Giters

capstone-engine / capstone

Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.

Home Page:http://www.capstone-engine.org

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Issue in detail feature for ARM post-incrementing ldrb/strb instructions

chiffreKing opened this issue · comments

commented

There are different instructions where the access details of memory operands is incorrect interpreted:

cstool -d thumb 11f8013b
 0  11 f8 01 3b  ldrb   r3, [r1], #1
        ID: 84 (ldrb)
        op_count: 3
                operands[0].type: REG = r3
                operands[0].access: WRITE
                operands[1].type: MEM
                        operands[1].mem.base: REG = r1
                operands[2].type: IMM = 0x1
        Write-back: True
        Registers read: r1
        Registers modified: r3 r1
        Groups: thumb2


cstool -d thumb 00f8013b
 0  00 f8 01 3b  strb   r3, [r0], #1
        ID: 241 (strb)
        op_count: 3
                operands[0].type: REG = r3
                operands[0].access: READ
                operands[1].type: MEM
                        operands[1].mem.base: REG = r0
                operands[2].type: IMM = 0x1
        Write-back: True
        Registers read: r3 r0
        Registers modified: r0
        Groups: thumb2

As you can see in both cases the access type for both memory operations is missing.
Using capstone v5.0.1

commented

They work in the next branch:

$ ./cstool -d thumb 11f8013b
 0  11 f8 01 3b  ldrb	r3, [r1], #1
	ID: 23 (ldrb)
	op_count: 2
		operands[0].type: REG = r3
		operands[0].access: WRITE
		operands[1].type: MEM
			operands[1].mem.base: REG = r1
			operands[1].mem.scale: 0
			operands[1].mem.disp: 0x1
		operands[1].access: READ
	Write-back: True
	Post index: True
	Registers read: r1
	Registers modified: r1 r3
	Groups: IsThumb2 

$ ./cstool -d thumb 11f8013b
 0  11 f8 01 3b  ldrb	r3, [r1], #1
	ID: 23 (ldrb)
	op_count: 2
		operands[0].type: REG = r3
		operands[0].access: WRITE
		operands[1].type: MEM
			operands[1].mem.base: REG = r1
			operands[1].mem.scale: 0
			operands[1].mem.disp: 0x1
		operands[1].access: READ
	Write-back: True
	Post index: True
	Registers read: r1
	Registers modified: r1 r3
	Groups: IsThumb2

I would advice you to use it. It contains way more precise disassembly and also supports the newly added processor extensions.

commented

@chiffreKing Can you provide me with a list of instructions which have the incorrect access flags?
I would fix them manually and they can be part of the v5.0.2 release. If you don't have a list, I would only fix the two you mention.
Because investigating which instructions are all broken in v5 takes way too long. And we have the better next branch.