Remaining unlifted instructions from ARM64e DYLD

lwerdna commented 3 years ago

This is just a branch off of issue Vector35/binaryninja-api#4002 for the DYLD binary (@brinlyau provided) in particular.

Current unlifted status:

       4            swpl [0x52168, 0x52370, 0x540d8, 0x54188]
       3         ldaddal [0x10368, 0x4c898, 0x557d4]
       2            uxtl [0x2ad98, 0x2b1b4]
       2              dc [0x52d40, 0x52d40]
       1             xtn [0x274a8]
       1           ucvtf [0x47988]
       1            ldxr [0x56e20]
       1            stxr [0x56e28]

lwerdna commented 3 years ago

       2            uxtl [0x2ad98, 0x2b1b4]
       2              dc [0x52d40, 0x52d40]
       1             xtn [0x274a8]
       1           ucvtf [0x47988]
       1            ldxr [0x56e20]
       1            stxr [0x56e28]

brinlyau commented 1 year ago

These are all fixed in the latest master branch. Think you could pretty much close it now (or once it's in -dev)

lwerdna commented 1 year ago

Hmmm I'm not getting ucvtf to work. Let me double check where I am in git world.

uxtl/uxtl2:

93a6206f                        uxtl2   v19.2d, v20.4s
02a6202f                        uxtl    v2.2d, v16.2s
4ba6206f                        uxtl2   v11.2d, v18.4s
26a4082f                        uxtl    v6.8h, v1.8b

0: LLIL_SET_REG.q(v19.d[0],LLIL_REG.d(v20.s[2]))
1: LLIL_SET_REG.q(v19.d[1],LLIL_REG.d(v20.s[3]))
2: LLIL_SET_REG.q(v2.d[0],LLIL_REG.d(v16.s[0]))
3: LLIL_SET_REG.q(v2.d[1],LLIL_REG.d(v16.s[1]))
4: LLIL_SET_REG.q(v11.d[0],LLIL_REG.d(v18.s[2]))
5: LLIL_SET_REG.q(v11.d[1],LLIL_REG.d(v18.s[3]))
6: LLIL_SET_REG.w(v6.h[0],LLIL_REG.b(v1.b[0]))
7: LLIL_SET_REG.w(v6.h[1],LLIL_REG.b(v1.b[1]))
8: LLIL_SET_REG.w(v6.h[2],LLIL_REG.b(v1.b[2]))
9: LLIL_SET_REG.w(v6.h[3],LLIL_REG.b(v1.b[3]))
10: LLIL_SET_REG.w(v6.h[4],LLIL_REG.b(v1.b[4]))
11: LLIL_SET_REG.w(v6.h[5],LLIL_REG.b(v1.b[5]))
12: LLIL_SET_REG.w(v6.h[6],LLIL_REG.b(v1.b[6]))
13: LLIL_SET_REG.w(v6.h[7],LLIL_REG.b(v1.b[7]))

dc:

3a7d0bd5                        dc      cvadp, x26
38740bd5                        dc      zva, x24
3f740bd5                        dc      zva, xzr
527e08d5                        dc      cisw, x18

0: LLIL_INTRINSIC([],__dc,[LLIL_REG.q(x26)])
1: LLIL_INTRINSIC([],__dc,[LLIL_REG.q(x24)])
2: LLIL_INTRINSIC([],__dc,[LLIL_CONST.q(0x0)])
3: LLIL_INTRINSIC([],__dc,[LLIL_REG.q(x18)])

xtn/xtn2:

112b610e                        xtn     v17.4h, v24.4s
cd2b610e                        xtn     v13.4h, v30.4s
9e2a610e                        xtn     v30.4h, v20.4s
7b2a614e                        xtn2    v27.8h, v19.4s

0: LLIL_INTRINSIC([v17],vmovn_u32,[LLIL_REG.o(v24)])
1: LLIL_INTRINSIC([v13],vmovn_u32,[LLIL_REG.o(v30)])
2: LLIL_INTRINSIC([v30],vmovn_u32,[LLIL_REG.o(v20)])
3: LLIL_INTRINSIC([v27],vmovn_high_u32,[LLIL_REG.o(v19)])

ucvtf:

8dba5365                        ucvtf   z13.h, p6/m, z20.h
abb5d165                        ucvtf   z11.d, p5/m, z13.s
13a05565                        ucvtf   z19.h, p0/m, z0.s
25a59565                        ucvtf   z5.s, p1/m, z9.s
45a5d765                        ucvtf   z5.d, p1/m, z10.d
56ac5765                        ucvtf   z22.h, p3/m, z2.d
23aad565                        ucvtf   z3.s, p2/m, z17.d

0: LLIL_UNIMPL()
1: LLIL_UNIMPL()
2: LLIL_UNIMPL()
3: LLIL_UNIMPL()
4: LLIL_UNIMPL()
5: LLIL_UNIMPL()
6: LLIL_UNIMPL()

ldxr:

c07f5f88                        ldxr    w0, [x30]
237d5fc8                        ldxr    x3, [x9]

0: LLIL_INTRINSIC([w0],__ldxr,[LLIL_REG.q(x30)])
1: LLIL_INTRINSIC([x3],__ldxr,[LLIL_REG.q(x9)])

stxr:

627f0488                        stxr    w4, w2, [x27]
c17f0bc8                        stxr    w11, x1, [x30]

0: LLIL_INTRINSIC([w4],__stxr,[LLIL_REG.d(w2),LLIL_REG.q(x27)])
1: LLIL_INTRINSIC([w11],__stxr,[LLIL_REG.q(x1),LLIL_REG.q(x30)])

lwerdna commented 1 year ago

As of cb41c34f the non-predicated UCVTF instructions are lifted to intrinsics.

Vector35 / binaryninja-api

Remaining unlifted instructions from ARM64e DYLD #4000