As part of a research project testing the accuracy of the SLEIGH specifications compared to real hardware, we observed an unexpected behaviour in the vld1 instruction for both, AArch32 (ARM:LE:32:v8) & Thumb (ARM:LE:32:v8T).
According to the manual, the post-indexed behaviour uses the ebytes for write back. However, we noticed the output was incorrect.
As part of a research project testing the accuracy of the SLEIGH specifications compared to real hardware, we observed an unexpected behaviour in the
vld1instruction for both, AArch32 (ARM:LE:32:v8) & Thumb (ARM:LE:32:v8T).According to the manual, the post-indexed behaviour uses the ebytes for write back. However, we noticed the output was incorrect.
e.g, for AArch32 with,
Instruction:
0x4d0ca0f4, vld1.16 {d0[]},[r0]!initial_memory:{ "0x0": [ 0xbb, 0xda] }We get:
Hardware:
{ "q0": 0xdabbdabbdabbdabb, "r0": 0x2 }Patched Spec:{ "q0": 0xdabbdabbdabbdabb, "r0": 0x2 }Existing Spec:{ "q0": 0xdabbdabbdabbdabb, "r0": 0x1 }e.g, for Thumb with,
Instruction:
0xebf95dfc, vld1.16 {d31[]},[r11@16]!initial_memory:{ "0x0": [ 0xbb, 0xda] }We get:
Hardware:
{ "q15": 0xdabbdabbdabbdabb0000000000000000, "r11": 0x2 }Patched Spec:{ "q15": 0xdabbdabbdabbdabb0000000000000000, "r11": 0x2 }Existing Spec:{ "q15": 0xdabbdabbdabbdabb0000000000000000, "r11": 0x1 }Note: The patched spec does not introduce any disassembly changes to the best of our knowledge.