Aarch64: Instruction Disassembly/Lifting Completion

[plafosse]

The following is the list of instructions which we currently disassemble and lift (Fully or Partially). If you have any instructions which differ from this table, there is likely a bug or a documentation failure, please let us know (also if you could provide the opcodes that would be great).

Mnem	Disassembly	Lifting
adr	Full	Full
adrp	Full	Full
asr	Full	Full
b	Full	Full
bcc	Full	Full
beq	Full	Full
bics	Full	Full
bl	Full	Full
blr	Full	Full
blt	Full	Full
br	Full	Full
cbnz	Full	Full
cbz	Full	Full
csel	Full	Full
cset	Full	Full
eor	Full	Full
lsl	Full	Full
lsr	Full	Full
mov	Full	Full
mvn	Full	Full
nop	Full	Full
ret	Full	Full
sbfx	Full	Full
sdiv	Full	Full
sxtb	Full	Full
sxth	Full	Full
sxtw	Full	Full
ubfx	Full	Full
udiv	Full	Full
uxtb	Full	Full
uxth	Full	Full
add	Full	Partial
and	Full	Partial
ands	Full	Partial
bic	Full	Partial
cmn	Full	Partial
cmp	Full	Partial
ldp	Full	Partial
ldr	Full	Partial
ldrb	Full	Partial
ldrh	Full	Partial
ldrsb	Full	Partial
ldrsh	Full	Partial
neg	Full	Partial
orr	Full	Partial
stp	Full	Partial
str	Full	Partial
strb	Full	Partial
strh	Full	Partial
sub	Full	Partial
svc	Full	Partial
tst	Full	Partial
abs	Full	None
adc	Full	None
adcs	Full	None
addhn	Full	None
addhn2	Full	None
addp	Full	None
adds	Full	None
addv	Full	None
aesd	Full	None
aese	Full	None
aesimc	Full	None
aesmc	Full	None
at	Full	None
bfi	Full	None
bfxil	Full	None
bif	Full	None
bit	Full	None
brk	Full	None
bsl	Full	None
ccmn	Full	None
ccmp	Full	None
cinc	Full	Full
cinv	Full	Full
clrex	Full	None
cls	Full	None
clz	Full	None
cmeq	Full	None
cmge	Full	None
cmgt	Full	None
cmhi	Full	None
cmhs	Full	None
cmle	Full	None
cmlt	Full	None
cmtst	Full	None
cneg	Full	Full
cnt	Full	None
crc32b	Full	None
crc32cb	Full	None
crc32ch	Full	None
crc32cw	Full	None
crc32cx	Full	None
crc32h	Full	None
crc32w	Full	None
crc32x	Full	None
csetm	Full	Full
csinc	Full	Full
csinv	Full	Full
csneg	Full	Full
dc	Full	None
dcps1	Full	None
dcps2	Full	None
dcps3	Full	None
dmb	Full	None
drps	Full	None
dsb	Full	None
dup	Full	None
eret	Full	None
ext	Full	None
extr	Full	None
fabd	Full	None
fabs	Full	None
facge	Full	None
facgt	Full	None
fadd	Full	None
faddp	Full	None
fccmp	Full	None
fccmpe	Full	None
fcmeq	Full	None
fcmge	Full	None
fcmgt	Full	None
fcmle	Full	None
fcmlt	Full	None
fcmp	Full	None
fcmpe	Full	None
fcsel	Full	None
fcvt	Full	None
fcvtas	Full	None
fcvtau	Full	None
fcvtl	Full	None
fcvtl2	Full	None
fcvtms	Full	None
fcvtmu	Full	None
fcvtn	Full	None
fcvtn2	Full	None
fcvtns	Full	None
fcvtnu	Full	None
fcvtps	Full	None
fcvtpu	Full	None
fcvtxn	Full	None
fcvtxn2	Full	None
fcvtzs	Full	None
fcvtzu	Full	None
fdiv	Full	None
fmadd	Full	None
fmax	Full	None
fmaxnm	Full	None
fmaxnmp	Full	None
fmaxnmv	Full	None
fmaxp	Full	None
fmaxv	Full	None
fmin	Full	None
fminnm	Full	None
fminnmp	Full	None
fminnmv	Full	None
fminp	Full	None
fminv	Full	None
fmla	Full	None
fmls	Full	None
fmov	Full	None
fmsub	Full	None
fmul	Full	None
fmulx	Full	None
fneg	Full	None
fnmadd	Full	None
fnmsub	Full	None
fnmul	Full	None
frecpe	Full	None
frecps	Full	None
frecpx	Full	None
frinta	Full	None
frinti	Full	None
frintm	Full	None
frintn	Full	None
frintp	Full	None
frintx	Full	None
frintz	Full	None
frsqrte	Full	None
frsqrts	Full	None
fsqrt	Full	None
fsub	Full	None
hint	Full	None
hlt	Full	None
hvc	Full	None
ic	Full	None
ins	Full	None
isb	Full	None
ld1	Full	None
ld1r	Full	None
ld2	Full	None
ld2r	Full	None
ld3	Full	None
ld3r	Full	None
ld4	Full	None
ld4r	Full	None
ldar	Full	Full
ldarb	Full	Full
ldarh	Full	Full
ldaxp	Full	None
ldaxr	Full	Full
ldaxrb	Full	Full
ldaxrh	Full	Full
ldnp	Full	None
ldpsw	Full	None
ldrsw	Full	None
ldtr	Full	None
ldtrb	Full	None
ldtrh	Full	None
ldtrsb	Full	None
ldtrsh	Full	None
ldtrsw	Full	None
ldur	Full	None
ldurb	Full	None
ldurh	Full	None
ldursb	Full	None
ldursh	Full	None
ldursw	Full	None
ldxp	Full	None
ldxr	Full	None
ldxrb	Full	None
ldxrh	Full	None
madd	Full	None
mla	Full	None
mls	Full	None
mneg	Full	None
movi	Full	None
movk	Full	Full
movz	Full	None
mrs	Full	None
msr	Full	None
msub	Full	None
mul	Full	None
mvni	Full	None
negs	Full	None
ngc	Full	None
ngcs	Full	None
orn	Full	None
pmul	Full	None
pmull	Full	None
pmull2	Full	None
prfm	Full	None
prfum	Full	None
raddhn	Full	None
raddhn2	Full	None
rbit	Full	None
rev	Full	None
rev16	Full	None
rev32	Full	None
rev64	Full	None
ror	Full	None
rshrn	Full	None
rshrn2	Full	None
rsubhn	Full	None
rsubhn2	Full	None
saba	Full	None
sabal	Full	None
sabal2	Full	None
sabd	Full	None
sabdl	Full	None
sabdl2	Full	None
sadalp	Full	None
saddl	Full	None
saddl2	Full	None
saddlp	Full	None
saddlv	Full	None
saddw	Full	None
saddw2	Full	None
sbc	Full	None
sbcs	Full	None
sbfiz	Full	None
scvtf	Full	None
sev	Full	None
sevl	Full	None
sha1c	Full	None
sha1h	Full	None
sha1m	Full	None
sha1p	Full	None
sha1su0	Full	None
sha1su1	Full	None
sha256h	Full	None
sha256h2	Full	None
sha256su0	Full	None
sha256su1	Full	None
shadd	Full	None
shl	Full	None
shll	Full	None
shll2	Full	None
shrn	Full	None
shrn2	Full	None
shsub	Full	None
sli	Full	None
smaddl	Full	None
smax	Full	None
smaxp	Full	None
smaxv	Full	None
smc	Full	None
smin	Full	None
sminp	Full	None
sminv	Full	None
smlal	Full	None
smlal2	Full	None
smlsl	Full	None
smlsl2	Full	None
smnegl	Full	None
smov	Full	None
smsubl	Full	None
smulh	Full	None
smull	Full	None
smull2	Full	None
sqabs	Full	None
sqadd	Full	None
sqdmlal	Full	None
sqdmlal2	Full	None
sqdmlsl	Full	None
sqdmlsl2	Full	None
sqdmulh	Full	None
sqdmull	Full	None
sqdmull2	Full	None
sqneg	Full	None
sqrdmulh	Full	None
sqrshl	Full	None
sqrshrn	Full	None
sqrshrn2	Full	None
sqrshrun	Full	None
sqrshrun2	Full	None
sqshl	Full	None
sqshlu	Full	None
sqshrn	Full	None
sqshrn2	Full	None
sqshrun	Full	None
sqshrun2	Full	None
sqsub	Full	None
sqxtn	Full	None
sqxtn2	Full	None
sqxtun	Full	None
sqxtun2	Full	None
srhadd	Full	None
sri	Full	None
srshl	Full	None
srshr	Full	None
srsra	Full	None
sshl	Full	None
sshll	Full	None
sshll2	Full	None
sshr	Full	None
ssra	Full	None
ssubl	Full	None
ssubl2	Full	None
ssubw	Full	None
ssubw2	Full	None
st1	Full	None
st2	Full	None
st3	Full	None
st4	Full	None
stlr	Full	None
stlrb	Full	None
stlrh	Full	None
stlxp	Full	None
stlxr	Full	None
stlxrb	Full	None
stlxrh	Full	None
stnp	Full	None
sttr	Full	None
sttrb	Full	None
sttrh	Full	None
stur	Full	None
sturb	Full	None
sturh	Full	None
stxp	Full	None
stxr	Full	None
stxrb	Full	None
stxrh	Full	None
subs	Full	None
suqadd	Full	None
sys	Full	None
sysl	Full	None
tbl	Full	None
tbx	Full	None
tlbi	Full	None
trn1	Full	None
trn2	Full	None
uaba	Full	None
uabal	Full	None
uabal2	Full	None
uabd	Full	None
uabdl	Full	None
uabdl2	Full	None
uadalp	Full	None
uaddl	Full	None
uaddl2	Full	None
uaddlp	Full	None
uaddlv	Full	None
uaddw	Full	None
uaddw2	Full	None
ubfiz	Full	None
ucvtf	Full	None
uhadd	Full	None
uhsub	Full	None
umaddl	Full	None
umax	Full	None
umaxp	Full	None
umaxv	Full	None
umin	Full	None
uminp	Full	None
uminv	Full	None
umlal	Full	None
umlal2	Full	None
umlsl	Full	None
umlsl2	Full	None
umnegl	Full	None
umov	Full	None
umsubl	Full	None
umulh	Full	None
umull	Full	None
umull2	Full	None
uqadd	Full	None
uqrshl	Full	None
uqrshrn	Full	None
uqrshrn2	Full	None
uqshl	Full	None
uqshrn	Full	None
uqshrn2	Full	None
uqsub	Full	None
uqxtn	Full	None
uqxtn2	Full	None
urecpe	Full	None
urhadd	Full	None
urshl	Full	None
urshr	Full	None
ursqrte	Full	None
ursra	Full	None
ushl	Full	None
ushll	Full	None
ushll2	Full	None
ushr	Full	None
usqadd	Full	None
usra	Full	None
usubl	Full	None
usubl2	Full	None
usubw	Full	None
usubw2	Full	None
uzp1	Full	None
uzp2	Full	None
wfe	Full	None
wfi	Full	None
xtn	Full	None
xtn2	Full	None
yield	Full	None
zip1	Full	None
zip2	Full	None

[plafosse]

@withzombies asks that we prioritize these instructions: movk, ldaxr, stlxr, madd, ccmp, cinc

[withzombies]

I have an arm64 binary where some forms of b are not properly handled.

b.eq and b.vs specifically in one function. I can provide the binary out of band.

[ChrisKader]

I am noticing that ld2 is showing unimplemented.

[galenbwill]

@ChrisKader That is because LD2 is part of the vector SIMD instructions that we do not support lifting of yet. In general, we don't support vector instructions because we do not currently have a way to represent vector operations in our ILs.

https://developer.arm.com/documentation/dui0801/h/A64-SIMD-Vector-Instructions/LD2--vector--multiple-structures-

[ChrisKader]

Thank you for your quick reply @galenbwill

Is it common for BN to only identify a single line entry for instructions that are unimplemented? There are several instances in this binary where the LD2 instruction is used but only one line is tagged. I assume this may be the only like that code resolves to?

[ChrisKader]

Actually it seems that this specific instance of LD2 is using the additional imm/Xm parameter of the LD2 you linked previously.

[galenbwill]

There are several instances in this binary where the LD2 instruction is used but only one line is tagged.

That is probably an effect of the inexact mapping from IL instructions to instructions in the disassembly. This is especially true for HLIL (or in your case, Pseudo-C), where the mapping can be many-to-many: one asm instruction can contribute to multiple HLIL instructions, but one HLIL instruction generally maps to several MLIL, LLIL, and disassembly instructions.