Remill bug parsing CALL instruction #151
Description
I've built this HLS parser (from the chromium source tree) as an aarch64 target. I suspect there are some interesting aspects of the binary itself that are causing this failure, but I'm not sure what I can do to fix it. Looks like there's a known bug in remill's TraceLifter.cpp source.
root@41244d4f5293:~/elfconv/bin# TARGET=aarch64-wasm ./elfconv.sh ./hls_parser
[INFO] ELF -> LLVM bitcode...
E20250904 01:13:00.034116 255 Arch.cpp:4143] Unrecognized system register df02 with op0=3, op1=3, crn=e, crm=0, op2=2, bits.name=0xdf02
E20250904 01:13:00.036649 255 Arch.cpp:4143] Unrecognized system register df02 with op0=3, op1=3, crn=e, crm=0, op2=2, bits.name=0xdf02
[Bug] Unsupported instruction at address: 0x001b6ddc (SemanticsFunction), instForm: LD2_ASISDLSE_R2_2D
E20250904 01:13:02.342943 255 Arch.cpp:4143] Unrecognized system register df00 with op0=3, op1=3, crn=e, crm=0, op2=0, bits.name=0xdf00
E20250904 01:13:03.079550 255 Arch.cpp:4143] Unrecognized system register df02 with op0=3, op1=3, crn=e, crm=0, op2=2, bits.name=0xdf02
E20250904 01:13:03.098203 255 Arch.cpp:4143] Unrecognized system register df02 with op0=3, op1=3, crn=e, crm=0, op2=2, bits.name=0xdf02
E20250904 01:13:03.138195 255 Arch.cpp:4143] Unrecognized system register df02 with op0=3, op1=3, crn=e, crm=0, op2=2, bits.name=0xdf02
[Bug] Unsupported instruction at address: 0x001b4800 (SemanticsFunction), instForm: LD1_ASISDLSEP_I2_I2_4S
[Bug] Unsupported instruction at address: 0x001b4f30 (SemanticsFunction), instForm: LD1_ASISDLSEP_I2_I2_4S
[Bug] Unsupported instruction at address: 0x001b519c (SemanticsFunction), instForm: LD1_ASISDLSEP_I2_I2_2D
[Bug] Unsupported instruction at address: 0x001b5434 (SemanticsFunction), instForm: LD1_ASISDLSEP_I2_I2_2D
[Bug] Unsupported instruction at address: 0x001b5748 (SemanticsFunction), instForm: LD1_ASISDLSE_R4_4V_2D
[Bug] Unsupported instruction at address: 0x001b5b90 (SemanticsFunction), instForm: LD1_ASISDLSEP_I2_I2_16B
[Bug] Unsupported instruction at address: 0x001b5c48 (SemanticsFunction), instForm: LD1_ASISDLSEP_I2_I2_16B
E20250904 01:13:06.033751 255 Arch.cpp:2001] Decoding reserved bit for shift value.
F20250904 01:13:12.715055 255 TraceLifter.cpp:992] [Bug] call_inst: %1055 = call <2 x float> @_ZN12_GLOBAL__N_15LDP_SEP14RuntimeManager3MVIIDv1_mE(ptr %runtime_manager, i64 %1054)pc: 3020952
*** Check failure stack trace: ***
@ 0x55c6de5ba2b6 google::LogMessage::SendToLog()
@ 0x55c6de5b6814 google::LogMessage::Flush()
@ 0x55c6de5baa4f google::LogMessageFatal::~LogMessageFatal()
@ 0x55c6dd85afb8 remill::TraceLifter::Impl::Lift()
@ 0x55c6dd856c0b remill::TraceLifter::Lift()
@ 0x55c6dd84db0e main
@ 0x7fe38f6b6d90 (unknown)
@ 0x7fe38f6b6e40 __libc_start_main
@ 0x55c6dd80bd85 _start
@ (nil) (unknown)
./elfconv.sh: line 31: 255 Aborted (core dumped) ./elflift --arch $arch_name --bc_out lift.bc --target_elf "$ELFPATH" --dbg_fun_cfg "$2" --target_arch "$target_arch" --float_exception "$FLOAT_STATUS_FLAG"
[INFO] LLVM bitcode (lift.bc) was generated.
[INFO] Compiling to Wasm and Js (for Browser)...
emcc: error: lift.bc: No such file or directory ("lift.bc" was expected to be an input file, based on the commandline arguments provided)
[INFO] exe.wasm and exe.js were generated.
rm: cannot remove '/root/elfconv/bin/lift.bc': No such file or directory