Created
August 10, 2018 23:03
-
-
Save moyix/408e78f5b5bca89d3e510608efdee7f2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0xc11e3626 3239982630: add esp,0x8 | |
| 0xc11e3629 3239982633: pop ebx | |
| 0xc11e362a 3239982634: ret |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| define private i64 @tcg-llvm-tb-620-c11e3626(%struct.CPUX86State*) { | |
| entry: | |
| %1 = alloca i32 | |
| %2 = ptrtoint %struct.CPUX86State* %0 to i64, !host !0 | |
| %rrgic = load volatile i64* inttoptr (i64 94117957476936 to i64*), !host !1 | |
| %3 = add i64 %2, 32 | |
| %4 = inttoptr i64 %3 to i32* | |
| store i32 -1054984666, i32* %4 | |
| %5 = add i64 %2, -20 | |
| %6 = inttoptr i64 %5 to i32* | |
| %tmp11_v = load i32* %6 | |
| %7 = icmp ne i32 %tmp11_v, 0 | |
| br i1 %7, label %16, label %8 | |
| ; <label>:8 ; preds = %entry | |
| store volatile i64 3239982630, i64* inttoptr (i64 94117936324240 to i64*), !host !2 | |
| store volatile i64 3239982630, i64* inttoptr (i64 94117957476944 to i64*), !host !2, !targetAsm !3 | |
| %rrgic1 = add i64 %rrgic, 1, !host !1 | |
| store volatile i64 %rrgic1, i64* inttoptr (i64 94117957476936 to i64*), !host !1 | |
| %9 = add i64 %2, 16 | |
| %esp_ptr = inttoptr i64 %9 to i32* | |
| %esp_v = load i32* %esp_ptr | |
| %tmp0_v = add i32 %esp_v, 8 | |
| store i32 %tmp0_v, i32* %esp_ptr | |
| %10 = add i64 %2, 44 | |
| %cc_src_ptr = inttoptr i64 %10 to i32* | |
| store i32 8, i32* %cc_src_ptr | |
| %11 = add i64 %2, 40 | |
| %cc_dst_ptr = inttoptr i64 %11 to i32* | |
| store i32 %tmp0_v, i32* %cc_dst_ptr | |
| store volatile i64 3239982633, i64* inttoptr (i64 94117936324240 to i64*), !host !2 | |
| store volatile i64 3239982633, i64* inttoptr (i64 94117957476944 to i64*), !host !2, !targetAsm !4 | |
| %rrgic2 = add i64 %rrgic1, 1, !host !1 | |
| store volatile i64 %rrgic2, i64* inttoptr (i64 94117957476936 to i64*), !host !1 | |
| %12 = call i64 @helper_le_ldul_mmu_panda(%struct.CPUX86State* %0, i32 %tmp0_v, i32 2, i64 3735928559) | |
| %tmp0_v3 = trunc i64 %12 to i32 | |
| %tmp3_v = add i32 %tmp0_v, 4 | |
| store i32 %tmp3_v, i32* %esp_ptr | |
| %13 = add i64 %2, 12 | |
| %ebx_ptr = inttoptr i64 %13 to i32* | |
| store i32 %tmp0_v3, i32* %ebx_ptr | |
| store volatile i64 3239982634, i64* inttoptr (i64 94117936324240 to i64*), !host !2 | |
| store volatile i64 3239982634, i64* inttoptr (i64 94117957476944 to i64*), !host !2, !targetAsm !5 | |
| %rrgic4 = add i64 %rrgic2, 1, !host !1 | |
| store volatile i64 %rrgic4, i64* inttoptr (i64 94117957476936 to i64*), !host !1 | |
| %14 = call i64 @helper_le_ldul_mmu_panda(%struct.CPUX86State* %0, i32 %tmp3_v, i32 2, i64 3735928559) | |
| %tmp0_v5 = trunc i64 %14 to i32 | |
| %tmp3_v6 = add i32 %tmp3_v, 4 | |
| store i32 %tmp3_v6, i32* %esp_ptr | |
| store i32 %tmp0_v5, i32* %4 | |
| %15 = add i64 %2, 52 | |
| %cc_op_ptr = inttoptr i64 %15 to i32* | |
| store i32 8, i32* %cc_op_ptr | |
| ret i64 0 | |
| ; <label>:16 ; preds = %entry | |
| ret i64 140482069037971 | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| define private i64 @tcg-llvm-tb-0-c11e3626(%struct.CPUX86State*) { | |
| entry: | |
| call void @taint_delete(%class.FastShad* inttoptr (i64 140473830279232 to %class.FastShad*), i64 0, i64 544), !tainted !0 | |
| call void @taint_reset_frame(%class.FastShad* inttoptr (i64 140473830279232 to %class.FastShad*)) | |
| %1 = alloca i32 | |
| %2 = ptrtoint %struct.CPUX86State* %0 to i64, !host !1 | |
| %rrgic = load volatile i64* inttoptr (i64 94584961454072 to i64*), !host !2 | |
| %3 = add i64 %2, 32 | |
| %4 = inttoptr i64 %3 to i32* | |
| store i32 -1054984666, i32* %4 | |
| call void @taint_delete(%class.FastShad* inttoptr (i64 140473830279400 to %class.FastShad*), i64 32, i64 4) | |
| %5 = add i64 %2, -20 | |
| %6 = inttoptr i64 %5 to i32* | |
| %tmp11_v = load i32* %6 | |
| %7 = icmp ne i32 %tmp11_v, 0 | |
| br i1 %7, label %18, label %8 | |
| ; <label>:8 ; preds = %entry | |
| store volatile i64 3239982630, i64* inttoptr (i64 94584955113104 to i64*), !host !3 | |
| store volatile i64 3239982630, i64* inttoptr (i64 94584961454080 to i64*), !host !3, !targetAsm !4 | |
| %rrgic1 = add i64 %rrgic, 1, !host !2 | |
| store volatile i64 %rrgic1, i64* inttoptr (i64 94584961454072 to i64*), !host !2 | |
| %9 = add i64 %2, 16 | |
| %esp_ptr = inttoptr i64 %9 to i32* | |
| %esp_v = load i32* %esp_ptr | |
| call void @taint_copy(%class.FastShad* inttoptr (i64 140473830279232 to %class.FastShad*), i64 240, %class.FastShad* inttoptr (i64 140473830279344 to %class.FastShad*), i64 16, i64 4, %"class.llvm::Instruction"* inttoptr (i64 140473861316504 to %"class.llvm::Instruction"*)) | |
| %tmp0_v = add i32 %esp_v, 8 | |
| call void @taint_mix(%class.FastShad* inttoptr (i64 140473830279232 to %class.FastShad*), i64 256, i64 4, i64 240, i64 4, %"class.llvm::Instruction"* inttoptr (i64 140473861316688 to %"class.llvm::Instruction"*)) | |
| store i32 %tmp0_v, i32* %esp_ptr | |
| call void @taint_copy(%class.FastShad* inttoptr (i64 140473830279344 to %class.FastShad*), i64 16, %class.FastShad* inttoptr (i64 140473830279232 to %class.FastShad*), i64 256, i64 4, %"class.llvm::Instruction"* inttoptr (i64 140473861316832 to %"class.llvm::Instruction"*)) | |
| %10 = add i64 %2, 44 | |
| %cc_src_ptr = inttoptr i64 %10 to i32* | |
| store i32 8, i32* %cc_src_ptr | |
| %11 = add i64 %2, 40 | |
| %cc_dst_ptr = inttoptr i64 %11 to i32* | |
| store i32 %tmp0_v, i32* %cc_dst_ptr | |
| store volatile i64 3239982633, i64* inttoptr (i64 94584955113104 to i64*), !host !3 | |
| store volatile i64 3239982633, i64* inttoptr (i64 94584961454080 to i64*), !host !3, !targetAsm !5 | |
| %rrgic2 = add i64 %rrgic1, 1, !host !2 | |
| store volatile i64 %rrgic2, i64* inttoptr (i64 94584961454072 to i64*), !host !2 | |
| %12 = call i64 @helper_le_ldul_mmu_panda(%struct.CPUX86State* %0, i32 %tmp0_v, i32 2, i64 3735928559) | |
| %13 = call i64 @taint_memlog_pop(%struct.taint2_memlog* inttoptr (i64 140474313853936 to %struct.taint2_memlog*)) | |
| call void @taint_pointer(%class.FastShad* inttoptr (i64 140473830279232 to %class.FastShad*), i64 352, %class.FastShad* inttoptr (i64 140473830279232 to %class.FastShad*), i64 256, i64 4, %class.FastShad* inttoptr (i64 140473830279176 to %class.FastShad*), i64 %13, i64 8, i64 0) | |
| %tmp0_v3 = trunc i64 %12 to i32 | |
| call void @taint_copy(%class.FastShad* inttoptr (i64 140473830279232 to %class.FastShad*), i64 368, %class.FastShad* inttoptr (i64 140473830279232 to %class.FastShad*), i64 352, i64 4, %"class.llvm::Instruction"* inttoptr (i64 140473861319240 to %"class.llvm::Instruction"*)) | |
| %tmp3_v = add i32 %tmp0_v, 4 | |
| call void @taint_mix(%class.FastShad* inttoptr (i64 140473830279232 to %class.FastShad*), i64 384, i64 4, i64 256, i64 4, %"class.llvm::Instruction"* inttoptr (i64 140473861319392 to %"class.llvm::Instruction"*)) | |
| store i32 %tmp3_v, i32* %esp_ptr | |
| call void @taint_copy(%class.FastShad* inttoptr (i64 140473830279344 to %class.FastShad*), i64 16, %class.FastShad* inttoptr (i64 140473830279232 to %class.FastShad*), i64 384, i64 4, %"class.llvm::Instruction"* inttoptr (i64 140473861319536 to %"class.llvm::Instruction"*)) | |
| %14 = add i64 %2, 12 | |
| %ebx_ptr = inttoptr i64 %14 to i32* | |
| store i32 %tmp0_v3, i32* %ebx_ptr | |
| call void @taint_copy(%class.FastShad* inttoptr (i64 140473830279344 to %class.FastShad*), i64 12, %class.FastShad* inttoptr (i64 140473830279232 to %class.FastShad*), i64 368, i64 4, %"class.llvm::Instruction"* inttoptr (i64 140473861330704 to %"class.llvm::Instruction"*)) | |
| store volatile i64 3239982634, i64* inttoptr (i64 94584955113104 to i64*), !host !3 | |
| store volatile i64 3239982634, i64* inttoptr (i64 94584961454080 to i64*), !host !3, !targetAsm !6 | |
| %rrgic4 = add i64 %rrgic2, 1, !host !2 | |
| store volatile i64 %rrgic4, i64* inttoptr (i64 94584961454072 to i64*), !host !2 | |
| %15 = call i64 @helper_le_ldul_mmu_panda(%struct.CPUX86State* %0, i32 %tmp3_v, i32 2, i64 3735928559) | |
| %16 = call i64 @taint_memlog_pop(%struct.taint2_memlog* inttoptr (i64 140474313853936 to %struct.taint2_memlog*)) | |
| call void @taint_pointer(%class.FastShad* inttoptr (i64 140473830279232 to %class.FastShad*), i64 448, %class.FastShad* inttoptr (i64 140473830279232 to %class.FastShad*), i64 384, i64 4, %class.FastShad* inttoptr (i64 140473830279176 to %class.FastShad*), i64 %16, i64 8, i64 0) | |
| %tmp0_v5 = trunc i64 %15 to i32 | |
| call void @taint_copy(%class.FastShad* inttoptr (i64 140473830279232 to %class.FastShad*), i64 464, %class.FastShad* inttoptr (i64 140473830279232 to %class.FastShad*), i64 448, i64 4, %"class.llvm::Instruction"* inttoptr (i64 140473861321448 to %"class.llvm::Instruction"*)) | |
| %tmp3_v6 = add i32 %tmp3_v, 4 | |
| call void @taint_mix(%class.FastShad* inttoptr (i64 140473830279232 to %class.FastShad*), i64 480, i64 4, i64 384, i64 4, %"class.llvm::Instruction"* inttoptr (i64 140473861321600 to %"class.llvm::Instruction"*)) | |
| store i32 %tmp3_v6, i32* %esp_ptr | |
| call void @taint_copy(%class.FastShad* inttoptr (i64 140473830279344 to %class.FastShad*), i64 16, %class.FastShad* inttoptr (i64 140473830279232 to %class.FastShad*), i64 480, i64 4, %"class.llvm::Instruction"* inttoptr (i64 140473861321744 to %"class.llvm::Instruction"*)) | |
| call void @taint_copyRegToPc(%class.FastShad* inttoptr (i64 140473830279232 to %class.FastShad*), i64 464, i64 4) | |
| store i32 %tmp0_v5, i32* %4 | |
| call void @taint_copy(%class.FastShad* inttoptr (i64 140473830279400 to %class.FastShad*), i64 32, %class.FastShad* inttoptr (i64 140473830279232 to %class.FastShad*), i64 464, i64 4, %"class.llvm::Instruction"* inttoptr (i64 140473861321888 to %"class.llvm::Instruction"*)) | |
| %17 = add i64 %2, 52 | |
| %cc_op_ptr = inttoptr i64 %17 to i32* | |
| store i32 8, i32* %cc_op_ptr | |
| call void @taint_breadcrumb(i64* inttoptr (i64 140473830279136 to i64*), i64 176) | |
| call void @taint_delete(%class.FastShad* inttoptr (i64 140473830279288 to %class.FastShad*), i64 0, i64 16) | |
| ret i64 0 | |
| ; <label>:18 ; preds = %entry | |
| call void @taint_breadcrumb(i64* inttoptr (i64 140473830279136 to i64*), i64 528) | |
| call void @taint_delete(%class.FastShad* inttoptr (i64 140473830279288 to %class.FastShad*), i64 0, i64 16) | |
| ret i64 140474255368211 | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Trace 0x7fc2b6e43028 [0: c11e3626] | |
| remove: LLVM[0+220] | |
| reset: 7fc2aa7ca010 | |
| remove: CPUState[20+4] | |
| remove: Ret[0+10] | |
| Stopped execution of TB chain before 0x7fc2b6e43028 [c11e3626] | |
| Trace 0x7fc2b6e43028 [0: c11e3626] | |
| remove: LLVM[0+220] | |
| reset: 7fc2aa7ca010 | |
| remove: CPUState[20+4] | |
| copy: LLVM[f0+4] <- Reg[10] {}; {}; {}; {}; | |
| update_cb: LLVM[f0+4] CB 0 -> 0x0, 0 0 -> 0, 1 0 -> 0 | |
| mix: LLVM[100+4] <- f0+4 {}; {}; {}; {}; | |
| update_cb: LLVM[100+4] CB 0 -> 0x0, 0 0 -> 0, 1 0 -> 0 | |
| copy: Reg[10+4] <- LLVM[100] {}; {}; {}; {}; | |
| update_cb: Reg[10+4] CB 0 -> 0x0, 0 0 -> 0, 1 0 -> 0 | |
| memlog_push: 7807f7c | |
| memlog_pop: 7807f7c | |
| ptr: LLVM[160+8] <- RAM[7807f7c] @ LLVM[100+4] | |
| copy: LLVM[170+4] <- LLVM[160] {}; {}; {}; {}; | |
| update_cb: LLVM[170+4] CB 0 -> 0x0, 0 0 -> 0, 1 0 -> 0 | |
| mix: LLVM[180+4] <- 100+4 {}; {}; {}; {}; | |
| update_cb: LLVM[180+4] CB 0 -> 0x0, 0 0 -> 0, 1 0 -> 0 | |
| copy: Reg[10+4] <- LLVM[180] {}; {}; {}; {}; | |
| update_cb: Reg[10+4] CB 0 -> 0x0, 0 0 -> 0, 1 0 -> 0 | |
| copy: Reg[c+4] <- LLVM[170] {}; {}; {}; {}; | |
| update_cb: Reg[c+4] CB 0 -> 0x0, 0 0 -> 0, 1 0 -> 0 | |
| memlog_push: 7807f80 | |
| memlog_pop: 7807f80 | |
| ptr: LLVM[1c0+8] <- RAM[7807f80] @ LLVM[180+4] | |
| copy: LLVM[1d0+4] <- LLVM[1c0] {}; {}; {}; {}; | |
| update_cb: LLVM[1d0+4] CB 0 -> 0x0, 0 0 -> 0, 1 0 -> 0 | |
| mix: LLVM[1e0+4] <- 180+4 {}; {}; {}; {}; | |
| update_cb: LLVM[1e0+4] CB 0 -> 0x0, 0 0 -> 0, 1 0 -> 0 | |
| copy: Reg[10+4] <- LLVM[1e0] {}; {}; {}; {}; | |
| update_cb: Reg[10+4] CB 0 -> 0x0, 0 0 -> 0, 1 0 -> 0 | |
| copy: CPUState[20+4] <- LLVM[1d0] {}; {}; {}; {}; | |
| update_cb: CPUState[20+4] CB 0 -> 0x0, 0 0 -> 0, 1 0 -> 0 | |
| remove: Ret[0+10] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| OP: | |
| movi_i32 tmp3,$0xffffffffc11e3626 | |
| st_i32 tmp3,env,$0x20 | |
| ld_i32 tmp11,env,$0xffffffffffffffec | |
| movi_i32 tmp12,$0x0 | |
| brcond_i32 tmp11,tmp12,ne,$L0 | |
| ---- c11e3626 3239982630 00000000 0 83c48 | |
| rr_instr: 7475 | |
| movi_i32 tmp1,$0x8 | |
| mov_i32 tmp0,esp | |
| add_i32 tmp0,tmp0,tmp1 | |
| mov_i32 esp,tmp0 | |
| mov_i32 cc_src,tmp1 | |
| mov_i32 cc_dst,tmp0 | |
| discard cc_src2 | |
| discard cc_op | |
| ---- c11e3629 3239982633 00000008 8 5b | |
| rr_instr: 7476 | |
| mov_i32 tmp2,esp | |
| qemu_ld_i32 tmp0,tmp2,leul,2 | |
| movi_i32 tmp11,$0x4 | |
| add_i32 tmp3,esp,tmp11 | |
| mov_i32 esp,tmp3 | |
| mov_i32 ebx,tmp0 | |
| ---- c11e362a 3239982634 00000008 8 c3 | |
| rr_instr: 7477 | |
| mov_i32 tmp2,esp | |
| qemu_ld_i32 tmp0,tmp2,leul,2 | |
| movi_i32 tmp11,$0x4 | |
| add_i32 tmp3,esp,tmp11 | |
| mov_i32 esp,tmp3 | |
| st_i32 tmp0,env,$0x20 | |
| movi_i32 cc_op,$0x8 | |
| exit_tb $0x0 | |
| set_label $L0 | |
| exit_tb $0x7fc487d28393 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment