1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-10-26 16:12:33 +00:00
Commit graph

123 commits

Author SHA1 Message Date
Nico Weber
4b5cfce6b1 UserspaceEmulator: Emulate two FPU instructions! 2020-08-30 19:48:59 +02:00
Nico Weber
f8084cc083 UserspaceEmulator: Remove some silly semicolons 2020-08-11 21:04:38 +02:00
Andreas Kling
c6ee6c0b42 UserspaceEmulator: Log unimplemented instructions with proper backtrace 2020-08-11 20:29:14 +02:00
Andreas Kling
5ba2022b8e UserspaceEmulator: Result is initialized after OR with all-1 immediate
When compiling with "-Os", GCC produces the following pattern for
atomic decrement (which is used by our RefCounted template):

    or eax, -1
    lock xadd [destination], eax

Since or-ing with -1 will always produce the same output (-1), we can
mark the result of these operations as initialized. This stops us from
complaining about false positives when running the shell in UE. :^)
2020-08-07 15:41:53 +02:00
Andreas Kling
c7e4c0734b UserspaceEmulator: Use a report() function instead of dbgprintf()
Ultimately we'll want to make it a bit easier to add more reporting.
This at least makes it easier to redirect the logging.
2020-07-31 20:56:48 +02:00
Nico Weber
8593bdb711 LibX86: Disassemble most remaining FPU instructions
Some of the remaining instructions have different behavior for
register and non-register ops.  Since we already have the
two-level flags tables, model this by setting all handlers in
the two-level table to the register op handler, while the
first-level flags table stores the action for the non-reg handler.
2020-07-30 16:53:33 +02:00
Nico Weber
c99a3efc5b LibX86: Disassemble most FPU instructions starting with D9
Some of these don't just use the REG bits of the mod/rm byte
as slashes, but also the R/M bits to have up to 9 different
instructions per opcode/slash combination (1 opcode requires
that MOD is != 11, the other 8 have MODE == 11).

This is done by making the slashes table two levels deep for
these cases.

Some of this is cosmetic (e.g "FST st0" has no effect already,
but its bit pattern gets disassembled as "FNOP"), but for
most uses it isn't.

FSTENV and FSTCW have an extraordinary 0x9b prefix. This is
not yet handled in this patch.
2020-07-28 18:55:29 +02:00
Andreas Kling
31b94114c0 UserspaceEmulator: Recognize xor/sub zeroing idioms and don't taint
"xor reg,reg" or "sub reg,reg" both zero out the register, which means
we know for sure the result is 0. So mark the value as initialized,
and make sure we don't taint the CPU flags.

This removes some false positives from the uninitialized memory use
detection mechanism.

Fixes #2850.
2020-07-27 13:20:23 +02:00
Nico Weber
f6db97b8a9 LibX86: Support disassembling a few FPU opcodes better 2020-07-26 11:29:03 +02:00
Andreas Kling
9fc00d5d12 UserspaceEmulator: XLAT BX should not check full EBX shadow bits
Thanks to Rick van Schijndel for pointing this out. :^)
2020-07-22 00:07:15 +02:00
Andreas Kling
9c155c8f35 UserspaceEmulator: Tweak some output strings 2020-07-21 23:35:09 +02:00
Andreas Kling
a819c35904 UserspaceEmulator: Include flag taint state in dump output 2020-07-21 19:21:52 +02:00
Andreas Kling
5c29f4e326 UserspaceEmulator: Add a newline before uninitialized op warnings 2020-07-21 19:08:01 +02:00
Andreas Kling
d1dd5013ea UserspaceEmulator: Remove unnecessary local getpid() caches
Now that LibC caches this for us, we can stop worrying.
2020-07-21 19:08:01 +02:00
Andreas Kling
e634fe6072 UserspaceEmulator: Warn on conditional op with uninitialized dependency
We now track whether the flags register is tainted by the use of one or
more uninitialized values in a computation.

For now, the state is binary; the flags are either tainted or not.
We could be more precise about this and only taint the specific flags
that get updated by each instruction, but I think this will already get
us 99% of the results we want. :^)
2020-07-21 16:40:09 +02:00
Andreas Kling
48eec58bdc UserspaceEmulator: Flush stdout in SoftCPU::dump()
This makes the CPU dump output interleave correctly with instructions.
2020-07-21 16:38:39 +02:00
Andreas Kling
6c8a0e8c56 UserspaceEmulator: Mark all registers as initialized from boot
Since we zero out all the register values, let's also mark them all
as fully initialized.
2020-07-21 16:35:23 +02:00
Andreas Kling
be5f42adea UserspaceEmulator+LibX86: Start tracking uninitialized memory :^)
This patch introduces the concept of shadow bits. For every byte of
memory there is a corresponding shadow byte that contains metadata
about that memory.

Initially, the only metadata is whether the byte has been initialized
or not. That's represented by the least significant shadow bit.

Shadow bits travel together with regular values throughout the entire
CPU and MMU emulation. There are two main helper classes to facilitate
this: ValueWithShadow and ValueAndShadowReference.

ValueWithShadow<T> is basically a struct { T value; T shadow; } whereas
ValueAndShadowReference<T> is struct { T& value; T& shadow; }.

The latter is used as a wrapper around general-purpose registers, since
they can't use the plain ValueWithShadow memory as we need to be able
to address individual 8-bit and 16-bit subregisters (EAX, AX, AL, AH.)

Whenever a computation is made using uninitialized inputs, the result
is tainted and becomes uninitialized as well. This allows us to track
this state as it propagates throughout memory and registers.

This patch doesn't yet keep track of tainted flags, that will be an
important upcoming improvement to this.

I'm sure I've messed up some things here and there, but it seems to
basically work, so we have a place to start! :^)
2020-07-21 02:37:29 +02:00
Andreas Kling
e4b068aec5 UserspaceEmulator: Fix buggy IDIV instructions
These were not doing mashing together the signed double-size results
correctly and lost bits in the signed/unsigned casting process.
2020-07-18 17:57:40 +02:00
Andreas Kling
9e6d002660 UserspaceEmulator: Fix buggy IMUL instructions
These were not recording the higher part of the result correctly.
Since the flags are much less complicated than the inline assembly
here, just implement IMUL in C++ instead.
2020-07-18 17:57:40 +02:00
Andreas Kling
02882d5345 UserspaceEmulator: Add single-operand MUL and DIV instructions
These are the unsigned variants. Signed variants sold separately.
2020-07-18 17:57:40 +02:00
Andreas Kling
30d512144e UserspaceEmulator: Implement the BSF and BSF instructions
BSF maps nicely to __builtin_ctz(), but for BSR we have to bust out
some inline assembly to get exactly what we want.
2020-07-18 17:57:40 +02:00
Andreas Kling
becbf36711 UserspaceEmulator: Fix XCHG_AX_reg16 overwriting entire EAX
This instruction should only write to the lower 16 bits (AX)
2020-07-18 00:25:02 +02:00
Andreas Kling
8959f9950a UserspaceEmulator: Simplify the STOSB/STOSW/STOSD instructions 2020-07-18 00:25:02 +02:00
Andreas Kling
79290696cf UserspaceEmulator: Simplify MOVSB/MOVSW/MOVSD instructions
Use the new loop instruction helpers.
2020-07-18 00:25:02 +02:00
Andreas Kling
f70f530722 UserspaceEmulator: Implement the SCASB/SCASW/SCASD instructions 2020-07-18 00:25:02 +02:00
Andreas Kling
41bbedc41d UserspaceEmulator: Implement the LODSB/LODSW/LODSD instructions
Look how nice they look with the new loop instruction helpers. :^)
2020-07-18 00:25:02 +02:00
Andreas Kling
c3441719ea UserspaceEmulator: Implement the JCXZ instruction 2020-07-18 00:25:02 +02:00
Andreas Kling
d321dc0a74 UserspaceEmulator: Fix too-wide accumulator used in 8/16 bit CMPXCHG 2020-07-18 00:25:02 +02:00
Andreas Kling
485d1faf09 UserspaceEmulator: Add helpers for making loop instructions generic
Use them to implement CMPSB/CMPSW/CMPSD.
2020-07-18 00:25:02 +02:00
Andreas Kling
28b6ba56aa UserspaceEmulator: Add the LOOP/LOOPZ/LOOPNZ instructions 2020-07-18 00:25:02 +02:00
Andreas Kling
af7a1eca0b UserspaceEmulator: Implement the XLAT instruction :^) 2020-07-18 00:25:02 +02:00
Andreas Kling
86a7820ad7 UserspaceEmulator: Add 16-bit PUSH/POP instructions 2020-07-18 00:25:02 +02:00
Andreas Kling
d153fbf44e UserspaceEmulator: Implement the BT/BTS/BTR/BTC instruction set 2020-07-18 00:25:02 +02:00
Andreas Kling
06669f3f0f UserspaceEmulator: Implement IMUL_RM8 and IMUL_RM32
These are both a little tricky since they produce a result wider than
the inputs.
2020-07-18 00:25:02 +02:00
Andreas Kling
9f1221c785 UserspaceEmulator: Implement the ROL/ROR/RCL/RCR instructions 2020-07-16 19:21:45 +02:00
Andreas Kling
897af8b4f7 UserspaceEmulator: Implement more SHLD/SHRD variants 2020-07-16 19:21:45 +02:00
Andreas Kling
db1929e3ff UserspaceEmulator: Make the shift/rotate instructions more generic 2020-07-16 19:21:45 +02:00
Andreas Kling
acfae91032 UserspaceEmulator: Fix incorrect SALC behavior
As @tzoz pointed out, SALC should set AL to 0xff when CF=1, not 0x01.

Fixes #2819.
2020-07-16 00:50:55 +02:00
Andreas Kling
c314292319 UserspaceEmulator: Catch use-after-frees by tracking malloc/free :^)
This patch introduces a "MallocTracer" to the UserspaceEmulator.
If this object is present on the Emulator, it can be notified whenever
the emulated program does a malloc() or free().

The notifications come in via a magic instruction sequence that we
embed in the LibC malloc() and free() functions. The sequence is:

    "salc x2, push reg32 x2, pop reg32 x3"

The data about the malloc/free operation is in the three pushes.
We make sure the sequence is harmless when running natively.

Memory accesses on MmapRegion are then audited to see if they fall
inside a known-to-be-freed malloc chunk. If so, we complain loud
and red in the debugger output. :^)

This is very, very cool! :^)

It's also a whole lot slower than before, since now we're auditing
memory accesses against a new set of metadata. This will need to be
optimized (and running in this mode should be opt-in, perhaps even
a separate program, etc.)
2020-07-15 23:25:20 +02:00
Andreas Kling
feebe3f42e UserspaceEmulator: Add partial support for the SHLD/SHRD instructions
We don't support all the addressing modes yet, but it won't be very
hard to add the rest of them when needed.
2020-07-15 18:47:45 +02:00
Andreas Kling
0ce4d3e942 UserspaceEmulator: Dump backtrace on FPU instruction 2020-07-15 18:47:45 +02:00
Andreas Kling
76b2a2789b UserspaceEmulator: Implement MUL_RM32 2020-07-15 18:47:45 +02:00
Andreas Kling
029fe56d69 UserspaceEmulator: Implement the 32-bit BSWAP instruction :^) 2020-07-15 18:47:45 +02:00
Andreas Kling
0781868092 UserspaceEmulator: Implement IDIV_RM32 2020-07-15 13:42:15 +02:00
Andreas Kling
400a252720 UserspaceEmulator: Implement the CBW/CDQ/CWD/CWDE instructions 2020-07-15 13:42:15 +02:00
Andreas Kling
6a926a8c61 LibX86+UserspaceEmulator: Don't store a32 in MemoryOrRegisterReference
The a32 bit tells us whether a memory address is 32-bit or not.
We already have this information in Instruction, so just plumb that
around instead of double-caching the bit.
2020-07-15 13:42:15 +02:00
Andreas Kling
f608b9d89a UserspaceEmulator: Mark some generic instructions ALWAYS_INLINE :^) 2020-07-13 20:47:45 +02:00
Andreas Kling
2f81c20002 UserspaceEmulator: Move the SoftCPU stream virtuals to the header
They don't actually get inlined yet, but at least this devirtualizes
them which is nice.
2020-07-13 20:41:48 +02:00
Andreas Kling
a27473cbc2 UserspaceEmulator+LibX86: Turn on -O3 optimization for emulation code
Since this code is performance-sensitive, let's have the compiler do
whatever it can to help us with the most important files.

This yields a ~8% speedup.
2020-07-13 20:23:00 +02:00