search

HexRaysSA / goomba

gooMBA is a Hex-Rays Decompiler plugin to simplify Mixed Boolean-Arithmetic (MBA) expressions
581 stars 46 forks source link

Fails to identify simple MBA and to optimize code #3

Closed pgarba closed 1 year ago

pgarba commented 1 year ago

Hi,

I tested goomba on a simple program and it seems to fail to detect MBAs within a compare and return.

*MBA: 2 (a2 & a1) + (a2 ^ a1) , (a1 + a2)**

Before:

__int64 __fastcall test(int a1, int a2) 
{
  if ( a2 + a1 == 2 * (a2 & a1) + (a2 ^ a1) )
    return (2 * (a2 & a1) + (a2 ^ a1));
  else
    return (3 * (2 * (a2 & a1) + (a2 ^ a1)));
}

After goomba:

__int64 __fastcall test(int a1, int a2)
{
  if ( a2 + a1 == 2 * (a2 & a1) + (a2 ^ a1) ) // Failed to detect MBA here
    return (2 * (a2 & a1) + (a2 ^ a1));   // Failed to detect this MBA
  else
    return (3 * a2 + 3 * a1); // This MBA got simplified
}

Expected result after goomba:

__int64 __fastcall test(int a1, int a2)
{
  if ( a2 + a1 == a2 + a1 )
    return (a1 + a2)
  else
    return (3 * (a1 + a2)); 
}
0xeb commented 1 year ago

Do you think you can attach a sample binary so the author can test with?

pgarba commented 1 year ago

https://github.com/pgarba/Saturn_Results/blob/master/op1/op1.exe