PPC: Broken RZIL instructions

[Rot127]

Work environment

Questions	Answers
OS/arch/bits (mandatory)	-
File format of the file you reverse (mandatory)	-
Architecture/bits of the file (mandatory)	PPC
rizin -v full output, not truncated (mandatory)	wait for #2823

Broken instructions

A handful of common PPC instructions were not uplifted to RZIL in https://github.com/rizinorg/rizin/pull/2823 because they are broken in Capstone v4 or v5.

Note that most of them are already implemented but were removed because they could not be tested against a QEMU trace. Find the original implementations in this branch: https://github.com/Rot127/rizin/tree/ppc-rzil-broken-insn-impl

This is a list with descriptions:

Capstone v5

• PPC_INS_MTOCRF, PPC_INS_MFOCRF: https://github.com/capstone-engine/capstone/issues/1903

Capstone v4 (fixed in v5)

./cstool -v
Cstool for Capstone Disassembler Engine v4.0.2
Capstone build: x86=1 arm=1 arm64=1 mips=1 ppc=1 sparc=1 sysz=1 xcore=1 m68k=1 tms320c64x=1 m680x=1 evm=1 

• PPC_INS_SLDI -> The immediate operand is missing in cs_insn.detail.ppc

  ./cstool -d ppc64 e4838a7a
  0  e4 83 8a 7a  sldi r10, r20, 0x10
    ID: 935 (sldi)
    op_count: 2
        operands[0].type: REG = r10
        operands[1].type: REG = r20
        # Missing imm 0x10

• PPC_INS_ISEL -> The register operand is set to a GPR. Although it should be CR register.

  ./cstool -d ppc64 9ebb407d
  0  9e bb 40 7d  isel r10, 0, r23, 14
    ID: 303 (isel)
    op_count: 4
        operands[0].type: REG = r10
        operands[1].type: REG = r0
        operands[2].type: REG = r23
        operands[3].type: REG = r14 # Should be: cr3eq

• all CR logical instructions -> Capstone v4 instructions hold GPRs instead of CR registers. Example

  ./cstool -d ppc64 823be44d
  0  82 3b e4 4d  cror 15, 4, 7
    ID: 59 (cror)
    op_count: 3
        operands[0].type: REG = r15 # cr3un
        operands[1].type: REG = r4 # cr1lt
        operands[2].type: REG = r7 # cr1un

• PPC_INS_MFXER: -> see: https://github.com/rizinorg/rizin/issues/2900

[XVilka]

Should be addressed by https://github.com/capstone-engine/capstone/pull/2013

[XVilka]

@Rot127 could you please review and address those now that Capstone was fixed.