Branch and carry added by compiler

Question

I'm looking at a disassembly of an executable I just built, and I'm confused as to what this line can possibly mean:

00000000 <func_foo>:
   0:   e1a0100d    mov r1, sp
   4:   e59fd090    ldr sp, [pc, #144]
   8:   e92d4002    push    {r1, lr}
   c:   eafffffe    b   c <func_foo+0xc> ;;; <<----- HERE

The branch instruction has a carry bit (c) set, but it just branches to itself. It looks like an infinite loop, but I did not insert this code; it was entirely compiler generated (GCC 4.6.3).

Can anyone shed some insight on this?

Answer 1

You would see a bcs or bcc if it is a branch if carry set or branch if carry clear, you are seeing b 0xC which is the current address.

Technically it is a branch to self instruction the encoding is not specific or hardcoded to 0xC it is just a branch to pc-2 instructions since the pc is 2 instructions ahead it is a branch to self. (branch to instruction_address + 2 - 2 = branch to instruction_address)

This looks like you disassembled an object, unlinked code, based on the address of 0x00000 and this branch to self. When you link with something else the address should change and the branch to self will change to branch to whatever function you had specified in your source.

Answer 2

The instruction is not "bc", but "b 0xc". (ARM instructions with the first hex. digit "E" are unconditional instructions).

The " < func_foo+0xc > " is some information that says that address 0xc (the jump destination) is 0xc bytes after the start of the function func_foo. This makes sense in programs with multiple functions where it is not that easy to see.