2

I'm looking at a disassembly of an executable I just built, and I'm confused as to what this line can possibly mean:

00000000 <func_foo>:
   0:   e1a0100d    mov r1, sp
   4:   e59fd090    ldr sp, [pc, #144]
   8:   e92d4002    push    {r1, lr}
   c:   eafffffe    b   c <func_foo+0xc> ;;; <<----- HERE

The branch instruction has a carry bit (c) set, but it just branches to itself. It looks like an infinite loop, but I did not insert this code; it was entirely compiler generated (GCC 4.6.3).

Can anyone shed some insight on this?

MarkP
  • 4,168
  • 10
  • 43
  • 84
  • Carry bit set? How do you see that? Can you show the C source for your function? That instruction is apparently an infinite loop, as you suggest. – Carl Norum Sep 10 '13 at 20:42
  • 3
    Are you disassembling a dynamically linked executable, and as such looking at a placeholder for a yet-to-be-resolved library function call? – unixsmurf Sep 10 '13 at 20:48
  • @unixsmurf may be on the right track, though it doesn't require dynamic linking. If you have a tail call to a function from a different translation unit at the end of `func_foo`, it's possible that the compiler will emit what you're seeing. Can you show the source? – Carl Norum Sep 10 '13 at 20:51
  • @CarlNorum: well, MarkP said "executable" rather than "object file" :) If that was an incorrect statement, your suggestion is of course also a possible explanation. – unixsmurf Sep 10 '13 at 21:00
  • Since `func_foo` is at `0`, it's almost certainly not an executable. – Carl Norum Sep 10 '13 at 21:03
  • @CarlNorum: Doh! Well spotted. – unixsmurf Sep 10 '13 at 21:07

2 Answers2

2

The instruction is not "bc", but "b 0xc". (ARM instructions with the first hex. digit "E" are unconditional instructions).

The " < func_foo+0xc > " is some information that says that address 0xc (the jump destination) is 0xc bytes after the start of the function func_foo. This makes sense in programs with multiple functions where it is not that easy to see.

Martin Rosenau
  • 17,897
  • 3
  • 19
  • 38
1

You would see a bcs or bcc if it is a branch if carry set or branch if carry clear, you are seeing b 0xC which is the current address.

Technically it is a branch to self instruction the encoding is not specific or hardcoded to 0xC it is just a branch to pc-2 instructions since the pc is 2 instructions ahead it is a branch to self. (branch to instruction_address + 2 - 2 = branch to instruction_address)

This looks like you disassembled an object, unlinked code, based on the address of 0x00000 and this branch to self. When you link with something else the address should change and the branch to self will change to branch to whatever function you had specified in your source.

auselen
  • 27,577
  • 7
  • 73
  • 114
old_timer
  • 69,149
  • 8
  • 89
  • 168