search

capstone-engine / capstone

Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, LoongArch, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.
http://www.capstone-engine.org
7.18k stars 1.52k forks source link

Incorrect reg_access in some AArch64 instructions #2385

Open Kashio opened 3 weeks ago

Kashio commented 3 weeks ago

Work environment

Questions Answers
OS/arch/bits Windows x64
Architecture armv8.
Source of Capstone git clone, brew, pip, release binaries etc.
Version/git commit v5.0.1

Instruction bytes giving faulty results

0x1f, 0x00, 0x01, 0xeb

Expected results

It should be:

([219], [4])

Steps to get the wrong result

With Python

CODE = b"\x1f\x00\x01\xeb"

md = Cs(CS_ARCH_ARM64, CS_MODE_ARM)
md.detail = True
for insn in md.disasm(CODE, 0x1000):
  inst.regs_access() # Prints ([219], [4, 218])

Additional Logs, screenshots, source code, configuration dump, ...

As far as I know and looking a the pseudo code for the instruction, the first source operand here x0 shouldn't be modified and reg_access reports it as being written to. I see this behaviour with more instructions like cmn etc..