Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AArch64: fix ldrb size #1433

Merged
merged 2 commits into from
May 16, 2019
Merged

AArch64: fix ldrb size #1433

merged 2 commits into from
May 16, 2019

Conversation

nkaretnikov
Copy link
Contributor

@nkaretnikov nkaretnikov commented May 14, 2019
edited by offlinemark
Loading

This change is Reviewable

@nkaretnikov nkaretnikov force-pushed the aarch64-fix-ldrb-size branch from d4eba39 to d308f3f Compare May 14, 2019 13:10
@nkaretnikov
Copy link
Contributor Author

Force-pushed after changing the test constant to a more suitable value.

@nkaretnikov
Copy link
Contributor Author

On AArch64, the symbolic tests work by setting a register to a symbolic value. For load instructions, this register is the stack pointer. Turns out, it's not enough as the memory can also be symbolic. This PR adds a test for one pair of store/load instructions and fixes a related bug (incorrect load due to a size mismatch between the loaded value and target register).

@nkaretnikov
Copy link
Contributor Author

BTW, you can trigger the bug by reverting the top commit and running the new test:

# git revert @
# nosetests -s tests/native/test_aarch64cpu.py:Aarch64SymInstructions -m 'test_strb_ldrb_imm_base32'
[...]
  File "/manticore/manticore/native/cpu/aarch64.py", line 3249, in LDRB
    cpu._LDRB_immediate(reg_op, mem_op, mimm_op)
  File "/manticore/manticore/native/cpu/aarch64.py", line 3222, in _LDRB_immediate
    cpu._ldr_str_immediate(reg_op, mem_op, mimm_op, ldr=True, size=8)
  File "/manticore/manticore/native/cpu/aarch64.py", line 1024, in _ldr_str_immediate
    reg_op.write(result)
  File "/manticore/manticore/native/cpu/aarch64.py", line 5438, in write
    self.cpu.regfile.write(self.reg, value)
  File "/manticore/manticore/native/cpu/aarch64.py", line 194, in write
    assert value.size == size
AssertionError

ehennenfent
ehennenfent approved these changes May 14, 2019
View reviewed changes
Copy link
Contributor

@ehennenfent ehennenfent left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Appreciate you adding a test for this.

@ehennenfent ehennenfent merged commit 65b7314 into trailofbits:master May 16, 2019
ekilmer added a commit that referenced this pull request May 17, 2019
@ekilmer
Merge branch 'master' into native-arb-cf-redirect-detector
c831760 
* master: (28 commits)
  AArch64: fix ldrb size (#1433)
  System Call Audit (#1384)
  ManticoreBase refactor (#1385)
  Add missing checks for ARM boundaries (#1429)
  aarch64: add instruction tests: T-U (#1423)
  aarch64: add instruction tests: M-S (#1422)
  aarch64: add instruction tests: C-L (#1421)
  aarch64: add instruction tests: A-B (#1420)
  aarch64: add everything except instructions (#1418)
  fixup: support ARM64 in '_reg_name'
  Revert "fixup: remove x86-specific code from '_reg_name'"
  review: avoid wildcard imports
  review: rename the file
  fixup: remove x86-specific code from '_reg_name'
  fixup: do not use relative imports
  Generates a more sensible symbolic default for constructor arguments (#1414)
  aarch64: add instructions
  aarch64: add everything except instructions
  Switches the Travis-CI badge from .org to .com (#1416)
  Performance optimization : use set instead of list (#1415)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ehennenfent ehennenfent ehennenfent approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nkaretnikov @ehennenfent