search

Vector35 / binaryninja-api

Public API, examples, documentation and issues for Binary Ninja
https://binary.ninja/
MIT License
946 stars 214 forks source link

Variables with scattered backing #5992

Open ehntoo opened 1 month ago

ehntoo commented 1 month ago

Version and Platform (required):

Bug Description: While working on a custom architecture, I was having issues with 64-bit returns from functions only showing the 32-bit primary return register value in MLIL and HLIL. After some investigation, it seems this also applies to other architectures like ARMv7 - even after setting the return type for a trivial function to uint64_t, Binary Ninja only presents the value in r0 as the value returned from the function.

Steps To Reproduce:

  1. Save the hex 01 00 a0 e3 02 10 a0 e3 1e ff 2f e1 into a new .bin file (also provided in the .zip attached to the issue)
  2. Load the .bin file in Binary Ninja with the architecture set to armv7
  3. Switch to mapped view
  4. Create a function at the start of the file
  5. Change the return type of the function to uint64_t
  6. Switch to MLIL or HLIL views
  7. Observe that the return value is shown as 1 rather than 0x200000001

Even if the function properties are edited to include r1 in the return registers, the HLIL still does not return 0x200000001 as expected, showing return 1, 2 instead.

Expected Behavior: HLIL should show a return value of 0x200000001 since the calling convention has high_int_return_reg = 'r1' and the return type is wider than the normal return value register.

Screenshots/Video Recording: Screenshot 2024-10-11 at 6 24 16 PM Screenshot 2024-10-11 at 6 24 32 PM

Binary: test.zip

xusheng6 commented 1 month ago

Hi @ehntoo , thx for filing the issue and providing the detailed repro steps. While I can reproduce it locally, I see you called this a "regression" in the issue title. Is this known to be working previously? If so, do you have a version/build number that it still works?

ehntoo commented 1 month ago

Unfortunately I don't have conclusive proof that this was working in prior revisions or a version where it was, just a recollection that I've seen 64-bit returns working as I would have expected in similar situations with Thumb2 binaries in the past.

On Tue, Oct 15, 2024, 03:48 xusheng @.***> wrote:

Hi @ehntoo https://github.com/ehntoo , thx for filing the issue and providing the detailed repro steps. While I can reproduce it locally, I see you called this a "regression" in the issue title. Is this known to be working previously? If so, do you have a version/build number that it still works?

— Reply to this email directly, view it on GitHub https://github.com/Vector35/binaryninja-api/issues/5992#issuecomment-2413140815, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA3DDNFBETTNBQRZEWKPL3Z3TCDRAVCNFSM6AAAAABPZX2YSGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMJTGE2DAOBRGU . You are receiving this because you were mentioned.Message ID: @.***>

plafosse commented 1 month ago

Currently we have no support for variables with backing of multiple registers or mix of registers and stack