"if-then" disassembled incorrectly for ARM Thumb

[lwerdna]

Instruction word 0xBFF6 should be "itet" but instead is "itte". Here is minimal code to reproduce:

#!/usr/bin/env python
from capstone import *
md = Cs(CS_ARCH_ARM, CS_MODE_BIG_ENDIAN|CS_MODE_THUMB)
for i in md.disasm("\xbf\xf6", 0):
	print("0x%x:\t%s\t%s" %(i.address, i.mnemonic, i.op_str))

Here are the bit fields:

+----+----+-----------+------+
|1011|1111|firstcond.4|mask.4|
+----+----+-----------+------+
|1011|1111|       1111|  0110|
+----+----+-----------+------+

Looking up '0110' in table A8-2 in doc DDI0406C gives the "et" correct answer. Also verified with online disassembler.

[lwerdna]

Another example: 0xbff5 has fields:

+----+----+-----------+------+
|1011|1111|firstcond.4|mask.4|
+----+----+-----------+------+
|1011|1111|       1111|  0101|
+----+----+-----------+------+

And should be itete but capstone gives the complement ittet. The https://onlinedisassembler.com corroborates itete.

[aquynh]

you can use cstool to avoid writing testcase.

on the "next" branch, we have:

$ cstool thumbbe bff6
 0  bf f6  itte al

$ cstool thumbbe bff5
 0  bf f5  ittet al

is this correct?

[lwerdna]

Thanks for the cstool recommendation.

No, those are the erroneous outputs I reported.

cstool thumbbe bff6 should return itet al or itet <und> (not itte al)
cstool thumbbe bff5 should return itete al or itete <und> (not ittet al)

[Rot127]

llvm-objdump says otherwise:

000003fc <_start>:
     3fc: bff6         	itte	al

@kabeor Can be closed?