diff options
| -rw-r--r-- | reproducers/issue-1375.c | 6 | ||||
| -rw-r--r-- | src/focaccia/miasm_util.py | 26 |
2 files changed, 31 insertions, 1 deletions
diff --git a/reproducers/issue-1375.c b/reproducers/issue-1375.c new file mode 100644 index 0000000..1408ca4 --- /dev/null +++ b/reproducers/issue-1375.c @@ -0,0 +1,6 @@ +void main() { + asm("mov rax, 0x000000007fffffff; push rax; mov rax, 0x00000000ffffffff; push rax; movdqu XMM1, [rsp];"); + asm("mov rax, 0x2e711de7aa46af1a; push rax; mov rax, 0x7fffffff7fffffff; push rax; movdqu XMM2, [rsp];"); + asm("addsubps xmm1, xmm2"); + asm("pop rax; pop rax; pop rax; pop rax;"); +} diff --git a/src/focaccia/miasm_util.py b/src/focaccia/miasm_util.py index a2cd025..8e9d1ed 100644 --- a/src/focaccia/miasm_util.py +++ b/src/focaccia/miasm_util.py @@ -62,10 +62,34 @@ def simp_fadd(expr_simp, expr: ExprOp): return expr_simp(ExprInt(res, expr.size)) return expr +def simp_fsub(expr_simp, expr: ExprOp): + from .utils import float_bits_to_uint, uint_bits_to_float, \ + double_bits_to_uint, uint_bits_to_double + + if expr.op != 'fsub': + return expr + + assert(len(expr.args) == 2) + lhs, rhs = expr.args + if lhs.is_int() and rhs.is_int(): + assert(lhs.size == rhs.size) + if lhs.size == 32: + uint_to_float = uint_bits_to_float + float_to_uint = float_bits_to_uint + elif lhs.size == 64: + uint_to_float = uint_bits_to_double + float_to_uint = double_bits_to_uint + else: + raise NotImplementedError('fsub on values of size not in {32, 64}') + + res = float_to_uint(uint_to_float(lhs.arg) - uint_to_float(rhs.arg)) + return expr_simp(ExprInt(res, expr.size)) + return expr + # The expression simplifier used in this module expr_simp = expr_simp_explicit expr_simp.enable_passes({ - ExprOp: [simp_segm, simp_fadd], + ExprOp: [simp_segm, simp_fadd, simp_fsub], }) class MiasmSymbolResolver: |