Ghidra: sleigh compiling bitrange definition generate broken xml (in sla file)

Created on 5 Jun 2019  路  2Comments  路  Source: NationalSecurityAgency/ghidra

Describe the bug
Compiling a slaspec that contain a bitrange definition produce a broken sla file.

To Reproduce
Using the test.slaspec in the attached zip file:

  • Compile it using sleigh.
  • inspect the generated sla file. Note that it will contain something like this
<end_sym_head name="inst_next" id="0x2" scope="0x0"/>
<varnode_sym_head name="statusreg" id="0x3" scope="0x0"/>
 name="zf" id="0x4" scope="0x0" name="cf" id="0x5" scope="0x0" name="sf" id="0x6" scope="0x0"<value_sym_head name="opcode" id="0x7" scope="0x0"/>
<subtable_sym name="instruction" id="0x0" scope="0x0" numct="1">
<constructor parent="0x0" first="1" length="2" line="20">
<print piece="test"/>

Expected behavior
Generate a valid sla file.

Possible Cause
The class BitrangeSymbol not override most of the functions of the class SleighSymbol.

Attachments
test.zip.

Environment:

  • OS: macOS 10.14.5
  • openjdk: 12
  • Ghidra Version: 9.0.4
Sleigh Bug
Source
picture comewel
👍1

Most helpful comment

Just ran into this myself. I'll take a look later this week/maybe this weekend at the codebase to try and figure out what exactly is different in the XML generator for this case. In the meantime, recommend working around it using precompiler macros, i.e. 

@define IE_flag     "PSW[7,1]"  # Interrupt Enable (IE)
@define Z_flag      "PSW[6,1]"  # Zero Flag (Z)
@define RBS1_flag   "PSW[5,1]"  # Register Bank Select Hi-Bit (RBS1)
@define AC_flag     "PSW[4,1]"  # Auxiliary Carry Flag (AC)
@define RBS0_flag   "PSW[3,1]"  # Register Bank Select Lo-Bit (RBS0)
@define ISP1_flag   "PSW[2,1]"  # In-service priority flag Hi-Bit (ISP1)
@define ISP0_flag   "PSW[1,1]"  # In-service priority flag Lo-Bit (ISP0)
@define CY_flag     "PSW[0,1]"  # Carry flag (CY)

This is grabbed from a .slaspec file I'm working on. It works well for me, generates bitslices without having to encode the lookup of the status register at each point. It's not great, but it should get the job done until the bug is fixed.

picture hedgeberg on 11 Jul 2019
👍4

All 2 comments

I confirm this bug on Linux, any news?

erpalma picture erpalma on 25 Jun 2019

Just ran into this myself. I'll take a look later this week/maybe this weekend at the codebase to try and figure out what exactly is different in the XML generator for this case. In the meantime, recommend working around it using precompiler macros, i.e. 

@define IE_flag     "PSW[7,1]"  # Interrupt Enable (IE)
@define Z_flag      "PSW[6,1]"  # Zero Flag (Z)
@define RBS1_flag   "PSW[5,1]"  # Register Bank Select Hi-Bit (RBS1)
@define AC_flag     "PSW[4,1]"  # Auxiliary Carry Flag (AC)
@define RBS0_flag   "PSW[3,1]"  # Register Bank Select Lo-Bit (RBS0)
@define ISP1_flag   "PSW[2,1]"  # In-service priority flag Hi-Bit (ISP1)
@define ISP0_flag   "PSW[1,1]"  # In-service priority flag Lo-Bit (ISP0)
@define CY_flag     "PSW[0,1]"  # Carry flag (CY)

This is grabbed from a .slaspec file I'm working on. It works well for me, generates bitslices without having to encode the lookup of the status register at each point. It's not great, but it should get the job done until the bug is fixed.

hedgeberg picture hedgeberg on 11 Jul 2019
👍4
Was this page helpful?
0 / 5 - 0 ratings

Related issues

gemini00 picture gemini00  路  3Comments
tambry picture tambry  路  3Comments
rrivera1849 picture rrivera1849  路  3Comments
forkoz picture forkoz  路  3Comments
huettenhain picture huettenhain  路  3Comments