diff options
29 files changed, 1131 insertions, 111 deletions
diff --git a/example/ida/graph_ir.py b/example/ida/graph_ir.py index 7e8c616f..dee4e281 100644 --- a/example/ida/graph_ir.py +++ b/example/ida/graph_ir.py @@ -11,7 +11,6 @@ import idc import ida_funcs import idautils -from miasm.core.asmblock import is_int from miasm.core.bin_stream_ida import bin_stream_ida from miasm.expression.simplifications import expr_simp from miasm.ir.ir import IRBlock, AssignBlock @@ -83,7 +82,7 @@ Options: def label_init(self, name="", offset=None): self.fixedblocs = False - if is_int(name): + if isinstance(name, int_types): name = "loc_%X" % (int(name) & 0xFFFFFFFFFFFFFFFF) self.name = name self.attrib = None diff --git a/miasm/analysis/dse.py b/miasm/analysis/dse.py index 9cc342c7..4d2655df 100644 --- a/miasm/analysis/dse.py +++ b/miasm/analysis/dse.py @@ -250,7 +250,7 @@ class DSEEngine(object): def add_lib_handler(self, libimp, namespace): """Add search for handler based on a @libimp libimp instance - Known functions will be looked by {name}_symb in the @namespace + Known functions will be looked by {name}_symb or {name}_{ord}_symb in the @namespace """ namespace = dict( (force_bytes(name), func) for name, func in viewitems(namespace) @@ -258,12 +258,18 @@ class DSEEngine(object): # lambda cannot contain statement def default_func(dse): - fname = b"%s_symb" % force_bytes(libimp.fad2cname[dse.jitter.pc]) + fname = libimp.fad2cname[dse.jitter.pc] + if isinstance(fname, tuple): + fname = b"%s_%d_symb" % (force_bytes(fname[0]), fname[1]) + else: + fname = b"%s_symb" % force_bytes(fname) raise RuntimeError("Symbolic stub '%s' not found" % fname) for addr, fname in viewitems(libimp.fad2cname): - fname = force_bytes(fname) - fname = b"%s_symb" % fname + if isinstance(fname, tuple): + fname = b"%s_%d_symb" % (force_bytes(fname[0]), fname[1]) + else: + fname = b"%s_symb" % force_bytes(fname) func = namespace.get(fname, None) if func is not None: self.add_handler(addr, func) diff --git a/miasm/analysis/modularintervals.py b/miasm/analysis/modularintervals.py index 0df01911..67eda9dc 100644 --- a/miasm/analysis/modularintervals.py +++ b/miasm/analysis/modularintervals.py @@ -5,6 +5,7 @@ from builtins import int as int_types from itertools import product from miasm.core.interval import interval +from miasm.core.utils import size2mask class ModularIntervals(object): """Intervals with a maximum size, supporting modular arithmetic""" @@ -31,12 +32,6 @@ class ModularIntervals(object): assert end <= self.mask # Helpers - - @staticmethod - def size2mask(size): - """Return the bit mask of size @size""" - return (1 << size) - 1 - def _range2interval(func): """Convert a function taking 2 ranges to a function taking a ModularIntervals and applying to the current instance""" @@ -472,7 +467,7 @@ class ModularIntervals(object): @property def mask(self): """Return the mask corresponding to the instance size""" - return ModularIntervals.size2mask(self.size) + return size2mask(self.size) def __iter__(self): return iter(self.intervals) @@ -496,7 +491,7 @@ class ModularIntervals(object): # Increasing size is always safe if new_size < self.size: # Check that current values are indeed included in the new range - assert self.intervals.hull()[1] <= ModularIntervals.size2mask(new_size) + assert self.intervals.hull()[1] <= size2mask(new_size) self.size = new_size diff --git a/miasm/arch/aarch64/arch.py b/miasm/arch/aarch64/arch.py index 768f1b03..525b015e 100644 --- a/miasm/arch/aarch64/arch.py +++ b/miasm/arch/aarch64/arch.py @@ -12,7 +12,7 @@ from miasm.core.bin_stream import bin_stream from miasm.arch.aarch64 import regs as regs_module from miasm.arch.aarch64.regs import * from miasm.core.cpu import log as log_cpu -from miasm.expression.modint import uint32, uint64, mod_size2int +from miasm.core.modint import mod_size2int from miasm.core.asm_ast import AstInt, AstId, AstMem, AstOp log = logging.getLogger("aarch64dis") @@ -1743,6 +1743,31 @@ uimm7 = bs(l=7, cls=(aarch64_uint64_noarg,), fname="imm", order=-1) uimm8 = bs(l=8, cls=(aarch64_uint64,), fname="imm", order=-1) +class op0_value(aarch64_uint64): + def decode(self, v): + v = v & self.lmask + v = self.decodeval(v) + v += 2 + e = self.int2expr(v) + if not e: + return False + self.expr = e + return True + + def encode(self): + v = self.expr2int(self.expr) + if v is None: + return False + v -= 2 + v = self.encodeval(v) + if v is False: + return False + if v > self.lmask: + return False + self.value = v + return True + +op0 = bs(l=1, cls=(op0_value, aarch64_arg), fname="op0") op1 = bs(l=3, cls=(aarch64_uint64, aarch64_arg), fname="op1") op2 = bs(l=3, cls=(aarch64_uint64, aarch64_arg), fname="op2") @@ -2133,8 +2158,9 @@ aarch64op("smc", [bs('11010100'), bs('000'), uimm16, bs('000'), bs('11')], [uimm # msr p.631 msr_name = {'MSR': 0b0, 'MRS': 0b1} bs_msr_name = bs_name(l=1, name=msr_name) -aarch64op("mrs", [bs('1101010100'), bs('1'), bs('1'), bs('1'), op1, crn, crm, op2, rt64], [rt64, op1, crn, crm, op2]) -aarch64op("msr", [bs('1101010100'), bs('0'), bs('1'), bs('1'), op1, crn, crm, op2, rt64], [op1, crn, crm, op2, rt64]) +aarch64op("mrs", [bs('1101010100'), bs('1'), bs('1'), op0, op1, crn, crm, op2, rt64], [rt64, op0, op1, crn, crm, op2]) +aarch64op("msr", [bs('1101010100'), bs('0'), bs('1'), op0, op1, crn, crm, op2, rt64], [op0, op1, crn, crm, op2, rt64]) + # load/store exclusive p.140 aarch64op("stxr", [bs('1'), sf, bs('001000'), bs('0'), bs('0'), bs('0'), rs32, bs('0'), bs('11111'), rn64_deref_nooff, rt], [rs32, rt, rn64_deref_nooff]) diff --git a/miasm/arch/aarch64/regs.py b/miasm/arch/aarch64/regs.py index 2732323f..7d19b113 100644 --- a/miasm/arch/aarch64/regs.py +++ b/miasm/arch/aarch64/regs.py @@ -25,7 +25,7 @@ gpregsz64_str = ["X%d" % i for i in range(0x1e)] + ["LR", "XZR"] gpregsz64_expr, gpregsz64_init, gpregsz64_info = gen_regs( gpregsz64_str, globals(), 64) -cr_str = ["c%d" % i for i in range(0xf)] +cr_str = ["c%d" % i for i in range(0x10)] cr_expr, cr_init, cr_info = gen_regs(cr_str, globals(), 32) @@ -45,6 +45,94 @@ simd128_str = ["Q%d" % i for i in range(0x20)] simd128_expr, simd128_init, simd128_info = gen_regs( simd128_str, globals(), 128) +sysregs_str = ['ACTLR_EL1', 'ACTLR_EL2', 'ACTLR_EL3', 'AFSR0_EL1', + 'AFSR0_EL2', 'AFSR0_EL3', 'AFSR1_EL1', 'AFSR1_EL2', 'AFSR1_EL3', + 'AIDR_EL1', 'AMAIR_EL1', 'AMAIR_EL2', 'AMAIR_EL3', 'AMCFGR_EL0', + 'AMCG1IDR_EL0', 'AMCGCR_EL0', 'AMCNTENCLR0_EL0', 'AMCNTENCLR1_EL0', + 'AMCNTENSET0_EL0', 'AMCNTENSET1_EL0', 'AMCR_EL0'] + \ + ['AMEVCNTR%d%d_EL0' % (i, j) for i in range(2) for j in range(16)] + \ + ['AMEVCNTVOFF%d%d_EL2' % (i, j) for i in range(2) for j in range(16)] + \ + ['AMEVTYPER%d%d_EL0' % (i, j) for i in range(2) for j in range(16)] + \ + ['AMUSERENR_EL0', 'APDAKeyHi_EL1', 'APDAKeyLo_EL1', 'APDBKeyHi_EL1', + 'APDBKeyLo_EL1', 'APGAKeyHi_EL1', 'APGAKeyLo_EL1', 'APIAKeyHi_EL1', + 'APIAKeyLo_EL1', 'APIBKeyHi_EL1', 'APIBKeyLo_EL1', 'CCSIDR2_EL1', + 'CCSIDR_EL1', 'CLIDR_EL1', 'CNTFRQ_EL0', 'CNTHCTL_EL2', + 'CNTHPS_CTL_EL2', 'CNTHPS_CVAL_EL2', 'CNTHPS_TVAL_EL2', 'CNTHP_CTL_EL2', + 'CNTHP_CVAL_EL2', 'CNTHP_TVAL_EL2', 'CNTHVS_CTL_EL2', 'CNTHVS_CVAL_EL2', + 'CNTHVS_TVAL_EL2', 'CNTHV_CTL_EL2', 'CNTHV_CVAL_EL2', 'CNTHV_TVAL_EL2', + 'CNTKCTL_EL1', 'CNTPCTSS_EL0', 'CNTPCT_EL0', 'CNTPOFF_EL2', + 'CNTPS_CTL_EL1', 'CNTPS_CVAL_EL1', 'CNTPS_TVAL_EL1', 'CNTP_CTL_EL0', + 'CNTP_CVAL_EL0', 'CNTP_TVAL_EL0', 'CNTVCTSS_EL0', 'CNTVCT_EL0', + 'CNTVOFF_EL2', 'CNTV_CTL_EL0', 'CNTV_CVAL_EL0', 'CNTV_TVAL_EL0', + 'CONTEXTIDR_EL1', 'CONTEXTIDR_EL2', 'CPACR_EL1', 'CPTR_EL2', + 'CPTR_EL3', 'CSSELR_EL1', 'CTR_EL0', 'DACR32_EL2', 'DBGAUTHSTATUS_EL1'] + \ + ['DBGBCR%d_EL1' % i for i in range(16)] + \ + ['DBGBVR%d_EL1' % i for i in range(16)] + \ + ['DBGCLAIMCLR_EL1', 'DBGCLAIMSET_EL1', 'DBGDTRRX_EL0', 'DBGDTRTX_EL0', + 'DBGDTR_EL0', 'DBGPRCR_EL1', 'DBGVCR32_EL2'] + \ + ['DBGWCR%d_EL1' % i for i in range(16)] + \ + ['DBGWVR%d_EL1' % i for i in range(16)] + \ + ['DCZID_EL0', 'DISR_EL1', 'ELR_EL1', 'ERRIDR_EL1', + 'ERRSELR_EL1','ERXADDR_EL1', 'ERXCTLR_EL1', 'ERXFR_EL1', + 'ERXMISC0_EL1', 'ERXMISC1_EL1', 'ERXMISC2_EL1', 'ERXMISC3_EL1', + 'ERXPFGCDN_EL1', 'ERXPFGCTL_EL1', 'ERXPFGF_EL1', 'ERXSTATUS_EL1', + 'ESR_EL1', 'ESR_EL2', 'ESR_EL3', 'FAR_EL1', + 'FAR_EL2', 'FAR_EL3', 'FPEXC32_EL2', 'HACR_EL2', + 'HAFGRTR_EL2', 'HCR_EL2', 'HDFGRTR_EL2', 'HDFGWTR_EL2', + 'HFGITR_EL2', 'HFGRTR_EL2', 'HFGWTR_EL2', 'HPFAR_EL2', + 'HSTR_EL2', 'ICC_AP0R0_EL1', 'ICC_AP0R1_EL1', 'ICC_AP0R2_EL1', + 'ICC_AP0R3_EL1', 'ICC_AP1R0_EL1', 'ICC_AP1R1_EL1', 'ICC_AP1R2_EL1', + 'ICC_AP1R3_EL1', 'ICC_ASGI1R_EL1', 'ICC_BPR0_EL1', 'ICC_BPR1_EL1', + 'ICC_CTLR_EL1', 'ICC_CTLR_EL3', 'ICC_DIR_EL1', 'ICC_EOIR0_EL1', + 'ICC_EOIR1_EL1', 'ICC_HPPIR0_EL1', 'ICC_HPPIR1_EL1', 'ICC_IAR0_EL1', + 'ICC_IAR1_EL1', 'ICC_IGRPEN0_EL1', 'ICC_IGRPEN1_EL1', 'ICC_IGRPEN1_EL3', + 'ICC_PMR_EL1', 'ICC_RPR_EL1', 'ICC_SGI0R_EL1', 'ICC_SGI1R_EL1', + 'ICC_SRE_EL1', 'ICC_SRE_EL2', 'ICC_SRE_EL3', 'ICH_AP0R0_EL2', + 'ICH_AP0R1_EL2', 'ICH_AP0R2_EL2', 'ICH_AP0R3_EL2', 'ICH_AP1R0_EL2', + 'ICH_AP1R1_EL2', 'ICH_AP1R2_EL2', 'ICH_AP1R3_EL2', 'ICH_EISR_EL2', + 'ICH_ELRSR_EL2', 'ICH_HCR_EL2'] + \ + ['ICH_LR%d_EL2' % i for i in range(16)] + \ + ['ICH_MISR_EL2', 'ICH_VMCR_EL2', 'ICH_VTR_EL2', 'ID_AA64AFR0_EL1', + 'ID_AA64AFR1_EL1', 'ID_AA64DFR0_EL1', 'ID_AA64DFR1_EL1', 'ID_AA64ISAR0_EL1', + 'ID_AA64ISAR1_EL1', 'ID_AA64MMFR0_EL1','ID_AA64MMFR1_EL1', 'ID_AA64MMFR2_EL1', + 'ID_AA64PFR0_EL1', 'ID_AA64PFR1_EL1', 'ID_AA64ZFR0_EL1', 'ID_AFR0_EL1', + 'ID_DFR0_EL1', 'ID_ISAR0_EL1', 'ID_ISAR1_EL1', 'ID_ISAR2_EL1', + 'ID_ISAR3_EL1', 'ID_ISAR4_EL1', 'ID_ISAR5_EL1', 'ID_MMFR0_EL1', + 'ID_MMFR1_EL1', 'ID_MMFR2_EL1', 'ID_MMFR3_EL1', 'ID_MMFR4_EL1', + 'ID_MMFR5_EL1', 'ID_PFR0_EL1', 'ID_PFR1_EL1', 'ID_PFR2_EL1', + 'IFSR32_EL2', 'ISR_EL1', 'LORC_EL1', 'LOREA_EL1', + 'LORID_EL1', 'LORN_EL1', 'LORSA_EL1', 'MAIR_EL1', + 'MAIR_EL2', 'MAIR_EL3', 'MDCCINT_EL1', 'MDCCSR_EL0', + 'MDCR_EL2', 'MDCR_EL3', 'MDRAR_EL1', 'MDSCR_EL1', + 'MIDR_EL1', 'MPIDR_EL1', 'MVFR0_EL1', 'MVFR1_EL1', + 'MVFR2_EL1', 'OSDLR_EL1', 'OSDTRRX_EL1', 'OSDTRTX_EL1', + 'OSECCR_EL1', 'OSLAR_EL1', 'OSLSR_EL1', 'PAR_EL1', + 'PMBIDR_EL1', 'PMBLIMITR_EL1', 'PMBPTR_EL1', 'PMBSR_EL1', + 'PMCCFILTR_EL0', 'PMCCNTR_EL0', 'PMCEID0_EL0', 'PMCEID1_EL0', + 'PMCNTENCLR_EL0', 'PMCNTENSET_EL0', 'PMCR_EL0'] + \ + ['PMEVCNTR%d_EL0' % i for i in range(32)] + \ + ['PMEVTYPER%d_EL0' % i for i in range(32)] + \ + ['PMINTENCLR_EL1', 'PMINTENSET_EL1', 'PMMIR_EL1', 'PMOVSCLR_EL0', + 'PMOVSSET_EL0', 'PMSCR_EL1', 'PMSCR_EL2', 'PMSELR_EL0', + 'PMSEVFR_EL1', 'PMSFCR_EL1', 'PMSICR_EL1', 'PMSIDR_EL1', + 'PMSIRR_EL1', 'PMSLATFR_EL1', 'PMSWINC_EL0', 'PMUSERENR_EL0', + 'PMXEVCNTR_EL0', 'PMXEVTYPER_EL0', 'REVIDR_EL1', 'RMR_EL1', + 'RMR_EL2', 'RMR_EL3', 'RVBAR_EL1', 'RVBAR_EL2', + 'RVBAR_EL3', 'SCRLR_EL1', 'SCR_EL3', 'SCTLR_EL1', + 'SCTLR_EL2', 'SCTLR_EL3', 'SDER32_EL2', 'SDER32_EL3', + 'SPSR_EL1', 'TCR_EL1', 'TCR_EL2', 'TCR_EL3', + 'TPIDRRO_EL0', 'TPIDR_EL0', 'TPIDR_EL1', 'TPIDR_EL2', + 'TPIDR_EL3', 'TRFCR_EL1', 'TRFCR_EL2', 'TTBR0_EL1', + 'TTBR0_EL2', 'TTBR0_EL3', 'TTBR1_EL1', 'VBAR_EL1', + 'VBAR_EL2', 'VBAR_EL3', 'VDISR_EL2', 'VMPIDR_EL2', + 'VNCR_EL2', 'VPIDR_EL2', 'VSESR_EL2', 'VSTCR_EL2', + 'VSTTBR_EL2', 'VTCR_EL2', 'VTTBR_EL2', 'ZCR_EL1', + 'ZCR_EL2', 'ZCR_EL3', 'ELR_EL2', 'ELR_EL3', + 'FPCR', 'FPSR', 'SP_EL0', 'SP_EL1', + 'SP_EL2', 'SPSR_abt', 'SPSR_EL2', + 'SPSR_EL3', 'SPSR_fiq', 'SPSR_irq', 'SPSR_und', + 'DLR_EL0', 'DSPSR_EL0'] +sysregs_expr, sysregs_init, sysregs_info = gen_regs(sysregs_str, globals(), 64) PC, _ = gen_reg("PC", 64) WZR, _ = gen_reg("WZR", 32) @@ -59,15 +147,53 @@ reg_nf = 'nf' reg_of = 'of' reg_cf = 'cf' +reg_df = 'df' +reg_af = 'af' +reg_iff = 'if' +reg_ff = 'ff' + +reg_cur_el = 'cur_el' +reg_dit = 'dit' +reg_pan = 'pan' +reg_spsel = 'spsel' +reg_ssbs = 'ssbs' +reg_tco = 'tco' +reg_uao = 'uao' + zf = ExprId(reg_zf, size=1) nf = ExprId(reg_nf, size=1) of = ExprId(reg_of, size=1) cf = ExprId(reg_cf, size=1) +df = ExprId(reg_df, size=1) +af = ExprId(reg_af, size=1) +iff = ExprId(reg_iff, size=1) +ff = ExprId(reg_ff, size=1) + +cur_el = ExprId(reg_cur_el, size=2) +dit = ExprId(reg_dit, size=1) +pan = ExprId(reg_pan, size=1) +spsel = ExprId(reg_spsel, size=1) +ssbs = ExprId(reg_ssbs, size=1) +tco = ExprId(reg_tco, size=1) +uao = ExprId(reg_uao, size=1) + + zf_init = ExprId("zf_init", size=1) nf_init = ExprId("nf_init", size=1) of_init = ExprId("of_init", size=1) cf_init = ExprId("cf_init", size=1) +df_init = ExprId("df_init", size=1) +af_init = ExprId("af_init", size=1) +iff_init = ExprId("if_init", size=1) +ff_init = ExprId("ff_init", size=1) +cur_el_init = ExprId("cur_el_init", size=2) +dit_init = ExprId("dit_init", size=1) +pan_init = ExprId("pan_init", size=1) +spsel_init = ExprId("spsel_init", size=1) +ssbs_init = ExprId("ssbs_init", size=1) +tco_init = ExprId("tco_init", size=1) +uao_init = ExprId("uao_init", size=1) all_regs_ids = [ @@ -98,8 +224,9 @@ all_regs_ids = [ WZR, XZR, zf, nf, of, cf, - -] + df, af, iff, ff, + cur_el, dit, pan, spsel, ssbs, tco, uao, +] + sysregs_expr all_regs_ids_no_alias = all_regs_ids diff --git a/miasm/arch/aarch64/sem.py b/miasm/arch/aarch64/sem.py index 2761aed4..915cd02e 100644 --- a/miasm/arch/aarch64/sem.py +++ b/miasm/arch/aarch64/sem.py @@ -9,6 +9,733 @@ from miasm.arch.aarch64.regs import * from miasm.core.sembuilder import SemBuilder from miasm.jitter.csts import EXCEPT_DIV_BY_ZERO, EXCEPT_INT_XX +# System register for ARM64-A 8.6 +system_regs = { + # op0 op1 crn crm op2 + (2, 0, 0, 0, 2): OSDTRRX_EL1, + + (2, 0, 0, 2, 0): MDCCINT_EL1, + (2, 0, 0, 2, 2): MDSCR_EL1, + + (2, 0, 0, 3, 2): OSDTRTX_EL1, + + (2, 0, 0, 6, 2): OSECCR_EL1, + + (2, 0, 0, 0, 4): DBGBVR0_EL1, + (2, 0, 0, 1, 4): DBGBVR1_EL1, + (2, 0, 0, 2, 4): DBGBVR2_EL1, + (2, 0, 0, 3, 4): DBGBVR3_EL1, + (2, 0, 0, 4, 4): DBGBVR4_EL1, + (2, 0, 0, 5, 4): DBGBVR5_EL1, + (2, 0, 0, 6, 4): DBGBVR6_EL1, + (2, 0, 0, 7, 4): DBGBVR7_EL1, + (2, 0, 0, 8, 4): DBGBVR8_EL1, + (2, 0, 0, 9, 4): DBGBVR9_EL1, + (2, 0, 0, 10, 4): DBGBVR10_EL1, + (2, 0, 0, 11, 4): DBGBVR11_EL1, + (2, 0, 0, 12, 4): DBGBVR12_EL1, + (2, 0, 0, 13, 4): DBGBVR13_EL1, + (2, 0, 0, 14, 4): DBGBVR14_EL1, + (2, 0, 0, 15, 4): DBGBVR15_EL1, + + (2, 0, 0, 0, 5): DBGBCR0_EL1, + (2, 0, 0, 1, 5): DBGBCR1_EL1, + (2, 0, 0, 2, 5): DBGBCR2_EL1, + (2, 0, 0, 3, 5): DBGBCR3_EL1, + (2, 0, 0, 4, 5): DBGBCR4_EL1, + (2, 0, 0, 5, 5): DBGBCR5_EL1, + (2, 0, 0, 6, 5): DBGBCR6_EL1, + (2, 0, 0, 7, 5): DBGBCR7_EL1, + (2, 0, 0, 8, 5): DBGBCR8_EL1, + (2, 0, 0, 9, 5): DBGBCR9_EL1, + (2, 0, 0, 10, 5): DBGBCR10_EL1, + (2, 0, 0, 11, 5): DBGBCR11_EL1, + (2, 0, 0, 12, 5): DBGBCR12_EL1, + (2, 0, 0, 13, 5): DBGBCR13_EL1, + (2, 0, 0, 14, 5): DBGBCR14_EL1, + (2, 0, 0, 15, 5): DBGBCR15_EL1, + + (2, 0, 0, 0, 6): DBGWVR0_EL1, + (2, 0, 0, 1, 6): DBGWVR1_EL1, + (2, 0, 0, 2, 6): DBGWVR2_EL1, + (2, 0, 0, 3, 6): DBGWVR3_EL1, + (2, 0, 0, 4, 6): DBGWVR4_EL1, + (2, 0, 0, 5, 6): DBGWVR5_EL1, + (2, 0, 0, 6, 6): DBGWVR6_EL1, + (2, 0, 0, 7, 6): DBGWVR7_EL1, + (2, 0, 0, 8, 6): DBGWVR8_EL1, + (2, 0, 0, 9, 6): DBGWVR9_EL1, + (2, 0, 0, 10, 6): DBGWVR10_EL1, + (2, 0, 0, 11, 6): DBGWVR11_EL1, + (2, 0, 0, 12, 6): DBGWVR12_EL1, + (2, 0, 0, 13, 6): DBGWVR13_EL1, + (2, 0, 0, 14, 6): DBGWVR14_EL1, + (2, 0, 0, 15, 6): DBGWVR15_EL1, + + (2, 0, 0, 0, 7): DBGWCR0_EL1, + (2, 0, 0, 1, 7): DBGWCR1_EL1, + (2, 0, 0, 2, 7): DBGWCR2_EL1, + (2, 0, 0, 3, 7): DBGWCR3_EL1, + (2, 0, 0, 4, 7): DBGWCR4_EL1, + (2, 0, 0, 5, 7): DBGWCR5_EL1, + (2, 0, 0, 6, 7): DBGWCR6_EL1, + (2, 0, 0, 7, 7): DBGWCR7_EL1, + (2, 0, 0, 8, 7): DBGWCR8_EL1, + (2, 0, 0, 9, 7): DBGWCR9_EL1, + (2, 0, 0, 10, 7): DBGWCR10_EL1, + (2, 0, 0, 11, 7): DBGWCR11_EL1, + (2, 0, 0, 12, 7): DBGWCR12_EL1, + (2, 0, 0, 13, 7): DBGWCR13_EL1, + (2, 0, 0, 14, 7): DBGWCR14_EL1, + (2, 0, 0, 15, 7): DBGWCR15_EL1, + + (2, 0, 1, 0, 0): MDRAR_EL1, + (2, 0, 1, 0, 4): OSLAR_EL1, + + (2, 0, 1, 1, 4): OSLSR_EL1, + + (2, 0, 1, 3, 4): OSDLR_EL1, + + (2, 0, 1, 4, 4): DBGPRCR_EL1, + + (2, 0, 7, 8, 6): DBGCLAIMSET_EL1, + + (2, 0, 7, 9, 6): DBGCLAIMCLR_EL1, + + (2, 0, 7, 14, 6): DBGAUTHSTATUS_EL1, + + (2, 3, 0, 1, 0): MDCCSR_EL0, + + (2, 3, 0, 4, 0): DBGDTR_EL0, + + (2, 3, 0, 5, 0): DBGDTRRX_EL0, + (2, 3, 0, 5, 1): DBGDTRTX_EL0, + + (2, 4, 0, 7, 0): DBGVCR32_EL2, + + (3, 0, 0, 0, 0): MIDR_EL1, + (3, 0, 0, 0, 5): MPIDR_EL1, + (3, 0, 0, 0, 6): REVIDR_EL1, + + (3, 0, 0, 1, 0): ID_PFR0_EL1, + (3, 0, 0, 1, 1): ID_PFR1_EL1, + (3, 0, 0, 1, 2): ID_DFR0_EL1, + (3, 0, 0, 1, 3): ID_AFR0_EL1, + (3, 0, 0, 1, 4): ID_MMFR0_EL1, + (3, 0, 0, 1, 5): ID_MMFR1_EL1, + (3, 0, 0, 1, 6): ID_MMFR2_EL1, + (3, 0, 0, 1, 7): ID_MMFR3_EL1, + + (3, 0, 0, 2, 0): ID_ISAR0_EL1, + (3, 0, 0, 2, 1): ID_ISAR1_EL1, + (3, 0, 0, 2, 2): ID_ISAR2_EL1, + (3, 0, 0, 2, 3): ID_ISAR3_EL1, + (3, 0, 0, 2, 4): ID_ISAR4_EL1, + (3, 0, 0, 2, 5): ID_ISAR5_EL1, + (3, 0, 0, 2, 6): ID_MMFR4_EL1, + + (3, 0, 0, 3, 0): MVFR0_EL1, + (3, 0, 0, 3, 1): MVFR1_EL1, + (3, 0, 0, 3, 2): MVFR2_EL1, + (3, 0, 0, 3, 4): ID_PFR2_EL1, + (3, 0, 0, 3, 6): ID_MMFR5_EL1, + + (3, 0, 0, 4, 0): ID_AA64PFR0_EL1, + (3, 0, 0, 4, 1): ID_AA64PFR1_EL1, + (3, 0, 0, 4, 4): ID_AA64ZFR0_EL1, + + (3, 0, 0, 5, 0): ID_AA64DFR0_EL1, + (3, 0, 0, 5, 1): ID_AA64DFR1_EL1, + (3, 0, 0, 5, 4): ID_AA64AFR0_EL1, + (3, 0, 0, 5, 5): ID_AA64AFR1_EL1, + + (3, 0, 0, 6, 0): ID_AA64ISAR0_EL1, + (3, 0, 0, 6, 1): ID_AA64ISAR1_EL1, + + (3, 0, 0, 7, 0): ID_AA64MMFR0_EL1, + (3, 0, 0, 7, 1): ID_AA64MMFR1_EL1, + (3, 0, 0, 7, 2): ID_AA64MMFR2_EL1, + + (3, 0, 1, 0, 0): SCRLR_EL1, + (3, 0, 1, 0, 1): ACTLR_EL1, + (3, 0, 1, 0, 2): CPACR_EL1, + + (3, 0, 1, 2, 0): ZCR_EL1, + (3, 0, 1, 2, 1): TRFCR_EL1, + + (3, 0, 2, 0, 0): TTBR0_EL1, + (3, 0, 2, 0, 1): TTBR1_EL1, + (3, 0, 2, 0, 2): TCR_EL1, + + (3, 0, 2, 1, 0): APIAKeyLo_EL1, + (3, 0, 2, 1, 1): APIAKeyHi_EL1, + (3, 0, 2, 1, 2): APIBKeyLo_EL1, + (3, 0, 2, 1, 3): APIBKeyHi_EL1, + + (3, 0, 2, 2, 0): APDAKeyLo_EL1, + (3, 0, 2, 2, 1): APDAKeyHi_EL1, + (3, 0, 2, 2, 2): APDBKeyLo_EL1, + (3, 0, 2, 2, 3): APDBKeyHi_EL1, + + (3, 0, 2, 3, 0): APGAKeyLo_EL1, + (3, 0, 2, 3, 1): APGAKeyHi_EL1, + + (3, 0, 4, 1, 0): SP_EL0, + (3, 0, 4, 6, 0): ICC_PMR_EL1, # Alias ICV_PMR_EL1 + + (3, 0, 5, 1, 0): AFSR0_EL1, + (3, 0, 5, 1, 1): AFSR1_EL1, + + (3, 0, 5, 2, 0): ESR_EL1, + + (3, 0, 5, 3, 0): ERRIDR_EL1, + (3, 0, 5, 3, 1): ERRSELR_EL1, + + (3, 0, 5, 4, 0): ERXFR_EL1, + (3, 0, 5, 4, 1): ERXCTLR_EL1, + (3, 0, 5, 4, 2): ERXSTATUS_EL1, + (3, 0, 5, 4, 3): ERXADDR_EL1, + (3, 0, 5, 4, 4): ERXPFGF_EL1, + (3, 0, 5, 4, 5): ERXPFGCTL_EL1, + (3, 0, 5, 4, 6): ERXPFGCDN_EL1, + + (3, 0, 5, 5, 0): ERXMISC0_EL1, + (3, 0, 5, 5, 1): ERXMISC1_EL1, + (3, 0, 5, 5, 2): ERXMISC2_EL1, + (3, 0, 5, 5, 3): ERXMISC3_EL1, + + (3, 0, 6, 0, 0): FAR_EL1, + + (3, 0, 7, 4, 0): PAR_EL1, + + (3, 0, 9, 9, 0): PMSCR_EL1, + (3, 0, 9, 9, 2): PMSICR_EL1, + (3, 0, 9, 9, 3): PMSIRR_EL1, + (3, 0, 9, 9, 4): PMSFCR_EL1, + (3, 0, 9, 9, 5): PMSEVFR_EL1, + (3, 0, 9, 9, 6): PMSLATFR_EL1, + (3, 0, 9, 9, 7): PMSIDR_EL1, + + (3, 0, 9, 10, 0): PMBLIMITR_EL1, + (3, 0, 9, 10, 1): PMBPTR_EL1, + (3, 0, 9, 10, 3): PMBSR_EL1, + (3, 0, 9, 10, 7): PMBIDR_EL1, + + (3, 0, 9, 14, 1): PMINTENSET_EL1, + (3, 0, 9, 14, 2): PMINTENCLR_EL1, + (3, 0, 9, 14, 6): PMMIR_EL1, + + (3, 0, 10, 2, 0): MAIR_EL1, + + (3, 0, 10, 3, 0): AMAIR_EL1, + + (3, 0, 10, 4, 0): LORSA_EL1, + (3, 0, 10, 4, 1): LOREA_EL1, + (3, 0, 10, 4, 2): LORN_EL1, + (3, 0, 10, 4, 3): LORC_EL1, + (3, 0, 10, 4, 7): LORID_EL1, + + (3, 0, 12, 0, 0): VBAR_EL1, + (3, 0, 12, 0, 1): RVBAR_EL1, + (3, 0, 12, 0, 2): RMR_EL1, + + (3, 0, 12, 1, 0): ISR_EL1, + (3, 0, 12, 1, 1): DISR_EL1, + + (3, 0, 12, 8, 0): ICC_IAR0_EL1, # Alias ICV_IAR0_EL1 + (3, 0, 12, 8, 1): ICC_EOIR0_EL1, # Alias ICV_EOIR0_EL1 + (3, 0, 12, 8, 2): ICC_HPPIR0_EL1, # Alias ICV_HPPIR0_EL1 + (3, 0, 12, 8, 3): ICC_BPR0_EL1, # Alias ICV_BPR0_EL1 + (3, 0, 12, 8, 4): ICC_AP0R0_EL1, # Alias ICV_AP0R0_EL1 + (3, 0, 12, 8, 5): ICC_AP0R1_EL1, # Alias ICV_AP0R1_EL1 + (3, 0, 12, 8, 6): ICC_AP0R2_EL1, # Alias ICV_AP0R2_EL1 + (3, 0, 12, 8, 7): ICC_AP0R3_EL1, # Alias ICV_AP0R3_EL1 + + (3, 0, 12, 9, 0): ICC_AP1R0_EL1, # Alias ICV_AP1R0_EL1 + (3, 0, 12, 9, 1): ICC_AP1R1_EL1, # Alias ICV_AP1R1_EL1 + (3, 0, 12, 9, 2): ICC_AP1R2_EL1, # Alias ICV_AP1R2_EL1 + (3, 0, 12, 9, 3): ICC_AP1R3_EL1, # Alias ICV_AP1R3_EL1 + + (3, 0, 12, 11, 1): ICC_DIR_EL1, # Alias ICV_DIR_EL1 + (3, 0, 12, 11, 3): ICC_RPR_EL1, # Alias ICV_RPR_EL1 + (3, 0, 12, 11, 5): ICC_SGI1R_EL1, + (3, 0, 12, 11, 6): ICC_ASGI1R_EL1, + (3, 0, 12, 11, 7): ICC_SGI0R_EL1, + + (3, 0, 12, 12, 0): ICC_IAR1_EL1, # Alias ICV_IAR1_EL1 + (3, 0, 12, 12, 1): ICC_EOIR1_EL1, # Alias ICV_EOIR1_EL1 + (3, 0, 12, 12, 2): ICC_HPPIR1_EL1, # Alias ICV_HPPIR1_EL1 + (3, 0, 12, 12, 3): ICC_BPR1_EL1, # Alias ICV_BPR1_EL1 + (3, 0, 12, 12, 4): ICC_CTLR_EL1, # Alias ICV_CTLR_EL1 + (3, 0, 12, 12, 5): ICC_SRE_EL1, + (3, 0, 12, 12, 6): ICC_IGRPEN0_EL1, # Alias ICV_IGRPEN0_EL1 + (3, 0, 12, 12, 7): ICC_IGRPEN1_EL1, # Alias ICV_IGRPEN1_EL1 + + (3, 0, 13, 0, 1): CONTEXTIDR_EL1, + (3, 0, 13, 0, 4): TPIDR_EL1, + + (3, 0, 14, 1, 0): CNTKCTL_EL1, + + (3, 1, 0, 0, 0): CCSIDR_EL1, + (3, 1, 0, 0, 1): CLIDR_EL1, + (3, 1, 0, 0, 2): CCSIDR2_EL1, + (3, 1, 0, 0, 7): AIDR_EL1, + + (3, 2, 0, 0, 0): CSSELR_EL1, + (3, 0, 0, 0, 1): CTR_EL0, + + (3, 3, 0, 0, 7): DCZID_EL0, + + (3, 3, 4, 4, 0): FPCR, + (3, 3, 4, 4, 1): FPSR, + + (3, 3, 4, 5, 0): DSPSR_EL0, + (3, 3, 4, 5, 1): DLR_EL0, + + (3, 4, 4, 0, 0): SPSR_EL2, + (3, 4 ,4, 0, 1): ELR_EL2, + + (3, 4, 4, 1, 0): SP_EL1, + + (3, 4, 4, 3, 0): SPSR_irq, + (3, 4, 4, 3, 1): SPSR_abt, + (3, 4, 4, 3, 2): SPSR_und, + (3, 4, 4, 3, 3): SPSR_fiq, + + (3, 3, 9, 12, 0): PMCR_EL0, + (3, 3, 9, 12, 1): PMCNTENSET_EL0, + (3, 3, 9, 12, 2): PMCNTENCLR_EL0, + (3, 3, 9, 12, 3): PMOVSCLR_EL0, + (3, 3, 9, 12, 4): PMSWINC_EL0, + (3, 3, 9, 12, 5): PMSELR_EL0, + (3, 3, 9, 12, 6): PMCEID0_EL0, + (3, 3, 9, 12, 7): PMCEID1_EL0, + + (3, 3, 9, 13, 0): PMCCNTR_EL0, + (3, 3, 9, 13, 1): PMXEVTYPER_EL0, + (3, 3, 9, 13, 2): PMXEVCNTR_EL0, + + (3, 3, 9, 14, 0): PMUSERENR_EL0, + (3, 3, 9, 14, 3): PMOVSSET_EL0, + + (3, 3, 13, 0, 2): TPIDR_EL0, + (3, 3, 13, 0, 3): TPIDRRO_EL0, + + (3, 3, 13, 2, 0): AMCR_EL0, + (3, 3, 13, 2, 1): AMCFGR_EL0, + (3, 3, 13, 2, 2): AMCGCR_EL0, + (3, 3, 13, 2, 3): AMUSERENR_EL0, + (3, 3, 13, 2, 4): AMCNTENCLR0_EL0, + (3, 3, 13, 2, 5): AMCNTENSET0_EL0, + (3, 3, 13, 2, 6): AMCG1IDR_EL0, + + (3, 3, 13, 3, 0): AMCNTENCLR1_EL0, + (3, 3, 13, 3, 1): AMCNTENSET1_EL0, + + (3, 3, 13, 4, 0): AMEVCNTR00_EL0, + (3, 3, 13, 4, 1): AMEVCNTR01_EL0, + (3, 3, 13, 4, 2): AMEVCNTR02_EL0, + (3, 3, 13, 4, 3): AMEVCNTR03_EL0, + (3, 3, 13, 4, 4): AMEVCNTR04_EL0, + (3, 3, 13, 4, 5): AMEVCNTR05_EL0, + (3, 3, 13, 4, 6): AMEVCNTR06_EL0, + (3, 3, 13, 4, 7): AMEVCNTR07_EL0, + + (3, 3, 13, 5, 0): AMEVCNTR08_EL0, + (3, 3, 13, 5, 1): AMEVCNTR09_EL0, + (3, 3, 13, 5, 2): AMEVCNTR010_EL0, + (3, 3, 13, 5, 3): AMEVCNTR011_EL0, + (3, 3, 13, 5, 4): AMEVCNTR012_EL0, + (3, 3, 13, 5, 5): AMEVCNTR013_EL0, + (3, 3, 13, 5, 6): AMEVCNTR014_EL0, + (3, 3, 13, 5, 7): AMEVCNTR015_EL0, + + (3, 3, 13, 6, 0): AMEVTYPER00_EL0, + (3, 3, 13, 6, 1): AMEVTYPER01_EL0, + (3, 3, 13, 6, 2): AMEVTYPER02_EL0, + (3, 3, 13, 6, 3): AMEVTYPER03_EL0, + (3, 3, 13, 6, 4): AMEVTYPER04_EL0, + (3, 3, 13, 6, 5): AMEVTYPER05_EL0, + (3, 3, 13, 6, 6): AMEVTYPER06_EL0, + (3, 3, 13, 6, 7): AMEVTYPER07_EL0, + + (3, 3, 13, 7, 0): AMEVTYPER08_EL0, + (3, 3, 13, 7, 1): AMEVTYPER09_EL0, + (3, 3, 13, 7, 2): AMEVTYPER010_EL0, + (3, 3, 13, 7, 3): AMEVTYPER011_EL0, + (3, 3, 13, 7, 4): AMEVTYPER012_EL0, + (3, 3, 13, 7, 5): AMEVTYPER013_EL0, + (3, 3, 13, 7, 6): AMEVTYPER014_EL0, + (3, 3, 13, 7, 7): AMEVTYPER015_EL0, + + (3, 3, 13, 12, 0): AMEVCNTR10_EL0, + (3, 3, 13, 12, 1): AMEVCNTR11_EL0, + (3, 3, 13, 12, 2): AMEVCNTR12_EL0, + (3, 3, 13, 12, 3): AMEVCNTR13_EL0, + (3, 3, 13, 12, 4): AMEVCNTR14_EL0, + (3, 3, 13, 12, 5): AMEVCNTR15_EL0, + (3, 3, 13, 12, 6): AMEVCNTR16_EL0, + (3, 3, 13, 12, 7): AMEVCNTR17_EL0, + + (3, 3, 13, 13, 0): AMEVCNTR18_EL0, + (3, 3, 13, 13, 1): AMEVCNTR19_EL0, + (3, 3, 13, 13, 2): AMEVCNTR110_EL0, + (3, 3, 13, 13, 3): AMEVCNTR111_EL0, + (3, 3, 13, 13, 4): AMEVCNTR112_EL0, + (3, 3, 13, 13, 5): AMEVCNTR113_EL0, + (3, 3, 13, 13, 6): AMEVCNTR114_EL0, + (3, 3, 13, 13, 7): AMEVCNTR115_EL0, + + (3, 3, 13, 14, 0): AMEVTYPER10_EL0, + (3, 3, 13, 14, 1): AMEVTYPER11_EL0, + (3, 3, 13, 14, 2): AMEVTYPER12_EL0, + (3, 3, 13, 14, 3): AMEVTYPER13_EL0, + (3, 3, 13, 14, 4): AMEVTYPER14_EL0, + (3, 3, 13, 14, 5): AMEVTYPER15_EL0, + (3, 3, 13, 14, 6): AMEVTYPER16_EL0, + (3, 3, 13, 14, 7): AMEVTYPER17_EL0, + + (3, 3, 13, 15, 0): AMEVTYPER18_EL0, + (3, 3, 13, 15, 1): AMEVTYPER19_EL0, + (3, 3, 13, 15, 2): AMEVTYPER110_EL0, + (3, 3, 13, 15, 3): AMEVTYPER111_EL0, + (3, 3, 13, 15, 4): AMEVTYPER112_EL0, + (3, 3, 13, 15, 5): AMEVTYPER113_EL0, + (3, 3, 13, 15, 6): AMEVTYPER114_EL0, + (3, 3, 13, 15, 7): AMEVTYPER115_EL0, + + (3, 3, 14, 0, 0): CNTFRQ_EL0, + (3, 3, 14, 0, 1): CNTPCT_EL0, + (3, 3, 14, 0, 2): CNTVCT_EL0, + (3, 3, 14, 0, 5): CNTPCTSS_EL0, + (3, 3, 14, 0, 6): CNTVCTSS_EL0, + + (3, 3, 14, 2, 0): CNTP_TVAL_EL0, + (3, 3, 14, 2, 1): CNTP_CTL_EL0, + (3, 3, 14, 2, 2): CNTP_CVAL_EL0, + + (3, 3, 14, 3, 0): CNTV_TVAL_EL0, + (3, 3, 14, 3, 1): CNTV_CTL_EL0, + (3, 3, 14, 3, 2): CNTV_CVAL_EL0, + + (3, 3, 14, 8, 0): PMEVCNTR0_EL0, + (3, 3, 14, 8, 1): PMEVCNTR1_EL0, + (3, 3, 14, 8, 2): PMEVCNTR2_EL0, + (3, 3, 14, 8, 3): PMEVCNTR3_EL0, + (3, 3, 14, 8, 4): PMEVCNTR4_EL0, + (3, 3, 14, 8, 5): PMEVCNTR5_EL0, + (3, 3, 14, 8, 6): PMEVCNTR6_EL0, + (3, 3, 14, 8, 7): PMEVCNTR7_EL0, + + (3, 3, 14, 9, 0): PMEVCNTR8_EL0, + (3, 3, 14, 9, 1): PMEVCNTR9_EL0, + (3, 3, 14, 9, 2): PMEVCNTR10_EL0, + (3, 3, 14, 9, 3): PMEVCNTR11_EL0, + (3, 3, 14, 9, 4): PMEVCNTR12_EL0, + (3, 3, 14, 9, 5): PMEVCNTR13_EL0, + (3, 3, 14, 9, 6): PMEVCNTR14_EL0, + (3, 3, 14, 9, 7): PMEVCNTR15_EL0, + + (3, 3, 14, 10, 0): PMEVCNTR16_EL0, + (3, 3, 14, 10, 1): PMEVCNTR17_EL0, + (3, 3, 14, 10, 2): PMEVCNTR18_EL0, + (3, 3, 14, 10, 3): PMEVCNTR19_EL0, + (3, 3, 14, 10, 4): PMEVCNTR20_EL0, + (3, 3, 14, 10, 5): PMEVCNTR21_EL0, + (3, 3, 14, 10, 6): PMEVCNTR22_EL0, + (3, 3, 14, 10, 7): PMEVCNTR23_EL0, + + (3, 3, 14, 11, 0): PMEVCNTR24_EL0, + (3, 3, 14, 11, 1): PMEVCNTR25_EL0, + (3, 3, 14, 11, 2): PMEVCNTR26_EL0, + (3, 3, 14, 11, 3): PMEVCNTR27_EL0, + (3, 3, 14, 11, 4): PMEVCNTR28_EL0, + (3, 3, 14, 11, 5): PMEVCNTR29_EL0, + (3, 3, 14, 11, 6): PMEVCNTR30_EL0, + + (3, 3, 14, 12, 0): PMEVTYPER0_EL0, + (3, 3, 14, 12, 1): PMEVTYPER1_EL0, + (3, 3, 14, 12, 2): PMEVTYPER2_EL0, + (3, 3, 14, 12, 3): PMEVTYPER3_EL0, + (3, 3, 14, 12, 4): PMEVTYPER4_EL0, + (3, 3, 14, 12, 5): PMEVTYPER5_EL0, + (3, 3, 14, 12, 6): PMEVTYPER6_EL0, + (3, 3, 14, 12, 7): PMEVTYPER7_EL0, + + (3, 3, 14, 13, 0): PMEVTYPER8_EL0, + (3, 3, 14, 13, 1): PMEVTYPER9_EL0, + (3, 3, 14, 13, 2): PMEVTYPER10_EL0, + (3, 3, 14, 13, 3): PMEVTYPER11_EL0, + (3, 3, 14, 13, 4): PMEVTYPER12_EL0, + (3, 3, 14, 13, 5): PMEVTYPER13_EL0, + (3, 3, 14, 13, 6): PMEVTYPER14_EL0, + (3, 3, 14, 13, 7): PMEVTYPER15_EL0, + + (3, 3, 14, 14, 0): PMEVTYPER16_EL0, + (3, 3, 14, 14, 1): PMEVTYPER17_EL0, + (3, 3, 14, 14, 2): PMEVTYPER18_EL0, + (3, 3, 14, 14, 3): PMEVTYPER19_EL0, + (3, 3, 14, 14, 4): PMEVTYPER20_EL0, + (3, 3, 14, 14, 5): PMEVTYPER21_EL0, + (3, 3, 14, 14, 6): PMEVTYPER22_EL0, + (3, 3, 14, 14, 7): PMEVTYPER23_EL0, + + (3, 3, 14, 15, 0): PMEVTYPER24_EL0, + (3, 3, 14, 15, 1): PMEVTYPER25_EL0, + (3, 3, 14, 15, 2): PMEVTYPER26_EL0, + (3, 3, 14, 15, 3): PMEVTYPER27_EL0, + (3, 3, 14, 15, 4): PMEVTYPER28_EL0, + (3, 3, 14, 15, 5): PMEVTYPER29_EL0, + (3, 3, 14, 15, 6): PMEVTYPER30_EL0, + (3, 3, 14, 15, 7): PMCCFILTR_EL0, + + (3, 4, 0, 0, 0): VPIDR_EL2, + (3, 4, 0, 0, 5): VMPIDR_EL2, + + (3, 4, 1, 0, 0): SCTLR_EL2, + (3, 4, 1, 0, 5): ACTLR_EL2, + + (3, 4, 1, 1, 0): HCR_EL2, + (3, 4, 1, 1, 1): MDCR_EL2, + (3, 4, 1, 1, 2): CPTR_EL2, + (3, 4, 1, 1, 3): HSTR_EL2, + (3, 4, 1, 1, 4): HFGRTR_EL2, + (3, 4, 1, 1, 5): HFGWTR_EL2, + (3, 4, 1, 1, 6): HFGITR_EL2, + (3, 4, 1, 1, 7): HACR_EL2, + + (3, 4, 1, 2, 0): ZCR_EL2, + + (3, 4, 1, 2, 1): TRFCR_EL2, + + (3, 4, 1, 3, 1): SDER32_EL2, + + (3, 4, 2, 0, 0): TTBR0_EL2, + (3, 4, 2, 0, 2): TCR_EL2, + + (3, 4, 2, 1, 0): VTTBR_EL2, + (3, 4, 2, 1, 2): VTCR_EL2, + + (3, 4, 2, 2, 0): VNCR_EL2, + + (3, 4, 2, 6, 0): VSTTBR_EL2, + (3, 4, 2, 6, 2): VSTCR_EL2, + + (3, 4, 3, 0, 0): DACR32_EL2, + + (3, 4, 3, 1, 4): HDFGRTR_EL2, + (3, 4, 3, 1, 5): HDFGWTR_EL2, + (3, 4, 3, 1, 6): HAFGRTR_EL2, + + (3, 4, 5, 0, 1): IFSR32_EL2, + + (3, 4, 5, 1, 0): AFSR0_EL2, + (3, 4, 5, 1, 1): AFSR1_EL2, + + (3, 4, 5, 2, 0): ESR_EL2, + (3, 4, 5, 2, 3): VSESR_EL2, + + (3, 4, 5, 3, 0): FPEXC32_EL2, + + (3, 4, 6, 0, 0): FAR_EL2, + (3, 4, 6, 0, 4): HPFAR_EL2, + + (3, 4, 9, 9, 0): PMSCR_EL2, + + (3, 4, 10, 2, 0): MAIR_EL2, + + (3, 4, 10, 3, 0): AMAIR_EL2, + + (3, 4, 12, 0, 0): VBAR_EL2, + (3, 4, 12, 0, 1): RVBAR_EL2, + (3, 4, 12, 0, 2): RMR_EL2, + + (3, 4, 12, 1, 1): VDISR_EL2, + + (3, 4, 12, 8, 0): ICH_AP0R0_EL2, + (3, 4, 12, 8, 1): ICH_AP0R1_EL2, + (3, 4, 12, 8, 2): ICH_AP0R2_EL2, + (3, 4, 12, 8, 3): ICH_AP0R3_EL2, + + (3, 4, 12, 9, 0): ICH_AP1R0_EL2, + (3, 4, 12, 9, 1): ICH_AP1R1_EL2, + (3, 4, 12, 9, 2): ICH_AP1R2_EL2, + (3, 4, 12, 9, 3): ICH_AP1R3_EL2, + (3, 4, 12, 9, 5): ICC_SRE_EL2, + + (3, 4, 12, 11, 0): ICH_HCR_EL2, + (3, 4, 12, 11, 1): ICH_VTR_EL2, + (3, 4, 12, 11, 2): ICH_MISR_EL2, + (3, 4, 12, 11, 3): ICH_EISR_EL2, + (3, 4, 12, 11, 5): ICH_ELRSR_EL2, + (3, 4, 12, 11, 7): ICH_VMCR_EL2, + + (3, 4, 12, 12, 0): ICH_LR0_EL2, + (3, 4, 12, 12, 1): ICH_LR1_EL2, + (3, 4, 12, 12, 2): ICH_LR2_EL2, + (3, 4, 12, 12, 3): ICH_LR3_EL2, + (3, 4, 12, 12, 4): ICH_LR4_EL2, + (3, 4, 12, 12, 5): ICH_LR5_EL2, + (3, 4, 12, 12, 6): ICH_LR6_EL2, + (3, 4, 12, 12, 7): ICH_LR7_EL2, + + (3, 4, 12, 13, 0): ICH_LR8_EL2, + (3, 4, 12, 13, 1): ICH_LR9_EL2, + (3, 4, 12, 13, 2): ICH_LR10_EL2, + (3, 4, 12, 13, 3): ICH_LR11_EL2, + (3, 4, 12, 13, 4): ICH_LR12_EL2, + (3, 4, 12, 13, 5): ICH_LR13_EL2, + (3, 4, 12, 13, 6): ICH_LR14_EL2, + (3, 4, 12, 13, 7): ICH_LR15_EL2, + + (3, 4, 13, 0, 1): CONTEXTIDR_EL2, + (3, 4, 13, 0, 2): TPIDR_EL2, + + (3, 4, 13, 8, 0): AMEVCNTVOFF00_EL2, + (3, 4, 13, 8, 1): AMEVCNTVOFF01_EL2, + (3, 4, 13, 8, 2): AMEVCNTVOFF02_EL2, + (3, 4, 13, 8, 3): AMEVCNTVOFF03_EL2, + (3, 4, 13, 8, 4): AMEVCNTVOFF04_EL2, + (3, 4, 13, 8, 5): AMEVCNTVOFF05_EL2, + (3, 4, 13, 8, 6): AMEVCNTVOFF06_EL2, + (3, 4, 13, 8, 7): AMEVCNTVOFF07_EL2, + + (3, 4, 13, 9, 0): AMEVCNTVOFF08_EL2, + (3, 4, 13, 9, 1): AMEVCNTVOFF09_EL2, + (3, 4, 13, 9, 2): AMEVCNTVOFF010_EL2, + (3, 4, 13, 9, 3): AMEVCNTVOFF011_EL2, + (3, 4, 13, 9, 4): AMEVCNTVOFF012_EL2, + (3, 4, 13, 9, 5): AMEVCNTVOFF013_EL2, + (3, 4, 13, 9, 6): AMEVCNTVOFF014_EL2, + (3, 4, 13, 9, 7): AMEVCNTVOFF015_EL2, + + (3, 4, 13, 10, 0): AMEVCNTVOFF10_EL2, + (3, 4, 13, 10, 1): AMEVCNTVOFF11_EL2, + (3, 4, 13, 10, 2): AMEVCNTVOFF12_EL2, + (3, 4, 13, 10, 3): AMEVCNTVOFF13_EL2, + (3, 4, 13, 10, 4): AMEVCNTVOFF14_EL2, + (3, 4, 13, 10, 5): AMEVCNTVOFF15_EL2, + (3, 4, 13, 10, 6): AMEVCNTVOFF16_EL2, + (3, 4, 13, 10, 7): AMEVCNTVOFF17_EL2, + + (3, 4, 13, 11, 0): AMEVCNTVOFF18_EL2, + (3, 4, 13, 11, 1): AMEVCNTVOFF19_EL2, + (3, 4, 13, 11, 2): AMEVCNTVOFF110_EL2, + (3, 4, 13, 11, 3): AMEVCNTVOFF111_EL2, + (3, 4, 13, 11, 4): AMEVCNTVOFF112_EL2, + (3, 4, 13, 11, 5): AMEVCNTVOFF113_EL2, + (3, 4, 13, 11, 6): AMEVCNTVOFF114_EL2, + (3, 4, 13, 11, 7): AMEVCNTVOFF115_EL2, + + (3, 4, 14, 0, 3): CNTVOFF_EL2, + (3, 4, 14, 0, 6): CNTPOFF_EL2, + + (3, 4, 14, 1, 0): CNTHCTL_EL2, + + (3, 4, 14, 2, 0): CNTHP_TVAL_EL2, + (3, 4, 14, 2, 1): CNTHP_CTL_EL2, + (3, 4, 14, 2, 2): CNTHP_CVAL_EL2, + + (3, 4, 14, 3, 0): CNTHV_TVAL_EL2, + (3, 4, 14, 3, 1): CNTHV_CTL_EL2, + (3, 4, 14, 3, 2): CNTHV_CVAL_EL2, + + (3, 4, 14, 4, 0): CNTHVS_TVAL_EL2, + (3, 4, 14, 4, 1): CNTHVS_CTL_EL2, + (3, 4, 14, 4, 2): CNTHVS_CVAL_EL2, + + (3, 4, 14, 5, 0): CNTHPS_TVAL_EL2, + (3, 4, 14, 5, 1): CNTHPS_CTL_EL2, + (3, 4, 14, 5, 2): CNTHPS_CVAL_EL2, + + # Aliases for *_EL02 *_EL12 + # see page 2864 of "Arm Architecture Reference Manual Armv8, + # for Armv8-A architecture profile" Release 31 March 2020 + (3, 5, 1, 0, 0): SCTLR_EL1, + (3, 5, 1, 0, 2): CPACR_EL1, + + (3, 5, 1, 2, 0): ZCR_EL1, + (3, 5, 1, 2, 1): TRFCR_EL1, + + (3, 5, 2, 0, 0): TTBR0_EL1, + (3, 5, 2, 0, 1): TTBR1_EL1, + (3, 5, 2, 0, 2): TCR_EL1, + + (3, 5, 4, 0, 0): SPSR_EL1, + (3, 5, 4, 0, 1): ELR_EL1, + + (3, 5, 5, 1, 0): AFSR0_EL1, + (3, 5, 5, 1, 1): AFSR1_EL1, + + (3, 5, 5, 2, 0): ESR_EL1, + + (3, 5, 6, 0, 0): FAR_EL1, + + (3, 5, 9, 9, 0): PMSCR_EL1, + + (3, 5, 10, 2, 0): MAIR_EL1, + + (3, 5, 10, 3, 0): AMAIR_EL1, + + (3, 5, 12, 0, 0): VBAR_EL1, + + (3, 5, 13, 0, 0): CONTEXTIDR_EL1, + + (3, 5, 14, 1, 0): CNTKCTL_EL1, + + (3, 5, 14, 2, 0): CNTP_TVAL_EL0, + (3, 5, 14, 2, 1): CNTP_CTL_EL0, + (3, 5, 14, 2, 2): CNTP_CVAL_EL0, + + (3, 5, 14, 3, 0): CNTV_TVAL_EL0, + (3, 5, 14, 3, 1): CNTV_CTL_EL0, + (3, 5, 14, 3, 2): CNTV_CVAL_EL0, + # End of aliases + + (3, 6, 1, 0, 0): SCTLR_EL3, + (3, 6, 1, 0, 1): ACTLR_EL3, + + (3, 6, 1, 1, 0): SCR_EL3, + (3, 6, 1, 1, 1): SDER32_EL3, + (3, 6, 1, 1, 2): CPTR_EL3, + + (3, 6, 1, 2, 0): ZCR_EL3, + + (3, 6, 1, 3, 1): MDCR_EL3, + + (3, 6, 2, 0, 0): TTBR0_EL3, + (3, 6, 2, 0, 2): TCR_EL3, + + (3, 6, 4, 0, 0): SPSR_EL3, + (3, 6, 4, 0, 1): ELR_EL3, + + (3, 6, 4, 1, 0): SP_EL2, + + (3, 6, 5, 1, 0): AFSR0_EL3, + (3, 6, 5, 1, 1): AFSR1_EL3, + + (3, 6, 5, 2, 0): ESR_EL3, + + (3, 6, 6, 0, 0): FAR_EL3, + + (3, 6, 10, 2, 0): MAIR_EL3, + + (3, 6, 10, 3, 0): AMAIR_EL3, + + (3, 6, 12, 0, 0): VBAR_EL3, + (3, 6, 12, 0, 1): RVBAR_EL3, + (3, 6, 12, 0, 2): RMR_EL3, + + (3, 6, 12, 12, 4): ICC_CTLR_EL3, + (3, 6, 12, 12, 5): ICC_SRE_EL3, + (3, 6, 12, 12, 7): ICC_IGRPEN1_EL3, + + (3, 6, 13, 0, 2): TPIDR_EL3, + + (3, 7, 14, 2, 0): CNTPS_TVAL_EL1, + (3, 7, 14, 2, 1): CNTPS_CTL_EL1, + (3, 7, 14, 2, 2): CNTPS_CVAL_EL1, +} # CPSR: N Z C V @@ -746,9 +1473,9 @@ def bfm(ir, instr, arg1, arg2, arg3, arg4): -def mrs(ir, insr, arg1, arg2, arg3, arg4, arg5): +def mrs(ir, insr, arg1, arg2, arg3, arg4, arg5, arg6): e = [] - if arg2.is_int(3) and arg3.is_id("c4") and arg4.is_id("c2") and arg5.is_int(0): + if arg2.is_int(3) and arg3.is_int(3) and arg4.is_id("c4") and arg5.is_id("c2") and arg6.is_int(0): out = [] out.append(ExprInt(0x0, 28)) out.append(of) @@ -756,20 +1483,110 @@ def mrs(ir, insr, arg1, arg2, arg3, arg4, arg5): out.append(zf) out.append(nf) e.append(ExprAssign(arg1, ExprCompose(*out).zeroExtend(arg1.size))) + + elif arg1.is_int(3) and arg2.is_int(3) and arg3.is_id("c4") and arg4.is_id("c2") and arg5.is_int(7): + out = [] + out.append(ExprInt(0x0, 38)) + out.append(tco) + e.append(ExprAssign(arg1, ExprCompose(*out).zeroExtend(arg1.size))) + + elif arg1.is_int(3) and arg2.is_int(3) and arg3.is_id("c4") and arg4.is_id("c2") and arg5.is_int(0): + out = [] + out.append(ExprInt(0x0, 39)) + out.append(dit) + e.append(ExprAssign(arg1, ExprCompose(*out).zeroExtend(arg1.size))) + + elif arg1.is_int(3) and arg2.is_int(0) and arg3.is_id("c4") and arg4.is_id("c2") and arg5.is_int(4): + out = [] + out.append(ExprInt(0x0, 40)) + out.append(uao) + e.append(ExprAssign(arg1, ExprCompose(*out).zeroExtend(arg1.size))) + + elif arg1.is_int(3) and arg2.is_int(0) and arg3.is_id("c4") and arg4.is_id("c2") and arg5.is_int(3): + out = [] + out.append(ExprInt(0x0, 41)) + out.append(pan) + e.append(ExprAssign(arg1, ExprCompose(*out).zeroExtend(arg1.size))) + + elif arg1.is_int(3) and arg2.is_int(3) and arg3.is_id("c4") and arg4.is_id("c2") and arg5.is_int(6): + out = [] + out.append(ExprInt(0x0, 51)) + out.append(ssbs) + e.append(ExprAssign(arg1, ExprCompose(*out).zeroExtend(arg1.size))) + + elif arg1.is_int(3) and arg2.is_int(3) and arg3.is_id("c4") and arg4.is_id("c2") and arg5.is_int(1): + out = [] + out.append(ExprInt(0x0, 54)) + out.append(df) + out.append(af) + out.append(iff) + out.append(ff) + e.append(ExprAssign(arg1, ExprCompose(*out).zeroExtend(arg1.size))) + + elif arg1.is_int(3) and arg2.is_int(0) and arg3.is_id("c4") and arg4.is_id("c2") and arg5.is_int(2): + out = [] + out.append(ExprInt(0x0, 60)) + out.append(cur_el) + e.append(ExprAssign(arg1, ExprCompose(*out).zeroExtend(arg1.size))) + + elif arg1.is_int(3) and arg2.is_int(0) and arg3.is_id("c4") and arg4.is_id("c2") and arg5.is_int(0): + out = [] + out.append(ExprInt(0x0, 63)) + out.append(spsel) + e.append(ExprAssign(arg1, ExprCompose(*out).zeroExtend(arg1.size))) + else: - raise NotImplementedError("MRS not implemented") + sreg = (int(arg2), int(arg3), int(str(arg4)[1:]), int(str(arg5)[1:]), int(arg6)) + if sreg in system_regs: + e.append(ExprAssign(arg1, system_regs[sreg])) + else: + raise NotImplementedError("Unknown system register: %d %d %s %s %d" % (int(arg2), int(arg3), str(arg4), str(arg5), int(arg6))) + return e, [] -def msr(ir, instr, arg1, arg2, arg3, arg4, arg5): +def msr(ir, instr, arg1, arg2, arg3, arg4, arg5, arg6): e = [] - if arg1.is_int(3) and arg2.is_id("c4") and arg3.is_id("c2") and arg4.is_int(0): - e.append(ExprAssign(nf, arg5[31:32])) - e.append(ExprAssign(zf, arg5[30:31])) - e.append(ExprAssign(cf, arg5[29:30])) - e.append(ExprAssign(of, arg5[28:29])) + if arg1.is_int(3) and arg2.is_int(3) and arg3.is_id("c4") and arg4.is_id("c2") and arg5.is_int(0): + e.append(ExprAssign(nf, arg6[31:32])) + e.append(ExprAssign(zf, arg6[30:31])) + e.append(ExprAssign(cf, arg6[29:30])) + e.append(ExprAssign(of, arg6[28:29])) + + elif arg1.is_int(3) and arg2.is_int(3) and arg3.is_id("c4") and arg4.is_id("c2") and arg5.is_int(7): + e.append(ExprAssign(tco, arg6[25:26])) + + elif arg1.is_int(3) and arg2.is_int(3) and arg3.is_id("c4") and arg4.is_id("c2") and arg5.is_int(0): + e.append(ExprAssign(dit, arg6[24:25])) + + elif arg1.is_int(3) and arg2.is_int(0) and arg3.is_id("c4") and arg4.is_id("c2") and arg5.is_int(4): + e.append(ExprAssign(uao, arg6[23:24])) + + elif arg1.is_int(3) and arg2.is_int(0) and arg3.is_id("c4") and arg4.is_id("c2") and arg5.is_int(3): + e.append(ExprAssign(pan, arg6[22:23])) + + elif arg1.is_int(3) and arg2.is_int(3) and arg3.is_id("c4") and arg4.is_id("c2") and arg5.is_int(6): + e.append(ExprAssign(ssbs, arg6[12:13])) + + elif arg1.is_int(3) and arg2.is_int(3) and arg3.is_id("c4") and arg4.is_id("c2") and arg5.is_int(1): + e.append(ExprAssign(df, arg6[9:10])) + e.append(ExprAssign(af, arg6[8:9])) + e.append(ExprAssign(iff, arg6[7:8])) + e.append(ExprAssign(ff, arg6[6:7])) + + elif arg1.is_int(3) and arg2.is_int(0) and arg3.is_id("c4") and arg4.is_id("c2") and arg5.is_int(2): + e.append(ExprAssign(cur_el, arg6[2:4])) + + elif arg1.is_int(3) and arg2.is_int(0) and arg3.is_id("c4") and arg4.is_id("c2") and arg5.is_int(0): + e.append(ExprAssign(spsel, arg6[0:1])) + else: - raise NotImplementedError("MSR not implemented") + sreg = (int(arg1), int(arg2), int(str(arg3)[1:]), int(str(arg4)[1:]), int(arg5)) + if sreg in system_regs: + e.append(ExprAssign(system_regs[sreg], arg6)) + else: + raise NotImplementedError("Unknown system register: %d %d %s %s %d" % (int(arg1), int(arg2), str(arg3), str(arg4), int(arg5))) + return e, [] diff --git a/miasm/arch/msp430/arch.py b/miasm/arch/msp430/arch.py index 93854153..46014b8c 100644 --- a/miasm/arch/msp430/arch.py +++ b/miasm/arch/msp430/arch.py @@ -136,9 +136,9 @@ class instruction_msp430(instruction): if not isinstance(expr, ExprInt): return if self.name == "call": - addr = expr.arg + addr = int(expr) else: - addr = expr.arg + int(self.offset) + addr = (int(expr) + int(self.offset)) & int(expr.mask) loc_key = loc_db.get_or_create_offset_location(addr) self.args[0] = ExprLoc(loc_key, expr.size) diff --git a/miasm/arch/x86/arch.py b/miasm/arch/x86/arch.py index 127dded4..2dd01ae3 100644 --- a/miasm/arch/x86/arch.py +++ b/miasm/arch/x86/arch.py @@ -187,6 +187,13 @@ gpreg = ( ) +def is_op_segm(expr): + """Returns True if is ExprOp and op == 'segm'""" + return expr.is_op('segm') + +def is_mem_segm(expr): + """Returns True if is ExprMem and ptr is_op_segm""" + return expr.is_mem() and is_op_segm(expr.ptr) def cb_deref_segmoff(tokens): @@ -588,7 +595,7 @@ class instruction_x86(instruction): prefix = "" sz = SIZE2MEMPREFIX[expr.size] segm = "" - if expr.is_mem_segm(): + if is_mem_segm(expr): segm = "%s:" % expr.ptr.args[0] expr = expr.ptr.args[1] else: @@ -1718,10 +1725,10 @@ SIZE2BNDREG = {64:gpregs_mm, def parse_mem(expr, parent, w8, sx=0, xmm=0, mm=0, bnd=0): dct_expr = {} opmode = parent.v_opmode() - if expr.is_mem_segm() and expr.ptr.args[0].is_int(): + if is_mem_segm(expr) and expr.ptr.args[0].is_int(): return None, None, False - if expr.is_mem_segm(): + if is_mem_segm(expr): segm = expr.ptr.args[0] ptr = expr.ptr.args[1] else: diff --git a/miasm/arch/x86/sem.py b/miasm/arch/x86/sem.py index 86a933a0..cf58079c 100644 --- a/miasm/arch/x86/sem.py +++ b/miasm/arch/x86/sem.py @@ -24,7 +24,7 @@ import logging import miasm.expression.expression as m2_expr from miasm.expression.simplifications import expr_simp from miasm.arch.x86.regs import * -from miasm.arch.x86.arch import mn_x86, repeat_mn, replace_regs +from miasm.arch.x86.arch import mn_x86, repeat_mn, replace_regs, is_mem_segm from miasm.ir.ir import IntermediateRepresentation, IRBlock, AssignBlock from miasm.core.sembuilder import SemBuilder from miasm.jitter.csts import EXCEPT_DIV_BY_ZERO, EXCEPT_ILLEGAL_INSN, \ @@ -407,6 +407,7 @@ def gen_cmov(ir, instr, cond, dst, src, mov_if): e_do, extra_irs = mov(ir, instr, dst, src) e_do.append(m2_expr.ExprAssign(ir.IRDst, loc_skip_expr)) e.append(m2_expr.ExprAssign(ir.IRDst, m2_expr.ExprCond(cond, dstA, dstB))) + e += set_float_cs_eip(instr) return e, [IRBlock(loc_do, [AssignBlock(e_do, instr)])] @@ -445,7 +446,7 @@ def movsx(_, instr, dst, src): def lea(_, instr, dst, src): ptr = src.ptr - if src.is_mem_segm(): + if is_mem_segm(src): # Do not use segmentation here ptr = ptr.args[1] @@ -3468,7 +3469,7 @@ def bittest_get(ir, instr, src, index): b_mask = {16: 4, 32: 5, 64: 6} b_decal = {16: 1, 32: 3, 64: 7} ptr = src.ptr - segm = src.is_mem_segm() + segm = is_mem_segm(src) if segm: ptr = ptr.args[1] @@ -5779,7 +5780,7 @@ class ir_x86_16(IntermediateRepresentation): instr.additional_info.g2.value] if my_ss is not None: for i, a in enumerate(args): - if a.is_mem() and not a.is_mem_segm(): + if a.is_mem() and not is_mem_segm(a): args[i] = self.ExprMem(m2_expr.ExprOp('segm', my_ss, a.ptr), a.size) diff --git a/miasm/core/asmblock.py b/miasm/core/asmblock.py index f412de86..975f93c5 100644 --- a/miasm/core/asmblock.py +++ b/miasm/core/asmblock.py @@ -12,7 +12,6 @@ from future.utils import viewitems, viewvalues from miasm.expression.expression import ExprId, ExprInt, get_expr_locs from miasm.expression.expression import LocKey from miasm.expression.simplifications import expr_simp -from miasm.expression.modint import moduint, modint from miasm.core.utils import Disasm_Exception, pck from miasm.core.graph import DiGraph, DiGraphSimplifier, MatchGraphJoker from miasm.core.interval import interval @@ -26,10 +25,6 @@ log_asmblock.addHandler(console_handler) log_asmblock.setLevel(logging.WARNING) -def is_int(a): - return isinstance(a, (modint, moduint, int_types)) - - class AsmRaw(object): def __init__(self, raw=b""): @@ -1168,6 +1163,7 @@ def asm_resolve_final(mnemo, asmcfg, loc_db, dst_interval=None): instruction_interval = interval([(offset, offset + instr.l - 1)]) if not (instruction_interval & output_interval).empty: raise RuntimeError("overlapping bytes %X" % int(offset)) + output_interval = output_interval.union(instruction_interval) instr.offset = offset offset += instr.l return patches diff --git a/miasm/core/locationdb.py b/miasm/core/locationdb.py index dd336752..f950b48f 100644 --- a/miasm/core/locationdb.py +++ b/miasm/core/locationdb.py @@ -6,11 +6,6 @@ from future.utils import viewitems, viewvalues from miasm.core.utils import printable, force_bytes from miasm.expression.expression import LocKey, ExprLoc -from miasm.expression.modint import moduint, modint - - -def is_int(a): - return isinstance(a, (int_types, moduint, modint)) class LocationDB(object): @@ -246,7 +241,7 @@ class LocationDB(object): name = force_bytes(name) # Deprecation handling - if is_int(name): + if isinstance(name, int_types): assert offset is None or offset == name warnings.warn("Deprecated API: use 'add_location(offset=)' instead." " An additional 'name=' can be provided to also " diff --git a/miasm/expression/modint.py b/miasm/core/modint.py index 22d17b9b..2ecefed1 100644 --- a/miasm/expression/modint.py +++ b/miasm/core/modint.py @@ -215,9 +215,6 @@ def is_modint(a): return isinstance(a, moduint) -def size2mask(size): - return (1 << size) - 1 - mod_size2uint = {} mod_size2int = {} diff --git a/miasm/core/objc.py b/miasm/core/objc.py index 117e3b7d..87d19dde 100644 --- a/miasm/core/objc.py +++ b/miasm/core/objc.py @@ -14,8 +14,8 @@ from functools import total_ordering from miasm.core.utils import cmp_elts from miasm.expression.expression_reduce import ExprReducer -from miasm.expression.expression import ExprInt, ExprId, ExprOp, ExprMem, \ - is_op_segm +from miasm.expression.expression import ExprInt, ExprId, ExprOp, ExprMem +from miasm.arch.x86.arch import is_op_segm from miasm.core.ctypesmngr import CTypeUnion, CTypeStruct, CTypeId, CTypePtr,\ CTypeArray, CTypeOp, CTypeSizeof, CTypeEnum, CTypeFunc, CTypeEllipsis diff --git a/miasm/core/types.py b/miasm/core/types.py index 466d136d..4f99627d 100644 --- a/miasm/core/types.py +++ b/miasm/core/types.py @@ -994,7 +994,7 @@ class BitField(Union): for name, bits in bit_list: fields.append((name, Bits(self._num, bits, offset))) offset += bits - if offset > self._num.size == 8: + if offset > self._num.size * 8: raise ValueError("sum of bit lengths is > to the backing num size") super(BitField, self).__init__(fields) diff --git a/miasm/core/utils.py b/miasm/core/utils.py index da7050f7..cfe96de4 100644 --- a/miasm/core/utils.py +++ b/miasm/core/utils.py @@ -133,6 +133,9 @@ def decode_hex(value): def encode_hex(value): return _ENCODE_HEX(value)[0] +def size2mask(size): + """Return the bit mask of size @size""" + return (1 << size) - 1 def hexdump(src, length=16): lines = [] diff --git a/miasm/expression/expression.py b/miasm/expression/expression.py index c2bf5b8b..c507f19f 100644 --- a/miasm/expression/expression.py +++ b/miasm/expression/expression.py @@ -38,8 +38,6 @@ from functools import cmp_to_key, total_ordering from future.utils import viewitems from miasm.core.utils import force_bytes, cmp_elts -from miasm.expression.modint import mod_size2uint, is_modint, size2mask, \ - define_uint from miasm.core.graph import DiGraph from functools import reduce @@ -158,14 +156,6 @@ def is_commutative(expr): "Return True iff current operation is commutative" return (expr.op in ['+', '*', '^', '&', '|']) -def is_op_segm(expr): - """Returns True if is ExprOp and op == 'segm'""" - return expr.is_op('segm') - -def is_mem_segm(expr): - """Returns True if is ExprMem and ptr is_op_segm""" - return expr.is_mem() and is_op_segm(expr.ptr) - def canonize_to_exprloc(locdb, expr): """ If expr is ExprInt, return ExprLoc with corresponding loc_key @@ -715,11 +705,13 @@ class Expr(object): def is_op_segm(self): """Returns True if is ExprOp and op == 'segm'""" - return False + warnings.warn('DEPRECATION WARNING: use is_op_segm(expr)') + raise RuntimeError("Moved api") def is_mem_segm(self): """Returns True if is ExprMem and ptr is_op_segm""" - return False + warnings.warn('DEPRECATION WARNING: use is_mem_segm(expr)') + raise RuntimeError("Moved api") def __contains__(self, expr): ret = contains_visitor.contains(self, expr) @@ -761,8 +753,8 @@ class ExprInt(Expr): def __init__(self, arg, size): - """Create an ExprInt from a modint or num/size - @arg: 'intable' number + """Create an ExprInt from num/size + @arg: int/long number @size: int size""" super(ExprInt, self).__init__(size) # Work for ._arg is done in __new__ @@ -774,21 +766,12 @@ class ExprInt(Expr): return self.__class__, state def __new__(cls, arg, size): - """Create an ExprInt from a modint or num/size - @arg: 'intable' number + """Create an ExprInt from num/size + @arg: int/long number @size: int size""" - if is_modint(arg): - assert size == arg.size - # Avoid a common blunder - assert not isinstance(arg, ExprInt) - - # Ensure arg is always a moduint - arg = int(arg) - if size not in mod_size2uint: - define_uint(size) - arg = mod_size2uint[size](arg) - + assert isinstance(arg, int_types) + arg = arg & ((1 << size) - 1) # Get the Singleton instance expr = Expr.get_object(cls, (arg, size)) @@ -796,15 +779,8 @@ class ExprInt(Expr): expr._arg = arg return expr - def _get_int(self): - "Return self integer representation" - return int(self._arg & size2mask(self._size)) - def __str__(self): - if self._arg < 0: - return str("-0x%X" % (- self._get_int())) - else: - return str("0x%X" % self._get_int()) + return str("0x%X" % self.arg) def get_w(self): return set() @@ -813,7 +789,7 @@ class ExprInt(Expr): return hash((EXPRINT, self._arg, self._size)) def _exprrepr(self): - return "%s(0x%X, %d)" % (self.__class__.__name__, self._get_int(), + return "%s(0x%X, %d)" % (self.__class__.__name__, self.arg, self._size) def copy(self): @@ -1196,7 +1172,8 @@ class ExprMem(Expr): def is_mem_segm(self): """Returns True if is ExprMem and ptr is_op_segm""" - return self._ptr.is_op_segm() + warnings.warn('DEPRECATION WARNING: use is_mem_segm(expr)') + raise RuntimeError("Moved api") def depth(self): return self._ptr.depth() + 1 @@ -1373,7 +1350,8 @@ class ExprOp(Expr): def is_op_segm(self): """Returns True if is ExprOp and op == 'segm'""" - return self.is_op('segm') + warnings.warn('DEPRECATION WARNING: use is_op_segm(expr)') + raise RuntimeError("Moved api") class ExprSlice(Expr): diff --git a/miasm/expression/simplifications.py b/miasm/expression/simplifications.py index 3f54b158..c65b2b7b 100644 --- a/miasm/expression/simplifications.py +++ b/miasm/expression/simplifications.py @@ -86,6 +86,7 @@ class ExpressionSimplifier(ExprVisitorCallbackBottomToTop): simplifications_common.simp_cond_logic_ext, simplifications_common.simp_cond_sign_bit, simplifications_common.simp_cond_eq_1_0, + simplifications_common.simp_cond_cc_flag, ], m2_expr.ExprMem: [simplifications_common.simp_mem], diff --git a/miasm/expression/simplifications_common.py b/miasm/expression/simplifications_common.py index 932db49a..fd45ef6d 100644 --- a/miasm/expression/simplifications_common.py +++ b/miasm/expression/simplifications_common.py @@ -4,7 +4,7 @@ from future.utils import viewitems -from miasm.expression.modint import mod_size2int, mod_size2uint +from miasm.core.modint import mod_size2int, mod_size2uint from miasm.expression.expression import ExprInt, ExprSlice, ExprMem, \ ExprCond, ExprOp, ExprCompose, TOK_INF_SIGNED, TOK_INF_UNSIGNED, \ TOK_INF_EQUAL_SIGNED, TOK_INF_EQUAL_UNSIGNED, TOK_EQUAL @@ -919,6 +919,26 @@ def simp_sub_cf_zero(_, expr): return expr return ExprCond(expr.args[1], ExprInt(1, 1), ExprInt(0, 1)) +def simp_cond_cc_flag(expr_simp, expr): + """ + ExprCond(CC_><(bit), X, Y) => ExprCond(bit, X, Y) + ExprCond(CC_U>=(bit), X, Y) => ExprCond(bit, Y, X) + """ + if not expr.is_cond(): + return expr + if not expr.cond.is_op(): + return expr + expr_op = expr.cond + if expr_op.op not in ["CC_U<", "CC_U>="]: + return expr + arg = expr_op.args[0] + if arg.size != 1: + return expr + if expr_op.op == "CC_U<": + return ExprCond(arg, expr.src1, expr.src2) + if expr_op.op == "CC_U>=": + return ExprCond(arg, expr.src2, expr.src1) + return expr def simp_cmp_int(expr_simp, expr): """ diff --git a/miasm/expression/simplifications_explicit.py b/miasm/expression/simplifications_explicit.py index 727db9c1..1f9d2dbe 100644 --- a/miasm/expression/simplifications_explicit.py +++ b/miasm/expression/simplifications_explicit.py @@ -1,4 +1,4 @@ -from miasm.expression.modint import size2mask +from miasm.core.utils import size2mask from miasm.expression.expression import ExprInt, ExprCond, ExprCompose, \ TOK_EQUAL diff --git a/miasm/ir/translators/C.py b/miasm/ir/translators/C.py index 7778abf7..55a229ff 100644 --- a/miasm/ir/translators/C.py +++ b/miasm/ir/translators/C.py @@ -1,5 +1,5 @@ from miasm.ir.translators.translator import Translator -from miasm.expression.modint import size2mask +from miasm.core.utils import size2mask from miasm.expression.expression import ExprInt, ExprCond, ExprCompose, \ TOK_EQUAL, \ TOK_INF_SIGNED, TOK_INF_UNSIGNED, \ diff --git a/miasm/ir/translators/smt2.py b/miasm/ir/translators/smt2.py index f5392da7..c4260eb4 100644 --- a/miasm/ir/translators/smt2.py +++ b/miasm/ir/translators/smt2.py @@ -133,7 +133,7 @@ class TranslatorSMT2(Translator): self.loc_db = loc_db def from_ExprInt(self, expr): - return bit_vec_val(expr.arg.arg, expr.size) + return bit_vec_val(int(expr), expr.size) def from_ExprId(self, expr): if str(expr) not in self._bitvectors: diff --git a/miasm/jitter/emulatedsymbexec.py b/miasm/jitter/emulatedsymbexec.py index 844e7d5f..b8ca52e3 100644 --- a/miasm/jitter/emulatedsymbexec.py +++ b/miasm/jitter/emulatedsymbexec.py @@ -1,6 +1,7 @@ from miasm.core.utils import decode_hex, encode_hex import miasm.expression.expression as m2_expr from miasm.ir.symbexec import SymbolicExecutionEngine +from miasm.arch.x86.arch import is_op_segm class EmulatedSymbExec(SymbolicExecutionEngine): @@ -140,7 +141,7 @@ class EmulatedSymbExec(SymbolicExecutionEngine): # CPU specific simplifications def _simp_handle_segm(self, e_s, expr): """Handle 'segm' operation""" - if not m2_expr.is_op_segm(expr): + if not is_op_segm(expr): return expr if not expr.args[0].is_int(): return expr diff --git a/miasm/jitter/llvmconvert.py b/miasm/jitter/llvmconvert.py index e3a0e8c2..5aae624b 100644 --- a/miasm/jitter/llvmconvert.py +++ b/miasm/jitter/llvmconvert.py @@ -28,6 +28,7 @@ from miasm.expression.expression import ExprId, ExprInt, ExprMem, ExprSlice, \ import miasm.jitter.csts as m2_csts import miasm.core.asmblock as m2_asmblock +from miasm.core.utils import size2mask from miasm.jitter.codegen import CGen, Attributes from miasm.expression.expression_helper import possible_values @@ -768,7 +769,7 @@ class LLVMFunction(object): builder = self.builder if isinstance(expr, ExprInt): - ret = llvm_ir.Constant(LLVMType.IntType(expr.size), int(expr.arg)) + ret = llvm_ir.Constant(LLVMType.IntType(expr.size), int(expr)) self.update_cache(expr, ret) return ret diff --git a/test/arch/aarch64/arch.py b/test/arch/aarch64/arch.py index 9fc6ee8e..62105236 100644 --- a/test/arch/aarch64/arch.py +++ b/test/arch/aarch64/arch.py @@ -1740,14 +1740,14 @@ reg_tests_aarch64 = [ "010000D4"), - ("00458FF4 MRS X0, 0x3, c13, c0, 0x2", + ("00458FF4 MRS X0, 0x3, 0x3, c13, c0, 0x2", "40D03BD5"), - ("0045BA04 MSR 0x3, c13, c0, 0x2, X0", + ("0045BA04 MSR 0x3, 0x3, c13, c0, 0x2, X0", "40D01BD5"), - ("0048A2E8 MRS X13, 0x3, c4, c4, 0x0", - "0D443BD5"), - ("0048A9DC MRS X0, 0x3, c4, c4, 0x1", - "20443BD5"), + ("0048A2E8 MRS X8, 0x3, 0x3, c4, c2, 0x0", + "08423BD5"), + ("0048A9DC MSR 0x3, 0x3, c4, c2, 0x0, X7", + "07421BD5"), ("004010C8 ORR W2, 0x0, 0x1", "E2030032"), diff --git a/test/expression/modint.py b/test/core/modint.py index af80b284..d493b44e 100644 --- a/test/expression/modint.py +++ b/test/core/modint.py @@ -1,6 +1,6 @@ from __future__ import print_function -from miasm.expression.modint import * +from miasm.core.modint import * a = uint8(0x42) b = uint8(0xFF) diff --git a/test/core/test_types.py b/test/core/test_types.py index 1b15630c..13a7824e 100755 --- a/test/core/test_types.py +++ b/test/core/test_types.py @@ -351,6 +351,31 @@ assert bit.flags.f2_5 == 0b01110 assert bit.flags.f3_8 == 0b01010101 assert bit.flags.f4_1 == 1 +try: + class BitStruct(MemUnion): + fields = [ + ("ValueB", BitField(Num("<Q"), [ + ("field_00", 32), + ("field_01", 32), + ])), + ("Value", Num("<Q")), + ] +except ValueError: + assert False, "Should not raise" + +try: + class BitStruct(MemUnion): + fields = [ + ("ValueB", BitField(Num("<Q"), [ + ("field_00", 32), + ("field_01", 32), + ("field_02", 1), + ])), + ("Value", Num("<Q")), + ] + assert False, "Should raise" +except ValueError: + pass # Unhealthy ideas class UnhealthyIdeas(MemStruct): diff --git a/test/expression/simplifications.py b/test/expression/simplifications.py index 1f243425..c75dc0d3 100644 --- a/test/expression/simplifications.py +++ b/test/expression/simplifications.py @@ -784,6 +784,31 @@ to_test = [ ExprOp(TOK_EQUAL, a, i0) ), + + ( + ExprCond( + ExprOp("CC_U<", a[0:1]), + b, c + ), + ExprCond( + a[0:1], + b, c + ), + ), + + ( + ExprCond( + ExprOp("CC_U>=", a[0:1]), + b, c + ), + ExprCond( + a[0:1], + c, b + ), + ), + + + ] for e_input, e_check in to_test: diff --git a/test/jitter/jitload.py b/test/jitter/jitload.py index 8b758a89..3038c21c 100644 --- a/test/jitter/jitload.py +++ b/test/jitter/jitload.py @@ -47,4 +47,4 @@ assert myjit.eval_expr(eax) == imm4 ## Changes must be passed on myjit.cpu instance assert myjit.cpu.EAX == 4 ## Memory -assert myjit.eval_expr(memdata).arg.arg == int(encode_hex(data[::-1]), 16) +assert int(myjit.eval_expr(memdata)) == int(encode_hex(data[::-1]), 16) diff --git a/test/test_all.py b/test/test_all.py index 71eccc6f..2670761b 100755 --- a/test/test_all.py +++ b/test/test_all.py @@ -305,7 +305,8 @@ testset += SemanticTestExec("x86_32", "PE", 0x401000, ["bsr_bsf"], depends=[test_x86_32_bsr_bsf]) ## Core -for script in ["interval.py", +for script in ["modint.py", + "interval.py", "graph.py", "parse_asm.py", "utils.py", @@ -318,8 +319,7 @@ testset += RegressionTest(["asmblock.py"], base_dir="core", products=["graph.dot", "graph2.dot", "graph3.dot", "graph4.dot"]) ## Expression -for script in ["modint.py", - "expression.py", +for script in ["expression.py", "stp.py", "simplifications.py", "expression_helper.py", |