dewolf icon indicating copy to clipboard operation
dewolf copied to clipboard

Published 20 hours ago verified publisher icon fkie-cad

[Array Access Detection] Array access not detected properly

Open fnhartmann opened this issue 11 months ago • 0 comments

Proposal

See the following example: example.zip

Dewolf is currently creating the following code:

int main(int argc, char ** argv, char ** envp) {
    unsigned long var_1;
    long i;
    long var_0;
    __builtin_strcpy(/* dest */ &var_0, /* src */ "This is an example.");
    var_1 = strlen(&var_0);
    for (i = 0L; i < var_1; i++) {
        if ((int)*(&var_0 + i) != 32) {
            *(&var_0 + i) = *(&var_0 + i) ^ ' ';
        }
        printf(/* format */ "%c", (unsigned int)(int)*(&var_0 + i));
    }
    return 0;
}

(The ouput is generated with deactivated CSE. See #398 for more information.)

It seems like the Array Access Detection is not detecting the array here. Dewolf should recognize this and provide code that looks more like the source code in terms of array access, like the following:

        for (size_t i = 0; i < length; i++) {
                if (str[i] != 0x20)
                        str[i] = str[i] ^ 0x20;
                printf("%c", str[i]);
        }

Used Binary Ninja version: 3.5.4526

Approach

Analyze and debug why Array Access Detection is not working properly here. Adjust the stage depending on the result.

fnhartmann avatar Mar 14 '24 11:03 fnhartmann