isFallThrough function seems incorrect

[thaddywu]

Hi~Happy Chinese Mid-Autumn Festival! SOK sometimes recursively disassembles data bytes and even never terminates. I think isFallThrough is responsible for it. When isFallThrough considers instructions of CALL nonreturn-function as fall-through, it may go into data parts to disassemble them (see here)!

[bin2415]

Hello, Happy festival! The identification of nonreturn functions is too simple(it only checks some instructions) in recursive disassembly and it may leads to false positives when disassembling data bytes.

We could enhance it by identifying the nonreturn functions following the idea of bap or dyninst.

Thanks!

[thaddywu]

Thanks for your reply! You're right. Definitely, fine-grained methods could be taken to improve the results. But sure, there's some workload on the implementation side. If we wanna do some simple modification on existing codes, it seems better to take CALL functions as non-fallthrough by default rather than fall-through, in that disassembling data bytes do incur fatal errors. In this case, we'd better adopt a conservative way. We could at least avoid fatal errors this way (though we get false negatives).