search

NationalSecurityAgency / ghidra

Ghidra is a software reverse engineering (SRE) framework
https://www.nsa.gov/ghidra
Apache License 2.0
50.48k stars 5.77k forks source link

Tricore decompile function result: Unknown Error #1473

Closed arkup closed 4 years ago

arkup commented 4 years ago

Describe the bug Tricore decompile is great but sometimes I get "Unknown Error". I don't know what is the issue, perhaps unsupported instruction in SLEIGH language e.g.

                             undefined  FUN_00000000 ()
             undefined         d2:1           <RETURN>
                             FUN_00000000
        00000000 19  0f  04  68    ld.w       d15 ,[a0]-0x7e7c
        00000004 37  0f  63  23    extr.u     d2,d15 ,#0x6 ,#0x3
        00000008 59  42  08  00    st.w       [a4]0x8 ,d2
        0000000c 07  ff  02  21    nand.t     d2,d15 ,#0x2 ,d15 ,#0x2
        00000010 f9  42  06  00    st.h       [a4]0x6 ,d2
        00000014 37  0f  e1  21    extr.u     d2,d15 ,#0x3 ,#0x1
        00000018 37  0f  62  f2    extr.u     d15 ,d15 ,#0x4 ,#0x2
        0000001c f9  42  04  00    st.h       [a4]0x4 ,d2
        00000020 6c  40           st.w       [a4]#0x0 ,d15
        00000022 19  0f  08  68    ld.w       d15 ,[a0]-0x7e78
        00000026 8f  3f  c0  f1    andn       d15 ,d15 ,#0x3
        0000002a 6c  43           st.w       [a4]#0xc ,d15
        0000002c 19  02  34  48    ld.w       d2,[a0]-0x7ecc
        00000030 37  02  e1  f7    extr.u     d15 ,d2,#0xf ,#0x1
        00000034 06  2f           sh         d15 ,#0x2
        00000036 8b  02  20  f5    or.lt      d15 ,d2,#0x0
        0000003a 6c  44           st.w       [a4]#0x10 ,d15
        0000003c 19  0f  38  48    ld.w       d15 ,[a0]-0x7ec8
        00000040 8f  1f  1e  20    sh         d2,d15 ,#-0x1f
        00000044 37  0f  e1  f7    extr.u     d15 ,d15 ,#0xf ,#0x1
        00000048 06  12           sh         d2,#0x1
        0000004a 06  3f           sh         d15 ,#0x3
        0000004c a6  f2           or         d2,d15
        0000004e 02  23           mov        d3,d2
        00000050 49  42  50  08    ldmst      [a4]0x10 ,d2/d3
        00000054 00  90           ret

To Reproduce Steps to reproduce the behavior:

  1. Save as binary echo GQ8EaDcPYyNZQggAB/8CIflCBgA3D+EhNw9i8vlCBABsQBkPCGiPP8DxbEMZAjRINwLh9wYviwIg9WxEGQ84SI8fHiA3D+H3BhIGP6byAiNJQlAIAJA= | base64 -d > tricore_func.bin
  2. Open as Tricore:LE:32:default
  3. Create a function
  4. Check decompiler result -> Unknown Error

Expected behavior Decompiled function.

Environment (please complete the following information):

esaulenka commented 4 years ago

@arkup, try to set a0 register for your code.

To do this, just select code (menu Select -> Instructions) and press Ctrl-R. For test you can use any value, but to correct disassembly you should find a0 assignment in startup code.

PS

// assume a0 = 0x0

void FUN_00000000(uint *param_1)
{
  uint uVar1;

  uVar1 = uRamffff8184;
  param_1[2] = uRamffff8184 >> 6 & 7;
  *(ushort *)((int)param_1 + 6) = (ushort)!(bool)((byte)(uVar1 >> 2) & 1 & (byte)(uVar1 >> 2) & 1);
  *(ushort *)(param_1 + 1) = (ushort)(uVar1 >> 3) & 1;
  *param_1 = uVar1 >> 4 & 3;
  param_1[3] = uRamffff8188 & 0xfffffffc;
  param_1[4] = (uRamffff8134 >> 0xf & 1) << 2 | (uint)((int)uRamffff8134 < 0);
  uVar1 = (uRamffff8138 >> 0x1f) << 1 | (uRamffff8138 >> 0xf & 1) << 3;
  param_1[4] = param_1[4] & ~uVar1 | uVar1;
  return;
}
mumbel commented 4 years ago

I didn't write any Java with the initial PR. I think duplicating the code from MIPS and gp for example may do the similar auto-analysis things for a0/a1/a8/a9.

Ghidra/Processors/MIPS/src/main/java/ghidra/app/plugin/core/analysis/MipsAddressAnalyzer.java

arkup commented 4 years ago

@esaulenka great! thanks a lot for the info