Fix asm tests for JMP and RET instructions

rizinorg · Feb 17, 2024 · a59e5b1 · a59e5b1
1 parent f40db24
commit a59e5b1
Show file tree

Hide file tree

Showing 4 changed files with 87 additions and 87 deletions.
diff --git a/librz/analysis/arch/x86/il_ops.inc b/librz/analysis/arch/x86/il_ops.inc
@@ -1892,15 +1892,15 @@ IL_LIFTER(ror) {
 IL_LIFTER(ret) {
 	PopHelper ph = x86_pop_helper(analysis->bits / BITS_PER_BYTE /* BYTES */);
 
-	RzILOpEffect *ret = SEQ2(JMP(ph.val), ph.eff);
+	RzILOpEffect *ret = SEQ2(SETL("tgt", ph.val), ph.eff);
 
 	if (ins->structure->op_count == 1) {
-		/* Immediate operand (Encoding: I) 
+		/* Immediate operand (Encoding: I)
 		 * Reduce RSP by that many bytes. */
 		ret = SEQ2(ret, x86_il_set_reg(X86_REG_RSP, ADD(x86_il_get_reg(X86_REG_RSP), UN(analysis->bits, ins->structure->operands[0].imm))));
 	}
 
-	return ret;
+	return SEQ2(ret, JMP(VARL("tgt")));
 }
 
 /**

diff --git a/test/db/asm/x86_16 b/test/db/asm/x86_16
@@ -5,7 +5,7 @@ ad "aam 0xa" d40a 0x0 (seq (set temp_al (cast 8 false (var ax))) (set ax (| (& (
 ad "aam 0x42" d442 0x0 (seq (set temp_al (cast 8 false (var ax))) (set ax (| (& (var ax) (~ (bv 16 0xff00))) (<< (cast 16 false (div (var temp_al) (bv 8 0x42))) (bv 8 0x8) false))) (set adjusted (mod (var temp_al) (bv 8 0x42))) (set ax (| (& (var ax) (~ (bv 16 0xff))) (cast 16 false (var adjusted)))) (set _result (var adjusted)) (set _popcnt (bv 8 0x0)) (set _val (cast 8 false (var _result))) (repeat (! (is_zero (var _val))) (seq (set _popcnt (+ (var _popcnt) (ite (lsb (var _val)) (bv 8 0x1) (bv 8 0x0)))) (set _val (>> (var _val) (bv 8 0x1) false)))) (set pf (is_zero (mod (var _popcnt) (bv 8 0x2)))) (set zf (is_zero (var _result))) (set sf (msb (var _result))))
 ad "aas" 3f 0x0 (seq (branch (|| (! (ule (& (cast 8 false (var ax)) (bv 8 0xf)) (bv 8 0x9))) (var af)) (seq (set ax (- (var ax) (bv 16 0x6))) (set ax (| (& (var ax) (~ (bv 16 0xff00))) (<< (cast 16 false (- (cast 8 false (>> (var ax) (bv 8 0x8) false)) (bv 8 0x1))) (bv 8 0x8) false))) (set af true) (set cf true)) (seq (set af false) (set cf false))) (set ax (| (& (var ax) (~ (bv 16 0xff))) (cast 16 false (& (cast 8 false (var ax)) (bv 8 0xf))))))
 adB "cbw" 98
-d "call 0" e8fdff 0x0 (seq (set _cs (cast 16 false (var cs))) (set final (- (var sp) (bv 16 0x2))) (storew 0 (var final) (cast 16 false (var _cs))) (set sp (var final)) (set _pc (bv 16 0x3)) (set final (- (var sp) (bv 16 0x2))) (storew 0 (var final) (cast 16 false (var _pc))) (set sp (var final)) (jmp (bv 16 0x0)))
+d "call 0" e8fdff 0x0 (seq (set final (- (var sp) (bv 16 0x2))) (storew 0 (var final) (cast 16 false (bv 16 0x3))) (set sp (var final)) (jmp (bv 16 0x0)))
 d "enter 8, 0" c8080000 0x0 (seq (set _alloc_sz (cast 16 false (bv 16 0x8))) (set _nest_lvl (mod (cast 8 false (bv 16 0x0)) (bv 8 0x20))) (set final (- (var sp) (bv 16 0x2))) (storew 0 (var final) (cast 16 false (var bp))) (set sp (var final)) (set _frame_tmp (var sp)) (branch (is_zero (var _nest_lvl)) nop (seq (branch (! (ule (var _nest_lvl) (bv 8 0x1))) (seq (set _itr (bv 8 0x1)) (repeat (&& (ule (var _itr) (var _nest_lvl)) (! (== (var _itr) (var _nest_lvl)))) (seq (set bp (- (var bp) (bv 16 0x2))) (set final (- (var sp) (bv 16 0x2))) (storew 0 (var final) (cast 16 false (loadw 0 16 (var bp)))) (set sp (var final)) (set _itr (+ (var _itr) (bv 8 0x1)))))) nop) (set final (- (var sp) (bv 16 0x2))) (storew 0 (var final) (cast 16 false (var _frame_tmp))) (set sp (var final)))) (set sp (- (var sp) (cast 16 false (var _alloc_sz)))) (set bp (cast 16 false (cast 15 false (var _frame_tmp)))))
 a "jmp 0x0" ebfe 0x0 (jmp (cast 16 false (bv 16 0x0)))
 a "jmp 0x10" eb0e 0x0 (jmp (cast 16 false (bv 16 0x10)))

diff --git a/test/db/asm/x86_32 b/test/db/asm/x86_32
@@ -430,7 +430,7 @@ d "rdpmc" 0f33
 d "rdtsc" 0f31
 d "rdtscp" 0f01f9
 d "repne movsb byte es:[edi], byte ptr [esi]" f2a4
-d "ret" c3 0x0 (seq (set esp (+ (var esp) (bv 32 0x4))) (set esp (loadw 0 32 (+ (+ (cast 32 false (var esp)) (bv 32 0x0)) (<< (cast 32 false (var ss)) (bv 8 0x4) false)))))
+d "ret" c3 0x0 (seq (set tgt (loadw 0 32 (+ (+ (cast 32 false (var esp)) (bv 32 0x0)) (<< (cast 32 false (var ss)) (bv 8 0x4) false)))) (set esp (+ (var esp) (bv 32 0x4))) (jmp (var tgt)))
 d "retf 0" ca0000 0x0 empty
 d "retf" cb 0x0 empty
 d "rol byte [eax], 0" c00000
@@ -1056,11 +1056,11 @@ aB "bt edx, 59" 0fbae23b
 aB "bt ebp, -20" 0fbae5e0
 aB "btr dword [eax], eax" 0fb300
 aB "bts dword [eax], eax" 0fab00
-a "call 0x8049100" e8fb900408 0x0 (seq (set _cs (cast 32 false (var cs))) (set final (- (var esp) (bv 32 0x4))) (storew 0 (var final) (cast 32 false (var _cs))) (set esp (var final)) (set _pc (bv 32 0x5)) (set final (- (var esp) (bv 32 0x4))) (storew 0 (var final) (cast 32 false (var _pc))) (set esp (var final)) (jmp (bv 32 0x8049100)))
-a "call 4" e8ffffffff 0x0 (seq (set _cs (cast 32 false (var cs))) (set final (- (var esp) (bv 32 0x4))) (storew 0 (var final) (cast 32 false (var _cs))) (set esp (var final)) (set _pc (bv 32 0x5)) (set final (- (var esp) (bv 32 0x4))) (storew 0 (var final) (cast 32 false (var _pc))) (set esp (var final)) (jmp (bv 32 0x4)))
-a "call 5" e800000000 0x0 (seq (set _cs (cast 32 false (var cs))) (set final (- (var esp) (bv 32 0x4))) (storew 0 (var final) (cast 32 false (var _cs))) (set esp (var final)) (set _pc (bv 32 0x5)) (set final (- (var esp) (bv 32 0x4))) (storew 0 (var final) (cast 32 false (var _pc))) (set esp (var final)) (jmp (bv 32 0x5)))
-a "call dword [eax]" ff10 0x0 (seq (set _cs (cast 32 false (var cs))) (set final (- (var esp) (bv 32 0x4))) (storew 0 (var final) (cast 32 false (var _cs))) (set esp (var final)) (set _pc (bv 32 0x2)) (set final (- (var esp) (bv 32 0x4))) (storew 0 (var final) (cast 32 false (var _pc))) (set esp (var final)) (jmp (loadw 0 32 (+ (var eax) (bv 32 0x0)))))
-a "call ebx" ffd3 0x0 (seq (set _cs (cast 32 false (var cs))) (set final (- (var esp) (bv 32 0x4))) (storew 0 (var final) (cast 32 false (var _cs))) (set esp (var final)) (set _pc (bv 32 0x2)) (set final (- (var esp) (bv 32 0x4))) (storew 0 (var final) (cast 32 false (var _pc))) (set esp (var final)) (jmp (var ebx)))
+a "call 0x8049100" e8fb900408 0x0 (seq (set final (- (var esp) (bv 32 0x4))) (storew 0 (var final) (cast 32 false (bv 32 0x5))) (set esp (var final)) (jmp (bv 32 0x8049100)))
+a "call 4" e8ffffffff 0x0 (seq (set final (- (var esp) (bv 32 0x4))) (storew 0 (var final) (cast 32 false (bv 32 0x5))) (set esp (var final)) (jmp (bv 32 0x4)))
+a "call 5" e800000000 0x0 (seq (set final (- (var esp) (bv 32 0x4))) (storew 0 (var final) (cast 32 false (bv 32 0x5))) (set esp (var final)) (jmp (bv 32 0x5)))
+a "call dword [eax]" ff10 0x0 (seq (set final (- (var esp) (bv 32 0x4))) (storew 0 (var final) (cast 32 false (bv 32 0x2))) (set esp (var final)) (jmp (loadw 0 32 (+ (var eax) (bv 32 0x0)))))
+a "call ebx" ffd3 0x0 (seq (set final (- (var esp) (bv 32 0x4))) (storew 0 (var final) (cast 32 false (bv 32 0x2))) (set esp (var final)) (jmp (var ebx)))
 a "bnd call ebx" f2ffd3
 a "cbw" 6698
 a "cdq" 99
@@ -1900,12 +1900,12 @@ a "rdtsc" 0f31
 a "rdtscp" 0f01f9
 a "repne movsb byte es:[edi], byte ptr [esi]" f2a4
 a "repz movsb" f3a4
-a "ret" c3 0x0 (seq (set esp (+ (var esp) (bv 32 0x4))) (set esp (loadw 0 32 (+ (+ (cast 32 false (var esp)) (bv 32 0x0)) (<< (cast 32 false (var ss)) (bv 8 0x4) false)))))
-ad "ret 0xff" c2ff00 0x0 (seq (set esp (+ (var esp) (bv 32 0x4))) (set esp (loadw 0 32 (+ (+ (cast 32 false (var esp)) (bv 32 0x0)) (<< (cast 32 false (var ss)) (bv 8 0x4) false)))) (set esp (+ (var esp) (bv 32 0xff))))
+a "ret" c3 0x0 (seq (set tgt (loadw 0 32 (+ (+ (cast 32 false (var esp)) (bv 32 0x0)) (<< (cast 32 false (var ss)) (bv 8 0x4) false)))) (set esp (+ (var esp) (bv 32 0x4))) (jmp (var tgt)))
+ad "ret 0xff" c2ff00 0x0 (seq (set tgt (loadw 0 32 (+ (+ (cast 32 false (var esp)) (bv 32 0x0)) (<< (cast 32 false (var ss)) (bv 8 0x4) false)))) (set esp (+ (var esp) (bv 32 0x4))) (set esp (+ (var esp) (bv 32 0xff))) (jmp (var tgt)))
 a "bnd ret" f2c3
 a "retf 0" ca0000
 a "retf" cb 0x0 empty
-a "retw" 66c3 0x0 (seq (set esp (+ (var esp) (bv 32 0x4))) (set esp (loadw 0 32 (+ (+ (cast 32 false (var esp)) (bv 32 0x0)) (<< (cast 32 false (var ss)) (bv 8 0x4) false)))))
+a "retw" 66c3 0x0 (seq (set tgt (loadw 0 32 (+ (+ (cast 32 false (var esp)) (bv 32 0x0)) (<< (cast 32 false (var ss)) (bv 8 0x4) false)))) (set esp (+ (var esp) (bv 32 0x4))) (jmp (var tgt)))
 ad "rcl byte [eax], cl" d210 0x0 (seq (set _dest (loadw 0 8 (+ (var eax) (bv 32 0x0)))) (set _tmp_cnt (mod (cast 5 false (cast 8 false (var ecx))) (bv 5 0x9))) (set _cnt_mask (cast 5 false (cast 8 false (var ecx)))) (repeat (! (is_zero (var _tmp_cnt))) (seq (set _tmp_cf (msb (var _dest))) (set _dest (+ (<< (var _dest) (bv 8 0x1) false) (ite (var cf) (bv 8 0x1) (bv 8 0x0)))) (set cf (var _tmp_cf)) (set _tmp_cnt (- (var _tmp_cnt) (bv 5 0x1))))) (branch (== (var _cnt_mask) (bv 5 0x1)) (set of (^^ (msb (var _dest)) (var cf))) nop) (storew 0 (+ (var eax) (bv 32 0x0)) (var _dest)))
 # capstone v5 removes the `, 1` and makes it implicit.
 ad "rcl byte [eax]" d010 0x0 (seq (set _dest (loadw 0 8 (+ (var eax) (bv 32 0x0)))) (set _tmp_cnt (mod (cast 5 false (bv 8 0x1)) (bv 5 0x9))) (set _cnt_mask (cast 5 false (bv 8 0x1))) (repeat (! (is_zero (var _tmp_cnt))) (seq (set _tmp_cf (msb (var _dest))) (set _dest (+ (<< (var _dest) (bv 8 0x1) false) (ite (var cf) (bv 8 0x1) (bv 8 0x0)))) (set cf (var _tmp_cf)) (set _tmp_cnt (- (var _tmp_cnt) (bv 5 0x1))))) (branch (== (var _cnt_mask) (bv 5 0x1)) (set of (^^ (msb (var _dest)) (var cf))) nop) (storew 0 (+ (var eax) (bv 32 0x0)) (var _dest)))