[CDG5] MPW code mysteries

Elliot Nunn elliotnunn at fastmail.com
Fri Dec 28 12:04:57 AWST 2018 

Beaten to it!

> On 28 Dec 2018, at 12:02 pm, Elliot Nunn <elliotnunn at fastmail.com> wrote:
> 
> I have to re-learn the AIX-style ABI every time I touch it, so bear with
> me.
> 
> Apple's docs reveal the implementation detail that every C function
> pointer is actually a pointer to a TVector.
> 
> (For those following along, a Transition Vector is an 8-byte structure
> consisting of a true code pointer and a pointer to the "Table of
> Contents" for that code. The TOC is analogous to an old-style 68k A5
> world, except that a called function can assume that r2 already points
> to the TOC on entry. Therefore functions that call outside their own
> code fragment must do so through glue code that sets r2 to the callee's
> TOC, and each such bl instruction must be followed by an instruction to
> restore r2 to sanity.)
> 
> So I'd just cast the function ptr to a TVector pointer and modify it
> that way:
> 
> (*(unsigned long **)funcPtr)[0] = 0xdeadbeefUL;
> 
>> On 28 Dec 2018, at 11:15 am, Max Poliakovski <maximumspatium at googlemail.com> wrote:
>> 
>> Fellow hackers,
>> 
>> I'm currently trying to get MPW 3.5 (from EMPW) to generate code closely resembling the original Trampoline.
>> 
>> While doing so, I immediately stumbled across two issues I cannot resolve. I must admit that my MPW skills are limited. I therefore hope to get some help from you.
>> 
>> 1) Trampoline's startup code initializes the RTOC as follows:
>> 
>>    mflr r11
>>    bl setup_rtoc
>>    DC.L 0x1001E8
>> setup_rtoc:
>>    mflr RTOC
>>    lwz RTOC, 0(RTOC)
>> 
>> The word in the 3rd line contains the base address of TOC. The value shown above is from Apple's binary. I replaced it with DC.L TOC[TC0] to make PPCAsm/PPCLink to stuff the correct value there. That unfortunately doesn't work. PPCAsm says:
>> 
>> ### Warning 3171 ### Treating 'TOC[TC0]' as a csect relative offset. Make sure to add it to its csect's TOC entry.
>> 
>> I don't understand this message. What do I need to put there in order to get the base address of TOC placed there?
>> 
>> 2) Trampoline's main() initializes the pointer to OF client interface right at the beginning. The code of interest looks like that:
>> 
>> lwz r9, CIPtr_TC(RTOC)
>> lisori r3, 0xdeadbeef
>> stw r5, 0(r9)
>> stw r3, 4(r9)
>> 
>> The pointer to the OF client dispatcher is in R5 (3rd argument of main). The TOC pointer is initialized to 0xDEADBEEF. That's exactly what I cannot reproduce. I defined a correct function pointer like that:
>> 
>> typedef long (*OfCiPtr)(CIArgs *args);
>> static OfCIPtr gCIPtr;
>> 
>> void main(int argc, int arg[], OfCiPtr ciPtr)
>> {
>>    gCIPtr = ciPtr;
>> }
>> 
>> When I initialize that global pointer gCIPtr with value from ciPtr (3rd argument), only the function address is written while the TOC value remains untouched. The compiled code looks like that:
>> 
>> lwz r9, CIPtr_TC(RTOC)
>> stw r5, 0(r9)
>> 
>> I wonder how Apple guys managed to put 0xDEADBEEF into TVector's TOC? Do you have any clue?
>> _______________________________________________
>> cdg5 mailing list
>> cdg5 at ucc.asn.au
>> https://lists.ucc.gu.uwa.edu.au/mailman/listinfo/cdg5
> 
> _______________________________________________
> cdg5 mailing list
> cdg5 at ucc.asn.au
> https://lists.ucc.gu.uwa.edu.au/mailman/listinfo/cdg5

More information about the cdg5 mailing list