Improving ARM/Thumb support in SimEngineUnicorn

There are multiple issues that prevent having reasonable support for ARM in SimEngineUnicorn. This issue is mostly about starting a conversation about these issues and possible goals to work towards, which will hopefully lead to improved support.

Right now, I can think of 3 key problems with supporting ARM in native interface:

1. Handling syscalls in unicorn: Currently, blocks invoking syscalls need to be fully executed in the VEX engine. Thus, we have to lift every block on ARM to check if it invokes a syscall and switch to VEX engine if it does. A lot of the lifting is very likely unnecessary. The reason for doing so is that setting up registers/memory for executing syscalls on ARM seems pretty complex(at least that is what I understood from what subwire said). I have not spent enough time analyzing what exactly needs to be done: subwire mentioned things vary based on the specific ARM version and things like interrupt vector tables need to be setup inside unicorn. I think a proper fix for this will speed things up in cases when no symbolic data is present.

2. Incorrect PC values: Even if unicorn is running in Thumb mode, PC values seem to be even always(likely because of poor support for ARM in unicorn). This will cause a problem when switching to VEX engine because VEX engine uses the PC value to determine if ARM/Thumb mode is active. This will also cause issues when trying to follow a trace because basic block addresses reported by unicorn engine will cause tracer to complain. I’m not sure if these two can be handled with a single fix: perhaps these need to be handled separately?

3. VEX lifting in native interface fails in Thumb mode(possibly trivial to fix?): Despite correctly detecting Thumb mode and adjusting PC value appropriately, VEX lifting occasionally fails. An example of this is block 0x8759 in test_fauxware_arm: it fails with STOP_VEX_LIFT_FAILED. This is likely me doing the lifting incorrectly but I am not sure where I’m going wrong. Any actual failures can be handled in VEX engine like in x86 if the second issue is fixed.

I think the following are possible goals to work towards for improving ARM support. However, I have very little understanding of ARM so these could be absolutely stupid ideas: would love some inputs/comments on these.

1. Getting test_fauxware_arm to pass. I think only block in authenticate needs to be executed in VEX engine and rest can all be done in unicorn. However, I’m not sure how easy solving issue 1 above will be.
2. Adding fauxware ARM similarity test case just like the x86 version
3. Similar test cases for ARM where Thumb mode is never active. I think test_fauxware_arm does switch between ARM and Thumb mode so maybe we should have test cases where execution is always in ARM mode?