#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <math.h>
#include <errno.h>
#include "my_assert.h"
OPF_EBP_S = (1 << 13), /* ebp used as scratch here, not BP */
OPF_DF = (1 << 14), /* DF flag set */
OPF_ATAIL = (1 << 15), /* tail call with reused arg frame */
- OPF_32BIT = (1 << 16), /* 32bit division */
+ OPF_32BIT = (1 << 16), /* enough to do 32bit for this op */
OPF_LOCK = (1 << 17), /* op has lock prefix */
OPF_VAPUSH = (1 << 18), /* vararg ptr push (as call arg) */
OPF_DONE = (1 << 19), /* already fully handled by analysis */
enum x87_const {
X87_CONST_1 = 1,
- X87_CONST_2T,
- X87_CONST_2E,
+ X87_CONST_L2T,
+ X87_CONST_L2E,
X87_CONST_PI,
X87_CONST_LG2,
X87_CONST_LN2,
{ "fld", OP_FLD, 1, 1, OPF_FPUSH },
{ "fild", OP_FILD, 1, 1, OPF_FPUSH|OPF_FINT },
{ "fld1", OP_FLDc, 0, 0, OPF_FPUSH },
+ { "fldl2t", OP_FLDc, 0, 0, OPF_FPUSH },
+ { "fldl2e", OP_FLDc, 0, 0, OPF_FPUSH },
+ { "fldpi", OP_FLDc, 0, 0, OPF_FPUSH },
+ { "fldlg2", OP_FLDc, 0, 0, OPF_FPUSH },
{ "fldln2", OP_FLDc, 0, 0, OPF_FPUSH },
{ "fldz", OP_FLDc, 0, 0, OPF_FPUSH },
{ "fst", OP_FST, 1, 1, 0 },
// fallthrough
case OP_MUL:
// singleop mul
- op->regmask_src |= op->regmask_dst;
- op->regmask_dst = (1 << xDX) | (1 << xAX);
if (op->operand[0].lmod == OPLM_UNSPEC)
op->operand[0].lmod = OPLM_DWORD;
+ op->regmask_src = mxAX | op->regmask_dst;
+ op->regmask_dst = mxAX;
+ if (op->operand[0].lmod != OPLM_BYTE)
+ op->regmask_dst |= mxDX;
break;
case OP_DIV:
case OP_IDIV:
// we could set up operands for edx:eax, but there is no real need to
// (see is_opr_modified())
- op->regmask_src |= op->regmask_dst;
- op->regmask_dst = (1 << xDX) | (1 << xAX);
if (op->operand[0].lmod == OPLM_UNSPEC)
op->operand[0].lmod = OPLM_DWORD;
+ op->regmask_src = mxAX | op->regmask_dst;
+ op->regmask_dst = mxAX;
+ if (op->operand[0].lmod != OPLM_BYTE) {
+ op->regmask_src |= mxDX;
+ op->regmask_dst |= mxDX;
+ }
break;
case OP_SHL:
break;
case OP_CALL:
+ // needed because of OPF_DATA
+ op->regmask_src = op->regmask_dst;
// trashed regs must be explicitly detected later
op->regmask_dst = 0;
break;
op->regmask_dst |= mxST0;
if (IS(words[op_w] + 3, "1"))
op->operand[0].val = X87_CONST_1;
+ else if (IS(words[op_w] + 3, "l2t"))
+ op->operand[0].val = X87_CONST_L2T;
+ else if (IS(words[op_w] + 3, "l2e"))
+ op->operand[0].val = X87_CONST_L2E;
+ else if (IS(words[op_w] + 3, "pi"))
+ op->operand[0].val = X87_CONST_PI;
+ else if (IS(words[op_w] + 3, "lg2"))
+ op->operand[0].val = X87_CONST_LG2;
else if (IS(words[op_w] + 3, "ln2"))
op->operand[0].val = X87_CONST_LN2;
else if (IS(words[op_w] + 3, "z"))
op->operand[0].val = X87_CONST_Z;
else
- aerr("TODO\n");
+ aerr("fld what?\n");
break;
case OP_FST:
}
static const char *check_label_read_ref(struct parsed_op *po,
- const char *name)
+ const char *name, int *is_import)
{
const struct parsed_proto *pp;
if (pp->is_func)
check_func_pp(po, pp, "ref");
+ if (is_import != NULL)
+ *is_import = pp->is_import;
+
return pp->name;
}
char tmp1[256], tmp2[256];
char expr[256];
const char *name;
+ int is_import = 0;
char *p;
int ret;
break;
case OPT_LABEL:
- name = check_label_read_ref(po, popr->name);
+ name = check_label_read_ref(po, popr->name, &is_import);
+ if (is_import)
+ // for imported data, asm is loading the offset
+ goto do_offset;
+
if (cast[0] == 0 && popr->is_ptr)
cast = "(u32)";
break;
case OPT_OFFSET:
- name = check_label_read_ref(po, popr->name);
+ do_offset:
+ name = check_label_read_ref(po, popr->name, NULL);
if (cast[0] == 0)
cast = "(u32)";
if (is_lea)
{
const char *cast = NULL;
char tmp[256];
+ union {
+ float f;
+ int i;
+ } u;
switch (popr->type) {
case OPT_REG:
- if (popr->reg < xST0 || popr->reg > xST7)
- ferr(po, "bad reg: %d\n", popr->reg);
+ if (popr->reg < xST0 || popr->reg > xST7) {
+ // func arg
+ ferr_assert(po, po->op == OP_PUSH);
+ ferr_assert(po, popr->lmod == OPLM_DWORD);
+ snprintf(buf, buf_size, "*(float *)&%s", opr_reg_p(po, popr));
+ break;
+ }
if (need_float_stack) {
if (popr->reg == xST0)
snprintf(buf, buf_size, "*(%s *)(%s)", cast, tmp);
break;
+ case OPT_CONST:
+ // only for func float args pushes
+ ferr_assert(po, po->op == OP_PUSH);
+ u.i = po->operand[0].val;
+ if (ceilf(u.f) == u.f)
+ snprintf(buf, buf_size, "%.1ff", u.f);
+ else
+ snprintf(buf, buf_size, "%.8ff", u.f);
+ break;
+
default:
ferr(po, "invalid float type: %d\n", popr->type);
}
else if (po->operand[0].type == OPT_LABEL)
{
tmpname = opr_name(po, 0);
- if (IS_START(tmpname, "loc_"))
- ferr(po, "call to loc_*\n");
+ if (IS_START(tmpname, "loc_")) {
+ if (!g_seh_found)
+ ferr(po, "call to loc_*\n");
+ // eliminate_seh() must take care of it
+ continue;
+ }
if (IS(tmpname, "__alloca_probe"))
continue;
if (IS(tmpname, "__SEH_prolog")) {
static int resolve_origin(int i, const struct parsed_opr *opr,
int magic, int *op_i, int *is_caller);
+static void set_label(int i, const char *name);
static void eliminate_seh_writes(int opcnt)
{
}
}
+static void eliminate_seh_finally(int opcnt)
+{
+ const char *target_name = NULL;
+ const char *return_name = NULL;
+ int exits[MAX_EXITS];
+ int exit_count = 0;
+ int call_i = -1;
+ int target_i = -1;
+ int return_i = -1;
+ int tgend_i = -1;
+ int i;
+
+ for (i = 0; i < opcnt; i++) {
+ if (ops[i].op != OP_CALL)
+ continue;
+ if (!IS_START(opr_name(&ops[i], 0), "loc_"))
+ continue;
+ if (target_name != NULL)
+ ferr(&ops[i], "multiple finally calls? (last was %s)\n",
+ target_name);
+ target_name = opr_name(&ops[i], 0);
+ call_i = i;
+
+ if (g_labels[i + 1] == NULL)
+ set_label(i + 1, "seh_fin_done");
+ return_name = g_labels[i + 1];
+ return_i = i + 1;
+ }
+
+ if (call_i == -1)
+ // no finally block
+ return;
+
+ // find finally code (bt_i is not set because it's call)
+ for (i = 0; i < opcnt; i++) {
+ if (g_labels[i] == NULL)
+ continue;
+ if (!IS(g_labels[i], target_name))
+ continue;
+
+ ferr_assert(&ops[i], target_i == -1);
+ target_i = i;
+ }
+ ferr_assert(&ops[0], target_i != -1);
+
+ find_reachable_exits(target_i, opcnt, target_i + opcnt * 24,
+ exits, &exit_count);
+ ferr_assert(&ops[target_i], exit_count == 1);
+ ferr_assert(&ops[target_i], ops[exits[0]].op == OP_RET);
+ tgend_i = exits[0];
+
+ // convert to jumps, link
+ ops[call_i].op = OP_JMP;
+ ops[call_i].bt_i = target_i;
+ add_label_ref(&g_label_refs[target_i], call_i);
+
+ ops[tgend_i].op = OP_JMP;
+ ops[tgend_i].flags &= ~OPF_TAIL;
+ ops[tgend_i].flags |= OPF_JMP;
+ ops[tgend_i].bt_i = return_i;
+ ops[tgend_i].operand_cnt = 1;
+ ops[tgend_i].operand[0].type = OPT_LABEL;
+ snprintf(ops[tgend_i].operand[0].name, NAMELEN, "%s", return_name);
+ add_label_ref(&g_label_refs[return_i], tgend_i);
+
+ // rm seh finally entry code
+ for (i = target_i - 1; i >= 0; i--) {
+ if (g_labels[i] != NULL && g_label_refs[i].i != -1)
+ return;
+ if (ops[i].flags & OPF_CJMP)
+ return;
+ if (ops[i].flags & (OPF_JMP | OPF_TAIL))
+ break;
+ }
+ for (i = target_i - 1; i >= 0; i--) {
+ if (ops[i].flags & (OPF_JMP | OPF_TAIL))
+ break;
+ ops[i].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+ }
+}
+
static void eliminate_seh(int opcnt)
{
int i, j, k, ret;
}
eliminate_seh_writes(opcnt);
+ eliminate_seh_finally(opcnt);
}
static void eliminate_seh_calls(int opcnt)
ferr_assert(ops, epilog_found);
eliminate_seh_writes(opcnt);
+ eliminate_seh_finally(opcnt);
}
static int scan_prologue(int i, int opcnt, int *ecx_push, int *esp_sub)
return pp;
}
+static void mark_float_arg(struct parsed_op *po,
+ struct parsed_proto *pp, int arg, int *regmask_ffca)
+{
+ po->p_argnext = -1;
+ po->p_argnum = arg + 1;
+ ferr_assert(po, pp->arg[arg].datap == NULL);
+ pp->arg[arg].datap = po;
+ po->flags |= OPF_DONE | OPF_FARGNR | OPF_FARG;
+ if (regmask_ffca != NULL)
+ *regmask_ffca |= 1 << arg;
+}
+
+static int check_for_stp(int i, int i_to)
+{
+ struct parsed_op *po;
+
+ for (; i < i_to; i++) {
+ po = &ops[i];
+ if (po->op == OP_FST)
+ return i;
+ if (g_labels[i] != NULL || (po->flags & OPF_JMP))
+ return -1;
+ if (po->op == OP_CALL || po->op == OP_PUSH || po->op == OP_POP)
+ return -1;
+ if (po->op == OP_ADD && po->operand[0].reg == xSP)
+ return -1;
+ }
+
+ return -1;
+}
+
static int collect_call_args_no_push(int i, struct parsed_proto *pp,
int *regmask_ffca)
{
}
arg = base_arg + offset / 4;
- po->p_argnext = -1;
- po->p_argnum = arg + 1;
- ferr_assert(po, pp->arg[arg].datap == NULL);
- pp->arg[arg].datap = po;
- po->flags |= OPF_DONE | OPF_FARGNR | OPF_FARG;
- if (regmask_ffca != NULL)
- *regmask_ffca |= 1 << arg;
+ mark_float_arg(po, pp, arg, regmask_ffca);
}
else if (po->op == OP_SUB && po->operand[0].reg == xSP
&& po->operand[1].type == OPT_CONST)
{
struct parsed_op *po;
int arg, ret;
- int j;
+ int offset;
+ int j, k;
for (arg = 0; arg < pp->argc; arg++)
if (pp->arg[arg].reg == NULL)
{
ops[j].p_argnext = -1;
ferr_assert(&ops[j], pp->arg[arg].datap == NULL);
- pp->arg[arg].datap = &ops[j];
- if (regmask != NULL && ops[j].operand[0].type == OPT_REG)
- *regmask |= 1 << ops[j].operand[0].reg;
+ k = check_for_stp(j + 1, i);
+ if (k != -1) {
+ // push ecx; fstp dword ptr [esp]
+ ret = parse_stack_esp_offset(&ops[k],
+ ops[k].operand[0].name, &offset);
+ if (ret == 0 && offset == 0) {
+ if (!pp->arg[arg].type.is_float)
+ ferr(&ops[i], "arg %d should be float\n", arg + 1);
+ mark_float_arg(&ops[k], pp, arg, regmask_ffca);
+ }
+ }
+
+ if (pp->arg[arg].datap == NULL) {
+ pp->arg[arg].datap = &ops[j];
+ if (regmask != NULL && ops[j].operand[0].type == OPT_REG)
+ *regmask |= 1 << ops[j].operand[0].reg;
+ }
ops[j].flags |= OPF_RMD | OPF_DONE | OPF_FARGNR | OPF_FARG;
ops[j].flags &= ~OPF_RSAVE;
if (pp->is_fptr && !(pp->name[0] != 0 && pp->is_arg)) {
if (pp->name[0] != 0) {
+ if (IS_START(pp->name, "guess"))
+ pp->is_guessed = 1;
+
memmove(pp->name + 2, pp->name, strlen(pp->name) + 1);
memcpy(pp->name, "i_", 2);
fprintf(fout, "%s%s = %s;\n", buf3, pp->name,
out_src_opr(buf1, sizeof(buf1), po, &po->operand[0],
"(void *)", 0));
- if (pp->is_unresolved || IS_START(pp->name, "i_guess"))
- fprintf(fout, "%sunresolved_call(\"%s:%d\", %s);\n",
- buf3, asmfn, po->asmln, pp->name);
+ }
+ if (pp->is_fptr && (pp->is_unresolved || pp->is_guessed)) {
+ fprintf(fout, "%sunresolved_call(\"%s:%d\", %s);\n",
+ buf3, asmfn, po->asmln, pp->name);
}
fprintf(fout, "%s", buf3);
if (tmp_op->operand[0].lmod == OPLM_QWORD)
arg++;
}
+ else if (pp->arg[arg].type.is_64bit) {
+ ferr_assert(po, tmp_op->p_argpass == 0);
+ ferr_assert(po, !pp->arg[arg].is_saved);
+ ferr_assert(po, !pp->arg[arg].type.is_float);
+ ferr_assert(po, cast[0] == 0);
+ out_src_opr(buf1, sizeof(buf1),
+ tmp_op, &tmp_op->operand[0], cast, 0);
+ tmp_op = pp->arg[++arg].datap;
+ ferr_assert(po, tmp_op != NULL);
+ out_src_opr(buf2, sizeof(buf2),
+ tmp_op, &tmp_op->operand[0], cast, 0);
+ fprintf(fout, "((u64)(%s) << 32) | (%s)",
+ buf2, buf1);
+ }
else if (tmp_op->p_argpass != 0) {
+ ferr_assert(po, !pp->arg[arg].type.is_float);
fprintf(fout, "a%d", tmp_op->p_argpass);
}
else if (pp->arg[arg].is_saved) {
ferr_assert(po, tmp_op->p_argnum > 0);
+ ferr_assert(po, !pp->arg[arg].type.is_float);
fprintf(fout, "%s%s", cast,
saved_arg_name(buf1, sizeof(buf1),
tmp_op->p_arggrp, tmp_op->p_argnum));
}
+ else if (pp->arg[arg].type.is_float) {
+ ferr_assert(po, !pp->arg[arg].type.is_64bit);
+ fprintf(fout, "%s",
+ out_src_opr_float(buf1, sizeof(buf1),
+ tmp_op, &tmp_op->operand[0], need_float_stack));
+ }
else {
fprintf(fout, "%s",
out_src_opr(buf1, sizeof(buf1),
}
switch (po->operand[0].val) {
case X87_CONST_1: fprintf(fout, "1.0;"); break;
- case X87_CONST_LN2: fprintf(fout, "0.693147180559945;"); break;
+ case X87_CONST_L2T: fprintf(fout, "3.321928094887362;"); break;
+ case X87_CONST_L2E: fprintf(fout, "M_LOG2E;"); break;
+ case X87_CONST_PI: fprintf(fout, "M_PI;"); break;
+ case X87_CONST_LG2: fprintf(fout, "0.301029995663981;"); break;
+ case X87_CONST_LN2: fprintf(fout, "M_LN2;"); break;
case X87_CONST_Z: fprintf(fout, "0.0;"); break;
- default: ferr(po, "TODO\n"); break;
+ default: ferr_assert(po, 0); break;
}
break;
int has_ret:3; // -1, 0, 1: unresolved, no, yes
unsigned int dep_resolved:1;
unsigned int is_stdcall:1;
+ unsigned int eax_pass:1; // returns without touching eax
struct func_proto_dep *dep_func;
int dep_func_cnt;
const struct parsed_proto *pp; // seed pp, if any
if (ret != 1 && from_caller) {
// unresolved eax - probably void func
*has_ret = 0;
+ fp->eax_pass = 1;
}
else {
if (j >= 0 && ops[j].op == OP_CALL) {
// noreturn OS functions
break;
}
- if (ops[i].op != OP_NOP && ops[i].op != OPP_ABORT)
+ if (!(ops[i].flags & OPF_RMD)
+ && ops[i].op != OP_NOP && ops[i].op != OPP_ABORT)
+ {
ferr(&ops[i], "unreachable code\n");
+ }
}
for (i = 0; i < g_eqcnt; i++) {
// adjust functions referenced from data segment
do_func_refs_from_data();
+ // final adjustments
+ for (i = 0; i < hg_fp_cnt; i++) {
+ if (hg_fp[i].eax_pass && (hg_fp[i].regmask_dep & mxAX))
+ hg_fp[i].has_ret = 1;
+ }
+
// note: messes up .proto ptr, don't use
//qsort(hg_fp, hg_fp_cnt, sizeof(hg_fp[0]), hg_fp_cmp_id);
int pi = 0;
int i, j;
int ret, len;
- char *p;
+ char *p, *p2;
int wordc;
for (arg = 1; arg < argc; arg++) {
// allow asm patches in comments
if (*p == ';') {
+ // skip IDA's forced non-removable comment
+ if (!IS_START(p, "; sct") && (p2 = strchr(p + 1, ';')))
+ p = p2;
+ }
+ if (*p == ';' && IS_START(p, "; sct")) {
if (IS_START(p, "; sctpatch:")) {
p = sskip(p + 11);
if (*p == 0 || *p == ';')
notaz.gp2x.de / ia32rtools.git / blobdiff