How good do decompilers support x87 instructions?

Posted on November 25, 2020 by rfalke
subject.exe is a hand written program which tests all the x87 FPU instructions. As usual the motivation is to test other decompilers but also to have a good test case/demo for my own decompiler. The contests are:
  • reko version b08e86b
  • retdec version 31ffc7c
  • ghidra version 9.1.2_PUBLIC

reko

Looking at the output one can see:
  • high: reko doesn’t load constant values (neither float nor int) from read-only sections
  • reko doesn’t evaluate functions like pow or fabs with constant arguments
  • reko doesn’t perform basic arithmetic operations like 1.0+1.0
  • fbstp is decompiled as a cast but the operation is more complex
  • The output of FCMOV (if (Test(LT,SLICE(SLICE(dwArg04, byte, 8), bool, 1)))) is a bit too magic for me
  • fcmovu for unordered is unfinished (seeing only P). Also fcmovnu is the same as fcmovu
  • looks like fcmovnb is decompiled as fcmovb
  • fcom uses a magic cond() function
  • additional noise in integer code in the fcom function
  • output for fcomi and ftst is incomplete
  • fist and frndint doesn’t respect rounding mode
  • wrong parameter values for fpatan
  • looping because of partial remainder looks wrong
  • leaves unused calls for fptan, fsincos, fxtract
  • wrong parameter used for fyl2x
  • modelling of the status word is incorrect/not easy to understand
12 issues on github

retdec

  • wrong modelling of f2xm1
  • doesn’t evaluate functions like pow or fabs with constant arguments
  • confusing use of float80_t for fbst
  • wrong decompilation of fbld
  • missing code for fcom and ftst
  • gets confused in fcomi, fptan and fsincos
  • fist and frndint doesn’t respect rounding mode
  • fld for 32bit floats loads wrong number
  • bad modeling of fpatan with only one parameter
  • incorrect implementation of fprem1
  • doesn’t model C2 change of fprem
  • missing memory write for 32bit fst
  • missing slot is inf for fxam
  • multiple copies of __pseudo functions for fxtract
  • superfluous calls in fxtract
  • modelling of the status word is incorrect/not easy to understand
16 issues on github

ghidra

  • displays floating point arguments to printf as hex
  • fbst is a simple assignment
  • fbld is incomplete
  • fcom and fcomi doesn’t test for unordered
  • doesn’t evaluate functions like fcos with constant arguments
  • fist and frndint doesn’t respect rounding mode
  • fld a 80bit float doesn’t work
  • fprem and fprem1 not working
  • doesn’t model that fprem updates the status word
  • fxtract,fyl2x, fyl2xp1 is just identity
  • modelling of the status word is incorrect/not easy to understand
10 issues on github and an older one

Summary

All examined decompilers model the x87 instructions to a certain degree which is probably good enough for common binaries. There are however in all decompilers x87 details which are not supported: rounding modes, handling of unordered compares and the BCD format.  

Thank you for reading and please send questions or feedback via email to holdec@kronotai.com or contact me on Twitter.

]]>
This entry was posted in decompiler and tagged , , . Bookmark the permalink.