|
From: Julian S. <js...@ac...> - 2007-06-06 12:12:37
|
> On Wednesday 06 June 2007 12:49, John Reiser wrote:
> Josef Weidendorfer wrote:
> > the PPC ISA has no explicit call/return instructions,
> > so there have to be heuristics about what e.g. branch in a binary was
> > meant to be a call.
I don't think that's exactly true, but there are ambiguities to do
with returns. See below.
> Please give an example or two.
The usual form of 'call to known destination' is
branch-pc-relative and write NIA to LR ("bl")
where NIA = Next Instruction Address (& this_insn + 4)
It follows (although I do not know this for sure) that 'call to
unknown destination' must be one of these
branch-to-LR and write NIA to LR ("blrl")
branch-to-CTR and write NIA to LR ("bctrl")
The usual form of 'return' is
branch-to-LR ("blr")
Assuming the above is correct, I think the problem is
branch-to-LR could also be any old computed goto (eg, a switch)
How to distinguish this case from a return?
J
|