C++程序  |  226行  |  7.45 KB

/*
 * Copyright 2016, The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include <stdint.h>
#include <stdio.h>

#include "apf.h"

// If "c" is of an unsigned type, generate a compile warning that gets promoted to an error.
// This makes bounds checking simpler because ">= 0" can be avoided. Otherwise adding
// superfluous ">= 0" with unsigned expressions generates compile warnings.
#define ENFORCE_UNSIGNED(c) ((c)==(uint32_t)(c))

static void print_opcode(const char* opcode) {
  printf("%-6s", opcode);
}

// Mapping from opcode number to opcode name.
static const char* opcode_names [] = {
    [LDB_OPCODE] = "ldb",
    [LDH_OPCODE] = "ldh",
    [LDW_OPCODE] = "ldw",
    [LDBX_OPCODE] = "ldb",
    [LDHX_OPCODE] = "ldh",
    [LDWX_OPCODE] = "ldw",
    [ADD_OPCODE] = "add",
    [MUL_OPCODE] = "mul",
    [DIV_OPCODE] = "div",
    [AND_OPCODE] = "and",
    [OR_OPCODE] = "or",
    [SH_OPCODE] = "sh",
    [LI_OPCODE] = "li",
    [JMP_OPCODE] = "jmp",
    [JEQ_OPCODE] = "jeq",
    [JNE_OPCODE] = "jne",
    [JGT_OPCODE] = "jgt",
    [JLT_OPCODE] = "jlt",
    [JSET_OPCODE] = "jset",
    [JNEBS_OPCODE] = "jnebs",
    [LDDW_OPCODE] = "lddw",
    [STDW_OPCODE] = "stdw",
};

static void print_jump_target(uint32_t target, uint32_t program_len) {
    if (target == program_len) {
        printf("pass");
    } else if (target == program_len + 1) {
        printf("drop");
    } else {
        printf("%u", target);
    }
}

// Disassembles an APF program. A hex dump of the program is supplied on stdin.
//
// NOTE: This is a simple debugging tool not meant for shipping or production use.  It is by no
//       means hardened against malicious input and contains known vulnerabilities.
//
// Example usage:
// adb shell dumpsys wifi ipmanager | sed '/Last program:/,+1!d;/Last program:/d;s/[ ]*//' | out/host/linux-x86/bin/apf_disassembler
int main(void) {
  uint32_t program_len = 0;
  uint8_t program[10000];

  // Read in hex program bytes
  int byte;
  while (scanf("%2x", &byte) == 1 && program_len < sizeof(program)) {
      program[program_len++] = byte;
  }

  for (uint32_t pc = 0; pc < program_len;) {
      printf("%8u: ", pc);
      const uint8_t bytecode = program[pc++];
      const uint32_t opcode = EXTRACT_OPCODE(bytecode);
#define PRINT_OPCODE() print_opcode(opcode_names[opcode])
      const uint32_t reg_num = EXTRACT_REGISTER(bytecode);
      // All instructions have immediate fields, so load them now.
      const uint32_t len_field = EXTRACT_IMM_LENGTH(bytecode);
      uint32_t imm = 0;
      int32_t signed_imm = 0;
      if (len_field != 0) {
          const uint32_t imm_len = 1 << (len_field - 1);
          uint32_t i;
          for (i = 0; i < imm_len && pc < program_len; i++)
              imm = (imm << 8) | program[pc++];
          // Sign extend imm into signed_imm.
          signed_imm = imm << ((4 - imm_len) * 8);
          signed_imm >>= (4 - imm_len) * 8;
      }
      switch (opcode) {
          case LDB_OPCODE:
          case LDH_OPCODE:
          case LDW_OPCODE:
              PRINT_OPCODE();
              printf("r%d, [%u]", reg_num, imm);
              break;
          case LDBX_OPCODE:
          case LDHX_OPCODE:
          case LDWX_OPCODE:
              PRINT_OPCODE();
              printf("r%d, [%u+r1]", reg_num, imm);
              break;
          case JMP_OPCODE:
              PRINT_OPCODE();
              print_jump_target(pc + imm, program_len);
              break;
          case JEQ_OPCODE:
          case JNE_OPCODE:
          case JGT_OPCODE:
          case JLT_OPCODE:
          case JSET_OPCODE:
          case JNEBS_OPCODE: {
              PRINT_OPCODE();
              printf("r0, ");
              // Load second immediate field.
              uint32_t cmp_imm = 0;
              if (reg_num == 1) {
                  printf("r1, ");
              } else if (len_field == 0) {
                  printf("0, ");
              } else {
                  uint32_t cmp_imm_len = 1 << (len_field - 1);
                  uint32_t i;
                  for (i = 0; i < cmp_imm_len && pc < program_len; i++)
                      cmp_imm = (cmp_imm << 8) | program[pc++];
                  printf("0x%x, ", cmp_imm);
              }
              if (opcode == JNEBS_OPCODE) {
                  print_jump_target(pc + imm + cmp_imm, program_len);
                  printf(", ");
                  while (cmp_imm--)
                      printf("%02x", program[pc++]);
              } else {
                  print_jump_target(pc + imm, program_len);
              }
              break;
          }
          case ADD_OPCODE:
          case SH_OPCODE:
              PRINT_OPCODE();
              if (reg_num) {
                  printf("r0, r1");
              } else {
                  printf("r0, %d", signed_imm);
              }
              break;
          case MUL_OPCODE:
          case DIV_OPCODE:
          case AND_OPCODE:
          case OR_OPCODE:
              PRINT_OPCODE();
              if (reg_num) {
                  printf("r0, r1");
              } else {
                  printf("r0, %u", imm);
              }
              break;
          case LI_OPCODE:
              PRINT_OPCODE();
              printf("r%d, %d", reg_num, signed_imm);
              break;
          case EXT_OPCODE:
              if (
// If LDM_EXT_OPCODE is 0 and imm is compared with it, a compiler error will result,
// instead just enforce that imm is unsigned (so it's always greater or equal to 0).
#if LDM_EXT_OPCODE == 0
                  ENFORCE_UNSIGNED(imm) &&
#else
                  imm >= LDM_EXT_OPCODE &&
#endif
                  imm < (LDM_EXT_OPCODE + MEMORY_ITEMS)) {
                  print_opcode("ldm");
                  printf("r%d, m[%u]", reg_num, imm - LDM_EXT_OPCODE);
              } else if (imm >= STM_EXT_OPCODE && imm < (STM_EXT_OPCODE + MEMORY_ITEMS)) {
                  print_opcode("stm");
                  printf("r%d, m[%u]", reg_num, imm - STM_EXT_OPCODE);
              } else switch (imm) {
                  case NOT_EXT_OPCODE:
                      print_opcode("not");
                      printf("r%d", reg_num);
                      break;
                  case NEG_EXT_OPCODE:
                      print_opcode("neg");
                      printf("r%d", reg_num);
                      break;
                  case SWAP_EXT_OPCODE:
                      print_opcode("swap");
                      break;
                  case MOV_EXT_OPCODE:
                      print_opcode("mov");
                      printf("r%d, r%d", reg_num, reg_num ^ 1);
                      break;
                  default:
                      printf("unknown_ext %u", imm);
                      break;
              }
              break;
          case LDDW_OPCODE:
          case STDW_OPCODE:
              PRINT_OPCODE();
              printf("r%u, [%d+r%u]", reg_num, signed_imm, reg_num ^ 1);
              break;

          // Unknown opcode
          default:
              printf("unknown %u", opcode);
              break;
      }
      printf("\n");
  }
  return 0;
}