Big amount of false positives (x64 aaa hasnext=true)

[chf0x]

Work environment

Questions	Answers
OS/arch/bits (mandatory)	Gentoo x86-64, Gentoo x64
File format of the file you reverse (mandatory)	ELF
Architecture/bits of the file (mandatory)	x86-64
rizin -v full output, not truncated (mandatory)	rizin 0.8.0 @ linux-x86-64
commit: afab991

Expected behavior

aaa should be able to provide more precise functions detection

Actual behavior

When analyzing the attached binary, I observe a high number of false positives when hasnext=true, with 3440 functions detected. With hasnext disabled, the number drops to 1904.

When the same binary is analyzed with symbols, as expected, the detection aligns more closely with the proper amount, yielding 2,992 functions. Ghidra find around 3k functions on a binary without symbols.
tesbin.zip

Steps to reproduce the behavior

rizin bigboy2_nosymb
e analysis.hasnext=true
aaa
aflc

Additional Logs, screenshots, source code, configuration dump, ...

I added another archive containing a binary with approximately 12035 functions. However, aaa detects 15415 functions, while Ghidra (with decompiler switch analysis disabled) detects 12154.
tesbin1.zip

[notxvilka]

@chf0x could you please extend the issue with providing specific examples - ones that are definitely false positives, compared to Ghidra or other RE software? It will save us a lot of time.

[chf0x]

Sure! Will have a look when have a bit more time. There is binary with symbols available, need to just go trough each symbol and check (objdump -dlS bin | grep ">:" would be sufficient, but it will not include external funcs )