DOCSLIB.ORG

MSP430 Embedded Application Binary Interface

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
MSP430 Embedded Application Binary Interface MSP430 Embedded Application Binary Interface Application Report Literature Number: SLAA534A June 2013–Revised June 2020 Contents 1 Introduction......................................................................................................................... 7 1.1 ABIs for the MSP430 .................................................................................................... 7 1.2 Scope ...................................................................................................................... 8 1.3 ABI Variants............................................................................................................... 9 1.4 Toolchains and Interoperability......................................................................................... 9 1.5 Libraries ................................................................................................................... 9 1.6 Types of Object Files................................................................................................... 10 1.7 Segments ................................................................................................................ 10 1.8 MSP430 Architecture Overview....................................................................................... 10 1.9 MSP430 Memory Models.............................................................................................. 10 1.10 Reference Documents ................................................................................................. 11 1.11 Code Fragment Notation............................................................................................... 11 2 Data Representation ........................................................................................................... 12 2.1 Basic Types ............................................................................................................. 12 2.2 Data in Registers ....................................................................................................... 13 2.3 Data in Memory ......................................................................................................... 13 2.4 Pointer Types ........................................................................................................... 13 2.5 Complex Types ......................................................................................................... 14 2.6 Structures and Unions ................................................................................................. 14 2.7 Arrays .................................................................................................................... 14 2.8 Bit Fields ................................................................................................................. 15 2.8.1 Volatile Bit Fields............................................................................................ 15 2.9 Enumeration Types..................................................................................................... 16 3 Calling Conventions ........................................................................................................... 17 3.1 Call and Return ......................................................................................................... 17 3.1.1 Call Instructions ............................................................................................. 17 3.1.2 Return Instruction ........................................................................................... 17 3.1.3 Pipeline Conventions ....................................................................................... 17 3.1.4 Weak Functions ............................................................................................. 17 3.2 Register Conventions .................................................................................................. 18 3.2.1 Argument Registers......................................................................................... 19 3.2.2 Callee-Saved Registers .................................................................................... 19 3.3 Argument Passing ...................................................................................................... 19 3.3.1 Register Singles............................................................................................. 19 3.3.2 Register Pairs ............................................................................................... 20 3.3.3 Split Pairs .................................................................................................... 21 3.3.4 Quads (Four-Register Arguments)........................................................................ 21 3.3.5 Special Convention for Compiler Helper Functions .................................................... 23 3.3.6 C++ Argument Passing .................................................................................... 23 3.3.7 Passing Structs and Unions ............................................................................... 24 3.3.8 Stack Layout of Arguments Not Passed in Registers .................................................. 24 3.3.9 Frame Pointer ............................................................................................... 24 3.4 Return Values ........................................................................................................... 25 2 Table of Contents SLAA534A–June 2013–Revised June 2020 Submit Documentation Feedback Copyright © 2013–2020, Texas Instruments Incorporated www.ti.com 3.5 Structures and Unions Passed and Returned by Reference ..................................................... 25 3.6 Conventions for Compiler Helper Functions ........................................................................ 26 3.7 Scratch Registers for Functions Already Seen ..................................................................... 26 3.8 _ _mspabi_func_epilog Helper Functions ........................................................................... 26 3.9 Interrupt Functions...................................................................................................... 26 4 Data Allocation and Addressing ........................................................................................... 27 4.1 Data Sections and Segments ......................................................................................... 27 4.2 Addressing Modes...................................................................................................... 28 4.3 Allocation and Addressing of Static Data ........................................................................... 28 4.3.1 Addressing Methods for Static Data...................................................................... 28 4.3.2 Placement Conventions for Static Data.................................................................. 29 4.3.3 Initialization of Static Data ................................................................................. 30 4.4 Automatic Variables .................................................................................................... 30 4.5 Frame Layout ........................................................................................................... 31 4.5.1 Stack Alignment ............................................................................................. 32 4.5.2 Register Save Order........................................................................................ 32 4.6 Heap-Allocated Objects................................................................................................ 32 5 Code Allocation and Addressing .......................................................................................... 33 5.1 Computing the Address of a Code Label............................................................................ 33 5.1.1 Absolute Addressing for Code ............................................................................ 33 5.1.2 Symbolic Addressing ....................................................................................... 33 5.1.3 Immediate Addressing...................................................................................... 34 5.2 Branching ................................................................................................................ 34 5.3 Calls ...................................................................................................................... 34 5.3.1 Direct Call .................................................................................................... 34 5.3.2 Far Call Trampoline......................................................................................... 34 5.3.3 Indirect Calls................................................................................................. 34 6 Helper Function API............................................................................................................ 35 6.1 Floating-Point Behavior ................................................................................................ 35 6.2 C Helper Function API ................................................................................................. 35 6.3 Special Register Conventions for Helper Functions ............................................................... 39 6.4 Floating-Point Helper Functions for C99............................................................................. 40 7 Standard C Library API ......................................................................................................
Load more

Recommended publications
  • Fill Your Boots: Enhanced Embedded Bootloader Exploits Via Fault Injection and Binary Analysis
    IACR Transactions on Cryptographic Hardware and Embedded Systems ISSN 2569-2925, Vol. 2021, No. 1, pp. 56–81. DOI:10.46586/tches.v2021.i1.56-81 Fill your Boots: Enhanced Embedded Bootloader Exploits via Fault Injection and Binary Analysis Jan Van den Herrewegen1, David Oswald1, Flavio D. Garcia1 and Qais Temeiza2 1 School of Computer Science, University of Birmingham, UK, {jxv572,d.f.oswald,f.garcia}@cs.bham.ac.uk 2 Independent Researcher, [email protected] Abstract. The bootloader of an embedded microcontroller is responsible for guarding the device’s internal (flash) memory, enforcing read/write protection mechanisms. Fault injection techniques such as voltage or clock glitching have been proven successful in bypassing such protection for specific microcontrollers, but this often requires expensive equipment and/or exhaustive search of the fault parameters. When multiple glitches are required (e.g., when countermeasures are in place) this search becomes of exponential complexity and thus infeasible. Another challenge which makes embedded bootloaders notoriously hard to analyse is their lack of debugging capabilities. This paper proposes a grey-box approach that leverages binary analysis and advanced software exploitation techniques combined with voltage glitching to develop a powerful attack methodology against embedded bootloaders. We showcase our techniques with three real-world microcontrollers as case studies: 1) we combine static and on-chip dynamic analysis to enable a Return-Oriented Programming exploit on the bootloader of the NXP LPC microcontrollers; 2) we leverage on-chip dynamic analysis on the bootloader of the popular STM8 microcontrollers to constrain the glitch parameter search, achieving the first fully-documented multi-glitch attack on a real-world target; 3) we apply symbolic execution to precisely aim voltage glitches at target instructions based on the execution path in the bootloader of the Renesas 78K0 automotive microcontroller.
    [Show full text]
  • MSP430FR2433 Mixed-Signal Microcontroller
    Product Order Technical Tools & Support & Folder Now Documents Software Community MSP430FR2433 SLASE59C –OCTOBER 2015–REVISED AUGUST 2018 MSP430FR2433 Mixed-Signal Microcontroller 1 Device Overview 1.1 Features 1 • Embedded Microcontroller Storage – 16-Bit RISC Architecture – 1015 Write Cycle Endurance – Clock Supports Frequencies up to 16 MHz – Radiation Resistant and Nonmagnetic – Wide Supply Voltage Range From 3.6 V Down – High FRAM-to-SRAM Ratio, up to 4:1 to 1.8 V (Minimum Supply Voltage is Restricted • Clock System (CS) by SVS Levels, See the SVS Specifications) – On-Chip 32-kHz RC Oscillator (REFO) • Optimized Ultra-Low-Power Modes – On-Chip 16-MHz Digitally Controlled Oscillator – Active Mode: 126 µA/MHz (Typical) (DCO) With Frequency-Locked Loop (FLL) – Standby: <1 µA With VLO – ±1% Accuracy With On-Chip Reference at – LPM3.5 Real-Time Clock (RTC) Counter With Room Temperature 32768-Hz Crystal: 730 nA (Typical) – On-Chip Very Low-Frequency 10-kHz Oscillator – Shutdown (LPM4.5): 16 nA (Typical) (VLO) • High-Performance Analog – On-Chip High-Frequency Modulation Oscillator – 8-Channel 10-Bit Analog-to-Digital Converter (MODOSC) (ADC) – External 32-kHz Crystal Oscillator (LFXT) – Internal 1.5-V Reference – Programmable MCLK Prescalar of 1 to 128 – Sample-and-Hold 200 ksps – SMCLK Derived from MCLK With • Enhanced Serial Communications Programmable Prescalar of 1, 2, 4, or 8 – Two Enhanced Universal Serial Communication • General Input/Output and Pin Functionality Interfaces (eUSCI_A) Support UART, IrDA, and – Total of 19 I/Os on
    [Show full text]
  • Stackwalkerapi Programmer's Guide
    Paradyn Parallel Performance Tools StackwalkerAPI Programmer’s Guide 9.2 Release June 2016 Computer Sciences Department University of Wisconsin–Madison Madison, WI 53706 Computer Science Department University of Maryland College Park, MD 20742 Email [email protected] Web www.dyninst.org Contents 1 Introduction 3 2 Abstractions 4 2.1 Stackwalking Interface . .5 2.2 Callback Interface . .5 3 API Reference 6 3.1 Definitions and Basic Types . .6 3.1.1 Definitions . .6 3.1.2 Basic Types . .9 3.2 Namespace StackwalkerAPI . 10 3.3 Stackwalking Interface . 10 3.3.1 Class Walker . 10 3.3.2 Class Frame . 14 3.4 Accessing Local Variables . 18 3.5 Callback Interface . 19 3.5.1 Default Implementations . 19 3.5.2 Class FrameStepper . 19 3.5.3 Class StepperGroup . 22 3.5.4 Class ProcessState . 24 3.5.5 Class SymbolLookup . 27 4 Callback Interface Default Implementations 27 4.1 Debugger Interface . 28 4.1.1 Class ProcDebug . 29 4.2 FrameSteppers . 31 4.2.1 Class FrameFuncStepper . 31 4.2.2 Class SigHandlerStepper . 32 4.2.3 Class DebugStepper . 33 1 4.2.4 Class AnalysisStepper . 33 4.2.5 Class StepperWanderer . 33 4.2.6 Class BottomOfStackStepper . 33 2 1 Introduction This document describes StackwalkerAPI, an API and library for walking a call stack. The call stack (also known as the run-time stack) is a stack found in a process that contains the currently active stack frames. Each stack frame is a record of an executing function (or function-like object such as a signal handler or system call).
    [Show full text]
  • Procedures & the Stack
    Procedures & The Stack Spring 2016 Procedures & The Stack Announcements ¢ Lab 1 graded § Late days § Extra credit ¢ HW 2 out ¢ Lab 2 prep in section tomorrow § Bring laptops! ¢ Slides HTTP://XKCD.COM/1270/ 1 Procedures & The Stack Spring 2016 Memory & data Roadmap Integers & floats C: Java: Machine code & C x86 assembly car *c = malloc(sizeof(car)); Car c = new Car(); Procedures & stacks c->miles = 100; c.setMiles(100); Arrays & structs c->gals = 17; c.setGals(17); float mpg = get_mpg(c); float mpg = Memory & caches free(c); c.getMPG(); Processes Virtual memory Assembly get_mpg: Memory allocation pushq %rbp Java vs. C language: movq %rsp, %rbp ... popq %rbp ret OS: Machine 0111010000011000 100011010000010000000010 code: 1000100111000010 110000011111101000011111 Computer system: 2 Procedures & The Stack Spring 2016 Mechanisms required for procedures ¢ Passing control P(…) { § To beginning oF procedure code • • § Back to return point y = Q(x); print(y) ¢ Passing data • § Procedure arguments } § Return value ¢ Memory management int Q(int i) § Allocate during procedure execution { § Deallocate upon return int t = 3*i; int v[10]; ¢ All implemented with machine • instructions • § An x86-64 procedure uses only those return v[t]; mechanisms required For that procedure } 3 Procedures & The Stack Spring 2016 Questions to answer about procedures ¢ How do I pass arguments to a procedure? ¢ How do I get a return value from a procedure? ¢ Where do I put local variables? ¢ When a function returns, how does it know where to return? ¢ To answer some of
    [Show full text]
  • Strict Protection for Virtual Function Calls in COTS C++ Binaries
    vfGuard: Strict Protection for Virtual Function Calls in COTS C++ Binaries Aravind Prakash Xunchao Hu Heng Yin Department of EECS Department of EECS Department of EECS Syracuse University Syracuse University Syracuse University [email protected] [email protected] [email protected] Abstract—Control-Flow Integrity (CFI) is an important se- these binary-only solutions are unfortunately coarse-grained curity property that needs to be enforced to prevent control- and permissive. flow hijacking attacks. Recent attacks have demonstrated that existing CFI protections for COTS binaries are too permissive, While coarse-grained CFI solutions have significantly re- and vulnerable to sophisticated code reusing attacks. Accounting duced the attack surface, recent efforts by Goktas¸¨ et al. [9] for control flow restrictions imposed at higher levels of semantics and Carlini [10] have demonstrated that coarse-grained CFI is key to increasing CFI precision. In this paper, we aim to provide solutions are too permissive, and can be bypassed by reusing more stringent protection for virtual function calls in COTS large gadgets whose starting addresses are allowed by these C++ binaries by recovering C++ level semantics. To achieve this solutions. The primary reason for such permissiveness is the goal, we recover C++ semantics, including VTables and virtual lack of higher level program semantics that introduce certain callsites. With the extracted C++ semantics, we construct a sound mandates on the control flow. For example, given a class CFI policy and further improve the policy precision by devising two filters, namely “Nested Call Filter” and “Calling Convention inheritance, target of a virtual function dispatch in C++ must Filter”.
    [Show full text]
  • MIPS Calling Convention
    MIPS Calling Convention CS 64: Computer Organization and Design Logic Lecture #9 Fall 2018 Ziad Matni, Ph.D. Dept. of Computer Science, UCSB Administrative • Lab #5 this week – due on Friday • Grades will be up on GauchoSpace today by noon! – If you want to review your exams, see your TAs: LAST NAMES A thru Q See Bay-Yuan (Th. 12:30 – 2:30 pm) LAST NAMES R thru Z See Harmeet (Th. 9:30 – 11:30 am) • Mid-quarter evaluations for T.As – Links on the last slide and will put up on Piazza too – Optional to do, but very appreciated by us all! 11/5/2018 Matni, CS64, Fa18 2 CS 64, Fall 18, Midterm Exam Average = 86.9% Median = 87% 26 22 8 5 3 11/5/2018 Matni, CS64, Fa18 3 Lecture Outline • MIPS Calling Convention – Functions calling functions – Recursive functions 11/5/2018 Matni, CS64, Fa18 4 Function Calls Within Functions… Given what we’ve said so far… • What about this code makes our previously discussed setup break? – You would need multiple copies of $ra • You’d have to copy the value of $ra to another register (or to mem) before calling another function • Danger: You could run out of registers! 11/5/2018 Matni, CS64, Fa18 5 Another Example… What about this code makes this setup break? • Can’t fit all variables in registers at the same time! • How do I know which registers are even usable without looking at the code? 11/5/2018 Matni, CS64, Fa18 6 Solution??!! • Store certain information in memory only at certain times • Ultimately, this is where the call stack comes from • So what (registers/memory) save what??? 11/5/2018 Matni, CS64, Fa18
    [Show full text]
  • UNDERSTANDING STACK ALIGNMENT in 64-BIT CALLING CONVENTIONS for X86-64 Assembly Programmers
    UNDERSTANDING STACK ALIGNMENT IN 64-BIT CALLING CONVENTIONS For x86-64 Assembly Programmers This article is part of CPU2.0 presentation Soffian Abdul Rasad Date : Oct 2nd, 2017 Updated: 2019 Note: This article is released in conjunction with CPU2.0 to enable users to use CPU2.0 correctly in regards to stack alignment. It does not present full stack programming materials. MS 64-bit Application Binary Interface (ABI) defines an x86_64 software calling convention known as the fastcall. System V also introduces similar software calling convention known as AMD64 calling convention. These calling conventions specify the standards and the requirements of the 64-bit APIs to enable codes to access and use them in a standardized and uniform fashion. This is the standard convention being employed by Win64 APIs and Linux64 respectively. While the two are radically different, they share similar stack alignment policy – the stack must be well-aligned to 16-byte boundaries prior to calling a 64-bit API. A memory address is said to be aligned to 16 if it is evenly divisible by 16, or if the last digit is 0, in hexadecimal notation. Please note that to simplify discussions, we ignore the requirement for shadow space or red zone when calling the 64-bit APIs for now. But still with or without the shadow space, the discussion below applies. Also note that the CPU honors no calling convention. Align 16 Ecosystem This requirement specifies that for the 64-bit APIs to function correctly it must work in an ecosystem or runtime environment in which the stack memory is always aligned to 16-byte boundaries.
    [Show full text]
  • Using Energia (Arduino)
    Using Energia (Arduino) Introduction This chapter of the MSP430 workshop explores Energia, the Arduino port for the Texas Instruments Launchpad kits. After a quick definition and history of Arduino and Energia, we provide a quick introduction to Wiring – the language/library used by Arduino & Energia. Most of the learning comes from using the Launchpad board along with the Energia IDE to light LED’s, read switches and communicate with your PC via the serial connection. Learning Objectives, Requirements, Prereq’s Prerequisites & Objectives Prerequisites Basic knowledge of C language Basic understanding of using a C library and header files This chapter doesn’t explain clock, interrupt, and GPIO features in detail, this is left to the other chapters in the MSP430 workshop Requirements - Tools and Software Hardware Windows (XP, 7, 8) PC with available USB port MSP430F5529 Launchpad Software Already installed, if you Energia Download have installed CCSv5.x Launchpad drivers (Optional) MSP430ware / Driverlib Objectives Define ‘Arduino’ and describe what is was created for Define ‘Energia’ and explain what it is ‘forked’ from Install Energia, open and run included example sketches Use serial communication between the board & PC Add an external interrupt to an Energia sketch Modify CPU registers from an Energia sketch MSP430 Workshop - Using Energia (Arduino) 8 - 1 What is Arduino Chapter Topics Using Energia (Arduino) ............................................................................................................
    [Show full text]
  • Design Considerations When Using the MSP430 Graphics Library, and Provides an Example of Implementation and Optimization
    www.ti.com 1 Trademarks MSP430, MSP430Ware are trademarks of Texas Instruments. Stellaris is a registered trademark of Texas Instruments. All other trademarks are the property of their respective owners. SLAA548–October 2012 1 Submit Documentation Feedback Copyright © 2012, Texas Instruments Incorporated Application Report SLAA548–October 2012 Design Considerations When Using MSP430 Graphics Library Michael Stein ABSTRACT LCDs are a growing commodity in today’s market with products as diverse as children’s toys to medical devices. Modern LCDs, along with the graphics displayed on them, are growing in complexity. A graphics library can simplify and accelerate development while creating the desired user experience. TI provides the MSP430 Graphics Library for use in developing products with the MSP430™ MCU. This application report describes design considerations when using the MSP430 Graphics Library, and provides an example of implementation and optimization. Project collateral discussed in this application report can be downloaded from the following URL: www.ti.com/lit/zip/SLAA548. Contents 2 Introduction to the MSP430 Graphics Library............................................................................ 2 3 System Overview ............................................................................................................ 3 4 Hardware Implementation - LCD Bus Type .............................................................................. 4 5 Software Implementation- LCD Display Driver Layer ..................................................................
    [Show full text]
  • Tricore Architecture Manual for a Detailed Discussion of Instruction Set Encoding and Semantics
    User’s Manual, v2.3, Feb. 2007 TriCore 32-bit Unified Processor Core Embedded Applications Binary Interface (EABI) Microcontrollers Edition 2007-02 Published by Infineon Technologies AG 81726 München, Germany © Infineon Technologies AG 2007. All Rights Reserved. Legal Disclaimer The information given in this document shall in no event be regarded as a guarantee of conditions or characteristics (“Beschaffenheitsgarantie”). With respect to any examples or hints given herein, any typical values stated herein and/or any information regarding the application of the device, Infineon Technologies hereby disclaims any and all warranties and liabilities of any kind, including without limitation warranties of non- infringement of intellectual property rights of any third party. Information For further information on technology, delivery terms and conditions and prices please contact your nearest Infineon Technologies Office (www.infineon.com). Warnings Due to technical requirements components may contain dangerous substances. For information on the types in question please contact your nearest Infineon Technologies Office. Infineon Technologies Components may only be used in life-support devices or systems with the express written approval of Infineon Technologies, if a failure of such components can reasonably be expected to cause the failure of that life-support device or system, or to affect the safety or effectiveness of that device or system. Life support devices or systems are intended to be implanted in the human body, or to support and/or maintain and sustain and/or protect human life. If they fail, it is reasonable to assume that the health of the user or other persons may be endangered. User’s Manual, v2.3, Feb.
    [Show full text]
  • Protecting Against Unexpected System Calls
    Protecting Against Unexpected System Calls C. M. Linn, M. Rajagopalan, S. Baker, C. Collberg, S. K. Debray, J. H. Hartman Department of Computer Science University of Arizona Tucson, AZ 85721 {linnc,mohan,bakers,collberg,debray,jhh}@cs.arizona.edu Abstract writing the return address on the stack with the address of the attack code). This then causes the various actions This paper proposes a comprehensive set of techniques relating to the attack to be carried out. which limit the scope of remote code injection attacks. These techniques prevent any injected code from mak- In order to do any real damage, e.g., create a root ing system calls and thus restrict the capabilities of an shell, change permissions on a file, or access proscribed attacker. In defending against the traditional ways of data, the attack code needs to execute one or more sys- harming a system these techniques significantly raise the tem calls. Because of this, and the well-defined system bar for compromising the host system forcing the attack call interface between application code and the underly- code to take extraordinary steps that may be impractical ing operating system kernel, many researchers have fo- in the context of a remote code injection attack. There cused on the system call interface as a convenient point are two main aspects to our approach. The first is to for detecting and disrupting such attacks (see, for exam- embed semantic information into executables identify- ple, [5, 13, 17, 19, 29, 32, 35, 38]; Section 7 gives a more ing the locations of legitimate system call instructions; extensive discussion).
    [Show full text]
  • Majnemer-Fuzzingclang.Pdf
    Fuzzing Clang to find ABI Bugs David Majnemer What’s in an ABI? • The size, alignment, etc. of types • Layout of records, RTTI, virtual tables, etc. • The decoration of types, functions, etc. • To generalize: anything that you need N > 1 compilers to agree upon C++: A complicated language union U { int a; int b; }; ! int U::*x = &U::a; int U::*y = &U::b; ! Does ‘x’ equal ‘y’ ? We’ve got a standard How hard could it be? “[T]wo pointers to members compare equal if they would refer to the same member of the same most derived object or the same subobject if indirection with a hypothetical object of the associated class type were performed, otherwise they compare unequal.” No ABI correctly implements this. Why does any of this matter? • Data passed across ABI boundaries may be interpreted by another compiler • Unpredictable things may happen if two compilers disagree about how to interpret this data • Subtle bugs can be some of the worst bugs Finding bugs isn’t easy • ABI implementation techniques may collide with each other in unpredictable ways • One compiler permutes field order in structs if the alignment is 16 AND it has an empty virtual base AND it has at least one bitfield member AND … • Some ABIs are not documented • Even if they are, you can’t always trust the documentation What happens if we aren’t proactive • Let users find our bugs for us • This can be demoralizing for users, eroding their trust • Altruistic; we must hope that the user will file the bug • At best, the user’s time has been spent on something they probably didn’t want to do Let computers find the bugs 1.
    [Show full text]