evaluation of ESIL expression gives wrong result

[bareghamyanl]

Environment

radare2 5.8.9 31620 @ linux-x86-64
birth: git.5.8.4-1515-g82fbc2fdb4 2024-01-26__16:50:43
commit: 82fbc2f
options: gpl -O? cs:5 cl:2 make
Linux x86_64

Description

evaluation of following ESIL expressions gave wrong result:

ar0 (to set all registers' values to zero)
'ae 69632,x0,=
'ae 0x10,x0,+,x0,=
'ae 0x19,w1,=
'ae w1,0,x0,+,DUP,tmp,=,=[4]
'ae 69632,x0,=
'ae 0x10,x0,+,x0,=
'ae 0,x0,+,DUP,tmp,=,[4],w0,=

when I try getting register values by ar command the value of x0 is 0x00000016, but should be 0x00000019

Test

In function "main" in following binary file (offsets: 0x00000838 - 0x00000850)
https://drive.google.com/file/d/105Bwixz7-bmHrml7JAwN5DWoUwfdQUYC/view?usp=sharing

[trufae]

I think the problem is that these expressions depend on a register tmp that is not defined in the profile but also is a bad prsctice to use DUP too. So better rewrite those str/ldr expressions without using tmp or DUP.

Ill try to find time to fix it but im quite busy right now. In case you wanna give it a try it will be great.

Thanks for reporting!

[bareghamyanl]

The esil representation of my instructions were given by radare2, I got them with "pdj" command and then tried to emulate them. Is there maybe another way to get the esils of instructions that don't use DUP and don't depend of tmp register?

[trufae]

Can upu try again in master? Having a testcase would help. And sorry for the late reply i pushed some fixes a coupke of weeks ago but forgot to answer here

[trufae]

ping