defaultarch: handle caller-set return addresses when inlining calls

[appleflyerv3]

detect registers that are set to the caller's next addr before a call is inlined, and therefore treat the jumps to those regs in the callee IL as returns to the call label.

[CLAassistant]

All committers have signed the CLA.

[appleflyerv3]

This fix allows Binary Ninja to recognize during function inlining when an inlined function returns by jumping to a register that was set to the caller’s fallthrough address. (lifted via LLIL_JUMP)

For example, this is used by RISC-V LLVM outlined functions such as jal t0, OUTLINED_FUNCTION_*, followed by jr t0 within OUTLINED_FUNCTION_*, where jr t0 is lifted as LLIL_JUMP(t0).
For binaries using this pattern, this allows OUTLINED_FUNCTION_* helpers, which are typically used as stack prologue/epilogue helpers, to be inlined correctly so the caller’s stack state is recovered.

Example:

sub_function:
    jal t0, OUTLINED_FUNCTION_1
    ...
    jal t0, OUTLINED_FUNCTION_2

OUTLINED_FUNCTION_1:
    addi sp, sp, -0x10
    sw   ra, 0xc(sp)
    sw   s0, 0x8(sp)
    sw   s1, 0x4(sp)
    sw   s2, 0x0(sp)
    jr   t0

OUTLINED_FUNCTION_2:
    lw   ra, 0xc(sp)
    lw   s0, 0x8(sp)
    lw   s1, 0x4(sp)
    lw   s2, 0x0(sp)
    addi sp, sp, 0x10
    jr   t0

[zznop]

I have reviewed/tested this PR and added the following commits to the test_pr_8246 branch:

• This commit avoids treating LLIL_JUMP(reg) as an inline return when the inlined calllee clobbers that register before returning and also adds support for the tailcalls
• This commit fixes lifting of the RISC-V jal instruction to set the return register when jal is using something other than ra (the link register).

[plafosse]

this is a misnomer

[appleflyerv3]

the function name?
what would be a more suitable name for this, then?

[plafosse]

IsConstantValue perhaps

[zznop]

I changed the function name to ConstantCompare since it's not only checking that the expression is a constant, it's also checking if it is equal to value

10e6eb0