You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: docs/FAQ.md
+8-7
Original file line number
Diff line number
Diff line change
@@ -9,10 +9,10 @@ Optimize your program with less instrumentation, e.g. by using `UC_HOOK_BLOCK` i
9
9
10
10
## Why do I get a wrong PC after emulation stops?
11
11
12
-
Updating PC is a very large overhead (10x slower in the worst case, see FAQ above) for emulation so the PC sync guarantee is explained below:
12
+
Updating PC is a very large overhead (10x slower in the worst case, see FAQ above) for emulation so the PC sync guarantee is explained below in several cases:
13
13
14
-
- A `UC_HOOK_CODE` is installed. In this case, the PC is sync-ed _everywhere_ within the effective range of the hook. However, on some architectures, the PC might by sync-ed all the time if the hook is installed.
15
-
- A `UC_HOOK_MEM_READ` or `UC_HOOK_MEM_WRITE` is installed. In this case, the PC is sync-ed exactly before any read/write events within the effective range of the hook.
14
+
- A `UC_HOOK_CODE`hook is installed. In this case, the PC is sync-ed _everywhere_ within the effective range of the hook. However, on some architectures, the PC might by sync-ed all the time if the hook is installed in any range. Note using `count` in `uc_emu_start` implies installing a `UC_HOOK_CODE` hook.
15
+
- A `UC_HOOK_MEM_READ` or `UC_HOOK_MEM_WRITE`hook is installed. In this case, the PC is sync-ed exactly before any read/write events within the effective range of the hook.
16
16
- Emulation (`uc_emu_start`) terminates without any exception. In this case, the PC will point to the next instruction.
17
17
- No hook mentioned above is installed and emulation terminates with exceptions. In this case, the PC is sync-ed at the basic block boundary, in other words, the first instruction of the basic block where the exception happens.
18
18
@@ -44,12 +44,13 @@ Currently, only a small subset of the instructions can be instrumented.
44
44
45
45
On x86, all available instructions are: `in``out``syscall``sysenter``cpuid`.
46
46
47
-
## Emulating some instructions gives an error, what should I do?
47
+
## Emulating some instructions gives an error like "Invalid Instruction", what should I do?
48
48
49
49
1. Some instructions are not enabled by default on some architectures. For example, you have to setup CSR on RISC-V or VFP on ARM before emulating floating-point instructions. Refer to the corresponding manual to check if you leave out possible switches in special registers.
50
-
2. If you are on ARM, please check whether you are emulating a THUMB instruction. If so, please use `UC_MODE_THUMB` and make sure the starting address is odd.
51
-
3. If either is not the case, it might be some newer instruction sets that qemu5 doesn’t support.
52
-
4. Note some instruction sets are not implemented by QEMU.
50
+
2. Different CPU models support different sets of instructions. This is especially observed on ARM CPUs. For example, for `THUMB2` big-endian instructions, consider setting CPU model to `cortex-r5` or `arm_max`. See [#1725](https://github.com/unicorn-engine/unicorn/issues/1725) and [#1724](https://github.com/unicorn-engine/unicorn/issues/1724).
51
+
3. If you are on ARM, please check whether you are emulating a THUMB instruction. If so, please use `UC_MODE_THUMB` and make sure the starting address is odd.
52
+
4. If it's not the cases above, it might be some newer instruction sets that qemu5 doesn’t support.
53
+
5. Note some instruction sets are not implemented by the latest QEMU.
53
54
54
55
If you are still using Unicorn1, please upgrade to Unicorn2 for better support.
0 commit comments