Optimize Capstone disassembly performance across the stack

Thread-safe per-handle O(1) lookup tables in Capstone X86:
- Move lookup tables from static globals to cs_struct fields
- Build tables in X86_global_init(), free in cs_close()
- Add find_insn_h() and X86_insn_reg_{intel,att}_h() per-handle variants
- Keep binary search fallback for decoder paths without handle access
- Replace vsnprintf number formatting with fast custom formatters in SStream
- Use memset for MCInst tied_op_idx initialization

ARM plugin (plugin_cs.c):
- Switch from allocating cs_disasm() to stack-based cs_disasm_iter()
- Replace r_str_newf mnemonic construction with direct malloc+memcpy

x86 plugin (plugin_cs.c):
- Replace r_str_newf + r_str_replace (2 allocs) with single malloc + in-place memmove
- Remove redundant per-instruction cs_option(CS_OPT_DETAIL) call
- Inline cs_len_prefix_opcode() for branch penalty elimination

Core disassembly (disasm.c):
- Compute decode_mask once based on display settings (asm.emu, asm.cmt.esil)
- Skip ESIL/OPEX generation when not needed for display
- Use R_ARCH_OP_MASK_BASIC for color-only decode paths

Analysis (fcn.c):
- Remove R_ARCH_OP_MASK_ESIL from default analysis loop for non-ARM archs
- ESIL generation only when architecture needs it for pattern matching

https://claude.ai/code/session_01KDR9eBZ4vEAftFBQ2vuhmr

Author: claude

libr/anal/fcn.c

@@ -853,7 +853,9 @@ static int fcn_recurse(RAnal *anal, RAnalFunction *fcn, ut64 addr, ut64 len, int
 	ra->cache_addr = UT64_MAX; // invalidate the cache
 
 	op = r_anal_op_new ();
-	const ut32 opflags = R_ARCH_OP_MASK_BASIC | R_ARCH_OP_MASK_ESIL | R_ARCH_OP_MASK_VAL | R_ARCH_OP_MASK_HINT;
+	// only request ESIL when needed (ARM uses it for pattern matching in analysis)
+	const ut32 opflags = R_ARCH_OP_MASK_BASIC | R_ARCH_OP_MASK_VAL | R_ARCH_OP_MASK_HINT
+		| (is_arm ? R_ARCH_OP_MASK_ESIL : 0);
 	while (addrbytes * idx < maxlen) {
 		if (!last_is_reg_mov_lea) {
 			last_reg_mov_lea_name = NULL;

libr/arch/p/arm/plugin_cs.c

@@ -4692,22 +4692,42 @@ static inline bool is_valid_mnemonic(const char *m) {
 
 static int analop(RArchSession *as, RAnalOp *op, ut64 addr, const ut8 *buf, int len, RAnalOpMask mask) {
 	csh *cs_handle = cs_handle_for_session (as);
-	cs_insn *insn = NULL;
 	op->size = (as->config->bits == 16)? 2: 4;
 	op->addr = addr;
 	if (!buf) {
 		buf = op->bytes;
 		len = op->size;
 	}
-	int n = cs_disasm (*cs_handle, (ut8*)buf, len, addr, 1, &insn);
-	if (n > 0 && is_valid_mnemonic (insn->mnemonic)) {
+	// Use cs_disasm_iter (iterator API) instead of cs_disasm to avoid
+	// per-instruction malloc/free overhead. Stack-allocate the insn struct.
+	cs_detail detail_buf = {{0}};
+	cs_insn insn_buf = {0};
+	insn_buf.detail = &detail_buf;
+	cs_insn *insn = &insn_buf;
+	const uint8_t *code_ptr = (const uint8_t *)buf;
+	size_t code_remaining = len;
+	uint64_t iter_addr = addr;
+	bool ok = cs_disasm_iter (*cs_handle, &code_ptr, &code_remaining, &iter_addr, insn);
+	if (ok && is_valid_mnemonic (insn->mnemonic)) {
 		if (mask & R_ARCH_OP_MASK_DISASM) {
 			free (op->mnemonic);
-			op->mnemonic = r_str_newf ("%s%s%s",
-				insn->mnemonic,
-				insn->op_str[0]? " ": "",
-				insn->op_str);
-			r_str_replace_char (op->mnemonic, '#', '\x00');
+			if (insn->op_str[0]) {
+				// Build mnemonic string directly, avoiding r_str_newf overhead
+				size_t mlen = strlen (insn->mnemonic);
+				size_t olen = strlen (insn->op_str);
+				char *mn = malloc (mlen + 1 + olen + 1);
+				if (mn) {
+					memcpy (mn, insn->mnemonic, mlen);
+					mn[mlen] = ' ';
+					memcpy (mn + mlen + 1, insn->op_str, olen + 1);
+					r_str_replace_char (mn, '#', '\x00');
+					op->mnemonic = mn;
+				} else {
+					op->mnemonic = NULL;
+				}
+			} else {
+				op->mnemonic = strdup (insn->mnemonic);
+			}
 		}
 		//bool thumb = cs_insn_group (cs_handle, insn, ARM_GRP_THUMB);
 		bool thumb = as->config->bits == 16;
@@ -4734,9 +4754,7 @@ static int analop(RArchSession *as, RAnalOp *op, ut64 addr, const ut8 *buf, int
 		if (mask & R_ARCH_OP_MASK_VAL) {
 			op_fillval (as, op, *cs_handle, insn, as->config->bits);
 		}
-		cs_free (insn, n);
 	} else {
-		cs_free (insn, n);
 		op->size = 4;
 		op->type = R_ANAL_OP_TYPE_ILL;
 		if (!buf || len < 4) {

libr/arch/p/x86/plugin_cs.c

@@ -4140,12 +4140,8 @@ static void anop(RArchSession *a, RAnalOp *op, ut64 addr, const ut8 *buf, int le
 	}
 }
 
-static int cs_len_prefix_opcode(uint8_t *item) {
-	int i, len = 0;
-	for (i = 0; i < 4; i++) {
-		len += (item[i] != 0) ? 1 : 0;
-	}
-	return len;
+static inline int cs_len_prefix_opcode(const uint8_t *item) {
+	return (item[0] != 0) + (item[1] != 0) + (item[2] != 0) + (item[3] != 0);
 }
 
 static bool plugin_changed(RArchSession *as) {
@@ -4191,7 +4187,7 @@ static bool decode(RArchSession *as, RAnalOp *op, RArchDecodeMask mask) {
 #endif
 
 	op->cycles = 1; // aprox
-	cs_option (handle, CS_OPT_DETAIL, CS_OPT_ON);
+	// CS_OPT_DETAIL is already set during init, no need to set per-instruction
 	// capstone-next
 #if USE_ITER_API
 	cs_detail insnack_detail = {{0}};
@@ -4222,22 +4218,37 @@ static bool decode(RArchSession *as, RAnalOp *op, RArchDecodeMask mask) {
 		op->size = 1;
 	} else {
 		if (mask & R_ARCH_OP_MASK_DISASM) {
-			op->mnemonic = r_str_newf ("%s%s%s",
-				insn->mnemonic,
-				insn->op_str[0]?" ":"",
-				insn->op_str);
-			if (op->mnemonic) {
+			// Build mnemonic string directly, avoiding r_str_newf + r_str_replace overhead.
+			// This is the hot path for disassembly output.
+			const char *mn = insn->mnemonic;
+			const char *ops = insn->op_str;
+			size_t mlen = strlen (mn);
+			size_t olen = ops[0] ? strlen (ops) : 0;
+			char *buf = malloc (mlen + 1 + olen + 1);
+			if (buf) {
+				memcpy (buf, mn, mlen);
+				if (olen) {
+					buf[mlen] = ' ';
+					memcpy (buf + mlen + 1, ops, olen + 1);
+				} else {
+					buf[mlen] = '\0';
+				}
+				// Remove "ptr " in-place (non-MASM syntax) instead of reallocating
 				if (as->config->syntax != R_ARCH_SYNTAX_MASM) {
-					op->mnemonic = r_str_replace (op->mnemonic, "ptr ", "", true);
+					char *p;
+					while ((p = strstr (buf, "ptr ")) != NULL) {
+						memmove (p, p + 4, strlen (p + 4) + 1);
+					}
 				}
 				if (as->config->syntax == R_ARCH_SYNTAX_JZ) {
-					if (r_str_startswith (op->mnemonic, "je ")) {
-						op->mnemonic[1] = 'z';
-					} else if (r_str_startswith (op->mnemonic, "jne ")) {
-						op->mnemonic[2] = 'z';
+					if (r_str_startswith (buf, "je ")) {
+						buf[1] = 'z';
+					} else if (r_str_startswith (buf, "jne ")) {
+						buf[2] = 'z';
 					}
 				}
 			}
+			op->mnemonic = buf;
 		}
 		op->nopcode = cs_len_prefix_opcode (insn->detail->x86.prefix)
 			+ cs_len_prefix_opcode (insn->detail->x86.opcode);

libr/core/disasm.c

@@ -143,6 +143,7 @@ typedef struct r_disasm_state_t {
 	bool show_emu_write;
 	bool show_optype;
 	bool show_emu_ssa;
+	ut32 decode_mask; // computed once based on display settings
 	bool show_section;
 	int show_section_col;
 	bool show_section_perm;
@@ -976,6 +977,11 @@ static RDisasmState *ds_init(RCore *core) {
 	// Prevent palette reload during disassembly to avoid UAF of cached color pointers
 	ds->pal_batch_save = core->cons->context->pal_batch;
 	core->cons->context->pal_batch = true;
+	// compute decode mask once based on display settings to avoid unnecessary work
+	ds->decode_mask = R_ARCH_OP_MASK_BASIC | R_ARCH_OP_MASK_HINT | R_ARCH_OP_MASK_VAL | R_ARCH_OP_MASK_DISASM;
+	if (ds->show_emu || ds->show_cmt_esil || ds->show_emu_bb) {
+		ds->decode_mask |= R_ARCH_OP_MASK_ESIL;
+	}
 	return ds;
 }
 
@@ -6683,7 +6689,7 @@ R_API int r_core_print_disasm(RCore *core, ut64 addr, ut8 *buf, int len, int cou
 		// TODO: support in-the-middle-of-instruction too
 		r_anal_op_fini (&ds->analop);
 		if (r_anal_op (core->anal, &ds->analop, core->addr + core->print->cur,
-			buf + core->print->cur, (int)(len - core->print->cur), R_ARCH_OP_MASK_ALL)) {
+			buf + core->print->cur, (int)(len - core->print->cur), R_ARCH_OP_MASK_BASIC | R_ARCH_OP_MASK_HINT)) {
 			// TODO: check for ds->analop.type and ret
 			ds->dest = ds->analop.jump;
 		}
@@ -6798,7 +6804,7 @@ R_API int r_core_print_disasm(RCore *core, ut64 addr, ut8 *buf, int len, int cou
 		r_asm_set_pc (core->rasm, ds->at);
 		ds_update_ref_lines (ds);
 		r_anal_op_fini (&ds->analop);
-		ret = r_anal_op (core->anal, &ds->analop, ds->at, ds_bufat (ds), ds_left (ds), R_ARCH_OP_MASK_ALL);
+		ret = r_anal_op (core->anal, &ds->analop, ds->at, ds_bufat (ds), ds_left (ds), ds->decode_mask);
 		if (ret < 1) {
 			ret = ds->analop.size;
 			inc = minopsz;
@@ -6914,7 +6920,7 @@ R_API int r_core_print_disasm(RCore *core, ut64 addr, ut8 *buf, int len, int cou
 		if (ds->analop.addr != ds->at) {
 			// TODO : check for error
 			r_anal_op_fini (&ds->analop);
-			r_anal_op (core->anal, &ds->analop, ds->at, ds_bufat (ds), ds_left (ds), R_ARCH_OP_MASK_ALL);
+			r_anal_op (core->anal, &ds->analop, ds->at, ds_bufat (ds), ds_left (ds), ds->decode_mask);
 		}
 		if (ret < 1) {
 			r_strbuf_fini (&ds->analop.esil);
@@ -7369,7 +7375,7 @@ R_API int r_core_print_disasm_instructions_with_buf(RCore *core, ut64 address, u
 		const size_t delta = addrbytes * i;
 		r_anal_op_init (&ds->analop);
 		const int oret = r_anal_op (core->anal, &ds->analop, ds->at,
-			buf + delta, nb_bytes - delta, R_ARCH_OP_MASK_ALL);
+			buf + delta, nb_bytes - delta, ds->decode_mask);
 		ret = oret;
 		ds->oplen = ds->analop.size;
 		if (ret > 0) {
@@ -7719,7 +7725,7 @@ R_IPI int r_core_print_disasm_json_ipi(RCore *core, ut64 addr, ut8 *buf, int nb_
 
 		ds->has_description = false;
 		r_anal_op_fini (&ds->analop);
-		r_anal_op (core->anal, &ds->analop, at, buf + i, nb_bytes - i, R_ARCH_OP_MASK_ALL);
+		r_anal_op (core->anal, &ds->analop, at, buf + i, nb_bytes - i, ds->decode_mask);
 
 		if (ds->pseudo) {
 			char *res = r_asm_parse_pseudo (core->rasm, opstr);
@@ -8008,7 +8014,7 @@ R_API int r_core_print_disasm_all(RCore *core, ut64 addr, int l, int len, int mo
 					if (scr_color) {
 						RAnalOp aop;
 						RAnalFunction *f = fcnIn (ds, ds->vat, R_ANAL_FCN_TYPE_NULL);
-						r_anal_op (core->anal, &aop, addr, buf + i, l - i, R_ARCH_OP_MASK_ALL);
+						r_anal_op (core->anal, &aop, addr, buf + i, l - i, R_ARCH_OP_MASK_BASIC);
 						char *buf_asm = r_print_colorize_opcode (core->print, res? res: asmop.mnemonic,
 								core->cons->context->pal.reg, core->cons->context->pal.num, false, f ? f->addr : 0);
 						if (buf_asm) {