Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Hexagon asm and analysis plugins #1614

Merged
merged 2 commits into from
Nov 27, 2021
Merged

Update Hexagon asm and analysis plugins #1614

merged 2 commits into from
Nov 27, 2021

Conversation

Rot127
Copy link
Member

@Rot127 Rot127 commented Sep 7, 2021

Replaces #1338

Your checklist for this pull request

  • I've read the guidelines for contributing to this repository
  • I made sure to follow the project's coding style
  • I've added tests that prove my fix is effective or that my feature works (if possible)
  • I've updated the documentation and the rizin book with the relevant information (if needed)

Detailed description

Updates Hexagon analysis and asm plugin.

Supports

  • Add asm support for v5-v68 and HVX instructions
    • Recognize instruction packets.
  • Basic analysis support
    • set instruction type (return, call, jumps hardware loop etc.)
    • Enables search for immediate operands.
  • Patching of relocs

Not yet implemented

Test plan

See test files.

Closing issues

closes rizinorg/rz-hexagon#13
closes rizinorg/rz-hexagon#15
closes rizinorg/rz-hexagon#17
closes rizinorg/rz-hexagon#18
closes rizinorg/rz-hexagon#19
closes rizinorg/rz-hexagon#21
closes rizinorg/rz-hexagon#22
closes rizinorg/rz-hexagon#24

@Rot127
Copy link
Member Author

Rot127 commented Sep 8, 2021

I have absolutely no idea what the cause of the failing test is. I just created a VM and built rizin as the ubuntu-tcc-test Action does it. Basically copied and pasted the commands to build TinyCC and meson.

All tests succeeded. No error.

The only difference is, that I use a debian-10 in the VM. No Ubuntu. Unfortunately I can't install a Ubuntu VM at the moment and my enthusiasm debugging it is meanwhile really low also.

Do you have any advice how to proceed?

Just in case I'm a blockhead. The commands I compiled rizin with TinyCC:

git clone https://repo.or.cz/tinycc.git
cd tinycc
#git checkout mob
# Well-tested commit
git checkout 675046bd59bc6977bb2016c7d2e115ace8a6ae6c
chmod +x ./configure
./configure --prefix=/usr
make
sudo make install
sudo apt-get --assume-yes install python3-wheel python3-setuptools python3-pip
sudo python3 -m pip install ninja
git clone https://github.com/ret2libc/meson.git
cd meson
git checkout tiny-cc
python3 setup.py build
sudo python3 setup.py install
cd ~
git clone https://github.com/Rot127/rizin.git
cd ~/rizin/
git checkout Hexagon
env CC=tcc meson --prefix=/usr build
ninja -C build && sudo ninja -C build install
mkdir -p test/bins/elf/analysis/
cd test/bins/elf/analysis/
wget https://raw.githubusercontent.com/rizinorg/rizin-testbins/master/elf/analysis/hexagon-hello-loop
cd ~/rizin
rz-test test/db/analysis/hexagon 

Running from /home/user/rizin/test
Loaded 3 tests.
Skipping json tests because jq is not available.
[3/3]                       3 OK         0 BR        0 XX        0 FX
Finished in 0 seconds.

@Rot127
Copy link
Member Author

Rot127 commented Sep 11, 2021

So I ran the tests on an Ubuntu 20.04.3 LTS VM and they succeeded. It must be something with Github Actions than.

@wargio
Copy link
Member

wargio commented Sep 11, 2021

So I ran the tests on an Ubuntu 20.04.3 LTS VM and they succeeded. It must be something with Github Actions than.

also with tinycc?

@Rot127
Copy link
Member Author

Rot127 commented Sep 11, 2021

Oh, I was stupid. Sorry.
Ran meson --prefix=/usr build instead of env CC=tcc meson --prefix=/usr build.
Now the tests fail.

Will debug it once I have more time.

Copy link
Member

@ret2libc ret2libc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't really followed here... but if @wargio things is good, I'm ok to merge this as it is anyway quite confined to hexagon code. Please address just this thing first.

librz/bin/p/bin_elf.inc Outdated Show resolved Hide resolved
Copy link
Member

@XVilka XVilka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks good. What bothers me - why you don't use predicates? They are pretty important.
Also, for relocations - could you please add a test specifically for relocations? Like it's done in https://github.com/rizinorg/rizin/pull/1699/files#diff-815fd301b119045a3c4aef6ecbb05174a1d997c1c43cf2b65d4a461ea57bd7b4R114
So for every different type of relocation you implemented, if it's in the test binary - print bytes, print instruction. It's recommended to cross-check your results against readelf, objdump, IDA Pro, Binary Ninja, Ghidra.

Good job!

librz/analysis/p/analysis_hexagon.c Outdated Show resolved Hide resolved
librz/analysis/arch/hexagon/hexagon_analysis.h Outdated Show resolved Hide resolved
librz/asm/arch/hexagon/hexagon.c Outdated Show resolved Hide resolved
librz/asm/arch/hexagon/hexagon.c Outdated Show resolved Hide resolved
librz/asm/arch/hexagon/hexagon.h Outdated Show resolved Hide resolved
librz/asm/arch/hexagon/hexagon.h Show resolved Hide resolved
librz/bin/p/bin_elf.inc Outdated Show resolved Hide resolved
librz/bin/p/bin_elf.inc Outdated Show resolved Hide resolved
@Rot127
Copy link
Member Author

Rot127 commented Sep 29, 2021

@XVilka

Good job!

Thank you. I really appreciate the work you guys put into reviewing this.

What bothers me - why you don't use predicates? They are pretty important.

I quite frankly forgot about them. Will start with the implementation today.

Can you give me a hint where rizin uses this information? I can't find a member in RzAnalysisOp which represents predicates properly. But maybe my understanding is limited.

It's recommended to cross-check your results against readelf, objdump, IDA Pro, Binary Ninja, Ghidra.

Tool comment
objdump I checked the disassembly and analysis test against the SDKs objdump. And actively advice it in the test documentation in the rz-hexagon docs.
IDA Pro I can't effort a license for IDA Pro, therefore not test against it. That's the reason why I started developing the Hexagon plugin for rizin in the first place.
Binary Ninja Same like IDA Pro. I can't effort a license and the demos can't load the Hexagon plugin.
Ghidra Ghidra does not support the Hexagon architecture yet.

The problem for me is, that tests implementations need a lot of time which I currently not have (e.g. compiling HVX code with the SDK is buggy, building a ELF binary with all implemented relocations is quite hard, as I just start learning about relocations details etc.).
At the moment I can, unfortunately, only promise that I will add them gradually once I use it more myself. For me it is absolutely fine if this PR is not merged yet for this reason. The plugin will be under development at least for the next 5-6 months anyways.

@Rot127
Copy link
Member Author

Rot127 commented Sep 29, 2021

Almost forgot. Testing the reloc patching is quite hard at the moment since the rebasing is so broken.

@XVilka
Copy link
Member

XVilka commented Sep 29, 2021

@Rot127 do you mean this one? #1661
cc @ret2libc

@Rot127
Copy link
Member Author

Rot127 commented Sep 29, 2021

@Rot127 do you mean this one? #1661

Yes. It does correctly patch if the binary is loaded with rizin -m <baddr>. But because of #1661 and building a binary which uses all implemented relocations is quite time consuming I postponed the tests.

librz/bin/p/bin_elf.inc Outdated Show resolved Hide resolved
@github-actions github-actions bot added the ELF label Sep 29, 2021
librz/include/rz_bin.h Outdated Show resolved Hide resolved
@XVilka
Copy link
Member

XVilka commented Sep 30, 2021

Please also rebase on top of the latest dev to resolve the conflicts.

@Rot127
Copy link
Member Author

Rot127 commented Oct 4, 2021

TinyCC build test fails because of rizinorg/rz-hexagon#24.
Besides, tcc-builds fail on real world binaries. The static variables get always incorrectly set. But I can't find the issue.

It seems to me that this is a pretty annoying tcc bug. Do you have any advice how to proceed with this? Guess it can't be merged if it does not work with tcc?

@thestr4ng3r
Copy link
Member

Hmm I see. What about, instead of generating code for each property, generating a lookup table in C for some properties? That would shift a bit of the work to the runtime, but probably also compress the entire thing a bit.
By the way, what is the code size after the file has been compiled?

@Rot127
Copy link
Member Author

Rot127 commented Oct 31, 2021

By the way, what is the code size after the file has been compiled?

ls -l for ./build/librz/analysis/librz_analysis.a.p/.._asm_arch_hexagon_hexagon_disas.c.o gives me:

compiler target size
tcc x86_64 5.3M
gcc x86_64 1.9M
clang aarch64 1.4M

@Rot127
Copy link
Member Author

Rot127 commented Oct 31, 2021

What about, instead of generating code for each property, generating a lookup table in C for some properties?

Mh, I will ponder about this a bit. But for now I will remove unnecessary function calls from it (~3 per instruction). This should drive the memory usage of gcc down quite a bit.

@thestr4ng3r Just in case you have time and want to take a quick look at it yourself, in librz/asm/arch/hexagon/hexagon_disas.c @ line 56088 is an instruction which is pretty complex and has a lot of assignments. Maybe you see something right away.

@Rot127
Copy link
Member Author

Rot127 commented Nov 10, 2021

It's weird. But I no longer get the problem with >4gb memory usage of gcc (top shows something around 16MB).
So if you like, you can review it.

@XVilka
Copy link
Member

XVilka commented Nov 25, 2021

There are a lot of unrelated changes. Thus, I propose:

  1. Squash all commits into one - this way rebasing should be easier
  2. Rebase on top of the latest dev
  3. Fix clang-format warning:
Ubuntu clang-format version 13.0.1-++20211110063012+9dc7d6d5e326-1~exp1~20211110183538.22
librz/asm/arch/hexagon/hexagon_disas.c:18:26: error: code should be clang-formatted [-Wclang-format-violations]
#include "hexagon_arch.h"
                         ^

@Rot127 Rot127 force-pushed the Hexagon branch 2 times, most recently from cb564e0 to 2c00b89 Compare November 26, 2021 13:33
Copy link
Member

@XVilka XVilka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to merge. Please use the better commit name when merging.

…gin design to monolithic; Basic ELF-reloc patching.

- Update instruction set to v5-v67 + HVX.
- Introduce monolithic plugin architecture to reverse opcodes in the same functions.
  - Analysis and Asm functionality was previously seperated and let to inconsistensies and incorrectly reversed opcodes.
- Add missing system instructions and registers.
- Enable search for immediates.
- Mark packets of instructions.
- Set more analysis data in RzAnalysisOp.
- Add basic ELF-reloc patching.
- Fix several disassembly and analysis bugs.
  - Jumps were not aligned to packet begin.
  - Endloop packets were not marked as such.
  - Rs.New registers were incorrectly disassembled.
  - Calling convention was out of date.
- Add several formatting configs for the produced disassembly.
  - Dis/Enable UTF-8.
  - Print or omit # prefix of immediates.
  - Print signed immediates with signe or as unsigned integers.
@XVilka
Copy link
Member

XVilka commented Nov 26, 2021

Merge if #2033 is green (excluding the known debug test ASAN failure)

@XVilka
Copy link
Member

XVilka commented Nov 26, 2021

Fails to build on Windows AppVeyor:

FAILED: librz/asm/librz_asm.a.p/arch_hexagon_hexagon_arch.c.obj 
"cl" "-Ilibrz/asm\librz_asm.a.p" "-I." "-I.." "-I..\librz\include" "-Ishlr" "-I..\shlr" "-I..\librz\asm\arch\include" "-I..\librz\asm\arch" "-I..\librz\asm\arch\h8300" "-I..\librz\asm\arch\hexagon" "-I..\librz\asm\arch\msp430" "-I..\librz\asm\arch\rsp" "-I..\librz\asm\arch\mcore" "-I..\librz\asm\arch\v850" "-I..\librz\asm\arch\propeller" "-I..\librz\asm\arch\ebc" "-I..\librz\asm\arch\cr16" "-I..\librz\asm\arch\8051" "-I..\librz\asm\arch\v810" "-I..\librz\asm\arch\or1k" "-Isubprojects\sdb" "-I..\subprojects\sdb" "-Isubprojects\sdb\src" "-I..\subprojects\sdb\src" "-I..\librz\bin\format" "-I..\subprojects\capstone-bundled\include" "-I..\subprojects\capstone-bundled\include\capstone" "-I..\shlr\spp" "/MT" "/nologo" "/showIncludes" "/utf-8" "/W2" "/O2" "/Gw" "-DRZ_PLUGIN_INCORE=1" "/Fdlibrz/asm\librz_asm.a.p\arch_hexagon_hexagon_arch.c.pdb" /Folibrz/asm/librz_asm.a.p/arch_hexagon_hexagon_arch.c.obj "/c" ../librz/asm/arch/hexagon/hexagon_arch.c
../librz/asm/arch/hexagon/hexagon_arch.c(613): error C2375: 'hex_extend_op': redefinition; different linkage
c:\projects\rizin\librz\asm\arch\hexagon\hexagon.h(550): note: see declaration of 'hex_extend_op'
[1116/1727] Compiling C object librz/asm/librz_asm.a.p/arch_h8300_h8300_disas.c.obj
[1117/1727] Compiling C object librz/asm/librz_asm.a.p/arch_hexagon_hexagon_disas.c.obj
ninja: build stopped: subcommand failed.

https://ci.appveyor.com/project/rizinorg/rizin/builds/41680793/job/6m3ufxlgdbrqrbi0

@XVilka
Copy link
Member

XVilka commented Nov 26, 2021

Failing test with ASAN:



[XX] db/analysis/hexagon hexagon jumps
RZ_NOPLUGINS=1 rizin -escr.utf8=0 -escr.color=0 -escr.interactive=0 -N -Qc 'b 0x100000
e analysis.jmp.cref=true
s sym.main
aaa
afx
' bins/elf/analysis/hexagon-hello-loop
-- stdout
--- expected
+++ actual
@@ -5,3 +5,7 @@
 C 0x0000513c -> 0x000050f8 [   call sym.pWorld
 c 0x00005140 -> 0x00005144 [   jump 0x5144
 c 0x00005150 -> 0x00005128 ?   jump 0x5128
+WARNING: rz_reg_set_value: assertion 'reg && item' failed (line 145)
+WARNING: rz_reg_set_value: assertion 'reg && item' failed (line 145)
+WARNING: rz_reg_set_value: assertion 'reg && item' failed (line 145)
+WARNING: rz_reg_set_value: assertion 'reg && item' failed (line 145)

-- stderr
Cannot determine entrypoint, using 0x00005000.
[ ] Analyze all flags starting with sym. and entry0 (aa)

@Rot127
Copy link
Member Author

Rot127 commented Nov 27, 2021

6942f6c should fix the Windows build.

@XVilka XVilka merged commit 26103ee into rizinorg:dev Nov 27, 2021
@XVilka
Copy link
Member

XVilka commented Nov 27, 2021

The other PR was green.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants