On 6/28/19 7:06 PM, Jan Bobek wrote:
> That's true. (Although not in all cases; see Table 2-5 in the Intel Manual,
> Volume 2, Chapter 2, Section 2.2.1 "REX Prefixes" for some cases when REX.B
> is not decoded.) This is a compromise that I've accepted, at least for v1
> of the patch series. Note that this problem is also present in config entries
> such as
>
> PMOVMSKB SSE 00001111 11010111 !emit { modrm(mod => MOD_DIRECT,
> reg => ~REG_ESP); }
>
> Here, we force MODRM.REG != 4, but this avoids not only ESP/RSP, but
> also R12.
>
> Hmmm... I suppose I have some ideas on how to do it better. I'll try
> to fix this, though I suspect getting it 100 % right might be
> difficult and time-consuming.
I wonder if it might be better to do the randomization at a higher level:
* Pick full registers, either 3 bits for 32-bit or 4 bits for 64-bit,
and eventually 5 bits for avx512 z-regs for evex encoding. Let
risugen_x86_asm encode those depending on the chosen encoding.
* Pick only register vs memory for MODRM.MOD. If memory, randomize
base + index + shift + disp. Let risugen_x86_asm encode those
values into the modrm+sib+offset.
r~
