TriCore instruction loop16

[arkup]

Hi, while decoding the TriCore instruction loop16, the second operand is displayed in the format of a relative jump (not absolute), which is inconsistent with other instructions and, in my opinion (IMHO), makes it harder to read.

0x80000492: 04 FF | ld.bu d15, [a15+]
0x80000494: 24 4F | st.b [a4+], d15
0x80000496: FC 2E | loop a2, #-4               ;<===

Expected, preferred output:

0x80000492: 04 FF |  ld.bu d15, [a15+] 
0x80000494: 24 4F |  st.b [a4+], d15
0x80000496: FC 2E |  loop a2, 0x80000492       ;<===

Questions	Answers
OS/arch/bits	Windows x64 etc.
Architecture	CS_ARCH_TRICORE, CS_MODE_TRICORE_162
Source of Capstone	git clone,
Version/git commit	v5.0.1, commit/3f87ce0f6a665abb2675adada507362985bb46a4

Instruction bytes giving faulty results

unsigned char loop_chars[] =
{
  0xFC, 0x2E
};

Expected results

loop16          a2, 0x...(absolut address)

[XVilka]

@imbillow could you please take a look when you have time?

[imbillow]

Hi, while decoding the TriCore instruction loop16, the second operand is displayed in the format of a relative jump (not absolute), which is inconsistent with other instructions and, in my opinion (IMHO), makes it harder to read.

0x80000492: 04 FF | ld.bu d15, [a15+]
0x80000494: 24 4F | st.b [a4+], d15
0x80000496: FC 2E | loop a2, #-4               ;<===

Expected, preferred output:

0x80000492: 04 FF |  ld.bu d15, [a15+] 
0x80000494: 24 4F |  st.b [a4+], d15
0x80000496: FC 2E |  loop a2, 0x80000492       ;<===

Questions Answers
OS/arch/bits Windows x64 etc.
Architecture CS_ARCH_TRICORE, CS_MODE_TRICORE_162
Source of Capstone git clone,
Version/git commit v5.0.1, commit/3f87ce0f6a665abb2675adada507362985bb46a4

Instruction bytes giving faulty results

unsigned char loop_chars[] =
{
  0xFC, 0x2E
};

Expected results

loop16          a2, 0x...(absolut address)

The instruction you mention is LOOP (SBR), and its second operand is interpreted as a relative offset rather than an absolute address.

For more information, see TriCoreTM TC1.6.2 core architecture manual - Instruction set on page 3-179.

[imbillow]

There is indeed another instruction with the same name LOOP in a different format but it has [0..7]=0xfd

[imbillow]

I'm sorry I do not get it. But it is fixed in the next branch. @arkup

[arkup]

I'm sorry I do not get it. But it is fixed in the next branch. @arkup

OK, thanks. My point was that it's harder to read 'loop $reg, #-disp4' when I have to subtract disp4 from the loop $pc address in my head, instead of having an absolute address. In IDA/Ghidra, it's already formatted as an absolute address 'loop $reg, 0x???'

[cqke]

Is there any possibility to release the fix in Capstone V5 also ? @radare is working hard to get TriCore RE functional, it just need some tweaks to rely fully on Capstone engine (v5 for now). Amazing things are coming ! Thank you very much.

[Rot127]

@cqke Added it to the v5.0.4 milestone. @imbillow Do you think you could cherry-pick the fix into v5?

@arkup Regarding your wish to print absolute addresses. For archs like PPC, ARM and AArch64 we have this options enabled via CS_OPT_NO_BRANCH_OFFSET which toggles this. I will rename the option before the release and check everything works with it.
But in general we can do this for TriCore as well. @imbillow Are there many operands which are PC relative? Do you think we could get this feature into v6 in a week?

[Rot127]

Wasn't closed with #2527 for whatever reason.