ARMv7 failure to load register arguments when subroutine uses CFA

[XVilka]

Work environment

Questions	Answers
OS/arch/bits (mandatory)	*
File format of the file you reverse (mandatory)	ELF
Architecture/bits of the file (mandatory)	ARMv7
rizin -v full output, not truncated (mandatory)	#3463

Actual behavior

Despite the frame base is CFA, arguments are located in the registers and still should be parsed properly without the need to calculate CFA/CFI-based stuff:

[0x08000b6c]> pd 10 @ dbg.do_something
            ; CALL XREFS from dbg.do_something_else @ 0x80039dc, 0x8003bfa
            ;-- do_something:
╭ cSTRUCT_bool dbg.do_something(struct cSTRUCT * const  item, parse_buffer * const  input_buffer);
│           0x08003640      2de9f84f       push.w {r3, r4, r5, r6, r7, r8, sb, sl, fp, lr} ; cSTRUCT_bool do_something(struct cSTRUCT * const  item, parse_buffer * const  input_buffer);
│           0x08003644      0a68           ldr   r2, [r1]              ; arg2
│           0x08003646      8b68           ldr   r3, [r1, 8]           ; arg2
│           0x08003648      8046           mov   r8, r0                ; arg1
│           0x0800364a      5d1c           adds  r5, r3, 1
│           0x0800364c      d018           adds  r0, r2, r3
│           0x0800364e      d35c           ldrb  r3, [r2, r3]
│           0x08003650      222b           cmp   r3, 0x22              ; 34
│           0x08003652      8a46           mov   sl, r1                ; arg2
│           0x08003654      1544           add   r5, r2
[0x08000b6c]> afv @ dbg.do_something
[0x08000b6c]>

There is no .debug_loclists unlike in #3548

Cannot share the file, sorry. Here is the corresponding dwarfdump output:

0x0000b200:     NULL

0x0000b201:   DW_TAG_subprogram
                DW_AT_name	("do_something")
                DW_AT_prototyped	(true)
                DW_AT_type	(0x0000839b "cSTRUCT_bool")
                DW_AT_low_pc	(0x08003640)
                DW_AT_high_pc	(0x08003824)
                DW_AT_frame_base	(DW_OP_call_frame_cfa)
                DW_AT_GNU_all_tail_call_sites	(true)
                DW_AT_sibling	(0x0000b3e8)

0x0000b21c:     DW_TAG_formal_parameter
                  DW_AT_name	("item")
                  DW_AT_type	(0x0000871d "cSTRUCT *const")
                  DW_AT_location	(0x0000423c: 
                     [0x08003640, 0x0800364e): DW_OP_reg0 R0
                     [0x0800364e, 0x08003824): DW_OP_reg8 R8)
                  DW_AT_GNU_locviews	(0x00004238)

0x0000b231:     DW_TAG_formal_parameter
                  DW_AT_name	("input_buffer")
                  DW_AT_type	(0x0000a740 "parse_buffer *const")
                  DW_AT_location	(0x0000425e: 
                     [0x08003640, 0x08003660): DW_OP_reg1 R1
                     [0x08003660, 0x08003824): DW_OP_reg10 R10)
                  DW_AT_GNU_locviews	(0x0000425a)

0x0000b246:     DW_TAG_variable
                  DW_AT_name	("input_pointer")
                  DW_AT_type	(0x000083d0 "const unsigned char *")
                  DW_AT_location	(0x00004282: 
                     [0x08003656, 0x080036c8): DW_OP_reg5 R5
                     [0x080036cc, 0x080036f6): DW_OP_reg5 R5
                     [0x08003702, 0x08003814): DW_OP_reg5 R5)
                  DW_AT_GNU_locviews	(0x0000427c)

0x0000b25b:     DW_TAG_variable
                  DW_AT_name	("input_end")
                  DW_AT_type	(0x000083d0 "const unsigned char *")
                  DW_AT_location	(0x000042b7: 
                     [0x08003656, 0x08003660): DW_OP_reg5 R5
                     [0x08003660, 0x08003692): DW_OP_reg7 R7
                     [0x08003692, 0x0800369c): DW_OP_breg7 R7-1, DW_OP_stack_value
                     [0x0800369c, 0x080036c8): DW_OP_reg7 R7
                     [0x080036cc, 0x080036f6): DW_OP_reg7 R7
                     [0x08003702, 0x08003814): DW_OP_reg7 R7)
                  DW_AT_GNU_locviews	(0x000042ab)