binaryninja-api icon indicating copy to clipboard operation
binaryninja-api copied to clipboard
verified publisher icon Vector35

Improper return register selection for x86 xmm0

Open whitequark opened this issue 1 year ago • 6 comments

Version and Platform (required):

  • Binary Ninja Version: 4.2.6039-dev Personal (d2968e13)

Bug Description: This basic block seems to be decompiled wrong, with temp[0] being introduced and going nowhere:

Screenshot_20240906_234317 Screenshot_20240906_234517

Steps To Reproduce: Please provide all steps required to reproduce the behavior:

  1. Open libDly_DelayCalculator.so
  2. Go to 0x00074ed2
  3. Rotate through views

Expected Behavior: An arithmetic expression is assembled from LLIL fragments and returned.

Binary: libDly_DelayCalculator.so.zip

whitequark avatar Sep 06 '24 23:09 whitequark

For context, the function should be computing something like this:

image

(with added fluff around it)

whitequark avatar Sep 07 '24 05:09 whitequark

I have renamed the issue title because it seems to be happening during MLIL->HLIL translation. Though I do not yet know what is causing it. Will need someone else to look into it

xusheng6 avatar Sep 09 '24 14:09 xusheng6

Ah, I've made some invalid assumptions then. Thanks for triaging this!

whitequark avatar Sep 09 '24 14:09 whitequark

This is an issue with return register selection. The function returns with zmm0 but the selected return register was rax.

Until this is fixed, setting the return type to a double, or adjusting the return register in "Edit Function Properties" will fix the HLIL.

Screenshot 2024-09-09 at 11 26 54 AM

emesare avatar Sep 09 '24 15:09 emesare

Thanks!

whitequark avatar Sep 09 '24 15:09 whitequark

In many cases is almost impossible to tell if the return value should be in rax or xmm0 however in this case as there are no uses of rax the correct choice should be obvious.

plafosse avatar Sep 24 '24 14:09 plafosse