2 * Copyright (c) 2012 The Native Client Authors. All rights reserved.
3 * Use of this source code is governed by a BSD-style license that can be
4 * found in the LICENSE file.
8 * This file contains includes, static functions, and constants that are used
9 * in nc_inst_state.c, but have been factored out and put into this file, so
10 * that we can test them. That is, to allow nc_inst_state.c and
11 * nc_inst_state_Tests.cc to use them.
14 #ifndef NATIVE_CLIENT_SRC_TRUSTED_VALIDATOR_X86_DECODER_NC_INST_STATE_STATICS_C__
15 #define NATIVE_CLIENT_SRC_TRUSTED_VALIDATOR_X86_DECODER_NC_INST_STATE_STATICS_C__
19 #include "native_client/src/shared/platform/nacl_log.h"
20 #include "native_client/src/shared/utils/debugging.h"
21 #include "native_client/src/trusted/validator/x86/decoder/nc_decode_tables.h"
22 #include "native_client/src/trusted/validator/x86/decoder/nc_inst_iter.h"
23 #include "native_client/src/trusted/validator/x86/decoder/nc_inst_state_internal.h"
24 #include "native_client/src/trusted/validator/x86/decoder/nc_inst_trans.h"
25 #include "native_client/src/trusted/validator/x86/decoder/ncop_exps.h"
26 #include "native_client/src/trusted/validator/x86/decoder/ncopcode_desc.h"
27 #include "native_client/src/trusted/validator/x86/nc_segment.h"
29 #include "native_client/src/trusted/validator/x86/ncinstbuffer_inl.c"
30 #include "native_client/src/trusted/validator/x86/x86_insts_inl.c"
34 /* Given the current location of the instruction iterator, initialize
35 * the given state (to match).
37 static void NaClInstStateInit(NaClInstIter* iter, NaClInstState* state) {
39 NCInstBytesInitInline(&state->bytes);
41 state->decoder_tables = iter->decoder_tables;
42 state->inst_addr = iter->index;
43 limit = iter->segment->size - iter->index;
44 if (limit > NACL_MAX_BYTES_PER_X86_INSTRUCTION) {
45 limit = NACL_MAX_BYTES_PER_X86_INSTRUCTION;
47 state->length_limit = (uint8_t) limit;
48 DEBUG(NaClLog(LOG_INFO,
49 "length limit = %"NACL_PRIu8"\n", state->length_limit));
50 state->num_prefix_bytes = 0;
51 state->opcode_prefix = 0;
52 state->num_opcode_bytes = 0;
54 state->num_rex_prefixes = 0;
56 state->has_prefix_duplicates = FALSE;
57 state->has_ambig_segment_prefixes = FALSE;
58 state->has_sib = FALSE;
60 state->num_disp_bytes = 0;
61 state->first_disp_byte = 0;
62 state->num_imm_bytes = 0;
63 state->first_imm_byte = 0;
64 state->num_imm2_bytes = 0;
65 state->prefix_mask = 0;
67 state->nodes.is_defined = FALSE;
68 state->nodes.number_expr_nodes = 0;
69 state->unchanged = FALSE;
72 /* Returns true if data 66 prefix is specified for the instruction,
73 * and the isntruction doesn't ignore the data 66 prefix.
75 #define NACL_PREFIX_INST_DATA66(state) \
76 (NaClHasBit((state)->prefix_mask, kPrefixDATA16) && \
77 (NACL_EMPTY_IFLAGS == \
78 ((state)->inst->flags & NACL_IFLAG(SizeIgnoresData16))))
80 /* Computes the number of bytes defined for operands of the matched
81 * instruction of the given state. Returns 0 if the operand size could
82 * not be computed, due to ambiguities in the prefix bytes.
84 static int NaClExtractOpSize(NaClInstState* state) {
85 if (NaClHasBit(state->inst->flags, NACL_IFLAG(OperandSize_b))) {
88 if (NACL_TARGET_SUBARCH == 64) {
89 if (NaClRexW(state->rexprefix)) {
90 if (NACL_PREFIX_INST_DATA66(state))
91 /* According to the AMD and INTEL manuals, if both prefix 66 and
92 * rex.w is specified, the rex.w should be used. However, rather
93 * than tempt fate, we disallow this combination of prefixes for
94 * any such instruction, since the same effect can be achieved
95 * without the 66 prefix.
100 if (NaClHasBit(state->inst->flags, NACL_IFLAG(OperandSizeForce64))) {
103 if (NACL_PREFIX_INST_DATA66(state))
105 else if (NaClHasBit(state->inst->flags, NACL_IFLAG(OperandSizeDefaultIs64)))
109 } else if (NACL_PREFIX_INST_DATA66(state))
115 /* Computes the number of bits defined for addresses of the matched
116 * instruction of the given state.
118 static int NaClExtractAddressSize(NaClInstState* state) {
119 if (NACL_TARGET_SUBARCH == 64) {
120 return NaClHasBit(state->prefix_mask, kPrefixADDR16) ? 32 : 64;
122 return NaClHasBit(state->prefix_mask, kPrefixADDR16) ? 16 : 32;
126 /* Manual implies only 4 bytes is allowed, but I have found up to 6.
127 * Why don't we allow any number, so long as (1) There is room for
128 * at least one opcode byte, and (2) we don't exceed the max bytes.
130 static const int kNaClMaximumPrefixBytes =
131 NACL_MAX_BYTES_PER_X86_INSTRUCTION - 1;
133 /* Captures ambiguous segment prefix forms. Used to make
134 * detection of multiple prefix segment bytes.
136 static const uint32_t segment_prefix_forms =
137 kPrefixSEGCS | kPrefixSEGSS | kPrefixSEGFS |
138 kPrefixSEGGS | kPrefixSEGES | kPrefixSEGDS;
140 /* Match any prefix bytes that can be associated with the instruction
141 * currently being matched.
143 static Bool NaClConsumePrefixBytes(NaClInstState* state) {
146 uint32_t prefix_form;
147 for (i = 0; i < kNaClMaximumPrefixBytes; ++i) {
148 /* Quit early if no more bytes in segment. */
149 if (state->bytes.length >= state->length_limit) break;
151 /* Look up the corresponding prefix bit associated
152 * with the next byte in the segment, and record it.
154 next_byte = NCRemainingMemoryLookaheadInline(state->bytes.memory,0);
155 prefix_form = state->decoder_tables->prefix_mask[next_byte];
156 if (prefix_form == 0) break;
157 next_byte = NCInstBytesReadInline(&state->bytes);
158 DEBUG(NaClLog(LOG_INFO,
159 "Consume prefix[%d]: %02"NACL_PRIx8" => %"NACL_PRIx32"\n",
160 i, next_byte, prefix_form));
161 /* Before updating prefix mask, determine if the prefix byte is
164 if ((state->prefix_mask & prefix_form)) {
165 state->has_prefix_duplicates = TRUE;
166 DEBUG(NaClLog(LOG_INFO,
167 "duplicate prefix %02"NACL_PRIx8" detected.\n", next_byte));
168 } else if ((prefix_form & segment_prefix_forms) &&
169 (state->prefix_mask & segment_prefix_forms)) {
170 state->has_ambig_segment_prefixes = TRUE;
171 DEBUG(NaClLog(LOG_INFO,
172 "ambiguos segment prefix %02"NACL_PRIx8" detected.\n",
175 state->prefix_mask |= prefix_form;
176 ++state->num_prefix_bytes;
177 DEBUG(NaClLog(LOG_INFO,
178 " prefix mask: %08"NACL_PRIx32"\n", state->prefix_mask));
180 /* If the prefix byte is a REX prefix, record its value, since
181 * bits 5-8 of this prefix bit may be needed later.
183 if ((NACL_TARGET_SUBARCH == 64) && prefix_form == kPrefixREX) {
184 state->rexprefix = next_byte;
185 DEBUG(NaClLog(LOG_INFO,
186 " rexprefix = %02"NACL_PRIx8"\n", state->rexprefix));
187 ++state->num_rex_prefixes;
193 /* Assuming we have matched the byte sequence OF 38, consume the corresponding
194 * following (instruction) opcode byte, returning the most specific prefix the
195 * patterns can match (or NaClInstPrefixEnumSize if no such patterns exist);
197 static void NaClConsume0F38XXNaClInstBytes(NaClInstState* state,
198 NaClInstPrefixDescriptor* desc) {
199 /* Fail if there are no more bytes. Otherwise, read the next
202 if (state->bytes.length >= state->length_limit) {
203 desc->matched_prefix = NaClInstPrefixEnumSize;
207 desc->opcode_byte = NCInstBytesReadInline(&state->bytes);
208 DEBUG(NaClLog(LOG_INFO, "Consume inst byte %02"NACL_PRIx8".\n",
210 if (NaClExcludesBit(state->prefix_mask, kPrefixREP)) {
211 if (NaClHasBit(state->prefix_mask, kPrefixREPNE)) {
212 /* Note: Flag OpcodeAllowsData16 will explicitly clarify
213 * ambigous case of both REP and DATA16 prefixes.
215 desc->matched_prefix = PrefixF20F38;
216 desc->opcode_prefix = kValueREPNE;
217 } else if (NaClHasBit(state->prefix_mask, kPrefixDATA16)) {
218 desc->matched_prefix = Prefix660F38;
219 desc->opcode_prefix = kValueDATA16;
221 desc->matched_prefix = Prefix0F38;
225 /* If reached, can't match special prefixes, fail. */
226 desc->matched_prefix = NaClInstPrefixEnumSize;
229 /* Assuming we have matched the byte sequence OF 3A, consume the corresponding
230 * following (instruction) opcode byte, returning the most specific prefix the
231 * patterns can match (or NaClInstPrefixEnumSize if no such patterns exist).
233 static void NaClConsume0F3AXXNaClInstBytes(NaClInstState* state,
234 NaClInstPrefixDescriptor* desc) {
235 /* Fail if there are no more bytes. Otherwise, read the next
236 * byte and choose appropriate prefix.
238 if (state->bytes.length >= state->length_limit) {
239 desc->matched_prefix = NaClInstPrefixEnumSize;
243 desc->opcode_byte = NCInstBytesReadInline(&state->bytes);
244 DEBUG(NaClLog(LOG_INFO, "Consume inst byte %02"NACL_PRIx8".\n",
246 if (NaClExcludesBit(state->prefix_mask, kPrefixREP) &&
247 NaClExcludesBit(state->prefix_mask, kPrefixREPNE)) {
248 if (NaClHasBit(state->prefix_mask, kPrefixDATA16)) {
249 desc->matched_prefix = Prefix660F3A;
250 desc->opcode_prefix = kValueDATA16;
252 desc->matched_prefix = Prefix0F3A;
256 /* If reached, can't match special prefixes, fail. */
257 desc->matched_prefix = NaClInstPrefixEnumSize;
260 /* Assuming we have matched byte OF, consume the corresponding
261 * following (instruction) opcode byte, returning the most specific
262 * prefix the patterns can match (or NaClInstPrefixEnumSize if no such
265 static void NaClConsume0FXXNaClInstBytes(NaClInstState* state,
266 NaClInstPrefixDescriptor* desc) {
267 if (NaClHasBit(state->prefix_mask, kPrefixREPNE)) {
268 if (NaClExcludesBit(state->prefix_mask, kPrefixREP)) {
269 /* Note: Flag OpcodeAllowsData16 will explicitly clarify
270 * ambigous case of both REPNE and DATA16 prefixes.
272 desc->matched_prefix = PrefixF20F;
273 desc->opcode_prefix = kValueREPNE;
277 if (NaClHasBit(state->prefix_mask, kPrefixREP)) {
278 /* Note: Flag OpcodeAllowsData16 will explicitly clarify
279 * ambigous case of both REP and DATA16 prefixes.
281 desc->matched_prefix = PrefixF30F;
282 desc->opcode_prefix = kValueREP;
283 } else if (NaClHasBit(state->prefix_mask, kPrefixDATA16)) {
284 desc->matched_prefix = Prefix660F;
285 desc->opcode_prefix = kValueDATA16;
287 desc->matched_prefix = Prefix0F;
291 /* If reached, can't match special prefixes, fail. */
292 desc->matched_prefix = NaClInstPrefixEnumSize;
295 /* Consume one of the x87 instructions that begin with D8-Df, and
296 * match the most specific prefix pattern the opcode bytes can match.
298 static void NaClConsumeX87NaClInstBytes(NaClInstState* state,
299 NaClInstPrefixDescriptor* desc) {
300 if (state->bytes.length < state->length_limit) {
301 /* Can be two byte opcode. */
302 desc->matched_prefix =
303 (NaClInstPrefix) (PrefixD8 +
304 (((unsigned) desc->opcode_byte) - 0xD8));
305 desc->opcode_byte = NCInstBytesReadInline(&state->bytes);
306 DEBUG(NaClLog(LOG_INFO, "Consume inst byte %02"NACL_PRIx8".\n",
311 /* If reached, can only be single byte opcode, match as such. */
312 desc->matched_prefix = NoPrefix;
315 /* Consume the opcode bytes, and return the most specific prefix pattern
316 * the opcode bytes can match (or NaClInstPrefixEnumSize if no such pattern
319 static void NaClConsumeInstBytes(NaClInstState* state,
320 NaClInstPrefixDescriptor* desc) {
322 /* Initialize descriptor to the fail state. */
323 desc->opcode_prefix = 0;
324 desc->opcode_byte = 0x0;
325 desc->matched_prefix = NaClInstPrefixEnumSize;
326 desc->next_length_adjustment = 0;
328 /* Be sure that we don't exceed the segment length. */
329 if (state->bytes.length >= state->length_limit) return;
331 desc->opcode_byte = NCInstBytesReadInline(&state->bytes);
332 DEBUG(NaClLog(LOG_INFO, "Consume inst byte %02"NACL_PRIx8".\n",
334 switch (desc->opcode_byte) {
336 if (state->bytes.length >= state->length_limit) return;
337 desc->opcode_byte = NCInstBytesReadInline(&state->bytes);
338 DEBUG(NaClLog(LOG_INFO, "Consume inst byte %02"NACL_PRIx8".\n",
340 switch (desc->opcode_byte) {
342 NaClConsume0F38XXNaClInstBytes(state, desc);
345 NaClConsume0F3AXXNaClInstBytes(state, desc);
348 NaClConsume0FXXNaClInstBytes(state, desc);
360 NaClConsumeX87NaClInstBytes(state, desc);
363 desc->matched_prefix = NoPrefix;
366 DEBUG(NaClLog(LOG_INFO,
367 "matched prefix = %s\n",
368 NaClInstPrefixName(desc->matched_prefix)));
371 /* Compute the operand and address sizes for the instruction. Then, verify
372 * that the opcode (instruction) pattern allows for such sizes. Aborts
373 * the pattern match if any problems.
375 static Bool NaClConsumeAndCheckOperandSize(NaClInstState* state) {
376 /* Get and check that operand size is defined. */
377 state->operand_size = NaClExtractOpSize(state);
378 DEBUG(NaClLog(LOG_INFO,
379 "operand size = %"NACL_PRIu8"\n", state->operand_size));
380 if (0 == state->operand_size) {
381 DEBUG(NaClLog(LOG_INFO,
382 "Fails: operand size is zero.\n"));
386 /* Check if instruction has flags specifying legal sizes. If so,
387 * make sure that the size matches.
389 if (state->inst->flags &
390 (NACL_IFLAG(OperandSize_w) | NACL_IFLAG(OperandSize_v) |
391 NACL_IFLAG(OperandSize_o))) {
393 switch (state->operand_size) {
395 good = NaClHasBit(state->inst->flags, NACL_IFLAG(OperandSize_w));
398 good = NaClHasBit(state->inst->flags, NACL_IFLAG(OperandSize_v));
401 good = NaClHasBit(state->inst->flags, NACL_IFLAG(OperandSize_o));
408 /* The flags associated with the opcode (instruction) don't
409 * allow the computed sizes, abort the match of the instruction.
411 DEBUG(NaClLog(LOG_INFO,
412 "Operand size %"NACL_PRIu8
413 " doesn't match flag requirement!\n",
414 state->operand_size));
418 /* Do special check for case where Rex.w and data 66 specified, and
419 * the data 66 isn't part of the opcode prefix. In such cases, we
420 * disallow both, since they are conflicting operand size specifications.
422 if (NaClRexW(state->rexprefix) &&
423 NaClHasBit(state->prefix_mask, kPrefixDATA16) &&
424 /* The following checks that both 16 and 64 bit operand
427 NaClHasBits(state->inst->flags,
428 NACL_IFLAG(OperandSize_w) |
429 NACL_IFLAG(OperandSize_o)) &&
430 /* This clause allows cases where the 66 prefix changes
431 * the opcode rather than the operand size. Both flags are
432 * set iff the 66 modifies the opcode. See function
433 * NaClAddRepPrefixFlagsIfApplicable in generator/ncdecode_tablegen.c
436 !NaClHasBits(state->inst->flags,
437 NACL_IFLAG(OpcodeAllowsData16) |
438 NACL_IFLAG(SizeIgnoresData16))) {
439 DEBUG(NaClLog(LOG_INFO,
440 "Can't specify both data prefix 66 and Rex.w\n"));
447 static Bool NaClConsumeAndCheckAddressSize(NaClInstState* state) {
448 state->address_size = NaClExtractAddressSize(state);
449 DEBUG(NaClLog(LOG_INFO,
450 "Address size = %"NACL_PRIu8"\n", state->address_size));
451 if (state->inst->flags &
452 (NACL_IFLAG(AddressSize_w) | NACL_IFLAG(AddressSize_v) |
453 NACL_IFLAG(AddressSize_o))) {
455 switch (state->address_size) {
457 good = NaClHasBit(state->inst->flags, NACL_IFLAG(AddressSize_w));
460 good = NaClHasBit(state->inst->flags, NACL_IFLAG(AddressSize_v));
463 good = NaClHasBit(state->inst->flags, NACL_IFLAG(AddressSize_o));
470 /* The flags associated with the opcode (instruction) don't
471 * allow the computed sizes, abort the match of the instruction.
473 DEBUG(NaClLog(LOG_INFO,
474 "Address size %"NACL_PRIu8
475 " doesn't match flag requirement!\n",
476 state->address_size));
483 /* Returns true if the instruction requires a ModRm bytes. */
484 static Bool NaClInstRequiresModRm(NaClInstState* state) {
486 (NACL_EMPTY_IFLAGS !=
487 (state->inst->flags & NACL_IFLAG(OpcodeUsesModRm)));
490 /* Consume the Mod/Rm byte of the instruction, if applicable.
491 * Aborts the pattern match if any problems.
493 static Bool NaClConsumeModRm(NaClInstState* state) {
494 /* First check if the opcode (instruction) pattern specifies that
495 * a Mod/Rm byte is needed, and that reading it will not walk
496 * past the end of the code segment.
498 if (NaClInstRequiresModRm(state)) {
500 /* Has modrm byte. */
501 if (state->bytes.length >= state->length_limit) {
502 DEBUG(NaClLog(LOG_INFO, "Can't read mod/rm, no more bytes!\n"));
505 byte = NCInstBytesPeekInline(&state->bytes, 0);
507 /* Note: Some instructions only allow values where the ModRm mod field
508 * is 0x3. Others only allow values where the ModRm mod field isn't 0x3.
510 if (modrm_modInline(byte) == 0x3) {
511 if (NaClHasBit(state->inst->flags, NACL_IFLAG(ModRmModIsnt0x3))) {
512 DEBUG(NaClLog(LOG_INFO, "Can't match, modrm mod field is 0x3\n"));
516 if (NaClHasBit(state->inst->flags, NACL_IFLAG(ModRmModIs0x3))) {
517 DEBUG(NaClLog(LOG_INFO, "Can't match, modrm mod field not 0x3\n"));
521 if ((NaClHasBit(state->inst->flags, NACL_IFLAG(ModRmRegSOperand))) &&
522 (modrm_regInline(byte) > 5)) {
523 DEBUG(NaClLog(LOG_INFO,
524 "Can't match, modrm reg field doesn't index segment\n"));
527 state->modrm = NCInstBytesReadInline(&state->bytes);
528 state->num_disp_bytes = 0;
529 state->first_disp_byte = 0;
531 state->has_sib = FALSE;
532 DEBUG(NaClLog(LOG_INFO, "consume modrm = %02"NACL_PRIx8"\n", state->modrm));
534 /* Consume the remaining opcode value in the mod/rm byte
537 if (state->inst->flags & NACL_IFLAG(OpcodeInModRm)) {
538 const NaClInst* inst = state->inst;
539 if (modrm_opcodeInline(state->modrm) !=
540 NaClGetOpcodeInModRm(inst->opcode_ext)) {
543 "Discarding, opcode in mrm byte (%02"NACL_PRIx8") "
545 modrm_opcodeInline(state->modrm)));
548 if (state->inst->flags & NACL_IFLAG(OpcodeInModRmRm)) {
549 if (modrm_rmInline(state->modrm) !=
550 NaClGetOpcodeInModRmRm(inst->opcode_ext)) {
551 DEBUG(NaClLog(LOG_INFO,
552 "Discarding, opcode in mrm rm field (%02"NACL_PRIx8") "
554 modrm_rmInline(state->modrm)));
563 /* Returns true if the instruction requires a SIB bytes. */
564 static Bool NaClInstRequiresSib(NaClInstState* state) {
565 /* Note: in 64-bit mode, 64-bit addressing is treated the same as 32-bit
566 * addressing. Hence, required for all but 16-bit addressing, when
567 * the right modrm bytes are specified.
570 (NaClInstRequiresModRm(state) && (16 != state->address_size) &&
571 (modrm_rmInline(state->modrm) ==
572 0x04 && modrm_modInline(state->modrm) != 0x3));
575 /* Consume the SIB byte of the instruction, if applicable. Aborts the pattern
576 * match if any problems are found.
578 static Bool NaClConsumeSib(NaClInstState* state) {
579 /* First check that the opcode (instruction) pattern specifies that
580 * a SIB byte is needed, and that reading it will not walk past
581 * the end of the code segment.
584 state->has_sib = NaClInstRequiresSib(state);
585 DEBUG(NaClLog(LOG_INFO, "has sib = %d\n", (int) state->has_sib));
586 if (state->has_sib) {
587 if (state->bytes.length >= state->length_limit) {
588 DEBUG(NaClLog(LOG_INFO, "Can't consume sib, no more bytes!\n"));
591 /* Read the SIB byte and record. */
592 state->sib = NCInstBytesReadInline(&state->bytes);
593 DEBUG(NaClLog(LOG_INFO, "sib = %02"NACL_PRIx8"\n", state->sib));
594 if (sib_base(state->sib) == 0x05 && modrm_modInline(state->modrm) > 2) {
595 DEBUG(NaClLog(LOG_INFO,
596 "Sib byte implies modrm.mod field <= 2, match fails\n"));
603 static int NaClGetNumDispBytes(NaClInstState* state) {
604 if (NaClInstRequiresModRm(state)) {
605 if (16 == state->address_size) {
606 /* Corresponding to table 2-1 of the Intel manual. */
607 switch (modrm_modInline(state->modrm)) {
609 if (modrm_rmInline(state->modrm) == 0x06) {
610 return 4; /* disp16 */
614 return 1; /* disp8 */
616 return 2; /* disp16 */
621 /* Note: in 64-bit mode, 64-bit addressing is treated the same as 32-bit
622 * addressing. Hence, this section covers the 32-bit addressing.
624 switch(modrm_modInline(state->modrm)) {
626 if (modrm_rmInline(state->modrm) == 0x05) {
627 return 4; /* disp32 */
628 } else if (state->has_sib && sib_base(state->sib) == 0x5) {
633 return 1; /* disp8 */
635 return 4; /* disp32 */
644 /* Consume the needed displacement bytes, if applicable. Abort the
645 * pattern match if any problems are found.
647 static Bool NaClConsumeDispBytes(NaClInstState* state) {
648 /* First check if the opcode (instruction) pattern specifies that
649 * displacement bytes should be read, and that reading it will not
650 * walk past the end of the code segment.
652 state->num_disp_bytes = NaClGetNumDispBytes(state);
653 DEBUG(NaClLog(LOG_INFO,
654 "num disp bytes = %"NACL_PRIu8"\n", state->num_disp_bytes));
655 state->first_disp_byte = state->bytes.length;
656 if (state->num_disp_bytes > 0) {
657 int new_length = state->bytes.length + state->num_disp_bytes;
658 if (new_length > state->length_limit) {
659 DEBUG(NaClLog(LOG_INFO, "Can't consume disp, no more bytes!\n"));
662 /* Read the displacement bytes. */
663 state->first_disp_byte = state->bytes.length;
664 NCInstBytesReadBytesInline(state->num_disp_bytes, &state->bytes);
669 /* Returns the number of immediate bytes to parse. */
670 static int NaClGetNumImmedBytes(NaClInstState* state) {
671 /* First see if immediate bytes is specified. */
672 if (0 == NaClHasBit(state->inst->flags,
673 (NACL_IFLAG(OpcodeHasImmed) |
674 NACL_IFLAG(OpcodeHasImmed_v) |
675 NACL_IFLAG(OpcodeHasImmed_b) |
676 NACL_IFLAG(OpcodeHasImmed_w) |
677 NACL_IFLAG(OpcodeHasImmed_o) |
678 NACL_IFLAG(OpcodeHasImmed_Addr) |
679 NACL_IFLAG(OpcodeHasImmed_z) |
680 NACL_IFLAG(OpcodeHasImmed_p)))) return 0;
682 /* Now handle specific requests. */
683 if (state->inst->flags & NACL_IFLAG(OpcodeHasImmed)) {
684 return state->operand_size;
686 if (state->inst->flags & NACL_IFLAG(OpcodeHasImmed_v)) {
688 } else if (state->inst->flags & NACL_IFLAG(OpcodeHasImmed_b)) {
690 } else if (state->inst->flags & NACL_IFLAG(OpcodeHasImmed_w)) {
692 } else if (state->inst->flags & NACL_IFLAG(OpcodeHasImmed_p)) {
694 } else if (state->inst->flags & NACL_IFLAG(OpcodeHasImmed_o)) {
696 } else if (state->inst->flags & NACL_IFLAG(OpcodeHasImmed_Addr)) {
697 return NaClExtractAddressSize(state) / 8;
698 } else if (state->inst->flags & NACL_IFLAG(OpcodeHasImmed_z)) {
699 if (state->operand_size == 2) {
709 /* Returns the number of immedidate bytes to parse if a second immediate
710 * number appears in the instruction (zero if no second immediate value).
712 static int NaClGetNumImmed2Bytes(NaClInstState* state) {
713 if (state->inst->flags & NACL_IFLAG(OpcodeHasImmed2_b)) {
715 } else if (state->inst->flags & NACL_IFLAG(OpcodeHasImmed2_w)) {
717 } else if (state->inst->flags & NACL_IFLAG(OpcodeHasImmed2_v)) {
724 /* Consume the needed immediate bytes, if applicable. Abort the
725 * pattern match if any problems are found.
727 static Bool NaClConsumeImmediateBytes(NaClInstState* state) {
728 /* find out how many immediate bytes are expected. */
729 state->num_imm_bytes = NaClGetNumImmedBytes(state);
730 DEBUG(NaClLog(LOG_INFO,
731 "num immediate bytes = %"NACL_PRIu8"\n", state->num_imm_bytes));
732 state->first_imm_byte = 0;
733 if (state->num_imm_bytes > 0) {
735 /* Before reading immediate bytes, be sure that we won't walk
736 * past the end of the code segment.
738 new_length = state->bytes.length + state->num_imm_bytes;
739 if (new_length > state->length_limit) {
740 DEBUG(NaClLog(LOG_INFO, "Can't consume immediate, no more bytes!\n"));
743 /* Read the immediate bytes. */
744 state->first_imm_byte = state->bytes.length;
745 NCInstBytesReadBytesInline(state->num_imm_bytes, &state->bytes);
747 /* Before returning, see if second immediate value specified. */
748 state->num_imm2_bytes = NaClGetNumImmed2Bytes(state);
749 DEBUG(NaClLog(LOG_INFO, "num immediate 2 bytes = %"NACL_PRIu8"\n",
750 state->num_imm2_bytes));
751 if (state->num_imm2_bytes > 0) {
753 /* Before reading immediate bytes, be sure that we don't walk
754 * past the end of the code segment.
756 new_length = state->bytes.length + state->num_imm2_bytes;
757 if (new_length > state->length_limit) {
758 DEBUG(NaClLog(LOG_INFO, "Can't consume 2nd immediate, no more bytes!\n"));
761 /* Read the immediate bytes. */
762 NCInstBytesReadBytesInline(state->num_imm2_bytes, &state->bytes);
767 /* Validate that any opcode (instruction) pattern prefix assumptions are
768 * met by prefix bits. If not, abort the pattern match.
770 static Bool NaClValidatePrefixFlags(NaClInstState* state) {
771 /* Check lock prefix assumptions. */
772 if (state->prefix_mask & kPrefixLOCK) {
773 if (state->inst->flags & NACL_IFLAG(OpcodeLockable)) {
774 /* Only allow if all destination operands are memory stores. */
776 Bool has_lockable_dest = FALSE;
777 NaClExpVector* vector = NaClInstStateExpVector(state);
778 DEBUG(NaClLog(LOG_INFO, "checking if lock valid on:\n");
779 NaClExpVectorPrint(NaClLogGetGio(), state));
780 for (i = 0; i < vector->number_expr_nodes; ++i) {
781 NaClExp* node = &vector->node[i];
782 DEBUG(NaClLog(LOG_INFO, " checking node %d\n", i));
783 if ((NACL_EMPTY_EFLAGS != (node->flags & NACL_EFLAG(ExprSet))) &&
784 (node->kind == ExprMemOffset)) {
785 has_lockable_dest = TRUE;
789 if (!has_lockable_dest) {
790 DEBUG(NaClLog(LOG_INFO, "Instruction doesn't allow lock prefix "
791 "on non-memory destination"));
795 DEBUG(NaClLog(LOG_INFO, "Instruction doesn't allow lock prefix\n"));
799 /* Check REX prefix assumptions. */
800 if (NACL_TARGET_SUBARCH == 64 &&
801 (state->prefix_mask & kPrefixREX)) {
802 if (state->inst->flags &
803 (NACL_IFLAG(OpcodeUsesRexW) | NACL_IFLAG(OpcodeHasRexR) |
804 NACL_IFLAG(OpcodeRex))) {
805 if (((state->inst->flags & NACL_IFLAG(OpcodeUsesRexW)) &&
806 0 == (state->rexprefix & 0x8)) ||
807 ((state->inst->flags & NACL_IFLAG(OpcodeHasRexR)) &&
808 0 == (state->rexprefix & 0x4))) {
809 DEBUG(NaClLog(LOG_INFO, "can't match REX prefix requirement\n"));
817 /* Move back to point just after the prefix sequence (defined by
820 static void NaClClearInstState(NaClInstState* state, uint8_t inst_length) {
821 if (state->bytes.length != inst_length) {
822 NCInstBytesResetInline(&state->bytes);
823 NCInstBytesReadBytesInline(inst_length, &state->bytes);
826 state->has_sib = FALSE;
828 state->num_disp_bytes = 0;
829 state->first_disp_byte = 0;
830 state->num_imm_bytes = 0;
831 state->first_imm_byte = 0;
832 state->num_imm2_bytes = 0;
833 state->operand_size = 32;
834 state->address_size = 32;
835 state->nodes.is_defined = FALSE;
836 state->nodes.number_expr_nodes = 0;
839 /* Move back to the beginning of the instruction, so that we can reparse. */
840 static void NaClResetInstState(NaClInstState* state) {
841 if (state->bytes.length > 0) {
842 NCInstBytesResetInline(&state->bytes);
844 state->num_prefix_bytes = 0;
845 state->opcode_prefix = 0;
846 state->num_opcode_bytes = 0;
847 state->rexprefix = 0;
848 state->num_rex_prefixes = 0;
850 state->has_prefix_duplicates = FALSE;
851 state->has_ambig_segment_prefixes = FALSE;
852 state->has_sib = FALSE;
854 state->num_disp_bytes = 0;
855 state->first_disp_byte = 0;
856 state->num_imm_bytes = 0;
857 state->first_imm_byte = 0;
858 state->num_imm2_bytes = 0;
859 state->prefix_mask = 0;
861 state->nodes.is_defined = FALSE;
862 state->nodes.number_expr_nodes = 0;
865 /* Get the corresponding instruction for the given offset. */
866 static const NaClInst* NaClGetOpcodeInst(const NaClDecodeTables *tables,
867 NaClOpcodeArrayOffset offset) {
868 return (NACL_OPCODE_NULL_OFFSET == offset)
870 : &tables->opcodes_table[offset];
873 /* Get the corresponding instruction for the given prefix and opcode. */
874 static const NaClInst* NaClGetPrefixOpcodeInst(const NaClDecodeTables *tables,
875 NaClInstPrefix prefix,
877 const NaClPrefixOpcodeSelector* selector = &tables->opcode_selectors[prefix];
878 if ((opcode >= selector->first_opcode) &&
879 (opcode <= selector->last_opcode)) {
880 return NaClGetOpcodeInst(
882 tables->opcode_entries[
883 selector->table_offset + (opcode - selector->first_opcode)]);
889 * Given the opcode prefix descriptor, return the list of candidate opcodes to
890 * try and match against the byte stream in the given state. Before returning,
891 * this function automatically advances the opcode prefix descriptor to describe
892 * the next list to use if the returned list doesn't provide any matches.
895 * state - The state of the instruction being decoded.
896 * desc - The description of how the opcode bytes have been matched.
897 * The value passed in is the currrent match, the value at exit is
898 * the value to be used the next time this function is called (to
899 * get the next set of possible instructions).
900 * opcode_length - The length (in bytes) of the opcode for the returned
903 static const NaClInst* NaClGetNextInstCandidates(
904 NaClInstState* state, NaClInstPrefixDescriptor* desc,
905 uint8_t* inst_length) {
906 const NaClInst* cand_insts;
907 if (desc->next_length_adjustment) {
908 (*inst_length) += desc->next_length_adjustment;
909 desc->opcode_byte = state->bytes.byte[*inst_length - 1];
911 cand_insts = NaClGetPrefixOpcodeInst(state->decoder_tables,
912 desc->matched_prefix,
914 DEBUG(NaClLog(LOG_INFO, "Lookup candidates using [%s][%x]\n",
915 NaClInstPrefixName(desc->matched_prefix), desc->opcode_byte));
916 switch (desc->matched_prefix) {
918 desc->matched_prefix = Prefix0F;
919 desc->opcode_prefix = 0;
922 desc->matched_prefix = Prefix0F38;
923 desc->opcode_prefix = 0;
926 desc->matched_prefix = Prefix0F3A;
927 desc->opcode_prefix = 0;
937 desc->matched_prefix = NoPrefix;
938 desc->next_length_adjustment = -1;
941 /* No more simplier prefices, give up search after current lookup. */
942 desc->matched_prefix = NaClInstPrefixEnumSize;
948 static Bool NaClConsumeHardCodedNop(NaClInstState* state) {
950 const NaClInstNode* next;
951 uint8_t next_length = 0;
952 const NaClInst* matching_inst = NULL;
953 uint8_t matching_length = 0;
955 next_byte = NCInstByteInline(&state->bytes, next_length);
956 next = state->decoder_tables->hard_coded;
958 /* Find maximal match in trie. */
959 while (NULL != next) {
960 if (next_byte == next->matching_byte) {
961 DEBUG(NaClLog(LOG_INFO,
962 "NaClConsume opcode char: %"NACL_PRIx8"\n", next_byte));
964 if (NACL_OPCODE_NULL_OFFSET != next->matching_inst) {
965 matching_inst = NaClGetOpcodeInst(state->decoder_tables,
966 next->matching_inst);
967 matching_length = next_length;
969 if (next_length < state->length_limit) {
970 next = next->success;
972 next_byte = NCInstByteInline(&state->bytes, next_length);
977 } else if (next->matching_byte < next_byte) {
983 if (NULL == matching_inst) {
986 /* TODO(karl) Make this more general. Currently assumes that no
987 * additional processing (other than opcode selection) is needed.
988 * This is currently safe only because all instructions modeled
989 * using opcode sequences have no (useful) operands, and hence
990 * no additional information is needed.
992 NaClResetInstState(state);
993 state->inst = matching_inst;
994 NCInstBytesReadBytesInline(matching_length, &state->bytes);
995 DEBUG(NaClLog(LOG_INFO, "matched inst sequence [%d]!\n", matching_length));
1002 #endif /* NATIVE_CLIENT_SRC_TRUSTED_VALIDATOR_X86_DECODER_NC_INST_STATE_STATICS_C__ */