1 /*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "disassembler_arm.h"
18
19 #include <inttypes.h>
20
21 #include <ostream>
22 #include <sstream>
23
24 #include "arch/arm/registers_arm.h"
25 #include "base/bit_utils.h"
26 #include "base/logging.h"
27 #include "base/stringprintf.h"
28 #include "thread.h"
29
30 namespace art {
31 namespace arm {
32
Dump(std::ostream & os,const uint8_t * begin)33 size_t DisassemblerArm::Dump(std::ostream& os, const uint8_t* begin) {
34 if ((reinterpret_cast<intptr_t>(begin) & 1) == 0) {
35 DumpArm(os, begin);
36 return 4;
37 } else {
38 // remove thumb specifier bits
39 begin = reinterpret_cast<const uint8_t*>(reinterpret_cast<uintptr_t>(begin) & ~1);
40 return DumpThumb16(os, begin);
41 }
42 }
43
Dump(std::ostream & os,const uint8_t * begin,const uint8_t * end)44 void DisassemblerArm::Dump(std::ostream& os, const uint8_t* begin, const uint8_t* end) {
45 if ((reinterpret_cast<intptr_t>(begin) & 1) == 0) {
46 for (const uint8_t* cur = begin; cur < end; cur += 4) {
47 DumpArm(os, cur);
48 }
49 } else {
50 // remove thumb specifier bits
51 begin = reinterpret_cast<const uint8_t*>(reinterpret_cast<uintptr_t>(begin) & ~1);
52 end = reinterpret_cast<const uint8_t*>(reinterpret_cast<uintptr_t>(end) & ~1);
53 for (const uint8_t* cur = begin; cur < end;) {
54 cur += DumpThumb16(os, cur);
55 }
56 }
57 }
58
59 static const char* kConditionCodeNames[] = {
60 "eq", // 0000 - equal
61 "ne", // 0001 - not-equal
62 "cs", // 0010 - carry-set, greater than, equal or unordered
63 "cc", // 0011 - carry-clear, less than
64 "mi", // 0100 - minus, negative
65 "pl", // 0101 - plus, positive or zero
66 "vs", // 0110 - overflow
67 "vc", // 0111 - no overflow
68 "hi", // 1000 - unsigned higher
69 "ls", // 1001 - unsigned lower or same
70 "ge", // 1010 - signed greater than or equal
71 "lt", // 1011 - signed less than
72 "gt", // 1100 - signed greater than
73 "le", // 1101 - signed less than or equal
74 "", // 1110 - always
75 "nv", // 1111 - never (mostly obsolete, but might be a clue that we're mistranslating)
76 };
77
DumpCond(std::ostream & os,uint32_t cond)78 void DisassemblerArm::DumpCond(std::ostream& os, uint32_t cond) {
79 if (cond < 15) {
80 os << kConditionCodeNames[cond];
81 } else {
82 os << "Unexpected condition: " << cond;
83 }
84 }
85
DumpMemoryDomain(std::ostream & os,uint32_t domain)86 void DisassemblerArm::DumpMemoryDomain(std::ostream& os, uint32_t domain) {
87 switch (domain) {
88 case 15U /* 0b1111 */: os << "sy"; break;
89 case 14U /* 0b1110 */: os << "st"; break;
90 case 11U /* 0b1011 */: os << "ish"; break;
91 case 10U /* 0b1010 */: os << "ishst"; break;
92 case 7U /* 0b0111 */: os << "nsh"; break;
93 case 6U /* 0b0110 */: os << "nshst"; break;
94 case 3U /* 0b0011 */: os << "osh"; break;
95 case 2U /* 0b0010 */: os << "oshst"; break;
96 }
97 }
98
DumpBranchTarget(std::ostream & os,const uint8_t * instr_ptr,int32_t imm32)99 void DisassemblerArm::DumpBranchTarget(std::ostream& os, const uint8_t* instr_ptr, int32_t imm32) {
100 os << StringPrintf("%+d (", imm32) << FormatInstructionPointer(instr_ptr + imm32) << ")";
101 }
102
ReadU16(const uint8_t * ptr)103 static uint32_t ReadU16(const uint8_t* ptr) {
104 return ptr[0] | (ptr[1] << 8);
105 }
106
ReadU32(const uint8_t * ptr)107 static uint32_t ReadU32(const uint8_t* ptr) {
108 return ptr[0] | (ptr[1] << 8) | (ptr[2] << 16) | (ptr[3] << 24);
109 }
110
111 static const char* kDataProcessingOperations[] = {
112 "and", "eor", "sub", "rsb", "add", "adc", "sbc", "rsc",
113 "tst", "teq", "cmp", "cmn", "orr", "mov", "bic", "mvn",
114 };
115
116 static const char* kThumbDataProcessingOperations[] = {
117 "and", "eor", "lsl", "lsr", "asr", "adc", "sbc", "ror",
118 "tst", "rsb", "cmp", "cmn", "orr", "mul", "bic", "mvn",
119 };
120
121 static const char* const kThumb2ShiftOperations[] = {
122 "lsl", "lsr", "asr", "ror"
123 };
124
125 static const char* kThumbReverseOperations[] = {
126 "rev", "rev16", "rbit", "revsh"
127 };
128
129 struct ArmRegister {
ArmRegisterart::arm::ArmRegister130 explicit ArmRegister(uint32_t r_in) : r(r_in) { CHECK_LE(r_in, 15U); }
ArmRegisterart::arm::ArmRegister131 ArmRegister(uint32_t instruction, uint32_t at_bit) : r((instruction >> at_bit) & 0xf) {
132 CHECK_LE(r, 15U);
133 }
134 uint32_t r;
135 };
operator <<(std::ostream & os,const ArmRegister & r)136 std::ostream& operator<<(std::ostream& os, const ArmRegister& r) {
137 if (r.r == 13) {
138 os << "sp";
139 } else if (r.r == 14) {
140 os << "lr";
141 } else if (r.r == 15) {
142 os << "pc";
143 } else {
144 os << "r" << r.r;
145 }
146 return os;
147 }
148
149 struct ThumbRegister : ArmRegister {
ThumbRegisterart::arm::ThumbRegister150 ThumbRegister(uint16_t instruction, uint16_t at_bit) : ArmRegister((instruction >> at_bit) & 0x7) {}
151 };
152
153 struct RmLslImm2 {
RmLslImm2art::arm::RmLslImm2154 explicit RmLslImm2(uint32_t instr) : imm2((instr >> 4) & 0x3), rm(instr & 0xf) {}
155 uint32_t imm2;
156 ArmRegister rm;
157 };
operator <<(std::ostream & os,const RmLslImm2 & r)158 std::ostream& operator<<(std::ostream& os, const RmLslImm2& r) {
159 os << r.rm;
160 if (r.imm2 != 0) {
161 os << ", lsl #" << r.imm2;
162 }
163 return os;
164 }
165
166 struct ShiftedImmediate {
ShiftedImmediateart::arm::ShiftedImmediate167 explicit ShiftedImmediate(uint32_t instruction) {
168 uint32_t rotate = ((instruction >> 8) & 0xf);
169 uint32_t imm = (instruction & 0xff);
170 value = (imm >> (2 * rotate)) | (imm << (32 - (2 * rotate)));
171 }
172 uint32_t value;
173 };
operator <<(std::ostream & os,const ShiftedImmediate & rhs)174 std::ostream& operator<<(std::ostream& os, const ShiftedImmediate& rhs) {
175 os << "#" << rhs.value;
176 return os;
177 }
178
179 struct RegisterList {
RegisterListart::arm::RegisterList180 explicit RegisterList(uint32_t instruction) : register_list(instruction & 0xffff) {}
181 uint32_t register_list;
182 };
operator <<(std::ostream & os,const RegisterList & rhs)183 std::ostream& operator<<(std::ostream& os, const RegisterList& rhs) {
184 if (rhs.register_list == 0) {
185 os << "<no register list?>";
186 return os;
187 }
188 os << "{";
189 bool first = true;
190 for (size_t i = 0; i < 16; i++) {
191 if ((rhs.register_list & (1 << i)) != 0) {
192 if (first) {
193 first = false;
194 } else {
195 os << ", ";
196 }
197 os << ArmRegister(i);
198 }
199 }
200 os << "}";
201 return os;
202 }
203
204 struct FpRegister {
FpRegisterart::arm::FpRegister205 FpRegister(uint32_t instr, uint16_t at_bit, uint16_t extra_at_bit) {
206 size = (instr >> 8) & 1;
207 uint32_t Vn = (instr >> at_bit) & 0xF;
208 uint32_t N = (instr >> extra_at_bit) & 1;
209 r = (size != 0 ? ((N << 4) | Vn) : ((Vn << 1) | N));
210 }
FpRegisterart::arm::FpRegister211 FpRegister(uint32_t instr, uint16_t at_bit, uint16_t extra_at_bit, uint32_t forced_size) {
212 size = forced_size;
213 uint32_t Vn = (instr >> at_bit) & 0xF;
214 uint32_t N = (instr >> extra_at_bit) & 1;
215 r = (size != 0 ? ((N << 4) | Vn) : ((Vn << 1) | N));
216 }
FpRegisterart::arm::FpRegister217 FpRegister(const FpRegister& other, uint32_t offset)
218 : size(other.size), r(other.r + offset) {}
219
220 uint32_t size; // 0 = f32, 1 = f64
221 uint32_t r;
222 };
operator <<(std::ostream & os,const FpRegister & rhs)223 std::ostream& operator<<(std::ostream& os, const FpRegister& rhs) {
224 return os << ((rhs.size != 0) ? "d" : "s") << rhs.r;
225 }
226
227 struct FpRegisterRange {
FpRegisterRangeart::arm::FpRegisterRange228 explicit FpRegisterRange(uint32_t instr)
229 : first(instr, 12, 22), imm8(instr & 0xFF) {}
230 FpRegister first;
231 uint32_t imm8;
232 };
operator <<(std::ostream & os,const FpRegisterRange & rhs)233 std::ostream& operator<<(std::ostream& os, const FpRegisterRange& rhs) {
234 os << "{" << rhs.first;
235 int count = (rhs.first.size != 0 ? ((rhs.imm8 + 1u) >> 1) : rhs.imm8);
236 if (count > 1) {
237 os << "-" << FpRegister(rhs.first, count - 1);
238 }
239 if (rhs.imm8 == 0) {
240 os << " (EMPTY)";
241 } else if (rhs.first.size != 0 && (rhs.imm8 & 1) != 0) {
242 os << rhs.first << " (HALF)";
243 }
244 os << "}";
245 return os;
246 }
247
DumpArm(std::ostream & os,const uint8_t * instr_ptr)248 void DisassemblerArm::DumpArm(std::ostream& os, const uint8_t* instr_ptr) {
249 uint32_t instruction = ReadU32(instr_ptr);
250 uint32_t cond = (instruction >> 28) & 0xf;
251 uint32_t op1 = (instruction >> 25) & 0x7;
252 std::string opcode;
253 std::string suffixes;
254 std::ostringstream args;
255 switch (op1) {
256 case 0:
257 case 1: // Data processing instructions.
258 {
259 if ((instruction & 0x0ff000f0) == 0x01200070) { // BKPT
260 opcode = "bkpt";
261 uint32_t imm12 = (instruction >> 8) & 0xfff;
262 uint32_t imm4 = (instruction & 0xf);
263 args << '#' << ((imm12 << 4) | imm4);
264 break;
265 }
266 if ((instruction & 0x0fffffd0) == 0x012fff10) { // BX and BLX (register)
267 opcode = (((instruction >> 5) & 1) ? "blx" : "bx");
268 args << ArmRegister(instruction & 0xf);
269 break;
270 }
271 bool i = (instruction & (1 << 25)) != 0;
272 bool s = (instruction & (1 << 20)) != 0;
273 uint32_t op = (instruction >> 21) & 0xf;
274 opcode = kDataProcessingOperations[op];
275 bool implicit_s = ((op & ~3) == 8); // TST, TEQ, CMP, and CMN.
276 bool is_mov = op == 13U /* 0b1101 */ || op == 15U /* 0b1111 */;
277 if (is_mov) {
278 // Show only Rd and Rm.
279 if (s) {
280 suffixes += 's';
281 }
282 args << ArmRegister(instruction, 12) << ", ";
283 if (i) {
284 args << ShiftedImmediate(instruction);
285 } else {
286 // TODO: Shifted register.
287 args << ArmRegister(instruction, 16) << ", " << ArmRegister(instruction, 0);
288 }
289 } else {
290 if (implicit_s) {
291 // Rd is unused (and not shown), and we don't show the 's' suffix either.
292 } else {
293 if (s) {
294 suffixes += 's';
295 }
296 args << ArmRegister(instruction, 12) << ", ";
297 }
298 if (i) {
299 args << ArmRegister(instruction, 16) << ", " << ShiftedImmediate(instruction);
300 } else {
301 // TODO: Shifted register.
302 args << ArmRegister(instruction, 16) << ", " << ArmRegister(instruction, 0);
303 }
304 }
305 }
306 break;
307 case 2: // Load/store word and unsigned byte.
308 {
309 bool p = (instruction & (1 << 24)) != 0;
310 bool b = (instruction & (1 << 22)) != 0;
311 bool w = (instruction & (1 << 21)) != 0;
312 bool l = (instruction & (1 << 20)) != 0;
313 opcode = StringPrintf("%s%s", (l ? "ldr" : "str"), (b ? "b" : ""));
314 args << ArmRegister(instruction, 12) << ", ";
315 ArmRegister rn(instruction, 16);
316 if (rn.r == 0xf) {
317 UNIMPLEMENTED(FATAL) << "literals";
318 } else {
319 bool wback = !p || w;
320 uint32_t offset = (instruction & 0xfff);
321 if (p && !wback) {
322 args << "[" << rn << ", #" << offset << "]";
323 } else if (p && wback) {
324 args << "[" << rn << ", #" << offset << "]!";
325 } else if (!p && wback) {
326 args << "[" << rn << "], #" << offset;
327 } else {
328 LOG(FATAL) << p << " " << w;
329 }
330 if (rn.r == 9) {
331 args << " ; ";
332 Thread::DumpThreadOffset<4>(args, offset);
333 }
334 }
335 }
336 break;
337 case 4: // Load/store multiple.
338 {
339 bool p = (instruction & (1 << 24)) != 0;
340 bool u = (instruction & (1 << 23)) != 0;
341 bool w = (instruction & (1 << 21)) != 0;
342 bool l = (instruction & (1 << 20)) != 0;
343 opcode = StringPrintf("%s%c%c", (l ? "ldm" : "stm"), (u ? 'i' : 'd'), (p ? 'b' : 'a'));
344 args << ArmRegister(instruction, 16) << (w ? "!" : "") << ", " << RegisterList(instruction);
345 }
346 break;
347 case 5: // Branch/branch with link.
348 {
349 bool bl = (instruction & (1 << 24)) != 0;
350 opcode = (bl ? "bl" : "b");
351 int32_t imm26 = (instruction & 0xffffff) << 2;
352 int32_t imm32 = (imm26 << 6) >> 6; // Sign extend.
353 DumpBranchTarget(args, instr_ptr + 8, imm32);
354 }
355 break;
356 default:
357 opcode = "???";
358 break;
359 }
360 opcode += kConditionCodeNames[cond];
361 opcode += suffixes;
362 // TODO: a more complete ARM disassembler could generate wider opcodes.
363 os << FormatInstructionPointer(instr_ptr)
364 << StringPrintf(": %08x\t%-7s ", instruction, opcode.c_str())
365 << args.str() << '\n';
366 }
367
ThumbExpand(int32_t imm12)368 int32_t ThumbExpand(int32_t imm12) {
369 if ((imm12 & 0xC00) == 0) {
370 switch ((imm12 >> 8) & 3) {
371 case 0:
372 return imm12 & 0xFF;
373 case 1:
374 return ((imm12 & 0xFF) << 16) | (imm12 & 0xFF);
375 case 2:
376 return ((imm12 & 0xFF) << 24) | ((imm12 & 0xFF) << 8);
377 default: // 3
378 return ((imm12 & 0xFF) << 24) | ((imm12 & 0xFF) << 16) | ((imm12 & 0xFF) << 8) |
379 (imm12 & 0xFF);
380 }
381 } else {
382 uint32_t val = 0x80 | (imm12 & 0x7F);
383 int32_t rotate = (imm12 >> 7) & 0x1F;
384 return (val >> rotate) | (val << (32 - rotate));
385 }
386 }
387
VFPExpand32(uint32_t imm8)388 uint32_t VFPExpand32(uint32_t imm8) {
389 CHECK_EQ(imm8 & 0xffu, imm8);
390 uint32_t bit_a = (imm8 >> 7) & 1;
391 uint32_t bit_b = (imm8 >> 6) & 1;
392 uint32_t slice = imm8 & 0x3f;
393 return (bit_a << 31) | ((1 << 30) - (bit_b << 25)) | (slice << 19);
394 }
395
VFPExpand64(uint32_t imm8)396 static uint64_t VFPExpand64(uint32_t imm8) {
397 CHECK_EQ(imm8 & 0xffu, imm8);
398 uint64_t bit_a = (imm8 >> 7) & 1;
399 uint64_t bit_b = (imm8 >> 6) & 1;
400 uint64_t slice = imm8 & 0x3f;
401 return (bit_a << 63) | ((UINT64_C(1) << 62) - (bit_b << 54)) | (slice << 48);
402 }
403
404 enum T2LitType {
405 kT2LitInvalid,
406 kT2LitUByte,
407 kT2LitSByte,
408 kT2LitUHalf,
409 kT2LitSHalf,
410 kT2LitUWord,
411 kT2LitSWord,
412 kT2LitHexWord,
413 kT2LitULong,
414 kT2LitSLong,
415 kT2LitHexLong,
416 };
operator <<(std::ostream & os,T2LitType type)417 std::ostream& operator<<(std::ostream& os, T2LitType type) {
418 return os << static_cast<int>(type);
419 }
420
DumpThumb2Literal(std::ostream & args,const uint8_t * instr_ptr,const uintptr_t lo_adr,const uintptr_t hi_adr,uint32_t U,uint32_t imm32,T2LitType type)421 void DumpThumb2Literal(std::ostream& args,
422 const uint8_t* instr_ptr,
423 const uintptr_t lo_adr,
424 const uintptr_t hi_adr,
425 uint32_t U,
426 uint32_t imm32,
427 T2LitType type) {
428 // Literal offsets (imm32) are not required to be aligned so we may need unaligned access.
429 typedef const int16_t unaligned_int16_t __attribute__ ((aligned (1)));
430 typedef const uint16_t unaligned_uint16_t __attribute__ ((aligned (1)));
431 typedef const int32_t unaligned_int32_t __attribute__ ((aligned (1)));
432 typedef const uint32_t unaligned_uint32_t __attribute__ ((aligned (1)));
433 typedef const int64_t unaligned_int64_t __attribute__ ((aligned (1)));
434 typedef const uint64_t unaligned_uint64_t __attribute__ ((aligned (1)));
435
436 // Get address of literal. Bail if not within expected buffer range to
437 // avoid trying to fetch invalid literals (we can encounter this when
438 // interpreting raw data as instructions).
439 uintptr_t pc = RoundDown(reinterpret_cast<intptr_t>(instr_ptr) + 4, 4);
440 uintptr_t lit_adr = U ? pc + imm32 : pc - imm32;
441 if (lit_adr < lo_adr || lit_adr >= hi_adr) {
442 args << " ; (?)";
443 return;
444 }
445
446 args << " ; ";
447 switch (type) {
448 case kT2LitUByte:
449 args << *reinterpret_cast<const uint8_t*>(lit_adr);
450 break;
451 case kT2LitSByte:
452 args << *reinterpret_cast<const int8_t*>(lit_adr);
453 break;
454 case kT2LitUHalf:
455 args << *reinterpret_cast<const unaligned_uint16_t*>(lit_adr);
456 break;
457 case kT2LitSHalf:
458 args << *reinterpret_cast<const unaligned_int16_t*>(lit_adr);
459 break;
460 case kT2LitUWord:
461 args << *reinterpret_cast<const unaligned_uint32_t*>(lit_adr);
462 break;
463 case kT2LitSWord:
464 args << *reinterpret_cast<const unaligned_int32_t*>(lit_adr);
465 break;
466 case kT2LitHexWord:
467 args << StringPrintf("0x%08x", *reinterpret_cast<const unaligned_uint32_t*>(lit_adr));
468 break;
469 case kT2LitULong:
470 args << *reinterpret_cast<const unaligned_uint64_t*>(lit_adr);
471 break;
472 case kT2LitSLong:
473 args << *reinterpret_cast<const unaligned_int64_t*>(lit_adr);
474 break;
475 case kT2LitHexLong:
476 args << StringPrintf("0x%" PRIx64, *reinterpret_cast<unaligned_int64_t*>(lit_adr));
477 break;
478 default:
479 LOG(FATAL) << "Invalid type: " << type;
480 break;
481 }
482 }
483
DumpThumb32(std::ostream & os,const uint8_t * instr_ptr)484 size_t DisassemblerArm::DumpThumb32(std::ostream& os, const uint8_t* instr_ptr) {
485 uint32_t instr = (ReadU16(instr_ptr) << 16) | ReadU16(instr_ptr + 2);
486 // |111|1 1|1000000|0000|1111110000000000|
487 // |5 3|2 1|0987654|3 0|5 0 5 0|
488 // |---|---|-------|----|----------------|
489 // |332|2 2|2222222|1111|1111110000000000|
490 // |1 9|8 7|6543210|9 6|5 0 5 0|
491 // |---|---|-------|----|----------------|
492 // |111|op1| op2 | | |
493 uint32_t op1 = (instr >> 27) & 3;
494 if (op1 == 0) {
495 return DumpThumb16(os, instr_ptr);
496 }
497
498 // Set valid address range of backing buffer.
499 const uintptr_t lo_adr = reinterpret_cast<intptr_t>(GetDisassemblerOptions()->base_address_);
500 const uintptr_t hi_adr = reinterpret_cast<intptr_t>(GetDisassemblerOptions()->end_address_);
501
502 uint32_t op2 = (instr >> 20) & 0x7F;
503 std::ostringstream opcode;
504 std::ostringstream args;
505 switch (op1) {
506 case 0:
507 break;
508 case 1:
509 if ((op2 & 0x64) == 0) { // 00x x0xx
510 // |111|11|10|00|0|00|0000|1111110000000000|
511 // |5 3|21|09|87|6|54|3 0|5 0 5 0|
512 // |---|--|--|--|-|--|----|----------------|
513 // |332|22|22|22|2|22|1111|1111110000000000|
514 // |1 9|87|65|43|2|10|9 6|5 0 5 0|
515 // |---|--|--|--|-|--|----|----------------|
516 // |111|01|00|op|0|WL| Rn | |
517 // |111|01| op2 | | |
518 // STM - 111 01 00-01-0-W0 nnnn rrrrrrrrrrrrrrrr
519 // LDM - 111 01 00-01-0-W1 nnnn rrrrrrrrrrrrrrrr
520 // PUSH- 111 01 00-01-0-10 1101 0M0rrrrrrrrrrrrr
521 // POP - 111 01 00-01-0-11 1101 PM0rrrrrrrrrrrrr
522 uint32_t op = (instr >> 23) & 3;
523 uint32_t W = (instr >> 21) & 1;
524 uint32_t L = (instr >> 20) & 1;
525 ArmRegister Rn(instr, 16);
526 if (op == 1 || op == 2) {
527 if (op == 1) {
528 if (L == 0) {
529 opcode << "stm";
530 args << Rn << (W == 0 ? "" : "!") << ", ";
531 } else {
532 if (Rn.r != 13) {
533 opcode << "ldm";
534 args << Rn << (W == 0 ? "" : "!") << ", ";
535 } else {
536 opcode << "pop";
537 }
538 }
539 } else {
540 if (L == 0) {
541 if (Rn.r != 13) {
542 opcode << "stmdb";
543 args << Rn << (W == 0 ? "" : "!") << ", ";
544 } else {
545 opcode << "push";
546 }
547 } else {
548 opcode << "ldmdb";
549 args << Rn << (W == 0 ? "" : "!") << ", ";
550 }
551 }
552 args << RegisterList(instr);
553 }
554 } else if ((op2 & 0x64) == 4) { // 00x x1xx
555 uint32_t op3 = (instr >> 23) & 3;
556 uint32_t op4 = (instr >> 20) & 3;
557 // uint32_t op5 = (instr >> 4) & 0xF;
558 ArmRegister Rn(instr, 16);
559 ArmRegister Rt(instr, 12);
560 ArmRegister Rd(instr, 8);
561 uint32_t imm8 = instr & 0xFF;
562 if ((op3 & 2) == 2) { // 1x
563 int W = (instr >> 21) & 1;
564 int U = (instr >> 23) & 1;
565 int P = (instr >> 24) & 1;
566
567 if ((op4 & 1) == 1) {
568 opcode << "ldrd";
569 } else {
570 opcode << "strd";
571 }
572 args << Rt << "," << Rd << ", [" << Rn;
573 const char *sign = U ? "+" : "-";
574 if (P == 0 && W == 1) {
575 args << "], #" << sign << (imm8 << 2);
576 } else {
577 args << ", #" << sign << (imm8 << 2) << "]";
578 if (W == 1) {
579 args << "!";
580 }
581 }
582 } else { // 0x
583 switch (op4) {
584 case 0:
585 if (op3 == 0) { // op3 is 00, op4 is 00
586 opcode << "strex";
587 args << Rd << ", " << Rt << ", [" << Rn << ", #" << (imm8 << 2) << "]";
588 if (Rd.r == 13 || Rd.r == 15 || Rt.r == 13 || Rt.r == 15 || Rn.r == 15 ||
589 Rd.r == Rn.r || Rd.r == Rt.r) {
590 args << " (UNPREDICTABLE)";
591 }
592 } else { // op3 is 01, op4 is 00
593 // this is one of strexb, strexh or strexd
594 int op5 = (instr >> 4) & 0xf;
595 switch (op5) {
596 case 4:
597 case 5:
598 opcode << ((op5 == 4) ? "strexb" : "strexh");
599 Rd = ArmRegister(instr, 0);
600 args << Rd << ", " << Rt << ", [" << Rn << "]";
601 if (Rd.r == 13 || Rd.r == 15 || Rt.r == 13 || Rt.r == 15 || Rn.r == 15 ||
602 Rd.r == Rn.r || Rd.r == Rt.r || (instr & 0xf00) != 0xf00) {
603 args << " (UNPREDICTABLE)";
604 }
605 break;
606 case 7:
607 opcode << "strexd";
608 ArmRegister Rt2 = Rd;
609 Rd = ArmRegister(instr, 0);
610 args << Rd << ", " << Rt << ", " << Rt2 << ", [" << Rn << "]";
611 if (Rd.r == 13 || Rd.r == 15 || Rt.r == 13 || Rt.r == 15 ||
612 Rt2.r == 13 || Rt2.r == 15 || Rn.r == 15 ||
613 Rd.r == Rn.r || Rd.r == Rt.r || Rd.r == Rt2.r) {
614 args << " (UNPREDICTABLE)";
615 }
616 break;
617 }
618 }
619 break;
620 case 1:
621 if (op3 == 0) { // op3 is 00, op4 is 01
622 opcode << "ldrex";
623 args << Rt << ", [" << Rn << ", #" << (imm8 << 2) << "]";
624 if (Rt.r == 13 || Rt.r == 15 || Rn.r == 15 || (instr & 0xf00) != 0xf00) {
625 args << " (UNPREDICTABLE)";
626 }
627 } else { // op3 is 01, op4 is 01
628 // this is one of strexb, strexh or strexd
629 int op5 = (instr >> 4) & 0xf;
630 switch (op5) {
631 case 0:
632 opcode << "tbb";
633 break;
634 case 1:
635 opcode << "tbh";
636 break;
637 case 4:
638 case 5:
639 opcode << ((op5 == 4) ? "ldrexb" : "ldrexh");
640 args << Rt << ", [" << Rn << "]";
641 if (Rt.r == 13 || Rt.r == 15 || Rn.r == 15 || (instr & 0xf0f) != 0xf0f) {
642 args << " (UNPREDICTABLE)";
643 }
644 break;
645 case 7:
646 opcode << "ldrexd";
647 args << Rt << ", " << Rd /* Rt2 */ << ", [" << Rn << "]";
648 if (Rt.r == 13 || Rt.r == 15 || Rd.r == 13 /* Rt2 */ || Rd.r == 15 /* Rt2 */ ||
649 Rn.r == 15 || (instr & 0x00f) != 0x00f) {
650 args << " (UNPREDICTABLE)";
651 }
652 break;
653 }
654 }
655 break;
656 case 2: // op3 is 0x, op4 is 10
657 case 3: // op3 is 0x, op4 is 11
658 if (op4 == 2) {
659 opcode << "strd";
660 } else {
661 opcode << "ldrd";
662 }
663 int W = (instr >> 21) & 1;
664 int U = (instr >> 23) & 1;
665 int P = (instr >> 24) & 1;
666
667 args << Rt << "," << Rd << ", [" << Rn;
668 const char *sign = U ? "+" : "-";
669 if (P == 0 && W == 1) {
670 args << "], #" << sign << imm8;
671 } else {
672 args << ", #" << sign << imm8 << "]";
673 if (W == 1) {
674 args << "!";
675 }
676 }
677 break;
678 }
679 }
680
681 } else if ((op2 & 0x60) == 0x20) { // 01x xxxx
682 // Data-processing (shifted register)
683 // |111|1110|0000|0|0000|1111|1100|00|00|0000|
684 // |5 3|2109|8765|4|3 0|5 |10 8|7 |5 |3 0|
685 // |---|----|----|-|----|----|----|--|--|----|
686 // |332|2222|2222|2|1111|1111|1100|00|00|0000|
687 // |1 9|8765|4321|0|9 6|5 |10 8|7 |5 |3 0|
688 // |---|----|----|-|----|----|----|--|--|----|
689 // |111|0101| op3|S| Rn |imm3| Rd |i2|ty| Rm |
690 uint32_t op3 = (instr >> 21) & 0xF;
691 uint32_t S = (instr >> 20) & 1;
692 uint32_t imm3 = ((instr >> 12) & 0x7);
693 uint32_t imm2 = ((instr >> 6) & 0x3);
694 uint32_t imm5 = ((imm3 << 2) | imm2);
695 uint32_t shift_type = ((instr >> 4) & 0x3);
696 ArmRegister Rd(instr, 8);
697 ArmRegister Rn(instr, 16);
698 ArmRegister Rm(instr, 0);
699 switch (op3) {
700 case 0x0:
701 if (Rd.r != 0xF) {
702 opcode << "and";
703 } else {
704 if (S != 1U) {
705 opcode << "UNKNOWN TST-" << S;
706 break;
707 }
708 opcode << "tst";
709 S = 0; // don't print 's'
710 }
711 break;
712 case 0x1: opcode << "bic"; break;
713 case 0x2:
714 if (Rn.r != 0xF) {
715 opcode << "orr";
716 } else {
717 // TODO: use canonical form if there is a shift (lsl, ...).
718 opcode << "mov";
719 }
720 break;
721 case 0x3:
722 if (Rn.r != 0xF) {
723 opcode << "orn";
724 } else {
725 opcode << "mvn";
726 }
727 break;
728 case 0x4:
729 if (Rd.r != 0xF) {
730 opcode << "eor";
731 } else {
732 if (S != 1U) {
733 opcode << "UNKNOWN TEQ-" << S;
734 break;
735 }
736 opcode << "teq";
737 S = 0; // don't print 's'
738 }
739 break;
740 case 0x6: opcode << "pkh"; break;
741 case 0x8:
742 if (Rd.r != 0xF) {
743 opcode << "add";
744 } else {
745 if (S != 1U) {
746 opcode << "UNKNOWN CMN-" << S;
747 break;
748 }
749 opcode << "cmn";
750 S = 0; // don't print 's'
751 }
752 break;
753 case 0xA: opcode << "adc"; break;
754 case 0xB: opcode << "sbc"; break;
755 case 0xD:
756 if (Rd.r != 0xF) {
757 opcode << "sub";
758 } else {
759 if (S != 1U) {
760 opcode << "UNKNOWN CMP-" << S;
761 break;
762 }
763 opcode << "cmp";
764 S = 0; // don't print 's'
765 }
766 break;
767 case 0xE: opcode << "rsb"; break;
768 default: opcode << "UNKNOWN DPSR-" << op3; break;
769 }
770
771 if (S == 1) {
772 opcode << "s";
773 }
774 opcode << ".w";
775
776 if (Rd.r != 0xF) {
777 args << Rd << ", ";
778 }
779 if (Rn.r != 0xF) {
780 args << Rn << ", ";
781 }
782 args << Rm;
783
784 // Shift operand.
785 bool noShift = (imm5 == 0 && shift_type != 0x3);
786 if (!noShift) {
787 args << ", ";
788 switch (shift_type) {
789 case 0x0: args << "lsl"; break;
790 case 0x1: args << "lsr"; break;
791 case 0x2: args << "asr"; break;
792 case 0x3:
793 if (imm5 == 0) {
794 args << "rrx";
795 } else {
796 args << "ror #" << imm5;
797 }
798 break;
799 }
800 if (shift_type != 0x3 /* rrx */) {
801 args << StringPrintf(" #%d", (0 != imm5 || 0 == shift_type) ? imm5 : 32);
802 }
803 }
804
805 } else if ((op2 & 0x40) == 0x40) { // 1xx xxxx
806 // Co-processor instructions
807 // |111|1|11|000000|0000|1111|1100|000|0 |0000|
808 // |5 3|2|10|987654|3 0|54 2|10 8|7 5|4 | 0|
809 // |---|-|--|------|----|----|----|---|---|----|
810 // |332|2|22|222222|1111|1111|1100|000|0 |0000|
811 // |1 9|8|76|543210|9 6|54 2|10 8|7 5|4 | 0|
812 // |---|-|--|------|----|----|----|---|---|----|
813 // |111| |11| op3 | Rn | |copr| |op4| |
814 uint32_t op3 = (instr >> 20) & 0x3F;
815 uint32_t coproc = (instr >> 8) & 0xF;
816 uint32_t op4 = (instr >> 4) & 0x1;
817
818 if (coproc == 0xA || coproc == 0xB) { // 101x
819 if (op3 < 0x20 && (op3 & ~5) != 0) { // 0xxxxx and not 000x0x
820 // Extension register load/store instructions
821 // |1111|110|00000|0000|1111|110|0|00000000|
822 // |5 2|1 9|87654|3 0|5 2|1 9|8|7 0|
823 // |----|---|-----|----|----|---|-|--------|
824 // |3322|222|22222|1111|1111|110|0|00000000|
825 // |1 8|7 5|4 0|9 6|5 2|1 9|8|7 0|
826 // |----|---|-----|----|----|---|-|--------|
827 // |1110|110|PUDWL| Rn | Vd |101|S| imm8 |
828 uint32_t P = (instr >> 24) & 1;
829 uint32_t U = (instr >> 23) & 1;
830 uint32_t W = (instr >> 21) & 1;
831 if (P == U && W == 1) {
832 opcode << "UNDEFINED";
833 } else {
834 uint32_t L = (instr >> 20) & 1;
835 uint32_t S = (instr >> 8) & 1;
836 ArmRegister Rn(instr, 16);
837 if (P == 1 && W == 0) { // VLDR
838 FpRegister d(instr, 12, 22);
839 uint32_t imm8 = instr & 0xFF;
840 opcode << (L == 1 ? "vldr" : "vstr");
841 args << d << ", [" << Rn << ", #" << ((U == 1) ? "" : "-")
842 << (imm8 << 2) << "]";
843 if (Rn.r == 15 && U == 1) {
844 DumpThumb2Literal(args, instr_ptr, lo_adr, hi_adr, U, imm8 << 2, kT2LitHexLong);
845 }
846 } else if (Rn.r == 13 && W == 1 && U == L) { // VPUSH/VPOP
847 opcode << (L == 1 ? "vpop" : "vpush");
848 args << FpRegisterRange(instr);
849 } else { // VLDM
850 opcode << (L == 1 ? "vldm" : "vstm");
851 args << Rn << ((W == 1) ? "!" : "") << ", "
852 << FpRegisterRange(instr);
853 }
854 opcode << (S == 1 ? ".f64" : ".f32");
855 }
856 } else if ((op3 >> 1) == 2) { // 00010x
857 if ((instr & 0xD0) == 0x10) {
858 // 64bit transfers between ARM core and extension registers.
859 uint32_t L = (instr >> 20) & 1;
860 uint32_t S = (instr >> 8) & 1;
861 ArmRegister Rt2(instr, 16);
862 ArmRegister Rt(instr, 12);
863 FpRegister m(instr, 0, 5);
864 opcode << "vmov" << (S ? ".f64" : ".f32");
865 if (L == 1) {
866 args << Rt << ", " << Rt2 << ", ";
867 }
868 if (S) {
869 args << m;
870 } else {
871 args << m << ", " << FpRegister(m, 1);
872 }
873 if (L == 0) {
874 args << ", " << Rt << ", " << Rt2;
875 }
876 if (Rt.r == 15 || Rt.r == 13 || Rt2.r == 15 || Rt2.r == 13 ||
877 (S == 0 && m.r == 31) || (L == 1 && Rt.r == Rt2.r)) {
878 args << " (UNPREDICTABLE)";
879 }
880 }
881 } else if ((op3 >> 4) == 2 && op4 == 0) { // 10xxxx, op = 0
882 // fp data processing
883 // VMLA, VMLS, VMUL, VNMUL, VADD, VSUB, VDIV, VMOV, ...
884 // |1111|1100|0|0|00|0000|1111|110|0|0|0|0|0|0000|
885 // |5 2|1 8|7|6|54|3 0|5 2|1 9|8|7|6|5|4|3 0|
886 // |----|----|-|-|--|----|----|---|-|-|-|-|-|----|
887 // |3322|2222|2|2|22|1111|1111|110|0|0|0|0|0|0000|
888 // |1 8|7 4|3|2|10|9 6|5 2|1 9|8|7|6|5|4|3 0|
889 // |----|----|-|-|--|----|----|---|-|-|-|-|-|----|
890 // |1110|1110| op3 | Vn | Vd |101|S|N|Q|M|0| Vm |
891 // |1110|1110|0|D|00| Vn | Vd |101|S|N|0|M|0| Vm | VMLA
892 // |1110|1110|0|D|00| Vn | Vd |101|S|N|1|M|0| Vm | VMLS
893 // |1110|1110|0|D|10| Vn | Vd |101|S|N|0|M|0| Vm | VMUL
894 // |1110|1110|0|D|10| Vn | Vd |101|S|N|1|M|0| Vm | VNMUL
895 // |1110|1110|0|D|11| Vn | Vd |101|S|N|0|M|0| Vm | VADD
896 // |1110|1110|0|D|11| Vn | Vd |101|S|N|1|M|0| Vm | VSUB
897 // |1110|1110|1|D|00| Vn | Vd |101|S|N|0|M|0| Vm | VDIV
898 // |1110|1110|1|D|11| iH | Vd |101|S|0|0|0|0| iL | VMOV (imm)
899 // |1110|1110|1|D|11|op5 | Vd |101|S|.|1|M|0| Vm | ... (see below)
900 uint32_t S = (instr >> 8) & 1;
901 uint32_t Q = (instr >> 6) & 1;
902 FpRegister d(instr, 12, 22);
903 FpRegister n(instr, 16, 7);
904 FpRegister m(instr, 0, 5);
905 if ((op3 & 0xB) == 0) { // 100x00
906 opcode << (Q == 0 ? "vmla" : "vmls") << (S != 0 ? ".f64" : ".f32");
907 args << d << ", " << n << ", " << m;
908 } else if ((op3 & 0xB) == 0x2) { // 100x10
909 opcode << (Q == 0 ? "vmul" : "vnmul") << (S != 0 ? ".f64" : ".f32");
910 args << d << ", " << n << ", " << m;
911 } else if ((op3 & 0xB) == 0x3) { // 100x11
912 opcode << (Q == 0 ? "vadd" : "vsub") << (S != 0 ? ".f64" : ".f32");
913 args << d << ", " << n << ", " << m;
914 } else if ((op3 & 0xB) == 0x8 && Q == 0) { // 101x00, Q == 0
915 opcode << "vdiv" << (S != 0 ? ".f64" : ".f32");
916 args << d << ", " << n << ", " << m;
917 } else if ((op3 & 0xB) == 0xB && Q == 0) { // 101x11, Q == 0
918 uint32_t imm8 = ((instr & 0xf0000u) >> 12) | (instr & 0xfu);
919 opcode << "vmov" << (S != 0 ? ".f64" : ".f32");
920 args << d << ", " << (S != 0 ? StringPrintf("0x%016" PRIx64, VFPExpand64(imm8))
921 : StringPrintf("0x%08x", VFPExpand32(imm8)));
922 if ((instr & 0xa0) != 0) {
923 args << " (UNPREDICTABLE)";
924 }
925 } else if ((op3 & 0xB) == 0xB && Q == 1) { // 101x11, Q == 1
926 // VNEG, VSQRT, VCMP, VCMPE, VCVT (floating-point conversion)
927 // |1111|1100|0|0|00|0000|1111|110|0|0 |0|0|0|0000|
928 // |5 2|1 8|7|6|54|3 0|5 2|1 9|8|7 |6|5|4|3 0|
929 // |----|----|-|-|--|----|----|---|-|- |-|-|-|----|
930 // |3322|2222|2|2|22|1111|1111|110|0|0 |0|0|0|0000|
931 // |1 8|7 4|3|2|10|9 6|5 2|1 9|8|7 |6|5|4|3 0|
932 // |----|----|-|-|--|----|----|---|-|- |-|-|-|----|
933 // |1110|1110|1|D|11|0000| Vd |101|S|0 |1|M|0| Vm | VMOV (reg)
934 // |1110|1110|1|D|11|0000| Vd |101|S|1 |1|M|0| Vm | VABS
935 // |1110|1110|1|D|11|0001| Vd |101|S|0 |1|M|0| Vm | VNEG
936 // |1110|1110|1|D|11|0001| Vd |101|S|1 |1|M|0| Vm | VSQRT
937 // |1110|1110|1|D|11|0100| Vd |101|S|op|1|M|0| Vm | VCMP
938 // |1110|1110|1|D|11|0101| Vd |101|S|op|1|0|0|0000| VCMPE
939 // |1110|1110|1|D|11|op5 | Vd |101|S|op|1|M|0| Vm | VCVT
940 uint32_t op5 = (instr >> 16) & 0xF;
941 uint32_t op = (instr >> 7) & 1;
942 // Register types in VCVT instructions rely on the combination of op5 and S.
943 FpRegister Dd(instr, 12, 22, 1);
944 FpRegister Sd(instr, 12, 22, 0);
945 FpRegister Dm(instr, 0, 5, 1);
946 FpRegister Sm(instr, 0, 5, 0);
947 if (op5 == 0) {
948 opcode << (op == 0 ? "vmov" : "vabs") << (S != 0 ? ".f64" : ".f32");
949 args << d << ", " << m;
950 } else if (op5 == 1) {
951 opcode << (op != 0 ? "vsqrt" : "vneg") << (S != 0 ? ".f64" : ".f32");
952 args << d << ", " << m;
953 } else if (op5 == 4) {
954 opcode << "vcmp" << (S != 0 ? ".f64" : ".f32");
955 args << d << ", " << m;
956 if (op != 0) {
957 args << " (quiet nan)";
958 }
959 } else if (op5 == 5) {
960 opcode << "vcmpe" << (S != 0 ? ".f64" : ".f32");
961 args << d << ", #0.0";
962 if (op != 0) {
963 args << " (quiet nan)";
964 }
965 if ((instr & 0x2f) != 0) {
966 args << " (UNPREDICTABLE)";
967 }
968 } else if (op5 == 0xD) {
969 if (S == 1) {
970 // vcvt{r}.s32.f64
971 opcode << "vcvt" << (op == 0 ? "r" : "") << ".s32.f64";
972 args << Sd << ", " << Dm;
973 } else {
974 // vcvt{r}.s32.f32
975 opcode << "vcvt" << (op == 0 ? "r" : "") << ".s32.f32";
976 args << Sd << ", " << Sm;
977 }
978 } else if (op5 == 0xC) {
979 if (S == 1) {
980 // vcvt{r}.u32.f64
981 opcode << "vcvt" << (op == 0 ? "r" : "") << ".u32.f64";
982 args << Sd << ", " << Dm;
983 } else {
984 // vcvt{r}.u32.f32
985 opcode << "vcvt" << (op == 0 ? "r" : "") << ".u32.f32";
986 args << Sd << ", " << Sm;
987 }
988 } else if (op5 == 0x8) {
989 if (S == 1) {
990 // vcvt.f64.<Tm>
991 opcode << "vcvt.f64." << (op == 0 ? "u" : "s") << "32";
992 args << Dd << ", " << Sm;
993 } else {
994 // vcvt.f32.<Tm>
995 opcode << "vcvt.f32." << (op == 0 ? "u" : "s") << "32";
996 args << Sd << ", " << Sm;
997 }
998 } else if (op5 == 0x7) {
999 if (op == 1) {
1000 if (S == 1) {
1001 // vcvt.f64.f32
1002 opcode << "vcvt.f64.f32";
1003 args << Dd << ", " << Sm;
1004 } else {
1005 // vcvt.f32.f64
1006 opcode << "vcvt.f32.f64";
1007 args << Sd << ", " << Dm;
1008 }
1009 }
1010 } else if ((op5 & 0xa) == 0xa) {
1011 opcode << "vcvt";
1012 args << "[undecoded: floating <-> fixed]";
1013 }
1014 }
1015 } else if ((op3 >> 4) == 2 && op4 == 1) { // 10xxxx, op = 1
1016 if (coproc == 10 && (op3 & 0xE) == 0) {
1017 // VMOV (between ARM core register and single-precision register)
1018 // |1111|1100|000|0 |0000|1111|1100|0|00|0|0000|
1019 // |5 |1 8|7 5|4 |3 0|5 2|1 8|7|65|4|3 0|
1020 // |----|----|---|- |----|----|----|-|--|-|----|
1021 // |3322|2222|222|2 |1111|1111|1100|0|00|0|0000|
1022 // |1 8|7 4|3 1|0 |9 6|5 2|1 8|7|65|4|3 0|
1023 // |----|----|---|- |----|----|----|-|--|-|----|
1024 // |1110|1110|000|op| Vn | Rt |1010|N|00|1|0000|
1025 uint32_t op = op3 & 1;
1026 ArmRegister Rt(instr, 12);
1027 FpRegister n(instr, 16, 7);
1028 opcode << "vmov.f32";
1029 if (op) {
1030 args << Rt << ", " << n;
1031 } else {
1032 args << n << ", " << Rt;
1033 }
1034 if (Rt.r == 13 || Rt.r == 15 || (instr & 0x6F) != 0) {
1035 args << " (UNPREDICTABLE)";
1036 }
1037 } else if (coproc == 10 && op3 == 0x2F) {
1038 // VMRS
1039 // |1111|11000000|0000|1111|1100|000|0|0000|
1040 // |5 |1 4|3 0|5 2|1 8|7 5|4|3 0|
1041 // |----|--------|----|----|----|---|-|----|
1042 // |3322|22222222|1111|1111|1100|000|0|0000|
1043 // |1 8|7 0|9 6|5 2|1 8|7 5|4|3 0|
1044 // |----|--------|----|----|----|---|-|----|
1045 // |1110|11101111|reg | Rt |1010|000|1|0000| - last 7 0s are (0)
1046 uint32_t spec_reg = (instr >> 16) & 0xF;
1047 ArmRegister Rt(instr, 12);
1048 opcode << "vmrs";
1049 if (spec_reg == 1) {
1050 if (Rt.r == 15) {
1051 args << "APSR_nzcv, FPSCR";
1052 } else if (Rt.r == 13) {
1053 args << Rt << ", FPSCR (UNPREDICTABLE)";
1054 } else {
1055 args << Rt << ", FPSCR";
1056 }
1057 } else {
1058 args << "(PRIVILEGED)";
1059 }
1060 } else if (coproc == 11 && (op3 & 0x9) != 8) {
1061 // VMOV (ARM core register to scalar or vice versa; 8/16/32-bit)
1062 }
1063 }
1064 }
1065 }
1066 break;
1067 case 2:
1068 if ((instr & 0x8000) == 0 && (op2 & 0x20) == 0) {
1069 // Data-processing (modified immediate)
1070 // |111|11|10|0000|0|0000|1|111|1100|00000000|
1071 // |5 3|21|09|8765|4|3 0|5|4 2|10 8|7 5 0|
1072 // |---|--|--|----|-|----|-|---|----|--------|
1073 // |332|22|22|2222|2|1111|1|111|1100|00000000|
1074 // |1 9|87|65|4321|0|9 6|5|4 2|10 8|7 5 0|
1075 // |---|--|--|----|-|----|-|---|----|--------|
1076 // |111|10|i0| op3|S| Rn |0|iii| Rd |iiiiiiii|
1077 // 111 10 x0 xxxx x xxxx opxxx xxxx xxxxxxxx
1078 uint32_t i = (instr >> 26) & 1;
1079 uint32_t op3 = (instr >> 21) & 0xF;
1080 uint32_t S = (instr >> 20) & 1;
1081 ArmRegister Rn(instr, 16);
1082 uint32_t imm3 = (instr >> 12) & 7;
1083 ArmRegister Rd(instr, 8);
1084 uint32_t imm8 = instr & 0xFF;
1085 int32_t imm32 = (i << 11) | (imm3 << 8) | imm8;
1086 if (Rn.r == 0xF && (op3 == 0x2 || op3 == 0x3)) {
1087 if (op3 == 0x2) {
1088 opcode << "mov";
1089 if (S == 1) {
1090 opcode << "s";
1091 }
1092 opcode << ".w";
1093 } else {
1094 opcode << "mvn";
1095 if (S == 1) {
1096 opcode << "s";
1097 }
1098 }
1099 args << Rd << ", #" << ThumbExpand(imm32);
1100 } else if (Rd.r == 0xF && S == 1 &&
1101 (op3 == 0x0 || op3 == 0x4 || op3 == 0x8 || op3 == 0xD)) {
1102 if (op3 == 0x0) {
1103 opcode << "tst";
1104 } else if (op3 == 0x4) {
1105 opcode << "teq";
1106 } else if (op3 == 0x8) {
1107 opcode << "cmn.w";
1108 } else {
1109 opcode << "cmp.w";
1110 }
1111 args << Rn << ", #" << ThumbExpand(imm32);
1112 } else {
1113 switch (op3) {
1114 case 0x0: opcode << "and"; break;
1115 case 0x1: opcode << "bic"; break;
1116 case 0x2: opcode << "orr"; break;
1117 case 0x3: opcode << "orn"; break;
1118 case 0x4: opcode << "eor"; break;
1119 case 0x8: opcode << "add"; break;
1120 case 0xA: opcode << "adc"; break;
1121 case 0xB: opcode << "sbc"; break;
1122 case 0xD: opcode << "sub"; break;
1123 case 0xE: opcode << "rsb"; break;
1124 default: opcode << "UNKNOWN DPMI-" << op3; break;
1125 }
1126 if (S == 1) {
1127 opcode << "s";
1128 }
1129 args << Rd << ", " << Rn << ", #" << ThumbExpand(imm32);
1130 }
1131 } else if ((instr & 0x8000) == 0 && (op2 & 0x20) != 0) {
1132 // Data-processing (plain binary immediate)
1133 // |111|11|10|00000|0000|1|111110000000000|
1134 // |5 3|21|09|87654|3 0|5|4 0 5 0|
1135 // |---|--|--|-----|----|-|---------------|
1136 // |332|22|22|22222|1111|1|111110000000000|
1137 // |1 9|87|65|43210|9 6|5|4 0 5 0|
1138 // |---|--|--|-----|----|-|---------------|
1139 // |111|10|x1| op3 | Rn |0|xxxxxxxxxxxxxxx|
1140 uint32_t op3 = (instr >> 20) & 0x1F;
1141 switch (op3) {
1142 case 0x00: case 0x0A: {
1143 // ADD/SUB.W Rd, Rn #imm12 - 111 10 i1 0101 0 nnnn 0 iii dddd iiiiiiii
1144 ArmRegister Rd(instr, 8);
1145 ArmRegister Rn(instr, 16);
1146 uint32_t i = (instr >> 26) & 1;
1147 uint32_t imm3 = (instr >> 12) & 0x7;
1148 uint32_t imm8 = instr & 0xFF;
1149 uint32_t imm12 = (i << 11) | (imm3 << 8) | imm8;
1150 if (Rn.r != 0xF) {
1151 opcode << (op3 == 0 ? "addw" : "subw");
1152 args << Rd << ", " << Rn << ", #" << imm12;
1153 } else {
1154 opcode << "adr";
1155 args << Rd << ", ";
1156 DumpBranchTarget(args, instr_ptr + 4, (op3 == 0) ? imm12 : -imm12);
1157 }
1158 break;
1159 }
1160 case 0x04: case 0x0C: {
1161 // MOVW/T Rd, #imm16 - 111 10 i0 0010 0 iiii 0 iii dddd iiiiiiii
1162 ArmRegister Rd(instr, 8);
1163 uint32_t i = (instr >> 26) & 1;
1164 uint32_t imm3 = (instr >> 12) & 0x7;
1165 uint32_t imm8 = instr & 0xFF;
1166 uint32_t Rn = (instr >> 16) & 0xF;
1167 uint32_t imm16 = (Rn << 12) | (i << 11) | (imm3 << 8) | imm8;
1168 opcode << (op3 == 0x04 ? "movw" : "movt");
1169 args << Rd << ", #" << imm16;
1170 break;
1171 }
1172 case 0x16: case 0x14: case 0x1C: {
1173 // BFI Rd, Rn, #lsb, #width - 111 10 0 11 011 0 nnnn 0 iii dddd ii 0 iiiii
1174 // SBFX Rd, Rn, #lsb, #width - 111 10 0 11 010 0 nnnn 0 iii dddd ii 0 iiiii
1175 // UBFX Rd, Rn, #lsb, #width - 111 10 0 11 110 0 nnnn 0 iii dddd ii 0 iiiii
1176 ArmRegister Rd(instr, 8);
1177 ArmRegister Rn(instr, 16);
1178 uint32_t msb = instr & 0x1F;
1179 uint32_t imm2 = (instr >> 6) & 0x3;
1180 uint32_t imm3 = (instr >> 12) & 0x7;
1181 uint32_t lsb = (imm3 << 2) | imm2;
1182 uint32_t width = msb - lsb + 1;
1183 if (op3 == 0x16) {
1184 if (Rn.r != 0xF) {
1185 opcode << "bfi";
1186 args << Rd << ", " << Rn << ", #" << lsb << ", #" << width;
1187 } else {
1188 opcode << "bfc";
1189 args << Rd << ", #" << lsb << ", #" << width;
1190 }
1191 } else {
1192 opcode << ((op3 & 0x8) != 0u ? "ubfx" : "sbfx");
1193 args << Rd << ", " << Rn << ", #" << lsb << ", #" << width;
1194 if (Rd.r == 13 || Rd.r == 15 || Rn.r == 13 || Rn.r == 15 ||
1195 (instr & 0x04000020) != 0u) {
1196 args << " (UNPREDICTABLE)";
1197 }
1198 }
1199 break;
1200 }
1201 default:
1202 break;
1203 }
1204 } else {
1205 // Branches and miscellaneous control
1206 // |111|11|1000000|0000|1|111|1100|00000000|
1207 // |5 3|21|0987654|3 0|5|4 2|10 8|7 5 0|
1208 // |---|--|-------|----|-|---|----|--------|
1209 // |332|22|2222222|1111|1|111|1100|00000000|
1210 // |1 9|87|6543210|9 6|5|4 2|10 8|7 5 0|
1211 // |---|--|-------|----|-|---|----|--------|
1212 // |111|10| op2 | |1|op3|op4 | |
1213
1214 uint32_t op3 = (instr >> 12) & 7;
1215 // uint32_t op4 = (instr >> 8) & 0xF;
1216 switch (op3) {
1217 case 0:
1218 if ((op2 & 0x38) != 0x38) {
1219 // Conditional branch
1220 // |111|11|1|0000|000000|1|1|1 |1|1 |10000000000|
1221 // |5 3|21|0|9876|543 0|5|4|3 |2|1 |0 5 0|
1222 // |---|--|-|----|------|-|-|--|-|--|-----------|
1223 // |332|22|2|2222|221111|1|1|1 |1|1 |10000000000|
1224 // |1 9|87|6|5432|109 6|5|4|3 |2|1 |0 5 0|
1225 // |---|--|-|----|------|-|-|--|-|--|-----------|
1226 // |111|10|S|cond| imm6 |1|0|J1|0|J2| imm11 |
1227 uint32_t S = (instr >> 26) & 1;
1228 uint32_t J2 = (instr >> 11) & 1;
1229 uint32_t J1 = (instr >> 13) & 1;
1230 uint32_t imm6 = (instr >> 16) & 0x3F;
1231 uint32_t imm11 = instr & 0x7FF;
1232 uint32_t cond = (instr >> 22) & 0xF;
1233 int32_t imm32 = (S << 20) | (J2 << 19) | (J1 << 18) | (imm6 << 12) | (imm11 << 1);
1234 imm32 = (imm32 << 11) >> 11; // sign extend 21bit immediate
1235 opcode << "b";
1236 DumpCond(opcode, cond);
1237 opcode << ".w";
1238 DumpBranchTarget(args, instr_ptr + 4, imm32);
1239 } else if (op2 == 0x3B) {
1240 // Miscellaneous control instructions
1241 uint32_t op5 = (instr >> 4) & 0xF;
1242 switch (op5) {
1243 case 4: opcode << "dsb"; DumpMemoryDomain(args, instr & 0xF); break;
1244 case 5: opcode << "dmb"; DumpMemoryDomain(args, instr & 0xF); break;
1245 case 6: opcode << "isb"; DumpMemoryDomain(args, instr & 0xF); break;
1246 }
1247 }
1248 break;
1249 case 2:
1250 if ((op2 & 0x38) == 0x38) {
1251 if (op2 == 0x7F) {
1252 opcode << "udf";
1253 }
1254 break;
1255 }
1256 FALLTHROUGH_INTENDED; // Else deliberate fall-through to B.
1257 case 1: case 3: {
1258 // B
1259 // |111|11|1|0000|000000|11|1 |1|1 |10000000000|
1260 // |5 3|21|0|9876|543 0|54|3 |2|1 |0 5 0|
1261 // |---|--|-|----|------|--|--|-|--|-----------|
1262 // |332|22|2|2222|221111|11|1 |1|1 |10000000000|
1263 // |1 9|87|6|5 2|10 6|54|3 |2|1 |0 5 0|
1264 // |---|--|-|----|------|--|--|-|--|-----------|
1265 // |111|10|S|cond| imm6 |10|J1|0|J2| imm11 |
1266 // |111|10|S| imm10 |10|J1|1|J2| imm11 |
1267 uint32_t S = (instr >> 26) & 1;
1268 uint32_t cond = (instr >> 22) & 0xF;
1269 uint32_t J2 = (instr >> 11) & 1;
1270 uint32_t form = (instr >> 12) & 1;
1271 uint32_t J1 = (instr >> 13) & 1;
1272 uint32_t imm10 = (instr >> 16) & 0x3FF;
1273 uint32_t imm6 = (instr >> 16) & 0x3F;
1274 uint32_t imm11 = instr & 0x7FF;
1275 opcode << "b";
1276 int32_t imm32;
1277 if (form == 0) {
1278 DumpCond(opcode, cond);
1279 imm32 = (S << 20) | (J2 << 19) | (J1 << 18) | (imm6 << 12) | (imm11 << 1);
1280 imm32 = (imm32 << 11) >> 11; // sign extend 21 bit immediate.
1281 } else {
1282 uint32_t I1 = (J1 ^ S) ^ 1;
1283 uint32_t I2 = (J2 ^ S) ^ 1;
1284 imm32 = (S << 24) | (I1 << 23) | (I2 << 22) | (imm10 << 12) | (imm11 << 1);
1285 imm32 = (imm32 << 7) >> 7; // sign extend 25 bit immediate.
1286 }
1287 opcode << ".w";
1288 DumpBranchTarget(args, instr_ptr + 4, imm32);
1289 break;
1290 }
1291 case 4: case 6: case 5: case 7: {
1292 // BL, BLX (immediate)
1293 // |111|11|1|0000000000|11|1 |1|1 |10000000000|
1294 // |5 3|21|0|9876543 0|54|3 |2|1 |0 5 0|
1295 // |---|--|-|----------|--|--|-|--|-----------|
1296 // |332|22|2|2222221111|11|1 |1|1 |10000000000|
1297 // |1 9|87|6|5 0 6|54|3 |2|1 |0 5 0|
1298 // |---|--|-|----------|--|--|-|--|-----------|
1299 // |111|10|S| imm10 |11|J1|L|J2| imm11 |
1300 uint32_t S = (instr >> 26) & 1;
1301 uint32_t J2 = (instr >> 11) & 1;
1302 uint32_t L = (instr >> 12) & 1;
1303 uint32_t J1 = (instr >> 13) & 1;
1304 uint32_t imm10 = (instr >> 16) & 0x3FF;
1305 uint32_t imm11 = instr & 0x7FF;
1306 if (L == 0) {
1307 opcode << "bx";
1308 } else {
1309 opcode << "blx";
1310 }
1311 uint32_t I1 = ~(J1 ^ S);
1312 uint32_t I2 = ~(J2 ^ S);
1313 int32_t imm32 = (S << 24) | (I1 << 23) | (I2 << 22) | (imm10 << 12) | (imm11 << 1);
1314 imm32 = (imm32 << 8) >> 8; // sign extend 24 bit immediate.
1315 DumpBranchTarget(args, instr_ptr + 4, imm32);
1316 break;
1317 }
1318 }
1319 }
1320 break;
1321 case 3:
1322 switch (op2) {
1323 case 0x07: case 0x0F: case 0x17: case 0x1F: { // Explicitly UNDEFINED, A6.3.
1324 opcode << "UNDEFINED";
1325 break;
1326 }
1327 case 0x06: case 0x0E: { // "Store single data item" undefined opcodes, A6.3.10.
1328 opcode << "UNDEFINED [store]";
1329 break;
1330 }
1331 case 0x15: case 0x1D: { // "Load word" undefined opcodes, A6.3.7.
1332 opcode << "UNDEFINED [load]";
1333 break;
1334 }
1335 case 0x10: case 0x12: case 0x14: case 0x16: case 0x18: case 0x1A: case 0x1C: case 0x1E: {
1336 opcode << "UNKNOWN " << op2 << " [SIMD]";
1337 break;
1338 }
1339 case 0x01: case 0x00: case 0x09: case 0x08: // {LD,ST}RB{,T}
1340 case 0x03: case 0x02: case 0x0B: case 0x0A: // {LD,ST}RH{,T}
1341 case 0x05: case 0x04: case 0x0D: case 0x0C: // {LD,ST}R{,T}
1342 case 0x11: case 0x19: // LDRSB{,T} (no signed store)
1343 case 0x13: case 0x1B: { // LDRSH{,T} (no signed store)
1344 // Load:
1345 // (Store is the same except that l==0 and always s==0 below.)
1346 // 00s.whl (sign, word, half, load)
1347 // LDR{S}B imm12: 11111|00s1001| Rn | Rt |imm12 (0x09)
1348 // LDR{S}B imm8: 11111|00s0001| Rn | Rt |1PUW|imm8 (0x01)
1349 // LDR{S}BT imm8: 11111|00s0001| Rn | Rt |1110|imm8 (0x01)
1350 // LDR{S}B lit: 11111|00sU001|1111| Rt |imm12 (0x01/0x09)
1351 // LDR{S}B reg: 11111|00s0001| Rn | Rt |000000|imm2| Rm (0x01)
1352 // LDR{S}H imm12: 11111|00s1011| Rn | Rt |imm12 (0x0B)
1353 // LDR{S}H imm8: 11111|00s0011| Rn | Rt |1PUW|imm8 (0x03)
1354 // LDR{S}HT imm8: 11111|00s0011| Rn | Rt |1110|imm8 (0x03)
1355 // LDR{S}H lit: 11111|00sU011|1111| Rt |imm12 (0x03/0x0B)
1356 // LDR{S}H reg: 11111|00s0011| Rn | Rt |000000|imm2| Rm (0x03)
1357 // LDR imm12: 11111|0001101| Rn | Rt |imm12 (0x0D)
1358 // LDR imm8: 11111|0000101| Rn | Rt |1PUW|imm8 (0x05)
1359 // LDRT imm8: 11111|0000101| Rn | Rt |1110|imm8 (0x05)
1360 // LDR lit: 11111|000U101|1111| Rt |imm12 (0x05/0x0D)
1361 // LDR reg: 11111|0000101| Rn | Rt |000000|imm2| Rm (0x05)
1362 //
1363 // If Rt == 15, instead of load we have preload:
1364 // PLD{W} imm12: 11111|00010W1| Rn |1111|imm12 (0x09/0x0B)
1365 // PLD{W} imm8: 11111|00000W1| Rn |1111|1100|imm8 (0x01/0x03); -imm8
1366 // PLD lit: 11111|000U001|1111|1111|imm12 (0x01/0x09)
1367 // PLD{W} reg: 11111|00000W1| Rn |1111|000000|imm2| Rm (0x01/0x03)
1368 // PLI imm12: 11111|0011001| Rn |1111|imm12 (0x19)
1369 // PLI imm8: 11111|0010001| Rn |1111|1100|imm8 (0x11); -imm8
1370 // PLI lit: 11111|001U001|1111|1111|imm12 (0x01/0x09)
1371 // PLI reg: 11111|0010001| Rn |1111|000000|imm2| Rm (0x01/0x03)
1372
1373 bool is_load = HasBitSet(instr, 20);
1374 bool is_half = HasBitSet(instr, 21); // W for PLD/PLDW.
1375 bool is_word = HasBitSet(instr, 22);
1376 bool is_signed = HasBitSet(instr, 24);
1377 ArmRegister Rn(instr, 16);
1378 ArmRegister Rt(instr, 12);
1379 uint32_t imm12 = instr & 0xFFF;
1380 uint32_t U = (instr >> 23) & 1; // U for imm12
1381 uint32_t imm8 = instr & 0xFF;
1382 uint32_t op4 = (instr >> 8) & 0xF; // 1PUW for imm8
1383 if (Rt.r == PC && is_load && !is_word) {
1384 // PLD, PLDW, PLI
1385 const char* pld_pli = (is_signed ? "pli" : "pld");
1386 const char* w = (is_half ? "w" : "");
1387 if (is_signed && !is_half) {
1388 opcode << "UNDEFINED [PLI+W]";
1389 } else if (Rn.r == PC || U != 0u) {
1390 opcode << pld_pli << w;
1391 args << "[" << Rn << ", #" << (U != 0u ? "" : "-") << imm12 << "]";
1392 if (Rn.r == PC && is_half) {
1393 args << " (UNPREDICTABLE)";
1394 }
1395 } else if ((instr & 0xFC0) == 0) {
1396 opcode << pld_pli << w;
1397 RmLslImm2 Rm(instr);
1398 args << "[" << Rn << ", " << Rm << "]";
1399 } else if (op4 == 0xC) {
1400 opcode << pld_pli << w;
1401 args << "[" << Rn << ", #-" << imm8 << "]";
1402 } else {
1403 opcode << "UNDEFINED [~" << pld_pli << "]";
1404 }
1405 break;
1406 }
1407 const char* ldr_str = is_load ? "ldr" : "str";
1408 const char* sign = is_signed ? "s" : "";
1409 const char* type = is_word ? "" : is_half ? "h" : "b";
1410 bool unpred = (Rt.r == SP && !is_word) || (Rt.r == PC && !is_load);
1411 if (Rn.r == PC && !is_load) {
1412 opcode << "UNDEFINED [STR-lit]";
1413 unpred = false;
1414 } else if (Rn.r == PC || U != 0u) {
1415 // Load/store with imm12 (load literal if Rn.r == PC; there's no store literal).
1416 opcode << ldr_str << sign << type << ".w";
1417 args << Rt << ", [" << Rn << ", #" << (U != 0u ? "" : "-") << imm12 << "]";
1418 if (Rn.r == TR && is_load) {
1419 args << " ; ";
1420 Thread::DumpThreadOffset<4>(args, imm12);
1421 } else if (Rn.r == PC) {
1422 T2LitType lit_type[] = {
1423 kT2LitUByte, kT2LitUHalf, kT2LitHexWord, kT2LitInvalid,
1424 kT2LitUByte, kT2LitUHalf, kT2LitHexWord, kT2LitInvalid,
1425 kT2LitSByte, kT2LitSHalf, kT2LitInvalid, kT2LitInvalid,
1426 kT2LitSByte, kT2LitSHalf, kT2LitInvalid, kT2LitInvalid,
1427 };
1428 DCHECK_LT(op2 >> 1, arraysize(lit_type));
1429 DCHECK_NE(lit_type[op2 >> 1], kT2LitInvalid);
1430 DumpThumb2Literal(args, instr_ptr, lo_adr, hi_adr, U, imm12, lit_type[op2 >> 1]);
1431 }
1432 } else if ((instr & 0xFC0) == 0) {
1433 opcode << ldr_str << sign << type << ".w";
1434 RmLslImm2 Rm(instr);
1435 args << Rt << ", [" << Rn << ", " << Rm << "]";
1436 unpred = unpred || (Rm.rm.r == SP) || (Rm.rm.r == PC);
1437 } else if (is_word && Rn.r == SP && imm8 == 4 && op4 == (is_load ? 0xB : 0xD)) {
1438 opcode << (is_load ? "pop" : "push") << ".w";
1439 args << Rn;
1440 unpred = unpred || (Rn.r == SP);
1441 } else if ((op4 & 5) == 0) {
1442 opcode << "UNDEFINED [P = W = 0 for " << ldr_str << "]";
1443 unpred = false;
1444 } else {
1445 uint32_t P = (instr >> 10) & 1;
1446 U = (instr >> 9) & 1;
1447 uint32_t W = (instr >> 8) & 1;
1448 bool pre_index = (P != 0 && W == 1);
1449 bool post_index = (P == 0 && W == 1);
1450 const char* t = (P != 0 && U != 0 && W == 0) ? "t" : ""; // Unprivileged load/store?
1451 opcode << ldr_str << sign << type << t << ".w";
1452 args << Rt << ", [" << Rn << (post_index ? "]" : "") << ", #" << (U != 0 ? "" : "-")
1453 << imm8 << (post_index ? "" : "]") << (pre_index ? "!" : "");
1454 unpred = (W != 0 && Rn.r == Rt.r);
1455 }
1456 if (unpred) {
1457 args << " (UNPREDICTABLE)";
1458 }
1459 break;
1460 }
1461 case 0x29: { // 0101001
1462 // |111|11|1000000|0000|1111|1100|00|0 0|0000|
1463 // |5 3|21|0 4|3 0|5 2|1 8|76|5 4|3 0|
1464 // |---|--|-------|----|----|----|--|---|----|
1465 // |332|22|2222222|1111|1111|1100|00|0 0|0000|
1466 // |1 9|87|6 0|9 6|5 2|1 8|76|5 4|3 0|
1467 // |---|--|-------|----|----|----|--|---|----|
1468 // |111|11|0101001| Rm |1111| Rd |11|op3| Rm |
1469 // REV - 111 11 0101001 mmmm 1111 dddd 1000 mmmm
1470 // REV16 - 111 11 0101001 mmmm 1111 dddd 1001 mmmm
1471 // RBIT - 111 11 0101001 mmmm 1111 dddd 1010 mmmm
1472 // REVSH - 111 11 0101001 mmmm 1111 dddd 1011 mmmm
1473 if ((instr & 0xf0c0) == 0xf080) {
1474 uint32_t op3 = (instr >> 4) & 3;
1475 opcode << kThumbReverseOperations[op3];
1476 ArmRegister Rm(instr, 0);
1477 ArmRegister Rd(instr, 8);
1478 args << Rd << ", " << Rm;
1479 ArmRegister Rm2(instr, 16);
1480 if (Rm.r != Rm2.r || Rm.r == 13 || Rm.r == 15 || Rd.r == 13 || Rd.r == 15) {
1481 args << " (UNPREDICTABLE)";
1482 }
1483 } // else unknown instruction
1484 break;
1485 }
1486 case 0x2B: { // 0101011
1487 // CLZ - 111 11 0101011 mmmm 1111 dddd 1000 mmmm
1488 if ((instr & 0xf0f0) == 0xf080) {
1489 opcode << "clz";
1490 ArmRegister Rm(instr, 0);
1491 ArmRegister Rd(instr, 8);
1492 args << Rd << ", " << Rm;
1493 ArmRegister Rm2(instr, 16);
1494 if (Rm.r != Rm2.r || Rm.r == 13 || Rm.r == 15 || Rd.r == 13 || Rd.r == 15) {
1495 args << " (UNPREDICTABLE)";
1496 }
1497 }
1498 break;
1499 }
1500 default: // more formats
1501 if ((op2 >> 4) == 2) { // 010xxxx
1502 // data processing (register)
1503 if ((instr & 0x0080f0f0) == 0x0000f000) {
1504 // LSL, LSR, ASR, ROR
1505 uint32_t shift_op = (instr >> 21) & 3;
1506 uint32_t S = (instr >> 20) & 1;
1507 ArmRegister Rd(instr, 8);
1508 ArmRegister Rn(instr, 16);
1509 ArmRegister Rm(instr, 0);
1510 opcode << kThumb2ShiftOperations[shift_op] << (S != 0 ? "s" : "");
1511 args << Rd << ", " << Rn << ", " << Rm;
1512 }
1513 } else if ((op2 >> 3) == 6) { // 0110xxx
1514 // Multiply, multiply accumulate, and absolute difference
1515 op1 = (instr >> 20) & 0x7;
1516 op2 = (instr >> 4) & 0x1;
1517 ArmRegister Ra(instr, 12);
1518 ArmRegister Rn(instr, 16);
1519 ArmRegister Rm(instr, 0);
1520 ArmRegister Rd(instr, 8);
1521 switch (op1) {
1522 case 0:
1523 if (op2 == 0) {
1524 if (Ra.r == 0xf) {
1525 opcode << "mul";
1526 args << Rd << ", " << Rn << ", " << Rm;
1527 } else {
1528 opcode << "mla";
1529 args << Rd << ", " << Rn << ", " << Rm << ", " << Ra;
1530 }
1531 } else {
1532 opcode << "mls";
1533 args << Rd << ", " << Rn << ", " << Rm << ", " << Ra;
1534 }
1535 break;
1536 case 1:
1537 case 2:
1538 case 3:
1539 case 4:
1540 case 5:
1541 case 6:
1542 break; // do these sometime
1543 }
1544 } else if ((op2 >> 3) == 7) { // 0111xxx
1545 // Long multiply, long multiply accumulate, and divide
1546 op1 = (instr >> 20) & 0x7;
1547 op2 = (instr >> 4) & 0xf;
1548 ArmRegister Rn(instr, 16);
1549 ArmRegister Rm(instr, 0);
1550 ArmRegister Rd(instr, 8);
1551 ArmRegister RdHi(instr, 8);
1552 ArmRegister RdLo(instr, 12);
1553 switch (op1) {
1554 case 0:
1555 opcode << "smull";
1556 args << RdLo << ", " << RdHi << ", " << Rn << ", " << Rm;
1557 break;
1558 case 1:
1559 opcode << "sdiv";
1560 args << Rd << ", " << Rn << ", " << Rm;
1561 break;
1562 case 2:
1563 opcode << "umull";
1564 args << RdLo << ", " << RdHi << ", " << Rn << ", " << Rm;
1565 break;
1566 case 3:
1567 opcode << "udiv";
1568 args << Rd << ", " << Rn << ", " << Rm;
1569 break;
1570 case 4:
1571 case 5:
1572 case 6:
1573 break; // TODO: when we generate these...
1574 }
1575 }
1576 }
1577 break;
1578 default:
1579 break;
1580 }
1581
1582 // Apply any IT-block conditions to the opcode if necessary.
1583 if (!it_conditions_.empty()) {
1584 opcode << it_conditions_.back();
1585 it_conditions_.pop_back();
1586 }
1587 if (opcode.str().size() == 0) {
1588 opcode << "UNKNOWN " << op2;
1589 }
1590
1591 os << FormatInstructionPointer(instr_ptr)
1592 << StringPrintf(": %08x\t%-7s ", instr, opcode.str().c_str())
1593 << args.str() << '\n';
1594 return 4;
1595 } // NOLINT(readability/fn_size)
1596
DumpThumb16(std::ostream & os,const uint8_t * instr_ptr)1597 size_t DisassemblerArm::DumpThumb16(std::ostream& os, const uint8_t* instr_ptr) {
1598 uint16_t instr = ReadU16(instr_ptr);
1599 bool is_32bit = ((instr & 0xF000) == 0xF000) || ((instr & 0xF800) == 0xE800);
1600 if (is_32bit) {
1601 return DumpThumb32(os, instr_ptr);
1602 } else {
1603 std::ostringstream opcode;
1604 std::ostringstream args;
1605 uint16_t opcode1 = instr >> 10;
1606 if (opcode1 < 0x10) {
1607 // shift (immediate), add, subtract, move, and compare
1608 uint16_t opcode2 = instr >> 9;
1609 switch (opcode2) {
1610 case 0x0: case 0x1: case 0x2: case 0x3: case 0x4: case 0x5: case 0x6: case 0x7:
1611 case 0x8: case 0x9: case 0xA: case 0xB: {
1612 // Logical shift left - 00 000xx iii mmm ddd
1613 // Logical shift right - 00 001xx iii mmm ddd
1614 // Arithmetic shift right - 00 010xx iii mmm ddd
1615 uint16_t imm5 = (instr >> 6) & 0x1F;
1616 ThumbRegister rm(instr, 3);
1617 ThumbRegister Rd(instr, 0);
1618 if (opcode2 <= 3) {
1619 opcode << "lsls";
1620 } else if (opcode2 <= 7) {
1621 opcode << "lsrs";
1622 } else {
1623 opcode << "asrs";
1624 }
1625 args << Rd << ", " << rm << ", #" << imm5;
1626 break;
1627 }
1628 case 0xC: case 0xD: case 0xE: case 0xF: {
1629 // Add register - 00 01100 mmm nnn ddd
1630 // Sub register - 00 01101 mmm nnn ddd
1631 // Add 3-bit immediate - 00 01110 iii nnn ddd
1632 // Sub 3-bit immediate - 00 01111 iii nnn ddd
1633 uint16_t imm3_or_Rm = (instr >> 6) & 7;
1634 ThumbRegister Rn(instr, 3);
1635 ThumbRegister Rd(instr, 0);
1636 if ((opcode2 & 2) != 0 && imm3_or_Rm == 0) {
1637 opcode << "mov";
1638 } else {
1639 if ((opcode2 & 1) == 0) {
1640 opcode << "adds";
1641 } else {
1642 opcode << "subs";
1643 }
1644 }
1645 args << Rd << ", " << Rn;
1646 if ((opcode2 & 2) == 0) {
1647 ArmRegister Rm(imm3_or_Rm);
1648 args << ", " << Rm;
1649 } else if (imm3_or_Rm != 0) {
1650 args << ", #" << imm3_or_Rm;
1651 }
1652 break;
1653 }
1654 case 0x10: case 0x11: case 0x12: case 0x13:
1655 case 0x14: case 0x15: case 0x16: case 0x17:
1656 case 0x18: case 0x19: case 0x1A: case 0x1B:
1657 case 0x1C: case 0x1D: case 0x1E: case 0x1F: {
1658 // MOVS Rd, #imm8 - 00100 ddd iiiiiiii
1659 // CMP Rn, #imm8 - 00101 nnn iiiiiiii
1660 // ADDS Rn, #imm8 - 00110 nnn iiiiiiii
1661 // SUBS Rn, #imm8 - 00111 nnn iiiiiiii
1662 ThumbRegister Rn(instr, 8);
1663 uint16_t imm8 = instr & 0xFF;
1664 switch (opcode2 >> 2) {
1665 case 4: opcode << "movs"; break;
1666 case 5: opcode << "cmp"; break;
1667 case 6: opcode << "adds"; break;
1668 case 7: opcode << "subs"; break;
1669 }
1670 args << Rn << ", #" << imm8;
1671 break;
1672 }
1673 default:
1674 break;
1675 }
1676 } else if (opcode1 == 0x10) {
1677 // Data-processing
1678 uint16_t opcode2 = (instr >> 6) & 0xF;
1679 ThumbRegister rm(instr, 3);
1680 ThumbRegister rdn(instr, 0);
1681 opcode << kThumbDataProcessingOperations[opcode2];
1682 args << rdn << ", " << rm;
1683 } else if (opcode1 == 0x11) {
1684 // Special data instructions and branch and exchange
1685 uint16_t opcode2 = (instr >> 6) & 0x0F;
1686 switch (opcode2) {
1687 case 0x0: case 0x1: case 0x2: case 0x3: {
1688 // Add low registers - 010001 0000 xxxxxx
1689 // Add high registers - 010001 0001/001x xxxxxx
1690 uint16_t DN = (instr >> 7) & 1;
1691 ArmRegister rm(instr, 3);
1692 uint16_t Rdn = instr & 7;
1693 ArmRegister DN_Rdn((DN << 3) | Rdn);
1694 opcode << "add";
1695 args << DN_Rdn << ", " << rm;
1696 break;
1697 }
1698 case 0x8: case 0x9: case 0xA: case 0xB: {
1699 // Move low registers - 010001 1000 xxxxxx
1700 // Move high registers - 010001 1001/101x xxxxxx
1701 uint16_t DN = (instr >> 7) & 1;
1702 ArmRegister rm(instr, 3);
1703 uint16_t Rdn = instr & 7;
1704 ArmRegister DN_Rdn((DN << 3) | Rdn);
1705 opcode << "mov";
1706 args << DN_Rdn << ", " << rm;
1707 break;
1708 }
1709 case 0x5: case 0x6: case 0x7: {
1710 // Compare high registers - 010001 0101/011x xxxxxx
1711 uint16_t N = (instr >> 7) & 1;
1712 ArmRegister rm(instr, 3);
1713 uint16_t Rn = instr & 7;
1714 ArmRegister N_Rn((N << 3) | Rn);
1715 opcode << "cmp";
1716 args << N_Rn << ", " << rm;
1717 break;
1718 }
1719 case 0xC: case 0xD: case 0xE: case 0xF: {
1720 // Branch and exchange - 010001 110x xxxxxx
1721 // Branch with link and exchange - 010001 111x xxxxxx
1722 ArmRegister rm(instr, 3);
1723 opcode << ((opcode2 & 0x2) == 0 ? "bx" : "blx");
1724 args << rm;
1725 break;
1726 }
1727 default:
1728 break;
1729 }
1730 } else if (opcode1 == 0x12 || opcode1 == 0x13) { // 01001x
1731 const uintptr_t lo_adr = reinterpret_cast<intptr_t>(GetDisassemblerOptions()->base_address_);
1732 const uintptr_t hi_adr = reinterpret_cast<intptr_t>(GetDisassemblerOptions()->end_address_);
1733 ThumbRegister Rt(instr, 8);
1734 uint16_t imm8 = instr & 0xFF;
1735 opcode << "ldr";
1736 args << Rt << ", [pc, #" << (imm8 << 2) << "]";
1737 DumpThumb2Literal(args, instr_ptr, lo_adr, hi_adr, /*U*/ 1u, imm8 << 2, kT2LitHexWord);
1738 } else if ((opcode1 >= 0x14 && opcode1 <= 0x17) || // 0101xx
1739 (opcode1 >= 0x18 && opcode1 <= 0x1f) || // 011xxx
1740 (opcode1 >= 0x20 && opcode1 <= 0x27)) { // 100xxx
1741 // Load/store single data item
1742 uint16_t opA = (instr >> 12) & 0xF;
1743 if (opA == 0x5) {
1744 uint16_t opB = (instr >> 9) & 0x7;
1745 ThumbRegister Rm(instr, 6);
1746 ThumbRegister Rn(instr, 3);
1747 ThumbRegister Rt(instr, 0);
1748 switch (opB) {
1749 case 0: opcode << "str"; break;
1750 case 1: opcode << "strh"; break;
1751 case 2: opcode << "strb"; break;
1752 case 3: opcode << "ldrsb"; break;
1753 case 4: opcode << "ldr"; break;
1754 case 5: opcode << "ldrh"; break;
1755 case 6: opcode << "ldrb"; break;
1756 case 7: opcode << "ldrsh"; break;
1757 }
1758 args << Rt << ", [" << Rn << ", " << Rm << "]";
1759 } else if (opA == 9) {
1760 uint16_t opB = (instr >> 11) & 1;
1761 ThumbRegister Rt(instr, 8);
1762 uint16_t imm8 = instr & 0xFF;
1763 opcode << (opB == 0 ? "str" : "ldr");
1764 args << Rt << ", [sp, #" << (imm8 << 2) << "]";
1765 } else {
1766 uint16_t imm5 = (instr >> 6) & 0x1F;
1767 uint16_t opB = (instr >> 11) & 1;
1768 ThumbRegister Rn(instr, 3);
1769 ThumbRegister Rt(instr, 0);
1770 switch (opA) {
1771 case 6:
1772 imm5 <<= 2;
1773 opcode << (opB == 0 ? "str" : "ldr");
1774 break;
1775 case 7:
1776 imm5 <<= 0;
1777 opcode << (opB == 0 ? "strb" : "ldrb");
1778 break;
1779 case 8:
1780 imm5 <<= 1;
1781 opcode << (opB == 0 ? "strh" : "ldrh");
1782 break;
1783 }
1784 args << Rt << ", [" << Rn << ", #" << imm5 << "]";
1785 }
1786 } else if (opcode1 >= 0x34 && opcode1 <= 0x37) { // 1101xx
1787 int8_t imm8 = instr & 0xFF;
1788 uint32_t cond = (instr >> 8) & 0xF;
1789 opcode << "b";
1790 DumpCond(opcode, cond);
1791 DumpBranchTarget(args, instr_ptr + 4, (imm8 << 1));
1792 } else if ((instr & 0xF800) == 0xA800) {
1793 // Generate SP-relative address
1794 ThumbRegister rd(instr, 8);
1795 int imm8 = instr & 0xFF;
1796 opcode << "add";
1797 args << rd << ", sp, #" << (imm8 << 2);
1798 } else if ((instr & 0xF000) == 0xB000) {
1799 // Miscellaneous 16-bit instructions
1800 uint16_t opcode2 = (instr >> 5) & 0x7F;
1801 switch (opcode2) {
1802 case 0x00: case 0x01: case 0x02: case 0x03: case 0x04: case 0x05: case 0x06: case 0x07: {
1803 // Add immediate to SP - 1011 00000 ii iiiii
1804 // Subtract immediate from SP - 1011 00001 ii iiiii
1805 int imm7 = instr & 0x7F;
1806 opcode << ((opcode2 & 4) == 0 ? "add" : "sub");
1807 args << "sp, sp, #" << (imm7 << 2);
1808 break;
1809 }
1810 case 0x08: case 0x09: case 0x0A: case 0x0B: // 0001xxx
1811 case 0x0C: case 0x0D: case 0x0E: case 0x0F:
1812 case 0x18: case 0x19: case 0x1A: case 0x1B: // 0011xxx
1813 case 0x1C: case 0x1D: case 0x1E: case 0x1F:
1814 case 0x48: case 0x49: case 0x4A: case 0x4B: // 1001xxx
1815 case 0x4C: case 0x4D: case 0x4E: case 0x4F:
1816 case 0x58: case 0x59: case 0x5A: case 0x5B: // 1011xxx
1817 case 0x5C: case 0x5D: case 0x5E: case 0x5F: {
1818 // CBNZ, CBZ
1819 uint16_t op = (instr >> 11) & 1;
1820 uint16_t i = (instr >> 9) & 1;
1821 uint16_t imm5 = (instr >> 3) & 0x1F;
1822 ThumbRegister Rn(instr, 0);
1823 opcode << (op != 0 ? "cbnz" : "cbz");
1824 uint32_t imm32 = (i << 6) | (imm5 << 1);
1825 args << Rn << ", ";
1826 DumpBranchTarget(args, instr_ptr + 4, imm32);
1827 break;
1828 }
1829 case 0x20: case 0x21: case 0x22: case 0x23: case 0x24: case 0x25: case 0x26: case 0x27:
1830 case 0x28: case 0x29: case 0x2A: case 0x2B: case 0x2C: case 0x2D: case 0x2E: case 0x2F: {
1831 opcode << "push";
1832 args << RegisterList((instr & 0xFF) | ((instr & 0x100) << 6));
1833 break;
1834 }
1835 case 0x60: case 0x61: case 0x62: case 0x63: case 0x64: case 0x65: case 0x66: case 0x67:
1836 case 0x68: case 0x69: case 0x6A: case 0x6B: case 0x6C: case 0x6D: case 0x6E: case 0x6F: {
1837 opcode << "pop";
1838 args << RegisterList((instr & 0xFF) | ((instr & 0x100) << 7));
1839 break;
1840 }
1841 case 0x70: case 0x71: case 0x72: case 0x73: case 0x74: case 0x75: case 0x76: case 0x77: {
1842 opcode << "bkpt";
1843 args << "#" << (instr & 0xFF);
1844 break;
1845 }
1846 case 0x50: case 0x51: // 101000x
1847 case 0x52: case 0x53: // 101001x
1848 case 0x56: case 0x57: { // 101011x
1849 uint16_t op = (instr >> 6) & 3;
1850 opcode << kThumbReverseOperations[op];
1851 ThumbRegister Rm(instr, 3);
1852 ThumbRegister Rd(instr, 0);
1853 args << Rd << ", " << Rm;
1854 break;
1855 }
1856 case 0x78: case 0x79: case 0x7A: case 0x7B: // 1111xxx
1857 case 0x7C: case 0x7D: case 0x7E: case 0x7F: {
1858 // If-Then, and hints
1859 uint16_t opA = (instr >> 4) & 0xF;
1860 uint16_t opB = instr & 0xF;
1861 if (opB == 0) {
1862 switch (opA) {
1863 case 0: opcode << "nop"; break;
1864 case 1: opcode << "yield"; break;
1865 case 2: opcode << "wfe"; break;
1866 case 3: opcode << "sev"; break;
1867 default: break;
1868 }
1869 } else {
1870 uint32_t first_cond = opA;
1871 uint32_t mask = opB;
1872 opcode << "it";
1873
1874 // Flesh out the base "it" opcode with the specific collection of 't's and 'e's,
1875 // and store up the actual condition codes we'll want to add to the next few opcodes.
1876 size_t count = 3 - CTZ(mask);
1877 it_conditions_.resize(count + 2); // Plus the implicit 't', plus the "" for the IT itself.
1878 for (size_t i = 0; i < count; ++i) {
1879 bool positive_cond = ((first_cond & 1) != 0);
1880 bool positive_mask = ((mask & (1 << (3 - i))) != 0);
1881 if (positive_mask == positive_cond) {
1882 opcode << 't';
1883 it_conditions_[i] = kConditionCodeNames[first_cond];
1884 } else {
1885 opcode << 'e';
1886 it_conditions_[i] = kConditionCodeNames[first_cond ^ 1];
1887 }
1888 }
1889 it_conditions_[count] = kConditionCodeNames[first_cond]; // The implicit 't'.
1890
1891 it_conditions_[count + 1] = ""; // No condition code for the IT itself...
1892 DumpCond(args, first_cond); // ...because it's considered an argument.
1893 }
1894 break;
1895 }
1896 default:
1897 break;
1898 }
1899 } else if (((instr & 0xF000) == 0x5000) || ((instr & 0xE000) == 0x6000) ||
1900 ((instr & 0xE000) == 0x8000)) {
1901 // Load/store single data item
1902 uint16_t opA = instr >> 12;
1903 // uint16_t opB = (instr >> 9) & 7;
1904 switch (opA) {
1905 case 0x6: {
1906 // STR Rt, [Rn, #imm] - 01100 iiiii nnn ttt
1907 // LDR Rt, [Rn, #imm] - 01101 iiiii nnn ttt
1908 uint16_t imm5 = (instr >> 6) & 0x1F;
1909 ThumbRegister Rn(instr, 3);
1910 ThumbRegister Rt(instr, 0);
1911 opcode << ((instr & 0x800) == 0 ? "str" : "ldr");
1912 args << Rt << ", [" << Rn << ", #" << (imm5 << 2) << "]";
1913 break;
1914 }
1915 case 0x9: {
1916 // STR Rt, [SP, #imm] - 01100 ttt iiiiiiii
1917 // LDR Rt, [SP, #imm] - 01101 ttt iiiiiiii
1918 uint16_t imm8 = instr & 0xFF;
1919 ThumbRegister Rt(instr, 8);
1920 opcode << ((instr & 0x800) == 0 ? "str" : "ldr");
1921 args << Rt << ", [sp, #" << (imm8 << 2) << "]";
1922 break;
1923 }
1924 default:
1925 break;
1926 }
1927 } else if (opcode1 == 0x38 || opcode1 == 0x39) {
1928 uint16_t imm11 = instr & 0x7FFF;
1929 int32_t imm32 = imm11 << 1;
1930 imm32 = (imm32 << 20) >> 20; // sign extend 12 bit immediate
1931 opcode << "b";
1932 DumpBranchTarget(args, instr_ptr + 4, imm32);
1933 }
1934
1935 // Apply any IT-block conditions to the opcode if necessary.
1936 if (!it_conditions_.empty()) {
1937 opcode << it_conditions_.back();
1938 it_conditions_.pop_back();
1939 }
1940
1941 os << FormatInstructionPointer(instr_ptr)
1942 << StringPrintf(": %04x \t%-7s ", instr, opcode.str().c_str())
1943 << args.str() << '\n';
1944 }
1945 return 2;
1946 }
1947
1948 } // namespace arm
1949 } // namespace art
1950