"Disarming Code" Errata & Typo Corrections for v1.0.0 (As of 2025/10/10)
Your humble Author would like to express his personal apologies for these minor typing and editing mistakes, which eluded my very capable (but not technical) editor. And myself for writing the most bit-intesive chapter in the wee hours... Errare est Humanum. Absolve me.
This list will be maintained at https://NewDebuggingBook.com/errata/. So far, only one miniscule (but nonetheless) technical error (FEAT_HBC), congratulations and many thanks to Solomon Tan for spotting it and double checking - and winning a well deserved 0.001BTC.
(These will all be pre-fixed in v1.0.1 of the book, which will be coming soon, once more people tackle all 520+ pages)
Chapter 1:
- Table 1/1-4 flipped unsigned/signed... Should be:
- Figure 1/1-6: 8 is 1000, obviously (not 1100 as was accidentally shown in middle line):
- Table 1/1-9: 0x78563412, not 0x78562312, so for 32-bit it's:
- Following Table 1/1-9: replace "little" with "big":
- Data exchanged with other machines may be encoded in different endianness. A good example are network packets. Addresses and port numbers in Internet Protocol (IP) packets must always be encoded in network byte ordering, which is defined as big endian. Networking code makes frequent use of
ntohs(…)/htons(…) and/or ntohl(…)/htonl(…) (from <arpa/inet.h>) to switch short (16-bit) or long (32-bit) values from network to host, or vice versa. In those architectures (e.g. MIPS) wherein the native endianness is big, these conveniently vanish during compilation. Linux and Darwin have header files (<sys/endian.h> and <sys/_endian.h>, respectively) with other macros. (easily spotted by many, thanks to Eduardo and Patrick)
- Table 1/2-6: Another unfortunate case of table flipping (my apologies, it's hard to see these things when you're editing raw HTML in vim..). MOVZ and MOVN Are flipped, as can be clearly seen from the examples (MOVZs is MOVN, and vice versa). Further, MOVN sign-bit extends the rest (which, since negative, is '1') (Thanks Solomon!)
Table 1/2-6: A64's 16-bit move-wide variants
| Mnemonic (alias) | Move type | Example |
|---|
MOVK | 16-bits, keep rest unmodified | MOVK Xd, #imm[, shift] |
MOVZ (MOV) | 16-bits, zero out rest | MOVZ Xd, #imm[, shift] or MOV (alias) |
MOVN (MOV) |
16-bits (after bitwise NOT), sign extend rest | MOVN Xd, #imm[, shift] |
- In Chapter 1/2.1.10, "immr and
immrimms" (Thanks, Solomon!)
- 1/2.2.2:
STP X28, X27, [SP, #-96] means store the pair of X28 and X28 X27 at SP - ... (Thanks, Solomon!)
- Another one spotted by Solomon: Table 1/2-19 had (again) a massive cut-paste mistake of mine, in that all the "syntax" column had "B" variants, not H/W, and one of the H variants was still cut as "Byte".. To simplify reduce confusion, I am changing "word" to be "32-bit" (so it matches "64-bit", and is easily visible in the registers to the side). I've also merged rows so this simplifies the table (and makes the answer to the review question pretty obvious), like so:
Table 1/2-19: Sign extension instructions
| Opcode | Source | Target | Type | Syntax |
|---|
SXTB | Byte | 32-bit | Signed | SXTB Wd, Wn |
UXTB | Unsigned | UXTB Wd, Wn |
SXTB | 64-bit | Signed | SXTB Xd, Wn |
SXTH | Half | 32-bit | Signed | SXTH Wd, Wn |
SXTH | 64-bit | SXTH Xd, Wn |
UXTH | 32-bit | Unsigned | UXTH Wd, Wn |
SXTW | Word | 64-bit | Signed | SXTW Xd, Wn |
Technical error: BC.Cond -
FEAT_HBC - "will behave very consistently and is very unlikely to change direction." (as per __unlikely). Note, however, that, 1/3.1.8.1 states that BC.cond "defaults to a traditional branch if the feature is not supported". Solomon correctly perused the ARM spec to see it actually
defaults to an UNDEFINED instruction. This is peculiar to me, since the instruction does use an otherwise reserved bit in the B. variants, but - if the grand designers said so, they said so. I was wrong, Solomon, of course, was right. This is a minor but clear technical error, and therefore earns him 0.001BTC - $120. With his attentive reading and great reporting, this is well deserved - thank you!
ARM's Branch Target Indicators (BTI) feature is configured in kernel mode by bits BT0/Bt1 of SCTLR_EL1. Typo was SCTLR_EL[0/1], but there is obviously no SCTLR_EL0 (if there had been, kernel would be irrelevant).
Spotted by Giannis T. - Thank you:
- Page 5, third paragraph: "so it easy to see"
- Page 8, 1.6.4 "Some special registers hold addresses, whether others hold but masks." I think "while" instead of "whether" here. Next sentence, "insructions" typo.
- Page 9, at the bottom "x30 holds the return address, and is aliases as the Link Register" should be "aliased".
- Page 11, below feature bits "Any other field access at EL0 would result in a undefined instruction exception" should be "an".
- Page 12, first paragraph "nonethless" should be "nonetheless".
- Page 16, "When Rn is 31 (i.e. it is taken as RZR, the zero register), this the effect" should be "this has the effect".
- Page 21, 3. "aliasesed" should be "aliased"
- Page 23, first sentence: "Conditional Comparisons is a class of consisting of only" should be "is a class consisting of only"
- Page 31, first sentence, "or one
ifof its variants"
- Page 31, 2.3.2 "it suffices to know
n that"
- Page 34, last sentence has a double "the"
- Page 42, first asm comment has a double "of"
- Page 46, 3.1.4.2. first sentence double "the"
- Page 52, second paragraph "corresponding"
- Page 56, 6. ", or
a the same loop body"
Chapter 2
Also spotted by Giannis T. - Much obliged:
-
Page 60, first table, "-I path" row is duplicated
- Page 63, table "diagnotic" should be "diagnostic"
- Page 69, 2.5.5. first paragraph "Whethere" should be "whether"
- Page 74, first paragraph, "libraries to updated independently" should be "libraries to be updated independently"
- Page 75, at the bottom "is to marked these functions" should be "is to mark these functions"
- Page 78, 3.2.8. first paragraph, "allows the linker to deduplicates redundancies" should be "allows the linker to deduplicate redundancies"
- Page 81, 3.5.2. "was ruthlessly abused by hackers, which used flaws" should be "who" (nitpick, please double-check). Same paragraph, last
sentence, "desribed" should be "described"
Chapter 3
Binary Formats, Listing 3.1-2: The ELF file layout, illustrated(page 85)
The note in item (6) currently reads:
"Each ELFnn_Phdr of type PT_LOAD ... , to load into e_memsz bytes at e_vpaddr, with p_flags r/w/x..."
Here e_memsz should be p_memsz,and e_vpaddr should be p_vaddr.
(Thanks to Ivan Shevtsov!)
Chapter 4:
Table 4/2-4: USE the nano allocator, Luke
In Chapter 4/3.1.3, there is an extra "the" in "breaking the API through the the proc_info(2!)".
In Chapter 4/4.3.2, "but only under tighly controlled" should be "tightly".
Chapter 9:
In Chapter 9/1.1.3, "allows any user mode process to simple open(2)..." should be "simply".
In Chapter 9/3.1, there are two minor typos:
- "Linux auditing is implemented"
- "This proprietary address family
supports is designed for kernel to user.."
In Table 9/4-6, the Purpose of DTRACE_PROBE[#] is wrongly listed as "Define a USDT probe, no arguments" due to cut/paste. It should be "Define a USDT probe, with arguments".
Chapter 10:
In Chapter 10/2.1.2.1, "root priveleges" should be "root privileges".
Chapter 13:
Figure 13/2-25:
- Title should be 16K page (because that's what the page size in the diagram is)
-
Figure 13/2-25: Bits 36-46 for L1 (not 48), though that's obvious from the diagram)