1Instruction Explanation 200xxxxxx vsp = vsp + (xxxxxx << 2) + 4. Covers range 0x04-0x100 inclusive 301xxxxxx vsp = vsp – (xxxxxx << 2) - 4. Covers range 0x04-0x100 inclusive 410000000 00000000 Refuse to unwind (for example, out of a cleanup) (see remark a) 51000iiii iiiiiiii (i not a ll 0) Pop up to 12 integer registers under masks {r15-r12}, {r11-r4} (see remark b) 61001nnnn ( nnnn != 13,15) Set vsp = r[nnnn] 710011101 Reserved as prefix for ARM register to register moves 810011111 Reserved as prefix for Intel Wireless MMX register to register moves 910100nnn Pop r4-r[4+nnn] 1010101nnn Pop r4-r[4+nnn], r14 1110110000 Finish (see remark c) 1210110001 00000000 Spare (see remark f) 1310110001 0000iiii ( i not all 0) Pop integer registers under mask {r3, r2, r1, r0} 1410110001 xxxxyyyy Spare (xxxx != 0000) 1510110010 uleb128 vsp = vsp + 0x204+ (uleb128 << 2) (for vsp increments of 0x104-0x200, use 00xxxxxx twice) 1610110011 sssscccc Pop VFP double-precision registers D[ssss]-D[ssss+cccc] saved (as if) by FSTMFDX (see remark d) 17101101nn Spare (was Pop FPA) 1810111nnn Pop VFP double-precision registers D[8]-D[8+nnn] saved (as if) by FSTMFDX (seeremark d) 1911000nnn (nnn != 6,7) Intel Wireless MMX pop wR[10]-wR[10+nnn] 2011000110 sssscccc Intel Wireless MMX pop wR[ssss]-wR[ssss+cccc] (see remark e) 2111000111 00000000 Spare 2211000111 0000iiii Intel Wireless MMX pop wCGR registers under mask {wCGR3,2,1,0} 2311000111 xxxxyyyy Spare (xxxx != 0000) 2411001000 sssscccc Pop VFP double precision registers D[16+ssss]-D[16+ssss+cccc] saved (as if) by VPUSH (see remarks d,e) 2511001001 sssscccc Pop VFP double precision registers D[ssss]-D[ssss+cccc] saved (as if) by VPUSH (see remark d) 2611001yyy Spare (yyy != 000, 001) 2711010nnn Pop VFP double-precision registers D[8]-D[8+nnn] saved (as if) by VPUSH (seeremark d) 2811xxxyyy Spare (xxx != 000, 001, 010) 29 30 31QUT encode for 32-bit: 3200nn nnnn : vsp = vsp + (nnnnnn << 2) ; # (nnnnnnn << 2) in [0, 0xfc] 3301nn nnnn : vsp = vsp - (nnnnnn << 2) ; # (nnnnnnn << 2) in [0, 0xfc] 34 351000 0000 : vsp = r7 ; # r7 is fp reg in thumb mode 361000 0001 : vsp = r7 + 8, lr = [vsp - 4], sp = [vsp - 8] ; # Have prologue 371000 0010 : vsp = r11 ; # r11 is fp reg in arm mode 381000 0011 : vsp = r11 + 8, lr = [vsp - 4], sp = [vsp - 8] ; # Have prologue 391000 0100 : vsp = sp ; # XXX 40 411000 0101 0nnn nnnn : vsp = r7 + (nnnnnnn << 2) ; 421000 0110 0nnn nnnn : vsp = r11 + (nnnnnnn << 2) ; 43 441001 0101 0nnn nnnn : vsp = r10 + (nnnnnnn << 2) ; # (nnnnnnn << 2) in [0, 0x1fc], 0nnnnnnn is an one byte ULEB128 451001 0110 + SLEB128 : vsp = SLEB128 ; # vsp set by IMM 46 471001 0111 : dex_pc = r4 ; # Dex pc is saved in r4 48 491001 1001 : End of instructions ; 501001 1111 : Finish ; 51 521010 nnnn : r4 = [vsp - (nnnn << 2)] ; # (nnnn << 2) in [0, 0x3c] 531011 nnnn : r7 = [vsp - (nnnn << 2)] ; # Same as above 541100 nnnn : r10 = [vsp - (nnnn << 2)] ; # Same as above. r10 will be used while unwinding through JNI function 551101 nnnn : r11 = [vsp - (nnnn << 2)] ; # Same as above 561110 nnnn : lr = [vsp - (nnnn << 2)] ; # Same as above 57 581111 0xxx : Reserved ; 591111 1000 : Reserved ; 60 611111 1001 + SLEB128 : r7 = [vsp - SLEB128] ; # [addr] means get value from pointed by addr 621111 1010 + SLEB128 : r10 = [vsp - SLEB128] ; # Same as above 631111 1011 + SLEB128 : r11 = [vsp - SLEB128] ; # Same as above 641111 1100 + SLEB128 : sp = [vsp - SLEB128] ; # Same as above 651111 1101 + SLEB128 : lr = [vsp - SLEB128] ; # Same as above 661111 1110 + SLEB128 : pc = [vsp - SLEB128] ; # Same as above 67 681111 1111 + SLEB128 : vsp = vsp + SLEB128 ;