Provide initial definition for __remill_sync_hyper_call#611
Provide initial definition for __remill_sync_hyper_call#611
__remill_sync_hyper_call#611Conversation
|
This is incomplete, I just wanted to ask some questions and check that this approach is looking ok. The example that we looked at that had a |
lib/Arch/Runtime/HyperCall.cpp
Outdated
| asm volatile("wbinvd" :); | ||
| break; | ||
|
|
||
| // TODO(alex): There doesn't seem to be a way to figure out what what value |
There was a problem hiding this comment.
@pgoodman Do you know the reason behind this?
There was a problem hiding this comment.
I am not sure. I'd have to look at the arch docs to see how this instruction works.
There was a problem hiding this comment.
This one doesn't map to an instruction. It just gets as part of other instructions that eventually write to a segment register. What I don't understand is that the State structure has these segment registers.
Here's an instruction where it uses the hyper call:
https://github.com/lifting-bits/remill/blob/master/lib/Arch/X86/Semantics/POP.cpp#L163-L171
And here are the segment registers:
https://github.com/lifting-bits/remill/blob/master/include/remill/Arch/X86/Runtime/State.h#L463-L476
There are also some other registers called es_base, ss_base, etc. These ones actually get written to in some of the semantic functions:
https://github.com/lifting-bits/remill/blob/master/include/remill/Arch/X86/Runtime/State.h#L672-L685
https://github.com/lifting-bits/remill/blob/master/lib/Arch/X86/Semantics/CALL_RET.cpp#L26
I'm not sure what the distinction between the base and non-base variants is because the segment registers are also meant to hold the "base" address of the segment.
There was a problem hiding this comment.
From my memory, base address of the segment is "hidden." For practical purposes, we need to know it, though, as that hidden base is used in calculations what involve implicit or explicit segment register use.
WritePtr<addr_t>(next_sp _IF_32BIT(REG_SS_BASE))That WritePtr is sort of a fancy cast, and conditional use of ss_base is saying "maybe displace by ss_base, i.e. next_sp + ss_base, so it's actually read in this instance.
I think I'd need to see the instructions that you're working with to put the picture together and contextualize this a bit more.
There was a problem hiding this comment.
I think I'd need to see the instructions that you're working with to put the picture together and contextualize this a bit more.
I'm not seeing these lifted in an example, I'm just going through each hyper call type and trying to implement it.
lib/Arch/Runtime/HyperCall.cpp
Outdated
| asm volatile("wbinvd" :); | ||
| break; | ||
|
|
||
| // TODO(alex): There doesn't seem to be a way to figure out what what value |
There was a problem hiding this comment.
I am not sure. I'd have to look at the arch docs to see how this instruction works.
|
I'm trying to figure out what this is doing: https://github.com/lifting-bits/remill/blob/master/cmake/BCCompiler.cmake#L168 It looks like I'll have to add something to here to compile the runtimes for the architecture they're for. At the moment, the inline assembly for non-x86 architectures doesn't work for this reason. |
|
@tetsuo-cpp that looks like a tricky issue to solve, especially with Apple Clang. That used to be a viable target. Over time, I've tried to add a few things to |
tetsuo-cpp
force-pushed
the
alex/x86-sync-hyper-call
branch
from
d06e9a1 to
fcd24b2
Compare
tetsuo-cpp
changed the title
__remill_sync_hyper_call__remill_sync_hyper_call
|
Ok, my approach has changed significantly since last time. In order to implement some of these hyper calls ( In order to do this, I now have to cross-compile this part of the runtime. Because I'm cross-compiling, I now don't have access to standard library headers which is why there's a lot of code under If we agree, I'd prefer to not be exhaustive with the hyper calls right now. If there are more that I could realistically handle, I'd like to follow up with extra PRs for those, since this PR already contains a lot of machinery to even get us to the starting blocks. |
|
Seems like I'll need to bring But the general approach will stay the same. |
|
|
|
Something is wrong with the |
tetsuo-cpp
force-pushed
the
alex/x86-sync-hyper-call
branch
from
460171f to
35a9723
Compare
lib/Arch/Runtime/HyperCall.cpp
Outdated
|
|
||
| #endif | ||
|
|
||
| default: break; |
There was a problem hiding this comment.
Unfortunately, I can't abort here anymore since I don't have access to the standard library.
There was a problem hiding this comment.
__builtin_unreachable();?
|
I agree about moving some stuff to a future PR. I think that you've rightly found that the pre-existing hypercall mechanism isn't flexible enough, and that where added flexibility is needed, new hyper call intrinsics should be introduced. You've done this, e.g. with setting segment registers, but then they are being called inside |
2 participants
This PR is providing an initial implementation of
__remill_sync_hyper_call. I'm aiming to handle what I can and, for anything that isn't feasible, calling into a more specific intrinsic like__remill_x86_some_intrinsic_func.This is to reduce the number of state escapes that happen when lifting challenges.