In my previous job, I've worked on a project that requires disassembling large amounts of x86/amd64 instructions (several billion instructions each running is very common). I've found also that Zydis is much faster than Capstone.

How is there any discrepancy in accuracy? Isn’t it just a matter of following the spec?

The spec is very large, not particularly well written, and is not “total” (in the sense that AMD64 and IA32e and other x86-64 flavors are all subtly different). There are a lot of ways to get it wrong; even XED (the reference decoder from Intel) has bugs.

If I remember correct, the Intel SDM alone is over 3000 pages long.

lol, no. For one Capstone has a lot of bugs (it uses some old version of LLVM as its base) but the whole question of how to decode things is complicated because there are a lot of pitfalls and inconsistencies that different disassemblers handle differently. And what the hardware does is a different question entirely: it may not match the spec, or even other processors with the same ISA.

It just updated to the nearly latest LLVM, so that argument is void: https://github.com/capstone-engine/capstone/blob/next/docs/c...

I'll believe it when I see it. If I can go a few years without wasting time during a CTF because of an incorrect decode I'll change my tune.

This has been my experience as well. I’ve had to rip Capstone out of more research projects than I care to admit.

Did you mean x86/x64 decoding?

Looking at the libs, none of them seem to mention ARM64 inst. decoding.

Yep, I meant AMD64, fixed.