/src/capstonenext/arch/BPF/BPFMapping.c

Source (jump to first uncovered line)
/* Capstone Disassembly Engine */
/* BPF Backend by david942j <david942j@gmail.com>, 2019 */
/* SPDX-FileCopyrightText: 2024 Roee Toledano <roeetoledano10@gmail.com> */
/* SPDX-License-Identifier: BSD-3 */

#include <string.h>

#include "BPFConstants.h"
#include "BPFMapping.h"
#include "../../Mapping.h"
#include "../../utils.h"

#ifndef CAPSTONE_DIET
static const name_map group_name_maps[] = {
  { BPF_GRP_INVALID, NULL },

  { BPF_GRP_LOAD, "load" },  { BPF_GRP_STORE, "store" },
  { BPF_GRP_ALU, "alu" },    { BPF_GRP_JUMP, "jump" },
  { BPF_GRP_CALL, "call" },  { BPF_GRP_RETURN, "return" },
  { BPF_GRP_MISC, "misc" },
};
#endif

const char *BPF_group_name(csh handle, unsigned int id)
{
#ifndef CAPSTONE_DIET
  return id2name(group_name_maps, ARR_SIZE(group_name_maps), id);
#else
  return NULL;
#endif
}

#ifndef CAPSTONE_DIET
static const name_map insn_name_maps[BPF_INS_ENDING] = {
  { BPF_INS_INVALID, NULL },

  { BPF_INS_ADD, "add" },   { BPF_INS_SUB, "sub" },
  { BPF_INS_MUL, "mul" },   { BPF_INS_DIV, "div" },
  { BPF_INS_SDIV, "sdiv" }, { BPF_INS_OR, "or" },
  { BPF_INS_AND, "and" },   { BPF_INS_LSH, "lsh" },
  { BPF_INS_RSH, "rsh" },   { BPF_INS_NEG, "neg" },
  { BPF_INS_MOD, "mod" },   { BPF_INS_SMOD, "smod" },
  { BPF_INS_XOR, "xor" },   { BPF_INS_MOV, "mov" },
  { BPF_INS_MOVSB, "movsb" }, { BPF_INS_MOVSH, "movsh" },
  { BPF_INS_ARSH, "arsh" },

  { BPF_INS_ADD64, "add64" }, { BPF_INS_SUB64, "sub64" },
  { BPF_INS_MUL64, "mul64" }, { BPF_INS_DIV64, "div64" },
  { BPF_INS_SDIV64, "sdiv64" }, { BPF_INS_OR64, "or64" },
  { BPF_INS_AND64, "and64" }, { BPF_INS_LSH64, "lsh64" },
  { BPF_INS_RSH64, "rsh64" }, { BPF_INS_NEG64, "neg64" },
  { BPF_INS_MOD64, "mod64" }, { BPF_INS_SMOD64, "smod64" },
  { BPF_INS_XOR64, "xor64" }, { BPF_INS_MOV64, "mov64" },
  { BPF_INS_MOVSB64, "movsb64" }, { BPF_INS_MOVSH64, "movsh64" },
  { BPF_INS_MOVSW64, "movsw64" }, { BPF_INS_ARSH64, "arsh64" },

  { BPF_INS_LE16, "le16" }, { BPF_INS_LE32, "le32" },
  { BPF_INS_LE64, "le64" }, { BPF_INS_BE16, "be16" },
  { BPF_INS_BE32, "be32" }, { BPF_INS_BE64, "be64" },
  { BPF_INS_BSWAP16, "bswap16" }, { BPF_INS_BSWAP32, "bswap32" },
  { BPF_INS_BSWAP64, "bswap64" },

  { BPF_INS_LDW, "ldw" },   { BPF_INS_LDH, "ldh" },
  { BPF_INS_LDB, "ldb" },   { BPF_INS_LDDW, "lddw" },
  { BPF_INS_LDXW, "ldxw" }, { BPF_INS_LDXH, "ldxh" },
  { BPF_INS_LDXB, "ldxb" }, { BPF_INS_LDXDW, "ldxdw" },
  { BPF_INS_LDABSW, "ldabsw" }, { BPF_INS_LDABSH, "ldabsh" },
  { BPF_INS_LDABSB, "ldabsb" }, { BPF_INS_LDINDW, "ldindw" },
  { BPF_INS_LDINDH, "ldindh" }, { BPF_INS_LDINDB, "ldindb" },

  { BPF_INS_STW, "stw" },   { BPF_INS_STH, "sth" },
  { BPF_INS_STB, "stb" },   { BPF_INS_STDW, "stdw" },
  { BPF_INS_STXW, "stxw" }, { BPF_INS_STXH, "stxh" },
  { BPF_INS_STXB, "stxb" }, { BPF_INS_STXDW, "stxdw" },
  { BPF_INS_XADDW, "xaddw" }, { BPF_INS_XADDDW, "xadddw" },

  { BPF_INS_JA, "ja" },   { BPF_INS_JEQ, "jeq" },
  { BPF_INS_JGT, "jgt" },   { BPF_INS_JGE, "jge" },
  { BPF_INS_JSET, "jset" }, { BPF_INS_JNE, "jne" },
  { BPF_INS_JSGT, "jsgt" }, { BPF_INS_JSGE, "jsge" },
  { BPF_INS_CALL, "call" }, { BPF_INS_CALLX, "callx" },
  { BPF_INS_EXIT, "exit" }, { BPF_INS_JLT, "jlt" },
  { BPF_INS_JLE, "jle" },   { BPF_INS_JSLT, "jslt" },
  { BPF_INS_JSLE, "jsle" },

  { BPF_INS_JAL, "jal" },   { BPF_INS_JEQ32, "jeq32" },
  { BPF_INS_JGT32, "jgt32" }, { BPF_INS_JGE32, "jge32" },
  { BPF_INS_JSET32, "jset32" }, { BPF_INS_JNE32, "jne32" },
  { BPF_INS_JSGT32, "jsgt32" }, { BPF_INS_JSGE32, "jsge32" },
  { BPF_INS_JLT32, "jlt32" }, { BPF_INS_JLE32, "jle32" },
  { BPF_INS_JSLT32, "jslt32" }, { BPF_INS_JSLE32, "jsle32" },

  { BPF_INS_RET, "ret" },

  { BPF_INS_AADD, "aadd" }, { BPF_INS_AOR, "aor" },
  { BPF_INS_AAND, "aand" }, { BPF_INS_AXOR, "axor" },
  { BPF_INS_AFADD, "afadd" }, { BPF_INS_AFOR, "afor" },
  { BPF_INS_AFAND, "afand" }, { BPF_INS_AFXOR, "afxor" },

  { BPF_INS_AXCHG64, "axchg64" }, { BPF_INS_ACMPXCHG64, "acmpxchg64" },
  { BPF_INS_AADD64, "aadd64" }, { BPF_INS_AOR64, "aor64" },
  { BPF_INS_AAND64, "aand64" }, { BPF_INS_AXOR64, "axor64" },
  { BPF_INS_AFADD64, "afadd64" }, { BPF_INS_AFOR64, "afor64" },
  { BPF_INS_AFAND64, "afand64" }, { BPF_INS_AFXOR64, "afxor64" },

  { BPF_INS_TAX, "tax" },   { BPF_INS_TXA, "txa" },
};
#endif

bool BPF_getFeature(const cs_mode mode, const cs_mode feature)
{
  return (mode & feature);
}

const char *BPF_insn_name(csh handle, unsigned int id)
{
#ifndef CAPSTONE_DIET
  /* We have some special cases because 'ld' in cBPF is equivalent to 'ldw'
   * in eBPF, and we don't want to see 'ldw' appears in cBPF mode.
   */
  if (!EBPF_MODE(((cs_struct *)handle)->mode)) {
    switch (id) {
    case BPF_INS_LD:
      return "ld";
    case BPF_INS_LDX:
      return "ldx";
    case BPF_INS_ST:
      return "st";
    case BPF_INS_STX:
      return "stx";
    }
  }
  return id2name(insn_name_maps, ARR_SIZE(insn_name_maps), id);
#else
  return NULL;
#endif
}

const char *BPF_reg_name(csh handle, unsigned int reg)
{
#ifndef CAPSTONE_DIET
  if (EBPF_MODE(((cs_struct *)handle)->mode)) {
    if (reg < BPF_REG_R0 || reg > BPF_REG_R10)
      return NULL;
    static const char reg_names[11][4] = { "r0", "r1", "r2", "r3",
                   "r4", "r5", "r6", "r7",
                   "r8", "r9", "r10" };
    return reg_names[reg - BPF_REG_R0];
  }

  /* cBPF mode */
  if (reg == BPF_REG_A)
    return "a";
  else if (reg == BPF_REG_X)
    return "x";
  else
    return NULL;
#else
  return NULL;
#endif
}

void BPF_get_insn_id(cs_struct *h, cs_insn *insn, unsigned int id)
{
  // Not used by BPF. Information is set after disassembly.
}

static void sort_and_uniq(cs_regs arr, uint8_t n, uint8_t *new_n)
{
  /* arr is always a tiny (usually n < 3) array,
   * a simple O(n^2) sort is efficient enough. */
  size_t iMin;
  size_t tmp;

  /* a modified selection sort for sorting and making unique */
  for (size_t j = 0; j < n; j++) {
    /* arr[iMin] will be min(arr[j .. n-1]) */
    iMin = j;
    for (size_t i = j + 1; i < n; i++) {
      if (arr[i] < arr[iMin])
        iMin = i;
    }
    if (j != 0 && arr[iMin] == arr[j - 1]) { // duplicate ele found
      arr[iMin] = arr[n - 1];
      --n;
    } else {
      tmp = arr[iMin];
      arr[iMin] = arr[j];
      arr[j] = tmp;
    }
  }

  *new_n = n;
}
void BPF_reg_access(const cs_insn *insn, cs_regs regs_read,
        uint8_t *regs_read_count, cs_regs regs_write,
        uint8_t *regs_write_count)
{
  unsigned i;
  uint8_t read_count, write_count;
  const cs_bpf *bpf = &(insn->detail->bpf);

  read_count = insn->detail->regs_read_count;
  write_count = insn->detail->regs_write_count;

  // implicit registers
  memcpy(regs_read, insn->detail->regs_read,
         read_count * sizeof(insn->detail->regs_read[0]));
  memcpy(regs_write, insn->detail->regs_write,
         write_count * sizeof(insn->detail->regs_write[0]));

  for (i = 0; i < bpf->op_count; i++) {
    const cs_bpf_op *op = &(bpf->operands[i]);
    switch (op->type) {
    default:
      break;
    case BPF_OP_REG:
      if (op->access & CS_AC_READ) {
        regs_read[read_count] = op->reg;
        read_count++;
      }
      if (op->access & CS_AC_WRITE) {
        regs_write[write_count] = op->reg;
        write_count++;
      }
      break;
    case BPF_OP_MEM:
      if (op->mem.base != BPF_REG_INVALID) {
        regs_read[read_count] = op->mem.base;
        read_count++;
      }
      break;
    }
  }

  sort_and_uniq(regs_read, read_count, regs_read_count);
  sort_and_uniq(regs_write, write_count, regs_write_count);
}

Coverage Report

Created: 2025-07-01 07:03

Line	Count	Source (jump to first uncovered line)
1		/* Capstone Disassembly Engine */
2		/* BPF Backend by david942j <david942j@gmail.com>, 2019 */
3		/* SPDX-FileCopyrightText: 2024 Roee Toledano <roeetoledano10@gmail.com> */
4		/* SPDX-License-Identifier: BSD-3 */
5
6		#include <string.h>
7
8		#include "BPFConstants.h"
9		#include "BPFMapping.h"
10		#include "../../Mapping.h"
11		#include "../../utils.h"
12
13		#ifndef CAPSTONE_DIET
14		static const name_map group_name_maps[] = {
15		{ BPF_GRP_INVALID, NULL },
16
17		{ BPF_GRP_LOAD, "load" }, { BPF_GRP_STORE, "store" },
18		{ BPF_GRP_ALU, "alu" }, { BPF_GRP_JUMP, "jump" },
19		{ BPF_GRP_CALL, "call" }, { BPF_GRP_RETURN, "return" },
20		{ BPF_GRP_MISC, "misc" },
21		};
22		#endif
23
24		const char *BPF_group_name(csh handle, unsigned int id)
25	15.4k	{
26	15.4k	#ifndef CAPSTONE_DIET
27	15.4k	return id2name(group_name_maps, ARR_SIZE(group_name_maps), id);
28		#else
29		return NULL;
30		#endif
31	15.4k	}
32
33		#ifndef CAPSTONE_DIET
34		static const name_map insn_name_maps[BPF_INS_ENDING] = {
35		{ BPF_INS_INVALID, NULL },
36
37		{ BPF_INS_ADD, "add" }, { BPF_INS_SUB, "sub" },
38		{ BPF_INS_MUL, "mul" }, { BPF_INS_DIV, "div" },
39		{ BPF_INS_SDIV, "sdiv" }, { BPF_INS_OR, "or" },
40		{ BPF_INS_AND, "and" }, { BPF_INS_LSH, "lsh" },
41		{ BPF_INS_RSH, "rsh" }, { BPF_INS_NEG, "neg" },
42		{ BPF_INS_MOD, "mod" }, { BPF_INS_SMOD, "smod" },
43		{ BPF_INS_XOR, "xor" }, { BPF_INS_MOV, "mov" },
44		{ BPF_INS_MOVSB, "movsb" }, { BPF_INS_MOVSH, "movsh" },
45		{ BPF_INS_ARSH, "arsh" },
46
47		{ BPF_INS_ADD64, "add64" }, { BPF_INS_SUB64, "sub64" },
48		{ BPF_INS_MUL64, "mul64" }, { BPF_INS_DIV64, "div64" },
49		{ BPF_INS_SDIV64, "sdiv64" }, { BPF_INS_OR64, "or64" },
50		{ BPF_INS_AND64, "and64" }, { BPF_INS_LSH64, "lsh64" },
51		{ BPF_INS_RSH64, "rsh64" }, { BPF_INS_NEG64, "neg64" },
52		{ BPF_INS_MOD64, "mod64" }, { BPF_INS_SMOD64, "smod64" },
53		{ BPF_INS_XOR64, "xor64" }, { BPF_INS_MOV64, "mov64" },
54		{ BPF_INS_MOVSB64, "movsb64" }, { BPF_INS_MOVSH64, "movsh64" },
55		{ BPF_INS_MOVSW64, "movsw64" }, { BPF_INS_ARSH64, "arsh64" },
56
57		{ BPF_INS_LE16, "le16" }, { BPF_INS_LE32, "le32" },
58		{ BPF_INS_LE64, "le64" }, { BPF_INS_BE16, "be16" },
59		{ BPF_INS_BE32, "be32" }, { BPF_INS_BE64, "be64" },
60		{ BPF_INS_BSWAP16, "bswap16" }, { BPF_INS_BSWAP32, "bswap32" },
61		{ BPF_INS_BSWAP64, "bswap64" },
62
63		{ BPF_INS_LDW, "ldw" }, { BPF_INS_LDH, "ldh" },
64		{ BPF_INS_LDB, "ldb" }, { BPF_INS_LDDW, "lddw" },
65		{ BPF_INS_LDXW, "ldxw" }, { BPF_INS_LDXH, "ldxh" },
66		{ BPF_INS_LDXB, "ldxb" }, { BPF_INS_LDXDW, "ldxdw" },
67		{ BPF_INS_LDABSW, "ldabsw" }, { BPF_INS_LDABSH, "ldabsh" },
68		{ BPF_INS_LDABSB, "ldabsb" }, { BPF_INS_LDINDW, "ldindw" },
69		{ BPF_INS_LDINDH, "ldindh" }, { BPF_INS_LDINDB, "ldindb" },
70
71		{ BPF_INS_STW, "stw" }, { BPF_INS_STH, "sth" },
72		{ BPF_INS_STB, "stb" }, { BPF_INS_STDW, "stdw" },
73		{ BPF_INS_STXW, "stxw" }, { BPF_INS_STXH, "stxh" },
74		{ BPF_INS_STXB, "stxb" }, { BPF_INS_STXDW, "stxdw" },
75		{ BPF_INS_XADDW, "xaddw" }, { BPF_INS_XADDDW, "xadddw" },
76
77		{ BPF_INS_JA, "ja" }, { BPF_INS_JEQ, "jeq" },
78		{ BPF_INS_JGT, "jgt" }, { BPF_INS_JGE, "jge" },
79		{ BPF_INS_JSET, "jset" }, { BPF_INS_JNE, "jne" },
80		{ BPF_INS_JSGT, "jsgt" }, { BPF_INS_JSGE, "jsge" },
81		{ BPF_INS_CALL, "call" }, { BPF_INS_CALLX, "callx" },
82		{ BPF_INS_EXIT, "exit" }, { BPF_INS_JLT, "jlt" },
83		{ BPF_INS_JLE, "jle" }, { BPF_INS_JSLT, "jslt" },
84		{ BPF_INS_JSLE, "jsle" },
85
86		{ BPF_INS_JAL, "jal" }, { BPF_INS_JEQ32, "jeq32" },
87		{ BPF_INS_JGT32, "jgt32" }, { BPF_INS_JGE32, "jge32" },
88		{ BPF_INS_JSET32, "jset32" }, { BPF_INS_JNE32, "jne32" },
89		{ BPF_INS_JSGT32, "jsgt32" }, { BPF_INS_JSGE32, "jsge32" },
90		{ BPF_INS_JLT32, "jlt32" }, { BPF_INS_JLE32, "jle32" },
91		{ BPF_INS_JSLT32, "jslt32" }, { BPF_INS_JSLE32, "jsle32" },
92
93		{ BPF_INS_RET, "ret" },
94
95		{ BPF_INS_AADD, "aadd" }, { BPF_INS_AOR, "aor" },
96		{ BPF_INS_AAND, "aand" }, { BPF_INS_AXOR, "axor" },
97		{ BPF_INS_AFADD, "afadd" }, { BPF_INS_AFOR, "afor" },
98		{ BPF_INS_AFAND, "afand" }, { BPF_INS_AFXOR, "afxor" },
99
100		{ BPF_INS_AXCHG64, "axchg64" }, { BPF_INS_ACMPXCHG64, "acmpxchg64" },
101		{ BPF_INS_AADD64, "aadd64" }, { BPF_INS_AOR64, "aor64" },
102		{ BPF_INS_AAND64, "aand64" }, { BPF_INS_AXOR64, "axor64" },
103		{ BPF_INS_AFADD64, "afadd64" }, { BPF_INS_AFOR64, "afor64" },
104		{ BPF_INS_AFAND64, "afand64" }, { BPF_INS_AFXOR64, "afxor64" },
105
106		{ BPF_INS_TAX, "tax" }, { BPF_INS_TXA, "txa" },
107		};
108		#endif
109
110		bool BPF_getFeature(const cs_mode mode, const cs_mode feature)
111	156k	{
112	156k	return (mode & feature);
113	156k	}
114
115		const char *BPF_insn_name(csh handle, unsigned int id)
116	30.9k	{
117	30.9k	#ifndef CAPSTONE_DIET
118		/* We have some special cases because 'ld' in cBPF is equivalent to 'ldw'
119		* in eBPF, and we don't want to see 'ldw' appears in cBPF mode.
120		*/
121	30.9k	if (!EBPF_MODE(((cs_struct *)handle)->mode)) {
122	8.85k	switch (id) {
123	1.13k	case BPF_INS_LD:
124	1.13k	return "ld";
125	934	case BPF_INS_LDX:
126	934	return "ldx";
127	16	case BPF_INS_ST:
128	16	return "st";
129	30	case BPF_INS_STX:
130	30	return "stx";
131	8.85k	}
132	8.85k	}
133	28.8k	return id2name(insn_name_maps, ARR_SIZE(insn_name_maps), id);
134		#else
135		return NULL;
136		#endif
137	30.9k	}
138
139		const char *BPF_reg_name(csh handle, unsigned int reg)
140	20.5k	{
141	20.5k	#ifndef CAPSTONE_DIET
142	20.5k	if (EBPF_MODE(((cs_struct *)handle)->mode)) {
143	13.7k	if (reg < BPF_REG_R0 \|\| reg > BPF_REG_R10)
144	0	return NULL;
145	13.7k	static const char reg_names[11][4] = { "r0", "r1", "r2", "r3",
146	13.7k	"r4", "r5", "r6", "r7",
147	13.7k	"r8", "r9", "r10" };
148	13.7k	return reg_names[reg - BPF_REG_R0];
149	13.7k	}
150
151		/* cBPF mode */
152	6.80k	if (reg == BPF_REG_A)
153	4.63k	return "a";
154	2.16k	else if (reg == BPF_REG_X)
155	2.16k	return "x";
156	0	else
157	0	return NULL;
158		#else
159		return NULL;
160		#endif
161	6.80k	}
162
163		void BPF_get_insn_id(cs_struct h, cs_insn insn, unsigned int id)
164	15.4k	{
165		// Not used by BPF. Information is set after disassembly.
166	15.4k	}
167
168		static void sort_and_uniq(cs_regs arr, uint8_t n, uint8_t *new_n)
169	0	{
170		/* arr is always a tiny (usually n < 3) array,
171		* a simple O(n^2) sort is efficient enough. */
172	0	size_t iMin;
173	0	size_t tmp;
174
175		/* a modified selection sort for sorting and making unique */
176	0	for (size_t j = 0; j < n; j++) {
177		/* arr[iMin] will be min(arr[j .. n-1]) */
178	0	iMin = j;
179	0	for (size_t i = j + 1; i < n; i++) {
180	0	if (arr[i] < arr[iMin])
181	0	iMin = i;
182	0	}
183	0	if (j != 0 && arr[iMin] == arr[j - 1]) { // duplicate ele found
184	0	arr[iMin] = arr[n - 1];
185	0	--n;
186	0	} else {
187	0	tmp = arr[iMin];
188	0	arr[iMin] = arr[j];
189	0	arr[j] = tmp;
190	0	}
191	0	}
192
193	0	*new_n = n;
194	0	}
195		void BPF_reg_access(const cs_insn *insn, cs_regs regs_read,
196		uint8_t *regs_read_count, cs_regs regs_write,
197		uint8_t *regs_write_count)
198	0	{
199	0	unsigned i;
200	0	uint8_t read_count, write_count;
201	0	const cs_bpf *bpf = &(insn->detail->bpf);
202
203	0	read_count = insn->detail->regs_read_count;
204	0	write_count = insn->detail->regs_write_count;
205
206		// implicit registers
207	0	memcpy(regs_read, insn->detail->regs_read,
208	0	read_count * sizeof(insn->detail->regs_read[0]));
209	0	memcpy(regs_write, insn->detail->regs_write,
210	0	write_count * sizeof(insn->detail->regs_write[0]));
211
212	0	for (i = 0; i < bpf->op_count; i++) {
213	0	const cs_bpf_op *op = &(bpf->operands[i]);
214	0	switch (op->type) {
215	0	default:
216	0	break;
217	0	case BPF_OP_REG:
218	0	if (op->access & CS_AC_READ) {
219	0	regs_read[read_count] = op->reg;
220	0	read_count++;
221	0	}
222	0	if (op->access & CS_AC_WRITE) {
223	0	regs_write[write_count] = op->reg;
224	0	write_count++;
225	0	}
226	0	break;
227	0	case BPF_OP_MEM:
228	0	if (op->mem.base != BPF_REG_INVALID) {
229	0	regs_read[read_count] = op->mem.base;
230	0	read_count++;
231	0	}
232	0	break;
233	0	}
234	0	}
235
236	0	sort_and_uniq(regs_read, read_count, regs_read_count);
237	0	sort_and_uniq(regs_write, write_count, regs_write_count);
238	0	}