zydis_rs/decoder/

instruction.rs

//! Decoded instruction representation
//!
//! This module contains the main `DecodedInstruction` struct that holds
//! all information about a decoded x86/x64 instruction.

use super::opcode::OpcodeMap;
use super::operand::Operand;
use super::prefix::DecodedPrefixes;
use crate::data::instruction_def::{InstructionCategory, IsaSet};
use crate::isa::{InstructionAttributes, MachineMode, Mnemonic, Register};

/// Maximum number of operands an instruction can have
pub const MAX_OPERAND_COUNT: usize = 5;

/// Stack pointer modification information
///
/// Describes how an instruction modifies the stack pointer (SP/ESP/RSP).
/// This is useful for stack frame analysis and function prologue/epilogue detection.
#[derive(Debug, Clone, Copy, Default)]
pub struct StackPointerInfo {
    /// Stack pointer offset change (positive = push, negative = pop)
    /// For example, PUSH RAX sets this to +8, POP RBX sets this to -8
    pub sp_offset: i64,
    /// Whether this instruction modifies the stack pointer
    pub modifies_sp: bool,
    /// Whether this is a push operation
    pub is_push: bool,
    /// Whether this is a pop operation
    pub is_pop: bool,
    /// Whether this is a call instruction (pushes return address)
    pub is_call: bool,
    /// Whether this is a return instruction (pops return address)
    pub is_ret: bool,
    /// Size of pushed/popped data in bytes (0 if not applicable)
    pub data_size: u8,
}

impl StackPointerInfo {
    /// Create a new empty StackPointerInfo
    #[must_use]
    pub const fn new() -> Self {
        Self {
            sp_offset: 0,
            modifies_sp: false,
            is_push: false,
            is_pop: false,
            is_call: false,
            is_ret: false,
            data_size: 0,
        }
    }

    /// Create StackPointerInfo for a push operation
    #[must_use]
    pub const fn push(data_size: u8) -> Self {
        Self {
            sp_offset: data_size as i64,
            modifies_sp: true,
            is_push: true,
            is_pop: false,
            is_call: false,
            is_ret: false,
            data_size,
        }
    }

    /// Create StackPointerInfo for a pop operation
    #[must_use]
    pub const fn pop(data_size: u8) -> Self {
        Self {
            sp_offset: -(data_size as i64),
            modifies_sp: true,
            is_push: false,
            is_pop: true,
            is_call: false,
            is_ret: false,
            data_size,
        }
    }

    /// Create StackPointerInfo for a call instruction
    #[must_use]
    pub const fn call(return_address_size: u8) -> Self {
        Self {
            sp_offset: return_address_size as i64,
            modifies_sp: true,
            is_push: false,
            is_pop: false,
            is_call: true,
            is_ret: false,
            data_size: return_address_size,
        }
    }

    /// Create StackPointerInfo for a return instruction
    #[must_use]
    pub const fn ret(return_address_size: u8) -> Self {
        Self {
            sp_offset: -(return_address_size as i64),
            modifies_sp: true,
            is_push: false,
            is_pop: false,
            is_call: false,
            is_ret: true,
            data_size: return_address_size,
        }
    }

    /// Create StackPointerInfo for ENTER instruction
    /// ENTER allocates stack frame: push rbp, mov rbp rsp, sub rsp imm16
    #[must_use]
    pub const fn enter(frame_size: u16, nesting_level: u8, stack_width: u8) -> Self {
        // ENTER pushes RBP and subtracts frame_size
        // Nesting level affects additional pushes
        let base_offset = stack_width as i64 + frame_size as i64;
        let nesting_offset = if nesting_level > 0 {
            (nesting_level as i64 - 1) * (stack_width as i64)
        } else {
            0
        };
        Self {
            sp_offset: base_offset + nesting_offset,
            modifies_sp: true,
            is_push: false,
            is_pop: false,
            is_call: false,
            is_ret: false,
            data_size: stack_width,
        }
    }

    /// Create StackPointerInfo for LEAVE instruction
    /// LEAVE is equivalent to: mov rsp, rbp; pop rbp
    #[must_use]
    pub const fn leave(stack_width: u8) -> Self {
        Self {
            sp_offset: -(stack_width as i64),
            modifies_sp: true,
            is_push: false,
            is_pop: true, // LEAVE effectively pops RBP
            is_call: false,
            is_ret: false,
            data_size: stack_width,
        }
    }

    /// Get the stack pointer offset
    #[must_use]
    pub const fn offset(&self) -> i64 {
        self.sp_offset
    }

    /// Check if stack pointer is modified
    #[must_use]
    pub const fn is_stack_modifying(&self) -> bool {
        self.modifies_sp
    }

    /// Check if this is a stack push operation
    #[must_use]
    pub const fn is_stack_push(&self) -> bool {
        self.is_push
    }

    /// Check if this is a stack pop operation
    #[must_use]
    pub const fn is_stack_pop(&self) -> bool {
        self.is_pop
    }

    /// Check if this is a call instruction
    #[must_use]
    pub const fn is_call_instruction(&self) -> bool {
        self.is_call
    }

    /// Check if this is a return instruction
    #[must_use]
    pub const fn is_ret_instruction(&self) -> bool {
        self.is_ret
    }

    /// Get the data size for stack operations
    #[must_use]
    pub const fn get_data_size(&self) -> u8 {
        self.data_size
    }
}

/// A decoded x86/x64 instruction.
///
/// This structure contains all information extracted from decoding a single
/// instruction, including:
/// - The mnemonic (e.g., MOV, ADD, JMP)
/// - All operands (registers, memory, immediates)
/// - Instruction attributes and flags
/// - Raw bytes and length
/// - Encoding details (prefixes, opcode, ModRM, etc.)
#[derive(Debug, Clone)]
pub struct DecodedInstruction {
    /// The instruction mnemonic
    pub mnemonic: Mnemonic,

    /// Instruction category (data transfer, arithmetic, etc.)
    pub category: InstructionCategory,

    /// ISA set this instruction belongs to
    pub isa_set: IsaSet,

    /// Instruction attributes (flags describing properties)
    pub attributes: InstructionAttributes,

    /// Operands (up to MAX_OPERAND_COUNT)
    pub operands: [Operand; MAX_OPERAND_COUNT],

    /// Number of valid operands
    pub operand_count: u8,

    /// Raw instruction bytes
    pub bytes: [u8; 15],

    /// Instruction length in bytes (1-15)
    pub length: u8,

    /// The address this instruction was decoded at
    pub address: u64,

    /// Prefix information
    pub prefixes: DecodedPrefixes,

    /// Primary opcode byte
    pub opcode: u8,

    /// Opcode map (Default, Map0F, Map0F38, Map0F3A)
    pub opcode_map: OpcodeMap,

    /// ModRM byte (if present)
    pub modrm: Option<u8>,

    /// SIB byte (if present)
    pub sib: Option<u8>,

    /// Displacement value (if present)
    pub displacement: i64,

    /// Displacement size in bytes
    pub disp_size: u8,

    /// Immediate value (if present)
    pub immediate: u64,

    /// Immediate size in bytes
    pub imm_size: u8,

    /// The machine mode used for decoding
    pub machine_mode: MachineMode,

    /// Stack width for this instruction
    pub stack_width: u8,

    /// Effective operand size (in bits)
    pub operand_size: u16,

    /// Effective address size (in bits)
    pub address_size: u16,

    /// CPU flags accessed by this instruction
    pub cpu_flags: CpuFlags,

    /// Stack pointer modification information
    pub stack_pointer_info: StackPointerInfo,
}

impl DecodedInstruction {
    /// Create a new empty/invalid instruction
    #[must_use]
    pub fn new() -> Self {
        Self {
            mnemonic: Mnemonic::Invalid,
            category: InstructionCategory::Invalid,
            isa_set: IsaSet::I86,
            attributes: InstructionAttributes::empty(),
            operands: [Operand::default(); MAX_OPERAND_COUNT],
            operand_count: 0,
            bytes: [0; 15],
            length: 0,
            address: 0,
            prefixes: DecodedPrefixes::default(),
            opcode: 0,
            opcode_map: OpcodeMap::Default,
            modrm: None,
            sib: None,
            displacement: 0,
            disp_size: 0,
            immediate: 0,
            imm_size: 0,
            machine_mode: MachineMode::Long64,
            stack_width: 64,
            operand_size: 32,
            address_size: 64,
            cpu_flags: CpuFlags::default(),
            stack_pointer_info: StackPointerInfo::new(),
        }
    }

    /// Get the instruction bytes as a slice
    #[must_use]
    pub fn raw_bytes(&self) -> &[u8] {
        &self.bytes[..usize::from(self.length)]
    }

    /// Check if this is a valid instruction
    #[must_use]
    pub fn is_valid(&self) -> bool {
        self.length > 0 && self.mnemonic != Mnemonic::Invalid
    }

    /// Check if the instruction has a ModRM byte
    #[must_use]
    pub const fn has_modrm(&self) -> bool {
        self.modrm.is_some()
    }

    /// Check if the instruction has a SIB byte
    #[must_use]
    pub const fn has_sib(&self) -> bool {
        self.sib.is_some()
    }

    /// Check if the instruction has a displacement
    #[must_use]
    pub const fn has_displacement(&self) -> bool {
        self.disp_size > 0
    }

    /// Check if the instruction has an immediate
    #[must_use]
    pub const fn has_immediate(&self) -> bool {
        self.imm_size > 0
    }

    /// Check if this is a branch instruction
    #[must_use]
    pub const fn is_branch(&self) -> bool {
        self.attributes.contains(InstructionAttributes::IS_BRANCH)
    }

    /// Check if this is a conditional instruction
    #[must_use]
    pub const fn is_conditional(&self) -> bool {
        self.attributes
            .contains(InstructionAttributes::IS_CONDITIONAL)
    }

    /// Check if this is a privileged instruction
    #[must_use]
    pub const fn is_privileged(&self) -> bool {
        self.attributes
            .contains(InstructionAttributes::IS_PRIVILEGED)
    }

    /// Check if this instruction modifies the stack
    #[must_use]
    pub const fn is_stack_modifying(&self) -> bool {
        self.attributes
            .contains(InstructionAttributes::IS_STACK_MODIFYING)
    }

    /// Check if this is a relative branch/call
    #[must_use]
    pub const fn is_relative(&self) -> bool {
        self.attributes.contains(InstructionAttributes::IS_RELATIVE)
    }

    /// Get the next instruction address (for flow analysis)
    #[must_use]
    pub const fn next_address(&self) -> u64 {
        self.address.wrapping_add(self.length as u64)
    }

    /// Get the branch target address (if this is a relative branch)
    #[must_use]
    pub fn branch_target(&self) -> Option<u64> {
        if self.is_relative() && self.is_branch() {
            // Sign-extend displacement to 64-bit and add to next instruction address
            let target = self.next_address().wrapping_add(self.displacement as u64);
            Some(target)
        } else {
            None
        }
    }

    /// Iterate over valid operands
    pub fn operands(&self) -> impl Iterator<Item = &Operand> {
        self.operands[..usize::from(self.operand_count)].iter()
    }

    /// Get a specific operand by index
    #[must_use]
    pub fn operand(&self, index: usize) -> Option<&Operand> {
        if index < usize::from(self.operand_count) {
            Some(&self.operands[index])
        } else {
            None
        }
    }

    /// Set an operand
    pub fn set_operand(&mut self, index: usize, operand: Operand) {
        if index < MAX_OPERAND_COUNT {
            self.operands[index] = operand;
            if index >= usize::from(self.operand_count) {
                self.operand_count = (index + 1) as u8;
            }
        }
    }

    // CPU Flags access methods

    /// Get CPU flags read by this instruction
    ///
    /// Returns a bitmask of flags that are read by the instruction.
    #[must_use]
    pub const fn cpu_flags_read(&self) -> u64 {
        self.cpu_flags.read
    }

    /// Get CPU flags written by this instruction
    ///
    /// Returns a bitmask of flags that are written by the instruction.
    #[must_use]
    pub const fn cpu_flags_written(&self) -> u64 {
        self.cpu_flags.written
    }

    /// Get CPU flags modified by this instruction
    ///
    /// Returns a bitmask of flags that are both read and written by the instruction.
    #[must_use]
    pub const fn cpu_flags_modified(&self) -> u64 {
        self.cpu_flags.modified
    }

    /// Get CPU flags set to undefined values by this instruction
    ///
    /// Returns a bitmask of flags that have undefined values after the instruction executes.
    #[must_use]
    pub const fn cpu_flags_undefined(&self) -> u64 {
        self.cpu_flags.undefined
    }

    /// Get reference to the CPU flags structure
    ///
    /// Returns a reference to the complete CPU flags information.
    #[must_use]
    pub const fn get_cpu_flags(&self) -> &CpuFlags {
        &self.cpu_flags
    }

    /// Check if the instruction reads any CPU flags
    #[must_use]
    pub const fn reads_any_cpu_flag(&self) -> bool {
        self.cpu_flags.reads_any()
    }

    /// Check if the instruction writes any CPU flags
    #[must_use]
    pub const fn writes_any_cpu_flag(&self) -> bool {
        self.cpu_flags.writes_any()
    }

    /// Check if the instruction modifies any CPU flags
    #[must_use]
    pub const fn modifies_any_cpu_flag(&self) -> bool {
        self.cpu_flags.modifies_any()
    }

    /// Check if the instruction reads a specific CPU flag
    #[must_use]
    pub const fn reads_cpu_flag(&self, flag: CPUFlag) -> bool {
        self.cpu_flags.reads_flag(flag)
    }

    /// Check if the instruction writes a specific CPU flag
    #[must_use]
    pub const fn writes_cpu_flag(&self, flag: CPUFlag) -> bool {
        self.cpu_flags.writes_flag(flag)
    }

    /// Check if the instruction modifies a specific CPU flag
    #[must_use]
    pub const fn modifies_cpu_flag(&self, flag: CPUFlag) -> bool {
        self.cpu_flags.modifies_flag(flag)
    }

    // Stack pointer access methods

    /// Get stack pointer modification information
    ///
    /// Returns information about how this instruction modifies the stack pointer.
    #[must_use]
    pub const fn get_stack_pointer_info(&self) -> &StackPointerInfo {
        &self.stack_pointer_info
    }

    /// Get stack pointer offset change
    ///
    /// Returns the change in stack pointer value (positive = push, negative = pop).
    /// Returns 0 if the instruction doesn't modify the stack pointer.
    #[must_use]
    pub const fn stack_pointer_offset(&self) -> i64 {
        self.stack_pointer_info.sp_offset
    }

    /// Check if this instruction modifies the stack pointer
    #[must_use]
    pub const fn modifies_stack_pointer(&self) -> bool {
        self.stack_pointer_info.modifies_sp
    }

    /// Check if this is a stack push operation (PUSH instruction)
    #[must_use]
    pub const fn is_push(&self) -> bool {
        self.stack_pointer_info.is_push
    }

    /// Check if this is a stack pop operation (POP instruction)
    #[must_use]
    pub const fn is_pop(&self) -> bool {
        self.stack_pointer_info.is_pop
    }

    /// Check if this is a call instruction
    #[must_use]
    pub const fn is_call(&self) -> bool {
        self.stack_pointer_info.is_call
    }

    /// Check if this is a return instruction
    #[must_use]
    pub const fn is_ret(&self) -> bool {
        self.stack_pointer_info.is_ret
    }

    /// Set stack pointer info (used by decoder)
    pub fn set_stack_pointer_info(&mut self, info: StackPointerInfo) {
        self.stack_pointer_info = info;
    }

    // ============================================================================
    // Phase 5: Helper API methods (Zydis compatibility)
    // ============================================================================

    /// Get the instruction category
    ///
    /// Returns the category of this instruction (e.g., DataTransfer, Arithmetic, ControlFlow).
    #[must_use]
    pub const fn category(&self) -> InstructionCategory {
        self.category
    }

    /// Get the ISA set for this instruction
    ///
    /// Returns the instruction set extension required for this instruction
    /// (e.g., SSE, AVX, AVX512, etc.)
    #[must_use]
    pub const fn isa_set(&self) -> IsaSet {
        self.isa_set
    }

    /// Get the branch type for this instruction
    ///
    /// Returns `Some(BranchType)` if this is a branch instruction, `None` otherwise.
    #[must_use]
    pub fn branch_type(&self) -> Option<BranchType> {
        if !self.is_branch() {
            return None;
        }

        // Determine branch type based on displacement size and instruction attributes
        if self.is_conditional() {
            // Conditional branches (Jcc, LOOP, etc.)
            if self.disp_size == 1 {
                Some(BranchType::Short)
            } else {
                Some(BranchType::Near)
            }
        } else {
            // Unconditional branches (JMP, CALL, RET)
            match self.disp_size {
                1 => Some(BranchType::Short),
                2 | 4 => Some(BranchType::Near),
                _ => {
                    // Check for far branches (JMP FAR, CALL FAR)
                    if self
                        .attributes
                        .contains(InstructionAttributes::IS_FAR_BRANCH)
                    {
                        Some(BranchType::Far)
                    } else {
                        Some(BranchType::Near)
                    }
                }
            }
        }
    }

    /// Get the exception class for this instruction
    ///
    /// Returns the exception class that defines which exceptions this instruction
    /// can generate (primarily for AVX-512 and SIMD instructions).
    #[must_use]
    pub const fn exception_class(&self) -> ExceptionClass {
        // Determine exception class based on ISA set and attributes
        if self.isa_set.is_avx512() {
            ExceptionClass::EVEX
        } else if self.isa_set.is_avx() {
            ExceptionClass::VEX
        } else if self.isa_set.is_xop() {
            ExceptionClass::XOP
        } else if self.isa_set.is_sse() {
            ExceptionClass::SSE
        } else {
            ExceptionClass::None
        }
    }

    /// Calculate the absolute address for a relative operand
    ///
    /// This function computes the absolute target address for branch instructions
    /// or memory references that use RIP-relative addressing.
    ///
    /// # Arguments
    /// * `operand_index` - The index of the operand (0-based)
    /// * `rip` - The address of the next instruction (instruction address + length)
    ///
    /// # Returns
    /// * `Some(u64)` - The calculated absolute address
    /// * `None` - If the operand is not a relative address or the index is invalid
    #[must_use]
    pub fn calc_absolute_address(&self, operand_index: usize, rip: u64) -> Option<u64> {
        let operand = self.operand(operand_index)?;

        match operand.kind {
            crate::isa::OperandKind::RelativeOffset => {
                // Get the signed displacement
                let disp = operand.imm_signed()?;
                // Calculate absolute address: rip + displacement
                Some(rip.wrapping_add(disp as u64))
            }
            crate::isa::OperandKind::Memory => {
                // Check for RIP-relative addressing
                let mem = operand.mem()?;
                if mem.base == Register::RIP {
                    // RIP-relative: rip + displacement
                    Some(rip.wrapping_add(mem.displacement as u64))
                } else {
                    None
                }
            }
            _ => None,
        }
    }

    /// Get the condition code for conditional instructions
    ///
    /// Returns the condition code (0-15) for conditional instructions like Jcc, SETcc, CMOVcc.
    /// Returns `None` if this is not a conditional instruction.
    #[must_use]
    pub fn condition_code(&self) -> Option<ConditionCode> {
        if !self.is_conditional() {
            return None;
        }

        // Extract condition code from opcode
        // For Jcc, the condition is encoded in the low 4 bits of the opcode
        let opcode = self.opcode;

        // Check for common conditional instruction patterns
        match self.mnemonic {
            // Jcc short (0x70-0x7F)
            Mnemonic::JO
            | Mnemonic::JNO
            | Mnemonic::JB
            | Mnemonic::JNB
            | Mnemonic::JZ
            | Mnemonic::JNZ
            | Mnemonic::JBE
            | Mnemonic::JA
            | Mnemonic::JS
            | Mnemonic::JNS
            | Mnemonic::JP
            | Mnemonic::JNP
            | Mnemonic::JL
            | Mnemonic::JGE
            | Mnemonic::JLE
            | Mnemonic::JG => {
                let cc = if (0x70..=0x7F).contains(&opcode) {
                    opcode - 0x70
                } else if opcode == 0x0F {
                    // Two-byte Jcc (0x0F 0x80-0x8F)
                    // Need second byte
                    (self.bytes[1].wrapping_sub(0x80)) & 0x0F
                } else {
                    return None;
                };
                ConditionCode::from_u8(cc)
            }
            // SETcc (0x0F 0x90-0x9F)
            Mnemonic::SETO
            | Mnemonic::SETNO
            | Mnemonic::SETB
            | Mnemonic::SETNB
            | Mnemonic::SETZ
            | Mnemonic::SETNZ
            | Mnemonic::SETBE
            | Mnemonic::SETNBE
            | Mnemonic::SETS
            | Mnemonic::SETNS
            | Mnemonic::SETP
            | Mnemonic::SETNP
            | Mnemonic::SETL
            | Mnemonic::SETGE
            | Mnemonic::SETLE
            | Mnemonic::SETG => {
                let cc = if self.bytes.len() > 1 && self.bytes[1] >= 0x90 && self.bytes[1] <= 0x9F {
                    (self.bytes[1] - 0x90) & 0x0F
                } else {
                    return None;
                };
                ConditionCode::from_u8(cc)
            }
            // CMOVcc (0x0F 0x40-0x4F)
            Mnemonic::CMOVO
            | Mnemonic::CMOVNO
            | Mnemonic::CMOVB
            | Mnemonic::CMOVNB
            | Mnemonic::CMOVZ
            | Mnemonic::CMOVNZ
            | Mnemonic::CMOVBE
            | Mnemonic::CMOVA
            | Mnemonic::CMOVS
            | Mnemonic::CMOVNS
            | Mnemonic::CMOVP
            | Mnemonic::CMOVNP
            | Mnemonic::CMOVL
            | Mnemonic::CMOVGE
            | Mnemonic::CMOVLE
            | Mnemonic::CMOVG => {
                let cc = if self.bytes.len() > 1 && self.bytes[1] >= 0x40 && self.bytes[1] <= 0x4F {
                    (self.bytes[1] - 0x40) & 0x0F
                } else {
                    return None;
                };
                ConditionCode::from_u8(cc)
            }
            _ => None,
        }
    }
}

/// Branch type enumeration
///
/// Defines the type of branch instruction.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
#[repr(u8)]
#[derive(Default)]
pub enum BranchType {
    /// No branch type specified
    #[default]
    None,
    /// Short branch - 8-bit relative offset (±128 bytes)
    Short,
    /// Near branch - 32-bit relative offset (±2GB)
    Near,
    /// Far branch - absolute address with segment selector
    Far,
}

/// Exception class enumeration
///
/// Defines the exception class for SIMD instructions.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
#[repr(u8)]
#[derive(Default)]
pub enum ExceptionClass {
    /// No exception class
    #[default]
    None,
    /// SSE/SSE2 exception class
    SSE,
    /// AVX/AVX2 VEX-encoded exception class
    VEX,
    /// AVX-512 EVEX-encoded exception class
    EVEX,
    /// AMD XOP exception class
    XOP,
}

/// Condition code enumeration
///
/// Defines the condition codes for conditional instructions (Jcc, SETcc, CMOVcc).
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
#[repr(u8)]
pub enum ConditionCode {
    /// Overflow (OF=1)
    O = 0,
    /// No overflow (OF=0)
    NO = 1,
    /// Below/Carry (CF=1)
    B = 2,
    /// Not below/No carry (CF=0)
    NB = 3,
    /// Equal/Zero (ZF=1)
    Z = 4,
    /// Not equal/Not zero (ZF=0)
    NZ = 5,
    /// Below or equal (CF=1 or ZF=1)
    BE = 6,
    /// Above (CF=0 and ZF=0)
    A = 7,
    /// Sign (SF=1)
    S = 8,
    /// No sign (SF=0)
    NS = 9,
    /// Parity (PF=1)
    P = 10,
    /// No parity (PF=0)
    NP = 11,
    /// Less (SF!=OF)
    L = 12,
    /// Greater or equal (SF=OF)
    GE = 13,
    /// Less or equal (ZF=1 or SF!=OF)
    LE = 14,
    /// Greater (ZF=0 and SF=OF)
    G = 15,
}

impl ConditionCode {
    /// Create a ConditionCode from a u8 value
    #[must_use]
    pub const fn from_u8(value: u8) -> Option<Self> {
        match value {
            0 => Some(Self::O),
            1 => Some(Self::NO),
            2 => Some(Self::B),
            3 => Some(Self::NB),
            4 => Some(Self::Z),
            5 => Some(Self::NZ),
            6 => Some(Self::BE),
            7 => Some(Self::A),
            8 => Some(Self::S),
            9 => Some(Self::NS),
            10 => Some(Self::P),
            11 => Some(Self::NP),
            12 => Some(Self::L),
            13 => Some(Self::GE),
            14 => Some(Self::LE),
            15 => Some(Self::G),
            _ => None,
        }
    }

    /// Get the condition code name
    #[must_use]
    pub const fn name(&self) -> &'static str {
        match self {
            Self::O => "O",
            Self::NO => "NO",
            Self::B => "B",
            Self::NB => "NB",
            Self::Z => "Z",
            Self::NZ => "NZ",
            Self::BE => "BE",
            Self::A => "A",
            Self::S => "S",
            Self::NS => "NS",
            Self::P => "P",
            Self::NP => "NP",
            Self::L => "L",
            Self::GE => "GE",
            Self::LE => "LE",
            Self::G => "G",
        }
    }
}

impl Default for DecodedInstruction {
    fn default() -> Self {
        Self::new()
    }
}

/// CPU flags information
///
/// Describes which CPU flags are read, written, or modified by an instruction.
/// This matches the behavior of Zydis's CPU flags API.
#[derive(Debug, Clone, Copy, Default)]
pub struct CpuFlags {
    /// Flags read by the instruction (as a bitmask)
    pub read: u64,
    /// Flags written by the instruction (as a bitmask)
    pub written: u64,
    /// Flags modified (read and written) by the instruction (as a bitmask)
    pub modified: u64,
    /// Flags set to undefined values by the instruction (as a bitmask)
    pub undefined: u64,
}

/// CPU flag bit positions (matching Zydis definitions)
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
#[repr(u8)]
pub enum CPUFlag {
    /// Carry Flag (bit 0)
    CF = 0,
    /// Parity Flag (bit 2)
    PF = 2,
    /// Auxiliary Carry Flag (bit 4)
    AF = 4,
    /// Zero Flag (bit 6)
    ZF = 6,
    /// Sign Flag (bit 7)
    SF = 7,
    /// Trap Flag (bit 8)
    TF = 8,
    /// Interrupt Enable Flag (bit 9)
    IF = 9,
    /// Direction Flag (bit 10)
    DF = 10,
    /// Overflow Flag (bit 11)
    OF = 11,
    /// I/O Privilege Level bit 0 (bit 12)
    IOPL0 = 12,
    /// I/O Privilege Level bit 1 (bit 13)
    IOPL1 = 13,
    /// Nested Task Flag (bit 14)
    NT = 14,
    /// Resume Flag (bit 16)
    RF = 16,
    /// Virtual 8086 Mode Flag (bit 17)
    VM = 17,
    /// Alignment Check Flag (bit 18)
    AC = 18,
    /// Virtual Interrupt Flag (bit 19)
    VIF = 19,
    /// Virtual Interrupt Pending Flag (bit 20)
    VIP = 20,
    /// CPUID Flag (bit 21)
    ID = 21,
}

impl CpuFlags {
    // Flag bit masks (using u64 for more flags)
    /// Carry Flag mask
    pub const CF: u64 = 1 << 0;
    /// Parity Flag mask
    pub const PF: u64 = 1 << 2;
    /// Auxiliary Carry Flag mask
    pub const AF: u64 = 1 << 4;
    /// Zero Flag mask
    pub const ZF: u64 = 1 << 6;
    /// Sign Flag mask
    pub const SF: u64 = 1 << 7;
    /// Trap Flag mask
    pub const TF: u64 = 1 << 8;
    /// Interrupt Enable Flag mask
    pub const IF: u64 = 1 << 9;
    /// Direction Flag mask
    pub const DF: u64 = 1 << 10;
    /// Overflow Flag mask
    pub const OF: u64 = 1 << 11;
    /// I/O Privilege Level mask (bits 12-13)
    pub const IOPL: u64 = (1 << 12) | (1 << 13);
    /// Nested Task Flag mask
    pub const NT: u64 = 1 << 14;
    /// Resume Flag mask
    pub const RF: u64 = 1 << 16;
    /// Virtual 8086 Mode Flag mask
    pub const VM: u64 = 1 << 17;
    /// Alignment Check Flag mask
    pub const AC: u64 = 1 << 18;
    /// Virtual Interrupt Flag mask
    pub const VIF: u64 = 1 << 19;
    /// Virtual Interrupt Pending Flag mask
    pub const VIP: u64 = 1 << 20;
    /// CPUID Flag mask
    pub const ID: u64 = 1 << 21;

    /// Create new CPU flags info
    #[must_use]
    pub const fn new(read: u64, written: u64, modified: u64, undefined: u64) -> Self {
        Self {
            read,
            written,
            modified,
            undefined,
        }
    }

    /// Create CPU flags with only read and written (modified computed automatically)
    #[must_use]
    pub const fn from_read_written(read: u64, written: u64) -> Self {
        Self {
            read,
            written,
            modified: read & written, // Flags that are both read and written
            undefined: 0,
        }
    }

    /// Check if any flag is read
    #[must_use]
    pub const fn reads_any(&self) -> bool {
        self.read != 0
    }

    /// Check if any flag is written
    #[must_use]
    pub const fn writes_any(&self) -> bool {
        self.written != 0
    }

    /// Check if any flag is modified
    #[must_use]
    pub const fn modifies_any(&self) -> bool {
        self.modified != 0
    }

    /// Check if any flag is undefined
    #[must_use]
    pub const fn has_undefined(&self) -> bool {
        self.undefined != 0
    }

    // Individual flag read checks

    /// Check if the carry flag is read
    #[must_use]
    pub const fn reads_cf(&self) -> bool {
        (self.read & Self::CF) != 0
    }

    /// Check if the zero flag is read
    #[must_use]
    pub const fn reads_zf(&self) -> bool {
        (self.read & Self::ZF) != 0
    }

    /// Check if the sign flag is read
    #[must_use]
    pub const fn reads_sf(&self) -> bool {
        (self.read & Self::SF) != 0
    }

    /// Check if the overflow flag is read
    #[must_use]
    pub const fn reads_of(&self) -> bool {
        (self.read & Self::OF) != 0
    }

    /// Check if the parity flag is read
    #[must_use]
    pub const fn reads_pf(&self) -> bool {
        (self.read & Self::PF) != 0
    }

    /// Check if the auxiliary carry flag is read
    #[must_use]
    pub const fn reads_af(&self) -> bool {
        (self.read & Self::AF) != 0
    }

    /// Check if the direction flag is read
    #[must_use]
    pub const fn reads_df(&self) -> bool {
        (self.read & Self::DF) != 0
    }

    // Individual flag write checks

    /// Check if the carry flag is written
    #[must_use]
    pub const fn writes_cf(&self) -> bool {
        (self.written & Self::CF) != 0
    }

    /// Check if the zero flag is written
    #[must_use]
    pub const fn writes_zf(&self) -> bool {
        (self.written & Self::ZF) != 0
    }

    /// Check if the sign flag is written
    #[must_use]
    pub const fn writes_sf(&self) -> bool {
        (self.written & Self::SF) != 0
    }

    /// Check if the overflow flag is written
    #[must_use]
    pub const fn writes_of(&self) -> bool {
        (self.written & Self::OF) != 0
    }

    /// Check if the parity flag is written
    #[must_use]
    pub const fn writes_pf(&self) -> bool {
        (self.written & Self::PF) != 0
    }

    /// Check if the auxiliary carry flag is written
    #[must_use]
    pub const fn writes_af(&self) -> bool {
        (self.written & Self::AF) != 0
    }

    /// Check if the direction flag is written
    #[must_use]
    pub const fn writes_df(&self) -> bool {
        (self.written & Self::DF) != 0
    }

    // Individual flag modify checks

    /// Check if the carry flag is modified
    #[must_use]
    pub const fn modifies_cf(&self) -> bool {
        (self.modified & Self::CF) != 0
    }

    /// Check if the zero flag is modified
    #[must_use]
    pub const fn modifies_zf(&self) -> bool {
        (self.modified & Self::ZF) != 0
    }

    /// Check if the sign flag is modified
    #[must_use]
    pub const fn modifies_sf(&self) -> bool {
        (self.modified & Self::SF) != 0
    }

    /// Check if the overflow flag is modified
    #[must_use]
    pub const fn modifies_of(&self) -> bool {
        (self.modified & Self::OF) != 0
    }

    // Check if a specific flag is undefined
    /// Check if the carry flag is undefined after execution
    #[must_use]
    pub const fn undefined_cf(&self) -> bool {
        (self.undefined & Self::CF) != 0
    }

    /// Check if the zero flag is undefined after execution
    #[must_use]
    pub const fn undefined_zf(&self) -> bool {
        (self.undefined & Self::ZF) != 0
    }

    /// Check if the sign flag is undefined after execution
    #[must_use]
    pub const fn undefined_sf(&self) -> bool {
        (self.undefined & Self::SF) != 0
    }

    /// Check if the overflow flag is undefined after execution
    #[must_use]
    pub const fn undefined_of(&self) -> bool {
        (self.undefined & Self::OF) != 0
    }

    /// Check if a specific flag is read
    #[must_use]
    pub const fn reads_flag(&self, flag: CPUFlag) -> bool {
        (self.read & (1 << flag as u8)) != 0
    }

    /// Check if a specific flag is written
    #[must_use]
    pub const fn writes_flag(&self, flag: CPUFlag) -> bool {
        (self.written & (1 << flag as u8)) != 0
    }

    /// Check if a specific flag is modified
    #[must_use]
    pub const fn modifies_flag(&self, flag: CPUFlag) -> bool {
        (self.modified & (1 << flag as u8)) != 0
    }

    /// Check if a specific flag is undefined
    #[must_use]
    pub const fn is_undefined(&self, flag: CPUFlag) -> bool {
        (self.undefined & (1 << flag as u8)) != 0
    }

    /// Get flags that are either read or written
    #[must_use]
    pub const fn accessed(&self) -> u64 {
        self.read | self.written
    }

    /// Merge with another CpuFlags
    #[must_use]
    pub const fn merge(&self, other: &Self) -> Self {
        Self {
            read: self.read | other.read,
            written: self.written | other.written,
            modified: self.modified | other.modified,
            undefined: self.undefined | other.undefined,
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_decoded_instruction_new() {
        let instr = DecodedInstruction::new();
        assert_eq!(instr.mnemonic, Mnemonic::Invalid);
        assert_eq!(instr.length, 0);
        assert!(!instr.is_valid());
    }

    #[test]
    fn test_instruction_operands() {
        let mut instr = DecodedInstruction::new();
        instr.operand_count = 2;

        let count = instr.operands().count();
        assert_eq!(count, 2);
    }

    #[test]
    fn test_branch_target() {
        let mut instr = DecodedInstruction::new();
        instr.mnemonic = Mnemonic::JMP;
        instr.attributes = InstructionAttributes::IS_BRANCH | InstructionAttributes::IS_RELATIVE;
        instr.length = 5;
        instr.address = 0x1000;
        instr.displacement = 0x10;

        let target = instr.branch_target();
        assert_eq!(target, Some(0x1015)); // 0x1000 + 5 + 0x10
    }

    #[test]
    fn test_cpu_flags() {
        let flags = CpuFlags::new(CpuFlags::CF | CpuFlags::ZF, CpuFlags::OF, 0, 0);
        assert!(flags.reads_cf());
        assert!(flags.reads_zf());
        assert!(!flags.reads_sf());
        assert!(flags.writes_cf() == false);
        assert!(flags.writes_of());
    }

    #[test]
    fn test_cpu_flags_from_read_written() {
        let flags =
            CpuFlags::from_read_written(CpuFlags::CF | CpuFlags::ZF, CpuFlags::CF | CpuFlags::OF);
        assert!(flags.reads_cf());
        assert!(flags.reads_zf());
        assert!(flags.writes_cf());
        assert!(flags.writes_of());
        assert!(flags.modifies_cf()); // CF is both read and written
        assert!(!flags.modifies_zf()); // ZF is only read
        assert!(!flags.modifies_of()); // OF is only written
    }

    #[test]
    fn test_decoded_instruction_cpu_flags() {
        let mut instr = DecodedInstruction::new();
        instr.cpu_flags = CpuFlags::from_read_written(CpuFlags::CF, CpuFlags::ZF);

        assert!(instr.reads_any_cpu_flag());
        assert!(instr.writes_any_cpu_flag());
        assert!(instr.reads_cpu_flag(CPUFlag::CF));
        assert!(instr.writes_cpu_flag(CPUFlag::ZF));
        assert!(!instr.reads_cpu_flag(CPUFlag::ZF));
    }

    #[test]
    fn test_stack_pointer_info_push() {
        let info = StackPointerInfo::push(8);
        assert!(info.is_stack_modifying());
        assert!(info.is_stack_push());
        assert!(!info.is_stack_pop());
        assert_eq!(info.offset(), 8);
        assert_eq!(info.get_data_size(), 8);
    }

    #[test]
    fn test_stack_pointer_info_pop() {
        let info = StackPointerInfo::pop(8);
        assert!(info.is_stack_modifying());
        assert!(!info.is_stack_push());
        assert!(info.is_stack_pop());
        assert_eq!(info.offset(), -8);
        assert_eq!(info.get_data_size(), 8);
    }

    #[test]
    fn test_stack_pointer_info_call() {
        let info = StackPointerInfo::call(8);
        assert!(info.is_stack_modifying());
        assert!(info.is_call_instruction());
        assert!(!info.is_ret_instruction());
        assert_eq!(info.offset(), 8);
    }

    #[test]
    fn test_stack_pointer_info_ret() {
        let info = StackPointerInfo::ret(8);
        assert!(info.is_stack_modifying());
        assert!(!info.is_call_instruction());
        assert!(info.is_ret_instruction());
        assert_eq!(info.offset(), -8);
    }

    #[test]
    fn test_stack_pointer_info_enter() {
        let info = StackPointerInfo::enter(32, 0, 8);
        assert!(info.is_stack_modifying());
        // ENTER pushes RBP (8) and subtracts frame_size (32)
        assert_eq!(info.offset(), 8 + 32);
    }

    #[test]
    fn test_stack_pointer_info_leave() {
        let info = StackPointerInfo::leave(8);
        assert!(info.is_stack_modifying());
        assert!(info.is_stack_pop());
        assert_eq!(info.offset(), -8);
    }

    #[test]
    fn test_decoded_instruction_stack_pointer() {
        let mut instr = DecodedInstruction::new();
        instr.stack_pointer_info = StackPointerInfo::push(8);

        assert!(instr.modifies_stack_pointer());
        assert!(instr.is_push());
        assert!(!instr.is_pop());
        assert_eq!(instr.stack_pointer_offset(), 8);
    }
}