Renesas M16C #4804

silverchris · 2022-12-08T05:26:47Z

silverchris
Dec 8, 2022

Hi All,
Figured I would ask here before I start to attempt this myself.
Has anyone looked at implementing Renesas M16C instruction set in Ghidra?

I have been trying to wrap my head around it for the last few days, but as a relative noob to the low level implementation of processor, I am not sure if it's a task that I can do, or if it's beyond my skill level.

I think my main hurdle is trying to understand how to handle the variable instruction lengths or addressing modes they are called by Renasas.

If anyone had some pointers, I would also appreciate that.

Here is a link to the instruction set https://www.renesas.com/us/en/document/mah/m16c60-m16c20-m16ctiny-series-software-manual?language=en

Thanks in advance for any advice or help! :)

GhidorahRex · 2022-12-08T12:43:18Z

GhidorahRex
Dec 8, 2022
Collaborator

The processor is mostly straight-forward I think, just glancing at it for a couple minutes. Take a look at the Ghidra Sleigh Manual in the documentation. One of the biggest hurdles will be the 20-bit registers. Register banking might be a minor gotcha, but since it's only two banks, it should be easy enough to use a swap macro. You might need a context bit to make it easier to model that.

These variable length instructions aren't too difficult to tackle. Just remember you'll need different tokens. It's mostly just different sizes of immediates, and they're laid out quite nicely in chapter 4. You'll need to handle them via ellipses.

It looks like a fun processor. There are some unusual instructions like adjnz and movdir, and the 20-bit registers are going to be a little tricky, but we handle that in the PIC12.

Good luck :-)

9 replies

silverchris Dec 9, 2022
Author

Think I am starting to get part of it.
This looks a bit redundant to me, though?

attach variables [dest8_11 src12_15] [R0 R1 R2 R3 A0 A1 A0 A1 A0 A1 SB FB A0 A1 SB _ ];
attach variables [dest8_11b] [R0L R0H R1L R1H A0 A1 A0 A1 A0 A1 SB FB A0 A1 SB _ ];

eaw: dest8_11 is destmode=0 & dest8_11 {export dest8_11;}
eaw: dest8_11 is destmode=1 & dest8_11 {export dest8_11;}
eaw: dest8_11 is destmode=2 & dest8_11 {export dest8_11;}
eaw: dest8_11 is destmode=3 & dest8_11 {export dest8_11;}
eaw: dest8_11 is destmode=4 & dest8_11 {export dest8_11;}
eaw: dest8_11 is destmode=5 & dest8_11 {export dest8_11;}
eaw: dest8_11 is destmode=6 & dest8_11 {export *dest8_11;}
eaw: dest8_11 is destmode=7 & dest8_11 {export *dest8_11;}
eaw: dest8_11[dsp8] is destmode=8 & dest8_11; dsp8 { local temp = dest8_11 + dsp8; export *temp;}
eaw: dest8_11[dsp8] is destmode=9 & dest8_11; dsp8 { local temp = dest8_11 + dsp8; export *temp;} 
eaw: dest8_11[dsp8] is destmode=10 & dest8_11; dsp8 { local temp = dest8_11 + dsp8; export *temp;} 
eaw: dest8_11[dsp8] is destmode=11 & dest8_11 ; dsp8 { local temp = dest8_11 + dsp8; export *temp;} 
eaw: "dsp:16[A0]" is destmode=12 & dest8_11; dsp16 { local temp = dest8_11 + dsp16; export *temp;} 
eaw: "dsp:16[A1]" is destmode=13 & dest8_11; dsp16 { local temp = dest8_11 + dsp16; export *temp;} 
eaw: "dsp:16[SB]" is destmode=14 & dest8_11; dsp16 { local temp = dest8_11 + dsp16; export *temp;} 
eaw: "abs16" is destmode=15; abs16 {export *abs16;} 

eab: dest8_11b is destmode=0 & dest8_11b {export dest8_11b;}
eab: dest8_11b is destmode=1 & dest8_11b {export dest8_11b;}
eab: dest8_11b is destmode=2 & dest8_11b {export dest8_11b;}
eab: dest8_11b is destmode=3 & dest8_11b {export dest8_11b;}
eab: dest8_11b is destmode=4 & dest8_11b {export dest8_11b;}
eab: dest8_11b is destmode=5 & dest8_11b {export dest8_11b;}
eab: dest8_11b is destmode=6 & dest8_11b {export *dest8_11b;}
eab: dest8_11b is destmode=7 & dest8_11b {export *dest8_11b;}
eab: dest8_11b[dsp8] is destmode=8 & dest8_11b; dsp8 { local temp = dest8_11b + dsp8; export *temp;}
eab: dest8_11b[dsp8] is destmode=9 & dest8_11b; dsp8 { local temp = dest8_11b + dsp8; export *temp;} 
eab: dest8_11b[dsp8] is destmode=10 & dest8_11b; dsp8 { local temp = dest8_11b + dsp8; export *temp;} 
eab: dest8_11b[dsp8] is destmode=11 & dest8_11b ; dsp8 { local temp = dest8_11b + dsp8; export *temp;} 
eab: dest8_11b[dsp16] is destmode=12 & dest8_11b; dsp16 { local temp = dest8_11b + dsp16; export *temp;} 
eab: dest8_11b[dsp16] is destmode=13 & dest8_11b; dsp16 { local temp = dest8_11b + dsp16; export *temp;} 
eab: dest8_11b[dsp16] is destmode=14 & dest8_11b; dsp16 { local temp = dest8_11b + dsp16; export *temp;} 
eab: abs16 is destmode=15; abs16 {export *abs16;}

I guess it would also need to be repeated for the src as well, or is there something I am missing that allows me to replace the register in those?

GhidorahRex Dec 9, 2022
Collaborator

You would need separate ones for src and dst, yes, since each one is based on different bits. Unfortunately this does add some redundancy.

What you have won't compile as you've currently written it because you're still exporting different sized varnodes in the 8-bit case. Some of the redundancy should go away, since they'll be more distinct from one another.

silverchris Dec 9, 2022
Author

Suppose that's really tripping me up, as I am unsure how to handle the src/dest possibly containing 8 or 16 bits. Or should I just treat them all as 16 bit, and zero extend the 8 bit registers?

silverchris Dec 9, 2022
Author

Maybe something like this?

d_eaw: dest8_11 is destmode=0 & dest8_11 {export dest8_11;}
d_eaw: dest8_11 is destmode=1 & dest8_11 {export dest8_11;}
d_eaw: dest8_11 is destmode=2 & dest8_11 {export dest8_11;}
d_eaw: dest8_11 is destmode=3 & dest8_11 {export dest8_11;}
d_eaw: dest8_11 is destmode=4 & dest8_11 {export dest8_11;}
d_eaw: dest8_11 is destmode=5 & dest8_11 {export dest8_11;}
d_eaw: dest8_11 is destmode=6 & dest8_11 {export *dest8_11;}
d_eaw: dest8_11 is destmode=7 & dest8_11 {export *dest8_11;}
d_eaw: dest8_11[dsp8] is destmode=8 & dest8_11; dsp8 { local temp = dest8_11 + dsp8; export *temp;}
d_eaw: dest8_11[dsp8] is destmode=9 & dest8_11; dsp8 { local temp = dest8_11 + dsp8; export *temp;} 
d_eaw: dest8_11[dsp8] is destmode=10 & dest8_11; dsp8 { local temp = dest8_11 + dsp8; export *temp;} 
d_eaw: dest8_11[dsp8] is destmode=11 & dest8_11 ; dsp8 { local temp = dest8_11 + dsp8; export *temp;} 
d_eaw: dest8_11[dsp16]  is destmode=12 & dest8_11; dsp16 { local temp = dest8_11 + dsp16; export *temp;} 
d_eaw: dest8_11[dsp16]  is destmode=13 & dest8_11; dsp16 { local temp = dest8_11 + dsp16; export *temp;} 
d_eaw: dest8_11[dsp16] is destmode=14 & dest8_11; dsp16 { local temp = dest8_11 + dsp16; export *temp;} 
d_eaw: abs16 is destmode=15; abs16 {export *abs16;} 

d_eab: R0L is destmode=0 & R0L {export R0L;}
d_eab: R0H is destmode=1 & R0H {export R0H;}
d_eab: R1L is destmode=2 & R1L {export R1L;}
d_eab: R1H is destmode=3 & R1H {export R1H;}
d_eab: dest8_11 is destmode=4 & dest8_11 {local temp:1 = dest8_11:1; export temp;}
d_eab: dest8_11 is destmode=5 & dest8_11 {local temp:1 = dest8_11:1; export temp;}
d_eab: dest8_11 is destmode=6 & dest8_11 {local temp:1 = *dest8_11; export temp;}
d_eab: dest8_11 is destmode=7 & dest8_11 {local temp:1 = *dest8_11; export temp;}
d_eab: dest8_11[dsp8] is destmode=8 & dest8_11; dsp8 { local temp:1 = *(dest8_11 + dsp8); export temp;}
d_eab: dest8_11[dsp8] is destmode=9 & dest8_11; dsp8 { local temp:1 = *(dest8_11 + dsp8); export temp;}
d_eab: dest8_11[dsp8] is destmode=10 & dest8_11; dsp8 { local temp:1 = *(dest8_11 + dsp8); export temp;}
d_eab: dest8_11[dsp8] is destmode=11 & dest8_11 ; dsp8 { local temp:1 = *(dest8_11 + dsp8); export temp;}
d_eab: dest8_11[dsp16] is destmode=12 & dest8_11; dsp16 { local temp:1 = *(dest8_11 + dsp16); export temp;}
d_eab: dest8_11[dsp16] is destmode=13 & dest8_11; dsp16 { local temp:1 = *(dest8_11 + dsp16); export temp;}
d_eab: dest8_11[dsp16] is destmode=14 & dest8_11; dsp16 { local temp:1 = *(dest8_11 + dsp16); export temp;}
d_eab: abs16 is destmode=15; abs16 {local temp:1 = *(abs16:2); export temp;} 

s_eaw: src12_15 is srcmode=0 & src12_15 {export src12_15;}
s_eaw: src12_15 is srcmode=1 & src12_15 {export src12_15;}
s_eaw: src12_15 is srcmode=2 & src12_15 {export src12_15;}
s_eaw: src12_15 is srcmode=3 & src12_15 {export src12_15;}
s_eaw: src12_15 is srcmode=4 & src12_15 {export src12_15;}
s_eaw: src12_15 is srcmode=5 & src12_15 {export src12_15;}
s_eaw: src12_15 is srcmode=6 & src12_15 {export *src12_15;}
s_eaw: src12_15 is srcmode=7 & src12_15 {export *src12_15;}
s_eaw: src12_15[dsp8] is srcmode=8 & src12_15; dsp8 { local temp = *(src12_15 + dsp8)); export temp;}
s_eaw: src12_15[dsp8] is srcmode=9 & src12_15; dsp8 { local temp = *(src12_15 + dsp8)); export temp;} 
s_eaw: src12_15[dsp8] is srcmode=10 & src12_15; dsp8 { local temp = *(src12_15 + dsp8); export temp;} 
s_eaw: src12_15[dsp8] is srcmode=11 & src12_15 ; dsp8 { local temp = *(src12_15 + dsp8); export temp;} 
s_eaw: src12_15[dsp16] is srcmode=12 & src12_15; dsp16 { local temp = *(src12_15 + dsp16); export temp;} 
s_eaw: src12_15[dsp16]  is srcmode=13 & src12_15; dsp16 { local temp = *(src12_15 + dsp16); export temp;} 
s_eaw: src12_15[dsp16]  is srcmode=14 & src12_15; dsp16 { local temp = *(src12_15 + dsp16); export temp;} 
s_eaw: abs16 is srcmode=15; abs16 {export *abs16;} 

s_eab: R0L is srcmode=0 & R0L {export R0L;}
s_eab: R0H is srcmode=1 & R0H {export R0H;}
s_eab: R1L is srcmode=2 & R1L {export R1L;}
s_eab: R1H is srcmode=3 & R1H {export R1H;}
s_eab: src12_15 is srcmode=4 & src12_15 {local temp:1 = src12_15:1; export temp;}
s_eab: src12_15 is srcmode=5 & src12_15 {local temp:1 = src12_15:1; export temp;}
s_eab: src12_15 is srcmode=6 & src12_15 {local temp:1 = *src12_15; export temp;}
s_eab: src12_15 is srcmode=7 & src12_15 {local temp:1 = *src12_15; export temp;}
s_eab: src12_15[dsp8] is srcmode=8 & src12_15; dsp8 { local temp:1 = *(src12_15 + dsp8); export temp;}
s_eab: src12_15[dsp8] is srcmode=9 & src12_15; dsp8 { local temp:1 = *(src12_15 + dsp8); export temp;} 
s_eab: src12_15[dsp8] is srcmode=10 & src12_15; dsp8 { local temp:1 = *(src12_15 + dsp8); export temp;} 
s_eab: src12_15[dsp8] is srcmode=11 & src12_15 ; dsp8 { local temp:1 = *(src12_15 + dsp8); export temp;} 
s_eab: src12_15[dsp16] is srcmode=12 & src12_15; dsp16 { local temp:1 = *(src12_15 + dsp16); export temp;} 
s_eab: src12_15[dsp16] is srcmode=13 & src12_15; dsp16 { local temp:1 = *(src12_15 + dsp16); export temp;} 
s_eab: src12_15[dsp16] is srcmode=14 & src12_15; dsp16 { local temp:1 = *(src12_15 + dsp16); export temp;} 
s_eab: abs16 is srcmode=15; abs16 {local temp:1 = *(abs16:2); export temp;}

astrelsky Dec 10, 2022

For the register banking you could try something like what I've used for the rl78. You will get annoying warnings about ignoring the indirection but they'll only appear when a bank mode is set.

https://github.com/astrelsky/RL78_sleigh/blob/98f1550b422bd2ca5e4dfabe7310b056ba55d6ff/data/languages/rl78_map2.sinc#L533-L552

https://github.com/astrelsky/RL78_sleigh/blob/inst_next2/data/languages/rl78_tables.sinc#L2-L3

silverchris · 2022-12-13T18:47:17Z

silverchris
Dec 13, 2022
Author

Still working on this, just been mostly trying to write out all the instructions, so I can then clean it up, before moving on to the other parts

# sleigh specification file for Skeleton Processor
#   >> see docs/languages/sleigh.htm or sleigh.pdf for Sleigh syntax
# Other language modules (see Ghidra/Processors) may provide better examples
# when crd_eating a new language module.

define endian=little;

define alignment=1;

define space ram type=ram_space wordsize=2 size=2 default;
define space register type=register_space size=1;

define register offset=0x00 size=3 [ PC _ INTB ];
define register offset=0x05 size=2 [ INTBH INTBL];

define register offset=0x08 size=2 [ R0 R2 R1 R3 A0 A1 FB USP ISP SB FLAG SP];
define register offset=0x08 size=4 [ R2R0 R3R1 A1A0];
define register offset=0x08 size=1 [ R0H R0L _ _ R1H R1L _ _ ];

define register offset=0x30 size=4 [statusreg];
define register offset=0x34 size=1 [Cflg Dflg Zflg Sflg Bflg Oflg Iflg Uflg IPLflg];

#
#@define C_flag "FLAG[0,1]"		#CARY
#@define D_flag "FLAG[1,1]"		# Debug
#@define Z_FLAG "FLAG[2,1]"	# Zero
#@define S_flag "FLAG[3,1]"		# Sign
#@define B_flag "FLAG[4,1]"		# Register Bank Select
#@define O_flag "FLAG[5,1]"		# Overflow
#@define I_flag "FLAG[6,1]"		# Interrupt Enable
#@define U_flag "FLAG[7,1]"      # Stack Pointer Select
#@define IPL_flag "FLAG[12,3]"   # Interrupt priority Level
#@define C_flag "Cflg"		#CARY
#@define D_flag "Dflg"		# Debug
#@define Z_FLAG "Zflg"	# Zero
#@define S_flag "Sflg"		# Sign
#@define B_flag "Bflg"		# Register Bank Select
#@define O_flag "Oflg"		# Overflow
#@define I_flag "Iflg"		# Interrupt Enable
#@define U_flag "Uflg"      # Stack Pointer Select
#@define IPL_flag "IPLflg"   # Interrupt priority Level
define token operand_g (16)
	size0     = ( 0, 0)
	op1_7     = ( 1, 7)
	op0_7     = ( 0, 7)
	destmode  = ( 8,11)
	dest8_11  = ( 8,11)
	dest8_11b = ( 8,11)
	op8_11    = ( 8,11)
	imm8_11   = ( 8,11)
	cnd8_11   = ( 8,11)
	op12_15   = (12,15)
	srcmode   = (12,15)
	src12_15  = (12,15)
	src12_15b = (12,15)
	imm12_15  = (12,15)
	op0_15    = ( 0,15)
	op8_15    = ( 8,15)
	bit15     = (15,15)
	flg12_14  = (12,14)
	ldc12_14  = (12,14)
;

define token operand_s (8)
	op         = (3,7)
	op4_7      = (4,7)
	dest3      = (0,2)
	dest1      = (2,2)
	src2       = (0,1)
	bit0_2     = (0,2)
	ops0_7     = (0,7)
	dest_a0_a1 = (3,3)
	cnd0_2     = (0,2)
	dsp0_2     = (0,2)
;

define token data8 (8)
	dsp8 = (0,7)
	imm8 = (0,7)
	cnd8 = (0,7)
;

define token data16 (16)
	dsp16 = (0,15)
	abs16 = (0,15)
	imm16 = (0,15)
;

define token data32 (32)
	abs20 = (0,19)
	dsp20 = (0,19)
;

define context statusreg
	SPval = (0,0) ;

attach variables [dest8_11 src12_15] [R0 R1 R2 R3 A0 A1 A0 A1 A0 A1 SB FB A0 A1 SB _ ];
attach variables [dest1] [R0L R0H];
attach variables [dest_a0_a1] [A0 A1];
attach variables [flg12_14] [Cflg Dflg Zflg Sflg Bflg Oflg Iflg Uflg];

#attach variables [dest8_11b src12_15b] [R0L R0H R1L R1H];
attach values [imm8_11 imm12_15] [0 1 2 3 4 5 6 7 -8 -7 -6 -5 -4 -3 -2 -1];

j_eaw: dest8_11         is destmode=0 & dest8_11         { export dest8_11; }
j_eaw: dest8_11         is destmode=1 & dest8_11         { export dest8_11; }
j_eaw: dest8_11         is destmode=2 & dest8_11         { export dest8_11; }
j_eaw: dest8_11         is destmode=3 & dest8_11         { export dest8_11; }
j_eaw: dest8_11         is destmode=4 & dest8_11         { export dest8_11; }
j_eaw: dest8_11         is destmode=5 & dest8_11         { export dest8_11; }
j_eaw: dest8_11         is destmode=6 & dest8_11         { export *dest8_11; }
j_eaw: dest8_11         is destmode=7 & dest8_11         { export *dest8_11; }
j_eaw: dest8_11[dsp8]   is destmode=8 & dest8_11; dsp8   { local temp = dest8_11 + dsp8; export *temp; }
j_eaw: dest8_11[dsp8]   is destmode=9 & dest8_11; dsp8   { local temp = dest8_11 + dsp8; export *temp; } 
j_eaw: dest8_11[dsp8]   is destmode=10 & dest8_11; dsp8  { local temp = dest8_11 + dsp8; export *temp; } 
j_eaw: dest8_11[dsp8]   is destmode=11 & dest8_11 ; dsp8 { local temp = dest8_11 + dsp8; export *temp; } 
j_eaw: dest8_11[dsp20]  is destmode=12 & dest8_11; dsp20 { local temp = dest8_11 + dsp20; export *temp; } 
j_eaw: dest8_11[dsp20]  is destmode=13 & dest8_11; dsp20 { local temp = dest8_11 + dsp20; export *temp; } 
j_eaw: dest8_11[dsp16]  is destmode=14 & dest8_11; dsp16 { local temp = dest8_11 + dsp16; export *temp; } 
j_eaw: abs16            is destmode=15; abs16            { export *abs16; }

d_eaw: dest8_11         is destmode=0 & dest8_11         { export dest8_11; }
d_eaw: dest8_11         is destmode=1 & dest8_11         { export dest8_11; }
d_eaw: dest8_11         is destmode=2 & dest8_11         { export dest8_11; }
d_eaw: dest8_11         is destmode=3 & dest8_11         { export dest8_11; }
d_eaw: dest8_11         is destmode=4 & dest8_11         { export dest8_11; }
d_eaw: dest8_11         is destmode=5 & dest8_11         { export dest8_11; }
d_eaw: dest8_11         is destmode=6 & dest8_11         { export *dest8_11; }
d_eaw: dest8_11         is destmode=7 & dest8_11         { export *dest8_11; }
d_eaw: dest8_11[dsp8]   is destmode=8 & dest8_11; dsp8   { local temp = dest8_11 + dsp8; export *temp; }
d_eaw: dest8_11[dsp8]   is destmode=9 & dest8_11; dsp8   { local temp = dest8_11 + dsp8; export *temp; } 
d_eaw: dest8_11[dsp8]   is destmode=10 & dest8_11; dsp8  { local temp = dest8_11 + dsp8; export *temp; } 
d_eaw: dest8_11[dsp8]   is destmode=11 & dest8_11 ; dsp8 { local temp = dest8_11 + dsp8; export *temp; } 
d_eaw: dest8_11[dsp16]  is destmode=12 & dest8_11; dsp16 { local temp = dest8_11 + dsp16; export *temp; } 
d_eaw: dest8_11[dsp16]  is destmode=13 & dest8_11; dsp16 { local temp = dest8_11 + dsp16; export *temp; } 
d_eaw: dest8_11[dsp16]  is destmode=14 & dest8_11; dsp16 { local temp = dest8_11 + dsp16; export *temp; } 
d_eaw: abs16            is destmode=15; abs16            { export *abs16; }

d_eab: R0L              is destmode=0 & R0L              { export R0L; }
d_eab: R0H              is destmode=1 & R0H              { export R0H; }
d_eab: R1L              is destmode=2 & R1L              { export R1L; }
d_eab: R1H              is destmode=3 & R1H              { export R1H; }
d_eab: dest8_11         is destmode=4 & dest8_11         { local temp:1 = dest8_11:1; export temp; }
d_eab: dest8_11         is destmode=5 & dest8_11         { local temp:1 = dest8_11:1; export temp; }
d_eab: dest8_11         is destmode=6 & dest8_11         { local temp:1 = *dest8_11; export temp; }
d_eab: dest8_11         is destmode=7 & dest8_11         { local temp:1 = *dest8_11; export temp; }
d_eab: dest8_11[dsp8]   is destmode=8 & dest8_11; dsp8   { local temp:1 = *(dest8_11 + dsp8); export temp; }
d_eab: dest8_11[dsp8]   is destmode=9 & dest8_11; dsp8   { local temp:1 = *(dest8_11 + dsp8); export temp; }
d_eab: dest8_11[dsp8]   is destmode=10 & dest8_11; dsp8  { local temp:1 = *(dest8_11 + dsp8); export temp; }
d_eab: dest8_11[dsp8]   is destmode=11 & dest8_11 ; dsp8 { local temp:1 = *(dest8_11 + dsp8); export temp; }
d_eab: dest8_11[dsp16]  is destmode=12 & dest8_11; dsp16 { local temp:1 = *(dest8_11 + dsp16); export temp; }
d_eab: dest8_11[dsp16]  is destmode=13 & dest8_11; dsp16 { local temp:1 = *(dest8_11 + dsp16); export temp; }
d_eab: dest8_11[dsp16]  is destmode=14 & dest8_11; dsp16 { local temp:1 = *(dest8_11 + dsp16); export temp; }
d_eab: abs16            is destmode=15; abs16            { local temp:1 = *(abs16:2); export temp; }

s_eaw: src12_15         is srcmode=0 & src12_15         { export src12_15; }
s_eaw: src12_15         is srcmode=1 & src12_15         { export src12_15; }
s_eaw: src12_15         is srcmode=2 & src12_15         { export src12_15; }
s_eaw: src12_15         is srcmode=3 & src12_15         { export src12_15; }
s_eaw: src12_15         is srcmode=4 & src12_15         { export src12_15; }
s_eaw: src12_15         is srcmode=5 & src12_15         { export src12_15; }
s_eaw: src12_15         is srcmode=6 & src12_15         { export src12_15; }
s_eaw: src12_15         is srcmode=7 & src12_15         { export src12_15; }
s_eaw: src12_15[dsp8]   is srcmode=8 & src12_15; dsp8   { local temp = src12_15 + dsp8; export temp; }
s_eaw: src12_15[dsp8]   is srcmode=9 & src12_15; dsp8   { local temp = src12_15 + dsp8; export temp; } 
s_eaw: src12_15[dsp8]   is srcmode=10 & src12_15; dsp8  { local temp = src12_15 + dsp8; export temp; } 
s_eaw: src12_15[dsp8]   is srcmode=11 & src12_15 ; dsp8 { local temp = src12_15 + dsp8; export temp; } 
s_eaw: src12_15[dsp16]  is srcmode=12 & src12_15; dsp16 { local temp = src12_15 + dsp16; export temp; } 
s_eaw: src12_15[dsp16]  is srcmode=13 & src12_15; dsp16 { local temp = src12_15 + dsp16; export temp; } 
s_eaw: src12_15[dsp16]  is srcmode=14 & src12_15; dsp16 { local temp = src12_15 + dsp16; export temp; } 
s_eaw: abs16            is srcmode=15; abs16            { export *abs16; }

s_eab: R0L              is srcmode=0 & R0L              { export R0L; }
s_eab: R0H              is srcmode=1 & R0H              { export R0H; }
s_eab: R1L              is srcmode=2 & R1L              { export R1L; }
s_eab: R1H              is srcmode=3 & R1H              { export R1H; }
s_eab: src12_15         is srcmode=4 & src12_15         { local temp:1 = src12_15:1; export temp; }
s_eab: src12_15         is srcmode=5 & src12_15         { local temp:1 = src12_15:1; export temp; }
s_eab: src12_15         is srcmode=6 & src12_15         { local temp:1 = *src12_15; export temp; }
s_eab: src12_15         is srcmode=7 & src12_15         { local temp:1 = *src12_15; export temp; }
s_eab: src12_15[dsp8]   is srcmode=8 & src12_15; dsp8   { local temp:1 = *(src12_15 + dsp8); export temp; }
s_eab: src12_15[dsp8]   is srcmode=9 & src12_15; dsp8   { local temp:1 = *(src12_15 + dsp8); export temp; } 
s_eab: src12_15[dsp8]   is srcmode=10 & src12_15; dsp8  { local temp:1 = *(src12_15 + dsp8); export temp; } 
s_eab: src12_15[dsp8]   is srcmode=11 & src12_15 ; dsp8 { local temp:1 = *(src12_15 + dsp8); export temp; } 
s_eab: src12_15[dsp16]  is srcmode=12 & src12_15; dsp16 { local temp:1 = *(src12_15 + dsp16); export temp; } 
s_eab: src12_15[dsp16]  is srcmode=13 & src12_15; dsp16 { local temp:1 = *(src12_15 + dsp16); export temp; } 
s_eab: src12_15[dsp16]  is srcmode=14 & src12_15; dsp16 { local temp:1 = *(src12_15 + dsp16); export temp; } 
s_eab: abs16            is srcmode=15; abs16            { local temp:1 = *(abs16:2); export temp; }

s_d_eab: R0H       is dest3=3 & R0H     { export R0H; }
s_d_eab: R0L       is dest3=4 & R0L     { export R0L; }
s_d_eab: SB[dsp8]  is dest3=5 & SB;dsp8 { local temp:1 = *(SB+dsp8); export temp; }
s_d_eab: FB[dsp8]  is dest3=6 & FB;dsp8 { local temp:1 = *(FB+dsp8); export temp; }
s_d_eab: abs16     is dest3=7; abs16    { local temp:1 = *(abs16:2); export temp; }

SRC2: R0L       is src2=0x00 & dest1=1 & R0L { export R0L; }
SRC2: R0H       is src2=0x00 & dest1=0 & R0H { export R0H; }
SRC2: SB[dsp8]  is src2=1 & SB; dsp8         { local temp:1 = *(SB + dsp8); export temp; }
SRC2: FB[dsp8]  is src2=2  & FB; dsp8        { local temp:1 = *(FB + dsp8); export temp; }
SRC2: abs16     is src2=3; abs16             { local temp:1 = *(abs16:2); export temp; }

d_d_eab: R0H       is dest3=3  & R0H      { export R0L; }
d_d_eab: R0L       is dest3=4  & R0L      { export R0H; }
d_d_eab: SB[dsp8]  is dest3=5 & SB ;dsp8  { local temp:1 = *(SB + dsp8); export temp; }
d_d_eab: FB[dsp8]  is dest3=6  & FB ;dsp8 { local temp:1 = *(FB + dsp8); export temp; }
d_d_eab: abs16     is dest3=7;abs16       { local temp:1 = *(abs16:2); export temp; }

COND8: "GEU/C"   is cnd8=0x00    { }
COND8: "GTU"     is cnd8=0x01    { }
COND8: "EQ/Z"    is cnd8=0x02    { }
COND8: "N"       is cnd8=0x03    { }
COND8: "LE"      is cnd8=0x04    { }
COND8: "O"       is cnd8=0x05    { }
COND8: "GE"      is cnd8=0x06    { }
COND8: "LTU/NC"  is cnd8=0xf8    { }
COND8: "LEU"     is cnd8=0xf9    { }
COND8: "NE/NZ"   is cnd8=0xfa    { }
COND8: "PZ"      is cnd8=0xfb    { }
COND8: "GT"      is cnd8=0xfc    { }
COND8: "NO"      is cnd8=0xfd    { }
COND8: "LT"      is cnd8=0xfe    { }

COND4: "GEU/C"   is cnd8_11=0x00 { }
COND4: "GTU"     is cnd8_11=0x01 { }
COND4: "EQ/Z"    is cnd8_11=0x02 { }
COND4: "N"       is cnd8_11=0x03 { }
COND4: "LTU/NC"  is cnd8_11=0x04 { }
COND4: "LEU"     is cnd8_11=0x05 { }
COND4: "NE/NZ"   is cnd8_11=0x06 { }
COND4: "PZ"      is cnd8_11=0x07 { }
COND4: "LE"      is cnd8_11=0x08 { }
COND4: "O"       is cnd8_11=0x09 { }
COND4: "GE"      is cnd8_11=0x0A { }
COND4: "GT"      is cnd8_11=0x0B { }
COND4: "NO"      is cnd8_11=0x0C { }
COND4: "LT"      is cnd8_11=0x0D { }

COND3: "GEU/C"   is cnd0_2=0x00  { }
COND3: "GTU"     is cnd0_2=0x01  { }
COND3: "EQ/Z"    is cnd0_2=0x02  { }
COND3: "N"       is cnd0_2=0x03  { }
COND3: "LTU/NC"  is cnd0_2=0x04  { }
COND3: "LEU"     is cnd0_2=0x05  { }
COND3: "NE/NZ"   is cnd0_2=0x06  { }
COND3: "PZ"      is cnd0_2=0x07  { }


# TODO: Figure out how to swap stack pointers
#SP: USP  is SPval = 1 & USP { export USP; }
#
#SP: ISP  is SPval = 0 & ISP { export ISP; }

attach variables [ldc12_14] [_ INTBL INTBH FLAG ISP SP SB FB];

:ABS.b d_eab          is op1_7=0x3b & size0=0 & op12_15=0xf & dest8_11; d_eab {
}

:ABS.w d_eaw          is op1_7=0x3b & size0=1 & op12_15=0xf & dest8_11; d_eaw {
}

:ADC.b imm8,d_eab     is op1_7=0x3b & size0=0 & op12_15=0x6 & dest8_11; d_eab; imm8 {
}

:ADC.w imm16,d_eaw    is op1_7=0x3b & size0=1 & op12_15=0x6 & dest8_11; d_eaw; imm16 {
}

:ADC.b s_eab,d_eab    is op1_7=0x58 & size0=0; s_eab; d_eab {
}

:ADC.w s_eaw,d_eaw    is op1_7=0x58 & size0=1; s_eaw; d_eaw {
}

:ADCF.b d_eab         is op1_7=0x3b & size0=0 & op12_15=0xe; d_eab {
}

:ADCF.w d_eaw         is op1_7=0x3b & size0=1 & op12_15=0xe; d_eaw {
}

:ADD.b imm8,d_eab     is op1_7=0x3b & size0=0 & op12_15=0x04; d_eab; imm8 {
}

:ADD.w imm16,d_eaw    is op1_7=0x3b & size0=1 & op12_15=0x04; d_eaw; imm16 {
}

:ADD.b imm12_15,d_eab is op1_7=0x64 & size0=0 & imm12_15; d_eab {
}

:ADD.w imm12_15,d_eaw is op1_7=0x64 & size0=1 & imm12_15; d_eaw {
}

:ADD.b imm8,s_d_eab   is (op=0x10 ); imm8; s_d_eab {
}

:ADD.b s_eab,d_eab    is op1_7=0x50 & size0=0 ; s_eab ; d_eab {
}

:ADD.w s_eaw,d_eaw    is op1_7=0x50 & size0=1; s_eaw ; d_eaw {
}

:ADD.b SRC2, dest1    is op=0x04 & dest1 & src2; SRC2 {
}

:ADD.b imm8, SP       is op1_7=0x3E & size0=0 & op12_15=0xE & op8_11=0x0b & SP; imm8 {
}

:ADD.w imm16, SP      is op1_7=0x3E & size0=1 & op12_15=0xE & op8_11=0x0b &SP ; imm16 {
}

:ADD imm8_11,SP       is op1_7=0x3E & size0 & op12_15=0xb & imm8_11 & SP {
}

:ADJNZ.b imm12_15,d_eab  is op1_7=0x7c & size0=0 & imm12_15; d_eab; dsp8 {
}

:ADJNZ.b imm12_15,d_eaw  is op1_7=0x7c & size0=1 & imm12_15; d_eaw; dsp8 {
}

:AND.b imm8,d_eab     is op1_7=0x3b & size0=0 & op12_15=0x2; d_eab; imm8 {
}

:AND.w imm16,d_eaw    is op1_7=0x3b & size0=1 & op12_15=0x2; d_eaw; imm16 {
}

:AND.b s_eab,d_eab    is op1_7=0x48 & size0=0; s_eab; d_eab {
}

:AND.b s_eaw,d_eaw    is op1_7=0x48 & size0=1; s_eaw; d_eaw {
}

:AND.b SRC2, dest1    is op=0x2 & dest1 & src2 ; SRC2 {
}

:BAND d_eaw           is op1_7=0x3f &size0=0 & op12_15=0x4; d_eaw {
}

:BCLR d_eaw           is op1_7=0x3f &size0=0 &op12_15=0x8; d_eaw {
}

:BCLR bit0_2, SB[dsp8]    is op=0x8 & bit0_2 & SB;dsp8 {
}

:BM^COND8 d_eaw       is op1_7=0x3F & size0=0 & op12_15=0x2; d_eaw; COND8 {
}

:BM^COND4 "C"         is op1_7=0x3E & size0=1 &op12_15=0xD & COND4 {
}

:BNAND d_eaw          is op1_7=0x3F & size0=0 & op12_15=0x05; d_eaw {
}

:BNOR d_eaw           is op1_7=0x3F & size0=0 & op12_15=0x07; d_eaw {
}

:BNOT d_eaw           is op1_7=0x3F & size0=0 & op12_15=0x0A; d_eaw {
}

:BNOT bit0_2, SB[dsp8]    is op=0x0A & bit0_2 & SB; dsp8 {
}

:BNTST d_eaw          is op1_7=0x3F & size0=0 & op12_15=0x03; d_eaw {
}

:BNXOR  d_eaw         is op1_7=0x3F & size0=0 & op12_15=0x0D; d_eaw {
}

:BOR d_eaw            is op1_7=0x3F & size0=0 & op12_15=0x06; d_eaw {
}

:BRK                  is ops0_7=0 {
}

:BSET d_eaw           is op1_7=0x3F & size0=0 & op12_15=0x09; d_eaw {
}

:BSET bit0_2, SB[dsp8]    is op=0x09 & bit0_2 &SB; dsp8 {
}

:BTST  d_eaw          is op1_7=0x3F & size0=0 & op12_15=0x0B; d_eaw {
}

:BTST bit0_2, SB[dsp8]      is op=0x0B & bit0_2 & SB; dsp8 {
}

:BTSTC d_eaw          is op1_7=0x3F & size0=0 & op12_15=0x00; d_eaw {
}

:BTSTS d_eaw          is op1_7=0x3F & size0=0 & op12_15=0x01; d_eaw {
}

:BXOR d_eaw           is op1_7=0x3F & size0=0 & op12_15=0x0C; d_eaw {
}

:CMP.b imm8, d_eab    is op1_7=0x3B & size0=0 & op12_15=0x08; d_eab; imm8 {
}

:CMP.w imm16,d_eaw    is op1_7=0x3B & size0=1 & op12_15=0x08; d_eaw; imm16 {
}

:CMP.b imm12_15, d_eab is op1_7=0x68 & size0=0 & imm12_15; d_eab {
}

:CMP.w imm12_15, d_eaw is op1_7=0x68 & size0=1 & imm12_15; d_eaw {
}

:CMP.b imm8, d_d_eab  is op=0x1C & dest3; imm8; d_d_eab {
}

:CMP.b s_eab, d_eab   is op1_7=0x60 & size0=0 & src12_15 & dest8_11; s_eab; d_eab {
} 

:CMP.w s_eaw, d_eaw   is op1_7=0x60 & size0=1 & src12_15 & dest8_11; s_eaw; d_eaw {
} 

:CMP.B SRC2, dest1    is op=0x07 & dest1 & src2; SRC2 {
}

:DADC.b imm8,R0L      is op0_15=0x7CEE &R0L; imm8 {
}

:DADC.w imm16,R0      is op0_15=0x7DEE &R0; imm16 {
}

:DADC.b R0H,R0L       is op0_15=0x7CE6 & R0H &R0L {
}

:DADC.b R1,R0         is op0_15=0x7DE6 & R1 &R0 {
}

:DADD.b imm8, R0L     is op0_15=0x7CEC & R0L; imm8 {
}

:DADD.w imm16,R0      is op0_15=0x7DEC & R0; imm16 {
}

:DADD.b R0H, R0L      is op0_15=0x7CE4 & R0L & R0H {
}

:DADD.w R1, R0        is op0_15=0x7DE4 & R1 & R0 {
}

:DEC.b d_d_eab        is op=0x15 & dest3; d_d_eab {
}

:DEC.w dest_a0_a1     is op4_7=0xF & dest_a0_a1 & bit0_2=0x2 {
}

:DIV.b imm8           is op1_7=0x3e & size0=0 & op8_15=0xe1; imm8 {
}

:DIV.b imm16          is op1_7=0x3e & size0=1 & op8_15=0xe1; imm16 {
}

:DIV.b d_eab          is op1_7=0x3B & size0=0 & op12_15=0xD & dest8_11; d_eab {
}

:DIV.w d_eaw          is op1_7=0x3B & size0=1 & op12_15=0xD & dest8_11; d_eaw {
}

:DIVU.b imm8          is op1_7=0x3e & size0=0 & op8_15=0xe0; imm8 {
}

:DIVU.b imm16         is op1_7=0x3e & size0=1 & op8_15=0xe0; imm16 {
}

:DIVU.b d_eab         is op1_7=0x3B & size0=0 & op12_15=0xC & dest8_11; d_eab {
}

:DIVU.w d_eaw         is op1_7=0x3B & size0=1 & op12_15=0xC & dest8_11; d_eaw {
}

:DIVX.b imm8          is op1_7=0x3e & size0=0 & op8_15=0xe3; imm8 {
}

:DIVX.b imm16         is op1_7=0x3e & size0=1 & op8_15=0xe3; imm16 {
}

:DIVX.b d_eab         is op1_7=0x3B & size0=0 & op12_15=0x9 & dest8_11; d_eab {
}

:DIVX.w d_eaw         is op1_7=0x3B & size0=1 & op12_15=0x9 & dest8_11; d_eaw {
}

:DSBB.b imm8, R0L     is op0_15=0x7CEF & R0L; imm8 {
}

:DSBB.w imm16, R0     is op0_15=0x7DEF & R0; imm16 {
}

:DSBB.b R0H, R0L      is op0_15=0x7CE7 & R0H & R0L {
}

:DSBB.w R1, R0        is op0_15=0x7DE7 & R1 & R0 {
}

:DSUB.b imm8, R0L     is op0_15=0x7CED & R0L; imm8 {
}

:DSUB.w imm16, R0     is op0_15=0x7DED & R0; imm16 {
}

:DSUB.b R0H, R0L      is op0_15=0x7CE5 & R0H &R0L {
}

:DSUB.w R1, R0        is op0_15=0x7DE5 & R1 & R0 {
}

:ENTER imm8           is op0_15=0x7CF2; imm8 {
}

:EXITD                is op0_15=0x7DF2 {
}

:EXTS.b d_eab         is op0_7=0x7C & op12_15=0x06 & dest8_11; d_eab {
}

:EXTS.w R0            is op0_15=0x7CF3 & R0 {
}

:FCLR flg12_14        is op0_7=0xEB & op8_11=0x05 & bit15=0 & flg12_14 {
}

:FSET flg12_14        is op0_7=0xEB & op8_11=0x04 & bit15=0 & flg12_14 {
}

:INC.b d_d_eab        is op=0x14 & dest3; d_d_eab {
}

:INC.w dest_a0_a1     is op4_7=0x0B & dest_a0_a1  & bit0_2=0x02 {
}

:INT imm8             is op0_7=0xEB; imm8 {
}

:INTO                 is op0_7=0xF6 {
}

:J^COND3              is op=0x0D & cnd0_2; COND3 {
}

:J^COND4              is op0_7=0x7D & op12_15=0x0C & cnd8_11; COND4 {
}

:JMP.s dsp0_2         is op=0x0C & dsp0_2 {
}

:JMP.b dsp8           is op0_7=0xFE; dsp8 {
}

:JMP.w dsp16          is op0_7=0xF4; dsp16 {
}

:JMP.A abs20          is op0_7=0xFC; abs20 {
}

:JMPI.w j_eaw         is op0_7=0x7D & op12_15=0x02 & dest8_11; j_eaw {
}

:JMPI.a j_eaw         is op0_7=0x7D & op12_15=0x00 & dest8_11; j_eaw {
}

:JMPS imm8            is op0_7=0xEE; imm8 {
}

:JSR.w dsp16          is op0_7=0xF5; dsp16 {
}

:JSR.a abs20          is op0_7=0xFD; abs20 {
}

:JSRI.w j_eaw         is op0_7=0x7D & op12_15=0x03 & dest8_11; j_eaw {
}

:JSRI.a j_eaw         is op0_7=0x7D & op12_15=0x01 & dest8_11; j_eaw {
}

:JSRS imm8            is op0_7=0xEF; imm8 {
}

:LDC imm16            is op0_7=0xEB & op8_11=0x00 & ldc12_14; imm16 {
}

4 replies

GhidorahRex Dec 13, 2022
Collaborator

One trick I learned is to spec out the jumps/calls/branches first. It helps you proof the code if you have a binary. I know there are toolchains (I think llvm?) for the M16C, so you should be able to compile some test code.

Regarding the stack pointer(s). Ghidra currently only supports a single stack pointer. We almost never worry about modeling the interrupt stack pointer, since interrupt code is usually small enough. If it is important to model, you should create a fake SP register that acts as the stack pointer. Pushes and pops to the stack act on that pointer. If you ever need to write to the stack pointer specifically through a move or similar instruction, you would handle that via the real USP or ISP and copy the value to the SP register.

silverchris Dec 14, 2022
Author

Ohh, that's useful to know about the stack pointer. Hopefully I don't have to worry about it.

Did run into an issue that I can't seem to figure out.

How do I add a token by that is added by a subtable, when I need to add another token before it?

e.g. this, but I need to swap around the token that d_d_eab will add so it's at the end?

:MOV.b imm8, d_d_eab   is op=0x18 ... & d_d_eab ; imm8 {
}

GhidorahRex Dec 15, 2022
Collaborator

That would be trickier, since d_d_eab needs to know how large the immediate value is (really, whether it's present or not. I can't think of a good way to do that. Right now, I think you would need to split the d_d_eab subconstructor into two different ones, depending on whether an immediate is present or not. I'll think about it some more.

silverchris Dec 17, 2022
Author

I should really get around to setting up a proper repo for this.
Here is where I am at so far.

# sleigh specification file for Skeleton Processor
#   >> see docs/languages/sleigh.htm or sleigh.pdf for Sleigh syntax
# Other language modules (see Ghidra/Processors) may provide better examples
# when crd_eating a new language module.

define endian=little;

define alignment=1;

define space ram type=ram_space size=3 default;
define space register type=register_space size=1;

define register offset=0x00 size=3 [ PC _ INTB  SP];
define register offset=0x05 size=2 [ INTBH INTBL];

define register offset=0x08 size=2 [ R0 R2 R1 R3 A0 A1 FB USP ISP SB FLAG];
define register offset=0x08 size=4 [ R2R0 R3R1 A1A0];
define register offset=0x08 size=1 [ R0H R0L _ _ R1H R1L _ _ ];

define register offset=0x30 size=4 [statusreg];
define register offset=0x34 size=1 [Cflg Dflg Zflg Sflg Bflg Oflg Iflg Uflg IPLflg];

#
#@define C_flag "FLAG[0,1]"		#CARY
#@define D_flag "FLAG[1,1]"		# Debug
#@define Z_FLAG "FLAG[2,1]"	# Zero
#@define S_flag "FLAG[3,1]"		# Sign
#@define B_flag "FLAG[4,1]"		# Register Bank Select
#@define O_flag "FLAG[5,1]"		# Overflow
#@define I_flag "FLAG[6,1]"		# Interrupt Enable
#@define U_flag "FLAG[7,1]"      # Stack Pointer Select
#@define IPL_flag "FLAG[12,3]"   # Interrupt priority Level
#@define C_flag "Cflg"		#CARY
#@define D_flag "Dflg"		# Debug
#@define Z_FLAG "Zflg"	# Zero
#@define S_flag "Sflg"		# Sign
#@define B_flag "Bflg"		# Register Bank Select
#@define O_flag "Oflg"		# Overflow
#@define I_flag "Iflg"		# Interrupt Enable
#@define U_flag "Uflg"      # Stack Pointer Select
#@define IPL_flag "IPLflg"   # Interrupt priority Level
define token operand_g (16)
	size0     = ( 0, 0)
	op1_7     = ( 1, 7)
	op0_7     = ( 0, 7)
	destmode  = ( 8,11)
	dest8_11  = ( 8,11)
	dest8_11b = ( 8,11)
	op8_11    = ( 8,11)
	imm8_11   = ( 8,11)
	cnd8_11   = ( 8,11)
	op12_15   = (12,15)
	srcmode   = (12,15)
	src12_15  = (12,15)
	src12_15b = (12,15)
	imm12_15  = (12,15)
	op0_15    = ( 0,15)
	op8_15    = ( 8,15)
	bit15     = (15,15)
	flg12_14  = (12,14)
	ldc12_14  = (12,14)
	bit11     = (11,11)
	imm8_10   = ( 8,10)
	dest12_14 = (12,14)
;

define token operand_s (8)
	op            = (3,7)
	op4_7         = (4,7)
	dest0_2       = (0,2)
	dest2_2       = (2,2)
	dest2_a0_a1   = (2,2)
	src2          = (0,1)
	bit0_2        = (0,2)
	ops0_7        = (0,7)
	dest_a0_a1    = (3,3)
	dest3_r0l_r0h = (3,3)
	cnd0_2        = (0,2)
	dsp0_2        = (0,2)
	dest0_1       = (0,1)
;

define token data8 (8)
	dsp8 = (0,7) signed
	imm8 = (0,7)
	cnd8 = (0,7)
;

define token data16 (16)
	dsp16 = (0,15) signed
	abs16 = (0,15)
	imm16 = (0,15)
;

define token data32 (24)
	abs20 = (0,19)
	dsp20 = (0,19)
;

define token operand_s_imm8 (16)
	op3_7_imm8   = (3, 7)
	dest0_2_imm8 = (0, 2)
	imm8_15      = (8,15)
;

attach variables [dest8_11 src12_15] [R0 R1 R2 R3 A0 A1 A0 A1 A0 A1 SB FB A0 A1 SB _ ];
attach variables [dest2_2] [R0L R0H];
attach variables [dest3_r0l_r0h] [R0L R0H];
attach variables [dest_a0_a1 dest2_a0_a1] [A0 A1];
attach variables [flg12_14] [Cflg Dflg Zflg Sflg Bflg Oflg Iflg Uflg];
attach variables [dest12_14] [R0 R1 R2 R3 A0 A1 _ _];

#attach variables [dest8_11b src12_15b] [R0L R0H R1L R1H];
attach values [imm8_11 imm12_15] [0 1 2 3 4 5 6 7 -8 -7 -6 -5 -4 -3 -2 -1];

attach variables [ldc12_14] [_ INTBL INTBH FLAG ISP USP SB FB];

_addr: dest8_11[dsp8]   is destmode=8 & dest8_11; dsp8   { local temp = dest8_11 + dsp8; export temp; }
_addr: dest8_11[dsp8]   is destmode=9 & dest8_11; dsp8   { local temp = dest8_11 + dsp8; export temp; } 
_addr: dest8_11[dsp8]   is destmode=10 & dest8_11; dsp8  { local temp = dest8_11 + dsp8; export temp; } 
_addr: dest8_11[dsp8]   is destmode=11 & dest8_11 ; dsp8 { local temp = dest8_11 + dsp8; export temp; } 
_addr: dest8_11[dsp20]  is destmode=12 & dest8_11; dsp20 { local temp = dest8_11 + dsp20; export temp; } 
_addr: dest8_11[dsp20]  is destmode=13 & dest8_11; dsp20 { local temp = dest8_11 + dsp20; export temp; } 
_addr: dest8_11[dsp16]  is destmode=14 & dest8_11; dsp16 { local temp = dest8_11 + dsp16; export temp; } 
_addr: abs16            is destmode=15; abs16            { export abs16; }

j_eaw: dest8_11         is destmode=0 & dest8_11         { export dest8_11; }
j_eaw: dest8_11         is destmode=1 & dest8_11         { export dest8_11; }
j_eaw: dest8_11         is destmode=2 & dest8_11         { export dest8_11; }
j_eaw: dest8_11         is destmode=3 & dest8_11         { export dest8_11; }
j_eaw: dest8_11         is destmode=4 & dest8_11         { export dest8_11; }
j_eaw: dest8_11         is destmode=5 & dest8_11         { export dest8_11; }
j_eaw: dest8_11         is destmode=6 & dest8_11         { export *dest8_11; }
j_eaw: dest8_11         is destmode=7 & dest8_11         { export *dest8_11; }
j_eaw: dest8_11[dsp8]   is destmode=8 & dest8_11; dsp8   { local temp = dest8_11 + dsp8; export *temp; }
j_eaw: dest8_11[dsp8]   is destmode=9 & dest8_11; dsp8   { local temp = dest8_11 + dsp8; export *temp; } 
j_eaw: dest8_11[dsp8]   is destmode=10 & dest8_11; dsp8  { local temp = dest8_11 + dsp8; export *temp; } 
j_eaw: dest8_11[dsp8]   is destmode=11 & dest8_11 ; dsp8 { local temp = dest8_11 + dsp8; export *temp; } 
j_eaw: dest8_11[dsp20]  is destmode=12 & dest8_11; dsp20 { local temp = dest8_11 + dsp20; export *temp; } 
j_eaw: dest8_11[dsp20]  is destmode=13 & dest8_11; dsp20 { local temp = dest8_11 + dsp20; export *temp; } 
j_eaw: dest8_11[dsp16]  is destmode=14 & dest8_11; dsp16 { local temp = dest8_11 + dsp16; export *temp; } 
j_eaw: abs16            is destmode=15; abs16            { export *abs16; }

d_eaw: dest8_11         is destmode=0 & dest8_11         { export dest8_11; }
d_eaw: dest8_11         is destmode=1 & dest8_11         { export dest8_11; }
d_eaw: dest8_11         is destmode=2 & dest8_11         { export dest8_11; }
d_eaw: dest8_11         is destmode=3 & dest8_11         { export dest8_11; }
d_eaw: dest8_11         is destmode=4 & dest8_11         { export dest8_11; }
d_eaw: dest8_11         is destmode=5 & dest8_11         { export dest8_11; }
d_eaw: dest8_11         is destmode=6 & dest8_11         { export *dest8_11; }
d_eaw: dest8_11         is destmode=7 & dest8_11         { export *dest8_11; }
d_eaw: dest8_11[dsp8]   is destmode=8 & dest8_11; dsp8   { local temp = dest8_11 + dsp8; export *temp; }
d_eaw: dest8_11[dsp8]   is destmode=9 & dest8_11; dsp8   { local temp = dest8_11 + dsp8; export *temp; } 
d_eaw: dest8_11[dsp8]   is destmode=10 & dest8_11; dsp8  { local temp = dest8_11 + dsp8; export *temp; } 
d_eaw: dest8_11[dsp8]   is destmode=11 & dest8_11 ; dsp8 { local temp = dest8_11 + dsp8; export *temp; } 
d_eaw: dest8_11[dsp16]  is destmode=12 & dest8_11; dsp16 { local temp = dest8_11 + dsp16; export *temp; } 
d_eaw: dest8_11[dsp16]  is destmode=13 & dest8_11; dsp16 { local temp = dest8_11 + dsp16; export *temp; } 
d_eaw: dest8_11[dsp16]  is destmode=14 & dest8_11; dsp16 { local temp = dest8_11 + dsp16; export *temp; } 
d_eaw: abs16            is destmode=15; abs16            { export *abs16; }

d_eab: R0L              is dest8_11=0 & R0L              { export R0L; }
d_eab: R0H              is dest8_11=1 & R0H              { export R0H; }
d_eab: R1L              is dest8_11=2 & R1L              { export R1L; }
d_eab: R1H              is dest8_11=3 & R1H              { export R1H; }
d_eab: dest8_11         is dest8_11 & dest8_11=4         { local temp = dest8_11:1; export temp; }
d_eab: dest8_11         is dest8_11 & dest8_11=5         { local temp = dest8_11:1; export temp; }
d_eab: dest8_11         is dest8_11 & dest8_11=6         { local temp = dest8_11; export *temp; }
d_eab: dest8_11         is dest8_11 & dest8_11=7         { local temp = dest8_11; export *temp; }
d_eab: dest8_11[dsp8]   is dest8_11 & dest8_11=8; dsp8   { local temp = (dest8_11 + dsp8); export *temp; }
d_eab: dest8_11[dsp8]   is dest8_11 & dest8_11=9; dsp8   { local temp = (dest8_11 + dsp8); export *temp; }
d_eab: dest8_11[dsp8]   is dest8_11 & dest8_11=10; dsp8  { local temp = (dest8_11 + dsp8); export *temp; }
d_eab: dest8_11[dsp8]   is dest8_11 & dest8_11=11 ; dsp8 { local temp = (dest8_11 + dsp8); export *temp; }
d_eab: dest8_11[dsp16]  is dest8_11 & dest8_11=12; dsp16 { local temp = (dest8_11 + dsp16); export *temp; }
d_eab: dest8_11[dsp16]  is dest8_11 & dest8_11=13; dsp16 { local temp = (dest8_11 + dsp16); export *temp; }
d_eab: dest8_11[dsp16]  is dest8_11 & dest8_11=14; dsp16 { local temp = (dest8_11 + dsp16); export *temp; }
d_eab: abs16            is dest8_11=15 & dest8_11; abs16 { local temp = (abs16:2); export *temp; }

s_eaw: src12_15         is srcmode=0 & src12_15         { export src12_15; }
s_eaw: src12_15         is srcmode=1 & src12_15         { export src12_15; }
s_eaw: src12_15         is srcmode=2 & src12_15         { export src12_15; }
s_eaw: src12_15         is srcmode=3 & src12_15         { export src12_15; }
s_eaw: src12_15         is srcmode=4 & src12_15         { export src12_15; }
s_eaw: src12_15         is srcmode=5 & src12_15         { export src12_15; }
s_eaw: src12_15         is srcmode=6 & src12_15         { export src12_15; }
s_eaw: src12_15         is srcmode=7 & src12_15         { export src12_15; }
s_eaw: src12_15[dsp8]   is srcmode=8 & src12_15; dsp8   { local temp = src12_15 + dsp8; export *temp; }
s_eaw: src12_15[dsp8]   is srcmode=9 & src12_15; dsp8   { local temp = src12_15 + dsp8; export *temp; } 
s_eaw: src12_15[dsp8]   is srcmode=10 & src12_15; dsp8  { local temp = src12_15 + dsp8; export *temp; } 
s_eaw: src12_15[dsp8]   is srcmode=11 & src12_15 ; dsp8 { local temp = src12_15 + dsp8; export *temp; } 
s_eaw: src12_15[dsp16]  is srcmode=12 & src12_15; dsp16 { local temp = src12_15 + dsp16; export *temp; } 
s_eaw: src12_15[dsp16]  is srcmode=13 & src12_15; dsp16 { local temp = src12_15 + dsp16; export *temp; } 
s_eaw: src12_15[dsp16]  is srcmode=14 & src12_15; dsp16 { local temp = src12_15 + dsp16; export *temp; } 
s_eaw: abs16            is srcmode=15; abs16            { export *abs16; }

s_eab: R0L       is srcmode=0 & R0L                                                   { export R0L; }
s_eab: R0H       is srcmode=1 & R0H                                                   { export R0H; }
s_eab: R1L       is srcmode=2 & R1L                                                   { export R1L; }
s_eab: R1H       is srcmode=3 & R1H                                                   { export R1H; }
s_eab: src12_15  is srcmode=4 & src12_15                                              { local temp = src12_15:1; export temp; }
s_eab: src12_15  is srcmode=5 & src12_15                                              { local temp = src12_15:1; export temp; }
s_eab: src12_15  is srcmode=6 & src12_15                                              { local temp = src12_15; export *:1 temp; }
s_eab: src12_15  is srcmode=7 & src12_15                                              { local temp = src12_15; export *:1 temp; }
s_eab: addr      is srcmode=8 & src12_15; dsp8 [addr = (src12_15 + (dsp8))&0xFFFF;]    { export *:1 addr; }
s_eab: addr      is srcmode=9 & src12_15; dsp8 [addr = (src12_15 + (dsp8))&0xFFFF;]    { export *:1 addr; }
s_eab: addr      is srcmode=10 & src12_15; dsp8 [addr = (src12_15 + (dsp8))&0xFFFF;]   { export *:1 addr; }
s_eab: addr      is srcmode=11 & src12_15; dsp8 [addr = (src12_15 + (dsp8))&0xFFFF;]   { export *:1 addr; }
s_eab: addr      is srcmode=12 & src12_15; dsp16 [addr = (src12_15 + (dsp16))&0xFFFF;] { export *:1 addr; }
s_eab: addr      is srcmode=13 & src12_15; dsp16 [addr = (src12_15 + (dsp16))&0xFFFF;] { export *:1 addr; }
s_eab: addr      is srcmode=14 & src12_15; dsp16 [addr = (src12_15 + (dsp16))&0xFFFF;] { export *:1 addr; }
s_eab: abs16     is srcmode=15; abs16                                                 { local temp = (abs16:2); export *temp; }

s_d_eab: R0H       is dest0_2=3 & R0H     { export R0H; }
s_d_eab: R0L       is dest0_2=4 & R0L     { export R0L; }
s_d_eab: SB[dsp8]  is dest0_2=5 & SB;dsp8 { local temp = (SB+dsp8); export *temp; }
s_d_eab: FB[dsp8]  is dest0_2=6 & FB;dsp8 { local temp = (FB+dsp8); export *temp; }
s_d_eab: abs16     is dest0_2=7; abs16    { local temp = (abs16:2); export *temp; }

SRC2: R0L       is src2=0x00 & dest2_2=1 & R0L { export R0L; }
SRC2: R0H       is src2=0x00 & dest2_2=0 & R0H { export R0H; }
SRC2: SB[dsp8]  is src2=1 & SB; dsp8           { local temp = (SB + dsp8); export *temp; }
SRC2: FB[dsp8]  is src2=2  & FB; dsp8          { local temp = (FB + dsp8); export *temp; }
SRC2: abs16     is src2=3; abs16               { export *abs16; }

d_d_eab: R0H       is R0H & dest0_2=3     { export R0L; }
d_d_eab: R0L       is R0L & dest0_2=4     { export R0H; }
d_d_eab: SB[dsp8]  is SB & dest0_2=5;dsp8 { local temp = (SB +dsp8); export *temp; }
d_d_eab: FB[dsp8]  is FB & dest0_2=6;dsp8 { local temp = (FB + dsp8); export *temp; }
d_d_eab: [abs16]   is dest0_2=7;abs16     { export *abs16; }

d_imm: R0H       is R0H & dest0_2_imm8=3     { export R0L; }
d_imm: R0L       is R0L & dest0_2_imm8=4     { export R0H; }
d_imm: SB[dsp8]  is SB & dest0_2_imm8=5;dsp8 { local temp = (SB +dsp8); export *temp; }
d_imm: FB[dsp8]  is FB & dest0_2_imm8=6;dsp8 { local temp = (FB + dsp8); export *temp; }
d_imm: [abs16]   is dest0_2_imm8=7;abs16     { export *abs16; }

# TODO: Not sure how the first 6 modes work
d_bit: dsp8, dest8_11  is destmode=0 & dest8_11; dsp8                                                               { export dest8_11; }
d_bit: dsp8, dest8_11  is destmode=1 & dest8_11; dsp8                                                               { export dest8_11; }
d_bit: dsp8, dest8_11  is destmode=2 & dest8_11; dsp8                                                               { export dest8_11; }
d_bit: dsp8, dest8_11  is destmode=3 & dest8_11; dsp8                                                               { export dest8_11; }
d_bit: dsp8, dest8_11  is destmode=4 & dest8_11; dsp8                                                               { export dest8_11; }
d_bit: dsp8, dest8_11  is destmode=5 & dest8_11; dsp8                                                               { export dest8_11; }
d_bit: bit, addr       is destmode=6 & dest8_11         [addr=dest8_11/8; bit=dest8_11-(addr*8);]                            { export dest8_11; }
d_bit: bit, addr       is destmode=7 & dest8_11         [addr=dest8_11/8; bit=dest8_11-(addr*8);]                            { export dest8_11; }
d_bit: bit, addr       is destmode=8 & dest8_11; dsp8   [addr= dest8_11+(dsp8/8); bit=(dest8_11*8)+dsp8-(addr*8);]     { local temp = dest8_11 + dsp8; export temp; }
d_bit: bit, addr       is destmode=9 & dest8_11; dsp8   [addr= dest8_11+(dsp8/8); bit=(dest8_11*8)+dsp8-(addr*8);]     { local temp = dest8_11 + dsp8; export temp; } 
d_bit: bit, addr       is destmode=10 & dest8_11; dsp8  [addr= dest8_11+(dsp8/8); bit=(dest8_11*8)+dsp8-(addr*8);]    { local temp = dest8_11 + dsp8; export temp; } 
d_bit: bit, addr       is destmode=11 & dest8_11; dsp8  [addr= dest8_11+(dsp8/8); bit=(dest8_11*8)+dsp8-(addr*8);]    { local temp = dest8_11 + dsp8; export temp; } 
d_bit: bit, addr       is destmode=12 & dest8_11; dsp16 [addr= dest8_11+(dsp16/8); bit=(dest8_11*8)+dsp16-(addr*8);] { local temp = dest8_11 + dsp16; export temp; } 
d_bit: bit, addr       is destmode=13 & dest8_11; dsp16 [addr= dest8_11+(dsp16/8); bit=(dest8_11*8)+dsp16-(addr*8);] { local temp = dest8_11 + dsp16; export temp; } 
d_bit: bit, addr       is destmode=14 & dest8_11; dsp16 [addr= dest8_11+(dsp16/8); bit=(dest8_11*8)+dsp16-(addr*8);] { local temp = dest8_11 + dsp16; export temp; } 
d_bit: bit, addr       is destmode=15; abs16            [addr=abs16/8; bit=abs16-(addr*8);]                                     { export abs16; }

COND8: "GEU/C"   is cnd8=0x00    { }
COND8: "GTU"     is cnd8=0x01    { }
COND8: "EQ/Z"    is cnd8=0x02    { }
COND8: "N"       is cnd8=0x03    { }
COND8: "LE"      is cnd8=0x04    { }
COND8: "O"       is cnd8=0x05    { }
COND8: "GE"      is cnd8=0x06    { }
COND8: "LTU/NC"  is cnd8=0xf8    { }
COND8: "LEU"     is cnd8=0xf9    { }
COND8: "NE/NZ"   is cnd8=0xfa    { }
COND8: "PZ"      is cnd8=0xfb    { }
COND8: "GT"      is cnd8=0xfc    { }
COND8: "NO"      is cnd8=0xfd    { }
COND8: "LT"      is cnd8=0xfe    { }

COND4: "GEU/C"   is cnd8_11=0x00 { }
COND4: "GTU"     is cnd8_11=0x01 { }
COND4: "EQ/Z"    is cnd8_11=0x02 { }
COND4: "N"       is cnd8_11=0x03 { }
COND4: "LTU/NC"  is cnd8_11=0x04 { }
COND4: "LEU"     is cnd8_11=0x05 { }
COND4: "NE/NZ"   is cnd8_11=0x06 { }
COND4: "PZ"      is cnd8_11=0x07 { }
COND4: "LE"      is cnd8_11=0x08 { }
COND4: "O"       is cnd8_11=0x09 { }
COND4: "GE"      is cnd8_11=0x0A { }
COND4: "GT"      is cnd8_11=0x0B { }
COND4: "NO"      is cnd8_11=0x0C { }
COND4: "LT"      is cnd8_11=0x0D { }

COND3: "GEU/C"   is cnd0_2=0x00  { local tmp:1 = Cflg; export tmp; }
COND3: "GTU"     is cnd0_2=0x01  { local tmp:1 = Cflg==!Zflg; export tmp; }
COND3: "EQ/Z"    is cnd0_2=0x02  { local tmp:1 = Zflg; export tmp; }
COND3: "N"       is cnd0_2=0x03  { local tmp:1 = Sflg; export tmp; }
COND3: "LTU/NC"  is cnd0_2=0x04  { local tmp:1 = !Cflg; export tmp; }
COND3: "LEU"     is cnd0_2=0x05  { local tmp:1 = !(Cflg==!Zflg); export tmp; }
COND3: "NE/NZ"   is cnd0_2=0x06  { local tmp:1 = !Zflg; export tmp; }
COND3: "PZ"      is cnd0_2=0x07  { local tmp:1 = !Sflg; export tmp; }

#:ABS.b d_eab           is (op1_7=0x3b & size0=0 & op12_15=0xf) ... & d_eab {
#}
#
#:ABS.w d_eaw           is (op1_7=0x3b & size0=1 & op12_15=0xf) ... & d_eaw {
#}
#
#:ADC.b imm8,d_eab      is (op1_7=0x3b & size0=0 & op12_15=0x6) ... & d_eab; imm8 {
#}
#
#:ADC.w imm16,d_eaw     is (op1_7=0x3b & size0=1 & op12_15=0x6) ... & d_eaw; imm16 {
#}
#
#:ADC.b s_eab,d_eab     is op1_7=0x58 & size0=0; s_eab; d_eab {
#}
#
#:ADC.w s_eaw,d_eaw     is op1_7=0x58 & size0=1; s_eaw; d_eaw {
#}
#
#:ADCF.b d_eab          is (op1_7=0x3b & size0=0 & op12_15=0xe) ... & d_eab {
#}
:ADCF.w d_eaw                     is (op1_7=0x3b & size0=1 & op12_15=0xe) ... & d_eaw {
}

#:ADD.b imm8,d_eab      is (op1_7=0x3b & size0=0 & op12_15=0x04) ...& d_eab; imm8 {
#}
#
#:ADD.w imm16,d_eaw     is (op1_7=0x3b & size0=1 & op12_15=0x04) ... & d_eaw; imm16 {
#}
#
#:ADD.b imm12_15,d_eab  is (op1_7=0x64 & size0=0 & imm12_15) ... & d_eab {
#}

:ADD.w imm12_15,d_eaw             is (op1_7=0x64 & size0=1 & imm12_15) ... & d_eaw {
}

#:ADD.b imm8,s_d_eab    is (op=0x10 ); imm8; s_d_eab {
#}
#
#:ADD.b s_eab,d_eab     is op1_7=0x50 & size0=0 ; s_eab ; d_eab {
#}
#
#:ADD.w s_eaw,d_eaw     is op1_7=0x50 & size0=1; s_eaw ; d_eaw {
#}
#
#:ADD.b SRC2, dest2_2   is (op=0x04 & dest2_2) ... & SRC2 {
#}
#
#:ADD.b imm8, SP        is op1_7=0x3E & size0=0 & op12_15=0xE & op8_11=0x0b & SP; imm8 {
#}
#
#:ADD.w imm16, SP       is op1_7=0x3E & size0=1 & op12_15=0xE & op8_11=0x0b &SP ; imm16 {
#}
#
#:ADD imm8_11,SP        is op1_7=0x3E & size0 & op12_15=0xb & imm8_11 & SP {
#}
#
#:ADJNZ.b imm12_15,d_eab  is (op1_7=0x7c & size0=0 & imm12_15) ... & d_eab; dsp8 {
#}
ADJNZ_DEST: addr  is dsp8 [addr = dsp8 + (inst_start + 2);] {
	export *:3 addr;
}

:ADJNZ.w imm12_15,d_eaw, ADJNZ_DEST  is (op1_7=0x7c & size0=1 & imm12_15) ... & d_eaw; ADJNZ_DEST {
	if((imm12_15+d_eaw) != 0) goto ADJNZ_DEST;
}

#:AND.b imm8,d_eab      is (op1_7=0x3b & size0=0 & op12_15=0x2) ... & d_eab; imm8 {
#}
#
#:AND.w imm16,d_eaw     is (op1_7=0x3b & size0=1 & op12_15=0x2)...& d_eaw; imm16 {
#}
:AND.b imm8_15, d_imm             is (op3_7_imm8=0x12 & imm8_15) ... & d_imm {
}

#:AND.b s_eab,d_eab     is op1_7=0x48 & size0=0; s_eab; d_eab {
#}
#
#:AND.b s_eaw,d_eaw     is op1_7=0x48 & size0=1; s_eaw; d_eaw {
#}
#
#:AND.b SRC2, dest2_2   is (op=0x2 & dest2_2)...& SRC2 {
#}

#:BAND d_eaw            is (op1_7=0x3f &size0=0 & op12_15=0x4) ... & d_eaw {
#}
#
#:BCLR d_eaw            is (op1_7=0x3f &size0=0 &op12_15=0x8) ... & d_eaw {
#}
#
#:BCLR bit0_2, SB[dsp8] is op=0x8 & bit0_2 & SB;dsp8 {
#}
#
#:BM^COND8 d_eaw        is (op1_7=0x3F & size0=0 & op12_15=0x2) ... & d_eaw; COND8 {
#}
#
##:BM^COND4 "C"          is (op1_7=0x3E & size0=1 &op12_15=0xD) ... & COND4 {
##}
#
#:BNAND d_eaw           is (op1_7=0x3F & size0=0 & op12_15=0x05) ... & d_eaw {
#}
#
#:BNOR d_eaw            is (op1_7=0x3F & size0=0 & op12_15=0x07) ... & d_eaw {
#}
#
#:BNOT d_eaw            is (op1_7=0x3F & size0=0 & op12_15=0x0A) ... & d_eaw {
#}
#
#:BNOT bit0_2, SB[dsp8] is op=0x0A & bit0_2 & SB; dsp8 {
#}
#
#:BNTST d_eaw           is (op1_7=0x3F & size0=0 & op12_15=0x03) ... & d_eaw {
#}
#
#:BNXOR  d_eaw          is (op1_7=0x3F & size0=0 & op12_15=0x0D) ... & d_eaw {
#}
#
#:BOR d_eaw             is (op1_7=0x3F & size0=0 & op12_15=0x06) ... & d_eaw {
#}
#
#:BRK                   is ops0_7=0 {
#}

:BSET d_bit                       is (op1_7=0x3F & size0=0 & op12_15=0x09) ...& d_bit {
	local addr:3 = zext(d_bit:2/8);
	local bitmask = (1 << zext(d_bit)-(addr*8));
	local newv =  addr|bitmask;
	*:3 addr = newv;
}

#:BSET bit0_2, SB[dsp8] is op=0x09 & bit0_2 &SB; dsp8 {
#}

:BTST  d_bit                      is (op1_7=0x3F & size0=0 & op12_15=0x0B) ...& d_bit {
}

#:BTST bit0_2, SB[dsp8] is op=0x0B & bit0_2 & SB; dsp8 {
#}

#:BTSTC d_eaw           is (op1_7=0x3F & size0=0 & op12_15=0x00) ...& d_eaw {
#}
#
#:BTSTS d_eaw           is (op1_7=0x3F & size0=0 & op12_15=0x01) ... & d_eaw {
#}
#
#:BXOR d_eaw            is (op1_7=0x3F & size0=0 & op12_15=0x0C) ...& d_eaw {
#}
#
#:CMP.b imm8, d_eab     is (op1_7=0x3B & size0=0 & op12_15=0x08) ... & d_eab; imm8 {
#}
#
#:CMP.w imm16,d_eaw     is (op1_7=0x3B & size0=1 & op12_15=0x08) ... & d_eaw; imm16 {
#}
#
#:CMP.b imm12_15, d_eab is (op1_7=0x68 & size0=0 & imm12_15) ... & d_eab {
#}

:CMP.w imm12_15, d_eaw            is (op1_7=0x68 & size0=1 & imm12_15) ... & d_eaw {
}

   
:CMP.b imm8_15, d_imm             is (op3_7_imm8=0x1C & imm8_15) ... & d_imm {
}

:CMP.b s_eab, d_eab               is (op1_7=0x60 & size0=0) ... & s_eab & d_eab {
} 

#:CMP.w s_eaw, d_eaw    is (op1_7=0x60 & size0=1) ... & s_eaw; d_eaw {
#} 
#
#:CMP.B SRC2, dest2_2   is (op=0x07 & dest2_2) ... & SRC2 {
#}

#:DADC.b imm8,R0L       is op0_15=0x7CEE &R0L; imm8 {
#}
#
#:DADC.w imm16,R0       is op0_15=0x7DEE &R0; imm16 {
#}
#
#:DADC.b R0H,R0L        is op0_15=0x7CE6 & R0H &R0L {
#}
#
#:DADC.b R1,R0          is op0_15=0x7DE6 & R1 &R0 {
#}
#
#:DADD.b imm8, R0L      is op0_15=0x7CEC & R0L; imm8 {
#}
#
#:DADD.w imm16,R0       is op0_15=0x7DEC & R0; imm16 {
#}
#
#:DADD.b R0H, R0L       is op0_15=0x7CE4 & R0L & R0H {
#}
#
#:DADD.w R1, R0         is op0_15=0x7DE4 & R1 & R0 {
#}
#
#:DEC.b d_d_eab         is op=0x15 ... & d_d_eab {
#}
#
#:DEC.w dest_a0_a1      is op4_7=0xF & dest_a0_a1 & bit0_2=0x2 {
#}
#
#:DIV.b imm8            is op1_7=0x3e & size0=0 & op8_15=0xe1; imm8 {
#}
#
#:DIV.b imm16           is op1_7=0x3e & size0=1 & op8_15=0xe1; imm16 {
#}
#
#:DIV.b d_eab           is (op1_7=0x3B & size0=0 & op12_15=0xD) ... & d_eab {
#}
#
#:DIV.w d_eaw           is (op1_7=0x3B & size0=1 & op12_15=0xD) ... & d_eaw {
#}
#
#:DIVU.b imm8           is op1_7=0x3e & size0=0 & op8_15=0xe0; imm8 {
#}
#
#:DIVU.b imm16          is op1_7=0x3e & size0=1 & op8_15=0xe0; imm16 {
#}
#
#:DIVU.b d_eab          is (op1_7=0x3B & size0=0 & op12_15=0xC) ... & d_eab {
#}
#
#:DIVU.w d_eaw          is (op1_7=0x3B & size0=1 & op12_15=0xC) ... & d_eaw {
#}
#
#:DIVX.b imm8           is op1_7=0x3e & size0=0 & op8_15=0xe3; imm8 {
#}
#
#:DIVX.b imm16          is op1_7=0x3e & size0=1 & op8_15=0xe3; imm16 {
#}
#
#:DIVX.b d_eab          is (op1_7=0x3B & size0=0 & op12_15=0x9) ... & d_eab {
#}
#
#:DIVX.w d_eaw          is (op1_7=0x3B & size0=1 & op12_15=0x9) ... & d_eaw {
#}
#
#:DSBB.b imm8, R0L      is op0_15=0x7CEF & R0L; imm8 {
#}
#
#:DSBB.w imm16, R0      is op0_15=0x7DEF & R0; imm16 {
#}
#
#:DSBB.b R0H, R0L       is op0_15=0x7CE7 & R0H & R0L {
#}
#
#:DSBB.w R1, R0         is op0_15=0x7DE7 & R1 & R0 {
#}
#
#:DSUB.b imm8, R0L      is op0_15=0x7CED & R0L; imm8 {
#}
#
#:DSUB.w imm16, R0      is op0_15=0x7DED & R0; imm16 {
#}
#
#:DSUB.b R0H, R0L       is op0_15=0x7CE5 & R0H &R0L {
#}
#
#:DSUB.w R1, R0         is op0_15=0x7DE5 & R1 & R0 {
#}

:ENTER imm8                       is op0_15=0xF27C;imm8 {
	SP = SP +2;
	*:2 SP = FB;
	FB = SP:2;
	SP = SP + imm8;
}

:EXITD                            is op0_15=0xF27D {
	SP = zext(FB);
	FB = *:2 SP;
	SP = SP-2;
	local return_addr:3 = *:2 SP;
	SP = SP-1;
	local pc_h:3 = zext(*:2 SP) << 16;
	return_addr = return_addr & pc_h;
	return [return_addr];
}

#:EXTS.b d_eab          is (op0_7=0x7C & op12_15=0x06) ... & d_eab {
#}
#
#:EXTS.w R0             is op0_15=0x7CF3 & R0 {
#}

:FCLR flg12_14                    is op0_7=0xEB & op8_11=0x05 & bit15=0 & flg12_14 {
}

#:FSET flg12_14         is op0_7=0xEB & op8_11=0x04 & bit15=0 & flg12_14 {
#}

:INC.b d_d_eab                    is op=0x14 ... & d_d_eab {
}

#:INC.w dest_a0_a1      is op4_7=0x0B & dest_a0_a1  & bit0_2=0x02 {
#}
#
#:INT imm8              is op0_7=0xEB; imm8 {
#}
#
#:INTO                  is op0_7=0xF6 {
#}
#
dest: addr  is dsp8 [addr = (inst_start+1)+dsp8;] {
	export *:3 addr;
}

# TODO: Actually evalulate condition
:J^COND3 dest                     is op=0x0D & COND3; dest {
	if (COND3) goto dest;
}

##:J^COND4               is (op0_7=0x7D & op12_15=0x0C) ... & COND4 {
##}
#
#:JMP.s dsp0_2          is op=0x0C & dsp0_2 {
#	local addr:3 = (inst_start+2)+dsp0_2;
#	goto [addr];
#}

:JMP.b addr                       is ops0_7=0xFE; dsp8 [addr = (inst_start+1)+dsp8;] {
	goto [addr:3];
}

#:JMP.w dsp16           is ops0_7=0xF4; dsp16 {
#	local addr:3 = (inst_start+1)+dsp16;
#	goto [addr];
#}

:JMP.A abs20                      is ops0_7=0xFC; abs20 {
	goto [abs20:3];
}

#:JMPI.w j_eaw          is op0_7=0x7D & op12_15=0x02 & dest8_11; j_eaw {
#	local addr:3 = inst_start+sext(j_eaw);
#	goto [addr];
#}
#
#:JMPI.a j_eaw          is op0_7=0x7D & op12_15=0x00 & dest8_11; j_eaw {
#	goto [j_eaw];
#}
#
#:JMPS imm8             is ops0_7=0xEE; imm8 {
#}
#
macro pushPC(addr) {
	local pc_h:1 = addr >> 16;
	local pc_l:2 = addr;
	*:2 SP = pc_h;
	SP = SP+1;
	*:2 SP = pc_l;
	SP = SP+2;
}

:JSR.w addr                       is ops0_7=0xF5; dsp16 [addr = dsp16+inst_start+1;] {
	pushPC(inst_next);
	call [addr:3];
}

:JSR.a abs20                      is ops0_7=0xFD; abs20 {
	pushPC(inst_next);
	call [abs20:3];
}
#
#:JSRI.w j_eaw          is (op0_7=0x7D & op12_15=0x03) ... & j_eaw {
#}
#
#:JSRI.a j_eaw          is (op0_7=0x7D & op12_15=0x01) ... & j_eaw {
#}
#
#:JSRS imm8             is op0_7=0xEF; imm8 {
#}
#
:LDC imm16, ldc12_14              is op0_7=0xEB & op8_11=0x00 & ldc12_14 & bit15=0; imm16 {
	ldc12_14 = imm16;
}

#:LDC d_eaw, ldc12_14   is (op0_7=0x7A & op8_11=0x00 & ldc12_14 & bit15=1) ... & d_eaw {
#	ldc12_14 = d_eaw;
#}
#
#
#:LDCTW abs16, abs20    is op0_15=0x7CF0; abs16; abs20 {
#}
#
#:LDE.b abs20, d_eab    is (op1_7=0x3A & size0=0 & op12_15=0x08) ... & d_eab; abs20 {
#}
#
#:LDE.w abs20, d_eaw    is (op1_7=0x3A & size0=1 & op12_15=0x08) ... & d_eaw; abs20 {
#}

:LDE.b addr, d_eab                is (op1_7=0x3A & size0=0 & op12_15=0x09) ... & d_eab; dsp20 [addr = A0+dsp20;] {
}

#:LDE.w d_eaw, addr     is (op1_7=0x3A & size0=1 & op12_15=0x09) ... & d_eaw; dsp20 [addr = A0+dsp20;] {
#}
#
#:LDE.b A1A0, d_eab     is (op1_7=0x3A & size0=0 & op12_15=0x0A &A1A0) ... & d_eab {
#}
#
#:LDE.w A1A0, d_eaw     is (op1_7=0x3A & size0=1 & op12_15=0x0A &A1A0) ... & d_eaw {
#}
#
#
## TODO LDINTB PDF page 212
##:LDINTB
#
#:LDIPL imm8_10         is op0_7=0x7D & op12_15=0x0A & bit11=0 & imm8_10 {
#}
#
:MOV.b imm8, d_eab                is (op1_7=0x3A & size0=0 & op12_15=0x0C) ... & d_eab; imm8 {
	d_eab = imm8;
}

:MOV.w imm16, d_eaw               is (op1_7=0x3A & size0=1 & op12_15=0x0C) ... & d_eaw; imm16 {
	d_eaw = imm16;
}

:MOV.b imm12_15, d_eab            is (op1_7=0x6C & size0=0 & imm12_15) ... & d_eab {
	d_eab = imm12_15;
}

:MOV.w imm12_15, d_eaw            is (op1_7=0x6C & size0=1 & imm12_15) ... & d_eaw {
	d_eaw = imm12_15;
}

IMM8_15: "#"^imm8_15  is imm8_15 {
	 export *[const]:1 imm8_15;
}

:MOV.b IMM8_15, d_imm             is (op3_7_imm8=0x18 & IMM8_15) ... & d_imm {
	d_imm = IMM8_15;
}

## Size is 1 for byte and 0 for word. Opposite of everything else?
#:MOV.b imm8, dest_a0_a1  is op4_7=0x0E & dest_a0_a1 & bit0_2=0x02; imm8 {
#	dest_a0_a1 = imm8;
#}
#
## Size is 1 for byte and 0 for word. Opposite of everything else?
#:MOV.w imm16, dest_a0_a1  is op4_7=0x0A & dest_a0_a1 & bit0_2=0x02; imm16 {
#	dest_a0_a1 = imm16;
#}

:MOV.b val, d_d_eab               is op=0x16 ... & d_d_eab [val=0;] {
	d_d_eab = 0;
}

:MOV.b s_eab, d_eab               is (op1_7=0x39 & size0=0) ...& s_eab & d_eab {
	d_eab = s_eab;
}

:MOV.w s_eaw, d_eaw               is (op1_7=0x39 & size0=1) ... & s_eaw& d_eaw {
}

#:MOV.b SRC2, dest2_a0_a1  is (op=0x06 & dest2_a0_a1) ... & SRC2 {
##	dest2_a0_a1 = SRC2;
#}

:MOV.b dest2_2,SRC2               is (op=0x00 &dest2_2) ... & SRC2 {
	SRC2 = dest2_2;
}

:MOV.b SRC2, dest2_2              is (op=0x01 &dest2_2) ... & SRC2 {
	dest2_2 = SRC2;
}

:MOV.b addr, d_eab                is (op1_7=0x3A & size0=0 & op12_15=0x0B) ... & d_eab ; dsp8 [addr = SP+dsp8;] {
}

#:MOV.w addr, d_eaw     is (op1_7=0x3A & size0=1 & op12_15=0x0b) ... & d_eaw; dsp8 [addr = SP+dsp8;] {
#}
#
#:MOV.b d_eab, addr     is (op1_7=0x3A & size0=0 & op12_15=0x03) ... & d_eab; dsp8 [addr = SP+dsp8;] {
#}
#
#:MOV.w d_eaw, addr     is (op1_7=0x3A & size0=1 & op12_15=0x03) ... & d_eaw; dsp8 [addr = SP+dsp8;] {
#}
#
#:MOVA d_eaw, dest12_14 is (op0_7=0xEB & bit15=0 & dest12_14) ... & d_eaw {
#}
#
## TODO MOVDIR page 222
##:MOV^DIR
#
#:MUL.b imm8, d_eab     is (op1_7=0x3E & size0=0 & op12_15=0x05) ... & d_eab; imm8 {
#}

:MUL.w imm16, d_eaw               is (op1_7=0x3E & size0=1 & op12_15=0x05) ... & d_eaw; imm16 {
}

#:MUL.b s_eab, d_eab    is op1_7=0x3C & size0=0 & src12_15 & dest8_11; s_eab; d_eab {
#}
#
#:MUL.w s_eaw, d_eaw    is op1_7=0x3C & size0=1 & src12_15 & dest8_11; s_eaw; d_eaw {
#}
#
#:MULU.b imm8, d_eab    is op1_7=0x3E & size0=0 & op12_15=0x04 & dest8_11; d_eab; imm8 {
#}
#
#:MULU.w imm16, d_eaw   is op1_7=0x3E & size0=1 & op12_15=0x04 & dest8_11; d_eaw; imm16 {
#}
#
#:MULU.b s_eab, d_eab   is op1_7=0x38 & size0=0 & src12_15 & dest8_11; s_eab; d_eab {
#}
#
#:MULU.w s_eaw, d_eaw   is op1_7=0x38 & size0=1 & src12_15 & dest8_11; s_eaw; d_eaw {
#}
#
#:NEG.b d_eab           is op1_7=0x3A & size0=0 & op12_15=0x05 & dest8_11; d_eab {
#}
#
#:NEG.w d_eaw           is op1_7=0x3A & size0=1 & op12_15=0x05 & dest8_11; d_eaw {
#}
#
#:NOP                   is op0_7=0x04 {
#}
#
#:NOT.b d_eab           is op1_7=0x3A & size0=0 & op12_15=0x07 & dest8_11; d_eab {
#}
#
#:NOT.w d_eaw           is op1_7=0x3A & size0=1 & op12_15=0x07 & dest8_11; d_eaw {
#}
#
#:NOT.b d_d_eab         is op=0x17 & dest0_2; d_d_eab {
#}
#
#:OR.b imm8, d_eab      is (op1_7=0x3B & size0=0 & op12_15=0x03) ... & d_eab; imm8 {
#}
#
#:OR.w imm16, d_eaw     is (op1_7=0x3B & size0=1 & op12_15=0x03) ... & d_eaw; imm16 {
#}

:OR.b imm8_15, d_imm              is (op3_7_imm8=0x13 & imm8_15) ... & d_imm {
}

#:OR.b s_eab, d_eab     is op1_7=0x4C & size0=0 & src12_15 & dest8_11; s_eab; d_eab {
#}
#
#:OR.w s_eaw, d_eaw     is op1_7=0x4C & size0=1 & src12_15 & dest8_11; s_eaw; d_eaw {
#}
#
#:OR.b SRC2, dest2_a0_a1 is (op=0x03 & dest2_a0_a1) ... & SRC2 {
#}
#
#:POP.b d_eab           is (op1_7=0x3A & size0=0 & op12_15=0x0D) ... & d_eab {
#}
#
#:POP.w d_eaw           is (op1_7=0x3A & size0=1 & op12_15=0x0D) ... & d_eaw {
#}
#
#:POP.b dest3_r0l_r0h   is op4_7=0x09 & dest3_r0l_r0h &bit0_2=0x02 {
#}
#
#:POP.w dest_a0_a1      is op4_7=0x0D & dest_a0_a1 &bit0_2=0x02 {
#}
#
#:POPC ldc12_14         is op0_7=0xEB & ldc12_14 &  op8_11=0x03 {
#}
#
#:POPM                  is op0_7=0xED; dsp8 {
#}
#
#:PUSH.b imm8           is op1_7=0x3E & size0=0 &op8_15=0xE2; imm8 {
#}
#
#:PUSH.w imm16          is op1_7=0x3E & size0=1 &op8_15=0xE2; imm16 {
#}
#
#:PUSH.b d_eab          is (op1_7=0x3A &size0=0 & op12_15=0x04) ... & d_eab {
#}
#
#:PUSH.b d_eaw          is (op1_7=0x3A &size0=1 & op12_15=0x04) ... & d_eaw {
#}
#
#:PUSH.b dest3_r0l_r0h  is op4_7=0x08 & dest3_r0l_r0h & bit0_2=0x02 {
#}
#
#:PUSH.w dest_a0_a1     is op4_7=0x0C & dest_a0_a1 & bit0_2=0x02 {
#}
#
#:PUSHA _addr           is (op0_7=0x7D & op12_15=0x09) ... & _addr {
#}
#
#:PUSHC ldc12_14        is op0_7=0xEB & op8_11=0x02 & ldc12_14 & bit15=0 {
#} 
#
## TODO dsp8 is a placeholder until I figure out how to pack/unpack the flags
#:PUSHM                 is op0_7=0xEC; dsp8 {
#}

:REIT                             is ops0_7=0xFB {
	# TODO Handle flag restoration
	SP = SP-2;
	local return_addr:3 = *:2 SP;
	SP = SP-2;
	local pc_h:3 = zext(*:2 SP) << 16;
	return_addr = return_addr & pc_h;
	return [return_addr];
}

#:RMPA.b                is op1_7=0x3E & size0=0 & op8_15=0xF1 {
#}
#
#:RMPA.w                is op1_7=0x3E & size0=1 & op8_15=0xF1 {
#}
#
#:ROLC.b d_eab          is (op1_7=0x3B & size0=0 & op12_15=0x0A) ... & d_eab {
#}
#
#:ROLC.w d_eaw          is (op1_7=0x3B & size0=1 & op12_15=0x0A) ... & d_eaw {
#}
#
#:RORC.b d_eab          is (op1_7=0x3B & size0=0 & op12_15=0x0B) ... & d_eab {
#}
#
#:RORC.w d_eaw          is (op1_7=0x3B & size0=1 & op12_15=0x0B) ... & d_eaw {
#}
#
#:ROT.b imm12_15, d_eab is (op1_7=0x70 & size0=0 & imm12_15) ... & d_eab {
#}
#
#:ROT.w imm12_15, d_eaw is (op1_7=0x70 & size0=1 & imm12_15) ... & d_eaw {
#}
#
#:ROT.b R1H, d_eab      is (R1H & op1_7=0x3A & size0=0 & op12_15=0x06) ... & d_eab {
#}
#
#:ROT.w R1H, d_eaw      is (R1H & op1_7=0x3A & size0=1 & op12_15=0x06) ... & d_eaw {
#}


:RTS                              is ops0_7=0xF3 {
	SP = SP-2;
	local return_addr:3 = *:2 SP;
	SP = SP-1;
	local pc_h:3 = zext(*:2 SP) << 16;
	return_addr = return_addr & pc_h;
	return [return_addr];
}

#:SBB.b imm8, d_eab     is (op1_7=0x3B & size0=0 & op12_15=0x07) ... & d_eab; imm8 {
#}
#
#:SBB.w imm16, d_eaw    is (op1_7=0x3B & size0=1 & op12_15=0x07) ... & d_eaw; imm16 {
#}
#
#:SBB.b s_eab, d_eab    is op1_7=0x5C & size0=0 &src12_15 & dest8_11; s_eab; d_eab {
#}

#:SBJNZ

#:SHA

#:SHL.b imm12_15, d_eab is (op1_7=0x74 & size0=0 & imm12_15) ... & d_eab {
#	
#}

:SHL.w imm12_15, d_eaw            is (op1_7=0x74 & size0=1 & imm12_15) ... & d_eaw {
}

#:SHL.b R1H, d_eab is (R1H & op1_7=0x3A & size0=0 & op12_15=0x0E) ... & d_eab {
#	
#}
#
#:SHL.w R1H, d_eaw is (R1H & op1_7=0x3A & size0=1 & op12_15=0x0E)  ... & d_eaw {
#	
#}

silverchris · 2022-12-18T01:07:24Z

silverchris
Dec 18, 2022
Author

Have some basic things working now, at least.

Having some trouble getting the decompiler to understand the stack? But it's progress

                             //
                             // ram 
                             // ram:010000-ram:0137ed
                             //
                             **************************************************************
                             *                          FUNCTION                          *
                             **************************************************************
                             undefined FUN_010000()
             undefined         R0H:1          <RETURN>
               0
                             FUN_010000
          010000 eb 40 d0 15     LDC                     0x15d0,ISP
               0
          010004 c7 02 0a 00     MOV.b                   #0x2,[DAT_00000a]                                               = ??
               0
          010008 b7 04 00        MOV.b                   0x0,[DAT_000004]                                                = ??
               0
          01000b b7 0a 00        MOV.b                   0x0,[DAT_00000a]                                                = ??
               0
          01000e eb 30 80 00     LDC                     0x80,FLAG
               0
          010012 eb 50 d0 12     LDC                     0x12d0,USP
               0
          010016 eb 60 00 04     LDC                     0x400,SB
               0
          01001a eb 20 01 00     LDC                     0x1,INTBH
               0
          01001e eb 10 00 3c     LDC                     0x3c00,INTBL
               0
          010022 75 cf 3a        MOV.w                   0x15d0,DAT_000f3a
                 0f d0 15
               0
          010028 75 cf 3c        MOV.w                   0x0,DAT_000f3c
                 0f 00 00
               0
          01002e 75 cf 3e        MOV.w                   0x300,DAT_000f3e
                 0f 00 03
               0
          010034 d9 0f 40 0f     MOV.w                   0x0,DAT_000f40
               0
          010038 eb 70 00 00     LDC                     0x0,FB
               0
          01003c fd 32 2a 01     JSR.a                   FUN_012a32                                                      undefined FUN_012a32()
             - ? -
          010040 f5 03 00        JSR.w                   FUN_010044                                                      undefined FUN_010044()
             - ? -
          010043 fb              REIT


void FUN_010000(void)

{
  undefined3 uStack000000;
  
  DAT_00000a._0_1_ = 2;
  DAT_000004 = 0;
  DAT_00000a = 0;
  uStack000000 = 0x10040;
  FUN_012a32();
  uStack000000 = 0x10043;
  FUN_010044();
  return;
}

4 replies

GhidorahRex Dec 19, 2022
Collaborator

To fix the stack, you'll have to tweak the .cspec file. Every language in our repo has one, and almost all of them have a stack pointer.

silverchris Dec 19, 2022
Author

Is there a document on that file? Been playing around with it, but somewhat blindly.
Been digging around for the documentation for it, but I have only found a file that defines what options there are, but not what they mean.
Also, Thanks again for all your help on this!

GhidorahRex Dec 19, 2022
Collaborator

I'm not sure that we have documentation on it - I haven't seen any (although that doesn't mean it doesn't exist). But we have a lot of examples, particularly about how to handle the stack pointer.

silverchris Dec 20, 2022
Author

Turns out, if you mess up your register layout, Ghidra has a hard time telling what is going on!

Fixed the registers, and now it can make sense of the stack.

I feel silly about how much time I wasted on that! :)

silverchris · 2022-12-21T14:47:52Z

silverchris
Dec 21, 2022
Author

Any thoughts on how to handle the A0 and A1 registers being zero expanded when used as the destination in byte operations?
The only way I can think of is it basically break out those operations by themselves.

1 reply

GhidorahRex Dec 21, 2022
Collaborator

That's what I would do. Have one that's add.b src dest and another that's add.b src destAn For that second one, you'd want to zext the result before assigning it to destAn

silverchris · 2022-12-27T19:48:57Z

silverchris
Dec 27, 2022
Author

Still having issues with the stack...
I did find details of the stack frame in this on page 106
I did create a git repository to keep the code in at least https://github.com/silverchris/m16c/tree/master/data/languages

                             **************************************************************
                             *                          FUNCTION                          *
                             **************************************************************
                             void __stdcall CAN_RX_START(int param_1)
             void              <VOID>         <RETURN>
             int               R1:2           param_1
             undefined1        Stack[-0x3]:1  local_3                                 XREF[5]:     0cc93e(*), 
                                                                                                   0cc93e(*), 
                                                                                                   0cc950(*), 
                                                                                                   0cc95b(*), 
                                                                                                   0cc964(*)  
             undefined2        Stack[-0x5]:2  local_5                                 XREF[2]:     0cc937(*), 
                                                                                                   0cc944(*)  
               0
                             CAN_RX_START                                    XREF[2]:     INT_CAN0_RX:0ccb26(c), 
                                                                                          INT_CAN1_RX:0ccb68(c)  
          0cc934 7c f2 03        ENTER                   0x3
                                                      (register, 0x9, 3) = INT_SUB (register, 0x9, 3), (const, 0x2, 3)
                                                      STORE (const, 0x1f1, 8), (register, 0x9, 3), (register, 0xc, 2)
                                                      (register, 0xc, 3) = COPY (register, 0x9, 3)
                                                      (register, 0x9, 3) = INT_SUB (register, 0x9, 3), (const, 0x3, 3)
             005
          0cc937 73 1b fd        MOV.w                   param_1,-0x3[FB]=>local_5
                                                      (unique, 0x480, 3) = INT_SEXT (const, 0xfd, 1)
                                                      (unique, 0x580, 3) = INT_ADD (register, 0xc, 3), (unique, 0x480, 3)
                                                      (unique, 0x1800, 3) = COPY (unique, 0x580, 3)
                                                      (unique, 0x1880, 2) = COPY (register, 0x54, 2)
                                                      STORE (const, 0x1f1, 4), (unique, 0x1800, 3), (unique, 0x1880, 2)
                                                      (unique, 0x1880, 2) = LOAD (const, 0x1f1, 4), (unique, 0x1800, 3)
                                                      (register, 0x103, 1) = INT_SLESS (unique, 0x1880, 2), (const, 0x0, 2)
                                                      (unique, 0x1880, 2) = LOAD (const, 0x1f1, 4), (unique, 0x1800, 3)
                                                      (register, 0x102, 1) = INT_EQUAL (unique, 0x1880, 2), (const, 0x0, 2)
             005
          0cc93a 73 14           MOV.w                   param_1,A0
                                                      (register, 0x58, 2) = COPY (register, 0x54, 2)
                                                      (register, 0x103, 1) = INT_SLESS (register, 0x58, 2), (const, 0x0, 2)
                                                      (register, 0x102, 1) = INT_EQUAL (register, 0x58, 2), (const, 0x0, 2)
             005
          0cc93c e9 04           SHL.w                   0x1,A0
                                                      (register, 0x58, 2) = INT_LEFT (register, 0x58, 2), (const, 0x1, 4)
                                                      (register, 0x103, 1) = INT_SLESS (register, 0x58, 2), (const, 0x0, 2)
                                                      (register, 0x102, 1) = INT_EQUAL (register, 0x58, 2), (const, 0x0, 2)
             005
          0cc93e 74 9b ff        LDE.b                   BYTE_0c03a0[A0=>local_3],-0x1[FB]=>local_3                      = 1h
                 a0 03 0c
                                                      (unique, 0x3a80, 3) = INT_SEXT (const, 0xff, 1)
                                                      (unique, 0x3b80, 3) = INT_ADD (register, 0xc, 3), (unique, 0x3a80, 3)
                                                      (unique, 0x10780, 3) = INT_ZEXT (register, 0x58, 2)
                                                      (unique, 0x10880, 3) = INT_ADD (unique, 0x10780, 3), (const, 0xc03a0, 3)
                                                      (unique, 0x10980, 1) = LOAD (const, 0x1f1, 8), (unique, 0x10880, 3)
                                                      (register, 0x102, 1) = INT_EQUAL (unique, 0x10980, 1), (const, 0x0, 1)
                                                      (register, 0x103, 1) = INT_SLESS (unique, 0x10980, 1), (const, 0x0, 1)
                                                      (unique, 0x3c00, 1) = COPY (unique, 0x10980, 1)
                                                      STORE (const, 0x1f1, 4), (unique, 0x3b80, 3), (unique, 0x3c00, 1)
             005
                             LAB_0cc944                                      XREF[1]:     0cc966(j)  
          0cc944 73 b4 fd        MOV.w                   -0x3[FB]=>local_5,A0
                                                      (unique, 0x1000, 3) = INT_SEXT (const, 0xfd, 1)
                                                      (unique, 0x1100, 3) = INT_ADD (register, 0xc, 3), (unique, 0x1000, 3)
                                                      (unique, 0x1e00, 3) = COPY (unique, 0x1100, 3)
                                                      (unique, 0x1e80, 2) = LOAD (const, 0x1f1, 4), (unique, 0x1e00, 3)
                                                      (register, 0x58, 2) = COPY (unique, 0x1e80, 2)
                                                      (register, 0x103, 1) = INT_SLESS (register, 0x58, 2), (const, 0x0, 2)
                                                      (register, 0x102, 1) = INT_EQUAL (register, 0x58, 2), (const, 0x0, 2)
             005
          0cc947 73 40           MOV.w                   A0,R0
                                                      (register, 0x50, 2) = COPY (register, 0x58, 2)
                                                      (register, 0x103, 1) = INT_SLESS (register, 0x50, 2), (const, 0x0, 2)
                                                      (register, 0x102, 1) = INT_EQUAL (register, 0x50, 2), (const, 0x0, 2)
             005
          0cc949 e9 04           SHL.w                   0x1,A0
                                                      (register, 0x58, 2) = INT_LEFT (register, 0x58, 2), (const, 0x1, 4)
                                                      (register, 0x103, 1) = INT_SLESS (register, 0x58, 2), (const, 0x0, 2)
                                                      (register, 0x102, 1) = INT_EQUAL (register, 0x58, 2), (const, 0x0, 2)
             005
          0cc94b 75 91 b0        LDE.w                   DAT_0c03b0[A0],param_1                                          = 0018h
                 03 0c
                                                      (unique, 0x10b00, 3) = INT_ZEXT (register, 0x58, 2)
                                                      (unique, 0x10c00, 3) = INT_ADD (unique, 0x10b00, 3), (const, 0xc03b0, 3)
                                                      (register, 0x54, 2) = LOAD (const, 0x1f1, 8), (unique, 0x10c00, 3)
                                                      (register, 0x102, 1) = INT_EQUAL (register, 0x54, 2), (const, 0x0, 2)
                                                      (register, 0x103, 1) = INT_SLESS (register, 0x54, 2), (const, 0x0, 2)
             005
          0cc950 32 ff           MOV.b                   -0x1[FB]=>local_3,A0
                                                      (unique, 0x6580, 3) = INT_SEXT (const, 0xff, 1)
                                                      (unique, 0x6680, 3) = INT_ADD (register, 0xc, 3), (unique, 0x6580, 3)
                                                      (unique, 0x6700, 1) = LOAD (const, 0x1f1, 4), (unique, 0x6680, 3)
                                                      (register, 0x58, 2) = INT_ZEXT (unique, 0x6700, 1)
             005
          0cc952 c1 14           CMP.w                   param_1,A0
                                                      (unique, 0x8f80, 2) = INT_SUB (register, 0x58, 2), (register, 0x54, 2)
                                                      (register, 0x100, 1) = INT_LESSEQUAL (register, 0x54, 2), (register, 0x58, 2)
                                                      (register, 0x102, 1) = INT_EQUAL (unique, 0x8f80, 2), (const, 0x0, 2)
                                                      (register, 0x103, 1) = INT_SLESS (unique, 0x8f80, 2), (const, 0x0, 2)
                                                      (unique, 0x9180, 2) = INT_2COMP (const, 0x8000, 2)
                                                      (unique, 0x9200, 1) = INT_SLESS (unique, 0x8f80, 2), (unique, 0x9180, 2)
                                                      (unique, 0x9280, 1) = INT_SLESS (const, 0x7fff, 2), (unique, 0x8f80, 2)
                                                      (register, 0x105, 1) = INT_OR (unique, 0x9200, 1), (unique, 0x9280, 1)
             005
          0cc954 68 13           JGEU/C                  LAB_0cc968
                                                      (unique, 0x7700, 1) = COPY (register, 0x100, 1)
                                                      CBRANCH (ram, 0xcc968, 3), (unique, 0x7700, 1)
             005
          0cc956 f5 13 00        JSR.w                   FUN_0cc96a                                                      uint FUN_0cc96a(int param_1, int
                                                      (register, 0x9, 3) = INT_SUB (register, 0x9, 3), (const, 0x3, 3)
                                                      STORE (const, 0x1f1, 8), (register, 0x9, 3), (const, 0xcc959, 3)
                                                      CALLIND (const, 0xcc96a, 3)
             005
          0cc959 6a 0a           JEQ/Z                   LAB_0cc964
                                                      (unique, 0x7900, 1) = COPY (register, 0x102, 1)
                                                      CBRANCH (ram, 0xcc964, 3), (unique, 0x7900, 1)
             005
          0cc95b 32 ff           MOV.b                   -0x1[FB]=>local_3,A0
                                                      (unique, 0x6580, 3) = INT_SEXT (const, 0xff, 1)
                                                      (unique, 0x6680, 3) = INT_ADD (register, 0xc, 3), (unique, 0x6580, 3)
                                                      (unique, 0x6700, 1) = LOAD (const, 0x1f1, 4), (unique, 0x6680, 3)
                                                      (register, 0x58, 2) = INT_ZEXT (unique, 0x6700, 1)
             005
          0cc95d 73 01           MOV.w                   R0,param_1
                                                      (register, 0x54, 2) = COPY (register, 0x50, 2)
                                                      (register, 0x103, 1) = INT_SLESS (register, 0x54, 2), (const, 0x0, 2)
                                                      (register, 0x102, 1) = INT_EQUAL (register, 0x54, 2), (const, 0x0, 2)
             005
          0cc95f 73 42           MOV.w                   A0,R2
                                                      (register, 0x52, 2) = COPY (register, 0x58, 2)
                                                      (register, 0x103, 1) = INT_SLESS (register, 0x52, 2), (const, 0x0, 2)
                                                      (register, 0x102, 1) = INT_EQUAL (register, 0x52, 2), (const, 0x0, 2)
             005
          0cc961 f5 b6 0d        JSR.w                   FUN_0cd718                                                      void FUN_0cd718(uint param_1, ui
                                                      (register, 0x9, 3) = INT_SUB (register, 0x9, 3), (const, 0x3, 3)
                                                      STORE (const, 0x1f1, 8), (register, 0x9, 3), (const, 0xcc964, 3)
                                                      CALLIND (const, 0xcd718, 3)
             005
                             LAB_0cc964                                      XREF[1]:     0cc959(j)  
          0cc964 a6 ff           INC.b                   -0x1[FB]=>local_3
                                                      (unique, 0x6980, 3) = INT_SEXT (const, 0xff, 1)
                                                      (unique, 0x6a80, 3) = INT_ADD (register, 0xc, 3), (unique, 0x6980, 3)
                                                      (unique, 0x6b00, 1) = LOAD (const, 0x1f1, 4), (unique, 0x6a80, 3)
                                                      (unique, 0x6b00, 1) = INT_ADD (unique, 0x6b00, 1), (const, 0x1, 1)
                                                      STORE (const, 0x1f1, 4), (unique, 0x6a80, 3), (unique, 0x6b00, 1)
                                                      (unique, 0x6b00, 1) = LOAD (const, 0x1f1, 4), (unique, 0x6a80, 3)
                                                      (register, 0x103, 1) = INT_SLESS (unique, 0x6b00, 1), (const, 0x0, 1)
                                                      (unique, 0x6b00, 1) = LOAD (const, 0x1f1, 4), (unique, 0x6a80, 3)
                                                      (register, 0x102, 1) = INT_EQUAL (unique, 0x6b00, 1), (const, 0x0, 1)
             005
          0cc966 fe dd           JMP.b                   LAB_0cc944
                                                      BRANCHIND (const, 0xcc944, 3)
             005
                             LAB_0cc968                                      XREF[1]:     0cc954(j)  
          0cc968 7d f2           EXITD
                                                      (register, 0x9, 3) = COPY (register, 0xc, 3)
                                                      (register, 0xc, 3) = LOAD (const, 0x1f1, 8), (register, 0x9, 3)
                                                      (register, 0x9, 3) = INT_ADD (register, 0x9, 3), (const, 0x2, 3)
                                                      (unique, 0xea80, 3) = LOAD (const, 0x1f1, 8), (register, 0x9, 3)
                                                      (register, 0x9, 3) = INT_ADD (register, 0x9, 3), (const, 0x2, 3)
                                                      (unique, 0xeb80, 2) = LOAD (const, 0x1f1, 8), (register, 0x9, 3)
                                                      (unique, 0xec00, 3) = INT_ZEXT (unique, 0xeb80, 2)
                                                      (unique, 0xed00, 3) = INT_LEFT (unique, 0xec00, 3), (const, 0x10, 4)
                                                      (register, 0x9, 3) = INT_SUB (register, 0x9, 3), (const, 0x1, 3)
                                                      (unique, 0xea80, 3) = INT_AND (unique, 0xea80, 3), (unique, 0xed00, 3)
                                                      RETURN (unique, 0xea80, 3)

void CAN_RX_START(int param_1)

{
  undefined *puVar1;
  uint uVar2;
  uint uVar3;
  uint uVar5;
  bool bVar6;
  undefined auStack_2 [2];
  
  puVar1 = auStack_2;
  while( true ) {
    uVar2 = *(uint *)(puVar1 + -3);
    uVar3 = *(uint *)((int3)&DAT_0c03b0 + (uint3)(uVar2 << 1));
    uVar5 = (uint)(byte)puVar1[-1];
    bVar6 = uVar5 == uVar3;
    if (uVar3 <= uVar5) break;
    FUN_0cc96a(uVar5,uVar2);
    if (!bVar6) {
      FUN_0cd718(uVar2,(uint)(byte)puVar1[-1]);
    }
    puVar1[-1] = puVar1[-1] + '\x01';
  }
  return;
}

2 replies

GhidorahRex Jan 3, 2023
Collaborator

You'll need to model the calling conventions on pages 106/107 in the processor .cspec file to clean that up better. Look at other languages usage of the stack pointer in <default_proto> entries in the .cspec.

silverchris Jan 3, 2023
Author

Looks like the main thing I was missing was setting up a spacebase?
adding this to the cspec

<spacebase name="FrameBase" register="FB" space="ram"/>```

and

<register name="FB" />

to the unaffected section of the prototypes made it a LOT better

silverchris · 2023-01-13T01:42:45Z

silverchris
Jan 13, 2023
Author

Continuing progress on this, updated https://github.com/silverchris/m16c/tree/master/data/languages

I am having an issue with Ghidra not combining 16 bit operations into 32bit operations

For example

             00a
    ram:000cd08b a2 dc 07        MOV.w                   #0x7dc,A0
                                                      (register, 0x58, 2) = COPY (const, 0x7dc, 2)
                                                      (register, 0x103, 1) = INT_SLESS (register, 0x58, 2), (const, 0x0, 2)
                                                      (register, 0x102, 1) = INT_EQUAL (register, 0x58, 2), (const, 0x0, 2)
             00a
    ram:000cd08e aa 0c 00        MOV.w                   #0xc,A1
                                                      (register, 0x5a, 2) = COPY (const, 0xc, 2)
                                                      (register, 0x103, 1) = INT_SLESS (register, 0x5a, 2), (const, 0x0, 2)
                                                      (register, 0x102, 1) = INT_EQUAL (register, 0x5a, 2), (const, 0x0, 2)
             00a
    ram:000cd091 a1 b4 fe        ADD.w                   -0x2[FB],A0
                                                      (unique, 0xb00, 2) = INT_SEXT (const, 0xfe, 1)
                                                      (unique, 0xc00, 2) = INT_ADD (register, 0x66, 2), (unique, 0xb00, 2)
                                                      (unique, 0x1700, 2) = COPY (unique, 0xc00, 2)
                                                      (unique, 0x1780, 2) = LOAD (const, 0x211, 4), (unique, 0x1700, 2)
                                                      (register, 0x100, 1) = INT_CARRY (register, 0x58, 2), (unique, 0x1780, 2)
                                                      (unique, 0x1780, 2) = LOAD (const, 0x211, 4), (unique, 0x1700, 2)
                                                      (register, 0x105, 1) = INT_SCARRY (register, 0x58, 2), (unique, 0x1780, 2)
                                                      (unique, 0x1780, 2) = LOAD (const, 0x211, 4), (unique, 0x1700, 2)
                                                      (register, 0x58, 2) = INT_ADD (register, 0x58, 2), (unique, 0x1780, 2)
                                                      (register, 0x102, 1) = INT_EQUAL (register, 0x58, 2), (const, 0x0, 2)
                                                      (register, 0x103, 1) = INT_SLESS (register, 0x58, 2), (const, 0x0, 2)
             00a
    ram:000cd094 77 e5           ADCF.w                  A1
                                                      (unique, 0x9180, 2) = INT_ZEXT (register, 0x100, 1)
                                                      (unique, 0x9200, 1) = INT_CARRY (register, 0x5a, 2), (const, 0x0, 2)
                                                      (unique, 0x9280, 2) = INT_ADD (const, 0x0, 2), (register, 0x5a, 2)
                                                      (unique, 0x9380, 1) = INT_CARRY (unique, 0x9280, 2), (unique, 0x9180, 2)
                                                      (register, 0x100, 1) = BOOL_OR (unique, 0x9200, 1), (unique, 0x9380, 1)
                                                      (unique, 0x9480, 1) = INT_SCARRY (register, 0x5a, 2), (const, 0x0, 2)
                                                      (unique, 0x9500, 2) = INT_ADD (const, 0x0, 2), (register, 0x5a, 2)
                                                      (unique, 0x9600, 1) = INT_SCARRY (unique, 0x9500, 2), (unique, 0x9180, 2)
                                                      (register, 0x105, 1) = BOOL_OR (unique, 0x9480, 1), (unique, 0x9600, 1)
                                                      (unique, 0x9700, 2) = INT_ADD (const, 0x0, 2), (register, 0x5a, 2)
                                                      (register, 0x5a, 2) = INT_ADD (unique, 0x9700, 2), (unique, 0x9180, 2)
                                                      (register, 0x102, 1) = INT_EQUAL (register, 0x5a, 2), (const, 0x0, 2)
                                                      (register, 0x103, 1) = INT_SLESS (register, 0x5a, 2), (const, 0x0, 2)
             00a
    ram:000cd096 74 a0           LDE.b                   A1A0,R0L
                                                      (register, 0x50, 1) = LOAD (const, 0x1a1, 8), (register, 0x58, 4)
                                                      (register, 0x102, 1) = INT_EQUAL (register, 0x50, 1), (const, 0x0, 1)
                                                      (register, 0x103, 1) = INT_SLESS (register, 0x50, 1), (const, 0x0, 1)

Turning into

*CONCAT22((0xf823 < param_1) + 0xc,param_1 + 0x7dc))

Where it would make a lot more sense as

*(0xc7dc+param_1)

Any tips to get Ghidra to figure that out?

0 replies

n1zzo · 2023-03-28T08:58:21Z

n1zzo
Mar 28, 2023

@silverchris your work is very interesting!
I've tried to build a ghidra plugin by using gpmg.
However a full enumeration of the M16C ISA takes a huge amount of space, ~70GB of text!
Are you still working on this implementation?

1 reply

silverchris Mar 28, 2023
Author

You shouldn't need to use gpmg, I think. It is already in a format that the Ghidra Sleigh compiler can compile.

It's still a work in progress, as it's missing a couple of multiplication instructions, and is probably a bit messy, but it is working for my use case currently

silverchris · 2023-04-07T18:49:00Z

silverchris
Apr 7, 2023
Author

@GhidorahRex and @astrelsky
Any ideas to simplify the bit operations in this? I feel they are a bit of a chaotic mess
https://github.com/silverchris/m16c/blob/no_near/data/languages/m16c.slaspec, I feel like there is excessive duplication, but everything I can think of to try doesn't seem to work?

1 reply

astrelsky Apr 10, 2023

Do you mean the bit operations in decompiled output or in your slaspec? If it's the later, I'd argue it is supposed to be a chaotic mess 😂 (I have no ideas for that).

maelp · 2025-07-08T13:21:18Z

maelp
Jul 8, 2025

I'm also interested in a Renesas disasm, I saw this plugin https://github.com/redballoonsecurity/rx-proc-ghidra I don't know if this could be of help to you too? It seems to disasm my firmware fine (with Ghidra 9, the plugin wasn't made compatible with more recent versions), but I'm wondering if there would be an easy way to also map out all the interrupts, peripherals, etc from the datasheet? Could someone point me in the right way to do this?

0 replies

n1zzo · 2025-07-20T09:39:01Z

n1zzo
Jul 20, 2025

You need to create an SVD file and feed it to this plugin: https://github.com/leveldown-security/SVD-Loader-Ghidra
To create the SVD you could try feeding the PDF of the ISA manual to an LLM and tweak and verify the result manually.

0 replies

Renesas M16C #4804

Uh oh!

silverchris Dec 8, 2022

Replies: 10 comments · 22 replies

Uh oh!

GhidorahRex Dec 8, 2022 Collaborator

Uh oh!

silverchris Dec 9, 2022 Author

Uh oh!

GhidorahRex Dec 9, 2022 Collaborator

Uh oh!

silverchris Dec 9, 2022 Author

Uh oh!

Uh oh!

silverchris Dec 9, 2022 Author

Uh oh!

astrelsky Dec 10, 2022

Uh oh!

silverchris Dec 13, 2022 Author

Uh oh!

GhidorahRex Dec 13, 2022 Collaborator

Uh oh!

silverchris Dec 14, 2022 Author

Uh oh!

GhidorahRex Dec 15, 2022 Collaborator

Uh oh!

silverchris Dec 17, 2022 Author

Uh oh!

silverchris Dec 18, 2022 Author

Uh oh!

GhidorahRex Dec 19, 2022 Collaborator

Uh oh!

silverchris Dec 19, 2022 Author

Uh oh!

GhidorahRex Dec 19, 2022 Collaborator

Uh oh!

silverchris Dec 20, 2022 Author

Uh oh!

silverchris Dec 21, 2022 Author

Uh oh!

GhidorahRex Dec 21, 2022 Collaborator

Uh oh!

Uh oh!

silverchris Dec 27, 2022 Author

Uh oh!

GhidorahRex Jan 3, 2023 Collaborator

Uh oh!

silverchris Jan 3, 2023 Author

Uh oh!

silverchris Jan 13, 2023 Author

Uh oh!

n1zzo Mar 28, 2023

Uh oh!

silverchris Mar 28, 2023 Author

Uh oh!

silverchris Apr 7, 2023 Author

Uh oh!

astrelsky Apr 10, 2023

Uh oh!

maelp Jul 8, 2025

Uh oh!

n1zzo Jul 20, 2025

silverchris
Dec 8, 2022

Replies: 10 comments 22 replies

GhidorahRex
Dec 8, 2022
Collaborator

silverchris Dec 9, 2022
Author

GhidorahRex Dec 9, 2022
Collaborator

silverchris Dec 9, 2022
Author

silverchris Dec 9, 2022
Author

silverchris
Dec 13, 2022
Author

GhidorahRex Dec 13, 2022
Collaborator

silverchris Dec 14, 2022
Author

GhidorahRex Dec 15, 2022
Collaborator

silverchris Dec 17, 2022
Author

silverchris
Dec 18, 2022
Author

GhidorahRex Dec 19, 2022
Collaborator

silverchris Dec 19, 2022
Author

GhidorahRex Dec 19, 2022
Collaborator

silverchris Dec 20, 2022
Author

silverchris
Dec 21, 2022
Author

GhidorahRex Dec 21, 2022
Collaborator

silverchris
Dec 27, 2022
Author

GhidorahRex Jan 3, 2023
Collaborator

silverchris Jan 3, 2023
Author

silverchris
Jan 13, 2023
Author

n1zzo
Mar 28, 2023

silverchris Mar 28, 2023
Author

silverchris
Apr 7, 2023
Author

maelp
Jul 8, 2025

n1zzo
Jul 20, 2025