Bug Summary

File:src/gnu/usr.bin/clang/liblldELF/../../../llvm/lld/ELF/Arch/ARM.cpp
Warning:line 408, column 15
The result of the right shift is undefined due to shifting by '32', which is greater or equal to the width of type 'uint32_t'

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name ARM.cpp -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=cplusplus -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model static -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/gnu/usr.bin/clang/liblldELF/obj -resource-dir /usr/local/lib/clang/13.0.0 -I /usr/src/gnu/usr.bin/clang/liblldELF/obj/../include/lld/ELF -I /usr/src/gnu/usr.bin/clang/liblldELF/../../../llvm/lld/include -I /usr/src/gnu/usr.bin/clang/liblldELF/../../../llvm/lld/ELF -I /usr/src/gnu/usr.bin/clang/liblldELF/../../../llvm/llvm/include -I /usr/src/gnu/usr.bin/clang/liblldELF/../include -I /usr/src/gnu/usr.bin/clang/liblldELF/obj -I /usr/src/gnu/usr.bin/clang/liblldELF/obj/../include -D NDEBUG -D __STDC_LIMIT_MACROS -D __STDC_CONSTANT_MACROS -D __STDC_FORMAT_MACROS -D LLVM_PREFIX="/usr" -internal-isystem /usr/include/c++/v1 -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -Wno-unused-parameter -Wwrite-strings -Wno-missing-field-initializers -Wno-long-long -Wno-comment -std=c++14 -fdeprecated-macro -fdebug-compilation-dir=/usr/src/gnu/usr.bin/clang/liblldELF/obj -ferror-limit 19 -fvisibility-inlines-hidden -fwrapv -stack-protector 2 -fno-rtti -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c++ /usr/src/gnu/usr.bin/clang/liblldELF/../../../llvm/lld/ELF/Arch/ARM.cpp
1//===- ARM.cpp ------------------------------------------------------------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8
9#include "InputFiles.h"
10#include "Symbols.h"
11#include "SyntheticSections.h"
12#include "Target.h"
13#include "Thunks.h"
14#include "lld/Common/ErrorHandler.h"
15#include "llvm/Object/ELF.h"
16#include "llvm/Support/Endian.h"
17
18using namespace llvm;
19using namespace llvm::support::endian;
20using namespace llvm::ELF;
21using namespace lld;
22using namespace lld::elf;
23
24namespace {
25class ARM final : public TargetInfo {
26public:
27 ARM();
28 uint32_t calcEFlags() const override;
29 RelExpr getRelExpr(RelType type, const Symbol &s,
30 const uint8_t *loc) const override;
31 RelType getDynRel(RelType type) const override;
32 int64_t getImplicitAddend(const uint8_t *buf, RelType type) const override;
33 void writeGotPlt(uint8_t *buf, const Symbol &s) const override;
34 void writeIgotPlt(uint8_t *buf, const Symbol &s) const override;
35 void writePltHeader(uint8_t *buf) const override;
36 void writePlt(uint8_t *buf, const Symbol &sym,
37 uint64_t pltEntryAddr) const override;
38 void addPltSymbols(InputSection &isec, uint64_t off) const override;
39 void addPltHeaderSymbols(InputSection &isd) const override;
40 bool needsThunk(RelExpr expr, RelType type, const InputFile *file,
41 uint64_t branchAddr, const Symbol &s,
42 int64_t a) const override;
43 uint32_t getThunkSectionSpacing() const override;
44 bool inBranchRange(RelType type, uint64_t src, uint64_t dst) const override;
45 void relocate(uint8_t *loc, const Relocation &rel,
46 uint64_t val) const override;
47};
48} // namespace
49
50ARM::ARM() {
51 copyRel = R_ARM_COPY;
52 relativeRel = R_ARM_RELATIVE;
53 iRelativeRel = R_ARM_IRELATIVE;
54 gotRel = R_ARM_GLOB_DAT;
55 noneRel = R_ARM_NONE;
56 pltRel = R_ARM_JUMP_SLOT;
57 symbolicRel = R_ARM_ABS32;
58 tlsGotRel = R_ARM_TLS_TPOFF32;
59 tlsModuleIndexRel = R_ARM_TLS_DTPMOD32;
60 tlsOffsetRel = R_ARM_TLS_DTPOFF32;
61 gotBaseSymInGotPlt = false;
62 pltHeaderSize = 32;
63 pltEntrySize = 16;
64 ipltEntrySize = 16;
65 trapInstr = {0xd4, 0xd4, 0xd4, 0xd4};
66 needsThunks = true;
67 defaultMaxPageSize = 65536;
68}
69
70uint32_t ARM::calcEFlags() const {
71 // The ABIFloatType is used by loaders to detect the floating point calling
72 // convention.
73 uint32_t abiFloatType = 0;
74 if (config->armVFPArgs == ARMVFPArgKind::Base ||
75 config->armVFPArgs == ARMVFPArgKind::Default)
76 abiFloatType = EF_ARM_ABI_FLOAT_SOFT;
77 else if (config->armVFPArgs == ARMVFPArgKind::VFP)
78 abiFloatType = EF_ARM_ABI_FLOAT_HARD;
79
80 // We don't currently use any features incompatible with EF_ARM_EABI_VER5,
81 // but we don't have any firm guarantees of conformance. Linux AArch64
82 // kernels (as of 2016) require an EABI version to be set.
83 return EF_ARM_EABI_VER5 | abiFloatType;
84}
85
86RelExpr ARM::getRelExpr(RelType type, const Symbol &s,
87 const uint8_t *loc) const {
88 switch (type) {
89 case R_ARM_THM_JUMP11:
90 return R_PC;
91 case R_ARM_CALL:
92 case R_ARM_JUMP24:
93 case R_ARM_PC24:
94 case R_ARM_PLT32:
95 case R_ARM_PREL31:
96 case R_ARM_THM_JUMP19:
97 case R_ARM_THM_JUMP24:
98 case R_ARM_THM_CALL:
99 return R_PLT_PC;
100 case R_ARM_GOTOFF32:
101 // (S + A) - GOT_ORG
102 return R_GOTREL;
103 case R_ARM_GOT_BREL:
104 // GOT(S) + A - GOT_ORG
105 return R_GOT_OFF;
106 case R_ARM_GOT_PREL:
107 case R_ARM_TLS_IE32:
108 // GOT(S) + A - P
109 return R_GOT_PC;
110 case R_ARM_SBREL32:
111 return R_ARM_SBREL;
112 case R_ARM_TARGET1:
113 return config->target1Rel ? R_PC : R_ABS;
114 case R_ARM_TARGET2:
115 if (config->target2 == Target2Policy::Rel)
116 return R_PC;
117 if (config->target2 == Target2Policy::Abs)
118 return R_ABS;
119 return R_GOT_PC;
120 case R_ARM_TLS_GD32:
121 return R_TLSGD_PC;
122 case R_ARM_TLS_LDM32:
123 return R_TLSLD_PC;
124 case R_ARM_TLS_LDO32:
125 return R_DTPREL;
126 case R_ARM_BASE_PREL:
127 // B(S) + A - P
128 // FIXME: currently B(S) assumed to be .got, this may not hold for all
129 // platforms.
130 return R_GOTONLY_PC;
131 case R_ARM_MOVW_PREL_NC:
132 case R_ARM_MOVT_PREL:
133 case R_ARM_REL32:
134 case R_ARM_THM_MOVW_PREL_NC:
135 case R_ARM_THM_MOVT_PREL:
136 return R_PC;
137 case R_ARM_ALU_PC_G0:
138 case R_ARM_LDR_PC_G0:
139 case R_ARM_THM_ALU_PREL_11_0:
140 case R_ARM_THM_PC8:
141 case R_ARM_THM_PC12:
142 return R_ARM_PCA;
143 case R_ARM_MOVW_BREL_NC:
144 case R_ARM_MOVW_BREL:
145 case R_ARM_MOVT_BREL:
146 case R_ARM_THM_MOVW_BREL_NC:
147 case R_ARM_THM_MOVW_BREL:
148 case R_ARM_THM_MOVT_BREL:
149 return R_ARM_SBREL;
150 case R_ARM_NONE:
151 return R_NONE;
152 case R_ARM_TLS_LE32:
153 return R_TPREL;
154 case R_ARM_V4BX:
155 // V4BX is just a marker to indicate there's a "bx rN" instruction at the
156 // given address. It can be used to implement a special linker mode which
157 // rewrites ARMv4T inputs to ARMv4. Since we support only ARMv4 input and
158 // not ARMv4 output, we can just ignore it.
159 return R_NONE;
160 default:
161 return R_ABS;
162 }
163}
164
165RelType ARM::getDynRel(RelType type) const {
166 if ((type == R_ARM_ABS32) || (type == R_ARM_TARGET1 && !config->target1Rel))
167 return R_ARM_ABS32;
168 return R_ARM_NONE;
169}
170
171void ARM::writeGotPlt(uint8_t *buf, const Symbol &) const {
172 write32le(buf, in.plt->getVA());
173}
174
175void ARM::writeIgotPlt(uint8_t *buf, const Symbol &s) const {
176 // An ARM entry is the address of the ifunc resolver function.
177 write32le(buf, s.getVA());
178}
179
180// Long form PLT Header that does not have any restrictions on the displacement
181// of the .plt from the .plt.got.
182static void writePltHeaderLong(uint8_t *buf) {
183 const uint8_t pltData[] = {
184 0x04, 0xe0, 0x2d, 0xe5, // str lr, [sp,#-4]!
185 0x04, 0xe0, 0x9f, 0xe5, // ldr lr, L2
186 0x0e, 0xe0, 0x8f, 0xe0, // L1: add lr, pc, lr
187 0x08, 0xf0, 0xbe, 0xe5, // ldr pc, [lr, #8]
188 0x00, 0x00, 0x00, 0x00, // L2: .word &(.got.plt) - L1 - 8
189 0xd4, 0xd4, 0xd4, 0xd4, // Pad to 32-byte boundary
190 0xd4, 0xd4, 0xd4, 0xd4, // Pad to 32-byte boundary
191 0xd4, 0xd4, 0xd4, 0xd4};
192 memcpy(buf, pltData, sizeof(pltData));
193 uint64_t gotPlt = in.gotPlt->getVA();
194 uint64_t l1 = in.plt->getVA() + 8;
195 write32le(buf + 16, gotPlt - l1 - 8);
196}
197
198// The default PLT header requires the .plt.got to be within 128 Mb of the
199// .plt in the positive direction.
200void ARM::writePltHeader(uint8_t *buf) const {
201 // Use a similar sequence to that in writePlt(), the difference is the calling
202 // conventions mean we use lr instead of ip. The PLT entry is responsible for
203 // saving lr on the stack, the dynamic loader is responsible for reloading
204 // it.
205 const uint32_t pltData[] = {
206 0xe52de004, // L1: str lr, [sp,#-4]!
207 0xe28fe600, // add lr, pc, #0x0NN00000 &(.got.plt - L1 - 4)
208 0xe28eea00, // add lr, lr, #0x000NN000 &(.got.plt - L1 - 4)
209 0xe5bef000, // ldr pc, [lr, #0x00000NNN] &(.got.plt -L1 - 4)
210 };
211
212 uint64_t offset = in.gotPlt->getVA() - in.plt->getVA() - 4;
213 if (!llvm::isUInt<27>(offset)) {
214 // We cannot encode the Offset, use the long form.
215 writePltHeaderLong(buf);
216 return;
217 }
218 write32le(buf + 0, pltData[0]);
219 write32le(buf + 4, pltData[1] | ((offset >> 20) & 0xff));
220 write32le(buf + 8, pltData[2] | ((offset >> 12) & 0xff));
221 write32le(buf + 12, pltData[3] | (offset & 0xfff));
222 memcpy(buf + 16, trapInstr.data(), 4); // Pad to 32-byte boundary
223 memcpy(buf + 20, trapInstr.data(), 4);
224 memcpy(buf + 24, trapInstr.data(), 4);
225 memcpy(buf + 28, trapInstr.data(), 4);
226}
227
228void ARM::addPltHeaderSymbols(InputSection &isec) const {
229 addSyntheticLocal("$a", STT_NOTYPE, 0, 0, isec);
230 addSyntheticLocal("$d", STT_NOTYPE, 16, 0, isec);
231}
232
233// Long form PLT entries that do not have any restrictions on the displacement
234// of the .plt from the .plt.got.
235static void writePltLong(uint8_t *buf, uint64_t gotPltEntryAddr,
236 uint64_t pltEntryAddr) {
237 const uint8_t pltData[] = {
238 0x04, 0xc0, 0x9f, 0xe5, // ldr ip, L2
239 0x0f, 0xc0, 0x8c, 0xe0, // L1: add ip, ip, pc
240 0x00, 0xf0, 0x9c, 0xe5, // ldr pc, [ip]
241 0x00, 0x00, 0x00, 0x00, // L2: .word Offset(&(.plt.got) - L1 - 8
242 };
243 memcpy(buf, pltData, sizeof(pltData));
244 uint64_t l1 = pltEntryAddr + 4;
245 write32le(buf + 12, gotPltEntryAddr - l1 - 8);
246}
247
248// The default PLT entries require the .plt.got to be within 128 Mb of the
249// .plt in the positive direction.
250void ARM::writePlt(uint8_t *buf, const Symbol &sym,
251 uint64_t pltEntryAddr) const {
252 // The PLT entry is similar to the example given in Appendix A of ELF for
253 // the Arm Architecture. Instead of using the Group Relocations to find the
254 // optimal rotation for the 8-bit immediate used in the add instructions we
255 // hard code the most compact rotations for simplicity. This saves a load
256 // instruction over the long plt sequences.
257 const uint32_t pltData[] = {
258 0xe28fc600, // L1: add ip, pc, #0x0NN00000 Offset(&(.plt.got) - L1 - 8
259 0xe28cca00, // add ip, ip, #0x000NN000 Offset(&(.plt.got) - L1 - 8
260 0xe5bcf000, // ldr pc, [ip, #0x00000NNN] Offset(&(.plt.got) - L1 - 8
261 };
262
263 uint64_t offset = sym.getGotPltVA() - pltEntryAddr - 8;
264 if (!llvm::isUInt<27>(offset)) {
265 // We cannot encode the Offset, use the long form.
266 writePltLong(buf, sym.getGotPltVA(), pltEntryAddr);
267 return;
268 }
269 write32le(buf + 0, pltData[0] | ((offset >> 20) & 0xff));
270 write32le(buf + 4, pltData[1] | ((offset >> 12) & 0xff));
271 write32le(buf + 8, pltData[2] | (offset & 0xfff));
272 memcpy(buf + 12, trapInstr.data(), 4); // Pad to 16-byte boundary
273}
274
275void ARM::addPltSymbols(InputSection &isec, uint64_t off) const {
276 addSyntheticLocal("$a", STT_NOTYPE, off, 0, isec);
277 addSyntheticLocal("$d", STT_NOTYPE, off + 12, 0, isec);
278}
279
280bool ARM::needsThunk(RelExpr expr, RelType type, const InputFile *file,
281 uint64_t branchAddr, const Symbol &s,
282 int64_t a) const {
283 // If S is an undefined weak symbol and does not have a PLT entry then it
284 // will be resolved as a branch to the next instruction.
285 if (s.isUndefWeak() && !s.isInPlt())
286 return false;
287 // A state change from ARM to Thumb and vice versa must go through an
288 // interworking thunk if the relocation type is not R_ARM_CALL or
289 // R_ARM_THM_CALL.
290 switch (type) {
291 case R_ARM_PC24:
292 case R_ARM_PLT32:
293 case R_ARM_JUMP24:
294 // Source is ARM, all PLT entries are ARM so no interworking required.
295 // Otherwise we need to interwork if STT_FUNC Symbol has bit 0 set (Thumb).
296 if (s.isFunc() && expr == R_PC && (s.getVA() & 1))
297 return true;
298 LLVM_FALLTHROUGH[[gnu::fallthrough]];
299 case R_ARM_CALL: {
300 uint64_t dst = (expr == R_PLT_PC) ? s.getPltVA() : s.getVA();
301 return !inBranchRange(type, branchAddr, dst + a);
302 }
303 case R_ARM_THM_JUMP19:
304 case R_ARM_THM_JUMP24:
305 // Source is Thumb, all PLT entries are ARM so interworking is required.
306 // Otherwise we need to interwork if STT_FUNC Symbol has bit 0 clear (ARM).
307 if (expr == R_PLT_PC || (s.isFunc() && (s.getVA() & 1) == 0))
308 return true;
309 LLVM_FALLTHROUGH[[gnu::fallthrough]];
310 case R_ARM_THM_CALL: {
311 uint64_t dst = (expr == R_PLT_PC) ? s.getPltVA() : s.getVA();
312 return !inBranchRange(type, branchAddr, dst + a);
313 }
314 }
315 return false;
316}
317
318uint32_t ARM::getThunkSectionSpacing() const {
319 // The placing of pre-created ThunkSections is controlled by the value
320 // thunkSectionSpacing returned by getThunkSectionSpacing(). The aim is to
321 // place the ThunkSection such that all branches from the InputSections
322 // prior to the ThunkSection can reach a Thunk placed at the end of the
323 // ThunkSection. Graphically:
324 // | up to thunkSectionSpacing .text input sections |
325 // | ThunkSection |
326 // | up to thunkSectionSpacing .text input sections |
327 // | ThunkSection |
328
329 // Pre-created ThunkSections are spaced roughly 16MiB apart on ARMv7. This
330 // is to match the most common expected case of a Thumb 2 encoded BL, BLX or
331 // B.W:
332 // ARM B, BL, BLX range +/- 32MiB
333 // Thumb B.W, BL, BLX range +/- 16MiB
334 // Thumb B<cc>.W range +/- 1MiB
335 // If a branch cannot reach a pre-created ThunkSection a new one will be
336 // created so we can handle the rare cases of a Thumb 2 conditional branch.
337 // We intentionally use a lower size for thunkSectionSpacing than the maximum
338 // branch range so the end of the ThunkSection is more likely to be within
339 // range of the branch instruction that is furthest away. The value we shorten
340 // thunkSectionSpacing by is set conservatively to allow us to create 16,384
341 // 12 byte Thunks at any offset in a ThunkSection without risk of a branch to
342 // one of the Thunks going out of range.
343
344 // On Arm the thunkSectionSpacing depends on the range of the Thumb Branch
345 // range. On earlier Architectures such as ARMv4, ARMv5 and ARMv6 (except
346 // ARMv6T2) the range is +/- 4MiB.
347
348 return (config->armJ1J2BranchEncoding) ? 0x1000000 - 0x30000
349 : 0x400000 - 0x7500;
350}
351
352bool ARM::inBranchRange(RelType type, uint64_t src, uint64_t dst) const {
353 if ((dst & 0x1) == 0)
354 // Destination is ARM, if ARM caller then Src is already 4-byte aligned.
355 // If Thumb Caller (BLX) the Src address has bottom 2 bits cleared to ensure
356 // destination will be 4 byte aligned.
357 src &= ~0x3;
358 else
359 // Bit 0 == 1 denotes Thumb state, it is not part of the range.
360 dst &= ~0x1;
361
362 int64_t offset = dst - src;
363 switch (type) {
364 case R_ARM_PC24:
365 case R_ARM_PLT32:
366 case R_ARM_JUMP24:
367 case R_ARM_CALL:
368 return llvm::isInt<26>(offset);
369 case R_ARM_THM_JUMP19:
370 return llvm::isInt<21>(offset);
371 case R_ARM_THM_JUMP24:
372 case R_ARM_THM_CALL:
373 return config->armJ1J2BranchEncoding ? llvm::isInt<25>(offset)
374 : llvm::isInt<23>(offset);
375 default:
376 return true;
377 }
378}
379
380// Helper to produce message text when LLD detects that a CALL relocation to
381// a non STT_FUNC symbol that may result in incorrect interworking between ARM
382// or Thumb.
383static void stateChangeWarning(uint8_t *loc, RelType relt, const Symbol &s) {
384 assert(!s.isFunc())((void)0);
385 if (s.isSection()) {
386 // Section symbols must be defined and in a section. Users cannot change
387 // the type. Use the section name as getName() returns an empty string.
388 warn(getErrorLocation(loc) + "branch and link relocation: " +
389 toString(relt) + " to STT_SECTION symbol " +
390 cast<Defined>(s).section->name + " ; interworking not performed");
391 } else {
392 // Warn with hint on how to alter the symbol type.
393 warn(getErrorLocation(loc) + "branch and link relocation: " +
394 toString(relt) + " to non STT_FUNC symbol: " + s.getName() +
395 " interworking not performed; consider using directive '.type " +
396 s.getName() +
397 ", %function' to give symbol type STT_FUNC if"
398 " interworking between ARM and Thumb is required");
399 }
400}
401
402// Utility functions taken from ARMAddressingModes.h, only changes are LLD
403// coding style.
404
405// Rotate a 32-bit unsigned value right by a specified amt of bits.
406static uint32_t rotr32(uint32_t val, uint32_t amt) {
407 assert(amt < 32 && "Invalid rotate amount")((void)0);
408 return (val >> amt) | (val << ((32 - amt) & 31));
12
The result of the right shift is undefined due to shifting by '32', which is greater or equal to the width of type 'uint32_t'
409}
410
411// Rotate a 32-bit unsigned value left by a specified amt of bits.
412static uint32_t rotl32(uint32_t val, uint32_t amt) {
413 assert(amt < 32 && "Invalid rotate amount")((void)0);
414 return (val << amt) | (val >> ((32 - amt) & 31));
415}
416
417// Try to encode a 32-bit unsigned immediate imm with an immediate shifter
418// operand, this form is an 8-bit immediate rotated right by an even number of
419// bits. We compute the rotate amount to use. If this immediate value cannot be
420// handled with a single shifter-op, determine a good rotate amount that will
421// take a maximal chunk of bits out of the immediate.
422static uint32_t getSOImmValRotate(uint32_t imm) {
423 // 8-bit (or less) immediates are trivially shifter_operands with a rotate
424 // of zero.
425 if ((imm & ~255U) == 0)
7
Assuming the condition is false
8
Taking false branch
426 return 0;
427
428 // Use CTZ to compute the rotate amount.
429 unsigned tz = llvm::countTrailingZeros(imm);
430
431 // Rotate amount must be even. Something like 0x200 must be rotated 8 bits,
432 // not 9.
433 unsigned rotAmt = tz & ~1;
9
'rotAmt' initialized to 32
434
435 // If we can handle this spread, return it.
436 if ((rotr32(imm, rotAmt) & ~255U) == 0)
10
Passing the value 32 via 2nd parameter 'amt'
11
Calling 'rotr32'
437 return (32 - rotAmt) & 31; // HW rotates right, not left.
438
439 // For values like 0xF000000F, we should ignore the low 6 bits, then
440 // retry the hunt.
441 if (imm & 63U) {
442 unsigned tz2 = countTrailingZeros(imm & ~63U);
443 unsigned rotAmt2 = tz2 & ~1;
444 if ((rotr32(imm, rotAmt2) & ~255U) == 0)
445 return (32 - rotAmt2) & 31; // HW rotates right, not left.
446 }
447
448 // Otherwise, we have no way to cover this span of bits with a single
449 // shifter_op immediate. Return a chunk of bits that will be useful to
450 // handle.
451 return (32 - rotAmt) & 31; // HW rotates right, not left.
452}
453
454void ARM::relocate(uint8_t *loc, const Relocation &rel, uint64_t val) const {
455 switch (rel.type) {
1
Control jumps to 'case R_ARM_ALU_PC_G0:' at line 618
456 case R_ARM_ABS32:
457 case R_ARM_BASE_PREL:
458 case R_ARM_GOTOFF32:
459 case R_ARM_GOT_BREL:
460 case R_ARM_GOT_PREL:
461 case R_ARM_REL32:
462 case R_ARM_RELATIVE:
463 case R_ARM_SBREL32:
464 case R_ARM_TARGET1:
465 case R_ARM_TARGET2:
466 case R_ARM_TLS_GD32:
467 case R_ARM_TLS_IE32:
468 case R_ARM_TLS_LDM32:
469 case R_ARM_TLS_LDO32:
470 case R_ARM_TLS_LE32:
471 case R_ARM_TLS_TPOFF32:
472 case R_ARM_TLS_DTPOFF32:
473 write32le(loc, val);
474 break;
475 case R_ARM_PREL31:
476 checkInt(loc, val, 31, rel);
477 write32le(loc, (read32le(loc) & 0x80000000) | (val & ~0x80000000));
478 break;
479 case R_ARM_CALL: {
480 // R_ARM_CALL is used for BL and BLX instructions, for symbols of type
481 // STT_FUNC we choose whether to write a BL or BLX depending on the
482 // value of bit 0 of Val. With bit 0 == 1 denoting Thumb. If the symbol is
483 // not of type STT_FUNC then we must preserve the original instruction.
484 // PLT entries are always ARM state so we know we don't need to interwork.
485 assert(rel.sym)((void)0); // R_ARM_CALL is always reached via relocate().
486 bool bit0Thumb = val & 1;
487 bool isBlx = (read32le(loc) & 0xfe000000) == 0xfa000000;
488 // lld 10.0 and before always used bit0Thumb when deciding to write a BLX
489 // even when type not STT_FUNC.
490 if (!rel.sym->isFunc() && isBlx != bit0Thumb)
491 stateChangeWarning(loc, rel.type, *rel.sym);
492 if (rel.sym->isFunc() ? bit0Thumb : isBlx) {
493 // The BLX encoding is 0xfa:H:imm24 where Val = imm24:H:'1'
494 checkInt(loc, val, 26, rel);
495 write32le(loc, 0xfa000000 | // opcode
496 ((val & 2) << 23) | // H
497 ((val >> 2) & 0x00ffffff)); // imm24
498 break;
499 }
500 // BLX (always unconditional) instruction to an ARM Target, select an
501 // unconditional BL.
502 write32le(loc, 0xeb000000 | (read32le(loc) & 0x00ffffff));
503 // fall through as BL encoding is shared with B
504 }
505 LLVM_FALLTHROUGH[[gnu::fallthrough]];
506 case R_ARM_JUMP24:
507 case R_ARM_PC24:
508 case R_ARM_PLT32:
509 checkInt(loc, val, 26, rel);
510 write32le(loc, (read32le(loc) & ~0x00ffffff) | ((val >> 2) & 0x00ffffff));
511 break;
512 case R_ARM_THM_JUMP11:
513 checkInt(loc, val, 12, rel);
514 write16le(loc, (read32le(loc) & 0xf800) | ((val >> 1) & 0x07ff));
515 break;
516 case R_ARM_THM_JUMP19:
517 // Encoding T3: Val = S:J2:J1:imm6:imm11:0
518 checkInt(loc, val, 21, rel);
519 write16le(loc,
520 (read16le(loc) & 0xfbc0) | // opcode cond
521 ((val >> 10) & 0x0400) | // S
522 ((val >> 12) & 0x003f)); // imm6
523 write16le(loc + 2,
524 0x8000 | // opcode
525 ((val >> 8) & 0x0800) | // J2
526 ((val >> 5) & 0x2000) | // J1
527 ((val >> 1) & 0x07ff)); // imm11
528 break;
529 case R_ARM_THM_CALL: {
530 // R_ARM_THM_CALL is used for BL and BLX instructions, for symbols of type
531 // STT_FUNC we choose whether to write a BL or BLX depending on the
532 // value of bit 0 of Val. With bit 0 == 0 denoting ARM, if the symbol is
533 // not of type STT_FUNC then we must preserve the original instruction.
534 // PLT entries are always ARM state so we know we need to interwork.
535 assert(rel.sym)((void)0); // R_ARM_THM_CALL is always reached via relocate().
536 bool bit0Thumb = val & 1;
537 bool isBlx = (read16le(loc + 2) & 0x1000) == 0;
538 // lld 10.0 and before always used bit0Thumb when deciding to write a BLX
539 // even when type not STT_FUNC. PLT entries generated by LLD are always ARM.
540 if (!rel.sym->isFunc() && !rel.sym->isInPlt() && isBlx == bit0Thumb)
541 stateChangeWarning(loc, rel.type, *rel.sym);
542 if (rel.sym->isFunc() || rel.sym->isInPlt() ? !bit0Thumb : isBlx) {
543 // We are writing a BLX. Ensure BLX destination is 4-byte aligned. As
544 // the BLX instruction may only be two byte aligned. This must be done
545 // before overflow check.
546 val = alignTo(val, 4);
547 write16le(loc + 2, read16le(loc + 2) & ~0x1000);
548 } else {
549 write16le(loc + 2, (read16le(loc + 2) & ~0x1000) | 1 << 12);
550 }
551 if (!config->armJ1J2BranchEncoding) {
552 // Older Arm architectures do not support R_ARM_THM_JUMP24 and have
553 // different encoding rules and range due to J1 and J2 always being 1.
554 checkInt(loc, val, 23, rel);
555 write16le(loc,
556 0xf000 | // opcode
557 ((val >> 12) & 0x07ff)); // imm11
558 write16le(loc + 2,
559 (read16le(loc + 2) & 0xd000) | // opcode
560 0x2800 | // J1 == J2 == 1
561 ((val >> 1) & 0x07ff)); // imm11
562 break;
563 }
564 }
565 // Fall through as rest of encoding is the same as B.W
566 LLVM_FALLTHROUGH[[gnu::fallthrough]];
567 case R_ARM_THM_JUMP24:
568 // Encoding B T4, BL T1, BLX T2: Val = S:I1:I2:imm10:imm11:0
569 checkInt(loc, val, 25, rel);
570 write16le(loc,
571 0xf000 | // opcode
572 ((val >> 14) & 0x0400) | // S
573 ((val >> 12) & 0x03ff)); // imm10
574 write16le(loc + 2,
575 (read16le(loc + 2) & 0xd000) | // opcode
576 (((~(val >> 10)) ^ (val >> 11)) & 0x2000) | // J1
577 (((~(val >> 11)) ^ (val >> 13)) & 0x0800) | // J2
578 ((val >> 1) & 0x07ff)); // imm11
579 break;
580 case R_ARM_MOVW_ABS_NC:
581 case R_ARM_MOVW_PREL_NC:
582 case R_ARM_MOVW_BREL_NC:
583 write32le(loc, (read32le(loc) & ~0x000f0fff) | ((val & 0xf000) << 4) |
584 (val & 0x0fff));
585 break;
586 case R_ARM_MOVT_ABS:
587 case R_ARM_MOVT_PREL:
588 case R_ARM_MOVT_BREL:
589 write32le(loc, (read32le(loc) & ~0x000f0fff) |
590 (((val >> 16) & 0xf000) << 4) | ((val >> 16) & 0xfff));
591 break;
592 case R_ARM_THM_MOVT_ABS:
593 case R_ARM_THM_MOVT_PREL:
594 case R_ARM_THM_MOVT_BREL:
595 // Encoding T1: A = imm4:i:imm3:imm8
596 write16le(loc,
597 0xf2c0 | // opcode
598 ((val >> 17) & 0x0400) | // i
599 ((val >> 28) & 0x000f)); // imm4
600 write16le(loc + 2,
601 (read16le(loc + 2) & 0x8f00) | // opcode
602 ((val >> 12) & 0x7000) | // imm3
603 ((val >> 16) & 0x00ff)); // imm8
604 break;
605 case R_ARM_THM_MOVW_ABS_NC:
606 case R_ARM_THM_MOVW_PREL_NC:
607 case R_ARM_THM_MOVW_BREL_NC:
608 // Encoding T3: A = imm4:i:imm3:imm8
609 write16le(loc,
610 0xf240 | // opcode
611 ((val >> 1) & 0x0400) | // i
612 ((val >> 12) & 0x000f)); // imm4
613 write16le(loc + 2,
614 (read16le(loc + 2) & 0x8f00) | // opcode
615 ((val << 4) & 0x7000) | // imm3
616 (val & 0x00ff)); // imm8
617 break;
618 case R_ARM_ALU_PC_G0: {
619 // ADR (literal) add = bit23, sub = bit22
620 // literal is a 12-bit modified immediate, made up of a 4-bit even rotate
621 // right and an 8-bit immediate. The code-sequence here is derived from
622 // ARMAddressingModes.h in llvm/Target/ARM/MCTargetDesc. In our case we
623 // want to give an error if we cannot encode the constant.
624 uint32_t opcode = 0x00800000;
625 if (val >> 63) {
2
Assuming the condition is false
3
Taking false branch
626 opcode = 0x00400000;
627 val = ~val + 1;
628 }
629 if ((val & ~255U) != 0) {
4
Assuming the condition is true
5
Taking true branch
630 uint32_t rotAmt = getSOImmValRotate(val);
6
Calling 'getSOImmValRotate'
631 // Error if we cannot encode this with a single shift
632 if (rotr32(~255U, rotAmt) & val)
633 error(getErrorLocation(loc) + "unencodeable immediate " +
634 Twine(val).str() + " for relocation " + toString(rel.type));
635 val = rotl32(val, rotAmt) | ((rotAmt >> 1) << 8);
636 }
637 write32le(loc, (read32le(loc) & 0xff0ff000) | opcode | val);
638 break;
639 }
640 case R_ARM_LDR_PC_G0: {
641 // R_ARM_LDR_PC_G0 is S + A - P, we have ((S + A) | T) - P, if S is a
642 // function then addr is 0 (modulo 2) and Pa is 0 (modulo 4) so we can clear
643 // bottom bit to recover S + A - P.
644 if (rel.sym->isFunc())
645 val &= ~0x1;
646 // LDR (literal) u = bit23
647 int64_t imm = val;
648 uint32_t u = 0x00800000;
649 if (imm < 0) {
650 imm = -imm;
651 u = 0;
652 }
653 checkUInt(loc, imm, 12, rel);
654 write32le(loc, (read32le(loc) & 0xff7ff000) | u | imm);
655 break;
656 }
657 case R_ARM_THM_ALU_PREL_11_0: {
658 // ADR encoding T2 (sub), T3 (add) i:imm3:imm8
659 int64_t imm = val;
660 uint16_t sub = 0;
661 if (imm < 0) {
662 imm = -imm;
663 sub = 0x00a0;
664 }
665 checkUInt(loc, imm, 12, rel);
666 write16le(loc, (read16le(loc) & 0xfb0f) | sub | (imm & 0x800) >> 1);
667 write16le(loc + 2,
668 (read16le(loc + 2) & 0x8f00) | (imm & 0x700) << 4 | (imm & 0xff));
669 break;
670 }
671 case R_ARM_THM_PC8:
672 // ADR and LDR literal encoding T1 positive offset only imm8:00
673 // R_ARM_THM_PC8 is S + A - Pa, we have ((S + A) | T) - Pa, if S is a
674 // function then addr is 0 (modulo 2) and Pa is 0 (modulo 4) so we can clear
675 // bottom bit to recover S + A - Pa.
676 if (rel.sym->isFunc())
677 val &= ~0x1;
678 checkUInt(loc, val, 10, rel);
679 checkAlignment(loc, val, 4, rel);
680 write16le(loc, (read16le(loc) & 0xff00) | (val & 0x3fc) >> 2);
681 break;
682 case R_ARM_THM_PC12: {
683 // LDR (literal) encoding T2, add = (U == '1') imm12
684 // imm12 is unsigned
685 // R_ARM_THM_PC12 is S + A - Pa, we have ((S + A) | T) - Pa, if S is a
686 // function then addr is 0 (modulo 2) and Pa is 0 (modulo 4) so we can clear
687 // bottom bit to recover S + A - Pa.
688 if (rel.sym->isFunc())
689 val &= ~0x1;
690 int64_t imm12 = val;
691 uint16_t u = 0x0080;
692 if (imm12 < 0) {
693 imm12 = -imm12;
694 u = 0;
695 }
696 checkUInt(loc, imm12, 12, rel);
697 write16le(loc, read16le(loc) | u);
698 write16le(loc + 2, (read16le(loc + 2) & 0xf000) | imm12);
699 break;
700 }
701 default:
702 error(getErrorLocation(loc) + "unrecognized relocation " +
703 toString(rel.type));
704 }
705}
706
707int64_t ARM::getImplicitAddend(const uint8_t *buf, RelType type) const {
708 switch (type) {
709 default:
710 internalLinkerError(getErrorLocation(buf),
711 "cannot read addend for relocation " + toString(type));
712 return 0;
713 case R_ARM_ABS32:
714 case R_ARM_BASE_PREL:
715 case R_ARM_GLOB_DAT:
716 case R_ARM_GOTOFF32:
717 case R_ARM_GOT_BREL:
718 case R_ARM_GOT_PREL:
719 case R_ARM_IRELATIVE:
720 case R_ARM_REL32:
721 case R_ARM_RELATIVE:
722 case R_ARM_SBREL32:
723 case R_ARM_TARGET1:
724 case R_ARM_TARGET2:
725 case R_ARM_TLS_DTPMOD32:
726 case R_ARM_TLS_DTPOFF32:
727 case R_ARM_TLS_GD32:
728 case R_ARM_TLS_IE32:
729 case R_ARM_TLS_LDM32:
730 case R_ARM_TLS_LE32:
731 case R_ARM_TLS_LDO32:
732 case R_ARM_TLS_TPOFF32:
733 return SignExtend64<32>(read32le(buf));
734 case R_ARM_PREL31:
735 return SignExtend64<31>(read32le(buf));
736 case R_ARM_CALL:
737 case R_ARM_JUMP24:
738 case R_ARM_PC24:
739 case R_ARM_PLT32:
740 return SignExtend64<26>(read32le(buf) << 2);
741 case R_ARM_THM_JUMP11:
742 return SignExtend64<12>(read16le(buf) << 1);
743 case R_ARM_THM_JUMP19: {
744 // Encoding T3: A = S:J2:J1:imm10:imm6:0
745 uint16_t hi = read16le(buf);
746 uint16_t lo = read16le(buf + 2);
747 return SignExtend64<20>(((hi & 0x0400) << 10) | // S
748 ((lo & 0x0800) << 8) | // J2
749 ((lo & 0x2000) << 5) | // J1
750 ((hi & 0x003f) << 12) | // imm6
751 ((lo & 0x07ff) << 1)); // imm11:0
752 }
753 case R_ARM_THM_CALL:
754 if (!config->armJ1J2BranchEncoding) {
755 // Older Arm architectures do not support R_ARM_THM_JUMP24 and have
756 // different encoding rules and range due to J1 and J2 always being 1.
757 uint16_t hi = read16le(buf);
758 uint16_t lo = read16le(buf + 2);
759 return SignExtend64<22>(((hi & 0x7ff) << 12) | // imm11
760 ((lo & 0x7ff) << 1)); // imm11:0
761 break;
762 }
763 LLVM_FALLTHROUGH[[gnu::fallthrough]];
764 case R_ARM_THM_JUMP24: {
765 // Encoding B T4, BL T1, BLX T2: A = S:I1:I2:imm10:imm11:0
766 // I1 = NOT(J1 EOR S), I2 = NOT(J2 EOR S)
767 uint16_t hi = read16le(buf);
768 uint16_t lo = read16le(buf + 2);
769 return SignExtend64<24>(((hi & 0x0400) << 14) | // S
770 (~((lo ^ (hi << 3)) << 10) & 0x00800000) | // I1
771 (~((lo ^ (hi << 1)) << 11) & 0x00400000) | // I2
772 ((hi & 0x003ff) << 12) | // imm0
773 ((lo & 0x007ff) << 1)); // imm11:0
774 }
775 // ELF for the ARM Architecture 4.6.1.1 the implicit addend for MOVW and
776 // MOVT is in the range -32768 <= A < 32768
777 case R_ARM_MOVW_ABS_NC:
778 case R_ARM_MOVT_ABS:
779 case R_ARM_MOVW_PREL_NC:
780 case R_ARM_MOVT_PREL:
781 case R_ARM_MOVW_BREL_NC:
782 case R_ARM_MOVT_BREL: {
783 uint64_t val = read32le(buf) & 0x000f0fff;
784 return SignExtend64<16>(((val & 0x000f0000) >> 4) | (val & 0x00fff));
785 }
786 case R_ARM_THM_MOVW_ABS_NC:
787 case R_ARM_THM_MOVT_ABS:
788 case R_ARM_THM_MOVW_PREL_NC:
789 case R_ARM_THM_MOVT_PREL:
790 case R_ARM_THM_MOVW_BREL_NC:
791 case R_ARM_THM_MOVT_BREL: {
792 // Encoding T3: A = imm4:i:imm3:imm8
793 uint16_t hi = read16le(buf);
794 uint16_t lo = read16le(buf + 2);
795 return SignExtend64<16>(((hi & 0x000f) << 12) | // imm4
796 ((hi & 0x0400) << 1) | // i
797 ((lo & 0x7000) >> 4) | // imm3
798 (lo & 0x00ff)); // imm8
799 }
800 case R_ARM_ALU_PC_G0: {
801 // 12-bit immediate is a modified immediate made up of a 4-bit even
802 // right rotation and 8-bit constant. After the rotation the value
803 // is zero-extended. When bit 23 is set the instruction is an add, when
804 // bit 22 is set it is a sub.
805 uint32_t instr = read32le(buf);
806 uint32_t val = rotr32(instr & 0xff, ((instr & 0xf00) >> 8) * 2);
807 return (instr & 0x00400000) ? -val : val;
808 }
809 case R_ARM_LDR_PC_G0: {
810 // ADR (literal) add = bit23, sub = bit22
811 // LDR (literal) u = bit23 unsigned imm12
812 bool u = read32le(buf) & 0x00800000;
813 uint32_t imm12 = read32le(buf) & 0xfff;
814 return u ? imm12 : -imm12;
815 }
816 case R_ARM_THM_ALU_PREL_11_0: {
817 // Thumb2 ADR, which is an alias for a sub or add instruction with an
818 // unsigned immediate.
819 // ADR encoding T2 (sub), T3 (add) i:imm3:imm8
820 uint16_t hi = read16le(buf);
821 uint16_t lo = read16le(buf + 2);
822 uint64_t imm = (hi & 0x0400) << 1 | // i
823 (lo & 0x7000) >> 4 | // imm3
824 (lo & 0x00ff); // imm8
825 // For sub, addend is negative, add is positive.
826 return (hi & 0x00f0) ? -imm : imm;
827 }
828 case R_ARM_THM_PC8:
829 // ADR and LDR (literal) encoding T1
830 // From ELF for the ARM Architecture the initial signed addend is formed
831 // from an unsigned field using expression (((imm8:00 + 4) & 0x3ff) – 4)
832 // this trick permits the PC bias of -4 to be encoded using imm8 = 0xff
833 return ((((read16le(buf) & 0xff) << 2) + 4) & 0x3ff) - 4;
834 case R_ARM_THM_PC12: {
835 // LDR (literal) encoding T2, add = (U == '1') imm12
836 bool u = read16le(buf) & 0x0080;
837 uint64_t imm12 = read16le(buf + 2) & 0x0fff;
838 return u ? imm12 : -imm12;
839 }
840 case R_ARM_NONE:
841 case R_ARM_JUMP_SLOT:
842 // These relocations are defined as not having an implicit addend.
843 return 0;
844 }
845}
846
847TargetInfo *elf::getARMTargetInfo() {
848 static ARM target;
849 return &target;
850}