metasm 1.0.0 → 1.0.5

data/metasm/cpu/st20/main.rb

@@ -0,0 +1,37 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+
+
+require 'metasm/main'
+
+module Metasm
+class ST20 < CPU
+	def initialize(size=32)
+		super()
+		@endianness = :little
+		@size = size
+		init_opcodes
+	end
+
+	def register_symbols
+		[:a, :b, :c]
+	end
+
+	def render_instruction(i)
+		r = []
+		r << i.opname
+		if not i.args.empty?
+			r << ' '
+			i.args.each { |a_| r << a_ << ', ' }
+			r.pop
+		end
+		r
+	end
+end
+
+class TransPuter < ST20
+end
+end
+

data/metasm/cpu/st20/opcodes.rb

@@ -0,0 +1,140 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+
+require 'metasm/cpu/st20/main'
+
+module Metasm
+
+class ST20
+	def init_opcodes
+		@op_function = op_get_function
+		@op_operate = op_get_operate
+		@opcode_list = @op_function.sort.map { |b, n|
+			op = Opcode.new(n, b)
+			op.props[:setip] = true if n == 'cj'
+			op.props[:setip] = op.props[:stopexec] = true if n == 'j'
+			op.props[:setip] = op.props[:stopexec] = op.props[:saveip] = true if n == 'fcall'
+			op
+		}
+		@opc_operate = {}
+		op = Opcode.new('ret', 0)
+		op.props[:setip] = op.props[:stopexec] = true
+		@opc_operate['ret'] = op
+	end
+
+	def op_get_function
+		{
+			0x00 => 'j',   0x10 => 'ldlp',  0x20 => 'pfix', 0x30 => 'ldnl',
+			0x40 => 'ldc', 0x50 => 'ldnlp', 0x60 => 'nfix', 0x70 => 'ldl',
+			0x80 => 'adc', 0x90 => 'fcall', 0xa0 => 'cj',   0xb0 => 'ajw',
+			0xc0 => 'eqc', 0xd0 => 'stl',   0xe0 => 'stnl', 0xf0 => 'opr'
+		}
+	end
+
+	def op_get_operate
+		{
+			0x00 => 'rev', 0x01 => 'dup', 0x02 => 'rot',       0x03 => 'arot',
+			0x04 => 'add', 0x05 => 'sub', 0x06 => 'mul',       0x07 => 'wsub',
+			0x08 => 'not', 0x09 => 'and', 0x0A => 'or',        0x0B => 'shl',
+			0x0C => 'shr', 0x0D => 'jab', 0x0E => 'timeslice', 0x0F => 'breakpoint',
+			0x10 => 'addc',    0x11 => 'subc',     0x12 => 'mac',      0x13 => 'umac',
+			0x14 => 'smul',    0x15 => 'smacinit', 0x16 => 'smacloop', 0x17 => 'biquad',
+			0x18 => 'divstep', 0x19 => 'unsign',   0x1A => 'saturate', 0x1B => 'gt',
+			0x1C => 'gtu',     0x1D => 'order',    0x1E => 'orderu',   0x1F => 'ashr',
+			0x20 => 'xor',       0x21 => 'xbword',  0x22 => 'xsword',    0x23 => 'bitld',
+			0x24 => 'bitst',     0x25 => 'bitmask', 0x26 => 'statusset', 0x27 => 'statusclr',
+			0x28 => 'statustst', 0x29 => 'rmw',     0x2A => 'lbinc',     0x2B => 'sbinc',
+			0x2C => 'lsinc',     0x2D => 'lsxinc',  0x2E => 'ssinc',     0x2F => 'lwinc',
+			0x30 => 'swinc',    0x31 => 'ecall',   0x32 => 'eret',   0x33 => 'run',
+			0x34 => 'stop',     0x35 => 'signal',  0x36 => 'wait',   0x37 => 'enqueue',
+			0x38 => 'dequeue',  0x39 => 'ldtdesc', 0x3A => 'ldpi',   0x3B => 'gajw',
+			0x3C => 'ldprodid', 0x3D => 'io',      0x3E => 'swap32', 0x3F => 'nop',
+		}
+	end
+end
+
+class TransPuter
+	def op_get_operate
+		{
+			0x00 => 'rev',  0x01 => 'lb',     0x02 => 'bsub',    0x03 => 'endp',
+			0x04 => 'diff', 0x05 => 'add',    0x06 => 'gcall',   0x07 => 'in',
+			0x08 => 'prod', 0x09 => 'gt',     0x0a => 'wsub',    0x0b => 'out',
+			0x0c => 'sub',  0x0d => 'startp', 0x0e => 'outbyte', 0x0f => 'outword',
+			0x10 => 'seterr',  0x11 => 'mreleasep', 0x12 => 'resetch', 0x13 => 'csub0',
+			0x14 => 'extvrfy', 0x15 => 'stopp',     0x16 => 'ladd',    0x17 => 'stlb',
+			0x18 => 'sthf',    0x19 => 'norm',      0x1a => 'ldiv',    0x1b => 'ldpi',
+			0x1c => 'stlf',    0x1d => 'xdble',     0x1e => 'ldpri',   0x1f => 'rem',
+			0x20 => 'ret',     0x21 => 'lend',         0x22 => 'ldtimer',    0x23 => 'testlds',
+			0x24 => 'testlde', 0x25 => 'testldd',      0x26 => 'teststs',    0x27 => 'testste',
+			0x28 => 'teststd', 0x29 => 'testerr',      0x2a => 'testpranal', 0x2b => 'tin',
+			0x2c => 'div',     0x2d => 'testhardchan', 0x2e => 'dist',       0x2f => 'disc',
+			0x30 => 'diss', 0x31 => 'lmul',  0x32 => 'not',   0x33 => 'xor',
+			0x34 => 'bcnt', 0x35 => 'lshr',  0x36 => 'lshl',  0x37 => 'lsum',
+			0x38 => 'lsub', 0x39 => 'runp',  0x3a => 'xword', 0x3b => 'sb',
+			0x3c => 'gajw', 0x3d => 'savel', 0x3e => 'saveh', 0x3f => 'wcnt',
+			0x40 => 'shr',   0x41 => 'shl',    0x42 => 'mint', 0x43 => 'alt',
+			0x44 => 'altwt', 0x45 => 'altend', 0x46 => 'and',  0x47 => 'enbt',
+			0x48 => 'enbc',  0x49 => 'enbs',   0x4a => 'move', 0x4b => 'or',
+			0x4c => 'csngl', 0x4d => 'ccnt1',  0x4e => 'talt', 0x4f => 'ldiff',
+			0x50 => 'sthb',       0x51 => 'taltwt',        0x52 => 'sum',        0x53 => 'mul',
+			0x54 => 'sttimer',    0x55 => 'stoperr',       0x56 => 'cword',      0x57 => 'clrhalterr',
+			0x58 => 'sethalterr', 0x59 => 'testhalterr',   0x5a => 'dup',        0x5b => 'move2dinit',
+			0x5c => 'move2dall',  0x5d => 'move2dnonzero', 0x5e => 'move2dzero', 0x5f => 'gtu',
+			0x60 => 'extin',      0x61 => 'extout',  0x62 => 'minn',     0x63 => 'unpacksn',
+			0x64 => 'moutn',      0x65 => 'xminn',   0x66 => 'extenbc',  0x67 => 'extndisc',
+			0x68 => 'extmin',     0x69 => 'extmout', 0x6a => 'extmin64', 0x6b => 'extmout64',
+			0x6c => 'postnormsn', 0x6d => 'roundsn', 0x6e => 'extminn',  0x6f => 'extmoutn',
+			0x70 => 'enbc3',        0x71 => 'ldinf',        0x72 => 'fmul',          0x73 => 'cflerr',
+			0x74 => 'crcword',      0x75 => 'crcbyte',      0x76 => 'bitcnt',        0x77 => 'bitrevword',
+			0x78 => 'bitrevnbits',  0x79 => 'pop',          0x7a => 'timerdisableh', 0x7b => 'timerdisablel',
+			0x7c => 'timerenableh', 0x7d => 'timerenablel', 0x7e => 'ldmemstartval', 
+			0x80 => 'fpsttest', 0x81 => 'wsubdb',   0x82 => 'fpldnldbi', 0x83 => 'fpchkerr',
+			0x84 => 'fpstnldb', 0x85 => 'fpldtest', 0x86 => 'fpldnlsni', 0x87 => 'fpadd',
+			0x88 => 'fpstnlsn', 0x89 => 'fpsub',    0x8a => 'fpldnldb',  0x8b => 'fpmul',
+			0x8c => 'fpdiv',    0x8d => 'fprange',  0x8e => 'fpldnlsn',  0x8f => 'fpremfirst',
+			0x90 => 'fpremstep',  0x91 => 'fpnan',    0x92 => 'fpordered',  0x93 => 'fpnotfinite',
+			0x94 => 'fpgt',       0x95 => 'fpeq',     0x96 => 'fpi32tor32', 0x97 => 'fpge',
+			0x98 => 'fpi32tor64', 0x99 => 'enbt3',    0x9a => 'fpb32tor64', 0x9b => 'fplg',
+			0x9c => 'fptesterr',  0x9d => 'fprtoi32', 0x9e => 'fpstnli32',  0x9f => 'fpldzerosn',
+			0xa0 => 'fpldzerodb',  0xa1 => 'fpint',    0xa2 => 'getpri',      0xa3 => 'fpdup',
+			0xa4 => 'fprev',       0xa5 => 'setpri',   0xa6 => 'fpldnladddb', 0xa7 => 'fpentry3',
+			0xa8 => 'fpldnlmuldb', 0xa9 => 'fpentry2', 0xaa => 'fpldnladdsn', 0xab => 'fpentry',
+			0xac => 'fpldnlmulsn', 0xad => 'enbs3', 
+			0xb0 => 'settimeslice', 0xb1 => 'break',   0xb2 => 'clrj0break', 0xb3 => 'setj0break',
+			0xb4 => 'testj0break',                     0xb6 => 'ldflags',    0xb7 => 'stflags',
+			0xb8 => 'xbword',       0xb9 => 'lbx',     0xba => 'cb',         0xbb => 'cbu',
+			0xbc => 'insphdr',      0xbd => 'readbfr', 0xbe => 'ldconf',     0xbf => 'stconf',
+			0xc0 => 'ldcnt',  0xc1 => 'ssub',     0xc2 => 'ldth',      0xc3 => 'ldchstatus',
+			0xc4 => 'intdis', 0xc5 => 'intenb',   0xc6 => 'ldtrapped', 0xc7 => 'cir',
+			0xc8 => 'ss',     0xc9 => 'chantype', 0xca => 'ls',        0xcb => 'sttrapped',
+			0xcc => 'ciru',   0xcd => 'gintdis',  0xce => 'gintenb',   0xcf => 'fprem',
+			0xd0 => 'fprn',       0xd1 => 'fpdivby2',   0xd2 => 'fpmulby2',   0xd3 => 'fpsqrt',
+			0xd4 => 'fprp',       0xd5 => 'fprm',       0xd6 => 'fprz',       0xd7 => 'fpr32tor64',
+			0xd8 => 'fpr64tor32', 0xd9 => 'fpexpdec32', 0xda => 'fpexpinc32', 0xdb => 'fpabs',
+			                      0xdd => 'fpadddbsn',  0xde => 'fpchki32',   0xdf => 'fpchki64',
+			0xe0 => 'mnew',  0xe1 => 'mfree', 0xe2 => 'malloc', 0xe3 => 'mrelease',
+			0xe4 => 'min',   0xe5 => 'mout',  0xe6 => 'min64',  0xe7 => 'mout64',
+			0xe8 => 'xable', 0xe9 => 'xin',   0xea => 'xmin',   0xeb => 'xmin64',
+			0xec => 'xend',  0xed => 'ndisc', 0xee => 'ndist',  0xef => 'ndiss',
+			0xf0 => 'devlb', 0xf1 => 'devsb', 0xf2 => 'devls',  0xf3 => 'devss',
+			0xf4 => 'devlw', 0xf5 => 'devsw', 0xf8 => 'xsword', 0xf9 => 'lsx',
+			0xfa => 'cs',    0xfb => 'csu',   0xfc => 'trap',   0xfd => 'null',
+			0x1ff => 'start',
+			0x17c => 'lddevid',
+			0x200 => 'in8', 0x201 => 'in32', 0x202 => 'out8', 0x203 => 'out32',
+			0x204 => 'xstl',
+			0x22f => 'proc_alloc',
+			0x230 => 'proc_param', 0x231 => 'proc_mt_copy', 0x232 => 'proc_mt_move', 0x233 => 'proc_start',
+			0x234 => 'proc_end',   0x235 => 'getaff',       0x236 => 'setaff',       0x237 => 'getpas',
+			0x238 => 'mt_alloc',   0x239 => 'mt_release',   0x23a => 'mt_clone',     0x23b => 'mt_in',
+			0x23c => 'mt_out',     0x23d => 'mt_xchg',      0x23e => 'mt_lock',      0x23f => 'mt_unlock',
+			0x240 => 'mt_enroll',  0x241 => 'mt_resign', 0x242 => 'mt_sync',   0x243 => 'mt_xin',
+			0x244 => 'mt_xout',    0x245 => 'mt_xxchg',  0x246 => 'mt_dclone', 0x247 => 'mt_bind',
+			0x248 => 'mb',         0x249 => 'rmb',       0x24a => 'wmb',       0x24b => 'ext_mt_in',
+			0x24c => 'ext_mt_out', 0x24d => 'mt_resize',
+		}
+	end
+end
+end

data/{lib/metasm/arm.rb → metasm/cpu/webasm.rb}

@@ -5,8 +5,7 @@
 
 
 require 'metasm/main'
-require 'metasm/arm/parse'
-require 'metasm/arm/encode'
-require 'metasm/arm/decode'
-require 'metasm/arm/render'
-require 'metasm/arm/debug'
+require 'metasm/cpu/webasm/decode'
+require 'metasm/cpu/webasm/encode'
+require 'metasm/cpu/webasm/decompile'
+require 'metasm/cpu/webasm/debug'

data/metasm/cpu/webasm/debug.rb

@@ -0,0 +1,31 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+
+
+require 'metasm/cpu/webasm/opcodes'
+
+module Metasm
+class WebAsm
+	def dbg_register_list
+		@dbg_register_list ||= [:pc, :opstack, :mem, :local_base]
+	end
+
+	def dbg_resolve_pc(di, fbd, pc_reg, dbg_ctx)
+		case di.opcode.name
+		when 'br_if', 'if'
+			if dbg_ctx.resolve(Indirection[:opstack, 8]) != 0
+				fbd[pc_reg] = (di.opcode.name == 'if' ? di.next_addr : di.misc[:x])
+			else
+				fbd[pc_reg] = (di.opcode.name == 'if' ? di.misc[:x] : di.next_addr)
+			end
+		else return super(di, fbd, pc_reg, dbg_ctx)
+		end
+	end
+
+	def dbg_end_stepout(dbg, addr, di)
+		di and di.opcode.props[:stopexec] and (di.opcode.name == 'return' or di.opcode.name == 'end')
+	end
+end
+end

data/metasm/cpu/webasm/decode.rb

@@ -0,0 +1,321 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2010 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+
+require 'metasm/cpu/webasm/opcodes'
+require 'metasm/decode'
+
+module Metasm
+class WebAsm
+	def build_bin_lookaside
+		lookaside = (0..0xff).inject({}) { |h, i| h.update i => [] }
+		opcode_list.each { |op|
+			lookaside[op.bin] << op
+		}
+		lookaside
+	end
+
+	def decode_uleb(ed, signed=false)
+		v = s = 0
+		while s < 10*7
+			b = ed.read(1).unpack('C').first.to_i
+			v |= (b & 0x7f) << s
+			s += 7
+			break if (b&0x80) == 0
+		end
+		v = Expression.make_signed(v, s) if signed
+		v
+	end
+
+	# when starting disassembly, pre-decode all instructions until the final 'end' and fixup the xrefs (if/block/loop...)
+	def disassemble_init_context(dasm, addr)
+		dasm.misc ||= {}
+		dasm.misc[:cpu_context] ||= {}
+		cache = dasm.misc[:cpu_context][:di_cache] ||= {}
+		addr = dasm.normalize(addr)
+		return dasm.misc[:cpu_context] if cache[addr]
+
+		code_start = addr
+		stack = [[]]
+		set_misc_x = lambda { |di, tg| di.misc[:x] ||= [] ; di.misc[:x] |= [tg] }
+		while di = dasm.disassemble_instruction(addr)
+			cache[addr] = di
+			di.misc ||= {}
+			di.misc[:code_start] = code_start
+			case di.opcode.name
+			when 'if', 'loop', 'block'
+				stack << [di]
+			when 'else'
+				raise "bad #{di} #{stack.last.inspect}" if stack.last.empty? or stack.last.last.opcode.name != 'if'
+				stack.last.each { |ddi| set_misc_x[ddi, di.next_addr] }	# 'if' points past here
+				di.misc[:end_of] = stack.last[0]	# store matching 'if'
+				stack.last[0] = di	# 'else' replace 'if'
+			when 'br', 'br_if', 'br_table'
+				if di.opcode.name == 'br_table'
+					depths = di.instruction.args.first.ary.uniq | [di.instruction.args.first.default]
+				else
+					depths = [di.instruction.args.first.reduce]
+				end
+				depths.each { |depth|
+					tg = stack[-depth-1] # XXX skip if/else in the stack ?
+					raise "bad #{di} (#{stack.length})" if not tg
+					if tg.first and tg.first.opcode.name == 'loop'
+						set_misc_x[di, tg.first.address]
+					else
+						tg << di
+					end
+				}
+			when 'end'
+				dis = stack.pop
+				dis.each { |ddi| set_misc_x[ddi, di.next_addr] if ddi.opcode.name != 'loop' and ddi.opcode.name != 'block' }
+				if stack.empty?
+					# stack empty: end of func
+					di.opcode = @opcode_list.find { |op| op.name == 'end' and op.props[:stopexec] }
+					break
+				else
+					if dis.first
+						di.misc[:end_of] = dis.first	# store matching loop/block/if
+						if dis.first.opcode.name == 'else'
+							di.misc[:end_of] = dis.first.misc[:end_of]	# else patched stack.last, recover original 'if'
+						end
+					end
+					di.opcode = @opcode_list.find { |op| op.name == 'end' and not op.props[:stopexec] }
+				end
+			end
+			addr = di.next_addr
+		end
+
+		dasm.misc[:cpu_context]
+	end
+
+	# reuse the instructions from the cache
+	def decode_instruction_context(dasm, edata, di_addr, ctx)
+		ctx ||= disassemble_init_context(dasm, di_addr)
+		if not ctx[:di_cache][di_addr]
+			di_addr = dasm.normalize(di_addr)
+			disassemble_init_context(dasm, di_addr)
+		end
+		ctx[:di_cache][di_addr]
+	end
+
+	def decode_findopcode(edata)
+		di = DecodedInstruction.new(self)
+		val = edata.decode_imm(:u8, @endianness)
+		di if di.opcode = bin_lookaside[val].first
+	end
+
+	def decode_instr_op(edata, di)
+		before_ptr = edata.ptr
+		op = di.opcode
+		di.instruction.opname = op.name
+
+		op.args.each { |a|
+			di.instruction.args << case a
+			when :f32; Expression[edata.decode_imm(:u32, @endianness)]
+			when :f64; Expression[edata.decode_imm(:u64, @endianness)]
+			when :memoff; Memref.new(decode_uleb(edata))
+			when :uleb; Expression[decode_uleb(edata)]
+			when :sleb; Expression[decode_uleb(edata, true)]
+			when :blocksig; BlockSignature.new(decode_uleb(edata, true))
+			when :br_table; decode_br_table(edata)
+			else raise SyntaxError, "Internal error: invalid argument #{a} in #{op.name}"
+			end
+		}
+
+		di.bin_length = 1 + edata.ptr - before_ptr
+		di
+	end
+
+	def decode_instr_interpret(di, addr)
+		case di.opcode.name
+		when 'call'
+			fnr = di.instruction.args.first.reduce
+			di.misc ||= {}
+			di.misc[:tg_func_nr] = fnr
+			if f = @wasm_file.get_function_nr(fnr)
+				tg = f[:init_offset] ? f[:init_offset] : "#{f[:module]}_#{f[:field]}"
+				di.instruction.args[0] = Expression[tg]
+				di.misc[:x] = [tg]
+			else
+				di.misc[:x] = [:default]
+			end
+		when 'call_indirect'
+			di.misc ||= {}
+			di.misc[:x] = [:default]
+		end
+		di
+	end
+
+	def decode_br_table(edata)
+		count = decode_uleb(edata)
+		ary = []
+		count.times { ary << decode_uleb(edata) }
+		default = decode_uleb(edata)
+		BrTable.new(ary, default)
+	end
+
+	def init_backtrace_binding
+		@backtrace_binding ||= {}
+
+		typesz = Hash.new(8).update 'i32' => 4, 'f32' => 4
+		opstack = lambda { |off, sz| Indirection[Expression[:opstack, :+, off].reduce, sz] }
+		add_opstack = lambda { |delta, hash| { :opstack => Expression[:opstack, :+, delta].reduce }.update hash }
+		globsz = lambda { |di|
+			glob_nr = Expression[di.instruction.args.first].reduce
+			g = @wasm_file.get_global_nr(glob_nr)
+			g ? typesz[g[:type]] : 8
+		}
+		global = lambda { |di|
+			glob_nr = Expression[di.instruction.args.first].reduce
+			g = @wasm_file.get_global_nr(glob_nr)
+			n = g && g[:module] ? "#{g[:module]}_#{g[:field]}" : "global_#{glob_nr}"
+			Indirection[n, globsz[di]]
+		}
+		locsz = lambda { |di|
+			loc_nr = Expression[di.instruction.args.first].reduce
+			ci = @wasm_file.code_info[di.misc[:code_start]]
+			next typesz[ci[:params][loc_nr]] if loc_nr < ci[:params].length
+			loc_nr -= ci[:params].length
+			next typesz[ci[:local_var][loc_nr]] if ci[:local_var][loc_nr]
+			8
+		}
+		local = lambda { |di|
+			loc_nr = Expression[di.instruction.args.first].reduce
+			Indirection[[:local_base, :+, loc_nr*8], locsz[di]]
+		}
+
+		opcode_list.map { |ol| ol.name }.uniq.each { |opname|
+			sz = (opname[1, 2] == '32' ? 4 : 8)
+			@backtrace_binding[opname] ||= case opname
+			when 'call', 'call_indirect'
+				lambda { |di|
+					stack_off = 0
+					if opname == 'call'
+						f = @wasm_file.get_function_nr(di.misc[:tg_func_nr])
+						proto = f ? f[:type] : {}
+						# TODO use local_base
+						h = { :callstack => Expression[:callstack, :+, 8], Indirection[:callstack, 8] => Expression[di.next_addr] }
+						proto_params_offset = 0
+					else
+						proto = @wasm_file.type[di.instruction.args.first.reduce]
+						h = { :callstack => Expression[:callstack, :+, 8], Indirection[:callstack, 8] => Expression[di.next_addr], 'func_idx' => Expression[opstack[0, 4]] }
+						stack_off += 8
+						proto_params_offset = 1
+					end
+					stack_off -= 8*proto[:ret].to_a.length
+					stack_off += 8*proto[:params].to_a.length
+					h.update :opstack => Expression[:opstack, :+, stack_off]
+					proto[:ret].to_a.each_with_index { |rt, i| h.update opstack[8*i, typesz[rt]] => Expression["ret_#{i}"] }
+					proto[:params].to_a.each_with_index { |pt, i| h.update "param_#{i}" => Expression[opstack[8*(proto[:params].length-i-1+proto_params_offset), typesz[pt]]] }
+					h
+				}
+			when 'if', 'br_if'; lambda { |di| add_opstack[ 8, :flag => Expression[opstack[0, 8]]] }
+			when 'block', 'loop', 'br', 'nop', 'else'; lambda { |di| {} }
+			when 'end', 'return'; lambda { |di| di.opcode.props[:stopexec] ? { :callstack => Expression[:callstack, :-, 8] } : {} }
+			when 'drop'; lambda { |di| add_opstack[8, {}] }
+			when 'select'; lambda { |di| add_opstack[16, opstack[0, 8] => Expression[[opstack[8, 8], :*, [1, :-, opstack[0, 8]]], :|, [opstack[16, 8], :*, opstack[0, 8]]]] }
+			when 'get_local'; lambda { |di| add_opstack[-8, opstack[0, locsz[di]] => Expression[local[di]]] }
+			when 'set_local'; lambda { |di| add_opstack[ 8, local[di] => Expression[opstack[0, locsz[di]]]] }
+			when 'tee_local'; lambda { |di| add_opstack[ 0, local[di] => Expression[opstack[0, locsz[di]]]] }
+			when 'get_global'; lambda { |di| add_opstack[-8, opstack[0, globsz[di]] => Expression[global[di]]] }
+			when 'set_global'; lambda { |di| add_opstack[ 8, global[di] => Expression[opstack[0, globsz[di]]]] }
+			when /\.load(.*)/
+				mode = $1; memsz = (mode.include?('32') ? 4 : mode.include?('16') ? 2 : mode.include?('8') ? 1 : sz)
+				lambda { |di| add_opstack[ 0, opstack[0, sz] => Expression[Indirection[[opstack[0, 4], :+, [:mem, :+, di.instruction.args[1].off]], memsz]]] }
+			when /\.store(.*)/
+				mode = $1; memsz = (mode.include?('32') ? 4 : mode.include?('16') ? 2 : mode.include?('8') ? 1 : sz)
+				lambda { |di| add_opstack[ 16, Indirection[[opstack[8, 4], :+, [:mem, :+, di.instruction.args[1].off]], memsz] => Expression[opstack[0, sz], :&, (1 << (8*memsz)) - 1]] }
+			when /\.const/; lambda { |di| add_opstack[-8, opstack[0, sz] => Expression[di.instruction.args.first.reduce]] }
+			when /\.eqz/; lambda { |di| add_opstack[ 0, opstack[0, 8] => Expression[opstack[0, sz], :==, 0]] }
+			when /\.eq/;  lambda { |di| add_opstack[ 8, opstack[0, 8] => Expression[opstack[8, sz], :==, opstack[0, sz]]] }
+			when /\.ne/;  lambda { |di| add_opstack[ 8, opstack[0, 8] => Expression[opstack[8, sz], :!=, opstack[0, sz]]] }
+			when /\.lt/;  lambda { |di| add_opstack[ 8, opstack[0, 8] => Expression[opstack[8, sz], :<,  opstack[0, sz]]] }
+			when /\.gt/;  lambda { |di| add_opstack[ 8, opstack[0, 8] => Expression[opstack[8, sz], :>,  opstack[0, sz]]] }
+			when /\.le/;  lambda { |di| add_opstack[ 8, opstack[0, 8] => Expression[opstack[8, sz], :<=, opstack[0, sz]]] }
+			when /\.ge/;  lambda { |di| add_opstack[ 8, opstack[0, 8] => Expression[opstack[8, sz], :>=, opstack[0, sz]]] }
+
+			when /\.(clz|ctz|popcnt)/; lambda { |di| add_opstack[ 0, :bits => Expression[opstack[0, sz]]] }
+			when /\.add/; lambda { |di| add_opstack[ 8, opstack[0, sz] => Expression[opstack[8, sz], :+, opstack[0, sz]]] }
+			when /\.sub/; lambda { |di| add_opstack[ 8, opstack[0, sz] => Expression[opstack[8, sz], :-, opstack[0, sz]]] }
+			when /\.mul/; lambda { |di| add_opstack[ 8, opstack[0, sz] => Expression[opstack[8, sz], :*, opstack[0, sz]]] }
+			when /\.div/; lambda { |di| add_opstack[ 8, opstack[0, sz] => Expression[opstack[8, sz], :/, opstack[0, sz]]] }
+			when /\.rem/; lambda { |di| add_opstack[ 8, opstack[0, sz] => Expression[opstack[8, sz], :%, opstack[0, sz]]] }
+			when /\.and/; lambda { |di| add_opstack[ 8, opstack[0, sz] => Expression[opstack[8, sz], :&, opstack[0, sz]]] }
+			when /\.or/;  lambda { |di| add_opstack[ 8, opstack[0, sz] => Expression[opstack[8, sz], :|, opstack[0, sz]]] }
+			when /\.xor/; lambda { |di| add_opstack[ 8, opstack[0, sz] => Expression[opstack[8, sz], :^, opstack[0, sz]]] }
+			when /\.shl/; lambda { |di| add_opstack[ 8, opstack[0, sz] => Expression[opstack[8, sz], :<<, opstack[0, sz]]] }
+			when /\.shr/; lambda { |di| add_opstack[ 8, opstack[0, sz] => Expression[opstack[8, sz], :>>, opstack[0, sz]]] }
+			when /\.rotl/; lambda { |di| add_opstack[ 8, opstack[0, sz] => Expression[[opstack[8, sz], :<<, opstack[0, sz]], :|, [opstack[8, sz], :>>, [8*sz, :-, opstack[0, sz]]]]] }
+			when /\.rotr/; lambda { |di| add_opstack[ 8, opstack[0, sz] => Expression[[opstack[8, sz], :>>, opstack[0, sz]], :|, [opstack[8, sz], :<<, [8*sz, :-, opstack[0, sz]]]]] }
+			when /f.*\.(abs|neg|ceil|floor|trunc|nearest|sqrt|copysign)/; lambda { |di| add_opstack[0, :incomplete_binding => 1] }
+			when /f.*\.(min|max)/; lambda { |di| add_opstack[8, :incomplete_binding => 1] }
+			when /i32.wrap/; lambda { |di| add_opstack[ 0, opstack[0, 4] => Expression[opstack[0, 8]]] }
+			when /i64.extend/; lambda { |di| add_opstack[ 0, opstack[0, 8] => Expression[opstack[0, 4]]] }
+			when /trunc|convert|promote|demote|reinterpret/; lambda { |di| add_opstack[0, :incomplete_binding => 1] }
+			end
+		}
+
+		@backtrace_binding
+	end
+
+	def get_backtrace_binding(di)
+		if binding = backtrace_binding[di.opcode.name]
+			binding[di] || {}
+		else
+			puts "unhandled instruction to backtrace: #{di}" if $VERBOSE
+			{:incomplete_binding => Expression[1]}
+		end
+	end
+
+	def fix_fwdemu_binding(di, fbd)
+		ori = fbd
+		fbd = {}
+		ori.each { |k, v|
+			if k.kind_of?(Indirection) and not k.target.lexpr.kind_of?(Indirection)
+				# dont fixup store8 etc
+				fbd[k.bind(:opstack => ori[:opstack]).reduce_rec] = v
+			else
+				fbd[k] = v
+			end
+		}
+		fbd
+	end
+
+	def get_xrefs_x(dasm, di)
+		if di.opcode.props[:stopexec]
+			case di.opcode.name
+			when 'return', 'end'
+				return [Indirection[:callstack, 8]]
+			end
+		end
+		return [] if not di.opcode.props[:setip]
+
+		di.misc ? [di.misc[:x]].flatten : []
+	end
+
+	def backtrace_is_function_return(expr, di=nil)
+		expr and Expression[expr] == Expression[Indirection[:callstack, 8]]
+	end
+
+	def disassembler_default_func
+		df = DecodedFunction.new
+		ra = Indirection[:callstack, 8]
+		df.backtracked_for << BacktraceTrace.new(ra, :default, ra, :x, nil)
+		df.backtrace_binding = { :callstack => Expression[:callstack, :-, 8] }
+		df
+	end
+
+	def backtrace_update_function_binding(dasm, faddr, f, retaddrlist, *wantregs)
+		f.backtrace_binding = { :callstack => Expression[:callstack, :-, 8] }
+	end
+
+	def backtrace_is_stack_address(expr)
+		([:local_base, :opstack] & Expression[expr].expr_externals).first
+	end
+
+	def decode_c_function_prototype(cp, sym, orig=nil)
+		disassembler_default_func
+	end
+end
+end