As part of a research project testing the accuracy of the SLEIGH specifications compared to real hardware, we observed an unexpected behaviour in the vpop instruction for both, AArch32 (ARM:LE:32:v8) & Thumb (ARM:LE:32:v8T).
According to the manual, it loads multiple consecutive Advanced SIMD and floating-point register file registers from the stack. However, we noticed the output was incorrect.
As part of a research project testing the accuracy of the SLEIGH specifications compared to real hardware, we observed an unexpected behaviour in the
vpopinstruction for both, AArch32 (ARM:LE:32:v8) & Thumb (ARM:LE:32:v8T).According to the manual, it loads multiple consecutive Advanced SIMD and floating-point register file registers from the stack. However, we noticed the output was incorrect.
e.g, for AArch32 with,
Instruction:
0x020abd7c, vpopvc {s0,s1}initial_memory:{ "0x0": [ 0xbb, 0xda, 0x60, 0xca, 0xe8, 0x7c, 0x26, 0xcf ] }We get:
Hardware:
{ "q0": 0xcf267ce8ca60dabb, "sp": 0x8 }Patched Spec:{ "q0": 0xcf267ce8ca60dabb, "sp": 0x8 }Existing Spec:{ "q0": 0xca60dabbcf267ce8, "sp": 0x8 }e.g, for Thumb with,
Instruction:
0xbdec020a, vpop {s0,s1}initial_memory:{ "0x0": [ 0xbb, 0xda, 0x60, 0xca, 0xe8, 0x7c, 0x26, 0xcf ] }We get:
Hardware:
{ "q0": 0xcf267ce8ca60dabb, "sp": 0x8 }Patched Spec:{ "q0": 0xcf267ce8ca60dabb, "sp": 0x8 }Existing Spec:{ "q0": 0xca60dabbcf267ce8, "sp": 0x8 }Note: The patched spec does not introduce any disassembly changes to the best of our knowledge.