Merge branch 'junghee/arm64-unsigned-data' into 'main'

ARM64: Fix a bug in computing jump-table targets

See merge request rewriting/ddisasm!1237

Author: jdorn-gt

examples/arm64_asm_examples/ex_switch1/src.s

@@ -21,15 +21,15 @@ main:
 .L0:
     adrp x0, .s_zero
     add x0, x0, :lo12:.s_zero
-    b .L_exit
+    b .L_print
 .L1:
     adrp x0, .s_one
     add x0, x0, :lo12:.s_one
-    b .L_exit
+    b .L_print
 .L2:
     adrp x0, .s_two
     add x0, x0, :lo12:.s_two
-    b .L_exit
+    b .L_print
 .L3:
     adrp x0, .s_three
     add x0, x0, :lo12:.s_three

examples/arm64_asm_examples/ex_switch2/src.s

@@ -22,15 +22,15 @@ main:
     nop
     adrp x0, .s_zero
     add x0, x0, :lo12:.s_zero
-    b .L_exit
+    b .L_print
 .L1:
     adrp x0, .s_one
     add x0, x0, :lo12:.s_one
-    b .L_exit
+    b .L_print
 .L2:
     adrp x0, .s_two
     add x0, x0, :lo12:.s_two
-    b .L_exit
+    b .L_print
 .L3:
     adrp x0, .s_three
     add x0, x0, :lo12:.s_three

examples/arm64_asm_examples/ex_switch3/src.s

@@ -20,6 +20,7 @@ main:
     cmp w0, #3
     b.hi .L_exit
 
+.jump:
     # split the loads across the jumptable to ensure that they are not
     # correctly symbolized unless the jumptable is correct.
     adrp x22, .s_zero

examples/arm64_asm_examples/ex_switch4/Makefile

@@ -0,0 +1,14 @@
+CC=aarch64-linux-gnu-gcc
+EXEC=qemu-aarch64 -L /usr/aarch64-linux-gnu
+
+TARGETS=ex out.txt
+
+.PHONY: all clean check
+all: out.txt
+check: out.txt
+ex: src.s
+	$(CC) $^ -o $@
+out.txt: ex
+	$(EXEC) $^ > $@
+clean:
+	rm -f $(TARGETS) *.gtirb

examples/arm64_asm_examples/ex_switch4/src.s

@@ -0,0 +1,67 @@
+# Test switch with shift in indirect operand /w memory load of unsigned data
+
+.arch armv8-a
+.file "src.s"
+.text
+.global main
+.type main, %function
+main:
+    stp fp,lr,[sp,#-16]!
+    mov fp,sp
+
+    adrp x22, .L_jumptable
+    add x22,x22, :lo12:.L_jumptable
+
+    cmp w0,#3
+    b.hi .L_exit
+
+.jump:
+    ldrh w0,[x22,x0, lsl #1]
+    adr x1, .L0
+    add x0,x1,x0, lsl #2
+    br x0
+
+.L0:
+    adrp x0, .s_zero
+    add x0, x0, :lo12:.s_zero
+    b .L_print
+.L1:
+    adrp x0, .s_one
+    add x0, x0, :lo12:.s_one
+    b .L_print
+.L2:
+    adrp x0, .s_two
+    add x0, x0, :lo12:.s_two
+    b .L_print
+.L3:
+    adrp x0, .s_three
+    add x0, x0, :lo12:.s_three
+
+.L_print:
+    bl printf
+
+.L_exit:
+    ldp fp,lr,[sp],#16
+    mov x0, #0
+    ret
+
+.L_exit2:
+    ldp fp,lr,[sp],#16
+    mov x0, #1
+    ret
+
+.L_jumptable:
+    .short (.L0-.L0)/4
+    .short (.L1-.L0)/4
+    .short (.L2-.L0)/4
+    .short (.L3-.L0)/4
+
+.section .rodata
+.s_zero:
+    .ascii "zero\n\0"
+.s_one:
+    .ascii "one\n\0"
+.s_two:
+    .ascii "two\n\0"
+.s_three:
+    .ascii "three\n\0"

examples/arm64_asm_examples/ex_switch_limited_by_cmp/src.s

@@ -24,15 +24,15 @@ main:
 .L0:
     adrp x0, .s_zero
     add x0, x0, :lo12:.s_zero
-    b .L_exit
+    b .L_print
 .L1:
     adrp x0, .s_one
     add x0, x0, :lo12:.s_one
-    b .L_exit
+    b .L_print
 .L2:
     adrp x0, .s_two
     add x0, x0, :lo12:.s_two
-    b .L_exit
+    b .L_print
 .L3:
     adrp x0, .s_three
     add x0, x0, :lo12:.s_three

src/datalog/relative_jump_tables.dl

@@ -329,7 +329,8 @@ relative_jump_table_entry_target(EA,TableStart,Size,Reference,NewDest,Scale):-
     jump_table_signed(TableStart,Signed),
     (
         Signed = 0, data_uword(EA,Size,UDiff),
-        Dest = Reference + UDiff
+        Reference_unsigned = as(Reference,unsigned),
+        Dest = as(Reference_unsigned + as(Scale,unsigned)*UDiff,address)
         ;
         Signed = 1, data_word(EA,Size,SDiff),
         Reference_signed = as(Reference,number),

tests/cfg_test.py

@@ -104,24 +104,35 @@ def test_switch_limited_by_cmp(self):
     @unittest.skipUnless(
         platform.system() == "Linux", "This test is linux only."
     )
-    def test_switch_limited_by_cmp_arm64(self):
+    def test_switch_arm64(self):
         """
-        Ensure jump table propagation is limited by comparsions of the index
-        register.
+        Test jump-table construction in various cases
         """
-        binary = Path("ex")
-        with cd(ex_arm64_asm_dir / "ex_switch_limited_by_cmp"):
-            self.assertTrue(
-                compile(
-                    "aarch64-linux-gnu-gcc", "aarch64-linux-gnu-g++", "-O0", []
+        ex_info = [
+            ("ex_switch1", "main"),
+            ("ex_switch2", "main"),
+            ("ex_switch3", ".jump"),
+            ("ex_switch4", ".jump"),
+            ("ex_switch_limited_by_cmp", ".jump"),
+        ]
+        for example, symbol in ex_info:
+            binary = Path("ex")
+            with cd(ex_arm64_asm_dir / example):
+                self.assertTrue(
+                    compile(
+                        "aarch64-linux-gnu-gcc",
+                        "aarch64-linux-gnu-g++",
+                        "-O0",
+                        [],
+                    )
                 )
-            )
-            ir_library = disassemble(binary).ir()
-            m = ir_library.modules[0]
+                ir_library = disassemble(binary).ir()
+                m = ir_library.modules[0]
 
-        # check that the .jump has edges to only the four jump table entries
-        jump_sym = next(m.symbols_named(".jump"))
-        self.assertEqual(len(list(jump_sym.referent.outgoing_edges)), 4)
+            # check that the symbol has edges to only the four jump table
+            # entries
+            jump_sym = next(m.symbols_named(symbol))
+            self.assertEqual(len(list(jump_sym.referent.outgoing_edges)), 4)
 
     @unittest.skipUnless(
         platform.system() == "Linux", "This test is linux only."