NAME=noreturn errno
FILE=malloc://32
CMDS=<<EOF
e asm.arch=arm
e asm.bits=16
e cfg.bigendian=false
s main
af
afi~^size
EOF
EXPECT=<<EOF
size: 32
EOF
RUN

NAME=thumb ldr pc-rel analysis
FILE=malloc://32
CMDS=<<EOF
e asm.bytes=true
e asm.arch=arm
e asm.bits=16
e cfg.bigendian=false
wx dff80000 12000000 34000000
pd 1
EOF
EXPECT=<<EOF
            0x00000000      dff80000       ldr.w r0, [0x00000004]      ; [0x4:4]=18 ; 4
EOF
RUN

NAME=thumb ldr pc-rel emulation
FILE=malloc://32
CMDS=<<EOF
e asm.arch=arm
e asm.bits=16
e cfg.bigendian=false
wx dff80000 12000000 34000000
aes
ar r0
EOF
EXPECT=<<EOF
r0 = 0x00000012
EOF
RUN

NAME=bx ip eof
FILE=malloc://32
CMDS=<<EOF
e asm.arch=arm
e asm.bits=16
e cfg.bigendian=false
wx dff804c0 fc446047 18e0 0200
af
afi~size[1]
EOF
EXPECT=<<EOF
8
EOF
RUN

NAME=thumb ldr pc-rel analysis
FILE=malloc://32
CMDS=<<EOF
e asm.bytes=true
e asm.arch=arm
e asm.bits=16
e cfg.bigendian=false
wx 0149 014a 014b 0000 1111 2222 3333 4444 5555 6666
pd 3
EOF
EXPECT=<<EOF
            0x00000000      0149           ldr   r1, [0x00000008]      ; [0x8:4]=0x22221111 ; 8
            0x00000002      014a           ldr   r2, [0x00000008]      ; [0x8:4]=0x22221111 ; 8
            0x00000004      014b           ldr   r3, [0x0000000c]      ; [0xc:4]=0x44443333 ; 12
EOF
RUN

NAME=thumb ldr+add pc-rel analysis
FILE=malloc://32
CMDS=<<EOF
e asm.bytes=true
e asm.arch=arm
e asm.bits=16
e cfg.bigendian=false
e asm.emu=1
wx 0249 024a 024b 7944 7a44 7b44 1111 2222 3333 4444 5555 6666 7777
pd 6
EOF
EXPECT=<<EOF
            0x00000000      0249           ldr   r1, [0x0000000c]      ; [0xc:4]=0x22221111 ; 12 ; r1=0x22221111
            0x00000002      024a           ldr   r2, [0x0000000c]      ; [0xc:4]=0x22221111 ; 12 ; r2=0x22221111
            0x00000004      024b           ldr   r3, [0x00000010]      ; [0x10:4]=0x44443333 ; 16 ; r3=0x44443333
            0x00000006      7944           add   r1, pc                ; r1=0x2222111b
            0x00000008      7a44           add   r2, pc                ; r2=0x2222111d
            0x0000000a      7b44           add   r3, pc                ; r3=0x44443341
EOF
RUN

NAME=thumb adr pc-rel analysis
FILE=malloc://32
CMDS=<<EOF
e asm.bytes=true
e asm.arch=arm
e asm.bits=16
e cfg.bigendian=false
wx 10b5 01a0 00bf 00bf 52616461726532207465737420737472696e6700
pd 1 @ 0x2
EOF
EXPECT=<<EOF
            0x00000002      01a0           adr   r0, 4                 ; "Radare2 test string"
                                                                       ; 0x8 ; 8
EOF
RUN

NAME=pd bits override for arm
FILE=malloc://32
CMDS=<<EOF
e asm.bytes=true
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
wa "mov r0, r0"
pi 1
pd 1
ahb 32
pd 1
pd 1 @a:arm @b:32
pd 1 @a:arm @b:16
ahb 16
pd 1 @a:arm @b:32
pd 1 @a:arm @b:16
pd 1 @a:arm @b:32 @ 2
pd 1 @a:arm @b:16 @ 2
EOF
EXPECT=<<EOF
mov r0, r0
            0x00000000      0000a0e1       mov   r0, r0
            0x00000000      0000a0e1       mov   r0, r0
            0x00000000      0000a0e1       mov   r0, r0
            0x00000000      0000           movs  r0, r0
            0x00000000      0000a0e1       mov   r0, r0
            0x00000000      0000           movs  r0, r0
            0x00000002                    unaligned
        ,=< 0x00000002      a0e1           b     0x346
EOF
RUN

NAME=thumb adr pc-rel analysis with newline
FILE=malloc://32
CMDS=<<EOF
e asm.bytes=true
e asm.arch=arm
e asm.bits=16
e cfg.bigendian=false
wx 10b5 01a0 00bf 00bf 5261646172653220746573740d0a00
pd 1 @ 0x2
EOF
EXPECT=<<EOF
            0x00000002      01a0           adr   r0, 4                 ; "Radare2 test\r\n"
                                                                       ; 0x8 ; 8
EOF
RUN

NAME=arm 16 BE 4 bytes instruction
FILE==
ARGS=-a arm -b 16
CMDS=<<EOF
e cfg.bigendian=true
wa "blx 0x33b8"
p8 4
pi 1
e cfg.bigendian=false
wa "blx 0x33b8"
p8 4
pi 1
EOF
EXPECT=<<EOF
f003e9da
blx 0x33b8
03f0dae9
blx 0x33b8
EOF
RUN

NAME=arm-or-thumb visual bug
FILE=bins/mach0/arm-or-thumb
CMDS=<<EOF
e scr.interactive=1
e scr.null=1
V prdfq
e scr.null=0
afi~^size[1]
EOF
EXPECT=<<EOF
32
EOF
RUN

NAME=arm-or-thumb visual bug
FILE=bins/mach0/arm-or-thumb
CMDS=<<EOF
af
afi~^size[1]
EOF
EXPECT=<<EOF
32
EOF
RUN

NAME=ARM32 bb 0 size -- af
FILE=malloc://32
CMDS=<<EOF
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
wx ff0000e2010050e30000001affffffea70009de594008de5e4139fe500f09ee5
af
#pdf
afb
EOF
EXPECT=<<EOF
0x00000000 0x0000000c 00:0000 12 j 0x00000010 f 0x0000000c
0x0000000c 0x00000010 00:0000 4 j 0x00000010
0x00000010 0x00000020 00:0000 16
EOF
RUN

NAME=ldr code analysis
FILE=malloc://32
CMDS=<<EOF
wx 20c09fe5 0cc09ae7
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
# pd 2 - note different colors
pi 2
ao~type[1]
ao @ 4~type[1]
EOF
EXPECT=<<EOF
ldr ip, [0x00000028]
ldr ip, [sl, ip]
load
type:
type:
load
type:
type:
EOF
RUN

NAME=endian
FILE=malloc://32
CMDS=<<EOF
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
wx e59a9ae7
e cfg.bigendian=false
pi 1@ 0
e cfg.bigendian=true
pi 1@ 0
EOF
EXPECT=<<EOF
ldr sb, [sl, r5, ror 21]
ldr sb, [sl, 0xae7]
EOF
RUN

NAME=ldr thumb
FILE=malloc://32
CMDS=<<EOF
e asm.arch=arm
e asm.bits=16
e cfg.bigendian=false
wx 2249224a
ao~^ptr
ao@ 2~^ptr
EOF
EXPECT=<<EOF
ptr: 0x0000008c
ptr: 0x0000008c
EOF
RUN

NAME=arm32 bxeq lr
FILE=malloc://512
CMDS=<<EOF
e asm.bytes=true
e asm.calls=false
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
wx 021081e0 1eff2f01 0020a0e3 1eff2fe1
af
pd 4
EOF
EXPECT=<<EOF
/ fcn.00000000(int32_t arg2);
|           ; arg int32_t arg2 @ r1
|           0x00000000      021081e0       add   r1, r1, r2            ; arg2
|           0x00000004      1eff2f01       bxeq  lr
|           0x00000008      0020a0e3       mov   r2, 0
\           0x0000000c      1eff2fe1       bx    lr
EOF
RUN

NAME=arm32 blx switches bits
FILE=malloc://512
CMDS=<<EOF
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
wx fffffffa 04210924
af
pi 2 @ 4
EOF
EXPECT=<<EOF
movs r1, 4
movs r4, 9
EOF
RUN

NAME=arm32 bx switches bits on odd location
FILE=malloc://512
CMDS=<<EOF
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
e analysis.armthumb=true
wx 0910 a0e3 11ff 2fe1 0421 0924
aae
pi 2 @ 8
EOF
EXPECT=<<EOF
movs r1, 4
movs r4, 9
EOF
RUN

NAME=ELF ARM: thumb/arm switch
FILE=bins/elf/analysis/libstagefright_soft_g711dec.so
CMDS=<<EOF
af
e asm.bytes=true
afi~size
afi~size
EOF
EXPECT=<<EOF
size: 28
size: 28
EOF
RUN

NAME=arm: ldr code analysis
FILE=malloc://32
CMDS=<<EOF
wx 20c09fe5
wx 0cc09ae7 @ 4
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
# pd 2 - note different colors
pi 2
ao~type[1]
ao@ 4~type[1]
EOF
EXPECT=<<EOF
ldr ip, [0x00000028]
ldr ip, [sl, ip]
load
type:
type:
load
type:
type:
EOF
RUN

NAME=arm: endian
FILE=malloc://32
CMDS=<<EOF
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
wx e59a9ae7
e cfg.bigendian=false
pi 1@ 0
e cfg.bigendian=true
pi 1@ 0
EOF
EXPECT=<<EOF
ldr sb, [sl, r5, ror 21]
ldr sb, [sl, 0xae7]
EOF
RUN

NAME=arm: no afterjmp or nopskip
FILE=malloc://32
CMDS=<<EOF
e asm.arch=arm
e asm.bits=64
wx 1f2003d5d0d8065800021fd61f2003d5
e analysis.nopskip=false
e analysis.jmp.after=false
af
afl~[2]
EOF
EXPECT=<<EOF
12
EOF
RUN

NAME=arm: afterjmp
FILE=malloc://32
CMDS=<<EOF
e asm.arch=arm
e asm.bits=64
wx 1f2003d5d0d8065800021fd61f2003d5
e analysis.nopskip=false
e analysis.jmp.after=true
af
afl~[2]
EOF
EXPECT=<<EOF
12
EOF
RUN

NAME=arm: afterjmp nopskip
FILE=malloc://32
CMDS=<<EOF
e asm.arch=arm
e asm.bits=64
e cfg.bigendian=false
wx 1f2003d5d0d8065800021fd61f2003d5
e analysis.nopskip=true
e analysis.jmp.after=false
af
afl~[2]
EOF
EXPECT=<<EOF
8
EOF
RUN

NAME=ARM64 bl capstone
FILE=malloc://32
CMDS=<<EOF
e asm.arch=arm
e asm.bits=64
e cfg.bigendian=false
s 4
wx 07000094
pi 1
ao~jump
EOF
EXPECT=<<EOF
bl 0x20
jump: 0x00000020
EOF
RUN

NAME=arm subrel >256
FILE=malloc://800
CMDS=<<EOF
wx 0d039fe5
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
e asm.comments=false
e asm.bytes=false
e asm.offset=false
f sym.callback @ 0x315
pd 1
EOF
EXPECT=<<EOF
                 ldr   r0, [sym.callback]
EOF
RUN

NAME=arm subrel <256
FILE==
CMDS=<<EOF
wx 0c009fe5
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
e asm.comments=false
e asm.bytes=false
e asm.offset=false
f sym.callback @ 0x14
pd 1
e asm.sub.varmin=0
pd 1
EOF
EXPECT=<<EOF
                 ldr   r0, [0x00000014]
                 ldr   r0, [sym.callback]
EOF
RUN

NAME=arm subrel
FILE=bins/elf/arm1.bin
CMDS=<<EOF
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
e asm.comments=false
e asm.bytes=false
e asm.offset=false
pd 1 @ 0x00008168
pd 1 @ 0x00008204
pd 1 @ 0x0000816c
pd 1 @ 0x000081b0
EOF
EXPECT=<<EOF
                 ldr   r0, main
                 ldr   r1, obj.object.6286
                 ldr   r3, sym.__libc_csu_init
                 ldr   r4, obj.completed.6278
EOF
RUN

NAME=arm subrel
FILE=bins/elf/analysis/arm-ls
BROKEN=1
CMDS=<<EOF
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
e asm.comments=false
e asm.bytes=false
e asm.offset=false
pd 1 @ 0x00014368
EOF
EXPECT=<<EOF
                 ldr r0, main
                 ldr r1, obj.object.6286
                 ldr r3, sym.__libc_csu_init
                 ldr r4, obj.completed.6278
EOF
RUN

NAME=jump sign extend : arm.cs
FILE=malloc://4
CMDS=<<EOF
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
e io.va=true
wx ffffffea # bl 0x80000000
om 3 0x7ffffffc
ao @ 0x7ffffffc~jump
EOF
EXPECT=<<EOF
jump: 0x80000000
EOF
RUN

NAME=ELF ARM: function names
FILE=bins/elf/analysis/arm_32_flags0
CMDS=<<EOF
s sym.call_weak_fn
af
afi~name
EOF
EXPECT=<<EOF
name: sym.call_weak_fn
EOF
RUN

NAME=ELF ARM: function names 2
FILE=bins/elf/analysis/arm_32_flags0
CMDS=<<EOF
aa
afl~abort
EOF
EXPECT=<<EOF
0x000102bc    1 12           sym.imp.abort
EOF
RUN

NAME=ELF ARM: function names 3
FILE=bins/elf/analysis/arm_32_flags0
CMDS=<<EOF
aa
afl~weak
EOF
EXPECT=<<EOF
0x00010304    1 28           sym.call_weak_fn
EOF
RUN

NAME=ELF ARM: function names 4
FILE=bins/elf/analysis/arm_32_flags0
CMDS=<<EOF
af @@f:sym*
afl~weak
EOF
EXPECT=<<EOF
0x00010304    1 28           sym.call_weak_fn
EOF
RUN

NAME=ELF ARM: aa
FILE=bins/elf/analysis/arm_32_flags0
CMDS=<<EOF
aa
fl~sym?
afl~?
EOF
EXPECT=<<EOF
41
15
EOF
RUN

NAME=ELF ARM: aa2
FILE=bins/elf/analysis/arm_32_flags0
CMDS=<<EOF
aa
afl
EOF
EXPECT=<<EOF
0x00010278    1 12           sym._init
0x00010298    1 12           sym.imp.printf
0x000102a4    1 12           sym.imp.__libc_start_main
0x000102bc    1 12           sym.imp.abort
0x000102c8    1 44           entry0
0x00010304    1 28           sym.call_weak_fn
0x00010328    1 36           sym.deregister_tm_clones
0x00010358    1 44           sym.register_tm_clones
0x00010390    1 36           sym.__do_global_dtors_aux
0x000103b8    4 44           entry.init0
0x000103ec    1 28           sym.func
0x00010408    1 40           main
0x00010434    3 88           sym.__libc_csu_init
0x00010494    1 4            sym.__libc_csu_fini
0x00010498    1 8            sym._fini
EOF
RUN

NAME=ELF ARM: function arg
FILE=bins/elf/analysis/armcall
CMDS=<<EOF
e asm.calls=false
e asm.bytes=true
afr@ main
afva@ sym.call
pdf@ sym.call
EOF
EXPECT=<<EOF
            ; CALL XREF from main @ 0x10468
/ sym.call(int32_t arg1);
|           ; arg int32_t arg1 @ r0
|           ; var int32_t var_ch @ stack - 0xc
|           0x00010420      00482de9       push  {fp, lr}
|           0x00010424      04b08de2       add   fp, sp, 4
|           0x00010428      08d04de2       sub   sp, sp, 8
|           0x0001042c      08000be5       str   r0, [var_ch]          ; 0x8 ; 8 ; arg1
|           0x00010430      14009fe5       ldr   r0, [0x0001044c]      ; [0x1044c:4]=0x104f0
|           0x00010434      08101be5       ldr   r1, [var_ch]          ; 0x8 ; 8
|           0x00010438      a2ffffeb       bl    sym.imp.printf
|           0x0001043c      0030a0e3       mov   r3, 0
|           0x00010440      0300a0e1       mov   r0, r3
|           0x00010444      04d04be2       sub   sp, fp, 4
\           0x00010448      0088bde8       pop   {fp, pc}
EOF
RUN

NAME=ELF ARM: function args
FILE=bins/elf/analysis/armcall
CMDS=<<EOF
e asm.calls=false
e asm.bytes=true
af@ main
afva@ main
pdf@ main
EOF
EXPECT=<<EOF
/ int main(int argc, char **argv, char **envp);
|           ; arg int argc @ r0
|           ; arg char **argv @ r1
|           ; var int32_t var_10h @ stack - 0x10
|           ; var int32_t var_ch @ stack - 0xc
|           0x00010450      00482de9       push  {fp, lr}
|           0x00010454      04b08de2       add   fp, sp, 4
|           0x00010458      08d04de2       sub   sp, sp, 8
|           0x0001045c      08000be5       str   r0, [var_ch]          ; 0x8 ; 8 ; argc
|           0x00010460      0c100be5       str   r1, [var_10h]         ; 0xc ; 12 ; argv
|           0x00010464      08001be5       ldr   r0, [var_ch]          ; 0x8 ; 8
|           0x00010468      ecffffeb       bl    sym.call
|           0x0001046c      0030a0e1       mov   r3, r0
|           0x00010470      0300a0e1       mov   r0, r3
|           0x00010474      04d04be2       sub   sp, fp, 4
\           0x00010478      0088bde8       pop   {fp, pc}
EOF
RUN

NAME=ELF ARM: aav
FILE=bins/elf/analysis/armcall
CMDS=<<EOF
e asm.calls=false
aav
pd 3 @ 0x00010328
EOF
EXPECT=<<EOF
            0x00010328      .dword 0x000104e0 ; sym.__libc_csu_fini
            0x0001032c      .dword 0x00010450 ; main ; sym.main
            ; UNKNOWN XREF from section..plt @ +0x10
            ;-- aav.0x00010330:
            0x00010330      .dword 0x0001047c ; sym.__libc_csu_init
EOF
RUN

NAME=ELF ARM: af and aav
FILE=bins/elf/arm1.bin
CMDS=<<EOF
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
e asm.comments=false
e asm.bytes=false
e asm.offset=false
e asm.flags=false
af @ sym.call_gmon_start
af @ entry0
aav
pd 1 @ 0x000081e0
pd 1 @ 0x0000817c
pd 1 @ 0x00008180
pd 1 @ 0x00008184
EOF
EXPECT=<<EOF
                 andeq r4, r8, r8, asr r7
                 .dword 0x00008b00 ; sym.__libc_csu_fini
                 .dword 0x00008290 ; main ; sym.main
                 .dword 0x00008b48 ; sym.__libc_csu_init
EOF
RUN

NAME=ELF ARM: aav string
FILE=bins/elf/arm1.bin
BROKEN=1
CMDS=<<EOF
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
e asm.comments=false
e asm.bytes=false
e asm.offset=false
e asm.flags=false
af @ sym.deregister_tm_clones
aav
pd 1 @ 0x0001037c
EOF
EXPECT=<<EOF
            .dword 0x0002061f ; str.:__Raspbian_4.9.2_10__4.9.2
EOF
RUN

NAME=ELF ARM: vars
FILE=bins/elf/analysis/arm-ls
CMDS=<<EOF
e asm.calls=false
s main
af
pd 1~var?
EOF
EXPECT=<<EOF
17
EOF
RUN

NAME=sp vars arm16
FILE=malloc://1024
CMDS=<<EOF
e asm.arch=arm
e asm.bits=16
e cfg.bigendian=false
wx f0b503af2de9000d95b0002001210222032340f2040940f2050c40f2060e0724082509261490139112921193cdf80090cdf804c0cdf808e0039404950596ddf85080cdf81880ddf84ca0cdf81ca0ddf848b0cdf820b0ddf84480cdf82480cdf82890cdf82cc0cdf830e00d940e950f96fff740ff00211090084615b0bde8000df0bd
aa
afvl~var
EOF
EXPECT=<<EOF
var int32_t var_74h @ stack - 0x74
var int32_t var_70h @ stack - 0x70
var int32_t var_6ch @ stack - 0x6c
var int32_t var_68h @ stack - 0x68
var int32_t var_64h @ stack - 0x64
var int32_t var_60h @ stack - 0x60
var int32_t var_5ch @ stack - 0x5c
var int32_t var_58h @ stack - 0x58
var int32_t var_54h @ stack - 0x54
var int32_t var_50h @ stack - 0x50
var int32_t var_4ch @ stack - 0x4c
var int32_t var_48h @ stack - 0x48
var int32_t var_44h @ stack - 0x44
var int32_t var_40h @ stack - 0x40
var int32_t var_3ch @ stack - 0x3c
var int32_t var_38h @ stack - 0x38
var int32_t var_34h @ stack - 0x34
var int32_t var_30h @ stack - 0x30
var int32_t var_2ch @ stack - 0x2c
var int32_t var_28h @ stack - 0x28
var int32_t var_24h @ stack - 0x24
var int32_t var_8h @ stack - 0x8
EOF
RUN

NAME=arm thumb basic block detection with ITTE
BROKEN=1
FILE=bins/elf/analysis/bug-it-bb
CMDS=aaa ; s 0x00010074 ; afb
EXPECT=<<EOF
0x00010074 0x0001007a 00:0000 6 j 0x0001007a f 0x0001007e 0x0001007a 0x0001007e 00:0000 4 j 0x00010080 0x0001007e 0x00010080 00:0000 2 j 0x00010080 0x00010080 0x00010082 00:0000 2
EOF
RUN

NAME=arm jump table
FILE=bins/elf/analysis/callback.elf
CMDS=<<EOF
af @ sym.input_handler2
CC. @ 0x000105b8~?\(7
EOF
EXPECT=<<EOF
1
EOF
RUN

NAME=arm jump table
FILE=bins/elf/analysis/mobile_bank.45115ff5f655d94fc26cb5244928b3fc
CMDS=<<EOF
af @ 0x11284
CC. @ 0x000112b0~?\(8
EOF
EXPECT=<<EOF
1
EOF
RUN

NAME=arm main analyzed with aaa
FILE=bins/elf/analysis/ch23.bin
CMDS=<<EOF
aaa
afl~?0x00008470
EOF
EXPECT=<<EOF
1
EOF
RUN

NAME=arm main in disassembly
FILE=bins/elf/analysis/ch23.bin
BROKEN=1
CMDS=<<EOF
aaa
pd 1 @ 0x000083d8~[5]
EOF
EXPECT=<<EOF
main
EOF
RUN

NAME=tbh jump table
FILE=malloc://2048
CMDS=<<EOF
e asm.arch=arm
e asm.bits=16
e cfg.bigendian=false
e cfg.wseek=true
wx 01380793d3b24ff00109024600bf00bf00bf00bf59b2a1f120005a28139200f28d81404d02eb8004082601270122dfe810f09700850185015c0085015b008501850185018501a2
wx 0097008501ac007b008501af005d005d005d005d005d005d005d005d005d008501850185018501850185018501c300850185018501c3008501c30085018501850185019c008501
wx 85018501850185018501850185018501850185010d0185018501850185018501850185018501c30085011c01e700c300c300c300b200e700b50085019c00850129016801390185
wx 0185014c019f006201850185010e0185019f00b1e6d7e6139ca1f13000224612f9013fa3f1300109293ff686afa21c00eb800012f9013b01eb4000a3f130010a29f5d3dbb2013a
wx c0f1000878e700bf07df0100139a104610f9011fcbb22a2b35d0303900274ff00109079709293ff662af901c002303eb830310f9012b01eb4303a2f130010a29f5d34fe758b20a
wx 9001200b9096e60cf1010c93e64ff0010c90e609981ef0010f50f8048b099018bfc8f1000886e60122129f85e60120089080e6acf1010c7de64ff0020c7ae6139000e013920998
wx 4ff0010950f8041b079109906fe6bcf1010f18bfbcf1000f40f0bb800998ddf830a008300990e7e0ddf830a0139d109c0e98012805d195f90000119900f02dfc05e014f0ff0f04
wx bf28780af8010b0d9801300d9018e60cf10200042800f29980dfe810f00500050005000500a901099a52f8040bc1170a9f0029d14d4ff030090b9eb8bf01260b96b8bf2d2710eb
wx e1700a9780eae17441ebe17080eae1770a26b3e0c84d129810f0010f52d058b2302141ea00200a90022010260b9001204ae00999bcf1000f01f10400dcbf09688df86b10099001
wx 9f0121dfe00cf10200042857d8dfe810f078028102050005008a02099951f8040b099185e20998002250f8044b0990002c00f0c48004920220ac4d10220b900820079047f63000
wx 0a9030e0099819f0010f50f8047b099000f0ac80079a30230021002a00f0b080785c002800f0ac8001319142f8d3a7e09d4d0a2602e00020102612900cf10200042817d8dfe800
wx f0030308084d00099a52f8044be71748e00998324650f8044b09900020049020463023059014ae029f104662e00696139d2c4614f8010d2528fbd1ddf830a0ac4229d80d980025
wx 009901eb00080f98b0f1ff3f06d018eb050002bf0af801bb012010900e98012806d1139e119996f9000000f061fb07e01098139e10f0ff0f04bf30780af8010b01356019b042de
wx d90d9828440d90139d109c
s 0
af
pds 1@ 0x2e~:1
EOF
EXPECT=<<EOF
0x0000002e switch table (92 cases) at 0x32
EOF
RUN

NAME=test platform profiles for arm BCM 2835
FILE=bins/arm/elf/hello_world
CMDS=<<EOF
e asm.cpu=arm1176
e asm.platform=bcm2835
aa
fl~AUX
CCl~Broadcom
EOF
EXPECT=<<EOF
0x07e21500 1 AUX_ENABLES
0x7e215000 1 AUX_IRQ
0x7e215040 1 AUX_MU_IO_REG
0x7e215044 1 AUX_MU_IER_REG
0x7e215048 1 AUX_MU_IIR_REG
0x7e21504c 1 AUX_MU_LCR_REG
0x7e215050 1 AUX_MU_MCR_REG
0x7e215054 1 AUX_MU_LSR_REG
0x7e215058 1 AUX_MU_MSR_REG
0x7e21505c 1 AUX_MU_SCRATCH
0x7e215060 1 AUX_MU_CNTL_REG
0x7e215064 1 AUX_MU_STAT_REG
0x7e215068 1 AUX_MU_BAUD_REG
0x7e215080 1 AUX_SPI0_CNTL0_REG
0x7e215084 1 AUX_SPI0_CNTL1_REG
0x7e215088 1 AUX_SPI0_STAT_REG
0x7e215090 1 AUX_SPI0_IO_REG
0x7e215094 1 AUX_SPI0_PEEK_REG
0x7e2150c0 1 AUX_SPI1_CNTL0_REG
0x7e2150c4 1 AUX_SPI1_CNTL1_REG
0x7e2150c8 1 AUX_SPI1_STAT_REG
0x7e2150d0 1 AUX_SPI1_IO_REG
0x7e2150d4 1 AUX_SPI1_PEEK_REG
0x7e205000 CCu "Broadcom Serial Controller 0 (BSC)"
0x7e804000 CCu "Broadcom Serial Controller 1 (BSC)"
0x7e805000 CCu "Broadcom Serial Controller 2 (BSC)"
EOF
RUN

NAME=ao 16 after ao 32
FILE=bins/arm/elf/hello_world
CMDS=<<EOF
e asm.bits=16
ao@ 0x568
echo --
ao@ 0x50e
EOF
EXPECT=<<EOF
address: 0x568
opcode: push {r3, lr}
disasm: push {r3, lr}
pseudo: push (r3, lr)
mnemonic: push
mask: ffffffff
prefix: 0
id: 440
bytes: 08402de9
refptr: 0
size: 4
sign: false
type: push
cycles: 1
esil: r3,sp,-8,+,=[4],lr,sp,-4,+,=[4],-8,sp,+=,
rzil: (seq (storew 0 (- (var sp) (bv 32 0x8)) (var r3)) (storew 0 (- (var sp) (bv 32 0x4)) (var lr)) (set sp (- (var sp) (bv 32 0x8))))
opex:
  operands:
    - type: "reg"
      value: "sp"
    - type: "reg"
      value: "r3"
    - type: "reg"
      value: "lr"
  writeback: true
direction: write
family: cpu
stackop: inc
stackptr: 8
--
address: 0x50e
opcode: add r7, sp, 0
disasm: add r7, sp, 0
pseudo: r7 = sp + 0
mnemonic: add
description: add two values
mask: ffff
prefix: 0
id: 33
bytes: 00af
refptr: 0
size: 2
sign: false
type: add
cycles: 1
esil: 0,sp,+,0xffffffff,&,r7,=
rzil: (set r7 (+ (var sp) (bv 32 0x0)))
opex:
  operands:
    - type: "reg"
      value: "r7"
    - type: "reg"
      value: "sp"
    - type: "imm"
      value: 0
family: cpu
EOF
RUN

NAME=arm aae with bit switch
FILE=bins/arm/elf/hello_world
CMDS=<<EOF
aei
e asm.bytes=true
e asm.bits=32
aae 20 @ main
pd 9 @ main
EOF
EXPECT=<<EOF
            ;-- main:
            0x0000050c      80b5           push  {r7, lr}
            0x0000050e      00af           add   r7, sp, 0
            0x00000510      034b           ldr   r3, [0x00000520]      ; [0x520:4]=94 ; 1312
            0x00000512      7b44           add   r3, pc                ; 0x574 ; "Hello world!"
            0x00000514      1846           mov   r0, r3
            0x00000516      fff75aef       blx   sym.imp.puts
            0x0000051a      0023           movs  r3, 0
            0x0000051c      1846           mov   r0, r3
            0x0000051e      80bd           pop   {r7, pc}
EOF
RUN

NAME=arm show registers in table
FILE==
CMDS=<<EOF
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
ar=
EOF
EXPECT=<<EOF
     sb 0x00000000           sl 0x00000000           fp 0x00000000           ip 0x00000000
     sp 0x00000000           lr 0x00000000           pc 0x00000000           r0 0x00000000
     r1 0x00000000           r2 0x00000000           r3 0x00000000           r4 0x00000000
     r5 0x00000000           r6 0x00000000           r7 0x00000000           r8 0x00000000
     r9 0x00000000          r10 0x00000000          r11 0x00000000          r12 0x00000000
    r13 0x00000000          r14 0x00000000          r15 0x00000000         cpsr 0x00000000
  fpscr 0x00000000      
EOF
RUN

NAME=arm jmptbl flags and comments
FILE=bins/elf/arm1.bin
CMDS=<<EOF
af@ sym.__gcc_personality_v0
fl~switch.,case.
CCl~switch
EOF
EXPECT=<<EOF
0x00064c7c 1 switch.0x00064c7c
0x00064c80 1 case.default.0x64c7c
0x00064c84 1 case.0x64c7c.0
0x00064c88 1 case.0x64c7c.1
0x00064c8c 1 case.0x64c7c.2
0x00064c90 1 case.0x64c7c.3
0x00064c94 1 case.0x64c7c.4
0x00064c98 1 case.0x64c7c.5
0x00064c9c 1 case.0x64c7c.6
0x00064ca0 1 case.0x64c7c.7
0x00064ca4 1 case.0x64c7c.8
0x00064ca8 1 case.0x64c7c.9
0x00064cac 1 case.0x64c7c.10
0x00064cb0 1 case.0x64c7c.11
0x00064cb4 1 case.0x64c7c.12
0x00064df0 1 switch.0x00064df0
0x00064df4 1 case.default.0x64df0
0x00064df8 1 case.0x64df0.0
0x00064dfc 1 case.0x64df0.1
0x00064e00 1 case.0x64df0.2
0x00064e04 1 case.0x64df0.3
0x00064e08 1 case.0x64df0.4
0x00064e0c 1 case.0x64df0.5
0x00064e10 1 case.0x64df0.6
0x00064e14 1 case.0x64df0.7
0x00064e18 1 case.0x64df0.8
0x00064e1c 1 case.0x64df0.9
0x00064e20 1 case.0x64df0.10
0x00064e24 1 case.0x64df0.11
0x00064e28 1 case.0x64df0.12
0x00064f94 1 switch.0x00064f94
0x00064f98 1 case.default.0x64f94
0x00064f9c 1 case.0x64f94.0
0x00064fa0 1 case.0x64f94.1
0x00064fa4 1 case.0x64f94.2
0x00064fa8 1 case.0x64f94.3
0x00064fac 1 case.0x64f94.4
0x00064fb0 1 case.0x64f94.5
0x00064fb4 1 case.0x64f94.6
0x00064fb8 1 case.0x64f94.7
0x00064fbc 1 case.0x64f94.8
0x00064fc0 1 case.0x64f94.9
0x00064fc4 1 case.0x64f94.10
0x00064fc8 1 case.0x64f94.11
0x00064fcc 1 case.0x64f94.12
0x0006506c 1 switch.0x0006506c
0x00065070 1 case.default.0x6506c
0x00065074 1 case.0x6506c.0
0x00065078 1 case.0x6506c.1
0x0006507c 1 case.0x6506c.2
0x00065080 1 case.0x6506c.3
0x00065084 1 case.0x6506c.4
0x00065088 1 case.0x6506c.5
0x0006508c 1 case.0x6506c.6
0x00065090 1 case.0x6506c.7
0x00065094 1 case.0x6506c.8
0x00065098 1 case.0x6506c.9
0x0006509c 1 case.0x6506c.10
0x000650a0 1 case.0x6506c.11
0x000650a4 1 case.0x6506c.12
0x00064c7c CCu "switch table (13 cases) at 0x64c84"
0x00064df0 CCu "switch table (13 cases) at 0x64df8"
0x00064f94 CCu "switch table (13 cases) at 0x64f9c"
0x0006506c CCu "switch table (13 cases) at 0x65074"
EOF
RUN

NAME=misaligned arm string xref
FILE=bins/mach0/misaligned_data-iOS-armv7
CMDS=<<EOF
aaa
axt @ str.helloradareworld
pd 1 @ 0xbf9c
EOF
EXPECT=<<EOF
entry0 0xbf9c [DATA] add r0, pc
|           0x0000bf9c      add   r0, pc                               ; 0xbfed ; "helloradareworld\n" ; const char *format
EOF
RUN

NAME=thumb bx lr
FILE==
CMDS=<<EOF
wx 000090e50fe0a0e113ff2fe1000090e51eff2fe1
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
af
afi~size
EOF
EXPECT=<<EOF
size: 20
EOF
RUN

NAME=aaef xrefs without pcache
FILE=bins/arm/elf/hello_world
CMDS=<<EOF
aaa
axt @ str.Hello_world
EOF
EXPECT=<<EOF
main 0x512 [DATA] add r3, pc
EOF
RUN

NAME=arm pcalign
FILE=
CMDS=<<EOF
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
e asm.pcalign
e asm.bits=16
e asm.pcalign
EOF
EXPECT=<<EOF
4
2
EOF
RUN

NAME=arm thumb it tracking
FILE=malloc://0x1000
CMDS=<<EOF
e asm.arch=arm
e asm.bits=16
e cfg.bigendian=false
s 0x100
wx 54bf53f8182c52181846
pi 4
ao @ 0x102~mnemonic
ao @ 0x106~mnemonic
ao @ 0x108~mnemonic
echo -- Update after code change
wx 1846
pi 4
ao @ 0x102~mnemonic
ao @ 0x106~mnemonic
ao @ 0x108~mnemonic
EOF
EXPECT=<<EOF
ite pl
ldrpl r2, [r3, -0x18]
addmi r2, r2, r1
mov r0, r3
mnemonic: ldrpl
mnemonic: addmi
mnemonic: mov
-- Update after code change
mov r0, r3
ldr r2, [r3, -0x18]
adds r2, r2, r1
mov r0, r3
mnemonic: ldr
mnemonic: adds
mnemonic: mov
EOF
RUN

NAME=arm32 function is NOT cut off when setting lr with add before bx
FILE==
CMDS=<<EOF
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
wx 10402de90040a0e100e08fe214ff2fe11080bde8
af
pdf
EOF
EXPECT=<<EOF
/ fcn.00000000(int32_t arg1);
|           ; arg int32_t arg1 @ r0
|           0x00000000      push  {r4, lr}
|           0x00000004      mov   r4, r0                               ; arg1
|           0x00000008      add   lr, pc, 0
|           0x0000000c      bx    r4
\           0x00000010      pop   {r4, pc}
EOF
RUN

NAME=aav thumb detection
FILE=bins/firmware/armthumb.bin
ARGS=-aarm -b32
CMDS=<<EOF
e cfg.bigendian=false
aav
fl
EOF
EXPECT=<<EOF
0x0000000d 4 aav.0x0000000d
EOF
RUN

NAME=no string on cbz
FILE=malloc://8096
CMDS=<<EOF
e asm.bytes=true
e asm.arch=arm
e asm.bits=64
e cfg.bigendian=false
e emu.str=true
wv 0x52800015
wv 0x340000b5 @ 4
w hello @ 0x18
pd 2
EOF
EXPECT=<<EOF
            0x00000000      15008052       mov   w21, 0
        ,=< 0x00000004      b5000034       cbz   w21, 0x18             ; likely
EOF
RUN

NAME=Function definition
FILE=bins/elf/arm1.bin
CMDS=<<EOF
afr @ main
s 0x000082cc
pd 1~?*xmalloc
EOF
EXPECT=<<EOF
1
EOF
RUN

NAME=raw aac (using a PIC bin)
FILE=bins/elf/libmagic.so
CMDS=<<EOF
aac
afl~?
EOF
EXPECT=<<EOF
199
EOF
RUN

NAME=raw aac with maps (using a PIC bin)
FILE=bins/elf/libmagic.so
ARGS=-n -m 0x80000 -a arm -b 16 -E little
CMDS=<<EOF
aac
e search.in=io.maps
afl~?
EOF
EXPECT=<<EOF
115
EOF
RUN

NAME=add/adc pc, pc issue #3965
FILE==
ARGS=-a arm -b 32 -E little
CMDS=<<EOF
wx ffff8f024fffaf02
pd 2
aa
ags
EOF
EXPECT=<<EOF
            0x00000000      addeq pc, pc, 0x3fc                        ; [0x8:4]=0
            0x00000004      adceq pc, pc, 0x13c                        ; [0xc:4]=0
        .-----------.
        |  0x0      |
        `-----------'
              t f
              | |
    .---------' |
    |           '---.
    |               |
.----------.    .-----------.
|  0x404   |    |  0x4      |
`----------'    `-----------'
                        f t
                        | |
                        | |
              .---------' |
              |           |
          .----------.    |
          |  0x8     |    |
          `----------'    |
              v           |
              |           |
              '------.    |
                     | .--'
                     | |
               .-----------.
               |  0x148    |
               `-----------'
EOF
RUN

NAME=Check MOV gets identified as JUMP if it moves to PC
FILE==
ARGS=-a arm -b 16
CMDS=<<EOF
e cfg.bigendian=false
s 0x100
wx bff36f8f2548874680bd000072b680bd
s 0x19c
wx 0x0c010000
s 0x100
aaa
pd 10 @ 0x100
px 4 @ 0x19c
EOF
EXPECT=<<EOF
            ;-- pc:
            ;-- r15:
/ fcn.00000100();
|           0x00000100      isb   sy
|           0x00000104      ldr   r0, aav.0x0000010c                   ; [0x10c:4]=0xbd80b672 ; "r\xb6\x80\xbd"
\           0x00000106      mov   pc, r0
            0x00000108      pop   {r7, pc}
            0x0000010a      movs  r0, r0
            ; CODE XREFS from fcn.00000100 @ 0x104, 0x106
            ; UNKNOWN XREF from aav.0x0000010c @ +0x90
/ aav.0x0000010c();
|           0x0000010c      cpsid i
\           0x0000010e      pop   {r7, pc}
            0x00000110      movs  r0, r0
            0x00000112      movs  r0, r0
            0x00000114      movs  r0, r0
- offset -   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0123456789ABCDEF
0x0000019c  0c01 0000                                ....
EOF
RUN

NAME=opex arm32 & aarch64
FILE==
CMDS=<<EOF
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
e cfg.bigendian=false
wx 864860f44d0fe2f4edffffeb04e02de500000000e08322e5f102030e0000a0e30230c1e7000053e3000201f10540d0e8f4800000
ao 13
echo ---
e asm.bits=64
wx 090038d5bf4000d50c0513d52050020e20e43d0f0018a05fa200ae9e9f3703d5bf3303d5df3f03d5217c029b217c00530040214be10b40b9200481da2008028b105be83cfd7bbaa9fdc743f8
ao 19
EOF
EXPECT=<<EOF
address: 0x0
opcode: vld2.32 {d20, d21}, [r0], r6
disasm: vld2.32 {d20, d21}, [r0], r6
pseudo: asm("vld2.32 {d20, d21}, [r0], r6")
mnemonic: vld2.32
mask: ffffffff
prefix: 0
id: 16
bytes: 864860f4
refptr: 0
size: 4
sign: false
type: null
cycles: 1
rzil: (seq empty (set d20 (<< (cast 64 false (loadw 0 32 (var r0))) (bv 8 0x0) false)) (set d21 (<< (cast 64 false (loadw 0 32 (+ (var r0) (bv 32 0x4)))) (bv 8 0x0) false)) (set d20 (<< (cast 64 false (loadw 0 32 (+ (+ (var r0) (bv 32 0x4)) (bv 32 0x4)))) (bv 8 0x20) false)) (set d21 (<< (cast 64 false (loadw 0 32 (+ (+ (+ (var r0) (bv 32 0x4)) (bv 32 0x4)) (bv 32 0x4)))) (bv 8 0x20) false)) (set r0 (+ (var r0) (var r6))))
opex:
  operands:
    - type: "reg"
      value: "d20"
    - type: "reg"
      value: "d21"
    - type: "mem"
      base: "r0"
      index: "r6"
      scale: 0
      disp: 0
  writeback: true
  vector_size: 32
family: mmx
address: 0x4
opcode: vld4.16 {d16[], d17[], d18[], d19[]}, [r2]!
disasm: vld4.16 {d16[], d17[], d18[], d19[]}, [r2]!
pseudo: asm("vld4.16 {d16[], d17[], d18[], d19[]}, [r2]!")
mnemonic: vld4.16
mask: ffffffff
prefix: 0
id: 18
bytes: 4d0fe2f4
refptr: 0
size: 4
sign: false
type: null
cycles: 1
rzil: (seq empty (set d16 (<< (cast 64 false (loadw 0 16 (var r2))) (bv 8 0x0) false)) (set d17 (<< (cast 64 false (loadw 0 16 (+ (var r2) (bv 32 0x2)))) (bv 8 0x0) false)) (set d18 (<< (cast 64 false (loadw 0 16 (+ (+ (var r2) (bv 32 0x2)) (bv 32 0x2)))) (bv 8 0x0) false)) (set d19 (<< (cast 64 false (loadw 0 16 (+ (+ (+ (var r2) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)))) (bv 8 0x0) false)) (set d16 (<< (cast 64 false (loadw 0 16 (+ (+ (+ (+ (var r2) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)))) (bv 8 0x10) false)) (set d17 (<< (cast 64 false (loadw 0 16 (+ (+ (+ (+ (+ (var r2) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)))) (bv 8 0x10) false)) (set d18 (<< (cast 64 false (loadw 0 16 (+ (+ (+ (+ (+ (+ (var r2) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)))) (bv 8 0x10) false)) (set d19 (<< (cast 64 false (loadw 0 16 (+ (+ (+ (+ (+ (+ (+ (var r2) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)))) (bv 8 0x10) false)) (set d16 (<< (cast 64 false (loadw 0 16 (+ (+ (+ (+ (+ (+ (+ (+ (var r2) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)))) (bv 8 0x20) false)) (set d17 (<< (cast 64 false (loadw 0 16 (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r2) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)))) (bv 8 0x20) false)) (set d18 (<< (cast 64 false (loadw 0 16 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r2) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)))) (bv 8 0x20) false)) (set d19 (<< (cast 64 false (loadw 0 16 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r2) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)))) (bv 8 0x20) false)) (set d16 (<< (cast 64 false (loadw 0 16 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r2) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)))) (bv 8 0x30) false)) (set d17 (<< (cast 64 false (loadw 0 16 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r2) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)))) (bv 8 0x30) false)) (set d18 (<< (cast 64 false (loadw 0 16 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r2) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)))) (bv 8 0x30) false)) (set d19 (<< (cast 64 false (loadw 0 16 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r2) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)))) (bv 8 0x30) false)) (set r2 (+ (var r2) (bv 32 0x20))))
opex:
  operands:
    - type: "reg"
      value: "d16"
    - type: "reg"
      value: "d17"
    - type: "reg"
      value: "d18"
    - type: "reg"
      value: "d19"
    - type: "mem"
      base: "r2"
      scale: 0
      disp: 0
  writeback: true
  vector_size: 16
family: mmx
address: 0x8
opcode: bl 0xffffffc4
disasm: bl 0xffffffc4
pseudo: 0xffffffc4 ()
mnemonic: bl
description: branches and link, similar to call in i386, set lr(r14) = pc, changes pc (r15) )
mask: 0000f0ff
prefix: 0
id: 48
bytes: edffffeb
refptr: 0
size: 4
sign: false
type: call
cycles: 4
esil: pc,0,+,lr,=,4294967236,pc,=
rzil: (seq (set lr (bv 32 0xc)) (jmp (bv 32 0xffffffc4)))
opex:
  operands:
    - type: "imm"
      value: 4294967236
jump: 0xffffffc4
direction: exec
fail: 0x0000000c
family: cpu
address: 0xc
opcode: str lr, [sp, -4]!
disasm: str lr, [sp, -4]!
pseudo: [sp - 4]! = lr
mnemonic: str
description: store register into memory
mask: ffffffff
prefix: 0
id: 31
bytes: 04e02de5
refptr: 0
size: 4
sign: false
type: store
cycles: 4
esil: lr,0x4,sp,-,0xffffffff,&,=[4],4,sp,-,sp,=
rzil: (seq (set sp (- (var sp) (bv 32 0x4))) (storew 0 (var sp) (var lr)))
opex:
  operands:
    - type: "reg"
      value: "lr"
    - type: "mem"
      base: "sp"
      scale: 0
      disp: 4
      subtracted: true
  writeback: true
direction: write
family: cpu
address: 0x10
opcode: andeq r0, r0, r0
disasm: andeq r0, r0, r0
pseudo: asm("andeq r0, r0, r0")
mnemonic: andeq
description: logical AND if Z set (equal)
mask: ffffffff
prefix: 0
id: 39
bytes: 00000000
refptr: 0
size: 4
sign: false
type: and
cycles: 1
esil: zf,?{,r0,r0,&,0xffffffff,&,r0,=,}
rzil: (branch (var zf) (set r0 (& (var r0) (var r0))) nop)
opex:
  operands:
    - type: "reg"
      value: "r0"
    - type: "reg"
      value: "r0"
    - type: "reg"
      value: "r0"
  cc: "eq"
family: cpu
address: 0x14
opcode: str r8, [r2, -0x3e0]!
disasm: str r8, [r2, -0x3e0]!
pseudo: [r2 - 0x3e0]! = r8
mnemonic: str
description: store register into memory
mask: ffffffff
prefix: 0
id: 31
bytes: e08322e5
refptr: 0
size: 4
sign: false
type: store
cycles: 4
esil: r8,0x3e0,r2,-,0xffffffff,&,=[4],992,r2,-,r2,=
rzil: (seq (set r2 (- (var r2) (bv 32 0x3e0))) (storew 0 (var r2) (var r8)))
opex:
  operands:
    - type: "reg"
      value: "r8"
    - type: "mem"
      base: "r2"
      scale: 0
      disp: 992
      subtracted: true
  writeback: true
direction: write
family: cpu
address: 0x18
opcode: mcreq p2, 0, r0, c3, c1, 7
disasm: mcreq p2, 0, r0, c3, c1, 7
pseudo: asm("mcreq p2, 0, r0, c3, c1, 7")
mnemonic: mcreq
mask: ffffffff
prefix: 0
id: 119
bytes: f102030e
refptr: 0
size: 4
sign: false
type: null
cycles: 1
esil: zf,?{,,}
opex:
  operands:
    - type: "pimm"
      value: 2
    - type: "imm"
      value: 0
    - type: "reg"
      value: "r0"
    - type: "cimm"
      value: 3
    - type: "cimm"
      value: 1
    - type: "imm"
      value: 7
  cc: "eq"
family: priv
address: 0x1c
opcode: mov r0, 0
disasm: mov r0, 0
pseudo: r0 = 0
mnemonic: mov
description: move value between registers
mask: ffffffff
prefix: 0
id: 28
bytes: 0000a0e3
val: 0x00000000
refptr: 0
size: 4
sign: false
type: mov
cycles: 1
esil: 0,r0,=
rzil: (set r0 (bv 32 0x0))
opex:
  operands:
    - type: "reg"
      value: "r0"
    - type: "imm"
      value: 0
family: cpu
address: 0x20
opcode: strb r3, [r1, r2]
disasm: strb r3, [r1, r2]
pseudo: [r1 + r2] = (byte) r3
mnemonic: strb
description: store byte value in register into memory
mask: ffffffff
prefix: 0
id: 29
bytes: 0230c1e7
refptr: 0
size: 4
sign: false
type: store
cycles: 4
esil: r3,r2,r1,+,0xffffffff,&,=[1]
rzil: (store 0 (+ (var r1) (var r2)) (cast 8 false (var r3)))
opex:
  operands:
    - type: "reg"
      value: "r3"
    - type: "mem"
      base: "r1"
      index: "r2"
      scale: 1
      disp: 0
direction: write
family: cpu
address: 0x24
opcode: cmp r3, 0
disasm: cmp r3, 0
pseudo: if (r3 == 0)
mnemonic: cmp
description: compares two registers
mask: 0000f0ff
prefix: 0
id: 76
bytes: 000053e3
ptr: 0x00000000
refptr: 0
size: 4
sign: false
type: cmp
cycles: 1
reg: r3
esil: 0,r3,==,$z,zf,:=,31,$s,nf,:=,32,$b,!,cf,:=,31,$o,vf,:=
rzil: (seq (set a (var r3)) (set b (bv 32 0x0)) (set res (- (var a) (var b))) (set cf (ule (var b) (var a))) (set vf (&& (^^ (msb (var a)) (msb (var b))) (^^ (msb (var a)) (msb (var res))))) (set zf (is_zero (var res))) (set nf (msb (var res))))
opex:
  operands:
    - type: "reg"
      value: "r3"
    - type: "imm"
      value: 0
  update_flags: true
family: cpu
address: 0x28
opcode: setend be
disasm: setend be
pseudo: asm("setend be")
mnemonic: setend
mask: ffffffff
prefix: 0
id: 364
bytes: 000201f1
refptr: 0
size: 4
sign: false
type: null
cycles: 1
opex:
  operands:
    - type: "setend"
      value: "be"
family: cpu
address: 0x2c
opcode: ldm r0, {r0, r2, lr} ^
disasm: ldm r0, {r0, r2, lr} ^
pseudo: asm("ldm r0, {r0, r2, lr} ^")
mnemonic: ldm
description: load to multiple registers from memory
mask: ffffffff
prefix: 0
id: 112
bytes: 0540d0e8
refptr: 0
size: 4
sign: false
type: load
cycles: 2
esil: r0,0,+,[4],r0,=,r0,4,+,[4],r2,=,r0,8,+,[4],lr,=,
rzil: (seq (set base (var r0)) (set r0 (loadw 0 32 (+ (var base) (bv 32 0x0)))) (set r2 (loadw 0 32 (+ (var base) (bv 32 0x4)))) (set lr (loadw 0 32 (+ (var base) (bv 32 0x8)))))
opex:
  operands:
    - type: "reg"
      value: "r0"
    - type: "reg"
      value: "r0"
    - type: "reg"
      value: "r2"
    - type: "reg"
      value: "lr"
direction: read
family: cpu
address: 0x30
opcode: strdeq r8, sb, [r0], -r4
disasm: strdeq r8, sb, [r0], -r4
pseudo: asm("strdeq r8, sb, [r0], -r4")
mnemonic: strdeq
mask: ffffffff
prefix: 0
id: 443
bytes: f4800000
refptr: 0
size: 4
sign: false
type: store
cycles: 4
esil: zf,?{,r8,r0,0xffffffff,&,=[4],sb,4,r0,+,0xffffffff,&,=[4],r4,r0,-=,}
rzil: (branch (var zf) (seq (storew 0 (var r0) (var r8)) (storew 0 (+ (var r0) (bv 32 0x4)) (var r9)) (set r0 (+ (var r0) (var r4)))) nop)
opex:
  operands:
    - type: "reg"
      value: "r8"
    - type: "reg"
      value: "sb"
    - type: "mem"
      base: "r0"
      index: "r4"
      scale: -1
      disp: 0
      subtracted: true
  writeback: true
  cc: "eq"
direction: write
family: cpu
---
address: 0x0
opcode: mrs x9, MIDR_EL1
disasm: mrs x9, MIDR_EL1
pseudo: asm("mrs x9, MIDR_EL1")
mnemonic: mrs
mask: ffffffff
prefix: 0
id: 752
bytes: 090038d5
refptr: 0
size: 4
sign: false
type: mov
cycles: 0
opex:
  operands:
    - type: "reg"
      value: "x9"
    - type: "sysreg"
      sysreg: 0xc000
      tlbi: 0xc000
      ic: 0xc000
family: priv
address: 0x4
opcode: msr SPSel, 0
disasm: msr SPSel, 0
pseudo: asm("msr SPSel, 0")
mnemonic: msr
mask: ffffffff
prefix: 0
id: 754
bytes: bf4000d5
refptr: 0
size: 4
sign: false
type: mov
cycles: 0
opex:
  operands:
    - type: "pstate"
      value: "spsel"
    - type: "imm"
      value: 0
family: priv
address: 0x8
opcode: msr DBGDTRTX_EL0, x12
disasm: msr DBGDTRTX_EL0, x12
pseudo: asm("msr DBGDTRTX_EL0, x12")
mnemonic: msr
mask: ffffffff
prefix: 0
id: 754
bytes: 0c0513d5
refptr: 0
size: 4
sign: false
type: mov
cycles: 0
opex:
  operands:
    - type: "sysreg"
      sysreg: 0x9828
      tlbi: 0x9828
      ic: 0x9828
    - type: "reg"
      value: "x12"
family: priv
address: 0xc
opcode: tbx v0.8b, { v1.16b, v2.16b, v3.16b }, v2.8b
disasm: tbx v0.8b, { v1.16b, v2.16b, v3.16b }, v2.8b
pseudo: asm("tbx v0.8b, { v1.16b, v2.16b, v3.16b }, v2.8b")
mnemonic: tbx
mask: ffffffff
prefix: 0
id: 1249
bytes: 2050020e
refptr: 0
size: 4
sign: false
type: null
cycles: 0
opex:
  operands:
    - type: "reg"
      value: "d0"
      vas: "8b"
    - type: "reg"
      value: "q1"
      vas: "16b"
    - type: "reg"
      value: "q2"
      vas: "16b"
    - type: "reg"
      value: "q3"
      vas: "16b"
    - type: "reg"
      value: "d2"
      vas: "8b"
  writeback: true
family: mmx
address: 0x10
opcode: scvtf v0.2s, v1.2s, 3
disasm: scvtf v0.2s, v1.2s, 3
pseudo: asm("scvtf v0.2s, v1.2s, 3")
mnemonic: scvtf
mask: ffffffff
prefix: 0
id: 941
bytes: 20e43d0f
refptr: 0
size: 4
sign: false
type: null
cycles: 0
opex:
  operands:
    - type: "reg"
      value: "d0"
      vas: "2s"
    - type: "reg"
      value: "d1"
      vas: "2s"
    - type: "imm"
      value: 3
family: mmx
address: 0x14
opcode: fmla s0, s0, v0.s[3]
disasm: fmla s0, s0, v0.s[3]
pseudo: asm("fmla s0, s0, v0.s[3]")
mnemonic: fmla
mask: ffffffff
prefix: 0
id: 417
bytes: 0018a05f
refptr: 0
size: 4
sign: false
type: null
cycles: 0
opex:
  operands:
    - type: "reg"
      value: "s0"
    - type: "reg"
      value: "s0"
    - type: "reg"
      value: "q0"
      vector_index: 3
      vas: ""
  writeback: true
family: mmx
address: 0x18
opcode: fmov x2, v5.d[1]
disasm: fmov x2, v5.d[1]
pseudo: x2 = v5.d[1]
mnemonic: fmov
mask: ffffffff
prefix: 0
id: 426
bytes: a200ae9e
refptr: 0
size: 4
sign: false
type: mov
cycles: 0
opex:
  operands:
    - type: "reg"
      value: "x2"
    - type: "reg"
      value: "q5"
      vector_index: 1
      vas: ""
family: fpu
address: 0x1c
opcode: dsb nsh
disasm: dsb nsh
pseudo: asm("dsb nsh")
mnemonic: dsb
description: data synchronization barrier.
mask: ffffffff
prefix: 0
id: 301
bytes: 9f3703d5
refptr: 0
size: 4
sign: false
type: sync
cycles: 0
opex:
  operands:
    - type: "prefetch"
      value: 7
family: thread
address: 0x20
opcode: dmb osh
disasm: dmb osh
pseudo: asm("dmb osh")
mnemonic: dmb
mask: ffffffff
prefix: 0
id: 299
bytes: bf3303d5
refptr: 0
size: 4
sign: false
type: sync
cycles: 0
opex:
  operands:
    - type: "prefetch"
      value: 3
family: thread
address: 0x24
opcode: isb
disasm: isb
pseudo: asm("isb")
mnemonic: isb
description: instruction synchronization barrier.
mask: ffffffff
prefix: 0
id: 509
bytes: df3f03d5
refptr: 0
size: 4
sign: false
type: sync
cycles: 0
opex:
  operands:
    - type: "sys"
      value: 15
family: thread
address: 0x28
opcode: mul x1, x1, x2
disasm: mul x1, x1, x2
pseudo: x1 = x1 * x2
mnemonic: mul
description: multiply
mask: ffffffff
prefix: 0
id: 731
bytes: 217c029b
refptr: 0
size: 4
sign: false
type: add
cycles: 0
esil: x2,x1,*,xzr,+,x1,=
rzil: (set x1 (* (var x1) (var x2)))
opex:
  operands:
    - type: "reg"
      value: "x1"
    - type: "reg"
      value: "x1"
    - type: "reg"
      value: "x2"
    - type: "reg"
      value: "xzr"
family: cpu
address: 0x2c
opcode: lsr w1, w1, 0
disasm: lsr w1, w1, 0
pseudo: w1 = w1 >> 0
mnemonic: lsr
description: logical shift right
mask: ffffffff
prefix: 0
id: 1281
bytes: 217c0053
refptr: 0
size: 4
sign: false
type: mov
cycles: 0
esil: 0,w1,>>,w1,=
rzil: (set x1 (cast 64 false (>> (cast 32 false (var x1)) (bv 6 0x0) false)))
opex:
  operands:
    - type: "reg"
      value: "w1"
    - type: "reg"
      value: "w1"
    - type: "imm"
      value: 0
    - type: "imm"
      value: 31
family: cpu
address: 0x30
opcode: sub w0, w0, w1, uxtw
disasm: sub w0, w0, w1, uxtw
pseudo: w0 = w0 - w1
mnemonic: sub
description: substract two values
mask: ffffffff
prefix: 0
id: 1211
bytes: 0040214b
refptr: 0
size: 4
sign: false
type: sub
cycles: 1
esil: w1,w0,-,w0,=
rzil: (set x0 (cast 64 false (- (cast 32 false (var x0)) (cast 32 false (var x1)))))
opex:
  operands:
    - type: "reg"
      value: "w0"
    - type: "reg"
      value: "w0"
    - type: "reg"
      value: "w1"
      shift:
        type: "lsl"
        value: 0
      ext: "uxtw"
family: cpu
address: 0x34
opcode: ldr w1, [sp, 8]
disasm: ldr w1, [sp, 8]
pseudo: w1 = [sp + 8]
mnemonic: ldr
description: load from memory to register
mask: ffffffff
prefix: 0
id: 634
bytes: e10b40b9
ptr: 0x00000008
refptr: 4
size: 4
sign: false
type: load
cycles: 0
esil: 8,sp,+,DUP,tmp,=,[4],w1,=
rzil: (set x1 (cast 64 false (loadw 0 32 (+ (var sp) (bv 64 0x8)))))
opex:
  operands:
    - type: "reg"
      value: "w1"
    - type: "mem"
      base: "sp"
      disp: 8
direction: read
family: cpu
address: 0x38
opcode: cneg x0, x1, ne
disasm: cneg x0, x1, ne
pseudo: asm("cneg x0, x1, ne")
mnemonic: cneg
mask: ffffffff
prefix: 0
id: 287
bytes: 200481da
refptr: 0
size: 4
sign: false
type: null
cycles: 0
esil: zf,?{,,}
rzil: (set x0 (ite (! (var zf)) (~- (var x1)) (var x1)))
opex:
  operands:
    - type: "reg"
      value: "x0"
    - type: "reg"
      value: "x1"
    - type: "reg"
      value: "x1"
  cc: "eq"
family: cpu
address: 0x3c
opcode: add x0, x1, x2, lsl 2
disasm: add x0, x1, x2, lsl 2
pseudo: x0 = x1 + x2
mnemonic: add
description: add two values
mask: ffffffff
prefix: 0
id: 22
bytes: 2008028b
refptr: 0
size: 4
sign: false
type: add
cycles: 1
esil: 2,x2,<<,x1,+,x0,=
rzil: (set x0 (+ (var x1) (<< (var x2) (bv 6 0x2) false)))
opex:
  operands:
    - type: "reg"
      value: "x0"
    - type: "reg"
      value: "x1"
    - type: "reg"
      value: "x2"
      shift:
        type: "lsl"
        value: 2
family: cpu
address: 0x40
opcode: ldr q16, [x24, w8, uxtw 4]
disasm: ldr q16, [x24, w8, uxtw 4]
pseudo: q16 = [x24 + w8 + uxtw
mnemonic: ldr
description: load from memory to register
mask: ffffffff
prefix: 0
id: 634
bytes: 105be83c
ptr: 0x00000000
refptr: 4
size: 4
sign: false
type: load
cycles: 0
esil: 4,w8,<<,x24,+,[16],q16,=
opex:
  operands:
    - type: "reg"
      value: "q16"
    - type: "mem"
      base: "x24"
      index: "w8"
      disp: 0
      shift:
        type: "lsl"
        value: 4
      ext: "uxtw"
direction: read
family: fpu
address: 0x44
opcode: stp fp, lr, [sp, -0x60]!
disasm: stp fp, lr, [sp, -0x60]!
pseudo: [sp - 0x60]! = (fp, lr)
mnemonic: stp
mask: ffffffff
prefix: 0
id: 1180
bytes: fd7bbaa9
refptr: 0
size: 4
sign: false
type: store
cycles: 0
esil: 96,sp,-=,fp,sp,=[8],lr,sp,8,+,=[8]
rzil: (seq (storew 0 (- (var sp) (bv 64 0x60)) (var x29)) (storew 0 (+ (- (var sp) (bv 64 0x60)) (bv 64 0x8)) (var x30)) (set sp (- (var sp) (bv 64 0x60))))
opex:
  operands:
    - type: "reg"
      value: "fp"
    - type: "reg"
      value: "lr"
    - type: "mem"
      base: "sp"
      disp: -96
  writeback: true
direction: write
family: cpu
stackop: inc
stackptr: 96
address: 0x48
opcode: ldr fp, [sp], 0x3c
disasm: ldr fp, [sp], 0x3c
pseudo: fp = [sp]
mnemonic: ldr
description: load from memory to register
mask: ffffffff
prefix: 0
id: 634
bytes: fdc743f8
ptr: 0x0000003c
refptr: 4
size: 4
sign: false
type: load
cycles: 0
esil: 60,sp,+,DUP,tmp,=,[8],fp,=,tmp,60,+,sp,=
rzil: (seq (set x29 (loadw 0 64 (var sp))) (set sp (+ (var sp) (bv 64 0x3c))))
opex:
  operands:
    - type: "reg"
      value: "fp"
    - type: "mem"
      base: "sp"
      disp: 60
  writeback: true
direction: read
family: cpu
stackop: inc
stackptr: -60
EOF
RUN

NAME=arm thumb-1: parse gcc __gnu_thumb1_case_uqi jump table
FILE=bins/elf/libmagic.so
CMDS=<<EOF
aa
pdf @ sym._Unwind_VRS_Get
EOF
EXPECT=<<EOF
            ; CALL XREF from fcn.000080de @ 0x80ea
            ; CALL XREFS from sym.__gnu_unwind_execute @ 0x812a, 0x815c, 0x81d6, 0x8240
/ sym._Unwind_VRS_Get(int16_t arg1, int16_t arg2);
|           ; arg int16_t arg1 @ r0
|           ; arg int16_t arg2 @ r1
|           0x000078ea      push  {r4, lr}
|           0x000078ec      adds  r4, r0, 0                            ; arg1
|           0x000078ee      cmp   r1, 4                                ; arg2
|       ,=< 0x000078f0      bhi   case.0x78f4.2
|       |   0x000078f2      adds  r0, r1, 0                            ; arg2
|       |   ;-- switch
|       |   0x000078f4      bl    sym.__gnu_thumb1_case_uqi            ; switch table (5 cases) at 0x78f8
..
|       |   ; CODE XREF from sym._Unwind_VRS_Get @ 0x78f4
|       |   ;-- case 1:                                                ; from 0x78f4
|       |   ;-- case 3...4:                                            ; from 0x78f4
|       |   0x000078fe      movs  r0, 1
|      ,==< 0x00007900      b     0x791c
|      ||   ; CODE XREF from sym._Unwind_VRS_Get @ 0x78f4
|      ||   ;-- case 0:                                                ; from 0x78f4
|      ||   0x00007902      movs  r0, 2
|      ||   0x00007904      cmp   r3, 0
|     ,===< 0x00007906      bne   0x791c
|     |||   0x00007908      cmp   r2, 0xf
|    ,====< 0x0000790a      bhi   0x791c
|    ||||   0x0000790c      lsls  r2, r0
|    ||||   0x0000790e      adds  r4, r4, r2
|    ||||   0x00007910      ldr   r2, [sp, 8]
|    ||||   0x00007912      ldr   r1, [r4, 4]
|    ||||   0x00007914      str   r1, [r2]
|    ||||   0x00007916      adds  r0, r3, 0
|   ,=====< 0x00007918      b     0x791c
|   |||||   ; CODE XREF from sym._Unwind_VRS_Get @ 0x78f4
|   |||||   ;-- case 2:                                                ; from 0x78f4
|   ||||`-> 0x0000791a      movs  r0, 2
|   ||||    ; CODE XREFS from sym._Unwind_VRS_Get @ 0x7900, 0x7918
\   ````--> 0x0000791c      pop   {r4, pc}
EOF
RUN

NAME=ARM Thumb literal pool after function marked as data
FILE=bins/arm/elf/K64F-RIOT-SPI.elf
CMDS=<<EOF
aaa
s 0x4e0
pd 1
s 0xd50
pd 1
s 0x11d0
pd 3
EOF
EXPECT=<<EOF
            ; DATA XREF from dbg.sched_run @ 0x490
            ;-- data.000004e0:
            0x000004e0      .dword 0x1fff0274 ; runqueue_bitcache ; section..bss ; sym..bss ; obj.runqueue_bitcache ; loc._sbss ; loc._szero ; loc._erelocate ; sched.c:135
            ; DATA XREF from dbg.bit_clear8 @ 0xd34
            ;-- data.00000d50:
            0x00000d50      .dword 0x01ffffe0
            ; DATA XREF from sym.poweroff @ 0x1192
            ;-- data.000011d0:
            0x000011d0      .dword 0x00002744 ; spi_config ; obj.spi_config
            ; DATA XREF from sym.poweroff @ 0x11a0
            ;-- data.000011d4:
            0x000011d4      .dword 0x4002d000
            ; DATA XREFS from sym.poweroff @ 0x11b6, 0x11c6
            ;-- data.000011d8:
            0x000011d8      .dword 0x40047000
EOF
RUN
