Handle arm64's BTI instruction as a nop ##analysis (#20452)

* Revert "ARM disassembler: don't compute [pc, reg] memory location ##analysis" This reverts commit 97761f8ef0.
2022-07-15 14:07:21 +02:00 · 2022-07-15 14:07:21 +02:00 · 2b3d0f1f0a
parent 367f888818
commit 2b3d0f1f0a
6 changed files with 45 additions and 37 deletions
--- a/libr/anal/p/anal_arm_cs.c
+++ b/libr/anal/p/anal_arm_cs.c
@ -3004,7 +3004,7 @@ r6,r5,r4,3,sp,[*],12,sp,+=
 		addr &= ~3LL;
 		if (MEMDISP(1) < 0) {
 			const char *pc = "$$";
-			if (REGBASE(1) == ARM_REG_PC && !HASMEMINDEX(1)) {
+			if (REGBASE(1) == ARM_REG_PC) {
 				op->refptr = 4;
 				op->ptr = addr + pcdelta + MEMDISP(1);
 				r_strbuf_appendf (&op->esil, "0x%"PFMT64x",2,2,%s,%d,+,>>,<<,+,0xffffffff,&,[4],0x%x,&,%s,=",
@ -3021,7 +3021,7 @@ r6,r5,r4,3,sp,[*],12,sp,+=
 				}
 			}
 		} else {
-			if (REGBASE(1) == ARM_REG_PC && !HASMEMINDEX(1)) {
+			if (REGBASE(1) == ARM_REG_PC) {
 				const char *pc = "$$";
 				op->refptr = 4;
 				op->ptr = addr + pcdelta + MEMDISP(1);
@ -3426,6 +3426,12 @@ static void anop64(csh handle, RAnalOp *op, cs_insn *insn) {
 	case ARM64_INS_CINC:
 		op->type = R_ANAL_OP_TYPE_CMOV;
 		break;
+#if 0
+	case ARM64_INS_BTI:
+		op->type = R_ANAL_OP_TYPE_NOP;
+		op->family = R_ANAL_OP_FAMILY_SECURITY;
+		break;
+#endif
 	case ARM64_INS_MOV:
 		if (REGID64(0) == ARM64_REG_SP) {
 			op->stackop = R_ANAL_STACK_RESET;
@ -3442,10 +3448,10 @@ static void anop64(csh handle, RAnalOp *op, cs_insn *insn) {
 	case ARM64_INS_SBFX:
 	case ARM64_INS_UBFX:
 	case ARM64_INS_UBFM:
+	case ARM64_INS_BFI:
 	case ARM64_INS_SBFIZ:
 	case ARM64_INS_UBFIZ:
 	case ARM64_INS_BIC:
-	case ARM64_INS_BFI:
 	case ARM64_INS_BFXIL:
 		op->type = R_ANAL_OP_TYPE_MOV;
 		if (ISIMM64 (1)) {
@ -4083,7 +4089,7 @@ jmp $$ + 4 + ( [delta] * 2 )
 			op->stackop = R_ANAL_STACK_GET;
 			op->stackptr = 0;
 			op->ptr = -MEMDISP (1);
-		} else if (REGBASE (1) == ARM_REG_PC && !HASMEMINDEX (1)) {
+		} else if (REGBASE(1) == ARM_REG_PC) {
 			op->ptr = (addr & ~3LL) + (thumb? 4: 8) + MEMDISP (1);
 			op->refptr = 4;
 			if (REGID(0) == ARM_REG_PC && insn->detail->arm.cc != ARM_CC_AL) {
--- a/libr/anal/p/anal_arm_v35.c
+++ b/libr/anal/p/anal_arm_v35.c
@ -935,6 +935,10 @@ static void anop64(RAnal *a, RAnalOp *op, Instruction *insn) {
 	case ARM64_CINC:
 		op->type = R_ANAL_OP_TYPE_CMOV;
 		break;
+	case ARM64_BTI:
+		op->type = R_ANAL_OP_TYPE_NOP;
+		op->family = R_ANAL_OP_FAMILY_SECURITY;
+		break;
 	case ARM64_MOV:
 		if (REGID64(0) == REG_SP) {
 			op->stackop = R_ANAL_STACK_RESET;
@ -1238,7 +1242,6 @@ static void anop64(RAnal *a, RAnalOp *op, Instruction *insn) {
 }

 static int analop_esil(RAnal *a, RAnalOp *op, ut64 addr, const ut8 *buf, int len, Instruction *insn) {
-
 	const char *postfix = "";

 	r_strbuf_init (&op->esil);
@ -1305,6 +1308,8 @@ static int analop_esil(RAnal *a, RAnalOp *op, ut64 addr, const ut8 *buf, int len
 			"8,0x00ff00ff00ff00ff,%s,&,<<,tmp,|=,tmp,%s,=",
 			REG64 (1), REG64 (1), REG64 (0));
 		break;
+	case ARM64_BTI:
+		break;
 	case ARM64_ADR:
 		// TODO: must be 21bit signed
 		r_strbuf_setf (&op->esil,
--- a/libr/core/cmd_anal.c
+++ b/libr/core/cmd_anal.c
@ -60,7 +60,7 @@ static const char *help_msg_afna[] = {

 static const char *help_msg_afu[] = {
 	"Usage:", "afu", "[addr]   # resize and analyze function from current address until addr.",
-	"afu", " 0x100004093", "Resize and analyze function from current address until 0x100004093",
+	"afu", " 0x100004093", "resize and analyze function from current address until 0x100004093",
 	NULL
 };

@ -175,7 +175,7 @@ static const char *help_msg_aa[] = {
 	"aar", "[?] [len]", "analyze len bytes of instructions for references",
 	"aas", " [len]", "analyze symbols (af @@= `isq~[0]`)",
 	"aaS", "", "analyze all flags starting with sym. (af @@ sym.*)",
-	"aat", " [fcn]", "Analyze all/given function to convert immediate to linked structure offsets (see tl?)",
+	"aat", " [fcn]", "analyze all/given function to convert immediate to linked structure offsets (see tl?)",
 	"aaT", " [len]", "analyze code after trap-sleds",
 	"aau", " [len]", "list mem areas (larger than len bytes) not covered by functions",
 	"aav", "[?] [sat]", "find values referencing a specific section or map",
@ -756,12 +756,12 @@ static const char *help_msg_ag[] = {
 static const char *help_msg_age[] = {
 	"Usage:", "age [title1] [title2]", "",
 	"Examples:", "", "",
-	"age", " title1 title2", "Add an edge from the node with \"title1\" as title to the one with title \"title2\"",
-	"age", " \"title1 with spaces\" title2", "Add an edge from node \"title1 with spaces\" to node \"title2\"",
-	"age-", " title1 title2", "Remove an edge from the node with \"title1\" as title to the one with title \"title2\"",
-	"ageh", "", "List all the highlighted edges",
-	"ageh", " nodeA nodeB", "Highlight edge between nodeA and nodeB",
-	"ageh-", " nodeA nodeB", "Highlight edge between nodeA and nodeB",
+	"age", " title1 title2", "add an edge from the node with \"title1\" as title to the one with title \"title2\"",
+	"age", " \"title1 with spaces\" title2", "add an edge from node \"title1 with spaces\" to node \"title2\"",
+	"age-", " title1 title2", "remove an edge from the node with \"title1\" as title to the one with title \"title2\"",
+	"ageh", "", "list all the highlighted edges",
+	"ageh", " nodeA nodeB", "highlight edge between nodeA and nodeB",
+	"ageh-", " nodeA nodeB", "highlight edge between nodeA and nodeB",
 	"age?", "", "show this help",
 	NULL
 };
@ -778,7 +778,7 @@ static const char *help_msg_agn[] = {
 };

 static const char *help_msg_ah[] = {
-	"Usage:", "ah[lba-]", "Analysis Hints",
+	"Usage:", "ah[lba-]", "analysis Hints",
 	"ah?", "", "show this help",
 	"ah?", " offset", "show hint of given offset",
 	"ah", "", "list hints in human-readable format",
@ -802,7 +802,7 @@ static const char *help_msg_ah[] = {
 	"ahr", " val", "set hint for return value of a function",
 	"ahs", " 4", "set opcode size=4",
 	"ahS", " jz", "set asm.syntax=jz for this opcode",
-	"aht", "[s][?] <type>", "Mark immediate as a type offset (deprecated, moved to \"aho\")",
+	"aht", "[s][?] <type>", "mark immediate as a type offset (deprecated, moved to \"aho\")",
 	"ahv", " val", "change opcode's val field (useful to set jmptbl sizes in jmp rax)",
 	NULL
 };
@ -848,7 +848,7 @@ static const char *help_msg_ahi[] = {
 };

 static const char *help_msg_aht[] = {
-	"Usage:", "aht[s] [addr|type]", "Mark immediate as type offset (moved to aho)",
+	"Usage:", "aht[s] [addr|type]", "mark immediate as type offset (moved to aho)",
 	"ahts", " <offset>", "list all matching structure offsets",
 	"aht", " <struct.member>", "change immediate to structure offset",
 	"aht?", "", "show this help",
@ -863,7 +863,7 @@ static const char *help_msg_aot[] = {
 };

 static const char *help_msg_aom[] = {
-	"Usage:", "aom[ljd] [arg]", "List opcode mnemonics",
+	"Usage:", "aom[ljd] [arg]", "list opcode mnemonics",
 	"aom", "", "show instruction mnemonic",
 	"aom.", "", "show instruction mnemonic in current address",
 	"aoml", "", "list all mnemonics",
@ -873,7 +873,7 @@ static const char *help_msg_aom[] = {
 };

 static const char *help_msg_ao[] = {
-	"Usage:", "ao[e?] [len]", "Analyze Opcodes",
+	"Usage:", "ao[e?] [len]", "analyze Opcodes",
 	"ao", " 5", "display opcode analysis of 5 opcodes",
 	"ao*", "", "display opcode in r commands",
 	"aoc", " [cycles]", "analyze which op could be executed in [cycles]",
@ -925,7 +925,7 @@ static const char *help_msg_ar[] = {
 };

 static const char *help_msg_ara[] = {
-	"Usage:", "ara[+-s]", "Register Arena Push/Pop/Swap",
+	"Usage:", "ara[+-s]", "register Arena Push/Pop/Swap",
 	"ara", "", "show all register arenas allocated",
 	"ara", "+", "push a new register arena for each type",
 	"ara", "-", "pop last register arena",
@ -935,7 +935,7 @@ static const char *help_msg_ara[] = {

 static const char *help_msg_arw[] = {
 	"Usage:", "arw ", "# Set contents of the register arena",
-	"arw", " <hexnum>", "Set contents of the register arena",
+	"arw", " <hexnum>", "set contents of the register arena",
 	NULL
 };

@ -5360,9 +5360,9 @@ void cmd_anal_reg(RCore *core, const char *str) {
 			// TODO #7967 help refactor: dup from drp
 			const char *help_msg[] = {
 				"Usage:", "drs", " # Register states commands",
-				"drs", "", "List register stack",
-				"drs+", "", "Push register state",
-				"drs-", "", "Pop register state",
+				"drs", "", "list register stack",
+				"drs+", "", "push register state",
+				"drs-", "", "pop register state",
 				NULL };
 			r_core_cmd_help (core, help_msg);
 		} break;
--- a/libr/parse/p/parse_arm_pseudo.c
+++ b/libr/parse/p/parse_arm_pseudo.c
@ -360,19 +360,16 @@ static bool subvar(RParse *p, RAnalFunction *f, ut64 addr, int oplen, char *data
 			if (!ripend) {
 				ripend = "]";
 			}
-			char * maybe_num = neg? neg+1 : rip;
-			if (r_is_valid_input_num_value (NULL, maybe_num)) {
-				if (neg) {
-					repl_num -= r_num_get (NULL, maybe_num);
-				} else {
-					repl_num += r_num_get (NULL, maybe_num);
-				}
-				rip -= 3;
-				*rip = 0;
-				tstr_new = r_str_newf ("%s0x%08"PFMT64x"%s", tstr, repl_num, ripend);
-				free (tstr);
-				tstr = tstr_new;
+			if (neg) {
+				repl_num -= r_num_get (NULL, neg + 1);
+			} else {
+				repl_num += r_num_get (NULL, rip);
 			}
+			rip -= 3;
+			*rip = 0;
+			tstr_new = r_str_newf ("%s0x%08"PFMT64x"%s", tstr, repl_num, ripend);
+			free (tstr);
+			tstr = tstr_new;
 		}
 	}

--- a/shlr/Makefile
+++ b/shlr/Makefile
@ -39,7 +39,7 @@ ifeq ($(USE_CS4),1)
 CS_TIP=a7cac8352f7397aa73bb2e2dcc1b6cdb2e1b8461
 CS_BRA=v4
 else
-CS_TIP=6a6985142d15e7fe58e48b1b8c8e5753f1aaf43b
+CS_TIP=ba0bcda5c5ed59a06c7566fbb9f37d827b8d3e06
 CS_BRA=next
 endif
 ifeq ($(CS_COMMIT_ARCHIVE),1)
--- a/shlr/meson.build
+++ b/shlr/meson.build
@ -19,7 +19,7 @@ if not capstone_dep.found() or not get_option('use_sys_capstone')
    patches_files = []
    # NOTE: when you update CS_TIP or CS_BRA, also update them in shlr/Makefile
    if capstone_version == 'v5'
-      CS_TIP = '6a6985142d15e7fe58e48b1b8c8e5753f1aaf43b'
+      CS_TIP = 'ba0bcda5c5ed59a06c7566fbb9f37d827b8d3e06'
      CS_BRA = 'next'
      patches_files = [
        'fix-x86-16.patch',