X86 Tester: Handling of floating point operations, primitives, exceptions

623b9746 · Julian Kranz · 46b59adb · 623b9746 · 623b9746 · 623b9746
Commit 623b9746 authored Oct 06, 2013 by Julian Kranz
5 changed files
--- a/libs/rreil-sim/include/simulator/simulator.h
+++ b/libs/rreil-sim/include/simulator/simulator.h
@@ -18,10 +18,11 @@ enum simulator_error {
 	SIMULATOR_ERROR_UNDEFINED_ADDRESS = 2,
 	SIMULATOR_ERROR_UNDEFINED_STORE = 4,
 	SIMULATOR_ERROR_UNDEFINED_BRANCH = 8,
-	SIMULATOR_ERROR_PRIMITIVE_UNKNOWN = 16,
-	SIMULATOR_ERROR_PRIMITIVE_SIGNATURE_INVALID = 32,
-	SIMULATOR_ERROR_MAX_LOOP_ITERATIONS_COUNT_EXCEEDED = 64,
-	SIMULATOR_ERROR_EXCEPTION = 128
+	SIMULATOR_ERROR_FLOP_UNIMPLEMENTED = 16,
+	SIMULATOR_ERROR_PRIMITIVE_UNKNOWN = 32,
+	SIMULATOR_ERROR_PRIMITIVE_SIGNATURE_INVALID = 64,
+	SIMULATOR_ERROR_MAX_LOOP_ITERATIONS_COUNT_EXCEEDED = 128,
+	SIMULATOR_ERROR_EXCEPTION = 256
 };

 #define SIMULATOR_ERRORS_COUNT 5

--- a/libs/rreil-sim/src/simulator/simulator.c
+++ b/libs/rreil-sim/src/simulator/simulator.c
@@ -470,6 +470,10 @@ static enum simulator_error simulator_statement_simulate(struct context *context
 			simulator_branch_simulate(context, statement->branch.target);
 			break;
 		}
+		case RREIL_STATEMENT_TYPE_FLOP: {
+			error |= SIMULATOR_ERROR_FLOP_UNIMPLEMENTED;
+			break;
+		}
 		case RREIL_STATEMENT_TYPE_PRIM: {
 			error = simulator_prim_simulate(context, statement->prim.op, statement->prim.lhs, statement->prim.rhs);
 			break;
@@ -478,9 +482,6 @@ static enum simulator_error simulator_statement_simulate(struct context *context
 			error |= SIMULATOR_ERROR_EXCEPTION;
 			break;
 		}
-			/*
-			 * Todo: Primitives, Floating point operations
-			 */
 	}
 	return error;
 }

--- a/libs/rreil-sim/src/simulator/tracking.c
+++ b/libs/rreil-sim/src/simulator/tracking.c
@@ -20,8 +20,11 @@ enum simulator_access_type {
 };

 static void tracking_variable_access_trace(struct tracking_trace *trace, struct rreil_variable *variable,
+		size_t bit_length, enum simulator_access_type type);
+
+static void tracking_id_access_trace(struct tracking_trace *trace, struct rreil_id *id, uint64_t offset,
 		size_t bit_length, enum simulator_access_type type) {
-	if(variable->id->type != RREIL_ID_TYPE_X86)
+	if(id->type != RREIL_ID_TYPE_X86)
 		return;

 	{
@@ -31,7 +34,7 @@ static void tracking_variable_access_trace(struct tracking_trace *trace, struct
 		new_id.x86 = X86_ID_FLAGS;
 		new_.id = &new_id;

-		switch(variable->id->x86) {
+		switch(id->x86) {
 			case X86_ID_VIRT_LEU: {
 				new_.offset = X86_FLAGS_CARRY;
 				tracking_variable_access_trace(trace, &new_, 1, type);
@@ -84,11 +87,11 @@ static void tracking_variable_access_trace(struct tracking_trace *trace, struct
 //	rreil_id_print(stdout, variable->id);
 //	printf("\n+++\n");
 	fflush(stdout);
-	simulator_register_generic_write(&access->x86_registers[variable->id->x86], data, variable->offset);
+	simulator_register_generic_write(&access->x86_registers[id->x86], data, offset);

 	context_data_clear(&data);

-	size_t index = variable->id->x86;
+	size_t index = id->x86;
 	char found = 0;
 	for(size_t i = 0; i < access->x86_indices_length; ++i)
 		if(access->x86_indices[i] == index) {
@@ -100,6 +103,11 @@ static void tracking_variable_access_trace(struct tracking_trace *trace, struct
 				&access->x86_indices_size);
 }

+static void tracking_variable_access_trace(struct tracking_trace *trace, struct rreil_variable *variable,
+		size_t bit_length, enum simulator_access_type type) {
+	tracking_id_access_trace(trace, variable->id, variable->offset, bit_length, type);
+}
+
 //static void tracking_variable_define(struct tracking_trace *trace,
 //		struct rreil_variable *variable, uint8_t *mask, size_t bit_length) {
 //
@@ -136,7 +144,8 @@ static void tracking_linear_trace(struct tracking_trace *trace, enum simulator_a
 	}
 }

-static size_t tracking_comparator_trace(struct tracking_trace *trace, struct rreil_comparator *comparator, uint64_t size) {
+static size_t tracking_comparator_trace(struct tracking_trace *trace, struct rreil_comparator *comparator,
+		uint64_t size) {
 	tracking_linear_trace(trace, SIMULATOR_ACCESS_TYPE_READ, comparator->arity2.opnd1, size);
 	tracking_linear_trace(trace, SIMULATOR_ACCESS_TYPE_READ, comparator->arity2.opnd2, size);
 	return 1;
@@ -236,7 +245,6 @@ static void tracking_expr_trace(struct tracking_trace *trace, struct rreil_expr
 }

 static void tracking_branch_trace(struct tracking_trace *trace, struct rreil_address *target) {
-
 	tracking_linear_trace(trace, SIMULATOR_ACCESS_TYPE_DEREFERENCE, target->address, target->size);
 	struct rreil_variable ip;
 	struct rreil_id ip_id;
@@ -247,6 +255,18 @@ static void tracking_branch_trace(struct tracking_trace *trace, struct rreil_add
 	tracking_variable_access_trace(trace, &ip, target->size, SIMULATOR_ACCESS_TYPE_WRITE);
 }

+static void tracking_variable_limited_trace(struct tracking_trace *trace, struct rreil_variable_limited *varl,
+		enum simulator_access_type access_type) {
+	tracking_id_access_trace(trace, varl->id, varl->offset, varl->size, access_type);
+}
+
+static void tracking_variable_limited_tuple_trace(struct tracking_trace *trace,
+		struct rreil_variable_limited_tuple *varls, enum simulator_access_type access_type) {
+	for(size_t i = 0; i < varls->variables_length; ++i) {
+		tracking_variable_limited_trace(trace, varls->variables[i], access_type);
+	}
+}
+
 static void tracking_statement_trace(struct tracking_trace *trace, struct rreil_statement *statement) {
 	switch(statement->type) {
 		case RREIL_STATEMENT_TYPE_ASSIGN: {
@@ -294,9 +314,21 @@ static void tracking_statement_trace(struct tracking_trace *trace, struct rreil_
 			trace->mem.used = 1;
 			break;
 		}
-		/*
-		 * Todo: Primitives, Floating point operations
-		 */
+		case RREIL_STATEMENT_TYPE_FLOP: {
+			tracking_variable_limited_trace(trace, statement->flop.lhs, SIMULATOR_ACCESS_TYPE_WRITE);
+			tracking_variable_access_trace(trace, statement->flop.flags, 64, SIMULATOR_ACCESS_TYPE_WRITE);
+			tracking_variable_limited_tuple_trace(trace, statement->flop.rhs, SIMULATOR_ACCESS_TYPE_READ);
+			tracking_variable_access_trace(trace, statement->flop.flags, 64, SIMULATOR_ACCESS_TYPE_READ);
+			break;
+		}
+		case RREIL_STATEMENT_TYPE_PRIM: {
+			tracking_variable_limited_tuple_trace(trace, statement->prim.lhs, SIMULATOR_ACCESS_TYPE_WRITE);
+			tracking_variable_limited_tuple_trace(trace, statement->prim.rhs, SIMULATOR_ACCESS_TYPE_READ);
+			break;
+		}
+		case RREIL_STATEMENT_TYPE_THROW: {
+			break;
+		}
 	}
 }


--- a/specifications/avr/avr-rreil-pretty.ml
+++ b/specifications/avr/avr-rreil-pretty.ml
+val arch-show-id r =
+  case r of
+	   Sem_ALL: "memory"
+	 | Sem_PC: "PC"
+	 | Sem_PM: "PM"
+	end
+
+val arch-show-exception exception = case 0 of 1: "" end
--- a/specifications/x86/x86.ml
+++ b/specifications/x86/x86.ml
@@ -2006,15 +2006,6 @@ val ymm-rex rex rdis reg-idx = ymm (rdis ^ reg-idx)

 # Deslice the mod/rm byte and put it into the the state

-#reg/opcode='000',
-#reg/opcode='001',
-#reg/opcode='010',
-#reg/opcode='011',
-#reg/opcode='100',
-#reg/opcode='101',
-#reg/opcode='110',
-#reg/opcode='111',
-
 val /0 ['mod:2 000 rm:3'] = update @{mod=mod, rm=rm}
 val /1 ['mod:2 001 rm:3'] = update @{mod=mod, rm=rm}
 val /2 ['mod:2 010 rm:3'] = update @{mod=mod, rm=rm}
@@ -2147,9 +2138,6 @@ val sib ['scale:2 index:3 base:3'] = do
  ptrsz <- query $ptrsz;
  sib-with-index-and-base ptrsz addr-reg scale index base
 end
-# | addrsz? = sib-with-index-and-base 16 reg16-rex scale index base
-# | mode64? = sib-with-index-and-base 64 reg64-rex scale index base
-# | otherwise = sib-with-index-and-base 32 reg32-rex scale index base

 ## Decoding the mod/rm byte