From 8becb1ba6fcf327f38d8d5925605bf8217f40a32 Mon Sep 17 00:00:00 2001
From: Mark Rowe <mark@vector35.com>
Date: Thu, 31 Jul 2025 23:34:53 -0700
Subject: [PATCH] [ARM64] Fix lifting of mrs xzr, ... to not reference the xzr
 register

ARM64 lifting replaces references to the zero register with constant
zeroes. The zero register is not intended to appear in any lifted IL.

In the case of the `mrs` instruction, the destination being a zero
register means the system register is accessed only for a side-effect,
and is not stored anywhere. The lifting is updated to specify no output
registers for the intrinsic in that case.
---
 arch/arm64/il.cpp | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/il.cpp b/arch/arm64/il.cpp
index 2d3cb8bca4..22b45a9516 100644
--- a/arch/arm64/il.cpp
+++ b/arch/arm64/il.cpp
@@ -2803,8 +2803,13 @@ bool GetLowLevelILForInstruction(
 				operand2.implspec[3], operand2.implspec[4]);
 		}
 
-		il.AddInstruction(
-		    il.Intrinsic({RegisterOrFlag::Register(REG_O(operand1))}, ARM64_INTRIN_MRS, {il.Const(4, reg)}));
+		if (IS_ZERO_REG(REG_O(operand1))) {
+			il.AddInstruction(
+			    il.Intrinsic({}, ARM64_INTRIN_MRS, {il.Const(4, reg)}));
+		} else {
+			il.AddInstruction(
+			    il.Intrinsic({RegisterOrFlag::Register(REG_O(operand1))}, ARM64_INTRIN_MRS, {il.Const(4, reg)}));
+		}
 		break;
 	}
 	case ARM64_MSUB: