llvm-objdump ASM Control Flow Arrow Annotation

  • user warning: Got error 28 from storage engine query: SELECT DISTINCT t.* FROM drupal_term_node r INNER JOIN drupal_term_data t ON r.tid = t.tid INNER JOIN drupal_vocabulary v ON t.vid = v.vid LEFT JOIN drupal_forum_access fa ON t.tid = fa.tid LEFT JOIN drupal_acl acl_fa ON acl_fa.name = t.tid AND acl_fa.module = 'forum_access' LEFT JOIN drupal_acl_user aclu_fa ON aclu_fa.acl_id = acl_fa.acl_id AND aclu_fa.uid = 0 WHERE ((fa.grant_view >= 1 AND fa.rid IN (1)) OR fa.tid IS NULL OR aclu_fa.uid = 0) AND ( r.vid = 71454 )ORDER BY v.weight, t.weight, t.name in /var/www/dikutal.dk/modules/taxonomy/taxonomy.module on line 632.
  • user warning: Got error 28 from storage engine query: SELECT DISTINCT node.nid AS nid, node.title AS node_title, node.language AS node_language, node.type AS node_type, node.vid AS node_vid, node_revisions.teaser AS node_revisions_teaser, node_revisions.format AS node_revisions_format, node_data_field_date.field_date_value AS node_data_field_date_field_date_value FROM drupal_node node LEFT JOIN drupal_content_field_date node_data_field_date ON node.vid = node_data_field_date.vid LEFT JOIN drupal_term_node term_node ON node.vid = term_node.vid AND (term_node.tid = 9 OR term_node.tid = 10 OR term_node.tid = 12 OR term_node.tid = 19 OR term_node.tid = 18 OR term_node.tid = 13 OR term_node.tid = 16 OR term_node.tid = 17 OR term_node.tid = 11 OR term_node.tid = 14 OR term_node.tid = 15) LEFT JOIN drupal_node_revisions node_revisions ON node.vid = node_revisions.vid INNER JOIN drupal_node_access na ON na.nid = node.nid WHERE (na.grant_view >= 1 AND ((na.gid = 0 AND na.realm = 'all') OR (na.gid = 1 AND na.realm = 'book_page_access_view') OR (na.gid = 1 AND na.realm = 'forum_access'))) AND ( ((node.status <> 0) AND (node.type in ('event')) AND (term_node.tid IS NULL)) AND (DATE_FORMAT(ADDTIME(node_data_field_date.field_date_value, SEC_TO_TIME(7200)), '%Y-%m-%d') >= '2014-10-22') )ORDER BY node_data_field_date_field_date_value ASC LIMIT 0, 3 in /var/www/dikutal.dk/sites/all/modules/views/includes/view.inc on line 771.
Skrevet af fairchild, 12. juni 2013 - 14:13

Me getting a lot hits from reddit.com/r/programming

Me getting a lot hits from reddit.com/r/programming

Yesterday I wrote about a small script that visualizes control flow in ASM dumps with arrows and when a friend of mine posted it in reddit.com/r/programming I suddenly got a lot more traffic than usual and a bit of useful feedback that helped me improve the robustness and applicability of the script considerably.

This morning I noticed that the I’d also been getting a few referrer hits from this unlikely source http://llvm.org/bugs/show_bug.cgi?id=16297.

Reading that “request for feature” got me thinking that it ought to be dead easy to modify the existing script to also handle disassemblies from llvm-objdump.

An example of the result can be seen below.

80486cb: 55 push EBP
80486cc: 89 e5 mov EBP, ESP
80486ce: 53 push EBX
80486cf: 83 ec 10 sub ESP, 16
80486d2: c7 45 f8 00 00 00 00 mov [EBP - 8], 0
,---80486d9: eb 29 jmp 41
|,->80486db: 8b 45 f8 mov EAX, [EBP - 8]
|| 80486de: 8b 55 08 mov EDX, [EBP + 8]
|| 80486e1: 8d 0c 02 lea ECX, [EDX + EAX]
|| 80486e4: 8b 1d 4c a0 04 08 mov EBX, [134520908]
|| 80486ea: a1 54 a0 04 08 mov EAX, 134520916
|| 80486ef: 89 c2 mov EDX, EAX
|| 80486f1: 01 da add EDX, EBX
|| 80486f3: 0f b6 12 movzx EDX, BYTE PTR [EDX]
|| 80486f6: 88 11 mov BYTE PTR [ECX], DL
|| 80486f8: 83 45 f8 01 add [EBP - 8], 1
|| 80486fc: 83 c0 01 add EAX, 1
|| 80486ff: a3 54 a0 04 08 mov 134520916, EAX
'|->8048704: 8b 15 54 a0 04 08 mov EDX, [134520916]
| 804870a: a1 50 a0 04 08 mov EAX, 134520912
| 804870f: 39 c2 cmp EDX, EAX
,-|--8048711: 7d 14 jge 20
| | 8048713: 8b 15 4c a0 04 08 mov EDX, [134520908]
| | 8048719: a1 54 a0 04 08 mov EAX, 134520916
| | 804871e: 01 d0 add EAX, EDX
| | 8048720: 0f b6 00 movzx EAX, BYTE PTR [EAX]
| | 8048723: 3c 0a cmp AL, 10
| '--8048725: 75 b4 jne -76
'--->8048727: a1 54 a0 04 08 mov EAX, 134520916
804872c: 83 c0 01 add EAX, 1
804872f: a3 54 a0 04 08 mov 134520916, EAX
8048734: 8b 45 f8 mov EAX, [EBP - 8]
8048737: 83 c4 10 add ESP, 16
804873a: 5b pop EBX
804873b: 5d pop EBP
804873c: c3 ret

What made this version of the script a bit trickier to make was that where the classical objdump is kind enough to translate the target address for jump instructions to one of the relative offsets seen in the first column (ie. 80486db), llvm-objdump only does a litteral translation of the instruction name followed by the relative offset in bytes as a signed integer.

And with the x86 architectures notorious variable instruction length, finding the target address isn’t just a matter of counting the offset divided by instruction size as number of lines as it would be in a fixed length instruction set, but rather a matter of counting every byte on the way there. A slight added complication to this calculation is that the offset to start counting from is that of the instruction following the jump instruction.

If I had to work with assembly output like that, I would be begging for something like the sort of annotation this script provides ;)

The llvm version of the script is available for downlad here, and I assume that a diff between that and the vanilla objdump version would make an excellent starting point for anyone wanting to adapt the script to some other disassembly dialect.

Handlinger