PyVEX fails decoding ARM instruction STRHEQ

Question

PyVEX fails decoding ARM instruction STRHEQ

Closed this issue 5 years ago · 1 comments

Describe the bug.

PyVEX fails decoding ARM instruction STRHEQ， please have a look at the following code

import pyvex
import archinfo
from capstone import *
from capstone.arm import *

md = Cs(CS_ARCH_ARM, CS_MODE_ARM)
for ins in md.disasm(b"\xb4\x09\x00\x00", 0x1000):
    print("%s %s" % (ins.mnemonic, ins.op_str))      #output strheq r0, [r0], -r4


irsb = pyvex.lift(b"\xb4\x09\x00\x00", 0x1000, archinfo.arch_arm.ArchARM())
irsb.pp()

If you use pyvex to decode opcodes "\xb4\x09\x00\x00", you will ge Ijk_NoDecode

IRSB {
   
   NEXT: PUT(pc) = 0x00001000; Ijk_NoDecode
}

Environment Information.

Python3, PyVEX 8.19.10.30 (commit 99f2d0a)

To Reproduce.

Additional context.

Answer 1 · 2019-12-26T01:34:47.000Z

Hello! Your instruction is malformed and capstone is giving you an answer which may or may not be true!

Using the arm manual, this instruction matches the STRH just fine, but the addressing mode it uses (the register offset/index form in A5.3.1) indicates that bits 11-8 should be zero (SBZ) but in your instruction those bits correspond to the 9 in the second byte. Therefore, the lifter is marking the instruction as illegal.

If you have a real machine which can execute that instruction and can observe the semantics of STRHEQ happening, then I will patch the lifter to remove that check.