search

angr / angr

A powerful and user-friendly binary analysis platform!
http://angr.io
BSD 2-Clause "Simplified" License
7.52k stars 1.08k forks source link

Decompiler missing stack stores #3274

Open bjorn3 opened 2 years ago

bjorn3 commented 2 years ago

Describe the bug.

Try decompiling

once_cell::imp::OnceCell$LT$T$GT$::initialize::h5c512b3d358b6843:
sub rsp, 0x38
mov qword ptr [rsp+0x10] {s_20}, rsi
lea rax, [rdi+0x8]
mov qword ptr [rsp+0x18] {s_18}, rax
lea rax, [rsp+0x10] {s_20}
mov qword ptr [rsp+0x20] {s_10}, rax
lea rax, [rsp+0x18] {s_18}
mov qword ptr [rsp+0x28] {s_8}, rax
lea rax, [rsp+0x8] {s_28}
mov qword ptr [rsp+0x30] {s_0}, rax
lea rdx, [anon.???]
lea rsi, [rsp+0x20] {s_10}
call once_cell::imp::initialize_inner
add rsp, 0x38
ret

where once_cell::imp::initialize_inner is defined in an external library that isn't loaded. The decompiler gives:

int initialize::h5c512b3d358b6843(unsigned long a0, long long a1)
{
    unsigned long v0;  // [bp-0x20]
    unsigned long v1;  // [bp-0x18]
    unsigned long v2;  // [bp-0x10]
    unsigned long v3;  // [bp-0x8]

    v0 = rdi<8> + 8;
    v1 = &stack_base-40;
    v2 = &stack_base-32;
    v3 = &stack_base-48;
    return once_cell::imp::initialize_inner::hf304e1a71a909a36();
}

which never assigns any value to the stack slot behind &stack_base-40, &stack_base-32 and &stack_base-48. Decompiling it by hand gave

once_cell::imp::OnceCell$LT$T$GT$::initialize::h5c512b3d358b6843(rdi {&self}, rsi {arg_f}):
rsp -= 0x38
[rsp+0x10] {s_20/local_f} = rsi {arg_f}
[rsp+0x18] {s_18/closure_env.slot} = &[rdi+0x8] {self.value}
[rsp+0x20] {s_10/closure_env.f} = &[rsp+0x10] {s_20/local_f}
[rsp+0x28] {s_8/closure_env.value} = &[rsp+0x18] {s_18/&self.value}
[rsp+0x30] {s_0/closure_env.res} = &[rsp+0x8] {s_28}
rdx = &[anon.???] {closure_vtable}
rsi = &[rsp+0x20] {s_10/closure_env} ; closure env
call once_cell::imp::initialize_inner(rdi {&self.state_and_queue}, rsi {&closure_env}, rdx {closure_vtable})
add rsp, 0x38
ret

which has several stack stores.

Environment Information.

Angr management downloaded from https://github.com/angr/angr-management/releases/tag/nightly-20220401.1

To Reproduce.

  1. Load cg_clif.zip.
  2. Try to decompile once_cell::imp::OnceCell$LT$T$GT$::initialize::h5c512b3d358b6843.

Additional context.

once_cell::imp::initialize_inner doesn't have it's arguments analyzed due to being from an external library which I didn't load. Still I would expect either the stack stores to be shown or the statements like v1 = &stack_base-40; to be missing entirely.

github-actions[bot] commented 2 years ago

This issue has been marked as stale because it has no recent activity. Please comment or add the pinned tag to prevent this issue from being closed.