implements AVR ABI and refines AVR targets

BinaryAnalysisPlatform · Mar 9, 2022 · 248a8fd · 248a8fd
1 parent 51ba6ba
commit 248a8fd
Show file tree

Hide file tree

Showing 4 changed files with 111 additions and 15 deletions.
diff --git a/lib/bap_avr/bap_avr_target.ml b/lib/bap_avr/bap_avr_target.ml
@@ -8,42 +8,87 @@ let package = "bap"
 type r16 and r8
 
 type 'a bitv = 'a Theory.Bitv.t Theory.Value.sort
+type reg = r8 Theory.Bitv.t Theory.var
+
 
 let r16 : r16 bitv = Theory.Bitv.define 16
 let r8 : r8 bitv = Theory.Bitv.define 8
 let bool = Theory.Bool.t
 
 let reg t n = Theory.Var.define t n
 
-let array ?(index=string_of_int) t pref size =
- List.init size ~f:(fun i -> reg t (pref ^ index i))
+let array ?(rev=false) ?(start=0) ?(index=string_of_int) t pref size =
+ let stop = if rev then start-size else start+size in
+ let stride = if rev then -1 else 1 in
+ List.range ~stride start stop |>
+ List.map ~f:(fun i -> reg t (pref ^ index i))
 
 let untyped = List.map ~f:Theory.Var.forget
 let (@<) xs ys = untyped xs @ untyped ys
 
-let gpr = array r8 "R" 32
+let regs t = List.map ~f:(reg t)
+let nums = array r8 "R" 24
+let wxyz = regs r8 [
+ "Wlo"; "Whi";
+ "Xlo"; "Xhi";
+ "Ylo"; "Yhi";
+ "Zlo"; "Zhi";
+ ]
+let gpr = nums @< wxyz
 let sp = reg r16 "SP"
-let flags = List.map ~f:(reg bool) [
+let flags = regs bool [
  "CF"; "ZF"; "NF"; "VF"; "SF"; "HF"; "TF"; "IF"
  ]
 
+
 let datas = Theory.Mem.define r16 r8
 let codes = Theory.Mem.define r16 r16
 
 let data = reg datas "data"
 let code = reg codes "code"
 
-let parent = Theory.Target.declare ~package "avr"
+let parent = Theory.Target.declare ~package "avr8"
  ~bits:8
  ~byte:8
  ~endianness:Theory.Endianness.le
 
-let atmega328 = Theory.Target.declare ~package "ATmega328"
+
+let tiny = Theory.Target.declare ~package "avr8-tiny"
  ~parent
  ~data
  ~code
  ~vars:(gpr @< [sp] @< flags @< [data] @< [code])
 
+let mega = Theory.Target.declare ~package "avr8-mega"
+ ~parent:tiny
+
+let xmega = Theory.Target.declare ~package "avr8-xmega"
+ ~parent:mega
+
+module Gcc = struct
+ let abi = Theory.Abi.declare ~package "avr-gcc"
+ let wreg = regs r8 ["Whi"; "Wlo"]
+ let args = wreg @ array ~rev:true ~start:23 r8 "R" 16
+ let rets = wreg @ array ~rev:true ~start:23 r8 "R" 6
+ let regs = Theory.Role.Register.[
+ [general; integer], gpr;
+ [function_argument], untyped args;
+ [function_return], untyped rets;
+ [stack_pointer], untyped [sp];
+ [caller_saved], rets @< regs r8 ["R0"; "Xlo"; "Xhi"; "Zlo"; "Zhi"];
+ [callee_saved], array ~start:1 r8 "R" 17 @< regs r8 ["Ylo"; "Yhi"];
+ ]
+
+ let target parent name =
+ Theory.Target.declare ~package name ~regs ~parent ~abi
+
+ let tiny = target tiny "avr8-tiny-gcc"
+ let mega = target mega "avr8-mega-gcc"
+ let xmega = target xmega "avr8-xmega-gcc"
+end
+
+
+
 let pcode =
  Theory.Language.declare ~package:"bap" "pcode-avr"
 
@@ -69,7 +114,7 @@ let enable_loader () =
  | Ok arch -> arch in
  KB.promise Theory.Unit.target @@ fun unit ->
  KB.collect Image.Spec.slot unit >>| request_arch >>| function
- | Some "avr" -> atmega328
+ | Some "avr" -> Gcc.mega
  | _ -> Theory.Target.unknown
 
 

diff --git a/lib/bap_avr/bap_avr_target.mli b/lib/bap_avr/bap_avr_target.mli
@@ -1,5 +1,21 @@
 open Bap_core_theory
 
-val parent : Theory.target
 
 val load : unit -> unit
+
+type r8
+type reg = r8 Theory.Bitv.t Theory.var
+
+val parent : Theory.target
+
+val tiny : Theory.target
+val mega : Theory.target
+val xmega : Theory.target
+
+module Gcc : sig
+ val args : reg list
+ val rets : reg list
+ val tiny : Theory.target
+ val mega : Theory.target
+ val xmega : Theory.target
+end
diff --git a/oasis/avr b/oasis/avr
@@ -14,7 +14,7 @@ Library avr_plugin
  XMETADescription: provide Avr lifter
  Path: plugins/avr
  Build$: flag(everything) || flag(avr)
- BuildDepends: bap-main, bap-avr
+ BuildDepends: bap-main, bap-avr, bap, bap-core-theory
  FindlibName: bap-plugin-avr
  InternalModules: Avr_main
  XMETAExtraLines: tags="avr, lifter, atmega"
diff --git a/plugins/avr/avr_main.ml b/plugins/avr/avr_main.ml
@@ -1,12 +1,47 @@
 open Bap_main
+open Bap_core_theory
+
+module AT = Bap_avr_target
+
+module Abi = struct
+ open Bap_c.Std
+
+ module Arg = C.Abi.Arg
+ open Arg.Let
+ open Arg.Syntax
+
+ let model = new C.Size.base `LP32
+
+ let define t =
+ C.Abi.define t model @@ fun _ {C.Type.Proto.return=r; args} ->
+ let* iregs = Arg.Arena.create AT.Gcc.args in
+ let* irets = Arg.Arena.create AT.Gcc.rets in
+ let pass_via regs (_,t) =
+ let open Arg in
+ choice [
+ sequence [
+ align_even regs;
+ registers regs t;
+ ];
+ sequence [
+ deplet regs;
+ memory t;
+ ]
+ ] in
+ let args = Arg.List.iter args ~f:(pass_via iregs) in
+ let return = match r with
+ | `Void -> None
+ | r -> Some (pass_via irets ("",r)) in
+ Arg.define ?return args
+
+ let setup () =
+ List.iter define AT.Gcc.[tiny; mega; xmega]
+end
 
 let main _ctxt =
- Bap_avr_target.load ();
+ AT.load ();
+ Abi.setup ();
  Ok ()
 
-
 let () = Bap_main.Extension.declare main
- ~provides:[
- "avr";
- "lifter";
- ]
+ ~provides:["avr"; "lifter"; "disassembler"]