From 2a6ad0fe00f8835093fdd4a97082c37df7a2923a Mon Sep 17 00:00:00 2001
From: Mark Rowe <mark@vector35.com>
Date: Mon, 1 Dec 2025 13:01:27 -0800
Subject: [PATCH] [ObjC] Support removing reference counting operations in more
 places in the shared cache

Dataflow is now used to determine call targets when detecting calls to
reference counting runtime functions. The previous approach of matching
on specific instructions missed some patterns that are common in the
shared cache.
---
 .../src/activities/remove_memory_management.rs        | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/plugins/workflow_objc/src/activities/remove_memory_management.rs b/plugins/workflow_objc/src/activities/remove_memory_management.rs
index 470c315209..3990f01097 100644
--- a/plugins/workflow_objc/src/activities/remove_memory_management.rs
+++ b/plugins/workflow_objc/src/activities/remove_memory_management.rs
@@ -11,6 +11,7 @@ use binaryninja::{
         lifting::LowLevelILLabel,
         LowLevelILRegisterKind,
     },
+    variable::PossibleValueSet,
     workflow::AnalysisContext,
 };
 
@@ -36,10 +37,12 @@ fn is_call_to_ignorable_memory_management_function<'func>(
 ) -> bool {
     let target = match instr.kind() {
         LowLevelILInstructionKind::Call(call) | LowLevelILInstructionKind::TailCall(call) => {
-            let LowLevelILExpressionKind::ConstPtr(address) = call.target().kind() else {
-                return false;
-            };
-            address.value()
+            match call.target().possible_values() {
+                PossibleValueSet::ConstantValue { value }
+                | PossibleValueSet::ConstantPointerValue { value }
+                | PossibleValueSet::ImportedAddressValue { value } => value as u64,
+                _ => return false,
+            }
         }
         LowLevelILInstructionKind::Goto(target) => target.address(),
         _ => return false,