Regarding PIC24 family "bit test and skip if..." and "compare and skip if..." instructions

[gtackett]

A fellow employee asked me about the way Ghidra models these instructions.

What I see myself in the decompile looks reasonable, but maybe I'm missing something.

He didn't mention whether he saw something in the decompile that could be simpler, so I've just emailed him to ask about that.

While using the existing scripts/PIC ISA as examples, I noticed several instructions that might not be currently handled as intended:
• BTSC
• BTSS
• CPSEQ
• CPSGT
• CPSLT
• CPSNE
These correspond to 8 conditional skip opcodes that can skip execution of the subsequent instruction, effectively replacing it with 1-2 NOPs. Ghidra handles these with a combination of a global flag and the instruction context state. Interestingly, there's a TODO in Ghidra's source revolving around this behavior:

"# TODO: Why is context/^instruction used instead of simply having skip instructions branch around next instruction?"

As the TODO mentions, the best way to handle these is probably to add them to the pool of conditional jump-style instructions.

[gtackett]

He asked because he's working on some scripts that apply formal methods to the code flow, and the use of a context register there required some extra work to accommodate, compared to the other ways of changing flow that don't use a context register.

He's already taken care of it in his script(s) so there's no urgency. But the question is still of some interest to me.

[astrelsky]

Are the instructions a fixed size? I think you would only be able to branch over the next instruction if you can calculate where to branch to. I struggled to do this for the rl78 as it is a cisc architecture. I ultimately had to use a context register but the decompiler breaks when the skipped instruction is branched to because the context is different. Other options were to use a delay slot but this is also a problem because it is very common for the skipped instruction to be a branch so that would cause an error bookmark and the flow to stop.

I think a special skip implementation for sleigh would be nice.

[gtackett]

Are the instructions a fixed size? I think you would only be able to branch over the next instruction if you can calculate where to branch to. I struggled to do this for the rl78 as it is a cisc architecture. I ultimately had to use a context register but the decompiler breaks when the skipped instruction is branched to because the context is different.

@astrelsky, nearly all the instructions for this architecture are one instruction word long (the few exceptions all being two words long), but as you say, that may prevent the simplification of all the bts and cps instructions to do away with context. (Fortunately for this situation, the PIC24 architecture doesn't have delay slots as far as I've ever seen.)

I think a special skip implementation for sleigh would be nice.

Agreed.