RzIL TriCore Support

[imbillow]

tc1.6.2

https://www.infineon.com/dgdl/Infineon-AURIX_TC3xx_Architecture_vol1-UserManual-v01_00-EN.pdf?fileId=5546d46276fb756a01771bc4c2e33bdd
https://www.infineon.com/dgdl/Infineon-AURIX_TC3xx_Architecture_vol2-UserManual-v01_00-EN.pdf?fileId=5546d46276fb756a01771bc4a6d73b70

Your checklist for this pull request

• I've read the guidelines for contributing to this repository
• I made sure to follow the project's coding style
• I've documented or updated the documentation of every function and struct this PR changes. If not so I've explained why.
• I've added tests that prove my fix is effective or that my feature works (if possible)
• I've updated the rizin book with the relevant information (if needed)

Detailed description

Test plan

CI is green

[XVilka]

@imbillow for FPU see RzILFloat:

• https://github.com/rizinorg/rizin/blob/dev/librz/il/theory_fbasic.c
• https://github.com/rizinorg/rizin/blob/dev/librz/il/definitions/float.c
• https://github.com/rizinorg/rizin/blob/dev/librz/include/rz_il/rz_il_opcodes.h

Some are probably still missing, e.g. no square root yet for QSEED.F instruction. @Heersin please take a look at this PR too (ftohp instruction in particular):

Convert the contents of data register D[a] from IEEE-754-2008 32-bit single precision floating point to IEEE-754-2008
16-bit half precision (data interchange) floating point format. The rounded result is put in data register D[c][15:0].
D[c][31:16] is set to zero.

[DMaroo]

When I try to lift the float command, I realize that I want to specify the rounding mode at runtime, but the existing float in rzil doesn't have this capability. Should I leave the float part alone or change some of rzil's float modules to support this?

It is not possible to do it in RzIL for the moment. And I don't think it would be a good idea either, since the format of a float is the part of its type and should be statically known in the IL. A workaround for this (and what I also did in x86 floating-point instructions lifting) is to use the ITE op and manually compare the value of a bitvector with all the permitted values and use the correct rounding mode in each of that branches.

An example macro (not linking the x86 code since that PR is yet to be merged):

/**
 * \brief Execute the function \p f with the correct op mode argument
 *
 * \param f function which takes in the rounding mode as the first argument
 *
 * 0 -> RNE
 * 1 -> RTN
 * 2 -> RTP
 * 3 -> RTZ 
 */
#define EXEC_WITH_RMODE(f, ...) \
	ITE(EQ(VARL("_rmode"), UN(2, 0)), f(RZ_FLOAT_RMODE_RNE, __VA_ARGS__), \
		(EQ(VARL("_rmode"), UN(2, 1)), f(RZ_FLOAT_RMODE_RTN, __VA_ARGS__), \
			(EQ(VARL("_rmode"), UN(2, 2)), f(RZ_FLOAT_RMODE_RTP, __VA_ARGS__), \
				(f(RZ_FLOAT_RMODE_RTZ, __VA_ARGS__)))))

/* Need this because we want a function which takes in the rounding mode as the first argument. */
RzILOpFloat *convert_floating_helper(RzFloatRMode rmode, RzFloatFormat format, RzILOpFloat *val) {
	return FCONVERT(format, rmode, val);
}

void example(RzILOpPure *x, RzILOpPure *y, RzFloatFormat fmt) {
	/* We need to use DUP here so that the macro does not use reuse the same pure value everywhere. Not using DUP will lead to double-free. */
	RzILOpPure *_rounded_convert = EXEC_WITH_RMODE(convert_floating_helper, format, DUP(x));
	RzILOpPure *_rounded_add = EXEC_WITH_RMODE(FADD, DUP(x), DUP(y);
}

[XVilka]

Ok, looks good now. I wonder if it makes sense for you to wait until TCG plugin API is implemented (for tracetesting), just like @DMaroo wants. Meanwhile, please split PRs as I suggested, and let's merge some of these.

[imbillow]

• Remove static and global variables in TriCore RzAsm and RzAnalysis plugin #4092
• Add RzIL API SEXTRACT32 and NE #4093

[imbillow]

Ok, looks good now. I wonder if it makes sense for you to wait until TCG plugin API is implemented (for tracetesting), just like @DMaroo wants. Meanwhile, please split PRs as I suggested, and let's merge some of these.

TCG plugin API is implemented

No problem, I can wait for the implementation of the TCG plugin API.

[XVilka]

@imbillow merged those, please rebase this one and mark ready for review

[XVilka]

@imbillow, I found few missing/problematic opcodes:

ℤ rizin -e asm.arch=tricore =
[0x00000000]> wx ef4f0800
[0x00000000]> pd 1
        ╭─< 0x00000000      ef4f0800       jz.t  d15, 0x14, 0x10
[0x00000000]> aoi
0x0 ()
[0x00000000]> ao
address: 0x0
opcode: jz.t d15, #0x14, #0x10
esilcost: 0
disasm: jz.t d15, #0x14, #0x10
mnemonic: jz.t
description: jump if zero bit
mask: ff000000
prefix: 0
id: 159
bytes: ef4f0800
refptr: 0
size: 4
sign: true
type: cjmp
cycles: 0
jump: 0x00000010
fail: 0x00000004
cond: eq
family: cpu
[0x00000000]> wx ef3fd17f
[0x00000000]> pd 1
        ╭─< 0x00000000      ef3fd17f       jz.t  d15, 0x13, 0xffffffa2
[0x00000000]> aoi
0x0 ()
[0x00000000]>

Also

ℤ rizin -e asm.arch=tricore =
 -- If you want to open the file in read-write mode, invoke rizin with '-w'
[0x00000000]> wx 90f2
[0x00000000]> pd 1
            0x00000000      90f2           addsc.a a2, a15, d15, #2
[0x00000000]> aoi
WARNING: (../librz/analysis/arch/tricore/tricore_il.c:3623):tricore_il_op: code should not be reached
0x0 ()
[0x00000000]>

Moreover, when I tried aaa; plf @@F on some files, there were many warnings like that (can't share them, sorry):

WARNING: (../librz/analysis/arch/tricore/tricore_il.c:3623):tricore_il_op: code should not be reached
WARNING: Failed to get operand0 [2]: "ld.bu d15, #0" [mem]
WARNING: (../librz/asm/arch/../../asm/arch/tricore/tricore.inc:100):tricore_op_as_mem: code should not be reached
WARNING: SETG_wrap: assertion 'name && x && strlen(name) >= 2' failed (line 440)
WARNING: (../librz/analysis/arch/tricore/tricore_il.c:3623):tricore_il_op: code should not be reached
WARNING: (../librz/analysis/arch/tricore/tricore_il.c:3623):tricore_il_op: code should not be reached
WARNING: SETG_wrap: assertion 'name && x && strlen(name) >= 2' failed (line 440)
WARNING: Failed to get operand0 [2]: "ld.hu d3, #0xa" [mem]
WARNING: (../librz/asm/arch/../../asm/arch/tricore/tricore.inc:100):tricore_op_as_mem: code should not be reached
WARNING: SETG_wrap: assertion 'name && x && strlen(name) >= 2' failed (line 440)
WARNING: Failed to get operand0 [2]: "ld.bu d15, #0" [mem]
WARNING: (../librz/asm/arch/../../asm/arch/tricore/tricore.inc:100):tricore_op_as_mem: code should not be reached
WARNING: SETG_wrap: assertion 'name && x && strlen(name) >= 2' failed (line 440)
WARNING: Failed to get operand0 [2]: "ld.q d6, #0x1450" [mem]
WARNING: (../librz/asm/arch/../../asm/arch/tricore/tricore.inc:100):tricore_op_as_mem: code should not be reached
WARNING: SETG_wrap: assertion 'name && x && strlen(name) >= 2' failed (line 440)
WARNING: (../librz/analysis/arch/tricore/tricore_il.c:3623):tricore_il_op: code should not be reached
WARNING: Failed to get operand0 [2]: "ld.q d2, #0x2407" [mem]
WARNING: (../librz/asm/arch/../../asm/arch/tricore/tricore.inc:100):tricore_op_as_mem: code should not be reached
WARNING: SETG_wrap: assertion 'name && x && strlen(name) >= 2' failed (line 440)
WARNING: (../librz/analysis/arch/tricore/tricore_il.c:3623):tricore_il_op: code should not be reached
WARNING: SETG_wrap: assertion 'name && x && strlen(name) >= 2' failed (line 440)
WARNING: (../librz/analysis/arch/tricore/tricore_il.c:3623):tricore_il_op: code should not be reached
WARNING: Failed to get operand0 [2]: "ld.q d3, #0x3406" [mem]
WARNING: (../librz/asm/arch/../../asm/arch/tricore/tricore.inc:100):tricore_op_as_mem: code should not be reached
WARNING: SETG_wrap: assertion 'name && x && strlen(name) >= 2' failed (line 440)
WARNING: SETG_wrap: assertion 'name && x && strlen(name) >= 2' failed (line 440)
WARNING: (../librz/analysis/arch/tricore/tricore_il.c:3623):tricore_il_op: code should not be reached
WARNING: Failed to get operand0 [2]: "ld.q d6, #0x400000c0" [mem]
WARNING: (../librz/asm/arch/../../asm/arch/tricore/tricore.inc:100):tricore_op_as_mem: code should not be reached
WARNING: SETG_wrap: assertion 'name && x && strlen(name) >= 2' failed (line 440)

[imbillow]

@imbillow, I found few missing/problematic opcodes:

ℤ rizin -e asm.arch=tricore =
[0x00000000]> wx ef4f0800
[0x00000000]> pd 1
        ╭─< 0x00000000      ef4f0800       jz.t  d15, 0x14, 0x10
[0x00000000]> aoi
0x0 ()
[0x00000000]> ao
address: 0x0
opcode: jz.t d15, #0x14, #0x10
esilcost: 0
disasm: jz.t d15, #0x14, #0x10
mnemonic: jz.t
description: jump if zero bit
mask: ff000000
prefix: 0
id: 159
bytes: ef4f0800
refptr: 0
size: 4
sign: true
type: cjmp
cycles: 0
jump: 0x00000010
fail: 0x00000004
cond: eq
family: cpu
[0x00000000]> wx ef3fd17f
[0x00000000]> pd 1
        ╭─< 0x00000000      ef3fd17f       jz.t  d15, 0x13, 0xffffffa2
[0x00000000]> aoi
0x0 ()
[0x00000000]>

Also

ℤ rizin -e asm.arch=tricore =
 -- If you want to open the file in read-write mode, invoke rizin with '-w'
[0x00000000]> wx 90f2
[0x00000000]> pd 1
            0x00000000      90f2           addsc.a a2, a15, d15, #2
[0x00000000]> aoi
WARNING: (../librz/analysis/arch/tricore/tricore_il.c:3623):tricore_il_op: code should not be reached
0x0 ()
[0x00000000]>

Moreover, when I tried aaa; plf @@F on some files, there were many warnings like that (can't share them, sorry):

WARNING: (../librz/analysis/arch/tricore/tricore_il.c:3623):tricore_il_op: code should not be reached
WARNING: Failed to get operand0 [2]: "ld.bu d15, #0" [mem]
WARNING: (../librz/asm/arch/../../asm/arch/tricore/tricore.inc:100):tricore_op_as_mem: code should not be reached
WARNING: SETG_wrap: assertion 'name && x && strlen(name) >= 2' failed (line 440)
WARNING: (../librz/analysis/arch/tricore/tricore_il.c:3623):tricore_il_op: code should not be reached
WARNING: (../librz/analysis/arch/tricore/tricore_il.c:3623):tricore_il_op: code should not be reached
WARNING: SETG_wrap: assertion 'name && x && strlen(name) >= 2' failed (line 440)
WARNING: Failed to get operand0 [2]: "ld.hu d3, #0xa" [mem]
WARNING: (../librz/asm/arch/../../asm/arch/tricore/tricore.inc:100):tricore_op_as_mem: code should not be reached
WARNING: SETG_wrap: assertion 'name && x && strlen(name) >= 2' failed (line 440)
WARNING: Failed to get operand0 [2]: "ld.bu d15, #0" [mem]
WARNING: (../librz/asm/arch/../../asm/arch/tricore/tricore.inc:100):tricore_op_as_mem: code should not be reached
WARNING: SETG_wrap: assertion 'name && x && strlen(name) >= 2' failed (line 440)
WARNING: Failed to get operand0 [2]: "ld.q d6, #0x1450" [mem]
WARNING: (../librz/asm/arch/../../asm/arch/tricore/tricore.inc:100):tricore_op_as_mem: code should not be reached
WARNING: SETG_wrap: assertion 'name && x && strlen(name) >= 2' failed (line 440)
WARNING: (../librz/analysis/arch/tricore/tricore_il.c:3623):tricore_il_op: code should not be reached
WARNING: Failed to get operand0 [2]: "ld.q d2, #0x2407" [mem]
WARNING: (../librz/asm/arch/../../asm/arch/tricore/tricore.inc:100):tricore_op_as_mem: code should not be reached
WARNING: SETG_wrap: assertion 'name && x && strlen(name) >= 2' failed (line 440)
WARNING: (../librz/analysis/arch/tricore/tricore_il.c:3623):tricore_il_op: code should not be reached
WARNING: SETG_wrap: assertion 'name && x && strlen(name) >= 2' failed (line 440)
WARNING: (../librz/analysis/arch/tricore/tricore_il.c:3623):tricore_il_op: code should not be reached
WARNING: Failed to get operand0 [2]: "ld.q d3, #0x3406" [mem]
WARNING: (../librz/asm/arch/../../asm/arch/tricore/tricore.inc:100):tricore_op_as_mem: code should not be reached
WARNING: SETG_wrap: assertion 'name && x && strlen(name) >= 2' failed (line 440)
WARNING: SETG_wrap: assertion 'name && x && strlen(name) >= 2' failed (line 440)
WARNING: (../librz/analysis/arch/tricore/tricore_il.c:3623):tricore_il_op: code should not be reached
WARNING: Failed to get operand0 [2]: "ld.q d6, #0x400000c0" [mem]
WARNING: (../librz/asm/arch/../../asm/arch/tricore/tricore.inc:100):tricore_op_as_mem: code should not be reached
WARNING: SETG_wrap: assertion 'name && x && strlen(name) >= 2' failed (line 440)

The main reason is that I only referenced tc1.6.2, so other versions of the instructions may be a bit problematic.

[XVilka]

@imbillow strange, because those instructions are in the binary compiled for the tc1.6.2-compatible SoC.

[imbillow]

@imbillow strange, because those instructions are in the binary compiled for the tc1.6.2-compatible SoC.

strange， I can't seem to find a description of the ef4f0800 jz.t d15, #0x14, #0x10 instruction in either the tricore manuals or qemu. In capstone I remember referencing some version of qemu, but I can't seem to find it now.

• v1.6 https://www.infineon.com/dgdl/tc1_6__architecture_vol2.pdf?fileId=db3a3043372d5cc801374ad9c0653ad9
• TC1.6P & TC1.6E https://www.infineon.com/dgdl/Infineon-TC2xx_Architecture_vol1-UM-v01_00-EN.pdf?fileId=5546d46269bda8df0169ca1bea3624a5
• TC1.31 https://www.infineon.com/dgdl/tc_v131_instructionset_v138.pdf?fileId=db3a304412b407950112b409b6dd0352
• qemu https://gitlab.com/qemu-project/qemu/-/blob/master/target/tricore/tricore-opcodes.h

[imbillow]

@imbillow strange, because those instructions are in the binary compiled for the tc1.6.2-compatible SoC.

strange， I can't seem to find a description of the ef4f0800 jz.t d15, #0x14, #0x10 instruction in either the tricore manuals or qemu. In capstone I remember referencing some version of qemu, but I can't seem to find it now.

• v1.6 https://www.infineon.com/dgdl/tc1_6__architecture_vol2.pdf?fileId=db3a3043372d5cc801374ad9c0653ad9
• TC1.6P & TC1.6E https://www.infineon.com/dgdl/Infineon-TC2xx_Architecture_vol1-UM-v01_00-EN.pdf?fileId=5546d46269bda8df0169ca1bea3624a5
• TC1.31 https://www.infineon.com/dgdl/tc_v131_instructionset_v138.pdf?fileId=db3a304412b407950112b409b6dd0352
• qemu https://gitlab.com/qemu-project/qemu/-/blob/master/target/tricore/tricore-opcodes.h

Oh my bad.
I just checked byte[0] but the instruction OPCODE1 for BRN format is 0-6 bits.

[XVilka]

OK, now it's in quite good condition. Since we postponed trace-testing after TCG APIs were implemented, let's merge it as is. It works quite well already on most files I tried. It can be improved further incrementally, when necessary, and also during the trace testing.