Incorrect value calculated for x86_64 ROR

[KarlVogel]

Version and Platform (required):

• Binary Ninja Version: 5.4.9745-dev Personal, 358aa522
• OS: fedora
• OS Version: 44
• CPU Architecture: x86_64

Bug Description:

The value is incorrectly calculated in MLIL:

global _start

_start:
mov rax,1 << 9
mov rdi,2
; both 0x8b or 0x8b=>11 fail (x86 does modulo size % 64)
;ror rax,0x8b  
ror rax,0x8b % 64
adc rdi,rax

;sys_exit(rdi)
mov rax, 60
syscall

Binaryninja will show the wrong calculated value in the MLIL view:

rdi = (adc.q(2, 0x4000000000000000, c)).d

Same when the constant in the ROR is larger than the register size.

Steps To Reproduce:

nasm -f elf64 testror.asm && ld -Ttext 0x400080 -o testror testror.o
./testror ; echo "Should be 2:  $?"
Should be 2:  2

Expected Behavior:

RAX should be 0 after the ROR:

=> 0x400080 <_start>:	mov    $0x200,%eax
0x0000000000400085 in _start ()
RAX: 0000000000000200     RDI: 0000000000000000
$2 = [ IF ]
=> 0x400085 <_start+5>:	mov    $0x2,%edi
0x000000000040008a in _start ()
RAX: 0000000000000200     RDI: 0000000000000002
$3 = [ IF ]
=> 0x40008a <_start+10>:	ror    $0xb,%rax
0x000000000040008e in _start ()
RAX: 0000000000000000     RDI: 0000000000000002
^^^^^^^^^^^^^^^^^^^^

$4 = [ IF OF ]
=> 0x40008e <_start+14>:	adc    %rax,%rdi
0x0000000000400091 in _start ()
RAX: 0000000000000000     RDI: 0000000000000002

Additional Information:

BN also can't resolve the carry flag in this instance, while it should be able to if it knows both values of the ROR.

Currently produces:

   3 @ 0040008d  temp0.q = rax
   4 @ 0040008d  rax = ror.q(rax, 0xb)
   5 @ 0040008d  flag:c = unimplemented

carry flag could be calculated with following LLIL:

   3 @ 0040008d  temp0.q = rax
   4 @ 0040008d  rax = ror.q(rax, 0xb)
   5 @ 0040008d  flag:c = test_bit(temp0.q, 0xa)