binaryninja-api icon indicating copy to clipboard operation
binaryninja-api copied to clipboard
verified publisher icon Vector35

[MIPS] Mark `jalr[.hb] $zero, $ra` as a return instruction

Open CSharperMantle opened this issue 5 months ago • 2 comments

This PR marks MIPS jalr[.hb] $zero, $ra as a return instruction.

Resolves #7355.

Effects

Before:

before

After:

after

CSharperMantle avatar Sep 06 '25 06:09 CSharperMantle

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Sep 06 '25 06:09 CLAassistant

Hi @psifertex and @zznop, I've rebased the branch onto the latest dev branch. Any progress on getting this reviewed? :)

CSharperMantle avatar Dec 01 '25 02:12 CSharperMantle

Yes, I'll get this tested and merged today or tomorrow.

zznop avatar Dec 11 '25 15:12 zznop

Looks like this code change affects jalr branches that don't use the zero operand too, and it causes regressions

image image

Should be a simple fix. Looking into it now.

zznop avatar Dec 11 '25 17:12 zznop

I'm going to go with:

		case MIPS_JALR_HB:
			if (instr.operands[0].reg == REG_ZERO && instr.operands[1].reg == REG_RA)
				result.AddBranch(FunctionReturn, 0, nullptr, hasBranchDelay);
			else
				result.delaySlots = 1;
			break;

I see that you were probably following the pattern for MIPS_JR/MIPS_JR_HB, but I think we want to continue to not do anything in cases where it's not a jalr $zero, $ra and let Binja figure out the branch type when lifting.

zznop avatar Dec 11 '25 17:12 zznop

Merged your commit with the changes discussed above. This will be available in 5.3.8765-dev and later

zznop avatar Dec 11 '25 20:12 zznop

Merged your commit with the changes discussed above. This will be available in 5.3.8765-dev and later

Thanks!

CSharperMantle avatar Dec 12 '25 00:12 CSharperMantle