URL https://opencores.org/ocsvn/ao486/ao486/trunk

Subversion Repositories ao486

[/] [ao486/] [trunk/] [ao486_tool/] [src/] [ao486/] [test/] [interrupt/] [TestINT_INT3_INTO_INT1_int_trap_gate_more.java] - Blame information for rev 2

Details | Compare with Previous | View Log


/*
 * Copyright (c) 2014, Aleksander Osman
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * * Redistributions of source code must retain the above copyright notice, this
 *   list of conditions and the following disclaimer.
 *
 * * Redistributions in binary form must reproduce the above copyright notice,
 *   this list of conditions and the following disclaimer in the documentation
 *   and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 
package ao486.test.interrupt;
 
import ao486.test.TestUnit;
import ao486.test.layers.DescriptorTableLayer;
import ao486.test.layers.FlagsLayer;
import ao486.test.layers.GeneralRegisterLayer;
import ao486.test.layers.HandleModeChangeLayer;
import ao486.test.layers.IOLayer;
import ao486.test.layers.InstructionLayer;
import ao486.test.layers.Layer;
import ao486.test.layers.MemoryLayer;
import ao486.test.layers.MemoryPatchLayer;
import ao486.test.layers.OtherLayer;
import ao486.test.layers.Pair;
import ao486.test.layers.SegmentLayer;
import ao486.test.layers.StackLayer;
import ao486.test.layers.TSSCurrentLayer;
import java.io.*;
import java.util.LinkedList;
import java.util.Random;
 
 
public class TestINT_INT3_INTO_INT1_int_trap_gate_more extends TestUnit implements Serializable {
    public static void main(String args[]) throws Exception {
        run_test(TestINT_INT3_INTO_INT1_int_trap_gate_more.class);
    }
 
    //--------------------------------------------------------------------------
    @Override
    public int get_test_count() throws Exception {
        return 100;
    }
 
    @Override
    public void init() throws Exception {
 
        random = new Random(32 + index);
 
        String instruction;
        while(true) {
            layers.clear();
 
            /* 0 - interrupt/trap gate valid check
             * 1 - cs valid check
             * 2 - v8086 condition
             *
             * 3 - tss length
             * 4 - ss selector null
             * 5 - ss selector out of bounds
             * 6 - ss descriptor check
             * 7 - stack limit
             * 8 - eip out of bounds
             *
             * 9 - all ok
             *
             * TODO: push error test
             */
 
            int type = random.nextInt(10);
 
            boolean is_v8086 = (type == 2)? true : random.nextBoolean();
            boolean is_into = random.nextInt(3) == 0;
            boolean is_ib   = random.nextInt(3) == 0;
 
            LinkedList<Pair<Long, Long>> prohibited_list = new LinkedList<>();
 
            InstructionLayer instr = new InstructionLayer(random, prohibited_list);
            layers.add(instr);
            StackLayer stack = new StackLayer(random, prohibited_list);
            layers.add(stack);
            layers.add(new OtherLayer(OtherLayer.Type.PROTECTED_OR_V8086, random));
            layers.add(new FlagsLayer((is_v8086)? FlagsLayer.Type.V8086 : FlagsLayer.Type.NOT_V8086, random));
            layers.add(new GeneralRegisterLayer(random));
            layers.add(new SegmentLayer(random));
            layers.add(new MemoryLayer(random));
            layers.add(new IOLayer(random));
 
            layers.addFirst(new HandleModeChangeLayer(
                    getInput("cr0_pe"),
                    getInput("vmflag"),
                    getInput("cs_rpl"),
                    getInput("cs_p"),
                    getInput("cs_s"),
                    getInput("cs_type")
            ));
 
            // instruction size
            boolean cs_d_b = getInput("cs_d_b") == 1;
 
            boolean a32 = random.nextBoolean();
            boolean o32 = random.nextBoolean();
 
 
            instruction = prepare_instr(cs_d_b, a32, o32, is_into, is_ib);
            instr.add_instruction(instruction);
 
            //---------------
 
            DescriptorTableLayer tables = new DescriptorTableLayer(random, prohibited_list, true);
 
            //------------------------------------------------------------------
            //------------------------------------------------------------------
 
            // prepare cs descriptor
            boolean is_cs_ldt = random.nextBoolean();
 
            boolean conds[] = new boolean[4];
            int cond = 1 << random.nextInt(conds.length);
            if(type == 2) cond = 8;
            if(type >= 3) cond = 0;
 
            int     new_cs_rpl  = 0;
            boolean new_cs_seg  = false;
            int     new_cs_type = 0;
            int     new_cs_dpl  = 0;
            boolean new_cs_p    = false;
            int     old_cs_rpl  = 0;
 
            if( ((cond >> 3) & 1) == 1 && is_v8086 == false ) continue;
 
            do {
                do {
                    new_cs_seg  = random.nextBoolean();
                    new_cs_type = random.nextInt(16);
                    new_cs_p    = random.nextBoolean();
 
                    new_cs_rpl  = random.nextInt(4);
                    new_cs_dpl  = random.nextInt(4);
 
                    old_cs_rpl  = (is_v8086)? 3 : random.nextInt(4);
                }
                while( (((new_cs_type >> 2) & 1) == 0 && new_cs_dpl < old_cs_rpl) == false ); //non-conforming
 
                conds[0] = new_cs_seg == false;
                conds[1] = ((new_cs_type >> 3) & 1) == 0;
                conds[2] = new_cs_p == false;
                //conds[3] = new_cs_dpl > old_cs_rpl; //not possible; checked in task gate test
 
                conds[3] = is_v8086 && new_cs_dpl != 0;
            }
            while(!isAccepted(cond, conds[0],conds[1],conds[2],conds[3]));
 
System.out.printf("cond cs: %d\n", cond);
 
            long new_cs_base, new_cs_limit;
            boolean new_cs_g;
            while(true) {
                new_cs_base = Layer.norm(random.nextInt());
                new_cs_g    = random.nextBoolean();
 
                new_cs_limit = random.nextInt(new_cs_g? 0xF : 0xFFFF);
                if(new_cs_g) new_cs_limit = (new_cs_limit << 12) | 0xFFF;
 
                if( new_cs_base + new_cs_limit < 4294967296L &&
                    Layer.collides(prohibited_list, (int)new_cs_base, (int)(new_cs_base + new_cs_limit)) == false
                ) break;
            }
 
            boolean new_cs_d_b = random.nextBoolean();
            boolean new_cs_l   = random.nextBoolean();
            boolean new_cs_avl = random.nextBoolean();
            long new_cs_limit_final = new_cs_g? new_cs_limit >> 12 : new_cs_limit;
            Descriptor cs_desc = new Descriptor((int)new_cs_base, (int)new_cs_limit_final, new_cs_type, new_cs_seg, new_cs_p, new_cs_dpl, new_cs_d_b, new_cs_g, new_cs_l, new_cs_avl);
 
System.out.printf("cs_desc: ");
for(int i=0; i<8; i++) System.out.printf("%02x ", cs_desc.get_byte(i));
System.out.printf("\n");
 
            //-------
 
            int index = -1;
            if(type == 1 && random.nextInt(5) == 0) {
                index = random.nextInt(4);
            }
            else if(type == 1 && random.nextInt(5) == 0) {
                index = tables.getOutOfBoundsIndex(is_cs_ldt);
                if(index == -1) continue;
 
                index <<= 3;
                if(is_cs_ldt) index |= 4;
                index |= new_cs_rpl;
            }
            else {
                index = tables.addDescriptor(is_cs_ldt, cs_desc);
                if(index == -1) continue;
 
                index <<= 3;
                if(is_cs_ldt) index |= 4;
                index |= new_cs_rpl;
            }
            int cs_selector = index;
 
            //--------------------------------------------------------------
            // prepare ss descriptor
 
            boolean is_ss_ldt = random.nextBoolean();
 
            conds = new boolean[5];
            cond = 1 << random.nextInt(conds.length);
            if(type >= 7) cond = 0;
 
            int     new_ss_rpl  = 0;
            boolean new_ss_seg  = false;
            int     new_ss_type = 0;
            int     new_ss_dpl  = 0;
            boolean new_ss_p    = false;
 
            do {
                new_ss_seg  = random.nextBoolean();
                new_ss_type = random.nextInt(16);
 
                new_ss_rpl  = random.nextInt(4);
                new_ss_dpl  = random.nextInt(4);
                new_ss_p    = random.nextBoolean();
                is_ss_ldt   = random.nextBoolean();
 
                if(type >= 8) new_ss_type &= 0xB; // not expand-down
 
                conds[0] = new_ss_rpl != new_cs_dpl;
                conds[1] = new_ss_dpl != new_cs_dpl;
                conds[2] = new_ss_seg == false;
                conds[3] = ((new_ss_type >> 3)&1) == 1 || (((new_ss_type >> 3)&1) == 0 && ((new_ss_type >> 1)&1) == 0); // code or (data && ro)
                conds[4] = new_ss_p == false;
            }
            while(!isAccepted(cond, conds[0],conds[1],conds[2],conds[3],conds[4]));
 
            long new_ss_base, new_ss_limit;
            boolean new_ss_g;
            while(true) {
                new_ss_base = Layer.norm(random.nextInt());
                new_ss_g    = random.nextBoolean();
 
                new_ss_limit = random.nextInt(new_ss_g? 0xF : 0xFFFF);
                if(new_ss_g) new_ss_limit = (new_ss_limit << 12) | 0xFFF;
 
                if( new_ss_base + new_ss_limit < 4294967296L &&
                    Layer.collides(prohibited_list, (int)new_ss_base, (int)(new_ss_base + new_ss_limit)) == false
                ) break;
            }
            boolean new_ss_d_b = random.nextBoolean();
            boolean new_ss_l   = random.nextBoolean();
            boolean new_ss_avl = random.nextBoolean();
            long new_ss_limit_final = new_ss_g? new_ss_limit >> 12 : new_ss_limit;
            Descriptor ss_desc = new Descriptor((int)new_ss_base, (int)new_ss_limit_final, new_ss_type, new_ss_seg, new_ss_p, new_ss_dpl, new_ss_d_b, new_ss_g, new_ss_l, new_ss_avl);
 
System.out.printf("cond ss: %d\n", cond);
 
System.out.printf("ss_desc: ");
for(int i=0; i<8; i++) System.out.printf("%02x ", ss_desc.get_byte(i));
System.out.printf("\n");
 
            //---------------
            index = -1;
            if(type == 4) {
                index = random.nextInt(4);
            }
            else if(type == 5) {
                index = tables.getOutOfBoundsIndex(is_ss_ldt);
                if(index == -1) continue;
 
                index <<= 3;
                if(is_ss_ldt) index |= 4;
                index |= new_ss_rpl;
            }
            else {
                index = tables.addDescriptor(is_ss_ldt, ss_desc);
                if(index == -1) continue;
 
                index <<= 3;
                if(is_ss_ldt) index |= 4;
                index |= new_ss_rpl;
            }
            int ss_selector = index;
 
            //--------------------------------------------------------------
            // TSS segment contents
 
            int tss_type_val = random.nextInt(4);
            TSSCurrentLayer.Type tss_type =
                    (tss_type_val == 0)? TSSCurrentLayer.Type.ACTIVE_286 :
                    (tss_type_val == 1)? TSSCurrentLayer.Type.ACTIVE_386 :
                    (tss_type_val == 2)? TSSCurrentLayer.Type.BUSY_286 :
                                         TSSCurrentLayer.Type.BUSY_386;
 
            int tss_max_offset = (tss_type == TSSCurrentLayer.Type.ACTIVE_286 || tss_type == TSSCurrentLayer.Type.BUSY_286)? 2 + new_cs_dpl*4 + 4 : 4 + new_cs_dpl*8 + 8;
 
            int tss_limit = (type == 3)? random.nextInt(tss_max_offset-1) : tss_max_offset + random.nextInt(5);
 
            //Random random, TSSCurrentLayer.Type type, int limit, int selector, LinkedList<Pair<Integer, Integer>> prohibited_list
            TSSCurrentLayer current_tss = new TSSCurrentLayer(random, tss_type, tss_limit, random.nextInt(65536), prohibited_list);
 
            long new_esp =
                    (type == 7)? new_ss_limit + 1 + random.nextInt(5) : random.nextInt((new_ss_limit == 0)? 1 : (int)new_ss_limit);
 
            current_tss.add_ss_esp(new_cs_dpl, new_esp, ss_selector);
 
            layers.addFirst(current_tss);
 
 
            //--------------------------------------------------------------
            // prepare interrupt trap gate descriptor
 
            conds = new boolean[4];
            cond = 1 << random.nextInt(conds.length);
            if(type >= 1) cond = 0;
 
            boolean new_gate_seg  = false;
            int     new_gate_type = 0;
            int     new_gate_dpl  = 0;
            boolean new_gate_p    = false;
 
            do {
                new_gate_type = random.nextInt(16); //TASK_GATE: 0x5, 0x6,0x7, 0xE,0xF
 
                new_gate_dpl  = random.nextInt(4);
                new_gate_p    = random.nextBoolean();
                new_gate_seg  = random.nextBoolean();
 
                if(((cond & 1) == 1) && old_cs_rpl == 0) {
                    cond &= 0xFE;
                    cond |= 1 << (1 + random.nextInt(conds.length-1));
                }
 
                conds[0] = new_gate_dpl < old_cs_rpl;
                conds[1] = new_gate_p == false;
                conds[2] = new_gate_seg == true;
                conds[3] = new_gate_type != 0x5 && new_gate_type != 0x6 && new_gate_type != 0x7 && new_gate_type != 0xE && new_gate_type != 0xF;
            }
            while(!isAccepted(cond, conds[0],conds[1],conds[2],conds[3]));
 
            int types[] = { 0x6,0x7,0xE,0xF };
            if(type >= 1) new_gate_type = types[random.nextInt(types.length)];
 
            long new_gate_base  = cs_selector;
            long new_gate_limit = Layer.norm(random.nextInt(0xFFFFF+1));
            boolean new_gate_g  = random.nextBoolean();
 
            boolean new_gate_d_b = random.nextBoolean();
            boolean new_gate_l   = random.nextBoolean();
            boolean new_gate_avl = random.nextBoolean();
            long new_gate_limit_final = new_gate_g? new_gate_limit >> 12 : new_gate_limit;
            Descriptor gate_desc = new Descriptor((int)new_gate_base, (int)new_gate_limit_final, new_gate_type, new_gate_seg, new_gate_p, new_gate_dpl, new_gate_d_b, new_gate_g, new_gate_l, new_gate_avl);
 
System.out.printf("idt_desc: ");
for(int i=0; i<8; i++) System.out.printf("%02x ", gate_desc.get_byte(i));
System.out.printf("\n");
 
            final int old_cs_rpl_final = old_cs_rpl;
            Layer cs_rpl_layer = new Layer() {
                long cs_rpl() { return old_cs_rpl_final; }
            };
            layers.addFirst(cs_rpl_layer);
 
            //---------- prepare IDT and IDTR
            final int idtr_limit = vector * 8 + 7 + 1 + random.nextInt(5);
            Layer idtr_limit_layer = new Layer() {
                long idtr_limit() { return idtr_limit; }
            };
            layers.addFirst(idtr_limit_layer);
 
            // set idtr base
            long idtr_base;
            while(true) {
                idtr_base = Layer.norm(random.nextInt());
 
                if( idtr_base + idtr_limit < 4294967296L &&
                    Layer.collides(prohibited_list, (int)idtr_base, (int)(idtr_base + idtr_limit)) == false
                ) break;
            }
            prohibited_list.add(new Pair<>(idtr_base, idtr_base + idtr_limit));
 
            final long idtr_base_final = idtr_base;
            Layer idtr_base_layer = new Layer() {
                long idtr_base() { return idtr_base_final; }
            };
            layers.addFirst(idtr_base_layer);
 
 
            // eip limit
            long eip = 0;
            if(type == 8) {
                while(true) {
                    eip = new_cs_limit + 1 + random.nextInt(10);
 
                    if(new_gate_type < 0xE) eip &= 0xFFFF;
 
                    if(eip > new_cs_limit) break;
                }
                if(new_gate_type < 0xE) eip |= (random.nextInt() & 0xFFFF0000);
System.out.printf("eip: %08x, new_cs_limit: %08x, 286: %b\n", eip, new_cs_limit, new_gate_type < 0xE);
            }
            else {
                while(true) {
                    eip = Layer.norm(random.nextInt((int)new_cs_limit+1));
 
                    if(new_gate_type < 0xE) eip &= 0xFFFF;
 
                    if(eip <= new_cs_limit) break;
                }
                long dest = new_cs_base + eip;
                // adding always possible
                MemoryPatchLayer patch = new MemoryPatchLayer(random, prohibited_list, (int)dest, 0x0F,0x0F);
                layers.addFirst(patch);
 
                if(new_gate_type < 0xE) eip |= (random.nextInt() & 0xFFFF0000);
            }
            gate_desc.set_dest_offset(eip);
 
            // idt table entry
            MemoryPatchLayer int_patch = new MemoryPatchLayer(random, prohibited_list, (int)(idtr_base + 8*vector),
                    gate_desc.get_byte(0), gate_desc.get_byte(1), gate_desc.get_byte(2), gate_desc.get_byte(3),
                    gate_desc.get_byte(4), gate_desc.get_byte(5), gate_desc.get_byte(6), gate_desc.get_byte(7));
            layers.addFirst(int_patch);
 
 
System.out.printf("cond idt: %d, is_ib: %b\n", cond, is_ib);
 
            layers.addFirst(tables);
 
            //-------------------
 
            if(is_into) {
                Layer of_layer = new Layer() {
                    long oflag() { return 1; }
                };
                layers.addFirst(of_layer);
            }
            if(is_v8086) {
                Layer iopl_layer = new Layer() {
                    long iopl() { return 3; }
                };
                layers.addFirst(iopl_layer);
            }
 
            //------------------------------------------------------------------
            //------------------------------------------------------------------
 
 
            // end condition
            break;
        }
 
        System.out.println("Instruction: [" + instruction + "]");
    }
 
    String prepare_instr(boolean cs_d_b, boolean a32, boolean o32, boolean is_into, boolean is_ib) throws Exception {
        int opcodes[] = {
            0xCC,0xF1,0xCD,0xCE
        };
 
        String prefix = "";
        if(cs_d_b != o32) { prefix = "66" + prefix; }
        if(cs_d_b != a32) { prefix = "67" + prefix; }
 
        int opcode = opcodes[(is_into)? 3 : (is_ib)? 2 : random.nextInt(3)];
 
        int len = (opcode == 0xCD)? 2 : 1;
 
        byte instr[] = new byte[len];
        instr[0] = (byte)opcode;
        if(len >= 2) instr[1] = (byte)random.nextInt();
 
        if(opcode == 0xCC) vector = 3;
        if(opcode == 0xCD) vector = (instr[1] < 0)? instr[1] + 256 : instr[1];
        if(opcode == 0xCE) vector = 4;
        if(opcode == 0xF1) vector = 1;
 
        return prefix + bytesToHex(instr);
    }
    int vector;
 
}

Browse

Tools

Subversion Repositories ao486

[/] [ao486/] [trunk/] [ao486_tool/] [src/] [ao486/] [test/] [interrupt/] [TestINT_INT3_INTO_INT1_int_trap_gate_more.java] - Blame information for rev 2

Line No.	Rev	Author	Line
1	2	alfik	`/*`
2			`* Copyright (c) 2014, Aleksander Osman`
3			`* All rights reserved.`
4			`*`
5			`* Redistribution and use in source and binary forms, with or without`
6			`* modification, are permitted provided that the following conditions are met:`
7			`*`
8			`* * Redistributions of source code must retain the above copyright notice, this`
9			`* list of conditions and the following disclaimer.`
10			`*`
11			`* * Redistributions in binary form must reproduce the above copyright notice,`
12			`* this list of conditions and the following disclaimer in the documentation`
13			`* and/or other materials provided with the distribution.`
14			`*`
15			`* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"`
16			`* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE`
17			`* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE`
18			`* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE`
19			`* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL`
20			`* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR`
21			`* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER`
22			`* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,`
23			`* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE`
24			`* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.`
25			`*/`
26
27			`package ao486.test.interrupt;`
28
29			`import ao486.test.TestUnit;`
30			`import ao486.test.layers.DescriptorTableLayer;`
31			`import ao486.test.layers.FlagsLayer;`
32			`import ao486.test.layers.GeneralRegisterLayer;`
33			`import ao486.test.layers.HandleModeChangeLayer;`
34			`import ao486.test.layers.IOLayer;`
35			`import ao486.test.layers.InstructionLayer;`
36			`import ao486.test.layers.Layer;`
37			`import ao486.test.layers.MemoryLayer;`
38			`import ao486.test.layers.MemoryPatchLayer;`
39			`import ao486.test.layers.OtherLayer;`
40			`import ao486.test.layers.Pair;`
41			`import ao486.test.layers.SegmentLayer;`
42			`import ao486.test.layers.StackLayer;`
43			`import ao486.test.layers.TSSCurrentLayer;`
44			`import java.io.*;`
45			`import java.util.LinkedList;`
46			`import java.util.Random;`
47
48
49			`public class TestINT_INT3_INTO_INT1_int_trap_gate_more extends TestUnit implements Serializable {`
50			`public static void main(String args[]) throws Exception {`
51			`run_test(TestINT_INT3_INTO_INT1_int_trap_gate_more.class);`
52			`}`
53
54			`//--------------------------------------------------------------------------`
55			`@Override`
56			`public int get_test_count() throws Exception {`
57			`return 100;`
58			`}`
59
60			`@Override`
61			`public void init() throws Exception {`
62
63			`random = new Random(32 + index);`
64
65			`String instruction;`
66			`while(true) {`
67			`layers.clear();`
68
69			`/* 0 - interrupt/trap gate valid check`
70			`* 1 - cs valid check`
71			`* 2 - v8086 condition`
72			`*`
73			`* 3 - tss length`
74			`* 4 - ss selector null`
75			`* 5 - ss selector out of bounds`
76			`* 6 - ss descriptor check`
77			`* 7 - stack limit`
78			`* 8 - eip out of bounds`
79			`*`
80			`* 9 - all ok`
81			`*`
82			`* TODO: push error test`
83			`*/`
84
85			`int type = random.nextInt(10);`
86
87			`boolean is_v8086 = (type == 2)? true : random.nextBoolean();`
88			`boolean is_into = random.nextInt(3) == 0;`
89			`boolean is_ib = random.nextInt(3) == 0;`
90
91			`LinkedList<Pair<Long, Long>> prohibited_list = new LinkedList<>();`
92
93			`InstructionLayer instr = new InstructionLayer(random, prohibited_list);`
94			`layers.add(instr);`
95			`StackLayer stack = new StackLayer(random, prohibited_list);`
96			`layers.add(stack);`
97			`layers.add(new OtherLayer(OtherLayer.Type.PROTECTED_OR_V8086, random));`
98			`layers.add(new FlagsLayer((is_v8086)? FlagsLayer.Type.V8086 : FlagsLayer.Type.NOT_V8086, random));`
99			`layers.add(new GeneralRegisterLayer(random));`
100			`layers.add(new SegmentLayer(random));`
101			`layers.add(new MemoryLayer(random));`
102			`layers.add(new IOLayer(random));`
103
104			`layers.addFirst(new HandleModeChangeLayer(`
105			`getInput("cr0_pe"),`
106			`getInput("vmflag"),`
107			`getInput("cs_rpl"),`
108			`getInput("cs_p"),`
109			`getInput("cs_s"),`
110			`getInput("cs_type")`
111			`));`
112
113			`// instruction size`
114			`boolean cs_d_b = getInput("cs_d_b") == 1;`
115
116			`boolean a32 = random.nextBoolean();`
117			`boolean o32 = random.nextBoolean();`
118
119
120			`instruction = prepare_instr(cs_d_b, a32, o32, is_into, is_ib);`
121			`instr.add_instruction(instruction);`
122
123			`//---------------`
124
125			`DescriptorTableLayer tables = new DescriptorTableLayer(random, prohibited_list, true);`
126
127			`//------------------------------------------------------------------`
128			`//------------------------------------------------------------------`
129
130			`// prepare cs descriptor`
131			`boolean is_cs_ldt = random.nextBoolean();`
132
133			`boolean conds[] = new boolean[4];`
134			`int cond = 1 << random.nextInt(conds.length);`
135			`if(type == 2) cond = 8;`
136			`if(type >= 3) cond = 0;`
137
138			`int new_cs_rpl = 0;`
139			`boolean new_cs_seg = false;`
140			`int new_cs_type = 0;`
141			`int new_cs_dpl = 0;`
142			`boolean new_cs_p = false;`
143			`int old_cs_rpl = 0;`
144
145			`if( ((cond >> 3) & 1) == 1 && is_v8086 == false ) continue;`
146
147			`do {`
148			`do {`
149			`new_cs_seg = random.nextBoolean();`
150			`new_cs_type = random.nextInt(16);`
151			`new_cs_p = random.nextBoolean();`
152
153			`new_cs_rpl = random.nextInt(4);`
154			`new_cs_dpl = random.nextInt(4);`
155
156			`old_cs_rpl = (is_v8086)? 3 : random.nextInt(4);`
157			`}`
158			`while( (((new_cs_type >> 2) & 1) == 0 && new_cs_dpl < old_cs_rpl) == false ); //non-conforming`
159
160			`conds[0] = new_cs_seg == false;`
161			`conds[1] = ((new_cs_type >> 3) & 1) == 0;`
162			`conds[2] = new_cs_p == false;`
163			`//conds[3] = new_cs_dpl > old_cs_rpl; //not possible; checked in task gate test`
164
165			`conds[3] = is_v8086 && new_cs_dpl != 0;`
166			`}`
167			`while(!isAccepted(cond, conds[0],conds[1],conds[2],conds[3]));`
168
169			`System.out.printf("cond cs: %d\n", cond);`
170
171			`long new_cs_base, new_cs_limit;`
172			`boolean new_cs_g;`
173			`while(true) {`
174			`new_cs_base = Layer.norm(random.nextInt());`
175			`new_cs_g = random.nextBoolean();`
176
177			`new_cs_limit = random.nextInt(new_cs_g? 0xF : 0xFFFF);`
178			`if(new_cs_g) new_cs_limit = (new_cs_limit << 12) \| 0xFFF;`
179
180			`if( new_cs_base + new_cs_limit < 4294967296L &&`
181			`Layer.collides(prohibited_list, (int)new_cs_base, (int)(new_cs_base + new_cs_limit)) == false`
182			`) break;`
183			`}`
184
185			`boolean new_cs_d_b = random.nextBoolean();`
186			`boolean new_cs_l = random.nextBoolean();`
187			`boolean new_cs_avl = random.nextBoolean();`
188			`long new_cs_limit_final = new_cs_g? new_cs_limit >> 12 : new_cs_limit;`
189			`Descriptor cs_desc = new Descriptor((int)new_cs_base, (int)new_cs_limit_final, new_cs_type, new_cs_seg, new_cs_p, new_cs_dpl, new_cs_d_b, new_cs_g, new_cs_l, new_cs_avl);`
190
191			`System.out.printf("cs_desc: ");`
192			`for(int i=0; i<8; i++) System.out.printf("%02x ", cs_desc.get_byte(i));`
193			`System.out.printf("\n");`
194
195			`//-------`
196
197			`int index = -1;`
198			`if(type == 1 && random.nextInt(5) == 0) {`
199			`index = random.nextInt(4);`
200			`}`
201			`else if(type == 1 && random.nextInt(5) == 0) {`
202			`index = tables.getOutOfBoundsIndex(is_cs_ldt);`
203			`if(index == -1) continue;`
204
205			`index <<= 3;`
206			`if(is_cs_ldt) index \|= 4;`
207			`index \|= new_cs_rpl;`
208			`}`
209			`else {`
210			`index = tables.addDescriptor(is_cs_ldt, cs_desc);`
211			`if(index == -1) continue;`
212
213			`index <<= 3;`
214			`if(is_cs_ldt) index \|= 4;`
215			`index \|= new_cs_rpl;`
216			`}`
217			`int cs_selector = index;`
218
219			`//--------------------------------------------------------------`
220			`// prepare ss descriptor`
221
222			`boolean is_ss_ldt = random.nextBoolean();`
223
224			`conds = new boolean[5];`
225			`cond = 1 << random.nextInt(conds.length);`
226			`if(type >= 7) cond = 0;`
227
228			`int new_ss_rpl = 0;`
229			`boolean new_ss_seg = false;`
230			`int new_ss_type = 0;`
231			`int new_ss_dpl = 0;`
232			`boolean new_ss_p = false;`
233
234			`do {`
235			`new_ss_seg = random.nextBoolean();`
236			`new_ss_type = random.nextInt(16);`
237
238			`new_ss_rpl = random.nextInt(4);`
239			`new_ss_dpl = random.nextInt(4);`
240			`new_ss_p = random.nextBoolean();`
241			`is_ss_ldt = random.nextBoolean();`
242
243			`if(type >= 8) new_ss_type &= 0xB; // not expand-down`
244
245			`conds[0] = new_ss_rpl != new_cs_dpl;`
246			`conds[1] = new_ss_dpl != new_cs_dpl;`
247			`conds[2] = new_ss_seg == false;`
248			`conds[3] = ((new_ss_type >> 3)&1) == 1 \|\| (((new_ss_type >> 3)&1) == 0 && ((new_ss_type >> 1)&1) == 0); // code or (data && ro)`
249			`conds[4] = new_ss_p == false;`
250			`}`
251			`while(!isAccepted(cond, conds[0],conds[1],conds[2],conds[3],conds[4]));`
252
253			`long new_ss_base, new_ss_limit;`
254			`boolean new_ss_g;`
255			`while(true) {`
256			`new_ss_base = Layer.norm(random.nextInt());`
257			`new_ss_g = random.nextBoolean();`
258
259			`new_ss_limit = random.nextInt(new_ss_g? 0xF : 0xFFFF);`
260			`if(new_ss_g) new_ss_limit = (new_ss_limit << 12) \| 0xFFF;`
261
262			`if( new_ss_base + new_ss_limit < 4294967296L &&`
263			`Layer.collides(prohibited_list, (int)new_ss_base, (int)(new_ss_base + new_ss_limit)) == false`
264			`) break;`
265			`}`
266			`boolean new_ss_d_b = random.nextBoolean();`
267			`boolean new_ss_l = random.nextBoolean();`
268			`boolean new_ss_avl = random.nextBoolean();`
269			`long new_ss_limit_final = new_ss_g? new_ss_limit >> 12 : new_ss_limit;`
270			`Descriptor ss_desc = new Descriptor((int)new_ss_base, (int)new_ss_limit_final, new_ss_type, new_ss_seg, new_ss_p, new_ss_dpl, new_ss_d_b, new_ss_g, new_ss_l, new_ss_avl);`
271
272			`System.out.printf("cond ss: %d\n", cond);`
273
274			`System.out.printf("ss_desc: ");`
275			`for(int i=0; i<8; i++) System.out.printf("%02x ", ss_desc.get_byte(i));`
276			`System.out.printf("\n");`
277
278			`//---------------`
279			`index = -1;`
280			`if(type == 4) {`
281			`index = random.nextInt(4);`
282			`}`
283			`else if(type == 5) {`
284			`index = tables.getOutOfBoundsIndex(is_ss_ldt);`
285			`if(index == -1) continue;`
286
287			`index <<= 3;`
288			`if(is_ss_ldt) index \|= 4;`
289			`index \|= new_ss_rpl;`
290			`}`
291			`else {`
292			`index = tables.addDescriptor(is_ss_ldt, ss_desc);`
293			`if(index == -1) continue;`
294
295			`index <<= 3;`
296			`if(is_ss_ldt) index \|= 4;`
297			`index \|= new_ss_rpl;`
298			`}`
299			`int ss_selector = index;`
300
301			`//--------------------------------------------------------------`
302			`// TSS segment contents`
303
304			`int tss_type_val = random.nextInt(4);`
305			`TSSCurrentLayer.Type tss_type =`
306			`(tss_type_val == 0)? TSSCurrentLayer.Type.ACTIVE_286 :`
307			`(tss_type_val == 1)? TSSCurrentLayer.Type.ACTIVE_386 :`
308			`(tss_type_val == 2)? TSSCurrentLayer.Type.BUSY_286 :`
309			`TSSCurrentLayer.Type.BUSY_386;`
310
311			`int tss_max_offset = (tss_type == TSSCurrentLayer.Type.ACTIVE_286 \|\| tss_type == TSSCurrentLayer.Type.BUSY_286)? 2 + new_cs_dpl4 + 4 : 4 + new_cs_dpl8 + 8;`
312
313			`int tss_limit = (type == 3)? random.nextInt(tss_max_offset-1) : tss_max_offset + random.nextInt(5);`
314
315			`//Random random, TSSCurrentLayer.Type type, int limit, int selector, LinkedList<Pair<Integer, Integer>> prohibited_list`
316			`TSSCurrentLayer current_tss = new TSSCurrentLayer(random, tss_type, tss_limit, random.nextInt(65536), prohibited_list);`
317
318			`long new_esp =`
319			`(type == 7)? new_ss_limit + 1 + random.nextInt(5) : random.nextInt((new_ss_limit == 0)? 1 : (int)new_ss_limit);`
320
321			`current_tss.add_ss_esp(new_cs_dpl, new_esp, ss_selector);`
322
323			`layers.addFirst(current_tss);`
324
325
326			`//--------------------------------------------------------------`
327			`// prepare interrupt trap gate descriptor`
328
329			`conds = new boolean[4];`
330			`cond = 1 << random.nextInt(conds.length);`
331			`if(type >= 1) cond = 0;`
332
333			`boolean new_gate_seg = false;`
334			`int new_gate_type = 0;`
335			`int new_gate_dpl = 0;`
336			`boolean new_gate_p = false;`
337
338			`do {`
339			`new_gate_type = random.nextInt(16); //TASK_GATE: 0x5, 0x6,0x7, 0xE,0xF`
340
341			`new_gate_dpl = random.nextInt(4);`
342			`new_gate_p = random.nextBoolean();`
343			`new_gate_seg = random.nextBoolean();`
344
345			`if(((cond & 1) == 1) && old_cs_rpl == 0) {`
346			`cond &= 0xFE;`
347			`cond \|= 1 << (1 + random.nextInt(conds.length-1));`
348			`}`
349
350			`conds[0] = new_gate_dpl < old_cs_rpl;`
351			`conds[1] = new_gate_p == false;`
352			`conds[2] = new_gate_seg == true;`
353			`conds[3] = new_gate_type != 0x5 && new_gate_type != 0x6 && new_gate_type != 0x7 && new_gate_type != 0xE && new_gate_type != 0xF;`
354			`}`
355			`while(!isAccepted(cond, conds[0],conds[1],conds[2],conds[3]));`
356
357			`int types[] = { 0x6,0x7,0xE,0xF };`
358			`if(type >= 1) new_gate_type = types[random.nextInt(types.length)];`
359
360			`long new_gate_base = cs_selector;`
361			`long new_gate_limit = Layer.norm(random.nextInt(0xFFFFF+1));`
362			`boolean new_gate_g = random.nextBoolean();`
363
364			`boolean new_gate_d_b = random.nextBoolean();`
365			`boolean new_gate_l = random.nextBoolean();`
366			`boolean new_gate_avl = random.nextBoolean();`
367			`long new_gate_limit_final = new_gate_g? new_gate_limit >> 12 : new_gate_limit;`
368			`Descriptor gate_desc = new Descriptor((int)new_gate_base, (int)new_gate_limit_final, new_gate_type, new_gate_seg, new_gate_p, new_gate_dpl, new_gate_d_b, new_gate_g, new_gate_l, new_gate_avl);`
369
370			`System.out.printf("idt_desc: ");`
371			`for(int i=0; i<8; i++) System.out.printf("%02x ", gate_desc.get_byte(i));`
372			`System.out.printf("\n");`
373
374			`final int old_cs_rpl_final = old_cs_rpl;`
375			`Layer cs_rpl_layer = new Layer() {`
376			`long cs_rpl() { return old_cs_rpl_final; }`
377			`};`
378			`layers.addFirst(cs_rpl_layer);`
379
380			`//---------- prepare IDT and IDTR`
381			`final int idtr_limit = vector * 8 + 7 + 1 + random.nextInt(5);`
382			`Layer idtr_limit_layer = new Layer() {`
383			`long idtr_limit() { return idtr_limit; }`
384			`};`
385			`layers.addFirst(idtr_limit_layer);`
386
387			`// set idtr base`
388			`long idtr_base;`
389			`while(true) {`
390			`idtr_base = Layer.norm(random.nextInt());`
391
392			`if( idtr_base + idtr_limit < 4294967296L &&`
393			`Layer.collides(prohibited_list, (int)idtr_base, (int)(idtr_base + idtr_limit)) == false`
394			`) break;`
395			`}`
396			`prohibited_list.add(new Pair<>(idtr_base, idtr_base + idtr_limit));`
397
398			`final long idtr_base_final = idtr_base;`
399			`Layer idtr_base_layer = new Layer() {`
400			`long idtr_base() { return idtr_base_final; }`
401			`};`
402			`layers.addFirst(idtr_base_layer);`
403
404
405			`// eip limit`
406			`long eip = 0;`
407			`if(type == 8) {`
408			`while(true) {`
409			`eip = new_cs_limit + 1 + random.nextInt(10);`
410
411			`if(new_gate_type < 0xE) eip &= 0xFFFF;`
412
413			`if(eip > new_cs_limit) break;`
414			`}`
415			`if(new_gate_type < 0xE) eip \|= (random.nextInt() & 0xFFFF0000);`
416			`System.out.printf("eip: %08x, new_cs_limit: %08x, 286: %b\n", eip, new_cs_limit, new_gate_type < 0xE);`
417			`}`
418			`else {`
419			`while(true) {`
420			`eip = Layer.norm(random.nextInt((int)new_cs_limit+1));`
421
422			`if(new_gate_type < 0xE) eip &= 0xFFFF;`
423
424			`if(eip <= new_cs_limit) break;`
425			`}`
426			`long dest = new_cs_base + eip;`
427			`// adding always possible`
428			`MemoryPatchLayer patch = new MemoryPatchLayer(random, prohibited_list, (int)dest, 0x0F,0x0F);`
429			`layers.addFirst(patch);`
430
431			`if(new_gate_type < 0xE) eip \|= (random.nextInt() & 0xFFFF0000);`
432			`}`
433			`gate_desc.set_dest_offset(eip);`
434
435			`// idt table entry`
436			`MemoryPatchLayer int_patch = new MemoryPatchLayer(random, prohibited_list, (int)(idtr_base + 8*vector),`
437			`gate_desc.get_byte(0), gate_desc.get_byte(1), gate_desc.get_byte(2), gate_desc.get_byte(3),`
438			`gate_desc.get_byte(4), gate_desc.get_byte(5), gate_desc.get_byte(6), gate_desc.get_byte(7));`
439			`layers.addFirst(int_patch);`
440
441
442			`System.out.printf("cond idt: %d, is_ib: %b\n", cond, is_ib);`
443
444			`layers.addFirst(tables);`
445
446			`//-------------------`
447
448			`if(is_into) {`
449			`Layer of_layer = new Layer() {`
450			`long oflag() { return 1; }`
451			`};`
452			`layers.addFirst(of_layer);`
453			`}`
454			`if(is_v8086) {`
455			`Layer iopl_layer = new Layer() {`
456			`long iopl() { return 3; }`
457			`};`
458			`layers.addFirst(iopl_layer);`
459			`}`
460
461			`//------------------------------------------------------------------`
462			`//------------------------------------------------------------------`
463
464
465			`// end condition`
466			`break;`
467			`}`
468
469			`System.out.println("Instruction: [" + instruction + "]");`
470			`}`
471
472			`String prepare_instr(boolean cs_d_b, boolean a32, boolean o32, boolean is_into, boolean is_ib) throws Exception {`
473			`int opcodes[] = {`
474			`0xCC,0xF1,0xCD,0xCE`
475			`};`
476
477			`String prefix = "";`
478			`if(cs_d_b != o32) { prefix = "66" + prefix; }`
479			`if(cs_d_b != a32) { prefix = "67" + prefix; }`
480
481			`int opcode = opcodes[(is_into)? 3 : (is_ib)? 2 : random.nextInt(3)];`
482
483			`int len = (opcode == 0xCD)? 2 : 1;`
484
485			`byte instr[] = new byte[len];`
486			`instr[0] = (byte)opcode;`
487			`if(len >= 2) instr[1] = (byte)random.nextInt();`
488
489			`if(opcode == 0xCC) vector = 3;`
490			`if(opcode == 0xCD) vector = (instr[1] < 0)? instr[1] + 256 : instr[1];`
491			`if(opcode == 0xCE) vector = 4;`
492			`if(opcode == 0xF1) vector = 1;`
493
494			`return prefix + bytesToHex(instr);`
495			`}`
496			`int vector;`
497
498			`}`