Documentation for INSERT, EXTRACT, and POPCOUNT operators

Ghidra/Features/Decompiler/src/main/doc/pcoderef.xml

@@ -2,7 +2,7 @@
 <article>
 <info>
   <title>P-Code Reference Manual</title>
-  <releaseinfo>Last updated September 21, 2017</releaseinfo>
+  <releaseinfo>Last updated September 5, 2019</releaseinfo>
 </info>
 <table xml:id="mytoc.htmltable" width="90%" frame='none'>
   <col width="25%"/>
@@ -84,55 +84,55 @@
 </tr>
 <tr>
  <td></td>
- <td><link linkend="cpui_int_equal">INT_EQUAL</link></td>
+ <td><link linkend="cpui_popcount">POPCOUNT</link></td>
  <td><link linkend="cpui_int_sright">INT_SRIGHT</link></td>
  <td><link linkend="cpui_float_ceil">FLOAT_CEIL</link></td>
 </tr>
 <tr>
  <td></td>
- <td><link linkend="cpui_int_notequal">INT_NOTEQUAL</link></td>
+ <td><link linkend="cpui_int_equal">INT_EQUAL</link></td>
  <td><link linkend="cpui_int_mult">INT_MULT</link></td>
  <td><link linkend="cpui_float_floor">FLOAT_FLOOR</link></td>
 </tr>
 <tr>
  <td></td>
- <td><link linkend="cpui_int_less">INT_LESS</link></td>
+ <td><link linkend="cpui_int_notequal">INT_NOTEQUAL</link></td>
  <td><link linkend="cpui_int_div">INT_DIV</link></td>
  <td><link linkend="cpui_float_round">FLOAT_ROUND</link></td>
 </tr>
 <tr>
  <td></td>
- <td><link linkend="cpui_int_sless">INT_SLESS</link></td>
+ <td><link linkend="cpui_int_less">INT_LESS</link></td>
  <td><link linkend="cpui_int_rem">INT_REM</link></td>
  <td><link linkend="cpui_float_nan">FLOAT_NAN</link></td>
 </tr>
 <tr>
  <td></td>
- <td><link linkend="cpui_int_lessequal">INT_LESSEQUAL</link></td>
+ <td><link linkend="cpui_int_sless">INT_SLESS</link></td>
  <td><link linkend="cpui_int_sdiv">INT_SDIV</link></td>
  <td><link linkend="cpui_int2float">INT2FLOAT</link></td>
 </tr>
 <tr>
  <td></td>
- <td><link linkend="cpui_int_slessequal">INT_SLESSEQUAL</link></td>
+ <td><link linkend="cpui_int_lessequal">INT_LESSEQUAL</link></td>
  <td><link linkend="cpui_int_srem">INT_SREM</link></td>
  <td><link linkend="cpui_float2float">FLOAT2FLOAT</link></td>
 </tr>
 <tr>
  <td></td>
- <td><link linkend="cpui_int_zext">INT_ZEXT</link></td>
+ <td><link linkend="cpui_int_slessequal">INT_SLESSEQUAL</link></td>
  <td><link linkend="cpui_bool_negate">BOOL_NEGATE</link></td>
  <td><link linkend="cpui_trunc">TRUNC</link></td>
 </tr>
 <tr>
  <td></td>
- <td><link linkend="cpui_int_sext">INT_SEXT</link></td>
+ <td><link linkend="cpui_int_zext">INT_ZEXT</link></td>
  <td><link linkend="cpui_bool_xor">BOOL_XOR</link></td>
  <td><link linkend="cpui_cpoolref">CPOOLREF</link></td>
 </tr>
 <tr>
  <td></td>
- <td></td>
+ <td><link linkend="cpui_int_sext">INT_SEXT</link></td>
  <td><link linkend="cpui_bool_and">BOOL_AND</link></td>
  <td><link linkend="cpui_new">NEW</link></td>
 </tr>
@@ -932,6 +932,51 @@ truncated.
 </para>
 </sect2>
 
+<sect2 id="cpui_popcount"><title>POPCOUNT</title>
+<informalexample>
+<table xml:id="popcount.htmltable" frame="above" width="80%" rules="groups">
+<col width="23%"/>
+<col width="15%"/>
+<col width="61%"/>
+<thead>
+<tr>
+  <td align="center" colspan="2"><emphasis role="bold">Parameters</emphasis></td>
+  <td><emphasis role="bold">Description</emphasis></td>
+</tr>
+</thead>
+<tbody>
+<tr>
+  <td align='right'>input0</td>
+  <td/>
+  <td>Input varnode to count.</td>
+</tr>
+<tr>
+  <td align='right'>output</td>
+  <td/>
+  <td>Resulting integer varnode containing count.</td>
+</tr>
+</tbody>
+<tfoot>
+<tr>
+  <td align="center" colspan="2"><emphasis role="bold">Semantic statement</emphasis></td>
+  <td/>
+</tr>
+<tr>
+  <td/>
+  <td colspan="2"><code>output = popcount(input0);</code></td>
+</tr>
+</tfoot>
+</table>
+</informalexample>
+<para>
+This is a bit count (population count) operator. Within the binary representation of the value
+contained in the input varnode, the number of 1 bits are counted and then returned in the
+output varnode. A value of 0 returns 0, a 4-byte varnode containing the value 2<superscript>32</superscript>-1
+(all bits set) returns 32, for instance. The input and output varnodes can have any size. The resulting
+count is zero extended into the output varnode.
+</para>
+</sect2>
+
 <sect2 id="cpui_int_equal"><title>INT_EQUAL</title>
 <informalexample>
 <table xml:id="intequal.htmltable" frame="above" width="80%" rules="groups">
@@ -3761,6 +3806,137 @@ interpretation as a data-type changes at this point.
 </para>
 </sect2>
 
+<sect2 id="cpui_insert"><title>INSERT</title>
+<informalexample>
+<table xml:id="insert.htmltable" frame="above" width="80%" rules="groups">
+<col width="23%"/>
+<col width="15%"/>
+<col width="61%"/>
+<thead>
+<tr>
+  <td align="center" colspan="2"><emphasis role="bold">Parameters</emphasis></td>
+  <td><emphasis role="bold">Description</emphasis></td>
+</tr>
+</thead>
+<tbody>
+<tr>
+  <td align='right'>input0</td>
+  <td/>
+  <td>Varnode where the value will be inserted.</td>
+</tr>
+<tr>
+  <td align='right'>input1</td>
+  <td/>
+  <td>Integer varnode containing the value to insert.</td>
+</tr>
+<tr>
+  <td align='right'>position</td>
+  <td>(<emphasis role="bold">constant</emphasis>)</td>
+  <td>Constant indicating the bit position to insert at.</td>
+</tr>
+<tr>
+  <td align='right'>size</td>
+  <td>(<emphasis role="bold">constant</emphasis>)</td>
+  <td>Constant indicating the number of bits to insert.</td>
+</tr>
+<tr>
+  <td align='right'>output</td>
+  <td/>
+  <td>Varnode result containing input0 with input1 inserted.</td>
+</tr>
+</tbody>
+<tfoot>
+<tr>
+  <td align="center" colspan="2"><emphasis role="bold">Semantic statement</emphasis></td>
+  <td/>
+</tr>
+<tr>
+  <td/>
+  <td colspan="2"><emphasis>Cannot be explicitly coded.</emphasis></td>
+</tr>
+</tfoot>
+</table>
+</informalexample>
+<para>
+The values <emphasis>position</emphasis> and <emphasis>size</emphasis> must be constants.
+The least significant <emphasis>size</emphasis> bits from input1 are
+inserted into input0, overwriting a range of bits of the same size,
+but leaving any other bits in input0 unchanged. The least significant bit of the overwritten
+range is given by <emphasis>position</emphasis>, where bits in index0 are labeled from least significant
+to most significant, starting at 0. The value obtained after this overwriting is returned
+as output.
+Varnodes input0 and output must be the same size and are intended to be the same varnode. 
+The value <emphasis>size</emphasis> must be not be bigger than the varnode input1, and
+<emphasis>size</emphasis> + <emphasis>position</emphasis> must not be bigger than the varnode input0.
+</para>
+<para>
+This operation is never generated as raw p-code, even though it is equivalent
+to SLEIGH <emphasis role="bold">bitrange</emphasis> syntax such as input0[10,1] = input1.
+</para>
+</sect2>
+
+<sect2 id="cpui_extract"><title>EXTRACT</title>
+<informalexample>
+<table xml:id="extract.htmltable" frame="above" width="80%" rules="groups">
+<col width="23%"/>
+<col width="15%"/>
+<col width="61%"/>
+<thead>
+<tr>
+  <td align="center" colspan="2"><emphasis role="bold">Parameters</emphasis></td>
+  <td><emphasis role="bold">Description</emphasis></td>
+</tr>
+</thead>
+<tbody>
+<tr>
+  <td align='right'>input0</td>
+  <td/>
+  <td>Varnode to extract a value from.</td>
+</tr>
+<tr>
+  <td align='right'>position</td>
+  <td>(<emphasis role="bold">constant</emphasis>)</td>
+  <td>Constant indicating the bit position to extract from.</td>
+</tr>
+<tr>
+  <td align='right'>size</td>
+  <td>(<emphasis role="bold">constant</emphasis>)</td>
+  <td>Constant indicating the number of bits to extract.</td>
+</tr>
+<tr>
+  <td align='right'>output</td>
+  <td/>
+  <td>Varnode result containing the extracted value.</td>
+</tr>
+</tbody>
+<tfoot>
+<tr>
+  <td align="center" colspan="2"><emphasis role="bold">Semantic statement</emphasis></td>
+  <td/>
+</tr>
+<tr>
+  <td/>
+  <td colspan="2"><emphasis>Cannot be explicitly coded.</emphasis></td>
+</tr>
+</tfoot>
+</table>
+</informalexample>
+<para>
+The values <emphasis>position</emphasis> and <emphasis>size</emphasis> must be constants.
+The operation extracts <emphasis>size</emphasis> bits from input0 and returns it in output.
+The <emphasis>position</emphasis> indicates the least significant bit in the range being extracted, with
+the bits in input0 labeled from least to most significant, starting at 0. The varnodes input0 and output
+can be different sizes, and the extracted value is zero extended into output.
+The value <emphasis>size</emphasis> must not be bigger than the varnode output, and
+<emphasis>size</emphasis> + <emphasis>position</emphasis> must not be bigger
+than the varnode input0.
+</para>
+<para>
+This operation is never generated as raw p-code, even though it is equivalent
+to SLEIGH <emphasis role="bold">bitrange</emphasis> syntax such as output = input0[10,1].
+</para>
+</sect2>
+
 </sect1>
 
 <sect1 id="reference">
@@ -3862,6 +4038,26 @@ interpretation as a data-type changes at this point.
   <td>Branch execution to value in v0 viewed as an offset into the current space.
       Hint that the branch is a subroutine return.</td>
 </tr>
+<tr>
+  <td>PIECE</td>
+  <td><code>&lt;na></code></td>
+  <td>Concatenate two varnodes into a single varnode.</td>
+</tr>
+<tr>
+  <td>SUBPIECE</td>
+  <td><code>v0:2</code></td>
+  <td>The least signficant n bytes of v0.</td>
+</tr>
+<tr>
+  <td>SUBPIECE</td>
+  <td><code>v0(2)</code></td>
+  <td>All but the least significant n bytes of v0.</td>
+</tr>
+<tr>
+  <td>POPCOUNT</td>
+  <td><code>popcount(v0)</code></td>
+  <td>Count 1 bits in v0.</td>
+</tr>
 <tr>
   <td>INT_EQUAL</td>
   <td><code>v0 == v1</code></td>
@@ -3872,38 +4068,6 @@ interpretation as a data-type changes at this point.
   <td><code>v0 != v1</code></td>
   <td>True if v0 does not equal v1.</td>
 </tr>
-<tr>
-  <td>INT_SLESS</td>
-  <td>
-    <table xml:id="sless.htmltable" frame='none'>
-      <tbody>
-      <tr>
-        <td><code>v0 s&lt; v1</code></td>
-      </tr>
-      <tr>
-        <td><code>v1 s> v0</code></td>
-      </tr>
-      </tbody>
-    </table>
-  </td>
-  <td>True if v0 is less than v1 as a signed integer.</td>
-</tr>
-<tr>
-  <td>INT_SLESSEQUAL</td>
-  <td>
-    <table xml:id="slessequal.htmltable" frame='none'>
-      <tbody>
-      <tr>
-        <td><code>v0 s&lt;= v1</code></td>
-      </tr>
-      <tr>
-        <td><code>v1 s>= v0</code></td>
-      </tr>
-      </tbody>
-    </table>
-  </td>
-  <td>True if v0 is less than or equal to v1 as a signed integer.</td>
-</tr>
 <tr>
   <td>INT_LESS</td>
   <td>
@@ -3920,6 +4084,22 @@ interpretation as a data-type changes at this point.
   </td>
   <td>True if v0 is less than v1 as an unsigned integer.</td>
 </tr>
+<tr>
+  <td>INT_SLESS</td>
+  <td>
+    <table xml:id="sless.htmltable" frame='none'>
+      <tbody>
+      <tr>
+        <td><code>v0 s&lt; v1</code></td>
+      </tr>
+      <tr>
+        <td><code>v1 s> v0</code></td>
+      </tr>
+      </tbody>
+    </table>
+  </td>
+  <td>True if v0 is less than v1 as a signed integer.</td>
+</tr>
 <tr>
   <td>INT_LESSEQUAL</td>
   <td>
@@ -3936,6 +4116,22 @@ interpretation as a data-type changes at this point.
   </td>
   <td>True if v0 is less than or equal to v1 as an unsigned integer.</td>
 </tr>
+<tr>
+  <td>INT_SLESSEQUAL</td>
+  <td>
+    <table xml:id="slessequal.htmltable" frame='none'>
+      <tbody>
+      <tr>
+        <td><code>v0 s&lt;= v1</code></td>
+      </tr>
+      <tr>
+        <td><code>v1 s>= v0</code></td>
+      </tr>
+      </tbody>
+    </table>
+  </td>
+  <td>True if v0 is less than or equal to v1 as a signed integer.</td>
+</tr>
 <tr>
   <td>INT_ZEXT</td>
   <td><code>zext(v0)</code></td>
@@ -4021,16 +4217,16 @@ interpretation as a data-type changes at this point.
   <td><code>v0 / v1</code></td>
   <td>Unsigned division of v0 by v1.</td>
 </tr>
-<tr>
-  <td>INT_SDIV</td>
-  <td><code>v0 s/ v1</code></td>
-  <td>Signed division of v0 by v1.</td>
-</tr>
 <tr>
   <td>INT_REM</td>
   <td><code>v0 % v1</code></td>
   <td>Unsigned remainder of v0 modulo v1.</td>
 </tr>
+<tr>
+  <td>INT_SDIV</td>
+  <td><code>v0 s/ v1</code></td>
+  <td>Signed division of v0 by v1.</td>
+</tr>
 <tr>
   <td>INT_SREM</td>
   <td><code>v0 s% v1</code></td>
@@ -4098,20 +4294,15 @@ interpretation as a data-type changes at this point.
   </td>
   <td>True if v0 is less than or equal to v1 viewed as floating-point numbers.</td>
 </tr>
-<tr>
-  <td>FLOAT_NAN</td>
-  <td><code>nan(v0)</code></td>
-  <td>True if v0 is not a valid floating-point number (NaN).</td>
-</tr>
 <tr>
   <td>FLOAT_ADD</td>
   <td><code>v0 f+ v1</code></td>
   <td>Addition of v0 and v1 as floating-point numbers.</td>
 </tr>
 <tr>
-  <td>FLOAT_DIV</td>
+  <td>FLOAT_SUB</td>
-  <td><code>v0 f/ v1</code></td>
+  <td><code>v0 f- v1</code></td>
-  <td>Division of v0 by v1 as floating-point numbers.</td>
+  <td>Subtraction of v1 from v0 as floating-point numbers.</td>
 </tr>
 <tr>
   <td>FLOAT_MULT</td>
@@ -4119,9 +4310,9 @@ interpretation as a data-type changes at this point.
   <td>Multiplication of v0 and v1 as floating-point numbers.</td>
 </tr>
 <tr>
-  <td>FLOAT_SUB</td>
+  <td>FLOAT_DIV</td>
-  <td><code>v0 f- v1</code></td>
+  <td><code>v0 f/ v1</code></td>
-  <td>Subtraction of v1 from v0 as floating-point numbers.</td>
+  <td>Division of v0 by v1 as floating-point numbers.</td>
 </tr>
 <tr>
   <td>FLOAT_NEG</td>
@@ -4138,21 +4329,6 @@ interpretation as a data-type changes at this point.
   <td><code>sqrt(v0)</code></td>
   <td>Square root of v0 as a floating-point number.</td>
 </tr>
-<tr>
-  <td>INT2FLOAT</td>
-  <td><code>int2float(v0)</code></td>
-  <td>Floating-point representation of v0 viewed as an integer.</td>
-</tr>
-<tr>
-  <td>FLOAT2FLOAT</td>
-  <td><code>float2float(v0)</code></td>
-  <td>Copy of floating-point number v0 with more or less precision.</td>
-</tr>
-<tr>
-  <td>TRUNC</td>
-  <td><code>trunc(v0)</code></td>
-  <td>Signed integer obtained by truncating v0 viewed as a floating-point number.</td>
-</tr>
 <tr>
   <td>FLOAT_CEIL</td>
   <td><code>ceil(v0)</code></td>
@@ -4169,19 +4345,24 @@ interpretation as a data-type changes at this point.
   <td>Nearest integral floating-point to v0, viewed as a floating-point number.</td>
 </tr>
 <tr>
-  <td>SUBPIECE</td>
+  <td>FLOAT_NAN</td>
-  <td><code>v0:2</code></td>
+  <td><code>nan(v0)</code></td>
-  <td>The least signficant n bytes of v0.</td>
+  <td>True if v0 is not a valid floating-point number (NaN).</td>
 </tr>
 <tr>
-  <td>SUBPIECE</td>
+  <td>INT2FLOAT</td>
-  <td><code>v0(2)</code></td>
+  <td><code>int2float(v0)</code></td>
-  <td>All but the least significant n bytes of v0.</td>
+  <td>Floating-point representation of v0 viewed as an integer.</td>
 </tr>
 <tr>
-  <td>PIECE</td>
+  <td>FLOAT2FLOAT</td>
-  <td><code>&lt;na></code></td>
+  <td><code>float2float(v0)</code></td>
-  <td>Concatenate two varnodes into a single varnode.</td>
+  <td>Copy of floating-point number v0 with more or less precision.</td>
+</tr>
+<tr>
+  <td>TRUNC</td>
+  <td><code>trunc(v0)</code></td>
+  <td>Signed integer obtained by truncating v0 viewed as a floating-point number.</td>
 </tr>
 <tr>
   <td>CPOOLREF</td>
@@ -4229,6 +4410,16 @@ interpretation as a data-type changes at this point.
   <td><code>&lt;na></code></td>
   <td>Construct a pointer to a field from a pointer to a structure and an offset.</td>
 </tr>
+<tr>
+  <td>INSERT</td>
+  <td><code>&lt;na></code></td>
+  <td>Insert a value as a bit-range into a varnode</td>
+</tr>
+<tr>
+  <td>EXTRACT</td>
+  <td><code>&lt;na></code></td>
+  <td>Extract a bit-range from a varnode</td>
+</tr>
 </tbody>
 </table>
 </informalexample>

Ghidra/Features/Decompiler/src/main/doc/sleigh.xml

@@ -4,7 +4,7 @@
   <title>SLEIGH</title>
   <subtitle>A Language for Rapid Processor Specification</subtitle>
   <pubdate>Originally published December 16, 2005</pubdate>
-  <releaseinfo>Last updated September 1, 2017</releaseinfo>
+  <releaseinfo>Last updated September 5, 2019</releaseinfo>
 </info>
 <simplesect>
 <info>
@@ -279,7 +279,7 @@ general purpose processor instruction sets. They break up into groups.
 </tr>
 <tr>
   <td>Logical</td>
-  <td><code>INT_NEGATE, INT_XOR, INT_AND, INT_OR, INT_LEFT, INT_RIGHT, INT_SRIGHT</code></td>
+  <td><code>INT_NEGATE, INT_XOR, INT_AND, INT_OR, INT_LEFT, INT_RIGHT, INT_SRIGHT, POPCOUNT</code></td>
 </tr>
 <tr>
   <td>Integer Comparison</td>
@@ -3803,6 +3803,12 @@ to lowest.
       truncated depending on result size.
   </td>
 </tr>
+<tr>
+  <td><code>POPCOUNT</code></td>
+  <td><code>popcount(v0)</code></td>
+  <td>Count the number of 1 bits in v0.
+  </td>
+</tr>
 <tr>
   <td><code>(simulated)</code></td>
   <td><code>v0[6,1]</code></td>

Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/pcodeCPort/slgh_compile/PcodeCompile.java

@@ -79,11 +79,11 @@ public abstract class PcodeCompile {
 	public abstract SectionVector finalNamedSection(SectionVector vec, ConstructTpl section);
 
 	/**
-	 * 
+	 * Handle a sleigh 'macro' invocation, returning the resulting p-code op templates (OpTpl)
-	 * @param location
+	 * @param location is the file/line where the macro is invoked
-	 * @param sym MacroSymbol
+	 * @param sym MacroSymbol is the macro symbol
-	 * @param param
+	 * @param param is the parsed list of operand expressions
-	 * @return
+	 * @return a list of p-code op templates
 	 */
 	public abstract VectorSTL<OpTpl> createMacroUse(Location location, MacroSymbol sym,
 			VectorSTL<ExprTree> param);
@@ -904,7 +904,7 @@ public abstract class PcodeCompile {
 			return true;
 		}
 		if (o instanceof List) {
-			List l = (List) o;
+			List<?> l = (List<?>) o;
 			for (Object t : l) {
 				if (isLocationIsh(t)) {
 					return true;
@@ -912,7 +912,7 @@ public abstract class PcodeCompile {
 			}
 		}
 		if (o instanceof VectorSTL) {
-			VectorSTL v = (VectorSTL) o;
+			VectorSTL<?> v = (VectorSTL<?>) o;
 			for (Object t : v) {
 				if (isLocationIsh(t)) {
 					return true;
@@ -924,8 +924,12 @@ public abstract class PcodeCompile {
 
 	/**
 	 * EXTREMELY IMPORTANT: keep this up to date with isInternalFunction below!!!
-	 * @param name
+	 * Lookup the given identifier as part of parsing p-code with functional syntax.
-	 * @return
+	 * Build the resulting p-code expression object from the parsed operand expressions.
+	 * @param location identifies the file/line where the p-code is parsed from
+	 * @param name is the given functional identifier
+	 * @param operands is the ordered list of operand expressions
+	 * @return the new expression (ExprTree) object
 	 */
 	public Object findInternalFunction(Location location, String name, VectorSTL<ExprTree> operands) {
 		ExprTree r = null;
@@ -1013,8 +1017,10 @@ public abstract class PcodeCompile {
 
 	/**
 	 * EXTREMELY IMPORTANT: keep this up to date with findInternalFunction above!!!
-	 * @param name
+	 * Determine if the given identifier is a sleigh internal function. Used to
-	 * @return
+	 * prevent user-defined p-code names from colliding with internal names
+	 * @param name is the given identifier to check
+	 * @return true if the identifier is a reserved internal function
 	 */
 	public boolean isInternalFunction(String name) {
 		if ("zext".equals(name)) {
@@ -1068,6 +1074,9 @@ public abstract class PcodeCompile {
 		if ("newobject".equals(name)) {
 			return true;
 		}
+		if ("popcount".equals(name)) {
+			return true;
+		}
 
 		return false;
 	}

GhidraDocs/languages/html/additionalpcode.html

@@ -301,6 +301,135 @@ This operator is intended specifically for when the value doesn't change but its
 interpretation as a data-type changes at this point.
 </p>
 </div>
+<div class="sect2">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="cpui_insert"></a>INSERT</h3></div></div></div>
+<div class="informalexample"><div class="table">
+<a name="insert.htmltable"></a><table frame="above" width="80%" rules="groups">
+<col width="23%">
+<col width="15%">
+<col width="61%">
+<thead><tr>
+  <td align="center" colspan="2"><span class="bold"><strong>Parameters</strong></span></td>
+  <td><span class="bold"><strong>Description</strong></span></td>
+</tr></thead>
+<tbody>
+<tr>
+  <td align="right">input0</td>
+  <td></td>
+  <td>Varnode where the value will be inserted.</td>
+</tr>
+<tr>
+  <td align="right">input1</td>
+  <td></td>
+  <td>Integer varnode containing the value to insert.</td>
+</tr>
+<tr>
+  <td align="right">position</td>
+  <td>(<span class="bold"><strong>constant</strong></span>)</td>
+  <td>Constant indicating the bit position to insert at.</td>
+</tr>
+<tr>
+  <td align="right">size</td>
+  <td>(<span class="bold"><strong>constant</strong></span>)</td>
+  <td>Constant indicating the number of bits to insert.</td>
+</tr>
+<tr>
+  <td align="right">output</td>
+  <td></td>
+  <td>Varnode result containing input0 with input1 inserted.</td>
+</tr>
+</tbody>
+<tfoot>
+<tr>
+  <td align="center" colspan="2"><span class="bold"><strong>Semantic statement</strong></span></td>
+  <td></td>
+</tr>
+<tr>
+  <td></td>
+  <td colspan="2"><span class="emphasis"><em>Cannot be explicitly coded.</em></span></td>
+</tr>
+</tfoot>
+</table>
+</div></div>
+<p>
+The values <span class="emphasis"><em>position</em></span> and <span class="emphasis"><em>size</em></span> must be constants.
+The least significant <span class="emphasis"><em>size</em></span> bits from input1 are
+inserted into input0, overwriting a range of bits of the same size,
+but leaving any other bits in input0 unchanged. The least significant bit of the overwritten
+range is given by <span class="emphasis"><em>position</em></span>, where bits in index0 are labeled from least significant
+to most significant, starting at 0. The value obtained after this overwriting is returned
+as output.
+Varnodes input0 and output must be the same size and are intended to be the same varnode. 
+The value <span class="emphasis"><em>size</em></span> must be not be bigger than the varnode input1, and
+<span class="emphasis"><em>size</em></span> + <span class="emphasis"><em>position</em></span> must not be bigger than the varnode input0.
+</p>
+<p>
+This operation is never generated as raw p-code, even though it is equivalent
+to SLEIGH <span class="bold"><strong>bitrange</strong></span> syntax such as input0[10,1] = input1.
+</p>
+</div>
+<div class="sect2">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="cpui_extract"></a>EXTRACT</h3></div></div></div>
+<div class="informalexample"><div class="table">
+<a name="extract.htmltable"></a><table frame="above" width="80%" rules="groups">
+<col width="23%">
+<col width="15%">
+<col width="61%">
+<thead><tr>
+  <td align="center" colspan="2"><span class="bold"><strong>Parameters</strong></span></td>
+  <td><span class="bold"><strong>Description</strong></span></td>
+</tr></thead>
+<tbody>
+<tr>
+  <td align="right">input0</td>
+  <td></td>
+  <td>Varnode to extract a value from.</td>
+</tr>
+<tr>
+  <td align="right">position</td>
+  <td>(<span class="bold"><strong>constant</strong></span>)</td>
+  <td>Constant indicating the bit position to extract from.</td>
+</tr>
+<tr>
+  <td align="right">size</td>
+  <td>(<span class="bold"><strong>constant</strong></span>)</td>
+  <td>Constant indicating the number of bits to extract.</td>
+</tr>
+<tr>
+  <td align="right">output</td>
+  <td></td>
+  <td>Varnode result containing the extracted value.</td>
+</tr>
+</tbody>
+<tfoot>
+<tr>
+  <td align="center" colspan="2"><span class="bold"><strong>Semantic statement</strong></span></td>
+  <td></td>
+</tr>
+<tr>
+  <td></td>
+  <td colspan="2"><span class="emphasis"><em>Cannot be explicitly coded.</em></span></td>
+</tr>
+</tfoot>
+</table>
+</div></div>
+<p>
+The values <span class="emphasis"><em>position</em></span> and <span class="emphasis"><em>size</em></span> must be constants.
+The operation extracts <span class="emphasis"><em>size</em></span> bits from input0 and returns it in output.
+The <span class="emphasis"><em>position</em></span> indicates the least significant bit in the range being extracted, with
+the bits in input0 labeled from least to most significant, starting at 0. The varnodes input0 and output
+can be different sizes, and the extracted value is zero extended into output.
+The value <span class="emphasis"><em>size</em></span> must not be bigger than the varnode output, and
+<span class="emphasis"><em>size</em></span> + <span class="emphasis"><em>position</em></span> must not be bigger
+than the varnode input0.
+</p>
+<p>
+This operation is never generated as raw p-code, even though it is equivalent
+to SLEIGH <span class="bold"><strong>bitrange</strong></span> syntax such as output = input0[10,1].
+</p>
+</div>
 </div>
 <div class="navfooter">
 <hr>

GhidraDocs/languages/html/pcodedescription.html

@@ -632,6 +632,50 @@ truncated.
 </div>
 <div class="sect2">
 <div class="titlepage"><div><div><h3 class="title">
+<a name="cpui_popcount"></a>POPCOUNT</h3></div></div></div>
+<div class="informalexample"><div class="table">
+<a name="popcount.htmltable"></a><table frame="above" width="80%" rules="groups">
+<col width="23%">
+<col width="15%">
+<col width="61%">
+<thead><tr>
+  <td align="center" colspan="2"><span class="bold"><strong>Parameters</strong></span></td>
+  <td><span class="bold"><strong>Description</strong></span></td>
+</tr></thead>
+<tbody>
+<tr>
+  <td align="right">input0</td>
+  <td></td>
+  <td>Input varnode to count.</td>
+</tr>
+<tr>
+  <td align="right">output</td>
+  <td></td>
+  <td>Resulting integer varnode containing count.</td>
+</tr>
+</tbody>
+<tfoot>
+<tr>
+  <td align="center" colspan="2"><span class="bold"><strong>Semantic statement</strong></span></td>
+  <td></td>
+</tr>
+<tr>
+  <td></td>
+  <td colspan="2"><code class="code">output = popcount(input0);</code></td>
+</tr>
+</tfoot>
+</table>
+</div></div>
+<p>
+This is a bit count (population count) operator. Within the binary representation of the value
+contained in the input varnode, the number of 1 bits are counted and then returned in the
+output varnode. A value of 0 returns 0, a 4-byte varnode containing the value 2<sup>32</sup>-1
+(all bits set) returns 32, for instance. The input and output varnodes can have any size. The resulting
+count is zero extended into the output varnode.
+</p>
+</div>
+<div class="sect2">
+<div class="titlepage"><div><div><h3 class="title">
 <a name="cpui_int_equal"></a>INT_EQUAL</h3></div></div></div>
 <div class="informalexample"><div class="table">
 <a name="intequal.htmltable"></a><table frame="above" width="80%" rules="groups">

GhidraDocs/languages/html/pcoderef.html

@@ -25,8 +25,8 @@
 <div class="titlepage">
 <div>
 <div><h1 class="title">
-<a name="idm140369391421344"></a>P-Code Reference Manual</h1></div>
+<a name="idm140035470386944"></a>P-Code Reference Manual</h1></div>
-<div><p class="releaseinfo">Last updated September 21, 2017</p></div>
+<div><p class="releaseinfo">Last updated September 5, 2019</p></div>
 </div>
 <hr>
 </div>
@@ -111,55 +111,55 @@
 </tr>
 <tr>
  <td></td>
- <td><a class="link" href="pcodedescription.html#cpui_int_equal" title="INT_EQUAL">INT_EQUAL</a></td>
+ <td><a class="link" href="pcodedescription.html#cpui_popcount" title="POPCOUNT">POPCOUNT</a></td>
  <td><a class="link" href="pcodedescription.html#cpui_int_sright" title="INT_SRIGHT">INT_SRIGHT</a></td>
  <td><a class="link" href="pcodedescription.html#cpui_float_ceil" title="FLOAT_CEIL">FLOAT_CEIL</a></td>
 </tr>
 <tr>
  <td></td>
- <td><a class="link" href="pcodedescription.html#cpui_int_notequal" title="INT_NOTEQUAL">INT_NOTEQUAL</a></td>
+ <td><a class="link" href="pcodedescription.html#cpui_int_equal" title="INT_EQUAL">INT_EQUAL</a></td>
  <td><a class="link" href="pcodedescription.html#cpui_int_mult" title="INT_MULT">INT_MULT</a></td>
  <td><a class="link" href="pcodedescription.html#cpui_float_floor" title="FLOAT_FLOOR">FLOAT_FLOOR</a></td>
 </tr>
 <tr>
  <td></td>
- <td><a class="link" href="pcodedescription.html#cpui_int_less" title="INT_LESS">INT_LESS</a></td>
+ <td><a class="link" href="pcodedescription.html#cpui_int_notequal" title="INT_NOTEQUAL">INT_NOTEQUAL</a></td>
  <td><a class="link" href="pcodedescription.html#cpui_int_div" title="INT_DIV">INT_DIV</a></td>
  <td><a class="link" href="pcodedescription.html#cpui_float_round" title="FLOAT_ROUND">FLOAT_ROUND</a></td>
 </tr>
 <tr>
  <td></td>
- <td><a class="link" href="pcodedescription.html#cpui_int_sless" title="INT_SLESS">INT_SLESS</a></td>
+ <td><a class="link" href="pcodedescription.html#cpui_int_less" title="INT_LESS">INT_LESS</a></td>
  <td><a class="link" href="pcodedescription.html#cpui_int_rem" title="INT_REM">INT_REM</a></td>
  <td><a class="link" href="pcodedescription.html#cpui_float_nan" title="FLOAT_NAN">FLOAT_NAN</a></td>
 </tr>
 <tr>
  <td></td>
- <td><a class="link" href="pcodedescription.html#cpui_int_lessequal" title="INT_LESSEQUAL">INT_LESSEQUAL</a></td>
+ <td><a class="link" href="pcodedescription.html#cpui_int_sless" title="INT_SLESS">INT_SLESS</a></td>
  <td><a class="link" href="pcodedescription.html#cpui_int_sdiv" title="INT_SDIV">INT_SDIV</a></td>
  <td><a class="link" href="pcodedescription.html#cpui_int2float" title="INT2FLOAT">INT2FLOAT</a></td>
 </tr>
 <tr>
  <td></td>
- <td><a class="link" href="pcodedescription.html#cpui_int_slessequal" title="INT_SLESSEQUAL">INT_SLESSEQUAL</a></td>
+ <td><a class="link" href="pcodedescription.html#cpui_int_lessequal" title="INT_LESSEQUAL">INT_LESSEQUAL</a></td>
  <td><a class="link" href="pcodedescription.html#cpui_int_srem" title="INT_SREM">INT_SREM</a></td>
  <td><a class="link" href="pcodedescription.html#cpui_float2float" title="FLOAT2FLOAT">FLOAT2FLOAT</a></td>
 </tr>
 <tr>
  <td></td>
- <td><a class="link" href="pcodedescription.html#cpui_int_zext" title="INT_ZEXT">INT_ZEXT</a></td>
+ <td><a class="link" href="pcodedescription.html#cpui_int_slessequal" title="INT_SLESSEQUAL">INT_SLESSEQUAL</a></td>
  <td><a class="link" href="pcodedescription.html#cpui_bool_negate" title="BOOL_NEGATE">BOOL_NEGATE</a></td>
  <td><a class="link" href="pcodedescription.html#cpui_trunc" title="TRUNC">TRUNC</a></td>
 </tr>
 <tr>
  <td></td>
- <td><a class="link" href="pcodedescription.html#cpui_int_sext" title="INT_SEXT">INT_SEXT</a></td>
+ <td><a class="link" href="pcodedescription.html#cpui_int_zext" title="INT_ZEXT">INT_ZEXT</a></td>
  <td><a class="link" href="pcodedescription.html#cpui_bool_xor" title="BOOL_XOR">BOOL_XOR</a></td>
  <td><a class="link" href="pseudo-ops.html#cpui_cpoolref" title="CPOOLREF">CPOOLREF</a></td>
 </tr>
 <tr>
  <td></td>
- <td></td>
+ <td><a class="link" href="pcodedescription.html#cpui_int_sext" title="INT_SEXT">INT_SEXT</a></td>
  <td><a class="link" href="pcodedescription.html#cpui_bool_and" title="BOOL_AND">BOOL_AND</a></td>
  <td><a class="link" href="pseudo-ops.html#cpui_new" title="NEW">NEW</a></td>
 </tr>
@@ -215,7 +215,7 @@ The core concepts of p-code are:
 </p>
 <div class="sect2">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="idm140369383722496"></a>Address Space</h3></div></div></div>
+<a name="idm140035470234080"></a>Address Space</h3></div></div></div>
 <p>
 The <span class="bold"><strong>address space</strong></span> for p-code is a generalization
 of RAM. It is defined simply as an indexed sequence of bytes that can
@@ -256,7 +256,7 @@ any of the other p-code operations.
 </div>
 <div class="sect2">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="idm140369383712800"></a>Varnode</h3></div></div></div>
+<a name="idm140035470224608"></a>Varnode</h3></div></div></div>
 <p>
 A <span class="bold"><strong>varnode</strong></span> is a generalization of
 either a register or a memory location. It is represented by the formal triple:
@@ -303,7 +303,7 @@ on them by the p-code operations that use them.
 </div>
 <div class="sect2">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="idm140369383704432"></a>P-code Operation</h3></div></div></div>
+<a name="idm140035470216864"></a>P-code Operation</h3></div></div></div>
 <p>
 A <span class="bold"><strong>p-code operation</strong></span> is the analog of a
 machine instruction. All p-code operations have the same basic format

GhidraDocs/languages/html/reference.html

@@ -119,6 +119,26 @@
   <td>Branch execution to value in v0 viewed as an offset into the current space.
       Hint that the branch is a subroutine return.</td>
 </tr>
+<tr>
+  <td>PIECE</td>
+  <td><code class="code">&lt;na&gt;</code></td>
+  <td>Concatenate two varnodes into a single varnode.</td>
+</tr>
+<tr>
+  <td>SUBPIECE</td>
+  <td><code class="code">v0:2</code></td>
+  <td>The least signficant n bytes of v0.</td>
+</tr>
+<tr>
+  <td>SUBPIECE</td>
+  <td><code class="code">v0(2)</code></td>
+  <td>All but the least significant n bytes of v0.</td>
+</tr>
+<tr>
+  <td>POPCOUNT</td>
+  <td><code class="code">popcount(v0)</code></td>
+  <td>Count 1 bits in v0.</td>
+</tr>
 <tr>
   <td>INT_EQUAL</td>
   <td><code class="code">v0 == v1</code></td>
@@ -129,38 +149,6 @@
   <td><code class="code">v0 != v1</code></td>
   <td>True if v0 does not equal v1.</td>
 </tr>
-<tr>
-  <td>INT_SLESS</td>
-  <td>
-    <div class="table">
-<a name="sless.htmltable"></a><table frame="none"><tbody>
-<tr>
-        <td><code class="code">v0 s&lt; v1</code></td>
-      </tr>
-<tr>
-        <td><code class="code">v1 s&gt; v0</code></td>
-      </tr>
-</tbody></table>
-</div>
-  </td>
-  <td>True if v0 is less than v1 as a signed integer.</td>
-</tr>
-<tr>
-  <td>INT_SLESSEQUAL</td>
-  <td>
-    <div class="table">
-<a name="slessequal.htmltable"></a><table frame="none"><tbody>
-<tr>
-        <td><code class="code">v0 s&lt;= v1</code></td>
-      </tr>
-<tr>
-        <td><code class="code">v1 s&gt;= v0</code></td>
-      </tr>
-</tbody></table>
-</div>
-  </td>
-  <td>True if v0 is less than or equal to v1 as a signed integer.</td>
-</tr>
 <tr>
   <td>INT_LESS</td>
   <td>
@@ -177,6 +165,22 @@
   </td>
   <td>True if v0 is less than v1 as an unsigned integer.</td>
 </tr>
+<tr>
+  <td>INT_SLESS</td>
+  <td>
+    <div class="table">
+<a name="sless.htmltable"></a><table frame="none"><tbody>
+<tr>
+        <td><code class="code">v0 s&lt; v1</code></td>
+      </tr>
+<tr>
+        <td><code class="code">v1 s&gt; v0</code></td>
+      </tr>
+</tbody></table>
+</div>
+  </td>
+  <td>True if v0 is less than v1 as a signed integer.</td>
+</tr>
 <tr>
   <td>INT_LESSEQUAL</td>
   <td>
@@ -193,6 +197,22 @@
   </td>
   <td>True if v0 is less than or equal to v1 as an unsigned integer.</td>
 </tr>
+<tr>
+  <td>INT_SLESSEQUAL</td>
+  <td>
+    <div class="table">
+<a name="slessequal.htmltable"></a><table frame="none"><tbody>
+<tr>
+        <td><code class="code">v0 s&lt;= v1</code></td>
+      </tr>
+<tr>
+        <td><code class="code">v1 s&gt;= v0</code></td>
+      </tr>
+</tbody></table>
+</div>
+  </td>
+  <td>True if v0 is less than or equal to v1 as a signed integer.</td>
+</tr>
 <tr>
   <td>INT_ZEXT</td>
   <td><code class="code">zext(v0)</code></td>
@@ -278,16 +298,16 @@
   <td><code class="code">v0 / v1</code></td>
   <td>Unsigned division of v0 by v1.</td>
 </tr>
-<tr>
-  <td>INT_SDIV</td>
-  <td><code class="code">v0 s/ v1</code></td>
-  <td>Signed division of v0 by v1.</td>
-</tr>
 <tr>
   <td>INT_REM</td>
   <td><code class="code">v0 % v1</code></td>
   <td>Unsigned remainder of v0 modulo v1.</td>
 </tr>
+<tr>
+  <td>INT_SDIV</td>
+  <td><code class="code">v0 s/ v1</code></td>
+  <td>Signed division of v0 by v1.</td>
+</tr>
 <tr>
   <td>INT_SREM</td>
   <td><code class="code">v0 s% v1</code></td>
@@ -355,20 +375,15 @@
   </td>
   <td>True if v0 is less than or equal to v1 viewed as floating-point numbers.</td>
 </tr>
-<tr>
-  <td>FLOAT_NAN</td>
-  <td><code class="code">nan(v0)</code></td>
-  <td>True if v0 is not a valid floating-point number (NaN).</td>
-</tr>
 <tr>
   <td>FLOAT_ADD</td>
   <td><code class="code">v0 f+ v1</code></td>
   <td>Addition of v0 and v1 as floating-point numbers.</td>
 </tr>
 <tr>
-  <td>FLOAT_DIV</td>
+  <td>FLOAT_SUB</td>
-  <td><code class="code">v0 f/ v1</code></td>
+  <td><code class="code">v0 f- v1</code></td>
-  <td>Division of v0 by v1 as floating-point numbers.</td>
+  <td>Subtraction of v1 from v0 as floating-point numbers.</td>
 </tr>
 <tr>
   <td>FLOAT_MULT</td>
@@ -376,9 +391,9 @@
   <td>Multiplication of v0 and v1 as floating-point numbers.</td>
 </tr>
 <tr>
-  <td>FLOAT_SUB</td>
+  <td>FLOAT_DIV</td>
-  <td><code class="code">v0 f- v1</code></td>
+  <td><code class="code">v0 f/ v1</code></td>
-  <td>Subtraction of v1 from v0 as floating-point numbers.</td>
+  <td>Division of v0 by v1 as floating-point numbers.</td>
 </tr>
 <tr>
   <td>FLOAT_NEG</td>
@@ -395,21 +410,6 @@
   <td><code class="code">sqrt(v0)</code></td>
   <td>Square root of v0 as a floating-point number.</td>
 </tr>
-<tr>
-  <td>INT2FLOAT</td>
-  <td><code class="code">int2float(v0)</code></td>
-  <td>Floating-point representation of v0 viewed as an integer.</td>
-</tr>
-<tr>
-  <td>FLOAT2FLOAT</td>
-  <td><code class="code">float2float(v0)</code></td>
-  <td>Copy of floating-point number v0 with more or less precision.</td>
-</tr>
-<tr>
-  <td>TRUNC</td>
-  <td><code class="code">trunc(v0)</code></td>
-  <td>Signed integer obtained by truncating v0 viewed as a floating-point number.</td>
-</tr>
 <tr>
   <td>FLOAT_CEIL</td>
   <td><code class="code">ceil(v0)</code></td>
@@ -426,19 +426,24 @@
   <td>Nearest integral floating-point to v0, viewed as a floating-point number.</td>
 </tr>
 <tr>
-  <td>SUBPIECE</td>
+  <td>FLOAT_NAN</td>
-  <td><code class="code">v0:2</code></td>
+  <td><code class="code">nan(v0)</code></td>
-  <td>The least signficant n bytes of v0.</td>
+  <td>True if v0 is not a valid floating-point number (NaN).</td>
 </tr>
 <tr>
-  <td>SUBPIECE</td>
+  <td>INT2FLOAT</td>
-  <td><code class="code">v0(2)</code></td>
+  <td><code class="code">int2float(v0)</code></td>
-  <td>All but the least significant n bytes of v0.</td>
+  <td>Floating-point representation of v0 viewed as an integer.</td>
 </tr>
 <tr>
-  <td>PIECE</td>
+  <td>FLOAT2FLOAT</td>
-  <td><code class="code">&lt;na&gt;</code></td>
+  <td><code class="code">float2float(v0)</code></td>
-  <td>Concatenate two varnodes into a single varnode.</td>
+  <td>Copy of floating-point number v0 with more or less precision.</td>
+</tr>
+<tr>
+  <td>TRUNC</td>
+  <td><code class="code">trunc(v0)</code></td>
+  <td>Signed integer obtained by truncating v0 viewed as a floating-point number.</td>
 </tr>
 <tr>
   <td>CPOOLREF</td>
@@ -486,6 +491,16 @@
   <td><code class="code">&lt;na&gt;</code></td>
   <td>Construct a pointer to a field from a pointer to a structure and an offset.</td>
 </tr>
+<tr>
+  <td>INSERT</td>
+  <td><code class="code">&lt;na&gt;</code></td>
+  <td>Insert a value as a bit-range into a varnode</td>
+</tr>
+<tr>
+  <td>EXTRACT</td>
+  <td><code class="code">&lt;na&gt;</code></td>
+  <td>Extract a bit-range from a varnode</td>
+</tr>
 </tbody>
 </table>
 </div></div>

GhidraDocs/languages/html/sleigh.html

@@ -25,9 +25,9 @@
 <div class="titlepage">
 <div>
 <div><h1 class="title">
-<a name="idm140310883308288"></a>SLEIGH</h1></div>
+<a name="idm140016193433872"></a>SLEIGH</h1></div>
 <div><h3 class="subtitle"><i>A Language for Rapid Processor Specification</i></h3></div>
-<div><p class="releaseinfo">Last updated September 1, 2017</p></div>
+<div><p class="releaseinfo">Last updated September 5, 2019</p></div>
 <div><p class="pubdate">Originally published December 16, 2005</p></div>
 </div>
 <hr>
@@ -35,51 +35,51 @@
 <div class="toc">
 <p><b>Table of Contents</b></p>
 <dl class="toc">
-<dt><span class="sect1"><a href="sleigh.html#idm140310875627168">1. Introduction to P-Code</a></span></dt>
+<dt><span class="sect1"><a href="sleigh.html#idm140016193411168">1. Introduction to P-Code</a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="sleigh.html#idm140310875617744">1.1. Address Spaces</a></span></dt>
+<dt><span class="sect2"><a href="sleigh.html#idm140016193402816">1.1. Address Spaces</a></span></dt>
 <dt><span class="sect2"><a href="sleigh.html#sleigh_varnodes">1.2. Varnodes</a></span></dt>
-<dt><span class="sect2"><a href="sleigh.html#idm140310875600592">1.3. Operations</a></span></dt>
+<dt><span class="sect2"><a href="sleigh.html#idm140016193387168">1.3. Operations</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="sleigh_layout.html">2. Basic Specification Layout</a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="sleigh_layout.html#idm140310875562464">2.1. Comments</a></span></dt>
+<dt><span class="sect2"><a href="sleigh_layout.html#idm140016193347968">2.1. Comments</a></span></dt>
-<dt><span class="sect2"><a href="sleigh_layout.html#idm140310875560064">2.2. Identifiers</a></span></dt>
+<dt><span class="sect2"><a href="sleigh_layout.html#idm140016193345328">2.2. Identifiers</a></span></dt>
-<dt><span class="sect2"><a href="sleigh_layout.html#idm140310875558464">2.3. Strings</a></span></dt>
+<dt><span class="sect2"><a href="sleigh_layout.html#idm140016193343696">2.3. Strings</a></span></dt>
-<dt><span class="sect2"><a href="sleigh_layout.html#idm140310875556736">2.4. Integers</a></span></dt>
+<dt><span class="sect2"><a href="sleigh_layout.html#idm140016193341936">2.4. Integers</a></span></dt>
-<dt><span class="sect2"><a href="sleigh_layout.html#idm140310875552544">2.5. White Space</a></span></dt>
+<dt><span class="sect2"><a href="sleigh_layout.html#idm140016193337552">2.5. White Space</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="sleigh_preprocessing.html">3. Preprocessing</a></span></dt>
 <dd><dl>
 <dt><span class="sect2"><a href="sleigh_preprocessing.html#sleigh_including_files">3.1. Including Files</a></span></dt>
-<dt><span class="sect2"><a href="sleigh_preprocessing.html#idm140310875545072">3.2. Preprocessor Macros</a></span></dt>
+<dt><span class="sect2"><a href="sleigh_preprocessing.html#idm140016193329920">3.2. Preprocessor Macros</a></span></dt>
-<dt><span class="sect2"><a href="sleigh_preprocessing.html#idm140310875538656">3.3. Conditional Compilation</a></span></dt>
+<dt><span class="sect2"><a href="sleigh_preprocessing.html#idm140016193323088">3.3. Conditional Compilation</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="sleigh_definitions.html">4. Basic Definitions</a></span></dt>
 <dd><dl>
 <dt><span class="sect2"><a href="sleigh_definitions.html#sleigh_endianess_definition">4.1. Endianess Definition</a></span></dt>
-<dt><span class="sect2"><a href="sleigh_definitions.html#idm140310875502768">4.2. Alignment Definition</a></span></dt>
+<dt><span class="sect2"><a href="sleigh_definitions.html#idm140016193284896">4.2. Alignment Definition</a></span></dt>
-<dt><span class="sect2"><a href="sleigh_definitions.html#idm140310875499872">4.3. Space Definitions</a></span></dt>
+<dt><span class="sect2"><a href="sleigh_definitions.html#idm140016193281872">4.3. Space Definitions</a></span></dt>
 <dt><span class="sect2"><a href="sleigh_definitions.html#sleigh_naming_registers">4.4. Naming Registers</a></span></dt>
-<dt><span class="sect2"><a href="sleigh_definitions.html#idm140310875464736">4.5. Bit Range Registers</a></span></dt>
+<dt><span class="sect2"><a href="sleigh_definitions.html#idm140016193245424">4.5. Bit Range Registers</a></span></dt>
-<dt><span class="sect2"><a href="sleigh_definitions.html#idm140310875451744">4.6. User-Defined Operations</a></span></dt>
+<dt><span class="sect2"><a href="sleigh_definitions.html#idm140016193233216">4.6. User-Defined Operations</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="sleigh_symbols.html">5. Introduction to Symbols</a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="sleigh_symbols.html#idm140310875423632">5.1. Notes on Namespaces</a></span></dt>
+<dt><span class="sect2"><a href="sleigh_symbols.html#idm140016193206464">5.1. Notes on Namespaces</a></span></dt>
 <dt><span class="sect2"><a href="sleigh_symbols.html#sleigh_predefined_symbols">5.2. Predefined Symbols</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="sleigh_tokens.html">6. Tokens and Fields</a></span></dt>
 <dd><dl>
 <dt><span class="sect2"><a href="sleigh_tokens.html#sleigh_defining_tokens">6.1. Defining Tokens and Fields</a></span></dt>
-<dt><span class="sect2"><a href="sleigh_tokens.html#idm140310875384864">6.2. Fields as Family Symbols</a></span></dt>
+<dt><span class="sect2"><a href="sleigh_tokens.html#idm140016193166064">6.2. Fields as Family Symbols</a></span></dt>
-<dt><span class="sect2"><a href="sleigh_tokens.html#idm140310875379232">6.3. Attaching Alternate Meanings to Fields</a></span></dt>
+<dt><span class="sect2"><a href="sleigh_tokens.html#idm140016193160240">6.3. Attaching Alternate Meanings to Fields</a></span></dt>
 <dt><span class="sect2"><a href="sleigh_tokens.html#sleigh_context_variables">6.4. Context Variables</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="sleigh_constructors.html">7. Constructors</a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="sleigh_constructors.html#idm140310875336416">7.1. The Five Sections of a Constructor</a></span></dt>
+<dt><span class="sect2"><a href="sleigh_constructors.html#idm140016193117504">7.1. The Five Sections of a Constructor</a></span></dt>
-<dt><span class="sect2"><a href="sleigh_constructors.html#idm140310875331696">7.2. The Table Header</a></span></dt>
+<dt><span class="sect2"><a href="sleigh_constructors.html#idm140016193112928">7.2. The Table Header</a></span></dt>
 <dt><span class="sect2"><a href="sleigh_constructors.html#sleigh_display_section">7.3. The Display Section</a></span></dt>
 <dt><span class="sect2"><a href="sleigh_constructors.html#sleigh_bit_pattern">7.4. The Bit Pattern Section</a></span></dt>
 <dt><span class="sect2"><a href="sleigh_constructors.html#sleigh_disassembly_actions">7.5. Disassembly Actions Section</a></span></dt>
@@ -87,12 +87,12 @@
 <dt><span class="sect2"><a href="sleigh_constructors.html#sleigh_semantic_section">7.7. The Semantic Section</a></span></dt>
 <dt><span class="sect2"><a href="sleigh_constructors.html#sleigh_tables">7.8. Tables</a></span></dt>
 <dt><span class="sect2"><a href="sleigh_constructors.html#sleigh_macros">7.9. P-code Macros</a></span></dt>
-<dt><span class="sect2"><a href="sleigh_constructors.html#idm140310874869072">7.10. Build Directives</a></span></dt>
+<dt><span class="sect2"><a href="sleigh_constructors.html#idm140016192659536">7.10. Build Directives</a></span></dt>
-<dt><span class="sect2"><a href="sleigh_constructors.html#idm140310874860096">7.11. Delay Slot Directives</a></span></dt>
+<dt><span class="sect2"><a href="sleigh_constructors.html#idm140016192651168">7.11. Delay Slot Directives</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="sleigh_context.html">8. Using Context</a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="sleigh_context.html#idm140310874839872">8.1. Basic Use of Context Variables</a></span></dt>
+<dt><span class="sect2"><a href="sleigh_context.html#idm140016192630992">8.1. Basic Use of Context Variables</a></span></dt>
 <dt><span class="sect2"><a href="sleigh_context.html#sleigh_local_change">8.2. Local Context Change</a></span></dt>
 <dt><span class="sect2"><a href="sleigh_context.html#sleigh_global_change">8.3. Global Context Change</a></span></dt>
 </dl></dd>
@@ -101,7 +101,7 @@
 </div>
 <div class="simplesect">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="idm140310875635936"></a>History</h2></div></div></div>
+<a name="idm140016193435456"></a>History</h2></div></div></div>
 <p>
   This document describes the syntax for the SLEIGH processor
   specification language, which was developed for the GHIDRA
@@ -129,7 +129,7 @@
 </div>
 <div class="simplesect">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="idm140310875632160"></a>Overview</h2></div></div></div>
+<a name="idm140016193415136"></a>Overview</h2></div></div></div>
 <p>
 SLEIGH is a language for describing the instruction sets of general
 purpose microprocessors, in order to facilitate the reverse
@@ -162,7 +162,7 @@ Italics are used when defining terms and for named entities. Bold is used for SL
 </div>
 <div class="sect1">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="idm140310875627168"></a>1. Introduction to P-Code</h2></div></div></div>
+<a name="idm140016193411168"></a>1. Introduction to P-Code</h2></div></div></div>
 <p>
 Although p-code is a distinct language from SLEIGH, because a major
 purpose of SLEIGH is to specify the translation from machine code to
@@ -221,7 +221,7 @@ respectively.
 </p>
 <div class="sect2">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="idm140310875617744"></a>1.1. Address Spaces</h3></div></div></div>
+<a name="idm140016193402816"></a>1.1. Address Spaces</h3></div></div></div>
 <p>
 An <span class="emphasis"><em>address</em></span> space for p-code is a generalization of
 the indexed memory (RAM) that a typical processor has access to, and
@@ -322,7 +322,7 @@ must be provided and enforced by the specification designer.
 </div>
 <div class="sect2">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="idm140310875600592"></a>1.3. Operations</h3></div></div></div>
+<a name="idm140016193387168"></a>1.3. Operations</h3></div></div></div>
 <p>
 P-code is intended to emulate a target processor by substituting a
 sequence of p-code operations for each machine instruction. Thus every
@@ -372,7 +372,7 @@ general purpose processor instruction sets. They break up into groups.
 </tr>
 <tr>
   <td>Logical</td>
-  <td><code class="code">INT_NEGATE, INT_XOR, INT_AND, INT_OR, INT_LEFT, INT_RIGHT, INT_SRIGHT</code></td>
+  <td><code class="code">INT_NEGATE, INT_XOR, INT_AND, INT_OR, INT_LEFT, INT_RIGHT, INT_SRIGHT, POPCOUNT</code></td>
 </tr>
 <tr>
   <td>Integer Comparison</td>

GhidraDocs/languages/html/sleigh_constructors.html

@@ -60,7 +60,7 @@ multiple constructors into a single table are addressed in <a class="xref" href=
 </p>
 <div class="sect2">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="idm140310875336416"></a>7.1. The Five Sections of a Constructor</h3></div></div></div>
+<a name="idm140016193117504"></a>7.1. The Five Sections of a Constructor</h3></div></div></div>
 <p>
 A single complex statement in the specification file describes a
 constructor. This statement is always made up of five distinct
@@ -92,7 +92,7 @@ in turn.
 </div>
 <div class="sect2">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="idm140310875331696"></a>7.2. The Table Header</h3></div></div></div>
+<a name="idm140016193112928"></a>7.2. The Table Header</h3></div></div></div>
 <p>
 Every constructor must be part of a table, which is the element with
 an actual family symbol identifier associated with it. So each
@@ -230,7 +230,7 @@ no such requirement.
 </div>
 <div class="sect3">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="idm140310875301664"></a>7.3.2. The '^' character</h4></div></div></div>
+<a name="idm140016193083344"></a>7.3.2. The '^' character</h4></div></div></div>
 <p>
 The &#8216;^&#8217; character in the display section is used to separate
 identifiers from other characters where there shouldn&#8217;t be white space
@@ -278,7 +278,7 @@ to <span class="emphasis"><em>match</em></span> the constructor being defined.
 </p>
 <div class="sect3">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="idm140310875290224"></a>7.4.1. Constraints</h4></div></div></div>
+<a name="idm140016193071904"></a>7.4.1. Constraints</h4></div></div></div>
 <p>
 The patterns required for processor specifications can almost always
 be described as a mask and value pair. Given a specific instruction
@@ -337,7 +337,7 @@ requires two or more mask/value style checks to correctly implement.
 </div>
 <div class="sect3">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="idm140310875276048"></a>7.4.3. Defining Operands and Invoking Subtables</h4></div></div></div>
+<a name="idm140016193057968"></a>7.4.3. Defining Operands and Invoking Subtables</h4></div></div></div>
 <p>
 The principle way of defining a constructor operand, left undefined
 from the display section, is done in the bit pattern section. If an
@@ -396,7 +396,7 @@ statement of the grouping of old symbols into the new constructor.
 </div>
 <div class="sect3">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="idm140310875264640"></a>7.4.4. Variable Length Instructions</h4></div></div></div>
+<a name="idm140016193046560"></a>7.4.4. Variable Length Instructions</h4></div></div></div>
 <p>
 There are some additional complexities to designing a specification
 for a processor with variable length instructions. Some initial
@@ -419,7 +419,7 @@ designer control over how tokens fit together.
 </p>
 <div class="sect4">
 <div class="titlepage"><div><div><h5 class="title">
-<a name="idm140310875261168"></a>7.4.4.1. The ';' Operator</h5></div></div></div>
+<a name="idm140016193043088"></a>7.4.4.1. The ';' Operator</h5></div></div></div>
 <p>
 The most important operator for patterns defining variable length
 instructions is the concatenation operator &#8216;;&#8217;. When building a
@@ -481,7 +481,7 @@ operator, so parentheses may be necessary to get the intended meaning.
 </div>
 <div class="sect4">
 <div class="titlepage"><div><div><h5 class="title">
-<a name="idm140310875245856"></a>7.4.4.2. The '...' Operator</h5></div></div></div>
+<a name="idm140016193027776"></a>7.4.4.2. The '...' Operator</h5></div></div></div>
 <p>
 The ellipsis operator &#8216;...&#8217; is used to satisfy the token matching
 requirements of the &#8216;&amp;&#8217; and &#8216;|&#8217; operators (described in the previous
@@ -557,7 +557,7 @@ don&#8217;t quite match the assembly.
 </div>
 <div class="sect3">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="idm140310875225296"></a>7.4.6. Empty Patterns</h4></div></div></div>
+<a name="idm140016193007488"></a>7.4.6. Empty Patterns</h4></div></div></div>
 <p>
 Occasionally there is a need for an empty pattern when building
 tables. An empty pattern matches everything. There is a predefined
@@ -567,7 +567,7 @@ to indicate an empty pattern.
 </div>
 <div class="sect3">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="idm140310875223456"></a>7.4.7. Advanced Constraints</h4></div></div></div>
+<a name="idm140016193005648"></a>7.4.7. Advanced Constraints</h4></div></div></div>
 <p>
 A constraint does not have to be of the form &#8220;field = constant&#8221;,
 although this is almost always what is needed. In certain situations,
@@ -939,7 +939,7 @@ varnode is <span class="emphasis"><em>r1</em></span>.
 </p>
 <div class="sect3">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="idm140310875112560"></a>7.7.1. Expressions</h4></div></div></div>
+<a name="idm140016192898096"></a>7.7.1. Expressions</h4></div></div></div>
 <p>
 Expressions are built out of symbols and the binary and unary
 operators listed in <a class="xref" href="sleigh_ref.html#syntaxref.htmltable" title="Table 5. Semantic Expression Operators and Syntax">Table 5, &#8220;Semantic Expression Operators and Syntax&#8221;</a> in the
@@ -954,7 +954,7 @@ within expressions to affect this order.
 </p>
 <div class="sect4">
 <div class="titlepage"><div><div><h5 class="title">
-<a name="idm140310875109808"></a>7.7.1.1. Arithmetic, Logical and Boolean Operators</h5></div></div></div>
+<a name="idm140016192895760"></a>7.7.1.1. Arithmetic, Logical and Boolean Operators</h5></div></div></div>
 <p>
 For the most part these operators should be familiar to software
 developers. The only real differences arise from the fact that
@@ -1017,7 +1017,7 @@ set to something other than one.
 </div>
 <div class="sect4">
 <div class="titlepage"><div><div><h5 class="title">
-<a name="idm140310875097040"></a>7.7.1.3. Extension</h5></div></div></div>
+<a name="idm140016192883312"></a>7.7.1.3. Extension</h5></div></div></div>
 <p>
 Most processors have instructions that extend small values into big
 values, and many instructions do these minor data manipulations
@@ -1039,7 +1039,7 @@ the <span class="bold"><strong>sext</strong></span> operator.
 </div>
 <div class="sect4">
 <div class="titlepage"><div><div><h5 class="title">
-<a name="idm140310875090432"></a>7.7.1.4. Truncation</h5></div></div></div>
+<a name="idm140016192876752"></a>7.7.1.4. Truncation</h5></div></div></div>
 <p>
 There are two forms of syntax indicating a truncation of the input
 varnode. In one the varnode is followed by a colon &#8216;:&#8217; and an integer
@@ -1169,7 +1169,7 @@ the offset portion of the address, and to copy the desired value, the
 </div>
 <div class="sect4">
 <div class="titlepage"><div><div><h5 class="title">
-<a name="idm140310875065552"></a>7.7.1.7. Managed Code Operations</h5></div></div></div>
+<a name="idm140016192851952"></a>7.7.1.7. Managed Code Operations</h5></div></div></div>
 <p>
 SLEIGH provides basic support for instructions where encoding and context
 don't provide a complete description of the semantics. This is the case
@@ -1231,7 +1231,7 @@ define pcodeop arctan;
 </div>
 <div class="sect3">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="idm140310875053152"></a>7.7.2. Statements</h4></div></div></div>
+<a name="idm140016192839392"></a>7.7.2. Statements</h4></div></div></div>
 <p>
 We describe the types of semantic statements that are allowed in SLEIGH.
 </p>
@@ -1305,7 +1305,7 @@ and may be enforced in future compiler versions.
 </div>
 <div class="sect4">
 <div class="titlepage"><div><div><h5 class="title">
-<a name="idm140310875039872"></a>7.7.2.2. Storage Statements</h5></div></div></div>
+<a name="idm140016192826448"></a>7.7.2.2. Storage Statements</h5></div></div></div>
 <p>
 SLEIGH supports fairly standard <span class="emphasis"><em>storage statement</em></span>
 syntax to complement the load operator. The left-hand side of an
@@ -1336,7 +1336,7 @@ attribute is set to something other than one.
 </div>
 <div class="sect4">
 <div class="titlepage"><div><div><h5 class="title">
-<a name="idm140310875033936"></a>7.7.2.3. Exports</h5></div></div></div>
+<a name="idm140016192820512"></a>7.7.2.3. Exports</h5></div></div></div>
 <p>
 The semantic section doesn&#8217;t just specify how to generate p-code for a
 constructor. Except for those constructors in the root table, this
@@ -1388,7 +1388,7 @@ varnode being modified to be exported as an integer constant.
 </div>
 <div class="sect4">
 <div class="titlepage"><div><div><h5 class="title">
-<a name="idm140310875022416"></a>7.7.2.4. Dynamic References</h5></div></div></div>
+<a name="idm140016192809280"></a>7.7.2.4. Dynamic References</h5></div></div></div>
 <p>
 The only other operator allowed as part of
 an <span class="bold"><strong>export</strong></span> statement, is the &#8216;*&#8217;
@@ -1447,7 +1447,7 @@ levels.
 </div>
 <div class="sect4">
 <div class="titlepage"><div><div><h5 class="title">
-<a name="idm140310875008816"></a>7.7.2.5. Branching Statements</h5></div></div></div>
+<a name="idm140016192795680"></a>7.7.2.5. Branching Statements</h5></div></div></div>
 <p>
 This section discusses statements that generate p-code branching
 operations. These are listed in <a class="xref" href="sleigh_ref.html#branchref.htmltable" title="Table 7. Branching Statements">Table 7, &#8220;Branching Statements&#8221;</a>, in the Appendix.
@@ -1802,7 +1802,7 @@ each followed by a variation which corrects the error.
 </div>
 <div class="sect3">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="idm140310874940000"></a>7.7.4. Unimplemented Semantics</h4></div></div></div>
+<a name="idm140016192728656"></a>7.7.4. Unimplemented Semantics</h4></div></div></div>
 <p>
 The semantic section must be present for every constructor in the
 specification. But the designer can leave the semantics explicitly
@@ -1962,7 +1962,7 @@ should generally be avoided.
 </div>
 <div class="sect3">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="idm140310874912352"></a>7.8.2. Specific Symbol Trees</h4></div></div></div>
+<a name="idm140016192701504"></a>7.8.2. Specific Symbol Trees</h4></div></div></div>
 <p>
 When the SLEIGH parser analyzes an instruction, it starts with the
 root symbol <span class="emphasis"><em>instruction</em></span>, and decides which of the
@@ -2045,7 +2045,7 @@ and p-code for these encodings by walking the trees.
 </p>
 <div class="sect4">
 <div class="titlepage"><div><div><h5 class="title">
-<a name="idm140310874892992"></a>7.8.2.1. Disassembly Trees</h5></div></div></div>
+<a name="idm140016192682592"></a>7.8.2.1. Disassembly Trees</h5></div></div></div>
 <p>
 If the nodes of each tree are replaced with the display information of
 the corresponding specific symbol, we see how the disassembly
@@ -2068,7 +2068,7 @@ statements corresponding to the original instruction encodings.
 </div>
 <div class="sect4">
 <div class="titlepage"><div><div><h5 class="title">
-<a name="idm140310874886224"></a>7.8.2.2. P-code Trees</h5></div></div></div>
+<a name="idm140016192676208"></a>7.8.2.2. P-code Trees</h5></div></div></div>
 <p>
 A similar procedure produces the resulting p-code translation of the
 instruction. If each node in the specific symbol tree is replaced with
@@ -2147,7 +2147,7 @@ directive however should not be used in a macro.
 </div>
 <div class="sect2">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="idm140310874869072"></a>7.10. Build Directives</h3></div></div></div>
+<a name="idm140016192659536"></a>7.10. Build Directives</h3></div></div></div>
 <p>
 Because the nodes of a specific symbol tree are traversed in a
 depth-first order, the p-code for a child node in general comes before
@@ -2202,7 +2202,7 @@ normal action of the instruction.
 </div>
 <div class="sect2">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="idm140310874860096"></a>7.11. Delay Slot Directives</h3></div></div></div>
+<a name="idm140016192651168"></a>7.11. Delay Slot Directives</h3></div></div></div>
 <p>
 For processors with a pipe-lined architecture, multiple instructions
 are typically executing simultaneously. This can lead to processor

GhidraDocs/languages/html/sleigh_context.html

@@ -85,7 +85,7 @@ whose encodings are otherwise the same.
 </p>
 <div class="sect2">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="idm140310874839872"></a>8.1. Basic Use of Context Variables</h3></div></div></div>
+<a name="idm140016192630992"></a>8.1. Basic Use of Context Variables</h3></div></div></div>
 <p>
 Suppose a processor supports the use of two different sets of
 registers in its main addressing mode, based on the setting of a

GhidraDocs/languages/html/sleigh_definitions.html

@@ -55,7 +55,7 @@ specification language will hide endianess issues.
 </div>
 <div class="sect2">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="idm140310875502768"></a>4.2. Alignment Definition</h3></div></div></div>
+<a name="idm140016193284896"></a>4.2. Alignment Definition</h3></div></div></div>
 <p>
 An alignment definition looks like
 </p>
@@ -72,7 +72,7 @@ instruction as an error.
 </div>
 <div class="sect2">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="idm140310875499872"></a>4.3. Space Definitions</h3></div></div></div>
+<a name="idm140016193281872"></a>4.3. Space Definitions</h3></div></div></div>
 <p>
 The definition of an address space looks like
 </p>
@@ -227,7 +227,7 @@ define register offset=0 size=1
 </div>
 <div class="sect2">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="idm140310875464736"></a>4.5. Bit Range Registers</h3></div></div></div>
+<a name="idm140016193245424"></a>4.5. Bit Range Registers</h3></div></div></div>
 <p>
 Many processors define registers that either consist of a single bit
 or otherwise don't use an integral number of bytes. A recurring
@@ -298,7 +298,7 @@ used as an alternate syntax for defining overlapping registers.
 </div>
 <div class="sect2">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="idm140310875451744"></a>4.6. User-Defined Operations</h3></div></div></div>
+<a name="idm140016193233216"></a>4.6. User-Defined Operations</h3></div></div></div>
 <p>
 The specification designer can define new p-code operations using
 a <span class="bold"><strong>define pcodeop</strong></span> statement.  This

GhidraDocs/languages/html/sleigh_layout.html

@@ -36,7 +36,7 @@ by the compiler.
 </p>
 <div class="sect2">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="idm140310875562464"></a>2.1. Comments</h3></div></div></div>
+<a name="idm140016193347968"></a>2.1. Comments</h3></div></div></div>
 <p>
 Comments start with the &#8216;#&#8217; character and continue to the end of the
 line. Comments can appear anywhere except the <span class="emphasis"><em>display section</em></span> of a
@@ -46,7 +46,7 @@ interpreted as something that should be printed in disassembly.
 </div>
 <div class="sect2">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="idm140310875560064"></a>2.2. Identifiers</h3></div></div></div>
+<a name="idm140016193345328"></a>2.2. Identifiers</h3></div></div></div>
 <p>
 Identifiers are made up of letters a-z, capitals A-Z, digits 0-9 and
 the characters &#8216;.&#8217; and &#8216;_&#8217;. An identifier can use these characters in
@@ -55,7 +55,7 @@ any order and for any length, but it must not start with a digit.
 </div>
 <div class="sect2">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="idm140310875558464"></a>2.3. Strings</h3></div></div></div>
+<a name="idm140016193343696"></a>2.3. Strings</h3></div></div></div>
 <p>
 String literals can be used, when specifying names and when specifying
 how disassembly should be printed, so that special characters are
@@ -66,7 +66,7 @@ meaning.
 </div>
 <div class="sect2">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="idm140310875556736"></a>2.4. Integers</h3></div></div></div>
+<a name="idm140016193341936"></a>2.4. Integers</h3></div></div></div>
 <p>
 Integers are specified either in a decimal format or in a standard
 <span class="emphasis"><em>C-style</em></span> hexadecimal format by prepending the
@@ -92,7 +92,7 @@ integers internally with 64 bits of precision.
 </div>
 <div class="sect2">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="idm140310875552544"></a>2.5. White Space</h3></div></div></div>
+<a name="idm140016193337552"></a>2.5. White Space</h3></div></div></div>
 <p>
 White space characters include space, tab, line-feed, vertical
 line-feed, and carriage-return (&#8216; &#8216;, &#8216;\t&#8217;, &#8216;\r&#8217;, &#8216;\v&#8217;,

GhidraDocs/languages/html/sleigh_preprocessing.html

@@ -54,7 +54,7 @@ own <span class="bold"><strong>@include</strong></span> directives.
 </div>
 <div class="sect2">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="idm140310875545072"></a>3.2. Preprocessor Macros</h3></div></div></div>
+<a name="idm140016193329920"></a>3.2. Preprocessor Macros</h3></div></div></div>
 <p>
 SLEIGH allows simple (unparameterized) macro definitions and
 expansions. A macro definition occurs on one line and starts with
@@ -85,7 +85,7 @@ definition of a macro from that point on in the file.
 </div>
 <div class="sect2">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="idm140310875538656"></a>3.3. Conditional Compilation</h3></div></div></div>
+<a name="idm140016193323088"></a>3.3. Conditional Compilation</h3></div></div></div>
 <p>
 SLEIGH supports several directives that allow conditional inclusion of
 parts of a specification, based on the existence of a macro, or its
@@ -103,7 +103,7 @@ and <span class="bold"><strong>@endif</strong></span>.
 </p>
 <div class="sect3">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="idm140310875532832"></a>3.3.1. @ifdef and @ifndef</h4></div></div></div>
+<a name="idm140016193316944"></a>3.3.1. @ifdef and @ifndef</h4></div></div></div>
 <p>
 The <span class="bold"><strong>@ifdef</strong></span> directive is followed by a
 macro identifier and evaluates to true if the macro is defined.
@@ -129,7 +129,7 @@ or <span class="bold"><strong>@elif</strong></span> directive (See below).
 </div>
 <div class="sect3">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="idm140310875526896"></a>3.3.2. @if</h4></div></div></div>
+<a name="idm140016193310672"></a>3.3.2. @if</h4></div></div></div>
 <p>
 The <span class="bold"><strong>@if</strong></span> directive is followed by a
 boolean expression with macros as the variables and strings as the
@@ -158,7 +158,7 @@ is defined.
 </div>
 <div class="sect3">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="idm140310875520240"></a>3.3.3. @else and @elif</h4></div></div></div>
+<a name="idm140016193303584"></a>3.3.3. @else and @elif</h4></div></div></div>
 <p>
 An <span class="bold"><strong>@else</strong></span> directive splits the lines
 bounded by an <span class="bold"><strong>@if</strong></span> directive and

GhidraDocs/languages/html/sleigh_ref.html

@@ -77,6 +77,12 @@ to lowest.
       truncated depending on result size.
   </td>
 </tr>
+<tr>
+  <td><code class="code">POPCOUNT</code></td>
+  <td><code class="code">popcount(v0)</code></td>
+  <td>Count the number of 1 bits in v0.
+  </td>
+</tr>
 <tr>
   <td><code class="code">(simulated)</code></td>
   <td><code class="code">v0[6,1]</code></td>

GhidraDocs/languages/html/sleigh_symbols.html

@@ -105,7 +105,7 @@ the predefined identifier <span class="emphasis"><em>instruction</em></span>.
 </p>
 <div class="sect2">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="idm140310875423632"></a>5.1. Notes on Namespaces</h3></div></div></div>
+<a name="idm140016193206464"></a>5.1. Notes on Namespaces</h3></div></div></div>
 <p>
 Almost all identifiers live in the same global "scope". The global scope includes
 </p>

GhidraDocs/languages/html/sleigh_tokens.html

@@ -74,7 +74,7 @@ different names.
 </div>
 <div class="sect2">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="idm140310875384864"></a>6.2. Fields as Family Symbols</h3></div></div></div>
+<a name="idm140016193166064"></a>6.2. Fields as Family Symbols</h3></div></div></div>
 <p>
 Fields are the most basic form of family symbol; they define a natural
 map from instruction bits to a specific symbol as follows. We take the
@@ -99,7 +99,7 @@ the <span class="bold"><strong>dec</strong></span> attribute is not supported]
 </div>
 <div class="sect2">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="idm140310875379232"></a>6.3. Attaching Alternate Meanings to Fields</h3></div></div></div>
+<a name="idm140016193160240"></a>6.3. Attaching Alternate Meanings to Fields</h3></div></div></div>
 <p>
 The default interpretation of a field is probably the most natural but
 of course processors interpret fields within an instruction in a wide
@@ -110,7 +110,7 @@ interpretations must be built up out of tables.
 </p>
 <div class="sect3">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="idm140310875377152"></a>6.3.1. Attaching Registers</h4></div></div></div>
+<a name="idm140016193158096"></a>6.3.1. Attaching Registers</h4></div></div></div>
 <p>
 Probably <span class="emphasis"><em>the</em></span> most common processor interpretation
 of a field is as an encoding of a particular register. In SLEIGH this
@@ -149,7 +149,7 @@ of the instruction.
 </div>
 <div class="sect3">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="idm140310875368784"></a>6.3.2. Attaching Other Integers</h4></div></div></div>
+<a name="idm140016193149824"></a>6.3.2. Attaching Other Integers</h4></div></div></div>
 <p>
 Sometimes a processor interprets a field as an integer but not the
 integer given by the default interpretation. A different integer
@@ -171,7 +171,7 @@ unspecified positions in the list using a &#8216;_&#8217;]
 </div>
 <div class="sect3">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="idm140310875363504"></a>6.3.3. Attaching Names</h4></div></div></div>
+<a name="idm140016193144192"></a>6.3.3. Attaching Names</h4></div></div></div>
 <p>
 It is possible to just modify the display characteristics of a field
 without changing the semantic meaning. The need for this is rare, but

GhidraDocs/languages/index.html

@@ -9,7 +9,7 @@
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article">
 <div class="titlepage">
 <div><div><h1 class="title">
-<a name="idm140699092179664"></a>Ghidra Language Specification</h1></div></div>
+<a name="idm140117518810752"></a>Ghidra Language Specification</h1></div></div>
 <hr>
 </div>
 <p>