask(fp->pp);
6338 fp->has_ret = !IS(fp->pp->ret_type.name, "void");
6342 qsort(hg_fp, hg_fp_cnt, sizeof(hg_fp[0]), hg_fp_cmp_name);
6343 for (i = 0; i < hg_fp_cnt; i++)
6344 hg_fp_resolve_deps(&hg_fp[i]);
6346 // note: messes up .proto ptr, don't use
6347 //qsort(hg_fp, hg_fp_cnt, sizeof(hg_fp[0]), hg_fp_cmp_id);
6350 for (i = 0; i < hg_var_cnt; i++) {
6353 if (var->pp != NULL)
6356 else if (var->is_c_str)
6357 fprintf(fout, "extern %-8s %s[];", "char", var->name);
6359 fprintf(fout, "extern %-8s %s;",
6360 lmod_c_names[var->lmod], var->name);
6363 fprintf(fout, " // seeded");
6364 fprintf(fout, "\n");
6367 fprintf(fout, "\n");
6369 // output function prototypes
6370 output_hdr_fp(fout, hg_fp, hg_fp_cnt);
6373 fprintf(fout, "\n// - seed -\n");
6376 while (fgets(line, sizeof(line), g_fhdr))
6377 fwrite(line, 1, strlen(line), fout);
6380 // '=' needs special treatment
6382 static char *next_word_s(char *w, size_t wsize, char *s)
6391 for (i = 1; i < wsize - 1; i++) {
6393 printf("warning: missing closing quote: \"%s\"\n", s);
6402 for (; i < wsize - 1; i++) {
6403 if (s[i] == 0 || my_isblank(s[i]) || (s[i] == '=' && i > 0))
6409 if (s[i] != 0 && !my_isblank(s[i]) && s[i] != '=')
6410 printf("warning: '%s' truncated\n", w);
6415 static void scan_variables(FILE *fasm)
6417 struct scanned_var *var;
6418 char line[256] = { 0, };
6426 // skip to next data section
6427 while (my_fgets(line, sizeof(line), fasm))
6432 if (*p == 0 || *p == ';')
6435 p = sskip(next_word_s(words[0], sizeof(words[0]), p));
6436 if (*p == 0 || *p == ';')
6439 if (*p != 's' || !IS_START(p, "segment para public"))
6445 if (p == NULL || !IS_START(p, "segment para public"))
6449 if (!IS_START(p, "'DATA'"))
6453 while (my_fgets(line, sizeof(line), fasm))
6462 if (*p == 0 || *p == ';')
6465 for (wordc = 0; wordc < ARRAY_SIZE(words); wordc++) {
6466 words[wordc][0] = 0;
6467 p = sskip(next_word_s(words[wordc], sizeof(words[0]), p));
6468 if (*p == 0 || *p == ';') {
6474 if (wordc == 2 && IS(words[1], "ends"))
6479 if (IS_START(words[0], "__IMPORT_DESCRIPTOR_")) {
6480 // when this starts, we don't need anything from this section
6484 if ((hg_var_cnt & 0xff) == 0) {
6485 hg_vars = realloc(hg_vars, sizeof(hg_vars[0])
6486 * (hg_var_cnt + 0x100));
6487 my_assert_not(hg_vars, NULL);
6488 memset(hg_vars + hg_var_cnt, 0, sizeof(hg_vars[0]) * 0x100);
6491 var = &hg_vars[hg_var_cnt++];
6492 snprintf(var->name, sizeof(var->name), "%s", words[0]);
6494 // maybe already in seed header?
6495 var->pp = proto_parse(g_fhdr, var->name, 1);
6496 if (var->pp != NULL) {
6497 if (var->pp->is_fptr) {
6498 var->lmod = OPLM_DWORD;
6501 else if (var->pp->is_func)
6503 else if (!guess_lmod_from_c_type(&var->lmod, &var->pp->type))
6504 aerr("unhandled C type '%s' for '%s'\n",
6505 var->pp->type.name, var->name);
6511 if (IS(words[1], "dd"))
6512 var->lmod = OPLM_DWORD;
6513 else if (IS(words[1], "dw"))
6514 var->lmod = OPLM_WORD;
6515 else if (IS(words[1], "db")) {
6516 var->lmod = OPLM_BYTE;
6517 if (wordc >= 3 && (l = strlen(words[2])) > 4) {
6518 if (words[2][0] == '\'' && IS(words[2] + l - 2, ",0"))
6522 else if (IS(words[1], "dq"))
6523 var->lmod = OPLM_QWORD;
6524 //else if (IS(words[1], "dt"))
6526 aerr("type '%s' not known\n", words[1]);
6534 static void set_label(int i, const char *name)
6540 p = strchr(name, ':');
6544 if (g_labels[i] != NULL && !IS_START(g_labels[i], "algn_"))
6545 aerr("dupe label '%s' vs '%s'?\n", name, g_labels[i]);
6546 g_labels[i] = realloc(g_labels[i], len + 1);
6547 my_assert_not(g_labels[i], NULL);
6548 memcpy(g_labels[i], name, len);
6549 g_labels[i][len] = 0;
6558 static struct chunk_item *func_chunks;
6559 static int func_chunk_cnt;
6560 static int func_chunk_alloc;
6562 static void add_func_chunk(FILE *fasm, const char *name, int line)
6564 if (func_chunk_cnt >= func_chunk_alloc) {
6565 func_chunk_alloc *= 2;
6566 func_chunks = realloc(func_chunks,
6567 func_chunk_alloc * sizeof(func_chunks[0]));
6568 my_assert_not(func_chunks, NULL);
6570 func_chunks[func_chunk_cnt].fptr = ftell(fasm);
6571 func_chunks[func_chunk_cnt].name = strdup(name);
6572 func_chunks[func_chunk_cnt].asmln = line;
6576 static int cmp_chunks(const void *p1, const void *p2)
6578 const struct chunk_item *c1 = p1, *c2 = p2;
6579 return strcmp(c1->name, c2->name);
6582 static int cmpstringp(const void *p1, const void *p2)
6584 return strcmp(*(char * const *)p1, *(char * const *)p2);
6587 static void scan_ahead(FILE *fasm)
6597 oldpos = ftell(fasm);
6600 while (my_fgets(line, sizeof(line), fasm))
6611 // get rid of random tabs
6612 for (i = 0; line[i] != 0; i++)
6613 if (line[i] == '\t')
6616 if (p[2] == 'S' && IS_START(p, "; START OF FUNCTION CHUNK FOR "))
6619 next_word(words[0], sizeof(words[0]), p);
6620 if (words[0][0] == 0)
6621 aerr("missing name for func chunk?\n");
6623 add_func_chunk(fasm, words[0], asmln);
6625 else if (IS_START(p, "; sctend"))
6631 for (wordc = 0; wordc < ARRAY_SIZE(words); wordc++) {
6632 words[wordc][0] = 0;
6633 p = sskip(next_word_s(words[wordc], sizeof(words[0]), p));
6634 if (*p == 0 || *p == ';') {
6640 if (wordc == 2 && IS(words[1], "ends"))
6644 fseek(fasm, oldpos, SEEK_SET);
6648 int main(int argc, char *argv[])
6650 FILE *fout, *fasm, *frlist;
6651 struct parsed_data *pd = NULL;
6653 char **rlist = NULL;
6655 int rlist_alloc = 0;
6656 int func_chunks_used = 0;
6657 int func_chunks_sorted = 0;
6658 int func_chunk_i = -1;
6659 long func_chunk_ret = 0;
6660 int func_chunk_ret_ln = 0;
6661 int scanned_ahead = 0;
6663 char words[20][256];
6664 enum opr_lenmod lmod;
6665 char *sctproto = NULL;
6667 int pending_endp = 0;
6669 int skip_warned = 0;
6682 for (arg = 1; arg < argc; arg++) {
6683 if (IS(argv[arg], "-v"))
6685 else if (IS(argv[arg], "-rf"))
6686 g_allow_regfunc = 1;
6687 else if (IS(argv[arg], "-m"))
6689 else if (IS(argv[arg], "-hdr"))
6690 g_header_mode = g_quiet_pp = g_allow_regfunc = 1;
6695 if (argc < arg + 3) {
6696 printf("usage:\n%s [-v] [-rf] [-m] <.c> <.asm> <hdr.h> [rlist]*\n"
6697 "%s -hdr <out.h> <.asm> <seed.h> [rlist]*\n"
6699 " -hdr - header generation mode\n"
6700 " -rf - allow unannotated indirect calls\n"
6701 " -m - allow multiple .text sections\n"
6702 "[rlist] is a file with function names to skip,"
6710 asmfn = argv[arg++];
6711 fasm = fopen(asmfn, "r");
6712 my_assert_not(fasm, NULL);
6714 hdrfn = argv[arg++];
6715 g_fhdr = fopen(hdrfn, "r");
6716 my_assert_not(g_fhdr, NULL);
6719 rlist = malloc(rlist_alloc * sizeof(rlist[0]));
6720 my_assert_not(rlist, NULL);
6721 // needs special handling..
6722 rlist[rlist_len++] = "__alloca_probe";
6724 func_chunk_alloc = 32;
6725 func_chunks = malloc(func_chunk_alloc * sizeof(func_chunks[0]));
6726 my_assert_not(func_chunks, NULL);
6728 memset(words, 0, sizeof(words));
6730 for (; arg < argc; arg++) {
6731 frlist = fopen(argv[arg], "r");
6732 my_assert_not(frlist, NULL);
6734 while (my_fgets(line, sizeof(line), frlist)) {
6736 if (*p == 0 || *p == ';')
6739 if (IS_START(p, "#if 0")
6740 || (g_allow_regfunc && IS_START(p, "#if NO_REGFUNC")))
6744 else if (IS_START(p, "#endif"))
6751 p = next_word(words[0], sizeof(words[0]), p);
6752 if (words[0][0] == 0)
6755 if (rlist_len >= rlist_alloc) {
6756 rlist_alloc = rlist_alloc * 2 + 64;
6757 rlist = realloc(rlist, rlist_alloc * sizeof(rlist[0]));
6758 my_assert_not(rlist, NULL);
6760 rlist[rlist_len++] = strdup(words[0]);
6769 qsort(rlist, rlist_len, sizeof(rlist[0]), cmpstringp);
6771 fout = fopen(argv[arg_out], "w");
6772 my_assert_not(fout, NULL);
6775 g_eqs = malloc(eq_alloc * sizeof(g_eqs[0]));
6776 my_assert_not(g_eqs, NULL);
6778 for (i = 0; i < ARRAY_SIZE(g_label_refs); i++) {
6779 g_label_refs[i].i = -1;
6780 g_label_refs[i].next = NULL;
6784 scan_variables(fasm);
6786 while (my_fgets(line, sizeof(line), fasm))
6795 // get rid of random tabs
6796 for (i = 0; line[i] != 0; i++)
6797 if (line[i] == '\t')
6802 if (p[2] == '=' && IS_START(p, "; =============== S U B"))
6803 goto do_pending_endp; // eww..
6805 if (p[2] == 'A' && IS_START(p, "; Attributes:"))
6807 static const char *attrs[] = {
6816 // parse IDA's attribute-list comment
6817 g_ida_func_attr = 0;
6820 for (; *p != 0; p = sskip(p)) {
6821 for (i = 0; i < ARRAY_SIZE(attrs); i++) {
6822 if (!strncmp(p, attrs[i], strlen(attrs[i]))) {
6823 g_ida_func_attr |= 1 << i;
6824 p += strlen(attrs[i]);
6828 if (i == ARRAY_SIZE(attrs)) {
6829 anote("unparsed IDA attr: %s\n", p);
6832 if (IS(attrs[i], "fpd=")) {
6833 p = next_word(words[0], sizeof(words[0]), p);
6838 else if (p[2] == 'S' && IS_START(p, "; START OF FUNCTION CHUNK FOR "))
6841 next_word(words[0], sizeof(words[0]), p);
6842 if (words[0][0] == 0)
6843 aerr("missing name for func chunk?\n");
6845 if (!scanned_ahead) {
6846 add_func_chunk(fasm, words[0], asmln);
6847 func_chunks_sorted = 0;
6850 else if (p[2] == 'E' && IS_START(p, "; END OF FUNCTION CHUNK"))
6852 if (func_chunk_i >= 0) {
6853 if (func_chunk_i < func_chunk_cnt
6854 && IS(func_chunks[func_chunk_i].name, g_func))
6856 // move on to next chunk
6857 ret = fseek(fasm, func_chunks[func_chunk_i].fptr, SEEK_SET);
6859 aerr("seek failed for '%s' chunk #%d\n",
6860 g_func, func_chunk_i);
6861 asmln = func_chunks[func_chunk_i].asmln;
6865 if (func_chunk_ret == 0)
6866 aerr("no return from chunk?\n");
6867 fseek(fasm, func_chunk_ret, SEEK_SET);
6868 asmln = func_chunk_ret_ln;
6874 else if (p[2] == 'F' && IS_START(p, "; FUNCTION CHUNK AT ")) {
6875 func_chunks_used = 1;
6877 if (IS_START(g_func, "sub_")) {
6878 unsigned long addr = strtoul(p, NULL, 16);
6879 unsigned long f_addr = strtoul(g_func + 4, NULL, 16);
6880 if (addr > f_addr && !scanned_ahead) {
6881 anote("scan_ahead caused by '%s', addr %lx\n",
6885 func_chunks_sorted = 0;
6893 for (i = wordc; i < ARRAY_SIZE(words); i++)
6895 for (wordc = 0; wordc < ARRAY_SIZE(words); wordc++) {
6896 p = sskip(next_word_s(words[wordc], sizeof(words[0]), p));
6897 if (*p == 0 || *p == ';') {
6902 if (*p != 0 && *p != ';')
6903 aerr("too many words\n");
6905 // alow asm patches in comments
6907 if (IS_START(p, "; sctpatch:")) {
6909 if (*p == 0 || *p == ';')
6911 goto parse_words; // lame
6913 if (IS_START(p, "; sctproto:")) {
6914 sctproto = strdup(p + 11);
6916 else if (IS_START(p, "; sctend")) {
6925 awarn("wordc == 0?\n");
6929 // don't care about this:
6930 if (words[0][0] == '.'
6931 || IS(words[0], "include")
6932 || IS(words[0], "assume") || IS(words[1], "segment")
6933 || IS(words[0], "align"))
6939 // do delayed endp processing to collect switch jumptables
6941 if (in_func && !g_skip_func && !end && wordc >= 2
6942 && ((words[0][0] == 'd' && words[0][2] == 0)
6943 || (words[1][0] == 'd' && words[1][2] == 0)))
6946 if (words[1][0] == 'd' && words[1][2] == 0) {
6948 if (g_func_pd_cnt >= pd_alloc) {
6949 pd_alloc = pd_alloc * 2 + 16;
6950 g_func_pd = realloc(g_func_pd,
6951 sizeof(g_func_pd[0]) * pd_alloc);
6952 my_assert_not(g_func_pd, NULL);
6954 pd = &g_func_pd[g_func_pd_cnt];
6956 memset(pd, 0, sizeof(*pd));
6957 strcpy(pd->label, words[0]);
6958 pd->type = OPT_CONST;
6959 pd->lmod = lmod_from_directive(words[1]);
6965 anote("skipping alignment byte?\n");
6968 lmod = lmod_from_directive(words[0]);
6969 if (lmod != pd->lmod)
6970 aerr("lmod change? %d->%d\n", pd->lmod, lmod);
6973 if (pd->count_alloc < pd->count + wordc) {
6974 pd->count_alloc = pd->count_alloc * 2 + 14 + wordc;
6975 pd->d = realloc(pd->d, sizeof(pd->d[0]) * pd->count_alloc);
6976 my_assert_not(pd->d, NULL);
6978 for (; i < wordc; i++) {
6979 if (IS(words[i], "offset")) {
6980 pd->type = OPT_OFFSET;
6983 p = strchr(words[i], ',');
6986 if (pd->type == OPT_OFFSET)
6987 pd->d[pd->count].u.label = strdup(words[i]);
6989 pd->d[pd->count].u.val = parse_number(words[i]);
6990 pd->d[pd->count].bt_i = -1;
6996 if (in_func && !g_skip_func) {
6998 gen_hdr(g_func, pi);
7000 gen_func(fout, g_fhdr, g_func, pi);
7005 g_ida_func_attr = 0;
7009 func_chunks_used = 0;
7012 memset(&ops, 0, pi * sizeof(ops[0]));
7017 for (i = 0; i < g_func_pd_cnt; i++) {
7019 if (pd->type == OPT_OFFSET) {
7020 for (j = 0; j < pd->count; j++)
7021 free(pd->d[j].u.label);
7035 if (IS(words[1], "proc")) {
7037 aerr("proc '%s' while in_func '%s'?\n",
7040 if (bsearch(&p, rlist, rlist_len, sizeof(rlist[0]), cmpstringp))
7042 strcpy(g_func, words[0]);
7043 set_label(0, words[0]);
7048 if (IS(words[1], "endp"))
7051 aerr("endp '%s' while not in_func?\n", words[0]);
7052 if (!IS(g_func, words[0]))
7053 aerr("endp '%s' while in_func '%s'?\n",
7056 if ((g_ida_func_attr & IDAFA_THUNK) && pi == 1
7057 && ops[0].op == OP_JMP && ops[0].operand[0].had_ds)
7063 if (!g_skip_func && func_chunks_used) {
7064 // start processing chunks
7065 struct chunk_item *ci, key = { g_func, 0 };
7067 func_chunk_ret = ftell(fasm);
7068 func_chunk_ret_ln = asmln;
7069 if (!func_chunks_sorted) {
7070 qsort(func_chunks, func_chunk_cnt,
7071 sizeof(func_chunks[0]), cmp_chunks);
7072 func_chunks_sorted = 1;
7074 ci = bsearch(&key, func_chunks, func_chunk_cnt,
7075 sizeof(func_chunks[0]), cmp_chunks);
7077 aerr("'%s' needs chunks, but none found\n", g_func);
7078 func_chunk_i = ci - func_chunks;
7079 for (; func_chunk_i > 0; func_chunk_i--)
7080 if (!IS(func_chunks[func_chunk_i - 1].name, g_func))
7083 ret = fseek(fasm, func_chunks[func_chunk_i].fptr, SEEK_SET);
7085 aerr("seek failed for '%s' chunk #%d\n", g_func, func_chunk_i);
7086 asmln = func_chunks[func_chunk_i].asmln;
7094 if (wordc == 2 && IS(words[1], "ends")) {
7098 goto do_pending_endp;
7102 // scan for next text segment
7103 while (my_fgets(line, sizeof(line), fasm)) {
7106 if (*p == 0 || *p == ';')
7109 if (strstr(p, "segment para public 'CODE' use32"))
7116 p = strchr(words[0], ':');
7118 set_label(pi, words[0]);
7122 if (!in_func || g_skip_func) {
7123 if (!skip_warned && !g_skip_func && g_labels[pi] != NULL) {
7125 anote("skipping from '%s'\n", g_labels[pi]);
7129 g_labels[pi] = NULL;
7133 if (wordc > 1 && IS(words[1], "="))
7136 aerr("unhandled equ, wc=%d\n", wordc);
7137 if (g_eqcnt >= eq_alloc) {
7139 g_eqs = realloc(g_eqs, eq_alloc * sizeof(g_eqs[0]));
7140 my_assert_not(g_eqs, NULL);
7143 len = strlen(words[0]);
7144 if (len > sizeof(g_eqs[0].name) - 1)
7145 aerr("equ name too long: %d\n", len);
7146 strcpy(g_eqs[g_eqcnt].name, words[0]);
7148 if (!IS(words[3], "ptr"))
7149 aerr("unhandled equ\n");
7150 if (IS(words[2], "dword"))
7151 g_eqs[g_eqcnt].lmod = OPLM_DWORD;
7152 else if (IS(words[2], "word"))
7153 g_eqs[g_eqcnt].lmod = OPLM_WORD;
7154 else if (IS(words[2], "byte"))
7155 g_eqs[g_eqcnt].lmod = OPLM_BYTE;
7156 else if (IS(words[2], "qword"))
7157 g_eqs[g_eqcnt].lmod = OPLM_QWORD;
7159 aerr("bad lmod: '%s'\n", words[2]);
7161 g_eqs[g_eqcnt].offset = parse_number(words[4]);
7166 if (pi >= ARRAY_SIZE(ops))
7167 aerr("too many ops\n");
7169 parse_op(&ops[pi], words, wordc);
7171 if (sctproto != NULL) {
7172 if (ops[pi].op == OP_CALL || ops[pi].op == OP_JMP)
7173 ops[pi].datap = sctproto;
7189 // vim:ts=2:shiftwidth=2:expandtab
notaz.gp2x.de / ia32rtools.git / blob