Improper return register selection for x86 xmm0

Vector35 / binaryninja-api

Public API, examples, documentation and issues for Binary Ninja

https://binary.ninja/

MIT License

932 stars 211 forks source link

Improper return register selection for x86 xmm0 #5908

Open whitequark opened 2 months ago

whitequark commented 2 months ago

Version and Platform (required):

Binary Ninja Version: 4.2.6039-dev Personal (d2968e13)

Bug Description: This basic block seems to be decompiled wrong, with temp[0] being introduced and going nowhere:

Screenshot_20240906_234317 Screenshot_20240906_234517

Steps To Reproduce: Please provide all steps required to reproduce the behavior:

Open libDly_DelayCalculator.so
Go to 0x00074ed2
Rotate through views

Expected Behavior: An arithmetic expression is assembled from LLIL fragments and returned.

Binary: libDly_DelayCalculator.so.zip

whitequark commented 2 months ago

For context, the function should be computing something like this:

(with added fluff around it)

xusheng6 commented 2 months ago

I have renamed the issue title because it seems to be happening during MLIL->HLIL translation. Though I do not yet know what is causing it. Will need someone else to look into it

whitequark commented 2 months ago

Ah, I've made some invalid assumptions then. Thanks for triaging this!

emesare commented 2 months ago

This is an issue with return register selection. The function returns with zmm0 but the selected return register was rax.

Until this is fixed, setting the return type to a double, or adjusting the return register in "Edit Function Properties" will fix the HLIL.

whitequark commented 2 months ago

Thanks!

plafosse commented 1 month ago

In many cases is almost impossible to tell if the return value should be in rax or xmm0 however in this case as there are no uses of rax the correct choice should be obvious.