IDA basic block type fcb_cndret - what does it mean?

Question

IDA Pro's idaapi.BasicBlock objects returned by idaapi.FlowChart() can be of the following types (see gdl.hpp in the SDK sources):

// flow chart block types
enum fc_block_type_t
{
  fcb_normal,    // normal block
  fcb_indjump,   // block ends with indirect jump
  fcb_ret,       // return block
  fcb_cndret,    // conditional return block
  fcb_noret,     // noreturn block
  fcb_enoret,    // external noreturn block (does not belong to the function)
  fcb_extern,    // external normal block
  fcb_error,     // block passes execution past the function end
};

I was able to find examples for all types except fcb_cndret. What does

conditional return block

mean? Could somebody give an example?

Carlos Garcia · Accepted Answer

I don't know it either so I put together this small script in order to do some empirical analysis.

import idaapi
import idc
import idautils

for f in Functions():
    fc = idaapi.FlowChart(idaapi.get_func(f))
    for bb in fc:
        if bb.type == 3:
            print "%x type: %d" % (bb.startEA, bb.type)

print "Done"

I throw it to several x86 and x86_64 binaries without results.

So, it could be that:

This kind of block appears very rarely
It appears only in other architectures (I didn't have any ARM or MIPS in this computer to test, sorry)
The enum field is reserved for future use

Just my two cents.

Update

I tried it with an ARM binary and found a couple of them.
Apparently these are blocks in which a conditional instruction modifies the PC register (see screenshot)

Cheers

e-Wolf · Answer

Conditional returns are found in some instruction set architectures.
For example, the 8085 has instructions which will action a subroutine return if a status flag is set/clear:
RZ   ... return if Z flag set
RC   ... return if C flag set
RNZ  ... return if Z flag clear
...

IDA basic block type fcb_cndret - what does it mean?

2 Answers

Add your own answers!

Ask a Question