tricore: missing global variable reference/address detection

[XVilka]

Missing global variable reference in Erika3 OS:

$ rizin -A out/erika3app.elf
[0x8000433a]> pdf @ dbg.ErrorHook
        ╎   ; XREFS(28)
╭ void ErrorHook(StatusType Error)
│       ╎   ; arg StatusType Error @ d4
│       ╎   0x8000433a      910000f7       movh.a a15, #0x7000         ; Core0.c:105
│       ╎   0x8000433e      19ff1000       ld.w  d15, [a15]#0x10
│       ╎   0x80004342      3bf00f40       mov   d4, #0xff             ; Core0.c:109
│       ╎   0x80004346      c21f           add   d15, #1               ; Core0.c:108
│       ╎   0x80004348      59ff1000       st.w  [a15]#0x10, d15
╰       ╰─< 0x8000434c      1dff5afe       j led_blink                 ; Core0.c:109 ; sym.led_blink
[0x8000433a]> avg~myErrorCounter
global OsEE_reg myErrorCounter @ 0x70000010
[0x8000433a]> avgx myErrorCounter
[0x8000433a]>

But if you check the objdump output (erika3app.dump):

8000433a <ErrorHook>:

void ErrorHook(StatusType Error)
{
  (void)Error;

  ++myErrorCounter;
8000433a:	91 00 00 f7 	movh.a %a15,28672
8000433e:	19 ff 10 00 	ld.w %d15,[%a15]16 <70000010 <myErrorCounter>>
  led_blink(OSEE_TRIBOARD_2X5_ALL_LEDS);
80004342:	3b f0 0f 40 	mov %d4,255

void ErrorHook(StatusType Error)
{
  (void)Error;

  ++myErrorCounter;
80004346:	c2 1f       	add %d15,1
80004348:	59 ff 10 00 	st.w [%a15]16 <70000010 <myErrorCounter>>,%d15
  led_blink(OSEE_TRIBOARD_2X5_ALL_LEDS);
8000434c:	1d ff 5a fe 	j 80004000 <led_blink>

And the assembly output (obj/Core0.c.s):

	.align 1
	.global	ErrorHook
	.type	ErrorHook, @function
ErrorHook:
.LFB75:
	.loc 4 105 0
.LVL76:
	.loc 4 108 0
	movh.a	%a15, hi:myErrorCounter
	ld.w	%d15, [%a15] lo:myErrorCounter
	.loc 4 109 0
	mov	%d4, 255
.LVL77:
	.loc 4 108 0
	add	%d15, 1
	st.w	[%a15] lo:myErrorCounter, %d15
	.loc 4 109 0
	j	led_blink
.LVL78:
.LFE75:
	.size	ErrorHook, .-ErrorHook

And the preprocessor output file (obj/Core0.c.i):

OsEE_reg myErrorCounter;

void ErrorHook(StatusType Error)
{
  (void)Error;

  ++myErrorCounter;
  led_blink(OSEE_TRIBOARD_2X5_ALL_LEDS);
}

Please create also new test with global and static variables for Tricore, checking pdf, agvx and axt commands. I recommmend also checking other globals from Erika OS image.

[imbillow]

│       ╎   0x8000433a      910000f7       movh.a a15, #0x7000         ; Core0.c:105
│       ╎   0x8000433e      19ff1000       ld.w  d15, [a15]#0x10
│       ╎   0x80004342      3bf00f40       mov   d4, #0xff             ; Core0.c:109
│       ╎   0x80004346      c21f           add   d15, #1               ; Core0.c:108
│       ╎   0x80004348      59ff1000       st.w  [a15]#0x10, d15

In this case

a15 = 0x7000_0000
d15 = Mem[a15 + 0x10] = Mem[0x7000_0010] = myErrorCounter

but the instructions must be executed during disassembly to obtain this information.
I guess in some architectures esil is used to simulate execution? But tricore does not implement the esil function.

@XVilka

[XVilka]

@imbillow good point. Lets postpone this after implementing RzIL for Tricore: #3478

And since we plan to do also Tricore, MIPS, V850/V810 RzIL conversion, we will also migrate the analysis loop to use RzIL instead too: #2080