dynamorio icon indicating copy to clipboard operation
dynamorio copied to clipboard
verified publisher icon DynamoRIO

AArch64 decoder: Add all memory-touching instructions

Open derekbruening opened this issue 4 years ago • 10 comments

Splitting sub-pieces off from the master issue #2626 on finishing the AArch64 decoder. This piece covers ensuring that all instructions with memory operands are fully decoded and encoded. Xref the instruction lists here: https://github.com/DynamoRIO/dynamorio/issues/2626#issuecomment-771605153

derekbruening avatar Apr 14 '21 18:04 derekbruening

Hi @derekbruening, do you have any specific instances of memory instructions which are/were failing?

AssadHashmi avatar Apr 26 '21 18:04 AssadHashmi

I do not know of any cases where a memory operand was missed (there are known cases of the decoder decoding the wrong address into the IR and clients having to take extra steps to get the right address: #4400), but it is the kind of thing that would go silently missing and would not be noticed up front, leading to unknowingly inaccurate traces. Hence we're relying on whatever validation steps can be taken over the decoder.

derekbruening avatar Apr 26 '21 18:04 derekbruening

If more might be missing, the DC ZVA case may point to extra inspection warranted in areas of the ISA where loads or stores might be lurking but disguised as sub-opcodes of system or other instructions.

derekbruening avatar Apr 26 '21 18:04 derekbruening

Hence we're relying on whatever validation steps can be taken over the decoder.

We're identifying gaps in our test coverage of memory instructions and will shortly be working on PRs to test and fix failures.

AssadHashmi avatar Apr 27 '21 16:04 AssadHashmi

Missing opcodes that touch memory: 0 of 48 as at 17-06-21.

AssadHashmi avatar Jun 17 '21 17:06 AssadHashmi

Are adr and adrp supported? The tests for them are still disabled in ir_aarch64.c:

#if 0 /* TODO i#4847: add memory touching instructions */
    adr(dcontext);
    adrp(dcontext);
#endif

derekbruening avatar Jan 27 '22 16:01 derekbruening

Also:

#if 0 /* TODO i#4847: address memory touching instructions that fail to encode */
        ldr_base_literal(dc);
#endif

For #3995 we will use opnd_create_rel_addr for the drbbdup case encoding: I'm worried it's not going to encode, given the above disabled test for this operand type.

derekbruening avatar Jan 27 '22 16:01 derekbruening

We want to have the encoder handle ABS_ADDR_kind as well by treating it like REL_ADDR_kind: #5295

derekbruening avatar Jan 27 '22 17:01 derekbruening

We want to have the encoder handle ABS_ADDR_kind as well by treating it like REL_ADDR_kind: #5295

This is still up in the air: see #5295. It may be better to just not support abs-addr for AArchXX.

derekbruening avatar Jan 27 '22 18:01 derekbruening

For #3995 we will use opnd_create_rel_addr for the drbbdup case encoding: I'm worried it's not going to encode, given the above disabled test for this operand type.

Confirmed: OP_ldr with a pc-relative opnd fails to encode. It results in an assert when logging: #5316.

We will have to try to work around this for drbbdup on aarchxx #4134.

derekbruening avatar Feb 01 '22 21:02 derekbruening