power PC VLE (EVX?) MPC5746R missing instructions

[GhidrAuto]

Dissasembly is missing instructions EFSMAX, EFSMIN, EFSSQRT. Which appears to result in

"/* WARNING: Bad instruction - Truncating control flow here */"

second issue is

" 09083fc4 79 f2 f4 dd     e_bl       FUN_08fb34a0                                     undefined FUN_08fb34a0()
                        -- Flow Override: CALL_RETURN (CALL_TERMINATOR)"

After ever single e_bl

Using Ghidra 11.1.2, create project and import file with

--Processor language-- "power ISA 3.0 Big Endian w/VLE, EVX and 32-bit Addressing" 
--Options(Load file )--- Base address 0x8fb0000
--Registers= assume r13 = 0x40010000 assume r2 = 0x91c8000 assume vle = 0x1
--CTRL A, disassemble PPC VLE (f12)
--ANYLIZE ALL
-- GO TO 0x09084332, (I suspect) should be Opcode       "efsmin    r7, r7, r31" 
-- GO TO 0x0908433A (I suspect) should be Opcode       "efsmax    r0, r0, r30" **
-- GO TO 0x08FB34D8 (I suspect) should be Opcode       "efssqrt   r3, r3"**

------------------------efsmin    r7, r7, r31-----------------------------------------------------                   
        0908432e 10 fb 2a c9     efsdiv     r7,r27,r5
        09084332 10              ??         10h
        09084333 e7              ??         E7h
        09084334 fa              ??         FAh
        09084335 b1              ??         B1h
        09084336 10 00 3a c8     efsmul     r0,r0,r7

---------------- "efsmax    r0, r0, r30"------------------------------------------------------------------
        0908433a 10              ??         10h
        0908433b 00              ??         00h
        0908433c f2              ??         F2h
        0908433d b0              ??         B0h
        0908433e 70 ea e1 80     e_lis      r7,0x5180

-------------------"efssqrt   r3, r3"---------------------------------------------------------------------
        08fb34d8 10              ??         10h
        08fb34d9 63              ??         63h    c
        08fb34da 02              ??         02h
        08fb34db c7              ??         C7h
        08fb34dc 00 04           se_blr
        08fb34de 00 00           se_illegal

Expected behavior

B1 (1011 0001) =   EFSMIN 
b0 (1011 0000) =   EFSMAX
c7 (1100 0111) =   EFSSQRT 

Environment (please complete the following information):

• OS: [windows 11]
• Java Version: [JDK 17]
• Ghidra Version: [11.1.2]
• Ghidra Origin: [e.g. official GitHub]

https://www.nxp.com/products/processors-and-microcontrollers/power-architecture/mpc5xxx-microcontrollers/ultra-reliable-mpc57xx-mcus/automotive-and-industrial-engine-management-mcu:MPC5746R

Fairly certain it is a MPC5746R, however it is stated to be proprietary

POWErPC.zip

I should add that I did try to disassemble PPC VLE altivec and that did not work nearly at all.

[esaulenka]

A few notes.

These opcodes are NOT implemented in the actual Ghidra version. Perhaps it would be better to do in a separate 'language'. #4952 looks as a good candidate for it.

Good description can be found at http://www.elektronikjk.pl/elementy_czynne/IC/E200Z760N3.pdf 'e200z760n3 Power Architecture® Core Reference Manual'

[GhidrAuto]

Alexy, thank you for the suggestion I received the specs I had been waiting on the specs for this mcu to make this post. In my enthusiasm I failed to do more research after receiving the specs and immediately made this post. Would it be cleaner for me to delete this post and start a new one on the thread you linked or should I leave this here for now?

On Thu, Aug 29, 2024 at 5:44 AM Alexey Esaulenko @.***> wrote:

A few notes.

These opcodes are NOT implemented in the actual Ghidra version. Perhaps it would be better to do in a separate 'language'. #4952 https://github.com/NationalSecurityAgency/ghidra/pull/4952 looks as a good candidate for it.

Good description can be found at http://www.elektronikjk.pl/elementy_czynne/IC/E200Z760N3.pdf 'e200z760n3 Power Architecture® Core Reference Manual'

— Reply to this email directly, view it on GitHub https://github.com/NationalSecurityAgency/ghidra/issues/6863#issuecomment-2317548507, or unsubscribe https://github.com/notifications/unsubscribe-auth/AYPNSPPKYDNDAXDHEUM4SALZT4JSHAVCNFSM6AAAAABNJULWS6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMJXGU2DQNJQG4 . You are receiving this because you authored the thread.Message ID: @.***>

[esaulenka]

Since I'm not in the Ghidra team, I have no ideas, whether that change will be approved or not. From my perspective, it's a good improvement, as it introduses a 32-bit variant of Power CPU. When I worked with a similar chips (it's very popular as a vehicle brains), 64-bit variables sometime makes some mess.

So, let's leave this issue as is, it's another bug in Ghidra. It was just some thoughts how it may be done. I won't promise that I will do this improvemnt.

[GhidrAuto]

Alexey, I would be interested in maybe getting a group together and start a bounty for this processor. I am sure you are busy, but if you have a minute maybe send my an email. ghidrauto@gmail.com