capstone icon indicating copy to clipboard operation
capstone copied to clipboard
verified publisher icon capstone-engine

[Alpha] BSR, JMP, JSR instructions are not disassembled

Open cetuscetus opened this issue 1 year ago • 4 comments

Work environment

Questions Answers
OS/arch/bits MacOS x86
Architecture alpha
Source of Capstone git clone
Version/git commit 0a29bf80017b8422c79ba51e3ad5c34ba5ee6142

Instruction bytes giving faulty results

0x12, 0x00, 0x80, 0xd3
0x3a, 0x00, 0xc0, 0xd3
0x2e, 0x00, 0xa0, 0xd3
0x1a, 0x00, 0x40, 0xd3
0x44, 0x00, 0x00, 0x68
0x1a, 0x00, 0x40, 0x6b
0x44, 0x40, 0x00, 0x68
0x1a, 0x40, 0x40, 0x6b

(8 sample instructions)

Expected results

It should be:

   0:	12 00 80 d3 	bsr	$28,0x4c
   4:	3a 00 c0 d3 	bsr	$30,0xf0
   8:	2e 00 a0 d3 	bsr	$29,0xc4
   c:	1a 00 40 d3 	bsr	$26,0x78
  10:	44 00 00 68 	jmp	$0,($0),0x124
  14:	1a 00 40 6b 	jmp	$26,($0),0x80
  18:	44 40 00 68 	jsr	$0,($0),0x12c
  1c:	1a 40 40 6b 	jsr	$26,($0),0x88

This is the output of objdump -m alpha -b binary -D test.bin where I replaced symbolic register names with numeric to match capstone output.

Steps to get the wrong result

With cstool:

cstool -s alpha "12 00 80 d3 3a 00 c0 d3 2e 00 a0 d3 1a 00 40 d3 44 00 00 68 1a 00 40 6b 44 40 00 68 1a 40 40 6b"
 0  12 00 80 d3  .byte	0x12, 0x00, 0x80, 0xd3
 4  3a 00 c0 d3  .byte	0x3a, 0x00, 0xc0, 0xd3
 8  2e 00 a0 d3  .byte	0x2e, 0x00, 0xa0, 0xd3
 c  1a 00 40 d3  bsr	$26,$0x78 ..ng
10  44 00 00 68  .byte	0x44, 0x00, 0x00, 0x68
14  1a 00 40 6b  .byte	0x1a, 0x00, 0x40, 0x6b
18  44 40 00 68  .byte	0x44, 0x40, 0x00, 0x68
1c  1a 40 40 6b  .byte	0x1a, 0x40, 0x40, 0x6b

The BSR instruction is only disassembled when used with register $26 (ra). There is also an extra ..ng at the end, which shouldn't be there.

JMP and JSR instructions are not disassembled at all.

Thank you.

cetuscetus avatar Dec 10 '24 23:12 cetuscetus

For Alpha we used LLVM 3 as a basis. This means they likely haven't added those instructions when they deprecated the whole architecture.

Are you aware of any other LLVM fork with Alpha still maintained? Otherwise we would need to add those instructions into our td files.

cc @R33v0LT

Rot127 avatar Dec 11 '24 13:12 Rot127

Otherwise we would need to add those instructions into our td files

I checked the current Alpha td files. Indeed, the jmp, bsr, jsr instructions are described only for specific registers. I think it is possible to manually try to add the missing ones

R33v0LT avatar Dec 11 '24 13:12 R33v0LT

Those ones?

let isCall = 1, Ra = 23, Rb = 27, disp = 0,
    Defs = [R23, R24, R25, R27, R28], Uses = [R24, R25, R27] in
  def JSRs : MbrForm< 0x1A, 0x01, (ins), "jsr $$23,($$27),0", s_jsr>; //Jump to div or rem

Did they really hard code back then what registers these instructions use? Was this ever defined like this in any ISA?

But yes, would really appreciate it if you could add them as regular operands.

Rot127 avatar Dec 11 '24 13:12 Rot127

@Rot127 I don't think "outdated module" label applies here, since Alpha was essentially auto-synced.

XVilka avatar Dec 27 '24 16:12 XVilka