Add additional instructions required by AES-XTS on x86

pennyannn · pennyannn · commit c51f8b36fa7f · 2025-03-28T21:23:33.000Z
diff --git a/x86/proofs/decode.ml b/x86/proofs/decode.ml
@@ -293,6 +293,14 @@ let decode_aux = new_definition `!pfxs rex l. decode_aux pfxs rex l =
       let rm = simd_of_RM sz rm in
       let dest,src = if d then rm,reg else reg,rm in
       SOME (MOVUPS dest src, l)
+    | [0x1e:8] ->
+        read_byte l >>= \(b,l).
+        (bitmatch b with
+         | [0xfa:8] ->
+           (match pfxs with
+            | (F, RepZ) -> SOME (ENDBR64,l)
+            | _ -> NONE)
+         | _ -> NONE)
     | [0b0010100:7; d] ->
       let sz = Lower_128 in
       read_ModRM rex l >>= \((reg,rm),l).
@@ -334,14 +342,14 @@ let decode_aux = new_definition `!pfxs rex l. decode_aux pfxs rex l =
         read_imm Byte l >>= \(imm8,l).
         SOME (AESKEYGENASSIST (mmreg reg sz) (simd_of_RM sz rm) imm8, l)
       | _ -> NONE)
-    | [0b11001:5; r:3] -> if has_pfxs pfxs then NONE else
-      let sz = op_size_W rex T pfxs in
-      let reg = rex_reg (rex_B rex) r in
-      SOME (BSWAP (%(gpr_adjust reg sz)),l)
     | [0x4:4; c:4] -> if has_pfxs pfxs then NONE else
       let sz = op_size T (rex_W rex) T pfxs in
       read_ModRM_operand rex sz l >>= \((reg,rm),l).
       SOME (CMOV (decode_condition c) reg rm,l)
+    | [0x57:8] -> if has_pfxs pfxs then NONE else
+      let sz = Lower_128 in
+      read_ModRM rex l >>= \((reg,rm),l).
+      SOME (XORPS (mmreg reg sz) (simd_of_RM sz rm), l)
     | [0b011:3; d; 0b1111:4] ->
       let sz = Lower_128 in
       read_ModRM rex l >>= \((reg,rm),l).
@@ -352,6 +360,20 @@ let decode_aux = new_definition `!pfxs rex l. decode_aux pfxs rex l =
       | (T, Rep0) -> SOME (MOVDQA dest src, l)
       | (F, RepZ) -> SOME (MOVDQU dest src, l)
       | _ -> NONE)
+    | [0x70:8] -> if has_unhandled_pfxs pfxs then NONE else
+      let sz = Lower_128 in
+      read_ModRM rex l >>= \((reg,rm),l).
+      read_imm Byte l >>= \(imm8,l).
+      SOME (PSHUFD (mmreg reg sz) (simd_of_RM sz rm) imm8, l)
+    | [0x72:8] -> if has_unhandled_pfxs pfxs then NONE else
+      let sz = Lower_128 in
+      (read_ModRM rex l >>= \((reg,rm),l).
+       match rm with
+       | RM_reg _ -> if (word_zx reg):(3 word) = word 0b100 then
+         (read_imm Byte l >>= \(imm8,l).
+          SOME (PSRAD (simd_of_RM sz rm) imm8, l))
+         else NONE
+       | _ -> NONE)
     | [0x8:4; c:4] -> if has_pfxs pfxs then NONE else
       read_int32 l >>= \(imm,l).
       SOME (JUMP (decode_condition c) (Imm32 imm),l)
@@ -404,14 +426,26 @@ let decode_aux = new_definition `!pfxs rex l. decode_aux pfxs rex l =
       read_ModRM rex l >>= \((reg,rm),l).
       let op = if s then MOVSX else MOVZX in
       SOME (op (%(gpr_adjust reg sz2)) (operand_of_RM sz rm),l)
-    | [0x1e:8] ->
-        read_byte l >>= \(b,l).
-        (bitmatch b with
-         | [0xfa:8] ->
-           (match pfxs with
-            | (F, RepZ) -> SOME (ENDBR64,l)
-            | _ -> NONE)
-         | _ -> NONE)
+    | [0b11001:5; r:3] -> if has_pfxs pfxs then NONE else
+      let sz = op_size_W rex T pfxs in
+      let reg = rex_reg (rex_B rex) r in
+      SOME (BSWAP (%(gpr_adjust reg sz)),l)
+    | [0xd4:8] -> if has_unhandled_pfxs pfxs then NONE else
+      let sz = Lower_128 in
+      read_ModRM rex l >>= \((reg,rm),l).
+      SOME (PADDQ (mmreg reg sz) (simd_of_RM sz rm), l)
+    | [0xdb:8] -> if has_unhandled_pfxs pfxs then NONE else
+      let sz = Lower_128 in
+      read_ModRM rex l >>= \((reg,rm),l).
+      SOME (PAND (mmreg reg sz) (simd_of_RM sz rm), l)
+    | [0xef:8] -> if has_unhandled_pfxs pfxs then NONE else
+      let sz = Lower_128 in
+      read_ModRM rex l >>= \((reg,rm),l).
+      SOME (PXOR (mmreg reg sz) (simd_of_RM sz rm), l)
+    | [0xfe:8] -> if has_unhandled_pfxs pfxs then NONE else
+      let sz = Lower_128 in
+      read_ModRM rex l >>= \((reg,rm),l).
+      SOME (PADDD (mmreg reg sz) (simd_of_RM sz rm), l)
     | _ -> NONE)
   | [0b01010:5; r:3] -> if has_pfxs pfxs then NONE else
     SOME (PUSH (%(Gpr (rex_reg (rex_B rex) r) Full_64)),l)
diff --git a/x86/proofs/instruction.ml b/x86/proofs/instruction.ml
@@ -278,8 +278,14 @@ let instruction_INDUCTION,instruction_RECURSION = define_type
    | NOP
    | NOT operand
    | OR operand operand
+   | PADDD operand operand
+   | PADDQ operand operand
+   | PAND operand operand
    | POP operand
+   | PSHUFD operand operand operand
+   | PSRAD operand operand
    | PUSH operand
+   | PXOR operand operand
    | RCL operand operand
    | RCR operand operand
    | RET
@@ -298,7 +304,8 @@ let instruction_INDUCTION,instruction_RECURSION = define_type
    | TZCNT operand operand
    | VPXOR operand operand operand
    | XCHG operand operand
-   | XOR operand operand";;
+   | XOR operand operand
+   | XORPS operand operand";;
 
 (* ------------------------------------------------------------------------- *)
 (* Some shorthands for addressing modes etc.                                 *)
diff --git a/x86/proofs/simulator.ml b/x86/proofs/simulator.ml
@@ -273,6 +273,20 @@ let iclasses = iclasses @
  [0x66; 0x0f; 0x3a; 0xdf; 0xc8; 0x01]; (*AESKEYGENASSIST (%_% xmm1) (%_% xmm0) (Imm8 (word 1)) *)
  [0x66; 0x0f; 0x3a; 0xdf; 0xf8; 0xff]; (*AESKEYGENASSIST (%_% xmm15) (%_% xmm0) (Imm8 (word 255)) *)
  [0x66; 0x0f; 0x3a; 0xdf; 0xdc; 0x19]; (*AESKEYGENASSIST (%_% xmm3) (%_% xmm12) (Imm8 (word 25)) *)
+ [0x66; 0x0f; 0x70; 0xc9; 0x55]; (*PSHUFD (%_% xmm1) (%_% xmm1) (Imm8 (word 85)) *)
+ [0x66; 0x44; 0x0f; 0x70; 0xca; 0x5f]; (*PSHUFD (%_% xmm9) (%_% xmm2) (Imm8 (word 95)) *)
+ [0x66; 0x0f; 0xef; 0xd3]; (*PXOR (%_% xmm2) (%_% xmm3) *)
+ [0x66; 0x41; 0x0f; 0xef; 0xff]; (*PXOR (%_% xmm7) (%_% xmm15) *)
+ [0x66; 0x0f; 0xdb; 0xd3]; (*PAND (%_% xmm2) (%_% xmm3) *)
+ [0x66; 0x41; 0x0f; 0xdb; 0xff]; (*PAND (%_% xmm7) (%_% xmm15) *)
+ [0x0f; 0x57; 0xd3]; (*XORPS (%_% xmm2) (%_% xmm3) *)
+ [0x41; 0x0f; 0x57; 0xff]; (*XORPS (%_% xmm7) (%_% xmm15) *)
+ [0x66; 0x0f; 0xfe; 0xd3]; (*PADDD (%_% xmm2) (%_% xmm3) *)
+ [0x66; 0x41; 0x0f; 0xfe; 0xff]; (*PADDD (%_% xmm7) (%_% xmm15) *)
+ [0x66; 0x0f; 0xd4; 0xd3]; (*PADDQ (%_% xmm2) (%_% xmm3) *)
+ [0x66; 0x41; 0x0f; 0xd4; 0xff]; (*PADDQ (%_% xmm7) (%_% xmm15) *)
+ [0x66; 0x0f; 0x72; 0xe1; 0x1f]; (*PSRAD (%_% xmm1) (Imm8 (word 31)) *)
+ [0x66; 0x41; 0x0f; 0x72; 0xe4; 0x38]; (*PSRAD (%_% xmm12) (Imm8 (word 56)) *)
 ];;
 
 (* ------------------------------------------------------------------------- *)
diff --git a/x86/proofs/x86.ml b/x86/proofs/x86.ml
@@ -979,6 +979,46 @@ let x86_OR = new_definition
          OF := F ,,
          UNDEFINED_VALUES[AF]) s`;;
 
+let x86_PADDD = new_definition
+  `x86_PADDD dest src s =
+    let x = read dest s in
+    let y = read src s in
+    let r0 = word_add
+      ((word_subword:(128 word->num#num->32 word)) x (0,32))
+      ((word_subword:(128 word->num#num->32 word)) y (0,32)) in
+    let r1 = word_add
+      ((word_subword:(128 word->num#num->32 word)) x (32,32))
+      ((word_subword:(128 word->num#num->32 word)) y (32,32)) in
+    let r2 = word_add
+      ((word_subword:(128 word->num#num->32 word)) x (64,32))
+      ((word_subword:(128 word->num#num->32 word)) y (64,32)) in
+    let r3 = word_add
+      ((word_subword:(128 word->num#num->32 word)) x (96,32))
+      ((word_subword:(128 word->num#num->32 word)) y (96,32)) in
+    let res = (word_join:(32 word->96 word->128 word)) r3
+      ((word_join:(32 word->64 word->96 word)) r2
+        ((word_join:(32 word->32 word->64 word)) r1 r0)) in
+    (dest := res) s`;;
+
+let x86_PADDQ = new_definition
+  `x86_PADDQ dest src s =
+    let x = read dest s in
+    let y = read src s in
+    let r0 = word_add
+      ((word_subword:(128 word->num#num->64 word)) x (0,64))
+      ((word_subword:(128 word->num#num->64 word)) y (0,64)) in
+    let r1 = word_add
+      ((word_subword:(128 word->num#num->64 word)) x (64,64))
+      ((word_subword:(128 word->num#num->64 word)) y (64,64)) in
+    let res = (word_join:(64 word->64 word->128 word)) r1 r0 in
+    (dest := res) s`;;
+
+let x86_PAND = new_definition
+  `x86_PAND dest src s =
+    let x = read dest s in
+    let y = read src s in
+    (dest := word_and x y) s`;;
+
 (*** Push and pop are a bit odd in several ways. First of all, there is  ***)
 (*** an implicit memory operand so this doesn't have quite the same      ***)
 (*** "shallowness": we refer to the memory component explicitly. And we  ***)
@@ -1009,6 +1049,47 @@ let x86_PUSH = new_definition
         (RSP := p' ,,
          memory :> bytes(p',n) := x) s`;;
 
+let x86_PSHUFD = new_definition
+ `x86_PSHUFD dest src imm8 s =
+    let src = read src s in
+    let od = read imm8 s in
+    let d0 = (word_subword:(128 word->num#num->32 word)) src
+      ((val ((word_subword:(byte->num#num->2 word)) od (0,2)))*32,32) in
+    let d1 = (word_subword:(128 word->num#num->32 word)) src
+      ((val ((word_subword:(byte->num#num->2 word)) od (2,2)))*32,32) in
+    let d2 = (word_subword:(128 word->num#num->32 word)) src
+      ((val ((word_subword:(byte->num#num->2 word)) od (4,2)))*32,32) in
+    let d3 = (word_subword:(128 word->num#num->32 word)) src
+      ((val ((word_subword:(byte->num#num->2 word)) od (6,2)))*32,32) in
+    let res = (word_join:(32 word->96 word->128 word)) d3
+      ((word_join:(32 word->64 word->96 word)) d2
+        ((word_join:(32 word->32 word->64 word)) d1 d0)) in
+    (dest := res) s`;;
+
+let x86_PSRAD = new_definition
+  `x86_PSRAD dest imm8 s =
+    let d = read dest s in
+    let count_src = val (read imm8 s) in
+    let count = if count_src > 31 then 32 else count_src in
+    let r0 = word_ishr
+      ((word_subword:(128 word->num#num->32 word)) d (0,32)) count in
+    let r1 = word_ishr
+      ((word_subword:(128 word->num#num->32 word)) d (32,32)) count in
+    let r2 = word_ishr
+      ((word_subword:(128 word->num#num->32 word)) d (64,32)) count in
+    let r3 = word_ishr
+      ((word_subword:(128 word->num#num->32 word)) d (96,32)) count in
+    let res = (word_join:(32 word->96 word->128 word)) r3
+      ((word_join:(32 word->64 word->96 word)) r2
+        ((word_join:(32 word->32 word->64 word)) r1 r0)) in
+    (dest := res) s`;;
+
+let x86_PXOR = new_definition
+  `x86_PXOR dest src s =
+    let x = read dest s in
+    let y = read src s in
+    (dest := word_xor x y) s`;;
+
 (*** Out of alphabetical order as PUSH is a subroutine ***)
 
 let x86_CALL = new_definition
@@ -1289,6 +1370,12 @@ let x86_XOR = new_definition
          OF := F ,,
          UNDEFINED_VALUES[AF]) s`;;
 
+let x86_XORPS = new_definition
+  `x86_XORPS dest src s =
+    let x = read src s in
+    let y = read dest s in
+    (dest := word_xor x y) s`;;
+
 (* ------------------------------------------------------------------------- *)
 (* State components of various sizes corresponding to GPRs.                  *)
 (* We also have a generic one "GPR" mapping to a number in all cases.        *)
@@ -1765,14 +1852,26 @@ let x86_execute = define
          | 32 -> x86_OR (OPERAND32 dest s) (OPERAND32 src s)
          | 16 -> x86_OR (OPERAND16 dest s) (OPERAND16 src s)
          | 8 -> x86_OR (OPERAND8 dest s) (OPERAND8 src s)) s
+    | PADDD dest src ->
+        x86_PADDD (OPERAND128_SSE dest s) (OPERAND128_SSE src s) s
+    | PADDQ dest src ->
+        x86_PADDQ (OPERAND128_SSE dest s) (OPERAND128_SSE src s) s
+    | PAND dest src ->
+        x86_PAND (OPERAND128_SSE dest s) (OPERAND128_SSE src s) s
     | POP dest ->
         (match operand_size dest with
            64 -> x86_POP (OPERAND64 dest s)
          | 16 -> x86_POP (OPERAND16 dest s)) s
+    | PSHUFD dest src imm8 ->
+        x86_PSHUFD (OPERAND128_SSE dest s) (OPERAND128_SSE src s) (OPERAND8 imm8 s) s
+    | PSRAD dest imm8 ->
+        x86_PSRAD (OPERAND128_SSE dest s) (OPERAND8 imm8 s) s
     | PUSH src ->
         (match operand_size src with
            64 -> x86_PUSH (OPERAND64 src s)
          | 16 -> x86_PUSH (OPERAND16 src s)) s
+    | PXOR dest src ->
+        x86_PXOR (OPERAND128_SSE dest s) (OPERAND128_SSE src s) s
     | RCL dest src ->
         (match operand_size dest with
            64 -> x86_RCL (OPERAND64 dest s)
@@ -1910,6 +2009,8 @@ let x86_execute = define
          | 32 -> x86_XOR (OPERAND32 dest s) (OPERAND32 src s)
          | 16 -> x86_XOR (OPERAND16 dest s) (OPERAND16 src s)
          | 8 -> x86_XOR (OPERAND8 dest s) (OPERAND8 src s)) s
+    | XORPS dest src ->
+         x86_XORPS (OPERAND128_SSE dest s) (OPERAND128_SSE src s) s
     | _ -> (\s'. F)`;;
 
 (* ------------------------------------------------------------------------- *)
@@ -2610,9 +2711,11 @@ let X86_OPERATION_CLAUSES =
     x86_DIV2; x86_ENDBR64; x86_IMUL; x86_IMUL2; x86_IMUL3; x86_INC; x86_LEA; x86_LZCNT;
     x86_MOV; x86_MOVAPS; x86_MOVDQA; x86_MOVDQU; x86_MOVSX; x86_MOVUPS; x86_MOVZX;
     x86_MUL2; x86_MULX4; x86_NEG; x86_NOP; x86_NOT; x86_OR;
-    x86_POP_ALT; x86_PUSH_ALT; x86_RCL; x86_RCR; x86_RET; x86_ROL; x86_ROR;
+    x86_PADDD; x86_PADDQ; x86_PAND; x86_POP_ALT; x86_PSHUFD; x86_PSRAD;
+    x86_PUSH_ALT; x86_PXOR;
+    x86_RCL; x86_RCR; x86_RET; x86_ROL; x86_ROR;
     x86_SAR; x86_SBB_ALT; x86_SET; x86_SHL; x86_SHLD; x86_SHR; x86_SHRD;
-    x86_STC; x86_SUB_ALT; x86_TEST; x86_TZCNT; x86_XCHG; x86_XOR;
+    x86_STC; x86_SUB_ALT; x86_TEST; x86_TZCNT; x86_XCHG; x86_XOR; x86_XORPS;
     (*** AVX2 instructions ***)
     x86_VPXOR;
     (*** 32-bit backups since the ALT forms are 64-bit only ***)
