Skip to content

Avoid creating functions at jump table entries in shared cache#8002

Open
plafosse wants to merge 1 commit intodevfrom
fix/shared-cache-jump-table-functions
Open

Avoid creating functions at jump table entries in shared cache#8002
plafosse wants to merge 1 commit intodevfrom
fix/shared-cache-jump-table-functions

Conversation

@plafosse
Copy link
Copy Markdown
Member

@plafosse plafosse commented Mar 9, 2026

Summary

  • When processing shared cache Mach-O function tables, Binary Ninja was creating functions at addresses that turn out to be jump table entries rather than real function starts, producing spurious sub_ functions.
  • Adds a HeuristicIsAFunction check before calling AddFunctionForAnalysis. On aarch64, if the first instruction at the candidate address disassembles as udf, the entry is skipped — udf is used as padding/data in jump tables and is never a valid function prologue.
  • This heuristic is admittedly a bit rough and could produce false negatives in unusual cases, but it directly addresses the reported symptom.

Fix #7992

@plafosse plafosse mentioned this pull request Mar 9, 2026
Open
@plafosse plafosse requested a review from bdash March 9, 2026 15:57
@plafosse plafosse self-assigned this Mar 9, 2026
bdash
bdash reviewed Mar 23, 2026
View reviewed changes
view/sharedcache/core/MachOProcessor.cpp Outdated
}
}

static bool HeuristicIsAFunction(Platform* targetPlatform, std::shared_ptr<VirtualMemory> vm, uint64_t func)
Copy link
Copy Markdown
Contributor

@bdash bdash Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's probably best to use the same logic as MachoView::IsValidFunctionStart so we get consistent behavior. Ideally we'd share that code, but for whatever reason none of the Mach-O handling is shared at present.

Copy link
Copy Markdown
Member Author

@plafosse plafosse Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah that a good point I kind forgot that existed

@plafosse plafosse added this to the Jotunheim milestone Mar 24, 2026
@plafosse
Shared Cache: use IsValidFunctionStart to filter jump table entries
7ad9550 
Extract MachoView::IsValidFunctionStart logic into a shared inline function and reuse it in the shared cache MachOProcessor to skip creating functions at jump table entries (udf/trap instructions).
@plafosse plafosse force-pushed the fix/shared-cache-jump-table-functions branch from 3cc4a96 to 7ad9550 Compare March 27, 2026 16:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bdash bdash bdash left review comments

Assignees

@plafosse plafosse

Labels

None yet

Projects

None yet

Milestone

Jotunheim

Development

Successfully merging this pull request may close these issues.

Functions are being created for jump tables in code sections

2 participants

@plafosse @bdash