Getting the exact registers in ARM 32-bit

[spencerwuwu]

Hello VEX developers,

I am running into a problem when symbolic executing the _Z18linear_interpolatefffff function in this attached binary.

In short the instruction I want to execute is

vcmpe.f32 s3, s4

However, in VEX I saw that it is not getting s3 and s4 but registers 140 and d2 instead.

   13 | t45 = GET:F32(140)
   14 | t44 = F32toF64(t45)
   15 | t47 = GET:F32(d2)
   16 | t46 = F32toF64(t47)

This resulted in uninitialized registers when symbolic executing in angr, although I had assigned values in s3 and s4.

Are there any options that I should set to make VEX use the ideal registers? Or is it a bug that can be fixed?

---

To reproduce, I created an angr project, built an CFG, and obtained the entry function node with the following lines:

proj = angr.Project("CubeBlack_AP_Math.cpp.0.o", load_options={"auto_load_libs": False})
cfg = proj.analyses.CFGFast()
node = cfg.model.get_node(proj.loader.find_symbol("_Z18linear_interpolatefffff").rebased_addr)

Then I printed the instructions and VEX of this node with node.block.pp()and node.block.vex.pp() to get the contents.

Thank you, Wei-Cheng

[rhelmot]

Hi! So there are two things that are wrong here, one of which is a bug and one of which you need to fix.

• From what I can tell (and more importantly, according to how angr is configured), the single-precision fp registers on arm are only available on the cortex-m processor, so you need to load the project with the cortex-m architecture: proj = angr.Project("file", arch='arm cortex-m', auto_load_libs=False)
• There was a bug where these registers where it still wouldn't show up correctly. I've just fixed it, but you'll need the latest archinfo from github in order to see the changes.

[spencerwuwu]

Hi Audrey, Thank you for the quick response and the explanation. The solution works perfectly!