Missing lift for if-then (it, itt, ittt, itttt) instructions

[nshp]

I frequently see HLIL like this:

arg2 - 2
bool cond:0 = arg2 == 2
bool cond:1 = arg2 == 2
bool cond:2 = arg2 == 2
if (arg2 == 2)
    ...
...
if (cond:0)
    ...
if (cond:1)
    ...
if (not(cond:2))
    ...

I don't think this is architecture-specific, but this particular example is from Thumb code:

cmp r1, #2 
it eq
...; ...
itt eq
...; ...
beq true
false: ...
true: ...

There are several suboptimal things there:

• The arg2 - 2 should have been eliminated, not sure why it wasn't
• All the cond vars are the same and could be merged
• The first if is also the same, maybe it should also use the condvar in cases like this?
• The second and third if are also the same, and could be merged
• The final if (not(...)) could be an else
• Finally, this is a pattern like if (x == 1) { ... } else { if (x == 2) { ... } else { if (x == 3) } } } which could be turned into a switch/case, or at least flattened out to if (x == 1) { ...} else if (x == 2) { ... } ...

[fuzyll]

I'm using this now as the issue tracking our inability to lift the if-then (it and related instructions) in ARM, simply because it was the oldest one I found.

We discussed this today and it's either easy (because all we have to do is apply the condition to the following instructions) or hard (because we may not be able to look forward/backward far enough to see things). Either way, this appears to have been an issue for awhile and is pretty common in Thumb code. See linked tickets above for other examples where this causes issues for us.

[lwerdna]

Alright, so this issue is chosen as the representative of issue #3976 and issue #4305.

Here's a 5k binary with every variation of the if-then instruction for testing:

hello.zip

[plafosse]

We fixed the underlying lifting issues in 3.5.4298