ARM AArch32 instruction ADD may decode wrong in ADR situation

Question

ARM AArch32 instruction ADD may decode wrong in ADR situation

yakamoz423 opened this issue 4 months ago · 3 comments

Work environment

Questions	Answers
OS/arch/bits	MSYS2 - MinGW64
Architecture	armv8
Source of Capstone	`git clone`
Version/git commit	next, `fe60b13`

Instruction bytes giving faulty results

0xe28fc600

Expected results

It should be:

ADR - A1 format

Steps to get the wrong result

With cstool:

$ 233/bin/cstool.exe -d armbe e28fc600
 0  e2 8f c6 00  add    r12, pc, #0, #12
        ID: 31 (add)
        op_count: 4
                operands[0].type: REG = r12
                operands[0].access: WRITE
                operands[1].type: REG = r15
                operands[1].access: READ
                operands[2].type: IMM = 0x0
                operands[2].access: READ
                operands[3].type: IMM = 0xc
                operands[3].access: READ
        Registers read: r15
        Registers modified: r12
        Groups: IsARM

Additional Logs, screenshots, source code, configuration dump, ...

I'm using the latest next version.

$ git log
commit fe60b1371c109288278faa06b7efb545b18ed45d (HEAD -> next, origin/next, origin/HEAD)
Author: Rot127 <45763064+Rot127@users.noreply.github.com>
Date:   Sat May 18 06:32:01 2024 +0000

    Apply #2360 to next (#2361)

Answer 1 · 2024-05-31T03:39:49.000Z

Another case:

0xe28cca24

Should be:

ADD, ADDS (immediate) - A1

But result with cstool:

 0  e2 8c ca 24  add    r12, r12, #36, #20
        ID: 31 (add)
        op_count: 4
                operands[0].type: REG = r12
                operands[0].access: WRITE
                operands[1].type: REG = r12
                operands[1].access: READ
                operands[2].type: IMM = 0x24
                operands[2].access: READ
                operands[3].type: IMM = 0x14
                operands[3].access: READ
        Registers read: r12
        Registers modified: r12
        Groups: IsARM

Got an unexpected imm op[3], which seems not be expanded (rotr op[2] by op[3]).

Answer 2 · 2024-05-31T06:19:04.000Z

This is an LLVM bug as it turns out:

echo "0x24,0xca,0x8c,0xe2,0x00,0xc6,0x8f,0xe2" | llvm-mc-19 --triple=arm --disassemble
	.text
	add	r12, r12, #36, #20
	add	r12, pc, #0, #12

Same for llvm-mc-18. Could you please open an issue with LLVM?

Answer 3 · 2024-05-31T06:49:29.000Z

This is an LLVM bug as it turns out:
echo "0x24,0xca,0x8c,0xe2,0x00,0xc6,0x8f,0xe2" | llvm-mc-19 --triple=arm --disassemble
	.text
	add	r12, r12, #36, #20
	add	r12, pc, #0, #12
Same for llvm-mc-18. Could you please open an issue with LLVM?

I post on llvm/llvm-project#93930