Update read/written registers for x86 loop instructions

arch/X86/X86Mapping.c

@@ -942,7 +942,6 @@ void X86_get_insn_id(cs_struct *h, cs_insn *insn, unsigned int id)
 				}
 				break;
 			}
-
 			switch (insn->id) {
 			default:
 				break;
@@ -954,39 +953,47 @@ void X86_get_insn_id(cs_struct *h, cs_insn *insn, unsigned int id)
 				default:
 					break;
 				case CS_MODE_16:
-					insn->detail->regs_read[0] = X86_REG_CX;
-					insn->detail->regs_read_count = 1;
-					insn->detail->regs_write[0] =
-						X86_REG_CX;
-					insn->detail->regs_write_count = 1;
-					break;
-				case CS_MODE_32:
-					insn->detail->regs_read[0] =
-						X86_REG_ECX;
-					insn->detail->regs_read_count = 1;
-					insn->detail->regs_write[0] =
-						X86_REG_ECX;
-					insn->detail->regs_write_count = 1;
+					arr_replace(
+						insn->detail->regs_read,
+						insn->detail->regs_read_count,
+						X86_REG_EIP, X86_REG_IP);
+					arr_replace(
+						insn->detail->regs_write,
+						insn->detail->regs_write_count,
+						X86_REG_EIP, X86_REG_IP);
+					arr_replace(
+						insn->detail->regs_read,
+						insn->detail->regs_read_count,
+						X86_REG_ECX, X86_REG_CX);
+					arr_replace(
+						insn->detail->regs_write,
+						insn->detail->regs_write_count,
+						X86_REG_ECX, X86_REG_CX);
 					break;
 				case CS_MODE_64:
-					insn->detail->regs_read[0] =
-						X86_REG_RCX;
-					insn->detail->regs_read_count = 1;
-					insn->detail->regs_write[0] =
-						X86_REG_RCX;
-					insn->detail->regs_write_count = 1;
+					arr_replace(
+						insn->detail->regs_read,
+						insn->detail->regs_read_count,
+						X86_REG_EIP, X86_REG_RIP);
+					arr_replace(
+						insn->detail->regs_write,
+						insn->detail->regs_write_count,
+						X86_REG_EIP, X86_REG_RIP);
+					arr_replace(
+						insn->detail->regs_read,
+						insn->detail->regs_read_count,
+						X86_REG_ECX, X86_REG_RCX);
+					arr_replace(
+						insn->detail->regs_write,
+						insn->detail->regs_write_count,
+						X86_REG_ECX, X86_REG_RCX);
 					break;
 				}
+			}
 
-				// LOOPE & LOOPNE also read EFLAGS
-				if (insn->id != X86_INS_LOOP) {
-					insn->detail->regs_read[1] =
-						X86_REG_EFLAGS;
-					insn->detail->regs_read_count = 2;
-				}
-
+			switch (insn->id) {
+			default:
 				break;
-
 			case X86_INS_LODSB:
 			case X86_INS_LODSD:
 			case X86_INS_LODSQ:

arch/X86/X86MappingInsn.inc

@@ -7937,21 +7937,21 @@
 {
 	X86_LOOP, X86_INS_LOOP, 0,
 #ifndef CAPSTONE_DIET
-	{ 0 }, { 0 }, { X86_GRP_BRANCH_RELATIVE, 0 }, 0, 0
+	{ X86_REG_EIP, X86_REG_ECX, 0 }, { X86_REG_EIP, X86_REG_ECX, 0 }, { X86_GRP_BRANCH_RELATIVE, 0 }, 0, 0
 #endif
 },
 
 {
 	X86_LOOPE, X86_INS_LOOPE, 0,
 #ifndef CAPSTONE_DIET
-	{ 0 }, { 0 }, { X86_GRP_BRANCH_RELATIVE, 0 }, 0, 0
+	{ X86_REG_EIP, X86_REG_ECX, X86_REG_EFLAGS, 0 }, { X86_REG_EIP, X86_REG_ECX, 0 }, { X86_GRP_BRANCH_RELATIVE, 0 }, 0, 0
 #endif
 },
 
 {
 	X86_LOOPNE, X86_INS_LOOPNE, 0,
 #ifndef CAPSTONE_DIET
-	{ 0 }, { 0 }, { X86_GRP_BRANCH_RELATIVE, 0 }, 0, 0
+	{ X86_REG_EIP, X86_REG_ECX, X86_REG_EFLAGS, 0 }, { X86_REG_EIP, X86_REG_ECX, 0 }, { X86_GRP_BRANCH_RELATIVE, 0 }, 0, 0
 #endif
 },
 

arch/X86/X86MappingInsn_reduce.inc

@@ -4472,21 +4472,21 @@
 {
 	X86_LOOP, X86_INS_LOOP, 0,
 #ifndef CAPSTONE_DIET
-	{ 0 }, { 0 }, { 0 }, 0, 0
+	{ X86_REG_EIP, X86_REG_ECX, 0 }, { X86_REG_EIP, X86_REG_ECX, 0 }, { X86_GRP_BRANCH_RELATIVE, 0 }, 0, 0
 #endif
 },
 
 {
 	X86_LOOPE, X86_INS_LOOPE, 0,
 #ifndef CAPSTONE_DIET
-	{ 0 }, { 0 }, { 0 }, 0, 0
+	{ X86_REG_EIP, X86_REG_ECX, X86_REG_EFLAGS, 0 }, { X86_REG_EIP, X86_REG_ECX, 0 }, { X86_GRP_BRANCH_RELATIVE, 0 }, 0, 0
 #endif
 },
 
 {
 	X86_LOOPNE, X86_INS_LOOPNE, 0,
 #ifndef CAPSTONE_DIET
-	{ 0 }, { 0 }, { 0 }, 0, 0
+	{ X86_REG_EIP, X86_REG_ECX, X86_REG_EFLAGS, 0 }, { X86_REG_EIP, X86_REG_ECX, 0 }, { X86_GRP_BRANCH_RELATIVE, 0 }, 0, 0
 #endif
 },
 

tests/details/x86.yaml

@@ -5933,3 +5933,181 @@ test_cases:
             eflags: [ X86_EFLAGS_TEST_OF, X86_EFLAGS_TEST_SF, X86_EFLAGS_TEST_ZF ]
           regs_read: [ rflags, rip ]
           regs_write: [ rip ]
+
+  -
+    input:
+      name: "Loop according to ECX count, 16-bit decode mode"
+      bytes: [
+       0xe2, 0x32,   # loop 0x34
+       0xe1, 0x30,   # loope 0x34
+       0xe0, 0x2e,   # loopne 0x34
+      ]
+      arch: "x86"
+      options: [ CS_OPT_DETAIL, CS_MODE_16 ]
+    expected:
+      insns:
+      -
+        asm_text: "loop 0x34"
+        details:
+          x86:
+            prefix: [ X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0 ]
+            opcode: [ 0xe2, 0x00, 0x00, 0x00 ]
+          regs_read: [ ip, cx ]
+          regs_write: [ ip, cx ]
+      -
+        asm_text: "loope 0x34"
+        details:
+          x86:
+            prefix: [ X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0 ]
+            opcode: [ 0xe1, 0x00, 0x00, 0x00 ]
+            eflags: [ X86_EFLAGS_TEST_ZF ]
+          regs_read: [ ip, cx, flags ]
+          regs_write: [ ip, cx ]
+      -
+        asm_text: "loopne 0x34"
+        details:
+          x86:
+            prefix: [ X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0 ]
+            opcode: [ 0xe0, 0x00, 0x00, 0x00 ]
+            eflags: [ X86_EFLAGS_TEST_ZF ]
+          regs_read: [ ip, cx, flags ]
+          regs_write: [ ip, cx ]
+
+  -
+    input:
+      name: "Loop according to ECX count, 32-bit decode mode"
+      bytes: [
+       0xe2, 0x32,   # loop 0x34
+       0xe1, 0x30,   # loope 0x34
+       0xe0, 0x2e,   # loopne 0x34
+      ]
+      arch: "x86"
+      options: [ CS_OPT_DETAIL, CS_MODE_32 ]
+    expected:
+      insns:
+      -
+        asm_text: "loop 0x34"
+        details:
+          x86:
+            prefix: [ X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0 ]
+            opcode: [ 0xe2, 0x00, 0x00, 0x00 ]
+          regs_read: [ eip, ecx ]
+          regs_write: [ eip, ecx ]
+      -
+        asm_text: "loope 0x34"
+        details:
+          x86:
+            prefix: [ X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0 ]
+            opcode: [ 0xe1, 0x00, 0x00, 0x00 ]
+            eflags: [ X86_EFLAGS_TEST_ZF ]
+          regs_read: [ eip, ecx, eflags ]
+          regs_write: [ eip, ecx ]
+      -
+        asm_text: "loopne 0x34"
+        details:
+          x86:
+            prefix: [ X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0 ]
+            opcode: [ 0xe0, 0x00, 0x00, 0x00 ]
+            eflags: [ X86_EFLAGS_TEST_ZF ]
+          regs_read: [ eip, ecx, eflags ]
+          regs_write: [ eip, ecx ]
+
+  -
+    input:
+      name: "Loop according to ECX count, 64-bit decode mode"
+      bytes: [
+       0xe2, 0x32,         # loop 0x34
+       0x48, 0xe2, 0x2f,   # REX.W loop 0x34 (should ignore REX)
+       0x67, 0xe2, 0x2c,   # loop 0x34 (with size override)
+       0xe1, 0x2a,         # loope 0x34
+       0x48, 0xe1, 0x27,   # REX.W loop 0x34 (should ignore REX)
+       0x67, 0xe1, 0x24,   # loop 0x34 (with size override)
+       0xe0, 0x22,         # loope 0x34
+       0x48, 0xe0, 0x1f,   # REX.W loop 0x34 (should ignore REX)
+       0x67, 0xe0, 0x1c,   # loop 0x34 (with size override)
+      ]
+      arch: "x86"
+      options: [ CS_OPT_DETAIL, CS_MODE_64 ]
+    expected:
+      insns:
+      -
+        asm_text: "loop 0x34"
+        details:
+          x86:
+            prefix: [ X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0 ]
+            opcode: [ 0xe2, 0x00, 0x00, 0x00 ]
+          regs_read: [ rip, rcx ]
+          regs_write: [ rip, rcx ]
+      -
+        asm_text: "loop 0x34"
+        details:
+          x86:
+            rex: 0x48
+            prefix: [ X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0 ]
+            opcode: [ 0xe2, 0x00, 0x00, 0x00 ]
+          regs_read: [ rip, rcx ]
+          regs_write: [ rip, rcx ]
+      -
+        asm_text: "loop 0x34"
+        details:
+          x86:
+            prefix: [ X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_ADDRSIZE ]
+            opcode: [ 0xe2, 0x00, 0x00, 0x00 ]
+          regs_read: [ rip, rcx ]
+          regs_write: [ rip, rcx ]      # BUG: should be ecx
+      -
+        asm_text: "loope 0x34"
+        details:
+          x86:
+            prefix: [ X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0 ]
+            opcode: [ 0xe1, 0x00, 0x00, 0x00 ]
+            eflags: [ X86_EFLAGS_TEST_ZF ]
+          regs_read: [ rip, rcx, rflags ]
+          regs_write: [ rip, rcx ]
+      -
+        asm_text: "loope 0x34"
+        details:
+          x86:
+            rex: 0x48
+            prefix: [ X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0 ]
+            opcode: [ 0xe1, 0x00, 0x00, 0x00 ]
+            eflags: [ X86_EFLAGS_TEST_ZF ]
+          regs_read: [ rip, rcx, rflags ]
+          regs_write: [ rip, rcx ]
+      -
+        asm_text: "loope 0x34"
+        details:
+          x86:
+            prefix: [ X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_ADDRSIZE ]
+            opcode: [ 0xe1, 0x00, 0x00, 0x00 ]
+            eflags: [ X86_EFLAGS_TEST_ZF ]
+          regs_read: [ rip, rcx, rflags ]
+          regs_write: [ rip, rcx ]      # BUG: should be ecx
+      -
+        asm_text: "loopne 0x34"
+        details:
+          x86:
+            prefix: [ X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0 ]
+            opcode: [ 0xe0, 0x00, 0x00, 0x00 ]
+            eflags: [ X86_EFLAGS_TEST_ZF ]
+          regs_read: [ rip, rcx, rflags ]
+          regs_write: [ rip, rcx ]
+      -
+        asm_text: "loopne 0x34"
+        details:
+          x86:
+            rex: 0x48
+            prefix: [ X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0 ]
+            opcode: [ 0xe0, 0x00, 0x00, 0x00 ]
+            eflags: [ X86_EFLAGS_TEST_ZF ]
+          regs_read: [ rip, rcx, rflags ]
+          regs_write: [ rip, rcx ]
+      -
+        asm_text: "loopne 0x34"
+        details:
+          x86:
+            prefix: [ X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_ADDRSIZE ]
+            opcode: [ 0xe0, 0x00, 0x00, 0x00 ]
+            eflags: [ X86_EFLAGS_TEST_ZF ]
+          regs_read: [ rip, rcx, rflags ]
+          regs_write: [ rip, rcx ]      # BUG: should be ecx