further digging and basic emulator
This commit is contained in:
256
build/rom_report_sources.json
Normal file
256
build/rom_report_sources.json
Normal file
@@ -0,0 +1,256 @@
|
||||
{
|
||||
"calls": [
|
||||
{
|
||||
"address": 5622,
|
||||
"address_hex": "H'15F6",
|
||||
"assessment": "Direct static enqueue source for 0x0081, not 0x0007.",
|
||||
"can_directly_enqueue_report_index": false,
|
||||
"dataflow_block": 5609,
|
||||
"function_label": "loc_15E0",
|
||||
"function_start": 5600,
|
||||
"function_start_hex": "H'15E0",
|
||||
"instruction": "BSR loc_3E54",
|
||||
"r2": {
|
||||
"bit7": true,
|
||||
"classification": "constant",
|
||||
"evidence": {
|
||||
"address": 5617,
|
||||
"address_hex": "H'15F1",
|
||||
"instruction": "MOV:E.B #H'80, R2",
|
||||
"mnemonic": "MOV:E.B",
|
||||
"operands": "#H'80, R2"
|
||||
},
|
||||
"reason": "immediate load",
|
||||
"register": "R2",
|
||||
"value": 128,
|
||||
"value_hex": "0x80"
|
||||
},
|
||||
"r3": {
|
||||
"classification": "constant",
|
||||
"evidence": {
|
||||
"address": 5619,
|
||||
"address_hex": "H'15F3",
|
||||
"instruction": "MOV:I.W #H'0081, R3",
|
||||
"mnemonic": "MOV:I.W",
|
||||
"operands": "#H'0081, R3"
|
||||
},
|
||||
"reason": "immediate load",
|
||||
"register": "R3",
|
||||
"value": 129,
|
||||
"value_hex": "0x0081"
|
||||
},
|
||||
"table_hints": [],
|
||||
"target": 15956,
|
||||
"target_hex": "H'3E54",
|
||||
"window_instruction_count": 4,
|
||||
"window_start": 5609,
|
||||
"window_start_hex": "H'15E9"
|
||||
},
|
||||
{
|
||||
"address": 6673,
|
||||
"address_hex": "H'1A11",
|
||||
"assessment": "No static 0x0007 constant here; R3 is dynamic/table-derived.",
|
||||
"can_directly_enqueue_report_index": false,
|
||||
"dataflow_block": 6665,
|
||||
"function_label": "loc_19DB",
|
||||
"function_start": 6619,
|
||||
"function_start_hex": "H'19DB",
|
||||
"instruction": "BSR loc_3E54",
|
||||
"r2": {
|
||||
"bit7": true,
|
||||
"classification": "constant",
|
||||
"evidence": {
|
||||
"address": 6669,
|
||||
"address_hex": "H'1A0D",
|
||||
"instruction": "MOV:E.B #H'80, R2",
|
||||
"mnemonic": "MOV:E.B",
|
||||
"operands": "#H'80, R2"
|
||||
},
|
||||
"reason": "immediate load",
|
||||
"register": "R2",
|
||||
"value": 128,
|
||||
"value_hex": "0x80"
|
||||
},
|
||||
"r3": {
|
||||
"classification": "dynamic/table-derived",
|
||||
"evidence": {
|
||||
"address": 6671,
|
||||
"address_hex": "H'1A0F",
|
||||
"instruction": "MOV:G.W R5, R3",
|
||||
"mnemonic": "MOV:G.W",
|
||||
"operands": "R5, R3"
|
||||
},
|
||||
"reason": "copied from unresolved R5",
|
||||
"register": "R3",
|
||||
"value": null,
|
||||
"value_hex": null
|
||||
},
|
||||
"table_hints": [
|
||||
{
|
||||
"address": 6665,
|
||||
"address_hex": "H'1A09",
|
||||
"instruction": "MOV:G.W R1, @(-H'1800,R3)",
|
||||
"operand": "@(-H'1800,R3)",
|
||||
"table": "current_value_table_candidate"
|
||||
}
|
||||
],
|
||||
"target": 15956,
|
||||
"target_hex": "H'3E54",
|
||||
"window_instruction_count": 3,
|
||||
"window_start": 6665,
|
||||
"window_start_hex": "H'1A09"
|
||||
},
|
||||
{
|
||||
"address": 6777,
|
||||
"address_hex": "H'1A79",
|
||||
"assessment": "No static 0x0007 constant here; R3 is dynamic/table-derived.",
|
||||
"can_directly_enqueue_report_index": false,
|
||||
"dataflow_block": 6769,
|
||||
"function_label": "loc_1A35",
|
||||
"function_start": 6709,
|
||||
"function_start_hex": "H'1A35",
|
||||
"instruction": "BSR loc_3E54",
|
||||
"r2": {
|
||||
"bit7": true,
|
||||
"classification": "constant",
|
||||
"evidence": {
|
||||
"address": 6773,
|
||||
"address_hex": "H'1A75",
|
||||
"instruction": "MOV:E.B #H'80, R2",
|
||||
"mnemonic": "MOV:E.B",
|
||||
"operands": "#H'80, R2"
|
||||
},
|
||||
"reason": "immediate load",
|
||||
"register": "R2",
|
||||
"value": 128,
|
||||
"value_hex": "0x80"
|
||||
},
|
||||
"r3": {
|
||||
"classification": "dynamic/table-derived",
|
||||
"evidence": {
|
||||
"address": 6775,
|
||||
"address_hex": "H'1A77",
|
||||
"instruction": "MOV:G.W R5, R3",
|
||||
"mnemonic": "MOV:G.W",
|
||||
"operands": "R5, R3"
|
||||
},
|
||||
"reason": "copied from unresolved R5",
|
||||
"register": "R3",
|
||||
"value": null,
|
||||
"value_hex": null
|
||||
},
|
||||
"table_hints": [
|
||||
{
|
||||
"address": 6769,
|
||||
"address_hex": "H'1A71",
|
||||
"instruction": "MOV:G.W R0, @(-H'1800,R3)",
|
||||
"operand": "@(-H'1800,R3)",
|
||||
"table": "current_value_table_candidate"
|
||||
}
|
||||
],
|
||||
"target": 15956,
|
||||
"target_hex": "H'3E54",
|
||||
"window_instruction_count": 3,
|
||||
"window_start": 6769,
|
||||
"window_start_hex": "H'1A71"
|
||||
},
|
||||
{
|
||||
"address": 9896,
|
||||
"address_hex": "H'26A8",
|
||||
"assessment": "No static 0x0007 constant here; R3 is unknown.",
|
||||
"can_directly_enqueue_report_index": false,
|
||||
"dataflow_block": 9896,
|
||||
"function_label": "loc_2650",
|
||||
"function_start": 9808,
|
||||
"function_start_hex": "H'2650",
|
||||
"instruction": "BSR loc_3E54",
|
||||
"r2": {
|
||||
"bit7": null,
|
||||
"classification": "unknown",
|
||||
"evidence": null,
|
||||
"reason": "decompiler dataflow: block_entry",
|
||||
"register": "R2",
|
||||
"value": null,
|
||||
"value_hex": null
|
||||
},
|
||||
"r3": {
|
||||
"classification": "unknown",
|
||||
"evidence": null,
|
||||
"reason": "decompiler dataflow: block_entry",
|
||||
"register": "R3",
|
||||
"value": null,
|
||||
"value_hex": null
|
||||
},
|
||||
"table_hints": [],
|
||||
"target": 15956,
|
||||
"target_hex": "H'3E54",
|
||||
"window_instruction_count": 0,
|
||||
"window_start": 9896,
|
||||
"window_start_hex": "H'26A8"
|
||||
},
|
||||
{
|
||||
"address": 18726,
|
||||
"address_hex": "H'4926",
|
||||
"assessment": "Direct static enqueue source for 0x00f6, not 0x0007.",
|
||||
"can_directly_enqueue_report_index": false,
|
||||
"dataflow_block": 18709,
|
||||
"function_label": "loc_48FA",
|
||||
"function_start": 18682,
|
||||
"function_start_hex": "H'48FA",
|
||||
"instruction": "BSR loc_3E54",
|
||||
"r2": {
|
||||
"bit7": true,
|
||||
"classification": "constant",
|
||||
"evidence": {
|
||||
"address": 18721,
|
||||
"address_hex": "H'4921",
|
||||
"instruction": "MOV:E.B #H'80, R2",
|
||||
"mnemonic": "MOV:E.B",
|
||||
"operands": "#H'80, R2"
|
||||
},
|
||||
"reason": "immediate load",
|
||||
"register": "R2",
|
||||
"value": 128,
|
||||
"value_hex": "0x80"
|
||||
},
|
||||
"r3": {
|
||||
"classification": "constant",
|
||||
"evidence": {
|
||||
"address": 18723,
|
||||
"address_hex": "H'4923",
|
||||
"instruction": "MOV:I.W #H'00F6, R3",
|
||||
"mnemonic": "MOV:I.W",
|
||||
"operands": "#H'00F6, R3"
|
||||
},
|
||||
"reason": "immediate load",
|
||||
"register": "R3",
|
||||
"value": 246,
|
||||
"value_hex": "0x00F6"
|
||||
},
|
||||
"table_hints": [],
|
||||
"target": 15956,
|
||||
"target_hex": "H'3E54",
|
||||
"window_instruction_count": 5,
|
||||
"window_start": 18709,
|
||||
"window_start_hex": "H'4915"
|
||||
}
|
||||
],
|
||||
"caveats": [
|
||||
"This is a bounded local static trace, not an emulator run.",
|
||||
"R3 values classified as dynamic/table-derived may still become 0x0007 at runtime.",
|
||||
"Indirect dispatch, table handlers, interrupt interleavings, or callers absent from the JSON may still enqueue 0x0007.",
|
||||
"The generic queue-to-TX path only emits queued entries; this tracer looks for direct report-index sources at loc_3E54 callers."
|
||||
],
|
||||
"kind": "report_source_trace",
|
||||
"queue_function": 15956,
|
||||
"queue_function_hex": "H'3E54",
|
||||
"report_index_of_interest": 7,
|
||||
"report_index_of_interest_hex": "0x0007",
|
||||
"summary": {
|
||||
"conclusion": "No direct loc_3E54 caller in this JSON statically loads report index 0x0007. 0x0007 remains an observed runtime/capture value unless another indirect or table-dispatch path is proven.",
|
||||
"direct_call_count": 5,
|
||||
"direct_static_hit_count": 0,
|
||||
"dynamic_or_unknown_candidate_count": 3,
|
||||
"status": "not_statically_proven"
|
||||
}
|
||||
}
|
||||
32
build/rom_report_sources.txt
Normal file
32
build/rom_report_sources.txt
Normal file
@@ -0,0 +1,32 @@
|
||||
H8/536 loc_3E54 Report Source Trace
|
||||
|
||||
Queue function: H'3E54
|
||||
Report index of interest: 0x0007
|
||||
Direct callers: 5
|
||||
Direct static 0x0007 hits: 0
|
||||
Dynamic/unknown candidates: 3
|
||||
|
||||
Conclusion: No direct loc_3E54 caller in this JSON statically loads report index 0x0007. 0x0007 remains an observed runtime/capture value unless another indirect or table-dispatch path is proven.
|
||||
|
||||
Call sites:
|
||||
- H'15F6 in loc_15E0: R2.bit7=set, R3=0x0081 (constant); direct_0x0007=False
|
||||
R2 evidence: H'15F1 MOV:E.B #H'80, R2
|
||||
R3 evidence: H'15F3 MOV:I.W #H'0081, R3
|
||||
- H'1A11 in loc_19DB: R2.bit7=set, R3=<dynamic> (dynamic/table-derived); direct_0x0007=False
|
||||
R2 evidence: H'1A0D MOV:E.B #H'80, R2
|
||||
R3 evidence: H'1A0F MOV:G.W R5, R3
|
||||
table/context hints: H'1A09 current_value_table_candidate via @(-H'1800,R3)
|
||||
- H'1A79 in loc_1A35: R2.bit7=set, R3=<dynamic> (dynamic/table-derived); direct_0x0007=False
|
||||
R2 evidence: H'1A75 MOV:E.B #H'80, R2
|
||||
R3 evidence: H'1A77 MOV:G.W R5, R3
|
||||
table/context hints: H'1A71 current_value_table_candidate via @(-H'1800,R3)
|
||||
- H'26A8 in loc_2650: R2.bit7=unknown, R3=<dynamic> (unknown); direct_0x0007=False
|
||||
- H'4926 in loc_48FA: R2.bit7=set, R3=0x00F6 (constant); direct_0x0007=False
|
||||
R2 evidence: H'4921 MOV:E.B #H'80, R2
|
||||
R3 evidence: H'4923 MOV:I.W #H'00F6, R3
|
||||
|
||||
Caveats:
|
||||
- This is a bounded local static trace, not an emulator run.
|
||||
- R3 values classified as dynamic/table-derived may still become 0x0007 at runtime.
|
||||
- Indirect dispatch, table handlers, interrupt interleavings, or callers absent from the JSON may still enqueue 0x0007.
|
||||
- The generic queue-to-TX path only emits queued entries; this tracer looks for direct report-index sources at loc_3E54 callers.
|
||||
Reference in New Issue
Block a user