marfrit
00d655187a
Three small functions extracted from the v1.19 conservative blob with
ground-truth C and per-tool (Ghidra / retdec / decomp.me) docs:
01_memset — byte memset, 28 B
02_memcpy32 — word-aligned memcpy, 36 B
03_magic_memset — magic check + tail-call to memset, 40 B
04_train_phy_block — first real poll-site function (104 B, 26 insts),
contains poll sites 12-15
Results in RESULTS.md:
- Ghidra: A on all four. Auto-decompile is close to final.
- retdec: A on #3, F on #1 and #2 (no register-arg inference on raw),
C on #4 (mistakes & 0xF0000000 for < 0x10000000).
GRIND_LOG.md (in 04_train_phy_block/) records the matching-decomp
iteration: 116-byte candidate.c at -Os vs vendor 104 bytes = 89.7%
size match on first real iteration. Remaining gap is GCC's choice of
`cmp w, w_const; b.ls` over vendor's `tst w, #imm; b.eq` for the
mask tests.
gdb_debug/ holds a native-aarch64 GDB single-stepper for the three
benchmark functions — boltzmann smoke test passed (memset:
buf[10] 0x00→0xab).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
18 lines
516 B
ArmAsm
18 lines
516 B
ArmAsm
|
|
03_magic_memset/func.bin: file format binary
|
|
|
|
|
|
Disassembly of section .data:
|
|
|
|
0000000000000da4 <.data>:
|
|
da4: b2731fe0 mov x0, #0x1fe000 // #2088960
|
|
da8: 52800021 mov w1, #0x1 // #1
|
|
dac: 72aa8821 movk w1, #0x5441, lsl #16
|
|
db0: b9400402 ldr w2, [x0, #4]
|
|
db4: 6b01005f cmp w2, w1
|
|
db8: 54000081 b.ne 0xdc8 // b.any
|
|
dbc: d2806582 mov x2, #0x32c // #812
|
|
dc0: 52800001 mov w1, #0x0 // #0
|
|
dc4: 17ffff3a b 0xaac
|
|
dc8: d65f03c0 ret
|