def do_st_abs(reg, addr, size):
   if self.is_io(addr):
     st.op = IMPURE
     if size == 4:
       op = IOOUT32
     elif size == 2:
       op = IOOUT16
     else:
       op = IOOUT
     st.expr = Expr(op, [SSADef.cur(ctx, reg), addr])
     st.expr.dont_propagate = True
     st.expr.dont_eliminate = True
     st.dest = []
   else:
     st.op = ASGN
     st.expr = Expr(VAR, [SSADef.cur(ctx, reg)])
     if size == 4:
       pref = 'Mw'
     elif size == 2:
       pref = 'Mh'
     elif size == 1:
       pref = 'M'
     else:
       raise InternalError('unhandled size ' + str(size))
     st.dest = [SSADef(ctx, pref, addr)]
 def emit_flags_subimm(st, reg, imm):
   st.dest = [SSADef(ctx, 'C')]
   st.op = ASGN
   st.expr = Expr(COMPARE_GE, [SSADef.cur(ctx, reg), imm])
   st1 = SSAStatement(SSADef(ctx, 'N'), ASGN, Expr(COMPARE_LT, [SSADef.cur(ctx, reg), imm]))
   st.chain(ctx, st1)
   st2 = SSAStatement(SSADef(ctx, 'Z'), ASGN, Expr(COMPARE_EQ, [SSADef.cur(ctx, reg), imm]))
   st1.chain(ctx, st2)
   return st2
 def do_st_xy(src, addr, reg):
   st.dest = []
   st.op = IMPURE
   if self.is_io(addr):
     st.expr = Expr(IOOUT, [Expr(ADD, [addr, SSADef.cur(ctx, reg)]), SSADef.cur(ctx, src)])
     st.expr.dont_propagate = True
     st.expr.dont_eliminate = True
   else:
     st.expr = Expr(STORE, [SSADef.cur(ctx, src), addr, SSADef.cur(ctx, reg)])
 def chain_flags_bit(st, mem):
   st1 = SSAStatement(SSADef(ctx, 'N'), ASGN)
   st.chain(ctx, st1)
   st = st1
   st.expr = Expr(BITFLAGS_N, [SSADef.cur(ctx, 'M', mem)])
   st2 = SSAStatement(SSADef(ctx, 'V'), ASGN)
   st.chain(ctx, st2)
   st = st2
   st.expr = Expr(BITFLAGS_V, [SSADef.cur(ctx, 'M', mem)])
   return st
 def do_ld_xy(dst, addr, reg):
   nonlocal st
   st.dest = [SSADef(ctx, dst)]
   st.op = ASGN
   if self.is_io(addr):
     st.expr = Expr(IOIN, [Expr(ADD, [addr, SSADef.cur(ctx, reg)])])
     st.expr.dont_propagate = True
     st.expr.dont_eliminate = True
   else:
     st.expr = Expr(LOAD, [addr, SSADef.cur(ctx, reg)])
   st = chain_flags_ld(st, dst)
 def do_st_abs(reg):
   if self.is_io(abs()):
     st.op = IMPURE
     st.dest = []
     st.expr = Expr(IOOUT, [abs(), SSADef.cur(ctx, reg)])
     st.expr.dont_propagate = True
     st.expr.dont_eliminate = True
   else:
     st.dest = [SSADef(ctx, 'M', abs())]
     st.op = ASGN
     st.expr = Expr(VAR, [SSADef.cur(ctx, reg)])
 def do_ld_reg(dst, off, reg, size):
   nonlocal st
   st.op = ASGN
   # XXX: convert to IOIN after constant prop
   if size == 1:
     st.expr = Expr(LOAD, [off, SSADef.cur(ctx, reg)])
   elif size == 2:
     st.expr = Expr(LOAD16, [off, SSADef.cur(ctx, reg)])
   elif size == 4:
     st.expr = Expr(LOAD32, [off, SSADef.cur(ctx, reg)])
   else:
     raise InternalError('unhandled size ' + str(size))
   st.dest = [SSADef(ctx, dst)]
Beispiel #8
0
 def do_st_reg(src, off, reg, size):
   st.dest = []
   st.op = IMPURE
   # XXX: convert to IOOUT after constant prop
   if size == 4:
     op = STORE32
   elif size == 2:
     op = STORE16
   elif size == 1:
     op = STORE
   else:
     raise InternalError('unhandled size ' + str(size))
   st.expr = Expr(op, [SSADef.cur(ctx, src), off, SSADef.cur(ctx, reg)])
Beispiel #9
0
 def creg(num):
   nonlocal sp
   if num == 13:
     return Expr(AUTO, [sp, -1])
   elif num == 15:
     return insn.addr + 8
   else:
     return SSADef.cur(ctx, 'R'+str(num))
Beispiel #10
0
 def do_branch(flag, positive):
   nonlocal next, st
   if insn.fake_branch >= 0:
     next = [insn.next[insn.fake_branch]]
     st.op = ASGN
     st.expr = Expr(NOP, [0])
   else:
     st.op = BRANCH_COND
     st.expr = Expr(VAR if positive else NOT, [SSADef.cur(ctx, flag)])
   st.dest = []
Beispiel #11
0
 def chain_flags_ld(st, reg):
   op = SSADef.cur(ctx, 'A')
   st1 = SSAStatement(SSADef(ctx, 'N'), ASGN)
   st.chain(ctx, st1)
   st = st1
   st.expr = Expr(COMPARE_GE, [Expr(VAR, [op]), 0x80])
   st2 = SSAStatement(SSADef(ctx, 'Z'), ASGN)
   st.chain(ctx, st2)
   st = st2
   st.expr = Expr(NOT, [op])
   return st
Beispiel #12
0
 def do_ld_abs(reg):
   nonlocal st
   st.dest = [SSADef(ctx, reg)]
   st.op = ASGN
   if self.is_io(abs()):
     st.expr = Expr(IOIN, [abs()])
     st.expr.dont_propagate = True
     st.expr.dont_eliminate = True
   else:
     st.expr = Expr(VAR, [SSADef.cur(ctx, 'M', abs())])
   st = chain_flags_ld(st, reg)
Beispiel #13
0
 def do_ld_abs(reg, addr, size):
   nonlocal st
   st.op = ASGN
   if self.is_io(addr):
     if size == 1:
       op = IOIN
     elif size == 2:
       op = IOIN16
     else:
       op = IOIN32
     st.expr = Expr(op, [addr])
     st.expr.dont_propagate = True
     st.expr.dont_eliminate = True
   else:
     if size == 4:
       st.expr = Expr(VAR, [SSADef.cur(ctx, 'Mw', addr)])
     elif size == 2:
       st.expr = Expr(VAR, [SSADef.cur(ctx, 'Mh', addr)])
     elif size == 1:
       st.expr = Expr(VAR, [SSADef.cur(ctx, 'M', addr)])
     else:
       raise InternalError('unhandled size ' + str(size))
   st.dest = [SSADef(ctx, reg)]
Beispiel #14
0
def translate(self, ctx, insn, sp, end_bp, bp):
  debug(SSA, 2, 'translating', insn, hex(insn.bytes[0]))

  def chain_flags_ldimm(st, imm):
    st1 = SSAStatement(SSADef(ctx, 'N'), ASGN)
    st.chain(ctx, st1)
    st = st1
    if imm > 0x80:
      st.expr = Expr(CONST, [1])
    else:
      st.expr = Expr(CONST, [0])
    st2 = SSAStatement(SSADef(ctx, 'Z'), ASGN)
    st.chain(ctx, st2)
    st = st2
    if imm:
      st.expr = Expr(CONST, [0])
    else:
      st.expr = Expr(CONST, [1])
    return st

  def chain_flags_ld(st, reg):
    op = SSADef.cur(ctx, 'A')
    st1 = SSAStatement(SSADef(ctx, 'N'), ASGN)
    st.chain(ctx, st1)
    st = st1
    st.expr = Expr(COMPARE_GE, [Expr(VAR, [op]), 0x80])
    st2 = SSAStatement(SSADef(ctx, 'Z'), ASGN)
    st.chain(ctx, st2)
    st = st2
    st.expr = Expr(NOT, [op])
    return st

  def chain_flags_incdec(st, reg):
    st1 = SSAStatement(SSADef(ctx, 'Z'), ASGN)
    st.chain(ctx, st1)
    st = st1
    st.expr = Expr(NOT, [reg])
    st2 = SSAStatement(SSADef(ctx, 'N'), ASGN)
    st.chain(ctx, st2)
    st = st2
    st.expr = Expr(COMPARE_GE, [reg, 0x80])
    return st

  def chain_flags_bit(st, mem):
    st1 = SSAStatement(SSADef(ctx, 'N'), ASGN)
    st.chain(ctx, st1)
    st = st1
    st.expr = Expr(BITFLAGS_N, [SSADef.cur(ctx, 'M', mem)])
    st2 = SSAStatement(SSADef(ctx, 'V'), ASGN)
    st.chain(ctx, st2)
    st = st2
    st.expr = Expr(BITFLAGS_V, [SSADef.cur(ctx, 'M', mem)])
    return st

  def chain_flags_or(st, reg, op):
    st1 = SSAStatement(SSADef(ctx, 'N'), ASGN)
    st.chain(ctx, st1)
    st = st1
    st.expr = Expr(ORFLAGS_N, [reg, op])
    st2 = SSAStatement(SSADef(ctx, 'Z'), ASGN)
    st.chain(ctx, st2)
    st = st2
    st.expr = Expr(ORFLAGS_Z, [reg, op])
    return st

  def chain_flags_shl(st, reg, res):
    st1 = SSAStatement(SSADef(ctx, 'N'), ASGN)
    st.chain(ctx, st1)
    st1.expr = Expr(SHFLAGS_N, [res])
    st2 = SSAStatement(SSADef(ctx, 'Z'), ASGN)
    st1.chain(ctx, st2)
    st2.expr = Expr(NOT, [res])
    st3 = SSAStatement(SSADef(ctx, 'C'), ASGN)
    st2.chain(ctx, st3)
    st3.expr = Expr(SHLFLAGS_C, [reg])
    return st3

  def chain_flags_shr(st, reg, res):
    st1 = SSAStatement(SSADef(ctx, 'N'), ASGN)
    st.chain(ctx, st1)
    st1.expr = Expr(SHFLAGS_N, [res])
    st2 = SSAStatement(SSADef(ctx, 'Z'), ASGN)
    st1.chain(ctx, st2)
    st2.expr = Expr(NOT, [res])
    st3 = SSAStatement(SSADef(ctx, 'C'), ASGN)
    st2.chain(ctx, st3)
    st3.expr = Expr(AND, [reg, 1])
    return st3

  def chain_flags_and(st, reg, op):
    st1 = SSAStatement(SSADef(ctx, 'N'), ASGN, Expr(ANDFLAGS_N, [reg, op]))
    st.chain(ctx, st1)
    st2 = SSAStatement(SSADef(ctx, 'Z'), ASGN, Expr(ANDFLAGS_Z, [reg, op]))
    st1.chain(ctx, st2)
    return st2

  def chain_flags_eor(st, reg, op):
    st1 = SSAStatement(SSADef(ctx, 'N'), ASGN, Expr(EORFLAGS_N, [reg, op]))
    st.chain(ctx, st1)
    st2 = SSAStatement(SSADef(ctx, 'Z'), ASGN, Expr(EORFLAGS_Z, [reg, op]))
    st1.chain(ctx, st2)
    return st2

  def chain_flags_adc(st, reg1, reg2, reg3):
    st1 = SSAStatement(SSADef(ctx, 'N'), ASGN, Expr(ADCFLAGS_N, [reg1, reg2, reg3]))
    st.chain(ctx, st1)
    st2 = SSAStatement(SSADef(ctx, 'Z'), ASGN, Expr(ADCFLAGS_Z, [reg1, reg2, reg3]))
    st1.chain(ctx, st2)
    st3 = SSAStatement(SSADef(ctx, 'C'), ASGN, Expr(ADCFLAGS_C, [reg1, reg2, reg3]))
    st2.chain(ctx, st3)
    st4 = SSAStatement(SSADef(ctx, 'V'), ASGN, Expr(ADCFLAGS_V, [reg1, reg2, reg3]))
    st3.chain(ctx, st4)
    return st4

  def chain_flags_sbb(st, reg1, reg2, reg3):
    st1 = SSAStatement(SSADef(ctx, 'N'), ASGN, Expr(SBBFLAGS_N, [reg1, reg2, reg3]))
    st.chain(ctx, st1)
    st2 = SSAStatement(SSADef(ctx, 'Z'), ASGN, Expr(SBBFLAGS_Z, [reg1, reg2, reg3]))
    st1.chain(ctx, st2)
    st3 = SSAStatement(SSADef(ctx, 'C'), ASGN, Expr(SBBFLAGS_C, [reg1, reg2, reg3]))
    st2.chain(ctx, st3)
    st4 = SSAStatement(SSADef(ctx, 'V'), ASGN, Expr(SBBFLAGS_V, [reg1, reg2, reg3]))
    st3.chain(ctx, st4)
    return st4

  def chain_flags_rol(st, reg1, res):
    st1 = SSAStatement(SSADef(ctx, 'N'), ASGN, Expr(SHFLAGS_N, [res]))
    st.chain(ctx, st1)
    st2 = SSAStatement(SSADef(ctx, 'Z'), ASGN, Expr(NOT, [res]))
    st1.chain(ctx, st2)
    st3 = SSAStatement(SSADef(ctx, 'C'), ASGN, Expr(SHR, [reg1, 7]))
    st2.chain(ctx, st3)
    return st3

  def chain_flags_ror(st, reg1, res):
    st1 = SSAStatement(SSADef(ctx, 'N'), ASGN, Expr(SHFLAGS_N, [res]))
    st.chain(ctx, st1)
    st2 = SSAStatement(SSADef(ctx, 'Z'), ASGN, Expr(NOT, [res]))
    st1.chain(ctx, st2)
    st3 = SSAStatement(SSADef(ctx, 'C'), ASGN, Expr(AND, [reg1, 1]))
    st2.chain(ctx, st3)
    return st3

  def emit_flags_subimm(st, reg, imm):
    st.dest = [SSADef(ctx, 'C')]
    st.op = ASGN
    st.expr = Expr(COMPARE_GE, [SSADef.cur(ctx, reg), imm])
    st1 = SSAStatement(SSADef(ctx, 'N'), ASGN, Expr(COMPARE_LT, [SSADef.cur(ctx, reg), imm]))
    st.chain(ctx, st1)
    st2 = SSAStatement(SSADef(ctx, 'Z'), ASGN, Expr(COMPARE_EQ, [SSADef.cur(ctx, reg), imm]))
    st1.chain(ctx, st2)
    return st2

  # normally, add() will follow the flow of the machine code instructions;
  # if we know better (such as with branches with constant conditions), we
  # can put a list of successor instructions here
  next = None

  st = SSAStatement()

  debug(SSA, 2, 'translating', insn, hex(insn.bytes[0]), 'to', st.num)

  opc = insn.bytes[0]

  if insn == None:
    return None
  
  st_start = st
  self.ssa_for_insn[insn] = st
  st.insn = insn

  if len(insn.comefrom) > 1:
    debug(SSA, 3, 'phiing')
    for g in ctx.local_indices.values():
      st.dest = [SSADef(ctx, g.type, g.addr)]
      st.op = ASGN
      st.expr = Expr(PHI, [g])
      for h in insn.comefrom:
        if h in self.last_ssa_for_insn:
          #print('reaching from', self.last_ssa_for_insn[h], [str(x) + '(' + repr(x) + ')' for x in self.last_ssa_for_insn[h].reaching])
          for i in self.last_ssa_for_insn[h].reaching:
            if i.type == g.type and i.addr == g.addr and not i in st.expr.ops:
              st.expr.ops += [i]
      st1 = SSAStatement()
      st.chain(ctx, st1)
      st = st1
  
  def abs():
    return insn.bytes[1] + (insn.bytes[2] << 8)
  def zp():
    return insn.bytes[1]
  def imm():
    return insn.bytes[1]

  def do_st_abs(reg):
    if self.is_io(abs()):
      st.op = IMPURE
      st.dest = []
      st.expr = Expr(IOOUT, [abs(), SSADef.cur(ctx, reg)])
      st.expr.dont_propagate = True
      st.expr.dont_eliminate = True
    else:
      st.dest = [SSADef(ctx, 'M', abs())]
      st.op = ASGN
      st.expr = Expr(VAR, [SSADef.cur(ctx, reg)])

  def do_ld_abs(reg):
    nonlocal st
    st.dest = [SSADef(ctx, reg)]
    st.op = ASGN
    if self.is_io(abs()):
      st.expr = Expr(IOIN, [abs()])
      st.expr.dont_propagate = True
      st.expr.dont_eliminate = True
    else:
      st.expr = Expr(VAR, [SSADef.cur(ctx, 'M', abs())])
    st = chain_flags_ld(st, reg)

  def do_st_xy(src, addr, reg):
    st.dest = []
    st.op = IMPURE
    if self.is_io(addr):
      st.expr = Expr(IOOUT, [Expr(ADD, [addr, SSADef.cur(ctx, reg)]), SSADef.cur(ctx, src)])
      st.expr.dont_propagate = True
      st.expr.dont_eliminate = True
    else:
      st.expr = Expr(STORE, [SSADef.cur(ctx, src), addr, SSADef.cur(ctx, reg)])

  def do_ld_xy(dst, addr, reg):
    nonlocal st
    st.dest = [SSADef(ctx, dst)]
    st.op = ASGN
    if self.is_io(addr):
      st.expr = Expr(IOIN, [Expr(ADD, [addr, SSADef.cur(ctx, reg)])])
      st.expr.dont_propagate = True
      st.expr.dont_eliminate = True
    else:
      st.expr = Expr(LOAD, [addr, SSADef.cur(ctx, reg)])
    st = chain_flags_ld(st, dst)

  def do_branch(flag, positive):
    nonlocal next, st
    if insn.fake_branch >= 0:
      next = [insn.next[insn.fake_branch]]
      st.op = ASGN
      st.expr = Expr(NOP, [0])
    else:
      st.op = BRANCH_COND
      st.expr = Expr(VAR if positive else NOT, [SSADef.cur(ctx, flag)])
    st.dest = []
  
  if opc == 0x00:	# BRK
    st.dest = []
    st.op = IMPURE
    st.expr = Expr(INTRINSIC, ['brk', imm()])
  elif opc == 0x01:	# ORA (zp,X)
    addr = Expr(LOAD, [zp(), SSADef.cur(ctx, 'X')])
    current_mem = Expr(LOAD, [addr, 0])
    current_a = SSADef.cur(ctx, 'A')
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(OR, [current_a, current_mem])
    st = chain_flags_or(st, current_a, current_mem)
  elif opc == 0x05:	# ORA zp
    current_a = SSADef.cur(ctx, 'A')
    st.op = ASGN
    st.expr = Expr(OR, [current_a, SSADef.cur(ctx, 'M', zp())])
    st.dest = [SSADef(ctx, 'A')]
    st = chain_flags_or(st, current_a, SSADef.cur(ctx, 'M', zp()))
  elif opc == 0x06:	# ASL zp
    current_mem = SSADef.cur(ctx, 'M', zp())
    st.op = ASGN
    st.expr = Expr(SHL, [current_mem, 1])
    st.dest = [SSADef(ctx, 'M', zp())]
    st = chain_flags_shl(st, current_mem, st.expr)
  elif opc == 0x08:	# PHP
    st.dest = [SSADef(ctx, 's', sp)]
    sp -= 1
    st.op = ASGN
    st.expr = Expr(FLAGS, [SSADef.cur(ctx, 'C'),SSADef.cur(ctx, 'Z'),SSADef.cur(ctx, 'N'),SSADef.cur(ctx, 'V')])
  elif opc == 0x09:	# ORA imm
    current_a = SSADef.cur(ctx, 'A')
    st.op = ASGN
    st.expr = Expr(OR, [current_a, imm()])
    st.dest = [SSADef(ctx, 'A')]
    st = chain_flags_or(st, current_a, imm())
  elif opc == 0x0a:	# ASL A
    current_a = SSADef.cur(ctx, 'A')
    st.op = ASGN
    st.expr = Expr(SHL, [current_a, 1])
    st.dest = [SSADef(ctx, 'A')]
    st = chain_flags_shl(st, current_a, st.expr)
  elif opc == 0x0d:	# ORA abs
    current_a = SSADef.cur(ctx, 'A')
    st.op = ASGN
    st.expr = Expr(OR, [current_a, SSADef.cur(ctx, 'M', abs())])
    st.dest = [SSADef(ctx, 'A')]
    st = chain_flags_or(st, current_a, SSADef.cur(ctx, 'M', abs()))
  elif opc == 0x0e:	# ASL abs
    current_mem = SSADef.cur(ctx, 'M', abs())
    st.op = ASGN
    st.expr = Expr(SHL, [current_mem, 1])
    st.dest = [SSADef(ctx, 'M', abs())]
    st = chain_flags_shl(st, current_mem, st.expr)
  elif opc == 0x10:	# BPL dd
    do_branch('N', False)
  elif opc == 0x11:	# ORA (zp),Y
    current_a = SSADef.cur(ctx, 'A')
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    operand = Expr(LOAD, [SSADef.cur(ctx, 'M', zp()), SSADef.cur(ctx, 'Y')])
    st.expr = Expr(OR, [current_a, operand])
    st = chain_flags_or(st, current_a, operand)
  elif opc == 0x15:	# ORA zp,X
    current_a = SSADef.cur(ctx, 'A')
    current_mem = Expr(LOAD, [zp(), SSADef.cur(ctx, 'X')])
    st.expr = Expr(OR, [current_a, current_mem])
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st = chain_flags_or(st, current_a, current_mem)
  elif opc == 0x16:	# ASL zp,X
    current_mem = Expr(LOAD, [zp(), SSADef.cur(ctx, 'X')])
    shlex = Expr(SHL, [current_mem, 1])
    st.dest = []
    st.op = IMPURE
    st.expr = Expr(STORE, [shlex, zp(), SSADef.cur(ctx, 'X')])
    st = chain_flags_shl(st, current_mem, shlex)
  elif opc == 0x18:	# CLC
    st.dest = [SSADef(ctx, 'C')]
    st.expr = Expr(CONST, [0])
    st.op = ASGN
  elif opc == 0x19:	# ORA abs,Y
    current_a = SSADef.cur(ctx, 'A')
    current_mem = Expr(LOAD, [abs(), SSADef.cur(ctx, 'Y')])
    st.expr = Expr(OR, [current_a, current_mem])
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st = chain_flags_or(st, current_a, current_mem)
  elif opc == 0x1d:	# ORA abs,X
    current_a = SSADef.cur(ctx, 'A')
    current_mem = Expr(LOAD, [abs(), SSADef.cur(ctx, 'X')])
    st.expr = Expr(OR, [current_a, current_mem])
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st = chain_flags_or(st, current_a, current_mem)
  elif opc == 0x1e:	# ASL abs,X
    current_mem = Expr(LOAD, [abs(), SSADef.cur(ctx, 'X')])
    shlex = Expr(SHL, [current_mem, 1])
    st.dest = []
    st.op = IMPURE
    st.expr = Expr(STORE, [shlex, abs(), SSADef.cur(ctx, 'X')])
    st = chain_flags_shl(st, current_mem, shlex)
  elif opc == 0x20:	# JSR abs
    st.expr = Expr(ARGS, [abs()] + self.fun_args(ctx, insn.next[1], st, sp))
    st.dest = self.fun_returns(ctx, insn.next[1], st)
    st.op = CALL
  elif opc == 0x21:	# AND (zp,X)
    addr = Expr(LOAD, [zp(), SSADef.cur(ctx, 'X')])
    current_mem = Expr(LOAD, [addr, 0])
    current_a = SSADef.cur(ctx, 'A')
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(AND, [current_a, current_mem])
    st = chain_flags_and(st, current_a, current_mem)
  elif opc == 0x24:	# BIT zp
    st.expr = Expr(COMPARE_EQ, [Expr(AND, [SSADef.cur(ctx, 'A'), SSADef.cur(ctx, 'M', zp())]), 0])
    st.dest = [SSADef(ctx, 'Z')]
    st.op = ASGN
    st = chain_flags_bit(st, zp())
  elif opc == 0x25:	# AND zp
    current_a = SSADef.cur(ctx, 'A')
    current_mem = SSADef.cur(ctx, 'M', zp())
    st.expr = Expr(AND, [current_a, current_mem])
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st = chain_flags_and(st, current_a, current_mem)
  elif opc == 0x26:	# ROL zp
    current_mem = SSADef.cur(ctx, 'M', zp())
    current_c = SSADef.cur(ctx, 'C')
    st.op = ASGN
    st.expr = Expr(OR, [Expr(SHL, [current_mem, 1]), current_c])
    st.expr.dont_propagate = True
    st.dest = [SSADef(ctx, 'M', zp())]
    st = chain_flags_rol(st, current_mem, st.expr)
  elif opc == 0x28:	# PLP
    sp += 1
    flags = SSADef.cur(ctx, 's', sp)
    for i in [('C', DEFLAGS_C), ('Z', DEFLAGS_Z), ('N', DEFLAGS_N), ('V', DEFLAGS_V)]:
      st.op = ASGN
      st.dest = [SSADef(ctx, i[0])]
      st.expr = Expr(i[1], [flags])
      if i[0] != 'V':
        st1 = SSAStatement()
        st.chain(ctx, st1)
        st = st1
  elif opc == 0x29:	# AND imm
    current_a = SSADef.cur(ctx, 'A')
    st.op = ASGN
    st.expr = Expr(AND, [current_a, imm()])
    st.dest = [SSADef(ctx, 'A')]
    st = chain_flags_and(st, current_a, imm())
  elif opc == 0x2a:	# ROL A
    current_a = SSADef.cur(ctx, 'A')
    current_c = SSADef.cur(ctx, 'C')
    st.op = ASGN
    st.expr = Expr(OR, [Expr(SHL, [current_a, 1]), current_c])
    st.expr.dont_propagate = True
    st.dest = [SSADef(ctx, 'A')]
    st = chain_flags_rol(st, current_a, st.expr)
  elif opc == 0x2c:	# BIT abs
    st.expr = Expr(COMPARE_EQ, [Expr(AND, [SSADef.cur(ctx, 'A'), SSADef.cur(ctx, 'M', abs())]), 0])
    st.dest = [SSADef(ctx, 'Z')]
    st.op = ASGN
    st = chain_flags_bit(st, abs())
  elif opc == 0x2d:	# AND abs
    current_a = SSADef.cur(ctx, 'A')
    current_mem = SSADef.cur(ctx, 'M', abs())
    st.expr = Expr(AND, [current_a, current_mem])
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st = chain_flags_and(st, current_a, current_mem)
  elif opc == 0x2e:	# ROL abs
    current_mem = SSADef.cur(ctx, 'M', abs())
    current_c = SSADef.cur(ctx, 'C')
    st.op = ASGN
    st.expr = Expr(OR, [Expr(SHL, [current_mem, 1]), current_c])
    st.expr.dont_propagate = True
    st.dest = [SSADef(ctx, 'M', abs())]
    st = chain_flags_rol(st, current_mem, st.expr)
  elif opc == 0x30:	# BMI dd
    do_branch('N', True)
  elif opc == 0x31:	# AND (zp),Y
    current_mem = Expr(LOAD, [SSADef.cur(ctx, 'M', zp()), SSADef.cur(ctx, 'Y')])
    current_a = SSADef.cur(ctx, 'A')
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(AND, [current_a, current_mem])
    st = chain_flags_and(st, current_a, current_mem)
  elif opc == 0x35:	# AND zp,X
    current_a = SSADef.cur(ctx, 'A')
    current_mem = Expr(LOAD, [zp(), SSADef.cur(ctx, 'X')])
    st.expr = Expr(AND, [current_a, current_mem])
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st = chain_flags_and(st, current_a, current_mem)
  elif opc == 0x36:	# ROL zp,X
    current_mem = Expr(LOAD, [zp(), SSADef.cur(ctx, 'X')])
    current_c = SSADef.cur(ctx, 'C')
    st.op = IMPURE
    rolex = Expr(OR, [Expr(SHL, [current_mem, 1]), current_c])
    rolex.dont_propagate = True
    st.dest = []
    st.expr = Expr(STORE, [rolex, zp(), SSADef.cur(ctx, 'X')])
    st = chain_flags_rol(st, current_mem, rolex)
  elif opc == 0x38:	# SEC
    st.dest = [SSADef(ctx, 'C')]
    st.op = ASGN
    st.expr = Expr(CONST, [1])
  elif opc == 0x39:	# AND abs,Y
    current_a = SSADef.cur(ctx, 'A')
    current_mem = Expr(LOAD, [abs(), SSADef.cur(ctx, 'Y')])
    st.expr = Expr(AND, [current_a, current_mem])
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st = chain_flags_and(st, current_a, current_mem)
  elif opc == 0x3d:	# AND abs,X
    current_a = SSADef.cur(ctx, 'A')
    current_mem = Expr(LOAD, [abs(), SSADef.cur(ctx, 'X')])
    st.expr = Expr(AND, [current_a, current_mem])
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st = chain_flags_and(st, current_a, current_mem)
  elif opc == 0x3e:	# ROL abs,X
    current_mem = Expr(LOAD, [abs(), SSADef.cur(ctx, 'X')])
    current_c = SSADef.cur(ctx, 'C')
    st.op = IMPURE
    rolex = Expr(OR, [Expr(SHL, [current_mem, 1]), current_c])
    rolex.dont_propagate = True
    st.dest = []
    st.expr = Expr(STORE, [rolex, abs(), SSADef.cur(ctx, 'X')])
    st = chain_flags_rol(st, current_mem, rolex)
  elif opc == 0x40:	# RTI
    st.dest = []
    st.op = RETURN
    st.expr = None
    st.add_comment('RTI')
  elif opc == 0x41:	# EOR (zp,X)
    addr = Expr(LOAD, [zp(), SSADef.cur(ctx, 'X')])
    current_mem = Expr(LOAD, [addr, 0])
    current_a = SSADef.cur(ctx, 'A')
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(EOR, [current_a, current_mem])
    st = chain_flags_eor(st, current_a, current_mem)
  elif opc == 0x45:	# EOR zp
    current_a = SSADef.cur(ctx, 'A')
    current_mem = SSADef.cur(ctx, 'M', zp())
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(EOR, [current_a, current_mem])
    st = chain_flags_eor(st, current_a, current_mem)
  elif opc == 0x46:	# LSR zp
    current_mem = SSADef.cur(ctx, 'M', zp())
    st.op = ASGN
    st.expr = Expr(SHR, [current_mem, 1])
    st.dest = [SSADef(ctx, 'M', zp())]
    st = chain_flags_shr(st, current_mem, st.expr)
  elif opc == 0x48:	# PHA
    st.dest = [SSADef(ctx, 's', sp)]
    sp -= 1
    st.op = ASGN
    st.expr = Expr(VAR, [SSADef.cur(ctx, 'A')])
  elif opc == 0x49:	# EOR imm
    current_a = SSADef.cur(ctx, 'A')
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(EOR, [current_a, imm()])
    st = chain_flags_eor(st, current_a, imm())
  elif opc == 0x4a:	# LSR A
    current_a = SSADef.cur(ctx, 'A')
    st.op = ASGN
    st.expr = Expr(SHR, [current_a, 1])
    st.dest = [SSADef(ctx, 'A')]
    st = chain_flags_shr(st, current_a, st.expr)
  elif opc == 0x4c:	# JMP
    if insn.next[0] == insn:
      st.op = ENDLESS_LOOP
      st.expr = None
      st.dest = []
    elif insn.next[0].sym != None:
      # tail call
      if insn.next[0] == ctx.graph.first_insn:
        debug(SSA, 2, 'tail recursion at', insn)
        # recursion causes us grief with args/rets, so we avoid it if
        # possible; here, we can just let the jmp run its course
        st.op = ASGN
        st.dest = []
        st.expr = Expr(NOP, [0])
      else:
        debug(SSA, 2, 'tail call at', insn)
        st.expr = Expr(ARGS, [abs()] + self.fun_args(ctx, insn.next[0], st, sp))
        st.dest = self.fun_returns(ctx, insn.next[0], st)
        st.op = CALL
        st1 = SSAStatement()
        st.chain(ctx, st1)
        st = st1
        st.dest = []
        st.op = RETURN
        st.expr = None
        next = []
    else:
      st.op = ASGN
      st.dest = []
      st.expr = Expr(NOP, [0])
  elif opc == 0x4d:	# EOR abs
    current_a = SSADef.cur(ctx, 'A')
    current_mem = SSADef.cur(ctx, 'M', abs())
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(EOR, [current_a, current_mem])
    st = chain_flags_eor(st, current_a, current_mem)
  elif opc == 0x4e:	# LSR abs
    current_mem = SSADef.cur(ctx, 'M', abs())
    st.op = ASGN
    st.expr = Expr(SHR, [current_mem, 1])
    st.dest = [SSADef(ctx, 'M', abs())]
    st = chain_flags_shr(st, current_mem, st.expr)
  elif opc == 0x50:	# BVC
    do_branch('V', False)
  elif opc == 0x51:	# EOR (zp),Y
    current_a = SSADef.cur(ctx, 'A')
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    operand = Expr(LOAD, [SSADef.cur(ctx, 'M', zp()), SSADef.cur(ctx, 'Y')])
    st.expr = Expr(EOR, [current_a, operand])
    st = chain_flags_eor(st, current_a, operand)
  elif opc == 0x55:	# EOR zp,X
    current_a = SSADef.cur(ctx, 'A')
    current_mem = Expr(LOAD, [zp(), SSADef.cur(ctx, 'X')])
    st.expr = Expr(EOR, [current_a, current_mem])
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st = chain_flags_eor(st, current_a, current_mem)
  elif opc == 0x56:	# LSR zp,X
    current_mem = Expr(LOAD, [zp(), SSADef.cur(ctx, 'X')])
    shrex = Expr(SHR, [current_mem, 1])
    st.dest = []
    st.op = IMPURE
    st.expr = Expr(STORE, [shrex, zp(), SSADef.cur(ctx, 'X')])
    st = chain_flags_shr(st, current_mem, shrex)
  elif opc == 0x58:	# CLI
    st.dest = []
    st.op = IMPURE
    st.expr = Expr(INTRINSIC, ['cli'])
  elif opc == 0x59:	# EOR abs,Y
    current_a = SSADef.cur(ctx, 'A')
    current_mem = Expr(LOAD, [abs(), SSADef.cur(ctx, 'Y')])
    st.expr = Expr(EOR, [current_a, current_mem])
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st = chain_flags_eor(st, current_a, current_mem)
  elif opc == 0x5d:	# EOR abs,X
    current_a = SSADef.cur(ctx, 'A')
    current_mem = Expr(LOAD, [abs(), SSADef.cur(ctx, 'X')])
    st.expr = Expr(EOR, [current_a, current_mem])
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st = chain_flags_eor(st, current_a, current_mem)
  elif opc == 0x5e:	# LSR abs,X
    current_mem = Expr(LOAD, [abs(), SSADef.cur(ctx, 'X')])
    shrex = Expr(SHR, [current_mem, 1])
    st.dest = []
    st.op = IMPURE
    st.expr = Expr(STORE, [shrex, abs(), SSADef.cur(ctx, 'X')])
    st = chain_flags_shr(st, current_mem, shrex)
  elif opc == 0x60:	# RTS
    st.dest = []
    st.op = RETURN
    st.expr = None
  elif opc == 0x61:	# ADC (zp,X)
    addr = Expr(LOAD, [zp(), SSADef.cur(ctx, 'X')])
    current_a = SSADef.cur(ctx, 'A')
    current_mem = Expr(LOAD, [addr, 0])
    current_c = SSADef.cur(ctx, 'C')
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(ADD, [current_a, current_mem, current_c])
    st = chain_flags_adc(st, current_a, current_mem, current_c)
  elif opc == 0x65:	# ADC zp
    current_a = SSADef.cur(ctx, 'A')
    current_mem = SSADef.cur(ctx, 'M', zp())
    current_c = SSADef.cur(ctx, 'C')
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(ADD, [current_a, current_mem, current_c])
    st = chain_flags_adc(st, current_a, current_mem, current_c)
  elif opc == 0x66:	# ROR zp
    current_mem = SSADef.cur(ctx, 'M', zp())
    current_c = SSADef.cur(ctx, 'C')
    st.op = ASGN
    st.expr = Expr(OR, [Expr(SHR, [current_mem, 1]), Expr(SHL, [current_c, 7])])
    st.expr.dont_propagate = True
    st.dest = [SSADef(ctx, 'M', zp())]
    st = chain_flags_ror(st, current_mem, st.expr)
  elif opc == 0x68:	# PLA
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    sp += 1
    st.expr = Expr(VAR, [SSADef.cur(ctx, 's', sp)])
    st = chain_flags_ld(st, 'A')
  elif opc == 0x69:	# ADC imm
    current_a = SSADef.cur(ctx, 'A')
    current_c = SSADef.cur(ctx, 'C')
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(ADD, [current_a, imm(), current_c])
    st = chain_flags_adc(st, current_a, imm(), current_c)
  elif opc == 0x6a:	# ROR A
    current_a = SSADef.cur(ctx, 'A')
    current_c = SSADef.cur(ctx, 'C')
    st.op = ASGN
    st.expr = Expr(OR, [Expr(SHR, [current_a, 1]), Expr(SHL, [current_c, 7])])
    st.expr.dont_propagate = True
    st.dest = [SSADef(ctx, 'A')]
    st = chain_flags_ror(st, current_a, st.expr)
  elif opc == 0x6c:	# JMP ind
    st.dest = []
    st.op = IMPURE
    st.expr = Expr(INTRINSIC, ['jmp', SSADef.cur(ctx, 'M', abs())])
    st.add_comment('XXX: indirect jump not implemented yet')
  elif opc == 0x6d:	# ADC abs
    current_a = SSADef.cur(ctx, 'A')
    current_mem = SSADef.cur(ctx, 'M', abs())
    current_c = SSADef.cur(ctx, 'C')
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(ADD, [current_a, current_mem, current_c])
    st = chain_flags_adc(st, current_a, current_mem, current_c)
  elif opc == 0x6e:	# ROR abs
    current_mem = SSADef.cur(ctx, 'M', abs())
    current_c = SSADef.cur(ctx, 'C')
    st.op = ASGN
    st.expr = Expr(OR, [Expr(SHR, [current_mem, 1]), Expr(SHL, [current_c, 7])])
    st.expr.dont_propagate = True
    st.dest = [SSADef(ctx, 'M', abs())]
    st = chain_flags_ror(st, current_mem, st.expr)
  elif opc == 0x70:	# BVS dd
    do_branch('V', True)
  elif opc == 0x71:	# ADC (zp),Y
    current_a = SSADef.cur(ctx, 'A')
    current_c = SSADef.cur(ctx, 'C')
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    operand = Expr(LOAD, [SSADef.cur(ctx, 'M', zp()), SSADef.cur(ctx, 'Y')])
    st.expr = Expr(ADD, [current_a, operand, current_c])
    st = chain_flags_adc(st, current_a, operand, current_c)
  elif opc == 0x75:	# ADC zp,X
    current_a = SSADef.cur(ctx, 'A')
    current_mem = Expr(LOAD, [zp(), SSADef.cur(ctx, 'X')])
    current_c = SSADef.cur(ctx, 'C')
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(ADD, [current_a, current_mem, current_c])
    st = chain_flags_adc(st, current_a, current_mem, current_c)
  elif opc == 0x76:	# ROR zp,X
    current_mem = Expr(LOAD, [zp(), SSADef.cur(ctx, 'X')])
    current_c = SSADef.cur(ctx, 'C')
    st.op = IMPURE
    rorex = Expr(OR, [Expr(SHR, [current_mem, 1]), Expr(SHL, [current_c, 7])])
    rorex.dont_propagate = True
    st.dest = []
    st.expr = Expr(STORE, [rorex, zp(), SSADef.cur(ctx, 'X')])
    st = chain_flags_ror(st, current_mem, rorex)
  elif opc == 0x78: 	# SEI
    st.dest = []
    st.op = IMPURE
    st.expr = Expr(INTRINSIC, ['sei'])
  elif opc == 0x79:	# ADC abs,Y
    current_a = SSADef.cur(ctx, 'A')
    current_mem = Expr(LOAD, [abs(), SSADef.cur(ctx, 'Y')])
    current_c = SSADef.cur(ctx, 'C')
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(ADD, [current_a, current_mem, current_c])
    st = chain_flags_adc(st, current_a, current_mem, current_c)
  elif opc == 0x7d:	# ADC abs,X
    current_a = SSADef.cur(ctx, 'A')
    current_mem = Expr(LOAD, [abs(), SSADef.cur(ctx, 'X')])
    current_c = SSADef.cur(ctx, 'C')
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(ADD, [current_a, current_mem, current_c])
    st = chain_flags_adc(st, current_a, current_mem, current_c)
  elif opc == 0x7e:	# ROR abs,X
    current_mem = Expr(LOAD, [abs(), SSADef.cur(ctx, 'X')])
    current_c = SSADef.cur(ctx, 'C')
    st.op = IMPURE
    rorex = Expr(OR, [Expr(SHR, [current_mem, 1]), Expr(SHL, [current_c, 7])])
    rorex.dont_propagate = True
    st.dest = []
    st.expr = Expr(STORE, [rorex, abs(), SSADef.cur(ctx, 'X')])
    st = chain_flags_ror(st, current_mem, rorex)
  elif opc == 0x81:	# STA (zp,X)
    addr = Expr(LOAD, [zp(), SSADef.cur(ctx, 'X')])
    st.op = IMPURE
    st.dest = []
    st.expr = Expr(STORE, [SSADef.cur(ctx, 'A'), addr, 0])
  elif opc == 0x84:	# STY zp
    st.dest = [SSADef(ctx, 'M', zp())]
    st.op = ASGN
    st.expr = Expr(VAR, [SSADef.cur(ctx, 'Y')])
  elif opc == 0x85:	# STA zp
    st.dest = [SSADef(ctx, 'M', zp())]
    st.op = ASGN
    st.expr = Expr(VAR, [SSADef.cur(ctx, 'A')])
  elif opc == 0x86:	# STX zp
    st.dest = [SSADef(ctx, 'M', zp())]
    st.op = ASGN
    st.expr = Expr(VAR, [SSADef.cur(ctx, 'X')])
  elif opc == 0x88:	# DEY
    st.expr = Expr(SUB, [SSADef.cur(ctx, 'Y'), 1])
    st.dest = [SSADef(ctx, 'Y')]
    st.op = ASGN
    st = chain_flags_incdec(st, SSADef.cur(ctx, 'Y'))
  elif opc == 0x8a:	# TXA
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(VAR, [SSADef.cur(ctx, 'X')])
    st = chain_flags_ld(st, 'A')
  elif opc == 0x8c:	# STY abs
    do_st_abs('Y')
  elif opc == 0x8d:	# STA abs
    do_st_abs('A')
  elif opc == 0x8e:	# STX abs
    do_st_abs('X')
  elif opc == 0x90:	# BCC dd
    do_branch('C', False)
  elif opc == 0x91:	# STA (zp),Y
    current_ind = SSADef.cur(ctx, 'M', zp())
    st.dest = []
    st.op = IMPURE
    st.expr = Expr(STORE, [SSADef.cur(ctx, 'A'), current_ind, SSADef.cur(ctx, 'Y')])
  elif opc == 0x94:	# STY zp,X
    do_st_xy('Y', zp(), 'X')
  elif opc == 0x95:	# STA zp,X
    do_st_xy('A', zp(), 'X')
  elif opc == 0x96:	# STX zp,Y
    do_st_xy('X', zp(), 'Y')
  elif opc == 0x98:	# TYA
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(VAR, [SSADef.cur(ctx, 'Y')])
    st = chain_flags_ld(st, 'A')
  elif opc == 0x99:	# STA abs,Y
    do_st_xy('A', abs(), 'Y')
  elif opc == 0x9a:	# TXS
    st.dest = []
    st.op = IMPURE
    st.expr = Expr(INTRINSIC, ['setsp', SSADef.cur(ctx, 'X')])
  elif opc == 0x9d:	# STA abs,X
    do_st_xy('A', abs(), 'X')
  elif opc == 0xa0:	# LDY imm
    st.dest = [SSADef(ctx, 'Y')]
    st.op = ASGN
    st.expr = Expr(CONST, [imm()])
    st = chain_flags_ldimm(st, imm())
  elif opc == 0xa1:	# LDA (zp,X)
    addr = Expr(LOAD, [zp(), SSADef.cur(ctx, 'X')])
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(VAR, [Expr(LOAD, [addr, 0])])
    st = chain_flags_ld(st, 'A')
  elif opc == 0xa2:	# LDX imm
    st.dest = [SSADef(ctx, 'X')]
    st.op = ASGN
    st.expr = Expr(CONST, [imm()])
    st = chain_flags_ldimm(st, imm())
  elif opc == 0xa4:	# LDY zp
    st.dest = [SSADef(ctx, 'Y')]
    st.op = ASGN
    st.expr = Expr(VAR, [SSADef.cur(ctx, 'M', zp())])
    st = chain_flags_ld(st, 'Y')
  elif opc == 0xa5:	# LDA zp
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(VAR, [SSADef.cur(ctx, 'M', zp())])
    st = chain_flags_ld(st, 'A')
  elif opc == 0xa6:	# LDX zp
    st.dest = [SSADef(ctx, 'X')]
    st.op = ASGN
    st.expr = Expr(VAR, [SSADef.cur(ctx, 'M', zp())])
    st = chain_flags_ld(st, 'X')
  elif opc == 0xa8:	# TAY
    st.dest = [SSADef(ctx, 'Y')]
    st.op = ASGN
    st.expr = Expr(VAR, [SSADef.cur(ctx, 'A')])
    st = chain_flags_ld(st, 'Y')
  elif opc == 0xa9:	# LDA imm
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(CONST, [imm()])
    st = chain_flags_ldimm(st, imm())
  elif opc == 0xaa:	# TAX
    st.dest = [SSADef(ctx, 'X')]
    st.op = ASGN
    st.expr = Expr(VAR, [SSADef.cur(ctx, 'A')])
    st = chain_flags_ld(st, 'X')
  elif opc == 0xac:	# LDY abs
    do_ld_abs('Y')
  elif opc == 0xad:	# LDA abs
    do_ld_abs('A')
  elif opc == 0xae:	# LDX abs
    do_ld_abs('X')
  elif opc == 0xb0:	# BCS dd
    do_branch('C', True)
  elif opc == 0xb1:	# LDA (zp),Y
    current_ind = SSADef.cur(ctx, 'M', zp())
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(LOAD, [current_ind, SSADef.cur(ctx, 'Y')])
    st = chain_flags_ld(st, 'A')
  elif opc == 0xb4:	# LDY zp,X
    do_ld_xy('Y', zp(), 'X')
  elif opc == 0xb5:	# LDA zp,X
    do_ld_xy('A', zp(), 'X')
  elif opc == 0xb6:	# LDX zp,Y
    do_ld_xy('X', zp(), 'Y')
  elif opc == 0xb8:	# CLV
    st.op = ASGN
    st.dest = [SSADef(ctx, 'V')]
    st.expr = Expr(CONST, [0])
  elif opc == 0xb9:	# LDA abs,Y
    do_ld_xy('A', abs(), 'Y')
  elif opc == 0xba:	# TSX
    st.dest = [SSADef(ctx, 'X')]
    st.op = ASGN
    st.expr = Expr(INTRINSIC, ['getsp'])
  elif opc == 0xbc:	# LDY abs,X
    do_ld_xy('Y', abs(), 'X')
  elif opc == 0xbd:	# LDA abs,X
    do_ld_xy('A', abs(), 'X')
  elif opc == 0xbe:	# LDX abs,Y
    do_ld_xy('X', abs(), 'Y')
  elif opc == 0xc0:	# CPY imm
    st = emit_flags_subimm(st, 'Y', imm())
  elif opc == 0xc1:	# CMP (zp,X)
    addr = Expr(LOAD, [zp(), SSADef.cur(ctx, 'X')])
    st = emit_flags_subimm(st, 'A', Expr(LOAD, [addr, 0]))
  elif opc == 0xc4:	# CPY zp
    st = emit_flags_subimm(st, 'Y', SSADef.cur(ctx, 'M', zp()))
  elif opc == 0xc5:	# CMP zp
    st = emit_flags_subimm(st, 'A', SSADef.cur(ctx, 'M', zp()))
  elif opc == 0xc6:	# DEC zp
    current_mem = SSADef.cur(ctx, 'M', zp())
    st.expr = Expr(SUB, [current_mem, 1])
    st.dest = [SSADef(ctx, 'M', zp())]
    st.op = ASGN
    st = chain_flags_incdec(st, SSADef.cur(ctx, 'M', zp()))
  elif opc == 0xc8:	# INY
    st.expr = Expr(ADD, [SSADef.cur(ctx, 'Y'), 1])
    st.dest = [SSADef(ctx, 'Y')]
    st.op = ASGN
    st = chain_flags_incdec(st, SSADef.cur(ctx, 'Y'))
  elif opc == 0xc9:	# CMP imm
    st = emit_flags_subimm(st, 'A', imm())
  elif opc == 0xca:	# DEX
    current_x = SSADef.cur(ctx, 'X')
    st.expr = Expr(SUB, [current_x, 1])
    st.dest = [SSADef(ctx, 'X')]
    st.op = ASGN
    st = chain_flags_incdec(st, SSADef.cur(ctx, 'X'))
  elif opc == 0xcc:	# CPY abs
    st = emit_flags_subimm(st, 'Y', SSADef.cur(ctx, 'M', abs()))
  elif opc == 0xcd:	# CMP abs
    st = emit_flags_subimm(st, 'A', SSADef.cur(ctx, 'M', abs()))
  elif opc == 0xce:	# DEC abs
    current_mem = SSADef.cur(ctx, 'M', abs())
    st.expr = Expr(SUB, [current_mem, 1])
    st.dest = [SSADef(ctx, 'M', abs())]
    st.op = ASGN
    st = chain_flags_incdec(st, SSADef.cur(ctx, 'M', abs()))
  elif opc == 0xd0:	# BNE dd
    do_branch('Z', False)
  elif opc == 0xd1:	# CMP (zp),Y
    operand = Expr(LOAD, [SSADef.cur(ctx, 'M', zp()), SSADef.cur(ctx, 'Y')])
    st = emit_flags_subimm(st, 'A', operand)
  elif opc == 0xd5:	# CMP zp,X
    st = emit_flags_subimm(st, 'A', Expr(LOAD, [zp(), SSADef.cur(ctx, 'X')]))
  elif opc == 0xd6:	# DEC zp,X
    current_mem = Expr(LOAD, [zp(), SSADef.cur(ctx, 'X')])
    subex = Expr(SUB, [current_mem, 1])
    st.dest = []
    st.op = IMPURE
    st.expr = Expr(STORE, [subex, zp(), SSADef.cur(ctx, 'X')])
    st = chain_flags_incdec(st, subex)
  elif opc == 0xd8:	# CLD
    st.dest = []
    st.op = IMPURE
    st.expr = Expr(INTRINSIC, ['cld'])
    st.add_comment('XXX: CLD unimplemented')
  elif opc == 0xd9:	# CMP abs,Y
    st = emit_flags_subimm(st, 'A', Expr(LOAD, [abs(), SSADef.cur(ctx, 'Y')]))
  elif opc == 0xdd:	# CMP abs,X
    st = emit_flags_subimm(st, 'A', Expr(LOAD, [abs(), SSADef.cur(ctx, 'X')]))
  elif opc == 0xde:	# DEC abs,X
    current_mem = Expr(LOAD, [abs(), SSADef.cur(ctx, 'X')])
    subex = Expr(SUB, [current_mem, 1])
    st.dest = []
    st.op = IMPURE
    st.expr = Expr(STORE, [subex, abs(), SSADef.cur(ctx, 'X')])
    st = chain_flags_incdec(st, subex)
  elif opc == 0xe0:	# CPX imm
    st = emit_flags_subimm(st, 'X', imm())
  elif opc == 0xe1:	# SBC (zp,X)
    addr = Expr(LOAD, [zp(), SSADef.cur(ctx, 'X')])
    current_a = SSADef.cur(ctx, 'A')
    current_mem = Expr(LOAD, [addr, 0])
    current_borrow = Expr(SUB, [1, SSADef.cur(ctx, 'C')])
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(SUB, [current_a, current_mem, current_borrow])
    st = chain_flags_sbb(st, current_a, current_mem, current_borrow)
  elif opc == 0xe4:	# CPX zp
    st = emit_flags_subimm(st, 'X', SSADef.cur(ctx, 'M', zp()))
  elif opc == 0xe5:	# SBC zp
    current_a = SSADef.cur(ctx, 'A')
    current_mem = SSADef.cur(ctx, 'M', zp())
    current_borrow = Expr(SUB, [1, SSADef.cur(ctx, 'C')])
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(SUB, [current_a, current_mem, current_borrow])
    st = chain_flags_sbb(st, current_a, current_mem, current_borrow)
  elif opc == 0xe6:	# INC zp
    current_mem = SSADef.cur(ctx, 'M', zp())
    st.expr = Expr(ADD, [current_mem, 1])
    st.dest = [SSADef(ctx, 'M', zp())]
    st.op = ASGN
    st = chain_flags_incdec(st, SSADef.cur(ctx, 'M', zp()))
  elif opc == 0xe8:	# INX
    current_x = SSADef.cur(ctx, 'X')
    st.expr = Expr(ADD, [current_x, 1])
    st.dest = [SSADef(ctx, 'X')]
    st.op = ASGN
    st = chain_flags_incdec(st, SSADef.cur(ctx, 'X'))
  elif opc == 0xe9:	# SBC imm
    current_a = SSADef.cur(ctx, 'A')
    current_borrow = Expr(SUB, [1, SSADef.cur(ctx, 'C')])
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(SUB, [current_a, imm(), current_borrow])
    st = chain_flags_sbb(st, current_a, imm(), current_borrow)
  elif opc == 0xea:	# NOP
    st.op = ASGN
    st.dest = []
    st.expr = Expr(NOP, [0])
  elif opc == 0xec:	# CPX abs
    st = emit_flags_subimm(st, 'X', SSADef.cur(ctx, 'M', abs()))
  elif opc == 0xed:	# SBC abs
    current_a = SSADef.cur(ctx, 'A')
    current_mem = SSADef.cur(ctx, 'M', abs())
    current_borrow = Expr(SUB, [1, SSADef.cur(ctx, 'C')])
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(SUB, [current_a, current_mem, current_borrow])
    st = chain_flags_sbb(st, current_a, current_mem, current_borrow)
  elif opc == 0xee:	# INC abs
    current_mem = SSADef.cur(ctx, 'M', abs())
    st.expr = Expr(ADD, [current_mem, 1])
    st.dest = [SSADef(ctx, 'M', abs())]
    st.op = ASGN
    st = chain_flags_incdec(st, SSADef.cur(ctx, 'M', abs()))
  elif opc == 0xf0:	# BEQ dd
    do_branch('Z', True)
  elif opc == 0xf1:	# SBC (zp),Y
    current_a = SSADef.cur(ctx, 'A')
    current_mem = Expr(LOAD, [SSADef.cur(ctx, 'M', zp()), SSADef.cur(ctx, 'Y')])
    current_borrow = Expr(SUB, [1, SSADef.cur(ctx, 'C')])
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(SUB, [current_a, current_mem, current_borrow])
    st = chain_flags_sbb(st, current_a, current_mem, current_borrow)
  elif opc == 0xf5:	# SBC zp,X
    current_a = SSADef.cur(ctx, 'A')
    current_mem = Expr(LOAD, [zp(), SSADef.cur(ctx, 'X')])
    current_borrow = Expr(SUB, [1, SSADef.cur(ctx, 'C')])
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(SUB, [current_a, current_mem, current_borrow])
    st = chain_flags_sbb(st, current_a, current_mem, current_borrow)
  elif opc == 0xf6:	# INC zp,X
    current_mem = Expr(LOAD, [zp(), SSADef.cur(ctx, 'X')])
    result = Expr(ADD, [current_mem, 1])
    st.expr = Expr(STORE, [result, zp(), SSADef.cur(ctx, 'X')])
    st.dest = []
    st.op = IMPURE
    st = chain_flags_incdec(st, result)
  elif opc == 0xf8:	# SED
    st.dest = []
    st.op = IMPURE
    st.expr = Expr(INTRINSIC, ['sed'])
    st.add_comment('XXX: SED unimplemented')
  elif opc == 0xf9:	# SBC abs,Y
    current_a = SSADef.cur(ctx, 'A')
    current_mem = Expr(LOAD, [abs(), SSADef.cur(ctx, 'Y')])
    current_borrow = Expr(SUB, [1, SSADef.cur(ctx, 'C')])
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(SUB, [current_a, current_mem, current_borrow])
    st = chain_flags_sbb(st, current_a, current_mem, current_borrow)
  elif opc == 0xfd:	# SBC abs,X
    current_a = SSADef.cur(ctx, 'A')
    current_mem = Expr(LOAD, [abs(), SSADef.cur(ctx, 'X')])
    current_borrow = Expr(SUB, [1, SSADef.cur(ctx, 'C')])
    st.dest = [SSADef(ctx, 'A')]
    st.op = ASGN
    st.expr = Expr(SUB, [current_a, current_mem, current_borrow])
    st = chain_flags_sbb(st, current_a, current_mem, current_borrow)
  elif opc == 0xfe:	# INC abs,X
    current_mem = Expr(LOAD, [abs(), SSADef.cur(ctx, 'X')])
    result = Expr(ADD, [current_mem, 1])
    st.expr = Expr(STORE, [result, abs(), SSADef.cur(ctx, 'X')])
    st.dest = []
    st.op = IMPURE
    st = chain_flags_incdec(st, result)
  elif opc == OPC_OUTOFRANGE:
    st.dest = []
    st.op = IMPURE
    st.expr = Expr(INTRINSIC, ['thunk', insn.addr])
  elif opc in [      0x02, 0x03, 0x04, 0x07,             0x0b, 0x0c,       0x0f,
                     0x12, 0x13, 0x14, 0x17,       0x1a, 0x1b, 0x1c,       0x1f,
                     0x22, 0x23,       0x27,             0x2b,             0x2f,
                     0x32, 0x33, 0x34, 0x37,       0x3a, 0x3b, 0x3c,       0x3f,
                     0x42, 0x43, 0x44, 0x47,             0x4b,             0x4f,
                     0x52, 0x53, 0x54, 0x57,       0x5a, 0x5b, 0x5c,       0x5f,
                     0x62, 0x63, 0x64, 0x67,             0x6b,             0x6f,
                     0x72, 0x73, 0x74, 0x77,       0x7a, 0x7b, 0x7c,       0x7f,
               0x80, 0x82, 0x83,       0x87, 0x89,       0x8b,             0x8f,
                     0x92, 0x93,       0x97,             0x9b, 0x9c, 0x9e, 0x9f,
                           0xa3,       0xa7,             0xab,             0xaf,
                     0xb2, 0xb3,       0xb7,             0xbb,             0xbf,
                     0xc2, 0xc3,       0xc7,             0xcb,             0xcf,
                     0xd2, 0xd3, 0xd4, 0xd7,       0xda, 0xdb, 0xdc,       0xdf,
                     0xe2, 0xe3,       0xe7,             0xeb,             0xef,
                     0xf2, 0xf3, 0xf4, 0xf7,       0xfa, 0xfb, 0xfc,       0xff]:
    # illegal opcode
    # XXX: add switch to allow 'useful' illegal opcodes
    st.op = IMPURE
    st.expr = Expr(INTRINSIC, ['illegal', opc])
    st.dest = []
    st.add_comment('XXX: unimplemented illegal opcode')
  else:
    raise InternalError('unknown opcode ' + hex(opc))

  # all current indices are reaching, with the exception of anything
  # below the stack pointer
  st.reaching = []
  for i in ctx.local_indices.values():
    if i.type != 's':# or i.addr > sp:
      st.reaching += [i]

  self.last_ssa_for_insn[insn] = st
  return (st_start, st, sp, bp, end_bp, next)
Beispiel #15
0
def translate(self, ctx, insn, sp, end_bp, bp):

  # normally, add() will follow the flow of the machine code instructions;
  # if we know better (such as with branches with constant conditions), we
  # can put a list of successor instructions here
  next = None

  st = SSAStatement()

  debug(SSA, 2, 'translating', insn, hex(insn.bytes[0]), 'to', st.num)

  opc = insn.bytes[0]

  if insn == None:
    return None
  
  st_start = st
  self.ssa_for_insn[insn] = st
  st.insn = insn

  if len(insn.comefrom) > 1:
    debug(SSA, 3, 'phiing')
    for g in ctx.local_indices.values():
      st.dest = [SSADef(ctx, g.type, g.addr)]
      st.op = ASGN
      st.expr = Expr(PHI, [g])
      for h in insn.comefrom:
        if h in self.last_ssa_for_insn:
          #print('reaching from', self.last_ssa_for_insn[h], [str(x) + '(' + repr(x) + ')' for x in self.last_ssa_for_insn[h].reaching])
          for i in self.last_ssa_for_insn[h].reaching:
            if i.type == g.type and i.addr == g.addr and not i in st.expr.ops:
              st.expr.ops += [i]
      st1 = SSAStatement()
      st.chain(ctx, st1)
      st = st1
  

  def rot_imm(imm8, rs):
    return ((imm8 >> rs * 2) | (imm8 << (32 - rs * 2))) & 0xffffffff

  def do_ld_abs(reg, addr, size):
    nonlocal st
    st.op = ASGN
    if self.is_io(addr):
      if size == 1:
        op = IOIN
      elif size == 2:
        op = IOIN16
      else:
        op = IOIN32
      st.expr = Expr(op, [addr])
      st.expr.dont_propagate = True
      st.expr.dont_eliminate = True
    else:
      if size == 4:
        st.expr = Expr(VAR, [SSADef.cur(ctx, 'Mw', addr)])
      elif size == 2:
        st.expr = Expr(VAR, [SSADef.cur(ctx, 'Mh', addr)])
      elif size == 1:
        st.expr = Expr(VAR, [SSADef.cur(ctx, 'M', addr)])
      else:
        raise InternalError('unhandled size ' + str(size))
    st.dest = [SSADef(ctx, reg)]

  
  def do_ld_reg(dst, off, reg, size):
    nonlocal st
    st.op = ASGN
    # XXX: convert to IOIN after constant prop
    if size == 1:
      st.expr = Expr(LOAD, [off, SSADef.cur(ctx, reg)])
    elif size == 2:
      st.expr = Expr(LOAD16, [off, SSADef.cur(ctx, reg)])
    elif size == 4:
      st.expr = Expr(LOAD32, [off, SSADef.cur(ctx, reg)])
    else:
      raise InternalError('unhandled size ' + str(size))
    st.dest = [SSADef(ctx, dst)]

  def do_st_abs(reg, addr, size):
    if self.is_io(addr):
      st.op = IMPURE
      if size == 4:
        op = IOOUT32
      elif size == 2:
        op = IOOUT16
      else:
        op = IOOUT
      st.expr = Expr(op, [SSADef.cur(ctx, reg), addr])
      st.expr.dont_propagate = True
      st.expr.dont_eliminate = True
      st.dest = []
    else:
      st.op = ASGN
      st.expr = Expr(VAR, [SSADef.cur(ctx, reg)])
      if size == 4:
        pref = 'Mw'
      elif size == 2:
        pref = 'Mh'
      elif size == 1:
        pref = 'M'
      else:
        raise InternalError('unhandled size ' + str(size))
      st.dest = [SSADef(ctx, pref, addr)]

  def do_st_reg(src, off, reg, size):
    st.dest = []
    st.op = IMPURE
    # XXX: convert to IOOUT after constant prop
    if size == 4:
      op = STORE32
    elif size == 2:
      op = STORE16
    elif size == 1:
      op = STORE
    else:
      raise InternalError('unhandled size ' + str(size))
    st.expr = Expr(op, [SSADef.cur(ctx, src), off, SSADef.cur(ctx, reg)])

  def do_ld_stack(dst, off, size):
    nonlocal sp, st
    st.op = ASGN
    st.expr = Expr(VAR, [SSADef.cur(ctx, 's', off+sp)])
    st.dest = [SSADef(ctx, dst)]
  
  def do_st_stack(src, off, size):
    nonlocal sp, st
    st.op = ASGN
    st.expr = Expr(VAR, [SSADef.cur(ctx, src)])
    st.dest = [SSADef(ctx, 's', off+sp)]

  def creg(num):
    nonlocal sp
    if num == 13:
      return Expr(AUTO, [sp, -1])
    elif num == 15:
      return insn.addr + 8
    else:
      return SSADef.cur(ctx, 'R'+str(num))

  def get_rm():
    if insn.shift == 0:
      op = SHL
    elif insn.shift == 1:
      op = SHR
    elif insn.shift == 2:
      op = ASR
    else:
      op = ROR
    if insn.shift_rot == 1:
      # rs
      return Expr(op, [creg(insn.rm), creg(insn.rs)])
    else:
      # imm
      return Expr(op, [creg(insn.rm), insn.shift_bits])

  if insn.bytes[0] != OPC_OUTOFRANGE and insn.cond < 0xe or insn.artificial_branch != -1:
    debug(SSA, 5, "conditional", insn, hex(insn.artificial_branch))
    # conditional
    st.op = BRANCH_COND

    if insn.cond == 0:
      st.expr = Expr(VAR, [SSADef.cur(ctx, 'Z')])
    elif insn.cond == 1:
      st.expr = Expr(NOT, [SSADef.cur(ctx, 'Z')])
    elif insn.cond == 2:
      st.expr = Expr(VAR, [SSADef.cur(ctx, 'C')])
    elif insn.cond == 3:
      st.expr = Expr(NOT, [SSADef.cur(ctx, 'C')])
    elif insn.cond == 4:
      st.expr = Expr(VAR, [SSADef.cur(ctx, 'N')])
    elif insn.cond == 5:
      st.expr = Expr(NOT, [SSADef.cur(ctx, 'N')])
    elif insn.cond == 8:
      st.expr = Expr(AND, [SSADef.cur(ctx, 'C'), Expr(NOT, [SSADef.cur(ctx, 'Z')])])
    elif insn.cond == 9:
      st.expr = Expr(OR, [Expr(NOT, [SSADef.cur(ctx, 'C')]), SSADef.cur(ctx, 'Z')])
    elif insn.cond == 0xa:
      st.expr = Expr(COMPARE_EQ, [SSADef.cur(ctx, 'N'), SSADef.cur(ctx, 'V')])
    elif insn.cond == 0xb:
      st.expr = Expr(COMPARE_NE, [SSADef.cur(ctx, 'N'), SSADef.cur(ctx, 'V')])
    elif insn.cond == 0xc:
      st.expr = Expr(AND, [
        Expr(NOT, [SSADef.cur(ctx, 'Z')]),
        Expr(COMPARE_EQ, [SSADef.cur(ctx, 'N'), SSADef.cur(ctx, 'V')])
      ])
    elif insn.cond == 0xd:
      st.expr = Expr(OR, [
        SSADef.cur(ctx, 'Z'),
        Expr(COMPARE_NE, [SSADef.cur(ctx, 'N'), SSADef.cur(ctx, 'V')])
      ])
    else:
      raise InternalError('unsupported condition')

    assert(insn.op & 0xf0 == 0xa0 or insn.artificial_branch != -1)

  if insn.bytes[0] == OPC_OUTOFRANGE:
    st.dest = []
    st.op = IMPURE
    st.expr = Expr(INTRINSIC, ['thunk', insn.addr])
  elif insn.cond == 0xf:	# NV predicate
      debug(SSA, 5, "NV predicate")
      st.dest = []
      st.op = ASGN
      st.expr = Expr(NOP, [0])
  elif insn.op & 0xf0 == 0xa0:	# B
      debug(SSA, 5, "branch")
      if insn.cond == 0xe:
        debug(SSA, 5, "unconditional branch")
        st.op = ASGN
        st.dest = []
        st.expr = Expr(NOP, [0])
  elif insn.op & 0xf1 == 0xe0:	# MCR
      debug(SSA, 5, "mcr")
      st.op = IMPURE
      st.dest = []
      st.expr = Expr(INTRINSIC, ['mcr'])
  elif insn.op & 0xf1 == 0xe1:	# MRC
      debug(SSA, 5, "mrc")
      st.op = ASGN
      st.dest = [SSADef(ctx, 'R'+str(insn.rd))]
      st.expr = Expr(INTRINSIC, ['mrc'])
  elif insn.op & 0xc0 == 0x40:	# LDR/STR rd,[rn,+-#imm12 / rm <> shift] pre/post
      if insn.op & 0x20:
        # register offset
        if insn.op & 0x08 == 0x08:
          off = get_rm()
        else:
          off = Expr(SUB, [0, get_rm()])
      else:
        # immediate offset
        if insn.op & 0x08 == 0x08:
          off = insn.imm12
        else:
          off = -insn.imm12
      if insn.op & 0x04 == 0x04:
        size = 1
      else:
        size = 4
      if insn.fixed_mem != -1:
        assert(insn.rn != 13)
        debug(SSA, 6, 'transing fixed mem insn', insn)
        if insn.op & 1:
          do_ld_abs('R'+str(insn.rd), insn.fixed_mem, size)
        else:
          do_st_abs('R'+str(insn.rd), insn.fixed_mem, size)
      elif insn.fixed_stack != -1:
        debug(SSA, 6, 'transing fixed stack insn', insn)
        if insn.op & 1:
          do_ld_stack('R'+str(insn.rd), insn.fixed_stack-sp, size)
        else:
          do_st_stack('R'+str(insn.rd), insn.fixed_stack-sp, size)
      else:
        if insn.op & 1 == 1 and insn.rd == 15:
          # PC load
          if insn.rn == 15:
            # decoded already in insn.py
            st.dest = []
            st.op = ASGN
            st.expr = Expr(NOP, [0])
          else:
            st.dest = []
            st.op = IMPURE
            st.expr = Expr(INTRINSIC, ['set_pc', insn.rn, off])
        else:
          if insn.op & 0x10:	# pre indexing
            noff = off
          else:
            noff = 0
          if insn.rn == 15:
            if insn.op & 1:
              do_ld_abs('R'+str(insn.rd), insn.addr + 8 + noff, size)
            else:
              do_st_abs('R'+str(insn.rd), insn.addr + 8 + noff, size)
          elif insn.rn == 13:
            if insn.op & 1:
              do_ld_stack('R'+str(insn.rd), noff, size)
            else:
              do_st_stack('R'+str(insn.rd), noff, size)
          else:
            if insn.op & 1:
              do_ld_reg('R'+str(insn.rd), noff, 'R'+str(insn.rn), size)
            else:
              do_st_reg('R'+str(insn.rd), noff, 'R'+str(insn.rn), size)
      if insn.op & 2 == 2 or insn.op & 0x10 == 0:	# write back or post indexing
        if insn.rn == 13:
          sp += off
        else:
          st1 = SSAStatement()
          st.chain(ctx, st1)
          st = st1
          st.op = ASGN
          st.expr = Expr(ADD, [creg(insn.rn), off])
          st.dest = [SSADef(ctx, 'R'+str(insn.rn))]
  elif insn.op & 0xe4 == 4 and insn.imm8 & 0x90 == 0x90:	# LDRH/STRH rd, [rn, +-immWEIRD]
      imm = insn.rm | (insn.rs >> 4)
      if insn.op & 0x08 == 0:
        imm = -imm
      if insn.fixed_mem != -1:
        assert(insn.rn != 13)
        debug(SSA, 6, 'transing fixed mem insn', insn)
        if insn.op & 1:
          do_ld_abs('R'+str(insn.rd), insn.fixed_mem, 2)
        else:
          do_st_abs('R'+str(insn.rd), insn.fixed_mem, 2)
      else:
        if insn.op & 0x10:	# pre indexing
          noff = imm
        else:
          noff = 0
        if insn.rn == 13:
          if insn.op & 1:
            do_ld_stack('R'+str(insn.rd), noff, 2)
          else:
            do_st_stack('R'+str(insn.rd), noff, 2)
        else:
          if insn.op & 1:
            do_ld_reg('R'+str(insn.rd), noff, 'R'+str(insn.rn), 2)
          else:
            do_st_reg('R'+str(insn.rd), noff, 'R'+str(insn.rn), 2)
      if insn.op & 2:	# write back
        st1 = SSAStatement()
        st.chain(ctx, st1)
        st = st1
        st.op = ASGN
        st.expr = Expr(ADD, [creg(insn.rn), imm])
        st.dest = [SSADef(ctx, 'R'+str(insn.rn))]
  elif insn.op == 0x32:	# MSR CPSR_f, rm
      debug(SSA, 5, "MSR CPSR_f, rm")
      st.op = IMPURE
      st.dest = []
      st.expr = Expr(INTRINSIC, ['msr_cpsr_f', creg(insn.rm)])
  elif insn.bytes[0] & 0x0fbf0fff == 0x010f0000:	# MRS
      st.op = ASGN
      st.expr = Expr(INTRINSIC, ['mrs', insn.op & 4])
      st.dest = [SSADef(ctx, 'R'+str(insn.rd))]
  elif insn.bytes[0] & 0x0fbffff0 == 0x0129f000:	# MSR
      st.op = IMPURE
      st.expr = Expr(INTRINSIC, ['msr', insn.op & 4, creg(insn.rm)])
      st.dest = []
  elif insn.op & 0xf0 == 0xb0:	# BL off24
    st.expr = Expr(ARGS, [insn.addr + 8 + insn.off24 * 4] + self.fun_args(ctx, insn.next[1], st, sp))
    st.dest = self.fun_returns(ctx, insn.next[1], st)
    st.op = CALL
  elif insn.op & 0xe0 == 0x80:	# LDM/STM
    # XXX: PSR/force user?
    off = 0
    if insn.op & 0x08 == 0x08:
      inc = 4
      regs = range(0, 16)
    else:
      inc = -4
      regs = range(15, -1, -1)
    st.op = None
    do_return = False
    for i in regs:
      if insn.reglist & (1 << i):
        if insn.op & 0x10 == 0x10:	# pre indexing
          off += inc
        if st.op != None:
          st1 = SSAStatement()
          st.chain(ctx, st1)
          st = st1
        if insn.op & 1:	# LDM
          if i == 15:
            # XXX: only if [rn,off] is r14
            do_return = True
          elif insn.rn == 13:
            do_ld_stack('R'+str(i), off, 4)
          else:
            do_ld_reg('R'+str(i), off, 'R'+str(insn.rn), 4)
        else:
          if insn.rn == 13:
            do_st_stack('R'+str(i), off, 4)
          else:
            do_st_reg('R'+str(i), off, 'R'+str(insn.rn), 4)
        if insn.op & 0x10 != 0x10:	# post indexing
          off += inc
    if insn.op & 2 == 2:	# write back
        if insn.rn == 13:
          sp += off
          if end_bp == 0:
            end_bp = sp
        else:
          if st.op != None:
            st1 = SSAStatement()
            st.chain(ctx, st1)
            st = st1
          st.op = ASGN
          st.expr = Expr(ADD, [creg(insn.rn), off])
          st.dest = [SSADef(ctx, 'R'+str(insn.rn))]
    if do_return:
      if st.op != None:
        st1 = SSAStatement()
        st.chain(ctx, st1)
        st = st1
      st.op = RETURN
      st.expr = None
      st.dest = []
  elif insn.bytes[0] & 0x0ffffff0 == 0x012fff10:	# BX rm
    if insn.rm == 14:
      # XXX: only if R14 is unassigned
      st.dest = []
      st.op = RETURN
      st.expr = None
    else:
      st.dest = []
      st.op = IMPURE
      st.expr = Expr(INTRINSIC, ['bx', creg(insn.rm)])
      st.add_comment('XXX: indirect jump not implemented yet')
  elif insn.bytes[0] & 0xffffff0 == 0x012fff30:	# BLX rm
    st.dest = []
    st.op = IMPURE
    st.expr = Expr(INTRINSIC, ['blx', creg(insn.rm)])
    st.add_comment('XXX: indirect call not implemented yet')
  elif insn.bytes[0] & 0x0f900090 == 0x01000080:	# smul/smla
    op = (insn.op >> 1) & 3
    x = (insn.imm8 >> 5) & 1
    y = (insn.imm8 >> 6) & 1
    if op == 0 or op == 3:
      m1 = creg(insn.rm)
      m2 = creg(insn.rs)
      if x == 0:
        m1 = Expr(AND, [m1, 0xffff])
      else:
        m1 = Expr(SHR, [m1, 16])
      if y == 0: 
        m2 = Expr(AND, [m2, 0xffff])
      else:
        m2 = Expr(SHR, [m2, 16])
      st.op = ASGN
      st.expr = Expr(MUL32, [m1, m2])
      if op == 0:	# smla
        st.expr = Expr(ADD, [st.expr, creg(insn.rn)])
      st.dest = [SSADef(ctx, 'R'+str(insn.rd))]
    else:
      debug(SSA, 2, "unimplemented smul", insn)
      st.op = ASGN
      st.expr = Expr(INTRINSIC, ["smulw", op, x, y, creg(insn.rm), creg(insn.rs)])
      st.dest = [SSADef(ctx, 'R'+str(insn.rd))]
  elif insn.bytes[0] & 0x0e000010 == 0x06000010:	# media insn
      # XXX: untested, implemented inadvertently
      debug(SSA, 2, "unimplemented media instruction", insn)
      st.op = ASGN
      st.expr = Expr(INTRINSIC, ["media_insn", insn.bytes[0], creg(insn.rm)])
      st.dest = [SSADef(ctx, 'R'+str(insn.rd))]
  elif insn.bytes[0] & 0x0f9000f0 == 0x01000050:	# sat add/sub
      debug(SSA, 2, "unimplemented saturated add/sub", insn)
      st.op = ASGN
      st.expr = Expr(INTRINSIC, ["qaddsub", insn.bytes[0], creg(insn.rn), creg(insn.rm)])
      st.dest = [SSADef(ctx, 'R'+str(insn.rd))]
  elif insn.op & 0xc0 == 0x00:	# ALU rd, rn, #imm8 <> rs / rm <> shift
      alu_op = (insn.op >> 1) & 0xf
      debug(SSA, 5, "alu op", alu_op)
      if insn.rd == 13 and alu_op in [2, 4]:
        assert(insn.op & 0x20 == 0x20)	# immediate
        if alu_op == 4:
          # XXX: hack: assume conditional adds to SP only occur in epilogs and ignore them
          # otherwise our stack pointer tracking gets mangled
          if insn.cond == 0xe:
            sp += rot_imm(insn.imm8, insn.rs)
        else:
          sp -= rot_imm(insn.imm8, insn.rs)
        st.op = ASGN
        st.dest = []
        st.expr = Expr(NOP, [sp])
      else:
        st.op = None
        if insn.op & 0x20 == 0:
          imm = get_rm()
        else:
          imm = rot_imm(insn.imm8, insn.rs)

        if alu_op in [2, 3, 6, 7, 0xa]:
          op = SUB
          op_c = COMPARE_GE
          op_z = COMPARE_EQ
          op_n = COMPARE_LT
          op_v = SUBFLAGS_V
        elif alu_op == 0 or alu_op == 8 or alu_op == 0xe:
          op = AND
          op_c = ANDFLAGS_C
          op_z = ANDFLAGS_Z
          op_n = ANDFLAGS_N
          op_v = None
        elif alu_op == 1 or alu_op == 9:
          op = EOR
          op_c = EORFLAGS_C
          op_z = EORFLAGS_Z
          op_n = EORFLAGS_N
          op_v = None
        elif alu_op == 4 or alu_op == 5 or alu_op == 0xb:
          op = ADD
          op_c = ADDFLAGS_C
          op_z = ADDFLAGS_Z
          op_n = ADDFLAGS_N
          op_v = ADDFLAGS_V
        elif alu_op == 0xc:
          op = OR
          op_c = ORFLAGS_C
          op_z = ORFLAGS_Z
          op_n = ORFLAGS_N
          op_v = None
        else:	# MOV, MVN
          op = CONST
          op_c = MOVFLAGS_C
          op_z = MOVFLAGS_Z
          op_n = MOVFLAGS_N
          op_v = None

        reverse = False
        if alu_op == 3 or alu_op == 7:	# RSB, RSC
          reverse = True

        if alu_op == 0xf or alu_op == 0xe:	# BIC, MVN
          imm = Expr(INV, [imm])

        if op == CONST:
          if insn.op & 0x20 == 0:
            st.expr = imm
          else:
            st.expr = Expr(CONST, [imm])
        else:
          if insn.rn == 13 and insn.op & 0x20 == 0x20 and alu_op == 4:
            st.expr = Expr(AUTO, [sp + imm, -1])
            # XXX: may be better to do this on CALL
            if sp + imm < bp:
              bp = sp + imm
          elif insn.rn == 13 and insn.op & 0x20 == 0x20 and alu_op == 2:
            st.expr = Expr(AUTO, [sp - imm, -1])
            if sp - imm < bp:
              bp = sp - imm
          else:
            op1 = creg(insn.rn)
            if reverse:
              op2 = op1
              op1 = imm
            else:
              op2 = imm

            if alu_op == 5:	# ADC
              st.expr = Expr(op, [op1, op2, SSADef.cur(ctx, 'C')])
            elif alu_op == 6 or alu_op == 7:	# SBC, RSC
              st.expr = Expr(ADD, [Expr(op, [op1, op2, 1]), SSADef.cur(ctx, 'C')])
            else:
              st.expr = Expr(op, [op1, op2])

        if alu_op in [0, 1, 2, 3, 4, 5, 6, 7, 0xc, 0xd, 0xe, 0xf] and insn.rd != 15:
          st.op = ASGN
          st.dest = [SSADef(ctx, 'R'+str(insn.rd))]
        if insn.rd == 15:
          st.op = IMPURE
          st.expr = Expr(INTRINSIC, ['set_pc', st.expr])
          st.dest = []

        if alu_op == 0xb and not (insn.op & 1):
          # clz
          # XXX: complete guesswork, too lazy too look it up
          st.op = ASGN
          st.expr = Expr(INTRINSIC, ['clz', creg(insn.rn)])
          st.dest = [SSADef(ctx, 'R'+str(insn.rd))]
        elif insn.op & 1:	# set flags
          alu_expr = st.expr
          if st.op == ASGN:
            st1 = SSAStatement()
            st.chain(ctx, st1)
            st = st1
          st.op = ASGN
          st.expr = Expr(op_c, copy(alu_expr.ops))
          st.dest = [SSADef(ctx, 'C')]
          st1 = SSAStatement()
          st.chain(ctx, st1)
          st = st1
          st.op = ASGN
          st.expr = Expr(op_z, copy(alu_expr.ops))
          st.dest = [SSADef(ctx, 'Z')]
          st1 = SSAStatement()
          st.chain(ctx, st1)
          st = st1
          st.op = ASGN
          st.expr = Expr(op_n, copy(alu_expr.ops))
          st.dest = [SSADef(ctx, 'N')]
          if op_v:
            st1 = SSAStatement()
            st.chain(ctx, st1)
            st = st1
            st.op = ASGN
            st.expr = Expr(op_v, copy(alu_expr.ops))
            st.dest = [SSADef(ctx, 'V')]
          
        
  else:
    raise InternalError('unknown op ' + hex(insn.op))

  # all current indices are reaching, with the exception of anything
  # below the stack pointer
  st.reaching = []
  for i in ctx.local_indices.values():
    if not (i.type == 's' and i.addr < 0): #True: #i.type != 's':# or i.addr > sp:
      st.reaching += [i]

  self.last_ssa_for_insn[insn] = st
  debug(SSA, 6, "st_end in translate", st)
  return (st_start, st, sp, bp, end_bp, next)
Beispiel #16
0
 def do_st_stack(src, off, size):
   nonlocal sp, st
   st.op = ASGN
   st.expr = Expr(VAR, [SSADef.cur(ctx, src)])
   st.dest = [SSADef(ctx, 's', off+sp)]
Beispiel #17
0
 def do_ld_stack(dst, off, size):
   nonlocal sp, st
   st.op = ASGN
   st.expr = Expr(VAR, [SSADef.cur(ctx, 's', off+sp)])
   st.dest = [SSADef(ctx, dst)]