Instruction behavior as RZIL/p-code

[Rot127]

It would be pretty awsome to have an ESIL RZIL/p-code representation of the instruction behavior.

ESIL RZIL would allow us to emulate the code, whereas the p-code representation would allow us to use the decompiler.

To be considered

• Where does the behavior of each instruction comes from?

  • Parsing it from the manual is tricky. The PDF has to be converted to .txt which introduces errors. Removing those during parsing is really, really annoying. On top of that we need a C-parser afterwards.

  • Couldn't we get the instruction behavior from the QEMU src? Last time I checked they support instructions until v62 which would be fine for the beginning (E.g. the Pixel 2 has v62 processors. So this instruction set is not too old and probably covers most basic instructions).

• ESIL seems to be reworked at the moment: New Rizin IL integration rizin#1361

• Some instructions have enormously complex behavior. Especially HVX instructions.

  A quick example from the HVX manual illustrates this pretty well:

  vtmp.h=vgather(Rt,Mu,Vvv.w).h

  maps to:

  MuV = MuV | (element_size-1);
  Rt = Rt & ~(element_size-1);
  for (i = 0; i < VELEM(32); i++) {
      for(j = 0; j < 2; j++) {
          EA = Rt+Vvv.v[j].uw[i];
          if (Rt <= EA <= Rt + MuV)
              TEMP.uw[i].uh[j] = *EA;
       }
  }

  There are also simpler ones but this seems to be the most complex we will get.

[XVilka]

Yes, ESIL is being deprecated, we have better-designed IL, you can see details here: rizinorg/rizin#1361
I recommend to wait until it is integrated first and a few major architectures switched from ESIL to it.

[Rot127]

Started to work on the RZIL part for the next months. If anyone wants to help please drop a message here.

[XVilka]

Be aware of rizinorg/rizin#1918 and rizinorg/rizin#1461 (rizinorg/rizin#2005)