diff --git a/librz/analysis/arch/arm/arm_accessors32.h b/librz/analysis/arch/arm/arm_accessors32.h index 6b9127e9a4d..7d3d5b06858 100644 --- a/librz/analysis/arch/arm/arm_accessors32.h +++ b/librz/analysis/arch/arm/arm_accessors32.h @@ -17,9 +17,11 @@ // s/index/base|reg/ #define HASMEMINDEX(x) (insn->detail->arm.operands[x].mem.index != ARM_REG_INVALID) #define ISMEMINDEXSUB(x) insn->detail->arm.operands[x].subtracted -#define MEMDISP(x) insn->detail->arm.operands[x].mem.disp +#define MEMDISP(x) (ISMEMINDEXSUB(x) ? -insn->detail->arm.operands[x].mem.disp : insn->detail->arm.operands[x].mem.disp) +#define MEMDISP_BV(x) (HASMEMINDEX(x) ? REG_VAL(insn->detail->arm.operands[x].mem.index) : U32(MEMDISP(x))) #define ISIMM(x) (insn->detail->arm.operands[x].type == ARM_OP_IMM || insn->detail->arm.operands[x].type == ARM_OP_FP) #define ISREG(x) (insn->detail->arm.operands[x].type == ARM_OP_REG) +#define ISPSRFLAGS(x) (insn->detail->arm.operands[x].type == ARM_OP_CPSR || insn->detail->arm.operands[x].type == ARM_OP_SPSR) #define ISMEM(x) (insn->detail->arm.operands[x].type == ARM_OP_MEM) #define ISFPIMM(x) (insn->detail->arm.operands[x].type == ARM_OP_FP) @@ -38,6 +40,7 @@ SHIFTTYPE(x) == ARM_SFT_RRX_REG) #define SHIFTVALUE(x) insn->detail->arm.operands[x].shift.value -#define ISWRITEBACK32() insn->detail->arm.writeback -#define ISPREINDEX32() (((OPCOUNT() == 2) && (ISMEM(1)) && (ISWRITEBACK32())) || ((OPCOUNT() == 3) && (ISMEM(2)) && (ISWRITEBACK32()))) -#define ISPOSTINDEX32() (((OPCOUNT() == 3) && (ISIMM(2) || ISREG(2)) && (ISWRITEBACK32())) || ((OPCOUNT() == 4) && (ISIMM(3) || ISREG(3)) && (ISWRITEBACK32()))) +#define ISPOSTINDEX() insn->detail->arm.post_index +#define ISWRITEBACK32() insn->detail->writeback +#define ISPREINDEX32() (((OPCOUNT() == 2) && (ISMEM(1)) && (ISWRITEBACK32()) && (!ISPOSTINDEX())) || \ + ((OPCOUNT() == 3) && (ISMEM(2)) && (ISWRITEBACK32()) && (!ISPOSTINDEX()))) diff --git a/librz/analysis/arch/arm/arm_cs.h b/librz/analysis/arch/arm/arm_cs.h index 5fc14a1e755..efb9e8e5fd7 100644 --- a/librz/analysis/arch/arm/arm_cs.h +++ b/librz/analysis/arch/arm/arm_cs.h @@ -10,7 +10,10 @@ RZ_IPI int rz_arm_cs_analysis_op_32_esil(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *buf, int len, csh *handle, cs_insn *insn, bool thumb); RZ_IPI int rz_arm_cs_analysis_op_64_esil(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *buf, int len, csh *handle, cs_insn *insn); -RZ_IPI const char *rz_arm_cs_esil_prefix_cond(RzAnalysisOp *op, int cond_type); +RZ_IPI bool rz_arm_cs_is_group_member(RZ_NONNULL const cs_insn *insn, arm_insn_group feature); + +RZ_IPI const char *rz_arm32_cs_esil_prefix_cond(RzAnalysisOp *op, ARMCC_CondCodes cond_type); +RZ_IPI const char *rz_arm64_cs_esil_prefix_cond(RzAnalysisOp *op, arm64_cc cond_type); RZ_IPI RzILOpEffect *rz_arm_cs_32_il(csh *handle, cs_insn *insn, bool thumb); RZ_IPI RzAnalysisILConfig *rz_arm_cs_32_il_config(bool big_endian); diff --git a/librz/analysis/arch/arm/arm_esil32.c b/librz/analysis/arch/arm/arm_esil32.c index 385d39f04c1..507cc611928 100644 --- a/librz/analysis/arch/arm/arm_esil32.c +++ b/librz/analysis/arch/arm/arm_esil32.c @@ -60,71 +60,71 @@ static unsigned int regsize32(cs_insn *insn, int n) { #define REGSIZE32(x) regsize32(insn, x) // return postfix -RZ_IPI const char *rz_arm_cs_esil_prefix_cond(RzAnalysisOp *op, int cond_type) { +RZ_IPI const char *rz_arm32_cs_esil_prefix_cond(RzAnalysisOp *op, ARMCC_CondCodes cond_type) { const char *close_cond[2]; close_cond[0] = ""; close_cond[1] = ",}"; int close_type = 0; switch (cond_type) { - case ARM_CC_EQ: + case ARMCC_EQ: close_type = 1; rz_strbuf_setf(&op->esil, "zf,?{,"); break; - case ARM_CC_NE: + case ARMCC_NE: close_type = 1; rz_strbuf_setf(&op->esil, "zf,!,?{,"); break; - case ARM_CC_HS: + case ARMCC_HS: close_type = 1; rz_strbuf_setf(&op->esil, "cf,?{,"); break; - case ARM_CC_LO: + case ARMCC_LO: close_type = 1; rz_strbuf_setf(&op->esil, "cf,!,?{,"); break; - case ARM_CC_MI: + case ARMCC_MI: close_type = 1; rz_strbuf_setf(&op->esil, "nf,?{,"); break; - case ARM_CC_PL: + case ARMCC_PL: close_type = 1; rz_strbuf_setf(&op->esil, "nf,!,?{,"); break; - case ARM_CC_VS: + case ARMCC_VS: close_type = 1; rz_strbuf_setf(&op->esil, "vf,?{,"); break; - case ARM_CC_VC: + case ARMCC_VC: close_type = 1; rz_strbuf_setf(&op->esil, "vf,!,?{,"); break; - case ARM_CC_HI: + case ARMCC_HI: close_type = 1; rz_strbuf_setf(&op->esil, "cf,zf,!,&,?{,"); break; - case ARM_CC_LS: + case ARMCC_LS: close_type = 1; rz_strbuf_setf(&op->esil, "cf,!,zf,|,?{,"); break; - case ARM_CC_GE: + case ARMCC_GE: close_type = 1; rz_strbuf_setf(&op->esil, "nf,vf,^,!,?{,"); break; - case ARM_CC_LT: + case ARMCC_LT: close_type = 1; rz_strbuf_setf(&op->esil, "nf,vf,^,?{,"); break; - case ARM_CC_GT: + case ARMCC_GT: // zf == 0 && nf == vf close_type = 1; rz_strbuf_setf(&op->esil, "zf,!,nf,vf,^,!,&,?{,"); break; - case ARM_CC_LE: + case ARMCC_LE: // zf == 1 || nf != vf close_type = 1; rz_strbuf_setf(&op->esil, "zf,nf,vf,^,|,?{,"); break; - case ARM_CC_AL: + case ARMCC_AL: // always executed break; default: @@ -256,7 +256,7 @@ RZ_IPI int rz_arm_cs_analysis_op_32_esil(RzAnalysis *a, RzAnalysisOp *op, ut64 a rz_strbuf_init(&op->esil); rz_strbuf_set(&op->esil, ""); - postfix = rz_arm_cs_esil_prefix_cond(op, insn->detail->arm.cc); + postfix = rz_arm32_cs_esil_prefix_cond(op, insn->detail->arm.cc); switch (insn->id) { case ARM_INS_CLZ: @@ -391,7 +391,7 @@ PUSH { r4, r5, r6, r7, lr } rz_strbuf_appendf(&op->esil, "%s,%s,%d,+,=[4],", REG(i), ARG(0), (i + offset) * 4); } - if (insn->detail->arm.writeback == true) { // writeback, reg should be incremented + if (insn->detail->writeback == true) { // writeback, reg should be incremented rz_strbuf_appendf(&op->esil, "%d,%s,+=,", direction * (insn->detail->arm.op_count - 1) * 4, ARG(0)); } @@ -406,7 +406,7 @@ PUSH { r4, r5, r6, r7, lr } width += REGSIZE32(i); } // increment if writeback - if (insn->detail->arm.writeback) { + if (insn->detail->writeback) { rz_strbuf_appendf(&op->esil, "%d,%s,+=,", width, ARG(0)); } break; @@ -430,7 +430,7 @@ PUSH { r4, r5, r6, r7, lr } width += REGSIZE32(i); } // increment if writeback - if (insn->detail->arm.writeback) { + if (insn->detail->writeback) { rz_strbuf_appendf(&op->esil, "%d,%s,+=,", width, ARG(0)); } break; @@ -489,7 +489,7 @@ r6,r5,r4,3,sp,[*],12,sp,+= for (i = 1; i < insn->detail->arm.op_count; i++) { rz_strbuf_appendf(&op->esil, "%s,%d,+,[4],%s,=,", ARG(0), (i + offset) * 4, REG(i)); } - if (insn->detail->arm.writeback) { + if (insn->detail->writeback) { rz_strbuf_appendf(&op->esil, "%d,%s,+=,", direction * (insn->detail->arm.op_count - 1) * 4, ARG(0)); } @@ -545,14 +545,14 @@ r6,r5,r4,3,sp,[*],12,sp,+= default: str_ldr_bytes = 4; } - if (OPCOUNT() == 2) { + if (!ISPOSTINDEX()) { if (ISMEM(1) && !HASMEMINDEX(1)) { int disp = MEMDISP(1); char sign = disp >= 0 ? '+' : '-'; disp = disp >= 0 ? disp : -disp; rz_strbuf_appendf(&op->esil, "%s,0x%x,%s,%c,0xffffffff,&,=[%d]", REG(0), disp, MEMBASE(1), sign, str_ldr_bytes); - if (insn->detail->arm.writeback) { + if (insn->detail->writeback) { rz_strbuf_appendf(&op->esil, ",%d,%s,%c,%s,=", disp, MEMBASE(1), sign, MEMBASE(1)); } @@ -563,7 +563,7 @@ r6,r5,r4,3,sp,[*],12,sp,+= case ARM_SFT_LSL: rz_strbuf_appendf(&op->esil, "%s,%s,%d,%s,<<,+,0xffffffff,&,=[%d]", REG(0), MEMBASE(1), SHIFTVALUE(1), MEMINDEX(1), str_ldr_bytes); - if (insn->detail->arm.writeback) { // e.g. 'str r2, [r3, r1, lsl 4]!' + if (insn->detail->writeback) { // e.g. 'str r2, [r3, r1, lsl 4]!' rz_strbuf_appendf(&op->esil, ",%s,%d,%s,<<,+,%s,=", MEMBASE(1), SHIFTVALUE(1), MEMINDEX(1), MEMBASE(1)); } @@ -571,7 +571,7 @@ r6,r5,r4,3,sp,[*],12,sp,+= case ARM_SFT_LSR: rz_strbuf_appendf(&op->esil, "%s,%s,%d,%s,>>,+,0xffffffff,&,=[%d]", REG(0), MEMBASE(1), SHIFTVALUE(1), MEMINDEX(1), str_ldr_bytes); - if (insn->detail->arm.writeback) { + if (insn->detail->writeback) { rz_strbuf_appendf(&op->esil, ",%s,%d,%s,>>,+,%s,=", MEMBASE(1), SHIFTVALUE(1), MEMINDEX(1), MEMBASE(1)); } @@ -579,7 +579,7 @@ r6,r5,r4,3,sp,[*],12,sp,+= case ARM_SFT_ASR: rz_strbuf_appendf(&op->esil, "%s,%s,%d,%s,>>>>,+,0xffffffff,&,=[%d]", REG(0), MEMBASE(1), SHIFTVALUE(1), MEMINDEX(1), str_ldr_bytes); - if (insn->detail->arm.writeback) { + if (insn->detail->writeback) { rz_strbuf_appendf(&op->esil, ",%s,%d,%s,>>>>,+,%s,=", MEMBASE(1), SHIFTVALUE(1), MEMINDEX(1), MEMBASE(1)); } @@ -587,7 +587,7 @@ r6,r5,r4,3,sp,[*],12,sp,+= case ARM_SFT_ROR: rz_strbuf_appendf(&op->esil, "%s,%s,%d,%s,>>>,+,0xffffffff,&,=[%d]", REG(0), MEMBASE(1), SHIFTVALUE(1), MEMINDEX(1), str_ldr_bytes); - if (insn->detail->arm.writeback) { + if (insn->detail->writeback) { rz_strbuf_appendf(&op->esil, ",%s,%d,%s,>>>,+,%s,=", MEMBASE(1), SHIFTVALUE(1), MEMINDEX(1), MEMBASE(1)); } @@ -602,35 +602,35 @@ r6,r5,r4,3,sp,[*],12,sp,+= } else { // No shift rz_strbuf_appendf(&op->esil, "%s,%s,%s,+,0xffffffff,&,=[%d]", REG(0), MEMINDEX(1), MEMBASE(1), str_ldr_bytes); - if (insn->detail->arm.writeback) { + if (insn->detail->writeback) { rz_strbuf_appendf(&op->esil, ",%s,%s,+,%s,=", MEMINDEX(1), MEMBASE(1), MEMBASE(1)); } } } } - if (OPCOUNT() == 3) { // e.g. 'str r2, [r3], 4 - if (ISIMM(2) && str_ldr_bytes != 8) { // e.g. 'str r2, [r3], 4 + if (ISPOSTINDEX()) { // e.g. 'str r2, [r3], 4 + if (!HASMEMINDEX(1) && (str_ldr_bytes != 8)) { // e.g. 'str r2, [r3], 4 rz_strbuf_appendf(&op->esil, "%s,%s,0xffffffff,&,=[%d],%d,%s,+=", - REG(0), MEMBASE(1), str_ldr_bytes, IMM(2), MEMBASE(1)); - } else if (str_ldr_bytes != 8) { - if (ISSHIFTED(2)) { // e.g. 'str r2, [r3], r1, lsl 4' - switch (SHIFTTYPE(2)) { + REG(0), MEMBASE(1), str_ldr_bytes, MEMDISP(1), MEMBASE(1)); + } else if (str_ldr_bytes != 8) { // e.g. 'str r2, [r3], r1 + if (ISSHIFTED(1)) { // e.g. 'str r2, [r3], r1, lsl 4' + switch (SHIFTTYPE(1)) { case ARM_SFT_LSL: rz_strbuf_appendf(&op->esil, "%s,%s,0xffffffff,&,=[%d],%s,%d,%s,<<,+,%s,=", - REG(0), MEMBASE(1), str_ldr_bytes, MEMBASE(1), SHIFTVALUE(2), REG(2), MEMBASE(1)); + REG(0), MEMBASE(1), str_ldr_bytes, MEMBASE(1), SHIFTVALUE(1), MEMINDEX(1), MEMBASE(1)); break; case ARM_SFT_LSR: rz_strbuf_appendf(&op->esil, "%s,%s,0xffffffff,&,=[%d],%s,%d,%s,>>,+,%s,=", - REG(0), MEMBASE(1), str_ldr_bytes, MEMBASE(1), SHIFTVALUE(2), REG(2), MEMBASE(1)); + REG(0), MEMBASE(1), str_ldr_bytes, MEMBASE(1), SHIFTVALUE(1), MEMINDEX(1), MEMBASE(1)); break; case ARM_SFT_ASR: rz_strbuf_appendf(&op->esil, "%s,%s,0xffffffff,&,=[%d],%s,%d,%s,>>>>,+,%s,=", - REG(0), MEMBASE(1), str_ldr_bytes, MEMBASE(1), SHIFTVALUE(2), REG(2), MEMBASE(1)); + REG(0), MEMBASE(1), str_ldr_bytes, MEMBASE(1), SHIFTVALUE(1), MEMINDEX(1), MEMBASE(1)); break; case ARM_SFT_ROR: rz_strbuf_appendf(&op->esil, "%s,%s,0xffffffff,&,=[%d],%s,%d,%s,>>>,+,%s,=", - REG(0), MEMBASE(1), str_ldr_bytes, MEMBASE(1), SHIFTVALUE(2), REG(2), MEMBASE(1)); + REG(0), MEMBASE(1), str_ldr_bytes, MEMBASE(1), SHIFTVALUE(1), MEMINDEX(1), MEMBASE(1)); break; case ARM_SFT_RRX: // TODO @@ -641,17 +641,16 @@ r6,r5,r4,3,sp,[*],12,sp,+= } } else { // No shift rz_strbuf_appendf(&op->esil, "%s,%s,0xffffffff,&,=[%d],%s,%s,+=", - REG(0), MEMBASE(1), str_ldr_bytes, REG(2), MEMBASE(1)); + REG(0), MEMBASE(1), str_ldr_bytes, MEMINDEX(1), MEMBASE(1)); } - } - if (ISREG(1) && str_ldr_bytes == 8) { // e.g. 'strd r2, r3, [r4]', normally should be the only case for ISREG(1). + } else if (ISREG(1) && str_ldr_bytes == 8) { // e.g. 'strd r2, r3, [r4]', normally should be the only case for ISREG(1). if (!HASMEMINDEX(2)) { int disp = MEMDISP(2); char sign = disp >= 0 ? '+' : '-'; disp = disp >= 0 ? disp : -disp; - rz_strbuf_appendf(&op->esil, "%s,%d,%s,%c,0xffffffff,&,=[4],%s,4,%d,+,%s,%c,0xffffffff,&,=[4]", - REG(0), disp, MEMBASE(2), sign, REG(1), disp, MEMBASE(2), sign); - if (insn->detail->arm.writeback) { + rz_strbuf_appendf(&op->esil, "%s,%s,0xffffffff,&,=[4],%s,4,%s,+,0xffffffff,&,=[4]", + REG(0), MEMBASE(2), REG(1), MEMBASE(2)); + if (insn->detail->writeback) { rz_strbuf_appendf(&op->esil, ",%d,%s,%c,%s,=", disp, MEMBASE(2), sign, MEMBASE(2)); } @@ -659,9 +658,9 @@ r6,r5,r4,3,sp,[*],12,sp,+= if (ISSHIFTED(2)) { // it seems strd does not support SHIFT which is good, but have a check nonetheless } else { - rz_strbuf_appendf(&op->esil, "%s,%s,+,0xffffffff,&,=[4],%s,4,%s,+,0xffffffff,&,=[4]", + rz_strbuf_appendf(&op->esil, "%s,%s,0xffffffff,&,=[4],%s,4,%s,+,0xffffffff,&,=[4]", REG(0), MEMBASE(2), REG(1), MEMBASE(2)); - if (insn->detail->arm.writeback) { + if (insn->detail->writeback) { const char sign = ISMEMINDEXSUB(2) ? '-' : '+'; rz_strbuf_appendf(&op->esil, ",%s,%s,%c=", MEMINDEX(2), MEMBASE(2), sign); @@ -670,20 +669,6 @@ r6,r5,r4,3,sp,[*],12,sp,+= } } } - if (OPCOUNT() == 4) { // e.g. 'strd r2, r3, [r4], 4' or 'strd r2, r3, [r4], r5' - if (ISIMM(3)) { // e.g. 'strd r2, r3, [r4], 4' - rz_strbuf_appendf(&op->esil, "%s,%s,0xffffffff,&,=[%d],%s,4,%s,+,0xffffffff,&,=[%d],%d,%s,+=,", - REG(0), MEMBASE(2), str_ldr_bytes, REG(1), MEMBASE(2), str_ldr_bytes, IMM(3), MEMBASE(2)); - } - if (ISREG(3)) { // e.g. 'strd r2, r3, [r4], r5' - if (ISSHIFTED(3)) { - // same as above - } else { - rz_strbuf_appendf(&op->esil, "%s,%s,0xffffffff,&,=[%d],%s,4,%s,+,0xffffffff,&,=[%d],%s,%s,+=", - REG(0), MEMBASE(2), str_ldr_bytes, REG(1), MEMBASE(2), str_ldr_bytes, REG(3), MEMBASE(2)); - } - } - } break; case ARM_INS_TST: rz_strbuf_appendf(&op->esil, "0,%s,%s,&,==", ARG(1), ARG(0)); @@ -698,15 +683,10 @@ r6,r5,r4,3,sp,[*],12,sp,+= rz_strbuf_appendf(&op->esil, "0x%" PFMT64x ",2,2,%s,%d,+,>>,<<,+,0xffffffff,&,DUP,[4],%s,=,4,+,[4],%s,=", (ut64)MEMDISP(2), pc, pcdelta, REG(0), REG(1)); } else { - int disp = MEMDISP(2); + int disp = ISPOSTINDEX() ? 0 : MEMDISP(2); // not refptr, because we can't grab the reg value statically op->refptr = 4; - if (disp < 0) { - rz_strbuf_appendf(&op->esil, "0x%" PFMT64x ",%s,-,0xffffffff,&,DUP,[4],%s,=,4,+,[4],%s,=", - (ut64)-disp, MEMBASE(2), REG(0), REG(1)); - } else { - rz_strbuf_appendf(&op->esil, "0x%" PFMT64x ",%s,+,0xffffffff,&,DUP,[4],%s,=,4,+,[4],%s,=", - (ut64)disp, MEMBASE(2), REG(0), REG(1)); - } + rz_strbuf_appendf(&op->esil, "0x%" PFMT64x ",%s,-,0xffffffff,&,DUP,[4],%s,=,4,+,[4],%s,=", + (ut64)-disp, MEMBASE(2), REG(0), REG(1)); } } else { if (REGBASE(2) == ARM_REG_PC) { @@ -722,23 +702,25 @@ r6,r5,r4,3,sp,[*],12,sp,+= pcdelta, pc, MEMDISP(2), REG(0), REG(1)); } } else { - if (HASMEMINDEX(2)) { // e.g. `ldrd r2, r3 [r4, r1]` + if (HASMEMINDEX(2)) { // e.g. `ldrd r2, r3 [r4, r1]` or `ldrd r2, r3 [r4], r1` const char op_index = ISMEMINDEXSUB(2) ? '-' : '+'; + const char *mem_index = ISPOSTINDEX() ? "0" : MEMINDEX(2); rz_strbuf_appendf(&op->esil, "%s,%s,%c,0xffffffff,&,DUP,[4],%s,=,4,+,[4],%s,=", - MEMINDEX(2), MEMBASE(2), op_index, REG(0), REG(1)); + mem_index, MEMBASE(2), op_index, REG(0), REG(1)); } else { + int disp = ISPOSTINDEX() ? 0 : MEMDISP(2); rz_strbuf_appendf(&op->esil, "%d,%s,+,0xffffffff,&,DUP,[4],%s,=,4,+,[4],%s,=", - MEMDISP(2), MEMBASE(2), REG(0), REG(1)); + disp, MEMBASE(2), REG(0), REG(1)); } - if (insn->detail->arm.writeback) { - if (ISPOSTINDEX32()) { - if (ISIMM(3)) { + if (insn->detail->writeback) { + if (ISPOSTINDEX()) { + if (!HASMEMINDEX(2)) { rz_strbuf_appendf(&op->esil, ",%s,%d,+,%s,=", - MEMBASE(2), IMM(3), MEMBASE(2)); + MEMBASE(2), MEMDISP(2), MEMBASE(2)); } else { - const char op_index = ISMEMINDEXSUB(3) ? '-' : '+'; + const char op_index = ISMEMINDEXSUB(2) ? '-' : '+'; rz_strbuf_appendf(&op->esil, ",%s,%s,%c,%s,=", - REG(3), MEMBASE(2), op_index, MEMBASE(2)); + MEMINDEX(2), MEMBASE(2), op_index, MEMBASE(2)); } } else if (ISPREINDEX32()) { if (HASMEMINDEX(2)) { @@ -763,16 +745,11 @@ r6,r5,r4,3,sp,[*],12,sp,+= MEMINDEX(1), MEMBASE(1), REG(0)); } else { rz_strbuf_appendf(&op->esil, "%s,%d,+,[1],%s,=", - MEMBASE(1), MEMDISP(1), REG(0)); + MEMBASE(1), ISPOSTINDEX() ? 0 : MEMDISP(1), REG(0)); } - if (insn->detail->arm.writeback) { - if (ISIMM(2)) { - rz_strbuf_appendf(&op->esil, ",%s,%d,+,%s,=", - MEMBASE(1), IMM(2), MEMBASE(1)); - } else { - rz_strbuf_appendf(&op->esil, ",%s,%d,+,%s,=", - MEMBASE(1), MEMDISP(1), MEMBASE(1)); - } + if (insn->detail->writeback) { + rz_strbuf_appendf(&op->esil, ",%s,%d,+,%s,=", + MEMBASE(1), MEMDISP(1), MEMBASE(1)); } break; case ARM_INS_SXTH: @@ -820,15 +797,10 @@ r6,r5,r4,3,sp,[*],12,sp,+= rz_strbuf_appendf(&op->esil, "0x%" PFMT64x ",2,2,%s,>>,<<,+,0xffffffff,&,[4],0x%x,&,%s,=", (ut64)MEMDISP(1), pc, mask, REG(0)); } else { - int disp = MEMDISP(1); + st64 disp = MEMDISP(1); // not refptr, because we can't grab the reg value statically op->refptr = 4; - if (disp < 0) { - rz_strbuf_appendf(&op->esil, "0x%" PFMT64x ",%s,-,0xffffffff,&,[4],0x%x,&,%s,=", - (ut64)-disp, MEMBASE(1), mask, REG(0)); - } else { - rz_strbuf_appendf(&op->esil, "0x%" PFMT64x ",%s,+,0xffffffff,&,[4],0x%x,&,%s,=", - (ut64)disp, MEMBASE(1), mask, REG(0)); - } + rz_strbuf_appendf(&op->esil, "0x%" PFMT64x ",%s,-,0xffffffff,&,[4],0x%x,&,%s,=", + (ut64)-disp, MEMBASE(1), mask, REG(0)); } } else { if (ISMEM(1) && REGBASE(1) == ARM_REG_PC) { @@ -854,18 +826,16 @@ r6,r5,r4,3,sp,[*],12,sp,+= } else if (HASMEMINDEX(1)) { // e.g. `ldr r2, [r3, r1]` rz_strbuf_appendf(&op->esil, "%s,%s,+,0xffffffff,&,[4],0x%x,&,%s,=", MEMINDEX(1), MEMBASE(1), mask, REG(0)); + } else if (ISPOSTINDEX()) { + rz_strbuf_appendf(&op->esil, "%s,0xffffffff,&,[4],0x%x,&,%s,=", + MEMBASE(1), mask, REG(0)); } else { rz_strbuf_appendf(&op->esil, "%d,%s,+,0xffffffff,&,[4],0x%x,&,%s,=", MEMDISP(1), MEMBASE(1), mask, REG(0)); } - if (insn->detail->arm.writeback) { - if (ISIMM(2)) { - rz_strbuf_appendf(&op->esil, ",%s,%d,+,%s,=", - MEMBASE(1), IMM(2), MEMBASE(1)); - } else { - rz_strbuf_appendf(&op->esil, ",%s,%d,+,%s,=", - MEMBASE(1), MEMDISP(1), MEMBASE(1)); - } + if (insn->detail->writeback) { + rz_strbuf_appendf(&op->esil, ",%s,%d,+,%s,=", + MEMBASE(1), MEMDISP(1), MEMBASE(1)); } } } @@ -874,7 +844,7 @@ r6,r5,r4,3,sp,[*],12,sp,+= // TODO: esil for MRS break; case ARM_INS_MSR: - msr_flags = insn->detail->arm.operands[0].reg >> 4; + msr_flags = insn->detail->arm.operands[0].sysop.msr_mask; rz_strbuf_appendf(&op->esil, "0,"); if (msr_flags & 1) { rz_strbuf_appendf(&op->esil, "0xFF,|,"); @@ -1006,6 +976,9 @@ r6,r5,r4,3,sp,[*],12,sp,+= // many errors if (insn->detail->arm.update_flags) { switch (insn->id) { + case ARM_INS_MSR: + // Updates flags manually + break; case ARM_INS_CMP: rz_strbuf_appendf(&op->esil, ",$z,zf,:=,31,$s,nf,:=,32,$b,!,cf,:=,31,$o,vf,:="); break; @@ -1017,6 +990,30 @@ r6,r5,r4,3,sp,[*],12,sp,+= case ARM_INS_CMN: rz_strbuf_appendf(&op->esil, ",$z,zf,:=,31,$s,nf,:=,31,$c,cf,:=,31,$o,vf,:="); break; + case ARM_INS_MOV: { + // Move has already set the dest register at this point. + // But mind that ARG() always includes the shift of the source register. + // If the source register is the same as the destination register it would shift the value twice. + // We need to prepend the move (already in op->esil) to the flag check. + char move_esil[64]; + switch (SHIFTTYPE(1)) { + default: + break; + case ARM_SFT_LSL: + case ARM_SFT_LSL_REG: + rz_strf(move_esil, "%s", rz_strbuf_drain_nofree(&op->esil)); + rz_strbuf_appendf(&op->esil, ",%s,!,!,?{,%s,32,-,%s,>>,cf,:=,},%s", ARG(1), ARG(1), ARG(0), move_esil); + break; + case ARM_SFT_LSR: + case ARM_SFT_LSR_REG: + case ARM_SFT_ASR: + case ARM_SFT_ASR_REG: + rz_strf(move_esil, "%s", rz_strbuf_drain_nofree(&op->esil)); + rz_strbuf_appendf(&op->esil, "%s,!,!,?{,%s,1,%s,-,0x1,<<,&,!,!,cf,:=,},%s", ARG(1), ARG(0), ARG(1), move_esil); + break; + } + } + // fallthrough default: rz_strbuf_appendf(&op->esil, ",$z,zf,:=,31,$s,nf,:="); } diff --git a/librz/analysis/arch/arm/arm_esil64.c b/librz/analysis/arch/arm/arm_esil64.c index 91c5787e313..30e04b51635 100644 --- a/librz/analysis/arch/arm/arm_esil64.c +++ b/librz/analysis/arch/arm/arm_esil64.c @@ -11,6 +11,79 @@ #define MEMBASE64(x) rz_str_get_null(cs_reg_name(*handle, insn->detail->arm64.operands[x].mem.base)) #define MEMINDEX64(x) rz_str_get_null(cs_reg_name(*handle, insn->detail->arm64.operands[x].mem.index)) +RZ_IPI const char *rz_arm64_cs_esil_prefix_cond(RzAnalysisOp *op, arm64_cc cond_type) { + const char *close_cond[2]; + close_cond[0] = ""; + close_cond[1] = ",}"; + int close_type = 0; + switch (cond_type) { + case ARM64_CC_EQ: + close_type = 1; + rz_strbuf_setf(&op->esil, "zf,?{,"); + break; + case ARM64_CC_NE: + close_type = 1; + rz_strbuf_setf(&op->esil, "zf,!,?{,"); + break; + case ARM64_CC_HS: + close_type = 1; + rz_strbuf_setf(&op->esil, "cf,?{,"); + break; + case ARM64_CC_LO: + close_type = 1; + rz_strbuf_setf(&op->esil, "cf,!,?{,"); + break; + case ARM64_CC_MI: + close_type = 1; + rz_strbuf_setf(&op->esil, "nf,?{,"); + break; + case ARM64_CC_PL: + close_type = 1; + rz_strbuf_setf(&op->esil, "nf,!,?{,"); + break; + case ARM64_CC_VS: + close_type = 1; + rz_strbuf_setf(&op->esil, "vf,?{,"); + break; + case ARM64_CC_VC: + close_type = 1; + rz_strbuf_setf(&op->esil, "vf,!,?{,"); + break; + case ARM64_CC_HI: + close_type = 1; + rz_strbuf_setf(&op->esil, "cf,zf,!,&,?{,"); + break; + case ARM64_CC_LS: + close_type = 1; + rz_strbuf_setf(&op->esil, "cf,!,zf,|,?{,"); + break; + case ARM64_CC_GE: + close_type = 1; + rz_strbuf_setf(&op->esil, "nf,vf,^,!,?{,"); + break; + case ARM64_CC_LT: + close_type = 1; + rz_strbuf_setf(&op->esil, "nf,vf,^,?{,"); + break; + case ARM64_CC_GT: + // zf == 0 && nf == vf + close_type = 1; + rz_strbuf_setf(&op->esil, "zf,!,nf,vf,^,!,&,?{,"); + break; + case ARM64_CC_LE: + // zf == 1 || nf != vf + close_type = 1; + rz_strbuf_setf(&op->esil, "zf,nf,vf,^,|,?{,"); + break; + case ARM64_CC_AL: + // always executed + break; + default: + break; + } + return close_cond[close_type]; +} + static int arm64_reg_width(int reg) { switch (reg) { case ARM64_REG_W0: @@ -205,7 +278,7 @@ RZ_IPI int rz_arm_cs_analysis_op_64_esil(RzAnalysis *a, RzAnalysisOp *op, ut64 a rz_strbuf_init(&op->esil); rz_strbuf_set(&op->esil, ""); - postfix = rz_arm_cs_esil_prefix_cond(op, insn->detail->arm64.cc); + postfix = rz_arm64_cs_esil_prefix_cond(op, insn->detail->arm64.cc); switch (insn->id) { case ARM64_INS_REV: diff --git a/librz/analysis/arch/arm/arm_il32.c b/librz/analysis/arch/arm/arm_il32.c index 00d7ccf602f..4f5cbc68829 100644 --- a/librz/analysis/arch/arm/arm_il32.c +++ b/librz/analysis/arch/arm/arm_il32.c @@ -2,6 +2,7 @@ // SPDX-License-Identifier: LGPL-3.0-only #include +#include #include #include "arm_cs.h" @@ -11,6 +12,27 @@ #include "arm_il_common.inc" +/** + * \brief Tests if the instruction is part of the given group. + * + * \param insn The instruction to test. + * \param group The group to test for. + * \return true The instruction is part of the group. + * \return false The instruction is not part of the group. + */ +RZ_IPI bool rz_arm_cs_is_group_member(RZ_NONNULL const cs_insn *insn, arm_insn_group group) { + rz_return_val_if_fail(insn && insn->detail, false); + uint32_t i = 0; + arm_insn_group group_it = insn->detail->groups[i]; + while (group_it) { + if (group_it == group) { + return true; + } + group_it = insn->detail->groups[++i]; + } + return false; +} + /** * All regs available as global IL variables */ @@ -235,6 +257,7 @@ static inline RzFloatFormat cvtdt2fmt(arm_vectordata_type type, bool choose_src) #define REG_VAL(id) read_reg(PC(insn->address, is_thumb), id) #define REG(n) REG_VAL(REGID(n)) #define MEMBASE(x) REG_VAL(insn->detail->arm.operands[x].mem.base) +#define MEMINDEX(x) REG_VAL(insn->detail->arm.operands[x].mem.index) #define DT_WIDTH(insn) arm_data_width(insn->detail->arm.vector_data) #define REG_WIDTH(n) reg_bits(REGID(n)) #define VVEC_SIZE(insn) insn->detail->arm.vector_size @@ -283,37 +306,37 @@ static RzILOpEffect *write_reg(arm_reg reg, RZ_OWN RZ_NONNULL RzILOpBitVector *v * IL for arm condition * unconditional is returned as NULL (rather than true), for simpler code */ -static RZ_NULLABLE RzILOpBool *cond(arm_cc c) { +static RZ_NULLABLE RzILOpBool *cond(ARMCC_CondCodes c) { switch (c) { - case ARM_CC_EQ: + case ARMCC_EQ: return VARG("zf"); - case ARM_CC_NE: + case ARMCC_NE: return INV(VARG("zf")); - case ARM_CC_HS: + case ARMCC_HS: return VARG("cf"); - case ARM_CC_LO: + case ARMCC_LO: return INV(VARG("cf")); - case ARM_CC_MI: + case ARMCC_MI: return VARG("nf"); - case ARM_CC_PL: + case ARMCC_PL: return INV(VARG("nf")); - case ARM_CC_VS: + case ARMCC_VS: return VARG("vf"); - case ARM_CC_VC: + case ARMCC_VC: return INV(VARG("vf")); - case ARM_CC_HI: + case ARMCC_HI: return AND(VARG("cf"), INV(VARG("zf"))); - case ARM_CC_LS: + case ARMCC_LS: return OR(INV(VARG("cf")), VARG("zf")); - case ARM_CC_GE: + case ARMCC_GE: return INV(XOR(VARG("nf"), VARG("vf"))); - case ARM_CC_LT: + case ARMCC_LT: return XOR(VARG("nf"), VARG("vf")); - case ARM_CC_GT: + case ARMCC_GT: return AND(INV(VARG("zf")), INV(XOR(VARG("nf"), VARG("vf")))); - case ARM_CC_LE: + case ARMCC_LE: return OR(VARG("zf"), XOR(VARG("nf"), VARG("vf"))); - case ARM_CC_AL: + case ARMCC_AL: default: return NULL; } @@ -806,22 +829,12 @@ static RzILOpEffect *ldr(cs_insn *insn, bool is_thumb) { if (!addr) { return NULL; } - bool writeback = insn->detail->arm.writeback; - if (ISIMM(mem_idx + 1)) { - // capstone incorrectly sets writeback to false for e.g. 0400b1e4 ldrt r0, [r1], 4 - writeback = true; - } + bool writeback = insn->detail->writeback; + RzILOpEffect *writeback_eff = NULL; - bool writeback_post = false; + bool writeback_post = insn->detail->arm.post_index; if (writeback) { arm_reg base = insn->detail->arm.operands[mem_idx].mem.base; - if (ISIMM(mem_idx + 1)) { - // "ldr r0, [r1], 4" is treated as an extra operand after the mem - addr = insn->detail->arm.operands[mem_idx + 1].subtracted - ? SUB(addr, ARG(mem_idx + 1)) - : ADD(addr, ARG(mem_idx + 1)); - writeback_post = true; - } writeback_eff = write_reg(base, addr); if (!writeback_eff) { // 'ldrb r0, [pc, 0x104]!' (0401ffe5) for example is unpredictable. write_reg will return NULL for pc. @@ -895,22 +908,11 @@ static RzILOpEffect *str(cs_insn *insn, bool is_thumb) { if (!addr) { return NULL; } - bool writeback = insn->detail->arm.writeback; - if (ISIMM(mem_idx + 1)) { - // capstone incorrectly sets writeback to false for e.g. 04b0ade4 strt fp, [sp], 4 - writeback = true; - } + bool writeback = insn->detail->writeback; RzILOpEffect *writeback_eff = NULL; - bool writeback_post = false; + bool writeback_post = insn->detail->arm.post_index; if (writeback) { arm_reg base = insn->detail->arm.operands[mem_idx].mem.base; - if (ISIMM(mem_idx + 1)) { - // "str r0, [r1], 4" is treated as an extra operand after the mem - addr = insn->detail->arm.operands[mem_idx + 1].subtracted - ? SUB(addr, ARG(mem_idx + 1)) - : ADD(addr, ARG(mem_idx + 1)); - writeback_post = true; - } writeback_eff = write_reg(base, addr); if (!writeback_eff) { return NULL; @@ -1209,7 +1211,7 @@ static RzILOpEffect *stm(cs_insn *insn, bool is_thumb) { } op_first = 1; ptr_reg = REGID(0); - writeback = insn->detail->arm.writeback; + writeback = insn->detail->writeback; } size_t op_count = OPCOUNT() - op_first; if (!op_count) { @@ -1270,7 +1272,7 @@ static RzILOpEffect *ldm(cs_insn *insn, bool is_thumb) { } op_first = 1; ptr_reg = REGID(0); - writeback = insn->detail->arm.writeback; + writeback = insn->detail->writeback; } size_t op_count = OPCOUNT() - op_first; if (!op_count) { @@ -1476,10 +1478,10 @@ static RzILOpEffect *mla(cs_insn *insn, bool is_thumb) { * ARM: mrs */ static RzILOpEffect *mrs(cs_insn *insn, bool is_thumb) { - if (!ISREG(0) || !ISREG(1)) { + if (!ISREG(0) || !(ISREG(1) || ISPSRFLAGS(1))) { return NULL; } - if (REGID(1) != ARM_REG_CPSR && REGID(1) != ARM_REG_SPSR && REGID(1) != ARM_REG_APSR) { + if (REGID(1) != ARM_REG_CPSR && REGID(1) != ARM_REG_SPSR && REGID(1) != ARM_REG_APSR && !ISPSRFLAGS(1)) { // only these regs supported return NULL; } @@ -1499,26 +1501,26 @@ static RzILOpEffect *mrs(cs_insn *insn, bool is_thumb) { */ static RzILOpEffect *msr(cs_insn *insn, bool is_thumb) { cs_arm_op *dst = &insn->detail->arm.operands[0]; - if (dst->type != ARM_OP_SYSREG) { + if ((dst->type != ARM_OP_SYSREG) && (dst->type != ARM_OP_CPSR) && (dst->type != ARM_OP_SPSR)) { return NULL; } // check if the reg+mask contains any of the flags we have: bool update_f = false; bool update_s = false; switch (dst->reg) { - case ARM_SYSREG_APSR_NZCVQ: + case ARM_MCLASSSYSREG_APSR_NZCVQ: update_f = true; break; - case ARM_SYSREG_APSR_G: + case ARM_MCLASSSYSREG_APSR_G: update_s = true; break; - case ARM_SYSREG_APSR_NZCVQG: + case ARM_MCLASSSYSREG_APSR_NZCVQG: update_f = true; update_s = true; break; default: - update_f = (dst->reg & ARM_SYSREG_CPSR_F) || (dst->reg & ARM_SYSREG_SPSR_F); - update_s = (dst->reg & ARM_SYSREG_CPSR_S) || (dst->reg & ARM_SYSREG_SPSR_S); + update_f = (dst->sysop.psr_bits & ARM_FIELD_CPSR_F) || (dst->sysop.psr_bits & ARM_FIELD_SPSR_F); + update_s = (dst->sysop.psr_bits & ARM_FIELD_CPSR_S) || (dst->sysop.psr_bits & ARM_FIELD_SPSR_S); break; } if (!update_f && !update_s) { @@ -1879,7 +1881,7 @@ static RzILOpEffect *rfe(cs_insn *insn, bool is_thumb) { RzILOpEffect *wb = NULL; bool wordhigher = insn->id == ARM_INS_RFEDA || insn->id == ARM_INS_RFEIB; bool increment = insn->id == ARM_INS_RFEIA || insn->id == ARM_INS_RFEIB; - if (insn->detail->arm.writeback) { + if (insn->detail->writeback) { wb = write_reg(REGID(0), increment ? ADD(DUP(base), U32(8)) : SUB(DUP(base), U32(8))); if (!wb) { @@ -2993,25 +2995,20 @@ static RzILOpEffect *vtst(cs_insn *insn, bool is_thumb) { } static RzILOpEffect *vldn_multiple_elem(cs_insn *insn, bool is_thumb) { - ut32 rm_idx = OPCOUNT() - 1; - ut32 rn_idx; + ut32 mem_idx; ut32 regs = 0; - bool wback = insn->detail->arm.writeback; + bool wback = insn->detail->writeback; bool use_rm_as_wback_offset = false; ut32 group_sz = insn->id - ARM_INS_VLD1 + 1; // vldn {list}, [Rn], Rm - if (!ISMEM(rm_idx)) { - regs = OPCOUNT() - 2; + if (ISPOSTINDEX()) { use_rm_as_wback_offset = true; - } else { - // vldn {list}, [Rn] - rm_idx = -1; - regs = OPCOUNT() - 1; } + regs = OPCOUNT() - 1; // mem_idx - rn_idx = regs; + mem_idx = regs; // assert list_size % n == 0 // assert they were all Dn @@ -3019,11 +3016,11 @@ static RzILOpEffect *vldn_multiple_elem(cs_insn *insn, bool is_thumb) { ut32 elem_bits = VVEC_SIZE(insn); ut32 elem_bytes = elem_bits / 8; ut32 lanes = 64 / elem_bits; - ut32 addr_bits = REG_WIDTH(rn_idx); + ut32 addr_bits = REG_WIDTH(mem_idx); RzILOpEffect *wback_eff = NULL; RzILOpEffect *eff = EMPTY(); - RzILOpBitVector *addr = ARG(rn_idx); + RzILOpBitVector *addr = ISPOSTINDEX() ? MEMBASE(mem_idx) : ARG(mem_idx); for (int i = 0; i < n_groups; ++i) { for (int j = 0; j < lanes; ++j) { @@ -3082,8 +3079,8 @@ static RzILOpEffect *vldn_multiple_elem(cs_insn *insn, bool is_thumb) { // update Rn // if write_back then Rn = Rn + (if use_rm then Rm else 8 * regs) if (wback) { - RzILOpBitVector *new_offset = use_rm_as_wback_offset ? ARG(rm_idx) : UN(32, 8 * regs); - wback_eff = write_reg(REGID(rn_idx), ADD(REG(rn_idx), new_offset)); + RzILOpBitVector *new_offset = use_rm_as_wback_offset ? MEMINDEX(mem_idx) : UN(32, 8 * regs); + wback_eff = write_reg(REGBASE(mem_idx), ADD(MEMBASE(mem_idx), new_offset)); } else { wback_eff = EMPTY(); } @@ -3093,19 +3090,15 @@ static RzILOpEffect *vldn_multiple_elem(cs_insn *insn, bool is_thumb) { #if CS_API_MAJOR > 3 static RzILOpEffect *vldn_single_lane(cs_insn *insn, bool is_thumb) { - ut32 rm_idx = OPCOUNT() - 1; - ut32 rn_idx; - bool use_rm = false; + ut32 mem_idx; + bool use_rm_as_wback_offset = false; ut32 regs; // number of regs in {list} - if (!ISMEM(rm_idx)) { - use_rm = true; - regs = OPCOUNT() - 2; - } else { - rm_idx = -1; - regs = OPCOUNT() - 1; + if (ISPOSTINDEX()) { + use_rm_as_wback_offset = true; } - rn_idx = regs; + regs = OPCOUNT() - 1; + mem_idx = regs; ut32 group_sz = insn->id - ARM_INS_VLD1 + 1; if (group_sz != regs) { @@ -3114,11 +3107,11 @@ static RzILOpEffect *vldn_single_lane(cs_insn *insn, bool is_thumb) { RzILOpBitVector *data0, *data1, *data2, *data3; RzILOpEffect *eff; - RzILOpBitVector *addr = ARG(rn_idx); + RzILOpBitVector *addr = ISPOSTINDEX() ? MEMBASE(mem_idx) : ARG(mem_idx); ut32 vreg_idx = 0; ut32 elem_bits = VVEC_SIZE(insn); ut32 elem_bytes = elem_bits / 8; - ut32 addr_bits = REG_WIDTH(rn_idx); + ut32 addr_bits = REG_WIDTH(mem_idx); // vld1/vld2/vld3/vld4, max(lane_size) == 4 Bytes if (group_sz > 4 || elem_bytes > 4) { @@ -3166,11 +3159,11 @@ static RzILOpEffect *vldn_single_lane(cs_insn *insn, bool is_thumb) { return NULL; } - bool wback = insn->detail->arm.writeback; + bool wback = insn->detail->writeback; RzILOpEffect *wback_eff; if (wback) { - RzILOpBitVector *new_offset = use_rm ? ARG(rm_idx) : UN(32, elem_bytes * group_sz); - wback_eff = write_reg(REGID(rn_idx), ADD(REG(rn_idx), new_offset)); + RzILOpBitVector *new_offset = use_rm_as_wback_offset ? MEMINDEX(mem_idx) : UN(32, (ut64)elem_bytes * group_sz); + wback_eff = write_reg(REGID(mem_idx), ADD(MEMBASE(mem_idx), new_offset)); } else { wback_eff = EMPTY(); } @@ -3180,19 +3173,15 @@ static RzILOpEffect *vldn_single_lane(cs_insn *insn, bool is_thumb) { #endif static RzILOpEffect *vldn_all_lane(cs_insn *insn, bool is_thumb) { - ut32 rm_idx = OPCOUNT() - 1; - ut32 rn_idx; - bool use_rm = false; + ut32 mem_idx; + bool use_rm_as_wback_offset = false; ut32 regs; // number of regs in {list} - if (!ISMEM(rm_idx)) { - use_rm = true; - regs = OPCOUNT() - 2; - } else { - rm_idx = -1; - regs = OPCOUNT() - 1; + if (ISPOSTINDEX()) { + use_rm_as_wback_offset = true; } - rn_idx = regs; + regs = OPCOUNT() - 1; + mem_idx = regs; ut32 group_sz = insn->id - ARM_INS_VLD1 + 1; if (group_sz != regs) { @@ -3201,10 +3190,10 @@ static RzILOpEffect *vldn_all_lane(cs_insn *insn, bool is_thumb) { RzILOpBitVector *data0 = NULL, *data1 = NULL, *data2 = NULL, *data3 = NULL; RzILOpEffect *eff = NULL; - RzILOpBitVector *addr = ARG(rn_idx); + RzILOpBitVector *addr = ISPOSTINDEX() ? MEMBASE(mem_idx) : ARG(mem_idx); ut32 elem_bits = VVEC_SIZE(insn); ut32 elem_bytes = elem_bits / 8; - ut32 addr_bits = REG_WIDTH(rn_idx); + ut32 addr_bits = REG_WIDTH(mem_idx); // vld1/vld2/vld3/vld4, max(lane_size) == 4 Bytes if (group_sz > 4 || elem_bytes > 4) { @@ -3255,11 +3244,11 @@ static RzILOpEffect *vldn_all_lane(cs_insn *insn, bool is_thumb) { return NULL; } - bool wback = insn->detail->arm.writeback; + bool wback = insn->detail->writeback; RzILOpEffect *wback_eff; if (wback) { - RzILOpBitVector *new_offset = use_rm ? ARG(rm_idx) : UN(32, elem_bytes * group_sz); - wback_eff = write_reg(REGID(rn_idx), ADD(REG(rn_idx), new_offset)); + RzILOpBitVector *new_offset = use_rm_as_wback_offset ? MEMINDEX(mem_idx) : UN(32, (ut64)elem_bytes * group_sz); + wback_eff = write_reg(REGID(mem_idx), ADD(MEMBASE(mem_idx), new_offset)); } else { wback_eff = EMPTY(); } @@ -3287,25 +3276,20 @@ static RzILOpEffect *vldn(cs_insn *insn, bool is_thumb) { } static RzILOpEffect *vstn_multiple_elem(cs_insn *insn, bool is_thumb) { - ut32 rm_idx = OPCOUNT() - 1; - ut32 rn_idx; + ut32 mem_idx; ut32 regs = 0; - bool wback = insn->detail->arm.writeback; + bool wback = insn->detail->writeback; bool use_rm_as_wback_offset = false; ut32 group_sz = insn->id - ARM_INS_VST1 + 1; // vldn {list}, [Rn], Rm - if (!ISMEM(rm_idx)) { - regs = OPCOUNT() - 2; + if (ISPOSTINDEX()) { use_rm_as_wback_offset = true; - } else { - // vldn {list}, [Rn] - rm_idx = -1; - regs = OPCOUNT() - 1; } + regs = OPCOUNT() - 1; // mem_idx - rn_idx = regs; + mem_idx = regs; // assert list_size % n == 0 // assert they were all Dn @@ -3313,11 +3297,11 @@ static RzILOpEffect *vstn_multiple_elem(cs_insn *insn, bool is_thumb) { ut32 elem_bits = VVEC_SIZE(insn); ut32 elem_bytes = elem_bits / 8; ut32 lanes = 64 / elem_bits; - ut32 addr_bits = REG_WIDTH(rn_idx); + ut32 addr_bits = REG_WIDTH(mem_idx); RzILOpEffect *wback_eff = NULL; RzILOpEffect *eff = EMPTY(), *eff_ = NULL, *eff__ = NULL; - RzILOpBitVector *addr = ARG(rn_idx); + RzILOpBitVector *addr = ISPOSTINDEX() ? MEMBASE(mem_idx) : ARG(mem_idx); for (int i = 0; i < n_groups; ++i) { for (int j = 0; j < lanes; ++j) { @@ -3372,8 +3356,8 @@ static RzILOpEffect *vstn_multiple_elem(cs_insn *insn, bool is_thumb) { // update Rn // if write_back then Rn = Rn + (if use_rm then Rm else 8 * regs) if (wback) { - RzILOpBitVector *new_offset = use_rm_as_wback_offset ? ARG(rm_idx) : UN(32, 8 * regs); - wback_eff = write_reg(REGID(rn_idx), ADD(REG(rn_idx), new_offset)); + RzILOpBitVector *new_offset = use_rm_as_wback_offset ? MEMINDEX(mem_idx) : UN(32, 8 * regs); + wback_eff = write_reg(REGID(mem_idx), ADD(MEMBASE(mem_idx), new_offset)); } else { wback_eff = EMPTY(); } @@ -3383,19 +3367,15 @@ static RzILOpEffect *vstn_multiple_elem(cs_insn *insn, bool is_thumb) { #if CS_API_MAJOR > 3 static RzILOpEffect *vstn_from_single_lane(cs_insn *insn, bool is_thumb) { - ut32 rm_idx = OPCOUNT() - 1; - ut32 rn_idx; - bool use_rm = false; + ut32 mem_idx; + bool use_rm_as_wback_offset = false; ut32 regs; // number of regs in {list} - if (!ISMEM(rm_idx)) { - use_rm = true; - regs = OPCOUNT() - 2; - } else { - rm_idx = -1; - regs = OPCOUNT() - 1; + if (ISPOSTINDEX()) { + use_rm_as_wback_offset = true; } - rn_idx = regs; + regs = OPCOUNT() - 1; + mem_idx = regs; ut32 group_sz = insn->id - ARM_INS_VST1 + 1; if (group_sz != regs) { @@ -3404,11 +3384,11 @@ static RzILOpEffect *vstn_from_single_lane(cs_insn *insn, bool is_thumb) { RzILOpBitVector *data0, *data1, *data2, *data3; RzILOpEffect *eff, *eff_, *eff__; - RzILOpBitVector *addr = ARG(rn_idx); + RzILOpBitVector *addr = ISPOSTINDEX() ? MEMBASE(mem_idx) : ARG(mem_idx); ut32 vreg_idx = 0; ut32 elem_bits = VVEC_SIZE(insn); ut32 elem_bytes = elem_bits / 8; - ut32 addr_bits = REG_WIDTH(rn_idx); + ut32 addr_bits = REG_WIDTH(mem_idx); if (group_sz > 4 || elem_bytes > 4) { return NULL; @@ -3455,11 +3435,11 @@ static RzILOpEffect *vstn_from_single_lane(cs_insn *insn, bool is_thumb) { return NULL; } - bool wback = insn->detail->arm.writeback; + bool wback = insn->detail->writeback; RzILOpEffect *wback_eff; if (wback) { - RzILOpBitVector *new_offset = use_rm ? ARG(rm_idx) : UN(32, elem_bytes * group_sz); - wback_eff = write_reg(REGID(rn_idx), ADD(REG(rn_idx), new_offset)); + RzILOpBitVector *new_offset = use_rm_as_wback_offset ? MEMINDEX(mem_idx) : UN(32, (ut64)elem_bytes * group_sz); + wback_eff = write_reg(REGID(mem_idx), ADD(MEMBASE(mem_idx), new_offset)); } else { wback_eff = EMPTY(); } @@ -3575,7 +3555,7 @@ static RzILOpEffect *try_as_int_cvt(cs_insn *insn, bool is_thumb, bool *success) bv_sz = cvt_isize(VVEC_DT(insn), &is_signed); ut32 fl_sz = rz_float_get_format_info(is_f2i ? from_fmt : to_fmt, RZ_FLOAT_INFO_TOTAL_LEN); - if (insn->detail->groups[0] != ARM_GRP_NEON) { + if (!rz_arm_cs_is_group_member(insn, ARM_FEATURE_HasNEON)) { // vfp // VCVT.F64.S32/U32
, // VCVT.F32.S32/U32 , @@ -3810,7 +3790,7 @@ static RzILOpEffect *vadd(cs_insn *insn, bool is_thumb) { RzFloatFormat fmt = dt2fmt(dt); bool is_float_vec = fmt == RZ_FLOAT_UNK ? false : true; - if (insn->detail->groups[0] != ARM_GRP_NEON) { + if (!rz_arm_cs_is_group_member(insn, ARM_FEATURE_HasNEON)) { // VFP return write_reg(REGID(0), F2BV(FADD(RZ_FLOAT_RMODE_RNE, @@ -3857,7 +3837,7 @@ static RzILOpEffect *vsub(cs_insn *insn, bool is_thumb) { RzFloatFormat fmt = dt2fmt(dt); bool is_float_vec = fmt == RZ_FLOAT_UNK ? false : true; - if (insn->detail->groups[0] != ARM_GRP_NEON) { + if (!rz_arm_cs_is_group_member(insn, ARM_FEATURE_HasNEON)) { // VFP return write_reg(REGID(0), F2BV(FSUB(RZ_FLOAT_RMODE_RNE, @@ -3902,7 +3882,7 @@ static RzILOpEffect *vmul(cs_insn *insn, bool is_thumb) { arm_vectordata_type dt = VVEC_DT(insn); RzFloatFormat fmt = dt2fmt(dt); - if (insn->detail->groups[0] != ARM_GRP_NEON) { + if (!rz_arm_cs_is_group_member(insn, ARM_FEATURE_HasNEON)) { // VFP fmul return write_reg(REGID(0), F2BV(FMUL(RZ_FLOAT_RMODE_RNE, @@ -3999,7 +3979,7 @@ static RzILOpEffect *vabs(cs_insn *insn, bool is_thumb) { return NULL; } - if (insn->detail->groups[0] == ARM_GRP_NEON) { + if (rz_arm_cs_is_group_member(insn, ARM_FEATURE_HasNEON)) { // not implement return NULL; } @@ -4039,7 +4019,6 @@ static RzILOpEffect *il_unconditional(csh *handle, cs_insn *insn, bool is_thumb) case ARM_INS_PLD: case ARM_INS_PLDW: case ARM_INS_PLI: - case ARM_INS_YIELD: // barriers/synchronization case ARM_INS_DMB: case ARM_INS_DSB: @@ -4151,9 +4130,11 @@ static RzILOpEffect *il_unconditional(csh *handle, cs_insn *insn, bool is_thumb) case ARM_INS_STMDA: case ARM_INS_STMDB: case ARM_INS_PUSH: + case ARM_INS_VPUSH: case ARM_INS_STMIB: return stm(insn, is_thumb); case ARM_INS_POP: + case ARM_INS_VPOP: case ARM_INS_LDM: case ARM_INS_LDMDA: case ARM_INS_LDMDB: @@ -4312,11 +4293,9 @@ static RzILOpEffect *il_unconditional(csh *handle, cs_insn *insn, bool is_thumb) // Advanced SIMD and Floating-point case ARM_INS_VSTMIA: case ARM_INS_VSTMDB: - case ARM_INS_VPUSH: return stm(insn, is_thumb); case ARM_INS_VLDMIA: case ARM_INS_VLDMDB: - case ARM_INS_VPOP: return ldm(insn, is_thumb); #if CS_API_MAJOR > 4 case ARM_INS_VMOVL: diff --git a/librz/analysis/arch/ppc/ppc_analysis.h b/librz/analysis/arch/ppc/ppc_analysis.h index a72cdbe6daf..b83ab509982 100644 --- a/librz/analysis/arch/ppc/ppc_analysis.h +++ b/librz/analysis/arch/ppc/ppc_analysis.h @@ -4,10 +4,10 @@ #ifndef PPC_ANALYSIS_H #define PPC_ANALYSIS_H -#define INSOPS insn->detail->ppc.op_count -#define INSOP(n) insn->detail->ppc.operands[n] -#define OP_CNT insn->detail->ppc.op_count -#define IMM(x) (ut64)(insn->detail->ppc.operands[x].imm) +#define PPC_DETAIL(insn) insn->detail->ppc +#define INSOP(n) insn->detail->ppc.operands[n] +#define OP_CNT insn->detail->ppc.op_count +#define IMM(x) (ut64)(insn->detail->ppc.operands[x].imm) #define PPC_IN_BE_MODE (mode & CS_MODE_BIG_ENDIAN) // Capstone does not extract the BO or BI fields of instructions. So we do it manually. diff --git a/librz/analysis/arch/ppc/ppc_il.c b/librz/analysis/arch/ppc/ppc_il.c index faf73a567db..5bc9662e66e 100644 --- a/librz/analysis/arch/ppc/ppc_il.c +++ b/librz/analysis/arch/ppc/ppc_il.c @@ -2,6 +2,7 @@ // SPDX-License-Identifier: LGPL-3.0-only #include "ppc_il.h" +#include "capstone.h" #include "ppc_analysis.h" #include #include @@ -11,7 +12,6 @@ #include #include #include -#include RZ_IPI RzAnalysisILConfig *rz_ppc_cs_64_il_config(bool big_endian) { RzAnalysisILConfig *r = rz_analysis_il_config_new(64, big_endian, 64); @@ -87,8 +87,10 @@ RZ_IPI st32 ppc_get_mem_acc_size(ut32 insn_id) { default: RZ_LOG_INFO("Memory access size for instruction %d requested. But it is not in the switch case.\n", insn_id); return -1; +#if CS_NEXT_VERSION < 6 case PPC_INS_LI: case PPC_INS_LIS: +#endif // Doesn't read from memory. return 0; case PPC_INS_LBZ: @@ -230,6 +232,23 @@ RZ_IPI bool ppc_is_algebraic(ut32 insn_id) { } } +/** + * \brief Returns true if the given branch instruction sets the LR register. + * + * \param insn_id The instruction id. + * \return bool True if the branch instruction writes the LR register. False otherwise. + */ +RZ_IPI bool ppc_insn_sets_lr(const cs_insn *insn) { + rz_return_val_if_fail(insn, false); + for (int i = 0; i < insn->detail->regs_write_count; ++i) { + ppc_reg reg = insn->detail->regs_write[i]; + if (reg == PPC_REG_LR) { + return true; + } + } + return false; +} + /** * \brief Returns true if the given branch instruction sets the LR register. * @@ -240,7 +259,7 @@ RZ_IPI bool ppc_sets_lr(ut32 insn_id) { switch (insn_id) { default: return false; -#if CS_API_MAJOR > 4 +#if CS_API_MAJOR == 5 && CS_NEXT_VERSION < 6 case PPC_INS_BEQCTRL: case PPC_INS_BFCTRL: case PPC_INS_BGECTRL: @@ -258,11 +277,8 @@ RZ_IPI bool ppc_sets_lr(ut32 insn_id) { case PPC_INS_BGEL: case PPC_INS_BGELRL: case PPC_INS_BGELA: -#endif - case PPC_INS_BCCTRL: - case PPC_INS_BCL: - case PPC_INS_BCLRL: - case PPC_INS_BCTRL: + case PPC_INS_BDNZTL: + case PPC_INS_BDNZTLA: case PPC_INS_BDNZL: case PPC_INS_BDNZLA: case PPC_INS_BDNZLRL: @@ -281,10 +297,30 @@ RZ_IPI bool ppc_sets_lr(ut32 insn_id) { case PPC_INS_BDZTLA: case PPC_INS_BDZFL: case PPC_INS_BDZFLA: +#endif + case PPC_INS_BCCTRL: + case PPC_INS_BCL: + case PPC_INS_BCLRL: + case PPC_INS_BCTRL: + case PPC_INS_BL: + case PPC_INS_BLA: + case PPC_INS_BLRL: + case PPC_INS_BCLA: return true; } } +/** + * \brief Returns true if the given branch instruction is conditional. + * + * \param insn_id The instruction id. + * \return bool True if the branch instruction only branches if a condition is met. False otherwise. + */ +RZ_IPI bool ppc_insn_is_conditional(const cs_insn *insn) { + rz_return_val_if_fail(insn, false); + return PPC_DETAIL(insn).bc.pred_cr != PPC_PRED_INVALID || PPC_DETAIL(insn).bc.pred_ctr != PPC_PRED_INVALID; +} + /** * \brief Returns true if the given branch instruction is conditional. * @@ -295,7 +331,15 @@ RZ_IPI bool ppc_is_conditional(ut32 insn_id) { switch (insn_id) { default: return false; -#if CS_API_MAJOR > 4 + case PPC_INS_BC: + case PPC_INS_BCCTR: + case PPC_INS_BCCTRL: + case PPC_INS_BCL: + case PPC_INS_BCLR: + case PPC_INS_BCLRL: + case PPC_INS_BCA: + case PPC_INS_BCLA: +#if CS_API_MAJOR == 5 && CS_NEXT_VERSION < 6 case PPC_INS_BEQ: case PPC_INS_BEQA: case PPC_INS_BF: @@ -330,27 +374,6 @@ RZ_IPI bool ppc_is_conditional(ut32 insn_id) { case PPC_INS_BGELRL: case PPC_INS_BGECTR: case PPC_INS_BGECTRL: -#endif - case PPC_INS_BC: - case PPC_INS_BCCTR: - case PPC_INS_BCCTRL: - case PPC_INS_BCL: - case PPC_INS_BCLR: - case PPC_INS_BCLRL: - case PPC_INS_BCA: - case PPC_INS_BCLA: - case PPC_INS_BDNZ: - case PPC_INS_BDNZA: - case PPC_INS_BDNZL: - case PPC_INS_BDNZLA: - case PPC_INS_BDNZLR: - case PPC_INS_BDNZLRL: - case PPC_INS_BDZ: - case PPC_INS_BDZA: - case PPC_INS_BDZL: - case PPC_INS_BDZLA: - case PPC_INS_BDZLR: - case PPC_INS_BDZLRL: case PPC_INS_BDNZT: case PPC_INS_BDNZTL: case PPC_INS_BDNZTA: @@ -367,6 +390,16 @@ RZ_IPI bool ppc_is_conditional(ut32 insn_id) { case PPC_INS_BDZFA: case PPC_INS_BDZFL: case PPC_INS_BDZFLA: + case PPC_INS_BDNZ: + case PPC_INS_BDNZA: + case PPC_INS_BDNZLR: + case PPC_INS_BDNZLRL: + case PPC_INS_BDZ: + case PPC_INS_BDZA: + case PPC_INS_BDZLA: + case PPC_INS_BDZLR: + case PPC_INS_BDZLRL: +#endif return true; } } @@ -395,6 +428,7 @@ RZ_IPI bool ppc_moves_to_spr(ut32 insn_id) { case PPC_INS_MTSR: case PPC_INS_MTSRIN: case PPC_INS_MTVSCR: +#if CS_NEXT_VERSION < 6 case PPC_INS_MTCR: case PPC_INS_MTBR0: case PPC_INS_MTBR1: @@ -427,6 +461,7 @@ RZ_IPI bool ppc_moves_to_spr(ut32 insn_id) { case PPC_INS_MTESR: case PPC_INS_MTSPEFSCR: case PPC_INS_MTTCR: +#endif case PPC_INS_MFSRIN: return true; } @@ -441,21 +476,24 @@ RZ_IPI bool ppc_moves_to_spr(ut32 insn_id) { */ RZ_IPI bool ppc_decrements_ctr(RZ_BORROW cs_insn *insn, const cs_mode mode) { rz_return_val_if_fail(insn, false); +#if CS_NEXT_VERSION >= 6 + return cs_ppc_bc_decr_ctr(PPC_DETAIL(insn).bc.bo); +#else ut32 id = insn->id; switch (id) { default: return false; -#if CS_API_MAJOR > 4 - case PPC_INS_BGEL: - case PPC_INS_BGELA: -#endif case PPC_INS_BC: case PPC_INS_BCL: case PPC_INS_BCA: case PPC_INS_BCLA: case PPC_INS_BCLR: case PPC_INS_BCLRL: +#if CS_API_MAJOR == 5 + case PPC_INS_BGEL: + case PPC_INS_BGELA: +#endif case PPC_INS_BDNZ: case PPC_INS_BDNZA: case PPC_INS_BDNZL: @@ -487,6 +525,7 @@ RZ_IPI bool ppc_decrements_ctr(RZ_BORROW cs_insn *insn, const cs_mode mode) { case PPC_INS_BDZFLA: return true; } +#endif } // @@ -589,6 +628,7 @@ RZ_IPI ut32 ppc_fmx_to_mask(const ut8 fmx) { (fmx & 0x01 ? x : 0)); } +#if CS_NEXT_VERSION < 6 static const char *get_crx_reg(const csh handle, cs_insn *insn, size_t n) { #if CS_API_MAJOR == 5 && CS_API_MINOR == 0 // bug on crx not being populated in capstone v5.0 @@ -629,13 +669,14 @@ static ut32 get_crx_cond(const csh handle, cs_insn *insn, size_t n) { return INSOP(n).crx.cond; #endif } +#endif /** * \brief Get the branch condition for a given instruction. * Checkout the "Simple Branch Mnemonics" in Appendix C in PowerISA v3.1B and * the chapter about branch instructions for an overview of possible conditions. * - * NODE: This function *does not* decrement CTR, if required by the instruction. + * NOTE: This function *does not* decrement CTR, if required by the instruction. * This should have been done before. * * \param insn The capstone instructions. @@ -646,16 +687,25 @@ RZ_IPI RZ_OWN RzILOpPure *ppc_get_branch_cond(const csh handle, RZ_BORROW cs_ins rz_return_val_if_fail(insn, NULL); ut32 id = insn->id; +#if CS_NEXT_VERSION >= 6 + ut8 bi = PPC_DETAIL(insn).bc.bi; + ut8 bo = PPC_DETAIL(insn).bc.bo; + RzILOpBool *decr_ctr = cs_ppc_bc_decr_ctr(bo) ? IL_TRUE : IL_FALSE; + RzILOpBool *test_cr_bit = cs_ppc_bc_cr_is_tested(bo) ? IL_TRUE : IL_FALSE; + RzILOpBool *check_ctr_is_zero = cs_ppc_bc_tests_ctr_is_zero(bo) ? IL_TRUE : IL_FALSE; + RzILOpBool *check_cr_bit_is_one = cs_ppc_bc_cr_bit_is_one(bo) ? IL_TRUE : IL_FALSE; +#else ut8 bo = PPC_READ_BO_FIELD; ut8 bi = PPC_READ_BI_FIELD; - RzILOpPure *ctr_ok; - RzILOpPure *cond_ok; RzILOpPure *bo_0; RzILOpPure *bo_1; RzILOpPure *bo_2; RzILOpPure *bo_3; RzILOpPure *cr; RzILOpPure *cr_bit; +#endif + RzILOpPure *ctr_cond_fullfilled; + RzILOpPure *cr_cond_fullfilled; switch (id) { default: @@ -663,7 +713,7 @@ RZ_IPI RZ_OWN RzILOpPure *ppc_get_branch_cond(const csh handle, RZ_BORROW cs_ins return IL_FALSE; // For learning how the conditions of BCxxx branch instructions are // formed see the Power ISA -#if CS_API_MAJOR > 4 +#if CS_API_MAJOR == 5 && CS_NEXT_VERSION < 6 case PPC_INS_BEQ: case PPC_INS_BEQA: case PPC_INS_BF: @@ -703,6 +753,11 @@ RZ_IPI RZ_OWN RzILOpPure *ppc_get_branch_cond(const csh handle, RZ_BORROW cs_ins case PPC_INS_BCLA: case PPC_INS_BCLR: case PPC_INS_BCLRL: +#if CS_NEXT_VERSION >= 6 + ctr_cond_fullfilled = ITE(decr_ctr, XOR(NON_ZERO(VARG("ctr")), check_ctr_is_zero), IL_TRUE); + cr_cond_fullfilled = ITE(test_cr_bit, XOR(get_cr_bit(bi + 32), INV(check_cr_bit_is_one)), IL_TRUE); + return AND(ctr_cond_fullfilled, cr_cond_fullfilled); +#else // BO_2 == 0: Decrement CTR // BO_2 == 1: Don't use CTR bo_2 = NON_ZERO(LOGAND(UN(5, 0b00100), VARLP("bo"))); @@ -710,7 +765,7 @@ RZ_IPI RZ_OWN RzILOpPure *ppc_get_branch_cond(const csh handle, RZ_BORROW cs_ins // BO_3 == 0: Check CTR != 0 // BO_3 == 1: Check CTR == 0 bo_3 = NON_ZERO(LOGAND(UN(5, 0b00010), VARLP("bo"))); - ctr_ok = OR(bo_2, XOR(NON_ZERO(VARG("ctr")), bo_3)); // BO_2 | (CTR_M:63 ≠ 0) ⊕ BO_3 + ctr_cond_fullfilled = OR(bo_2, XOR(NON_ZERO(VARG("ctr")), bo_3)); // BO_2 | (CTR_M:63 ≠ 0) ⊕ BO_3 // BO_0 == 0: Check CR_bi // BO_0 == 1: Don't check CR_bi @@ -719,12 +774,12 @@ RZ_IPI RZ_OWN RzILOpPure *ppc_get_branch_cond(const csh handle, RZ_BORROW cs_ins // BO_1 == 0: Check CR_bi == 0 // BO_1 == 1: Check CR_bi == 1 bo_1 = NON_ZERO(LOGAND(UN(5, 0b01000), VARLP("bo"))); - cond_ok = OR(bo_0, XOR(get_cr_bit(bi + 32), INV(bo_1))); // BO_0 | (CR_BI+32 ≡ BO_1) - - return LET("bo", UN(5, bo), AND(cond_ok, ctr_ok)); + cr_cond_fullfilled = OR(bo_0, XOR(get_cr_bit(bi + 32), INV(bo_1))); // BO_0 | (CR_BI+32 ≡ BO_1) + return LET("bo", UN(5, bo), AND(cr_cond_fullfilled, ctr_cond_fullfilled)); +#endif case PPC_INS_BCCTR: case PPC_INS_BCCTRL: -#if CS_API_MAJOR > 4 +#if CS_API_MAJOR == 5 && CS_NEXT_VERSION < 6 case PPC_INS_BEQCTR: case PPC_INS_BEQCTRL: case PPC_INS_BFCTR: @@ -754,11 +809,15 @@ RZ_IPI RZ_OWN RzILOpPure *ppc_get_branch_cond(const csh handle, RZ_BORROW cs_ins case PPC_INS_BGECTR: case PPC_INS_BGECTRL: #endif +#if CS_NEXT_VERSION >= 6 + cr_cond_fullfilled = AND(test_cr_bit, XOR(get_cr_bit(bi + 32), INV(check_cr_bit_is_one))); + return cr_cond_fullfilled; +#else bo_0 = NON_ZERO(LOGAND(UN(5, 0b10000), VARLP("bo"))); bo_1 = NON_ZERO(LOGAND(UN(5, 0b01000), VARLP("bo"))); - cond_ok = OR(bo_0, XOR(get_cr_bit(bi + 32), INV(bo_1))); // BO_0 | (CR_BI+32 ≡ BO_1) + cr_cond_fullfilled = OR(bo_0, XOR(get_cr_bit(bi + 32), INV(bo_1))); // BO_0 | (CR_BI+32 ≡ BO_1) - return LET("bo", UN(5, bo), cond_ok); + return LET("bo", UN(5, bo), cr_cond_fullfilled); // CTR != 0 case PPC_INS_BDNZ: case PPC_INS_BDNZA: @@ -822,6 +881,7 @@ RZ_IPI RZ_OWN RzILOpPure *ppc_get_branch_cond(const csh handle, RZ_BORROW cs_ins return AND(IS_ZERO(VARG("ctr")), IS_ZERO(LOGAND(cr, cr_bit))); } return AND(NON_ZERO(VARG("ctr")), IS_ZERO(LOGAND(cr, cr_bit))); +#endif } } @@ -858,6 +918,7 @@ RZ_IPI RZ_OWN RzILOpPure *ppc_get_branch_ta(RZ_BORROW cs_insn *insn, const cs_mo case PPC_INS_BLA: case PPC_INS_BCA: case PPC_INS_BCLA: +#if CS_NEXT_VERSION < 6 case PPC_INS_BDNZTA: case PPC_INS_BDNZTLA: case PPC_INS_BDNZFA: @@ -866,9 +927,10 @@ RZ_IPI RZ_OWN RzILOpPure *ppc_get_branch_ta(RZ_BORROW cs_insn *insn, const cs_mo case PPC_INS_BDZTLA: case PPC_INS_BDZFA: case PPC_INS_BDZFLA: +#endif // EXTS(LI || 0b00) // Branch to relative address -#if CS_API_MAJOR > 4 +#if CS_API_MAJOR == 5 && CS_NEXT_VERSION < 6 case PPC_INS_BEQ: case PPC_INS_BEQA: case PPC_INS_BF: @@ -900,6 +962,7 @@ RZ_IPI RZ_OWN RzILOpPure *ppc_get_branch_ta(RZ_BORROW cs_insn *insn, const cs_mo #endif case PPC_INS_B: case PPC_INS_BL: +#if CS_NEXT_VERSION < 6 case PPC_INS_BDZF: case PPC_INS_BDZFL: case PPC_INS_BDZT: @@ -908,23 +971,29 @@ RZ_IPI RZ_OWN RzILOpPure *ppc_get_branch_ta(RZ_BORROW cs_insn *insn, const cs_mo case PPC_INS_BDNZFL: case PPC_INS_BDNZT: case PPC_INS_BDNZTL: +#endif // CIA + EXTS(LI || 0b00) if (insn->detail->ppc.op_count == 2) { return UA(INSOP(1).imm); } else { return UA(INSOP(0).imm); } +#if CS_NEXT_VERSION < 6 case PPC_INS_BDZA: case PPC_INS_BDZLA: case PPC_INS_BDNZA: case PPC_INS_BDNZLA: +#endif // EXTS(BD || 0b00) -#if CS_API_MAJOR > 4 +#if CS_API_MAJOR == 5 && CS_NEXT_VERSION < 6 case PPC_INS_BGEL: case PPC_INS_BGELA: #endif case PPC_INS_BC: case PPC_INS_BCL: +#if CS_NEXT_VERSION >= 6 + return UA(INSOP(2).imm); +#else case PPC_INS_BDZ: case PPC_INS_BDZL: case PPC_INS_BDNZ: @@ -936,8 +1005,9 @@ RZ_IPI RZ_OWN RzILOpPure *ppc_get_branch_ta(RZ_BORROW cs_insn *insn, const cs_mo } else { return UA(INSOP(0).imm); } +#endif // Branch to LR -#if CS_API_MAJOR > 4 +#if CS_API_MAJOR == 5 && CS_NEXT_VERSION < 6 case PPC_INS_BEQLR: case PPC_INS_BEQLRL: case PPC_INS_BLELR: @@ -950,15 +1020,17 @@ RZ_IPI RZ_OWN RzILOpPure *ppc_get_branch_ta(RZ_BORROW cs_insn *insn, const cs_mo case PPC_INS_BLR: case PPC_INS_BLRL: case PPC_INS_BCLR: - case PPC_INS_BDZLR: case PPC_INS_BCLRL: +#if CS_NEXT_VERSION < 6 + case PPC_INS_BDZLR: case PPC_INS_BDZLRL: case PPC_INS_BDNZLR: case PPC_INS_BDNZLRL: +#endif // LR_0:61 || 0b00 return LOGAND(UA(-4), VARG("lr")); // Branch to CTR -#if CS_API_MAJOR > 4 +#if CS_API_MAJOR == 5 && CS_NEXT_VERSION < 6 case PPC_INS_BEQCTR: case PPC_INS_BEQCTRL: case PPC_INS_BFCTR: diff --git a/librz/analysis/arch/ppc/ppc_il.h b/librz/analysis/arch/ppc/ppc_il.h index 7871414cefd..b603e8ed988 100644 --- a/librz/analysis/arch/ppc/ppc_il.h +++ b/librz/analysis/arch/ppc/ppc_il.h @@ -163,7 +163,9 @@ RZ_IPI st32 ppc_get_mem_acc_size(ut32 insn_id); RZ_IPI bool ppc_updates_ra_with_ea(ut32 insn_id); RZ_IPI bool ppc_is_algebraic(ut32 insn_id); RZ_IPI bool ppc_sets_lr(ut32 insn_id); +RZ_IPI bool ppc_insn_sets_lr(const cs_insn *insn); RZ_IPI bool ppc_is_conditional(ut32 insn_id); +RZ_IPI bool ppc_insn_is_conditional(const cs_insn *insn); RZ_IPI bool ppc_moves_to_spr(ut32 insn_id); RZ_IPI bool ppc_is_mul_div_d(const ut32 id, const cs_mode mode); RZ_IPI bool ppc_is_mul_div_u(const ut32 id); diff --git a/librz/analysis/arch/ppc/ppc_il_ops.c b/librz/analysis/arch/ppc/ppc_il_ops.c index c74a92d982f..f39aab2172d 100644 --- a/librz/analysis/arch/ppc/ppc_il_ops.c +++ b/librz/analysis/arch/ppc/ppc_il_ops.c @@ -1,7 +1,6 @@ // SPDX-FileCopyrightText: 2022 Rot127 // SPDX-License-Identifier: LGPL-3.0-only -#include "opcode/ppc.h" #include "ppc_il.h" #include "ppc_analysis.h" #include "rz_types_base.h" @@ -16,9 +15,15 @@ static RzILOpEffect *load_op(RZ_BORROW csh handle, RZ_BORROW cs_insn *insn, cons // READ const char *rT = cs_reg_name(handle, INSOP(0).reg); const char *rA = cs_reg_name(handle, INSOP(1).mem.base); +#if CS_NEXT_VERSION < 6 const char *rB = cs_reg_name(handle, INSOP(2).reg); +#else + const char *rB = cs_reg_name(handle, INSOP(1).mem.offset); +#endif st64 d = INSOP(1).mem.disp; // RA = base ; D = Disposition +#if CS_NEXT_VERSION < 6 st64 sI = INSOP(1).imm; // liX instructions (alias for addX). +#endif bool update_ra = ppc_updates_ra_with_ea(id); // Save ea in RA? ut32 mem_acc_size = ppc_get_mem_acc_size(id); RzILOpPure *base; @@ -44,6 +49,7 @@ static RzILOpEffect *load_op(RZ_BORROW csh handle, RZ_BORROW cs_insn *insn, cons switch (id) { default: NOT_IMPLEMENTED; +#if CS_NEXT_VERSION < 6 case PPC_INS_LI: // RT = sI into_rt = EXTEND(PPC_ARCH_BITS, SN(16, sI)); update_ra = false; @@ -52,6 +58,7 @@ static RzILOpEffect *load_op(RZ_BORROW csh handle, RZ_BORROW cs_insn *insn, cons into_rt = EXTEND(PPC_ARCH_BITS, APPEND(SN(16, sI), U16(0))); update_ra = false; break; +#endif case PPC_INS_LA: // RT = EA NOT_IMPLEMENTED; case PPC_INS_LBZ: @@ -83,7 +90,11 @@ static RzILOpEffect *load_op(RZ_BORROW csh handle, RZ_BORROW cs_insn *insn, cons case PPC_INS_LWZCIX: case PPC_INS_LDCIX: #endif +#if CS_NEXT_VERSION >= 6 + base = VARG(rA); +#else base = rA ? VARG(rA) : NULL; +#endif if (ppc_is_x_form(id)) { disp = VARG(rB); } else { @@ -107,7 +118,11 @@ static RzILOpEffect *load_op(RZ_BORROW csh handle, RZ_BORROW cs_insn *insn, cons case PPC_INS_LHBRX: case PPC_INS_LWBRX: case PPC_INS_LDBRX: +#if CS_NEXT_VERSION >= 6 + base = VARG(rA); +#else base = rA ? VARG(rA) : NULL; +#endif disp = VARG(rB); ea = base ? ADD(base, disp) : disp; @@ -204,7 +219,11 @@ static RzILOpEffect *store_op(RZ_BORROW csh handle, RZ_BORROW cs_insn *insn, con // READ const char *rS = cs_reg_name(handle, INSOP(0).reg); const char *rA = cs_reg_name(handle, INSOP(1).mem.base); +#if CS_NEXT_VERSION < 6 const char *rB = cs_reg_name(handle, INSOP(2).reg); +#else + const char *rB = cs_reg_name(handle, INSOP(1).mem.offset); +#endif st64 d = INSOP(1).mem.disp; // RA = base ; D = Disposition bool update_ra = ppc_updates_ra_with_ea(id); // Save ea in RA? ut32 mem_acc_size = ppc_get_mem_acc_size(id); @@ -223,9 +242,15 @@ static RzILOpEffect *store_op(RZ_BORROW csh handle, RZ_BORROW cs_insn *insn, con NOT_IMPLEMENTED; case PPC_INS_DCBZ: { ut32 r = ppc_log_2(DCACHE_LINE_SIZE); +#if CS_NEXT_VERSION >= 6 + rA = cs_reg_name(handle, INSOP(0).mem.base); + rB = cs_reg_name(handle, INSOP(0).mem.offset); + base = VARG(rA); +#else rA = cs_reg_name(handle, INSOP(0).reg); rB = cs_reg_name(handle, INSOP(1).reg); base = rA ? VARG(rA) : NULL; +#endif ea = base ? ADD(base, VARG(rB)) : VARG(rB); // Align EA @@ -256,7 +281,11 @@ static RzILOpEffect *store_op(RZ_BORROW csh handle, RZ_BORROW cs_insn *insn, con case PPC_INS_STWCIX: case PPC_INS_STDCIX: #endif +#if CS_NEXT_VERSION >= 6 + base = VARG(rA); +#else base = rA ? VARG(rA) : NULL; +#endif if (ppc_is_x_form(id)) { disp = VARG(rB); } else { @@ -336,6 +365,16 @@ static RzILOpEffect *add_sub_op(RZ_BORROW csh handle, RZ_BORROW cs_insn *insn, b // I/M/Z Immediate, Minus one, Zero extend, // C/E/S Carry (sets it), Extends (adds carry it), Shift immediate + // Handle Add alias + switch (insn->alias_id) { + default: + break; + case PPC_INS_ALIAS_LI: // RT = sI + return SETG(rT, EXTEND(PPC_ARCH_BITS, SN(16, sI))); + case PPC_INS_ALIAS_LIS: // RT = SI << 16 + return SETG(rT, EXTEND(PPC_ARCH_BITS, APPEND(SN(16, sI), U16(0)))); + } + // EXEC switch (id) { default: @@ -436,7 +475,7 @@ static RzILOpEffect *compare_op(RZ_BORROW csh handle, RZ_BORROW cs_insn *insn, c bool signed_cmp = false; -#if CS_API_MAJOR > 4 +#if CS_API_MAJOR == 5 && CS_NEXT_VERSION < 6 // weird bug on cmp/cmpl in capstone v5 if (id == PPC_INS_CMP) { if (!strcmp(insn->mnemonic, "cmpw")) { @@ -474,6 +513,13 @@ static RzILOpEffect *compare_op(RZ_BORROW csh handle, RZ_BORROW cs_insn *insn, c #endif // READ +#if CS_NEXT_VERSION >= 6 + // Uses REAL instruction operand set. + crX = cs_reg_name(handle, INSOP(0).reg); + rA = cs_reg_name(handle, INSOP(1).reg); + rB = cs_reg_name(handle, INSOP(2).reg); + imm = INSOP(2).imm; +#else // cr0 reg is not explicitly stored in the operands list. if (OP_CNT == 2) { crX = "cr0"; @@ -486,6 +532,7 @@ static RzILOpEffect *compare_op(RZ_BORROW csh handle, RZ_BORROW cs_insn *insn, c rB = cs_reg_name(handle, INSOP(2).reg); imm = INSOP(2).imm; } +#endif // How to read instruction ids: // Letter Meaning @@ -531,7 +578,7 @@ static RzILOpEffect *compare_op(RZ_BORROW csh handle, RZ_BORROW cs_insn *insn, c return ret; } -#if CS_API_MAJOR > 4 +#if CS_API_MAJOR == 5 && CS_NEXT_VERSION < 6 // bug on xori in capstone v5 static bool is_xnop(cs_insn *insn) { return insn->id == PPC_INS_XNOP && @@ -543,7 +590,7 @@ static bool is_xnop(cs_insn *insn) { static RzILOpEffect *bitwise_op(RZ_BORROW csh handle, RZ_BORROW cs_insn *insn, const cs_mode mode) { rz_return_val_if_fail(handle && insn, EMPTY()); -#if CS_API_MAJOR > 4 +#if CS_API_MAJOR == 5 && CS_NEXT_VERSION < 6 if (is_xnop(insn)) { return NOP(); } @@ -582,7 +629,6 @@ static RzILOpEffect *bitwise_op(RZ_BORROW csh handle, RZ_BORROW cs_insn *insn, c } res = LOGAND(op0, op1); break; - case PPC_INS_MR: case PPC_INS_OR: case PPC_INS_ORC: case PPC_INS_ORI: @@ -590,14 +636,12 @@ static RzILOpEffect *bitwise_op(RZ_BORROW csh handle, RZ_BORROW cs_insn *insn, c op0 = VARG(rS); if (id == PPC_INS_OR || id == PPC_INS_ORC) { op1 = (id == PPC_INS_OR) ? VARG(rB) : LOGNOT(VARG(rB)); - } else if (id == PPC_INS_MR) { - op1 = DUP(op0); // Extended Mnemonic for `or RA, RS, RS` } else { op1 = (id == PPC_INS_ORI) ? EXTZ(U16(uI)) : EXTZ(APPEND(U16(uI), U16(0))); } res = LOGOR(op0, op1); break; -#if CS_API_MAJOR > 4 +#if CS_NEXT_VERSION < 6 // bug on xori in capstone v5 case PPC_INS_XNOP: op0 = VARG(rS); @@ -704,8 +748,12 @@ static RzILOpEffect *bitwise_op(RZ_BORROW csh handle, RZ_BORROW cs_insn *insn, c static RzILOpEffect *branch_op(RZ_BORROW csh handle, RZ_BORROW cs_insn *insn, const cs_mode mode) { rz_return_val_if_fail(handle && insn, EMPTY()); +#if CS_NEXT_VERSION >= 6 + bool is_conditional = ppc_insn_is_conditional(insn); +#else ut32 id = insn->id; bool is_conditional = ppc_is_conditional(id); +#endif RzILOpEffect *set_cia; // Current instruction address RzILOpEffect *set_nia; // Next instruction address RzILOpEffect *set_lr; // Set Link Register @@ -726,7 +774,11 @@ static RzILOpEffect *branch_op(RZ_BORROW csh handle, RZ_BORROW cs_insn *insn, co } set_cia = SETL("CIA", UA(insn->address)); +#if CS_NEXT_VERSION >= 6 + set_lr = ppc_insn_sets_lr(insn) ? SETG("lr", ADD(VARL("CIA"), UA(4))) : EMPTY(); +#else set_lr = ppc_sets_lr(id) ? SETG("lr", ADD(VARL("CIA"), UA(4))) : EMPTY(); +#endif decr_ctr = ppc_decrements_ctr(insn, mode) ? SETG("ctr", SUB(VARG("ctr"), UA(1))) : EMPTY(); return SEQ5(set_cia, decr_ctr, set_lr, set_nia, JMP(VARL("NIA"))); @@ -823,9 +875,21 @@ static RzILOpEffect *move_from_to_spr_op(RZ_BORROW csh handle, RZ_BORROW cs_insn rz_return_val_if_fail(handle && insn, EMPTY()); ut32 id = insn->id; +#if CS_NEXT_VERSION >= 6 + const char *rS; + const char *rT; + if (insn->id == PPC_INS_MFSPR || insn->id == PPC_INS_MTSPR) { + rT = cs_reg_name(handle, INSOP(0).reg); + rS = cs_reg_name(handle, INSOP(1).reg); + } else { + rS = cs_reg_name(handle, INSOP(0).reg); + rT = cs_reg_name(handle, INSOP(0).reg); + } +#else const char *rS = cs_reg_name(handle, INSOP(0).reg); const char *rT = cs_reg_name(handle, INSOP(0).reg); - const char *spr_name; +#endif + const char *spr_name = ""; // Some registers need to assemble the value before it is read or written (e.g. XER with all its bits). // Leave it NULL if the value of the SPR or RS should be used. RzILOpEffect *set_val = NULL; @@ -848,7 +912,6 @@ static RzILOpEffect *move_from_to_spr_op(RZ_BORROW csh handle, RZ_BORROW cs_insn case PPC_INS_MTMSR: case PPC_INS_MTMSRD: NOT_IMPLEMENTED; - case PPC_INS_MTCR: case PPC_INS_MTCRF: { ut32 mask = 0xffffffff; if (id == PPC_INS_MTCRF) { @@ -884,6 +947,12 @@ static RzILOpEffect *move_from_to_spr_op(RZ_BORROW csh handle, RZ_BORROW cs_insn break; case PPC_INS_MFSPR: case PPC_INS_MTSPR: { + if (insn->alias_id == PPC_INS_ALIAS_MTXER) { + return ppc_set_xer(VARG(rS), mode); + } else if (insn->alias_id == PPC_INS_ALIAS_MFXER) { + set_val = SETL("val", ppc_get_xer(mode)); + break; + } ut32 spr = INSOP(1).imm; switch (spr) { default: @@ -931,6 +1000,7 @@ static RzILOpEffect *move_from_to_spr_op(RZ_BORROW csh handle, RZ_BORROW cs_insn case PPC_INS_MTFSF: case PPC_INS_MFFS: case PPC_INS_MFTB: +#if CS_NEXT_VERSION < 6 case PPC_INS_MFRTCU: case PPC_INS_MFRTCL: NOT_IMPLEMENTED; @@ -952,14 +1022,6 @@ static RzILOpEffect *move_from_to_spr_op(RZ_BORROW csh handle, RZ_BORROW cs_insn case PPC_INS_MTBR6: case PPC_INS_MTBR7: NOT_IMPLEMENTED; - case PPC_INS_MFXER: - case PPC_INS_MTXER: - if (id == PPC_INS_MTXER) { - return ppc_set_xer(VARG(rS), mode); - } - spr_name = "xer"; - set_val = SETL("val", ppc_get_xer(mode)); - break; case PPC_INS_MFDSCR: case PPC_INS_MTDSCR: NOT_IMPLEMENTED; @@ -972,6 +1034,22 @@ static RzILOpEffect *move_from_to_spr_op(RZ_BORROW csh handle, RZ_BORROW cs_insn case PPC_INS_MFPID: case PPC_INS_MFTBLO: case PPC_INS_MFTBHI: + case PPC_INS_MFDBATU0: + case PPC_INS_MFDBATL0: + case PPC_INS_MFDBATU1: + case PPC_INS_MFDBATL1: + case PPC_INS_MFDBATU2: + case PPC_INS_MFDBATL2: + case PPC_INS_MFDBATU3: + case PPC_INS_MFDBATL3: + case PPC_INS_MFIBATU0: + case PPC_INS_MFIBATL0: + case PPC_INS_MFIBATU1: + case PPC_INS_MFIBATL1: + case PPC_INS_MFIBATU2: + case PPC_INS_MFIBATL2: + case PPC_INS_MFIBATU3: + case PPC_INS_MFIBATL3: case PPC_INS_MFDBATU: case PPC_INS_MFDBATL: case PPC_INS_MFIBATU: @@ -996,6 +1074,22 @@ static RzILOpEffect *move_from_to_spr_op(RZ_BORROW csh handle, RZ_BORROW cs_insn case PPC_INS_MTTBU: case PPC_INS_MTTBLO: case PPC_INS_MTTBHI: + case PPC_INS_MTDBATU0: + case PPC_INS_MTDBATL0: + case PPC_INS_MTDBATU1: + case PPC_INS_MTDBATL1: + case PPC_INS_MTDBATU2: + case PPC_INS_MTDBATL2: + case PPC_INS_MTDBATU3: + case PPC_INS_MTDBATL3: + case PPC_INS_MTIBATU0: + case PPC_INS_MTIBATL0: + case PPC_INS_MTIBATU1: + case PPC_INS_MTIBATL1: + case PPC_INS_MTIBATU2: + case PPC_INS_MTIBATL2: + case PPC_INS_MTIBATU3: + case PPC_INS_MTIBATL3: case PPC_INS_MTDBATU: case PPC_INS_MTDBATL: case PPC_INS_MTIBATU: @@ -1006,6 +1100,7 @@ static RzILOpEffect *move_from_to_spr_op(RZ_BORROW csh handle, RZ_BORROW cs_insn case PPC_INS_MTESR: case PPC_INS_MTSPEFSCR: case PPC_INS_MTTCR: +#endif NOT_IMPLEMENTED; } if (set_val) { @@ -1037,7 +1132,7 @@ static RzILOpEffect *shift_and_rotate(RZ_BORROW csh handle, RZ_BORROW cs_insn *i RzILOpPure *n; // Shift/rotate steps RzILOpPure *r; // Rotate result - RzILOpPure *into_rA; + RzILOpPure *into_rA = NULL; RzILOpPure *ca_val; // Arithmetic shift instructions set the ca field. RzILOpEffect *set_mask = NULL, *set_ca = NULL, *update_cr0 = NULL; @@ -1050,7 +1145,8 @@ static RzILOpEffect *shift_and_rotate(RZ_BORROW csh handle, RZ_BORROW cs_insn *i // C/CL/CR Clear, clear left/right // M/NM/MI Mask, AND with mask, mask insert -#if CS_API_MAJOR == 5 && CS_API_MINOR == 0 +// FIXME: With update to auto-sync ppc arch +#if CS_API_MAJOR == 5 && CS_API_MINOR == 0 && CS_NEXT_VERSION < 6 // weird bug on capstone v5.0 if (id == PPC_INS_CLRLDI && !strcmp(insn->mnemonic, "rldicl")) { id = PPC_INS_RLDICL; @@ -1058,21 +1154,44 @@ static RzILOpEffect *shift_and_rotate(RZ_BORROW csh handle, RZ_BORROW cs_insn *i id = PPC_INS_RLWINM; } #endif +#if CS_NEXT_VERSION >= 6 + if (insn->alias_id == PPC_INS_ALIAS_SLWI) { + id = PPC_INS_SLWI; + } else if (insn->alias_id == PPC_INS_ALIAS_SRWI) { + id = PPC_INS_SRWI; + } else if (insn->alias_id == PPC_INS_ALIAS_SLDI) { + id = PPC_INS_SLDI; + } +#endif switch (id) { default: NOT_IMPLEMENTED; +#if CS_NEXT_VERSION < 6 case PPC_INS_ROTLW: case PPC_INS_ROTLWI: +#endif case PPC_INS_RLWIMI: case PPC_INS_RLWINM: case PPC_INS_RLWNM: +#if CS_NEXT_VERSION >= 6 + if (insn->alias_id == PPC_INS_ALIAS_CLRLWI || + insn->alias_id == PPC_INS_ALIAS_CLRLWI_) { + break; // Handle down below + } + if (id == PPC_INS_RLWNM) { +#else if (id == PPC_INS_RLWNM || id == PPC_INS_ROTLW) { +#endif n = CAST(6, IL_FALSE, LOGAND(VARG(rB), UA(0x1f))); } else { n = U8(sH); } r = ROTL32(UNSIGNED(32, VARG(rS)), n); +#if CS_NEXT_VERSION >= 6 + b = mB + 32; + e = mE + 32; +#else if (id == PPC_INS_ROTLW || id == PPC_INS_ROTLWI) { b = 32; // mb: 0 + 32 e = 63; // me: 31 + 32 @@ -1080,6 +1199,7 @@ static RzILOpEffect *shift_and_rotate(RZ_BORROW csh handle, RZ_BORROW cs_insn *i b = mB + 32; e = mE + 32; } +#endif // Mask has all bits set. all_bits_set = (((b - 1) & 0x3f) == e); set_mask = all_bits_set ? NULL : SET_MASK(U8(b), U8(e)); @@ -1088,15 +1208,25 @@ static RzILOpEffect *shift_and_rotate(RZ_BORROW csh handle, RZ_BORROW cs_insn *i into_rA = LOGOR(into_rA, LOGAND(VARG(rA), LOGNOT(VARL("mask")))); } break; +#if CS_NEXT_VERSION < 6 case PPC_INS_ROTLD: case PPC_INS_ROTLDI: +#endif case PPC_INS_RLDCL: case PPC_INS_RLDCR: case PPC_INS_RLDIC: case PPC_INS_RLDICL: case PPC_INS_RLDICR: case PPC_INS_RLDIMI: +#if CS_NEXT_VERSION >= 6 + if (insn->alias_id == PPC_INS_ALIAS_CLRLDI || + insn->alias_id == PPC_INS_ALIAS_CLRLDI_) { + break; // Handle below + } + if (id == PPC_INS_RLDCR || id == PPC_INS_RLDCL) { +#else if (id == PPC_INS_RLDCR || id == PPC_INS_RLDCL || id == PPC_INS_ROTLD) { +#endif // For these instruction ME is the third operand, not MB. mE = INSOP(3).imm; n = UNSIGNED(8, VARG(rB)); @@ -1108,6 +1238,21 @@ static RzILOpEffect *shift_and_rotate(RZ_BORROW csh handle, RZ_BORROW cs_insn *i } n = LOGAND(U8(0x3f), n); r = ROTL64(VARG(rS), n); +#if CS_NEXT_VERSION >= 6 + if (id == PPC_INS_RLDICR || id == PPC_INS_RLDCR) { + b = 0; + e = mE; + } else { + b = mB; + if (id == PPC_INS_RLDCL || id == PPC_INS_RLDICL) { + e = 63; + } else if (id == PPC_INS_RLDIMI) { + e = (63 - sH) & 0x3f; + } else { + e = sH; + } + } +#else if (id == PPC_INS_RLDICR || id == PPC_INS_RLDCR || id == PPC_INS_ROTLDI || id == PPC_INS_ROTLD) { b = 0; if (id == PPC_INS_ROTLDI || id == PPC_INS_ROTLD) { @@ -1125,6 +1270,7 @@ static RzILOpEffect *shift_and_rotate(RZ_BORROW csh handle, RZ_BORROW cs_insn *i e = sH; } } +#endif all_bits_set = (((b - 1) & 0x3f) == e); set_mask = all_bits_set ? NULL : SET_MASK(U8(b), U8(e)); @@ -1134,9 +1280,11 @@ static RzILOpEffect *shift_and_rotate(RZ_BORROW csh handle, RZ_BORROW cs_insn *i } break; case PPC_INS_SLDI: +#if CS_NEXT_VERSION < 6 // Currently broken in rizins capstone version. // Immediate is not in instruction. NOT_IMPLEMENTED; +#endif case PPC_INS_SLD: case PPC_INS_SRD: case PPC_INS_SLWI: @@ -1192,6 +1340,7 @@ static RzILOpEffect *shift_and_rotate(RZ_BORROW csh handle, RZ_BORROW cs_insn *i IL_FALSE); set_ca = SETG("ca", ca_val); break; +#if CS_NEXT_VERSION < 6 case PPC_INS_CLRLDI: case PPC_INS_CLRLWI: r = VARG(rS); @@ -1201,6 +1350,20 @@ static RzILOpEffect *shift_and_rotate(RZ_BORROW csh handle, RZ_BORROW cs_insn *i set_mask = all_bits_set ? NULL : SET_MASK(U8(b), U8(e)); into_rA = all_bits_set ? r : LOGAND(r, VARL("mask")); } +#else + } + if (insn->alias_id == PPC_INS_ALIAS_CLRLDI || + insn->alias_id == PPC_INS_ALIAS_CLRLWI || + insn->alias_id == PPC_INS_ALIAS_CLRLDI_ || + insn->alias_id == PPC_INS_ALIAS_CLRLWI_) { + r = VARG(rS); + b = (insn->alias_id == PPC_INS_ALIAS_CLRLWI) ? INSOP(3).imm + 32 : INSOP(3).imm; + e = 63; + all_bits_set = (((b - 1) & 0x3f) == e); + set_mask = all_bits_set ? NULL : SET_MASK(U8(b), U8(e)); + into_rA = all_bits_set ? r : LOGAND(r, VARL("mask")); + } +#endif RzILOpPure *zero = UA(0); RzILOpPure *old_res = VARL("result"); @@ -1268,9 +1431,11 @@ RZ_IPI RzILOpEffect *rz_ppc_cs_get_il_op(RZ_BORROW csh handle, RZ_BORROW cs_insn // Everything is executed linear => Sync instructions are NOP()s. case PPC_INS_ISYNC: case PPC_INS_SYNC: +#if CS_NEXT_VERSION < 6 case PPC_INS_LWSYNC: case PPC_INS_MSYNC: case PPC_INS_PTESYNC: +#endif case PPC_INS_TLBSYNC: lop = NOP(); break; @@ -1306,8 +1471,10 @@ RZ_IPI RzILOpEffect *rz_ppc_cs_get_il_op(RZ_BORROW csh handle, RZ_BORROW cs_insn case PPC_INS_MULLW: lop = div_mul_op(handle, insn, mode); break; +#if CS_NEXT_VERSION < 6 case PPC_INS_LI: case PPC_INS_LIS: +#endif case PPC_INS_LA: case PPC_INS_LBZ: case PPC_INS_LBZU: @@ -1394,7 +1561,9 @@ RZ_IPI RzILOpEffect *rz_ppc_cs_get_il_op(RZ_BORROW csh handle, RZ_BORROW cs_insn #endif lop = store_op(handle, insn, mode); break; +#if CS_NEXT_VERSION < 6 case PPC_INS_MR: +#endif case PPC_INS_AND: case PPC_INS_ANDC: case PPC_INS_ANDIS: @@ -1405,12 +1574,16 @@ RZ_IPI RzILOpEffect *rz_ppc_cs_get_il_op(RZ_BORROW csh handle, RZ_BORROW cs_insn case PPC_INS_ORIS: case PPC_INS_NAND: case PPC_INS_NOR: -#if CS_API_MAJOR > 4 +#if CS_API_MAJOR == 5 && CS_NEXT_VERSION < 6 // bug on xori in capstone v5 case PPC_INS_XNOP: #endif case PPC_INS_XOR: case PPC_INS_XORI: + if (insn->is_alias && insn->alias_id == PPC_INS_ALIAS_XNOP) { + return NOP(); + } + // fallthrough case PPC_INS_XORIS: case PPC_INS_EQV: case PPC_INS_EXTSB: @@ -1423,13 +1596,13 @@ RZ_IPI RzILOpEffect *rz_ppc_cs_get_il_op(RZ_BORROW csh handle, RZ_BORROW cs_insn #if CS_API_MAJOR > 3 case PPC_INS_CMPB: #endif -#if CS_API_MAJOR > 4 +#if CS_API_MAJOR == 5 case PPC_INS_CMPRB: case PPC_INS_CMPEQB: #endif lop = bitwise_op(handle, insn, mode); break; -#if CS_API_MAJOR > 4 +#if CS_API_MAJOR == 5 && CS_NEXT_VERSION < 6 case PPC_INS_CMP: case PPC_INS_CMPI: case PPC_INS_CMPL: @@ -1455,6 +1628,13 @@ RZ_IPI RzILOpEffect *rz_ppc_cs_get_il_op(RZ_BORROW csh handle, RZ_BORROW cs_insn case PPC_INS_BCLRL: case PPC_INS_BCTR: case PPC_INS_BCTRL: + case PPC_INS_BL: + case PPC_INS_BLA: + case PPC_INS_BLR: + case PPC_INS_BLRL: + case PPC_INS_BCA: + case PPC_INS_BCLA: +#if CS_NEXT_VERSION < 6 case PPC_INS_BDNZ: case PPC_INS_BDNZA: case PPC_INS_BDNZL: @@ -1467,12 +1647,6 @@ RZ_IPI RzILOpEffect *rz_ppc_cs_get_il_op(RZ_BORROW csh handle, RZ_BORROW cs_insn case PPC_INS_BDZLA: case PPC_INS_BDZLR: case PPC_INS_BDZLRL: - case PPC_INS_BL: - case PPC_INS_BLA: - case PPC_INS_BLR: - case PPC_INS_BLRL: - case PPC_INS_BCA: - case PPC_INS_BCLA: case PPC_INS_BDNZT: case PPC_INS_BDNZTL: case PPC_INS_BDNZTA: @@ -1489,7 +1663,8 @@ RZ_IPI RzILOpEffect *rz_ppc_cs_get_il_op(RZ_BORROW csh handle, RZ_BORROW cs_insn case PPC_INS_BDZFA: case PPC_INS_BDZFL: case PPC_INS_BDZFLA: -#if CS_API_MAJOR > 4 +#endif +#if CS_API_MAJOR == 5 && CS_NEXT_VERSION < 6 case PPC_INS_BCDCFN: case PPC_INS_BCDCFSQ: case PPC_INS_BCDCFZ: @@ -1656,6 +1831,7 @@ RZ_IPI RzILOpEffect *rz_ppc_cs_get_il_op(RZ_BORROW csh handle, RZ_BORROW cs_insn case PPC_INS_MTSR: case PPC_INS_MTSRIN: case PPC_INS_MTVSCR: +#if CS_NEXT_VERSION < 6 case PPC_INS_MFBR0: case PPC_INS_MFBR1: case PPC_INS_MFBR2: @@ -1681,6 +1857,12 @@ RZ_IPI RzILOpEffect *rz_ppc_cs_get_il_op(RZ_BORROW csh handle, RZ_BORROW cs_insn case PPC_INS_MFDBATL: case PPC_INS_MFIBATU: case PPC_INS_MFIBATL: + case PPC_INS_MFTBU: + case PPC_INS_MTCR: + case PPC_INS_MTDBATU: + case PPC_INS_MTDBATL: + case PPC_INS_MTIBATU: + case PPC_INS_MTIBATL: case PPC_INS_MFDCCR: case PPC_INS_MFICCR: case PPC_INS_MFDEAR: @@ -1689,8 +1871,6 @@ RZ_IPI RzILOpEffect *rz_ppc_cs_get_il_op(RZ_BORROW csh handle, RZ_BORROW cs_insn case PPC_INS_MFTCR: case PPC_INS_MFASR: case PPC_INS_MFPVR: - case PPC_INS_MFTBU: - case PPC_INS_MTCR: case PPC_INS_MTBR0: case PPC_INS_MTBR1: case PPC_INS_MTBR2: @@ -1712,16 +1892,13 @@ RZ_IPI RzILOpEffect *rz_ppc_cs_get_il_op(RZ_BORROW csh handle, RZ_BORROW cs_insn case PPC_INS_MTTBU: case PPC_INS_MTTBLO: case PPC_INS_MTTBHI: - case PPC_INS_MTDBATU: - case PPC_INS_MTDBATL: - case PPC_INS_MTIBATU: - case PPC_INS_MTIBATL: case PPC_INS_MTDCCR: case PPC_INS_MTICCR: case PPC_INS_MTDEAR: case PPC_INS_MTESR: case PPC_INS_MTSPEFSCR: case PPC_INS_MTTCR: +#endif lop = move_from_to_spr_op(handle, insn, mode); break; case PPC_INS_ISEL: @@ -1735,10 +1912,12 @@ RZ_IPI RzILOpEffect *rz_ppc_cs_get_il_op(RZ_BORROW csh handle, RZ_BORROW cs_insn case PPC_INS_CRNOR: case PPC_INS_CROR: case PPC_INS_CRORC: +#if CS_NEXT_VERSION < 6 case PPC_INS_CRSET: case PPC_INS_CRNOT: case PPC_INS_CRMOVE: case PPC_INS_CRCLR: +#endif NOT_IMPLEMENTED; case PPC_INS_MCRF: lop = cr_logical(handle, insn, mode); @@ -1753,12 +1932,14 @@ RZ_IPI RzILOpEffect *rz_ppc_cs_get_il_op(RZ_BORROW csh handle, RZ_BORROW cs_insn case PPC_INS_RLWIMI: case PPC_INS_RLWINM: case PPC_INS_RLWNM: +#if CS_NEXT_VERSION < 6 case PPC_INS_ROTLD: case PPC_INS_ROTLDI: case PPC_INS_CLRLDI: case PPC_INS_ROTLWI: case PPC_INS_CLRLWI: case PPC_INS_ROTLW: +#endif case PPC_INS_SLD: case PPC_INS_SLW: case PPC_INS_SRAD: diff --git a/librz/analysis/p/analysis_arm_cs.c b/librz/analysis/p/analysis_arm_cs.c index 95ca7bde18f..5ee9180dc42 100644 --- a/librz/analysis/p/analysis_arm_cs.c +++ b/librz/analysis/p/analysis_arm_cs.c @@ -129,41 +129,6 @@ static const char *vector_data_type_name(arm_vectordata_type type) { } } -static const char *cc_name(arm_cc cc) { - switch (cc) { - case ARM_CC_EQ: // Equal Equal - return "eq"; - case ARM_CC_NE: // Not equal Not equal, or unordered - return "ne"; - case ARM_CC_HS: // Carry set >, ==, or unordered - return "hs"; - case ARM_CC_LO: // Carry clear Less than - return "lo"; - case ARM_CC_MI: // Minus, negative Less than - return "mi"; - case ARM_CC_PL: // Plus, positive or zero >, ==, or unordered - return "pl"; - case ARM_CC_VS: // Overflow Unordered - return "vs"; - case ARM_CC_VC: // No overflow Not unordered - return "vc"; - case ARM_CC_HI: // Unsigned higher Greater than, or unordered - return "hi"; - case ARM_CC_LS: // Unsigned lower or same Less than or equal - return "ls"; - case ARM_CC_GE: // Greater than or equal Greater than or equal - return "ge"; - case ARM_CC_LT: // Less than Less than, or unordered - return "lt"; - case ARM_CC_GT: // Greater than Greater than - return "gt"; - case ARM_CC_LE: // Less than or equal <, ==, or unordered - return "le"; - default: - return ""; - } -} - static void opex(RzStrBuf *buf, csh handle, cs_insn *insn) { int i; PJ *pj = pj_new(); @@ -273,7 +238,7 @@ static void opex(RzStrBuf *buf, csh handle, cs_insn *insn) { if (x->update_flags) { pj_kb(pj, "update_flags", true); } - if (x->writeback) { + if (insn->detail->writeback) { pj_kb(pj, "writeback", true); } if (x->vector_size) { @@ -288,10 +253,10 @@ static void opex(RzStrBuf *buf, csh handle, cs_insn *insn) { if (x->cps_flag != ARM_CPSFLAG_INVALID) { pj_ki(pj, "cps_flag", x->cps_flag); } - if (x->cc != ARM_CC_INVALID && x->cc != ARM_CC_AL) { - pj_ks(pj, "cc", cc_name(x->cc)); + if (x->cc != ARMCC_UNDEF && x->cc != ARMCC_AL) { + pj_ks(pj, "cc", ARMCondCodeToString(x->cc)); } - if (x->mem_barrier != ARM_MB_INVALID) { + if (x->mem_barrier != ARM_MB_RESERVED_0) { pj_ki(pj, "mem_barrier", x->mem_barrier - 1); } pj_end(pj); @@ -549,25 +514,49 @@ static void opex64(RzStrBuf *buf, csh handle, cs_insn *insn) { pj_free(pj); } -static int cond_cs2r2(int cc) { - if (cc == ARM_CC_AL || cc < 0) { +static int cond_cs2r2_32(int cc) { + if (cc == ARMCC_AL || cc < 0) { cc = RZ_TYPE_COND_AL; } else { switch (cc) { - case ARM_CC_EQ: cc = RZ_TYPE_COND_EQ; break; - case ARM_CC_NE: cc = RZ_TYPE_COND_NE; break; - case ARM_CC_HS: cc = RZ_TYPE_COND_HS; break; - case ARM_CC_LO: cc = RZ_TYPE_COND_LO; break; - case ARM_CC_MI: cc = RZ_TYPE_COND_MI; break; - case ARM_CC_PL: cc = RZ_TYPE_COND_PL; break; - case ARM_CC_VS: cc = RZ_TYPE_COND_VS; break; - case ARM_CC_VC: cc = RZ_TYPE_COND_VC; break; - case ARM_CC_HI: cc = RZ_TYPE_COND_HI; break; - case ARM_CC_LS: cc = RZ_TYPE_COND_LS; break; - case ARM_CC_GE: cc = RZ_TYPE_COND_GE; break; - case ARM_CC_LT: cc = RZ_TYPE_COND_LT; break; - case ARM_CC_GT: cc = RZ_TYPE_COND_GT; break; - case ARM_CC_LE: cc = RZ_TYPE_COND_LE; break; + case ARMCC_EQ: cc = RZ_TYPE_COND_EQ; break; + case ARMCC_NE: cc = RZ_TYPE_COND_NE; break; + case ARMCC_HS: cc = RZ_TYPE_COND_HS; break; + case ARMCC_LO: cc = RZ_TYPE_COND_LO; break; + case ARMCC_MI: cc = RZ_TYPE_COND_MI; break; + case ARMCC_PL: cc = RZ_TYPE_COND_PL; break; + case ARMCC_VS: cc = RZ_TYPE_COND_VS; break; + case ARMCC_VC: cc = RZ_TYPE_COND_VC; break; + case ARMCC_HI: cc = RZ_TYPE_COND_HI; break; + case ARMCC_LS: cc = RZ_TYPE_COND_LS; break; + case ARMCC_GE: cc = RZ_TYPE_COND_GE; break; + case ARMCC_LT: cc = RZ_TYPE_COND_LT; break; + case ARMCC_GT: cc = RZ_TYPE_COND_GT; break; + case ARMCC_LE: cc = RZ_TYPE_COND_LE; break; + } + } + return cc; +} + +static int cond_cs2r2_64(int cc) { + if (cc == ARMCC_AL || cc < 0) { + cc = RZ_TYPE_COND_AL; + } else { + switch (cc) { + case ARM64_CC_EQ: cc = RZ_TYPE_COND_EQ; break; + case ARM64_CC_NE: cc = RZ_TYPE_COND_NE; break; + case ARM64_CC_HS: cc = RZ_TYPE_COND_HS; break; + case ARM64_CC_LO: cc = RZ_TYPE_COND_LO; break; + case ARM64_CC_MI: cc = RZ_TYPE_COND_MI; break; + case ARM64_CC_PL: cc = RZ_TYPE_COND_PL; break; + case ARM64_CC_VS: cc = RZ_TYPE_COND_VS; break; + case ARM64_CC_VC: cc = RZ_TYPE_COND_VC; break; + case ARM64_CC_HI: cc = RZ_TYPE_COND_HI; break; + case ARM64_CC_LS: cc = RZ_TYPE_COND_LS; break; + case ARM64_CC_GE: cc = RZ_TYPE_COND_GE; break; + case ARM64_CC_LT: cc = RZ_TYPE_COND_LT; break; + case ARM64_CC_GT: cc = RZ_TYPE_COND_GT; break; + case ARM64_CC_LE: cc = RZ_TYPE_COND_LE; break; } } return cc; @@ -594,7 +583,7 @@ static void anop64(ArmCSContext *ctx, RzAnalysisOp *op, cs_insn *insn) { op->family = RZ_ANALYSIS_OP_FAMILY_CPU; } - op->cond = cond_cs2r2(insn->detail->arm64.cc); + op->cond = cond_cs2r2_64(insn->detail->arm64.cc); if (op->cond == RZ_TYPE_COND_NV) { op->type = RZ_ANALYSIS_OP_TYPE_NOP; return; @@ -902,7 +891,7 @@ static void anop64(ArmCSContext *ctx, RzAnalysisOp *op, cs_insn *insn) { } if (REGID(0) == ARM_REG_PC) { op->type = RZ_ANALYSIS_OP_TYPE_UJMP; - if (insn->detail->arm.cc != ARM_CC_AL) { + if (insn->detail->arm.cc != ARMCC_AL) { // op->type = RZ_ANALYSIS_OP_TYPE_MCJMP; op->type = RZ_ANALYSIS_OP_TYPE_UCJMP; } @@ -1021,28 +1010,29 @@ static void anop32(RzAnalysis *a, csh handle, RzAnalysisOp *op, cs_insn *insn, b const int pcdelta = thumb ? 4 : 8; int i; - op->cond = cond_cs2r2(insn->detail->arm.cc); + op->cond = cond_cs2r2_32(insn->detail->arm.cc); if (op->cond == RZ_TYPE_COND_NV) { op->type = RZ_ANALYSIS_OP_TYPE_NOP; return; } op->cycles = 1; /* grab family */ - if (cs_insn_group(handle, insn, ARM_GRP_CRYPTO)) { + if (cs_insn_group(handle, insn, ARM_FEATURE_HasAES)) { op->family = RZ_ANALYSIS_OP_FAMILY_CRYPTO; - } else if (cs_insn_group(handle, insn, ARM_GRP_CRC)) { + } else if (cs_insn_group(handle, insn, ARM_FEATURE_HasCRC)) { op->family = RZ_ANALYSIS_OP_FAMILY_CRYPTO; #if CS_API_MAJOR >= 4 } else if (cs_insn_group(handle, insn, ARM_GRP_PRIVILEGE)) { op->family = RZ_ANALYSIS_OP_FAMILY_PRIV; - } else if (cs_insn_group(handle, insn, ARM_GRP_VIRTUALIZATION)) { + } else if (cs_insn_group(handle, insn, ARM_FEATURE_HasVirtualization)) { op->family = RZ_ANALYSIS_OP_FAMILY_VIRT; #endif - } else if (cs_insn_group(handle, insn, ARM_GRP_NEON)) { + } else if (cs_insn_group(handle, insn, ARM_FEATURE_HasNEON)) { op->family = RZ_ANALYSIS_OP_FAMILY_MMX; - } else if (cs_insn_group(handle, insn, ARM_GRP_FPARMV8)) { + } else if (cs_insn_group(handle, insn, ARM_FEATURE_HasFPARMv8)) { op->family = RZ_ANALYSIS_OP_FAMILY_FPU; - } else if (cs_insn_group(handle, insn, ARM_GRP_THUMB2DSP)) { + } else if (cs_insn_group(handle, insn, ARM_FEATURE_HasDSP) && + cs_insn_group(handle, insn, ARM_FEATURE_HasDSP)) { op->family = RZ_ANALYSIS_OP_FAMILY_MMX; } else { op->family = RZ_ANALYSIS_OP_FAMILY_CPU; @@ -1113,7 +1103,7 @@ jmp $$ + 4 + ( [delta] * 2 ) for (i = 0; i < insn->detail->arm.op_count; i++) { if (insn->detail->arm.operands[i].type == ARM_OP_REG && insn->detail->arm.operands[i].reg == ARM_REG_PC) { - if (insn->detail->arm.cc == ARM_CC_AL) { + if (insn->detail->arm.cc == ARMCC_AL) { op->type = RZ_ANALYSIS_OP_TYPE_RET; } else { op->type = RZ_ANALYSIS_OP_TYPE_CRET; @@ -1158,7 +1148,7 @@ jmp $$ + 4 + ( [delta] * 2 ) op->type = RZ_ANALYSIS_OP_TYPE_ADD; if (REGID(0) == ARM_REG_PC) { op->type = RZ_ANALYSIS_OP_TYPE_UJMP; - if (REGID(1) == ARM_REG_PC && insn->detail->arm.cc != ARM_CC_AL) { + if (REGID(1) == ARM_REG_PC && insn->detail->arm.cc != ARMCC_AL) { // op->type = RZ_ANALYSIS_OP_TYPE_RCJMP; op->type = RZ_ANALYSIS_OP_TYPE_UCJMP; op->fail = addr + op->size; @@ -1341,7 +1331,7 @@ jmp $$ + 4 + ( [delta] * 2 ) op->disp = MEMDISP(1); if (REGID(0) == ARM_REG_PC) { op->type = RZ_ANALYSIS_OP_TYPE_UJMP; - if (insn->detail->arm.cc != ARM_CC_AL) { + if (insn->detail->arm.cc != ARMCC_AL) { // op->type = RZ_ANALYSIS_OP_TYPE_MCJMP; op->type = RZ_ANALYSIS_OP_TYPE_UCJMP; } @@ -1364,7 +1354,7 @@ jmp $$ + 4 + ( [delta] * 2 ) } else if (REGBASE(1) == ARM_REG_PC) { op->ptr = (addr & ~3LL) + (thumb ? 4 : 8) + MEMDISP(1); op->refptr = 4; - if (REGID(0) == ARM_REG_PC && insn->detail->arm.cc != ARM_CC_AL) { + if (REGID(0) == ARM_REG_PC && insn->detail->arm.cc != ARMCC_AL) { // op->type = RZ_ANALYSIS_OP_TYPE_MCJMP; op->type = RZ_ANALYSIS_OP_TYPE_UCJMP; op->fail = addr + op->size; @@ -1417,10 +1407,10 @@ jmp $$ + 4 + ( [delta] * 2 ) case ARM_INS_B: /* b.cc label */ op->cycles = 4; - if (insn->detail->arm.cc == ARM_CC_INVALID) { + if (insn->detail->arm.cc == ARMCC_UNDEF) { op->type = RZ_ANALYSIS_OP_TYPE_ILL; op->fail = addr + op->size; - } else if (insn->detail->arm.cc == ARM_CC_AL) { + } else if (insn->detail->arm.cc == ARMCC_AL) { op->type = RZ_ANALYSIS_OP_TYPE_JMP; op->fail = UT64_MAX; } else { @@ -1491,7 +1481,7 @@ jmp $$ + 4 + ( [delta] * 2 ) if (thumb && rz_arm_it_apply_cond(&ctx->it, insn)) { op->mnemonic = rz_str_newf("%s%s%s%s", rz_analysis_optype_to_string(op->type), - cc_name(insn->detail->arm.cc), + ARMCondCodeToString(insn->detail->arm.cc), insn->op_str[0] ? " " : "", insn->op_str); op->cond = (RzTypeCond)insn->detail->arm.cc; @@ -1619,7 +1609,11 @@ static void set_src_dst(RzAnalysisValue *val, RzReg *reg, csh *handle, cs_insn * #if CS_API_MAJOR > 3 val->mul = armop.mem.scale << armop.mem.lshift; #endif +#if CS_NEXT_VERSION == 6 + val->delta = MEMDISP(x); +#else val->delta = armop.mem.disp; +#endif break; case ARM_OP_IMM: val->type = RZ_ANALYSIS_VAL_IMM; @@ -1756,6 +1750,7 @@ static int analysis_op(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *bu if (ctx->handle == 0) { ret = (a->bits == 64) ? cs_open(CS_ARCH_ARM64, mode, &ctx->handle) : cs_open(CS_ARCH_ARM, mode, &ctx->handle); cs_option(ctx->handle, CS_OPT_DETAIL, CS_OPT_ON); + cs_option(ctx->handle, CS_OPT_SYNTAX, CS_OPT_SYNTAX_CS_REG_ALIAS); if (ret != CS_ERR_OK) { ctx->handle = 0; return -1; @@ -1775,6 +1770,7 @@ static int analysis_op(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *bu } else { patch_capstone_bugs(insn, a->bits, a->big_endian); if (mask & RZ_ANALYSIS_OP_MASK_DISASM) { + // TODO Remove after Capstone auto-sync update. op->mnemonic = rz_str_newf("%s%s%s", insn->mnemonic, insn->op_str[0] ? " " : "", diff --git a/librz/analysis/p/analysis_ppc_cs.c b/librz/analysis/p/analysis_ppc_cs.c index 4488e2ce624..83dd3353d09 100644 --- a/librz/analysis/p/analysis_ppc_cs.c +++ b/librz/analysis/p/analysis_ppc_cs.c @@ -8,6 +8,7 @@ #include "../../asm/arch/ppc/libvle/vle.h" #include "../arch/ppc/ppc_analysis.h" #include "../arch/ppc/ppc_il.h" +#include "rz_util/rz_strbuf.h" #define SPR_HID0 0x3f0 /* Hardware Implementation Register 0 */ #define SPR_HID1 0x3f1 /* Hardware Implementation Register 1 */ @@ -95,10 +96,12 @@ static char *getarg2(struct Getarg *gop, int n, const char *setstr) { (ut64)op.mem.disp, cs_reg_name(handle, op.mem.base), setstr); break; +#if CS_NEXT_VERSION < 6 case PPC_OP_CRX: // Condition Register field snprintf(words[n], sizeof(words[n]), "%" PFMT64d "%s", (ut64)op.imm, setstr); break; +#endif } return words[n]; } @@ -125,9 +128,11 @@ static ut64 getarg(struct Getarg *gop, int n) { case PPC_OP_MEM: value = op.mem.disp + op.mem.base; break; +#if CS_NEXT_VERSION < 6 case PPC_OP_CRX: // Condition Register field value = (ut64)op.imm; break; +#endif } return value; } @@ -465,7 +470,8 @@ static char *get_reg_profile(RzAnalysis *analysis) { "ctr ppr32 .32 2580 0 # Process Priority Register 32-bit\n" "flg so .1 2584 0 # Summary Overflow\n" "flg ov .1 2585 0 # Overflow\n" - "flg ca .1 2586 0 # Carry\n"; + "flg ca .1 2586 0 # Carry\n" + "gpr 0 .64 2587 0 # The zero register.\n"; return strdup(p); } else { p = @@ -725,7 +731,8 @@ static char *get_reg_profile(RzAnalysis *analysis) { "ctr ppr32 .32 2580 0 # Process Priority Register 32-bit\n" "flg so .1 2584 0 # Summary Overflow\n" "flg ov .1 2585 0 # Overflow\n" - "flg ca .1 2586 0 # Carry\n"; + "flg ca .1 2586 0 # Carry\n" + "gpr 0 .32 2587 0 # The zero register.\n"; return strdup(p); } } @@ -933,6 +940,8 @@ static int analyze_op(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *buf if (ret >= 0) { return op->size; } + } else if (a->cpu && RZ_STR_EQ(a->cpu, "qpx")) { + mode |= CS_MODE_QPX; } if (mode != omode || a->bits != obits) { @@ -947,6 +956,7 @@ static int analyze_op(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *buf return -1; } cs_option(handle, CS_OPT_DETAIL, CS_OPT_ON); + cs_option(handle, CS_OPT_DETAIL, CS_OPT_DETAIL_REAL); } op->size = 4; @@ -982,7 +992,7 @@ static int analyze_op(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *buf case PPC_INS_CMPLWI: case PPC_INS_CMPW: case PPC_INS_CMPWI: -#if CS_API_MAJOR > 4 +#if CS_API_MAJOR == 5 && CS_NEXT_VERSION < 6 case PPC_INS_CMP: case PPC_INS_CMPI: #endif @@ -1004,6 +1014,7 @@ static int analyze_op(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *buf op->type = RZ_ANALYSIS_OP_TYPE_MOV; esilprintf(op, "%s,lr,=", ARG(0)); break; +#if CS_NEXT_VERSION < 6 case PPC_INS_MR: case PPC_INS_LI: op->type = RZ_ANALYSIS_OP_TYPE_MOV; @@ -1020,6 +1031,7 @@ static int analyze_op(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *buf op->type = RZ_ANALYSIS_OP_TYPE_AND; esilprintf(op, "%s,%s,&,%s,=", ARG(1), cmask32(ARG(2), "0x1F"), ARG(0)); break; +#endif case PPC_INS_RLWINM: op->type = RZ_ANALYSIS_OP_TYPE_ROL; esilprintf(op, "%s,%s,<<<,%s,&,%s,=", ARG(2), ARG(1), cmask32(ARG(3), ARG(4)), ARG(0)); @@ -1051,9 +1063,11 @@ static int analyze_op(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *buf break; case PPC_INS_SYNC: case PPC_INS_ISYNC: +#if CS_NEXT_VERSION < 6 case PPC_INS_LWSYNC: case PPC_INS_MSYNC: case PPC_INS_PTESYNC: +#endif case PPC_INS_TLBSYNC: case PPC_INS_SLBIA: case PPC_INS_SLBIE: @@ -1231,8 +1245,10 @@ static int analyze_op(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *buf op->type = RZ_ANALYSIS_OP_TYPE_MUL; esilprintf(op, "%s,%s,*,%s,=", ARG(2), ARG(1), ARG(0)); break; +#if CS_NEXT_VERSION < 6 case PPC_INS_SUB: case PPC_INS_SUBC: +#endif case PPC_INS_SUBF: case PPC_INS_SUBFIC: case PPC_INS_SUBFZE: @@ -1250,12 +1266,14 @@ static int analyze_op(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *buf op->type = RZ_ANALYSIS_OP_TYPE_ADD; esilprintf(op, "%s,%s,+,%s,=", ARG(2), ARG(1), ARG(0)); break; +#if CS_NEXT_VERSION < 6 case PPC_INS_CRCLR: case PPC_INS_CRSET: case PPC_INS_CRMOVE: + case PPC_INS_CRNOT: +#endif case PPC_INS_CRXOR: case PPC_INS_CRNOR: - case PPC_INS_CRNOT: // reset conditional bits op->type = RZ_ANALYSIS_OP_TYPE_MOV; break; @@ -1268,8 +1286,23 @@ static int analyze_op(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *buf case PPC_INS_ADDIS: case PPC_INS_ADDME: case PPC_INS_ADDZE: +#if CS_NEXT_VERSION >= 6 + switch (insn->alias_id) { + default: + op->type = RZ_ANALYSIS_OP_TYPE_ADD; + esilprintf(op, "%s,%s,+,%s,=", ARG(2), ARG(1), ARG(0)); + break; + case PPC_INS_ALIAS_LIS: + op->type = RZ_ANALYSIS_OP_TYPE_MOV; + op->val = IMM(2); + op->val <<= 16; + esilprintf(op, "0x%llx0000,%s,=", IMM(2), ARG(0)); + break; + } +#else op->type = RZ_ANALYSIS_OP_TYPE_ADD; esilprintf(op, "%s,%s,+,%s,=", ARG(2), ARG(1), ARG(0)); +#endif break; case PPC_INS_MTSPR: op->type = RZ_ANALYSIS_OP_TYPE_MOV; @@ -1283,7 +1316,7 @@ static int analyze_op(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *buf op->type = RZ_ANALYSIS_OP_TYPE_CALL; esilprintf(op, "pc,lr,=,ctr,pc,="); break; -#if CS_API_MAJOR > 4 +#if CS_API_MAJOR == 5 && CS_NEXT_VERSION < 6 case PPC_INS_BEQ: case PPC_INS_BEQA: case PPC_INS_BFA: @@ -1310,78 +1343,7 @@ static int analyze_op(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *buf case PPC_INS_BUN: case PPC_INS_BUNA: #endif - case PPC_INS_B: - case PPC_INS_BC: - case PPC_INS_BA: - op->type = RZ_ANALYSIS_OP_TYPE_CJMP; - op->jump = ARG(1)[0] == '\0' ? IMM(0) : IMM(1); - op->fail = addr + op->size; - switch (insn->detail->ppc.bc) { - case PPC_BC_LT: - /* 0b01 == equal - * 0b10 == less than */ - if (ARG(1)[0] == '\0') { - esilprintf(op, "2,cr0,&,?{,%s,pc,=,},", ARG(0)); - } else { - esilprintf(op, "2,%s,&,?{,%s,pc,=,},", ARG(0), ARG(1)); - } - break; - case PPC_BC_LE: - /* 0b01 == equal - * 0b10 == less than */ - if (ARG(1)[0] == '\0') { - esilprintf(op, "3,cr0,&,?{,%s,pc,=,},", ARG(0)); - } else { - esilprintf(op, "3,%s,&,?{,%s,pc,=,},", ARG(0), ARG(1)); - } - break; - case PPC_BC_EQ: - /* 0b01 == equal - * 0b10 == less than */ - if (ARG(1)[0] == '\0') { - esilprintf(op, "1,cr0,&,?{,%s,pc,=,},", ARG(0)); - } else { - esilprintf(op, "1,%s,&,?{,%s,pc,=,},", ARG(0), ARG(1)); - } - break; - case PPC_BC_GE: - /* 0b01 == equal - * 0b10 == less than */ - if (ARG(1)[0] == '\0') { - esilprintf(op, "2,cr0,^,3,&,?{,%s,pc,=,},", ARG(0)); - } else { - esilprintf(op, "2,%s,^,3,&,?{,%s,pc,=,},", ARG(0), ARG(1)); - } - break; - case PPC_BC_GT: - /* 0b01 == equal - * 0b10 == less than */ - if (ARG(1)[0] == '\0') { - esilprintf(op, "2,cr0,&,!,?{,%s,pc,=,},", ARG(0)); - } else { - esilprintf(op, "2,%s,&,!,?{,%s,pc,=,},", ARG(0), ARG(1)); - } - break; - case PPC_BC_NE: - /* 0b01 == equal - * 0b10 == less than */ - if (ARG(1)[0] == '\0') { - esilprintf(op, "cr0,1,&,!,?{,%s,pc,=,},", ARG(0)); - } else { - esilprintf(op, "%s,1,&,!,?{,%s,pc,=,},", ARG(0), ARG(1)); - } - break; - case PPC_BC_INVALID: - op->type = RZ_ANALYSIS_OP_TYPE_JMP; - esilprintf(op, "%s,pc,=", ARG(0)); - case PPC_BC_UN: // unordered - case PPC_BC_NU: // not unordered - case PPC_BC_SO: // summary overflow - case PPC_BC_NS: // not summary overflow - default: - break; - } - break; +#if CS_NEXT_VERSION < 6 case PPC_INS_BT: case PPC_INS_BF: switch (insn->detail->ppc.operands[0].type) { @@ -1462,79 +1424,163 @@ static int analyze_op(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *buf op->type = RZ_ANALYSIS_OP_TYPE_CJMP; op->fail = addr + op->size; break; +#endif + case PPC_INS_B: + case PPC_INS_BC: + case PPC_INS_BA: + case PPC_INS_BCL: case PPC_INS_BLR: case PPC_INS_BLRL: case PPC_INS_BCLR: case PPC_INS_BCLRL: - op->type = RZ_ANALYSIS_OP_TYPE_CRET; - op->fail = addr + op->size; - switch (insn->detail->ppc.bc) { - case PPC_BC_INVALID: + case PPC_INS_BCCTR: + case PPC_INS_BCCTRL: { + if (insn->id == PPC_INS_BC || insn->id == PPC_INS_BCCTR) { + op->type = RZ_ANALYSIS_OP_TYPE_CJMP; + } else if (insn->id == PPC_INS_B || insn->id == PPC_INS_BA) { + op->type = RZ_ANALYSIS_OP_TYPE_JMP; + } else if (insn->id == PPC_INS_BCLR || insn->id == PPC_INS_BCLRL) { + op->type = RZ_ANALYSIS_OP_TYPE_CRET; + } else if (insn->id == PPC_INS_BLR || insn->id == PPC_INS_BLRL) { op->type = RZ_ANALYSIS_OP_TYPE_RET; - esilprintf(op, "lr,pc,="); - break; + } else if (insn->id == PPC_INS_BCCTRL) { + op->type = RZ_ANALYSIS_OP_TYPE_CCALL; + } + bool cr_cond_set = true; + bool ctr_cond_set = true; +#if CS_NEXT_VERSION >= 6 + switch (insn->detail->ppc.bc.pred_cr) { + case PPC_PRED_LT: + esilprintf(op, "2,%s,&,", cs_reg_name(handle, insn->detail->ppc.bc.crX)); +#else + switch (insn->detail->ppc.bc) { case PPC_BC_LT: - /* 0b01 == equal - * 0b10 == less than */ if (ARG(1)[0] == '\0') { - esilprintf(op, "2,cr0,&,?{,lr,pc,=,},"); + esilprintf(op, "2,cr0,&,"); } else { - esilprintf(op, "2,%s,&,?{,lr,pc,=,},", ARG(0)); + esilprintf(op, "2,%s,&,", ARG(0)); } +#endif break; +#if CS_NEXT_VERSION >= 6 + case PPC_PRED_LE: + esilprintf(op, "3,%s,&,", cs_reg_name(handle, insn->detail->ppc.bc.crX)); +#else case PPC_BC_LE: - /* 0b01 == equal - * 0b10 == less than */ - if (ARG(1)[0] == '\0') { - esilprintf(op, "3,cr0,&,?{,lr,pc,=,},"); - } else { - esilprintf(op, "3,%s,&,?{,lr,pc,=,},", ARG(0)); - } + esilprintf(op, "3,%s,&,", cs_reg_name(handle, insn->detail->ppc.bc.crX)); +#endif break; +#if CS_NEXT_VERSION >= 6 + case PPC_PRED_EQ: + esilprintf(op, "1,%s,&,", cs_reg_name(handle, insn->detail->ppc.bc.crX)); +#else case PPC_BC_EQ: - /* 0b01 == equal - * 0b10 == less than */ if (ARG(1)[0] == '\0') { - esilprintf(op, "1,cr0,&,?{,lr,pc,=,},"); + esilprintf(op, "1,cr0,&,"); } else { - esilprintf(op, "1,%s,&,?{,lr,pc,=,},", ARG(0)); + esilprintf(op, "1,%s,&,", ARG(0)); } +#endif break; +#if CS_NEXT_VERSION >= 6 + case PPC_PRED_GE: + esilprintf(op, "2,%s,^,3,&,", cs_reg_name(handle, insn->detail->ppc.bc.crX)); +#else case PPC_BC_GE: - /* 0b01 == equal - * 0b10 == less than */ if (ARG(1)[0] == '\0') { - esilprintf(op, "2,cr0,^,3,&,?{,lr,pc,=,},"); + esilprintf(op, "2,cr0,^,3,&,"); } else { - esilprintf(op, "2,%s,^,3,&,?{,lr,pc,=,},", ARG(0)); + esilprintf(op, "2,%s,^,3,&,", ARG(0)); } +#endif break; +#if CS_NEXT_VERSION >= 6 + case PPC_PRED_GT: + esilprintf(op, "2,%s,&,!,", cs_reg_name(handle, insn->detail->ppc.bc.crX)); +#else case PPC_BC_GT: - /* 0b01 == equal - * 0b10 == less than */ if (ARG(1)[0] == '\0') { - esilprintf(op, "2,cr0,&,!,?{,lr,pc,=,},"); + esilprintf(op, "2,cr0,&,!,"); } else { - esilprintf(op, "2,%s,&,!,?{,lr,pc,=,},", ARG(0)); + esilprintf(op, "2,%s,&,!,", ARG(0)); } +#endif break; +#if CS_NEXT_VERSION >= 6 + case PPC_PRED_NE: + esilprintf(op, "%s,1,&,!,", cs_reg_name(handle, insn->detail->ppc.bc.crX)); +#else case PPC_BC_NE: - /* 0b01 == equal - * 0b10 == less than */ if (ARG(1)[0] == '\0') { - esilprintf(op, "cr0,1,&,!,?{,lr,pc,=,},"); + esilprintf(op, "cr0,1,&,!,"); } else { - esilprintf(op, "%s,1,&,!,?{,lr,pc,=,},", ARG(0)); + esilprintf(op, "%s,1,&,!,", ARG(0)); } +#endif break; +#if CS_NEXT_VERSION >= 6 + case PPC_PRED_INVALID: + case PPC_PRED_UN: // unordered + PPC_PRED_SO - summary overflow + case PPC_PRED_NU: // not unordered + PPC_PRED_NS - not summary overflow +#else + case PPC_BC_INVALID: case PPC_BC_UN: // unordered case PPC_BC_NU: // not unordered case PPC_BC_SO: // summary overflow case PPC_BC_NS: // not summary overflow +#endif default: + cr_cond_set = false; + break; + } +#if CS_NEXT_VERSION >= 6 + switch (insn->detail->ppc.bc.pred_ctr) { + default: + ctr_cond_set = false; + break; + case PPC_PRED_Z: + rz_strbuf_appendf(&op->esil, "1,ctr,-=,$z,%s", cr_cond_set ? "&&,?" : "?"); break; + case PPC_PRED_NZ: + rz_strbuf_appendf(&op->esil, "1,ctr,-=,$z,!,%s", cr_cond_set ? "&&,?" : "?"); + break; + } +#endif + bool is_cond = cr_cond_set || ctr_cond_set; + if (is_cond) { + rz_strbuf_appendf(&op->esil, "{,"); + op->fail = addr + op->size; + } + + if (insn->id == PPC_INS_B || insn->id == PPC_INS_BC || insn->id == PPC_INS_BA || insn->id == PPC_INS_BCL) { +#if CS_NEXT_VERSION >= 6 + op->jump = (insn->id == PPC_INS_BC || insn->id == PPC_INS_BCL) ? IMM(2) : IMM(0); +#else + op->jump = ARG(1)[0] == '\0' ? IMM(0) : IMM(1); +#endif + } + + if (insn->id == PPC_INS_BLRL || + insn->id == PPC_INS_BCLRL || + insn->id == PPC_INS_BCCTRL || + insn->id == PPC_INS_BCL) { + op->fail = addr + op->size; + rz_strbuf_appendf(&op->esil, "0x%" PFMT64x ",lr,=,", op->fail); + } + + // Set target source + if (insn->id == PPC_INS_BCCTR || insn->id == PPC_INS_BCCTRL) { + rz_strbuf_appendf(&op->esil, "ctr,pc,=,"); + } else if (op->type == RZ_ANALYSIS_OP_TYPE_CRET || op->type == RZ_ANALYSIS_OP_TYPE_RET) { + rz_strbuf_appendf(&op->esil, "lr,pc,=,"); + } else { + rz_strbuf_appendf(&op->esil, "0x%" PFMT64x ",pc,=,", op->jump); + } + if (is_cond) { + rz_strbuf_appendf(&op->esil, "},"); } break; + } case PPC_INS_NOR: op->type = RZ_ANALYSIS_OP_TYPE_NOR; esilprintf(op, "%s,%s,|,!,%s,=", ARG(2), ARG(1), ARG(0)); @@ -1589,10 +1635,12 @@ static int analyze_op(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *buf op->type = RZ_ANALYSIS_OP_TYPE_OR; esilprintf(op, "16,%s,<<,%s,|,%s,=", ARG(2), ARG(1), ARG(0)); break; +#if CS_NEXT_VERSION < 6 case PPC_INS_MFPVR: op->type = RZ_ANALYSIS_OP_TYPE_MOV; esilprintf(op, "pvr,%s,=", ARG(0)); break; +#endif case PPC_INS_MFSPR: op->type = RZ_ANALYSIS_OP_TYPE_MOV; esilprintf(op, "%s,%s,=", PPCSPR(1), ARG(0)); @@ -1601,6 +1649,7 @@ static int analyze_op(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *buf op->type = RZ_ANALYSIS_OP_TYPE_MOV; esilprintf(op, "ctr,%s,=", ARG(0)); break; +#if CS_NEXT_VERSION < 6 case PPC_INS_MFDCCR: op->type = RZ_ANALYSIS_OP_TYPE_MOV; esilprintf(op, "dccr,%s,=", ARG(0)); @@ -1613,6 +1662,7 @@ static int analyze_op(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *buf op->type = RZ_ANALYSIS_OP_TYPE_MOV; esilprintf(op, "dear,%s,=", ARG(0)); break; +#endif case PPC_INS_MFMSR: op->type = RZ_ANALYSIS_OP_TYPE_MOV; esilprintf(op, "msr,%s,=", ARG(0)); @@ -1621,6 +1671,7 @@ static int analyze_op(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *buf op->type = RZ_ANALYSIS_OP_TYPE_MOV; esilprintf(op, "%s,ctr,=", ARG(0)); break; +#if CS_NEXT_VERSION < 6 case PPC_INS_MTDCCR: op->type = RZ_ANALYSIS_OP_TYPE_MOV; esilprintf(op, "%s,dccr,=", ARG(0)); @@ -1633,6 +1684,7 @@ static int analyze_op(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *buf op->type = RZ_ANALYSIS_OP_TYPE_MOV; esilprintf(op, "%s,dear,=", ARG(0)); break; +#endif case PPC_INS_MTMSR: case PPC_INS_MTMSRD: op->type = RZ_ANALYSIS_OP_TYPE_MOV; @@ -1643,6 +1695,7 @@ static int analyze_op(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *buf op->type = RZ_ANALYSIS_OP_TYPE_STORE; esilprintf(op, "%s,%s", ARG(0), ARG2(1, ",=[128]")); break; +#if CS_NEXT_VERSION < 6 case PPC_INS_CLRLDI: op->type = RZ_ANALYSIS_OP_TYPE_AND; esilprintf(op, "%s,%s,&,%s,=", ARG(1), cmask64(ARG(2), "0x3F"), ARG(0)); @@ -1651,6 +1704,7 @@ static int analyze_op(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *buf op->type = RZ_ANALYSIS_OP_TYPE_ROL; esilprintf(op, "%s,%s,<<<,%s,=", ARG(2), ARG(1), ARG(0)); break; +#endif case PPC_INS_RLDCL: case PPC_INS_RLDICL: op->type = RZ_ANALYSIS_OP_TYPE_ROL; diff --git a/librz/analysis/var.c b/librz/analysis/var.c index 07ffa326f23..943517522a6 100644 --- a/librz/analysis/var.c +++ b/librz/analysis/var.c @@ -1084,6 +1084,10 @@ static const char *get_regname(RzAnalysis *analysis, RzAnalysisValue *value) { return name; } +static inline bool is_not_read_nor_write(const RzAnalysisOpDirection direction) { + return direction != RZ_ANALYSIS_OP_DIR_READ && direction != RZ_ANALYSIS_OP_DIR_WRITE; +} + /** * Try to extract any args from a single op * @@ -1106,7 +1110,7 @@ static void extract_stack_var(RzAnalysis *analysis, RzAnalysisFunction *fcn, RzA if ((delta < 0 && *sign == '+') || (delta >= 0 && *sign == '-')) { continue; } - if (!delta && op->direction != RZ_ANALYSIS_OP_DIR_READ && op->direction != RZ_ANALYSIS_OP_DIR_WRITE) { + if (!delta && is_not_read_nor_write(op->direction)) { // avoid creating variables for just `mov rbp, rsp`, which would otherwise detect a var at rsp+0 // so for delta == 0, we only consider actual memory operations for now continue; @@ -1171,6 +1175,11 @@ static void extract_stack_var(RzAnalysis *analysis, RzAnalysisFunction *fcn, RzA if (*sign == '-') { addend = -addend; } + if (addend == 0 && is_not_read_nor_write(op->direction)) { + // avoid creating variables for just `mov rbp, rsp`, which would otherwise detect a var at rsp+0 + // so for addend == 0, we only consider actual memory operations for now + goto beach; + } } if (!op->src[0] || !op->dst) { diff --git a/librz/asm/arch/arm/arm_it.c b/librz/asm/arch/arm/arm_it.c index f764723c26f..9c326c20a1f 100644 --- a/librz/asm/arch/arm/arm_it.c +++ b/librz/asm/arch/arm/arm_it.c @@ -13,6 +13,7 @@ typedef union arm_cs_itcond_t { struct { ut32 cond; ///< arm_cc ut8 off; ///< offset of this instruction from the it, for back-referencing to the ArmCSITBlock + ut8 vpt; ///< >0 if it is a VCC condition. 0 otherwise. }; ut64 packed; ///< for putting into HtUU } ArmCSITCond; @@ -32,7 +33,8 @@ RZ_API void rz_arm_it_context_fini(RzArmITContext *ctx) { * \p insn must be ARM_INS_IT */ RZ_API void rz_arm_it_update_block(RzArmITContext *ctx, cs_insn *insn) { - rz_return_if_fail(ctx && insn && insn->id == ARM_INS_IT); + rz_return_if_fail(ctx && insn && (insn->id == ARM_INS_IT || insn->id == ARM_INS_VPT)); + bool is_vpt = insn->id == ARM_INS_VPT; bool found; ht_uu_find(ctx->ht_itblock, insn->address, &found); if (found) { @@ -49,14 +51,21 @@ RZ_API void rz_arm_it_update_block(RzArmITContext *ctx, cs_insn *insn) { cond.off = block.off[i - 1] = 2 * i; switch (insn->mnemonic[i]) { case 0x74: //'t' - cond.cond = insn->detail->arm.cc; + cond.cond = is_vpt ? insn->detail->arm.vcc : insn->detail->arm.cc; break; case 0x65: //'e' - cond.cond = (insn->detail->arm.cc % 2) ? insn->detail->arm.cc + 1 : insn->detail->arm.cc - 1; + if (is_vpt) { + cond.cond = insn->detail->arm.vcc; + } else if (insn->detail->arm.cc == ARMCC_AL) { + cond.cond = ARMCC_AL; + } else { + cond.cond = ARMCC_getOppositeCondition(insn->detail->arm.cc); + } break; default: break; } + cond.vpt = is_vpt ? 1 : 0; RZ_STATIC_ASSERT(sizeof(cond) == sizeof(cond.packed)); ht_uu_update(ctx->ht_itcond, insn->address + cond.off, cond.packed); } @@ -91,7 +100,11 @@ RZ_API bool rz_arm_it_apply_cond(RzArmITContext *ctx, cs_insn *insn) { if (!found) { return false; } - insn->detail->arm.cc = cond.cond; + if (cond.vpt) { + insn->detail->arm.vcc = cond.cond; + } else { + insn->detail->arm.cc = cond.cond; + } insn->detail->arm.update_flags = 0; // Readjust if we detected that the previous assumption of all-2-byte instructions in diff --git a/librz/asm/p/asm_arm_cs.c b/librz/asm/p/asm_arm_cs.c index de5bac5e9d1..8aa682513d4 100644 --- a/librz/asm/p/asm_arm_cs.c +++ b/librz/asm/p/asm_arm_cs.c @@ -27,10 +27,9 @@ static bool check_features(RzAsm *a, cs_insn *insn) { for (i = 0; i < insn->detail->groups_count; i++) { int id = insn->detail->groups[i]; switch (id) { - case ARM_GRP_ARM: - case ARM_GRP_THUMB: - case ARM_GRP_THUMB1ONLY: - case ARM_GRP_THUMB2: + case ARM_FEATURE_IsARM: + case ARM_FEATURE_IsThumb: + case ARM_FEATURE_IsThumb2: continue; default: if (id < 128) { @@ -48,41 +47,6 @@ static bool check_features(RzAsm *a, cs_insn *insn) { return true; } -static const char *cc_name(arm_cc cc) { - switch (cc) { - case ARM_CC_EQ: // Equal Equal - return "eq"; - case ARM_CC_NE: // Not equal Not equal, or unordered - return "ne"; - case ARM_CC_HS: // Carry set >, ==, or unordered - return "hs"; - case ARM_CC_LO: // Carry clear Less than - return "lo"; - case ARM_CC_MI: // Minus, negative Less than - return "mi"; - case ARM_CC_PL: // Plus, positive or zero >, ==, or unordered - return "pl"; - case ARM_CC_VS: // Overflow Unordered - return "vs"; - case ARM_CC_VC: // No overflow Not unordered - return "vc"; - case ARM_CC_HI: // Unsigned higher Greater than, or unordered - return "hi"; - case ARM_CC_LS: // Unsigned lower or same Less than or equal - return "ls"; - case ARM_CC_GE: // Greater than or equal Greater than or equal - return "ge"; - case ARM_CC_LT: // Less than Less than, or unordered - return "lt"; - case ARM_CC_GT: // Greater than Greater than - return "gt"; - case ARM_CC_LE: // Less than or equal <, ==, or unordered - return "le"; - default: - return ""; - } -} - static int disassemble(RzAsm *a, RzAsmOp *op, const ut8 *buf, int len) { ArmCSContext *ctx = (ArmCSContext *)a->plugin_data; @@ -128,6 +92,7 @@ static int disassemble(RzAsm *a, RzAsmOp *op, const ut8 *buf, int len) { } } cs_option(ctx->cd, CS_OPT_SYNTAX, (a->syntax == RZ_ASM_SYNTAX_REGNUM) ? CS_OPT_SYNTAX_NOREGNAME : CS_OPT_SYNTAX_DEFAULT); + cs_option(ctx->cd, CS_OPT_SYNTAX, CS_OPT_SYNTAX_CS_REG_ALIAS); cs_option(ctx->cd, CS_OPT_DETAIL, (a->features && *a->features) ? CS_OPT_ON : CS_OPT_OFF); cs_option(ctx->cd, CS_OPT_DETAIL, CS_OPT_ON); if (!buf) { @@ -154,7 +119,7 @@ static int disassemble(RzAsm *a, RzAsmOp *op, const ut8 *buf, int len) { } if (op && !op->size) { op->size = insn->size; - if (insn->id == ARM_INS_IT) { + if (insn->id == ARM_INS_IT || insn->id == ARM_INS_VPT) { rz_arm_it_update_block(&ctx->it, insn); } else { rz_arm_it_update_nonblock(&ctx->it, insn); @@ -162,7 +127,7 @@ static int disassemble(RzAsm *a, RzAsmOp *op, const ut8 *buf, int len) { if (thumb && rz_arm_it_apply_cond(&ctx->it, insn)) { char *tmpstr = rz_str_newf("%s%s", cs_insn_name(ctx->cd, insn->id), - cc_name(insn->detail->arm.cc)); + ARMCondCodeToString(insn->detail->arm.cc)); rz_str_cpy(insn->mnemonic, tmpstr); free(tmpstr); } diff --git a/librz/asm/p/asm_ppc_cs.c b/librz/asm/p/asm_ppc_cs.c index 36e4588eaee..d19ab8cb548 100644 --- a/librz/asm/p/asm_ppc_cs.c +++ b/librz/asm/p/asm_ppc_cs.c @@ -90,6 +90,10 @@ static int disassemble(RzAsm *a, RzAsmOp *op, const ut8 *buf, int len) { break; } mode |= a->big_endian ? CS_MODE_BIG_ENDIAN : CS_MODE_LITTLE_ENDIAN; + if (a->cpu && RZ_STR_EQ(a->cpu, "qpx")) { + mode |= CS_MODE_QPX; + } + if (mode != omode || a->bits != obits) { cs_close(&handle); handle = 0; @@ -125,7 +129,7 @@ RzAsmPlugin rz_asm_plugin_ppc_cs = { .license = "BSD", .author = "pancake", .arch = "ppc", - .cpus = "ppc,vle,ps", + .cpus = "ppc,vle,ps,qpx", .bits = 32 | 64, .endian = RZ_SYS_ENDIAN_LITTLE | RZ_SYS_ENDIAN_BIG, .fini = the_end, diff --git a/subprojects/capstone-next.wrap b/subprojects/capstone-next.wrap index ca2a1e47cf0..820104cdfdf 100644 --- a/subprojects/capstone-next.wrap +++ b/subprojects/capstone-next.wrap @@ -1,5 +1,5 @@ [wrap-git] url = https://github.com/capstone-engine/capstone.git -revision = 097c04d9413c59a58b00d4d1c8d5dc0ac158ffaa +revision = 1fc1011d669c893ecd7cb107d3a8e4976ff10e19 directory = capstone-next patch_directory = capstone-next diff --git a/subprojects/packagefiles/capstone-next/meson.build b/subprojects/packagefiles/capstone-next/meson.build index 647b1478dfb..93220396e68 100644 --- a/subprojects/packagefiles/capstone-next/meson.build +++ b/subprojects/packagefiles/capstone-next/meson.build @@ -6,7 +6,9 @@ cs_files = [ 'arch/AArch64/AArch64InstPrinter.c', 'arch/AArch64/AArch64Mapping.c', 'arch/AArch64/AArch64Module.c', + 'arch/ARM/ARMBaseInfo.c', 'arch/ARM/ARMDisassembler.c', + 'arch/ARM/ARMDisassemblerExtension.c', 'arch/ARM/ARMInstPrinter.c', 'arch/ARM/ARMMapping.c', 'arch/ARM/ARMModule.c', @@ -53,11 +55,12 @@ cs_files = [ 'arch/TriCore/TriCoreMapping.c', 'arch/TriCore/TriCoreModule.c', 'cs.c', + 'Mapping.c', 'MCInst.c', 'MCInstrDesc.c', + 'MCInstPrinter.c', 'MCRegisterInfo.c', 'SStream.c', - 'Mapping.c', 'utils.c', ] diff --git a/test/db/abi/platforms/reg_profile b/test/db/abi/platforms/reg_profile index 9568b3eddd0..0b8760ac785 100644 --- a/test/db/abi/platforms/reg_profile +++ b/test/db/abi/platforms/reg_profile @@ -192,6 +192,7 @@ r31 = 0x00000000 so = 0x0 ov = 0x0 ca = 0x0 +0 = 0x00000000 EOF RUN @@ -235,6 +236,7 @@ r31 = 0x00000000 so = 0x0 ov = 0x0 ca = 0x0 +0 = 0x00000000 EOF RUN diff --git a/test/db/analysis/arm b/test/db/analysis/arm index 39ab6e034ac..c1bd150ec29 100644 --- a/test/db/analysis/arm +++ b/test/db/analysis/arm @@ -912,7 +912,7 @@ pseudo: push (r3, lr) mnemonic: push mask: ffffffff prefix: 0 -id: 128 +id: 635 bytes: 08402de9 refptr: 0 size: 4 @@ -934,7 +934,7 @@ mnemonic: add description: add two values mask: ffff prefix: 0 -id: 2 +id: 31 bytes: 00af refptr: 0 size: 2 diff --git a/test/db/analysis/ppc b/test/db/analysis/ppc index d194ac92259..e47e1f16920 100644 --- a/test/db/analysis/ppc +++ b/test/db/analysis/ppc @@ -61,13 +61,6 @@ fcn.10003f90: sym.imp.unlink fcn.10003e40 -fcn.10003e40: - sym.imp.free - sym.imp.elf_getdata - sym.imp.elf_end - sym.imp.fsync - sym.imp.close - fcn.100016f0: sym.imp.memset sym.imp.gelf_fsize @@ -199,6 +192,13 @@ fcn.100030f0: fcn.10003bc0 sym.imp.elf_getdata +fcn.10003e40: + sym.imp.free + sym.imp.elf_getdata + sym.imp.elf_end + sym.imp.fsync + sym.imp.close + fcn.10003ce0: sym.imp.error @@ -287,10 +287,6 @@ fcn.1000cbf0: sym.imp.calloc sym.imp.free -fcn.1000c730: - sym.imp.fprintf - sym.imp.abort - fcn.1000cb20: fcn.1000c730 sym.imp.free @@ -301,7 +297,18 @@ fcn.1000c650: sym.imp.free fcn.10009270: + fcn.10003bc0 + sym.imp.elf_flagscn sym.imp.error + fcn.10008f70 + sym.imp.__assert_fail + +fcn.1000c490: + sym.imp.abort + +fcn.1000c730: + sym.imp.fprintf + sym.imp.abort fcn.1000ce30: sym.imp.memset @@ -336,6 +343,12 @@ fcn.100036e0: fcn.100139b0: sym.imp.qsort + sym.imp.calloc + sym.imp.memset + fcn.100139b0 + sym.imp.error + fcn.10025b30 + fcn.10003230 fcn.10003230: fcn.100030f0 @@ -357,6 +370,7 @@ fcn.10003770: fcn.100034d0: fcn.100030f0 + sym.imp.elf_flagscn fcn.10003630: fcn.100030f0 @@ -702,7 +716,7 @@ EXPECT=< 0x00000026 00bf nop | 0x00000028 0c37 adds r7, 0xc | 0x0000002a bd46 mov sp, r7 -| 0x0000002c 5df8047b ldr r7, [sp], 4 +| 0x0000002c 5df8047b pop {r7} \ 0x00000030 7047 bx lr EOF RUN diff --git a/test/db/asm/arm_16 b/test/db/asm/arm_16 index be3ff449294..87e6e008d41 100755 --- a/test/db/asm/arm_16 +++ b/test/db/asm/arm_16 @@ -21,7 +21,7 @@ a "sub ip, 0x33" acf1330c a "sub r8, 0xf9" a8f1f908 ad "adc r0, r1, 0x7b" 41f17b00 0x0 (set r0 (+ (+ (var r1) (bv 32 0x7b)) (ite (var cf) (bv 32 0x1) (bv 32 0x0)))) ad "adc r0, r1, 0xaf00af" 41f1af10 -ad "adc r0, r1, -0x47ff4800" 41f1b820 # -0xb800b800 +ad "adc r0, r1, 0xb800b800" 41f1b820 ad "adc r0, r1, 0x26262626" 41f12630 ad "adc r0, r1, 0x8f0000" 41f50f00 ad "adc r0, r1, 0x1360000" 41f19b70 @@ -87,19 +87,19 @@ ad "adr r6, 0x360" d8a6 0x0 (set r6 (bv 32 0x364)) d "adr r6, 0x360" d8a6 0x1000 (set r6 (bv 32 0x1364)) d "adr r6, 0x360" d8a6 0x1002 (set r6 (bv 32 0x1364)) d "adr r6, 0x360" d8a6 0x1004 (set r6 (bv 32 0x1368)) -d "subw r8, pc, 0xec7" aff6c768 0x1000 (set r8 (bv 32 0x13d)) +d "adr.w r8, -0xec7" aff6c768 0x1000 (set r8 (bv 32 0x13d)) a "adr r8, -0xec7" aff6c768 -d "subw r2, pc, 0x10" aff21002 0x1000 (set r2 (bv 32 0xff4)) +d "adr.w r2, -0x10" aff21002 0x1000 (set r2 (bv 32 0xff4)) a "adr.w r2, -0x10" aff21002 -d "addw r8, pc, 0xa23" 0ff62328 0x1000 (set r8 (bv 32 0x1a27)) +d "adr.w r8, 0xa23" 0ff62328 0x1000 (set r8 (bv 32 0x1a27)) a "adr r8, 0xa23" 0ff62328 -d "addw r3, pc, 0x24" 0ff22403 0x1000 (set r3 (bv 32 0x1028)) +d "adr.w r3, 0x24" 0ff22403 0x1000 (set r3 (bv 32 0x1028)) a "adr.w r3, 0x24" 0ff22403 d "adds r6, r2, 5" 561d 0x0 (seq (set a (var r2)) (set b (bv 32 0x5)) (set r6 (+ (var r2) (bv 32 0x5))) (set cf (msb (+ (cast 33 false (var a)) (cast 33 false (var b))))) (set vf (&& (! (^^ (msb (var a)) (msb (var b)))) (^^ (msb (var a)) (msb (var r6))))) (set zf (is_zero (var r6))) (set nf (msb (var r6)))) a "add r6, r2, 5" 561d d "adds r7, 0xc3" c337 a "add r7, 0xc3" c337 -d "add.w sb, ip, -0x4dff4e00" 0cf1b229 # 0xb200b200 +d "add.w sb, ip, 0xb200b200" 0cf1b229 a "add r9, r12, -0x4dff4e00" 0cf1b229 # 0xb200b200 ad "add.w r1, r3, 0x2c" 03f12c01 d "adds.w sb, r2, 0x250000" 12f51419 @@ -237,7 +237,7 @@ d "cmn.w r1, r3, asr 30" 11eba37f 0x0 (seq (set a (var r1)) (set b (>> (var r3) a "cmn r1, r3, asr 30" 11eba37f ad "cmn.w r2, r5" 12eb050f ad "cmp r3, 0x73" 732b 0x0 (seq (set a (var r3)) (set b (bv 32 0x73)) (set res (- (var a) (var b))) (set cf (ule (var b) (var a))) (set vf (&& (^^ (msb (var a)) (msb (var b))) (^^ (msb (var a)) (msb (var res))))) (set zf (is_zero (var res))) (set nf (msb (var res)))) -d "cmp.w r8, -0x54545455" b8f1ab3f 0x0 (seq (set a (var r8)) (set b (bv 32 0xabababab)) (set res (- (var a) (var b))) (set cf (ule (var b) (var a))) (set vf (&& (^^ (msb (var a)) (msb (var b))) (^^ (msb (var a)) (msb (var res))))) (set zf (is_zero (var res))) (set nf (msb (var res)))) +d "cmp.w r8, 0xabababab" b8f1ab3f 0x0 (seq (set a (var r8)) (set b (bv 32 0xabababab)) (set res (- (var a) (var b))) (set cf (ule (var b) (var a))) (set vf (&& (^^ (msb (var a)) (msb (var b))) (^^ (msb (var a)) (msb (var res))))) (set zf (is_zero (var res))) (set nf (msb (var res)))) a "cmp r8, -0x54545455" b8f1ab3f # 0xabababab ad "cmp.w r6, 0x23" b6f1230f ad "cmp r3, r4" a342 @@ -455,7 +455,7 @@ d "mls r6, sl, r2, r5" 0afb1256 a "mls r6, r10, r2, r5" 0afb1256 d "movs r6, 0x26" 2626 0x0 (seq (set r6 (bv 32 0x26)) (set zf (is_zero (var r6))) (set nf (msb (var r6)))) a "mov r6, 0x26" 2626 -d "mov.w r7, -0x4dff4e00" 4ff0b227 # 0xb200b200 +d "mov.w r7, 0xb200b200" 4ff0b227 a "mov r7, 0xb200b200" 4ff0b227 d "movs.w fp, 0x130000" 5ff4981b a "movs r11, 0x00130000" 5ff4981b @@ -510,7 +510,7 @@ a "mvn r10, r3, lsr 17" 6fea534a ad "mvn.w r1, r2" 6fea0201 ad "nop" 00bf ad "nop.w" aff30080 -d "orn r6, sl, -0x54545455" 6af0ab36 # 0xabababab +d "orn r6, sl, 0xabababab" 6af0ab36 a "orn r6, r10, 0xabababab" 6af0ab36 d "orns r2, r3, 0x12800" 73f49432 0x0 (seq (set r2 (| (var r3) (~ (bv 32 0x12800)))) (set cf false) (set zf (is_zero (var r2))) (set nf (msb (var r2)))) a "orns r2, r3, 0x00012800" 73f49432 @@ -665,7 +665,7 @@ d "rsbs r6, r6, 0" 7642 a "rsb r6, 0" 7642 d "rsb.w sb, r2, 0x16" c2f11609 a "rsb r9, r2, 0x16" c2f11609 -d "rsbs.w r7, sb, -0x54ff5500" d9f1ab27 # 0xab00ab00 +d "rsbs.w r7, sb, 0xab00ab00" d9f1ab27 a "rsbs r7, r9, 0xab00ab00" d9f1ab27 ad "rsb.w r2, r3, 0" c3f10002 ad "rsbs.w r3, r5, 0" d5f10003 @@ -691,7 +691,7 @@ d "sbc r7, r2, 0xf30000" 62f57307 a "sbc r7, r2, 0x00f30000" 62f57307 d "sbc r1, r1, 0xfb" 61f1fb01 a "sbc r1, 0xfb" 61f1fb01 -d "sbcs r2, r5, -0x54ff5500" 75f1ab22 # 0xab00ab00 +d "sbcs r2, r5, 0xab00ab00" 75f1ab22 a "sbcs r2, r5, 0xab00ab00" 75f1ab22 d "sbcs r2, r5" aa41 a "sbc r2, r5" aa41 @@ -1144,5 +1144,5 @@ ad "wfi.w" aff30380 ad "yield" 10bf ad "yield.w" aff30180 d "add r1, pc" 7944 0x3ffd70ca (set r1 (+ (var r1) (bv 32 0x3ffd70ce))) -d "subw r5, pc, 0x27" aff22705 0x1000 (set r5 (bv 32 0xfdd)) +d "adr.w r5, -0x27" aff22705 0x1000 (set r5 (bv 32 0xfdd)) d "addw ip, ip, 0x604" 0cf2046c 0x0 (set r12 (+ (var r12) (bv 32 0x604))) diff --git a/test/db/asm/arm_32 b/test/db/asm/arm_32 index 8f8e683fcfd..3aec5cc31a9 100644 --- a/test/db/asm/arm_32 +++ b/test/db/asm/arm_32 @@ -139,11 +139,11 @@ d "sbc r6, r6, 0xc" 0c60c6e2 0x0 (set r6 (- (- (var r6) (bv 32 0xc)) (ite (var c d "sbc r6, r7, r5" 0560c7e0 0x0 (set r6 (- (- (var r7) (var r5)) (ite (var cf) (bv 32 0x0) (bv 32 0x1)))) d "sbcs r6, r7, r5" 0560d7e0 0x0 (seq (set a (var r7)) (set b (var r5)) (set r6 (- (- (var r7) (var r5)) (ite (var cf) (bv 32 0x0) (bv 32 0x1)))) (set cf (msb (+ (+ (cast 33 false (var a)) (cast 33 false (~ (var b)))) (ite (var cf) (bv 33 0x1) (bv 33 0x0))))) (set vf (&& (^^ (msb (var a)) (msb (var b))) (^^ (msb (var a)) (msb (var r6))))) (set zf (is_zero (var r6))) (set nf (msb (var r6)))) d "andeq r0, r0, 1" 01000002 -d "andeq r3, r5, 0x80000000" 02310502 +d "andeq r3, r5, -0x80000000" 02310502 d "andne r3, r3, r2" 02300310 d "andne ip, ip, r7" 07c00c10 -d "asreq r0, ip, 0x1f" cc0fa001 -d "asrne r0, r4, 0x1f" c40fa011 +d "asreq r0, ip, 31" cc0fa001 +d "asrne r0, r4, 31" c40fa011 d "beq 8" 0000000a 0x0 (branch (var zf) (jmp (bv 32 0x8)) nop) d "biceq r3, r3, 7" 0730c303 d "blne 0x1900" 3E06001B @@ -182,7 +182,7 @@ d "ldrdne r2, r3, [r3, ip]" dc208311 d "ldreq r0, [fp, -0xb4]" b4001b05 d "ldrheq r0, [r3, r0]" b0009301 d "lslne r1, r1, 2" 0111a011 -d "lsreq r0, r0, 0x10" 2008a001 +d "lsreq r0, r0, 16" 2008a001 d "lsrne r0, r0, 9" a004a011 d "mlaeq r7, r5, r7, r0" 95072700 d "mlane r3, r1, r3, r2" 91232310 @@ -190,10 +190,10 @@ d "moveq r0, sl" 0a00a001 d "movne r0, sb" 0900a011 d "mulne r3, r3, r0" 93000310 d "mvneq r0, 0x15" 1500e003 -d "mvneq r0, 0x80000000" 0201e003 +d "mvneq r0, -0x80000000" 0201e003 d "orreq r5, r5, r3" 03508501 d "orreq r6, r6, r2, lsr 1" a2608601 -d "orreq r3, r3, 0x80000000" 02318303 +d "orreq r3, r3, -0x80000000" 02318303 d "orrne r0, r0, r1, lsl ip" 110c8011 d "orrne r1, r1, r3" 03108111 d "popeq {pc}" 04f09d04 @@ -235,7 +235,7 @@ d "movs r1, 0, 2" 0011b0e3 0x0 (seq (set cf_tmp false) (set r1 (bv 32 0x0)) (set d "movs r1, 1, 30" 011fb0e3 0x0 (seq (set cf_tmp false) (set r1 (bv 32 0x4)) (set cf (var cf_tmp)) (set zf (is_zero (var r1))) (set nf (msb (var r1)))) d "movs r1, 4" 0410b0e3 0x0 (seq (set r1 (bv 32 0x4)) (set zf (is_zero (var r1))) (set nf (msb (var r1)))) d "movs r1, 0x40000000" 0111b0e3 0x0 (seq (set cf_tmp false) (set r1 (bv 32 0x40000000)) (set cf (var cf_tmp)) (set zf (is_zero (var r1))) (set nf (msb (var r1)))) -d "movs r1, 0x80000000" 0211b0e3 0x0 (seq (set cf_tmp true) (set r1 (bv 32 0x80000000)) (set cf (var cf_tmp)) (set zf (is_zero (var r1))) (set nf (msb (var r1)))) +d "movs r1, -0x80000000" 0211b0e3 0x0 (seq (set cf_tmp true) (set r1 (bv 32 0x80000000)) (set cf (var cf_tmp)) (set zf (is_zero (var r1))) (set nf (msb (var r1)))) ad "movs r0, 0x2a" 2a00b0e3 0x0 (seq (set r0 (bv 32 0x2a)) (set zf (is_zero (var r0))) (set nf (msb (var r0)))) ad "mov pc, 0x2a" 2af0a0e3 0x0 (jmp (bv 32 0x2a)) ad "movs pc, 0x2a" 2af0b0e3 @@ -338,16 +338,16 @@ d "ldr r0, [r1, r4, ror 5]" e40291e7 0x0 (set r0 (loadw 0 32 (+ (var r1) (| (>> d "ldr r0, [r1, r4, rrx]" 640091e7 0x0 (set r0 (loadw 0 32 (+ (var r1) (>> (var r4) (bv 5 0x1) (var cf))))) d "ldrb r2, [r3]" 0020d3e5 0x0 (set r2 (cast 32 false (load 0 (var r3)))) d "ldrsb r2, [r3]" d020d3e1 0x0 (set r2 (cast 32 (msb (load 0 (var r3))) (load 0 (var r3)))) -d "ldrsbt r2, [r3], 0" d020f3e0 0x0 (seq (set r2 (cast 32 (msb (load 0 (var r3))) (load 0 (var r3)))) (set r3 (+ (var r3) (bv 32 0x0)))) +d "ldrsbt r2, [r3], 0" d020f3e0 0x0 (seq (set r2 (cast 32 (msb (load 0 (var r3))) (load 0 (var r3)))) (set r3 (var r3))) d "ldrh r0, [r1]" b000d1e1 0x0 (set r0 (cast 32 false (loadw 0 16 (var r1)))) d "ldrsh r4, [r2]" f040d2e1 0x0 (set r4 (cast 32 (msb (loadw 0 16 (var r2))) (loadw 0 16 (var r2)))) -d "ldrsht r4, [r2], 0" f040f2e0 0x0 (seq (set r4 (cast 32 (msb (loadw 0 16 (var r2))) (loadw 0 16 (var r2)))) (set r2 (+ (var r2) (bv 32 0x0)))) +d "ldrsht r4, [r2], 0" f040f2e0 0x0 (seq (set r4 (cast 32 (msb (loadw 0 16 (var r2))) (loadw 0 16 (var r2)))) (set r2 (var r2))) d "ldr r6, [pc, 0x48]" 48609fe5 0x10660 (set r6 (loadw 0 32 (bv 32 0x106b0))) d "ldr r2, [pc, -0x10]" 10201fe5 0x1000 (set r2 (loadw 0 32 (bv 32 0xff8))) d "ldr sb, [pc, r3]" 03909fe7 0x1000 (set r9 (loadw 0 32 (+ (bv 32 0x1008) (var r3)))) d "ldr r2, [fp, -0x10]!" 10203be5 0x0 (seq (set r11 (- (var r11) (bv 32 0x10))) (set r2 (loadw 0 32 (var r11)))) d "ldr r0, [r1], 4" 040091e4 0x0 (seq (set r0 (loadw 0 32 (var r1))) (set r1 (+ (var r1) (bv 32 0x4)))) -d "ldrt r0, [r1], 0" 0000b1e4 0x0 (seq (set r0 (loadw 0 32 (var r1))) (set r1 (+ (var r1) (bv 32 0x0)))) +d "ldrt r0, [r1], 0" 0000b1e4 0x0 (seq (set r0 (loadw 0 32 (var r1))) (set r1 (var r1))) d "ldrt r0, [r1], 4" 0400b1e4 0x0 (seq (set r0 (loadw 0 32 (var r1))) (set r1 (+ (var r1) (bv 32 0x4)))) d "ldrbt r0, [r1], 4" 0400f1e4 0x0 (seq (set r0 (cast 32 false (load 0 (var r1)))) (set r1 (+ (var r1) (bv 32 0x4)))) d "ldrht r0, [r1], 4" b400f1e0 0x0 (seq (set r0 (cast 32 false (loadw 0 16 (var r1)))) (set r1 (+ (var r1) (bv 32 0x4)))) @@ -392,10 +392,10 @@ d "eor r4, r3, 3" 034023e2 0x0 (set r4 (^ (var r3) (bv 32 0x3))) d "eors r4, r3, 3" 034033e2 0x0 (seq (set r4 (^ (var r3) (bv 32 0x3))) (set zf (is_zero (var r4))) (set nf (msb (var r4)))) d "eors r4, r3, 0x30000" 034833e2 0x0 (seq (set r4 (^ (var r3) (bv 32 0x30000))) (set cf false) (set zf (is_zero (var r4))) (set nf (msb (var r4)))) d "eors r3, r3, 0x30000" 033833e2 0x0 (seq (set r3 (^ (var r3) (bv 32 0x30000))) (set cf false) (set zf (is_zero (var r3))) (set nf (msb (var r3)))) -d "eors r3, r3, 0x80000000" 023133e2 0x0 (seq (set r3 (^ (var r3) (bv 32 0x80000000))) (set cf true) (set zf (is_zero (var r3))) (set nf (msb (var r3)))) +d "eors r3, r3, -0x80000000" 023133e2 0x0 (seq (set r3 (^ (var r3) (bv 32 0x80000000))) (set cf true) (set zf (is_zero (var r3))) (set nf (msb (var r3)))) d "and r0, r1, r2" 020001e0 0x0 (set r0 (& (var r1) (var r2))) -d "ands r0, r1, 0x80000000" 020111e2 0x0 (seq (set r0 (& (var r1) (bv 32 0x80000000))) (set cf true) (set zf (is_zero (var r0))) (set nf (msb (var r0)))) -d "ands r0, r0, 0x80000000" 020110e2 0x0 (seq (set r0 (& (var r0) (bv 32 0x80000000))) (set cf true) (set zf (is_zero (var r0))) (set nf (msb (var r0)))) +d "ands r0, r1, -0x80000000" 020111e2 0x0 (seq (set r0 (& (var r1) (bv 32 0x80000000))) (set cf true) (set zf (is_zero (var r0))) (set nf (msb (var r0)))) +d "ands r0, r0, -0x80000000" 020110e2 0x0 (seq (set r0 (& (var r0) (bv 32 0x80000000))) (set cf true) (set zf (is_zero (var r0))) (set nf (msb (var r0)))) d "ands r0, r1, 0x42" 420011e2 0x0 (seq (set r0 (& (var r1) (bv 32 0x42))) (set zf (is_zero (var r0))) (set nf (msb (var r0)))) d "orr r0, r1, 0x42" 420081e3 0x0 (set r0 (| (var r1) (bv 32 0x42))) d "orrs r0, r1, 0x42" 420091e3 0x0 (seq (set r0 (| (var r1) (bv 32 0x42))) (set zf (is_zero (var r0))) (set nf (msb (var r0)))) @@ -464,14 +464,14 @@ d "ror r2, r7, r3" 7723a0e1 0x0 (set r2 (| (>> (var r7) (cast 5 false (var r3)) d "rors r2, r7, r3" 7723b0e1 0x0 (seq (set cf_tmp (ite (is_zero (cast 5 false (var r3))) (var cf) (msb (<< (var r7) (~- (cast 5 false (var r3))) false)))) (set r2 (| (>> (var r7) (cast 5 false (var r3)) false) (<< (var r7) (~- (cast 5 false (var r3))) false))) (set cf (var cf_tmp)) (set zf (is_zero (var r2))) (set nf (msb (var r2)))) d "rrx r2, r3" 6320a0e1 0x0 (set r2 (>> (var r3) (bv 5 0x1) (var cf))) d "rrxs r2, r3" 6320b0e1 0x0 (seq (set cf_tmp (lsb (var r3))) (set r2 (>> (var r3) (bv 5 0x1) (var cf))) (set cf (var cf_tmp)) (set zf (is_zero (var r2))) (set nf (msb (var r2)))) -d "lsr r1, r3, 0x1f" a31fa0e1 0x0 (set r1 (>> (var r3) (bv 5 0x1f) false)) -d "mvn r1, 0x90000000" 0912e0e3 0x0 (set r1 (~ (bv 32 0x90000000))) -d "mvns r1, 0x90000000" 0912f0e3 0x0 (seq (set cf_tmp true) (set r1 (~ (bv 32 0x90000000))) (set cf (var cf_tmp)) (set zf (is_zero (var r1))) (set nf (msb (var r1)))) +d "lsr r1, r3, 31" a31fa0e1 0x0 (set r1 (>> (var r3) (bv 5 0x1f) false)) +d "mvn r1, -0x70000000" 0912e0e3 0x0 (set r1 (~ (bv 32 0x90000000))) +d "mvns r1, -0x70000000" 0912f0e3 0x0 (seq (set cf_tmp true) (set r1 (~ (bv 32 0x90000000))) (set cf (var cf_tmp)) (set zf (is_zero (var r1))) (set nf (msb (var r1)))) ad "tst r1, r2" 020011e1 0x0 (seq (set zf (is_zero (& (var r1) (var r2)))) (set nf (msb (& (var r1) (var r2))))) ad "tst ip, r3" 03001ce1 0x0 (seq (set zf (is_zero (& (var r12) (var r3)))) (set nf (msb (& (var r12) (var r3))))) d "tst r0, r1, ror 16" 610810e1 0x0 (seq (set cf (ite (is_zero (bv 5 0x10)) (var cf) (msb (<< (var r1) (~- (bv 5 0x10)) false)))) (set zf (is_zero (& (var r0) (| (>> (var r1) (bv 5 0x10) false) (<< (var r1) (~- (bv 5 0x10)) false))))) (set nf (msb (& (var r0) (| (>> (var r1) (bv 5 0x10) false) (<< (var r1) (~- (bv 5 0x10)) false)))))) d "teq r1, r2" 020031e1 0x0 (seq (set zf (is_zero (| (var r1) (var r2)))) (set nf (msb (| (var r1) (var r2))))) -d "teq r1, 0x80000000" 020131e3 0x0 (seq (set cf true) (set zf (is_zero (| (var r1) (bv 32 0x80000000)))) (set nf (msb (| (var r1) (bv 32 0x80000000))))) +d "teq r1, -0x80000000" 020131e3 0x0 (seq (set cf true) (set zf (is_zero (| (var r1) (bv 32 0x80000000)))) (set nf (msb (| (var r1) (bv 32 0x80000000))))) ad "clz r3, r2" 123f6fe1 0x0 (seq (set v (var r2)) (set i (bv 32 0x20)) (repeat (! (is_zero (var v))) (seq (set v (>> (var v) (bv 5 0x1) false)) (set i (- (var i) (bv 32 0x1))))) (set r3 (var i))) ad "svc 0" 000000ef 0x0 (goto svc) ad "bfc r3, 3, 5" 9f31c7e7 0x0 (set r3 (& (var r3) (bv 32 0xffffff07))) @@ -769,7 +769,7 @@ d "vzip.16 d2, d3" 8321b6f3 0x0 (seq (set d2 (cast 64 false (| (| (| (| (bv 128 d "vuzp.8 d0, d1" 0101b2f3 0x0 (seq (set d0 (| (| (| (| (bv 64 0x0) (| (<< (cast 64 false (cast 8 false (>> (var d0) (bv 8 0x0) false))) (bv 8 0x0) false) (<< (<< (cast 64 false (cast 8 false (>> (var d1) (bv 8 0x0) false))) (bv 8 0x0) false) (bv 8 0x20) false))) (| (<< (cast 64 false (cast 8 false (>> (var d0) (bv 8 0x10) false))) (bv 8 0x8) false) (<< (<< (cast 64 false (cast 8 false (>> (var d1) (bv 8 0x10) false))) (bv 8 0x8) false) (bv 8 0x20) false))) (| (<< (cast 64 false (cast 8 false (>> (var d0) (bv 8 0x20) false))) (bv 8 0x10) false) (<< (<< (cast 64 false (cast 8 false (>> (var d1) (bv 8 0x20) false))) (bv 8 0x10) false) (bv 8 0x20) false))) (| (<< (cast 64 false (cast 8 false (>> (var d0) (bv 8 0x30) false))) (bv 8 0x18) false) (<< (<< (cast 64 false (cast 8 false (>> (var d1) (bv 8 0x30) false))) (bv 8 0x18) false) (bv 8 0x20) false)))) (set d1 (| (| (| (| (bv 64 0x0) (| (<< (cast 64 false (cast 8 false (>> (var d0) (bv 8 0x8) false))) (bv 8 0x0) false) (<< (<< (cast 64 false (cast 8 false (>> (var d1) (bv 8 0x8) false))) (bv 8 0x0) false) (bv 8 0x20) false))) (| (<< (cast 64 false (cast 8 false (>> (var d0) (bv 8 0x18) false))) (bv 8 0x8) false) (<< (<< (cast 64 false (cast 8 false (>> (var d1) (bv 8 0x18) false))) (bv 8 0x8) false) (bv 8 0x20) false))) (| (<< (cast 64 false (cast 8 false (>> (var d0) (bv 8 0x28) false))) (bv 8 0x10) false) (<< (<< (cast 64 false (cast 8 false (>> (var d1) (bv 8 0x28) false))) (bv 8 0x10) false) (bv 8 0x20) false))) (| (<< (cast 64 false (cast 8 false (>> (var d0) (bv 8 0x38) false))) (bv 8 0x18) false) (<< (<< (cast 64 false (cast 8 false (>> (var d1) (bv 8 0x38) false))) (bv 8 0x18) false) (bv 8 0x20) false))))) d "vuzp.8 q0, q1" 4201b2f3 0x0 (seq (set d0 (cast 64 false (| (| (| (| (| (| (| (| (bv 128 0x0) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x0) false))) (bv 8 0x0) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x0) false))) (bv 8 0x0) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x10) false))) (bv 8 0x8) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x10) false))) (bv 8 0x8) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x20) false))) (bv 8 0x10) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x20) false))) (bv 8 0x10) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x30) false))) (bv 8 0x18) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x30) false))) (bv 8 0x18) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x40) false))) (bv 8 0x20) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x40) false))) (bv 8 0x20) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x50) false))) (bv 8 0x28) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x50) false))) (bv 8 0x28) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x60) false))) (bv 8 0x30) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x60) false))) (bv 8 0x30) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x70) false))) (bv 8 0x38) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x70) false))) (bv 8 0x38) false) (bv 8 0x40) false))))) (set d1 (cast 64 false (>> (| (| (| (| (| (| (| (| (bv 128 0x0) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x0) false))) (bv 8 0x0) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x0) false))) (bv 8 0x0) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x10) false))) (bv 8 0x8) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x10) false))) (bv 8 0x8) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x20) false))) (bv 8 0x10) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x20) false))) (bv 8 0x10) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x30) false))) (bv 8 0x18) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x30) false))) (bv 8 0x18) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x40) false))) (bv 8 0x20) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x40) false))) (bv 8 0x20) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x50) false))) (bv 8 0x28) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x50) false))) (bv 8 0x28) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x60) false))) (bv 8 0x30) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x60) false))) (bv 8 0x30) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x70) false))) (bv 8 0x38) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x70) false))) (bv 8 0x38) false) (bv 8 0x40) false))) (bv 8 0x40) false))) (set d2 (cast 64 false (| (| (| (| (| (| (| (| (bv 128 0x0) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x8) false))) (bv 8 0x0) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x8) false))) (bv 8 0x0) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x18) false))) (bv 8 0x8) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x18) false))) (bv 8 0x8) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x28) false))) (bv 8 0x10) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x28) false))) (bv 8 0x10) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x38) false))) (bv 8 0x18) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x38) false))) (bv 8 0x18) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x48) false))) (bv 8 0x20) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x48) false))) (bv 8 0x20) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x58) false))) (bv 8 0x28) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x58) false))) (bv 8 0x28) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x68) false))) (bv 8 0x30) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x68) false))) (bv 8 0x30) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x78) false))) (bv 8 0x38) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x78) false))) (bv 8 0x38) false) (bv 8 0x40) false))))) (set d3 (cast 64 false (>> (| (| (| (| (| (| (| (| (bv 128 0x0) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x8) false))) (bv 8 0x0) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x8) false))) (bv 8 0x0) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x18) false))) (bv 8 0x8) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x18) false))) (bv 8 0x8) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x28) false))) (bv 8 0x10) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x28) false))) (bv 8 0x10) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x38) false))) (bv 8 0x18) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x38) false))) (bv 8 0x18) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x48) false))) (bv 8 0x20) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x48) false))) (bv 8 0x20) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x58) false))) (bv 8 0x28) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x58) false))) (bv 8 0x28) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x68) false))) (bv 8 0x30) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x68) false))) (bv 8 0x30) false) (bv 8 0x40) false))) (| (<< (cast 128 false (cast 8 false (>> (append (var d1) (var d0)) (bv 8 0x78) false))) (bv 8 0x38) false) (<< (<< (cast 128 false (cast 8 false (>> (append (var d3) (var d2)) (bv 8 0x78) false))) (bv 8 0x38) false) (bv 8 0x40) false))) (bv 8 0x40) false)))) d "vuzp.16 d2, d4" 0421b6f3 0x0 (seq (set d2 (| (| (bv 64 0x0) (| (<< (cast 64 false (cast 16 false (>> (var d2) (bv 8 0x0) false))) (bv 8 0x0) false) (<< (<< (cast 64 false (cast 16 false (>> (var d4) (bv 8 0x0) false))) (bv 8 0x0) false) (bv 8 0x20) false))) (| (<< (cast 64 false (cast 16 false (>> (var d2) (bv 8 0x20) false))) (bv 8 0x10) false) (<< (<< (cast 64 false (cast 16 false (>> (var d4) (bv 8 0x20) false))) (bv 8 0x10) false) (bv 8 0x20) false)))) (set d4 (| (| (bv 64 0x0) (| (<< (cast 64 false (cast 16 false (>> (var d2) (bv 8 0x10) false))) (bv 8 0x0) false) (<< (<< (cast 64 false (cast 16 false (>> (var d4) (bv 8 0x10) false))) (bv 8 0x0) false) (bv 8 0x20) false))) (| (<< (cast 64 false (cast 16 false (>> (var d2) (bv 8 0x30) false))) (bv 8 0x10) false) (<< (<< (cast 64 false (cast 16 false (>> (var d4) (bv 8 0x30) false))) (bv 8 0x10) false) (bv 8 0x20) false))))) -d "vld1.8 {d0}, [r1], r0" 000721f4 0x0 (seq empty (set d0 (<< (cast 64 false (loadw 0 8 (var r1))) (bv 8 0x0) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (var r1) (bv 32 0x1)))) (bv 8 0x8) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (var r1) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x10) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (var r1) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x18) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (var r1) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x20) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (var r1) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x28) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (var r1) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x30) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (var r1) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x38) false)) empty) +d "vld1.8 {d0}, [r1], r0" 000721f4 0x0 (seq empty (set d0 (<< (cast 64 false (loadw 0 8 (var r1))) (bv 8 0x0) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (var r1) (bv 32 0x1)))) (bv 8 0x8) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (var r1) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x10) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (var r1) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x18) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (var r1) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x20) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (var r1) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x28) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (var r1) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x30) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (var r1) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x38) false)) (set r1 (+ (var r1) (var r0)))) d "vld1.16 {d1}, [r7]!" 4d1727f4 0x0 (seq empty (set d1 (<< (cast 64 false (loadw 0 16 (var r7))) (bv 8 0x0) false)) (set d1 (<< (cast 64 false (loadw 0 16 (+ (var r7) (bv 32 0x2)))) (bv 8 0x10) false)) (set d1 (<< (cast 64 false (loadw 0 16 (+ (+ (var r7) (bv 32 0x2)) (bv 32 0x2)))) (bv 8 0x20) false)) (set d1 (<< (cast 64 false (loadw 0 16 (+ (+ (+ (var r7) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)))) (bv 8 0x30) false)) (set r7 (+ (var r7) (bv 32 0x8)))) d "vld1.16 {d1}, [r7]" 4f1727f4 0x0 (seq empty (set d1 (<< (cast 64 false (loadw 0 16 (var r7))) (bv 8 0x0) false)) (set d1 (<< (cast 64 false (loadw 0 16 (+ (var r7) (bv 32 0x2)))) (bv 8 0x10) false)) (set d1 (<< (cast 64 false (loadw 0 16 (+ (+ (var r7) (bv 32 0x2)) (bv 32 0x2)))) (bv 8 0x20) false)) (set d1 (<< (cast 64 false (loadw 0 16 (+ (+ (+ (var r7) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)))) (bv 8 0x30) false)) empty) d "vld1.32 {d1}, [r7]" 8f1727f4 0x0 (seq empty (set d1 (<< (cast 64 false (loadw 0 32 (var r7))) (bv 8 0x0) false)) (set d1 (<< (cast 64 false (loadw 0 32 (+ (var r7) (bv 32 0x4)))) (bv 8 0x20) false)) empty) @@ -786,7 +786,7 @@ d "vld1.8 {d0, d1, d2}, [r0]" 0f0620f4 0x0 (seq empty (set d0 (<< (cast 64 false d "vld2.8 {d0, d2}, [r0]" 0f0920f4 0x0 (seq empty (set d0 (<< (cast 64 false (loadw 0 8 (var r0))) (bv 8 0x0) false)) (set d2 (<< (cast 64 false (loadw 0 8 (+ (var r0) (bv 32 0x1)))) (bv 8 0x0) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x8) false)) (set d2 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x8) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x10) false)) (set d2 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x10) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x18) false)) (set d2 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x18) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x20) false)) (set d2 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x20) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x28) false)) (set d2 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x28) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x30) false)) (set d2 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x30) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x38) false)) (set d2 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x38) false)) empty) d "vld3.8 {d0, d1, d2}, [r0]" 0f0420f4 0x0 (seq empty (set d0 (<< (cast 64 false (loadw 0 8 (var r0))) (bv 8 0x0) false)) (set d1 (<< (cast 64 false (loadw 0 8 (+ (var r0) (bv 32 0x1)))) (bv 8 0x0) false)) (set d2 (<< (cast 64 false (loadw 0 8 (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x0) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x8) false)) (set d1 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x8) false)) (set d2 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x8) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x10) false)) (set d1 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x10) false)) (set d2 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x10) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x18) false)) (set d1 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x18) false)) (set d2 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x18) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x20) false)) (set d1 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x20) false)) (set d2 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x20) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x28) false)) (set d1 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x28) false)) (set d2 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x28) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x30) false)) (set d1 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x30) false)) (set d2 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x30) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x38) false)) (set d1 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x38) false)) (set d2 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x38) false)) empty) d "vld4.8 {d0, d1, d2, d3}, [r0]" 0f0020f4 0x0 (seq empty (set d0 (<< (cast 64 false (loadw 0 8 (var r0))) (bv 8 0x0) false)) (set d1 (<< (cast 64 false (loadw 0 8 (+ (var r0) (bv 32 0x1)))) (bv 8 0x0) false)) (set d2 (<< (cast 64 false (loadw 0 8 (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x0) false)) (set d3 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x0) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x8) false)) (set d1 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x8) false)) (set d2 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x8) false)) (set d3 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x8) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x10) false)) (set d1 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x10) false)) (set d2 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x10) false)) (set d3 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x10) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x18) false)) (set d1 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x18) false)) (set d2 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x18) false)) (set d3 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x18) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x20) false)) (set d1 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x20) false)) (set d2 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x20) false)) (set d3 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x20) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x28) false)) (set d1 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x28) false)) (set d2 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x28) false)) (set d3 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x28) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x30) false)) (set d1 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x30) false)) (set d2 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x30) false)) (set d3 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x30) false)) (set d0 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x38) false)) (set d1 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x38) false)) (set d2 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x38) false)) (set d3 (<< (cast 64 false (loadw 0 8 (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (+ (var r0) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)))) (bv 8 0x38) false)) empty) -d "vst1.8 {d0}, [r1], r0" 000701f4 0x0 (seq empty (storew 0 (var r1) (cast 8 false (>> (var d0) (bv 8 0x0) false))) (storew 0 (+ (var r1) (bv 32 0x1)) (cast 8 false (>> (var d0) (bv 8 0x8) false))) (storew 0 (+ (+ (var r1) (bv 32 0x1)) (bv 32 0x1)) (cast 8 false (>> (var d0) (bv 8 0x10) false))) (storew 0 (+ (+ (+ (var r1) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (cast 8 false (>> (var d0) (bv 8 0x18) false))) (storew 0 (+ (+ (+ (+ (var r1) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (cast 8 false (>> (var d0) (bv 8 0x20) false))) (storew 0 (+ (+ (+ (+ (+ (var r1) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (cast 8 false (>> (var d0) (bv 8 0x28) false))) (storew 0 (+ (+ (+ (+ (+ (+ (var r1) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (cast 8 false (>> (var d0) (bv 8 0x30) false))) (storew 0 (+ (+ (+ (+ (+ (+ (+ (var r1) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (cast 8 false (>> (var d0) (bv 8 0x38) false))) empty) +d "vst1.8 {d0}, [r1], r0" 000701f4 0x0 (seq empty (storew 0 (var r1) (cast 8 false (>> (var d0) (bv 8 0x0) false))) (storew 0 (+ (var r1) (bv 32 0x1)) (cast 8 false (>> (var d0) (bv 8 0x8) false))) (storew 0 (+ (+ (var r1) (bv 32 0x1)) (bv 32 0x1)) (cast 8 false (>> (var d0) (bv 8 0x10) false))) (storew 0 (+ (+ (+ (var r1) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (cast 8 false (>> (var d0) (bv 8 0x18) false))) (storew 0 (+ (+ (+ (+ (var r1) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (cast 8 false (>> (var d0) (bv 8 0x20) false))) (storew 0 (+ (+ (+ (+ (+ (var r1) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (cast 8 false (>> (var d0) (bv 8 0x28) false))) (storew 0 (+ (+ (+ (+ (+ (+ (var r1) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (cast 8 false (>> (var d0) (bv 8 0x30) false))) (storew 0 (+ (+ (+ (+ (+ (+ (+ (var r1) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (bv 32 0x1)) (cast 8 false (>> (var d0) (bv 8 0x38) false))) (set r1 (+ (var r1) (var r0)))) d "vst1.16 {d1}, [r7]!" 4d1707f4 0x0 (seq empty (storew 0 (var r7) (cast 16 false (>> (var d1) (bv 8 0x0) false))) (storew 0 (+ (var r7) (bv 32 0x2)) (cast 16 false (>> (var d1) (bv 8 0x10) false))) (storew 0 (+ (+ (var r7) (bv 32 0x2)) (bv 32 0x2)) (cast 16 false (>> (var d1) (bv 8 0x20) false))) (storew 0 (+ (+ (+ (var r7) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (cast 16 false (>> (var d1) (bv 8 0x30) false))) (set r7 (+ (var r7) (bv 32 0x8)))) d "vst1.16 {d1}, [r7]" 4f1707f4 0x0 (seq empty (storew 0 (var r7) (cast 16 false (>> (var d1) (bv 8 0x0) false))) (storew 0 (+ (var r7) (bv 32 0x2)) (cast 16 false (>> (var d1) (bv 8 0x10) false))) (storew 0 (+ (+ (var r7) (bv 32 0x2)) (bv 32 0x2)) (cast 16 false (>> (var d1) (bv 8 0x20) false))) (storew 0 (+ (+ (+ (var r7) (bv 32 0x2)) (bv 32 0x2)) (bv 32 0x2)) (cast 16 false (>> (var d1) (bv 8 0x30) false))) empty) d "vst1.32 {d1}, [r7]" 8f1707f4 0x0 (seq empty (storew 0 (var r7) (cast 32 false (>> (var d1) (bv 8 0x0) false))) (storew 0 (+ (var r7) (bv 32 0x4)) (cast 32 false (>> (var d1) (bv 8 0x20) false))) empty) diff --git a/test/db/asm/ppc_64 b/test/db/asm/ppc_64 index 6e5858d8b19..b708c384ed2 100644 --- a/test/db/asm/ppc_64 +++ b/test/db/asm/ppc_64 @@ -6,8 +6,8 @@ dE "addme r0, r2" 7c0201d4 0x10 (seq (set a (var r2)) (set b (ite (var ca) (bv 6 dE "addze r0, r2" 7c020194 0x14 (seq (set a (var r2)) (set b (ite (var ca) (bv 64 0x1) (bv 64 0x0))) empty (set r0 (+ (var a) (var b))) (set ca (msb (+ (cast 65 false (var a)) (cast 65 false (var b))))) empty empty) dE "adde r0, r2, r1" 7c020914 0x18 (seq (set a (var r2)) (set b (var r1)) (set c (ite (var ca) (bv 64 0x1) (bv 64 0x0))) (set r0 (+ (var a) (+ (var b) (var c)))) (set ca (let r1 (+ (cast 65 false (var b)) (cast 65 false (var c))) (|| (msb (var r1)) (msb (+ (cast 65 false (var a)) (var r1)))))) empty empty) dE "addc r0, r2, r1" 7c020814 0x1c (seq (set a (var r2)) (set b (var r1)) empty (set r0 (+ (var a) (var b))) (set ca (msb (+ (cast 65 false (var a)) (cast 65 false (var b))))) empty empty) -dE "subf r0, r1, r2" 7c011050 0x20 (seq (set a (+ (~ (var r1)) (bv 64 0x1))) (set b (var r2)) empty (set r0 (+ (var a) (var b))) empty empty empty) -dE "subfc r0, r1, r2" 7c011010 0x24 (seq (set a (+ (~ (var r1)) (bv 64 0x1))) (set b (var r2)) empty (set r0 (+ (var a) (var b))) (set ca (msb (+ (cast 65 false (var a)) (cast 65 false (var b))))) empty empty) +dE "sub r0, r2, r1" 7c011050 0x20 (seq (set a (+ (~ (var r1)) (bv 64 0x1))) (set b (var r2)) empty (set r0 (+ (var a) (var b))) empty empty empty) +dE "subc r0, r2, r1" 7c011010 0x24 (seq (set a (+ (~ (var r1)) (bv 64 0x1))) (set b (var r2)) empty (set r0 (+ (var a) (var b))) (set ca (msb (+ (cast 65 false (var a)) (cast 65 false (var b))))) empty empty) dE "subfic r0, r2, 1" 20020001 0x28 (seq (set a (~ (var r2))) (set b (let v (bv 16 0x1) (ite (msb (var v)) (cast 64 (msb (var v)) (var v)) (cast 64 false (var v))))) (set c (bv 64 0x1)) (set r0 (+ (var a) (+ (var b) (var c)))) (set ca (let r1 (+ (cast 65 false (var b)) (cast 65 false (var c))) (|| (msb (var r1)) (msb (+ (cast 65 false (var a)) (var r1)))))) empty empty) dE "subfe r0, r1, r2" 7c011110 0x2c (seq (set a (~ (var r1))) (set b (var r2)) (set c (ite (var ca) (bv 64 0x1) (bv 64 0x0))) (set r0 (+ (var a) (+ (var b) (var c)))) (set ca (let r1 (+ (cast 65 false (var b)) (cast 65 false (var c))) (|| (msb (var r1)) (msb (+ (cast 65 false (var a)) (var r1)))))) empty empty) dE "subfme r0, r2" 7c0201d0 0x30 (seq (set a (~ (var r2))) (set b (ite (var ca) (bv 64 0x1) (bv 64 0x0))) (set c (bv 64 0xffffffffffffffff)) (set r0 (+ (var a) (+ (var b) (var c)))) (set ca (let r1 (+ (cast 65 false (var b)) (cast 65 false (var c))) (|| (msb (var r1)) (msb (+ (cast 65 false (var a)) (var r1)))))) empty empty) @@ -34,8 +34,8 @@ dE "stbcix r0, r26, r1" 7c1a0faa 0x80 (seq (storew 0 (+ (var r26) (var r1)) (cas dE "sthcix r0, r26, r1" 7c1a0f6a 0x84 (seq (storew 0 (+ (var r26) (var r1)) (cast 16 false (var r0))) empty) dE "stwcix r0, r26, r1" 7c1a0f2a 0x88 (seq (storew 0 (+ (var r26) (var r1)) (cast 32 false (var r0))) empty) dE "stdcix r0, r26, r1" 7c1a0fea 0x8c (seq (storew 0 (+ (var r26) (var r1)) (cast 64 false (var r0))) empty) -dE "li r0, 1" 38000001 0x90 (seq (set r0 (let v (bv 16 0x1) (ite (msb (var v)) (cast 64 (msb (var v)) (var v)) (cast 64 false (var v))))) empty) -dE "lis r0, 1" 3c000001 0x94 (seq (set r0 (let v (append (bv 16 0x1) (bv 16 0x0)) (ite (msb (var v)) (cast 64 (msb (var v)) (var v)) (cast 64 false (var v))))) empty) +dE "li r0, 1" 38000001 0x90 (set r0 (let v (bv 16 0x1) (ite (msb (var v)) (cast 64 (msb (var v)) (var v)) (cast 64 false (var v))))) +dE "lis r0, 1" 3c000001 0x94 (set r0 (let v (append (bv 16 0x1) (bv 16 0x0)) (ite (msb (var v)) (cast 64 (msb (var v)) (var v)) (cast 64 false (var v))))) dE "addi r0, r26, 8" 381a0008 0x98 (seq (set a (var r26)) (set b (let v (bv 16 0x8) (ite (msb (var v)) (cast 64 (msb (var v)) (var v)) (cast 64 false (var v))))) empty (set r0 (+ (var a) (var b))) empty empty empty) dE "lbz r0, 4(r26)" 881a0004 0x9c (seq (set r0 (let ea (+ (var r26) (let v (bv 16 0x4) (ite (msb (var v)) (cast 64 (msb (var v)) (var v)) (cast 64 false (var v))))) (let loadw (loadw 0 8 (var ea)) (cast 64 false (var loadw))))) empty) dE "lbzx r0, r26, r1" 7c1a08ae 0xa0 (seq (set r0 (let ea (+ (var r26) (var r1)) (let loadw (loadw 0 8 (var ea)) (cast 64 false (var loadw))))) empty) @@ -51,7 +51,7 @@ dE "lhax r0, r26, r1" 7c1a0aae 0xc4 (seq (set r0 (let ea (+ (var r26) (var r1)) dE "lhaux r0, r26, r1" 7c1a0aee 0xc8 (seq (set r0 (let ea (+ (var r26) (var r1)) (let loadw (loadw 0 16 (var ea)) (let v (var loadw) (ite (msb (var v)) (cast 64 (msb (var v)) (var v)) (cast 64 false (var v))))))) (set r26 (+ (var r26) (var r1)))) dE "lhzcix r0, r26, r1" 7c1a0e6a 0xcc (seq (set r0 (let ea (+ (var r26) (var r1)) (let loadw (loadw 0 16 (var ea)) (cast 64 false (var loadw))))) empty) dE "lwa r0, 4(r26)" e81a0006 0xd0 (seq (set r0 (let ea (+ (var r26) (let v (bv 16 0x4) (ite (msb (var v)) (cast 64 (msb (var v)) (var v)) (cast 64 false (var v))))) (let loadw (loadw 0 32 (var ea)) (let v (var loadw) (ite (msb (var v)) (cast 64 (msb (var v)) (var v)) (cast 64 false (var v))))))) empty) -dE "lwa r0, 0(0)" e8000002 0xd0 (seq (set r0 (let ea (let v (bv 16 0x0) (ite (msb (var v)) (cast 64 (msb (var v)) (var v)) (cast 64 false (var v)))) (let loadw (loadw 0 32 (var ea)) (let v (var loadw) (ite (msb (var v)) (cast 64 (msb (var v)) (var v)) (cast 64 false (var v))))))) empty) +dE "lwa r0, 0(0)" e8000002 0xd0 (seq (set r0 (let ea (+ (var 0) (let v (bv 16 0x0) (ite (msb (var v)) (cast 64 (msb (var v)) (var v)) (cast 64 false (var v))))) (let loadw (loadw 0 32 (var ea)) (let v (var loadw) (ite (msb (var v)) (cast 64 (msb (var v)) (var v)) (cast 64 false (var v))))))) empty) dE "lwz r0, 4(r26)" 801a0004 0xd4 (seq (set r0 (let ea (+ (var r26) (let v (bv 16 0x4) (ite (msb (var v)) (cast 64 (msb (var v)) (var v)) (cast 64 false (var v))))) (let loadw (loadw 0 32 (var ea)) (cast 64 false (var loadw))))) empty) dE "lwzx r0, r26, r1" 7c1a082e 0xd8 (seq (set r0 (let ea (+ (var r26) (var r1)) (let loadw (loadw 0 32 (var ea)) (cast 64 false (var loadw))))) empty) dE "lwax r0, r26, r1" 7c1a0aaa 0xdc (seq (set r0 (let ea (+ (var r26) (var r1)) (let loadw (loadw 0 32 (var ea)) (let v (var loadw) (ite (msb (var v)) (cast 64 (msb (var v)) (var v)) (cast 64 false (var v))))))) empty) @@ -99,50 +99,50 @@ dE "cmplwi cr6, r0, 0" 2b000000 0x174 (seq (set l (cast 64 (msb (cast 32 false ( dE "cmpldi cr7, r0, 1" 2ba00001 0x178 (seq (set l (var r0)) (set r (append (bv 48 0x0) (bv 16 0x1))) (set so_flag (ite (var so) (bv 1 0x1) (bv 1 0x0))) (branch (&& (ule (var l) (var r)) (! (== (var l) (var r)))) (set cr7 (append (bv 3 0x4) (var so_flag))) (branch (! (ule (var l) (var r))) (set cr7 (append (bv 3 0x2) (var so_flag))) (set cr7 (append (bv 3 0x1) (var so_flag)))))) dE "b 0x180" 48000004 0x17c (seq (set CIA (bv 64 0x17c)) empty empty (set NIA (bv 64 0x180)) (jmp (var NIA))) dE "ba 4" 48000006 0x180 (seq (set CIA (bv 64 0x180)) empty empty (set NIA (bv 64 0x4)) (jmp (var NIA))) -dE "bgectr" 4c800420 0x184 (seq (set CIA (bv 64 0x184)) empty empty (set NIA (ite (let bo (bv 5 0x4) (|| (! (is_zero (& (bv 5 0x10) (var bo)))) (^^ (! (is_zero (& (var cr0) (bv 4 0x8)))) (! (! (is_zero (& (bv 5 0x8) (var bo)))))))) (& (bv 64 0xfffffffffffffffc) (var ctr)) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bgectrl" 4c800421 0x188 (seq (set CIA (bv 64 0x188)) empty (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (let bo (bv 5 0x4) (|| (! (is_zero (& (bv 5 0x10) (var bo)))) (^^ (! (is_zero (& (var cr0) (bv 4 0x8)))) (! (! (is_zero (& (bv 5 0x8) (var bo)))))))) (& (bv 64 0xfffffffffffffffc) (var ctr)) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bge 0x190" 40800004 0x18c (seq (set CIA (bv 64 0x18c)) empty empty (set NIA (ite (let bo (bv 5 0x4) (&& (|| (! (is_zero (& (bv 5 0x10) (var bo)))) (^^ (! (is_zero (& (var cr0) (bv 4 0x8)))) (! (! (is_zero (& (bv 5 0x8) (var bo))))))) (|| (! (is_zero (& (bv 5 0x4) (var bo)))) (^^ (! (is_zero (var ctr))) (! (is_zero (& (bv 5 0x2) (var bo)))))))) (bv 64 0x190) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "ble 0x194" 40810004 0x190 (seq (set CIA (bv 64 0x190)) empty empty (set NIA (ite (let bo (bv 5 0x4) (&& (|| (! (is_zero (& (bv 5 0x10) (var bo)))) (^^ (! (is_zero (& (var cr0) (bv 4 0x4)))) (! (! (is_zero (& (bv 5 0x8) (var bo))))))) (|| (! (is_zero (& (bv 5 0x4) (var bo)))) (^^ (! (is_zero (var ctr))) (! (is_zero (& (bv 5 0x2) (var bo)))))))) (bv 64 0x194) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bgel 0x198" 40800005 0x194 (seq (set CIA (bv 64 0x194)) empty (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (let bo (bv 5 0x4) (&& (|| (! (is_zero (& (bv 5 0x10) (var bo)))) (^^ (! (is_zero (& (var cr0) (bv 4 0x8)))) (! (! (is_zero (& (bv 5 0x8) (var bo))))))) (|| (! (is_zero (& (bv 5 0x4) (var bo)))) (^^ (! (is_zero (var ctr))) (! (is_zero (& (bv 5 0x2) (var bo)))))))) (bv 64 0x198) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bgelr" 4c800020 0x198 (seq (set CIA (bv 64 0x198)) empty empty (set NIA (ite (let bo (bv 5 0x4) (&& (|| (! (is_zero (& (bv 5 0x10) (var bo)))) (^^ (! (is_zero (& (var cr0) (bv 4 0x8)))) (! (! (is_zero (& (bv 5 0x8) (var bo))))))) (|| (! (is_zero (& (bv 5 0x4) (var bo)))) (^^ (! (is_zero (var ctr))) (! (is_zero (& (bv 5 0x2) (var bo)))))))) (& (bv 64 0xfffffffffffffffc) (var lr)) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bgelrl" 4c800021 0x19c (seq (set CIA (bv 64 0x19c)) empty (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (let bo (bv 5 0x4) (&& (|| (! (is_zero (& (bv 5 0x10) (var bo)))) (^^ (! (is_zero (& (var cr0) (bv 4 0x8)))) (! (! (is_zero (& (bv 5 0x8) (var bo))))))) (|| (! (is_zero (& (bv 5 0x4) (var bo)))) (^^ (! (is_zero (var ctr))) (! (is_zero (& (bv 5 0x2) (var bo)))))))) (& (bv 64 0xfffffffffffffffc) (var lr)) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bfctr lt" 4c800420 0x184 (seq (set CIA (bv 64 0x184)) empty empty (set NIA (ite (&& true (^^ (! (is_zero (& (var cr0) (bv 4 0x8)))) (! false))) (& (bv 64 0xfffffffffffffffc) (var ctr)) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bfctrl lt" 4c800421 0x188 (seq (set CIA (bv 64 0x188)) empty (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& true (^^ (! (is_zero (& (var cr0) (bv 4 0x8)))) (! false))) (& (bv 64 0xfffffffffffffffc) (var ctr)) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bf lt, 0x190" 40800004 0x18c (seq (set CIA (bv 64 0x18c)) empty empty (set NIA (ite (&& (ite false (^^ (! (is_zero (var ctr))) false) true) (ite true (^^ (! (is_zero (& (var cr0) (bv 4 0x8)))) (! false)) true)) (bv 64 0x190) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bf gt, 0x194" 40810004 0x190 (seq (set CIA (bv 64 0x190)) empty empty (set NIA (ite (&& (ite false (^^ (! (is_zero (var ctr))) false) true) (ite true (^^ (! (is_zero (& (var cr0) (bv 4 0x4)))) (! false)) true)) (bv 64 0x194) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bfl lt, 0x198" 40800005 0x194 (seq (set CIA (bv 64 0x194)) empty (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& (ite false (^^ (! (is_zero (var ctr))) false) true) (ite true (^^ (! (is_zero (& (var cr0) (bv 4 0x8)))) (! false)) true)) (bv 64 0x198) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bflr lt" 4c800020 0x198 (seq (set CIA (bv 64 0x198)) empty empty (set NIA (ite (&& (ite false (^^ (! (is_zero (var ctr))) false) true) (ite true (^^ (! (is_zero (& (var cr0) (bv 4 0x8)))) (! false)) true)) (& (bv 64 0xfffffffffffffffc) (var lr)) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bflrl lt" 4c800021 0x19c (seq (set CIA (bv 64 0x19c)) empty (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& (ite false (^^ (! (is_zero (var ctr))) false) true) (ite true (^^ (! (is_zero (& (var cr0) (bv 4 0x8)))) (! false)) true)) (& (bv 64 0xfffffffffffffffc) (var lr)) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) dE "bctr" 4e800420 0x1a0 (seq (set CIA (bv 64 0x1a0)) empty empty (set NIA (& (bv 64 0xfffffffffffffffc) (var ctr))) (jmp (var NIA))) dE "bctrl" 4e800421 0x1a4 (seq (set CIA (bv 64 0x1a4)) empty (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (& (bv 64 0xfffffffffffffffc) (var ctr))) (jmp (var NIA))) dB "bne cr5, 0x1a4" 00009640 0x1a4 (seq (set CIA (bv 64 0x1a4)) empty empty (set NIA (ite (let bo (bv 5 0x4) (&& (|| (! (is_zero (& (bv 5 0x10) (var bo)))) (^^ (! (is_zero (& (var cr5) (bv 4 0x2)))) (! (! (is_zero (& (bv 5 0x8) (var bo))))))) (|| (! (is_zero (& (bv 5 0x4) (var bo)))) (^^ (! (is_zero (var ctr))) (! (is_zero (& (bv 5 0x2) (var bo)))))))) (bv 64 0x1a4) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdnz 0x1ac" 42000004 0x1a8 (seq (set CIA (bv 64 0x1a8)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (! (is_zero (var ctr))) (bv 64 0x1ac) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdnza 4" 42000006 0x1ac (seq (set CIA (bv 64 0x1ac)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (! (is_zero (var ctr))) (bv 64 0x4) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdnzl 0x1b4" 42000005 0x1b0 (seq (set CIA (bv 64 0x1b0)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (! (is_zero (var ctr))) (bv 64 0x1b4) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdnzla 4" 42000007 0x1b4 (seq (set CIA (bv 64 0x1b4)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (! (is_zero (var ctr))) (bv 64 0x4) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdnzlr" 4e000020 0x1b8 (seq (set CIA (bv 64 0x1b8)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (! (is_zero (var ctr))) (& (bv 64 0xfffffffffffffffc) (var lr)) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdnzlrl" 4e000021 0x1bc (seq (set CIA (bv 64 0x1bc)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (! (is_zero (var ctr))) (& (bv 64 0xfffffffffffffffc) (var lr)) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdz 0x1c4" 42400004 0x1c0 (seq (set CIA (bv 64 0x1c0)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (is_zero (var ctr)) (bv 64 0x1c4) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdza 4" 42400006 0x1c4 (seq (set CIA (bv 64 0x1c4)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (is_zero (var ctr)) (bv 64 0x4) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdzl 0x1cc" 42400005 0x1c8 (seq (set CIA (bv 64 0x1c8)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (is_zero (var ctr)) (bv 64 0x1cc) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdzla 4" 42400007 0x1cc (seq (set CIA (bv 64 0x1cc)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (is_zero (var ctr)) (bv 64 0x4) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdzlr" 4e400020 0x1d0 (seq (set CIA (bv 64 0x1d0)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (is_zero (var ctr)) (& (bv 64 0xfffffffffffffffc) (var lr)) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdzlrl" 4e400021 0x1d4 (seq (set CIA (bv 64 0x1d4)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (is_zero (var ctr)) (& (bv 64 0xfffffffffffffffc) (var lr)) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bc 0x10, lt, 0x1ac" 42000004 0x1a8 (seq (set CIA (bv 64 0x1a8)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) false) true) (ite false (^^ (! (is_zero (& (var cr0) (bv 4 0x8)))) (! false)) true)) (bv 64 0x1ac) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bca 0x10, lt, 4" 42000006 0x1ac (seq (set CIA (bv 64 0x1ac)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) false) true) (ite false (^^ (! (is_zero (& (var cr0) (bv 4 0x8)))) (! false)) true)) (bv 64 0x10) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bcl 0x10, lt, 0x1b4" 42000005 0x1b0 (seq (set CIA (bv 64 0x1b0)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) false) true) (ite false (^^ (! (is_zero (& (var cr0) (bv 4 0x8)))) (! false)) true)) (bv 64 0x1b4) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bcla 0x10, lt, 4" 42000007 0x1b4 (seq (set CIA (bv 64 0x1b4)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) false) true) (ite false (^^ (! (is_zero (& (var cr0) (bv 4 0x8)))) (! false)) true)) (bv 64 0x10) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bdnzlr" 4e000020 0x1b8 (seq (set CIA (bv 64 0x1b8)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) false) true) (ite false (^^ (! (is_zero (& (var cr0) (bv 4 0x8)))) (! false)) true)) (& (bv 64 0xfffffffffffffffc) (var lr)) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bdnzlrl" 4e000021 0x1bc (seq (set CIA (bv 64 0x1bc)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) false) true) (ite false (^^ (! (is_zero (& (var cr0) (bv 4 0x8)))) (! false)) true)) (& (bv 64 0xfffffffffffffffc) (var lr)) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bc 0x12, lt, 0x1c4" 42400004 0x1c0 (seq (set CIA (bv 64 0x1c0)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) true) true) (ite false (^^ (! (is_zero (& (var cr0) (bv 4 0x8)))) (! false)) true)) (bv 64 0x1c4) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bca 0x12, lt, 4" 42400006 0x1c4 (seq (set CIA (bv 64 0x1c4)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) true) true) (ite false (^^ (! (is_zero (& (var cr0) (bv 4 0x8)))) (! false)) true)) (bv 64 0x12) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bcl 0x12, lt, 0x1cc" 42400005 0x1c8 (seq (set CIA (bv 64 0x1c8)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) true) true) (ite false (^^ (! (is_zero (& (var cr0) (bv 4 0x8)))) (! false)) true)) (bv 64 0x1cc) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bcla 0x12, lt, 4" 42400007 0x1cc (seq (set CIA (bv 64 0x1cc)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) true) true) (ite false (^^ (! (is_zero (& (var cr0) (bv 4 0x8)))) (! false)) true)) (bv 64 0x12) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bdzlr" 4e400020 0x1d0 (seq (set CIA (bv 64 0x1d0)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) true) true) (ite false (^^ (! (is_zero (& (var cr0) (bv 4 0x8)))) (! false)) true)) (& (bv 64 0xfffffffffffffffc) (var lr)) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bdzlrl" 4e400021 0x1d4 (seq (set CIA (bv 64 0x1d4)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) true) true) (ite false (^^ (! (is_zero (& (var cr0) (bv 4 0x8)))) (! false)) true)) (& (bv 64 0xfffffffffffffffc) (var lr)) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) dE "bl 0x1dc" 48000005 0x1d8 (seq (set CIA (bv 64 0x1d8)) empty (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (bv 64 0x1dc)) (jmp (var NIA))) dE "bla 4" 48000007 0x1dc (seq (set CIA (bv 64 0x1dc)) empty (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (bv 64 0x4)) (jmp (var NIA))) dE "blr" 4e800020 0x1e0 (seq (set CIA (bv 64 0x1e0)) empty empty (set NIA (& (bv 64 0xfffffffffffffffc) (var lr))) (jmp (var NIA))) dE "blrl" 4e800021 0x1e4 (seq (set CIA (bv 64 0x1e4)) empty (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (& (bv 64 0xfffffffffffffffc) (var lr))) (jmp (var NIA))) -dE "bnsa 0x18" 4083001a 0x1e8 (seq (set CIA (bv 64 0x1e8)) empty empty (set NIA (ite (let bo (bv 5 0x4) (&& (|| (! (is_zero (& (bv 5 0x10) (var bo)))) (^^ (! (is_zero (& (var cr0) (bv 4 0x1)))) (! (! (is_zero (& (bv 5 0x8) (var bo))))))) (|| (! (is_zero (& (bv 5 0x4) (var bo)))) (^^ (! (is_zero (var ctr))) (! (is_zero (& (bv 5 0x2) (var bo)))))))) (bv 64 0x18) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bgela cr1, 0x18" 4084001b 0x1ec (seq (set CIA (bv 64 0x1ec)) empty (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (let bo (bv 5 0x4) (&& (|| (! (is_zero (& (bv 5 0x10) (var bo)))) (^^ (! (is_zero (& (var cr1) (bv 4 0x8)))) (! (! (is_zero (& (bv 5 0x8) (var bo))))))) (|| (! (is_zero (& (bv 5 0x4) (var bo)))) (^^ (! (is_zero (var ctr))) (! (is_zero (& (bv 5 0x2) (var bo)))))))) (bv 64 0x18) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdnzt 4*cr1+lt, 0x81d4" 41047fe4 0x1f0 (seq (set CIA (bv 64 0x1f0)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (&& (! (is_zero (var ctr))) (! (is_zero (& (var cr1) (bv 4 0x1))))) (bv 64 0x81d4) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdnztl 4*cr1+lt, 0x81d8" 41047fe5 0x1f4 (seq (set CIA (bv 64 0x1f4)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& (! (is_zero (var ctr))) (! (is_zero (& (var cr1) (bv 4 0x1))))) (bv 64 0x81d8) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdnzta 4*cr1+lt, 0x7fe4" 41047fe6 0x1f8 (seq (set CIA (bv 64 0x1f8)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (&& (! (is_zero (var ctr))) (! (is_zero (& (var cr1) (bv 4 0x1))))) (bv 64 0x7fe4) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdnztla 4*cr1+lt, 0x7fe4" 41047fe7 0x1fc (seq (set CIA (bv 64 0x1fc)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& (! (is_zero (var ctr))) (! (is_zero (& (var cr1) (bv 4 0x1))))) (bv 64 0x7fe4) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdnzf 4*cr1+lt, 0x81e4" 40047fe4 0x200 (seq (set CIA (bv 64 0x200)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (&& (! (is_zero (var ctr))) (is_zero (& (var cr1) (bv 4 0x1)))) (bv 64 0x81e4) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdnzfl 4*cr1+lt, 0x81e8" 40047fe5 0x204 (seq (set CIA (bv 64 0x204)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& (! (is_zero (var ctr))) (is_zero (& (var cr1) (bv 4 0x1)))) (bv 64 0x81e8) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdnzfa 4*cr1+lt, 0x7fe4" 40047fe6 0x208 (seq (set CIA (bv 64 0x208)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (&& (! (is_zero (var ctr))) (is_zero (& (var cr1) (bv 4 0x1)))) (bv 64 0x7fe4) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdnzfla 4*cr1+lt, 0x7fe4" 40047fe7 0x20c (seq (set CIA (bv 64 0x20c)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& (! (is_zero (var ctr))) (is_zero (& (var cr1) (bv 4 0x1)))) (bv 64 0x7fe4) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdzt 4*cr1+lt, 0x81f4" 41447fe4 0x210 (seq (set CIA (bv 64 0x210)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (&& (is_zero (var ctr)) (! (is_zero (& (var cr1) (bv 4 0x1))))) (bv 64 0x81f4) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdzta 4*cr1+lt, 0x7fe4" 41447fe6 0x214 (seq (set CIA (bv 64 0x214)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (&& (is_zero (var ctr)) (! (is_zero (& (var cr1) (bv 4 0x1))))) (bv 64 0x7fe4) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdztl 4*cr1+lt, 0x81fc" 41447fe5 0x218 (seq (set CIA (bv 64 0x218)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& (is_zero (var ctr)) (! (is_zero (& (var cr1) (bv 4 0x1))))) (bv 64 0x81fc) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdztla 4*cr1+lt, 0x7fe4" 41447fe7 0x21c (seq (set CIA (bv 64 0x21c)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& (is_zero (var ctr)) (! (is_zero (& (var cr1) (bv 4 0x1))))) (bv 64 0x7fe4) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdzf 4*cr1+lt, 0x8204" 40447fe4 0x220 (seq (set CIA (bv 64 0x220)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (&& (is_zero (var ctr)) (is_zero (& (var cr1) (bv 4 0x1)))) (bv 64 0x8204) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdzfa 4*cr1+lt, 0x7fe4" 40447fe6 0x224 (seq (set CIA (bv 64 0x224)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (&& (is_zero (var ctr)) (is_zero (& (var cr1) (bv 4 0x1)))) (bv 64 0x7fe4) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdzfl 4*cr1+lt, 0x820c" 40447fe5 0x228 (seq (set CIA (bv 64 0x228)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& (is_zero (var ctr)) (is_zero (& (var cr1) (bv 4 0x1)))) (bv 64 0x820c) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) -dE "bdzfla 4*cr1+lt, 0x7fe4" 40447fe7 0x22c (seq (set CIA (bv 64 0x22c)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& (is_zero (var ctr)) (is_zero (& (var cr1) (bv 4 0x1)))) (bv 64 0x7fe4) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bfa un, 0x18" 4083001a 0x1e8 (seq (set CIA (bv 64 0x1e8)) empty empty (set NIA (ite (&& (ite false (^^ (! (is_zero (var ctr))) false) true) (ite true (^^ (! (is_zero (& (var cr0) (bv 4 0x1)))) (! false)) true)) (bv 64 0x4) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bfla 4*cr1+lt, 0x18" 4084001b 0x1ec (seq (set CIA (bv 64 0x1ec)) empty (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& (ite false (^^ (! (is_zero (var ctr))) false) true) (ite true (^^ (! (is_zero (& (var cr1) (bv 4 0x8)))) (! false)) true)) (bv 64 0x4) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bdnzt 4*cr1+lt, 0x81d4" 41047fe4 0x1f0 (seq (set CIA (bv 64 0x1f0)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) false) true) (ite true (^^ (! (is_zero (& (var cr1) (bv 4 0x8)))) (! true)) true)) (bv 64 0x81d4) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bdnztl 4*cr1+lt, 0x81d8" 41047fe5 0x1f4 (seq (set CIA (bv 64 0x1f4)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) false) true) (ite true (^^ (! (is_zero (& (var cr1) (bv 4 0x8)))) (! true)) true)) (bv 64 0x81d8) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bdnzta 4*cr1+lt, 0x7fe4" 41047fe6 0x1f8 (seq (set CIA (bv 64 0x1f8)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) false) true) (ite true (^^ (! (is_zero (& (var cr1) (bv 4 0x8)))) (! true)) true)) (bv 64 0x8) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bdnztla 4*cr1+lt, 0x7fe4" 41047fe7 0x1fc (seq (set CIA (bv 64 0x1fc)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) false) true) (ite true (^^ (! (is_zero (& (var cr1) (bv 4 0x8)))) (! true)) true)) (bv 64 0x8) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bdnzf 4*cr1+lt, 0x81e4" 40047fe4 0x200 (seq (set CIA (bv 64 0x200)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) false) true) (ite true (^^ (! (is_zero (& (var cr1) (bv 4 0x8)))) (! false)) true)) (bv 64 0x81e4) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bdnzfl 4*cr1+lt, 0x81e8" 40047fe5 0x204 (seq (set CIA (bv 64 0x204)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) false) true) (ite true (^^ (! (is_zero (& (var cr1) (bv 4 0x8)))) (! false)) true)) (bv 64 0x81e8) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bdnzfa 4*cr1+lt, 0x7fe4" 40047fe6 0x208 (seq (set CIA (bv 64 0x208)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) false) true) (ite true (^^ (! (is_zero (& (var cr1) (bv 4 0x8)))) (! false)) true)) (bv 64 0x0) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bdnzfla 4*cr1+lt, 0x7fe4" 40047fe7 0x20c (seq (set CIA (bv 64 0x20c)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) false) true) (ite true (^^ (! (is_zero (& (var cr1) (bv 4 0x8)))) (! false)) true)) (bv 64 0x0) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bdzt 4*cr1+lt, 0x81f4" 41447fe4 0x210 (seq (set CIA (bv 64 0x210)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) true) true) (ite true (^^ (! (is_zero (& (var cr1) (bv 4 0x8)))) (! true)) true)) (bv 64 0x81f4) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bdzta 4*cr1+lt, 0x7fe4" 41447fe6 0x214 (seq (set CIA (bv 64 0x214)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) true) true) (ite true (^^ (! (is_zero (& (var cr1) (bv 4 0x8)))) (! true)) true)) (bv 64 0xa) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bdztl 4*cr1+lt, 0x81fc" 41447fe5 0x218 (seq (set CIA (bv 64 0x218)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) true) true) (ite true (^^ (! (is_zero (& (var cr1) (bv 4 0x8)))) (! true)) true)) (bv 64 0x81fc) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bdztla 4*cr1+lt, 0x7fe4" 41447fe7 0x21c (seq (set CIA (bv 64 0x21c)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) true) true) (ite true (^^ (! (is_zero (& (var cr1) (bv 4 0x8)))) (! true)) true)) (bv 64 0xa) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bdzf 4*cr1+lt, 0x8204" 40447fe4 0x220 (seq (set CIA (bv 64 0x220)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) true) true) (ite true (^^ (! (is_zero (& (var cr1) (bv 4 0x8)))) (! false)) true)) (bv 64 0x8204) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bdzfa 4*cr1+lt, 0x7fe4" 40447fe6 0x224 (seq (set CIA (bv 64 0x224)) (set ctr (- (var ctr) (bv 64 0x1))) empty (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) true) true) (ite true (^^ (! (is_zero (& (var cr1) (bv 4 0x8)))) (! false)) true)) (bv 64 0x2) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bdzfl 4*cr1+lt, 0x820c" 40447fe5 0x228 (seq (set CIA (bv 64 0x228)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) true) true) (ite true (^^ (! (is_zero (& (var cr1) (bv 4 0x8)))) (! false)) true)) (bv 64 0x820c) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) +dE "bdzfla 4*cr1+lt, 0x7fe4" 40447fe7 0x22c (seq (set CIA (bv 64 0x22c)) (set ctr (- (var ctr) (bv 64 0x1))) (set lr (+ (var CIA) (bv 64 0x4))) (set NIA (ite (&& (ite true (^^ (! (is_zero (var ctr))) true) true) (ite true (^^ (! (is_zero (& (var cr1) (bv 4 0x8)))) (! false)) true)) (bv 64 0x2) (+ (var CIA) (bv 64 0x4)))) (jmp (var NIA))) dE "nop" 60000000 0x230 nop dE "xnop" 68000000 0x234 nop dEB "mtocrf 4, r4" 7c904120 0x238 (seq (set val (>> (var r4) (bv 8 0x18) false)) (set cr6 (cast 4 false (var val)))) @@ -207,7 +207,7 @@ dE "slw r10, r20, r4" 7e8a2030 0x320 (seq empty empty (set result (append (bv 32 dE "srw r10, r20, r4" 7e8a2430 0x324 (seq empty empty (set result (append (bv 32 0x0) (>> (cast 32 false (var r20)) (var r4) false))) (set r10 (var result)) empty) dE "srad r10, r20, r4" 7e8a2634 0x328 (seq empty (set ca (ite (&& (msb (var r20)) (! (is_zero (mod (var r20) (cast 64 false (<< (bv 64 0x1) (cast 6 false (& (var r4) (bv 64 0x3f))) false)))))) true false)) (set result (>> (var r20) (cast 6 false (& (var r4) (bv 64 0x3f))) (msb (var r20)))) (set r10 (var result)) empty) dE "sradi r10, r20, 4" 7e8a2674 0x32c (seq empty (set ca (ite (&& (msb (var r20)) (! (is_zero (mod (var r20) (cast 64 false (<< (bv 64 0x1) (bv 8 0x4) false)))))) true false)) (set result (>> (var r20) (bv 8 0x4) (msb (var r20)))) (set r10 (var result)) empty) -dE "lis r22, 0" 3ec00000 0x330 (seq (set r22 (let v (append (bv 16 0x0) (bv 16 0x0)) (ite (msb (var v)) (cast 64 (msb (var v)) (var v)) (cast 64 false (var v))))) empty) +dE "lis r22, 0" 3ec00000 0x330 (set r22 (let v (append (bv 16 0x0) (bv 16 0x0)) (ite (msb (var v)) (cast 64 (msb (var v)) (var v)) (cast 64 false (var v))))) dE "addi r22, r22, 0" 3ad60000 0x334 (seq (set a (var r22)) (set b (let v (bv 16 0x0) (ite (msb (var v)) (cast 64 (msb (var v)) (var v)) (cast 64 false (var v))))) empty (set r22 (+ (var a) (var b))) empty empty empty) dE "ld r22, 0(r22)" ead60000 0x338 (seq (set r22 (let ea (+ (var r22) (let v (bv 16 0x0) (ite (msb (var v)) (cast 64 (msb (var v)) (var v)) (cast 64 false (var v))))) (let loadw (loadw 0 64 (var ea)) (cast 64 false (var loadw))))) empty) dE "sraw r10, r22, r4" 7eca2630 0x33c (seq empty (set ca (ite (&& (msb (cast 32 (msb (var r22)) (var r22))) (! (is_zero (mod (cast 32 false (var r22)) (cast 32 false (<< (bv 64 0x1) (cast 6 false (& (var r4) (bv 64 0x3f))) false)))))) true false)) (set result (cast 64 (msb (>> (cast 32 false (var r22)) (cast 6 false (& (var r4) (bv 64 0x3f))) (msb (cast 32 false (var r22))))) (>> (cast 32 false (var r22)) (cast 6 false (& (var r4) (bv 64 0x3f))) (msb (cast 32 false (var r22)))))) (set r10 (var result)) empty) diff --git a/test/db/asm/ppc_qpx_64 b/test/db/asm/ppc_qpx_64 new file mode 100644 index 00000000000..0185de4484d --- /dev/null +++ b/test/db/asm/ppc_qpx_64 @@ -0,0 +1,124 @@ +dE "qvfabs q3, q5" 10602a10 +dE "qvfabs q3, q5" 10602a10 +dE "qvfadd q3, q4, q5" 1064282a +dE "qvfadds q3, q4, q5" 0064282a +dE "qvfandc q3, q4, q5" 10642a08 +dE "qvfand q3, q4, q5" 10642888 +dE "qvfcfid q3, q5" 10602e9c +dE "qvfcfids q3, q5" 00602e9c +dE "qvfcfidu q3, q5" 10602f9c +dE "qvfcfidus q3, q5" 00602f9c +dE "qvfclr q3" 10631808 +dE "qvfcpsgn q3, q4, q5" 10642810 +dE "qvfctfb q3, q4" 10642288 +dE "qvfctid q3, q5" 10602e5c +dE "qvfctidu q3, q5" 10602f5c +dE "qvfctiduz q3, q5" 10602f5e +dE "qvfctidz q3, q5" 10602e5e +dE "qvfctiw q3, q5" 1060281c +dE "qvfctiwu q3, q5" 1060291c +dE "qvfctiwuz q3, q5" 1060291e +dE "qvfctiwz q3, q5" 1060281e +dE "qvfequ q3, q4, q5" 10642c88 +dE "qvflogical q3, q4, q5, 0xc" 10642e08 +dE "qvfmadd q3, q4, q6, q5" 106429ba +dE "qvfmadds q3, q4, q6, q5" 006429ba +dE "qvfmr q3, q5" 10602890 +dE "qvfmsub q3, q4, q6, q5" 106429b8 +dE "qvfmsubs q3, q4, q6, q5" 006429b8 +dE "qvfmul q3, q4, q6" 106401b2 +dE "qvfmuls q3, q4, q6" 006401b2 +dE "qvfnabs q3, q5" 10602910 +dE "qvfnand q3, q4, q5" 10642f08 +dE "qvfneg q3, q5" 10602850 +dE "qvfnmadd q3, q4, q6, q5" 106429be +dE "qvfnmadds q3, q4, q6, q5" 006429be +dE "qvfnmsub q3, q4, q6, q5" 106429bc +dE "qvfnmsubs q3, q4, q6, q5" 006429bc +dE "qvfnor q3, q4, q5" 10642c08 +dE "qvfnot q3, q4" 10642508 +dE "qvforc q3, q4, q5" 10642e88 +dE "qvfor q3, q4, q5" 10642b88 +dE "qvfperm q3, q4, q5, q6" 1064298c +dE "qvfre q3, q5" 10602830 +dE "qvfres q3, q5" 00602830 +dE "qvfrim q3, q5" 10602bd0 +dE "qvfrin q3, q5" 10602b10 +dE "qvfrip q3, q5" 10602b90 +dE "qvfriz q3, q5" 10602b50 +dE "qvfrsp q3, q5" 10602818 +dE "qvfrsqrte q3, q5" 10602834 +dE "qvfrsqrtes q3, q5" 00602834 +dE "qvfsel q3, q4, q6, q5" 106429ae +dE "qvfset q3" 10631f88 +dE "qvfsub q3, q4, q5" 10642828 +dE "qvfsubs q3, q4, q5" 00642828 +dE "qvfxmadd q3, q4, q6, q5" 10642992 +dE "qvfxmadds q3, q4, q6, q5" 00642992 +dE "qvfxmul q3, q4, q6" 106401a2 +dE "qvfxmuls q3, q4, q6" 006401a2 +dE "qvfxor q3, q4, q5" 10642b08 +dE "qvfxxcpnmadd q3, q4, q6, q5" 10642986 +dE "qvfxxcpnmadds q3, q4, q6, q5" 00642986 +dE "qvfxxmadd q3, q4, q6, q5" 10642982 +dE "qvfxxmadds q3, q4, q6, q5" 00642982 +dE "qvfxxnpmadd q3, q4, q6, q5" 10642996 +dE "qvfxxnpmadds q3, q4, q6, q5" 00642996 +dE "qvlfcduxa q3, r9, r11" 7c6958cf +dE "qvlfcdux q3, r9, r11" 7c6958ce +dE "qvlfcdxa q3, r10, r11" 7c6a588f +dE "qvlfcdx q3, r10, r11" 7c6a588e +dE "qvlfcsuxa q3, r9, r11" 7c69584f +dE "qvlfcsux q3, r9, r11" 7c69584e +dE "qvlfcsxa q3, r10, r11" 7c6a580f +dE "qvlfcsx q3, r10, r11" 7c6a580e +dE "qvlfduxa q3, r9, r11" 7c695ccf +dE "qvlfdux q3, r9, r11" 7c695cce +dE "qvlfdxa q3, r10, r11" 7c6a5c8f +dE "qvlfdx q3, r10, r11" 7c6a5c8e +dE "qvlfiwaxa q3, r10, r11" 7c6a5ecf +dE "qvlfiwax q3, r10, r11" 7c6a5ece +dE "qvlfiwzxa q3, r10, r11" 7c6a5e8f +dE "qvlfiwzx q3, r10, r11" 7c6a5e8e +dE "qvlfsuxa q3, r9, r11" 7c695c4f +dE "qvlfsux q3, r9, r11" 7c695c4e +dE "qvlfsxa q3, r10, r11" 7c6a5c0f +dE "qvlfsx q3, r10, r11" 7c6a5c0e +dE "qvlpcldx q3, r10, r11" 7c6a5c8c +dE "qvlpclsx q3, r10, r11" 7c6a5c0c +dE "qvlpcrdx q3, r10, r11" 7c6a588c +dE "qvlpcrsx q3, r10, r11" 7c6a580c +dE "qvstfcduxa q2, r9, r11" 7c4959cf +dE "qvstfcduxia q2, r9, r11" 7c4959cb +dE "qvstfcduxi q2, r9, r11" 7c4959ca +dE "qvstfcdux q2, r9, r11" 7c4959ce +dE "qvstfcdxa q2, r10, r11" 7c4a598f +dE "qvstfcdxia q2, r10, r11" 7c4a598b +dE "qvstfcdxi q2, r10, r11" 7c4a598a +dE "qvstfcdx q2, r10, r11" 7c4a598e +dE "qvstfcsuxa q2, r9, r11" 7c49594f +dE "qvstfcsuxia q2, r9, r11" 7c49594b +dE "qvstfcsuxi q2, r9, r11" 7c49594a +dE "qvstfcsux q2, r9, r11" 7c49594e +dE "qvstfcsxa q2, r10, r11" 7c4a590f +dE "qvstfcsxia q2, r10, r11" 7c4a590b +dE "qvstfcsxi q2, r10, r11" 7c4a590a +dE "qvstfcsx q2, r10, r11" 7c4a590e +dE "qvstfduxa q2, r9, r11" 7c495dcf +dE "qvstfduxia q2, r9, r11" 7c495dcb +dE "qvstfduxi q2, r9, r11" 7c495dca +dE "qvstfdux q2, r9, r11" 7c495dce +dE "qvstfdxa q2, r10, r11" 7c4a5d8f +dE "qvstfdxia q2, r10, r11" 7c4a5d8b +dE "qvstfdxi q2, r10, r11" 7c4a5d8a +dE "qvstfdx q2, r10, r11" 7c4a5d8e +dE "qvstfiwxa q2, r10, r11" 7c4a5f8f +dE "qvstfiwx q2, r10, r11" 7c4a5f8e +dE "qvstfsuxa q2, r9, r11" 7c495d4f +dE "qvstfsuxia q2, r9, r11" 7c495d4b +dE "qvstfsuxi q2, r9, r11" 7c495d4a +dE "qvstfsux q2, r9, r11" 7c495d4e +dE "qvstfsxa q2, r10, r11" 7c4a5d0f +dE "qvstfsxia q2, r10, r11" 7c4a5d0b +dE "qvstfsxi q2, r10, r11" 7c4a5d0a +dE "qvstfsx q2, r10, r11" 7c4a5d0e diff --git a/test/db/cmd/cmd_a_capital_o b/test/db/cmd/cmd_a_capital_o index 2c650d6c06e..1883f894a69 100644 --- a/test/db/cmd/cmd_a_capital_o +++ b/test/db/cmd/cmd_a_capital_o @@ -10,6 +10,6 @@ EXPECT=<>,<<,36,+,0xffffffff,&,[4],0xffffffff,&,ip,= -[{"opcode":"ldr ip, [pc, 0x24]","disasm":"ldr ip, sym.__libc_csu_fini","pseudo":"ip = sym.__libc_csu_fini","description":"load from memory to register","mnemonic":"ldr","mask":"ffffffff","esil":"2,2,8,$$,+,>>,<<,36,+,0xffffffff,&,[4],0xffffffff,&,ip,=","rzil":{"opcode":"set","dst":"r12","src":{"opcode":"loadw","mem":0,"key":{"opcode":"bitv","bits":"0x817c","len":32},"bits":32}},"sign":false,"prefix":0,"id":83,"opex":{"operands":[{"type":"reg","value":"ip"},{"type":"mem","base":"pc","scale":1,"disp":36}]},"addr":33104,"bytes":"24c09fe5","disp":36,"ptr":33148,"size":4,"type":"load","esilcost":4,"ireg":"pc","scale":1,"refptr":4,"cycles":4,"failcycles":0,"delay":0,"stackptr":0,"family":"cpu"}] +[{"opcode":"ldr ip, [pc, 0x24]","disasm":"ldr ip, sym.__libc_csu_fini","pseudo":"ip = sym.__libc_csu_fini","description":"load from memory to register","mnemonic":"ldr","mask":"ffffffff","esil":"2,2,8,$$,+,>>,<<,36,+,0xffffffff,&,[4],0xffffffff,&,ip,=","rzil":{"opcode":"set","dst":"r12","src":{"opcode":"loadw","mem":0,"key":{"opcode":"bitv","bits":"0x817c","len":32},"bits":32}},"sign":false,"prefix":0,"id":4,"opex":{"operands":[{"type":"reg","value":"ip"},{"type":"mem","base":"pc","scale":0,"disp":36}]},"addr":33104,"bytes":"24c09fe5","disp":36,"ptr":33148,"size":4,"type":"load","esilcost":4,"ireg":"pc","scale":0,"refptr":4,"cycles":4,"failcycles":0,"delay":0,"stackptr":0,"family":"cpu"}] EOF RUN \ No newline at end of file diff --git a/test/db/cmd/cmd_ao b/test/db/cmd/cmd_ao index dc96586a4cd..17bb690cfe6 100644 --- a/test/db/cmd/cmd_ao +++ b/test/db/cmd/cmd_ao @@ -117,7 +117,7 @@ aoj~{[0].opex} EOF EXPECT=<> (>> (bv 64 0x0) (bv 8 0x1) true) (var mstart) false))) (set mstart (mod (+ (var mstart) (bv 8 0x1)) (bv 8 0x40))))) (set m (| (var m) (>> (>> (bv 64 0x0) (bv 8 0x1) true) (var mstop) false))) (set mask (cast 32 false (var m))) empty (set result (& (let rotl32_x (cast 32 false (var r1)) (let rotl32_y (bv 8 0x0) (| (<< (var rotl32_x) (var rotl32_y) false) (>> (var rotl32_x) (- (bv 8 0x20) (cast 8 false (var rotl32_y))) false)))) (var mask))) (set r1 (var result)) empty) -0x100280 (seq (set r0 (let v (bv 16 0x0) (ite (msb (var v)) (cast 32 (msb (var v)) (var v)) (cast 32 false (var v))))) empty) +0x100280 (set r0 (let v (bv 16 0x0) (ite (msb (var v)) (cast 32 (msb (var v)) (var v)) (cast 32 false (var v))))) 0x100284 (seq (storew 0 (+ (var r1) (let v (bv 16 0xfff0) (ite (msb (var v)) (cast 32 (msb (var v)) (var v)) (cast 32 false (var v))))) (cast 32 false (var r1))) (set r1 (+ (var r1) (let v (bv 16 0xfff0) (ite (msb (var v)) (cast 32 (msb (var v)) (var v)) (cast 32 false (var v))))))) 0x100288 (set lr (cast 32 false (var r0))) -- pretty @@ -96,21 +96,19 @@ EXPECT=<> (>> (bv 64 0x0) (bv 8 0x1) true) (var mstart) false))) (set mstart (mod (+ (var mstart) (bv 8 0x1)) (bv 8 0x40))))) (set m (| (var m) (>> (>> (bv 64 0x0) (bv 8 0x1) true) (var mstop) false))) (set mask (cast 64 false (var m))) empty (set result (& (let rotl64_x (var r1) (let rotl64_y (& (bv 8 0x3f) (bv 8 0x0)) (| (<< (var rotl64_x) (var rotl64_y) false) (>> (var rotl64_x) (- (bv 8 0x40) (cast 8 false (var rotl64_y))) false)))) (var mask))) (set r1 (var result)) empty) -0x100518 (seq (set r0 (let v (bv 16 0x0) (ite (msb (var v)) (cast 64 (msb (var v)) (var v)) (cast 64 false (var v))))) empty) +0x100518 (set r0 (let v (bv 16 0x0) (ite (msb (var v)) (cast 64 (msb (var v)) (var v)) (cast 64 false (var v))))) -- pretty 0x100508 -(seq - (set r2 - (let v - (append - (bv 16 0x1e) - (bv 16 0x0)) - (ite +(set r2 + (let v + (append + (bv 16 0x1e) + (bv 16 0x0)) + (ite + (msb + (var v)) + (cast 64 (msb (var v)) - (cast 64 - (msb - (var v)) - (var v)) - (cast 64 - false - (var v))))) - empty) + (var v)) + (cast 64 + false + (var v))))) 0x10050c (seq (set a @@ -139,33 +137,29 @@ EXPECT=<