Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Analysis reverts function back to pure after changing the function type #6428

Open
VisualEhrmanntraut opened this issue Feb 17, 2025 · 12 comments
Open

Analysis reverts function back to pure after changing the function type #6428

VisualEhrmanntraut opened this issue Feb 17, 2025 · 12 comments
Assignees
@xusheng6
Labels
Component: Core Issue needs changes to the core Effort: Low Issue should take < 1 week Impact: Medium Issue is impactful with a bad, or no, workaround

Comments

@VisualEhrmanntraut
Copy link
Contributor

Version and Platform (required):

  • Binary Ninja Version: 4.3.6874-dev
  • OS: macOS
  • OS Version: 15.3.1 (24D70)
  • CPU Architecture: M3

Bug Description:
If the purity of a function is changed to false, it will be reverted to true on analysis.

Steps To Reproduce:

  1. Find pure function
  2. Set to non-pure
  3. Reanalyse
  4. Observe

Expected Behavior:
It should keep the manual change.
@xusheng6
Copy link
Member

Thanks for the bug report! However, I am unable to reproduce this on files that I have locally, so I guess it might be something related to the specific file you are working with. Could you please provide us with the file so that we can look into it?

@xusheng6 xusheng6 added the State: Blocked (Customer) Issue is blocked on waiting for a response from a customer label Feb 18, 2025
@VisualEhrmanntraut
Copy link
Contributor Author

@xusheng6 It seems to rather be if I change the function type and not reanalysing

@VisualEhrmanntraut
Copy link
Contributor Author

Screen.Recording.2025-02-18.at.11.02.12.mov

@VisualEhrmanntraut
Copy link
Contributor Author

Might be because of this:

>>> demangle_generic(bv.arch, current_symbol.raw_name)[0].pure
BoolWithConfidence(value=False, confidence=0)

@xusheng6
Copy link
Member

I think what is happening here is that you set the type of the function, and the property whether a function is a pure function is part of the type, so in other words, you have changed it.

I see that the .pure of the function type is False, but it also has a confidence of 0. I am not sure whether that leads to the analysis to believe the user provided purity is to be ignored, thus auto-analysis took over and set it to True

@xusheng6 xusheng6 added State: Awaiting Triage Issue is waiting for more in-depth triage from a developer and removed State: Blocked (Customer) Issue is blocked on waiting for a response from a customer labels Feb 18, 2025
@VisualEhrmanntraut

This comment has been minimized.

Sign in to view
@VisualEhrmanntraut

This comment has been minimized.

Sign in to view
@VisualEhrmanntraut
Copy link
Contributor Author

There is still an issue to be fixed, setting the function type with the "Change Type" dialogue also causes that behaviour.

@xusheng6
Copy link
Member

@VisualEhrmanntraut can you DM me the file on slack so that we can look into it?

@VisualEhrmanntraut
Copy link
Contributor Author

Probably not but I will try making a minimal reproduction database for you

@VisualEhrmanntraut
Copy link
Contributor Author

I sent it. All you need to reproduce the issue is hit Y to change the function type, and then just hit enter. You will see the function goes back to being pure even though it was changed manually to not pure.

@xusheng6 xusheng6 self-assigned this Feb 25, 2025
@xusheng6
Copy link
Member

Simplified repro steps:

  1. Create a new binary data, paste 00058052c0035fd6 into it
  2. Create a function at 0x0, using the ios-aarch64 platform
  3. In the edit function property dialog, uncheck the box for pure
  4. Observe the function is not marked with pure
  5. Press Y to change the type, e.g., to bool sub_0
  6. Observe the function becomes pure again

@xusheng6 xusheng6 added Component: Core Issue needs changes to the core Effort: Low Issue should take < 1 week Impact: Medium Issue is impactful with a bad, or no, workaround and removed State: Awaiting Triage Issue is waiting for more in-depth triage from a developer labels Feb 25, 2025
@xusheng6 xusheng6 changed the title Analysis reverts function back to pure Analysis reverts function back to pure after changing the function type Feb 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@xusheng6 xusheng6

Labels
Component: Core Issue needs changes to the core Effort: Low Issue should take < 1 week Impact: Medium Issue is impactful with a bad, or no, workaround
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@VisualEhrmanntraut @xusheng6