[RFA] ARM : prologue scan

[RFA] ARM : prologue scan

[Jerome Guitton]

[-- Attachment #1: Type: text/plain, Size: 1791 bytes --]


Here is a patch to improve the interpretation of the prologue for the
ARM targets.  Consider this C code :

void r() {
  void s () {
  }

  void q () {
    s();
  }

  q();
}

with GCC 3.2.3 configured for xscale-elf, this assembler is generated:

[...]

q.1:
        @ Nested: function declared inside another function.
        @ args = 0, pretend = 0, frame = 4
        @ frame_needed = 1, uses_anonymous_args = 0
        str     ip, [sp, #-4]!
        add     ip, sp, #4
        stmfd   sp!, {fp, ip, lr, pc}
        sub     fp, ip, #8
        ldr     ip, [fp, #4]
        @ ip needed for prologue
        sub     sp, sp, #4
        str     ip, [fp, #-16]
        mov     r3, ip
        mov     ip, r3
        bl      s.0
        ldmea   fp, {fp, sp, pc}
.Lfe2:

[...]

The prologue is compliant with the ARM Thumb procedure call standard, but
GDB is not able to interprete the instruction "add     ip, sp, #4",
and builds a bogus backtrace:

(gdb) l r.c:2
1       void r() {
2         void s () {
3         }
4
5         void q () {
6           s();
7         }
8
9         q();
10      }
(gdb) b 2
Breakpoint 1 at 0x0: file r.c, line 2.
(gdb) r r
Starting program: /cardiff.a/guitton/fsf/gdb/tmp/r.o r

Breakpoint 1, s.0 () at r.c:2
2         void s () {
(gdb) bt
#0  s.0 () at r.c:2
#1  q.1 () at r.c:6
#2  0xa2eebb940 in system__exception_table__exception_htable__iterator_indexXn
(gdb)

This patch adds the interpretation of the missing "add" (resp. "sub")
instruction. I have run the testsuite with the simulator, and I
found no regression; but there was a lot of test that failed, so I have
some suspicion on my setup. Can someone give me the average success/failure
on this target, or (even better :-) test it on his own setup?
Is the arm simulator (HEAD) reliable?

-- 
Jerome


[-- Attachment #2: arm_bt.dif --]
[-- Type: text/plain, Size: 2395 bytes --]

2003-07-21  J. Guitton  <guitton@gnat.com>

	* arm-tdep.c (arm_skip_prologue): Add the handling of "sub ip, sp #n"
	and "add ip, sp #n", as these instructions can be found in a ATPCS
	compliant prologue.
	(arm_scan_prologue): Ditto.

Index: arm-tdep.c
===================================================================
RCS file: /cvs/src/src/gdb/arm-tdep.c,v
retrieving revision 1.143
diff -3 -u -p -r1.143 arm-tdep.c
--- arm-tdep.c	13 Jun 2003 14:15:51 -0000	1.143
+++ arm-tdep.c	21 Jul 2003 14:02:01 -0000
@@ -449,6 +449,12 @@ arm_skip_prologue (CORE_ADDR pc)
       if (inst == 0xe1a0c00d)			/* mov ip, sp */
 	continue;
 
+      if ((inst & 0xfffff000) == 0xe28dc000)    /* add ip, sp #n */
+	continue;
+
+      if ((inst & 0xfffff000) == 0xe24dc000)    /* sub ip, sp #n */
+	continue;
+
       /* Some prologues begin with "str lr, [sp, #-4]!".  */
       if (inst == 0xe52de004)			/* str lr, [sp, #-4]! */
 	continue;
@@ -708,7 +714,7 @@ thumb_scan_prologue (struct frame_info *
 static void
 arm_scan_prologue (struct frame_info *fi)
 {
-  int regno, sp_offset, fp_offset;
+  int regno, sp_offset, fp_offset, ip_offset;
   LONGEST return_value;
   CORE_ADDR prologue_start, prologue_end, current_pc;
 
@@ -809,6 +815,23 @@ arm_scan_prologue (struct frame_info *fi
 
       if (insn == 0xe1a0c00d)		/* mov ip, sp */
 	{
+	  ip_offset = 0;
+	  continue;
+	}
+      else if ((insn & 0xfffff000) == 0xe28dc000) /* add ip, sp #n */
+	{
+	  unsigned imm = insn & 0xff;                   /* immediate value */
+	  unsigned rot = (insn & 0xf00) >> 7;           /* rotate amount */
+	  imm = (imm >> rot) | (imm << (32 - rot));
+	  ip_offset = imm;
+	  continue;
+	}
+      else if ((insn & 0xfffff000) == 0xe24dc000) /* sub ip, sp #n */
+	{
+	  unsigned imm = insn & 0xff;                   /* immediate value */
+	  unsigned rot = (insn & 0xf00) >> 7;           /* rotate amount */
+	  imm = (imm >> rot) | (imm << (32 - rot));
+	  ip_offset = -imm;
 	  continue;
 	}
       else if (insn == 0xe52de004)	/* str lr, [sp, #-4]! */
@@ -858,7 +881,7 @@ arm_scan_prologue (struct frame_info *fi
 	  unsigned imm = insn & 0xff;			/* immediate value */
 	  unsigned rot = (insn & 0xf00) >> 7;		/* rotate amount */
 	  imm = (imm >> rot) | (imm << (32 - rot));
-	  sp_offset -= imm;
+	  sp_offset -= imm + ip_offset;
 	}
       else if ((insn & 0xffff7fff) == 0xed6d0103)	/* stfe f?, [sp, -#c]! */
 	{

Re: [RFA] ARM : prologue scan

[Daniel Jacobowitz]

On Mon, Jul 21, 2003 at 04:27:42PM +0200, Jerome Guitton wrote:
> This patch adds the interpretation of the missing "add" (resp. "sub")
> instruction. I have run the testsuite with the simulator, and I
> found no regression; but there was a lot of test that failed, so I have
> some suspicion on my setup. Can someone give me the average success/failure
> on this target, or (even better :-) test it on his own setup?
> Is the arm simulator (HEAD) reliable?

I was getting about fifty failures, mostly from a testsuite bug in
fileio.exp, IIRC.

-- 
Daniel Jacobowitz
MontaVista Software                         Debian GNU/Linux Developer

Re: [RFA] ARM : prologue scan

[Jerome Guitton]

Daniel Jacobowitz (drow@mvista.com):

> I was getting about fifty failures, mostly from a testsuite bug in
> fileio.exp, IIRC.

Hum, nothing to do with my 2802 unexpected failures. I will try to fix
my setup. Is there a documentation for the arm simulator?

Re: [RFA] ARM : prologue scan

[Daniel Jacobowitz]

On Mon, Jul 21, 2003 at 04:38:24PM +0200, Jerome Guitton wrote:
> Daniel Jacobowitz (drow@mvista.com):
> 
> > I was getting about fifty failures, mostly from a testsuite bug in
> > fileio.exp, IIRC.
> 
> Hum, nothing to do with my 2802 unexpected failures. I will try to fix
> my setup. Is there a documentation for the arm simulator?

Not really.  You just need to have arm-elf-run and arm-elf-gcc and
arm-elf-g++ in your path and use --target_board arm-sim...

-- 
Daniel Jacobowitz
MontaVista Software                         Debian GNU/Linux Developer

Re: [RFA] ARM : prologue scan

[Jerome Guitton]

Daniel Jacobowitz (drow@mvista.com):

> Not really.  You just need to have arm-elf-run and arm-elf-gcc and
> arm-elf-g++ in your path and use --target_board arm-sim...

First error, I forgot to build g++. But that doesn't explain the
number of regressions.

With which tool am I supposed to used the option --target_board?

-- 
Jerome

Re: [RFA] ARM : prologue scan

[Daniel Jacobowitz]

On Mon, Jul 21, 2003 at 05:20:44PM +0200, Jerome Guitton wrote:
> Daniel Jacobowitz (drow@mvista.com):
> 
> > Not really.  You just need to have arm-elf-run and arm-elf-gcc and
> > arm-elf-g++ in your path and use --target_board arm-sim...
> 
> First error, I forgot to build g++. But that doesn't explain the
> number of regressions.
> 
> With which tool am I supposed to used the option --target_board?

Put it in RUNTESTFLAGS.  If you search gcc.gnu.org, there is a SIMTEST
HOWTO somewhere that explains in great detail; most of it applies to
GDB too.

-- 
Daniel Jacobowitz
MontaVista Software                         Debian GNU/Linux Developer

Re: [RFA] ARM : prologue scan

[Jerome Guitton]

Daniel Jacobowitz (drow@mvista.com):

> Put it in RUNTESTFLAGS.  If you search gcc.gnu.org, there is a SIMTEST
> HOWTO somewhere that explains in great detail; most of it applies to
> GDB too.

Found it. Thank you for your help!

-- 
Jerome

Re: [RFA] ARM : prologue scan

[Jerome Guitton]

Jerome Guitton (guitton@act-europe.fr):

> This patch adds the interpretation of the missing "add" (resp. "sub")
> instruction. I have run the testsuite with the simulator, and I
> found no regression; but there was a lot of test that failed, so I have
> some suspicion on my setup.

I have fixed my simulator (thank you Daniel!) and run the testsuite.
No regression, no test fixed.

-- 
Jerome

Re: [RFA] ARM : prologue scan

[Jerome Guitton]

[-- Attachment #1: Type: text/plain, Size: 141 bytes --]


I have done some minor corrections on the previous patch, discard it.
In attachment, the new version. No regression, no fixed.

-- 
Jerome.

[-- Attachment #2: arm_bt.dif --]
[-- Type: text/plain, Size: 2775 bytes --]

2003-07-21  J. Guitton  <guitton@gnat.com>

	* arm-tdep.c (arm_skip_prologue): Add the handling of "sub ip, sp #n"
	and "add ip, sp #n", as these instructions can be found in a ATPCS
	compliant prologue.
	(arm_scan_prologue): Ditto.

Index: arm-tdep.c
===================================================================
RCS file: /cvs/src/src/gdb/arm-tdep.c,v
retrieving revision 1.143
diff -u -3 -p -r1.143 arm-tdep.c
--- arm-tdep.c	13 Jun 2003 14:15:51 -0000	1.143
+++ arm-tdep.c	22 Jul 2003 11:43:10 -0000
@@ -449,6 +449,12 @@ arm_skip_prologue (CORE_ADDR pc)
       if (inst == 0xe1a0c00d)			/* mov ip, sp */
 	continue;
 
+      if ((inst & 0xfffff000) == 0xe28dc000)    /* add ip, sp #n */
+	continue;
+
+      if ((inst & 0xfffff000) == 0xe24dc000)    /* sub ip, sp #n */
+	continue;
+
       /* Some prologues begin with "str lr, [sp, #-4]!".  */
       if (inst == 0xe52de004)			/* str lr, [sp, #-4]! */
 	continue;
@@ -708,7 +714,7 @@ thumb_scan_prologue (struct frame_info *
 static void
 arm_scan_prologue (struct frame_info *fi)
 {
-  int regno, sp_offset, fp_offset;
+  int regno, sp_offset, fp_offset, ip_offset;
   LONGEST return_value;
   CORE_ADDR prologue_start, prologue_end, current_pc;
 
@@ -799,7 +805,7 @@ arm_scan_prologue (struct frame_info *fi
      in which case it is often (but not always) replaced by
      "str lr, [sp, #-4]!".  - Michael Snyder, 2002-04-23]  */
 
-  sp_offset = fp_offset = 0;
+  sp_offset = fp_offset = ip_offset = 0;
 
   for (current_pc = prologue_start;
        current_pc < prologue_end;
@@ -809,6 +815,23 @@ arm_scan_prologue (struct frame_info *fi
 
       if (insn == 0xe1a0c00d)		/* mov ip, sp */
 	{
+	  ip_offset = 0;
+	  continue;
+	}
+      else if ((insn & 0xfffff000) == 0xe28dc000) /* add ip, sp #n */
+	{
+	  unsigned imm = insn & 0xff;                   /* immediate value */
+	  unsigned rot = (insn & 0xf00) >> 7;           /* rotate amount */
+	  imm = (imm >> rot) | (imm << (32 - rot));
+	  ip_offset = imm;
+	  continue;
+	}
+      else if ((insn & 0xfffff000) == 0xe24dc000) /* sub ip, sp #n */
+	{
+	  unsigned imm = insn & 0xff;                   /* immediate value */
+	  unsigned rot = (insn & 0xf00) >> 7;           /* rotate amount */
+	  imm = (imm >> rot) | (imm << (32 - rot));
+	  ip_offset = -imm;
 	  continue;
 	}
       else if (insn == 0xe52de004)	/* str lr, [sp, #-4]! */
@@ -850,7 +873,7 @@ arm_scan_prologue (struct frame_info *fi
 	  unsigned imm = insn & 0xff;			/* immediate value */
 	  unsigned rot = (insn & 0xf00) >> 7;		/* rotate amount */
 	  imm = (imm >> rot) | (imm << (32 - rot));
-	  fp_offset = -imm;
+	  fp_offset = -imm + ip_offset;
 	  get_frame_extra_info (fi)->framereg = ARM_FP_REGNUM;
 	}
       else if ((insn & 0xfffff000) == 0xe24dd000)	/* sub sp, sp #n */

Ping: [RFA] ARM : prologue scan

[Jerome Guitton]

No reaction about this patch... Any opinion from the ARM maintainers?
This patch should not interfere with Daniel Jacobowitz' work to modernize
the arm-tdep.c.

Jerome Guitton (guitton@act-europe.fr):

> 
> I have done some minor corrections on the previous patch, discard it.
> In attachment, the new version. No regression, no fixed.
> 
> -- 
> Jerome.

> 2003-07-21  J. Guitton  <guitton@gnat.com>
> 
> 	* arm-tdep.c (arm_skip_prologue): Add the handling of "sub ip, sp #n"
> 	and "add ip, sp #n", as these instructions can be found in a ATPCS
> 	compliant prologue.
> 	(arm_scan_prologue): Ditto.
> 
> Index: arm-tdep.c
> ===================================================================
> RCS file: /cvs/src/src/gdb/arm-tdep.c,v
> retrieving revision 1.143
> diff -u -3 -p -r1.143 arm-tdep.c
> --- arm-tdep.c	13 Jun 2003 14:15:51 -0000	1.143
> +++ arm-tdep.c	22 Jul 2003 11:43:10 -0000
> @@ -449,6 +449,12 @@ arm_skip_prologue (CORE_ADDR pc)
>        if (inst == 0xe1a0c00d)			/* mov ip, sp */
>  	continue;
>  
> +      if ((inst & 0xfffff000) == 0xe28dc000)    /* add ip, sp #n */
> +	continue;
> +
> +      if ((inst & 0xfffff000) == 0xe24dc000)    /* sub ip, sp #n */
> +	continue;
> +
>        /* Some prologues begin with "str lr, [sp, #-4]!".  */
>        if (inst == 0xe52de004)			/* str lr, [sp, #-4]! */
>  	continue;
> @@ -708,7 +714,7 @@ thumb_scan_prologue (struct frame_info *
>  static void
>  arm_scan_prologue (struct frame_info *fi)
>  {
> -  int regno, sp_offset, fp_offset;
> +  int regno, sp_offset, fp_offset, ip_offset;
>    LONGEST return_value;
>    CORE_ADDR prologue_start, prologue_end, current_pc;
>  
> @@ -799,7 +805,7 @@ arm_scan_prologue (struct frame_info *fi
>       in which case it is often (but not always) replaced by
>       "str lr, [sp, #-4]!".  - Michael Snyder, 2002-04-23]  */
>  
> -  sp_offset = fp_offset = 0;
> +  sp_offset = fp_offset = ip_offset = 0;
>  
>    for (current_pc = prologue_start;
>         current_pc < prologue_end;
> @@ -809,6 +815,23 @@ arm_scan_prologue (struct frame_info *fi
>  
>        if (insn == 0xe1a0c00d)		/* mov ip, sp */
>  	{
> +	  ip_offset = 0;
> +	  continue;
> +	}
> +      else if ((insn & 0xfffff000) == 0xe28dc000) /* add ip, sp #n */
> +	{
> +	  unsigned imm = insn & 0xff;                   /* immediate value */
> +	  unsigned rot = (insn & 0xf00) >> 7;           /* rotate amount */
> +	  imm = (imm >> rot) | (imm << (32 - rot));
> +	  ip_offset = imm;
> +	  continue;
> +	}
> +      else if ((insn & 0xfffff000) == 0xe24dc000) /* sub ip, sp #n */
> +	{
> +	  unsigned imm = insn & 0xff;                   /* immediate value */
> +	  unsigned rot = (insn & 0xf00) >> 7;           /* rotate amount */
> +	  imm = (imm >> rot) | (imm << (32 - rot));
> +	  ip_offset = -imm;
>  	  continue;
>  	}
>        else if (insn == 0xe52de004)	/* str lr, [sp, #-4]! */
> @@ -850,7 +873,7 @@ arm_scan_prologue (struct frame_info *fi
>  	  unsigned imm = insn & 0xff;			/* immediate value */
>  	  unsigned rot = (insn & 0xf00) >> 7;		/* rotate amount */
>  	  imm = (imm >> rot) | (imm << (32 - rot));
> -	  fp_offset = -imm;
> +	  fp_offset = -imm + ip_offset;
>  	  get_frame_extra_info (fi)->framereg = ARM_FP_REGNUM;
>  	}
>        else if ((insn & 0xfffff000) == 0xe24dd000)	/* sub sp, sp #n */

Re: [RFA] ARM : prologue scan

[Richard Earnshaw]

> 
> I have done some minor corrections on the previous patch, discard it.
> In attachment, the new version. No regression, no fixed.
> 
> -- 
> Jerome.
> 
> 2003-07-21  J. Guitton  <guitton@gnat.com>
> 
> 	* arm-tdep.c (arm_skip_prologue): Add the handling of "sub ip, sp #n"
> 	and "add ip, sp #n", as these instructions can be found in a ATPCS
> 	compliant prologue.
> 	(arm_scan_prologue): Ditto.

I don't think there are ever any circumstances when a SUB instruction 
would be used.  To do so would imply that on return we want to leave space 
allocated on the stack.  However, it doesn't really harm.

Secondly, and this applies only to the ChangeLog entry itself, this entry 
sequence is nothing to do with the ATPCS (the A*T*PCS doesn't even 
sanction the use of a frame pointer).  Supporting nested functions is at 
best a gcc extension (at worst it's a gcc hack).  Anyway, it's not normal 
to put the reason for a change in a CL entry, so just truncate the 
sentence to read:

> 2003-07-21  J. Guitton  <guitton@gnat.com>
> 
> 	* arm-tdep.c (arm_skip_prologue): Handle "sub ip, sp #n" and
> 	"add ip, sp #n" in the prologue.
> 	(arm_scan_prologue): Ditto.

With that change, this is OK.

R.

Re: [RFA] ARM : prologue scan

[Joel Brobecker]

> Supporting nested functions is at best a gcc extension (at worst it's
> a gcc hack).

I agree if you are refering to C. But nested functions are legal in Ada.
Are there any other languages that GCC supports where nested functions
are also legal?

-- 
Joel

Re: [RFA] ARM : prologue scan

[Richard Earnshaw]

> > Supporting nested functions is at best a gcc extension (at worst it's
> > a gcc hack).
> 
> I agree if you are refering to C. But nested functions are legal in Ada.
> Are there any other languages that GCC supports where nested functions
> are also legal?

Well, Pascal would be the obvious answer.  But that's not integrated into 
standard GCC.

R.

Re: [RFA] ARM : prologue scan

[Jerome Guitton]

Richard Earnshaw (rearnsha@arm.com):

> > 2003-07-21  J. Guitton  <guitton@gnat.com>
> >
> > 	* arm-tdep.c (arm_skip_prologue): Add the handling of "sub ip, sp #n"
> > 	and "add ip, sp #n", as these instructions can be found in a ATPCS
> > 	compliant prologue.
> > 	(arm_scan_prologue): Ditto.
>
> Secondly, and this applies only to the ChangeLog entry itself, this entry
> sequence is nothing to do with the ATPCS (the A*T*PCS doesn't even
> sanction the use of a frame pointer).

You are right. I got confused by these comments:

   The APCS (ARM Procedure Call Standard) defines the following
   prologue:

   mov          ip, sp
   [stmfd       sp!, {a1,a2,a3,a4}]
   stmfd        sp!, {...,fp,ip,lr,pc}
   [stfe        f7, [sp, #-12]!]
   [stfe        f6, [sp, #-12]!]
   [stfe        f5, [sp, #-12]!]
   [stfe        f4, [sp, #-12]!]
   sub fp, ip, #nn @@ nn == 20 or 4 depending on second insn */

I didn't see this definition in the ARM Thumb Procedure Call Standard... 
Is the ARM Procedure Call Standard a different document? If so, what is
its status (Does the ATPCS make the APCS obsolete?) and where can I find
it?

>  Anyway, it's not normal
> to put the reason for a change in a CL entry, so just truncate the
> sentence to read:

I used to thought that it was the most important part of the CL entry.
The change itself in the code, the reason in the CL... I guess I am wrong.

> With that change, this is OK.

Thank you very much for your review!

-- 
Jerome

Re: [RFA] ARM : prologue scan

[Richard Earnshaw]

> Richard Earnshaw (rearnsha@arm.com):
> 
> > > 2003-07-21  J. Guitton  <guitton@gnat.com>
> > >
> > > 	* arm-tdep.c (arm_skip_prologue): Add the handling of "sub ip, sp #n"
> > > 	and "add ip, sp #n", as these instructions can be found in a ATPCS
> > > 	compliant prologue.
> > > 	(arm_scan_prologue): Ditto.
> >
> > Secondly, and this applies only to the ChangeLog entry itself, this entry
> > sequence is nothing to do with the ATPCS (the A*T*PCS doesn't even
> > sanction the use of a frame pointer).
> 
> You are right. I got confused by these comments:
> 
>    The APCS (ARM Procedure Call Standard) defines the following
>    prologue:
> 
>    mov          ip, sp
>    [stmfd       sp!, {a1,a2,a3,a4}]
>    stmfd        sp!, {...,fp,ip,lr,pc}
>    [stfe        f7, [sp, #-12]!]
>    [stfe        f6, [sp, #-12]!]
>    [stfe        f5, [sp, #-12]!]
>    [stfe        f4, [sp, #-12]!]
>    sub fp, ip, #nn @@ nn == 20 or 4 depending on second insn */
> 
> I didn't see this definition in the ARM Thumb Procedure Call Standard... 
> Is the ARM Procedure Call Standard a different document? If so, what is
> its status (Does the ATPCS make the APCS obsolete?) and where can I find
> it?
> 

The APCS is obsolete (it predates Thumb), you might find some documents on 
the web if you look hard enough, but I wouldn't bet on it these days.  
Nevertheless, it's what ARM/Linux is currently based upon, so its usage is 
not.

ARM/Linux substantially uses the minor variant APCS-R, but updated for use 
on 32-bit mode.

R.

Re: [RFA] ARM : prologue scan

[Jerome Guitton]

Richard Earnshaw (rearnsha@arm.com):

> The APCS is obsolete (it predates Thumb), you might find some documents on 
> the web if you look hard enough, but I wouldn't bet on it these days.  
> Nevertheless, it's what ARM/Linux is currently based upon, so its usage is 
> not.

OK, understood. Thank you!

-- 
Jerome

Re: [RFA] ARM : prologue scan

[Jerome Guitton]

Jerome Guitton (guitton@act-europe.fr):

> > With that change, this is OK.
> 
> Thank you very much for your review!

I still don't have committed this change, for the simple reason that I don't
have (yet) a write-after-approval access to the GDB repository. Can someone
give me the procedure to get a RW access?

-- 
Jerome

[commit] ARM : prologue scan

[Jerome Guitton]

[-- Attachment #1: Type: text/plain, Size: 208 bytes --]

Jerome Guitton (guitton@act-europe.fr):

> I still don't have committed this change, for the simple reason that I don't

patch merged with the current version of arm-tdep.c (head), and
committed.

-- 
Jerome

[-- Attachment #2: arm_bt.dif --]
[-- Type: text/plain, Size: 3478 bytes --]

2003-09-25  Jerome Guitton  <guitton@act-europe.fr>

	* arm-tdep.c (arm_skip_prologue): Handle "sub ip, sp #n" and
	"add ip, sp #n" in the prologue.
	(arm_scan_prologue): Ditto.

Index: arm-tdep.c
===================================================================
RCS file: /cvs/src/src/gdb/arm-tdep.c,v
retrieving revision 1.150
diff -c -r1.150 arm-tdep.c
*** arm-tdep.c	14 Sep 2003 16:32:12 -0000	1.150
--- arm-tdep.c	25 Sep 2003 14:15:51 -0000
***************
*** 455,460 ****
--- 455,466 ----
        if (inst == 0xe1a0c00d)			/* mov ip, sp */
  	continue;
  
+       if ((inst & 0xfffff000) == 0xe28dc000)    /* add ip, sp #n */
+ 	continue;
+ 
+       if ((inst & 0xfffff000) == 0xe24dc000)    /* sub ip, sp #n */
+ 	continue;
+ 
        /* Some prologues begin with "str lr, [sp, #-4]!".  */
        if (inst == 0xe52de004)			/* str lr, [sp, #-4]! */
  	continue;
***************
*** 707,713 ****
  static void
  arm_scan_prologue (struct frame_info *next_frame, struct arm_prologue_cache *cache)
  {
!   int regno, sp_offset, fp_offset;
    CORE_ADDR prologue_start, prologue_end, current_pc;
    CORE_ADDR prev_pc = frame_pc_unwind (next_frame);
  
--- 713,719 ----
  static void
  arm_scan_prologue (struct frame_info *next_frame, struct arm_prologue_cache *cache)
  {
!   int regno, sp_offset, fp_offset, ip_offset;
    CORE_ADDR prologue_start, prologue_end, current_pc;
    CORE_ADDR prev_pc = frame_pc_unwind (next_frame);
  
***************
*** 808,814 ****
       in which case it is often (but not always) replaced by
       "str lr, [sp, #-4]!".  - Michael Snyder, 2002-04-23]  */
  
!   sp_offset = fp_offset = 0;
  
    for (current_pc = prologue_start;
         current_pc < prologue_end;
--- 814,820 ----
       in which case it is often (but not always) replaced by
       "str lr, [sp, #-4]!".  - Michael Snyder, 2002-04-23]  */
  
!   sp_offset = fp_offset = ip_offset = 0;
  
    for (current_pc = prologue_start;
         current_pc < prologue_end;
***************
*** 818,823 ****
--- 824,846 ----
  
        if (insn == 0xe1a0c00d)		/* mov ip, sp */
  	{
+ 	  ip_offset = 0;
+ 	  continue;
+ 	}
+       else if ((insn & 0xfffff000) == 0xe28dc000) /* add ip, sp #n */
+ 	{
+ 	  unsigned imm = insn & 0xff;                   /* immediate value */
+ 	  unsigned rot = (insn & 0xf00) >> 7;           /* rotate amount */
+ 	  imm = (imm >> rot) | (imm << (32 - rot));
+ 	  ip_offset = imm;
+ 	  continue;
+ 	}
+       else if ((insn & 0xfffff000) == 0xe24dc000) /* sub ip, sp #n */
+ 	{
+ 	  unsigned imm = insn & 0xff;                   /* immediate value */
+ 	  unsigned rot = (insn & 0xf00) >> 7;           /* rotate amount */
+ 	  imm = (imm >> rot) | (imm << (32 - rot));
+ 	  ip_offset = -imm;
  	  continue;
  	}
        else if (insn == 0xe52de004)	/* str lr, [sp, #-4]! */
***************
*** 859,865 ****
  	  unsigned imm = insn & 0xff;			/* immediate value */
  	  unsigned rot = (insn & 0xf00) >> 7;		/* rotate amount */
  	  imm = (imm >> rot) | (imm << (32 - rot));
! 	  fp_offset = -imm;
  	  cache->framereg = ARM_FP_REGNUM;
  	}
        else if ((insn & 0xfffff000) == 0xe24dd000)	/* sub sp, sp #n */
--- 882,888 ----
  	  unsigned imm = insn & 0xff;			/* immediate value */
  	  unsigned rot = (insn & 0xf00) >> 7;		/* rotate amount */
  	  imm = (imm >> rot) | (imm << (32 - rot));
! 	  fp_offset = -imm + ip_offset;
  	  cache->framereg = ARM_FP_REGNUM;
  	}
        else if ((insn & 0xfffff000) == 0xe24dd000)	/* sub sp, sp #n */