def mba(size: int) -> Expr:
"""Generate exemplary MBA expression (for testing/debug purposes)"""
v0 = ExprId("v0", size)
v1 = ExprId("v1", size)
v2 = ExprId("v2", size)
return (((v1 ^ v2) + ((v1 & v2) << ExprInt(1, size))) | v0) + ((
(v1 ^ v2) + ((v1 & v2) << ExprInt(1, size))) & v0)
def test_and(self):
"""Test AND execution"""
# AND Rn, Rm
exec_instruction("AND R1, R2", [(ExprId("R1", 32), ExprInt(1, 32)),
(ExprId("R2", 32), ExprInt(0, 32))],
[(ExprId("R1", 32), ExprInt(0, 32))])
def test_sub(self):
"""Test SUB execution"""
# SUB Rn,Rm
exec_instruction("SUB R1, R2", [(ExprId("R1", 32), ExprInt(0x28, 32)),
(ExprId("R2", 32), ExprInt(0x7, 32))],
[(ExprId("R1", 32), ExprInt(0x21, 32))])
def test_xor3(self):
"""Test XOR3 execution"""
# XOR3 Rn,Rm,imm16
exec_instruction("XOR3 R1, R2, 1",
[(ExprId("R2", 32), ExprInt(0, 32))],
[(ExprId("R1", 32), ExprInt(1, 32))])
def test_or(self):
"""Test OR execution"""
# OR Rn, Rm
exec_instruction("OR R1, R2", [(ExprId("R1", 32), ExprInt(1, 32)),
(ExprId("R2", 32), ExprInt(1, 32))],
[(ExprId("R1", 32), ExprInt(1, 32))])
def test_dbreak(self):
"""Test DBREAK execution"""
# DBREAK
exec_instruction("DBREAK",
[(ExprId("DBG", 32), ExprInt(0, 32))],
[(ExprId("DBG", 32), ExprInt(0b10, 32))])
def test_jsr(self):
"""Test JSR execution"""
# JSR Rm
exec_instruction("JSR R1", [(ExprId("R1", 32), ExprInt(0x2807, 32))],
[(ExprId("PC", 32), ExprInt(0x2807, 32)),
(ExprId("LP", 32), ExprInt(0x2, 32))])
def test_ldc(self):
"""Test LDC execution"""
# LDC Rn,imm5
exec_instruction("LDC R1, SAR",
[(ExprId("SAR", 32), ExprInt(0x28, 32))],
[(ExprId("R1", 32), ExprInt(0x28, 32))])
def test_stc(self):
"""Test STC execution"""
# STC Rn,imm5
exec_instruction("STC R1, SAR",
[(ExprId("R1", 32), ExprInt(0x28, 32))],
[(ExprId("SAR", 32), ExprInt(0x28, 32))])
def test_and3(self):
"""Test AND3 execution"""
# AND3 Rn,Rm,imm16
exec_instruction("AND3 R1, R2, 0",
[(ExprId("R2", 32), ExprInt(1, 32))],
[(ExprId("R1", 32), ExprInt(0, 32))])
def test_nor(self):
"""Test NOR execution"""
# NOR Rn, Rm
exec_instruction("NOR R1, R2", [(ExprId("R1", 32), ExprInt(1, 32)),
(ExprId("R2", 32), ExprInt(0, 32))],
[(ExprId("R1", 32), ExprInt(0xFFFFFFFE, 32))])
def test_sl2ad3(self):
"""Test SL2AD3 execution"""
# SL2AD3 R0,Rn,Rm
exec_instruction("SL2AD3 R0, R1, R2",
[(ExprId("R1", 32), ExprInt(0x2, 32)),
(ExprId("R2", 32), ExprInt(0x20, 32))],
[(ExprId("R0", 32), ExprInt(0x28, 32))])
def test_erepeat(self):
"""Test EREPEAT execution"""
# EREPEAT disp17.align2
exec_instruction("EREPEAT 0x42",
[(ExprId("PC", 32), ExprInt(0, 32))],
[(ExprId("RPB", 32), ExprInt(4, 32)),
(ExprId("RPE", 32), ExprInt(0x43, 32))])
def test_btstm(self):
"""Test BTSTM execution"""
# BTSTM R0,(Rm),imm3
exec_instruction("BTSTM R0, (R1), 1",
[(ExprId("R1", 32), ExprInt(0x28, 32)),
(ExprMem(ExprInt(0x28, 32), 8), ExprInt(0x2, 8))],
[(ExprId("R0", 32), ExprInt(0x2, 32))])
def test_smcpi(self):
"""Test SMCPI execution"""
# SMCPI CRn[0-15],(Rm+)
exec_instruction("SMCPI C1, (R2+)",
[(ExprId("C1", 32), ExprInt(0x28071010, 32)),
(ExprId("R2", 32), ExprInt(0x17, 32))],
[(ExprMem(ExprInt(0x10, 32), 32), ExprInt(0x28071010, 32)),
(ExprId("R2", 32), ExprInt(0x1F, 32))])
def test_exth(self):
"""Test EXTH execution"""
# EXTH Rn
exec_instruction("EXTH R1", [(ExprId("R1", 32), ExprInt(0xFFFE, 32))],
[(ExprId("R1", 32), ExprInt(0xFFFFFFFE, 32))])
exec_instruction("EXTH R2", [(ExprId("R2", 32), ExprInt(0x8000, 32))],
[(ExprId("R2", 32), ExprInt(0xFFFF8000, 32))])
def test_lwcpi(self):
"""Test LWCPI execution"""
# LWCPI CRn[0-15],(Rm+)
exec_instruction("LWCPI C1, (R2+)",
[(ExprId("R2", 32), ExprInt(0x11, 32)),
(ExprMem(ExprInt(0x10, 32), 32), ExprInt(0xABCD, 32))],
[(ExprId("C1", 32), ExprInt(0xABCD, 32)),
(ExprId("R2", 32), ExprInt(0x15, 32))])
def test_movh(self):
"""Test MOVH execution"""
# MOVH Rn,imm16
exec_instruction("MOVH R1, 1", [],
[(ExprId("R1", 32), ExprInt(0x10000, 32))])
exec_instruction("MOVH R1, 0xFFFF", [],
[(ExprId("R1", 32), ExprInt(0xFFFF0000, 32))])
def test_extb(self):
"""Test EXTB execution"""
# EXTB Rn
exec_instruction("EXTB R1", [(ExprId("R1", 32), ExprInt(0xFE, 32))],
[(ExprId("R1", 32), ExprInt(0xFFFFFFFE, 32))])
exec_instruction("EXTB R2", [(ExprId("R2", 32), ExprInt(0x80, 32))],
[(ExprId("R2", 32), ExprInt(0xFFFFFF80, 32))])
def test_tas(self):
"""Test TAS execution"""
# TAS Rn,(Rm)
exec_instruction("TAS R0, (R1)",
[(ExprId("R1", 32), ExprInt(0x28, 32)),
(ExprMem(ExprInt(0x28, 32), 8), ExprInt(0x2, 8))],
[(ExprId("R0", 32), ExprInt(0x2, 32)),
(ExprMem(ExprInt(0x28, 32), 8), ExprInt(0x1, 8))])
def test_neg(self):
"""Test NEG execution"""
# NEG Rn,Rm
exec_instruction("NEG R1, R2", [(ExprId("R2", 32), ExprInt(1, 32))],
[(ExprId("R1", 32), ExprInt(0xFFFFFFFF, 32))])
exec_instruction("NEG R1, R2", [(ExprId("R2", 32), ExprInt(0x42, 32))],
[(ExprId("R1", 32), ExprInt(0xFFFFFFBE, 32))])
def test_repeat(self):
"""Test REPEAT execution"""
# REPEAT Rn, disp17.align2
exec_instruction("REPEAT R0, 0x42",
[(ExprId("PC", 32), ExprInt(2, 32)),
(ExprId("R0", 32), ExprInt(0x28, 32))],
[(ExprId("RPB", 32), ExprInt(6, 32)),
(ExprId("RPE", 32), ExprInt(0x44, 32)),
(ExprId("RPC", 32), ExprInt(0x28, 32))])
def test_mulru(self):
"""Test MULRU execution"""
# MULRU Rn,Rm
exec_instruction("MULRU R0, R1",
[(ExprId("R0", 32), ExprInt(0x2, 32)),
(ExprId("R1", 32), ExprInt(0xFFFFFFFF, 32))],
[(ExprId("HI", 32), ExprInt(0x1, 32)),
(ExprId("LO", 32), ExprInt(0xFFFFFFFE, 32)),
(ExprId("R0", 32), ExprInt(0xFFFFFFFE, 32))])
def test_mulr(self):
"""Test MULR execution"""
# MULR Rn,Rm
exec_instruction("MULR R0, R1",
[(ExprId("R0", 32), ExprInt(0x80, 32)),
(ExprId("R1", 32), ExprInt(0xFFFFFFFF, 32))],
[(ExprId("HI", 32), ExprInt(0xFFFFFFFF, 32)),
(ExprId("LO", 32), ExprInt(0xFFFFFF80, 32)),
(ExprId("R0", 32), ExprInt(0xFFFFFF80, 32))])
def arm_guess_jump_table(dis_engine, cur_block, offsets_to_dis):
arch = dis_engine.arch
loc_db = dis_engine.loc_db
ira = get_ira(arch, dis_engine.attrib)
jra = ExprId('jra')
jrb = ExprId('jrb')
ir_arch = ira(loc_db)
ircfg = ira.new_ircfg()
ir_arch.add_asmblock_to_ircfg(cur_block, ircfg)
for irblock in viewvalues(ircfg.blocks):
pc_val = None
for exprs in irblock:
for e in exprs:
if e.dst == ir_arch.pc:
pc_val = e.src
if pc_val is None:
continue
if not isinstance(pc_val, ExprMem):
continue
assert (pc_val.size == 32)
print(pc_val)
ad = pc_val.arg
ad = expr_simp(ad)
print(ad)
res = match_expr(ad, jra + jrb, set([jra, jrb]))
if res is False:
raise NotImplementedError('not fully functional')
print(res)
if not isinstance(res[jrb], ExprInt):
raise NotImplementedError('not fully functional')
base_ad = int(res[jrb])
print(base_ad)
addrs = set()
i = -1
max_table_entry = 10000
max_diff_addr = 0x100000 # heuristic
while i < max_table_entry:
i += 1
try:
ad = upck32(dis_engine.bin_stream.getbytes(base_ad + 4 * i, 4))
except:
break
if abs(ad - base_ad) > max_diff_addr:
break
addrs.add(ad)
print([hex(x) for x in addrs])
for ad in addrs:
offsets_to_dis.add(ad)
l = loc_db.get_or_create_offset_location(ad)
c = AsmConstraintTo(l)
cur_block.addto(c)
def test_lw(self):
"""Test SW execution"""
# LW Rn,(Rm)
exec_instruction("LW R1, (R2)",
[(ExprId("R2", 32), ExprInt(0x10, 32)),
(ExprMem(ExprInt(0x10, 32), 32), ExprInt(0xABCD, 32))],
[(ExprId("R1", 32), ExprInt(0xABCD, 32))])
# LW Rn,disp7.align4(SP)
exec_instruction("LW R1, 0x18(SP)",
[(ExprId("SP", 32), ExprInt(0x10, 32)),
(ExprMem(ExprInt(0x28, 32), 32), ExprInt(0x01234567, 32))],
[(ExprId("R1", 32), ExprInt(0x01234567, 32))])
# LW Rn[0-7],disp7.align4(TP)
exec_instruction("LW R1, 0x18(TP)",
[(ExprId("TP", 32), ExprInt(0x10, 32)),
(ExprMem(ExprInt(0x28, 32), 32), ExprInt(0x1010, 32))],
[(ExprId("R1", 32), ExprInt(0x1010, 32))])
# LW Rn,disp16(Rm)
exec_instruction("LW R9, 0xF000(R2)",
[(ExprId("R2", 32), ExprInt(0x42, 32)),
(ExprMem(ExprInt(0xFFFFF040, 32), 32), ExprInt(0x10, 32))],
[(ExprId("R9", 32), ExprInt(0x10, 32))])
# LW Rn,(abs24.align4)
exec_instruction("LW R10, (0x1010)",
[(ExprMem(ExprInt(0x1010, 32), 32), ExprInt(0xABC7, 32))],
[(ExprId("R10", 32), ExprInt(0xABC7, 32))])
def test_sw(self):
"""Test SW execution"""
# SW Rn,(Rm)
exec_instruction("SW R1, (R2)",
[(ExprId("R1", 32), ExprInt(0x28071010, 32)),
(ExprId("R2", 32), ExprInt(0x10, 32))],
[(ExprMem(ExprInt(0x10, 32), 32), ExprInt(0x28071010, 32))])
# SW Rn,disp7.align4(SP)
exec_instruction("SW R1, 4(SP)",
[(ExprId("R1", 32), ExprInt(0x28071010, 32)),
(ExprId("SP", 32), ExprInt(0x10, 32))],
[(ExprMem(ExprInt(0x14, 32), 32), ExprInt(0x28071010, 32))])
# SW Rn,disp7.align4(TP)
exec_instruction("SW R1, 12(TP)",
[(ExprId("R1", 32), ExprInt(0x28071010, 32)),
(ExprId("TP", 32), ExprInt(0x10, 32))],
[(ExprMem(ExprInt(0x1c, 32), 32), ExprInt(0x28071010, 32))])
# SW Rn,disp16(Rm)
exec_instruction("SW R10, 0xF800(R2)",
[(ExprId("R10", 32), ExprInt(0xABC7, 32)),
(ExprId("R2", 32), ExprInt(0x10, 32))],
[(ExprMem(ExprInt(0xFFFFF810, 32), 32), ExprInt(0xABC7, 32))])
# SW Rn,(abs24.align4)
exec_instruction("SW R10, (0x1010)",
[(ExprId("R10", 32), ExprInt(0xABC7, 32))],
[(ExprMem(ExprInt(0x1010, 32), 32), ExprInt(0xABC7, 32))])
def test_swi(self):
"""Test SWI execution"""
# SWI
exec_instruction(
"SWI 0", [(ExprId("EXC", 32), ExprInt(0xF0000001, 32))],
[(ExprId("EXC", 32), ExprInt(0xF0000001 + (1 << 4), 32))])
exec_instruction(
"SWI 1", [(ExprId("EXC", 32), ExprInt(0xF0000001, 32))],
[(ExprId("EXC", 32), ExprInt(0xF0000001 + (1 << 5), 32))])
def test_sll3(self):
"""Test SLL3 execution"""
# SLL3 R0,Rn,imm5
exec_instruction("SLL3 R0, R1, 2",
[(ExprId("R1", 32), ExprInt(4, 32))],
[(ExprId("R0", 32), ExprInt(16, 32))])
exec_instruction("SLL3 R0, R1, 2",
[(ExprId("R1", 32), ExprInt(0xC0000000, 32))],
[(ExprId("R0", 32), ExprInt(0, 32))])
def test_movu(self):
"""Test MOVU execution"""
# MOVU Rn[0-7],imm24
exec_instruction("MOVU R1, 0xFF2807", [],
[(ExprId("R1", 32), ExprInt(0xFF2807, 32))],
index=1)
# MOVU Rn,imm16
exec_instruction("MOVU R10, 0x2807", [],
[(ExprId("R10", 32), ExprInt(0x2807, 32))])