[X86] Incorrect explicit read/modified registers for vcmpunordss and others

Open mur47x111 opened this issue 2 years ago • 0 comments

cstool/cstool -d -s x64 "62 f1 76 08 c2 c9 03" may yield different results:

        op_count: 3
                operands[0].type: REG = k1
                operands[0].size: 2
                operands[1].type: REG = xmm1
                operands[1].size: 16
                operands[2].type: REG = xmm1
                operands[2].size: 16
...
        op_count: 3
                operands[0].type: REG = k1
                operands[0].size: 2
                operands[1].type: REG = xmm1
                operands[1].size: 16
                operands[2].type: REG = xmm1
                operands[2].size: 16
        Registers read: xmm1
...
        op_count: 3
                operands[0].type: REG = k1
                operands[0].size: 2
                operands[1].type: REG = xmm1
                operands[1].size: 16
                operands[2].type: REG = xmm1
                operands[2].size: 16
        Registers read: xmm1
        Registers modified: xmm1

This is due to incorrect operand access values specified for instructions such as vcmpunordss. IIUC, operand access values are maintained in capstone/arch/X86/X86MappingInsnOp.inc and copied to the new X86MappingInsnOp.inc generated by tablegen, see https://github.com/capstone-engine/capstone/blob/31ea133e64cb6576524e61b734681260104d0a6f/suite/synctools/mapping_insn_op.py#L100-L130. New instructions are associated with default access value { 0 }. X86IntelInstPrinter or X86ATTInstPrinter uses a stack allocated array for storing the access values. This array is never initialized and only the first element is set to 0. When requesting access value for second/third operands in such instructions, it then fetches random values stored in the un-initialized array, and thus yield random results.

Jan 23 '24 10:01 mur47x111