Add PPE42 (PowerPC Embedded) architecture support#338
Conversation
efddbc3 to
4c51a4c
Compare
|
@Wenzel @novafacing Can you please score this PR |
4c51a4c to
05a94b5
Compare
There was a problem hiding this comment.
Pull request overview
This PR introduces initial support for the PPE42 (embedded PowerPC) architecture across TSFFS’s Rust architecture layer and the C/C++ harness headers, aiming to enable fuzzing of embedded PowerPC firmware (e.g., IBM SBE) in Simics.
Changes:
- Added a new PPE42 architecture implementation (
src/arch/ppe42.rs) and wired it into architecture hinting/selection (src/arch/mod.rs). - Added a PPE42 GCC/Clang harness header (
harness/tsffs-gcc-ppe42.h) and attempted to integrate it into the main harness selector (harness/tsffs.h). - Added a “physical addressing” mode to the architecture framework for embedded targets (
USE_PHYSICAL_ADDRESSES).
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 8 comments.
| File | Description |
|---|---|
| src/arch/ppe42.rs | New PPE42 architecture operations + minimal disassembler. |
| src/arch/mod.rs | Adds PPE42 integration and introduces USE_PHYSICAL_ADDRESSES; refactors arch detection. |
| harness/tsffs.h | Attempts to include PPE42 harness based on PowerPC preprocessor macros. |
| harness/tsffs-gcc-ppe42.h | New PPE42 harness header with rlwimi-based “magic instruction” macros and TSFFS operation numbers. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
065fe2c to
558bffd
Compare
aa7bdd8 to
2e10a57
Compare
feat: Add PPE42 (PowerPC Embedded) architecture support
Add support for the PPE42 (PowerPC Processor Embedded 42-bit) architecture
used in IBM SBE (Self-Boot Engine) firmware and other embedded PowerPC systems.
Changes:
- Add PPE42 architecture implementation (src/arch/ppe42.rs)
* Uses rlwimi instruction for magic breakpoints
* Supports physical addressing (no MMU translation)
* Makes CpuInstructionQueryInterface and CpuInstrumentationSubscribeInterface
optional as they may not be available in all PPE42 Simics models
* Uses r10 for index selector, r3-r5 for arguments (PowerPC ABI)
- Add PPE42 harness header (harness/tsffs-gcc-ppe42.h)
* Implements magic instructions using rlwimi format
* Compatible with SBE firmware magic instruction conventions
* Supports all standard harness operations (start, stop, assert)
- Integrate PPE42 into architecture framework (src/arch/mod.rs)
* Add PPE42 to Architecture enum and all trait implementations
* Add architecture hint parsing for "ppe42", "ppc", "powerpc", "ppc32"
* Refactor detection chain to use early returns for clarity
- Update main harness header (harness/tsffs.h)
* Add PPE42 architecture detection for GCC/Clang compilers
* Include tsffs-gcc-ppe42.h for PowerPC preprocessor macros
This implementation provides the foundation for fuzzing embedded PowerPC
firmware in Simics, with optional coverage tracking to be added separately.
|
How was this validated? What Simics model did you use? |
|
|
Cool thanks. Which of the packages contains the PPE42 core? |
|
|
Neither 405gp nor 440gx are actual PPE42 cores. So is the support rather for Power ISA v2.03 rather than for PPE42? |
|
It’s PPE42 support, not Power ISA v2.03. |
How did you test that with a Simics model if you don't have one? And what exactly are the PPE42 specifics in the PR? Can you point that out? At first glance it looks like general PPC support. What exactly makes it PPE42 specific? |
feat: Add PPE42 (PowerPC Embedded) architecture support
Add support for the PPE42 (PowerPC Processor Embedded 42-bit) architecture used in IBM SBE (Self-Boot Engine) firmware and other embedded PowerPC systems.
Changes:
Add PPE42 architecture implementation (src/arch/ppe42.rs)
Add PPE42 harness header (harness/tsffs-gcc-ppe42.h)
Integrate PPE42 into architecture framework (src/arch/mod.rs)
Update main harness header (harness/tsffs.h)
This implementation provides the foundation for fuzzing embedded PowerPC firmware in Simics, with optional coverage tracking to be added separately.