Some fix for ARM exception handler and mnist example

examples/mcu/stm32f407_mnist_oled.py

@@ -0,0 +1,36 @@
+#!/usr/bin/env python3
+#
+# Cross Platform and Multi Architecture Advanced Binary Emulation Framework
+#
+
+import sys
+sys.path.append("../..")
+
+from qiling.core import Qiling
+from qiling.const import QL_VERBOSE
+from qiling.extensions.mcu.stm32f4 import stm32f407
+from qiling.hw.external_device.oled.ssd1306 import PyGameSSD1306Spi
+
+
+ql = Qiling(["../rootfs/mcu/stm32f407/mnist.bin", 0x8000000],
+            archtype="cortex_m", env=stm32f407, verbose=QL_VERBOSE.DEFAULT)
+
+ql.hw.create('rcc')
+ql.hw.create('gpiod')
+ql.hw.create('spi1')
+ql.hw.create('crc')
+
+oled = PyGameSSD1306Spi(dc=(ql.hw.gpiod, 5))
+ql.hw.spi1.connect(oled)
+
+ql.hw.systick.ratio = 1000
+
+## a temporary method
+def hook_smlabb(ql):
+    ql.reg.r3 = ql.reg.r2 + ql.reg.r1 * ql.reg.r3
+    ql.reg.pc = (ql.reg.pc + 4) | 1
+
+ql.hook_address(hook_smlabb, 0x8007a12)
+ql.hook_address(hook_smlabb, 0x8007b60)
+
+ql.run()

qiling/arch/cortex_m.py

@@ -85,6 +85,7 @@ def step(self):
         self.ql.hw.step()
 
     def stop(self):
+        self.ql.emu_stop()
         self.runable = False
 
     def run(self, count=-1, end=None):
@@ -112,13 +113,34 @@ def init_context(self):
         self.ql.reg.write('pc' , self.ql.mem.read_ptr(0x4))
 
     def soft_interrupt_handler(self, ql, intno):
-        if intno == EXCP.SWI:
-            ql.hw.nvic.set_pending(IRQ.SVCALL)                    
-
-        elif intno == EXCP.EXCEPTION_EXIT:
-            ql.emu_stop()            
-
-        else:
+        forward_mapper = {
+            EXCP.UDEF           : IRQ.HARD_FAULT,    # undefined instruction
+            EXCP.SWI            : IRQ.SVCALL,        # software interrupt
+            EXCP.PREFETCH_ABORT : IRQ.HARD_FAULT,
+            EXCP.DATA_ABORT     : IRQ.HARD_FAULT,
+            EXCP.EXCEPTION_EXIT : IRQ.NOTHING,
+            # EXCP.KERNEL_TRAP    : IRQ.NOTHING,
+            # EXCP.HVC            : IRQ.NOTHING,
+            # EXCP.HYP_TRAP       : IRQ.NOTHING,
+            # EXCP.SMC            : IRQ.NOTHING,
+            # EXCP.VIRQ           : IRQ.NOTHING,
+            # EXCP.VFIQ           : IRQ.NOTHING,
+            # EXCP.SEMIHOST       : IRQ.NOTHING,
+            EXCP.NOCP           : IRQ.USAGE_FAULT,   # v7M NOCP UsageFault
+            EXCP.INVSTATE       : IRQ.USAGE_FAULT,   # v7M INVSTATE UsageFault
+            EXCP.STKOF          : IRQ.USAGE_FAULT,   # v8M STKOF UsageFault
+            # EXCP.LAZYFP         : IRQ.NOTHING,
+            # EXCP.LSERR          : IRQ.NOTHING,
+            EXCP.UNALIGNED      : IRQ.USAGE_FAULT,   # v7M UNALIGNED UsageFault
+        }
+
+        ql.emu_stop()
+
+        try:
+            handle = forward_mapper.get(intno)
+            if handle != IRQ.NOTHING:
+                ql.hw.nvic.set_pending(handle)
+        except IndexError:
             raise QlErrorNotImplemented(f'Unhandled interrupt number ({intno})')
 
     def hard_interrupt_handler(self, ql, intno):

qiling/arch/cortex_m_const.py

@@ -48,18 +48,37 @@ class IRQ(IntEnum):
     SVCALL = -5
     PENDSV = -2
     SYSTICK = -1
+    NOTHING = 0
 
 class CONTROL(IntEnum):
     FPCA  = 0b100
     SPSEL = 0b010
     PRIV  = 0b001
 
 class EXC_RETURN(IntEnum):
-    MASK = 0xfffffff0
+    MASK        = 0xfffffff0
     RETURN_SP   = 0b0100
     RETURN_MODE = 0b1000
 
 class EXCP(IntEnum):
-    SWI = 2            # software interrupt
-    EXCEPTION_EXIT = 8 # Return from v7M exception
-
+    UDEF           =  1   # undefined instruction
+    SWI            =  2   # software interrupt
+    PREFETCH_ABORT =  3
+    DATA_ABORT     =  4
+    IRQ            =  5
+    FIQ            =  6
+    BKPT           =  7
+    EXCEPTION_EXIT =  8   # Return from v7M exception. 
+    KERNEL_TRAP    =  9   # Jumped to kernel code page. 
+    HVC            = 11   # HyperVisor Call
+    HYP_TRAP       = 12
+    SMC            = 13   # Secure Monitor Call
+    VIRQ           = 14
+    VFIQ           = 15
+    SEMIHOST       = 16   # semihosting call
+    NOCP           = 17   # v7M NOCP UsageFault
+    INVSTATE       = 18   # v7M INVSTATE UsageFault
+    STKOF          = 19   # v8M STKOF UsageFault
+    LAZYFP         = 20   # v7M fault during lazy FP stacking
+    LSERR          = 21   # v8M LSERR SecureFault
+    UNALIGNED      = 22   # v7M UNALIGNED UsageFault

qiling/extensions/mcu/bes/__init__.py

@@ -0,0 +1,6 @@
+#!/usr/bin/env python3
+#
+# Cross Platform and Multi Architecture Advanced Binary Emulation Framework
+#
+
+from .bes2300 import bes2300

qiling/extensions/mcu/bes/bes2300.py

@@ -0,0 +1,127 @@
+#!/usr/bin/env python3
+#
+# Cross Platform and Multi Architecture Advanced Binary Emulation Framework
+#
+
+bes2300 = {
+    "ROM": {
+        "base":0x0,
+        "size":0xc000,
+        "type": "memory"
+    },
+    "RAM": {
+        "base":0x200a0000,
+        "size":0x20000,
+        "type": "memory"
+    },
+    "FLASH": {
+        "base": 0x3C000000,
+        "size": 0x100000,
+        "type": "memory"
+    },
+    "CMU": {
+        "struct": "BES2300Cmu",
+        "base":0x40000000,
+        "type": "peripheral"
+    },
+    "I2C0": {
+        "struct": "BES2300I2c",
+        "base":0x40005000,
+        "type": "peripheral"
+    },
+    "I2C1": {
+        "struct": "BES2300I2c",
+        "base":0x40006000,
+        "type": "peripheral"
+    },
+    "SPI": {
+        "struct": "BES2300Spi",
+        "base":0x40007000,
+        "type": "peripheral"
+    },
+    "SPILCD": {
+        "struct": "BES2300Spi",
+        "base":0x40008000,
+        "type": "peripheral"
+    },
+    "SPIPHY": {
+        "struct": "BES2300Spi",
+        "base":0x4000a000,
+        "type": "peripheral"
+    },
+    "UART0": {
+        "struct": "BES2300Uart",
+        "base":0x4000b000,
+        "type": "peripheral"
+    },
+    "UART1": {
+        "struct": "BES2300Uart",
+        "base":0x4000c000,
+        "type": "peripheral"
+    },
+    "UART2": {
+        "struct": "BES2300Uart",
+        "base":0x4000d000,
+        "type": "peripheral"
+    },
+    "BTPCM": {
+        "struct": "BES2300Btpcm",
+        "base":0x4000e000,
+        "type": "peripheral"
+    },
+    "I2S0": {
+        "struct": "BES2300I2s",
+        "base":0x4000f000,
+        "type": "peripheral"
+    },
+    "SPDIF0": {
+        "struct": "BES2300Spdif",
+        "base":0x40010000,
+        "type": "peripheral"
+    },
+    "SDMMC": {
+        "struct": "BES2300Sdmmc",
+        "base":0x40110000,
+        "type": "peripheral"
+    },
+    "I2C_SLAVE": {
+        "struct": "BES2300I2c",
+        "base":0x40160000,
+        "type": "peripheral"
+    },
+    "USB": {
+        "struct": "BES2300Usb",
+        "base":0x40180000,
+        "type": "peripheral"
+    },
+    "CODEC": {
+        "struct": "BES2300Codec",
+        "base":0x40300000,
+        "type": "peripheral"
+    },
+    "IOMUX": {
+        "struct": "BES2300Iomux",
+        "base":0x40086000,
+        "type": "peripheral"
+    },
+    "GPIO": {
+        "struct": "BES2300Gpio",
+        "base":0x40081000,
+        "type": "peripheral"
+    },
+    "PWM": {
+        "struct": "BES2300Pwm",
+        "base":0x40083000,
+        "type": "peripheral"
+    },
+    "TIMER0": {
+        "struct": "BES2300Timer",
+        "base":0x40002000,
+        "type": "peripheral"
+    },
+    "TIMER1": {
+        "struct": "BES2300Timer",
+        "base":0x40003000,
+        "type": "peripheral"
+    }
+}

qiling/extensions/mcu/stm32f4/stm32f401.py

@@ -57,8 +57,20 @@
         "struct": "STM32F4xxExti",
         "type": "peripheral"
     },
+    "CODE": {
+        "base": 0x08000000,
+        "size": 0x10000,
+        "alias": 0x0,
+        "type": "remap"
+    }, 
+    "CODE": {
+        "base": 0x08000000,
+        "size": 0x80000,
+        "alias": 0x0,
+        "type": "remap"
+    }, 
     "FLASH": {
-        "base": 0x8000000,
+        "base": 0x08000000,
         "size": 0x80000,
         "type": "memory"
     },

qiling/extensions/mcu/stm32f4/stm32f405.py

@@ -94,8 +94,14 @@
         "struct": "STM32F4xxExti",
         "type": "peripheral"
     },
+    "CODE": {
+        "base": 0x08000000,
+        "size": 0x100000,
+        "alias": 0x0,
+        "type": "remap"
+    }, 
     "FLASH": {
-        "base": 0x8000000,
+        "base": 0x08000000,
         "size": 0x100000,
         "type": "memory"
     },

qiling/extensions/mcu/stm32f4/stm32f407.py

@@ -111,8 +111,14 @@
         "struct": "STM32F4xxExti",
         "type": "peripheral"
     },
+    "CODE": {
+        "base": 0x08000000,
+        "size": 0x100000,
+        "alias": 0x0,
+        "type": "remap"
+    }, 
     "FLASH": {
-        "base": 0x8000000,
+        "base": 0x08000000,
         "size": 0x100000,
         "type": "memory"
     },

qiling/extensions/mcu/stm32f4/stm32f410.py

@@ -62,8 +62,14 @@
         "struct": "STM32F4xxExti",
         "type": "peripheral"
     },
+    "CODE": {
+        "base": 0x08000000,
+        "size": 0x20000,
+        "alias": 0x0,
+        "type": "remap"
+    }, 
     "FLASH": {
-        "base": 0x8000000,
+        "base": 0x08000000,
         "size": 0x20000,
         "type": "memory"
     },

qiling/extensions/mcu/stm32f4/stm32f411.py

@@ -57,8 +57,14 @@
         "struct": "STM32F4xxExti",
         "type": "peripheral"
     },
+    "CODE": {
+        "base": 0x08000000,
+        "size": 0x80000,
+        "alias": 0x0,
+        "type": "remap"
+    }, 
     "FLASH": {
-        "base": 0x8000000,
+        "base": 0x08000000,
         "size": 0x80000,
         "type": "memory"
     },

qiling/extensions/mcu/stm32f4/stm32f412.py

@@ -79,8 +79,14 @@
         "struct": "STM32F4xxExti",
         "type": "peripheral"
     },
+    "CODE": {
+        "base": 0x08000000,
+        "size": 0x100000,
+        "alias": 0x0,
+        "type": "remap"
+    }, 
     "FLASH": {
-        "base": 0x8000000,
+        "base": 0x08000000,
         "size": 0x100000,
         "type": "memory"
     },

qiling/extensions/mcu/stm32f4/stm32f413.py

@@ -95,8 +95,14 @@
         "struct": "STM32F4xxExti",
         "type": "peripheral"
     },
+    "CODE": {
+        "base": 0x08000000,
+        "size": 0x180000,
+        "alias": 0x0,
+        "type": "remap"
+    }, 
     "FLASH": {
-        "base": 0x8000000,
+        "base": 0x08000000,
         "size": 0x180000,
         "type": "memory"
     },