thumb: mrs instruction not recognized

[sir-wombat]

Capstone fails to disassemble a mrs instruction correctly:
$ cstool thumb "\x08\x81\xef\xf3"
result:
0 0881 strh r0, [r1, #8]
expected result:
mrs r1, MSP
See page 803 of DDI0403D (ARMv7-M arch ref man) about the encoding of mrs.

[aquynh]

interesting, looks like LLVM also fails to decode this??

[sir-wombat]

Yes it does:

$ echo '0x08 0x81 0xef 0xf3' | llvm-mc -disassemble -arch=thumb
	.text
	strh	r0, [r1, #8]
<stdin>:1:11: warning: invalid instruction encoding
0x08 0x81 0xef 0xf3
          ^
<stdin>:1:16: warning: invalid instruction encoding
0x08 0x81 0xef 0xf3
               ^

[aquynh]

yes, this is exactly the result returned by cstool.

need to look closer at this, thanks.

[sir-wombat]

I think the problem is the ambiguity between

• taking only '0x08 0x81' as a little-endian halfword and
• taking '0x08 0x81 0xef 0xf3' as a little-endian word
  especially since the halfword properly fits the T1 encoding of the immediate STRH.

[danse-macabre]

I've also run into the similar problem. It seems that Capstone is unable to correctly decode the following instruction:

privileged_functions:000002A6 EF F3 11 85                 MRS.W   R5, BASEPRI

Capstone says it is ldrhi, regardless of the THUMB mode:

$ cstool -d arm EFF31185 0x0                                             
0  eff31185  ldrhi	pc, [r1, #-0x3ef]
	op_count: 2
		operands[0].type: REG = pc
		operands[0].access: WRITE
		operands[1].type: MEM
			operands[1].mem.base: REG = r1
			operands[1].mem.disp: 0xfffffc11
		operands[1].access: READ
	Code condition: 9
	Registers read: r1
	Registers modified: pc
	Groups: arm 

$ cstool -d arm EFF31185 0x1                                        
1  eff31185  ldrhi	pc, [r1, #-0x3ef]
	op_count: 2
		operands[0].type: REG = pc
		operands[0].access: WRITE
		operands[1].type: MEM
			operands[1].mem.base: REG = r1
			operands[1].mem.disp: 0xfffffc11
		operands[1].access: READ
	Code condition: 9
	Registers read: r1
	Registers modified: pc
	Groups: arm