search

uxmal / reko

Reko is a binary decompiler.
https://uxmal.github.io/reko
GNU General Public License v2.0
2.09k stars 250 forks source link

incomplete control flow recovery #1343

Open yangzao opened 2 months ago

yangzao commented 2 months ago

Description: When decompiling a program, Reko (0.11.6.0) doesn't recover the complete control flow. In the original code, the case 2 body is executed and "another local string" is eventually assigned to str. But in the decompiled code, case 2 body is not shown, and "local string" is assigned to str instead.

Original code:

switch(i_l){ // i_l equals to 2
        case 0:
            i_l = 15;
            break;
        case 1:
            s_l = 456;
            break;
        case 2:
            str_l = str_l_alt; // "another local string"
            break;
        default:
            l_l = 9876543;
            break;
        }
    }
...
str = str_l;

Decompiled code:

if (rdx_36 <= 0x02)  // corresponds to i_l
    {
        switch (rdx_36)
        {
        case 0x00:
            wLoc0A_110 = 0x01C8;
            break;
        }
    }
    else
        qwLoc20_111 = 0x0096B43F;
...

str = (char *) "local string";

Files: reko.zip The original code, compiled program and the decompiled code are included. The program is compiled by clang-12. Unfortunately I don't have the optimization options used to compile the program, but if you run it, it'll print out the string assigned to str ("another local string"), which is not presented in the decompiled code.