Implement LZCOUNT P-Code operation (#444)

fkie-cad · Mar 6, 2024 · 520cede · 520cede
1 parent 625b3d7
commit 520cede
Show file tree

Hide file tree

Showing 8 changed files with 69 additions and 10 deletions.
diff --git a/src/cwe_checker_lib/src/abstract_domain/bitvector.rs b/src/cwe_checker_lib/src/abstract_domain/bitvector.rs
@@ -245,7 +245,16 @@ pub mod tests {
         assert_eq!(
             BitvectorDomain::Value(bitvec!("-1:4")).cast(PopCount, ByteSize::new(8)),
             bv(32)
-        )
+        );
+
+        assert_eq!(
+            BitvectorDomain::Value(bitvec!("-1:4")).cast(LzCount, ByteSize::new(8)),
+            bv(0)
+        );
+        assert_eq!(
+            BitvectorDomain::Value(bitvec!("0:4")).cast(LzCount, ByteSize::new(8)),
+            bv(32)
+        );
     }
 
     #[test]

diff --git a/src/cwe_checker_lib/src/abstract_domain/interval.rs b/src/cwe_checker_lib/src/abstract_domain/interval.rs
@@ -674,8 +674,32 @@ impl RegisterDomain for IntervalDomain {
                     IntervalDomain::new(
                         Bitvector::zero(width.into()),
                         Bitvector::from_u64(self.bytesize().as_bit_length() as u64)
-                            .into_truncate(width)
-                            .unwrap(),
+                            .into_zero_resize(width),
+                    )
+                }
+            }
+            LzCount => {
+                if let Ok(interval) = self.try_to_interval() {
+                    let start_lz = interval.start.leading_zeros() as u64;
+                    let end_lz = interval.end.leading_zeros() as u64;
+                    // "leading zeroes" is monotonically decreasing for non-negative numbers.
+                    if start_lz >= end_lz {
+                        IntervalDomain::new(
+                            Bitvector::from_u64(end_lz).into_zero_resize(width),
+                            Bitvector::from_u64(start_lz).into_zero_resize(width),
+                        )
+                    } else {
+                        IntervalDomain::new(
+                            Bitvector::zero(width.into()),
+                            Bitvector::from_u64(self.bytesize().as_bit_length() as u64)
+                                .into_zero_resize(width),
+                        )
+                    }
+                } else {
+                    IntervalDomain::new(
+                        Bitvector::zero(width.into()),
+                        Bitvector::from_u64(self.bytesize().as_bit_length() as u64)
+                            .into_zero_resize(width),
                     )
                 }
             }

diff --git a/src/cwe_checker_lib/src/abstract_domain/interval/tests.rs b/src/cwe_checker_lib/src/abstract_domain/interval/tests.rs
@@ -652,3 +652,23 @@ fn stride_rounding() {
     );
     assert_eq!(bitvec!("-123:1").round_down_to_stride_of(&interval), None);
 }
+
+#[test]
+fn lzcount_op() {
+    use super::RegisterDomain;
+    // Test exact computation
+    let interval: IntervalDomain = Interval::mock_i8(3, 3).into();
+    let result = interval.cast(CastOpType::LzCount, ByteSize::new(2));
+    assert_eq!(result, bitvec!("0x6:2").into()); // leading 6 bits of the 8-bit value are zeroes
+
+    // Test result for non-exact interval
+    let interval: IntervalDomain = Interval::mock(3, 53).with_stride(5).into();
+    let result = interval.cast(CastOpType::LzCount, ByteSize::new(8));
+    assert_eq!(result, Interval::mock(58, 62).into());
+    let interval: IntervalDomain = Interval::mock(-1, 1).into();
+    let result = interval.cast(CastOpType::LzCount, ByteSize::new(8));
+    assert_eq!(result, Interval::mock(0, 64).into());
+    let interval: IntervalDomain = Interval::mock(-10, -4).into();
+    let result = interval.cast(CastOpType::LzCount, ByteSize::new(8));
+    assert_eq!(result, Interval::mock(0, 0).into());
+}
diff --git a/src/cwe_checker_lib/src/abstract_domain/mod.rs b/src/cwe_checker_lib/src/abstract_domain/mod.rs
@@ -129,7 +129,7 @@ pub trait TryToInterval {
     fn try_to_interval(&self) -> Result<Interval, Error>;
 
     /// If `self` represents an interval of absolute values (or can be widened to represent such an interval)
-    /// then return it as an interval of signed integers if the interval is bounded.
+    /// then return it as an interval of signed integers of the form `(start, end)` if the interval is bounded.
     /// Else return an error.
     /// Note that the conversion loses information about the bytesize of the values contained in the interval.
     fn try_to_offset_interval(&self) -> Result<(i64, i64), Error> {

diff --git a/src/cwe_checker_lib/src/intermediate_representation/bitvector.rs b/src/cwe_checker_lib/src/intermediate_representation/bitvector.rs
@@ -58,9 +58,12 @@ impl BitvectorExtended for Bitvector {
             CastOpType::Int2Float | CastOpType::Float2Float | CastOpType::Trunc => {
                 Err(anyhow!("Float operations not yet implemented"))
             }
-            CastOpType::PopCount => Ok(Bitvector::from_u64(self.count_ones() as u64)
-                .into_truncate(width)
-                .unwrap()),
+            CastOpType::PopCount => {
+                Ok(Bitvector::from_u64(self.count_ones() as u64).into_resize_unsigned(width))
+            }
+            CastOpType::LzCount => {
+                Ok(Bitvector::from_u64(self.leading_zeros() as u64).into_resize_unsigned(width))
+            }
         }
     }
 

diff --git a/src/cwe_checker_lib/src/intermediate_representation/expression.rs b/src/cwe_checker_lib/src/intermediate_representation/expression.rs
@@ -128,6 +128,7 @@ pub enum CastOpType {
     Float2Float,
     Trunc,
     PopCount,
+    LzCount,
 }
 
 /// The type/mnemonic of an unary operation

diff --git a/src/cwe_checker_lib/src/pcode/expressions.rs b/src/cwe_checker_lib/src/pcode/expressions.rs
@@ -164,7 +164,7 @@ impl From<Expression> for IrExpression {
     /// Cases where translation is not possible:
     /// - `LOAD` and `STORE`, since these are not expressions (they have side effects).
     /// - Expressions which store the size of their output in the output variable (to which we do not have access here).
-    /// These include `SUBPIECE`, `INT_ZEXT`, `INT_SEXT`, `INT2FLOAT`, `FLOAT2FLOAT`, `TRUNC` and `POPCOUNT`.
+    /// These include `SUBPIECE`, `INT_ZEXT`, `INT_SEXT`, `INT2FLOAT`, `FLOAT2FLOAT`, `TRUNC`, `LZCOUNT` and `POPCOUNT`.
     /// Translation of these expressions is handled explicitly during translation of `Def`.
     fn from(expr: Expression) -> IrExpression {
         use ExpressionType::*;
@@ -186,7 +186,7 @@ impl From<Expression> for IrExpression {
                 op: expr.mnemonic.into(),
                 arg: Box::new(expr.input0.unwrap().into()),
             },
-            INT_ZEXT | INT_SEXT | INT2FLOAT | FLOAT2FLOAT | TRUNC | POPCOUNT => panic!(),
+            INT_ZEXT | INT_SEXT | INT2FLOAT | FLOAT2FLOAT | TRUNC | POPCOUNT | LZCOUNT => panic!(),
         }
     }
 }
@@ -203,6 +203,7 @@ pub enum ExpressionType {
     PIECE,
     SUBPIECE,
     POPCOUNT,
+    LZCOUNT,
 
     INT_EQUAL,
     INT_NOTEQUAL,
@@ -353,6 +354,7 @@ impl From<ExpressionType> for IrCastOpType {
             FLOAT2FLOAT => IrCastOpType::Float2Float,
             TRUNC => IrCastOpType::Trunc,
             POPCOUNT => IrCastOpType::PopCount,
+            LZCOUNT => IrCastOpType::LzCount,
             _ => panic!(),
         }
     }

diff --git a/src/cwe_checker_lib/src/pcode/term.rs b/src/cwe_checker_lib/src/pcode/term.rs
@@ -166,7 +166,7 @@ impl Def {
                 size: target_var.size,
                 arg: Box::new(self.rhs.input0.unwrap().into()),
             },
-            INT_ZEXT | INT_SEXT | INT2FLOAT | FLOAT2FLOAT | TRUNC | POPCOUNT => {
+            INT_ZEXT | INT_SEXT | INT2FLOAT | FLOAT2FLOAT | TRUNC | POPCOUNT | LZCOUNT => {
                 IrExpression::Cast {
                     op: self.rhs.mnemonic.into(),
                     size: target_var.size,