Path: utzoo!attcan!uunet!midway!ncar!zaphod.mps.ohio-state.edu!usc!snorkelwacker!mintaka!spdcc!esegue!compilers-sender
From: chris@cs.UMD.EDU (Chris Torek)
Newsgroups: comp.compilers
Subject: Re: Disassembly
Keywords: disassemble
Message-ID: <9009201514.AA03139@mimsy.UMD.EDU>
Date: 20 Sep 90 15:14:46 GMT
Sender: compilers-sender@esegue.segue.boston.ma.us
Reply-To: chris@cs.UMD.EDU (Chris Torek)
Organization: Compilers Central
Lines: 37
Approved: compilers@esegue.segue.boston.ma.us
In-Reply-To: your article <9009190548.AA08710@dwarfs.crhc.uiuc.edu.>

Andy Glew suggests some simplifying assumptions:

>    (1) code is never executed "out of phase" - ie. if a code sequence
>begins with the 4 byte instruction at address A, there is no code
>sequence beginning at address A+1.

This one, particularly in hand-coded assembly for weak architectures
(that is, those with limited address space or `missing' instructions
such as unconditional branches), will prove false often enough to be
a problem.  A common trick in 8080/Z80 code was the mysterious sequence:

	0x1000:	ld	e,6
	0x1002:	ld	bc,0x071e
	0x1005:	ld	bc,0x081e
	0x1008:	<code>

The trick is that a branch to 0x1003 turns out to be

	0x1003:	ld	e,7
	0x1005:	ld	bc,0x081e
	0x1008:	<code>

and a branch to 0x1006 turns out to be

	0x1006:	ld	e,8
	0x1008:	<code>

and the code uses register `e' to do whatever it does.

Although I have never seen a compiler use this trick, it would not be
too difficult to arrange (if a register is dead, it can be used as the
target of a `useless' instruction that exists merely to embed another
instruction in the immediate data field).  Peephole optimizers do code
merging all the time; this is merely a (scary) variant on that.
-- 
Send compilers articles to compilers@esegue.segue.boston.ma.us
{ima | spdcc | world}!esegue.  Meta-mail to compilers-request@esegue.