Translating state not restoring register after observing async signal in mangle epilogue

This is similar and related to bug referenced above:

loop_inc == 1

[..] mov REG_XCX, HEX(0) mov LOOP_COUNT_REG_ASM, 1 add LOOP_COUNT_REG_ASM, PTRSZ SYMREF(loop_inc) // mangle epilogue of add instruction mov LOOP_COUNT_REG_ASM, 2 sub LOOP_TEST_REG_ASM, 1 cmp LOOP_TEST_REG_ASM, 0

As stated in #3307 , if an asynch interrupt hit in mangling epilogue of add instruction as indicated above, DR currently incorrectly xl8 the PC to an already executed app instruction. This mainly affects rip-rel mangling. In test above, if LOOP_COUNT_REG_ASM != rax, DR will present LOOP_COUNT_REG_ASM to be 2, but set PC to the 'add' instruction. DR will use rax to mangle the abs rip-rel address into internal slot 0.

I now discovered that if LOOP_COUNT_REG_ASM == rax, there is another, different bug: In this case, DR will use another register to mangle abs rip-rel address, e.g. rbx or rcx. In this case, when the same asynch interrupt hits, DR will not recognize the restore of rcx from slot 0 as DR's own restore, because rcx doesn't match DR's natural spill slot (slot 0 is rax, see instr_is_DR_reg_spill_or_restore). In example above, xl8 rcx will be incorrect.

Another issue to mention is that when xl8 an instruction of mangled epilogue of rip-rel add (load), the reason why it is not marked as unsupported_mangle is that add is recognized as "instr_is_trace_cmp" in "translate_walk_track", which seems rather coincidental.

I can provide a test case along w/ work related to #3307 (TBD). This potentially affects more than just the rip-rel mangling case.