Merge pull request #968 from cla7aye15I4nd/dev

Refactor the peripheral logger mechanism and handle the interrupt crash

Author: cla7aye15I4nd

examples/rootfs

@@ -68,6 +68,7 @@ class CONTROL(IntEnum):
     PRIV  = 0b001
 
 class EXC_RETURN(IntEnum):
+    MASK = 0xfffffff0
     RETURN_SP   = 0b0100
     RETURN_MODE = 0b1000
 

qiling/arch/arm_const.py

@@ -7,19 +7,60 @@
 from capstone import Cs, CS_ARCH_ARM, CS_MODE_ARM, CS_MODE_MCLASS, CS_MODE_THUMB
 from keystone import Ks, KS_ARCH_ARM, KS_MODE_ARM, KS_MODE_THUMB
 
+from contextlib import ContextDecorator
+
 from qiling.const import QL_VERBOSE
 from qiling.exception import QlErrorNotImplemented
 
 from .arm import QlArchARM
 from .arm_const import IRQ, EXC_RETURN, CONTROL, EXCP
 
+class QlInterruptContext(ContextDecorator):
+    def __init__(self, ql):
+        self.ql = ql
+        self.reg_context = ['xpsr', 'pc', 'lr', 'r12', 'r3', 'r2', 'r1', 'r0']
+
+    def __enter__(self):
+        for reg in self.reg_context:
+            val = self.ql.reg.read(reg)
+            self.ql.arch.stack_push(val)
+        
+        if self.ql.verbose >= QL_VERBOSE.DISASM:
+            self.ql.log.info(f'Enter into interrupt')
+
+    def __exit__(self, *exc):
+        retval = self.ql.arch.get_pc()
+        
+        if retval & EXC_RETURN.MASK != EXC_RETURN.MASK:
+            self.ql.log.warning('Interrupt Crash')
+            self.ql.stop()
+
+        else:
+            # Exit handler mode
+            self.ql.reg.write('ipsr', 0)
+
+            # switch the stack accroding exc_return
+            old_ctrl = self.ql.reg.read('control')
+            if retval & EXC_RETURN.RETURN_SP:
+                self.ql.reg.write('control', old_ctrl |  CONTROL.SPSEL)            
+            else:
+                self.ql.reg.write('control', old_ctrl & ~CONTROL.SPSEL)
+
+            # Restore stack
+            for reg in reversed(self.reg_context):
+                val = self.ql.arch.stack_pop()
+                if reg == 'xpsr':                
+                    self.ql.reg.write('XPSR_NZCVQG', val)
+                else:
+                    self.ql.reg.write(reg, val)        
+
+        if self.ql.verbose >= QL_VERBOSE.DISASM:
+            self.ql.log.info('Exit from interrupt')
 
 class QlArchCORTEX_M(QlArchARM):
     def __init__(self, ql):
         super().__init__(ql)
 
-        self.reg_context = ['xpsr', 'pc', 'lr', 'r12', 'r3', 'r2', 'r1', 'r0']
-
         def intr_cb(ql, intno):
             if intno == EXCP.SWI:
                 ql.hw.nvic.set_pending(IRQ.SVCALL)                    
@@ -48,78 +89,51 @@ def step(self):
         self.ql.emu_start(self.get_pc(), 0, count=1)
         self.ql.hw.step()
 
+    def stop(self):
+        self.runable = False
+
     def run(self, count=-1, end=None):
+        self.runable = True
+
         if type(end) is int:
-            end |= 1
+            end |= 1        
 
-        while count != 0:
+        while self.runable and count != 0:
             if self.get_pc() == end:
                 break
 
             self.step()
-            count -= 1
+            count -= 1    
 
     def is_handler_mode(self):
         return self.ql.reg.read('ipsr') > 1
 
     def using_psp(self):
         return not self.is_handler_mode() and (self.ql.reg.read('control') & CONTROL.SPSEL) > 0
 
-    def enter_intr(self):
-        # Save Stack
-        for reg in self.reg_context:
-            val = self.ql.reg.read(reg)
-            self.ql.arch.stack_push(val)
-        
-        if self.ql.verbose >= QL_VERBOSE.DISASM:
-            self.ql.log.info(f'Enter into interrupt')
-
-    def exit_intr(self):
-        # Exit handler mode
-        self.ql.reg.write('ipsr', 0)
-
-        # switch the stack accroding exc_return
-        old_ctrl = self.ql.reg.read('control')
-        if self.ql.arch.get_pc() & EXC_RETURN.RETURN_SP:
-            self.ql.reg.write('control', old_ctrl |  CONTROL.SPSEL)            
-        else:
-            self.ql.reg.write('control', old_ctrl & ~CONTROL.SPSEL)
-
-        # Restore stack
-        for reg in reversed(self.reg_context):
-            val = self.ql.arch.stack_pop()
-            if reg == 'xpsr':                
-                self.ql.reg.write('XPSR_NZCVQG', val)
-            else:
-                self.ql.reg.write(reg, val)        
-
-        if self.ql.verbose >= QL_VERBOSE.DISASM:
-            self.ql.log.info('Exit from interrupt')
+    def handle_interupt(self, IRQn):        
+        basepri = self.ql.reg.read('basepri') & 0xf0
+        if basepri and basepri <= self.ql.hw.nvic.get_priority(IRQn):
+            return
 
-    def handle_interupt(self, IRQn):
         if IRQn > IRQ.HARD_FAULT and (self.ql.reg.read('primask') & 0x1):
             return
-            
+                
         if IRQn != IRQ.NMI and (self.ql.reg.read('faultmask') & 0x1):
             return
 
-        basepri = self.ql.reg.read('basepri') & 0xf0
-        if basepri != 0 and basepri <= self.ql.hw.nvic.get_priority(IRQn):
-            return
-
         if self.ql.verbose >= QL_VERBOSE.DISASM:
-            self.ql.log.info(f'Handle the IRQn: {IRQn}')
-
-        isr = IRQn + 16
-        offset = isr << 2
-
-        entry = self.ql.mem.read_ptr(offset)
-        exc_return = 0xFFFFFFFD if self.ql.arch.using_psp() else 0xFFFFFFF9        
+            self.ql.log.debug(f'Handle the IRQn: {IRQn}')
+                
+        with QlInterruptContext(self.ql):
+            isr = IRQn + 16
+            offset = isr * 4
 
-        # Enter handler mode
-        self.ql.reg.write('ipsr', isr)                
+            entry = self.ql.mem.read_ptr(offset)
+            exc_return = 0xFFFFFFFD if self.ql.arch.using_psp() else 0xFFFFFFF9        
 
-        self.ql.reg.write('pc', entry)
-        self.ql.reg.write('lr', exc_return) 
+            self.ql.reg.write('ipsr', isr)
+            self.ql.reg.write('pc', entry)
+            self.ql.reg.write('lr', exc_return) 
 
-        self.ql.emu_start(self.ql.arch.get_pc(), 0)
+            self.ql.emu_start(self.ql.arch.get_pc(), 0, count=0xffffff)

qiling/arch/cortex_m.py

@@ -859,8 +859,12 @@ def emu_stop(self):
     def stop(self):
         if self.multithread:
             self.os.thread_management.stop() 
+
+        elif self.archtype in QL_ARCH_HARDWARE:
+            self.arch.stop()
+
         else:
-            self.uc.emu_stop()            
+            self.uc.emu_stop()        
 
     # start emulation
     def emu_start(self, begin, end, timeout=0, count=0):

qiling/core.py

@@ -59,6 +59,7 @@ def __init__(self, ql, label, intn=None):
         self.recv_buf = bytearray()
         self.send_buf = bytearray()
 
+    @QlPeripheral.read_debug
     def read(self, offset: int, size: int) -> int:
         buf = ctypes.create_string_buffer(size)
         ctypes.memmove(buf, ctypes.addressof(self.usart) + offset, size)
@@ -69,26 +70,36 @@ def read(self, offset: int, size: int) -> int:
 
         return retval
 
-    def write(self, offset: int, size: int, value: int):
+    @QlPeripheral.write_debug
+    def write(self, offset: int, size: int, value: int):        
         if offset == self.struct.SR.offset:
             self.usart.SR &= value | USART_SR.CTS | USART_SR.LBD | USART_SR.TC | USART_SR.RXNE
 
         elif offset == self.struct.DR.offset:
-            self.transfer(value & 0xff)
-            self.usart.SR |= USART_SR.TC
+            self.usart.SR &= ~USART_SR.TXE
+            self.usart.DR = value
 
         else:
             data = (value).to_bytes(size, byteorder='little')
             ctypes.memmove(ctypes.addressof(self.usart) + offset, data, size)
 
-    def transfer(self, value: int):
-        """ transfer data to buffer
-
-        Args:
-            value (int): transfer data
+    def transfer(self):
+        """ transfer data from DR to shift buffer and
+            receive data from user buffer into DR
         """        
-        self.send_buf.append(value)
-        self.ql.log.debug(f'[{self.label}] Send {repr(chr(value))}')
+
+        if not (self.usart.SR & USART_SR.TXE):
+            data = self.usart.DR
+
+            self.usart.SR |= USART_SR.TXE            
+            self.send_buf.append(data)
+
+        if not (self.usart.SR & USART_SR.RXNE): 
+            # TXE bit must had been cleared
+            if self.recv_buf:
+                self.usart.SR |= USART_SR.RXNE
+                self.usart.DR = self.recv_buf.pop(0)        
+        
 
     def send(self, data: bytes):
         """ send user data into USART.
@@ -109,13 +120,7 @@ def recv(self) -> bytes:
         return data
 
     def step(self):
-        if not (self.usart.SR & USART_SR.RXNE):
-            if self.recv_buf:
-                self.usart.SR |= USART_SR.RXNE
-                self.usart.DR = self.recv_buf.pop(0)
-        
-        if not (self.usart.SR & USART_SR.TXE):
-            self.usart.SR |= USART_SR.TXE
+        self.transfer()
 
         if self.intn is not None:
             if  (self.usart.CR1 & USART_CR1.PEIE   and self.usart.SR & USART_SR.PE)   or \

qiling/hw/char/stm32f4xx_usart.py

@@ -64,6 +64,7 @@ def __init__(self, ql, label,
             PUPDR   = pupdr_reset,
         )        
 
+    @QlPeripheral.read_debug
     def read(self, offset: int, size: int) -> int:
         if offset == self.struct.BSRR.offset:
             return 0x00
@@ -72,6 +73,7 @@ def read(self, offset: int, size: int) -> int:
         ctypes.memmove(buf, ctypes.addressof(self.gpio) + offset, size)
         return int.from_bytes(buf.raw, byteorder='little')
 
+    @QlPeripheral.write_debug
     def write(self, offset: int, size: int, value: int):
         if offset == self.struct.IDR.offset:
             return

qiling/hw/gpio/stm32f4xx_gpio.py

@@ -62,13 +62,13 @@ def reset(self):
 			TRISE = 0x0002
 		)
 
-	def read(self, offset: int, size: int) -> int:
-		self.ql.log.debug(f'[{self.label.upper()}] [R] {self.find_field(offset, size):10s}')
-
+	@QlPeripheral.read_debug
+	def read(self, offset: int, size: int) -> int:		
 		buf = ctypes.create_string_buffer(size)
 		ctypes.memmove(buf, ctypes.addressof(self.i2c) + offset, size)
 		return int.from_bytes(buf.raw, byteorder='little')
 
+	@QlPeripheral.write_debug
 	def write(self, offset: int, size: int, value: int):
 		self.ql.log.debug(f'[{self.label.upper()}] [W] {self.find_field(offset, size):10s} = {hex(value)}')
 

qiling/hw/i2c/stm32f4xx_i2c.py

@@ -111,15 +111,15 @@ def step(self):
         while self.intrs:
             IRQn = self.intrs.pop(0)
             self.clear_pending(IRQn)
-            self.ql.arch.enter_intr()
-            self.ql.arch.handle_interupt(IRQn)
-            self.ql.arch.exit_intr()
+            self.ql.arch.handle_interupt(IRQn)            
 
+    @QlPeripheral.read_debug
     def read(self, offset: int, size: int) -> int:
         buf = ctypes.create_string_buffer(size)
         ctypes.memmove(buf, ctypes.addressof(self.nvic) + offset, size)
         return int.from_bytes(buf.raw, byteorder='little')
 
+    @QlPeripheral.write_debug
     def write(self, offset: int, size: int, value: int):
         def write_byte(ofs, byte):
             for var, func in self.triggers:

qiling/hw/intc/cm4_nvic.py

@@ -117,11 +117,13 @@ def get_pending(self, IRQn):
     def get_priority(self, IRQn):
         return self.scb.SHP[(IRQn & 0xf) - 4]
 
+    @QlPeripheral.read_debug
     def read(self, offset: int, size: int) -> int:
         buf = ctypes.create_string_buffer(size)
         ctypes.memmove(buf, ctypes.addressof(self.scb) + offset, size)
         return int.from_bytes(buf.raw, byteorder='little')
 
+    @QlPeripheral.write_debug
     def write(self, offset: int, size: int, value: int):
         if offset == self.struct.ICSR.offset:
             if (value >> 28) & 1:

qiling/hw/misc/cm4_scb.py

@@ -79,16 +79,14 @@ def __init__(self, ql, label, intn=None):
 
 		self.intn = intn
 
-	def read(self, offset: int, size: int) -> int:
-		self.ql.log.debug(f'[{self.label.upper()}] [R] {self.find_field(offset, size):10s}')
-		
+	@QlPeripheral.read_debug
+	def read(self, offset: int, size: int) -> int:		
 		buf = ctypes.create_string_buffer(size)
 		ctypes.memmove(buf, ctypes.addressof(self.rcc) + offset, size)
 		return int.from_bytes(buf.raw, byteorder='little')
 
+	@QlPeripheral.write_debug
 	def write(self, offset: int, size: int, value: int):
-		self.ql.log.debug(f'[{self.label.upper()}] [W] {self.find_field(offset, size):10s} = {hex(value)}')
-
 		if offset == self.struct.CR.offset:
 			value = (self.rcc.CR & RCC_CR.RO_MASK) | (value & RCC_CR.RW_MASK)
 		elif offset == self.struct.CFGR.offset: