Add a regression test for invalidating empty TB and have a better solution

2021-11-03 01:07:06 +01:00
parent c11b9aa5c3
commit eb75d459f0
3 changed files with 36 additions and 7 deletions
--- a/tests/unit/test_x86.c
+++ b/tests/unit/test_x86.c
@ -663,6 +663,39 @@ static void test_x86_clear_tb_cache()
    OK(uc_close(uc));
 }

+// This is a regression bug.
+static void test_x86_clear_empty_tb()
+{
+    uc_engine *uc;
+    // lb:
+    //    add ecx, 1;
+    //    cmp ecx, 0;
+    //    jz lb;
+    //    dec edx;
+    char code[] = "\x83\xc1\x01\x83\xf9\x00\x74\xf8\x4a";
+    int r_edx = 0x7890;
+    uint64_t code_start = 0x1240; // Choose this address by design
+    uint64_t code_len = 0x1000;
+
+    OK(uc_open(UC_ARCH_X86, UC_MODE_32, &uc));
+    OK(uc_mem_map(uc, code_start & (1 << 12), code_len, UC_PROT_ALL));
+    OK(uc_mem_write(uc, code_start, code, sizeof(code)));
+    OK(uc_reg_write(uc, UC_X86_REG_EDX, &r_edx));
+
+    // Make sure we generate an empty tb at the exit address by stopping at dec
+    // edx.
+    OK(uc_emu_start(uc, code_start, code_start + 8, 0, 0));
+
+    // If tb cache is not cleared, edx would be still 0x7890
+    OK(uc_emu_start(uc, code_start, code_start + sizeof(code) - 1, 0, 0));
+
+    OK(uc_reg_read(uc, UC_X86_REG_EDX, &r_edx));
+
+    TEST_CHECK(r_edx == 0x788f);
+
+    OK(uc_close(uc));
+}
+
 TEST_LIST = {{"test_x86_in", test_x86_in},
             {"test_x86_out", test_x86_out},
             {"test_x86_mem_hook_all", test_x86_mem_hook_all},
@ -685,4 +718,5 @@ TEST_LIST = {{"test_x86_in", test_x86_in},
             {"test_x86_sysenter", test_x86_sysenter},
             {"test_x86_hook_cpuid", test_x86_hook_cpuid},
             {"test_x86_clear_tb_cache", test_x86_clear_tb_cache},
+             {"test_x86_clear_empty_tb", test_x86_clear_empty_tb},
             {NULL, NULL}};