Fixes ARM/Thumb movt semantics (BinaryAnalysisPlatform#1391)

* Fixes ARM/Thumb `movt` semantics The lifter was incorrectly re-using the upper 16 bits of the destination register, when the manual states that it is completely overwritten by the source operand. * Use bit-wise operations instead of casts Co-authored-by: Ivan Gotovchits <ivg@ieee.org> Co-authored-by: bmourad01 <bmourad@draper.com>
thestr4ng3r · Jan 5, 2022 · 92d67c8 · 92d67c8
1 parent ec806bd
commit 92d67c8
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/lib/arm/arm_lifter.ml b/lib/arm/arm_lifter.ml
@@ -226,8 +226,8 @@ let lift_move ~encoding mem ops (insn : move_insn) : stmt list =
     exec [Bil.move (Env.of_reg dest) (exp_of_op src)] cond
 
   | `MOVTi16, [|`Reg dest; _; src; cond; _wflag|] ->
-    let dest = Env.of_reg dest in
-    [Bil.move dest Bil.(var dest lor exp_of_op src lsl int32 16)] |>
+    let dest = Env.of_reg dest and src = exp_of_op src in
+    Bil.[dest := var dest land int32 0xFFFF lor src lsl int32 16] |>
     fun ins -> exec ins cond
   | insn,ops ->
     fail [%here] "ops %s doesn't match move insn %s"