OpenCores
URL https://opencores.org/ocsvn/ao486/ao486/trunk

Subversion Repositories ao486

[/] [ao486/] [trunk/] [ao486_tool/] [src/] [ao486/] [test/] [interrupt/] [TestINT_INT3_INTO_INT1_real.java] - Blame information for rev 2

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 2 alfik 
/*
2 
 * Copyright (c) 2014, Aleksander Osman
3 
 * All rights reserved.
4 
 *
5 
 * Redistribution and use in source and binary forms, with or without
6 
 * modification, are permitted provided that the following conditions are met:
7 
 *
8 
 * * Redistributions of source code must retain the above copyright notice, this
9 
 *   list of conditions and the following disclaimer.
10 
 *
11 
 * * Redistributions in binary form must reproduce the above copyright notice,
12 
 *   this list of conditions and the following disclaimer in the documentation
13 
 *   and/or other materials provided with the distribution.
14 
 *
15 
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
16 
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
18 
 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
19 
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
21 
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
22 
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
23 
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
24 
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 
 */
26 
 
27 
package ao486.test.interrupt;
28 
 
29 
import ao486.test.TestUnit;
30 
import ao486.test.layers.FlagsLayer;
31 
import ao486.test.layers.GeneralRegisterLayer;
32 
import ao486.test.layers.HandleModeChangeLayer;
33 
import ao486.test.layers.IOLayer;
34 
import ao486.test.layers.InstructionLayer;
35 
import ao486.test.layers.Layer;
36 
import ao486.test.layers.MemoryLayer;
37 
import ao486.test.layers.MemoryPatchLayer;
38 
import ao486.test.layers.OtherLayer;
39 
import ao486.test.layers.Pair;
40 
import ao486.test.layers.SegmentLayer;
41 
import ao486.test.layers.StackLayer;
42 
import java.io.*;
43 
import java.util.LinkedList;
44 
import java.util.Random;
45 
 
46 
 
47 
public class TestINT_INT3_INTO_INT1_real extends TestUnit implements Serializable {
48 
    public static void main(String args[]) throws Exception {
49 
        run_test(TestINT_INT3_INTO_INT1_real.class);
50 
    }
51 
 
52 
    //--------------------------------------------------------------------------
53 
    @Override
54 
    public int get_test_count() throws Exception {
55 
        return 100;
56 
    }
57 
 
58 
    @Override
59 
    public void init() throws Exception {
60 
 
61 
        random = new Random(14 + index);
62 
 
63 
        String instruction;
64 
        while(true) {
65 
            layers.clear();
66 
 
67 
            LinkedList<Pair<Long, Long>> prohibited_list = new LinkedList<>();
68 
 
69 
            // if false: v8086 mode
70 
            boolean is_real = true;
71 
 
72 
            InstructionLayer instr  = new InstructionLayer(random, prohibited_list);
73 
            layers.add(instr);
74 
            StackLayer stack        = new StackLayer(random, prohibited_list);
75 
            layers.add(stack);
76 
            layers.add(new OtherLayer(is_real ? OtherLayer.Type.REAL : OtherLayer.Type.PROTECTED_OR_V8086, random));
77 
            layers.add(new FlagsLayer(is_real ? FlagsLayer.Type.RANDOM : FlagsLayer.Type.V8086, random));
78 
            layers.add(new GeneralRegisterLayer(random));
79 
            layers.add(new SegmentLayer(random));
80 
            layers.add(new MemoryLayer(random));
81 
            layers.add(new IOLayer(random));
82 
            layers.addFirst(new HandleModeChangeLayer(
83 
                    getInput("cr0_pe"),
84 
                    getInput("vmflag"),
85 
                    getInput("cs_rpl"),
86 
                    getInput("cs_p"),
87 
                    getInput("cs_s"),
88 
                    getInput("cs_type")
89 
            ));
90 
 
91 
            // instruction size
92 
            boolean cs_d_b = getInput("cs_d_b") == 1;
93 
 
94 
            boolean a32 = random.nextBoolean();
95 
            boolean o32 = random.nextBoolean();
96 
 
97 
            long cs_limit = getInput("cs_limit");
98 
 
99 
            // type
100 
 
101 
            /* 0 - INTO overflow not set
102 
             * 1 - IDTR limit
103 
             * 2 - new_eip out of bounds
104 
             *
105 
             * 3 - all ok
106 
             */
107 
            int type = random.nextInt(4);
108 
 
109 
 
110 
            // instruction
111 
            boolean is_into = (type == 0)? true : random.nextInt(3) == 0;
112 
 
113 
            instruction = prepare_instr(cs_d_b, a32, o32, is_into);
114 
 
115 
 
116 
            if(type == 0) {
117 
 
118 
                Layer of_layer = new Layer() {
119 
                    long oflag() { return 0; }
120 
                };
121 
                layers.addFirst(of_layer);
122 
 
123 
                instruction += "0F0F";
124 
            }
125 
            else if(type == 1) {
126 
 
127 
                final int limit = random.nextInt(vector * 4 + 3);
128 
                Layer idtr_layer = new Layer() {
129 
                    long idtr_limit() { return limit; }
130 
                };
131 
                layers.addFirst(idtr_layer);
132 
            }
133 
            else if(type >= 2) {
134 
                final int limit = vector * 4 + 4 + random.nextInt(5);
135 
                Layer idtr_limit_layer = new Layer() {
136 
                    long idtr_limit() { return limit; }
137 
                };
138 
                layers.addFirst(idtr_limit_layer);
139 
 
140 
                // set idtr base
141 
                long idtr_base;
142 
                while(true) {
143 
                    idtr_base = Layer.norm(random.nextInt());
144 
 
145 
                    if( idtr_base + limit < 4294967296L &&
146 
                        Layer.collides(prohibited_list, (int)idtr_base, (int)(idtr_base + limit)) == false
147 
                    ) break;
148 
                }
149 
                prohibited_list.add(new Pair<>(idtr_base, idtr_base + limit));
150 
 
151 
                final long idtr_base_final = idtr_base;
152 
                Layer idtr_base_layer = new Layer() {
153 
                    long idtr_base() { return idtr_base_final; }
154 
                };
155 
                layers.addFirst(idtr_base_layer);
156 
 
157 
                //set cs and eip
158 
                long new_cs;
159 
                long new_eip;
160 
                long dest;
161 
                while(true) {
162 
                    new_cs = random.nextInt(65536);
163 
                    new_eip = random.nextInt(65536);
164 
 
165 
                    dest = (new_cs << 4) + new_eip;
166 
 
167 
                    if( dest < 4294967296L &&
168 
                        Layer.collides(prohibited_list, (int)dest, (int)(dest + 2)) == false
169 
                    ) break;
170 
                }
171 
                prohibited_list.add(new Pair<>(dest, dest + 2));
172 
 
173 
                if(type == 2 && cs_limit < 0xFFFF) {
174 
                    new_eip = cs_limit + 1 + random.nextInt((int)(0xFFFF - cs_limit));
175 
                }
176 
 
177 
                // set new_cs and new_eip
178 
                MemoryPatchLayer int_patch = new MemoryPatchLayer(random, prohibited_list, (int)(idtr_base + 4*vector),
179 
                        (byte)(new_eip & 0xFF), (byte)((new_eip >> 8) & 0xFF),
180 
                        (byte)(new_cs & 0xFF), (byte)((new_cs >> 8) & 0xFF));
181 
                layers.addFirst(int_patch);
182 
 
183 
                // set destination
184 
                MemoryPatchLayer patch = new MemoryPatchLayer(random, prohibited_list, (int)dest, 0x0F,0x0F);
185 
                layers.addFirst(patch);
186 
 
187 
System.out.printf("new_cs: %04x\n", new_cs);
188 
System.out.printf("new_ip: %04x\n", new_eip);
189 
System.out.printf("dest:   %08x\n", dest);
190 
            }
191 
 
192 
 
193 
            if(type >= 1 && is_into) {
194 
                Layer of_layer = new Layer() {
195 
                    boolean get_of() { return true; }
196 
                };
197 
                layers.addFirst(of_layer);
198 
            }
199 
 
200 
 
201 
            // add instruction
202 
            instr.add_instruction(instruction);
203 
 
204 
            // end condition
205 
            break;
206 
        }
207 
 
208 
        System.out.println("Instruction: [" + instruction + "]");
209 
    }
210 
 
211 
    String prepare_instr(boolean cs_d_b, boolean a32, boolean o32, boolean is_into) throws Exception {
212 
        int opcodes[] = {
213 
            0xCC,0xCD,0xF1,0xCE
214 
        };
215 
 
216 
        String prefix = "";
217 
        if(cs_d_b != o32) { prefix = "66" + prefix; }
218 
        if(cs_d_b != a32) { prefix = "67" + prefix; }
219 
 
220 
        int opcode = opcodes[(is_into)? 3 : random.nextInt(3)];
221 
 
222 
        int len = (opcode == 0xCD)? 2 : 1;
223 
 
224 
        byte instr[] = new byte[len];
225 
        instr[0] = (byte)opcode;
226 
        if(len >= 2) instr[1] = (byte)random.nextInt();
227 
 
228 
        if(opcode == 0xCC) vector = 3;
229 
        if(opcode == 0xCD) vector = (instr[1] < 0)? instr[1] + 256 : instr[1];
230 
        if(opcode == 0xCE) vector = 4;
231 
        if(opcode == 0xF1) vector = 1;
232 
 
233 
        return prefix + bytesToHex(instr);
234 
    }
235 
    int vector;
236 
}

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.