xusheng6
commented
1 year ago yeah it does seem to me that the condition is reversed. Not sure if this is a bug in the lifter, or the flag resolver.
Open MartijnB opened 4 years ago
xusheng6
commented
1 year ago yeah it does seem to me that the condition is reversed. Not sure if this is a bug in the lifter, or the flag resolver.
The ASM:
00010414 482015e5 ldr r2, [r5, #-0x48] {var_1068} 00010418 023992e2 add.s r3, r2, #0x8000 0001041c 483005e5 str r3, [r5, #-0x48] {var_1068} 00010420 44301525 ldrhs r3, [r5, #-0x44] {var_1064} 00010424 01308322 addhs r3, r3, #0x1 00010428 44300525 strhs r3, [r5, #-0x44] {var_1064}
IDA decompiles this to:
v6 = ctx.count[0]; ctx.count[0] += 0x8000; if ( v6 >= 0xFFFF8000 ) ++ctx.count[1];
Which I think is correct.
BINJA however seems to invert the condition:
00010414 r2_1 = var_1068 00010418 int32_t r3_2 = r2_1 + 0x8000 00010418 bool c_1 = r2_1 u>= 0xffff8000 0001041c var_1068 = r3_2 00010420 if (not(c_1)) 00010420 r3_2 = var_1064 00010424 r3_2 = r3_2 + 1 00010428 var_1064 = r3_2
I THINK if (not(c_1)) should be if (c_1).
However, analysing the lifted IR, I cannot explain why this happens:
Lifted:
LL: