Fix handling of InstructionStart

The field it contains is supposed to be the instruction offset in its basic block; overflowing it can cause significant problems during symbolic simulation.
2024-12-28 08:34:23 +03:00 · 2018-11-28 20:26:58 -08:00 · 2018-11-28 20:26:58 -08:00 · 72040c023d
commit 72040c023d
parent 30b5d2e091
2 changed files with 12 additions and 10 deletions
--- a/macaw-arm/src/Data/Macaw/ARM/Disassemble.hs
+++ b/macaw-arm/src/Data/Macaw/ARM/Disassemble.hs
@ -142,7 +142,7 @@ tryDisassembleBlock :: (ARMArchConstraints arm)
 tryDisassembleBlock lookupSemantics nonceGen startAddr maxSize = do
  let gs0 = initGenState nonceGen startAddr (initRegState startAddr)
  let startOffset = MM.msegOffset startAddr
-  (nextPCOffset, blocks) <- disassembleBlock lookupSemantics gs0 startAddr (startOffset + fromIntegral maxSize)
+  (nextPCOffset, blocks) <- disassembleBlock lookupSemantics gs0 startAddr 0 (startOffset + fromIntegral maxSize)
  unless (nextPCOffset > startOffset) $ do
    let reason = InvalidNextPC (MM.absoluteAddr nextPCOffset) (MM.absoluteAddr startOffset)
    failAt gs0 nextPCOffset startAddr reason
@ -171,11 +171,13 @@ disassembleBlock :: forall arm ids s
                 -> MM.MemSegmentOff (ArchAddrWidth arm)
                 -- ^ The current instruction pointer
                 -> MM.MemWord (ArchAddrWidth arm)
+                 -- ^ The offset into the block of this instruction
+                 -> MM.MemWord (ArchAddrWidth arm)
                 -- ^ The maximum offset into the bytestring that we should
                 -- disassemble to; in principle, macaw can tell us to limit our
                 -- search with this.
                 -> DisM arm ids s (MM.MemWord (ArchAddrWidth arm), BlockSeq arm ids)
-disassembleBlock lookupSemantics gs curPCAddr maxOffset = do
+disassembleBlock lookupSemantics gs curPCAddr blockOff maxOffset = do
  let seg = MM.msegSegment curPCAddr
  let off = MM.msegOffset curPCAddr
  case readInstruction curPCAddr of
@ -201,8 +203,7 @@ disassembleBlock lookupSemantics gs curPCAddr maxOffset = do
            let lineStr = printf "%s: %s" (show curPCAddr) (show (case i of
                                                                    A32I i' -> ARMD.ppInstruction i'
                                                                    T32I i' -> ThumbD.ppInstruction i'))
-            let Just addrWord = MM.segoffAsAbsoluteAddr curPCAddr
-            addStmt (InstructionStart addrWord (T.pack lineStr))
+            addStmt (InstructionStart blockOff (T.pack lineStr))
            addStmt (Comment (T.pack  lineStr))
            asAtomicStateUpdate (MM.relativeSegmentAddr curPCAddr) transformer

@ -232,7 +233,7 @@ disassembleBlock lookupSemantics gs curPCAddr maxOffset = do
                                         , genAddr = nextPCSegAddr
                                         , genRegUpdates = MapF.empty
                                         }
-                      disassembleBlock lookupSemantics gs2 nextPCSegAddr maxOffset
+                      disassembleBlock lookupSemantics gs2 nextPCSegAddr (blockOff + fromIntegral bytesRead) maxOffset

                _ -> return (nextPCOffset, finishBlock FetchAndExecute gs1)

--- a/macaw-ppc/src/Data/Macaw/PPC/Disassemble.hs
+++ b/macaw-ppc/src/Data/Macaw/PPC/Disassemble.hs
@ -108,11 +108,13 @@ disassembleBlock :: forall ppc ids s
                 -> MM.MemSegmentOff (ArchAddrWidth ppc)
                 -- ^ The current instruction pointer
                 -> MM.MemWord (ArchAddrWidth ppc)
+                 -- ^ The offset into the block of this instruction
+                 -> MM.MemWord (ArchAddrWidth ppc)
                 -- ^ The maximum offset into the bytestring that we should
                 -- disassemble to; in principle, macaw can tell us to limit our
                 -- search with this.
                 -> DisM ppc ids s (MM.MemWord (ArchAddrWidth ppc), BlockSeq ppc ids)
-disassembleBlock lookupSemantics gs curIPAddr maxOffset = do
+disassembleBlock lookupSemantics gs curIPAddr blockOff maxOffset = do
  let seg = MM.segoffSegment curIPAddr
  let off = MM.segoffOffset curIPAddr
  case readInstruction curIPAddr of
@ -136,8 +138,7 @@ disassembleBlock lookupSemantics gs curIPAddr maxOffset = do
          -- a result from the state of the 'Generator'.
          egs1 <- liftST $ ET.runExceptT (runGenerator genResult gs $ do
            let lineStr = printf "%s: %s" (show curIPAddr) (show (D.ppInstruction i))
-            let Just addrWord = MM.segoffAsAbsoluteAddr curIPAddr
-            addStmt (InstructionStart addrWord (T.pack lineStr))
+            addStmt (InstructionStart blockOff (T.pack lineStr))
            addStmt (Comment (T.pack  lineStr))
            asAtomicStateUpdate (MM.segoffAddr curIPAddr) transformer

@ -167,7 +168,7 @@ disassembleBlock lookupSemantics gs curIPAddr maxOffset = do
                                         , genAddr = nextIPSegAddr
                                         , genRegUpdates = MapF.empty
                                         }
-                      disassembleBlock lookupSemantics gs2 nextIPSegAddr maxOffset
+                      disassembleBlock lookupSemantics gs2 nextIPSegAddr (blockOff + 4) maxOffset

                _ -> return (nextIPOffset, finishBlock FetchAndExecute gs1)

@ -193,7 +194,7 @@ tryDisassembleBlock :: (PPCArchConstraints ppc)
 tryDisassembleBlock lookupSemantics nonceGen startAddr maxSize = do
  let gs0 = initGenState nonceGen startAddr (initRegState startAddr)
  let startOffset = MM.segoffOffset startAddr
-  (nextIPOffset, blocks) <- disassembleBlock lookupSemantics gs0 startAddr (startOffset + fromIntegral maxSize)
+  (nextIPOffset, blocks) <- disassembleBlock lookupSemantics gs0 startAddr 0 (startOffset + fromIntegral maxSize)
  unless (nextIPOffset > startOffset) $ do
    let reason = InvalidNextIP (fromIntegral nextIPOffset) (fromIntegral startOffset)
    failAt gs0 nextIPOffset startAddr reason