Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Fails to disassemble MIPS32 LE jr instructions

See original GitHub issue

Bug Description I’ve noticed that Ghidra is having issues disassembling MIPS32 little-endian jr instructions. I’ve tried disassembling the code sections in Disassembled View by pressing the d key, right-click + Disassemble, right-click + Disassemble (Restricted), right-click + Disassemble (Static), right-click + Disassemble - MIPS, and right-click + Disassemble - MicroMips with no success.

To Reproduce Try to disassemble: 0800e003 - jr $ra 08002003 - jr $t9

Expected behavior Disassemble 0800e003 to jr $ra and 08002003 to jr $t9.

Environment:

OS: Ubuntu 18.04.2 LTS
Java Version: 11.0.2
Ghidra Version: 9.0

Additional notes This is a high impact bug because it frequently breaks the Function Graph’s control flow and results in the decompiler producing functions consisting of only halt_baddata();.

Issue Analytics

State:
Created 5 years ago
Reactions:2
Comments:9 (3 by maintainers)

Top GitHub Comments

1reaction

emteerecommented, Mar 9, 2019

Putting a branch instruction in the delay slot is unpredictable behavior. There is code in the mips processor spec to not decode a branch in the delay slot. In the R6 spec it will be an invalid instruction exception.

I suppose if you set both ra and t9 to the same address you would get predictable behavior and end up at the correct address.

The processor could be changed to allow the instruction patterns were it to be encountered with a warning of unpredictable results, and an arbitrary branch to the first jump address. Is that the behavior your binary is exhibiting?

0reactions

GhidorahRexcommented, Mar 13, 2020

Closed since I believe this has been suitably addressed.