OpenCores
URL https://opencores.org/ocsvn/ao486/ao486/trunk

Subversion Repositories ao486

[/] [ao486/] [trunk/] [ao486_tool/] [src/] [ao486/] [test/] [branch/] [TestCALL_protected_seg.java] - Blame information for rev 2

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 2 alfik 
/*
2 
 * Copyright (c) 2014, Aleksander Osman
3 
 * All rights reserved.
4 
 *
5 
 * Redistribution and use in source and binary forms, with or without
6 
 * modification, are permitted provided that the following conditions are met:
7 
 *
8 
 * * Redistributions of source code must retain the above copyright notice, this
9 
 *   list of conditions and the following disclaimer.
10 
 *
11 
 * * Redistributions in binary form must reproduce the above copyright notice,
12 
 *   this list of conditions and the following disclaimer in the documentation
13 
 *   and/or other materials provided with the distribution.
14 
 *
15 
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
16 
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
18 
 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
19 
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
21 
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
22 
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
23 
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
24 
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 
 */
26 
 
27 
package ao486.test.branch;
28 
 
29 
import ao486.test.TestUnit;
30 
import ao486.test.layers.DescriptorTableLayer;
31 
import ao486.test.layers.EffectiveAddressLayerFactory;
32 
import ao486.test.layers.FlagsLayer;
33 
import ao486.test.layers.GeneralRegisterLayer;
34 
import ao486.test.layers.HandleModeChangeLayer;
35 
import ao486.test.layers.IOLayer;
36 
import ao486.test.layers.InstructionLayer;
37 
import ao486.test.layers.Layer;
38 
import ao486.test.layers.MemoryLayer;
39 
import ao486.test.layers.MemoryPatchLayer;
40 
import ao486.test.layers.OtherLayer;
41 
import ao486.test.layers.Pair;
42 
import ao486.test.layers.SegmentLayer;
43 
import ao486.test.layers.StackLayer;
44 
import java.io.*;
45 
import java.util.LinkedList;
46 
import java.util.Random;
47 
 
48 
 
49 
public class TestCALL_protected_seg extends TestUnit implements Serializable {
50 
    public static void main(String args[]) throws Exception {
51 
        run_test(TestCALL_protected_seg.class);
52 
    }
53 
 
54 
    public TestCALL_protected_seg() {
55 
 
56 
    }
57 
 
58 
    //--------------------------------------------------------------------------
59 
    @Override
60 
    public int get_test_count() throws Exception {
61 
        return 100;
62 
    }
63 
 
64 
    @Override
65 
    public void init() throws Exception {
66 
 
67 
        random = new Random(24+index);
68 
 
69 
        String instruction;
70 
        while(true) {
71 
            layers.clear();
72 
 
73 
            LinkedList<Pair<Long, Long>> prohibited_list = new LinkedList<>();
74 
 
75 
            InstructionLayer instr = new InstructionLayer(random, prohibited_list);
76 
            layers.add(instr);
77 
            StackLayer stack = new StackLayer(random, prohibited_list);
78 
            layers.add(stack);
79 
            layers.add(new OtherLayer(OtherLayer.Type.PROTECTED_OR_V8086, random));
80 
            layers.add(new FlagsLayer(FlagsLayer.Type.NOT_V8086, random));
81 
            layers.add(new GeneralRegisterLayer(random));
82 
            layers.add(new SegmentLayer(random));
83 
            layers.add(new MemoryLayer(random));
84 
            layers.add(new IOLayer(random));
85 
            layers.addFirst(new HandleModeChangeLayer(
86 
                    getInput("cr0_pe"),
87 
                    getInput("vmflag"),
88 
                    getInput("cs_rpl"),
89 
                    getInput("cs_p"),
90 
                    getInput("cs_s"),
91 
                    getInput("cs_type")
92 
            ));
93 
 
94 
            // instruction size
95 
            boolean cs_d_b = getInput("cs_d_b") == 1;
96 
 
97 
            boolean a32 = random.nextBoolean();
98 
            boolean o32 = random.nextBoolean();
99 
 
100 
 
101 
            long new_eip = 0;
102 
            long new_cs  = random.nextInt(4);
103 
 
104 
            /*
105 
            * 0. cs_selector null
106 
            * 1. cs_descriptor out of bounds
107 
            * 2. valid and check_cs
108 
            * 3. eip not in limits
109 
            *
110 
            * 4. all ok
111 
            */
112 
 
113 
            int test_type = random.nextInt(5);
114 
            System.out.println("Running test type: " + test_type);
115 
 
116 
            if(test_type == 0) {
117 
                // nothing
118 
            }
119 
            else if(test_type == 1) {
120 
                boolean ldtr_valid = random.nextInt(5) != 0;
121 
 
122 
                DescriptorTableLayer tables = new DescriptorTableLayer(random, prohibited_list, ldtr_valid);
123 
 
124 
                boolean is_ldt = (ldtr_valid == false)? false : random.nextBoolean();
125 
 
126 
                int index = tables.getOutOfBoundsIndex(is_ldt);
127 
                if(index == -1) continue;
128 
 
129 
                index = index << 3;
130 
                if(is_ldt) index |= 4;
131 
 
132 
                index |= random.nextInt(4);
133 
 
134 
                new_cs = index;
135 
 
136 
                layers.addFirst(tables);
137 
            }
138 
            else if(test_type >= 2) {
139 
                DescriptorTableLayer tables = new DescriptorTableLayer(random, prohibited_list, true);
140 
 
141 
                boolean is_ldt = random.nextBoolean();
142 
 
143 
                boolean conds[] = new boolean[6];
144 
                int cond = 1 << random.nextInt(conds.length);
145 
                if(test_type >= 3) cond = 0;
146 
 
147 
                int     new_cs_rpl  = 0;
148 
                int     old_cs_rpl  = 0;
149 
                boolean new_cs_seg  = false;
150 
                int     new_cs_type = 0;
151 
                int     new_cs_dpl  = 0;
152 
                boolean new_cs_p    = false;
153 
 
154 
                do {
155 
                    new_cs_rpl  = random.nextInt(4);
156 
                    old_cs_rpl  = random.nextInt(4);
157 
                    new_cs_seg  = random.nextBoolean();
158 
                    new_cs_type = random.nextInt(16);
159 
                    new_cs_dpl  = random.nextInt(4);
160 
                    new_cs_p    = random.nextBoolean();
161 
 
162 
                    //not valid
163 
                    conds[0] = new_cs_seg == false && (new_cs_type == 0 || new_cs_type == 8 || new_cs_type == 10 || new_cs_type == 13);
164 
                    //check_cs()
165 
                    //segment always set --- new_cs_seg == false;
166 
                    conds[1] = ((new_cs_type >> 3)&1) == 0; // is data segment
167 
                    conds[2] = ((new_cs_type >> 3)&1) == 1 && ((new_cs_type >> 2)&1) == 0 && new_cs_dpl != old_cs_rpl; // code non conforming 1
168 
                    conds[3] = ((new_cs_type >> 3)&1) == 1 && ((new_cs_type >> 2)&1) == 0 && new_cs_rpl > old_cs_rpl; // code non conforming 2
169 
                    conds[4] = ((new_cs_type >> 3)&1) == 1 && ((new_cs_type >> 2)&1) == 1 && new_cs_dpl > old_cs_rpl;  // code conforming
170 
                    conds[5] = new_cs_p == false;
171 
                }
172 
                while(!isAccepted(cond, conds[0],conds[1],conds[2],conds[3],conds[4],conds[5]));
173 
 
174 
                if(new_cs_seg == false && new_cs_type != 0 && new_cs_type != 8 && new_cs_type != 10 && new_cs_type != 13) new_cs_seg = true;
175 
 
176 
                long new_cs_base, new_cs_limit;
177 
                boolean new_cs_g;
178 
                while(true) {
179 
                    new_cs_base = Layer.norm(random.nextInt());
180 
                    new_cs_g    = random.nextBoolean();
181 
 
182 
                    new_cs_limit = random.nextInt(new_cs_g? 0xF : 0xFFFF);
183 
                    if(new_cs_g) new_cs_limit = (new_cs_limit << 12) | 0xFFF;
184 
 
185 
                    if( new_cs_base + new_cs_limit < 4294967296L &&
186 
                        Layer.collides(prohibited_list, (int)new_cs_base, (int)(new_cs_base + new_cs_limit)) == false
187 
                    ) break;
188 
                }
189 
 
190 
                boolean new_cs_d_b = random.nextBoolean();
191 
                boolean new_cs_l   = random.nextBoolean();
192 
                boolean new_cs_avl = random.nextBoolean();
193 
                long new_cs_limit_final = new_cs_g? new_cs_limit >> 12 : new_cs_limit;
194 
                Descriptor cs_desc = new Descriptor((int)new_cs_base, (int)new_cs_limit_final, new_cs_type, new_cs_seg, new_cs_p, new_cs_dpl, new_cs_d_b, new_cs_g, new_cs_l, new_cs_avl);
195 
 
196 
System.out.printf("cs_desc: ");
197 
for(int i=0; i<8; i++) System.out.printf("%02x ", cs_desc.get_byte(i));
198 
System.out.printf("\n");
199 
 
200 
                final int old_cs_rpl_final = old_cs_rpl;
201 
                Layer cs_rpl_layer = new Layer() {
202 
                    long cs_rpl() { return old_cs_rpl_final; }
203 
                };
204 
                layers.addFirst(cs_rpl_layer);
205 
 
206 
                int index = tables.addDescriptor(is_ldt, cs_desc);
207 
                if(index == -1) continue;
208 
 
209 
                index = index << 3;
210 
                if(is_ldt) index |= 4;
211 
 
212 
                index |= new_cs_rpl;
213 
 
214 
                new_cs = index;
215 
 
216 
                layers.addFirst(tables);
217 
 
218 
System.out.printf("cond: %d\n", cond);
219 
 
220 
                if(test_type == 3) {
221 
                    while(true) {
222 
                        new_eip = new_cs_limit + 1 + random.nextInt(10);
223 
 
224 
                        if(o32 == false) new_eip &= 0xFFFF;
225 
 
226 
                        if(new_eip > new_cs_limit) break;
227 
                    }
228 
                    if(o32 == false) new_eip |= (random.nextInt() & 0xFFFF0000);
229 
                }
230 
                else if(test_type == 4) {
231 
                    while(true) {
232 
                        new_eip = Layer.norm(random.nextInt((int)new_cs_limit+1));
233 
 
234 
                        if(o32 == false) new_eip &= 0xFFFF;
235 
 
236 
                        if(new_eip <= new_cs_limit) break;
237 
                    }
238 
 
239 
                    long dest = new_cs_base + new_eip;
240 
                    // adding always possible
241 
                    MemoryPatchLayer patch = new MemoryPatchLayer(random, prohibited_list, (int)dest, 0x0F,0x0F);
242 
                    layers.addFirst(patch);
243 
 
244 
                    if(o32 == false) new_eip |= (random.nextInt() & 0xFFFF0000);
245 
System.out.printf("new_cs_base: %08x, new_cs_limit: %08x\n", new_cs_base, new_cs_limit);
246 
                }
247 
 
248 
            }
249 
 
250 
            // instruction
251 
            byte extra_bytes[] = null;
252 
 
253 
            boolean is_Ep = random.nextBoolean();
254 
 
255 
            if(is_Ep) {
256 
                byte modregrm_bytes[] = EffectiveAddressLayerFactory.prepare(
257 
                        o32? (((new_cs & 0xFFFF) << 32) | (new_eip & 0xFFFFFFFF)) : (((new_cs & 0xFFFF) << 16) | (new_eip & 0xFFFF)),
258 
                        3, EffectiveAddressLayerFactory.modregrm_reg_t.SET,
259 
                        o32? 6 : 4, a32,
260 
                        layers, random, this, true, false);
261 
                extra_bytes = modregrm_bytes;
262 
            }
263 
            else {
264 
                long immediate = o32? (((new_cs & 0xFFFF) << 32) | (new_eip & 0xFFFFFFFF)) : (((new_cs & 0xFFFF) << 16) | (new_eip & 0xFFFF));
265 
 
266 
                byte imm_bytes[] = new byte[o32? 6 : 4];
267 
                for(int i=0; i<imm_bytes.length; i++) {
268 
                    imm_bytes[i] = (byte)(immediate & 0xFF);
269 
                    immediate >>= 8;
270 
                }
271 
                extra_bytes = imm_bytes;
272 
            }
273 
 
274 
            instruction = prepare_instr(cs_d_b, a32, o32, extra_bytes, is_Ep);
275 
            instr.add_instruction(instruction);
276 
 
277 
            // end condition
278 
            break;
279 
        }
280 
 
281 
        System.out.println("Instruction: [" + instruction + "]");
282 
    }
283 
 
284 
    String prepare_instr(boolean cs_d_b, boolean a32, boolean o32, byte extra_bytes[], boolean is_Ep) throws Exception {
285 
        int opcodes[] = {
286 
            0xFF, 0x9A
287 
        };
288 
 
289 
        String prefix = "";
290 
        if(cs_d_b != o32) { prefix = "66" + prefix; }
291 
        if(cs_d_b != a32) { prefix = "67" + prefix; }
292 
 
293 
        int opcode = opcodes[is_Ep? 0 : 1];
294 
 
295 
        byte instr[] = new byte[1 + extra_bytes.length];
296 
        instr[0] = (byte)opcode;
297 
        System.arraycopy(extra_bytes, 0, instr, 1, extra_bytes.length);
298 
 
299 
        return prefix + bytesToHex(instr);
300 
    }
301 
 
302 
}

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.