Skip to content

Add support for apple-arm64 returned structures #7039

New issue
New issue
Open
Enhancement
Open
Add support for apple-arm64 returned structures#7039
Enhancement
Labels
Arch: ARM/ThumbIssues with the ARM/Thumb architecture pluginComponent: CoreIssue needs changes to the coreCore: Calling ConventionEffort: MediumIssue should take < 1 monthImpact: MediumIssue is impactful with a bad, or no, workaround
@pjcreath

Description

@pjcreath
pjcreath
opened on Jul 3, 2025

What is the feature you'd like to have?
When a function returns a structure (or any value > 128 bits), apple-arm64 (maybe all arm64?) specifies that the caller provides a pointer to the storage for that return value in register x8.

I'd like BN to automatically recognize the use of x8 and represent it appropriately in HLIL, propagating type information as available.

Is your feature request related to a problem?
By default, BN's analysis thinks x8 is unused, failing to recognize that it is identifying the pointer to the return value.

Are any alternative solutions acceptable?
I can manually fix up a function by adding a new parameter struct MyStruct retval @ x8 and change the return type to void. While this lets the caller know that x8 is used, and lets the function know that x8 is an inbound pointer, it remains at odds with the function's type when it declares the type of the return value.

Additional Information:

Metadata

Metadata

Assignees

No one assigned

    Labels

    Arch: ARM/ThumbIssues with the ARM/Thumb architecture pluginComponent: CoreIssue needs changes to the coreCore: Calling ConventionEffort: MediumIssue should take < 1 monthImpact: MediumIssue is impactful with a bad, or no, workaround

    Type

    Enhancement

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions