Comments (10)
lunixbochs
commented on May 14, 2024
I don't have many tests for this (because my ARM test binaries all die very early right now) but it looks like conditional branching is completely broken on ARM
from unicorn.
aquynh
commented on May 14, 2024
this bug is quite strange.
can you confirm this works well in Qemu? any quick way to test it?
from unicorn.
lunixbochs
commented on May 14, 2024
Yeah, I pulled this opcode from a hang in one of my ARM ELF test binaries under Usercorn. I ran the same binary in qemu-user and it worked fine. Some of my other ARM test binaries exhibited an identical hang with different conditional branch instructions, but they all work in qemu-user.
from unicorn.
aquynh
commented on May 14, 2024
can you put this binary somewhere, with instructions on how to reproduce with qemu-user ?
from unicorn.
lunixbochs
commented on May 14, 2024
All of my ARM tests have an unclear license right now. Pick any ARM binary from a Linux distro and it should have a conditional branch in it.
from unicorn.
danghvu
commented on May 14, 2024
Disable tcg optimization makes it work. Still unsure this is unicorn bug or qemu bug.
Potentially affect many other instructions when we have callback and the instructions are removed. I think it's the safest to just remove optimization, but wonder if there is a middle-ground to fix this.
diff --git a/qemu/tcg/tcg.c b/qemu/tcg/tcg.c
index 4246504..bac13e0 100644
--- a/qemu/tcg/tcg.c
+++ b/qemu/tcg/tcg.c
@@ -23,7 +23,7 @@
*/
/* define it to use liveness analysis (better code) */
-#define USE_LIVENESS_ANALYSIS
+// #define USE_LIVENESS_ANALYSIS
#define USE_TCG_OPTIMIZATIONS
#include "config.h"from unicorn.
lunixbochs
commented on May 14, 2024
It doesn't hang in normal qemu-user, though.
from unicorn.
danghvu
commented on May 14, 2024
Update:
This is the JIT, the one in *** [...] *** is removed by liveness analysis because apparently "pc" reg is treated as "dead" ?
movi_i32 tmp5,$0x4
movi_i64 tmp6,$0x1020c8fc0
movi_i64 tmp7,$0x7fbe4e803600
movi_i64 tmp8,$0x1000
movi_i64 tmp9,$0x1
call uc_tracecode,$0x0,$0,tmp5,tmp6,tmp7,tmp8,tmp9
ld_i32 tmp10,env,$0xfffffffffffffff4
movi_i32 tmp11,$0x0
brcond_i32 tmp10,tmp11,ne,$0x0
movi_i32 tmp10,$0x0
brcond_i32 ZF,tmp10,ne,$0x1
***mov_i32 tmp10,r14***
***movi_i32 tmp11,$0xfffffffffffffffe***
***and_i32 pc,tmp10,tmp11***
movi_i32 tmp11,$0x1
and_i32 tmp10,tmp10,tmp11
st_i32 tmp10,env,$0x218
exit_tb $0x0
set_label $0x1
goto_tb $0x1
movi_i32 pc,$0x1004
exit_tb $0x117018001
set_label $0x0
exit_tb $0x117018003
from unicorn.
danghvu
commented on May 14, 2024
This should be fixed now, please confirm
from unicorn.
lunixbochs
commented on May 14, 2024
Looks good, now I can actually get to far enough to need #147 :)
from unicorn.
Related Issues (20)
- v2.1.0 Plan HOT 9
- Re-align Unicorn register enum values with updated Capstone register enum values HOT 2
- Question and maybe even suggestion : ) HOT 3
- unicorn for cygwin HOT 1
- RISC-V64 incorrectly returns error when calling `emu_start` with `count` = 1 at end of page
- Memory hooks cause incorrect emulation of the carry flag for the SAR instrution on x86_64 HOT 2
- ctl_set_cpu_model issues HOT 2
- Difference between memory and block hooks HOT 5
- mips 3 issues HOT 2
- When running x86 simulation in unrestricted mode, there's an EFLAGS error upon exiting HOT 3
- distutils deprecation
- UC_HOOK_INTR not observed HOT 1
- Changing x86 32 bit execution to x86 64 bit and vice versa HOT 3
- glib_compat breaks Qt Widgets with glib backend HOT 11
- page_collection_lock causing a crash HOT 3
- Does memory need to be mapped aligned to page boundaries? HOT 1
- Ignoring a Branchs/Handling Invalid Memory Access Handling Gracefully HOT 4
- Setting RIP inside callback doesn't change execution flow HOT 1
- Paging doesn't work on x86, is that by design? HOT 4
- ARM32 Cortex A9 MRRC instruction UC_ERR_INSN_INVALID HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from unicorn.