ArchPPC32 has incorrect PC register number

[jeffball55]

I'm attempting to obtain the Intermediate Representation for the PPC32 architecture (little endian), however when parsing the output, I'm getting an incorrect register number for what appears to be the PC register. The output is shown below. The register number 1168 is returned instead of the correct 1160.
I'm running python 2.7.10 on Ubuntu 15.10 and installed pyvex using the recommended "pip install pyvex".

>>> import archinfo,pyvex
>>> pyvex.IRSB('\x20\x00\x80\x4e', 0x80000, archinfo.ArchPPC32()).pp()
IRSB {
   t0:Ity_I32 t1:Ity_I32 t2:Ity_I32 t3:Ity_I32 t4:Ity_I32 t5:Ity_I32 t6:Ity_I32 t7:Ity_I32 t8:Ity_I32 t9:Ity_I1 t10:Ity_I32

   00 | IR-NoOp
   01 | IR-NoOp
   02 | IR-NoOp
   03 | IR-NoOp
   04 | IR-NoOp
   05 | IR-NoOp
   06 | IR-NoOp
   07 | IR-NoOp
   08 | IR-NoOp
   09 | IR-NoOp
   10 | IR-NoOp
   11 | IR-NoOp
   12 | IR-NoOp
   13 | IR-NoOp
   14 | IR-NoOp
   15 | ------ IMark(0x80000, 4, 0) ------
   16 | t4 = 0xffffffff
   17 | t1 = t4
   18 | t5 = 0x00000001
   19 | t2 = t5
   20 | t0 = And32(t2,t1)
   21 | t8 = GET:I32(lr)
   22 | t7 = And32(t8,0xfffffffc)
   23 | t3 = t7
   24 | t9 = CmpEQ32(t0,0x00000000)
   25 | if (t9) { PUT(1168) = 0x80004; Ijk_Boring }
   26 | PUT(1168) = t3
   27 | t10 = GET:I32(1168)
   NEXT: PUT(1168) = t10; Ijk_Ret
}
>>> archinfo.ArchPPC32().translate_register_name(1168)
'1168'
>>> archinfo.ArchPPC32().registers['pc']
(1160, 4)
>>> archinfo.ArchPPC32().registers['ip']
(1160, 4)

[zardus]

Hi jeffball,

Sorry for the laggy response. I was at SECCON, and didn't have a chance to look into this. You've definitely triggered a "how did this ever work" moment. I'll look into this a bit further and get back to you.

[rhelmot]

Can we have whatever sample binary you're working with that's little-endian 32 bit powerpc? As far as I know, code of this type has never been tested with angr, and might not actually exist?

[zardus]

Ah, I should have mentioned, from my testing, it looks like this holds for
big-endian PPC (fauxware) as well.

I have a vague half-memory of running into this before for some reason, but
can't remember the details...
On Feb 2, 2016 8:51 AM, "Andrew Dutcher" notifications@github.com wrote:

Can we have whatever sample binary you're working with that's
little-endian 32 bit powerpc? As far as I know, code of this type has never
been tested with angr, and might not actually exist?

—
Reply to this email directly or view it on GitHub
#27 (comment).

[rhelmot]

The vex source comments indicate that yes, it is in fact at that offset. I have no idea where this bug is introduced, and since this source has been copied around since before I was on this project it's impossible to tell when it was introduced, but I'll push a fix. :+)

[rhelmot]

Fix pushed to the archinfo repository. Can you verify it resolves your issue?

[jeffball55]

Yep, after upgrading archinfo from the archinfo github repository, this does fix the issue. Thanks!