From 7d12b36f554850328821a3eaa15a510594a14b58 Mon Sep 17 00:00:00 2001 From: llaubin <20232176+llaubin@users.noreply.github.com> Date: Fri, 11 Oct 2024 15:22:04 +0200 Subject: [PATCH] add aarch64 CSINV instruction --- .../arch/arm/aarch64/aarch64Semantics.cpp | 25 +++++++++++++++++++ .../includes/triton/aarch64Semantics.hpp | 3 +++ src/testers/aarch64/unicorn_test_aarch64.py | 3 +++ 3 files changed, 31 insertions(+) diff --git a/src/libtriton/arch/arm/aarch64/aarch64Semantics.cpp b/src/libtriton/arch/arm/aarch64/aarch64Semantics.cpp index cd6b52eaa..ce8689f53 100644 --- a/src/libtriton/arch/arm/aarch64/aarch64Semantics.cpp +++ b/src/libtriton/arch/arm/aarch64/aarch64Semantics.cpp @@ -60,6 +60,7 @@ CNEG | Conditional Negate returns: an alias of CSNEG CSEL | Conditional Select CSET | Conditional Set: an alias of CSINC CSINC | Conditional Select Increment +CSINV | Conditional Select Inversion CSNEG | Conditional Select Negation EON (shifted register) | Bitwise Exclusive OR NOT (shifted register) EOR (immediate) | Bitwise Exclusive OR (immediate) @@ -257,6 +258,7 @@ namespace triton { case ID_INS_CSET: this->cset_s(inst); break; case ID_INS_CSINC: this->csinc_s(inst); break; case ID_INS_CSNEG: this->csneg_s(inst); break; + case ID_INS_CSINV: this->csinv_s(inst); break; case ID_INS_EON: this->eon_s(inst); break; case ID_INS_EOR: this->eor_s(inst); break; case ID_INS_EXTR: this->extr_s(inst); break; @@ -1780,6 +1782,29 @@ namespace triton { this->controlFlow_s(inst); } + void AArch64Semantics::csinv_s(triton::arch::Instruction& inst) { + auto& dst = inst.operands[0]; + auto& src1 = inst.operands[1]; + auto& src2 = inst.operands[2]; + + /* Create symbolic operands */ + auto op1 = this->symbolicEngine->getOperandAst(inst, src1); + auto op2 = this->astCtxt->bvnot(this->symbolicEngine->getOperandAst(inst, src2)); + + /* Create the semantics */ + auto node = this->getCodeConditionAst(inst, op1, op2); + + /* Create symbolic expression */ + auto expr = this->symbolicEngine->createSymbolicExpression(inst, node, dst, "CSNEG operation"); + + /* Spread taint */ + expr->isTainted = this->taintEngine->setTaint(dst, this->taintEngine->isTainted(src1) | this->taintEngine->isTainted(src2)); + + /* Update the symbolic control flow */ + this->controlFlow_s(inst); + } + + void AArch64Semantics::eon_s(triton::arch::Instruction& inst) { auto& dst = inst.operands[0]; diff --git a/src/libtriton/includes/triton/aarch64Semantics.hpp b/src/libtriton/includes/triton/aarch64Semantics.hpp index 49df9b92b..77237e351 100644 --- a/src/libtriton/includes/triton/aarch64Semantics.hpp +++ b/src/libtriton/includes/triton/aarch64Semantics.hpp @@ -246,6 +246,9 @@ namespace triton { //! The CSNEG semantics void csneg_s(triton::arch::Instruction& inst); + //! The CSINV semantics + void csinv_s(triton::arch::Instruction& inst); + //! The EON semantics. void eon_s(triton::arch::Instruction& inst); diff --git a/src/testers/aarch64/unicorn_test_aarch64.py b/src/testers/aarch64/unicorn_test_aarch64.py index f905ad261..b54c7504c 100644 --- a/src/testers/aarch64/unicorn_test_aarch64.py +++ b/src/testers/aarch64/unicorn_test_aarch64.py @@ -916,6 +916,9 @@ (b"\x20\x14\x82\xda", "csneg x0, x1, x2, ne"), (b"\x40\x14\x81\xda", "csneg x0, x2, x1, ne"), + (b"\x00\xA1\x9F\xDA", "csinv x0, x8, xzr, ge"), + (b"\x20\x01\x9F\xDA", "csinv x0, x9, xzr, eq"), + (b"\x41\x14\x82\xda", "cneg x1, x2, eq"), (b"\x22\x14\x81\xda", "cneg x2, x1, eq"), (b"\x41\x04\x82\xda", "cneg x1, x2, ne"),