x86: disallow BT with memory operands

jasmin-lang / jasmin

Language for high-assurance and high-speed cryptography

MIT License

271 stars 55 forks source link

x86: disallow BT with memory operands #948

Closed vbgl closed 3 weeks ago

vbgl commented 1 month ago

Fixes #931.

bgregoir commented 3 weeks ago

This problem is not in the printing of the instruction ? "In 64-bit mode, the instruction’s default operation size is 32 bits. Using a REX prefix in the form of REX.R permits access to additional registers (R8-R15). Using a REX prefix in the form of REX.W promotes operation to 64 bit operands. See the summary chart at the beginning of this section for encoding data and limits." I think the documentation of this instruction with memory operand is anyway hard to understand.

vbgl commented 3 weeks ago

No, the problem is not in printing. The problem is in the semantics.

If you run (pseudo-code):

x := 137
cf := BT(p, x)

this will set cf to the value of the bit at position 137 after p. This instruction can read a bit very far away from the given address.