always branch delay slot on conditionals

contracts/MIPS.sol

@@ -158,9 +158,9 @@ contract MIPS {
       }
     }
 
+    if (opcode == 4 || opcode == 5 || opcode == 6 || opcode == 7 || opcode == 1) {
       bool shouldBranch = false;
 
-    uint32 val;
       if (opcode == 4 || opcode == 5) {   // beq/bne
         rt = m.ReadMemory(stateHash, REG_OFFSET + ((insn >> 14) & 0x7C));
         shouldBranch = (rs == rt && opcode == 4) || (rs != rt && opcode == 5);
@@ -171,18 +171,23 @@ contract MIPS {
         uint32 rtv = ((insn >> 16) & 0x1F);
         if (rtv == 0) shouldBranch = int32(rs) < 0;  // bltz
         if (rtv == 1) shouldBranch = int32(rs) >= 0; // bgez
+      }
+
+      if (shouldBranch) {
+        uint32 val = pc + 4 + (SE(insn&0xFFFF, 16)<<2);
+        return stepNextPC(stateHash, uint32(nextPC), val);
       } else {
-      // ALU
-      val = execute(insn, rs, rt, mem);
+        // branch not taken
+        return stepNextPC(stateHash, uint32(nextPC), uint32(nextPC)+4);
+      }
     }
 
+    // ALU
+    uint32 val = execute(insn, rs, rt, mem);
+
     // jumps (with branch delay slot)
     // nothing is written to the state by this time
 
-    if (shouldBranch) {
-      val = pc + 4 + (SE(insn&0xFFFF, 16)<<2);
-      return stepNextPC(stateHash, uint32(nextPC), val);
-    }
 
     if (opcode == 0 && (func == 8 || func == 9)) {
       // jr/jalr (val is already right)

risc/simple.py

@@ -100,7 +100,7 @@ def hook_code_simple(uc, address, size, user_data):
 
   # check for BDS
   dat = next(md.disasm(uc.mem_read(address, size), address))
-  if dat.insn_name() in ['jr', 'j', 'beqz', 'jal', 'bnez', 'b']:
+  if dat.insn_name() in ['jr', 'j', 'beqz', 'jal', 'bnez', 'b', 'bltz', 'bne']:
     is_bds = True
 
   inst = struct.unpack(">I", uc.mem_read(pc, 4))[0]