This is the mail archive of the
mailing list for the binutils project.
Re: RFC: Prevent disassembly beyond symbolic boundaries
- From: Tristan Gingold <gingold at adacore dot com>
- To: Nicholas Clifton <nickc at redhat dot com>
- Cc: binutils at sourceware dot org, gdb-patches at sourceware dot org
- Date: Fri, 19 Jun 2015 18:33:46 +0200
- Subject: Re: RFC: Prevent disassembly beyond symbolic boundaries
- Authentication-results: sourceware.org; auth=none
- References: <87lhfhynoz dot fsf at redhat dot com> <3D81F97D-90EA-4769-8381-514BB6E81E3F at adacore dot com> <5583FFEE dot 6060106 at redhat dot com>
> On 19 Jun 2015, at 13:41, Nicholas Clifton <email@example.com> wrote:
> Hi Tristan,
>>> This will disassemble as:
>>> 0000000000000000 <foo>:
>>> 0: 24 2f and $0x2f,%al
>>> 2: 83 0f ba orl $0xffffffba,(%rdi)
>>> 0000000000000003 <bar>:
>>> 3: 0f ba e2 03 bt $0x3,%edx
>>> Note how the instruction decoded at address 0x2 has stolen two bytes
>>> from "foo", but these bytes are also decoded (correctly this time) as
>>> part of the first instruction of foo.
>> I am curious. Why do you think it was a problem ?
> Strangely enough, this actually causes regressions with the perf tool's testsuite:
> What happens is that perf test 21 runs objdump on a binary, *parses* this output and compares that to the actual bytes in the binary. Because of the overrun feature shown above you actually get more bytes displayed in objdump's output than actually exist in the binary and so the perf test fails.
I can argue that this is an issue in the perf tool. After all, the objdump output is clear that pc goes backward.
>> Even if there is a symbol in the middle of an instruction, Iâd like
>> to understand what the processor will execute.
> Except that even the current the displayed disassembly is not what the processor would execute. In the example above the processor would execute the ORL instruction starting at address 0x2. but it would not continue on to execute the BT instruction at address 0x3. Instead it would start decoding from address 0x5, whatever instruction that might beâ
Thatâs a very good point!
>> Before the proposed
>> change, it was possible, but after it isnât easy anymore.
> True - but this only matters if the processor would execute from that piece of memory. What if the byte(s) are actually data ? (eg a constant pool). Then it would make more sense to display the bytes as just byte values.
OTOH, if this is a constant pool it is possible that objdump is already of out track for a while.
> The point being that if there is a symbol that is in the middle of an instruction then something hinky is going on. Either the symbol is misplaced or the instruction is not really an instruction or else an assembly programmer is being extra super clever and hiding data inside instructions.
Yes. My scenario was setting a label on a known part of an instruction like the offset in a call instruction you want to patch later.
But I agree that before and after your proposed change, objdump output is not very readable.
> How about a tweak to the patch then ? What if the -D option (disassemble all) disables this feature, and so the disassembled instruction is displayed as before, whilst the -d option (disassemble code) leaves it enabled. Then if you want to see bytes as instructions you can use the -D option (possibly combined with -j), but if you want to see a more likely, only real instructions disassembled version, then use the -d option. (Obviously the patch would need to be extended with an update to the documentation too).
Itâs up to you. I donât insist at all on modifying your change, I was just curious about the motivation.
And the scenario I had in mind is not really affected by your proposal.