toolCHAINZ
commented
2 weeks ago The important thing to note here from the documentation is this:
This instruction is semantically equivalent to the BRANCHIND instruction
If we look at BRANCHIND:
The address to branch to is determined dynamically (at runtime) by examining the contents of the variable input0. As this instruction is currently defined, the variable input0 only contains the offset of the destination, and the address space is taken from the address associated with the branching instruction itself.
So, BRANCHIND, like RETURN, takes as input the location of a pointer which contains the offset that is branched to, within the same space.
This is effectively indirect addressing just like load and store (but this time to compute a branch rather than to load or store data); so I used the same indirect type here to indicate that. I am adding in a fake "space id" varnode myself based on the space the instruction was read from:
input: IndirectVarNode {
pointer_location: VarNode::from(&value.inputs[0]),
access_size_bytes: value.space.getAddrSize() as usize,
pointer_space_index: value.space.getIndex() as usize,
},So, initially kind of counter-intuitive but I think it's consistent and makes sense.
And no need to apologize! I definitely appreciate the second set of eyes!
Edit: oh yeah and jingle currently only works on raw pcode, so it doesn't represent that optional varnode at all.
chf0x
Good evening, sorry it is me again
I guess in this case input is again combination of input0 and input1? But according to the documentation input1 is optional
It seems with the current implementation, I am unable to get a returned a value/retrieve the offset of next instruction?