Ghidra1

READ_WRITE corresponds to a read-modify-write reference, where a single instruction reads and writes the same location. I would think the instruction indicated should most likely have a READ stack reference.

@Ruturaj4 , the later case you mentioned sounds incorrect but without more insight it is difficult to say. You may need to examine the pcode associated with an instruction to...

I think it also depends upon the origin of the register references. By default I think analysis is pretty conservative about creating register references. My example screenshot above Stack Analysis...

 I was able to reproduce for 64-bit x86 although my pcode is different than yours which I assume is 32-bit. In my case it is clear...

> @ghidra1 Thanks for your reply. > > No, the indicated instruction has READ_WRITE reference for first operand. And that's what confuses me. Also, I observe read_write reference mostly when...

@mschwager I have used your exact instruction bytes for 32-bit x86 and can not reproduce. Based on your pcode display there is also no explanation as to why you would...

Assuming you are using `instruction.getOperandRefType(int opIndex)` and a 32-bit x86 program, I am unable to reproduce. The `instruction.getOperandType(int opIndex)` method is a different beast. The `getOperandType` method returns flag bits...

I someone can supply a sample Ghidra *.gzf file for the 32-bit case and script which demonstrates the issue I can look into further.

Can you try something like a 32-bit Notepad.exe and see what happens.

@xian-wen I am still stumped for your 32-bit case. I tried the exact sample you indicated with Ghidra 10.1.5, our current patch branch, and our current master branch and they...