Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect disassembly and pcode for gp loads and stores #5

Closed
toshipiazza opened this issue Jan 18, 2022 · 1 comment · Fixed by #6
Closed

Incorrect disassembly and pcode for gp loads and stores #5

toshipiazza opened this issue Jan 18, 2022 · 1 comment · Fixed by #6
Labels
bug Something isn't working hexagon is weird

Comments

@toshipiazza
Copy link
Owner

toshipiazza commented Jan 18, 2022
edited

See "Encoding 32-bit address operands in load/stores" in section 10.9 of "Qualcomm Hexagon V66 Programmer's Reference Manual"

For unconditional load/stores, the GP-relative load/store instruction is used. [...] In this case the 32-bit value encoded must be a plain address, and the value stored in the GP register is ignored.

binja-hexagon correctly disassembles some code as

{ immext(<blah>)
  R3 = memw(0+<extended>) }

But ghidra-plugin-hexagon shows a GP-relative address instead
@toshipiazza toshipiazza added bug Something isn't working hexagon is weird labels Jan 18, 2022
@toshipiazza
Copy link
Owner Author

For reference, these are the only instructions which read GP

L2_loadrubgp
L2_loadrbgp
L2_loadruhgp
L2_loadrhgp
L2_loadrigp
L2_loadrdgp
S2_storerbgp
S2_storerhgp
S2_storerfgp
S2_storerigp
S2_storerdgp
S2_storerinewgp
S2_storerbnewgp
S2_storerhnewgp

toshipiazza added a commit that referenced this issue Jan 18, 2022
@toshipiazza
Fixes disassembly and pcode for instructions which read gp
29c57b5 
For instructions which read C11 aka the gp register, such as
L2_loadrubgp, gp should only be consulted if an immext was *not*
applied.

For example, immext is applied below so the memref is not gp-rel:

{ immext(##0x123440)
  R0 = memw(#0+##0x123450)
  jumpr R31 }

But this is gp-rel:

{ R0 = memw(GP+##0x10)
  jumpr R31 }

Fixes this issue by adding a "gp" sleigh constructor that's conditional
on the immext context reg, and adds C11 or 0 as an operand based on the
above

Fixes #5
@toshipiazza toshipiazza mentioned this issue Jan 18, 2022
Merged
toshipiazza added a commit that referenced this issue Jan 18, 2022
@toshipiazza
Fixes disassembly and pcode for instructions which read gp (#6)
13a6b56 
For instructions which read C11 aka the gp register, such as
L2_loadrubgp, gp should only be consulted if an immext was *not*
applied.

For example, immext is applied below so the memref is not gp-rel:

{ immext(##0x123440)
  R0 = memw(#0+##0x123450)
  jumpr R31 }

But this is gp-rel:

{ R0 = memw(GP+##0x10)
  jumpr R31 }

Fixes this issue by adding a "gp" sleigh constructor that's conditional
on the immext context reg, and adds C11 or 0 as an operand based on the
above

Fixes #5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working hexagon is weird
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes disassembly and pcode for instructions which read gp toshipiazza/ghidra-plugin-hexagon
1 participant
@toshipiazza