This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Another x86_64 disassembler crash


On Wed, Dec 07, 2005 at 09:55:18AM +0100, Jan Beulich wrote:
> I would think that instead dofloat() should take care to set op_ad
> correctly (just copying the respective initialization from
> print_insn()); adding the check you suggest to set_op() would, as far as
> I can tell, force the calling of the address resolution function for the
> operand (rather than in order to attach a comment after all operands)
> despite the addressing being rip-relative (after all, the test case
> isn't invalid, despite not representing a sensible instruction stream,
> which isn't presently getting tested for at all - there are almost no
> tests for disassembling floating point stuff in gas/testsuite/gas/i386/
> ).

Thank you - that was the pointer I needed - that this should
disassemble to something sensible.

> Here's what a 64-bit disassembler has to say with -D:
> 
> 0000000000000000 <_binary_t1_o_start>:
>    0:   1d c8 0c 06 90          sbb    $0x90060cc8,%eax
>    5:   c8 0c 82 9c             enterq $0x820c,$0x9c
>    9:   dc 1d 0c 0a 85 0d       fcompl 226822668(%rip)
>    f:   01 20                   add    %esp,(%rax)

Here's what a patched disassembler has to say, 32-bit or 64-bit:

0000000000000000 <_binary_t1_o_start>:
   0:   1d c8 0c 06 90          sbb    $0x90060cc8,%eax
   5:   c8 0c 82 9c             enterq $0x820c,$0x9c
   9:   dc 1d 0c 0a 85 0d       fcompl 226822668(%rip)        # d850a1b <_binary_t1_o_size+0xd850a0a>
   f:   01 20                   add    %esp,(%rax)

Which looks correct to me.  Is this patch OK?

Something is still strange in my testcase; the 32-bit and 64-bit
disassemblers produce different output, but the differences are of the
forms:

-ffffffff8055fb2e:      2e                      cs
-ffffffff8055fb2f:      2e                      cs
-ffffffff8055fb30:      2e                      cs
-ffffffff8055fb31:      2e 2e 2e 2e 2e 2e 2e    or %cs:0xffffffffffffffee(%rcx),%ch
-ffffffff8055fb38:      2e 2e 2e 2e 2e 2e 2e 
-ffffffff8055fb3f:      2e 2e 2e 2e 2e 2e 0a 
-ffffffff8055fb46:      00 00 
-ffffffff8055fb48:      3c 37                   cmp    $0x37,%al
+ffffffff8055fb2e:      2e 2e 2e 2e 2e 2e 2e    or     %cs:(%rax),%al
+ffffffff8055fb35:      2e 2e 2e 2e 2e 2e 2e 
+ffffffff8055fb3c:      2e 2e 2e 2e 2e 2e 2e 
+ffffffff8055fb43:      2e 2e 0a 00 
+ffffffff8055fb47:      00 3c 37                add %bh,(%rdi,%rsi,1)

and

-ffffffff805be630:      43 17                   rexYZ popq   %dl
+ffffffff805be630:      43 17                   rexYZ popq   %bp,%si

But, unrelated to this particular bug, and close enough for me.

-- 
Daniel Jacobowitz
CodeSourcery, LLC

2005-12-07  Daniel Jacobowitz  <dan@codesourcery.com>

	* i386-dis.c (dofloat): Handle %rip-relative floating point addressing.

Index: binutils-2.15.94/opcodes/i386-dis.c
===================================================================
--- binutils-2.15.94.orig/opcodes/i386-dis.c	2005-11-11 17:51:40.000000000 -0500
+++ binutils-2.15.94/opcodes/i386-dis.c	2005-12-07 16:22:32.000000000 -0500
@@ -2667,6 +2667,7 @@ dofloat (int sizeflag)
       int fp_indx = (floatop - 0xd8) * 8 + reg;
 
       putop (float_mem[fp_indx], sizeflag);
+      op_ad = 2;
       obufp = op1out;
       OP_E (float_mem_mode[fp_indx], sizeflag);
       return;
@@ -2689,8 +2690,10 @@ dofloat (int sizeflag)
       putop (dp->name, sizeflag);
 
       obufp = op1out;
+      op_ad = 2;
       if (dp->op1)
 	(*dp->op1) (dp->bytemode1, sizeflag);
+      op_ad = 1;
       obufp = op2out;
       if (dp->op2)
 	(*dp->op2) (dp->bytemode2, sizeflag);


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]