binaryninja-api
binaryninja-api copied to clipboard
Published
20 hours ago •
Vector35
Vector35
Improve lifting of ARMv7 logical not instruction
Version and Platform (required):
- Binary Ninja Version: 3.6.4822-dev
- OS: Windows
- OS Version: 10
- CPU Architecture: x64
Bug Description: Consider the following C code:
int logical_not(int x)
{
return !x;
}
I often see this pattern compiled into the following ARM assembly:
push {lr}
clz r0, r0
lsr r0, r0, #0x5
pop {pc}
In Binary Ninja, this decompiles into this HLIL:
uint32_t logical_not(uint32_t x)
int32_t temp0 = 0
uint32_t i = x
while (i != 0)
i = i u>> 1
temp0 = temp0 + 1
return (0x20 - temp0) u>> 5
For comparison, IDA decompiles this to:
bool logical_not(int x)
{
return x == 0;
}
Steps To Reproduce:
- Create new blank view with Ctrl+N
- Paste in the following bytes:
\x04\xe0\x2d\xe5\x10\x0f\x6f\xe1\xa0\x02\xa0\xe1\x04\xf0\x9d\xe4 - Create ARM function and view HLIL
Expected Behavior: That code pattern should decompile more cleanly, since having the 5 extra lines and the loop makes code harder to understand.
