Paste: claude code factor arm64 audit
| Author: | erg |
|---|
| Mode: | markdown |
|---|
| Date: | Thu, 24 Jul 2025 17:15:51 |
|---|
Plain Text |
```
⏺ ARM64 Assembler Audit Results
1. Critical Issue: Incorrect ADRP Encoding
Line 423: The ADRP instruction has a bug. It shifts the immediate by 12 (12 ?>>), but ADRP works with page addresses (4KB pages). The
immediate should be the page offset from PC, not just shifted by 12.
2. Potential Issue: Unconditional Branch Range
Lines 651-656: The unconditional branch instructions (B/BL) check for 26-bit signed immediates but then shift by 2. This is correct for
word-aligned addresses, but the error message from check-signed-immediate might be misleading.
3. Bug in Bitfield Instructions
Line 557: In UBFIZ, the calculation max-width 2^ lsb - should be max-width 2^ lsb - but this creates an off-by-one error. Should be lsb width
+ max-width 2^ <=.
4. Missing Validation in Extended Register
Lines 275-283: The extended register constructors (<UXTB>, <UXTH>, etc.) don't validate that uimm3 is actually a 3-bit value (0-7).
5. Incorrect Shift Amount Validation
Lines 562-573: LSL, LSR, ASR immediate versions check against max-width but should check against max-width 1 - since a shift of the full
width is undefined.
6. Bug in Logical Immediate Encoding
Line 486: In Nimms, the calculation 6 toggle-bit is suspicious. ARM64 logical immediates use a specific encoding with N, immr, and imms
fields. The toggle-bit operation seems incorrect.
7. Missing Range Check in SIMD Instructions
Lines 1228-1231: INSgen checks imm against 5 swap - but doesn't validate that the source register index is valid for the element size.
8. Incorrect FP Register Width Validation
Line 223: FP registers support 8, 16, 32, 64, and 128-bit widths, but vector registers are listed as only supporting 64-bit width (line 35),
which is incorrect - they should support 128-bit for SIMD.
9. Off-by-one in Move Wide Instructions
Line 523: pick 1 + in move-wide-imm suggests checking against width+1, but should just check against width (16 bits).
10. Missing Overflow Check
Lines 1383-1389: SIMD shift instructions don't validate that the shift amount is within valid range for the element size.
Summary of Issues Found:
- Wrong opcodes/encoding: ADRP, logical immediates
- Off-by-one errors: UBFIZ, shift instructions, move wide
- Missing validation: extended registers, SIMD operations
- Incorrect constraints: FP/vector register widths
```
| Author: | erg |
|---|
| Mode: | factor |
|---|
| Date: | Thu, 24 Jul 2025 17:23:45 |
|---|
Plain Text |
⏺ X86-64 Assembler Audit Results
1. Incorrect IMUL3 Opcode
Lines 419-424: The IMUL3 instruction uses opcodes 0x6a/0x68, but these are PUSH immediate opcodes. The correct opcodes should be 0x6b (8-bit
immediate) and 0x69 (32-bit immediate).
2. Missing REX.W Validation
Line 119: The rex-prefix function doesn't validate that REX.W is only used with 64-bit operations. It could incorrectly emit REX.W for 32-bit
operations.
3. Bug in Zero-Extension Logic
Lines 211-215: The zero-extendable? function checks 1 32 2^ 1 - between? which is checking if a value is between 1 and 2^32-1. This is
incorrect - it should check if the value fits in 32 bits unsigned (0 to 2^32-1).
4. Missing SIB Byte for [RSP+disp]
Line 66: The code doesn't handle the special case where RSP as base register always requires a SIB byte, even without an index register. Test
line 66 shows this is caught, but the implementation could be clearer.
5. Incorrect FYL2XP1 Opcode
Line 577: FYL2XP1 has the same opcode as FYL2X (0xD9 0xF1). The correct opcode for FYL2XP1 should be 0xD9 0xF9.
6. Missing Validation in Shift Instructions
Lines 400-404: The shift instructions don't validate that the immediate count is within valid range (0-63 for 64-bit, 0-31 for 32-bit).
7. Potential Bug in TEST Immediate
Line 364: TEST with immediate uses maybe-zero-extend but the encoding might be incorrect for certain edge cases with sign extension.
8. Missing ModR/M Special Cases
Lines 52-60: The code handles RBP/R13 requiring displacement when used as base (no displacement), but the logic could miss edge cases with
SIB byte combinations.
9. Incorrect Direction Bit Logic
Lines 178-180: The direction bit logic swaps operands when dst is register and src is not, but this might not handle all cases correctly,
especially with certain SSE instructions.
10. Missing Prefix Ordering
The assembler doesn't enforce correct prefix ordering (legacy prefixes, REX, opcode). While it may work, incorrect ordering can cause issues
on some processors.
Summary of Issues:
- Wrong opcodes: IMUL3, FYL2XP1
- Missing validation: REX.W usage, shift counts
- Logic errors: zero-extension check, direction bit
- Special case handling: RSP/RBP addressing modes
- No prefix ordering enforcement
The x86-64 assembler is more mature than the ARM64 one, but still has several issues that could lead to incorrect code generation or
assembler errors.
New Annotation