Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix MOV gp,r0 instruction decode error #7

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix MOV gp,r0 instruction decode error #7

wants to merge 1 commit into from

Conversation

EgorKin
Copy link
Contributor

@EgorKin EgorKin commented Dec 12, 2019

Usually can be found at end of functions

@EgorKin
Fix MOV gp,r0 instruction decode error
42b5938 
Usually can be found at end of functions
@esaulenka
Copy link
Owner

Egor,
according the manual reg2 can not be equal to r0.
Also, opcodes with zero bits 11..15 occuped by SYNxx instructions (look at manual, APPENDIX B INSTRUCTION OPCODE MAP )
May be you see undocumented (or newly introduced) instruction?
What binary you are digging?

@EgorKin
Copy link
Contributor Author

EgorKin commented Dec 12, 2019
edited by esaulenka
Loading

I'm compare Ghidra and Ida Pro 7.2 for Renesas uPD70F3423 processor. It's a V850E/Dx3 - DJ3/DL3 family. Well disassembled in Ida project - dump from my Hyundai instrument cluster.
Based on U14559EJ2V0UM00 (V850E1 32-bit Microprocessor Core Architecture) datasheet you are correct - for "MOV reg1, reg2" available explanation: "Do not specify r0 as the destination register reg2."

But Ida shown "04 00" as "mov gp, r0". It's a some type of "do nothing" code in firmware like "nop" just for alignment next instruction. Most time it present after return call at end of functions.
Ghidra stop analyse at this bytes with error on parsing "r1115" so it should be fixed.

Do you have some binary with 04 00 opcodes or it's just one of used for this clusters compiler peculiarity?

@EgorKin
Copy link
Contributor Author

EgorKin commented Dec 12, 2019
edited
Loading

Oops, I'm a bit mistakes in my last comment.
I'm working with v850E1 core and:
for "MOV reg1, reg2" reg2 can be r0.
for "MOV imm5, reg2" reg2 can`t be 0.
Lately I checked v850E2 datasheet and find same info.

But now I'm checked v850E2M datasheet too and find that you are right about MOV instruction. r1115 can't be = 0 for v850E2M.

@esaulenka
Copy link
Owner

I am tested this module only with Toyota ECU fw. They use 00 00 (it is NOP) as spacer (only few times in whole binary).
I'm checked 850E1 manual and you are right, there is no restriction for r0.
I think, the best option would be conditional compilation in two different modules for these MCUs. I will try to do it later.

PS please, don't use apostrophe located on 'ё' button, use one located on 'э'. Currently you broke markdown parser.

@esaulenka
Copy link
Owner

For "MOV reg1, reg2" reg2 CAN be r0. Only reg1 can't be 0.

E2M user manual, page 117:

image

@EgorKin
Copy link
Contributor Author

EgorKin commented Dec 12, 2019
edited
Loading

You are right. This restriction made for E2M because E1 & E2 have no such restriction.
Thank's anyway. Please close my pull request with "no need to fix" or whatever you want comment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@EgorKin @esaulenka