This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
llvm/
-
lib/Target/PowerPC/
-
Target/
-
PowerPC/
-
Disassembler/
-
PPCDisassembler.cpp
-
PPCRegisterInfo.td
-
test/MC/Disassembler/PowerPC/
-
MC/
-
Disassembler/
-
PowerPC/
-
ppc64-encoding-ISA31-invalid.txt

Differential D140245

[PowerPC] Don't crash when disassembling invalid immediate
ClosedPublic

Authored by nemanjai on Dec 16 2022, 1:49 PM.

Download Raw Diff

Details

Reviewers

Group Reviewers

Restricted Project

Summary

There is an assert in the disassembler functions to ensure that the immediate is the appropriate width. However, sometimes what is being disassembled is not instructions but data that happens to have the bit pattern of an existing instruction but invalid operands. It is valid for such things to exist in the text section so we don't want to crash when disassembling such a thing.

This patch removes the asserts and produces a disassembler failure for such cases.

Diff Detail

Repository: rG LLVM Github Monorepo

Unit TestsFailed

	Time	Test
	60,030 ms	x64 debian > libFuzzer.libFuzzer::minimize_crash.test

Event Timeline

nemanjai created this revision.Dec 16 2022, 1:49 PM

Herald added a project: Restricted Project. · View Herald TranscriptDec 16 2022, 1:49 PM

Herald added subscribers: shchenz, kbarton, hiraditya. · View Herald Transcript

nemanjai requested review of this revision.Dec 16 2022, 1:49 PM

Herald added a project: Restricted Project. · View Herald TranscriptDec 16 2022, 1:49 PM

AFAIK values >12 are all invalid, not only those that are >15. This instruction and the one which inserts elements need custom decoder for their operands. Other changes are unnecessary.
But let's see what PPC guys say.

In D140245#4002642, @barannikov88 wrote:

AFAIK values >12 are all invalid, not only those that are >15. This instruction and the one which inserts elements need custom decoder for their operands. Other changes are unnecessary.
But let's see what PPC guys say.

Thank you for your comment. However, I must clarify. Values larger than 12 produce undefined results, but they are not invalid. The instruction xxinsertw vs1, vs2, 14 is not an illegal instruction - although it does produce undefined results.

Harbormaster completed remote builds in B203713: Diff 483660.Dec 16 2022, 4:49 PM

LGTM

This revision is now accepted and ready to land.Feb 2 2023, 9:06 AM

Committed in https://reviews.llvm.org/rGc86f8d4276ae

Revision Contents

Path

Size

llvm/

lib/

Target/

PowerPC/

Disassembler/

PPCDisassembler.cpp

6 lines

PPCRegisterInfo.td

4 lines

test/

MC/

Disassembler/

PowerPC/

ppc64-encoding-ISA31-invalid.txt

4 lines

Diff 483660

llvm/lib/Target/PowerPC/Disassembler/PPCDisassembler.cpp

	Show First 20 Lines • Show All 233 Lines • ▼ Show 20 Lines

	#define DecodeQSRCRegisterClass DecodeQFRCRegisterClass			#define DecodeQSRCRegisterClass DecodeQFRCRegisterClass
	#define DecodeQBRCRegisterClass DecodeQFRCRegisterClass			#define DecodeQBRCRegisterClass DecodeQFRCRegisterClass

	template <unsigned N>			template <unsigned N>
	static DecodeStatus decodeUImmOperand(MCInst &Inst, uint64_t Imm,			static DecodeStatus decodeUImmOperand(MCInst &Inst, uint64_t Imm,
	int64_t Address,			int64_t Address,
	const MCDisassembler *Decoder) {			const MCDisassembler *Decoder) {
	assert(isUInt<N>(Imm) && "Invalid immediate");			if (!isUInt<N>(Imm))
				return MCDisassembler::Fail;
	Inst.addOperand(MCOperand::createImm(Imm));			Inst.addOperand(MCOperand::createImm(Imm));
	return MCDisassembler::Success;			return MCDisassembler::Success;
	}			}

	template <unsigned N>			template <unsigned N>
	static DecodeStatus decodeSImmOperand(MCInst &Inst, uint64_t Imm,			static DecodeStatus decodeSImmOperand(MCInst &Inst, uint64_t Imm,
	int64_t Address,			int64_t Address,
	const MCDisassembler *Decoder) {			const MCDisassembler *Decoder) {
	assert(isUInt<N>(Imm) && "Invalid immediate");			if (!isUInt<N>(Imm))
				return MCDisassembler::Fail;
	Inst.addOperand(MCOperand::createImm(SignExtend64<N>(Imm)));			Inst.addOperand(MCOperand::createImm(SignExtend64<N>(Imm)));
	return MCDisassembler::Success;			return MCDisassembler::Success;
	}			}

	static DecodeStatus decodeImmZeroOperand(MCInst &Inst, uint64_t Imm,			static DecodeStatus decodeImmZeroOperand(MCInst &Inst, uint64_t Imm,
	int64_t Address,			int64_t Address,
	const MCDisassembler *Decoder) {			const MCDisassembler *Decoder) {
	if (Imm != 0)			if (Imm != 0)
	▲ Show 20 Lines • Show All 242 Lines • Show Last 20 Lines

llvm/lib/Target/PowerPC/PPCRegisterInfo.td

	Show First 20 Lines • Show All 542 Lines • ▼ Show 20 Lines

	def PPCU1ImmAsmOperand : AsmOperandClass {			def PPCU1ImmAsmOperand : AsmOperandClass {
	let Name = "U1Imm"; let PredicateMethod = "isU1Imm";			let Name = "U1Imm"; let PredicateMethod = "isU1Imm";
	let RenderMethod = "addImmOperands";			let RenderMethod = "addImmOperands";
	}			}
	def u1imm : Operand<i32> {			def u1imm : Operand<i32> {
	let PrintMethod = "printU1ImmOperand";			let PrintMethod = "printU1ImmOperand";
	let ParserMatchClass = PPCU1ImmAsmOperand;			let ParserMatchClass = PPCU1ImmAsmOperand;
				let DecoderMethod = "decodeUImmOperand<1>";
	let OperandType = "OPERAND_IMMEDIATE";			let OperandType = "OPERAND_IMMEDIATE";
	}			}

	def PPCU2ImmAsmOperand : AsmOperandClass {			def PPCU2ImmAsmOperand : AsmOperandClass {
	let Name = "U2Imm"; let PredicateMethod = "isU2Imm";			let Name = "U2Imm"; let PredicateMethod = "isU2Imm";
	let RenderMethod = "addImmOperands";			let RenderMethod = "addImmOperands";
	}			}
	def u2imm : Operand<i32> {			def u2imm : Operand<i32> {
	let PrintMethod = "printU2ImmOperand";			let PrintMethod = "printU2ImmOperand";
	let ParserMatchClass = PPCU2ImmAsmOperand;			let ParserMatchClass = PPCU2ImmAsmOperand;
				let DecoderMethod = "decodeUImmOperand<2>";
	let OperandType = "OPERAND_IMMEDIATE";			let OperandType = "OPERAND_IMMEDIATE";
	}			}

	def PPCATBitsAsHintAsmOperand : AsmOperandClass {			def PPCATBitsAsHintAsmOperand : AsmOperandClass {
	let Name = "ATBitsAsHint"; let PredicateMethod = "isATBitsAsHint";			let Name = "ATBitsAsHint"; let PredicateMethod = "isATBitsAsHint";
	let RenderMethod = "addImmOperands"; // Irrelevant, predicate always fails.			let RenderMethod = "addImmOperands"; // Irrelevant, predicate always fails.
	}			}
	def atimm : Operand<i32> {			def atimm : Operand<i32> {
	let PrintMethod = "printATBitsAsHint";			let PrintMethod = "printATBitsAsHint";
	let ParserMatchClass = PPCATBitsAsHintAsmOperand;			let ParserMatchClass = PPCATBitsAsHintAsmOperand;
	let OperandType = "OPERAND_IMMEDIATE";			let OperandType = "OPERAND_IMMEDIATE";
	}			}

	def PPCU3ImmAsmOperand : AsmOperandClass {			def PPCU3ImmAsmOperand : AsmOperandClass {
	let Name = "U3Imm"; let PredicateMethod = "isU3Imm";			let Name = "U3Imm"; let PredicateMethod = "isU3Imm";
	let RenderMethod = "addImmOperands";			let RenderMethod = "addImmOperands";
	}			}
	def u3imm : Operand<i32> {			def u3imm : Operand<i32> {
	let PrintMethod = "printU3ImmOperand";			let PrintMethod = "printU3ImmOperand";
	let ParserMatchClass = PPCU3ImmAsmOperand;			let ParserMatchClass = PPCU3ImmAsmOperand;
				let DecoderMethod = "decodeUImmOperand<3>";
	let OperandType = "OPERAND_IMMEDIATE";			let OperandType = "OPERAND_IMMEDIATE";
	}			}

	def PPCU4ImmAsmOperand : AsmOperandClass {			def PPCU4ImmAsmOperand : AsmOperandClass {
	let Name = "U4Imm"; let PredicateMethod = "isU4Imm";			let Name = "U4Imm"; let PredicateMethod = "isU4Imm";
	let RenderMethod = "addImmOperands";			let RenderMethod = "addImmOperands";
	}			}
	def u4imm : Operand<i32> {			def u4imm : Operand<i32> {
	let PrintMethod = "printU4ImmOperand";			let PrintMethod = "printU4ImmOperand";
	let ParserMatchClass = PPCU4ImmAsmOperand;			let ParserMatchClass = PPCU4ImmAsmOperand;
				let DecoderMethod = "decodeUImmOperand<4>";
	let OperandType = "OPERAND_IMMEDIATE";			let OperandType = "OPERAND_IMMEDIATE";
	}			}
	def PPCS5ImmAsmOperand : AsmOperandClass {			def PPCS5ImmAsmOperand : AsmOperandClass {
	let Name = "S5Imm"; let PredicateMethod = "isS5Imm";			let Name = "S5Imm"; let PredicateMethod = "isS5Imm";
	let RenderMethod = "addImmOperands";			let RenderMethod = "addImmOperands";
	}			}
	def s5imm : Operand<i32> {			def s5imm : Operand<i32> {
	let PrintMethod = "printS5ImmOperand";			let PrintMethod = "printS5ImmOperand";
	▲ Show 20 Lines • Show All 463 Lines • Show Last 20 Lines

llvm/test/MC/Disassembler/PowerPC/ppc64-encoding-ISA31-invalid.txt

	Show First 20 Lines • Show All 79 Lines • ▼ Show 20 Lines

	# pstxssp 1, -8589934592(3), 1. However, RA is not zero with R=1			# pstxssp 1, -8589934592(3), 1. However, RA is not zero with R=1
	# CHECK: warning: invalid instruction encoding			# CHECK: warning: invalid instruction encoding
	0x04 0x12 0x00 0x00 0xbc 0x23 0x00 0x00			0x04 0x12 0x00 0x00 0xbc 0x23 0x00 0x00

	# pstxv 31, 8589934591(3), 1. However, RA is not zero with R=1			# pstxv 31, 8589934591(3), 1. However, RA is not zero with R=1
	# CHECK: warning: invalid instruction encoding			# CHECK: warning: invalid instruction encoding
	0x04 0x11 0xff 0xff 0xdb 0xe3 0xff 0xff			0x04 0x11 0xff 0xff 0xdb 0xe3 0xff 0xff

				# xxextractuw 52, 30, 20 (i.e. the immediate 20 is invalid)
				# CHECK: warning: invalid instruction encoding
				0xf2 0x94 0xf2 0x95