Architecture plugin delay slot breaks branching logic #1749
-
While developing a Architecture plugin for SuperH via the Python api, I found that adding:
To any single branching instruction in the get_instruction_info() method, caused the branching logic to fail. Including overriding the True/False branch information for conditions with a single True branch and a False branch that ends in a tailcall. Even if the conditional branch does not have a delay slot. The second error case is functions that end with a Indirect jump get the delay slot instruction marked with a tailcall jump reference to the next instruction address (PC+2). The full plugin code can be found at: And branches are marked with delay slots here: Binaryninja version: 2.0.2193-dev (Build ID 2d6f53af) (commercial) Conditional branching:Conditional branch error (the 'bt' instruction does not have a delay slot but it still is effected): branch_delay Disabled (for all delay-slot branch instructions)ASM:
LLIL:
branch_delay EnabledASM:
LLIL:
Indirect branchingThe 'jsr' instruction does have a delay slot) branch_delay DisabledASM:
LLIL
branch_delay EnabledASM:
LLIL:
It is possible that I am incorrectly using the BranchType or branch_delay flag but I was unable to find a example usage of 'branch_delay' in a architecture plugin. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
I get to answer my own question! So the issue is that the architecture plugin itself has to handle the lifting reordering. The binaryninja arch-mips plugin is a great example of how this works: First double the max instruction width, example: Then, detect the branch delay in the lifting code and lift the delay slot first, then lift the branch: |
Beta Was this translation helpful? Give feedback.
I get to answer my own question!
So the issue is that the architecture plugin itself has to handle the lifting reordering. The binaryninja arch-mips plugin is a great example of how this works:
First double the max instruction width, example:
https://github.com/Vector35/arch-mips/blob/master/arch_mips.cpp#L381
Then, detect the branch delay in the lifting code and lift the delay slot first, then lift the branch:
https://github.com/Vector35/arch-mips/blob/master/arch_mips.cpp#L457