Unrecovered Switch Statement #7594
Description
Version and Platform (required):
- Binary Ninja Version: 5.1.8104 stable and 5.2.8587 dev
- Edition: Commercial
- OS: MacOS
- OS Version: 26.01
- CPU Architecture: M2
Bug Description:
There's a specific switch table format that I've been seeing in a couple of binaries that I'm reverse engineering. It looks like:
int value;
if (value > 10) { goto base_case; }
else {
goto table[-value];
}The jump table is being indexed from the end of the table rather than the beginning of the table. Binary Ninja is not picking up on this and fails to decompile to a switch statement.
I have included a minimal binary that reproduces the problem. My example binary doesn't show any error of failure to reconstruct control flow like I was seeing in the example binary but still fails to get the control flow correct.
Steps To Reproduce:
Load example binary in Binary Ninja and decompile function func.
Expected Behavior:
I expected a switch statement to be present in the decompilation.
Screenshots/Video Recording:
This is the failure case. The lookup into table should be a switch control flow block.
Manually setting the set of values arg1 can have leads to correct decompilation.
Binary: