kehrazy/slonik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
slonik/src/arch/arm.rs

1341 lines
38 KiB
Rust
Raw Blame History

//! 32-bit ARM architecture support backed by `yaxpeax-arm`.
use crate::{
arch::{Arch, LiftArch, LiftEnv, RegisterDesc},
flow::{FlowInfo, FlowKind, FlowTarget},
ir::{Block, FrontendBuilder, IntCC, MemSize, Type, Value, Variable},
};
use cranelift_entity::EntityRef;
use yaxpeax_arch::{Decoder, LengthedInstruction, ReaderBuilder, U8Reader};
use yaxpeax_arm::armv7::{
ConditionCode, DecodeError, InstDecoder, Instruction, Opcode, Operand, Reg, RegShiftStyle,
ShiftStyle,
};
/// ARM execution mode.
///
/// This module targets 32-bit ARM and Thumb.
/// AArch64 should live in a separate `arm64.rs`.
#[derive(Copy, Clone, Debug, PartialEq, Eq, Hash)]
pub enum ArmMode {
/// ARM state.
Arm,
/// Thumb / Thumb-2 state.
Thumb,
}
/// ARM endianness.
#[derive(Copy, Clone, Debug, PartialEq, Eq, Hash)]
pub enum ArmEndian {
Little,
Big,
}
/// ARM architectural profile.
#[derive(Copy, Clone, Debug, PartialEq, Eq, Hash)]
pub enum ArmProfile {
A,
R,
M,
}
/// ARM ISA version / feature profile.
#[derive(Clone, Debug, PartialEq, Eq)]
pub struct ArmFeatures {
pub version: ArmVersion,
pub thumb2: bool,
pub vfp: bool,
pub neon: bool,
pub dsp: bool,
}
impl Default for ArmFeatures {
fn default() -> Self {
Self {
version: ArmVersion::V7,
thumb2: true,
vfp: false,
neon: false,
dsp: false,
}
}
}
/// ARM ISA version.
#[derive(Copy, Clone, Debug, PartialEq, Eq, Hash)]
pub enum ArmVersion {
V5,
V6,
V7,
}
/// Flat ARM architectural register identity.
#[repr(u8)]
#[derive(Copy, Clone, Debug, PartialEq, Eq, Hash)]
pub enum ArmReg {
R0 = 0,
R1 = 1,
R2 = 2,
R3 = 3,
R4 = 4,
R5 = 5,
R6 = 6,
R7 = 7,
R8 = 8,
R9 = 9,
R10 = 10,
R11 = 11,
R12 = 12,
Sp = 13,
Lr = 14,
Pc = 15,
}
/// ARM condition code.
#[derive(Copy, Clone, Debug, PartialEq, Eq, Hash)]
pub enum ArmCond {
Eq,
Ne,
Cs,
Cc,
Mi,
Pl,
Vs,
Vc,
Hi,
Ls,
Ge,
Lt,
Gt,
Le,
Al,
}
/// ARM status flag identity.
#[derive(Copy, Clone, Debug, PartialEq, Eq, Hash)]
pub enum ArmFlag {
N,
Z,
C,
V,
Q,
}
/// Calling-convention placeholder.
#[derive(Copy, Clone, Debug, PartialEq, Eq, Hash)]
pub enum ArmCallingConvention {
Aapcs,
AapcsVfp,
}
/// Reusable ARM architecture object.
#[derive(Clone, Debug)]
pub struct Arm {
pub endian: ArmEndian,
pub profile: ArmProfile,
pub features: ArmFeatures,
pub default_cc: ArmCallingConvention,
}
impl Default for Arm {
fn default() -> Self {
Self {
endian: ArmEndian::Little,
profile: ArmProfile::A,
features: ArmFeatures::default(),
default_cc: ArmCallingConvention::Aapcs,
}
}
}
/// Mutable per-lift ARM state.
pub struct ArmLiftCtx<'a> {
/// Static architecture description.
pub arch: &'a Arm,
/// Translation-session environment.
pub env: &'a dyn LiftEnv,
/// Current frontend builder.
pub fb: &'a mut FrontendBuilder<'a>,
/// Current program counter.
pub pc: u64,
/// Current execution mode.
pub mode: ArmMode,
/// Current SSA bindings for architectural registers.
pub regs: ArmRegisterState,
/// Current SSA bindings for flags.
pub flags: ArmFlagState,
/// Cached comparison operands for conditional branch lowering.
pub last_cmp: Option<(Value, Value)>,
/// Temporary lifting scratch state.
pub scratch: ArmScratch,
}
impl<'a> ArmLiftCtx<'a> {
/// Creates a new ARM lift context.
pub fn new(
arch: &'a Arm,
env: &'a dyn LiftEnv,
fb: &'a mut FrontendBuilder<'a>,
pc: u64,
mode: ArmMode,
) -> Self {
let word_ty = Type::i32();
for reg in REGISTERS {
fb.declare_var(Self::reg_var(reg.reg), word_ty);
}
for flag in [ArmFlag::N, ArmFlag::Z, ArmFlag::C, ArmFlag::V, ArmFlag::Q] {
fb.declare_var(Self::flag_var(flag), Type::bool());
}
Self {
arch,
env,
fb,
pc,
mode,
regs: ArmRegisterState::default(),
flags: ArmFlagState::default(),
last_cmp: None,
scratch: ArmScratch::default(),
}
}
/// Returns the integer word type for the current mode.
pub fn word_ty(&self) -> Type {
Type::i32()
}
/// Maps a register identity to a frontend variable.
pub fn reg_var(reg: ArmReg) -> Variable {
Variable::new(reg as usize)
}
/// Maps a flag identity to a frontend variable.
pub fn flag_var(flag: ArmFlag) -> Variable {
Variable::new(0x100 + flag as usize)
}
/// Reads the current SSA value for a register.
pub fn read_reg(&mut self, reg: ArmReg) -> Value {
self.fb.use_var(Self::reg_var(reg))
}
/// Writes an SSA value to a register.
pub fn write_reg(&mut self, reg: ArmReg, value: Value) {
self.fb.def_var(Self::reg_var(reg), value);
}
/// Reads the current SSA value for a flag.
pub fn read_flag(&mut self, flag: ArmFlag) -> Value {
self.fb.use_var(Self::flag_var(flag))
}
/// Writes an SSA value to a flag.
pub fn write_flag(&mut self, flag: ArmFlag, value: Value) {
self.fb.def_var(Self::flag_var(flag), value);
}
/// Resolves a direct target address to an IR block.
pub fn direct_block(&self, target_addr: u64) -> Option<crate::ir::Block> {
self.env.block_for_target(target_addr)
}
/// Returns the fallthrough block for the current instruction, if present.
pub fn fallthrough_block(&self) -> Option<crate::ir::Block> {
self.env.fallthrough_block()
}
/// Computes a boolean SSA value for a condition code using the last cached
/// compare.
pub fn condition_value(&mut self, cond: ArmCond) -> Option<Value> {
let (lhs, rhs) = self.last_cmp?;
let v = match cond {
ArmCond::Eq => self.fb.icmp(crate::ir::IntCC::Eq, lhs, rhs),
ArmCond::Ne => self.fb.icmp(crate::ir::IntCC::Ne, lhs, rhs),
ArmCond::Lt => self.fb.icmp(crate::ir::IntCC::Slt, lhs, rhs),
ArmCond::Le => self.fb.icmp(crate::ir::IntCC::Sle, lhs, rhs),
ArmCond::Gt => self.fb.icmp(crate::ir::IntCC::Sgt, lhs, rhs),
ArmCond::Ge => self.fb.icmp(crate::ir::IntCC::Sge, lhs, rhs),
// Placeholder until full NZCV lowering exists.
ArmCond::Cs
| ArmCond::Cc
| ArmCond::Mi
| ArmCond::Pl
| ArmCond::Vs
| ArmCond::Vc
| ArmCond::Hi
| ArmCond::Ls
| ArmCond::Al => return None,
};
Some(v)
}
}
/// Current SSA bindings for architectural registers.
#[derive(Clone, Debug, Default)]
pub struct ArmRegisterState {
pub gpr: [Option<Value>; 16],
}
/// Current SSA bindings for status flags.
#[derive(Clone, Debug, Default)]
pub struct ArmFlagState {
pub n: Option<Value>,
pub z: Option<Value>,
pub c: Option<Value>,
pub v: Option<Value>,
pub q: Option<Value>,
}
/// Temporary lifting scratch state.
#[derive(Clone, Debug, Default)]
pub struct ArmScratch {
pub tmp0: Option<Value>,
pub tmp1: Option<Value>,
pub tmp2: Option<Value>,
}
/// Public ARM register table.
pub const REGISTERS: [RegisterDesc<ArmReg>; 16] = [
RegisterDesc {
reg: ArmReg::R0,
name: "r0",
bits: 32,
},
RegisterDesc {
reg: ArmReg::R1,
name: "r1",
bits: 32,
},
RegisterDesc {
reg: ArmReg::R2,
name: "r2",
bits: 32,
},
RegisterDesc {
reg: ArmReg::R3,
name: "r3",
bits: 32,
},
RegisterDesc {
reg: ArmReg::R4,
name: "r4",
bits: 32,
},
RegisterDesc {
reg: ArmReg::R5,
name: "r5",
bits: 32,
},
RegisterDesc {
reg: ArmReg::R6,
name: "r6",
bits: 32,
},
RegisterDesc {
reg: ArmReg::R7,
name: "r7",
bits: 32,
},
RegisterDesc {
reg: ArmReg::R8,
name: "r8",
bits: 32,
},
RegisterDesc {
reg: ArmReg::R9,
name: "r9",
bits: 32,
},
RegisterDesc {
reg: ArmReg::R10,
name: "r10",
bits: 32,
},
RegisterDesc {
reg: ArmReg::R11,
name: "r11",
bits: 32,
},
RegisterDesc {
reg: ArmReg::R12,
name: "r12",
bits: 32,
},
RegisterDesc {
reg: ArmReg::Sp,
name: "sp",
bits: 32,
},
RegisterDesc {
reg: ArmReg::Lr,
name: "lr",
bits: 32,
},
RegisterDesc {
reg: ArmReg::Pc,
name: "pc",
bits: 32,
},
];
/// ARM lift-time errors.
#[derive(Clone, Debug, PartialEq, Eq)]
pub enum ArmLiftError {
UnsupportedInstruction,
UnsupportedCondition,
UnsupportedAddressing,
MissingCompareState,
MissingTargetBlock,
InvalidImmediate,
UnsupportedControlFlow,
}
/// Parsed instruction text used by the starter lifter.
///
/// This is intentionally derived from the decoder's `Display` output so the
/// architecture boundary can use the decoder crate's instruction type directly.
#[derive(Clone, Debug, PartialEq, Eq)]
struct ParsedText {
mnemonic: String,
operands: Vec<String>,
}
impl Arm {
fn map_reg(reg: Reg) -> ArmReg {
match reg.number() {
0 => ArmReg::R0,
1 => ArmReg::R1,
2 => ArmReg::R2,
3 => ArmReg::R3,
4 => ArmReg::R4,
5 => ArmReg::R5,
6 => ArmReg::R6,
7 => ArmReg::R7,
8 => ArmReg::R8,
9 => ArmReg::R9,
10 => ArmReg::R10,
11 => ArmReg::R11,
12 => ArmReg::R12,
13 => ArmReg::Sp,
14 => ArmReg::Lr,
15 => ArmReg::Pc,
_ => unreachable!("armv7 Reg::number() is documented as 0..=15"),
}
}
fn intcc_from_cond(cond: ConditionCode) -> Option<IntCC> {
Some(match cond {
ConditionCode::EQ => IntCC::Eq,
ConditionCode::NE => IntCC::Ne,
ConditionCode::GE => IntCC::Sge,
ConditionCode::LT => IntCC::Slt,
ConditionCode::GT => IntCC::Sgt,
ConditionCode::LE => IntCC::Sle,
ConditionCode::AL => return None,
// these need explicit NZCV modeling
ConditionCode::HS
| ConditionCode::LO
| ConditionCode::MI
| ConditionCode::PL
| ConditionCode::VS
| ConditionCode::VC
| ConditionCode::HI
| ConditionCode::LS => return None,
})
}
fn direct_target_from_operand(pc: u64, op: Operand) -> Option<u64> {
match op {
Operand::BranchOffset(off) => Some(pc.wrapping_add_signed((off as i64) << 2)),
Operand::BranchThumbOffset(off) => Some(pc.wrapping_add_signed((off as i64) << 1)),
_ => None,
}
}
fn read_shifted_reg(
cx: &mut ArmLiftCtx<'_>,
shift: yaxpeax_arm::armv7::RegShift,
) -> Result<Value, ArmLiftError> {
let shift = shift.into_shift();
match shift {
RegShiftStyle::RegImm(s) => {
let base = cx.read_reg(Self::map_reg(s.shiftee()));
let amt = cx.fb.iconst(Type::i32(), s.imm() as i64);
Ok(match s.stype() {
ShiftStyle::LSL => cx.fb.shl(base, amt, Type::i32()),
ShiftStyle::LSR => cx.fb.lshr(base, amt, Type::i32()),
ShiftStyle::ASR => cx.fb.ashr(base, amt, Type::i32()),
ShiftStyle::ROR => return Err(ArmLiftError::UnsupportedInstruction),
})
}
RegShiftStyle::RegReg(s) => {
let base = cx.read_reg(Self::map_reg(s.shiftee()));
let amt = cx.read_reg(Self::map_reg(s.shifter()));
Ok(match s.stype() {
ShiftStyle::LSL => cx.fb.shl(base, amt, Type::i32()),
ShiftStyle::LSR => cx.fb.lshr(base, amt, Type::i32()),
ShiftStyle::ASR => cx.fb.ashr(base, amt, Type::i32()),
ShiftStyle::ROR => return Err(ArmLiftError::UnsupportedInstruction),
})
}
}
}
fn read_operand(cx: &mut ArmLiftCtx<'_>, op: Operand) -> Result<Value, ArmLiftError> {
match op {
Operand::Reg(r) => Ok(cx.read_reg(Self::map_reg(r))),
Operand::Imm12(v) => Ok(cx.fb.iconst(Type::i32(), v as i64)),
Operand::Imm32(v) => Ok(cx.fb.iconst(Type::i32(), v as i64)),
Operand::RegShift(shift) => Self::read_shifted_reg(cx, shift),
_ => Err(ArmLiftError::UnsupportedInstruction),
}
}
fn mem_addr(cx: &mut ArmLiftCtx<'_>, op: Operand) -> Result<Value, ArmLiftError> {
match op {
Operand::RegDeref(base) => Ok(cx.read_reg(Self::map_reg(base))),
Operand::RegDerefPreindexOffset(base, off, add, wback) => {
let base_reg = Self::map_reg(base);
let base_v = cx.read_reg(base_reg);
let off_v = cx.fb.iconst(Type::i32(), off as i64);
let addr = if add {
cx.fb.iadd(base_v, off_v, Type::i32())
} else {
cx.fb.isub(base_v, off_v, Type::i32())
};
if wback {
cx.write_reg(base_reg, addr);
}
Ok(addr)
}
Operand::RegDerefPostindexOffset(base, off, add, wback) => {
let base_reg = Self::map_reg(base);
let base_v = cx.read_reg(base_reg);
let off_v = cx.fb.iconst(Type::i32(), off as i64);
let new_base = if add {
cx.fb.iadd(base_v, off_v, Type::i32())
} else {
cx.fb.isub(base_v, off_v, Type::i32())
};
if wback {
cx.write_reg(base_reg, new_base);
}
Ok(base_v)
}
Operand::RegDerefPreindexReg(base, idx, add, wback) => {
let base_reg = Self::map_reg(base);
let base_v = cx.read_reg(base_reg);
let idx_v = cx.read_reg(Self::map_reg(idx));
let addr = if add {
cx.fb.iadd(base_v, idx_v, Type::i32())
} else {
cx.fb.isub(base_v, idx_v, Type::i32())
};
if wback {
cx.write_reg(base_reg, addr);
}
Ok(addr)
}
Operand::RegDerefPostindexReg(base, idx, add, wback) => {
let base_reg = Self::map_reg(base);
let base_v = cx.read_reg(base_reg);
let idx_v = cx.read_reg(Self::map_reg(idx));
let new_base = if add {
cx.fb.iadd(base_v, idx_v, Type::i32())
} else {
cx.fb.isub(base_v, idx_v, Type::i32())
};
if wback {
cx.write_reg(base_reg, new_base);
}
Ok(base_v)
}
Operand::RegDerefPreindexRegShift(base, shift, add, wback) => {
let base_reg = Self::map_reg(base);
let base_v = cx.read_reg(base_reg);
let idx_v = Self::read_shifted_reg(cx, shift)?;
let addr = if add {
cx.fb.iadd(base_v, idx_v, Type::i32())
} else {
cx.fb.isub(base_v, idx_v, Type::i32())
};
if wback {
cx.write_reg(base_reg, addr);
}
Ok(addr)
}
Operand::RegDerefPostindexRegShift(base, shift, add, wback) => {
let base_reg = Self::map_reg(base);
let base_v = cx.read_reg(base_reg);
let idx_v = Self::read_shifted_reg(cx, shift)?;
let new_base = if add {
cx.fb.iadd(base_v, idx_v, Type::i32())
} else {
cx.fb.isub(base_v, idx_v, Type::i32())
};
if wback {
cx.write_reg(base_reg, new_base);
}
Ok(base_v)
}
_ => Err(ArmLiftError::UnsupportedAddressing),
}
}
fn cond_value(
cx: &mut ArmLiftCtx<'_>,
cond: ConditionCode,
) -> Result<Option<Value>, ArmLiftError> {
let Some(cc) = Self::intcc_from_cond(cond) else {
return if cond == ConditionCode::AL {
Ok(None)
} else {
Err(ArmLiftError::UnsupportedCondition)
};
};
let (lhs, rhs) = cx.last_cmp.ok_or(ArmLiftError::MissingCompareState)?;
Ok(Some(cx.fb.icmp(cc, lhs, rhs)))
}
/// Creates the appropriate decoder for the current mode.
fn decoder_for_mode(mode: ArmMode) -> InstDecoder {
match mode {
ArmMode::Arm => InstDecoder::default(),
ArmMode::Thumb => InstDecoder::default_thumb(),
}
}
/// Returns the canonical textual register name.
pub fn reg_name(reg: ArmReg) -> &'static str {
match reg {
ArmReg::R0 => "r0",
ArmReg::R1 => "r1",
ArmReg::R2 => "r2",
ArmReg::R3 => "r3",
ArmReg::R4 => "r4",
ArmReg::R5 => "r5",
ArmReg::R6 => "r6",
ArmReg::R7 => "r7",
ArmReg::R8 => "r8",
ArmReg::R9 => "r9",
ArmReg::R10 => "r10",
ArmReg::R11 => "r11",
ArmReg::R12 => "r12",
ArmReg::Sp => "sp",
ArmReg::Lr => "lr",
ArmReg::Pc => "pc",
}
}
fn parse_text(inst: &Instruction) -> ParsedText {
let text = inst.to_string();
let mut parts = text.splitn(2, ' ');
let mnemonic = parts.next().unwrap_or("").trim().to_ascii_lowercase();
let operands = parts
.next()
.map(|rest| {
rest.split(',')
.map(|x| x.trim().to_ascii_lowercase())
.filter(|x| !x.is_empty())
.collect()
})
.unwrap_or_default();
ParsedText { mnemonic, operands }
}
fn parse_reg(text: &str) -> Option<ArmReg> {
Some(match text {
"r0" => ArmReg::R0,
"r1" => ArmReg::R1,
"r2" => ArmReg::R2,
"r3" => ArmReg::R3,
"r4" => ArmReg::R4,
"r5" => ArmReg::R5,
"r6" => ArmReg::R6,
"r7" => ArmReg::R7,
"r8" => ArmReg::R8,
"r9" => ArmReg::R9,
"r10" => ArmReg::R10,
"r11" => ArmReg::R11,
"r12" => ArmReg::R12,
"sp" | "r13" => ArmReg::Sp,
"lr" | "r14" => ArmReg::Lr,
"pc" | "r15" => ArmReg::Pc,
_ => return None,
})
}
fn parse_imm(text: &str) -> Option<i64> {
let s = text.trim();
let s = s.strip_prefix('#').unwrap_or(s);
if let Some(hex) = s.strip_prefix("-0x") {
i64::from_str_radix(hex, 16).ok().map(|v| -v)
} else if let Some(hex) = s.strip_prefix("0x") {
i64::from_str_radix(hex, 16).ok()
} else {
s.parse::<i64>().ok()
}
}
fn parse_target(text: &str) -> Option<u64> {
let s = text.trim();
let s = s.strip_prefix('#').unwrap_or(s);
if let Some(hex) = s.strip_prefix("0x") {
u64::from_str_radix(hex, 16).ok()
} else {
s.parse::<u64>().ok()
}
}
fn parse_mem(text: &str) -> Option<(ArmReg, i64)> {
let t = text.trim();
if !(t.starts_with('[') && t.ends_with(']')) {
return None;
}
let inner = &t[1..t.len() - 1];
let parts: Vec<_> = inner.split(',').map(|p| p.trim()).collect();
let base = Self::parse_reg(parts.first().copied()?)?;
let off = if let Some(off) = parts.get(1) {
Self::parse_imm(off)?
} else {
0
};
Some((base, off))
}
fn parse_cond_suffix(s: &str) -> Option<ArmCond> {
Some(match s {
"eq" => ArmCond::Eq,
"ne" => ArmCond::Ne,
"cs" => ArmCond::Cs,
"cc" => ArmCond::Cc,
"mi" => ArmCond::Mi,
"pl" => ArmCond::Pl,
"vs" => ArmCond::Vs,
"vc" => ArmCond::Vc,
"hi" => ArmCond::Hi,
"ls" => ArmCond::Ls,
"ge" => ArmCond::Ge,
"lt" => ArmCond::Lt,
"gt" => ArmCond::Gt,
"le" => ArmCond::Le,
"al" => ArmCond::Al,
_ => return None,
})
}
fn parse_mnemonic(mnemonic: &str) -> (&str, Option<ArmCond>, bool) {
// returns: (base, cond, sets_flags)
//
// handles shapes like:
// add
// adds
// addeq
// addseq
// cmp
// beq
// bl
// bx
//
let m = mnemonic;
let mut setflags = false;
let mut cond = None;
// longest bases first where prefixes overlap
for base in ["bl", "bx", "ldr", "str", "cmp", "mov", "add", "sub", "b"] {
if let Some(rest) = m.strip_prefix(base) {
let mut rest = rest;
if matches!(base, "add" | "sub" | "mov")
&& let Some(stripped) = rest.strip_prefix('s')
{
setflags = true;
rest = stripped;
}
if !rest.is_empty() {
cond = Self::parse_cond_suffix(rest);
}
return (base, cond, setflags);
}
}
(mnemonic, None, false)
}
fn operand_value(cx: &mut ArmLiftCtx<'_>, text: &str) -> Result<Value, ArmLiftError> {
if let Some(reg) = Self::parse_reg(text) {
Ok(cx.read_reg(reg))
} else if let Some(imm) = Self::parse_imm(text) {
Ok(cx.fb.iconst(cx.word_ty(), imm))
} else {
Err(ArmLiftError::UnsupportedInstruction)
}
}
fn address_from_mem(cx: &mut ArmLiftCtx<'_>, text: &str) -> Result<Value, ArmLiftError> {
let (base, off) = Self::parse_mem(text).ok_or(ArmLiftError::UnsupportedAddressing)?;
let base_v = cx.read_reg(base);
if off == 0 {
Ok(base_v)
} else {
let off_v = cx.fb.iconst(cx.word_ty(), off);
Ok(cx.fb.iadd(base_v, off_v, cx.word_ty()))
}
}
pub fn lift_inst(
&self,
cx: &mut ArmLiftCtx<'_>,
inst: &Instruction,
) -> Result<(), ArmLiftError> {
match inst.opcode {
Opcode::NOP => Ok(()),
Opcode::MOV => {
if inst.condition != ConditionCode::AL {
return Err(ArmLiftError::UnsupportedCondition);
}
let rd = match inst.operands[0] {
Operand::Reg(r) => Self::map_reg(r),
_ => return Err(ArmLiftError::UnsupportedInstruction),
};
let src = Self::read_operand(cx, inst.operands[1])?;
cx.write_reg(rd, src);
Ok(())
}
Opcode::ADD => {
if inst.condition != ConditionCode::AL {
return Err(ArmLiftError::UnsupportedCondition);
}
let rd = match inst.operands[0] {
Operand::Reg(r) => Self::map_reg(r),
_ => return Err(ArmLiftError::UnsupportedInstruction),
};
let lhs = Self::read_operand(cx, inst.operands[1])?;
let rhs = Self::read_operand(cx, inst.operands[2])?;
let out = cx.fb.iadd(lhs, rhs, Type::i32());
cx.write_reg(rd, out);
Ok(())
}
Opcode::SUB => {
if inst.condition != ConditionCode::AL {
return Err(ArmLiftError::UnsupportedCondition);
}
let rd = match inst.operands[0] {
Operand::Reg(r) => Self::map_reg(r),
_ => return Err(ArmLiftError::UnsupportedInstruction),
};
let lhs = Self::read_operand(cx, inst.operands[1])?;
let rhs = Self::read_operand(cx, inst.operands[2])?;
let out = cx.fb.isub(lhs, rhs, Type::i32());
cx.write_reg(rd, out);
Ok(())
}
Opcode::CMP => {
if inst.condition != ConditionCode::AL {
return Err(ArmLiftError::UnsupportedCondition);
}
let lhs = Self::read_operand(cx, inst.operands[0])?;
let rhs = Self::read_operand(cx, inst.operands[1])?;
cx.last_cmp = Some((lhs, rhs));
Ok(())
}
Opcode::LDR => {
if inst.condition != ConditionCode::AL {
return Err(ArmLiftError::UnsupportedCondition);
}
let rt = match inst.operands[0] {
Operand::Reg(r) => Self::map_reg(r),
_ => return Err(ArmLiftError::UnsupportedInstruction),
};
let addr = Self::mem_addr(cx, inst.operands[1])?;
let val = cx.fb.load(addr, MemSize::S4, Type::i32());
cx.write_reg(rt, val);
Ok(())
}
Opcode::STR => {
if inst.condition != ConditionCode::AL {
return Err(ArmLiftError::UnsupportedCondition);
}
let rt = match inst.operands[0] {
Operand::Reg(r) => Self::map_reg(r),
_ => return Err(ArmLiftError::UnsupportedInstruction),
};
let addr = Self::mem_addr(cx, inst.operands[1])?;
let val = cx.read_reg(rt);
cx.fb.store(addr, val, MemSize::S4);
Ok(())
}
Opcode::B => {
let target_addr = Self::direct_target_from_operand(cx.pc, inst.operands[0])
.ok_or(ArmLiftError::MissingTargetBlock)?;
let target_block = cx
.direct_block(target_addr)
.ok_or(ArmLiftError::MissingTargetBlock)?;
match Self::cond_value(cx, inst.condition)? {
None => {
cx.fb.jump(target_block);
Ok(())
}
Some(cond) => {
let fallthrough = cx
.fallthrough_block()
.ok_or(ArmLiftError::MissingTargetBlock)?;
cx.fb.br_if(cond, target_block, fallthrough);
Ok(())
}
}
}
Opcode::BL | Opcode::BLX => {
let target_addr = Self::direct_target_from_operand(cx.pc, inst.operands[0])
.ok_or(ArmLiftError::UnsupportedControlFlow)?;
let callee = cx.fb.iconst(Type::ptr(32), target_addr as i64);
cx.fb.call(callee, &[]);
Ok(())
}
Opcode::BX => match inst.operands[0] {
Operand::Reg(r) if r.number() == 14 => {
let ret0 = cx.read_reg(ArmReg::R0);
cx.fb.ret(&[ret0]);
Ok(())
}
_ => Err(ArmLiftError::UnsupportedControlFlow),
},
_ => Err(ArmLiftError::UnsupportedInstruction),
}
}
fn guard_cond(
&self,
cx: &mut ArmLiftCtx<'_>,
cond: ArmCond,
) -> Result<Option<Value>, ArmLiftError> {
match cond {
ArmCond::Al => Ok(None),
_ => cx
.condition_value(cond)
.map(Some)
.ok_or(ArmLiftError::MissingCompareState),
}
}
fn lift_mov(
&self,
cx: &mut ArmLiftCtx<'_>,
cond: ArmCond,
parsed: &ParsedText,
) -> Result<(), ArmLiftError> {
if cond != ArmCond::Al {
return Err(ArmLiftError::UnsupportedCondition);
}
let rd = Self::parse_reg(
parsed
.operands
.first()
.ok_or(ArmLiftError::UnsupportedInstruction)?,
)
.ok_or(ArmLiftError::UnsupportedInstruction)?;
let src = Self::operand_value(
cx,
parsed
.operands
.get(1)
.ok_or(ArmLiftError::UnsupportedInstruction)?,
)?;
cx.write_reg(rd, src);
Ok(())
}
fn lift_add(
&self,
cx: &mut ArmLiftCtx<'_>,
cond: ArmCond,
parsed: &ParsedText,
) -> Result<(), ArmLiftError> {
if cond != ArmCond::Al {
return Err(ArmLiftError::UnsupportedCondition);
}
let rd = Self::parse_reg(
parsed
.operands
.first()
.ok_or(ArmLiftError::UnsupportedInstruction)?,
)
.ok_or(ArmLiftError::UnsupportedInstruction)?;
let rn = Self::parse_reg(
parsed
.operands
.get(1)
.ok_or(ArmLiftError::UnsupportedInstruction)?,
)
.ok_or(ArmLiftError::UnsupportedInstruction)?;
let op2 = Self::operand_value(
cx,
parsed
.operands
.get(2)
.ok_or(ArmLiftError::UnsupportedInstruction)?,
)?;
let lhs = cx.read_reg(rn);
let out = cx.fb.iadd(lhs, op2, cx.word_ty());
cx.write_reg(rd, out);
Ok(())
}
fn lift_sub(
&self,
cx: &mut ArmLiftCtx<'_>,
cond: ArmCond,
parsed: &ParsedText,
) -> Result<(), ArmLiftError> {
if cond != ArmCond::Al {
return Err(ArmLiftError::UnsupportedCondition);
}
let rd = Self::parse_reg(
parsed
.operands
.first()
.ok_or(ArmLiftError::UnsupportedInstruction)?,
)
.ok_or(ArmLiftError::UnsupportedInstruction)?;
let rn = Self::parse_reg(
parsed
.operands
.get(1)
.ok_or(ArmLiftError::UnsupportedInstruction)?,
)
.ok_or(ArmLiftError::UnsupportedInstruction)?;
let op2 = Self::operand_value(
cx,
parsed
.operands
.get(2)
.ok_or(ArmLiftError::UnsupportedInstruction)?,
)?;
let lhs = cx.read_reg(rn);
let out = cx.fb.isub(lhs, op2, cx.word_ty());
cx.write_reg(rd, out);
Ok(())
}
fn lift_cmp(
&self,
cx: &mut ArmLiftCtx<'_>,
cond: ArmCond,
parsed: &ParsedText,
) -> Result<(), ArmLiftError> {
if cond != ArmCond::Al {
return Err(ArmLiftError::UnsupportedCondition);
}
let rn = Self::parse_reg(
parsed
.operands
.first()
.ok_or(ArmLiftError::UnsupportedInstruction)?,
)
.ok_or(ArmLiftError::UnsupportedInstruction)?;
let lhs = cx.read_reg(rn);
let rhs = Self::operand_value(
cx,
parsed
.operands
.get(1)
.ok_or(ArmLiftError::UnsupportedInstruction)?,
)?;
cx.last_cmp = Some((lhs, rhs));
Ok(())
}
fn lift_ldr(
&self,
cx: &mut ArmLiftCtx<'_>,
cond: ArmCond,
parsed: &ParsedText,
) -> Result<(), ArmLiftError> {
if cond != ArmCond::Al {
return Err(ArmLiftError::UnsupportedCondition);
}
let rt = Self::parse_reg(
parsed
.operands
.first()
.ok_or(ArmLiftError::UnsupportedInstruction)?,
)
.ok_or(ArmLiftError::UnsupportedInstruction)?;
let addr = Self::address_from_mem(
cx,
parsed
.operands
.get(1)
.ok_or(ArmLiftError::UnsupportedInstruction)?,
)?;
let val = cx.fb.load(addr, MemSize::S4, Type::i32());
cx.write_reg(rt, val);
Ok(())
}
fn lift_str(
&self,
cx: &mut ArmLiftCtx<'_>,
cond: ArmCond,
parsed: &ParsedText,
) -> Result<(), ArmLiftError> {
if cond != ArmCond::Al {
return Err(ArmLiftError::UnsupportedCondition);
}
let rt = Self::parse_reg(
parsed
.operands
.first()
.ok_or(ArmLiftError::UnsupportedInstruction)?,
)
.ok_or(ArmLiftError::UnsupportedInstruction)?;
let val = cx.read_reg(rt);
let addr = Self::address_from_mem(
cx,
parsed
.operands
.get(1)
.ok_or(ArmLiftError::UnsupportedInstruction)?,
)?;
cx.fb.store(addr, val, MemSize::S4);
Ok(())
}
fn lift_b(
&self,
cx: &mut ArmLiftCtx<'_>,
cond: ArmCond,
parsed: &ParsedText,
) -> Result<(), ArmLiftError> {
let target_addr = Self::parse_target(
parsed
.operands
.first()
.ok_or(ArmLiftError::UnsupportedInstruction)?,
)
.ok_or(ArmLiftError::UnsupportedInstruction)?;
let target_block = cx
.direct_block(target_addr)
.ok_or(ArmLiftError::MissingTargetBlock)?;
match cond {
ArmCond::Al => {
cx.fb.jump(target_block);
Ok(())
}
_ => {
let cond_v = cx
.condition_value(cond)
.ok_or(ArmLiftError::MissingCompareState)?;
let fallthrough = cx
.fallthrough_block()
.ok_or(ArmLiftError::MissingTargetBlock)?;
cx.fb.br_if(cond_v, target_block, fallthrough);
Ok(())
}
}
}
fn lift_bl(&self, cx: &mut ArmLiftCtx<'_>, parsed: &ParsedText) -> Result<(), ArmLiftError> {
let target_addr = Self::parse_target(
parsed
.operands
.first()
.ok_or(ArmLiftError::UnsupportedInstruction)?,
)
.ok_or(ArmLiftError::UnsupportedInstruction)?;
let callee = cx.fb.iconst(Type::ptr(32), target_addr as i64);
cx.fb.call(callee, &[]);
Ok(())
}
fn lift_bx(&self, cx: &mut ArmLiftCtx<'_>, inst: &Instruction) -> Result<(), ArmLiftError> {
match inst.operands[0] {
Operand::Reg(r) if r.number() == 14 => {
let ret0 = cx.read_reg(ArmReg::R0);
cx.fb.ret(&[ret0]);
Ok(())
}
_ => Err(ArmLiftError::UnsupportedControlFlow),
}
}
}
impl Arch for Arm {
type Mode = ArmMode;
type Inst = Instruction;
type Reg = ArmReg;
type DecodeError = DecodeError;
type Disasm = String;
fn name(&self) -> &'static str {
"arm"
}
fn address_size(&self, _mode: Self::Mode) -> u8 {
4
}
fn max_instruction_len(&self) -> u8 {
4
}
fn registers(&self) -> &'static [RegisterDesc<Self::Reg>] {
&REGISTERS
}
fn stack_pointer(&self) -> Option<Self::Reg> {
Some(ArmReg::Sp)
}
fn decode(
&self,
bytes: &[u8],
mode: Self::Mode,
) -> Result<(usize, Self::Inst), Self::DecodeError> {
let decoder = match mode {
ArmMode::Arm => InstDecoder::default(),
ArmMode::Thumb => InstDecoder::default_thumb(),
};
let mut reader = U8Reader::new(bytes);
let inst = decoder.decode(&mut reader)?;
let len = inst.len().to_const() as usize;
Ok((len, inst))
}
fn flow_info(&self, inst: &Self::Inst, pc: u64, _mode: Self::Mode) -> FlowInfo {
let len = inst.len().to_const() as u8;
match inst.opcode {
Opcode::B => {
let target = Self::direct_target_from_operand(pc, inst.operands[0])
.map(FlowTarget::Direct)
.unwrap_or(FlowTarget::Indirect);
match inst.condition {
ConditionCode::AL => FlowInfo::new(len, FlowKind::Jump { target }),
_ => FlowInfo::new(len, FlowKind::CondJump { target }),
}
}
Opcode::BL | Opcode::BLX => {
let target = Self::direct_target_from_operand(pc, inst.operands[0])
.map(FlowTarget::Direct)
.unwrap_or(FlowTarget::Indirect);
FlowInfo::new(
len,
FlowKind::Call {
target,
returns: true,
},
)
}
Opcode::BX => match inst.operands[0] {
Operand::Reg(r) if r.number() == 14 => FlowInfo::new(len, FlowKind::Return),
_ => FlowInfo::new(
len,
FlowKind::Jump {
target: FlowTarget::Indirect,
},
),
},
Opcode::NOP => FlowInfo::new(len, FlowKind::FallThrough),
_ => FlowInfo::new(len, FlowKind::FallThrough),
}
}
fn disasm(&self, inst: &Self::Inst, _pc: u64, _mode: Self::Mode) -> Self::Disasm {
inst.to_string()
}
}
impl LiftArch for Arm {
type LiftError = ArmLiftError;
type LiftCtx<'a> = ArmLiftCtx<'a>;
fn lift(&self, cx: &mut Self::LiftCtx<'_>, inst: &Self::Inst) -> Result<(), Self::LiftError> {
self.lift_inst(cx, inst)
}
}
pub struct DummyEnv;
impl LiftEnv for DummyEnv {
fn block_for_target(&self, _addr: u64) -> Option<Block> {
None
}
fn fallthrough_block(&self) -> Option<Block> {
None
}
}
Reference in a new issue View git blame Copy permalink