Disassembler using High Level Pro cessor Mo dels A T h e s i s S u b m i t t e d in P a r t i a l Fu l l l m e n t o f th e Requirem ents fo r t h e D e g r e e o f M a s t e r o f Te c h n o l o g y by Nihal Chand Jain t o t h e Department of Computer Science Engineering Indian Institute of Technology Kanpur Jan Certicate Certied that the work contained in the thesis entitled D i s a s s e m b l e r u s i n g H i g h L e v e l P r o c e s s o r M o d e l s by MrN i h a l C h a n d J a i n has b een carried out under my sup ervision and that this work has not b een submitted elsewhere for a degree Dr Ra jat Mo ona Asso ciate Professor Department of Computer Science Engineering Indian Institute of Technology Kanpur Jan ii Abstract The design of a high p erformance system requires an integrated environment to sim ulate and analyze the p erformance of various design alternatives In this thesis we have develop ed a g e n e r i c disassem b ler for an integrated environment where SimnML acts as the sp ecication language for pro cessor p erformance mo del The SimnML an extension of nML machine description formalism is a simple elegant and p owerful language to mo del machine b ehavior at instruction level As part of the thesis work we have designed an in t e r m e d i a t e re p r e s e n t a t i o n I R for pro cessor sp ecication written in SimnML language The IR is simple and facilitates the development of various to ols such as assembler compiler backend generator instruction set simulator trace generator etc based on the pro cessor sp ecication A to ol IR G e n e r a t o r is develop ed which takes a pro cessor sp ecication written in SimnML language and pro duces it in the intermediate representation Further a G e n e r i c S y m b o l i c Disassem b ler is de velop ed which takes the intermediate representation of a pro cessor and a relo catable binary le in ELF format as input and pro duces an equivalent program in assembly language of the pro cessor The disassembler is generic enough to b e used for all typ e of pro cessors Acknowledgments I am grateful to my thesis sup ervisor Dr Ra jat Mo ona who guided me at every stage of this pro ject with his valuable suggestions whose qualities have attracted me a lot His ideas have b een of great help in exploring the areas which otherwise would have b een imp ossible I thank the Almighty for giving such a brotherly gure as my guide This work is done as a part of the ongoing research in Cadence Research Center at I IT Kanpur I express my gratitude to Cadence India Ltd for their enduring supp ort to this work Apart from the ample nancial supp ort provided by the fellowship it has b een a source of p ersonal pride and motivation to b e called a Cadence Fellow I am also greatly indebted to Dr Deepak Gupta and Dr Sanjeev Agarwal for their guidance and supp ort throughout my work I express my heartfelt thanks to all the faculty memb ers for teaching the principles in most exciting and enjoyable way I am greatly indebted to my seniors sp ecially Atul and Kshitiz for helping me out in crucial situations I would also like to thank VRa jesh Subhash and Shishir who has help ed me with lots of ideas throughout the work I thank all my MTech class mates esp ecially Professor Zade Bepari Kapil Atul Mano j Anna Anjali Uma Prasad Srikar Gopi Girish Prasanna Kousik and Ma jor Ajay for b eing aectionate and the source of inspiration for me My gratitude go es to all of my MTech batch mates who made my stay in HallV I ITK a memorable one I acknowledge the MTech batch for their exciting company I wish I could express my thankfulness to all my old friends for their love supp ort and encouragement I thank my parents my brothers for their love and aection I have b een receiving I am grateful to all of them for their eorts in building my career Finally I would also like to thank Go d for b eing kind to me and driving me through this journey i Contents Acknowledgments i Intro duction Motivation Overview of Related Work Goals Achieved Organization of Rep ort Intermediate Representation of Pro cessor Mo dels SimnML Language SimnML Grammar Design of an Intermediate Representation Simplication of Information by Substitution Simplifying the Hierarchy Representation of Attribute Denition Structure of the Intermediate Representation Conversion from High Level to Intermediate Representation Pass Macro Prepro cessor Pass Parsing and Flattening the Hierarchy Design and Implementation of Disassembler ii Input Binary File ELF Structure Two Pass Design of Disassembler Resolving References Extracting Information from Intermediate Representation Extracting Syntax and Image of instructions Instruction Matching Algorithm Extracting Control Transfer Instruction Evaluation of Next Instruction Address Implementation Details of the Disassembler Initialization Phase First Pass of Disassembly Second Pass of Disassembly Disassembly of Other Sections Results and Conclusion Results Example Example Conclusion Future Work and Extensions A Grammar of SimnML Language B File Format of Intermediate Representation B Meta Table B Constant Table B Resource Table B Identier Table B Attribute Table iii B Memory Table B AndRule Table B OrRule Table B Syntax Table B Image Table B String Table B Integer Table B PrexAttributeDenition Table C Users Manual C IRGenerator C Usage C Disassembler C Usage iv List of Tables Test Results Enco ding of data typ es Parameter Typ e for a n d r u l e Example of the String Table Interpretation of the String Table Interpretation of the tuple used in Prex Notation Op erators Used in Prex Attribute Denition v List of Figures System Overview System Overview with IR SimnML Sp ecication for a Simple Pro cessor Algorithm for Flattening of o r r u l e s SimnML Program for a Hyp othetical Pro cessor Example of o r r u l e s Flattening Example of a n d r u l e Flattening Algorithm for Flattening of S y n t a x I m a g e Attribute Denitions Example of S y n t a x Attribute Denitions Flattening Algorithm for Calculating Mask Values Algorithm for Calculating More Mask Values Algorithm to Find Data Enco ding of the Host Pro cessor Example of the Conguration File vi Chapter Intro duction The design of a high p erformance system requires complex software to ols Designers use p owerful and generic mo deling to ols to evaluate many alternative implementa tions In addition designers need hardware and software co design and other tradeos at early stages of the system design to keep the development cost down Therefore system designers need an integrated environment which allows them to simulate and analyze the p erformance of various design alternatives In this thesis we have used S i m n M L language which is primarily an extension of the n M L language for pro cessor mo deling and designed a g e n e r i c pr o c e s s o r in d e p e n d e n t sy m b o l i c disassem b ler For this purp ose we have also designed an in t e r m e d i a t e re p r e s e n t a t i o n I R for the pro cessor sp ecication written in the SimnML language The IR is simple but p owerful enough to facilitate the development of various to ols such as assembler compiler backend generator instruction simulator etc based on the pro cessor sp ecication We have designed a to ol IR g e n e r a t o r which takes a pro cessor sp ecication in the SimnML language and provides the intermediate rep resentation of the pro cessor sp ecication as output The g e n e r i c s y m b o l i c disassem b ler takes the intermediate representation and a relo catable binary le of a pro cessor and provides the corresp onding assembly language program as output Motivation A pro cessor mo del provides means to facilitate hardware and software co design and coanalysis early in the system design pro cess To mo del the candidate application and pro cessor mo del interaction a systematic design pro cess is required A systematic design pro cess