Failed to simulate ARM q-register(q0)

[Cossack9989]

Environment

Thu Apr 6 00:26:42 CST 2023
radare2 5.8.4 0 @ darwin-arm-64 git.5.8.4
commit: 5.8.4 build: 2023-03-14__21:27:55
Darwin arm64

Description

when using eisl to run the following codes, I found that the value of q0 has not been modified

│       │   0x000011b0      eafffff0       adrp x10, 0
│       │   0x000011b4      4a011e91       add x10, x10, str.libtest.so
│       │   0x000011b8      4001c03d       ldr q0, [x10]               ; 0xd1
│       │   ;-- pc:
│       │   0x000011bc      e9030091       mov x9, sp

[0x000011b0]> s 0x11b0
[0x000011b0]> aeip;aeim
[0x000011b0]> aeso
[0x000011b0]> aeso
[0x000011b0]> aer pc
0x000011b8
[0x000011b0]> aeso
[0x000011b0]> aer pc
0x000011bc
[0x000011b0]> aer x10
0x00000780
[0x000011b0]> psz @0x780
libtest.so
[0x000011b0]> aer q0
0x00000000000000000000000000000000

[Cossack9989]

and the code above in esil:

│       │   0x000011b0      eafffff0       0,x10,=
│       │   0x000011b4      4a011e91       0x780,x10,+,x10,=
│       │   0x000011b8      4001c03d       0,x10,+,DUP,tmp,=,[16],q0,= ; 0xd1
│       │   0x000011bc      e9030091       sp,x9,=

[trufae]

Do you want to submit the fix? Its just one line patch

[Cossack9989]

Do you want to submit the fix? Its just one line patch

@trufae Sorry I don't know how to fix this issue (I'm new to r2)

[radare]

Should be fixed now, let me know if it works for you or you when you can test it.

[Cossack9989]

• 128bit support via [16] and RReg for arm64 ##esil

Hi, loading somgthing to Q0 is ok @radare @trufae
but store from Q0 failed.

│       │   0x000011b0      eafffff0       adrp x10, 0
│       │   0x000011b4      4a011e91       add x10, x10, str.libtest.so
│       │   0x000011b8      4001c03d       ldr q0, [x10]               ; 0xe4
│       │   0x000011bc      e9030091       mov x9, sp
│       │   0x000011c0      4bce8552       mov w11, 0x2e72             ; 'r.'
│       │   0x000011c4      340140b2       orr x20, x9, 1
│       │   0x000011c8      08058052       mov w8, 0x28
│       │   0x000011cc      6beead72       movk w11, 0x6f73, lsl 16    ; 'so'
│       │   0x000011d0      e1031f32       mov w1, 2
│       │   0x000011d4      e00314aa       mov x0, x20
│       │   0x000011d8      ff7f00a9       stp xzr, xzr, [sp]
│       │   0x000011dc      ff0b00f9       str xzr, [sp, 0x10]
│       │   0x000011e0      e8030039       strb w8, [sp]
│       │   0x000011e4      eb1301b8       stur w11, [sp, 0x11]
│       │   0x000011e8      e013803c       stur q0, [sp, 1]
│       │   0x000011ec      ff570039       strb wzr, [sp, 0x15]

the test program should load [x10] to Q0 @ 0x000011b8, and store Q0 to [SP+1] @ 0x000011e8
but it failed to store

[0x0006d0cc]> s 0x11b0
[0x000011b0]> aeip;aeim
[0x000011b0]> aesu 0x11e8
[0x000011d4]> aer q0
0x61616161616161616161616161616161
[0x000011d4]> aer x0
0x00178001
[0x000011d4]> aer pc
0x000011e8
[0x000011d4]> psz @ 0x00178001

[0x000011d4]> aeso
[0x000011d4]> psz @ 0x00178001

[0x000011d4]> aer pc
0x000011ec

[Cossack9989]

I noticed that there is no 128bit support in elif(src){...} in the commit

[trufae]

@Cossack9989 see #21595