mirrors/unicorn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update FAQ

Browse Source
This commit is contained in:
mio 2022-11-01 10:04:59 +01:00
parent e6da816803
commit d9c241d5f4
No known key found for this signature in database
GPG Key ID: DFF27E34A47CB873
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
docs/FAQ.md
View File

@ -9,10 +9,10 @@ Optimize your program with less instrumentation, e.g. by using `UC_HOOK_BLOCK` i
## Why do I get a wrong PC after emulation stops?
Updating PC is a very large overhead (10x slower in the worst case, see FAQ above) for emulation so the PC sync guarantee is explained below:
Updating PC is a very large overhead (10x slower in the worst case, see FAQ above) for emulation so the PC sync guarantee is explained below in several cases:
- A `UC_HOOK_CODE` is installed. In this case, the PC is sync-ed _everywhere_ within the effective range of the hook. However, on some architectures, the PC might by sync-ed all the time if the hook is installed.
- A `UC_HOOK_MEM_READ` or `UC_HOOK_MEM_WRITE` is installed. In this case, the PC is sync-ed exactly before any read/write events within the effective range of the hook.
- A `UC_HOOK_CODE` hook is installed. In this case, the PC is sync-ed _everywhere_ within the effective range of the hook. However, on some architectures, the PC might by sync-ed all the time if the hook is installed in any range. Note using `count` in `uc_emu_start` implies installing a `UC_HOOK_CODE` hook.
- A `UC_HOOK_MEM_READ` or `UC_HOOK_MEM_WRITE` hook is installed. In this case, the PC is sync-ed exactly before any read/write events within the effective range of the hook.
- Emulation (`uc_emu_start`) terminates without any exception. In this case, the PC will point to the next instruction.
- No hook mentioned above is installed and emulation terminates with exceptions. In this case, the PC is sync-ed at the basic block boundary, in other words, the first instruction of the basic block where the exception happens.
@ -44,12 +44,13 @@ Currently, only a small subset of the instructions can be instrumented.
On x86, all available instructions are: `in` `out` `syscall` `sysenter` `cpuid`.
## Emulating some instructions gives an error, what should I do?
## Emulating some instructions gives an error like "Invalid Instruction", what should I do?
1. Some instructions are not enabled by default on some architectures. For example, you have to setup CSR on RISC-V or VFP on ARM before emulating floating-point instructions. Refer to the corresponding manual to check if you leave out possible switches in special registers.
2. If you are on ARM, please check whether you are emulating a THUMB instruction. If so, please use `UC_MODE_THUMB` and make sure the starting address is odd.
3. If either is not the case, it might be some newer instruction sets that qemu5 doesnt support.
4. Note some instruction sets are not implemented by QEMU.
2. Different CPU models support different sets of instructions. This is especially observed on ARM CPUs. For example, for `THUMB2` big-endian instructions, consider setting CPU model to `cortex-r5` or `arm_max`. See [#1725](https://github.com/unicorn-engine/unicorn/issues/1725) and [#1724](https://github.com/unicorn-engine/unicorn/issues/1724).
3. If you are on ARM, please check whether you are emulating a THUMB instruction. If so, please use `UC_MODE_THUMB` and make sure the starting address is odd.
4. If it's not the cases above, it might be some newer instruction sets that qemu5 doesnt support.
5. Note some instruction sets are not implemented by the latest QEMU.
If you are still using Unicorn1, please upgrade to Unicorn2 for better support.