capstone icon indicating copy to clipboard operation
capstone copied to clipboard
verified publisher icon capstone-engine

ARM SVC instruction has call group

Open OBarronCS opened this issue 10 months ago • 3 comments

Questions Answers
Capstone module affected arm
Source of Capstone git clone
Version/git commit https://github.com/capstone-engine/capstone/commit/8ac2843b9bc91e29c0287d27f9c49cff2ad44776 (HEAD, tag: 6.0.0-Alpha3)

On version Version 6.0.0-Alpha3, the Arm SVC instruction has the "call" group associated with it. In Capstone 5 this was not present, and the syscall instructions of other architectures don't include this group.

cstool -d arm 010000ef

 0  01 00 00 ef  svc    #1
        ID: 450 (svc)
        op_count: 1
                operands[0].type: IMM = 0x1
                operands[0].access: READ
        Registers read: r13
        Groups: call IsARM int

Expected results

For the call group to not be included.

Steps to get the results

cstool -d arm 010000ef

OBarronCS avatar Feb 24 '25 09:02 OBarronCS

So this is an interesting case.

The reason it is a Call in v6 is, that LLVM defines it as such (see here). And because we generated all tables from scratch with LLVM 18, it got updated.

I am pretty reluctant to change it back tbh. For the following reasons:

  1. we strive to be comparable to LLVM, so Capstones output should mirror their definitions. Except obvious bugs of course. But this one is not one, because:
  2. SVC stands literally for Supervisor Call and the behavior is essentially this (calling a procedure in a higher privilege level). It is confusing maybe, since the procedures to do the call differ so much from the calls in the same privilege level. But inherently I would argue it is still a call. As in: "calling a procedure".

For reference: Chapter A8.8.229 and B1.9.4 in the ARMv7-A and ARMv7-R Reference Manual - Document id: DDI 0406.

If you would follow this argument please let me know. Then I would close this one as "not planned/invalid". Otherwise I would like to discuss this in the LLVM forum before. Because they would need to change it as well.

Rot127 avatar Feb 28 '25 14:02 Rot127

I follow that interpretation of the instruction as well as the desire to keep this aligned with LLVM.

I want to note that for aarch64, which has the same instruction name svc as arm, LLVM appears to omit the call group in the definition:

cstool -d aarch64 "01 00 00 d4"
 0  01 00 00 d4  svc    #0
        ID: 1193 (svc)
        op_count: 1
                operands[0].type: IMM = 0x0
                operands[0].access: READ
        Groups: int

OBarronCS avatar Mar 04 '25 06:03 OBarronCS

Yes, indeed. I try to get to it after the weekend.

Rot127 avatar Mar 05 '25 09:03 Rot127