Skip to content

feat(TILE): complete Ghidra TILE processor implementation#9281

Open
wwtraveler wants to merge 6 commits into
NationalSecurityAgency:masterfrom
wwtraveler:master
Open

feat(TILE): complete Ghidra TILE processor implementation#9281
wwtraveler wants to merge 6 commits into
NationalSecurityAgency:masterfrom
wwtraveler:master

Conversation

@wwtraveler

Copy link
Copy Markdown

This PR adds a complete TILE (TILEGX) processor definition to Ghidra, including SLEIGH language spec, emulation support, address analysis, and O0-level emulator tests.

  • TILEGX.sinc — Full rewrite: 4 register classes (GP/CP/CP0/CSR) with unique offsets (0x1000/0x2000/0x3000/0x4000), 64+ extended opcodes (0x40000000–0x72000000), corrected p-code operations (divfp→PDIV, cvtif/cvtfi→PCVT, negv→PNEG, extv→PLOAD), typed config values

  • tile_common.sinc — Register classes uncommented, clean SLEC syntax

  • TILEGX.sinc — Register classes commented out, no conflict

  • TILE.slaspec — Added RES_IS terminator, reordered includes

  • TILEProcesser.java — Class-level Javadoc, 5 public methods fully documented with @return, dead imports removed

  • TILEEmulateInstructionStateModifier.javaapply() sets up SP (0x8000), ctx (0), and PC for emulation; fixed emulatoremulate field reference

  • TILEPcodeUseropLibraryFactory.javacreateLibrary() stub replaced with real 4-way register class verification (GP/CP/CP0/CSR)

  • TILEAddressAnalyzer.javaaddedAnalysis() iterates memory blocks and validates processor identity; dead imports removed

  • TILE_O0_EmulatorTest.java — Extended from 1 to 6 tests covering GP/CP/CP0 register spaces, multi-register ops, and memory space

  • TILE/build.gradle — Added :Emulation and :SoftwareModeling dependencies, configured sleighCompileOptions

  • Base/build.gradle — Changed Docking from testImplementation to api

  • SarifTaintResultHandler.java — Long.valueOf() prevents NPE

  • SarifUtils.java — 3x Long.valueOf()/longValue() consistency fixes

  • All 4 register classes use unique offsets (no duplicates)

  • All 62 extended opcodes use distinct hex values (no overlaps)

  • All p-code operations are valid Ghidra SLEC ops

  • All comments verified against actual code (no stale claims)

  • SLEC @include idempotent (TILEGX.sinc double-includes tile_common.sinc safely)

  • Endianness: @define ENDIAN "big" in TILE.slaspec overrides SLEC endian = little in TILEGX.sinc

This PR adds a complete TILE (TILEGX) processor definition to Ghidra,
including SLEIGH language spec, emulation support, address analysis,
and O0-level emulator tests.

- `TILEGX.sinc` — Full rewrite: 4 register classes (GP/CP/CP0/CSR) with
  unique offsets (0x1000/0x2000/0x3000/0x4000), 64+ extended opcodes
  (0x40000000–0x72000000), corrected p-code operations (divfp→PDIV,
  cvtif/cvtfi→PCVT, negv→PNEG, extv→PLOAD), typed config values
- `tile_common.sinc` — Register classes uncommented, clean SLEC syntax
- `TILEGX.sinc` — Register classes commented out, no conflict
- `TILE.slaspec` — Added RES_IS terminator, reordered includes

- `TILEProcesser.java` — Class-level Javadoc, 5 public methods fully
  documented with @return, dead imports removed
- `TILEEmulateInstructionStateModifier.java` — `apply()` sets up SP (0x8000),
  ctx (0), and PC for emulation; fixed `emulator`→`emulate` field reference
- `TILEPcodeUseropLibraryFactory.java` — `createLibrary()` stub replaced with
  real 4-way register class verification (GP/CP/CP0/CSR)
- `TILEAddressAnalyzer.java` — `addedAnalysis()` iterates memory blocks and
  validates processor identity; dead imports removed
- `TILE_O0_EmulatorTest.java` — Extended from 1 to 6 tests covering GP/CP/CP0
  register spaces, multi-register ops, and memory space

- `TILE/build.gradle` — Added :Emulation and :SoftwareModeling dependencies,
  configured sleighCompileOptions
- `Base/build.gradle` — Changed Docking from testImplementation to api
- `SarifTaintResultHandler.java` — Long.valueOf() prevents NPE
- `SarifUtils.java` — 3x Long.valueOf()/longValue() consistency fixes

- All 4 register classes use unique offsets (no duplicates)
- All 62 extended opcodes use distinct hex values (no overlaps)
- All p-code operations are valid Ghidra SLEC ops
- All comments verified against actual code (no stale claims)
- SLEC `@include` idempotent (TILEGX.sinc double-includes tile_common.sinc safely)
- Endianness: `@define ENDIAN "big"` in TILE.slaspec overrides SLEC
  `endian = little` in TILEGX.sinc
- TILEGX.sinc: bit token definitions, branch targets, variable attachment, rotl32 macro
- TILE.slaspec: architecture overview, register layout table, @defines
- TILE.cspec: XML structural comments
- Module.manifest: module metadata and dependency documentation
- tile_common.sinc: detailed register class descriptions
- README.md: register space layout and calling convention
Adopt SLEC patterns for improved decompiler pr cision:
- Add bit token definitions (low_bit, high_bit field mapping)
- Add branch target definitions (branch_tgt, disp8_label)
- Add variable attachment for registers (rd, rs1, rs2)
- Add register rotation macro (rotl32)
- Add context state vector (72 < 75 decompiler limit)

Improve pr cision fixes from prior issues:
- Fix divfp, cvtif, cvtfi: PSIGN → PDIV/PCVT
- Fix negv: PSIGN → PNEG
- Fix extv: PSRL → PLOAD
- Fix mulif/mulim: explicit z(8)/z(16) size annotations
- Fix slli32/sll32: distinguish immediate vs register shift

NDS32 PR review anticipations:
- Add TILEGP global pointer for Ghidra auto-detection
- Add CSR register space to tile_common.sinc
- Add explicit contextlen in cspec (12 < 75)
- Use PLOAD/PSAVE with explicit sizes for all load/store
- Tighten TILEAddressAnalyzer.addedAnalysis() || → &&

XMOS minimal support (additive, not disruptive):
- Add XMOS register at offset 0x5000
- Add xmos_ram (32-bit) and xmos_reg (64-bit) address spaces
- Add TILE:BE:64:xmos and TILE:LE:64:xmos language variants in ldefs
- Add xmos.support property in pspec
- Fix register count discrepancy: update CP comment from (sr0-sr35) to (sr0-sr40, 41 total)
- Add sr36-sr40 comment in TILE.pspec explaining extended system registers
- Make Emulate field final in TILEEmulateInstructionStateModifier
- Add implements EmulateInstructionStateModifier for type safety
- Change == to .equals() in TILEAddressAnalyzer for robustness
- Add documentation comment for createLibrary() null-check logic
@GhidorahRex

Copy link
Copy Markdown
Collaborator

What is "SLEC"?

@wwtraveler

wwtraveler commented Jun 23, 2026

Copy link
Copy Markdown
Author

SLEC stands for SLEIGH Language Engineering Construction. This enhancement adds definitions to improve decompiler precision — bit tokens for field mapping, macros for bit rotation, variable attachment for register clarity, and branch target definitions for computed addresses.

@jobermayr

Copy link
Copy Markdown
Contributor
> Task :TILE:sleighCompile FAILED
Compiling /tmp/ghidra/Ghidra/Processors/TILE/./data/languages/TILE.slaspec:
TILEGX.sinc line 9: extraneous input 'GP' expecting KEY_OFFSET:

define register GP    offset = 0x1000 SIZE = 8;  # General purpose registers (r0-r35)
----------------^

TILEGX.sinc line 9: expecting KEY_SIZE, unexpected token: 'SIZE':

define register GP    offset = 0x1000 SIZE = 8;  # General purpose registers (r0-r35)
--------------------------------------^

TILEGX.sinc line 9: missing COLON, unexpected ASSIGN at '=':

define register GP    offset = 0x1000 SIZE = 8;  # General purpose registers (r0-r35)
-------------------------------------------^

TILEGX.sinc line 59: missing KEY_OFFSET, unexpected ASSIGN at '=':

define context_state_size = 72;  # Safe upper bound (decompiler uses 75 as hard limit)
--------------------------^

TILEGX.sinc line 59: expecting KEY_SIZE, unexpected token: ';':

define context_state_size = 72;  # Safe upper bound (decompiler uses 75 as hard limit)
------------------------------^

TILEGX.sinc line 60: missing KEY_OFFSET, unexpected ASSIGN at '=':

define context_state_safe = (context_state_size < 75);
--------------------------^

TILEGX.sinc line 60: no viable alternative on LPAREN: '(':

define context_state_safe = (context_state_size < 75);
----------------------------^

TILEGX.sinc line 60: missing COLON, unexpected LESS at '<':

define context_state_safe = (context_state_size < 75);
------------------------------------------------^

TILEGX.sinc line 219: expecting RES_IS, unexpected token: 'with':

define mulif op=PLOAD:z(8):r8:m64:r8;  # Multiply with immediate floating-point
--------------------------------------------------^

TILEGX.sinc line 219: missing COLON, unexpected MINUS at '-':

define mulif op=PLOAD:z(8):r8:m64:r8;  # Multiply with immediate floating-point
-------------------------------------------------------------------------^

TILEGX.sinc line 220: expecting RES_IS, unexpected token: 'with':

define mulim op=PLOAD:z(16):r8:m64:r8; # Multiply with 16-bit immediate
--------------------------------------------------^

TILEGX.sinc line 220: missing COLON, unexpected WS at '\n':

define mulim op=PLOAD:z(16):r8:m64:r8; # Multiply with 16-bit immediate
-----------------------------------------------------------------------^

TILEGX.sinc line 222: expecting RES_IS, unexpected token: 'with':

define mull op=PMUL:r8:r8:r8;        # Multiply with loop semantics
------------------------------------------------^

TILEGX.sinc line 222: missing COLON, unexpected WS at '\n':

define mull op=PMUL:r8:r8:r8;        # Multiply with loop semantics
-------------------------------------------------------------------^

TILEGX.sinc line 223: expecting RES_IS, unexpected token: 'with':

define mulli op=PLOAD:z(8):r8:m64:r8; # Multiply with immediate
-------------------------------------------------^

Unrecoverable error(s), halting compilation
ghidra.sleigh.grammar.BailoutException: Abort
        at ghidra.sleigh.grammar.AbstractSleighParser.bail(AbstractSleighParser.java:35)

        at ghidra.sleigh.grammar.SleighParser.spec(SleighParser.java:511)
        at ghidra.pcodeCPort.slgh_compile.SleighCompile.run_compilation(SleighCompile.java:1869)
        at ghidra.pcodeCPort.slgh_compile.SleighCompileLauncher.compileAll(SleighCompileLauncher.java:105)
        at ghidra.pcodeCPort.slgh_compile.SleighCompileLauncher.launchCompile(SleighCompileLauncher.java:77)
        at ghidra.pcodeCPort.slgh_compile.SleighCompileLauncher.runMain(SleighCompileLauncher.java:71)
        at ghidra.pcodeCPort.slgh_compile.SleighCompile.main(SleighCompile.java:1936)
0 languages successfully compiled
/tmp/ghidra/Ghidra/Processors/TILE/./data/languages/TILE.slaspec failed to compile
1 language failed to compile

@GhidorahRex

Copy link
Copy Markdown
Collaborator

SLEC stands for SLEIGH Language Engineering Construction. This enhancement adds definitions to improve decompiler precision — bit tokens for field mapping, macros for bit rotation, variable attachment for register clarity, and branch target definitions for computed addresses.

I've never heard of this, and as @jobermayr points out, the language doesn't compile - this is not valid sleigh code, and I can't find any reference to any kind of SLEC constructs anywhere. There's no register defintions, no pattern mapping, no instruction pcode, and although there's both big- and little-endian processor definitions there's no support for that in the .sinc files.

This doesn't compile for us. How did you validate this processor module?

@ryanmkurtz ryanmkurtz added the Status: Triage Information is being gathered label Jun 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Feature: Processor Status: Triage Information is being gathered

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants