analysis_mips_cs.c File Reference

#include <rz_asm.h>
#include <rz_lib.h>
#include <capstone/capstone.h>
#include <capstone/mips.h>

Go to the source code of this file.

Macros
#define	OPERAND(x)   insn->detail->mips.operands[x]
#define	REGID(x)   insn->detail->mips.operands[x].reg
#define	REG(x)   cs_reg_name(*handle, insn->detail->mips.operands[x].reg)
#define	IMM(x)   insn->detail->mips.operands[x].imm
#define	MEMBASE(x)   cs_reg_name(*handle, insn->detail->mips.operands[x].mem.base)
#define	MEMINDEX(x)   insn->detail->mips.operands[x].mem.index
#define	MEMDISP(x)   insn->detail->mips.operands[x].mem.disp
#define	OPCOUNT()   insn->detail->mips.op_count
#define	SET_VAL(op, i)
#define	CREATE_SRC_DST_3(op)
#define	CREATE_SRC_DST_2(op)
#define	SET_SRC_DST_3_REGS(op)
#define	SET_SRC_DST_3_IMM(op)
#define	SET_SRC_DST_2_REGS(op)
#define	SET_SRC_DST_3_REG_OR_IMM(op)
#define	ES_IS_NEGATIVE(arg)   "1," arg ",<<<,1,&"
#define	ES_CALL_DR(ra, addr)   "pc,4,+," ra ",=," ES_J(addr)
#define	ES_CALL_D(addr)   ES_CALL_DR("ra", addr)
#define	ES_CALL_NDR(ra, addr)   "pc," ra ",=," ES_J(addr)
#define	ES_CALL_ND(addr)   ES_CALL_NDR("ra", addr)
#define	USE_DS   0
#define	ES_TRAP_DS()   ""
#define	ES_J(addr)   addr ",pc,="
#define	ES_B(x)   "0xff," x ",&"
#define	ES_H(x)   "0xffff," x ",&"
#define	ES_W(x)   "0xffffffff," x ",&"
#define	ES_SIGN32_64(arg)   es_sign_n_64(a, op, arg, 32)
#define	ES_SIGN16_64(arg)   es_sign_n_64(a, op, arg, 16)
#define	ES_ADD_CK32_OVERF(x, y, z)   es_add_ck(op, x, y, z, 32)
#define	ES_ADD_CK64_OVERF(x, y, z)   es_add_ck(op, x, y, z, 64)
#define	PROTECT_ZERO()
#define	ESIL_LOAD(size)
#define	ARG(x)   (*str[x] != 0) ? str[x] : arg(handle, insn, str[x], x)
#define	KW(d, ds, m, ms)   rz_list_append(l, rz_search_keyword_new((const ut8 *)d, ds, (const ut8 *)m, ms, NULL))

Functions
static void	es_sign_n_64 (RzAnalysis *a, RzAnalysisOp *op, const char *arg, int bit)
static void	es_add_ck (RzAnalysisOp *op, const char *a1, const char *a2, const char *re, int bit)
static void	opex (RzStrBuf *buf, csh handle, cs_insn *insn)
static const char *	arg (csh *handle, cs_insn *insn, char *buf, int n)
static int	analop_esil (RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *buf, int len, csh *handle, cs_insn *insn)
static int	parse_reg_name (RzRegItem *reg, csh handle, cs_insn *insn, int reg_num)
static void	op_fillval (RzAnalysis *analysis, RzAnalysisOp *op, csh *handle, cs_insn *insn)
static void	set_opdir (RzAnalysisOp *op)
static int	analop (RzAnalysis *analysis, RzAnalysisOp *op, ut64 addr, const ut8 *buf, int len, RzAnalysisOpMask mask)
static char *	get_reg_profile (RzAnalysis *analysis)
static int	archinfo (RzAnalysis *analysis, int q)
static RzList *	analysis_preludes (RzAnalysis *analysis)

Variables
static ut64	t9_pre = UT64_MAX
RzAnalysisPlugin	rz_analysis_plugin_mips_cs
RZ_API RzLibStruct	rizin_plugin

Macro Definition Documentation

ARG

#define ARG

(

x

)

(*str[x] != 0) ? str[x] : arg(handle, insn, str[x], x)

Definition at line 201 of file analysis_mips_cs.c.

CREATE_SRC_DST_2

#define CREATE_SRC_DST_2

(

op

)

Value:

    (op)->src[0] = rz_analysis_value_new(); \
    (op)->dst = rz_analysis_value_new();

Definition at line 32 of file analysis_mips_cs.c.

CREATE_SRC_DST_3

#define CREATE_SRC_DST_3

(

op

)

Value:

    (op)->src[0] = rz_analysis_value_new(); \
    (op)->src[1] = rz_analysis_value_new(); \
    (op)->dst = rz_analysis_value_new();

Definition at line 27 of file analysis_mips_cs.c.

ES_ADD_CK32_OVERF

#define ES_ADD_CK32_OVERF	(		x,
			y,
			z
	)		es_add_ck(op, x, y, z, 32)

Definition at line 98 of file analysis_mips_cs.c.

ES_ADD_CK64_OVERF

#define ES_ADD_CK64_OVERF	(		x,
			y,
			z
	)		es_add_ck(op, x, y, z, 64)

Definition at line 99 of file analysis_mips_cs.c.

ES_B

#define ES_B

(

x

)

"0xff," x ",&"

Definition at line 90 of file analysis_mips_cs.c.

ES_CALL_D

#define ES_CALL_D

(

addr

)

ES_CALL_DR("ra", addr)

Definition at line 73 of file analysis_mips_cs.c.

ES_CALL_DR

#define ES_CALL_DR	(		ra,
			addr
	)		"pc,4,+," ra ",=," ES_J(addr)

Definition at line 72 of file analysis_mips_cs.c.

ES_CALL_ND

#define ES_CALL_ND

(

addr

)

ES_CALL_NDR("ra", addr)

Definition at line 77 of file analysis_mips_cs.c.

ES_CALL_NDR

#define ES_CALL_NDR	(		ra,
			addr
	)		"pc," ra ",=," ES_J(addr)

Definition at line 76 of file analysis_mips_cs.c.

ES_H

#define ES_H

(

x

)

"0xffff," x ",&"

Definition at line 91 of file analysis_mips_cs.c.

ES_IS_NEGATIVE

#define ES_IS_NEGATIVE

(

arg

)

"1," arg ",<<<,1,&"

Definition at line 69 of file analysis_mips_cs.c.

ES_J

#define ES_J

(

addr

)

addr ",pc,="

Definition at line 87 of file analysis_mips_cs.c.

ES_SIGN16_64

#define ES_SIGN16_64

(

arg

)

es_sign_n_64(a, op, arg, 16)

Definition at line 96 of file analysis_mips_cs.c.

ES_SIGN32_64

#define ES_SIGN32_64

(

arg

)

es_sign_n_64(a, op, arg, 32)

Definition at line 95 of file analysis_mips_cs.c.

ES_TRAP_DS

#define ES_TRAP_DS

(

)

""

Definition at line 86 of file analysis_mips_cs.c.

ES_W

#define ES_W

(

x

)

"0xffffffff," x ",&"

Definition at line 92 of file analysis_mips_cs.c.

ESIL_LOAD

#define ESIL_LOAD

(

size

)

Value:

    PROTECT_ZERO() { \
        rz_strbuf_appendf(&op->esil, "%s,[" size "],%s,=", \
            ARG(1), REG(0)); \
    }

Definition at line 121 of file analysis_mips_cs.c.

IMM

#define IMM

(

x

)

insn->detail->mips.operands[x].imm

Definition at line 15 of file analysis_mips_cs.c.

KW

#define KW	(		d,
			ds,
			m,
			ms
	)		rz_list_append(l, rz_search_keyword_new((const ut8 *)d, ds, (const ut8 *)m, ms, NULL))

MEMBASE

#define MEMBASE

(

x

)

cs_reg_name(*handle, insn->detail->mips.operands[x].mem.base)

Definition at line 16 of file analysis_mips_cs.c.

MEMDISP

#define MEMDISP

(

x

)

insn->detail->mips.operands[x].mem.disp

Definition at line 18 of file analysis_mips_cs.c.

MEMINDEX

#define MEMINDEX

(

x

)

insn->detail->mips.operands[x].mem.index

Definition at line 17 of file analysis_mips_cs.c.

OPCOUNT

#define OPCOUNT

(

)

insn->detail->mips.op_count

Definition at line 19 of file analysis_mips_cs.c.

OPERAND

#define OPERAND

(

x

)

insn->detail->mips.operands[x]

Definition at line 12 of file analysis_mips_cs.c.

PROTECT_ZERO

#define PROTECT_ZERO

(

)

Value:

    if (REG(0)[0] == 'z') { \
        rz_strbuf_appendf(&op->esil, ","); \
    } else

Definition at line 116 of file analysis_mips_cs.c.

REG

#define REG

(

x

)

cs_reg_name(*handle, insn->detail->mips.operands[x].reg)

Definition at line 14 of file analysis_mips_cs.c.

REGID

#define REGID

(

x

)

insn->detail->mips.operands[x].reg

Definition at line 13 of file analysis_mips_cs.c.

SET_SRC_DST_2_REGS

#define SET_SRC_DST_2_REGS

(

op

)

Value:

    CREATE_SRC_DST_2(op); \
    (op)->dst->reg = rz_reg_get(analysis->reg, REG(0), RZ_REG_TYPE_GPR); \
    (op)->src[0]->reg = rz_reg_get(analysis->reg, REG(1), RZ_REG_TYPE_GPR);

Definition at line 54 of file analysis_mips_cs.c.

SET_SRC_DST_3_IMM

#define SET_SRC_DST_3_IMM

(

op

)

Value:

    CREATE_SRC_DST_3(op); \
    (op)->dst->reg = rz_reg_get(analysis->reg, REG(0), RZ_REG_TYPE_GPR); \
    (op)->dst->type = RZ_ANALYSIS_VAL_REG; \
    (op)->src[0]->reg = rz_reg_get(analysis->reg, REG(1), RZ_REG_TYPE_GPR); \
    (op)->src[0]->type = RZ_ANALYSIS_VAL_REG; \
    (op)->src[1]->imm = IMM(2); \
    (op)->src[1]->type = RZ_ANALYSIS_VAL_IMM;

Definition at line 45 of file analysis_mips_cs.c.

SET_SRC_DST_3_REG_OR_IMM

#define SET_SRC_DST_3_REG_OR_IMM

(

op

)

Value:

    if (OPERAND(2).type == MIPS_OP_IMM) { \
        SET_SRC_DST_3_IMM(op); \
    } else if (OPERAND(2).type == MIPS_OP_REG) { \
        SET_SRC_DST_3_REGS(op); \
    }

Definition at line 59 of file analysis_mips_cs.c.

SET_SRC_DST_3_REGS

#define SET_SRC_DST_3_REGS

(

op

)

Value:

    CREATE_SRC_DST_3(op); \
    (op)->dst->reg = rz_reg_get(analysis->reg, REG(0), RZ_REG_TYPE_GPR); \
    (op)->dst->type = RZ_ANALYSIS_VAL_REG; \
    (op)->src[0]->reg = rz_reg_get(analysis->reg, REG(1), RZ_REG_TYPE_GPR); \
    (op)->src[0]->type = RZ_ANALYSIS_VAL_REG; \
    (op)->src[1]->reg = rz_reg_get(analysis->reg, REG(2), RZ_REG_TYPE_GPR); \
    (op)->src[1]->type = RZ_ANALYSIS_VAL_REG;

Definition at line 36 of file analysis_mips_cs.c.

SET_VAL

#define SET_VAL	(		op,
			i
	)

Value:

    if ((i) < OPCOUNT() && OPERAND(i).type == MIPS_OP_IMM) { \
        (op)->val = OPERAND(i).imm; \
    }

Definition at line 22 of file analysis_mips_cs.c.

USE_DS

#define USE_DS   0

Definition at line 79 of file analysis_mips_cs.c.

Function Documentation

analop()

static int analop ( RzAnalysis *  analysis, RzAnalysisOp *  op, ut64  addr, const ut8 *  buf, int  len, RzAnalysisOpMask  mask  )

static

Definition at line 718 of file analysis_mips_cs.c.

                                                                                                                     {
    int n, ret, opsize = -1;
    static csh hndl = 0;
    static int omode = -1;
    static int obits = 32;
    cs_insn *insn;
    int mode = analysis->big_endian ? CS_MODE_BIG_ENDIAN : CS_MODE_LITTLE_ENDIAN;
 
    if (analysis->cpu && *analysis->cpu) {
        if (!strcmp(analysis->cpu, "micro")) {
            mode |= CS_MODE_MICRO;
        } else if (!strcmp(analysis->cpu, "r6")) {
            mode |= CS_MODE_MIPS32R6;
        } else if (!strcmp(analysis->cpu, "v3")) {
            mode |= CS_MODE_MIPS3;
        } else if (!strcmp(analysis->cpu, "v2")) {
#if CS_API_MAJOR > 3
            mode |= CS_MODE_MIPS2;
#endif
        }
    }
    mode |= (analysis->bits == 64) ? CS_MODE_MIPS64 : CS_MODE_MIPS32;
    if (mode != omode || analysis->bits != obits) {
        cs_close(&hndl);
        hndl = 0;
        omode = mode;
        obits = analysis->bits;
    }
    // XXX no arch->cpu ?!?! CS_MODE_MICRO, N64
    op->addr = addr;
    if (len < 4) {
        return -1;
    }
    op->size = 4;
    if (hndl == 0) {
        ret = cs_open(CS_ARCH_MIPS, mode, &hndl);
        if (ret != CS_ERR_OK) {
            goto fin;
        }
        cs_option(hndl, CS_OPT_DETAIL, CS_OPT_ON);
    }
    n = cs_disasm(hndl, (ut8 *)buf, len, addr, 1, &insn);
    if (n < 1 || insn->size < 1) {
        if (mask & RZ_ANALYSIS_OP_MASK_DISASM) {
            op->mnemonic = strdup("invalid");
        }
        goto beach;
    }
    if (mask & RZ_ANALYSIS_OP_MASK_DISASM) {
        op->mnemonic = rz_str_newf("%s%s%s",
            insn->mnemonic,
            insn->op_str[0] ? " " : "",
            insn->op_str);
    }
    op->id = insn->id;
    opsize = op->size = insn->size;
    op->refptr = 0;
    switch (insn->id) {
    case MIPS_INS_INVALID:
        op->type = RZ_ANALYSIS_OP_TYPE_ILL;
        break;
    case MIPS_INS_LB:
    case MIPS_INS_LBU:
    case MIPS_INS_LBUX:
        op->refptr = 1;
        /* fallthrough */
    case MIPS_INS_LW:
    case MIPS_INS_LWC1:
    case MIPS_INS_LWC2:
    case MIPS_INS_LWL:
    case MIPS_INS_LWR:
    case MIPS_INS_LWXC1:
        if (!op->refptr) {
            op->refptr = 4;
        }
        /* fallthrough */
    case MIPS_INS_LD:
    case MIPS_INS_LDC1:
    case MIPS_INS_LDC2:
    case MIPS_INS_LDL:
    case MIPS_INS_LDR:
    case MIPS_INS_LDXC1:
        op->type = RZ_ANALYSIS_OP_TYPE_LOAD;
        if (!op->refptr) {
            op->refptr = 8;
        }
        switch (OPERAND(1).type) {
        case MIPS_OP_MEM:
            if (OPERAND(1).mem.base == MIPS_REG_GP) {
                op->ptr = analysis->gp + OPERAND(1).mem.disp;
                if (REGID(0) == MIPS_REG_T9) {
                    t9_pre = op->ptr;
                }
            } else if (REGID(0) == MIPS_REG_T9) {
                t9_pre = UT64_MAX;
            }
            break;
        case MIPS_OP_IMM:
            op->ptr = OPERAND(1).imm;
            break;
        case MIPS_OP_REG:
            break;
        default:
            break;
        }
        // TODO: fill
        break;
    case MIPS_INS_SD:
    case MIPS_INS_SW:
    case MIPS_INS_SB:
    case MIPS_INS_SH:
    case MIPS_INS_SWC1:
    case MIPS_INS_SWC2:
    case MIPS_INS_SWL:
    case MIPS_INS_SWR:
    case MIPS_INS_SWXC1:
        op->type = RZ_ANALYSIS_OP_TYPE_STORE;
        break;
    case MIPS_INS_NOP:
        op->type = RZ_ANALYSIS_OP_TYPE_NOP;
        break;
    case MIPS_INS_SYSCALL:
        op->type = RZ_ANALYSIS_OP_TYPE_SWI;
        break;
    case MIPS_INS_BREAK:
        op->type = RZ_ANALYSIS_OP_TYPE_TRAP;
        break;
    case MIPS_INS_JALR:
        op->type = RZ_ANALYSIS_OP_TYPE_UCALL;
        op->delay = 1;
        if (REGID(0) == MIPS_REG_25) {
            op->jump = t9_pre;
            t9_pre = UT64_MAX;
            op->type = RZ_ANALYSIS_OP_TYPE_RCALL;
        }
        break;
    case MIPS_INS_JAL:
    case MIPS_INS_JALS:
    case MIPS_INS_JALX:
    case MIPS_INS_JRADDIUSP:
    case MIPS_INS_BAL:
    // (no blezal/bgtzal or blezall/bgtzall, only blezalc/bgtzalc)
    case MIPS_INS_BLTZAL: // Branch on <0 and link
    case MIPS_INS_BGEZAL: // Branch on >=0 and link
    case MIPS_INS_BLTZALL: // "likely" versions
    case MIPS_INS_BGEZALL:
    case MIPS_INS_BLTZALC: // compact versions
    case MIPS_INS_BLEZALC:
    case MIPS_INS_BGEZALC:
    case MIPS_INS_BGTZALC:
    case MIPS_INS_JIALC:
    case MIPS_INS_JIC:
        op->type = RZ_ANALYSIS_OP_TYPE_CALL;
        op->jump = IMM(0);
 
        switch (insn->id) {
        case MIPS_INS_JIALC:
        case MIPS_INS_JIC:
        case MIPS_INS_BLTZALC:
        case MIPS_INS_BLEZALC:
        case MIPS_INS_BGEZALC:
        case MIPS_INS_BGTZALC:
            // compact versions (no delay)
            op->delay = 0;
            op->fail = addr + 4;
            break;
        default:
            op->delay = 1;
            op->fail = addr + 8;
            break;
        }
        break;
    case MIPS_INS_LI:
    case MIPS_INS_LUI:
        SET_VAL(op, 1);
        op->type = RZ_ANALYSIS_OP_TYPE_MOV;
        break;
    case MIPS_INS_MOVE:
        op->type = RZ_ANALYSIS_OP_TYPE_MOV;
        break;
    case MIPS_INS_ADD:
    case MIPS_INS_ADDI:
    case MIPS_INS_ADDU:
    case MIPS_INS_ADDIU:
    case MIPS_INS_DADD:
    case MIPS_INS_DADDI:
    case MIPS_INS_DADDIU:
        SET_VAL(op, 2);
        op->sign = (insn->id == MIPS_INS_ADDI || insn->id == MIPS_INS_ADD);
        op->type = RZ_ANALYSIS_OP_TYPE_ADD;
        if (REGID(0) == MIPS_REG_T9) {
            t9_pre += IMM(2);
        }
        if (REGID(0) == MIPS_REG_SP) {
            op->stackop = RZ_ANALYSIS_STACK_INC;
            op->stackptr = -IMM(2);
        }
        break;
    case MIPS_INS_SUB:
    case MIPS_INS_SUBV:
    case MIPS_INS_SUBVI:
    case MIPS_INS_DSUBU:
    case MIPS_INS_FSUB:
    case MIPS_INS_FMSUB:
    case MIPS_INS_SUBU:
    case MIPS_INS_DSUB:
    case MIPS_INS_SUBS_S:
    case MIPS_INS_SUBS_U:
    case MIPS_INS_SUBUH:
    case MIPS_INS_SUBUH_R:
        SET_VAL(op, 2);
        op->sign = insn->id == MIPS_INS_SUB;
        op->type = RZ_ANALYSIS_OP_TYPE_SUB;
        break;
    case MIPS_INS_MULV:
    case MIPS_INS_MULT:
    case MIPS_INS_MULSA:
    case MIPS_INS_FMUL:
    case MIPS_INS_MUL:
    case MIPS_INS_DMULT:
    case MIPS_INS_DMULTU:
        op->type = RZ_ANALYSIS_OP_TYPE_MUL;
        break;
    case MIPS_INS_XOR:
    case MIPS_INS_XORI:
        SET_VAL(op, 2);
        op->type = RZ_ANALYSIS_OP_TYPE_XOR;
        break;
    case MIPS_INS_AND:
    case MIPS_INS_ANDI:
        SET_VAL(op, 2);
        op->type = RZ_ANALYSIS_OP_TYPE_AND;
        if (REGID(0) == MIPS_REG_SP) {
            op->stackop = RZ_ANALYSIS_STACK_ALIGN;
        }
        break;
    case MIPS_INS_NOT:
        op->type = RZ_ANALYSIS_OP_TYPE_NOT;
        break;
    case MIPS_INS_OR:
    case MIPS_INS_ORI:
        SET_VAL(op, 2);
        op->type = RZ_ANALYSIS_OP_TYPE_OR;
        break;
    case MIPS_INS_DIV:
    case MIPS_INS_DIVU:
    case MIPS_INS_DDIV:
    case MIPS_INS_DDIVU:
    case MIPS_INS_FDIV:
    case MIPS_INS_DIV_S:
    case MIPS_INS_DIV_U:
        op->type = RZ_ANALYSIS_OP_TYPE_DIV;
        break;
    case MIPS_INS_CMPGDU:
    case MIPS_INS_CMPGU:
    case MIPS_INS_CMPU:
    case MIPS_INS_CMPI:
        op->type = RZ_ANALYSIS_OP_TYPE_CMP;
        break;
    case MIPS_INS_J:
    case MIPS_INS_B:
    case MIPS_INS_BZ:
    case MIPS_INS_BEQ:
    case MIPS_INS_BNZ:
    case MIPS_INS_BNE:
    case MIPS_INS_BNEL:
    case MIPS_INS_BEQL:
    case MIPS_INS_BEQZ:
    case MIPS_INS_BNEG:
    case MIPS_INS_BNEGI:
    case MIPS_INS_BNEZ:
    case MIPS_INS_BTEQZ:
    case MIPS_INS_BTNEZ:
    case MIPS_INS_BLTZ:
    case MIPS_INS_BLTZL:
    case MIPS_INS_BLEZ:
    case MIPS_INS_BLEZL:
    case MIPS_INS_BGEZ:
    case MIPS_INS_BGEZL:
    case MIPS_INS_BGTZ:
    case MIPS_INS_BGTZL:
    case MIPS_INS_BLEZC:
    case MIPS_INS_BGEZC:
    case MIPS_INS_BLTZC:
    case MIPS_INS_BGTZC:
        if (insn->id == MIPS_INS_J || insn->id == MIPS_INS_B) {
            op->type = RZ_ANALYSIS_OP_TYPE_JMP;
        } else {
            op->type = RZ_ANALYSIS_OP_TYPE_CJMP;
        }
 
        if (OPERAND(0).type == MIPS_OP_IMM) {
            op->jump = IMM(0);
        } else if (OPERAND(1).type == MIPS_OP_IMM) {
            op->jump = IMM(1);
        } else if (OPERAND(2).type == MIPS_OP_IMM) {
            op->jump = IMM(2);
        }
 
        switch (insn->id) {
        case MIPS_INS_BLEZC:
        case MIPS_INS_BGEZC:
        case MIPS_INS_BLTZC:
        case MIPS_INS_BGTZC:
            // compact versions (no delay)
            op->delay = 0;
            op->fail = addr + 4;
            break;
        default:
            op->delay = 1;
            op->fail = addr + 8;
            break;
        }
 
        break;
    case MIPS_INS_JR:
    case MIPS_INS_JRC:
        op->type = RZ_ANALYSIS_OP_TYPE_RJMP;
        op->delay = 1;
        // register is $ra, so jmp is a return
        if (insn->detail->mips.operands[0].reg == MIPS_REG_RA) {
            op->type = RZ_ANALYSIS_OP_TYPE_RET;
            t9_pre = UT64_MAX;
        }
        if (REGID(0) == MIPS_REG_25) {
            op->jump = t9_pre;
            t9_pre = UT64_MAX;
        }
 
        break;
    case MIPS_INS_SLT:
    case MIPS_INS_SLTI:
        op->sign = true;
        SET_VAL(op, 2);
        break;
    case MIPS_INS_SLTIU:
        SET_VAL(op, 2);
        break;
    case MIPS_INS_SHRAV:
    case MIPS_INS_SHRAV_R:
    case MIPS_INS_SHRA:
    case MIPS_INS_SHRA_R:
    case MIPS_INS_SRA:
        op->type = RZ_ANALYSIS_OP_TYPE_SAR;
        SET_VAL(op, 2);
        break;
    case MIPS_INS_SHRL:
    case MIPS_INS_SRLV:
    case MIPS_INS_SRL:
        op->type = RZ_ANALYSIS_OP_TYPE_SHR;
        SET_VAL(op, 2);
        break;
    case MIPS_INS_SLLV:
    case MIPS_INS_SLL:
        op->type = RZ_ANALYSIS_OP_TYPE_SHL;
        SET_VAL(op, 2);
        break;
    }
beach:
    set_opdir(op);
    if (insn && mask & RZ_ANALYSIS_OP_MASK_OPEX) {
        opex(&op->opex, hndl, insn);
    }
    if (mask & RZ_ANALYSIS_OP_MASK_ESIL) {
        if (analop_esil(analysis, op, addr, buf, len, &hndl, insn) != 0) {
            rz_strbuf_fini(&op->esil);
        }
    }
    if (mask & RZ_ANALYSIS_OP_MASK_VAL) {
        op_fillval(analysis, op, &hndl, insn);
    }
    cs_free(insn, n);
    // cs_close (&handle);
fin:
    return opsize;
}

References addr, analop_esil(), rz_analysis_t::big_endian, rz_analysis_t::bits, rz_analysis_t::cpu, CS_ARCH_MIPS, cs_close(), cs_disasm(), capstone::CS_ERR_OK, cs_free(), CS_MODE_BIG_ENDIAN, CS_MODE_LITTLE_ENDIAN, CS_MODE_MICRO, CS_MODE_MIPS2, CS_MODE_MIPS3, CS_MODE_MIPS32, CS_MODE_MIPS32R6, CS_MODE_MIPS64, cs_open(), CS_OPT_DETAIL, CS_OPT_ON, cs_option(), rz_analysis_t::gp, IMM, len, mask, mem, MIPS_INS_ADD, MIPS_INS_ADDI, MIPS_INS_ADDIU, MIPS_INS_ADDU, MIPS_INS_AND, MIPS_INS_ANDI, MIPS_INS_B, MIPS_INS_BAL, MIPS_INS_BEQ, MIPS_INS_BEQL, MIPS_INS_BEQZ, MIPS_INS_BGEZ, MIPS_INS_BGEZAL, MIPS_INS_BGEZALC, MIPS_INS_BGEZALL, MIPS_INS_BGEZC, MIPS_INS_BGEZL, MIPS_INS_BGTZ, MIPS_INS_BGTZALC, MIPS_INS_BGTZC, MIPS_INS_BGTZL, MIPS_INS_BLEZ, MIPS_INS_BLEZALC, MIPS_INS_BLEZC, MIPS_INS_BLEZL, MIPS_INS_BLTZ, MIPS_INS_BLTZAL, MIPS_INS_BLTZALC, MIPS_INS_BLTZALL, MIPS_INS_BLTZC, MIPS_INS_BLTZL, MIPS_INS_BNE, MIPS_INS_BNEG, MIPS_INS_BNEGI, MIPS_INS_BNEL, MIPS_INS_BNEZ, MIPS_INS_BNZ, MIPS_INS_BREAK, MIPS_INS_BTEQZ, MIPS_INS_BTNEZ, MIPS_INS_BZ, MIPS_INS_CMPGDU, MIPS_INS_CMPGU, MIPS_INS_CMPI, MIPS_INS_CMPU, MIPS_INS_DADD, MIPS_INS_DADDI, MIPS_INS_DADDIU, MIPS_INS_DDIV, MIPS_INS_DDIVU, MIPS_INS_DIV, MIPS_INS_DIV_S, MIPS_INS_DIV_U, MIPS_INS_DIVU, MIPS_INS_DMULT, MIPS_INS_DMULTU, MIPS_INS_DSUB, MIPS_INS_DSUBU, MIPS_INS_FDIV, MIPS_INS_FMSUB, MIPS_INS_FMUL, MIPS_INS_FSUB, MIPS_INS_INVALID, MIPS_INS_J, MIPS_INS_JAL, MIPS_INS_JALR, MIPS_INS_JALS, MIPS_INS_JALX, MIPS_INS_JIALC, MIPS_INS_JIC, MIPS_INS_JR, MIPS_INS_JRADDIUSP, MIPS_INS_JRC, MIPS_INS_LB, MIPS_INS_LBU, MIPS_INS_LBUX, MIPS_INS_LD, MIPS_INS_LDC1, MIPS_INS_LDC2, MIPS_INS_LDL, MIPS_INS_LDR, MIPS_INS_LDXC1, MIPS_INS_LI, MIPS_INS_LUI, MIPS_INS_LW, MIPS_INS_LWC1, MIPS_INS_LWC2, MIPS_INS_LWL, MIPS_INS_LWR, MIPS_INS_LWXC1, MIPS_INS_MOVE, MIPS_INS_MUL, MIPS_INS_MULSA, MIPS_INS_MULT, MIPS_INS_MULV, MIPS_INS_NOP, MIPS_INS_NOT, MIPS_INS_OR, MIPS_INS_ORI, MIPS_INS_SB, MIPS_INS_SD, MIPS_INS_SH, MIPS_INS_SHRA, MIPS_INS_SHRA_R, MIPS_INS_SHRAV, MIPS_INS_SHRAV_R, MIPS_INS_SHRL, MIPS_INS_SLL, MIPS_INS_SLLV, MIPS_INS_SLT, MIPS_INS_SLTI, MIPS_INS_SLTIU, MIPS_INS_SRA, MIPS_INS_SRL, MIPS_INS_SRLV, MIPS_INS_SUB, MIPS_INS_SUBS_S, MIPS_INS_SUBS_U, MIPS_INS_SUBU, MIPS_INS_SUBUH, MIPS_INS_SUBUH_R, MIPS_INS_SUBV, MIPS_INS_SUBVI, MIPS_INS_SW, MIPS_INS_SWC1, MIPS_INS_SWC2, MIPS_INS_SWL, MIPS_INS_SWR, MIPS_INS_SWXC1, MIPS_INS_SYSCALL, MIPS_INS_XOR, MIPS_INS_XORI, MIPS_OP_IMM, MIPS_OP_MEM, MIPS_OP_REG, MIPS_REG_25, MIPS_REG_GP, MIPS_REG_RA, MIPS_REG_SP, MIPS_REG_T9, n, op_fillval(), OPERAND, opex(), REGID, RZ_ANALYSIS_OP_MASK_DISASM, RZ_ANALYSIS_OP_MASK_ESIL, RZ_ANALYSIS_OP_MASK_OPEX, RZ_ANALYSIS_OP_MASK_VAL, RZ_ANALYSIS_OP_TYPE_ADD, RZ_ANALYSIS_OP_TYPE_AND, RZ_ANALYSIS_OP_TYPE_CALL, RZ_ANALYSIS_OP_TYPE_CJMP, RZ_ANALYSIS_OP_TYPE_CMP, RZ_ANALYSIS_OP_TYPE_DIV, RZ_ANALYSIS_OP_TYPE_ILL, RZ_ANALYSIS_OP_TYPE_JMP, RZ_ANALYSIS_OP_TYPE_LOAD, RZ_ANALYSIS_OP_TYPE_MOV, RZ_ANALYSIS_OP_TYPE_MUL, RZ_ANALYSIS_OP_TYPE_NOP, RZ_ANALYSIS_OP_TYPE_NOT, RZ_ANALYSIS_OP_TYPE_OR, RZ_ANALYSIS_OP_TYPE_RCALL, RZ_ANALYSIS_OP_TYPE_RET, RZ_ANALYSIS_OP_TYPE_RJMP, RZ_ANALYSIS_OP_TYPE_SAR, RZ_ANALYSIS_OP_TYPE_SHL, RZ_ANALYSIS_OP_TYPE_SHR, RZ_ANALYSIS_OP_TYPE_STORE, RZ_ANALYSIS_OP_TYPE_SUB, RZ_ANALYSIS_OP_TYPE_SWI, RZ_ANALYSIS_OP_TYPE_TRAP, RZ_ANALYSIS_OP_TYPE_UCALL, RZ_ANALYSIS_OP_TYPE_XOR, RZ_ANALYSIS_STACK_ALIGN, RZ_ANALYSIS_STACK_INC, rz_str_newf(), rz_strbuf_fini(), set_opdir(), SET_VAL, strdup(), t9_pre, type, and UT64_MAX.

analop_esil()

static int analop_esil ( RzAnalysis *  a, RzAnalysisOp *  op, ut64  addr, const ut8 *  buf, int  len, csh *  handle, cs_insn *  insn  )

static

signed – sets overflow flag

unsigned

Definition at line 203 of file analysis_mips_cs.c.

                                                                                                                        {
    char str[8][32] = { { 0 } };
    int i;
 
    rz_strbuf_init(&op->esil);
    rz_strbuf_set(&op->esil, "");
 
    if (insn) {
        // caching operands
        for (i = 0; i < insn->detail->mips.op_count && i < 8; i++) {
            *str[i] = 0;
            ARG(i);
        }
    }
 
    if (insn) {
        switch (insn->id) {
        case MIPS_INS_NOP:
            rz_strbuf_setf(&op->esil, ",");
            break;
        case MIPS_INS_BREAK:
            rz_strbuf_setf(&op->esil, "%" PFMT64d ",%" PFMT64d ",TRAP", (st64)IMM(0), (st64)IMM(0));
            break;
        case MIPS_INS_SD:
            rz_strbuf_appendf(&op->esil, "%s,%s,=[8]",
                ARG(0), ARG(1));
            break;
        case MIPS_INS_SW:
        case MIPS_INS_SWL:
        case MIPS_INS_SWR:
            rz_strbuf_appendf(&op->esil, "%s,%s,=[4]",
                ARG(0), ARG(1));
            break;
        case MIPS_INS_SH:
            rz_strbuf_appendf(&op->esil, "%s,%s,=[2]",
                ARG(0), ARG(1));
            break;
        case MIPS_INS_SWC1:
        case MIPS_INS_SWC2:
            rz_strbuf_setf(&op->esil, "%s,$", ARG(1));
            break;
        case MIPS_INS_SB:
            rz_strbuf_appendf(&op->esil, "%s,%s,=[1]",
                ARG(0), ARG(1));
            break;
        case MIPS_INS_CMP:
        case MIPS_INS_CMPU:
        case MIPS_INS_CMPGU:
        case MIPS_INS_CMPGDU:
        case MIPS_INS_CMPI:
            rz_strbuf_appendf(&op->esil, "%s,%s,==", ARG(1), ARG(0));
            break;
        case MIPS_INS_DSRA:
            rz_strbuf_appendf(&op->esil,
                "%s,%s,>>,31,%s,>>,?{,32,%s,32,-,0xffffffff,<<,0xffffffff,&,<<,}{,0,},|,%s,=",
                ARG(2), ARG(1), ARG(1), ARG(2), ARG(0));
            break;
        case MIPS_INS_SHRAV:
        case MIPS_INS_SHRAV_R:
        case MIPS_INS_SHRA:
        case MIPS_INS_SHRA_R:
        case MIPS_INS_SRA:
            rz_strbuf_appendf(&op->esil,
                "0xffffffff,%s,%s,>>,&,31,%s,>>,?{,%s,32,-,0xffffffff,<<,0xffffffff,&,}{,0,},|,%s,=",
                ARG(2), ARG(1), ARG(1), ARG(2), ARG(0));
            break;
        case MIPS_INS_SHRL:
            // suffix 'S' forces conditional flag to be updated
        case MIPS_INS_SRLV:
        case MIPS_INS_SRL:
            rz_strbuf_appendf(&op->esil, "%s,%s,>>,%s,=", ARG(2), ARG(1), ARG(0));
            break;
        case MIPS_INS_SLLV:
        case MIPS_INS_SLL:
            rz_strbuf_appendf(&op->esil, "%s,%s,<<,%s,=", ARG(2), ARG(1), ARG(0));
            break;
        case MIPS_INS_BAL:
        case MIPS_INS_JAL:
            rz_strbuf_appendf(&op->esil, ES_TRAP_DS() "" ES_CALL_D("%s"), ARG(0));
            break;
        case MIPS_INS_JALR:
        case MIPS_INS_JALRS:
            if (OPCOUNT() < 2) {
                rz_strbuf_appendf(&op->esil, ES_TRAP_DS() "" ES_CALL_D("%s"), ARG(0));
            } else {
                PROTECT_ZERO() {
                    rz_strbuf_appendf(&op->esil, ES_TRAP_DS() "" ES_CALL_DR("%s", "%s"), ARG(0), ARG(1));
                }
            }
            break;
        case MIPS_INS_JALRC: // no delay
            if (OPCOUNT() < 2) {
                rz_strbuf_appendf(&op->esil, ES_TRAP_DS() "" ES_CALL_ND("%s"), ARG(0));
            } else {
                PROTECT_ZERO() {
                    rz_strbuf_appendf(&op->esil, ES_TRAP_DS() "" ES_CALL_NDR("%s", "%s"), ARG(0), ARG(1));
                }
            }
            break;
        case MIPS_INS_JRADDIUSP:
            // increment stackpointer in X and jump to %ra
            rz_strbuf_appendf(&op->esil, ES_TRAP_DS() "%s,sp,+=," ES_J("ra"), ARG(0));
            break;
        case MIPS_INS_JR:
        case MIPS_INS_JRC:
        case MIPS_INS_J:
        case MIPS_INS_B: // ???
            // jump to address with conditional
            rz_strbuf_appendf(&op->esil, ES_TRAP_DS() "" ES_J("%s"), ARG(0));
            break;
        case MIPS_INS_BNE: // bne $s, $t, offset
        case MIPS_INS_BNEL:
            rz_strbuf_appendf(&op->esil, ES_TRAP_DS() "%s,%s,==,$z,!,?{," ES_J("%s") ",}",
                ARG(0), ARG(1), ARG(2));
            break;
        case MIPS_INS_BEQ:
        case MIPS_INS_BEQL:
            rz_strbuf_appendf(&op->esil, ES_TRAP_DS() "%s,%s,==,$z,?{," ES_J("%s") ",}",
                ARG(0), ARG(1), ARG(2));
            break;
        case MIPS_INS_BZ:
        case MIPS_INS_BEQZ:
        case MIPS_INS_BEQZC:
            rz_strbuf_appendf(&op->esil, ES_TRAP_DS() "%s,0,==,$z,?{," ES_J("%s") ",}",
                ARG(0), ARG(1));
            break;
        case MIPS_INS_BNEZ:
            rz_strbuf_appendf(&op->esil, ES_TRAP_DS() "%s,0,==,$z,!,?{," ES_J("%s") ",}",
                ARG(0), ARG(1));
            break;
        case MIPS_INS_BEQZALC:
            rz_strbuf_appendf(&op->esil, ES_TRAP_DS() "%s,0,==,$z,?{," ES_CALL_ND("%s") ",}",
                ARG(0), ARG(1));
            break;
        case MIPS_INS_BLEZ:
        case MIPS_INS_BLEZC:
        case MIPS_INS_BLEZL:
            rz_strbuf_appendf(&op->esil, ES_TRAP_DS() "0,%s,==,$z,?{," ES_J("%s") ",BREAK,},",
                ARG(0), ARG(1));
            rz_strbuf_appendf(&op->esil, ES_TRAP_DS() "1," ES_IS_NEGATIVE("%s") ",==,$z,?{," ES_J("%s") ",}",
                ARG(0), ARG(1));
            break;
        case MIPS_INS_BGEZ:
        case MIPS_INS_BGEZC:
        case MIPS_INS_BGEZL:
            rz_strbuf_appendf(&op->esil, ES_TRAP_DS() "0," ES_IS_NEGATIVE("%s") ",==,$z,?{," ES_J("%s") ",}",
                ARG(0), ARG(1));
            break;
        case MIPS_INS_BGEZAL:
            rz_strbuf_appendf(&op->esil, ES_TRAP_DS() "0," ES_IS_NEGATIVE("%s") ",==,$z,?{," ES_CALL_D("%s") ",}",
                ARG(0), ARG(1));
            break;
        case MIPS_INS_BGEZALC:
            rz_strbuf_appendf(&op->esil, ES_TRAP_DS() "0," ES_IS_NEGATIVE("%s") ",==,$z,?{," ES_CALL_ND("%s") ",}",
                ARG(0), ARG(1));
            break;
        case MIPS_INS_BGTZALC:
            rz_strbuf_appendf(&op->esil, ES_TRAP_DS() "0,%s,==,$z,?{,BREAK,},", ARG(0));
            rz_strbuf_appendf(&op->esil, "0," ES_IS_NEGATIVE("%s") ",==,$z,?{," ES_CALL_ND("%s") ",}",
                ARG(0), ARG(1));
            break;
        case MIPS_INS_BLTZAL:
            rz_strbuf_appendf(&op->esil, ES_TRAP_DS() "1," ES_IS_NEGATIVE("%s") ",==,$z,?{," ES_CALL_D("%s") ",}", ARG(0), ARG(1));
            break;
        case MIPS_INS_BLTZ:
        case MIPS_INS_BLTZC:
        case MIPS_INS_BLTZL:
            rz_strbuf_appendf(&op->esil, ES_TRAP_DS() "1," ES_IS_NEGATIVE("%s") ",==,$z,?{," ES_J("%s") ",}",
                ARG(0), ARG(1));
            break;
        case MIPS_INS_BGTZ:
        case MIPS_INS_BGTZC:
        case MIPS_INS_BGTZL:
            rz_strbuf_appendf(&op->esil, ES_TRAP_DS() "0,%s,==,$z,?{,BREAK,},", ARG(0));
            rz_strbuf_appendf(&op->esil, ES_TRAP_DS() "0," ES_IS_NEGATIVE("%s") ",==,$z,?{," ES_J("%s") ",}",
                ARG(0), ARG(1));
            break;
        case MIPS_INS_BTEQZ:
            rz_strbuf_appendf(&op->esil, ES_TRAP_DS() "0,t,==,$z,?{," ES_J("%s") ",}", ARG(0));
            break;
        case MIPS_INS_BTNEZ:
            rz_strbuf_appendf(&op->esil, ES_TRAP_DS() "0,t,==,$z,!,?{," ES_J("%s") ",}", ARG(0));
            break;
        case MIPS_INS_MOV:
        case MIPS_INS_MOVE:
            PROTECT_ZERO() {
                rz_strbuf_appendf(&op->esil, "%s,%s,=", ARG(1), REG(0));
            }
            break;
        case MIPS_INS_MOVZ:
        case MIPS_INS_MOVF:
            PROTECT_ZERO() {
                rz_strbuf_appendf(&op->esil, "0,%s,==,$z,?{,%s,%s,=,}",
                    ARG(2), ARG(1), REG(0));
            }
            break;
        case MIPS_INS_MOVT:
            PROTECT_ZERO() {
                rz_strbuf_appendf(&op->esil, "1,%s,==,$z,?{,%s,%s,=,}",
                    ARG(2), ARG(1), REG(0));
            }
            break;
        case MIPS_INS_FSUB:
        case MIPS_INS_SUB:
        case MIPS_INS_SUBU:
        case MIPS_INS_DSUB:
        case MIPS_INS_DSUBU:
            PROTECT_ZERO() {
                rz_strbuf_appendf(&op->esil, "%s,%s,-,%s,=",
                    ARG(2), ARG(1), ARG(0));
            }
            break;
        case MIPS_INS_NEG:
        case MIPS_INS_NEGU:
            rz_strbuf_appendf(&op->esil, "%s,0,-,%s,=,",
                ARG(1), ARG(0));
            break;
 
        case MIPS_INS_ADD: {
            PROTECT_ZERO() {
                ES_ADD_CK32_OVERF(ARG(1), ARG(2), ARG(0));
            }
        } break;
        case MIPS_INS_ADDI:
            PROTECT_ZERO() {
                ES_ADD_CK32_OVERF(ARG(1), ARG(2), ARG(0));
            }
            break;
        case MIPS_INS_DADD:
        case MIPS_INS_DADDI:
            ES_ADD_CK64_OVERF(ARG(1), ARG(2), ARG(0));
            break;
        case MIPS_INS_DADDU:
        case MIPS_INS_ADDU:
        case MIPS_INS_ADDIU:
        case MIPS_INS_DADDIU: {
            const char *arg0 = ARG(0);
            const char *arg1 = ARG(1);
            const char *arg2 = ARG(2);
            PROTECT_ZERO() {
                if (*arg2 == '-') {
                    rz_strbuf_appendf(&op->esil, "%s,%s,-,%s,=",
                        arg2 + 1, arg1, arg0);
                } else {
                    rz_strbuf_appendf(&op->esil, "%s,%s,+,%s,=",
                        arg2, arg1, arg0);
                }
            }
        } break;
        case MIPS_INS_LI:
        case MIPS_INS_LDI:
            rz_strbuf_appendf(&op->esil, "0x%" PFMT64x ",%s,=", (ut64)IMM(1), ARG(0));
            break;
        case MIPS_INS_LUI:
            rz_strbuf_appendf(&op->esil, "0x%" PFMT64x "0000,%s,=", (ut64)IMM(1), ARG(0));
            break;
        case MIPS_INS_LB:
            op->sign = true;
            ESIL_LOAD("1");
            break;
        case MIPS_INS_LBU:
            // one of these is wrong
            ESIL_LOAD("1");
            break;
        case MIPS_INS_LW:
        case MIPS_INS_LWC1:
        case MIPS_INS_LWC2:
        case MIPS_INS_LWL:
        case MIPS_INS_LWR:
        case MIPS_INS_LWU:
        case MIPS_INS_LL:
            ESIL_LOAD("4");
            break;
 
        case MIPS_INS_LDL:
        case MIPS_INS_LDC1:
        case MIPS_INS_LDC2:
        case MIPS_INS_LLD:
        case MIPS_INS_LD:
            ESIL_LOAD("8");
            break;
 
        case MIPS_INS_LWX:
        case MIPS_INS_LH:
        case MIPS_INS_LHU:
        case MIPS_INS_LHX:
            ESIL_LOAD("2");
            break;
 
        case MIPS_INS_AND:
        case MIPS_INS_ANDI: {
            const char *arg0 = ARG(0);
            const char *arg1 = ARG(1);
            const char *arg2 = ARG(2);
            if (!strcmp(arg0, arg1)) {
                rz_strbuf_appendf(&op->esil, "%s,%s,&=", arg2, arg1);
            } else {
                rz_strbuf_appendf(&op->esil, "%s,%s,&,%s,=", arg2, arg1, arg0);
            }
        } break;
        case MIPS_INS_OR:
        case MIPS_INS_ORI: {
            const char *arg0 = ARG(0);
            const char *arg1 = ARG(1);
            const char *arg2 = ARG(2);
            PROTECT_ZERO() {
                rz_strbuf_appendf(&op->esil, "%s,%s,|,%s,=",
                    arg2, arg1, arg0);
            }
        } break;
        case MIPS_INS_XOR:
        case MIPS_INS_XORI: {
            const char *arg0 = ARG(0);
            const char *arg1 = ARG(1);
            const char *arg2 = ARG(2);
            PROTECT_ZERO() {
                rz_strbuf_appendf(&op->esil, "%s,%s,^,%s,=",
                    arg2, arg1, arg0);
            }
        } break;
        case MIPS_INS_NOR: {
            const char *arg0 = ARG(0);
            const char *arg1 = ARG(1);
            const char *arg2 = ARG(2);
            PROTECT_ZERO() {
                rz_strbuf_appendf(&op->esil, "%s,%s,|,0xffffffff,^,%s,=",
                    arg2, arg1, arg0);
            }
        } break;
        case MIPS_INS_SLT:
        case MIPS_INS_SLTI:
            if (OPCOUNT() < 3) {
                rz_strbuf_appendf(&op->esil, "%s,%s,<,t,=", ARG(1), ARG(0));
            } else {
                rz_strbuf_appendf(&op->esil, "%s,%s,<,%s,=", ARG(2), ARG(1), ARG(0));
            }
            break;
        case MIPS_INS_SLTU:
        case MIPS_INS_SLTIU:
            if (OPCOUNT() < 3) {
                rz_strbuf_appendf(&op->esil, ES_W("%s") "," ES_W("%s") ",<,t,=",
                    ARG(1), ARG(0));
            } else {
                rz_strbuf_appendf(&op->esil, ES_W("%s") "," ES_W("%s") ",<,%s,=",
                    ARG(2), ARG(1), ARG(0));
            }
            break;
        case MIPS_INS_MUL:
            rz_strbuf_appendf(&op->esil, ES_W("%s,%s,*") ",%s,=", ARG(1), ARG(2), ARG(0));
            ES_SIGN32_64(ARG(0));
            break;
        case MIPS_INS_MULT:
        case MIPS_INS_MULTU:
            rz_strbuf_appendf(&op->esil, ES_W("%s,%s,*") ",lo,=", ARG(0), ARG(1));
            ES_SIGN32_64("lo");
            rz_strbuf_appendf(&op->esil, ES_W("32,%s,%s,*,>>") ",hi,=", ARG(0), ARG(1));
            ES_SIGN32_64("hi");
            break;
        case MIPS_INS_MFLO:
            PROTECT_ZERO() {
                rz_strbuf_appendf(&op->esil, "lo,%s,=", REG(0));
            }
            break;
        case MIPS_INS_MFHI:
            PROTECT_ZERO() {
                rz_strbuf_appendf(&op->esil, "hi,%s,=", REG(0));
            }
            break;
        case MIPS_INS_MTLO:
            rz_strbuf_appendf(&op->esil, "%s,lo,=", REG(0));
            ES_SIGN32_64("lo");
            break;
        case MIPS_INS_MTHI:
            rz_strbuf_appendf(&op->esil, "%s,hi,=", REG(0));
            ES_SIGN32_64("hi");
            break;
#if 0
    // could not test div
    case MIPS_INS_DIV:
    case MIPS_INS_DIVU:
    case MIPS_INS_DDIV:
    case MIPS_INS_DDIVU:
        PROTECT_ZERO () {
            // 32 bit needs sign extend
            rz_strbuf_appendf (&op->esil, "%s,%s,/,lo,=,%s,%s,%%,hi,=", REG(1), REG(0), REG(1), REG(0));
        }
        break;
#endif
        default:
            return -1;
        }
    }
    return 0;
}

References ARG, ES_ADD_CK32_OVERF, ES_ADD_CK64_OVERF, ES_CALL_D, ES_CALL_DR, ES_CALL_ND, ES_CALL_NDR, ES_IS_NEGATIVE, ES_J, ES_SIGN32_64, ES_TRAP_DS, ES_W, ESIL_LOAD, i, IMM, MIPS_INS_ADD, MIPS_INS_ADDI, MIPS_INS_ADDIU, MIPS_INS_ADDU, MIPS_INS_AND, MIPS_INS_ANDI, MIPS_INS_B, MIPS_INS_BAL, MIPS_INS_BEQ, MIPS_INS_BEQL, MIPS_INS_BEQZ, MIPS_INS_BEQZALC, MIPS_INS_BEQZC, MIPS_INS_BGEZ, MIPS_INS_BGEZAL, MIPS_INS_BGEZALC, MIPS_INS_BGEZC, MIPS_INS_BGEZL, MIPS_INS_BGTZ, MIPS_INS_BGTZALC, MIPS_INS_BGTZC, MIPS_INS_BGTZL, MIPS_INS_BLEZ, MIPS_INS_BLEZC, MIPS_INS_BLEZL, MIPS_INS_BLTZ, MIPS_INS_BLTZAL, MIPS_INS_BLTZC, MIPS_INS_BLTZL, MIPS_INS_BNE, MIPS_INS_BNEL, MIPS_INS_BNEZ, MIPS_INS_BREAK, MIPS_INS_BTEQZ, MIPS_INS_BTNEZ, MIPS_INS_BZ, MIPS_INS_CMP, MIPS_INS_CMPGDU, MIPS_INS_CMPGU, MIPS_INS_CMPI, MIPS_INS_CMPU, MIPS_INS_DADD, MIPS_INS_DADDI, MIPS_INS_DADDIU, MIPS_INS_DADDU, MIPS_INS_DDIV, MIPS_INS_DDIVU, MIPS_INS_DIV, MIPS_INS_DIVU, MIPS_INS_DSRA, MIPS_INS_DSUB, MIPS_INS_DSUBU, MIPS_INS_FSUB, MIPS_INS_J, MIPS_INS_JAL, MIPS_INS_JALR, MIPS_INS_JALRC, MIPS_INS_JALRS, MIPS_INS_JR, MIPS_INS_JRADDIUSP, MIPS_INS_JRC, MIPS_INS_LB, MIPS_INS_LBU, MIPS_INS_LD, MIPS_INS_LDC1, MIPS_INS_LDC2, MIPS_INS_LDI, MIPS_INS_LDL, MIPS_INS_LH, MIPS_INS_LHU, MIPS_INS_LHX, MIPS_INS_LI, MIPS_INS_LL, MIPS_INS_LLD, MIPS_INS_LUI, MIPS_INS_LW, MIPS_INS_LWC1, MIPS_INS_LWC2, MIPS_INS_LWL, MIPS_INS_LWR, MIPS_INS_LWU, MIPS_INS_LWX, MIPS_INS_MFHI, MIPS_INS_MFLO, MIPS_INS_MOV, MIPS_INS_MOVE, MIPS_INS_MOVF, MIPS_INS_MOVT, MIPS_INS_MOVZ, MIPS_INS_MTHI, MIPS_INS_MTLO, MIPS_INS_MUL, MIPS_INS_MULT, MIPS_INS_MULTU, MIPS_INS_NEG, MIPS_INS_NEGU, MIPS_INS_NOP, MIPS_INS_NOR, MIPS_INS_OR, MIPS_INS_ORI, MIPS_INS_SB, MIPS_INS_SD, MIPS_INS_SH, MIPS_INS_SHRA, MIPS_INS_SHRA_R, MIPS_INS_SHRAV, MIPS_INS_SHRAV_R, MIPS_INS_SHRL, MIPS_INS_SLL, MIPS_INS_SLLV, MIPS_INS_SLT, MIPS_INS_SLTI, MIPS_INS_SLTIU, MIPS_INS_SLTU, MIPS_INS_SRA, MIPS_INS_SRL, MIPS_INS_SRLV, MIPS_INS_SUB, MIPS_INS_SUBU, MIPS_INS_SW, MIPS_INS_SWC1, MIPS_INS_SWC2, MIPS_INS_SWL, MIPS_INS_SWR, MIPS_INS_XOR, MIPS_INS_XORI, OPCOUNT, PFMT64d, PFMT64x, PROTECT_ZERO, REG, rz_strbuf_appendf(), rz_strbuf_init(), rz_strbuf_set(), rz_strbuf_setf(), st64, cmd_descs_generate::str, and ut64().

Referenced by analop().

analysis_preludes()

static RzList* analysis_preludes ( RzAnalysis *  analysis )

static

Definition at line 1205 of file analysis_mips_cs.c.

                                                       {
#define KW(d, ds, m, ms) rz_list_append(l, rz_search_keyword_new((const ut8 *)d, ds, (const ut8 *)m, ms, NULL))
    RzList *l = rz_list_newf((RzListFree)rz_search_keyword_free);
    KW("\x27\xbd\x00", 3, NULL, 0);
    return l;
}

References KW, NULL, rz_list_newf(), and rz_search_keyword_free().

archinfo()

static int archinfo ( RzAnalysis *  analysis, int  q  )

static

Definition at line 1201 of file analysis_mips_cs.c.

                                                 {
    return 4;
}

arg()

static const char* arg ( csh *  handle, cs_insn *  insn, char *  buf, int  n  )

static

Definition at line 169 of file analysis_mips_cs.c.

                                                                     {
    *buf = 0;
    switch (insn->detail->mips.operands[n].type) {
    case MIPS_OP_INVALID:
        break;
    case MIPS_OP_REG:
        sprintf(buf, "%s",
            cs_reg_name(*handle,
                insn->detail->mips.operands[n].reg));
        break;
    case MIPS_OP_IMM: {
        st64 x = (st64)insn->detail->mips.operands[n].imm;
        sprintf(buf, "%" PFMT64d, x);
    } break;
    case MIPS_OP_MEM: {
        int disp = insn->detail->mips.operands[n].mem.disp;
        if (disp < 0) {
            sprintf(buf, "%" PFMT64d ",%s,-",
                (ut64)-insn->detail->mips.operands[n].mem.disp,
                cs_reg_name(*handle,
                    insn->detail->mips.operands[n].mem.base));
        } else {
            sprintf(buf, "0x%" PFMT64x ",%s,+",
                (ut64)insn->detail->mips.operands[n].mem.disp,
                cs_reg_name(*handle,
                    insn->detail->mips.operands[n].mem.base));
        }
    } break;
    }
    return buf;
}

References cs_reg_name(), handle, MIPS_OP_IMM, MIPS_OP_INVALID, MIPS_OP_MEM, MIPS_OP_REG, n, PFMT64d, PFMT64x, sprintf, st64, ut64(), and x.

es_add_ck()

static void es_add_ck ( RzAnalysisOp *  op, const char *  a1, const char *  a2, const char *  re, int  bit  )

inlinestatic

Definition at line 109 of file analysis_mips_cs.c.

                                                                                                        {
    ut64 mask = 1ULL << (bit - 1);
    rz_strbuf_appendf(&op->esil,
        "%d,0x%" PFMT64x ",%s,%s,^,&,>>,%d,0x%" PFMT64x ",%s,%s,+,&,>>,|,1,==,$z,?{,$$,1,TRAP,}{,%s,%s,+,%s,=,}",
        bit - 2, mask, a1, a2, bit - 1, mask, a1, a2, a1, a2, re);
}

References bit, mask, PFMT64x, rz_strbuf_appendf(), and ut64().

es_sign_n_64()

static void es_sign_n_64 ( RzAnalysis *  a, RzAnalysisOp *  op, const char *  arg, int  bit  )

inlinestatic

Definition at line 101 of file analysis_mips_cs.c.

                                                                                           {
    if (a->bits == 64) {
        rz_strbuf_appendf(&op->esil, ",%d,%s,~,%s,=,", bit, arg, arg);
    } else {
        rz_strbuf_append(&op->esil, ",");
    }
}

References a, bit, rz_strbuf_append(), and rz_strbuf_appendf().

get_reg_profile()

static char* get_reg_profile ( RzAnalysis *  analysis )

static

Definition at line 1095 of file analysis_mips_cs.c.

                                                   {
    const char *p = NULL;
    switch (analysis->bits) {
    default:
    case 32:
        p =
            "=PC    pc\n"
            "=SP    sp\n"
            "=BP    fp\n"
            "=SN    v0\n"
            "=A0    a0\n"
            "=A1    a1\n"
            "=A2    a2\n"
            "=A3    a3\n"
            "=R0    v0\n"
            "=R1    v1\n"
            "gpr    zero    .32 ?   0\n"
            "gpr    at  .32 4   0\n"
            "gpr    v0  .32 8   0\n"
            "gpr    v1  .32 12  0\n"
            "gpr    a0  .32 16  0\n"
            "gpr    a1  .32 20  0\n"
            "gpr    a2  .32 24  0\n"
            "gpr    a3  .32 28  0\n"
            "gpr    t0  .32 32  0\n"
            "gpr    t1  .32 36  0\n"
            "gpr    t2  .32 40  0\n"
            "gpr    t3  .32 44  0\n"
            "gpr    t4  .32 48  0\n"
            "gpr    t5  .32 52  0\n"
            "gpr    t6  .32 56  0\n"
            "gpr    t7  .32 60  0\n"
            "gpr    s0  .32 64  0\n"
            "gpr    s1  .32 68  0\n"
            "gpr    s2  .32 72  0\n"
            "gpr    s3  .32 76  0\n"
            "gpr    s4  .32 80  0\n"
            "gpr    s5  .32 84  0\n"
            "gpr    s6  .32 88  0\n"
            "gpr    s7  .32 92  0\n"
            "gpr    t8  .32 96  0\n"
            "gpr    t9  .32 100 0\n"
            "gpr    k0  .32 104 0\n"
            "gpr    k1  .32 108 0\n"
            "gpr    gp  .32 112 0\n"
            "gpr    sp  .32 116 0\n"
            "gpr    fp  .32 120 0\n"
            "gpr    ra  .32 124 0\n"
            "gpr    pc  .32 128 0\n"
            "gpr    hi  .32 132 0\n"
            "gpr    lo  .32 136 0\n"
            "gpr    t   .32 140 0\n";
        break;
    case 64:
        p =
            "=PC    pc\n"
            "=SP    sp\n"
            "=BP    fp\n"
            "=A0    a0\n"
            "=A1    a1\n"
            "=A2    a2\n"
            "=A3    a3\n"
            "=SN    v0\n"
            "=R0    v0\n"
            "=R1    v1\n"
            "gpr    zero    .64 ?   0\n"
            "gpr    at  .64 8   0\n"
            "gpr    v0  .64 16  0\n"
            "gpr    v1  .64 24  0\n"
            "gpr    a0  .64 32  0\n"
            "gpr    a1  .64 40  0\n"
            "gpr    a2  .64 48  0\n"
            "gpr    a3  .64 56  0\n"
            "gpr    t0  .64 64  0\n"
            "gpr    t1  .64 72  0\n"
            "gpr    t2  .64 80  0\n"
            "gpr    t3  .64 88  0\n"
            "gpr    t4  .64 96  0\n"
            "gpr    t5  .64 104 0\n"
            "gpr    t6  .64 112 0\n"
            "gpr    t7  .64 120 0\n"
            "gpr    s0  .64 128 0\n"
            "gpr    s1  .64 136 0\n"
            "gpr    s2  .64 144 0\n"
            "gpr    s3  .64 152 0\n"
            "gpr    s4  .64 160 0\n"
            "gpr    s5  .64 168 0\n"
            "gpr    s6  .64 176 0\n"
            "gpr    s7  .64 184 0\n"
            "gpr    t8  .64 192 0\n"
            "gpr    t9  .64 200 0\n"
            "gpr    k0  .64 208 0\n"
            "gpr    k1  .64 216 0\n"
            "gpr    gp  .64 224 0\n"
            "gpr    sp  .64 232 0\n"
            "gpr    fp  .64 240 0\n"
            "gpr    ra  .64 248 0\n"
            "gpr    pc  .64 256 0\n"
            "gpr    hi  .64 264 0\n"
            "gpr    lo  .64 272 0\n"
            "gpr    t   .64 280 0\n";
        break;
    }
    return p ? strdup(p) : NULL;
}

References rz_analysis_t::bits, NULL, p, and strdup().

op_fillval()

static void op_fillval ( RzAnalysis *  analysis, RzAnalysisOp *  op, csh *  handle, cs_insn *  insn  )

static

Definition at line 618 of file analysis_mips_cs.c.

                                                                                           {
    static RzRegItem reg;
    switch (op->type & RZ_ANALYSIS_OP_TYPE_MASK) {
    case RZ_ANALYSIS_OP_TYPE_LOAD:
        if (OPERAND(1).type == MIPS_OP_MEM) {
            ZERO_FILL(reg);
            op->src[0] = rz_analysis_value_new();
            op->src[0]->type = RZ_ANALYSIS_VAL_MEM;
            op->src[0]->reg = ®
            parse_reg_name(op->src[0]->reg, *handle, insn, 1);
            op->src[0]->delta = OPERAND(1).mem.disp;
        }
        break;
    case RZ_ANALYSIS_OP_TYPE_STORE:
        if (OPERAND(1).type == MIPS_OP_MEM) {
            ZERO_FILL(reg);
            op->dst = rz_analysis_value_new();
            op->dst->type = RZ_ANALYSIS_VAL_MEM;
            op->dst->reg = ®
            parse_reg_name(op->dst->reg, *handle, insn, 1);
            op->dst->delta = OPERAND(1).mem.disp;
        }
        break;
    case RZ_ANALYSIS_OP_TYPE_SHL:
    case RZ_ANALYSIS_OP_TYPE_SHR:
    case RZ_ANALYSIS_OP_TYPE_SAR:
    case RZ_ANALYSIS_OP_TYPE_XOR:
    case RZ_ANALYSIS_OP_TYPE_SUB:
    case RZ_ANALYSIS_OP_TYPE_AND:
    case RZ_ANALYSIS_OP_TYPE_ADD:
    case RZ_ANALYSIS_OP_TYPE_OR:
        SET_SRC_DST_3_REG_OR_IMM(op);
        break;
    case RZ_ANALYSIS_OP_TYPE_MOV:
        SET_SRC_DST_3_REG_OR_IMM(op);
        break;
    case RZ_ANALYSIS_OP_TYPE_DIV: // UDIV
#if 0
capstone bug
------------
    $ r2 -a mips -e cfg.bigendian=1 -c "wx 0083001b" -
    // should be 3 regs, right?
    [0x00000000]> aoj~{}
    [
      {
        "opcode": "divu zero, a0, v1",
        "disasm": "divu zero, a0, v1",
        "mnemonic": "divu",
        "sign": false,
        "prefix": 0,
        "id": 192,
        "opex": {
          "operands": [
        {
          "type": "reg",
          "value": "a0"
        },
        {
          "type": "reg",
          "value": "v1"
        }
          ]
        },
#endif
        if (OPERAND(0).type == MIPS_OP_REG && OPERAND(1).type == MIPS_OP_REG && OPERAND(2).type == MIPS_OP_REG) {
            SET_SRC_DST_3_REGS(op);
        } else if (OPERAND(0).type == MIPS_OP_REG && OPERAND(1).type == MIPS_OP_REG) {
            SET_SRC_DST_2_REGS(op);
        } else {
            RZ_LOG_ERROR("mips: unknown div opcode at 0x%08" PFMT64x "\n", op->addr);
        }
        break;
    }
    if (insn && (insn->id == MIPS_INS_SLTI || insn->id == MIPS_INS_SLTIU)) {
        SET_SRC_DST_3_IMM(op);
    }
}

References a, c, e, handle, MIPS_INS_SLTI, MIPS_INS_SLTIU, MIPS_OP_MEM, MIPS_OP_REG, OPERAND, parse_reg_name(), PFMT64x, r2, reg, RZ_ANALYSIS_OP_TYPE_ADD, RZ_ANALYSIS_OP_TYPE_AND, RZ_ANALYSIS_OP_TYPE_DIV, RZ_ANALYSIS_OP_TYPE_LOAD, RZ_ANALYSIS_OP_TYPE_MASK, RZ_ANALYSIS_OP_TYPE_MOV, RZ_ANALYSIS_OP_TYPE_OR, RZ_ANALYSIS_OP_TYPE_SAR, RZ_ANALYSIS_OP_TYPE_SHL, RZ_ANALYSIS_OP_TYPE_SHR, RZ_ANALYSIS_OP_TYPE_STORE, RZ_ANALYSIS_OP_TYPE_SUB, RZ_ANALYSIS_OP_TYPE_XOR, RZ_ANALYSIS_VAL_MEM, rz_analysis_value_new(), RZ_LOG_ERROR, SET_SRC_DST_2_REGS, SET_SRC_DST_3_IMM, SET_SRC_DST_3_REG_OR_IMM, SET_SRC_DST_3_REGS, type, and ZERO_FILL.

Referenced by analop().

opex()

static void opex ( RzStrBuf *  buf, csh  handle, cs_insn *  insn  )

static

Definition at line 127 of file analysis_mips_cs.c.

                                                           {
    int i;
    PJ *pj = pj_new();
    if (!pj) {
        return;
    }
    pj_o(pj);
    pj_ka(pj, "operands");
    cs_mips *x = &insn->detail->mips;
    for (i = 0; i < x->op_count; i++) {
        cs_mips_op *op = x->operands + i;
        pj_o(pj);
        switch (op->type) {
        case MIPS_OP_REG:
            pj_ks(pj, "type", "reg");
            pj_ks(pj, "value", cs_reg_name(handle, op->reg));
            break;
        case MIPS_OP_IMM:
            pj_ks(pj, "type", "imm");
            pj_kN(pj, "value", op->imm);
            break;
        case MIPS_OP_MEM:
            pj_ks(pj, "type", "mem");
            if (op->mem.base != MIPS_REG_INVALID) {
                pj_ks(pj, "base", cs_reg_name(handle, op->mem.base));
            }
            pj_kN(pj, "disp", op->mem.disp);
            break;
        default:
            pj_ks(pj, "type", "invalid");
            break;
        }
        pj_end(pj); /* o operand */
    }
    pj_end(pj); /* a operands */
    pj_end(pj);
 
    rz_strbuf_init(buf);
    rz_strbuf_append(buf, pj_string(pj));
    pj_free(pj);
}

References cs_reg_name(), handle, i, MIPS_OP_IMM, MIPS_OP_MEM, MIPS_OP_REG, MIPS_REG_INVALID, pj_end(), pj_free(), pj_ka(), pj_kN(), pj_ks(), pj_new(), pj_o(), pj_string(), rz_strbuf_append(), rz_strbuf_init(), and x.

Referenced by analop().

parse_reg_name()

static int parse_reg_name ( RzRegItem *  reg, csh  handle, cs_insn *  insn, int  reg_num  )

static

Definition at line 600 of file analysis_mips_cs.c.

                                                                                  {
    if (!reg) {
        return -1;
    }
    switch (OPERAND(reg_num).type) {
    case MIPS_OP_REG:
        reg->name = (char *)cs_reg_name(handle, OPERAND(reg_num).reg);
        break;
    case MIPS_OP_MEM:
        if (OPERAND(reg_num).mem.base != MIPS_REG_INVALID) {
            reg->name = (char *)cs_reg_name(handle, OPERAND(reg_num).mem.base);
        }
    default:
        break;
    }
    return 0;
}

References cs_reg_name(), handle, MIPS_OP_MEM, MIPS_OP_REG, MIPS_REG_INVALID, OPERAND, reg, and type.

Referenced by op_fillval().

set_opdir()

static void set_opdir ( RzAnalysisOp *  op )

static

Definition at line 696 of file analysis_mips_cs.c.

                                        {
    switch (op->type & RZ_ANALYSIS_OP_TYPE_MASK) {
    case RZ_ANALYSIS_OP_TYPE_LOAD:
        op->direction = RZ_ANALYSIS_OP_DIR_READ;
        break;
    case RZ_ANALYSIS_OP_TYPE_STORE:
        op->direction = RZ_ANALYSIS_OP_DIR_WRITE;
        break;
    case RZ_ANALYSIS_OP_TYPE_LEA:
        op->direction = RZ_ANALYSIS_OP_DIR_REF;
        break;
    case RZ_ANALYSIS_OP_TYPE_CALL:
    case RZ_ANALYSIS_OP_TYPE_JMP:
    case RZ_ANALYSIS_OP_TYPE_UJMP:
    case RZ_ANALYSIS_OP_TYPE_UCALL:
        op->direction = RZ_ANALYSIS_OP_DIR_EXEC;
        break;
    default:
        break;
    }
}

References RZ_ANALYSIS_OP_DIR_EXEC, RZ_ANALYSIS_OP_DIR_READ, RZ_ANALYSIS_OP_DIR_REF, RZ_ANALYSIS_OP_DIR_WRITE, RZ_ANALYSIS_OP_TYPE_CALL, RZ_ANALYSIS_OP_TYPE_JMP, RZ_ANALYSIS_OP_TYPE_LEA, RZ_ANALYSIS_OP_TYPE_LOAD, RZ_ANALYSIS_OP_TYPE_MASK, RZ_ANALYSIS_OP_TYPE_STORE, RZ_ANALYSIS_OP_TYPE_UCALL, and RZ_ANALYSIS_OP_TYPE_UJMP.

Referenced by analop().

Variable Documentation

rizin_plugin

RZ_API RzLibStruct rizin_plugin

Initial value:

= {
    .type = RZ_LIB_TYPE_ANALYSIS,
    .data = &rz_analysis_plugin_mips_cs,
    .version = RZ_VERSION
}

Definition at line 1226 of file analysis_mips_cs.c.

rz_analysis_plugin_mips_cs

RzAnalysisPlugin rz_analysis_plugin_mips_cs

Initial value:

= {
    .name = "mips",
    .desc = "Capstone MIPS analyzer",
    .license = "BSD",
    .esil = true,
    .arch = "mips",
    .get_reg_profile = get_reg_profile,
    .archinfo = archinfo,
    .preludes = analysis_preludes,
    .bits = 16 | 32 | 64,
    .op = &analop,
}

Definition at line 1212 of file analysis_mips_cs.c.

t9_pre

ut64 t9_pre = UT64_MAX

static

Definition at line 9 of file analysis_mips_cs.c.

Referenced by analop().