rizin
rizin copied to clipboard
rizinorg
PPC: Broken RZIL instructions
Work environment
| Questions | Answers |
|---|---|
| OS/arch/bits (mandatory) | - |
| File format of the file you reverse (mandatory) | - |
| Architecture/bits of the file (mandatory) | PPC |
rizin -v full output, not truncated (mandatory) |
wait for #2823 |
Broken instructions
A handful of common PPC instructions were not uplifted to RZIL in https://github.com/rizinorg/rizin/pull/2823 because they are broken in Capstone v4 or v5.
Note that most of them are already implemented but were removed because they could not be tested against a QEMU trace. Find the original implementations in this branch: https://github.com/Rot127/rizin/tree/ppc-rzil-broken-insn-impl
This is a list with descriptions:
Capstone v5
PPC_INS_MTOCRF,PPC_INS_MFOCRF: https://github.com/capstone-engine/capstone/issues/1903
Capstone v4 (fixed in v5)
./cstool -v
Cstool for Capstone Disassembler Engine v4.0.2
Capstone build: x86=1 arm=1 arm64=1 mips=1 ppc=1 sparc=1 sysz=1 xcore=1 m68k=1 tms320c64x=1 m680x=1 evm=1
PPC_INS_SLDI-> The immediate operand is missing incs_insn.detail.ppc./cstool -d ppc64 e4838a7a 0 e4 83 8a 7a sldi r10, r20, 0x10 ID: 935 (sldi) op_count: 2 operands[0].type: REG = r10 operands[1].type: REG = r20 # Missing imm 0x10PPC_INS_ISEL-> The register operand is set to a GPR. Although it should be CR register../cstool -d ppc64 9ebb407d 0 9e bb 40 7d isel r10, 0, r23, 14 ID: 303 (isel) op_count: 4 operands[0].type: REG = r10 operands[1].type: REG = r0 operands[2].type: REG = r23 operands[3].type: REG = r14 # Should be: cr3eq- all CR logical instructions -> Capstone v4 instructions hold GPRs instead of CR registers.
Example
./cstool -d ppc64 823be44d 0 82 3b e4 4d cror 15, 4, 7 ID: 59 (cror) op_count: 3 operands[0].type: REG = r15 # cr3un operands[1].type: REG = r4 # cr1lt operands[2].type: REG = r7 # cr1un PPC_INS_MFXER: -> see: https://github.com/rizinorg/rizin/issues/2900
