x87 support about pharos HOT 6 CLOSED

Most of the floating point instructions aren't really supported because there's no symbolic IEEE floating point domain model in ROSE. There are few floating point instructions that interact with non-floating point instructions that are implemented just well enough to keep this deficiency from impacting "normal" function analysis "too badly". For example, we might know that the first instruction reads [esp]. Hopefully the end result is that we can just ignore most of these warnings, but they are essentially saying that the instruction was treated as if it had no semantic effect, and that's not likely to be a good thing. :-(

This message:

Replaced excessively large expression with v18926212[1]<unspec,f=10000>

rather cryptically means that while reasoning about the value of variable v18926212 things got hard so we gave up and replaced it with a fresh variable having a completely unknown symbolic value. The f=10000 flag is a marker for that case.

from pharos.

Replaced excessively large expression with v18926212[1]<unspec,f=10000>

rather cryptically means that while reasoning about the value of variable v18926212 things got hard so we gave up and replaced it with a fresh variable having a completely unknown symbolic value. The f=10000 flag is a marker for that case.

Yeah I'm not sure if it's related since I used multiple threads. There's no address to relate it.

from pharos.

I mispoke slightly. The large expression that was replaced might have involved variables from a very large number of instructions, each with different addresses and it was replaced with the new variable v18926212. That's why we can't really provide much more context. Sadly with the current code, it's really just a marker for "something went fairly wrong in the analysis of this function, and while your results might be ok, they also might not be."

from pharos.

I see that you opened an issue upstream with the ROSE developers and got a response from matzke1. Because we rely on ROSE for instruction semantics, we'll pick up support for missing instructions automatically when then implement them, but probably not before then. If there are specific instruction semantics that we/ROSE could implement easily I'd be willing to apply some pressure to get them accepted upstream, but without specific examples, I'm inclined to close this issue while waiting for ROSE updates. Feel free to reopen if you have larger failures caused by missing semantics.

from pharos.

Well I guess pharos doesn't need to see what exactly is computed, only the memory interactions to know the type of certain stack slots/variables? So it should be just fild/fist and double support for fstp:

Semantics exception: no dispatch ability for "fild" instruction: 4152BD: fild      [esp+0]
Semantics exception: 64-bit FP values not supported yet: 4152C3: fstp      [esp+0]

from pharos.

Yes. That's the attitude that we've taken so far with respect to floating point semantics. I'll ask the ROSE developers about these two instructions in particular (which seem like they should have at least partial support). Hopefully even in these case though, it doesn't have any dramatic effect on the results.

from pharos.