1 /*===- X86DisassemblerDecoder.c - Disassembler decoder -------------*- C -*-==*
3 * The LLVM Compiler Infrastructure
5 * This file is distributed under the University of Illinois Open Source
6 * License. See LICENSE.TXT for details.
8 *===----------------------------------------------------------------------===*
10 * This file is part of the X86 Disassembler.
11 * It contains the implementation of the instruction decoder.
12 * Documentation for the disassembler can be found in X86Disassembler.h.
14 *===----------------------------------------------------------------------===*/
16 #include <stdarg.h> /* for va_*() */
17 #include <stdio.h> /* for vsnprintf() */
18 #include <stdlib.h> /* for exit() */
19 #include <string.h> /* for memset() */
21 #include "X86DisassemblerDecoder.h"
23 #include "X86GenDisassemblerTables.inc"
31 #define debug(s) do { x86DisassemblerDebug(__FILE__, __LINE__, s); } while (0)
33 #define debug(s) do { } while (0)
38 * contextForAttrs - Client for the instruction context table. Takes a set of
39 * attributes and returns the appropriate decode context.
41 * @param attrMask - Attributes, from the enumeration attributeBits.
42 * @return - The InstructionContext to use when looking up an
43 * an instruction with these attributes.
45 static InstructionContext contextForAttrs(uint8_t attrMask) {
46 return CONTEXTS_SYM[attrMask];
50 * modRMRequired - Reads the appropriate instruction table to determine whether
51 * the ModR/M byte is required to decode a particular instruction.
53 * @param type - The opcode type (i.e., how many bytes it has).
54 * @param insnContext - The context for the instruction, as returned by
56 * @param opcode - The last byte of the instruction's opcode, not counting
57 * ModR/M extensions and escapes.
58 * @return - TRUE if the ModR/M byte is required, FALSE otherwise.
60 static int modRMRequired(OpcodeType type,
61 InstructionContext insnContext,
63 const struct ContextDecision* decision = 0;
67 decision = &ONEBYTE_SYM;
70 decision = &TWOBYTE_SYM;
73 decision = &THREEBYTE38_SYM;
76 decision = &THREEBYTE3A_SYM;
80 return decision->opcodeDecisions[insnContext].modRMDecisions[opcode].
81 modrm_type != MODRM_ONEENTRY;
87 * decode - Reads the appropriate instruction table to obtain the unique ID of
90 * @param type - See modRMRequired().
91 * @param insnContext - See modRMRequired().
92 * @param opcode - See modRMRequired().
93 * @param modRM - The ModR/M byte if required, or any value if not.
94 * @return - The UID of the instruction, or 0 on failure.
96 static InstrUID decode(OpcodeType type,
97 InstructionContext insnContext,
100 const struct ModRMDecision* dec;
104 debug("Unknown opcode type");
107 dec = &ONEBYTE_SYM.opcodeDecisions[insnContext].modRMDecisions[opcode];
110 dec = &TWOBYTE_SYM.opcodeDecisions[insnContext].modRMDecisions[opcode];
113 dec = &THREEBYTE38_SYM.opcodeDecisions[insnContext].modRMDecisions[opcode];
116 dec = &THREEBYTE3A_SYM.opcodeDecisions[insnContext].modRMDecisions[opcode];
120 switch (dec->modrm_type) {
122 debug("Corrupt table! Unknown modrm_type");
125 return dec->instructionIDs[0];
127 if (modFromModRM(modRM) == 0x3)
128 return dec->instructionIDs[1];
130 return dec->instructionIDs[0];
132 return dec->instructionIDs[modRM];
137 * specifierForUID - Given a UID, returns the name and operand specification for
140 * @param uid - The unique ID for the instruction. This should be returned by
141 * decode(); specifierForUID will not check bounds.
142 * @return - A pointer to the specification for that instruction.
144 static const struct InstructionSpecifier *specifierForUID(InstrUID uid) {
145 return &INSTRUCTIONS_SYM[uid];
149 * consumeByte - Uses the reader function provided by the user to consume one
150 * byte from the instruction's memory and advance the cursor.
152 * @param insn - The instruction with the reader function to use. The cursor
153 * for this instruction is advanced.
154 * @param byte - A pointer to a pre-allocated memory buffer to be populated
155 * with the data read.
156 * @return - 0 if the read was successful; nonzero otherwise.
158 static int consumeByte(struct InternalInstruction* insn, uint8_t* byte) {
159 int ret = insn->reader(insn->readerArg, byte, insn->readerCursor);
162 ++(insn->readerCursor);
168 * lookAtByte - Like consumeByte, but does not advance the cursor.
170 * @param insn - See consumeByte().
171 * @param byte - See consumeByte().
172 * @return - See consumeByte().
174 static int lookAtByte(struct InternalInstruction* insn, uint8_t* byte) {
175 return insn->reader(insn->readerArg, byte, insn->readerCursor);
178 static void unconsumeByte(struct InternalInstruction* insn) {
179 insn->readerCursor--;
182 #define CONSUME_FUNC(name, type) \
183 static int name(struct InternalInstruction* insn, type* ptr) { \
186 for (offset = 0; offset < sizeof(type); ++offset) { \
188 int ret = insn->reader(insn->readerArg, \
190 insn->readerCursor + offset); \
193 combined = combined | ((type)byte << ((type)offset * 8)); \
196 insn->readerCursor += sizeof(type); \
201 * consume* - Use the reader function provided by the user to consume data
202 * values of various sizes from the instruction's memory and advance the
203 * cursor appropriately. These readers perform endian conversion.
205 * @param insn - See consumeByte().
206 * @param ptr - A pointer to a pre-allocated memory of appropriate size to
207 * be populated with the data read.
208 * @return - See consumeByte().
210 CONSUME_FUNC(consumeInt8, int8_t)
211 CONSUME_FUNC(consumeInt16, int16_t)
212 CONSUME_FUNC(consumeInt32, int32_t)
213 CONSUME_FUNC(consumeUInt16, uint16_t)
214 CONSUME_FUNC(consumeUInt32, uint32_t)
215 CONSUME_FUNC(consumeUInt64, uint64_t)
218 * dbgprintf - Uses the logging function provided by the user to log a single
219 * message, typically without a carriage-return.
221 * @param insn - The instruction containing the logging function.
222 * @param format - See printf().
223 * @param ... - See printf().
225 static void dbgprintf(struct InternalInstruction* insn,
234 va_start(ap, format);
235 (void)vsnprintf(buffer, sizeof(buffer), format, ap);
238 insn->dlog(insn->dlogArg, buffer);
244 * setPrefixPresent - Marks that a particular prefix is present at a particular
247 * @param insn - The instruction to be marked as having the prefix.
248 * @param prefix - The prefix that is present.
249 * @param location - The location where the prefix is located (in the address
250 * space of the instruction's reader).
252 static void setPrefixPresent(struct InternalInstruction* insn,
256 insn->prefixPresent[prefix] = 1;
257 insn->prefixLocations[prefix] = location;
261 * isPrefixAtLocation - Queries an instruction to determine whether a prefix is
262 * present at a given location.
264 * @param insn - The instruction to be queried.
265 * @param prefix - The prefix.
266 * @param location - The location to query.
267 * @return - Whether the prefix is at that location.
269 static BOOL isPrefixAtLocation(struct InternalInstruction* insn,
273 if (insn->prefixPresent[prefix] == 1 &&
274 insn->prefixLocations[prefix] == location)
281 * readPrefixes - Consumes all of an instruction's prefix bytes, and marks the
282 * instruction as having them. Also sets the instruction's default operand,
283 * address, and other relevant data sizes to report operands correctly.
285 * @param insn - The instruction whose prefixes are to be read.
286 * @return - 0 if the instruction could be read until the end of the prefix
287 * bytes, and no prefixes conflicted; nonzero otherwise.
289 static int readPrefixes(struct InternalInstruction* insn) {
290 BOOL isPrefix = TRUE;
291 BOOL prefixGroups[4] = { FALSE };
292 uint64_t prefixLocation;
295 BOOL hasAdSize = FALSE;
296 BOOL hasOpSize = FALSE;
298 dbgprintf(insn, "readPrefixes()");
301 prefixLocation = insn->readerCursor;
303 if (consumeByte(insn, &byte))
307 case 0xf0: /* LOCK */
308 case 0xf2: /* REPNE/REPNZ */
309 case 0xf3: /* REP or REPE/REPZ */
311 dbgprintf(insn, "Redundant Group 1 prefix");
312 prefixGroups[0] = TRUE;
313 setPrefixPresent(insn, byte, prefixLocation);
315 case 0x2e: /* CS segment override -OR- Branch not taken */
316 case 0x36: /* SS segment override -OR- Branch taken */
317 case 0x3e: /* DS segment override */
318 case 0x26: /* ES segment override */
319 case 0x64: /* FS segment override */
320 case 0x65: /* GS segment override */
323 insn->segmentOverride = SEG_OVERRIDE_CS;
326 insn->segmentOverride = SEG_OVERRIDE_SS;
329 insn->segmentOverride = SEG_OVERRIDE_DS;
332 insn->segmentOverride = SEG_OVERRIDE_ES;
335 insn->segmentOverride = SEG_OVERRIDE_FS;
338 insn->segmentOverride = SEG_OVERRIDE_GS;
341 debug("Unhandled override");
345 dbgprintf(insn, "Redundant Group 2 prefix");
346 prefixGroups[1] = TRUE;
347 setPrefixPresent(insn, byte, prefixLocation);
349 case 0x66: /* Operand-size override */
351 dbgprintf(insn, "Redundant Group 3 prefix");
352 prefixGroups[2] = TRUE;
354 setPrefixPresent(insn, byte, prefixLocation);
356 case 0x67: /* Address-size override */
358 dbgprintf(insn, "Redundant Group 4 prefix");
359 prefixGroups[3] = TRUE;
361 setPrefixPresent(insn, byte, prefixLocation);
363 default: /* Not a prefix byte */
369 dbgprintf(insn, "Found prefix 0x%hhx", byte);
372 if (insn->mode == MODE_64BIT) {
373 if ((byte & 0xf0) == 0x40) {
376 if (lookAtByte(insn, &opcodeByte) || ((opcodeByte & 0xf0) == 0x40)) {
377 dbgprintf(insn, "Redundant REX prefix");
381 insn->rexPrefix = byte;
382 insn->necessaryPrefixLocation = insn->readerCursor - 2;
384 dbgprintf(insn, "Found REX prefix 0x%hhx", byte);
387 insn->necessaryPrefixLocation = insn->readerCursor - 1;
391 insn->necessaryPrefixLocation = insn->readerCursor - 1;
394 if (insn->mode == MODE_16BIT) {
395 insn->registerSize = (hasOpSize ? 4 : 2);
396 insn->addressSize = (hasAdSize ? 4 : 2);
397 insn->displacementSize = (hasAdSize ? 4 : 2);
398 insn->immediateSize = (hasOpSize ? 4 : 2);
399 } else if (insn->mode == MODE_32BIT) {
400 insn->registerSize = (hasOpSize ? 2 : 4);
401 insn->addressSize = (hasAdSize ? 2 : 4);
402 insn->displacementSize = (hasAdSize ? 2 : 4);
403 insn->immediateSize = (hasOpSize ? 2 : 4);
404 } else if (insn->mode == MODE_64BIT) {
405 if (insn->rexPrefix && wFromREX(insn->rexPrefix)) {
406 insn->registerSize = 8;
407 insn->addressSize = (hasAdSize ? 4 : 8);
408 insn->displacementSize = 4;
409 insn->immediateSize = 4;
410 } else if (insn->rexPrefix) {
411 insn->registerSize = (hasOpSize ? 2 : 4);
412 insn->addressSize = (hasAdSize ? 4 : 8);
413 insn->displacementSize = (hasOpSize ? 2 : 4);
414 insn->immediateSize = (hasOpSize ? 2 : 4);
416 insn->registerSize = (hasOpSize ? 2 : 4);
417 insn->addressSize = (hasAdSize ? 4 : 8);
418 insn->displacementSize = (hasOpSize ? 2 : 4);
419 insn->immediateSize = (hasOpSize ? 2 : 4);
427 * readOpcode - Reads the opcode (excepting the ModR/M byte in the case of
428 * extended or escape opcodes).
430 * @param insn - The instruction whose opcode is to be read.
431 * @return - 0 if the opcode could be read successfully; nonzero otherwise.
433 static int readOpcode(struct InternalInstruction* insn) {
434 /* Determine the length of the primary opcode */
438 dbgprintf(insn, "readOpcode()");
440 insn->opcodeType = ONEBYTE;
441 if (consumeByte(insn, ¤t))
444 if (current == 0x0f) {
445 dbgprintf(insn, "Found a two-byte escape prefix (0x%hhx)", current);
447 insn->twoByteEscape = current;
449 if (consumeByte(insn, ¤t))
452 if (current == 0x38) {
453 dbgprintf(insn, "Found a three-byte escape prefix (0x%hhx)", current);
455 insn->threeByteEscape = current;
457 if (consumeByte(insn, ¤t))
460 insn->opcodeType = THREEBYTE_38;
461 } else if (current == 0x3a) {
462 dbgprintf(insn, "Found a three-byte escape prefix (0x%hhx)", current);
464 insn->threeByteEscape = current;
466 if (consumeByte(insn, ¤t))
469 insn->opcodeType = THREEBYTE_3A;
471 dbgprintf(insn, "Didn't find a three-byte escape prefix");
473 insn->opcodeType = TWOBYTE;
478 * At this point we have consumed the full opcode.
479 * Anything we consume from here on must be unconsumed.
482 insn->opcode = current;
487 static int readModRM(struct InternalInstruction* insn);
490 * getIDWithAttrMask - Determines the ID of an instruction, consuming
491 * the ModR/M byte as appropriate for extended and escape opcodes,
492 * and using a supplied attribute mask.
494 * @param instructionID - A pointer whose target is filled in with the ID of the
496 * @param insn - The instruction whose ID is to be determined.
497 * @param attrMask - The attribute mask to search.
498 * @return - 0 if the ModR/M could be read when needed or was not
499 * needed; nonzero otherwise.
501 static int getIDWithAttrMask(uint16_t* instructionID,
502 struct InternalInstruction* insn,
504 BOOL hasModRMExtension;
506 uint8_t instructionClass;
508 instructionClass = contextForAttrs(attrMask);
510 hasModRMExtension = modRMRequired(insn->opcodeType,
514 if (hasModRMExtension) {
518 *instructionID = decode(insn->opcodeType,
523 *instructionID = decode(insn->opcodeType,
533 * is16BitEquivalent - Determines whether two instruction names refer to
534 * equivalent instructions but one is 16-bit whereas the other is not.
536 * @param orig - The instruction that is not 16-bit
537 * @param equiv - The instruction that is 16-bit
539 static BOOL is16BitEquvalent(const char* orig, const char* equiv) {
543 if (orig[i] == '\0' && equiv[i] == '\0')
545 if (orig[i] == '\0' || equiv[i] == '\0')
547 if (orig[i] != equiv[i]) {
548 if ((orig[i] == 'Q' || orig[i] == 'L') && equiv[i] == 'W')
550 if ((orig[i] == '6' || orig[i] == '3') && equiv[i] == '1')
552 if ((orig[i] == '4' || orig[i] == '2') && equiv[i] == '6')
560 * is64BitEquivalent - Determines whether two instruction names refer to
561 * equivalent instructions but one is 64-bit whereas the other is not.
563 * @param orig - The instruction that is not 64-bit
564 * @param equiv - The instruction that is 64-bit
566 static BOOL is64BitEquivalent(const char* orig, const char* equiv) {
570 if (orig[i] == '\0' && equiv[i] == '\0')
572 if (orig[i] == '\0' || equiv[i] == '\0')
574 if (orig[i] != equiv[i]) {
575 if ((orig[i] == 'W' || orig[i] == 'L') && equiv[i] == 'Q')
577 if ((orig[i] == '1' || orig[i] == '3') && equiv[i] == '6')
579 if ((orig[i] == '6' || orig[i] == '2') && equiv[i] == '4')
588 * getID - Determines the ID of an instruction, consuming the ModR/M byte as
589 * appropriate for extended and escape opcodes. Determines the attributes and
590 * context for the instruction before doing so.
592 * @param insn - The instruction whose ID is to be determined.
593 * @return - 0 if the ModR/M could be read when needed or was not needed;
596 static int getID(struct InternalInstruction* insn) {
598 uint16_t instructionID;
600 dbgprintf(insn, "getID()");
602 attrMask = ATTR_NONE;
604 if (insn->mode == MODE_64BIT)
605 attrMask |= ATTR_64BIT;
607 if (insn->rexPrefix & 0x08)
608 attrMask |= ATTR_REXW;
610 if (isPrefixAtLocation(insn, 0x66, insn->necessaryPrefixLocation))
611 attrMask |= ATTR_OPSIZE;
612 else if (isPrefixAtLocation(insn, 0xf3, insn->necessaryPrefixLocation))
614 else if (isPrefixAtLocation(insn, 0xf2, insn->necessaryPrefixLocation))
617 if (getIDWithAttrMask(&instructionID, insn, attrMask))
620 /* The following clauses compensate for limitations of the tables. */
622 if ((attrMask & ATTR_XD) && (attrMask & ATTR_REXW)) {
624 * Although for SSE instructions it is usually necessary to treat REX.W+F2
625 * as F2 for decode (in the absence of a 64BIT_REXW_XD category) there is
626 * an occasional instruction where F2 is incidental and REX.W is the more
627 * significant. If the decoded instruction is 32-bit and adding REX.W
628 * instead of F2 changes a 32 to a 64, we adopt the new encoding.
631 const struct InstructionSpecifier *spec;
632 uint16_t instructionIDWithREXw;
633 const struct InstructionSpecifier *specWithREXw;
635 spec = specifierForUID(instructionID);
637 if (getIDWithAttrMask(&instructionIDWithREXw,
639 attrMask & (~ATTR_XD))) {
641 * Decoding with REX.w would yield nothing; give up and return original
645 insn->instructionID = instructionID;
650 specWithREXw = specifierForUID(instructionIDWithREXw);
652 if (is64BitEquivalent(spec->name, specWithREXw->name)) {
653 insn->instructionID = instructionIDWithREXw;
654 insn->spec = specWithREXw;
656 insn->instructionID = instructionID;
662 if (insn->prefixPresent[0x66] && !(attrMask & ATTR_OPSIZE)) {
664 * The instruction tables make no distinction between instructions that
665 * allow OpSize anywhere (i.e., 16-bit operations) and that need it in a
666 * particular spot (i.e., many MMX operations). In general we're
667 * conservative, but in the specific case where OpSize is present but not
668 * in the right place we check if there's a 16-bit operation.
671 const struct InstructionSpecifier *spec;
672 uint16_t instructionIDWithOpsize;
673 const struct InstructionSpecifier *specWithOpsize;
675 spec = specifierForUID(instructionID);
677 if (getIDWithAttrMask(&instructionIDWithOpsize,
679 attrMask | ATTR_OPSIZE)) {
681 * ModRM required with OpSize but not present; give up and return version
685 insn->instructionID = instructionID;
690 specWithOpsize = specifierForUID(instructionIDWithOpsize);
692 if (is16BitEquvalent(spec->name, specWithOpsize->name)) {
693 insn->instructionID = instructionIDWithOpsize;
694 insn->spec = specWithOpsize;
696 insn->instructionID = instructionID;
702 insn->instructionID = instructionID;
703 insn->spec = specifierForUID(insn->instructionID);
709 * readSIB - Consumes the SIB byte to determine addressing information for an
712 * @param insn - The instruction whose SIB byte is to be read.
713 * @return - 0 if the SIB byte was successfully read; nonzero otherwise.
715 static int readSIB(struct InternalInstruction* insn) {
716 SIBIndex sibIndexBase = 0;
717 SIBBase sibBaseBase = 0;
720 dbgprintf(insn, "readSIB()");
722 if (insn->consumedSIB)
725 insn->consumedSIB = TRUE;
727 switch (insn->addressSize) {
729 dbgprintf(insn, "SIB-based addressing doesn't work in 16-bit mode");
733 sibIndexBase = SIB_INDEX_EAX;
734 sibBaseBase = SIB_BASE_EAX;
737 sibIndexBase = SIB_INDEX_RAX;
738 sibBaseBase = SIB_BASE_RAX;
742 if (consumeByte(insn, &insn->sib))
745 index = indexFromSIB(insn->sib) | (xFromREX(insn->rexPrefix) << 3);
749 insn->sibIndex = SIB_INDEX_NONE;
752 insn->sibIndex = (SIBIndex)(sibIndexBase + index);
753 if (insn->sibIndex == SIB_INDEX_sib ||
754 insn->sibIndex == SIB_INDEX_sib64)
755 insn->sibIndex = SIB_INDEX_NONE;
759 switch (scaleFromSIB(insn->sib)) {
774 base = baseFromSIB(insn->sib) | (bFromREX(insn->rexPrefix) << 3);
778 switch (modFromModRM(insn->modRM)) {
780 insn->eaDisplacement = EA_DISP_32;
781 insn->sibBase = SIB_BASE_NONE;
784 insn->eaDisplacement = EA_DISP_8;
785 insn->sibBase = (insn->addressSize == 4 ?
786 SIB_BASE_EBP : SIB_BASE_RBP);
789 insn->eaDisplacement = EA_DISP_32;
790 insn->sibBase = (insn->addressSize == 4 ?
791 SIB_BASE_EBP : SIB_BASE_RBP);
794 debug("Cannot have Mod = 0b11 and a SIB byte");
799 insn->sibBase = (SIBBase)(sibBaseBase + base);
807 * readDisplacement - Consumes the displacement of an instruction.
809 * @param insn - The instruction whose displacement is to be read.
810 * @return - 0 if the displacement byte was successfully read; nonzero
813 static int readDisplacement(struct InternalInstruction* insn) {
818 dbgprintf(insn, "readDisplacement()");
820 if (insn->consumedDisplacement)
823 insn->consumedDisplacement = TRUE;
825 switch (insn->eaDisplacement) {
827 insn->consumedDisplacement = FALSE;
830 if (consumeInt8(insn, &d8))
832 insn->displacement = d8;
835 if (consumeInt16(insn, &d16))
837 insn->displacement = d16;
840 if (consumeInt32(insn, &d32))
842 insn->displacement = d32;
846 insn->consumedDisplacement = TRUE;
851 * readModRM - Consumes all addressing information (ModR/M byte, SIB byte, and
852 * displacement) for an instruction and interprets it.
854 * @param insn - The instruction whose addressing information is to be read.
855 * @return - 0 if the information was successfully read; nonzero otherwise.
857 static int readModRM(struct InternalInstruction* insn) {
858 uint8_t mod, rm, reg;
860 dbgprintf(insn, "readModRM()");
862 if (insn->consumedModRM)
865 if (consumeByte(insn, &insn->modRM))
867 insn->consumedModRM = TRUE;
869 mod = modFromModRM(insn->modRM);
870 rm = rmFromModRM(insn->modRM);
871 reg = regFromModRM(insn->modRM);
874 * This goes by insn->registerSize to pick the correct register, which messes
875 * up if we're using (say) XMM or 8-bit register operands. That gets fixed in
878 switch (insn->registerSize) {
880 insn->regBase = MODRM_REG_AX;
881 insn->eaRegBase = EA_REG_AX;
884 insn->regBase = MODRM_REG_EAX;
885 insn->eaRegBase = EA_REG_EAX;
888 insn->regBase = MODRM_REG_RAX;
889 insn->eaRegBase = EA_REG_RAX;
893 reg |= rFromREX(insn->rexPrefix) << 3;
894 rm |= bFromREX(insn->rexPrefix) << 3;
896 insn->reg = (Reg)(insn->regBase + reg);
898 switch (insn->addressSize) {
900 insn->eaBaseBase = EA_BASE_BX_SI;
905 insn->eaBase = EA_BASE_NONE;
906 insn->eaDisplacement = EA_DISP_16;
907 if (readDisplacement(insn))
910 insn->eaBase = (EABase)(insn->eaBaseBase + rm);
911 insn->eaDisplacement = EA_DISP_NONE;
915 insn->eaBase = (EABase)(insn->eaBaseBase + rm);
916 insn->eaDisplacement = EA_DISP_8;
917 if (readDisplacement(insn))
921 insn->eaBase = (EABase)(insn->eaBaseBase + rm);
922 insn->eaDisplacement = EA_DISP_16;
923 if (readDisplacement(insn))
927 insn->eaBase = (EABase)(insn->eaRegBase + rm);
928 if (readDisplacement(insn))
935 insn->eaBaseBase = (insn->addressSize == 4 ? EA_BASE_EAX : EA_BASE_RAX);
939 insn->eaDisplacement = EA_DISP_NONE; /* readSIB may override this */
942 case 0xc: /* in case REXW.b is set */
943 insn->eaBase = (insn->addressSize == 4 ?
944 EA_BASE_sib : EA_BASE_sib64);
946 if (readDisplacement(insn))
950 insn->eaBase = EA_BASE_NONE;
951 insn->eaDisplacement = EA_DISP_32;
952 if (readDisplacement(insn))
956 insn->eaBase = (EABase)(insn->eaBaseBase + rm);
962 insn->eaDisplacement = (mod == 0x1 ? EA_DISP_8 : EA_DISP_32);
965 case 0xc: /* in case REXW.b is set */
966 insn->eaBase = EA_BASE_sib;
968 if (readDisplacement(insn))
972 insn->eaBase = (EABase)(insn->eaBaseBase + rm);
973 if (readDisplacement(insn))
979 insn->eaDisplacement = EA_DISP_NONE;
980 insn->eaBase = (EABase)(insn->eaRegBase + rm);
984 } /* switch (insn->addressSize) */
989 #define GENERIC_FIXUP_FUNC(name, base, prefix) \
990 static uint8_t name(struct InternalInstruction *insn, \
997 debug("Unhandled register type"); \
1001 return base + index; \
1003 if (insn->rexPrefix && \
1004 index >= 4 && index <= 7) { \
1005 return prefix##_SPL + (index - 4); \
1007 return prefix##_AL + index; \
1010 return prefix##_AX + index; \
1012 return prefix##_EAX + index; \
1014 return prefix##_RAX + index; \
1019 return prefix##_XMM0 + index; \
1025 return prefix##_MM0 + index; \
1026 case TYPE_SEGMENTREG: \
1029 return prefix##_ES + index; \
1030 case TYPE_DEBUGREG: \
1033 return prefix##_DR0 + index; \
1034 case TYPE_CONTROLREG: \
1037 return prefix##_CR0 + index; \
1042 * fixup*Value - Consults an operand type to determine the meaning of the
1043 * reg or R/M field. If the operand is an XMM operand, for example, an
1044 * operand would be XMM0 instead of AX, which readModRM() would otherwise
1045 * misinterpret it as.
1047 * @param insn - The instruction containing the operand.
1048 * @param type - The operand type.
1049 * @param index - The existing value of the field as reported by readModRM().
1050 * @param valid - The address of a uint8_t. The target is set to 1 if the
1051 * field is valid for the register class; 0 if not.
1052 * @return - The proper value.
1054 GENERIC_FIXUP_FUNC(fixupRegValue, insn->regBase, MODRM_REG)
1055 GENERIC_FIXUP_FUNC(fixupRMValue, insn->eaRegBase, EA_REG)
1058 * fixupReg - Consults an operand specifier to determine which of the
1059 * fixup*Value functions to use in correcting readModRM()'ss interpretation.
1061 * @param insn - See fixup*Value().
1062 * @param op - The operand specifier.
1063 * @return - 0 if fixup was successful; -1 if the register returned was
1064 * invalid for its class.
1066 static int fixupReg(struct InternalInstruction *insn,
1067 const struct OperandSpecifier *op) {
1070 dbgprintf(insn, "fixupReg()");
1072 switch ((OperandEncoding)op->encoding) {
1074 debug("Expected a REG or R/M encoding in fixupReg");
1077 insn->reg = (Reg)fixupRegValue(insn,
1078 (OperandType)op->type,
1079 insn->reg - insn->regBase,
1085 if (insn->eaBase >= insn->eaRegBase) {
1086 insn->eaBase = (EABase)fixupRMValue(insn,
1087 (OperandType)op->type,
1088 insn->eaBase - insn->eaRegBase,
1100 * readOpcodeModifier - Reads an operand from the opcode field of an
1101 * instruction. Handles AddRegFrm instructions.
1103 * @param insn - The instruction whose opcode field is to be read.
1104 * @param inModRM - Indicates that the opcode field is to be read from the
1105 * ModR/M extension; useful for escape opcodes
1106 * @return - 0 on success; nonzero otherwise.
1108 static int readOpcodeModifier(struct InternalInstruction* insn) {
1109 dbgprintf(insn, "readOpcodeModifier()");
1111 if (insn->consumedOpcodeModifier)
1114 insn->consumedOpcodeModifier = TRUE;
1116 switch (insn->spec->modifierType) {
1118 debug("Unknown modifier type.");
1121 debug("No modifier but an operand expects one.");
1123 case MODIFIER_OPCODE:
1124 insn->opcodeModifier = insn->opcode - insn->spec->modifierBase;
1126 case MODIFIER_MODRM:
1127 insn->opcodeModifier = insn->modRM - insn->spec->modifierBase;
1133 * readOpcodeRegister - Reads an operand from the opcode field of an
1134 * instruction and interprets it appropriately given the operand width.
1135 * Handles AddRegFrm instructions.
1137 * @param insn - See readOpcodeModifier().
1138 * @param size - The width (in bytes) of the register being specified.
1139 * 1 means AL and friends, 2 means AX, 4 means EAX, and 8 means
1141 * @return - 0 on success; nonzero otherwise.
1143 static int readOpcodeRegister(struct InternalInstruction* insn, uint8_t size) {
1144 dbgprintf(insn, "readOpcodeRegister()");
1146 if (readOpcodeModifier(insn))
1150 size = insn->registerSize;
1154 insn->opcodeRegister = (Reg)(MODRM_REG_AL + ((bFromREX(insn->rexPrefix) << 3)
1155 | insn->opcodeModifier));
1156 if (insn->rexPrefix &&
1157 insn->opcodeRegister >= MODRM_REG_AL + 0x4 &&
1158 insn->opcodeRegister < MODRM_REG_AL + 0x8) {
1159 insn->opcodeRegister = (Reg)(MODRM_REG_SPL
1160 + (insn->opcodeRegister - MODRM_REG_AL - 4));
1165 insn->opcodeRegister = (Reg)(MODRM_REG_AX
1166 + ((bFromREX(insn->rexPrefix) << 3)
1167 | insn->opcodeModifier));
1170 insn->opcodeRegister = (Reg)(MODRM_REG_EAX
1171 + ((bFromREX(insn->rexPrefix) << 3)
1172 | insn->opcodeModifier));
1175 insn->opcodeRegister = (Reg)(MODRM_REG_RAX
1176 + ((bFromREX(insn->rexPrefix) << 3)
1177 | insn->opcodeModifier));
1185 * readImmediate - Consumes an immediate operand from an instruction, given the
1186 * desired operand size.
1188 * @param insn - The instruction whose operand is to be read.
1189 * @param size - The width (in bytes) of the operand.
1190 * @return - 0 if the immediate was successfully consumed; nonzero
1193 static int readImmediate(struct InternalInstruction* insn, uint8_t size) {
1199 dbgprintf(insn, "readImmediate()");
1201 if (insn->numImmediatesConsumed == 2) {
1202 debug("Already consumed two immediates");
1207 size = insn->immediateSize;
1209 insn->immediateSize = size;
1213 if (consumeByte(insn, &imm8))
1215 insn->immediates[insn->numImmediatesConsumed] = imm8;
1218 if (consumeUInt16(insn, &imm16))
1220 insn->immediates[insn->numImmediatesConsumed] = imm16;
1223 if (consumeUInt32(insn, &imm32))
1225 insn->immediates[insn->numImmediatesConsumed] = imm32;
1228 if (consumeUInt64(insn, &imm64))
1230 insn->immediates[insn->numImmediatesConsumed] = imm64;
1234 insn->numImmediatesConsumed++;
1240 * readOperands - Consults the specifier for an instruction and consumes all
1241 * operands for that instruction, interpreting them as it goes.
1243 * @param insn - The instruction whose operands are to be read and interpreted.
1244 * @return - 0 if all operands could be read; nonzero otherwise.
1246 static int readOperands(struct InternalInstruction* insn) {
1249 dbgprintf(insn, "readOperands()");
1251 for (index = 0; index < X86_MAX_OPERANDS; ++index) {
1252 switch (insn->spec->operands[index].encoding) {
1257 if (readModRM(insn))
1259 if (fixupReg(insn, &insn->spec->operands[index]))
1268 dbgprintf(insn, "We currently don't hande code-offset encodings");
1271 if (readImmediate(insn, 1))
1273 if (insn->spec->operands[index].type == TYPE_IMM3 &&
1274 insn->immediates[insn->numImmediatesConsumed - 1] > 7)
1278 if (readImmediate(insn, 2))
1282 if (readImmediate(insn, 4))
1286 if (readImmediate(insn, 8))
1290 if (readImmediate(insn, insn->immediateSize))
1294 if (readImmediate(insn, insn->addressSize))
1298 if (readOpcodeRegister(insn, 1))
1302 if (readOpcodeRegister(insn, 2))
1306 if (readOpcodeRegister(insn, 4))
1310 if (readOpcodeRegister(insn, 8))
1314 if (readOpcodeRegister(insn, 0))
1318 if (readOpcodeModifier(insn))
1323 dbgprintf(insn, "Encountered an operand with an unknown encoding.");
1332 * decodeInstruction - Reads and interprets a full instruction provided by the
1335 * @param insn - A pointer to the instruction to be populated. Must be
1337 * @param reader - The function to be used to read the instruction's bytes.
1338 * @param readerArg - A generic argument to be passed to the reader to store
1339 * any internal state.
1340 * @param logger - If non-NULL, the function to be used to write log messages
1342 * @param loggerArg - A generic argument to be passed to the logger to store
1343 * any internal state.
1344 * @param startLoc - The address (in the reader's address space) of the first
1345 * byte in the instruction.
1346 * @param mode - The mode (real mode, IA-32e, or IA-32e in 64-bit mode) to
1347 * decode the instruction in.
1348 * @return - 0 if the instruction's memory could be read; nonzero if
1351 int decodeInstruction(struct InternalInstruction* insn,
1352 byteReader_t reader,
1357 DisassemblerMode mode) {
1358 memset(insn, 0, sizeof(struct InternalInstruction));
1360 insn->reader = reader;
1361 insn->readerArg = readerArg;
1362 insn->dlog = logger;
1363 insn->dlogArg = loggerArg;
1364 insn->startLocation = startLoc;
1365 insn->readerCursor = startLoc;
1367 insn->numImmediatesConsumed = 0;
1369 if (readPrefixes(insn) ||
1372 insn->instructionID == 0 ||
1376 insn->length = insn->readerCursor - insn->startLocation;
1378 dbgprintf(insn, "Read from 0x%llx to 0x%llx: length %zu",
1379 startLoc, insn->readerCursor, insn->length);
1381 if (insn->length > 15)
1382 dbgprintf(insn, "Instruction exceeds 15-byte limit");
projects / oota-llvm.git / blob