search

SoftSec-KAIST / MeanDiff

Testing Intermediate Representations for Binary Analysis (ASE '17)
https://softsec-kaist.github.io/MeanDiff/
MIT License
79 stars 11 forks source link

Missing arithmetic operation - `xadd` #24

Open mfaerevaag opened 7 years ago

mfaerevaag commented 7 years ago

Description

When executing xadd instruction the add operation is forgotten.

Reference: xadd: Ref. Intel 64 and IA-32 Architecture Software Developer's Manual Vol. 2C 5-580

Affected instructions:

0x0fc1c0
0x640fc1c0
0x64670fc1c0
0x670fc1c0

Reproduction guide

Instruction:

00000000  0FC1C0            xadd eax,eax

Input:

pyvex.IRSB("\x0F\xC1\xC0", 0x8048000, archinfo.ArchX86())

Observed output:

IRSB {
   t0:Ity_I32 t1:Ity_I32 t2:Ity_I32 t3:Ity_I32

   00 | ------ IMark(0x0, 3, 0) ------
   01 | t0 = GET:I32(eax)
   02 | PUT(cc_op) = 0x00000003
   03 | PUT(cc_dep1) = t0
   04 | PUT(cc_dep2) = t0
   05 | PUT(cc_ndep) = 0x00000000
   06 | PUT(eax) = t0
   NEXT: PUT(eip) = 0x00000003; Ijk_Boring
}

Expected output: The add operation is included.

System Info

OS:

# uname -a
Linux ubuntu 4.10.0-28-generic #32-Ubuntu SMP Fri Jun 30 05:32:18 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=17.04
DISTRIB_CODENAME=zesty
DISTRIB_DESCRIPTION="Ubuntu 17.04"

PyVEX: 

#  pip freeze | grep pyvex
pyvex==6.7.4.12
yasong commented 3 years ago

It seems that this bug has not been repaired by PyVEX. I supposed that maybe this instruction won't appear in actual software.

sangkilc commented 3 years ago

Thanks for your interest. Quick google search shows this: https://stackoverflow.com/questions/57205494/why-is-there-a-locked-xadd-instruction-in-this-disassambled-stdstring-dtor

yasong commented 3 years ago

I know there is “xadd", but is there "xadd eax, eax" in the commodity software? Thanks.

sangkilc commented 3 years ago

Don't know 😄 But those forms can always appear in the future, if not now.