Hi,
I tried running a simple hello world on ARM and went through the "exec"
debug trace. I also used the disassembly of the executable to compare the
sequence and register values. While doing so,i came across two doubts:
1. On the instruction "adds" being used instead of "cmn" but "xzr" not
mentioned in the trace
2. Does svc instruction update x0 register? If so, how is the value stored
in x0 determined? Can i know it from the disassembly of the executable or
will i need to know about the code executed in the kernel as a result of
svc syscall?
Details described below:
5896098: system.cpu_cluster.cpus: T0 : 0x421324 @_dl_discover_osversion+4
: add x0, sp, #120 : IntAlu : D=0x0000007ffffefb58
...
....
6007986: system.cpu_cluster.cpus: T0 : 0x439b40 @__uname : movz x8,
#160, #0 : IntAlu : D=0x00000000000000a0
6007986: system.cpu_cluster.cpus: T0 : 0x439b44 @__uname+4 : svc #0x0
: IntAlu :
6064596: system.cpu_cluster.cpus: T0 : 0x439b48 @__uname+8 : adds
x0, #4095 : IntAlu : D=0x0000000000000000
6064929: system.cpu_cluster.cpus: T0 : 0x439b4c @__uname+12 : b.cs
<__uname+20> : IntAlu :
6064929: system.cpu_cluster.cpus: T0 : 0x439b50 @__uname+16 : ret
: IntAlu :
6065928: system.cpu_cluster.cpus: T0 : 0x421334 @_dl_discover_osversion+20
: add x3, sp, #250 : IntAlu : D=0x0000007ffffefbda
6065928: system.cpu_cluster.cpus: T0 : 0x421338 @_dl_discover_osversion+24
: cbnz w0, <_dl_discover_osversion+184> : IntAlu :
6066261: system.cpu_cluster.cpus: T0 : 0x42133c @_dl_discover_osversion+28
: movz w6, #0, #0 : IntAlu : D=0x0000000000000000
6066594: system.cpu_cluster.cpus: T0 : 0x421340 @_dl_discover_osversion+32
: movz w0, #0, #0 : IntAlu : D=0x0000000000000000
On doing the disassembly on the executable, we could see the following :
0000000000439b40 <__uname>:
439b40: d2801408 mov x8, #0xa0 // #160
439b44: d4000001 svc #0x0
439b48: b13ffc1f cmn x0, #0xfff
439b4c: 54000042 b.cs 439b54 <__uname+0x14> // b.hs, b.nlast
439b50: d65f03c0 ret
Doubt : in GEM5, " cmn x0, #0xfff " is treated as adds instead of cmn. But
from the ARM isa document, cmn is identical to "adds xzr, Xn, #imm". So is
the GEM5 internally following this format with xzr? or does GEM5 update x0
here as the trace doesnt show xzr?
Disassembly on the executable:
0000000000421320 <_dl_discover_osversion>:
421320: d10803ff sub sp, sp, #0x200
421324: 9101e3e0 add x0, sp, #0x78
421328: a9007bfd stp x29, x30, [sp]
42132c: 910003fd mov x29, sp
421330: 94006204 bl 439b40 <__uname>
421334: 9103ebe3 add x3, sp, #0xfa
421338: 35000500 cbnz w0, 4213d8 <_dl_discover_osversion+0xb8>
42133c: 52800006 mov w6, #0x0 // #0
421340: 52800000 mov w0, #0x0 // #0
since the cbnz didnt take a branch, it means lower 32 bits of x0 (or w0
register) is having a value 0.
So i tried looking through the ARM document on svc implementation:
https://developer.arm.com/documentation/ddi0487/latest In page number 1957,
description and operation for svc is described. There was no mention on x0
being updated with the syscall return value. But i could see in few other
websites:
https://cit.dixie.edu/cs/2810/arm64-assembly.html
https://azeria-labs.com/writing-arm-shellcode/
that [x0] or [register 0] is updated with the return value.
So could you please provide more insight on how the stored value on x0 is
calculated? Any suggestions would be helpful.
Thanks in advance.
Regards,
Tom
<https://drive.google.com/u/0/settings/storage?hl=en&utm_medium=web&utm_source=gmail&utm_campaign=storage_meter&utm_content=storage_high>
_______________________________________________
gem5-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
