On 7/12/19 12:32 AM, Jan Bobek wrote:
> +sub vex($%)
> +{
> + my ($insn, %vex) = @_;
> + my $regidw = $is_x86_64 ? 4 : 3;
> +
> + # There is no point in randomizing other VEX fields, since
> + # VEX.R/.X/.B are encoded automatically by risugen_x86_asm, and
> + # VEX.M/.P are opcodes.
> + $vex{l} = randint(width => 1) ? 256 : 128 unless defined $vex{l};
VEX.L is sort-of opcode-like as well. It certainly differentiates AVX1 vs
AVX2, and so probably should be constrained somehow. I can't think of what's
the best way to do that at the moment, since our existing --xstate=foo isn't
right.
Perhaps just a FIXME comment for now?
> +sub modrm_($%)
> +{
> + my ($insn, %args) = @_;
> + my $regidw = $is_x86_64 ? 4 : 3;
> +
> + my %modrm = ();
> + if (defined $args{reg}) {
> + # This makes the config file syntax a bit more accommodating
> + # in cases where MODRM.REG is an opcode extension field.
> + $modrm{reg} = $args{reg};
> + } else {
> + $modrm{reg} = randint(width => $regidw);
> + }
> +
> + # There is also a displacement-only form, but we don't know
> + # absolute address of the memblock, so we cannot test it.
32-bit mode has displacement-only, aka absolute; 64-bit replaces that with
rip-relative. But agreed that the first is impossible to test and the second
is difficult.
> +sub modrm($%)
> +{
> + my ($insn, %args) = @_;
> + modrm_($insn, indexk => 'index', %args);
> +}
How are you avoiding %rsp as index?
I saw you die for that in the previous patch...
r~
