blob: 0211244d117560298b1b9c78dccece3fd28f8089 [file] [log] [blame]
--[[
hwpatcher arm decoding/encoding library
]]--
arm = {}
-- determines whether an address is in Thumb code or not
function arm.is_thumb(addr)
return bit32.extract(addr.addr, 0) == 1
end
-- translate address to real address (ie without Thumb bit)
-- produces an error if address is not properly aligned in ARM mode
function arm.xlate_addr(addr)
local res = hwp.deepcopy(addr)
if arm.is_thumb(addr) then
res.addr = bit32.replace(addr.addr, 0, 0)
elseif bit32.extract(addr.addr, 0, 2) ~= 0 then
error("ARM address is not word-aligned")
end
return res
end
-- switch between arm and thumb
function arm.to_thumb(addr)
local res = hwp.deepcopy(addr)
res.addr = bit32.bor(addr.addr, 1)
return res
end
function arm.to_arm(addr)
return arm.xlate_addr(addr)
end
-- sign extend a value to 32-bits
-- only the lower 'bits' bits are considered, everything else is trashed
-- watch out arithmetic vs logical shift !
function arm.sign32(v)
if bit32.extract(v, 31) == 1 then
return -1 - bit32.bnot(v)
else
return v
end
end
function arm.sign_extend(val, bits)
return arm.sign32(bit32.arshift(bit32.lshift(val, 32 - bits), 32 - bits))
end
-- check that a signed value fits in some field
function arm.check_sign_truncation(val, bits)
return val == arm.sign_extend(val, bits)
end
-- create a branch description
function arm.make_branch(addr, link)
local t = {type = "branch", addr = addr, link = link}
local branch_to_string = function(self)
return string.format("branch(%s,%s)", self.addr, self.link)
end
setmetatable(t, {__tostring = branch_to_string})
return t
end
-- parse a jump and returns its description
function arm.parse_branch(fw, addr)
local opcode = hwp.read32(fw, arm.xlate_addr(addr))
if arm.is_thumb(addr) then
if bit32.band(opcode, 0xf800) ~= 0xf000 then
error("first instruction is not a bl(x) prefix")
end
local to_thumb = false
if bit32.band(opcode, 0xf8000000) == 0xf8000000 then
to_thumb = true
elseif bit32.band(opcode, 0xf8000000) ~= 0xe8000000 then
error("second instruction is not a bl(x) suffix")
end
local dest = hwp.make_addr(bit32.lshift(arm.sign_extend(opcode, 11), 12) +
arm.xlate_addr(addr).addr + 4 +
bit32.rshift(bit32.band(opcode, 0x7ff0000), 16) * 2, addr.section)
if to_thumb then
dest = arm.to_thumb(dest)
else
dest.addr = bit32.replace(dest.addr, 0, 0, 2)
end
return arm.make_branch(dest, true)
else
if bit32.band(opcode, 0xfe000000) == 0xfa000000 then -- BLX
local dest = hwp.make_addr(arm.sign_extend(opcode, 24) * 4 + 8 +
bit32.extract(opcode, 24) * 2 + arm.xlate_addr(addr).addr, addr.section)
return arm.make_branch(arm.to_thumb(dest), true)
elseif bit32.band(opcode, 0xfe000000) == 0xea000000 then -- B(L)
local dest = hwp.make_addr(arm.sign_extend(opcode, 24) * 4 + 8 +
arm.xlate_addr(addr).addr, addr.section)
return arm.make_branch(arm.to_arm(dest), bit32.extract(opcode, 24))
else
error("instruction is not a valid branch")
end
end
end
-- generate the encoding of a branch
-- if the branch cannot be encoded using an immediate branch, it is generated
-- with an indirect form like a ldr, using a pool
function arm.write_branch(fw, addr, dest, pool)
local offset = arm.xlate_addr(dest.addr).addr - arm.xlate_addr(addr).addr
local exchange = arm.is_thumb(addr) ~= arm.is_thumb(dest.addr)
local opcode = 0
if arm.is_thumb(addr) then
if not dest.link then
return arm.write_load_pc(fw, addr, dest, pool)
end
offset = offset - 4 -- in Thumb, PC+4 relative
-- NOTE: BLX is undefined if the resulting offset has bit 0 set, follow
-- the procedure from the manual to ensure correct operation
if bit32.extract(offset, 1) ~= 0 then
offset = offset + 2
end
offset = offset / 2
if not arm.check_sign_truncation(offset, 22) then
error("destination is too far for immediate branch from thumb")
end
opcode = 0xf000 + -- BL/BLX prefix
bit32.band(bit32.rshift(offset, 11), 0x7ff) + -- offset (high part)
bit32.lshift(exchange and 0xe800 or 0xf800,16) + -- BLX suffix
bit32.lshift(bit32.band(offset, 0x7ff), 16) -- offset (low part)
else
offset = offset - 8 -- in ARM, PC+8 relative
if exchange and not dest.link then
return arm.write_load_pc(fw, addr, dest, pool)
end
offset = offset / 4
if not arm.check_sign_truncation(offset, 24) then
if pool == nil then
error("destination is too far for immediate branch from arm (no pool available)")
else
return arm.write_load_pc(fw, addr, dest, pool)
end
end
opcode = bit32.lshift(exchange and 0xf or 0xe, 28) + -- BLX / AL cond
bit32.lshift(0xa, 24) + -- branch
bit32.lshift(exchange and bit32.extract(offset, 1) or dest.link and 1 or 0, 24) + -- link / bit1
bit32.band(offset, 0xffffff)
end
return hwp.write32(fw, arm.xlate_addr(addr), opcode)
end
function arm.write_load_pc(fw, addr, dest, pool)
-- write pool
hwp.write32(fw, pool, dest.addr.addr)
-- write "ldr pc, [pool]"
local opcode
if arm.is_thumb(addr) then
error("unsupported pc load in thumb mode")
else
local offset = pool.addr - arm.xlate_addr(addr).addr - 8 -- ARM is PC+8 relative
local add = offset >= 0 and 1 or 0
offset = math.abs(offset)
opcode = bit32.lshift(0xe, 28) + -- AL cond
bit32.lshift(1, 26) + -- ldr/str
bit32.lshift(1, 24) + -- P
bit32.lshift(add, 23) + -- U
bit32.lshift(1, 20) + -- ldr
bit32.lshift(15, 16) + -- Rn=PC
bit32.lshift(15, 12) + -- Rd=PC
bit32.band(offset, 0xfff)
end
return hwp.write32(fw, arm.xlate_addr(addr), opcode)
end
-- generate the encoding of a "bx lr"
function arm.write_return(fw, addr)
if arm.is_thumb(addr) then
error("unsupported return from thumb code")
end
local opcode = bit32.lshift(0xe, 28) + -- AL cond
bit32.lshift(0x12, 20) + -- BX
bit32.lshift(1, 4) + -- BX
bit32.lshift(0xfff, 8) + -- SBO
14 -- LR
hwp.write32(fw, arm.xlate_addr(addr), opcode)
end
function arm.write_xxx_regs(fw, addr, load)
if arm.is_thumb(addr) then
error("unsupported save/restore regs from thumb code")
end
-- STMFD sp!,{r0-r12, lr}
local opcode = bit32.lshift(0xe, 28) + -- AL cond
bit32.lshift(0x4, 25) + -- STM/LDM
bit32.lshift(load and 0 or 1,24) + -- P
bit32.lshift(load and 1 or 0, 23) + -- U
bit32.lshift(1, 21) +-- W
bit32.lshift(load and 1 or 0, 20) + -- L
bit32.lshift(13, 16) + -- base = SP
0x5fff -- R0-R12,LR
return hwp.write32(fw, addr, opcode)
end
function arm.write_save_regs(fw, addr)
return arm.write_xxx_regs(fw, addr, false)
end
function arm.write_restore_regs(fw, addr)
return arm.write_xxx_regs(fw, addr, true)
end