Skip to content

[ObjC] Support removing reference counting calls in more cases #7660

New issue
New issue
Open
Enhancement
Open
[ObjC] Support removing reference counting calls in more cases#7660
Enhancement
Assignees
bdash
Labels
Effort: LowIssues require < 1 week of workImpact: LowIssue is a papercut or has a good, supported workaroundLanguage: Objective-CIssues involving decompilation of Objective-C binaries
@bdash

Description

@bdash
bdash
opened on Nov 18, 2025

What is the feature you'd like to have?
Support for IL rewriting to remove Objective-C reference counting calls such as objc_retain / objc_release / objc_autorelease was implemented in #7440 and released in Binary Ninja 5.2. The initial implementation has a couple of limitations:

  1. It is only enabled for arm64 / arm64e.
  2. It does not support removing functions that use a custom calling convention, such as objc_retain_x1 and friends that take their only argument in a specific register.

Addressing both of these requires more sophisticated IL rewriting in order to ensure that the argument to the function call being removed still ends up being available for the return value. For arm64 the first argument and result register are the same so we get away with replacing the call itself with a nop. This will need to be replaced by an explicit assignment of the first argument, whatever its location may be, to the result register.

Support for x86_64 also requires matching a wider range of LLIL patterns.

Metadata

Metadata

Assignees

Labels

Effort: LowIssues require < 1 week of workImpact: LowIssue is a papercut or has a good, supported workaroundLanguage: Objective-CIssues involving decompilation of Objective-C binaries

Type

Enhancement

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions