Version and Platform (required):
- Binary Ninja Version: 5.0
Bug Description:
When lifting instructions with an optional s suffix (set flags), such as movs, orrs, etc., they are not treated as setting flags. This can result in invalid conditionals:
Steps To Reproduce:
- Open a new binary, select
Assemble... from the Edit menu
- Set the architecture to thumb2 in the dialog and enter this assembly, press
Assemble:
movs r5, #0
movs r8, r0
beq 0
add r0, r0
sub r0, r8
bx lr
- Right click, and select
Make Function at this Address... > thumb2 > thumb2. (Do not use Default (thumb2) or the hotkey P as this will create an armv7 function.)
- Set the view to MLIL and observe
if (true)... at offset 0x00000006
- Set the view to HLIL and observe
return arg1 * 0 as the only line of the decompiled function.
Expected Behavior:
- MLIL at offset 6 should be
if (r8 == 0)...
- HLIL at offset 4 should be
if (r8 != 0)...
Screenshots/Video Recording:
Incorrect/current behavior:
Correct behavior:
Additional Information:
The issue is that the disassembler returns the enumeration value for the mnemonic without the trailing s in these cases, so the lifter handles them as the non-flag setting variants.
The quick fix is to have the lifter recognize these situations and handle them accordingly. (I have this working on a local branch for now, as illustrated in the above screenshots, but it needs further testing.)
The (arguably) correct fix is to have the disassembler return the s variant of the mnemonic, but this will require fixing the disassembler generator script and regenerating the disassembler, which would be considerably more effort to execute correctly.
Version and Platform (required):
Bug Description:
When lifting instructions with an optional
ssuffix (set flags), such asmovs,orrs, etc., they are not treated as setting flags. This can result in invalid conditionals:Steps To Reproduce:
Assemble...from theEditmenuAssemble:Make Function at this Address...>thumb2>thumb2. (Do not useDefault (thumb2)or the hotkeyPas this will create an armv7 function.)if (true)...at offset 0x00000006return arg1 * 0as the only line of the decompiled function.Expected Behavior:
if (r8 == 0)...if (r8 != 0)...Screenshots/Video Recording:
Incorrect/current behavior:
Correct behavior:
Additional Information:
The issue is that the disassembler returns the enumeration value for the mnemonic without the trailing
sin these cases, so the lifter handles them as the non-flag setting variants.The quick fix is to have the lifter recognize these situations and handle them accordingly. (I have this working on a local branch for now, as illustrated in the above screenshots, but it needs further testing.)
The (arguably) correct fix is to have the disassembler return the
svariant of the mnemonic, but this will require fixing the disassembler generator script and regenerating the disassembler, which would be considerably more effort to execute correctly.