Value zero sometimes incorrectly assumed for external symbols

[mickdermack]

Version and Platform (required):

• Binary Ninja Version: 5.4.9670-dev (d8035518)
• Edition: Commercial
• OS: Arch Linux
• OS Version: rolling release
• CPU Architecture: x64

Bug Description:
In the below rv32gc binary, the HLIL of the do_something function shows a call to *8 instead of *(*some_struct_ptr + 8). I assume this is because the lw to a5 at 00010046 is incorrectly assumed to load the value 0 rather than an unknown value.

I have also seen more problematic cases of this or a similar bug, which led to large parts of a function being optimized away because the function does an early return if some external symbol is zero.

This bug seems to happen regardless of the type of the external symbol.

I do not know if this bug happens on other architectures. I only tested rv32gc.

Steps To Reproduce:
Please provide all steps required to reproduce the behavior:

1. Open the binary in BN
2. Set the view to HLIL
3. Navigate to the do_something function at 0001005a
4. Observe that the HLIL shows a call to *8

Expected Behavior:
I expect BN to not assume the value 0 for external symbols.

Screenshots/Video Recording:

Binary:
omega regex transpiles magnificently

Additional Information: