Unexpected behavior in the emulator with x86/POPFD instruction

[luc0x61]

Environment information

• Operating System: Win 11 pro
• Cutter version: 2.2.0-HEAD-c0f260c
• Obtained from:
  • Built from source
  • Downloaded release from Cutter website or GitHub
  • Distribution repository
• File format: binary, x86-32

Describe the bug

Looks like the emulator doesn't execute properly the POPFD instruction. Data is read from the stack but the stack pointer isn't incremented

To Reproduce

Steps to reproduce the behavior:

1. Load a file with a PUSH instruction followed by a POPFD
2. Start the emulator and reach the PUSH instruction, take note of the ESP
3. Execute the PUSH; the stack will be decremented and data saved, as expected
4. Execute the POPFD; data will be copied from the stack, but ESP will not be incremented as expected

Expected behavior

The ESP should be incremented after a POPFD instruction

Screenshots

Additional context

The three screenshots are in sequence, to show the behavior reported.

[luc0x61]

I don't know much about ESIL (...), but from a quick inspection I find that a PUSHFD instruction is like

0x000072e9 4,esp,-=,eflags,esp,=[4]

so the first sub-operation (microcode?) is a decrement of ESP, which is fine.
Although a POPFD is only

0x0000732e esp,[4],eflags,=

Ah-ha! Maybe it should be followed by something like 4,esp,+= ?

As a POP EBP is defined like esp,[4],4,esp,+=,ebp,= I would then expect POPFD to be esp,[4],4,esp,+=,eflags,=
Am I right?

[XVilka]

As we are focusing on the next generation of our IL, it should be resolved eventually due to the better emulation precision:

• ESIL to RZIL conversion rizin#2080
• x86 IL fixes found during tracetesting rizin#3408

cc @DMaroo