jalr doesn't resolve the address correctly.

[nihilus]

jalr doesn't resolve the address correctly.

[hlide]

        case MIPS_INS_BAL: /* Fall-through */
        case MIPS_INS_JALR:
        case MIPS_INS_JAL: {
            auto block = MipsExpressionFactoryCallback(factory_, program->createBasicBlock(), instruction);
            auto taken = delayslotCallback(block);
            taken[call(operand(0)), jump(directSuccessorButOne())];
            _[jump(taken.basicBlock())];
            break;
        }

If I recall well capstone JALR rd, rs has rd in operand(0) and rs in operand(1). Usually rd is linked to ra to get the return address and rs always contains the target address. So, the actual c++ code is wrong for JALR (trying to refactor teh same code for several opcode ids is a very bad idea in my humble opinion).

[hlide]

Ah yes, because capstone MIPS is loving to mess up with you, there is a special case where MIPS_INS_JALR gives only operand(0) and it is rs when rd actually linked to ra. Which case is wrong?

[nihilus]

This issue is more about the ELF ABI and the MIPS ELF quirks.